From 3a9cb99bd0a9f0c468f60fd85e6cfedc32c91fdb Mon Sep 17 00:00:00 2001 From: Cordt Date: Wed, 15 Oct 2025 09:15:33 -0600 Subject: [PATCH 01/26] add whole sdk docs unedited --- copy-of-sdk-docs/learn/advanced/00-baseapp.md | 547 ++++++++++++++++ .../learn/advanced/01-transactions.md | 229 +++++++ copy-of-sdk-docs/learn/advanced/02-context.md | 103 +++ copy-of-sdk-docs/learn/advanced/03-node.md | 96 +++ copy-of-sdk-docs/learn/advanced/04-store.md | 288 +++++++++ .../learn/advanced/05-encoding.md | 285 +++++++++ .../learn/advanced/06-grpc_rest.md | 105 +++ copy-of-sdk-docs/learn/advanced/07-cli.md | 211 ++++++ copy-of-sdk-docs/learn/advanced/08-events.md | 159 +++++ .../learn/advanced/09-telemetry.md | 128 ++++ copy-of-sdk-docs/learn/advanced/10-ocap.md | 76 +++ .../learn/advanced/11-runtx_middleware.md | 67 ++ .../learn/advanced/12-simulation.md | 94 +++ .../learn/advanced/13-proto-docs.md | 7 + copy-of-sdk-docs/learn/advanced/15-upgrade.md | 162 +++++ copy-of-sdk-docs/learn/advanced/16-config.md | 24 + copy-of-sdk-docs/learn/advanced/17-autocli.md | 258 ++++++++ .../learn/advanced/_category_.json | 5 + .../advanced/baseapp_state-begin_block.png | Bin 0 -> 20565 bytes .../learn/advanced/baseapp_state-checktx.png | Bin 0 -> 82308 bytes .../learn/advanced/baseapp_state-commit.png | Bin 0 -> 47662 bytes .../advanced/baseapp_state-deliver_tx.png | Bin 0 -> 59007 bytes .../advanced/baseapp_state-initchain.png | Bin 0 -> 243455 bytes .../baseapp_state-prepareproposal.png | Bin 0 -> 274049 bytes .../baseapp_state-processproposal.png | Bin 0 -> 248588 bytes .../learn/advanced/baseapp_state.png | Bin 0 -> 338941 bytes .../learn/advanced/blockprocessing-1.png | Bin 0 -> 453261 bytes .../learn/advanced/blockprocessing.excalidraw | Bin 0 -> 46151 bytes .../learn/beginner/00-app-anatomy.md | 279 ++++++++ .../learn/beginner/01-tx-lifecycle.md | 284 +++++++++ .../learn/beginner/02-query-lifecycle.md | 147 +++++ .../learn/beginner/03-accounts.md | 281 ++++++++ .../learn/beginner/04-gas-fees.md | 101 +++ .../learn/beginner/_category_.json | 5 + copy-of-sdk-docs/learn/intro/00-overview.md | 43 ++ .../learn/intro/01-why-app-specific.md | 79 +++ .../learn/intro/02-sdk-app-architecture.md | 93 +++ copy-of-sdk-docs/learn/intro/03-sdk-design.md | 64 ++ .../learn/intro/Maincomps.excalidraw | 603 ++++++++++++++++++ copy-of-sdk-docs/learn/intro/_category_.json | 5 + .../learn/intro/main-components.png | Bin 0 -> 61439 bytes copy-of-sdk-docs/learn/learn.md | 11 + copy-of-sdk-docs/tutorials/_category_.json | 5 + .../transactions/00-building-a-transaction.md | 190 ++++++ .../tutorials/transactions/_category_.json | 5 + copy-of-sdk-docs/tutorials/tutorials.md | 12 + .../tutorials/vote-extensions/_category_.json | 5 + .../00-getting-started.md | 40 ++ .../01-understanding-frontrunning.md | 41 ++ ...ting-front-running-with-vote-extensions.md | 331 ++++++++++ ...-front-running-with-vote-extensions.md.bak | 331 ++++++++++ ...ating-front-running-with-vote-extesions.md | 331 ++++++++++ ...g-front-running-with-vote-extesions.md.bak | 331 ++++++++++ .../03-demo-of-mitigating-front-running.md | 106 +++ ...03-demo-of-mitigating-front-running.md.bak | 106 +++ .../auction-frontrunning/_category_.json | 5 + .../oracle/00-getting-started.md | 36 ++ .../oracle/01-what-is-an-oracle.md | 13 + .../oracle/02-implementing-vote-extensions.md | 219 +++++++ .../oracle/03-testing-oracle.md | 57 ++ .../vote-extensions/oracle/_category_.json | 5 + copy-of-sdk-docs/user/run-node/00-keyring.md | 145 +++++ copy-of-sdk-docs/user/run-node/01-run-node.md | 218 +++++++ .../user/run-node/02-interact-node.md | 289 +++++++++ copy-of-sdk-docs/user/run-node/03-txs.md | 429 +++++++++++++ copy-of-sdk-docs/user/run-node/04-rosetta.md | 144 +++++ .../user/run-node/05-run-testnet.md | 101 +++ .../user/run-node/06-run-production.md | 269 ++++++++ .../user/run-node/_category_.json | 5 + copy-of-sdk-docs/user/user.md | 10 + .../version-0.47/learn/_category_.json | 5 + .../version-0.47/learn/advanced/00-baseapp.md | 509 +++++++++++++++ .../learn/advanced/01-transactions.md | 197 ++++++ .../version-0.47/learn/advanced/02-context.md | 102 +++ .../version-0.47/learn/advanced/03-node.md | 98 +++ .../version-0.47/learn/advanced/04-store.md | 105 +++ .../learn/advanced/05-interblock-cache.md | 293 +++++++++ .../learn/advanced/06-encoding.md | 350 ++++++++++ .../version-0.47/learn/advanced/07-cli.md | 195 ++++++ .../version-0.47/learn/advanced/08-events.md | 168 +++++ .../learn/advanced/09-grpc_rest.md | 100 +++ .../version-0.47/learn/advanced/10-ocap.md | 77 +++ .../learn/advanced/11-telemetry.md | 128 ++++ .../learn/advanced/12-runtx_middleware.md | 67 ++ .../learn/advanced/13-simulation.md | 101 +++ .../learn/advanced/14-proto-docs.md | 7 + .../version-0.47/learn/advanced/16-upgrade.md | 162 +++++ .../version-0.47/learn/advanced/17-config.md | 24 + .../learn/advanced/_category_.json | 5 + .../advanced/baseapp_state-begin_block.png | Bin 0 -> 20565 bytes .../learn/advanced/baseapp_state-checktx.png | Bin 0 -> 82308 bytes .../learn/advanced/baseapp_state-commit.png | Bin 0 -> 47662 bytes .../advanced/baseapp_state-deliver_tx.png | Bin 0 -> 59007 bytes .../advanced/baseapp_state-initchain.png | Bin 0 -> 243455 bytes .../baseapp_state-prepareproposal.png | Bin 0 -> 274049 bytes .../baseapp_state-processproposal.png | Bin 0 -> 248588 bytes .../learn/advanced/baseapp_state.png | Bin 0 -> 338941 bytes .../learn/beginner/00-overview-app.md | 264 ++++++++ .../learn/beginner/01-tx-lifecycle.md | 264 ++++++++ .../learn/beginner/02-query-lifecycle.md | 150 +++++ .../learn/beginner/03-accounts.md | 282 ++++++++ .../learn/beginner/04-gas-fees.md | 100 +++ .../learn/beginner/_category_.json | 5 + .../version-0.47/learn/glossary.md | 57 ++ .../version-0.47/learn/intro/00-overview.md | 32 + .../learn/intro/01-why-app-specific.md | 80 +++ .../learn/intro/02-sdk-app-architecture.md | 94 +++ .../version-0.47/learn/intro/03-sdk-design.md | 96 +++ .../version-0.47/learn/intro/_category_.json | 5 + .../version-0.47/learn/learn.md | 11 + .../version-0.47/user/run-node/00-keyring.md | 134 ++++ .../version-0.47/user/run-node/01-run-node.md | 211 ++++++ .../user/run-node/02-interact-node.md | 289 +++++++++ .../version-0.47/user/run-node/03-txs.md | 387 +++++++++++ .../version-0.47/user/run-node/04-rosetta.md | 122 ++++ .../user/run-node/05-run-testnet.md | 101 +++ .../user/run-node/06-run-production.md | 269 ++++++++ .../user/run-node/07-multisig-guide.md | 108 ++++ .../user/run-node/_category_.json | 5 + .../version-0.47/user/user.md | 11 + .../version-0.47/validate/05-run-testnet.md | 101 +++ .../version-0.50/learn/advanced/00-baseapp.md | 547 ++++++++++++++++ .../learn/advanced/01-transactions.md | 206 ++++++ .../version-0.50/learn/advanced/02-context.md | 103 +++ .../version-0.50/learn/advanced/03-node.md | 96 +++ .../version-0.50/learn/advanced/04-store.md | 288 +++++++++ .../learn/advanced/05-encoding.md | 285 +++++++++ .../learn/advanced/06-grpc_rest.md | 105 +++ .../version-0.50/learn/advanced/07-cli.md | 211 ++++++ .../version-0.50/learn/advanced/08-events.md | 159 +++++ .../learn/advanced/09-telemetry.md | 128 ++++ .../version-0.50/learn/advanced/10-ocap.md | 76 +++ .../learn/advanced/11-runtx_middleware.md | 67 ++ .../learn/advanced/12-simulation.md | 101 +++ .../learn/advanced/13-proto-docs.md | 7 + .../version-0.50/learn/advanced/15-upgrade.md | 162 +++++ .../version-0.50/learn/advanced/16-config.md | 24 + .../version-0.50/learn/advanced/17-autocli.md | 215 +++++++ .../learn/advanced/_category_.json | 5 + .../advanced/baseapp_state-begin_block.png | Bin 0 -> 20565 bytes .../learn/advanced/baseapp_state-checktx.png | Bin 0 -> 82308 bytes .../learn/advanced/baseapp_state-commit.png | Bin 0 -> 47662 bytes .../advanced/baseapp_state-deliver_tx.png | Bin 0 -> 59007 bytes .../advanced/baseapp_state-initchain.png | Bin 0 -> 243455 bytes .../baseapp_state-prepareproposal.png | Bin 0 -> 274049 bytes .../baseapp_state-processproposal.png | Bin 0 -> 248588 bytes .../learn/advanced/baseapp_state.png | Bin 0 -> 338941 bytes .../learn/beginner/00-app-anatomy.md | 279 ++++++++ .../learn/beginner/01-tx-lifecycle.md | 268 ++++++++ .../learn/beginner/02-query-lifecycle.md | 147 +++++ .../learn/beginner/03-accounts.md | 281 ++++++++ .../learn/beginner/04-gas-fees.md | 101 +++ .../learn/beginner/_category_.json | 5 + .../version-0.50/learn/intro/00-overview.md | 43 ++ .../learn/intro/01-why-app-specific.md | 79 +++ .../learn/intro/02-sdk-app-architecture.md | 93 +++ .../version-0.50/learn/intro/03-sdk-design.md | 95 +++ .../version-0.50/learn/intro/_category_.json | 5 + .../version-0.50/learn/learn.md | 11 + .../version-0.50/tutorials/_category_.json | 5 + .../transactions/00-building-a-transaction.md | 190 ++++++ .../tutorials/transactions/_category_.json | 5 + .../version-0.50/tutorials/tutorials.md | 12 + .../tutorials/vote-extensions/_category_.json | 5 + .../00-getting-started.md | 40 ++ .../01-understanding-frontrunning.md | 41 ++ ...ting-front-running-with-vote-extensions.md | 331 ++++++++++ ...-front-running-with-vote-extensions.md.bak | 331 ++++++++++ ...ating-front-running-with-vote-extesions.md | 331 ++++++++++ ...g-front-running-with-vote-extesions.md.bak | 331 ++++++++++ .../03-demo-of-mitigating-front-running.md | 106 +++ ...03-demo-of-mitigating-front-running.md.bak | 106 +++ .../auction-frontrunning/_category_.json | 5 + .../oracle/00-getting-started.md | 36 ++ .../oracle/01-what-is-an-oracle.md | 13 + .../oracle/02-implementing-vote-extensions.md | 219 +++++++ .../oracle/03-testing-oracle.md | 57 ++ .../vote-extensions/oracle/_category_.json | 5 + .../version-0.50/user/run-node/00-keyring.md | 145 +++++ .../version-0.50/user/run-node/01-run-node.md | 218 +++++++ .../user/run-node/02-interact-node.md | 289 +++++++++ .../version-0.50/user/run-node/03-txs.md | 387 +++++++++++ .../version-0.50/user/run-node/04-rosetta.md | 144 +++++ .../user/run-node/05-run-testnet.md | 101 +++ .../user/run-node/06-run-production.md | 269 ++++++++ .../user/run-node/_category_.json | 5 + .../version-0.50/user/user.md | 10 + .../version-0.53/learn/advanced/00-baseapp.md | 547 ++++++++++++++++ .../learn/advanced/01-transactions.md | 229 +++++++ .../version-0.53/learn/advanced/02-context.md | 103 +++ .../version-0.53/learn/advanced/03-node.md | 96 +++ .../version-0.53/learn/advanced/04-store.md | 288 +++++++++ .../learn/advanced/05-encoding.md | 285 +++++++++ .../learn/advanced/06-grpc_rest.md | 105 +++ .../version-0.53/learn/advanced/07-cli.md | 211 ++++++ .../version-0.53/learn/advanced/08-events.md | 159 +++++ .../learn/advanced/09-telemetry.md | 128 ++++ .../version-0.53/learn/advanced/10-ocap.md | 76 +++ .../learn/advanced/11-runtx_middleware.md | 67 ++ .../learn/advanced/12-simulation.md | 94 +++ .../learn/advanced/13-proto-docs.md | 7 + .../version-0.53/learn/advanced/15-upgrade.md | 162 +++++ .../version-0.53/learn/advanced/16-config.md | 24 + .../version-0.53/learn/advanced/17-autocli.md | 262 ++++++++ .../learn/advanced/_category_.json | 5 + .../advanced/baseapp_state-begin_block.png | Bin 0 -> 20565 bytes .../learn/advanced/baseapp_state-checktx.png | Bin 0 -> 82308 bytes .../learn/advanced/baseapp_state-commit.png | Bin 0 -> 47662 bytes .../advanced/baseapp_state-deliver_tx.png | Bin 0 -> 59007 bytes .../advanced/baseapp_state-initchain.png | Bin 0 -> 243455 bytes .../baseapp_state-prepareproposal.png | Bin 0 -> 274049 bytes .../baseapp_state-processproposal.png | Bin 0 -> 248588 bytes .../learn/advanced/baseapp_state.png | Bin 0 -> 338941 bytes .../learn/beginner/00-app-anatomy.md | 279 ++++++++ .../learn/beginner/01-tx-lifecycle.md | 284 +++++++++ .../learn/beginner/02-query-lifecycle.md | 147 +++++ .../learn/beginner/03-accounts.md | 281 ++++++++ .../learn/beginner/04-gas-fees.md | 101 +++ .../learn/beginner/_category_.json | 5 + .../version-0.53/learn/intro/00-overview.md | 43 ++ .../learn/intro/01-why-app-specific.md | 79 +++ .../learn/intro/02-sdk-app-architecture.md | 93 +++ .../version-0.53/learn/intro/03-sdk-design.md | 64 ++ .../version-0.53/learn/intro/_category_.json | 5 + .../version-0.53/learn/learn.md | 11 + .../version-0.53/tutorials/_category_.json | 5 + .../transactions/00-building-a-transaction.md | 190 ++++++ .../tutorials/transactions/_category_.json | 5 + .../version-0.53/tutorials/tutorials.md | 12 + .../tutorials/vote-extensions/_category_.json | 5 + .../00-getting-started.md | 40 ++ .../01-understanding-frontrunning.md | 41 ++ ...ting-front-running-with-vote-extensions.md | 331 ++++++++++ ...-front-running-with-vote-extensions.md.bak | 331 ++++++++++ ...ating-front-running-with-vote-extesions.md | 331 ++++++++++ ...g-front-running-with-vote-extesions.md.bak | 331 ++++++++++ .../03-demo-of-mitigating-front-running.md | 106 +++ ...03-demo-of-mitigating-front-running.md.bak | 106 +++ .../auction-frontrunning/_category_.json | 5 + .../oracle/00-getting-started.md | 36 ++ .../oracle/01-what-is-an-oracle.md | 13 + .../oracle/02-implementing-vote-extensions.md | 219 +++++++ .../oracle/03-testing-oracle.md | 57 ++ .../vote-extensions/oracle/_category_.json | 5 + .../version-0.53/user/run-node/00-keyring.md | 145 +++++ .../version-0.53/user/run-node/01-run-node.md | 218 +++++++ .../user/run-node/02-interact-node.md | 289 +++++++++ .../version-0.53/user/run-node/03-txs.md | 429 +++++++++++++ .../user/run-node/05-run-testnet.md | 101 +++ .../user/run-node/06-run-production.md | 269 ++++++++ .../user/run-node/_category_.json | 5 + .../version-0.53/user/user.md | 10 + 252 files changed, 30293 insertions(+) create mode 100644 copy-of-sdk-docs/learn/advanced/00-baseapp.md create mode 100644 copy-of-sdk-docs/learn/advanced/01-transactions.md create mode 100644 copy-of-sdk-docs/learn/advanced/02-context.md create mode 100644 copy-of-sdk-docs/learn/advanced/03-node.md create mode 100644 copy-of-sdk-docs/learn/advanced/04-store.md create mode 100644 copy-of-sdk-docs/learn/advanced/05-encoding.md create mode 100644 copy-of-sdk-docs/learn/advanced/06-grpc_rest.md create mode 100644 copy-of-sdk-docs/learn/advanced/07-cli.md create mode 100644 copy-of-sdk-docs/learn/advanced/08-events.md create mode 100644 copy-of-sdk-docs/learn/advanced/09-telemetry.md create mode 100644 copy-of-sdk-docs/learn/advanced/10-ocap.md create mode 100644 copy-of-sdk-docs/learn/advanced/11-runtx_middleware.md create mode 100644 copy-of-sdk-docs/learn/advanced/12-simulation.md create mode 100644 copy-of-sdk-docs/learn/advanced/13-proto-docs.md create mode 100644 copy-of-sdk-docs/learn/advanced/15-upgrade.md create mode 100644 copy-of-sdk-docs/learn/advanced/16-config.md create mode 100644 copy-of-sdk-docs/learn/advanced/17-autocli.md create mode 100644 copy-of-sdk-docs/learn/advanced/_category_.json create mode 100644 copy-of-sdk-docs/learn/advanced/baseapp_state-begin_block.png create mode 100644 copy-of-sdk-docs/learn/advanced/baseapp_state-checktx.png create mode 100644 copy-of-sdk-docs/learn/advanced/baseapp_state-commit.png create mode 100644 copy-of-sdk-docs/learn/advanced/baseapp_state-deliver_tx.png create mode 100644 copy-of-sdk-docs/learn/advanced/baseapp_state-initchain.png create mode 100644 copy-of-sdk-docs/learn/advanced/baseapp_state-prepareproposal.png create mode 100644 copy-of-sdk-docs/learn/advanced/baseapp_state-processproposal.png create mode 100644 copy-of-sdk-docs/learn/advanced/baseapp_state.png create mode 100644 copy-of-sdk-docs/learn/advanced/blockprocessing-1.png create mode 100644 copy-of-sdk-docs/learn/advanced/blockprocessing.excalidraw create mode 100644 copy-of-sdk-docs/learn/beginner/00-app-anatomy.md create mode 100644 copy-of-sdk-docs/learn/beginner/01-tx-lifecycle.md create mode 100644 copy-of-sdk-docs/learn/beginner/02-query-lifecycle.md create mode 100644 copy-of-sdk-docs/learn/beginner/03-accounts.md create mode 100644 copy-of-sdk-docs/learn/beginner/04-gas-fees.md create mode 100644 copy-of-sdk-docs/learn/beginner/_category_.json create mode 100644 copy-of-sdk-docs/learn/intro/00-overview.md create mode 100644 copy-of-sdk-docs/learn/intro/01-why-app-specific.md create mode 100644 copy-of-sdk-docs/learn/intro/02-sdk-app-architecture.md create mode 100644 copy-of-sdk-docs/learn/intro/03-sdk-design.md create mode 100644 copy-of-sdk-docs/learn/intro/Maincomps.excalidraw create mode 100644 copy-of-sdk-docs/learn/intro/_category_.json create mode 100644 copy-of-sdk-docs/learn/intro/main-components.png create mode 100644 copy-of-sdk-docs/learn/learn.md create mode 100644 copy-of-sdk-docs/tutorials/_category_.json create mode 100644 copy-of-sdk-docs/tutorials/transactions/00-building-a-transaction.md create mode 100644 copy-of-sdk-docs/tutorials/transactions/_category_.json create mode 100644 copy-of-sdk-docs/tutorials/tutorials.md create mode 100644 copy-of-sdk-docs/tutorials/vote-extensions/_category_.json create mode 100644 copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/00-getting-started.md create mode 100644 copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/01-understanding-frontrunning.md create mode 100644 copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md create mode 100644 copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md.bak create mode 100644 copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md create mode 100644 copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md.bak create mode 100644 copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md create mode 100644 copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md.bak create mode 100644 copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/_category_.json create mode 100644 copy-of-sdk-docs/tutorials/vote-extensions/oracle/00-getting-started.md create mode 100644 copy-of-sdk-docs/tutorials/vote-extensions/oracle/01-what-is-an-oracle.md create mode 100644 copy-of-sdk-docs/tutorials/vote-extensions/oracle/02-implementing-vote-extensions.md create mode 100644 copy-of-sdk-docs/tutorials/vote-extensions/oracle/03-testing-oracle.md create mode 100644 copy-of-sdk-docs/tutorials/vote-extensions/oracle/_category_.json create mode 100644 copy-of-sdk-docs/user/run-node/00-keyring.md create mode 100644 copy-of-sdk-docs/user/run-node/01-run-node.md create mode 100644 copy-of-sdk-docs/user/run-node/02-interact-node.md create mode 100644 copy-of-sdk-docs/user/run-node/03-txs.md create mode 100644 copy-of-sdk-docs/user/run-node/04-rosetta.md create mode 100644 copy-of-sdk-docs/user/run-node/05-run-testnet.md create mode 100644 copy-of-sdk-docs/user/run-node/06-run-production.md create mode 100644 copy-of-sdk-docs/user/run-node/_category_.json create mode 100644 copy-of-sdk-docs/user/user.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/00-baseapp.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/01-transactions.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/02-context.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/03-node.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/04-store.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/05-interblock-cache.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/06-encoding.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/07-cli.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/08-events.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/09-grpc_rest.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/10-ocap.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/11-telemetry.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/12-runtx_middleware.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/13-simulation.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/14-proto-docs.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/16-upgrade.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/17-config.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/baseapp_state-begin_block.png create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/baseapp_state-checktx.png create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/baseapp_state-commit.png create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/baseapp_state-deliver_tx.png create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/baseapp_state-initchain.png create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/baseapp_state-prepareproposal.png create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/baseapp_state-processproposal.png create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/advanced/baseapp_state.png create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/beginner/00-overview-app.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/beginner/01-tx-lifecycle.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/beginner/02-query-lifecycle.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/beginner/03-accounts.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/beginner/04-gas-fees.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/beginner/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/glossary.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/intro/00-overview.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/intro/01-why-app-specific.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/intro/02-sdk-app-architecture.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/intro/03-sdk-design.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/intro/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.47/learn/learn.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/user/run-node/00-keyring.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/user/run-node/01-run-node.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/user/run-node/02-interact-node.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/user/run-node/03-txs.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/user/run-node/04-rosetta.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/user/run-node/05-run-testnet.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/user/run-node/06-run-production.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/user/run-node/07-multisig-guide.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/user/run-node/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.47/user/user.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/validate/05-run-testnet.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/00-baseapp.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/01-transactions.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/02-context.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/03-node.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/04-store.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/05-encoding.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/06-grpc_rest.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/07-cli.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/08-events.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/09-telemetry.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/10-ocap.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/11-runtx_middleware.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/12-simulation.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/13-proto-docs.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/15-upgrade.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/16-config.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/17-autocli.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/baseapp_state-begin_block.png create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/baseapp_state-checktx.png create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/baseapp_state-commit.png create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/baseapp_state-deliver_tx.png create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/baseapp_state-initchain.png create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/baseapp_state-prepareproposal.png create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/baseapp_state-processproposal.png create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/advanced/baseapp_state.png create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/beginner/00-app-anatomy.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/beginner/01-tx-lifecycle.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/beginner/02-query-lifecycle.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/beginner/03-accounts.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/beginner/04-gas-fees.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/beginner/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/intro/00-overview.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/intro/01-why-app-specific.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/intro/02-sdk-app-architecture.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/intro/03-sdk-design.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/intro/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.50/learn/learn.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/tutorials/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.50/tutorials/transactions/00-building-a-transaction.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/tutorials/transactions/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.50/tutorials/tutorials.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/00-getting-started.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/01-understanding-frontrunning.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md.bak create mode 100644 copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md.bak create mode 100644 copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md.bak create mode 100644 copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/oracle/00-getting-started.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/oracle/01-what-is-an-oracle.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/oracle/02-implementing-vote-extensions.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/oracle/03-testing-oracle.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/oracle/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.50/user/run-node/00-keyring.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/user/run-node/01-run-node.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/user/run-node/02-interact-node.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/user/run-node/03-txs.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/user/run-node/04-rosetta.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/user/run-node/05-run-testnet.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/user/run-node/06-run-production.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/user/run-node/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.50/user/user.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/00-baseapp.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/01-transactions.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/02-context.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/03-node.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/04-store.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/05-encoding.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/06-grpc_rest.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/07-cli.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/08-events.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/09-telemetry.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/10-ocap.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/11-runtx_middleware.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/12-simulation.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/13-proto-docs.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/15-upgrade.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/16-config.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/17-autocli.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/baseapp_state-begin_block.png create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/baseapp_state-checktx.png create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/baseapp_state-commit.png create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/baseapp_state-deliver_tx.png create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/baseapp_state-initchain.png create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/baseapp_state-prepareproposal.png create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/baseapp_state-processproposal.png create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/advanced/baseapp_state.png create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/beginner/00-app-anatomy.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/beginner/01-tx-lifecycle.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/beginner/02-query-lifecycle.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/beginner/03-accounts.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/beginner/04-gas-fees.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/beginner/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/intro/00-overview.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/intro/01-why-app-specific.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/intro/02-sdk-app-architecture.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/intro/03-sdk-design.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/intro/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.53/learn/learn.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/tutorials/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.53/tutorials/transactions/00-building-a-transaction.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/tutorials/transactions/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.53/tutorials/tutorials.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/00-getting-started.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/01-understanding-frontrunning.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md.bak create mode 100644 copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md.bak create mode 100644 copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md.bak create mode 100644 copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/oracle/00-getting-started.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/oracle/01-what-is-an-oracle.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/oracle/02-implementing-vote-extensions.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/oracle/03-testing-oracle.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/oracle/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.53/user/run-node/00-keyring.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/user/run-node/01-run-node.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/user/run-node/02-interact-node.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/user/run-node/03-txs.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/user/run-node/05-run-testnet.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/user/run-node/06-run-production.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/user/run-node/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.53/user/user.md diff --git a/copy-of-sdk-docs/learn/advanced/00-baseapp.md b/copy-of-sdk-docs/learn/advanced/00-baseapp.md new file mode 100644 index 00000000..b24a570d --- /dev/null +++ b/copy-of-sdk-docs/learn/advanced/00-baseapp.md @@ -0,0 +1,547 @@ +--- +sidebar_position: 1 +--- + +# BaseApp + +:::note Synopsis +This document describes `BaseApp`, the abstraction that implements the core functionalities of a Cosmos SDK application. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK application](../beginner/00-app-anatomy.md) +* [Lifecycle of a Cosmos SDK transaction](../beginner/01-tx-lifecycle.md) + +::: + +## Introduction + +`BaseApp` is a base type that implements the core of a Cosmos SDK application, namely: + +* The [Application Blockchain Interface](#main-abci-messages), for the state-machine to communicate with the underlying consensus engine (e.g. CometBFT). +* [Service Routers](#service-routers), to route messages and queries to the appropriate module. +* Different [states](#state-updates), as the state-machine can have different volatile states updated based on the ABCI message received. + +The goal of `BaseApp` is to provide the fundamental layer of a Cosmos SDK application +that developers can easily extend to build their own custom application. Usually, +developers will create a custom type for their application, like so: + +```go +type App struct { + // reference to a BaseApp + *baseapp.BaseApp + + // list of application store keys + + // list of application keepers + + // module manager +} +``` + +Extending the application with `BaseApp` gives the former access to all of `BaseApp`'s methods. +This allows developers to compose their custom application with the modules they want, while not +having to concern themselves with the hard work of implementing the ABCI, the service routers and state +management logic. + +## Type Definition + +The `BaseApp` type holds many important parameters for any Cosmos SDK based application. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/baseapp.go#L64-L201 +``` + +Let us go through the most important components. + +> **Note**: Not all parameters are described, only the most important ones. Refer to the +> type definition for the full list. + +First, the important parameters that are initialized during the bootstrapping of the application: + +* [`CommitMultiStore`](./04-store.md#commitmultistore): This is the main store of the application, + which holds the canonical state that is committed at the [end of each block](#commit). This store + is **not** cached, meaning it is not used to update the application's volatile (un-committed) states. + The `CommitMultiStore` is a multi-store, meaning a store of stores. Each module of the application + uses one or multiple `KVStores` in the multi-store to persist their subset of the state. +* Database: The `db` is used by the `CommitMultiStore` to handle data persistence. +* [`Msg` Service Router](#msg-service-router): The `msgServiceRouter` facilitates the routing of `sdk.Msg` requests to the appropriate + module `Msg` service for processing. Here a `sdk.Msg` refers to the transaction component that needs to be + processed by a service in order to update the application state, and not to ABCI message which implements + the interface between the application and the underlying consensus engine. +* [gRPC Query Router](#grpc-query-router): The `grpcQueryRouter` facilitates the routing of gRPC queries to the + appropriate module for it to be processed. These queries are not ABCI messages themselves, but they + are relayed to the relevant module's gRPC `Query` service. +* [`TxDecoder`](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/types#TxDecoder): It is used to decode + raw transaction bytes relayed by the underlying CometBFT engine. +* [`AnteHandler`](#antehandler): This handler is used to handle signature verification, fee payment, + and other pre-message execution checks when a transaction is received. It's executed during + [`CheckTx/RecheckTx`](#checktx) and [`FinalizeBlock`](#finalizeblock). +* [`InitChainer`](../beginner/00-app-anatomy.md#initchainer), [`PreBlocker`](../beginner/00-app-anatomy.md#preblocker), [`BeginBlocker` and `EndBlocker`](../beginner/00-app-anatomy.md#beginblocker-and-endblocker): These are + the functions executed when the application receives the `InitChain` and `FinalizeBlock` + ABCI messages from the underlying CometBFT engine. + +Then, parameters used to define [volatile states](#state-updates) (i.e. cached states): + +* `checkState`: This state is updated during [`CheckTx`](#checktx), and reset on [`Commit`](#commit). +* `finalizeBlockState`: This state is updated during [`FinalizeBlock`](#finalizeblock), and set to `nil` on + [`Commit`](#commit) and gets re-initialized on `FinalizeBlock`. +* `processProposalState`: This state is updated during [`ProcessProposal`](#process-proposal). +* `prepareProposalState`: This state is updated during [`PrepareProposal`](#prepare-proposal). + +Finally, a few more important parameters: + +* `voteInfos`: This parameter carries the list of validators whose precommit is missing, either + because they did not vote or because the proposer did not include their vote. This information is + carried by the [Context](./02-context.md) and can be used by the application for various things like + punishing absent validators. +* `minGasPrices`: This parameter defines the minimum gas prices accepted by the node. This is a + **local** parameter, meaning each full-node can set a different `minGasPrices`. It is used in the + `AnteHandler` during [`CheckTx`](#checktx), mainly as a spam protection mechanism. The transaction + enters the [mempool](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#mempool-methods) + only if the gas prices of the transaction are greater than one of the minimum gas price in + `minGasPrices` (e.g. if `minGasPrices == 1uatom,1photon`, the `gas-price` of the transaction must be + greater than `1uatom` OR `1photon`). +* `appVersion`: Version of the application. It is set in the + [application's constructor function](../beginner/00-app-anatomy.md#constructor-function). + +## Constructor + +```go +func NewBaseApp( + name string, logger log.Logger, db dbm.DB, txDecoder sdk.TxDecoder, options ...func(*BaseApp), +) *BaseApp { + + // ... +} +``` + +The `BaseApp` constructor function is pretty straightforward. The only thing worth noting is the +possibility to provide additional [`options`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/options.go) +to the `BaseApp`, which will execute them in order. The `options` are generally `setter` functions +for important parameters, like `SetPruning()` to set pruning options or `SetMinGasPrices()` to set +the node's `min-gas-prices`. + +Naturally, developers can add additional `options` based on their application's needs. + +## State Updates + +The `BaseApp` maintains four primary volatile states and a root or main state. The main state +is the canonical state of the application and the volatile states, `checkState`, `prepareProposalState`, `processProposalState` and `finalizeBlockState` +are used to handle state transitions in-between the main state made during [`Commit`](#commit). + +Internally, there is only a single `CommitMultiStore` which we refer to as the main or root state. +From this root state, we derive four volatile states by using a mechanism called _store branching_ (performed by `CacheWrap` function). +The types can be illustrated as follows: + +![Types](./baseapp_state.png) + +### InitChain State Updates + +During `InitChain`, the four volatile states, `checkState`, `prepareProposalState`, `processProposalState` +and `finalizeBlockState` are set by branching the root `CommitMultiStore`. Any subsequent reads and writes happen +on branched versions of the `CommitMultiStore`. +To avoid unnecessary roundtrip to the main state, all reads to the branched store are cached. + +![InitChain](./baseapp_state-initchain.png) + +### CheckTx State Updates + +During `CheckTx`, the `checkState`, which is based off of the last committed state from the root +store, is used for any reads and writes. Here we only execute the `AnteHandler` and verify a service router +exists for every message in the transaction. Note, when we execute the `AnteHandler`, we branch +the already branched `checkState`. +This has the side effect that if the `AnteHandler` fails, the state transitions won't be reflected in the `checkState` +-- i.e. `checkState` is only updated on success. + +![CheckTx](./baseapp_state-checktx.png) + +### PrepareProposal State Updates + +During `PrepareProposal`, the `prepareProposalState` is set by branching the root `CommitMultiStore`. +The `prepareProposalState` is used for any reads and writes that occur during the `PrepareProposal` phase. +The function uses the `Select()` method of the mempool to iterate over the transactions. `runTx` is then called, +which encodes and validates each transaction and from there the `AnteHandler` is executed. +If successful, valid transactions are returned inclusive of the events, tags, and data generated +during the execution of the proposal. +The described behavior is that of the default handler, applications have the flexibility to define their own +[custom mempool handlers](https://docs.cosmos.network/main/build/building-apps/app-mempool). + +![ProcessProposal](./baseapp_state-prepareproposal.png) + +### ProcessProposal State Updates + +During `ProcessProposal`, the `processProposalState` is set based off of the last committed state +from the root store and is used to process a signed proposal received from a validator. +In this state, `runTx` is called and the `AnteHandler` is executed and the context used in this state is built with information +from the header and the main state, including the minimum gas prices, which are also set. +Again we want to highlight that the described behavior is that of the default handler and applications have the flexibility to define their own +[custom mempool handlers](https://docs.cosmos.network/main/build/building-apps/app-mempool). + +![ProcessProposal](./baseapp_state-processproposal.png) + +### FinalizeBlock State Updates + +During `FinalizeBlock`, the `finalizeBlockState` is set for use during transaction execution and endblock. The +`finalizeBlockState` is based off of the last committed state from the root store and is branched. +Note, the `finalizeBlockState` is set to `nil` on [`Commit`](#commit). + +The state flow for transaction execution is nearly identical to `CheckTx` except state transitions occur on +the `finalizeBlockState` and messages in a transaction are executed. Similarly to `CheckTx`, state transitions +occur on a doubly branched state -- `finalizeBlockState`. Successful message execution results in +writes being committed to `finalizeBlockState`. Note, if message execution fails, state transitions from +the AnteHandler are persisted. + +### Commit State Updates + +During `Commit` all the state transitions that occurred in the `finalizeBlockState` are finally written to +the root `CommitMultiStore` which in turn is committed to disk and results in a new application +root hash. These state transitions are now considered final. Finally, the `checkState` is set to the +newly committed state and `finalizeBlockState` is set to `nil` to be reset on `FinalizeBlock`. + +![Commit](./baseapp_state-commit.png) + +## ParamStore + +During `InitChain`, the `RequestInitChain` provides `ConsensusParams` which contains parameters +related to block execution such as maximum gas and size in addition to evidence parameters. If these +parameters are non-nil, they are set in the BaseApp's `ParamStore`. Behind the scenes, the `ParamStore` +is managed by an `x/consensus_params` module. This allows the parameters to be tweaked via + on-chain governance. + +## Service Routers + +When messages and queries are received by the application, they must be routed to the appropriate module in order to be processed. Routing is done via `BaseApp`, which holds a `msgServiceRouter` for messages, and a `grpcQueryRouter` for queries. + +### `Msg` Service Router + +[`sdk.Msg`s](../../build/building-modules/02-messages-and-queries.md#messages) need to be routed after they are extracted from transactions, which are sent from the underlying CometBFT engine via the [`CheckTx`](#checktx) and [`FinalizeBlock`](#finalizeblock) ABCI messages. To do so, `BaseApp` holds a `msgServiceRouter` which maps fully-qualified service methods (`string`, defined in each module's Protobuf `Msg` service) to the appropriate module's `MsgServer` implementation. + +The [default `msgServiceRouter` included in `BaseApp`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/msg_service_router.go) is stateless. However, some applications may want to make use of more stateful routing mechanisms such as allowing governance to disable certain routes or point them to new modules for upgrade purposes. For this reason, the `sdk.Context` is also passed into each [route handler inside `msgServiceRouter`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/msg_service_router.go#L35-L36). For a stateless router that doesn't want to make use of this, you can just ignore the `ctx`. + +The application's `msgServiceRouter` is initialized with all the routes using the application's [module manager](../../build/building-modules/01-module-manager.md#manager) (via the `RegisterServices` method), which itself is initialized with all the application's modules in the application's [constructor](../beginner/00-app-anatomy.md#constructor-function). + +### gRPC Query Router + +Similar to `sdk.Msg`s, [`queries`](../../build/building-modules/02-messages-and-queries.md#queries) need to be routed to the appropriate module's [`Query` service](../../build/building-modules/04-query-services.md). To do so, `BaseApp` holds a `grpcQueryRouter`, which maps modules' fully-qualified service methods (`string`, defined in their Protobuf `Query` gRPC) to their `QueryServer` implementation. The `grpcQueryRouter` is called during the initial stages of query processing, which can be either by directly sending a gRPC query to the gRPC endpoint, or via the [`Query` ABCI message](#query) on the CometBFT RPC endpoint. + +Just like the `msgServiceRouter`, the `grpcQueryRouter` is initialized with all the query routes using the application's [module manager](../../build/building-modules/01-module-manager.md) (via the `RegisterServices` method), which itself is initialized with all the application's modules in the application's [constructor](../beginner/00-app-anatomy.md#app-constructor). + +## Main ABCI 2.0 Messages + +The [Application-Blockchain Interface](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md) (ABCI) is a generic interface that connects a state-machine with a consensus engine to form a functional full-node. It can be wrapped in any language, and needs to be implemented by each application-specific blockchain built on top of an ABCI-compatible consensus engine like CometBFT. + +The consensus engine handles two main tasks: + +* The networking logic, which mainly consists in gossiping block parts, transactions and consensus votes. +* The consensus logic, which results in the deterministic ordering of transactions in the form of blocks. + +It is **not** the role of the consensus engine to define the state or the validity of transactions. Generally, transactions are handled by the consensus engine in the form of `[]bytes`, and relayed to the application via the ABCI to be decoded and processed. At keys moments in the networking and consensus processes (e.g. beginning of a block, commit of a block, reception of an unconfirmed transaction, ...), the consensus engine emits ABCI messages for the state-machine to act on. + +Developers building on top of the Cosmos SDK need not implement the ABCI themselves, as `BaseApp` comes with a built-in implementation of the interface. Let us go through the main ABCI messages that `BaseApp` implements: + +* [`Prepare Proposal`](#prepare-proposal) +* [`Process Proposal`](#process-proposal) +* [`CheckTx`](#checktx) +* [`FinalizeBlock`](#finalizeblock) +* [`ExtendVote`](#extendvote) +* [`VerifyVoteExtension`](#verifyvoteextension) + + +### Prepare Proposal + +The `PrepareProposal` function is part of the new methods introduced in Application Blockchain Interface (ABCI++) in CometBFT and is an important part of the application's overall governance system. In the Cosmos SDK, it allows the application to have more fine-grained control over the transactions that are processed, and ensures that only valid transactions are committed to the blockchain. + +Here is how the `PrepareProposal` function can be implemented: + +1. Extract the `sdk.Msg`s from the transaction. +2. Perform _stateful_ checks by calling `Validate()` on each of the `sdk.Msg`'s. This is done after _stateless_ checks as _stateful_ checks are more computationally expensive. If `Validate()` fails, `PrepareProposal` returns before running further checks, which saves resources. +3. Perform any additional checks that are specific to the application, such as checking account balances, or ensuring that certain conditions are met before a transaction is proposed.hey are processed by the consensus engine, if necessary. +4. Return the updated transactions to be processed by the consensus engine + +Note that, unlike `CheckTx()`, `PrepareProposal` process `sdk.Msg`s, so it can directly update the state. However, unlike `FinalizeBlock()`, it does not commit the state updates. It's important to exercise caution when using `PrepareProposal` as incorrect coding could affect the overall liveness of the network. + +It's important to note that `PrepareProposal` complements the `ProcessProposal` method which is executed after this method. The combination of these two methods means that it is possible to guarantee that no invalid transactions are ever committed. Furthermore, such a setup can give rise to other interesting use cases such as Oracles, threshold decryption and more. + +`PrepareProposal` returns a response to the underlying consensus engine of type [`abci.CheckTxResponse`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#processproposal). The response contains: + +* `Code (uint32)`: Response Code. `0` if successful. +* `Data ([]byte)`: Result bytes, if any. +* `Log (string):` The output of the application's logger. May be non-deterministic. +* `Info (string):` Additional information. May be non-deterministic. + + +### Process Proposal + +The `ProcessProposal` function is called by the BaseApp as part of the ABCI message flow, and is executed during the `FinalizeBlock` phase of the consensus process. The purpose of this function is to give more control to the application for block validation, allowing it to check all transactions in a proposed block before the validator sends the prevote for the block. It allows a validator to perform application-dependent work in a proposed block, enabling features such as immediate block execution, and allows the Application to reject invalid blocks. + +The `ProcessProposal` function performs several key tasks, including: + +1. Validating the proposed block by checking all transactions in it. +2. Checking the proposed block against the current state of the application, to ensure that it is valid and that it can be executed. +3. Updating the application's state based on the proposal, if it is valid and passes all checks. +4. Returning a response to CometBFT indicating the result of the proposal processing. + +The `ProcessProposal` is an important part of the application's overall governance system. It is used to manage the network's parameters and other key aspects of its operation. It also ensures that the coherence property is adhered to i.e. all honest validators must accept a proposal by an honest proposer. + +It's important to note that `ProcessProposal` complements the `PrepareProposal` method which enables the application to have more fine-grained transaction control by allowing it to reorder, drop, delay, modify, and even add transactions as they see necessary. The combination of these two methods means that it is possible to guarantee that no invalid transactions are ever committed. Furthermore, such a setup can give rise to other interesting use cases such as Oracles, threshold decryption and more. + +CometBFT calls it when it receives a proposal and the CometBFT algorithm has not locked on a value. The Application cannot modify the proposal at this point but can reject it if it is invalid. If that is the case, CometBFT will prevote `nil` on the proposal, which has strong liveness implications for CometBFT. As a general rule, the Application SHOULD accept a prepared proposal passed via `ProcessProposal`, even if a part of the proposal is invalid (e.g., an invalid transaction); the Application can ignore the invalid part of the prepared proposal at block execution time. + +However, developers must exercise greater caution when using these methods. Incorrectly coding these methods could affect liveness as CometBFT is unable to receive 2/3 valid precommits to finalize a block. + +`ProcessProposal` returns a response to the underlying consensus engine of type [`abci.CheckTxResponse`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#processproposal). The response contains: + +* `Code (uint32)`: Response Code. `0` if successful. +* `Data ([]byte)`: Result bytes, if any. +* `Log (string):` The output of the application's logger. May be non-deterministic. +* `Info (string):` Additional information. May be non-deterministic. + + +### CheckTx + +`CheckTx` is sent by the underlying consensus engine when a new unconfirmed (i.e. not yet included in a valid block) +transaction is received by a full-node. The role of `CheckTx` is to guard the full-node's mempool +(where unconfirmed transactions are stored until they are included in a block) from spam transactions. +Unconfirmed transactions are relayed to peers only if they pass `CheckTx`. + +`CheckTx()` can perform both _stateful_ and _stateless_ checks, but developers should strive to +make the checks **lightweight** because gas fees are not charged for the resources (CPU, data load...) used during the `CheckTx`. + +In the Cosmos SDK, after [decoding transactions](./05-encoding.md), `CheckTx()` is implemented +to do the following checks: + +1. Extract the `sdk.Msg`s from the transaction. +2. **Optionally** perform _stateless_ checks by calling `ValidateBasic()` on each of the `sdk.Msg`s. This is done + first, as _stateless_ checks are less computationally expensive than _stateful_ checks. If + `ValidateBasic()` fail, `CheckTx` returns before running _stateful_ checks, which saves resources. + This check is still performed for messages that have not yet migrated to the new message validation mechanism defined in [RFC 001](https://docs.cosmos.network/main/rfc/rfc-001-tx-validation) and still have a `ValidateBasic()` method. +3. Perform non-module related _stateful_ checks on the [account](../beginner/03-accounts.md). This step is mainly about checking + that the `sdk.Msg` signatures are valid, that enough fees are provided and that the sending account + has enough funds to pay for said fees. Note that no precise [`gas`](../beginner/04-gas-fees.md) counting occurs here, + as `sdk.Msg`s are not processed. Usually, the [`AnteHandler`](../beginner/04-gas-fees.md#antehandler) will check that the `gas` provided + with the transaction is superior to a minimum reference gas amount based on the raw transaction size, + in order to avoid spam with transactions that provide 0 gas. + +`CheckTx` does **not** process `sdk.Msg`s - they only need to be processed when the canonical state needs to be updated, which happens during `FinalizeBlock`. + +Steps 2. and 3. are performed by the [`AnteHandler`](../beginner/04-gas-fees.md#antehandler) in the [`RunTx()`](#runtx-antehandler-and-runmsgs) +function, which `CheckTx()` calls with the `runTxModeCheck` mode. During each step of `CheckTx()`, a +special [volatile state](#state-updates) called `checkState` is updated. This state is used to keep +track of the temporary changes triggered by the `CheckTx()` calls of each transaction without modifying +the [main canonical state](#main-state). For example, when a transaction goes through `CheckTx()`, the +transaction's fees are deducted from the sender's account in `checkState`. If a second transaction is +received from the same account before the first is processed, and the account has consumed all its +funds in `checkState` during the first transaction, the second transaction will fail `CheckTx`() and +be rejected. In any case, the sender's account will not actually pay the fees until the transaction +is actually included in a block, because `checkState` never gets committed to the main state. The +`checkState` is reset to the latest state of the main state each time a blocks gets [committed](#commit). + +`CheckTx` returns a response to the underlying consensus engine of type [`abci.CheckTxResponse`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#checktx). +The response contains: + +* `Code (uint32)`: Response Code. `0` if successful. +* `Data ([]byte)`: Result bytes, if any. +* `Log (string):` The output of the application's logger. May be non-deterministic. +* `Info (string):` Additional information. May be non-deterministic. +* `GasWanted (int64)`: Amount of gas requested for transaction. It is provided by users when they generate the transaction. +* `GasUsed (int64)`: Amount of gas consumed by transaction. During `CheckTx`, this value is computed by multiplying the standard cost of a transaction byte by the size of the raw transaction. Next is an example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/ante/basic.go#L104 +``` + +* `Events ([]cmn.KVPair)`: Key-Value tags for filtering and indexing transactions (eg. by account). See [`event`s](./08-events.md) for more. +* `Codespace (string)`: Namespace for the Code. + +#### RecheckTx + +After `Commit`, `CheckTx` is run again on all transactions that remain in the node's local mempool +excluding the transactions that are included in the block. To prevent the mempool from rechecking all transactions +every time a block is committed, the configuration option `mempool.recheck=false` can be set. As of +Tendermint v0.32.1, an additional `Type` parameter is made available to the `CheckTx` function that +indicates whether an incoming transaction is new (`CheckTxType_New`), or a recheck (`CheckTxType_Recheck`). +This allows certain checks like signature verification can be skipped during `CheckTxType_Recheck`. + +## RunTx, AnteHandler, RunMsgs, PostHandler + +### RunTx + +`RunTx` is called from `CheckTx`/`Finalizeblock` to handle the transaction, with `execModeCheck` or `execModeFinalize` as parameter to differentiate between the two modes of execution. Note that when `RunTx` receives a transaction, it has already been decoded. + +The first thing `RunTx` does upon being called is to retrieve the `context`'s `CacheMultiStore` by calling the `getContextForTx()` function with the appropriate mode (either `runTxModeCheck` or `execModeFinalize`). This `CacheMultiStore` is a branch of the main store, with cache functionality (for query requests), instantiated during `FinalizeBlock` for transaction execution and during the `Commit` of the previous block for `CheckTx`. After that, two `defer func()` are called for [`gas`](../beginner/04-gas-fees.md) management. They are executed when `runTx` returns and make sure `gas` is actually consumed, and will throw errors, if any. + +After that, `RunTx()` calls `ValidateBasic()`, when available and for backward compatibility, on each `sdk.Msg`in the `Tx`, which runs preliminary _stateless_ validity checks. If any `sdk.Msg` fails to pass `ValidateBasic()`, `RunTx()` returns with an error. + +Then, the [`anteHandler`](#antehandler) of the application is run (if it exists). In preparation of this step, both the `checkState`/`finalizeBlockState`'s `context` and `context`'s `CacheMultiStore` are branched using the `cacheTxContext()` function. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/baseapp.go#L706-L722 +``` + +This allows `RunTx` not to commit the changes made to the state during the execution of `anteHandler` if it ends up failing. It also prevents the module implementing the `anteHandler` from writing to state, which is an important part of the [object-capabilities](./10-ocap.md) of the Cosmos SDK. + +Finally, the [`RunMsgs()`](#runmsgs) function is called to process the `sdk.Msg`s in the `Tx`. In preparation of this step, just like with the `anteHandler`, both the `checkState`/`finalizeBlockState`'s `context` and `context`'s `CacheMultiStore` are branched using the `cacheTxContext()` function. + +### AnteHandler + +The `AnteHandler` is a special handler that implements the `AnteHandler` interface and is used to authenticate the transaction before the transaction's internal messages are processed. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/handler.go#L3-L5 +``` + +The `AnteHandler` is theoretically optional, but still a very important component of public blockchain networks. It serves 3 primary purposes: + +* Be a primary line of defense against spam and second line of defense (the first one being the mempool) against transaction replay with fees deduction and [`sequence`](./01-transactions.md#transaction-generation) checking. +* Perform preliminary _stateful_ validity checks like ensuring signatures are valid or that the sender has enough funds to pay for fees. +* Play a role in the incentivization of stakeholders via the collection of transaction fees. + +`BaseApp` holds an `anteHandler` as parameter that is initialized in the [application's constructor](../beginner/00-app-anatomy.md#application-constructor). The most widely used `anteHandler` is the [`auth` module](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/ante/ante.go). + +Click [here](../beginner/04-gas-fees.md#antehandler) for more on the `anteHandler`. + +### RunMsgs + +`RunMsgs` is called from `RunTx` with `runTxModeCheck` as parameter to check the existence of a route for each message the transaction, and with `execModeFinalize` to actually process the `sdk.Msg`s. + +First, it retrieves the `sdk.Msg`'s fully-qualified type name, by checking the `type_url` of the Protobuf `Any` representing the `sdk.Msg`. Then, using the application's [`msgServiceRouter`](#msg-service-router), it checks for the existence of `Msg` service method related to that `type_url`. At this point, if `mode == runTxModeCheck`, `RunMsgs` returns. Otherwise, if `mode == execModeFinalize`, the [`Msg` service](../../build/building-modules/03-msg-services.md) RPC is executed, before `RunMsgs` returns. + +### PostHandler + +`PostHandler` is similar to `AnteHandler`, but it, as the name suggests, executes custom post tx processing logic after [`RunMsgs`](#runmsgs) is called. `PostHandler` receives the `Result` of the `RunMsgs` in order to enable this customizable behavior. + +Like `AnteHandler`s, `PostHandler`s are theoretically optional. + +Other use cases like unused gas refund can also be enabled by `PostHandler`s. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/posthandler/post.go#L1-L15 +``` + +Note, when `PostHandler`s fail, the state from `runMsgs` is also reverted, effectively making the transaction fail. + +## Other ABCI Messages + +### InitChain + +The [`InitChain` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#method-overview) is sent from the underlying CometBFT engine when the chain is first started. It is mainly used to **initialize** parameters and state like: + +* [Consensus Parameters](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_app_requirements.md#consensus-parameters) via `setConsensusParams`. +* [`checkState` and `finalizeBlockState`](#state-updates) via `setState`. +* The [block gas meter](../beginner/04-gas-fees.md#block-gas-meter), with infinite gas to process genesis transactions. + +Finally, the `InitChain(req abci.InitChainRequest)` method of `BaseApp` calls the [`initChainer()`](../beginner/00-app-anatomy.md#initchainer) of the application in order to initialize the main state of the application from the `genesis file` and, if defined, call the [`InitGenesis`](../../build/building-modules/08-genesis.md#initgenesis) function of each of the application's modules. + + +### FinalizeBlock + +The [`FinalizeBlock` ABCI message](https://github.com/cometbft/cometbft/blob/v0.38.x/spec/abci/abci++_basic_concepts.md#method-overview) is sent from the underlying CometBFT engine when a block proposal created by the correct proposer is received. The previous `BeginBlock, DeliverTx and Endblock` calls are private methods on the BaseApp struct. + + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/abci.go#L869 +``` + +#### PreBlock + +* Run the application's [`preBlocker()`](../beginner/00-app-anatomy.md#preblocker), which mainly runs the [`PreBlocker()`](../../build/building-modules/17-preblock.md#preblock) method of each of the modules. + +#### BeginBlock + +* Initialize [`finalizeBlockState`](#state-updates) with the latest header using the `req abci.FinalizeBlockRequest` passed as parameter via the `setState` function. + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/baseapp.go#L746-L770 + ``` + + This function also resets the [main gas meter](../beginner/04-gas-fees.md#main-gas-meter). + +* Initialize the [block gas meter](../beginner/04-gas-fees.md#block-gas-meter) with the `maxGas` limit. The `gas` consumed within the block cannot go above `maxGas`. This parameter is defined in the application's consensus parameters. +* Run the application's [`beginBlocker()`](../beginner/00-app-anatomy.md#beginblocker-and-endblocker), which mainly runs the [`BeginBlocker()`](../../build/building-modules/06-beginblock-endblock.md#beginblock) method of each of the modules. +* Set the [`VoteInfos`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#voteinfo) of the application, i.e. the list of validators whose _precommit_ for the previous block was included by the proposer of the current block. This information is carried into the [`Context`](./02-context.md) so that it can be used during transaction execution and EndBlock. + +#### Transaction Execution + +When the underlying consensus engine receives a block proposal, each transaction in the block needs to be processed by the application. To that end, the underlying consensus engine sends the transactions in FinalizeBlock message to the application for each transaction in a sequential order. + +Before the first transaction of a given block is processed, a [volatile state](#state-updates) called `finalizeBlockState` is initialized during FinalizeBlock. This state is updated each time a transaction is processed via `FinalizeBlock`, and committed to the [main state](#main-state) when the block is [committed](#commit), after what it is set to `nil`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/baseapp.go#L772-L807 +``` + +Transaction execution within `FinalizeBlock` performs the **exact same steps as `CheckTx`**, with a little caveat at step 3 and the addition of a fifth step: + +1. The `AnteHandler` does **not** check that the transaction's `gas-prices` is sufficient. That is because the `min-gas-prices` value `gas-prices` is checked against is local to the node, and therefore what is enough for one full-node might not be for another. This means that the proposer can potentially include transactions for free, although they are not incentivized to do so, as they earn a bonus on the total fee of the block they propose. +2. For each `sdk.Msg` in the transaction, route to the appropriate module's Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md). Additional _stateful_ checks are performed, and the branched multistore held in `finalizeBlockState`'s `context` is updated by the module's `keeper`. If the `Msg` service returns successfully, the branched multistore held in `context` is written to `finalizeBlockState` `CacheMultiStore`. + +During the additional fifth step outlined in (2), each read/write to the store increases the value of `GasConsumed`. You can find the default cost of each operation: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/gas.go#L230-L241 +``` + +At any point, if `GasConsumed > GasWanted`, the function returns with `Code != 0` and the execution fails. + +Each transactions returns a response to the underlying consensus engine of type [`abci.ExecTxResult`](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/spec/abci/abci%2B%2B_methods.md#exectxresult). The response contains: + +* `Code (uint32)`: Response Code. `0` if successful. +* `Data ([]byte)`: Result bytes, if any. +* `Log (string):` The output of the application's logger. May be non-deterministic. +* `Info (string):` Additional information. May be non-deterministic. +* `GasWanted (int64)`: Amount of gas requested for transaction. It is provided by users when they generate the transaction. +* `GasUsed (int64)`: Amount of gas consumed by transaction. During transaction execution, this value is computed by multiplying the standard cost of a transaction byte by the size of the raw transaction, and by adding gas each time a read/write to the store occurs. +* `Events ([]cmn.KVPair)`: Key-Value tags for filtering and indexing transactions (eg. by account). See [`event`s](./08-events.md) for more. +* `Codespace (string)`: Namespace for the Code. + +#### EndBlock + +EndBlock is run after transaction execution completes. It allows developers to have logic be executed at the end of each block. In the Cosmos SDK, the bulk EndBlock() method is to run the application's EndBlocker(), which mainly runs the EndBlocker() method of each of the application's modules. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/baseapp.go#L811-L833 +``` + +### Commit + +The [`Commit` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#method-overview) is sent from the underlying CometBFT engine after the full-node has received _precommits_ from 2/3+ of validators (weighted by voting power). On the `BaseApp` end, the `Commit(res abci.CommitResponse)` function is implemented to commit all the valid state transitions that occurred during `FinalizeBlock` and to reset state for the next block. + +To commit state-transitions, the `Commit` function calls the `Write()` function on `finalizeBlockState.ms`, where `finalizeBlockState.ms` is a branched multistore of the main store `app.cms`. Then, the `Commit` function sets `checkState` to the latest header (obtained from `finalizeBlockState.ctx.BlockHeader`) and `finalizeBlockState` to `nil`. + +Finally, `Commit` returns the hash of the commitment of `app.cms` back to the underlying consensus engine. This hash is used as a reference in the header of the next block. + +### Info + +The [`Info` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#info-methods) is a simple query from the underlying consensus engine, notably used to sync the latter with the application during a handshake that happens on startup. When called, the `Info(res abci.InfoResponse)` function from `BaseApp` will return the application's name, version and the hash of the last commit of `app.cms`. + +### Query + +The [`Query` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#info-methods) is used to serve queries received from the underlying consensus engine, including queries received via RPC like CometBFT RPC. It used to be the main entrypoint to build interfaces with the application, but with the introduction of [gRPC queries](../../build/building-modules/04-query-services.md) in Cosmos SDK v0.40, its usage is more limited. The application must respect a few rules when implementing the `Query` method, which are outlined [here](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_app_requirements.md#query). + +Each CometBFT `query` comes with a `path`, which is a `string` which denotes what to query. If the `path` matches a gRPC fully-qualified service method, then `BaseApp` will defer the query to the `grpcQueryRouter` and let it handle it like explained [above](#grpc-query-router). Otherwise, the `path` represents a query that is not (yet) handled by the gRPC router. `BaseApp` splits the `path` string with the `/` delimiter. By convention, the first element of the split string (`split[0]`) contains the category of `query` (`app`, `p2p`, `store` or `custom` ). The `BaseApp` implementation of the `Query(req abci.QueryRequest)` method is a simple dispatcher serving these 4 main categories of queries: + +* Application-related queries like querying the application's version, which are served via the `handleQueryApp` method. +* Direct queries to the multistore, which are served by the `handlerQueryStore` method. These direct queries are different from custom queries which go through `app.queryRouter`, and are mainly used by third-party service provider like block explorers. +* P2P queries, which are served via the `handleQueryP2P` method. These queries return either `app.addrPeerFilter` or `app.ipPeerFilter` that contain the list of peers filtered by address or IP respectively. These lists are first initialized via `options` in `BaseApp`'s [constructor](#constructor). + +### ExtendVote + +`ExtendVote` allows an application to extend a pre-commit vote with arbitrary data. This process does NOT have to be deterministic and the data returned can be unique to the validator process. + +In the Cosmos-SDK this is implemented as a NoOp: + +``` go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/abci_utils.go#L444-L450 +``` + +### VerifyVoteExtension + +`VerifyVoteExtension` allows an application to verify that the data returned by `ExtendVote` is valid. This process MUST be deterministic. Moreover, the value of ResponseVerifyVoteExtension.status MUST exclusively depend on the parameters passed in the call to RequestVerifyVoteExtension, and the last committed Application state. + +In the Cosmos-SDK this is implemented as a NoOp: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/abci_utils.go#L452-L458 +``` diff --git a/copy-of-sdk-docs/learn/advanced/01-transactions.md b/copy-of-sdk-docs/learn/advanced/01-transactions.md new file mode 100644 index 00000000..72575563 --- /dev/null +++ b/copy-of-sdk-docs/learn/advanced/01-transactions.md @@ -0,0 +1,229 @@ +--- +sidebar_position: 1 +--- + +# Transactions + +:::note Synopsis +`Transactions` are objects created by end-users to trigger state changes in the application. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK Application](../beginner/00-app-anatomy.md) + +::: + +## Transactions + +Transactions are comprised of metadata held in [contexts](./02-context.md) and [`sdk.Msg`s](../../build/building-modules/02-messages-and-queries.md) that trigger state changes within a module through the module's Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md). + +When users want to interact with an application and make state changes (e.g. sending coins), they create transactions. Each of a transaction's `sdk.Msg` must be signed using the private key associated with the appropriate account(s), before the transaction is broadcasted to the network. A transaction must then be included in a block, validated, and approved by the network through the consensus process. To read more about the lifecycle of a transaction, click [here](../beginner/01-tx-lifecycle.md). + +## Type Definition + +Transaction objects are Cosmos SDK types that implement the `Tx` interface + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/tx_msg.go#L53-L58 +``` + +It contains the following methods: + +* **GetMsgs:** unwraps the transaction and returns a list of contained `sdk.Msg`s - one transaction may have one or multiple messages, which are defined by module developers. + +As a developer, you should rarely manipulate `Tx` directly, as `Tx` is an intermediate type used for transaction generation. Instead, developers should prefer the `TxBuilder` interface, which you can learn more about [below](#transaction-generation). + +### Signing Transactions + +Every message in a transaction must be signed by the addresses specified by its `GetSigners`. The Cosmos SDK currently allows signing transactions in two different ways. + +#### `SIGN_MODE_DIRECT` (preferred) + +The most used implementation of the `Tx` interface is the Protobuf `Tx` message, which is used in `SIGN_MODE_DIRECT`: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/v1beta1/tx.proto#L15-L28 +``` + +Because Protobuf serialization is not deterministic, the Cosmos SDK uses an additional `TxRaw` type to denote the pinned bytes over which a transaction is signed. Any user can generate a valid `body` and `auth_info` for a transaction, and serialize these two messages using Protobuf. `TxRaw` then pins the user's exact binary representation of `body` and `auth_info`, called respectively `body_bytes` and `auth_info_bytes`. The document that is signed by all signers of the transaction is `SignDoc` (deterministically serialized using [ADR-027](../../build/architecture/adr-027-deterministic-protobuf-serialization.md)): + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/v1beta1/tx.proto#L50-L67 +``` + +Once signed by all signers, the `body_bytes`, `auth_info_bytes` and `signatures` are gathered into `TxRaw`, whose serialized bytes are broadcasted over the network. + +#### `SIGN_MODE_LEGACY_AMINO_JSON` + +The legacy implementation of the `Tx` interface is the `StdTx` struct from `x/auth`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/migrations/legacytx/stdtx.go#L82-L89 +``` + +The document signed by all signers is `StdSignDoc`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/migrations/legacytx/stdsign.go#L30-L43 +``` + +which is encoded into bytes using Amino JSON. Once all signatures are gathered into `StdTx`, `StdTx` is serialized using Amino JSON, and these bytes are broadcasted over the network. + +#### Other Sign Modes + +The Cosmos SDK also provides a couple of other sign modes for particular use cases. + +#### `SIGN_MODE_DIRECT_AUX` + +`SIGN_MODE_DIRECT_AUX` is a sign mode released in the Cosmos SDK v0.46 which targets transactions with multiple signers. Whereas `SIGN_MODE_DIRECT` expects each signer to sign over both `TxBody` and `AuthInfo` (which includes all other signers' signer infos, i.e. their account sequence, public key and mode info), `SIGN_MODE_DIRECT_AUX` allows N-1 signers to only sign over `TxBody` and _their own_ signer info. Moreover, each auxiliary signer (i.e. a signer using `SIGN_MODE_DIRECT_AUX`) doesn't +need to sign over the fees: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/v1beta1/tx.proto#L68-L93 +``` + +The use case is a multi-signer transaction, where one of the signers is appointed to gather all signatures, broadcast the signature and pay for fees, and the others only care about the transaction body. This generally allows for a better multi-signing UX. If Alice, Bob and Charlie are part of a 3-signer transaction, then Alice and Bob can both use `SIGN_MODE_DIRECT_AUX` to sign over the `TxBody` and their own signer info (no need an additional step to gather other signers' ones, like in `SIGN_MODE_DIRECT`), without specifying a fee in their SignDoc. Charlie can then gather both signatures from Alice and Bob, and +create the final transaction by appending a fee. Note that the fee payer of the transaction (in our case Charlie) must sign over the fees, so must use `SIGN_MODE_DIRECT` or `SIGN_MODE_LEGACY_AMINO_JSON`. + + +#### `SIGN_MODE_TEXTUAL` + +`SIGN_MODE_TEXTUAL` is a new sign mode for delivering a better signing experience on hardware wallets and it is included in the v0.50 release. In this mode, the signer signs over the human-readable string representation of the transaction (CBOR) and makes all data being displayed easier to read. The data is formatted as screens, and each screen is meant to be displayed in its entirety even on small devices like the Ledger Nano. + +There are also _expert_ screens, which will only be displayed if the user has chosen that option in its hardware device. These screens contain things like account number, account sequence and the sign data hash. + +Data is formatted using a set of `ValueRenderer` which the SDK provides defaults for all the known messages and value types. Chain developers can also opt to implement their own `ValueRenderer` for a type/message if they'd like to display information differently. + +If you wish to learn more, please refer to [ADR-050](../../build/architecture/adr-050-sign-mode-textual.md). + +#### Custom Sign modes + +There is an opportunity to add your own custom sign mode to the Cosmos-SDK. While we can not accept the implementation of the sign mode to the repository, we can accept a pull request to add the custom signmode to the SignMode enum located [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/signing/v1beta1/signing.proto#L17) + +## Transaction Process + +The process of an end-user sending a transaction is: + +* decide on the messages to put into the transaction, +* generate the transaction using the Cosmos SDK's `TxBuilder`, +* broadcast the transaction using one of the available interfaces. + +The next paragraphs will describe each of these components, in this order. + +### Messages + +:::tip +Module `sdk.Msg`s are not to be confused with [ABCI Messages](https://docs.cometbft.com/v0.37/spec/abci/) which define interactions between the CometBFT and application layers. +::: + +**Messages** (or `sdk.Msg`s) are module-specific objects that trigger state transitions within the scope of the module they belong to. Module developers define the messages for their module by adding methods to the Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md), and also implement the corresponding `MsgServer`. + +Each `sdk.Msg`s is related to exactly one Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md) RPC, defined inside each module's `tx.proto` file. A SDK app router automatically maps every `sdk.Msg` to a corresponding RPC. Protobuf generates a `MsgServer` interface for each module `Msg` service, and the module developer needs to implement this interface. +This design puts more responsibility on module developers, allowing application developers to reuse common functionalities without having to implement state transition logic repetitively. + +To learn more about Protobuf `Msg` services and how to implement `MsgServer`, click [here](../../build/building-modules/03-msg-services.md). + +While messages contain the information for state transition logic, a transaction's other metadata and relevant information are stored in the `TxBuilder` and `Context`. + +### Transaction Generation + +The `TxBuilder` interface contains data closely related with the generation of transactions, which an end-user can set to generate the desired transaction: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/tx_config.go#L39-L57 +``` + +* `Msg`s, the array of [messages](#messages) included in the transaction. +* `GasLimit`, option chosen by the users for how to calculate how much gas they will need to pay. +* `Memo`, a note or comment to send with the transaction. +* `FeeAmount`, the maximum amount the user is willing to pay in fees. +* `TimeoutHeight`, block height until which the transaction is valid. +* `Unordered`, an option indicating this transaction may be executed in any order (requires Sequence to be unset.) +* `TimeoutTimestamp`, the timeout timestamp (unordered nonce) of the transaction (required to be used with Unordered). +* `Signatures`, the array of signatures from all signers of the transaction. + +As there are currently two sign modes for signing transactions, there are also two implementations of `TxBuilder`: + +* [wrapper](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/tx/builder.go#L27-L44) for creating transactions for `SIGN_MODE_DIRECT`, +* [StdTxBuilder](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/migrations/legacytx/stdtx_builder.go#L14-L17) for `SIGN_MODE_LEGACY_AMINO_JSON`. + +However, the two implementations of `TxBuilder` should be hidden away from end-users, as they should prefer using the overarching `TxConfig` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/tx_config.go#L27-L37 +``` + +`TxConfig` is an app-wide configuration for managing transactions. Most importantly, it holds the information about whether to sign each transaction with `SIGN_MODE_DIRECT` or `SIGN_MODE_LEGACY_AMINO_JSON`. By calling `txBuilder := txConfig.NewTxBuilder()`, a new `TxBuilder` will be created with the appropriate sign mode. + +Once `TxBuilder` is correctly populated with the setters exposed above, `TxConfig` will also take care of correctly encoding the bytes (again, either using `SIGN_MODE_DIRECT` or `SIGN_MODE_LEGACY_AMINO_JSON`). Here's a pseudo-code snippet of how to generate and encode a transaction, using the `TxEncoder()` method: + +```go +txBuilder := txConfig.NewTxBuilder() +txBuilder.SetMsgs(...) // and other setters on txBuilder + +bz, err := txConfig.TxEncoder()(txBuilder.GetTx()) +// bz are bytes to be broadcasted over the network +``` + +### Broadcasting the Transaction + +Once the transaction bytes are generated, there are currently three ways of broadcasting it. + +#### CLI + +Application developers create entry points to the application by creating a [command-line interface](./07-cli.md), [gRPC and/or REST interface](./06-grpc_rest.md), typically found in the application's `./cmd` folder. These interfaces allow users to interact with the application through command-line. + +For the [command-line interface](../../build/building-modules/09-module-interfaces.md#cli), module developers create subcommands to add as children to the application top-level transaction command `TxCmd`. CLI commands actually bundle all the steps of transaction processing into one simple command: creating messages, generating transactions and broadcasting. For concrete examples, see the [Interacting with a Node](../../user/run-node/02-interact-node.md) section. An example transaction made using CLI looks like: + +```bash +simd tx send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake +``` + +#### gRPC + +[gRPC](https://grpc.io) is the main component for the Cosmos SDK's RPC layer. Its principal usage is in the context of modules' [`Query` services](../../build/building-modules/04-query-services.md). However, the Cosmos SDK also exposes a few other module-agnostic gRPC services, one of them being the `Tx` service: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/v1beta1/service.proto +``` + +The `Tx` service exposes a handful of utility functions, such as simulating a transaction or querying a transaction, and also one method to broadcast transactions. + +Examples of broadcasting and simulating a transaction are shown [here](../../user/run-node/03-txs.md#programmatically-with-go). + +#### REST + +Each gRPC method has its corresponding REST endpoint, generated using [gRPC-gateway](https://github.com/grpc-ecosystem/grpc-gateway). Therefore, instead of using gRPC, you can also use HTTP to broadcast the same transaction, on the `POST /cosmos/tx/v1beta1/txs` endpoint. + +An example can be seen [here](../../user/run-node/03-txs.md#using-rest) + +#### CometBFT RPC + +The three methods presented above are actually higher abstractions over the CometBFT RPC `/broadcast_tx_{async,sync,commit}` endpoints, documented [here](https://docs.cometbft.com/v0.37/core/rpc). This means that you can use the CometBFT RPC endpoints directly to broadcast the transaction, if you wish so. + +### Unordered Transactions + +:::tip + +Looking to enable unordered transactions on your chain? +Check out the [v0.53.0 Upgrade Guide](https://docs.cosmos.network/v0.53/build/migrations/upgrade-guide#enable-unordered-transactions-optional) + +::: + +:::warning + +Unordered transactions MUST leave sequence values unset. When a transaction is both unordered and contains a non-zero sequence value, +the transaction will be rejected. Services that operate on prior assumptions about transaction sequence values should be updated to handle unordered transactions. +Services should be aware that when the transaction is unordered, the transaction sequence will always be zero. + +::: + +Beginning with Cosmos SDK v0.53.0, chains may enable unordered transaction support. +Unordered transactions work by using a timestamp as the transaction's nonce value. The sequence value must NOT be set in the signature(s) of the transaction. +The timestamp must be greater than the current block time and not exceed the chain's configured max unordered timeout timestamp duration. +Senders must use a unique timestamp for each distinct transaction. The difference may be as small as a nanosecond, however. + +These unique timestamps serve as a one-shot nonce, and their lifespan in state is short-lived. +Upon transaction inclusion, an entry consisting of timeout timestamp and account address will be recorded to state. +Once the block time is passed the timeout timestamp value, the entry will be removed. This ensures that unordered nonces do not indefinitely fill up the chain's storage. diff --git a/copy-of-sdk-docs/learn/advanced/02-context.md b/copy-of-sdk-docs/learn/advanced/02-context.md new file mode 100644 index 00000000..578bb1f1 --- /dev/null +++ b/copy-of-sdk-docs/learn/advanced/02-context.md @@ -0,0 +1,103 @@ +--- +sidebar_position: 1 +--- + +# Context + +:::note Synopsis +The `context` is a data structure intended to be passed from function to function that carries information about the current state of the application. It provides access to a branched storage (a safe branch of the entire state) as well as useful objects and information like `gasMeter`, `block height`, `consensus parameters` and more. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK Application](../beginner/00-app-anatomy.md) +* [Lifecycle of a Transaction](../beginner/01-tx-lifecycle.md) + +::: + +## Context Definition + +The Cosmos SDK `Context` is a custom data structure that contains Go's stdlib [`context`](https://pkg.go.dev/context) as its base, and has many additional types within its definition that are specific to the Cosmos SDK. The `Context` is integral to transaction processing in that it allows modules to easily access their respective [store](./04-store.md#base-layer-kvstores) in the [`multistore`](./04-store.md#multistore) and retrieve transactional context such as the block header and gas meter. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/types/context.go#L40-L67 +``` + +* **Base Context:** The base type is a Go [Context](https://pkg.go.dev/context), which is explained further in the [Go Context Package](#go-context-package) section below. +* **Multistore:** Every application's `BaseApp` contains a [`CommitMultiStore`](./04-store.md#multistore) which is provided when a `Context` is created. Calling the `KVStore()` and `TransientStore()` methods allows modules to fetch their respective [`KVStore`](./04-store.md#base-layer-kvstores) using their unique `StoreKey`. +* **Header:** The [header](https://docs.cometbft.com/v0.37/spec/core/data_structures#header) is a Blockchain type. It carries important information about the state of the blockchain, such as block height and proposer of the current block. +* **Header Hash:** The current block header hash, obtained during `abci.FinalizeBlock`. +* **Chain ID:** The unique identification number of the blockchain a block pertains to. +* **Transaction Bytes:** The `[]byte` representation of a transaction being processed using the context. Every transaction is processed by various parts of the Cosmos SDK and consensus engine (e.g. CometBFT) throughout its [lifecycle](../beginner/01-tx-lifecycle.md), some of which do not have any understanding of transaction types. Thus, transactions are marshaled into the generic `[]byte` type using some kind of [encoding format](./05-encoding.md) such as [Amino](./05-encoding.md). +* **Logger:** A `logger` from the CometBFT libraries. Learn more about logs [here](https://docs.cometbft.com/v0.37/core/configuration). Modules call this method to create their own unique module-specific logger. +* **VoteInfo:** A list of the ABCI type [`VoteInfo`](https://docs.cometbft.com/main/spec/abci/abci++_methods.html#voteinfo), which includes the name of a validator and a boolean indicating whether they have signed the block. +* **Gas Meters:** Specifically, a [`gasMeter`](../beginner/04-gas-fees.md#main-gas-meter) for the transaction currently being processed using the context and a [`blockGasMeter`](../beginner/04-gas-fees.md#block-gas-meter) for the entire block it belongs to. Users specify how much in fees they wish to pay for the execution of their transaction; these gas meters keep track of how much [gas](../beginner/04-gas-fees.md) has been used in the transaction or block so far. If the gas meter runs out, execution halts. +* **CheckTx Mode:** A boolean value indicating whether a transaction should be processed in `CheckTx` or `DeliverTx` mode. +* **Min Gas Price:** The minimum [gas](../beginner/04-gas-fees.md) price a node is willing to take in order to include a transaction in its block. This price is a local value configured by each node individually, and should therefore **not be used in any functions used in sequences leading to state-transitions**. +* **Consensus Params:** The ABCI type [Consensus Parameters](https://docs.cometbft.com/v0.37/spec/abci/abci++_app_requirements#consensus-parameters), which specify certain limits for the blockchain, such as maximum gas for a block. +* **Event Manager:** The event manager allows any caller with access to a `Context` to emit [`Events`](./08-events.md). Modules may define module specific + `Events` by defining various `Types` and `Attributes` or use the common definitions found in `types/`. Clients can subscribe or query for these `Events`. These `Events` are collected throughout `FinalizeBlock` and are returned to CometBFT for indexing. +* **Priority:** The transaction priority, only relevant in `CheckTx`. +* **KV `GasConfig`:** Enables applications to set a custom `GasConfig` for the `KVStore`. +* **Transient KV `GasConfig`:** Enables applications to set a custom `GasConfig` for the transient `KVStore`. +* **StreamingManager:** The streamingManager field provides access to the streaming manager, which allows modules to subscribe to state changes emitted by the blockchain. The streaming manager is used by the state listening API, which is described in [ADR 038](https://docs.cosmos.network/main/architecture/adr-038-state-listening). +* **CometInfo:** A lightweight field that contains information about the current block, such as the block height, time, and hash. This information can be used for validating evidence, providing historical data, and enhancing the user experience. For further details see [here](https://github.com/cosmos/cosmos-sdk/blob/main/core/comet/service.go#L14). +* **HeaderInfo:** The `headerInfo` field contains information about the current block header, such as the chain ID, gas limit, and timestamp. For further details see [here](https://github.com/cosmos/cosmos-sdk/blob/main/core/header/service.go#L14). + +## Go Context Package + +A basic `Context` is defined in the [Golang Context Package](https://pkg.go.dev/context). A `Context` +is an immutable data structure that carries request-scoped data across APIs and processes. Contexts +are also designed to enable concurrency and to be used in goroutines. + +Contexts are intended to be **immutable**; they should never be edited. Instead, the convention is +to create a child context from its parent using a `With` function. For example: + +```go +childCtx = parentCtx.WithBlockHeader(header) +``` + +The [Golang Context Package](https://pkg.go.dev/context) documentation instructs developers to +explicitly pass a context `ctx` as the first argument of a process. + +## Store branching + +The `Context` contains a `MultiStore`, which allows for branching and caching functionality using `CacheMultiStore` +(queries in `CacheMultiStore` are cached to avoid future round trips). +Each `KVStore` is branched in a safe and isolated ephemeral storage. Processes are free to write changes to +the `CacheMultiStore`. If a state-transition sequence is performed without issue, the store branch can +be committed to the underlying store at the end of the sequence or disregard them if something +goes wrong. The pattern of usage for a Context is as follows: + +1. A process receives a Context `ctx` from its parent process, which provides information needed to + perform the process. +2. The `ctx.ms` is a **branched store**, i.e. a branch of the [multistore](./04-store.md#multistore) is made so that the process can make changes to the state as it executes, without changing the original `ctx.ms`. This is useful to protect the underlying multistore in case the changes need to be reverted at some point in the execution. +3. The process may read and write from `ctx` as it is executing. It may call a subprocess and pass + `ctx` to it as needed. +4. When a subprocess returns, it checks if the result is a success or failure. If a failure, nothing + needs to be done - the branch `ctx` is simply discarded. If successful, the changes made to + the `CacheMultiStore` can be committed to the original `ctx.ms` via `Write()`. + +For example, here is a snippet from the [`runTx`](./00-baseapp.md#runtx-antehandler-runmsgs-posthandler) function in [`baseapp`](./00-baseapp.md): + +```go +runMsgCtx, msCache := app.cacheTxContext(ctx, txBytes) +result = app.runMsgs(runMsgCtx, msgs, mode) +result.GasWanted = gasWanted +if mode != runTxModeDeliver { + return result +} +if result.IsOK() { + msCache.Write() +} +``` + +Here is the process: + +1. Prior to calling `runMsgs` on the message(s) in the transaction, it uses `app.cacheTxContext()` + to branch and cache the context and multistore. +2. `runMsgCtx` - the context with branched store, is used in `runMsgs` to return a result. +3. If the process is running in [`checkTxMode`](./00-baseapp.md#checktx), there is no need to write the + changes - the result is returned immediately. +4. If the process is running in [`deliverTxMode`](./00-baseapp.md#delivertx) and the result indicates + a successful run over all the messages, the branched multistore is written back to the original. diff --git a/copy-of-sdk-docs/learn/advanced/03-node.md b/copy-of-sdk-docs/learn/advanced/03-node.md new file mode 100644 index 00000000..375dedb0 --- /dev/null +++ b/copy-of-sdk-docs/learn/advanced/03-node.md @@ -0,0 +1,96 @@ +--- +sidebar_position: 1 +--- + +# Node Client (Daemon) + +:::note Synopsis +The main endpoint of a Cosmos SDK application is the daemon client, otherwise known as the full-node client. The full-node runs the state-machine, starting from a genesis file. It connects to peers running the same client in order to receive and relay transactions, block proposals and signatures. The full-node is constituted of the application, defined with the Cosmos SDK, and of a consensus engine connected to the application via the ABCI. +::: + +:::note Pre-requisite Readings + +* [Anatomy of an SDK application](../beginner/00-app-anatomy.md) + +::: + +## `main` function + +The full-node client of any Cosmos SDK application is built by running a `main` function. The client is generally named by appending the `-d` suffix to the application name (e.g. `appd` for an application named `app`), and the `main` function is defined in a `./appd/cmd/main.go` file. Running this function creates an executable `appd` that comes with a set of commands. For an app named `app`, the main command is [`appd start`](#start-command), which starts the full-node. + +In general, developers will implement the `main.go` function with the following structure: + +* First, an [`encodingCodec`](./05-encoding.md) is instantiated for the application. +* Then, the `config` is retrieved and config parameters are set. This mainly involves setting the Bech32 prefixes for [addresses](../beginner/03-accounts.md#addresses). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/config.go#L14-L29 +``` + +* Using [cobra](https://github.com/spf13/cobra), the root command of the full-node client is created. After that, all the custom commands of the application are added using the `AddCommand()` method of `rootCmd`. +* Add default server commands to `rootCmd` using the `server.AddCommands()` method. These commands are separated from the ones added above since they are standard and defined at Cosmos SDK level. They should be shared by all Cosmos SDK-based applications. They include the most important command: the [`start` command](#start-command). +* Prepare and execute the `executor`. + +```go reference +https://github.com/cometbft/cometbft/blob/v0.37.0/libs/cli/setup.go#L74-L78 +``` + +See an example of `main` function from the `simapp` application, the Cosmos SDK's application for demo purposes: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/main.go +``` + +## `start` command + +The `start` command is defined in the `/server` folder of the Cosmos SDK. It is added to the root command of the full-node client in the [`main` function](#main-function) and called by the end-user to start their node: + +```bash +# For an example app named "app", the following command starts the full-node. +appd start + +# Using the Cosmos SDK's own simapp, the following commands start the simapp node. +simd start +``` + +As a reminder, the full-node is composed of three conceptual layers: the networking layer, the consensus layer and the application layer. The first two are generally bundled together in an entity called the consensus engine (CometBFT by default), while the third is the state-machine defined with the help of the Cosmos SDK. Currently, the Cosmos SDK uses CometBFT as the default consensus engine, meaning the start command is implemented to boot up a CometBFT node. + +The flow of the `start` command is pretty straightforward. First, it retrieves the `config` from the `context` in order to open the `db` (a [`leveldb`](https://github.com/syndtr/goleveldb) instance by default). This `db` contains the latest known state of the application (empty if the application is started from the first time. + +With the `db`, the `start` command creates a new instance of the application using an `appCreator` function: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server/start.go#L1007 +``` + +Note that an `appCreator` is a function that fulfills the `AppCreator` signature: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server/types/app.go#L69 +``` + +In practice, the [constructor of the application](../beginner/00-app-anatomy.md#constructor-function) is passed as the `appCreator`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L294-L308 +``` + +Then, the instance of `app` is used to instantiate a new CometBFT node: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server/start.go#L361-L400 +``` + +The CometBFT node can be created with `app` because the latter satisfies the [`abci.Application` interface](https://github.com/cometbft/cometbft/blob/v0.37.0/abci/types/application.go#L9-L35) (given that `app` extends [`baseapp`](./00-baseapp.md)). As part of the `node.New` method, CometBFT makes sure that the height of the application (i.e. number of blocks since genesis) is equal to the height of the CometBFT node. The difference between these two heights should always be negative or null. If it is strictly negative, `node.New` will replay blocks until the height of the application reaches the height of the CometBFT node. Finally, if the height of the application is `0`, the CometBFT node will call [`InitChain`](./00-baseapp.md#initchain) on the application to initialize the state from the genesis file. + +Once the CometBFT node is instantiated and in sync with the application, the node can be started: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server/start.go#L373-L374 +``` + +Upon starting, the node will bootstrap its RPC and P2P server and start dialing peers. During handshake with its peers, if the node realizes they are ahead, it will query all the blocks sequentially in order to catch up. Then, it will wait for new block proposals and block signatures from validators in order to make progress. + +## Other commands + +To discover how to concretely run a node and interact with it, please refer to our [Running a Node, API and CLI](../../user/run-node/01-run-node.md) guide. diff --git a/copy-of-sdk-docs/learn/advanced/04-store.md b/copy-of-sdk-docs/learn/advanced/04-store.md new file mode 100644 index 00000000..860bb3d0 --- /dev/null +++ b/copy-of-sdk-docs/learn/advanced/04-store.md @@ -0,0 +1,288 @@ +--- +sidebar_position: 1 +--- + +# Store + +:::note Synopsis +A store is a data structure that holds the state of the application. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK application](../beginner/00-app-anatomy.md) + +::: + +## Introduction to Cosmos SDK Stores + +The Cosmos SDK comes with a large set of stores to persist the state of applications. By default, the main store of Cosmos SDK applications is a `multistore`, i.e. a store of stores. Developers can add any number of key-value stores to the multistore, depending on their application needs. The multistore exists to support the modularity of the Cosmos SDK, as it lets each module declare and manage their own subset of the state. Key-value stores in the multistore can only be accessed with a specific capability `key`, which is typically held in the [`keeper`](../../build/building-modules/06-keeper.md) of the module that declared the store. + +```text ++-----------------------------------------------------+ +| | +| +--------------------------------------------+ | +| | | | +| | KVStore 1 - Manage by keeper of Module 1 | +| | | | +| +--------------------------------------------+ | +| | +| +--------------------------------------------+ | +| | | | +| | KVStore 2 - Manage by keeper of Module 2 | | +| | | | +| +--------------------------------------------+ | +| | +| +--------------------------------------------+ | +| | | | +| | KVStore 3 - Manage by keeper of Module 2 | | +| | | | +| +--------------------------------------------+ | +| | +| +--------------------------------------------+ | +| | | | +| | KVStore 4 - Manage by keeper of Module 3 | | +| | | | +| +--------------------------------------------+ | +| | +| +--------------------------------------------+ | +| | | | +| | KVStore 5 - Manage by keeper of Module 4 | | +| | | | +| +--------------------------------------------+ | +| | +| Main Multistore | +| | ++-----------------------------------------------------+ + + Application's State +``` + +### Store Interface + +At its very core, a Cosmos SDK `store` is an object that holds a `CacheWrapper` and has a `GetStoreType()` method: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L17-L20 +``` + +The `GetStoreType` is a simple method that returns the type of store, whereas a `CacheWrapper` is a simple interface that implements store read caching and write branching through `Write` method: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L285-L317 +``` + +Branching and cache is used ubiquitously in the Cosmos SDK and required to be implemented on every store type. A storage branch creates an isolated, ephemeral branch of a store that can be passed around and updated without affecting the main underlying store. This is used to trigger temporary state-transitions that may be reverted later should an error occur. Read more about it in [context](./02-context.md#Store-branching) + +### Commit Store + +A commit store is a store that has the ability to commit changes made to the underlying tree or db. The Cosmos SDK differentiates simple stores from commit stores by extending the basic store interfaces with a `Committer`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L34-L38 +``` + +The `Committer` is an interface that defines methods to persist changes to disk: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L22-L32 +``` + +The `CommitID` is a deterministic commit of the state tree. Its hash is returned to the underlying consensus engine and stored in the block header. Note that commit store interfaces exist for various purposes, one of which is to make sure not every object can commit the store. As part of the [object-capabilities model](./10-ocap.md) of the Cosmos SDK, only `baseapp` should have the ability to commit stores. For example, this is the reason why the `ctx.KVStore()` method by which modules typically access stores returns a `KVStore` and not a `CommitKVStore`. + +The Cosmos SDK comes with many types of stores, the most used being [`CommitMultiStore`](#multistore), [`KVStore`](#kvstore) and [`GasKv` store](#gaskv-store). [Other types of stores](#other-stores) include `Transient` and `TraceKV` stores. + +## Multistore + +### Multistore Interface + +Each Cosmos SDK application holds a multistore at its root to persist its state. The multistore is a store of `KVStores` that follows the `Multistore` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L115-L147 +``` + +If tracing is enabled, then branching the multistore will firstly wrap all the underlying `KVStore` in [`TraceKv.Store`](#tracekv-store). + +### CommitMultiStore + +The main type of `Multistore` used in the Cosmos SDK is `CommitMultiStore`, which is an extension of the `Multistore` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L155-L225 +``` + +As for concrete implementation, the [`rootMulti.Store`] is the go-to implementation of the `CommitMultiStore` interface. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/rootmulti/store.go#L56-L82 +``` + +The `rootMulti.Store` is a base-layer multistore built around a `db` on top of which multiple `KVStores` can be mounted, and is the default multistore store used in [`baseapp`](./00-baseapp.md). + +### CacheMultiStore + +Whenever the `rootMulti.Store` needs to be branched, a [`cachemulti.Store`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/cachemulti/store.go) is used. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/cachemulti/store.go#L20-L34 +``` + +`cachemulti.Store` branches all substores (creates a virtual store for each substore) in its constructor and hold them in `Store.stores`. Moreover caches all read queries. `Store.GetKVStore()` returns the store from `Store.stores`, and `Store.Write()` recursively calls `CacheWrap.Write()` on all the substores. + +## Base-layer KVStores + +### `KVStore` and `CommitKVStore` Interfaces + +A `KVStore` is a simple key-value store used to store and retrieve data. A `CommitKVStore` is a `KVStore` that also implements a `Committer`. By default, stores mounted in `baseapp`'s main `CommitMultiStore` are `CommitKVStore`s. The `KVStore` interface is primarily used to restrict modules from accessing the committer. + +Individual `KVStore`s are used by modules to manage a subset of the global state. `KVStores` can be accessed by objects that hold a specific key. This `key` should only be exposed to the [`keeper`](../../build/building-modules/06-keeper.md) of the module that defines the store. + +`CommitKVStore`s are declared by proxy of their respective `key` and mounted on the application's [multistore](#multistore) in the [main application file](../beginner/00-app-anatomy.md#core-application-file). In the same file, the `key` is also passed to the module's `keeper` that is responsible for managing the store. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L227-L264 +``` + +Apart from the traditional `Get` and `Set` methods, that a `KVStore` must implement via the `BasicKVStore` interface; a `KVStore` must provide an `Iterator(start, end)` method which returns an `Iterator` object. It is used to iterate over a range of keys, typically keys that share a common prefix. Below is an example from the bank's module keeper, used to iterate over all account balances: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/bank/keeper/view.go#L121-L137 +``` + +### `IAVL` Store + +The default implementation of `KVStore` and `CommitKVStore` used in `baseapp` is the `iavl.Store`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/iavl/store.go#L36-L41 +``` + +`iavl` stores are based around an [IAVL Tree](https://github.com/cosmos/iavl), a self-balancing binary tree which guarantees that: + +* `Get` and `Set` operations are O(log n), where n is the number of elements in the tree. +* Iteration efficiently returns the sorted elements within the range. +* Each tree version is immutable and can be retrieved even after a commit (depending on the pruning settings). + +The documentation on the IAVL Tree is located [here](https://github.com/cosmos/iavl/blob/master/docs/overview.md). + +### `DbAdapter` Store + +`dbadapter.Store` is an adapter for `dbm.DB` making it fulfilling the `KVStore` interface. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/dbadapter/store.go#L13-L16 +``` + +`dbadapter.Store` embeds `dbm.DB`, meaning most of the `KVStore` interface functions are implemented. The other functions (mostly miscellaneous) are manually implemented. This store is primarily used within [Transient Stores](#transient-store) + +### `Transient` Store + +`Transient.Store` is a base-layer `KVStore` which is automatically discarded at the end of the block. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/transient/store.go#L16-L19 +``` + +`Transient.Store` is a `dbadapter.Store` with a `dbm.NewMemDB()`. All `KVStore` methods are reused. When `Store.Commit()` is called, a new `dbadapter.Store` is assigned, discarding previous reference and making it garbage collected. + +This type of store is useful to persist information that is only relevant per-block. One example would be to store parameter changes (i.e. a bool set to `true` if a parameter changed in a block). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/params/types/subspace.go#L22-L32 +``` + +Transient stores are typically accessed via the [`context`](./02-context.md) via the `TransientStore()` method: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/context.go#L347-L350 +``` + +## KVStore Wrappers + +### CacheKVStore + +`cachekv.Store` is a wrapper `KVStore` which provides buffered writing / cached reading functionalities over the underlying `KVStore`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/cachekv/store.go#L26-L36 +``` + +This is the type used whenever an IAVL Store needs to be branched to create an isolated store (typically when we need to mutate a state that might be reverted later). + +#### `Get` + +`Store.Get()` firstly checks if `Store.cache` has an associated value with the key. If the value exists, the function returns it. If not, the function calls `Store.parent.Get()`, caches the result in `Store.cache`, and returns it. + +#### `Set` + +`Store.Set()` sets the key-value pair to the `Store.cache`. `cValue` has the field dirty bool which indicates whether the cached value is different from the underlying value. When `Store.Set()` caches a new pair, the `cValue.dirty` is set `true` so when `Store.Write()` is called it can be written to the underlying store. + +#### `Iterator` + +`Store.Iterator()` has to traverse on both cached items and the original items. In `Store.iterator()`, two iterators are generated for each of them, and merged. `memIterator` is essentially a slice of the `KVPairs`, used for cached items. `mergeIterator` is a combination of two iterators, where traverse happens ordered on both iterators. + +### `GasKv` Store + +Cosmos SDK applications use [`gas`](../beginner/04-gas-fees.md) to track resources usage and prevent spam. [`GasKv.Store`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/gaskv/store.go) is a `KVStore` wrapper that enables automatic gas consumption each time a read or write to the store is made. It is the solution of choice to track storage usage in Cosmos SDK applications. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/gaskv/store.go#L11-L17 +``` + +When methods of the parent `KVStore` are called, `GasKv.Store` automatically consumes appropriate amount of gas depending on the `Store.gasConfig`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/gas.go#L219-L228 +``` + +By default, all `KVStores` are wrapped in `GasKv.Stores` when retrieved. This is done in the `KVStore()` method of the [`context`](./02-context.md): + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/context.go#L342-L345 +``` + +In this case, the gas configuration set in the `context` is used. The gas configuration can be set using the `WithKVGasConfig` method of the `context`. +Otherwise it uses the following default: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/gas.go#L230-L241 +``` + +### `TraceKv` Store + +`tracekv.Store` is a wrapper `KVStore` which provides operation tracing functionalities over the underlying `KVStore`. It is applied automatically by the Cosmos SDK on all `KVStore` if tracing is enabled on the parent `MultiStore`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/tracekv/store.go#L20-L43 +``` + +When each `KVStore` methods are called, `tracekv.Store` automatically logs `traceOperation` to the `Store.writer`. `traceOperation.Metadata` is filled with `Store.context` when it is not nil. `TraceContext` is a `map[string]interface{}`. + +### `Prefix` Store + +`prefix.Store` is a wrapper `KVStore` which provides automatic key-prefixing functionalities over the underlying `KVStore`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/prefix/store.go#L15-L21 +``` + +When `Store.{Get, Set}()` is called, the store forwards the call to its parent, with the key prefixed with the `Store.prefix`. + +When `Store.Iterator()` is called, it does not simply prefix the `Store.prefix`, since it does not work as intended. In that case, some of the elements are traversed even if they are not starting with the prefix. + +### `ListenKv` Store + +`listenkv.Store` is a wrapper `KVStore` which provides state listening capabilities over the underlying `KVStore`. +It is applied automatically by the Cosmos SDK on any `KVStore` whose `StoreKey` is specified during state streaming configuration. +Additional information about state streaming configuration can be found in the [store/streaming/README.md](https://github.com/cosmos/cosmos-sdk/tree/v0.53.0/store/streaming). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/listenkv/store.go#L11-L18 +``` + +When `KVStore.Set` or `KVStore.Delete` methods are called, `listenkv.Store` automatically writes the operations to the set of `Store.listeners`. + +## `BasicKVStore` interface + +An interface providing only the basic CRUD functionality (`Get`, `Set`, `Has`, and `Delete` methods), without iteration or caching. This is used to partially expose components of a larger store. diff --git a/copy-of-sdk-docs/learn/advanced/05-encoding.md b/copy-of-sdk-docs/learn/advanced/05-encoding.md new file mode 100644 index 00000000..3c730741 --- /dev/null +++ b/copy-of-sdk-docs/learn/advanced/05-encoding.md @@ -0,0 +1,285 @@ +--- +sidebar_position: 1 +--- + +# Encoding + +:::note Synopsis +While encoding in the Cosmos SDK used to be mainly handled by `go-amino` codec, the Cosmos SDK is moving towards using `gogoprotobuf` for both state and client-side encoding. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK application](../beginner/00-app-anatomy.md) + +::: + +## Encoding + +The Cosmos SDK utilizes two binary wire encoding protocols, [Amino](https://github.com/tendermint/go-amino/) which is an object encoding specification and [Protocol Buffers](https://developers.google.com/protocol-buffers), a subset of Proto3 with an extension for +interface support. See the [Proto3 spec](https://developers.google.com/protocol-buffers/docs/proto3) +for more information on Proto3, which Amino is largely compatible with (but not with Proto2). + +Due to Amino having significant performance drawbacks, being reflection-based, and +not having any meaningful cross-language/client support, Protocol Buffers, specifically +[gogoprotobuf](https://github.com/cosmos/gogoproto/), is being used in place of Amino. +Note, this process of using Protocol Buffers over Amino is still an ongoing process. + +Binary wire encoding of types in the Cosmos SDK can be broken down into two main +categories, client encoding and store encoding. Client encoding mainly revolves +around transaction processing and signing, whereas store encoding revolves around +types used in state-machine transitions and what is ultimately stored in the Merkle +tree. + +For store encoding, protobuf definitions can exist for any type and will typically +have an Amino-based "intermediary" type. Specifically, the protobuf-based type +definition is used for serialization and persistence, whereas the Amino-based type +is used for business logic in the state-machine where they may convert back-n-forth. +Note, the Amino-based types may slowly be phased-out in the future, so developers +should take note to use the protobuf message definitions where possible. + +In the `codec` package, there exists two core interfaces, `BinaryCodec` and `JSONCodec`, +where the former encapsulates the current Amino interface except it operates on +types implementing the latter instead of generic `interface{}` types. + +The `ProtoCodec`, where both binary and JSON serialization is handled +via Protobuf. This means that modules may use Protobuf encoding, but the types must +implement `ProtoMarshaler`. If modules wish to avoid implementing this interface +for their types, this is autogenerated via [buf](https://buf.build/) + +If modules use [Collections](../../build/packages/02-collections.md), encoding and decoding are handled, marshal and unmarshal should not be handled manually unless for specific cases identified by the developer. + +### Gogoproto + +Modules are encouraged to utilize Protobuf encoding for their respective types. In the Cosmos SDK, we use the [Gogoproto](https://github.com/cosmos/gogoproto) specific implementation of the Protobuf spec that offers speed and DX improvements compared to the official [Google protobuf implementation](https://github.com/protocolbuffers/protobuf). + +### Guidelines for protobuf message definitions + +In addition to [following official Protocol Buffer guidelines](https://developers.google.com/protocol-buffers/docs/proto3#simple), we recommend using these annotations in .proto files when dealing with interfaces: + +* use `cosmos_proto.accepts_interface` to annotate `Any` fields that accept interfaces + * pass the same fully qualified name as `protoName` to `InterfaceRegistry.RegisterInterface` + * example: `(cosmos_proto.accepts_interface) = "cosmos.gov.v1beta1.Content"` (and not just `Content`) +* annotate interface implementations with `cosmos_proto.implements_interface` + * pass the same fully qualified name as `protoName` to `InterfaceRegistry.RegisterInterface` + * example: `(cosmos_proto.implements_interface) = "cosmos.authz.v1beta1.Authorization"` (and not just `Authorization`) + +Code generators can then match the `accepts_interface` and `implements_interface` annotations to know whether some Protobuf messages are allowed to be packed in a given `Any` field or not. + +### Transaction Encoding + +Another important use of Protobuf is the encoding and decoding of +[transactions](./01-transactions.md). Transactions are defined by the application or +the Cosmos SDK but are then passed to the underlying consensus engine to be relayed to +other peers. Since the underlying consensus engine is agnostic to the application, +the consensus engine accepts only transactions in the form of raw bytes. + +* The `TxEncoder` object performs the encoding. +* The `TxDecoder` object performs the decoding. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/types/tx_msg.go#L109-L113 +``` + +A standard implementation of both these objects can be found in the [`auth/tx` module](../../build/modules/auth/2-tx.md): + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/auth/tx/decoder.go +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/auth/tx/encoder.go +``` + +See [ADR-020](https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/docs/architecture/adr-020-protobuf-transaction-encoding.md) for details of how a transaction is encoded. + +### Interface Encoding and Usage of `Any` + +The Protobuf DSL is strongly typed, which can make inserting variable-typed fields difficult. Imagine we want to create a `Profile` protobuf message that serves as a wrapper over [an account](../beginner/03-accounts.md): + +```protobuf +message Profile { + // account is the account associated to a profile. + cosmos.auth.v1beta1.BaseAccount account = 1; + // bio is a short description of the account. + string bio = 4; +} +``` + +In this `Profile` example, we hardcoded `account` as a `BaseAccount`. However, there are several other types of [user accounts related to vesting](../../build/modules/auth/1-vesting.md), such as `BaseVestingAccount` or `ContinuousVestingAccount`. All of these accounts are different, but they all implement the `AccountI` interface. How would you create a `Profile` that allows all these types of accounts with an `account` field that accepts an `AccountI` interface? + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/types/account.go#L15-L32 +``` + +In [ADR-019](https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/docs/architecture/adr-019-protobuf-state-encoding.md), it has been decided to use [`Any`](https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/any.proto)s to encode interfaces in protobuf. An `Any` contains an arbitrary serialized message as bytes, along with a URL that acts as a globally unique identifier for and resolves to that message's type. This strategy allows us to pack arbitrary Go types inside protobuf messages. Our new `Profile` then looks like: + +```protobuf +message Profile { + // account is the account associated to a profile. + google.protobuf.Any account = 1 [ + (cosmos_proto.accepts_interface) = "cosmos.auth.v1beta1.AccountI"; // Asserts that this field only accepts Go types implementing `AccountI`. It is purely informational for now. + ]; + // bio is a short description of the account. + string bio = 4; +} +``` + +To add an account inside a profile, we need to "pack" it inside an `Any` first, using `codectypes.NewAnyWithValue`: + +```go +var myAccount AccountI +myAccount = ... // Can be a BaseAccount, a ContinuousVestingAccount or any struct implementing `AccountI` + +// Pack the account into an Any +accAny, err := codectypes.NewAnyWithValue(myAccount) +if err != nil { + return nil, err +} + +// Create a new Profile with the any. +profile := Profile { + Account: accAny, + Bio: "some bio", +} + +// We can then marshal the profile as usual. +bz, err := cdc.Marshal(profile) +jsonBz, err := cdc.MarshalJSON(profile) +``` + +To summarize, to encode an interface, you must 1/ pack the interface into an `Any` and 2/ marshal the `Any`. For convenience, the Cosmos SDK provides a `MarshalInterface` method to bundle these two steps. Have a look at [a real-life example in the x/auth module](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/auth/keeper/keeper.go#L239-L242). + +The reverse operation of retrieving the concrete Go type from inside an `Any`, called "unpacking", is done with the `GetCachedValue()` on `Any`. + +```go +profileBz := ... // The proto-encoded bytes of a Profile, e.g. retrieved through gRPC. +var myProfile Profile +// Unmarshal the bytes into the myProfile struct. +err := cdc.Unmarshal(profilebz, &myProfile) + +// Let's see the types of the Account field. +fmt.Printf("%T\n", myProfile.Account) // Prints "Any" +fmt.Printf("%T\n", myProfile.Account.GetCachedValue()) // Prints "BaseAccount", "ContinuousVestingAccount" or whatever was initially packed in the Any. + +// Get the address of the account. +accAddr := myProfile.Account.GetCachedValue().(AccountI).GetAddress() +``` + +It is important to note that for `GetCachedValue()` to work, `Profile` (and any other structs embedding `Profile`) must implement the `UnpackInterfaces` method: + +```go +func (p *Profile) UnpackInterfaces(unpacker codectypes.AnyUnpacker) error { + if p.Account != nil { + var account AccountI + return unpacker.UnpackAny(p.Account, &account) + } + + return nil +} +``` + +The `UnpackInterfaces` gets called recursively on all structs implementing this method, to allow all `Any`s to have their `GetCachedValue()` correctly populated. + +For more information about interface encoding, and especially on `UnpackInterfaces` and how the `Any`'s `type_url` gets resolved using the `InterfaceRegistry`, please refer to [ADR-019](https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/docs/architecture/adr-019-protobuf-state-encoding.md). + +#### `Any` Encoding in the Cosmos SDK + +The above `Profile` example is a fictive example used for educational purposes. In the Cosmos SDK, we use `Any` encoding in several places (non-exhaustive list): + +* the `cryptotypes.PubKey` interface for encoding different types of public keys, +* the `sdk.Msg` interface for encoding different `Msg`s in a transaction, +* the `AccountI` interface for encoding different types of accounts (similar to the above example) in the x/auth query responses, +* the `EvidenceI` interface for encoding different types of evidences in the x/evidence module, +* the `AuthorizationI` interface for encoding different types of x/authz authorizations, +* the [`Validator`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/staking/types/staking.pb.go#L340-L375) struct that contains information about a validator. + +A real-life example of encoding the pubkey as `Any` inside the Validator struct in x/staking is shown in the following example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/staking/types/validator.go#L43-L66 +``` + +#### `Any`'s TypeURL + +When packing a protobuf message inside an `Any`, the message's type is uniquely defined by its type URL, which is the message's fully qualified name prefixed by a `/` (slash) character. In some implementations of `Any`, like the gogoproto one, there's generally [a resolvable prefix, e.g. `type.googleapis.com`](https://github.com/gogo/protobuf/blob/b03c65ea87cdc3521ede29f62fe3ce239267c1bc/protobuf/google/protobuf/any.proto#L87-L91). However, in the Cosmos SDK, we made the decision to not include such prefix, to have shorter type URLs. The Cosmos SDK's own `Any` implementation can be found in `github.com/cosmos/cosmos-sdk/codec/types`. + +The Cosmos SDK is also switching away from gogoproto to the official `google.golang.org/protobuf` (known as the Protobuf API v2). Its default `Any` implementation also contains the [`type.googleapis.com`](https://github.com/protocolbuffers/protobuf-go/blob/v1.28.1/types/known/anypb/any.pb.go#L266) prefix. To maintain compatibility with the SDK, the following methods from `"google.golang.org/protobuf/types/known/anypb"` should not be used: + +* `anypb.New` +* `anypb.MarshalFrom` +* `anypb.Any#MarshalFrom` + +Instead, the Cosmos SDK provides helper functions in `"github.com/cosmos/cosmos-proto/anyutil"`, which create an official `anypb.Any` without inserting the prefixes: + +* `anyutil.New` +* `anyutil.MarshalFrom` + +For example, to pack a `sdk.Msg` called `internalMsg`, use: + +```diff +import ( +- "google.golang.org/protobuf/types/known/anypb" ++ "github.com/cosmos/cosmos-proto/anyutil" +) + +- anyMsg, err := anypb.New(internalMsg.Message().Interface()) ++ anyMsg, err := anyutil.New(internalMsg.Message().Interface()) + +- fmt.Println(anyMsg.TypeURL) // type.googleapis.com/cosmos.bank.v1beta1.MsgSend ++ fmt.Println(anyMsg.TypeURL) // /cosmos.bank.v1beta1.MsgSend +``` + +## FAQ + +### How to create modules using protobuf encoding + +#### Defining module types + +Protobuf types can be defined to encode: + +* state +* [`Msg`s](../../build/building-modules/02-messages-and-queries.md#messages) +* [Query services](../../build/building-modules/04-query-services.md) +* [genesis](../../build/building-modules/08-genesis.md) + +#### Naming and conventions + +We encourage developers to follow industry guidelines: [Protocol Buffers style guide](https://developers.google.com/protocol-buffers/docs/style) +and [Buf](https://buf.build/docs/style-guide), see more details in [ADR 023](https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/docs/architecture/adr-023-protobuf-naming.md) + +### How to update modules to protobuf encoding + +If modules do not contain any interfaces (e.g. `Account` or `Content`), then they +may simply migrate any existing types that +are encoded and persisted via their concrete Amino codec to Protobuf (see 1. for further guidelines) and accept a `Marshaler` as the codec which is implemented via the `ProtoCodec` +without any further customization. + +However, if a module type composes an interface, it must wrap it in the `sdk.Any` (from `/types` package) type. To do that, a module-level .proto file must use [`google.protobuf.Any`](https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/any.proto) for respective message type interface types. + +For example, in the `x/evidence` module defines an `Evidence` interface, which is used by the `MsgSubmitEvidence`. The structure definition must use `sdk.Any` to wrap the evidence file. In the proto file we define it as follows: + +```protobuf +// proto/cosmos/evidence/v1beta1/tx.proto + +message MsgSubmitEvidence { + string submitter = 1; + google.protobuf.Any evidence = 2 [(cosmos_proto.accepts_interface) = "cosmos.evidence.v1beta1.Evidence"]; +} +``` + +The Cosmos SDK `codec.Codec` interface provides support methods `MarshalInterface` and `UnmarshalInterface` for easy encoding of state to `Any`. + +Module should register interfaces using `InterfaceRegistry` which provides a mechanism for registering interfaces: `RegisterInterface(protoName string, iface interface{}, impls ...proto.Message)` and implementations: `RegisterImplementations(iface interface{}, impls ...proto.Message)` that can be safely unpacked from Any, similarly to type registration with Amino: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/codec/types/interface_registry.go#L40-L87 +``` + +In addition, an `UnpackInterfaces` phase should be introduced to deserialization to unpack interfaces before they're needed. Protobuf types that contain a protobuf `Any` either directly or via one of their members should implement the `UnpackInterfacesMessage` interface: + +```go +type UnpackInterfacesMessage interface { + UnpackInterfaces(InterfaceUnpacker) error +} +``` diff --git a/copy-of-sdk-docs/learn/advanced/06-grpc_rest.md b/copy-of-sdk-docs/learn/advanced/06-grpc_rest.md new file mode 100644 index 00000000..d3ab827a --- /dev/null +++ b/copy-of-sdk-docs/learn/advanced/06-grpc_rest.md @@ -0,0 +1,105 @@ +--- +sidebar_position: 1 +--- + +# gRPC, REST, and CometBFT Endpoints + +:::note Synopsis +This document presents an overview of all the endpoints a node exposes: gRPC, REST as well as some other endpoints. +::: + +## An Overview of All Endpoints + +Each node exposes the following endpoints for users to interact with a node, each endpoint is served on a different port. Details on how to configure each endpoint is provided in the endpoint's own section. + +* the gRPC server (default port: `9090`), +* the REST server (default port: `1317`), +* the CometBFT RPC endpoint (default port: `26657`). + +:::tip +The node also exposes some other endpoints, such as the CometBFT P2P endpoint, or the [Prometheus endpoint](https://docs.cometbft.com/v0.37/core/metrics), which are not directly related to the Cosmos SDK. Please refer to the [CometBFT documentation](https://docs.cometbft.com/v0.37/core/configuration) for more information about these endpoints. +::: + +:::note +All endpoints are defaulted to localhost and must be modified to be exposed to the public internet. +::: + +## gRPC Server + +In the Cosmos SDK, Protobuf is the main [encoding](./05-encoding.md) library. This brings a wide range of Protobuf-based tools that can be plugged into the Cosmos SDK. One such tool is [gRPC](https://grpc.io), a modern open-source high performance RPC framework that has decent client support in several languages. + +Each module exposes a [Protobuf `Query` service](../../build/building-modules/02-messages-and-queries.md#queries) that defines state queries. The `Query` services and a transaction service used to broadcast transactions are hooked up to the gRPC server via the following function inside the application: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/server/types/app.go#L46-L48 +``` + +Note: It is not possible to expose any [Protobuf `Msg` service](../../build/building-modules/02-messages-and-queries.md#messages) endpoints via gRPC. Transactions must be generated and signed using the CLI or programmatically before they can be broadcasted using gRPC. See [Generating, Signing, and Broadcasting Transactions](../../user/run-node/03-txs.md) for more information. + +The `grpc.Server` is a concrete gRPC server, which spawns and serves all gRPC query requests and a broadcast transaction request. This server can be configured inside `~/.simapp/config/app.toml`: + +* `grpc.enable = true|false` field defines if the gRPC server should be enabled. Defaults to `true`. +* `grpc.address = {string}` field defines the `ip:port` the server should bind to. Defaults to `localhost:9090`. + +:::tip +`~/.simapp` is the directory where the node's configuration and databases are stored. By default, it's set to `~/.{app_name}`. +::: + +Once the gRPC server is started, you can send requests to it using a gRPC client. Some examples are given in our [Interact with the Node](../../user/run-node/02-interact-node.md#using-grpc) tutorial. + +An overview of all available gRPC endpoints shipped with the Cosmos SDK is [Protobuf documentation](https://buf.build/cosmos/cosmos-sdk). + +## REST Server + +Cosmos SDK supports REST routes via gRPC-gateway. + +All routes are configured under the following fields in `~/.simapp/config/app.toml`: + +* `api.enable = true|false` field defines if the REST server should be enabled. Defaults to `false`. +* `api.address = {string}` field defines the `ip:port` the server should bind to. Defaults to `tcp://localhost:1317`. +* some additional API configuration options are defined in `~/.simapp/config/app.toml`, along with comments, please refer to that file directly. + +### gRPC-gateway REST Routes + +If, for various reasons, you cannot use gRPC (for example, you are building a web application, and browsers don't support HTTP2 on which gRPC is built), then the Cosmos SDK offers REST routes via gRPC-gateway. + +[gRPC-gateway](https://grpc-ecosystem.github.io/grpc-gateway/) is a tool to expose gRPC endpoints as REST endpoints. For each gRPC endpoint defined in a Protobuf `Query` service, the Cosmos SDK offers a REST equivalent. For instance, querying a balance could be done via the `/cosmos.bank.v1beta1.QueryAllBalances` gRPC endpoint, or alternatively via the gRPC-gateway `"/cosmos/bank/v1beta1/balances/{address}"` REST endpoint: both will return the same result. For each RPC method defined in a Protobuf `Query` service, the corresponding REST endpoint is defined as an option: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/proto/cosmos/bank/v1beta1/query.proto#L23-L30 +``` + +For application developers, gRPC-gateway REST routes needs to be wired up to the REST server, this is done by calling the `RegisterGRPCGatewayRoutes` function on the ModuleManager. + +### Swagger + +A [Swagger](https://swagger.io/) (or OpenAPIv2) specification file is exposed under the `/swagger` route on the API server. Swagger is an open specification describing the API endpoints a server serves, including description, input arguments, return types and much more about each endpoint. + +Enabling the `/swagger` endpoint is configurable inside `~/.simapp/config/app.toml` via the `api.swagger` field, which is set to false by default. + +For application developers, you may want to generate your own Swagger definitions based on your custom modules. +The Cosmos SDK's [Swagger generation script](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/scripts/protoc-swagger-gen.sh) is a good place to start. + +## CometBFT RPC + +Independently from the Cosmos SDK, CometBFT also exposes a RPC server. This RPC server can be configured by tuning parameters under the `rpc` table in the `~/.simapp/config/config.toml`, the default listening address is `tcp://localhost:26657`. An OpenAPI specification of all CometBFT RPC endpoints is available [here](https://docs.cometbft.com/main/rpc/). + +Some CometBFT RPC endpoints are directly related to the Cosmos SDK: + +* `/abci_query`: this endpoint will query the application for state. As the `path` parameter, you can send the following strings: + * any Protobuf fully-qualified service method, such as `/cosmos.bank.v1beta1.Query/AllBalances`. The `data` field should then include the method's request parameter(s) encoded as bytes using Protobuf. + * `/app/simulate`: this will simulate a transaction, and return some information such as gas used. + * `/app/version`: this will return the application's version. + * `/store/{storeName}/key`: this will directly query the named store for data associated with the key represented in the `data` parameter. + * `/store/{storeName}/subspace`: this will directly query the named store for key/value pairs in which the key has the value of the `data` parameter as a prefix. + * `/p2p/filter/addr/{port}`: this will return a filtered list of the node's P2P peers by address port. + * `/p2p/filter/id/{id}`: this will return a filtered list of the node's P2P peers by ID. +* `/broadcast_tx_{sync,async,commit}`: these 3 endpoints will broadcast a transaction to other peers. CLI, gRPC and REST expose [a way to broadcast transactions](./01-transactions.md#broadcasting-the-transaction), but they all use these 3 CometBFT RPCs under the hood. + +## Comparison Table + +| Name | Advantages | Disadvantages | +| -------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------- | +| gRPC | - can use code-generated stubs in various languages
- supports streaming and bidirectional communication (HTTP2)
- small wire binary sizes, faster transmission | - based on HTTP2, not available in browsers
- learning curve (mostly due to Protobuf) | +| REST | - ubiquitous
- client libraries in all languages, faster implementation
| - only supports unary request-response communication (HTTP1.1)
- bigger over-the-wire message sizes (JSON) | +| CometBFT RPC | - easy to use | - bigger over-the-wire message sizes (JSON) | diff --git a/copy-of-sdk-docs/learn/advanced/07-cli.md b/copy-of-sdk-docs/learn/advanced/07-cli.md new file mode 100644 index 00000000..cd9e34de --- /dev/null +++ b/copy-of-sdk-docs/learn/advanced/07-cli.md @@ -0,0 +1,211 @@ +--- +sidebar_position: 1 +--- + +# Command-Line Interface + +:::note Synopsis +This document describes how command-line interface (CLI) works on a high-level, for an [**application**](../beginner/00-app-anatomy.md). A separate document for implementing a CLI for a Cosmos SDK [**module**](../../build/building-modules/00-intro.md) can be found [here](../../build/building-modules/09-module-interfaces.md#cli). +::: + +## Command-Line Interface + +### Example Command + +There is no set way to create a CLI, but Cosmos SDK modules typically use the [Cobra Library](https://github.com/spf13/cobra). Building a CLI with Cobra entails defining commands, arguments, and flags. [**Commands**](#root-command) understand the actions users wish to take, such as `tx` for creating a transaction and `query` for querying the application. Each command can also have nested subcommands, necessary for naming the specific transaction type. Users also supply **Arguments**, such as account numbers to send coins to, and [**Flags**](#flags) to modify various aspects of the commands, such as gas prices or which node to broadcast to. + +Here is an example of a command a user might enter to interact with the simapp CLI `simd` in order to send some tokens: + +```bash +simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake --gas auto --gas-prices +``` + +The first four strings specify the command: + +* The root command for the entire application `simd`. +* The subcommand `tx`, which contains all commands that let users create transactions. +* The subcommand `bank` to indicate which module to route the command to ([`x/bank`](../../build/modules/bank/README.md) module in this case). +* The type of transaction `send`. + +The next two strings are arguments: the `from_address` the user wishes to send from, the `to_address` of the recipient, and the `amount` they want to send. Finally, the last few strings of the command are optional flags to indicate how much the user is willing to pay in fees (calculated using the amount of gas used to execute the transaction and the gas prices provided by the user). + +The CLI interacts with a [node](./03-node.md) to handle this command. The interface itself is defined in a `main.go` file. + +### Building the CLI + +The `main.go` file needs to have a `main()` function that creates a root command, to which all the application commands will be added as subcommands. The root command additionally handles: + +* **setting configurations** by reading in configuration files (e.g. the Cosmos SDK config file). +* **adding any flags** to it, such as `--chain-id`. +* **instantiating the `codec`** by injecting the application codecs. The [`codec`](./05-encoding.md) is used to encode and decode data structures for the application - stores can only persist `[]byte`s so the developer must define a serialization format for their data structures or use the default, Protobuf. +* **adding subcommand** for all the possible user interactions, including [transaction commands](#transaction-commands) and [query commands](#query-commands). + +The `main()` function finally creates an executor and [execute](https://pkg.go.dev/github.com/spf13/cobra#Command.Execute) the root command. See an example of `main()` function from the `simapp` application: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/main.go#L14-L24 +``` + +The rest of the document will detail what needs to be implemented for each step and include smaller portions of code from the `simapp` CLI files. + +## Adding Commands to the CLI + +Every application CLI first constructs a root command, then adds functionality by aggregating subcommands (often with further nested subcommands) using `rootCmd.AddCommand()`. The bulk of an application's unique capabilities lies in its transaction and query commands, called `TxCmd` and `QueryCmd` respectively. + +### Root Command + +The root command (called `rootCmd`) is what the user first types into the command line to indicate which application they wish to interact with. The string used to invoke the command (the "Use" field) is typically the name of the application suffixed with `-d`, e.g. `simd` or `gaiad`. The root command typically includes the following commands to support basic functionality in the application. + +* **Status** command from the Cosmos SDK rpc client tools, which prints information about the status of the connected [`Node`](./03-node.md). The Status of a node includes `NodeInfo`,`SyncInfo` and `ValidatorInfo`. +* **Keys** [commands](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/keys) from the Cosmos SDK client tools, which includes a collection of subcommands for using the key functions in the Cosmos SDK crypto tools, including adding a new key and saving it to the keyring, listing all public keys stored in the keyring, and deleting a key. For example, users can type `simd keys add ` to add a new key and save an encrypted copy to the keyring, using the flag `--recover` to recover a private key from a seed phrase or the flag `--multisig` to group multiple keys together to create a multisig key. For full details on the `add` key command, see the code [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/keys/add.go). For more details about usage of `--keyring-backend` for storage of key credentials look at the [keyring docs](../../user/run-node/00-keyring.md). +* **Server** commands from the Cosmos SDK server package. These commands are responsible for providing the mechanisms necessary to start an ABCI CometBFT application and provides the CLI framework (based on [cobra](https://github.com/spf13/cobra)) necessary to fully bootstrap an application. The package exposes two core functions: `StartCmd` and `ExportCmd` which creates commands to start the application and export state respectively. +Learn more [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server). +* [**Transaction**](#transaction-commands) commands. +* [**Query**](#query-commands) commands. + +Next is an example `rootCmd` function from the `simapp` application. It instantiates the root command, adds a [*persistent* flag](#flags) and `PreRun` function to be run before every execution, and adds all of the necessary subcommands. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L47-L130 +``` + +:::tip +Use the `EnhanceRootCommand()` from the AutoCLI options to automatically add auto-generated commands from the modules to the root command. +Additionally it adds all manually defined modules commands (`tx` and `query`) as well. +Read more about [AutoCLI](https://docs.cosmos.network/main/core/autocli) in its dedicated section. +::: + +`rootCmd` has a function called `initAppConfig()` which is useful for setting the application's custom configs. +By default app uses CometBFT app config template from Cosmos SDK, which can be over-written via `initAppConfig()`. +Here's an example code to override default `app.toml` template. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L144-L199 +``` + +The `initAppConfig()` also allows overriding the default Cosmos SDK's [server config](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server/config/config.go#L231). One example is the `min-gas-prices` config, which defines the minimum gas prices a validator is willing to accept for processing a transaction. By default, the Cosmos SDK sets this parameter to `""` (empty string), which forces all validators to tweak their own `app.toml` and set a non-empty value, or else the node will halt on startup. This might not be the best UX for validators, so the chain developer can set a default `app.toml` value for validators inside this `initAppConfig()` function. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L164-L180 +``` + +The root-level `status` and `keys` subcommands are common across most applications and do not interact with application state. The bulk of an application's functionality - what users can actually *do* with it - is enabled by its `tx` and `query` commands. + +### Transaction Commands + +[Transactions](./01-transactions.md) are objects wrapping [`Msg`s](../../build/building-modules/02-messages-and-queries.md#messages) that trigger state changes. To enable the creation of transactions using the CLI interface, a function `txCommand` is generally added to the `rootCmd`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L222-L229 +``` + +This `txCommand` function adds all the transaction available to end-users for the application. This typically includes: + +* **Sign command** from the [`auth`](../../build/modules/auth/README.md) module that signs messages in a transaction. To enable multisig, add the `auth` module's `MultiSign` command. Since every transaction requires some sort of signature in order to be valid, the signing command is necessary for every application. +* **Broadcast command** from the Cosmos SDK client tools, to broadcast transactions. +* **All [module transaction commands](../../build/building-modules/09-module-interfaces.md#transaction-commands)** the application is dependent on, retrieved by using the [basic module manager's](../../build/building-modules/01-module-manager.md#basic-manager) `AddTxCommands()` function, or enhanced by [AutoCLI](https://docs.cosmos.network/main/core/autocli). + +Here is an example of a `txCommand` aggregating these subcommands from the `simapp` application: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L270-L292 +``` + +:::tip +When using AutoCLI to generate module transaction commands, `EnhanceRootCommand()` automatically adds the module `tx` command to the root command. +Read more about [AutoCLI](https://docs.cosmos.network/main/core/autocli) in its dedicated section. +::: + +### Query Commands + +[**Queries**](../../build/building-modules/02-messages-and-queries.md#queries) are objects that allow users to retrieve information about the application's state. To enable the creation of queries using the CLI interface, a function `queryCommand` is generally added to the `rootCmd`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L222-L229 +``` + +This `queryCommand` function adds all the queries available to end-users for the application. This typically includes: + +* **QueryTx** and/or other transaction query commands from the `auth` module which allow the user to search for a transaction by inputting its hash, a list of tags, or a block height. These queries allow users to see if transactions have been included in a block. +* **Account command** from the `auth` module, which displays the state (e.g. account balance) of an account given an address. +* **Validator command** from the Cosmos SDK rpc client tools, which displays the validator set of a given height. +* **Block command** from the Cosmos SDK RPC client tools, which displays the block data for a given height. +* **All [module query commands](../../build/building-modules/09-module-interfaces.md#query-commands)** the application is dependent on, retrieved by using the [basic module manager's](../../build/building-modules/01-module-manager.md#basic-manager) `AddQueryCommands()` function, or enhanced by [AutoCLI](https://docs.cosmos.network/main/core/autocli). + +Here is an example of a `queryCommand` aggregating subcommands from the `simapp` application: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L249-L268 +``` + +:::tip +When using AutoCLI to generate module query commands, `EnhanceRootCommand()` automatically adds the module `query` command to the root command. +Read more about [AutoCLI](https://docs.cosmos.network/main/core/autocli) in its dedicated section. +::: + +## Flags + +Flags are used to modify commands; developers can include them in a `flags.go` file with their CLI. Users can explicitly include them in commands or pre-configure them by inside their [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml). Commonly pre-configured flags include the `--node` to connect to and `--chain-id` of the blockchain the user wishes to interact with. + +A *persistent* flag (as opposed to a *local* flag) added to a command transcends all of its children: subcommands will inherit the configured values for these flags. Additionally, all flags have default values when they are added to commands; some toggle an option off but others are empty values that the user needs to override to create valid commands. A flag can be explicitly marked as *required* so that an error is automatically thrown if the user does not provide a value, but it is also acceptable to handle unexpected missing flags differently. + +Flags are added to commands directly (generally in the [module's CLI file](../../build/building-modules/09-module-interfaces.md#flags) where module commands are defined) and no flag except for the `rootCmd` persistent flags has to be added at application level. It is common to add a *persistent* flag for `--chain-id`, the unique identifier of the blockchain the application pertains to, to the root command. Adding this flag can be done in the `main()` function. Adding this flag makes sense as the chain ID should not be changing across commands in this application CLI. + +## Environment variables + +Each flag is bound to its respective named environment variable. The name of the environment variable consist of two parts - capital case `basename` followed by flag name of the flag. `-` must be substituted with `_`. For example flag `--node` for application with basename `GAIA` is bound to `GAIA_NODE`. It allows reducing the amount of flags typed for routine operations. For example instead of: + +```shell +gaia --home=./ --node= --chain-id="testchain-1" --keyring-backend=test tx ... --from= +``` + +this will be more convenient: + +```shell +# define env variables in .env, .envrc etc +GAIA_HOME= +GAIA_NODE= +GAIA_CHAIN_ID="testchain-1" +GAIA_KEYRING_BACKEND="test" + +# and later just use +gaia tx ... --from= +``` + +## Configurations + +It is vital that the root command of an application uses `PersistentPreRun()` cobra command property for executing the command, so all child commands have access to the server and client contexts. These contexts are set as their default values initially and may be modified, scoped to the command, in their respective `PersistentPreRun()` functions. Note that the `client.Context` is typically pre-populated with "default" values that may be useful for all commands to inherit and override if necessary. + +Here is an example of an `PersistentPreRun()` function from `simapp`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L81-L120 +``` + +The `SetCmdClientContextHandler` call reads persistent flags via `ReadPersistentCommandFlags` which creates a `client.Context` and sets that on the root command's `Context`. + +The `InterceptConfigsPreRunHandler` call creates a viper literal, default `server.Context`, and a logger and sets that on the root command's `Context`. The `server.Context` will be modified and saved to disk. The internal `interceptConfigs` call reads or creates a CometBFT configuration based on the home path provided. In addition, `interceptConfigs` also reads and loads the application configuration, `app.toml`, and binds that to the `server.Context` viper literal. This is vital so the application can get access to not only the CLI flags, but also to the application configuration values provided by this file. + +:::tip +When willing to configure which logger is used, do not use `InterceptConfigsPreRunHandler`, which sets the default SDK logger, but instead use `InterceptConfigsAndCreateContext` and set the server context and the logger manually: + +```diff +-return server.InterceptConfigsPreRunHandler(cmd, customAppTemplate, customAppConfig, customCMTConfig) + ++serverCtx, err := server.InterceptConfigsAndCreateContext(cmd, customAppTemplate, customAppConfig, customCMTConfig) ++if err != nil { ++ return err ++} + ++// overwrite default server logger ++logger, err := server.CreateSDKLogger(serverCtx, cmd.OutOrStdout()) ++if err != nil { ++ return err ++} ++serverCtx.Logger = logger.With(log.ModuleKey, "server") + ++// set server context ++return server.SetCmdServerContext(cmd, serverCtx) +``` + +::: diff --git a/copy-of-sdk-docs/learn/advanced/08-events.md b/copy-of-sdk-docs/learn/advanced/08-events.md new file mode 100644 index 00000000..52d02641 --- /dev/null +++ b/copy-of-sdk-docs/learn/advanced/08-events.md @@ -0,0 +1,159 @@ +--- +sidebar_position: 1 +--- +# Events + +:::note Synopsis +`Event`s are objects that contain information about the execution of the application. They are mainly used by service providers like block explorers and wallet to track the execution of various messages and index transactions. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK application](../beginner/00-app-anatomy.md) +* [CometBFT Documentation on Events](https://docs.cometbft.com/v0.37/spec/abci/abci++_basic_concepts#events) + +::: + +## Events + +Events are implemented in the Cosmos SDK as an alias of the ABCI `Event` type and +take the form of: `{eventType}.{attributeKey}={attributeValue}`. + +```protobuf reference +https://github.com/cometbft/cometbft/blob/v0.37.0/proto/tendermint/abci/types.proto#L334-L343 +``` + +An Event contains: + +* A `type` to categorize the Event at a high-level; for example, the Cosmos SDK uses the `"message"` type to filter Events by `Msg`s. +* A list of `attributes` are key-value pairs that give more information about the categorized Event. For example, for the `"message"` type, we can filter Events by key-value pairs using `message.action={some_action}`, `message.module={some_module}` or `message.sender={some_sender}`. +* A `msg_index` to identify which messages relate to the same transaction + +:::tip +To parse the attribute values as strings, make sure to add `'` (single quotes) around each attribute value. +::: + +_Typed Events_ are Protobuf-defined [messages](../../../architecture/adr-032-typed-events.md) used by the Cosmos SDK +for emitting and querying Events. They are defined in a `event.proto` file, on a **per-module basis** and are read as `proto.Message`. +_Legacy Events_ are defined on a **per-module basis** in the module's `/types/events.go` file. +They are triggered from the module's Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md) +by using the [`EventManager`](#eventmanager). + +In addition, each module documents its events under in the `Events` sections of its specs (x/{moduleName}/`README.md`). + +Lastly, Events are returned to the underlying consensus engine in the response of the following ABCI messages: + +* [`BeginBlock`](./00-baseapp.md#beginblock) +* [`EndBlock`](./00-baseapp.md#endblock) +* [`CheckTx`](./00-baseapp.md#checktx) +* [`Transaction Execution`](./00-baseapp.md#transactionexecution) + +### Examples + +The following examples show how to query Events using the Cosmos SDK. + +| Event | Description | +| ------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `tx.height=23` | Query all transactions at height 23 | +| `message.action='/cosmos.bank.v1beta1.Msg/Send'` | Query all transactions containing a x/bank `Send` [Service `Msg`](../../build/building-modules/03-msg-services.md). Note the `'`s around the value. | +| `message.module='bank'` | Query all transactions containing messages from the x/bank module. Note the `'`s around the value. | +| `create_validator.validator='cosmosval1...'` | x/staking-specific Event, see [x/staking SPEC](../../../../x/staking/README.md). | + +## EventManager + +In Cosmos SDK applications, Events are managed by an abstraction called the `EventManager`. +Internally, the `EventManager` tracks a list of Events for the entire execution flow of `FinalizeBlock` +(i.e. transaction execution, `BeginBlock`, `EndBlock`). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/types/events.go#L18-L25 +``` + +The `EventManager` comes with a set of useful methods to manage Events. The method +that is used most by module and application developers is `EmitTypedEvent` or `EmitEvent` that tracks +an Event in the `EventManager`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/types/events.go#L51-L60 +``` + +Module developers should handle Event emission via the `EventManager#EmitTypedEvent` or `EventManager#EmitEvent` in each message +`Handler` and in each `BeginBlock`/`EndBlock` handler. The `EventManager` is accessed via +the [`Context`](./02-context.md), where Event should be already registered, and emitted like this: + + +**Typed events:** + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/group/keeper/msg_server.go#L95-L97 +``` + +**Legacy events:** + +```go +ctx.EventManager().EmitEvent( + sdk.NewEvent(eventType, sdk.NewAttribute(attributeKey, attributeValue)), +) +``` + +Where the `EventManager` is accessed via the [`Context`](./02-context.md). + +See the [`Msg` services](../../build/building-modules/03-msg-services.md) concept doc for a more detailed +view on how to typically implement Events and use the `EventManager` in modules. + +## Subscribing to Events + +You can use CometBFT's [Websocket](https://docs.cometbft.com/v0.37/core/subscription) to subscribe to Events by calling the `subscribe` RPC method: + +```json +{ + "jsonrpc": "2.0", + "method": "subscribe", + "id": "0", + "params": { + "query": "tm.event='eventCategory' AND eventType.eventAttribute='attributeValue'" + } +} +``` + +The main `eventCategory` you can subscribe to are: + +* `NewBlock`: Contains Events triggered during `BeginBlock` and `EndBlock`. +* `Tx`: Contains Events triggered during `DeliverTx` (i.e. transaction processing). +* `ValidatorSetUpdates`: Contains validator set updates for the block. + +These Events are triggered from the `state` package after a block is committed. You can get the +full list of Event categories [on the CometBFT Go documentation](https://pkg.go.dev/github.com/cometbft/cometbft/types#pkg-constants). + +The `type` and `attribute` value of the `query` allow you to filter the specific Event you are looking for. For example, a `Mint` transaction triggers an Event of type `EventMint` and has an `Id` and an `Owner` as `attributes` (as defined in the [`events.proto` file of the `NFT` module](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/proto/cosmos/nft/v1beta1/event.proto#L21-L31)). + +Subscribing to this Event would be done like so: + +```json +{ + "jsonrpc": "2.0", + "method": "subscribe", + "id": "0", + "params": { + "query": "tm.event='Tx' AND mint.owner='ownerAddress'" + } +} +``` + +where `ownerAddress` is an address following the [`AccAddress`](../beginner/03-accounts.md#addresses) format. + +The same way can be used to subscribe to [legacy events](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/bank/types/events.go). + +## Default Events + +There are a few events that are automatically emitted for all messages, directly from `baseapp`. + +* `message.action`: The name of the message type. +* `message.sender`: The address of the message signer. +* `message.module`: The name of the module that emitted the message. + +:::tip +The module name is assumed by `baseapp` to be the second element of the message route: `"cosmos.bank.v1beta1.MsgSend" -> "bank"`. +In case a module does not follow the standard message path, (e.g. IBC), it is advised to keep emitting the module name event. +`Baseapp` only emits that event if the module have not already done so. +::: diff --git a/copy-of-sdk-docs/learn/advanced/09-telemetry.md b/copy-of-sdk-docs/learn/advanced/09-telemetry.md new file mode 100644 index 00000000..14d1aa7c --- /dev/null +++ b/copy-of-sdk-docs/learn/advanced/09-telemetry.md @@ -0,0 +1,128 @@ +--- +sidebar_position: 1 +--- + +# Telemetry + +:::note Synopsis +Gather relevant insights about your application and modules with custom metrics and telemetry. +::: + +The Cosmos SDK enables operators and developers to gain insight into the performance and behavior of +their application through the use of the `telemetry` package. To enable telemetry, set `telemetry.enabled = true` in the app.toml config file. + +The Cosmos SDK currently supports enabling in-memory and prometheus as telemetry sinks. In-memory sink is always attached (when the telemetry is enabled) with 10 second interval and 1 minute retention. This means that metrics will be aggregated over 10 seconds, and metrics will be kept alive for 1 minute. + +To query active metrics (see retention note above) you have to enable API server (`api.enabled = true` in the app.toml). Single API endpoint is exposed: `http://localhost:1317/metrics?format={text|prometheus}`, the default being `text`. + +## Emitting metrics + +If telemetry is enabled via configuration, a single global metrics collector is registered via the +[go-metrics](https://github.com/hashicorp/go-metrics) library. This allows emitting and collecting +metrics through simple [API](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/telemetry/wrapper.go). Example: + +```go +func EndBlocker(ctx sdk.Context, k keeper.Keeper) { + defer telemetry.ModuleMeasureSince(types.ModuleName, time.Now(), telemetry.MetricKeyEndBlocker) + + // ... +} +``` + +Developers may use the `telemetry` package directly, which provides wrappers around metric APIs +that include adding useful labels, or they must use the `go-metrics` library directly. It is preferable +to add as much context and adequate dimensionality to metrics as possible, so the `telemetry` package +is advised. Regardless of the package or method used, the Cosmos SDK supports the following metrics +types: + +* gauges +* summaries +* counters + +## Labels + +Certain components of modules will have their name automatically added as a label (e.g. `BeginBlock`). +Operators may also supply the application with a global set of labels that will be applied to all +metrics emitted using the `telemetry` package (e.g. chain-id). Global labels are supplied as a list +of [name, value] tuples. + +Example: + +```toml +global-labels = [ + ["chain_id", "chain-OfXo4V"], +] +``` + +## Cardinality + +Cardinality is key, specifically label and key cardinality. Cardinality is how many unique values of +something there are. So there is naturally a tradeoff between granularity and how much stress is put +on the telemetry sink in terms of indexing, scrape, and query performance. + +Developers should take care to support metrics with enough dimensionality and granularity to be +useful, but not increase the cardinality beyond the sink's limits. A general rule of thumb is to not +exceed a cardinality of 10. + +Consider the following examples with enough granularity and adequate cardinality: + +* begin/end blocker time +* tx gas used +* block gas used +* amount of tokens minted +* amount of accounts created + +The following examples expose too much cardinality and may not even prove to be useful: + +* transfers between accounts with amount +* voting/deposit amount from unique addresses + +## Supported Metrics + +| Metric | Description | Unit | Type | +|:--------------------------------|:------------------------------------------------------------------------------------------|:----------------|:--------| +| `tx_count` | Total number of txs processed via `DeliverTx` | tx | counter | +| `tx_successful` | Total number of successful txs processed via `DeliverTx` | tx | counter | +| `tx_failed` | Total number of failed txs processed via `DeliverTx` | tx | counter | +| `tx_gas_used` | The total amount of gas used by a tx | gas | gauge | +| `tx_gas_wanted` | The total amount of gas requested by a tx | gas | gauge | +| `tx_msg_send` | The total amount of tokens sent in a `MsgSend` (per denom) | token | gauge | +| `tx_msg_withdraw_reward` | The total amount of tokens withdrawn in a `MsgWithdrawDelegatorReward` (per denom) | token | gauge | +| `tx_msg_withdraw_commission` | The total amount of tokens withdrawn in a `MsgWithdrawValidatorCommission` (per denom) | token | gauge | +| `tx_msg_delegate` | The total amount of tokens delegated in a `MsgDelegate` | token | gauge | +| `tx_msg_begin_unbonding` | The total amount of tokens undelegated in a `MsgUndelegate` | token | gauge | +| `tx_msg_begin_redelegate` | The total amount of tokens redelegated in a `MsgBeginRedelegate` | token | gauge | +| `tx_msg_ibc_transfer` | The total amount of tokens transferred via IBC in a `MsgTransfer` (source or sink chain) | token | gauge | +| `ibc_transfer_packet_receive` | The total amount of tokens received in a `FungibleTokenPacketData` (source or sink chain) | token | gauge | +| `new_account` | Total number of new accounts created | account | counter | +| `gov_proposal` | Total number of governance proposals | proposal | counter | +| `gov_vote` | Total number of governance votes for a proposal | vote | counter | +| `gov_deposit` | Total number of governance deposits for a proposal | deposit | counter | +| `staking_delegate` | Total number of delegations | delegation | counter | +| `staking_undelegate` | Total number of undelegations | undelegation | counter | +| `staking_redelegate` | Total number of redelegations | redelegation | counter | +| `ibc_transfer_send` | Total number of IBC transfers sent from a chain (source or sink) | transfer | counter | +| `ibc_transfer_receive` | Total number of IBC transfers received to a chain (source or sink) | transfer | counter | +| `ibc_client_create` | Total number of clients created | create | counter | +| `ibc_client_update` | Total number of client updates | update | counter | +| `ibc_client_upgrade` | Total number of client upgrades | upgrade | counter | +| `ibc_client_misbehaviour` | Total number of client misbehaviours | misbehaviour | counter | +| `ibc_connection_open-init` | Total number of connection `OpenInit` handshakes | handshake | counter | +| `ibc_connection_open-try` | Total number of connection `OpenTry` handshakes | handshake | counter | +| `ibc_connection_open-ack` | Total number of connection `OpenAck` handshakes | handshake | counter | +| `ibc_connection_open-confirm` | Total number of connection `OpenConfirm` handshakes | handshake | counter | +| `ibc_channel_open-init` | Total number of channel `OpenInit` handshakes | handshake | counter | +| `ibc_channel_open-try` | Total number of channel `OpenTry` handshakes | handshake | counter | +| `ibc_channel_open-ack` | Total number of channel `OpenAck` handshakes | handshake | counter | +| `ibc_channel_open-confirm` | Total number of channel `OpenConfirm` handshakes | handshake | counter | +| `ibc_channel_close-init` | Total number of channel `CloseInit` handshakes | handshake | counter | +| `ibc_channel_close-confirm` | Total number of channel `CloseConfirm` handshakes | handshake | counter | +| `tx_msg_ibc_recv_packet` | Total number of IBC packets received | packet | counter | +| `tx_msg_ibc_acknowledge_packet` | Total number of IBC packets acknowledged | acknowledgement | counter | +| `ibc_timeout_packet` | Total number of IBC timeout packets | timeout | counter | +| `store_iavl_get` | Duration of an IAVL `Store#Get` call | ms | summary | +| `store_iavl_set` | Duration of an IAVL `Store#Set` call | ms | summary | +| `store_iavl_has` | Duration of an IAVL `Store#Has` call | ms | summary | +| `store_iavl_delete` | Duration of an IAVL `Store#Delete` call | ms | summary | +| `store_iavl_commit` | Duration of an IAVL `Store#Commit` call | ms | summary | +| `store_iavl_query` | Duration of an IAVL `Store#Query` call | ms | summary | diff --git a/copy-of-sdk-docs/learn/advanced/10-ocap.md b/copy-of-sdk-docs/learn/advanced/10-ocap.md new file mode 100644 index 00000000..62076172 --- /dev/null +++ b/copy-of-sdk-docs/learn/advanced/10-ocap.md @@ -0,0 +1,76 @@ +--- +sidebar_position: 1 +--- + +# Object-Capability Model + +## Intro + +When thinking about security, it is good to start with a specific threat model. Our threat model is the following: + +> We assume that a thriving ecosystem of Cosmos SDK modules that are easy to compose into a blockchain application will contain faulty or malicious modules. + +The Cosmos SDK is designed to address this threat by being the +foundation of an object capability system. + +> The structural properties of object capability systems favor +> modularity in code design and ensure reliable encapsulation in +> code implementation. +> +> These structural properties facilitate the analysis of some +> security properties of an object-capability program or operating +> system. Some of these — in particular, information flow properties +> — can be analyzed at the level of object references and +> connectivity, independent of any knowledge or analysis of the code +> that determines the behavior of the objects. +> +> As a consequence, these security properties can be established +> and maintained in the presence of new objects that contain unknown +> and possibly malicious code. +> +> These structural properties stem from the two rules governing +> access to existing objects: +> +> 1. An object A can send a message to B only if object A holds a +> reference to B. +> 2. An object A can obtain a reference to C only +> if object A receives a message containing a reference to C. As a +> consequence of these two rules, an object can obtain a reference +> to another object only through a preexisting chain of references. +> In short, "Only connectivity begets connectivity." + +For an introduction to object-capabilities, see this [Wikipedia article](https://en.wikipedia.org/wiki/Object-capability_model). + +## Ocaps in practice + +The idea is to only reveal what is necessary to get the work done. + +For example, the following code snippet violates the object capabilities +principle: + +```go +type AppAccount struct {...} +account := &AppAccount{ + Address: pub.Address(), + Coins: sdk.Coins{sdk.NewInt64Coin("ATM", 100)}, +} +sumValue := externalModule.ComputeSumValue(account) +``` + +The method `ComputeSumValue` implies a pure function, yet the implied +capability of accepting a pointer value is the capability to modify that +value. The preferred method signature should take a copy instead. + +```go +sumValue := externalModule.ComputeSumValue(*account) +``` + +In the Cosmos SDK, you can see the application of this principle in simapp. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/simapp/app.go +``` + +The following diagram shows the current dependencies between keepers. + +![Keeper dependencies](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/keeper_dependencies.svg) diff --git a/copy-of-sdk-docs/learn/advanced/11-runtx_middleware.md b/copy-of-sdk-docs/learn/advanced/11-runtx_middleware.md new file mode 100644 index 00000000..bb8c04aa --- /dev/null +++ b/copy-of-sdk-docs/learn/advanced/11-runtx_middleware.md @@ -0,0 +1,67 @@ +--- +sidebar_position: 1 +--- + +# RunTx recovery middleware + +`BaseApp.runTx()` function handles Go panics that might occur during transactions execution, for example, keeper has faced an invalid state and panicked. +Depending on the panic type different handler is used, for instance the default one prints an error log message. +Recovery middleware is used to add custom panic recovery for Cosmos SDK application developers. + +More context can found in the corresponding [ADR-022](../../build/architecture/adr-022-custom-panic-handling.md) and the implementation in [recovery.go](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/baseapp/recovery.go). + +## Interface + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/baseapp/recovery.go#L14-L17 +``` + +`recoveryObj` is a return value for `recover()` function from the `building` Go package. + +**Contract:** + +* RecoveryHandler returns `nil` if `recoveryObj` wasn't handled and should be passed to the next recovery middleware; +* RecoveryHandler returns a non-nil `error` if `recoveryObj` was handled; + +## Custom RecoveryHandler register + +`BaseApp.AddRunTxRecoveryHandler(handlers ...RecoveryHandler)` + +BaseApp method adds recovery middleware to the default recovery chain. + +## Example + +Lets assume we want to emit the "Consensus failure" chain state if some particular error occurred. + +We have a module keeper that panics: + +```go +func (k FooKeeper) Do(obj interface{}) { + if obj == nil { + // that shouldn't happen, we need to crash the app + err := errorsmod.Wrap(fooTypes.InternalError, "obj is nil") + panic(err) + } +} +``` + +By default that panic would be recovered and an error message will be printed to log. To override that behavior we should register a custom RecoveryHandler: + +```go +// Cosmos SDK application constructor +customHandler := func(recoveryObj interface{}) error { + err, ok := recoveryObj.(error) + if !ok { + return nil + } + + if fooTypes.InternalError.Is(err) { + panic(fmt.Errorf("FooKeeper did panic with error: %w", err)) + } + + return nil +} + +baseApp := baseapp.NewBaseApp(...) +baseApp.AddRunTxRecoveryHandler(customHandler) +``` diff --git a/copy-of-sdk-docs/learn/advanced/12-simulation.md b/copy-of-sdk-docs/learn/advanced/12-simulation.md new file mode 100644 index 00000000..709ce176 --- /dev/null +++ b/copy-of-sdk-docs/learn/advanced/12-simulation.md @@ -0,0 +1,94 @@ +--- +sidebar_position: 1 +--- + +# Cosmos Blockchain Simulator + +The Cosmos SDK offers a full fledged simulation framework to fuzz test every +message defined by a module. + +On the Cosmos SDK, this functionality is provided by [`SimApp`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/simapp/app_di.go), which is a +`Baseapp` application that is used for running the [`simulation`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/simulation) module. +This module defines all the simulation logic as well as the operations for +randomized parameters like accounts, balances etc. + +## Goals + +The blockchain simulator tests how the blockchain application would behave under +real life circumstances by generating and sending randomized messages. +The goal of this is to detect and debug failures that could halt a live chain, +by providing logs and statistics about the operations run by the simulator as +well as exporting the latest application state when a failure was found. + +Its main difference with integration testing is that the simulator app allows +you to pass parameters to customize the chain that's being simulated. +This comes in handy when trying to reproduce bugs that were generated in the +provided operations (randomized or not). + +## Simulation commands + +The simulation app has different commands, each of which tests a different +failure type: + +* `AppImportExport`: The simulator exports the initial app state and then it + creates a new app with the exported `genesis.json` as an input, checking for + inconsistencies between the stores. +* `AppSimulationAfterImport`: Queues two simulations together. The first one provides the app state (_i.e_ genesis) to the second. Useful to test software upgrades or hard-forks from a live chain. +* `AppStateDeterminism`: Checks that all the nodes return the same values, in the same order. +* `FullAppSimulation`: General simulation mode. Runs the chain and the specified operations for a given number of blocks. Tests that there're no `panics` on the simulation. + +Each simulation must receive a set of inputs (_i.e_ flags) such as the number of +blocks that the simulation is run, seed, block size, etc. +Check the full list of flags [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/simulation/client/cli/flags.go#L43-L70). + +## Simulator Modes + +In addition to the various inputs and commands, the simulator runs in three modes: + +1. Completely random where the initial state, module parameters and simulation + parameters are **pseudo-randomly generated**. +2. From a `genesis.json` file where the initial state and the module parameters are defined. + This mode is helpful for running simulations on a known state such as a live network export where a new (mostly likely breaking) version of the application needs to be tested. +3. From a `params.json` file where the initial state is pseudo-randomly generated but the module and simulation parameters can be provided manually. + This allows for a more controlled and deterministic simulation setup while allowing the state space to still be pseudo-randomly simulated. + The list of available parameters are listed [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/simulation/client/cli/flags.go#L72-L90). + +:::tip +These modes are not mutually exclusive. So you can for example run a randomly +generated genesis state (`1`) with manually generated simulation params (`3`). +::: + +## Usage + +This is a general example of how simulations are run. For more specific examples +check the Cosmos SDK [Makefile](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/Makefile#L285-L320). + +```bash + $ go test -mod=readonly github.com/cosmos/cosmos-sdk/simapp \ + -run=TestApp \ + ... + -v -timeout 24h +``` + +## Debugging Tips + +Here are some suggestions when encountering a simulation failure: + +* Export the app state at the height where the failure was found. You can do this + by passing the `-ExportStatePath` flag to the simulator. +* Use `-Verbose` logs. They could give you a better hint on all the operations + involved. +* Try using another `-Seed`. If it can reproduce the same error and if it fails + sooner, you will spend less time running the simulations. +* Reduce the `-NumBlocks` . How's the app state at the height previous to the + failure? +* Try adding logs to operations that are not logged. You will have to define a + [Logger](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/staking/keeper/keeper.go#L77-L81) on your `Keeper`. + +## Use simulation in your Cosmos SDK-based application + +Learn how you can build the simulation into your Cosmos SDK-based application: + +* Application Simulation Manager +* [Building modules: Simulator](../../build/building-modules/14-simulator.md) +* Simulator tests diff --git a/copy-of-sdk-docs/learn/advanced/13-proto-docs.md b/copy-of-sdk-docs/learn/advanced/13-proto-docs.md new file mode 100644 index 00000000..6c857446 --- /dev/null +++ b/copy-of-sdk-docs/learn/advanced/13-proto-docs.md @@ -0,0 +1,7 @@ +--- +sidebar_position: 1 +--- + +# Protobuf Documentation + +See [Cosmos SDK Buf Proto-docs](https://buf.build/cosmos/cosmos-sdk/docs/main) diff --git a/copy-of-sdk-docs/learn/advanced/15-upgrade.md b/copy-of-sdk-docs/learn/advanced/15-upgrade.md new file mode 100644 index 00000000..e2332bd1 --- /dev/null +++ b/copy-of-sdk-docs/learn/advanced/15-upgrade.md @@ -0,0 +1,162 @@ +--- +sidebar_position: 1 +--- + +# In-Place Store Migrations + +:::warning +Read and understand all the in-place store migration documentation before you run a migration on a live chain. +::: + +:::note Synopsis +Upgrade your app modules smoothly with custom in-place store migration logic. +::: + +The Cosmos SDK uses two methods to perform upgrades: + +* Exporting the entire application state to a JSON file using the `export` CLI command, making changes, and then starting a new binary with the changed JSON file as the genesis file. + +* Perform upgrades in place, which significantly decrease the upgrade time for chains with a larger state. Use the [Module Upgrade Guide](../../build/building-modules/13-upgrade.md) to set up your application modules to take advantage of in-place upgrades. + +This document provides steps to use the In-Place Store Migrations upgrade method. + +## Tracking Module Versions + +Each module gets assigned a consensus version by the module developer. The consensus version serves as the breaking change version of the module. The Cosmos SDK keeps track of all module consensus versions in the x/upgrade `VersionMap` store. During an upgrade, the difference between the old `VersionMap` stored in state and the new `VersionMap` is calculated by the Cosmos SDK. For each identified difference, the module-specific migrations are run and the respective consensus version of each upgraded module is incremented. + +### Consensus Version + +The consensus version is defined on each app module by the module developer and serves as the breaking change version of the module. The consensus version informs the Cosmos SDK on which modules need to be upgraded. For example, if the bank module was version 2 and an upgrade introduces bank module 3, the Cosmos SDK upgrades the bank module and runs the "version 2 to 3" migration script. + +### Version Map + +The version map is a mapping of module names to consensus versions. The map is persisted to x/upgrade's state for use during in-place migrations. When migrations finish, the updated version map is persisted in the state. + +## Upgrade Handlers + +Upgrades use an `UpgradeHandler` to facilitate migrations. The `UpgradeHandler` functions implemented by the app developer must conform to the following function signature. These functions retrieve the `VersionMap` from x/upgrade's state and return the new `VersionMap` to be stored in x/upgrade after the upgrade. The diff between the two `VersionMap`s determines which modules need upgrading. + +```go +type UpgradeHandler func(ctx sdk.Context, plan Plan, fromVM VersionMap) (VersionMap, error) +``` + +Inside these functions, you must perform any upgrade logic to include in the provided `plan`. All upgrade handler functions must end with the following line of code: + +```go + return app.mm.RunMigrations(ctx, cfg, fromVM) +``` + +## Running Migrations + +Migrations are run inside of an `UpgradeHandler` using `app.mm.RunMigrations(ctx, cfg, vm)`. The `UpgradeHandler` functions describe the functionality to occur during an upgrade. The `RunMigration` function loops through the `VersionMap` argument and runs the migration scripts for all versions that are less than the versions of the new binary app module. After the migrations are finished, a new `VersionMap` is returned to persist the upgraded module versions to state. + +```go +cfg := module.NewConfigurator(...) +app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + + // ... + // additional upgrade logic + // ... + + // returns a VersionMap with the updated module ConsensusVersions + return app.mm.RunMigrations(ctx, fromVM) +}) +``` + +To learn more about configuring migration scripts for your modules, see the [Module Upgrade Guide](../../build/building-modules/13-upgrade.md). + +### Order Of Migrations + +By default, all migrations are run in module name alphabetical ascending order, except `x/auth` which is run last. The reason is state dependencies between x/auth and other modules (you can read more in [issue #10606](https://github.com/cosmos/cosmos-sdk/issues/10606)). + +If you want to change the order of migration, then you should call `app.mm.SetOrderMigrations(module1, module2, ...)` in your app.go file. The function will panic if you forget to include a module in the argument list. + +## Adding New Modules During Upgrades + +You can introduce entirely new modules to the application during an upgrade. New modules are recognized because they have not yet been registered in `x/upgrade`'s `VersionMap` store. In this case, `RunMigrations` calls the `InitGenesis` function from the corresponding module to set up its initial state. + +### Add StoreUpgrades for New Modules + +All chains preparing to run in-place store migrations will need to manually add store upgrades for new modules and then configure the store loader to apply those upgrades. This ensures that the new module's stores are added to the multistore before the migrations begin. + +```go +upgradeInfo, err := app.UpgradeKeeper.ReadUpgradeInfoFromDisk() +if err != nil { + panic(err) +} + +if upgradeInfo.Name == "my-plan" && !app.UpgradeKeeper.IsSkipHeight(upgradeInfo.Height) { + storeUpgrades := storetypes.StoreUpgrades{ + // add store upgrades for new modules + // Example: + // Added: []string{"foo", "bar"}, + // ... + } + + // configure store loader that checks if version == upgradeHeight and applies store upgrades + app.SetStoreLoader(upgradetypes.UpgradeStoreLoader(upgradeInfo.Height, &storeUpgrades)) +} +``` + +## Genesis State + +When starting a new chain, the consensus version of each module MUST be saved to state during the application's genesis. To save the consensus version, add the following line to the `InitChainer` method in `app.go`: + +```diff +func (app *MyApp) InitChainer(ctx sdk.Context, req abci.InitChainRequest) abci.InitChainResponse { + ... ++ app.UpgradeKeeper.SetModuleVersionMap(ctx, app.mm.GetVersionMap()) + ... +} +``` + +This information is used by the Cosmos SDK to detect when modules with newer versions are introduced to the app. + +For a new module `foo`, `InitGenesis` is called by `RunMigration` only when `foo` is registered in the module manager but it's not set in the `fromVM`. Therefore, if you want to skip `InitGenesis` when a new module is added to the app, then you should set its module version in `fromVM` to the module consensus version: + +```go +app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + // ... + + // Set foo's version to the latest ConsensusVersion in the VersionMap. + // This will skip running InitGenesis on Foo + fromVM[foo.ModuleName] = foo.AppModule{}.ConsensusVersion() + + return app.mm.RunMigrations(ctx, fromVM) +}) +``` + +### Overwriting Genesis Functions + +The Cosmos SDK offers modules that the application developer can import in their app. These modules often have an `InitGenesis` function already defined. + +You can write your own `InitGenesis` function for an imported module. To do this, manually trigger your custom genesis function in the upgrade handler. + +:::warning +You MUST manually set the consensus version in the version map passed to the `UpgradeHandler` function. Without this, the SDK will run the Module's existing `InitGenesis` code even if you triggered your custom function in the `UpgradeHandler`. +::: + +```go +import foo "github.com/my/module/foo" + +app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + + // Register the consensus version in the version map + // to avoid the SDK from triggering the default + // InitGenesis function. + fromVM["foo"] = foo.AppModule{}.ConsensusVersion() + + // Run custom InitGenesis for foo + app.mm["foo"].InitGenesis(ctx, app.appCodec, myCustomGenesisState) + + return app.mm.RunMigrations(ctx, cfg, fromVM) +}) +``` + +## Syncing a Full Node to an Upgraded Blockchain + +You can sync a full node to an existing blockchain which has been upgraded using Cosmovisor + +To successfully sync, you must start with the initial binary that the blockchain started with at genesis. If all Software Upgrade Plans contain binary instruction, then you can run Cosmovisor with auto-download option to automatically handle downloading and switching to the binaries associated with each sequential upgrade. Otherwise, you need to manually provide all binaries to Cosmovisor. + +To learn more about Cosmovisor, see the [Cosmovisor Quick Start](../../../../tools/cosmovisor/README.md). diff --git a/copy-of-sdk-docs/learn/advanced/16-config.md b/copy-of-sdk-docs/learn/advanced/16-config.md new file mode 100644 index 00000000..03aa55a2 --- /dev/null +++ b/copy-of-sdk-docs/learn/advanced/16-config.md @@ -0,0 +1,24 @@ +--- +sidebar_position: 1 +--- + +# Configuration + +This documentation refers to the app.toml, if you'd like to read about the config.toml please visit [CometBFT docs](https://docs.cometbft.com/v0.37/). + + +```python reference +https://github.com/cosmos/cosmos-sdk/blob/main/tools/confix/data/v0.47-app.toml +``` + +## inter-block-cache + +This feature will consume more ram than a normal node, if enabled. + +## iavl-cache-size + +Using this feature will increase ram consumption + +## iavl-lazy-loading + +This feature is to be used for archive nodes, allowing them to have a faster start up time. diff --git a/copy-of-sdk-docs/learn/advanced/17-autocli.md b/copy-of-sdk-docs/learn/advanced/17-autocli.md new file mode 100644 index 00000000..41688309 --- /dev/null +++ b/copy-of-sdk-docs/learn/advanced/17-autocli.md @@ -0,0 +1,258 @@ +--- +sidebar_position: 1 +--- + +# AutoCLI + +:::note Synopsis +This document details how to build CLI and REST interfaces for a module. Examples from various Cosmos SDK modules are included. +::: + +:::note Pre-requisite Readings + +* [CLI](https://docs.cosmos.network/main/core/cli) + +::: + +The `autocli` (also known as `client/v2`) package is a [Go library](https://pkg.go.dev/cosmossdk.io/client/v2/autocli) for generating CLI (command line interface) interfaces for Cosmos SDK-based applications. It provides a simple way to add CLI commands to your application by generating them automatically based on your gRPC service definitions. Autocli generates CLI commands and flags directly from your protobuf messages, including options, input parameters, and output parameters. This means that you can easily add a CLI interface to your application without having to manually create and manage commands. + +## Overview + +`autocli` generates CLI commands and flags for each method defined in your gRPC service. By default, it generates commands for each gRPC services. The commands are named based on the name of the service method. + +For example, given the following protobuf definition for a service: + +```protobuf +service MyService { + rpc MyMethod(MyRequest) returns (MyResponse) {} +} +``` + +For instance, `autocli` would generate a command named `my-method` for the `MyMethod` method. The command will have flags for each field in the `MyRequest` message. + +It is possible to customize the generation of transactions and queries by defining options for each service. + +## Application Wiring + +Here are the steps to use AutoCLI: + +1. Ensure your app's modules implements the `appmodule.AppModule` interface. +2. (optional) Configure how behave `autocli` command generation, by implementing the `func (am AppModule) AutoCLIOptions() *autocliv1.ModuleOptions` method on the module. +3. Use the `autocli.AppOptions` struct to specify the modules you defined. If you are using `depinject`, it can automatically create an instance of `autocli.AppOptions` based on your app's configuration. +4. Use the `EnhanceRootCommand()` method provided by `autocli` to add the CLI commands for the specified modules to your root command. + +:::tip +AutoCLI is additive only, meaning _enhancing_ the root command will only add subcommands that are not already registered. This means that you can use AutoCLI alongside other custom commands within your app. +::: + +Here's an example of how to use `autocli` in your app: + +``` go +// Define your app's modules +testModules := map[string]appmodule.AppModule{ + "testModule": &TestModule{}, +} + +// Define the autocli AppOptions +autoCliOpts := autocli.AppOptions{ + Modules: testModules, +} + +// Create the root command +rootCmd := &cobra.Command{ + Use: "app", +} + +if err := appOptions.EnhanceRootCommand(rootCmd); err != nil { + return err +} + +// Run the root command +if err := rootCmd.Execute(); err != nil { + return err +} +``` + +### Keyring + +`autocli` uses a keyring for key name resolving names and signing transactions. + +:::tip +AutoCLI provides a better UX than normal CLI as it allows to resolve key names directly from the keyring in all transactions and commands. + +```sh + q bank balances alice + tx bank send alice bob 1000denom +``` + +::: + +The keyring used for resolving names and signing transactions is provided via the `client.Context`. +The keyring is then converted to the `client/v2/autocli/keyring` interface. +If no keyring is provided, the `autocli` generated command will not be able to sign transactions, but will still be able to query the chain. + +:::tip +The Cosmos SDK keyring implements the `client/v2/autocli/keyring` interface, thanks to the following wrapper: + +```go +keyring.NewAutoCLIKeyring(kb) +``` + +::: + +## Signing + +`autocli` supports signing transactions with the keyring. +The [`cosmos.msg.v1.signer` protobuf annotation](https://docs.cosmos.network/main/build/building-modules/protobuf-annotations) defines the signer field of the message. +This field is automatically filled when using the `--from` flag or defining the signer as a positional argument. + +:::warning +AutoCLI currently supports only one signer per transaction. +::: + +## Module wiring & Customization + +The `AutoCLIOptions()` method on your module allows to specify custom commands, sub-commands or flags for each service, as it was a `cobra.Command` instance, within the `RpcCommandOptions` struct. Defining such options will customize the behavior of the `autocli` command generation, which by default generates a command for each method in your gRPC service. + +```go +*autocliv1.RpcCommandOptions{ + RpcMethod: "Params", // The name of the gRPC service + Use: "params", // Command usage that is displayed in the help + Short: "Query the parameters of the governance process", // Short description of the command + Long: "Query the parameters of the governance process. Specify specific param types (voting|tallying|deposit) to filter results.", // Long description of the command + PositionalArgs: []*autocliv1.PositionalArgDescriptor{ + {ProtoField: "params_type", Optional: true}, // Transform a flag into a positional argument + }, +} +``` + +:::tip +AutoCLI can create a gov proposal of any tx by simply setting the `GovProposal` field to `true` in the `autocli.RpcCommandOptions` struct. +Users can however use the `--no-proposal` flag to disable the proposal creation (which is useful if the authority isn't the gov module on a chain). +::: + +### Specifying Subcommands + +By default, `autocli` generates a command for each method in your gRPC service. However, you can specify subcommands to group related commands together. To specify subcommands, use the `autocliv1.ServiceCommandDescriptor` struct. + +This example shows how to use the `autocliv1.ServiceCommandDescriptor` struct to group related commands together and specify subcommands in your gRPC service by defining an instance of `autocliv1.ModuleOptions` in your `autocli.go`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-beta.0/x/gov/autocli.go#L94-L97 +``` + +### Positional Arguments + +By default `autocli` generates a flag for each field in your protobuf message. However, you can choose to use positional arguments instead of flags for certain fields. + +To add positional arguments to a command, use the `autocliv1.PositionalArgDescriptor` struct, as seen in the example below. Specify the `ProtoField` parameter, which is the name of the protobuf field that should be used as the positional argument. In addition, if the parameter is a variable-length argument, you can specify the `Varargs` parameter as `true`. This can only be applied to the last positional parameter, and the `ProtoField` must be a repeated field. + +Here's an example of how to define a positional argument for the `Account` method of the `auth` service: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-beta.0/x/auth/autocli.go#L25-L30 +``` + +Then the command can be used as follows, instead of having to specify the `--address` flag: + +```bash + query auth account cosmos1abcd...xyz +``` + +#### Flattened Fields in Positional Arguments + +AutoCLI also supports flattening nested message fields as positional arguments. This means you can access nested fields +using dot notation in the `ProtoField` parameter. This is particularly useful when you want to directly set nested +message fields as positional arguments. + +For example, if you have a nested message structure like this: + +```protobuf +message Permissions { + string level = 1; + repeated string limit_type_urls = 2; +} + +message MsgAuthorizeCircuitBreaker { + string grantee = 1; + Permissions permissions = 2; +} +``` + +You can flatten the fields in your AutoCLI configuration: + +```go +{ + RpcMethod: "AuthorizeCircuitBreaker", + Use: "authorize ", + PositionalArgs: []*autocliv1.PositionalArgDescriptor{ + {ProtoField: "grantee"}, + {ProtoField: "permissions.level"}, + {ProtoField: "permissions.limit_type_urls"}, + }, +} +``` + +This allows users to provide values for nested fields directly as positional arguments: + +```bash + tx circuit authorize cosmos1... super-admin "/cosmos.bank.v1beta1.MsgSend,/cosmos.bank.v1beta1.MsgMultiSend" +``` + +Instead of having to provide a complex JSON structure for nested fields, flattening makes the CLI more user-friendly by allowing direct access to nested fields. + +#### Customising Flag Names + +By default, `autocli` generates flag names based on the names of the fields in your protobuf message. However, you can customise the flag names by providing a `FlagOptions`. This parameter allows you to specify custom names for flags based on the names of the message fields. + +For example, if you have a message with the fields `test` and `test1`, you can use the following naming options to customise the flags: + +``` go +autocliv1.RpcCommandOptions{ + FlagOptions: map[string]*autocliv1.FlagOptions{ + "test": { Name: "custom_name", }, + "test1": { Name: "other_name", }, + }, +} +``` + +`FlagsOptions` is defined like sub commands in the `AutoCLIOptions()` method on your module. + +### Combining AutoCLI with Other Commands Within A Module + +AutoCLI can be used alongside other commands within a module. For example, the `gov` module uses AutoCLI to generate commands for the `query` subcommand, but also defines custom commands for the `proposer` subcommands. + +In order to enable this behavior, set in `AutoCLIOptions()` the `EnhanceCustomCommand` field to `true`, for the command type (queries and/or transactions) you want to enhance. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/fa4d87ef7e6d87aaccc94c337ffd2fe90fcb7a9d/x/gov/autocli.go#L98 +``` + +If not set to true, `AutoCLI` will not generate commands for the module if there are already commands registered for the module (when `GetTxCmd()` or `GetTxCmd()` are defined). + +### Skip a command + +AutoCLI automatically skips unsupported commands when [`cosmos_proto.method_added_in` protobuf annotation](https://docs.cosmos.network/main/build/building-modules/protobuf-annotations) is present. + +Additionally, a command can be manually skipped using the `autocliv1.RpcCommandOptions`: + +```go +*autocliv1.RpcCommandOptions{ + RpcMethod: "Params", // The name of the gRPC service + Skip: true, +} +``` + +### Use AutoCLI for non module commands + +It is possible to use `AutoCLI` for non module commands. The trick is still to implement the `appmodule.Module` interface and append it to the `appOptions.ModuleOptions` map. + +For example, here is how the SDK does it for `cometbft` gRPC commands: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/client/v2.0.0-beta.1/client/grpc/cmtservice/autocli.go#L52-L71 +``` + +## Summary + +`autocli` lets you generate CLI for your Cosmos SDK-based applications without any cobra boilerplate. It allows you to easily generate CLI commands and flags from your protobuf messages, and provides many options for customising the behavior of your CLI application. diff --git a/copy-of-sdk-docs/learn/advanced/_category_.json b/copy-of-sdk-docs/learn/advanced/_category_.json new file mode 100644 index 00000000..a49201e6 --- /dev/null +++ b/copy-of-sdk-docs/learn/advanced/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Advanced", + "position": 3, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/learn/advanced/baseapp_state-begin_block.png b/copy-of-sdk-docs/learn/advanced/baseapp_state-begin_block.png new file mode 100644 index 0000000000000000000000000000000000000000..745d4a5a971292bb0346c35893b42ebfbcdc206e GIT binary patch literal 20565 zcmd@6WmHw)_s5SOT1t>oKnbP0kwyXOls^@mAbnmtInrrSg=X%fAB3eUDo)C`;4+H`cDk{iofk5bB;P(%Y zuz|Kwc!>%Gq5~<)zR~tI+0VxLLe@?3iQ7OH`t2Lbw>%a+5;={2I?Zq>qb)4UzcMqTUgc(sw|^lU@i-m}r2F)d?D!dQ|5HQrK_9|8 z>_gzDV-qon_vBIbSY!wbf6Q+?*LdJo{Ibf;rcZ_+E`Xc-DzbBm@w#f!@xZ(i=%b!@ zpzty=NpF!JT}xKT)oXYEMs?t-D~8-0I9}I}e^;@EoEnQKnxTeY9Qv}qLGLuc1CRR5 z|4Bht02~cOMc@>}Ml1(B?i-6fM8e2?@FMB`;QzO;OWyEFkIRI3q3c2_QHz98?fDh1 zB#qntVH<M47WREX5ZenxMVdFUDUgRj&DsTh$mM_lddu3jm2Z!9%eH&|<=JDG|I;}qYaCW>J zNo{?U=LY35?_jChyd05IYzxk|?m4yAloVEadc3kS0|Ez}?{R(@7*xg5;6 zGiIBJqtz5b(GXtL>$W$YyPr&mZ=+O7zn*V=C2Z9dL-ew2dH%E7;j~W9K!&Q)tN))c>V zFpv{pYJFHJIA;FKQ^aT2=gp0LZlIE+QI*1Q&aG+*mKR@0jinQ+c&xT;!ft#rkR|)- zZu<9$xN|cOPI=mOPQL0zRK7xr;pdQxI{R3um>`_C#0wpJGVwl31)@hY=t>TgT+IAM z+{qKg;{!vP!q(FVMAkjOaI4quh!~vaaK6Kzcs;*9=I>9ENM%r5%W()R#wC^S+fc;+ zC0K6U!gjKyp1j^0@?~cnHV`>4GyrAv_|^7Zly$UXI6HF?+D-j^pWd5Uo33-JKsj}z zFX`1-z9OmpY;^%97FIVI#F*@fq|5A{kKN_FF2FZ}Z<#44;DvF^NIhqxHk;7sr@bc) zrb%F7=Yg*+V%F{>=QhbgXBY51=Qw63e!|OJK>*;)hBg-L{yGQb9@0=G~83pG( zlWz{%Oj|`Ri%-knYhI6-a&kZA;J~2L6Xu?__1O4){}nL z5mq}d2`Ju~H7dMW-HN9^K0hHET;mRg-MlY!FD)wS)%>~D?Xhv`BVV9+XukEGPITaN zVgX;FCI60~WigtYnbqJ}Lp5YgA-!=wFF%;Y_)BJ$#~I(x5~FhG_X#6+`!f&ua(~64 zw_#uSu0CKu&sXJ#8uaJqU;#scEAe=<^aj=2oA7qV?M)dimCT*S9jaFR=%ift)rp(eBB$fS?shskDT84gbnHK znp74|3wym)!d2s>)g6xD229JT@49||^_C+FQtta$7}y9Zfk5z7#p0{}|`5 zFDxl~LQXTxJL6JZZTHtTaa0l-2&ZKRK}Uf^8`XKmj1ZNIOyEl}e|4>pBYwrGesBwY z?M70paqpBa=2FrOZmKeB4OHCXPU9MpdiZv_H)&FtF_hM-o#S_HFk9`F%@GjN`YR0~ z;7NSGzsxA}>6|aG_v|ug?n}4(!2+d6b{TkjFqXTOwaBS8p4!>Y=2} z!9x3vOYjyWq^~3y!g;xsGr1@ZM#f5$ha%;+wzPJ66E2N!*3sI)L-QPvyq#81xkiizguFHSXS#0__Gj*($6O|vhXrtAl zs&~?{JHO&|wRz*RQHIT#@7-%MhJd`;5p`=7Pv#8xBQcn|QH|Saz0lKQWAU&%o?va1 z3UmLvU{Jg$sXs7f&sOie^eBQ8{-|lX0@{&MLK&+ad;fjtDXTTA`l`oWqt=};^=zTl z@BLQ%9pP|h z8n5k6DK8$Av|Gq7p9>Si6-G;5u8w~7OaJ*yl>wU&0kqmH16g+XyH{+pJ~ucq)>eIx zNdB?n(U%B553@?EK|N^`_V=UPsezz&*m6z+_xWC8zr=ih0LptXJPCuLliwf?L8dp- zhuSRZyL2wY)acJ(&ppklGvdk>WB2%UCNzRiyj*+usQ-3tkgwcPBW)eZp!iamIgV$F z9By~kbSAu_LOEI(rtPpGdirXmNhY`dhj;uhi7w={-Mp%6NLjjsVoor9Q}c9jLltI9 z`J{%fDy{87r>;zoa=(L@5n^6)-usBNZvr)EiU$j3Kg}^a4zBRP_iHi$TPlh+`=qKo za(0^g>)$Xi_M_L#GU)rBVg1{82q&xiMfkFUUyTjMY>j!!^E=N9zaCf|HCshW8N-_o zy-G1(idCBs6-FGEO|=4T^^`(C#i=O}KZ?d@436JjHQlrZ-^~W^=YNe)~G#?5A7Ymsf%!l^+j}<<}ReQ~f_rFJe{Nh(%H5fd)9R1U2 zqao`mU;C`F&^h$5{WB+tfE|2fz?)CHub~7kEHR9 zinelv0=Dja-Jwrf@R>|Lr#bzr^@LbaSwGjA!eC=gTm*#(+_Tk<_%P0&QYg_VumD4DrTQw2sXB9 zSLmwmHqSGV_4FiUzdGC1gJv}xD}M0jj0%PM#+@XKZ%ng+c5*v6L`M7T_0>x-OFcD1cs?LsQHB%jAw}7nL7)W7f zGLJ3HqIhy+?>B^I{C&(b%WH8u-rFtc@3$`Nqv_4TtpXvtQPGodCj-7*?H|iVfXz){ zpJ|<2&#!;^n@TPr4Pk1}oH?{qNTx(nx>qe8?q(9k>gF=}>`_HqjB^c2ZaYGLVd5F| z-w7Ob^pv#AUXfE{MdZX@<#@*t%yI>x^k5z2B~(w->z<*hb?G2Wagb;rFu^lUtffHZ zw>D~tDesp_+gas*zU^_hY5Nj#w}V4D{xni;hn4>p+d`iBb-kR3~5wd*A=# zTs7aK69yH$U^oBlF-_E(WgpOL;XqPmRo@c;alpzm3DlVIT(9|m(icr=JQNqXqyNQ3gv8* zpq(1PQ+ei_aTWXne`b*%N@xC-aOE4h=LfHH@R@>gz5>CK+Si}UmImmqIE=y! z2cP%>8_9eIaap(wWLc%?r4kDsm%KU|!%7`NjJJfWg)A$&4!LhFd2VY-UGys2YpnR~ z2zVEc+U)Q3yWgMEj{R++tPVk8Q;vN@5EvoVc)HAuDVu#;j9v%yEChIop1~F(l%7?h zgQ~iYM{9idG)~am?*W(oVZiC3HYYzuEnPw}Vc-onv4Ou2>;uUo1+T!Uuj@krX0n-| z`22^|PQ-#LA6i^a3^Bmjy~8jskD_OK7H3n&o0%gQ)b%!-g-!$;1a{g(AIX|^5!K>J zjHTk&vhPkHCZax5p>T=A%X-uF^U<~mB1tQb>+a=p&PhWr7;BJde-D<=&x5mLosClU zbL5`hR;oMI;PVUZPqsON)8>$XR`44p$P#z|d-0W>TFO;7%{nG*0tlMSh{VlXJB|Hm zQ(72vP9Mw3c6ky;?!I8TB!_A=DKkt;Ef=cgvX$)R=-rRR?abHiKi2x@Yw+sV^%=YM z);Gzz|n0`+8Bo za(B{+%gNA3kmr+isYj9ISfLY!L5oAtg3of$mLvTS9b;DG#+SJk)j_>B7@ra!gqNT5 zo>8zGX;BII%g0c#GU7 z;r^{16sGz>m`jqZfej{)NOHH)K4?N2RBc+1qms<3SJ*$Ns(%RQ?yG$fsS6F)hX@DQ-s&y7u?Go(Vu4jeKR=w^k)%wb!`#^^n)%caNtXg{Y>V z$H}b6y`RC2R(Ff2@W4nf1-$8}lS;tc<6Nt}tCa&MC@Ox<-E5vIb>z{}QlknQWt~H2 z^x04U%*}$Vtz|o@ANHyq4;VP-NPJs$YK@F4R8&>9;e~pNjnh!ec#FTi<%@2I2(Ps5 z@gC>9%gI!1q$#WBJ5gOWHhxJ_2q;?dy!~_8)_wJbVbhaj)i`LWZ6<1NEl_RoCk1cD za?n*n70Gg=n+zh7BW1r7))$K9Xr&U#gf49uO9+$PrN8Z72zcl+vv~1M3Ir}1=#I-I z^O3afzchD08<867C9f28{b_jewdW=xg7Zy*2{6rieLxT=gorGY|8hC~d369nVE;0; zggdsAma7P$6FU*iZqo*_WKs!18bAYNVz*Ey*#nhSxL@S+?CavG z+>Fb935!9Yfp5+ag?I#mcA>wy)q`>FVO+CT7WJ1cTHU+VUMNvYe*brNx09h^i*eL{ ze}5feFl`M#_D(T0&#*(SCWKn57}Wi;k}&(k0iKld4<~uq3O>Ai1iok_TIB?vV*9*= zl{o@m16TCUT@#hw3oJdkN!@H;F1UdlvqbIB)hkvNz!yi!T~0DS6M0dYwCAFrb=@xzYt-iM-e;ScF7Bo zWfq$SsJDATJZWP+%(i+HFiW}QLW=iVRjj>ux{*Xs1I`a?_JI)`Vp5~hECOSMB3IUZ zr~Xqn+!u2-ohl^@>*YC5q(j{h`1Dx^0#rXG9zz&g4qJb(b7f08nz0A|e9`7Q0kVwP z6LrhEqWrxbOxX4)oOi>rH=N+$)e5LI>BQufWWP?+xcI5-pUvnt$b&9@YL&qa0-oB- zC&8H@m13Z)5}@w;*{NTzIj-t6qT=Ws%X85i+006kIXc%I&Vz0fewgC4k5YtzMyH=X z$^n57TcNVH9*E5C&-&W3xj7v>@QO0$3-024-_a&G-*VFeUG`HXCtOzM!|tcxAF~0$ z({r0&LpMKiTJ*cVB4G=g-c2CwjaQ!jC<<9%*Y5?@jMY)4B|OJ(s~x|({Y5!9DE^_D z*@%;@`mUq;ljE4ZM6K()kSrQB^;`+PUfzT%9-LTzS(s9Qb9)B`A*M}^|1PEC#qZAQ z!0xx{qSi^cIc;7jSm4RN9`vpti)5lPrxtIQL&S90@w(Q$lg)s#dP53U_M?3&o?1BH ze`sv1{^F5{->xtQIGzf#KT7j%H&HDoKmI8<`1(z& zsDB@l?1SNSib##FQW4kC=H_$1f}p05yQx+JPwf$%nPUZBTa}n>*|*ES_ffNJKN-yU z4URXMq=OuC)!vHZ@jlL^7)iQ6d8-1M+y~ch^nN#0nlh^B+gT1y`nzaI?ejgN?1&eP z#Pwa}Gk6l1Dd;1~3hV=z$Nb_kCoxx1Q>5wzo#Xpm`7OZNZLVT#;&VV4NQk5{2r_k$yw z4OxCb_H~WT6>7(<@cOVWa!l&rc-Fg|xHd8Ltkz|in`xg3}q~LPHp{KmBb-HSB4hkW(ehgoTW9+fDCUm$1yLcOrD`njK07Z zrP#F>YvqA?ajYeXCutr7!8n3lCl$tc{4qF9#GF*shVa0CNnXeXe~_ZGTmI=t)npX! zdiJ>gpN~9Y8zHyXHMOia8CQ8%kX{N8lk~axe8)+xF*@J8s+aGB?++YzrjN2U24NAL z)HhotrpP$l5YWpqYxY~Qj_&AmGiKq{$Mp@A?z{o2mwKQgXts+6XPNk04 zJJHN`PY!T=hIaBSzh0lmNDCcmsv>dJ61)GC7wzDJ-+Mr(e8K0u2N4N4sBOMei~gNf zmQgqOsqqOAj}9b_zI>NgP5y{WGVr3|6}ui6Oov`sMSN--M~b)fN!6DWwrusDR^h>k zkd<~5`-R#@h*6s!kkAZCFW>r=ZdRRA=6lU!L&c`qwaSgildsLU;x0DlUD}{jbprz( zSg4I|h{!GPlxB&H`QWPteJ8JFsnRD8cktV7Z9pO@&5erqBjuCApq8P%75~Rp*W$07 zQ|o!Ev%p_4lF)`|hjCo$T1)NWI@TaZ5^|->Z*JyQJeD8doVcyi5PVnie5SR#nFWV? z*33jJ4TZb3c}Yf;&sW-7Zq#T;SE8DZ{!j(s4I{2xC~{_8pR0A|QQt*FxDFjbH{?_k z`Bu6Hzu>ZkL|5A!qh}qbayYh=TxiZkj%T*jkiea0r}NE^=t#xZ#UH2Umj)B3M#N%V zsC~sdlzjxoC1r9iWv|>Uc|lH9%VT;wYZ}yvsjzO?O%-;wf3kH3e9ZSwM$3gpMOvFrZ+UiRg z)M%-X(sdD^qHDbSvFj&h)hJM<^`V~`YM%S?GrN0VO9i`tOJd9)_RJaqS8IL-yneNA z-N$aofV+X;C%P&xUYYLAaY+<%!t(o}{q0PG1Ps+b&`^Ab@5~;*Gpnm94dxxL&6Xqc zKBK421U=&!M*jxvF9u3oba~cSIod^HaYM~J#In}06KQU)qrSjRrrX(^=So9N{`z9s zNw>pF#li5oS7teR-U9}vIf5hKrV!sLs_oKJ#Dr zlQf>MUo~d4VzB?(|CjU$`14)^;TPk^Kwg!cGR0*1{w+>N>#ORr4!ra~993wDxmx>I z1~oSE{h%wYm(|^i$V&{wrNg04(KlSKBH}2~y*tjWhio^FE&&2V zqJ{;sJH#^^B=!k=`S)jE-HRq2O_@~E2PV5{{|D+pE{CTE!Xg91+cT z<#SB(M0@xWpDXnB?#vkJO^2m|g1VYN8XF)WQueuG#zcqn`-m4RGb%iYcy-B49lSQ3 zA^leilk&s#bDO`WKh|NcoXCI9{kKsTr(MWBd3P#UI>@raZ^OrKSmlhyVC^96c@;-o z6A^)RL5g;OYy~~VoBBTD9ZbhME^fymy-~ULnuEFR_9#9K5BvzitySE3rC!9Ca`F0N zb&p=+A;`IqGl@Nw>!Y7;R_SkeLCg#j2e>@PDF@6HLIEcJZlw$6%A}>L>FIvdx-Ek> z$fH|AQ#U|aPgh_w@61H}+>GH*kS_|`-R#EZg!;Fv#%)eKz4Jgf|d zR+V-x2l&E-{^|;OhKv6Gx}HXPtY2u0iJv5qupLXpm02-TE*?au!SVFd6k# z{SCvz<;e(pcx(ca3w@InhbWlsqDbKhlTEDU?&O&`?dPKDZDiZSJ($b1fq^LBcSY*w zL09@;x`H@592M>I%@IpW42ay+vYmnhl{x7x8rTSw%5Pd_^D>0TI8Dc)ISmLITWCFCQ_&7Pe+bEBRd z&Q|Pb;#wrk6El7V={-XoZ*Rsz`Ml;HtU7)4a!;-i@gC)5?TrI8`JRVHS@wdnAN>Lr=;H=&Q5V# zj~u9G%#3f+9BlhnOAQvj#76|WL{EjHr~OsGJt~_(4O~aGvzHde^T%6UHAyKMec%kS zTXTGYteXGAY6q8b5q3HB@PBMN|9$&L9xaYWzg|hV!dB8qF~a=mYqR)U*Q>XzI^To8 zkfw}_b};pAdb>^wt?$;cI=^)EgGX|TUT&u5W~-X)F}DMiZ(`q>F{F z1k{v6sXhlxKLbkQbwFNiEK~L~0H`iEPpge+V_6si|DQ$^X4lvXl*Hcx<0=0-wbBCI zzvNhCTY}D820TM0L0Z7r6ex**1#08d8jeQ*5y5#_H_opUmZmFh&R!@_mr-5;l*E7k zGsO=NJPO@FJk}j0G1x~$GyD$by;H#?R<~F9wj-voDa7d2iY1C|A z`T&&vrOGeXeo-&KV9DBOXcjw^TQn^4!8^KTgZLF0!$p+M*{29ngtY%-GeTHg;Q zNOlt*_wg-2`JycS1nWicXL=MKoYQn zA{BrJr#n|wYv#Bp!!Y$fKIA_V1oSwmLl^WoMk+JEa#LNfj_W_T1pOa60($=PUqcom zq-Z{v>)>Gg9}t4s4A>a$wd}u!65O13V&Miu7Y6Te6OLu+*Cj{bWoUL}n(t;1Hd zneu?CeA8eF!^?hxS?{G9d`z?M!ME4FrM!>Z>3=i*Z-~ag5am+GG?8k7wZ4DipG8p1 z{%?My$)j}e{ycvg+F9^#Am3E~8}~nmM_fBEKZ@gNlF&;&Jy{OOBxzFBOD$Ddgs*-o zjduc>#!RDpheO@}fjA}70<5k&vd%Gm%P*m7vcpk*K`)`&vQWAA)Tew;Sn?_h>LdS~ zSm1i%Ch|W_FYoTd*yocSA8wr#_6`ge>{>c>7oN%QNBr+9>04b;Da8~AGeqP;EVz`k zvqf(vW)X}wp*b$1BPL47J=TwM+1Vjj zzs>C4|K|t)gOe(!INjMD;4q@M*EiaLE3lWG{b#2RsN+059aM`F&{ogl{B6* zC3oQC2)gn9b_fKlGTYoBZ`F>ExGsw~?7QSZbuviuO*m$+^HQ^)>-pYn8}hxZx$+_T z|8Y=lti)tw6JXgnMnx#Y=z4-wFsdNcMCs;Y*|)wHz@XH_Hu{qXlU~UWKb+6IL_04a z-Le;KNSW21KWi-l;2xK~I{E(wEZc+*l=(*z85E&JC)*>r<(@lZM7+56npkVe=z-dh z1?1mf_jfny#trTTU0EW4EPl@p=`Ip`b5ruqTiYcx^5hd})Q#JM@5Y%_GsM&AWj@JX ztdJNMun{|wy$-&;97^Z6%~8yH?RIb8`RPuj6TpOqj_hT0{vlnDRIoAx9le8QD$Rj$ zD3YWRPUse+kHXvQ9H$vxzrNi4!umcgTF;z414o+sKUz%MNGs0^HO0Qcd|99 zjp1f*R>v*LUK#Rm&rVNIPu&|&t*2@}Xe&~O{-3qhiqPY!1ldxhLhkbwgTuJ-^nFCxjKt?T|Nr{7 zPzlp5Gc?{C{Voq^iCW$I)TbRK(sb;uJ7bKLuU%KHBg&*{7@aczw@|^Q0gpM1qvU4_ z1^-Zek7Z#JcD_H4a_CB<#ddm=$DUZ&sd7#^{td4y4gKjmVZ6Qo4RiJ$XWSN74lQ8$ zqacI{32u=ojJr)`EBWOnG+_TpS+7H<$7xN%|4xOS|MaanyUB8fxoF7!tzU!3_U9EX zwXD}wcJ+P%bd zdm?BzU2d$^=xGm-QSuwf>XJ#3w81l|a}SHV>$7<5C25RGLFa|nv$gi`KUSs)yO^X4 zyX1(U{+8*W2_BI;q;(7`Qp=7zXm^SsV+AzjJFV70zput}u@vN?QOn00{iI*t<-2ISAX=71M8^|;yX#Cv+HG$c0jq@}+=NIaPz1M_es2HNA zD~KY(0i*Z#(uP2o27i9QQBGmgu>zJGsHm3%hE*&DC!a29o(=FAY}bybX6&Y|fn#}Z zKK#!0zc_FLnf=at<9>B)O(_|OjH8h-)GAbAJ#4winfRgE`Mk-p_p!$kZOARXn&Y#? z*PeegC=g;GeN_W3dylhQXc$T5d{yn_KnV z(E?!Ed6xjJXdgQ`U<`U0=Cjq65jv0CgKq!!s#1?;dM`Hnjn_VvFbTf0PCcu{Qq7eN z0`{sFh06elmO51irbd}0y_9=9-@lw2c&vDJe{-n%K-mT?5CiYkB{tnT{uG@cpPB}a zey_?E@hGg~vgwC*@9T?pf4_?ZR+_t^79QK-=ili=iVnMDp9)+4bD%*eqjLV+2t0Ji zC@n?!DQa5X=2x0|9!bkH_I62tfqT*_4&(_ZizQ`vJpa-Li1eC)#~L1FR&fv)jI;wi zW~u^upsMT`82=`R&;Jw6Y%rBuxV*<Rn9V<4j9=?S4r&lDa#6j{#D-rxt?nz<5J@8w)Cbf#{5AW3g8vZuUpzX$777 zvqWlcPsi1J{5$g@Wi$vWz>r^nHBVuGu5NQkcv*n-wNuBUJXD#pLc>|s=dn*Bt_Xw?^V zix)eqzVo_p(3**{<#yUH_W@E9zoN{XO?fCM;1LPu|}PKHFJiP}?M$v?i@Ev+Cxnib#t`JNCbhsRF35Z)^7DTp#tkQr;BpkxvF1rP>U-=scj5 zym|BH7?`6>B=g*dlqY=w>+!-y4(bxpxKs4_EupV|Kl-z(RnUAqz>fVkjCc+ol2_bR z1v1%l0~8iPuK>Pt5Z~Y6ov{Lb(Fj`Qo)HQTf9{r3XqaQ>$JDCZqfVlsJDJ?DH=yhr zI=ynEYTv&W7;)_s8raR|UUE36b1eb&(H~+tY}CyMr4HYgb@O8#_QslyZ`LyL7GCB1N|!7S?@p{AKcD>Px%Lj%Y_b4*uzThe*q+f%{5XV z$7Mjuln~g0MHOv#`D3l|LC~1J*KG4RUW3e$tCcX2T(em4?O%C}7poXe#y=^zUcwdh z9YRxqRDhEGY1Mm`&t0yXBS4N6*B#qf?yFPAvXWXM;B* ztu6yxPdcuSV^$v-CD6G`u~dx(Nm^_+`x%byZ7_K?Ynz*XzcrG(TyQ?@4|;wbX-$-f z_1NjFDiUp!7P)39P3Gh+NTD`kVYFZ@bvpx|>CoDA;K-(nMUkPlS34tRFm}tV9RZ5- zU1XnGYy?&@R>`q~ZKmFM_KB_dSpD=Nz!K0{3pLiiI0{2n7oV>VRhJbyXpzTPG1U9nr6PhqG z9YngI51Io)7$F1bJ&^Amqbk}m^4!6fhub*;!|jwX4!9xa5{9aNeAL~VFO!`aHai{# z-CDLQCyB6C*;`O-ydZ`ZsOgAQ^g!Dvp?wAjMXIz&ij`e8{_9md1d_|ypgn3vXdyb3 z)2nf8$$%&nla7Q#y_pOYRT#=;DfP<^BxOeex~BuLH~s=(Q8NqcBn9UqSt0e zOon4%6Y$tSezXGUu}xQ$&lGdS8`8DiaM9fL3m|BsZKXfMD~BWN)lz3hLRB1m_! zVOczVA*35>zh9T0_f1;iJF_skEx-`O0a)U5Z$qjuMJ&TZ6^84|Rmvj)Z(Ov;CYu!p z|Jj*%UQea_!pPFQn^BkUzYmN3DD-Xk>Hh0cZw_Dh<#!kF0{RS${PG_3JO*7NVXj`Z zgq%2u&`;$^{4iQQ%bjL!IQx@qmfDDiC*R3w5O5PvZ3}Z*3TY|(ewQFhQFG>4mQkX| z^q*d&tXS5|j#X}a2L@2@fjyRJ3(Zd`Bs$oHFe3`>kuJ4G%Q1pjzFXEF)n08yADQ;b z3`_3?1qm1swVkyXR=7OxCB6yquv$jE3Xbzm9_t7v(R~I7k4WCY`#r4JvpS~bOYpSR zU5BEsRqjrI;yNO@LhRldYZgaZhVh>IuY}=rc;W|9$|%WNu8MP&OmF-8Snfaw*k8Me zRHKhAK9d#b(Ps|xTOo73$Oq!fHz>_IH`YA{SX@8Q>o}slk9r?fKY%j!vE zc}wNcTbJH@=JlpJ*qhiXzwDiv;-B17f$aYWu_INteD3CSaLYAyTOW>3c#i961$FTB z;7r2hrpb@VV-Qd27EDGO{Q;?5Rh-(O~92-=3n)v8Mx z|DnlxzHE-7QScur=@MP%5)*TlfwL?zaJASHPQ`rB53L(Be^XPcBvA|;v>;76eHOw> zjEy+TC6)R4^!d+{F4d!#76k;R!NVkkm0p^%mwOg9%U@T;o`cO$T@S6v{VigB?O2Yl zjAQot^X>s`AJD*rj{}`A3Xe-e?pU)+$Wj}#Zxptkn!>>K&I460tO<(AH-WegAUe5H0rQ(7L-h<{G;oQB4U(d z(JVJcnGbC8?*Bh&Tn7%_?fciPC-SGME#N7oA;jY5Lh*9`UXyBEsnf-^&arMM?09o2 zVdJu1esk;0kX?I68fuYK;~u_a@nR>ws=%2`Cxl}}CZtIeSdLaU2L@~@R%_ouAs zQ}s1uAw`G{&g;VYdw9Bp0Zo6RCW0%I*$*!@@i`X0GQh;~dChPCn4icxwg)se*!f+OaZNpX>!`J6ulJ?oBlf;vyJx=06z^cn{fqHG6aeZM7rAC*sHDI z3UpGWigCW&xo2? z0MOG`0ClL<;-%OBK0m+eaSB{l9ypI-yYSIP(2iBzdWfmsW$_EQ_hBM{HV**DAsFRK zCcajt@C|(!tL+;cbLjKMkdEykfF3>$Vj>mVPgbvYg3)t247Nw0K1u`yOt5i(cv_Ll z-}b;ZJtJEWVO+-!tkd?xu#Fz=xbU9wAf~j*A)8 zpt7!i1v#Pb{YQ+Lz_4E_0y{KGhWj5>ryn0K0$>hUc{=*UN?&79gPmx*mh&RR?Pf8T zFNFZVgxPW`nBm_klWxn%k3BB?v&1jwWnfB0Rs03-H!ZMZXhu%sim6fL6!|}6rv^z4 za_}R{ESG6gWCFa?E;;d>2e!IT`a-Wtt!KNQ93MN%#p`^oeq~iGo+uiR#>t_*{qUNx zVTpz5tnr+`9doZ?cjQv_ChiP1%FK_uA~#!W2U}=%lNp$9$~=YMRGN1BBnpH#ZHx*R_FRMsCCt|zvRV4{Izd~pqFV_qxEHi67C-tgC8#>r|n|p#PpNJo~|#9BE>BZ zzVzo-qP0WU(*Ztxt%sJ1cFb{Rjlwx@CZ==IgCj%B0q&C zieW*V^k2*P59u>G4N`n5C*2<8pFO~C$Ka1$rhX|E95mDZtj&i?Oj&m%i$w&FjBko3 z#>w>L{<~G+G~JGn{e4LIp9_eQ6NdvChdq+Zo|#v_{F)!&hWTvmxc!*Gk6FP*(e{G? z{>BJi(i;ky=ldGq*nfJf{1rseM^pmH_1`TohHGZ0B#NW8u{VO&IunR-%sy4(WO^+m zi+0eiLvYwB3^o<~FXsx@k}^0R1Zp9?ElInAH#_`Dn`EQrx@h*_ za_Sy%fHlK7Jv&L>?P(tx94a@3a9HDbLy`dLN3kwX?VX{cA4=G#K!w1W-K*(Tkmuc% z#f7&bRG>IZ;;bp~sObb}(eZ^P)^-DXpQI4bEE(Uq_Jo3Q#4$+HqfK6jIJ zwfYXf?Rbw!p}!G1;)TrcB;$c%pG3=5AxOvj3j0(}^}W;f`h(=q)k&}_fJ|3UhRm$MpyKc z?g@lCLGzM{^xQMd3toK?v!_fuQruGP@%L$**^f|glGf65kAE`vW=w1Q-CB`)u8=*) zB{kh3LZ+QIVxyv+t`SNd?>Huj5AO2h`&^srE&BDdRpsjZ;4{~RB$v2asz1>Mu`?zD zSoeEu-sg53b7aHxqnz7KjZ#^e0n4ZxJ#&-^JN!)SU$hjTfQxS6$LtLTrvH`F-K{MC zQ6q~1siI246obDbh=9*L0(U{o>CqJsWkwu>%n5v49sBH02TOL=t!9qPple~;d<}X5 z4emSNaAjTekFZDw<#?_D>U+pdvkJ2M4!%@UgZ7+`D%B#_KV@_AbBl^fnsNLiBSMJb z`*-k5>6~BCN&QA4jx^_moKjoWFGNeGbgy)S?W8LWMzfeAx@Q5rX%l}t9xG-UcevNT zF5pfn^=?PfFAQ)G(jEu7>qi#T;n)fM+~>e4$aL~AWuM}bf#Y0{FN?G}!9I~uT?G(6 z!WFX}Gc9Y!=Nw`TFR@xf(V4u=!U*%yAy+Q29Wi4KhW%fF6jC`&GhdM?m(?wb?5h+< zd&9uDnJxPQghPxGn)DE}oW6nf3L1_c&M;+lYzwt*qIHZge`RSa2Erprf@-9Y&jM~H z7=%XbX4+ViOPKA1wg(cB)V&JP+D>#1KT+&bbk{^Ye<>zvu;kZU{Y2QWHB{+(MeXU* z;OPe;G=32KK4UBFzFIzSu^uY>qn)H(PB*}lE$lmqZ3E=nQ_Zu_ndp{PPuPKz;wv~M$Am92Ak4@t#T<2cO4?%T7 zWuYs!)adt0V1&Y1OjnWXxx{ZHd|{i1D|#p^D%Kr1!U~)<`yYG&-ehvhS1VeowzX9F zhQ?oTPZMa31Mf&LQF+*%OjPVyRJM$V8k=4tqM1lVsEF-ap}l!+0iR{!@~e zRwtsY>3cXM)(CC@e&%_R>h#k17R_ zkhg8FQ3s=$nH;#F+p7 zE`Tfd^`8+@a>PMNzZDVYlLb}tvEJ+OOgv#&4Nt?`fF(8E{ZmPs*pCDH1Fp8S=)Wsd zh%>dosZZJOvq*z{?beOp79fx=n-4YVyu_^?4iG?wO3DHrJCaqBw`#OuJ-W%Pkz|I< z-Vt3TZnpN;;Sy-MN~}rd6AhnaPvg_}skw>2iMdnqGn%)O@1Eu-!}b3eci$r~tu_M215>eJm!Bfj*o;i|GiM%Sv*RXiJZ7upGRN)Q4MWAWI{|8gd_y>AxlE!s zjDy3Zi+VQbI26YsT0DXiU*20v0UwN{?HBx061>)w)lE9{@*aQs`QOS@d!QhN{i$*Z zO{ScV%=agGZ)?&iQ5k2u!3?@dqxU|QLplc3b>5<(gRSqGKKm6P$;8O z{i?8=_q0h*3>LnAUnK;1`dn;X{N1xET`eR9ez_}7Q^MWFsZ&IE`YS^2L{#}hVl z`>vVX?1LjTnkuoA4_$i(H(P=L4dedv4Poq)u=R;vud3^n&t01U)@Pm$e0(ou1ND7p zI#M3ZAWI&A<0ec52*6C&fV>(v|9QnV6h9G@1x?wa*l5SX65(2WEQWSj+uQRmat&1* zTq*E~PDx9XDOgpF1E*dHw4ZFB0reQF?5O<`gPKB0VT&KGb;rUB(Zd=fKKoeJuO(m3 zbbRZh5aqyInF9$Qs9zHtH8e?eR3Mx64lyIj0t(<$C?&K*1=MoJf!8ih{dbCKphh;` z4&W51gG-)Oa4FUUA>HbdMaSMu)%SD=t3I#(o6FxaM3kjZ%lVlc?w#@9Y=u&@Z?Ry4 zE$t~q-1EbjG96=5Jdj*y6zC&pc)EXP!zVElD-SrN(M$C%*C04Nktx4AC}7kpM0uUZ z8zuKgXJ{_S12~uj+1`kG`xT>HfJ3E=*TDG4hZT>7zyr^!O6v-FQxFWO&}K}gA+n`O z>8$acdR1}BYSKW{<(h+HaZbui>h)UZITVgQOs zDSQWGRsq?u7P{`%v_cT6jkA_n)RMnZX5WV<*1_A=1c^o$cfxtYD-UW@M;u;KjvS5#7$AaFw)6}DB2;y6();e_MVpV0z{j@R* zcI2|RK2d&6E=2@=YEqt17@;AJB1>~(JQHQIjvG{Nm~QBVtEZn&(o^=8R)LSWTrVvS z3k}1%FUKzh$CP&qz58en6*PZ;Ss`4(+ZGN2Xzl`0_^jT%3O)^$M__h(Y#FS!Y8+iU z+wCzBgnlr;Pc*g=;T!X0_zLgf3p|`1(TrCik^?2S}a)k3ErJItJv!r8| zz`5bYUTfyuvT%|p1X2P8BY8F9XX<9msg#qh_EPB;Ppl2av^x%{eSIEU`mnfbYs_P( zYi01;zvMrziz@_najCBBX|IE}9I6KH!!yjKprCvdeBXihbsvGSDm z7uIezdm10ZlgNKXurYYWZ$kn9_DRf^=5pP#ha`pq4`Dkc6d9+-$Ktp!$`}_+d|c(^ z{-XFJrN5Xja8`FgzV5(Z{y2yd=}wNJDr5D~`nbJL+s9!!|H8k9d_OCfQ)}=I-kNmJ z%ZaxuX7yziMJ_5=9Jehx{isjgEInb48(mBeo9FMrFn*+#-x=k}5_6k1y7tM5xguwW zWBM0g!dO7JKnU+EgX^|fnpaoNV=i#+)w)t zmZbGayeWEx*LBK28FLuyj$<*_^$*m4)t}j8p)(r9Aq5*WqnnF^#K9sxA$@&+s$4uu zWXasdf>?n}3lP#`EAirpw}9Gt(gJ!LPJC=Av3{Oa03=2%pGa73!y zwIiX(dC8Yki$HYIhRrL{ADmSi>psqCx-+Uu=~acTcZHH@HzAo#$p4!<8jHb3)DHcd z?h#!PrqbpLq9QO8`oTO`CUMC@%bx6TobKutKU&*ykJ%mTSNA4gRl$T3Llfxb7^xmV zFUV|T-(KsIyu;AR(1)_On?tdfk?u=;Vr(k)-ym#x@I;|um7CTe>L+AXB5YPZynNjd zn_hKms?THg&Ur_NC){1S$DMfL|ip*0Q~SKZ?DjR32n0Gy<^TmZr@tF zDPt{wt%?=|bHF}S35*n@!R^e<;-I)remxP*>Q0&Y(!YZ+<;uC_q=&N7=tr!mOB=>d z2QTwVV+LwF9 zm16(ufJ;?wwBUM5E!mc#yj%~ous)b83f4JdpM(^Mc^TyqOPz1mCx^BS@2kw?Zq3|N zwD$XxB!OurWm&>xzKpRZ>I4L!$YtcI{y%KhV8~PVF_99rR4T5Y#K1^bR6~;?3IZY* z^lHzz->M^@Cs-E9yS&m<_Z}=cESk!kfj_RW7>l;&8NHfZM_V*qx1C~rE1=FjvkN2b znk_m}2s{LtOOJ%&-Pkhl(pH>5M35?2{q|RwJlB&QxV@V$dRP5smq>@R1*UE*QKowc z{cZumfU_I{XJW%5tv2niPhaNd=5~-;pr;#=_796<6YKX^H08m`XtOtO znhPf?{l%b|@`d8hWZek;4WuUcgWGkDIp`@~y!0cGhYj80&4+SNoW>|a1hAg<4+G$p z7O4ls*&g#t=z2xdRuK3L59P9y)t~KGGY+Tn*+%Nk#A^6WY)Wd%IEeYcp=I;J!*bD! z!YYpL8nn(NvsA5SLB)d!gC6 z5gUxd&m>7y_&}q#BDVlOm!&yiLP9WGTBDjGemxF)>)hF9Pm5B*J_3gl>)lzh6?j7= z!KdDlF{o1+7O6sycL}A7p^;?O@|ffp2&RX`jO*YIRw0@aBZIqBrA?ea6YAwASt*6- zivdpl39Sz_OIh0g5j+#9|K&uZjQaV^y}qD*DB+QAg~RHvI6>Ldx`G`Pf%e7@l$L8= znPo4_B(M_?Jz)zXxP7XMWj^fl>PP&?s(aec*=9b?Mrw`+`7l}+Iy?J>T-r8Lnr-=q zC8l0CB=AMD$yIC$SQ{xL;AnpICZ=T`FWd!&T;x1^s!NotjYJ&!Y|&lTeu7i~@AHv) zw4f9Igictmz;-d@F64kspTY;q*cppGu4VK5Q+u#apj2ZX35vUe2-}d*3{{5QMd7MJ znnZu{m8O&fDx!e6eOB$K<=^Fqa|I^6u$5{_bf&of%=!fDjb7)=$m4xkPpETA-eJkR z(>>CfikoYzJk`f%`PT`T+BIX$r|g1mJbGK51rrdOh{KFi69$lZi5OYhSCz`~$fmSV z3CsIc+gKPGL4*~NVis*%7pL*(jle7E)tvpd7bk1fe`{Csjy^S@+`KmQrTf^|LW!AX zh~-2^nMdGA@E7$jvd7>K6~7rIx9Q_oi;3rcP3vCzw{*hp`nd+S50162iFgeMJoqK- z^fkExq!a#1Q?0ro;F?^iQ3D>kJ#M0iy3E;-3FPge zn_K6h*diDQ-wUDCU%p#)WXE0XR!VasS|A&JJb zCi8c&VI*qmJ{v$0Z2&I~RT#zZ<9u0aXl)0d0r6lhzM%?8vdcTgWqJPQ>W$LA=4EJUVW_{IppNZ!w>h%8gvamqh=%Yz;$wI|Elm!3P61+XAZ zn;%fh(nwnukUoDN0q>Rs0H$gXwd+Oyyez1XGmio+$65TSyV+6CVL~oy@Sc4Xh634o z8MZ#ZHUf;A-2m8r!RY6W-Pk37j!{3qFM>@y{p}wB4Tej(b>2NPDfY4nB~ZXc&ECNz zYT4S?J~aU3L;{fI?esw6?m{3~$ZM>cwL+b8bUx@+x8K-m?` zhu0zPrBqRL2ctXulKRA%_ISBE;M-6#1&UUrkYHz7(=CHCVFPj>MPv!o1wzb?t&Auq HU84U7#M|-t literal 0 HcmV?d00001 diff --git a/copy-of-sdk-docs/learn/advanced/baseapp_state-checktx.png b/copy-of-sdk-docs/learn/advanced/baseapp_state-checktx.png new file mode 100644 index 0000000000000000000000000000000000000000..38b217acdd04fb2430a2332946864de04474ae5a GIT binary patch literal 82308 zcma&OWn5HI*FHRefP#Psh_rMGD9zAa0@7X5(%mg3-O?ir-45M?f}nJ_NVjyuyYYUW z`}cf!Km5PosE0HA>=k>h>$=v7c&jLlg+Yt~fk3ciWh7J}5ELi`f)xD_4gAaW(u21U z$P0+9gs7T_!A{nr%>MDK9*SOK^ee z3r7Q;Z~%j}(d%Su{pxi0N`Q`TO@$Xnt>@WuR29?$B3nsR=YXyLAjH-@u&T)vlF& z(`G@G=rG^z2d3Y7$n;9t*GIp<1{21T@ux8QULJ>48ni;+cYb(;=UXPlriuCo|LxFl zFASrB0kSd1sNP^WkB(W)?Wbn+z0lkAf_{-{<6POK9O^^haqyiGvEXym|5`HgSt~*; z1S8F9?H5s7@OZo=99cS+Jo(e7Pos-q39;ZW<-Gp4*Q2Yn;xJSKzI{95V?TeKg}m27I>Yhu1eE236GCB@j8Z`L#)%=TTXo3$$) zYV|%-QX^IGAVkG?@llqqjD83{Ae)$@W_4_om48S@R#sNdcV78XT@AiCt;^aJO053E z4>c5v#O?I_V40v$F{??nRt2?1T|~4;H~+XPTvq_?Cf8 zK7^B^hqi`vVjOaHbv3)s`QNDsJo<&Cq1wwvCL^%^;l}%|g2C`UF@A>OJ+Pu!G zDHV0K;xNrD^Yl#@P`M&vJTz(y&{hzoH&U?{H-?F*sf~?SoAiW!m2r7kA~HhYaj}|e z)*VH()kUY@S5+xWFFTc?g}xygs7jTfC~+D2!(pB4^8;vM%pI%6JEb44#i~D77Rca# zQOs7VFWG*4KU$|zO({#@y1MhsgizS)G0#qx#|@ZR^x22`r5Iq9^d>3f$Tl4lA+uWn zf2KlkKcxeq@*#rK^?7e@K#<~>AJ1`<88#$7q`Ah~;agHsB}#rcVyO7|1A-|Kh@7<; zd(E`HKA6&i8u{Z_prC07$^Ix&n(S1|avy$sLZ zrS)IRorIU}PE~1y*4oh^>ULAgOH=zoB`be^IHBmRHuR78Q`j=V`+8wCk1<{CSnfj1 zA+C~tc&8a06k}MJszGjkzv*eBuDr4!r08W2CCB=2&&;Xh6v=Eb7^}1;m}pgJ3E4Gl zn+p9#i>^?Rpjq!VldLk_WhZRvAO7aZwZ$W9_9~6o;Pt=Tm>>V*aQ%v?{S*a7RHXNc zc_G1IbS=Z0aZhA@YrK@b+FRGteiPZb{~K7^t~+7E&7u!2BJ4Cl)V|_l^WE>W#UE3O zcR?ELo14|dsAT@kWhY^YAV!x=70BdOK>Cp_35s`a4^mv2f@Vs~ZE3$-`(iDD9*t(Y z`-<8mD{Rl3_6ck>?-q~UY`M@}Fq(OTl&`@swBFXH!(w);es!h#PB!b=ZWI|(mg|v) zJ_^&GNSL+%e7n+&8YAtA!4`u;Q#Fn32ZhJnFSEV-Z))~;V%zDXf@0bUCN8^VkxX8_)%dFlU;jb0|87PgTGm3V_s<5$<%;;ff#~FM@zm0N;y8l%l{JM*IVmXU z*gtO07Ab1z&cPq~W2w_tQ>FLzlu}m5cjwme3tMp_gUA15B@q6B0tgkM| z3a1F)o>ME{QTUyUf+R=1-*Tj=cf2tFgH^wY#?bd9dCq;&x3d~$>i({&8Fo#*?v%(5 zVL^%z3G75Ve3#B|akxTJ-vY3kEAsCwCb>{}>)`ksRdj{64@!D^&E zv!xScsm9G3e8>Hxlq~&c!}zS}iM6WPUG_Y?#{$#E?vN5YY*W>|HD=yyH&J2R^rB3b z-Q)IsBKi7$E^OI8r1sW9<;4&z*g2C{{+ZQyN%HRpsu~q~jCk~lNg(Zh--hfjwi|9u zRm>jP=4v7-2$scLEiUA-0$hm z`|@FlMU2GpJd7I>@aZnQp$Md`5~{=f(iZ#&S(_Q|X_lD7sgt3tRLm9#qD+~CFpA{u zQ8*V2;k(PucQ8BbuR1wV$+>BZUi;Rb}I5Wb^6HcqW{gK@CO@7OzLv!+_uDp zFRZ|`uEY-tUA@5|V4^|CAy3K{^zJKBFMUJvAqP}X^tINL+=}kaZo7{e`ait}2Mp1> zwo<>#P5Lx$+w=?HpD8S2-h_eZY3-dutu!i)FjRl9=b;uju`E z))Qq`d!qEY&SN*<@RUC3&P@yI*4ZHWj)0wJa+l#LfZ>g-jSk%9iM$i($@2*OxZ$w{ z32^dF=S&dF^FR8o*)F6$kSV~3Ww=LMGhHNM;OX0Q<}}K}hs<96e~mTgdp6(AhbG_< zI$5F5d~4iokYo*+e?J`Nt$vUPFPm$ov~z_6q_iQWeEE681yZpggA= zIhitvCGv&{b}+=Vb;SJ{*o$JWX7rEnlpt_v~fNA{7v>dATU#EesnE-n_SEc#Qv$bK@^}4nwFl5!9s!=|Scu5(?V$brST{ zq(Wp=j2}FUJ|=dQodK$Ls)a(A8`OB8JFL(I&dGRReCcu>6V19Ffa1X(I&=)1>kqY_ zEm%|GLVg@9_k^f1=gJR=)r1$RR=@kcvNMesX>_(&PHI0MX`lV;EciC$X#dh(cM`a> zZ3m>PH;ytmq7KCbz8p`i(dOeh-RfO0>uKU6g7m~;Ypl4z5yd&xyB%5 zwV|Tb;8}lmC*j->_Hg*m_ecdeDg%+QU&|&Av199a@^m$%Rnh2Hv||Cc;X~eHlFV9od|ySpl+ShgggoA6g!{LhdsC z6K$ON@~NSLH4G$A;6LL;W5_Pl4+)!;MjGHA=Lj|o=&hROHZ~6`G8VK062rWyqFJH$ z8aER})${e#@PPt_j5iWrYvXPu@xMan%lNB>QJ?{$Ah5AEASfIb1Dx@Xg{bp)>KFYY zBWoZ~A4TYNnKt5$TCmty0q9xorgs8r*l!1X>!OG_)`Ue+7~-7Ph;egmb4BrC+vW8O zALS{iosgr{id9zA4}PB?@ra;9oW(NfeFNBXMI@4+kHSQQ-()C0tg*7bCL5wke(WHQ zGcx=fC7!y5MhvB+VU+YHf?V6f<#e)f7^3{L841auXOM))j`LNI1+9Dv=kBng&oaiC zb0G|mAz!>b%hVZL+z^9I^dU10H|q&!c97yjVuj|+cNie8Hb@C(4o8CHa1ySEMA>p+ zQOHX5LgINi!&FwA9+~Znh%ru;!WLArk!HnAUdl$NRd&qXMV}*u<%UG$wK-nY=SV-o zF>qU7WW`_+XyGlt3?Q&_JSJpt7Q=nj;|oa)K@kbAsRFr~7~&9=!Mri$i063#S4!u! zdi=Y}EuvNsUXF_uX&=U!E8Kxq?5(HtjgFgJ16)s6*>c#&7570(@ka1ul5ArtJjQvF zi+%%Qnccmrx4*KFE-Bixh!LiA1L`T0pEBeT;Hh*BMd=?z7w9X#Mh!x8(K76s!Otb^ zcx)}{u|1gb4T5Z~Art?HV`8YP?t>aT)$=kW<9UoKhpXNC49iEbuI>kJt>J~?*qHm; z=n`Zd*pp}5lYUapA)sBfzZ)~+v($VJ1rSls5|hn^#0mzI&YO4$O_Hrv052}MR0l)m+9 z50R4v)@d60s)wt+R)j^XaawR%F1GnPp1jhq7YSo2wk0NQ@<1l*7#VE{e}Gy7!e4H4 z$X;5M{@AvN`ib(;qp#Ya2Mv-MWi9-K9Ee7iOI;S}SYcvZ{&1VuVE_r@#%qE=#)y9e z`Ec?Y9 zd?etp%N0GIRi~JkQ7d{Y+T^zT-Y86eObeak-M5DvVSWl;9WAt~mNWRly zmF@Rt3tn;Ea-ETw<6{A&FF_q0Cj-R ze4bAUQnZ{^^1iDF1vMov9=?m%kmbxOzA7lDmUl&_L!$JjWpJJMnk1P>1`zWzX+N+7 zx>#)@Sm2eo%9N{2zFsk+SN0c2gTh!2aZTOGzElJUwX#|8g<=0mXmKPKS^#fd$Z0`C z%xt1i_LfuYVg~oTej-Tkldk-B?k88!if=JpqrMo>-g3+H2@q**bf1pi%% zmMH!A2g9M%I!K_u=5ALC)*L#JWo_k^xra_vy1q@apn`ZzcjNmGZ~)oYo3%?X)Ijn5 zF#0K6A46`a*s#$4?!~x#bMhOEmjvKl8IST$@C=Uz6r|Lc6}Rhf4}%n$=|kLA3D`M7)i)?*(5z5<%w?VF>+RxFP{@DR`iDoY&vo+qx3(EhI<=G}oP@ZmO0UlUbK`Co^x+S7_eHc(frS-HTaUX{hs46kNEv}5oWRjU$* zg?!<1RKeh{tac1^uIDk_b|&}R6kzV2^x8SG(e0&fM7HNEJu1>tOHo+AY%ms>X)d&tbux6(ZPr-OHT!N!gjaqCmAy4Ujqm3 z50IyR?d}M5^S!oV-0^BKcZx={$U(R|6!2N%g+UonhxmNXt6X-bUJs9J4H=iNtb|u_ z+RaS`WHK{2XfdHj=JF^Cp}V&I?Zh;{vZxzddqdvcsWEauU|)HphCVBc@FumGg9)!g zs$IFDrv2&THH+XlUV>;@e08(A>pz{472HWY@`ng$M(bVe?7BW80{M?JWSMyHzTw>xTj_zzRu#@n2Y9SHqj4-_by@EQpJ$L&W*{f#mve z%fEDRASNw7Vrc5PnPaMw5DiJ#x!ga79i!~LjFJx_wK+ufh%j0ynbi~lSh);DY4&LV;uW|KgLF7p;Z zq2{FKMjuh6B7Qg&6$zRq+%4-Zn>zR3mwni9AJ7CV@Jmn-bG@gD6~1kFOvL^T-X3q> zW1MT~a}aVtq8vtO=%b8HF2GPf=Omx`;PgrV7qg$~j&Cx!`=e}uTc|WTnJq`5$Vk)- znSlZxZG-nyV*7I3DEBaq(W6&?j1;;%YOmY8&+Jg%%{RFw0o(`rJEyjG-NIbyUb$$C=>>hUjgXcQtO=|m_7Lw zj?XQ{yheGtdyLCLS*NNSmqm-Z&S%~=_?YZ!o^tW#ic}2s-R1(1h3m(-k(|WCn zX{E}0)zZ4oatk*1*CnBlu=i=1bF z4B?)`3~+c(?;yVQES@COX2R<)(GxLzr1N+4*tjU9HkrN^(@n0Wo?U~Vvkm<&^2dr* zdpbh&nS-1MJ}1HdEUBT8g5I^!9P0H#(&Q=#i`q``JkDYr*L{}LjJ{+4r?!Y~j zV(t#Dn?ij;+lOq5#5MKU$m~|VSVa~pm2%=xmGzQ z1rlZ6PL%8RoZwnaJ%R>IAO?j27Gd6c@+6qR@Q{$0hLzW6c}oU>Cb@yMA3cgY@(KzfMZ-9h}krVX_Df#R@-`VOZNa=62gS5pohiKkIr z2J1FIPXllHY9s9Fno!7o=K@Z|QJL2pE5KTG9oX>E7S=V=M~O8C5oVKjevJiZxGXeg zL(iyW0%BTYYPgJgN9UYoM&~^UTzqbYK2DL~yHHIWGx9h9SG3A`-qUBFHT+RM@S$eM zoyixCu#9Gz%fnHm%wFWK&CHtI`jNc;OGN=@pL~vY_R1>K! zzo^B1ui7ULrO<&eOE66l?GEtob1vuUclXT@Q)yF6MLlt=M0qcBKz$Pvj*80+i>RIn ziWzIS7$i@eF%OJk_{hH-C@9in5GJ*Ei5};nIu{tTZH|#GLQmN`EtPT1Ma8x8%?J6t zHXhm(#0By=o_OM>Y9ZWJ(-OT1Dq3jtHAtn&#j4&pa_}kBe@G2ofI+*k{!fYfI zkFf+^$MpNiZGWdJ5;{k?(W zv*RNrf!;wm9>v8VLQL!|?66WIxT~7l8dH?meCvpH`XU79`4?RN$@O2lLzIFzyhyO2 zpd7rB3_kHoN?c~6u#-2C*Zh0n)c7Ux;wTszs1HjidiKI*{h9ANG&e}%$$UQxr()56 z(qsiJ&-ulDwRwXLAqzhfVHaLFb@mZDwh8xn zvh;hu16}b83-3WoGJR*Tv;2o3WY}M#X6xx_J>iLP9-D^j`pg zfPwP3ZisN?R{*N6!?kP%0=4H;4dbLMlUp!qMIQMU-HfT~7aIxmzequQZC7>(?uZ;l z2_;AZ05{VZo|@D$YD%~~#~f%B4C}5?{Y*BqvC!HaaXl5ZFoyLYp#n9a+U}vuAzbi< zMWu;gY~gLZQ#i}=EK}wfPseB@Q6S>(cr*s}N;gZ!@r{f`e`758;yowGED4B(7{KvWl~(zMo;ih#}3( zP`aqe46zxa^xO<8b3OJ-zg$IP~ zPo{APDu!iE@w{{&+|!z0yU!dqFrY#h1*!Dk9xp^AE-L8ALv@Xh1K`Hu# z2!m$(==pmX9ueJyazPR}PZ;xkHfl>@cwXF?7v#(v=lvi4b2X)woIF7bUTb5?b!#~L-Av(MC z019x;k`zpzc0g8FdVZ@ff-ToG#+Ah+FM1IL5m@XBtiR7nc$BmIBuIReHS)*D!M4Py z;r@iH#V%7{a=<`NeT@zl-@V}5qay+dy7twqVvoDNlhRw2ttn)$f33%4spg=~Ch1}* zdiJF;4t=ezw)d=I9jrjV?$??Cm2Lo=+rVtSea>_pC~kh)mDXekR-x#877O_$S_nt} zk`|<@Sx2yLL*1N6x?M2UnU3%u>RjlVminv)`r2L{#@Wf0+jmMS!()}RXYVV8SQ7GC z%W2O4g|R}yc=e$!n|Rebk@aZq6S1oG88dr)OLnugpco!8PfsjeQRipTN54oWbsfJ< zhkn}40+qwIS-)&^R5;o!4+^afW532|=JzhqR0)qMrs<6G=&aT%Sl2YW+Zoi}t2a&B zrWy+l3${IL-f!b*LZY$h*?EMV6$V4*B{lb2`GM;!QaFAB_}Dc8%DP0flJhLGeIR8p z9gsub+41FB@W|tt$4C4U4PZS^h*$a-itO}4|3zP9V z!S7LLG`i<_H}D(KprkuHGGz95rLlwdguUsI<5GKQiFo~U>8SuQCNz`YvhawcNlIQWuM8Qh?puYv`db$13RuGO*T&|`eSqKZPhNvvXM{6 z1gJWqZ~SgfG)KGd0a~{{l#Z&jW=GVmc%XAg8u`2!6QsB?`)WlB20D*K#*K4X9aJ*m zMn*Cy3XpNLB}FC4G6yrcn*1Jadyx{!4tz(1%cc% z25@;tVa3;BQchL$%E6!&l5=sXDPAnlA`|x0+iSn`LqP{>3hsd`z|^f~xi7qCGz$n2 z%uM1AKp$ABMujW|C_?f9gUIfAXzDz~h~0jqNA@D1X_?<)lw4%1qJ8IuW}S`ps6Y1J z3NfVAX|-?d<#VIpV4kbvO_Oc~M&;ZOff(3It1$JtaXP0Deh|rp7EfC5(;d1J)6wA} zr;Y%m0&JDJ=M?C!D$h~c@zOdq;GZ2sahjaYtpOhS7#{cZ6Qe2}iZQ9vOr@bPqiR8v zRV)K`2t(45kWJ5d`1ueIwg)Okpu!G{4^p9C@W5X8s>DMjw_>txh4A0SIR{IkRv_s zz$_$@&f#{balDR@b5O_@@T`#C%r)#FeAP`%cv%gKpgRbbZzi8}!KU!Ci>AN{;g4dC z@^tOd&L*O6P9T-QYehZ|5T#?Ep$Xu31k2wlec^VGXTQE;SU{Szz5q_ zVT4R}nUM5UZBYROD*M{(?;^=2Og!mH=ru3DUa*K?w2-fQr+yN^VVC-Cfmmx~YM;19r%oxMzfD9wH$dq}o&CcL| zeGsNyC@S%x{%Rordw|^)FO5=6f(EIFB-}~L(5qb* zK`bT4ml(H^BvG}+pCY-j)yL^OTIwtn9HSsMZy#o{W>BKx(! zg$ZOLpo-xJV6r^+cY=YyStV$T!myBK_)sKdraOCkE@D1@lzZY5z!DHX_G%*d8nj6& zz+DpQ)*g_N+CwmmDEp&NggbBGWn1Q#0w`B*rdq7Wul);Uj3-Yz#?Q|`*ggOK})0P|M#SP|q&O>x; zL~G8&hqg=CCrvU78-r9)xbZEA zb3>*B`xoj#pNR6&&7G&BCnaj~w5LMp4~NpSQvuoKkq-@O){Be7$ANYLxekc$ERO^} zgD3)90lzO3szg<6;lVLnD4SX$vHGLNcLOunnT{eov--8+$Z=i?L9nu7Omr>3QBFBR-XnajYwF1%+3P|#g^t=YnR*7J|KYTMp8)R zE{6|#1mmbuv9k)^P3AcH&bUx%R?2N{SDtwefqGlMfTswVu>{D)KK4!7$(X4NroggjFS z*+y2^_e7ixVfbtsa$6Ig6EE>w4!U0^u*|lj7kToP;Wxek#poAwu8o$P(^+$4j*z+I z7bsb(RASi*{~zK4#1ub$^~!iIcW|*MUye`J2YlgDJc_}tWGuUcZ(#QY1h2u zDyBclh00_-^UvYjx8^$>MIt&Jab|bCk&d{ma9Z#`==9uFYt9|BCSq|XWVUJ}wCzp2 zvuhMmAg*jWn`IMzZ*bYJrKE#HOznxez?{mapJc;lm;5-5y}2BHDEB5?bzOGP z2h~(=KgP*04MXMgnyNvqH5))e0jZ=#Ama$I5|z0Jl%oKWW_xo2So%JWL5<`XGOu2f zSdG}`E}Nd|%0y1v5uK5IB{tjH)))Qhb;*IjO_;;k#j0zvw?6J^+wQxU5|^j@G(c(` z$6ekm6Ks+3sXnGB=7x^iaF>mQry}`_8F_q#{-tb%o@YhGMwxcATAiJ@651&RUOfbF zsPU>o%uzWLlW;)39Z5fbgjzlS{dl_5=?)PQZ$tA~$w87@(cdD%yvK92_kA_ANVF#= zU9#$XBq0v>5G5&8TjGben6!pr50cV55sUp){?%Gz-<3ZX&WBnzgex0L=?|b2Q33HC_#uqm~D!(`lnD!br0HqEn`%tZE zy0FsV{-cE}slJQ7i3++I(3qRc$X`S=x^6aF)LbO(G=oy^sgH^5;~ojl$ZqzO$X^h< zV!0^n&5M$Iz(2ms;G^8TmCCx33EMKuKRXU_x|$EU<)~I7zv?%+n;6Vt@x*)ZU=z{vn{fA~ zsLR89l6VwoZtBH_)3_8Paq|@I8vYzBr{`#a7YvBa<1${>ORF=4ULi;9jcVf2C?KAoN z)Knd$I06@>qnf@e{?mfuA$8xLcaqp{dFo%q2Vdon=h4D<;|`o=^-=SsZ+ft7;s#vr z#iz9kc_SuU0=@B9ZbZWs)dHu#FjeYwY>8$W<(MYD70LY$iP9$O5wg>V_>I+8CLwY{ zG)k>wqC#5rD$f*1DOGuV>HKdTHFSh81Cq*)8w4glhqW|sxbht@3vJ$As$3ZDI(b@; z$ZSHFxOzRkg{)Nblg7NNlLgdj3tG4w;iPxF;g7TH<%H(1D;`_V%b45Fvgm5EC1XVz zqz*HitRzNn|Jg&g3ojCwu8GEPsQ*+I8ZU;w)}4V!tEoG`45KSYi%C&Q&Uy8!=hKYv zLEL7Bf+qjjI>pFMTF>fN>C#?2tPDAXQwY{nl4naw%gpD-q>}3f0hQ)9tI35$?{2Eb zn~ETVS!R5ZLLje32RduAPbTZF8j5Uyx0MP6Gza-}c2k+#BrAPgELxB#TB@Es8LgRC zeH5hFCBWV(VY^2pY}_ErY(3h9u-XM;^CYC;rry%L0{M(OwjW!` zx~rii?7f?#)$F#HS`qK3mD6iIbjU0IetPM7rJ()FzkJToyUp5b3)@AjY|dVU5JfvF zU!J=+%l#Hp+TbzQi_~irXz%pI6_pAfAM@kkrl;;=g*j;3n;mc2sG)va$%Es68rgo$ zcq-xEIHuKY8FXvKB867E%3Vf$qXo_XlKaCf&)T*CBz{8S1*pCu5zHtf4wZPcf8 zvuBP95i21v5>HQS&2iyyw{|hu5|+ad*5dwpt1#R06TUM22ixU5s@ko{U_ehJ{}yw^ z{D()PTaQQ1{;?b>zBX2N8fB@*@ zpUei|z4E(0Z&x)3<0=PWW?}jJ@%d_M4qUYBy*bN3KaW}S8g?#2{d~$~OSDg;DyH_~ z1X^Ok+K0U2(eA!Z$x40a#eN=()Vgy1jHH@s6LWn;Adtsea{@iW4PI=US21h zf9N&#*RK@$imh@Z$KNMLD4Pli^DwVz{lYgM_&xbLoh#*%U`{w0j$IqyDJ8Mq!UhwE zf3{2u%YPr-&hv2ku3wYR?D3EmuidAzH2$0P>>10!F(Ed2AX8Q#p816|Pb+__3-_C4 zoz#jdWrw ztWQ_IJKXq10B)Z~V@S58W`GO&%pr7o%SS&C;d05_=(DLp3cr`zAA41VB4MeF>@h0K zmGHbbZo?Vq&gQh1#}It0BPGcbjgqCrU7jf03jI-Y<|fzui>Es}s%g=%O=ikBnoH0v z^>r>$rJE%kEqU>~t&cb^bf=c~6FWA#H+3zDzpg~Q?jhRe{;P*((|5a?PD%&p{Zh!I zSMJFtN9Jk$knXamcs&!6eXbUlJonuHVfi5uR}WiK6<8V*;%j z%i$af|7*uoA`bI6SU1BP53kEb-uhKf{tr5OE$EiBRo`3@O)4bWms&|vsQ5j-mK)fU zbKA)8Y7sXUcC;7Db=W;;g%-|k*7q_PNcK4jm1J`?rDRrnK9azS-?n}El_C5S80M9I zIj2us=r4cg+Rf!eSMvB&9k&K^!5IFb={jG;@y4{`f=+|M8rvu8MgP0#U!U3-l+lwe zXkuasLG8})=`1zu!G?sibjIknV24Sr7#(^WTy)+DRI<$LC0m2IrO3s28$PGrfC8o7 zJHMOn0RyMCKTR)wJ!1c}8|@@sKoY_*Fg;rMYrr^eF_50zIHv0ns#MzZ)=8+ z!-k!f6{deR5g8R+tu&&U8~ALHZwi`x)^7je-Q(t&udIM5So;%#NiIr%dUn?fdv>C5 zMIS>RZ-8a}<8S>$hW-GAf&1;J#uMi0R+EgtP{-2x-mS@kzFWcO{+TRl;oaC~VUvPi zK*sh%)#v8unadO`fJ-r|TJHo(*U4$Qz=ZcY&mTufLxH^Fq~`TFn32hsZT*vAR={Z>ECyeKfF?Xk9NFb5u`fneo~pV8x5rjSB`(?4^xp}+ zv^nM(HCdOXH#@Qj*0m>d1z;kshsK6zI`tPxUp`4cKmjRYT-u8pB z+w}1nlt+^?F|&K1xMAuW1u2{B_5EPdZfSD-GvCl&UmW%DX8*A-XTQ2JvU&!Rd_ry) zX#2JQY*WBEe2*%u>tgC=CEZE6xa{Wp3uuo_m(Gm~D&dWvhnsjTel&2+h7?T(3L5^5 z6huom-&~hZj_fH{kh83q9u!A%*{}u*#MERkeP#zZzMo0-^Ioujq+2HkJ*-prE%YcB;gDg|iF@kPA@ zOR*Wes#>rXk$JbRg!l@H>pUG^NCHXpXR>_ipBYLomxDi&jg&{x24oUjUj9C|bOrtk zQGwP2*&maoXb<~Ha&|Z}h(QTmlF8@EZkLB{zx{|{$XEcVZ!ElyH{u!PQ(i7$D^;qZ zc8Uci(kt~9Dd#E1QV1K+`)g@&z6!n{a2%NVD1I;TQ2?}{u~HItgzCP`cw{fboi4^_!FRh&YIl! z_sGUCsXiE#Vmzou?h3;Z_WtuNLYht~yM;NtxmX{Q9RxwpuNUz{WZ+A+`HDp7Bk~>t z9MMoTtQv3J*qyV^#t-&R9Z?`9f5_ZXfFrzftLL=J{GuoJ_WcC$g^t)Gm*=zKIpipK z9gK7%pRtToEht1XJsH3N5ho2M51p$;0+G%5UAK<4d1KXkQm!!`By$*t5k_U;(zGAP z>*j%@#fIVypvXiEB))_BkED&lx-?!?F)WwoW?-O^-R##VM|mKI!boN_6cVq{^RHYS z%f3KuLQyPj-M$I)&Qv825pEdKvdqffu;7WfdL2GI-6LR)S^+N`hQ*FMXo{$m4(MB`mX{>Zhmsi+4=`L`iD! zI$@%(fA2y6@5UCW*oAV*?=Bc*gp|cS5N`2*_yZk)Xuba6CQbk@3^dgM8<2)NzV-C}gK_jz z&yXNRsu1}NZq%#~_!zr`Ks7q+H{-1?0xlN->mY5r3Eb3EAwbr$a z@PB!Y*1Y;N-g(4<1OPG5jgY2`^6e1;{;EIn;vu`Zmx z!E2(+6l!lcLr9Oz={w2uMl*h{{uX0JuFS0{gL9+zZN3y@(Ke_EU z^)hG1KW{2fH2!_h_5Je-XQ17L-#;&vtK!Z7<0W%S5@-^0MXnt{y#d20LN?9^D3?|m z2Paw{NV@!h!cx!y-15I&z25{e1;9JMMQA-g27)_#DK)U5dm-cful~Ekhjd`<&*s&y zHUJX07zH?89xLjKcMAHEyouWZfTtHBcqj~v*Ev`qDok~se`LUYMx^wi)llsH|I(?fkNv-1lHT;pk!}*H^nNu@{D7%G(RNDKy~Y=o=}l<|EG0e{ zAUfuoB`<0kwX!7#LfOfn$%QdBe9j9Lx0%H%`F)?5)JrlFOa02F|E=4QpaIZzvbY!G z5;1zMUMDg@^%*Gg7W<%vg=5JOh~rR(LXQU%g`!LP*~e+W>Y9fA^09fE_-v0uZW7V@8blBf{!;x ze}Zmxpu4-s7BF+}fvDfDS0q9Eq*@8ElLmpM}KeHWUWD0nyv|X%` zTv)!g79RV&XjjWa%F&vp^bAf8A<8@X+8sGf#5QaHx0eW2k}YluICB zQ)u$JIK({Jo>X!MNvZID)^%}q91Yl9gy3%~aw@BS0$cm_;UDl2Z2JB;C(dB#j(EP^ z|BiW~t`N3duHu!&^yC_N&x7`8vHURLR7@$Cg*kvBvhzRPnXU$UxhBAIpG`|C|_DX(0ExHY6%1(U52>wSSgz+H;c`GwCraY*%5Skh^ zFLrlasamLL2!<+`FTm-WLn+ZzHm~;2v3oIqTxYdXA%lCD3{>OQ=S-?YvR}q@0-2t0 zViY+Oa~3?jh_T$#dHAUc*x`zV+vXDwc$dJXz30Oz`Q{=J%)O-@KzGI3elnqZ1youZ zKUDiKS3k9+Tice1$T5Mr@`Nqx*%A>5!Tl(DzU%gcryUsCgVdEM{KtlR7^J)oBIW~` z7f0ar0Q(M;9H?2pzoec@5y*T5?jWnIw6BgTCJ_j@So;cqjZ6cp3BBL-1Ja-sJ==`@lpb#4Agd>-jHMl51QUC28c}!vT)J*Ln_&Z9rcmRm{(_I-?K&slc+^gl3%J1z z(2(4L9Vm~Sa}1kRJAScK?IwF4sev7g4u5}(rV068?tz(neD$G6nR_z{Oivh4$M~?4 zMwS+13Mx?3qJbcJ>wY#50p4-o>m28*(42RlPDO?o?q5!TcW>ax(LyCdg+k6;JkEmQ zm?C7^`}3;z>3h@?5eKFxWMsYobTDi?xx3xJ3ql0XF#q$VAdx`ustASdSc5n(>`>uHLN=j7(O@(lH2Itwihl|4LFxTl4TKTS>jP2} zuHc)?G)DZ2k=uX}X}Q_lE6f{})0HLMTq+EkECt9x>kU9W1Qlt{5d7!6RRe*_S?m6F z36>*p*+IsQ2Zhl!nk6FdK+ctodhZp>j|w(#xW#g`pnn?3_UGb2)V$bAb^|ZyFhFJ1 zYj^=XlZ&k7!d!piSxd^H(qPq1020aonCqiO1jYDsp4LwEQ+<(?K)ZIPwpYEnJL0&* z>1l7Lq7uL6HSnL@kJd*6bDb~`=hjL$_wpQWj{@Iv>B_rVsgkaCr~nmJvhNMm=ysxE zASh{4n|JGGHQaY+P72Q7gF0zHUn1hE9b2(MYZK6EOU%?-(}QW{7(MrSSJ|x%An2wB z9tV4=RVDI%vSL?VAB@=4t_)=9+BGpQ7|VdM#MS$$X`ttRU9kWrgk_mD${2t@%l-AU zhdS@g@i7{wl>}fPyWi_Q37++F9ESEKXwz?wh1zCr`6%v zqJO)RLZvoBYQbX}%M-{NeA2}?^nvFtvG5c7gO1H<(f6!(^=Inp=P>dFaJjJd&U}T)&us-^5B4mK>m_r$AlDgMk zgJa*p6R0FR`@GI?xld1?Y@Uv4YpMcvc@(OVN=Ts>oYd|%J1f2~e6}j~&&b)7+8L$2 zt5X6sv~->{dL3?A?pf0I2(L+gFx}XgXwwS7U@+3)3fa^x(W}{5re6Rm+WX+3{g|tn zF^9m_IZEXwT~O7}4=k?_n$Fe>hXGXt7eYeK^J(Kp%rC32 z(}2=dh^hd}UxFt|+uMkDj{?>ed?gK{4MQqTxc268<5pLixPrSqZ zijRGD;p*}{4?q-qYxx;xLeyAk;1xW%)r;8glUPWqNffqvA?COeo~xcZhFD|ziSUCF9)Rhn!jIkZ@*)+L;uMCEj6ooUBuYe(HTXr z1};ILz(Fu^9n^+N)VCsNj{$4n6zJPm>)2h^M-A4fo@7=4T2n80_??VOJBc5m#nc{I z{;O?XEb#{Mncy%adYnuB4JRv47R>v+4^WI3dVUzIrYE&Cc6d5gqECO!LG|hz;Cui! z&!ed-8!KeS^THRjXgCe4I0Yr;-OY6omvtSFr3lU$;=?W`Kb5uNJkmn&20(_le4R)>q|`o-_v(F33Zr(lks1&-M&0oj@kRo^&?3d zr+4CqX;1uk-!lo(f{!(}Bu6H;CS=TX=nOGgFMs@T!8wo_kqkW^o;y3*;sP0v;8YV} zkdODxd+jugHz#jM{xg+Xl{lO{9k{%67Q*p@OsLg0^5Z?~Oydle)zUf-zrVjJDW1Db zjnI~*NqJRC?scFZwq#OpVpqdK!OMZ7KU3h$}vW6D!pM)t4;Te+=uA(vt2int5sxBV~5xdcHND9@KYyJNEZQb|$IQ zT_7hi@QI+v(+BUE1hKe5Pabsv4oeoeUR9D*B?^e$f5?K}?FQI>Ck7-Gb2AY^rVMvB z4zR>?A1u}{?&7k7x4XteB1Z6r{^S8-Ia1he)%C2~ys%xnK1nnYN*YBP`>gnl@N&^J zd-jO<1tgfj4#cP|*4kr)hT^AhsjiYg!`Ol-f(1i!o`{n*Eljj^Q@Al))Bx45(#K3>~a#kAY*4`n+{zxT`&}gQVD}&sQRr!|l1Zv+z+X z;Hrx0N|p+^ZGgUd++*eF>dErcA^Efpl(wy;>5b)x8mpXe-=)NKo7{#!}V zq+@0l2(v|elO>Dod4q?1iA6+M1F*5L>SrqFz_B9BgI@DJThp@a@>5&{mTsf>>8;8k zkxZqA+(mwZ%%HPUY7G#pN?WZfc}e`RA6pZIp0<(6STokQ7!~zA!=h4@`xQ6n~^QLQ2aPd&lqt8{uOdM$DtMAOcbW zr{rraHERe)3WNfkEdgt6i~ZeQ(ia9+eHGx>~G_J1TeFtUB?mYxM@ z^)+e7&0MbKN6tPhZ`o8OVpYtRBt|pKUDm`paqJ)rws9e5HV@mCLvlYI$GsZp_>{~G(F_|t3%tFz!MLA+x zN!32s!QO+-5O9S?c##}%i)?IEEBy<&A6yY`1UG|g`x7y@47E9|Zt;Z77w<>q;6Y{q zhl+qs5*$_w7{G?%F0n+Kb;j%mvjuBEX2N2D%Nt>Fk}^AtOG5=r@NT(R*vwxnV79q=KyZ z*`Ox~T;$*1)_4#t>4Hs-$nl>AK2?!H(a>f>6Ff6}c84h$pyJ!sPdTBNX0Y<02f~wkVeGI>~EJN@9eoTf08C&Y-Y)i5(=W7BFqkxA_m#*ltAAh{qCE@9(PUu_sfr}> zN!}k@TosdlsU?@Z(`Q(6_{SGxhi=-az1L}dXvDMEw;PE?erM|K4A#ed56$1-f96}g z`Hp{Emay37j1ks~B%q2Y!YXvthno;|s)VUSoc)Pdt6ykxT5}vo{u99ETS_L7wFw@c zO56DcfSi;aoW>X|_DZ944{fZU4$GYk&u$j_+AycU>S`Qu`wj5R!sFVYVS5|^BEf56 z_uYkqda=VQAd-f^*l2&94;yTeGcT*GsBWx53uaR(YU`2M0{ay$bvI zYfaWa|H%C#pyqdpze7|ZY7t|K@2puuI>mEPAv0AznSr9Hv9({Rtw<}0F^By530N0ZY1t6s zb7H|FhehKq9hL@_r-~*{xLz+{*G4Avi}Ti%{GP2}l19E`C08W&=MiEn4~fFo&t`KS z!Im94G@o0gU}@vg+tDyLe@|)iX4geYnT9$J_`*40s9}9)0{I56JbW5RSN}iqp-%Ov z@X#MeIZdutbtTVoe9)n{DiwqVl(e_tt2^nd4I}9#^ie=*G&K{*>qO_@F5MhO!LtTZ zjs0Ywv50N#&KH85)}Ef}N$BPWyi7$8RrPUEX_;o)%xhr}EfyYPGHo)XeNcc;aLya% z_d}cTPt%#w<1O(R){bFuRQR(@z=Sndj-*)}d2FMZNs*DGaP|hI?ERh$a85XMyyGyp z&LM4f#UFy@vF}P6SSW~wI)6(D56M459=~FfNaKWiv9i<$bR~B>m|xzyk0@Cat||dq z(Z|Qzv&-33=^|_kQBraEV@@z2VivIb9DvY-B77<{+vwkq9l`#{Dr6J-=WV>TJzFbb zfY0qTp7TJtF=Vpl^YIh`ENMi_pVNBnXUzLk-krVAQP3lChuwAGu0by~kF`R?heRtE z&BwHNMbe`P21D)$XUj(>i(VCVlxqB{`)L@N@eSfHmwW5vZ821X3;$IwzytgiI+dJ} z8jYNT*uyFVxQ#T_u5vP<8hVV&UnJ5qirIDd-XvPPLzkxi?Qjo@F#c4r0^k-bZCx%#FZ=5&I6i(&0HuhlPuol@*AvO;1wvCfyOkg$ z9sWup$V7GJV>f;+zlPQy_Z&?feBH@@LKTPH7`+&_-{Q2LW*he6qlm_d^h%Lz#3ri} zJ8^!}Pw74e5~18e?AnPyVU;=m=vnbJXK|4`=_K5Vx!0Q|Rudl_upePb-}l`V z2s7(5Jiw`a&82t;s$SN_IcRKaOnrbq>{G^sWsH_NmdK$Ji5gbYnQ7o|=20w>?Dvu# zoEj1C5C+d^AMgbe!hyj*;dgs&(m}`UYj)wPfU6~ViZZgruIUrrewQA%-M#;)Aw8Y* zpv~6XjZYa#u4^6~y@NAWi|syy?A(SkPlA0KcZUifqC8?wG9ND zQUEZdvJ^+~p!PMwKTP~OL5)(*%_V${q3C_w!JT8%@24{o6N75mc z%-56lpTM=WRhE~E#Zl$?M;JD{4XLyo1w#j;N&b)WwRh~iRaIF%mkNA@%BiAhUNy$5oe0D$PiM>nV-0$ zyI+tF3%gmgLxOP6;WB?_PHyrtY=ObF?vyP-OM^|;&iRwb)`rL!u>f2WBYRRC>{kbA z^6ikWFX2!P?$no9@9#7xHr7eJ>?j$>;ZUh)Z!FqrVMHBpubWE|X$aV3>r6X2BhmC? zE+9$@Yq;0Uts!7{sy`4SPv+kn9kxM>8+V`Ce*jx4Gks}>sDEnct1&+Z(sk;t);l!s z!dl^F62+14>gR{DnSX-NWL-0}aIXeEO}#%+i5uWB8Y27B0R#PFfk9k=XYD%i2_F3E=paOPTxuI z9|u>oasBWm|Cu z9rT`BKHp*lttW1=WbJ#01F3)MtoY;zO+jiPTUt`UDq#M{{#N?;-PsVAWki{Ip} zL3IUNEuS4$TJUPrR;pEo&rd^dlOv^=lhuYosfMAELpmWj-UFAHgLh^lCTgfEu}Wur z+}wwW&YyCM92}&zp(lvwapV-6y_3U$Xd;=&Gv)!T{sy%CVN+@TT{im;gdM~FJ;*cR zKLDlN4S#i)MoD`-u!|~dh62F&Rq03il=eBGE~7#6U+5!XP-rYU?|131XPzni=`Pep zKU0y*&9x7=~CI=Qls z{i8QpGFaGOX4kG;{^Hf8MR(axe0^Bsgr;&`S-Qw<|J07@t(w{_5q|gk4yZP%>Qx|p z+Kw8nY5TV=Hs7xn*bm;VD=71#t25(=iaas0S_1f1N?P4ST$EGr#GgK@Dwi+#>>>0>+oySg_qU+lIE?^D5w{v z8yd9vzN-^=)4TJ<#wHSDwYYiLRnuvE8>7bXZ?akJrBA`gA*e9re#<}pj?;28o4b>W zUb)2VssW#{7*KOYy05B+qJozsWk>%kR-nsEeMEGhI6XwK+kYX^m3DfS{o^kG8P1F5 zo0P84bwuR%TQZt=$ECqYBQ))!X3}ZR3iTZTD;Z~ol`R;R2T^B~)ls7ObssH{I>K`I zr475bHV#oiZ`06)CvRdJe6KD}9Zz>J3q15T_%*72niXxP zbh=^`H~hCjeootc_>+%wVtdl%qn+KxqBnb0xfzM;OZsXF&E9FxwDJ2uKPcRw{C{Ka z%+H8VaKw=rZwE3KV~0RqN@BjckmRI3I_a@h3-DcGcfzk`;09}Fq?>l$eA zqP;1gOn*n6;kT<|-qpQC)i3DXhGwnYiUO&=p`b{W_*W?u*J2;T+}WN;nv)_HJ_@mT zL63@BZ1+4<)>l+liiTUBwWpdx->q!kI_qgktq<`9_7+ccvBIUSbB{zOI4MQhnq;pnO6hssvYFZ;x1d5+{qX zk_*$o;(%AFmZ2$tcnnT|fHrze97lUD;fimd+NQwf6?%)W?X?VikEqXqgM0{A7r@+> zP`118SL$P=jo4NRkK_pteja`QFBGH)xz@gjBESb}XHqkY%d5XDFOR`TLD1hM#=qgYQE!G?fQM+rn^Ebn@c#qtm z=6}7JSwDHdbC zKnX^RK`98Gm++Pb`3T_0z}tzQ5P1hKjoWOW>EP|)k4*`6Zl^WXgBL;k7c)mR*YT`X z{>f7eyZ`?3&`RT7*D0>)pfP}JSFsdz-It#*Eq(lyX~lfd@yvWPSO48W`Yb%fQhVF~ zG1NUbBQmCJ>6R8^cj(GCP1zb3FNZQEw$?O90?{DL)MRpF@Yc=%Bf%hcmc^0pvi1GV z0EA0gkCQp^5tpwkhRN>0cbU%J%vRz3Dr+VXc0*6S(8sE{uZB4IXdul-h&&HEP1 z4k8p@pC*5!af&(pC?#f*fDRLUhauY~`ebCj$~i#2H8rXVT~Z{RT77LgXE#$lq&SBp z3=tOwJQs&u&MK^X?giM@MxxM%>fbcd2LSUY8BKJu#K`K6#lwuYzE0^!1Y%+!kF60aCX zD4~#qshWIXfZfTDjpcqGQvrc2RFeO}{(i4M1mEc7A}`S(9zYz)O}NkM^SVwulULL| z0Vva_Yefvz0KS3!hj6W)X@hL+(WthdgdjmxLx(;4OjQY8e0kL}j zD-Ak6P&3tT>&s`76n#yvqiB!~&(;{c057?B`d;SB&xr1M%-%n89~ zU>=%+7H{oPIhPXc<8i{gvI)m2jGIFh3CadIGrZqAFK@{l!qO^^v1JvRR3zR;gLrL$ zkX`Vldm9-|W=_6G8y#G;qd*4AxBH&KlR2PfLyzfg2JSlhZ55VboW4>NVR%aofo(x* zvEF_j z+W+yT<{SSOL`Rd>)wy^m)xA$mS0*2&U-KU>OtkyOa9%i--m>H896L%1kp zW`*Ci@BY#3>>GHeVs69%EvwemXyUIUL>}T$5#K%~fboj$abQrC$rjYvUOwV2mVib> zn*H)ca^*dsHryw^#L_}O!J07m*w%N^V)+Xy$V|Ml>&J_@H5_-pNARu4-L;_le&uOF zO0zdZ^FJN%6LD;r4^Sm3DzWtT7Y{)bcbh}q-&nO@RM}%sOlPERq^ksd{Go9k8JkWB z(=H+nmj#%3|FRylz+WQgqy*Qfn0>LzOx#cVJ{|B?F}6nojTZk_nQ-wL>~x6xghAc< zKkI^@X8)@+ns@2uMMM_7b+y4SZ4rkfA4sEZ5K!&{zSrfZ{A&-~<~;Hj`u4x3|LR4U zD9X4y+05@s$aS@nlcWZ)!Jo)Rh>mmXODyXnknorxYb4ii>#6u8Pd5x~=&400+_`Ua65>URm{eH6ynHd zRAi#50Nz1Ps8kPG3c@L>vHDmXh$K$-=%dl-ds!4XHi}_)*g0Vn7QuBM6!T`##=vMF zX!y*co_6>IR+XZ&KPyRxs~`?ZUDd;3YSkzwQ9Bh*++m<_dp&8Y zCg)R?SmS;0fO;e3!tQZSO?X79dx#Vy3W>sfn`6+(ds^OWpSNYZPKW)k;@;31rYWBJ zTN;fwVi_A?`B`+3;AlDp>|n3nU6%7J$!h{%tlnvAhQW0ecxi;(h8 zY(f&{^g|kid+r4mF5-1brh+HE29XBwno%?4J|{v7;UMDE^9I5ht%9{1j2litI@5AF^@o>F|#TnK5*-q^^>{avPRM?M;$6Fin;fyd(uZs z7ykHQUg)#={M}jgAwN zt|XkHNr=M09?6pV-`W}s{7I?NfGyfgAra3Q+z>GqcLix*9DFOd&Y=!@n5+O~nx%tn zD5kmUgc5>LtuP8mk<*6l9PByso}4(X|0Z{1AoN(^m%~+rDLZJ(fc3727&&l8JEl70gB;o0$yUHbjz;Csvk0g_hD1Wxg3`&dMrm|fcY zHWP8wM5A)o9vT3mvP~H4tiYSlo!%F8!lf6>kt z+OO-|_b~2-pKe&2p&;GKGUnXMd$8~mXD$$0m$jIQEqVv;3HL_ZY9j=jiAmxda&HP^ zNXpa)1fLfAYSQ=R=}4i1eqEEzW#u8FKY*DRa{6CvYp_$~a^Q%nE<$ls*uESuNnp9d}qc!wZbc&FE(to;sd(HTWR1yNx$i9^U*45S;&Nsq_ktc*@? zkA*fW8f}^*dJ(xA#Q`vpFIbAmV{+Q|^rHN1BZ(_Ed4i*- zV!!V;9z(YJ#BmUrG@nQnb6dqui3TTM)zc5Rcwo zup=gXheaEku(Zc_2n>W^HLPdLy)OxQN2}_$IV_Tv_;^K|JgE$tR}I+vTH3)|pk36DWfWgA=m&p^ zv>^8Bc-`7!%7A_8;u~F|cI~j@Q0)+?H~wJP4FG19mv`~Q%dotOD1}x$D}P$O3Vd#8 zrM*cpkJ3RDq+3UuA&y2Dk!q2X9!xfigLNYv&$azf^y5|B-eTIj)uGaSe)W@Oy(9Ii z7A5QlVoniaA5C_?7jHBuLX)qzS9uP1FD3_G#hA;r6ZvhQEu)V5?8e1sXFu|I8&)eV zETxi+s^95$fsgL=yTRh*4Z5*n8}HyV7>@4k`~;Z5%XyUoee|>3S8uv#`H4?}%j>;J z^fde5x@8~tbIH)9xU8|F~0|h%ypD=#O~Y0Jlz3_)HmIy z=Rf|_`6Nf1m4?#jmxSw_$;Mhc6>uwfkbmq^2&UuLJQ)>TARf;`XB^P^nIq6JtqEz7x_(4?l=ahg5_jK7H9Y0v-(3+xb4w0aLX_ka;Fm z7$USE0Wp}UkD>^mM#9a0JxjZ)72!nOy4~6Up5A!ba{M{A8<d$dSk=)@}_7C zja+#;1;~%~a|r<~tdj7mo>Lwy*fF*g-0Zi91RUA3Q#lVD0R@5A^h$Z@*z$K-l>iN3 zO@tk=3)~O&+!m+Ftnwb}m__Ak_=sH)+`A3ziQK1nP9pO%DZE977z=RzyB)<^KNKI~ zWC5!7<-nEQ$%13|9|%FzfG5v8Pysh<=mQ1yel!UccP!v}(b6mldC?Co3TE@dWz}+5 zfhW8O;Tu4B(fXFrM9FKQH*q8ZEQQUi>=yuQL&Fg`&PD@RbC5+Vq8Qfpu4eFWSnq#_)P z-hA371H$$46(GmB;Iii?VvClb@5DK}f)Kwt=#AKhDPR)`_+Eg(p(NxUIbVmz zJqB@SKBjAsMRU;QW+ntCu=b@w#Rffc)EoFjRZmEN^n7{;3`7JA12q;Z$G+$U_}{eO zfhDtL$AQic$q+SAZ0d85_=d%ln|ufy`2j11%MGyIZV;Ut&Q3zr5inBk0U^42W!QgN zXzG$Nh?@>ib5{b7RZ>krm^1~hCh=lUW)xz8=<|c!u+dw`-0bU-SCvGGul-90PlvB6EE`DM5|k%0G;e(XJ(r zwvSc|kJWSJLhrb$gndh13xvDK4~OVHz7z6ESLbn!jyMo#{OS9o#qJh8<1*ujT+y&q zRZqFf*!e9uR=?GNp7lCPpY$52kj{`6_L_5Ru)0h?-1cocl-%(6S|=zyZC#=6!XMEu z*a1lb?!(Pv4dFy-kM;36oF7oydL^;Mdg497bpGSrR7==xAHAec}*3}-`aEf5X6 z9?!b<0%w^y&T5nkPg0_d~^Nm9)N_@_k|P%w2bPLR|>Q|rj=H@8H()xGn6u^78oC1IR*HQNz3udl+R%1gu}o`$TXuF zB$pBVyr63$-3UU1GkNoko0V2?`hN#&wp z9d6nx+xz=lv#Q$noWbpj1l6U)dqaA^b9KgsjTgzj8;5zvjMHBm4jB1gR842eeM1xS zW)ECnp=~Ukn_J4C7r${hCSSX{=Jrxu)l7Y$PjKt=hUb++=YZE-Ubs*eg=l?2ZA-Am z_t>AlqyZ1)!NXBv+rS{Yn#oku~a8i!}k@P$egC{#kOwE#=6?Ot(1(vwU+o< zlAJBke$%CL8Zt)a9+;@l<%d<%9SyI7j@hmVswAG3R6C_?HXb)Rb`7en#OA~#E<0(8 zf^pW~uLI-!o%u7GG~l}&7}}o&Tg{ts_9-)Sg`g@P#r(!x&8E3{>Px(NlQG**6!}PS zJ8>E?qcW~@=3!zv$5;i=^P`Kd&eUqWR$v~!S8%ZlyW*8VW6|Fk^xJDHm&w%7PlR2w z3-v-TXQdQUepzpAU$2i`_cYnkJm3Yk$~EYN_=+=9o@I|k&_3hJt!AU=T^_5+cGGrj z#tT2LG{Rdh%N{GJvh5wJVvU5x{Hu(a(-ncq;%Cdl&krv}4SO(ZwY`*X8g6gbIzmDm zM;__V?hG(_2CbxzXg?OQ{nW$8lh_t5p~^_-m*ai5=(T-D#rgBgG{JFPKDsZKBkWgf z;q_rS*MYFf(nFM!^9m7XuZMzCclx>LXHZR~&G0>FtZ+1Z;CC}HXL;gQoQFe?dEipZbQ`BJMQAw%+yOh^i#mmMX3zhk)OQBS?jsNC@_>#OsNufLkP zUGuk$^IdmxF@9M9;qt!bi*BEs5{E_e%8wehEFS2?FV_-xUz$Cse%*M!{!t*Ex`b(X zZB$_Ky`lGB*@3M~u-^U;<=kzN>26B%wAJ?hFgu;MC z(4gY5ekn_8;#2v4CI)~$h8{usl2iy*_}1Jdc#-qQ789@#PHZW}TB zU0?SLD(x=4=oJT=l=lAgl_g;^|39E4@iVrBZAH5ZZE zti+JpP}qBsr7N-Wf4@k#k$qjg^YI*EOn=iKedKV4y%9Z@8qg227prwir_hknwBT6& zkp7Tu@Ty|-9h$$!X{eA#r+E7FxY!R;o44LZ(`=IT!7){y5LfA;ul zu3A{BQ+~Fg>QvC!FKa8fE~nvKXhV;N%FSJ}wW;i~TWJ@uYC=zUe@K`vwjGOOw@gy2 z^KN-P?*8uj4qfFq64{j|YSObA_BWmWNBsSP`sbeaWa0-~3P&%igG^T{abBPA4+w0R z&uw$}LnW>|-syWCu00a4{@peVS`Q#&Ybt%z5;2)w!Z|C8L^&%_=84q~VUsCn&GF6fZyV#1;-Amnrw$hAR9BoCSA7|7 zujgZ95)1blV?QPI987LtPz|!gk9zyBA#F$+(fBUzTJTte~zf z+SHt0cfH8#fglFttLZJ%iKuhpj^ zu9>&u5LVQzbl9#j)UL^LqxLwS=k1;ysDB79mUOk)Oq=E;;2#72!?QMYC&~3|&+GF1 zj93t9FeDa7DG_fPa5C^Dq~x?9r5!{6=6@E>5M)R<#qRYtbW1hHet=dwQyj?kLdDxBVu4;LEq=sK{2c z^OL2Rlc0|Ij$ znbemSo$THxn62@5zZ#A|?=)WYr9FG_BUw3LGC2Osi$YvAWJFvL?>l3FDM{MW(%Zy$ z&V}rcSaqc2C;0<2{N~_ywJOZiCw40A?Kl7_rp)*E7v&cxAveOH$V!-ef0DT!IfgNj`b6JP* zmAloS@04y#W!o8`!`n^&14jT9bDAS1p9iq<9D4vp(*(cw3qssWaSCucLJa<+39%G)mL3-*>i^8QvAon;4f=7(E*_4}xVAgH(sPu->fP;u3=68#Jv~D0)N5YLZYT^>(o!qKfg3k?GeAPiP^mXPP**+7)g+UJC5tS_1v_m z%kbWdfO~D0m0M2=O!^$pCXjlBob5L`J+NW`+a|VWbCnP5T%sVY;Szqw6rp>CKFU>J z9@r5*4LEZpXDKAD)^7Tyv)j()Jm-OCK$BMk3B9|Ev4mKyXuP)Fsy};adEtqzzm$%8e zm1ODYxanHow(-;q?GRWLNhka}$_M1^+h~xk&gq|nKP5Iy+|mI0cC3K4{Bm}<(F=Ny zEY@>fgN^hT>4b{gD5*pBhw;l|Ww7TsfHE3yE8ah5UYRJ~nW?Eb zmr8oeB>5`Qz_Xz8{h!~)0nIo;BN`ILeeRQ6%18&MbT;emLqbOP%qK~FEkuRjx2NLl z#z>Y(yoRW&9c4@gLlbv_4{B_Ez2r?Nr#t|T>;a*QL~7|O4C$-T?gPfP2U?1BgXiUO z7lJJov8DU`dH%BI-xBu6v3a0W`$Z#@J@|`cnSF(9dIt2|L)CSO-(Uh2r0MBk&VK{9 zFW%*@7`Kh!L7p+;>#wt5f1s9CwZ4OnSAQn4&I3iAZrn+M1WM=ZU~O4i=JH@gNgpgU&-BN70mW=ARUdS1}fz+s1UBlu_k#CG*E^q9xu zW3Wl3OS9)f+M`&-GlR?lAgK_GwD>jWS?IhoH|sONd~&Lh#ZTqC%3x%(?uIhF+DjaE zX_ts1OmK^HgQsH7+vz&KNO>OE`!KIAkxv33Vn?R@{W<$h`tQk>|C!kBg-oCP_=EBK z+|g0V%MGa(!LL9#*by6EN*Yfn7M2V5-ffA#_tRpiHO?My5HLu1yWmcdY-o3RW`0;Z zTQowRrxwGiY{X*h?zMYQwib9kaD(QQ4l8*#7AXp+00(5769tU}$9I5Qn88Epe6wQK z1?Jbyp5+9=304ONHl~ZMA;a|^PGXC}6f+ZG%b{Jrv8cm(fdHglXcQ9vjpaQM-?=H$ z|7+zD$qpzj12#EB9wp44!B>%Rv0-wRyK#Ml0v+`d&X@)H3mU`9(Bn=&DC;f97+AoJ z{1_3hJkW}7*X*^D@FE1FCggP%ECXSz#BOt^F+~M1&UjQzqtt-j!wZVK@yinhV7Kb8b)H~D7f+&c$rO)#r6kJ zS#vLTMLQ#BVQ~&*VlBRD?RjMg*OdF3C#$hRvsr*ZFCME75Sho=kBiRUZQI(nL zg#$a_%`vD!9XJJNjYFCV6#UX5g(?H+HzIJ>e!|7D>UL?#mmM}9Sym66cVDpNmJ06B z?lhEe;aLm8bBb|A2(o>6OQT^S7g2nQNxO`Kc4LI8ghGA|%x8xZVQ%t2mM>cfyg6Bl zUi~P#kuTRq-9A&|+be;^Q^&mQ3)Yyp7Tc^1CI|OEpL4{Fg*+$u=qBUMbuM|A^bXDMK&I% z8^Rb0aO-i8=SM&u6V75=wrz4uA0L$;a6Z`)#;1U?tNBZ1Iq4{<0}%|TT1jItM9q{I zehd#RWhrIO^yDDO$}u;cC=TtD+V2xYS!HD?oK!QuRWwmf7E?%P*1hs>R_U=8nkHxc zD-$Lr8_1G(5uN4+;Z7F}mv9Q%RY-54WZ6BMwv$*|&0x|B{9VnOHtmm;Z=bHTTvoZO zF6A1|yDR^cWsin15Qg0n{VSSU?yG@t`j4zAi1FE9&w4u{$OXXt*3O2{gR<;kFT15$ z@$ImzNEch*EJ>#?ijIYUkQ$?!<8fVO`6YB1>yN)ob`;i-6UAh_8beVRBsE}CtPo2H z+^UXm3q&QE`S`OSn6+TL3V(`5|Az|zdWzcP;5nc?L`qwD!evU7b;xgrx|@|;F#aGn z&2Tv1k390;?2sh?D(6+I@y{Pq`k)n2}biL)-g-rTWesg9xOQOukA|^5W23 zo-^W_?e)tzu=v^qT>p#v{bqg|cg%|!$}*9k*u@l)aXIfkv7kwcj^ukNl{pYCgoif} zcAM09O#e7jYAq(s7^1~z8f9fN+oi!**Sq;%!Jhd~>RpT0%%KGWB;&Qgk}&XKD3%|5_!-EdfSNYb?m?%yFZ8F zKXCqJzph6f89aZ24r3mHWG%FKv_p=Jp$j+>iq*r+MKJGrr3)0bzc>^xd?^si*taEA z6es@s#O@PGmhd6w)vJbD+uhnlT3jnS17bzX-Pdyb%H2$hAAA)~n3-R3wp{HBJ))Ok zRYI$}GcYPk%DP*R&b>Eh2;+6$<>6<6+&9tBR-O1|AOxd1brSR!XA3I4^LLD8#;+{BydWJBxxu<7N= ztr!7%&c2@Ow5!w|t}AAa=Q{g(W02I_*8a=}$!f18FT~7{gKL9JvgdxnZLp-voxgi+ zN&9Wjjr&V$@)qs6TN9S_Llv}uzgMAw(w(uam-{lagv@CI+l zzG9h!-0gOFidhg2n6ZRVN-S;aIPtaz?ZV}sW)lUxIvygEXoUF)G|9bq{P?k61}M+C z)J;XwzU@Q_W;w>{9X=?l>!+pb=Dz$^I%qG}o$()uP`7MA>dTW4JJ0cOhS>zaAzuw4oeWWaO4zm= zC{O4R!Wk*}CY)=N2pat1(K?y2e^R)R?`qJXF|z1&yRehOldCN|KPU5e7+eS?R>tF< z6~t_uW?upsV9TW$>VHku`PG0^k}DimFNHLJ%Rp|{mC{)uckeT=^Q-fr^nto?*(f2V zc0Q3I7qxF}=>w(^hC^sa1vI;1zQ}m&j`{mt+o9cNX1GTT?Jrb7g=qc!1Lun!xTKVO z2JGwl&n(_Uj6KhHPolH{?H-kc&o*s@KhmFCU9YNDI6AWKwM}flwyG1Vc%7}t)&JGF zO%)f<`eBD%up&R(#+%vsijvR7NcRxvzilLwKm7cD9*dbfH6$#+^o)@Kf?%hMAFp+> z;^bhS@eHTe>JM;}R)FEtzr8o*v*}%-FtE*w_MNaXKSny?#J-WFMdk$@uzY3Kh*jQR zoOd^X5VBPg#SbJisgN7sc0X7llmBS{);w8kV_SOZ1B_cf7P7o_i)@Y%+U8^=e$Uz2 z7l|H>mGCQp#%g%fZwbrE*2ZVuIy40X*J_9*gJTUP?T~S;f{N7?8$w!s!9pzTY*BuI>A}sw z*#mW_GQgs%UbMuPz!ULtlA5C@)o*iZ_TDWj`$B_@&IE~p_SgWU*XE-AGUFJHJZ%}4 zK{#tW_eRX1aPTLT;M9H%$CP&xZtE8`t0HiO+V1Rn)0L_?CLpgKbm(wVWW}!f^hfs2 z&=6^$`xv%7`_y?<7d|hCNuJ#pj}w}knUPmoxw?GLBk|v+0QDuxxbGmw?K2*&`yfmN z;xs11s66&nCb8%k(|+xzp)?zZ@r$JuR;9Q8OAPjFG zp9l8IcP51~)vgZ2G$QPB2n$?FHn){Mqlp=UgVKlOCj8UV{|-tscZ5G||1b}egWxH~ zigfnVG~*3Wp`Bq0LjA!?GICit%L_$8(bPyWXR@m)p*or{G`U3VV>(qfgnu+Oz9wBY zfmNBsz1vnH`~r41;kO}$^Eyv39@G$trPn(q(vT+rRJn2nYI5_UMtw+HTS5UNfxUvY zBX3mAp0)jptRUrl;1Q5#700J3X$lc-=Wo~LR}OcSX=mb>TfRkv2JC)hTVVHwWR6q@ zDWRmHoEINcFz+Qx{3xS)p}QTzDuj?X-mU9LPLP}WxY6#+OLlmf69~L(WoeYo42))% zY>bOXN*Ok&u)|-*9uAyG*sn0KjrL!oShUkZD+_)_hz(DSE|4M4ot|Yaht+(3ZB6dm z{cZ5)9!J7rljea;_pOX7Qkfpeg!p5D%sErcPwsnMw-TqFgmGx?z*&;rlR| zBjRb^V<#q3vNuUrZ=+!(q1+h&S38I7_ z=^75DGg(O=XsYPvy1>SchDy{-8QMLYJi3yaGCJuZcgF&s!4enTqU{JJWe+IzC@7OF zh|)e}CeC<8>9A7|tWW7a4u9c-KeB2A3YM~u=bChg(-7#y!$gV?ZMM!2AZBAh<`hDB z!!S^1w6wTGAJ6g>8&6BV@&O-X-5=OD4M^_FrC^qJ+Lze=KcG$-e^Y`q&9?NR#d#hh z3;y&U&0eLa_>iPTG2cP$y{qKGhD`W4ZhqT3CH|Uu#N1OP z{;_=X*t5IX`lO5|R`-3`^6>;I#Q)K=>Tk=^fP6#?*be(J|9o%bDJ# zrhzq)MsG#L@u)fBdAH@cH$2wgg#+QLVcUg=!?y(QXq`L?IaosCT zX`+y?(4eF^LNtB2Nx-Vm!tY^a8w4|7ZO2i z2@fyEWL1kv-a@#-xu-6#A6bjE=|G5h%hjp*b(pprr^3gVivQhxZzp-qRU)&QTHYHm zjF9mCsP*zdvAGZxeLPSc!gcjI-zd=?9$NVGTdZ%+Cguw;W2%V-nv+QaqJA8_2-8e* zjpCZ2e5H_P@6Y5H?roo7wJtAcvxcA%(LWwbIBCq8*4sJsnlPMGG3<50R*Dg7VjhCCEbql{9ch7E=7i zew6YkaCe1etM9h$QKFg%NY4r!UJT_a%$?Av7vp&IFKj3M#pQ)Y*MVdicL|Rv5$+;p z@38$@z4fS`y|c_$O}|NCoF(I|9nFPAHi$jDSQV@?uHzq2!TwiR$o3@kKX?7)lw>h1 z)pBUz`~J8Y6fw+8ueycB}u+rbJp8y5VeOvk+t(%M8=BoR2(;uEnJ-Hw% zj7f+n2pFmEZM_Y#uOss|<`I1GA^pv8#}9PDBU}K-QxR$5CV(@R3+c8+=JSzWbv$ZF zmFNqEhDHE zgf)r~+3|OUgA|C^@sBp8?R?3;@&wHN_rXEHMadvK1d9=GqX>vSUb3d^_3kG%+|)D4sHA5Zfblv!`c*R+SJZ8+!~clKrod1A{f+&YK^ z0~3bee?ideo`A42WTA=l6Pfd=s36u^xp*Ma+Dv;nVXOJH@!U+ZNFsGw%6 z&~z?Qb@t}(CkgAR2e7GLLtmZL^dC6KgRIDDh&c^+0m-P_)jxzM=B05jjyNwm*(#Ua zAH=MZ!DirqNvmeu#@9ap`bcsWmvy=zBQ$lJ{U8mhWQ2G--#Zk8!uV_qcaSJ{D|$Y6 zaX>u1%9KU+6D%cK6*=(P(3tVgziV6hVmlDd9iF%z(RJJIg1ijzx3EEREBvu35+$Tk z1zOeQtFf`MU_oBqMg=9M8*HyBOU*az;A<$I}ruqjdc*etfu49cVSvC#E9Y+y;8 za^Eq~6ZzAEFMcx(VgOkIN9B8KDQoW-5RWCs$#yU-#Y&iYjf(}x(%hVZePcKrK8^L+ zY-H;}F<5Y9TlvO5vzeUp`8Du?mJq%ir5J%Ct{rNM6%X!-$gmn%3L3Q^O=oTD@hbr| zgRd=0J<)`sYWvm+(8K62P?3&0(SAxfYBh}wrc*dqyN1fzu`_g=?j=QMl%ABl6(}2c z-Tl{US79!nI+doj!DvI4qP75Hr_G|2-w&m3z!Vtg=MX&tnlq8rcs>DuY%%u~!Vgyb zXT|+`{{fp9_mT{UeUU*5N-=dPxUw0qQ&gRg+48^r&tz-iMqPKzamBzFq6{%>}6 z*1oYDt7G>juqx5d^ST`vPBc`h5|VSI!qx$Jk~AfL^S};`${V}`f9UQsvbLA>RNl|dwq6TCqY?@^$sYI|70anz$l+TU#VJ?EAt zuTT65A*-}Q-9T@5U6Jb;mrpXF5=x}h8?el(MM(-HB<>WhP*?Ab0(Gbme47JeCGN$P z2+2!B9(9MYrqa;J%7Q!VAnYk?vGzpE_h{~p40<`_Pg(YMcpl7Kztr&Zn>q?;A;+jg zTxUR1w{z&Clpabh9I{(#o?hW4jeJo=S?E4>VW|a^bLUYzbSV9Am@ilAdP3{ZK^)(8 zf)theYV<6^kR5hT88vngNSIvtEJ)Ca2`>s`>oS6wgveYbNbzO?q*&-bW5P(CeQkRf z{5wX;5w!5eS8(>T%1<*ukoCeX>DZ9H?EhTj4@IDf`@sGvDkbHcd2^pyb|k&g-@8Bi zh**uwt20QTmKmI)f_9@L9vu*rrwAv}#CF#_jh`$4n0JEmcMFq@O&UE)|cO7PJ~P__*OpjeHewP(cKPbsogv{C6O@kh5YKPrdUEBnsnn zTtUupo9yPh40*|PM9%I7;S znkPhRqx+A+0*1N-eI~FUjDAgD(%%W&V5|o1M-F z2Clw>Q7V^^M}r*D9s-g0V?U09u0*93wvTb^o~;B)$^N9$XkayZ`BrimObG5HXGK`L z*%BHTMew8)_MpctgesH!uMngAZ&b7Hhtuw~lM3M{)Ij;}&UeJS%qSHEV)irWZK99( zL61*jhbh+^*ro}G$X6PHNg<4-I9ctVuzlWobfx2j#DsD20kut3JEwSxVhyErJaUhu zFzZMuN6w}aN4o={QCh9BiL9~F(E?e+Nb))#C_5H*mv;TH-oLb|5cil6#cQ!<9n=KO(M^-kZ=@VG5CHI?93z0;}ZaM`#0 zjoHhscUl(r^?O?nJ}=n)ef6{?DCwcy`wuUk{k|vkvb7PcIR$Kd{01S(u0HQb+QP8N zDfkPB0%z(mt~$)h9hW_XXo7gTU;?J*PE{u1_QCI-_sPx|0>jRqxn!eRq990%I*!7p z8?nFyj#MWWrT^n84>n5zdT2N%TWkA!g=P6^m6>`7p9c1zLBG5C$D&GoJQPV(N-8ZR zD&bRg5#WO;tHXE=Z&&FSa3&Xrp8IgJWH*WD+XJcPJ2j{=VHw&`h;>gQvB0QVCbeW& zz?<+bAPC)^aPE|+?8Ch!++W9^5)>3IW%Os?eSEnz#}-I^pe46ioHl!Y7@4Tp z6;cV55k(+0aJ?`-Tv9-x;;g{jjHu=WB(TA~c7V0t8=wpx^_HLCdHf9`8&v3BLR+txa-UXlkIn^v zQ(PpB%FjyIgUbtpqOC9q*NN+p;39#U^-C7fZ}r#G4J;ih>@6Cq#vg|wR_t9dQDx0k z5Zv1^X+ z-W^PPQiK`bDmwB{tpDG4w`M(^ETEkD;o;$NzP7g3s+R}V-gp(Q_xE}ptMhke;`!@9 zLeLMk%NSv_=o&Qm*#M-E=2oAbRPs&&sm&^8cd7C2k1QV#55^5RxPSiWG%08}LQgHr z*fv3(2bBNVf;wgjyjv|0&;LHw_)Y-$7`5Hk+mB@dYWV@3Tv-=#Csk@$>y+=U+rU>> zY0G4HAe{#j(ch(Cx3cT*_R&OZ*e9f3aBKsA-SvN86C~gz5agWljlKLas`Sm9#jTc> zmJ}HonSQxSV1)`c)Na`TC4c6aP?T{>*TFa#@hj6ZLtnkK4zO}bt9hMnYYSrJOsTJ%#G zx4l(gvDyGlZPp3Eizf#c>p$1xP*~haoTtyHU1>HQRP=ZU(t}*22&l-d`qosr#7OU_&ZmoiHH9g*>T~-@*e+Eo z@V+UR2)|Q+DVit`8%{CJ2+t9>gy`i*;}?xEm50>-C6h2H+f;dHkEUVV;F*_k7>29U zoWYD$*fby9@fjy$`|s0y`V@KBLL^1sKh=XLu_>wVriWHlnQXgr^Ut&AugALC)BW4jDM+Eg)xm6PTZvIuQ!p?Pj4;SD>i; z%$#0BI;iGpf1;w%xT76OQ6e#s@Im|jOYPt9iJ*->Ki?S%n!5}asVLB#|88&AjV}`- z=qP;+$^+*OH9&}Ot;P4ehLO8&mjK{%PDhjlAumW1X{TfM!&S~`ccpPRMV-anTbqYP zvy1HOP?Jif1m+(M3)XUsPxoVgUKSQ!N-$cbG?Xc({#Gk<`9(!2R1zr7{QUKc<$g!W|Q5d5tzvHwv5jvo~^1Yio(;@DyaGsuVCyP@8E-w3d-uD z=irs`^_t*+IWscj@}!>tTy;}T^)8eJh?Y(@_nrIsLCCqQ`Ob6_hZoyG2*4tFw$ms3 z_7nJ|(7}qZay*K3MsDWPyT3o()BxvwzCyXD;6#*!*ki~`*Es3`)9iD85s!3}^V!*` zR%u6P5jQ-VqGcAg*e4*Kw{LkWpDjN3vgIJ^NF$tek6Ut0A?8GW=NlLCc z{z(v70M#b+CCT1R$+ke6@22Mmexj+H*X6&1L9wVQWxHGc{I37bYQS5YFC(TL)B#RB zss0V^FnsL>rbtomFCwgc0&JP})jtHArOm2|Cod=vUG?!4s6h;r1%%&1jdO`@UpBD` z3YWMFXZ^(XN5XgsifvcBGH--!1VIBX;996n=kv%=QMlb~is9duTUFxC^nq|IsX^tVKY2!4;2)dd?)Gu7vMdvrgax|0M#6kP=p_-;Eq9tQVewXT za;*nHC=1t%D&XV2>;n)f-$5`ml^uCFbveQeJ`OqZKiO)uBf?O_|0e5lo+P{Fb;z)S zJ|w2)x`QmIw&BBuIQ24phF35roC1nCr5!BRM$Asggnt)>8(xy}SF%aGIJQ685Dp=P z6UO_AJ?|64Cn}V6n&4MI1gaof;^^H}b_@o5iWEki#cLiI#Y3x;OAJlhV>P4*`y03IC0l@DKnlrEGZPpZ>1F6D+c{uVL4A+Y3+R7NQGkD%x)C% zndfeKRY5>oIU+CXUwMD@@@L{y{x)WEpQ+NMu7^Zwt@C2hG8&g89@4W;{})|RQ+`LV zKmF`T$Ma>ynXt|R*qKMz63c}zE=}1j!BP#VJEe!Tfn=K1Tl<%V$<@6i{!cj*Ur}hR7Ev>nc zfkACZaB%P>1~0}3XlC0XGB1OtuF|!$S3gsHH7K>17EZU5{~!y3X%N~yR*g$yo@e&4 zyoy-EGS`ezIFd!Z-eiRN7$M>=wTvOlpwym9=V}2U7~Jm(mv+{wkFO)s7B!75Mip+| zksI76+B_@nGj!!XBGpZta(CoOYWyjw$3sxAk`AH9)V5*9a5^dE#$<|>c_C-lRH{UXm5D_Y@TC9a_R(*q(O*fLCVUywD zxC|31{C=2Z2AAv6qi+$nHga%qT%~_oJ!Zhm954cqfew|!Me-D*3o))8GRfe!WSj2d z1!E~3-9)w${Z&pqgeK3bO98_SA+*v0#+Q{>`5-MCmx3sGTLwODpcIT-GoW zLhaL|P+{Ks(xD{{B-Bd3ueWtUdl}q*KRP-iN`S;%<&w)|4d^)ey~O;!ng;}Pl-th1 z2Bu`NRy%hW74j*Wm50eU)e!;=O^=O@r?`cL_Ws&23C0hbTwanLp4ukGoKGp~2Ak|Q zm)VL&(>}4hH7c~4oyF{U>eXeO23>z6ZQRN~6Ls%+Xi#(l>|IY0v4 zd8c%>t7M>VXmfos!lwmVj>GdQotBBtQE_(I38eTrok_8VStzQIs8qHc6 zk3XjKXAQ@2!3{UyOrV8M&pz3}#W3O=3W*)v{Pkb)LxCQ9O3a^n38G=6!QUv zD-PB|8aU{^H4?+=g^@Dmo_dumDo@4N&q#*POiATL6TogPbF=zOENj@L*~euZc!2!q z3KP%ZtB}SD-&Dow-9UbbN6H$j{1d|GAh#X{8rhmPYVD0hYjh~_9}P=DFhy@TO9+TJ z_b_&b-E8v*;4p3{;nZR4FP?cx350VycRZE6MDuPSS{vOFug#r6#Y*^&_r2iNJNyT~ zDa)6YY(aO>jzIRu{Rn=P{cTkWNY3gMjgq6GvT`uLR~16@@F(VhDQ5Fd4@LBTqSoVX zuAbalwE&aO*9>x*`44b3KHYkGQ)-~WZ87rXuS~UxLF8ag`R5-Jr}AuoNrXLp z&L?RnK;xL-FvU5}*x&W~9(QW1X}v+^Wv`=0@A8upojHHar=&lT8~d#Y!YS?FEyRo+ zQ!!Cxb&npjDDD-pJm;Q`gPHc->%NOWB*?eqI2&gi!{G%)LDet)K_Ei8SVO(2Wxoze zSupkxq(rw6DyU_7C+y)3zH-xJ6phb795GsZVl6p8D2?M~H%E~8&rmW5H;hW$H|a;$Dl8W!A%c|+tWFIPb# zoH$NJD+@C3p`c5)Tcfa6<^N~@u@mU$5;>9T;-T&&L6>ue#Rv(OQaMQACU>^!tkoS% zISL}~s5)2sK#4Bfu+kjzWAw7|6gl-mgA9no{bK0%NQD}wVmrckZeXLiu=Pc)S2Le3 zmfH@9C@sum#niHtY>yRS6`DOHIxSCI)ww4ErGHUtVyaz@S&?#wLG3*xAuB|WDA}DJ ze31)Ws1`gJt}g$k#%&=u0sjlUH73L``?=WU!!8PH%_lA>ZpRyMQ}rliQ+Vuwu!kz{9_Pxb?p zXGfYVq>LU*4*3vtEC(e0=BOq`kD*OY`x9pVUw?*`4L7t*&Yx%MRm(+L zum$Wc7+F&bSio^Y)I(q+6^V3r$!C!05HiQ5D8ufMO~ zTxkGiSLU;gT&ZV^Q{P14dl*KKUV@UmH@xgoePIHLuWfam(m$5y0o9Ea6ihfW3XvF~ zyE|=_7N#Z*ZLUeC_0c-95^q~ki0nQ?@NJER@i@&vz>+Ex4j6LyM~JHioxKzMlQ?P? z!i5P9uYUqR&Urs9%vKrw%JCm*Cvj>eMd7!pt2w80EXRR)#H30Z!^Sk@+;4CItQ*`B zEk&dolZV73=$xD?wvNZt(op)mhrR}0M>{I`P%+$tO8XrgS&QLfVy;(zvTSF0Usg$i z80uc7IvSyPqKIR+(Q~3iewu!!e*Eum0jqPn@keN^*WYRTbpLf@X2p(EOUav@`26_x z-Z9EQUDy5563B3(i5N*LYIy6_8nDA%4NKfiV_0R{3a>;g`()NtFmw&0)e0GlFhmj4 zJWAVfH;Eb`}iYvrUju+4F9;Kp;&-*ugi5#b-6MLdXTDz2i{e^vohR{-OglDLQE9D6{yH zR(2<&M(+DA|IL9)_&+JjjjTK)Xu@l6flM5*)ycp7d?TmRdUYLex*=Qdlunw5x1P`4 zyl`Y{04(}Ht(V7ba;SXY`N+eGxS_s?&lY>Af!3S9PL0(+Q$|~!ImtBNKurGaf2n=( zHCps?Uj6r(U){5w?(E!kJHV3n`v1o*OV;RW8Wvc;6;hehDy9AE{MQ~lTk=1Rfe)Wj zFJ3l2p7GigEcMxBIX!|t9imguNSzAzFCQK9 zW&;lzJ^IVfQUferPPcaG+?ss9W8CucmDC%+&{usS9w`%A-cZ^8Ts_f2Hs#c90I^9* z+A7ecrRe&zB2ra1FY3+~+OevGr_ z^%rwON>>}*UmFVTe@7A#iMsS_a3?}U-nX5jnqXswTuN7OooD}LQ_JQIO@A0+UE;kz z@At@`qD>VrwF?xiFLK5Fv! zdNKK~e!9r>AX4;Y;Lj zjHDoHrokdIft1s711)E1nDRt6k|j5m{QlM#fJTA;-une0m->0<78+q|M`r$z^{L&V z#^~dX#kr+BT*NpTY@c7QgMc}9a7|2hvJrBJRyrc!gdgTpJGik}vN^W}YIIz~2i_!W zwQIes#e0tG(Nwb3QODl)K6wIxXgYbXs`!SGMCVJF2r|wK%-Pe?)%~K?>>;Iu%=pFq zm8V~?E)S0K(w5e91r@3ojk0JdYK**YibYZDbxBI`vXxKhhJ@I?G|+l(d%4f#Wvx7e z_69|R=Z`c`HUj64s@%Vv2FF|;wjiuw8fV`?^>A>q`&gcr&;D_`Dbz>qOx4vFizw2x^=;y z=Xks#6LZ>MH@92+Q#5CCue-adt%CPt1~~mG1zyz0w*aAF{&p!9*N0?{wVqEK9eY-8 zZL<&42(|py1kQGU4B3+AKJU#*9zKFf0KrG8`gM89+MJvoCo+GYtph`pwD>n_30eBR zCtHumN;a;)>6C5GR{rs6y2TEZm`p%a>h|(@0PDVZLE1CR$3KH)bCecCzts05Lp|9q z+f+Yw#O5%6d&TJaDN6hMqF4XFTKvV*6q2>e4n15~=1rhn z)gc8TZdUp)Q4edegHb2j&zAqYTHTZpyGQs(r~ybHGw1(xT^@GaXx%a!{Om^5M!9Qv zqUyrvmay^3sk-P0BY)QC)p+$ixRP>k#Z2jo24K*4aBTQhTxt<#tiHagv(9lGm?u^k zzD>GLWYo z()g^%{w#e=BwU8K?OSkZLVP&ZTK%C7#3?vt`C$TE-a{s5(Ot(C7{UpmD*dfmy))4v zp|i+Nm7_Vk(rF^)2Aryv`*AkQC6NPv{F&_azZG+AM2Kb6w1_mz?LtEQe-=_V!3*HR zANJ(%7ZeShokj0Gdv98AwzUC(Aq3@2|HyjVf(e$50Irk4_G!FnTjg}iO2fdXUyTIU z2OrUSx;ILJrwQX9KG%-}bH=hHGP%mmfW24wZ8sLOlntYi``$8zDYF-&7qwl3Au;xR zB2^LvY2rL-6C<}azHW-ItO&DW2d+60Z!g80OHc0b)Df!9q|+EIZ}B|mdwLXc7!_BX zS+U620x%xlB?NCKWXje1bna$dtRSe3`Ld`EV*ABtR~|geAHjkdoAx-CVs<8v^SRvjF&9V89j*p)FQqO;=A-zWyUfj}|RqUen(GpNAm278u7w^H@ zVvbj7L{$w_z9fo|<&<+?$#m*0L>qo+vzwX5>WGe17+Y?l_3lejH#hS^HA=lds)~kJ zw;Mhwpr*@rZUtBA3{g{hX0E;-%-noCQ?UMA$f!1pB)3)rWpS&{BZZ@0_awr$TgWg< zW%p4o41C!tZ#4F_C|D{>JmhZv`hG-29;=FI#ge2NQSl$m;}SZG1m_^2x9ZFCsCuFmlG-0;Cu|vf zRzjVcr0_T6eZ30O-kD(fL!Ue^qWuUMBBf}reb4G_#YxDY$)}(5(>#dOSdoBp@Xz=c zUqhA#k2{RZ)gv^}*hLa_g`QN5znGbd0~`@PZr#D&Wm*IVJ0+`)81}SBL4SkG{!r17 z^0DoE>@@GSmb@*tppdpD>oH^e_ior4QeiIe>4UeQ;l}=aSldM2@|WR!sBFtv|CptE zh3!1@`o?9VB9mHToU{<(10kP{Q@FY)>x#6G^9836f?FtK0z){q<>vQ*u@ax2cEu3T z1dADH-+e%Q+XMrKjnT9zVYYBQWUl|oYBo@k1ZA-pY<+kz0jR<+!#D` zoWN=}%myc8Ee0_mC0^D<&MI?}gd`jX_VHaIYa0@ePlgmPoHN}_e3lLh9YWr?4I_yg zh2g^R9P;HKtRc}XRcg2MjR7Gy8?*7supPuynFFO`F>qfOSUG4e8SY1NWl{pdkAIjW zvF6?6r}D((%wwJDvMh>6U6Z6_Wab)F;m}UfC63vc_;ecM+sryx&+Gy~0$W#zn6-Ht z+zPmCXC)q{3wkdXu^pi~Mv1p${MbYvSDI~t&H)kTif{-3Y&Ub)BrOK=qvw}A0FZT$ zSrTZpBZ9d3Y2H7yR}40Rhgvf_`Vy%3LH8@tnM;?ExLoWKh3W5 z>ONO_4Y=Cn)G@eT^&REsa05O<2>Fg%8?fg;8yt313$3QtZ~%fKb1>oK)C-hLk#@B! zt$iTyaoiWV-fA^I46c#XJEiys$< zw(sTHy*(A6eQQ?YkD6>JbSKnY^W~d|C|K_wT&Q?$%t9R$=YfIF;13bN^hy7&8!U%~ z?cox8DPf)2J&hFIk$~jKHivUL82s8(@>Vhk4slNGLpoU5`m8kGMTXu{<>{8w-A5UY z>{lZcO>BY8IKF|8XSbHaFwmJ=Mz!ERNci+{!uEEWR^1WTZk$O#n0;MMnMXm$;uP<6 z2D@qlPAZ9*F{Ncnvl^*9aJ|yxe)F4Qq_I|}=+_Tq^0p~Vgl(ex&zv!j{Mx1+pgSMyR8`wa|@TQ;|~RVEu<)1AHP+dbb7&l{qlIq_kZ_rA|Ihwe>)s@=PLz*dIv0j|B}9bo$-M5>>jl&BJ6wT z53P+?67N{Ix?hT45{0<~k90bfl9F@J9%4gAAOHIaCT5B=ilep;j0l(KoesY<7MS|` zhFP?NP+;Qd;FIz-mQyN~KV--G&|yu0%B~kw-0v+mVk} zCJ3XtX>F{4M1yASrS-lC@Uo8^zi7Y zs>;;(Q(zNGu2-GL?}T3LAgl2TC)|+8597Fa&U2?UISaFBH-xOB3UJZxs_ zAacJ>1w3MXY95-i_)|5mE9Q8AFTqu z=iWJ>7)|hfBOiF%D`Q#d8dGzi$0q2Bbt7!8+d6g`0fgO3jyMIelD#EToaRg7hiRO7gG70un!N19J4=31H z*k%WwIbNFEp_ZXKxI6WnS8(MFDdH_CFQ%e_l9FIvsU;L=^dOz=z#ARV!=zox$cf<&%SU+o;m}sly}Q#VF#A-exHI z655W9{OTl{q4yy!9n9~zHDVpnMKAlmORf}ld&#pfA%Lh$+Q(;|6;zxs%*(?gt-#G) z>Iw{UkG;f`f$RS9!S8rLSIi2e7)@z%U&gD<7t25Y%s|!K2(jFNzkmxS^MDorHS~th zR=SYoE-L2oZU={WloO~Fu*N6cr_*XnHXpbwmfP<%R5iJ$>c&PYw{ay~1{IR}3S?MJ(h=L7Ib# z2y%!wF#W|i0!CDBLRe?Q(S3}cwDF)HoAbbx)q_527P=Omoqp=`$SV^2?q*ue4QwuV z2D|_M*3y3{h}&QUM08LVIRPbZ9p-(hKxNuzX8b5VjgY`!jrgh9%T(&cnyw!mjrS*{ zh&N1hr(XLZmq~`$w9*0~idd}(-{GPnlSz;#0k`n80qWOZ#bly;{42==Ww?v2y>Mh` z4yV*Jc%QV=TNco zC7#*7YCoRMd7mkatnl@YS4?mS$59AAFdaqL*#wnPAU{lr@9graz4<;l0x&|i0hj&e zB*63#mp&PP^yG;Mi$3d16t}rR+PQn?@EL*a;3H);B1ya(ADd_%LZL8n#C(}oCuw>b z3-izrmuu?isT3|Y6f;5w!p$L?xZ0@9O%tl?i6QX_8jkD(WV?)1=TxD>LR)?f;l<l!@mDQDJ2g&&y9gxEB9sA~x zbdFKecpVHr65+5T35$dy10kI_it3c8eBR*SAJj)ZE)uE*z}>`Mh1Hzl_b3VNdmwja z`Ye2b-l7~dDw+(XyCSw9I!-*s6>*>VNT#ls!mJ}5O&zSJl$XmFcp!Obad=wQcD>c& ziqY*bP}#$*?|<@8Ox%~Be?%xcS&ewJclY#c8-#q*HnvKtIKjbzv`cg7Zqx0WJm#k? zh`mIx7qsQAoLy_I-2nQ!)R^aA&)<23o7OD-nsW?S{;v|q=q^m;B=fa?2 zQNRlNthd!;kFtO03?!KUX}Mb*DhTi`?d}>dl`m~BF`@F8Kd@3wyn|Sv+#TfOlG%eE ztLC%rP!16nL&KSz6t6RE28s$-jxM6AJs!uZISlWWpUw@{^mOIyKd{zyN%mfg!IiMe z8<~>f77(%!?Q1bUr@W4Jv}qECA3~QLC>++l&7`WFc7BhIatUk`IRNznWh^$Wnc!Y3 zq)|ByVwb}ZL4;MhQh_FNR-HN2CX-fo2U`L#%f~^6ftM$}b^G^f*1o?d{;&U(z5f)D zsSEQM4N3qgAsK1=i%0LYHfZSRzzcv%uH)?N%-#;a?;DjY%+$HE*Gj15@)#XKmS&C#m-YGE|jG0 z(o*>UY5`zRp#Vh_p~s1`|CY-6^i~l4WNm#tsgFiF4dLY)>}~W`YqEz?dGTwI+HrcUR0p!t<7e-Rgsb!6#gWf7KQWAWXar~Y8v~OHyrr|UC&JcABSbD6`{tbDl z5@a!++Js4F483)12uL@})uaP&{!`QIqWo6buT04I3^tG}cRB?Kvu5+s(?36JDj~-k z!0JRX@M%XmqPS}jJZMerT;Oki{YZ0Sd5a%P|8}1-LHu(uKbWpbYqjF8W70Q=9%Nu! zwT)_z48TK5Z!%%NN@I-oYKf5y$%#4EAGz@3iaz-ER#olGcUKPfVOf#jw=%T}DWaKL zp7(O9D(K8E?)7lP#7xNQ^{a3+<1t)+%6R6luQ;;d6yn?MFHPZ7z2bCHRv%QIBPNOB zR_=ySsug#0)xj87G}1qu_!>OB{l8F>*TMHA-}ET)H?wy^%3gUJ8X9_8ySnb?GDc}< zE@cgWv)eYho_cSvas21kX=%1=ljE=N`QB%`#Rjs`?NE`Lng5mb=voa5zzNrf^dMt= z-kZ@RZOzOU&jcT5LIluHH~OFM!v6jhsAM++8jGw!$NEp|h!7exjxT7=B57BGLX`$F zd%w?P=XF^Duu9E)1(kOj)zi~dj84S?g(R@S_2h(vCi(wlxI+FoSsQK*1RFi~S6QrH>jXK|)^8*9g|9=*(8ZXq_r(*h+-1lRL9)igOYQ+ivYA&${9! z?ou$VzS!4mi}lSoP4_x1|M&|aF;5z5(q*E_^M0QiZGfkx zPt8qRK(|RVU$Nc77dfa(Z~oB-@PnO%tIALlo&67Mgnh9!PG5kMM@KgaK%k1z#|r?d zc#xoDP{OVlAm+ICX2Gm{Y&2Ki*PBc&mB3ek+;;O^n9mhrA~}E*0!T!E{^8oI>1FW% z!nm7exW|PHz~swpLPA5@#8j#j;H{!+>cKXE2cv!}C!qI$;xz!@YNTmHCV}O?gJ@$J zdi)b@N+kk5Mu8*Ym2WfufE8mkT@hz$_R1#V&#%uy z63}`Ku+}#UTxl3ia40#fEN`al&LuHP&% z7-IlolTXh#A;y^UeAoPgs3iKe*rM_D9@!J0Ym@iILW<`bMY+8K#>0=cdv8HGm4Z}G zOi-;q3=?cq0C0S2I{X0DU7oojl@~GfEb%x(c~Nn~m?P(`-|}LLo>^3K^rMrl0&1iD zX9Prn+15h63DzxLyUgYwe2-k>I1BE%q zxi{UBVxEZeRJHeQ&$~V;r}(4znv4MPiCuE% zab1x%LhoIHN-QE0@&I(N`O_u%04<_{hM=jIx+_IbWNsCw>R5OW1kGf$Ly~~}r~G=K zuI5paFZSJTlKdf#{R<60cKm=}$&6$Kn;c=R9+1ddcmy=pZlhoUF{9w%Bc%Q#LeN(@ zuMbYT;0^bc{zj?{TPVaoo-&YUu{_}{^igvBg^x;q7(qBzuOfwAy-APd8m@&=#Gnij z74ocyyGfpa$y7%gMRf{*!lZ&hvQyUT8ba7K(o+x`_aP)i_?YaXwiVt}fwx2dksv(A zrm%v{x%Z43&D5FfHPmk&qE;qK+0AkVk7XaYPge<&#>q&pgbnMpYoMYJZ0}>G8*F-? zSonSQ1Mk0sgX*O>0l_G2ccz`HF!7Dc%*S%-C8j}Iignkyrp9gWKa@cFJkN8cAD$6z z_$m{kh1EbVb|se{Ans&uwZtlI1%LoE+ZW&Q(})v|6axddp)83XUy5!C1>2T?zA`Q5 zT4{?sMsrgLkllW@J*EcNTKSlDgXuc45-T~UjRz-iPcAv1&<`i z#2@9G{)e(}55=njhKqjD`oF&vQm}RFeB6EK;l{KK{ub@5JbQ2tX$&t91aC&d9j9nl zDVHghu)}auc*PEf$^;^1=P#-gF`X=oLvZLt4g%@vk;1H%5nk>Baz`NY^F=KJj#QbI zrBDqvINVd5kivokXQsEI>H&Wl4l#hAi>K=iTc6EDJ?J$9pq7`W|NY~D4G z;ZV4I$rHhDDp`#EYkreuz^yThk@VDGDjka62&dqH7L=|Ohbwebdpvlg%QPi&*I7;F zQn|0AFTb=cv4N$+nEIIH?#NDi5Uw8ps%aV%S7ZYG@{to=rE{@{FvdyiAMi@qD&vN5 zvTkGdSS~g{K_}WF=+YC+&wU*P59Ir;9@i<>8@q4v$=M`xpKs^K7tEG}S#;Ugs4b#6 ztXQGpq@oR&xptRL0!Cd36H&E=Rex(=>i|$TtOr+}b#F23qD9k0H9zF~%p99si^W$| zX&C@ibn%}2$hL@pz(YHds{kw6Tg1brl`U#h#R!m~S;MfO3!D$at3loTc?NchWlJczZ-0M>*&X)FXIwGetSy4#)h>fhS@R49r2)69h8joxtgl zkQ&83wQnjS<${%8g2s5!5!;X-bQRrMLSK%IkF{UIpU2v}<;5aaIJ%REQEg|@-x2fi zu<#_|qO+spJ+fFav?hlfB&r^GNB##0sqM7dr(`e23^3AIJW-lj)-`3vcUcoscQG} zV9A_3_S69tt!R|7V!kXFnm|1vSK!*p5dW9u$*SC7Te^g}{a_CM(FOwr6`+CT@$bwl;+1~GpOAL~;~~e>Em$p*?Yb=!B@+-wU)E&*??;5^E~ny!dVT%Y>K) z_5*?{2#OmfiOS-=iw!u;Q)RZ4M@65+t4Hs+Vs#D`Lem*U`i5GEH6Oq3a#)DVDald_ zx&8?N{mzxtJ$7}OklKT873t)vaNg~*>S{MlV5_?TYLDlBQOkO})qv}UEX6#T3stI~ z#L~OdxSkhB48CVvRj8)lIiPdD!0MjYIynW}<>uJZWzO&8Ku30bQ@}e*80hBKQH(V&mgJo3Q)Q6*hgSLte8fj9u&ndx5r*y|5_<^C#i^}rwn6rQXt zNyb3Aj%_C%f_6q#YjytI2OZ9<2DC~4D#m!~iZ}1K9`d7!g4i-hRJwk=Jzdd^oNnX~O13F_&$3GUtPI8@3i%`xlJpU3{1t{45)s9yR;tIK+mSeCBkG+30J_r zsM*&2$7t^rj!)PTI)$1|HVf4<5trwNJoCvqkWUFCXH#d#665uNKZmHP`{Jf05>M`h zL^`ZVvIxcXxMpzQuR%eShBj0YBiJz4wYe*IHwaIR<~`*)nTq zm?%p94ezJqvp1%2t+O8~Ue2#vreO+Fo)N6IYa7PGaS~`FzG5dcJzi$|B1U6Jp@e+W zQ{l=#Wv1x1TSLzm{uS{PUbWEr4mKuxkYZiST^6~bKC1=RsJ6)1ggT@ zZ`%nTJGMfWiuTru2tA8()6}r@Tf_#^7^lfr*_2pc4fgB6uvQkjO=@dB3~%f|3ZY#A?FDCPHX3XT}q~0!ceXS6G!y0jX+L zi|m5)x7c@#DbcnWox54asaLK&&VFY8%&W?wl~m*dj6a<60VMLUp@(;L-Row2eubn` z-{D-2_0=C5g)H}7cG|O5I}i(~u{=@$H50Bee;L*BeW)R|;;g`ECkIL{HG`xuf5s1mFwIz#UxXqv2e$NZhX zyE0_{?Q9cv&Zt-?hfF5tkgsD}F>4PPS}eX0g@XO6RXn|h}4+`P!EC) z;K8Z|L9~g43O|l*1OnH}U=>99Pf$}KX5_2VID!{gT*=ZD5B4B$5#>nIMM}StgH0`S zZ$Dpc<91pDd{U-a7PZ%?{+{qP7Z$xiYOe?bxj{E`P?oCb>G`-Y0ZVKZMP;9t)IrO! zWRC>}GOpcLqnSN$xZ2JuoA>3D0D5T#LP(VYx~=}mOV5(KPxT-*wgsyB(%@g=3QDKx z&54bo`N-{=07oNsZin6S60kH}fz#2@s5wR~3rO9>!rD#pP(HIMwQYOe^|=9=;&S;v zB5HmG((T~dXg-E-1!m836>}PSE$6Gh&gQt-M}4>KxGfp3__<>2WF?ZWnV~2rXRQt@ z1x3L=jP#4~Fz7Ply)OPM`%C@3g0SdrqOzohMKZLjAO1HE1B&AHnB1Zq)$ z)uV2+_mnK(%{mozvb9iy^QPex0W4^LL=O@j@HSll_G630tY4+hRL`DmJHAv7SDY6M zXNR}qLMfgzQG@5mS*G{kDE{5t@iJ*p2(cXzo#4D#FOb;L6j)68)sm;%B9LKr*LJD?HB5u~_O9V=1WxT70fROlsyr!nR z3fMRXYgCvjPe~aAf?9w;<=bK)vvYB_HB_Vs_O+-~GRYs=`|rV*1$zpaUyKs@JnOAb z02@ej$3uqX4DgS(p2FD>0V<@FC5zZ+ECBggMb~pu&3J-mJwn)YqEKtD-{ilGcaqC# zYSLLX-fRW{_$YR~P|Ix;2)xhor}h9kA7a6{mRW{bZX3s*8_*P*&B)AL{|6Y?>Od(Y z0ql4`ChzBkU_&jNpWjmqAgNSmb1+-6#c4imJpk%7YuZ{6N$Ef|W{UowUcN+f2S=XM zLGGh&@VJdn`(;CwxjIdcC(2dBJmXef=A zyfREkecoS2EPcOJ>TKIwuLPB$dN~s)Rj1OB=S<}(|9dvlwyOjkJ_82ClpUZZk3eI2 zp!dHCu7nQ@5+;!V&?-;^Dd~VT&s*`I!NHQ?$BUMR#>E_*0n316d z^m2S%PtC&h105X?87Oq&wQ7BShNb^`h7eq6BXXU?UZovqvlF<)jPxhRfu5dRM)J+g z5(i7rzsf<)yWmV;0DO=-x5!UF+t{3J0jsSc&K?4gRx^C7R^mx#U!Z@jTvvyRg0dMb zmIgZa2~>V8fjPF?l@DEt6g0NaD@!mx{I3n>KHkX08aM$00dM70Rj-=>EPQS{S9##u zJUs9Rdo+&9UI^AG-Y8bItN+`7!|U)2aXXY%4{-i@ISqnsXpP<0;bNo5oh*eEz{kb* z5{HqIW3;{sbxl480X$gz5KwD=&Xfw!?LgvDM;t%|@ERHz(9#@)NN@X>rz59C2+SB! z*_)$-sR`bjmgg#X%r$&LX-w|SjrSm`Q~&Hv0&kxpcqh9)fdq-4fx}M6;Icn1j;nfe0qg+0bS#+%3|))FJg#wNLMVq{|`3d-&tvlsMV__^q{YoI-uVD&cdAa zIe7iAo!7+I*cK!l9Gv8G0Qlg7MdjQqd5kFo`xO&5w8W>iE-SS#BI4@>=#J9adJeAV z;(UEjRc}~gV_}*QC?F^(*p!@{d=D0(CTb>EKpqeT0!**o*YyLLy{K-<*fg)$uJ8V4!HtR$AN{ z!2{PZYD#A+dwn<{C1iBM94^z1+sDBAU(g(Q?(eS%B`ZpdFTmPZCJK&AbDJ9*3$gwQ zK#2wUHxL~XP-6jU#iYj%U&=+mv{6s$LWmzg0^5Yt_vBXxwR?qk99E0&!ml<> z!QFmP*@Hl%`Qeb|?0?IBo@3SRfAWLodK9@|pT8(G(AT$@+WzhNKH2}>XFJiwUZ_#R zG2y?)e+vbTFXsqHAH@2B3R?Dd1?av!cMuP>65+ov+O7NCp~WZW+y8ZFO9*&D$`sga zpF4;Be?I&F(>a@D#kwuN2pt_AI##pgJKkWu^N9H!`TQ99fHo)KQRZ6FuXUcOX+4>6 zi0ipMJDyNRSu`Pjx<%}S7G!y;_0`zEbSRsH0u1S25-`PcNgONHzA(cAg$EB?JG-O) zo*o+U6}jgCKIJc?mcHnE#LKlA;??a4Yy|$c_+{QjWUyRh?-?Ec9XTCKWIw&n58N2e zM)d#0dB*@ssXaI<@bN)^T?l}Vz9=pmDE*1`i`(f?2gveYDZk?dnh|2@(%a_9N_~S` z8#hKp;tvH?alkT8tf%vpTA5=3kzM=B>ACQj5P4Ece8O;#Ox^7Bx9_d9F_QA zUc$n|!-r4iDsHucLS8Q|apC8gYl02cfc>trEaUMTs-cZ5wunadbn*@gk z0!X9k{|!z67#ud%AL!KFSnsdBE(hVDdB20#I5SXxzW}EAHQRU z1@n}48Ymi&Km7gyJL8S=KAr6EGNP}9{LfLrpE$WaPM&^N9%_zbeU`RcL>My*SK0T* z95qc&NAt+YGkaTGQ;bYZ)}P74#004m^=Y@OaeGg9Rnzh~x58ebKu7NNcZ~A9Kcu5L zCjf6pZH~9I#7inef4lc-fGZ`fM)yCS#VZ-E-d)! zvJtQvb)NAzadKDj86F;Hfq{YHjxk*i|MMry|+AZfg92ral4Se>4<4l14CjZ+Z~`mkv>8G+u{``M zVIN1~&EEMMyR`#1oGw1v?N5r$*RUxa#DpScpBwr$a7?()6oCV80@^{~e@}v(FHnzf z;%tv&|H`?t+_gwiK(K2sn^K(^JZ_v+&nY>4iXm44^u4mcYdQG&XH!yC;nzR>Kp)y* zF(O+j4~q+(L|1=Tt9ndH!{o4N-_e^-LAFv zc6L;Q`UgwfDPeeG#s{HyLRC?$+s|=4rm4v*_xSiY@c!XpjM6uG)*rNwG6HsGWrY*` zNjBj7_lIY0A2;^j1VbH*dVK7}5VDz~*Tm_Bz+sigPsZ7KU$tv!=wAJ2)si#{^md|x zHX>PIt71yK?g?=C2$O&hEfko__B;TO5v{%?POCignbNEVkGo2ldT_7nVpwp9x>kC*(7N8!kLu{bhyJ}IWwcYfS{;gmt@>; zM~XxgO59;!(%aq~O)ZOI3LZ8uU#%>=7u3nKy&mp+9&g;&A0799CG)ynUV=SsD>#9$ zmg_WmQh3-91uYl@o8T{+bCO@cI{{3M|G}rgBCPGDk5${ODS-p~d@MMwl7nR;xT^6(ePJ4EX*7s{r zg-oP-e#>^FDyK!VeN&*miFqo0O4qFO6qdkkx+}l<(+(Ct%E#W_H>(n3iRT8ie@!|F{4nzEL-gQrW4J z@kQNRgq6LEOBj;3_TRFcS6~$i^tr^7z6dwJ2D3Hl9yc)DVY&0dY;|jk@!M#&bX4jc z%Qny+-CYD*ej>}s{292#cJXR)kWloNuZ)Q)=qNqj)IJb-!iPqr=yoI|I71yM>~Q z(rpsaaOxIwJ!4;OqmJ~d`?nEB!to?w)JZCuc($GbTYfsW$1s=IV|@rAr;O**gAt$L(S__5hp+LQH?%)_@lw69O-j#zzmVV7S=9);v(5+1h};9S08DM9TL8J~fxI z;vX+Xa5frq0Cb~k!7Z!*j6U;hPkQ|z(nJ59zWajxW9yRb+NN|*sTZ;7`qYb-RU?SBTpPPx~7-fbKms9$`%aZ||tv?5k#e=zGnqh1l@&gNDg z<5Bvfe2-N^CYjHynVODHDlCPEf~(A!UAwS^^-bToQ(Vtx?AgW&50`Yqoa25RiceAB zwctXgN}$U67`u*mV57nMa-}i~^rQk$Uj_4U&-qTKs}OatuJxb?3FymF#nP(8{r(&* z0gfJqC#xN$dTj_RK}rE=FIT2D1gOmta@KD{lUV-RiSCRQ9%$KKf7sTnbN#$%eqT?t zSSK3LL`wedgA#{N}FJC-5%pz)Tn8LdgebuS=kX$w$Ot zt{NP}y1O0DwirTgg{eizVpG_!Ua#rsb&-K>OP6qL5|Ugg=UAZgA%SI)Vz2R0X10l| z*O}q?Uds7j5)Q4B0MZQsk6s~;Gi7)()J^6#G?BqV$CAv-(UgXkZ;q@XP&U@~U2yMe zuCSEzOwX8c*3sV`g{SWyN_T^$OSdTkL-2<`6HFF<__OHQRd4x9NpUmefbq(>Q6=ts ze)JjcQ(U@w?8f)_x?b5PA|{W8>mH&TmnFfSaj$&C-d`;OYFEqgDV^edmVO%z8)p4` zqO;I1i`3^9!`CyXmp>MxpvoVpxA$*1yvujE<~3O}jf?F~X2hrl zJ(un=r^^r6g)T|&g*iN+Dv#^}0~LPM{meyXJa;iX8cm@tMV6rwrz`pLk*3`athgR@ zm|uJ7?mYR)`H%SDOB#p8G!5#+tVD11&7tzMFwJHuE9Pny=%1_DzS7DiAr5a9g`_+? zc7a_BIndVU&^-f|(qdsmT%c%&0>tS!q*!Ov?fNSHEPH&YrsWa_tC@#x4#rDwY8rv9 z{UC$WnJD;Ev5em=R;oJqwa(woRZEn#_qa8|x&{AB_2H1{>^7%Br!Uf@sk?x1YGdI< zI7>g}cGPBFNj!-m<=j%W&0A(c#V_kX!(ib0kq_`vJXgNeTuUxfE(+ zpPhv~YHb8XZ6rf37HTI-J=WBB*lbOId%AhNw4bfA(qRTGq8UJLTx5U$%nE(plgYkk z^1Q$P2hwY~9ANo7a{t{HG~I&(1LetWCyb(UFjZqQ@MlKiiH%LOia{uF6;BH*k`Nd$ z4n0A?h6sl9Mv128jg9&{HKg#M z7(#TgG6)IMi{4C_n%Bt!x+pBx_2r(qsr^Yz!^p4G21%(KM5S2C#y=JZgb+?ES03Fe zzwxY=Fy+zE-mHJh-M`tTShIo2wvBTaq{294;0=`FNQW~V849B(6wjGD!ox?zczheX zTNT-$!x)dYGsY#jHJ)Ji>UfvX)+#%M#mEFRSFX|@$EC0&7tu<#N)Q`7B4(CO{8W}+ zN}j@UWIaM}{^_2N@aW%zBoS=yaGT%p)aa5pE}FF%L{{Db93%PCXSWK4ga2%AdihyA z3`uA1A7sX;AmjOuXF=BvKU@^S-W4td;5^+Meev&}ZMII=#nnpmze}a^sDbm(y9Abn z8Pu<@tzd|6qxW_sY%lL!#wzT;jX`~K-2P2bUUBnNxo*#%v^7Zv?ix{^`ORcL6bD7^ zMRpn54mq;W7)EDG#7cxcHtKXbSr}A=gsaC2QV*Wz{3luqU-`9F=auYHY?^ z!Dsc|yW@&Wmb(J&)4ebY7Ml%(8kevobXnex6SH zhQGV|6Hdr0OT_mcPUA)IIb&lq8a_p#&o3|RKVE^1zF=|jxCGpjyA!uV`N5z^slC`d zfnIs)AR2~y+-YnylRPFKOVs@wOx5}vodRqbodND*>0PYAAk6STLij-l)w8<2brP|V!*^gTE3DutN7nkk1 zf4=HRK~L`UoSiawsQ=gn9&|<^Uip{>{a`{y+lt^l*t5k(Fmi~`EmCX@JH17qq8P(U zhr{?5KFoD_E|pr>?%xGth0l`7IS|shRzY`O_#if-F&X3(8}BoyLaxAmB0}mSc{n)2 zWxedpbJC8z+4=042)1X`;L5>rkqdU)^adqYe(Z~xmc(jW>7G&E7!fRY|426;5zCO5 zSt}JK6ZWrXd74X_7H_``$H@@WE2>yAH=H|P zW084o$8KoyPeh@~!FcB4fT|~swJIj}w*CdbickRE?YMu{gU2Idjl)?s)-A_x3&n)X znJ?n;e10zI?Q%;x)Zu;e86Jkmts7BSCqlNX-GbuL94UtNSA07Pb-wivGhb@97P)&A z3bk+N>P4US@BCl64#K3MVr#tn#7g)nQ{7#Kh=@p&50nk*Ts~{WyH6EdfN&*nDz6K& z87i`=JU8>nTy~YzY4RN&lr*sRNL>GB@}tM|HMMV@8tyQO5dTFUggi-3xT-BC@Th*^ z*P6{`AVGo{?u5KNRa%(JbhEajW`ZGLeM2A37(c)gfROH;VTG8Ivd0%e9lXeVIE|@z z+0#n39;)B;6k0_E6%6G4?6_Pku+_!582^>{HYuW{F-3}krj^Nf-G6w&ac6U6OVcikbquJ~8M_f0t3T-EvT|i{BBw`K0m@5>h zf0`Qxj#}TwGHcdGcIE|Zn;vV|)neF4QW~YTtzGpr1rZs0e#sOO9N%=7Xbz@vS@1C7 z2pA7U-LRNEvcN$fw%p06!-=8>%)Us>2^vUE6D+1&QK3Z#roE@D&?t`_T1;cK3pnSv z;@6@TNOU};@OrFNX;f3%wgKru+<<6?6CQqArnub+vzG7_JFa=5F77P%=>hih8RDM-KYm3J(5) zpnG_ITAlZU=(|FeNcd8~ zc%wJA)Otlot->_cu1E!tz_I{Ac(l@@J@j!A7V31l9m3>xM%V08rd4d$EM6jtSZo8I zB7dOc=xTv+fBuJ#h<(^U_%l4zYS3Ahq(5@ZSsCdYx5vKh4)eFdeuC+ReVDw(ZKE3J z!+f4!6!FRTYZ3W6jh`+buN&&;4buBP{{@yw*NJYm1llHig4w|oTw0AH+`U}>VKuDs%OVE!$g5ODd*?Ln z;~QBHH>>>9tE|3LbHB>3YrJ}T8@uIfcXsL=$V~CN<7G?!#cZ_p^vr@?un0U*??E5> zwB8z2FK$IX{#$Fy8;3Dl?A=S}4uqGN+ta+Vkk@Yw3f=4>#Jdk?*EG=%10=Pb+N45{ z-smc_(}=WuoEeUe!x>gQ7gXkh(E*d%l-&C;UX(m!JH8+?L!$nA%L!Xy7y-0|WP5+1 zP6Y**fet_eai<%7eITAnzo`TXM9C8U4sxYc`t;}uDVG|@hg!7VQTcsu1BXdMfk0la z6jR=J(O)d00!chS-E#h;ow40wUyS=J5GYsH^)r_3&bje{r`g-?^G#_8A?e1CAvkV1~MSrnO}C)vMom#k2Gmz8fWW-GSFaqO?CA^ejh875C9L2KU|H%E3x{&cle zTFh+@fzlr$(ZZ^K;El5V;=RrXGFJQ_L0MZ@)Y(S^XeBtCU+fj~+9b zeqXIZxrbZ0&pJ8_N=;66;Rr4PWs)Mh=Q`o2H}ma6mi)plI7rgZT&`K#Wy=C^Sjrah z&|PL?2!QEQ)}Xfp1|DbYieQb~6SbBmCfZ}6hzQli6Nk9zXrdH+Qm zUF+QXVrOit3Fi>tJMkFA(D_)Rb`1gJg-v>evZ$?oFL7k3UE{4hi(%~)&kq;la{;vq z-GGE23bFqrciFz7Z<}jBn+XJsPfQSSa0b16@76d+SB7{Mm79_DF7`mP*#GhHmSFpQZ|X=6 zumDJd=z?T~%(5@QxO!jFHlL7z=n3URaAjlFt2q*ldLMB7d$)Af^=6=B>`oXN)& z+pde2RyXO*>QkYtz7o5!o>1Rn&y=!MFN#ww#+m;u=+6s1V$iX8g>)R)O;Wqb5Q2Kt zp_uhk!aA565q&kc zRxqw@YMp_Lw|5n_*}c=U&eY^U|1Y}XmOUY%7nc|ov$eu`_0xmN1K6b|zj2(ieOS*! z4AI)ChT`SN-iWCBXL^w==J-Lh3_aaSMeJ_2W*xYsgnZd@c}>OMnLv(J?_!*XPOH^I z>nGXdzJ?y|P3W1OD+^M)rW-!Y|9xAKgpHy>uc>P1d z=WwB}?-|A&s0`2J)w$+bY(KsnX1_CBUa5B9$h(2-*T!}JCdn4yYG0GDjC%3jF@c@U7!UE~_~iHC_!rh|Xe7%4X94^0Ynzh=b1x6Wa|8Te zYS+3?j7t+X%Hi1SBS1$I6ya00|Hjx)6;o4JONi5`7y2q;n9>DzqD6u8fcT!zA8AKU z*$!w#`PZ>HD%81gKH`)+_g8joDA1tX%E~MNZU^Oh`wlLc=7#Z-l8yDnva1JF?|TMIdW zC%+PhfhUGf`J`?-DS4WD& z;z4DF24CP6p0Q&TD2+kZ-g|6m7;uefs5T*p)GAyac`We6X^9L6`2eqK7x?cEcyzc8 zO0R#YgAe{?KkcN&v9GuJ@+wCbH0)1VRIoYxf?&p@LHXznTkl*qGqaIF1SVUpcSGkKPJ34r1N-j@FVVBE{00Ih9Dw`ce% z27QT7PHv$253Ki{?}|JmOu&_1sjv9w>IhQn*Gx@{rJ#y+-xG+c4pJ~;EU#AJjra%zpyl4K_#v0Fgk!S?g>v+Boxm8_2& zkHKREG60~(B&6xAmUr??MD>^Iw=o0Q6tBVTp^Vo~4tZT|yYbVo{}(fU_;6KVb~?7* z@QuW$JQ3yt&QFHltgWpj;fa?XeNB!G3cY=0`q|F{xL4uq>-C6c1KZ`Brv!|b8a)(h z?Y~v60(mJ>KnI}#=yx1|Q|=4>v~}E1KJP5lRq+5v>XBER*;Atb6yk$D?+!RKmVg3s z1YqTJawt>o@&avxsQ-unxQq;7r3!MK0|<8{0PwqkbH{tY2(ekjoxAryQ;+t9T!6) zBuUw`fgwf{q0bZ0r^SkAm(+P}|H`d%HHQ}@NJf~m##hbK?JjneZvcw)4&3t;Fvfbo z`HTvj{v(f%t4{WK; znurT9;@JSq5?`2!CND3*26iJiAsO2Pq!hg`18{a7ST|rT9?g{HC>3ch zI43g|^WPr}Bcq|=^dT+OyOg2fF$sW@F3M*uk{!eVx{LbrQOTFL4%f$eJHQhQ9~Xh1 z-?%rX=U%hQQmX~~dt`|5KcF6vjS0Fs65uaAGiAoogrFWOUI~Qto@naO_`NY%{#Zca z=mvS0bwHP4P7ERDo-CJra*ZU*YWb?nYj5=i@-?c$JoH8WfH^AxcrY7aCb5$=fn;=2EqFyf z(5e*1fNEvYV=P!va7tpc6X2(oPNX#Iiwkw+-)XA5JCG|i9wMo+Uh!3ftp43fXDX)58$n zSK!dYA>h~2(Zp^x*)5F8O9>t)kNH|t*x#9vY6=bu? zt>mJ|mDbyP3^KBi;43Da6RP^tUfNeUIEEntv^?JcJ&|g?@59zm8fPax0zCp#grGCF zK}+34z8dRWx;>EZivyzKy`U+&Au15eblrL9di6^4Z)nPkUO?F-6XZz{2%7FsC0no< zl=EVc_gdiubR=Tl>uEm$orlgJ2p^t#PMtrfEyn-KXM5b10iOssrDm)m7>KU#DnV_4 zp7}(e3jFkMes9z>R9!h804^sJKuE{C?wn(X-GLJL*L;D(x<}1gdvR4C9Zj*V>#i5U zf7}d*@G-yPE#QS=KZ25|31?zwf^anS*9yv$}| z__j0~ST?-txDrd=ktd)=lBwO`+F9LY2lq+u*dXLIlca4DmRL7*$~o*9&mDxMPC^78 zh^0wjAi~kh2wzcTM&#npD+GLY@WkcCyLVukprykyZ3}%QUmndA$A&ZhB4`$3FZ2cm zQn+FV8CLX4bzVg_h++Lw-fY*(i+4~Cq;wUr54(p<9FLa;#}IenzR)wi_RvihKsZ=| zf04QKXK$M4BAVH?b_rHz7uMbz%O1{@UMt_#2SX(sBfZU)R;@Hskx_^VpVa}@DxbI! z+hmBqkQn0VP71O1j@yGs^BH5Dbe|9q)3|f0_Bn=QXp=eZgzrsdWdI%MO%R;?fd{13J*s>Q zBQi?VwlVF$!8wP89ViC+!n{}=(*c;ImJDSfI(NKynF6mF?FUQ?|60)hapUCInJ}x`c|lIBv!u~_$Rfo?ozRL+s5Fmmu=pbqc6}Gh5q9x zOhxQ8L?lk{^d-4;h$LDCTw5lAdEhk-7g896d;DvL^In5&r53SMi~mH%rFMyUd%Z7y z$hp&-WwYn>^0QMoM(P_LF>egr04Kzv2xUCR#Ij8Yt=VAy5w5p(jqL_f5W#RtO_d*p zS?tAO?Vw3~u~cEWba$e18rT?nDg5reAw95z!LfH=J*sdV%?5qitAX+Ck#z(De~#5) zDiiB{Z&s6HDlBw$`or;RCn*;lcj>Exrg-KZVa=hDlNZpqk)QJ081~22Sn41R$#Aw# zGK8vY_?=eGpjdz!I)$y@u6PcR2kvNMRgx62NDvGOE2Xz-Behl^ljt7Xk>2s|e{bOB z(ZfVXXO~^~p$Kv3A;MdOgjG}_7Qqzz2+H8$-^qK!0U?fBvHj+YI42}f%}6E?S

z98ukZ65pmdPSP#u41UIl)r2MU&|Nn6T0AM@_ zgD7+}S)^lCFTd^ASV%&=IiSU_W|w;Cgb3YdbUPd1OgY0*W`R{nFZM!2Dr+n2y7o3* z{&u|Fg5b>SgRzGd9=3sQpb2?TBE`K8AwQhN*ERQv^p%nF6c+I)@Rb=S*m>Qf1mcV# zv?LOZmW}QF25dnrO-3`3znxV4g+0j?D1{}yw2qMZCC99bNP%fE4??_k z|JITsL?kjzbSv25<=wY7TO%!m-o^+9#H!8F5Y=f^xwc1SGXH&bf8vw!WI0}47$#k! z@?brQ_r!P1Vo}Xs&w$=X(!)n{TVubEL5Rl;!&HPrGyeol2ua>wnqrN9uR=X;jiA1P z$bA;WUNLp9>kKEgy41pI{p^g_?92JnngPwMlf|$b3l1x_weBxw5mFCi8&eyhQ&<6V zNwfjBiM|+Lei0dTm{8;N!Lm3#z`!0PZBoDyr%y;A!TcTeaw}0t#%Ab#B<9%uL)dJ* zB-ze;c#A*t;GC83sh(lh5Az^MAv8T4`S3Y4>gA_6hfwGV#)!(SJ}H4mw&f*N&Dr)x zB8)P=5}R}8 z{o0Mpn^?dvXAf^>zwPZ_61(OMr| zgHgK;3Vf-X?KufeMzQ%vp-&y=f|IV57zomqo|X96C`ObsgN^= zF;-$GJ;^4KwW&4-Bt!(fd~{{^`WJ5am>(Q6)9tGC0W(bNv#Uob*e^YAtux_lJ`ybj z1O_${;o#VB6+Ls!^l*+PhJ*Ix#7}}pf~et(q?O)*Xdxk@N<{JkZRyvW`d7{p^DeLU z9ZuL%*_xeAG|_EjEk?b5nl&+bBEJ*_$B5e~bmgR0tiVBAi>8 z&?_3#CVhZm@y3lJZ7=^cnYKL+zr8FE%OP%$m5_>ebsotv@&UTnorh_mZ`;Ja1rgUo zF^j28VBCx-b5$*pFQAZAnUpo0a#c6B*AOBpph7q{- z)!F&F46tzLetSe~|3zt+@i9b(mPC`U9FmuZ3{_@~y8I44@un+?RlI!hpJ!QRh* z$H-F<&v`z-4{D)kHrXf=E!|T#kw9qx)E-4G`Ucs((w`@S%OF{0H>eEP=*p@q)3rt@ z>cfQBjQVel6IsNtULD*bu?$g?sAM$?KKkEFbB?4@Rm=MtNrv)WV?|@cslHNB_7Kn+YN+f`bJ0>n4QlYP@s!E z+%`vZAoPzB@i;T(i$_yct!XDsrlWiUNQz9%tBwcQ`j7sQ60dHO#n)Gf6#?5Hyg9>| zL|#!>AEN%WBzDzmeGiCv>DYokZCyhW7Z}kS%OzzBt0z3RvbW`>7FU9H11e>1ViTqC zYvr%v-7iz@@y>jRY(k>wt~!X46EBl!`z8+}7K;3VI$DWVs2%+J)Nm?s^pM5I*YP5Rrm~Odh}L}54lQSc@g8esys3T?=}WdpyIintrf%s z1hb&Pe0lIKzPgf6JK!NwpOjC=J(J!-|HE-);0v{yXf|{RDX5=n->1p$eaJ%DU`<r4^V-Vk)5h0K8TVK64>`89%(Zr7@k^A4iI#i5h z;Y`QbZM5?X(Q{8Zby+(1A&rVBFbpj*QWBr zCld*0^HzavCn-Pb@$vAgnQua6MAtXKWd6h=xbH%?A|Q2X?0n;HcBKUKOuYn5z})8B zBhT2xl|yh)M2kQo^z=LY@Hh5-t%TXKTq$R-f_vLze>7x_7?=W6 z$z89uE+h*=HnUjw3Xe3lTzQd2=iFKx+K9RHoUv(4!=n|&(+NyBqdjh`L@ag`J(DbL z5 zx8A=zi>BiEWl~vF(?}N&sEvYoR>$Fwrphd+yKC_m3`e6bSgbm}0yX}%IZ3~~EVTFN zNloh6?#EdtFVL+>DTxVqsX<;c?oZBOUrd&cL}(5Q{_&l&Irkq$Lj&26B@zJ9W!SD( ztXO~i5*QeWiHw4B`}RbA0!*G9*b?}ZMDo(X=r9{zQEIBQwp7$XhLw;vQ^LdruH6uk zZM=khP0SzX<8iScew8`qpXun27F{<^UK9^q7cQynQv4&BSrZZxl0q^37ZE$SF!Qkl zA2%Za)LUFur{+WdxTQ2;8ZJ?=Cf32J8H}mOUQIXQQhF6n@*k5-T)pGFdzn&;V}JOC zrh|$?wc0fJJgGzo!yT%5*oVW6*rb(hkTWEi3iZgc31t~ATq!Gc**an|EEJ9lx1eVH z!bsor;G#}q#Uz$mB&P(%CXo*9<_n*8ldz`_SL=SzxBE>^#f1<~oha1!N9MPB&XTj^ zMU)Wboi`L49i~}XM$KcLZe@pcIvZO?ep%grYBC3oo!+Tb-faw@lzj~kd)+89tsd=Z zmt_~7$Ko-Au$IN;a5$>vU3wmTWHfnNWYo4#VtYJIJUnwbn1mqqhO07>IdpGUuJK_f z-9D|H&bKN@b3`7kD!#@=667*RrRIqE@FI+PX!Uu7og;M|sRTey|<>%p<9~v6MG*Arw z5P^fz{sw@fNVzp1BkV)Wy0EeBz3~)qqg~^rR1Q(J@i7i4J1p(5x+4Ny0Kt>$p(yq{ z9Sv2t=@=~WD8F$(-dXW!=DwSIrG*a$nSS8h^~dVbU21XEkE}fxaw=0cpRS;H9+~x< zMC7l?DGe1+?yh_t^Dn%Bn8&9ZkD#HOpE6p{AhHO|D0wA8<+S;^4p)ZX80(tlOBj|R zr_>Kk45X&@*qI{kw-+U&rIzs6l@nJ7vPL~yOWbW;h4*$^5^RK26wpc5q(_((i{M)V zymSa7KA>;V@DfUfhADc4V)f~Ji<1}#&bQRhr=z+k}#z!!$@yF=Ip))VO zTFhY_iu*v;Lb1f@ZF|{jWU4=$vp2r1mYWv}vIDKdKl$SNoKug>Roy(k zSS`}SSV@JGiT+FfIa;Bn>~b1ZpPdF?VH&N(FYL{iGjY5MIdgLeha?YEN#$UcWPZuX zMVKA-Y2>1Eit;v={B<`&_1|6;j6O6B434d)XRwOMwECG9N$Irg$5szP+VZiM=>})nhY@J-8~YZ9Ha`OZlZ(pqiPeREfR~N8 zpz4;-d}zlho6mLU003B4W30&9#CAkK1aublXy3UHK#PghnAAq*rCE%ZNnZoNgqgSS zS6pmzC=%{IcE>0UTQyw7v6)W~6TLuft|ml0kV)m4IftRozZkmVO0N4fmpQaqw`{2; zI=Oh%^kg~sZR2q92@QR*od3pyW8Qx>ea-c4(km6m{rWBb+R(tn%I#p7_@0&hZx!*Gc^S`5d!a-2rYwg?seQQlo5ucw-<*1WQqf{o%;l zgqG{8$=*Ut1g;87r9y!RAB1`q<6hl*@i+{VJEgvn$S__GwO##NNkKvC?4K@E7f**> z3B-7K*GoYGixZy@qELRM^~SL*nzjHcgn-Yz+I*>T;l2&8Q*K@JO^5}W%Rg&J zj6mj7zMU-Q-EdNV%UJ}pk4({iyeBLp{1|*$i~=Zu!KVbpYXpVH_szH>v% zhL}T`0)jurS381@fPP+QamV|v_Z!}#XnmUlNlA3p`}{&y7$uor5MpgaC#Y@b&$_Dw zR5o}dZ%hRfIKpy50s>PqMFE zdZX-HSJSMOPN9ZC!VCA(fphvOz)W0#y63>Gu#VH&3%0qUw(A_N&d&|=vN{l+f5oY) zQ|EzgA_-2N5Tz3jy#lNcJ2Ije?w`2@64){ST05Jpb%rj4`BfNrFnZo>;FdM2KIO|U zV_M-E6MU`!)vRlG%}xMpn| z@k_cZi7|DftU3R1G@KO&*Kf`4F625Gxfk{?znyOqaaEgUx|duSM^6kyiw0gA)78!W z!N%Vvx?U^ahgy$2o9-9tM&U2V!W`pO5!)Y|KG<%5dU5pY^{6o-ai4*q?2DCe`^Y;1 zm7C&%)EwE-PV;NlA7{aF>}dSq<03QZEb5=;XEGj1MfF>9NswmK=tQumqwoNhlT_$T z@PCd0hh(#d*NvPhlLjv`nPUk1FelA(*7*yQE3+jt3Ns!vA9E(NbzdwkH6R~XKuDeG znd+IPo^JOTqpiK$cn-cpA@r#~ngITp{Rq(ML`kM;W;qZJ>GwA>to(;+NGg%6VWc20 zf$n)1->cOAvn$_5-Aq{3gr~#n8SMa0BdJ6NPh}Rk)y5`-WGk~2fV*-j}AT196OO-j53CJkm3Aj zw)4Acfu=_fF`eefq?j&GXx({7fnl8fX))vn7a!1jUVv0wzj(vlYC{0IBN*^eGLvKIbqzZ1v8{ z=dziPucy!Em}wTxf1#NwssvP`+7n#3N4iO?F&uearojC0Df`lMdvw)1M2gO_h{8ks zPMd&gA!&+w;3n?n(oqF2rGx1c(pxOV9j#sOm#(>`AJ|XELFG5>r&Y3+OJ0L6a$qF3~rMgchd%U z@4|aL03;ya$6cre3eUrUFJ{VV*rExel8>`u^TZ$F4*%knks1<>;g;d9_f@#{L_8ap zS67^}hs>u;NX)|rN$1F20$1B)rp98qNVe2}IFR{XD*W0!kA z%C_y`J}J`u`o(G-#_WG01jBniqzxekm{c4nLGNtFJz#nBPb!g3oW*$1Txe8NcsbwZ z^qdEz(6TW>vWa~dLZ;Sn0d0m1&<(|H+%(T^SPJvVZu`JGLG_vH+|u~QoP^f$Ve=sY z&3Fhk@CFdPPIeLQ^fh%8Qtx9Wy5X5xhkwW(2HHq}$caLZX`F7=th-!`Q7!{=9K7S7 zWz#y(1gjJ3Twv|@r!r9A+FrueSG&&dKXln4SgTJhpMZtbOmC*t=qv9iBg$TY17beb z<7RCt>KnRk%`-^a|5MeM2SVAsVUJ<#Av;;i5-LjxV;iXuMu^DXC?rePv9Bdr%f5{f zA-nAR+91V5+1F&>WnaHD{oeQc-tX@@&ok$_pXZ!&FV}V56{m&i6tXj1TFZw(%+G!l zmBt_(67sHzlu6^epmOA@@y-kzS&h~?{4 z1^2F%nveQL_et;;y)<4y!U?`(sZq++Y*sTjJ{sPQk9^Kx5k+(4yEU+CdpLG{kYl+M zKi=a@FRbzl@~OrLUexd#y`d2E%xn97ujV^gpD{~Mx~^~~m*8yJTtd~zfF!TWSWx7N z(a)P~L(sZju_Hg$oH+6p--+Je{L7a(>pCXCZte#JBIVvBk?YBDL?)e{p6V_Q6xJ!8 zPwp20k-biHqe{q4qSWvDGo|C1&a+>bW=f}pmsg zdx+rIm8zDFS#}L+q}cG+JA1e^^C%i1jXocN4hL}rB+h3b3JuQ9Ws=I5qQP_*wj;S^fiU>|!#<>Jpr zI4Osf$fVo)aT5|n9aJPFMl+Q-6q(jTJW=@gB6*f4G!5Vs40=FWf6z1gTD?&LF_pc+ z87R+Kyu}Pi+O}{SfV$khNG|zjE_2SU!bxTiv0+`JfUB7pg!HcaCEvqB<%x7mO8jb- zT0E<+Zq0JxWOX+4yWI!1Z=dF_E+4Z&f?B83(0rZIl~0toJ?6SPG&s>(1zV>Z`ddz` zTc4hG+uKMz3*96&Od3DbIJ$i*=V2NjZp{y*>Lk!bZ5((TrcY(A&%NiLv&+F#EtKaZ zPNl!!?Hp8;Vc-saKEj`dyXx9VdOLZ$A!at>ejU3OQ@r}aVm5~u@WR*S7d5517E9RL zUUom!R4n|1R?QjrZuTx?=@R}?WxZjmQ}&p_gxboHi15zE^lo)TDBPGWsNyAsNe zB@Z=Mc!s&Fdp~Ayx^zx34-d`A)qKwd$s+cP9$oyvzw;0TOx(%@7qz+!%Ju}PrO8b6 zjZZ}~L>+l@l^{BiYApcdtWFj$aPN))HKFIYu8fW}#ZT5# zV)wy1Gi8-y4|XnX3YKT^r|}9Fdrt8r(+|QljcA6FULlp!>ZZ^d1;7Ie=QpDG7TX}f z*J4WaH^rEj$V%|7X_1h(b$gpgqGt#yuS|dS31x>RvpToJ;gr_Xi}m->UK_r2$k`&F z-DAjAL|@FqcDZ5rIAjTc=Bc#OIxya0NjFbQ#UQL49|r&S46>hW?Kcu<+h^xRDkco?^=wZ z;L4w0evMQEhbl(PM}hM{`fG9d3q|t&RPu?sh&LOuyS^Z~KUh2|Hi zpY+IJo#~K$=h$sB&V1T|fTVg~F=qj_^lO^IYi}?6<4eNX`jR4c7;pagGa{U7=e+Ee zNHOlzpeU>@ofUIa`gOml)q}m7qg3Cqde_nIet3R|uKb|GSgec9rO2PP@pKI{R@YuP zHKk`EAimL%P{K3SM{C zZbk$V&ttR5C;mn|(^rYGXl~-9X!!E=U8-T_w^yQQ%zxQOMLy|tO0!*H=hbJeL)Spq z%gZQv?~68UzY}*HUwkd~b^K_I7XS7|#AALco=aSKh~ua9SDP~?khu*@k7tux`qKw5 zG&fh^TqBuH;cVtGg^eB}A$<$`EAoYV8?_Mp+5nMln4{zXjSo@m*tdQF!C0=R5oOzW z_A|ttOq#b1(_jFkDMgZARd9!i$!Niy8Y;Lx_C9h)^AX7pzJS~ufFs;(Pl(IILrTx% z7Hv#M2b&t?%d<3Z@f5c1#r!5`ubn$wjXD9m?jhS8_rq$Crkwyqw~(2S&CSj04Rr}4 zvY_C=^qOkHKz?RX(aRnU=Zd+7W~Cs#9E=!_5Zy%>SpA|~YqK?PZZwqpR7tM#*o+)I zlZ@v1bhP0Fu?YX{%RR08LuG;egpaQWekr6^?9-yz^K+dG3wN6!BD>%k@m5 z9jy4w#fa^_Nk0cj2jO@Lpnj9Ho7unDS)`;W7g+vn;-c2)et1c7T<2VuFQ?so?w2w< z5Abw&CwB#g^qPM0ydCDWot2S?`F^E_g9SD&7T?;pWtZ~8UKNcu=m4bM;RVF{o*}^8 z)w?fo&~$7AqIq#pU|_t5gJ^|S9->u*jvE`Z(eQ(rUYV%1RJBbbm)+{z^f+((H;m9V z@xu%|bn)LL_Cy`L!YY&ieS5FYRY=N7(@_9!H4cgy?tRqHv|&0WV3-hkYn+<1n8qKr9r#qRkUm!A!uMHvFAn zshPZ|)hB`qfNb^+K0eD=>FJXd;B{gqzF%5>DLf@lxlg$ejY%%BE(&pebnnr}Fg4nf zHd@8Ra0|u>ZV=QGuuhi6P`A#FyTAO0n03y@RD`dXtVx6!?l@)lY|eC~Ssk`lHni9F zDipOpyDmP;d&Fkd?PyAG(>7j6tYhT-D$2D|%X?Q;XlFK+rw8>${h3YqeZ1Nnc4p{> z@h$h%*S)UAt{xwuL{FUVnI{>)SV{{-rv45~Na3VWaaL4p`U)f<&PTOGCX7_j>oxB& zZ7|_WkqKnz6{`h<>j+`U4NJECpob-j&%w zgnI=3hP92%gWEN10ABSiD3w5}`6K5(5xQD4KDn4cWMA*?6)(_R=+!omD{82G_A`$I zh%3o59VKrg^>{o)=q})gYn*dDmLeVoG0e+c?|=sdw{gpGzm)LUvW)p0#xOqK(5tq} z8b2T-%<;U_mPYS)Y8<#rlCuf{y+lARI_ifB;#<60Ei$rV1T^eG>MENyl~&m#HKZ*d zD)r7|MWc{Ep3*sUE5l`T2t24crMR>ftvZ_vzWk%R^fTWo+@j}_h4;A&HyL~Cr>VK> zNqBjAN$nSC7qM)#R^$z*hs$$3NX#3QWgXQA=RxkC8*||mT1@64vyJv}>)imbqkU2@KLdWWS$!j#XPXHt)3kVoI zC1iZdwK%`ZY`l(79c+~md&}hCdq~^$FBSmE3I=3f>lvMHzE8tf!J;Evw-gz25O?9KLsWh<&dd@r>yh$eNDfrH~Y zP8lahQ(Q3z)J-OCv9AC}m3)3RS4HsDFCD;RnzA3Epa2vc(+m}K+{wtuD7z>yP6ZH5r`18Ok5!=(G8mrFEElZ9>s=J6Fc# z2R!HHHm)95GUKlqz6OLP*on_aox`{BVgLxDndEY-YCGLLR-+r+whXm4XLM#23VHJ@ zU^-L*ClwO)I2V8%+vZMy#w+`!!3v+AgADU<6ge>z!fN%MuJzSsXa<#|MQWcGwK|TN zQAaT(%}Gbz@wHXx@+$1y_zoGlg?D&95V)G7(+)SH8Tj3--=o4N`7HK3=j9>L+Sa(y z+mL`=o1?%^iQON$tv)gj(S*1F&gWD#(gsT@^C7gQR8r^QKW)M0MlFK97~ zeXcFJ;bijM!ouQd;e!H$@69}TpeZIcT#5>jk?jy}_BV0Ik#W>s;GQ@?_eO!(^k@D< zsbthj-39I${^#fL0A~B9+-`KBhGxYgJh(_(bg*pqJ-Z;H^|=3<`PtX&y{rz=`S#lk z_)puj)B;*3B&3Gdca{gGb|4+~q!{Te#%g8fshCZ%y#loX_T}Vt4%9E62Xhez^HUGs z1R{^m#P8!n{WL3ZB>KRg41ghZg{Mjm4k6J>JDA+@p%$;_givoN5xJlvLSR8GL9u5-tg-%`fDE(_O#{Lm ztSAm*MS%RANOAz$v)^@H%>9A4^Lyq?i) z8M5MNrgSCpZstdHX2ha>@mylJFU*}YXtl0%DPMjg)y~dx_W-~)&ow(i=0X_+3E(qB4#=13;?ma3i$nTG4|ysGbzj=MYJJZ=AgpAJ}S`6X5U$ zQzUs4(~iGsXlZH5DJhd<5SrE%K*vOvM*ypwNUb#_K5&r!SPHq>Ztg!!o5*)eMm)ab zBRd2lL^6^fcKo!^4K4-|%de+doLa#Rbd`5hqZ+0fn!}W0?PM++xb5>WL;;+D8~4NFiTG!4irJ}vMvK4Kd+vrG=3 zvY!PGab5CuBOjr<-jx-l*EXP#3KB3MK&Pv&2m`(MQXip04+0YXY3MiGS@9*UMG&@K zL336Hogl%NV*Hd|j_8XK9ql_OE{lCh_b=C9(l?Ro68!y*bHThBN&{fGkz%^cs+;X8 zf=A7)rcApj8;r65*2bkohDzAr+LfAe@-xcEbMA%NT1 zZ5;KGS`4%vrm@2u66X?mHnYJ{F%6dnbUo$NgZ(WSXAF5(!sSK6ySDUST+Milu97DI z0lhwPiSG-0nB+Aqg98Kuuh&}n(=0+#F5wVN1g!}seJ^?Ry5O|NH%{yqMW#`cZ-WhY z+IM+jeCTs;vD-scxiXy zia|*;-ry3dIMKdw>R7w(bBWy4|yfw zI%VMqJ4b!5wT)c6%!=ev8#@<+*F76*=iTQJF+O;Smy16|xWz;VD@jrACBO&B=4xHs zAhC${+FCI8M?G*(&nIi)T%aTEFlBF@_vgG}(cfUp%H{a0NYVeiE8YPM&5Yj=k-LSi zCpUR4_m#-v0ot3DZ1BAuI5NM@uW+|8w90S8crFGg0aX!=ku^{mlkRwF6>-9owTx5l zz+eG!GZ8O|2<;UcQ9Jf0`ew>QFAn5(+E+?1YT$(z?xc*RT(?3p{Msk5Bk+odR$>1b zp9w={3@*eC0h{(fzuQc_{+O8V}<-51m>yhZ>z~c{4_8F1F_BY0^Be@+;N`K=V(kNy%9_ z{-qm*r1x|g@Ht8QQQ$3@mQ~kh-)Wr0;5~1n`aJBZNm!v%qicF#q{G*QwrN&YF0Rwp zYaN>r2S9}?2PzKZ#IU0bPzKs7N%>-)W*)OlC{-P?>gvc1argDIvw&}#1KBRrdb=M> z$Y4R7s3FRrOU7ix!y~sHK6dS}x>_axtd~uh3X!!1Lp@V1sp|QgI9o&pU^QfOQks(9 zbVX&=RXP->_((M~gwjGFa)$cvNV+#ZPtD5v2lyyjTU02UJYNzl|7t3R0B3M65&32- z9oJ`8AXJ1x1e}N?qV@dw5y2kNTV3T(BO*4$55IbO-<>u^5aD^d6C|&VKuZ>6VNvI2 zT1H_H9+}E2w4uq|)UH|ZGnA|kS{VOO-oNOY>5Q}>0^2owExWjOUN1KSwZV^GwO+milHa*);tZtz>kBh|_E+jASo%*P@6e8Te1)kT5<$x)GAILeT*0s?xO1|I-8&g` zNaw~WrPNz}V6Kw0VO?6Iw#MB_DWF>7JH8^pS#avf&h5irO8ipnYMs?9$pw3Fw{ymW z0d)t?Qa!nINxkxmb9oLfhiqxP{wxFUm*p~L@H2#RIdHNSNuL`2;0*JS(&=5O& z7p-k=wq&HFcgG?)L@R9hfl>xRp6y9bUF0LC*92sh8a4b*y6u%F4r#^=7C@GYf4YN7 zpr-u|C~e>JkO6x@UvDxiBsh5Ebx9*wEsZtbxehA9b&c|VBVKwu;!GeodyL=g)*BcO zDvwvm@iJ=3?0@n@7JzaN>^7z=LCoy1rC)4nQVHN+qYcGYBbW4=tH4#8s|WoP`G4tx zNcun;FBelU)axOl9J4`LvSe+SDCA>bChxkdFwXTvMF6470+Hwke}Dg=|3#wF#~|2M z^L5Up7|{n>a_Kfjn*$%DSV zyIw#T4hX8dyjvez>U?Y559)A*08j~1AB7TWimv>JDW7Wh`jii~R{ zikq6w%*Uf*%Ku;sbEv`9IykxI%X$I(_y1lUl0BR`V~72-oId|#wzBQrmq{)A3Cfry zt-1IdsuOp5M`PxRK`*2#rhsksd&pYY3rRn-242NeU;Q<;ghyZGxx~-p;y9&!wIeYN z7Z04rM52CIOMN+XKX$vz)ftQ2s$1-?Y{=p3IAKdoH>vehRyfdVpO|IF=+ z$cyXb2Nhh0zmvKACZpZKCCe|)FPxejx%rcyX_P|%fB%0Kp*lz7USqwatkuFXO?1`=+km}H~Xek^O|9N{yX^wAgZEbaAFj$;=@LV|s zNX?W8;Q_Br`Q&KNuYGdT%vJlZ^kXIz#8CjHlG_FvF7y;joa7Lc9OYb-K>}9Cu7TfW zbzoKOV_&ZY^-&!0Gqt4$XD37yw6qEFF;eWbq_0jCrR=FN=@cTq@A_Fz-%hbms;9rw z`ht>K56;vcERbwc9juv59&~8j&)ST&)JPxkN5(yt;ol2ld(!NsmgFqa#vH3JNtsM1E+?c_ex$k--z^wiYRAgP^YL_5kSl4RzwxH4hJ)GnW~%iQ zpPg(MD&eP7vxnbCv$Y&Zm||Kz%3j0Zi~U*eZaPfXxU2q==quJ%OIjMb^n}VXM)&INFWKJ%vbpl9O+Ss-7j0Tz^QbIttJj=VSTQk?c%ph~`PBWvNbfNY?YBWP zy(+Z3K|EKRl3vS-#af}n199|pKr7eQ@MTJFWK+c3^icGb67 zV(HkW-Oz1YW8r%a-O;peo%j#3zsJ|~eouJyv75ITm05YBW?)NydfX*W`%NT@)t@M7 z@Vs|MXcMc=dKJZ{)1=3cGI5DdJGLnvrc^sV3F-zFZf zr7<6eAG`f>__+P_b-3L@Y`ubO%qFI!2}fzLQL9W~ry9c^Ii>x`{r(rCi09ENV^nzjDuw_B@{_*SZND0xljoXGD4 zsLc9xgf-Ld4N3MgQ{RJ``hZ%cZ}+-u(>lW43wpz}?jdTtC63#;zj+1M#&w=yUDC?# zOwgPRm&=sc2rd4^2H#*i`p{82O4L2RE&@wqJTx*6DWuFozyJ)Uw(;@jH$O!l72c5PGImf+pT3vj?#u9uG`0)k?cP&n~hQkBJ=_u1urUZ*oO9hBYOeY1&-w-Jy+peDJB0tRatWzhq=w zG3R4y&3@E_6^4t7z1COmY(04~VB(BtFB6;}`8JBn{4@Kyc5C3>Dru)_zBYbwaaf@y zz$LN9@R7b>D}++)#s2n_nT)Nyz3XE7<^3JMDB;XsIb?j)^r>^7$SI;R@ByL6OEP{3 zwcCkJddxmGlR^}j+>CGCod7p?ul5FLzEjuM=XNONWPPgsP9U!7!AjY^JjP!B8B%OU70RaJV3{9?f z+F-w1p#;=b>>0?PDF8k!PBr2Zj3w%UgX{92k6B zj)F-o^V?*1kyXOy%gd`;Fg&(?bUW8^oj5K%P+nT#8!Ils zevbgap!6>ZqLVnl%zN^>%g3{jut=}KK!Yx?9ni}x4sbS`E zqV}m-F`<;?tTRQXHVNB?47_Cz(ob1=x{@w*cH0d#wCA@@hWhO=?)4=&Zqu3B2+hLu z$j$&mKT#IcGu@w{vB1uiRBw3w%W8?EuF5k%MVqY^l)wdcY?<>&SZibQEzbC^#$ip3 zivf3;xZ`$38RO|q6km8g9t)s>lLhc6-w7Q zoPPEUcQ{*w0@6eEkGB7G9n-=qKo}bDAj7&iG~CZvHnRYUS-ms*=W2W-*e=pgAD zQ!u=l^PKGhAI#~A81J$U=(ibodhln3$x1*{M5AXZMSeN?LsDjaUb@a5)>(R4}qW_0hD5sLdl>Vz(@gC zHUD7!H0ZcaJ}>!%&k~le=u}9dIV!VrCx-1xudTY}(WPbvg|hY(w3?MC;0oxh+0 zOKgLyNjGO;!X|PrCKQjy!j%=JE*y81d*8z>)%0CjkV}=1v2@tP+$h@4)v(c3x_08+ z4~oN5A)3dCFwXY^#m8!%SB3Okz#dH2L4pzaRSG>b5_Zz_+X;y*^BIRtQ)? zyga@z?u)V!adFmPH#^?XS-eh`JaS~i|1j~#q0Nj;?F$i&%2iqZs{;1XPvf{__~rAH zyiy{MbZ(K#JM_%)1`v69qD>^uf&}V|23zeu+1>IHG83!2ejaM4JCx1{K)&!MAkls5 z8*x&{Js$$R>>s|qz80Gg%LcN5B{x4dgDhb}+%=QK&!F63gIU~X)L+(tc^e0~E)R@P zGCZ5^2^!zKPL?$tXo0&|kJ72V{pt?J zMq(BBgE(npN!a`6B&xjNmKAjuP~f>i)44=%@b!n*%__LE!gaB`7K-1t z@#$$30&;MK%IG{*clLP4hkIxDV@RftD0Z@z{D1cN{+ednosN1sw%f;#&82qG?gZtOg~WaRX_nTS#}&)1;~$$hw|VF>r==mKsN{31=OvO8lVr~!!P=+e-?Ca zEEs&6vS@Zzx+@OBRixIrXo9HWIt5hPIm8l%_PWyBwmNFzw7GQ7xhH(tG%c5z%Qfxb zD0w(U`Q(Mr_Dr$*;5X?4M`^8{@AlQNYX(ee91m*Q7-qhCYdwmg88x+D);B;0AIYF& zp%7}vRFfOqfthl*sFjDKBJR^G}!|n%maYr&9DWk4?DdWd9RVtDhDqk z_X)<`;~rlN8NN(=>i9o&B2R?b!Nmzh)_;6ENd zmL0B^obC}9*3Ay5_Wc-6!W`~2<{3asP?Kqk$uW5d>_wuB1@wCUlamwm@kSrn1R!kQ z9uY?|kf&b&z9WhZgn_}(IZ)`F0m!N|kZ$WK3bww)|05|E%aDX!ef2etptq4#gX(zk zR$UO(uCw0nO#+eV6B#FI4qXs3O};+m^!)JGUHGf9o(t_FgoeMxqlBI@Qo^;h_JG*P zZYOYjX#iMN5j1LXxx6I1P5F24{HsrNANDQ*WB|Hs6?EIJ8C~9E=AxscEkF_5;f~J- z(+n`ne{Kxq6$#k}j~?4kTycSs^NT=jfA7zqKQpiSuKqiOp#Psmkh;;?-aeX}Vscr- zRDt?qRwGC4rvL)To-`q< zbLXxy(9uOZlIb3deZkWZl(PP>*|3?m%^^&xi&)fZ$N9JZ;DcB6MhjOg|7Qp#Um~=t zCzGLe=5}D{2PUtm|5vlVUsoe**%Lig{Zrhs=xds+6p$qRzNn$9+Iem~ih=XPHv9jx zwrUq;drAN^2L}fiOJ?af2p9#cHSS@kIK3{4Ood??xVYBV=jU1CJ9TWF|NHOzso+@^ zq@IjS@9Q)tAO!jNvNZ4C#~<&r*9~O;_Z>Ms1n;P(w(BHwdaT7EIq440BlkgTmr{OdMd2hkWWnGgvT zH)2hb@27x;yJ_>>VVmFvuQ##0Q8!y>y6~8Yfq{|Xqj6VyJ}h?X<(Ovt%2P$3r*nHp z$Jqz1G%^^38eUDvhl01>A$e|QQ}`1D5tM|SjtAl2j6~pH(2_Hf%SkR=VGd&%UEPg4 z>kw+LiiP}dNQnvH$~?Fn|ERSSKr-KbcSvo{uo-fmvfb1On+-yRGzKmx3I=Miu}KID@67{z;*0eYqzMD~YH7 zXDB6%B<&WWJLKwyJKnH(us1)i)~rxpG^c+t%A$J#^Uq&8J_1i&eu`YLX->z+I5%=d z+)X*~KCPI)DwO{35N2p#k72krLk|5AEUmW4;TE~OW`DiB9%m2#|7Jx_xBqY|SBdOe zKn6v4$BdPpo{2})_42Oeg#X=Qp|<&ZAad}69(TY^lA9^tK3hs04C5wt`To5eUE3@w Yq-4INjgJ_x8*%bR%63NVkLt2#lz-f`Bk|mvlGGs2~bRNh2U7-7PWF4T5yT(4}3kac^mC~!B34?rRj>y;p2bDs-pC4M8Gy~M8J-`x8(7ZC4)wd{ZvA?c6No< z2?2k$M%7uEBFjtGsZ-0F^nJ~tBkwsWxAnm$uf17`q4iNtk;CSp1HbvCQ@MGhhbyN0=UV%RI}=tzY0{cYt-)$>TrXL> zmfGI8Nmree5@h>f17Bg;o+y=V^w=KnSBPYmjsxB`2K>SF$a81X_J;Z!S>j%;A@JY z1Q=E$1Kk=-ct^X$K%zt~UFJCzL=%>3RPe6@L`h}}4L5jf_i0YV{`0mU zJVJnDL;yw>G`Cu#aW_F^3k4l6M%eS6Auxy$0?G2J!JqB)7JjlRCCs7W(YZN@S7Y z_Y*Ew1G_z6w-myVrlsQyGTUS?fG1KSs%)bD4+q3cxuGFSCcE1I z8emZs8!$^ljb8O@c9nR({DZ$cNY7p7xvQ5XW;d=Ej24{+G5zypRCpe|FP{IjqpK_3 z>*jpjx_xy!`4uWp-DIIT;9x{Wa90N}{NwJh(m(Tvx=$Gz7N$ZgY@yhRC@RsQ3N^!? zu5l>zfn<3HxxfC$fbFRe0@VH5oQ4ed0>BF-=N^8k`6p5~Ux96UOP7YLwCXF6RB+z$m$3f*x!dgQy(?4YwZ*PK_)rw>RJ2cP3x{ z_3y68y9t@k!aiPJ|2j&aZQ7G$5Ve8v>(_i9$x-3-(qA5WJ0`veX7yfj8} z$eZqe@FAQ|M1DT#HlQblU8Ul1w$3H%SCQ^0+%i}7CbAvZ_lp<0i`h?gd1XZt`n2c8 zbQgBZ%|#)jj6b5JVT&h8(xU*}O2Q-=dU z4-?4$cuYs-aBbj;jQwkm7mjiSs2=WYS)KpVNbBN@U(oO7i@4MLs5{+#vv=-$vs2;XUV8@TN26-1 zfd9lz82LSC_Fe?%YkvDgL@NZxA!X)U|KgQK#3ZTpdaQsQNM2%OufED*Z;pP8Oj?+6 zYT=LLc|~EoU3WaLKhSu(Gj*@tbu|Xq-pT$IV80Wt&JR=e-2|_N<$*Lg;N8FS^*uAe z>qlN+=RH0#OY1o{pIc#J_M0zD=t=<>!RZY;U!~a`FHZSMtioc~a<&{cG(1tge32sV zma)fQ*7p#T^mK@VUHR-vCjKSty|m@^kzI>Xy=zW6*Zyq1X7lBqROPq+u|R2uY0>k8 zKEWK@(cFUxG~eF% zx!oSD_F*TiUL0>*0$zl3!=aYOhfPTRxlgcV7EP|*`7%o$e_VktY`^jF#j;0&p=Z*p z`{?t7evu*Cx@F6-RfivMuw#ILf9mkSei8=cnRw20{}BWO>Z^`%z!-9AB~n%Z+0maQ zLW~w7frmV!umd(`o*M{5;X|{u{*>bv$)cO#9`^H%x-u6V_poHtq>n#?=VWir+K}9K ztCw)v#e;dj{iJFWmLl!qWRxXLIA_Jsdnq_@qQ}74XO#+T8a?u?S67pt)C7~1XX=RuaD=}rN8Eu8rHz*w8#`Y^-hu@Eu(=@h zkE9-%qe|M+Z}#p(_75>?*5jdTQk^4;Q+fX|mZ!cx+gNURqOR7^Cs6_s!8N}C?^toI}g?ywIr z+-3IeJO_2)5)F=KCdiq%21OsO|8pqhLC7^>WO(hxV@-aiqigTJQx`I=_rz2}&G@lS zkV^E9ZQs%Z^_;iO#(uoPvNyfo?qJU#_?*u(+_d!GZ)jn3t?BN8UO5P2f;YiQ*4;PN z3MNzh4Jxso*}%f9ayB!?KIK6sa;h<>ZYP8% zdL!#*W<4P9;G8fOw+Z5m25Mn60UlJZxVeOvHtLVK(}n5YPNW~{cGvXgwM@KhX~~J* z_?}+W&(Z5-QgWNs2Wx{5AKk0l;ivUGP4bJ;Q_#5JJbrXON;iB=wSnoA+zbdAqo6I9 z^^=VHH_kx>Y`7@IOXnf8q#qxjeJ=B`K5$)KWyXUp6RhYh66$OKC(i(#q|tQh3S_VB zXpyyJ6_>X8cPrtVH9Vuq@#1KcUlQ^ez+4ZhF|<0J1(W$2jx$UA!(FsQ%G!O_4- zOnbMx0{l$rF$~>du(G@yZW-a{gCjB2-E1BKC9p*hmp3%TqqE1OKi?=l&XE05ZhXBX3P&8?9b0y$ zAN}xq0Y}LoLUc9Y9g$_o1=V#*=m6eQqR*EGVpR|Kqg6>`c;%SR;Jy<6_1gF9><>p? zi1j;Cl1GvKNln(Wy>YzOX<)tqkQlWk4J20Yz3g@Ql`o4B*%y@I9>YWD44*yc?}sQX zt`{XTwQ?p;Z;v)j{)-^MW+1m7_5`-HoXU@;_2A?(vIEx6X;d8kHqGLi-e)8$A6pHW z5o+s9O$=h4d`BZ&BE6lqn)6~ou;r>k!rZF#UKEIzUR|MW8p3B%e(-=nA}lV#56QVr z!X)Eg2d2npUbBSzr^t~H&xJExHn#n}$ zjcMd4Q4diBT z$r^(7Gs&gg%-pA%IP}>qCK*UA1e-(u6&G>^a91+gf*;<|=1ohBEh&T8UIGF#tnl;G zg`iu9!GS+w^{0c9+k9@3eoStx@RiAO^G;!mJhtC@U)|Aa;gU8~d-H8b@b6T&K_%Co zoAIUj_Qs6~DZz30$2;Rtf9w$mU1VU4-Zv?di{%Gh1bvUnW597n0dsya$>Q;bi-{sW zj_My;_A8yjZN*5RV)+rfee|}yw+a16YLper;VrDGnz5+ zU$v2~hf;iOQovcjln1$A0$i8Foyr8%{@&tIHh(Y4)1FV)V_#CK-8kYHUwXel*)%;H!?wMNwKq*VlwsepnjrG;)-&tNjnSr@Jw5DcC8q4@D13;euYgHRUrWa0$p%;=a?(9MczF zC0+D3gWMHQW4_e9>r*a=&}MMxi<*efLTq5px_5b|e#RMYk-^(HDD>;OJ9~}Wod`r^ z$&dGtKAFoGxh)eSu^<1fCPcZ&@bTD)dmU=$tVUYB-Ae1}C$F4=5>w0vUkQ8pIfyCT zirSIuu|hhU@%*BDt}{qW;Ojej^9J&g`Eo@)rfv^7?0mU#Q~PS*OBKJ?In0T9({woO zH6P}{?T+dS#%w)UI z321nbWchtVp`G%aTe~r!RK}QWvWin|$x}p~06AnO-HC#5`={8M`eKgJ3KitI=kLDf zy@VN%DaPRx$zTTBTAx6S^`|3%`+4`h7UrIm^V$I_#hb_QH`7fZBG|jJPncg-PR-}? zWvU3FIc+n!ryj$uxP^MX6<|_HhV0qbq13V!!PPtlHa_~6B>m{@`=$T-2f{l zV%a_~(8_n6_CRNq{+TG&w=RfOO%(cpX1pHhrom?o2 z=n^do(hjOJEiIdMxjQZg8VY<~0zZi|2(x*zCzHWEA*inG>IhG`igX-&w#TiJ9UA4G z@^s`xrXZ+JTVriN1na5B%Mky!zgF4nMUb0zhV#Y`Vj{h^#|It-fp~^EaxQ@C&Ppav zh-0XvxNyfVvh5FH5g9GXtE?imU^LeZ*_Tf|Q9r2gaG_?l_s)f=SV0n?_wNP~(I2V# zUl*a!IzX-0ufia{^ah)-UxkhqWKtwWOCuc5nu4Skw*z1pV%YgM?gr=)il=kQ7xtb; z#`%5qHc$zO1MX9*uxz?W8pVYu%Q&a|jgz`WjZKSUT(d0AB1&xeQ=it$i1?Mah|*8E z@8#y<`0JXhlLvgu}4Z==~}5-^9wrdQ%zilIB1HJ0994F6*5 zWbIBxD5N}aQ1yYM3GME}ygR6L61RjzVPv7zr}uGAMH2ka50Zkgj@iEBaG<X4NI0C}>09`lfcnLn~nki)x1V_HGsml0$aX7e^Z}EwbFbvw4)kG4O(DDat zNRJGO`)J2a7lKWo2+p%_yRhopJAVt$n4U-lt;1EH3k0Ew(Aq;oKv-HywWWYwo*0+dz z9^NPmV>i~bH;JDXp};?Tw) zdi+7r0tp@d@rrQPh3S++f@sqDBs?8#e4 zC)QJ!A1lo{i^!lB?`OU76~D-zMXR9Wti*O zEV4xK4IVGl3i*7Ty#Vqv2Yt<2(Y^4w6^uF|VxVT6ZEaNj5QvRIX5!xUSEuIJvnbN3 z(<_(!(d5!7)b^uqTyjq6Uc_y zeXLFpTaX*;0P(3yO~fVMYm+%-mLOg`yDAx!+ZgZ4 zALl}%Xr%VUGd?6#5TZc%k8zNc18Q&olD1EeThK(>aQgcFvYkIcwfAKWI<@Zvb|T;ui8;oN{AFGIT0>O8G2KSPr19Ed z-E7+*P>^IchK^8P!7ozIXk&f9+Q2w!L;Agn=r2aq#hovbvIkaCCj@_ z+9>aWv-r~-jVn`(U*z@2>`&R-o5NqGin`2O?qD?TQ;V-H9ST|OWN26b9)7mc zu&S=$!73PqiNi_`Y}vsJ1lk0o|Lpn3uD_reVZ6y)HlCzj7kkBZXtE3-5I% zLn^gPVx`~G=Nu6kYY1lpkosrQS+dX^hn>lCvmvG!OhUokI9{Cx=lgk`kE`)x$YO&? z!idKt6*-=lGy+I59V}Y|*H#+Ik;40_iVt%U78WLw|0K^&#e?vIeS&eE`+)F3gyN;& zWAs|q$~s1jjYX{5rbp-f*n38oqjd+&@u8T&L^M{UtNUNn+C-^dJcfRB*41+3XPt|A zEIOHo4oO5Mf)F|1LZr-eSK~(Q%+`;xd2?{y_4$+hz=21L=CKYu#$vV~<&R=(=5S)( zW=j&Or%-y^`sj>K=}UQC4A1)`Q8p_Mah9I+o(OLMn!ijHPZm-;$$1t=eXtxRnC$9~ z31-`8zO6Zq?FkAUi?48HOE?iTE^WrpV|?k|GLs25eTIYCMt2C^Fn(J4UyGRWdzCsP z_Aug@w~!(1<200gOmOT3nGKsDj9Tu5?n{wX^T~6dmvY1U?T;@dmo8`WcWgGG- zpX6uC6-y%ki^sx3j{e1kp(gjUEeuf*?C?uk1Q;)G_VI|h{^NF;L;$Q5g2{W3>|syR zk_xrGfg*(!^kW9*6>O!9S7H{E?YLd!<;)7aLG*PL=i*V&aEM`lL_Nd?od66U(AfyKg7xhYmf<;L8n*S&_YVz$oP^@^J z5p@siv)c+Iw*vmzA_zKt;8V2FlwMjsG7?!DaQI5?VQSC}C8RCi@$*qJkftKk@xmL| zBs1kQE{RMcGIwZywZy$JDNzNuPSA;D<}^O;a8R+}i@ zt`1WP9iSzYQT9MV#W-rW=jK1LvvCxq9#inIjWU@@1N1k z@ju+3`>sPk&6j9{4*-hIprMm1PBNQIH^XCX@nHD13bQLVCFF^KZ3Pn#l!G_gh)f<^ zxPhI_7A(dml3Ll;6e>l&O;63q_ZY6O0l?n$Iwirxd?+|wzzd*I2N7wrp|Qf4%4~n! zSI5H?(KYP%lPUv+qKb+s4FYCHHxKPy?=U+;D%cLTBzAT)XHVh zo-&S$6xks1z3UGuI5R*KX%iajdP!vmAa$tl;tAFjlF*Q0eG9b@_UeYL?Pm$luJ?|Z`5Th40JIQAC|G{3O|0fNRo8e{+Rqy2>iw19K)@tspP zYb@}CHPT6nb~FB00K$r5JTbUeV(VgzgIFot>yr5} zIwr<@pDsd?(c(@`yF$s2 zbeW*mQZvRTwn=KP%U=M-DNH5BJ((gJO~)TCPWv}Cdlfx_rN_Lry$z%wvZRk_x8;K3 zRNnJd%liwKHpQT+O5|q0QFHCIoYUK^*g5IN!4+`S?SsOxvzMo_=VM;qbh5`0qj*zA z+FvO-hZ6^)2^1Hu_$VXFZRYFEen1v!C$`?O6VY-~k$}19{StY{pYr*6HhX>ovcX&e ze0;^JdESpd)Z9h2A768JhH^JG@UPYTL3z&+7vSV#D)@WsZ3!#$lIy6G6@1pq_V80a`ki@ zdinYyoEqMsSGpqUG)4GzN@h17FXSbf%Ll^;4}PmCe@-aPjYt2IPQyLfyZwDvP!xN0PS}0Et{@&|C5nfM5`6EbWYGKAl4KzS z4B4lNes;s$?3{*w<+e?|sowM^+^9-!@c7VlWAf*{krHJeTUm=#3+Zk9&4tWnqLf=7 z#aT)}uWR-;NznwS_^aBh_-h5F;I6I2(C-7=6N=4{;H$xb*VG#xOBdL8C$eHOkM{k2 zDhzc*pz1TtuYK~zDq?3fn`+MI_fvxIOMddcRjDsCS!&PEa5^N&iOBUoSZKDaq~!H5 ztk7Id)%Gt|z$D2$v7EOv$L#TlW&h&8&CbEI)Wo||dp?*SEf@t4Ga1?sc6IVU?l>2g zQFjseq$LvVNUNhLTFmc2si<;2iVYo1zb$bOXpRV{eW0YA(ERE}>O+D3=F|9a23fha z!E@CEgD7z`sng5-mY(P=h3rX79p%1p;v8E8hWgxJ$K(vMi6~)uC`GYVR$FKV!5!!x z75R(sShL)8FXK!wL|?|e(4AIBiGaGvpvE4-sWa!UA{049cM4MDRQvLIx>!=>Bvrz4 z&WktOZ;ofgt=GQ(=Hz>hPAq4(cHs-xRgYV?_s0{ECIPnClb=27gjPKaZ~gkZN#hw* z)*=`D*}vGya9Q#^;`?KsOJAqo?A)xnHS;Q@C4#zx)>4FQpzxuq3pidx*QXVkga)MN|5ycwfCphecgg9aqe@N8FkrIzRgl zELlt=f>NxGpodd|QkXnF8;?aDOATA%)Lx6n&DC!Ez%*WqjT>K7akIgBB8DruN)*#( zp7xbCQdATzUScACAc^qe4j_B?xPi_+8$7r>T`j`CX}?Mm^SqKHGkFfrj%~eQtIyE$HhP z(V_)|k2HeZvNv^llJ2hs^lKfX3tpuOO{@&(=q5D*9X0cKMo8o_cSuk z#zwMq6sDRko#@1tJ?fW2gu%wO2Pvx+K?_DxCznnK2N`KGoN6+3m%S;jt8qHdeD@*D zf?1C}%l1%vspV#Xrm)f{Fqb#;o_D-esoF7+Au5!2G0BcJMoh2Y*P~Qn6#@RhYQE$LQ?pMB#|kPR%@-B(B}y(;ZGVjCT6ObxN)F$b zz16C@I?7^{EK{4OpVp!G2vGVM*QhPuSu467WV%emt$U#@;cwE?C~?G|B(g~*k|0pp zXzK2kQhm@=;hkgPY#Qj}_cTcNaBTfxTTPZeqc2W8J$!pgcTn=u-lxK0V$|J6%BHC3 z!tBHBA4RdvQ&q!rhc?Ol*|K`k@cnyTk<8Jy_i%fq%tI76zwamDeDUjL?@;NDeuA6h z(IJ(6xWVnJ+haGNwQ;*8T-(D$s)K)aDiK8}A_;}yvT?0F8+zaRm*%jcKl06lE?ZSU zo6oVauv=e2l1hdx%Jbb33*tI7dDR;v0Z~eVWJlqISoD6*xyQ*YTlpabYwGf|fqCE0 zX!?*5E6=p2bl+;Cv!dt+A8_82pxl(LCsn@bJbr}=Ht_HGNF`Dm#Tn)Q>4DN2KpIqC zwoM+OQ+o4yaJT*(TeIN>di*~}rErX;iE@|I%K2as=8HF5wP|g8<^DYBc&{sPu4Jah zA^Kz7-e;Ny(x{5sS(Yq$(wMvB{(}4c2)=axi?8k*lLph(yBs=3x*Ex{huPrTgbSkB zg}}>Kooci!`-4}C&1bGk@Ckn13PsPIE6qLbTV%VJ9e>>200ZX0I%Tcz?|`hoOtN`>wC2@CO19HsL$2}c4MT>$U!`*vr?y;&>v`pTC0-ercL*C~thUeaEN#u~_|g4Pu`R?SOItbEJUZpxf2S zTPezJ+j+aP*%K4XBr((MMk&ucaKpBvpfz6voYG+?H{DY4`@{NLUk7fT`jD%}3n`zk zfnuBD*H0wY8xJkjXTIeqXIW>rKd(*o{L?&`1jBoAHgAcw3j$=QpDb{+SM@s8pLaN@> z(7(IpcP!Zmo0#`Za3R!ZQceg`mz?m28wKv0pF3_U2s>av<{nK~$qeDIj&^n=vP~0= zDweZIEvEBO5F6&%+KK*&>MPR-gJzrNDu%1q!-5LNq`LC&;UJLna*lF<(F_vjpav}6 zXkSiX#@$}=G!FmZIJzO2!kNu^Z??Wt$yN?xHG)$2B&o}O!OuUu9YREBwuf~=%K*dN zg6>lD=>Kf<7ors(L=*nN30G^NDEJa(*0JCZbmZ}y;<1G#4IJuCqnL&u7NO^z zpV~8S4xl(T_(aE)ksrGC>u1!8?(*On2>Ue@UAafQu#D8)9K^Oyl-R(W50Et2D#l-G z{;XLSwp{fiI&cPVw5D~qozU;xoUYT01)r=5#0knK-g6?}w;rsxZg7lnF^90<@%8vK zqqd$*s&tt4mSU)cN!C{@e$Y=r#@{Zc=+-fquC_hGGMq539%L}KqL(7#TK9-_XNo_; z*sY0C#v9&wyuqbo;FtAC<8*Vhgki2aV(5>8f0@DHV7#A12U9mspY9RA zdJn*`_#lNk`Vu$=<@aN+Ci9p2@d*!)jmz7AALMunAd&i?Dmy?#)ci5`uq@afbb54! z-QhLNn9%hSTJ5HPV9y1d)Z!Ts!~rpaEG}#GK@sbV6rcagN~%{(iHM4xRiNABoR+s#8y7x zh9bpz-bE25zrNRhCyXDzTz4B_oqC7Z{USuw%rYPe6~R78YB$`;yc<*gW`ieGcRC>l zSSYwbFI$wnTT$0eLUHQy+!NzVjXG!3N-I#DH50l`qesGnC#8%Np}foJAR)a*TU0HY zxbQ9SJ-o=Hdh5~7;m!g;%H#?rH0HU(@#(X$rDH-@!Nh%fMrq%tuVr;#`kv78wOrTe zmQhl4KgOC(^WCy_`!s~zKh%Pt81@i=0y#VUSK*A-5ESPSgY8M`IF5;t;LN6g#BR&x zC;9TD48rtjRTh7$KZYT-epm2jzm5%(i8d3%>PNy&tmiT1-v-G0CWn3cvit6krh!p@ zH`6S{PT!S{ZnrqkF>|%ViQp)-y6ZK_sp{I#v(KkqQ0TU^quytZo{nyzx9)v84~hMl zdcgx*+d-(Sk>j$8A$C}T!*gRs8`yBu;KJGbVnU9abuuhGdFVzTKhwk9{Mdp|hlbE9 zW#ZZ-#Noi-*eCCW`O35hgZ0tIVf-a?bX+>0Xa?}w0mK2valkx+8X&(#+vq;SrGcF8 z&d1?R&D7cplWjN*HH#WlSPlsgep8bnhRjJ^5+301=&T+UwwmA*Se31#&slK}8s%E@TttJ-o7_`qAXB7! z*p5>)7q|tw_pU1yY@!5>We!E8LRvh0*CSP!2doB?Ez`(h6l7M$JIrQ?gIYlhF-Btf z3I@aD(kKqD@Me4liki~ty>@YoIR;(ZEKB3u88Mbovj);9$Z*d0Rkn69jz-h8EV-ZP z;NhI+5>C?9G~c=FxomI~|AxyavQwdW^zrrto8DgC5VklC#ITO=ND}B3$t36Q+l0VR zRbg(}Hy3)(R-<(EXzPn+{b%ClPX%sv$#z*I$!i1xC^DG^i& zdz4zDV67t?kg;O@CGC={?n)X7)F1Ge$ElRuU0jbGV93!8PQe_PiYx9l(s0Oti~}F) z%rnm~AgXX`9RNlmi0|{Bc;QGC??}A)l<}_i&p9bCHb^;Pj1gXc zz|ylfV-$9lL!Dyb+v5yHZ?s*!Ztsls={C(U7g?ZB>bI!Ew@>p=h6n|0GlsS{2_XvZ zj@$wBshllN7gGq^_XEaO8tWFlsk#q}4f(MJ>ieNF{XV;KqcAe*OVPqR72OWsS?HJ` zF6jrY)nXRK0w8i^upQNQg8oQEf+(o_mRmu->_;$-k+-}$Ry-q&ke7Uza>FB4t=(he z4fPnSJvK3#k_>J5k(YiVw^)ks5ybUo4L~Brg@mlX4qQ$op-J^G!qe}k`5C*CB^m_H zr)O0br}w1}r-(#07V-~+A0fH6JsGsM4ayzKKF~mZe)Busli6R{XI%Ug2+&r9%WPE2 zunACg2`t?g6?0Y795Ow>HQs-b`#i{S-f#VmZk3JE zBy6}L{;q$9#?ygX?q{X${v1ND$P@>Zd(Yl+3%%Pgx%&JRm$TLQAG5-3 zx4a?zqZ2!g0RruxUKvq*xBdxz$LalXsZ&XVzUJ}A@GhGDp?Ejf)p&+IEIj>ff>>(OtP&9gJCk<5MP9{r3A|ARe!jdG(@30$A$GnYH$jUFpFS;54K zbcd~O2R95Wt2wo64C3AzWT76_ISiYim`0W+z z@{y3cbrvq92bU|sa0W~IZVzfmIh2Af{L*7I_j#v=#SEZ@iSVO@w@xbx5n69N)LD0G zMv(GD&8{J;2wrQZBoWZl#rKB1=HMr24r{Wc_p*Ppk};X$7Q*Qk_%q-%j$R-_!nA6>X%9WSqLx!`5Mf!2 zB(BbPX~=MuttQsNEGgH;42{86(STfrbS5%5+ARzU1s@l^JvOmrlbd|ws=RRc!zf(< z7DXKBG(Iy@sq?MfV?HS8+2%-o0{+3`dfhvPPxLl{d-6NYw?FKs>JQc2LL%21-p+}j z>fUPl&M|0qrQn$sMNhEDlH8jlCg=#Dqk_ba3dHqf-X)6;Du}qW`C0`%@NW?-N>^q0 zxe%_^tjB+DdT!0}=D4V`vZqj5s<*ZF_PnZhs?l*JH|ZDu12q_mWn80!aB27^V5G)X z!hCg^kBK-;7hnK{YTGrnYFII-KLcT#i1{ts+&PyrS!0#xWVz(LE0(a7D_~rm+n*-X zi&z~mF-Y?^EH5lQl(;#k!Q3xX^kpb|U*~vx-QgXg@JSQ;UPwhx+%Tc z*tD}OLUH-vRk~t0$)2=_k=fv5*1zh#7@O7Sdr8Dc>p*sLa2LwgaaLKbXrubzN5b{B ziUxcKP9|t);C4l1N9Vkuw+%r_4SvOT{Sr(AAw<%2HXMzpM2tm-YQk~s$hG+f`ONB9 ziWsanK?FgEO~4iZ4hz|Dh`)0XMK^j%YW8a#OY!!MjKWdm-WG6cQ!3Ytco1!%T;+=7`KTeIqiYm7qx}d+=)B{65n2hDP!=f!8 zG(=9mSz<}LXii$rc=+R;39UirqXhqli;sA$B_-N=aG`^l%gUUuAEoje!ZWCl%cJi} zn1s@60$veK)jCB^nZSfJmTtQ~F~wC5-F!oPS3L-ZFG$5I3)Rfqqm$7OIccoWrIS#f>nhhpE`h`wj#X!Gei6+$$q z?#uR>B>M_yt^9>dT~MjTV9YCIkMjc~w(QYzJDI?pL^_6qGKNXv(`p@y+r7C?VP)4X zPA49oQhwufT0^D+2`hKJrwT=)sa|ar)(jb7liz`5)B*;+q7d3M(!}3#uyI)iN@N(> zS^1vH1V!Sk2byY}IRm;)v1ih}wovnDc^yzn+>+muPef97!V0Je(@W1GKG0G`A*Z&= z8-)Em^-Ry*+fSNP`&bePn(~->GQ7_qV=1!R67xWQxhqZ6X7_%n=XL{Z|1b9*3r zH|{oqo}QpYPemjxPhv}8 zLI$kuzAXf(X0L}$k4=hXztNcnfSe7^8C2Q+#ORI=#1wW^6P%AwL2hF|a~Tui)j^x6 zo*=#W!@csK&&VP z8tH8~(p*BEExR8uixrM-_W3cE=!e__fsNOCUsPw-rSfoL5%&Q&3(9?Zs!w{H%waIhO|*69#CyD{mcXH9ob8`b`Q$dBt4xN z_oeNv=YfW33{38Yx$|RQvEgRcRJ}xYJJM@!DT)W96?xNeRyrO+aTJiZyH9|YSA7-% z%Jz50cGL%gr&3U$&+TgL?|hs3%@{WMsNJFc*2p-*5KP z0U^s%Z7{^@ukiH+i%>;_g1;!huTc>oKt)d&D5%Pk(bCZ9tR&l&_++`Pbbd>4{`veb zfjpF32;c{|0aCFQO#&2o>>~#pfCSmN_kWK~W;}k&3y4$CUxrchf81#Phr+}4S1xND z1n5xxs34>Ax1kXQWVHA5@8JG@c1_ak0tL64F4nL8lcSR0s9Is@08rn_bg==M<+Wy^ zcCl}@PN~rV735xFK)V94x;jiJlRL?ez-*Wq+9&Lz)L)6_h3(R4LB-go_0L4wo2TfRa6ldYfx0VwU z+hu*r^_NqV7lZ?BMZn?LC+}sp0Ts%=eJ7nose4iZoQ-N@s&f5jqtD^|bh&xgJ}{|# zfBJ|VvPAjT?J{86QALpJ%hOWd158gX04p=i9gD{relP;eT?+xIkuiYk`>yomPNkju z#;|G0mts9gmfwPgv=l&GQpp3<0tIkdD(}7e^{t(mTBp}h zt-N764|j8uqz33Km>B`%LuYu6;~WpKcG1HMhnbo&X}=S`6hJc#-G>5flNxqgktjKn z>5Y;sK+gd0rTQyqTG9OWqFUPf_u}dla3E;qsegS3C}6E*{m-0xrADOy0%$HAkoRJ` z?gl-o_$y-v(z28Xu#%e?VBp69|KkfrjUX6J8>9%#*#E7EPXRof=dWD4Rky;T{tqCK z@2IfoaeW*vpqY?E@JG6u+%pTyO^l@KJ5 z5pw*G3-FKB4^Vo)1Q=UF9~p=Zd7<)c0vn9~Xz~A2@HhTSFD_2lvPCrTi1JgXlm3-+ z0lp?ezy*S;_c{r{vI|48`%Qp#Y#DuT7#(ABLJn|sXuYkcSeE*A^60HCG z$EFKqk0V1)$}!?gc| z9*hn@irUiqPdmd}g4EMv6{shn%>Za_V1k?kAP)b^;PW6qxH8CS!(aQVu>mdA@OQnE zA^!~<@^?XPjsd>}4OoP>Y85&2{u588{p~~!eW#gm12p5i*JESenO(39{Oo`Rc_*Wz}stj1UO2eq@ z6*g-T+`wS=xz7QHt|935M&EU@~pZTXN*eN?K1TQ8uxC3Tvq z;U5KpTlfo*llpFf2z#*78F4v3(Mt&#Jq_$S*r9@$`*?Xc6rfuOj<&|^{>D1bSc##O z0>Bwy_dD4shybki4vqp~t3JTbF$3ZYk5Yjs(w%GYC|udqW)XtQ+0mH31Wd|T@%mc< z+?|Vzh9&{H;iWR{*RQ9A0f8(NK=Z7tW`oa63l&UA!@&ozh%U#A^##-Kn|GRiSH12C z`$-&$vgC$#qB*uGw7@|GRZa_m6O}_UDY)C|5B~nZL<GxBi-HI-H1ptDu@Eot$=iQ=g^%}(n^bjbaOZ7oZnq{t@|Hq9KYG$j(5ND zJkOf~#311tbI#^2x0i;X18VpY@00N$Ag zD>H7XEir1U%@#NPv+Gn`EKA3w{aStI8`gCZ;=78N(GFOK^x1N=PD++fU~;p+LW!6Z zUmSPhiSdB_*Ca9)9jgtaQ%%R$qU|Bxnl71-19nK%bHC-RXLjI~Kq2f>eFcz`V*uw` z5wNjLt`efHi|~`8UmMJ%&=GGfG#t&P@H!;0sbxxr=$3H+kppd1Fx|{x4h)O%NlQQl zNgZR-21XM43{}6*xuwWqrW6Q*YCHXo;+^y+D~}@ z9!22p`iK$mfYk(gb-zxwzeB&L-UqUx^!$F1cjuWSgfX<}+!3~I^4jR7kGARPN{`wN zPEU6?BMuoigNOp<*a9GCvq*e+AhJ3aaC0dKfMv+PJ6pDZ2~V&|^OhDpUqSBwBCuU7 z$gKP&>g78$Ilzx6YRWfmX-rlDEK&{O*X8__0`8Ik7bAG_yQplf`Di5e?q)yGeYa+2 zK+onYqmb8LTz&luJ&?aNKeOlwkIqZ;k>|D=U=X`Lct^~lDa%p6^49djnQyvKnd>pl zA?AmQPC&k~|CGe_yT~X{8Geio-(_afY`G|$EYaWBMt!SkIz8Z7X``Bze`}hqMvHF> zMxDyzG^ZKFJ@39b!XAvBC(K2T;dj{2Y;|$CjuvyxTWk+l^|30V7brUE#GJ;4x0gGd zc7OBi&HO_+y~jMM~ZKNOaYg6+h&@tvT~a6)4zZJzSSaC^*bJyu>vpb z4)~*e7Lg*>0op*TfHsigdU<1H=TFt>1Mj=-0tp~SQEfoxQo2nDH3`i1>6w3OhkfI>H z1oitIP`yA)OS_j#U|d})DiyquUneC?tq5F@c9NTR*LAd&kj4XMU~BHf}rQ^ zQ~EH^7`GtqjaO%jUJ9EdUm1akn*d4+_X-Mb6y)`O+c}9tB5>mmQ;Ane{1#c5cj)KF z0T)(JLA>;fvNwW)`ChaEmx3?pFK6S{<76SPQbUhn-hj=k4s1@0m(rjh9@`(wOd+C+ zmoSD-{RRej#q_`woY?ug9&f3c8Q<$X09y7yC;@$V_u+P4I-doQAGosFB4>=$>dX6v zPwFmL(}@r8)uiIjYKmrcz##@{X^bwG-a9w3i6FM1HGuQxJ@DwI@*>SZu5?`t0Foq? z09Ay{kR=nzr#hRjMsGpV`PKL4WG3~_3+Qnyy;;S*0H$rk6|e2)be`Momn1Ux7u4ga zjnQ;Ypjf~&vo@GGdffzOy+{8Ia8?I^5XIWP`U8Ll4gk}F6Se5I?B5fC%fpopE34XD zsd1Q*2Z?_xpfjTmN>NqDh(`!1?4YRxJQOGezq2D-`p|9|XREAxEAUCPa47f`S#(Mr zd-~Eun&4W~==jhsXFKs3s%D27j;tLCJQ0TagYi8;O2_Kkr4~^!ICy@qOe56t{2F)w zAtn}7bRqZGV%l)m;mH7N*_UVEfXc=YYzdf}wcJ$a7_e2ylaODx-kcgBjg<$Ov9JE2 zfxL65Gw=T7K4avC$rT*D2hgj$2VEk24YlA^bjtI`Bg?AZ1=#^RyB;k=9SxKak}uqD zAJku8AC0d6{6ND8`PBV@w8Ol2)GZb06tHEWqM*4imeeiTZ{VFLJk^j+;4rdZXxCk} z9!jDEHZiKK?RIYH-7~mu5N;7;&|B^P;l!%XL+FVDu)2U7pH=tXUF-!jM$493B=~D% z80}f9af?1j^MQD~IQD^$XG9t^YxVtWm!!=Z*xoBvX!v4?)|{o+{#pQsJYVQVH6Hx* zVLiCq;SMBwtQ8PK6nN^C4swv8&NF9O#Jfc9JzdzK6Xd~I&kq4MKR zB2*ofr{WX0m|+9BYMv*^Ei{2d)`^e_4+0lQ)d1u8w}|~@{`cxraoUHyfb={8s}eKn zylKwXx&sbKPV;AqP%v+%P#f{LcGurb5p>$&Biz zmbdve=ZaOCKFYzb}iXbwlwdARD_B ze+J$w@18CBv{XO{BYr+~4#GT^ri)O;QR)iz$PyAKH~?|LG$nhy zMUfK*A({KtZk+Zk-?$sRLla$U1hoA{1n+uJ@Ebs{R5Mt|af)XR}-DVzWFyX?Qh8-|pZKlPQjvu`Wc4h)Q z)3ICFhfn6VzZ2sTMYN=3pCP39#q>`XZezrN?t^;-)@}4dKuBGiam4 zD6{ESh!_aWB}2SD?C8=P-#zbO-P_}5D*#L6}XPVJ;azQ}tOI57Y|W(&-Q3t1w9 zka|wWaugoL{)X^}+=Hy^+**C^b5N85ug0#onisxtqLO@?it1G&BwXwIYZ1dPGot#6 zY+Mw?ax8TZa_<$!z)Rgc>^X+2SOBdxii+kD`W~@5b<{$f;{ja|;!4UgT5O7! ztE-OtzHW0VqQU?7!vzNi!y@xYltNf~TEEzW%8|@|^V6oy z7j)QpEgauvTG%YaZUM|~_)*2?-Druy+H7>E`r0SLiK2cY^&&0ihQr3xp>q@V6wbki zLoufkJ(x4yGd{Y~oW@UoRBndOUaJd%5O;uh?awS68GT5J&&FuLC-iI4$KrJf59t}Y z*ROfX;{n(-H`X|w4=bA#x@Z?e^GOq%=g=`agcb!~*F;kKqpUW8SpWlt;`{bvG`LvF zr8HWN9UCZPCdlmY#_N{|4UTtyupG%AzsDt6ZFvl@wUVp!OL&s^`>uuz0!W@*SS$V7 zZHnhGw#9gLKX;*n1HHriON(^?NmOBVj=ZY7$2A4yrMX{8#1pNfqkMR6%Mr=z#4c6V zC>?NN7LQ}Aw>;ydLWBIz@^#)s##_i++Eg)##V-Id1F@kRfB=0Hm`nc zA{*KMi8?gDMLZMsSY+TBq#FdrfAs&wsI!Efvl*wSo*}FDd~_r$FUj+J&&eM)ox}#E zy*KspbHX<-!^w;AWgnZ_ugBEBuV&J{{+O?%L`98fn1y5C`#JhpHW3b?NCKa#QIeQfrz@nkAAs3y89Tju9J9YHmvcX`gjSnQU$ z`e;;DWC(ijmX-Pde!1Dc&`xocdULJo!iq}SRinYaG`ul#p%IVRasX>4=hOB{v?lEn3702|j9@Gy zD0{>N4y})ol7ib`0yv0pf-y_Tb%l2pPmyaZyb*vM6WX0t*FMV>4tymkk^|7u;kF_k zA8lzb2iE(-HZ9)F(}&drG;E3Qu1@;~ODHJn_PznFEstUJoYB;ywUkOPCQ*8Wzzexw z4mxq;VcHChMlE<_>1{VGZtG?INA-KBP3yyS{wOb~F52Do09**iR?UR`^)^^i7Dmp= zGHXQ1Vw79u%}fNh#WAhNVqLmF<(Q{Q;Bo8q&F1Td^;;Rs{|6=Y=fdH`_I%AXQgisS z^FdJ_+=(F&NnKF8Se&+3KsH&u@s*v%$=g1aiH|7rvcnVEazytDLYyZ^+GQ=LDg84x zgC9`mz2x`l#i$9IQOX*2P-Od4(Gd+(VjwWGc~wp#y%6JOoKY@t93&=+f;<{mkR>+J z;fnJ1B(@Z7WzFGu-GvFW1n88dzDeiDRg#|}E8Mx+j-R{jAH^_SmAgD!jB-pA=GWE{ zR)NuOj>)+ZDORnFphGV+0}rKY?Wg3I{En0g)N?*vWQaGW0|B@sx;L-$Qx)w~vwurn zr2@Vgmr%}`q&z&R64un8dBKl5b0N`BbDk|qhI$!By<+}9R8P7wZPbxlJ**-iS}$-l z<*vVwGog?DOoVN>Xo-F`v6OG6*7Ed~-o^IgRVER)>-y?~SBceR=br=&&g>&UA9i#l ztFH|dtwoyfgLug%790Daa@?P@;Wk-->|w-&huJ8{Yo!O;U*=KGwW*|NJz;NIPNHwS zIgD-QEiMD-<%Xy6sIL-Q?g$!o#(TpDYb8#wa$Pon=ESmJqw4GZ1v;(NYA%1RNC)MEgoi*%=xdc0|!hK=(#A z!jOHQe3brW!6L7U^cK$>f$e=F3-55lC&Z2oBHfWq7xh;>!KqWr4A1Tc4nLn3w_|4^ z(W6H;1GPv>n$wVu@&{@i;XCk55LV3&nSn@l!#DhcRYZ(U;LS-QAn>Cwj_u?#;!HX( zHUIE?Q?t`G(R7#zA00K>=a`zkYG5F>_Me7rjqR)JIw z*zqa;v_E-hh|d>Mv-4r%g5=XZ=vbz+fa+lyU4?HXn;U^TIdj`IihX0?e=e4ig*S>i zin~wCk~Eg&qVD60i{F=qU%(+mP(Hrc`6 zLnSs8SKopku^(4zUhOIVI6LF;t`5);czqmN?YE`9&E*#(pu=Bk!>q^S|H)g_m3hYY z@0YcaD--Wrv4BMeC)UIx?^BnHjtljbiA-*fBc@DN$^T5tS~ z88Uyp`CuX^XN%7XH>d6`vLsphGe{(ejwxJ`jmw#$n{gKQU^0y!>9=I8}vf723{eO@-Ty8m6mFRYIE*iik{y$qu8x6&}H4`yagQ`1IJ zT17J301{jMclAvkH&W?5?%kF4r)AeF9NTeN$dHl!Z68E-+Gj)DbP0+Iv^ z^@scb29`^s!~A)8n4`WSYNG?d>Kgpb2)-W8vF5#`-8&Q={>{+g%0P2%+WScgLlT=d zGLa+$E`^0nga0o6LzTa-{P|J@|B|i!ZVV0aAhkAWP%sNs?T=6RaxYf^BVI90t=N`_ z%^@7Oe7sGlmEA>po7WV}wwiMXR*L+qybsBHPY})qNL{T#5|B7e9Uvr0uz~KUk5PSQ zfU)MlW?m|kG}k$~TjQ)?u#1dMG1k5;n<`8`NVU?ltnIs;z-|yeMY5IkfJ+Q{2;vch zm(=BhhM}LBQ=|AZr1jS)R>fpt+V6ZLJe8sdJO#?2cLr%kq4&H@3;%<5bZM6zLUeck zZ7H#ECkGBry~?iZVHue;>}nK3I1>)CFugPKb%ANe3t<(o zp{QD1EjDdd(r{qM*f%>v~UvMdwv?+1+@2kZ}rQ6_}<$D z(78%jTf(Z| zXnf(@@kH;S=LK1fYp`GIN=y063{Q6CQe8@49>1ZXUTNgOmN)Qb{($V`G(rCEKwXVP z%8tdK{- z(T%p9hJH9fEeaPB^+%>18ur)Y)USS$v152Io7M=du63~)3>CjKP*<>m94gmJJBBt= zkB?D5n}G@$xuwuyEjKUvh);(jY$lZo6i(r`zU)U`E&X54U1cp6k0YcK?$~takHVK) z5GT6CyqDU}e6JWisAl~L zdefANPnxgpW2FBCKLY<8((8QvF*=P6?iYhz&vdeDouKinhkIgos%{<8D#D%Vp+L0O zPGhvtj-p}uvnrt_;YJ!G0kOHG9lgv~{QNBTs_ZU2*gYVvxyR~yq5NadlznDso=UXZ z-@67D48eQ!k{i{L2UIxs!JgA)1woUPLY$zJW5EC5F1wV-EzYN1<4oeD4r@7#rF`S< zEqNmf!rw!4CTmo4yE$Reluz{Rc3{WQkG5W_OEJaZ(K ze-y?PU8Q?cPHO(KIzrU-1S)_hdY*yATb#%kV#jwf4^#hT!m8I^Jo(rCl2_(kjkGyP#_*R z%@>8?&BPVLf7QD>kSTxg1zf)=03z6A1|4BXAnhx*`-N+BF_fh?J|swv&6S6uB8+z| zHE+xly~zfOMC+9XH{2|Zt@5dt0QtRLkOkt^eqQ`)`d6PqI-dELyw2T^sByG}rS0;Y z8<=a&6tpOPP?u9hT5Xk;K_^`;xo;9$uRP)65@zw4BkUcvL~nINmG_Omlfh*rZJdP z@8Gbw&bc+#|u1f@z=$xvG59rP-a-Hy{*D>kZ%3)Q7NVa$8b}+U%ErZ#Dy=% z7(sc}4&JLf}qOfCu?6gvQ4RU-OHhQlR6~`*{48iv^z%zYpt%Ni#AmOei5n z7;YA)01CC-%^-J1c1sXyj|9?wKEAKq$8%vxvuhxW-3jQ#Q)fW0Jh1!7vZ(hUH{~s10u0s$t7*Re@^fm8a zQJDNX8#dJcHm5Siv9x7l(;X-+%HE3^ng;QA@Ta5^PGsSuIv)L%>Rgb0B*9aY`b3a? zqdOoL9lr!alTI*M){s8}`-s6GKc06%-EHZD=$SGxhXC~B7pBG+bL7zzntgPe8L3N5 zyhoZCiV;3OF7=?wjZ@b#7pVC3zd^f-XDFp8D2usV$hsrcqTjwE&!(Y!n{?SYKK(>Z zM)2X`k(2^5v_BqXI-~}hL)RF;Vk4wKOFT}M85{oKIiy9$#ru1^<)=2Sk+^9Mx6TKHN4q8@2L%XU*6D$?ml5JASKO28%&73% zr5$jiEB-Pr=DsJ*BjFdnVHoNzl!(xDZ;O_3zB=9Q>5!1)X0u)MI!a)!x>$2;6^nVO zK^-pt7~n}_3O)`FrfV|QBNwD9jKB)bR7=`Z196K;pUS*}PxNie)L?JO`4E_#fg1ZT z!xyF*+9Sp?8ttzS*>4MKl$1L`^@A*oI*O;Z0ET_zGTVF;_2s>5s0=@ORYwBGpe>)DHAGgrt+AtER3st2ul*|w zx%rbPw)liZmeB6-Fk141pch7HmgrAy-mHbve|uJrS`UFSSZ){xpp8BALc~dq!dOh6n{2!!w7oT|b2ieD zNtPU2J4M#bcSXXPn`=3hWB&16oBf#1?fDMc1Bhz1l_&%{CG7f4eJT7Ik`PdS$$~Ir zM#J5Yy%wV;_0bHIX%b#sW_F;K$4)i_aj=O=X6ryCaTwYGsyu1f2>_>hq9dP9`k-}< zPk3S?_X(T)DHB_i)yI{rk}mGMPPGZM!8^|^{B$OOA!*XIeBAA!WG8sJ(EvS{Gu+)! zRs4O1(2joTbxAAtVwAOwm4UgJU6}x-G^-N#p=yAREZ6R6BS@b=Tf*M*pF<{&@@)JmD;Vuf}--vc-CG_77n8(AaRetX5Ale0nDh)I;Q)X?{+t7vc;s{X=Ku~YPR_{mJ zekjjKWp83(hsNeqAZgF2L4r1mHrWD_s_KCkufCXq+9-}RZ;Q-*gNW;ww9agX@w!Kj z$PA87dJv?#FTk_Y>dZ9XLChiWO>Ce$Q$;pxw#P3`F*ubdo|rB=B9H*TM^~S1Yc}1C z3|a|MUw99BS95yNNOSJGv-9h9&mxB5xGNqv4J~9$xA{%Q!s~e_w0ySNABT>ROoPke z5{;c;lNqDI7m)m5SWm@VgFo^#q;zWDQ$io()y_ua%J$CHlD9<-RQN*l@<&z3b*g_i zA=Uz_4;7r!52G9=dk_i0@UP0;Jds6rN6W3D`lVO%P?oE;+U#S`GYX8Z%Rf#_S=e$n z)CchP>DZn^hsC=;PxnkSVm3SU^U1>8+^nvIWb*Mzy93!g?KAQ7@!%}@7XR!u?NPD2 z<_bQuaftGZEL2*E>BAKOyMH?YRM{O%NzO>p_u0(K#2=P(y4`#B76Q6s4eS;??H8;o4w< zv?0(v{Gj;f;~p$~1F%~j0%FsMojY38CdT505z_H2w!>nMiUa2HBQ=0EwFoq|a1;Pt zLTbM?QfeV+P!40d3W4yY+Nz;0z)eLkh9B7(gGui4W*#AM$JHjdT>0{Krt$6XAcmk5 z&~1YP8;?_k6Xh3S&#|ja(amP6pgc8YtOoD5bn*-ht=d)l_=0q z2o3o&zRe}qA5h9A1U_3`{ZfT|#cRXpQ$=gqqX#H^<-bwgsmP(4#)&Vk;?)&sPd5 zaV^CRVjBEn*7VJ|qg0e7e9Xwfi+{9h&=yy5_Dtx2Qcx=8FmP<7kM_0}?!}o8(BYCr zhcRoy4zfj%wqN+*^q{bh1P^gvgmEFRFOGR$iJ zW5;($0;;OC8DDTTT$aiu$->Qd(FmeBAG~c}rA|bc=rHhTb^T^-3M6SLX zQ}Y`h`FJ79{J{-uW7iXXmAdV4fR$*my_9jxlj5rJff5pJaklO6#`jLfvLh&$-y_@> z)6KM2-vv3@>H^T}_q2Cw$Lrp;SHlq~U(0EDHo}}?E%Py#B9QAp9-o5olpI%)iLdNR z#)V%0;SzfcO};A^yt2oFi&~AlNPh$#qgo|_Ag&gzCKf~dW3)$P1v)QgRSHRhFtAf7 zM7ABMbstnLoy*t#G#*t*4TyC(mXasfKyuBgM)eWfVT8R4Y5FnK?jK-nvi0Q#EBD*e z1n#%YNfgs9u<7pl%`YCGFE|TANTU2R1M6~LFSQr*j)^?Tb}@a(FN)YOO7#ttKdu>N zQQNys+kpk*ZG{O`CLY^RoZW#y###k(n+^2KX;t1D$7+K$&5b`4EM>uGLhVRq6I9fg zcGiL?-2*JG>-d-+=HinQ&F6=yqTT|eo@zRp7Ol@esFRkl}jJ>W5lHz6?tAu$$f zmGmZb(cO}rF}5jN_JkZCGEu+N6nKP&GRh}IPy;c)Ab+J1z?bvx5Oku4h4eX2q>st& zDe_d!11HWt4u~eB32KHkgJ3|y*|$-zTHLhp2g}!d7W^de|xTmPwtZ6VX zQ%;HSIWO4Cr>b?%nq<4lOXKB=5z=W0ekK-{WI%>zJIQf$%q}-Ol8^=^wr-_2zrUAY zYB-g3bW*5{mWd4E(+s3TjcAi6dpb^+P^NW{l2y8M0EOc_-+We8RAn$t2Vw&GlH(-? z{IQ%-hAHE8C@#U=4qpLoap}zQ) zKU-ln_%N3K!HdiVvOA`T5r9#4B$SQi2w|Ag9q-G+X#OGHDhL_e#lxl%K(63ZhX)e| zI_pyx2i^C9@y6`8>${WVQ8E@QT^A*!($EU-x%M9(^*43oB@T-G&0K4S%g9fig5(pY zv3gfqAzj!oYtMb@uw{T04D;s(8cx9o+a;>6sVw;K!PMo2p}mi;!;^(Vp594G;T8K$ zK43!PfnfNlaeqc>2dJr3$K}>VgarVkDsA%yMX*pIXiC-P7uDF`?-b-hxqgZp0|7a? za-~2BDP{y*n$V@m)2+XbABZ1z-S+XzM63ZGY-;wxebzo`J(#UH06@s%0PH-~{vpE% zlL;-XPcZ+rxE5hb+r>>=%X6f<0{hkTFv~P?2Du!3wa4)>k1c`+;-VC06gMh{xJNBH z7$msk)SpQ5;K{b~*e2-p4V_(Um&~{J3T&qRUGf<5pE){ywb*n?LGidb{(XAS51F#65uOutMTtqJj>GNyRLck|PVLb(u zx~C8^*n^CpmYBa5S+t97M-ta9F_l$*l0*8vPoEw1NGem(Ch#f`uLzDLuOC0awyU=Z zBYtYm7NkqmKbjUX_@f_|vQyzYa$Vl+_7*)aBr5b#w&LfZPJKI~J^hiV8~MBo?O!aR zFU-lRZG;TUL8)!zeQiGx${dk08w#}M^cdIl(ZL!D(Fot^D}8B5C;x`C8b){nM??V{ zK;de7*;{BLwF`QLfSi+Uf40wE`rNv2kD?#Med%h;p_s`uf zl8@X42)Z#}b@BQXrXO8fsNnZCwA9A~b|bO>*kF&ix)&`8?Q80sJY>#${I%fY$M+jd zc8{tAY_K5k$ww)A4t!Fmz3VVxuXe4Yp2s*~Jg>E*(;Q<%cgdQ*B!*2n1K?s0v{&A! z_|y7eBLBq&7M!mQaE(aA$lX3<6EQ2x0+=gj1q#$DC>`XP(xw#VU3HK%(|&(I9iJlH zA_uv=qkE}`1Z8t-Bf2qtsuB|Jpl>NGV73%V7Ab2YG%>>GO22<9g6@G3xLNbjLOBo! zu&&vmj}(3kV1RL;=NuWUcB|h7PBrM|G+ZBS#13eIA94Mz|MueQR_G^55!465<%?Z) zJNlYjmRl=5HkI4ux3E#5xqM;)r8;G4ZaPF|vO_dcpB$2(+dDxYASo>j@-Mxy$YeMF zqAe0Mp>b1AD@cc*$XyOqjX^i)z(=mP9wsO9veiM?V7i1%*H2#H9jq^7KV;(y(}o)5 zP!^3=iJKOmIyzQ^bO+z1n!z_L1^|_Rvu#>lst^=hFLGLkT-w1}|eICcX*IhCI^6D!7VX@FDjOnEAw*`La&D$QDf<49#rLbEw81}JPZHRiH_nkII73&VufZP7C4_ZbC(Cvo~M%t zp;XSw1Z{opd%V4W9j>iFf}sfq8jwz9fP*7v_$dXjDQMS;Y1dZ323Y)tpXBbJ!RQO1 zqpC8Y_rCD)-lFe_k=No>v-|qMvuSRp&n);xSj7f)pUdIEH5{LEDJZA~$hU&Jnvw!> zxORy??-RYswLkUs^=t*1?Q^nPwBjU502$T~>Tf)N>@)UY!v3Rp#sld6?FPEk4JI(F zqJ6?b-^afm}F*<$JIxwTZ5vr&FlAk8x>s$y@m5YFr zq)d^eG-+J`B`83El!==eI6kQ%cr?Zzv4EPeCBI#c)y?d}68xk%@yoNgdpbc*+>HBwv=Q}SVAcvU zQ?n|g!2?lfC)I4beC*@dyqvgMU zfRP-ifLrv6X zzFZOebuB=dX9P|{XUlH+@EQ^nUseDeRjhx)x+7?(EYQx8zu`4-~;ehi2o zS>VZL#5z?E?rAU?{}00k>EBK9Q4@@TzQ(57_&?guvv1%)E55Q&Hp&i6~DV*@Fy3?*8e^UNej^g zo-HW;_`bEI>@HbJ;(r_^#e4D+(IRQ=y}WF{^OW>|R3yny_hXqL(#O-eADiNTRIq%& zE&@*u|7Ab@^4^_}^Yf|t-zu#bfsH^#7kzK&vQNXO75||emV79Js-eRLnue$|7W1*PtD!PIwV@4eNmVsRfwY+2 zl7YqW4myqwH`+8T)~MCxmd%pN2e+c`-)#=eSKOhNN^nGj6HUY#i#@R7#2OhtCasXf z&cFemcG7nx#FAu0`7N2VD#%EJVa+Yu@58KBD{iWewY{uS1#K4w-z)H5lYBi7XoyXL z)vpQiVO+5PNZxX$?gCvx9tm6j8ZNfM1!P8JHHAxr#z z+-V!u7+;y4gb6H^qlFKz2o>$BfJ67AISO_)9#oSn!7|qux#_S8mycAgc0I6fSYdVjL}=aK7-}2>)_<^}e6mV8rm- zkl^DZLH|P+fp;T`CLCnXZR8RJ(**qG0fx?D0LKc;vKb5l)HEv3c*<14*(80;t3oZt z1ZWvbz*64{^wD%4~rIO?Et;#zs^kF?g%Pf%C+l z?;cl9e`mjitz39)uGQGBTDI4JbHDP(lkbhzV6aJJZJ7@74Y;;$BIeLm=TJyrTCHg{ zmO+!jqmF84-x(yiD2*}J*i@LSw!6__Kor%r9);kz%rpGl6V@?eA077ADs9=`2y*wk zi^y@`8f{U}v+_;fzdM>qXS{7ySI=3Bop7G*l5`66{7vfZJ!G1Euwk85mv`L$JHGN{ zcP3}BJ{kNsF_hgSBaf2it2tJ8*ZqC93)|ul{+#8>nJE%CWrg zRiu&-xlj-BmwVLI(%kD4oQaq8r%_B_FSqnYvT~zuTO(m}BrV>Cx>YBHLzhv&ee>@& zwFxJdHTOYHIG2%^rX*LQ+umQ-8SZO1f|I{2@lo0?Tj#@8#-fekC`z3*IYQH|*xpa; z@xdmyY{^wtXS0$fW%Td79=0-w`8R2#1vtOIzG}sceRXHmWY%p?Hd7NXEaXrTSD*FP zyLFl^ja4BxJYjp^pJ43Ge7*a}10W%NkW1X-K4Loy z_-WN}+4z|5>08mAt1gK{%b9=;s%-_VjRqZzV=1#1CPv}|3aH9gV5eBM<3QD0*3j_F z&{rXydo?AH%83GvvKj3qg78TzKeAB1z5V+=lDk@qKDpYbs6Rk`^!4FXLd1ku&*P_W zIwN|xpY1l39-jTR;9gswu{uf}ybfsaeTN{}P3f=aUs6GV`~7%bU?gYXTNCSRKOK$z zh_kPUM8WbhXz%dXv{8(R&R&#C>qsKcL*(DQ0aLl6n;E+VgqOX`(6|&vhSJ z$}cN#EPw4)O!T!EVTtvrc?2oka#~+&5Kvg3{r2u~B6M@DlecKCN8O4c0P&>Zo1|Ux zY?V>w&P1LHXBcxN_wDX_Er*`7<3L0vtK)h8 zOe&OPwB7#FY$!cv=WaD{un;J^mHfh%E}$m*#v!;mFd#-)x9#J+&$3QaKxTynQjy;1 zOLwmm8NzIImL4w``pBB!mTWHbbuJf z3wiB1XqsybUk6l9`8Bhryf8eEa^!b>`jlQ|hJD{{_TN<{4Dt`@2(-wI9rP zc6i?F1HL)H6l(4j>nm74_+wY>21!>E5}k9bmOcxJpi!=m6ns&V?dJcXUqWe>anUNV ze}}V`R>#;#cA6uZxo%lU%3k=#gj194ew--Pdal8s+!UIU($cA(Gyki%G@XlAIky2B z=>Hhx;(4AdeAX3ylzXn4dVxA4=nWeQZv{+Zc@S={0p?eXVFO`rHwp%vE;T=9VqnqI z%H%Q-=m1_^TD>*rwi~O+yWplCyMA_I1@N2M-V_DuZ3VB2-4dG*_H5KM4sbEMsg~~Y z!UJ-Hj|0r$eywgLy@^7xv3dQ&inJS!wz; zaGgv2h{G^y`=+VCQ>Esip~SZ@enut}iqgobVoZ@Wd*;SV^*!Kp4(Srengmu#F`e47 z%HUDO^?bdO9cKC)!(k-Y9^7jAn^cd_zq!J?nv6$!4D84%w6hrO%~6HF^MivuGl@*P zP?7ab!G6tx<*s^vS0ZE2T~9e&^z=LGADVxv-$Q?>VM_oKA~Ao$~X&30kCYjEh7+QV(x z{@v4!=YLoL7PBLiVl`l+pUOO-j*8w*m5X&Al}rAlg>!(Ei^uE0SoCNpA($wHVsQ1R zzps^T5%Z8pL+OwUq9mYcuhMLt&|-MC0Xp{v?ZW88&sfFlrTous+@~iI8~fGmw^yBB zOI-M~{vBbJ_Im)#;XL*&@6Y8m{c2h%#qzkHEUvSf35(e2d(C`3&@tdC%LUd$Zu;Xg z33Oc3`Ky4-<(b@oYR+DghGBG%^o1XdaE={_>ORqx^Ao%P1yV}br^O^F#o3UQ2 zUqd(rzjEv4Z`S@4-oKq>v?voJQHq*!m>YJLzZ6<`->u`o7WGc(^n~rQ-Mo&|j|v_2 zTGSt^P(NK{Zhg{rQ*N+ie6HRxIAi49wNUTduzKoUD(6%eJ6}M=yr68YOKtq7Gz=%D zZbDb#wg2h2aJ>dKZtDRyqn!oLz}w4M;U78a#BDdq{W|&OmczFyj*rKP2l^8e%a0hH z*a;OY>tkH;{OeX(pM!2oH`uEKyC)rkG5f#8d#sFdjEOv`o+;=`z4?JWq8O^H%Q+ym zt-I>n{>fEin;R^4pm~`qx<*3YwIOq|IRC@vu|CP4;@9E5X|nb&&acl*nUK@5FZMgm zB-d^sdq0H*+TRRP&J9XF{Q1tbG^{jkj=JHFjYc(gRZGjx8Ik>W z-*FvscIuPOJJHg}PTqcmd+4|f)O`FqQxxD?hA-RKS2r)3sP3f|cVsg9#HWES7^i*aRy@J5_MVitdknl3En?6;0;T8w8CbO>eI zcUq%CKQv#592c7m>;8IfGt9JGxI}kj;-}Oj{CxsOTk4gE4(FQU{LLC z!i<3EP-LB7T~;-elc*KbkE^;#v3FT6K_>RmX!k={@uPNU&vT!1Karzg#La;bF7D)Zp z`P!Q5hh`7r``vYSdNzWw@efIcu_rZPg7{l|>z@^h7T>KeC_DFlraXO-eB!JsvFBHw z;CN?S6>ii(_p^wU|F}_Sb8tXFV}0u-seU->^U{6QRb{O8HG{*?SRaii6j|!CY@8RY zA7;N;tUHo^z=e%g%-Y}BU*3FuKK!8J*MOh9R4df|7$Lg7SS}4UoR>>^{i1|(=`i(K zhHnRh#Z|!K1giUW-%p0ssTgwBk+wS_vU3jwu9?zD(dcjc5$nb?cx<=f_d=d_CbanV zzmFu@$y(Q(1S$j5k6pB9>Q7rQP2YK2k9-xOe~x|K(aH6NjWnJ#pfBJ=c^qOo1y*Y^9#@z34NFULG zi&1TARrOFw^mn;oQ<2xm!d+U&{;Uy7B4@yz7Ab`tjJWxv;`ekZ5{Xdh|G26xU&(+Dj}p zF+_|xXTQOuwE2=ed7&vQ+^|u)aoQgiWT1o5Rmj(Dq_L{zD!!7-pTHE9P6Yj^)kQUQ z^@U{oD&VHSej`FE;6%GU1%pdFFtg#}MYXE3|JSkWi36MU%Txt2-RiLC3pLmZ3>?-r zIOW08bI8{p9{)A=+xX@?jGoW=w+A3`RE>^8c~GxwQ5yLmq|HE0z!G%*JVYRW+$_Y` zhu);+`w@_P6*nc`&d|63RlylazlfvY%fF3NhljK6+-6hO$YFeDB?uCYJ^1g#^^LQI z)`fW-Y8%=y-iiU2`Gg2+=I26m8=RW6x=0nL$hyafm2aR zt&{s3fEDKcu|c_VT@*))#7>9oHZ@Xcma?s|Q zo*LyVCfF+)uMa*h*3n8iBYVs^u;?^*c2u|Ahp6u*VuOR$rH(mGuYX?l&fzWSE6_Fy ziP4JxHN>CkgVH?YuXrq2Kn#)>pym1G)V)m#kXZRd!fHA4MW7O7v)>18qv4Xvf*w|D z+j)1GICW297&!fs>tPvbOssD+-Hr|?L<9GVKPp_AZSp*d5t zs+H9h)S?s3C78CojGs6zJm+N7}SPBj#bfQ&P7Fsy8Zw4ak+xuID7<9>t(QeTK zuehB-M#!&UEPSSX>(h;&F4c8<^6zD+e=sZq?U9I^9jrHmL?PVae8b%B~JK7s-A=$w`|^C4cFyTn|-ir zl8BDZNL|S)^ZvszC(Qh=m)eg=FX9wdys{-wN_kht zv^_j3pJGEm2rCwg6*IxRn2kxf6FXb%DJ$(0BnLaFd^fgYE=SyD%NzQD$Cay|%eUmX zR>&vOyV9oiAgM^5r!Vr+yNA>L4V>HT$!gN}{>phyfz2peic95by@wXMnBuhrR05Wt zv|na+B@NToF^$ATV3Q9({shvCoZnEN+3z9pD14+T=sxct<+_0C<17yF*aGza6P;h6 zblTvEJ5^>IgGQi*Yw?;>fjXM;2Jk$7*kV^_a0+q#wfXy2_5k59d@qOFqipBFgRRzN%z zu^TXOnZLjyRqwS(zK(Aa@av|>yaP|oys)OGH)ExmyarD~0r*_sm90Wpk_k&d`X15# zZ0?8lJ8I8Q@R4?<;*LX*l8LC6*RL%PUSY2KYlO8q@7YC7SYnU`%i`ZNHZpHxCug4u zva@+ZK$^-pAeCZo$U5#~Y${nd77(#sc>i*5ng>%{h~JH4*v91Qk0A{qA}>)w*4Vo) z<&@fF%(0D8^lJ2@i~*&n6k*=;h%r$vefYEoEMSP@*@5)@C<#&ZGBMA2z*T{m8@R&kjh}JUC#Rf@_ ze48YggncXyx!lT#!YUwgR`5z*Uhog`U?lbaiRx7Lq$~DX+ zuVw2l@D5EeD0aO^YSn00`(3BFDsy%Y-^ljNym!4_abZP$Jsv)o5Bq7}C};CggQdp1gOGE(*rvgTb$^T@fmydx+fOFk$;d^fvjeFR7NZYB)^(+Nlb<&h~QnxXc zu(D7sKsT#9UOPn*zFte=X0$Uq$186#VRmL?eI|%~m)BS$GxEdO7$QX`)en6MNd(s;9B(`2VXHwnG8`V+z%fL53ijXtCh)3wp zQQmkTw-$SB2fdanuAF3@bSn4cWZU9OUy5)v|1CPD-V>7*n;WQ`<05y~>2@tCc#Y-9 zyr(>9{KTC%vYhe6g;{a-ih50rit%izqKn`{_QyJox;=Q!A|4B<^lGk4=7f?c;%LdW zE(MlMklfP+YPcjqZ`^9=F7*C%GEy1-M3#nBX|m{h8NiUei2bB_?%u16o`;$F2?NzL zaz+ZhuNBqIM~teS^ddHIIfAqd2AyVX8c!xvI&$y>v6L?!>}=ogq}rMby`1h(Ngl9` z(!{6-@sQy+()8F9L3^Q+4%VbCG!R~}dF=j8QBm2E*Qd_EFPV9S$7>^i(V}LY9;GNT6m1$=XUFL2CpTeJ)LO5FnoH8d*x12z zm8evzB5Aiz3$$vig|9pN^zuOu&WpUUdK^Kj6a6QOh7@a7oT3vAPX_XsR+`s~Mv@*^ z(OI|*J?nBR@W1T$E_@`ofAzfUZgt`Np=K_-hkDb~p8VGBh~zKPv#=1JBr0bClSy?w|L$N5#aaA6 zU*w~$SD@qol%yzwT}qC=y7by4m3WPwCD}gOw|Rs&c6DTL0Tn^R^F+g;R63Q{{+F#5 z(u52bT@5AF@u`(E#6N){ACc1z?iP@0N7jC=!1;j|X8Pa0=g0IZZ$e9hhksR!P*3JE zjF0L5ydJDQB#7FLhuCZ$|4bipR;(+X`saiaN(X1ub`+ z=xG%j=aa|fO=^pFqGf$v55QC-HfA0shhf3-axeLm-~89 zY@tiPM$b1+HVFMc06}^n&k;&LtbLFNw8VGX#yvo`L<_j|Wt<=F9%!Yh;duXvwDh6qTkzDdM~n@;GvJe&qt3rl zx;j=3xEWdZm^8pKgbpPSc>a}XThInL{(&(5aa^ExZ|K;6{;TVzqjg<&iLZxF;Jnp; z2L30~{y!$A!zpi5@|nOVfIY=94tQk@c#UfiGBPgjzf$&Skjazb8={=%;qmuv>Z)Jw zF2n$Iz?76pgFnI69q=RNc=uRK2p~Z@s#Q3D;GY!0y}i8?fG%=~0#TmHz&Mn`4nU|Q zz)E4f<)`ZT9$bS|G}EmQ0m1Jd8Gu#74{$PF7J;KHqdF&zBh$y|EHfoxViPrv}ngQ5w7V1YAmuq*b8FwIujx)6F@$l@H9!(lY2-Lxu*nydmHPN01G4Yh%#e77-|ym5FEu z4wX>A<@Bo3%GK$4KeEaUekvqHSULs9+-Qt1aO@DdKIl_tBk>^_bM0*vdmi%k+h+WG z4w6VHr{pv<5d38iylTNq6F}F4?pKSBPZ(uS9l=ivIY%~D=TnWQd%l#Z=X&Fqu}sp6 z*7bYs&#iAO0U~Jt7+N)qy7`6!JQX9)$b$5-u8ini)EW3*RP!x! z0*QU!DDMVg8T2UxX(Q&k_R0bPGshoKyY;An%XFcc3d}fiWYEiB$_1*D=;xQ3EjRm< z+d)v=&nG7*A;41_az}YMPbLvzm9=_W%D}P&Luf+SkM~Lwk6}HYX9* zap1|c!O?EAt(N|>H~%Hi3uO~7!rE2)0BMthqoff-GWmZWl+N6JbXeZVh7e%QI%e$) zw8bI1+up};<2{&$vN#Vi{&EH%Z~`9}dRo{e3g25kg&`?;UE;3URqizV;Ulku-WHhmM?i&024u*L*res!Ecj=4Gmm|SQ!0vw^%)alcH5Dd?@%Jjp` z0&VfoyZl=A6zl(ZA`R3@f)Y^RwhVrgC8z`peBP&;(~TYC4dHYWj0XzKdE-n#Zen(v z&&~q;YptR22`z1UdGvI4Tiua37y9VY9GVUZ@dY4D4M5LUe>8`d>os%lIh(ep)L(H; z)BWJm9Q9??d%5_^;7~AAO(ACDOFAg$y6ByCJ(oGR6qxTJW&$_=k^9a-0FH(9vC!Ul z+qK0ypV$t^^oJJ3J}cLM`O6` zC%$}AVBljO9xV=dItN0$(KOQinU0V5$`ST6WH=swFDU?3Fvj>fAq?0e^H?!M7=X$>1XL5#w_L^1Z!+w2@sUha`i zt%{wGd-P9VyT9fMk;S!}EdK%2-_ai?zzG*6WIxdksJqPl=BvJEe=?P7umHjBJD8Vb zfH#&RIsDeg)({FM0LQifDHtxl!-TQ5djUC-74YC9g=f7r2QyUGb&b*RY_F|KIb-i# z*~+D8gNHNK-lr~ll`h|vlf<+gY7cczSJNV(BU5E0dp--n*OI9KOT`GhteiTE%W5=@_b5R~1xz&yr0hWjxiaX-zJvP?!0?v?V|Pf0;MK1z0ylTF=} zj=aX&#irAJjf%7J4W&K}$wlUo?U4xl1=j%eZ-A@fg+*OyuXxS=sP|qw0H+cF&lX*1H z+&-OL-TOXd1QM${*RV>M9g%PLCL?CM62JN|$!*mLSYP2+9%Upv-(2umrqyT;uU*_7 zNm}}WRYGc{i?YV6SUNwuCFONiYUkngeabld#V7K1Ouq{j&K2d4>yA9kzpKlHTxrfa zIWT>JSjzo_1N6VgdeK@9nVh3RXSB^@btPSU?BsUlWBGMvY3O~5M1dL6MdS4&S<@#;=isx55&BT&MD>ZS&b*IbJ zXwqu`Cax@Ygv3#-4PYnEZaom6q_BSHTeq44ATg8&7?;01 z3A>{JHoJ@ElMdDCGZ@nJryCSE#W@q*8s=gXjaCvB{`7qFJ9EnfqH#sbAq|W07oK~4 z6*guQ;o>L960_8!P6ZUk(cZcgpKfj@D1Px&Np}lz!y}1h(6pqQ&VCzeTx5*>P+ND) z3ze*8Kc<}5MVZMMsi=)U9ikSn(6;xQMK;x79=p*SGm&Q#T_DZW;=8K0Fx zygA7UTrZXB+rO;Z*&e4juvJ(1@My0|*yOn*cBfSMJ`V%;iN?{@i@_{SUJt7QrM>mz z>KnKYp61zi&t4V`g>7e%to}@3=r{k(mAB(;#eF&QLH1%B;HyGq7Xf!#&|elx50LuY z09{&DM7j48q#lwEllw!N>aWgh0f4vUbP^Ej*#SDW_F~)bItn;XJKMsjzk}<|;>WTE zyy@-Qx<<@kbs)F|kidF{v^<6=b&z$W8iivrk)zEi>NMy75ODPeK}HG8mXth2j?QOD z`2@|W^^aoLWWlW3@WEd^S|9COG~d4fw;F_dvS&;I+b!NmF<9g%fJSgw$Oy0?JwMtQ z-y2loRREpPJ+&p4JpxXvV&%tM)3!5V2!>O2z=X^@rNTW(r<&t`xvad8lmJb8zi3~j z(thF86Fp=~B$IsTUE$*h#|2y`cAR0kM!svXV=`F!BW}^qqPOR2!+8==3zY%B--x-Q=YjBb%G%U7INSg(y zVIH{%T33VcdUH$y&dW{_XeoQMX0gvBqczYmoi%-h0O47yKSPvwRot*g)jyza#)jXH{U4Eh9=*Jdg z)gId~ktQZ2tfMkIRC7#{{j0e4;;7kS9JQyd_s}D~Xs7HBpW=O0NiGP4s!~Dbk(Q!v z*5`IHz`QO0HG3}YveR;IBXGgZmlLwkNKp8mnM5Uu>5%wPi4{4-vXi9y~8qbH^j zv&ioN1a5X5cLtKCYU14G+T)poejh~rR^7Qnw))pM7@~Xg@jVH`NEfWwwk<}buMPsH373oW|hx-Puewn>YvMn?rI)#QHDw&mbv4FdyK z3v9tNNieU#duQZBpcvE=p1Lolw&Z1Sv0(3?Eak2`V^r0E`dUy~g!m@QziRb0R-rfB z3ijB9{`W+JOdVp$#}_B?4%B(cOt$fh^^dm=c%(wCn0f@iz?O{xAiVhtVH;x>tZpXV z`rl$}FoHol7G(@8h}YEWSR~%50qv7b=h&3LeIAQ~O%=t$N8}wY1Ai!7u{c_0Pt@NErIBy~TA@5W;Ni(wATFp%oO zNBa>Zo)`-NV)W`g%5@g?3(&1WwSJGB502dqHI}f!Mi}72d?8wM)MMYLsRS(e{7XT5 zOyl4mcDg)2^7tP!h7n|>UC}E3B0BKY_+zn#kdfpwXjfWo_|f^qF~|?|;PTo!8^kj| z3NQsR0U3UOSk;#Jwok-`{9PKjvQOj)kS+dZyQP~)qo}VWtNXS}yrJq?w*ah(#sj${ zO{l4y`nG<>zVagpsmM!pUh^WeR*pY?&wM{^MQHPrhyVki#{UXi(}i`W9wq!pRV8}f z&jU#d!0-6nqWMEB+V#W!%A6l05OUDbljQ0FW0A$y&uV6?t?RlBv=x>sUPQXBuI_1@ zn?oD~1P~s2=8T$Ph9g$N)6jIP44^=?BzGfvOMS~ zig7K0-JcSN^cj$TQI-k2$?3H`f3CGu@dhZ&GA$nbOkj!EBIHezJY zYr+p9e~=n_R09z0c&?3A@4knMiBb3=a=!{jZ-bjDWMDr2_CBfsN!?kF=hVo7f3jox zyZdK?WkW0{toTC(;6S&z-mru6!{f`2Du2x^n^P1)N=g&XF)SKf2ENI%sGS8`Ji38< zJVem~n^;F!FWAmbdObY+F1R)Dj;KGPfdMp9yg$*H>rN?ZlxDcvXJ(14gFm*azI4V) z%axvEF2K2z{mdRYMbf@zauJqCr0Oq~tH%VNJ0cdQuGq{P9Z|Tl#qYY{4*)lY85=5G zU#T43m&kT6IvA8woUt99`rZkwe5W-YwZcKIXG#)Y()1RP=f!`f*5bNZ; z2~}&^oR`MB3kob&aC`!qT|LO%B2NU1a|nQbzk+aewq45CH88s_7{g)5j1C6${go3` z6oQcU+LmJ<(AkE!^Umw8Zt*k$neYRG^dNgC$#8{a$|ns?EaVL)jiuxoD@`Ph@n6$8 zVNhv+IWNX*Z1m}Zl1@NdJO;u2WQaVPzbezwTvG_8J2Rcf$|#KfChWA5&FjzLMH7EA zajXh(Z856!FWkc|6T)}eEVuLXj-UAY1JdnIWlPN675`5WDa9-n`Yfd z2oe=Ru1d)h!WzamoTpXsb>qY-N?E^Fd+=HEBTK?H23zvWl4W}}i)d}Ezxa-F8Xq)3dC zN#07=JPxc>!t^NLtkZB>0y!)FML>q+ zFoPk*TN~HHdXiOFsUG#}fTaG#K)6X3fUC4A22GMtIDkj@b70eN+p~yr-JO?)iM)PS z*l8+@sfCb1E_GMkLvpaV?|Ff{r9!3LgqYu|zxKuCK|R!Ky#V;BIEigBw+%L6tmCi8 zgg6U}SG;ZXAyjv91YKJ_j5uqG5{TE0hczWmqzmC~5}{pQV9$cLWjcX*0%1WcK#caD zyOxkbZHW72B~foH>j32*d$Gpm-Fd>8_^aYA6M9es;%>PI9kgz~mauW$$5?y)Gxg?S z!w(e$XEjYfuK3j;ZStPV@aw5VEc?bo`-0}fZQEH)WDBfV{io40&j7gECetEB?X#45 zfN#T|VXh9hU_Rsw)FCO?bJjcESJq703hXO>Ev$EmKjB8!Wu=dTKHQEQNaL~~7;Y(9 z%itFwBYkt9mns)wpf44=Y2vph>f%(NDCIT6^|0eJv+XxVWak0ZnD5iYgO2*8gKW(V z2W3wPb)ohAFXNx}m+VsgLQf`rZbFg9$G-@%p~2TLtE7;Uy11{lJbs!HQ4RA8zVe>n^)U%t2(v&YcC#wHL2@VHT#^Oi%spL(=`9 ztHsZs!L+QSNTHkggm6}8r;$5fv?Sg5@s87|zKRQdm5RJOag615JQTBRB zrEYoxda$9fnMzswiLaCAeX&t>Nq8I?+wY?wBuN}X@f@mkbU;Y{>fwI3V4Il7&fFtR z232^`=}S64)|;$NDcTg!Tx|mS5KL^6*eB(0s0CW>= zHuEn{(y`zk*z~E=={p|%0O5+<8U_jB&Tt;X5r0x27Un2+yj?f{1<6V$!8S zwN2AB(>AI(6G#~+rNfCnn)J#fs|NGI1$(FzOAwuB188(i!(Lj*ezazxFY%y43&2O+O?k#1F$sa1W|d zEVCH;sW^YW&^!8Mo_kwJ!IHUf-Lh^&>F0~dbfLu?KeJ5KB+9kEIwao;c`QO5N0y&= zV8P6l`zERW*e#vXAh+K^hkDYx#%SACyrV)U_?9I#sbk0JdZNe4w~&HE8CIb}%d!GN z4>7s%QE$D|o+7^^J8SpjN&_3!&`b&P$l=yJhYSZd*P?=@>iodtLrKR`cGx><*`CK_ zC!p#Ir@;q;Um!en^z#1W8_11&Kcm^~GB&29ZuFaXksh7DWD#1#(t@Nfs=}e1AplLX zTx7if9gm8%f9`vEsQWUUYci}5I&?KtIbLS_#Lh#yTC}nyX5DAFA=z*tCv*L>&UmG! zkHX0N2WyCJQ1;#X){#ilgTGLuaAfl_dMRRSH;4R9BUt=%^a@t@iKp83p#1Pok0{3rU;A1I-k4S@5=h^ z!mo~JEd|YlOxxmHl6{Zv6D8moyjJJ&8Y`-xvD$*VDop>pv}-5CEu@$Op>a2~oJM$} z`BL9$=&Y9@|nIljq3>*PYF*^xT}dXRva66G~mFM40<#YySnfg zxY$eut;pk?Bo43U0*FJOfPyvOS+OWTx%`BvSqtty-5gGLYEf=-a(Ws#%V=?WT>~=xaYo^&6A=C|P!nTda3KvpjNaWe2D; z6y+yh9mt`l;tB76ZTI@HSH5@Cz>$1022c2nEBd3Yl9lD0ZIJaLU2jj{rN@mN=6<@e z1AT3JJS=~-46BobZYDH2Wffm)k3~f~_}pG=JHbRA-NzSFw7eE!k>(P!Lv;Ik*x?f1 z#kgx%8pK$<_g~ouX<fw)*aC3hfNHYnw#2C~<4o?iWRwVC3v5OL)3dt=wM{fi4aOj9o z(LhP&`dH}1pK!OT5@EYBlLqR|Y+i$flWzpB+?pAol{lAKG3$E$<$nIprbgXbA8eU$ zrJ<}O4h7}*o;tQ+lUuF@ok#mNGZNTEvHG_ghgxG!VFVoD)&F)pumQ%t8z&k(uF~ec zD&-{YRPA$0HLYmp+r9c>vu6Tajv|fq{=m8Q4D_&dC8np~;_v zC)#rwST1gHG=tn$TISmHBv|30_BRK9_tW9R21PJ1yQs;j%H=Azs@A&$Lzr<#XY4Dc zE$6TRQS%mV3*^(H5|pVZ2l8sMH61WL9$^wEQobo8CUFA%UJ>OJgkNDzWi_!ACQKf2 zS%@&BTA&n$zbiM{W!QC8rEfg5;+91GyaTq)b8o#jwlQw!d7#82=%gIDG#hT3%muhMGv)`di6^s!xuGxB*|nZ8O?QVt~SO|u1a1u zyS@PvQ&Yt#{xpci#@Ktaf+L#OK#2ZHg5f!iuGr7tADx!W?3-0W$cBylFl0g~c!kIj zbDv?Tk5W!;sIRkJFahI!%oyI^?`*RvJYu-?1We6cIx|viN?dV3`D8pasba>H6Jvq$ zeFN=^nBdGtHq(J19dm;?>nI-!hSJ^~Zj;F;0R0CX!@oMVFXtRF$Zi>7WzpwCB6JHU z=10t-2_On9_{%;H6iLPMvYHQOOGqwCfXu()Qsyh#$BHe<1*@9*dGiJQ52yupr^L<` z!Su$QjZzngW(v8+%bnMP-?B}`!7(B&Nu!w^NrKkNtTXNsB#&^c<%z2Yx#E*FnpsnP z89NhY=x=MNtnQ_TnVFW78%*th&0;#ih{hULmNT)xVJaM>A{uUTr?A2~1;Irn=uftT zS6az(@OwEN+Ez8YLKU5+&5`;=D|jfB3p#j)b#sdJP5;X38|Z*=@3Aj zl-MVc$Q$0>#IZ*B`%m7HXLRc`k^~8i4*>N}!8=vr896uP@xod=aV}|oM{a&qr?u)i zQu>z8V=hBg+(mu0Q9WG4YPTN)5j9B5Jk$(*e-sad#gnqa&Wz2dDpvoyZxgG!xEki)S~O9$d5`P=30D!5B={ zsuISGE>%1@oOega7DeL3gH@BZ>bB;;#sXY<3_q}4JA&0AWFRtyYyk*3mp&pbkwl)5 z3}e3~u+o4g^pIfvZnWqg6M5uoVQR-VMb)YB&u_bWA8d7!LAj@xTb9wgD9sDxY5k#UWW6a{37gNNX`H;YazPz*isi~(i;`?mIqaU1gE#TR(5aFDCg z-FLT)xLiMrzTPp>bXVg?qO_fRp!2AA!Cx)9OYO!78?vgenq0c1X{MH}iIpc};RmH# zCXOWSu?%!`iN#2rxw}r7O-Oj#?RdWBAVCWxfsQmi85@o~QbLlaP<3y>+^D_f!zXL% zc<7RMy9x73?|$X`0ofJDMgPUET}^|nhk_SgvO^sngj7*`nFUfv~U9TLY`+U z(%1>ei3Toijk$C42mIjA2wv98zruLH8I?bKMs9yrj=(LMWg0L}~d+dDp- z0PG7Yimde~o&FRfd@QeYF3#eiwY=FE!5-IKFzkp=3s}4YHiFj&*oTPtjLOWUTba<-U(^u?}#amH92Jy0FsBC9F z^Z63~@Wyi7bqkQM+zq`!K4?Nl*a{6bStrXs2cF>XdCUJz8#?I4Bqfpq5__|+((Blv zWRD_-eQQyjg`5t<7omrT#RgJ**-9d^Y5<-gN4!+vpEAa z(2)&~2Y4^Ky8;&S`HNgyU1(c{64~l#!R-8fj?n+iLXn351f)I#@tFHn$&rzUOSYom z6X=`R`R~bvPZf}4r9JxhZqtw7ULDH*RRxqh?Q*%7%m$76k>FF9*cwhj=O&L~CP`Mn zU)BbAsr7Kqa6^uE?op0$?b%X?P8KSNzz_zGNnRA|j<7>wEeL0+7XqS`0jRWUO)zCOqoouxX>0SpjEGK)DtKuD|t;=N0v zxVx$@v7F!N3jz&!BoO73Wt;=wG^;B#pMs5N}UPVts2-)%R#_D N1zA-Y;BI{L{{e+~Yq9_U literal 0 HcmV?d00001 diff --git a/copy-of-sdk-docs/learn/advanced/baseapp_state-deliver_tx.png b/copy-of-sdk-docs/learn/advanced/baseapp_state-deliver_tx.png new file mode 100644 index 0000000000000000000000000000000000000000..f0a54b4ec34bbe282ed6eff81369428d02dec095 GIT binary patch literal 59007 zcmeFZbyU>f_b;sE00J|lbcujcN_P$2pfI!uf=Eg?0z)?_2oj1Qpma#rAP7vz}ltaaD(*S*Vs)R{T&eRiF_U;B055n39Gg!t6>*REY7R91rPT)T$J zdF|TuFbEF#ADwR_sn@PCUQ>q4Jn%H#$iRL1Kz=BcAi?fhJ7ktE`zCMpV?DKeI85rE zDl~$G3_BuGh721H<$Zfo=4B}(ek5dxQ{lmv@No8 z)FqYAmMHtPG?O?LqN)>bQw|M}kdC95xP7tTFXbj^H&%M)f3{iu?%9uztSYbWR8{;W z!B~Yqnyz!BX}UaJkCD1McZncjRVm~!sXHiqCl@BDzMN?&<^zM8cbQJA?h8Z0OMkoY z!x87L2KAQQ7~qHXzK3f+;;NnwWRFRnZRpySG#-63ev)hO7KW&G&b>I_?>D-wkzP}4 zT7AT3lGXKgQp>6W_{%iJ(Zmed&X8WEYQ_A$%68P?Y^#2IoXhAl zr*4DiZqEZ9!w{mt7#g7o^v+GIp8YsSiw4QSAQ3JF5@C(-lN9Ddq2{}|UNDLPrxEVd zkd|aFBb6I8f*ZYU#8T(4UHTm|9cLXM#y2R+GE;H|5dc!gKxQX*I~((a)pGbP_+0Iq<@J|1*v>GFuwr|-n%hY zW>MSoUCGdr0E0y__S|Q6FxPDhtQj(%U2&i$0mLr&`rvLT?RD_z8|D%3WN`~ZHH{8H{Cc3bS9$CLf@ z_=B|{wsR-TSplcJUm3Fg`uWcckC`$`Q_s0yGQl_*83HP*120(^QHjnpp?Uyg=@ks;=Bxf@F3Fc#2!anyYyBu9RPvDEj(nMT6de82eqKXdD{`I^r03vMTZkVe=Pmp0al05vJ@|dT9pj_IC@T7`fZJ zJ-nPQmV?tMpFNjImjdcPvB;s4ZINSqh|IO_&lG(8C4BQmF1OWKsk!@J7uz!4Z-#(# z^I6~h7&@1pdw~KyCC!)5M$G~w1W0S|6VZtdPkgqw72EC+`?#oRe#qUkpA~RfYvOnK z<7nxPX&55cC5tpSg4Y5r!{Q`7cDKhw3D$=>Vw4bQ#8uz?BKhb+9 z8?qS4{)Lp8Gvu0PoG2C?;R?NfJusz*lf2z`y>}yG&xGFY4l41|f(e!AA6+H4#29}E z6_ivDLf7bxp#2T&UnuJy~AJ{yh4Gu=Z8CUvd_0ycwRX8h0W@9J@SZef1;IjpN$ zHKZZd>wUas@3UEz!evnYg<8<=DKPhEjSNxp6=^cPZIpPNMwZ`EYKH5eGDU44*s#66 ziQB8j-3}VBiN|fBgnCWBUhiXbKuE`yHk__~YEsOABk)}h4z#c^TF;_b_920bFvg<0 z;}x`Y=H~i3ZQ-Sbq~^*qkS<9eJm=%ItX@b?V(D<9!BCpe)fM~wRoz#2^#vVVM9+8H zfMuVIH2QeFxn~g?rM5F`J6bGI{Gh|DX)ct8c8*HQzk!gNzq4`f>S)q&v*~QhMT!Se z+7f=P(71MRCg93X=y*s|s_Jlk)F?~RukiUoM=ax#bWN zo>JMGdCrAwB_P~qfi${%RY2!>(FTo5}UOs-TD_cJT@oX#NIdlo{!>IK{b0!+6yTcV@P8U`d6K8<*5<`#zXi?-*8!?*%^C3n$(~ zvHkRYyY{_bf+quEn|1DVg?23j>hcI3xAQ6uL3C83Cf%~}2P}4ew)PEt<=7f6$#Thl z{y>>k^!LwToAYJ*xfrRws+7co)Af@2@aug%SV39O_aZ8J;{*^%Sp{t`rlhYqy)Jko zve(ICVtI|Z?AebyEFlq3H5VDZ<;YgXEaIw~FHgJcTvzAQ*GGzs9EFITk)#Y4K8}OH zt2bzUAu6f&pBQUP=0x%f=@e^7UAP)Gc$TTM%1NdBq@M`bjx4Sb+C+sBFGhvqEC$M~ z8H0+%WD(WIb^lfD3VuJdELGgAJjz#^TOpQqb@4jOl26Tj9+H4XR_Cg(^gcC^Q3LCY zDmg<2PZDjPU$69yha;>zqNx^`xqWe%yjR|ZrC-diKFn2_<2fcV?+R_!S^c4nWNrNY z%q;+|;B-f;E3*VDR*UZ}oLgMxF)SNR%9@5Tq|XfB*p`&0v1P3(eH$!kstjFDcZiZa zpGtVmNDND6G*T?bCJcN4qe%Cr)f$W!be!2>z7r>PS>y6JqO|9YP=DiG9DUBiUA9mkNT4}+QMw~yV|Y9p&>VH2H#~dFd%Z}E z>@cagecP*#22=>6L|?GNvK|z#KnQ(EGt8wkGriXerYbp^sp2Cis%#zeh>66TgG;4z zn7a_-zKq)NC*gZ|CCsHp?SG4V_k_VE5iwe=OA^|rCNgWX8^f4>TM>a`2bZX7FHrFr`H;- zD=HBWM-CU3tX7tDu!9-+fFyZ^9d5~wE)+Zp)Z+1GT3jl~V0bgX_d{pvQ}0Zehi=60 z$*bsOBSR_+X8q54k7fe`^tB{y25&9DNHUba)j<=FA5N}KosE}M@cj8T0hR>JAb1_s zo@_C57hz8HGNWW>60tes^cpBgJz{-tU5~oWnK=WOouAXqhT|zd$lrW-6ynO8t?MxWJ;(`*0$5v({G zZJyY0m+oq)N~3fpsA&hVg4U^zhg zCd`vlWt{AF^SF%4jKU!V`b<8nPkxfbl}bYwR^=@}l*%DJmCdiJx)gyR>w5BrGd%NA6L<@fk^mNtlV%`T#)1XMrECD zUOnX;#lkgpDxcB0Sv|XTuxVq#clD+;xJM2~0+mSA z_ms?Y8WILrnRVgzj3GI%Wxh8^a&D-r6a1FbSQwWe4>LuwlCxVKQ!{gp+h3^-fPW&B z|7SHM=3`8ywR1hrF_oVok&nEoQRWc;!~+=rR7$$-a=CZaTlNVVwY2@t}vDTdEL4utpTVyU{^ zK^wKyFY4S|6}gJr$s9(S1lRGS5)F60@k7fc@L!ThfrQNE8f$W7)pm3*R&Vv{b@GqE{Gmu5Tns*4&y zkuf<+&PzwJm5Xs#BD_tf2`5jCe{^+!S@`w20m zwI5TBI*G(KN-e7+MY62oe-g|Q}QnS zzMTuIIYE~tH4hi+_s+k*xvv%E)!mJI?`XW>z4Bll6u*fUuYN=UdsUr8DV*>^le1+$ z{H!nbv#)z4d6*rh&##d^RgwDLSx>xi4$_3_#UhbY4)@$>#aJIkY1s;%8P0Ei-2X zLfK_cmNC9B=o#Yv*>{|bQY6{MOH*;E&W&52p`8dUd|AXw{quHmec?pZ8~1GP9QF+N z37e5>M>C(()x6DA>&)kbOwV;}^ukGFFx4>?>$>HrJ-apK;LKRUyTQ1`?u0j)c!XQd zHY(!KsEYe{8C;RP6n2bW>eRMLKWh0ze0d9%y56C88O3W*dP`;rS62nFW6oYgcHy{KF zJV&w=nGsK-0FGoQ6em)4@M!xybQH0NZUfcj_S5ua)ok8&(L$JAT5!cdb^R2SYu%Jr z=SP(0UBpa&nGEPom?@`U7le`OHzqe8;a<-8+2zWopX5WNlbPZ<&F6|l5->!E`6Pe; z#5{IXx|T7+#0Di{#uqLG;E{W*Sb;WN-KnoY-k|E)E8CWE7gc27FtbiXxVW@)IQwvs z(WqO%GF3Qc&aajCai29MPris;xz^>~m4IPp(+OX}&77irjy6_ly=gr^qy~7Y&zwNaN!XeN4q0|{LtLJPRvDud29n_iCCFspT(dWMjj3E z*BuquRbn#@a>NqDMRc|S;b#6U^ycQh_bfVu$4mK;iG9aoMB+*;mKy%Qm#dp0s{WAG z{c|WJC-^=1yA{FlGBc-5Sr$aq@X?QKS;m`?TdIg~Y!h3K{MgjmVoVqjYQxOSih*m!-6Jig3U@l^Jd zDz=W&yj4b#zLWe*2s?o`-C(0qNpQ=r>e#%mj?EWVJ{x6WlZmc;nZb}U91b^l@mLg@ zC`6Uhs5Dt9&b8F@j8r~o>X*PgjAAV~9HH$YVf>G`#dyP~y^J2*|g6 zVQ2s@2iqB-U@aekr|?3Ru+86vBA?>GFd;33LQ_ApxrP(9l4R+y<(I+!K1DTfn$!); zYbZ4{+eawjYlsW*2zN609VA4-e~#%G$x7fH!r(Giy=lK@hMPgl#l0DwuQXb0Lic(Y zK3t&tRUQ$~R9>1{oAVNu`XV0Mbpk+3<6iu;2GBmnO2a=0!g?7aFgOGloQR)mh^?kGhZOu!7WF#vL#|)l zDIVI`4zWR%&{u(sT0=oDnkpo>mO%`7#0nxU(V!m?xK7s1ac7??jCLME)OUY?Jo1Ez z9?p{=VlG)=3&mi*3un&1VpNZwAjfHLTRnc}$cP#LUI~Q~A8b%!3I1+3(=fi;VhZ;N zCy`+UP=U4WNa1tKhZ>u7lA~{ZDY1Q8dR$a%$sSzcQMAdt2 zZ%KB%uL@v+Wz!S230iH6!Kwyts>tvAMq#pkIA0=B0gjsfinj^^t}Zo%wsClQ z!-m_-v2&vR*>e`}5o1u;22ktB+J(1x+IS2se~l`Zr<|5cW@h0m+fl;0I&WhAE2r+G zfp;n7f!8-Q+ANaOC#5yuXXpfSMGFsBTH1J{)#v@s+b+#Y^NF11%J8RaDoSp9r_Rvc zop20+o5JTg_%OoV4q&!vx9S{!`Af-?i*RS?_}fgJJ?TcIqG0|2<2RimLxIubwohl_ zrg65fYxPnkB)lv(yG~c2)B4C--;Q1zFNrLOLswy&aX8F#6TnN8T*OVCZJpf|3Hv$) zip+K1E+p+zGil76U2ltO%K)%HP`mR7-j?P@B~l=&@}WEAfv>Feo=?WEGlzHY=oJ|j zvDvdnvy>FC=DdKJuq(NA@;*)|x*t_)`RSK#UNuB@t#nugj~QUhj9Ojl0Ei;u>7~F} zRrtxuH|ZVcFxTPD=ac>Llb(8;3Zf<a9B6r}xec4TgMWTXXoVDlYU#(76lbT$eGuRCIbe!lK&gjHZ2hY6 zku@BgXF<|7hQ?Sr7r3IVTAzqjRUX~gU`$|Y+M3gLo-eFXj^kI^Q)re~k zAH_8ki9y>u>=jdH;GlLJ^8&&3X7r?kV6|sj5y|RePlM=1M?0vZD_iQ^v|-8oK{PLN zF=Y`otkG-k4tU+HcT!al?C`ue0-MLIDlfx*@JTXK`YgT>S{^)z_#w>aJlpWhZIHw4 z<_Lv3Uhu0RE^v~RZYCuRf_lEa5Xctz5Xl--iet6<0-C(vyAk5~*3uC91mLd4ju3r3 zmtehygp~$Y`rFj%f&kt%c~0x~%K0GEn65|NI)dL>Ew4ew*a*oQu7{VR#>_cauCJhU z7if(y5+rLqATEmfHCo)gFD!+~5PwcmHVs!l-J1sv@61^)WHUYI@x*q&keUp20_zw6 z+};jAGw$cRU+d}b1MsGB-GoG>1R%e~VfchppoQ`s{W-9nM1sdCq5Jf=lAOHvS1<(X zA(A-IGAerFYThR~ZASTsb)Fy*8Asx{GPHtSM+Xq$UI6yYn(hLSQvFV;_)jG|| zzQ+{Trlb}Hfc56q;5GmLSN)woa#bnCj;CBQe8sze^zr*ghkX5&V%CHS%Z^j!r{}M| zu?{uI`}8Y_1-P7(U4lR&IFj0jWmq_Ks>rO!j!sY;jcpYwc&Z%ffktXbR=?YG6ui`W zvMMXT0!gK;`)Eh6a=rGKiUWU*TW8sWVn$H3UJlFD|K!Q&quptbSvMPt8S%QBq5MQs zPSTN|sMn>^C zyBuE=0LhM2SZj_tId>(p3i_QMOnJqL?}ejhOMgmA5{362KHH6>35;o)l83{(INCv$ z1214C9eh)XIM3hNEPzoCJ!u?YpD>I5W$zoINdTUalM+K7+zf-L-YlZvOa;x_leofo z1(0d2h^WoSodI+~uB2UOhg*dA0iqhHMwJ!@T-N#{0J9Z|KB&L30vKw|`ZeOY7mv^w zys6hO^1DW#3%Lv{J3&Du3@WhZt0vV}RBPUNwou&d=y-gH^sjHPOym?GIP0TDMnd{{ zN-`OuZnWdAt$7?QSYZMsb!&GNwZ6UNSjeV}p%!p%4)c}1Pr+llL2bm$mOy3sc9qp+ zeN~CL%nQIBwC@;AVpjUW$+p!w^pZoD*6W?jZQB@Hk--F_r62j)ZN04aoD}pc3xo%e zVYo5kZNhK_>S@)ZE>08)r;lX_KRSM0enJTPq-8oj)9y-N*prxZgtNBoM?+Lk?c_bY zbxJ|gXD|X4`z7xU0`V1KeXmS^mW|iA}SQ zl{29Zw#$?e^_1X{t87Plwi8ASuz`b&hefn@SQx*^JhfI07alRBp;XvVItVNaNuIwF z7?|WJIANAn0)eBYzr6F@o#%Fz<-&EGC^%!p57gB}g2~paVt31#1~2Y3SvYbc8GWMT zA4KFsR~el#$`~V^e+J^#<%bKIdatrlwlk8HgNli!+V^=dON&cnzE#XOA+=U;4fr2mura72)O zR`g2^v}2K*D-)oT6HI9Q1XoOd z#gnXnhH1n4?b?)>)HC;D`V)KpIv?COVqQ8uHf?#m)xmKeVIC3vGk$GWQl~FW+$=O{ z#@3u^MAjdsI4AXhN(iTDaoGV3KYs-BDosajJPC3!{rG_6cpP*nOW9oTha)9sj#J6< zfs!oF^jXjSc-?qsmdkRo{c*~rsUI$8o@dH>4}KfFn-EAu*2Z%8DyDFwzaL7SW|rum z+}TMG*SWlpVoC4|;s-~z(g-AvlbI85Y;$tEsVs{6$ArUDLEdorRy9%O)%o%Zas8j; zdPO|d)|vhTroOu(XHS0hkL=YE;ccWHzx2PTpQsqhj22lfQ*_w~U&D4$z~@3>5P(ML zn$Dgsh9*KOrRHEzHN)z?VjM`m@4AIeNk=(|V?t+nQ1{>ddgAW&)j@A_Wr4P=rfe?N z9p07hHk|*-XVB1iU?}^0J)yq6_i7xtpd8Rj#_JMRevzQCTsES@AOBq>4AWLAbITVldhdzz7= zs{J%$3#ov!7!xlG;=2YPEB*G4Yz05siW%)s-l<>fpw~N2(@Wmp5%zJ?B4!aC2pHr) zJKERW*o6h#AM88UKHzoqJzrw>aoOUuow0~7GN>B7eXwm+(wDiUq!Bi$IC(wnLA6=R z)zcw{hS86DQWNq|5iZ{sMD#vPagS7=upV8cWEr(B*-um74LF~nr=1#_@nrhCW;Qv& zy*}3a?IoA>dxyqW4bhU~4Abq$ikVxR<6W^O4<|EIdG8#be5yP6tl_3vmAQ~vdPTo? zC4iM#*j!=^({Ea)_h|w4LaMI>*gEiAErb$|)V5N&51Eh_K0ACrb)TW>bBmQmLqDjB zN;dV(iG3DA435@Zh6*p2&U*@7Iw(?evGqIHOWY6VnKThDYcklLRtKRLALK~y%GsotVawa(+gY8VY zLU@GEy-|a*$F=I2d*Kg1xz`ZZzb|2tuHV#~ncnsvC#RfW_QzPBkC;M>R7+wqk;po`ioH8%?8zy zGTn7!OOM&%Z+$ktAsOR4I`t)*lqvY+Jc;wU7IgloE_da1jia@V)uTm;>d7&$?Xl*7 zt0(sT5;GdYXBhR_Lq$jDNu--$CC!yhqwas(M^Y=<6EVcrmyyn6vrN{R-87^sT4h2$e)?|N9_iv#7ShB`YikI`?#} zA%o6$vFx*Xn|ByYJ7M~0Y$!MC7c0Z-%2lbUXPGYVSe~p5&!Lhs>`bZ0CIT)$JEWLC zV#_r8%H2?2TP0jn$HJax{Jmvs!!_fF_%g;PH*M1Dl4IZgUCoJrPjtzpjc^1>s0wL_ zbRaN32h`463CUW^2UQkj#G837=9nz8`$bOBe=2FD_(DMMqpMAQfs3Zm&NuNlPFL)2 zE;qW5j->*Y6%Z6$X^zc>#^zt?T^gocU2OLu(Dmr1VBkOsgcU@cD+w}_Vot=`jaP=nNQocX|0zt zb=gGPhxkF`!qq}ixT0 ztsbvdm8_c4H(P{sv$UNWo<#c8KP9l(T_>=2jU#gJPZzR#FnYv29d$~wCK?_;+_-f5 z8bf#c{?EGGf>twP+-cWlE)386`w9ah=-khhW0j(PR{bXZ`Xg}y*G3jGs;_1P3d>sU zi_2jm1e;YNd>aFEn05#0LdNPnj(3xd_H~J?cX&REM_`tZZSIi`w+e=xV=-S!Wm!*8rY z^f>yi4L^vAwE4{C99cN=`Zb;Aefh-LT5C@r@7oZv1KbOb z5HBtxfwHCE34>R6aP1Wl{w7s}3E`?dVzZ~mjor_N^H-Hrf^n`Y0M*dF>i+IX?cPUk zL6_6Jv6Y@I6y|dkJk94*o2@l91HVS<-4d;#&|SvUs98PJLr05j3VOq4UFoiNBoNEM-$EEFt61I+m)Ny z_h!V`%+`eLGj<}Bbdjuc7o@2-Z=+CGm|?^W4i{&~{SS)(-w4piARbA2<-s>XI~AfM zB(DI(PjePa#n*9Yw2N~qa_b22kaE}G%kKIW!o2D!M{f`9|H^+K>nwkKp!_b20Q+L< zmI5*5_7blH#(U*OFi4#{zrHPkzhB`721kFxD;Nl1+zM+cTTM;Bo`k?Cp7C9I!>pO= z$=$D64VdP&M`?P34(E_##qDo*4H1nvdA}4avZKymJl+|d?3&^zlndFC+{X_ZsmtLH zv=qQJRYtpr{TIj%w5JIIoLlP_R&oujNk!(Vq7FzH}>y+T+7c)eMi4-)fpAL7fM`>v&BrJ z^1XH)+UI+>GBOOuo>x7qui9hgJf50p{ZYx8ep1=%^*H-5z%uQw(`s z)5CkPl<^8{Hs3eNdG(5jnu!|Y+Ak%C{zv21n`@s++$9WG-po(WxBut_B$%bF-+~tsLR_LCUa(m zCCg&mJlp*aO^&4#n|K#SPhFYqCQIjAFCi$7~jVWsj^^t%r z-=i8(m1yegV{ojxZ?nX{pte<>L}%lpIjce|%D2 zzd@Z+3dQ@T+62cV2>CsH?cIWn8%=F^{|iOy8VJQ+hNmf=SVikd6E!FmE8fs#*$UmD zs*?M{R^pfeShi1HU+=NZ@0_lm^zCrfXp z$y)&>yJFh8o2z&h??NvW%vsZV21w>)jr;U^zbx@h|6;S|CNxb)VZVEK;j7p< z69<&U`y->2H_SdTeFG$R2R|hOBGJ+6p~XQTBCncEDv9sJga3tZ=tB#JgdyiCu&iv;`O z-?Z!Qs#5hogK&;k^BBfo>5oL9)F-J6^0_g44(HvK~2qV*p4v-=yXwOdroJi$h0wI*3f zTNVrzN&O|unSN)vB7!@o-7f7P;;&xruRBs=N2uYk7*;rJHjfm{tQNCpuJlA{N+sWA zOL!?0_iIcN1W6sgX!qsl=crFq1{G`i>srfXw&OnGbZ&c8wf(cZJyBa2f!rRNrI^IC z-kP=oc|`XXsiq43()M}02xYswYVnBQXV8--p`tTf)^C6O z>&V7PQGsIT_-Q(IZI#$bhQPK9n*Q-EfWA+hNRp6x;jnEtO?1yOn+U*jLZ+7A1)2ar z{%7`|wOzk0Y0(#iO|X&f(sxg^Z{d7svCLz8rmw*IJ2}1c_qQ^bqal}hS^mxm>8X6y zqK~z5Rmjm`O4OdGjcI(0|HWyofD&CWyW7^(cu^S9xmpecCF@Pus2A@toUaWA+Ib@7 zGAcLyj2U$SO{-|yebV0j8%JKvMfgYFaC~`5Ts%1`X5LOg%T6eOv<@OVlHq>&4G z*eJb|kZPxa;5v*t{T6Qc%*g!Cwsnr`}r1!mekRh#U_~1mUElb2@hU30PNh@PbY7S zks@fGz(70!cTLNWZ0Ow2LfISP&eEog^xF;lv8pG`Pog^e*s^@*J0aSXgH>oIuaGr> zf!zVGa3V)J$vDg>t`y1<_??%L^IYw#cU);aiC%@3`X5%LOLu2l8sJ5X>c|CfD3J#% z5idrNiEP(yH=Xt6#>fD)b=+H90T5J;B?uR>=7YE5DYEbF9t1%{?88fuy^mXy^pUI~ zf^#aGIxUQ3x!LKFmYh<0tPE*pd4#aphwkjOMn^WA6M-0R`H8 zzQiQKsNL-_@tFRl)2?&~D35ucS;R~UyQgYh?7=k^=YAhJ#-3b;$^oLr>76RM1y?vB z9Cr^Tm8+Wa831eJfRaI#RH~LKJ`T%LLg@e!pm8F`I7qEj6j1hU3VtOD7*pg91DbI6 zd8wB*k+g`xG7^CH#haJA&z><4jWfH+@pPJug+f%vI4Q)v05EQy6rBRP9j@C%wC1am z9_vLqU9tB4*lUiu;O1#IATXETOuc{Yhu;iyOkBBYR+Lkp;VXMgFfg_cOZKV;Ou_7BXcc@mK;fR{X4K%URg&8j@ z#gI~!hgsa5hMCj60xR8GjVc| zOGo9B14v-Fb$yy7ltt>vH!^+rq&k2lo0#BWuMNM8ufwiwS!H_|h2fLQ za$n}T_&@^SIMuoqAduK!vs~{f;bN_Vize0JT27rr!Ta68AvEm2Cd=LsCM;c;&$bKn zuoQ6eD`h&yYB;Y{XwNf&wv)_RN3M<9bQn27;jeJHUeY`RqZ?7Y-HDSxw=JU6_))KD z?ckG9bur65czR9#i^u0mD2&y}Jj(XpaL4>I<)x9zVFQtqS8zn)S2az$IKW2GK>o!> z*n10Ho890+6aWs$_bxZUSUQg|Aj_xgiyGX*04rK#B%;Vm4-NsEOPurLL2%_ zwV@wOMV6R(fHNmtXftw536C`S`5fP<;&EB(d470rctA@Z)yzZzw^3qXIhENYz`Fie z`oU6m6n8n``j1Lz21>ew`%AxMR5yodH8M)xxHC3D?%Mr+U4GM`dpC2C|79WMupt6_Yl41TE*dp`E zWep1EhuBu_jg((Td7w!X7`15T z445sj6b2fI-azJpP4NKAM?HlAIkhaK8sz(H7r?68$0ek8)p)&_T-XYJ%!)Yb#J52Y zVXe@bL61@pm=&%!A>Dv0=sWow+@?TZog(YJa>VU;O>)Z#q6SL+ZczPwUk3B7n>U5$ zZfQM*LKYb$r%5Q%_H`L$K&y&nBOGzQ&n(A5VKQylin* zhhaR20Rf-N18&rDWlyLSRM(?R1;7)FSUG%}ZWWpx~bi4mp4IJW1bL}Z0#Fj+#sd#T`XF)X`p&-iHp zKA7XPshTpSsJI&2Pm8eE_n&;L;{lgXj+o>^r;^Wyyk#N(CCZ#dUjGrMy>%s}Y691I z7nCWDPCfU&4u9Bv7Yc;5U;9xuUU7H z0Ha{EiG+5NVS$O2M73-PzI8RY*XRjwqxKAX+gGqwoWNGV^*LtQ=+e?sawAmNb6;4K4@Sg2}3fQ^+ezs+g8Y z^1B;gmik#a>9#%kqS2)L#@KUNg}a=;d=;gU?H-*~fQxI`2i7)x)H@;niiCoB=onn4 z8w8VDBY*>4O*aBcXFEtv&%lMz8wofh0@08{lll>G^U+EQESOyWq`R2o;m6?~aLdkw zM#1Ek%MM_D;5EhE*N_FC`uYLdC#*KJMKziD{lFy~l@xaEd0{@WI`p;EP%Z2TT5hal z%DZ|S@7>l%8l|4kf2o=yF&PXc1c|!TfD>~O1WFX_*P{>EBZVdpmN{(IdD=r>K%p3| zXqJhmV3%hEIw~IjZJmcIh>47|7(x&MCf!B_;G{`;}YDAoR?ZkZFsMP zx<6hwsE*bF^gj4p)`~X*aB>+LQQ7YkRIpq#bs|2D{E-6^D2t9T_TLAkP{<7oXI@N; z$Y>~hnS-T=o%PS-Qv-p9t;VzsA=gD-i((eQr8&$C;JUVWX#FCk-=UFNGGA{51Pce~ zy5+TO(0@b+Uq-UNdisouNy`;2Io;8O!C!^}ODnMe&D&t+u$5i0hW1W zS-}3sG6djr^RkzVWEfsxXW68Q|7S_gyYV|QHN)P@ueWekFhQy7r*)`*GYb)BPoaM3 zLa=|ZE4}Mw)JnQfKvdAKzK+gcT9+OH)FqM|LwC)@Z@NP&$h=wTt=5&@(Wd(2GmP9o zsiL&9jC{auT{py32>$aCK7e59@R;JM&}U^RU2e#~P6n3jp*My%SCT z{dss4@GoAXFdbBoc^I!M6N==&2n>!~Yp{keScA&pQ32aO`!Iq5f}Rlgyu5@qfgD1lEB4VJ$dyj^Ft6ai7+I`53JBBI~-y zo9jYakS{}2_<;$xz-aOBwd2JxKzPO(h-PZ3AVjr#iv{En<=r!bdJqngWV3&`0RNZ* z#9N}khvaN3G(S0%2C?>6%)Eeh>Vcpv|FJhHHiR|25MaUe8(jAP zsK$~ID9*s*8AsY2+68I?b2Ic(FY*4yJE_$F;!iO=@2 z6%Ur0RRpOWP*spUgYrL?mxho*fy3cLjPdD>Y^`W|H_Z5ax_bKVRSa6`4fd$yKJw#A zFhR?o(wJNHkNkz`f?`F@?^EjGq=J?>$B6yebbL0cs#qBMHc33S#^XPy&7UAaXB(YL zHslJv_A4b6$%)H=O5SuE64>x{A*;bZ%7O$U(agx3A1l?Oqs!Ur0I*bH1z2^3_o~SL zIe_BPa*#DPHnI~SD(@h+nD<@O#UQK|w2hLC8Gf7)jN znLC67zFyhxt-61o31tZUE}RHW?#C5K;gSn&F_&Pt52G-PzKxnE=$U~3yW$QFND0lb z{_+br!k4cG66L66%kqym$+l<$)11S_2*7Q}-CjW6Xp$+4`76z!k6$TtQYYQyoKi)$ z3xT8eH%^t{UuO>5Abk^+(qM8QgRva8yz&#+iXor842k;NWB5K7kzog7cYPR7@!BJCl0Zqvt2`_Wa z{A>vOMW!kIe%G?xGiN|w8`C2C@ZT;pSE~Co7raBF*VUQVFIe=hppFVc@3p~S(xcF| zi|_`SA%{G0qm2JuH*(Xn%XwK^$XoG}41FFTF+u8Z8sn(c0q=~k68&3$u9@Yi9&j9^ zYcF(dhBD9lt^(ds@n&`L(J2mkiT#)4R>_Iz!z$1T91$c$Vj+4e;MZzwxI;qu6^~hR zkxxQWb92y!Vx$Eb1lgwX?iF~agwPN$)c;--0aK{pb>s7?Dx+OQS{Mo;H^;-xNxV-T z_@m7Txs)C<<_+!y3YuP%9|aAY_N~M}QW(MFS*UJwcZ)#&Ju)f9$K5i6tVxw`p^e&U zh)&by-XgfIrE;%xzf<8?90sw~gG2p)@ePpCDh_Ye|LcrUN_6!>^xsthSR}Ob z26)E(wpf_~S?$@k2wCU93(W{{nnOGP77cya|9=v#Pj|BNm_ej6>s1Z!;wm%=mn%aK+ zQ7;@gJ}&U9#=*~id0xz5m4vm>df`-XCzaNy+CSKSs$qPlUc%?%kjGlWHfFgw?@Hfl zbW~;n#3z&&>p)TX5l(`z?AsUMA&Z#C8XA36pv$JJm@A%)Eex2=!9bxR|T<6v{`7hu9y1B(|`FxuK+mrZT-+4k+c@5Nbn+AZ-qhG(RGy9&y=Jj zmql=oZ`&TcUZlvnPtqX@qH0&_E_Nym_){iZVYw>Fl~R<=W;IDvdwDLP+i;MH-~lV$ zMmzV7yLVVQ|ELwLMVidFHd@jg&%w;O8yJZ`HOtA_V9C5!1}`^2Jb+j3fWoab=il0< zz0?%!XBWH^BS2`61(w_pS4;Us+Z7OOdIF%VXy-` z0X6liz^Hl)q>l&&`)tk&g_zHhbd%O@n~`C!!T)8^_5KOt90Cx=u1s&H>Hysuu>EIX z;NSMI?ZE3i^3v1O9fcfcj4uFUcFIS6M;@_vc?w>R)M|LVVR1~j;RqV)&eQEQi0TN# z_3P+}x`tNY3)rn7sM2+?n@Q<(@Y_Dx4(+Ykh0Uw0dYE1!uQHp{DkBH92zFNAP77dID?`j z@GIsa;8&Pf%&$3+5CRC;fFVX$wDWvI)~@S$$z`yW8wm9{Vd|)a!AUg4FxhmdUJgq` z25^0qWZ>CtR8-3j01>kupgToa97XQ+pPR=X*FFK?uKJR9QdtML{C1CMFTU4D(MF;Ifq< z2j*{yB0i?Fw+Wki^be^W7#lI@+4z76Y!@a3(Q}jT+#W z!2VKCu>vPlnZ_(&gR6iqaW)ZvJI377_C3|UBI2M&v7?g(uU)BrtUVMm&T2@G>h0}a zZ33>mN zJKnEt1Zvb^ZucJEm(@?cJ9xn*54y!z^t44#|D7lhWt4fXOBT@R_bmu8ClPUn?;Y#%tccnMwbxn z%WHSv>VfD#d!ql!jW&Uqrvq6!-1RBq+cCihDjt<$cd#rGNvjjjLfrpp~aqN{) zb%u06lUjmIq)iZ)Q~|7zV?dGpbn26LE!YLXFaN9w7yXcbdS^CM81=^IET+cgoOC@< zOKE-lAtA3?WC9h_+b1=`gPB>QGu6Mw!dsXtFS^SP#Fgs zvg==6LqI&!*j3S^r!!tk^RTx0Bf6UdK^f{um*(T8+kNR`N*^q1U0|Yb5KI<2;2B@x zmGs$}4OVa-zvHy>HP6)_1d9;2tN(BRtdmPlnf&5X5^xzhBWhk*cn)}ztDkHKMtLK0LJ}vxl$3Hi3Ht4He4^?} z4~P}AJ^Bh12Ts8KmI$yuVe`3k@rwPyk-`VouRYP=glN++=f4@1g}+4q?}5d#mhCxW zt`n9c|6fb?H?+k_qRAep?pr@jH~A|?X@D-{)=)5TKAcGnKX0T1>v()FT{3pdwdv12 zb}3sdHJ9?})hV!Io|2V^rO-z{Or}c*$LF(n{N&dWmuJ(H*KPuE^tnx+Bttqd&1Rdv zF)LzrY257^Ms+-p{;#J@(U=`n+CKB|jJ>*?$SSiWN0)A&WHe(1b_d#tXXc2n*oenQ zaZF+xAbGDA5VQ?`={|hI*hfy(U(_e+-0Z|nS4SG|z8`&yB455Q+K>I6Zt3D%4qm5{ z(jh~|p=|I5Y4RY5^{Fo-&fWpHm6A190I?x!2_e3ExoAH$pY%YdIo-A zE9d-hV(8kvvO3OU4PN-wM77?L_m+-LN*}BA^XJK58(>Myld|39aK+p2@aFfUYxg_rQ^Jz|y z#UxR>0roO|?B2UBItYDgmwdq~FVkX<56C4qlKx93 z(3XyDA#$mzw4$h0a5dY2hWPmJ-^J1A8`4o8|KUoDF)hIGvvC<$P<{zl8GZ#t zN-j(!MT6(DWp+{Buy#Ik-p@ zho9@%J`aGO6>@|sO#8G0<$k9*3@#E?qfSXWFa}Se_bb)ET!_FLG`x^Iu)qtw*X9mh zp1|**ins=Nb(0u3kaA}350c(CV}!EtARVB$eASG|>1QQK5bU}!cOYLZSne{_uw}6a zOvz(nwUf4&4mgcsuyeXbtkTL{=B)vHI>xi?&YKk8bviu`)W*bnYo*sRjwbK>Nl1vS z?RqH%!I@;;|7g2mUEB$T!kAfhO$fcw(Ui`xP<&smwpLmIbkkukEKp8^Ew7~PHu`0T zK1Ol*^^`M5?t=Y+eYsk4S&ho?L~H>timt%&Z3)l?g}sU+uq#MzKpjND`Ak9XFn%Gg zf;n`vT$@pNlQf?pB2e}f%G77a2wTdbGJb+<-`hcbRjW=Po%WHI2)s~mvr(?oHO z*dGKB>b}%Vf!MX$&N$|Y zOgX2Gx9{FdPuDRqMfqsk0>2XYug{k;VC7m-H1AuTzZV;GW)wL705O%RjEB>z;0=2F z;!B8;=$;vuf9N+*CjfHD%ZNhAReE{vGRckqPhqM_-w~YYajL9}2S`mrf+)=m;Mu6pIs_CB%v9CTix(Qbhic+9kWKO0Y<4h}`#!Q zyb>~}{TctQ`jWUip)$m=Mn)iJN(6K`zwFkQoi}UK z!>y{bjn+(?;PdLsAc)>b1`{l~<`*AuWmX>4fk~f0Wie%WGQjeFpu zD6Q>f5=tgTUmq^`u}ZD3-!lDkBpIiop4GTni3w+|f+Ap92O_ChE3FGJPxhEMzf_JU z7Y4OK4BzCL(stwb^Vbg^Lbs5At7xkkR(fVX=`C)8lnf8Aqo=(fnvhMyV-R-h~B zJc^YRb_eYiHS!SiKpXY+GVe`^d-O6s!fTXArh|GI_v^UJ1f&+qkIV-YY+t50Ietcd zc9du)8fBRH%DxF=l!mHBy%r}me}Koo)@%e$%!GG08w1S_yZidHvOYF--YCkoFapPR z03C$!vX&<0eLe(CT8hFpy@A<)0+N{}m@vUUdZ)3+2ZvH{IG^x9-HzwuBsjkDylvZ7 zZqw8zCL;?YLiui1|C$_!lHn|Rv_U*TQF-vZbeQD;g?NqG1^x^F!tFuQX*?w<5H%7lTHFd9cpj06&~7#zMD{(xua%!rk1l>KxWZP*)0qZrcjrG?IsJDR8N z4CL%=op>MCgMda(jRj2RM%OScY>B#O3bBl{18QaO)jLV;Kunb2GMDfd2hMkzBhmMD zFdP5N#DD=ZKHTz4o1n3BBQ~Cf**mEl$fIyMl#B~)Phd;16rg5X-fcv3*u0V-hr4))@ZPf0TSJPT9L=gdY`Jn7 z_cC?FIQcDJrk|Ba$Yp!czvT;sJ;6Vpla7g;K>XdeKrr++34V6nkX%$ba;#bNA><2) zT@e=nX>Y5b!BS?@E&$NOw`&)@fZgOku_D|HF{-{=HU+xW%N`3je{9k15|b`9C=&>1 z7`kjGKpj#UPOCbKSW!Gzw9-bQ--65-=e388bgb3Aadg+Hw(#1;>Rhb1;LrVJ&0Iz{!7Aag%58`7LsB@wMq%P6Per2uIT8+!G7();EG4u zR4vI0ONz@YHy8%BmBb4w600Ol#&}B^M;9<9S(Dupf z6QN}54~2RN{)m3VlGqY-DemA@1{tKa=d))J`@__&R)WZ(Nk5DHV%0=``F@1O$+UhdDR>IVDg-`BL)nIBVL`k&IJE;Sy;NVGeMirvPw z_Ap9tn0#oCIKd*Z5ehAe{!|>!u|+C+(kEAT1xGQY$5f7K!jQo~4?xJ}ln2g^Lvs4c z{>TJo3uZuL!u^s&n}#F6EHk<#$?UhacngQb9-WvgICF+x!p-M<*bC!ofBI4nnJ$+r z`030?YxPb1S*ZX%_hk>=5td{#CZo?Q(TuJOyaI(mq3kSBH_e+HWECBGgF{>aTp9G8 zL(>ypIK5}avI6efDfH1g2gkcXkykXz^h5VZ7q7C@k;DkX9}X;Q%RQF8!B148REbyn zj9H@7i+*)f#yl0>6(%bI;pP`;nB^X3Hb6$7smt<8{(9hFeyWgMq`ld>KbjfM8@^3! zA0>DB6u46~u!B`}BB&%TefzQ*Ev5?2RiEkEemd5;kD?#~gxkO4H0XDAFlxOYwh3#a z$NeK=uCHR{5au@^pc5XJNlQ)r?z6u%@LBfRDB6_Z_tB=*C6r6Es0)Kz4ruxr)w)d8 zV9t6vyE6nhOL(v(Q7l3)YiG21&{VuI?K?b@+KN2X+DbG)P_r2wqsLPk70oZbxVwN} z2%x*m`#aKuc_hYT1^w9P)6FJI6Om-#X!E3oQcA>zCiIZ*@;YC$nAR6ke1MJk!{fQK zpp!DsdAKrv0fb|_yhU&zztdrpcOG9fd!e5?@12Y#xnaA?95^6%qH$JA9>!?)A#A_z z3QMkwhX1BS{d3 zhRbR~WJLUviNjB5Irbm7rIa@1li%WBHCPPT&*Ixm%)A=S=pOd_GNWwGHb3}gpCEta zxab<1C$W$w#V^tt|4uI(_FZ-%@bmm;&i$v38W-IFPJ;dz-hXb^HXQCGUv6QKeYDh{ z5m@_d%-tUJDq7#Z0UP)0W+tVzYi*TR8TPi`@Xb0a(1Ibj})_hYF`HbzcKRAX9cu1$O4i=7e4%0>{>>108IQ_ugDl@qgVfjhFldqf> z;bzNFK{j}8U!OAn0XE+UtPXWeULnQ0f5$_?IBQ-59A6KU7eA~k7*j0%X+zqZ2~U>* zXEFQGZqcK4PT3K=EWD%V8cj*u`>A43=>v}8AZ$mMCK1|s-BFvE7O@D`^BGN)6Bk$&#Kj|2DKsV&@c_(p)|8Wfm(osU zlp0jH-hHBS9TRiK)NGs0ZOPP9+k%zs>BuI${y35P4_ zAM>V!hI4=U*45hmL4w7#g@9Ficn15J&5Z{ zc8qzbzE|p+M?+8q&10(~SIVG#GRuqZh!)SVbH=LJX4!hKAs z*ED$86f3ox(3wqX{Q7JndXv*q1j_IJPYa+!Od`akqmnRszO|x%cN_0P3yo1CxavFN5y>T_e ztV=an1OXV#Y)k$M=)$44}xe&Z5RL#r*ImxUO>JJX$mmf2TyF*~?pWWvL|E0c$k zQ|n`7-BOkM$|K`FSUY{cdzD#RF+J2>L}j1rtA*?HcrS)*sPnL{bjf_f=m*<54-#PjU}@vH z?Q>E^>j{U31L<4AACo&DdY1RvxT84hzs|7t(70(HKKAAFbPRgC@q3fgRmEfWx!r61 zvW0W5CjEB@OZ2EBCbAUb`b8y8Mv6w2wv?BuyN3pcR$Z?@q~Y)In*a4oqrc}vRTW4w z1Nj0}hKbWpO0pW{08aQ;G7LbNy6>)L^=FtMV`;|v$1@s8VGwN@S+lq+CbCcLpo5L? zlT0?>kJYl>_e`DFJ%~tCg;`9;Kh=o`RhOyd?7yR#tm8l_?h2W`9>1PDU<+C1mu6qLI8A!PI1xJ#96}W$^0`?J!^v$QsMxFmd56T9IEU~;d)U$knRxu#~bDYIY!ar-NZ?2 z0FPGaAO#FWQF(P28&yNoEcei`-%O}pV$qY5a7bJ*(n;t)AOsHJeh+c1I*4CqYLf&_eYYvmiQ@7_3{=_&tp3DZEBE6nI1 zBR?C&j{IQydZEeV2`R+k`$5Ze1Umho`(Vxk-`Ys|sn(jd*f>y9$1?rHZ)S^NBQ69E znxdO|<6eiL#S1=t@%P#TQM5mG51Gkdb27YmNg94YFt_%=uLtcZ5z+H)G1SR_RmN;o z<0ix5uHQ_DrNrfxV=%1usTXoF1$VELMeI%%x@As zB^eK|56i?*Fyb`7Gvkn^xgB{6H zyL9>pR0hb?j{$AGkLY)G5MwACSA0Jwmw}1nS!~McPC}I~ky7UJoT8bsQGu?X*w>ZB zX4nBTB=>7>B0@I%9oX2`xlAys`C?@TIW!G6-(zqWFlD25<$MC!SbcIgm`tqneKu3Q|T#B_SnE>G`1+G+q;^+iEvR}<%MCV4x)CVxer0?H} z_QId9T;?V@@}awS$+X^+BxFa?^pHjV=SeemrE}f6$JIX;6~v~^^_YnzhW-Ay?nLO| z@0BPTkA~%9;l+rSPz+opdXQH^J7i)Q|2c~N*Yci!!@KXL$(WAgwrN?%!r+@4henH* ziGg@adzo7&*zEWXFvQ1tGmRS|xQapE0fCCwj@&T+cYyn8YOE=*WvBix)lf!sVqFg=Q$8gZ;*QtREU_(8F6B|HmnTzT3V2hp{qQ7vOPKq^v>#t9~Q z_(iSQQ7$eRuGtUL*$dMtsW;kXY4ub(az6`KuGrA9$Wch#hDmVS_8N4b_7EUC90E%I zHt+4vcgAs&N5c04i;o5Tv=kSz)SA1Y$3DxG6H(jBj?l0U-(`OWTJAynG7RI;dq83z z+c@{(24+k74FYs|1RNiOl6F6iSz@{wz_K|f@XxLjmr@Q--Div*ZJHht!VuRrYLN2yR{NJ0GV8}?zr3(q(K@FQLsUO=|mns>-HUlDm!#f(DPgdMij*@gBGQ=bk^q#o{{58us!A~}@0mK4by1qY34Wj({9RPOBmZN2x zwKtMdQyKO-G$oZ!cdVlwX*2Kn?fbYv0g8wG&Mq5v(EKmpW-B|)4d4U~`isC{y!Nbf z=fN}Rw>a+$o~4RGgnhdHB=CJrvD$O@uy({T6YcKszP-B6(OLBlB(+_50~Pn|D6A}n zF%#eaN@~GQ#%TtRY9~RF@X~?wX?hI@WHfg0NP!f*I=zZsmI@E>o+o1?go!(d3A=fwX!c0I9oUCH^bt|cR-Fws=5d== z#yy+%(xaVD>8>Pyqn3ny{He2w2rH2J)pxm*5Bbe6w>FCC+cjE+MEopHFGnJ=qtdJL zRHJ2&y#hjc*v5nl*Z0@h;f43&_+ZGG(a<|p$mOI4ShLJ1nVw3v3O-ALcB130%3Pyf zPzlct)O(vmyYNB3(^zE@UknwkP!RX_S*Ox+Vc2dy5iC{}d_7oBz=wso_PA8!Oq7oo z$QR%KxQ^k4auHJ)Bf$&xKNyLn&mHksg+K|=E@qiSaUInv-pJdjj$Ut#YYk4w%A& zSXLTwdje}8JNAsh@b}+N{S#Q}C}3JEQK`D)jC4$9%|8Cd*BDJ`U6TzgWBJjA1XvBAa+&g`e}(Ol2U9f363RqIQ?&l=mE7D;y=^0KATf zN>*4)rpeKh2Z#_qDzvb(N-GE}kj@321|XE{F)umSlf&tb+Ze12n2QioZ6h1={LhgH z6KWTd#%#Rs%e$}YF+t0X%l?C|OXu0%n1yvW z4lxrbRq*lonQSqdwU| z8jI(lt(5FJ(J%fJMoT}XZ$qV51U?1^)tq)?-{rm-)) zN8D*wj|x<7r$#Ik$l7>~J?cs!K=C>dr-T@>EJnIzjr|;ULRDE6k3Qwt zQcV)JP5!H=9P3HDfRSvKqY6Wv=6#fA8i7Y&ak1;j%$3cb9AEOFYyh0vZ6tCdW4D^N zZtX7&3RRk<4lHjsK=Sx8DM;#|qIl9pZg=4%%5;Tipik#RA>$_70sIL(4q>AV!DH*g zT1cK{Xu|=HZ?N)pp!$;|PnrsMWUbg>$>*am8Qar2-IeXeg~P|}_E{L?NvPD*#_m~~ zP~M721=Jh|>i4eqg}(IMmlR0v5`9?k^DjEY{sY@QJ+CAJ6fqr@$Jg~PqD$%1`~Qhi z{(!8}GYRwadE-17m=e2XWUgIXJAL)))owEJYx;Ek@y-4ZavTs!!^XQedITdXP1NPK z?g+0;Z<&v@wUsLq9M&!63PTm+MakkP?xlGLOl7%<%CAh_r;4k}Il>`BZe^M}kk{yu zm*gon0j627hBW1hRLfn8INCs*#^OjDA+OsYt&|3;GX9yqu(mK#co2F2v2Z<9A}r2y z9&%Q+3#Z`glcQki6TmDuXi?D)JtV0dsF!C%I9k(&HEiyiyp%j7B>5%Z(+y-F1J_&Q zsca?>3+|-wJ|`vTb-6-scowx8^}-gs&ZK&5=>mAZg0w2SlCWxOThe5{uha9S20OL1 z9n49}AyQdPh(Sv2?qAoV-SCR)USckFHe*9EouOxAq+Ph$AK=a(1GiQ3#>k4qR%m$>QAn=M@4rvBOZ z$dJ$8oJ^+|3z=jwJDwMcITz>!%%Bi66+dh?*yzUj+`@JsPgno_+ifYwpC5&?@lN$Q zTp8u_humgi^efg?0!jO~ zM2S*bHl;*D>*;jOTiHT~6H*Lr)l77;)V0p(ZQt=jzijJ_iTv^$V~li6;;lZB7CtPr zrO~#7+heha+fY8f#W3H$Y|oHnGq)$OEL_=chgw{4-ZJ)I?5?)UX$sYHewv?o#uRLJ6M~#k-iX}smtgFC+pFThM zU`=jxBK2j3q405W0?{rf6zNpx z?~uoJFYrd$ZGz8Q*|;im>Uh5`<=h`?LNAOWFPSnkze=FPBLvIE3J7hzeJ^50w_}6^ z%#7PE$kFic=>oye`;h!A#$_V z{ddjW15GBuuzyWeZ1tS&V?zioIRPANqO^4OK5KBs_sImO^`g-q-v*a^a&_nl%_tUJ z7&ex&T1ENxOCo5;y7lquSG^~Mr43G2AIh7t-{!{pNr7WPR?Y1o=|2c_<;26MdxjVr2#8z(BnP?u^95%*PN|uHA__0DCtZ&ak+rf zUX8xTYr(g!W|cXE)Nv{8kOtWw+~oK8R*805fc8j1?g5Vk)Yt9L=h||BxTq9w>crvZ zgmI0ESzu~{AJ8Utt+hKQ$pmlT)SdQJZ~|{RY0>O~X&XHU4zmaEbrk01&8vy-kB*OT zx_<3i>`*lVtcUz=UKPk9aa$ODXj|uiSl>TTiasaQwlJk=+*L7T{$m7?lJz4@EOZip!3G7Fjx=4X)bk*2(t{&}gdM-60 zYf&U&76OGgHb=@|zu`)7kEo1;Gxpg{0&YO?=dLgwf(TIu2I)58=pS6XD)`sCEI4)t zm-*fV;+ol>Uu6^A(}lq*9xJ!p#pq8}s-%4w3 z#i;*p5)-3mc2RE8K0emtN-e@ zt(de)^NWkSJmiO8=W_yk7u^roQ3hHF&Y1WPNEJ;_ME)v(n_2K`FL6GIkxZLFqe4Su zs?M$8jq3I~rYEvWQ+_dOo0U6)olqLgyUOz^`krZ9&R)aqX?m;2O$F5YGbRhR-+@|V zfveqEDey8;nNdDXhA|+`=&9O{Tx~Oy)+Nl;!mT_{ILCQP#(enh?yjz> zp0Ae-m*FZftHZ%8HQAwDcsTPLtBSC{?XO{}!h1<#Z1(ZntVCz{kLao)YI$T8O=dMd zw?BU}tQ`bPxa_p*klW5bt4R`;He+FoNX^fEPHC>~lIDk2pX;2W@`f`y7|~38d}25G zf(LUsSMguLl?8bnI>V7K&BrNZn!jne5BqBXK*2&u@nSYB0+Hopuz9BGFs66NMUn+e zOR`FHxYnRGjAZ}$YwAEt#8GX9GPIK-%zem@H>fU3BVTcUWPmyXhaqOFOE@04IbkM^bTC;SCXi( zF)~SqAaPP3H9SXh{E#sYx}GiPbdRFVR?K92o7TRkdHqMs+_Pb3&0Y(HOkM4xLJ?Fi z13AlP12sWc-XrPI#b>BCln<9yg@HbIUC0>LbeakUtsS&ZI`9eY9#( ze{)OcmWRY-?s362F1oa0!iY`Ba1$7pWYdmgD&JwY#GHaN4dJ@gnpg#XDrO-YpMo3o z;p#szpJ*VIGX=ADzt!{XIBRN1Sn^iP+oVBuR6(?@d0sg%i$gEvzr8?U?4lapI5&cg z2s!5QA$BYHVP~#!OsZrx^p{ODx-vchdgUOrJ5gisF=`FHQRn(t-c zvz^XfMB?|o$l;-eCNcNHzeRz; zs5C-8$f?a%`Pp~hVJ=HuH5yEFYCe2s~qdFV54yRht1_|b(Y$z&^P+sIvKa$Pr&1_`7=I_&n^Pv}D>Wlz zP#V2+_tGuV7bRn_Q7)eKowbJLQ&-Z|(}K2#j=@x^d4G1QL>*qa&hG|DNMmj5?>8c4 zgY~b-W`d0(%l4wAX;Hf_pw*YEM7+i*!wn}V?WA(ei>P3~KVBJKZtB(|*N*A14Rv>w z>Kx)$;I;ADmw~I8M2wLB(?Yg%UaRPLvg6_rO~)gRQZd%TMZ&Q^-sk0U9WQfOb zXZ5n;+~0%2q<7VXP!;y{zhCbYq+doOR1j-C_!~t?qj5>H-E5n`vGs5W{*rjmyCvJ` zkeV=2iH$mioVPPJ@@KsFuqs)`oIfP5+`BEvE&{vp13ZMWr%%dxr?;a$ZEmbHe~@UK z-#!o3wrFef!;j9J>4p33HoHwr52xYniL1+eb*y&%G?v=LMF@^$zA5$vRVTv+}j<`s7St@Vi;|$ z?vB^Gx|Z=BbjOC?6?{h?r(jyy$E|QK>_V(*XP}OVdi+A%`b3T3Vo(a#SDK2S)g%&p z5+7wd0fu`lS~@x2La6OWDD-h;^x-JvW3Q{8r{fi?un2<;0l2WUaDN>hWvuz8bG~&z zsZTAwK1L$s{ADo9nHu7AWM+vc578V{!LesVlyhTh|Z!%WPKa93Ho(K8?4zXXk&4mK6& z2Jyx>ZpdO+z*w5d6*P@LI_cg%n5EjJX3`cW5E0m(67^2lk;GfdCZlsWB{WC$f9kPP zrJHEVO4z-LW2lAWue6ogykiW3}o%h~!`PnM_v_=tomBZ=X4E)*#&N6T5G#%FBDD+PPgmtdIXatlEe4>EW;x8*S3K9$}lWj%j$b zWjx{FfaHL~bX!WBvzo?I%@z?86XV_B96Mh869?byZPVf2zKFK?y*RVQDcpOzX>rs= zb`|R@{BYQ~4g>bvdnw74h26&1HwaGFzqI2JIr{Gd$13U0!ysy-IHrW&DG` z<2Ge{hy8n2Km|notu~$PRAxDQ4AUY&V$U+a7BJWlVcyRZaJFC_IeXpudhbYQ^LM;< z)k+e)q;@U{Q_zm~QFK0OpEpavfrv*qZW=ema zn=Ut0YJ?n_&E(TF*4Iah!?G6U=W7s5rP$8jF5rdxuQnj=ZPS!%5P_vEb32J_z)0MB zg;5m~(Us3DBcxaQX|O4s#-a*k!nrlarySml(pSbdbj*Ek=zrQs>z%Rc3Ac?`Q*$G^ zu*mJ^JEg;%!l<6iZGOm98q%P81`q#GJsP|7dV)Y75O^V`@}NX$Km%e5&L1AvAo#!QP<4Hc+kZl3=>AQ zzn9>f6TFOh7%3M|nD!)#vZOpV;UC0DQ+sS#7!R#XBtz zj|0mG^Pmu_S2ILf5f)8_86aQ9$==kt2tBV0ue+5yZ|^`J=TZXVfQ1R?VngWD(Nl;Q zN-#QoL&LsmkY6+pJUY``L{|jh;x{AyXK6o&rhDrw-e@Rp`N#kZ`!@&%^biu2Cgfj! zLKOIfuVXTv71MNLPNYX&WJ`ZsO_>;YW@+5G%`aRZCh zP!eU*N+;?(lcbCso+%QK-r6tio$dVYf6u< zj%4NMrJ9_heS2NL?{uLX=3_uEW-o1;T>bn`uYGX7e(^qL&1!K`H**!t6v<%IG?_G@ zdbkVeIFSK3z!}tPt3T)^U537gdaLm;B30vgnSCL<;6Tmm^l$qc4$mC99V4p`R9|OY z7$T*^A3V(QY{2fy1%G^e7A(kI6dlBcQUvy%GAj=c*<-{Mj_l-?qS;W)7mReSlOyZb zqSRFtkG(srCvbyI?Sp+0v-QZe%BRzlEf?vO-@k>~quvO?TuVqz3&FSh74gidh9-tR zMcqxgQZ%`10=^?YTgdd;fJKgVbI;A}}1F2b=Y$5}hatv!>Nt?Yv*>^Ef zeRYL`f>oTWud?ctc6SB^)9J?k`*ulg)NO>{cJ2@Hi`BDy0I)@5X_DY;3+0#AUgnu& zpEv4QRfeAQ{yxX7btUz&?Q!&jP4v~{b*tDAN@99?dKWbS{zZX5b^1le+mX2%Uq^gH z4E}_OB(%z2d~+J{NiPXvl*!|O#U~L~2miY$Zm|NQ@#lN()Z(24BIs^vaZf@0tXR=L zz-8K>{oO4Vp4ypfHx9fy4u&ZkbCS7Kn{u#*YkD*0b&RWv(YmxpQL(~+*Fxs%`;5yd zrQ#aWK2pQx+IN(FN5EsT2x9K!|L_Vc>N_*Q;ZNw8TngVvd;^1q`1t!3ig?LRm_0{n=k6QmRMi!=1%88cUD60oL z*Cn^KMqn;sv*P7AC|W7};2A=YPV%%&7EEbk^jKu=`pw;WR_dv-X1Vs_mQPCLSy>MI zzk|W$^1uH8%lEG}UL`MyFGBB)Liq3Su$aQmVp0f;jGB$oZIvqB!;l6JMr*7OcwbE% zhO(W_M5}~wa)WscH%EF#e+g((e5e&`I>jQf1H7dLb)f;T`JnvvYDgTlwO91UGY zv^E)+eUK}77q@BCufF$j>#dn{%4#^iHP(t>2fq=qPtCd`BG2B;X>sqc$UaU&6#SUY zOAQn^j^p}_ufqC`edeqj8nE1BajGQ{djdjoa`Hr79i7h3uC5D9l7Vw&uxZ#9{r8#< z@PP8Ov*DhbWg@-yU8l*iTNlC!(VEe)khZwC2zTPpyl9?2iB1Aj`8R6`w(ZVpKR><^ zA5;Y17Rf$FwSs1%SUHlTI@aRh6W}WOonj;|Wyq~frt^KQbS=RwVZQy9u#a%nqrNnQ zRQxT;l(4uY`e<4(v%v*o8g|1}jBEV{Se(>zVcK~Q^A7UT#)B9MwY_ZCB>;w6*#lg6 zQn6ewW-5FnxniAxIw2lLHqGc%c!g(#v#W$n#i>M+f00~sA8@qn^I?^VaW6l3-ipHx znNpea#Uh3@PyPk~TYy7TPiv4VHsyn5_0vZbn#JC#*NP@|t(ibYG}oo-_9=lrZa&Uz zp#I@GRC18oKCa1oVN7EgKR8IRS&aibu2EpYFW7CsxIE!JEk7+FX)k|8zOqyLFZ3Nt}y`Y?X;P>))nUrJQk9;{2^RdZzR6 zG6)tz$d$Nk7^~6M)#ddiSO4;)D*2zyxf{xqCIP2;t>7w8LArYd$;bnrd{*$IfH6=1 zc3vjCeHt5tJXWHQt&iPBNcfsW(?N=9iZ7SWZ(xs6K#on^XB6!E-Nm_16MKC~x~3|x zP~$Q1&zTi$@RAuKhKe7d3_y{-XWDuW^1GSfgisoYF3{mT0y~3l{cyyNa*>Cd`5LH8BGm9D8jk3(RdZzKgCW?nlQneSQN$Wu{kGW%C~p2`u}wz5Y1j4$_F&rr^1TWWaHuo$+OCZHl!P{F-pD za3Fvvq$uLzm+=do-QDb8C}S1lEv?F~Ph-@Pw;J5?D&i+B6tE=B@-BfD9N+5Xy2HXN zm#9L#8rr_n3b40nN`BsqqTg~ozt>x}XRebXS8!!0Q|^m!Ro$=I2OZasC*>!f-eSp; zMp#edCI4EG#a0TyJCHuXO;3MbD`2!NN;w|2(dV`&Z3~-^w_S5kMZ3ud*M+{2DTcI# zg{@DG>M@#6+nyrqT{4^O{IY~G(a2cW2Jkr}qaL;&9lzN?|uBcW7WguZYZbJv*Ap~+A zkxTk`1+XNm1T6Q+a@X3z&pobjWdF{Q44lT*VHTHWNbBF9C z5jlBf4^`%hIggmqj3yiFM7n=*4TtZw8NX9NwTe9f2DL8tuu2uzX=Tip_`6*WHI=bE zF4sG<9}@6-MZRJJ&p{`x!YAP`5hI(`2jJ#@$OvN;ur&haZ~HU>mv+<43Rwg>mfxM-Q<~_08bF96S<*uI@v^BkzQVBY?MEf z{fI+L*d)x=4-(f&^im*r-}1iJrLji}QOklyA&H}h#y;A? zH7F)r-MqSWfp|wNWZ0ct3!!P=rN$kR%tAh|Sa)8n&RP+SP;Qv5F*3*YzNmKsPGKLlT6~0jqXNMzKv$>SG7OC0MwEvXgyE+p zAH1`Xf}nIb{gAlL_5Vu;dICVME6K~(I15I(slEqi$1AWOks4aJxr?JfXF3;)t&F%! zDBT+0I0%!RIhh#kU5^+UO&O78qOx!@<+ypH03v&GX?3q_j52JoOjyV|856;Xo?4f> z+hKLkc5SBvg`GHF^JeX3xpWvJ+?Fezku@5rj~) z_*z;ZqamZoyggdM&RF&}EA`&IF>*MQ_Uswo^p#pMo4UD%PG9sES%vUH2`W!ZK04LA zy)9~;lRrw4*^0(AzZKfaMYz(z03+o^&EV?nR;zr_q!qKrnKQ@Al|G5CzZc+RyF53A z|904o24Wct7M0lV5%~}D$V`j-FuC@Gvjez=vf~w&TE4utb7G)=Sy}0J$bxR<&(y%Y zU6)GL_3JBv4-nlrIdRSn|HKHAlr8J1&gT7qEr+as2u5+WTmRAJ#Skn3AvnNYQvMIL zQnW-4e~JL~6nZwqH073`bNhhfOmpB8#>(JUalNyN=qc?`?peMvq8roK886YNDlQ=F z@_wozo`+f7P}Zsz_r^Da+5AaQXf??@3MYQc7caWUhGtHh+&okl&SlcHc0w6>6JP%+ ztf5)v%H^MsLo5qC3AuZHYNP)3@o?LKKNnnLwp+E>Q+%>#UVt2hg zH*eaTa-r&~St~7v-od|Gm$*VVg+VJ-h9cxF^OFp!X z?;P}+1RZR)R=#S&B&Ft1{Y2%q=*WPpUcd`1DC^dm3_$H3nHN5(B6#-WH(^240Kj)8 zu$}n!E1QZ<0c;hy$p9z0vu9l_mp$KDXcPcf<@Vsq?0A25JXLAxczoEtK33lD9AP)Q z3qm*V3p_thjeVS-wx(uXZoF2CD$#J;rV%;6QckeKYfkp&CFmi7hr+v&lJEh+!NF6< zn`29rKmyqEGj(+vv#~=&B@V%ocuYE%VyLi?v`XeJ|B!22i-)=Rl*)LsREwgslL0?H zB(L!+9xT5Mo>wcAI6f}L$cDx7wO1D(ONS~b44R24*q@9p!_KdO7(&|MiKaMXMyhQb zlZJd^S=ye>V$YS0m~L^XjY+{9hSzvHUy(zE z#i(?}STasZbS9aP47S{}$H!DwS6BA|K#C<~8Yp-L0!xE?#MCx5n+!gZi)GJK`?YyH zx~~zk$B(2hfMM8ZyQYOei6}f^*ol%rL#aojOi%E2cfv%&yjr4xV5?3E#F!ePY7X5Z z*P^&Xicc=pdXqkcyVin=pba@Sv0~cu1=IK=SzP`^u~Mm*HinCMOfFB+Q>Pz$DUl?t zD;m!~ICo|<69GZW=}pgsRNi?Qo6L@)N|JfAucgCabQubq4xp#Lwhy`H8I^f&gPi2{ zRNc>sD+SjcHRc>t_Y0gx<%S|pqRAE=zr3j%7R_0_0#lTbYrh=1Kv|o82rvZ#wzjrL zBoGzB{OJJm2WimCTzz+tIFlx%;zPBFX)ij6S7TO#m>ec#^A?dqD2rMpvE^AT^Rb+w zVvF%>RY2$;ogj~amSmHiH;RZrdULvM`aV-laSd2d^F&fxg&6vrX}v~|Hwl=qqsHL0 z(oTPdhSIb9?MiapYZfr|E$o^rIjKlp_*(FN6%lPpF}-Gs3_ET4Yo+7TKVeVsRhiBfjs{FGXT7*?B!(ZuR?%Jjf&u`*IQoIUNK;b{sfJ^p5S3szyy?Epd_5T(EsTZ;RPW&n`7oU%3W$~> z_@NbHSnoLdc4W!%%>KIBWnMN3j$zU1x+hzD_)Q}rbG!Ic>17sOoor@Yb&gEVRMvXA zGk!agihs=s)BDh-!!uo}T0pt!_Jl4HE+bRwMwr{o9N?&uw|1tnL&Qx?O#T2^8^%n- zJCG>s1n8WXYLkPXCzE*uq*0A$YOPb%zo~nxJFATsUB;NSfMR{V(lM{r99x`>ci9=cuQ;6{lnqd zw9%^(#|T&AR+56NUU(fqhvL)S5d(xto#|3IN@J^7ot%QE_W?@&w%*P*^3|vwB z>h6Z{iEkhw5Sr-iE4s50*7dXm(3MR} zqVOEnTmJgaIrW_A?Aw7fdSPJx0$#wxW4bv%F(IKXIx0%&wThtEC$OE{TV86e3crPh$eK$YnWWytnA5X|o$Pwl;6l7+rjBWi4AQ~w-HOeu}GP7?L3zMHAw z#r0nvdjQZ81qRMiRhf|mClmSew3vUUiwH0SB>9qb+XYt0 zy`>`X@F8R^#H7}61O&(>3moT|Avr$Ahtt-`garvAYgZv?gd|--jtYi;H}KmPyPKKR z7eH_%W{vp6ak6`OF%pdhMLNEd@^^)ZD8C*lCnob3(oM7n7QDOkv+);BkyLt1QcNEMXuO#svJkId{9?4vIQCJh564>3uIJMKOvO-0P7I zC7o;l8dqt)SUQUs=Mk+|Q)O9KWF|l8LoQzG-(QV<0NXKfs0yVf{3sQOabz^)1VPEm zhR+lv(bo|Hq>h~F9?NBmU+oJfDb3aKx=Y0S(R~6y79;NtiMo?LlF54uyw4kbWOO=c zx@?QJa!XCZ%!B6~=1MYfBk2ay>7P$lb=YzQBUuNMKU+`JeTQdvNNUGQI7s-agXIhh z!Op7{1#OTgGMC39n2SnmURz2o4gn{S`yDB}1XCdv3!Ww8OeGft8mtz1wYci95mVdI z><|?*glQ^aLj{V5_r?-|WRj?$wy3v2B?@Y=x|v$z)THOu^V8Ej83-5&AtoPr1MY$* zX4>K;56>!PqcKucgtHE8Mr%Eql`Ai>MC|5lr6M-GHaA@#9E9j*{1bBplO20aV=Jjv zzHC_MfU~nTy~k6p4Pip2xlC5eHE)ys&OZa9Yr+{tprCmofD+{vh&UNkg-M+&K~zFN zwAAP@7&qxrM@On*jEgA1wY*>+YpWEOwG=_U8R0645uX9B%hLJw}*6)N%D8V*JGoOz?`^;jGnBkD~4k&SMDu6rFmup zmY##n20h+nclRsY*H7~NZK$4&IjoIgaE*x*Y)J*7e<0mchEicMEk~~mUv^(WaiO%q zp|!a`O;9=jKyFM~V3N$5t&_zcA;4uBCv^SE`h+~RBF#uz+&BE$5%2tb5N(d}ey2#Z zASRgrl~Io;H3{Dk@vHE&=~{`c@XaG>XbT$zn$>_&&pj6ulYrW3ivD3k@R~EM)@FLn z!z5&D4KyErV5%uI;9wXdWim404Bm0Tld8>C8OjwN8_-ep)eafW`fsgj9QD_b9?E#} zfpuY=)J}m+)lnn|4k!i0q6lFDMEcv*kmZ<=9??T(A_4pR(HPvNno%AHNofBxlHUBg zN4qS+-Mwc7^omcif(LL2VBLc~9`pubXwOD_fZ_NEF&#npNu+dWsLOZ2ix~*+Df@lK zF@f%i&IIIQ1RQ@GSYY}2K!&lmINcfA^3x41CN6kAL`7L|^!tJ&LO|G;Hg*N5 z_aUMJJ%1?^tieqJQEdV+32pQgG9zEscQAdujlIF0Oa*dTq=C-_E4V<;WA(aw6Mo!D zD#|g6yN6BG>GP8n*HE}I_l7Uaz*KU6?=y7uJlG^O0~;POUF~}-sG@%lrind6q9;c9 zh}YgAkNskpjpyl3f50A-HIsM4d+gl~C%$E(Mh7pc=Z3)u=9q4eu01FrA8R=oxez8r zFjDDP8NzW*M3_ELx}Xdpr9dWSN}dn05j=ra!eeuXWG)X7X&W;V1RTcawF-<3?~HXpwJKrJ~FOocP842e&y5O2CIjUx4!tI)tA4A=vTelKo%U(P7%gzehd}qryssw}SEXlR;NE`USgCS6R12 zTR~kQRVONpqpM5sDJ}ow!DdgSQdl6h8N2JgxNIt$W7R!Sc*1sQXAb;P>eY z0oiA>-HI3Xi}Pl!lH0O*HSmKB*dGoc0Vhl=-3&9Eaw$*JYi9bl>`@An`+5)m^7!pK zj{a!#C!eW!mx+svJ<~yzy=+(6Z4%~aqrX_7}F*~&e8;`U~&TIHruTT`-DV{x!i+w=CTNK6IxLdbOpPTb^@ekbED~BHw zqT!Gw#C2qgUfntukp7DWz}`Gh?cHbZMjm<++2UsI+UqZn%QR!TXEVHB=O_|Mw#F0c zR_K)^F2t{mV%KXMgYO$!6^+w7HvhsdCqBbtTz50%h?;HQrg~!{Tek8Q_J!Rr#wgQ1 z)AvQ6%&|(*4HMPr>WNQtE&;r-9#YHsiVk9vEdoM&oxAQ zjo{xdoa~O)8z)A2#OhH9J7#T9QWCiYgcfhM?1k%hompeseL97XYfGjP1Ya z!pXiNU@A(kfJYse=<6H_*VQBCSlNr=4R9{ED-J`FHOZ33R)d$s2QxOWiHGG4lnUVB zA$8kgk}Ti@e9)36Kz%;MY-jC5^+zx4^oo{Jyau0mlGFx5+em+qY$yl;sfHS?@f=pT zqQ_hRtZ@k>hA~!;-DDY{C^EP)3{!$eY><9iWrcg(b-*R7b$Wzkav+yb5NUxUQBG|2 z0B_agL^jp|4;ugE?Q>5sRL^IX^cB>wsZ>Hu0$&`u$K|5pbR}ZnydsO|;dMZcBIWzc zY>bjosv#kT4O(7=O902oGk)(tsSeP%e^1k2fEs=R!z=8$01`GJCO38*E!*~l0fDPW zur*5C({ci}cOz~a)lGE#j|N>_o%6OvqQwl~2O3;05NvTnG%Sw3RM7Eie&DF#4QL6; z<3rgll%I&xu4ay?x1BrBDXXJ;|9+-|N%WBefm@;S)>=1+q15AS(~1^6o^3S9!YmVl zW+^~xo-1D71p-`xuNMI%qG(Uq(?A!-0X^Zy3=TQ%;1em&%5ZKsQ_BBoQ9(lIuVmVO ze_cHAR;I~NgYNZI@Qb0_%%qlyg}gR&1QDKb?x+i3^k@dOQNPGwS)~_IsScW&F}^0p z=#qZ>zCK1W7udU@tK){A_VJk#)aq7bU%of%$^VG4oiq@t4Sf7yp9JkTCw=d+!v(sI zZzylpYt0V_7k!YFu3L9mk`kMD<{^MkJaF!GyuVTExOa)tct3mm5O3aBCQ@ZS=h_Hc zMO)utReado%<(xZCA&ZQrZaZ6nU%Qnwn0$mVdeogdu;yj`(n$m5B8g*J${!(j~*D$ zGW=Ot5sU5DEfz~s7Q3ZGINnUOE@x-0pDJO$I?ifziGY0xmPUyJ80!Z_0f*bPSJLYV zEmy~d4=YcE^MdK0P=)@&n%EIfFZ@e)rdVNwb*hTszB8;QjKeKHLa^iaA@O5EB#jb@ zj&5}@38A-Yp2WO%Yl;6mK(LhYJ@7BY9sk!*tioH%4*=9@^M2Ifr1sy|LF zw@TA8*sjw9vo)J#eIwxmk?2A`vBbgo$`~tt|2h}SF7Z?r)`=sv>m=(mx+y z1V6oPeQo@^FUPxW6saKCC;uG{eD|b|gxx6mZZ2kRL8-_Ld^7;vap1wadFOpUlXbvdy#J)q6^%v%Ccu=3I z^GWq?wury2b8B}dePIxKaX@FTn3{x8-p-8aOiZ<2)}Ys>)5Lf{vM63OsDnDktO-+QOig?#A>jJFwD+~ z5u%Dkz8K^SdHBYq-t20dANTstJd9CqP7{pMg+QR$Xn9wVD$_^_lx-a{ zBt`L@kqv+la!gOy&Y7k}{mJF5dXksk4=Nu#V=@r?#|QZhk7Z)9vNY#U=TE#Qn~31| zBlO-!JM*N{1!4&aAUTre62yE1#{dl=B85Z9GtL4y(xO3TD zQ}2%Ck!+T|7vk2CcQR+X*?V)<;6NGeOs_x$?`K<@ka z`q-_|G)KMaEWc0zT6G4G@|0GG;37VtkY3Ofiu{VMmD%sbCGAKI5x?#wCm|#)VJj5X zm|5ctQP6j_0DWs*K6~ruy%<(7tFfT#Y51w#TSMR3(^~Yb9IE8^6WrFO?Y$zCGK+@i zq0SUX(G%A9Mu>F_542vcw=}AC@2FnC@nL9m+KjiWtXEjFIw^GDu6mlqSlS8py%4q0 zYr#lBKu0}fI@Y}IjSMso0hY>dUl&rWlW+%`1h1k=biOw(uADopd?F5IP|19EU$1pY z&B4^%peO;Mf@f+~!3l7T(ZwbR1JGI0D%0Xp9?^C}=9+CfNOy%d5G4HaUN~kcJuU~x z(vyA;)+LA(HIy=*)(uhTeCS2+o9jVwFR*V|`3ZzQ`IU#62ljjux zL6CgzZ_`QTJp6sL=ygck^80ae-L!y{^;n4)nV}SWXXY8GYmQ`6TgO!9R34O+!R1sh zLYImoh`PAlZy5V9a+rOy_X+ zen9_1jOF3RH7ed^#F__|aagag$tVk2gn-ewL*eIF6?pX1G{|gmb$#PTb;i+O8-A$J?ej zXIjn(b#AVQ@jOnEVls@|+SevYVUxZ4!zaJo=4r~6NaI;TPcvQuA^X3#PU|<6ekt~R z_Q|PVpQnnQQzqr%W+z&1LS7V9S!ZmFFQ4<&ljY4%bS3N@6aeGjyp@fZ3;|@+GGuth z)r;M`Az@AAp%(rWxv8(AgFs+r#N%+O(G+zxfjrp!uv}<;1fjZ6^9q&QT8`3VCxqYZ zjFe;OhfgR8J(5PnUJvoc&4W*aitqis?$u4VgNMW3YmI7S)9n}D39z9YLkfGxFlxvz z%wENtfc%l`=leHOP4g~^WVdSo$D3B#vETCQyI`$M6lS$j$tG>hv4a zIPVDqDp&i^<>GzjlD!I?@n-j1|3FcIt$?``+Y8zn!a82Y2oaAI$%z4Xf!;2E);aT3 z{S+n9y=uO2GJ4YDx+_v)m+$fTI7omH0%fC8cU2ztIT_)jm&pLWN_FLP=OLC}$;IT0CK($4?xyf3CbyEr9h5wn}4^xVMDE?QW0k67y6r`|ld#}QlF^2OQ6^ZcLh8YvX?I8hl3VidtD)BtFJ{0WNH;0mG{3`kd<)6Vh}No4f{%8 zyV|lTlT5}}6)KQ8n$NlE)(y1odyy(p*_Gh7+!{l-Ke4X=x;Mq(GFIWVo~o+Uw7<-~ z^?-4t3*Vx6JS1|AWMZWg#Ozug1X~{cR)A_C2p||&ZgZj-be9I|j-lW(5M4a8ck=j# zMWF4rtz6%~cy}`*d9pc_s-)Lc?*WYzd+_+F-{pFDn(thqt2NsCm&U`a-@UPB0-rn2 z63OGGaVZMk!qJ)q@y$EZlRH^^#=$gpO!Z7_Rzmct>-Tz zd@ixmMJrOh>sM%r+s$e-g&pRxG6S3plJmnb6>}`k%r6xqG|p#Pj-k%V!~!>3%my0@ zL7U}bw#oOH-GeZEO2tk|OOuVjUtP%+r~9A}fsD0+2ca=KqQ#1E7(ceSJj0~_C0ddS zo@0_Wp0f!@2^@yRN??zLXV+)AbCB7B|6uAumHl)Gt<3Otly(s=mB~c5V*F=+7cY<{ z&mkcAO4dMf1R3O-#4KTJkX`u#%fdh_kJ#FJhwJp?`rTy0k3&PflnRJZ>2g<48WA$` z(r-#Mv~3Udb800%(IAKL^^U^l$3Rr}Fl|YUfHfS4ix~q(kDO!#`xg2JJN(9FVV#HVH;!&|eHdI+>;>~| z%CN?xXXwnvx9>6DrdJw#;vN=`9r}Zm<4bQpOu@Q(D@|xcHIvvU- zAO`x!%(?UH{EVbN^;#x>lpWL1Am1oK7u-zR{lTW=VhAA$yoK{-m|37@mbyUZl3zm? zEr%)zb7G2*k?)dsg?B`WL6w@P@+Y=f-WDASzYPx$k8vieOL3vbwsZ1h%?z(XhdK7+ zKi9R6>XoY+wJJUl<@)l7V?GNFG32ukVYfcV1hL z!`?e6#4ju>lUk};Zm&NVrkfU2~i7>B^Rr;U%GcRL9J<&eS&~XV^nRA-SGU1iYOB;NtV)Q!fZwI zYMp@sAxGTH?i7WL(GG5%tQbvVs^Hwk+IXdv)-Gtt2`XR{C&FwWA0Vi9PEF7qVMKp~ z?~JJ<{`{OmGGsoEe783Q?yyE!;Fp9Bqw$kUZY(mhKFNS&lzI-m5hw==3YBUDFEtVu z@g%qDLT&|1C50SCrD%7kk@+&QUVdDq_ti1OIl>T}DNgYk5bwdUI0CNcbxS_fy`g87 z&yh)vai+Smxx}n*0ZsR|sceN{Lshio)#!kJ9NBA^QmM;WZErzt5G~y5I zG|wfatLYF;P@Z->hU}RS-tLYc-s8!-j)6+B6pP>JQE&+1^(aBs`siDJu(jS_#NzQ& zm~E~;u$&#FZZe`Lyyd^MZu>#=B;MU)kh78c+IX8{i97vLoaoE2KHVYYlSL8&o-dv& zqw$sFx}rv7S2`7BRT`YxXB!fJWsbR#3W%mxU^%VPJx{6dZZm1C*}5!n=-K(bZfq*} zUE_$w%Ei7$&p?Dh3M9WV$Ad{ToeXXw#r1qIt(v`$d-#t}hY`L|mRXIVd(E5a|Im-& z-5kwg)k05yh8{Qb*3X@Qzw*~z6AAjjD?Z~%#opDfG%ItFq0uRUZe&GQ$rbAZJOYBl z=U9aI0>@!-89bE1^i=H`-Y6;AUGXYtiU2Y)28A{`CmodPDn>NUm>O^Y-YYXJ4hO)+ z_gvpkfEYMakwe4Gk&k!BOhJscgL*5%QGKel8 zD7PAkkQZ=y8C5HwTI$|@a^@UAj6 zvrN0(Q+r^7&_J01qB6w_B!nhWdua^1i%NuYRDo_fVhK@qQ*@^Ao5f5q`Lb`nrlD>h zes|HVjdiWkX@JZ%1mfxgbdNvf#n>2^7lkV(!3!NRle;$DrvNi1d3y}xK2CjPb5 zU|c8-^;At~BqU(7C?RWzysL9+K6Ur}qO`lT(A_`Ldf_YBU|+5WJ=K`G8{*Tcbq}z) zzQt{9m-Pdu3)$mL6||v{RK53bJ12w?rgobdIv&I`?lN=UgUH0bjEUs!LmRoe3UMe! zRGV~fTOG?5LCVsqz4Ki$-BG;uxY^m}(<|L=PYp_PSzzK*2S}N%HlG%TqYK9(E1&;t zVXezw)-C2BOa}$27Yg5bPP9Fb*7zvup%B`|HKQ}CHM|E6YhWG13qxL?u?ms#U`Xb4 zplc)Pyu!k_L`SQd-m~v;47>7Fpd0OVdT(9GnX(BP z(x&m|o|E6dwrg!}Md9pQ`0n{5OzCz|YQ#i|Fv)3^>%&DAyKyHSMEj_(3(k1vxO2Da zupT5yO%{o$->Rj{CbS9nNg^7HX! z+jP(EnEGh6jKm5mQvRO}`By)F_U;JClhS?c@J&F2b_H6KKfP-B8&c&JheL1?j3BlG z?5bwx6IR}L#GvT>V0zihrpJVnLZfA$WZD-y-bq&hS_pv&wx&+9M+SFO0E~_H;Ehf+njY36Kra^9dofF=V^z7E(g>< zvjv|##q+WI+gRJjHqb=l!GW=h6ZwMOXyS9{Y*%SJJ*VK4$T(==NPlP{f{8*&;z%?B z4qRv@7O;^K@Y$QLYytt0+`4YDd<%1=oYBR8y(Zy&=F4+(^D2jx@gB?hb6lZ#&I_wV zTkG>7#loq$h-39ty&~v+#up@emlhcL0VpZ zNy+*fDaYGt)lrU2To3)s0ZQp&Yy(mM)@BK`m2e3Xx!vX)V7W@!-O(TI>)h6t)ha7W zydR!5o)A3D>{KOI47*=AF+(qHoQjTb`|qoq&xr{`SZa3^vRkgujXi)US(W|RfuDZY zq8^KNDtiJ2u7&)e*RK4O`WVTZlGsH9hSxW4JV*4K2GDN!&D2uo)``}yg-VnYuNQsS zLtrrsPk=CVoJb1AEIvLf>1S@!v((-y?p!U}nKtvpE1h_g9`n;;d(tkcLD*bI%?p$# z?+pEJ+ra&b4D@XrjVJKs?)D8hDPfep4dR`F2oGfZc6tYDcUj*Y5ip-Z+PgR77z9fp znhjAB8Wq0Fy|1Dp>pE!t5s(P$sz+ZA-R6r%f!y`aYRj?Tez!-mo#9lF4g?7aLB?mv zwoFG694egK;Z~Y1v3}kSEmf!cFwue?+r@9$&~e;{js<2DsDWO~F#KS?GkER18)c1^ z8}bwoBK&eAh$)96eC`M0Un_CGr1O6wylO{9kLPf^AA84;Pc+llUltOwc0YP&{v-0r z@ve3~akmZ{g-%y;O#VRN<5gpeR?VOYtq8=rRJ9qI#pLg|y>RBN)yLWRm|DfZl(jc5 zJsv;}GB4O;nFFPEq*h^JqQBIsRLxk5y=4`zcBdV#B06qbJZ??;PmG>8R5}QITd*0q z-iBrL4c5f_NY0X@>i~kqbyPoC>)L;Et*qTIm#1le!%C^~9kBqZ1;*bwNSJcjEgpp( zIz`RN1+@%@Vq)G#?U};9N~k$*ZLlFj@wBLpTT;7r#p8`JdlTsFqK105ZvC$Y*A*El zbp?`1d~5n1{rzoajY;+f;Xr9_m1%cNTwTM7#K2_?H1cAU7yrq}LD9l|Df9x0IR<+_4r z|XlUT^#nM*| z;T!{WhcThsO?4hVr(h|71@!G&wJ-!?5faQd*I3m!eseAwd7c`#mXv<-_LzzwB|%f}|- zx0^o#W;9dj0uHNT*s@T^)6t#PKtNR{poefczcgiwsd4=q+j`vNb=W^zDkisWUB*k? z-J*ZvZ5-%g0n%Y~egW0dH`55xL5JMfqrlifHkxRqNV7;oDeEP5a*y!1!BhQmPzW{S zg2RK}0Z);X^X=b#6Lg>w+2gc>E&AzGnT ztc~z2BlHsNn_M9B`yB9Q9CH$YynF)AeX9V0&g&nU?wtj8&*^SEdgw=R}$WCy*DDxF`IuSs@7e0WEK?~S>&CLMILobyX2K`6q`ztIs z_-Wvpc%TMUQQpUr3!N((D!M5`pGP8F;T^G3u8YLsq#(c4YML;6#IkQ1gVO9j1#%}6 z_^YrqUSO{uc|Nn5z=?Puq1Oo@gfnfpD^cRE{NGFuU6M zYa8dm^7krOV=#$U1t80>H}g^8$uxMS)2rjc2^*pWTga9RGT*M zE0z6)=6YxCk)kygIMAqN%m6fwmcL(t9gYk>yWVA(WC*Gcumt@Q0*W5@CLnvsxbQh; zl4He9nyz+7lkpX7{qpiMEUBU)MDJ!D@1O2h0otI!n>$)Nr!-g}gXvqXC+`1w+~AjR zfHpnfZbJzGiq=0KY5qsUSOj=t0Jv6x-9MZztxXT{oS{DX}V7{$^v?wS0Z1l{Nk-BtSEk?COj zhaP`J`ic$W+0lgou3o7#4M+rX1IrcB!SR6J)y2L`@+eU-f&D=ds-YhSh#gB7$z!D8 z(s(b1#jSCMBE4oXxY}wkrJ3N2{lR<1IZcPp_4jcu34h5G zT?I7cF+uPe+cOdlXMU>j+RRf+eY1{64u7C?A}F0$%ltS*U{S&aY?>+*_bfiIM?^&H zrDfki2$G#A{1#xddjK}OTuMhK zSs5%L|8$fZ{4IDhrB!8LJ*p;h*Db6am8dExG>HLKG+nb2=$oQ{KNKbm1{&5P@&~_B zTpT3|Ev~Bth%pMLCnY&s1F1||<2F2e!+$?E{2e^arwTGL2MyuFJJq(iI$cL;Y59oH zn~Hm-$*@2tH1lh<+op?Ln_J_r6Qu?Qj+>*&2S@ky=3%!Ef5VeFTq5vT9ql4F<8Sg~ z=IB%p^c;WJnvat`{LJwi*j##`;bl!tZt-yZN`xlJ|Ii|9*H~tAEHK=u#TFmjRHOOqKS#_uq z*H5wj2+iF6Yp+HftcQE5+Tg9&S>Wx_=PF=;1XPBWTbjk0Ts+ZE|)FY5XAp7|Z) zUdV4+)DJBAYQwXwU{GjU*88)Ps?SDhHsLuMj;Cr7f<(k{i7l!k9hG9+ZR{~ckx z03%wg_~7;FqeREGANgh%lt}BPmK4b>>l{1{rnc`UoW9>WEUR95u23;UsSHCeOpk;} z3r@CD&2_twr9#K&D9CRjg_}RrCNUelYV-8)#}h3UKgN3Ym9hWlW(slC&j$mFI0g_{ z4N)`}Ep|j{7>I`Q# z>}wnCY)f``T8Mpp3hjItbYo(6It|enX?2>5cY9t|uCiL&u7>(W(7FcVdeCWRzg4|p z3#$ABVPhA3Wri>2o4?PC4MRgA#+BNM*ja}utO|N&*QGOmTT2!yq!DYZnZyn*7qC)l zdAt-(+Qv}W4WX8k!&}U8{QYuElNhkng_~&ljo*Yf3bob>^lO2mBZ*hbSf_wb#;%|M`(r4_fjJ`+G*Y9)fTZD z-pIOf3KZ6z8?}5?fCdIQ{@nnu{UJa{L+tD6@gZr^abfu9i1E+*fQ$%-4Qyf|cjDJ7 z9#VBJqMD=3dOtZvh5Y6?=t<7wzqn~8KUcO(zG%NyM;trtU;RZ6%Wj$)!kqIhk5vp!PmBN3YWb=1>uHdQ4e&=H4)B_@C%Z}+CMj~fRIS^ewKjp4=n@?mja-i=v5)NZ!=#I2 z{+Nxm{dk}z;V8d+^@YuVvH0snT&d6)R!VI4p>24N-dLE0vMGfv&F(|JR+CsOQ^;AN zXNbmechFhE?4MM{h^R4D253W&geXPM=_hL8D4E`&7<@%W-C_&jEB`$q_gAyeeSSgT zS)6-yV6k$3=51*FthDn->0a1V_)jg;+A^y#3gTdA1}!r)GYj~`?9Q|EKby)wD>4=Y zp5|i(9X-8#1~o^T|2h5IO9ov9@2AhHiUgJVC%&%s8lxT-`p!= z)2a7jqurzE`_pnCP-wSA>a^*%U!LP%x&AUTZC!RUYphk!iJ%l+!is4{x=(UcM*LC{ zEuQ(Mtx0AveNtqmYtk1@- z#q(l%O?>61;Zqru-fS3@UXyV(+z(JUZQt9{iCy7=IF1kEd}G0*I8N5|C&HCdMWrG{ zVTLG*oNA-9g2EJI4S<+#pd%FZvFzW?g$ZsZM!XxF;0fhjmu}VGUHSTg)k0z^(rApo zJ8UeY@788+wDtJFG9y}XDuLIKBH3FRp8?n1rQ%I0i(KXk(X9#C<g$_^4{;B76|WcXw{+9%+)LvRZ>B=~%~SQL zv~)34KN?fN^V@5wUoTEYq%(~`dppy6hY|3y{)2?+LZyKJJ_crtlFL5v!1t6zLU|NL zPi(Z(`-kpgrP!DlAJH1R*H-_#4}%|6KLM1*xbldeX?c-3$X14JRpx^}%_PDFW8iSH zo|Z=Fh>jfu(jfdNk}}oC_GppF@Kpy+%A3&oL=xNHwA_bLW&1=^MwL%bEE;*A}xLd zXSd?Gk!uGL3e_8M^yc6-px>>WB>wlw0@TE*Xi$cx#P*V`bGuxi$89@ecwbrMCHb>$AI(_a+dhB5K!(4z-FKf9Y^PS_zg&~%q7{WPmT%B(3KItB^^qD-PP zh&3@O_>?}hzhaeBHW6zQ(sWq{O6U&<{H;)`uFj}?HCCcAj8zmreAxEfNOmji3w}fI zU_#hfWMY+A6qS|~{8dQargV@Qd8kcFwotOV^LVc92Lr?U`Of-lECQ3a;aNp4cgbJc zQ0??4w5?n%wLCoBoAJ0H-91Us2c~9rIuD3C=bgP~f({b2;@Nwq<*^>GA`RR>${z_k z9_TWpKiN($XV+JHUq?>Mug%2vY)+PR>P7a`KE}BhoWws&npL@uxJrH_-U{vZC_yV& z9#_UfpxKF@^o&2OZ!P^3h(jWN{rZ*hjQ{(`g8yFq6@T%!!Rz|iMTvjVB4T4xiI23Z zJwM^CnTB+jNBX;3>Izh~zG$xgbk#q}5y145X*E2=KiYtD*jLi7%sYhmnRTe`NmyO{ z4e317kk~X6xeSDJk~kw`FT&CwaliRuDA3pzcDhYR{NlGMD(|ceU!{uj*aTl^mm~%r zx2?pNG+N_@hlFRhxRbv0S$!>;w<5uxb#i!g20j=!uZ0$`|NUj!d%aduk?EuTbZtY1 z#A5Qp@>sr%itbp*i&3^45la&n8`GA?Ac_=3Ue-^sG9x~U*DAhJp)NLbce8vi;3Hu0 zb@727+m|05j}SKLOtsOCr9RbAZvg-dG+dfEAv30G! zX9HTm@;r!r%{#lrufsZdf>fX-WOW~CmJHqPjG5!a>`}2%!u!_0t99No_-D#23oOma z*e12BX7RDBFOGdhK-)$Z^yM}Yb2q)@MTKWcZb zYzb4YOiw+5(ap}(>c~zwN9au%%%cN4({VGBTbgO1M!alc#CufqQQ!r7ergD`EqXwy zs$FkQs|v|4OY7e=88QMqO?E|a7sEI7PFawQ_{*g_77cWLLctTN0^iAVt^b}d^O4@3 z*;wB6{l%l$dXsGT+L4lqg2G!uLc)3`=R(baf7cMOIzk^q8G`Ybs&bFvZ$TZc4iQj$ zU}I*sG6exhdX4++|G9YeQTy#kmWul+`1$DuM7_t>fckc6`%dAj#{b4t|C1a8pCzO= zC0I=kVz`+$1eM~!*2>DtC@EQ*=|IO*VQ1Oq{kZg=*I)@+Sd7!h z|M~N1%p<2i?x_pbf9J0Lcw`t;7fqO7@^rByOmzG6y#$p*wVVbx>92TGX_p)5=c;7A z>;sU!w>1F6?A7JL#?t&xjQP(pWG3<$EmD|fQTso38dcg1rzVL1NU^Utf%!+XO`5@1 z&HqM$^A#8-BD=SAQ6+%V@Ai1w%K@1 zuN~oma4|9>Dk>x1R&uNR|15$jkKa6G8>N?*ToF9AI46)S9YwGX)ZJ$y{w5d{{-0T( z1_DY&roF(yWfIWIWqE_=AHfa@n}Qh4wBfTnM!)}ajG9D-52+~8yQrMk*_CM*cOepf zZPEQ^1TU_DcM@Wp9>@uy01|)%b9BJM!4Eh%Fvq+>iM`Wc1_AqH&I~U=O@@joczxcn zcKtE}m%G6dY5Vut%EK}MrzgeAy&C|61~unDa$bPATG`aZ!~g@+N=xDYJij@7pd{1) zn#7cK{V@RunR=>Wr;kD#8;1Epd63mc;E?>N7q@(K& zmoo*u(AugV@$btKkm)b}6FKU4SHjp^Xj45Q1fnl14ERornO~?%Bv2Hw#8o!&hEmvy z3CPLsbY4>aKKO4?bCDY)K^OM)R*-@GFl;PG7170>!-vu~3zFMg(J;%pPe%h{?KL7G z*f#gBjo)6BARKuxMG^{@>k9aNE+4gScNyDc?HFFF#TE2joxP!fO0bA1CEu0JO?X zegNpXVvM^d?=2u@>HpjP;dGDR3(3usfws-H8K!ujCc;MX=@}nH*<4r&Q!@q$G5YVz zZ?4}ks~5y2HNrBTW8Jp4P_AzKS{=3Tg*EO5qm*QLE$6CsbN8mbUMUcY=qlig2#p-^ z-~MgZQxj-UI;S3z%{Z6)b%M(9u=n>D?(yWNklF8#&ornE?HbRI(O~BasS0f^jlVM) ziO7>G;Gda4IDw9$0n3e7^&8axnyLm*gAx!<4|$#9L#zMA&*;2K;!ncyM(F;=u0?%P zJYmxk1H$q8z+XWD$Grm0ohIl@-V!R2!?L6U2P(8TZhB_fH|8pe%pU41FfNrGm4vrG zIIy6@^Zo`t{zeipi+){=W)m)t7J2jZYRAMq5$9oVpVP}FjfU+L?!AEbLrYyzr_lLLiNOcT=metz$|?mjaQMX+T1)32{)<_1*X(e=W5``_~{%b&saTr$bK0| zA=tR>gW`c`{ly*Q$(0(LEcct%rDB0!+G8pTqz-)UJbU;NBp!T59#-X#c= zXh(!0wVl=%yE`y`B2q~Sf06KmrFt*-pPt!{l9%ll;oO6g&p`m6Jgi|XPDu);`UT#;oHGkab1}kD$l5G6urn(p z@P2D?&-U1&bJCn=k=2$!HD<&%sbYWyqkGwW_Q_#D(E(2p+ex@(NY-ZMe}X%YXpq zE0c_1nN3M?TzY0uKyrJ11>sswvLx<-dVLlueGa~lWf~ZmyZG|fb1E1B9}Cs|&g(xv z1Gk&}A`sIAz7wPuSjFwzr}X$kwrsTQ<9L?n=xCNxjMDte1rkF1_dzWpY+x{_??(vR zd970d+CQ@VFIo0#8EUH-!G*t5jg9(Cwl&I{=P#{{N+{=!X;n_r@Xotc>C^qHDuzNl z^4>I_Fr!NXR)}lt65sK)rL-GLywX%q{#qU6&E-dQAVz+mAv0UnHssQex21nistwJs zo?K`gXWEsW?ni~p4+P%a9v>D7{;|+pc}Bghxb0EJrItJ&nZ&~_PeJCQ+v8ul#6^}e zf<|g9AN1=3o8=uZ z+j5MLhG3m8^l^^zS#7hvcist*GO0JMpO>0P8~OKkwCBw>SuD#|mo#$syw~IK2sKgX zSR(3pKCIDHyRNYtn9St%L|WarK-$5}s^r82ReS9@IV??7S{7Yk+mxoLtnJOCY@5~L z;JqATR(5q}OS(OOu4|rlkv6ue5{3?Cg6`?-(9wh0U_eux3VY82bqF^+_*v>Vu-qTN ze|~aJ*Y-w}R@oOes+XY95oHjp#;uq}1B*qd#0(hBD01Vu4Gmn<})l zb0A~#!Q)~3vNc^LUT=$vpxl7}vc(3=egNv1F5fHnDB)e-hPM$46$<&*Rr4vTfi3Zw zXVzzIs!;7a!EtSes3$`ma<^yCxq7Ca!1ik%2uQ6ov7hF*iCwa|&owA+Lm9!P72+*%Xc%Hh}gKM3VlEZ{Gs z?ELwf|BTokV{XNOxmN7#lsP}m6xAAqRQU^4Uxo*~JZqwJHvbHDzwd$S%h9va zr)nq~lW5;%Dn!vCBb`JNSyLE#@NGxxcAaVll8=nK-pJvC?97$P@e=;m@ zVWPRA1?C}b+;Dv3pUK#DMnCRBDytCKvT=i7{Vr=e=Emn6@M9>V zT1$nsLtYcVifkgjGiO=coQa?E_7JrtP@ZjEPQHGb_6eRTIXAYo{E(p)e}PxxbScU@ z^qq!jq~nM-^TW~G1S1bhG*^k|&Qn$$Gh(eJH3293##F@y*!Nz+wtuq9FD{+%&+9Fd zY8m@@)tXXgwVzqyv4b|LeFb6B%K;I3aN`0fwPVBD@gDbgvz5!B1V?|8b@PzJ`NR;( zf##HindW@2_|(-Zd-qbxX43=T6ZyEHTK62%0P)8mzI&SStrunM+-x)Pc4|{dJI`n4 zgUzu}_kGh}qhVhWjQxDr6DGA(3b$rsj<{=sYj}+Q%nlXrXOlW!K&}Nsam-ZIZP*qDB>Ahx+c!@yABjxf}6y z)o-ljJ^Twj@0t*|%Td)^ZXRjM-S^geC>B(au+uQ=2WNFTHTV5%d4jBQUYFLh-o0N+ zkMkRj^ZCNO7to4}%zrpxah*opsMz>eEn+#Jvne82nc8TDeh{Je=~IA*XmeY_pkXa$ zsNgI5p!}2vdiy0pGk`opii&CbFqQBy$71?Gvh&JR4-bEM<=3)$&X(dUwahD5@w+e) z(xJ;zQWS&AXFf|dw9m?4lV2Qq4AL8JCf%5Sn3a;!-&Oe(>4%A7sTxd;v$luG#%Ia-wY%J$YFVCA_ zRl&cWa*E!dFc_1&d;Ihm*%0g&0lcE02$a{KZ6@v>XZ1BOBQ(XWJ+npYQNvAz&qm22 znP;MOxqzKj7Mp-4bxP=ChLiub#>me`M-MWl6N!>uKEq%BoYFh4)L}A07{OBRmTDg* zlO)j_MVS2XszsMC-}acfz3$#E{uX9k{8#!d!*#g@4th|GnaE@BV;56|0JsaV|#t?Sw7p1c6WlL^WsPCdK>GM=An3K*T3xW9w#ar}t;-2smt9RhA2q;rH?#?oQ( zrxOgky_YK@A|f31^17$IMhD-LauIZg9*9Saq`j z%X)>a0i%Hv_k;DbMG`v%j=Jz9KMbi%2Q|G;qQkfh@;bY@6-H|3M28fauNC6>j%mC? z4`R6#31hO{ZkX&Zd1}~1p!hJzhdkgq;y~;PEQJ|5wCmXlYY^7rV9e(eoal>W3ZPNV zcV+$VyWa6S#U~7`fssh9*U6_mol+Vpf{VZ5n)_X5!fvsNrOMdiaJX(=(q2kq`f|xX z&VNR>a4_CMM(O8?V_ozl%%W6}i_+$E{N+OEKYnPjgCCzo@HSQt5GdV7$Vu!`2f}(F zj8G#yNafin3_qC5-rUzdsN(5Hg;$uBY{m!CBgH+t2Pm%6?Ga5>kDn1k4j2uBw(@+Y z-AYEE_4S=T``ir{sh-x0RHsfpTZ@AcjOX| zrU9`2qXzaDMY(x1;^U1Cm9-8t-S?H$NNSDOY>$0?2KcI#rA~ElrLTu@HToWK#p$Oy zJ3B+A*0Vpb9Z~%1F^I$jz14-iylcmw7<6*JYhzz4ilihfDq3hB8cN;PD9jBzw%G$l zok1iignGxqK%l5!zBM9%MZ;&A!_#1jAI=^d?E!(Y66$rQN(CV7Owjl#=zHj56yPC2 zfMz&yY_02;hj=Y2UJg@v0-KSM5t?ZD^2!R_Xt>YU={FmU&*(71uw*^>zVQ8Q4B0mW z*rKg-V^HkJ=_9tseSqOvKlk_8E@B)8ikVWX*_0e4PzJ-*glZy>2-`7z)G%2qo};66 zM$8N8YrhR?t#k!6dG3j<0yXLwr3au=aoLwJ9001hy;eu82aYr;MIUL~exWgSGJLk-M+mxpwiVjz_i@vJwA zCGlrtgwHa^y@h%jEAcL;{w00i_(*=)EiBJ%kwt4aPqAU@zzcmvf*u|obw%)rJj@XX zmKm^WFgALTPfBpy5%Vjj0Bhc4Hhfs;xsQ5<4TU*mxO~(7E97qF5FKzC>6z-5Y9k;2 E2iU8KRR910 literal 0 HcmV?d00001 diff --git a/copy-of-sdk-docs/learn/advanced/baseapp_state-initchain.png b/copy-of-sdk-docs/learn/advanced/baseapp_state-initchain.png new file mode 100644 index 0000000000000000000000000000000000000000..167b4fad9ed05c2fc28884d7ab6bb1c9762eb87a GIT binary patch literal 243455 zcmYhj$IkOiwWJ)L|JQ%}U;m%K{>T6LKX0FC>#wruiogDWa(}=22LjdO zy8Q#?|A8RsH2w42q}7u4>pzEL1Bbxp{rGLlruhDS4gw+Qe}UltfxBO4)pD_CO zC)+(0e;@u9N0WmqzHLt6rq{m@WA73414j7Yh7x={q@ZhmhB!;t0u1xt-)jDCOgS@? z=iXMU%$AK~z!}Z^b2aosN{_VeE3xiT1Z&LC`B0`C&&7BY9^Wla0n6?|Vk{ZKI~<{~ zdCW%9*~79EA@N~b<)=k%OvO5m^A3X9@*Fg_ITIN~SPnX)jw zC&%2XO(^~${i%G1kHAk6-Sefa$g&)vuh$tzscrW#e?c=D_$w%hLfZUBA8FTXUeWgtXZ@`4S z4@PW+_;JM{Jg=S%sxIP*x zUmumWMYYCAa2gn5*1>58GQns?&R6(-(_;D9i63s3AJ~5Nvt(Bk`XYw;9gGf(YbJ9j zEtm+_C(QHSX(>Owb7V8})bqUhJ&;RL>ThM#JkMz)*@xEZf9daVY`Ds#1I#wN@$2?* z+h}Xg#e53>Wa0ueRNL6AWaQ$YF+djzqlzAQDDQYmu$TFl=p;1Et@9ifO~V-ErKirp~-(n zL;cXL^*RF+{#73Me|PnO%hp1nVksW69F*JTukVcPykn?c=T^yQH2VnwtDN14Z`WsH zAX@mdUV4uit%B0AiJIk%yV;GY3*Gav?mg2j##r^#KDBc#nO3%tLemX#`5VBNA5Tb*KfCKrM<`#m<@C*Vygldc?M_v;)n zl*`d89J$<^-aecBF-8W zE%!?oqpZ;*_XEhhDpiA&H1{kBXX1F^(C=q1+^RGYamBa~W(i;RgHjo)y-pH)S3l+W zNSwypAz5{|gqu+0-!;puS{9nsF8ww^)HUX(qnG$AVip<%Uc}28P@7dGdQbUv$^u{#v3Hw~*IN)Xn^o zjod8^J}|e*w~OxBrMjti`GB696moo}h24X^uNa88&DCwo;JZ^m?^agL&0*^)vY<_o|)sP%7||yfapGPoXdb{{z03&DeSlc6>4N zIY9B)MYgUvwvr6(A0v0fZ&mo#PO$|KoQ47CMFbmP&PCD4gn z4H{Op&-0C`{^=!L@a4Woc&yNlGCf_VCiS^Mf4xlBI{sAYeu9>Lue`pm2oK(#Q)J2s~xxDs+YKZ?qWOFt;cDr3f6IT3l54Ox{ieC55 zvTiauC+>$O?vGxCAdRC}CfKwt+*2cISowniPgY*uudq zu1wnfA|EL%9OgPnl$Hpf<8qeBI5-oIOD#xRK5f?!H`^|o#^pr803y=aL_;mjl0cXP zPPBT_fm2sQCxOFC-gU@d(Ia{~n;Y_+FPO;qF1Bjps;}I^@NXkZ-F7*gOb3MzOgHjZ~H|9_P?XwwOQ@48vj$I*gx6GERsNJSdNY!&U-!K=< z1R(TMvB>iI4-0*SiZz^!iWiBHS&+3<^;~zLw2-J|X`4gv16(rZ%@nc=JtZSM!j*oOr)o8|cy+ zEj6@0;X0%dkNYefn%y58o`oDhEj0H&FuRobWkmF z$GsNV8th+g7?=-Y@y7BQr5&vW0);EiO+Fs;`R&j5Sv^~D1Q2lsPC8J&!nnyR4xUoe z4-$VZ<8hk?5?$Ty1X7|(zGsTLMKz`Yj+xcq=yjU|V$9L%{nT7H^@GhhCCk9gu;@1Q ztRr~gN^YH8cx=yNM7!Qih$CN4dtLhmPV;N3>;1|N*G+B%hxE;8X9~-GKlkJxSURD1 zXqMDcx8>0tq-**(Vw!zCnUm`NAVa~HUHtCbl zhCK!$h;|rGTPor!1o~m0Wv3c(Z!FTbHO?1m*zu?KKxe6-`Dm%nPE`%MDW5 zi~0oS2~`X)#TkwecN4NA$K^*?xw-Z+zuAE(qnS0J6e<73lxF)&aD@TV#TI8e$6V|FUy4J2B;0~U!@a`R# z0l*Qs>S6+e%=pW*=PkQuTxlW=*Bl|jbt5O#Z*0bo3Zb;iR5fWgOG3B-(`tJ%@yW;j zQi_pps3-!9{Nh;Vs#K6QzuwFoZh-94u1^G!It`I)Du3)3u40%5vR*dIuU*RV9UU>YsY6pBELv7q}QmI|T7MK!A4e5B~-XLG0~1 zad5`6;CUu(ki3%X%f_Zng@mZhfU;muPWN`xKsQPi+$@xw-wjKEW@94ljIu+MYEQFf z{bBUaqN2Y>1>f-lXVPoO6U&r%z2vK=EFIx!e!qs@Hp?$@6L#uT+O8ZG8Z zGwKcH=IPcsrgg!StL40weMOKtmNY9E;Nu?$ATONhkoQ{DbNnp={aX&ViqV0#! zNe8UX5^z-CEl+HWc1iTXF*BZp;yH&hykO)aa;nh|Zlitia~vpEY+7}k=U1()CNO)p2pD_5 zKJTh*LP9#8bp3}Q?Y|%&O0Xx=Vd;% zgZ1m{1Fwtp_O92L@9{hrU>R2AvhMnPg1i-X9UJdZaTKs96y@(NgNDPY++9VKWr$+PAT9g`Q^RkUrTY1r0dkdNEOQ=p3Bd?A&#+Po*D@t z++*vI_v`6-HuVf5VbG2_$!#k-0Ljq1K7_zwHWyJ^3AhKLaZY* zl?JVSm#gPn<$UO37}(C|&CixK{iTONjBZ#WIs?JVZ%`udCZ@hCBkn^wQ24xN<2#o! zzz{npaLRFfPThjWVvTB~gVYQJDvrqZWvZ`RZi*Hwo?)asoaRL5O@>WNE>ITtomHPIh)BJVS75R3 zXFzmD!xmxBx*hP|jl6AwV2p_E(vX)Y6amD10bMOnv&=^w%5Xow>%?(VIP$Dblw|Ay zPhcU>#}wDoo`FKK%aY7~9+8Zzc@x|c$1 z^B$@cv?~G#^)*6lPLJjJlwxha=IKhmahbiA@eZ{KGjThmeATrc<7VAqoW)L&z$gpC zv?4RK<+EwB55JSgws%bw@T+9Dy54*$_2{Wpi|wDzQ%^O?Rmv4#TJNq0#wYnV>nTS@ zmfiMxGnAF(uV1k8WOE(R6v}Jl3a2k=mkA@b1^@`)z75pXSn~*`qzs# zG$@D|`GFMvBPPkju|{k9ETWR;Yl%`(tSAj*ssLrx5!3m&DD$WR_Oe<*N4Zc!g!@1>r23NnZv z*q!3^0VD)UK0loHYlwQnAvZxZq&~lO27ZFImmRyGUpFn)lK}_J?>{$th9{2j`$JYr zBZ0T=2VMlMy0UMwU3$XsOku`0REyJR5@0RN{e4Ro(1ZL;-1_`cEBi*>pBkewOVl+V ztBFxBMeBqchKgj2eZ{?W0sC4DfMR2*#5&ZIYM`wMs-o?q2nBdeKOKOwpw_&u92cIz zCt%_vNjwoBL1RW+0tb7P^dxddrw3R{1R;eGl;E)1DvGupOAP zljE?yoYU7|mT#Qo>kIM-;*bFCL(qIPc=Oh#{CvGdehfN(lN4(Q$-9QG9}w*#=6UTh z*TN@aU{enzsxvOqNc87Yd?IUgflr4LNjd!21;c{SqLMp4?IVMtAs(bQs>_MkG6U=Mqvmwrt5x0KBxY zdRvhXL}a|>7xHp&e7q-0ITnsei}h3=QAQnwqE%cPxx;vYHB_|kO<;H*GFQ@E(g_Yq z+&3^GRK!7IAS~zk!dS!C9c_dedm0+kKd6eS0rgMgUCQgaAF82mdHn=DJi(;m%yND4 z1Qo#-kN+`1a1yK=5DY@is=sd|7aL8X1Hva_y@W|Ja+V~n$nDS#?x>QchTj2-QFf-hUW_=uH`brf3!N4KGuW@$(;0O57&Gb4;IvEw0Wd@@snUp zs>*2{uZyPs*r&)q4NC~?P4Fo;&(Z$d$~MPMP(NL zs$0M)28;`B`&56JwOJnk%44QS0^}$RyNTZkL@(K0a%$Snq&()85O;c@EW`iuvviDT z4NmdbC)Q)~QOY=h6D_(W6|hPDz>JkdG-8H+v${?bmuqZj0zP9~YZawi0E2`T#LzEd z%iWk)wA6z2IhVtWf{njazYYd|7}w58j10qveFCW#9o$s?TL{2`G$T<2=-Tu?mBSiXZ>%Ef}n%_-wNCB|8Myh=WhelsmaJ z=vQQxm|i}X^CTQpy^flElVZhwRA88tg@v9*&)xyij4xsO_ySt#=ZHfG@@Lm#A1%LOwEi5%x#Hk_;%>c)C0 zGL~FF>t)1m5S!5k9vDvOuk4d?R$Mj~eIVxQdvG}r?#R==%`Numcv2NT@h$nfPzS;a zpu$u*br>BF7Va(o04$3Xic8b`WO|w>nK4=N=0i5j3mOzrPP<+8U6v&esEP8-dtfNP z;`6pZ#nqc=+`Of%BSUsi!-%WU_FDyA8becNn_^O@m|CHhOwzYuSb4>OS(X!nWVc=yk{LODlxMlmU;{X>p6pKI;ir z#o|ZtFkj07H39K*dofIlxbtCjIL1B9>HDBa_jR(m^VpF3NCC>LH??t5Xi<*?bMbbF zQVLB8KBr^TxF%Kpq{8}L7NgMhJ11aBpfGbUd31O<=@U%w3z&vJES`#{cTmlb4m+KHB z<>n40<9^mw8R%)#wNZ7J&zppK{Pz5cn$(|I@OYa}u`G%Ajm)&b$I-U2;Y8~xAXDF3#p@Z$^ z>?yiM_wp-ydQe0W`ju;ySjw_O@Qx(e_XIX~rYVD?Q(b+Y;VUyjy&Gh-O15 zvb_D0J%8NKS+YNL)gEQr9D1r7F+*pzU_; znF#vAATaap8XC;67uB@XJ}2j(B1c$AE{HG1(Mt)zg7IEnl)Mr&dOS=f&F`|_+KLT% zN;u`tJf0~3wmbnqde$ZiR9X@lA%=e(k3|;MC6+e`_rf|YtS+>OgboavwGd6|dIqmL zpCh2eqZot_04_@h)du|$zIaa1gOQf8P~&~+Uh946&ovI0Ym>Am&X!Tb)@~aHM_LN@-@h*5AaM&a}S`i>^<{ogV90dam zUMvGvK*Y${J^L64o3S|S zVm7qd;yhd#sgy6Wn^*?@y@5#>v4C<#N;x}WUnfxPt(pb-?xxPpSbFC4Gv+x6_-yV< z@}kyy)5xy&9dcH(0HHwPW6?9@g4Vb6GCF*wJfLVvg~mT@5!9B(9}_^nxwViYs0_q7A7%+rIc5{H`r8b1=wO{GO64I@^M83KnpDJfdx? z>}d{;H8fifAj)D>dbrhoITS!8%Qt!*&P%ochbZ)7R(sw3rTS7+<}RdX#Irw~5FSvb z4=-TO*i>q@q`ln}v+(QXjM^%=h17$ufjn3I&FfiS!%<*0SMbS>3;I#)OU=svX;)b+=qvbxA&!JFFjm<5>7*=;+@cL~O~KAmgnC%M4iUkoZmMk_oU3FSU(crHS8O#IdGgr)u1&T^J2-!@=- z_!8eJM{>!A`=~X@2k0Aeih(X!&s7;ZYa87(1?d!_q$94Gbg=%%u~5?}BK?a8)&jb- z1kdEZ;9wJf31bG$`+mMiQ`Cw~hd zkcBc)GVV*8!oJk`b(CQ{qCia%KN(8twDs}7hJgb|f5PgHy@p|wTBQI|Ju>Hx5!%5y z^16y%OIGXNzLM8k&A}VDejaGJbg870OG1Z^MD^uyBgL*aw|d#74Wz{~C}8cfr2N}?fgESAd6ZlRedTZZD3$CD0 zC%V+WzfoE>+^Q{nrTo>^2}~AKSM=JZ9!cgclsdovsjL%{_3CoI=m%Re8{}!;eY}zN#c3G=vXAhdE-bV?H0Iu*3^S9 zUXPdK(#-tCepr!K+!} z`(_YQyDazP1#kEAh5jWwup~CHdc24L7x#rKg?Z=gC>b8F_7j-8klmg2mQi4Y$6oG> zAdH3)Q46&`Gah1L6MnS1J!~LjH9f$12!Wi>nP1)sgh3VWrjpCO^Ev2EaJE!L`c0-_JTAUgr3Zr+V zF!2}-Xhvh3UTKuA}St*bF_{u1!sU~%tgX#JFRtcV zd|+(Ce7yiq;&I~)5!-&Sf=4O5Cr`YHJ;IljpKp&GWb7~Um+&6Y9Bye`V$^gA$avUv zLxBiTjHBdtdHn?w6uuD&$ap6EQRVg7=@;%5zBa8muY7JvT6$UEGIv@(0G9~>Tb(R_ zQ7->W!~Cv7K$n-5vise4(#TPzSWm7u~%H&8k6J zy>4uCh%$%L-J7)wi0N!E4%;Of=Hr_Mh3>=g+Rc0GIN&&?T0IXujj*|+-(1rjA!G98 zTTr9}2Oq$>K+4-Vc!VZHm5#w5;|Y|bBM`sO6WOMy<$}B(#6M_wJ&!saMaQadOebG+ ze(zCn4w*XpZQ0yRvxdrcKT)99&U=;sblkSxo{?L=013G1&GqnV$u1iA2uIz3_Nh0D zym*JvhDmkRqp!{S+;40id8}P|{N?O@?mLd08o)?Q{jydD+Cr?;8&p;^+nz_aGv-~>$JQkD%+&ahsjJ=!R9Fu~L56&%1 z@FK1Q?tFLa6==CWkglWF!Cr-KG?!MoEqy8)M3KW3>ozlF;!dJG8$X*hHKIms6*Iyk z^4e;MnmADG16HWgtr#YNm|`K9QdZrV-hhsBEP1g5Ol$CZR`zF@Q2NI8pD(B~qXUiC zpCTsiUjrKiOBKF1ma@w;FMy`Hg?Ak&A~tc?=v2J~0WNhssRN)1#l|V^hPG9Qo&r*X z-Z{=F(!&gVqa2`wOTF0waRxLC>b$9dPk&TQ_Vwe;hxjc*rpYM!*t>pnq(@bBIJdE- zU6U1~?k9=C@`yhA2iBQ=MRMY4)ImDG>dd?@d?Lu^h6Dkg_Y8kcN4Y;4^lJ&W11aXY ze2<#y$Hi5|w55HKU@HVcJH?Y4lj$`1Gl9B++&Rt<_f3Nh{Oo*$T@k7u#aXi$SFhW>C@ zd8(+NxB<5hzNLdYhr=xh2^mfe^xbI|fwm>PdSos=zy083jFE)fRfv2ub8%suKdqfm zPv@t27TiC8XYZ7VAutwD>0vU-2NO9mu>k4eX+|KbFCma5>`Yp|?C7d2O<5Iu11|n? zhw%Z)#66GX3RuHS2YR@}>zLaRC9t8R)3(R@*Fp^pfmMJWd|o*w+UTe_eGuZoK@&qj zO|6MCqeeYO8L~+A7G>!oIBL`9gWF=H*^`ZFpp>O`<8I)f1TFeeyyGb?eIdLu&vNYh z@M!3-+;b+U^4h_4p2Ro>M*T>{)>V-s!KI{LPV`xI`K5A|G8)pnb9b=+#ntn0k%h;8 zk+<@oWiOF9ftq^)5BEBquBO#~U3SU2eSkKo+6e}~cvPtnz$_?JRFo>aiz~>!$;t49 znGqiAwO&i6$^Z_9k9-1t1$5xa#odlk{fr^>!qKyp3iP_@Zx+Kfn5Kofe0xd+JscS% z;Iy~TUjb-Ibyob&vy>fjSQHuJm`6I1eXFd)1ZpJ00v*yN5k(4@OaddM`botC@_+(C zz2j7h_Zc&NRdS-bSY36P6&UUwc$;sae*r>i(8APpxHOn?*ZLd414PB^gF$L`8->@= zRdQsTu9`q})CI4LZCvX);Hd}mCzOqSfPdgCd#-(I%%VG?1_Mz0gCQRfe`o|;c*VGSV=>300q@O9^SLmgCXT1# zCA3cm>EjOW}9X}i5 zz~;fX`*4)^_0r#L1Kv;A3y4QEAn8cXm}{uf_)R%DoVl6816>X)37G#4q+bJnr(X!E zFxcZz)7tDk>*3RFs&#!~(@?D4=aoA102Jgupg*|xjL`~xpG9#V6@FM-xC1?+n~oRG z=*dAY{*HcBQxyfsb%*uhm1Xr-s(@9qIn2+C>pzyS4&*#9oUOBVXvgN4Tt%?grXc$P z@DnE3zSge4ZHsRTe8B<4Jlm{x|}$P(Xv%K?ryQ$J7P^ z2HWPY54HtB&q_+8i4O7af@pG{J|)m#wc=L=zJ?`CS|hZ2dr{<*%~xc_KrynOGKh@7 z&xgT2ax5qPnF;CVox{16_0D84_FIt(VAa<UC3 zp=rQSW7r?YS}0or?7y4n2eKoUXQfz@CPIsDYe9iir6hh z{LSH3lvX>#f|bVvt(bWZf(Y0pRY5=$7X%LN^)oLNT@^1X`^IV#16IstfdukE*oy#5 zn{^Mfl#U7<6cDE1tEmL6lwDdoda_O;*QBDFPJ)`{&jK-qcnHx9=Jn*mgmEv=LPJq>8`c)WLZJ-{f~+ z94N~<_{`Jes+8#-*enMvNDWH&{N43OJDv0w58;Ql)~dHZ#Zl_fC^ipjk`ujC6j zy(Cm9lzZX-MVoyN)|IgA-BefNABL?sy)K=sZ6`#LUMDa&EWkVX^hLwdx5h53N+wwN z1YglSUjS1BOT;-eo&K}X3OL|l-o6I)uD<2v@W4YyYVaI%)eh#3qYXG&f##$J5z_wU z6(9kG@j2|`Gtgu%nJ!+hoTMm_aWlh24Hg2KW;^VBq>4UXn7qYz z(0-yup#k#q`?)5H3C(o*ZATZps|$X30kqp?1zZ-p zx)g|f{s5(e1J2Tr)9;%}X1vK-l~kPLrf^_)rw?GD!eJbQ{q|7-Tsdz$tua8KKIZ9| z4=tBamccE}GK3x(>^5oEW!F%FlY)uXu5WW0e}y(=at?w}uF-Z1hJ>K71b*;-&^j)&P5EHG9yb%z~VG&(t&>m?KO z3?NIXVtIHgFd-dHvzj%VMtMLm&_bnDtBCy-xccbl$?YM6BdA8t zB9VmUQvZ1%Tm$PA=$>?O3%vL)z^w{9Ee1$RJ{p&RT^(0c89;`QP4$bq%;~v+`1qk$ z+srQF^ZW6c?7=nDTGRBU*H0T!oey!K_^UA^i!BgO*0|~89?LsY?L7HA?4UUX zAbKmiP7Z8ygy)RdANvd|NviD>T}AV?gDrTM45&wM0T7M48#p9_L1QuI#UyaWuQVT3 zAYrLdu#eCd;RY-NiZ|k90(-;Wl$d%v9Ia2L1%*XaN*K+TmR~QSApGJmiuq;5Z+Ty^ zY1r&zv1ZdCrXmvf4{m=Y4(!nYdpvK6ToT84LSDlt77ZV0dQ<-e&geM+m2z+$0RkoT z{VcN(yapw0>cM3Svjb7*zi08a9@rZYdC-_UUcnxW#QLo^Qhj%32Rj#;F;z|)iHchP z4hY->rJ_I!hWD7FqaS4Z> zj?jSg;3Eog8v#nI4NyPPnOE&#^Du}JLWp=cNCj2|$xnM);j zDfjj5>zUH!zKevhm4zI#g?j^m%q<)rp%tkFN|Ug()KZ}@qWFAA=GPcg9rr;h!iS$V zl5By>#GZHLEw`MjDhVzlgSCx<+CTVB94EXG*i)l_L@Q>N)*f?KK~eW zGz{*6k_NhP=K)xi1=7`*n#;i6P|so>#-tfN*8E=o_;1-W185SNPh+_FbL{xE`!X~K zwk3gYg2!#A;vS_qeQj^_Wg15Da`;q7Ibj|f`y#l4O|S&NU~q1OYwQ7K!Db~URtmd? zQ!qSWQL??)lCOIeP`Kf-8iY<(ut9tIQM?OpZE*R=LCxC`seHmOUrUYAudmyL6;ZIIQ zKqZ8cIoIfkof#l!21_i&YkG@10{%M&vn>3`s{8RbWQ?(BqTJ( z7nVQb!Bm#L(+~&1jewS8nKM7Fn}9YC0(+FnWPZoU2Rg*xPfPe9(JnAvEZ~q>=pwMY zd`>;4SoeIEMciUO17$@~ejM@l4)+F_coxB1pjH7BBfLw$iNP;s2%h2q%1Q_xD!1zT zMHoiSTZ-M?$y($mxDF;)-8HhaU?cg9@Z?X7Fa&5%5HuaM3SO`sRa`eAr7|9NeZW@! zf*Pom4@Do^C^M*Hx7sTFIz_-BLSR`&_)ETIA7efy$pHz-p5D%(1ZGhsSMp4I~Jx0WRXR!q~#f9L+{$cFuhps9bG9~%q z#E5oM`iod6Bq|O0UNLhTO8-<-OB5p4eI(i6=n;91N_(e;S$Wx?DL?CdOxtj zI%x~9AzZ3zr3;KVxZ&M_u?&O)AvJE#2&IeU&JT`5R)-aQ#jMRg*w^-LzKno4L)Ok@ z)oLgP;>fJ^e?%(|92@?r4}m@o#xYsNB)xH_%)kw^;?@TrN_ff|H@8*ol90nBn~UDa zJ^UWq5#jw1mn zn`(u=-{PeA-UJZ4L2YD&ED(ZXRBUNp{bfY0S{7C8;v#ehh4eU9=0WDSb0VbiFayc0 z)DZp2k!UXQB%79V8iQ)cm60?Le&b}~*6N#*18O*Z9w;+Ne}pM0(;U__T4A=wF^Byo z6+rXL;D-wmq4(qx?C$$qdWtD+1cd>wys1hh04yrxX?WcTUVpIWU5y*qPp)({5d1Oi zfu>%ERt4D2omcJPSJlwN_PFu4g%;DXXw%L^h&t-g!b6O`JZGPHW~mR~_%YVuyo>Nr zYSr_r5iDpH$bVmxI($@)IHG5?#2|D~QGL4t7O*g+$9aItkfBEqzT)3?JZM<$^@03= zjmNWG#J-prNs|0C(Twj4!b=r57O zBba0|Ci7-Y4km-)>qqpQ(>vSkfH72+RMHJV%oZH1v~4^7ks3aL!>>Ti@H-zJyO+Ar67p zEmwp>D(554xq)!@v|>@>R_Wcze!}y(!)^8ZE+O7$pFcGqfT9LYUEI^*Q#Wqm3g3^2 zCC@v&emvx3&*7q{w9VH~g8wmi$5L0K4Bp!OghGGg#e%Jhap8D{y*ZXl*JQ_`8CxM0 z(4)PPIOyL=Kn1nll{~pLV9@0nscv~m0QLcTnG1^3NT+n(Al=D+41AqW(fNIfPs(xC zz~}#&c(*vI{27zU$4>mSg8}{cM&PF3rJq8B4iNv|7x8Oe z4KI{q)K60RJ+J=Qd^}_X7SN$Yx_pixoBzQ!41afz-eQffY-mK?wti5A!*BgOS#K@Y zXnMa2&*#!w`z4$DZM)1mDz!ZF;Gqbn$3EUW%ICet;SXXs%m=VW0I$v;_|oAOe6pqF zTU3&(0?3tzR<*|vzerFU_=GPMdlVmDClx1I~nl0Q4;!^B3C~V z?%_eQE4{?uLUp`SEm85Ko;md?s_n&wU*9wJ8xt|{FlGNWHXUgMMkCw-{wy_(*>@YfU^OgPd4!=3;Zv2 z-m?PR=iP$dXWVe6a9;0wM@#vkG!+)x^@9ur-kU`aG60IyJ5b+&`#8JDM`qrqW#F#~ z2tIH$+AYai-l1VVw4y3PbzAAtwQ!HQ?ym-55wMWc3$tX0il zckosob5=1*_YA*;#je=JO?u=#qx45>ZplQFHf_tpHl%wo8O3V03{R4 zaIyie1;6ljPMsi}#QZho&^Y)#qS-gkCx$!Z*zX|GBX1@i#Kj9@zm$(eGV|)dGn^ET z?W1;$c|PQ@l6Dq2oyQz|cF~(syt8=JWOLbz5H^)H7TH{9;wpcu?c(ek~}B zMUHqY>PV5Rz@7&v4!DQa?7R(3(G_TQZQnaqz|8_RkJEAGRH|NoECar&xC(*`lq+UX zB*0il_1sYFiYtkQ{0OO%gpdAmI?h2z8EH$`bWjmOA>xC;5#2sI;$D%UhQk9)yj1$~ znLjFMQr(fC((YxJ{Z;Olegwf`c|%$h$vw>0OsmU}$6%o{F((vLY$e7+y2!$q*~N^u ze_|2zDU%8j3I~_+yck)wx+j1PYtATO3s!aTOD;s@|xQ(2`N0(8tF-Hda9&c64TC`-o7cAsJh1dOKwASkw>H=G*r8If@Nd&wL>#qY#d z8k&B@NjF@01~>WM6d7u9EsY(Jo^nxhA_y*`D zRQR2f-`AHtjr=adj_~_RKOWNd3by-8vG$8>?7P}2?StpSBV`Sx%!Fh=dFUM{&wn`M zluRg)+IN(T_H6s%?2Y=6;{C6-xeBH~{NF!I6maioc$6&-_L~bB_#H5IF0L&gWMbZ4ZE=8gB)U>)!~j4_w^!gbw6qSD&##K z3ee@L&^d~P-xIoGks>saZQhrKCRum6%+Hza12N7vJoI<;Tm!22eOdz}F!z;z{%PU? z*9d-xlWPw9nwjRfFUP>#Z=>w{j0eM>LJ!S`rUGd$cmPs~#~6!I{?bb^ywf)i1hKds z6n^}9{sKkr&1oFlDECW<@sJM=~5iO7a?g| z!asKN{Y`TJ1VC_=Eydih8G-Bh););qa+RRFFEku7=~qH}6BY2z4`&udK9N)ai{s_d zT=kZSmLEVSBI)cF^2xA+q z2G~-waylqP?m9eev<&>4F`rnLm2IsVq&8{6qU7O^xN%W$r7(&^%Pj0#fs-oU=lMN< zQm@og$UnS%F={AG-)q}f5|PXS?$T3Q?#uI_^t^*oGW#iPbtz|kiir{)hXKT6F(p6? zD7WX&v#=qvgfR#=8025->&|MSX;Q{#_k{*o&*HY+^Q&PU~f^W#8cC+RAd+W*Aeg=%r zy2ed=!LsKq;%Dc1U+}VQfn<)$>OmHLLEB~rmOoYjJ2;V(c2+yQ6L4{4;Xo35(hNoA zUgW5lHU3E}!RG3IhClYzSe}l8Lt`3+Ww_JGXPaed@ZdC4BCsueY=FV;U!Z@Pt&e+h zU#Em(S!XC(34H3h6q0t~@6oPu<+AX5yubJrcf!b8a9y8mz!GZAswScmQFfonDZ#lyLSQ?z{s}=686h-?){LujMO>@=8Or z!ii}&>n(;C{PL-A=HR&y+}vaEKFKvodKrVi@&&KAiqysSvHnKPp-xglMS)IX&Ei8K z(eoct)BN2cjVZ#;{4QnGMt41WlNq9{ycRz%qOPsJJjej>Xi-4uS?-1^0^Ih(;7HYs zVVkd}fdSaC6v}HH0}y{5J>e5zjp}shVDjf1nIjC=Et>B2WODpjr=*wZUhUp3<$D+^YoLhc4+i+ibpP#DuT=XiS|f>Yk=@6dprA^kpf=?A6)9E)Y9G zzETPA>wTw+NKq{*^y6ogDK%U&N$ObNcR}0>&UD1ajbZoFD+rF}ph5eCN-38>kK(w$ z*-pN=SEeRmkn(5)cY|{*8@6M2FaQAsK+nK01zETiXNR1*w|xIn>IG{z4w=2d3XOYC z)`2TwEs+HvDq~1HG)gA~KLzyQm_ec5hNaGQvFu(s&ghA!VxIwd_&!t1eaqh{zZYAd zeTn;0&P5?H00$PR8dOw4Qeh5F-4$SFwcAjnAfB0`bNG(N`W`50Qg+TmwRn|IV{sXg&0CBg_la0y~NM?Wy&n^q53ggP~fg=cGo|~ z^B8Yj=)FV=Ve*LfgpKt(V=I3{z26tr(p+@rKUZ1B{_D!7W-lU6a4~oXgB%%UR01?k z2MTSK2ZgVOduJg}coxr#qLS?=dfy}XkwK}I=#rFu3Qar#x=#9_lWRaJ^9eJJC*p=q zC?w*ear+q|@&4Ug;~#yGcsB4rp9SU}pMM(2j_6l7X#K0YH1p}#3+z^; z+50p|0?g&mAHNAZ?#gJwL7*Ml^IQVG-%X&zCukJV{n}@w=0geO@=SPz;nN>$GgRyO zB_Fqtv4n>=XGLle=i^+<06S}V*?KPNQs^L>VZXmUJ0AQ|G&#X)nTaJA8?7Hkr!VVC zEA&NVP{zfmY<3w(;I{hZ9^4@Sj2(`8e?P?!l{McExB;+aat{%RD0d&Q1Hp;{sn;__$8HH*T(WVur#Dht*xc$06SxAJ>c9pR(B$o+N0s{uFd%39vlokn3M!s=Z`3_yfy7U+Oj ztDIaz0%DS~9;U~=m(5IL*V=FGGSG?zWXBbU5dj=w!4oz84&41qFJ$^Sz55RhDw_4*3+qG-I3;XERBkU~`Q8AB~4a_)v(gENG+&k#D&-*^}d=KDa8?sA!=zt;+n!X0ugX+LPk4pAV z!0fVLK(na#odV|d1o{;^q!Mmb{cWWuZ)dTd2Z2I%si-> zhWg<%S!n*n;&fFlZbHPW7U_GjtU1-F`g3s^dc2}z^Xu8x;Lt!u$NkmQKTNKxDU&nz z^n+Rj(9I}2vyo$?1?2O1gF2)i&m^;6?`}r`Dnr25$|vj{Ck%V#t&@( zQKmzlWALOujlhkB56|6k{md@bDVq1Xs_6Ayo?+Svq9Lc2L<>;EHB-u;AUP>^07%Xt z4$eIa8GS7cW0a1KK5|d&4?bJ32~}AJtJB@tKmtt8tjA_a zXLOi44&^tO&Ju1o?+`Q`_7qoAlOI;5I0)Lh6(BroJ|lM{8!~%4XpMvIvn4%a@Sx@ZRlA@873 zsAiZzRrHT05*r|OTwGUS-HQ*S;=%Pv0?LvNh=mXOx8iu@uR%EgyPPOPb*)*tE}k6; zaGsAVxbgAH_^)6o8r5mA239a1Bz`sLd}ebGKyR+@FX3_D!vxZ131nw}R#nyjS%b&y zX;Y-nvTqGAkP{S?WtNIe?v!{5n8Gge(UGV1k==rF;xN-6Nj#+8%SK=;rAjuwKkvyQ zVN3n^NEJs2l5x4!p>m#*`Pf3rgPNM3`T{K{6p{)u1$Eh#(s$6PXOB^S|Du6{s-7A* z78Fa_nV>xK)!a!sD6Bzoaz)TC9PbF>)~is{`x6v00FnxMVLV|4+tTfi>mzC(owQdi zNDX&H?WC_>ATyAlTQ{4q1DX;ogf6F_f75!>{Y3!XRN6q!-+tqyB(~gZ`}*FSDzqaE zX0NO%6edVN`vTwH8QeTVTNE)CG+2cn+Y-26SF@Iss{Sy69}GKgX&aB@@+6*%z@p((>cp1O zDBSq)4?p8Qr6fy1QL30`MUeA4X-ejTxu|CJJ*PDc( z!IP+_gR&yZ%hi7GcdrAg8u0(j?^{_jeHxhEH@cP=bJh2ORB{4Ki_lH7$GW&L4(?-q z@8RPy_W=E5SC<~K$cq|bxqBkq_{K`{?|&!Xq;;CcqsJboTbLUn0uc_L`81Drn62 zJF>iqg^FlynTEXpbKUB2!i0GVDMn_OSr#Vz3j7MIB`8=rr5QB~Zo|UXcM)S9K_)>s zYC7R&U*&{(?c#wZv0TR!YIE5Q6+X+eugoN%ezoa5QZ>gb3wv<27i z9nJ94LfO2+x3>tYlI@+demm=VK^#6Mnt7lgi42cf6iN6%5(np<8r9DT!1~{?)R*G@zF6T) zc{uaM2Xo8g+`-ti`l;%x7fJR&hLvBfyS6mJ>1_L{yFxNNa-a|M3x5<>KZ%;xm>`0hqHUoz{P3un~6G9L-6QU$%YrCd92=3p!ehs$|ufr zNB}<3KlOV)_+a+)?KUkjT7le~~hQ-GWg?u-11Y%o{GkMA=D_I#T6z|-HK@C}l{ z0HpmWKt`m~d4PxKMWcEYv;rM$%6ma(w*xTkAhI$ait`aDQ+$f}49bnn$JnuMJ-g^$ zXngS#1#`L>@ytWHqDGL;ecp>Yoi$%J+s!8_2%XF3R@kOITJw$-s^)TI{DmssQL17)ZP~X zFkC$}Fp)sI$8Nozm8ys*P+IP^lL8s=ZSx#dDqOttS%bhHcj=_}uLnSpPDVxqQESdt zS4zJhLb)9+h33~2cmOlNPqMt2<`+`F*VFk?XP-I zGoAUd5I)uz39P+86vc6DQYOM*b! zln@6ca{O|2>;+2Hrv9ME)S~STV5<+0I8+z8%gTXs?1x=*n zR3Z1URSqaKD)bNdo($Y2a*5bIyk|#iqKK+p;#l;sSy8SJ((mWDPIeC_`7*Ua()*_} z1suD>tKoGCut^nwWj(Az#kPDhl=n_G@3MMaw6MOqv*FD*R7E7f^iMOp8|wmcKJW#T zdr*KhieQ6>M*gQA3oF|*^!K*JvP6wGMCFy}B(rF$FzrSm)j{#Dr-I6~}f-M{A z*INV72!SK{y3=J4xBgxy_$nHPk_Y};zUff3=!;(itRUTM8vFn zJ}SU~L_e1uw5T+SGVF~9(JtV$%}eK@lo}5<2ss+XRH|oeA!CbThZw-x=0U~X3z;(P zE}jbSXcJ>9<)=GhaR!j0oPkCVUEX!P+w3n~PM}YKlw#}rF22)=Fsiwn6k{EETahS6 zf6Y|DR(2^pl#tH+`XmhiZBUjJV~IH6C{W484-L4+cUCn>CT*ZT*akdnnv@|%dw>^M zEO4fR)`623O}~IL6$hpj3S&<{Vk#lE(a8EaJ%SA{8B667X!9aJcT!^wn_f}Wy%q91 zgR+-I?zHOJCl%g9413G&9p{6r=-iqKg9Cf0n_7@}7@o_r1|g}^F|O^S5U3f;q33dM zP%m!+fMO=77sn1;Rfh6c>bRQ%Kj z#j-wQH-Zo&RUyxyh@wXGUWssw`f~5Z{fo;h7ZD%PSU4{uZCsj;?0gmJ^t^4dz(%LS z`h0bM24&d}~>CK%E#m`1*^JHCSR1A2me7(uu6)HKdx*eY=f13DWL zaI*p59$086PLA~_6mCB$7x^IEQGB{Mu>4x88?uB&K#BpnP&E7S1LWzyn4o zpj30d`s1{Kvb*_{r~2i1FBXGLEg&pk`}0<{{+%L3~9Q_%*Ah;d*yL7;v){c2?QI4NsAIM|D)nhE7zr#e>-ltTQixdIo#tf!9-*J9J=T|9yvv3I-qGyRDugBpR`201UP9N8uJE6=wsxU|MuZ@|qTl`ud|JhD z1l0e^dyhC2KNJjK;5U-zj^*k=Hzmc-ip=jw`y8eD^3i*)3?E(i8f7Y8naj19F0rm7 z7)3IR>iU|4wk@lD>ySv74YWc|@mqKh1n&XfiIy{|MU{cBTgK}cfYneaW`2_pu|%cy zMriA2o4kENG`gVcJUO~ZoN2H5MxP~sR&rsDws0#>@s_%_+MSvkWw}=)zZH%(2#{~! z@0FmEYW{t;C9E?8!R$BF={*#8m8|Rcfe|1 zAM8hMl&%=#Pt6bw&n>AQ-iQ9e9trIVzio3Yx-$d1t2zUiim3%OUW~aTkNbq9lA`1T zFfQ_`DH>jZoH%@vVYe*jSfSdLSBJl1$`977-^6kY0!qN3TzpX$;k&kd?ckb;%K}T@EdVYy#?TPM#|={ z&Ra4;n9J2~l}R4i=M@|V>qd%ULXh4!J>uI@8B_p=0zSm_(kZvEBUXR$J%;#BEP&Ym z>M)(?!JW_UfX)g_(TasoaQYMTOAZM&8;i5CM?j>1^9WS7*&d{^!Tah2CGI=@1x4AG zOSsq?5=1-QbAGT{VlwyG^hX}t^aEPBX|w?7UPyb-sPh5;$vj!|;BwL|n-H29;gsD|jD+oxYfLFYm&r3IwR&+zYjrsY9%7pbs6w zhQj!*Z}8#kzkL)xlA+N}0ybM)%WL>YldSB6wlQg`Fag zh;ve|*#LN1InwwhGoqnhFi z0zMWWJoA%==5Vh`zX<#v z2r?e>3<@a<__Oh_@8>u7l&hz3;p-ue7;+-$tT7Dl@hUi_P65iuC2EIDI;iD;l|8S z5;De363?(_4s(rlv zkwO=<`iWJ{cwc&%k17Ot@yztcxARg@&|iDArphFrr#%b{Mm@8Rc@4@5>-rgVn4fzCy#OgP{vf2nbYqMjT4GbuW zthg@YPeTCp{&nVTSG!*gKU@cASVyj(n8O5gW^8+rm3IBb?qDsFWtalIA08e)CJ6YhHy@;lP zGA=wgbqEDbufT|$2pkIhB!zJd6}ORiW}m`J1?80eYyGHV4Fvf;zO-Wv)@tG381;ZfXg;qZi&|Y^Fl(Ro~f-V#!pG^ zAMontP~$nhvQ?d4bQ`g56UwVLqA#Uj&kSH3_SX$ms9P}GJc6LQG-D4blh3R7iQhT< z)M^c{Tl`VlG;n^i2lQAi%2(X!H7wdp`P)3fM#B5qjkGnXfLh@JaF+<&MQrHuf8T~j zI0>-EWU#Q!s^H$v1q^8lF{!@70x76Yy%#a9)W5;E2Z2n>l@7O7vhAgVNIVXsS@PIk zj|{WieJeq_cP{HO4xZGXtc(*kd-71tf$}a0U47CO=d+_Mh*R7Ur5_~Nn*bEFb1_8W z0DI1eXQCwj&^pk93th2ze}!DcI_JK}L5jvEh#8WJW!1Xxrc;KTZ`ta^*3QXUAuQm)~QfYr=qUz_{}GJn6*%;;a#7yr{C;Zu| zZdqBWp^)I+{t&N?)`-DaZ%z>SB25;ZF)0{`Z==abB3+1)_;`2_Bup%I?5E(QLlAca zmnB+(W6Ct+-O3?w$@~!_58`ES;v$NE0FH9>;E;B*+~*X4M6G#Q(1EzX0N5kK$py;g zL(DyjdM>sE{?1@}sR58E1c|`ce!c}@%fj_3cs4=jPA$JH1r*>joy|~uj#yjJ8`2N= z#4Wq$Y0V(jv`%aE)gU=s^%0(s7WCQGXmq{TSpk^Q1eUvPLz!<91vF1H#tF`QK=^td z%7aZV>V(Os~%Xp1Cj<$V(t|(!Ja@BEQlQFi)#)XiEd(n8!;q z*XpfEI?jWG^60*Y`6`?C1F9ZE@q!)nDlz9v3q1kk1pln_(4Es~2z|su@+Y8zB=xr@ z%{76&Dz8opS8G^yXm>jn;XuQk=PPfyWq?Am$~zknHZ<@h;X2htRuG^g4dSbbbZM2D z;O+{DjE2P;xipEF3!L!yS&*Bkd!Q;b3eC@dRMrIT8mL>NYY0ZEGasdL0sd$pAa1@f zV>Uo0KV=4#{kuuF1@_i(Uhr|~!|k=#lUU*R63G5mz=2+^>-BOO%K&tAD$q8*+>HU_ zo8GmIh9aVj!@5oyhwE3*(a@r*eCWKR8(*l$5M9Y&gzI>HOkV0>cNYl>q;LzMi4EA3|hrXQvP3Ylz@UpOMXe<;nI={5fF_^RCBlCI0Kpuv?)`b*Z>c}Hy1fB5mlEql zA9w|}4aY@jw+_66UeF+cubIBE=rQrt_N;2yV1Zx-OUb}CxXL93H|ijSN>|0ee#M%SD*t1Rt2Zq;H(4ET3!aE??eBU?-S%h(v)}S0cd*3 zF}ptyT{ypuqz)j}3Q|e7G_=zqmIUSb~gLpdYXa#$!1PTx}a>2xT61K;St^!bm_h2*T0Lt{W zqAi>oIQ{c15fSl)RY!xIc^rg`481d%|{fP(Uc)Bw%} z3Y`qx+C5l{U$-4+4^QxrK0w8aFCE;?0nJ0Pq4T%nOW%+a*Nbn9Nor1m4fc~u54FunBV77Nvw|;O)Xk6YlKP&VLg4@TH3d41fmA!I}Pt+~t6yUsBgt&e_;RKsP0z zQZv@oRMb1L$Kj3NbZn0VjO19M3>Tm?hKvD4bDuYI4faLA3aZ@;_L0{oZn_n-uARTP z*4ggphz1FSex~f)iGMO>_bBz-l_rwTq?qgj6fDj9VnD7HfoO>>{Hncl(5T{?l4X7h zYWgjy83Nl0_YlsQDBlI_+WpYHGNDc~?MDqGj4}>G0HUl1?=h`NX zDF9aZT^AlAu+Tdb$qUO_l6EVNXDv?O!8fo3g1L#sKboE2ujCsiUI5v^&x7FFQg1DK z*i+&^i;6x~xdO>s#7r|>k*x{yqitR!c6_}C8C=Jv6VBImdUBab@LE*Z^aV=4obxbxH`LHD+`*6W zMl^^FxU#YKt>wW3efZr{&d;X6?$Ezo4a+&4nYU#yCK-GLR7Aq>FE|{a1Q$hu#`4U}%@^#ByzE69X8SZi^rsk0QJ`RBQ)-tY$k7GCN;CIC~r^ro?Zafas&AG#pJd! zLe(^0u9|KTj=3vt^P>YA35GHX`LZ9Y+QDObzV>~zO|-ql75!TNWVpP^FeeN2)5xgM z+-FB|V+w`3}d|Fo*EO@(srRK>kWW@3>*uluJAYakMts zFmS^aQq%0-|}y_yj{K>(IwSpcFAM+?GJGr)D1#61ng@e=|X?=F1>{XIoJ zSyFrEe)|<9rhxh|Z?pJMk4QD?pm}w{Ba$W8^D_YG-rYG;WSIg*L5TcP3-V;R9NfWR z)(#iSj#Xp~=woQ`Usry&bpKX!{Me19Jl$3SLFIvj=Bo#Pzp;M+znv@gY9$yIn`S3A!ACS77y@8FG@^(!DJXs>3C4!b7 z*yuHJ;6qcEk8&;S-b?(eO6dXmkbR>_cU|#`6tGCL>Kni5UWC&Gn1`bHha(nO&X43GMHFbVqQUx{c>(M>NRi+_kS=e$f&#P(=*T)A|155IM3Ln9b zMKRadP*5&m@bjVoL$@4v+1i}sntH$D+;;Cp0)EUi7#26vqr9iZc5L(%xE}DzVn)iu znwjfPXNr3&fba+H0u5UToli!g7ml^~uhsv|+rH402nWmjTMNE3_gGNBYX^YVf;SQz z;Op=TMk_|fF|R4VOgwR}tkUWyTA~(W;LR}b?^uin_^dz5tf<-3{LZF0gZ304BOe8V zPcu~+yniohK&|zmXt#+t@rFP5vwo&^$^)ep@=oclsAPhF4VpBz0E<3w@{5x2VCh!f z*QvC{uNct+hj`3`qB4Nwq)zj@rD0AE>tD%hTKc4^Ujs-Qa(fImA{9}5TX$z#tUt?x zMZ)ZuK}0;kpXyvBEyg37Yy`w3443DOx)e)2|E%W0D{WjO2{d?amk~8?WbXjRKWQj*K1~{wL*P#` z7^u&7q+pvC3G?)RPsKa>A@Wyq_&k#i1>7p)7uZ|88970%+F zv>vn`fHAPhlMAKzQxSt3QBN44kT|_i^~*qWn*~+=^%p&hhb5+ip1Dsbi)C3By+t#} zjR%AIE0jWt5`z?;*DtLAMY|U%8HoT3A@7(Q`XSkE_J0_VC4Z#ErU~py_)7=WEkOcb z8d>)42aT)#M|~+FpeyHtet9d*X-N~okr%EQv~0+(OTnwb{wNpoG*Dvn12MP5U!%#! z#lp5`pKNI)8yqYr*GHJd_Yhdim?TnDP|~+tqHc(*pJN=4w-(5n+rdcUSDPf~Yv|y* z!2FaNv#h?v`Ir`S_}qos*V@1u#CN68H`ezw!MSZM0x;`fOQ`nWo&82AK7(12L!$a2 z(!ULYEaUDRE zB*kmle8&#H_;%+Mbo-ZYpDEfe2=K3LXRmXm0WD2yUeMKK0YI4$eeNgAQ>8(Swx7%Q zv`}N}86{rD)B5X9xqSA+ltLWRm^$F78JY~o`Stom1e(;Bisy%0P$HrXf`SDK1A@Hy z5B)|c(Rx7Y>@&vnLnidnU+@TQ6iAq^1z2sU;en>?>yow4T1k=tILx(%X@LffW|X9%dY{w$`LU3KkPM1{LjmZg#je>6Nq%Mr~nw| z-m-XB4^P7CH?n<5E2&qlLlkTO8oOIKPR~T3z<3f> zVj2FXDpk|0;GwAg6!z@ovB3?3F;<83KOeohHf&18loQRyRix)Okm5oDu>xc+JT2GE z34LA4nqsKnQ*n~G3_Ab{0yfx>1-cu~fM$l&e|ZBCuC#1?Ve7bh_VUUhRfjqt7@2-G zNv;?`j&JRrfw}6&&A3iJ`tWyXTg*SCwqX#EUT!!DhkM(s!C^m?P|DlwV(s3Bg%%Vl ztoT*bAcbbPpb=1QG8<&E$1_U195lEVL=wDB=gk`_C2`%oPvC?v|J*L<9>uZ4#DR04NLwL-@B+J!?Y%JjsvhK~&|b75$Jrc4 zQ_8)eJoY}fXi-Dc;3g?8cB!nEZ!}xn3iiVtTRFUk3Ke4WAT$)`M4(XnplXAuf4iU+ ziU$?~E{a)0=!}AOW3H9T2Yrd=3Ge{;G8hbopH&~8NXDZwdEOd~pwLjtnE447nC9>&;PpI$-rwg8$~AskaJm0w z`@*GpP-Q&sMSbd`YQ;cg_NAv0_PXIUs+71EDImWit881Hkg&a1t};GR#su>JujD#I z-8lLF{xjHxU5Q~ETR3xrC;?J3;lbn)4h`DH7W#qZzeBs#i9C>2bzw5{Jf!AI;{I(T zen8!B3kL&C!T}`i=Rj+7O76px9{70V zWDkNp_y`%N$bsVSDEC1Ey=M3z>0hP41OJWMIWMCSv{#+6J-m zR8!~tOV>FnS_WuxCO-FghM1fdgpv+&>)aUC!1qv_np=@ep|};?n)}? zL3vQ98^Kn?P4;(^#xMQF5Gu&>muV4F2q15a0lZK_^tzwWU5u}7DXp5!5x;$`m@*?oA0s)!ItcAztG#|bIDRc8fVUN@G!g_yGe*8Tog*-7l*LTmas4Q3aOk-T^fIQ1`dKWeRArvG3a3rg0J;mrJ=wR z7YLn&mvQbpVCttD}yo4-d0QpDBKhqJw(O6}cjnud- z?$`k;K$7t>K_DKEr{&;b?;|GO=kezUiW;%~A&9U4Ok(#Fx|?_kCX^JXQIE8_^`*Bi zo&kQOXJzPLV9v+3tp1Srp->-a=UZgd>c6$2P*c}3L?O%h{4Jq65-C($GwV#4@tvOY zeV1kEKaCSt9bZoNLONWU-Q`7g5<# z1T?&X$25XcZwzwTcOnKq)s4P(a|Zky&XXIS4$e5!8~cG>T8zAvPGtc>dQrKNz1)k4Qb5zldY*bI9M2UQah;j;9pXvgp1s=aE?%ZN!V z;LYcw_4zrEN_TNALAIG}8LKbgkNfTbn=hHmOO%Dk$UI41Y5sJ6yqfV%m)+bc53SyL z6ioB%b6;2`f#8a_^=y6(n>|vHo|0sKATEzuQn!n-VS1S3zNaTh^>XRxOGKZ&ZyPQ6 zUF&i|0GOqZ2Tn(Qg>f=jP2;}D#OK@HAq9$AM7WCr`3;Uld%|VRTR?6wo!z)2$dTFw z!2#D@^$D_R@yPM9+1G6TF;x6kn0?*;cBl?ky;L zb8F^}Ub`X_{5T{NlB^~mO0BLTdl>JEr}T5TRjd7yN5jpX?xLo*?ip+wiv2-pKZ! zaO@^tgFi~XAwcC2&!bM0e+Mb3buRI+4MO6 zP`>O(IP*gi2oY9zJ;;Il<^FiQdBtouS$o;L$5W{_!KebydA8q5rjg<&`!dwbAK;rtemu;yqF zS%O@{@L$>yB+?p(3S5k*{Q`qnCS=O_IDdp83LRlU(9iKIiJ7cR&(;9@uWG(z2vqSx z2=(Ao+J0V8trL#*?{zN94bJEEXklt##uj_8IcfYY$?eW)bQp~EUvv2>$s~o6Q0CT~ z7*4cNU48~09oM_pw~Zrl=u35=VuYD%w;A_eUZF970{PnzziD_-N9k@&`eN5)asg%I zvGm3MSxy&EdXd8#I#g9uA&20j{rwiyQ{1@h>+x6luOIF*K1~{+(Afbl3pW@y(@1XU zZ);*f=`*?xpZ5OF)+S8jV~ILT&fj-r4cWJA@<2L+v(T1vi0UJ*JF$KbAaKHM+^ZE( z`<8l=5OL$-et#FH!09I+9vQfGr`10U22K2UjI9I$XVhESMB5_1t7I2e)TYz~5z0@! z;ZPSu{gHl)(H%a|7Zd$LIc?tK(Ud5So|=Qvi{6*>m`0;l9b#T7x#!33Mx8Dk~@VJov zw@+W=#R4|&1M2T2B8m+Ya8#{St~{oR22~9hm6z8_Q3w+^-yF=nCXH#tH#PJ3J6ix8 zWaq8XTm2N6VD-X)o7)8swcNw=FYUb`o9j=n&-PvAG>*W`?H=CYeL%t}4YxPRe6aKg z&2ZV+G+TTwz9aH=zaV#FJ>=7)Jt$k55)pso$Ar#=9@`-Ld+4%J|EUs4H-zBo~8J zM6mq+rX)F?s)0nlJpRR+uTrnA_28Ueht3!rGTn~>-PS*?A@)T*Z7q{;fmS0dT46>f zfnzY`v@?zAmg%wQYD$7dLY*e#scVbu_Q&8$To4{E1#5i%wI6Ears%nBxkfvk}Z+@n{u!C zAa^Y0gv>Zp_z;4kHjbu4);y&Z2i{9O-_4G6AjgM_!&>S*GWG(hVy#;?U3F4kE{~-)TJoU$kH_ zi|d12)~|0aL6rkHsA&z~8?Aq5`bWQEDT>5xUSU|&t_qSfX#yBaqUE3SxKWkvjLsZ% zqJkN+YNt1qdsgiV3QmH+HT#$ySn$R^-~bp+O*g??d7eIEa8DBExTJ`W^at|;P;mXJ zj!18fuG6)Y;{EtvC#ySsNUx_LuP?0jhTW5Fv~-yS_yXo)MrmdG`=+y=>B6;RBq4i% zad-=7`7X4KWBV)v44jIUh2H$vl|vm>IK0r>q9@@5 z^*qFhQ*a!fGbWSgkKpEfEAeeHi@#U>^IpdX|3%FpceR*SkJk^D74z1UuTY9a?B3iv zb)FwDTg*(@0vQO@KEa!nNR8!E@Fbh%vcDF7-(?zWxQD#RF+YB@+H|VmxOvq8zIAgB zkNshO*1fhd?fb0;B5B$>bt3grb_dXD80k3V3b6OX2+j$zoVEI33mp?+BOoK20uFmE zj4tg(IRnWMe%iex9v>io9eji*!_u$VBf?EBC^#gH_3I|Zj69thsa1OE^@;q~*Ed9l z1xxCAkWi$_xP$F2VH)>~$j;gjz`1j9S>nZ=cm(uP+om&TFuQO&B|LW5mK19a`!nK~ z7$?G%Z-lLT_e;n`)4}*etTUU9d7>C^y!i(;;$vzvXLu|NB+g!>B-|_Up}A4YD_3+s z>UiL01z-e^x`YBoK0-TyTihBQ-MgDHBRV#Gn1Cio`{nWSmx=f?CwjZbFx=fSnAG35 zoIWr==fN9$wV{@m%T=S8(>O#7dqZ{Z;!rjsd zIZlXKjNJW%lc*zoC_c)7uQyPtO=@nwh8~*yPs5HzR0Mst`t#$}Ga=}3;>8 zW%!yq9B<)HqY&sL6n6ZqTb7w{YG{bpM)}zd^Tak-vMgfV!x){@`2joJCX79mj(P9=(wViFEcMB6)-_ z;Kj}mog#n_Ar6Y-J|<6siF|1vDH{B2O&I(~El)B7CQtAL?~uL?*tIhEssfnxbQ2W3 z2ZRyuG8KPFGBG3QlL*~^mLK(|8jF0jDCPnuJJh4>W8b~~rPo-5yJEO-J1;x0=3w4X z>>+#Y;vwP|)waS)iMi*A0h#FzDJdNcG~zFX!R{qhh=)vM?NPwol=3)jpKI65w-{3_ zTegc=Te;D{YfUOa?eatVYX<3FHD#qt}u3g#8 z1?>rIjs5-{&qiRLIW{#O#lBVk46h*?j*w^JW* zw%+2yW?mAFjPLhm?%s#FvW|F2X}%KW-pg4@Ppx?oMpHzPHEc(Vov=z#V^p zqI%!Us*hUA&Bo^~&BW&qcWa(nQBn_=drzbYB3-t3J>4n)-aU}nbTr7hbNn`}!|RZC zQtnMrNg#E=V4bIrEAfIk%o^e}l(~mrRUQeYQ~q_&z%+D% z<+CELYNT7>h`Z0((Kj1!gm!W55RBJoybw~kfTRZ^911lb+0uJEtP67mrF%lW zaIMNT@wf>yM+Tki`rfjTSJPU0-LDfhf7Ck*tEcl!ihy8M=5Vq#uO zINIwUZJ}|C0CK36u84TsAf9Qy{;?pamNHD&Anb$;2J<--FJ$PkL2Np^)>=q!9jC*I zbs3fFZ6Q|oTL}BcWduq2fnn=|^*X{K$g*K+d|T+>*DmM>v^`sCkiB>6saKQfk-)A( zk;I%>^tOM;X^z7tcv9&sAAg_g7p{TR@QYh+L5Jvx7S9}iI24e^Qy2)VBT#&N*sL)z zLpgYQ5k2>*Yg-y?r55CuxJtl#K?qWWXFO+F=m>}Mr{t2&wf-vRASxC;(82a;_huAp*?l-=egT>|K{kHh~qs*Y!VEfO#n9pk%ZPf_pw zEdH2Y)sIzmpvPQ7wE9@q6j%n!`QVcJ#4we4M1Cw7R5a(~ZWi_fG$fS5%%c%PV!N>> zJ`PbWdqT()M*ew`I8Bl5eu@HUbDJ2|QJ zN4&O!h2H=EzDSo*{N4obZoHSbZDy1oKe0Vrx^gthc%EP*EW@jI*lZRq=eRz#Z6wdD zbP2y|6lA6jz{Tf*XMoJ4AHf|IE}`~*Qr0V%5WI@(5%~{{q$CBgyoaLVe^uU)>kq$i z7s!YXZ4>}o1BEim+787Z za@yyiB$f7wk3$#^ce-(9dyk~CPHvOvYU8+fgpYf11wajT0IYvmUk9S-v%VfPV*KHV zu*w#}SrhA?HWctV;adCh+Fl|RFGY~RT&zwxAoYmCsGk;|j^o_risL9e;4R7n`HyX7pph$d%x@XFs8Mrk2276K&FS0}~D0(t|wiRrf@pq0SI(4Y+ zHXT}M{vONv2{P?x%G_tR?R`c03v)1otiRB#ecW3=@y}VWlMN;>@*g@^eS0xuNEc6E z;Ni#55d>$eM3lxwS7DtLx?p=Nj!+^>?MJ$1iW)YNm`YLiQ|=xemct8Jkv4}mwx|}u z|0UvYU$?zs45+L4rGJr)_5IY3qf}_6eZ46M@BqHME(clg!8n)7;Sm2_sK+cSCt#cQ z68}kkWAhD}wP&R(Xaqb=ex)`csfbFeUSlOKgc-AYU8Q(YqV7sAjgM&U+qHJQ>n&pM zFhKDhJZeyTz)-qSGy5eS(D1w4wXr%*@scm+ItKT+b-ckR`vUU<4&ft(C_G2archQB?~ouMPif9R`?~iuF8mbSAhl7wCR6kIa*mpKJ6i70 z8qTR-t~hq(fdx$W1(v*@@4wWQhqQqF4%$Nei@cnieyqT~L_qT|v+@@kdI#?LDjS;x zxHN3w{WnW$<=Xpkj7ps!RzjQbo6Gb5JLJ|>#%Cb>V+mc+;hD9M)nV^nlsXNuZVhyH zgnLX=k4C!Yli&mO9h6BC7&P_NV=Q|5=laL#JP)2N2HAcBj&GvA1g|q?TD9AC$>Voj zZ@+Ae*sfk7F`Uj+MQq~fe7osp55Rd)6Y(v}KNlAT5jdcGLlUE@GjThfEOFnJRi_Uv zJJ&it%up`^NA%_c3T4+#@)^y(|x+_h|nO?Z?F)pH5^jyoN;2KnX< z?5zZy>&qWQff%x85 z(IzfilHgl1CJER0C|~sjw{KnlJoX!A8uqPjK_k4q{Sw}kRae-CE%`MgY3B>x403TY76}rD2sxug^<3;#9 zM&_!h;1^`S`IB$QT<+sc=WfX+vHL1F`ZNB{ATyEQ=543pqGKeO;4JmS76JWK)9h$g1k{5sXa$M--{(X1}; zAJEkR=sIOfet59cWv%nCnO$ldkh2@8>qZ_$uo-E63$2O6%&ve8S@}+e@#9!nBp8ut zzi#I{(1@NjZ0?E=6L~IT*8$&px*}0r_a-gOi@{B zwi1fhig;CF@;D5_Y& zr6P}RtR(1_r7)8oyoH%|r0X-pr38NY?tu1&&T6my!h7&al~1kBLq{dWd1v*EPgvO+ zSw>PXx?Fs^TBGbWX)E`LE7@AK#u8M>Y4c>aeHoW7dP4qK0=!&Xl>^5v?(~_Ho?mVk zBntA=u<>{5`%E6xxB3P6439oAV5&QrR!m)bBMn!D?U!V4mSS>sFu&sLhUn$<`d_Y{ z_{du0@SPpAaNoA~c9bCzz5`f#xMaz&?Z~pUEdo;!R{e3$Fd-xDyYg=YR4n-6kXnv@ zzQ_Gh`}>ej&xnC+6>*&`h>S{Cj5-{w$EOvb?TeCc``O6-Os<9d;7QUbvq(S;WM+g- ztFpxjJXPRs{T{pb9|UCI&b_$QwLge!2%JPoe~(81YRow*a=UsRC57SN|mA-xy`1d=LB#>-=2{Zrj3!HQ=ZngR4m!KdKw+g#J;b2f_ zckDCjPy{FTZK%4TZG)|kJU)E|_uBy%`(>qRoZ9lXzcY!opWIjTwQYEp#tn9zkJdX6 zNx5-7{eirg9* z9slv4z42~O-rkBBJS1$K2Jh4&YRWtts{VWd?#vY~CW{W6vHbbD8C+}FbyL+kYju7a z>=(_fxzE?Iy8v*%*Qn&a9OB#KqXcyDN|^;KJQ2_1C(E%fkomt$f!#ni5sp|NaNnMz?e*wMtOB%KCoHsbPKs1U zYi^V^Eq3SJa-;r6r7XgCUP!a%zaWLeCR=g>)X?l9&rT`axq8cj4zH?7tr*JY}XkO#GNR8A<8@b*6Q$8 zB1gAA`-o4__D6B{$1XQaeDj(-&5@5QC;v*;{K>;rR+-K^>?R#y&!V*z@u^LAOEb}C=?CyKrwqFdIE7_YND@TlyGv2dDHXU(`-_nF=he{l?76%ZWD1zH^H^iw z!NxH_=d42P#_8-eZiyBTZEhcIN6DNGzOr&Cx5gP$fjB({41nEPs38b;1>^1pnoWK( zJW8Av1t;F#o@+_W@O&6BmJH^}3=h`^BP><%5bf0NXIHbOW>sg6Mb%HGMt<(SZ;%h7 zVC|5b$>NY|P1;CP?v~GTzc@!>-=KFfzo-&TKkxeyagD>1p^=aGk@a3TopS}@O1xyW ze_xDxc>0!33aG$v%YFBw31t;|`^hwxRG$vQ8)B{T56La)hZMvE1lkwV{{X&!hMLfI7co!w%1fa>Q5+tg7j`AP|^idTY%1!&6fU&F&>%O0GhRpfO?I z?)6~QF3J7H<)xR?{d-cTfw-$uLa%AodqGZkhK5uHM1?gX4k>{X^BG&PBgyvE2(nvr zsb0`cG$O*|_ZOpnh1r=8SDEmb^J71AuFd?DA?y3hS4;IC2Mk!gh<01}=l)Sq9b(`Q zm~s$9Bo($S&zyXEP;5&lelVe}kH;ia{frSljBwxDHi(8*jfc}ych9JLW&;i5^?nDRTv?jEhB-W@bBlNAM>HQq z`cC_6@ki|pSA8}VDH zEaeb=k(zn~sG2@`1V(69F%R*32J33xX9Bbl&q_>k_4%4HCPSUj!vA%$O$#=H=viS3 znsZ;cmSAs%8-7F3<3$C}$Sw^$F&Q(kG{bF^E@@-+eR$$$-~?8uG`$b1>>ie%e|bJ% z-NO%gA3tj$puxc*h~^zj4o|!zDjya5p-^+agzdXtGJqm>(4H`DAeEDeVI~E2fW&?6 z{duOs#2l$Yi>Dg)Dj-895>?oaW0zy(wQ-b1~S4@HY**JpbE_}s{h z-mLHQGdw24Nl{d_`?C4$kqQ@1C&uUO;(mT%upm_HvEF{!6$4Gy_Ae$*f3vLTW0PilEU7HcYtgHrH`) zr&-tES=6A=`#rlbJeR8mGy5EE>{rO*QE^|(7-7N0!zdAh)IInJIjf=01#a!gWaqD* zCIR1S|K2-;!IC*Y8ymImLHKf&ApW_x68hLiVm%!CV zFz{d9Kef*RDH^zFW4u40o00zFn#WkG-{1C=+0Q?LoXIF~vVDW_{+Q)BC>7NEB7z4B zOuW=JdmICv(yOQxF-g`2-a$y)2WI>M8;sHZT28IaTmL!a!m4i5*o+$A}^ zIwp6_x3!)aCYr;OxG(R7Ilo-suK)6<#|?-U~|T^7kO{xyG*bby`3-guPvW z(Jk1@_)0UjhDSbl=LrBU6?VD8VIDZjMkO;`1gPfo?~4lx!e%+*HPqk_I9u+FWG0Qt zEBsCsRV<&#lRs{9@O<9Lu8W;OEo}^+ySE%AQXM37vu}_7M>oiZ`ePTEpP-ZjG_$fevuw2Yc(=>^JE7D zV=qn3;n@y*?MxZUehs|H!Oe+BLml7r&Ae*fc|YQWm-dFeNxvs$Kv2VcEJZYEaWBu& z*sB2L@ueQbILrKtNeOpj4(a>V2U0Mx`>FdRJ2|veOS-m-mQ4(wOYaW9cF04gKPUJK zf8K6Wk^bmBQYO8;PG}GRMMKX*K(0f09Q%z@{6AW7UxO4p!Uk3cfOB?Q&R(H6{K~Oj z@GS*_Pn|u7^rA$zL*Q&Mf2X1my(C9N-D7EGzJUM+1g*shoG~9*p`rb{ZltrEn=wNW zZUQ2Zhr>~(FGf=U8$u(W>U?<3ASn~Y7br-lEW(^%-vygIh*i~r&QWlkkiR)N3ZQ6D z@Hq`|IXSkp(8U0s181BU5$~9w3>+~YfwX4sAG^)O@h!%_Vw_B8CrZkv$heVD^rsR8 z5RtR9Na@ErF$z)br{bZ1sSW$(f~5i6%teYadzvc~*7#GqI0#5MvyW}~sONAQCfQ5u z7x__O+o4yaIvKQ3ulz~7&feQztat&LVS?`h-R93dTt8kesn7F$enea3ZF^ZvoQmJ+ znl~KRjC^s93` znYkL4bRsX~>&#EWxL43u)L-B42aHCaHzT5Dp{@Stoz6gZW13s*E2i~fj&x!H=pt4} zUcEP@O2MW1?d#T{#s(5rY^hm+^~!v^Fr?4Hk!TxMz|ae|9x@mrNVSE;eJTOHIiufm zJT6GyRX=_7owp9KBsZ~f7>C;1y3V$9J7J&#&_C>Q2;YcJu4;(dO_m40bZv*63Z;D) zw(pxzU?nu!@E{<)Qq;Zs%f6QK*P?Hl)95(ZnM{~Z-?w8tC+X0VU=V!C=m2=`bm_m$ zk$=nyI=*-t$kJf2eff#!O1~}JUUguH;ds2fm`r@V2U>t{#SiMDo!`9wYp9QTe;})2 z|472}>|7o`q|4g6Zwq21l5h7#La-Qul+@%PU%p)K&FXvK!(OP+xg>JAoDmBjm>zLr zuD@ZwhP-^Ht@oM}v*_>T;M)=26XNdku4#pZ#|#^Tpvry6Iysn_o_1MLNCcc34`n zXEN71A&FWxN(cho7?xA>Jbi<0a~$Fh!AR{F*XyvKtv9tpf<@`SsPT-!{fJIhy0`DI z&wbBcM#F5Hyc4@h`%AEfe{!~qQ(7XdPwfh(Qk`@`YLO??#@HyB20}Xbb@m6DFhXQ- zSLp^ma96?CkLkwo^QM5^&kdJ7vEO zHgNQboAd#6?|=j{x^R1JcCS~D@+|-z{PvlGjLQG^=XL(Mr;t*}QC$-2m(s_OT}+g9 zvRAA(v?7{>#&blmeVL5(RosaHeo#EKeaW#ku|C95IlZogw0I(W9dQAYY4%7R^Tmy6 z(z`vNi)+d_^5MQ>f6;`WOU}@LhZ*kIVN&o}HdL$Q^bqK#{Ol!?P-}U-?jKJFs%Bd^c--mw?8G5282EG`M;lGQtVz8$FOGBb}~MbA?>_EU6byBj+{(eE}npOaB++ zLf=~MY6FnduvBK=oxT)GNv`79Ja!c30HAvQQmC-to%I@qN={ z5OeTvD05z49pe1o>QWQzA#>TxIe>vO{<0W z0x@9ZUAn}5ed|T*iwBJyREwe{0plG11gwu?;Mfxmn}dNJWfR=B2#9bZMqONBGp-k< zwx!;K|4oc-k*OcZ84A}{fW9)sc1iB&(`Fy*GAS)%I=h7szt7nhHM9&GSL#@um+hY0(j@FFw9i2P#SmzS^ zD%h}gkllPyVc{nGeZHfvC;f3 z=JItao~|@$vo~YP(+@^8`ZRpSu{r7vqzV>}Q~6g|hyGHjzCPf6zAXHF+^X9LRQ}-Y zm&1ApKoU|eX!z{6K2mujz#`9#a|^8chzem6&Qq^3D`2CZc@D+ZvFR6Qn_s-qXpk0W zgM8wzftlB$b@Ju#P8f3fOU!;1L+?iYA#E7M1H`90xH8%*7;uu7c&woJ7o?%RO9HR- zc=HYF=B+S{&pGFQj;sSpED*8NUW0XMtozK-->Qj}k^Mkd$3fG+G>td(1P z<@7P4?Ec(a2OxQWIG1%rl73PkEf!`aNa5=-ZcpA{AMYD~J@|a!nWu`6H9Z>`xO?lE=A|iJfS4qKO;66*%WZ!NM)2d*&W&oC|f2Qyq(`oY{ zz4K>M*weUrK~f%&yb~&f@C|(T;f?ndYqjhJ2Y0{NYws)Q;ulm&o}O(q)MU3{cxCZ1 zSk5b%JCt&7^|rbN1+Zv;2Di{{F%ou6=cGsIlWoQ5waJFeRozC*Hrq7q8z3>xJ(dNP zy3U1s3mLPa20k2AggY|E4~4#z)tKN{&TGS zI%^}rOY=>q+R&#ORAJPIYFBzM&G+rgYzm=2O$4lv5dy## zWad!7kM5H{i+Dy{3Ya-v94gZk$d;jMBv>!#j0SY+N1HoBnL;s8yT-V?v^)bxQL2r9 zA+b+=M2gP1RM&lFB9xg{vKS!?>QFxxP_3DGPBW0{_cYABE1bX;z~GIyU&P(uA#{jt z*>}m8DM{A{F~21t#(n#B%UG8Rq%V74-;Uy59v#f#q7mx(w6F~vM%yPV83K~hky6~O_KEuV-G~#of z0G|oh=e_wG$O9;o#pK>DkT%Bd*@{lYU2PAo2T-oxC%*z^M|HK}DQIm|!&d9fo4Up= zjD!fAN5vnnf!8%FL7jW@-VSNPLawtvzdP}k`iLaBYCn{%2)vq#Kc0p5z4=cO>ZK=A zwt9p5GZE3~_}BYyxxab)dJ*X6n2y%1NSo)AxV(2DhkQuLgF8rwhrt|oJBMo7KW^`EFxo2nFxI;ugX&vV%#lNw5F}iclvcj%-hhPF-w6ldG7KRTXy{i% zIvz8_R3vIIYWdU<@6C$nolmxuX18UN&KpbA(fecexpf|-nQ}p!?LQ7K`;mR(5Gi7N zi%6n#ybyKyo67gKSUhcfn1TLtzq6n4q6&Szy8?jlRIIM-*`G*I6#^ODz#ojWTY=~m z+34HLAcW!X*TFHP$tiwsMY(T!Cyr3MYdqVH#k-4AgWlg^^2da9*M=NPoGsHT92v^C zbVNln#}ZPPPnw_*_kb;#fm-ON(APRgIGJNoxI9U)3MBjuy z78g(8uBW#u5F|9+a4KA1?Pfc)YarT5Zq4!=bw% z@lc19-;;R&)O2^0ejIiNLX`~X#?>U)s?-Mzz7*0b&c}!3By$=l4_f_IS3*_V#ffAah!;BVoTz2aCN7Au~T%vqfcnP4DMfYF8WC_BcLp%Vm&0 z-{T{HJ80r4+AbI}Hg>tSvs=wc#n_Od>M!q8etSB7;h2OmX$x;mupxzrU*fCERY-gg z7qKqmkY>}g#JDQeqEC~7F9iw3mTia`4P|IZ71C&Rw$DuMk_IBQoRtK~zppG8Umapr ziY|_#Vjilw%Bh(-9|PlHDE1-#PU@*%?)(GCs6bYTh=we_{cYmBq^&x9aA5jYU}qEb zi)fs^wt84b-dXYVDU1`6%(0+j3xx0Iv~*Xkf(0EWa8P-F6;23+!}~hM^V4pINy|H_ z0L>(xuXpPnil2QXk4u(@&FbO&V}KAn7A0bAlex_;KnIFIe?6r4=rC+^2>)z&&@`cj16gdT7S2Wzg~mp`%WwU8N6UG#d6FO}RsCS9s6V6_VVBT6e{4akTHM2Y!!{F4 zrB~{l2l0f}dcqoxSkfZF4}?%H_rYRzPl60qDJGVc>sr&lnw!@3@p@(iu+QI9XIG1@ z-QKA=aj9Xu-@^rD;}^_RB!{w^OZPLE#!N^+TG&F6aHV5a6XxQ0O`~F8uKSC09nKCD zNVeu5uWDL{OR=kWPA`2yl+q1pV2M8=N-jJqt;4$eGPK2di!wq#Hn!r#oJ=1s=@S8| z$IBB-Dnyob9Y2vS-(akHK3&jzGLhAqeQ9|=2=`0jC-%g$pA3!WaryAh#1r_^p6K@D z+QlOTWIHni(gi(451fw0m1e)T_Jz`#t~4%nsrcN?j{_yL2ml*3ow9eP0?7R7Wc|AH-)I}Di8OsZbSA5i{8hKO(P*M{5*8`ZGy4Q6|IS-6!oob-5 zVF*t1z;V{=!Y{)mBV#-}f!2}q@D%Bv3Gx5Od>s6rK9zbpApw&|K+VjHR-wz9;7%@IszZ|LXL$UkY|C+gnb2|i6)q392`t79w)eAdm z`xkcV)`d_pp4I63+n?_ICh_-!Au*xn_N%g);BfCUg(ObvCGok-6xUCtIp9_U_9))& z0>p-J5atI|6$+Fnd#_M^p5FEf<+}X)rbJrFb+Eqc{n%BFS`Ld{)GnVtTDeXqKT*_Z z>$-PKe(N1BA%jE3!w`&?lm-Cw&$`A${H)$gucaevPM}b_?H# zZJy8}xs5~j2slv7c24HcC1E8@j$T@ewV7^wm*&z9m6L3ar&u4G@T%5b%AX!xj<)WM z8K#uX(q1m)&NOiQ*h7fy9)>Z13T)+@q{kowdlhU~A}-}37Jr$)+-?KIv2c?^>T^@b z?09|5@eAZJ$HL}baLZSJIH0SC=vGSSdlAkzR~!e*mZ?`C)AlQ?iu4%-^Nf-76PC{7 zzDM{Jdxt@|*;Q#|j#%X~u((N}>dx&$W8LS}5M6 znBn<9QMI$0PN^hAX8R?^?2;?{ z2cR+lb~26qnWZF@dxucaVX4;CewoSisJs}&1Y3!adFdY_RFYGuNQT&m?{Aj%f#xg- zbiSV;$GSdG;BFLu@QzpWC}40ZOi;oGI7;PTT6UR3J*Lx4e;88Qs+jc!cASwZI8!I~ zQ$^emU-NJ;F_1rRZaIxvoNEU=z6l4mkmephjgFH6k9ZM zHg@XSyrKiwc74Di=KgpN^ArK@4Y{AqvG*g|Iqmi%Q328h`yI6O|*!$*2^M(FN|N)IUfOperM?6Q1o^S1*#t|jJgiuW1t<$-c7K!b=dfQE@MqsG z6>r3-J69?+_K&O>h{W<|fxO-%{m$m5vkY-EX)lLHH%&2sfQe4S__5E`f%q1B5?qBA z!SwSLy>pc>N%&3>?X+Dj=Xd1cfLI%3TW0db{NTl08Ax-V zYu(~cF_=&x#M=~rV5S;;rnEw|k%Ssph_d3w6SE%lgQe=HSbB%ygm~L_JaiL0Vtgk9 zv77Ekc63hnlO%31@nwKm#l-=fvcIP&G%|z1O*$wm>h6z}47UUzv6Lb)_l=K3&9TIx z@JQ(WKV8d*;DqjnpGm}oQ7{Lc%}m%vhetWT-YtB~jnEB~6K+3_sGj}T1StsY!ikHMMx1t+(9kJ+Yr95v*alHy~}%#vAFp0JF;An<{=4@a$lzIS_5 zKd1Cd2;S^s6bi-z>tUV^k<{VI8P>dT!~8c?Oj5VPwrau$IxZ9GW=B5*Q^i!y#rP2J zw8a<^``VAQPy_(!MQ9R%mvu%)^gaDK@v}P&cW|UA=DqJcn#0)SXnjD^{b6ZxUo`aJ zs;cx^JqQP|6|bMLutCjdl#W+lPgEiBz|!~qgvrYMFQ!QmM8JZn z>%7JV1=4|FJti-?n0y`gjAD!ifO0v)Z?rZ$3xy(1|uG<|9 zDDX>e6#K)s`Pyfv>8e`hzWW!*Ti4Ny2=ir;I|`Cde{S#>65iD6(3WE3ZpW(Hn#7wg z&A=msmnqz4YwPd5X;w>Y3^;0W$EkmFThh3AbNBAO7yv-`0Au1kjeOMMUWXR zKsb$s3%l$UXX(Cw2mViq*rI?j=FwTL(neIc$eWGW5fn{|`$v->k!lF0RL5Yiu4(?f z3Mdrvdk}oA`!<&h|Cy@CnU;7~AuptV+LF_VjTPN_-~H^WE@BwyNTzLJWULC^LfqvV zng_=~8^gy9gct$eSSE!QY(~h(&h!KP!*`ev!xuz*f6npEBM#?h<1|w zmUxyguF&qASj2%=T3VMgvnmznQSWbD$BN{5bB{J>h>)~3<=rMb=~b`AQh9j zm%F3hmLH_Tbz`5)bAt@~T-dP4Jq0Z( z5n$Z@y;2r}^GTMFkAeZUOP$6lQq1~PZ%0k;T+V_7Ynw7ieju~Yq9-K(&b*+4{f-HR zfrKglY05tKZg#q%fmJCq{|rIo)J>NMG!&FE*gr>OWjS0QkIRY;8^r2MP=(7!+7|k` zr-Dy`ov8DbUj42`Oi*tSSpHoZlvK4N@wqCXH=Z)odiSmdS(k(U#HuHlmmeQtR+ix&G#EyP1rTLy03<$w;QW02sa_T!IG$iU zvqy_FU3{^AeyQ=Bu37i~!95$!3(X;KL3T|D^y8UL2E zsYy?d^EB_tqCcxROK#6S(Y;oO@h{oP*b?ra!C^G#nQ*U2Ay-GMqZiD5%-1e(RKCdz z9$o2Z^Lb>9A@`PUXDd>!MkU|Dw2C>SWmxk0Qv`X3Yl>G)l+Zr~*jp$dq%kQR-cEf_ z&ZPlvlEs5|Bk@w@_D8VQ_KSkQsf8LS%@eRfXBh6hz6m|Z*AXUR&GGxewpV2&rHT}YqS>{ z#P+4~5SYd*`m~DeFxBS>UalyqlF?g~^N#KfM?&f9O?XAI_Z=%|jYhMNP;4}88?k8_ zd_#ZlH;sn|?T07tbAX!V7hB>Kq`i6m;}AFu7o15m{L}!Vh41wOf9C%Bpw6O8?%kQxP4$)%u0Ly#MwanQ3QL zxRfv0eEIR=ECH}!A-3RO&EYV-<{w>jcXmn7vDG@981sio1f!T^bUi)eL%9Nej+e}~ zGq`|GB&U*(Z1t_w4}V#VZV$x62Uy6LlnDLL-5baEONi1MREFCYkiW3L!xr$BL92)A zPDmZk0ZJ}+Z$8hYCKg|qgyZ6gC&~bV_uk!tTBDFN9$GM%=b~LD`k=>fc+14WD6Brb z^roKVJH%Z)6Hg32Q8D+yKEva%sAR<_3$B)BE{i|6{Wd+zSC;7^>ks#P9Zy`64|_si zuDY!%4C%dD8;9Hvsp~5H`{82AulL~@YpK==x@o#N!i`!pngbWakOYatAe2`C2j zb~3&Yq>$AIz1m_|YFSrPyHE`Ou(&A}^Tz-9ci!WWwOf?&vEM}gXNV_3|H{`er!?FG z*o)P}_$kWPL`mhl?wh;c;r>uRqZ4k&h(V||C-~7QpMdv;;2V&1(^zQ%6|5eHlt@7digWuq>mImm2@f|&d!t$fZ6`sq zsTdIcQI~VC^Dz)oP#I4BEoy|B;VbQ{h10%lRVq9c z8?J|!mAkwWyiii(qp*=Y1?zNH9yY(Mw*tIPLe*x!*^K^br1>;cjBbC5-mgN57VcVq zLxJ6ff|3TY*TlMcsE-LXJ^@^bKk%%!Nap(c!IIv`OBmXi)wxw3XqD^iK`f5Za~p(I zM&_2L?zMc^-Rj#02(}bw`^KkZMLy9@NQ~!q&qx3l+9ww!tL^k|nb!aq+%wMTZgqso zxC)Pf+2i^$QwM5{BAsB=?OT4hgluldsJj&wPu)F@CJ(jwwb(&JkDwAC>g|5!Nx!J7fjLx|CuUAz9 zbQst932ilk0>Y!G#xut9eW}nq@Q~S0Qk}T%hcvW#r}`N+Z|x-Mmn6aCdt85~{RbSrnX5;SJ@h9WH?Sy(ABrglHttgzD_8ZUPg?{F`L<;L{`qS}-fic^488E2kb2y~q#I6A*DDxC z{bjm0dO>c)v-#U7BKwd+Um``50y{H<-}v&-89z(|=IHM?UxcplqyDY7*`eO;8syM3 zw@>rQgQZma%+=dh$Z@lM?cjkv(Ffr2HQ?cE*oUKE*j}F*_h$&V%h~qHt~`^1(^q2% z34Z|*w9%YzTb3nnboaD;bbQERK}9>p5;cw~xDAu1_jRtwm1c>+;b$cUrG-N47UVfWzt0Xg?0$Js^V# zdKX)75ykv2DeG5rw63%ad=HXB*S=7jewctVaaec6YdE>F2ZMCoz}W0y&Bhp9sV_Nr zBT|BQiS&~OgX&LZy4+g_$-cj=hvl?~08Phx$I7?aM674xdKb?yJq`1@b_}7#%proo zMiS`ahL%L8mtzh8xN^R-E+6bKdUES;^DS8Wl0NrXiG|bj$bTkbUss$UZS0^bgaqMtyGkAy?s2;A`4^KCjS4{L!&7|JKMU!f&NaX=`9S zF9OLl!RS9v8P^6(CL9exCG#KP6ZKjDF2(e*_IP8~FFAVCKRSAI#k=QbR8Tw} z{-QjuGJ&qXZ!&LR$l7vpgW~+Gl#04Utv0BL<^fsr97NRzjVWlIi*5oWSH*8(EV*r& z7WcMj7$hxffQ}wErZ}V$>1M@#&sRkdl$pb|NBCIp>G}003KXZX$s^2e$+JO=U^E>T93{d3n~kI@(RxxTOfB%4Jf4Q_@BRcuH*Nz5dXTfh)Av-}{ru z{82#9?qu#%b`x=0> z>jzb038oLv<&Y<+F0m6r(Q6vJ{_|*AgcG>dZI6V=;`w$EzAMN}K|`dAdxi<6R_8;C zGLzF8u5Y7E1K7y;40wXP~Ejgzg@BINzm_zwYs(t*-zVQ6*Qiqw|x} zT>%V*XTX<W^Ay>;*_jqdTCoZZZ?obuuq+g)vSoEF zfCr(PNaw`Jmy_|i-Xd!CVkiV3KLWJXC0X~_Ovl8gU>XrQVP&!G=q$UR7&a;B4B(d2 zar*9igKiOioZJLj&Qx138~LXs4ve^hAH1U_l>*AUGdx#LFX^<$zz>F`|9GzC0@82* z+t^-`;<!3}xuS)x1MBkkQKsYILjiH1es4~&j-Ttal`^^z`1ek-LdA!Mf!Lb>w?K;mvOT5Ia}gW%Th zp`Q}xS4MjdSadJaIwpSvn&>{P zST4&QwPBag{iQ1^uvsql{(?v;@c;@%%`4zP7Q`MtXEVFJvImF=B9u>hoJXN7A5AgC zcSUn7D+ACqb=3V%;swyU*ar1$(d`lUipK%Fg%jc!@k$=Q<^stKKRz0eRoBH7xaFCn z@kWIY>GIfDHo(NY>(R_VCpxwc)Sb9`vP0RYpN>gZbO17+`akFN0^V0Z9vb{NuJlJ2 zK=Qw|*6Gp;?#y0Lga^gtaKGYHtx6W4>_DCZ-Bq}K;XgTU%;UFaJo4)7 z=>{@t3d2qeP(T;(diwKq0Axwto~`(hUZ<0uTv1hmMWYv3$?1YvSII9_n6hMeJ&ci# z>Ji(RhBDbUdg;~M+C--o?@7Z z2gcrtY`Yfhr4CKelZ~D-6h<2VuOAkb~ z>SrNUQf++IUx`^0EZ?3c9AP%1p?rOg9HtHYtW;pnNfIZ9YO{Pg=i+?BvyJ&q3@WmI zW|XB1$~xajel|YXCL7iESpLQ>$y(2KpT_XqX&eu}7i}^#y?)RuC#Sh*iOyd7?}Lz1 zaOBGE)AyJI+PB!M-x>~={ZVu9IR=kLDFq)GZeb!8t&g^0=cY?i@?!fi8Dx*aJs?FQB720g{83q6-T!Xe>o& zXLN3bBIuJta>F1}`wISG)qaz~y(qGA+(KyHGLwyml+Ex`U9o2)muhyTfuv z4Zw`h=mvZcZb*d{_am~lM#oFRRIPLTW^j3UqR}CWueYZkUzb8eX))15{Q_5jJy_Pq zJRJ}^fOvV{z9}vt{E5&5=dK&vnI*Tn2NWm5?MV>Q>AIJ&6d|IX`v9X}2^|kcdlZiQ zfv`#_HF+GYE5R9PJWihdSrvbeESec;{Lc02c;gKw5G83jHS{kBnQoigho^ff)qC?o zYr6iWVVb2>57AaQU!`~z-BIL85%eFltUUKxA_o>l_lXj!MKN@N91Z#UL8tc~Z5+RU zorS}Gy+2RkrQsg?06?o;-my(TB4i+4neSe(NG-7TCet)r7E_D%>?c-H_}YsHR8?ID z%N<`iY?-EVgME@%`}Q=otPyefVm=%f+7mr0_pMhDis%P*rdd57&eK66MmIH1%L)Bw zp-E&SakMu; zHTOH9l`~O%)X{#S*_vec8xQq41NOPwOK#lCexW<8k6$3_n*%v{N+;J79IK4kL!38#3f%Ed)VgVFt^Io$~3F-l&Y3d?~MS-SA% zIY^P=WYoC}U&uDtd*m^ipXjSCeEnRb)A^7J=&G*MpheM#F%_ori)-F5JgFXebPnPV z;_h#fmc}23zQ}l|A?;o<*`F7ix88ex+~PCC`?b%mdLTXpIN%)h5VSt^3`Pj|&zYt6 ztmVz6r(}BGsQsdeuHg!gZ=RoHk=Pe%ZLGTv=H&am^S!~v($61EM+yJ zrz_seg!GxF8J)Qh1e4cIXs#nEp8DaBD}J5>0l>8NedK<*4AkIDOivGfxLHFd9sR#q z=TZ;6N;wsiz~dLMz2!IjiNv?SH`<=j69EGWWMnkS*^Y#^C}F-_tZ4A7t{b z+(pHw2$!1e0ONAu&GiLzc`@9^aIhIRJ`2o8roCZLH>IEd;}}xEeJl@(Cik)3pn(yN z%ffiZux7pV6jm)#n1jm$3anKh$La*MKOdaierk(H+~9S=#XT$6=PO@B;BoT6rT^U? zD4QfFS~je+1Rni^Ivh1vvgAF^Ehx!-S5t@hY!{0BUYp&31I29k4383Aecqn%g&Tt} zm-pk+1pL__9%yw4@TB99{i6m*z|`~Thjw4Ud6;Wvoz))Pku_$h;UiXw@a*-9tbk5F6E@Hr{o)V`x9vUO`QW5&^#=qe;%=cZj+ig9Qhbiegj z1N1Ww0iWs-EVXSR&CvbHw}J*u%?m8_*vVENB0XQF=d+?~!QV>p^2eZ&iF5e1N_AN+ z4iNERSNQ`(uz%RnvcYv!2~8dptxL2Cr_X3j9UJXWK@0r`oWp`Ha3ixWw*Q#YdpCs} zPlG4-1&B4BAdxgOlop_-`IR*H8QCa`G_rQ#6N_FiS$|EiJlJj>L!O{=n4xDRu`_$K z9-4I-k$S$oZ&UXWqZ?-YTvxM{SGCfqhjotZFKeoiu-x6;7M$pK4^+drI%_$d&=Nk- zRcXM82{CX-20F$)IPSlzX+N#l1&o_GJ zv+YAOG*nt{<7tVQMiu(fQoCH~D(%kB#t}@H**dIRo;t zRr=vfzK(_jbIa2eWMpNj3GE}l$J@hhuiQn^;EFyK?3!^LOO~~nMisu-PB%|h(ULqvvQXgui}D> z`=&jJJiwjdykNCoTBI{N8?;Y%vPzkda6IV?Ic10EttZe^D8wry(Kpk>E`3H+avy7wH?hC>_Oi_97=+%P_m*azk2;7-Z#wuy!y->Sn*yGk$TqNgt+A7HRI6M6HcjZoI zVkJY>Uh;N3zoR1~OSc#qdo;g2uFiX0C;DLf><=yCmK0UYM1`$HVi-KsD-yS-2mQO; z0^}`|q?;u74aXw*Ra0>d4+WYb_v;0_i{mB%a#G`miy+41!x>?8i0dfcf7wxTU*M0f z#rp+4Eh!KFS>EF|_2WMV;);Q)2n2QxT_Cw1FHurVUh1AxG5glU2W3zZYC zpcb<&STdAg+zm$+u5w>4P`dOCZ#e0qgv>Bdk#UnBck%V0j{718V>eJm;e__xw%{#k z_iLSr@=e<6RN4~uL9qP{YJaUSNq2}N4-!-m++~NPw5>e@@x*O|{KHa*AdbE{jQuu( zZhx=Ie)NLG^&_{@vH6Qf zjMhqjxwd?on`sS?$LmCf=y)W-`t!2r^?rfB%N*Z-tUs7q=_}8R$Bt)-**Mwj#@bY2 z%qx%cP-y^Hhrewn5knOA@lY7HxR@ioE$c~gPc1`h7Fbs|?~DQf-lOT8kZzr+stw-A z0lRGT=o0d$J%Qs+eU+pLFMg!WZ+f~(6xT_ZB<%6Mpg8+e?%CJUJbi%_@B29<%kc|t zaf~?avJJ$qVNQD>R;!G1+u4<(Rfh_D+x$nXb;@#`9@h6eV7mwv^K~Zi)EI=O8%rw% z3`$|L-kGmt8SwaUYd#l^QJBd{LOEX6=k+6gO`8g~k@#wGiBEm*2)mtgAA1ROHgXVL z&ssw>YjzGVQBA@wZ#(^tarKn!3{4@1ucjad;WdMIQ54otT|#8pJZnw%t7pC*Sc3K| z%IRHtiIg(#V?S$v|o`w+^c zd&ZNie~{#4(|urkuor$A-GZHcdmg_@q@DHUwQdA798Jp?p>`95iT!efS>~_J1}bGE)Z6W$wnu`fs#G?Afp6URm7&yi zXTIf%8&!uXo?sCZANiOM-R+IG%Paa0J0R36op~l_P>?h8`m_S{SHDNXNNV?n=HNR1 zZk0!qecV2Lqxteb{dzF8-)*BNNedFwsNd_48~2Ofo|5bEv#$|Lm!GiRta?VT%i&~K zS0;1>Z_g4Fd%hw1HM#ZXkB+fdJm>=l^&=j$@L7s)IFP-#MMfN!05hmOX{tF`RWuCF z*FNR<2NUGmpMB*tB5P*`P!hf0t~b>;bc6-#&x1wFuerVj7#4a+GNrk99$wBZ0Gii! z+aaPKe7HlsHk9U`iP7HTecrTT;v2(iX z!|?Br_I2<3o0wiJrD$xhhwEqQleIoLSm~gj$A=8vdNR(KR{FDcdE_vHoXJs!=0?f`&VBL@bqTEtkqIB?LIV85N<}5fF)y4(LGTAo0<6ISV+F>5Y z&ic8wM%#Bfa-_`7@3QqajizzV%X0NkXwkq(qd^AEX}T6=m}sGVc7G;hi=?i^>mCgY z-Qc?@&+Z6ZnwK)aK`{;Y=Z`rS2E7W z#D?)joAJSu;Q!!qZ+@U^+!7~io?u+$|H{`Gt>|&02x@%*$a-LYtl3~Q1Sw(Je*SXg z`Jk}vX$e|yynfrP-;Ea|I15!_si!3R8kw{O(|rt|@N8ZTNb$|EPl=CwwF9)t!AG}7 zgdhSH?sF7sIYQ+)htwe-TFmk($SptG57Sq@&w_YiI0zg!rqY_KV-kXs(X#sg0rpQ% zqGEK5{;+F9SKl(^>j^BxV;HaAw_K+oF^(L z*$U2a+3^ZI`}o+GiX=N6uF6@FjWhOVp2c3COI&+5q>C4j@AKayq@=_ozN=x^Amh82 zMYX>#ivvvlu_%{dA33E0&nThJ(8Sp$?7-iOQR`ghioR| ze!krI`FWn(YJdAzIGX+)$K8A=e7%G&&G`&ex>VBMwVv@9%V{r+$1H6Vl5J~ZZ>T1& z(S0jI!{b)-GVWKLf=6q>#@t7N7N25P`d}O-`4EbnF{)r<#H4?PZ^&sApob(6+LN>3 z+160WzW2ZBoE&ndl!jA_a_xbn{rY+W{orLkzK?Oe@QanjZD7tnG$n~=59lw$7M&Wc z+wb#bPxk1NeAzWx%5m+<3vsROkZz@I_vg;c&5geMTF3dtf=`(-0HaKg-jZc#uB{QTg|gJ_7T% z`r8FOh(~dnk7RqK7P7gn7UO^^R@r5G9+wb(0t{oS4EP&XLBwNFEw|)z{y^J$$@vp? zVlzoUt-qBE08SruFGi==3Rv-eJ}yDo#mcX?YewK8$*EBP_>3dbdrxGvmGJSHn&uiO zAhKXM;S&7dd5dN(>u1NRpgK6l*H0AU(ceq(neW_UoC8SGp~8aR0*`{^vqVu-7e)*0 zC_1#s4%tBgM*`FT);u42TdoysP5%n=-W^~t)amjQR&DzmBjQn9Cj3e&X<7sk5oVWH zA97}R$AwAUizfsr$eH!U^aAo&ZK@=hms^gUT`^x~NBDnzkUhsyPSE5&U%~<5i#fRP zOYZa>T@(&f4YxEV_(%P|W-#lD*;76t7DXlEeoTk{>COSP0{i){`<^G8-evc_hYN=^ zK%jUA4*8}|%;ESm6S^rY4suk%+_rO-tjD(jp43fIWsoYNSeXt$Ty(#| zUSWboYs@MBcOuL4M{oe|XJGoqsX}}q3FF2^$Mr=Kw@&R|@Lj}3J{tF`BTpI)$NiD&Iia1?zz z&*wO&r){`$XH@x~9T3{&(6^l)G%$+J=(i@jJSH3T9#@xo39!H`j1isDMdv@S_4+mW zlNA=u>7d`-FC@=U!I#fQq;=y73+!~CqxqgVqJ@$;kAEG2p$GHf_~sQe%G)>`o`L^Q zspFugN)keHPo3g;F7nISpMMt#QO!x;!=3EWk<10PYp{AKdtYF#JRKJO;ZNBI$2|(Z zvZwH)T^4{@hwph`3-EU%T*i-h*NPd{KHJfoLMB{52M3H={cM{3_lhuF#BR@jk-Wao zge>;PF~7XI;B?+zLv(-j5142?J@00KJWZarbP#}G^)F>#j>VZ$fuHvs=Xuy`m_!ZK z&JS4`yJ|atE2R06>&G8K*sNLf3*%5OAfUEnCYNbJ(w$X4k*BzLT`7p}utsT_?E~iR zB!%Yw#vh~CduPv#g`6!B-Y7{w5*_!ZiC%%-;6PaT)9CY@Q`r1@cYzytlwlMZTN?FB ze;%fABe?aZWLLlElc&Iv_2r8;cMkT;E*vCuxqDhsqI)?ibB~n0RWn3N+V|!bw>tqJ zoznEgSI1R82Y&_Qu=osoZ8oSD{d;gGhGCBS$#))5nq^AXd@uJFOnsceA1h>y_PIUy z&Jz{;uNtZfwBo1>i=ezte|h2>A1Rg9DzppK-|F{ ziOhttz}u_b%I_R;wrkzs-$#Bxv+%b(Y(1<7ZsqK8dL^sBl#MMOuN~?J=zd;P19-iU zWqrTLMz-PEjAmCPT%vhn^ zhfUyN60uzG@%x>XdpP*0n#rdpBe~2+DZ%*ZuHLia?BDb%4)48*%h_kfkHB!aK1y#f zEHXl;?LK9b$-k=CBFc82ku2+)QX3JC-aeA^=b|L$ud2@Dm3h7!5`Cq_(+^&b`(gCY zLW)!I$2WR@KI`V=w7!NhK`GBbejKis%)nZ+YM2p}eFviuj0^}x`&rN-16;DNee>{x zZc~TmO(NOU#~8AH{kq8Z zzLKTJ_PK=1&)Yud0>ENR?W4}V++S=}?g2;x1LY#p&pHOZ_$7^7Rw1=@uco~71`06L zU&B)Q{RgfV;+;4RdOp(RkkGrsxxE8c)uNuG52 z$w_*@Od}ED|5sHcXgcsM9m)IoxQ0P#1QAhP+Ei=~tiLW+daCx@63-5X*=y|IeVyx{@y=;Ybg)5`xy4!@m+aGHYvuagn+!=1#xJN z5b#O%J}F#FbQsrGvCaKezOvW`aZR*g27#CRlQ;&J#~|+*!$H&Md0S- zg!y|OSLgA-y(K=CNwx|)oXt*gVxSSZ?<)fbC3Lf`Sj{Elsx?7>#B^NT@stuhGK3E%5!M3fqMn z^j)Z+Ked8j0_)QLVEqi25Buwd7bJ+>^MGC`SPSE2?cp-jk5}S@b(xeo3Qt(KV<*M9 zRDx!>mHQ3@Fx>Z{^jotU9zP2?ND%@yP@@?{$79amF2zN4jvjRgki<{x7b<=e?ujm3 zs$Te(swHSP5+F;vv5@%1NPf=7r6s>L{r#gL&?-f0CkQ|&lbx>#USQxK`-sNoeG4xy zLK=dff5XMxFPemRErOA^mer;sy@*e@qR|LPUZF~&z8|IDPdc`l!w+=6C9z#t(^t19 zxr>U%kgP-9PChSRiVGW3Q}A&-d}7K2`NUW^(I)*>U|ycYANLlz9DifvJNn*_UB>=V zSh|QQ>8eHiMC24K&JX6Hvh0!Qxq}-(1mICI+@c&xTViC$iOfo-`E%{J!7%Js(oy+xUbq*t3mig7= zgr^>@CCeXUIxj%mE$AQg;m`UBTU>c{T&xb4(*+;iv%SB55R!c(eZTcvjC8SXR)3fM zpt4hN-X5Y#Pwje)G=f!cwxJzR?6Kht?i^mJVuHV)Jt1bJnS|SinZJit;P45^n0*=P+&bGgld{QaysV)o3Rgre%wE#1;sFHC_rTV@QS7cDy%!zA_F z`zipTxJk`k;xE6eoJA2kJi_>-qw?02>#&dAu1aS}7%HmV8^X7rE4UVXC2=C1)am<3 zML$3d17YUQnEDZ7mKXVL%@?4IYTA&LQ6=uL{J`<@Gn60y+U|2nIo{jiJ$yZdWB@2U zS_F>s6o^c<@r@%tneQD1h)F+D+I)W!reC}8%{aqFUCLEyw$Or&GV+tv*mEuMq@zD@ z)Mk%r!#9kyC;J!RNN8=yRgKGGT@2YpOj*yim z*KYS_#T=?=wS3OZh0NN^;KURV4GsHh`cp{x#J9SA3G>VTUfkwZ>56ra_wHVHY4#xd znH*{W>DqWeSFE0LoDoxGx{=9#2NoPK*V_HkW11lHpwG}(-oe7Hs+Lkfj3K zfQsb8qrA#Qmv-dGv=0hd1gy{XGV3;?Z~pTv=AQ@y@dXcke@y&%7rrR(!8CSMzYBgF z@OOPgAB`685jAtn*6ze23EWhgx6kwk8ZPXUH|e1$-yKrp04o@n?m_kbiTKVOojmJhqKj0TNEKn6BgtM;PtY%URwp z%Sbc_IPGJWACdjbLkC1wU-Yz#pvAp$|Mb`*Z!m?d{e#XOdLOw`%^mO}3bbb*G(BOV z!0tNL4n{mV>O9Z~GsYBj{OsYHA&C~uX%4q2B&1ejx^^zM(+To?pYP00J@B2|6#%Yo z516{+57cLp6n2NeO2lB+(wi3oF?^qmXZW(VI<%fUx}*~ZIk7$=~ z1~ZI8e&fsHq1wjl_ah&ad&IzhoMAd0lYI>U<)+=gUK2B&=KH)q9#+{ViR)|+y#>n! zNgFnx@X@*{*OGJ3S^YgPfo&L;rZisyBM7+_m)U%qIrDW-fXc+fh4npA>$`-9If)Am zBqw#6B#ES0?Q^k59jTyw78GobQnL|)l1V$>Mb1-TY1V!?PQ6V>nNMP<^Alr&cy6C@ zgY8u|a83Me67HzWzB7HD_%V7N&mUvEqprA5i59%VF`kv*rQlWaOaHL03MX?mJ^T7f z4Kb-%MW|o1XckVvj!69;H|VK<`<5Z?6My>>9yDZH{n!J2LL~C0DP;ZG5Q&%?Rd{Z-q25^aeRy)yvp)7Z2jMDwvNm3250cjrv`F<{FOWP;LAeR1@*y~s83nO zyY3~+{YW3&PxQ&z6f)e~*9Gf*pQFC{F?^2b_#XH5X1`*=(z`Cc?sM8z%?$R@8T0%L zm6U-`M2ZCP`{mKLPA5I7PHP^h0nct4>r9K>1BjqHv>)N9&E0M({eLBbjW(3|ViuJeKbor6{N>_I<@lsmNtH5T;?2NFWk7wwW(Sl*)PT8OefZ>2)0vvljWXA8Kg0) zpB9)r;zf@4;&6DC9LxLD(JWvrtN!*--ds3i5VS8^@ed5hO-sxc0XpnJs`$>@-0Wu5G+w7Ek1jPP{$6oG@WkB1uHvUP1D+=bf zNmt{&C-*Dj)P6SS!)C?ET^>$9+Bk3~49r2%Aoq7h@XcSEI+Dq+uxOax_Rk4TRQSK$ zSL1EOe>De0FVDgL5kK6K`3pUt+LsYhXbqegDGl?+8NWb2eXHVjv=n+^nf)*EkDo2n z5N9-Z-1k5ZwCXMI-R-CH`*5KQr3dcGDO~b4B}2Y9UXuA;n&Rf0iaOQ;=WPT$pWce81U^UPq?dm$|9-Gu>vVP zXp10cl0K#9=rFE@51L34d%7QpdViZEm!ABAi760FkXD$k_mP8tPWXUjeUHb1A3xO% z%vT~zAEUYsIruFA^Yf%2@>C5E4t_t$SX}Pqeo@X8XS@5>mcwkT_%uEsk!4TK{CE1l&%ZX)>5E`WN;nah&?&c?r%I_ z;~%{r)9-&FPf3n_lem0EvP7#;0Amh%2!} zwzSgk_;MQ!G=OolNtPL1<>&9q#0iUzzu#MqLrhF%l^syVxwm7v&=b=c@SA26cGrGN z#X%h5%jfs+?6SX6Iv9C@YlYjJD7^`9l%Lbj=I)QkBXiI)fYqdV;4Bw!3R7r$V&L0(GciKleNze>{N8zPauHMI}~}X1-DhmAeBqI#l!eaE=|oxd0}xk z{ci4=l5E;XDfll1k4ZcW`ROwm`>GoHl4R_w_TX{C;;gU)K@3*comnYl&OOzfkq>%~`NG_dn zA|^RvzqB^ZlgwEs#b-?-MT;{C#8^Fo)NPq0y{7GxgiSDT#9}eyV}oE$q>I=3fQ@%A zK=&>>c5f`0em&qi58SBYm=vXvMd7WKhr>OodWE&3m!G0nWApG4a{636%OQ+pUXs)i z&FR72Hp3*CP>JsQ&~gNWRLuw`sfKfR<^1Lg32>#t8#u?`d#$7$BQBo&_yv;x9&AA~ z2LvkP;=I1ER|emk`4%r5ld6%+-FQoj4Ji0PN*b9)F3_+Mj)01?1 zKX-^9AJV6k0Z!vH{OrCKcl>?pzIsbn6?RcswtQs!67d9Ktg?2~f^%yCnZOYOI_6$9 z55mREBr^iX7p;qA-@W3r9)8|}z(e`Dr@9#tCTW`~Bs?N3~?%}$|2?m*uc9sDnV;8(}zVRNO5R&640Fhf_UQkuL13@96L=t z=!a)Q>d(+jI9hUT$bp~uc;CiZb=w?4`IH6YugJrNrDY8Zd;hc(L!6TM4I3=`} zmR^@h>1%)4TH_ss@fi@ts!^YsbudoVtZnNZe+<@<@A=$a^ralj1A)fYeM0)cOX{08 zUjELJI8wpPEe=E=|I$710T=DkyyKVT&KA}_q%ai4N~8OpXBtr2za&O>QonzVsb`u{(){)n#AGM5oR@b$g!MuzOvCMiAvf^RX&P~%Fa_TD{U$OF z-SM@VEc`<-A~Qex$RR&kLvv)eFN?g!tBjW{0}XkCKkAiTCvvjj*XlwP&xK=t zY+yT#g8?uDUnqPd^{bry>{^>cHGi-#8T0k8XDeI!(a24fQiqw61|t&XAqNoJyNyIj zozTHX!QJ>lsHQXeJy%SxeqY2a>J`>YsDk*rd2+0M8mF&y5CY)^NKOGC8`{ApN_4I*T=nKt zm=(S>-=uSI!N`U90_zStgoL_2U*!Ipx_Vgc2US1qu7|knEgDgGLfWk1O!#Wv`|D4d z9%q8wSj+-Suir$UTPqamAcZ6>?63NS4PWQW5)yCJVelO1%cW?>v2M<7Q%Rc5oFmSs zA+f6`?1~Ag^njf5XE@det1YmJ-EQAQQunr`oF)DgxOXl&)tTetuhQaCSU2RIaa?ms z21<7J2uQdz%lCa9ClCYBiu1(8RFh%;oAyf=Ot;)deJ33_WH0r_;JjCU1ZW`5(UV@M z4PWhRcRaB}#NxV0-aWlOocE2jfoeC8p&w2coHD8%p|T8lRHr5q9^r+q*uxzFAtB?B z$@{ijb}$XQgo<;$j#wyuzaLq|czi5|r+@=wk3OqIAfNDZ%i%%_!1C_F!p3~Lo_#(z zmhtz%`+)@zpiPR#7j9VV{l&3N3F`Hh=GvNTTLN!0=M`u$Z>w+06^|zi9VPzZyS}7; z{EjN@3mo>{=YG4^cZougKghib9}C>fS|l#x8=T+E?x<>9@GU~{B^CxOOZHj3NCvMP z3Exu{bL*NYTeDC2FQjWs*L7oY*rTq9{9be+@Lw7J6cyvr1E;6(Q#9cww<*sO*84T; z7(PVR{4D)=J%ouZb)BsplFGQ8o%syL9f>o4_a&(3m5|{3ptI0qa1-8x8N<;Q2D>Ta7p8$H;b$gT_+piufXL^t8 z`RV>{hu4UvJ1eaAi1JO|^R}ZGWfxhAVkwnM_(@&qFV&Ve4s(4EGzWop&@}P=H?*Id zIfx!EJCdBd9>4|O=-YET!0^uV%n52O3@mh_5XMGGhc5f{Cql9!R3|A3)l4MxOwe9z zDz$rW`iM`5-FTcwk|#XH`Y3uYd(e%o6cx zo*w~iY}^@@)%Z}1=`_YvuUB{MEIvl@(!fd6a5MbQ4!yr^bVD?E-NUUZ#+V`s{*e|Z zW@JKjg|1g?-@g2nWdzd-g))#a#iCzGjdjS-)PbF=D7c>U(f2c&yjB#C#J*P8??zPd zsM5W~r!iIRKa#F%OHpl${*oktM~NaqGRm7MC`p3kukT6q9d%Dv84zKI6=ranX?n?k zl(o01@AZ2lckA$2yyHHtb(kPmYAIfhr+uy3^&HXq>}RfuFFmd%Iu)<))E!Q=@p9tj zYrf|XBTfg=0oCA3nRaZA?^Z4k25f!HV4p)D;`#G<-M*uieaTLTNN_`OUC6fx!MWSU z0D2psU$B3=J*b4ed5~sK^0k`C%j+Nk-qWWWDL=Gk<@%NnY5fe((uOauF-OAQIF%J8~SEi>|a^^m_b6DN^L_w@@E@si{wd$1_EpQpCXF~mv`PM1gq5JY?X!g_9$9aUKkTL8J9SV_ zD4&yhL82tUDII+>uxUU+3BPcfUO+=>NbF&q<_Tt#8v_an+!n zemVuM{YUHdC8>Fa)GWXn-4qgjOgD)-e6&?RqMVz%MS&d$REhIP0Tw9)sE|A##0rHP z>!kZ|i2NOI;e)JUh1e~MbroAMODr^>_?!GRuKNa$AMl+!Nq!jR_alpN09bnE51FA; z_Vz=qJPyM{F#8o30y-~L-RJS{LFqoZ>}z)p6TTFn51mA|2evbz@Mz22u|N5K_)fD_ z+1Of2+m&>^5=HNg`o8y-@;l$TM_%m9@qS5~oudzW3{6O+QpdP|xn=M;)!85x(UvA+2}|kew2=GrIgYjCxR5Ht$R<)$TtG1b-8woJ>yjw{SnrHxj_J!BmcN%(h z=hk5ewm66OBozM5az8#T56!`AshRgbsd4g8TgP9LF1RMkwU<{*#(yE6rJ zm7we|9im{&NZU1q40?7vg|omP(R=uvh*A%n!GXe3`aR$8Ei5tK=7HRY(|V%Hl8FS7 z+N2CaY|I@O+}rH{yPt1$XT#~E@a0Q*F!?F#3ZNyW08xmtMd}awm=y3rEo@J%4B*(& z?wgxm!!C4Lp=Ned}$JdXQ7+*7X4X-xfNn>W9tR21Yo6I&VnIHs@1d%#?7JmO%3Ur=?^>(>EeCOZm4O)usF4bX6#xqR zrR=j}GTGl*Io`Uui%*&p+aP^cP6x9CH1NsDD|j6!g=t&x+Sg-Sjja)mTm9ZsdK{{x z6A&}Mu+`4A0h87~GZ6dWb5#pN$sQHs{ZRL6nLyi)R4P9CgWC_D-Nr+dI^@hvDynA(o%TzF*gEhczgNn`$+L zl2|b->zhi7VtL*clg|dOb=u>5ksm}qzkvf`8hI@mmMF-DeOzb`q8E7o4-jg!%J|#n ze=Yu_W3yTaJ_(NV$CvwQ>yyFxl*)=sqMbSr5mW(h6Pyr)rg2=x_#u7!r9OsaN)(G| zlcEtGz1Exqq;Eo(WC`e_=2X-XnH`bwJm5D(Fe%(QbC^DPDLHBnXp#=eHQIhLH(e%} zj>h)zT?pzv64;u7U8GBb?Heq4xK{h+>TW+3agG3HCYwO|B+`s;Yuj!USMyQNoc!}N z^kO=HYS|BQ=~{=GfJZ z3lo%DnJ?w-cil%|YjprnY!^HJaJ}()9k>m!u|Fx^m>`MRT_#tl)&#}6{%FX1DCQ1K zCjRah!h%CNM<3sNssO;X(-N)ZY*!B}if~Vj^J>N8EI8EQ2$UXLSf z*q1$;eE9|Q$^`7gjC%M;d(*@7rjdye?OdlsgFYQLS@M?QQ<}WsiCwJgw9DGoJDLAuk;v{cQ&7#>9huRRIq(+Y^u!xcYDmGf?Em;;0b9)IaEH zHKuGyY!h7czP1H^o*f9lfA#T`L#HkJuesXJVZ;P`>Ms=5 zuft+LM2uGW{zq4q<%UemKj$lrw%d_>f~XFf$m~JOqExBs`v3{77Se;wSdW-$uKJ!w z%CT9?$5ra~73w67Z)k^8vEcr!_%%Km^4s*qkfMJ_+ZGWqscn9e-;o1i^F{>z??(VO zCcYpk1ttSuw9PPA2}M;i)PR}cex3ID16xhN^nXa=lsbHq=hx_S9P(+!qG*WliT+d^ zB2;Ddr*!3r$I8IV0&>(Cq>6;lMhL$729ACXtlS=+YL0!YnVB>aSJ;(B{nIwCr!8PYW zBnrthc+U*?_(K71LZzE-y*>wToU-$mYTN56$ZG_1dkxH;ceS5fG1zu6nrwBN^r zbMxcebKh}4#=BZs&NwRhDe!E#xW62n+fQP`L$`0+dqF^v&s7R3e+U_@=-t2Id)rRq zyLt3y*m*wrO-iW4E=#-5&7BKWAO%x4W-Y3hc7O2FJ_Glm!q?>?m*gTT@9)|&E?SBR z`J8USn_Inl@LuE3vpJ|A-Z$^G&(VzoYeN(hMc!Imc%hDuK~GM1w5t0{+1cFWfyEi( zna2ta&*8OSQ?413yw8`rwCwk!=C7d#37U`af~OQY$%>BEMDS%&Z8S6x(>+U(yy$NB z*fjS&QMrGUlW}F>SgPj|tWaHbQ}=y`^obt|R9M2{ny^1t;VmTCQkxR>c+jpT<$jLb$@l+8Ip$zw9r=n{r%urN6+6TRTuFZCB&ACt~k8=wAz#O$GY& z#PrRDh%QIzc0QFs=e&qpC0nVj0L)))C~etx_hKI`WpQ^`Sv~J|@a)7xUMf5(YaIbx zsM?D$aa|k`9S$nxj7h~`2ms47{#=JKk>4mi*0!B~cjTr3MO!>UphIzGXd-=;=>-E( zxV?@RkvzkFGk)=`WQ!@ht$6FZr!w4#&_(I#zd|Q|Lt$1(?-Vu64;S2&4$j;i=qhLM zQ?bzP=nUvxE5zS>N_?Df8*d(E?424zA#TPJ>?6!sjC~3eLU^#@r-I`0XJGv3Z_20> zuzfEAfOC$nrz^(^0l`0m-R407-)N~E9%Zg)BcV5gqu#@aMqc!gE4I-QfZE{-2^LQRlrnmoSQV9GBY`|;M-OGks+PzhQ`Z&k+4~tZ$bh!&{wpV z1UVmto3c67@{{)7VB*bi>Ul3*v&)-cGv)d5DJg%eT)qaTvnO4@`CXD#OwncO-7jW< zX-kg$Wb z-?@rKU+F(YB~4AiFS#XMjW95>I^l#)Ld2Xr%`wh9@=A(PC zt2&J3+CA~!S65bx_|T(#AK6#gXeSLFxhsbkell6-Dv91hqv37c@eq+}-hK}}LG&|y zi;q2Ls?&aY*Ww1PjCkJ<4k2|OsW2vQ7rs`Up72>gbwtWLH@;we51A&&>X5&;MG}j@ zVl#J3zEC;%;dRnYX_45+8}wY=mXlHA^j4l}Z;jY)WcJZySdosh z&LHJ+{rYv{5vc~;6sp;!KB1s_l~J#QodK*zARvPS{nwxC$AjyjtsPAy3>kD7(;VbBr5nJXjtG*4Q;yUy+3^VrfIoebABLQJ!t*LZCy^_=iu=#TAx!{{RV zA+3krx9oKlql#e%FVGx%ZGZhq&d91N0?LH`%?D3nt%qy#()$_?_xvF=``V+Vp0vQeM8z!iiXE7P!p6*h|YF9W|e^v>XUw}X( zLn#8f8OK6cS)ndFh3g|1=D6^=y^GNr5wC{4MsZnf=`?kb&qVvMJwW%+f4|S+_vpDa zHcgOxz>fV=)N?9s5wol~`aFI2x#W#N-WJE?-sX?nL5^Od)tKMg<9MJ-;`ou~6}TK} zuOr^?A<3xqwTGIc!HCz>VnJ2SzQ}XFABgokryH>OgNwr6pb>O>`5LTY@BkQe5A-c` zb&KW1X?8lWK<-mcgA9gw4M4-3P>a6Z89SwpNF9|sS$TID!i75ih@rMrQNIf`aKKb( zp1{%>_ak^;T{6-`3)mWJwjo%tZGVE`j+*_ky+VNih3k8P1dCmc@nuIUgS2H9ynwuESpavlqjAJ#RH_5rpKLh6 zhVJzEEcE59%8J>i)blIBQnIQZ-M4GrD%gYA&4slwR{I*@bLT(!V#=E)#pG>Nxpa(#LQn9T6i;4|KY1vLJOsYX=5b+!w4Enr*V%u=%ssc*)D4P7j2c*XO z>Nvl>s}J=)yyhTqqYPP+khwR~6-+1(IZ?I@t z?bjKF6Ofy58u&3Skz8JKncuPqiCXTe+FX3}T}DGOp-mkPi3NMoQ!aDP_v#0)lEt^- z*6*qUk@?xL36KAuei}Osz+-x>-XRPVp8o5qJ2l9ZFkViGM!nd8?A8NRR@RKQBp*gU z!9}!xZ2Mz3F1w2qAx>`2bf02wf{U)Y$cbatR9pQN*t%=_-0Nwm`zDo6XdXK9NmEQe zo8O21B&N?rLWCm_FEo1{SCj>%G7axEcLbb30ue0#R$?rE4U)&)Y$dPDkkXFmP*5$RvAJkjbM< zWM0Hl&|m-q8{mJ)fX(X|-IwFrmqae2O6 zUNPo_$aW|HJP&d@@wik3%(3ZE~-(FXAK#%Eu zU+tl8>WwI8GTTf3i}f>7F5*p5{BcSdgYp>t0hsZAGR`xs>G;0oQZ)~VGK7=0UWf3l zT+iR2S5%5uCNAFt?YgJ7w_KY5{MK8dZD3O;9w^!#z5ipsd)H(SW7PaLjvBxV)F zYVK_WFyZ8y*iqW);rBS9?6Ez&}j5#Xn;G>FjV+ zsUu=kg$ctdjDqS70qH6i zPoJWrZPc6NuIc7l(S7!nwUwFX6jn87sb*z?>@v9MR~H)~TRg z&w~l2#QsO&&7AxplH4~jRl(b?`{oE?K12ZuwC~)jpji+Z9ivs-2!x|xhN{MPc_^HD zIKl&iFkvfvyy&tHLwLOB{xNwveNwG%j2xZJshUlu*nPGh0W*jCvrkb+e^HCN+!%Ov z;`WLQlCaLQ{ghs|ZE9IE*ZR-=DRrpK_)xe%>lcW&J#J%skNi(4 z?+fg8^q`7{U&`_IW(jMR>TsMdanZio0GvHx(1p(){?gLE`wj00#JK!pb2%NQw_$M* zPl(JOAvsFe=ND*^Kj+7P=t$gY27>;mS&5JOKjY#UQi0ov^jj#fG5OfUe$gb(T>mT% z0)(k*!wv$R*b2IGNn?(I*WJpvbsy)ATo(S^!qCV@gt+S2g&5@`diLi_nb5#8b7+jh zcqU}N_5#}-k-_DIB#$dj=3$!KOaB)PL}SbgoI^EFPJt5z>yq;1pSs(VKfrW&(Zh(6 z9*>i&+D3ODphem=&3=1lV>_h!-;Q9>SKsWfbp`Yyomumir_plo#(gSZo8LtrPP=aC zq1v>YO}}e_C67vZ(5`Avob2$#7+?W=U%B#SuJRijI^L>qDblb0hE$%0DHjVx%9IiQ zcSBiQ3vTQN^ogQ-J*0ebGSV3hXa*sE``RbLP-cn(M-K4=ZWBg~utyQ-B1|%;QM9N= z@ZxGoN3Hl<^kSZG2l|`L!Tg~3ANI^4PABlv;jFn`pL*0b>@-K_=^<&vdvn(mer{Iq zG;P>-m~($^w5G%1RThfJh&(L4Rp{5DXB&eQ4>Q)5CGM4%_jvmS$OunTwyMV?vX6Hf zTJ(&o1G3Isqs_a^@3Xuoivy!LAuN6C$*ppb81=s+Q*{;?2j4r!%w!=Qb= zm^HfWaWBDr=HDxqzKXteCY#hd*I^QZC@@-%Lv0ZV|<-x#wBH^sfux`ePjp**nj3<7ESvF(Jl8@#`cHlsv~x%>TKtz}++(_2F(E zsa|^Dg0P+eb~-S_^~X5}=uUhl2tQ!G(Ph6_INMkWevtqf8v%8*edJgc01aNx>Id4` z*Y*~HhOI&5fAxsqy-J6xS^_Sjl>=zXD^(p&6;y3<=v;^*nv&05^j{J5aS2HEPN4YY ztFFpVtaF|RrE_(J)cke79Ss9*`7OO3GAL^f3|1Ae?9u1NW{g20Y_|e8N=Yh0*Y?ERgbX%`4mEMa7U<~2E z#r?-Ux|6V%Q;c&E1%ws$ABFb>WCZ|cf+=cu0$(XKw8;E^iEx(JvC}>Urb_Xa7}Z z!+wKoMT6BY8#5>WEPilGzwZ&~nI{wuUmYLNt=hZD;T;PBh-u|t-uc*s{axq+Ec^f?ZASzS6{$eSkF2$4b7{`w7ut&(^bkA9*kuz1$8E z{rN!j_An*HW5360bx>ZvY|XYPi=n0xM%klRr7-D;ShrT0NGZc*q}l^9g)=S4OgH0j zIW*V(q>>xqcg7g_9X8*~z|$H{DH_!ft-O36Z4@U%twzJ$d%pmez5T#Fp(<~4q2snd zDJgNE%yXhi7~o0#?0IDc1WsWMpb`$z zN9I-yrl78$75e#Kul&92hRa=8qJ}kN_p&3mg@j&(#XC(^FI~a=wOf3h`ikFi34rZ* z4(GEErh5yQ#x%%sWpThl!m0Rad0J0G2|awP=R~{N-o*Q70zDW!Zk-o^?=#~}3G;P& zqanzs1^$H1*Pnm2_5$*@BbM%((h0~Q-M#JxfXJW}L9g;j*>oelITD)s?e0`47#EWx zwXVA+q+9R#uxRDq89RjlXl>{xw_cd&2IRUkx|sOX$)jNd{-ao-e9@)Dt5s7%QN(5I zNPn9}8NEJGp;hf_aH>Ex6gO=3;{Yvr3QNK>c$}BvA~jodf58^&lB{(Kf{k}k?ys0R zlVI@Oz03NQKYS=SUNEakPo1M0}-$Y)14`{UKy;f%Bd&g;Ik4?$6+D@bE*W*#`S z`D+vz)eLA`r|T5bPadzl>B8aO(UE)BxdVv@?$8^Rwuf;}mkW(uq)lI4zE^)nB{^jK zecR(~xH)?_n&?#U&Vrhn@5|v^XI$c*rE9`=kiQ)Z9g=;Ik%PxmZm~SWz;&9pgB2dp zU(vaIQXA$7LCZieL3V=HB!Hs)VzemsRio2A1^d%mFsh+T$L82ads1;S9g@!GrIP@z zjH9{~dbNQJ>LY*(z`o{^wmCZW(d7>De$q_R$2l;FOz6e8sQ=UII}B}($V(wsv4Ja@ z_Vz`gond+hjk5P8oc$uNcM`vV>jMWpE+XRYdGvL3^}lP~Us4wi?06~{D$j5S9*TvY zAgNvfWoThJD$e7v>bLv%`kkYepXQOprM2somCm`NEqeT+_EW1RYGu8*_cM_We8WL_ zEN72zRP%f=7xc7b&4;)7#L>$73g7+(5KZzc=kGBJ>^$WTiU(oQ-!r_wQQ$5P>$L;9 zRCP|#iEAI z`4e=@LiJTyrsqfUIS%i%gfMrxRhQZMh`|k`RypTwbtv+L-sVSJwv^}t`V-=x#oa$qtID$HfRe9qkSoDd463+XUFSgg`n7Q)IIbS*hjQrGJ7*Ua>H0kL-ecCr(?KY=@{dy6AW(HzU43l! zO^BX%Fui4tL>Bd?DHq2r3nyGD{`hs?{Phcf{4Zdf^-hVoZvIpjXyNU2zn3PtN+KZ{ z?0&!YxI3=C@2vO=#34;-01-^6R9L*Suov&{<9WS92e;Fubp`m0_kRpkaYg)`+2CwT zx9l%&GMsA3OaBXxB?Dn3?P=QFz`9VAGAxC{wf?o0oFBfZ$!*I^(PFfG1nJUXT>VJW z9vtNjmy2BqqqnlVd5WfU2&pY~l~KLDML@SP@V|U8>=(K4a}CE6q}{6(+5B{vp()!*cnNe)^oy$CAP;dfYsMhO6FiOsK{M2Ql+NnpPBn-vtc*zgcpTkCRw8nEN z-J;sPc*3ujJ4t)Yd*6p`UhWb<%jfki5z0HU<|dZAngL(7<4wqGJ;k7mh&_NvfT3A` zPb2)Tx}OXBHRQ(1;v{>hOo$1PE0w1&Y$XC+>K=4xYW*GoP{_g~F1qtV$ZvHd>(FOeT-?yEV+aQXWK8_SUTk(B0PDk`sg$sp@}d^d$E^4neKA7 z_Jsuvq}QAo&(IMbeX&9{E+gv=o)*H)x+wE$jL!Fx$ zAiCaC`|i|ag#6qGAw)mYk6LT)U3h%C+X~$6_1K9|{((~2l-ccxHLCl6_hmeso-Kx? zo)EWkFUjKrEUC*p2i_d--w+wVNr)5p1*hcz-P;81UqvmYADm~9M-wM9CF805@ejBW z?Q6XzeP2vdtC{u`{P5zX17lb^%}{lFelUYNCL;#9639p-kD3J!!t8s*jk+opAX(e5 zy*%cFyO_o44}S3ct6hjFeAnn^9%`cgeBz9aZ8~`!mTI_bE)_u?>U!aS4V=$Vk`b+q zVgsmH<71p;0*Eb%PL(cb-Q|7GvJa{`if%={80)Kn>kl=Hz1}7`>K85-=?#8Ib?m_e z2{4`GLDgT}OEK>=X-~IPp|gPQgaqK&Fa}TecjM=XQH$@se;}ME>~_a_3MXYxVp}*x zo(ojvm19QFQ5W+sx!c$H{;d7>?b=FYxtqU^uBMNfDT!ypUQYF4n@$AX!w<%qVK3e* zcu{BH?(|h&g6y_JA@O=cadV9wK_hN;32Uj|7M~Ib4JYbP7Loq=J*!=_;GG0wOmNh` z{^JZ;siMoPLIw#K1oic>$8(U+Uby>rU-my110F`*-mFitGL9u1_@cq33WSTMsd3_p z&@@?!w3Nrk0b)J-ibXrn#l?FYI1s?L^mK*UwP{a@jN%U-K0Te}_p__#p+YCGMaO-d zo!s|I>6OdRgG?^=cY`nVXtrZbY23r|{9RHBMRNg^_DMIrXnv*a*M&2UH^FWK@p*cx z?otY~gPD_wQfP-%FFMok3IEs{V7k* zp!Sa4`?Ik42MMS`nJc7vw%q2zCVM~I^ZQd4(3Qk-wU?`0;-_Ww=7GMAIbxRBuF>L@ zbkTVBL?Xpo(mOZCaOpxF!p(|^v+1$Mt}-MPpkgyBELEbDF+7e}XLA5C(Nc7Wh4HM> zk5jzYNKJ-%^|BhS89X2&($YAOYaMrN@-%**L!e^8(|%8fkhb5 ztJv3*J>&0!C{K5Il|q)0;f{#-=Hg&mmm}auo5iPYb^GI*Sb`#Rk9sjb1+nZ`k`d(i zyVril^%;ft^Ghv=Gi>=3&HME4SLJ>^ULxSKPLt(c5Wpx$DFlKe*8m(f_>i;-J!Bul zPX?`y9?m5f7MQ){HPM0MwMQ&7-1F`O??SALI0UE2u#{v z;+D#VtM@F@;k^eTN*KWuN_}}vTCcOoJuZga<{l67+ZTopuVr6Fr_f|_sPKI=$8xXy z?Y-?6x93y!1iT>hZBPAScwiXeQR{OQAY^xGd4loZ*P@zZj97wWz!t*OyIiesJmKU1 z2u)oTI-Pq!un*v+iOt60lNbCGkFMtcQ5M6T-cD9lEJr}xBthV>LC(JVQy;t^y>(6uzdBHCJW~8bsArQf?cZ4k zC&Pwe`|We$a2CvT4a7a8)}LhyM0{$lnkK#?OQP8DooO9QeIGIO7RM)L_nL7IA=v`U zZc(o5gDgSD_qz`|-S1H{12%5zDRC38?DyxvHFJ|Gdvey?4M$cB5t9{8 z;gKDfqN<@(8x?-hmPGhexV=- z|E-TOgMU^|mzYxB6SE%1*XvD^k0vC!D?j1&H?Exfa&aGj3UUqKH_r0H^n?b4cdwQO z4xg78tKtj=cpYWI6WRnEvr_%u)#EhL^UI}~g|@Yn;n)y84C^!8E?g;aICUF2wgNM`n#_vmSxnj@K-S`@> zXS@F03p#EFcbVT%3#n&frcL2Q2CXdff(`U zG+N#!@XsV(A`0YRB+{>}Vn5W^HivTn*(ofxhb$!|TBDp-THmAwhxthHrG?*1*DTcs zl`$Whv8vF)*Q5Lek0!T`51Unq3M zeMOOA!p~a_jb)UN;8gv#`8yxY-f{D=Vj#O{md~p7nr>QLPh91r_)z=KUpsSsvMEw= z?Oj@Zd{CeTJ{C8h#Cg`_4dPo_j9ISm96nB|4b6Oue5LQE#{oV+nv~B>Y?C+fzts#- zq-PP5Ua)uzA@NNYhqbJnr-nw*Zj62(fSic-Jo&osWuOp0=A0@rjT+r2e{_@Zr=K5T z5TCi-B|(`)^L*NmwN>L$X+gv(*wo#=720L*39!k0B-SR2&()>to`Z6<(T8rD>T>=8 zsNTgrY~oXmHlkYA_$wgc0AYL~lqPuBK!#G?J^`!fBV=qS*AmgR9o<2`V=CS!=sly{ zc**Il%&wqk@)Q8h{>#BZ3Fr_08ID_z&3M!oPwlhQi|_+AiEj4!r0s~V`tkt& z&Ho|J!gu)iKXVN}hhh3@kmh!$4;OBf1%p80mZR1*RYSEV5R|Uea}s_$v+Jrmeo`MRqM`-b28&dWbO^ zX0H=6_5fI`KRbw~dRessc=QVf8(xWNtT3mS`q0{+z1=#jJ6a0n%--4Yt)Fd@LmETR3JZxI z*9=bdp9fW7eRXl>35;^p{GEU-4#Zz|-G|Wpis%@qg!eJ$739t4U3PohFVuCm9^%Ss zYk%_GZ}2;BA+?4_=6Ana_t%(x01iphGY^C0AxKRj-ml*+1awh@Dvb;6rByKG!ws~f z^5~4`RoNq70%}#EIUx2j^0ph{c*pvvc3s(IejGAma(BTOA&6ZvG43xD`5YQHhhGh$=!_j$Bc_oKikC7iu>vwugeVjskdwIB>ZC@rdkWMEfk8_F# zIjqcqFqReLw|;-cow1~yPYQ7mUwmZLO(ZpVqYQa@91J9cp%ix{4>{>$!ibxZr_*~Q z`W5|C%uq#>4UfqAh^Z<*O@jb#tr))#as!9s%EFxMvjTN%%MJl$lqbv*7YRTO?ka9E zQ+x=ug@8BFKq7Vzp0hBiMPfY@T$d@2W-#ox#$SjPPszeuAL~6urKh=TdVXIa=|pMl zARX_oNS$0y;7XozlgD1#x!?&gbu8vysBOng9sl)fZYPD!p?{&jC zq0gOuxFUwoZa@071?>t;kOK3CV8O<2)g_fmREq6dJIM5}reOMHdj3^w`0;dqtiXYrW4C`DjfdD*cjS`-EGfwIvje^#(rm=Ng;bMh|NYr*J>QaZ+~BM;3n`|yk4!r38XqlS;I zW%?zd~}W|yFT1=nl{Z^3wS`k?SHRs%nKC#rPja3)gu3#jMI zW+u-uVjpq@knO3n>l`F06x-moWKvdJRB=kxFo(7FrBpV|=}&O4(tlUqc*P`DLQr>o z|6Bv-EMPF0F`)aUNvRE>75@2+(#8}a!GJ?fm3%*@OPx|;fktIEtnk_q;a|TSN5iaz ztmAUfc0G1QYMT&n5B!#9#?{8t&tCY58@6J(bwk=e+wxBDE<{dWxDc;X;4lShICi>S zeo?rohu-e4d3j?*;tw;FLT|}AkNZX1*N?|ukF*!)r5#uM`%Sw$bTRPUEf2Yj@RQ)J zFU1#F#^Zja55G2dh>rq=^K7h%7fvU>MA=Nw?Dw&H z`gA%x)e0>^9BD50eSb7OF_{fcdv2u#|K&E0pWPXv>pUWkAo`}-*M=$Gs;MEXe&VY^ z#~!GWSV&M@yJ02UiD?Sha`y*BILq$|AgnWTTp_Jn!|<}|b~zoK?G}h5Y9h0hsrW4gJ}0QPK3R??I@ur;M)oZph11Uk>K4$Xz923LJ;QqoIaab%#eJ{ zTa%_Z;_a9MF!qA8PxCWp29LW8!v$PV*xK1ohy@9|iOPBXjU#aJ5nWXt3g3(ocJl>Pze9qE|8j$WL@RT2$?6<)J|O|$FIDhf^5 z<|C_H^s8fG0O82~L_*!tvn*ZbCs{6yM7rgi+w#6?2e zAw1dR?GM@ugKzon?vY0fyIG%Hoj4L-HXH|u$K&&{%ExiE=itu6o~tLnl~>5UvED)w zz&5hI7U%QB;&`3Sj3N&&+v<|AN}x`*-AJ!lakcb*jeJfj6^`AWPEB`{&Q?2gO_IuxkYg5V7;<-ZXZ5S^j~+$wGDd z72ZEh{HL9kb42K$#F#?0NZfu-guOPQIc{;&uMjZ1N`%s}7Q2SOuiBe&q6Lfl1YR`$ z(;tTz4qlM`v2ShJEJx=$vtiS|!tgXAcos0^Y#-Hl<%7oS`A@yq4mFPSRpERcqEyA6 zL`yeiSY`c6rgwPQ|C;?)QU#G(KhjLn`B@t?6F;1Y+B&bcq5U;o-A^(2_wdkU`V36R zbJRPUEWng#vQH~s^8it5A_WigWs+doM%3#Fp0oZ#g;B7OKhgp8i6^Jh5SBg9o#_xF;vhT^sR_?j7e%>C!W;2-6pOW0&^37Y`qksGf7ryhOlG@<<8m?zoJq&bja> zkRm=_98p67^hsl0=&&nlV`;h%ojelG;+gao-r?_Dz?tPC_9OkxTAoamYm{_GGk#C(#Y(Jlw>A;3bLEv& zm#kh>a5DtQ4z&S`SBK6D!o5T+42zN|wFG7zgoywGhJo4h9vWTdo;8Yg6;5`;^u7Sa zlgE2L)7MA|jdgw>`S49>85UH9E^HFi2dz$62D#t9{eq-d24Vy2aP8O%!-j^fA16IK z7-v*Oj%XFYVcE(&elkWcIi6j-N4+?0U5KoAH3Z{EQ%oCz9@0Ah^=jParQn-GkMeK7 z`xP8@DRVBHA%>Q!-!Ddu((cm$5Y0XU43RK<1>O&Q6#hQJD%;|KNy~T-@Z~|p^!NQ5 z#?4XdjLU0g&yP7sw zZ{*+O4+NOgZUFf@(u3#O<`%C{o8u({LvL(VBv5bRH(uK!jzq8hk>1Y=3>3cM15v>J z4{T8>K_$0ccSyu~59dxRyLZ5d(jFcS6J*^sU#|0I5>F@4t10Dg+NKxU!x?dQ) z5~BHgD`U|5_pzV>c-YREKZ476A06^%y=WVYOY@7Ov(JgZGxDuZGMiwi%&A!I{)YC| zWv=}GA&U?C>8Y(HG}AN7^WbSYpJ` z!oN5t_&slaG>R{1`=-1yN_O)?*pZxu{245dJt-%Xl-lKb6)OYQbCsFx;}?TC*DE-V zNA5gKJn!Vv_)`yxU#2&*l9?9`6h7=ztSBk>nj4XyyFh2saU@DKu-?xaWa6Ov8prS5 zSeVQ`O0eBI-25CfMWJfQoa1J))gIn_3H|BV?P@&us(WnvlBsHgH_tvqREQ0QU4~;< z52+8HiMfEBtHVZYB@D&<3rPKKr=2G0Qhi9abhsxCbKY}VF$fqFSfuXlCh$Z|>JBup zUIG)6os=sHx1)*XHNG%8h&ktUui7P z88gySyIy7zCO_a0{{^d%+dZ~Ty>5_I%u_4p$w-jKEL;Y5+L z=p;u}>!Rg&V>D|)N_@IJ>XeNg?=9 zF*=JHe!$X#P2ip&X|d=O0&Hlu^K9L>roG(#{zQ&9C7~~N57nh=KFIeb8=kOPZo;#h z1Qf|Vrt3}F!*Mt@cUcanTYSi~xdFmHvLzh|%qb28qx_MdHbG$P6N1~E8(89K{0oS_ zbIk|<{UF|S(!u{+&m@GYPZY#xgp!;c=djK=_)y+xct1hDgU4S_m0cVC1p|yqqYtXM z#{nL_$ho2p_XO(IH-w5*a%NJvo(WcQ0tgu3nfu&Zt^ZR{E?Bepo*w7|BUd>gZBU0N zt25R4T_$MgsGmC#Nxp8ZpNB(smw2hxY(A|F`MA|g-#)%q>J!l9Z5O&ni6oDiW^pB* zpwI7mqAO7ujVAGXxLX3^xSlD4tll5@z8weFRUP}%tl<~#K^csW)x0<>!R7QLoxr$d zx|6ToGCASx=Gw^hVY=h%oB;*pGrRJ4Y1cAJo)EA57Crom&UGajmsLBf_d!4KdmtHs zMOU4B=VyGPvp)CVhw<7k+P6M*>OgA7Blw`tzOU5XZBDjIg_*=~MjR^qao83S^HtEl zJp8Hx!nQN6)-*Z^lhHCGo9kayT37~&Anf#umOW0w4`PF#=)~{jyUd^k-E;AwJ^9mG zLhkO>sgig<%8?<>@HVDF;(RMxX)wSW26!*iqpM`ZTjcL|WBREQS_55SZ7PJhNYIp7@1#3FDbhMpEZLB}^Q2AgH-T@nJ#^&*j9qg!~cS z#jrK0Wi` zk?a$n(74+BG#pXP(;%+`EOoy7baR=1JD}&T+`WlPvIi7P5q=5g@haPPFwo@m!R0y* zunx!SEF_CQ+Fs4b@SH?uM*e2nbJj8{TDUjzmS+$Ues^oXB2zKR@=vKh8cC@+c6hyu zZJi|YrMk!vzQ5T$;uZ6QV|2y4t}KeNGSKXZvoN1A**ZU60tbyIm+Lr+XE-L!@7LtO z+JQ-;Zat&>1#i;a!QP_$|HzEILvmKBds|MLZ#q8@HI*P94-O z{dG$wbLhvidxh58gR{hmZGjT<)L9K?SOqO-1+!0x>gkaF`Gbg${d;9YfAK))@V|kk zaiUi-@*!;CEes8y{<=!j?WUG=%Xy?cqg_%6e++p{tkv`^&8sO(&@cGp@?#k?+Vvo6 z5%k!=3~<_zwA`ZrcOlDYO~LfJYjk;Mc%Tf6?L)-cz|)g#1SHz!#cc#@5Cr>4JxR-n zWk5ft;V&uF*Ew%FK8KMpSS)?}a7U;j?wwtNtOP^F#FAJ;n5x#P=X{)QA-)p+NKiv6 zc7WX6@wI$JFP+zwrFD3C?uiiI|_cdwW za*In&E#Y3F+(?)PrtVfzOGavn(wLV|Q)K&TIuHRO|g zi@#hVARM%&<-;sB!XEjz2fN&G{wd1utb#E5EX-I}+a@Z!Z8ZGTM+x0V*QDc1j;J|> zkZHW;KrxfGW1dziOshKfR%FlFPjh_lg=bUJgZy`yuAjv^4SNA|$h|i_m#~(6Z!?jO z5aYbpHY_zv9F1@EK7FjrVYsNe2;esT4ai!hPDF96Bq#z5c2nZp$0~p;*cAJ{?nww? zKYK8HAlu=y{wg#<7mx(QK%P{d&)33ZTO#AK5ni{K!d-#$pzJZnt{bBa!u023On*Z6 zIJDqO-Rl({oYWs*#tXAb-4}}pcw;!pH!qw!%xI4q>@B=>d*^YN6g3WtCo3QU&NknB61a1|}KWOH+#hgQM%WHC$8r6o)JK z6_V)BhEi=SRJPSRhfB3~MXJtFQto&yQ;q+$OG3Q*t6(S6u{Mh#kQ&J)@zortamB_V z4*Ky z@OZ-SgMPdHw)K>S-*~-08B8N1s1y_ILt{F3bM<>}r9MTn`M8OLz<^$D^8iB{c>_cY3pKw_1X?A8a;1G?o+gO%9enp zg60=#Fi?Cjrcom?05pL9`BA9~JM`a(jio%JG3oSdre2WDNMZ04{4uC`hzI+9C{+dx z=1D2~k)+u69!rjBFYU3L&cpUH@bPNU`BMZW@EYZhD3Z9N*d3gD@NU5bBj77~eXYW} z->kP_t_hmN(KGybA+*0DJ}IGt#vzH2ewnP#BZY-q$F=a(+q|gWx%(8Q)wHK?9G1%A zz0YWCFw1rvCZCv`euHZ-`G!-^|n~-+13Ui8z{d23NAK%>rQY1QneQJ-? z7c%Owz+djubk*CI`&{niT7!Qz>C!Lfi}*FyFF&sH6$)!k8R(YscwtYN7z#h zaDnch-F=uFVnLCoTV%MvP*(N=gGqf}Ps8K;8gjjH#7W*;FWDdKP*m_!ys|vflOskA zk=EZ5?s%XU8of$)NA!{a2J&j)IlWJLpts5AF{mciS>RHixpqlAseMZeW(fuG`Dv^sfIitAr-KK|uiUw@-ap#RdNi}Sl zci(+&_cY9~hmpH?m6q{qpD;G}Ya<^3=f>nJJ*l0PDZCEJ>qa%7_w={K?{8jcjnPd( zyKS!jqAz^;t)AH#Hk}#7303XY67!zoD`_jay4OfL(JalrwgjSbBwz1osT1 zefru_>c55gJm|f%=G_TS3Ar&;{EdKq7yKy@n8QZcd>AXPI&n93g7`iz2PPiX^L3~p zo?F~4%dU@`>bZKc1jGJ=P4ClpBXk$2ANvRbiuC>n`LE=eqnzBsubDhW*Kslw#c#cw z>@;P8ExbdrHsTwYl{&Y<^?Qu2o*GJR zJhMG+R~B)=aygTr<%wK(0mk_34&BB*&#}H0(-TR!6RWIrl~PaQt4Y@>IOy}^yP2zw zNeV~7?6}sek~eW0s_5Ko9_zC&y^Z)lG2rg1Q-DzJ$J_UHr-HF)=Aiy;t52uQnW}pF z_}#b58v$R_|TJzCqCynT+X1(8MUZj<=cp`RJiTzFK7M=`sYx^9p3r_BZvUW%&X zVLSj8%C&MB>45+c8mIkppXse?>~{ni*R=I_T@)Wp;#GdZ{kHz`yt{Y3LCu;CTfJPU z57Fq4UWHcPBqGE@lc zy`mYna?UW7v>29{n(y;@5n0KyyZNj6QE~G3MHR5k^3vwyL(4Ju3TwbNkB&UR{J!>Y z36Z+l=iSr+zn#v&eZ5mAvuxzf8)>5rJ|24-5tDpU$d{>)A2mJD*XP?fsZLFJqQXH9 z0W0{$qa4V_Bf7b;FYkpV8|3+W5b z;V2jclKEZx#-tJOI48mBOa7G+q>L$J)`AkbZD-}aO87Wi%((9yBMPuIbD1adk@sFy z@vS|e%;&zl=s;%c&4DQbg;PU!-3A(jd8m;J^RNf_~e{WC;-maKxSRJZaLSCxP zEO1Ru=q9^o4o5a!|x_1u<&`8 zKMPm2t_8#BeZaMTK1jCAeSX&2T7R>0@(Sl!Kl}{xYY)xGK1RpUiYV`)P#2H)4fxq5 zshS=B)J`I%H2DCbc|}X!yGlHwdh|)aVNU(P!=ViVfIMM=UK8BMg+0;{UnGW6$z$vf z+QPIw(>UAuJ`iY+sEI++9sUQ#5*VZXM~aqI)K-t8;vOZjE!7 z7QhVFFE+RZGsev!V+dUe&6)aH$$cj5d>Vw9$w4ne0P}x@5pi8+ojk%!p|qJ-el#v^#elD$4&aW&uzq_32H0M{9}F6 zh(`lI8wnN^=$QY-Cs-1nvjg#m6>FxI^M33FOO8AZ_z8WP@gD~IGx~c#xE8JdsjWvu zi^r>%D3o+b3@d*OXcf_jm><~(2hI^x%6m2+%G+cigpZ* zz+bJ;?e&`uG;#xH(fb`h)e_Ii#pm4pDr-=G^$xntvDAJ#P1tatC$A{pN2DJKoAByC zet;8Y`AB|i-#Pj-a5Vde596C2i3`kOyyMo##p60u$~#mJdikIRtvT0=aJr#3#As42 ziBJb2C2J377V{^Whi~-3T~1H;g}&=|Oeu#-)L%1XWw+no)TsC2iR2M^2#?L_-!B^V zgz?RvZd+M1;_)^7ZbWG3F%(?PhsV=SNIcz53i#(0TL085(k zXa6)yiU2s{-DHvT?16OM6Madrrq7R??%mi;UMf%t&D48f@n7FYAq6D_DI))S=&$eL z*HGQwDK7X;c7XiR2ck?=&S}UOXHPfhAwPk%LQGHJ0JO*9Ksu${*WzM7E=wrrk=)_~ zUbq*{gii3q+)nsJqnDUtNY{M8_!=OlJz)k*^o_J^_j<1$GqAGsORDsJseUrTp94Rd zLB}-q0$E42FYNoV$GEWcgSzPUk1cM4HW>q;e(LZwQgVdm_FTWNd8gO+l3utCO-wuy z9&W^z+1(zL6NlfBjE!43(*ga7i3=;0Wfvt0_9alN=7zUeD8(wIVj}I8+36+L53RZVw>+ethX646)vn;*Y9U^K^YN-qAJnV1e9~@d&b>lq+Ls6KD z@Pa_BT2oO_ZW4D;&cyH1!B)Qe%Pux?_xRY*SR83n`Eq*-8o4q9-_J6h9sgdS=g6;` z9`t)8&rTN`E1Ga@%;=6Nl1m-Itu6E{`iM9%Uo*y4^iRrY7r&_EzSF^wn$Ahcv)YMo5RTB_-#D zCzxqof5EVP!1V0GW>`Y%atVzn$y{*6G%J6pcgz+PS z=ZHHT#SgFF1_kn|s+Qtyx{ccHFvVxS%TjY7-5d``D_dZ*5R}Ws zs#J86+Uo~6YPbeN%Sqn-K?&64)A{b%t`Xe|CW1FT%yLeP&F zSQQZC7qK~Dzsj<1eEw`3Ro1{6wtJx!MHZgfFVW?`kNagMZz@BuW_^E)aEAF#UY{Wn z(2xx5S?U9eEiOBK&%(pfLAgm`A_wtWx+vCU&m(j+(2hNs$B}e!OyQZu{FRyRUfn* z9y&wU)|quVFnJL+gfLnijB&Ofh0iWioC?z4pIY5ZK&yaXx3R)*t9aE(_K7k&LS9aY zk5P-Mn18bDebT8PfYzVKjbcs|*|<*2d;15+(cC#WpH5MGC5V;7pjo*4@r^E`Se6^= zA(HuKc4stXBdfPRJ(MoAw7mSwHQkU>#E?N|apC1&=-vamXAD9_!AqeWI1qCph<|hY zdme71$j&$m@^N{f6V8yUq*M=SroL0UeZw~T#nYn08vBW)0L5w}_g$WAVVq937(H=~ z3h!xqK3a6q7W5%)4>f};73A>IhMVV^+mDTv0kW3hL?qgghKVSXaMW_Y{g5N^1(|uM zrsjLTT&&hzN2i@cuy+>H;9-{1J%{q`h88-N1?Ij|Ysgu3x69WjT7*CKj_Us`w!$Te z$s_#@FK0*qE0rvuDim~53)Q}h$D^n7K|>k*mVb5ngauMQ=MOC<{ZLNFOC7>WpU%+3 zIqKsJ-~^FWE@Ns0imKJe^{T5|tnZJ!$0yxw9IV}HI9}AL85g1@vv6bw)8Zh*zpj5Sp0FQ%($k8`ZmSP z0nUB_)hrC16m?STQ8N1`>vNPwPsJ7%I|$JmR|RIurp4TEBHjHanr4s-H0#^he0Fqx zaEIjUX5F0wdkvc;S$FD%r0%5ly|FEEZ8H()L@*a$T^=TVFYq-(LK*V8agpo0o>A~E z^gNmB6ht!S<-xoNxf~UK8P)PfF75kDDqr-#^}o0=bUY0!Y#Nde_T&vY zgeUaV_?}O_Kz;W2H^w^K7Yc3qagR*M6>m9((I>kTCxcqgd6gheIdZL@4|hyL61qbo z>mcptho$tw_Xt&1FJTs*Hz+x@7|>^!CE5_jQE@j1lo((91KfmPmOPwfSQPA)`0Mvx zImLrT_Y14{&~Cv#u$Yu@zPuk&AaP`Ue(tMfU4BCO2$1;|eOJ0vinZ+SyQ1s2xcK99 zz9+E!#Pg>6me37Y)gK*K!6i#B=z~ZP<^wf8D$K-Ye;u+8iUoZ`zwaYn>%F9QxNu; zgZ0wS@I1-UCa_RLb0;ce3ws#sTMzRF{2~D+F-=`8!R#^{z~1 zpz?6{V@%*_FPLy3b*IARs-a_BGft0*052FTkPyDj4KT#2q<%!Oddq8riD5t9Dvq~d z`|0U~d|@3q`bDz&V0+^ro}qT}xjjg4_e{YGim1^o^esezvNFPxQeAP0CO<{wxt2!Q zjUsbi?}MaXAsOIetP{jI9K4C_&2Bs7Oh_lUFAp~R)-)-Aa$|@d+Ddw06#- zB{}k?y3`vub~9^w`4JyL7Si7MB^Vv@Kj4dUwzqI?70!K$_mm9>L}g%XoFb4buDWQr zR`f!?fa0cRe27QV>r}Nwam5l~q3sLUy`fDpg<)X1hcMd1vwB)aw|@FChC@z;`)NRA zkD{!Fr@r^uiphrywrRg>S%lqf=*|Z2jN!b4+Tw2#-ExvR*n-lWaQ!}th4Pb&I=d4* zop_3XK8|2Lya0db%)Rgc@+yR!Nh$ORNWb zIAegmqwmr83XT}G@6R8X-?pR2wbq9C01u2wLP%2_V++vA`<4w|*U-26mrC8UEaY%h z$#mqAPeOa|hth(=xyXUlG?VNorMZVVb~3zbl@n+C`!zG=_l&>fHT^Pph>NuM^+?2@ z4{Sq{BZj? zwC|0{&qr*!KZf0OeEa8T|HN*X+Xukt1$F}Pz#XI=hCP7~*U-Y3YQaO%_QeTFz$+o4 z6Wh2j-w~k^jCyB6_tkU_apV+a#5ZLd!G%5ZYI#^RZki+CLS~RZdY5ovEq^CD%WY|2 zK7-)A20vi(-P70(U!Qrt%r-ZkBl#Q3yvGvz+MGfLhT$jP!&q*sk@)vjrMJID2?b)fR#SVqI$8Xcq7F12aqlza3-`m;SV@7AEN;jJ7` z)3N%9zz>|Ad)a&+V*9xKo`ikVv-{03C|X4uDs_03$EW}gBLNNEk66V6xAly%C#2T! zw@nQoHWpS%8Z|Qjz8xi~eU{5k$L#!xg2zn@1udMwN!8Fs*r4$m&kP@q$5;wC^$;x8ydIQJ6 zxXD}fdBNIPsRw+npy$o2kIpJ@&9f#MpzFOJB*XohLxYFE2B&k9h#pm26-S^l*x$jF zX+{czyyIVQQrdigaK{JZ)F*wqVQVJ%2PG{c`~pN<@b#}y*UM}0mgH{LwW0fZ7Jk&q zHR{-ZRzc{~AJs15(`;%pUwY41v7(v$R%WXGhF{i_;Xu<9mS`+|}t{@sSedi_y7ibZ)f!_`(|?qwIJGjX1?1DB+0rdP2L`Qx`wK{ewk` zrJ5c3=Ax}RKLwW0VH?_Y?TzQ&paNI1(5&_id88kdsQ|9M2IC6wWF`jiGQkG|kcK+; z`qPC9KY|YnTZIhUcBj~Y;S~8DIv;Tkynx*@E=^xlH8;&#>O;d0qqOJVF3v^RYoLcE z{6d{fdI=`w(B@2ETK9EH%+`@+DX;h6;?7PIA6}^FVS$k>%VQ}XRV2^DEx`7GBd_o3 zt1%1-QJa`uZ3<`8JPLuWI&~8 z&WueEY+OP_B!K=f?~m3SVMp$t1_+&fxfB==rO$mvlq1!VY$dQpX+cB&k=_DT!%!)NVE_16;MbTv12AO4(*I zY53kEtFQ_8RqhZB#IfcdEwdE4d8LBwmT}s}KGRJ^k{N<4$3-s89r!xs5pB0(2X^GI z<8+mKer~Pvw`zR%823g5I3WIk6r;AM+U{#K#@Q~N5-#`S;chAR3M*~PnXL+iZX&;j z5XGq-GzvZYT)N5xlb7)<;M2<*6frl}I_!Z~hfd_50q=H|qP+_cSGk z9W(F57pI`1e#@!$cu+lZSVStTRtBxyc#dC$7p3^ecUB9akbJn$FZdIl zGel&dCk5nST;R(W@7FBj(n7YP$bI$nJ4#ijcW(M*Y#w0G3%qK@1uq&_`}y;Y2~F## ziC3AuPcuNo9_8MPz|Z|2uD^w_bDA?!7stGh5we9PAxRflAD*4ucYH|%t;)^$_4R&f z?7DIbk-b@TYIZpxGJ0m?!^j^1Hc7oZM*>)<5Co+3R02K4*k^v(ZnjnFNwn;s*jI6`aVUt#{IPKXKimRUi3Ra=$hAnaeU9Wc$Uc zA?%U>ieNh>=Aoqil>R-FLWzY-^vS!vapjPo{X5y;mW^u<9WHs$4vqh~YT46xH+T0J zrq8^&D)SV&A`e>n=NQ0QXo;OSwaDcBiE};vK=j58Pqu04R{puiEI@6@?UQ9#!l- z7v83cmHQ39yj%`2vDsHK8G;_T#UGH@dWbAc{^o*3xlgds5^x|L>3+Fx`XnCNeFsqd zid#-?3S=rIBldS_0RjI!49%|zpe^AJ?i(Wc{N}j7eNQBV9Nx<=@s*RHI-+snzHH)t zb#L%KFn{b>uzSDHRFpyYJ6j;m)vULFK}k!G@_wX$HOgJbl~STJ_w{Z|`>an4Z>aI- z&UVeAD<;>x3BJ!>1@o33%I$`wLZI(48hl!ZekCw3?6-HvVCxxfJ-2oPtg)Yv1U;g; zn-G;`&9q;X_DARE{+OCk0^GS%tgTyRu$SGmEkDbCesrKR$n%iT(OiAX?wtGi%@9|K zpE6dyFF}x8vDwRLvUs)oRbQ{l!Ie@1dic2klIYme*iOp4f7_mBL<4?x(>}+G#2c`c z{jd)j4=N|u!CzLtpBDV%z|*7Ts)eNck?vhbG`qT|o2&=gxB00=W}FQlEND~G{Z3&)i|C^0^<5(bCE2TLTNXC-}$9N_M3Xf zT-zsCw`S|*6nMjFU_0gu|Lt;P6~6RbU=FWYJgYpe~vye-WbG@ ztUM9ezW#`mpr4t-)YXdW#ddoJO{6~`Fw zHB}oN6P|Ih%un21z~dF3OYBBgga{t{O?rM$3Ve4!>CIGm;*SXvIX$PoDyqLQ$7?XX zFDSh_S_OIf`twjjocHg55%~(;nAp<|qq|@*G4{ok>8W_x_n&jMIpQ0Ei6T4BBpnvE zRN-FE&Q~8c1H)JmYNEV4wHp$3#m8dU=}VoTM}+_I!>c}fPK;aj^NH>(g~f(leTPz2 zeaexB2%Ee-&ar>&i9EgBUhva9M6hq%oPE`5Qn(F0m#4P#Pc1=c7P^0CXEEIVI4`VaDF z{pJ`{030RW?Bh{Wo%dx?yh?%#-tr7@Gdu;EQ_I*ewNZOCfc1BFK@6Mxkw5VR5zy0w znesx;cxVku7gl6si`H*S|LU(d5m>}^c*zsqVWYE@yE*ggh5nHSh%rp}_3d~|yEp&H z`a27Ybi44eIv-0z9V?7T_+zM>L9JXh3XOXPOjvoRKuu>lwRFY))4s7x$CdR%XL zaSDr71m|xfgdTyl>yAw)Gfa2H5AN( ztd=imxri8D>(?%6#&?$>On-7Xm~AH?(gg%`!p|Z^JID)o7%?=M{$){5h!eWHdrPoW zM`Ga_jt}ry`>;34sGA~rFu^q`62qUrJ8DRNlvH3c2BBA@FYQSBTHsCqoX4k3f%ZPw(wZX3!kXNOzEtjAENkykA=r7@?sH4 z@A_a~ac71!S}G0Xp~2E9_>~NCYE+3=9$n@f&&d;Hp{pGdNWq#LPgAR@m$!+%M0p&iLC+3x94eE5N?l(%@D}|wK>g@+ z%_gtBKEdZ;zu*pC9UT8KvyO6pE!aC?9u;1Gu+;24ifv;E#-o}}{Dlw5%=Z` zYXIgJT)tn_J)s7x%jNe}t&_)Gt74C;Ph>4><+&%mVN?|mu>sWy(s+l$*ZDAoX5jK^ zip}(&50bXT#D4LP@@vIPjipG2_~CEDY|5SYY(N-9&niIavX148x+ zZj=5#B4TSQ_O(&IqSH`Ve)r=18Rzc%fTHHIZ>MG{QKO!^CDikR`d5#47=`SzHb|{I z!PV(rO55u%GO>hD{)cBQFDRegE;`jytoXL>b?P4XQJ~%R*HK$J_`HcKs9o!qfG9o zCx!j8Q(>A1=U0ZzBF#*Bkv3Mh5*YltHZ2Bt3^kD_upAVPm3+68zr@F(?j_rf zD^P7yCxR+}DQ?om+%KWiAY-F}E@^?_QSH`vngzcq4= zFRJBnmRMla&K`d-OPtW1z9{F^{sZwPQQ67_62*dM^02+Vv*IWcReHhtE7%Pmzrw`A_1&|s_+@i!T|GiUFwH@zIuoDcYN;w0p3Ec2dff#x4DN?l%^PRj%EL( zr`Z*x&Byzq8wvZhN8EyAT32%&AKKM=EI3Ez%|ZJXj{eezzn)9{a}Z&b0UsCi8yY7z z_m97AydK_$ZFbtB{sWvg?Awg@A2VdJTGRooNPpxac7yu@it_NgAO5YP&>7)?^#j3i zQ=X3n2Ol#=`)LtOl`*ynWXl8uu!HSRTL6C#XP<@VfN`P-R3@l4|9YQn&y$5YM zJJR2}Vcv^av={36T-kwFl^NNXSt$8aD;Pi8;$gHOPrn7VJlAt0gw;N%gl!dw{R@eE z9Orj>Vtf4FS0toN&*&FIGf|4GN(KuVclxXb7kyWU7X_>!aJ%G zBu+UxT3?3Dy2z#CvHHlX@;*Xt{9Cn!v(S~wvuwzWzhCiA=C%j7U$w zNBXIcUk6s9o5#1sv0Ab_?%ye+u`M>L@$UzJruPO?t5$@Jq&po7FY3Yf`0|wpKXWoe zcN|`FIPNHEx!J9A&Bw5^YF(JxKrIo+d z`&b~rK6U~a2Ifo^YEo$n7fw&|)59#&>EOZem*hHZno-rq;~pN)CihxdxjCZ8UL%d; z9m8A*WL{Se6HX#IJ`gffR)Nr)Bs*&VeEUZ&_cLK)O=azS#X=1b;Ai|RQ0#->eod2` z`FOSfHepcc!12Z^WZo!f!j4K<6gr%tnqW-%)2#@BUM=lGmN&-6>fX(Rgl!|3LiE!T zrGB}pozn_uuRFK<)(v4AU^B^!EO@%yL%;Eiw)P&WyR4zx^~D~a)67O?+_vYbb9^N= z;hsWW>aX=a^~%ds@7vJt@FSUz$15r;-tADn3LBkYFZ*gi zJrz#jgE&ozaO%B_Djkmdg=XCqROgS>e90A(KMw(axi1B9+YdE)VV8@tT6t~->iUhT zB!#hk`^)qR#zbV-|ISV12Py)9asMq02_FsJ*>M=Ly+}V6Ogwhyq}1XO_dOt^J;Xx& z$)c2F{JbUE7QFeGtl-N4!Iv-=v09Adz8pCWxND^ji7t3umsvLKmU+CzTNNvjKb+C@ zrMYIfBsUa)&ii#Vo7o)t`o0dp3Q?Sc%e?(5#pd7giK4cGN@zl>4JHlW()0&k^%Ot@YKK>~`i( z1bXKg{OdFMpM~^Pd|z-4xrKN=@K7d`|O{H^~{Iw{_F_ROTHb)>mL8!ns$W@ z(AUIN79-A9n>SH4%y2|}M*jl#EmPy~MK2q9jIs;ow3)r9MRt2^c|CqWQ&Zpq?0Kkt zeXIkLxwxN=e!9TbsfKFR^ixB)e_y+G`2iCmqquM5>mF~l%2(S@I@2ye|3HsCv6Uz5 z^1aQ1(Gy_giCGM@i|oeM1Aje;dYXkd6QI~V>zuq0WRs19K^yQHBB}H^Tq*rDChA$_ zn`?8vzF%+uhj(g)Dm|XXZta1A{PqYcdq|Ov@h8b`PWHwOQH&MB`Q5?0+_-M7-h@}Y z_qW!eQruTj0@Ze2byTI>?D*k`r4LKpEf7Eu?{aM3bQb$!jSu?W<8(ZBPGB6KK9`GKJGK1 zrup|xhw0nU?{zaN(WHC(MiIqC(6rm$3vCq(8&es!`j0q?X5Z=^sC- zs3I=52kO1JU3>^0$$cLPE9qS}kpWnaz;n4W>-dg61}8(TR#3~&P_ZSCRew}vPay#O zwbjK`URBcG69$gg8glX?k5O?sp6e$bmdpJQHj}-x9`nIv0vNl@yU0_JUkWlgsNZ zb;&g@CwQZXHq+~D1X>rM)ALpY6H1^88Mlc+0ng>0Y zeBw543T5S@l{1_tHtq43AA*Th%+kz_5GtKB7hZ4AUi!}V3M0)AJIdU9+m6B?9(q4R zlGUR_ZVV^c{O(!S>m__6xlTFNM{6&qjw`=8rDgVlyteGh^FiOiLm&}6y~sWH#sWra z@)LXx$08bFoleX!anPac69oJ7An*q2;=-21KGkEC2tb(z+552PT4W@adA+jojVY3-EYZ zatQ9~9->eceWRT8+rhdoOtK4V6nPfUY4zRiKxVdK$g(1yH@O0B`=acbe|p~2JUWw* zRVO5ya>P<&UtjHesMb&to=;GcU8#Y;)+QBj#1O3Tf@$80Qu6%Eck1iAn|T@AIys9> z+v~K-lk`#K&JgE!^fXyTB*Bm^?8D^LD!UF-uFQ0_!s$|FR#oU}6W_rC^-5dygMk7h zGU>NtEIU6SGd)KNJM1^Q59SI_)b0l_(H%7ZRR@g~PR^r#KdI*OHgCcA&BJAF3m@Gr zYq@fJPwa`12yF_eCtrB(%2tlx!9?DF!QC`v#ag)`heNzC_xcCxa1z$0ZBhq^LsC6Y zkp$Oe{8Zn{YY12**3rBk;4D7F=A#T$d@x!lZ1IL^3LF-{e?%e*vgR!u82P1Uj^PUg zLrvY4g{UIN3d`S})ehoS95L0{IlLjh&lolnqPVFks;kO>jd8sN7Cr?$f zA-`k(b?aBV2NA!&R5J_+Iq8sPhC8h|^eh*@EGy5NoZt85@9M*D3?0X3<-6G}yHSVS zM$^hS!!G~Mpo647pWBkSRM0L~PiF2;h7z8B}PA`K63Q+2_pR*J=HMt6I@0xMypYVM+<7!*$D| zv2LD&XC=O<`Qw+dfYQl>llr>1dfyWgn2h%2Rtdy!j^HNOzH)v4Y0I!w9VVC)@4YT( z_5>aFY>8O%_}(;N3Oo}fWe)Cg4R4)3lUZAZaQ*?Sfod!n1|Rz*?5taCj$|x+_=RZ_ zG^@doNO}4RfM-{-<_M&#xNxxPdt_0yseMN8K9cvw>nF+oB-`a0-we8fL3Kmi1HT0` zWxbpri@P9~Ap~5Dc}u7-kURBb zacPtTYaLocRR&=6ZZ9fJ@zmPEYYG*C2J&hmNN>{@X0229 zR@r`!h}>(;SCX7Kd&Fx%HKD_XayYd=DAM*ICF~iJwj*R{sg}^b&*A|i5`~%e{ZYNV zIO5b@w;i}E&nK@AVM=#?D2BFA$0zrP-FnsTi?{lHF<32NAN?1_+NWT6mY*xEZyJ)H za=1(nXKTgWFCe56YH{Qpzj$lSk^kJiRI$*ahxU!{vLR|Y@tU&?r^@jUZ28oZ7B;Sm z{u9%ty$BRnjEm$6_9SZBbA08n*ZT!&!|+}LX-FU<#C$V-^{(5p9vOHt@xgbaFCzWi z{8y=l*%!^G706h0QgeIch0ntuEjvP+b|H#<_nDf~@|_SSpfc@V-yt6-59cH9iC=0% zv+XTNeJ-!>lv1@&*lPhKTZvp^cg>|d%-S3CMe&K)=6#n) z{6iOu3b=r+|8ty+UcEjFS9hpK_p?P^GQ?F;`yQlkdW8p?OqSnImX-o|# z26^mmlXL%m6_FWvnHI) z`rD4g-8L0|_3%kJQDX37ndaUEJV-BStot6cW<2wxLQaF||JE$gDlm1n$5dWz(C==D zy7o0sUDRv5?7a!XX?%n4LcZKTgBg_KPIVz4Fpmkxw>kO9q2{yXHn4|TPJ3Pi4~+IZ zpJ-!m-AGkZoy=;PU#No5nTs(Rdln5w1-Zj^v(gUly)SC^3q zf%jbJV8cC*xH57i<~-p}c35%{nO}_Sl$r2dFiBs$&;na#Vw;?)TX(lQl+%Rmaq!}& zg@6rWUQOJ8#m{jxCafS5&z3Ovvzrw_gVBAL?7?GA11}8K2Sp)2pWF8QFHnIcj z=AwU70^nEdvD+AJ!&f4?&1qDJ=c@Gf8#`XVKGg0t)`j{vN8P-~sm@k<-RZJa`g-g; zItmbg`1nq#UST|+3JI8*{$B4JpIb|4TKDc1Ie=~el7%OS$YYi;3EVRYhP5j7O&ML` zL4SS56vId3P`03bqpGqc^GEiybTTu0@Csm`ZeUA6?>Idb-(y{v5sGXzWh&5KU@~qyyWj`JF_tn}9(rg( zk>JX3W4U5`fWA`6%I!yPeE?#b0Fk^xd;&t(qYgyaPB01IjOpJ0KEB5Q|2JT%HFZE^n?u(Cgo_(XMP$^RP zEA~~pO(|iIN!2F>xQr+7_u<|t)TWbjmMTKJt1litod1z@U0aGOQS_HY zqK}{?0g<36Z)BC6!`IKIXRW?Ln?@{(suOmI+K0VyAr}JY!Z;_O*?ia%KyvJ%ly6m& z;eaSxOgl*~z@&yBWg=XgW#%W`L=ImZdSdY->YUqzU2lKz1Gj!pu`|TCXy0RR6ujA@ zu#t-o1kBh9LOA3YT7U4<1^SD2oBItxb;*1`grPchuPyvC3ASWF1HSXC`c5|ST&i|b zzUIWBtgSxL$w52EKAJi68yvXJq1rIR3gHReAEWMcA}8Y`)O4O9MLhrf+qL#m6jZV= z<{95z;j{51nCAQz&c|8weV!q>{TX#pb8A%RoKhQ7iCN-JqR>UO=sgdEYx-b=NC=Oq)t6_M3ftsJPyNBvb7PNNr1OD& zhFLj2=aV@@2t{jryK%crD2WF#><_9B@t-4WM{N3B;Bk+Ki7+6p9|qHx8-B)p#b=jq zce%N7yB9V+O22^;aenp<2;OVqP&UjvJ7%yERZ9FV4);J;-&TpUOS!-oJ(+~5v^R18 z>sWpr0=Z$pT+(|*efZ@)0`lYykwOuk>G1#u2{q0``}LP8=F!bQ<=0xWwc@P&(4D8T zUZEl24jLJuP7K14hrR)VUJXF1LSr;`F_^GYw|Bjd+D6QbPxyz!3cI&9!Ks zV$pm)l2$kna9Ji=rur#;x!VKb)^rj5402oN{s?0&=Zk8iR4L4?zCTdYZL;G&s(E7H z64grD`qPSgvNwdvm!^!*q6CfO)#4(o!qOeizi;$;pEPiTPt3Qyze9*89?ft&jQr%j z6AzNXTUE>7RtaHQO#&9n-XNvwod$;Dtvh`dFYfIQ|1gi!$P@kejgZ?R z0i|Su%{vaMiA(TVcs$?(J4Z%K3DWGo<#0%r| z`FTW_VBg*y3356N;YNEPb$);1l>yQ{*|#eSQlvP#w(_K2wCutT1+?*W(Q(1I|4GNG zh0HZ1Aku)}j+evrOuahGVL<#&<4oJHxh5@LVPbo`oJW)@(t;^aQ!_So-@E3`P}XnX zQ}*`&Gi;;f%GdX7?2CmQlrg%Yyd$fDWPgX&0h+?igWsFy<4byvET)vLmfBuioXm@I z1_EI-P+|OCVP*0>HKEnQS0wy4RBK7`6D#y7g!Pa{)r~ZXt>D~!6k{_F^Wh6Wi73p8)4R`(vdbs9;F>Dx9yj~* zaN|=KQb*OE8%URk52HWy>zo!@Pd6*5e&7A? zd-{##P_bRd!dWcWpNrhj^YRg=cn|;oeuO<)IM~*{Q*fI7c^rB2rM4$z6<)UVrNbPY zC$=bQv8O0A09AT(bpE}swQ{;NNGbp!Co@pTm#%vq2XD~IWV&Tn9e*-V^q0MUpbDRU z$mXpMBRVeSX@3F^a&@+0YKEi6l>sL${$!`-LY~4voZ(A0lG>c{AT&!z1*2E+d)`*8 z^a6L5f2H|4bvV_%D%e%k?huK&z>&w$JY=mOM_~6*w=5pPuV<{x|2d7LdgmyZ>q~|F z!PDu0Ky1;(#naD;V;qfs44Fhnu zw8JMi3s_nlgTH=fwf=4ct737Iyg%LP*ZUbx4WPR0HHP+b49%Y)CJYf_KM4RiKIWI8&iOud$o&?a@DFTvCiH6m z76!cEWaN+#?@VI^>FM`mTPTML(r|SBf|Ant#p3bqG+%c=Si)cp^1;U*H7f^>eeJp7 zmc9*iS*D9VZavfSXK~%ExUm7wdVMdDaLZZwwo+-p-oWC=;`^C9OF6aV(En_;%`p~~}PiG)|UonB58 z0%A?w2JUnYd6KU8nXR%T$Vl>^Rn7bkwaZ<*f3G024Dv6t+$&d}nD9<LUIA z0c`Mtq#GJF8iPdcHEUdV=l$zG`mV`~em{K5Yc#`k@3u$~$to(c8egcu@zHgG6LJ@* z=Y@E659I|_{PAmcF$}z`X|i~m{)z%4TcYuS8Gw46`iZ(d&%q>5vb}o|08e>fYe*ne?f6s!>O8&Y?Et6T!fW*!Kyl`S?ppKs~kQs{3$_ukQrV z{Qhc#SajKjbACDJMq$?bNT^RoTlhLIE=O-Q!f#OEuKIMRQ+64lq~%+C`r%;)6)xRJ> zDq=mE=i{{pWQwGzNbelRsE{5B?miu*s{_Vn`cxu5uYX|Nw<9edy!lTZYM?_R_-5cj zKge0V!yXmBW=Z0HFv7rFhCJNj*iUmq1(ccr^sS}_BFR0Pe4ddZ&L>6Uh0nba&Q^B9 zdemVK3HHOi9swf@QnLbBt}}txs58 zA*`o|yrrV+vL5}|f=!}0KF1)uD-=Rl!Km(%+!k7ncDd|ME^@sE(Cv;=uFQgku(KaE zRKtx2;B`|n#yNrkp|fth_^eJA`{n@uCjm`>y8NBeB$N##(7dfb8uD~@vUB1;221>* zHJHFH?o~rNUY(BT$0_>(HmbeHR5T^_+xStPI?1p99m{vt%6<@Qv`b6fbIyr7E9>`Y zo)NSP;y!nT--#HjBc0{^fOte$(+2@~C?|l%dCzs(ldZFLt2Xh-gii(%SZ*rA+v37I zaqqv0#n_k3W$x~k_EAUoHhk%$6FDc7Vb?R+V7v3&GhT{peFco65x-7~Dmjzus2Df4|>|9)r$$z$B-BI=Ghy0472E(qyTJXJ5=`zruyWk6%_K8Mc(E z)2AP5#P@Az?!@y=>KXAZ<=Y*NKm{k3jCb6f#8TJlLlDV)bvq9W(MDy(1FgN`vn7*f z^M~1+keB#+MXj#C_@tb`FL-Py3j05S=>er>WD>{5au??#)8!%mE496XC#{AUPrvE` zzg>hM5O_O-KYI?d?ah}UBnqNQS=B)Lv1)ryq^ieyA#|dA*YLmr)E5Dq8j&ShY}qP%<0oPHs^$X&@@#BlKPXEj% z1pz&lD@d$}2&2Y}h~IwxD+>Cn;YTWm#iGt_HS|2#pSp#{4Tl*Fs;zYeanZAd;D1Nbg zPUWqdVPOevG8h!m*u`9ZD8-jzgId9+K)2PYtz6g$Vh1X4U(wTRNCoP*kg8IOH}egF z>2$m|#BlayKeiOQd7TY}UDDLlSs6J5wdp!&ym@nH4p%C^K$MGF-xp0h?0cJZYfjSA z@H|Iwsle2BL4e|OF3bD5^}_Pjkn;@%^oXNo=4gG8&kM`@P(uZG?0>$W4h|-)VBDaGMyr*;d%)`q6dN=en8?96+dIpYKG>SJF?2Kq+O zs!5+t#c&9=T77ANC!u z4#ym1@3w@7$4mp7+d;08 zMrdqlw12JZQy3FL2ku6jY3^^+QgrTc`%DH&z4I0dMq+)X16y=ocTjI5{Gkb5JqhuTr_D21>*5-4gPyE zLn<2gO<}Jo9FNfU%g)Zxxi-h(ijF&4v@bv}Gv)YwJf`pX(U_7qG&+h7Zz30$^zasc zS=urvbKVNjfu7G-8xEFmzKPeW*lWh#&j9;nB=^NmS<1+U=FuyQGuuNgkfA}Xs9HR9 z?d|b26*`vOla;YazTPDH!iyY4oWSkbD*=o9)}ZiGB%_*amAB9mL+tBbu3X}?(zT_( zeg{Cu!TuuJZ{=4M%n7+e8!S?$@^?iOl7j7Yrs)Gcbl#?OOoHxPIIXr9Wo#R^rmbuY z&G5v_z3zwYJJz*9TG-t zEqssjAm&OFfWe^cAQ5S}TVN4#rwMKt^2pyrn|XKLb=S<7dQbTLfQAT#UuAb{lV<>< zcVe%Gg1_Rl*8=~Reo;E5vK{Z6J8{vD@DFP2882XVeL}N3u9*31Yy^yE>U|)@5K`+u z)ZUM^036s+_fEv~bOm(}h8QgBG3Hh^1bJ9KLEWz2PN)f*^lrqH)qOZL+^8zuJ+I?eFp2ey6ucsOz9$bF z>sZRnGN6KFA(B0mKz1SA`s4oP;`6l`j=zlMiD`j#C8WdVM_4D$!t37?EZY#t!GMGW zKf6;@n6Y28R5(Me?Q(aSOJ+M!od-DcTO; zQjQaPd8x2tfLBpNwelm@hi-057-H``q8SiZ$TuM80kZSTz}h{AUAPfGOk>}&R&5Dx z{j)MZ;!6@D2j^aT6tH%*SlPpyz+=CD~SE zI4t#DhO=htWA}hAZx%&R0EDq-Qn_*D_R2_s_I>R4G}x9`KSuMDtNr08E0xjy zXiZweDNdX{!Y#_q()C3;zvJN3uWMC<1#~D?NGh^0e?ROa^u|BTNiW>h_FW z+;FP;9x_8!`rV3K%4*Oa4#cAd(Kf@K-`8RIX&3b%!tnRL#;oN!zs)buUt{|;8tWlF zg808L_I&|P(cO^%oI+$LjI6RmZ_2-X!Wmy|PaD~q zekSMwo*wY7JYOiN6TPJ>+4qH?ULVI43Z6HE=qgXEssQ3G$5Rz=JV9u;H%tBm6Ho5L z(jVAV#~HTD#yx`NNSl3IC;S2fYw(dv9Rp4Jsa948Z*&p1Ob*mhgy0mRSbe>LkW`nD z%;<}93wLgskY8RP0CMs#c%DjAC`(9zO9k{AIta%pjyr4*W3rcJNy$M^y?th0;NVaP zSa1N~F8{QW1enDg9$DkA#9#A-CqF6CqTYf6$>V)IeFYdvp6&cdgPF3yWDM=zv^J{s z3LhmNCc+^csf+iO64_7u%=H`wV}n|L(=|_=F`NcT2ir|NS6LWK7F6QN_Kqx{E z&MKLRG$rmg-xoB#os|zW`*EE6Al{sudk3GwfjH#kgzNddsQoLP5LL=DcY-E3LGfaY zv7jW^Em*k5t|Vc|aMivr75V|E;&mIj^L0U>chc?LQKE+JMTf5I;yU0n*F)B<6Y%=% zmA(ZZC;FCplf9*SAKh$}o>Cr7(bc!kF)%373f{UHM>VUIdAB0tLUZXJS0rD`ie}Q;sNuxUSMAZYmy6Xpq-t!k z&XHqM^B7Laes(CR=Lo-~>P_96*M&pS{Yt?^g%Jtf#n1D4j}PrwWY_8Vl`G0viSKRD z&QDcQa(b^52OdIJ4E~$oNH+kQ$CTLm91PnIT*T5?0@w9QtzNyXOG;`$w?u6#QUdujMlUbGN zi%L^7Jc0N(oM)3dI%S?RyR$OVXK8NR%b>E{ZSQ$98<{skF} zKP7eFsRNzt+G)dBI*1- zpEYIK9}PME`xkoKIrekqn@d;7Ej%6cB@PIaB)F4jPaJUNCi4jh8Fc5h>=eQ2nZxE- zuDUd>aG>iC{Ntjk{hUIX>}M&3eukMu#CF_)Jz`bkg0j`AEBZPbdkj__BqQ~bG$7AxR z&wzuraEc!4x-q|OBA)t%+o1D+#g3Tt%8W|~hrq_pg^V#{fLwhczlY=;Jz)%y3MTpE zsdMb^nh!#1UxgRSq4)3F^#u%RKdwbD_=UmcLI1Y4WVad-R8c`&1Jc%42X?lMv3%Zg zy7&nJeMR#!wF)!JFD~ORj6{ZcaeWrAqs+G8`Qb{u&vd$<2l(m~_V%EE7wmM>WSP=8 zPaY;)!u0he?F%7(WSc(-V=>Y#h@&T=|D-{1F=;9SKG=Db^8Q4GvD$PxmltobD*X2P z7Y5X%55ZQP_@r$pW5aRWX?#VBu!-#}+5Q^Db^2Bx~(=R8K-fVhxnK=Br$YF@k5h zWygvDJ>IfPfA*O^Pm#-ym%4VAR7#2QyamA!Luv&z)9Lr8P151gz`p9kvg4TSVt!jf zQU5R=Pp$Tz0+1P?7JNhRa3k{GK5+Z-Y)MASBtI?rm8w$HRM=q8PkjvM_^j5tNL`0I z=t`rzRJxzbg;`EtBR`^KA3XWbdJd2I`=RA`qZ9RVLUB%Ff<)v#f8LbG7dl#`KY&If zE~Fx&n2fp?$o$;NDGx&bSUjr%^AUE85rK;tY`>Fql_RH8q@X*9w;Cde+`G(0cDKCO zbD;%&ocHeyzcL^RWR%NltR}jrxln=C&59|VVpVwXDU1w{>%MZzI5t|lul3h7f5cGk zq&x7tY93u!vGF$smZmt43{HTWWvtsyK@1Jfe!Cr*pMSm@Hr8-NlBYobzoW2-^D*QSLMLh(N zQdCElNNcVwBdC1|4(*!OyhqdfgLCo06+|R$56NJ@KCM@^%QT3T(cGneg;||t&>x7y za`N5P{N~j%8}ooOhBQKX44}W`P-WA7%rqZasq_tL_ugGp6CClaj@Gn|M7tklTn4=2 zK1-DE6VPp`|I8?5)@8(&U4MrCRHLkb$M4sKg&P0H4`dx)z-S?7;L^`o&R(zjJf6YB z64O2FOuJ8KofdeROt9?(?lPch`s_2A-K9fI6K1_78S6v+d*rFiZvnWkQ2K5uQZ4D< zue!b1+w}q?PG6=Cm>=zHn23r$3qz_pJn7jdI0kZA9?7MR-sc`bxaON4;DCIvr&@}i zRw!a3(lcQ&hl3si@z>5rt+u=rkMHU#z0O6%ZB3xmJ@gyN+WK7Q5aYix1{s~hs7wgxvyBt49X z?fdi{hS@ z`O#D(`5x%3#6gE*TGn^2I`H^D;h6oo$Iq#Qs~~4fAjpeMULm`d+|M|L<1rlAJ(Byx zzlBWH`Q2ncj>dv0X~7!NZ!bFIGy-!=-ShWgchQ&rrZmhB1+#@5^(bztegv8#xCkl{h~Kl?^@0~z0#hst@b*7?s9m;0Ut zz1>p^m>fhnzbkYwIc7Ycqk2#O`WQ-E<#o=%2-&y9Riqz9 z2pRCLcyNXdxMnq#i@;Lp6K9nSn0POH=SPHGP250axou4+c8GpBjy@G2-vV*jLI1g#i1v-!}zdJ>mX!D-q!t z)MbvyE+aO$9Y4^!IzmbB2+TqDW+!7g!LGJB^@6g4d9mIJB@tg?>-66xfuNP z!#`ujiVvnZ=xH&emU<{PX$SzU7AuD90W9lJr;+6dr6JF7pv?; ztUIX=+@e1*I`b(kc#s|E@xmjQ|0EmFKsx~1X1L<&dWH&qvqkaE)L5O-`tzf@$ReMg z(%L3*eK~+Du|G2SF!{$A%^Xu=kbZY z)%ti}$Y=0sqHeCT@l$G_e0>ory`ZxmqO+4u$3FP-=964?@=SQAam0Cr=%UW*rz?nA zu$EM?fj2q0cvQiKNk3g`i?)Y4I4dN~a93AY`z=k0L4gm+t{5aFCy2AU9Vn8aJr3jx z&f-0k%JKI^<^Ni?p;VUqQz3OEhJ~4z)5-SA3%FhWAj0aN*+1*iWuDkGo~FD#=;DyM zOoOLnPIo20A?%BkiUKaa?O*rrnF_Bb)L`~IUl~xbxX5`1w|nY4aXRQx2l7rAMaLfY zqN21vd$;}v9k?(1Wlp!7KrYXkng*S00OY_CxiUA`Hk>$E|+7A>U$+LRvwwPF%FuD0>ESb5GMMI-|SCdgd@rn*;FvMayYTdF}jRL4G z9%t;>_dVpH(An8gaHJL(cE@Gx@>k|VO*v*m`yC6DNcpkq+NuBDn^*icVg~%WUkHr) zb<6sGGQ%LZU(?jw$MKJeh7Df$3G($}4)xu}rSrSLxg>U~J{WlgVdHsmCn%oWl7xH< z1%5|e1co~wwy}&%sBR@Lzbyyt9a16diWGYS!Tsp6>qnz6zbF>je(CSR9=MIq!$47J z4X$bFT*t;=i3r#&LGAd1lHP7~re_;`dLM^W|H+o>7!C&_3L~}EhjMPagFD=Fj-*Oa&sLRE-`>|3K1*UGY#D4_i!`^I zzo?3e1^55nK)fJd@5A>4;%QW$0~Fw7_r!i-i6B7JF@qtA$!Cdoem*AJZKDAnb_0B1 z-)6WYz=mzyzxAhVgy5{M?+7Y~$HZfwAmx9x>lH+OjDOz!j58S7_#63hA0uFC-xwI_ zejrXf2%+ZW^tZd84@WqNz!}EvDa6*=@pagjdnsJ(NBANVVQQ)$+qYdgEu~yJTQQ%G zHfTPOYN3iJt=^!|+pqF{Zf9)S*cb)o{t(!?frp6K(TB@R-q%q`Eheu0qPi|;pxHy> zE%gk!GJ*V+5fvDRbY4!6V<#D_FDduM6`)^%^99iXh{_~@pKXz;i{>LZ5pIV#KinHJ z<$=faSs}>9mVi2FQ9)7;j5$!ZChqUy_*K0=2T!J%U%_4q2)Q)nwz%kw#&GvW&%P`O zpem>*C;~Lk*GCRB*JT_ZhS=8+CQhfZzw}`35bS zg*{hfGB8yvQX_e-XSZ5S4$x!n#J=w!-XX>)=ARC`u8 zCwum20fZqG+AqI-V+C|6?uMUYSel{#_|D7zC`0@{0u6+!FRyTyLo|@G64m^vBc}Sq zme{!Y>S=*7ohLJfi6@lBthD)+-=_fD@PnTq8!yfj$7jzp+%6Y};vm=QoCydXD_{2W zZu(X|1W9@8Fr5hUN3Kv|o%rXGU)O>cq}$nkU4e>mm1nV`M`!`wLTWMmyl~OR%U!C1 zLMcJ;mGiwb_suw0xgU^g)7N6X2Vru3(L19rCVFcVV$w5obf1s`1cUBYa9xi510ZPW z8RD7`J!L;f!#cwG=)&!je62_}(?Y}m(rDVPRyO{mCR2mga{Zx@jvYFqZ?P6iE6D}p z7i76mICtM&s%?L;?lGjERSULhcx~p+;o4*>S+<+l+BSK*zBcaC7BFf4VCNpWhMurn zeM3F(-PG9=*A^$)+PW+U`yStzzlRmJeglmaPyAL%$S2IZfUE}h*U5eajpPI;c<`pp zP=3DB>rtd{NKnAfgO<59jm5n5!^bsxvXG}}!mqFhm;LeMtz;xsy|{k2=ItHzZ?S&O z<*vMd=cewZWU76--8V)yT`bH(D!2V}eT0|Wv)#hNe=++SG=b{Bwg)LW@@nzipY{+i z@BUThFDM^*OO2$749PQ9@cS4(l)?A&4|5EUcqy3Q>J-mwSRSODp}ijBrgeY)ftB!s zBt?-xD+@*eAj(J$BnS4j&I)ytoIyo=$D)!h5a)v-z&_M0IQwl|2>x$o$&Y|66mN?0 z0a9tyFL2#E$@Wu*w#|MleJ%AIXY-Y|o&qnczx)c$<@5Q5gBPAcY58^tfrXW876k&s z@Vr*aa=z&LZ~0j@TPAmuq_pa6KoX4E*Y&jDg!#>zNzRJN`Y!61(^nMuX>a>d{WQ1? zEk`Pk2`azrYYv&8_FM3Gzh@cV1Wy@dHX%{LIo}E~H^bzGJ`04pK&vOj5AVC`XpGum zru!F2%TD2BW*O~~-lQS(lm~NxyvUM>E8$YWv3>7Pix0-vQAd7C-SsZ!p$XKc`=`+K zDY`-)=A{H4G^P28?vmxQM)mz$#Mlo6n`g_(07HEEkg*Uj`fK0%>^DNleW-u*2tm3K zfLfE8xX{B$LTAN1TWU+co-aY?VX?Qz+x+1Hb|sX9Q?aE>^v%G7g=dVJ>dKK@i?(M; zjDU22G62L-oci9rLbN1j9fe&-wuJk#jY{ zAMr<6Y92xwY_$dP`9#mtNlGx7&LZDD9m|#=dgFP^%s#iz5G0MAY?~yWvz~_bOLM|E z0D~3(1^`HVh2XG{$M-4x>x7i2`{U^D`{eXdSaXh&;C13Tkml=!+joWihNeIcOdcG{ zzguER7hLAL&-b$;M^Da%fR+I__cklUZYj+EkEzEsGnTv3DaMWN0HC)1gz|nqOas`b z>`e^YiT79#Ppw!mO*nCP*hM~1k2GjBfN}Xd>ft=Z^R_X45{@n7HeeK8+$Nu zgH1b&VoAeda&+e7_tmjc%HDkR-%bmunWOYz#&GBM2;8p14TvxAlCe`?|((FNfgn=1{Zd(>u%?Fi2pE(pQLAKZ>fBKu1OCjiSc^|R(ufU)II%}@;z)%t%|Ta2-+zs zb)3E~%oi)cM7lR?|DGNo~)@>p*Q5z!)rx*!`1S9ecn}AKS8hUgq2?K z09Dqf+ylYmb1ys5ZG`^llcy6!EgMSlzc7{P!r0U4Tzbsuer=Mvt`6n;4RbRW(0mRQ z+-)-g=<##zy}&rrt?+rCGcBlrykX8rxpqOQp<$R7B!`YCH^XRu)jY{DFSX zl(}vnaeVp1PAzP((mO(CK4)AG+PFzKm(}<#Y3DpYe){7zolkS0_CNYEVW0(Crqd{{ z#_lvd0Km}h+kUFU6)Hg1ZYUJ&WBsM?!>wtAeVBt*qfLd6ZlBweZawpv#MjVJcpE!o zAMJ5%zklz{z!cbIBF?Jq`6I@-zj_)#fI2QR$TO};3=!*MG5 zk$ii-GxTL1O#EiE*i&AxzGd;-`B~C?c)&r}Ti4>pr1-!L+*X;>ndefTFRR*Bg#Nnd zp&;Ggj(S+j(1OL9#j2PkQubZm)t=f(sR^I1lr`b^ce%rta#hF@ftuu5yM%)L?rE+} zmVFYgS<|?u2j|$qW&F(V8#{hqj4{87!VBKWaFYuh>+R+mngs^}D;V0*?GTYvsg(Am z)0*=>KcC)^!tzL~QVxlYa59cR8$Fceu*9$Dz9ASChnY)z?x%ttgLTr+_HAYLWJBi& zzcxeYLU`r=)KeZ9HK*J8c7&wPzB0Z?RTgx(DjqJ1JWCi5_V*cS$3Bp+#8f-?z%uM${+QDTXbe9V zwSo9bd-WCFu<;63hJ8Qil)f?4hr8D>smhfCHe)}sJ`(8>HTW16n(Ho-EveEm8ON%) z5q+EA^i3t?<8AJg!qC>iv0O!Q;peGjBX{#d4mG z0(O^@nztHG!^Lc5?`=L=Lmhc4B1tC@-W74=YwmzQ#nqko`uYN(HU7-d71>xJr7D@R zuzGy_{SYy}(TSsxnoR7^S4OBXWgV_ty{BHxK4Sd_`>@(g@2khSC&}F_zVyCkzF$>@ zK2@ca9QZe6!rs$wvft?kauF+iv$KmTgqwwg4N&Q~N zeKnuobfU1u$Qj9Z#uW;R`~0-@c$=78BrIu1H=FzmV;I=Y{P9~CFiP()$%&~?C3>m# zJEgf^lFtH7o@s=$60bvweJ~~{0Z6(s9FIg0Zu^qPk=&P1{+v{V*DOl13}C}v_;;*x z_|OwtZ%0TV9V3USrP`Y18)SIvSF#SD%l3I|Wxc3D?*~ zqdG|{17|5~Fda^t7m)U!q6igSn>Tdr*e@V7n}qyAO)Rj1(NI zm>SxY@N)`g1!96YHuu1^PcZQXB}|6o_384`V*!DqlMpz#TO7NA?C#qr7G`qc3nTIP zpbx4Y(O$Y_YE-Epx?j0j|Fw_DZJqBfaLw%S@x$`u<#Ahot=jP~2l=ft*{YU*bSkLp zQ&-jMbEhp5`yfAoTn`nV7L{^e+4m(00Y){h!5tQH(vFP~j?=VXepe1p8v7C0ur^?o zL=kb0_BmU=ukTMn=h!UW^pLRILvFRp+`7%EHxL~QS}tAcNwAd1I;d7ebflevKyMY7qrW0X8e$l)DR$ zGm+APT&ONwSe0vr&>Oip&M+~uGw-x{2^5;Me&s4ZAT9)XCnEOne$<~N{*=`xdcB%A z?x2)sO66_)Y^HWO0wI_f`@Jtu?L2(nMpbjnb3ZOc{h+`KBy+5_oYEJ!r4_Gbd3qWu zW!)s-p&;Uk`ie)|01xd>t`cGpLG&sB*I8ztPi1lYb-{ikDL1>r;LGEprUJJ#{n#xo zL7JxLPMU#hOetTeFvt$j4;S6zVbZliME*zF!Fr5GHP33k;p`Ig;w7vi=fp zCcNsL=i%Mq!kjc9;HF2eujlJ?;^6(>T0b!{fA&7ZgC0m$8P4)=K5jRb?a-Ji(QCS+ zXmb$EZvUvca|qST`$>if4niWq=rM5oDg$d(pT-+1fJY!z_thIeoCRP7blIN45!%0f z6V1U7Tu=o{did?37Qa@Z_L}>$NVV?q)D=?gGNGP2dwpuVL`w*2G+kfe=Va zr}DXi$q6O!7sy#PLP*Hm6SGc$tkxCv=j6%&N%rB9Me;^k7i*P?bplNs&SwZpG6Grn zMJHBr~!vG#evNdfk?l%!WP0G==-Lwz!Y8c+oDF}UD+t-XsLYw|) zxoFdVbD-v#9tjZTT&o^`Zl{dg7`dRqM!=bVU!~z*4hydDPfwKIa|`?|aZL_~I7aK- zg4blTIRz|Y@rxR1l!UXU>jAG`&$`c7zvp<@P={lZgAk=$SLkvJ`}hd8aiYGi59o|< zI1hR?!}a!=p`!(lp}gy|Reya;!ms|YInb6UYpmgy`bvn0IkR34OMmW%ZTIi^V6%=YuB8>2c?4jkM;8SnZSf(hIG@K?&(uVMPg&Rl2pho(^b8HVIz7y3_b9sKlLdnswj%`=e%seQ}VO_eN)y?GCLR2clHv-<2&Zk zM1FtpKKeUj-r4gDF8OuuGYZKyx-d{0m-q|{=w4Wf`%_tU%U^jcAiIcnHED)%=%a!l zFi!pxT2_HNw^JRL0`9SY)>3F!T))i|{1K^ddCGXe+HdiMXX+U%<3mT)>|VUu(97c; z)p6HZ!5ImeFc2mzIL@u^E6NY8uI;+mRyUlUErj1Tnz)q`Neo?8(;}srv-2IieL7{* z=}VsBWgYm7`Wz-cM#DKcjeppfIXaMRo;DYls22Qz&3`XQBCNy`8jc(aO?rIf?ctp( z8<(lS<@h7b+GJn64!zwOIvIrm-|p}`z>wR0{@4)TA6fi4+c5|NlIMsD#;K(fA}w(KDWE;yQ+>Fj z3D(wokOq&9njX0N$DRfNr&a3hT&6B>TtHtIxCdJBQGAl!tE8!qtzU?gd9>+1a2HXs zu5EF--XQG{HgD-p?eQp!QN1|dma4tw#P-k6R9a6ea}x_fK>{T|EN?@K5SCAcafn$p ziK^9a$*~n<iP38C5Q{qLZ>Iy-yD`L|c4I zvO>=ZQp(pnIqLwj)?#*J-#HlqEd^jJ!Zm>dS$vEO%-({IZ=AHr!asq|D4e9UT>%$a6@~dc18vln7+=fby z{AY>1TJzV;sUna+I><)B-B+L`bZjL%eXsXOH|AlIEyG~<;H9xUFAm4nRS!)MHY7#B zXt8*km-p#+Ptc_RE%S-zRqmm4=H{GWHh5x2{N;BdZK=c~E%+4s8mm@ryYL-fz4T3KZp3d^`7g!Z5_AyDiPHPvs;tc}9M@)EnNfpvmh>z3{C`cnpGs$h)s}toToK+d{ANoymQC^$calzPEF@Qx-u13zoz8nHgv{( zFR!CuRs(kopRt_{Dab5vGDR5$d>q`mYT|}Yc&8Aov0^QMSdMbwet`6C?RY~d?X(V0 z2&aobxhN=05-gc<4v<5dVw&_oB&@Xot>rcADH3i9Q}-3btcdMAto!fjb9S{!ACA5Q z(9bk+>+|FjrnvB5pK1yx{)F0<<_fRYN+8r9x1#}!=aT?~aB|^q>y%6toyzq&7$>w1 z@X2qHDi+Fcp~0D>E(}~bg<_|9spL#o!V3Nk$JK1yRyvKAAH0kc|58RL--ki!5D5rW z+1`0$dYoE11`u9s`=Tj+e;yS~+e;reV_~jxJsd#fd+qbA%?&+MuRd@Y7ywpe)=Bt2 ziI@CE|JCeY&uX7ZrW_Io?1g)?9;?0>(BH$+1~v!brI`o*ZM$oG4(SQn_q;rImihVI zbAOLfg~_F;L)}Q{NAtc_UYfMOj8YRT4algdzwSHIg7=n0iZEYna{fF*m;vSgSUR&V zMUf~7|0R+AQA9u%5!rcT7etUvgkL{F^_ElzSeVmtBXO=-DA>E;dpXtus$V>D({wVC2`~+gJZh!Wn%dk#}9Q8iJ|AzPf zY$8!RX>n_ zpKY)&5aaoH?-LsNMnA#fY@ET%fGBK2(8#Kc#*4Lfr{gRX3;e0a#Q3USKsOYH)amIgJ zK3AL3qf=SRu9vb|UtKV*zlJBaA*G9UVB+E@qSXWVp4wBzI|*Sc_`Z3;ga>qV1NDs% zAJ>`|`cIg_plie*3@$&*?M8yTIl~m+d%wD7bj{~Z0Ta&EaU^WsW(bn(oiP=5s?hOf zWyg>tCpzcfAiCoKP4L|E9E~6|D=EKEqdZ$w`-xM{e7D0vk{7vg;J5R*^H;VfEfG?) z^$H^`DLnabO_1OLo1Nov;-!Lw^TvbBvr6$-3sS9=q{8y~!Jj!H&K?YwI~{`J`MdR2 zK8HhYhmgL!m-%bTl<-WD;K_Jrl;477&$xFa)AfX7?>yIJXxHDB z!A&SAC?1|(C;o)02`%-g%CPhDAS9!)mLMIOew1&@bZ__CN0ak{9r2NxFmP4eSI0DZ zjmm(f@jAzO%ELP{Oc#fa&iPyc)JAm3<`MD3=Bb*Ptq@dx>9;C&MT(Hs{ca86xdMN) zheHX}?naigwL8Nf5lHEALsU~{H@7G6o%7oeW3{a@R91?<-#v{PgQ)b<@9u5L=<;i1 zYOHmyHAl?v=kn8Sj_z)i^xzN}8qb@OaCt71#Amb(5|;MQ9_J2PsPifI&-HsU`~T>D z^cN3tcfP*N-lLljyjc4{qVx>&xQZ@z^~amoKQB+&`5?C@-(98x(q|@%6r007?+h0o zsn|W$B5Z7nu~#;cgm=EVQu%g=T-(n~kW@#OWF5m~a%XpL4Up$ARc>hHlK@l{?i%iN zJtjyL$VKQu-h}ZTZine2etntgkR8>;6^}VwH0DM#s{qmOr}OACS)85^`>jel;OU%) z?=h~LbP(!e)i-G@CGFn(aYC{)9}&<%Ci<+daXKm5KXS+k37MzOEb?typ8gm-L)YC z<-RC!OGu+t>r7o=Z#a~gQfYQihy*|?>;idOll`2!$wj$SuTi#CLPDa!<-R7ym6Z=(53OtevY1V!ZDRL#r1bFhFqlw<9R&+$zJ#hY=RnNT7 zO5BM}gEv{5P-08G&4CC-oW7ldjHA;^GsgP*}(NHl_~)b*Vg5%*gz&k!Y@2ME`txrFWwNki+`JHirfv}Y3m zU;7pJK8LpP!#~zr`>4)m^Ct)Sv9*Qtdn_^NC5QyN+uVksBXW!-LdOeR00fVir5`h@&4 zUr%kg6reC%tbDxIkHyG16Jp8p^PAd7BDjQV9D4h(-g@%ko{st^I4w_J3Rl0nePoke z`Bhuw+qKL-9pwiEa3EU4B55*~a_-)DhEbnuW7Yi8YkxMxb<)aSlWFU%JR zd!In1>wTi`Lt$I$KL~qazR4xERj(0j^k@Hm$er-TsJK3H21h<`ep|Zc0(bqTZ|M=m zEPE<(FeG+5Xb@dI?rchQj9)C8u3b7b9>)7;>GSfy9r37eYqVci+G|V1WnCt^cH>Gtdm%7P+_nN{kKnnKLAv!&+O_s-~np_ut7o`cy`ZBkr; zh(U&H2i3Oph*#>4!kM%`obZ4*R{X5^IdK~92_J>xcGL_La&`GY`I+w>c^-?<#TLWPg2)exwgn6~ zz!##+CYT0^b1Z-rdV9UT7;KdCduC)`5V^2Wq6JV=Qrx?6-^h;(+qxUgK!=dg$@P^y zt4^ADY~@ppvuNuF@~iJzSsztCu@j4z&D^!B0iIKy1=^tW>tg6#@tR^TTP~^TcDj(WB?(lCds@VHmQ|H!$?anq4Q& z@FaqTyk_42fF0Xb=x z68)Wg`-r@!4d&}TO3(xGP`MlgH+80rx^pG=v(8gk$V7ET5{H?D}wR!iZMyDxY%)HCwV?qkFfQyY-v9e3LgWdg1X zbXak$SpwTJ)`DKieSRIe*UTfPhpRn=eemfBq>R76=*OIk8@C`p8eg2Ry-lB`=kYV( zt9Arvnp`Z(Y-9%0gkR_Apz-QVu3lq;8}1PqtC|HrCTrPFUM zxX7fvKn84WE(WHpgz|dcGR~j?n9<)88ys6!FKZjyD{(0dx6@h8yLZ#=2ctt$&7zGh zai^43ygy$K5`PKyS%sf-fSMF+&1VIb&IJdIi|oR=7~k9H3JPnsMVW>>RKR{Qe>YAR zkL*M}RSwQW?A1GuHByaT3qR9;XWvn8=o>;Xa5(RG4a#a+uiF9{9j84)W^@sq8ywFy z#=b6-HtkTfHeb*$Ic{XCN^h<{WltFE4`m z`fv%YHiIs(FXGv#Wb56VI>6h)J-@~svLG1edTC4zgZup%s!qlxPxaaoMbV{JJmyy| zBJzxTlnLCSJWxIH!P~@rK0dwFvW2D}L|8Uq0yAcU3S^eNb0B;zubWWj<#K5JA2wd* zZ;QmyCn7%7A;h&Ui2Pm_(7g3D`Z%<$uWe}TzA6;yHforsxW@5~g@907BP>$tch=D{ z3Z0f!MQib}-=SFKvEZ|Vr9BPn>&MR@ThPY9hkaemIdhl`4PXwS?kR$By1!sOD|Cxj zd9*M7gpW{rrVuu4Mwr{faS6f~y1KjxLcfhsrHZO8ERq*5^z&PdweI41WUToDpA?~|B%QypkWEv#xkK2$ncZ8-0}HaLa(`9>kkBTq4#e3UzX zt1;5N?{P*vCE&+LeP4;jmz+@fRDF?C%Y;F@&wT!F79FZ8}QJzmDX^Aws8 zHulwDJ%Hqw$AdGS{c>Tc?{SiYZJcJ4v@8K&tp!Ct(iBVQH86Mtw&o9o7@m&b>AjLe zE8iYj!@M7{v>{Wkm<|XSdN*gy|K#GLvtSG>OS?#4!S8wVHyzGFaBitZJ6&L;h3#wp z?SV(qMQmOI@BFfT@)9HR0>==j{hLm7uZgpcI?(5q{X;|+QZp^YxH>D^wW(Gkl6dfP zW)4aU)@7F>cfE)7hrvRm)PDT%hhz)5C0UJ-oUO;#r3{@dvONKKwm&Sne*h=B#!mIf ztUJt?Cn|q6*Be5v&+MffQfV3-W4_)WMjrCndLe6m*F#HZ+PfoO+LJ&Im~aO&_4A5U z-kgX4pE2>OJfQuy2s+!Feq{iXo)M^O1+win`nCr z!C$KEnT>- z{O6MWe35?6vchUXMn~^15!A~`t6bFE19swG@M)Z?r8M14LV^IY%);Ig+#k$|k0xkU z0R1)?pd(*?_G-LI-afjQkJpe*Jt{?^!C@Etan4EfF*4*cilb6Q&UZYFCxUaRGq!^~ zB+rI;8oF=?R_i3a$US_y7kt_x_)A9p0wJ&;^*+)dI)H$quDh1l#yXAfw@L3YQ<91R zioJOI_BZ$}o^V+AVj$b>o6OwSw&A5`XMQ?Q|9i{s9aos!RbzB2iL7_8?+pln(uuXZ?^pOE?00>r6S+QGIAf&rXPk3 z;nK>GWE0eCzaM{tJ;Lyg^XCjD`Q3D=FO5fzc-)FpjsGES2#z1|fq;c(IPKPPsY0vt zbeCS_+7+thH-h*9)A1#i^U#$^P}*9EV&>6FaZ(x|sx$-*<%VGOi?HlsX34XC;kJP$Ek`Yu zs#0sX^`-1d8j75C)xyV_N#1hg8Jv4ECS-|=1@ZZP+CH?dryrm1EFL9N4-s{34H@=d zSer(J?>qSGRGqBEgQL~&^|MYh;&`6p7tK-aha)T9`=MI3;RR$vyZ3&!EBd=)Vkc9G zD}%P!#)FMeUfq{aIYH`~adP7#UE}x57V|!oQ}^kN7^6}RY`(cJ&XCjlEN6>K`mFV) zy4Otsd$ydU(RMd^gBy~uOI~PhmCiEcS5wQrtOX#70nkytuH6F`3#fsG2Xo&lNNPdi z{K6wmZIiJl{YlT0jM5o= zC*o^Z>P_y{q>H$ZTd!PMvlmd2N~!#ji08}ex7sl_nY&1-1b-k8lX@imy@ZA-HdWYp zh20IdqT@AtcONl1K?>^L>3(}&Uk2}3`ym*8?x?Nqb*vf zfN$6kLe+m=yv^GS1AJbge4jGuwr5-lTDcFgMC6lSU%6!IP9>4#*LwK$ZB>K;Fu^~e zB^NJ7o=$T4hEZ2aQJe4mI>8Je=S=4_9ltH1I%k9T_kjikJHpmJ&VVaClk)bse?R?n zW-!Z*LM)gWkXu^N`}+Cq8@4;lEBTA(wn{Id1NB zFa?A3f*s`9sogq9peRB@xq zfxKW)739tFAi;Ooe6d!=N?nLls>|rwOg5g|3xr>yJk%pMnEZaw5ypnbl zqo4~SIlFSNW!MMKR}$*<@eT=dQA-$8L2Y>#4J2&rQFBTC2{E+Rnzhf%=y6HioJGx* z#mM4a$@<4%)#^Ha&wR;l86U4H+;oe0WKy{ z!9XhQGa?TxDl_w*+V0X`>D)_MWamg4hw#QXI$9f}D{(=nX&4pVr(@6)V~8UtG=GtwYi`AG{G*T=2{|MVXF#dr=OPk=jc`e>hb&z5*> zOTvjqPho!ns^^p47wT@QOYt~~Kuw2nhld!TuHb)4$y5GYJC(Qc<>AG&DwJE`>n9dBWR-@1xm>R|KQ>v5!#Lk~C+}zJ+9F)>p4U0`Y-*#Lv#*%ukpocQ|BOlg8?~e!LF9 zA5z^xUR;t=d7nE#^6q?fK`9T}}v8 z{Z7XVxgro^Q`m#fW@80A+Bzzpdq5V+%QAyTn6#ETB{+Whe7lD;cv%P%{DijB4Gx)} zpSD8a9qfDGS0A&w)ZCvuz#C3Kl4An|ZC%;uI8f-eqVXn1P)gxnpf5b0ImuiWPvZQ% z71dI6HWb3=uQG4gF>fgPCimDRlB)Wp6(8N7d@} ztO(+5&6FmJljLC&=V5PUdo;uq!AfZamR>^W9?IA%TDndrbcD;s;S1Zx=8pyE z{G-=GdFYN5w*f9WpVS7l*YC<)hp(~^C|hCkV7X3j@?4X)8u+@~VsoA>k~obMw{T9U zgZ$7tfCU9NUs;DTn<5G}IBsBg*m_uet_Zg&YtU_QBp7nAUX9_!;=&_>7(uLl^et~! zo{qCqPggQPMF!A|+!IWfHXn8=lh}HU@l9#^l%M){kxIU^n97xM`36g$5afaGy*vj~ zuGShP6oBOv3EI-rLXccaza@JwB;GIMUM0?!-e^RE)%^Ooy8h;<;pey4Y^PTgDSBTa z6*$gJ{v6N4_8pqJqWlVh;KeIxXxq3|HrpTuGF2i zIgB;d(w5?=TS#ive(mT_L0xR?W{Q>0MW-7xg^HvW`E(V4I4fT&maV6m{DpOEr1M2w zCV6irmPd^z1R4T>=GomuLwx&DUnr04Oubg&z=Ioz{2%rYut*mB85^uCHg_EWd-iYI-!oo^jeX#q5z(EV<1PUFnAVEvZFIeB8 zo469SMhSyq1lLnIg+DdQZZbcOX(D0Bm5gMsT403@Y~%s@Ok4J@YIrMD8(HB^W&9$9 zJz_!#flAM>Zwik_pS@5oqgLXm+sWC0_Mk|rqBTkj(DLWIeS_o9XulSbgyLCpg3{rR>$f7Q4%xJw}$ zdLr3z(yhK7O-fqF0iYDjdTkp9CG=8d{B@46MZRi~CKP+@C@-!#X&t{K#W*5cTbJJy z-LDxSvn|KR)c2%7#HE4GlFV+q)$^Y=We;u=xOP3L--Us--^C$6>zSrNA8#wM^bJX>kS;wH}zx?VD z+;ZkFD^GIhz|tPtYL(bt?ecsM4LXvC=_&!<@reKL3?@Z+cK$AE_SzuRr7}JslWM1s z$ZzbIPs!Oa7pdN>gUI@f`XTjUoFkJV*-|7CW`!V$!DGY1l z0WbJ#J>{1ZdLHk61Z=2(E0 zLdoJp4MTMAmEgbu>)fv_vAr-7!tvT3p7+F<*A}ff7@nQE{9zSjVS1HX{8IJORx7zr zltzLr?&@n%i|&uesXWQ5gL$y;nhrQ}1$4d)>ubFWXk7yyA4gWgR&TSC1 zWZ$0psL}7;Kl2y{7(AK!ZZOSuTjWn-1ZT`Gd4%1`03YkN&u%8vOLyWr?x!fG`|p>R z7JXQ+0iiiL(?OB6-=Xl)*(tx*Rx1A6Yjow9S$o}q?!(BYCHY=7;F3g%hiDPJU-8Ex z2l#Ye4aomWCSAgw_;IJl8?OKGf&9V17`x>nmyrjkmv_8>K5Mo$22k>>!L^vHC73qW z;kh3&{f~u-I`zB!F(TOm+MimvY9cE4RTwXq;kaLCk5}@&v}cY+MsAo`gwb$6tX_?+ z{o?8~gBw!n38fD4lB>CB3Ug2It&#Z{4DN}{8GcagYs7^z{IASBzQBU}SB0f~y!Lt+ z4Ft|x#8Oqq_oN-Zppg0!{SBs=zOx_Lp6<>}uvKJ5mO?;@az^l&IlM7hj23=x&({;uD$wvl;N}y^TTHc6H>25kb zmG9)G>?44oRFRG!OrYpnzGGy<_Z-H!Yc54LT#|ylPZoWcuBX1=hv8!wROLNOA_SG| zP`^1Tr<36>NfX|$`Id!`{jvs>oc}1)C;asJn)FzPNhph@N<$ znHX=dIPUwvvyWl;6HlH97*KP;PUO##8of+u)HBj0Xb zeOpgur9}E@rk|=yZu{uWa4Id@M;;pC>M$rIe+M2O-!GQK{ANg~9^Uxg4H88Y_nHu- z%KQ191b)8U6sp)bXH~b&a5ivmZYPAh*DBUt((-&lOG=@45%-`9@yCGaf>4F^Y1Ya5 z`IZ{eYKC~fbALnm6RvNz#lPXWEmQ4WAWIhugoDsYCX8PA0eoH+`wl#7t@tytWt{!N zJTIX_ub&Ec$pY;p_43G7?{4A3L&M;!#Wz#!nIge$l`=;x%pbJ=G<8i&rrAI(d)I)v zuyj9TW*8*%UO!{m{LaHzTqvP{$6@8Lo5}}6f){S$lzHqE)TS}2*!9pw|D7Mle`Hy9 zg+7@qUKIctihFW>sgGa1n5q2Xcrv#|+}FD&vOjt7wno?Pa6!b@D|#fM>%1$ww)@Y+ zI-UlueI{aQ@hs*L!66vM-%VJ^J~d68RplJFEVnYOM*|?$Z0$*SZ`b4?N#BNOaD53p z3@7a3vS@bKc6TVP;~d%F7G4yCqFe<6sWgP;QNImEw>_KO^rIff3T>(muF#L zLJFLwDT_fHQ~S<6B*>z**~e%Ewe?JGAKW65RGapd<(UNz>06VT=wbf z7VW>XLT#nFS33y=j0DnUD&(oYz%n>|1s0fu7vm8I4T#ixxc1Vl@<^S13zi1uG0HCq zlmU*`$>r8}+c^`TwWNfG0YV)$t%``C_U7SLr_)CY|ScqVxYcP~5WXub3 zCbg>#dAvAPHTA=&BY@MO#t#~t`|8x`joiRZzxYqla=RgY=*D^Pj|Dz9WFqfw^|-@= z(V(f?!A*|0ZhGMIRA#Pgt_xBk4Q|Gu_~je;~K zWzzQ0cFBQJ<#cL}$(^vT7msIPD1^rL2bBx}srz6|d?hKoeR0Q1=T|a({x~#8{;CMC za+t-d+FOF5*{G?6K}w%MrJ4t)W-M%}HL`RFaPmR48Vu>oJlBO)9}I;ITPr?Z9&}L? zu)sF|SoR;yl|gC^eC4_Hp${%z z(7EO!X)!c{ATL(>a)#Shff^D5Swki;5tsvizW`yT-+%Ur&P2gvtyz6U;nV(6``iu1 z+88d?DkJC!fKFCUpdA@=f>pG>GIUn|xw>`92D(_t{f!GQ#f730N=f;B-{rW-f)kZ<{Y=3z=&w#yP0aAG>RS1C; zy@9`d9-HDOEm;ft;5GCfi$Y?4xK@G3m~pz1^O4A+Z$};=ciKyaBI;z#eewGZUmF+L zjEx6z9OW~1)e5EpPvC1Tu(TehyX#ixuf9(yV1c4GmvYST`tjW((;7If?KHoeQ*jMr zhIbEM{%tPfFNTn zOhn1Y=QFRrhNN>9;4)Xa+gsMZO%s%Auj$jl^p%LXXhCrx_9={#aTJ zKTihc5ZSA&0cs*w!MM}& z-(knGy3$pd8!bk2z*NwOyHm_NT`0djVRzzpjoOd-YJDuFnq%;K*VpTQjrr$hrOrp# z3(nxoKhQ#AQ+awrM1vH2BS=ZO9534=Jstug>rA4vIw_A*keuU}iXKSM4%;a2QaCg! zPPkTt3w&eZIJNe-wdH>#{su)-3 zfWwM4`C02OdV2qMC;H_k6YnLBt=PZ9MJ$MqUT=T$J7GLZ$M39zGNB5mom zq)FO%bq)E;YAD&XkG28w>AdP3XU<@Dc{f=n6J*bRv6oAv8;}Z ztf!(|mUGIul(r7VU0J@UTXFw21X>JLNG;Zjk@8`4nj=Z?MbGgOH2bLnBTYNRf{7ma z zg~VdpwVv0gk#BQgEM3|^7tVM6hw4CM3`tm&HSajYZ)qjCL5h(HgY)+n?Q6wU-l+zDd91k$Ybk|1$-!XbK1y`Mkr{{voLDJc&X6ds#pIJe?j}ft}t`nzD=R zyHwiK>*{3(2Y$HQC3^aj_xNGCK#NFX*&$bEcp%Q+EA|--6%AL@pPc#175{L*4A$?G z#>9cx!`c>!>9=r(XQ$ak*xiC4p6lEDXz@yNFEmv@a-gsgt*RQEHnA(2cBk?0%;{_X6N?LGVZ>{cdj3oCX&z}Vg`hp`YhC=H!eNY zRz*E~eSP;c6|nC!qNXotjC{pn>*3%wT>Dd#689WZFM5%NTLS+=&q#g9$e4NxWpS{4 z48q4wduI7HRKWY~vKxTD4>R~BhkAB}#rA~((HdFey}_5TFsb_}s)X1PX1koYMj0np zJN(|s5qKYvWbiZTSqa9&l~U}GP6r|z!I-AU&+TMB5M_YHJwn!q5`{3GI#`fwQHuAz3r1llMLHKU+b$?j? z1LXCGAVH>ZOt6s;W^(rm)b7O3IRa~p8%HrK#iit0&x5#|GMz}c=N0im(kik$k*#f9 zlmw;()ST`K7bD&h;R&BX*bB3c*pKdGpJ;Ec7PHIpDZG9DP@oS;ERwzF4?htSA>haN zNBgGy7$Q~x8zt$$O_RcR>2<$X#^~62*0_IgrP0oSk3uY+RU_8+&iUhPkas!aGsN-- z#BeRg4Qy@|DJAn&lpmgD7T^oon2(n4-dK??_1-g?fgHb+vQ$6Rh(CS*^cefc4N6k2 zgIPHtVphC^vT zW&L%}IjmoyHnD&Ec+pqx_!Q!2w2I?BNMxIb`HQ4!1c(fh*Uq1ts*#5;k7(8N z6BV`(aNwMfeYzo4{);w@!NfPJNc`@XR=~7Dcz1Bz<&gxUO#8I?n+sOn`)52o9b1Yy z2aj@-mREfVqw6`|UKnIYD0|~Ap+RqsLZQ}HhAXTSB~dEt`97j2)#QG7FsZ9x6MlVK z7gcm;m3U)cAXTnjClTK&1^jtqqgiNgQzE;MUV^tl`*^N~7-;m%0g;+)+I7@Knc?{g zE(2BDf85J;m@PLQ2fByhHSPIya5sTJ6UtJu9!RV6tazJ%XcWE*kLKCX?PR+A-Rco9 zx!_)3O04ft1dG(ucU8UcBG8mc>2*v=*Bv74hwMEIg~eZC$)O>g3m|l|(HJ0yF44lc znk8%_Y=!wmv<;TL=0S`vD!}=2T8qZ>4Y|5~awR-*SWg{dh)>6+GR})|$EJ?;9&Z;}RpQIRl7||CMhE69{E)oM zM16Ncq~Y4?ioH>!U~bpTphE#@yY-c3*yemNUnk}C2J~5-wy(kI_qZ`Gh!pbi3iPY{ zowx0|Qo^J@-^MNil7e;AnWj^r1_=EK8;R#*;&ZrMmv>BCwl;+Cta{ABw-=<}L)>Tg z^l=HEhUyiqYQjpFDF6o4)OmCJamy<6DTek<^5)kEDt{~2xMp+B=XV?56L7W$dYacL zbA|aOj12j@ix2PZ{O$o4mvK>~8M$s$}b#sSmG#2y-@8ESI`}Oq|-glgveREgxFz zoP)Z-?{0ds|Uw43>-Zvcql~M&;3NNtw6d#M?tA0X=XS>lqLF0h227nIei}n@ph2QJ1^DHDj z-#_=N%r50<(#BJ?$%DSv0J z;A8W`NLn)GUqOGRWvUF->>|A^`J>VmJ`?1p%o5@!H$QdPt}D^;^CD zSXX&(6T^aY!9f{u{ zBvaiyShh6LqmQu`e9 z`5g9@;y%o7$36*)F#!1KEe|O(!hV~Tu!1HtK{L|wY&SVVG|mveDBoYI&g zODx=yh;+!qi|jA#XELF8*%#bH;}QVGW%*B-E;e<#L}SATCboMWL}EUa2;%eI-@QLp zYi|}A)853#0lR_~g-xFN6UVX)1z7cdzHae8_J7LNKaPLVg%G@z1dK4R$}Ogkq3b&0 zre2}eMy!;(62Td-Uv!_Y@M9&`^IhI$03hNYJJE^jvU{+CG$z=^q!_`Z5HA4P?;dCP zrIHPr>;CKBU~32S90+J8jBXRL_YR8rJm~z>)zp09DITGk--Crf$0skb20?J@gSg;f zr-$;J2Ix`YV?Qb5eLBeROtkP5nS8LFv?`M6Gw-<-h5e@M#C*b}bMlo0UmXwjYcJH_ zj6Z5u_5I)moHarDeH6j&CeBmZqEzH!o2vLkrMo+0eRzP zRyibU!+yuIj(zA!>p2r(K4#$H#)I!t@u0ri`T1}tXX{SydxRUf{0h?H85pguZJIy8 zP)L7w1?%0TieDNqknD9UMb`5Dkr!^Tgowp#2)<#?aB!Y{o3K56w&Ts^Pf!0gf9}P~ z9rAqRMPQBC;};SX!A?~PFp6`3 zqucV#ddW~Z2bB;k6l|THLk! zyc~NUCsw84$5LhX3c^y5Zr=T_j}*C3d!5l%uYF~kt^i$JpNk{gXBAHpJnc2yA89he z*iU}wk#ddsyWh^I!*NZZ=}RY>;98}mxP3~!El{^Q@^9~Vl9(xl$eVw(9b8mwmd-!( zV?JKCy2P|hv?2W80)zNvao;so-FNh|{Sy5x)0jBvKAu(XtysxA9`ex6u==kfq8Lae4y+&W6x;TAQdCMi{u1pnO$qFjz@Z#K-7+aU1V0fefSx}#^e5bt zNf40h+mdBq)ZY&(!n&*OVEo|7jI~G|r<1$Ch_B#@WO z%04~psgH{&k_r?f+JM9PxZUPW4j~D9!>sE_CYcnPga_f zds)!wi(Zb@XSH7CltEd$a^fv9(E!zTLWTDjkJ0x#mtAm*rKG;DP7l;Sn{4TF3Epr1 zMOhd3FzgC6_>egKUArKj+|J{z{z7~muuI{cAMqZfEr0WsW>JEF11t4nJAHiS^S(MlID?T}I|bx+#5&WKa#GrT{Sff|D`hfXiO0jif_h}nGnBz z-`2jab~G#oHT4IO4I)F9#%h&u1F zUjoK<`4_JhbTAx+z3sDR1Qd6N>I?Ef_-GeBdRQBHar9e;?Jxim^7ytM8{kw@A6}gn) zpI4Q#&Ew@oT;OMz!+7Lrtc^+b;TeRC5c67fC|n95bE-qDBag2wEB{L&Y7e~V%zDC> z?)m(foKbMic~_hh@0W88H0CqGSoUqQd3X(W9aX-cFwd-2-z0Kh>8Nqw)8Z)9E3I-U ze;(TjBwwd&xD#X>#f}Jc$P&4D<&v54H*{6zmkV}d$a~sHc$Nc%Qo#inbt=_-jJdh9 zH;ts>{eG)2urHQN z_-(Es_RJXL|t66^u!$-Y&WOq#i zU}W%R%YPh*?7AKAR#u&jbt{lJ?(==B&f@9@+Fjg&+DhN<=tH4-NS_CF<<eKg1;{Gb40s|T*T(2(QhgmP2w$M$wNxT+4K|$0)Bk^#=2g$zQh{ce< zl1n$;e*qFI@hFo^sVRxnu!KKiHB-sfk+%Jv$}hApH-~E0{Ik;Cx0%W`Ks5_aL@=Yr z0lIotV66FOl=>>1s`Djhj+4vW{A=}a$M4V70@kYQ+$C`EAy6iq8?d9NKF-~KVaAxJ z9V>oF&9y&O$#Zg&BC}viJ;wEGI)Vr&x`oDa+n%Hv_308Xo(`K5h<_zIfS|gsy6 z8WaX2ruk6S75!e@8zWr>UECvZIF`ONsog>unF3G;W_D*_Q!_*E0rqB&J*~f~y zk2gHG7c)pDxEsUiygWHzGYILM%)$Jc=DzjTCzd(*!$V|!r~x#tg|+6u(L#RQI%?rG zAcN4gcP(}DV&}oO^1bbAo)tY0?2Y^7=`?Pt>Ln{0mCaa2*N5{IzOD^scRuPziR0j9 zSC#Kng{7piUTJh?dwyN{U{Z#cJ|!|?Mwp_8*`!-*qad{x2DO%Z?q^?j z^>b$(MP^(%w?rTH+PbB28b!SaKx1~;{4Aa+{e3zQ(9-gVIn&kDf~8|{K}IjaEdow+ zpOez6AuZ`ZIIn6XD{?viGg>MrVG- zK>=L4>ohJoUze;np z`Ch6R{e_anb}+fYs=Y;pj6F>TH_`uigyjp{6OlH&RFL38sS%gbN~bReo{M#dgN3CJ z>1>Lf!J@MGUywBh1rk{4{bSySBN0Vp`_`ITgl zCSbjSv?nS_#(1`jf`Y0Z>JoOucx36bu4}yw^sz}6Qk#EK3{q>t`*2IcW~6K z0``-(TKR=CkM_N2sU7$?1=Ks^x1S{^}=@sm__P0$^>3%?wr->ts2R8@@r z5ex^m_E1NFmMozlxmBxWKGL`RN?QCHJ}_Zm(m3mn=%Kyo`e+y0erv>i;kk90n=lBO z^3M;uSafJu8M;?IOwSXWe67nFZUvQbh4=uam&h<{QAwIMly%)NtB<*dr>Ux-$9!_$ zDrf`ToplJ;tEBZf=WF!4zkCH8(Kigy3r}{DTZ$*?AvWPauni2sKht`nAmbhD{k&%w zDD7>L4<=?t-)@&UJR@xM;L+P`Tq2!Y|5+c5>zMq8K@PoPD&X|Xp`}3Gz00}=jh`++ z4<^79>}PT`gFY($B8op%Eo~bZ75Pl{;P&H8Pe70LekeUwBdUvdh`tx<_8AQMZQs6t zMtminP3Mqa(jwX{*xR44!-*LTI)7JB5dM}W*2wcIZ4m8ZYf>*|N|45?!ZK2isgivV zp7~Do?3PJ(F@YTqi^vdubblhXckz1rI(dj#?D4v7UV=C19}T-WP;6+_^5;h;V3`Ld zRxF~GBpZ?6-JI!{EI?|&WND&@U=d_8++sfIMXi2jE2-u$caRME@)=LgD)#`BQnuZ8 zky@|M04lw(>2tn4U*$1$r6KL3o=cf)h%We+A6lQnYW7kuheQ^Sk^#v?HRFH{b~4%e z08D%6wMw#`Og0iRXgkIjISfFQl#72lrFzAN6o!VEHdkI@=ZV#B9^U^A=>~a&>XMKc5(^E?TWp*y7MZ1mTH7O8iTzRG z7{oB(DB^8Q=IJHjn+m=TtL-@=o>*c*fF)0Gi!PZkUwC**!;rFodSS23AKsDw4pYHA z-_^vRX>NW;)ydw${m>1H&F*XY@}9UO{UORXx)!ziU0tzJ*&lz}&+I|wGS5S)|5N14 zd37}4BYI%cxzvlySG#jCZ%;m&d7>uGe95klq7ctX$1|f+0#hm~FyA|3?w#&touv9( zW`D8l9+BvXiz)i;dhO)CIK|HC5bc8k#-yi*v0w1LDW^Zjq;bcSNbJukw6Ri+=LDWCi0 z3n%EJqOQf@>ZnbaXWg-Rpw4b7>7k5&2k5_e(mO*P+Rx*VvFiPPj!});^1Um;X}30h zn)3N*(;P!jP(2`;S2x&adG?6!Hk>UuzTBJV*SdCBAL_LUz7&LJCOVPGn=AYz#fF-_ zk-8t&s(|<7$l~kBuOP7A1Uk)oX@WP)bIr9S0LIx75coYJ6Ad!*=6S&V6;mBtXJHxk zL@C$NqnABs_*%9UGY$RxJeqU-h3!p_@SmjPIit$-q#YJMgoMWVOqwfk4vc5(7uLQb z(PQg@l+k~<@Ch1xf9{6LT@e};n@gO4o6=uDXa@PgunMPR3sk;%yC~tMK~5>=@*xgi zkMG#E(4xq=f&Vn0P0fBr0HdDOh6u9P(P(mFqr>o3Nzez+LdZ;y(}vyzH1GFKi$ByJ?V&1;zj*ipvdt>4n$g@O z-6uZWx7_EC@N2Jh#5={2UHCLxuM8lRh6ztFZst*sf;;p)7ikzM8EGW2tH`pNfW z&YQ1G!BfYuEeR=F9sw86gSZ!nqf7;T!DqjB?JQK#OC0v7@qeH$XUs!RtDK=2NoHTb%XlV5GcB`S#N6e1BfN^8r2?SI{zYCU8*|3tKS?PqThQX zqUSol-pETIflB)O8qpJwm^$tv!Bs?D;pXKw6aSmjrrD!<)t=b>ezDu|k}tQtUvW?2 z(u_27e*IKM(HHG=o3M=JZ_|5j=^l03+fHH?+5Nw;f>(N=hy7kI;|>~Mey2id1?vifp9-FWm<9VN~+%@6?*` z)(nKH`;%7zH^#u%QO$V3|BGtNy`R9tcM*RX09Zp_zMjfqrbyrnxD3q9_E$o^!%+5N zlrQ^KF`ljxyA06Ix)Vjls4{i@jQO^OFwKa8F7eP66p)$W*$uX zNAG8R}#UBhyIPz4= z+x|W(<`kXB=P~Yjyx5fF)17`z&2>-<73xjLeL2a?d)FkNKW-C8@x?xuA63 z&r`n%b27T-kzzr-3eMbMQYL@O@&r&!1}9rD#-F?69*I<>jE|{aHxJk*{IX@*Q#)ms zZ5X)a*6^@Y3R^;`qYhGj4^&V!sATu+Y>Sk0_%k&x3BmI#XimBS8lQjYO}vEz-l>`L ztg;+gyq#1yc@OX?iy8Nhj%Db6-R0&&%iv3)-rSCFmu8JQd-sQy{T&H3>C;ahi@LyK(OZ(BV5sX z*V==-KSJseN;O$m%S_L~b;k7K8-b_DXb4x(fqa2MMP9b9MAq#^p7rYiYLL_wP6YW? z$8doLt_BmCJ@Bu`YYNO*N?C4yAsw0d@dqWcjhEh(vuxS5t`KH>G&3^Cf&-#8{wE=9 z-j3emYXv!Gj`%%otbFhs@?pMvA02^vl5io+(jAk~bvAnD&Lp|f14G>gf?#!tbXLSK zE4(9mn3Fi(qanz;jAxfGP!$ji6gzF@N-tn0<;9IibFK`=ua)F?;|(#QrGHk_o}J)(|>~}G3;6JNK*pTr~3!o;lZ36Zu|V>UX1jk z4=+Fr6eFYV;pqY^T0U)vUKMZ<&+ifpJ4rXD#Xwf9`AKH*x5HaPcF&{rIOl+v zZZuz-7@?wbf4?XW-d&{I;nk_7^ZIR(K^;1%Ccl1g5}D^%?>?;t4;bA}ZIyz^H4cBS z4LzL>x!|v2@}0E`2w!yBs*a%_IZz4q$_W;;vv*Z~Si^=-``4Laq)RH_{d|syB+pV} zSm@WMkco=hSHr=$tH+52?lB;5F;W|K%uxKkbsT*$D!}cAmi{5@nwg&x_O3y9tMYqA z46C_U*u&&3*H$te*sua}iu?T>{K_YTtVN#3`}eLxTRuiaoqOYTQJ?)MA)*>h;wUtR zJIZ$A)5|`e!wp)8sCw347w@ zDh-;4KyOf*<&F`V*+1{YpN);%@AS6~U*3e1K$K~GE%i@_b@c#)NA|dX^VicmG?0Q? zz0X&d;AgJvlleGbG=_S|rc(XLeav9zFiMwc%GJ2~*F;t0flJQsxw}s+cG)~y z|Fop6E8QLHPhnfF`p%@I^*u?>{rvpS3*J+&y1AHuQ9@-kDVxxI=hMC_^mBY}=yG37Z&&W>#~hs5zS(+taf?gP0P}pk&o7HXUcW;c7%%jc`P|B! za?*vK%;7`N*O<`!caNoR?ILuohBpgZ{B+Rv#)RWWmVMp`M~2h zv2p?3$cIyrKLJ&{zbQj&SaSHP#fc)jFx!KS3tx6Q$?Q?Ua2%flqDbr|Q^#v?bGsdG zGwdTYvvJwCx)9UBCF8ilU=nG4K;?6+pQtrW*8_jhBKhY%&S`p|k0>)8_XZgslet}O zpXZGxlUkc46(PQju=Gzc=VX+hd_S@A^R*me7+rezHa7rq_GZ8il@$Jn$=CD|^sRp36N9=3gXua1xBIQWwmE6t@8lNywS969w z8Ub@Aq|QW0|Ke~6ejf5`pP26=+4iva<`;uEF+tmnLn(IYmuxg64?V8}@%S=Q;s9zg*aoz2WKSeaVl^Anqge5QAE#g9$`6 zpmbhJ-s&nynp{vEqNb@3$u{A0GTS!+vt(B|T$c=t)P|XTOc4Kkc8;Y*E_2vEWVP|f zo4Ak2LgTp`415?TKPu8`K4mk(t;f+%A}1c%UWOP^5f0LtfY7ej+D4r>amsw!FKjw)2{9UKgvfW7_42T zf}|CNY-{`WANY6~{vEP|8Xzg4TCivwRfWJ5*%CFn)WV=p%i=iH7L(wf5ZlUtNz(TbKrCSgPS?j2Ketn+u z8-HVQeb2Ri;2#V+#IMVji?PZK#bds&9s?Z!bkdW=iXmY%a2FH}Q!`XQ^_%n~U;qHN zC|6ymNC2vF_Qb6BkO2Vcc$j72=5G5k`<`5s6`$cgh}GkD>Ewtu&gukfgddbQ`?u5P z(*3)AY-c&_J8r4)B^Hx?)Zr(2eUdJKt<0M^xfxpyaCxYWgIRmyIR#TtR?pL0wRy!g zk`u?(>8nopeXt{BVN3`9)Q5X>cIUtGwxG+Kw&B+&E@bPXciO67iQZ!-{RU^q5GNGz z)S7ah^2)4lQyL`skabHd?_jRJjG+-BeHlVFbGJTeNBZiGd?mBY&O}#xZ1)&nb12f# zi*u_R$p3deIw0g01JdthPSTA%1TnMoj~syX%Uz(Q&f1-RlbZWFC<81`E?Kge@#KF& zVIzDIYHkBtWaz8jPsa&2FL&J>GA)(`wA#;#@4=(kw7%D^EIwUcnJvcIYny)rsPJKp zND4?<;SQIMGsF{33b+C>`;_<)nG&f_<>9Z5!kC?Lnx10~g(v<6;|9A)3!PTFbG{i* zF@t>22X6K+Uat79ew3#${)y!68n9xH0@X~&;AnVW&{nhxHRWOfj9Kx#ufmik=Nl{| z@C$JIwZn<_Irr<`Q$x_2k~mU}b}B~*`aKzOfC>GK>h!|jj&86*KI;q-yHjE9+te!S z7xf68G&ze@`vjd(=rKY7tZ!>=v7q{nC0Wg>=as7x$Z63PB{y})`vud~>!GC%PLJ(b zJiVlSJx?9{4}Z4jekwYND1&rgiHUc1K3?-i#+I)>$)W=q-+%uVLhZN#tHHJ-LJA5n z^|9`#`cWf-2e1%KSLzncuF%G+$rvouaF_%bN?9_TF72&BON%)THn zSIpiU1`4izF!D}y?k28W&QL$R`P>+=WE>U0@KVWFI+ekB%T}+}#q+s7W{%Yza?*xa}QCmaV z>puI31bgl%#zJhl?za)mZ?AlKQfTH$6j|nNGMC|p?n@mj9!qwD^JyEjp#-VDM%|1S z>%(LoD|B}0{P5|(e zi6xe#3oAs$0ANW)S}jWAQtX4F(~747uQN?+Zc<;-kz7mnOTz%ce>=$Em<5O^CO=M~e)5=HgaS zgh?M^hz5`4;sp~8Xud1w4$a6V3rT%L66&tO+E2hS0b?^oqZkQIT2Ya#zEBiZjTIkb zgZAMBO#F|x`TIfNG7F}RYsekXll2>}zT!ixvYuD1Fihq|ykN@W`0)|@wpyI6FaBBA zI>qL6`U&~^z9PmAGEkJ$0IZX@g(5C1YS=^wvq#H#5$uBuP0|V7wV+m8U zr074lx_Kd)B4ixv2UWdEe&rR$^D}Quyz^ASbhplfZ_PdiEf|nEuxKiqK&! z0G!l;zQYvca6bLM({%+2hb{U7jzln?_WSCr_8&*5?)KBxD5R{a7$*e&u?qEfg>NQ4 zw|pI%zb@EQ2EirV2U+y^QvSyA-NDeJJ+%gx3Q@zA@Gj zPTHKMDl`d96Z9|rxdRFs@8JM^HLISb{^z~J%=MLRr)Kp4!PRj z0omW~?X6hfh*Hq<>bwd3w$BLDNRj2zynOpd=k+*nPl;5{K%nJ4FhcN$?OxEs!8zWv z{;hSrGO|WdFxACFw$gFzs}r0C?b0H3x~`}F0?e3XD%%VGPdQ06ey>7EFT#BCM@I+z znZ{rCKtuAAN7ApNI2MMp|Ko)VY=&+?KRH+P^AqQ=Lht-A6)>?8D`CcBs5S-MNQhia zLh#Lo^%Q~J2_0!q{>X0H!?1kwcGeY`I_z~O56mtFhwVMTVobUpu*^jWM=mf*Y%Z(e zYUyL;wm1mx_2WwYnv>ELXEXT~=mtJ|M}-*&2%(yFijEpV^0(8k-=~ttUA`+l({>iJgpB-Z zm4ic0BkDj1L!0Tfdze>ZJ}zHT`6ITP&{)Py0bl1#vIwEpZH#)@!lc zEblyBAW4QZaP>FQAhyfUd?5v_RD|?QLigd+g;;FWClpihL5sMiXp$hafRfn*1U>N- ztP#m4`liiKMD`@Mh^~A}RF50Ce{%GW5@6ky9iJp>mtO|`k&K|Qecn?YB*~2X?3euU zc+f60Ac5O%!@h1J0}wl2Ck@)&W0f2Qe0MYX8^C({51x``=!05vyVfH`Ou~a%-jMUJ z3y>REBP`r8hZ&N(zU0ZW2WiPKyplOmj$*NX_N&uskORWSTb>-{@OFcGpL=-8N~33c zEJOgCCDeG=J5>6Q6=)avF%Ch*i&&VmXAMs@F`(68W3!=%g=;+fg07yHQIoe9T zC$&b^0xm@+7l=oE7D9>-6!SV{Qmv$)EA$9;co>Otvw~b1=$OaSr3+t}UZ8~F)SjO6m8K@8!# zdk3IQ+vm(T?kH?PX$r>mjgjUm_3vMk_U8KWJ6(8`LkNa7q^gHa9i82-{=VYCDPE29 zehc4St_+8T{An+X-EYs$froq~vJXr`l@DDXo!*ii$}9$pnPkTk+HerK$A}gC1dGEL z%y?#Qn5K!-(c86OBwSljANMxvbTTd!)eOsIw$od8)N0S|Mj&w2{977n6=fkET_vZ1 zDPpz>tcs~-8Q~6*7R#F|-XILp9AA%Tscyy59rZuIH`on}A4C1_p$2{LiI#^iK;#m9 zOdOcJxuxq5m_58jCI&)Ykh*gDWFQBkiFklVU7PXXq7l~~0xW6R&u*Cl>@H{Xh@cvM4!AA9yt1X00AngDY

v$N=pCa=dvkBF_0HaHgVKN9U2`&ip=Ph6w{$%(hn3UqG~s?) z;^48L=db54`4$%-po)So4t?CJ)+}z;zVH3SvZ>k<@ z-rSGqr8aep>YJ!3TX0-%;}#XjjZb!?-hWb#=I-0n=;vVehUzzSN9{So${NjOZ-4Z} zU|W&({{0KR^^$+*D8ia_<-79qQIx4o`|sKHvulzKm)DWbJ$uHge{zwq!|?VIzrb^D zj2b2oD-v{kFOOi^Hp6MvgqK;`Mj!I0({EH+>&wAwyYFZ z-eYjCS^FJPZ0R}sgK>WMq3iP+p1*ze^x!+j@>i$P!DsB~ryq-U_nON$4i3-o6&Q|t zqTegmH6B&K&J(sjosr*ZMWaJg|Jj^A)Zf20eu*xtP5)`z?`%`-V20Rmu%p5+7@?*-Et^hn{YJa#)XA@X}_~rn@g1i z_Ubk-?yZ^Kkrbg{ST@ud{0TSl6`Aeo+-`J^_1@OWKj!YsW-M=;yg2F3-p*3*_EEdm za?nL{3T)TAEkZjp&n-KwDUMVvy*@YD*<e$eo8A+M&zL$2%^~ zMApa-+@_1>i_3EZFRny+us}Kw9pCTWqvESi8uwzwP460heOtbcB&eQ>-mvJ2%sx<5 z?`8jt^+nOIl<}+;^yNeLZ_s7dcdX*z92fnvRPKzA*)n4aF8<)1AP5Zdc1%X{Zs^1)u^q^zg?Y68L z@%`uSt;PWZq4ZoJYqAoC8tu>nDAG7b?WJzCp!`_ND6J^%x>cpe3 zIlsI0O&OeL9XIgoiJ>m`3U%L)184<=l%+{emh8?c3id61gh^+8$+%xxy?HIS>-oR3 z;tsVUjtv2T;1j_Y|Zx z=rmyWuTHwV1xDwsBX1`C8e4j4R6*qQtBb0X(chNzQx9MkeeH2*ebSnxq_Gs+_2k5! zS>@SJ&bHk+f5_O+v=%3Y-P7+Le%-U=#*N<}U+7!wSp&wOrXLL4-QVEHw_2#8(9fBT zI}-&*@-RwHJK~tFKi+e-KlkNF%kucs<(c8vgSPd4(5t`ZMqXySU1!#Dk8roDylbi7 zM|}(G{RLAS;aMLosI~sGr@qQ-s7}--KU$1DkTob05%%E4_jpOzIzJ<>Tje;M9q&`4 zwvXDj{>OOlz7yj|jsN!jwjB1;?i~*^*xCTj8G39R@`_+0UBZ=~FW9+eh!s zNbSv*vh5@1CNi7yZ~dM-l(lJEeEOHS$9A;y^c}u;t0Qal&21;+B?Hq9>9-Ep@>dY^ zte36`GoN)S+}`_qub-9j`LZFml0wH%PWt#Vzr*L3Wlc`wy5F8q3)T77-c{!Y`{+lo z+uS`HwC=O}+8Y$>cM~#w{?|)4J{4%Ic3)iYxVwIGL3)KPnpVAccjqDMBlmZYX|t(( z)0`h8_D`AV+@d2HzJ8sK)(=zW`qqwJGh#qgHbCC1JOA74`Az&A&Q9q+{YT{+$qVId z-sk~Q+UiqTeLo#cue><@$gjCGH&v8w#1%e1S>|cg zOum^BzhtI&%%>GZuc{as%sTpf@qY4}Gm?$NP@6^^*gI-(;MSmWRpXzNDSL?p5Z_Kx@RiB!(LNuxz#T!{LTF%%0(x-4FA>n(w_2zLH|J1 zy~AVowd$u59iP(R13i6a>%KkqxyrAYn^77s@2}Z?DR`>)w5|TWsO6-UOGXR`$_8Y8 z%3b)b<(Zv%!S3Rj^T+E3jjL`qBe!eLh2Zs%4b}-3jBoL-uoP|g2>Fv4sBYV&;pKCQ zGva?sPIf5*P{4}Ar%Mj=bgJAEM3;~T+Xj1eNG>rx9{;w(W)OM zm(8CWj@*@2@k9M$kazoy*FA5y?R=*4MMdwDs`u&k&-4B^=v`F}_V0=BGH5?@F@8rv z5hia_Ou}Q_U%$H^M z~StPvt3%C<#u~n^2_bz&fB=`E|RtL8BK=2{A*P7 z!@7CJjR>bto<5N@{t)fTI{(meL*r`Yj(fw}6Kp4Bwt?g4AHwCvZWS1>?9@`DU*E6e zcxSiA1(taqot%-ox^Nq+>i)_C#)J-^I?tXK4^S%uhX}n!?DMDwf*V5{tINARaYy&%?4J@xQa!X zo~55UD2)#$pl&yn>{x=`lAzq4#;HBMbWWFnT?7>mUlaawI*So!cjOsIRI=Nzdx4>{aK7zTV!6 zq-lJ5>5iT2an*|sON_W^<;OnfR4ayWqBDD!ZQQf{{<53f_DuQNanByvv ze|8^!O!uqXp_`?R;vS48Y`1lK9-i}p+gj`|Kmn@320XR9WhYT@aP+PeT9nlk>|#~Ix@3u(uvHQI1} zSY{&qn;>!BmmxR$ENQc~c=nHxtr~P0GAS+cd(^%3$d0mlvRa$(FE9G_{SC9cdE?&O z^Yy2$?m2z4Ya`tu_r*8wpPuiVd&~2%=$-Os#i?evKABBU@h&n;%Bt=aCN^l<{f0Nb zZjR~hc%Zw*T<<{jHW?-&QTdmd;bu zt$zJd+2_3W$k&e_>g7y1spG#}Q@AfFH0k8~>%Y64H>D`=P7jS96z%t}MbCMuzkf%K z&T%($+xNaF*Mx4wbS2;K7yY%db|HUg)FXVhj@K666=&9N z-!in3(dX0ZtKpCR#$459yvvZUDBzA*6|WnyMekNV&${{z(jDz%c;3J7sm|P^`r^p% zU&~tH9mIF=gJ zfPbZFsOyIa<0`UO6)QR-X-CWIt#kf1#S{J~|K|=@w9*$|e#fZS9C9c%x^4Lx9wUunYs^V?P;xyw$qs=EGhP~uasO|9_XJuJ#BANN;z;qO-Z>g7W}FaP%!kI1Q! zShAhicht3>%C;3n# z)`U+yXuq$pjEf3Yw+p=aCCw}!`|IY|f1kdG4jCuq($*=JEsJjs?%6>%qNL}#v7zOM zLt|@gnKLT;Sz_hEpG0Dfe?r!>1h_`a4!k|H9FEn0d%9!ri{+id`J<{|UscAcy}z%; z%wt|lh-)y5jZ6MHoX$v6cvZ`n$tPCF7oO$iuQ*12uw_Tl`;7B9Crxhhvim<7yNTJ| zhoPFXZ#!OMkW5&sdywFIb$-{y{C~2h`&&S6w(t3AZ9h-dy_!1jLc(`A)eqW#roU^= zvaWE1v!icskAf>5sw8>hR>gln{omd&6LQ-BoL~!2JNW7aiyFRpRloS=z-PEuI)~&*-=(SH7S|NF4<7z30w4JD=`XpT!p#D+ahb3^>KD zC4ebItVm;I1=aia3VJhAe=#p{j^p0WlES~vU!HrkZHq5^B34q`n2T+19KQp}{H;*% z*qhgCN24~iz?D9BhEqNTzLVc$X88{tjP$+v_#a=y?#8YA%pceKZSsPIw-<;0W<9^O z%30a0_-2n0hZfc;T3Dm_%dEJ9NhxrT{Av+9R8|gC2RHPsbbEuF-AW3>Z}J$k+n-*? zUGVs3zP=XeTwebrd-!#u<=;NNObS+Bn~Swx>AE9WQg{8&4roKh-NLZ2WOkzi{ImCt zq^F!+kg~w{e{I}pfXsEjsDI0zg1~|Ci^IKOAr*Kl80>jHW?vt- zE`IpznQiAzpw<^4+`#Iu;|}{HKD80|_phIy?w_8UG|zT@GyD8vobl31GFo@C{*1OM%Ngx< znJ*?!uGcINXTQOET$;1acs8$nZ(K^s=%V?_BM+8NYto@RBQyTWdVYsZ@-2CdJK%Yv z4#$#e|CM%|^yN|UtSg72e)R$0x~}hMj{W@R{*JiHA>+QW4hCL4KDP*iwq5IWdMRmF zzmW%JpR3AWmMx9`ZrXWJuML7_bL+=-vkZnT{{qNZJzv;maIDpspBo*oZsw!Yf2BpM ztCk_j=&uhkr&|oY`YsRl_0O;GY#7IQ9RI5F`j(z8d+;s|xPK_R=ELM7sXtZkks-tL^tCM+SzgN>5C0_URxjr(w6X}!F9DsRP*k%ARNw$+*} zyVHZec%y|}+4XMrGq_i_l#*vAY)k+3b;HarxA)kSl-o!AdRp5_xp}$Sh%$&T)cLxp zhsJ$Z)NS{E@@{>`gY6>=>%1tc+o+A~)-Ba+L1i+)zScirKKEG+Q03vTD@ zrxy()j{mX${oXyJA0D6jfja3~iu3mFZ}00mA57(*ncq9uI6m=dy_8{Z9go^)9+qwp z%K0g&v;J(kN$EWAvY~jzZ)U(G^YV0zd-z?T-^sUph*0fse6Gtje&DmkkO^1X_?ukLs z_Zc}ehZh*wx&2v<42{-7#NTIE^UiCA6@fk4+AY(P(D3%Gc+_e}(&fLpEzc&=1aYX6 z0TNcy>IJM-^u6^?Hn?ot-2hec&6+VUiW07yCUf83%}$|WTeoOBai8or7>F&CX1se^ znnOJ`2cM9i_oaAd>$5vLtlxBPf3y3wmG%2Htn4k@n0=vUw@ul`t&^vHArFfyuG^u0 z>bIJt>8ZLy8S5w2-ahrqBMog{!qSbkuQY2{as<`0q*1-nH%m!=q#7~)!*p5XT+1Tm zDoWi=s{GY^>&{@-4A&==jIkf#l_@6I>-Ib{YWbk(>Xf0)Kb=~-avbeP!tY+$rp!(L zXBQq-R3yT}%Xxlz&C5@bzxLHwr~exZ&<@q~w6N1&dab=sD8F+dGfaef`^|}|>RfJ| zXLsp`jhP1y%Q`;wBS)VZSsV);coECq+ z(dvsuMMdLBPm54f6CSZ@GbT1ChuS2M*q9@u#V2gZPN0z!hGkPeOtSPkxf6DXKHi$G z{itb{c1ySkbvqQy&e*>0+p!us*Xgs`Z0fGqF>2)07Gf{=NAsFE&M;lt^GgX|A5QP` zaqc3F**5>80JSC=wDf7~T3b zA~EX3$Bo`P2RA!Dv2w;n^kcmH-XTp-T9X$?*5{1adX+AV&mnIuq)(i0D$OQeU3@1B<%m8Vxc1;yyB4X5 zV|K(R2IJ$%G*6RTQ#OwI+2ck$bz}3^j6T~EN^Tan*G&#?Vx<>P<7ZTE*X-fcjel`T zHOsN~H6<&@*XS#y6YG0%HJ=OV9IPhud5_i8hW`GsYi9e$@sqMX9se?b*31c;ri|Xg zJ~zRy8r{fyLNkJ9sNGV3_1B^|9A^gVn|;&x-BW`{Fs5_aZ;HMPzSll|@>BfiVLx~m z%Zh<8_e{faKVcWc<=$?tcNnJ5_inud-?e#t;|h9>QN4yu>EEE&mxt?W;ZN1-`Ia*D zT|w=3O;faxSWFzg&vpIW#0e+kUtLb`S9e%?bM17jH1q3aR;}$w zSa|zG#k<36;>Z4IHTHFl+AY;vnJ50j-R%C?kq3$ATp(v9B=l;|+*(cRgSwHB*f6tx(v=18f@$eDwyOK2 zWXnpMG#sCtaHn~ftF=%k+bdX|8r~*%$`GuMx85sRtV(OrE$gFp&9J$*_d2)yoG?Po zS%-h!rQ5crar(8MM4NTfcv|oLU-8x2AI&AS;)H^{FN=m6Sk#h*`O7E2ChmeMi1z{wt#kelt-|4ez>2t8{-rxI@ct#ui#y7(JToH9jUk=n{ocg(%? zAMcpyAL>oL zO+H|px3RM`*L1z!A;r_&h%acm_3N>xq>>w=N4V|}h~QqI$~W*s5K7;vIeXv!x)YDm z+8pVq-yqeOcl|YsRWGYkzN}Y?3-$Wd+Pa7r5p8|*N5f4;C4ytkTWxjIWgnKfi}Fi5 zULH*I$Gw|!>0xL6yxwWeF3U3dXEmTSOvYy(|0d?vjpJ_JK<`wdsaV;g<3Ls7>KSXs z?R;6Vr+9bz#B%+n@mpun3oTaz`u^99{f9bc8aG{x)U0v21SNSe>2r2LXVtMmkBl{* zHmPn`x0*5}U)^TNvr9v-%|1YGkIg!9e6jwjZbq}!<;~?=_4x8(XP1v(bZ_#rdKc?| z%XmKE+Y~c;=d)(jiT)a8tA~E>_>hU(`?=?|vYZL}`Wxd1uJ3b$QtNY^s-R%UIKunn z79MS_i8K0LY5tB&k`To^hcrFXQD+{Gtf%Ai&Tp^Fe!x9REIkvg*&xyj?(yk@e$$^6 z)G7MbY{xOxzW`tzIY-;)(7V@sag9}easbgmq@qI4u{+Uik=Q+F#u&ognXn&iTR&^r zry4N#%@)#{POQT^`l)`Mq!QKiX=`}RaieyQnOJqQy{f_HA!Uh2JLeqz4gSMdZ1#lL z;N$JZRCMb8HVJ+kO_@_Y7eG=I>LQ1X*PdQJxUfn!Gb2BLVzc6fbLJsHl(CiPd?Svr zAq-d=P!k%Y2_QeR;SZQ*(!^n7AZaw*^Q%{AG_K*}_`)JhpUn7rC%WgKX%10bQ`EJI z_$lX0&xP;q-C(}?sa*%*qRt--!oi1ndf>Q+By?|H00)t9cFDG!8Vw>1kY&Tn8c~#X ztIG_;hF7g?rB8_tJLFi{N*}kBoVnsVxZ^i*--&tkneh*ACfXa}Kb`P$o}9_OI{eY8 zIVq}=iMuAh?tfF>iom>Mcw1K}T?k=1e2>WmN0*S(hz+<6ctZR$9D zxM!>Q{o~Vh2R^JIu1jgHr!DmcT6~-IVO9TJh*m1UUTS_TrPIF4e`T#Wjtcjdtlb&< z;!5vSeDn2&?AjhAGeTIB8d?CCY;b*|#?Wcxim@U?%HXLJ3TM7s!<@60yCAuJC;qYl zdp^Fn%Dl3U+Y^GN%e@@yIJtqDo@-z(?#N;U*WHcc^WfHUiqgKW1%E!4m7kD-xW;pn zxRvY2LSjB=pZh*%lVqI%cKQ~HjLaHurZ>;)KU{H9T(SoOD+Re^NL@?M^j|;Fo(D%S zUQm|o`TqI!)uI&5Zr1mE2mEIB;n<$eab>Hh^)@NCEzUZ&_#4D%N#N)&fa7}U`bMnX zKDcy1kTW$1G27h!!}0muOEMPL3ycHvzPk%}d-GcNRg^-cWPE*l&*JT~>jx*+s$1t- zpNg&304w1_sdpVr=b3gDM{&f@O^p!bv|m?pIEgbq8ywYHJ9g|C{;QWbv)p(4rj>vI zsVYwE%OKDnv0%a)`VF{5$)wNcS~l3fCcXlDc2eC&wzYeLFK-l#t#(bkc5lCz3c+EI zw#g&1bNebQ1LR@;Cufqt@6Oq6y~;V2)hWsU^c<2C=M$#wZm$~z5hr_Y_Zg!(A0V(w zvR+x+{`%}T{WTM+tDj${N_W1i*P`j=62a%2J8C%RbRY;u9U0%h1K#nr`pYW_uFfn- zNdb>C_wE6|ePBk{>dNcfsqMaZyn7^l^rd?C%7MPe8CC0>^`4gb?A#)$WF2SSlKNFQ z^QqtK#ZBG1gqeA2PM00LS_g|p9~lpcQk8KED&c1bv9&(2WMh8%miUn_lhDem*FWk}W{`uS!Ua$*aT z{^fWjH_GbtfmN%jS4qYs%CEQgp(4yt{wuVuv~LwZQA z++IN4CIFtV#0{v6K2O~ji(-`02j%&38bm&k*C+;lhfz{Dno){tA{gsfr|6k%-XMT9 z#+}Wgs*1rkpyv~Kcec#w=YyzkM^eMau1uexrz|`#S^*fjP+B#(jR6@4K6N$&kg=Wz zODVE6Z^KpZ)n=*^`70%Om>1M&yzyR1cvL}bvb_SURbMI;IUq;B>!88Lg40SnJhN3}IoIa?|n6i&>^K$7Mx>^^yRdqHZu#Y%lv#F-3Els8hD~ zVOqp4C{BfzXlzClIrVFb6e|TSy8fm?R=VQ8|2ah3E-Yc=G=Zmvb_m@Yk`r*HC(0wQ z@VYA&deuGwxjm)m23dF*@Ye;KbBCjl^VjxC@FTcKrye5b7Y1<4vWoEos?k?^|Ecs= zs^=%*F|6~^=Jxqe7X5Ie1&zO+NWL*_7ByOlM=X00!j(jHBBO_&b>BwTnCELDc=?Cl z+>C(GnZHHu!CEeI%~2J44Rczks$@^_pieOph;+!=dZJM@!fcZqK@QE9Txi`vJ2k&T zbJVD1X|1BIcyxxm0>f7$L}SskWKzS^tOs{1lxpaPOd9WfBYQ>~P&ya}rl+cT$`GaI zIWE!;Y23{<1G!JcjRo7GT-@iyQhU!sgPE~9F?!={PP>0_Vl^i>w^mp-54aH=z$!#3 z^X0bb9!KDDD*Of2H|;N>kh}X>#T|-+%;57`fhJ1{eo%XZ z;b>%k(<_qoZ|LXA+e!?)26c&`k}%p(N~AK+1m$y7k@+uJvz1R>WtBgTpJGPgSIvwF zP#eXRl?-a3qTHM3gZn>y`vAbAbmQnmYghO!x>7>oRi6VI7;S7=6jFluP`OyK1$FSs zt{t+_dFI$9KHNTZJO8z7RF#CkZRH><=^iF>4QBHG6F$jJDN{+_d?p3!4LxHj<#>5^ zcv*=5^&#T6McxVc^XTzzEhrLJ2YPf(P{Z$JZ~m$zY`Z-qG5|*xYLH4%cF}p{he7gm z8(KizYY;j4y3_o8w>``-;lA3iZ!CG#=sKv^Umqz$n`kzis`wz};1zU4@GuL+xUJp# zcOTov8~p1J3A_PxG3fLcfz?AtN$eFxA zYUTso1qc64N@jFDi9poR-}oDvQNn+8JyD42nJWIIDF&-3KMyMqtUR-&j7g9HtfLlea@Eln7xI)&4U)XlaTTt?S`?bX_oMSiXtUV zoKLx5ti8q`)sstN*4Zx>3E#i(A|d1W!LX7zy!XAO83Uz;|C4 z9doVT;(bf9S#|tkRteh}WKNq&BLlLSqp`u!+= z{14m*8DUoEES3JzefX`NR@LNQLbA2t+63--D<u3P#tS((=jRSOhMzcrsdMpjl_Ax7!^bZWo<(Nm}if0u2=I_=nHn z)_EM(9^RrH0q2OQ>V3j1@kbFe_Ck7_T;Mva00HDX_Im08trI1JUrzsUibZK@G|6u7 z&!L?`)vgcuUuA3!=11{&IOA1|OQk(NsAs$Zyv!n^O%@l-r!)V}mxmZ`$21)5nO}2= zoTv~x+3wNVIC5b(I>ao*K2Z$#+E6-;F$_q#zZB=ggkezCdz^9-j1g<1f~jEK>{t~bqd8h%TbbVi->;*f z$IvGCf?$BexYB&H?I+VQ(XB%|N&+wwd;+H5ZrA|yy)!D~CIMhHQq^yP#rX;h@@;Cpv5jtU@!67J>FL15 ztCD$Lp4BSEFdE6dCFTXX>evtJIVymWS_GQpJ;0Bwwy->kSk&};Y4s)sjOEEh^-J=< z9$;jg03@+rWKNRf zyZ>7Q)nwl$Zb*(Ni%q)V<8Isio27Gcxhw-HqjR7W4>Fjs##u<=<~Wam?#H4x{ZYh~ zz5+R$%84F3C%RnJX_E}x>st!`C|VZ%nK}mpBhS7+Mqn6bh3Dvb@k1zsG`MwoOD=Ec zYju;y_p?W`swHbRM?v8E=~fb~^YJ*djegvs<#Vy$m14RJ)eQ0#!p(=v)wlxyMe}uW zwCXuneA!RF3EB2pSFsPe%_9J;uruSj$Vy6&lim25E$d}}T>Bh*iqGMOW?1k|fsF$^ z>{yFAJ=evtG6@0ut{dTGEMd`+=9^?Ay|Tb`P)~=Y5LKlr?D2ki%G@(Us`DVld=nB~ z3M8WQ6hS@+v}!W_WPxpxiUQECnBoRKicIOLT43++L{mmoQ8jwuV|aZWLhvISqs1&B z(O;hWV+!3oOVUIc1w>EClfR)$T5-#O#^7&v<|g-y@|7tO zJE@M*@i_E=5ZlzvF6|cq3u@ZSd*mlrm+21UbRR#pL+m0qgi2u`*f~pafcdY-3IYSs zz4?U@JkI<&o6Pw2^q9w4EnLSPX}+mF;xJ;$i5B_&r-S(ZJP&+eu9$A5h(R)?bl@wV z^#k``x4=o$J))Cw=rPnVn2Zi-aMJU7@9#$7q^XwU40)g0#lSvY?fsp09QS*6Tp%4O zhM#2V!S(7g%Ft~+e>+llFt@5xWG75 za&CFD{M~7}Cb$YAW|;cb;OHIzxFnXj*ZXR*hn{HS=%gkdlV(F;oM8X`{q5(5 z=);Y1)%DS0OvUqJjzW_f)O|{Tvx9=2BpGZ1s(Ff0o687?9EMf|NbIUzSDvOxc$Rm( z+{%L4b^f+C2B35jApBHnZGYxFOxFom4bV@v1hnKoNfY?Nr-3TVf*UJ=-4yH|sU#tS zU=s)~REHC%lU3ZqQlj{K7cTAf_nlU`p&sBt9jM!Ynq3vt)k~nnA!mO||8b)$OX9QJ z>JQnak)J)FW-I`x9#<#KxG@$}_$Hfn&A=Hxvv}#UppOPpYF!ttjjaYUHpZVso6S*FWxxW9b+l*Xj5OQee&cS7w$sj3IPl?_tO`3{8Fw^uqRAs-T1~P>Nxk zs*}1D$kuaZ{Nl1iP|1)_nsK+1QTlbg;wB(EizMOKs~ezh#Lm2Jw?ZiQ;9pjC;O2z+ z!0-ok*#2^V0$2@z)K<$6xV~}$m~B)^@Nstn`=wXV2-xnIzyQ*Aqnp4NFiJXPfz`yt zNvJ8s(7hS= zh_N3omhdoExd><$CZ83u8+$TVZuD`eU%%ECIC4CN%V>r{Amf{?Gz$iaJYERl+*=N( z={hxHda--T1)%5|#-l0MDvoDvYniUG$QD5iIo$zo9%O9r4f*ML;P&f?ylGdx#azB-5-|v`c=2 znb_>jGYkuy?)cTT6+6lP!1r+dXZ(FNT8z%@VdXty^iX^2yag3E!S$DJs?RapbpF)BYp$*so;@!2gTeFmVz>=IFb}9_b$mL%K1lM@J2+7Ok>I~yX42)`y%DOo)|%Sq!>sF z9o7Z>Yru2I^app=vP2xxG4y=%)tTLw*QeD4oCVmF1KUZC|V*mtyQ$fClE-ru7-?PLlVE&3Rz;?VH& z?)X9sv8IEd z$X!4V3OyhsCN*CuAgreR`{pKnlodId5njVCGnRQHP@nt3gWsf(>$XH$jSmZ=e4j)@ z(NtVoKR9ICr2(KO>;D>T`3miXAVQ{)iW7?nlRe(xqt%n9Psc`?JepGvQlgbcpLg z!927x*EFJv_OLDaV^pT*dFdIV9JiQ(N9JI=-?~LNTr6jnR=1JZe>^oBdy}sa5}9Z_ z{1r&2SKJdThtFpAia>Gf)Y^@++Kv{{+Q=UeYe*w;HA92R5lG=&KP1EegUmpS zVxRA0?+RZxe1XVYKsz~NVO_HT&t05$YWZ0q`4ZPpcQXnSV~Zr!a8e?H&&Q&gPTpHS9CN`Zz@@Myo$o`4;bNk-L*g z^FzkjFKp^evm+1EiRf99*IWFSa-RT`REEOHgorgMeHNQ+pgI|?!~V~ zLj@imr2jmh*J-M-iqee#V1di2bvi<4p~DLZiv_X5O`DOP2($03j(w?Dh1~pbG^|b+ z@s>#2P!IKerLTBne`>r4`fGhGNtrCze{vz*e5OesU)<9x=Vcz{$H`|N<%T>)_xqDL z;O5un-#t0hm(#${ zUw-*0NLlU%+2k~k$Ed&+$aBL|UMgEE9#CyaKow&xk-87fXMmtG||k#HD5Wd#_2>tfs#yaggg}j5*MSq%2?+a!tUTA8gmqfC-4{4K9EQ4%8|lw zNTFfvPy&?CUq1y+&&`SVoIjOw6kigxL&!7~;>o0x^gcUgRr{U%H3NE2JdP_N>mLs* zIwSG&jaXdn!0QT36y3&6&3nFUO00gi2@?8K5IPi)uPvY5+B+;6LO|7{j=Grv%U8&V zglBWI*b>2sDej|8YNp~L3p7A(l<6@|ifA;%+oTa;Vi913!0XQQP@*6cpOE|Zvjal5 zP!_qOJgZ5?hRDW_7uX*pXCL|?M0*kQ74ZcdV^Gm7*RaDlVM|j5^zUXj7PJ8sKn##I zpZ)w;G&CF19gtX+mHs%6tG2)}PefD3lXkb;M1df&f{*({OcKWsq9pK-57K^!mPo6R zZdr|8b@12tfzpMXSitCwEfUQJnZ|4GZ)ebb-iQmH-2^`v#*Vo0Qtj@6W#5@PIny&Z zHNr61M3Rgxr~VMhLo1;R40N#IyAH9!%?XPKK}MRN{M5y(d^3)0PD9_4-?tY_o2`hv z!rok8i={-wxiCodlw?Uq@6(|eoZbV6S=lbhG9V5h;F zkytYQ#3hB}1M?kc#zu>T&FMt#w(M0 zTLM2VU5BGGm)lBhrGofEq>` z=TH28y21TpGly=SeVR)f;q81=`L5kRH;UVIKcm#zQFt67#N+Z4WZsIl@Ua8)J9S5d z?)rbsiW&I%c@?jRnEGy_GXM|g$H&uub2zRn4OU6O2SsSV-W< zNO&$w3vU+p?a!qNg13)XQw0}$K4>I?#;O|)b8BA*l}mAQ#sq&390d!liE84GgB!ko z^~?OPS5v@r^=Y;FIt1gWB`AY7BC(zHBn@ocH_KY`L4tE)dDq;wR3{8lks+wPOy9t2 z;&)lATN3c?qE-`T#g*oJP@)ihSDtaEnG<+rEA>$D^5#RXuB~3`#kF8xfwj+h^ROia4PZ4CY z#?tnw?J#|zE?1P15ekl8#U<$almc^aH2WT+A?s++)X;%f%^p$Z%_Z#r@~akCZkz$0 zb1yVUlNgFVb~H|aIR804AF>m4DQSNitJ~rA?Tvf<(aOx;_7+`nJYP_=*mRXkT)7%! zqgTSLr_VK?_v;;!F9913nNl@6VZeXda@ASeJKXr{MOxKyCJ#jTVRPhNqjmT5L~`+Z z8=_06f@KEm%h#b0^+{*BKlh1Wdrr)sZQ^bF80n#)_OW*r7M|U+iern7l(CMBKtp9 zw#IAt9Bmfs@h;8EXl_Gs52 z5wcJcE^}1W;NQIwp`o-1OQO>k05EdXK`1WK)x^nPFIh=S~U3p9$n^EOk zQpd?$3=_tky)@mWktjX(n{l>I_IU!KPBE{{%fCZ4=KI4n*Bp-%nG13tqP(e(wtv;H z?^ORKYe{M_I`3Uiqp;koL*)E4<3h(ixo8tN|4H0LZ2o#>oelK2YPg!#yd-r~c!@fT ztJVen-;5531El34b&1x9`d?`GcY~iJCLs%~PnZkVg(>U@f?d3(6={Bz$NjP^m0x%6 zgyp~##|Vp;XX+R(%;|Kiv{6R53aLNd7g%IVrpq}RH_D>m%d@q;J;i{NbFlqFo?Rt6 zH)kNhNZ7B@P|{g9#aws)be(H3KJWZ@53o}IDT3xJE1@77c`0L*3P`BM#Jin}mMcvg zp}B+`CceO@*B(K&@rmo^SEfm>30Yd)Aszam;MM%y+Q75hyJ4@Ho5ma8F_CKJubP|S zAbHP#M-$yte|sxeZRBcUpQ7{`^;n0wD{sCbT_=<5EGnu2)$olPg%Tb>kCSOA(bY2v zpqg>Dc@BFoq@Od6)dl;TH;LsBHC6=m2TSc!jfy#3HcJgw);c^xm9ceffFj_6?3E?F z+4nL+hgz0Sb|73noVSC-KzL5qxd2qlN*b~2wm!E_? ze;^2DRU6Cn-$Wm=8bLAC7E`R})T*A!U`|={KnLl;*^QR{> zKDy+r*BW_$3{v`bBT2ukBLUtSJ5{d$af^IBfT7=Kn0#gor5mi8;9 z3;yEr9um-uo=|>&R3nTwVt*1FbKQa#tE9AD@IGuu!p9C@^rq^{WW{wqUYEHx zZ;cz|xjh25bt>Kzk}sraWZKx5YCMhOOHh3Jiicd}NG=2i*W@iF`^A+~nrLp$Hu<#8 zh5c^#^~XYn=xMiS0> z>1AGO<{HjQpjxFENC)veuFYLYIjdGGnD#rW!H zZt95Llr0s9K3)%kj_8ldK?=6!rX4h$!p=JD*ZoLmMd#4_4wl~=*V3`xu%x0r?767b z88Jp%<(TyXY{^bYj-P|#6QXCRDnTLX9JHs+`>%_6rYUCw3oFX2m1dR}8MhjOrKDkh z%_~<9I^voAUU~x{4%6J@lf$!0iGYb$zYhe5(+72Qu3n$UH*26;LKs2Mr~lB2G6w8e zpVytKLkD6X0#!^8St5dk9P+*BIAfAM3hEAJ z<2T&ZQBkLDgGB{{T)xYr7mPd=-&XE=Y>M)p(E9+FrN6Q1DN^Gv&H4NoQTSbn^0`Qn z1wd~$Kgb;{fALl{9Da2jDqN-;K&Oejq3YaDd4=OCYk(C+B=LfdE*aO8iC$YqZ!R+@4*a$Ij+Mi!DF|Pz!#2p7g}{eH>9fhkbYg)oS_ zC^TPR`F?cjwfIQ@r6 zc(g`ac`q=)ct*^N>7)7w<%od=VPF8D^gr{;?0EqMpURynZtvin51Agh?#~e2h zh^VUlgvNxQnK0nQbQIKPoYVk6I|3-+|56baaG>dG!oa_AwN7)!0v28G;s$AjZMy*c za`41d!PNQb&i{}EQd7mii=EDYrKU{3c6i@a?O6QV)$Jm?={kog z;;U#pPEep4WVS}ih<&I78ZRGuiUFbRAMb-P+PMN}pq-E92|#+ zh5%&=0kCtqPqg5`O-2#>)Xm9H?B9^iK;dz~V|nle+^{CV4$J8NyiK`HYLXcv`D*@Q z_+8%gmd-m?>whFI6r6_Mo*(aQXgo!(7OLkM0|!oi=ff7o)xqiT)`AV+8>p5$}U6a1Ltuce+$6Yhd57tU0$jY=)(9l>>1$7CJ zO%Bo{z#VMlXccQd2Ee8T5ON7v_E3rgKTf8!pZ-*h4NI&;B2X5UK){R1I>dl}BA!Q2 zpjhuy;cTP_PdI!LREb)4NO}wU;-4~?2MH=nIIn=YYVYjO4#NnvRHYR%lh6n#(7cnW zr(OU^VRJK2AZxHZ;KM8~PIkF^y<|<1@Q{(=`WNMf#dGparqQQ2dc|Frl`$-l<)e+U zGGQOWFKF+6QmdNDdS}F?6X0l;0D2cxsA;e+V@wZO0xU!iML;s25f@U-z{l|~GmZet z2czS*nQi%jK7;HK07$!~gN`$zn&}pYJxm z^J2Mplr$5#H{_WWkne_m`5dm>Sdfz6CKDLL7Im1?vMdE84aOfB6(KhYgl>F9v_j8l zgm_~|>BU{FeF1AYj>pq{3qAmpegsSy@o9~kf&%x8(pC1E6UN++q}DZbi4ac!8oqx0 z8Z;%~CYSPY1NV!%*z1Me1vrW0!A%%8@TlYt*(mcf{{c$EpHUBnRsd7i11L7_mr>?? zXy4=Q!vw3pt%SEdrfcq=+=ik*p0QkNU9*uSLmi4DtRmw)8hpcqWB+?UjgmThA zze$DYqd5x}@H=zEO8EvH5T-ZRuYuU}qW^<8m;1v(BID$Fwj0?Djam=&fH*qh9FQ&y zmwB|NVAx1o`xKSGVFWQ!PEUW?D1c$JA~fGz-2?P&boub_L+5?ow=9;SBBXzT*yWeP z`j7YWnx&vAJC@?&SR>FGE57#g6BfR^kx1tJD3N-+Gn}GxZYfNX**tue2Zw0rITFs? zK*~Wmir=bOvIP{eOY^P4{)hAW3XX9v9JtWPy`$Bk?;vAUrW3)rLx+M2&uF$!c+mu+ zW0{G=!`kKU_Y-O+gT=XaZ0QPDG{P7RcUatMG#tCQS*H#0)W#t|N2=C|yY?sxB13Q$ zo#>*l5!YjHOe(GvLJuPgBW5U>Qk|hvm^E zDFUha1_xiL1EQf#smwA~#;i?K9q!&8`wK|&tRre|yaD4}&V<%CFFnr!8!+{76gL;I?(zU5OIeay~(^IHS6y{ z?szD}0ViJlA}gUt&=mI|s>Uw=FCxoZnKHsz`PoZ4*7+bnB{PZ@I|{J^QN(?q-VjSJ z4abo*LRGz>ic?YW@Asq@X`dja?}BTlLEU5Fr8#AQhA$@yyNCG2KWq^tWU{ap1YzkR zgobgvXHW=-)*%Pd8OJS<@byO#B4g6>E};Ka0l7DzOPgTeapEeC)m2Cx3Io#A+=%|B z*oLU{s%`3c+sCM?Tab-1=1_UZb%Bf5-T*!-0j8la1x1l&< zHI(&J`OOaIbXibcyko!9ccxG~i0@^?FkTx>$l zN3wHq`cX$uRG*onjB=_BgmcT02f6pwQ9jUX@O|BBdmBS!^_wU%wobxZc=y*sz0%9q z(7iYCIL1^LEZ>l|c3v=RI(>xDU5YXY8b{yrz46rxA@!+XWqGML|nVcCJdd-H*%0Qj59|i8Y{et+IQV5L5ao%Vxkknoy4EO@&Vw;*uYxwB#p)YaR<~< z5ZNngxMB?rXKTyV*+)mm4ms>{1u&E0~lbhI!cGQS>hnX7cx!h`$K-EZgEc7 zhyy_E%CTctMa-k?0`<~&-E&b&jH?9rh_6c8eRcpPyPnonuKQ|JE0loh;Pu)(ABfcV z`_6!w;UDcBP=&&oh`@y_VH{LSyFdr+gBFPPsy?=6qc5hE@qdkBS}X=K^#;|@r!5Q; z9*H0YR*j(K+}tqapRq*lg2;IYVWpoAaSe5r7B(i<_2qfN@78agM7jW^2&%wWAKauD z;ath`^5(zyPs)#x8r}Klq*Aa!zovZ~YKe~Dv7xze4W1gsu~L-WAuZLL6q z9rfVVOrpjeI9S}U9*hgw3W{-L0BMh{@MqBQpa=MP7C}1gaAb^$=H04HqCn*A?B!0$zUnkZE=S{hRpleCo-ZbhEXCQY2gjHzWl6Js;l91 zu=?IgZyfXkFyT5mJF}I#dFxIr@bItB@jBnJZ~j5Nd;@m(8OcBcF=#yjR{k!2>jTWJ zV?>i3;88Go{boXn{1pW@6pALT2I(tC0aXBu9>77U-Q@`UI|r}L@kYQc=D+&g7B6V^ zl#0EJ)4~bZXD~+bpv3-ExcsX^c)J&nWayKGNC30YFfhSS0_Qo<-8_nBlHmioDxIK5 zMqqYyG(tw-GvEmh$cL3W%rzTzTwGnAb9u*_8J+{ZkqQv&2$y{UIuC!r2uf=_CLDTm zqSFv-=CXRjFD_hjt1P)Kq`sp>r*C7^3mNFl8*P7bC7CLi4Sg1InCb%aw+Qy97p|D* z4}Iyvs-g6-+kb~|yv`7^VV0Jbj_20lW4L`5nL>>8$|JH{=^$MI?F=~N`#Qjeg|Ywi zcmoCK7210NO=L;f+Bx$M_OnF$IVYNs81I2Gt0^()A$cEUDSWD0z;=u}VR-KZXi~jpy&8vcp?mzGXIX_-VK7>ia;|Zwe3fl;WWZfvpOn|W_ zOnKzds0a{K(5eBqeWO2#CQ2rj3n@&Xzz>8{T)M!Itbe-o8FX(10-5|=N*2XCN%y-9 z+mU42fzYS*ch`DWNd^?d3_&)w!Xp39naP3ym&`<&DYvo^7yB1b`bW_o@64Hm(%N)z z0K54R9zSz6SnnFUUtj%xW0L=~s1w97AF`iert;BI)C6O%`0j6;T zPYNQ7+BH$wzCPcP@v91=rb=Z}rHB5;>Ze}5J7h5$1piIb+M5J={sLPp98;QOKC_r+ z*+ifE;PDUtQs8mI%MHI&&)wIKO$HMiAW{$HTD?H)CDd>NbU;bQhJ-^PhuI^*m#2~O zZ&aisbIyL?UZRq(@rtO~QGp9u!2t$VW7q#^Gfjn(6(R?GC0*7)RVUmK!I5th^eV%t z5|~bao@u1UCLbpcl3@$=A)1swk5$|^N5XUGA>1k;yJUTm%75mG>ehEGx(OpkNk3$6 zC8CFRAz2r8ARC~>zigkFI)lSV5u=2y;O(-&{d*aP0~cXnH-380#RR13O=zSTi#DS< zikeZ`Oi4C`G0wb^qpBVLqEr`afLe1L{<1NU-xzhT2S^jI28rwb6Cpq!AlX3ki2_cO z|7rm?$w$6DjSZZpcoha=!KG=d_rLU6dMjLnRA$Bwchg5wT!D)Zp%4hgvj>Jlt=wn# z26dlD6gdDLAWrdDU7ZL#3qWTJyAbS#u>SU^1U3F;J#jor=L>OJ@CrpiKO#Q~xM?x@05iEH2_Ov72qU#gfM3)*h z>a0q?YltIc0vvHe)>oij)*g)`3%qj!7##wHoNxRaFiaUhOmxrmq5?X~d7Mlr8hK#; z8PvASt+8xKB28bYFsZqM1es-fbQ`H^7nkM-ol@QR84hMdoSLasj#PFjRmN1Ed!`Ir z%=M(43hzKNSssc+Ab3j=iVXGCer@R{_RAr7tYhou<2DD~@eqXTM~stE3gbpU!nOH5 z(cWtaQQN??-Y@&sK0z*O{|1-L5YVL2G-OtI%(>r@ZxAeeT|T2l8ix<;6~dIc7e}>F zH$O5RP60;XZk`PAj|WB7&H`cU3-~RaF3I7>xTz@NLC~J^bJx)DYuROJpYn*vGS*PQ zXumM};sB$^$9!O*9o5mB$IGOT@8RHugg{uxBb6&`9teoMl%u4;-LM6@<*&@Dt9nqg zo(Usan8RZw@r1_k<*_v?yQ#`Uapd&Leus9+xx~FR0*D5covJws31jV7ZV6S8{ZVCe zcYtj6lT}Pzur*I^yt1)+M=2h->$~Dw%eWTz8&kK^zVJ3vIjq-w2fkGM|C` z!MexaTroFqkQ-VvbB)-M{FcepEaH!YwZ>4OgH^yWEK8}7uM=mS%%`lh))aX#n=*?l zixtPEnU6mV{*~btwB!ADXE}$cdt2@3{+DjQ6>qP=%_hN>ivj!i<7`1e-Q#r7Wq{ub z3v|9QNIC;ASK3NtMLsD_=$IpY27)&62rmxrwrnzGo0j_brxT$|gpg@*~X7;bU?xC#eip*bkZpPubkrv7L7e9l1y%ic& z_RKbFA$!7@J@8XF0)(99ObbC5IYowzXpP~hCoYvj1Pi9&te5{udhvh{AB}#CYMbyX z+|-c43cz0&eBhCkCivlT=0w#YT`xBXi}pBIet#dXi(2zIH7bxv0~g4@S-3j>GYDNw z#{V1~#?q;*oS+DL?s{CJ_f)|3(t#w9xCf=@%83$Z|L+Q6!r?$geRyhSFZukaC?~Kb zWH;aBMQ_tYRlalHt+S}5B(Q&oU_bvb80+P{pb2q(`rk9k;DIx$XZ_C^UB}BGcm0Ut z`7p-BW&9W%Rf2kuU)7f?9om+<|KHa)T*wB3L)O8q3R=dT;h(5NzPJ5W4TuMLj_Sr3 z?;%|u<~}VBCU$K-w~ibPoGu&mk>w>@mOjnr51&|4K(~$F@ya=WY%%U|&(9 zD=F-v_9?kIgzdCkJME2Cv6I>O16r9Uo2)9HkS0~Bh1j%Cx zH27Q7Reqjfc-IAvKpN-l~R@r?nHEvP_DRf@Xhpmhy0W^LKQSC+h zy&F5E^-_snWqscA__ARPN?^$umhqt~OeA5Q*Rw34y;=m++j9n@-NW5^7IVo_>kY>) z)UmJ@M|N)+ZqAd*N)I)Qu>lJ7ZH_Kqp-BE)%NJ!+kH5$IR3la##a)k3l3suLyVgde z$nkO>f+kt4MpJI_GA4|iMkV?Aj}y*n>3BFX3%u=%Ja!oQGo~;~beMpp6)Wi`X6?jO z{tVqMKWyn4_0O^#F7)I3E$w}vTwCC2k51W&cxg;S`Hjel7!X{oAL)zA1S)qL)q*`Q`XBK=&g#Lxa)ADcp3a3FyVmt z4ZeqTYrO`4xn#Pj4@!K+ZzgT^z$>#fIo{tXOdky^!Lsua3L)+7VJ_ zS*I}vd&}oIp;e-5)lTGprLhPQJA%u2ckh7(6m)Oo5jlSQ&X$uG^z1x&likwiY7L5X+zY zig#j_NUoBeF1#$R?X;urPX?)YbKQp9_qH9?0(2Rx!}76x8-%$*HENg~W@f%7Z5gBx zPODwDty>#nF{m@~;=$!klZ4C4nRa*TrTp_gvH%)cvrX6@eF_c=3dZw}(vi6{xY)Zn zH{5b?B=60un_(p6oWL2=LpumwK7z5|l;7?W(uDYuS}@I3`!3MZ{3|Py((C?Cm7hj(o}X0H1q9&C|zFjn0g&$Sn8~2y(KPoM;{f8 zZrP64IiM{MHP;PvDwL=99YMi#lZcG1Rc4fou2 zNz_j%9?>lkadMLA^g7#$ig+v--hT@H(fr*MRCtyNW^MfSxg(J!Nk9aykj z$^WMCJ5JRUgBLew6+THbzj@OcW0g;N*T;<75}m82ZcqRHf*L&^c=%n+A3ts8FRk>T zbItS831?QDo>9l^_<1}Ii-H^}KW5HhE6t6RvRMvPne@%ofOiz{_=$hu+0xlQnLYU2 znDwBH59Vmx#6v{bw6Zs~#J*F1G1=m|(-p$FWzpMXS!d_sr)j89!pI&z>#sC^5>5U4 z`@!*2WP$P**w2?t+jU*DJKJ8rjnvKTS=EjnVUOLLhnZ!vson*wofo7Fz)Mu6;vPTy z?xDO56NLR?*psRR3lF0i9oVtR2o`Q+;b!A4P!HzxX3>o&b$*Cpe6|s;STa#^FCB)i0W6dK~T{lOy;bYreG zy@?W3B2mdUXDjeHcZ}!Ib16=i`Z8)i^2pLTN6MS$r@njQACoanzpNAAm?uo5Mts?4 zO44Wf^+M|+&;HzhVzGa;*y=ajY_5@3yTKHm!x8S|hn~-NS=f8D#%~_+@D7Q?w6efb z7h9T47t1f(q@-Ot&&NG?cBan6JpUAxrcrabOB}_o4k5bY!@n<$d%w3;dp;Cl@;HlF zO529YqlQQCQxH#%$kWMi;U{b*;|Y$nJ>9Jg2CPP7_QRe>ED)sV}RC8@%A<*R;+SC^rjU-54JqwvOIpDwS{oiz%}l@NDdi_V550jI@x!jzH`kw6X+`Ye7QpKlc zwCCf8L1+QCjF16peyclK1fwn#<7c$#C=rX`WaZR+(OonP#brds4UY^@1cw z7Cx)$|0VpY#hejU=kc2-O~$8^e5{hXf`=p zc2X>ghl^0c?U&?l$^jy-ymQF_$ONr=7!Sc-GBy~Y6CX$e z3X*d%F4EAlTQNy(mRzAUG;DpYVTTD(y>}-(;!8*ClUSdmKk-i&*%sC)DT8O%|Asxz z776B(M^_QB1WYo60H!&K=oIle^mv?c`g7T!Jfvz27VY>Wyl`pQ`WaNbkcfz0mh1#^fYtX?%Z6mBxa?P;W^rUsShX9SiMy; z_@%2?)MG#E@|#E_M0WF{?qd+;EeJx1P^Mm_pQ9;XJC%!7f=fykecRwHS!OV5rY!#(cil zy0DweWm<@N-4CBSW4gYIyH55*8R0Kby{E94MPhM%iWI~*+gM|{UEuH~M!VZJ2-Y)+ zlx+ucOWpAQN7`G5Rkd~P!vb4jBSAd z^TsN5Hs5%Diuh||WZ(j29VD+xf27OAAdw8%a~(^+G`3oPBl@m~1M5a|b8=>c?Ip{J z5wBNbk$#Z@666G@kU;)Y{J+Uz8Nm#aAO_xZW@`xx_gcAE?0pv<9moT%`^=x}5G=yuM1?s%V{O{p=zRyMnq8}aGoRh;xU z{;`)ACk*J{g?d$Sk{t4Xb4p1jBsNtmPnpno^p$!*^=h_3LEhk+yx)OZ{Xa5a^Mu+n z%p!Y&HjKL7Nh>7ST~Y1o9=XEqxlhJk)Src(;RVfS+4bsYEu96or@o^N=AsiEY#%TW z=r9aFA5?w*KEqsl=~#15VoxJkTjl$)tW7Za_C!pEfO^7n-Nn4qDTPez&Y@Lj+q?Ah zQ%tKrb*EV#CxNAb#y45&FX1+`Dj8k%{Iq$NGYbn2{Wh)8{W*zC&t?1hUCCFmtkm98 z0k4HCGK4BJ8vGv((0yI}ot%14&bki0cf>Nh|9r%Sm1FPN$1+X2S>K=eNA4%){FP7k z-CV@9;!iLVEH9Q=xzLJi|2sb|mSD+;6S-<-yjH-E=BmN8r2UeV##Lpre-3Rz?jLK( z*%6C8tB&%^>CVx+jit};@N&-eKb12!7lDSDhvqo|AA;7Y4g@!ra9{6fW?e;(W}Q?h zxx087v;ET2WSJ{^vk{_Vy{B@Qnpi&F{)j2Z85}NpZ8x-MdDAcH)p7a2%J8+P4Vx)n zAzFU025-lar6pmnoZ54|F<0Pu9H}n|bhYFJQLQt6{l7VukR7!2Z6R zoX$ujH-rvY{beX}rk+w({H0_~M{4~v{yZ9BfJHH-@y^6cxJs)Fn-R^%g4`DK#JES4 z?ZlU2;$_1KHF{~j)J`$%vjsh2{U0Cz?8xl?wo}*EC^*q&iR)$0b*>hONn{6~sPbJ5 zZ;j5@r5_0uuNb!CwJtTvbol95#W+v-TrE@SXlcCz8kQ}z?O zeSVwGCbJZSBrW)I#F;T|53&`_AM%}-z-S(L-yU-&+q4b{xG;2YaULT3@%4_v!|VLw zgRW)qib4=$NXS3@4-Rq#lY4&;`Xqj;@zOjzwSnL@)Nnu|Xi5miW53z%S^_dv@htqv$nhB-al)o)|jl9EXH74*V2l zv-k>|x`|Bt-jo}Xo)}*9cyC^CDEC>qJ|0Q`pLNx%HP)csR7gEjXYGn-edope(F4-< z|6)z7O>vb8fyg=O#u4&`0ksp(b7_qVUK;`N^Hpr5W+?f^;bgmkrgQrDW^8a@X4NR! z5ZW+$%->Sd_&eIO?Mi#6ZS^X-u>3SWHCni*C^{!zK02tmUENeyDntH;GDzQ!S08hY z_xrEGYp4TuY~5_E$^LB7fPFO4@_HzIGv|O02{6U1ICafCkov7px1E0Q^VUnXC**!d z2h}2SP}Lc$RcA%>wm{4k3?Egt>o=NIR1ds6!CSi3J*t5B%%nK_H|CykZ_ux$-6IwBLaoLTq5v zz(bjcx)Q9Z)`1D*DY+3URI&1b6pwi6I~ZgekccwHM9)`BK&0C)5|2lZwgmC5wi7-7IPBv+z8U{3x=5`N1gU_MQ6KE@S zH`5%1hep)(KsCRAdNB(1)E>A!5w~$!uihAX8C&3YL~PoL9KY3+gN^$YfPr&Db-)|Z zcCs;OeQ89L8ybQkrGHRv&&f67I#l!s@kjuNcV6&7j58^-udZdx`v|@U=OT9y8wrr= zp}aSNqtnm7>{xcrh8QZOff3GWM-0Ca#|D^Ob}*huCXwG!wBx2=*I)w@^2*_qmu(tk z+OJ(I-C_>Sp>i8$>v`!%xBA`uQrdt<#34TsFee`WsokifOVKoWBEMo8$aBsodnd~^fztn2P=CIGMZs=f(U`e*kRkiFehmiL*#x-do5q3=Zmjn9)D_X}w0 zqv*88l;Zk5jhZ_vMP?r7@O>NH74|x$z%9X`0&aMSUC`kO8m+#cmF*7|p3C&BCCx@S zdJqr3JP198St6vM*x$uH7O<@61NVg3FHJz-FuK5O(FLO7A7TSTfAXztjrxyG(5ZdyAZKM-{@h@T9PEr$Ka>%cd zrd3(+=6QP^L*aU%NEE3&sRmax(k`rK``ev~@)1HMbiWxuUXBAV;t_5;dI+#E_IvT> zUqXM(X9oy?Y|<#0e72f&AB>C)iyeDQ6bMQ{FWBjj?U(^Gk#`-IiOLv2i!N7h8 zo;Sm%jLI~H%sp#0?PMg>Orh={;JGcf=t%RyOm!Dkj^BGfCmHHfYTLyIUMinT?KB++ z3)4Y^+Quy?bbIat=uOS~D6}w8!zz5acJ4#ApxUj*Enw$)Cz$U8&Tn1TTc1R84kuD@ z&JtW#&dIdWAC6XnJHJM2xY>CD_Bezo(VTp@z;xKe1Sp=G_a!QGBi zr-ne}Rp|K@$@(i>YPhbXRpz2DhM%IZ$<>RoSQkE+2GyrJ(5@}mT(k{AKM}P^XN}il z^SSm;Pp4)SE}1eo1HIIU;|Hr4^j8o%7(w%Z+))13k~$%8Z-qT>-6w(F&s4!T>cK67 zYnQBvTIe+kn4f_+`Rn`5cb1WHeDTB`{Q~Ea=*_y7MXi9D%btL^r+5!q0{d6x|si`5bDjnDXo6|T({~aZ}Hfx!K zOA@9tG&D3kUw-@--_;5mZ-&Ufqi_U3?bDD%u}i?v$baX zn|%k+UQjW#dAKBrrkQes$i%W0Z>_C`bia3!E^Li4;D8x?EUx-bTjLIz=UVR1@c^st zrQbX}lBFV!7go~YCOudi&(fOVE?GA8HF>nBKj-E@kg0m78n+IqU_Q9$u}`1AdlKyv z6!?y=15|&6%Vmp}WbE~+2xc&%`)~|X>e@|w& zPdxR-YQ7APufGUv2-uT2b930}SXSWVzk0o|L}}-Iy{q8c<)QXzi%6Fw4?(jkT|1-x z`rSENaFCr7ENvw1>x`LZc%x)brA&L+q9ZG%DD4A=KFLDiK8&LFSX0TH6H7ywvD2z% zvHoBQk}J^hA#NnRu4p-8SO=4PmCj@s zP|gD1enF8(rtQP&4P0MT9fd?%N$+;z<}$7Zc0%QO2v33P?k_lqAvxxj5$WQ}QQhC2 z&t?ai%)^k1-IO}3)(o42{#N=y4wW<(42bw9;{R#^e0oTdtXnLS)SRcy_W3=|wr{O@v185K)G6Bg=IFvoj<&@uc8^hohWWIS zK@M14VW+q0C<`R)^5=jl`3-!K5;bF-ZJ8xp$)&FNH(Y# z4QTbGDcWDqwYXp5a`yh3Y)aAo13$0j2mXjtp>tc!cd%UIwsxLa+V|+e%rFp0Cvk%j z)PzPY%likH3wUuJ-gdP8R$?Iq$n^q)ZE%S?C2VoA9Z=6MOeup!(g2NX5+&Fv8Qb?| zaf9sOD*G_$cTSzhNzhXReLa}yb;{k25JEGOrZYi=_K_56J}lVyFL&BbFJDxa+XQIY*@vXcw!2r2cP8z>}&PQlC>92hvs(c!huwHEQf{sRgvP2sbTgzef(dZ zd245oxG$Uh-_SM99HXM^G-A=qYrC|XVW<%;a_xXIyOQhV(f33h)S|r{SvzTvv5vE) z#3w^3g8#vd05*_JMFq(lTS`rL^?01~4WvSoE@{+EF679^ocyrub9T z=LxgT1LCI1(-!z1k#1i@dW1#VkX8{o3WrzGE`_m!QrA0f+WIsR^21L{!Ij6WSk#*6 zomIr(Tm6McGIulpULAN3yNA!=h>2pw>G5zj)DTgbc*wGS?EXaN&>{MQmAu_5W@l8= z$X%IRVNe{>kpPmJWH!=|s6r0x>p3??9c>y$W{4pP$g2Ht!b-+EeL{jzkS(*$(4fe? zudAxRsic*t3ib(6Y}HeivLKvoe}mJ(AuVBR#!UH$zS<^$zqD9t0bk~33zZRn?Ge)r zX5Eq^stF|~7ZBiK{u!>qpSgZ{>8McL1vmV*`>&G?Z>lMGoMcp0E<4kDjYJKDwZ~ZN zv#s+|)hsa-mIlBy?qVS2x(SV{E_|Rj;4mlfQAk z^HHNIzv|icx$MNZx(W~u9~SVGPtotfVgoM7Do6{JyQJJ1Hab+%t%Ul{j3^ zJa?#Dl%+89YmQlSPy+7u(98yjWn*XMI z=vqR_{{iT`V5Z=WN7;dQZ?b_hr9{2rg;(!v4o zd0ydyeXi}hHB#E0^-~8^;Hz`(bwFRLVD=FG+sc;iW*=bskh-2R;p?g)&xIs1UYy*s zNiW(BaVf_D`4XW0N%;^KY_sf>Z{E4EwLNx^*@fM*+Zzk)$pv9Thuh=y1zWv$2*Icub`~0qbMJ;zLe^87V+S)=W!w(fQSLaz~ zT*i?k!ye?NjDEl3&o@xbkAtF4AOX)rPl z)iW=T5%UyCT$rJWuC4>VPMVMsgRIXJiS^(gUVM+j7=d9ma3E@-{2Fz1%lpmXq(W)c z8wv-Er1Kyj5&jOgej8d?8H1~t?sDOBOu(pd)zJ8vNR?kvHqnhF5|^{2^xDWf*raEi z7|+seT&-|1*#YVN)0OnWc+X)?L zLxy(NX1P#q0s2v2iw!eP#2bb9}dq;p~`GQF6?M#WA1INr~bW6cIP*cfq4bq)tg0}Putqd`} z>-e~Y^J~h+Q|Aecvsjmg-?)B0Iv?4|WAIW9ip#$Ekm`VI(^VNAl~n`qP#lSDU>?5Z zFWky(3JEGwV$|(TH#-15(7p_jC>$`s{xG;+4|K4`ucrglTlpHv8jw6QlZN`xQyUSy zg~U}AeIIK*vFZ`YMR3b3HUhM(;t9|rZcJdT+T%IWz7(YF9AIN!{Y)!!upNhl5D}in zq&R`z7m9F{&_i;*Tb)3ad+p*27l{+d`N}Z0GEaV#WZ(!?S5u2DrK*scc{ubIik(=! z+J!NS7g{2qPKb-r=cC?pZTd}9$WP6-o=a+T`GNMfWPz4Wc;)GZ2TvKEB5Gpv6y#t$ zhH06QukJAwAGV^%QUUAjC3PqD(8)OxgSiZ=b+qQHQ9XG zoG?7PtTE)s2ZYqQxg)nrT8S*P^cn)c^+G zq|J=Dbzu{EZe{lYr-FI^0iP@b&66e_ z+e^ar4986WEN9wqi^F=NX4Krg{kpSY0GLiuHoG z?TqJa_c?ZKd`UEz+?G<{QU;{*8fhbq+d}1N=9n3pq3EEST|rjp77zgw^{-py4r<+J z!ZR|{PFscgTraW`c%meh4OOe>y%yLY4KeV*Cy~1)$8bZ)hE8pzh~v!{C%YOB#eXW$ z*m#JM@X%@D2%nPk#;JYhK%wK=VI()Y#*C@HZ|m)j1MkT#6CZqz+{^1bwQDaS=L-UE*u?0<`U_JvGaZM|Z~c?8-@% zARs3a6$s@;<@jw}#W)`|RY1&&?)EPazwK$;RNiyr!cmUc*LujK2xMe`D5^M$Fo--k zJABS)e@NWA7W!ed(XIu4$f&ELB;i@*EOif7Ys14KxFWVZb&BDJRSdJ{wfxJ}o1&3^ zvSNV>MLT{wQxV!>!VFifj-Dt$-B5Mhc`v6-p?c7(-wO;mH5I)iS30v(xn+gQ`vwEa z6O!27=k8_2sYDy|zxrTa@a-{6ZBr`}cafY4TjRCHCd>`0wDUINWq#35w|Jd&Z#}8(&&{>DX-i?o7Jb zFOvS~^7b1$lA%3NqHwi=wEPBXJ5Y3GXe%vDZW8s7V(3$5)`PVU#xaq^&I>GMk?SV+ zFDZ5jhw4JZzMFZUq5MwI`N34wpXrC3ODmZ;SB&lw4>M~_p^V7LWI;zmWT^09h;zD| z7KT-zsEXyvYjOU3uGk3kqEKNTLKa$10-Gca=d}Tm{m!?Q&=*sVPf?ZnCV+hl%)}xG zMLSBh=ig&&EM}C>FkqQjqwnI3Lq7XBl>;j*z<_I=j>AwtX^l6?C~D(Ue&@y>?XSOS z!bcseC>b@74Wgb1QJRQ5yyVM1Z@AZIQ6w?tWI1((`^xi@j^>>P2OS{nbiNf%=O4(P@;BCQVXfBiTfEBUI2 z0ng$qXvabmRc}o5Ic0)ia%F?qTdf%;NxcH#S~wC?&s0=WO-WNaL;7Wy=<<7l>8TUl z5$+@+ZN?$k=*Rimj~4WS(V%mFT@pT2FU^}b7%I$g-pXtk<-JO>7*lc=Bl7Fs0g`un zOZ}tq8f{~1Z|?p@f+d9HUYKyGjqMD|8tdOkN5Zb#ABnLV588*ynlG{!!l_2CCmGG$ zGddvEbZEwmcw8l)#5vRbvV?<{b*Mx4bJ;Qs? zUds5P%A&WX)t!~oCFgK-IBvt2p=dYbx5pUmSluxQExn3>SpU~`c zAXI&8y{h}uQ}YH-rSpE9VP9)+tJ^({r`Jwp&(yS*b(%FSPb?p#(<~@CEq?SQ^t@~H z1(Ah!bGJQL1gOjIW%6apnu1h-Z6f-NL1ng_x3Os|H=Dwt$FZDT~kGiOYA7O z%$bo^lgi)dOqrp(UPxBqMyhXGAfiz+<$UADjWpKGHzO1pZ{xk%R1LT2K2lwvlDHFm zb27Z}KC}Sx+K>3;xNq-2pi=MI}l!;+TRgt~8tBE1{;+!4G;U#{Bl4%<6g`dEJ|H zChBtDEO_Xg*wPz!XhNk>)Gi@HSeMVv5oBh|H={2H_}mI|5n#wr?0M=*OIzzmoY$X* z_d=)<@6^6e)q4^WC*As(+rCMv6VQZsleS;>(n-9ci&yS8KMY;@L|$p zxwpl@!d4``9=d9p(j&-fcpw0b=w=-=2ZpS9r|(TTgUP!6z>9U4jx(|U^#0}AE^Xht zO)(ff4g}@0eUBK5)kc)4U8LC8BV~N_j`qUbqBVy_`6r;|s zlGFTyE!HZj;GY`4Z#R@pZG&=v@^1a5#p2ninGSL}Q!%BIqB>-7KhGM5$bo*?+s%xX zx-5W6ve+!eWw)6@Va7M=K=Qh+NV}BB*Uz~h@AG31FTs9IJ~3Eiga2bSW<%uFat0)` z_OYbPtU&|>e_m$0ykwV=VTh*;Pf^TkTpu#dB6(nLZZ2Ls|I2lBpx8RC{(4x}yW4H{ zcqkFmx>7qk^>#v$vWq*5&kmhr@kyLO$Dl-Sah~csybwcV8$AVg(8gMrYrPYb*-e96 zA7Q`fHJV;-GUh~F!7m43wGBgU~QTzm=?YVYMX6W#r0`&1$Z&fDzkFL;+bk4em2 z=PoBp8i{xgW07O0s@k?@<>J$9;?Q+L6j@SlX6C&Xxs_|-A*oUie5d~ojZMwWK%SNu zU8Q`?eAcukeT-$3y_rO81QPtXZk&nf@4_Eta z|MM+@S>@CRnJ?~~eZKASa>I4k+*(>xToesUuD1=v*nJv{s4Oa*|52qP!4P`AMr2f)iRWZslwbzPbCXLsc>5O@5gpHS-{-%k?@1?4WzX6WlW<`uF#yj zR(^VoSnEkZG(J2(6~onBq5)PdhL;u|9sKuOZSN%lPT>l%xWw!kfhPzrR z6i&R85W2zSUeDFHf_<^;YqapM7%-y?>wbak`-eL9Mkja@9?582on9J^mEThXvyt3B zrH<;i{~`pUpWNB#Bz9Y6FeqR z^Hj0)GKQd$<$=b&34q6UBU#F=|2QU(`95aUA zZb1vyR!}UQBnM+)>LP5~~%EP~;qXnPwK9iIK!;;xYw8L8!u%FY`qM zr?eToXYb%br1Fn4EK5wM1>sC2!P@*dn-v5qO(@}rIy6%!Q>*v#C_9iYsnAY}M;Mhu z82`K46=_Gu{;88lg>LFzmILkF1sV01Y-pUoZCx}HK}^IPY+38W3=S%~mp>}F^d+!I-QVbyT)

kV~nocoZJ@&Isg-y|s8A&T_; zLE7%t+MWJrd92cCWM9gCS`8AjSs*P_AOd=YPq2#TK-JO#K`gpHTRIB5W*t5c6`i{P zHHrf&#IjN*pz<~g>wYJu>0ct`PH z9>a>=`aX0TM-1ta?h=UOG-ByxDwtGGTNi%ABa6zT1#2GN zbgkD(G}GsXMo!xlE?#7WzJf+3riIDCq5xEF*gg%Sm)g1_>hryKx7(;_=ItXV8@AOU{dK-b}g3dH7(V`Y%$LEAfn}Wb% zfFlxsF@hnIUtvpPG$;o^=GbfXowP72wPX9s-P*E+fkNRsgMFOg7y-Sfp_BWVR{mBI z2A9d8pt2oin==y-UU*NpqQw=EPVx*7r8a0yZUu;e3PqRXiLeRa-c~062lqx>!+Y+C z?bf^eMUTdovc+gwaNnk%*r;^kY$!7O=Sn3g0(cP0lUifHyl`}}vz|CMnH}c*~X$#I!>aG9sDt9%Ye~`70SR|oYbJ1%{!+(e-&so@7GG{E)?kF0o z1U?0*M+3T8G3_if&RM>wv~KePe)1bpRqEC* z@rs|d$UiDEeT0Om2g3Z(3J%KI7E&!hCz9Yi)3w7bsh}dBK2xlusN9+3Ni||GCfAH% z?=&48)WfJeaSSG3ykBC88_Iow{lYzPwD=;mBe_&==@B)w940*2HBB#qeu=?1}w z&gPJJkSy0N>FSu|*DDSFes-dzZNRx3;xd|O-CPzL>=>0yI$7!TMFYJ4pGj=rX2&++ zRao#OYSpFer6?&&g8b=1L{6 zOjC;m#)itZ@NRgOR+>Hdu zY%wLdq867_IH*`irn}OG220;d$)DL)4zx~nPBOE3{TfgN5wj!%6*KGm1Wqm)VVf1C z&q%vW7oiY?JU@nb@vb#(D7(Z1<#5ViD<ng2rzYm&I;QytyLbeY;)z$hdL|P`*U& zNY|u?&WFrpnSh`Ygb9}}be7hv-6?3@w>>^b7||BWnmyPldv5NF7KY zlGg5MKNT-zZ`->6^yp6BpohgFGUAWtdd<9tUV=+7Je9kJDk*qaZ#a+}Gg`iCi)%ErQ(<`G=$m_<=1Ast{g!=%Xlr;Iw+k;l~`*NfwC}Ix4g=N|*M?XnjC0b6a)Q zmHZ9YZ(Z*mG0l5gLA|Ses{bv>i3{8YX@PGnzb{9SA}cAi_19b9F=)q6YPY|4GTdk3~Upt$5ZMr>AXe*H3jTz_jUrI02exaZA5wY9Jf3*O3h{)kYym_2r94Xv} z{GH{DP$K%S+Y3zTr#)LLQCF$G)NIm){Rlz9*zX}mE|e1ZCA8$rfw*_Y8_6<+8@zVm z1_^p6R?#+8xR9a#7iTr2T+Lh8Z=V9RZ`qO)DB|XJ#H3ca&uHvdyynK@3Hi&5rrXuX zt1Pc6{>}$Fu7pWu#KGBv4pB~2Yt%up@M5hc25IKGuj)DtzL?__l;T69D1&xSQ+E9$ z=WDk&@SyvaYyCOnwT*)Ev&`~sy-l8^lSKpPnbr~lp;C)ZDCcPo+oTt+D!~lxofY+t zkLd{#S5zH`U*Oy+*t$0$rTBzgarf7+kLkC!mhMuER5h@vCxkXj>4yB|eFws^iy1Re zGi4kPBRZF>ovq#|jl&A!d(rNfsW-oIoa;_aJh;1|wny}nJ3)GlPv^w-onHl?OKpZ+ zq2+LN60ebJvd);KJ(gcV%M9<0X}T+u_Q`fG(p=R{^~rOv75h+dzD5VeHyhVAymjIv zR$1tZdGv0!XGC;;vPq?x14onM|ElHn8`?vfhd*5j?ZZF+=VA1E^1*o24GJvMHjwt& znaw^O6}>31{FyujUm|I>rcW+J`zPvguGm%e#Ue$ed^%gIxIvd2X{l|X>gX}q+iyq# z^r4cRV!JIcnRs^p50g0!q&`yS8Y0*HOOO;c3chmEfi3IB$m~WB<5W}?uQ=x=A=mL5Pb8cEO$E1g=cwG4n1VrSREP zngzs=E%PBVJzS-&fs3z_f8Oiv%H9@MJ$m+`**rl#=*k+O$Hj zy3u>5P?{WF1&Y9)>Zybia0)0$7gDnNy9*s>Jq!DD!G96jM ziDw~PX-dEy!V6r=x|eQ?=ON7h`Hf zuWs-+;;C(f1cPK&H?&_y`_1Jc8MEl6FHXYKRQRk8B>T{i5pF@~G>(6LIy?E>mTtJ< zYq~>%`}3J%oDm}gw~U<1E{1OXxets|;6yd{NvFIT({1=1Ylq;AmAOn$-H6n_zlKxQ0a@JI)Ss^t@WgrELs^-<;jdJ2BurWz9;@+=ULuOcdo zS92%jXNJOkIA0p1(hz3;_d4Nh!-Vwu+1G}kuyFpni1jlq#JYj~Ll2XC7|46nnSMgM zNmwyO4DLZ+8;H)2;Ot*I#-t76)n66e{j68H#6aW(&-=QPe=q%Tt4 zaw^BHMTNwdMfm+$h_tX13KKo#=uvAsxS(N-KdOF1DY+5f2qA0 zvypnay?>q+Hd3hk5_UkLcR@PKNOuv@6$jw98q=Jhz=WRUl?JiMnZ>3RUcX8!Xe z@56-5$%~FF;i|&^kjS_}y4fN5lZntiuBsX2H*9g9z>^}&MTFx&KOM@1a||Eb3Lv`d zj5F~}ibuGDYP| z?%QE&)l>bT9qte26V|e27thJ1uG5eUWhox6X@)fq-zr>+L-DD@E=;g~{<%rH(Mcx_ z9^E%RW_y6e!AZ)U5j1}~%zd&AOPLsG0&|clF7h@Cj5FT+u75e7e?pKMrvVwIF9F|8 zn995soq6>}U6}gtX`-S&M5E;MAC1z-d&uKTA%>JkETlTlv ztV=7ktOdeKxSJJOf!;=5I2SQLLk<3*j+U?bocHLBQ4oMbQ!9&@J)L_iHq+&oA$G;-J9(-MyWXx5dU+5#xbfR(uU87t^f& zpt(phlt~3}VWPl32aYpLQH5dcxAhde8rP}y_ieue8q0iYeD1raA(!pHnTmP$o*SnUnSxU1= zRzF`mQD_U%{#352wo{q7ztyA9)cka|;F;l=>%wu#bbE5;^)~OHi_>c@-}^S5KRp}T zzCHWZ@u%_T>GWDh%c^Z3R9|l<7xo*f{XM)@%|HS?_x+Zf^tg|TpS2Y$P8kwF**`!n zGX))!0Tv|>RkfFYe%5ofY~Z-aYmj&)Vq3GN2oGfTNw=q0UnNQrItPWd}FyYM?VV{#_MHT4$e{lO459O&sKY>4Gx{sk`*dVhqmHf-1dZp>?_sJM&(c>)fQ^vO% z%nHpOtU<1ZC{$AS9_^`xZ+moOo8)HyI$dn0%e=kG+Lgqbx-{}uqUSKAzKHeiL%*E8 zJ1#%Q(*4|2qd4earNn(Ir|l}`wt2SrtU7_kT-D3>I3F7RjS_u&Gp4v1VEY1J>=irX z*}bcFF>dB{EGnj9YP}MV*d3a5p3Ox#+D--=blbmW@Z#y@oPEV(c{l=5lzO&JBGRf@ z=uD9h%>r?mNBFd@19F~`CLtjFSQ0-Ub(tU2uDl?tCTDDdjqjbVstIq6tR3{T|54Yw zH_{TYqQ3GmZ+!!cE@kly<~bei^H}nBT+is;X1n|T*MzR*lPqy;)-SRMOTUpQeXa98nS57Z^`dmYcZik4pW=O&OWO7%Z3)SD9O}M{tQ9iwFK56tUAW&OA%QIRjY}kk zxRlLR$6vGAF9orz|7dE^2dRv>|9=aC7d@UI)LSOxY2=EukS<$p)905Cl6G+!s5%ci zq@8_bW}cO-pDle)mz-mNBE!M9~nU7&4 zd-J9Ahwt(56I9t@ONc?)^A~*5-Tj9nwanN}0+TxV#dEdyia*N;6oZr3-|2ub6nF#( z1xt9vy9@e3y~G2Zy{;b5Eq-s@ootwhLeb~H@1Zm}Sg)^gA5q?w_N*ncTzf}zyt{Fn zL>ek&4h(x?miVstJJsTGfuX+aa`cRX|E^wmg(I8CR#r+CntZhAQrBk2uITrT;sv!t zo!e^frV`nY=j{eQ#IIeHmJoSC+D;*Pz~1%QURU8&ns5;Iz%Ghsb`W}IeCA7Hmyw7Z z)i0-c>DBOqb4`ZZMR`13$lE}JSooiw`n(Re1BF=n1Rk3dz%B%&N*y9RiwyNOuD;^s z$B)+ARz$fOpSKJb7_(Zm>8LRfdFpq?4eKSN1G+3!@Ixes4NL4Zj{cp2 zPHP6JGm#SPh}zWJ&FWK+<(2cO$B>J^{95mApiF45*Nl--UOBX>BTB1WPrh-qlAa~! ze_^~gU31HI+=`+d6qHF7v+{=QOz~0_@(#sT=ULe-f0c&nXCp4#BYNyQ$)kC?=er#SZwEb@1mXO^OS`NQ05ktR&$ap zB_i4`Pm{9u4-Ny=CsZv9J~BR$YYprK*vd)>+^JQjpC1 z8oRrxqaMdrFwmQ*hv*LBkw+|-J{7xrZI=BIzOME^YKV8e#y#x<{!`~`W#nW;ZDX{R z{CcRB-x`Zgtnk+Lg~p2x@0;Ok@YIkmH-PA2cO5qnFaaJX*0??%n_l@FBhLKe^% z?>=-7uF(?P3o08w`epHajLZV!$w??vw5g0YnLkypevNbRR}vEH$+Ckn3sI&XVYF8> z`06CYzBe>=_Tp~-oym#StYTyB}!V9T;- zsk#J`Gb>WS+n_rvvEzHD;JW5J>%?ce1rOH^D(;}{emIIYJU0uJTbbv7AtAZp;K7as zT_i73Y^M@&rVFw3ffk)LJp&ux=10q&$;ruCz?m~1%Jjp=iXR_+3>shblx~VbW(28v zBa?9c+A8Vj+?s9yUH_0odgls8r6*^pQt?6QLeCUP#Wizd%g}>^EEHJp?Lp$r^D!I` zDOtmN4GJ&$Lnt&_V&aS#dyPpJb&VB#s`r)n(g`{~7q&3`P2XiHQiMrSUO zAgbqto#pQpLoClY`J^Ivw2?Yl83lmB>;E=(BZ z4t(n@)K;y7xDqKh1IEQr$7msAwSHd~dMhC91AsOp$3mqWJ#-hA4=Zu4sf|PRAj$IA zwY67Xe4jUY{mnx}|0vdf472#DkO-ci8kC-YEwUE^}=TW{D%~wr(VR2ObD1#y6 zhHp8yg{j}!M~q?@M?ODaz}f^zYGIDI#@sYWS!E6;oA5GCs07SDKH`soLeCmcb(m<* zO1BAM>hDZS%R|)^yr-z1lxmW%p2M-<{EHk_vHaeFMdnhRGLnTU?;W%?!(F8FZsa*t zxCrOk^98BMR2I1Gt~K1zte>{Cc>j`CCZm3w39E4EP<^nsSPX*7L?KCb?JQ&YgVh$H zVrlz5`s3Kkw=Q&u(@Wh_ygk=bAY%jOkt4TmHj)JF&ZZJ{e7O{A1bLs222975+qJQ% z%Lt-^QhI`BvvNnIK9n79cek0b&#APTz{~g^|FtaW!Hgy*_S3p`o}zx#+4BC{#ZcTY z=GL{qr4roavaG)!I%6t7j8eq4K=N0+#-OiqNCqa?-gzMWH0(dH(A?Gs|L8SnqVBR7 zrKe3VXdw$2X#UlgSJf*i?lDNcktZ{W3rOYV6XxCPuR7VXjVzJSZNN&{z` zHeo6X$@jXNFzE`aZ{z-?vbP8@{JNW4&$nwDnbkGbnO2cB$)e}Jz3{{{zwiva{~|Gg zf&CMHzu=SSDVUz3*+}0a38=)|_&Zp)Pw@_&VD$d`iqPFS;@?mHpKHGN^a~%I0i)d5 z{x#JgckVyQvNe8q0keIJ~YAckKzKSVD!Y7y3eRLB5ruDtTX@mwv(ozc4lRS zW>jB=WS)w+IcrHGrsSoaj|!wZ&&6Mc|is zRZK1Ys@8cQ8_f?e^@ZwzB(krm@7%lT4~Uf=45#_;0Jnx!>eYR*F-ViwKdTWJ=n9|7 zqdh0chEohXc#CGVaRrLV8e^H|{@eomDTKgr8y%69r{FI$ld-~b$PGILO@OHGzt7B#4-|z_Wl;&Bg~}Scl>S0+@WtZ@ zkmuJ<7ldMgi_noVAN?`H3`7MZ>vjsDKh=-O`A`%0DFVAV+b53IwY`&lO&HTqci91GMyF57J4f5_vE(Z=KlwAo=se8HT^eAWSU*f<~T0 zSPdmWaHJwbXibLFOd|P|#&!OCgJb|1#iWrHGvT-);E{y&*1x~xU~a^J%z;MrGT|Vu zuUX`5lL7GmqgWjN-wO+?mrXjE>XvOa$ArXGN3J!|Sjm5PF^w#}NExYY$umx5CQiWW z_1=Xx*=&syS|06Th9*()pp;K9r&Qig{0kN_;e4i;#MAj45qZiq3GU8BY}Iq@D(o6K z_dKXuBpp54LI(eC$rET4Cm?f#eN~@cH6jaRytZCY-ov+ZRucbT4`U$GU{6M!dhD7B z89+%vvy#oHAS74zf45WJOh(u4%J;Z;FnBoR?l24|tbdrBRWSgYNJ^1$PjM0_`?mzHm@{UMp zE1J!G+lH%s2X}H-^WABU=R7CBN@Z&Z0Ks-`Yay zGw3RK8~2R-yRj*m8wDpQ(PH0-q+rNIRdM~3Ot5!dN}o(e$48?I)h0jXX-?J9_phkF zIi|Z6{H;TA`vZ~i!yk1ami4SGt=Wlz0R-^0DtwjZK@Y>ekr=tJ>xNDB&g|jIK)}~k z)rYd{P<9~{B6T#;9~|i)v&dQ#u0ZlW3u~D@fApA@taoNT`K1OJS9=`?TgV1z15}l} ze-FZQd-gXrWAz1WjFA6k~s4Yp*rN(rjGqQp=gwZ>X6_1p&J7a`d z?<)vhV#84&M?6lzLreGsT?Q&R36``A7sPs{fgkCzVNJHs_GidLVNZn!z3}8#hUq6` znLY_~%7FaxM24hWj?fl|`PNNC_!Z)VA|iuxC(J#&D>2XLbH4qZsI7R#|Dd3?$N@xq zm9?KU%$;p=Z7>ipXSz2zxl{felSM-QtU3&Lt26hFccfkDj0bvS!h^^39HJx9$=7$m&l&_je{ZR67kEWM0npf z58HYmf8gXu%fkV^MA1XXMu4v3#hPf)hbA@#3+Q343H|U)N8LwaNc^~O)WKi~ZCWc~ zjKmq5Y(FE4kxzphpqRCF?eE-;aKe^_HJbaqP|6l29ZHYdPJo8Tz6eF!fzgz`#RUz1|_dvog^ z{RPEnvE>ScLfJ)*WMY`2@h3D75cW(bak^Z)*z6tmkn2~d3!B#LzLQY5wZY1%{l3iMSUvw&L9*qPxLL&F zBlG?5Kd(q{eHal^@Lih@a~Z3%)XqB3S#YJEHEhG5NqFL+b=C~dR|?T~96DM0{8!uM zse)c+U7BCnVY_%&27vV@;&rS=rvE{Dapjx&2VhlFB#F%ENh>d$(n@27njq6bL zax!kUN9R_yO3N_1>A<^BaKJg>NJM2lAW6JzW>&6fRNuQf`#}z$%{8l-ozC@NEr9XMiT{tSuYiiW>-rT$ zC8Pxhq!Ey2=i%hcE68dq{KbJGG^WhmMyiDV`Te*%Eh) zP^F8OVj|ypCu{nJ*Ee?xT9pR=(anikgod@g3&um$j+$`QIZXkiNlq&Qw4n=%ZY{<; zk(~`b>r&jV-{ag?cb9%`=SOyadn9aDH;^dJm8Y6{k^p~S_e?Fj{iE#02M%@}E0S{Q zt7FaMgSb00>wM{T%2k~{`Ohy3xh*c)^lJm7^Hr0KhOCwXs8SO8~3is?Ar}Z2J~&(k(pyoh4HZ{O}h0=zHGh` zXWRCRd%MaL)}PsYGs}&z7ubDE%{ZtzmB^y|H0;QZNwsa8Gw(crRiC>sDUOx@-Ijp! z*B?tMPk~r>FsJj&0LF+e`>uoY_ z$Y1*U?KZD7MBSx?aUtv?*TPTU^Askn9hJ;F2+U~Xo8!HydY>mVH>d){7~HrxCA-Dk zD#gZ-fcT%P@gn$KtoE@P8-Wj<3Ls$34IvF z?B_n+WOz0`eN6Q)Io9tbTdXM@jE&XS8t<3uRPFjB#JA;G3$l3Xvf&xrrswz5%aEAG zCMIhf#^s@|A)BjrV4fpsLM7SC&nuM&j0%!IY=5&31sRy1Vm6jE4EW0mD-2J1)tEI} z-xw|2q>Fl=PBX%(MSUMrUc~6W|GDG%h&dgpTr7eQ$-@vqmg_Vo615-WlfIqV5%G^= z)4NVrAs^GR(`8|Z4m5eh(KXTd^&_`uqLtS9yeWIRFvAqB1pxsAy-cQCSE_{s7|H#r_{SmH>fXgJX_4OHQIZ@Qb?X zjWVA7O9}SV_yPaiocZ(Z42FD-Atj}j-0Zl6fG4GEa9xSYi4P%crU%VN^UVfH)&Rwn zO`?_%t<|xF({hJlYK(diQ=)5l<8Za(`aOmTgu2p6WXVwz*a~ z(-@*EQFsi~*b|6gdFG=|A)Z!i0+3zh0+f~(1gpa}Dc$PV-M?uNkDA zT4HE4^x9GUc_NYEdRwIUk9B!c$)wU1@r)IwxrI=3t?fq>`|qwFSj?{duKbUJ94y}O zeHFlWe%Aa{1|oAvHy(9YL$Ah-nIUa+n>Vu`5OXc#HZC?I0{Z_)j_Pq`Jv;xI#c{f`Svhndx62&UY`#PTw^o-N zHz2dsWwn;CM*{$mi2J`GXZ;&JRH@KoIwN9_Ax{5A9P~F;sK~$y7MD3Pjd_VFCfgaL z$oyN|n$y(T(+nO{{|W8kKw_0o^7l_Bf?7FBN)52*YY_%du)H zK8CTk(Bpb8`8EEanR6E9%aws6x2-*SA(z8!u1<(2U0xYwPUz9VlSWSkNKmR+&Cgev zMYYHZM7d5qEw}qVXC>B3(MXnD-!~12c}VrDJ%4{@UixFD#OIIv%Z=*ghBMk9FY$WU z%FmX8S|4Q~Ly;p{^HJBRKIaa$InX?uq(~tc(2>AM9U(FSNhS2a?2&vo449b5{^1W>HcqD4#S)Ntk znRcAS^_{zN`Wv=o@ANGkdpNB_l`h$PSRzloou0A$$&K1El_;q^+6>MadJs|!TIcYIm(xJel$59;Mq>MRnCe%67d-^ zsaD#o-6@8w4rJ+UenwJp$bfQLgz%boRio2WM{S8iK|4v#O?bK@T0u8A4C{>PJN)iI z1d)@?T6&@rVy&3DuPdGGuUNW#O&%+>QXTayxEAtwJ$RlIH{rBo%);kn>nUJs`WBe% zg=id6*uHT3O0&F&jb-``5FSSoeM|IVGS%3LFVqSMQmW0tbc`N&Hfrf+Y4&*QTt zM<&+FO40BDf+1mIRr$H&vy&y^YN-m7pjrednAK#P$ugE_Z2mGJol3@XyiTmL92$1Y zu322=uy9mANHzXkEknFAHvRP{x$%K^fh$3MN76#96-riXr8c7(hvsK11`alF%+nDg zdTdj8Wl8t&sTI#JNh~f#ayB6)mZbtpN%BjICBOO;1;d6!o)0CqP+KL;fsDiG;gHFS zaf6HYzNI%Sj_1bUl$g&p2CgT$CQb?zlt9@JDjH zQ@q>ag~~5}*XdwlVX3{N?MV&ys^WIG7xj-0cbOqCJ*OTdiynN>ZGcp4=c9cXNg0^{H3A>4(P`pOJ9nUOt*QmwqPR>j&(jQ#gCFkTZe#Bknf-joZ*M#sh?s)(&!R%e$A?NrVV zv{%e@y+W-TS1CJV5kzD@^oF_zc@tduq158O=sxc2vOiv*QDhb>R3GJeMXRO;7y1)S#>3^a zq3IGGR(|JB_y^CeVVgzk)UDTABVm#%9=y5cxr7i%A|u_6Q7ih|_IYh-Ulx;d+WDV} zp+!2x{>U@eyPVf^G{uZi&%2gKwCJ|T*7_rp#|BiGgzwZ`7!JjQHdN^nSpciB^8e@-v81o>Bhp<6|b%nu-d>%+Cn!7F-=P@(u5vF7Tdg zltb-F8ieUhLC~HMmIeBPARVG*sLjryq^Dds$7ktB1UzM1YiocrGEo-3ZhE#02bDl9hqv@$Y*5d|@%${=jx&tMh+*qAn>f(GTpApB zc~)s6cAr9!OG+vk(hQ{~AK(TTBrCo_-{(e;je-{SlhwKT zm;-7LLq3kShz;nJ$Hc9x_8hfW!jKpCszJofwQc2Y*F%38ymMhBHHpFnD|6?T3{9>l zuOi^^j$EuR)r`7=i3cleUKYx{6{|cM~f-k_7+T1arqn;q#n>*$p((-E2g#B|7m z^|;@05+fPi!86J&n~_NnWq9l6E1ge)3X(A7S|VtLMhNP>NI!c<019`;N`>5Apz9kZ zHOCH5!)$mhIk-WowxtV0@+NNfjbP@>!u9!vX9}4}EA=Ab`b4IU77U?@Q@yO(XgBSy zb5o`JR+YzkRl5|&+tYU4ry-_l?^nB<`2$0+j15vPM~{_@nfq9m(qik|m+V2OmR|(I zVmBCzXFqNQE*!TKuJmRHTqiTv?6Oqy3cxbb_KOa8g3E;5awj`R3zw=W)6;HhAFddK zN}}Xb0@NG`>)qj=W(f+(rr=vO67LU8K3_dE%CILL=`C^|QSoeSNOJ4f^Ou9CaGJ)F zuO5IvspnIWR4WtkrBB|p9+VQ}+8<}c-%C)!M@--|&M;TU8(%&(3i049=V5^pt=H{W z-ein{e;nsU>jG--Iv+cD&0X6tt$6u*wb39zWOUnL;z5h1IM4Bz8=VX zv_$4b68xLbFy`ff*q5KUyhlCv$?T@}Pv>!KcUwEC7Y7RTiaJ?fa~pz2jr-pXorR1A zA0up4s-4OzNXqN2XFVkp>&}-CNbwYx!w%%f|~VAG5fs` z^{?fOa0MsT2nY#Zz2~t;ta+`efMcZS09jN{te|hdP1%U(+8E!XTRs3>Y^wqdipQlE zHv)5yZCYr?dB^|LAb>m9L+ z*O1-0dVEj|ST0BU&HWs!p)^`iQ3_CKG^cy|&Ir8e0h$-lTS!s7r&0>7 zD(1p2ry6U1n;h6$4Ex@*3aYt{gSgLq;X1R^_x@39QCrMU%WNsPU8s|gi$@8f-Q$`f zjJGs~IQ%3Xs;uLWM!PYdck=m8eM>J8z^8VF3GLLfafOP%4+QJ-4WS(J83M{`@=Qxv!d|BMu5s!ZWn)%u#Yqeh;&rP@Z z@PK|&Oi(p;mjxztQd%0Qr#l@IAGCpi8A5*^vTq_WBvC?+L&IgV+G7}OuMe13gSoO06=jPA7%y$tHXC5BJL1|7%c z^~DPW8QsUi-Lx@s4?C8&siUwNb0@fNb0c%i;t10>-Ia`OIn(5QsBQ{q;NV3A6z3tV zr|IQ1mlp^2T7QDY$1Kv7g=Vjno`KDLN?Hm+P1U`g}T-x5tD${1)$wZK1jpT4Sz#KTcCwe0Ko>~mN{ql4_ zK`xqcE`_NF)iP_kJxF40BugMcdWVh%-Ifm6Uc};phs-aO z!T|M#CRZFi01~&T&u_iq{9g9fA7G_X8Xh4*Jaxsly|OcRvZ^RlE5fndrOn?)r!-k6 zWZ3k8VYbe8<6CWUV?=lfqwbG@-#Otfd&^%8n{aV)@0?IDeRsH5%SfWEXCSE{7gLO z^STEoCnrZ-6k@J;8#1r=m&NWlHQ)T2k#OA@kSM&F7pi8QySb)kieHI+_N(9L;<|1r zP$JT3rUr3DOi3A1-h8sMM{TX~BuFjMuMCshDk6X{rCuPis^0or>%PdvNxolR{jm*^ zx&6Ar=z>zm!)`%7p(IFASlSLD+6gg=uN!MpFn#kNoW@6#2FK}6Pe}(;h>M0zcum!R zpRhF5e|#_BDLJe;#8s_e?qR3N*Aq}acg|B%M{c$w(tc%ZfivWbJKv;M18UV*60^q3V$)@tkrHc66rNcoY5;tGkFt@G&wPuDkN~Y0 zumz>{YBFo9D*So*T&%A#;|J%t6s}KNVt~G=f{f1|IdkZ}**_3RjP;8>Yqu*CEUXh! zhA)vVk;K@G5kI_J+TK&@B@m<*0}Q66&ql<2 zm0yX!*yUB;X`lZ5sCG66@!Ldov`Ce*rSKq_6CHEz$;SV5Df@nTFmHV#r$-W**w|1tL%VSIAqjl7^}H1hqOc(S)zC{{>h zxZC6Qd%O-0cz0%{kd(kfsb77hQR?gWBcffA8F72p>*+3kkaG7owU@L3ly@wio0|vC z^)q)j_Lj{r7HnT^CCuVD!gL^6+3QPBy*w^jOJh+_>8KX)%W)m)|9ArvYSAvZ&%#Rv z#|bj-87VEI;i92&8XT>8{^3Oyg%z`B9294ed$))x2(qiXVHxWCCF*5rqXlkkrfA$d zx!sUO1io**@_+{PGNgk8+n1X7+0u^L6-ta+h z`_ojI_|8Mt7m!E6%BC+N!K*|1Dy!mgUp!;6*GR@}cyc;R+;hc#maK4iIRl%^VcH8-W|wqxu6IibZEhE!^5o2st~ zQa`84nHYHr%kcGV8o$CIA~rV!O#n<4YzkHS?-mwJ^wW)@Byceekid6%FAOuTu(H8& zwskQ*%eBI95y^Q(KIt#4_-;X=HKsaF%mU-B<9Y7nZ$8f)efi6a{TlDnHyo+L`MART zfuooHhh?jJpWSZb`SXoqGBNlL&B+XoIDD;-b4tC3&B)qBJ%S7;9}zPP6hB%R8MU4l zY4{XC=y~Zoed)hGpja3sVk@cq+51fB5}e^s`o0sHEuM|O!&Apz;HeE~F5FMioZE#K zK0ATb-olYEc-Xu8su|~la*dshaXYv4>kubHCF9@4-@VTx6;zJi$NU-Dtu1?wMSM}u z1skmM+UBjXSkT2)ci8a?WxR=to)Et#TA6rvFmjP`*rCQv-+6X6PiFN>eV zx2_*YmqF+RhEJ-tGM;(5O=O;ua|BMGg2^+{7Px5=t!TdZ}ebK+NtDAkiO!|o;cm)W3F&kWMrwb7jM>;fM3yWyUvYkgqOt(}cSJbdJpUeLop z)p&26)8tE8fqe{QPOVnFIuH-Eetl^uv5&v>({|W$^N0`D;=gTG!=&QL}qq+Kk$ z`IEoD0etuSAF^K}kxL1IVVwONh4SzobqrC(WzD>wwp5FgBrCl4Qls!5BZ`9y4P`s} zfu*2!H|_gQiz?h_c_OOT5bm%xk}2kNURT0Vn$DNaYN-}fXUd|QlQ*pa7r1VCn3Rs+ z6-5@HQ971Th)*TiQ?gsHEWdc%#OMcI)3n|Bx^OU)?n=~j^37E%erL3VKXBTeMh%X$ zHe|~(FG>-8;pKQT9SvP~KO2y6{aQD5vxoDfX#WJl#DK_5*Of{Bi96IkUbk6+dp{+S z)1>hSKQuO?#dgQc(%)g%YRye|hKIzjr=`$tVEMc2MY<6GqZC^vzLP<+@uDMFmBT+Wwc}zX1+FDYod{Z6fGLK4Tii>Y-NlV5MY{yVFC3e?sKd@Z&(%L6SSXx+weUx zsF8k!A$$1s|{ZKnV*ppbK+?P_4res!8*-fYW9W| zmR?^3G{Vz{OyE9tyy}I4_A1s7{Ps9LQ}PnGQ=HOEL9I;Fy>@yZ;)MMizHD?7@-LNZ zw_SUw$`e-06CQR4BfqPOy*>5XAv|h^Wz{exPC)1I`GrbPm}C3T8lR9oV6_d2I|O=n zWJ{PJ+vd8bb%)d(b}IZoGaxGROWWi+T!EJF)!$HB0ygk*rjZ>Z-3tbEq7`1Nt{G(v zV2?!ZUSzhvA6U&XFIutDXN7 z#4AI0Z{$nStC=h{z|*={FSSFVPfTLIL%SwEJGtf6O&Qwb$J|Oigp8&;A#GBHJMI!u zeXpgxd(~|H{+&RZv-_cqK2EQ?X~zM3So+kHDpv_E{DW$pn#PfO<#D^h>WdA5xo0=E z0)ye`3R5F|z&ahfwO}~WT~HddQaiPtu2tk1b6_Rs|1+3$ZI3NhW3ym!?e=S#r9o*I z7Xp(FVZymUj-E%z|H%aqhIqvVBrOCw%-vBO5{rrRd{?gwH&&cFIrlu?Ra~M^JSS6x zYmKOR`Emj?{bWroJ~}uF7;NLIl-9dg`|?mmX(|@i&3UDBV%r3SJ&=}I z2QCdL+x5qWo}D)cnvdnYm-rQ+=4XtigZw%CjzBx z??aeWWMN2*h|SI|RQQ0y5?c?WC^9#Z~Y!vwx_RoY5pf-tMVTTmFz5d1V zdnuImv+fWyqq8Mk0f8z{X^c&23{7>EAS`auhh?xhG${gKi464saXOTz^gnO?*FWr@ z0si4#I5FcpU1(svmNAoT4hPD&GRZuGK1STQj_>v-O2{Em)dQ9|wHZN!0&4a+~6WPl;x*7dN{U(#@so&^Z#J@)i(R}M1 zm;XpIAUG7t&}2Jk!HR`*ZP4Km?cIf{DOqSm@e1v$?yNIYs!v7#XIQ?71@U0zHV;pu zhtuYKEko#XHCx0N8oQ^9#ykb99Nzbd*Y1lHqPqmUS{%vJ(Wv0e@C7QEM5)}A-R&KyIQJ#KSI`Zx! zn5!|nng0=ZxNI@UwFzB_07WNA8sw+Upztdded(3J^U--`Jzg`x*>-Wl$+SAx^X2h#PwC<)&Sk_=&|dGWRvSK- z&*QzHl*0FWrWw1PIgF#yM@PMzWU*S(2myXtdl0W5^JW)e)|VtZF4V zU~eakkMB#Q4T=BB6ir&24^fblqotv_1*!)k)`rqYK}B}|tD~upMvc|o(=7O@KM7uG z696L)J&n~l9@6}-!uf<9pj(%|2guK|-(JonK$ZrM``WUr{MTef^>QEZmtEeXR8T`i z2|2^|T26-Ev~SOc>EKx9E)B|^y3I%%iTd4LSG#@%Ag!LO9;FX+-7^jJ3LMYiI1;B^ zZmXP_1JJqm60sk;+!`e=U~zXgw;G(GMuIS}}oLUW0D*)rY0u<5mldre6;SH&Ea5^#4iy`E>qm5K?E zT5?2Sy?F=i&x?`&i3*jfK6n5#WX<5D24!TEY&;I8{3Gie4Vrk*!I`OahHb@KusG(R zQ5+^NZqLb5P#mZ%$Ha_4@>H$$d2?ib5`KtA_>IcERO~j`Ov`S+pYaes^@>Y&&B&@P zZVqT$(smnlJxsEzCg$xtpy$sO zAWH5<9W1iT`C6#UH_x|*-+Q$-P#*rsb35*h`Ms5^Y;`*GH8#Do@AoOreTw2YtnJ$1 zMRpT%HJT@6uETB${A>^&%#le)_-wgINYd&>lz0>q>+`POgTkL3JJisF((Q)8Z5H`j z`%o$OrLHrrUR4MBhe1*Ir~)X;2P9rQ5nKHj{X?QsX4rmtU+co7+pqaXQu4)zEh;+v zBP0$?#RD90l1yM!B_Jb<1Wmk(4B$R1pUk>M6LE1_(di`7OCW|wAz&7=(V75#G#&kJ z)jG$Hxps?)1FEJ6U-xguIooY|DAIl*tO&hc4Ud6bTpNt{|BR$}`7wc|l~VvYdEZ8W z(|cbk&*^H&ZF7-REIeh_laB-zwNIQ>k~=is^UY}*L%U=OV~WF6T6P-OqA!swvs5&a zK_o7K$G?9Cg(j)H^w{^niYhG61S8|?kK#y0Ec20C}xzHkA{{VzWor!HWu+Ql9 zEVuF0;R{j_dc8Go>p>Zo%HAEs-GvxDU9Ws#VPr?8OpddwI zid2-WDV-a6;iCaRjkNtYk_182?pFe2;-he(|8;A;{*L|{t&w9GoG;wtCArug_2-q* za?UNWwaQEUuok~@VdUk`qrn1Y*+$Y1^FLiTUhB4-qcV@$uP$EMyZ-E|SG|HMU9%oRvSM&F=m&2!^*%^TYM{4v zLZLoQs;QB549e!?>(pjF$o{oSHFcdJtfk6p4EL#B{;&CdAa5bsT0Px+hePvz$Qrwh zO&t<4_BlEJ*TYBk+`pcTHw#pBbu{k!1m|ystEj;fqB^i)8Jg1PVyT+2CKHT#bznOO zt|`VoLD_aKPe6*wLx!&-(vuRH#wmN<-KP_02Oqz+iEZkXguY@oq~mo*w&`4~MZ+>6 z8_Exd$=ZC(qTj>iD~+-Mu(~01-X)h>B0=HVXj1E6~ovE8W7Dz zqR8r4@INKNpPFYNALb>NdI`*^D!|WSw&tD`8rtv0e5|`Y#1=uo-m+Xi&eAW~`6Epx zdis0C`*eS7Ewjf<>=4uBkpO)^7c4h#wDJp%&1g`*Pvw5|O1K&Fp8e2N+w@~ZTdK~G zB1TI(%Bnd__z%fj@Jy~l5#t@v%69v8R1~G~vacQl#Jr?hs~=hb6YJeuNr82Bs@`Mg zsh@*Yc@6b8u0WY~Xh$d5i)N;gSham;^4k$zOVVna1usd{9|CSZ%I|uaprvBnYdPYL!UuY>2ReKukDIZWfASL@iSZ8x`z^5W^0g?V~Uw>ye$ zehr?RN{m7~j%7wquN-)>*Hpr}@iFK^4(cm~E<=^zl=1~QVv;nqKYO1sj8$PNM}%}w z-^Q;A^T0*}NlQg46BWc27|)2&2tRS4d@VO~Iq3C^1J%#j#AZ)P`r`45ZlbPw#G70( zg`cYi+UmJQ;MBIh%E5g-x^tFzQfub?U=xlbAae;7px^29DE*eaK^=Bglnbra;4&#C zHDp#S5gXgSJNq0H9cnrFpz{vAsm zL9jfw1Wj#QV`K~>jl7dNp10HfGu41#m}sSuQhHD6?B-Y6JY=MnsxMh6v$(sim?E?$1@>tt<;i>sCuLYW z(Q9se1V_x8+eZ9X`n{nMji=NZc$`Uiyg$hvU{13j)aR*R{Ji||ysW!g^^%u}wNC!W zuO7&uA9G(f&syG7S-IOXo4vZOUC!t)5pT?%wh|<=65TTF5fmj#tvfGlEOgty)pB6q z`#FO!Hbv>)`)N}OvM`BC#EZF8IOb==FJfkvkFhP{jH4Eu6)|Enjm z-P@ZYB{;f2bc>-uzSBV9ndLo)F51k55t;1@E8pHj%E;e}_c!(ic`zVIFTR$!$adgj z95yiuNPZ{aK%ul)x-VJK>E7N&x#%74J>|MYE38xIF3&F>xsrU#U$Za$;8{s%aeSa= zKoZHcgWr7_Tb1r)IC5V=b8vO4tTXoFG0{*KZs#FCEig^)pPeb(j=4W__NS0=BjJGO z^_*)-3|<#!P&Xugjc66D-Ds000b?y@B(eFi$nRE6iuakLnB0cN;sW3HifP~mgk;a5 zPU7qo^N(8c4a+3mGcL<3(

Ca5F$kg?&u`bYMrO4@tVd8s38KN3l9cMxc zR908fVi^Ka@S~-cln#TYQpmooU4n#48z^Y(F-t~JIyhwNz+g`?zS`pZmI=@whEhr? zQ}PWhhg~T@E#1(76$d_-j9;r}F&nzK>$1*|>!^vr<0~c%YlgS-5Doa4wjBCyJ;BGG zOysfq_U<@7v)a^~<*64YKKC?Q?mfk~4P6w>m3@BzeJ{@h&E_T8lM*m*sK6x#=3Mfk zlnJB*5J2G4p2Do??Hy!G@UX4diYFG^;YdNTRZpFTK5sj}jIV(2Xj?xMIa5_({I%qx zwFuTiLA-pF^Nyu(!B6|TYm8aWFbZChSmQIz7>{U?$=5cLHtt~6#@QR>)r%LLej5I< zahoyIV#y4dVfbeLr;mg8pu%?__l|!zU4RSmr2RSG*itpQefz{-1- zdcbqI5*p0r8c1n}V;e|f)8CfhV@@tcHT;Q#JgoNg1>JSTC^9LUgvt>M&9P6-kNdb{ zP4d4gp5JD46FW6iFa%Mn2+2LLy(^05o%)YO-OL86gJRAWf|wvOyCxl^^~6^^kFQEyd)~ZJNd}Ia|vTVnXmMB#rm{9 z5&CH>{LE!?8I>8X)Evu88QQ3sOU|BV+3`}_&`XBY0mUX{#CmeU#diC=o6KhnpJvZ+ zA#&Sg{pBa!FmzlNoiANpi*>)nH)ZO_@lE)_)Z&vc6J>#n9tkh$LFa zPPNCb+eWqAliZ4T3rScL9Kn5iJIk8^v@36ckF4pA>Q;c`~JYgUW=CER{ z7Sm&BPDaB8Blt(W04JV}W-FaCVhT#|Eia6F*Ey+Za`^Y(S02w?LU1jE*!=iua+b~@ z({k74EjCX=>*`_UX2>2{G_ImI2ND;VX27dN4vHh53pQ@Hh`yP#4@kalZXoZn9Z`^c zVj9^!^+5L?7cx5pml9GSZ+Qd!Px@c{51tYf$*2fVnblwds8s|8REhfx#)5(m`g2Jun&!fqM)k zJP{L6aTXV|v5Qzpt9FK*qfp>EMtqcVG z2^&M8McIl$0{|@`>~Ok!s8YRT*fGvw!nKol^9JPO`{y1!4wi zqG)kt!~b{N3Xt-g0;4{bPGg*dUtyV}rWmQ*T0VMheQ71t@Pjh>H6b|Lv zJ<$wNHVBO0={g=49btMvZ!i*MlKwR`bVV0n0cQlVHs^3rPP8#8X-+AIvn#MYd1hom z)%O^BKu+3kaTq?cDg{{I!a2-G@$NVPf?KIJf6U+L(^=9{h9Ey4uCX(@04W{G#W+av zw8(F6uB>a8;WEoV@(SS~=664!OQLYt8htB$3m_J*3oxT+furlPHi95SFg)L1CKpEN!5F>(vBvwJWNL!0SNT;yN9s&;6GsE#meuD$GJRoHw9eUW) zF#b89-sV@@>(W8NE2$9tp?hBEOGssgvG(Cr-0ob8iXREdm zZ(x<<`Z5eUHKnh(7mz1Ba*{+ zJ8?P5vX5`Ab8Nakj$*z!#F+3{OExM}uP|^t1WIx%aUAA`O+HwY+mqQC_+9=0IGqC^ z!d%I_^NqTfhBrw(hvC;$F=x{D=bO!u+$c_Z2+NQ}I-N9Ui|2PPrJ@I9lD0cdKud_-a`IKqzU@p0 zfzEdH)O*!8v1~f55LyRGWR>c*p-95W01~IK!AZfRRcjyVgT*Ta2^&o~gBC!@&X6Rf zHDGg|eD06u23R0%0k*@9l(y7vYXdwSNkzmKu2Y@#fD1i5IrKa`{}}NhPURreMxK1n&hB-MCi0y zgp`oOu$bSy^G>e&_=4>gMke*BKEM0+Q$mhqkD9%T+{1o4@?K)LMvArRU!8ikGC5eK zwi}9s*FRrfm@i4xR|Ej3-f?)ay_n_4Hgh3n0_udR?CserQyfRZOT~04%r0HPvO4LGrTv`7A)QI~OEUQvfVx@>-ZI zlvw6T*18ueSp;BE=P@EP$Mm%TSCq@? zdt0vW_wJfOCCT19Y5Ky#)bX??195vA;yk>aWS70gf|&M}S*Y6@v{=b!emiK!L@;Zk z@%B)uMFGN)3VGXrZE zBlw8f$FJtrCueigO=WyCH9J*KhFC`3d*-|^dOIqiY2p35x3HV@CF~sj^y3mcvfMP^ zvZ!#8o?RZ;OLXcU;<{P-Wcm(zYx*O4U%)%-Gj&(;f#ij#8m8S0fSHq?1$3ZfKPI5S zs|E|{9&m|Lt&80|BTz(6qt>sx|5f?b8W%4+<@&AM}j2RW(72f*$eN|DWf`W=FRYRZ)gu*w-EZ)jr+ zF9NQj?M$Q32lm5kkC62{+(aBl!kI`|ZTN{JV1d)%+REZ;>mx}Lg%91;C1WZS%exw65B zie~kW0IOP*@%^k;%DQKs8|RVMhP|aV52BUqaB$AEx9sep{jRJ~kv5Cmj7MV9c%x5} z$AUQf)gS3Yu_le|%NB=~VOLb?KbwEFv<%3f($ZCK&3iPR_DPKmnv;9H$1=6eKeq6I zzt2;6Cz#0bZa4MN*z0N}V^AoHNtSm=%hfO>cG#}#x!QB5FK>unPO1q}5Jd;c39{C` zpM3j;d&5vcad`KKwk?7%r*02hpfUHDgjaL5{)LiBO_@LwZ?CUjo0hW4`=rR>Du=d8tSe7=o9-PF8ZK zP`lE`zI8cnFUvY>NnkeWd^E@dJk`UcGFA2VkHDpxbz4>Tvz&xzz(qfjo|gVboDrzV z+3#xBYV?2Mg5ko(z+Kg3{j8oxJ!g@UWDGzo&mout9lwX=ETG2fKd=#xpCwqgwYIoA zmX)}r{TljqdA#K42sUJR;mb_M2gd~ZnRT-_YIg%MVJz!t0MOAVQSHzs!5-sU zKI^7OdpufGs<>8;iD5*xkZdwWC~@z-QKaaNvH{*+HDgC0{FGCFWnyvt5};oZkK1Ke z0nu$y5+v3pHC6aUzn--=>joh8S+_GS>yNm6gZKF6+n)0&&d3r z!(|k&RxV7Ek@&9*2(1Ey)DKt~1+1EWtI7Lo{&|;BX-OxrTP6<)zojKQmxgzw)g+A_1@uZy#e328WlSt_DT>m?>|zUZ zE}2=%_5xB4t?J*iIG{)Noq`0OfK?^47~*NaFpI&mN2pOO+o|2L?~kLU&nB)t+w8#e zrauN`sw^EH4yR9i99Ee2qgP*CPn9H`uz0~f4XM70B0OkmcsKQ>v}M)hg#c%hjEdjq z^z9!V@qe}S9Uexm)>@?I9)zN3+|V_O7sU*7vICfEIL&gWS;=$ml(KmAFsH`$>M z1#=P0<}$!iWz?7!h0fFJV-ny=1d->{G(&&}J18Hu6%DQqgr$cGHm;h&5RDzhwg90& zhBCuJ0s}g2mmfhKvKBW001zsKh&XvjQBdF$SW@~oCp2vFYtY9n1G))xhfijQVJsvA zlE&V9$q&pkXnGLuG1gyPG++B+Ipt9Va~qh2Ucac`MDK%{oTOQg8Y17s`KOYvaPEo~Xtodm|A#8K!;tEzBoXZiPb8T&k6M>*!Z zd7?ElSK0Op9LKcs<4P80+$25E%ggzG5^Ypw$FC zB*2&9b!;kJwlh3!4;BVy2hnI#nSI)~@%bJ@IQS}ULi|*IxU<|Mrw?6%xU#-TzK^*6 z4%gx!3N#pz&L#`QbVf*SC&ST()SIzh>L~cXeZ`>h5ZHosCiH(xSsBqp_fexE&cc);M%!q1xyVm^tTl$0`Yt{P^)c-`DCZ#2BAI@!`wYFUpS?C{^M zEN{94ySc1TAr)T8^Ses>(BgdQQ4cIVG-wt%CPWD4c0E{s(|jK(^z6L9WktZvqJlrb z{LqZUXHxcNMB)esuCZ4;Z4+w~C{x84*R>j}4jw~5S?k;X9zy^^`$QszP%-xkz+CSi zlH&XouqI#IyDcC8@ag4rvpbH_iL&!4da$W_rse6=PU$fCu-L~80K3fwnmD|sFI~?9 zWTq2n!((4f4YHbLg=u@!rxFYQ?u(pCN9P5v95@IA zQ71RIgqT&8&mS~LuGkdqGprI&y^e^b{5>NcZ(~RxR9MDD%!&3KcZK7En9ywXFy1Nl zqL3wSJt(p_-gh=XiH2H;o^IBDNnt$qyw^Aj0;095(f>2-CT;ej91 zD0cL2Y}211fBkUM;fI}izePj0_GmKN6|Rile)8OMP~YG=uHoT48UP#^>$@3wFAH8T zm>bj}q<}vc#V$0u-4K+s=~h#;T@MW~Y!8@@{P)r}_<^t-btpZD)a5wxLIrPqOg$$kk5|`5FZOBl4Yw6e9rAGpkHpsoz5M34gvjC0Uwk`ZAMk;8`|pt)WSaNHJ7nkSM2eK_UYRa~NGW$VNELafq1g^U74+^P#5pyU2~UE|+|pIfQu+r)un+ z6^OT_t0kT|4K~Xq-L#z*zch34XQRDuLcAQ(=1SF-xFi|reRvqyr<<}VCf8?%?<2Jp z`;oRZMf&B0W1$9rKp&%&qcF%B&FLLKz|>1MFX7PEDtrYj_U#TMI9NY9gVV#2bVyA% z$2bV|Y4f9FaXYpE@HiOoWE z<8)}|qLlF_hGP=+W||+WUL>f&{+--U)R%zVLt&iJrET#YT?G#H!~7yFHikrCyfb@S z)KC5$Kdn7peYN;GZ=?BC?b{oZ=y+j#nRcJqu$dVY6|!1ZQ|sTA;$b z$jtWc)uno`4SmQmhL8lb&wspuBSc-`5E`5S;*C!LgYeZdBcnXO?}nd_{@y-2Iy>TD zHUe&VA^6kHosiMUuRcxt2|vyLM$(4IzP(P1D!IW-R~mP(5E8hGA!FK14}f^{WTRPS zX718r$R0bV2$TD2%l$()L!arC{cF86DTw|j&D+JjwYRR**=R#sf{#*b2e?c{!aWqi z<3Sn%Fa>0JTUp#$`wN?fd+T8ov_q%{kBPu#W<>(O_{;_CZM!s>ls1W|5oelYc@azv zja2QNyQLAfFCiVhM*ZV?jJJJOwYeBBgRKg4th5mokfKB}*vseFk)axW;XM~`BT$jdecPGzA!~B0%OE3S7myVs|qZg}F-yNGtD$gng-6^pfdO^=Y zYoEe5R(LhAUif0sK(L;`+oo5HPflO^-zNGX|E+L*VgTHbZz?RZ@T$*m1}$U8`iUIe z2*t)|r;`#}`3H@BU$!kmHjjQv%09l2!lW`kF7`0-KwS#_Mb7*87!P@CC4t~0zgxzq zx_;`bIC7`Kc5H!5&oCxDp77G)jd3-fY!!u@Q26XcKu9l{xNydKXq24S{1R2; zlEe7XWd8FI&hX3gvZcztVViVD;vt46st1BKGOz1IZTK26|g>_`@dQMv_JHxK4RoFhF0Cx zKGPDaK=_A^_kiMal`8NksslLOfcGFB#Jtw?D0~id!LF0=_kMjE% zV%M|#Oww_w>wLe&x!SrCT7{`XZDAAYdvSa|+FC(ef__@6PZefOuhIT!cU$!`R8C89 z2yO73B9HJ7Pd7jKtr;G$?ArYF66cSAH&;}CyK+81SjzZQw)*mfbf|Qu?)pm76O2>y z`VR8;3)fXygji>At66lb?^Q6Edy+&xEJ)7bUA_n5BUE4EgjWUeSe=lF{o8MLANA;^ zXQ=~du-C`OKY%O!h~V0c+!be7S8r@J^%<&h1_7kZHTAxav0_}0B?et*ALnF{-&TGA z?y=_r=+1K_pW18<%F3}n%X=UB;ICz;0It-gUi@IK^Y`b)rHr%4=y4TNo9+Iu`E^r; zS-(WP&~(Paqi3meWgKZA*SVo1;i<>)HZeAD*ZUa)mNNoNE%#sk`+GC!?kTXM3bOu@ zjO{AfVt!klW!@4H6k>I7gIY{n5M20n@6{r6tBY^cgO@h12Tn{B=UAz{{m1F(ogU^$ z9Y1@&J-6@jXXT6EVPt-DjgRr|wM{3Qzot?nUF$8!XUkd@nLC2ZKOWSj5_Goy^;_d} z1S5v6i|fIYslGmimy#|_+->6mrE%OC_2;TK|3XX9IVF{Fy?uUW+%B5vKo4yJ8TS ztB@OjiZdy3r*k*4*D5XAm&4MB;UM(0sN3Hpi(ftYmM=(SR%LwlSt|^C*G*}Lw4i?lL6Up9o%N6UCKhB-A)9&23&|rcr0%nAW!G9hp}$^p_3pKM6Vvo< z-vF@oaCPI|VvkbY;x_thX$jC0oI4Q=08Jr@gnJVhe$G$C1Mu_Ji$5jaowOOlgd0N`e|<4;e){EGfV$=St%G+ii(R9|5r6U$auS3@(Z%dq z8mu$NG;|=;?`uJiymyrpI*x}3%Yd!E*)6JplkS{JlVXhKJ73M+q4&#q$h5E#d7Aa| z&9~=Z?vbCOPY6Cq`AH@`pOONT=Cnw}2mJQsH-to3y^^0YAIv?{$h@m#1ETqOA&{9@ z3Xmn$kz%{DMZM*<(Lz%)-d9Cdc6RDarDzGUCn)dGuD3&(&Q?>`I)3UAB!ryYN8d^B zyHnn9O?qNRl64;yv2M6$IqIs%8;8`jx4CRp^-IW%l}@rCUb-JBe|m6uH%UcTUGa)w znlA0ur7O}(fl02q59EkVtUA{jFr6U8^#{tb^>X`7dJN0YK=3N>)W(N+Wkf-jzQMJT z*RKJy3BXGx!2icw z)%|NYq7?YiwSbjIk)XJKgdlaaCaAy&YekStf|P{NO&T5i&`vF4eX4JeAKIaw#J6Tb z^x{~K==gKqBnZZc8LK+2M-#w>R&pN_n|e%O28z@AG)jI2MXl1;e~eVa`$XdMeR>yG zG?Xq~uU`5*LVA>3&$?%?d7`O(mn}x~*PRZ;zsX6sNTdBWcatrQ57&6E(eNY2`*g-# z6y23ovToc1n6bdWa-4Y#04y3fw05rK8~KducKY|^R{-FE(ivVi`Oj?@P5c5l(a!zF zvKpYSUz%Ki1Si%{_vb}=dPqxSyVeX+PrF*EC~gCyV-JF`I?JF(gkMoAHvrmFe|ii+ z-rWX%yc2Us{>U3^^jdsNg9WQABJW}@+c;HsI&0xufeyh&>S!?GTm*XUD@OE%JUkMG z`~-BSJ(!?jI1y4-2-iT1yrMQ(0~Pcu9%lI3hAd`FDrn;fclUf%(*`aay{K+}Uaan@ zX?34qP<6>w@g0yXD6|A`U%co{lP44+Fxi692GZN>PfLSK7c`%m+Oz-yK7AMI6gDsU zdt>^0r_&*qPu>A|kmR&Z>_w)h^7LURPm#zs+KHO4)AE{P%Banf0Jw3+U=Wh6Za~pz zp!xP~=zidYhG;uDK95fr+HocJu)1Y^rOJ502@Z#yJ%VMuKG||aX`p)U#p^_!^)0R6 zqPn7d?W>$yy|lx*Hc?-mgLfJ~cZ&jUhdd0+%*I8;s!p!LEgd`eon8rZ3nfb$MD^_y zH-(b(!N$4E(Y9)7$s6pv-9!HLSsnBh27-N}EF-WS#*&D3bB3X1Ak%L4sItj8SkhpV z%d0gGo^VW-l;*7YppEzVis;ifz>?OQ|DRPXL4)UZV;S8V=bYR#fbujc&mC2ZG*4>O@l(>j*kA2nItLR+_PWk2Me4IF-GHf% zX{phzmoxQpxf-&a0C6QLm-pQxVGc7i%*YI!JXE_kabx{iKjKgrW`%rVXliOv+IPw3 z3}aI>=Lk15qd|de5ICBX*!QNpk-gw;p=p{%yfoOaqY=}O={DHbmxd(q`OW_X0PZfk zo**1mFD(ajrChC-i8|Bt4YGHNssz>#O=)Znh*sF&p>ond(|Yvs8!80L3iLv$<9)L} z$2RT#E-z}{IIg+p+((qn)vEd}MM_@CKE81^XsP1$tNBs!zhMf#bJ`R4YoC2qJ4p-R zcV*fh+DS+Y9tTk|zHa1&-~}`X_)I&J!W2K!9L{ieeT)4PiyG(2~BnK6Pj+^`ObVG=!tkfgJ_CYHMgp0A6S*!lg^YKwIfH zEuW4cBJ)2TC}9FSQ4{)cl0uyC93JRrH)JEx>d+%@JnF3ZKIj(4VzBv-AsUTx&Ea#_ z2zQ;)J)FO87*Ee`oA4kB)URadiXp`{*CgGIROF0q&>WH(=A3$NYL7W?aEzYy?*(%& zPqypHBv$y^i5wP7>#eGDut3caxS7=J?GsWp`gGMHD=Tq-8LKLIS7{#$({o%IBorrU zfqO4!>cmkhxfs{@XWC{drBrRS#XB?Q>D)o~W8pAMxjO?saX4V}NDiy`o@Eo`gV1g- z=O4UYp+jwbNc!-`=g?oHMq_VEYfh7&(-pj}<3$I` zhDj5-Ih|frk^NEMz;7bp#mitoJc1JN4$Oh$e9wh1idk_hrogx9ACnaX$|terOxs6m z$muOwpd2JQb`|hHun;a2SO``K>ao5IReC-{R6l<}u?P{nqC|~Q`Se5~$W6o9E-^sI zfG%R^NZ~J074IpjBIf@ zddq5+`mY#@j-I`YE2vg~yM4O@EBsebXCEk_4xo;Lq?=weNEW~)g5b2`806OTq*!>$ zo9Rf`s__f9gD{SW_7qCrC=HbLra>RTY>GxL_07<+t^(#rX`*<{lg`VhwZ4)UoW|(~HK?u^6wOS@!kd0C1OK>uR|9TxBl}GLbxcXbGd!-P( zN3T3dbPQLZrU!q$pHtvE9+_dxBa}xNQGKFC*#pt%GV74M=B)bK5u*TYxJcTSJj;ilJ^qr0=vt#jb9p|jgp%= zqiMa0E&Mp*f7}b~5bmSB4RttkJcElN8`^GJT``OC8#rXBf~N_}(npK{Ul1EU;?gyQ zO5;#Ew_Gq0M-z{4Q8xzZP%JcZAOSn z?mmWCR^@$u{$7s7$2|tjB%tz@RedlkiiQT!dh?b2pc!SQl}hYR-z9|FBq+2%{b~}I zm5goe`^+6l?6)wnBFL@Y39?fseU*pd?)%KTTQ+2ox$5{;4mUHHWG~+wr&p^dJraev zF5D;Y38n;8l~(uusqurLsRWDQz^7Gjf9F5gl`8WhgX<~)gOuNeX#V?cT2^nw){e4z z8-X~Q82f|JP8j1E6l-+e^?@2ETcq<-_KSjSk3}7yX1ps+C%h?hcgti%eTnlXfQ?;xG1C0 z$}=4F2r$aTy=8*jaP3jz7_4%X(Lg6q&&ELefHS92gLoie*jgCh{;l2VzK>R(&iVkS z?Xb^{m?=O=j(w$=_Nf5}Y@W9z5P*|p9^;%4Pi5^?Ksm3!>~`gd!)4|=L%;e0+nW2M zf8+yn^?T}7=5h5xns+B;SK+mQUWzv|3(VCkwa-X&Q(Tu0if@`KnzEcu%_ou)#{7~5 zUWg{nbMsR3=gH*2!m&0m;V=QO)+)Md4i?>63n>gvxq#oD(J=7FbKv$4{Q1RyV8w(D zxONwKCM zQaiH4X1kqMu+g6l`J(aqY)d92S#zz0>=?cEud@Mp1Wm7nqNFZLUIhzCU=fPbW`r;< zf6^)Kj{>p}+-TZRL;2~Gs5mon2JEJ)hJXkHC&HYsr2(_!Lzeqg@Z5wGTwJ3m`=bNt zl~0lHu@846s(9N~5Qf1u$4>*st=H|<-SjZ?TfVW{U~f)m18SLf6$r+T=Q`Qpy`tg8 z{GZyjB*8wN{QdXU^{*bQNDQd<3Skr98q;0$FAV8D-cq23G2>LlEe1mAhq#wLcHh6v zNR+e0Dv=M|qj%v7`YCwzBo2T0x8T^Fcr_hhVKt=pd7S#V* z66rpdN|WLqg7iMJ7)rL(GI-_jM0FFsjkd5JyW5G8;wQ@;v zPly-galptj>!3v5*>N&3ka;oG`~3?QCP{^o{Z_B7{wpz zCL(R)#=5>m#WTKn?P&a1`tPKC<@vVpo==0#JfIQ zy!++9>)s}P&^LJf$$IrZ^juT8Jl1>joJFj)=cQ~qcQ;HCJYJ{wpTDi=le%#SVT6)A zZ5m;Lpy(x?pkZ~6n22>f_AdZbQqd%8a|N}D-zpz+R`OoD%sJkbrn7ne-T3ASLPDXA zKr$Nb^SZ=O60s2g>uN$ph0dS>&xENEz#1`}}F!&2G^VNF|%n+XwdEIdq+ zH4I|?vwWIVeipGH{ZpwcJ14VT&|SQ+&GlmgV1w5&Yx*%%kB8WE2!`)w8HLsV9lw>M zSc@nqcLmJEqs;*xoP+qTB66}eV#Kr%@W8%EH5~;K-S&w$t_B`}9_>23qI^ZH(B>>Zb#_GMxzZ9hTdE(m_COxn$9WCbm)38z6JS z401=*^{4!Az>gT(u76!yOLO*>dAYHL52*8di56`R89}6!^eg0kW-BKR9CUe=b+2P$CsY~^8tMbcH2TuYXwZc6MvkaaJ zE?vZQV{g$J@DKP2ti6FG?)~}RBD0v+TkX z_W)oRUP)eXiySpH1o`V7C~I1Fw1+M*qSh({Y1^c)$elT?7L!ON#&kdF6Lf)XPooLfRk{<$0 zZqD95I$SO?0(QszORk_(z#%$iTx4RH#A@QKbfjAqwjNy!_HP5w`RW#2{<$OXwvOnX z$mYd6K*mI!s47rtVwgMRx~f}QjBANYTUH5L+r@v@tSi_Fd&CeYPqT<$j`q<1+T9%M ztUt(H9Zjm6|75#t1J%=PAyyFM@a1qWRl4oLYw`gr7CCZpVekcErCHckD)*97EI7>y-GHixtZw~6Of3Uty*`zP|rbM4f}sagM9pnnFx`L zEm^f2)Rm-#bAEo?RX8II23_J0#(RijV}fNRuT}xtx=VV!y+xF5*tCwhzLxBL*b_&v zz?qWsDc&>dP=)&|?mC#MUuhctlp>B(^|5w3_gP3(t^=I&L zyP#Zu>-60&(Hs%wgDEesecgJWHJp5~Dy|vFXZzYS&nP8cRzJZa@Oo0^P-=`$9H)4y zBnxV5ZgS+#$b!>ys6D-tA(xq^rj$T%6_2=(xUTrK)(^qlqXN^PSs;Y1?K|S)5o_YI z97o;qU}g?=!o}LHZOU7KQI>ZCpiBPLuGLCgR@*i?`d+GJ=Q0hdtuZ(2FjklCAhvUz z(B#wL;|t?)By*g|`YIr3Zb_sm>dMkK3F}EU%|1?MyL4^Rv21g`IHGHo;?+hNMH7dW+LLjLa0oqg1F=SdfubAHg)TrT$Wed>+=Mw5h5{k@!*ps8Mz2 z^WOZl(O5C2A&B)-c5&6MH-j&;kv+DZ3G71%dd}&Zi=!-UWRvnAIjXuyd`{<8qov(6GotgzEy}j5OVM&B zrUxBvFG|AgF()>)uF0MGq{O(9c%<{l#c9Ae{?luPyj}w*#s`V?w`3IE5c1Ip>Gu1e zqVdcXAGw%)bBfF0N}n!dRjH`%=Mk{a^Ew=<#U{d?C2Z<_=s4l^ILJ>Lu#W6wEzb}= zP94Kt`=7k`P)<}Ct^BPnzlERVrcqJGQ3Bhm#M4m@{|mPZgIJ$9^v2528qn2hsSP{< zCQEja#D$ZUc`has@_fWDPtvs^5d3AHVCzuF3|-ceP2r6tUcUvUjvrvaWmd?h!mBbt zMa%pkj(WSJRc9aV=Ge9^zGLj_Ez+4jtZ%UNmUp{G4+TdwwveUCpxWncn-YoCsfz>hY+T7E{OEj4A>HJalJ9fRVXKAac)*2r$ zfJ%OIVMd$zSeLv*QnX^*b7`if25xcy#z^IxNZmBH)%Z*C@`@wB#KN$}R z^uZv3o#Ncmr6GDl<{|ng!fWfLzc$lcvbzwvb#F@f&`|7<=~{4G2*=m#JN|TC_#5Kq$n6xI+*6e_bxs4iTTGxlV;~M&N$9d_!fX6oAxjlLw=GqMimNW#@WZO zff6pafsx}FedZI_>uFm+euIB_r%mS_=G8^O^8XaVV32CX^2Y<7critCUANW6)CW$9 zZ15Z(tFrzaFLuXko=3Xu6icFxXVbYh8k}{Lv~_qwj0AK3bZcd4F9;nI>I_Zz%XxVC z7)YAHK6sxUz>Fx`=QI>wNRj8hozsxoafg>0C$G$iLJxX&lauv%Tm8QrQCNX*>T6-v zBSr=ZWNYoW`7Z@p-KqQrz72)VyiF4iKC6Z6EAI-X<>pKYiXdz=uUijcj(i{KKGP{+ z+TMyQ-Wr^!yXje7GQVl;rk2poHbsbvsnHdj?uXR%17wK`xiyNcLardkb`n2S({Nnm;J5dCs8)=OP5?&cFW*~^tUY`~ z3|tMw-Dtg3B)6DY#DH}SD?j@-^cu{vx*-Gixk$Wh-Qs3kisS*NfA z_(Kc{>g#6idLQXd#+7PUjDFPom`-i{QX+R!U6@to2;sO(pr7Wa|9rJYxm81m z-5y!9MB#1T3n@$Dlz9jDS^HHJwNo1pj&EW%i`R+sz}!_V)ry4Mg9Ye!m^j(P+qbz- z_mEU;gXlo_Oisy`5d>Vp@_I}z4| zxGD<@y0~9!KWvf&8LIFOlosfvesUA(j+Hf?EB(U82#e9o7}Zmr>fz~RR;RD54&RLp zbk2e>fr?2Yio)Ddk2Ce>8TO1`N+JPy+`Ug*zGVW_@frK&8G>cm`_C?qtOO=(r>g9( z5%*Yybf2{8h~UfOf>;|hzJ3+aKI}n-JVa__p1*RdH9Ul8LXl(PkSedP%%~c zF{ntZ8|Qvhsbg?M#EcUD0pI&nyR9`dR(l{PFY}T=gL98=VSm&r*h>qr_RZcs(ivgVc zT?L8B@kT>A8fvC{!Qew<7NgbZ%^63yLaU0Yv}L7hc^pkg5NFCoGXPy;czik^QJhG0 z&rvG{IqI}Gcew&7lc6FyIGv{0UZJj zD%upS_BAV(qVoPV*$+M6r5;LB=ZHgTdO2DYT0LuEhqOJ`u9Z2Qr4BG>@l7xX^xs{7 z3IuxS8CmYbI%}<|Uj@lzap+@H#VUb7&Rv~eYg@?!+h4_2z=p7igr{3(8d;8<+z#QV z3F0?aAOBx1fOP3`cHGp1AUVZXK=N!e-{XOkJ{V%a9e}hPF|`d-ZRKKjbAM|h*Jc=bYo-MSpdLs&Fnb}J<&+QH{S2GU2~>CYm!^8^>Cei32D z_(R=*F2}fS68o}N@Kua)h&nmC^IHrhAoFztU#ybFE{C+0ekmOn$iDiuCZZ-{e!Q=R z-bm$4Ywqh6mwAR9GT`aIU!`94X(nEik=sIu)x8zjoz=~`mV<|k+g3^5LlsZoLtS8T z_^p>bzO{-DI+_vNX?$1nTFy9$=HyOmFLi38gHQnq6NLWx1=)o*>p1Z=+lpYsi@x)Y zWWJpIWup@hu`S8_-ntV~Br}ocfZYT>=eQ?`omaWlp@xrxUH^U0=SxU6RCMr`Hz>Be z-{Sk&G6<4-i)SbK6HWJr(5!TQvZEaMg}@GU`}xM*Zr*w_dl0*vnVIdvTAQm7up*2Z zP1fw`7^uFcy!aF~tB|T7#Txh)3zlDl#{#Ph<-mjR%P6PBq^`sQCTNfVHn4R|=C+JZ zvNmQhJ}xHhJL|Hlb2fk`MAR|pg}3Y9FfjMD<2fVhm7J-8ja9W=w-2zN)pqx9dBSV;7W>T}KJn6=e)OCn z^6;<1@97;s_wREA3wez5U(r}XF_~;7T@;cLA`s#oavJb|+Cp(K#U9>A8ZAVE6}c@Xy;=4*2Kx-Un)hKZ zrighc-s6N z8pA6AfY4+U(p8X@gQ&JytF4>Yr{=ad#tI*##pCTR54>%cL*T@06HLP<|3-^wRC6h~ zrp-|FePH%$|2TE?*Q88oX6qGc}=eQUpQcdxk^zU2(i&nFC z49Q|ur7ojD6unN#r`p1&lS$M?ZsI0sAK(0}{3sZ{*mV(YF`)^)pju8Mr7u^AEO3PR zuI#jizv5lodh1+NM&CmDSj^li@KwFX*N^5AKQ73h2C(!s;2F&*MZuKx^qh%>@|Ph` zU;qwl2*lVsl~T+_3w`949CxAjkP{L571+`I-dn0a%i(};(T;&$ez`lh4y%e;Y9Qye z=Ya!yFmGg_4p5PCB>fQokci80gfnVbKG6dP_jD$YbRL96C`~{r1;km}V>)_5X;#&M z^-{(W#t>Cy4Hg(@7+3zOu*=zM8i#5m61hAmqVCS8Uu|=IcZHJEMX$2_#<&B0ZM@>e z(xS?aPX}=El$`r0r&wC?aL-_eXdta9ols8A0Aa08={Jwjc@iXd;<7GH8%sStgoqJZ z&nYew`KE~dC_l%us^DhX&eYN0VzI2SW4xTB%QAn``K+|?EnHti`f^3)r3KnaR3#1X z1HM5=c#d>1$6vlJ?=dBQl}Du|d2kF4`b~2JWlR{jy9(r%+lJP;E(Zf62wM@7RpX+C zp47ddjqbS@RXb=*X!iMiNXG$=zbon-F(EU+@juU3p0cI+?gFqx{Rb~bcEl^Mi1x5IY&!1H&0+#NC`EjutM-F zegF4EB^}JHDfq%avwWbhT94=6X1xCD6fc54&ee+ml#<531ylHU(m3Vgn68tzWg<_$ z9{zrOt3IT_bN?lFC^Ni>j~cIIi2uy%+cJ&xu5xmkay$uy%OI;7V~E)2%Fpd%%Xn`h zp^=0acjMK39!JI0a{q=&DNj`?jK#*Ry=nie^2TWeMXzx5zAgi=KW&{Dd-9AWtS1zO zC8jHQzJuvqrdoHp;cSbxJqdI-?-BGcChwS>s72JQ_tkH-7YRx`O<{i#y{3kProO{I zx0)+bJs%NHe!z~hL|@x-HU2EHt^b%tq^cF*fpz+;jS%O{lLuITt4#%EyHlh1oNUQ8 z+aAd)43SlgORWP~l6BZI?c<{dHIkR9oxr`)BoTqlNeL%CLkBK#>9r1k?6^+XBHr3a zkaowaNABacqG^?{H;Pj`MD=w`4jcsgVq&(@XtxP{mMwoKhRasc4t>l1E5mYf=nk$S zKG5fB>4{-csZt`eRQm5P`8=2cko2rC?qB^0=o|sbdh(ECU%44VDnA0YbbLC+hWHZl zvES76@P)5y9c4K)R}O6foV9LO&TS0^IPm2@{8BZzib@{C7Xb;%_aXc&B-7lQs|$GWQ~reKZA*a|datZGzvk z2|szMRrwwWqQ7j~aBUul*6LF~`;cmFJK>_*{wcW?f##$p=FY4nWFxu4MXGfTXPj*x zlbOL-jXtQ`L+tKhk^hypRCBrqG8_58rzsE`LIA%ZWB@h(-&}$JLU|wIuY+sVKE*|Kay+9d!TR~Q57<8@qwgxA{>{qQCl&gZG03e$hm-wn+M$N@Q&-n} zEZ^^+w@1~ko=2BLfM|}V4pu?`pYQ`X9-=?`I_O?j8j%%e^Tzv+t$JS*1f}gE`^`|7 zAB?1I1amXSKj}Pa7YTDc({*PS6=8gBl8f!2)9Vi|N^85L$**QVa>RCiOhc`36td)Z ztmJT4W#%yqY~UK5D%&0a%CVgymW0u{U-uCZiri8d=>TmQS?Db_F9{1%Fu0~%p^u9Z zCHOT1wC;HjEfh$k1rBsCZUF?4R<-81N+AUGB$w*L`j0Qr1SP1VUmosHzV`h%(Mu?S z6!|9Y-q80-GTWXwxfJQ;xC6u$|E**_tT@u$d2DQ<&OhZ&K!5W6r9 z;}N76?B^VhavWwsAQq;-0%kNjern3(K(0KWRoA6w#n&4=Cr7_~;8A zf-Xk*K6^-IlAi%6@DrNSx5~DumVw>mMQs|IgI^(xp+o&qT`Dpc z4Dwr-7FZH-6|y-Cvjr+(WHnw2lF}#$iKXnBMy4WfO{JP8+~VlxbHc{blZeSJj3UuQ172bH z%XQ=W9v_=8MR|g&&)XdVV$_ z3KDc*TAu)cs)w~TqtV6{Y;zQCI8+jd{>pruBg{y1#rejtZ?tf`Esn}dmIJb&Ns;H) zOVbLIPRnj~7gTzrkrx`y$9;=**r#%yL}?_#xOLlG?yR>=2X8L{C<0Lyf*%kZ)oE;a z9sP)-Ymuj66Y8};wO+$E7Zl)hBK{&~XZl3GWCBb}y;*eUK9D&O$V=VJ;KzcBeya5g z=AI@|2&GM~HvE5zygMivBLmr`tS?y?&KWZbIJA@jxEO0onxdPTdePch&dWJJ?4c5} zaW1SS#lxD{zS8I!#Ndh@(G;dI%VeRZ%YA#M_BCl5hNchu1O|;&Y4+I&zgdNKfz&cB z`ftn1Q2Qj7luC!q#U5u0?idjIsXozY@DkKZB8^V=gJkQSM{Yg&$0o;;&jqoL>>qB&CIJFS^m#&Kr9~y){2^T0^){`T1p4}WZUlQw zvjaldBC1r~*xZb+7CE17i%@%IX_r6F* zJHH4AUlQGk4Z9gv)HB-gHFo`0S35fcUwF(Wup$lq)r6|@e9Go5jy)Fo%QDBAK#&$B zTgeJ^_a9&CyFzpGjic_qv$&Y=G%%ri_pT*C0XG3aFw#HEwzP%-7XU>!#&+L-I5(%P zrz{6ykBQ?kg<&Wr19b9Sa+-kXTH{L1-}?;fC@e)7f@M00@E5QoHX32ZVTz3`XhWYS zwDs+rCw89nDbj|r>pE-TI)16@FF{S8BP#Jc?&!~! z9cd``r1-{EmT94HW(W|YQ1DmR&hyu55SYJH}8ce%O+kVp%YSYO`6X{<5Mj9aaStOb|z0(PyU2nTYkF{y7BL4kj=l4hmHG% zbwfX=8}^i@H|#w&ZjeN?R$;A|4GBK96NCd|+-j-M@IN>aY^Uy({yHlrk?EMApiS2S zN~;H}q6x4@0_g>kuK6Mnqr)G`;M}ocku(VOJ~y;WY4?+*D(!I|4dnvHy$!apcFFm} z0-KtOjDl)Y$=vjnUiF;laz&Uk@pz|kKEvOcGg5TBSQF`a!@$7jub1vZ#@%dhi{c1P zX!_W5@>ZwZNmA0rt)tLm{_m`l?o*95tLhQ78PHSXGewj5U)QY*91L!{GoK0{B*kZc2<(cbAeZfs~|eS$IOh6-GtfEIaAXC%n+N& z!*r8-2I?`4a$=umE5JdcUb(mR2pVy$Fj4?ut@TbqzOV?9tI7P5TbiKtCOqs`>k zKcG&^oHnN&fk-s(QI9@%UOac=hZ7}|>$T_{lkzY0Adt5)9mnk%oVt+318hQwSy;K$myT zZV{G>ZLvrt=NB)AXI#AN)~`bG>RoP3hw}ro`mpGZ=`j;9J!p%(#Wpnt^SnW~S_9tC zm*j>bR8lJ#M_v|l-S`p;$Fi`R662dC#qEY_9x_GGfu%8KGsHL+7ODGUO_{(Mo~obq zcbR@{xBp$;E7b-LR4ZnQ#wd=A@!h#&Ft6E&8`YwRh)i%Ig!M8WETlD1@g*2Oh=%g9 zBQ8IH731WE__S|a>4mOCY+TWO-X4U`3 z6yhQiDD+3)!c*iS|Ay&i1t4|Gf{GQ50Y;QFAgdosjw+OAs`7fTrY(PLA;#|Om~eNv z>jaRn24sPzBW7Yhv5MAb20#ujknGJrSP(Wtg;+rV-Qw&Ig!V|>~dxgxS<4 z_f=Yr2hUaAIo)s7Q$^E{=!hH<mzbSFuc zsFS4PbBU)k3lhiAD$4(A?7})p{Mieb3M=`bfL#mr2t?2)tVP9)! zL4--eQrds?TZs5DEj+zT$3TMr1K(*7j4Zkq@SKgyreiQ_$CRu4Dj8+ zuV(-79dU|G-yV6ue%NfHHbv+=BH=%A4_~IPR`9mZ%=g9|NuP;aBl7b5NbO5t$;J9d z#cJPQv6y8_qnK|7Ue_xA95lXmuuOn4lTk5A4~gHFGrP$ChS(vkeCJkwLvVR>C-*6u z)X%wH8PQdPy5Nxy_OSx8v4l*43irN?-|Ng%H4fkI=U9GzXW&(4^#q7J6G?kt6|!@C zq5M&q-M>A$b7U)z?#|w|d#iSZv8GO2Qt^bM3aTF!sU5^$cxbN_C2h=&4`q#-Pzrp% z4dXk)YyK`(g|!XwW7-}I=%#2_a@%30M|<;cb(GybWg&L<%N8In%CGo99r~MGuP+-W zC4if@SHIAIp`B|;_OQMmr?H@fiO{jDr<+}Qb1BJ%5V_5`uE*6S77?C2XZZF&@qqIt zgj>DqOBPe4n;$xe;$y-dmY1IM0vjUUBXq)_4MDR`F@BOJO!oV7`S;#eHpy+rE^se3 zW&T4z4`0!!iDdJtb9*Lu;m5;#=nXNT*@aaagE!c%o0$|ftbGp}kBiZpsg$`7jHe=7 zk)d}pXc>xr#tW)~u@5RNbi(?pw)Tq6;O`#~RdqS*T?3x~?ELxe46X-4Q^@$0^*Om{$$*7uCD^WS^l8)UfUr0Ut%(zGKgX|VjQ-)RsUNy zeD?mjqw;xnog;|Edm-?q^5%Q0#U$Yj{r%D^AomOoOz|Sr=BM_qM3G1@57m#V)JK^S zcFgKWT$Mm(^Sb;`8&BXnq7+NfQd{$#%Z<_+D5;2mZLmEqxR)N%CWNA0fui0%Z|^pQn=5 zk%>|g_pIofy zcYZcRpU|BNUdlYQ!98+!id6SJ5oD2kA z_ouLnod>ejM1Fa3lT*1;^~Hc|dU7mqh?GGr|1&PbwTd;sTt8lyU5NO$4O1dV8z zBax)R==I|Y5N!8U2N+U=`I7QX3K%>O-%F13`T}oY#JIi*uL}6@JpT#sc-$E*r6kfibnSD305pk*0C+O>uk`{CW0=8b@Q%_R$-wtg_ZjfEakIel z`|Pi^xBtzzhqo35TH8j`*5H6miv94ou0LbS4~^6T8o5%msXpRJ!dTco^bXKM4A_wY zp6@!{qigxlyAN-D{;%^;#{Ts`@Hj|ljs3&G4Zwg#S}Lccg#sN<5c4Jy8uuF;Kv<~o zPZ$T;+M7;ITOb*BLDT5}-h<^a@XHF1jP~XMVeE4|D-kXX(f|sv-^l{4>~Rlfh}nR7 z23`N%N3nZDCcQU>uw(L@cjCZ&dx+^LX!6ik#kzbt4bH#?KwX+mtAt(8wmd|$SoigV zBFv;sX>-E2?{$&NNu*(~vhHW$@>x_94JqT;MFzDhqS>NSUk9@2jee&+E59FU9vZzzVzH}PhS97 zSH1vviU*?%b=ehQ%mzaR)GC2N;7a5h25A!o943D4%^$Job)9zLa1v0*EfjTOPFpkkX}Be0ai5b@3^?80cc*yTeM5Lw;X%rr@e<7~r(= zzu|op)CPQ!`9WlDv{2c4LX>9N75&cW6?(^X-WTaCg{g~&! z$i@!{lwL@+%!+>y52&@tDlmwp zP)wZuNMQXiKyg4aaI+tuu>sv>qr0t5NZ*Ev=$yM3FWI$X)f2Flv1#}>1w;MAPzv>d zg)l<@ttk*tv%o?hAmr~Nwhb~)DdxDPO>Eq+XWpK&AOOro{^$6k5Yz^k7BB;cNrKtr zez?4K-0vVS<)oDWa50`oNL$-bsp9R2fog-Aqo3c#DE`+XRFJV&$%}b!4FG>xNeg*s zhU|aQUx|xKD3ejW;wDfk9a;1)h3~(<|F^4fHXQ^4zz&TE4;0wzG#2^C9Rj+s;R)1y z8GJ&V;Ek&dl+EGdbQ%D7F;=beUtsyS0fLvTMVyP&B&`pN-2H!x+#n@Jw{jY+wRBpX zlHWdq&yLMb>OpEvOZrE|WAof-el|N79iMw((KZ97ih7H;2OthF`KIvRWXUKREf zU<Ca6#t{2$gM_#IQ@=Q78qEMel=b zqhbn2^y_JWyH}?t(d~6N0m#k(?ih)HwGQW^1q}3XQ?gijknSwhuXoy+1B5n}0176< zY@=Jsh>Fm&ih=qM>p%I%_345C6x{#;TVe5=vQW4B+YO-5=QN`HqEACrgz>>92=H$= z%yM4}*A@Z(YS9N)g&6jDvEp;anF~^VxqH1@`)7a}idB4zM)mw1;5Ni~TLr+s3~Odx zr<2Chouwk`q2DqO?a^xieZgOoZh%gP+&B3PJm0%NQbfsC)Xb-4_pKMeEKUZLL%Cg_ zx|*DMoX@&(%Dbp1l%FjG5jBK|DRMTCiX?KoU9P6|OOqRrQW+Vem)PPp0y3H@1$OP} z4t^(6G(aoN6Cn}3Kt=memGgX4@`{=Rm)+RX3orgC6UWL9-W z`)t(eyO*13>jC6YSAbPE0U&!act4fgjd)rTH(6=f4~zomgYLvR3}#=yN(Kmhy5#{b zA;X^~f_ep^>RLuV)xrRu@CZ1}2$}*qhl)A?bdvt;WEJ>giY%=M{OV+L8F6)UdAtfN z@*e@wt^x4Z7jy3Pu0|cvs_h|c3Lr%UeXBU7^*ta8sf}cI0Zy6VfdvUGQ4Yp$FMqs{ zuI8D03sFD_+_(VND)Qf?FYwS%%XP^}(AmjafX>bY0iIDGNm_GdV_jiafO0AOkk@C1 zx6$Rijtk<?J@%^VtKL zjCmciA9(YX2Pw=4_*^`b9Bc5}gC$6cFEFQ^fR2tB5Cvp2C->5T86;iOe5UL6`)#ZU z6Bf0jKeg9RIR~0JM&K?@ve_T9tqI%8-!ry3Mxpo=u!jvf0{{>`2Tq4Cf{5b%FW&D0 zTD$8UbbuJp$SN)5EikbKTL<~_;V$j%tz-I{F z03(B2tT4jw4BQt(I3j{r0G(Ei3@Zt5u1Xx0tK$Sl#hHB%GKS<1SqgkB5}r_7J9!}x zL>Ckeh!`3aIe0$!U<9)eR~`UXO_dpdA<}S-o!)q9j#OBKCZ-%C-6kNTA9nWiR|)7< z7gpVf=&l&g$VJD497v~6OsY&11>kkYZilOIC*o{&IZV|$Z~_>(auO3`WtBQH z`u%am`-^KpdU&SUxDJ3|7p z{Sk+5fSh!ZlX6n_l7sMfz!J#b+myZ}Y=I=8lN>Z&HP4B#?-B!y$=rf*-o{zc#AmT; ze66eT=UfimSmd9!)j*cZL}+R^^5RN*0kLiKLZ;mbu&ODSC%(aMN82Qvas|Zxa_qX? zKCNg2betwY@-+tkt=rrSvAc`hPC7kqdlx{=b=o>VGs5_XdzW7s(S8>E=J}3DaGj|) z48n53R>NdYqE-PM;RTJx!|~zr6JE(146d@mM?`)yuMR~Q4OYoZ@Tleiy8f*oawk+( z<}~c8{R|MAbbgy@)ol_+vv$>28ye2kjj^u{n_vvD89I;(7$$=ULj@aTOAt z&{0u)$}a@oxOgSDIr%-swxW+o{sm|WTg?-QGV`Ub@D3$r9z=U=@YgS81L#YgvNZ3} za+akC>i_Agz7OUdFEyI~VtCLV41Yz3hHCnI-UD#1naO3fR7m>t%mS0AsK}skOe8YZ z02?OH4STBVc1r#+k07J4y9%r!=fdcJlzdcF!odGuW7&tv`T^JE_9(8;u z3NkwmL+;rtQeee!5nS|l#D%=bO4!U%Bo;v`{Gax@E|FxisP z1pmmnuX;QjThPe~i2;JE3|ed{uA%D*CK|QVlwcc+nj|0hhaAQ)qB`^1-%?z6)>%`T)aB zi12UcuS!27QR}q)s+zrLE9A7&Tjz`Gip|D_{&wyWz#GcZfTAppBlGlc1#OEq8v_m_ z#P9(Z36s3#7pdi#{1dPu1B8=zbdnrKqfFYTF8?Z?u}hj|+V+KMvKh#-iCtGI#rXx+ z>5-vHEtBJ-NSNxZV<$m*FLt3cqRv=>X*}?euM%CvvEm$&$pqKO1Dh@mNo*nREDys^ zEa9G|fjAvt(?NF=+vhQzu-YHd`(@|#VoYFKHCL$v>C-T`N6Y@@F+|5aONet`wD|Hb zi6|1N*}r7*+c9FIo<)QwnEmPRv;huqIcmj<0wHZt*=s*P^%?cP-knM=n0?zF6%W|% z4EhLvA_!S|;8zy=97IMCBZ9tq9=u;!4&0b{_r2J(^0i#QOZbdNRwl`OI; z3<79N54Krh~Zc+CtSXz&`>Owv~8Ujg0Xw&DJtgFN|@+mXN3X??!v2yFsuE3&$Ed zDoK>r6H9mt9{~3O0o0$BhyBK$AXqGg`3?0VmX75a-C+bm^FAnVSS1*?OV~+rO^*q( zxyZ%c{!DaC4HsBKONa3uXmpbVhKoY-JP6e&$uj7Pp-Tw+l1RW`Ifnp2$<@VtfVI=@ z-cA^0<2baGPbTvPXVC~@h{1I#J|NHBWd!o?i{eA_U07%~jt;uhah=tvXpmEQU7)oF zO^g^-+i6l25<%sYq%|AXH%O<_M%;m}j8oMKUB z1LKaynDSpQbACsZ;~otcg+M74TElsPbPbrGH#;4;e8)a3X08u!)64c|O5b_)ddoAI zekhB@#N_L5P7@yc_K?9AfBzev>s4}#!pn=}7g^}#4{m5QLkmH;@oQ3B`3fwlZvt1x zv2y&MaE)x{%QzAYnp#i}W7gwwa9JEa!%!vvCaDfah08k6BJSBOzJWEowdL3SK|I?E zTey-TzK6mHZzM9fig9YNXM&tDj?FP3t^$vEaH&%Sp#R7&fum-^K&CQrq$0QePYn^z zdpYRLMF)Jhbjpm3OX68GpRIfRdZW>XsRyHm7=!3<)3eV@kPNtDW9Y9^N^lOQC8*k< zbzi%B9=%63QNM;^hNoRz-XSpQVp%$rh1@O5xTF+Ult)@m_60wD-wpP*W-|h*j@>~J zuZ_Pc2ihn&cT=?c@ACmBk-ur_4cnZ6l>2~es)^QNQ3t9TS~*iP*H6{g7_8y=XM8We z>NH|p66pyA{*hV$ME6BL2IiicXifDu1GAu;7s>F=KsfPzbTq|N;hO|b zZpi2ei&`LEaI=<&1GpIy@hwnYI(j}E-d$^N2Ihm34rU_+!%nfl+xgv>{Fc9#t|`k2 zY}}CZoXvX=)%qblmq^c0ZA^7)dDV*5CRle2~Gd>o*(lQQ9^s2!zbJ9P>&xaFK<*I} zBq%zEO+4)I>6DQ%LJn^b#;B0{JWkf&L=Gd++pgCi7maZaB!$3Ri6A9}aSCHqU>-7t z;G%X!aaC>z2Tl5IEnRu-H;)(V0BeUANHz}AOWyG#Hc7lH333TW4JJ~<8GC01#mZWj z5WKl=BT~}T-&87)QP50c;l|xgY1K|iB9*I9RpL`e3uo+D-EUbPTr;J^mM8U1qy54! z;|-MyCyetXR!xH7)@7&q?qGsf+}bti587g#MF<(9QhjdFPz%SU*uZuR!QyMQM}OM! zIux&ntc~D;b+LZGjK8y>^6Zd?GW*8tR%aiQHIPh7AV8@SqcHup5I*4(=o1MI;^IJ| ztn6EqpqIz+&3n9fq$B?q?bUrIMR^#$ELf!GLFeIrQeIGAa;`v*E)ZNAO z&0qm>@Re%~U!EU4ds z-H)%t$kfl94WDYO=Nxnd?>L~ag*ThT6FU-ll^%(9(DCVFSiq^>=`L^OExcvJ6Ws5D zwF$S05(VMOh|kO0OsZbLx;8 z|0kPEtEYX~fyFRP32`CF>$nfIU_`9wO7QyO`?Yff^%UM_i01L46iS>YI!^FHXgG22 z$A25>iznS;rb96$g|Ne=jCJp1=zPiEJ3JCxcWLE0#;O>%w(c%^1{cu2x9TJ zaQ;8O!)a}(evnK8Dk#P!XFOXkDO%{Ym6(k#@*v16u_PE}@xDAK0+2z~gpHA3#uG8F z8p{dE_d^&TJ;$+^P(zddTD%b84{i7{MM(DTx^lBBGgYq(T{JpdyrDfyRN_;4p?&Q4 zLGw2$u1k2oPQn)ZYyt0=)b|)X7$5IKR{Nw54h+;U4tREof+;)57!?lQW2nFPjfhiM zQ}Sz1@%Ein(9$>=y=%B83&a$nKPdnHbqf5Y6YEf8I2tsVM>3?v1WTZ>G46AZc$boJ z30!&mL{vv)DRM7f!lXtePyBHpc28lx+CEjb%tx)8d$$W9( z?o`DEelgsjvn;1L&KZM6jdPBw3D3iD0x0+0mYsjIPiTWvEsLpxg@*#n%|O$b;&+lRoVk3>cO`KYPq3`VaCj4xIBOJ zo|H9$A9W}%=H@hNfxjShe+|gugFmk)adqP5_$NW_<(@5}t1hBr1u#bk%uD%d8yETo znen7=WovW{0v>*k2mOBsn2>$^eS>IbE1pm+d-snL%RL1;I~U~lmr8mo43NNvF--#A<|EOWH!V)-;U01$>1potT_ud=X3 zn>>`pZ&5Hnn9T1(#z9&JgB|k+%Ehq-G%JW2md#~K_@g0W*ArAr7!@|d6i#7uhXy&n z1{NC85XHxq+#wtULp(|s6O2Utw>D0e22u@Gj^kYB()vK3w2Sg~TvFkQnV_~a=5$Z0 zj{ObkVLQenSYVPQ?k*FoZ~wr{8E+&ir4dSZUR}T zmLI>jLo%SY9bFQWFkadkZ0m7A{?yOE9d7O+;2?mENUIvF{wVx|Kr4^yz9(@Lc)nS^ zpgtpi9)5yX1dbeiY$22-JN4;|fEXop%!Sk#bV@B!NISGK4SJ6=cZmDRNz64m>?xQ- z;eAc6XxWM&U9IswC<3T9aKe2V&i%)-Mcdv)LCh4~G`mlwl?6=QRRH zHi85X$I|cwVJ@T#)DpbV={b%kwc5a8;8a62b}%D}BGC~gvZ>zwsJ;F#iH%(g{i_-I z9XM(@41CLgl-1;8^Gx5@UiG|3n35Rqt0ioIWH-N7PD&ycZ=40OFrsOld;E!)0!pGf zkhUF8R{p%yxTUv1?ez_YoPlYmSRGaNyrKGroY<=Fuu2ek(snn!`a27nQc@hIC6J01 z0ZNqrQqju~wVyhiBGmu#>J)GwgO1rg_*FKYrH{!*TMriuEChWznS5vsm{23jt4UV* zaZ|HS-P{#+Gc5qrDvrc1vky{cjnI3MWaU%unHip-U#%Z84NRFI{<D07&y3Vq9IDWV`^w9Y=33bJfAgjwpNc7%0wJ7~gFNB*X;&QkU^b2fKkGO{>0 z*OiyedbY5Rh`4`}F)DtEUqSB2vATh*V@gHBSZwCYCzZVU;mpT7a38)QK^H8J?hnXi z#-Rp9Cj-Z@?u1dbVK1emB+`1}#zCNrL^0Zs_~D_=i%J---8flSG=t)YgeA+~1ZPL< z!DcGap&6BJkDY#npJ9KlV0*BAA%O{#1O!?wWZ>51uR8L>aRP&%@marM)}YVes9Qi| zW_gJv)&I1#X-Q5P3*SkbTJOn+SCG>WWN7QAjxA{Gs%6#edd@J!uz@?_6OvR@Ft<+t z##?%ovUO_o8vZeZk}45+Im7|G2(Ew}PwC1g_VAtH^IXF)d$F?P_QOQHwUCSN|?DGsb$*=Fd39pfrmY=9o zsftN31ZGrT@9Lxvlfu!j&tsVxQjkm}hGbv+Tiet=4+2|}KH94t)j`)X+v>hc3U81A zc~B+Y#Ve-)OoliL?*WiWzsx}G=L<2Z4uPVm`S+h`)&m{)dV#$4N>={5BUgH#goEvM z?>=OXx>t5+UGhZ0G4>cQ5NrI4I> z3sgU{G^rghM+UhB#-kk6OUv(S7znZfkA)e6sX{E~id|MX`?ps3bJsZ!OXjJUil|X- z$@jx=VAOzn!+0S%VTuH@O@G+U&5D0zsMaO1_kS2vdBI2V67erWV|up!x(x?Z?E zYg>Q59*|N=99B_zn!o{$Iiv zX+%%*^PZNEWuI1ASX@D6GD`4SgTjGlJ#>ztxZbNx5u~_BW z6`IA}u^+L`d7E4OV7s!Sb*-xBK?crW!WAWrBHMrlo?r<{Re)QK`#gxL149YGI@C*j zAKcF#oYM@`a9x)@55k0D)QVfG#sye1ri#Pc2l4~q3lw?%3t?4>EFk9kV|Jtfr=0P~FQyc%bEPhj@0oiq zDMrcrG7)3Dn(UfY1fApYxA8~G!yoTcb>rWE$;Ou5LZ@>i>GNVNDzu8Mfw=l(!Qo8Q*4BKLGlT)9;fD*V(_-G(=qNd3*rP8pDQc@nt zEcLf(xI7_6e_C1!c2WonbPF{gBuQfIQ(q9i^%XipNURW@y-Jrw=;Mw~oK6rGHW&?Ko;k8+1rZ+~X-}C{mKnoot0j4GV|0q!mP-CG7`(G(kx$ z7cdhav6LS#O;7^l8I=E)@}{BXSh%K58X~ztbTGXP8Nztk;78#lUyqDmOled4NkaZ` zct>b7zfO9Kz9S`69*c`&@wYvBp2S1EN~#LHEukiffrl3MdxM_gV{uc^Evjrck!Y0h ztBxq_;0Y5V1o!QawUbl=D$NovVSiuyn>omENH1ERgv`~0}JHH)aXS5taOSHd* z?Fdmci^m+AzY3Gc>q}V3cFQ2F7??OeF<~q({QuyKg{qM#VMtUDe&-D z$O1@yON#4NQk0aFT%Z3Rt`7tImz;&fC($~RaFi~(BI0^ND3Dtts=pHpemsme>97Bs zB=!~Thcq5f0!TL)+cd_eAQtV=Y%Dp|1skM>F|4bNG3dj7V)+}lE5KLglzbRN2i@(e z-zD$kWr!R;oPq6Bt~8pMvBl_eT->P*C0$bdb<(0AwgE;$w&+SEvBj|BvMM~(Ta8M; zZo8JGbySmK_o-<2leY69Bu2S{0#kr zf3Kp6?uX?UOozt$&Rc@x&}X&`C4KoryTSGi>C=0GyC-In=&c$sDpG*P4R;1OKpgO% zwLIU=C3{~P$018!@=z?bH;AW&N`f}~tqwP5TxU;STtLv0t=J3g)m{cL`Yd0vQI{)% zUcd$}_zMdWa*wTqr}xooqL1FTW@4Mn6~kQ*rVFmhc9rRf&P}K~gJ%SfA3rNtY@;5Y>SDbX>79k!gqmpinV_N#}rK8$L z$kfw5@r7)Z%VkWuTRde2VGlb&$Uu~j3E33tu#VOviH!glF#ya(h?jGqm`I6Tat=c6 zG6nu?#PwPYx&0o*2Jf;W zhY{WQ3{&ux0cpL{?_6qV9!yx-IvxmeWW+q{;mG=>Xn60BQiUzmmD%e;i$ge0OPFzp zxD%ZX+=@=E68QX^I5`ZM8mcXs4DlwpuM#Cb!zVfXe_(Po+#TRWuarm=5yaMhc@{(b zuJ@*Av`&gY2`i`JM;H0X;In0PwdF__D!+9@B-u%F1MgNLoOes0#g7Xd;4kAo;&+26 zm*&Mp(vGQ&r42DJ6S@AsSb%6WsO`a9pk;iSQP{*+T*3&lA=PM$Kdw7nf^nZ|5NI$s z$XGZioM_Gs81(oE7#zok00?PJpC77qS6Qfm z)0r;618$ha)!ZXaWH3C}S{68tt{AAL#RBlE;m;|Z=N!5faG59?&J=#3@zV}+Mpb+o zCd)A)wVG+qZR))ozFAQ3GmHv}B(6llMgNVXMf0!mIwr#*+VH-x%o7~!7iMV`4(e4M za2$q!Sav$atw0QJy*}CG6C6>0Yz*~A$h2?@g(Tu-UThL_LDKE96o^3dDlbZW5Al*^ zk@3iJuYSFO z%l^mWO|}cq%I0-Q65O@NbS92AsFmmY?=udkkAqJ^?r%2)ie=@F9c+q-axUQ@x4EO6t?gt`ayJSRX;s zEkUZHWC(nSfUUz(Lk%ezRxW22ZS~lvlOyiReg6lSTA+xPjiyfnmHq_BTgF2=CMS2l zV_K6BxJXrahKJEn3~*c4qlV?{3As%17J3bMsMo7AZqBX>*5}y}c`TJoe^K1`S{($O zE`v;hzKpfp>qRAxWL9@mp$Yhl>qHWZIw~L_@^JZ!0zbftbg%QYXvBR! zx>heR5@^ydga-4KNoT=$9jM`fuefb!qWsHTgFLM{8Mr35HI2phHnaUyaCZI8BrzZ?8`j8{; z+@3lQe%%&Z9&JP?8tMq=UC0%Vz4JGB+_t$ksOL=46ATSJrQRC)0r&ep>EyNf`7Q1*wu`(rGaQ%0QoDXmzT%8v3k+W%T#pNCZ+wx68OTdrki2U$LiGsP$m zL_F4lpvO^K_;#u|GY59;aCSXStsy&~arawa&iqM|T1^!9$C$1?Y0`XG@A<9yw#HQ7 z(ozN6#2eLo&fQeX@GA|VH%h^?7ks|*LhXD%9YBn~ev!<+4SRuG$Ok$uICd|{zPdRi z9TUaCV6>vz>zRw7X(_hsWC+Ca8Et?bsjUZgdBw~d`jG#@^t0`0%yz?Kq_~z{Z1)O0 zB(mn%yom86dUTzNZ9giF<3-N66?W&sSX|0*7u0&Zht@xwL9UVDi@DFOmVit8p^6a6 z*pulOaMOH~txd#cUz4ijz9hY*h0`bzh#oCQcq1-XdjJ|v}BZq6M4gKXkIprbo6dqaC{ zs=AO2lg0!#QaJ#aIPcXnhg+3LXhr76#aP=^&c)JfTfe^wR>k&}Z2tTzstp*Ey91Bn zzK`2)xi^fl9o7`}wl3JI?b!=O00>Pp6d<)lfig?0^A)@7Pby9N#B;vX4wcs#A&Ycd zh3APXKUB0EuEDLAZk(>JPdCvv%%;AMSCr%dPFnV|>|}Y@w`TcFHHLqs4}kUbTA%E` zvY-6cG@s8e2&<-S&Dp_K&Qwic{KCg9Ot?nZ!sPk%QUy;EEt7V_*|bQgI6nX>XTW(n zBVuhxtTp{*GFW_F@bAwifi+HZEDxrg^sTv67I{A88>1R%n@K7)DGsWtMG74pM~`ot zY;1~CggTao^JP$|!IzhA7#)KikUIhD&F;V;;?}z>8#feKWBTRo$>4X$Q~=1NCl?hR z^Ck631_2@K-@v#<2kI`_Rxp#TmJ%sqy^N7_J*KQCB;?%on!5T}tKr)IlnSj-637D* z%h{h_Fb@~RWX{H8nCZOV{GRx=ucM!c^SI_yYZAdqYK6l$FH0oDUxcoY8n)w0Doe+* z;^$axV4a0OA_K(Gqc%V26{$#3?EN`CD1%Y0*51JF+e>M`wFB`1#RZTI5;J2`lHu(G zS9KkFz!N5-PA;SkeN~qdgevetdN5(Z%o^|(d-Xz2)LN%q4hL&`$QOxYOHdrb(%BVG zGRp(Pqu%L}KeO$L6#uM}_1nakx}!%x5Ki$jHxON_FtO6%B}#0LSHx)*%WA-Cs&;R4iS#c2{QeeL%sB_&DXnOZ+P^ zd|CeuA1NC30k%MxGd&szFHTp5h&c_lZ@o>Z*XMk1mL{CB8gb8Tju;sZ%748*IEod% z)`WrJ#F~YwfF4m_^zb*_(8i;oE;f-)wdZ6i#DOuXKld&Mz_C3~HlPoJZ(dA=YPyi! zQ4&sA;O9?VCV@gbF}vOZIuD3Ja>9|k%)D1>oG?TX-X>Kb?vS`3*`V?X;2&&!aXVv~ z?K4ve_UH^FA}3st3NBABBO|<^hoSLLpbp8+m!odWZlGgbfe98tzu*1+);Ff-uxl@y zz_pb#4QBxuVumxGZM6qU_AK<@+9uHdX)Bl+Z0w; z7p>RMV#!D=SblRPUlpu|bOEudIjJa+2B&YJ4}mRi}Ek>yZpDdKWzJ$8K9ABy(V0gw#}Q*`k@p z<6wlSE!khdgN+6;SHOa^6uV*j=W_r7trUbFSbycwTBKkR`7G;4rh;V1n%64;@k)!~OM8UeSsCvW%z z@dGLz=rF_xsy-#OBK8Jejl91%Uu-iV8fVHb`@lX(srJ2;7a44YE$NRy$NQyo9Uuq2 zLMdc=-m(Ab*3yj~@j}fXK>7(hSMTVs$B=FHy`^4cf}wDiXq9FuWsA;Ab3m3s_DBKt z1(^eJO;^C;@RY1!drvR#Sv-dfZ$LF`6#;UfAsir#*CWujxyd*UchqY@4D1(Y^n!(? zj1S27QxYgx-%kpc3@s*PH}99)Sc$>*Ri7ZOn688_mHR%xmF9@(fO#PGXS{xK_tcSc zD!0D9#dDWA)uMj`S8(R`d2)x~9h-^ ziDSL~+Tg~dpdMZDmplX|IGdE&0J4|wu$e{-$Em!yQ6B6ura_O#L2$Fee>G_!VnEU+ zZp>pQz)=-M6=#Kfd_!>9#(od*8kW_6RF!?ceejcfR!}BqfEO6x!h*o8QIu%||As0Pb;$;j z)M93H+#FO^qOs27iLFl?Q6<0Ss+t*_IVJ`Z#z?w?Jli8q>3vPOn@rP`{FWE9Blz`b zLdBo|3#VuQKjHKrPh*AnVTUSv17kSOHutNaOe5&GV|o0dGy%R_@3C1S=IbWVn(lBo z59@Fyx9~Tc71XKpOtw|e*-%m&t>lr`B{?K-{T;F<)*4=ES0Bx<@H6_k z`FtK_YTFNh>x0tA0WiQGm@B<{4}?jRDR+kBc|Mz!)w}cl0Z2H=B zzX2r=Ku&t36#99nR_F6?xXOI*0;((WUe;e?WcW5CZaAb#D8{BNUEgi7M0@G8TjC0 zeZ{@WkNx~C*5R}QmOjjRwZ_^#*K}&989zKuOO;I6IG?B*t+yTW81*MsX>6Q?kEi_n zxLAVbNuRk=tTuU@;9>~-&`N)qB{z_|#yt9T*^@E&01i`wFo=Sc=uN=SgC|dhE9jTMYdvw~Vy}l&L2>r4b3&vMo>3?cZ=OzLBKd zZ@H2zYyo7n7dFDn*9S8B3`#^#9hqsbqHo#NHx6c8^J$>tVkb%TNaeH1H-5!`xO|P+L+ne$+ct>d$0H8 zzR%D2QeUpUX8z=xd7kJjw(q?8!al*a!aAg`_G?g8%k5B)(?Ig>%D}deeEQmYh^QD? zE#X;@!|vRLQm$5U>}AEpeSQaMzF zv+LA}W1elX(M5T@CKRp7()aAltT3pijJe46l9u&Y3=qkPOq_VJy9!4&FNlJ3~zYw)MNNN7oLKt2OJgeXTZc`cEyhSKxTC({+K$ zmDqW*zM|4rQuvPxlOV}kuV0@7)O{0`S8sAKozDQ#q~i1I|IXn=Ii6SMz+j zt~KRng9%}V_XXPJg)*usK8fypc`NE9jI04eZ2z}bsQp_j>R1vk_YgTp-I1z7OJvEe zXcUc?9o&?sQ#dTR3NYzR0vQMl~Al2((X8uzxrC%2W6b zN&RNuxxTiO(P<+*|L1#xbirfmycopWXpwVyE9bBMEjS{=A>_dI1^Vet^8c8O;sXz) zX`Dpqc%|OMPwQ9;rRy@?DwYIq`tc7c=2L#|@!1GG7hM<|sOUk(>Ib5E+aiz7%PT@} zy}jd*oUTbRt-8^$A=}7kYIbs5noXO;>33>R-RPHWzfZeek9eloaSe~QIi23m`m7$} z82v0N6-|kqqh=)FtXJ6EcCT-=xZ6o}T2FrVrN2|PU%8mF2i`XNH75(*512Ivx_r6i@qU8M9jYo;zGSW1#b$05C zTA)UPWHSG3F$Uw@&nv>V{IsV06xZYy7I@S}GaG4q(|O{sau;K_(h|SlZ4iWFEn+^U zD6cJesMw>D!2QohnP(}0|I^L_L&Yu7>~(Hw;$IO=GhN7rx--WT8!oA`E6xaaR- zH=gRxJe;?g6MHV!8qBs7c%-MX$J1^uzS(l}`99Ukr(3kF#e>SiU)bYau}Zns)QLxT zX#dNWcs~%ni9bdWGt#x5rr|e~YQ^(WYxbk9;n0Wv%wf)A`u^r-c{l-*qdPU@6suXJ zFFogHSLeKc?+up7wNcokJPOsE^h}??e{LfJ@&BccrI@WX|K8dluM=W8m93^_4`}*$ z->k8)wr+lPnvl;|%$H#fjYv3`XKTqAv+L#&;0yZQev=ib*@Vx&G8s``UCE72$nl|zqrvojQv{%u<|UrQ5!ZGO zH1;AdKbW82+SFrrr*n!vi}cNU`uM2>bO$tcGqpDm>jPC`GyLR7udrwBSI*l~;>j2fUtO89WT;$<&*|bs{RmC-YAtIv(`Z%#pbG&& zUM7A1+np}`A9kmrCyWXpoD@2@&%#_+w-cUN-)`-Xm^s)EE`*Hgdb?ZiOX4FN&YY&# z2|X_CWw*ZXme=Y<<_ra_`rWcF8+k~?I80~)QLbQn{>%?m5F^vMJZrFJ>*!|u?z;5X zo$I$9p97Pl%{uNF_Bnp5Bw@dKJC38H%j@OUugszK&$LR#8nZ}HHRh<+#|n9yw*55XG?Oss858Geo(9ov(b!ZE@`@w!Yc!*woENLCaIMQP1;dWoZ-JeUUyZ zBA#bElf})g-te1!Yi1Bb{7JFx5lz?Ey*Zg{m*}JtuSK_J%;+TaSYcNYwZPrZ8!8it zh&Q)yQiQxTcz5@5^kjxiYkEb4~1YEM86;X$gw3H2f2pj}uuTPr7Ta+VS@E%y6jptuq8B|J0Y)2+EB zy+x{D#$mDZ%Viep*;`kEoI{V{qd&6-F(Q!@vZ9lNUw+TLFb!1vGW0CKN3CKpbT!ZG z_{wQKZhSWCNT?I5U&C#V1${1^Epg75hd=1H)6J;A+LC5F7!7H;*p!{8IHK`3o|x>< z{PB_d<=Z~fTAuObS`i3yhL0h;&-bZ4uX;Y(yvbK#G72v>0;?ZY-B*zn&w9qB8mYK$ zT8Ly*LA~fSnO*6&r8xvm_a`U=OGUFb##qWY0!|=3bpn2WGF1MW&PLphTlk zi5@K0*?4d{2*PpTEbJ&Hr&?$6Z(!*~rWR%UjNMd`NJLg@6RLT*0_pbdKoQl;VAdGvV{4O!E;Mx2+ zQ|8jW`)BHw&wlO>#=365hHTMiZLPy_^P*e?&NWTSxg)puW()5x`s{0q^f&~kGo{;a zU)M}c*&TYRk9?FKV6D%!!>e^{o}Z8(&h@zcBzJXlTRVH}YyDxn*-7_!%wCqQ*^~CpoItToBrs><$w=8%Ub!$!1?SoMavQlE2>|zxF$eb@obR z{U()^9j4b{^G5jIVq74&hHPNpdj1+*Yl7zT>vGSgzQ9KH+;WVqTHw&Qb|MQFg!+ z&^6&GUD5Y`>u=F+LB@#y%V_83MwMHoLV8bg_N2`f2|HZyPWLL^R=Xr)+vb4sUi2#L z0^nN}XtQ!`soheZp5y}i)EAB^xUO!blxuvxSk|7!-g2^Y;#h$t^AhJ>bNz~tiBHUt z!&nlp^|YGnlpT@I>HS^l`FEP^OXsiCJ8iY^ky1RfXVr4@$d6_J35fvWAPEnddz_sF z##DJtyA&pW6xiO;GLe&w+smSOq#ot}!`@#;MHTho|FFU!LkKf8A}~Xjq)PW74T4BW zH!9NIF~A^5iy);qfG8k{BHb+=f^*R_KyMp(*IHt z0CeOU!9rFBsuvLb=aoq<8)*O%6BUrkSGD0QV+UbBUcNr}qW5*@5yUIL<9g!;Wn%$t zk3Wy*#1s}7wC#?EoH%6Y2(td?j0OJ`zx?lN0?zn9FFF(dQ!^X}USzYBwrc$HS5LC~ zQ+w$4--m3Y%=HO)fKnqw-@xs8rSjLvgswZ{lZOwq5)9792LJnggt*tM(ml(NmnOHJYb5b<)-}rM2~`!!B^9ARII;~@3~g( zzvVME0VJHqT=L(HDh4v1m+rLEz5Bud;y~N+AT+`+{}jZl%Xt)ag&i8w-40g!PjO*L zJ&EN%n#}+G6+~J|1^Oj&*Kh;xm7I4Lt%as_wML-b9uPjx@72HsuUnwkLA!s6FX+to z{_C?=m}AlMTF|!V?sLGXQ%SekoTzZ=elXHr+AGBkIvDb+K?kGD{2O7hoy5-XPP1}~ z{9kno-*>)vVnXe;zd30LQ|%i39~XeZXZfSH`8EI(bY6#p+Gcv&bdJ+}YveVqY{#QE zLV%8OnN%s^VbZgmHpU$5-^t$r_n`e6rf|&{IbgOpr~#0MoZYh$%eGF(x(l|YjH9~J z=7B$>6uMyE)F}Za`Cr9SW@6`C?!4l~tEcV&7oY-+Zq}gFTV3@cr!dL6)Aw+HQ1jjY zFbhA-wZ_WWeCnXn%9F$$3|@;?|3;s0y*=?xa79J!3Y`lbBl&I6SVkvON-@Dw$WL}n6jVm&LL z@q+9azzy276{7C;cP-*DU<5Hv*-OS@2cR+f|F-T6Zfr)=3f(OkbNPMm_kKlw0FB&D z)9S6-GovJd427(x+I4~87g_=Nlubo0+HJ2}SQW_PuhojNgUKC#x*^RVoO`pCGvqQm zinsIG&9`>bK&E+}1YTC+00(+d{n_=bo?0n${1}-4U>04G;WNZ67M}n(VHfoOR{j;q zM#f6)VyZ#o@BmhsykfhN$Qn!omr3`L4pQlJ1UT8E>lAGlP{ZlGh7{bsbKfbZ@!&c_ z?kl%``BfOTNgOaK4!{Q)Bz@XJ^EO-H)y1!uq=DlA1c0?{i*f1X%u{-tRDHVo)#d8q zsH#jB$_~&D5ez<`jRG$YzJq3Y3h%ptX~K?~JjRteph=k5bHX{o543S#qX#;{IP$(T za*0d_0D|3r?@TN0i18BSencDsb5HNZCcwPJTu8VrKmP07MsK~p-0uQv`r;BWccaka z=YzR#m;+_|lkDrfH-U`LE$Msc=8qQ$?Eq7M~*v`q)szS%Aqw=&NSrW(>;kS zJMyc~L}&c+YF8JH?$?GR;yd>_4uww*sytprh~vQh%6qOvS1V+z?S3O8?lN7=l-cf3 z!)Bh|^10XCM*FwccVf+(!bKSy^qQEsyDrHELVj$4n`dc&QT&53b+i)zeK-YZ z?5t^G86}9Mo4*x%?k#p(#uKkHk3n0Z`({_7#I$KOfE^4PIkH5YHPd_!R{x#Wqi+Nr z5nVi~vz40#sDLCu$7y^+etyu-9P9Q@adtL}tjK#N7=IyJsK+V$VP`Mks%$p@Io_G4 z&or*`a4$WWXj-@tpnL`JDSj2lb5Yg+WpZy|@$-(Fskf9Rm3g->T8h!NOJFm=k0A}f z7ykV9n<#hw7@tsFqLrgUnF?Z#>8PVq$u&e|0Yily4Dp*Lk@Xtf6?PT5topx3Iu#l(vd|S}*^@-|VnM{W> zs`nhh5MGn&Q3X{Fl-h9{;8-dIpOZZ>3nyu;S4>vIVf54fj41L80+C_1iYmwDdsh_b z8}7`42#o;qGHSVK85xdkAr>N>QxGg%<&!e}FCeqwltNk?aNp3Lt3%2$l85@Dr^}y= z3GYDoQXb)U1pNT)4(B4qAq6og3&l-WaQz54Ut;-X85$sSR{%XD9)drcEwj3Bi@EVi z=0gS`!{B(&+paQg+(zC~4mL~9orcM^^B%~)M-)nsX18?lUbRR8+DT;-oJkneg!(R# zW-u-opM5z0+H_srSHm!D+1qK&6#j;IjiQKh=F$4d!yti>w+Hg4LWd+xZx8WyvIF>U zF}4#d5SpI>^hqn`?pzFpur9CghjlXsu8_?w!H9D`C&VO*A6$kwYG#Q2#7w>%{z55) zcVz7G*E$9}_i`UDDC)Is#;!xY(x#%{ek`4) zo0V(4OHbl7AhaVfAa8iqr|GsZMP$fHHe|X{>IePq>)Y@MfQ*W64wV|1zD6+d*6eEw zJ1n!Kr8|4`ufTIBF@iB*bn-XLO{wOECIj1yf2S&yZ1Y5Q#JMjAdWv_d0f0yJ{0fkT zmZGo?vrnqIz3R4kWrt?>P!P_B4)XJR_VzQMMng-W4AoD(-faubGq2Z#DzVSCh|99e z+nr7MZqct~?Hfj&lFt!F*HZ=F-g|kDb`zNT`1>87=f%Q>qT8Lj@b?%G{{F1gZNQ)P zv6}}hi^c85t(Kar&c(I#^Cw^l4gNcsxX9}4zG+nXV)%u($FWnz4}-yp=WYr2HjMI~ zC3q%X?)n|P8(>a6y)*E9T8@mh>yPZMU=MjncmMRH9z-W7v?%^NdvM|Vyl}-tB;0mSm{b} zs36>61Au~8;d>G%B-F`MWr}e95p3Is4@E$NpacrGPoInT(__elCK}wRuWZ}ztZCfu z=3cjjQZ^UfzpybTd4%)~Z2lx7&7O^yNr4vbmti8sxU=2bCTb-vYYGoQCcqzNJ{QhLE90HV`aTyA zkn%mW7q0kV0dbkC^*=j65o~=eE(xxGltMoI$>cPm{-1v^4UzBGjPwiAv0ibU20sA* zQaEKV`;(mwk!_Sjd3-v5zf4*-IHcT6nMjI}I_>g(T~fsP{=6Wb?3`E@_wWZbag^^> z&LwyH`#aaLzP9wDoB}01jZmvMeEN{i7k);QOR~aWQ&;3(kTA(VNru5;+EOuo`#MQ7 zh|sV)B*i{+C;okszzrnpi@9&5 z+qNkuqwU5V%!_NBk#pN-+mQbx z7vMuzN3_O>C1#SjuN3L8FMd(EF9xj5T01D^A=d^<`20L21*_~;i2k6XAAW*LFjT(& z+<3AWF0=!4SMS#Tj!*l?EpH|q%9RV#=E^>hvibh$oOzV=AU^yy9Tj}+$4Hxi7vp8f zR@{3Ed(}QuO1cZlhp2K{?9YwLDTrLm=m9cI0qp)Ld^kD@2?f2k96kj}ij@dh5_CvyY~f^nAD+7wOUowU-$Y(OLR14UPuKXUpU<4Y?q@&1 zdL!kIYjUx1CgG#OJa`?|niPK8^NI+S0Y`fj-GeWo#V6oB#j5V&(6yf^Q1__(%(0u?n?#OL^It8*`jCSLcwWARt;a+UQ+$bx@5a8tCdX-GY?S5qCfLqDzhYc z?AA6>U7~R3(+`-j=_m1I{v$J*)t=XP6+P-wbF9FF3o@3A2i?2{ah$-0BtU4HS$|L8j;ICw^^^A$6?K(QZ!1Sc58i6WCwgNbE&KX0 z|FHZH(gpTM`p+jb)qz(qb}V&#j~up(niZo7eVFfmPXAqb(g=TQB5E>aC+z-?1b?g# zZ+QaSzxj_|C1p24)T>4x2e}Jiu`(k0X)WWh04h3WpB-V-q|bd%Le#k!HdyG1#ZNts zrkzw$3~W(>KVng&`OMb?zx|2$2W>nmDP%~%USZ(|&-{t1U^e;^mSNUv+D6*1p?$JV zZnFYEH}~T2(Qy(Y_<+MOOZRUHL)Vau2Yj>m}_4E$8E*HD^l z>4JL%zE?ZER(|B&oZXv#D^_@HDg%)YF+;|>SZ>9cVw*cS3NWRXWBngik#9L87d+u)gZcStA~eO!=3z>0 z&It2&w~yC1q^qLcs5k&yAYfu`rPfbd)hsZi$C=4OF~6{f9_+?4d3q(4~|CD zp*Tb%4iBqf2w;(AfU2ODo`(ui=!z^ z!_Rwh@Zvm^1D43#P||SxhniAh>bxaBjKOx_+-3=#mXWUYUidsg8 ze8$DUR5e{D4;vD2Y9-aL`gGYe4PT#-$Fi@p-38g3=z|`-&?2M zZFx6`>8r{kXrDrn3pZVw74g3}clqhhnqcm-x1aS|CBt_e zSFEGoPYwCJOLT!6>eGD19FM4*&Y_iLT@e=1(jJyZ-R5-PImK=)h@m;OZcFw;y1+8A z5!v{F!NyD@t^O}HJxnbiRvJn8iSQ7gx!KYw?^m%ecuByCG&{LmjE&^K;^;ZVl4;*p zC@No5J@s6dhmg|U@)t3X$UaZUP!aV-N(C8gi;mtIM^f@uonLfDGrP~BS*hBSVP0-JmDT@>a^%qM8kJiK z?+HGAB3tS5A?*)J{sRh%ec_kxZeZv=Uvrc*V3XFt_V4#Mc8%{^NlDP+diD2pJq6;Z z5Q+r1ESHSe9)|QS%rb<;Q9aBQH&LyQoLv0S;l(! z!|$4fTx;+Ha-mGQ!qxC;gGwH;1~>Ct4>(sA^j_H3{^`C*D&6kA@$Id&yT>>=dtr|Q z%f_ZJ2e-#G*Hd<82b<*BC$q}`W*Ldh3m2qtu-XD^1-5+)KC$}3^3M<}k5;52CEt}W z;YA+Yei-BW_x0bu9ss5M{GH&dw~+~gVdD(RmQdIW$G`cdYT%iy{mbt}nj3w<8o*h% z)B1gXuXkZA;`Co32j>GP-QfS0N~f+h&n})nQiC!Cxv-X_Jos2h#hP1}MLr#NurmIgw9u~9zhvy4S%zVIB@_po?^&dfUR_j|oB|po+Q?_^5UH<&jYk%Ix zKpqth`3Nl5A9~CuAO0V;(FuILfFg{XbrBLSa|%xpa?D(RR`_fo6g&>6ZyiGZD{=lu zV?7+p?RsXDjqUnShEEHQ)P?{5YOpY%S*953W1Ibe{|5)cqn&{FsF>}4r$v12tqzs) zWw4J=ST70tiFE=tG41lQUzyiQSm08Pz9-we36Dxjp$2I2>-rfFf5?M||FVHCq54>m zlxN!;dQUq+vaC3nf)^Z|aOCih>wooe@QtlaT{uS`wV}rwy?co|ev5*26@aFXe1T6ah{qE>%1^EB#vHx@W@(Awh z0tlr|@uUC!Zs^UZBrE8#y-$GxsNdiDlPq^FRa+!q0X#G?;<#&zW32@B|UxbzA{`b%)Uh0$9`kF#|K$N~I}wO&28UxWza>btZe9c2$y@=yeGxZYhU!|xt_5i$ z+p;G|(}DlyqWF>tDY@D~^2j}UagQV*e`&4`<&*0rr2`>F(58##I_!sIr+lMq{2C4K z(kpq?-hj`@1IVe``87e6fOsrd@h{mh9aaJ4#%rNil@5N8^$RGU6ypI<@$!wjt4m&$ zq#kgssVkPVqpW~zd~cTqO5cbD+gN8tM)$z#v?;Io+t+B^A0Xf>G68^h`y;cwvL9s7 z*iCY&+#?iyL?~FO7(sPS9@>uoxSpKo}$wFd$cHfbr{X#7G{Z&}-`*ptR-W$+d z>do3>6Uy{nOpQL%RX%%Pcm$yMy1$dmt3dUTxS>pu76%S)*GP}slw|Z`ZgD_YYva8Z zKdsL;e!XLkmC#md3t^D}O2M_T`I{1qAgT?3Us)Y%4wBb_sHqX8_Wr(dYYaU%hRmk# zni~7-_I20ay)=i)=kbpUp8ZrY@tVa8)_(=A%)lo_QqlF|rUfwU9u}c>0!>jOV%IFy z83J-vY&tU2>+oX)0~Z*88t^HSHFvMpXj%u4WP?$m9uavEA;5jjbR}kx&<7FP;wQ)R zv3PTnx$1PHTh)6;Izda5fJL|4ugEBxZ2)=!^!WNecuxE46;-Z&q2a_z^VJ?_r~7VJ zgox0HxqXg8z=N{`p>;roQUG(3ddx(7ati$a=mF|WeWnkft2(ojFnZ106kP@3V894o zq;Yz!h_;=o+@A*meR8gPTIEv2!CKBclLP?xW$_3+SRFR5%JP~ch!DQ`R}pZnS4OF6 z9gCNa&iFOpQMUt-@<#SU|I>Zvi>Ot_K19b@)>+`$hA?%;HBLCaaQv6!mc2UUP1%g< z=sS*>!{DryEkIM}Q-6Qo`C-dugB;@u(MXn4Bf&tCu{fZezghsgZX%!)iwAnGm$Xex z7gcSF{RO|la^nO{W+NSVR*P;e$H%OTvm?*BbPt$<{Np`|G2g?#w!h!%nQ;F5{m!#i zwmG6q8$U&;taxpEwkf0V>~LePmEM2h63~t-ub74+hw_zl0_{OyQBxOV9%gaIYYL!N zCS14gWrj`*YTS8fzuXE<@!Xs+xO3lb#$Li_-%fauGupV-?(v5&H6h3LKZkV%r19`i z)qf;A{{-mK6Ht5km+so*>@VllM(26huX-0ON0F9qf9Zj$l;PmBHWw)P!_FJL=b(%2 zEQa5l%@q_OJcMOsj#J_V@w`s~1=|vROR&GxR#R~R5ea5t6>}(z;x%EU_*V53z~3KX zdJ}||KSW9cGrK32-i4SmL|?u#na6+$!;0$G5a0Nb$q}qCn*i3c{|KyrDMk2<-=82m zvM)%dUmAK0rp?mnO>_Amq(0`*>2`C%;TPz8z%+}d6YlvLuXBIwmU#_eT3h(<4q9Jh z$gd+YnnIQb+vA!4LOY+H!Q-s~9M-yPRcg~c-r&7zm#+XEr| zv5gV7U$bh#K}gTl? zJTWT%LB_|~7ljUG0MS!!0aq5X5@9F!l~{I1AtcvPb_{U>R3MilCK?!`>-02i|9eLw zdsPxMA(|io|0LJ6ATg*~8?gkvx%xy4@S-Ud(W!;uk5_6gUC)2s#*jJ5Sjn;=J7K>* zA2OAfXQl?KzY9$XmTZiuLnN!_Rb{vP9NW(DTn)p0z<#Qc6dWMH3!6hBVJsN+ zy5r0CX}5I2-0kV&9kqS(Dkd2?awe$VcH($Nk8AzM#<6fb!xZVWA6e$dX40!xUF6OX z!%IdwfdKfzxkEz;UQ3MlStV->7|7<5&T($QSt)#8Xeo*Ye>iRp*_YwvjN_(~6C(0y zM@EQ{5k?YF*$jbKl7&$wODL5bvr;GG1RKhKwnk2c!IG)fIiTSE)a{YUW($p`Pa26O z7ve&0$UtQOBt2&K`W#!E4jz1)Vyv&@q@XmVjg?ZNhoEUXQyXY2DICEZ2`ae3><9P) zIVinx8VXjGN+ruDWCRVwFZqNPUgNo#c+k9slAWB6!a47RQwPdM6BI2(r>*|;^tvj`4vcQk`Q2$ig)rCk3&SL&S95*7?Ju=sb6(?GN>?b7&Sx%lan& z&pWnS5{fR^KqH$0hMT3cOw5KQvH0M<2E+512qBhzffPrnz*w;(GA|GZ&r;q-3?0Xl zslP++%IH95Z#0O`1mR8)b1?;nRdmrLj`v>6k60Rb3-P_?c-jD{tp zVQ_lNP*fG@2ak?y1i@ue-XKI$BRnH@g?+<*u`88V;rDd(4V*WmuJm4|WjCdn6hM67 z%qNhe7WI?;#YbN!&tinfs$)T(#a*T%jP`)3_P=Zt=t6qHg+kL92C#rn_bC>)jWo6j zrJP!fQD;jP6(E_oP69VF@ROb@{0WQAhG;dQMJ-VZE%#sFgtYN2r^pB}+puB?7kM5% zrl54~A$f#iNl{dw?J|&&RY2j%5?`HmUhPx7qpmVNBC2_LkE+k#aX8=DeQUC+NA#&g z7CJnbu9thSo9LtceoGs7D|;G8q^HO4!-==`OF8yxaU7g!AHPV-|KrS;w0~L(Yp1*! znXs=UONF=}C(vk#QMC=D{Vso3DssFaM9#`%!nv(@Kof&+70NO%LQKTeMJR-dm($k= zErjxR>eXK~U3leixA2;yiYd{g3pC&G88zjaV2|Qh5`2*h9VkyFewNhf(#|z=ZDlP% zhlz3+p?uNJg_J&8)F^mYwDzJ%SfKAEF`;yfEz3|EI7cODp7ac3_-kBLpsBq&R9&y@TVw_tal* zG36W7O~S&T8w5Y^KNulihU9%QbkTG1-L zDn8%%$ijkK?*8PS+OZCAHo8ynR8@n>o!Mg>(VE?y^-kxQMS&nwblT(&-<@OTW17$f z*ESqTg{4`h-!0b*hM|!)7M0btcEyWij(!#xPK%;UHp?E3%p!p}QfrKed(}&7)aLD5 zOQm?~YUF|u!tPi&8z-TiMAu8pZ#enb9phe2w&f1XRIsm!crM$C{2M0-CBU1z>1}0u zuUBu|Ri!v0j!w6N;K3fwa~n!=wlyyX7}t<&q-RmchqhV6<__i$Fx>#&*Gn}rVsK(u z;ljr_WliPkv9(M{BUUM0!!DgF>nKbtOQx~Ymdhl!c(1cmTDZYds z^JfI(A>~546cCu4fOi>jBgx0+Q6~L?1Jb+N2h5Rrwe!8l@yBXjnXyQJxq{}UB$i$x zWd6iXYbpMTdS-A#(G#;7SNO*_dQn;MKTrXW#%{ko`o-;Zfh$g^c=P)uYrE9i^+RlQU zm4zcJ`%zE2pHMb77o$^Wqb)h=Vc(KsPBJ`0=kpxAw z)w2MqEp5taMZ-8hH0hD=EJHg6^a?t>T_Gm)cxW+hvA*l8eURdV)WanBX}(t+o#{4z zmrL(4iWHU^G5v8l&RhIgG=!fvu?m z=z=AmM}%IM;wibM^oA*nU5?v%^hMo&^uCD?KWrMNrE?M4mfAiy7c$9N*wfAMNpxi! z+)G!zmfqFKU zCqn&^9t{o|tGnmI!E7Un->Weavzf5eXe?={qY=} zJek%8X((j_lCFEpJ{OB?nUkwwe@RXgnJ|X> zrM8;P!I>DGkV^SRrYL&>e0_16W9?rDP@~+QMWakXOv~(aUZ&3r*lkS2rx>wLAZ&?@ z1CQHRr}-u0O1Bb2$C_a(11tF1LZW5?@BxbY2LaQYgW-$(oJRaJAf*8>UL~cK1e->> z-8BPm61ck#PuISUrwCZCcM0_pU$o~$Gf0XVZCL|P+^?w`-|^kwd|5k(pkzCgY+yrc z2%?yp+ygI9@-o1FeRc}?&DzC0*6o0tyIf%RYCA(f!+(>w$V{ALpdI;=Jt`A?0-4_RM zYcFapfF#lg_8$e?8Wvhe-Zv+sCR`t=|I$5B)AKu32Ar+EtqLBeQ)xg{VB z{37Bluh%uOetRbtkI`tg^$-+>2N}RScc_dN6UP*X$F&CM0R*lHsqS>q!CRyZ_CSmZ zcx(3?AkcV7VQ2Wt$5#GLof(~hS}GJ+#UuIgtab(e4d+|Nt{QkY~{hF`JO<^*si?h(k_ zyBcMIT?yi`mxpRe^WklfCLI8_q~1ynul^DvAEnqAH{7C4lMyM#Jf5t0>u?UAjG*_> z*RKz*pT}F2bZe!xMSChg1c4o@l_zt($9*5=n|$MUW-p>Rt}TeS1zbmrJ-hdM_O>9> zd77zHi9m=b{8Po8TN6?Z_mAIvNSN-AfZ9MsURSjNPB6-G82744jw2=ifjc zXoI-ixU$wRumk;ls%LCH-}72Z0nImM$x`iXANLIWrv(uDVvNDP zbqH3DF}UJga}W*Ssc%pXjA1wp6}z3>O{)(M_CB_`qCS!qbe6pwaj2D&i_@R9e(Ddd z%WZ}TAoYz0UhXl1iQC)w`WR%%H`aKWPyt=>WL3$U8qG|vp|cHKTzG1B@1ANkH-a0Q zLf6|s!6qHyaLr^>2?mKfMBiZkbOIJASSU=W9XTHW?8&;_@4!W5!$jjvh9XYod>6!vJ?}B-x?yYP*DjiWv`;{l|dH;uVCZnnVt{Bj+TLD zO}0K~oUtj{;SY4rEZeEQo&!&>3DepK)mg_E!2UQwAM?ZS-1zwK$ONVq#~{^Q(6ytr z5K1iYaq>^0VMHuD3kG&yt}FmZ>)sNqermlSO>O2P_%oT{t&a^~6NzbEH3=9sFf8aB zjq5uzae5G33rirQ6UkZpn)E0IBDB=GJy4FzfPWkv%X5rqH#!E~4Nt$~`KPYXdsq_L zKR~4J6F%yaaVeopAi5cvgjh)Uy0@~v3UvNrVM>irrDgh!xyfK`2mw0&>^SYIm##XJ zxWlQ)OCjY&9nvA*LctN)l(q=ZRz8cIGZM%~th>l6eFmUM;tE=%v-5G9lsms{~bEf!#RR*$k7V)BCdgK#{t_j}n3H3I2PE*dnR+_Xi(YBT7u=!9Ra9I^>U2%89{7xlWAGWq` zd@`nn?}+S>H10t+CGvj!w!p=SJPFnh3lg;TqVkSOVKj^U{HV*k2|#G*(KH)D^!`f1 zb%^fjURXL*cFM8q-l8MeQF_LTc9zy>t9~J?8?<{@VjHtvL?a#GR~+xjW)W1jLOmZk z^5$gCJio$7k;eMVN#k8y+}0p(LaKdEDm}9f3G5(SMa{TguJzKr8;bc(MBR zo5=x*=7{N3mV`8qRZd#l@WmsQBpvDs!b;6-Y{;!A#+-(bT{vr;snlFSD>F_Hc!X~w zL%fOwZ#9HJeg&#*!RtGLx(p}vWIio~d=@wZa`Z40DH#T`#hvyzGpOK*?36_0-NyP} z1iSNH={fuaA5gb~XxDQ|F*-?|dr>0_;sP$a3HcdcVeIbK;;jVNZ###j_u&^cu%Y$8 z%V>j2$d1fHwT!*~EV}O=h;o!o*MiCW4XqGiUq93jYi0mgm=0yu133vvtH!l(8nUTb zECWw{jBkdTub%{@Rqw6k_xC-#W2c}kLwgQlZa#r@8Vc(k4Hm}TZSQmd!u4VYWn|l} zkgm?E@i&EDB}O0tedj~VUYL~7ue*7pLSc#+0kj(ur-GDN|H0yPL4tfAj1a0_6pFCi z0$M)B48*eaG&jwGkb4*e?Gf(1DX|Glt7TG2RirpooYJZc;D0yxM%V(U|Fyca29?~+ z-EhTVoLS3r#L!AnlL_kG5w3j)XXFy8`;Mzq7|r}!3x@gBj{AHi=#vZTS zlE_22X*8H_bH^d3JOdU+ele#ZcwWp>?V^@&_ErKqT70zQUEOxq_rKkFNU-nu%$mhp ziCla4pcl5A^z24Nq>Nh*650~dmjyY#n&128_A-~=+X_AjJZatTvVGrX_9TNzOPhX( zYn>r7fspR8dmazGT`}nxzn7f;BuHif!4GqRGT?*`+XXB#PUa8U#C#gxxH`)4{(VG zW>qG6RhFN8pOKVNs@j0<=#0qj5@eWHOEPj!inL|3Tzcm2*rp@A{d}4>U_)AYG_Y^_z zg;`7THYZdPC7H$%ybTk)p%tVg*9FzHu;ta&Kk1v#jwN`+<1iOX%Kh=jnt14}0^-&k zM|^H9Ol((4zng`EIU^53)*0aj_AMmlu!4bv4_RtKOY<7X5x#Qu8O0A)**594<@F!s zX=LC~{U8zz+HSE*qqHk}qgQD#do9cH_H`bFFDgof zzl%j>qBaHAHh0Il{+wBY;2Zm1@KWNDLbWo^7CDvZgyAFlP0rcBK-YrhdUe7wYnybd z_2Z&AW{q3D1i!(Ft0TO!g1svP_KXlk^YmBC)bpz4+{oyK+VW-3UW&T;8kqFfjyUVv z<)g_imkQoYzM(MK;w0f8uej}`AcN}1q54d*B*->#Iy%n3Q;F40{!{bA$|I)L6D1rS z_hY~A-Ch8<_$rg0?2&SkPM_HqZtEx+scf{y?#)LWGBX6UPP_H^vBT1hzY=B%1UiCe zyj_Hyr;JDq5S~FPE~_)2V)!HFmF(CjV-#x>V${(zuskXI(PG#wJX$2`*2kL$b4xJ2 zMxKN!M{f>NM&kq@P8yxLhQu*c8<1 zQymo6E)de>s&YPsg)z~-ed*Fiw}`1cpXz9@>bh8J7ruWxe_93KJ8xR%2ja&uIP?tMM!Vu$c;3G;ur`s*>BeXp6wHT{UH4DrQ_aYlCksKAjhi2Z#x;fp6p z$6ko!c`2c#?U(_@smRO`#R1X1C{LTa&(gr{KbqF-yQ(o_y52DU@8reGlx4N40Y7s8 z_LjPo_+RCuq9b_4VNKc(2!dCc;=Xar$~Q$2&dyX&)lwEaTCaRmD8S0sCy288 zjUE^8!r37B-)CC(1pTaG1GC(YuqV1&YDV zj}qIcwUV?Qi`vI9p=jnS#r=}X4N+Dp({kQc0zL>TY1qDq)ejO&WVt+5vXDwxA~_V% zj!bVkt3NmM#9}#QDcU@mkMq{>53qEOV+~(%l`TwyOM9u6sOF%=#i36S$sdIm}e+@m*IRo?bZP89We7J(bAVF^|F~FYkpqMb@FGc_vzfk{_+gNlXrAraAS+n% z+b=UEL64DQb58|#6}S6jMC_s{ht&w;je6bVzN(Fs3@ou%%5x-ey9Q_rSqbqvPb1~f z-?jygj@L!B?*G*+`WX8|Z*nke@b6m!b|^3jvK7^uo~J5#(!2MQHd-Gis(zGQ%>DH)Dx+d(ZDfdI1nZwV zmV1xC^L}hSe2eo!UCK9q)kc_m>UQltVdUFUG&|c!V^xIo5Bxu1J!!=^^q0`Ck^h`% zOL{g(kMH{PtJugtA%=>ftQE=B^rMsgUvYc-*(~qk3$|YZdD<^%xaPae2k;karwPMG zE+H25<8XU+{v~ZkPUHCsWI+eNO#HnyEB=-rQ62Nzd zcU9JG-OuEsMU-bjc1ic|LG8&yH`5FGpo~w@s3s!iWvU7>t^<6an4b#$dG5=lm930` zypEO0k4l(hW&yr&Af3v6NVpdF7y7$P9LZQkadLj6W$qzmyoOkhB+P2g4hwUrbPBIO zCj*5B4?GIm`!vdL5nOl7bs6aW!=G;aB3xW`+{HleTBj$xmBU4bGyG^~s6l=`I^aS+ zp+aR6F@xV*!u&{`Lyyrvj3YlLC;YZ zTJEo*ek6o+DJgkaWbVn}QTzH=QclJ~kMo1)X%OpH5$|I*_r=$G>SMibj>t1*@fMm9 zH-EEBSwYd1guM)^bOx2unP{|?7YZi{>vB=uE`p#O-r_fPBHGcdIL>_ZfK zBl38G`+M3)l(IShz2DDRR61Qot=z(pP7NELhQEL=2zqyG8+~-gCe7EhA&|h*xBQGK zYMk`D3|Y;Yh3s*rXafA5e};2H)^^fTzmZv$BA)Z$-HK=&ogmWX@WOulJ&%1BVZOW{ zWhqu%8ppilusXdkLEDZliCSnXE}`{wqb?t>w9^xbtna zYylp(#ud*z1_Jm$9tDfmmlywZ^V3je3bP1)W?Mo3M8uEU3fp(Ri4i!R*e59YlHMigkgsAprN;Z9b z!O~dzMb*5@N`j=I(lrPqfNxMY6X%7vF4KkSKi3U95w&G=GJ%Ah?&!k`X7ci@IA(+7 z$IQ|!G>YM&T6Sxw(Ym1vJ428?B9Q@J>^P2x{(Z|y_X_S-i$&!3eOVyvcN)EHO{l0)BJ5^<8TGa403Yx-AD<4E0nR};oQ=~~Q!j*=1x=wfz? zA&?Z;$Z6tqqKXyxpBLcWVM$Bd+dU5vqOd)mQO?*)*U$8}`Yc3r68ya>duDI!X71kg zFq{vP05qcXTRyZ_Q(tN1CucFbe* zO&|dtB=hw`9TFc%&$}DGMZ@dj^UjXoH>SInEoPc)5=J+@ml&yL2s@L4?ZVFU6eBH$Z zAAKi;_+%dK5YWmseJ%P1zl8Y(;GfLN6U{E(!O-IiGfACeUqDT@lVG)Y%Ax1-UnJDR zD*;zlh*1T`Ptv#mdDTq9=)Jjgf8$=+C{x^nGWW&$2d2*#c_2_^1jOYJ5tg2bK1()q z3D1!z1ZojcE@vjgBYKi4e@k?x2!K6XAH!$1?1ATyf%q zWn`9TI%I$B_@eL{@zo@C1gN!eGI8{^O2y{>!+w$bR-B^CR9x&T)O_ z%O~CN)`$wMwh<)75m2mQ*z|-sl1BoD?>IQwPG1;8&)?KeKfu|02_K^HXY0S*SAGw3X})z8(X6F!t+?(~DT#c# zAdJ8P>5tY*PqaZ}CUQu4!bu)6TJVfKJc)AzvPF!du!xNd!JMWFeo~Aj!NGA3fd%t0 znHAsc?FQlzgKqj?!oQkjZ5|kIf7E>^7(;nn>73||IQ3?#g}BQn(BYM_pI?mufums_ z0?(`AABiCSc3Kxjh9;iEg)*6t_8ut{639tF@tE{(&Z0~WI`aI-=3#2~N83mxfeSfQ zki4KDH+40ldjACIwgu1b2k8g}KoNXhc#C+Why)l}!RXP}v^4ZShR^UhvkA2KljA5= zRDzC(`{slwG}?Z{G9uB3n)O>{DU1FPml)m+?78L7S9eAZ50!5<-7|tk(bd}R&$&E>!rK^(2s^@O+>FkQlI7`AJe;~_9an^xRVZ}MKg_WL1xL&y>B1xB80f9@6Z$lE{_nMQ*7DWto{2qcm6aW2&epe@|QYBXjXOQJf7W(8M3 zY+g{A!Se_ic{@v{bTk*+Im;dSxsoioG?+CyB#KN)ATu763I&aT)$cL8reWR|OkaW( zrsg7`|0b7LHydt&5te()u{j((6Y@%}Y#!oA&06rDxf+oSGpUnKeS-76!7?;18x{k} zUm9{iDSw}-2u>2>HSzRQ=k+Q{i1j4aqM@!fj9X6m0BouAKf>DO+L4){Qc;7@nOCRW zuCyj&jUfj{BXFaXaF}P3C5O@UBvp|`&<;pXF9h>fc}>inBq}GxmB+Ai@GkHnor=RM z_JMsJ{W9exuSvO-o)($uyB|>}U3+BIr_CZEmS05YqVN^G4nB8WDVl+#>)DIYxVIen zZG&>zSO(JCN)v79{vEfP4A;#H^A_zK2e=Ze3e-DT|2vcTi=odlQ<68wI~a83w&5(G zXh*m}{k=m)1k&DA09CKYz1h!FfR`{1nhIo^3Fbq(@^+IDHxQ+9dX0h5-j1XRq7F8V zEdJyar#y02kg^7q3l%*AwJH4gVBz+fJ5q!T(Be)tDToQq|5MmkheiE-;nFN1urx?6 zAtj)qbS{kwf|L@{NQv|!A>aawpdcY2un1q2?(Qx{KjGM7H479tri}*jhTez1|u78JF6v*Ob$CGxfxl#Sh-TQzT0B338u9S+1cYEYECwSm^-40pk6i?NP&>xpPEec8^+BswIvfAAnGv- zRB~^!GNm#I{4h8r8U#MtCWE!L!{DyPb z5xnq!Rb5bJpB#6LCux{L2Fe!#I@H@7$`52mO%XHv>k@JO7XI3-bhbli={4BLgcf zbnCEtPbbHipj&8Ryt7X217D8uS;Wl58*OEMO;9Dg z%e8zk*dW5)yu(h zc-C+h=3BlcXjVd_0WiWU(-C3C~-31ZA@fGoGj3p4x$5?mw z%eSDjdloBbhWybXL1i0^X(Nldxnu*a>`2*3 zO-c&Q6$XyEwPlW`;5~`He;Vys{AJquh@LatYaxYtng5s`C7PCnP){^O zb!PJI9LHXp-K|YZHs3gAeg81`9T&m?`p)%2H+Mi#OkVv}jUTb_vH>zcVIz@sSGtN^{y;UQMR~f5x-4Avrqya(L}cvBYz?cZD^LLU`^H zx-Hl6kl-x|)q=IW2QEDa(o(dB?jm2-jlitaALpP@v)-_L(HKT`= zjDLr$j=r^J$(eKw-Opz($Ox-mIIzce4e9=7&0xl{5k)zAe^~Cojdk7`B_VPa`I2=a z{I%BU84M}>WVeMZMvFD6Q-;;doTfiPZxKzN^{G6~o~4CGn`w_$CUNq1z;SO-Z7u!I z2M3u3|Fl6FJ68>Hwe@c=Dnv!_Kp89bCg)L|8t~hFF#(1qHux@eZOdl|#`@dI!oS)J zCCi#TC+i-|Dl41P18}1GQu3nH1pDhJSq+E6jko`f;Xx>mp$N@|N37hc=>Nek`mjTZljcKfHq;F43SKH$*?dViHAQ{F*b=Vs#%a` zrY!2~xw&aAo8FGUK5@vuN8Eb2vB&E1Iu9ZgXDI zO4Yr=lJGvhR2c%ny#k)R#`oSQW%;8j31j38DG4j7wI<*M zKA}AKJ?HV}3`3_;(Tu-C8Pl-Pe}CQwHD6Kad(LTBWS(JN#b8!3`qj_SF7=TTIJ#S_ znScNNv4nThIsP1OszVQ{-`zSDv)C2)TD@c!(5F}Zu8ti%b{zcBxid6?{PZTMQ9pYs zq}}uDkfKcb{pyVYU=%(WK`nVhTciBTDC$!6uS2v!hrACf8D=lLDTdSE-V4z^B>UG2 zAE0y5?V!v&2EanGKk>q2ILV_w(cy)t0<_)$>Z7VZ;(=;Znt8(sUtHc@Rb_+!7_Sfl zEv*2OI^zb$Hc?B_d_8pfro052EFgtJ&Hnj%;^FX6j@Pj)r4cwNR0tZ9zZ@#SCMIxU zkHjIx-$wu|#R1gttKtow@@J{?Xu1V!FpvcO0_fSy{jTgA^reEM&cJz-f4XVu>#=Sf zA<~F=m^;|;Zxb8@r0;Qvxd3+{Hho5K^1{~PQAXxmTRLfof-4jN>L|86r`H{~8(pHB zj$)jrYAZH>=9CGQ55PU0gC}V4{%zzIB_6;F)sZuc^>#+FyI|2KoyY@^0gbrlx+FoQ zieMygqB~tL>M{E_1`9Mh67@gv z0Jp>yfE&%ch70vFGCvLcNEPk65M7W=-tXzEY{ny-(ETprlI*?lJmTK7j8FG2wkt*C z5wo`apKSg(O?-Xo>A!Q~d$6~^R=My=$hpTRAvKF);{xQXMm{Uz8~YB5&2K;WJsD23 znYA`p@LQGnhxd4Ulw9fTa&O5!@u}i<@AC7$u@bSB(I+E*N%WO1@)s6@`HiX-C+W$% zN&ucLUoSAf4p2VdXD*Itm@n5>4raCG%jiBD_lZqAi5gd1v_WTvLHvgC2Ksk`>2>RG z{>>`U;szy&+D!o5jJ2q3FXVN9s`O~*J7zm9#;pPz)y~GPV;?#=B`Is%<3MJodCmoh z{r)cET=93LO7-EVu`rhgCI_j@3u5QCf~p+Vg3CIa<`P+_UEZ`YI&Jx6{kxeCsMBZH z4_y9CEgDH@KD+c0PQt7Uj=Y}r&maGFf6`MV5_os<{^x&I)!0kI3R#~UQof$C^}B2! zmpycnUL9(zoXX7`_aXMK$f4n#`269Y;8aTT>(9MSy~6K3@z61L*%R6*U{DRMt$X$| zeG_QP9dvCsO|mkWK4-3Qc66TDHsS(8cxMpxxaS6bckE03FaC;)*_=d)SuHmP~FQFoa~_H8HZ|~ zT~v*iZ4SwLSFO$ZJKD|qR27u8%$fzWf7Pmph?3|HxNxmC6}8N~=U{Sv>uqx1y34FK z+9_+=FG8re8PDhG^UibanO6})RqMH4!)09g8s(a=`hVkZ1UVL#e);&UrI1OEGmp<_ zE!^T@pS5bz=TH{vwBGplqt~!#oAX}-<}nfZi|0-Ksg6Gqo^;wiNVW}gs!wP29{)Wu zABg{E+CAWW_=W7HiSO^VET=gXL;l)A#3aA8ce!aTE4A`l&HrF^(U_^(&|5(a?QXsg}6vD;o=3HTcsVQdwDtESx0b@IuWXMd`;<-9r`_amdf zM0GaUM9sWxXxJT!g|*ukZOP_uqJ77M$%GlVd>4u*v?h1%gQ%-VLbI`?zc8JB(eNZQ2yYx`RA*&46d z#TSOnUtMAPAwfS*j_v-`eAjAeTg*UW%5ii@w27U~%Chfih>53_FHCKC&AtpC zt~ssDxEGzDer0w(lJyRoP4yZacqHGtd;uoLLVT81=BDYZGzV$+DIsK<-{p@{v5n>A zg1?oM6YtLZi{(aV8DI7e9m<52We6wmb9xWPfss>rh%p(skCSJ!^*#fb>oixa#jrN zJ_tw&eCnF)O8z4TGkSOm#zWyEO5)VS*LQ=F`MCKUtfl_(^*>d2oT@9mMJBg1A3Oc7 z7%5He2X%C%DM2^qG&4oL2dPK#LgSX>xlmzv6%mVj`KH&Z#lezuRVb#w+l<9g96j!W zepD#>E~W9QYVSF%K1`=L8D2SoRUULE>-nU2D< zBkt^sq zFX8gRpa?N_PWkg?<6IfGoZO@3i2lu~H??EHQMBb=0xr3||KZg1#AaR5=Fo2r>4rTs zSp9mO;%LaL8~(c*n7h|r1;oj^kFp-Di}oXL<#Z&N+(Bq+Z4C6)rv99L>Rh7_iCy>H zG@tY;(n_~yP_Uc!sdBDWs++S<5_SCOJmbn+w*$1eH@kIO$Xfato>r$9G9`gIxUqfC-v`;J@;0yD^It%7tswMq4a`_F29(hDI(r;$-?iczw#9>_O)NuQxO zzBYee>60cb8Qf_WK3FE>dUNo672(REeIrJ#d?-5M`AC-*9xs0hTqz@O#r9MwX-RN!^KxC;Vf_sFPP zx4#Dbjeqz0m?wGvr`o{;#tuG4t1&CRab5&f_3Y(Ic=D%m(qLMPk6vR>qcnWxEx>jlB+?ru!G=OtFCIFu@ob5v#n^2+yJXL~>Q82p%=>XsyU-~b zcs!KGv3#PLjRo-#6X!J2s08uUTz*!~pQPN=IqA%f#I?|MQk1bfaKaur?wMug6abab zf=SylALSo(UF^)e#$w|yeCx`)bi|gv7&=d_>Ugy=WqqOJd7~{oYydKi$1*&iE#Af1 z5|J5S5ro15a-vB7^5$3s`OZ6M8r=j8Fqc(xilh4tkYZbFFPJH`GcXgv-Bsx`B=jojaq z-j=15>>{9Ur4m5UqH8xtd|ERswZkJ~j0T|ee+NE0I-T~Nj+N%+--+V$v1)hs`bqVA z+oR%7df1c0J(0V}_%J7*qmL`yb8C_XgJ|GD3++|HS1Q{V>^A_nKV1~DA5p0sL9d_P zSy?sf{rXQ?S0OHbJDJxt*+Uj)nO9C2sE*t#-;~tat{3|A#t6-r4DSE$L$C`o!7Qs)n2 zSxAWiTYd>w)mZO)=9eMPqd9{zUIEfOd2{pThDC!fYR5l`G(?`uoD=&V)jBG%8d9=b z2v(Q~F8#`{=($mO*(2*b(k~z4+r0CvD~-`>w-$p@0xo-$#Gm)4EIkjZ$jQH`^QA$r z5H$~-XxzHG5C`ytWS?_2uTDI;*a9L^B0^;T&^r+NZ>p27IG)~m1DstG7l`Y@phw(b7e7(RdQcv$40*Qb1Zlv#kwOevwbUHY;+LMsNg{a5r1iPUuUK z$$hPhjX|G!CJ~vlN05?}KmGDb>JvyqGYbFDePddc3XQwSMfg@E!-?lYyrFTj*JfK3 zl;7LT?Stp$;OK$uPG+>X+m<4+foVVgK^A4hFfd%XWathoDuC@lZKI);gy8Z=O?sZe z*B9eA{7+LKp04qpdLE>_WfJw|7AN?0*TMR}xTCFLg;D1xk;>;U#CZy1_;To-YBjD- zDRyAf7{YNtU5bbXT)Q_{@_ej%N2cNf@?wut-sm3{dJ%-}B5Z zC|`Ix;s%%^2OHxyx31qQiH6*LF*PQ4fl*49@hL5+J#+JV)OAp)zTlr+AR8Xz1X(-0 z3MLjf!D28u8?J@&G2+GF&}>ADO&2y^DoWR?Q5xIC>yw7Y3JACmG#)LG)wy;<{|wu_ zHhvMlEa|P9!EKlAk$$zC@&Uup5_;VeARvuW-~r;#jTfD4*H24Rf8`m@2kE|}3u>mr zCmIU^k&=Fbu~^mx*nA0Mg{iT}E?RQ1;bbTlg@yq3S2nlKufr4O&GNziVikr0vkL`_ z5BknuP*`z9>jcW`USYYD?v&nGz8;brrrZSB)WCJ%uT|cdk&^|raz5hESQ;NSt5OyE zSmj)KKHCCR$TTbTN%5@IqAKOT`rENqjooxi;MOdKXZ~A2S5X0Hx@=6IE9{X3fq+V! z$>ms+^PdA&r}Mv~A}kWQIh<73doUZs)(QXow2#U^2VIkX5WcFY(_(418LdT~Aqw-* zY+4<+&gk@!GH(~4p8jOMS?3{LcyknpunnL2gqV(AzA@@0f z)}P5yVfjY25usrazP!4g?G7xZhl4jv&0{PpJtB8Jzr82Elcd5F!&};&NPpQ5+{;$ms#!hs%^OQAmq8{0g^Xlk6U4%Ja1qQ>wZps;% zweD(%@mPK!j~K_DEG=-*{+D5iO^A#D#{x2Oe>J`mtrG!D4M_mKm;^6C|IRx54WQS~ z45l6*gsSI)B`K+S-==wvJn;g;A5Q_vz^yTgY^68JN{!W1ueu3v3A}(X^&}8Owg42d zA9?87M#MsUxEHAZOaR&2z1CdejX1s>vbf>UtJQe$Z^!3PzS6G~U^~7A>gAJPwNf3x z!M+^u6#B5L>C%8Q)z)$51jf|w=obK_Y?Q9pI6l)W8B5Vh6eaF`lDv=)fO#^5C2Cf6i8g~XPw=yhY4oDfW)d9I7;6y$a2b`ab0~U*gs9oPR%Qv$^rQMwAjj3J}{Mb#A zK%0E@@AmBMr@Qvl>+PXH-9x%OEjKey-e(igNSi^MPd11K&Lrj{Lc5AR)7E#QULf*={-Qwx=Xn6$kHle2IzNkj-iVf_)k~AG=kDl zZTFho)jnbmKg+MK;QiUuq5=uV}Rh&ELMm`z=g00dyD2KU>}uR zy_f9d_=^;30RMsIXiWkD07F1%meuM&y4PmK=meHg1aFo*!zk4)e{u{?^Z{$<&CB^2 zAga)!CAG#4Xe*OW9dw2%+HpW7XpBMz(>$4NUoi%XIM_7J2oS`ltFWZs0`4-*7Pdt9hWFbBfOub}G}_Daj8QMv(!z?+376w+h8S)2fP8K`-_NQv7R zqJdYmCceq9i7{aTv>UHh65cTYTz6>jJ;ZW22sq!X;TJUvMn{00Q}7w!taJ2gCN0S4IPne{`VMSRr-K?V0H*FSeOf)sP<`z=VlYDhHPrphNpXZ0 zScG}yteS?eZ)#@mfx2|>cR6L^1*a(4<>{x_x5?A((Nq1Gvh1O0vS%1@0j4J3&uhTrrZE5h?V0xsVO#boV|XPouefVlA_~j*95QD%X_JYPL zaAGf@SB2JoR?d(bfI^5ODk5YH!j`0$QZc@6T9|6E|4Se&fmUf8My@?iv5&}F?(uHj z_FR1Kg;5+wxs>--N`gN?@Z_EYi6(tB%3@f%GuZVg(abW6h)0$>@BoTLkM$w`DJ(;l zSesO0u3#so{}gtrez8p&9^*IgtKw=k{8IU>r9#4;lxU;w#J?f-_(cZ6ZDPe|0E4g@ z&Wna9I~-x=iCiy%zMM0lqLFilbL+!-Z-7jeU5cw}i|s79=z+b}nBxfg7t51C+=XnL z+epp^Cxju5y5&7*JV#Ao6se6^Kd7juH~`^Ef6YC*Y+Rg_67*1PoO{Li2|w=|V@t^Z zoGfJe6Xco2-^79I>P)W>*N49Y3Tbo#CCT?)oB9^A6K4P1ndL&9o zMHVTF#$D#yCRZk|;hhSz3$lI*FC1G)00k-{YbGisH`!52a3{l3WagxQMD5O3mY2=A zUVy_uwEY8I(?Ns&kT~FLWRQE}qlP#JhRSRG09jU&te_fKi$_n9(B znWRQ&X(F2Wjo})g4^wUv%E)_`JWf#7IPfVFyxLWN2Pzbxs12?io722`U@=VT*8Po( z-K>?GW7O~Y6XzwXsxixmkSIx#nEc(nphc^0wKQc-gWtykWdc2Kx$;KxwMqrLNZB;9 zu{HFjm5m@1&2*I>Al`@P14FZ%jw#v!>Y|v;H82gPtD;EWaLUnA6@Hk}esa9N+^*9z zQj)+&3NZkTZ%uu@#X$~^gS$Yuy9dPd2!s1cg+g96%N;0~GcdxdTi&sHFctwVHJ)f# z-^0%jF`53INVqJD#c~7OnZmqrMIwY7LYW}fWF&?<#&pHcS5_Khq5jHor2-r1YX+7~ zE|x#7v`LUu)N1Nvf<-&^Z(Z@(W8NM!d5QJ|<}~AktvGilQ3>vvH3Q6xNYh3{uyKnJ zhDNuW-Xb#Y{3ws&TIN~okl|KzJE-u$~QJ2*QwSuC^Yy(>B% zBOLG8f)G*EaB#;Uyd|XC$Kdr25evAR0@tehwiVIw4Fk4dMF`R1jwrQX$-9!dR{_NK zhjb=L`pVtcC)#Hca3t$1D0}|Fua9Brir=WTw)_>rI(UZ@Li<$!Rqjy@qexUUSCL@6 z?5YbUFAw2Uf>>}h@$L)6H|&$#>DW%n>NTyu8Lf}xdd-n^cC9pY;O&Zlg;^v%-YNU# zks601)DXq%de}=@FF%Jmvb;uR8N&CQLsPYJH+R!Vk8;vGA$7BKP`koLcj?;jS3Zp} z(QO!-q5VdO3W+;w6#lkwzmUd=VmCE#19Ak@WZR8LaxyGQ@I*)~r*dRXC`vJ!3yDDM z`h0XRXp%bc(K4)+%W9>fl=vdHt9nP49boJczS$I4LC_9WHl5BcAgG5uB8F2M*}sY2 z`(QJiG=-xM6C8GWMxwKPos=XN$+cqvbXQUy%Yh~MU3$^|T%<8QRTfeFd)K##p0+vG>Baz{st6`z};y-@Ok1ylEf z7`YUTm_i_RS;*P>FXsAm_54s@WmYtGp<2o#-c2s$v0t&l>WVm=(MO*}DG&-Kw~Bx8 ziamk`jzL^QSCudg9Hir%ajgO(OJ{jSjiedWa1{gt8-+S63>L}mY(?g5RRlm}ILflI ze7J3T)v#V@5QGxRjMuX#52b*J8D#M@z`^l~{0a@PC%@*HUXV8=n11{EHU%kOuxYu2pro{9A$MX~GD8IZO@&8@epo(L zi@+L){(o*<9nkcM@G3YpArV1CB@5a?9%Tak4rxUPW%}HLi_uS>5i0vBph*5f8UC2Y z|A1t1Re~^(e1zbV3J#`-K#PpNGUvi0s13TPG$DMNDb^3=Q$1pr-q|6CpNOP*2L=Xa z(wHrU&%P%y<5iA~pmvku*xkpq49OzFle6tjgjy0P+J&H8!dZM1Mg))Q3VbAXNKwsaks!389xn~QAYvmq zNhTF1pxq<12pk9}vugHh9#m4?|4G5dpsXR_TSJr{R)Erk2+jx-(AANYxIKJ9&Pg_9 zb(=2igU>WN0xuLLfDT)dSmMkmYjFFf5+`#o1(9CvEpwjOXIDyyS;!PtAz5HbM@7Gn zZ9kTrH;{3!slQ+P?qTKZp0H9o^~76m6&`PJnsMvWG`!Mi(PRpG3h1d8yL71duxiQi zWfx@0#ksJ%pt3SE})G_Rs=ya zdy7&NiEk^tj6UiCimryvv9QKgA}Wu=6 zo3?wLBQvrla2jIST80@yxCPwQH0jPPO*p`OJL zG*NUGCdkzwrum5c(5?(Rs*tSk;#9v@>t79zKCyYG6v!>t=myM!TfV2u**7Nb2bW7c z(}~EPI;CAE`0hVdY0B}WUgUE%JNFQGR%l`*|@=|Oy5nc{;`+WT>H zsT@O*1AH>%`y@XD83F@1CNPmuF%<~Oyc2-EpUOz`K*Zry9CcV70w@Q!E0-#i6>3g! z?eBsj?B;tvves3j8a0o(0tFlnS}J@rL-6Wn;nrS=d#f2d)A9phAxa)ez=pG7J%#ab zWtDcjjUIyoq#OT`O14qGmA*;Vc4Nq9B)>oWWic7mp}Cd7)YuLm`aU88Ab)7x06Y_U z5wjB0W7aNm%nh+ZMv&3=x9rFy1NP46+l5m~MleY(2#<^*>b{t-xhNjI4Z+4piB5pW zb)2TUSY4Fpz;bhkr5aC89RIx1bUC#d$sf>a3t^z(Jm_7Fs+dt@wcs_81aJTYwa=vj zprn?+qvrzRt?VYq&|AJ1<7Umfg5PK>^KHH`yQ%U~W_}pp{sbGR>Zir%W?Iu&TX*2I?bo zP0kB~>(sUvzupUq7soOvO1GPg;vy)u6V;ZoV6{-cYa0jD5!8n-k0jj5&w0zqQyBL= zs^{OeyjZ5_@MgU~!E(qTqAKN^gFheU{oZR$p3p*()phKtj3J4Rl0qHpPz!te_29P` zh;(g;v$73Lvj*w1>ApcCwsHJn5A{KA`f`Oe?>nXdK4%sywGjI=wr2yO`=s82S6bxe ze(^xFbnqF2d<1ezwExHA(@V*1nwg5TG;ak@(rr7LI0V=I67{&ah3xJdSDWF*m3glL zNHr%v9-YcK`J{+=*=;c^3;=q8_KqD!&~NyObTJK`*Df-1dQ0A!{LPnhV4R`3lko!WSHE5{OXv>9c6qFH;nSA+B>X7LZO`C}*LTQ;4rcG&A*FJm6a z8p-9~f=?iZF!looc=X~Uij1X2k;d|ehpYRCPuRQI9ZMKp0i*LmHCPBi@_PUA&&54G z8E$%5Kb#^sA+@&tD3o+#se==`S5ljSB){K{zj!TO_a;aHNC=c(C5@xy@hWa;?uvie z+U5hX$EdNJEC*9hnE_NN+6N*$NeHSC!?JG26{xBp))0v|LG9iz)vT%9RI;y|m5)uv zKimB6evjY-3*Rgxec)rl8@{BwHgBgdF#n8fS6lt^YPyj@@bi9litl2#3fHsnnowwa zn*xekI)loryOR-7+Pwy2iLr|)mV@K%$h@TVf#38hmZqOkZ)Ms!p$^qV2plVMcf<;Y z8n&&7vl+J@LtMG5zIRBNsms`HXofkfI`+%I@TGT5F6 zPlGN&=uWgzH{ihoKLCrGx)II zr)5x*K*-Vc>Y1W%%^3GgS~%FgemXF~kp zzq^MmCr#lPNDg;Y1UW~yuhQyb{M-~*E1Kgt+Nbi@jjkNysuvdSB=AEh0andtEa@Ev zF7skYMVOw96lw#u3K0qU9zs&|9c4mm^bfA$keCR*^oM8$v3JdX6pbOga4stLr8_@~ zy8^|05|%hMq3UCi2rd>XnCkPJ8Sh>%{VA3{cY90r?3cR4cJdT(<}eK01|4tmKm9d$BIG;(jcuwUr!mW=ay;IpytPc zft@4Z96KoJF7~1)>(&g80ptT}w{9&r6zvv_1=^4DoA{uzB_SdLIsfom}gED zfmh$63^QdN{K4D~a-)tBHjCf?P)sK{j1~r$BayT!*M5;2=A?MACUVK^L8cSJH*Z&i zqL#lIlOiuxpfE7c(^B__mzV`JHm7fi52+mbT75`_8zzD8c(V2Pr}*p)%Qcdw$hKb6 zonDPNT0E6u*j0*N?kXqNkrq<=nFHj+&d9keabP$lq1CZ8En0R?q7NX{$(+TXC|eH7 zG&p7u*X!rPJ#<=asiy7+e2jHAI3FJiPT?!UzukQB6P2iU%z!j2ITy9dKm>HPhtsqz zQ;sW>NJCHT_g-+-yh3nd?kspJuW~4_axue;t=M@0i`NsWdvb$yKh5+H=2NsuR2M{> z*9;A$qc|X3nojZ={cS&*NfcL^<*I*-h4_caM1Z_5M-ip|6}FF0>T2{VX~;XDZ(&FO zjw|ml+OAK-(i1I1rDe;zPx7m878}Iii4X~%BXq~CgC6lP@GRlzL`6_<@n{FnF3NI< zAcOf}%GVTw1388wSSZ~djA;zWiXmmGNL5>ygY0->`C#JsxFLxx5kcaRU)t)|ktt{7 z4EK>q03u!e?S5=t0-+coLV!XxY3=C=lVeB7UM?_ZU#WI!Cpt@&2`bjVE+1j)zDT9Dg$`%6C2P%U9f z>rc@_ltOP+NML$rDbATY84ATzw^5|6@4ES0q!k(o<#~NrKftMF(UdX0_B8!?%2PDG zB&M8cAttvbRG}qgtY-9;7?sT89ei}8M+S1b3M0(%V3lkV$2Z--@>!Qsu(_qTc+8Id z;Oou`gjDw*xIz#Kp{v65R!MUJLH}pPH*hmjIQh;z$X;K&%-V*~D>F%oauyQ!?kpQtB^mA;A*ybZd2JP|G+*Z zdnkAMV~$qtggWnkfPAvP8KDe05~esLsZQ&v04pcm#<9@JftPgu0XhWj5Y7&=1>Bgv zgQ>-?C`yYbW|&Ha6WAXVD*z+k&zLaF%LE^Yi=RqM7pPqW#X|=u_2MJiGn`2X=U!0t0l6$j;-Ieu;Q-b zVg&alwGt5wt)T^+7EV6VhsS*4%s#!suYL)-swdd@DnHS&0yF181nZef;Z+(N#i~^% z(xM?=@tokaw3AXMA~&7syiD5}ZsUB2uTyvRu1AgE$?DGb#Jb|98BX#bH|+ z9uK&)gVXftSA5v?ze>oncK}Emtvq+q6*@k$>3z-4JR1`90P+A_t!c(A`|Z_6g|ETq z|6>)BgCGWS?e#gioT%8%;27|73%nknm)4mkkT;#qyX4?O* zyr1{AvtU7aOhLm|t(fn@hRKWJdvr(zpbEFyb~sz50VDxG2^N?WdrtklF7A|QNXetQ z8+@PP3ZuM^1r^wi5=`q*^};K`lf z%ebAn9uKfK)(OEB|FujU*1#?lg>x(>Iv}d)l?eE-hQ*kjSaFm62Z0_6em4YFm=?ZT zQ8w7On8{op{3RBu-GK!*A6apbU42RdMU$UrS3V39^cMToLYNUNEm*w0z>V?m;l>^R zJD6xzFt!cGHPWl@Z)3l_Vklk}A+PG4QbAANU46>MPI*Q8;Jg1k2KJ?m`>x)jg?$V` z>|=N?4ZB>mBa0PcWh1Yw6#$R%1d9py*mmQee;7x?U-M_Q`Kxm^js3t_IV&^@(_nO;m#~&QhQ$Q^$2gC%v-9@z*44;| zgh4A65k(IFc@Ao9#fyMQ@y3;1?*ITz#@bbE1I42QbzhAR$`UC)V7Vl$F_!W9_Wolz zY}ht_``5o^GfU1}X?*-&Zv#5%RWnEhXV`$xQgVfU#X9g(SbJUPycNZlV_{kgMvr~C iD`WgSz-V#2OJd4~i?gpLjs7^`pN5K-av|J2_GJ=vMiNuj0Q3;ZRAQ=QC=P;5%vH=7M0wS3~lqAR?86+4; zA~_8L0>e0@Nv8*VzxO@+>_7H-p6}dy?!HpbFx}OwtGcUus%owEtCeJ+r%8R5{VV|i z0kyW4`fUONQb_^=;%;(MAcv%)*qwlY%H2&(%|KgCjoZN2%h}DtiGV;W>8Tl+xzPY~ zfz@qoS3;7Pv2!Gu?ALY3MIZd)og&xfF6w?pXS}su9PQ3xSiN4EXm3UM+QE#uXO4yP z?BKidWa_7~JcM@+p6=xDJP*U=$sr1TU3_;4uWu6TUmjL#Anea(>SyST$tn5zCFdp0 z0|LnxM1psFmOqwmH8;BwI4xj2_uy2*Doo#a>1^W9qW4Vpth9HXBKvYMve+S& zNKWxEx~jbm7T-j3vEk)g7?3UkDge@#Smfb?uZ2^3?(XV&bI@Ia*HsT#7|y(==(c;*_RO_GSxWbOZyf73v;V{9 z2hT}f^K?_j?tM~k7{2(eo1{Vft(b1FT@?}*QXdJ`v86rNGTFUF7pz@6S$RH9`}=2vZ}+^ogxTywO64gxWe6zp8D-!NAv;0ZUGmkE5;9+Uay3A25L33$UJ0Z;sa)+{q1 zVUjoloRdM-JNcMu?6*$rxt0aC?j!EAD<9?`Voe^YcwJh!G?s{4%qJt`>U~a@;ESE# zBzrqA?NOd&>dr*WnPW+u)oox;E)mVD;op%8Czzp4kDuheHsj5_EtSzH8`deMD!eGM zNLrNY?GoK=zOVMAE+__Z_5#B-@@h!XHf&^Sv+ z*jRej6wwwzAdN!OosP7-$OlOm`q=B7x5^o4w`qfw#C zh5lH>(mcSy+uPf_=KVAK2&Z7w>9`^<`7mYzd3J(4P`6qCSrd8d5S|V&g=p}Xlm~2e zMEh5`WEak$uhWsA$>e6{kCMK^sUaSXvL?M4^W!d!5TVoEOXg=LqEqiuP7wyiU|w*Z zClvf(;Z0#pDBGdb95($y_Y?J8lnsfB7WoA`ZjD4a`3%Uyo8jST6k0}IVeLJsqs&ujiXH8S=B&rt^eokAb9<^teNVt~ToY-8@oDdv6 zr4z2Y#gnO}!7um-bSbNw?_7qCmb+G~R-d++_Rp8Jj@0#X-%`(O=n3lf_pJEt>Fr7E zne6%bir;u{uLdvezD@F^;)%eMnkO2APC5#u*_CPyCC5gO%jL%8#?IaoMN%P^ku~x0 z@ul(U8g23B4viXdy*8-`_H=3GFaB<6(lnkTw^Xcde%Dh_X;ll;E&J;EL*f&yzIx-k>GP7| zuLTu%Dk8K{S%K*^YA&&Q)q3qCy!rX^EdKKT+V2|Q6}=;x4S8qfum3~Y?k<%uX~GAW zAtw)~JiE7>^vJDW&7pFkPNA(x%U|!10Z64^M!(9|%{I8ky`(y*JgA#VLr8V0_Bm#x z52d^P$-@%8`#X6W)M{x$ysnL1={ImSzt`Ni8^0*X_sX!`u=cZLNoWaKZ}aOCpEkJT zGIg&@N^ATEHIieH%TnGS_o?+_c~XgX^nmnZ(Tl?um0mf&T6}f;tIVsio2^4sL(xON zL#DYGq&B5po{>FE9yZJ6k_CSlbE(e>89KY>=G+vQbR#yd)Beqk zCe*E~H~pLySmYcpjQsXu@e&oX5jU(sCXX!Kf9%@Rb z1uw6y_Xbt@w{GhN(fSpx&Mjc4y9U(OUw>F`6zuYQ0t+9#I4W*4XCn!*gy?y>?@;Xo z%r%*ZR$rUooe1HI)~_2CDdbb;ig+JR8GeAm{(x;|Z#I2}IJ}(ITI{dkD?GG1MxbR; zO=qqUOA=i@^Y)A-$sSP^5f_=o8H(t}GfFNBb$(N=Q;_I8F-{-IV&?tA<)p3&s@7%f zW_-!WGMN3e@~NSSwo9a|zUyA+yDp`!vbe%TZguq=BFW7?GOK$n<1^b@JN;~#WhJhL zNrvtvoSF(6AB#COi%NJkYghw7y%#kYjJPQ6TV4y>b9H~~x%E)tynaf0G9(3@b%ob1 zw6jHBV=1;fKWXPt^y4i4S=~l`Q-0Y}*V2?*6?!3s?2q0lHhBKp{Vb(nt0SeySSIuG z@fV{nO{E7Z6c^syyNNO%eJ$YNmG*{1)@ddV-n)$G<;s5{6D7NNos@@9#=)i6#YP13 zaPslMuyyvgVc4!2!uD)5iSU_xRq&$kB0>aLy=rmc8}^%Uy~2&CVqe4TXM8rok@<|7 zZzNz5_dT}vXWHAw+LVq~&?#s&hCAA|E5Fp=BpF?7)X9G-@TF0^{juq-jjS63jRW*Y z*Fw~yIML-^rc=U^w-ql_2~~@rugE#=MO~6N;y21Ilh?a*4H;r+{#pF%t{d9z)>qM2 zqd8bt(y-pOoc^JqoLg_Iorj-~D=UQWrvV*Bi(jO0ps0-vdU9s0B^7ZKHe7J9Qnp)o zPe)qUQJ`rJH9X%;V9Rauss2;MVs4zR?wL}SkJcXtKPrnaiN8BUBo+!sZd>IwG&?0t zKBCr5(iPD45~H+kbZ8mbD_+$%O|dj=delcl8R6L25OA zKi8BgWzVEcv+5)-<{z^CzHErt|c_%2tr|vCH#dFKaJK~jI?pp4yN=zZ; z6`vvS1-tC7@9E~}D-p(A6IRN92{*fhR z=rU4Btq`_x9yJ3;U}5RjyYIc%c{lAb0ubGR;euf@FarJaZnBx~tkcd%YP0ZK>Bck< zr9he8jRAL_$q^fv4b-1+O=EL-<$04=>ih9PEAQ52y}A6!Aj+Nnx#tmu-q2rB`!Rb7 z7ip^^gAOC~pPPOEtjUv}%O$AXeh`aWSv5NPI{Fh)@VW3QNEU1}yEx(VQmPs;m@FYa zZL4FuANUkqgy?%`whxKKNUe{qZGWEq32}m;=0rl>e+8m!Il(f>Zlq#(Hm>#{;s;p? zt%7pBaslee@sE(5mC=`@=WNfnOGl<2heE}n5dFc&@MF-KE7v|%ixA9tkUc0MB_Q7S z9FwTDsk5as!A+-kfIBNAU)#13l*i5Q!0+sCt}zpYHFfS&?zw-kkx8Su{)qPa>?~P= z<%-4j{mWwPTSnxxsN=cLg4DM}55#p*$Dvin$L$_bA3EpYvFhV7m*dF8;%`aVN+P5_ zKGO$ffKtjk)a0b{S1U|}y z9RJ$ZAQU1XKFKE{AV_c{Ao(q$2YloIGJp^MoYQaONAUz?z#aqe34THJmo%y53*x`F ziMxSg1S&>q+SzRkZ2lt1ZaZ0>J< z>!!Sem#3JWqnEvtSg@xzz8nI@V0mEE)5+hCJJ{3XzMp)s67PwGJg|+=7U$(Y5%G6d z;x)fzz^&%x>%@Ik?26bGUgfjg+}w)3j?VJ8)ir*f4(uuMy88Qj%ZrN#1qF!(Nr`#+ zx`<22$;pXdkrbDd6a^$i{X*{h+Xai>_v1S)*MaS5?2;{PfeI8_m!D{tTy?Brpg?&b-!8Bm9^ z+*N7C6Z!w;$lo>o<4p6v&y$8~g5y`U{}{r0NhjH^$_Xk8nL0sq`B zDBUNQDFzAR^*fMhd?DP#GP+f8-AW7f z#rXiq?T$&l1JpGmA};k+vA10X0yCPaf4~K#!U>Zxx&36)Z)Q`jGhhwU3>tHWZK$SF z3+^3|8fz;@UfW9dw|8n788+9AwcySl`2*!0DQ$oX!w)ZCX7)miICn&FVh=ld1rZ## z+mWe7$++**9IspC6kBw!UjkaK6}xK>YwUAm+$gYk?oN>w9Q&x1_MU1d?27H<{x<0kn$?F&KHPSzS z9)mCL^gexXY}9Hf)qwl}C42lOT)|%g{x0Veun29Yjq>kDpBOlw96#h*(augY!ziwt zXWmIuZ2R5-DQdTeh*xNsTHU^E8tW&O5yxMtkg zC{LBn40skulabuhqpZktql7GH54O%dtU^J6Bpzf=R0vWAhhu*!8FKK|PK*3{V5pd2 zBUA`_%48FP-G9Vhx{TcflEU-y-1kM5kl?fygZT;Ub1%pB*85KrGs{C>IMrWvSeEC! zw!!>8=k|aMS?{W4TM48l=zSYDYxSnD&7P+KY#uooWHqkw^J>o=c&J0`_pQw0yZwZzDO*#T=%4=%!D`iMp^s&`tF=eos9?20Jd9;Zz z3+tac51ets@$sE}Q%NaYj$6-dg`7^`3k*2)GNKO#@pyP90(%Syqfimp2|>xmuD!>K zhxR4QVOC*S`Uak1xrFnJDl5f>V}{}6BXWVSsNF_t6>Tanb#A5$emLT?IMl-Aoog5$ z)9mG1RB6VZ{+3+NlnflAFIXHlaMqMvg`JO#odri=57DWqODIrd^yjNH;L)|Cj<*HV zd43)A&R_0;Z}w^DNF`AjCyC%KFyzN{T9B*UWIWX4Ymw1q(Rm-HP|XrTjqF8S>ua&D4IMRmF{z z_FWvoifyKvL)d=v#SB+gZ1lSeKQS?;{lySY(g5#bqlH2D7BGc988TnaI=vG7Esie& zX%^y*aguOMeXE-Dg933~{DY!o#3v<5#V zo3v$Co6r(|l2dTy?9kFwqEV;nuz5OJ{;`<cZmIXU~5Qvz)XKq&H>kF+npTv(I$%ae7pXQCB%Vj1a{9%*J;Bga@B2$ zeIk^|m&Nv%Od}C_m+zcLA|Ktf-Yr^wk?yzWuCoSG>YEi475yChb-h#drWIkVUDK|= zz~w(8f7<2G%kW?Nk$5Cd3QAt@w11T>I`C#UWou|JiQumIX7uI1_g+u+WUW{PYXmwU zsT0&?2dF&#d(V8!UUyGKkx$`GI4{A}$9FGu{#=9CdgQXm_AO_Xk+8#N;*81Pd-kvY+}?kur>D(Q3(X`v2a1u1U6xS3 zevTDNtkX*=Lj87>>)q1UnPV!4hGXkr)>08CNrYL`bvb|ckaO)92DUq_ZF)Tow^HW&RX76Shz#T9LOQ{iWAH) zqtOI<%jo-SHTO{2#-&xbqjMwCylYbd2aLlYK+~9SmSYn%R9N~!5ctE29x**2+1n%dKUbsq=QU65sdT|W%E45EOEVMe+ zl)9Hl_~l*gir7Jr>Tt)it#;Lhe?<5QgIL`i{b4mGP zUX%2W`$YK{(SYLB+vQK}&yrt0ZjWDDt{V2i3)n~zn*55Oe%nlFy`lcG)ZkJN6P+=T z(SybEoeMWp@?QJ-NU@X&a+BypEE0R*Q3}>Bxc$)VViZsisU-|NYI>Z#a;Y@fiJ`oB z$NfdXe=m_wyNqny+*ZtBp&LxGB)SFbNn9%3cimkN9;&^>8YBskQ}|zB5RB}ni>WD^ z6{ewwfUpMnj)@u98JQ20xFmmzb{_>{?||#o0O>B0$fX1-i7EE!_e*r}6YJUI3#wW# zI4Y2(PlX;~ttWpv2$jYy=r@26_O3H9fu8=fUXhZO~y7 zRZGlBnVXU*<%QAJF2DC*cRy~JxWraAH*Ba@>dhovX~X9{RU^7?GGiIQVZ(>q$@NhrGbAofU$_r6*LIx@0N(#UMdw@c=f8f`a6I7q*ay-Y;ddWD;Ow= zRribpPT;y2+8ch16stgp@3`rRo_kW&Z4J&$8A>=PMCnVLAK1z{_0A>6zRlALR>hCc z8|jTl=tXEnrc~n#Yk@U{?4!)1UBJdY3G)KE_s#7defI;b;Y!5qxIMgquGcem2NZ#m z1Dih$+luym`fLZv$Cd+_#lX*ZpsS2*-+$itF2eV!+oMItr}?czFU6YllHUv|O%j6* zC|&Uu#a9>_5%}PU2QYJ9=I5$@PJNz10N>XxWf|#4uPy_hK0};(O^eF5#cl9IWkWzDN!p1F6_ibbm~#E#Z0l1ZS5>! zb?5raV=B4K5Xu$<=y!2i=Gf-6zIRPF^4wFmHyU`^1us6ZNsL`h-wY1M40g4->yoj> z#Mys)s~HTc9vxY);@X#F%h0bvW+Yir~Qqi@7#)g<;NQM_R0 zwL1bl5w+04m`$&73OW(Vw;ng7^==Y0&{2Hkn*43atf^_6D%fZ zp=`Yzy2e~w5M0+cGXe#Sy_?^YpF3?!J<>#nAq+(~I%Ov;c-v5o#i)fwu}^ zq>A46RFP;owT0u4j@*8mN#0m1(r4Ubdgk-s8YZX6jF)b$aI9KrhRi&;6?cptnC+-h zd2mbe=ZI}Y#@E1QY|Jn22E4|LPnm>`q(st5Zb82nHn!4oU92JFfuEFcGH}a!R}&y^KXnSvi&|-kSjzym^wzClZTFM~#AB;Q)uKg2Efs+g^9VNcCQ& zYl*9KE!9S1FOC}3>DQyq`;h9zFP%|cLFR)e3$c$sHz=iQ~&ZUc9aPKY)TB zvXEy2SA$QZ|A{#IB5L$ly;tasNL{c4xxm4$7+dFYwA#5{(_ZhdX&=pb+tCAj)rg41 zp7+?HL;89=m*@97bv)%2_=I4gViYf!+Fr~&r_^YPg6YVe&hNvZNIrx9i+ck&H!NA}>+Y=ly9LJB9`=(F)D4Uxn3c+O& zfH_cVs$8yauMHO)NLf*r7eP zj5IgCNI=0gDTGFh)@)p>f(RGtO7h8N4rypDoM^T;sH-o0hR@j98_WHme44o;przFj zz_N^#VR>{2a|BUq*#MV60(KmSdCmJ($&YMo4#FM{Y3cF5p=UUCCL0pFYx*k&J^OtV zM~8U>3ADC7R%~#e`OiO=e7?rSnB@D)eef}ivnL0&g+u`Ub2HRpyIO&l`u)(YYQNs+ z(qy;M3^+ zDCOu{LWSVF=C1lxXL}6rtN=b4gPMcL=W$0^uY9?Z+XjMldr2wUr7Gs}8NB6#s9du& znop5jyzOt93>w-UZSeCxF;e7du^K>=u#3)re`nl9qki0`Xg2C#VHY&WGcI z$4!{Ys~nd#OWiyUZFfF=CIk!{ph>R%(HSrZe(hH!Zlwn%;P&OR}yQg@5l zY16&%ZpWXw4FzArn9cRCBRd4o|Jv`~oc|zFlR|KlW2ae@r#4>cVl2Vq!hHjhqBt0` zgxuw}u-PMtj<+Mw%~7CrHN!;MV|_1hJ>;GNPkz_|dd>9F`3<&l;g=2suYR*KfKT#0 z^m>dz?XnvE$qXneVg+wBJ<<61hyzUflL((p92BXVVOo;9afkF&Gym0U}{#-*&=Iea)l+$d_C8dZDz)BHokyUSsf4MEX zT`q{%b}amL;X`D(HozFwJGsi(WI34Drdob65G%cc|3y?0Hpj>gmhn|8-uj@6k9CiCYB@V zsB0Zsm;%a_fU;x}6~gZJ&J*Dr?+dM7Dp)u{Udr*vOB>$ntoBCb`?sL^X8LJ7)-ngq zj2apckkI*S_XIHz-m;~ zya6*@s|yZVS)84SP(_{#!whu@2#kOQ;>;%J_h~eZ(}3yuDAG1;i~2@H559>?(z|g1 z=}MIL&v-)ua7unFCk%|R60x_J(1viqG36@ONPBS{a9Ia|N={wnF>0DykuS<2Q!st! zg+~m9&=Y_LPoW4aU0v{6#PZGee+tU4q)!cS+4s}*wOV6|g*m;>*Uq$w_ipR(QBv$X zXqZF7k8`T~vk`>?Pi|yohbMV>zn{LGHH{K>fAdlmc3dUxX@v;G2Ayy5bYdG3*{WO`HUN+&_p{$Chd$;7k8-Q~0`02r| z+aD2|;K`Iry?oGtH73X;-xiY3Cnq-a(z;fL^G@3LjJ3RDK1Ff}=+OeYgh}Ju3kPa+ zre;;eS{`wF-O0~N@ajVpt)=27CW_bTOJ z5BP>&wql<>%)B}|Z=pzg^Q4TlE04F29WHB3TZ3KTidSl0<@(WF>%94HGrfY<%@32` zgXnmhd+)zg;E*6(P_j3na3!-Mul>o)OBs3fRS=1Udn~A%(qz-C&mrr3p@$098(I$A z#V&>$Ad>fyPTXIX0Z6P3_vwc-H1Soj$%o-iM#pvFDfD5Qo~oGkG#d*HhpJjg$gAvb zL*ISP5ZVC^>zGjbO0`Ax;f2ahg&Kx(KYuAIR^JBUWe&K8b)HiFn`L0n=fF#hY_>gb z1a@M3{2D>ODrOy^Y4g3ho?}xF*BU4$hyKP@A`8zAyEA5aSaYol9FpI|6E-%`y%(B> zx?@xcAuqBQ_{vj*u) z5qaQA+b4u!yDdgE&Yr?MP{eGI_N2~}493&Z@)*El@QONQ2Q;D(tLZ#zdNOz3l=`gs zp;}c=6}|lI6qYlh=w8U2RS@J@h(2q`^I{A3@XZcw{;#IyJc-j4?niU~_j zJShj2z79DUIz%HeWHj?-yznE`b7k;RRjDLW3c4rlLG7+Y*pe)M%#LRwB&9I zUXd{{+fSe6rfQ8V6E=+c6nHO`+m7c|4MAs}Rq#88bALqsw9B8D;lK1Fx!S!6_+RWK zzW(84{$N1=pP`&yQclkIKX_R9fwdFP%Jt%G$~>XK@|i5sX&CJtpM9c;_}7*ZVxhG; z?UQ)7;2iif*(c`sRLvdE-MhMPY}syI*LPfqzd(y;-pkJvf@jWNn|p0^udpLVH1Kc2 z2Cw)TQqBQK=fLA^pDw+d{PwU0&&Y@p?p)UJP{b3;#mqC{=5sUPN~vGlgtU#)sHdMv zeyNk*pMrY>rmrMRZ``7(H?Csjf!^o$Bc>jAfU3PH!f}i(&y-}}EMZZoPhil|t_fOl zN&o&C(S{4VwFH!{scc5+phxT_-?^qKymP%$~bz7oc9fcw!C&G=_AP*Gyi@ zV<9dd>qB(KcbP({A$>cJO}qR(+&iMVD|eZ*__y8OKK&5Jg+s$ov;|l2SuRX!6KZqv zGdo9)AN&Gbl2fIr(j7*jM4UKNy_mbjkqqL7A#cJQ!8CeoXOOv^%t zhx@Y%0YY#TCzhnOA@SkS+@Af)m4+c*Lnk(N6E_~_J zXEsnodw2M$kQjQhE}P!7hRrK)a(+(W9sg^?r|(q+9ws9|I2o;vMshV1&TT$`p~)62 z{8bljT~S#;4-hth@dS#Vbj=QRd+*%K0Xs1<_NB~SfT25a*Eq!1(Oh^e7VovS{jt?983*BULLOhfpZt&=iqSBnTTbM-ztyZ zA-y3guNpm8fhTBM06nw*1e009N=feC_vN=L=Hu7O4?Q*EY(u{>zLn6@ymWZqU<^3m zjZ30(1(u+kTKG=+8q42&%?Wse?<(6bVPMBeDYh=C$*hS~(F=};G|HzX6?0d;rN8$|0xd>Y|IDCAq87~0Id2oWl%n*qEPmqm07?*jry^8Z1BJiKY z3*xJE<-dK^n~}U zYP5jo{a-OLB&pPzc89by`YOQAHc~5Po{}vcWxgEEZngZcX*yBJwGb9?m z*L5dKR`J!#GhI1QRtByeeK~k}@5sOI-lNn4x6N{VMHH&1ltw?p zF>td)HV0!uv&W9I52Q=8&JLQ`*Fv>4*17a;3ndPgUcz;YDsCrN-P^Cp@ z=wKcX=hB(owTyt?=EXCA}O1Fm-5iHQ!6(m*0TQi%71d~gC@j$Ko7W<2Pkt{YoYaHQit|d@vJt=bVxsrJ=s!l*4@(euXUZXV0+Y0o%}Dyi3BbD`h8(e=`ZQNC_W0 zPM^Xx8q6Q^@Bo!$27u#S!-*2#q`N0ry#qCUC<)T~@^&^D$8$+eS@5q|080J2J5c;W z;g$Of6Wkpaa{^%y<$kwTADl{PhUKaM@}RJvz>1hKxBEZGbYzGD`;f0|1p!6uIP301 z(O6awjkG#Co5JVJavaQT(f`Z@XdnO7}!Emv6b))UQC)Tm#Uq;G5- zUZ?iKg=~q|8*$2PgGMa|@wg7)+kkO>1uJ(i=jU7SR5aBp5et6Re92Nw>thB2KZaeJ z68sjCc8yq24NkG91)0}-(%<0cJsPa;VDAzIg+4v3uf_WSuolqCX_$@+b zv}3@a?RsK37Ii|@fMw38{4@V_iTw=N)QIk_Z02m)FRDDM9?IDM6BlS7#^pZ|k9>@A ziQsj3V!>?QCK3B6EI6CWF5*Mc*DzF;&F|{>Q z&UV!B<;_XW=m3;g1U8x7T%mZmrK`K#_Y2EqKD_*cO|jlhcQJnW=s+ZU2AT1+muAOlwYw4H%yd*8?@@GQv=v^=VTPrg9m=I@&b45@T`HXU(56(=s0II9lOT`ut(nhC}& zwz=q#XEZ~cfT~Z(3fjg~GzWhN#iaJxb^PQ8*G_Spc~Bl!*vs)(=mH~6XxI{R=Wdp% z2EnV;pqUanvo20X)dvImVM5WLIuXZ)u~HRJg$G#gS_1GAuy6xgqQp$C+LA_lgKitT zxo~i@9?1)tvT^Q<1OX6J28c&)mJ#+UFs1WAxRI_zCA?$@x(fuP`B@uu7JZ-j+Am=ya<>QhDnKNdRQm6Mh~rJY z($&U1KHFO{Bwg~j9Kx5x6G#@f3g)1($G{>KuE^W2?@RMaY;s9Cr~*kBJ410d?Ave} z0q2n`Cnh2(4wzdS<_o`TU7Zv;%LGQ2VHvAXxm+%IYB2hCP2X=T`=Uxr9KOnJXeR5y zyy1nvV$+QDhU7Xxr774&@Tg7zF0~tN_iJ9ix3K@&Jf&{bsNa=kuPCsj?2|nveedq8 z_I`fGzS$3MpM>ow`u5`IR;$+xx##QDDeE0*|Mj(%N38z{FEiGjL2WFi>A`nZR`cQs z0)yvWe^WDVN>$lHElILLsV)C=;F;*gTz3yfulqFm|3GkH(+)2w+(ylZo&E}a0<)AzEFW<# z?&oZk;koK?z{!m_uJ3%~!$0=XP3Zo2T4Urn*eqFE?vIW`G#f{n1%4V*FUuwh3 z%7YQ9R1uRE1&MI=VL@pqZ=}T$)l!9xhs)a6wjsJSE7ay%l9se-+vWyR$|6%72BH*7 z77;({T3iTiFcE1$^!0W64nOH#b)T4Lu?;`kPll$-ibf)DOo=<}=as*rxVFC@R2*0m z>h~JH?7p;^w)&+zVCEV>eK1(C>m|0FD`IMzlPG*>2Kbal>;ABU2p~PF&ujY)q@k=eg z%)6uQN0wKzDH$75Yh%yH0E2AOwhTDlFnv|1ZIi>9W9&40F2LD!y6Y(2U!5Tw+fe^t z`J|7nQu5!TI+)+0RR$L`g=5n&8BO%=E{9lgKf{L1Fem4ib=FcoK1aZshjM*KN3qL1 zv3#`aHIE((Uh7TOq;b=Ohbnbi`_D0R5nYJr^VIUw!_afaN+-uUJcHt-LTGP(bi>Em zIpoN~iG$%i-}NK+9yi&plwGN$QBE>T1!1MTv>3c^2jrOS*^!J*vAcvDZmL4Z~>Sug*tv z3eYz~a6KAutb;JCXBP(MQ9yfhv*Ldmm)G6olk1f58!P3u)Ve-hV-fZ}*fdx>GIFVg?iqA6D;n~e}h`^ljkzTlp z1ACjRLVG%7*TfDZF&WP1sI@84-gvz$wpRI!LFWAU@q8-GAw2zQ_VLob^cCEZDDqen zONM$6pIJin$y(-AdPzdzkONG5loZgXVHr1_u*=Ekb#cnIxNltJ9ASrg>1eaT+Ii5P zE%ec?cAN#6FUVmb*kSjhEv7Heq0Qp32NH>F0G=xdh5iY678DD5GS}f9Qd0Y$?Zc?v z*=a7yO7({`Vd$7X!_lzGCA@2pE3kCCJdSJ+An)Cr3|8sQ4(4Ag06bp$T^|DV&~WUA zw!)^shQ>D?mXknCGvLBTb0_z;n?`0yRqngBpc-lZL1dYQ-RqT6(k_k=c3Qm8!j#nF z-12P&w{1ZWVGTj@IgDlyJHslr#G>M!%KdoR-QaKpO1~|O89I5f{S$f*8CJf-4WWH2 zG?##nj>P9{l#YkK==+@SU?*>QP6M#jBt+3w*dr--@vpc=^BrjLA;fl7@Ji$!3$D>d zKW(RMuH#SzJD3aqIow1b$rhXs(slg_e=3BDCx%gO^nc!UXbeTzEnK4c3gckZl(t>P z{sdx%3p{G4yEBhCoZj4An7rCPbHsXnCJOXXmgHg%@mZX5IBuC^@qpDfu)XbY{tC_p zx48-)+ss~0O|`{dp5N-XJl~V}j`A93SE}tq);?ks1V(*^f!N=!-!rfgUrzWH#aU## z`57O7=`g@l8gk3L-Y4ReQ3Iee{3@cM`)lO__u{+$4%C!~8;n8xUl#J|kb2U#Ei)7M z>Iee~)Y>~UoYBM50R(q@83fsU-uxaVpq6dWPw~DTfwQWFqM0<%?3d7Z{6ZJ5@3rL4S{gJT)KT!=M!e@S+b9}AH!UCM?;z#cbo^^{3P{wg_g z?xkD)+{8LnKa=P8{9wIxE_VVL4Im)?0AWK_y>&DSjT6nsiCmquo%O%MLv#vo?>TpZ zaLP>-KUia{YL2me2OuOuJX!6-WhN&|)JagOKA8TmlLaV~!ml^Wo6+|w*oL|s7QWZb z7|~|3O40}@)^@=vkT!Oqn4DvGq9a~~FEiB$=og<`w&U~SSPT@5S_WfBH{(Y7*UR8* zJ)^i$Xn})p67olq%!RqSayI5s-#f-H%+GWAv5vBm-6E)*%PGf)uzxU_{@gZ#2Eoq( zVnU9rpbx^0sUyNRcLc%6uhkia=wISr)AWsf+oKAaj(BoJuGU> zQe)Hycfq2(uOS?7St+@KkEoR-+1x~q2Lt=)eQVNyMOIMD%li2t?PCn9=)}af!<@${P3M-X+c7!!3^wQ5bP71Mh44mjTOU%K%IS26M0+Y~^AoBFm=3Dl|_;;k8bt zWJ7(yx`-G4I$F-`9xs+>uDgSS84;026@t-dU}CqHNjVB#56D!_@PCN6%W`5c>SD*jAyKJ}Tpf z1&jf|Lvp28p^hL-N`f1|!*}K5{^RjhtniJ|B>B@YUFNX=rSMvu&S$^kk<)No6Gz~o z>!s^*hQC8_p_<=qLT~@dEB_sKD*($SWpF7}Z|rxdE#=znV+a#cy#|{3pdZKToaN$;MZ@8J% zV773_n@#X0iTdfiGhajf><$4>(*~5u&$_!_T}@$)!UbcuW%%aJ{jP;uNgq<7L4Y6o zo;CR^=bNBwwQS1pLo7n#S4$nxv6t{#gKdLwnD2$yCn#LlJPP}Lbm=kMro_X0TMg3= z-OwUz%s0Q|nZBvX!?Q1TkDq29Szp76^oWdF6jg=3z0aIn867u>WMPA2Ikd04-Aq0U zsH?HfxD|_ad@R)_B1=;F8$TI?>#VH4y-OY~)JhyJ%#5uuFaUL>B>?Vmud(P+uKQ;^ z*tVWb3+~=co`s}bd?6_54IBl`6}DrYvf;Q0An+4>@bbeZorA#lKzOJ9Ok}aAXKbiS zV6R$Qo8tT@55Krpt`Lj6Q?5;}?XFu$&4N5!@P`8^cCv{J_nZrgSrNxc&ik`^0pVc8 z!MpoM(BtgP!kzA`tX>-GMLlNec|{txY+cPznx>$>=qR0ll6hwWf|OkZ3%vqt_((@5nMfi-SK+45!_W{F#VTN z`4EO*+X1VR_$z^pYGp!kLKi@|TAVAF{ssPnM3k3*^3$R$#?xgp?O}bNV;aIpvxR`= zYM-`!KTZs?A>s?RPK=#jWrthmrggVLuLEWPS1X!%8;4+IbLXnPmEh;jiF=Y*j5YBO zH=KImyK^go@Ipget}wva8CNDq$;eT^l}kXJGIRi3X9FGiHI#HwL-H?nZZ~}pmySc? z;QNn*KS*-8F>Szb8)RPK{TMDsx0UpiWy!)%(&);Kn&dBIf+8Ansc+7|14f_?Gj)?v zI3;xkmutGL3TbD_94p(rnPRVXS6cF9x?+m$`|6sXJgHdYhiXW~-Jm8C^F3*gqz4D-;Jl6!*fd34$U~$i6$BR3X-Ad_P!45p4)tzRSw(uDpA^qMkai`RRYK_uf%aMa{mTihvR&2MJ0} zl9g;DL6YPgBnU{(Ac8;(NX|J(&N)aHq$TH^gJftVH?g7VKGXVrbKiI0%$r$r=iW85 z-g>LoI)9uxy-%GwRr^%!s`~A2jO@MsE{jLzSyYclnCYjgDWD;mJOc@Id3;robJ=J( zi#jbMu=<0Gd+Sb~z`E|6s3`ct73Avj?79z9%hUHlf*xInSoivH@0=$vNu%xky)rbf z))VIcUB%;pi&Ca_3n@oo>b-#Q_UhdEeL0Srh}Sy&PX7)840*Vq2>dH-*eH-ydCoJS zsR$cnQj=Yslia^O{{QL{F#H@AZP^au@Rm&|5F&&i$QURqwUK?^WXyC9ZiD6A|_Y#ZQOnMFq%)bP6X(usyGAjkJsgHZ~g7q&c1CKz5*H6 z`Rq}vwtYyi`kjRs8~pqi{2mQ}?=CMDFvCqO0b>mPKVpVKahVw1hS~hzH>_7lc4fzt z<5{&o5J$~;x33MQrH}6m(B2=OCivcYU5yW(T~$S00H_y!6sRT7Jleibcwl<)V{=l2 zb|^2-%R6@b&hPob*hvQwd=AZw&`myux!V{RpH4`OiCB`!(nmK&teFaQ!iPR->juGc z0O8rtRYEGXrSY{VAODfnWgR4~)kj?Js?P(EUJSUPu>v0S8z(HXBo=*xrRv)24$}pG zM1z{WSlTtY`{QN2puJLJ^W$o1w2uS@e&3E1d`FjK{xR%7Ey0!apR0;@MWYeFy+!;| z1Oxv7Y)4bHIa-o6Z2hAN_-`%_9@qw~p@Cdj;fIZ;t*?H*;ydX2(fbD$Yz{i`7bc94 zW#yh2zKJeYQ}BoPmEXrFRi^)6AeB9)h3M=-5cDX8Td$+rjP9jufEV?mmk>-@-lII` zt@|`NMtw6Xczgx{-Xx)1eR!+Aj1fgrGvB6(6IZ3~q=8pN7s;IJ6e&}ZTvGDaC9S16 zN$5L9qrkzoQ=EVURiJ0N!^!DS1eM}zdT@S;!9Zp%-G@$<1g-wTQsW40{I7Vf|AoNz zKNDUZ3Vd0GFd8pJ4}=|8DA@s~+RypcTBh31rU&?3pMRM5 zsE`~ytNl!Ec!0@yigJ4Y;c__Z(=kTY{1uzk-qFG6=#iJ_RmR(GG9BDuJKQXmunqnt z>mU?e!X3V6|Ai-y;`^mur%FrdI1cu*drbw1rIAWnXC2614s;VxnlZQKJ&KMy>~h#> zKL8tZ#}4(x=N%ncOhrKMS`ilb2aftvvoh>O$VN)nq;}MDB+nm{=eKE-x&=YEI%k6L z)nyGN7z3wVzw(WQ2}aSh<4N6+5QpL=0*YPkGs%lvW3u0TFM=W;E}L%XTq<6Icq+Ex z(((Hgfa#9H4W0g!%&z%QbRpD?qPgz+Oja+6mk2?>DlWfH0bjX-Mz}gEJ z6F=0*9yFVPQafO@*7bH9K7@>s+ZRV|!LSJ#+Lr}ZB(9SVEv~N#twKSktDu+f-#uDz zQnJ+g0fjpGp?3ZrAZUuo^>KAC61m;p&n97>0Gid?p~@Zd(s^_A-8@l_$zpRiwd#vj z$;a1?Ja1Q8nZENNKm;KtW1j`aa{Pt24Bt~u$gx0jmK3j#%MS<@2wXm}55XP0-e%m9 zyCKKzu*$GB#R>l!Dne_*f{}2h%{;rKU@gh_(~G=RPxVZedX#Z#3-fVXJ{4Uoi~|y!9OUMK?(Y>gNHIO!-{?wlXo)i} zrNHL?^0k_!EP{GO+5&Vutjd3|w>$5oC?6DVwFP610o@9HyWpW0^ST|`tVX@y2&ScA z3lLoliSFY>j}Qa$x*gb5r30Uxv7(rw%&q>2=lJ;edY_#CoG|EoENE~Qz0F!ia*nJ) z@{)TDaMzL@uh)+vj)72#-h=VoVD!_HNgwFYq!l748&9Al>(n#pqgOZMyPJOy_9-@j z<6@1bBeAKE2Vf9>(B7O9q<8J~w=N~+DLje_74aBMHa&!;HH^WkB^CUIH?0DL2{(5r z0zaP6QGOuAuZ~(kI{I^uG;`>@hJ0W6g5M=LG?@kr`UE@<>}qd4o{)a+uOiH9PT4-V zHXD|i?9x&}5%@^Uru~fB=04{+o&ej%RuM5z%tsk6fAa@rf~(hqmotRz>%-<)%K4vz z2uHx`LJUQRlmQ$gp6y(|jVAB`-oQO}ux?n2oH#?#@jnRPfEhv&RJbtTaE@2WXAanD zs9bkFt+ZO<^{8$%=t4Rg!k~gDU`@x7qu3_CLB!|K_m_pFO;u#CSv?=d8~^I2_vwfEx)y*Nuih4^e5e?P`cq!XIn_+XXD%;; zjr7uXm!MA;48q+Kg76+36naW`|H{xIF;fcwU|>AiWSfN0_}>x4XMqe(B0b{2;)4Y? zeQG3#yX-*-(0%o2&>=r05jAHUMAlq4cyY5euv@jb&>$2@OEeR9#Sh_d7`~&amgY(0 zp3(m;G#Eo;N4GGF$`mJqXov)-1+{^9X5aHRp+Go0(e64NsZ`6i=QcvL+ zgx$GM8D7Y_|`5wI*0LA#RO%i#MB4*9qC6 zZAbLsMBWc2cs?{cwEWQ^yg(eq5Y4f?NqK#J)|CbN=$7##&3F{Tz&54cs-ZRzHi&tT zS%RyjH~anen?d*C(tn;Sv^Nn_Ezh$-YDP984NX?;MEkAH`F=*K0-xV*NE=>1-ykw8m$=RKKax`(Cut8_lWp)XmZ zZ2Zl&Hr)iiArHV|<-DXj@XhGUvkQpZs6-4FL2sJqZaQOdOpc0P|Jq9)-!uf+RU3yx zMByHD&bekJSewfVao~Rd(11^G@dF)O@)N~e(xPvY0u)uWxF4ZmfdF)5S!aDhoV*0; z1Ji*|SheZEN{oT=+adC4(P12zNf{+ZPt*p-vTtt(kUTM)mQ}$IGl%Hc$n$ua)xq-*RyxL9Y)g}dz4Q>*M_q5KISBBerlXHRtV=%-@7@Z z_qyJ91gU=)!A4(EVOt>Cj%>dLtqs@hW^@Ev+|6~$HlEihqi{ZYd3&eJ!scVNg1Bf_ zPcc(PS7ebp-X$G(0bdjKJE%iVdqz@jx@<hOPx^{gX=>G%+-Z){y$R~)7@-mK^}WN>N!D~O(R8A*^`dfbDd3V5nJyI~XlTRxZlsZ%PqR1uIK;ph>n%6?kUD|K zUX=7RoPbA9fA z7kqm$C?_MLmnwyF%PB)=hS|2{6w>-u_|2@E=TU zstpb03^7}Z4Cbo*a4Ffg9N&)rMzgI}ydpe(%D?NXpdan}pYW{z>o)%Z1^FKeE!t+r z)==p>?D14poPU|9nG7Sb8>jHVbgaJfxELaioNFAAbHT zq2AEhj~el-^_UBn%HFd(_UUx3IW`|x`&wmw=faW>x7S_r@0SaY&st8*a7gZx3s|UQ z9K^~uCP}?MEyN^E8pEYr(^nh~wB!aYptr)MfMV%}9~U@u_w{tDUxKg+Oa$n`Z-rLA z7=zE0!@B2;eeT8r(p)?6>IJ~CYFwvnnw{ICrmGv-oW#8@_J{if@{Gj=nt662ql}hOt|i)WOW)M`(sYH63*X0O&nvgB32O$ zeI^SS+HIOaNt=Xpk08QO89@fL@2Px!Jmx<9EH8igDz%ECvNJxh)3Y=5HPeocbD4oN zCM@0mZP10%x0s+v8@<7wTjX-oRkqvDvtCt0z2aZ>jM#l#CWQt2G-e|K#_rWoy?#oG z9lrYpw94KOq2|u+Lrce|d>l_p_}Fpr15Ra};I`7F?oyeAOgg^GLyUEJqfbBRc0Qe*BS@pUbdZhg@q$e^p4rIB3BUvNie?;C;t7q93pwF!Q8|k1NB7z*XAtXi;MJ`q7C4R%&&0xdRU66sMteIffzvTL9g|K-w%)@JwGB0SP_aiu+*%>-=EI~t z)zq)C`&``704*_K2n;}1K}q?td{Stq`*t9@@t;WM2!F|dCAn@rK>z{*M zU*I02j2~(Xs(Q1(u+g0(q0EsxchYRL108c(zus)`e-Op>Q>Yp0w)rUyvn#SIl{$3f zx2>%ct1a0j11E!kF`oxdvHgU*er4fp3nb`DX_LcKy(4HkOv2? z>%7@{M+m*z6edNUwyu7fsON#qvt)yGa>vF;a+6$P5bpg-)#J9Ss_xYX1k@vce9oKP+uNVP+*Nc2sIAqKGUBV zVp@Om>z(bB1z-WVq>OQ4zDt~65Zcrq-v6d2lf7?R@~?jb)7_(*eD#iJ06CWBIl)ZC z*Ed2MS?d2csPVe3JtFZA{yeXA3Qy>x@0LU%t;`+)Dvgc;3A~qFPyV_-b$i#F>I}f-ulEdye_+v&t%DH?m zah%kxBS>pyL2*`lO}gdO1~V~u7q%k^rEx3avzf~7ZJ$;itnhgD-LerdZvql|+6$7F zn&c$A*%H=bcd(s$$aHg(boKm`?WTg04gExHr);SV+-rLZ#>U>2rEqbb`Big)s< zqUET#y`7sd_AT^;a*loY7=%T6eN2zf`9bpt{KvtmCZH76X(sAY^Zy$s{>ZT;q{Mxc z&uRAO!ar{0sV9FYGYB0f3W2~L%hR=!QK`W=!(*#|U4&1La5~LvUAc~0Zc-6bLHHFm z%YiWd4vpgaPPP_b)4kGh9+~*BFHe;l}UV#T-m7wST7*3A22@>h^IlOgoJZ)kaQe-+R9*LS))*u({WEzR13Z7u*U z`@p9rU^_+Ay6}TtPUZ8L@u=Yno6x7x61~y~T+0s`Qp?17YpnjJPA{?j5 zyz>QCFsRL^17`IEfz=Zz=UET10{Q5uHe#5M*dDCgXxG(ych{C0)mU% z5}H^X{V;U~=A@Id2jZM)Zk+6I8|-JKcFb=!A|j=|X-T1&&)Yli1z{Sd^1YAec`O}{ ziGPHfdcN7zlxtBQc-rRQUfco-@*wikTC#T^Cb>ae>?vO@gTd3A3QR{Cc8yMQl?L?% zvqN0c`&B>48{RsK$P0Jr+pQkxi&RE}w2^g4QSY_5kl*QMjJunvFN;(`$Vg+q3$kdY zTh?b)4$+uVEDva+c@~D$3S{;xe!QUdm^UG!A9Ayvj)Wx5TFYs+-zvKL{(hJd$9LTJ zQ)E9|2sMHdGVxUg5No~$H>z#B{T_3imtfq)cjyMKLkBn9;BOHUsF&^Z?Xug zJ=E$~j3j0+4bqieLp#UW*+7&pYUn5B#&lm|kYhAtaWt*4qoa7lK--DkEi!V)*i#z??e3g$gbgD*l zw9x)0l>8;;r5FsXgobxN1l|psaHcR;&_s_2=!KNqf_Qd1Z1uw_rlF-a#CMC0Umr>A>aR zhxld;o1uTK2-E@R#HI3^kp>=ZgyPLIGnnfsmKe0)I1UmqgUw}8<&eF#flb@my|lxK zy0vQbot{4AZy7j#y;C?*#6R&2`OSVI4^!Af@VbZMN%C(){8tJAMqB=L8-(5!LsoCC zqwRa#f0p*?sJGSRNE9JX=%~N}o{I@Rh$Wqpf)Op~h+-aB3 zUhcz65XD3{Yqn$ylX%I)!8stdeH!r-Lw#`&Zr9QoZh*~{dOoS7;ebz7{y5^fH+T>( z1US`flb`RES5MqK8<87(lN#E*sh4OgNSWNV(V4?kv zXvi|)Q@w#Avi_~HSPdUdnX89@wDY{fTU(jBpIw2ViT6hSEN`B|H|5BV9(&!!5lIDW z(dt@KJ`+y>gF|_yg*M99hV}~ecGMH??5zVUgJep;|H~PN6^6B^I zm%cT@>T;Q4AM(f+8w)K{9AqPqE_~j{NW$HVfrRa67Z1hFMkt8C(bm;cuPj4M$4zb9 zg$cm#4dJU6c_3OuS)hf{6NO>R?e8we8B}|PuM3yUdIl>P*_qy&?~h%(^fnwEk1aX= z^30|bMQ$aOinXhxCZV#kklFbtRSATk!&0T#vWA@DhF#_v7J&>hLZ{(IwJUG#t>>z2 z2(259^0h6_ZAtvu7_H1#$ND&}kqsvUq@eAO4aJSVpsz3T!}94P4i{np@ZgP8!!LsK z<+Cw#lT22x_{pQ^(5`;)4*ap$2cu;JTlmTP-qi19qET0c6vfcNFJ$lDfAMF?%Xq_I z{>CIKVJq!X(jwW0wcr~iZ8ohP^&KX(@GIEgnxxixFZekEG{7!N3(%AMSuRvqvfp`P z?HQFT`t9fk2~&@tVyaA=ECF3CReTj<&4=n~IZ`y4S(`lH1AZlMR`Y+fb&gL(-|{}$ z#_l-{c!KPpkp`U9p&6Lat@Za^$`wQ55$GYd;pKQ))EP`g=z(7a35!bfnYd%N9_o^U zJw77zizFg;lFRN-KKC;H#Lmh7R@ypEiYp;&LLeDeb^5oA{Za$z|BeNaQECvaSVw1a zVvSESSoL(eJO0JeRTcp%KvP2ZmnDA@C3Ju8H&AHU7<=8Zu4`&ns$yqbpm3q)G@Qo> zkGKhW=%etNF88_Bu{CmpL>$3wqEMonmvx$19xFMEDJ2yFL3=xqm-C)Z>RUdew9W($ zEel1?dsjCj-x2vbX8t$ zC#4Jr=^~4*zy`>x`r&X+yG&=O9XvMI%#QaFXdIZTJ4TNAWzHO$450#JUMfml{nA|o zXO7xUj4ScTTG}mvk9sII>unYIj)ZP+*X`l)2XMNfYM=KmFEm(YF*={m+%E&9569GnS}j=9Tz%_# zCu9~-G#+l&>p5(Nao$=t*|;yoPF1)E-t2c@WIyYlDG!*e+pk{zp5AEK&*a}mG1Q+xhIz@f-2x7cU03|uUf%*c~%uc zU6zQ*juCXzIs&h7QuFUTM(a)a192Y9ut|SI@^AM{)}ZjStQT_I@H6AEj!qa01tP4P z2ArEurPj1o6-T-;(8-~QanJ7v{Bm+wy#?^9wysZgN`046y$n=rdL7qTB?eRMdzm~I zR;09iHruToSlLO{%=$ZRZK!upkF%HSHp!~JT;sTg-(xg%&9 zOFaQ;=^By-!_6^wyZ1T5a zVT>)MoJxOXg=o_x-krQ5z0`NonE`uWLb5L&XJGx<-FZ5k_qrVvLQTe=Z|wmC6nKlzm~=@FC(=UjGB?D! zwuig{XPlJFwPLv{(_Xk?Fr0JpP-x}Jw`>8_5DIjgYQDSp*pW0l+hwqH+9Bl7j~u8| zzkIrim4)EB?&AYpU(88+>CHEDp7SaX-#2*|Nt84wp>C08{Cu7zi~G%_K*wD5^h+L7 zpXZ0=ysu&gbGl9n1XOLuepxtH8vZ`o2RRPwWwv>4nxqa^-CXr)9Z67zSl$Lc%Mm0n zyyq8FotfH4{Nr<7tO8%jgR?gBeOu~f5s><Vvu4gr!^p!5KPub_SeZEeEKLLTviy z4{%2=hfvT8rn{@1Jud=cn%gvN*Zs#%C~Uz5oeZJcl-u>tYOZMBXEU9d`z$Jq-6u3B zNjE`ugA}V)5fL7pw$sW7`id-YobAT~AMnOSsU@&@*)I3zR6RN+6td;tN6Js89AG<@ zs1o-u98(`inThJfzg*IF()THY)&c8e5rC^OGfb0w^iF2M7_68M?F2B$}4yA?NMnC$3X=sfp-AJ2_lOzN+lz-;$1#V93*xP-?X`U`yr0uP38@)@A(94{q8$(qW5ql zVAcKdag=vWNrLk5#C~51@at+t4q@KPM=*-^AC#|txwQ7OznT38Ot8{VQD=%7mRjV# zDAUJ_;%26pFOt$ryuJsk8_M1tP{o(iY5PYD(Ixz#^^WQwKM&4*tBd;i+z%=R# z20AeT^4w~y`{(xc`q@OW)krHszwGX%KWNpzI6G4<&a-PSbJi-9vZu+b-h<>-7yFV> z=Vh@(XG%ixML{2_&YK?&s8ygn;hGb*)%%)_!)$MtU)pzyhB%ogz3R`T%ZUx^-qsq= zBRQ~c%(%QVGa-M4qg!LOuH(ZTe6#t44fa$lN_*o@UrCD|?R({1UYuu7i=l=1Tll`0 zp7w3TgRlJ}F0INpd5$M<>K^yT(1MgUASSEr{h1{o9$R660yY+%g(6EQ3HQ3)luuNv z+-dAoPntXcI5wRMzm~b+H0{8LU?~U_I&fJO@fsP1Y@yVjDBBQr1-4Ap+9Wkg`e&vC zG<#M&IIEE>hR!Q|^q7*xuAKDMx7MB6diq>)g#Pt{pR=zv_6ztj+4}J^U=Eu-P!Tih zxFbO8^Rm}DBSBqwq=){t0Q=WT;Opr?XzB(NrH>EE7yYtW>G2>sN@HcrwfpwA*lpp=k|fd+{aYntBPdvi*CT*@#onayHt`~x3gPtQj3BD-?szsBCgSn-lY?#T`Q-U{etzj(hwttg52OG> z3#K_FB1i9M2Vm2AKMJt`$?jLy5i~emK~0R1$8G!Eq7O)}ms!wjf#G!Dp^k~Q-;fT; z;fAqeL<JS{sWf3Xq zwO2ZK7cpff+-$_dZH`94gg4oFAM!-w&yctI-<(PH{_F_sk*$WHg45(phdI`~( zlBYE`uuq>7-#wkn5)snTp7isZWxC6l35f|`!R?bEUj#l-t*=@fl4cCr7$|6n zPU9F1N{j9lhV@n5@*!85xq>|prin}*N9EVTMY|5J4wqsEO{|^0DoUxUo0&>5QgDr3 zf~N0y-Ih4*;+G%+9ISE4WMYpz0pU<4D_w zT|@-Wex#B2x_{H;8 znCOWV*5&G)KGPeP^|?CK=N-J0F+XK&t-AH!m~WRK8Q8-TNnH~kQYv$N3m+{>(9L+R zY6NrAnAzkuROJL(B$Tgjl!)xVO<)PahwDnQN98ERP%boUzcN%r);}&fBk?&7K*$3D z_rCtt-y1{RQ!6n(O-M+k%}*+T3m>Z#*|g#p^4i=i#BAz4?t}rY*cAUzeLRIli}+MI zaK_UnpHJr#`||og)3(u6)4(Gs$>y-(`%jiR>^Zz?@M68qIosgL=@5`R2Kp*hUfGD# zPHe4uHX=0Uei(s&`IM!n@mH;w1aerQ7F8_{(2Tr5*y|9hZ;QGpxy;N1fbYJ8!KW_# z!W>*7J4JJPpV0T&B!*r!_W-v;-~g9rT=V4Y)A0{g2ZN@(XuA*2OV3BrFRRJHSCQYd zFU3llNG*vn!2D+C*6j2tYTU2Yz+SDC?KB^d7w+dSedY8|3}`|uV*E@=_l6wuF2D|x z7K_$rBbF0(Un?8)+(yMUEoKhtTIb13e9xZy-VU(NkJ`O7ux$rXn2yWsy^C-?O=_lqaftg;oL z=0sf^Gt|Wr%9RUv!rM=ovfmeOc&dPTqta|3+ zip`NjpWRqW8(#k@Xn1iWU$|6!^sq>}^H1hus zB>tZ;3;ZwU{$uke8-K({GbYp+JqVt7(Ke{l}u`_NYc zI{zU$7nM*nq<>xke6U%3zLjD;xfNd_KSV+x3i~p;#)5586#%}H9(1GiF*i+7(X6@0 ztMd~u%eup{ro_H? z4OkupF)f}edE6}5Wu%LV#2olTJH_{$hnDMM_HYol`T;O6NeJxAg^ zebCvnOVN`%X%_|`*WU{st%v+BuWrxtQde1dy){%_G;WuwWkqi+@b11uU=Mi}nD#}E z6+rki*&N)FM;?-{b*IfL>r-^&f|=a-MZMuw=I=xj)dwA2iqwQg01qTXs>_9?Z)Pq! zXRb!=2}4N@AhhVrxObTX8TWoWm%Fg7^mH^^TZ)bw1(MC6!!lV7lG6PCIj>JY z*>sD!+#>_9j_KESR0Ver+XcvJb?9fG>~yJTdKU08-5fR)DjBo6wFr5h`)sp}IC|{tZaAXvf+@MamH*T#YqHhy)#udk+l%!9 zCz`!(a>ST zLHikZJ?!;kbTwMRhAgIv$q*3xytH`snc;+Fn;GOZoKw32*qTzEa{P2Ct677Y01?(* zC=;KD90cInVAzASssLZOl<8_9{PVe5@;or}Qr9c$`D_l6balakRUZx>KigdP*f-(R z=FQ!kuTIgjY)jDFr6$9`;J1ADuZOuk!d}Xig<=Er&L>aZ=X|f^Nu0?Xsa&2_MpuiK zEkLKMA=g+QzbvM#!Aq4*MgH&r*`@o1uiAB^C{_BhKF04lx9Xk&oyrtNU->2=)7i=K zAIvQ;7KWR^4e(DE=ah@IhuR}A!Lq08A@m_dY`4`;H?!(vzdQ>`VqSjl1k8J5@-si3 z$9f-zw8gx0J};+K5jqMKPuPQ}bAdg6AIk;M|s>A=-h=nvch#U1{ z(OJTt^Mm+vlZuvpt484Z#;|=cxhDAgVZEFxHTEj3&``+>@lL~HP4V}aHGTtqbTX#r zSG|^mMvzoIVcpOLA=hWY26ZeEhi$UL0GUB{>X@e{5Ih9ND4je;?KsjtJj$hTk9sM&-||r}{X{_O^8*Lp2G~#&c(os~ zJH8S!2nR3f7f>TDxN*?_IApYXeMuqdKqw~S1PixYi>al z=sR$^;5k%p@S26##P9IA2gQ4geO^AV3o>1e6oPrIz`CBpRwqbY{m56I*N-cfw67m2 zrwgXN`1wI$uf#@h7hRtVG%n|LwqFDA1b`)B<2{i3>8NAwZX0DsaA;L43QKfDnCsr! zhNuvWnb3cg`B)9GMM0U~oAiRtgdWR$w}lCPxRu#!?>jPh zrp)zyr9D}X|KT^A`hnMvr>-%u$L;Gz==QpMXHZB&aY+Qt$47<*(#}=#t2Mkmm#cnP zZ$)puknHA$(2)a(n~+Z328dFVqdV~^OPcS8Xo)DG3576O#B#Y^@1qaV(?Wb~WP+;yd|}u-WE4vSW1vfFbSp3FA-ggcigZro z*-I$w&Fz?ZD37a26E^Z9R!K*&F4o0e~?YD^)D7Ofu3Z&u^ z`1L->Goi(X?sl{MPxUXBiB>ROFzm!*eSf4GEAxRh9dHWI&IaGyxqdnZI?{gbP05rF zk(%YI`frsP5~uJf_$s}4-VUs3j|3}gU@SX*g2)fNgSy&`0l}ljz(>tbqGV*6>4iR~ zu~>COV0gVUMUSZ1<3kyV;X(m`p$Q8u7}RE)5^TlFFJqT^9nQ2N zFT$prS`??YmuK3>p`msA>++M~z({<({?2D1-ELfbjq_>b`T=m-3F z4d0COG%fBWKl501k^7Urt@W5*st2(QW`j|fhtjs{;XTmDC$Hwps~f2+gD^y(>2}i=>aWxu++UvSty8j{f=Hn-*|Q17IT2R$!A-#RhA16uuFD$my(BiULe!&*-<9Vp z)%15zAkazYAQw6o#@3A*2NgKe!7XM2lTYo{AUno6#D(}o_hKNmJ~+$ z^!pV`z22$X_#LQbcb+jihpzQ7+#&IOF|eM2hbr49+v>8kU;5znozv&-}G`u6OX)Dpp!KHTl+8aDxu12bl} z>ZwB9w;zvM=5_4pxQu<;#qM_?7GIc+1kIEDGcqqGe<>wmA}Q(%%NE z&yX@O$`ZRUF~oD|=DwLappGp2FPjnmr)7yb-Heto{JB@ULT5Rf+{h zJva1yCL(x!Em+M2Jvyqs1V0xD_9ROIB_8D07potZeombceLPKPWf}q6Os9OWet87Y zTpx7dQt8R8VVMEh9;2qz?kLQF?2yA}FIL?*t-*K%va5wwgtd@UoIjc8<=A;>-kVI( zq{dZC3JFS@pv|tDV|p*v5wRPwQI%cwvlj~hy;-~; zA=jih;x&9K~J(S4T@RNAqpSc%SjpK_K`vd-d5LFFtk zc&Wz6*#Be>mi_5z%!D|KQQ*D`Nx?b{n6m|<4UY=UZ)lk>RvY@N+`D0Nw|jd4Z6l|6 z88C6)flaTbDPE^zV9C7q8Twn}Su(M=P6P1X&gu1W+gVn3C(@iQ=RMdSU0(-0>J^{` z${UPn`Krh0jk_tM1=8Q&PNF(*f_&#Zm8gPNFdZk@NwW6G3Jae1+pqehAqiD~J{+ja zCw;C^fvMj)1jA+}_pRG%=P2-w!3<&L!D!8d{2w7bXkuTs zIBMEEfZ5z3wDe0#->M0^1=YlY)co^{v~hIz%OIAe0|#}fL7b&*Sv=d*w=C#$vMLMh zy@?;$JTy0Ec)z54oRLpakYPM6KLye2w2<&v^b>B_Og|(k=?Wp35baNh+z-N)#CqNy z^qKgHl=k?;XKQc_DVA@-_~**1jbS)4{n~Fw6@)$gl-^d3i_K3KpLsw2tTl4jw2(Y1 zigYJqB-}A}y(V+t1EJW(8}wKW_c9_Bet@|8omQl^dQe|jStkiv4}xjJ?O;0*Q;V5m z8+HMWsr6-jOx+FVdj$g%sBc5{MF?ldyA;Piu2%A+-_A{S*VOKnm5+Pq5)_I+H-6N) z1l_3i=1%nihZgB>(Ji~pj4?Un&kXZKjo2zLk3JnL$82yC{t(_4G{83@u&+URpKABl zjs1|HTXFvp-qP93E$+$d@O?el7Ne~LnyG3vlN^~P2Z z-_a5j3EmuB~JM z{&8XR8-xs70RtG{@nD_UW^RbO72{7E`-IaeFtpcx`E1n{@zvK3Jb*hq;MAtF@AREr zo||XFA90|BIBq2zk$}>mYXh>;1@Jzh)zmA6wJ{)-s~BooC)Cx59$2NW`(4C@gy*v2 z*;tGMxLvKcJQ$zR*!>-l9oRM7wBXH2mWzTKe|$+E!TSnNqW#6H1qrp!Y?^D1r?n!P zWXA@;)cxC1Iz;gyMTh@Z4Csc^p}B{gSalh7HUi@L<=;bs^6o#~z5xqeJl^w!$DO0$ z-ZvtnB&;Q9c%3ewm5{2o9qL-k+R^S#<*yUgG^Y}CMsBYWycz%hR?y986afQivAnx<9)Eo@Dg*?4+Dxy zFeOkp(js8$+w^QS+qU(cp}~i1OPhrk4%TV2L*w*cdGLH6SaqV%)-HA29ub81(Qb?J zO5?1DBB2v_1dK)cvR5p3=f#6+kdN)a$8WE4!^~N`Zy-eN8VHFi%KId#s!uw;1@km0#k4{_YH3U|02qX6v zlnb<6Zv4`=jN^XMRD`vROrPf8o-R19`L|a?QtBSrVgQ-Nn>Bs97#t#Xn=VoHmc07-D#dqWryt`I%s3qM z`rIoqNdH`CG&aoQTeshq_rh5AOpcAy?YHiA63T;R^ z7x?>%Tgf6_nwl zUv*Q0bXUk1H@f;ZU31)sd{uGv$)h%NAyIr>))fG;o)PrvsMRFgjjOR>(X(1&23&Iu z|MF0n@jg`fOL<>a>qJ-|9fsmQ@TW|}Rv3={VqW$zO1yB) zAkB6{V-{1=@(Qmr~FzJH(xzz8MYfNwYHdnhz~&Vqzr zO^IJEyVXB$r#2H&rHbjKpxt+BY#H|vJ3EI=T`t)RXkLH-VxI|@7wx;IV(&Ha`}Jug zKCH+h`y5FzpETR{&<|Ch;;l^efVvx8vE_pBpOpY?R--Mp!{=+g`ONvGR`QD^Z4FC@ z+;XN%t{7ENpCbO)L|ZrwCTD-i-ha~_eIFb3VIu`y=2|PhQ4<%Jp{pJWNeRS3=|d6U zC{$l=S1lWb)g7hV=jq&{iM^oY^r|u(Bo#S9ALvE&|Hj^X2Q~G+f1e@(QUnoc(o__r zO9ufXAWeGjy(_)LhrpKBxm#ae1E^)eRgMOXP$Zf+Sz|H zllx9iCMUV>bD!&azh76DH$vCva#MRJO3rayhQYtsocqi!RH~KEV~$iG>quEK?Qh{$ zED3DnR~47{b1rJaCgLZfk*hqT;fR$0c)1%ULn24fa$Jvx(W6L~O#`r+kwZsROj(CK z;ndwqEQ$+y6F;q2&g=37_DzIG;^ir{rsEB#LnTM!+z)|eGjl!rOU>6q7YB}`rv8YN zu9$o=hP0En9J6lXL$PG*2yS>~4nlqnY=$Ir4wzVOIe5g7cXngk0O=egJ#g~~OQfvI zk-sFc?;zk|y8J%^g?2#KhEOY3b*xsDp8RF*c&K}>O9P4ajSVSO(>cr9yY(dhKSB1| zuGW7>zsFHCV_TP=OVl>y6U{XD(g9G@_^o1H6cdeWa$OqpRnfav0OZeWH}Y-oWEi3H zvqH=f6$Fvc1CE?Bp^;iqBd_tdNdmvjf6oDyj`)T>-dUTcoe7~Ob*6L^Luf8v`5o5b zbM_d@EIx&TNBb#9jw`@vMC3eibt7%2^hZWDFNG>SKZ>-!KbaI+HdFI&ZfOE|q&CBE z9<+Zs)g7|H<+uIBGV*G!O%ZhGa|fazYZY;a^HPo0yzzkXi;O?Cvo#<4>nF0R@df6S zll9>>eXJ6b!p-xYDvU_q(%O0w{^83~4L)e>ZA9+5;sK+-W+FV)wMqntMLtc~DKmd! z$gGtvpEyjpz`GI(9#tL$X`k*hOzi2g*I4flAlV{S5TnbCFssHz-PbQ(_MogZJ1SAjR8(+w^sf6cvg8*2_O zrX!ZOUL&#nXSG1p9hY2wV(ZGC2RT7eJ11z=hYoB0I}rK8uY(||ywe!vL^r>zZdWp< zPG(tbV6uBDalqn5pMI*@4g(_pkDk_OQngzMCFU~dB-s`Td$w^ zm;1hNFAx4evG~Y`G=!G+)>vxs57^R_u_AY z@&w$xcjA0Rlv(XEs9^L|JCvv!bRFf&`7Z3Y!z}slMb#!1*|CSn43*ZuyUroEWEkKYp5HsTMY`4jMLKryQ*a!JGw4aK3drT|uy#M|h825+y6Kmo(MzF&(XMX6 zJ%gY91>8whFHL!ZS!GL#i9Y&-ezd70PhwmrlT9nuk9P`S(i)3ONM&P8 z-^-@|W3XaqI?rA3c%S{$3M) zW0bU75{l|D9uBj$IU|un{^*q zipdHkSU|6ZnJgWG;Y1IW75Z@uUdmY|L{eMOLUCBVa!A)>CK$_=IrWoIV#HJLo`0_I zBB{0HDr=nlInDG-vyZB{1k*;b{xK@fTWlyiEN&~R4dSzq`N@QFU%t_iE&*j(}5A(0(^FZl=EdH9#iLC&T?bXEI(&~KpNan+nlNW)lw zWSDKQQ>l|CZ(qfbt@8Web1ly3?b#k8}mBVXjT!AGMBI-9ali&M^}^Ve|zv%zsGz2w%(_r!jUL z&+RT-tuP|hNBn)e>t3c~A@$I2(XKzk6_uhQoZCw0!es4=rGsiMe6C~+#DbJW&~D$M zlF>rnt`;4YH!ddT1c8wOgfi+#M6cG~w*-brx04k)sKXu}xncNoHePmdz&kRoPL?g< z+9`OTElP5F^mP)bGAAi8yxyq1DxCpe3Y1CYzxF?~+~~-p0RFijC`Fvl_!`dW$PBpL z@IeIW4B`>^enJS{8x=*T zCr~j(yI6cbPIw?X)%TBj`5#MniGYwvejkSTg}See!L@)>@|EM(oi)~xucjo3@G-_= z*or7xYo8W`zM+BkIf2DL$^CH9H6izJmNw?9jndjVelIhjW@K95-rBHg8~=v$-!X3d z$Nvilt*(UZoa-i(L{zO6>Y{s1r&E@5G2{zU66e|&aqR%jP>VIn!cX3N*u3<2Ozb~t zpZ@@TOJRd*U}-2%3}7pq@#{@#$Q7#cQ8R}v#{$8bgmfGlZ}j?tcZmF=su+pY zxfZrvKhlHOWMe5*l6bEqh5B~k^nc>R!%-mZhl9AHTJ^pMDfmxSax;TDzdR1&WDIW^|^t|G% zE`}OcM*9|ya(!i%B~dXu$_wr*@9n+|`XeV!h-`ygY6@q$qM)>3kM9&*Kfa;4jK4Zl zm&eCGeN#nU48+P;=3^CQvNXhq?%M3N?JK3>pZOdgdhTNMXgL(+da|SeL`aY{YDK(R zP#*&Q_^ZgF#Vs!n=(P^C*}p$3SUe%*XX$!-3mGNTnOqfm3taDlA0JM90hLrn0iPb1 zPy1-zXrq9QvXS;b9Sb27*7HDZDVpIA@WOu77F%~;4?OW`=ivOra*3!8AgPCrRQQg4 zJ0%;X6dA2&tYGt`cBN}E^fM>QBS*B@zUAZC>=7V3>~W}U8h@o~U`10tx?=w1d0|1T z9q1zG0PGc*O|DtNXOS!Me>(pdB-;$3vX>)%)^GM7gLarB`6}G+u1nO`;doog;g$C4 z{~!FHJ0VT-FA1qliAi+l7)Wf}mg`nIu~`B~Z`8TgYFXZPerlqsa2~um?NVNZpcueB zO*(3mOPRm4?xK2VwrXO>N(iH<1t~sX@=+5~^DvM~s0UkKXKY&(h@veg}^dn0X7(F)Kx>G9LfLXt5Z%Ht6q07Jk?v!1@y+$E}1+4_5UHJocBP z&>rjfn)^`sn5^*c&T5eb+^6W(rE3+s<>|~Uz}s|iVOtM@NLOxddsGjiq4%Cya>Hxr zTCX(J(sQ=d^USQ@87QlK`JU!m*|=R!AzvJc0_3xEfbHEsPUg(ukc@~E%aG|7rG~cO zYiVUYD|SGG$Z`IA6mgPZ9K?1mUi$0S*&vSbW%rdii5TL|Ui%UJ>4ekjEzhLY-1Kb2 zrnwI(YBR!VwpsC>fa7vTsF5Fjz3qgaf!G>8+C_S#dep_~$gi+(u}*k6NVnx&Z<4}T zh<&04XGj=H`yEB5EF2PQ5Os!&gc!SFl|zSrUrfyy_vc)4wcgyXnYHw~~J>*SENH7~M)!)+N;T&;eRw!T{WVcR>am5%E71gU zmHm*eS26bs%i*{ac~c07GCMEPTA$o|T*?4^~H%UjE*;u(-b!3H$Mj0b#@8e9;|j6%Jd zw+gfGndX-a9Rn$&@eUO7>>B{W%!?SZf`_&9=onSNI@>4IV};lrE8DU4mdUNx#LrTz z2M|?S^xXdAcE4eIoFlKUeE2vOdZT_ z(NKnQz!iYY4*Z8Wz)0dD*!w$9JB*5X5YCnH0^K*la2X6B zLEuG7>NeZ2%)vN=qKq1IwPr5c(Qjg8`+CQ?4e?7ju()b`HIagqc4Pum zaO{5=v`!yRqT4$r7#*5aBhQ8JnOED#+i~DfGn+Ej9~ifXF=iJyPBl2p{WyX~tQau= zCe#OLN4HH@Md>tU((UU=QG^NDwL|aIpLQ=$vZ;}>NTkSO(;pZM+fmVh$K~GOLE{G8 zH$Ojh*D|6jZ=9a5Lp&=p7q_(3t2GqSGeO_lb`1#@X)`HG+vkLQ6O3-xX1s|vvpUd6 z%`91{+lgF+&VmWZ(g-=4R6+nC%06G9=Ssz;gC62KlI1&I9marbm?-g#uHGTwF9{{p;TNFF)=%kn_2l^(U+9)X z4`Eum&Qb+qXvY_oiVgF6ZSAHBmdMSkm3rjxjZXn3$7cZ{=KS>V$`3vVwIqriS!WdB zX>>;AoU!|qrp*wjt-|NQf3pA@^QN?Qzt7h@D$nGIV&k4u^4|<#Oml_x4Cf= zG^OMSY5R$DKHdDW+OFfUGom1oPm`?h7DF%YJsw1l&l>%J@AYe+ScwWY)N|(*Tx~li zz(BeXKFH~Z2g{d2+G~mC7iF)G82vb!C$nv~>6dIH${S<3z~B0%N6}9JJ9)c%_f5xM zn~Jw1R`d*K3SBuxWhh?L)NnDWKBbnge`&_46%^4w<92|Fb4sH3*_>2fST&VJVB+`c z#84|&ybGbg-uD6mSHLn@j7p#ANV66lRS%d?0+`=4&&brd^jt4_=tc*ZE z`W`NlnUiOSeXM!3l1Z{8rD)X^PJRbqc5P}f@+w2}ECvpYs!njlv#dea1~8UDX?ICP z^sL-a(iaJDZ&*M0vH0N*Pyv+Nsi~1Bz9qw%BBoy{36JK>yB(arEZ)q}Z3{;AK>X() zxKCck2KN9c#N{JhUvp^XsWM&ceoSC^^>Z-X3(|eh&fu2H%5 zz8sbsOp!d}SCao19X!@ZAl5}xS_m!s5B}HlKltCdHbjS%i=F(ousT82NzN_To^*G- zQ0UK3=b2pcfa^R%L`dY3hylX!FV=yz zm8NrSwOKXFzUGLx?NQ7*7B8_A6yu-d%YKkozOQ~0-*A(cJQWE%XyBi(^km4;J$*s^ z`+Zo$tXo2A4VaEXoVd%ZPb-Cp!S8C$3_u=3i|nhM&KC)}!s*`H3fc|2us4LH`BpSH zO^&rCrxOxzZtWX^;qHhPB+!-o@qDyYC(-1J5I_r};0LukrnFSUjs$}nda|AMW_ow8 zsAu4<5$^v=6@0n-TUW&Y%!(dNO|+g5%V0{$IZ49CCm%Ckh)_{uGA6*fYuepb`o$QG zVIo`GD2YPH3F{yN{3tUVyB}g$NWK&ynf>J!eD@8uixDZJaoW~*mhENsn)fR@l-vPm z7_Z1XcSGZYFOoA8sXB|Z0WF6G-_*D`**R@DN6{s z9NfuO=svB7rxuOBm;-X()A+qn!)CEIyzUt6-m?BT@|^8pBogQW72KHTO#_fMjNWh( ze_=eT{mQ<2)PSY=7sc~`A=J)jA99~iYQCud3xFERkK{-;dX`k0C+|dm51je}Tyt_0 z{96w&Z(cR|6uCaELcxFkj{bDg97gYwBKW0VH|No#KUb`2)>+N52JUlU9`Q)O*=(1$ z?o>b`)9=mS>APO<`Dlphbz@vVU;PY_L1|_f54I&zdh;aStNjpGkXpSmi^%rveg1nR zNWKRRPmgFM@j6a%%q;HjBn0uUMp2-GU-JQo( z`W0U*wph)11$`LTM-E1QT&=h*Dei(Dq0FbAgQ!N6j)F}$_&-|(lTjSEHQ{abBBjg| zsosYkZ$3jma;Xxhfs;L+UI(<722@;a; z)Wzv1E(CZSiyNp!kQL;2lJZ%&Lu2i7q(pJtajU)qPv>p;Sy?bgt0I z;|bmoF=Z05vo}lL*Rnng38QMt`PGuyNo6{tMCYnHNoZF~g`A~*ifDoJ+I(}5};p<|T!p;!T4*n||t39c-@K{EJXke1hu z^&)VBYb))yL}}(@g%|19ufk8v+FK{d@G_2rYE6<2{O~p3^e}+OI*n)lY6;RDwoY74 z)=0_sm+Rdr-q_rlh6p3XY<0mp4f&L!T@PsMIut#6*f zEaUFu^2bGhIS*#>7%=Qm#p)ys3CmHy>_ykqhMucI+dJf{py5HC)d(H318Wk;i)qrA`l5RmI1UO^Rr zQ@$J!73Ip3*FrJ8*_c{-c3n8GcOUEcuz2*2iI1e;4O|EJvJ^;tm|;^YRJ#E*T%`IS1F2M4bCFGZh#k(=aAU;FCEQCp2RHoS{b5LlT`N}s_O_e zEFAv~27H7Der?8I&8*KyB(04Lz zDmEC+_B%}d{vTYr%(DAU={nioQX^Ls@wQ5pc>ntpIKJ0=m5g(B$ER0wdA^qiaxk+N zW+EjX+ZRTmpPjDRPeEKSGr3poGPs?E+1Cj!DfORkOHl*afA;THm1@mnd-!|waGD%H zBKN2^fd%0tS;=U`))21OdRG7Jd}$_yqmlOKnzJgxp3pDZ+ypF!kN_~)XTWc&bk6@IzO_% z6nl9LzbV3?GV~}R0bkoN4hZ~fH3fp?oCAQpK7Uf*n_Sm>liYHXTsvMtof%NckZag z8Q_`8iwF-cSSQ7C-`i{x19lx`(VcKtu_%6Ck@Ul3aH^f^LTFaJCBEo+UVxItS*PO_ zG(B|b%>rgQ@wnc3OY}tt>Uzl>1g})~CQC=*tq6TA9r)HNzRDz>ql}qTE1ABDJy2Ldujr}Wq!Fg7uGH>*E^lTO;i;C%p z(v&f|`D(U~I2ymppLE1TAuAM>9q^Ycph=>SaRgK#VmavOY{yPLel{b{sk^eQ%D2VHom#J9=}9 zO6yDV@4X-eW_Kl?G%VepSf0x~JO^jzkx=mTuA@wS?@scKp{#fJ3KWhHoD6IR^6m0MlH`PC32}^9C|1As6Igl;C$<0!Wx7KO{r#zYX zQoRNj!t~csVE&bO-{o5$hMEPOqq7eMCNSEMLCdQ`w{QgHNzHD%q3oOP2U`#BCA9pi zKk3OSZi|;7#1BdNXdmc;I{$<6uG9FU5SYZ@K}ss*QQ~u;LoMJ{mAGcZaz(riPDu?# zPFNox1(`oSElQXU5WYtwU@LA#=lGVfy-PNw3Lf{STamSdfQh{7l*LaAHHcX0#(1Th z23I30+b(eMvySiW!ERaHy}kL_zO_emaJ>ioY(oc=t));vH#aB5EXU+0$5Wx9Bi)bC zxl;0I&v)066PEY~8aambeyc#^!9NNOIZyV^lmMJr6&tYQvnWl_0-0i)eV%>($ZN=e zUWyR1aUN&{1wcRnfMl|c3%;&bP6$ws7>Pk2w;0+?VBj^61iCA0$I!GQq2@0nQGpVK z_mN6zD&Z`B`DbS%pvE1o?sqJ{`$Ex-=d+=LtB_NJKBuzpv@K3f8dOvU@;`l@1W;RyQ-Q{+q!^aR0AbCK;l zPJOm2Mq)#E6tGUOYn|y{SOQ$HfFTVW^L_C;3ib^%oI)?1Ty>o{H!U$pr)0}yV`+-c zVGbH*-4NS3s0M1K*Lr%tvXuq6#w1O;LN6^BY7PsQS=m||zBWtpS|0#^$&}?|qQz9c zmH5E=6Zn;r?0}M4AJ6MU&;Hw@OosP>mTq~L=-p!8Y^v!a6&WVKn>gC0Z7jXYKi4bz zoJX#5a;Pov;?UK(GIVwP+Oq0l+c!2rsn6bqJne4TFAsrX{o_7YWie(DaFW1Y+sRWi zx0NoRK$rIO{SBV((@hJ7Bve{`ta9~2^tUe#zqJND*e85oS77+%jO9kTXCL8+Xc%2A zR1T>`moHglt|`rpsz}s$peXeosOXSdX*DmX@x_Vu?&M5Sc>zfnY5I*XfPIUoHIl;K z@yBTXSZOIsuxzKH_{SnNA%@CnQ6!TT589adIygy>8tfx`tdH``_!Yv?8e{F*pYYZ~ zzDX#UC@?Be%~lqS*cX3)aEfpkqp}jWL+z>d*AesTm{B zBtFy|>|;%v`8rxp{e$OG4fCG_48W4w?@#_>O4;2OgRA;s1K}dl1Ci4S7vqZ znI=5GOe>@%^G~_3mk?6DjY)fmoAKxh*o84{UbP&>(cnFbAE~~PoFa0Nku@~P|MTNu zvaaMHa4?(35lZJFy_&+t^X*FNhjeD)<EQaWXl^6fk=3CcZj(UM>u`{%I6HIkb~LBCkM?WvknPdEk_s`ORN6EJo%q zJUq2h1DNPt!xjy8uG3hFXd*N(wQIYia2ceNjE#B48JQ0QR+tof$83!IJ&nP^@bG}i z%+E9q4cs2$97mJWxd7gxSnZo5COrZ;_2&8Mbs}`rg+2EqI!Z1fAPL^$(M=~nC%@Nt zy4{E&uEOyd1_A%edZSN&4qOHYTn4#f^6qQLh1`t=O{fDuqRG$xl8x-$Aa@93KK+@} z78g@#dU9EW7F_YupQj5%`mq;h{+Ww&)a=v2_DuQJg8to9WXe$z6EQbqS0%8Dc=zg^ zBzG;VI9W3Wr}1GLHk;}(MULA19+q`)Xklf4-YX$0UoaZ2SBBP0GaQ?Y`PmcLx1H^6 z^xI>HU{|M4$JE<97a=$6QN!8F{%s_>ziO#FhG{^g7)ICS2$?bVSKlA$9J8V{oR+^5 zb29Fep9c4DQHzNs$-;@HF=#5faZtL5j1iD z&2bGGYMiI7sjt)9u|wGc*UJIQN@b#o=xa2fb_|__c2$VTAG7)H54Wf|-&>43-GvG1 z5#(03VM>==~meGA*$=wjn~n+dn%pP%?kiqDBI4UftgZm0x8)^GBcM z9y^=E)?OZc@-)Wz_<8D$e8t0f<(2df_s;Sg&_Q_oZq+~nx8K0s+rJ?s!oo=l0ME(2FE2n-%p2B=?{q6-2x zku~nJR&Rgz`fZ>E8R5#yz$&jdF!9eUN*<}X3|tt#WB@r zwJtnA$2&%QAsdMyZXHCdX5sDO{#zdsES+Dyj{2cSN>x2VYg5A>ou99&%6gyiDivEX zxhF1>kM)z3N%wo#pZzsL@$u49B@ZKKt%><`DP+{fi{FrcCG}OU3P9nuD<}QnG~5^{ ztB_dKWNpbvxe>5v#(y4=XC1`F_|Quw%J*$~mm{tWE+s+R-e;?Ut*4>KMn7DA9)703 zS1Sn|gYR-Y#V{GE#+sY;i1pk(e#;PyM;b9ijM6g}Z9^UT-fq+?UpT}jY3r#TyX$z3 zNo9~?#98M;B{9ysHzUxy+-ref^;>Dbci?(Y9>E6QevG338olMcm5ixDeaSJkR;M>2aYR4(?=ODeJLWN}NzPp1%5pDJi>%5$4|+*qk18&QXQzIxAh7YXgg*f3%!_2a zn;*Yj?^tkF9vkoDkz$Tt@rK)bBZoXUk|0K7{f^|YQwGGGHnFXHRmRl*!F}Jjkqb}} zrHW^d1wzfm8(3CrI43RzI%|DR*V7@dT=~SgRjX<_-{})O_&-#UwOPx29t1|677@|$ zC{!GR`8j`P{X%r{^FFRZhtl-fH!b>%Nm1f>=7N$XMJ=n*usVA#u0KLb!r8vN-nv$) zmVQhR*>bas`xC$khJ$J3Qw$d>_(4(t$$$l)R*JPxN5j8T+ja2A9W2<yLqxi)*?$tu9 znv0sjzNN0?&gg`ea-r~qC(ft2QiIs}u-&CKuBJu$$*RX6kTRFdaUOhzSNqlG)v??G zL=-%~7n-O_(x_FEs-9~kQ^ZO)Pg1elXdvmRHH92lr)G^F2q*lkPb7$hD^{!LIeQd^ zvQ!K8r?9AXKmJOJ{QH$@a9#G(GxCC$Z_ToWM=f+|<>c~mH6BPG@ZzPhM=-M3Y9#*n zUlU~ipZc&4K^XoPW)ubPv0# zeSU?*Vs*w_$f{%|5bO6(ReT-jvRPh;B0*}wELmcx|1gYth_CwB; zAU>DCF-79Hf=;1nR7PCTw#2NSp zlkec$GWZyd#yzZ0Z@Kvyl@qv&iYUcj|03lM#ClT##R?D``Jl9nH%=u}TSbvk94RCA z>Jz2T)T`e?H4h%Dbdx)=wyefE?Tx85?T0fR8O&+EbKC!EIXOc?ry+dw`xNq^>-_ps z=!WHFUa9#7c9^X3avYYCy?`-45iCamvG1^9!NML3Axu#8bYRssUr+H__Qw1XQ3q7Q z`AZ!-Pj$2urSICy@CK&*5sY9u;ijP%E?Xhi0~qu@vvsCRLvk38IV#V%(gQ{+j(0dR zlG2|LkdW1cG@Y!?tHT6yfd;+tyx8@eyi!L{#}Bshrx)j4g*qq_j1s{c$h_8Ap7n(F z=MtKdrV3z(@??A8*&ZNnq=_A7)b^%(;#7&Ax1oB|dHnihy-7S@DrUSDXM%G^RneAW z7L<{9(@}_HKO&g+8t04o?gK{w==QMh#-jQ#H~A{1E^!3KqpEcH<|$X6=y#OzubuoB z?YhLrKQFiOIQDMUhU8uBTJmzDbRPUvgsug;c>5_d7+%e5azf8smd4E7wh9uhvjenP zF%9@$QH;DZJtbZ%b_61TUf8mo;b zBKX;Y=m>*eL^TTyeaNCuN+s+{%GD69dxE82)2>%h?1V-1p)bwE$`F-#BI|MwJ9huN zJXPmaBiJsYyZ;fZ1V@mXLyt`NJ>2Kl7&4(7pQ7l?V{kRcubJ1*n2*v}228N(x-FS(?#{=w@Ju4psSr^PSadJ|**k!HPR7$qe}|}mqCN$I)%`WsaL%{^`BN#7(=7-t`IY;HmQ=$v0pnb z8%&#i`m`w4|1_lvk)^Y~mG_mbp)Zy+q>Tu^rs46jRL86^i*Y#;cOU*<$Jn7#zcy=i zEQ#yeH%9$xalqE~?7A#)_9oN)-2Zx0@QxMQU${^5&FB8-D zzU(Z492DS_=_0e0I-0-@D))jXM*PJvGK$y$)+gq8U3k1UuOn zgy!n7nZLr!gVM;RCc!L6-%Oe>&lN6%v3nYx0N*oTf>0L;ewe;5XML!c0S>_>i73_? zdId3I1dDFTG64&+7X6zL>(Z6N;}Cq7Dpqj0W^ZA7ztR?*x1fp><#6)??C| z^02t4fto{9)-JyrC$r>Q!G{FOpc#m^-`mA5)I$-_N~o{CxBx+zn_*!PcXSVD(kcIJ z+!{=39=6MDT=LkpyXtgi8R)lcX6Fpy{T>O^h>3eP8+&LR4Bx%5DJ@2smnfzs!i^ps zrF`ciR?bf~ijd=;UH>LR*h9;0=LaaE6n)gx%v?|x+irb_*!d-HJ3M^S-y zcHJ%ehdQ?m5e;V3eTIfyLtBC7)1NmF<6=N_p7yl~JpySIz5mQ_-*Ka*MR@#P^Z#I@ zh3np?SoNl$g*I?ajHL~abd*;=UEpZkD>Sz4rgp*ZyM$F3(I%eK)52e(SnVaprbyM?HNXm3(D4m)gLuRhrY*=GSw-~yXQrY#!5#s&Xfmx zCSmVf`_9NK54JpP-Hugr{PO=Qq>Lf7XCgc3sO>Li;Ej(Mn9}VUxqoa9NbBYp@_nrf zU<_xfRLo%j|CA`4MjA95kIbu)bp%`ciOS#Q_RY6&t+il_ef!2_ zvKV1iX)H%{ zd`S3~qTuOsGZ-8qgc_#s%A>{oe83cva9=%*yLclv=05Rr7u0w7_EmNRFlF5GKE+E$ zT6-5pN8QAhcRzyq0wn0K@Hh*fp2mPKutbw8MF{Z%YxwYVrZf#wWzKgWai3|VHF)m< zp0_6M-O4)xOWQuoCGHyPJA`tq*atrnoPRJ8qV6su?N>J$bap$@$i<8(`~=F9JjRAW zSyC?ZXU=MjITx>XI(i;OhtR%U;+62~1R?KYVv>KmZ@iszTTs++pb}Son_N&4pD*DAoJlDAV@1R|5i^n+5%Oys`w!78AGm9Re+wwOqcfM9Fz#{ zw2}R0fRwPNj~R2nsSE?@#TO<4LS9BRJZ5FHPcnw!x}4Uj4{N+xhH|dVkEEW4TCnFR zHa&FZRm9p6!B7|;a;1n2)Jyl0vfr$UuWfsmdF{z1BENXiKmCw7+aH0S*kqQDx?c2D z-d#Gb`I$XAi%!F8+Bm1A;;l3} zyC%Wo+8Q+VuI;AmCW4n@;4mAx!cGh3Sx&l!M&e+i3I5{tCLsoNdqcMTT?lrCx%%+@ zVdF(?9D~jmZz8x9*m;c%mLTb)xz$AvEbc!&VSe?&3O7P*ES>_d%>evW%oWMZs5#JR zklSv=LceWtxnKE+JwP`KhsdyRXHn|6sVDBzu;P7hnU5CR5(^L+55mlVPMcjfZ=4tM zx~gQD&q zb}b9F<3Qp-26Ouh9Iys}Ky${BGKLO@Mpfze#`GWUJU?6KYG6CxD<{-3xPn(^pF_l( z@|zti*%HAxwAdG`wK07XtGX7>Mk)3vlKS9>NynjI$SZ$nK#&Tvrh_iGmk_x==Cc#m zn7+?tm4z-`U9SKYg8z);x zr*+H~Cz0YCqXRY=pvv*!iy`M-q0Z8>Jkb#`y*jiq=&CLQyoGZ{$2n$&Oh-ovF6k%< z??0vOs&|(|VQfta2X%+h#WaaF>b@x1!n;(y$!rnY|X z`{xs3>chfP^XpHJ)eZq3PG^Qu>%dkWF$z&7(DABJ1&yaj(-jowy-QCBqzt``;({z) z&vlVg-epGby)ic`o<0*WDEhjHn*GB`IcPW4KMQCLKK?4MOH_MPJNp;#TJEsx@W4iz=g@(C2yJxt2oxP3_S+yx~ z#uU*!v3yk0?gzaHoC@`rykGaCu6G$>^!U*#(&1BGoT|rud5BxW7w5i>A7rD%I}1gX z7l$)~aoecM)>Z>)csMJ+dj2=qk^PF7@9x+inQu|z>L$*I2sy=D=*w77fho{T_5$b{ z`qztx2A16lZ2qUPA^&G&1FnolCqRMIylR`iXo$O)l=PipaP#_%W2VYEZq%vnE>0cM z%Y?~;A8Zogs?7m>$__xcaZU90MD++2Zw$`bHr8?9j;|(oH+qT6VA82I;AT z(mW9s`nB^}p;VKJR$4HPfXz?%{)s80W!~W(7wSdiSx`W>2aaoJz2DQwQ*D^u8ycPy zip99Ea+VuL=H>hw9Yx$ZBdu>L%YJ~Ra-AORk&q3<<`IszIp7I`WHH(AumMjw=<>K9 z^p8d#m`ynub_7;%k_zK8rn7ampb;idIH;IRDaz)NYA^!tp9pgw9Xg+#b}Q#wo@1*< zzpHshA?Rg5?n!}Rf84DT3R_eLZ)mf7SR4Y`1<8qFRrjhf}Hu0}pXW`_hSFF~fP<>32KFZWpI&d4$w2IaIa@eT*NLtAuq{iE0V-PL9m% zYa#2Cua~_kFG`x^^O_G@_my0F<*Z+BF29zBzL!2W%-NMdX;P`ZzB}HTmgz6kNz4Hp z8+xqH5MLbIl`{~9Lmsi{nQKT0#d-`&xWe5EBwnXL7pWWrFklKtUJwFU_mS8*rKNfd zSIvM&CtaU4){>LdL+(#2P#amecJT@6w(4ixI5{SE(yubg)%pI_@{;`Ps$=C6M%~VO z3-Gp|pBL*@#jNVa`O?R$VkiY0Ip3?=)q((0DVuqQ3!NX(r zSR|MydF!7T!gT9-uM2nX==~HyXhZ#xsbub{_P57*|8?6lghFw-)@dw;%+0{vh>&Y} z4+qYKo@A}jWR2vReZA%iBc(9WGRcTG%`SU5V1b!wMsJk&MGiSa2?J3yPBOUjP~S#Q zoxb)lwak|F)2u$A{Y-MIQZ!jz;|QsN-$pfFyZNsD!|r6SnP4D1><%tz8Q6FM5$3 z<}G54=Hm~`%$O{`?=OBh5F7oC8I>CRk+xIk2_wEWPVX+&)$Na;3ZaZ^w_Lk3BK*%= z2BNcrSP_#??`nB3rn;=Y26)blX{3hdc?8_-%VaLr`;@+Rdt8{B8E|RO5mN>N?cIAZ z*&)&Uym|d4Ek}sCS+cPyjKTA!7B~AbYF}tnD{^b06qs&tRHqAT6s5hb zBEy0iilNpg(qza#Y=6TiD}a+S_h}pZm3Uv6w)L#%=5i1(8xJ?%(3a?XzR36Y_rnOf zJlQzNm}iXrtZ9!HS2>?rr?aFiI)1~!vhH~|jvQF7!Q-s5LM)3MCCQIKsUQZ*(>2_9 z98PvH^UWQy`7ra;LQ8F%{(fO@My1}%3KvyO;=Ko(QdVS$~hLN|G-j!E5 zjWyYl*)E%Lu@A80DL$+d-lP2A*n6v}IHGV}5JG?i2m}ZY!GgOxO(3`hNrF4U-L-)P z3+@C-2MZG1y>WMUcX#iu>6~-VS##H#nTMIX);!EScG0z|ZC(5S|4$Yn=B9Ib=j<0^ zCrd`KTOmiveYbAuUt;>;60)r^_%ugkoJxJ@H$1HrSwl}OqNZ7?>}ae;<5*4o1Ns_~ zPp--M^}3yhrxUGJk={3`!=276q9(Bqc)0Tq0PGgxYzIAbjGTKlpgM1n;gMF{e88+e zkLxjP`8KWvdrp@9$Pf9XdQCF6EC)}Ud$mmsw%U~~-Sln2%0FIJ{LqX9wq%LOvRYn) z6a>k8ojz>@IT|2QK7v+3LjaYYR5t2Iwg)egr@ORsbv5mELe_*xdW;IG5QZ&nf@cY3 zigM^wESxI6<)a^;^ZmVYQOm(-8m~SpkTgeKz$93gEMfE1yzZ{hZ1vKzqqu#dkSw+I z9Lc%%AdG%R-U+nATwv7_wwJ^s$7O_!CU{jpY1e<=Ld_yC>`fu&$x0i=@BeKta_Nr^ zuuQcMo`1=~BZ_w61<^D3<_}VjGvbj)sLt;&`HORoNMBDrG|}`PkbYm-7Yco;@}It^ zlg@O(5sZaptPACZL>!^x3{?p|4w}-ErK`%eB9jFbNIN%QdarhN?IeI z{4<6?lyRO0Yt{P@cS{Kjo-#aTcSK+a_3DT2f)Vi6u#7Ny;zn2KN=iR6o6gvIa|A*X zc>n712T&(|z*tD~m>o$huAa7*QqP|?Y(HqUY}izBI20WlB=#fjYiH<7JL9R6crkDItS*|N=?^*3ikB63~)?-x$rkJ?VWb?;fU8Pce)fDd;+P#=*4(s=B zo9g{7EgiJg*f+%W`F!o8pFwXQE^V$;0zI=jWmfdS+qaWNpwo|QcOu3c&+oU(47WJ$ z@xAoD?$TYR_qotC>d8v|jN7_Jr97+O5ONQ(^Eu4!(JeF{wsUiRmTGtqc|W!*Jpa@m?ehu7_cdBn$m<=#

E;7eXkDYUi&=U#7yjr zi_(V<3QDKppyFXv#VFIiB0HZ`4$9#OSvA8VIzo^5!0*)(hW%djF#YvU6DaRY#J~M_ z_1G%rBZ+V2fe0&$fj6gzTQgrKh9y(L{cM?*%<(xo8e_QigZgSXGuH?C-`pw4*1yCL ziKF1cthRM%NvZ$tQtf>Q3pn)RtOE+8SkQRPl2a@t$*my}&IO<;Ru!MnXrxtA-=uZF zww8@$I2m7$yw?FT>4m!0n7_N(M2N9i^V>@-2R%d)YH{MsZ*3s!gJmRWVOBOF4&Ia) zLdQ-wd4nmjrkFt6n$CV#9?%il8Hh+H{q8&m|5sJf_fan=FCO!W?Dd9kVq#*g>82L~ za@thch}P64K~}ZUsja<(^ABu?2aJR3Kn&RV0qL{G#D^rBVgEm&CJ+KhuJwil0d6wt zOx^JV+^Lw~OXt@24bAF!5G|^8qQC4W5pzW*);zrt57==Gwh9-;#0OE0Frx`xggR3} zHYPBMji4LHf0A(+Y((+SNp=z;z0snzEEphIGJZk&|2v3tLGKxg+{JTE1)2Wmw<}`s zJY%)5--2H#1gdZGc2Xu20HPi+z$eB1Thxs(uvZPuos@jDI0`R0k4HX-_W?V5v)`Hb zPq!RCsFT3Z;IrzwyIlGzRVKb46(q6&Mt~B?^$e0=eEW`@ZESXb4$l98>`LkDW$m-U z$|EKtTmPt-*?+;?6GXjXQivuEHVtBI_{(@O=u2U4s*=}&{v_U>*sMvb;<8y5$L)=6 zML<8~7Hz7h+Oy0?b z?(-*nVr8_|yy=)tP@#~MtClrn$4&Z`7E)6fY3l#%k^E$fe}+XFYEOVbWvBoAe1|04 z2q3s4kp76jc(#8X36j6a8;8>1wUe(rgs`^uN}$|gr?VqQ_`0*2w)+rOPjL5wMs$lG zj0GD>9_=^#f4eRLDxg1%x4Oi7y!qVBiEoWo@ZgqOquY>Wp>DogvE{x5)Te4^KI+FQ z_4&u(k&HHP5n;&lXo6#*vJR(IsE5A(uZ-$)bQ@?=ex(+!Zem2t*$p(S+XR}5yV3lw z0+f=AWNIbI;o=Yz|1{EMY@91$K(fRdtA6lBuc8daUDfAF4@PB49YyLXg12&7gBXcH zupI1JA}5s$+UX>?xC1ljeb-1btqQE`zFr;Axu0xk+Nl`KDgp%YbJ_L!zdgAhQZmMh zV$tb2PjaXw)<+P$EXP0{Ohnck?N1|FmAFAJ+HzC=60ES@fZLy^rGNKplA|G>AUQk0 z@E(l3-n_V?9#`N(z#DTIS&s2gZ(Wz)@~Q85BUhTwV9s_Z!#HO8$IuE8PqZJH>(T`X z5NNU`a((Hvy5l5kU$AHhpeTmuFy`u2`OQL%M}baQyu=ouV}bkw#!AHvc0b=a(|VF0 z#oh5-Q(@HL$F4x2!`Lr(iYCUoMY32IXlef|{|Tms!$|>y4+&sH3Ua>G0N_4SWwgt% zdDx6-8nX2;O74_(n+YE|9)yj0@cK`>VLuDL`i_76n^- zB3c6-vCljwe}CamIKu=-9HXSOPoiH_my`|g%Jmt05C87P7WqosDLp*@jLAA%=ru=W z=Ub0dCHdC~NT)-qy#J&)=@{9HMSq}Lbh|3_Pm(g~HnbHshY-4k*cGH+4V9W?rIRR( z7k}HJ|12e7g9q}{o!G<)^(@++wcwe3%)8YWv0k?Yf~hsd5rxX6RO0;=w#^Nm^I(8D zsBh$>t1ussZvR*Rx`eV{$68coOv%iO!TOc{hkDo9sDd_qXqEd5u;QBtwM_xG5B*-A z+$>Pfrvv)wGQCKyjAknH9~zi<*%0)W1}lbg&ucOh$Q!wh@y@|ePgi&M{e=j)#HUL4FTHbQ72Q6vd+ z_u#3zN{c9V$$j1+hh$M%gc4xDgq(kOa#x1KkWt$a(3bbX=Tg15uek69cxOM0*BiZ_ zP@Yi6DRiqhiqvYDLlc=u7F7WBb^IH`?+Sg-o9E^iP3O3kBX5GcT3qb|5g+e2REu3C^`WhI9OyRw@BiibAg(4*G4Unf193t*Y_BFALfu2sg`>1&{UeyCqzKmZc z5w;GJX-Fp#f6Uw;UhWT$=(Oq%b)kJ9rQwz~Q`VmnH*m7I`8u7~fvNiq1gsq8N40$* zmc7>wl;2Wo9RR4dD|K>O{eq-+lA@59k0r&#?99m_cD}&T;?Lh}+GI zvWl6{fvjmv zLB8@fSEKu*TtE^A){$8su=Q74W68uh#%COH4Rf)%h-V+|_`59zi&z`rZRg>ZyS%G> zwqe~i2I0$fqPTM0O zpm2tz`a>RD+43pm1OXjfc+I<^_D$&WuqU!66P{yYX%a1Br0B>;`NOoC@?7b_R8VPr z5Sed#M_(dm`Ok@bdr3?A*4C5xFQ6w+{j*f*j&*&Fgch<94cPKh=7^+(-OBHl-xqC5 zTvNNNg(dqF{|)(SvTdtZK>%v9ep>Q^0sU0Ph>o;;WN==jz+v-Nw)#R$D6X?ejX4^+ zOOJjotvH!FQ0(6vbZfoxJ;|Q%@;;i)Ne_Ser3pv9(xkIEtI%KQq-ihy^G@=>seQbB zoxb83PLJZYojPX1FaJFK)?$6(1RuEj0Ov$alNH7-xA>9Sica@R;0f$H|;7CYhh zny|zC6{;w`MBS45kC*Ny51~vxP+$Pv3|%Pr=RJ(2H2GJ<79`{;4CTgSLl zrq#IBq(nvI%m3K`fofPRm?)rQW9oo?S0Fw_d#a0{*VBV|6rIufWMLJkP_JAnkInmz zR=?WB>-Mz$_Tt$u4chZcn8U4Rar6XG<$?jzvWrLBU(@rzeY~ARWeBZ z`*zb|rIBw%GQ6+UvruRI^Wb+1EH)M=%eP>}4~+Wb>B21BtN;#w+>7V`n$H5X zFQ6H;g#O8kxxq0M#u(SJqzI@WuFoYE@i##&-Uo%Vw<49Glr=SZ1byg?`|2L?!tkD zXqVD9(zKFmj1tWP?nwyK*$-xVSn}4TSWv<$ZD-Nn_mm2Zoz2Df=8Ud_%*N=}5umRm z&7q2ho^XWgYAIUGB^5R+l54-x&HUlu)x>}Vrw-+vsv$%y%1@weB-K`{6Jc)B;#NA7 z6zb?ewfuCm->^bGdO%gzSR~5Ukx+S`X?=8)zt9TZ=p#H6!(b*u6}1^1H>R@gRLN zbBj5~L@mm;=bxaDfwJ0H{U+uYJX%PAU-RSmWRU7ulSy7(;Zi&s9=AD}nc>1`c|p5} zZRc3JXej1T;d#W_dR1Ovm<_EKp+ThRIfYu4E)z!mZE*~9p1{^VumMG%Do`7{@!B3P zGz-G+zoS$L@#(veQh}dHAK2ulOPPTz81yt4Xfjr-GGN%2%_7NN9?j(G=>u;D@#G0R zA!9UCq_a85g_u{Cex`rNO=jO}bd0FKkv*J3jX8{tcVhCL6E>$b0mwkY%LtvokkqA3 zXtj+OX~cqu(|H|H8>7>^6A^ZTLR49xMS4>zfBX&?S_&)Znjd?=E4+pIQjlwjy1OZ? z3Lkm5>fhXPF5q*c3mLHbqaP19OsqWKc0Miw4@hZ6hFJdHM7G&w@8yIs^N*^edz~ z!O)gRp_1FX4DZt&?}*(QMyV)M)WL3vME(`RJfY8?{powRS4qm*kuH-q-;lH`j(4`$ zTt0r38ek{w&gjrQ(|}oNjx4O9f@_yF6we~evlpjOy{aOQ4k{q+PtyIOPSq__xijm| zaC2(>7{WhWYu-GYUhj5QE+CY};Ui?ko>O`7+q_umh4<{VKQDN9sv=QOO5TB#I;@|N zVx7k#IJf_uaC8)-x@fUnYct2A?*=JDey3(f7IaBd`fu(_S_tnnl=uz<4zkNzoqw{r zSN47xE+&~yt0~`BiWPrch{ED-dzd$yg5DYiK^-FuM8^z;1h4teV?-NbR~%Pz z^&+?%Pe$bOm0^>XivqCw*fT#?hx+q~1UMZY-%Z;5CXuR2z>0ygHVST$Q%bEg9=g#b z=UV>y&SURXmkZzh!Z+Fh{ac78MJ1QRf1I&rxb1}T={-KuupR}G-%0FVfV(9I5 z)5<}{nE3HCj0@(U%V}o;K>|%GUaBYVL0gn*M)Nk4<;>;$_+YQtKqIAgOeU5kqnjM3 z2lbQOvqczN(P#`|#9QLpd&eyoO77(##-gTIF}B=Pa?e8TJIdAizrS_cXL+1&N z0f$M|W+QGQ(3~Wy{Q(d2AF_w!JwyU|3K_Px5p_FQg+ne$;ZC{Mj(Bjboj!!Uv|qQA z7TV79pCGaJ3eq3NKKdtv00?O45#cr@(&kET1oWn%o$p^P0$0cm7UB`TRgeY}xg!*y zZd}&89sP3vRVjbrO-cX?tS&;`Qv2-a@Zx#@t>wnVhypA*VL8ue#$T-9hkybwa1i0U zU5dc}UE#fg|7}14L!EHaL$KxBEF$EAO&B@=0X#52K#+5kKC?6Hc$FdD{N*s=0>IS0 z0YcQ&>E%5+?0XiexbEt=zt_(&IKUaq$BimDAUFatWR#g)p&GO~zoIC8iiXKZ?l+kK zp;yoFuW75i5+5pUpA-|jorZ3^rUIb&`Up*e~p@FV^&K@Z}TrDDb z1)Xk;hWO@arH!% zzI*Y-=L-I%$tMUXJ_x?ZBLm7vXTz@UH2bE>vdB2RIG^7(LJ-56Tj(uUhpN>$fk$cA zhYN+Gs!y8SN{~n6p+a~RugDh9a!S z+@eNDe#&)-oNWGs!)t?nvfl<8K=R=FM!J2Dl5AULMdor>K6rx;VaPFlVJc&g@#3&+ z%uT1u7LGZZDQxC2kr{}Dd8Z6LSE=LNGZ zW~ITO*G8-JjQhls`CQu?YWIbdLr04p8jUPY+ToX4}Ab zl!_cfpJHm(M(|mKqz$&a7(@sqI^rbyE73n%_LoxhK3w)2N@ab-dVqBKQX(4gb-rKs z6egiu3Eg~goMkUiG z$aa)c$%NV@D_s8oDLiburAEtO8h%jNJ2ZL-BWbvk93w+Grw{#=|}Dv>!!8 zDuIy20H;(b5s}6MqiiudP6Cncp{PuJsYd7LU?U-dRyX?tZQS0SfDW`#=ax{ zPm>!?svl9IGe^ed47PgIo?fEZc0~6xh4zTzESC%pcZlT9==w2!9SYVxc>VdNV5@#! zkh8%AJud?NY1dqM44b`y;mu}^4v^FU$|PT|IB(VtOVDo3Cs8U0qa*@NzJIjad|#}T z_0;|jgvV--E&mP~pY?+?HVgU;po|bTh&htuTyzYSyn1*jDya{Qoh&DyfB`At&`(=- zhjQ6{UqN=8TKN<*S!@4KE`di z;M%&prb3yA4+)g9IGww_(L9xfR?6Rq4r~h~5Z4$JMN#d);pZdLvFa-4}OJR{XWEeARDS?Xhbx5m6PkNZta?RUU*K((0zAm zAO5kp0(-L;9mK;qb*&;ROcIM*WH*o}=k(U;atuY`SDYx_nSBC|>!JvV{tK(p^v7Z+1YxZQe4qqa4^?SD?lbzHSN@u>?9*TON(4|gZcId5~t&{ddb<<12n*)u{7V$c}xfW@x1oN?6tlfXT zsx85NJSTDnMn}SriKoI8Ix|FNN%XF|m96%5=Cp{7r+!xopM{?o z01-{xmOC6IA6ek?)B`$}*P%-g^EMh?owU#UX&>3@_MtC<^xN#EC{e>nOze8qzA=2b zW@jr3#nI7Hz4B(ZPKyuqxwmfL;Vj^QBv$0FL}KK(B>R&Q{0`)0&);^NkJp@_47|l} z2xPzuR-|s|W!#d)u;s$JKdvhwH(T zZ^*1)GWSm17?RAHIyE|Fv_p`DGH9}p)LQ}I?F-8fS*9qR}?9M;Dto!~=qvfUIcUwFkFj@xV>E|nw7sSLc z(6Cmz)DhN{Yee#C`U00~l!-UUI>xuS8C>?Y@>snd3g3402X# ziez0*Nn(CRQ5{E7P>JQxA&oT5u6I428#VKmhjMq59O#7cUGJ4BSYw>T9G-UyapC@6 z3{OFIF@~Gh1RPRW zr`3b>aolEaT<|CsH>Jvp7FvoWC?&oJ*f)2YMiN}z_vWQLGWm`9qN51#uahaOep>W< zX|;NMa6d=qBe%r|`71jR&zR3bb@s}zq_sBKzoplYm#fr|*{L^uz{q`4!EJ=64prEe z%J7>S#P~o<1mLoum$1h2@ z*>miu;R6+f3aNmkPk|I$V!wSZPnO%?XQwE+y>CP_9iZQ3h}~ks1%)Gbgio zBv)83WHME`0vMlI$|mg3_R0v(^E6`OY~AGAp+PpBobak!|B%u_VbV(W8cpu*@_4|`Zoq4dpMm9#J@ zaC2@Xtu_19aN>PJf_)=W28)f6R-*%)i8NL)sU>T;lTSt}D<2>$Rbh73W7cb6GhTgG z=@<@ew$P2u?FF5(B>>W|O!}=w(b3{@M|9@cx&3{t`Gn8#U25)3r+1SuG;-=-9N=Jh zcITmr9-Q|g+4h6A@0ou_pT@=8a=p?3d`YB^rT|M-0}Qy*!%d1*P2>LlVJXW%N2*co zHm1wv`z1ru=S{Po+}D_uYup-J7G&s(4W+QJp~MZ9(5Fd&w25H~m!OFuDpzSXA{!1(?frfAr^&cLxjJQqrOtUxKk`X+}ueqCPi>9!c3O6SM z;G^^v#)68LiyW~l+U*vr>-ERiQ>KY4mMYx62^%OKVG5#%2m87mi|o%9KM*2PM&iy1 z+bsS1@(pt|u&IOfhju$qf->w`Pt-@^s4&{13}|%SVM(|u`;3pxisoZU^);%y8X0TG zpSw}6ApkRuR1z=8lY=4d+(9<2b!ffXadLZP#ix5C7@5Dtv_Ot`5M!tZ2-G6q?<3{Q zj6T?h>JaT38??M|REfq?-zbu#=3X=VS`iRkO{xIGD@xzAM}N6bqWWOW=rdR|Q2qFC zD#u3gn##>4lL?EmmZ|%mDzCo|VO}Hox0B-eXaaT<2r?lEVF~iWK`W}}D0E1n% z$L`IN4IlkW+yd-~NZW@lCpQMk;9Ry2`%RKETw|JwYrigoP5_#K=ve?V}o;N84Sb#NHlr8wfQ&r zyAbP9!5&SUL70ck_E#PP&0o#W9<-hUZ!Xw(QDKoYO%{PR4qVr=dh*v#@FhSY%8LWw z74Cr_Xfmn&&Kth>QsauJC!;L=J`+3D4>qI^`Pc*#WG<0J^^8=*NfXYv|ey=(ezU~F4wmu^{2D{uTFGKkIekjUEtjNlCJ=o}|s3-`6 zUf^6gM+RoNv$)&^pacCC^2OE|6>YR$(momcsL!t11SY#A5%dHCOL<+51XKdY1j@t+ zWKgn8W=fqXm(OFei430Tx34t$KAocSPh_-B)&XiKYn?DkIbu3g@`X5&4^~kNsttlt z4_%RJ@1Xd=pis&EusYp7*=78)90lvTY+d~ERmB;uuQtiMWFsZAijy-`jRl3ScFpr0-~@i<)XNwgmhWIeW~tR}P7CE?+b#zH(%t<{|F!|nS8kH?Mg zZkbAKc)=z6#n_j2q^X&sIv@W=XzZN6ZVcP~yuOL7t9o$vBg*TAnk4m;)STQ3ox2n! zh)QlDk0!{4RfX-VltL4Io5xvaJCXPvErZ>isGW)VfGJzwkgWbwb8j!j*vfDtvci`n z9U_d5z44+VOdYX<-}4xfG#Tu7j2WCyj87iVI2qhmj2XO+RQ(l4jaP-W8J;AZH{^m3 zVS-fWK81HsDHkl%*(mH!n(uZaeu&FhXz6@zmY=Nh zmOMi};T%Sw|2=##vp4l(T-0sZT1ZoFRO74))zUa-9%5dk^?BsgoLAK$#4b*0bcgVM zK~17gR8&+bZGWG!HYn@v%_w%dvjc^i=)3Bz;Cb9%mduQUaL(R~hWWBPYUI0?X;*xf z$zc1cH=Aj=6ZBK6^ei}p(vW!X;H~9nFjXuBg=fcY8ueoSDwPBVMKTYDCtnCwrWx#h zk+?*hty_En8jSFe+n2is^!2{W?MO?sWLDp9=pqFb4klZ^-e{b6vAaLKp+V(9kyA{g z%E~@>j})@OIlCBl!EEBkQ^JuiJ5GB>HgZ?B^g4F);u5W1^HHe;u4<;-@IuF&c})9$pUAzeNLx*u@(CgbqX#|XiE5`+FwG*fqxeX z235_+C(SUtp3r@{W61(4;!fwVPe*#HmKBn>ee{+Nsdmx!P#8lk5XQ6LQHd;(JOLND zrHst0$1#7hSfaA{UHwM6Hp)!I}+*nSJJd^9eID#@!+-@ z7CyVu<%UYJnSCmoBe-_sy{!yex%rC3HUbEuQ8LS4yussXfIdW#rbjvrTlCQ(btsp8 z!tCURlcGsM`K)C;*TqW`vZ1EPVeLe*M=Iq_d5C>{$$jt@s+!mv$U)SS)k&4_ zwO4DPif=_o|I4lUL?-KYOna{`Ty}>i{q9c*8#Q{VjWqg3i#ev) z2J?hcyHJ0lt`4D}68_A`ZJwH@6iCYAFsl&NlSkp?UJoCT7jxwZd8ztV#S1uWqsAT%V^9AsCVVp6 znpxPpVqKO3i+^(=dQ}?EWq`2*G|J}Y!T9F7XnT(JYI~6Fj&2dhjjNeslx%d(Ouft7}`EgAAKvPzfqRx%{u5Yhdq^}77O(}ADC`}iZH_D_E zR*4Qb<+9%nWWR0ZPB%ebyq2LnA)2xEf+sl*53xTQ+x8S$kZIqy5snKYP- zDTSzC9af9V$7ZpTw#H&5Xqx6B9b-6?PGa5Oyy-Tw`zH7#G3WRxSfOhAs?-%er4PzKQN?6O+cUju_;FwboB z{>@*Tv-p!#6l)ly2083OunSMtDqJB8L2&@m&7;f_$RsXiIx8-x6)wKkQvoqCgw2jtEU~18GSkF5dAj#w;e{`Ub&Zzq=p-Eg$<6zmU zt0H8P2Po%y2eGYG#}Ywb<_CRisooOLdcOOGa*sKZg}$|yP>4gf$?MDE32MexVQA-> zdv--=;Ro7`P&=O8r73NTE>k`l@+cRpsXxX#R;GEY2@5UO|6o-8{nIv`TBm5dakA!w z;J(;e^laJ|(sUtA1LTrLr%}T09iGnA&Qc)e7lY zUv(VxdSx3fsn7+dTgz zPPt|>+Txc}c_LaPw^qDd_&2Pcpl88Jnf-~9NLpSsanM>d@<{A91#OYI9aP#w3x-iX zw6vzel!h}ZX%~Bc0YVdbq!<`n;YGKbwU zp3~ldL}Ua9XLyXI^l6auCZaU%3!Hbo$s6lAPd1t6txc9e7!>x(jD*=u3XY_y4JO3e zXiIk6rD}dyi;>Rlz+j1uN@twVogR=`l#rt#!-%pVTPd&owg8ZFa-}l6a}8@Wg@q;3 zNaJYZGkRr*{BTT25BhYHp=dbod>{?bBLrK4kd8*4^$NX~?IQcLdGxr8FOc5NK9OpY z{p7qJyX2{i&bi44?lAcA8-l39#}pRzY%-QWxOO zsrsbWeri84=&q5PGdZI}#2gF4hv-c~^zbMVo(|>%-cf};MP_??3*;HmN zm6s3U_>p4eYYtnKpw)VvRBY4^v#LfjKjXH&OI4Ke^P_3|z*U^9)e_A(>upUb{$$~^ z_JSfn7Z(fOv~)!IKGzGLB!zee>ecxO7Q3fiR|DHM7I!tTa+yZw*R=0e2@~u;UY=9~ zG$HQ1F(!ue_wH>`z3q5l=}ABHh?W!gND~IO^HF2a6SVM=RfJqubi#C52RF?WVAsMD z4t@8o^03eCPq*c9AKB@e65UrWA-KQ9<_X(pH76W^i3)#DBgBc%RkoB3ccw3H(q+!D z$Y$$3UKUhq_Oh21EkDCDTH2iv;e9di>Du9;0rc`}e5MM~-n3H14E3*hWafk9*l+WmUjioMYx z62yzs*5SFUG3oYS*J0^&yEBL>*yPdJt^y9^eb4t0gDnLv{5yjfdGo#=afYWZEVAuC z?j?iPw*{ZGPkm~Tg|HBP`OM^KBU0=3D0tqH%(!Kxx5Or&uxST>E6}<>f;gHzXHG0v zn=6sjN7d%cOqMxb5caxCPKP<;`2)gUao7wTMKG&+-{YFdNOck7%EOb({QZ?kEPM`= zOlYxkE2vquzTx|)kfLeT?XAu@Y*qTAlhy?yDt9}>vHm?&AoR*yI$+8!yo0^Cpbe2o zh3Rr4aC_(Z52OSG&j5uG7oPN2s??2^z!rD1W#^v|z?(X`wx{5l6__cU7f~AAx0x%leK1RM%p1doS|kBuI3nXig!zMY z!N3z??LvhD+fjo0svY?V3o|x?mZ{KwhM8wh8GQ=kwRI6HR5pp;`;(g!wh>7H&pqgW z5=1lrpa&e>Y}chan(hQ9xCp_jF+^;^d2rahcmESM62p=4s2)2I)}Bz>3TW@om|aSF zz(dThQVc|jU;%U-gplzHEZZQV0K^KDZ6L9P;+H%f`K_j2J~UTi>!D7Eg=k{l2~-C0 z_bgGwzJTE`bJ>l&6aEwgjsfeI=%*|-SlPr`-`NSkpHkDG@Becn^8i)=mo&&HlR%Ej z*X&(aHF=+b%wKG87XVg7ogEj9)^^wc&)_}1IjxV<0Ztd4w77;oW7;d` zOWP28JpQ`IxZkUP>Xdukl56RBkC(%vNUhz zy>tyzSZ_2Q(9wOf2QU#%JJYnl){WQQ!-L-F#<-$+Y48QH|9E%C(X`k-!(y^h+jM`? zlP}=;<TWtek;2v+gHUAvh? z#mJ+uL|koF3aJ^$I2_M~AObC>&G|Zeq#Q=&kRw%cThmGx@dbrnByEx zxqIWbPUp9vhTB1R4%cmx9WZkCTDuBVCfB)nqn&3XGv4|7BkcLhC!c{+g&wGf^;pe~qK5jQpSnbFtjmdcwhQlhZ|yGl$P6!BUftHlj2Q z1oux-(fO+-6%7D_1Z{e8*OTIS;QtrQWD;jj_A{pq!)m!9F`6Lh0o@;_^y<>Wk_isx zNnUK@AC}LXU?3MF)XpJWP6p z^p?;5`Ow@#zODh~^eH&n!6?+|flrD&92WOAWVBsC$@RBiL{tc@qS~oSF{b=4u1{=D zdvA>4adZ4E$loIum;X5{#kUoQc$^Xtipki02pwk6)`SV0ub>^#EPtlwOr&_C+oC;X z+4B5G(5zf67LaphZN5^5mjTosM&C zTD-40nNFK`Io3}T1XZ1p)9REW0>_|ePGRLe8~wm&?BceBe#(Uo#R zd3nW(nh|*OcyL!$z0oGFJZ=DhU_#LV!jP|QhYC(m|AwYhGJjxNUb_mT9Nv-n(=Z?s zWz6t&mnv;k(KTLz*4w?tHj>tIcEc=@LH4%hU_3tTD}}V{%Uv)>orRRP2XZz*E-cgz z?4hTz{veIIW-*%&D4l$a0VqIOprr)lt(Gs7Ql$o~ZR2G|m+LD#U-#g7w)1F)2 z8Gdf9C1JDosIIiX1h15>x5mcCuIhHSm{M(hAws2G3!(k;fQ9>LPyhYJMmElU3BZ(+ zlNci~ri~j#T$e|SU!NQ9$!WD;q~m^QwVor)x3Y!-u%0@%Q(~j<^#8{7w*;%A&fgS| zx$cVfV%IObJJ>@-$`hYEADl7qKWVrgnxq9jRqZ_BR^NvUCvc0ROciVE-U^yO9zm$S zHJ>i@&Mi2t^{UAPJil;GQU%VpVS%7snRX4=-A*n5PosFE-#3DZ3vB&Jo(FTT_;xgWwZL^+1R z2t^d`#fyY@+H*Y*d)@6V4C{tIF8>dvC!!i6;?!=q%pL!X+RtsjiBe;$lT|uZDoG4H zvSBXw{{!sf$`sm5P@Wp9rN_T^WjmWK`{D8Wknm`cOo_Zbrsmf{Gnv_pltb{tH-nbWMXM&wnAE|phkCAuXN3diD2$r=z_N7;W*VA5jByKZ0g$M_J@ z26;1^ZL(1*(nUn!Ey|k8WaKlFMY0f zvJXSXn%8|a`1tR3BHQMHlK7&CxAtsxpX%T36zeMS#eTW^n>5IpE3?}=4odJmTXXhKn?6yN+i+#~<=!qVVObHqmPnoL zN^bPN3YuZvlU>4B+EmdA@~A?9-kInNoe(mrQ|TU8Dw&6wG!@H7DWOsEM0_tHtyxoL zZMhZqh6xyONCUK8TOPKlv8L-dX*Hgd11MNpv(jlp88(z)qoR0arK%{br?LxCexz?S z*=#ACIc|KlE>V7md=~%{}Qaa+XqnV;NVb{F>%@6{?5Crg!`+Ns%XwYH=m(V9@5+pJEC>5xvlwbIS zvK0#?uC!Eej*fmewH&SLrkv|DS&Spv>&13!{R{O|>yG%A?vco%9v!wqabbLFl^a$) z08O4kG)Fu5?$5D;=KD>gN)1}c??>FHYF6l}iE89UN5fhK(rxF(K#(5e9m=}%=lQZP zURto;wT$eVs0$Pey?0ZVbz!}q`g1YS8`*YF22$+TE z!RSi)?_l&nxpIEcOAma7JeKp znCaah)s~{AV|;4TMPA4e{4a19GhfBAAr<~C*;(;XdgN3q>f z45H>hY|$ci?#{94a!bwz?~5;D-{t3lNh$NikaiZGsF6f9-Vk%wU45EYCo2~66HXuz zM@NZOf}tVPG+cK?zBxZn7HFI&*9$ z!w;pP*g15V@BTHqE$6o7tH`-t2TVAP0}2Mh_x!=f-oSM6Z*l3jBy2vWC^A`H3YDtYv80-CUx-8BOlk1CS*6lZVyT7Dtw zl?Yn!#F^r8xdpR+T7%8t@QF~9qITc-1Jwz%*?hlZvDlJAG5-%*&xRuo9y`)x-F+%$ zru1zWSQm_Lj|sTNx>(|@9s3PDhR=QHacws(@*sqG31{uup_ixbn>(Aw1EKAEbG-g% zbU~O`XS0h0qqDY;#1`@Q6X3h!+_d<isQ-x{tUZ`532q>DTD>yvO>*iiA9A~V+SD5+E#v)TV zq{1OMVw5TNM&{#cvW8#2_4&RJQ&ZwQbDh9x%d`Kxxjb2=Ui|lS=uhO~)!8m|l5A#) zK7VA5IvmM5TLG6GQPpiUP72wb`KG{sxyS02P(0F(|FK6H5hEA4{L?nSg*Fwdvg>TQ zf*tG;d{NYXI^?mHsWX;+cFWLBYq4|BEr85;((F#;%G}!&6CL3IFq0(a(;v*l4>2vN z*@1J{JKIh<_7=)Xn6LgeL~^6v12*=;^JKYRa8GwA#*9P-yfmak)|A%EMxB|*jn#FY zghBNPS~@6u8~XtXf0i67166(d+zlwypbDh>X7GAS;P@zguFQ*id|sffw!3B;$RMYm zDxUCLrc|D0nUvQ&oLOhWz^Hx`{!VfdDoP7@Vn`Ivos&p9K^t%r=Rx9e0 zix~J&$BP(svLY`o@|)j$tY%`vM3EEKb-#uviGpXD*hL-FHk~{%$AXArdMbVdM6eG^R{OMg*Aubv(SIj z4gx+e1R_H_=BdtjSa#o}ye4%Wcj3*8`%3eE3|$8~Lu=FX0>Z*6f++UC)tgmzD7J}n35FS>+yb|@-ZW;_Uq%oc9CX#5v(;F@n(d6N$!DM2SG@nBa2F|Q;KA#28%BG zi@(~7-|gxoEK!)^KaEcFZii}6}DY6LWZyABF%@&pd zU&dH{*;@K$_AUPr>+wWW&JU3SP|9?Zr9Q!bu(?26Do3|(#OlJ{byiE)9$tvt2FO0# zZ)s`=NgE%}mjU37gYf?poqminpP`n(4vsgZm z9#*Vm{0W_m@>#7j;@@5X4I=Ze*F$KU1Ix%~^$Qo3n4?}>O>wN{0eAf};0zfwME|h8 zz&FmotrCJ3uE$&jt9aTjCM3}9 z<+AMi@bL{4AHd?R9z3;OP`W@tXppz9gx%fCWln!6F$XGfsZ0!*|M~`Sw`2UyBj4+) zbSjHWktzN{9vp{eanuvnU>*S05dWBV6dVQXDWO2| zMsS;?W?kcv{G`E`m}?}r5c3ne9;(+*fo3zgpb`2FrqjP2bNlR2p%%O z;_4F|fKBAQR{H>~vkmBbf%z3!!Hx187F?*n`v5k?eC51%ANXo;88GKU$i?BL-Ua*cX^Am>*^V9xOJ&Tz;-eOPRRc-srQ2CD~`?ry_y_7pVmrl?Ef@mM`xZLaj z1-Kpt28M4LnP8AkqJDYfz+SXyP;n@rH1B#GoP3SzSqAW~*^m%8>;lzdFj2KO3?w8* zl{AAVsl(f-B6$^sB;r#cyNDp+!AhJA4(ELYOgb&Mg!i$4ESMBV_!jW%BPp^8h$p#D z8Erz~qEb(CF+v;6GiotVzup>@r0$InkZ4qHUS6Ib$tm1tK+-J6xIVkvK-~1>dn}Z( zI3X8rk*`}pK<|enFsyvjns^f_VrW9tKse}-mYkeC3YmrBvWo=1DbXk>yHtTPv47rW z^=cD(#MvR{UQeaN!9;-EQF*>ZVktZb9Z>RNCc4-Dy7d8AHKukoTfvx_SBD`mw)wc9 z<@@X&X^X{z71>EDZb3EZpsW6MC5EH~7UXTDotHCbr8CG2D9b&M8dN-<(ZpGM4hwTy zbqWXwjP&;OT>tXAJ7;m->2Nzj;ZxG!Y|)bh_TnvMHAuj*^q}m_!wYe!f;5O*O}!pTMeAy zJFRaU)<02f6!cR#Ds&fL{cA5a;+O9LQ2Et2#R!amQ3F3J{eYiaU0pqoBRMj;7&dXF zBJ!|6pSTFw6|9;|ANH{XbmQ1Fw?uVgjop=`q=rtjv$I(dp*zbh3g3K)>>(C%>b7E; zImb~MI+TV8k?@SKHMHcH;_QKI{wH2T`1vVoK^MqmaNGnTU>+CO7XSw+r5Op`Wv!YU zinSe!5ZS;~VR(vr@&HVV8#J6qQj*qhlnTPZdHhNuPHwDD2SP)0?EA0~5D+k4C>BeU zMKhQ*WO5}9WLYGN2gBO6cLC5zyEqcs_`3Kel9%BoL6em2WJ@`rr8HboHR2AC+4`RQC1SKYt zm;)-GyaSb12_z-Zpyu90j(7f6==~ER#n=ddPyM>o<~Oz+E%ka75Yi`$--`zH#G)K* zeeN&KRp?SonXuU32IUQ}aCzTXubs5M_^g;QZ3Fs!1vQU4$EG0DT82QHL1hC2gBAoh zxV;W^aT4)?cE=vH2`<^972g-`9!N8Wf?zlT)%i}prDQyV`L}NG;a_8UKS<7oLNEis zJnmcGfn#P7q`9`n>N<&pf?v>0N7CKXX9q^RJ{2ij)rt7~`rMxCr!bk1OOfT?uy1u} z)EI`&S#4jwl_~mpwF6rN#EqOGY#baeg}8kEN}5(Qz&nyd6rkU{si3d{^zB5OTR)`@ z*9Zy-?DtnT(K+u=eqhg9Fk^BEZ7GY!;~wz2+Mn_q@B%g^p`U8&it)6`2 zuK}($6RDA7BoK(DO$5@ZO!PfHJtoZW5zBc79Y^#&zQ+T8)^T48!jyUK0=@ z)RnyC0SD|oD`yzZ;`QBcbUn!gNH+-~t+@PqvUv06S}sV-IAXtICx_2o4?MuOd1vSh zq(NZheg|DO8+v(TYJMRyq^2PJRZomFZ$J<=>fQwi#uNXiwC|3m^8NpJ4sj$LBg#4= zG)PLax6G_$%Su)y+4~qpglv&LqRgzaE2Hc^Lq;e&BN4u@Tkp^J^Zx$#dpv$U&L8(f z_ciY8x?bz~8dtu?xS4E2ghkjjUTs-`^E*crMz#__Lt*P5kUabBYn``W5-Q_B-pU3;i=SdA3W@7DAM`)1}!@ zj;SUJEIozFzlKHGX`UR4J%8lGS(vpRra8>E>75Y}i0##>eWT00cZ`@Y?sKcjbsp<` zm!5m8ggtVaVBdB@RB=09rc>G8xV{+el-z{N(kibNX&gY=0oiL6E2*yDWeZWflt0gg zu7?W!`VA0J9SE~q$`NdhSE4@CMqRe-fKW&a*H>D(?#6E)Ohz~n4CacPv@6bTJWU@M z6#BKp4ngw4o&Bdf73^0 z3G&J%!_|FMmcuyrlCAKWiS|1s*kP+=4s5v3>9-!S73WK2RH~%O&HwVfKarB9UV}{(7ztz7g087`4wFpxQ zdE+$DWEMxszU-}?e7_)aqHP64oEfqIq`RY|V`2miQdu`q<*^6fqdYGyF{E~$R2s#aG<%hd-S{!<@?8#Zh z0bxJ5YNtp6+ z@3Lb!q+85JR2AfPBT zhk0Wj3=ihJ#JtCu$oZD8kLZ#eibDb-^fP=-Q8`Utiz@r6yd($V9+4N*-xkI}hutC= z08cu`3Y{}c)wSF>OMS|OhxD`1fRb>K7cWz)!`IwmwUvt}j!ovIPZ99roPFcBPI+=e zFgkV!Oi1CPy^t}XYj_FuCi;OE(`#DU3ZE|Cy1#S(;=@Iubqn4gYvZ2g5%@UNbxEpT zK|$KC`%SYiSf4387h?(4^w56nj1zTUSH||JiW-V99_3q-+16!1Ob*hb)Fz!$-xbTn zE;lrG!2bC#nRVCxp6frQA9SB?WGnW~$`q+Rm38?} zzrf=gf_a7ZVWmMT(}dA0p3Av0r?SQ5=+^&&6?jQDBEfJL9V^?FZuK7Nys3BSkcrHI z(#Y(zAe#j#>2BlS&v(zD8Qi)@)+-X|r2fU&@RFCns@+?lDyAO}?h3;_3gfMeQDXj6 zDU!>!FQ-&DAg!`6_-jZAVS;!(B?gK{7Vc8zZ=gK6Nzp8P=>~*isBCsjk+a6r=%HC zG(V-5Q#}~czET8c!WaJp86mv)89_rSaZ)-eDw;6pOvp==CFFLf`@$cOV)>3B6FV(O zV9nwxut<6aSM-*j1#&aUv6y23wD?ZSFaD#-QewW29+h}NtwMz2LJ~7bkB$9fbk^TQ z2ghIIpwuBXW5QU4L%&;|=#YQ3@o4Q~hcRD)9Ia+8{ ztb5ld_H-_~ZZ2e@dQH^zmr%V8>sNAUG@knO3e3Y%ksyZgi;Ku*5OvbA-^Rf1RC=yK z)f{|rcF;mEj6Ib@@y%vMZJoi%P6xMLLW-YRV?Hbw2{Bd?@GW#T=tSrP?T2S0vhPh= zScbCf!^e$JkG9i&mKY7WYe#n5(is8}kMV3AK^>feJ&~yO%R(qU^*q{H!5>yhGT&s!?M&S8Z2CpJT%GKe33nrJm{ z#9n(IRuub{Xi5ivP9(gqL1RW$;}?A=uc(wE$2!bQP+$Y4HQ>Q44z5g zKKZ;Zx>`dG0YtCoitVtgY`*&+i8tFeXBQq(E{b4VTD|M;$-f{wzt|efVG--q|F~fX zF0wrv^>Zgb@hX{zy+@_~xf`=>&CJ6O!crHx-cCG^vP_R!u=Bw`+ZASWjZ#i@O@8a0 zUC3U;k+;++vC@uvSQWKSKMs69NSVNlL5&C~q#2`?ui>-?P4zj;C2K3z$AS;sD;>Yz z^BX#u5gd1JS;b{zlh5~~1ap`5J-G<-Y9?V3X0?Q~6xi=!w;CR9l&sHbxnQ=Visr$u9W z^@7d&5(>2Mbs#!K68YlQFlVN&QFUQE#qDJzxrI{=4#v1&>CK4qzFBycs;X)@T8BHJ zj^D=rCdljww9}dS1=?G|jQBC4fQ%wiY!@E{c`=LN3`kIFPIKm%dlVYT|Okw-<2>6DQ;Rvs{ zT?8TqygeE-84*H}bc0YC`ydDp*T)dcxITQ>ZX=r;b?Myr`)l@YDt~HQ`sY3mfA4DQ zCIxa^MjVkej~$| zT=0i3g)s03I0sPg00j!Fq?)8jH*>bV&^=)`VtRXio(TMsK^H|($Bcl_iK@bRnGPxj z7!6yf6O7Ho0px$?>;^<4KL{cijK8KQ8mOKYMFxv# zgnxVrm;wv(hDLQf6VZm;*O911Q@FQwi|7NiAibiX~pl2;I`i)1ketK6te4&>>?FEPDD0 zV5{n(_<_cajKFX!-IP7D|+5Mk3p55}d8qLn%kgCz|t2AdEsdW-*PZo{Rcd=16+I9Bly#f_zdkdnQdbbBm z5KRCF(fwQIbMGCoT?{CmkncCRAgZgfJ@;Bt0ZSTjJT&Fv7$THYeKX9z@p@x zd0(o+&hL3r{oN(vQCl6eg06HuGONyxF~{j0@^i+;=qo!pd@<*A^f%r;*w=C2UZtwJ zInSdHrC4}g@TCZEF0-+X$F=kI)m+!PWOQkG)y6?4H@d&qj?{#dmflz*h&W$dxNI9BJ zHXC+rCoF%|T5`~PYR>U{?+v&sb$%!;cCuY>Udv)qQR)= zZYN8oTkmYoTnT;f;LfonE+S{hsynT_UijKaqlA)ytoT-?=SlZJ^L+MY!4zV`)W(g= z%M47`_eXQef*QhKY&^N=oh3FmpWT3XHlKw7dw;Lif^=tI1U3Wmlv|R0G!1E}p1swy(pP3+|YSAzXGjxb{*^Dhi zlF@7i-;x{ct)H`(tsML+u2rUeB~e$0Ze=WuYiXQH4(D=@SGE${(>_AFCT8|Q;m2rh zg@LVSjWz-6C)mtJMjH996f&OgIBqVl>{Pe$)eZRAW-GX>-I z1?{}7#)a4>s#r>#XyzL`xb@rRV0_PU>XSWRGgnlzdW1``dg#M`t2WE&9HsVG4PH7I z^rS9xs?vBJrRA11+I4zKZJ`t_aqw`9-bS+|t({mddY$aXoLa`il^Cw_!K5n#JjOES zf#GT2Q#vy*eQOOa8!DhYr$yhric?*BS!&(eQ}%k$YAgErM*j$}T#C|_b2nZlC!L+y zRCmHr9KYiquZ?2MMm8o1sON_Q-zm&|oaBM2zk7lH8_!_6#tq781<@*ywVQes)d zb=Mfk)alXWQnu@H9YFEkh zMSnT0F}yUCeHxzGudLJkGDU^9d(y6MT*;$uLZbht%seK;YvK9%&cY+(3tiQnvqLS!52Guk)~_Xa#M=|5 z&l;kEWPTwebATa$U=w-CR_3iZ4Q@qw16l9*J*l;z`t8dhB$@X7|F6-r_jd zI@OFyh&Lq{u0FW9G`dGv!+0xWG;>&;@FhC_k-CDR7o2<5%TxYn}=qeuEY zB(>s6&Ge51#e)!+ya~GCtEqkLg3z%KR2Ng%0eiiM&(&_YA{tDeR)X-nsi@-@gb;_wyXJJ z)q`sCYMDzDo?M#RKd#zJ_S@ckDW2rso9H%?NztjP{VLksIMZvUBQf#laUPYkn%P*} zl2sP|hebmbv5+(oTa7XR!5NR_gA;<@-;de$k1wC#)>-@N4i{E>n`?N@Z80lFafV{M z!uXZ%a-Y=9#J>B?F8yL%DyzLNh!p&>)W#Uim`s3gX6sS#h2kKw4bK%b7M`FfwzPmh0Bkj zlTX*1>4#*kiN3RJTM~mmkDG_aAi4-UXc{NDHX!o?DBN% z6$JGxR0K2Yi>E*sS=aZWOBmNkNd<*Z1!{AupS9A=bWPO?{NHUV5@fAy9BLw^Dlnne zao>BaUjv~g0?8wyN8az&ZI{O6mjXpi--w}v-sl#vQFXRdUIT|6l?iyG2+;aq#^xX4 zttZA}SV5Ds(4!D}xaLZ*bktxC8vIQ9(wM%j$qEim4?;Rn!~TF0!k|V7O2jK7T0Swi z@jj@ssD3=ZfU7m(hs9?=mHCA~+!dHUxL_nf4!qYYgkWE)Csx9Q9J4Kk`bO8_X*X9@ zw%8hT=EdSKmi`aKGoSKu-#mpp4C&xNI!`nstjvEkM6UX8YnLoKJeh8aY01C-NIH$N zmd$e7CNgPdO?85$)c=KDBt%J^PW5E&%+8oC#R;p6aLU(2Ras?%gZD*XxS{ouAaU&f znYTPB#%+t-K^(4=)ODnvd zyw?T}^RJ}PM{;Vg5Gbir*di9CW3AC2Jib9)0GdWcSt%`{^}s((V4vNr>uS`S%zhjK zHdH|qzj)I0s@k#_>)H&-QM%s9({k73 zd$9DUJjD1R5y`N(xXxSPZY)BuZ(&TeqZ-ea6)RXAJ z?i^wM zeEr3fPpr3E6V6>uZ%O!VfRcfJMF9jEq0!>w08sUOX%e5y_tV1@rt%zSonG zt(iM6OI|@HgKte~5784KREEw&AjS0=KErIppVP$VFNQ%0*7O#up~@lP0d!3avyx6zRzo_+V)u%G@3P!wZz9fr^7-5AX}ra{(5#E#5={o9w9o z9~HP-%zxMbL2>9=%}Jrb9#oxbuWEK0+VLVTazI*fLaU+u#$_1P6KHp&nWFwD!q~o= z!kJ+qe)=7{+W?zYe`3FR8J@u?gNUHr6C!|TuATx0f&0+hbJ*YrG`NL-$^kuXfT^xu zSKHiyG=>G%$9XqhK;|V2BglU(J`C~vuMQ3$f*=YnCyH&6IU?yv;f2LFkS|Aqu~3cx zgTWBDkZdZsAzjF)mh=H`w>jsqcmke{k>_uAivV)fx59JHF{W0;qkxZtHS{3K8ypIwhX=zE?TYvCkSS5kwFB^%>U1+ z5kjKaGzMHC$C;U#kNfP*G&sU7in?agq9&Z#f6?Jp0+Fq#_5LAWgLzGhglYxxAL4OH)fsln_ge760jmjb>XJ{>dzph(T;AbESt5CLGGtzdeWB1>gCSgO zNdKtE^JwIx?jtK@EP6x)UicG?fB5NQa(t})bei!yswM*1R>(;t{409+0-Pe>o0cvZ}Rq4u6OS>Jwaw8n?*R-iA49|YY`DY zdN3pg&m^R0%o5@xwMP6?`K};azm34dl#}Mxhb$vC(_K_KF-*3=(PWpQ3ZX7ugras> zL;%!TMf+}FWpy`ItTXnL2#}SR4>5G$M?R%X7+%Wvz-;+S5>ORgv-t>8_0J>%3+{d# zh$aju7-=D)983DxUp98K*}3ZSt*qjp`PW3$y$I6_gYoBv%gPsd?~q>O?^UxQF;8lji=-%=wQQ6{ zhQy?DD9`@I+O6HCUUMK*hp#UHQn z-f^z>dA)?~w-Lo4idj87Y@e9l@hI5Ki@vX}yt*Ln@KZ&ZPMO)=@w6oasX;Wo?}&`JjvKIsyx4^!8*T5o(1Rsvlh<`|ft0&eg>z!deel4#KEgmgwI&%4woGH?}nSoW=n zGrNyLKLa!Z6VM~7amk8TVD5{;~1>o>``<*`%Su4#1RV1kERP_=H2@gr0 zqEH81>P6~l<}`Oyxu1S2J=oO@5i#Kll?l?{ICd8eVh(7gaHZG*yNZDdwi%Iu@?B<{ zY<}@g<_P9~1*l(t9kYl+Nr2E?5+Q*b??`+^73_|?hxF9NkGni}eP98M_(NkKP}BwB z1B39ocD9Gb4`eBn1zU;N(kHERkS7i55>YvSsdY*mKd(qbeZ$In#qldeX*RI zfdk?tH}fAI=L@xAv7u@dg(b29F|F;-HVagaC0cB7q@{ZFTO{`XLVD3bKjDJsc%`}X zQiVrIy0dfI#mA=lB?@~c_X4e4C(=k4U0*tqx>tP~jpj1G<^FO*B%05GGiBse(-e)o z>SCGA=bvZ69O`OdLI#9A(GEF13nBs|$S3x;S#rmDU0~$Rib2a(-CY67a0XgM37nXe zZQYoO$C6UpaeaPU)Y9;~#QTPIQs2&Nr(VNd$=3X)#I<|d@XsdOx0a;y!`|KWyb*kT zC%Dvvn`mXOOIWGATc6GT(0H^r(k(=e)~g{P;&aEG9rHGE!)30{(t!A_tDWy}VKH~% zH2E$WFH#UyE7e=^hq0yyvD1f>$lk7$im8m|X+E%Onk%7xP`WxPVaxLK9}F&C4KicT zs_lz9E_P|G&4r1HXjI*2o_|@hd$yg-`pg_-;f<=MduJSCzFFAz-d4K-zv+x?gdG&-J`K45ER}1&$j|BK zJ^S=-R={EH?vI{VQQObiTLIuwPQ2=U9k9RdFW=T5xy}k$Z{21XcR2xQrrIC3xydt? zF264HAAPOZOV^$X8MbA^IyHBXwb{9lk-tdksUG5)n_fW zHzU_Ire>q8`dDn5?sTFehcbm|8 zhe1}PK<3lAu*!h3vt=_@+#Ps5vFd$8D{)AkX0OPWcXRtKW6g_i773Sp65bx;C>C(u zKA~UXNq%o{O~n1m=gd6GCnIQ=tkE z0#G&DGACBNRN=Ke8dORNy8ND8{Tm>!PVhj4k`RGzeFg2ynSJtD$ZfjTFGs~hzWxQr zeEuK6G5<40%|acXRuPSkty}r?lOF?1-M^pvF;ZA{rlMKnyY{9**COw14-_7wh6+E9 zCFM9OoZk$8ST0$1cQ2P(j^lo0U#*AykFE^%nDe@^V3MldnDx4|ek#PL*6_}*ZxUpa zcS=L@)aWar5qTOZm0gTzENJNvBz_sOUzpKK*42_vRL=Jm7}Z>R9aoT<5g69;Hq5{1f6lkq&?6>^&I{_HHay+NANJy!M0 zs_WDH2KtKXJIB&*`MZxYiQ0`YCF~9}jiv~_s`cKD+t6%^t6s;tJ~%!;T5au+@oaWd z>Qg)fl+;^8{+~$bF+vaxk!;u;vk~t)!$$ujMVewC_r<{aUoc7Fw+_IEO_-URpM5m8 zIblB=8d?@p?Ex1PWN1-OdaI>~9=|Ca-L&A)qOj3u^~$g$IOk~OSpplC^?latH9Ja> z+;ng-ZM)AGkrMrh#dy$3I{fK%qxi zQ-i)s=FX;(zbcYGm6}-uu^gf_a9s2u${?S^uAUByAwUAlAIDP=$lE+117~UW)^!Qa zAZv1A5>8)y7>v0v^m|AcM=sxZ!hDW3)dCUETNHN@ zR0U!-3O`@ae)ATmPZ?FFnyOpyAxOn`OtFZP$PvN5EGe3urRsZ$T4H%UtcT)*;KmiT zsDZgZ*xsED5odC=KG?VU7Ay4v*i{)&K#bdCd7?9Vtq{4$B&ij}ISUGndI&H;{nLEN zvH%hlO7i{&;7VTq@gBO_Ft;66pX`9M<@}g#2eiJ^%7>mn@XzR-aO?e?E=|Hk`XHF( zYLGS8`!vXa!6PP)2Q4or32F~Yd5-1CWqb(q5mr&y>`FNhD>KiEBr%>8&+Ih$Gx6zz4s%=g*TyuRV7pivFQN2 zM$GHKcp)nV6rLD-YY{bX+_@L*ALJ^ab!yc(xViWc-cq;FR5>(G&LP73FOVOkj0h|U zDVJ`viOEbHw9}HTBuU1)U{>=3U(EXEl#0;uAy)MbMBhasVelQKXZ+xc&KY8o$m{2=o2%tCZTV9T3G-5a|X@Mhs_*VlRa%hmC@e>{#~ z`W_fCEmGsP;9SaHb5QF%HlrZ1yzbFv5jgAUC@#PA4MTDC`m2fadL;o3KD_4HPt!cD zZd!9^zO(P}>eug&b==M|IxjyUheOPYRRPd&>}Z49naGzuEq( z+uOH9DXR9t_mm@NV)VgGUfCjseEvB~3#tyYDg<#lr*&-Qk$cZLYxotQw=YO+289^n z74H)D-DVpfB!<*84>^Ke_Y_?akbnz-X{XPd+$4^eUH|!Mff|`Ftf}&^90}G`dN{`J zYy4Y>*ac7t@=HZ*p#F$My&IYQ;jacZWFX{avD*Ls1s?ig4PS@R(jeyIe}40i;Go_T h4fXo>A9GZ{9ti1uRS*AgZG`~-DaxtJ7D$`;{SWBkPd)$u literal 0 HcmV?d00001 diff --git a/copy-of-sdk-docs/learn/beginner/00-app-anatomy.md b/copy-of-sdk-docs/learn/beginner/00-app-anatomy.md new file mode 100644 index 00000000..988c7242 --- /dev/null +++ b/copy-of-sdk-docs/learn/beginner/00-app-anatomy.md @@ -0,0 +1,279 @@ +--- +sidebar_position: 1 +--- + +# Anatomy of a Cosmos SDK Application + +:::note Synopsis +This document describes the core parts of a Cosmos SDK application, represented throughout the document as a placeholder application named `app`. +::: + +## Node Client + +The Daemon, or [Full-Node Client](../advanced/03-node.md), is the core process of a Cosmos SDK-based blockchain. Participants in the network run this process to initialize their state-machine, connect with other full-nodes, and update their state-machine as new blocks come in. + +```text + ^ +-------------------------------+ ^ + | | | | + | | State-machine = Application | | + | | | | Built with Cosmos SDK + | | ^ + | | + | +----------- | ABCI | ----------+ v + | | + v | ^ + | | | | +Blockchain Node | | Consensus | | + | | | | + | +-------------------------------+ | CometBFT + | | | | + | | Networking | | + | | | | + v +-------------------------------+ v +``` + +The blockchain full-node presents itself as a binary, generally suffixed by `-d` for "daemon" (e.g. `appd` for `app` or `gaiad` for `gaia`). This binary is built by running a simple [`main.go`](../advanced/03-node.md#main-function) function placed in `./cmd/appd/`. This operation usually happens through the [Makefile](#dependencies-and-makefile). + +Once the main binary is built, the node can be started by running the [`start` command](../advanced/03-node.md#start-command). This command function primarily does three things: + +1. Create an instance of the state-machine defined in [`app.go`](#core-application-file). +2. Initialize the state-machine with the latest known state, extracted from the `db` stored in the `~/.app/data` folder. At this point, the state-machine is at height `appBlockHeight`. +3. Create and start a new CometBFT instance. Among other things, the node performs a handshake with its peers. It gets the latest `blockHeight` from them and replays blocks to sync to this height if it is greater than the local `appBlockHeight`. The node starts from genesis and CometBFT sends an `InitChain` message via the ABCI to the `app`, which triggers the [`InitChainer`](#initchainer). + +:::note +When starting a CometBFT instance, the genesis file is the `0` height and the state within the genesis file is committed at block height `1`. When querying the state of the node, querying block height 0 will return an error. +::: + +## Core Application File + +In general, the core of the state-machine is defined in a file called `app.go`. This file mainly contains the **type definition of the application** and functions to **create and initialize it**. + +### Type Definition of the Application + +The first thing defined in `app.go` is the `type` of the application. It is generally comprised of the following parts: + +* **Embedding [runtime.App](../../build/building-apps/00-runtime.md)** The runtime package manages the application's core components and modules through dependency injection. It provides declarative configuration for module management, state storage, and ABCI handling. + * `Runtime` wraps `BaseApp`, meaning when a transaction is relayed by CometBFT to the application, `app` uses `runtime`'s methods to route them to the appropriate module. `BaseApp` implements all the [ABCI methods](https://docs.cometbft.com/v0.38/spec/abci/) and the [routing logic](../advanced/00-baseapp.md#service-routers). + * It automatically configures the **[module manager](../../build/building-modules/01-module-manager.md#manager)** based on the app wiring configuration. The module manager facilitates operations related to these modules, like registering their [`Msg` service](../../build/building-modules/03-msg-services.md) and [gRPC `Query` service](#grpc-query-services), or setting the order of execution between modules for various functions like [`InitChainer`](#initchainer), [`PreBlocker`](#preblocker) and [`BeginBlocker` and `EndBlocker`](#beginblocker-and-endblocker). +* [**An App Wiring configuration file**](../../build/building-apps/00-runtime.md) The app wiring configuration file contains the list of application's modules that `runtime` must instantiate. The instantiation of the modules is done using `depinject`. It also contains the order in which all modules' `InitGenesis` and `Pre/Begin/EndBlocker` methods should be executed. +* **A reference to an [`appCodec`](../advanced/05-encoding.md).** The application's `appCodec` is used to serialize and deserialize data structures in order to store them, as stores can only persist `[]bytes`. The default codec is [Protocol Buffers](../advanced/05-encoding.md). +* **A reference to a [`legacyAmino`](../advanced/05-encoding.md) codec.** Some parts of the Cosmos SDK have not been migrated to use the `appCodec` above, and are still hardcoded to use Amino. Other parts explicitly use Amino for backwards compatibility. For these reasons, the application still holds a reference to the legacy Amino codec. Please note that the Amino codec will be removed from the SDK in the upcoming releases. + +See an example of application type definition from `simapp`, the Cosmos SDK's own app used for demo and testing purposes: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/app_di.go#L57-L90 +``` + +### Constructor Function + +Also defined in `app.go` is the constructor function, which constructs a new application of the type defined in the preceding section. The function must fulfill the `AppCreator` signature in order to be used in the [`start` command](../advanced/03-node.md#start-command) of the application's daemon command. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server/types/app.go#L67-L69 +``` + +Here are the main actions performed by this function: + +* Instantiate a new [`codec`](../advanced/05-encoding.md) and initialize the `codec` of each of the application's modules using the [basic manager](../../build/building-modules/01-module-manager.md#basicmanager). +* Instantiate a new application with a reference to a `baseapp` instance, a codec, and all the appropriate store keys. +* Instantiate all the [`keeper`](#keeper) objects defined in the application's `type` using the `NewKeeper` function of each of the application's modules. Note that keepers must be instantiated in the correct order, as the `NewKeeper` of one module might require a reference to another module's `keeper`. +* Instantiate the application's [module manager](../../build/building-modules/01-module-manager.md#manager) with the [`AppModule`](#application-module-interface) object of each of the application's modules. +* With the module manager, initialize the application's [`Msg` services](../advanced/00-baseapp.md#msg-services), [gRPC `Query` services](../advanced/00-baseapp.md#grpc-query-services), [legacy `Msg` routes](../advanced/00-baseapp.md#routing), and [legacy query routes](../advanced/00-baseapp.md#query-routing). When a transaction is relayed to the application by CometBFT via the ABCI, it is routed to the appropriate module's [`Msg` service](#msg-services) using the routes defined here. Likewise, when a gRPC query request is received by the application, it is routed to the appropriate module's [`gRPC query service`](#grpc-query-services) using the gRPC routes defined here. The Cosmos SDK still supports legacy `Msg`s and legacy CometBFT queries, which are routed using the legacy `Msg` routes and the legacy query routes, respectively. +* With the module manager, register the [application's modules' invariants](../../build/building-modules/07-invariants.md). Invariants are variables (e.g. total supply of a token) that are evaluated at the end of each block. The process of checking invariants is done via a special module called the [`InvariantsRegistry`](../../build/building-modules/07-invariants.md#invariant-registry). The value of the invariant should be equal to a predicted value defined in the module. Should the value be different than the predicted one, special logic defined in the invariant registry is triggered (usually the chain is halted). This is useful to make sure that no critical bug goes unnoticed, producing long-lasting effects that are hard to fix. +* With the module manager, set the order of execution between the `InitGenesis`, `PreBlocker`, `BeginBlocker`, and `EndBlocker` functions of each of the [application's modules](#application-module-interface). Note that not all modules implement these functions. +* Set the remaining application parameters: + * [`InitChainer`](#initchainer): used to initialize the application when it is first started. + * [`PreBlocker`](#preblocker): called before BeginBlock. + * [`BeginBlocker`, `EndBlocker`](#beginblocker-and-endblocker): called at the beginning and at the end of every block. + * [`anteHandler`](../advanced/00-baseapp.md#antehandler): used to handle fees and signature verification. +* Mount the stores. +* Return the application. + +Note that the constructor function only creates an instance of the app, while the actual state is either carried over from the `~/.app/data` folder if the node is restarted, or generated from the genesis file if the node is started for the first time. + +See an example of application constructor from `simapp`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/app.go#L190-L708 +``` + +### InitChainer + +The `InitChainer` is a function that initializes the state of the application from a genesis file (i.e. token balances of genesis accounts). It is called when the application receives the `InitChain` message from the CometBFT engine, which happens when the node is started at `appBlockHeight == 0` (i.e. on genesis). The application must set the `InitChainer` in its [constructor](#constructor-function) via the [`SetInitChainer`](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/baseapp#BaseApp.SetInitChainer) method. + +In general, the `InitChainer` is mostly composed of the [`InitGenesis`](../../build/building-modules/08-genesis.md#initgenesis) function of each of the application's modules. This is done by calling the `InitGenesis` function of the module manager, which in turn calls the `InitGenesis` function of each of the modules it contains. Note that the order in which the modules' `InitGenesis` functions must be called has to be set in the module manager using the [module manager's](../../build/building-modules/01-module-manager.md) `SetOrderInitGenesis` method. This is done in the [application's constructor](#constructor-function), and the `SetOrderInitGenesis` has to be called before the `SetInitChainer`. + +See an example of an `InitChainer` from `simapp`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/app.go#L765-L773 +``` + +### PreBlocker + +There are two semantics around the new lifecycle method: + +* It runs before the `BeginBlocker` of all modules +* It can modify consensus parameters in storage, and signal the caller through the return value. + +When it returns `ConsensusParamsChanged=true`, the caller must refresh the consensus parameter in the finalize context: + +```go +app.finalizeBlockState.ctx = app.finalizeBlockState.ctx.WithConsensusParams(app.GetConsensusParams()) +``` + +The new ctx must be passed to all the other lifecycle methods. + +### BeginBlocker and EndBlocker + +The Cosmos SDK offers developers the possibility to implement automatic execution of code as part of their application. This is implemented through two functions called `BeginBlocker` and `EndBlocker`. They are called when the application receives the `FinalizeBlock` messages from the CometBFT consensus engine, which happens respectively at the beginning and at the end of each block. The application must set the `BeginBlocker` and `EndBlocker` in its [constructor](#constructor-function) via the [`SetBeginBlocker`](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/baseapp#BaseApp.SetBeginBlocker) and [`SetEndBlocker`](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/baseapp#BaseApp.SetEndBlocker) methods. + +In general, the `BeginBlocker` and `EndBlocker` functions are mostly composed of the [`BeginBlock` and `EndBlock`](../../build/building-modules/06-beginblock-endblock.md) functions of each of the application's modules. This is done by calling the `BeginBlock` and `EndBlock` functions of the module manager, which in turn calls the `BeginBlock` and `EndBlock` functions of each of the modules it contains. Note that the order in which the modules' `BeginBlock` and `EndBlock` functions must be called has to be set in the module manager using the `SetOrderBeginBlockers` and `SetOrderEndBlockers` methods, respectively. This is done via the [module manager](../../build/building-modules/01-module-manager.md) in the [application's constructor](#application-constructor), and the `SetOrderBeginBlockers` and `SetOrderEndBlockers` methods have to be called before the `SetBeginBlocker` and `SetEndBlocker` functions. + +As a sidenote, it is important to remember that application-specific blockchains are deterministic. Developers must be careful not to introduce non-determinism in `BeginBlocker` or `EndBlocker`, and must also be careful not to make them too computationally expensive, as [gas](./04-gas-fees.md) does not constrain the cost of `BeginBlocker` and `EndBlocker` execution. + +See an example of `BeginBlocker` and `EndBlocker` functions from `simapp`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/app.go#L752-L759 +``` + +### Register Codec + +The `EncodingConfig` structure is the last important part of the `app.go` file. The goal of this structure is to define the codecs that will be used throughout the app. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/params/encoding.go#L9-L16 +``` + +Here are descriptions of what each of the four fields means: + +* `InterfaceRegistry`: The `InterfaceRegistry` is used by the Protobuf codec to handle interfaces that are encoded and decoded (we also say "unpacked") using [`google.protobuf.Any`](https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/any.proto). `Any` could be thought as a struct that contains a `type_url` (name of a concrete type implementing the interface) and a `value` (its encoded bytes). `InterfaceRegistry` provides a mechanism for registering interfaces and implementations that can be safely unpacked from `Any`. Each application module implements the `RegisterInterfaces` method that can be used to register the module's own interfaces and implementations. + * You can read more about `Any` in [ADR-019](../../build/architecture/adr-019-protobuf-state-encoding.md). + * To go more into details, the Cosmos SDK uses an implementation of the Protobuf specification called [`gogoprotobuf`](https://github.com/cosmos/gogoproto). By default, the [gogo protobuf implementation of `Any`](https://pkg.go.dev/github.com/cosmos/gogoproto/types) uses [global type registration](https://github.com/cosmos/gogoproto/blob/master/proto/properties.go#L540) to decode values packed in `Any` into concrete Go types. This introduces a vulnerability where any malicious module in the dependency tree could register a type with the global protobuf registry and cause it to be loaded and unmarshaled by a transaction that referenced it in the `type_url` field. For more information, please refer to [ADR-019](../../build/architecture/adr-019-protobuf-state-encoding.md). +* `Codec`: The default codec used throughout the Cosmos SDK. It is composed of a `BinaryCodec` used to encode and decode state, and a `JSONCodec` used to output data to the users (for example, in the [CLI](#cli)). By default, the SDK uses Protobuf as `Codec`. +* `TxConfig`: `TxConfig` defines an interface a client can utilize to generate an application-defined concrete transaction type. Currently, the SDK handles two transaction types: `SIGN_MODE_DIRECT` (which uses Protobuf binary as over-the-wire encoding) and `SIGN_MODE_LEGACY_AMINO_JSON` (which depends on Amino). Read more about transactions [here](../advanced/01-transactions.md). +* `Amino`: Some legacy parts of the Cosmos SDK still use Amino for backwards-compatibility. Each module exposes a `RegisterLegacyAmino` method to register the module's specific types within Amino. This `Amino` codec should not be used by app developers anymore, and will be removed in future releases. + +An application should create its own encoding config. +See an example of a `simappparams.EncodingConfig` from `simapp`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/params/encoding.go#L11-L16 +``` + +## Modules + +[Modules](../../build/building-modules/00-intro.md) are the heart and soul of Cosmos SDK applications. They can be considered as state-machines nested within the state-machine. When a transaction is relayed from the underlying CometBFT engine via the ABCI to the application, it is routed by [`baseapp`](../advanced/00-baseapp.md) to the appropriate module in order to be processed. This paradigm enables developers to easily build complex state-machines, as most of the modules they need often already exist. **For developers, most of the work involved in building a Cosmos SDK application revolves around building custom modules required by their application that do not exist yet, and integrating them with modules that do already exist into one coherent application**. In the application directory, the standard practice is to store modules in the `x/` folder (not to be confused with the Cosmos SDK's `x/` folder, which contains already-built modules). + +### Application Module Interface + +Modules must implement [interfaces](../../build/building-modules/01-module-manager.md#application-module-interfaces) defined in the Cosmos SDK, [`AppModuleBasic`](../../build/building-modules/01-module-manager.md#appmodulebasic) and [`AppModule`](../../build/building-modules/01-module-manager.md#appmodule). The former implements basic non-dependent elements of the module, such as the `codec`, while the latter handles the bulk of the module methods (including methods that require references to other modules' `keeper`s). Both the `AppModule` and `AppModuleBasic` types are, by convention, defined in a file called `module.go`. + +`AppModule` exposes a collection of useful methods on the module that facilitates the composition of modules into a coherent application. These methods are called from the [`module manager`](../../build/building-modules/01-module-manager.md#manager), which manages the application's collection of modules. + +### `Msg` Services + +Each application module defines two [Protobuf services](https://developers.google.com/protocol-buffers/docs/proto#services): one `Msg` service to handle messages, and one gRPC `Query` service to handle queries. If we consider the module as a state-machine, then a `Msg` service is a set of state transition RPC methods. +Each Protobuf `Msg` service method is 1:1 related to a Protobuf request type, which must implement `sdk.Msg` interface. +Note that `sdk.Msg`s are bundled in [transactions](../advanced/01-transactions.md), and each transaction contains one or multiple messages. + +When a valid block of transactions is received by the full-node, CometBFT relays each one to the application via [`DeliverTx`](https://docs.cometbft.com/v0.37/spec/abci/abci++_app_requirements#specifics-of-responsedelivertx). Then, the application handles the transaction: + +1. Upon receiving the transaction, the application first unmarshals it from `[]byte`. +2. Then, it verifies a few things about the transaction like [fee payment and signatures](./04-gas-fees.md#antehandler) before extracting the `Msg`(s) contained in the transaction. +3. `sdk.Msg`s are encoded using Protobuf [`Any`s](#register-codec). By analyzing each `Any`'s `type_url`, baseapp's `msgServiceRouter` routes the `sdk.Msg` to the corresponding module's `Msg` service. +4. If the message is successfully processed, the state is updated. + +For more details, see [transaction lifecycle](./01-tx-lifecycle.md). + +Module developers create custom `Msg` services when they build their own module. The general practice is to define the `Msg` Protobuf service in a `tx.proto` file. For example, the `x/bank` module defines a service with two methods to transfer tokens: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/bank/v1beta1/tx.proto#L13-L36 +``` + +Service methods use `keeper` in order to update the module state. + +Each module should also implement the `RegisterServices` method as part of the [`AppModule` interface](#application-module-interface). This method should call the `RegisterMsgServer` function provided by the generated Protobuf code. + +### gRPC `Query` Services + +gRPC `Query` services allow users to query the state using [gRPC](https://grpc.io). They are enabled by default, and can be configured under the `grpc.enable` and `grpc.address` fields inside [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml). + +gRPC `Query` services are defined in the module's Protobuf definition files, specifically inside `query.proto`. The `query.proto` definition file exposes a single `Query` [Protobuf service](https://developers.google.com/protocol-buffers/docs/proto#services). Each gRPC query endpoint corresponds to a service method, starting with the `rpc` keyword, inside the `Query` service. + +Protobuf generates a `QueryServer` interface for each module, containing all the service methods. A module's [`keeper`](#keeper) then needs to implement this `QueryServer` interface, by providing the concrete implementation of each service method. This concrete implementation is the handler of the corresponding gRPC query endpoint. + +Finally, each module should also implement the `RegisterServices` method as part of the [`AppModule` interface](#application-module-interface). This method should call the `RegisterQueryServer` function provided by the generated Protobuf code. + +### Keeper + +[`Keepers`](../../build/building-modules/06-keeper.md) are the gatekeepers of their module's store(s). To read or write in a module's store, it is mandatory to go through one of its `keeper`'s methods. This is ensured by the [object-capabilities](../advanced/10-ocap.md) model of the Cosmos SDK. Only objects that hold the key to a store can access it, and only the module's `keeper` should hold the key(s) to the module's store(s). + +`Keepers` are generally defined in a file called `keeper.go`. It contains the `keeper`'s type definition and methods. + +The `keeper` type definition generally consists of the following: + +* **Key(s)** to the module's store(s) in the multistore. +* Reference to **other module's `keepers`**. Only needed if the `keeper` needs to access other module's store(s) (either to read or write from them). +* A reference to the application's **codec**. The `keeper` needs it to marshal structs before storing them, or to unmarshal them when it retrieves them, because stores only accept `[]bytes` as value. + +Along with the type definition, the next important component of the `keeper.go` file is the `keeper`'s constructor function, `NewKeeper`. This function instantiates a new `keeper` of the type defined above with a `codec`, stores `keys` and potentially references other modules' `keeper`s as parameters. The `NewKeeper` function is called from the [application's constructor](#constructor-function). The rest of the file defines the `keeper`'s methods, which are primarily getters and setters. + +### Command-Line, gRPC Services and REST Interfaces + +Each module defines command-line commands, gRPC services, and REST routes to be exposed to the end-user via the [application's interfaces](#application-interfaces). This enables end-users to create messages of the types defined in the module, or to query the subset of the state managed by the module. + +#### CLI + +Generally, the [commands related to a module](../../build/building-modules/09-module-interfaces.md#cli) are defined in a folder called `client/cli` in the module's folder. The CLI divides commands into two categories, transactions and queries, defined in `client/cli/tx.go` and `client/cli/query.go`, respectively. Both commands are built on top of the [Cobra Library](https://github.com/spf13/cobra): + +* Transactions commands let users generate new transactions so that they can be included in a block and eventually update the state. One command should be created for each [message type](#message-types) defined in the module. The command calls the constructor of the message with the parameters provided by the end-user, and wraps it into a transaction. The Cosmos SDK handles signing and the addition of other transaction metadata. +* Queries let users query the subset of the state defined by the module. Query commands forward queries to the [application's query router](../advanced/00-baseapp.md#query-routing), which routes them to the appropriate [querier](#querier) the `queryRoute` parameter supplied. + +#### gRPC + +[gRPC](https://grpc.io) is a modern open-source high performance RPC framework that has support in multiple languages. It is the recommended way for external clients (such as wallets, browsers and other backend services) to interact with a node. + +Each module can expose gRPC endpoints called [service methods](https://grpc.io/docs/what-is-grpc/core-concepts/#service-definition), which are defined in the [module's Protobuf `query.proto` file](#grpc-query-services). A service method is defined by its name, input arguments, and output response. The module then needs to perform the following actions: + +* Define a `RegisterGRPCGatewayRoutes` method on `AppModuleBasic` to wire the client gRPC requests to the correct handler inside the module. +* For each service method, define a corresponding handler. The handler implements the core logic necessary to serve the gRPC request, and is located in the `keeper/grpc_query.go` file. + +#### gRPC-gateway REST Endpoints + +Some external clients may not wish to use gRPC. In this case, the Cosmos SDK provides a gRPC gateway service, which exposes each gRPC service as a corresponding REST endpoint. Please refer to the [grpc-gateway](https://grpc-ecosystem.github.io/grpc-gateway/) documentation to learn more. + +The REST endpoints are defined in the Protobuf files, along with the gRPC services, using Protobuf annotations. Modules that want to expose REST queries should add `google.api.http` annotations to their `rpc` methods. By default, all REST endpoints defined in the SDK have a URL starting with the `/cosmos/` prefix. + +The Cosmos SDK also provides a development endpoint to generate [Swagger](https://swagger.io/) definition files for these REST endpoints. This endpoint can be enabled inside the [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml) config file, under the `api.swagger` key. + +## Application Interface + +[Interfaces](#command-line-grpc-services-and-rest-interfaces) let end-users interact with full-node clients. This means querying data from the full-node or creating and sending new transactions to be relayed by the full-node and eventually included in a block. + +The main interface is the [Command-Line Interface](../advanced/07-cli.md). The CLI of a Cosmos SDK application is built by aggregating [CLI commands](#cli) defined in each of the modules used by the application. The CLI of an application is the same as the daemon (e.g. `appd`), and is defined in a file called `appd/main.go`. The file contains the following: + +* **A `main()` function**, which is executed to build the `appd` interface client. This function prepares each command and adds them to the `rootCmd` before building them. At the root of `appd`, the function adds generic commands like `status`, `keys`, and `config`, query commands, tx commands, and `rest-server`. +* **Query commands**, which are added by calling the `queryCmd` function. This function returns a Cobra command that contains the query commands defined in each of the application's modules (passed as an array of `sdk.ModuleClients` from the `main()` function), as well as some other lower level query commands such as block or validator queries. Query command are called by using the command `appd query [query]` of the CLI. +* **Transaction commands**, which are added by calling the `txCmd` function. Similar to `queryCmd`, the function returns a Cobra command that contains the tx commands defined in each of the application's modules, as well as lower level tx commands like transaction signing or broadcasting. Tx commands are called by using the command `appd tx [tx]` of the CLI. + +See an example of an application's main command-line file from the [Cosmos Hub](https://github.com/cosmos/gaia). + +```go reference +https://github.com/cosmos/gaia/blob/26ae7c2/cmd/gaiad/cmd/root.go#L39-L80 +``` + +## Dependencies and Makefile + +This section is optional, as developers are free to choose their dependency manager and project building method. That said, the current most used framework for versioning control is [`go.mod`](https://github.com/golang/go/wiki/Modules). It ensures each of the libraries used throughout the application are imported with the correct version. + +The following is the `go.mod` of the [Cosmos Hub](https://github.com/cosmos/gaia), provided as an example. + +```go reference +https://github.com/cosmos/gaia/blob/26ae7c2/go.mod#L1-L28 +``` + +For building the application, a [Makefile](https://en.wikipedia.org/wiki/Makefile) is generally used. The Makefile primarily ensures that the `go.mod` is run before building the two entrypoints to the application, [`Node Client`](#node-client) and [`Application Interface`](#application-interface). + +Here is an example of the [Cosmos Hub Makefile](https://github.com/cosmos/gaia/blob/main/Makefile). diff --git a/copy-of-sdk-docs/learn/beginner/01-tx-lifecycle.md b/copy-of-sdk-docs/learn/beginner/01-tx-lifecycle.md new file mode 100644 index 00000000..b004b355 --- /dev/null +++ b/copy-of-sdk-docs/learn/beginner/01-tx-lifecycle.md @@ -0,0 +1,284 @@ +--- +sidebar_position: 1 +--- + +# Transaction Lifecycle + +:::note Synopsis +This document describes the lifecycle of a transaction from creation to committed state changes. Transaction definition is described in a [different doc](../advanced/01-transactions.md). The transaction is referred to as `Tx`. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK Application](./00-app-anatomy.md) +::: + +## Creation + +### Transaction Creation + +One of the main application interfaces is the command-line interface. The transaction `Tx` can be created by the user inputting a command in the following format from the [command-line](../advanced/07-cli.md), providing the type of transaction in `[command]`, arguments in `[args]`, and configurations such as gas prices in `[flags]`: + +```bash +[appname] tx [command] [args] [flags] +``` + +This command automatically **creates** the transaction, **signs** it using the account's private key, and **broadcasts** it to the specified peer node. + +There are several required and optional flags for transaction creation. The `--from` flag specifies which [account](./03-accounts.md) the transaction is originating from. For example, if the transaction is sending coins, the funds are drawn from the specified `from` address. + +#### Gas and Fees + +Additionally, there are several [flags](../advanced/07-cli.md) users can use to indicate how much they are willing to pay in [fees](./04-gas-fees.md): + +* `--gas` refers to how much [gas](./04-gas-fees.md), which represents computational resources, `Tx` consumes. Gas is dependent on the transaction and is not precisely calculated until execution, but can be estimated by providing `auto` as the value for `--gas`. +* `--gas-adjustment` (optional) can be used to scale `gas` up in order to avoid underestimating. For example, users can specify their gas adjustment as 1.5 to use 1.5 times the estimated gas. +* `--gas-prices` specifies how much the user is willing to pay per unit of gas, which can be one or multiple denominations of tokens. For example, `--gas-prices=0.025uatom, 0.025upho` means the user is willing to pay 0.025uatom AND 0.025upho per unit of gas. +* `--fees` specifies how much in fees the user is willing to pay in total. +* `--timeout-height` specifies a block timeout height to prevent the tx from being committed past a certain height. + +The ultimate value of the fees paid is equal to the gas multiplied by the gas prices. In other words, `fees = ceil(gas * gasPrices)`. Thus, since fees can be calculated using gas prices and vice versa, the users specify only one of the two. + +Later, validators decide whether to include the transaction in their block by comparing the given or calculated `gas-prices` to their local `min-gas-prices`. `Tx` is rejected if its `gas-prices` is not high enough, so users are incentivized to pay more. + +#### Unordered Transactions + +With Cosmos SDK v0.53.0, users may send unordered transactions to chains that have this feature enabled. +The following flags allow a user to build an unordered transaction from the CLI. + +* `--unordered` specifies that this transaction should be unordered. (transaction sequence must be unset) +* `--timeout-duration` specifies the amount of time the unordered transaction should be valid in the mempool. The transaction's unordered nonce will be set to the time of transaction creation + timeout duration. + +:::warning + +Unordered transactions MUST leave sequence values unset. When a transaction is both unordered and contains a non-zero sequence value, +the transaction will be rejected. External services that operate on prior assumptions about transaction sequence values should be updated to handle unordered transactions. +Services should be aware that when the transaction is unordered, the transaction sequence will always be zero. + +::: + +#### CLI Example + +Users of the application `app` can enter the following command into their CLI to generate a transaction to send 1000uatom from a `senderAddress` to a `recipientAddress`. The command specifies how much gas they are willing to pay: an automatic estimate scaled up by 1.5 times, with a gas price of 0.025uatom per unit gas. + +```bash +appd tx send 1000uatom --from --gas auto --gas-adjustment 1.5 --gas-prices 0.025uatom +``` + +#### Other Transaction Creation Methods + +The command-line is an easy way to interact with an application, but `Tx` can also be created using a [gRPC or REST interface](../advanced/06-grpc_rest.md) or some other entry point defined by the application developer. From the user's perspective, the interaction depends on the web interface or wallet they are using (e.g. creating `Tx` using [Lunie.io](https://lunie.io/#/) and signing it with a Ledger Nano S). + +## Addition to Mempool + +Each full-node (running CometBFT) that receives a `Tx` sends an [ABCI message](https://docs.cometbft.com/v0.37/spec/p2p/legacy-docs/messages/), +`CheckTx`, to the application layer to check for validity, and receives an `abci.CheckTxResponse`. If the `Tx` passes the checks, it is held in the node's +[**Mempool**](https://docs.cometbft.com/v0.37/spec/p2p/legacy-docs/messages/mempool), an in-memory pool of transactions unique to each node, pending inclusion in a block - honest nodes discard a `Tx` if it is found to be invalid. Prior to consensus, nodes continuously check incoming transactions and gossip them to their peers. + +### Types of Checks + +The full-nodes perform stateless, then stateful checks on `Tx` during `CheckTx`, with the goal to +identify and reject an invalid transaction as early on as possible to avoid wasted computation. + +**_Stateless_** checks do not require nodes to access state - light clients or offline nodes can do +them - and are thus less computationally expensive. Stateless checks include making sure addresses +are not empty, enforcing nonnegative numbers, and other logic specified in the definitions. + +**_Stateful_** checks validate transactions and messages based on a committed state. Examples +include checking that the relevant values exist and can be transacted with, the address +has sufficient funds, and the sender is authorized or has the correct ownership to transact. +At any given moment, full-nodes typically have [multiple versions](../advanced/00-baseapp.md#state-updates) +of the application's internal state for different purposes. For example, nodes execute state +changes while in the process of verifying transactions, but still need a copy of the last committed +state in order to answer queries - they should not respond using state with uncommitted changes. + +In order to verify a `Tx`, full-nodes call `CheckTx`, which includes both _stateless_ and _stateful_ +checks. Further validation happens later in the [`DeliverTx`](#delivertx) stage. `CheckTx` goes +through several steps, beginning with decoding `Tx`. + +### Decoding + +When `Tx` is received by the application from the underlying consensus engine (e.g. CometBFT), it is still in its [encoded](../advanced/05-encoding.md) `[]byte` form and needs to be unmarshaled in order to be processed. Then, the [`runTx`](../advanced/00-baseapp.md#runtx-antehandler-runmsgs-posthandler) function is called to run in `runTxModeCheck` mode, meaning the function runs all checks but exits before executing messages and writing state changes. + +### ValidateBasic (deprecated) + +Messages ([`sdk.Msg`](../advanced/01-transactions.md#messages)) are extracted from transactions (`Tx`). The `ValidateBasic` method of the `sdk.Msg` interface implemented by the module developer is run for each transaction. +To discard obviously invalid messages, the `BaseApp` type calls the `ValidateBasic` method very early in the processing of the message in the [`CheckTx`](../advanced/00-baseapp.md#checktx) and [`DeliverTx`](../advanced/00-baseapp.md#delivertx) transactions. +`ValidateBasic` can include only **stateless** checks (the checks that do not require access to the state). + +:::warning +The `ValidateBasic` method on messages has been deprecated in favor of validating messages directly in their respective [`Msg` services](../../build/building-modules/03-msg-services.md#Validation). + +Read [RFC 001](https://docs.cosmos.network/main/rfc/rfc-001-tx-validation) for more details. +::: + +:::note +`BaseApp` still calls `ValidateBasic` on messages that implement that method for backwards compatibility. +::: + +#### Guideline + +`ValidateBasic` should not be used anymore. Message validation should be performed in the `Msg` service when [handling a message](../../build/building-modules/msg-services#Validation) in a module Msg Server. + +### AnteHandler + +`AnteHandler`s even though optional, are in practice very often used to perform signature verification, gas calculation, fee deduction, and other core operations related to blockchain transactions. + +A copy of the cached context is provided to the `AnteHandler`, which performs limited checks specified for the transaction type. Using a copy allows the `AnteHandler` to do stateful checks for `Tx` without modifying the last committed state, and revert back to the original if the execution fails. + +For example, the [`auth`](https://github.com/cosmos/cosmos-sdk/blob/main/x/auth/README.md) module `AnteHandler` checks and increments sequence numbers, checks signatures and account numbers, and deducts fees from the first signer of the transaction - all state changes are made using the `checkState`. + +:::warning +Ante handlers only run on a transaction. If a transaction embeds multiple messages (like some x/authz, x/gov transactions for instance), the ante handlers only have awareness of the outer message. Inner messages are mostly directly routed to the [message router](https://docs.cosmos.network/main/learn/advanced/baseapp#msg-service-router) and will skip the chain of ante handlers. Keep that in mind when designing your own ante handler. +::: + +### Gas + +The [`Context`](../advanced/02-context.md), which keeps a `GasMeter` that tracks how much gas is used during the execution of `Tx`, is initialized. The user-provided amount of gas for `Tx` is known as `GasWanted`. If `GasConsumed`, the amount of gas consumed during execution, ever exceeds `GasWanted`, the execution stops and the changes made to the cached copy of the state are not committed. Otherwise, `CheckTx` sets `GasUsed` equal to `GasConsumed` and returns it in the result. After calculating the gas and fee values, validator-nodes check that the user-specified `gas-prices` is greater than their locally defined `min-gas-prices`. + +### Discard or Addition to Mempool + +If at any point during `CheckTx` the `Tx` fails, it is discarded and the transaction lifecycle ends +there. Otherwise, if it passes `CheckTx` successfully, the default protocol is to relay it to peer +nodes and add it to the Mempool so that the `Tx` becomes a candidate to be included in the next block. + +The **mempool** serves the purpose of keeping track of transactions seen by all full-nodes. +Full-nodes keep a **mempool cache** of the last `mempool.cache_size` transactions they have seen, as a first line of +defense to prevent replay attacks. Ideally, `mempool.cache_size` is large enough to encompass all +of the transactions in the full mempool. If the mempool cache is too small to keep track of all +the transactions, `CheckTx` is responsible for identifying and rejecting replayed transactions. + +Currently existing preventative measures include fees and a `sequence` (nonce) counter to distinguish +replayed transactions from identical but valid ones. If an attacker tries to spam nodes with many +copies of a `Tx`, full-nodes keeping a mempool cache reject all identical copies instead of running +`CheckTx` on them. Even if the copies have incremented `sequence` numbers, attackers are +disincentivized by the need to pay fees. + +Validator nodes keep a mempool to prevent replay attacks, just as full-nodes do, but also use it as +a pool of unconfirmed transactions in preparation of block inclusion. Note that even if a `Tx` +passes all checks at this stage, it is still possible to be found invalid later on, because +`CheckTx` does not fully validate the transaction (that is, it does not actually execute the messages). + +## Inclusion in a Block + +Consensus, the process through which validator nodes come to agreement on which transactions to +accept, happens in **rounds**. Each round begins with a proposer creating a block of the most +recent transactions and ends with **validators**, special full-nodes with voting power responsible +for consensus, agreeing to accept the block or go with a `nil` block instead. Validator nodes +execute the consensus algorithm, such as [CometBFT](https://docs.cometbft.com/v0.37/spec/consensus/), +confirming the transactions using ABCI requests to the application, in order to come to this agreement. + +The first step of consensus is the **block proposal**. One proposer amongst the validators is chosen +by the consensus algorithm to create and propose a block - in order for a `Tx` to be included, it +must be in this proposer's mempool. + +## State Changes + +The next step of consensus is to execute the transactions to fully validate them. All full-nodes +that receive a block proposal from the correct proposer execute the transactions by calling the ABCI function `FinalizeBlock`. +As mentioned throughout the documentation `BeginBlock`, `ExecuteTx` and `EndBlock` are called within FinalizeBlock. +Although every full-node operates individually and locally, the outcome is always consistent and unequivocal. This is because the state changes brought about by the messages are predictable, and the transactions are specifically sequenced in the proposed block. + +```text + -------------------------- + | Receive Block Proposal | + -------------------------- + | + v + ------------------------- + | FinalizeBlock | + ------------------------- + | + v + ------------------- + | BeginBlock | + ------------------- + | + v + -------------------- + | ExecuteTx(tx0) | + | ExecuteTx(tx1) | + | ExecuteTx(tx2) | + | ExecuteTx(tx3) | + | . | + | . | + | . | + ------------------- + | + v + -------------------- + | EndBlock | + -------------------- + | + v + ------------------------- + | Consensus | + ------------------------- + | + v + ------------------------- + | Commit | + ------------------------- +``` + +### Transaction Execution + +The `FinalizeBlock` ABCI function defined in [`BaseApp`](../advanced/00-baseapp.md) does the bulk of the +state transitions: it is run for each transaction in the block in sequential order as committed +to during consensus. Under the hood, transaction execution is almost identical to `CheckTx` but calls the +[`runTx`](../advanced/00-baseapp.md#runtx) function in deliver mode instead of check mode. +Instead of using their `checkState`, full-nodes use `finalizeblock`: + +* **Decoding:** Since `FinalizeBlock` is an ABCI call, `Tx` is received in the encoded `[]byte` form. + Nodes first unmarshal the transaction, using the [`TxConfig`](./00-app-anatomy.md#register-codec) defined in the app, then call `runTx` in `execModeFinalize`, which is very similar to `CheckTx` but also executes and writes state changes. + +* **Checks and `AnteHandler`:** Full-nodes call `validateBasicMsgs` and `AnteHandler` again. This second check + happens because they may not have seen the same transactions during the addition to Mempool stage + and a malicious proposer may have included invalid ones. One difference here is that the + `AnteHandler` does not compare `gas-prices` to the node's `min-gas-prices` since that value is local + to each node - differing values across nodes yield nondeterministic results. + +* **`MsgServiceRouter`:** After `CheckTx` exits, `FinalizeBlock` continues to run + [`runMsgs`](../advanced/00-baseapp.md#runtx-antehandler-runmsgs-posthandler) to fully execute each `Msg` within the transaction. + Since the transaction may have messages from different modules, `BaseApp` needs to know which module + to find the appropriate handler. This is achieved using `BaseApp`'s `MsgServiceRouter` so that it can be processed by the module's Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md). + For `LegacyMsg` routing, the `Route` function is called via the [module manager](../../build/building-modules/01-module-manager.md) to retrieve the route name and find the legacy [`Handler`](../../build/building-modules/03-msg-services.md#handler-type) within the module. + +* **`Msg` service:** Protobuf `Msg` service is responsible for executing each message in the `Tx` and causes state transitions to persist in `finalizeBlockState`. + +* **PostHandlers:** [`PostHandler`](../advanced/00-baseapp.md#posthandler)s run after the execution of the message. If they fail, the state change of `runMsgs`, as well of `PostHandlers`, are both reverted. + +* **Gas:** While a `Tx` is being delivered, a `GasMeter` is used to keep track of how much + gas is being used; if execution completes, `GasUsed` is set and returned in the + `abci.ExecTxResult`. If execution halts because `BlockGasMeter` or `GasMeter` has run out or something else goes + wrong, a deferred function at the end appropriately errors or panics. + +If there are any failed state changes resulting from a `Tx` being invalid or `GasMeter` running out, +the transaction processing terminates and any state changes are reverted. Invalid transactions in a +block proposal cause validator nodes to reject the block and vote for a `nil` block instead. + +### Commit + +The final step is for nodes to commit the block and state changes. Validator nodes +perform the previous step of executing state transitions in order to validate the transactions, +then sign the block to confirm it. Full nodes that are not validators do not +participate in consensus - i.e. they cannot vote - but listen for votes to understand whether or +not they should commit the state changes. + +When they receive enough validator votes (2/3+ _precommits_ weighted by voting power), full nodes commit to a new block to be added to the blockchain and +finalize the state transitions in the application layer. A new state root is generated to serve as +a merkle proof for the state transitions. Applications use the [`Commit`](../advanced/00-baseapp.md#commit) +ABCI method inherited from [Baseapp](../advanced/00-baseapp.md); it syncs all the state transitions by +writing the `deliverState` into the application's internal state. As soon as the state changes are +committed, `checkState` starts afresh from the most recently committed state and `deliverState` +resets to `nil` in order to be consistent and reflect the changes. + +Note that not all blocks have the same number of transactions and it is possible for consensus to +result in a `nil` block or one with none at all. In a public blockchain network, it is also possible +for validators to be **byzantine**, or malicious, which may prevent a `Tx` from being committed in +the blockchain. Possible malicious behaviors include the proposer deciding to censor a `Tx` by +excluding it from the block or a validator voting against the block. + +At this point, the transaction lifecycle of a `Tx` is over: nodes have verified its validity, +delivered it by executing its state changes, and committed those changes. The `Tx` itself, +in `[]byte` form, is stored in a block and appended to the blockchain. diff --git a/copy-of-sdk-docs/learn/beginner/02-query-lifecycle.md b/copy-of-sdk-docs/learn/beginner/02-query-lifecycle.md new file mode 100644 index 00000000..4b11bfed --- /dev/null +++ b/copy-of-sdk-docs/learn/beginner/02-query-lifecycle.md @@ -0,0 +1,147 @@ +--- +sidebar_position: 1 +--- + +# Query Lifecycle + +:::note Synopsis +This document describes the lifecycle of a query in a Cosmos SDK application, from the user interface to application stores and back. The query is referred to as `MyQuery`. +::: + +:::note Pre-requisite Readings + +* [Transaction Lifecycle](./01-tx-lifecycle.md) +::: + +## Query Creation + +A [**query**](../../build/building-modules/02-messages-and-queries.md#queries) is a request for information made by end-users of applications through an interface and processed by a full-node. Users can query information about the network, the application itself, and application state directly from the application's stores or modules. Note that queries are different from [transactions](../advanced/01-transactions.md) (view the lifecycle [here](./01-tx-lifecycle.md)), particularly in that they do not require consensus to be processed (as they do not trigger state-transitions); they can be fully handled by one full-node. + +For the purpose of explaining the query lifecycle, let's say the query, `MyQuery`, is requesting a list of delegations made by a certain delegator address in the application called `simapp`. As is to be expected, the [`staking`](../../../../x/staking/README.md) module handles this query. But first, there are a few ways `MyQuery` can be created by users. + +### CLI + +The main interface for an application is the command-line interface. Users connect to a full-node and run the CLI directly from their machines - the CLI interacts directly with the full-node. To create `MyQuery` from their terminal, users type the following command: + +```bash +simd query staking delegations +``` + +This query command was defined by the [`staking`](../../../../x/staking/README.md) module developer and added to the list of subcommands by the application developer when creating the CLI. + +Note that the general format is as follows: + +```bash +simd query [moduleName] [command] --flag +``` + +To provide values such as `--node` (the full-node the CLI connects to), the user can use the [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml) config file to set them or provide them as flags. + +The CLI understands a specific set of commands, defined in a hierarchical structure by the application developer: from the [root command](../advanced/07-cli.md#root-command) (`simd`), the type of command (`Myquery`), the module that contains the command (`staking`), and command itself (`delegations`). Thus, the CLI knows exactly which module handles this command and directly passes the call there. + +### gRPC + +Another interface through which users can make queries is [gRPC](https://grpc.io) requests to a [gRPC server](../advanced/06-grpc_rest.md#grpc-server). The endpoints are defined as [Protocol Buffers](https://developers.google.com/protocol-buffers) service methods inside `.proto` files, written in Protobuf's own language-agnostic interface definition language (IDL). The Protobuf ecosystem developed tools for code-generation from `*.proto` files into various languages. These tools allow to build gRPC clients easily. + +One such tool is [grpcurl](https://github.com/fullstorydev/grpcurl), and a gRPC request for `MyQuery` using this client looks like: + +```bash +grpcurl \ + -plaintext # We want results in plain text + -import-path ./proto \ # Import these .proto files + -proto ./proto/cosmos/staking/v1beta1/query.proto \ # Look into this .proto file for the Query protobuf service + -d '{"address":"$MY_DELEGATOR"}' \ # Query arguments + localhost:9090 \ # gRPC server endpoint + cosmos.staking.v1beta1.Query/Delegations # Fully-qualified service method name +``` + +### REST + +Another interface through which users can make queries is through HTTP Requests to a [REST server](../advanced/06-grpc_rest.md#rest-server). The REST server is fully auto-generated from Protobuf services, using [gRPC-gateway](https://github.com/grpc-ecosystem/grpc-gateway). + +An example HTTP request for `MyQuery` looks like: + +```bash +GET http://localhost:1317/cosmos/staking/v1beta1/delegators/{delegatorAddr}/delegations +``` + +## How Queries are Handled by the CLI + +The preceding examples show how an external user can interact with a node by querying its state. To understand in more detail the exact lifecycle of a query, let's dig into how the CLI prepares the query, and how the node handles it. The interactions from the users' perspective are a bit different, but the underlying functions are almost identical because they are implementations of the same command defined by the module developer. This step of processing happens within the CLI, gRPC, or REST server, and heavily involves a `client.Context`. + +### Context + +The first thing that is created in the execution of a CLI command is a `client.Context`. A `client.Context` is an object that stores all the data needed to process a request on the user side. In particular, a `client.Context` stores the following: + +* **Codec**: The [encoder/decoder](../advanced/05-encoding.md) used by the application, used to marshal the parameters and query before making the CometBFT RPC request and unmarshal the returned response into a JSON object. The default codec used by the CLI is Protobuf. +* **Account Decoder**: The account decoder from the [`auth`](../../../../x/auth/README.md) module, which translates `[]byte`s into accounts. +* **RPC Client**: The CometBFT RPC Client, or node, to which requests are relayed. +* **Keyring**: A [Key Manager](../beginner/03-accounts.md#keyring) used to sign transactions and handle other operations with keys. +* **Output Writer**: A [Writer](https://pkg.go.dev/io/#Writer) used to output the response. +* **Configurations**: The flags configured by the user for this command, including `--height`, specifying the height of the blockchain to query, and `--indent`, which indicates to add an indent to the JSON response. + +The `client.Context` also contains various functions such as `Query()`, which retrieves the RPC Client and makes an ABCI call to relay a query to a full-node. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/context.go#L27-70 +``` + +The `client.Context`'s primary role is to store data used during interactions with the end-user and provide methods to interact with this data - it is used before and after the query is processed by the full-node. Specifically, in handling `MyQuery`, the `client.Context` is utilized to encode the query parameters, retrieve the full-node, and write the output. Prior to being relayed to a full-node, the query needs to be encoded into a `[]byte` form, as full-nodes are application-agnostic and do not understand specific types. The full-node (RPC Client) itself is retrieved using the `client.Context`, which knows which node the user CLI is connected to. The query is relayed to this full-node to be processed. Finally, the `client.Context` contains a `Writer` to write output when the response is returned. These steps are further described in later sections. + +### Arguments and Route Creation + +At this point in the lifecycle, the user has created a CLI command with all of the data they wish to include in their query. A `client.Context` exists to assist in the rest of the `MyQuery`'s journey. Now, the next step is to parse the command or request, extract the arguments, and encode everything. These steps all happen on the user side within the interface they are interacting with. + +#### Encoding + +In our case (querying an address's delegations), `MyQuery` contains an [address](./03-accounts.md#addresses) `delegatorAddress` as its only argument. However, the request can only contain `[]byte`s, as it is ultimately relayed to a consensus engine (e.g. CometBFT) of a full-node that has no inherent knowledge of the application types. Thus, the `codec` of `client.Context` is used to marshal the address. + +Here is what the code looks like for the CLI command: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/staking/client/cli/query.go#L315-L318 +``` + +#### gRPC Query Client Creation + +The Cosmos SDK leverages code generated from Protobuf services to make queries. The `staking` module's `MyQuery` service generates a `queryClient`, which the CLI uses to make queries. Here is the relevant code: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/staking/client/cli/query.go#L308-L343 +``` + +Under the hood, the `client.Context` has a `Query()` function used to retrieve the pre-configured node and relay a query to it; the function takes the query fully-qualified service method name as path (in our case: `/cosmos.staking.v1beta1.Query/Delegations`), and arguments as parameters. It first retrieves the RPC Client (called the [**node**](../advanced/03-node.md)) configured by the user to relay this query to, and creates the `ABCIQueryOptions` (parameters formatted for the ABCI call). The node is then used to make the ABCI call, `ABCIQueryWithOptions()`. + +Here is what the code looks like: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/query.go#L79-L113 +``` + +## RPC + +With a call to `ABCIQueryWithOptions()`, `MyQuery` is received by a [full-node](../advanced/05-encoding.md) which then processes the request. Note that, while the RPC is made to the consensus engine (e.g. CometBFT) of a full-node, queries are not part of consensus and so are not broadcasted to the rest of the network, as they do not require anything the network needs to agree upon. + +Read more about ABCI Clients and CometBFT RPC in the [CometBFT documentation](https://docs.cometbft.com/v0.37/spec/rpc/). + +## Application Query Handling + +When a query is received by the full-node after it has been relayed from the underlying consensus engine, it is at that point being handled within an environment that understands application-specific types and has a copy of the state. [`baseapp`](../advanced/00-baseapp.md) implements the ABCI [`Query()`](../advanced/00-baseapp.md#query) function and handles gRPC queries. The query route is parsed, and it matches the fully-qualified service method name of an existing service method (most likely in one of the modules), then `baseapp` relays the request to the relevant module. + +Since `MyQuery` has a Protobuf fully-qualified service method name from the `staking` module (recall `/cosmos.staking.v1beta1.Query/Delegations`), `baseapp` first parses the path, then uses its own internal `GRPCQueryRouter` to retrieve the corresponding gRPC handler, and routes the query to the module. The gRPC handler is responsible for recognizing this query, retrieving the appropriate values from the application's stores, and returning a response. Read more about query services [here](../../build/building-modules/04-query-services.md). + +Once a result is received from the querier, `baseapp` begins the process of returning a response to the user. + +## Response + +Since `Query()` is an ABCI function, `baseapp` returns the response as an [`abci.QueryResponse`](https://docs.cometbft.com/main/spec/abci/abci++_methods#query) type. The `client.Context` `Query()` routine receives the response and processes it. + +### CLI Response + +The application [`codec`](../advanced/05-encoding.md) is used to unmarshal the response to a JSON and the `client.Context` prints the output to the command line, applying any configurations such as the output type (text, JSON or YAML). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/context.go#L350-L357 +``` + +And that's a wrap! The result of the query is outputted to the console by the CLI. diff --git a/copy-of-sdk-docs/learn/beginner/03-accounts.md b/copy-of-sdk-docs/learn/beginner/03-accounts.md new file mode 100644 index 00000000..150436b9 --- /dev/null +++ b/copy-of-sdk-docs/learn/beginner/03-accounts.md @@ -0,0 +1,281 @@ +--- +sidebar_position: 1 +--- + +# Accounts + +:::note Synopsis +This document describes the in-built account and public key system of the Cosmos SDK. +::: + +:::note Pre-requisite Readings + + +* [Anatomy of a Cosmos SDK Application](./00-app-anatomy.md) + +::: + +## Account Definition + +In the Cosmos SDK, an _account_ designates a pair of _public key_ `PubKey` and _private key_ `PrivKey`. The `PubKey` can be derived to generate various `Addresses`, which are used to identify users (among other parties) in the application. `Addresses` are also associated with [`message`s](../../build/building-modules/02-messages-and-queries.md#messages) to identify the sender of the `message`. The `PrivKey` is used to generate [digital signatures](#signatures) to prove that an `Address` associated with the `PrivKey` approved of a given `message`. + +For HD key derivation the Cosmos SDK uses a standard called [BIP32](https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki). The BIP32 allows users to create an HD wallet (as specified in [BIP44](https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki)) - a set of accounts derived from an initial secret seed. A seed is usually created from a 12- or 24-word mnemonic. A single seed can derive any number of `PrivKey`s using a one-way cryptographic function. Then, a `PubKey` can be derived from the `PrivKey`. Naturally, the mnemonic is the most sensitive information, as private keys can always be re-generated if the mnemonic is preserved. + +```text + Account 0 Account 1 Account 2 + ++------------------+ +------------------+ +------------------+ +| | | | | | +| Address 0 | | Address 1 | | Address 2 | +| ^ | | ^ | | ^ | +| | | | | | | | | +| | | | | | | | | +| | | | | | | | | +| + | | + | | + | +| Public key 0 | | Public key 1 | | Public key 2 | +| ^ | | ^ | | ^ | +| | | | | | | | | +| | | | | | | | | +| | | | | | | | | +| + | | + | | + | +| Private key 0 | | Private key 1 | | Private key 2 | +| ^ | | ^ | | ^ | ++------------------+ +------------------+ +------------------+ + | | | + | | | + | | | + +--------------------------------------------------------------------+ + | + | + +---------+---------+ + | | + | Master PrivKey | + | | + +-------------------+ + | + | + +---------+---------+ + | | + | Mnemonic (Seed) | + | | + +-------------------+ +``` + +In the Cosmos SDK, keys are stored and managed by using an object called a [`Keyring`](#keyring). + +## Keys, accounts, addresses, and signatures + +The principal way of authenticating a user is done using [digital signatures](https://en.wikipedia.org/wiki/Digital_signature). Users sign transactions using their own private key. Signature verification is done with the associated public key. For on-chain signature verification purposes, we store the public key in an `Account` object (alongside other data required for a proper transaction validation). + +In the node, all data is stored using Protocol Buffers serialization. + +The Cosmos SDK supports the following digital key schemes for creating digital signatures: + +* `secp256k1`, as implemented in the [Cosmos SDK's `crypto/keys/secp256k1` package](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keys/secp256k1/secp256k1.go). +* `secp256r1`, as implemented in the [Cosmos SDK's `crypto/keys/secp256r1` package](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keys/secp256r1/pubkey.go). +* `tm-ed25519`, as implemented in the [Cosmos SDK `crypto/keys/ed25519` package](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keys/ed25519/ed25519.go). This scheme is supported only for the consensus validation. + +| | Address length in bytes | Public key length in bytes | Used for transaction authentication | Used for consensus (cometbft) | +| :----------: | :---------------------: | :------------------------: | :---------------------------------: | :-----------------------------: | +| `secp256k1` | 20 | 33 | yes | no | +| `secp256r1` | 32 | 33 | yes | no | +| `tm-ed25519` | -- not used -- | 32 | no | yes | + +## Addresses + +`Addresses` and `PubKey`s are both public information that identifies actors in the application. `Account` is used to store authentication information. The basic account implementation is provided by a `BaseAccount` object. + +Each account is identified using `Address` which is a sequence of bytes derived from a public key. In the Cosmos SDK, we define 3 types of addresses that specify a context where an account is used: + +* `AccAddress` identifies users (the sender of a `message`). +* `ValAddress` identifies validator operators. +* `ConsAddress` identifies validator nodes that are participating in consensus. Validator nodes are derived using the **`ed25519`** curve. + +These types implement the `Address` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/address.go#L126-L134 +``` + +Address construction algorithm is defined in [ADR-28](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-028-public-key-addresses.md). +Here is the standard way to obtain an account address from a `pub` public key: + +```go +sdk.AccAddress(pub.Address().Bytes()) +``` + +Of note, the `Marshal()` and `Bytes()` method both return the same raw `[]byte` form of the address. `Marshal()` is required for Protobuf compatibility. + +For user interaction, addresses are formatted using [Bech32](https://en.bitcoin.it/wiki/Bech32) and implemented by the `String` method. The Bech32 method is the only supported format to use when interacting with a blockchain. The Bech32 human-readable part (Bech32 prefix) is used to denote an address type. Example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/address.go#L299-L316 +``` + +| | Address Bech32 Prefix | +| ------------------ | --------------------- | +| Accounts | cosmos | +| Validator Operator | cosmosvaloper | +| Consensus Nodes | cosmosvalcons | + +### Public Keys + +Public keys in Cosmos SDK are defined by `cryptotypes.PubKey` interface. Since public keys are saved in a store, `cryptotypes.PubKey` extends the `proto.Message` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/types/types.go#L8-L17 +``` + +A compressed format is used for `secp256k1` and `secp256r1` serialization. + +* The first byte is a `0x02` byte if the `y`-coordinate is the lexicographically largest of the two associated with the `x`-coordinate. +* Otherwise the first byte is a `0x03`. + +This prefix is followed by the `x`-coordinate. + +Public Keys are not used to reference accounts (or users) and in general are not used when composing transaction messages (with few exceptions: `MsgCreateValidator`, `Validator` and `Multisig` messages). +For user interactions, `PubKey` is formatted using Protobufs JSON ([ProtoMarshalJSON](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/codec/json.go#L14-L34) function). Example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/keys/output.go#L23-L39 +``` + +## Keyring + +A `Keyring` is an object that stores and manages accounts. In the Cosmos SDK, a `Keyring` implementation follows the `Keyring` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keyring/keyring.go#L58-L106 +``` + +The default implementation of `Keyring` comes from the third-party [`99designs/keyring`](https://github.com/99designs/keyring) library. + +A few notes on the `Keyring` methods: + +* `Sign(uid string, msg []byte) ([]byte, types.PubKey, error)` strictly deals with the signature of the `msg` bytes. You must prepare and encode the transaction into a canonical `[]byte` form. Because protobuf is not deterministic, it has been decided in [ADR-020](../../build/architecture/adr-020-protobuf-transaction-encoding.md) that the canonical `payload` to sign is the `SignDoc` struct, deterministically encoded using [ADR-027](../../build/architecture/adr-027-deterministic-protobuf-serialization.md). Note that signature verification is not implemented in the Cosmos SDK by default, it is deferred to the [`anteHandler`](../advanced/00-baseapp.md#antehandler). + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/v1beta1/tx.proto#L50-L67 +``` + +* `NewAccount(uid, mnemonic, bip39Passphrase, hdPath string, algo SignatureAlgo) (*Record, error)` creates a new account based on the [`bip44 path`](https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki) and persists it on disk. The `PrivKey` is **never stored unencrypted**, instead it is [encrypted with a passphrase](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/armor.go) before being persisted. In the context of this method, the key type and sequence number refer to the segment of the BIP44 derivation path (for example, `0`, `1`, `2`, ...) that is used to derive a private and a public key from the mnemonic. Using the same mnemonic and derivation path, the same `PrivKey`, `PubKey` and `Address` is generated. The following keys are supported by the keyring: + +* `secp256k1` +* `ed25519` + +* `ExportPrivKeyArmor(uid, encryptPassphrase string) (armor string, err error)` exports a private key in ASCII-armored encrypted format using the given passphrase. You can then either import the private key again into the keyring using the `ImportPrivKey(uid, armor, passphrase string)` function or decrypt it into a raw private key using the `UnarmorDecryptPrivKey(armorStr string, passphrase string)` function. + +### Create New Key Type + +To create a new key type for using in keyring, `keyring.SignatureAlgo` interface must be fulfilled. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keyring/signing_algorithms.go#L11-L16 +``` + +The interface consists of three methods where `Name()` returns the name of the algorithm as a `hd.PubKeyType` and `Derive()` and `Generate()` must return the following functions respectively: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/hd/algo.go#L28-L31 +``` + +Once the `keyring.SignatureAlgo` has been implemented it must be added to the [list of supported algos](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keyring/keyring.go#L209) of the keyring. + +For simplicity the implementation of a new key type should be done inside the `crypto/hd` package. +There is an example of a working `secp256k1` implementation in [algo.go](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/hd/algo.go#L38). + + +#### Implementing secp256r1 algo + +Here is an example of how secp256r1 could be implemented. + +First a new function to create a private key from a secret number is needed in the secp256r1 package. This function could look like this: + +```go +// cosmos-sdk/crypto/keys/secp256r1/privkey.go + +// NewPrivKeyFromSecret creates a private key derived for the secret number +// represented in big-endian. The `secret` must be a valid ECDSA field element. +func NewPrivKeyFromSecret(secret []byte) (*PrivKey, error) { + var d = new(big.Int).SetBytes(secret) + if d.Cmp(secp256r1.Params().N) >= 1 { + return nil, errorsmod.Wrap(errors.ErrInvalidRequest, "secret not in the curve base field") + } + sk := new(ecdsa.PrivKey) + return &PrivKey{&ecdsaSK{*sk}}, nil +} +``` + +After that `secp256r1Algo` can be implemented. + +```go +// cosmos-sdk/crypto/hd/secp256r1Algo.go + +package hd + +import ( + "github.com/cosmos/go-bip39" + + "github.com/cosmos/cosmos-sdk/crypto/keys/secp256r1" + "github.com/cosmos/cosmos-sdk/crypto/types" +) + +// Secp256r1Type uses the secp256r1 ECDSA parameters. +const Secp256r1Type = PubKeyType("secp256r1") + +var Secp256r1 = secp256r1Algo{} + +type secp256r1Algo struct{} + +func (s secp256r1Algo) Name() PubKeyType { + return Secp256r1Type +} + +// Derive derives and returns the secp256r1 private key for the given seed and HD path. +func (s secp256r1Algo) Derive() DeriveFn { + return func(mnemonic string, bip39Passphrase, hdPath string) ([]byte, error) { + seed, err := bip39.NewSeedWithErrorChecking(mnemonic, bip39Passphrase) + if err != nil { + return nil, err + } + + masterPriv, ch := ComputeMastersFromSeed(seed) + if len(hdPath) == 0 { + return masterPriv[:], nil + } + derivedKey, err := DerivePrivateKeyForPath(masterPriv, ch, hdPath) + + return derivedKey, err + } +} + +// Generate generates a secp256r1 private key from the given bytes. +func (s secp256r1Algo) Generate() GenerateFn { + return func(bz []byte) types.PrivKey { + key, err := secp256r1.NewPrivKeyFromSecret(bz) + if err != nil { + panic(err) + } + return key + } +} +``` + +Finally, the algo must be added to the list of [supported algos](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keyring/keyring.go#L209) by the keyring. + +```go +// cosmos-sdk/crypto/keyring/keyring.go + +func newKeystore(kr keyring.Keyring, cdc codec.Codec, backend string, opts ...Option) keystore { + // Default options for keybase, these can be overwritten using the + // Option function + options := Options{ + SupportedAlgos: SigningAlgoList{hd.Secp256k1, hd.Secp256r1}, // added here + SupportedAlgosLedger: SigningAlgoList{hd.Secp256k1}, + } +... +``` + +Hereafter to create new keys using your algo, you must specify it with the flag `--algo` : + +`simd keys add myKey --algo secp256r1` diff --git a/copy-of-sdk-docs/learn/beginner/04-gas-fees.md b/copy-of-sdk-docs/learn/beginner/04-gas-fees.md new file mode 100644 index 00000000..5aea1238 --- /dev/null +++ b/copy-of-sdk-docs/learn/beginner/04-gas-fees.md @@ -0,0 +1,101 @@ +--- +sidebar_position: 1 +--- + +# Gas and Fees + +:::note Synopsis +This document describes the default strategies to handle gas and fees within a Cosmos SDK application. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK Application](./00-app-anatomy.md) + +::: + +## Introduction to `Gas` and `Fees` + +In the Cosmos SDK, `gas` is a special unit that is used to track the consumption of resources during execution. `gas` is typically consumed whenever read and writes are made to the store, but it can also be consumed if expensive computation needs to be done. It serves two main purposes: + +* Make sure blocks are not consuming too many resources and are finalized. This is implemented by default in the Cosmos SDK via the [block gas meter](#block-gas-meter). +* Prevent spam and abuse from end-user. To this end, `gas` consumed during [`message`](../../build/building-modules/02-messages-and-queries.md#messages) execution is typically priced, resulting in a `fee` (`fees = gas * gas-prices`). `fees` generally have to be paid by the sender of the `message`. Note that the Cosmos SDK does not enforce `gas` pricing by default, as there may be other ways to prevent spam (e.g. bandwidth schemes). Still, most applications implement `fee` mechanisms to prevent spam by using the [`AnteHandler`](#antehandler). + +## Gas Meter + +In the Cosmos SDK, `gas` is a simple alias for `uint64`, and is managed by an object called a _gas meter_. Gas meters implement the `GasMeter` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/store/types/gas.go#L40-L51 +``` + +where: + +* `GasConsumed()` returns the amount of gas that was consumed by the gas meter instance. +* `GasConsumedToLimit()` returns the amount of gas that was consumed by the gas meter instance, or the limit if it is reached. +* `GasRemaining()` returns the gas left in the GasMeter. +* `Limit()` returns the limit of the gas meter instance. `0` if the gas meter is infinite. +* `ConsumeGas(amount Gas, descriptor string)` consumes the amount of `gas` provided. If the `gas` overflows, it panics with the `descriptor` message. If the gas meter is not infinite, it panics if `gas` consumed goes above the limit. +* `RefundGas()` deducts the given amount from the gas consumed. This functionality enables refunding gas to the transaction or block gas pools so that EVM-compatible chains can fully support the go-ethereum StateDB interface. +* `IsPastLimit()` returns `true` if the amount of gas consumed by the gas meter instance is strictly above the limit, `false` otherwise. +* `IsOutOfGas()` returns `true` if the amount of gas consumed by the gas meter instance is above or equal to the limit, `false` otherwise. + +The gas meter is generally held in [`ctx`](../advanced/02-context.md), and consuming gas is done with the following pattern: + +```go +ctx.GasMeter().ConsumeGas(amount, "description") +``` + +By default, the Cosmos SDK makes use of two different gas meters, the [main gas meter](#main-gas-meter) and the [block gas meter](#block-gas-meter). + +### Main Gas Meter + +`ctx.GasMeter()` is the main gas meter of the application. The main gas meter is initialized in `FinalizeBlock` via `setFinalizeBlockState`, and then tracks gas consumption during execution sequences that lead to state-transitions, i.e. those originally triggered by [`FinalizeBlock`](../advanced/00-baseapp.md#finalizeblock). At the beginning of each transaction execution, the main gas meter **must be set to 0** in the [`AnteHandler`](#antehandler), so that it can track gas consumption per-transaction. + +Gas consumption can be done manually, generally by the module developer in the [`BeginBlocker`, `EndBlocker`](../../build/building-modules/06-beginblock-endblock.md) or [`Msg` service](../../build/building-modules/03-msg-services.md), but most of the time it is done automatically whenever there is a read or write to the store. This automatic gas consumption logic is implemented in a special store called [`GasKv`](../advanced/04-store.md#gaskv-store). + +### Block Gas Meter + +`ctx.BlockGasMeter()` is the gas meter used to track gas consumption per block and make sure it does not go above a certain limit. + +During the genesis phase, gas consumption is unlimited to accommodate initialization transactions. + +```go +app.finalizeBlockState.SetContext(app.finalizeBlockState.Context().WithBlockGasMeter(storetypes.NewInfiniteGasMeter())) +``` + +Following the genesis block, the block gas meter is set to a finite value by the SDK. This transition is facilitated by the consensus engine (e.g., CometBFT) calling the `RequestFinalizeBlock` function, which in turn triggers the SDK's `FinalizeBlock` method. Within `FinalizeBlock`, `internalFinalizeBlock` is executed, performing necessary state updates and function executions. The block gas meter, initialized each with a finite limit, is then incorporated into the context for transaction execution, ensuring gas consumption does not exceed the block's gas limit and is reset at the end of each block. + +Modules within the Cosmos SDK can consume block gas at any point during their execution by utilizing the `ctx`. This gas consumption primarily occurs during state read/write operations and transaction processing. The block gas meter, accessible via `ctx.BlockGasMeter()`, monitors the total gas usage within a block, enforcing the gas limit to prevent excessive computation. This ensures that gas limits are adhered to on a per-block basis, starting from the first block post-genesis. + +```go +gasMeter := app.getBlockGasMeter(app.finalizeBlockState.Context()) +app.finalizeBlockState.SetContext(app.finalizeBlockState.Context().WithBlockGasMeter(gasMeter)) +``` + +The above shows the general mechanism for setting the block gas meter with a finite limit based on the block's consensus parameters. + +## AnteHandler + +The `AnteHandler` is run for every transaction during `CheckTx` and `FinalizeBlock`, before a Protobuf `Msg` service method for each `sdk.Msg` in the transaction. + +The anteHandler is not implemented in the core Cosmos SDK but in a module. That said, most applications today use the default implementation defined in the [`auth` module](https://github.com/cosmos/cosmos-sdk/tree/main/x/auth). Here is what the `anteHandler` is intended to do in a normal Cosmos SDK application: + +* Verify that the transactions are of the correct type. Transaction types are defined in the module that implements the `anteHandler`, and they follow the transaction interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/types/tx_msg.go#L53-L58 +``` + + This enables developers to play with various types for the transaction of their application. In the default `auth` module, the default transaction type is `Tx`: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/proto/cosmos/tx/v1beta1/tx.proto#L15-L28 +``` + +* Verify signatures for each [`message`](../../build/building-modules/02-messages-and-queries.md#messages) contained in the transaction. Each `message` should be signed by one or multiple sender(s), and these signatures must be verified in the `anteHandler`. +* During `CheckTx`, verify that the gas prices provided with the transaction are greater than the local `min-gas-prices` (as a reminder, gas-prices can be deducted from the following equation: `fees = gas * gas-prices`). `min-gas-prices` is a parameter local to each full-node and used during `CheckTx` to discard transactions that do not provide a minimum amount of fees. This ensures that the mempool cannot be spammed with garbage transactions. +* Verify that the sender of the transaction has enough funds to cover for the `fees`. When the end-user generates a transaction, they must indicate 2 of the 3 following parameters (the third one being implicit): `fees`, `gas` and `gas-prices`. This signals how much they are willing to pay for nodes to execute their transaction. The provided `gas` value is stored in a parameter called `GasWanted` for later use. +* Set `newCtx.GasMeter` to 0, with a limit of `GasWanted`. **This step is crucial**, as it not only makes sure the transaction cannot consume infinite gas, but also that `ctx.GasMeter` is reset in-between each transaction (`ctx` is set to `newCtx` after `anteHandler` is run, and the `anteHandler` is run each time a transaction executes). + +As explained above, the `anteHandler` returns a maximum limit of `gas` the transaction can consume during execution called `GasWanted`. The actual amount consumed in the end is denominated `GasUsed`, and we must therefore have `GasUsed =< GasWanted`. Both `GasWanted` and `GasUsed` are relayed to the underlying consensus engine when [`FinalizeBlock`](../advanced/00-baseapp.md#finalizeblock) returns. diff --git a/copy-of-sdk-docs/learn/beginner/_category_.json b/copy-of-sdk-docs/learn/beginner/_category_.json new file mode 100644 index 00000000..d09097fa --- /dev/null +++ b/copy-of-sdk-docs/learn/beginner/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Beginner", + "position": 2, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/learn/intro/00-overview.md b/copy-of-sdk-docs/learn/intro/00-overview.md new file mode 100644 index 00000000..f1e896f3 --- /dev/null +++ b/copy-of-sdk-docs/learn/intro/00-overview.md @@ -0,0 +1,43 @@ +--- +sidebar_position: 1 +--- + +# What is the Cosmos SDK + +The [Cosmos SDK](https://github.com/cosmos/cosmos-sdk) is an open-source toolkit for building multi-asset public Proof-of-Stake (PoS) blockchains, like the Cosmos Hub, as well as permissioned Proof-of-Authority (PoA) blockchains. Blockchains built with the Cosmos SDK are generally referred to as **application-specific blockchains**. + +The goal of the Cosmos SDK is to allow developers to easily create custom blockchains from scratch that can natively interoperate with other blockchains. +We further this modular approach by allowing developers to plug and play with different consensus engines this can range from the [CometBFT](https://github.com/cometbft/cometbft) or [Rollkit](https://rollkit.dev/). + +SDK-based blockchains have the choice to use the predefined modules or to build their own modules. What this means is that developers can build a blockchain that is tailored to their specific use case, without having to worry about the low-level details of building a blockchain from scratch. Predefined modules include staking, governance, and token issuance, among others. + +What's more, the Cosmos SDK is a capabilities-based system that allows developers to better reason about the security of interactions between modules. For a deeper look at capabilities, jump to [Object-Capability Model](../advanced/10-ocap.md). + +How you can look at this is if we imagine that the SDK is like a lego kit. You can choose to build the basic house from the instructions or you can choose to modify your house and add more floors, more doors, more windows. The choice is yours. + +## What are Application-Specific Blockchains + +One development paradigm in the blockchain world today is that of virtual-machine blockchains like Ethereum, where development generally revolves around building decentralized applications on top of an existing blockchain as a set of smart contracts. While smart contracts can be very good for some use cases like single-use applications (e.g. ICOs), they often fall short for building complex decentralized platforms. More generally, smart contracts can be limiting in terms of flexibility, sovereignty and performance. + +Application-specific blockchains offer a radically different development paradigm than virtual-machine blockchains. An application-specific blockchain is a blockchain customized to operate a single application: developers have all the freedom to make the design decisions required for the application to run optimally. They can also provide better sovereignty, security and performance. + +Learn more about [application-specific blockchains](./01-why-app-specific.md). + +## What is Modularity + +Today there is a lot of talk around modularity and discussions between monolithic and modular. Originally the Cosmos SDK was built with a vision of modularity in mind. Modularity is derived from splitting a blockchain into customizable layers of execution, consensus, settlement and data availability, which is what the Cosmos SDK enables. This means that developers can plug and play, making their blockchain customisable by using different software for different layers. For example you can choose to build a vanilla chain and use the Cosmos SDK with CometBFT. CometBFT will be your consensus layer and the chain itself would be the settlement and execution layer. Another route could be to use the SDK with Rollkit and Celestia as your consensus and data availability layer. The benefit of modularity is that you can customize your chain to your specific use case. + +## Why the Cosmos SDK + +The Cosmos SDK is the most advanced framework for building custom modular application-specific blockchains today. Here are a few reasons why you might want to consider building your decentralized application with the Cosmos SDK: + +* It allows you to plug and play and customize your consensus layer. As above you can use Rollkit and Celestia as your consensus and data availability layer. This offers a lot of flexibility and customisation. +* Previously the default consensus engine available within the Cosmos SDK is [CometBFT](https://github.com/cometbft/cometbft). CometBFT is the most mature BFT consensus engine in existence. It is widely used across the industry and is considered the gold standard consensus engine for building Proof-of-Stake systems. +* The Cosmos SDK is open-source and designed to make it easy to build blockchains out of composable [modules](../../build/modules). As the ecosystem of open-source Cosmos SDK modules grows, it will become increasingly easier to build complex decentralized platforms with it. +* The Cosmos SDK is inspired by capabilities-based security, and informed by years of wrestling with blockchain state-machines. This makes the Cosmos SDK a very secure environment to build blockchains. +* Most importantly, the Cosmos SDK has already been used to build many application-specific blockchains that are already in production. Among others, we can cite [Cosmos Hub](https://hub.cosmos.network), [IRIS Hub](https://irisnet.org), [Binance Chain](https://docs.binance.org/), [Terra](https://terra.money/) or [Kava](https://www.kava.io/). [Many more](https://cosmos.network/ecosystem) are building on the Cosmos SDK. + +## Getting started with the Cosmos SDK + +* Learn more about the [architecture of a Cosmos SDK application](./02-sdk-app-architecture.md) +* Learn how to build an application-specific blockchain from scratch with the [Cosmos SDK Tutorial](https://cosmos.network/docs/tutorial) diff --git a/copy-of-sdk-docs/learn/intro/01-why-app-specific.md b/copy-of-sdk-docs/learn/intro/01-why-app-specific.md new file mode 100644 index 00000000..df16c19a --- /dev/null +++ b/copy-of-sdk-docs/learn/intro/01-why-app-specific.md @@ -0,0 +1,79 @@ +--- +sidebar_position: 1 +--- + +# Application-Specific Blockchains + +:::note Synopsis +This document explains what application-specific blockchains are, and why developers would want to build one as opposed to writing Smart Contracts. +::: + +## What are application-specific blockchains + +Application-specific blockchains are blockchains customized to operate a single application. Instead of building a decentralized application on top of an underlying blockchain like Ethereum, developers build their own blockchain from the ground up. This means building a full-node client, a light-client, and all the necessary interfaces (CLI, REST, ...) to interact with the nodes. + +```text + ^ +-------------------------------+ ^ + | | | | Built with Cosmos SDK + | | State-machine = Application | | + | | | v + | +-------------------------------+ + | | | ^ +Blockchain node | | Consensus | | + | | | | + | +-------------------------------+ | CometBFT + | | | | + | | Networking | | + | | | | + v +-------------------------------+ v +``` + +## What are the shortcomings of Smart Contracts + +Virtual-machine blockchains like Ethereum addressed the demand for more programmability back in 2014. At the time, the options available for building decentralized applications were quite limited. Most developers would build on top of the complex and limited Bitcoin scripting language, or fork the Bitcoin codebase which was hard to work with and customize. + +Virtual-machine blockchains came in with a new value proposition. Their state-machine incorporates a virtual-machine that is able to interpret turing-complete programs called Smart Contracts. These Smart Contracts are very good for use cases like one-time events (e.g. ICOs), but they can fall short for building complex decentralized platforms. Here is why: + +* Smart Contracts are generally developed with specific programming languages that can be interpreted by the underlying virtual-machine. These programming languages are often immature and inherently limited by the constraints of the virtual-machine itself. For example, the Ethereum Virtual Machine does not allow developers to implement automatic execution of code. Developers are also limited to the account-based system of the EVM, and they can only choose from a limited set of functions for their cryptographic operations. These are examples, but they hint at the lack of **flexibility** that a smart contract environment often entails. +* Smart Contracts are all run by the same virtual machine. This means that they compete for resources, which can severely restrain **performance**. And even if the state-machine were to be split in multiple subsets (e.g. via sharding), Smart Contracts would still need to be interpreted by a virtual machine, which would limit performance compared to a native application implemented at state-machine level (our benchmarks show an improvement on the order of 10x in performance when the virtual-machine is removed). +* Another issue with the fact that Smart Contracts share the same underlying environment is the resulting limitation in **sovereignty**. A decentralized application is an ecosystem that involves multiple players. If the application is built on a general-purpose virtual-machine blockchain, stakeholders have very limited sovereignty over their application, and are ultimately superseded by the governance of the underlying blockchain. If there is a bug in the application, very little can be done about it. + +Application-Specific Blockchains are designed to address these shortcomings. + +## Application-Specific Blockchains Benefits + +### Flexibility + +Application-specific blockchains give maximum flexibility to developers: + +* In Cosmos blockchains, the state-machine is typically connected to the underlying consensus engine via an interface called the [ABCI](https://docs.cometbft.com/v0.37/spec/abci/). This interface can be wrapped in any programming language, meaning developers can build their state-machine in the programming language of their choice. + +* Developers can choose among multiple frameworks to build their state-machine. The most widely used today is the Cosmos SDK, but others exist (e.g. [Lotion](https://github.com/nomic-io/lotion), [Weave](https://github.com/iov-one/weave), ...). Typically the choice will be made based on the programming language they want to use (Cosmos SDK and Weave are in Golang, Lotion is in Javascript, ...). +* The ABCI also allows developers to swap the consensus engine of their application-specific blockchain. Today, only CometBFT is production-ready, but in the future other consensus engines are expected to emerge. +* Even when they settle for a framework and consensus engine, developers still have the freedom to tweak them if they don't perfectly match their requirements in their pristine forms. +* Developers are free to explore the full spectrum of tradeoffs (e.g. number of validators vs transaction throughput, safety vs availability in asynchrony, ...) and design choices (DB or IAVL tree for storage, UTXO or account model, ...). +* Developers can implement automatic execution of code. In the Cosmos SDK, logic can be automatically triggered at the beginning and the end of each block. They are also free to choose the cryptographic library used in their application, as opposed to being constrained by what is made available by the underlying environment in the case of virtual-machine blockchains. + +The list above contains a few examples that show how much flexibility application-specific blockchains give to developers. The goal of Cosmos and the Cosmos SDK is to make developer tooling as generic and composable as possible, so that each part of the stack can be forked, tweaked and improved without losing compatibility. As the community grows, more alternatives for each of the core building blocks will emerge, giving more options to developers. + +### Performance + +Decentralized applications built with Smart Contracts are inherently capped in performance by the underlying environment. For a decentralized application to optimise performance, it needs to be built as an application-specific blockchain. Next are some of the benefits an application-specific blockchain brings in terms of performance: + +* Developers of application-specific blockchains can choose to operate with a novel consensus engine such as CometBFT. Compared to Proof-of-Work (used by most virtual-machine blockchains today), it offers significant gains in throughput. +* An application-specific blockchain only operates a single application, so that the application does not compete with others for computation and storage. This is the opposite of most non-sharded virtual-machine blockchains today, where smart contracts all compete for computation and storage. +* Even if a virtual-machine blockchain offered application-based sharding coupled with an efficient consensus algorithm, performance would still be limited by the virtual-machine itself. The real throughput bottleneck is the state-machine, and requiring transactions to be interpreted by a virtual-machine significantly increases the computational complexity of processing them. + +### Security + +Security is hard to quantify, and greatly varies from platform to platform. That said here are some important benefits an application-specific blockchain can bring in terms of security: + +* Developers can choose proven programming languages like Go when building their application-specific blockchains, as opposed to smart contract programming languages that are often more immature. +* Developers are not constrained by the cryptographic functions made available by the underlying virtual-machines. They can use their own custom cryptography, and rely on well-audited crypto libraries. +* Developers do not have to worry about potential bugs or exploitable mechanisms in the underlying virtual-machine, making it easier to reason about the security of the application. + +### Sovereignty + +One of the major benefits of application-specific blockchains is sovereignty. A decentralized application is an ecosystem that involves many actors: users, developers, third-party services, and more. When developers build on a virtual-machine blockchain where many decentralized applications coexist, the community of the application is different than the community of the underlying blockchain, and the latter supersedes the former in the governance process. If there is a bug or if a new feature is needed, stakeholders of the application have very little leeway to upgrade the code. If the community of the underlying blockchain refuses to act, nothing can happen. + +The fundamental issue here is that the governance of the application and the governance of the network are not aligned. This issue is solved by application-specific blockchains. Because application-specific blockchains specialize to operate a single application, stakeholders of the application have full control over the entire chain. This ensures that the community will not be stuck if a bug is discovered, and that it has the freedom to choose how it is going to evolve. diff --git a/copy-of-sdk-docs/learn/intro/02-sdk-app-architecture.md b/copy-of-sdk-docs/learn/intro/02-sdk-app-architecture.md new file mode 100644 index 00000000..532c2743 --- /dev/null +++ b/copy-of-sdk-docs/learn/intro/02-sdk-app-architecture.md @@ -0,0 +1,93 @@ +--- +sidebar_position: 1 +--- + +# Blockchain Architecture + +## State machine + +At its core, a blockchain is a [replicated deterministic state machine](https://en.wikipedia.org/wiki/State_machine_replication). + +A state machine is a computer science concept whereby a machine can have multiple states, but only one at any given time. There is a `state`, which describes the current state of the system, and `transactions`, that trigger state transitions. + +Given a state S and a transaction T, the state machine will return a new state S'. + +```text ++--------+ +--------+ +| | | | +| S +---------------->+ S' | +| | apply(T) | | ++--------+ +--------+ +``` + +In practice, the transactions are bundled in blocks to make the process more efficient. Given a state S and a block of transactions B, the state machine will return a new state S'. + +```text ++--------+ +--------+ +| | | | +| S +----------------------------> | S' | +| | For each T in B: apply(T) | | ++--------+ +--------+ +``` + +In a blockchain context, the state machine is deterministic. This means that if a node is started at a given state and replays the same sequence of transactions, it will always end up with the same final state. + +The Cosmos SDK gives developers maximum flexibility to define the state of their application, transaction types and state transition functions. The process of building state-machines with the Cosmos SDK will be described more in depth in the following sections. But first, let us see how the state-machine is replicated using **CometBFT**. + +## CometBFT + +Thanks to the Cosmos SDK, developers just have to define the state machine, and [*CometBFT*](https://docs.cometbft.com/v0.37/introduction/what-is-cometbft) will handle replication over the network for them. + +```text + ^ +-------------------------------+ ^ + | | | | Built with Cosmos SDK + | | State-machine = Application | | + | | | v + | +-------------------------------+ + | | | ^ +Blockchain node | | Consensus | | + | | | | + | +-------------------------------+ | CometBFT + | | | | + | | Networking | | + | | | | + v +-------------------------------+ v +``` + +[CometBFT](https://docs.cometbft.com/v0.37/introduction/what-is-cometbft) is an application-agnostic engine that is responsible for handling the *networking* and *consensus* layers of a blockchain. In practice, this means that CometBFT is responsible for propagating and ordering transaction bytes. CometBFT relies on an eponymous Byzantine-Fault-Tolerant (BFT) algorithm to reach consensus on the order of transactions. + +The CometBFT [consensus algorithm](https://docs.cometbft.com/v0.37/introduction/what-is-cometbft#consensus-overview) works with a set of special nodes called *Validators*. Validators are responsible for adding blocks of transactions to the blockchain. At any given block, there is a validator set V. A validator in V is chosen by the algorithm to be the proposer of the next block. This block is considered valid if more than two thirds of V signed a `prevote` and a `precommit` on it, and if all the transactions that it contains are valid. The validator set can be changed by rules written in the state-machine. + +## ABCI + +CometBFT passes transactions to the application through an interface called the [ABCI](https://docs.cometbft.com/v0.37/spec/abci/), which the application must implement. + +```text + +---------------------+ + | | + | Application | + | | + +--------+---+--------+ + ^ | + | | ABCI + | v + +--------+---+--------+ + | | + | | + | CometBFT | + | | + | | + +---------------------+ +``` + +Note that **CometBFT only handles transaction bytes**. It has no knowledge of what these bytes mean. All CometBFT does is order these transaction bytes deterministically. CometBFT passes the bytes to the application via the ABCI, and expects a return code to inform it if the messages contained in the transactions were successfully processed or not. + +Here are the most important messages of the ABCI: + +* `CheckTx`: When a transaction is received by CometBFT, it is passed to the application to check if a few basic requirements are met. `CheckTx` is used to protect the mempool of full-nodes against spam transactions. A special handler called the [`AnteHandler`](../beginner/04-gas-fees.md#antehandler) is used to execute a series of validation steps such as checking for sufficient fees and validating the signatures. If the checks are valid, the transaction is added to the [mempool](https://docs.cometbft.com/v0.37/spec/p2p/legacy-docs/messages/mempool) and relayed to peer nodes. Note that transactions are not processed (i.e. no modification of the state occurs) with `CheckTx` since they have not been included in a block yet. +* `DeliverTx`: When a [valid block](https://docs.cometbft.com/v0.37/spec/core/data_structures#block) is received by CometBFT, each transaction in the block is passed to the application via `DeliverTx` in order to be processed. It is during this stage that the state transitions occur. The `AnteHandler` executes again, along with the actual [`Msg` service](../../build/building-modules/03-msg-services.md) RPC for each message in the transaction. +* `BeginBlock`/`EndBlock`: These messages are executed at the beginning and the end of each block, whether the block contains transactions or not. It is useful to trigger automatic execution of logic. Proceed with caution though, as computationally expensive loops could slow down your blockchain, or even freeze it if the loop is infinite. + +Find a more detailed view of the ABCI methods from the [CometBFT docs](https://docs.cometbft.com/v0.37/spec/abci/). + +Any application built on CometBFT needs to implement the ABCI interface in order to communicate with the underlying local CometBFT engine. Fortunately, you do not have to implement the ABCI interface. The Cosmos SDK provides a boilerplate implementation of it in the form of [baseapp](./03-sdk-design.md#baseapp). diff --git a/copy-of-sdk-docs/learn/intro/03-sdk-design.md b/copy-of-sdk-docs/learn/intro/03-sdk-design.md new file mode 100644 index 00000000..6ecffbe0 --- /dev/null +++ b/copy-of-sdk-docs/learn/intro/03-sdk-design.md @@ -0,0 +1,64 @@ +--- +sidebar_position: 1 +--- + +# Main Components of the Cosmos SDK + +The Cosmos SDK is a framework that facilitates the development of secure state-machines on top of CometBFT. At its core, the Cosmos SDK is a boilerplate implementation of the [ABCI](./02-sdk-app-architecture.md#abci) in Golang. It comes with a [`multistore`](../advanced/04-store.md#multistore) to persist data and a [`router`](../advanced/00-baseapp.md#routing) to handle transactions. + +Here is a simplified view of how transactions are handled by an application built on top of the Cosmos SDK when transferred from CometBFT via `DeliverTx`: + +1. Decode `transactions` received from the CometBFT consensus engine (remember that CometBFT only deals with `[]bytes`). +2. Extract `messages` from `transactions` and do basic sanity checks. +3. Route each message to the appropriate module so that it can be processed. +4. Commit state changes. + +## `baseapp` + +`baseapp` is the boilerplate implementation of a Cosmos SDK application. It comes with an implementation of the ABCI to handle the connection with the underlying consensus engine. Typically, a Cosmos SDK application extends `baseapp` by embedding it in [`app.go`](../beginner/00-app-anatomy.md#core-application-file). + +Here is an example of this from `simapp`, the Cosmos SDK demonstration app: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/app.go#L137-L180 +``` + +The goal of `baseapp` is to provide a secure interface between the store and the extensible state machine while defining as little about the state machine as possible (staying true to the ABCI). + +For more on `baseapp`, please click [here](../advanced/00-baseapp.md). + +## Multistore + +The Cosmos SDK provides a [`multistore`](../advanced/04-store.md#multistore) for persisting state. The multistore allows developers to declare any number of [`KVStores`](../advanced/04-store.md#base-layer-kvstores). These `KVStores` only accept the `[]byte` type as value and therefore any custom structure needs to be marshalled using [a codec](../advanced/05-encoding.md) before being stored. + +The multistore abstraction is used to divide the state in distinct compartments, each managed by its own module. For more on the multistore, click [here](../advanced/04-store.md#multistore) + +## Modules + +The power of the Cosmos SDK lies in its modularity. Cosmos SDK applications are built by aggregating a collection of interoperable modules. Each module defines a subset of the state and contains its own message/transaction processor, while the Cosmos SDK is responsible for routing each message to its respective module. + +Here is a simplified view of how a transaction is processed by the application of each full-node when it is received in a valid block: + +```mermaid + flowchart TD + A[Transaction relayed from the full-node's CometBFT engine to the node's application via DeliverTx] --> B[APPLICATION] + B -->|"Using baseapp's methods: Decode the Tx, extract and route the message(s)"| C[Message routed to the correct module to be processed] + C --> D1[AUTH MODULE] + C --> D2[BANK MODULE] + C --> D3[STAKING MODULE] + C --> D4[GOV MODULE] + D1 -->|Handle message, Update state| E["Return result to CometBFT (0=Ok, 1=Err)"] + D2 -->|Handle message, Update state| E["Return result to CometBFT (0=Ok, 1=Err)"] + D3 -->|Handle message, Update state| E["Return result to CometBFT (0=Ok, 1=Err)"] + D4 -->|Handle message, Update state| E["Return result to CometBFT (0=Ok, 1=Err)"] +``` + +Each module can be seen as a little state-machine. Developers need to define the subset of the state handled by the module, as well as custom message types that modify the state (*Note:* `messages` are extracted from `transactions` by `baseapp`). In general, each module declares its own `KVStore` in the `multistore` to persist the subset of the state it defines. Most developers will need to access other 3rd party modules when building their own modules. Given that the Cosmos SDK is an open framework, some of the modules may be malicious, which means there is a need for security principles to reason about inter-module interactions. These principles are based on [object-capabilities](../advanced/10-ocap.md). In practice, this means that instead of having each module keep an access control list for other modules, each module implements special objects called `keepers` that can be passed to other modules to grant a pre-defined set of capabilities. + +Cosmos SDK modules are defined in the `x/` folder of the Cosmos SDK. Some core modules include: + +* `x/auth`: Used to manage accounts and signatures. +* `x/bank`: Used to enable tokens and token transfers. +* `x/staking` + `x/slashing`: Used to build Proof-of-Stake blockchains. + +In addition to the already existing modules in `x/`, which anyone can use in their app, the Cosmos SDK lets you build your own custom modules. You can check an [example of that in the tutorial](https://tutorials.cosmos.network/). diff --git a/copy-of-sdk-docs/learn/intro/Maincomps.excalidraw b/copy-of-sdk-docs/learn/intro/Maincomps.excalidraw new file mode 100644 index 00000000..289d1010 --- /dev/null +++ b/copy-of-sdk-docs/learn/intro/Maincomps.excalidraw @@ -0,0 +1,603 @@ +{ + "type": "excalidraw", + "version": 2, + "source": "https://excalidraw.com", + "elements": [ + { + "id": "TT806C8wYC1giNDrB3j0H", + "type": "rectangle", + "x": 392.3992464191551, + "y": 377.59281643418194, + "width": 368.5810298094963, + "height": 300.3445584269905, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#ffec99", + "fillStyle": "hachure", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b20", + "roundness": { + "type": 3 + }, + "seed": 1095376796, + "version": 379, + "versionNonce": 395388196, + "isDeleted": false, + "boundElements": null, + "updated": 1717946215725, + "link": null, + "locked": false + }, + { + "id": "sTDd-IcaEk93yvorkOjjx", + "type": "rectangle", + "x": 425.6105707309967, + "y": 407.3907865247813, + "width": 291.7422935286128, + "height": 57.093323969660304, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#ebfbee", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b21", + "roundness": { + "type": 3 + }, + "seed": 534261156, + "version": 200, + "versionNonce": 320694564, + "isDeleted": false, + "boundElements": [ + { + "type": "text", + "id": "DfQ_v0mZK9I65EtQ6glTr" + } + ], + "updated": 1717946141898, + "link": null, + "locked": false + }, + { + "id": "DfQ_v0mZK9I65EtQ6glTr", + "type": "text", + "x": 540.1377462428617, + "y": 425.93744850961144, + "width": 62.68794250488281, + "height": 20, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#b2f2bb", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b22", + "roundness": null, + "seed": 1825368092, + "version": 129, + "versionNonce": 1358928420, + "isDeleted": false, + "boundElements": null, + "updated": 1717945861493, + "link": null, + "locked": false, + "text": "baseapp", + "fontSize": 16, + "fontFamily": 1, + "textAlign": "center", + "verticalAlign": "middle", + "containerId": "sTDd-IcaEk93yvorkOjjx", + "originalText": "baseapp", + "autoResize": true, + "lineHeight": 1.25 + }, + { + "id": "0eOjlptq2QPkgMZD4ilw_", + "type": "rectangle", + "x": 423.5441903728455, + "y": 483.4335837047473, + "width": 305.81281311550566, + "height": 100.72456256899451, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#e7f5ff", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b23", + "roundness": { + "type": 3 + }, + "seed": 774424100, + "version": 711, + "versionNonce": 1241388444, + "isDeleted": false, + "boundElements": [ + { + "type": "text", + "id": "To8Ifauc4u3pXYXE-BuBm" + }, + { + "id": "5U3m__cEk0384Je1xS8Lt", + "type": "arrow" + } + ], + "updated": 1717946136493, + "link": null, + "locked": false + }, + { + "id": "To8Ifauc4u3pXYXE-BuBm", + "type": "text", + "x": 537.3546267767897, + "y": 488.4335837047473, + "width": 78.19194030761719, + "height": 20, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#b2f2bb", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b24", + "roundness": null, + "seed": 268281380, + "version": 653, + "versionNonce": 240902940, + "isDeleted": false, + "boundElements": null, + "updated": 1717946115508, + "link": null, + "locked": false, + "text": "multistore", + "fontSize": 16, + "fontFamily": 1, + "textAlign": "center", + "verticalAlign": "top", + "containerId": "0eOjlptq2QPkgMZD4ilw_", + "originalText": "multistore", + "autoResize": true, + "lineHeight": 1.25 + }, + { + "id": "6ZMBBGC0e67HCiZuw1ZGQ", + "type": "rectangle", + "x": 433.0074470871197, + "y": 611.2583420078661, + "width": 296.0816922807304, + "height": 40.43217567449267, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#ebfbee", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b25", + "roundness": { + "type": 3 + }, + "seed": 73209500, + "version": 210, + "versionNonce": 506281508, + "isDeleted": false, + "boundElements": [ + { + "type": "text", + "id": "lDvSHg5T_n2nFJyxXar85" + }, + { + "id": "5U3m__cEk0384Je1xS8Lt", + "type": "arrow" + } + ], + "updated": 1717946145151, + "link": null, + "locked": false + }, + { + "id": "lDvSHg5T_n2nFJyxXar85", + "type": "text", + "x": 550.5683127587349, + "y": 621.4744298451124, + "width": 60.9599609375, + "height": 20, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#b2f2bb", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b26", + "roundness": null, + "seed": 169830436, + "version": 101, + "versionNonce": 99685404, + "isDeleted": false, + "boundElements": null, + "updated": 1717946143284, + "link": null, + "locked": false, + "text": "Modules", + "fontSize": 16, + "fontFamily": 1, + "textAlign": "center", + "verticalAlign": "middle", + "containerId": "6ZMBBGC0e67HCiZuw1ZGQ", + "originalText": "Modules", + "autoResize": true, + "lineHeight": 1.25 + }, + { + "id": "5U3m__cEk0384Je1xS8Lt", + "type": "arrow", + "x": 730.0891393678501, + "y": 627.8029150748303, + "width": 33.89886827099872, + "height": 77.8473208768944, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#b2f2bb", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b27", + "roundness": { + "type": 2 + }, + "seed": 2017356060, + "version": 847, + "versionNonce": 601341212, + "isDeleted": false, + "boundElements": null, + "updated": 1717946143287, + "link": null, + "locked": false, + "points": [ + [ + 0, + 0 + ], + [ + 33.89886827099872, + -59.624776904124815 + ], + [ + 0.2678641205010308, + -77.8473208768944 + ] + ], + "lastCommittedPoint": null, + "startBinding": { + "elementId": "6ZMBBGC0e67HCiZuw1ZGQ", + "focus": 0.9211394284163724, + "gap": 1 + }, + "endBinding": { + "elementId": "0eOjlptq2QPkgMZD4ilw_", + "focus": -0.504700685555249, + "gap": 1 + }, + "startArrowhead": null, + "endArrowhead": "arrow" + }, + { + "id": "ECiME4kCyLcElqpESHieN", + "type": "text", + "x": 779.3728577032684, + "y": 549.0028937731206, + "width": 230.17587280273438, + "height": 40, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#b2f2bb", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b28", + "roundness": null, + "seed": 1031090332, + "version": 173, + "versionNonce": 153810724, + "isDeleted": false, + "boundElements": null, + "updated": 1717946206425, + "link": null, + "locked": false, + "text": "Each KVstore \nmanaged by keeper of Module", + "fontSize": 16, + "fontFamily": 1, + "textAlign": "center", + "verticalAlign": "top", + "containerId": null, + "originalText": "Each KVstore \nmanaged by keeper of Module", + "autoResize": true, + "lineHeight": 1.25 + }, + { + "id": "9gSP2Ihxnhrj8VPzU3iMs", + "type": "rectangle", + "x": 440.01400715336973, + "y": 528.7255798511883, + "width": 82.2687246664696, + "height": 43.508786429962356, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#fff5f5", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b29", + "roundness": { + "type": 3 + }, + "seed": 862728356, + "version": 81, + "versionNonce": 2003221028, + "isDeleted": false, + "boundElements": [ + { + "type": "text", + "id": "bo-ZnZOJ2RMYEwiQDJwhQ" + } + ], + "updated": 1717946171042, + "link": null, + "locked": false + }, + { + "id": "bo-ZnZOJ2RMYEwiQDJwhQ", + "type": "text", + "x": 451.95639103201466, + "y": 540.4799730661695, + "width": 58.38395690917969, + "height": 20, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#fff5f5", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b29V", + "roundness": null, + "seed": 1054504484, + "version": 32, + "versionNonce": 374592932, + "isDeleted": false, + "boundElements": null, + "updated": 1717946171043, + "link": null, + "locked": false, + "text": "kvstore", + "fontSize": 16, + "fontFamily": 1, + "textAlign": "center", + "verticalAlign": "middle", + "containerId": "9gSP2Ihxnhrj8VPzU3iMs", + "originalText": "kvstore", + "autoResize": true, + "lineHeight": 1.25 + }, + { + "id": "sS09HXQCLT5o584RLcoh0", + "type": "rectangle", + "x": 535.7029587057802, + "y": 526.7472119897728, + "width": 85.49840063365426, + "height": 45.291996146440965, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#fff5f5", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b2A", + "roundness": { + "type": 3 + }, + "seed": 1969890340, + "version": 163, + "versionNonce": 795200668, + "isDeleted": false, + "boundElements": null, + "updated": 1717946178372, + "link": null, + "locked": false + }, + { + "type": "rectangle", + "version": 243, + "versionNonce": 1959742876, + "index": "b2B", + "isDeleted": false, + "id": "dOSADw14E7lwG6QVycTWj", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "angle": 0, + "x": 634.8832415027643, + "y": 525.0060952065161, + "strokeColor": "#1e1e1e", + "backgroundColor": "#fff5f5", + "width": 81.61054425609542, + "height": 44.80601409924611, + "seed": 964534684, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 3 + }, + "boundElements": [], + "updated": 1717946186317, + "link": null, + "locked": false + }, + { + "id": "Jn2VZB4Laog2zIHreQ13v", + "type": "text", + "x": 550.053971904952, + "y": 541.2988719488441, + "width": 58.38395690917969, + "height": 20, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#fff5f5", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b2C", + "roundness": null, + "seed": 268605596, + "version": 81, + "versionNonce": 271008028, + "isDeleted": false, + "boundElements": null, + "updated": 1717946183225, + "link": null, + "locked": false, + "text": "kvstore", + "fontSize": 16, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "kvstore", + "autoResize": true, + "lineHeight": 1.25 + }, + { + "id": "bmEWq6ldGd19BN7P3CPgk", + "type": "text", + "x": 649.2096160538688, + "y": 540.0169508007317, + "width": 58.38395690917969, + "height": 20, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#fff5f5", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b2D", + "roundness": null, + "seed": 1351980700, + "version": 78, + "versionNonce": 1793931548, + "isDeleted": false, + "boundElements": null, + "updated": 1717946190092, + "link": null, + "locked": false, + "text": "kvstore", + "fontSize": 16, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "kvstore", + "autoResize": true, + "lineHeight": 1.25 + }, + { + "id": "W3LH6VESuV13qvhxI7mcM", + "type": "text", + "x": 458.21179209642423, + "y": 348.25404197872706, + "width": 219.0238800048828, + "height": 20, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#fff5f5", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b2E", + "roundness": null, + "seed": 100014108, + "version": 34, + "versionNonce": 554727332, + "isDeleted": false, + "boundElements": null, + "updated": 1717946232701, + "link": null, + "locked": false, + "text": "Main components of the sdk", + "fontSize": 16, + "fontFamily": 1, + "textAlign": "center", + "verticalAlign": "top", + "containerId": null, + "originalText": "Main components of the sdk", + "autoResize": true, + "lineHeight": 1.25 + } + ], + "appState": { + "gridSize": null, + "viewBackgroundColor": "#ffffff" + }, + "files": {} +} \ No newline at end of file diff --git a/copy-of-sdk-docs/learn/intro/_category_.json b/copy-of-sdk-docs/learn/intro/_category_.json new file mode 100644 index 00000000..bb0bcd14 --- /dev/null +++ b/copy-of-sdk-docs/learn/intro/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Introduction", + "position": 1, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/learn/intro/main-components.png b/copy-of-sdk-docs/learn/intro/main-components.png new file mode 100644 index 0000000000000000000000000000000000000000..fa82eb9bb07b7244f05b1016d19da7be97a111a3 GIT binary patch literal 61439 zcmbrlWmp{1)-(zPCwOpocL)+RxFMS9v1k-g&S-FTp%5PNPdN= znjk!cfFOmC786l+(>c+G%lssM=OfS#jXnuIxCUa)}e|afm}p*(keNd_ot~hm$?7$y&xrWq0#ha)S$A))SD#rP)El_0jOy+CsqhKD8Hm+<1D<$fo#yd?YyAvHxS4@ z(-@>g9{;B+8u&ZCR`x-p=z(X2ih>~TDU2Nw878e6{|t6IoXYF#QD^+@Nc6dlA3xd$ z34#E!#{gn!qOJmLSi6)2n=HhDA5A<{YdF-J<8?J0dtAdb7+Y0V);8XBD$6v=M~NNz zviJb&1^M5*3opR49**Mk`I&J(`a)csyYau0t{3O$8w^QNI=BtR5Rv?GU}J{!+auHo zXF(RuEh{^s1vlkD`3YXSdHrsKuxvkViu}yYJp}PL-;H0ewyw^h!5Fj%*&}-C_H32) zdOlq+L>(@+^#uYKFLr3iedW6<2-IqVFiBmro`Z7jF$T5ZhVUfI&+7DqmyV+ho(J zyS%)-FKf+XDt~d|WVA%V5UDhrALjPu1EzrI-Rf#xg-Rq2%WGbzU+J%3OU=%P7a_(V zNu)@_k+r8dYj86c7ne5i9WxddR)#ovye;Es`lrYN=2epn>x;MWBH0ul-S6LPwJ9 zxh*TBZ&2lrP60Ow6qlABhL~~k;Xph>_4on)-x&i_Y0l7^ z+^0tmQ&v^IYho-%gouIi()i1v5*v+M;u0|OiLVbk0$5@vY6zL~f5i?0qp@p;O4 zB?CRZorrF$)8UL_U2Ap=^$%c)G=Z@3Rqt@K=U2S{*e0K0Y9diEeQE{PDcbI>C@aIa z0pCGSB30K|KZ%dl?KNs-t{*N`g0GRV8Py~Al~q(u4Z(LJ5Ugm!N!H*+U{lsoP*+`+ z^g|WO)vBwS7>{{b4$FZJ{9RYEmXV(RDlWiqtAiAN{%Q$YAZW7go}Zby+L*}tl2WPN ze#ZcAQZ%=)@Zdb@bX_qoiB_%B0xdUME-J43zIluM>1B58;vS&CWu$?fZaTGQ8f`;^ zkZ?X-X-sr;5f>lGj+Zj3-rL(75_)^S)@{%UQZ)E4h)jL;lg`1Gdri!rKB$Md&^*lW zg@R}^28I-CP`jjXr2@99mv6qhx|-F{cFZ}kAMTzx#JS@?L<0ocPrfF(ucy3oJ zQ6S*r=H7-{Zw0;%J#M35U|?`j1??K)YszZxnI#+DV?P31|B(z(rPqV>mYf%J@w_^~QR78czQF#_$jX|qo`0*KnvSzlZQ`QxRc zY8cC5b7I+i>7fYkeEt_?Afh1>yBH-xjB4$q`~fJCX$JX6YVs3r{2=H5LW2Q2GZ7O;4jcgsFiyAS*WA0*&+?_4Ob{$>LikqVb|qZ*oQ`INmF{{JPy}_|9IJqGu@1;k$bu6MTx!^66e)4 zJv}`}E?y=oPi!Vo?1&fK^rZ;CcS-eLPn#2e02-NcE~U9m8r^b#7RU_~KyEIDB`8G!=j{DBJiUnx}p3+-1vPGyt)CTMh0+(1y~C7$N`(miVFVv`9^PD z#L);Bh9&rkyQ_fIcn`#TlQD><-=KD=V4AjV z*)A_@*}|F+eS-@>`pg2fAf&-$=n0%~<>aI!{Sbyh>{nO_6a`S_1@U6x$}uG|fN|OY z#?J?^HYUvNrbb8H#|&*tS_&e4c+P6dFKU>FYCvQQ8`>tIzzLHmFr(wc4wq33fCXN>{qx7j}FmrE_}_ zKd~<~L|l}Gx5lL>qw%RY9X928Wb>K}cpS*54-22OB9;o|knYN@!ML{fUm4cFfRY=z zHE@-xc7zW38I#a1KW`oL3SmS`XflrWK6wEn*PgkL3088zstyw)_XM)PuQ6z0n~uEO zP~FTQMRnS&q3O2OkgW?#ni%2)3WBGY1;F}s;QTvM&4gCBv~WT0Hrz6yd@o^nAp8$^ zLxcgS9O&k!)Dqh7t6qx)Dax20H_8TeggP=ND=8?Q{vj1r)h-(lwuS)fwQD&5T)FeG zOx}T3V2Q{{pK!5!h6E`77}a`}a@Es~QY9KKepF<{yP@mgMmPwQq3uhH?=KMAL9!{# z;v%bissaD#Ae?kNJ#H5ql4*{*At46aiLAh%+kVE|MWAXFPH8;ESc5ei6Kc4D%)E)Q z48o5cV$&y&myzQEpdh#Xx+vGQQG;{ZA{CpqiP3UVjJ&ql7!=FN%`N%G`KSRTD~qHt zu5}*&ILQW(pi+QY$uQ`^6<*+Lsj7Y^DEhv$)bt4?@-<}mL-XHvgl(QLSK}s!HOr!B zVd;hs_c~g?o_fTI9lCrG6#~9y$MCVm5I^clmDX(cxIF^%IUfZrj9D7i;%cn)57Ax z-?lC@2AMXSP~X=xj@qXcuXYm+bT3wbX3GtSVx;WuejjTVeVZa*Lc%$FN0HdG-)5W< z*kc(?qesTz&k0evrbHPL0%8GQesQfIhbw;s52aq{fj^s6totu;P}-LoMly}21FJ$Z z=!ry!27wDKxnyw+S(=3GUzO4~+m*7|`$}UFH*n0^FnC>BJ)1Xto|qP@v?CL~OgOjU zdjQ8V(F!aGAha^0cH3O-Yw@E>i#i*_(*!UMjVPt`-KLKMCHJdr*(G1OEH@b$x-}|&gp@NY`Vew zy&H$r5T|bt#DWK5O9gTU9=%N?Rxo{8i2$8i6sFqFOlLV~1yCd#=i|Il44mF>my@MS zMJ6UD0SyfeLE&L+t%n~wXyRT(I6x9PU88qo+h{u7Ffb6FDwizyK3CA^CLFadigQz5 ztNyXlOJRH#Nc&)G@F2|F>jKOJ6}ZW@7nk4Z6sl()2!=uBRophs>EN*a0;H>401lP| z=JE*IJ35|a<3IY@jH;eCrZriAv9Wa0h3df)nXI!WSj#k1@nk2CB}uVR!%Lu`G^^an zBY^lAEk>@%{rU4&y;qK^D|yrLF>r!xX&6)JJ~kz=m)0hTLv4ebmJA{dQ%Ip!vvi>E^R5N|>oj|-)p{FI| zzOYk9vDVsB)7~fjCo)NT!0c*@;Mz$Z2;NA8<(4ByvbTJl{a2$?mZ5| zZ9jp=aI4c2@Oy)Z8Z1n15&Fth-t3f*c{B_`*b$Pb@>G9Tm+%eUF{#r@4+pkeN|*Hl zk(;zz9gIaSw*4-Pn#0&~=0`8Z|DzsQp(ueQ_YqFQ*qDminy_YCfw788zh7LI z3s%#mN+nmSvP2r(ajSWr$Lqkzj#)!cv~{xhoITLPu`xOoviRh+>P?VM9I^q8@R>Va zN(-DP8Y(OFZzplSbg>^p$B|V5sWMEYItDKT;JJ>KpDaU53g$18fHbG}^8o@v&cu#A zMk!~x^hBEmk8GFy14JF5H60RqoYqiBIu4h?LF7b@fSlhgkk%> z8v&@MiEto==_7eyHyuBUk+aFi(8!|C%4^m~>WW|lOJl6Hy9&wwDgXP$;EP(NMxzQK zT5JI^h@st?&z3(?o~caH?yt1ZYajY>4$!1-!xN%A%r;R?!#AJaE@>)?XC;c{86fD| zCV;K@r(gi35o8U{UR_<~SCNWqz?ifIB=2~}rZxMgqEudcyqLjWBa!+ zGc=jTzztoP7FgsWcg9p1dVTxsfJ_G{$rPYeEd%4pjMpRBK?`?a+l`l5MIrIwIP6J^ z>HJ1V8R`KE+0FeN-x$hC&+L|pu|f^WSYiQ>28|gMGb%RkAN`J!088QI;>x2!`=+`b z$Gih4`sWuf*Ey__;f0cv{ zo&!OO+TR}TX`m7h1c(7UdW_@HV-z7TU|dYCu6D$6J#tFo=M28PAAXSU(ci<)i-ofb zfP58lVmE8+{-cLY#LXI$Df#}Bc04PyZkLxjc|4C!GGwjwlaR5ovFq-aV@zpzfG&;z zVU8IU`l*m|V_d`Z{&=~5Uk8ZS{l=qLKwk{ukC+XKP*f)SrlR6( zQ#J!_0dHZx!j}F&2Oqdhb-jm_Zb#&mdFthIo+w-eoTuu$_@^Zpj{YAlst1io2+${( zb^qtb|Mx$8;15W93Kij~1VjICZw*S)Pg>XCm9$&%zZCjCY+0fB-bW%5KB@nIS!B6A z=zwwdm*`J5uoVA|@Av&c0Vd}3ZOie0-MV)djn)n@xUk&du8ukW&krFeaswd}1&MyH z{LKVHe6HcQHCen=!>~7aOS|*Ffw7zqyuZ{WzyP*Hx@?o8oS9lbUt3yQI-9gQ|9o}* zU*F6GdI4!BMG?yAtA_(69*k_&!Xl(KNOhsGx9K!pt4ddw?RzIqliF*Qz{;7oNf+Cw zE5TJK`ky2-4)clou+1knV7zotr!tRmt7LSTMzW0LJjv{wN&w&!N!nK1TD0m513 zo^mkMI&Xu|>RHb(-$PHg)JsjeYG~)Sg7!Tom54Z6OYXIfvfUJ_Cb?U)d;4}g%H%&$ zyG@qpKKINU|2r@}=i$KfoO>`Ycl9vz8M|qo+;4`2GRV$<i;xG(di_8~l zI}9x2)LtQKc(ygTu@@t--8OSBNE`(r*QyA8!*D~c<*;R?0A;y!;>gD*{qOQ4?lzI_D%;M(!(5LI)?Yb+ww~t!}8V(jUr@|`rx!YAN(HTwF z24<|l8=?3(IuExF&rVNzdvRw%Hmas?Q{xPelawAmvFo^VhYhec5EOAtP}UNU(94e4 ze##wK2?7xi%xT=|lv+9t`)GorWle3!M86~-IK#)TN^j=`hW8236o@d&v`CZAf7~W7uf!dx})X1QKA^5AY4cW2N z@#@iTG^LeGA(3@YPhSoL!GKL&u#xyA`5V&yBba&(Ms<=LL#*XW5qBKhn~2;%0T*m} zV!WZamyraFWL~i>TAbN2=uBXIFs6#?-?O8SrqFe;IC)6oFiG{s`zmljxl?%qKEWDV zW4u&@Lj`eQBfoyy&CBZ7nli z%_C>8V|tRt0kG9n&8lPJ(|G`%A?sluSurU$O?h0kdf4<@zx`K0dY zU&yFtf+Tj9T<*mZhiI7@0NotBJNjwX&VblT{$sa}x$`{X7k9k&?5RLf*_ziuKk6TR zFIG0;C_~GHG~*kACPI}@pXIAs_2#-QrmsTRf2uR?Av)8o6-8;jgAyP7j@)C=7d4}7 zch@`_%S^1&60JrXgOt_yeVL#e>|cdXxF`L>YFm;hRSUU=m|5bBR{ocoEDqW?^WG_) z^Y!D{*47O1boz6RZAThuaycXlL1PFd)adzNQ912DH>V$U&3c5@Q&XFC?_bnlH9YH+ zXL1`!m~QRALrE?t`k%BL@q+IJ2sv^3@ie4-pKTqG)#E)@RAia#&I~6E@|ThTXNmzn zC+10=1%)Z~VmCz!y0yAq{@ZuVaJr^gTui+ARu(%%jEuw#?bC%(Ap~2b@@h!^IVbb| zbw$|oIh)Jo;`2gT9_O`ZlgUN!&ly9thTRSSt8c>hc(U4YRGnCulBshPOf zk1Fqs*|rwAGyQ-S78qX!Cg|cNrE&Xkyd51r`6x~+5XnUqMsQZnw#H^@CDL7yXzt%Aq2$5sy=0z8 znQ+L(u|}v{#9VV|JUtjm_+FNKK4U zM(y=;S0*dIqW%e0qrsW|Lo_x|sFc~DiiKv{M@I5=vB6*R)akJj8OWHuI6gL2);}=v zw7@?D=Np;eP3y9pmck}%`4?T;p9IRd+a8G{$FyjBtysfjg0o~DnD!+&pfuo(#2>{N z!>2Z`K@SavT5~&5O|T*D;^PStabcSR0$Y(&7)l21pa*Pr}J4we^Z^q~(u4 zG#*%Deok~{59d~vUJAlg;BYY1`#y}7__Xo*ef=a7|mahRg>1a}nI5qA1x1kqH zqv`1bPd3N6&5x9u9Hd`Yg1+l>&3pM$kQaJSx;VXAXyk)8UI<=2S)0+y7%=qzAg{-U z>q=McubN4aeu6Zdp&5wPb0-zZGooSmENb_2Ym{!typo)aE7AisZ*2rjqf9CR0j6Q;@trgIiFQuNM@>HwSnl z(MLiCk~WuJY4Jq|9HYDfEo^Eodv6DpGDiKOqg2pGaKgoKqzH8gD;yHhcN!j7bKKwz z0oiiXm8&B4F{dr8aVEvh9qQDJ;CpGb%~^Yf^hCQX*B{5)dpDjlly`fVA)A2bPr1kU z@{^%fEq3j0_!SGUlW;@L;h2{@6&+r@C+w!Q!b>EHZ6}z<%>Ux-r#ut6AUXQqv+3Fd zn0WO|Ml4VvBaB5aPM2qj=k)Q{kAupIoDX8&Sn0uqoRNHZqAci=Nq@i2sV`8I7oUHM zQDW7f?a-MWDbh5j{-ctHxjE}KN$OB6d4gpq1Xpfa^5c_JzYFLD%Twy=SBei~74{}SBt5K0NLsHnHqGztQI>B&gHQHWBrMNBk`pG&m4Bp#{HEcRCYA6F zT~JY?dL_S5gS2lu(5SiWOBb^_ot^0?2C2}{AcOYKWHH0u67%?P2Kk7;?$y_&dS&33 zBCe&7N&}=GaCo>jk!OiH$TF1!q*JLt=l@`LcllFO(G=DMhi^J{b5}PMMS?)4^#y2$ zHb_i@(sAN{ zXbkhM$v!#=l^autWkhQgNhA;iL9nn*{1W_5?5K6ihb)!fl8z}vhwQGuObN2YNw*&6kkp{fuQlnsYH%v~Ke4-i$^`-UO- zBCh1gmiMRej7{ZKi{^)c4{p$?fw3d1shuq?Yevim#F2N6on zL7ViTA2WEME zEJ~RF2G-hL`aGzlPZ!duF0%eB`Ifl(HLKC}t zcC|E5FjZ1S`3>=CCIK^r=!=5WU_r<7)U+38f-2i@u~G^=Vh=LA{K0VP&w@jY5`Rsoc_WpCUtir`0e8M}lcIp`kEQNvCrSjSDcLI_5u{jkh(Cdr8mi zxKyT5AsoOoFs!Z0s8!Ps``2Z*Lo3^c+}pzZImo$2>z20Fcw9lvl-*X zXI18`0bzNYFdlY8CP5GX;yPD4a=I9VaUK@PA_QG(%Vo7-QH~D@4oFobL5keD8`ZTE zAQJYV#5(ric9`*sY*@U36;P2i)%X@Qdm1!yuS)5!PapY6;IOO*Ch|HZ zivhZq)&{ykI>#6^Z!j|z?amPqJL59`%k?I|oIRWXarhJa2M$piWenWI;gqr%VX82* zHu@x+-+mR}x`PwK{0ljsl*1WE_}b546wF&^NudU3$g^GZ|Fo4U(lR6+dC)Ux#wooG z_MGowt6Fw*qFA?5XgBKMVX<$PR|#tI{)Qn_gYYF z*lEF^qWx5Qba8n%&K%K}c_$j1wABZu!c8_m|8Pc`(eEu2>NVwDhTiZozbRKQvt56* z@;PhA`B(jrX^u%KCu_L*2_5>=a{8yp_i*2ReZ#_>!!mPT4l;K98Rk}-k4{5@N3JCe zQ)w;zN!VZIG318F%}i#MC^fLM4eP#LyxSVz2;p(#y9WQMO(ujV)!4;3(5-NRZnc8- z?e%QTvGq4+ovi=;$WiWh!MzE61FGI(zK|3r6X(mhy&0d`zC%t9q)I8bm%14mAByYgd{BlvM!4E7q0f?@QABFMoWR>cs418%*9AxMZ3*5iQP8TmVj71ZFI3HbDrpQp z8QVUQnJsOLGL)oNDstdo0D~z{vdlA~^Ahv?!~GZzHt$f!TS~i%bCs9CAph3e{V7pp zT0Q9*Ib0c8!2Xu&)xWai0ef&$mgT}CstJO}MznN z{e4oHz| zb|XUd$3tHKLz~$FaQh zT$>pv}mYCT@ zOsj)YB&z`Px*qL6{FKfwyXxwFHrn){&63KI6VSliWcLwtD2cKwmB7=9meheJc#1m` zHLr3|!G6f`Zx@JVVSDm8qQhBclxlLXhMk~rKSqt~LB%X>CYEn4q#xTK_zya5H(>p4 z!Q>LCG~G!RqSuRDmZQyfpvl!CjCwvU-#v9awG`Wori3uVvh6g-#N?Q0->Pa|&4tdh zl!^BC?8fPlMN2iS8eO2J!g#)&%lIzB;vcRK%f#`zzS6#j;iajrR|5T>%w|BL1qneI zPN0hx)oy}X%c0VJzqr~>^I}nS)%G~|=?{wb)=50ULX+m~tg?3NA37Yz<2l-@%>1wG z3G>XBsYkeiN`h*u*Y&zh_P3YV-5Q$Lx3NSsLns1UXa;iPnQYjC#2ge~9M2x#G{v?; zefPTKpEV!n5K!TgcIDAqNzJjWQ(RCm_#%u@GJs>mytPXIUl5WU(WI?M?gSNy{P@Vn z<~9t|Etx}*2}8S!SSFs&eUpDJw=(`;+dEfG@93djeA3u8#w-#a4B8#G4q*)qSg2!*!#$h-3z zC6wr2#t}}oPnXFN#l5g*ix7Q$an!2Nu~DcA%SGt?M}b+b zx-N>e$W>ZJlPtIytI?Co(tY$i=uDg1yXcEc>u!{vuyDrBzmXbqRr@JaABBaOA`WLv zWDecOn!EL(Z7%P}d;5UO>B`an_DQZ_LW(>asg+i(n+?7kqidl2>e;HEt^mysP(bz- zRtrcX2t}f+`=bAexiL?H{!zZ3AyfZ8CzGXt{dw|D(XF9yg5&etEp9{T2rS5k8?sAG zRSxaW?;}VF{KYBJRg_WbTjO$%5zb-`?YNK}&{5JkXH}}aX?XO@hK_Nh26SYU-l^Z4 z|IRj#X$+hG$MKD$fsVV$gDp`?{((NbDmcUVn52<E;mQgx3c5#ULG>w$;2BpJLL#^PsR;LqY^#+%r3 z+^|sHW35A@PW)@ZTU_l2N7T(n0X#8EnxrwXsNS{{rngkv{M)pnmA=W9*i7ixF~;eH zlI(pj5H`Z9@bELPmoh_rI1&gI?$Jhmmh$*vBw^tGX?5sI3%}HpwGm4X^ z-5Af$d!bW&b9&!vb;e|7au#Yzq0PSGk4L=?&+J$P8h;ph(k?bzaiY@wxi~GC8a15^ z;|TiUKM_K8Hg6DYEGt#^l^3PVZ6!M2vj-{q#@x_2%2k#y1z8|bw7VkNgk2(WKv@R} zFBDF;mt(Db2Z(PHXJk6zNW1nXy+SzqBKx6bqJ0myF<``hfc^pMNHEEXxG?^cr4gy9 zT{Uy`d5lYvp)y=>+Uvd}vQUw_6jpv$2?+b#Ftk4rH|~kN${Jn`T;EQ7!n3L*>%_ZQ z7FN7>D|IbEWkq2UB;3L1wBMki4)q9df%-GnM$ zGNmYw(r&O0^tKmGps&LG*bbFU&$krry;4@bWFKdIlt!N+jqWnC^t|h=)z1Oi4byIR zYw!Q5zFVnSQ0jSxhfnnY3UHdK;%>^?_{`5Rb{&cSbgMTBfNPvKnMqN>xfYKS{{AkZ zH1;c3mI9_fbhc|0DPYl!=iA*D=iZv%^A07pn`O2DRfS#L9SJrlm{31b@5FQO37q|? zXoN^}?47X^yWEve$Lo%*LhI*E$8fQojw7RuR)-8N`hzTE@H<2RlPb~mTqIDgprwP3 z$M0?!-NE;Yv7-Bgi8FMw>;3Tp`5i9MASu0-h7`@?62W2)>6%?K0F7x_{f^z6yVCws zZec71TSeDy_amcrngTzY6?4wJQz{t5qW^B1d1lfTi2h!J*ocTXR!d~hk^7@(vc zYf#**Ho1`NK9{camQZ`uxj81(9ICL)RN77yvMjFe9pm|Li2xqb_vLnjgqai*HcaE> z^U=a;H`w)Sj-0@09BmlXm*exAW8!u!#l99QDt|xP0c=fHYHe@YZ`E^#MM_9q1ZaZg z70G2|n^}?K7(fGcRexf_0j&)sP}OQdW2N*?Lr_=^p4(D7RnA%xOe*Kb460Z;GAaF(qN zKLG%nii5v3FUk)Cl46F&^xR|>O^iK+hL*QQj9{Ivz)Vs06XifgxreqI0K_~J*A4B( zJ!{+4eaGjM{xMm6Sds-TSX6;PCd#hn2JWDe&ws;G`+(RjR2F52nNFDF~qdI#eB_9@srP|b5| z&~NU~Laa|&YDgVa&yPi6esYh=V+5z_546$z=@;nu#l&h%MgMSGri&~5>HNLWXNL-_ zKS|Ozr=i48CJ4^KA zRy~W}E5S7c&bBLd7qa*LFG{KU(k{#c7)uTaL?WoE0x!bxbfgCRT4N$UWR;*y_)Y ze-7;Pbq#XNzQ4YNBl)dDQRTOkfcyNqBVu=$I+_PGnjOyScbv0fY}n{kk`(#nPEbd@V-Pm{dkjL}P< zX|tcwx(c1+I2=#|fx_5@whc;1Y9XY&_UIzR%2p&G7pB9bTSWFq&xr6E$#Vky5FO5n zkhS(;Aqcn=cfVP9O3@AGH&{OBGwAly#xFNQxk6SQhtw0UECNsDTD;E=YKDq}FP~bT zR~TlYj~Y{SgOMij&oUjyF1rKuadJ>KZI2Z{n%mff$cE}bRZn=pG=cTMJls}&`Cb3! z1ABMW$^Cp<`;>J|Afyc?s=zx$=CxI?xS?YQUUTgk%&^K7#MWGe4@CJgajWy?tb<~e z&AH?Hq~whY^VKO0Jn{f8Kn-2VIL>srD!D*MD?H!Qhnv^_ytjGdC8aiv*5*BoY=sst zYmm~Php6xmim5$xd&m2~oAjmg23%-uG?)$$TzeR}xT*jjtYld{%`=~^j zU8KM*=G*!`zu|ZntF_w~$h@z0a*m%#xS>l>1wMRU()+OZLgIZva~appH0nhA*$i=WoD z(GNZg=$3C={P$+Os0Eo})fO&#g+j;!an`ZV%=2g*!Z#q&)EDXA0CMtc&*LbPfcZfZQ2?N}T_?%VlCdnMB^ zMu}_f?m(Rwf#O@uyDr{<#vvWgkB~&5^2+ucQ5AFI;5cMhs@?Oj7kPYjGGrnYIKTzk zIqmv#ssd?3dNm3n182>e(XS-cWA2f+`KWw(2Z~he=cKes*3Wg!}xr%RSL^a&k z@z@h@d3n^_ENAI7Ht3K@_53<8N_|7Nzeb5jmJT_1swV4U|Sz@b^YtTI4+) z!&C@;>--mUeZIfn0iEFrUj28kf};b;BKQJj)jFSiF?V8`>H0Q$!1u6dsMzCcB7jUo z^bc+yG?ew=*>ksft;n|pt={N>#s6~TI56!`wT>8ZGhMY(r@DOvq$wC?UdKcUMJ5FiBW#Y?0oJEV_QPxDaWTrD@$Lp14Ph&x(;YUwt5?&GujkBLB zG5iR`0sU!cf=&qap3OXigv|lyf8d}%@q$IvNoBY#N-pvai_F)ineKr(rQvb)uGiDM z$3p@^3M3fy{@uL&WF}^GeUsahLXasa?fudTJ?bs48$OFtZm&gsn{k34W>xzH?v`imj|Ew&@Njru*AeUhcrPOH z4<|K47yA*mzy9WnT17(CV;heN#eRsHz|={ACWflHGTC9fdv7IjD6zen3{Ls4$NWNk;Drk) zOxsSR*MIlEZSZq{rc?Nav20nq2$+RzjaCd?XGj$7>x?e1&otixuN8$RTT$wLg*@Iw zTWrR1vd-fuZQA~sT)en$@P^~#GCcG|h5kkDCfeyoTECxs(!V}in^C91Kv3_p;^nN? zMk-+Lm?3jD`~Bsvf1|IpFI0FRnXeC6Vz~V`ds?sO-$SfdN28hPw3^Ize z6}%qcrPy?o)fmPvWLJ3H8n`EX zXM4U3C6Ue#T4>oFO%@Svz+f$|-VF9=vAya%ghuQ@PZ-L>K?!{Qa2M!Ftq?fetmq{5 zH#ZUP_ud+JDC+u4k2Hjc8mq~I!5s@mhy3SdTykUMDp%=-hMt6hXa$2|5lK@2>IH-~S+$Y?(ixM}qIO&aPnpgr_4eXt=q&^*X z1Y&%=&LGqNG}#oz$`aYyR>Kd=Giv=s_EB6th~SKtu*J)|*hGx#u_6^VdzaL06wCV*u@%k9`(O4Gvb zG0++*1Uga2+WojaBhu}pAw%s@c=N9ZrK%o`t>I-L8tv=3zx1Vw#A<_WcehP7Tm6`+ z2*f8a$n>uKOns*OMX*f=`4aQmHIjB&gd-JCv^p_O9zmle3x=oKF6T!#xH*_X5E}bF z4`*;o9bgkdgI|G!32oYUOIWX7$Ie}|(-v;(-GQ4c8H2sGzIK-X4p%cK={^GD50g?x zEuBjA;i`O~r0V5MYjN3qG&y02w66X~79UxO+;KFZ{eW%_w@~$Gw_VG<$Nb9<5u@sk z`n%Bq@p0Zl#HWz8jBb{XfLnQT4hZ4)RI^H@Q>*^7E}u72Sj`%O(@jM&W%Ax+Ks*0$C#d+(NKt>rheFWK!iW)? z;bSWB5cR(VmgE=Jha7)d)ZXx@g*agzPjlvO5`_#UVq6lWbbOvvmTHbe(p`6F5fK2& zZh$0#svKOW=UFFx@h48SEr?159q3QE(7}Btx^WUX-3$~{F7QT@kIIn!%ALdf=v{L= z#`O~*FfwdcJu#Ge&i#o{CS+stGu|D*gwFH1_nCrL7^;H1-=0VmLRfqwQ2$3Nnq~Ul zGA69XQ_-$rFr&084QrXB4eB|hl0^ZgiS4s}B(A>|`V_VI1hgTz-T-Ov0V?qt&JNr5D>%c?!S+7PIFdXbSP3g!rs0J3*xi^3wA0KLo3l6=rem(!`I;!8=#*x8yF zGDH_D#kbsdKSDMHcwGGkbnFo&c0Jz;ZG@xKD!=Dn znM%4cueg16z2YjGK`M8f{LQ=4>V=x3>TjWV-P{!4wBX&ONf4>pW#tv{B2_|q763ZD zRXDt4&PO@O;K5?sHQfp5#Fjyl<`DEh*#0NdIdz|n>;^%sn-tU&%A>%zYWXPQVeC_H%410Xv=X_uIro10^!e!d?!6Q;1^-dtR?E$Cz1LrMFWQAu zRC}1vsDoJJHOvSl;sV{V)UZ`)tetanv;#A-D}dPI`6^0S=Uqytb{=EF&C{V(&D>$y zz`JjK^6+Kf?DOR~9JSoI9)DN+vd|v3-Q03*#^3tBhn^wUNf1}6996L}6VrWFvlBfQ z++!&!&Nl38d``VFULN+sqxcpCZx$~|sact^+!o)5Qbtwp%0&tLYwPc)&BWMYv5S4I z`XLm-rx*?X!C^vi9*kC?vj&pPuaE`s$y?^&rEDdE_K(r7`DJCAeR;mwlzLYrGrh}l zb|~v801^9KFOAQ?77kV`si+>WzfdQ#?GRa~uf_*Vgu`B}y3WTcF6KB)2*fZ1OY0KE zB6hvMwo8ky&T1-{>xoltAI2M9x5Dd~IWk{f`yB=RNy$e02-o!dO7FeR)?YZLFcwkR z#qzw=^5(IAs=xn`%FFE;u+V!?n$;GzjDUhDzaQY!=xLMv9bFYi$}v`X+RAiX*eckQ zYP89rPb-kj$*|z{bk&Z=_F<-|@ga-jI;5b2;w%E0F?AJk#gTi#<0+U;c3pKu7ouYF zF0C~CAXEAfNaQM`2`@5-wC660hOrz|HPPMNGB%r1nr{}|%5+{A@TA=27j`fZ&Z^N< zB!Y+Gg8*miun!?T+h|8l+e0$l-rcCqcUMkZ*WbY$uG8wY8Rby)9x=rb>0C=N5Rk4{ zk-{S*q590K5?&ysNJX-7^3dL}X0FjWWQ9GwnUoE-9#=zXM7(#8DyviWKzcfeMH*!| zN>6f?Gd?B*)O6SWm{*dm6j*2rn6|&CA}1J(PX4XE8-0FgXhEozUbQd<1U>ZSNib=N zs@%bxkzc()MFWy++)|M&^4Q@<7;^o64}E3p+zxn6Q24gbWl_SKq<~;*sCQKfQWPC! z;jnL;KbdZO7=`tmoAf!xp$WqmA_OmDiw2y(_o?bYLvPkImgm{O{^H}>4Aig{_z*n? z^S`|Smv;#!-v<;a4n;=`A2K}Oopc!-z!3>$4K_W8H9DeaUoc|GnYz9{bxKjJRdcPd zQm++x!)JqZw9-99(X!#Cn9_m&6U2fYiCieH6GPufg zj7OAaOZ8si1jGVDM~@_GT}p2&0W6k587bRObw{2Bk#?I5KNZP3%TbDtMVEiyZW1}w zjNB5Y9fW%t!{>ZuHvadC;N-#x#ql3~8+&NCLbWEfEVWm@7nKH(%Xazr9y}y+FVF#p zHr|2B2w6H9n?(A7HU-9*OfI`Q|JY}~e3W6PO6LTT()VH5#D9eQd+M76IHAz1+jbMx z*hYkmENiJUhIb>bcXyS4ryb+Xf1gAzm<~VsS+{wyqy%WM&O^gZ~|7 z*9G4Jd2+0@F4@c12W>q6CJ~^+CVsgcGOewv?Pofk?Fb`J$sF35-=uBNu)X-=2a9Ta zdzgyDZwM@c*HBAMr(P`QGXvfKTRe2Mc8eu(KbT+z+Ggux_^eVao;9^tURg+nd?U|0 z_g_8Q&$#|m7>qF_k9zjCUjr&1D!vbgS0Gn;&jI&lq)S^Gu`iI;K(La_Oh zP1W^z!lU0{_O1e^r0DIhHcZ<*PbNQjwz#M{s$PW{ zEw8touTn4WN^wc_x5c=8>=;irXfzlewe_es6a}eczw>8HQCf6#qw_QSV6Ja`@S!0o zm>96^?9Qn1+`3onet`Vtv+*F{6Y4wK?R(A!R8BV@Z_EQNpYF@b9HULgqstDuYv{$H z)KmsgDlG`o=LN;?s?f|$?yLAIuDbF3XTAcp9pL?7{}&IH1;re89s#^!9Q(5Vbje>J zXJ#rJ`Y^~W7#d5+8EJ|%Q};=#EkpsCM?CU)%H+f02+7EPOcC4*LJfuA<(daw zB}W36{|`@R85PGCZEIYD1$WmF9D=(9hY&0{1ec(}X`B!wxLe}{NN{&|hv4qsIE~-p zyn7#mKMWX6bywA{wb%UST!viOxp8`CU+G!OFCIQY5`41sOeYnCnZ9o86IOH#jN?EQ zY@!7MtL;fO;RWM;t-nwrm|)*jDG}Z-%7z>>I-@pC}?U znN#!(*EMFDhzW<_sDFlXx#()jtx|VTDB)?XZEx-|2pH;j5q!z9PNHsoc|}y;j>uM}>@b7xT}vf`OD$@z#1(RyuuY@s=ZD6DLg_`)-z@`-Yl&4VjCy~h{JZ61A~O&57o3Y3BAbF$Wz6Ef z;h!Xv-+D{}XX66UOsb^|szr?$eYo32E zv*N`%M|lQr|BG*1a*m-^9E9?bN2Dc3GMjD*hs^9Cj=zxk;PP<}H~7UzL`H?M`*3Q! zrHv?ITklt>wNeib>y#Li2zXg$CBtZ zpAU4OgiQ!b)>7hlyuQBO!9dY8T2f81o&!0LSo$W*AMyJxmnnNGy_{~vF2!QSL`?v?OQ_M5e%YE^=( zoP9Q5){i=}Vtr#ClehUpkf{P3NiG5r{EbT-wOh$7`HJj6sa5ofZnj}Esw#r9gg|c@ z+ez`6#r9T`>0Ul0Y_670?*mt*$3__01rau+tg2@yI70tQL`w@q6BD*E(#Ohdx^svY zC(Zbm&wlD-JgzgmWE{7cNdXEYJ_EL}TUg469V9l~pnZyHiX$#-RIKQKBX)2aW^3O} zlE>ZYtvq>d66lnKI;HV3H|lXpx-?qSZH7#-8y3#KJo9^NTfWW85 z=MQD!>-G)_nKGh{OJfC=K(O{lz>wnNWp@4Q9*bqxL;;crG_8Cp59dFL%<`@x>d zMpPpl*fd8(?DKq0TB-b2;*6TepFahz;*39R(8hglu{UJCT*3txIvUq6!1%r{-7x;Zu4oqj3lB+~N*fiu=~Ra&y+Bbd%DyPA|5yi%_c`@W9-HADFR z7Qh=;j}3-$C6pbj{>et1$)AR0&okR_zNy-Uayw{Byck*&B<{$LJ16RlEaR}%?DQEF zOE);I#NmDCtz6#lwGH^mo?x(J|CwOkJ*)SVd4XJAqQVq4&&}^IszzO*i`Q8R<4(A1 z%cx+m+%y5Fh;w{TLR`2SJy+sCFF#t}M5O#d%7&gWa}CO)lB)(rLNh;+jov%X)^L1=(Cw0|Y)|OC zxg&ceH3!13is|3{ys$|qRVL<63LEE)AXM)yoQ#NPo@QUTCO%=8VDnjUY73ES^>%0P zk-tq$oW*kJ4SrDqQ1Q*d`+NS#KD@*FjW1HdBZH z7_J!S&A!rx{V_J$3@{W!ZjG)l=idGl#Ts8ry#(AS85M)1{H;m`nl#EDoA4iIcRbq8 z)=Xp4v*HYMSLMgkc7IVO`9)l$5J0WXJ=5Qcj$6E2QHANqFXtg}v8M<8Xn^dl%D~cz zn?aM*i!02k`q}Wiipjmp$j{yy|UjA#g#j`6$U4&v zWiRV%$uvLI7-N~lk-1rV#09eQy`5=7$3742aljP>h%+4=P3FmBG`UtH6*xkeQ7P#m z5{-2lh(iXbNWL`rS?m9FoJvCG^;RS_7PATFD|+?uhox|`zH4GR)M73)rBbVi+GfKC zrkxdY=^5O6kPv5Fe5I)eSDhlUwXij2`lHK%c@(+cPp4<+(gZQr`+o7!_yqO0$$0q7 zQZ37gcXy)jm zEnj8RlXJ6)EqT7#nU1EBh30}vFPHbk0W7cN@8GdPQwH(hkB|k4`ceW)1N>kHC&P$v ziL-hdcx+Z0wur!K39lqlg|rX_LDae-kH7X_Xi7h*K0$20dSa+Lp6lwGm6FOBYliW0 z&0ah_C>~7O_i|JnFRM#Y&{nTcYvnqg8}n`4T1HKGZES2SunuoA@`Z2zNl+BIRIzWB z_k7MVRX|n3OSw1w5|ppQ!+CBmE_@O@Nb(M+tW_tsh4f7$k%G;SWnuNy={Gd{oe8)C zRbPnja6V?sy%J1A#|F_i31u?fB7;N31@^aUKjxu?#IDL;!q4vhnmPZ;SRyH$1-U53 zeA1*_PLf>^+^AnRv$=aCd?5v0*2!j8Bnp>(uqCt1>D?s{Hl0DX>i=zoN(K5jA$HOb<<|6>^9 zczJJ;^Fhg9cjv#l?F9OtTw&{N6KNvL5GUUY#mNLllo5d0;nU-Usad&d9&ndpe>IK?(k<#ou*b`7k2Se{^CweGF6Qd?VOD8xv3Ugk zwS&SqC2Q+m%xx94+-_JJU2oem{#myy1MO+2*Q(cd@n0G{t7t0GL=vexN6Yb0Jp8Oo zOO99@t3IAy<9^8|^M~c}fZ%alRq0;Ng1^kc7T}U9$%|BzSyGW(*FLZ9znjJ+>9VcS z;AJ|+^Fc0};9kLk^4+Kn^y$sZo{;+zk%?370sMaSrUC0&(fpv4-EVJC*kE6{FyQZfFWAE*sJ=T-*JZg657mM zd^0SuZ$GRYLjV?P*1n2%--tmq{}JrDQV`w~=6`J9If*{EiPjh5+&aadYJIM@71~E@ zO@Eo(nyY`ifZMkH@Vf@uLNqBad#~%`ON>)X0HzQ?c@(j=Jj6+F{ZrM0c%Y6gTFYA) zeHKd^vt3R<()7NMNVB-lc2E{uG^$w0Q*YJ3a2l_hTfuUsnCDZfQ`vc(>ZSmcH{|ESdqqaN&)Cntqz`XRUA!n$sw1 zx)M-6&(!vXS4reHogsA6rSpekHS}n*a7oHMCQhfoD}|vShPqr*GeC}YULz38{MQtX zPyT5-s!86Tu#zLq?WnPgB9tOwq~+Oj<4QAub7V+ByLnIlgAo2pKV*BYj6bR!bmt!3 z->Xj*NAdep(v<_Sq-;~=LJebx&dMydQzanRM4E94M*+75RT!~49 zw?0wAphDk3hj#MJeDBh@UBnBniT?&bkachuNC?J2-T%5<@2~kzoggBS4#pk<<~r6~ z;U_88R1_%zvYEKwGofR3Cpxm^b&A)oC^OysLnq`c1xoSqa&*!(=TqaM6Xc^Liu`gS zqPpDgoy9-*@CaDPso48ATYsCrq&V9=@vS`pKc6vwRW*p-^9mCY9rxC+MLn}82>gj6 zD%)1xa5MIfy(mZ9Wak7ez<}t+8T=W<8l}^assPe3m9=EqWc__gc(ZnIX4-(~V@^O|; zOjglv&`1R9eAKE7?T&ajkCv+tv}C*r!!-7K;to^UTd?%(Tbg!59mE_w9M02pKC}w{ z<7Lq|s9$m;FFk*`Rc;%WIcDMt=s#;^YjFPI;$T2S1wNv8VhAoz)Ne%j9d5VDji83V zm-1F!Si3DWTrMRBH-69iL3Cfh1d=*jD?!JC?oD^K>1C6#?%q8vHb|^W$@2V85a z%=Xu#-=l9cxgWX0d=EtF!5!D}Yx$&x3E6MT z7|tR^@?^v+*^B@*#IH98UzQcAhA-&EqE#m-t4$RKa9qXlC_bh7-i`Ico8 ztHc)vl5r}AR??dOhLd3X*T?%WW=F0c6e12AZ}>+sL^uTXDNwR?mOk+UgLK*p=qc7W5i-IIuFh!tm%qfcOS zZr|Vh zi_tmwn#yk+C4m4?)5~8Q#10<|rZ6^~1b%O;aBXvJU7T6m3GT@)fWIPppPnh&aO@(9 z$w8s&f+#Jb&9H35UP!|KIFOqh8Z{4iGW42OsU4q*83oc+=zL$56yBUwlHQA5J`u2d z;8w0$lOY~?aupSb-@%2r?%IC-42=`+Bnlv*Acx=4wY}nKK6Iiq;!B28ao-Kb=QrE4 z$Ut$zq(z#XoN~#zzS3m~J;u2qM^iS~V|%#H`fW^Ijs+fYzo3cKE%~mrp^LR{W53mE zj|e5#a9>CXEnqRqwdceRk{t~>G<}oG5*@-B-zwBl2B7aHjW_m#Sn5dGJ+C58+wqEj zoI)9lpRD3IdCMOLpH!0iK^HE`R^VZWE(eX-H&Mc9c2RUkXrDU6(RX`ZIP)9l6*t#Z zMMhbwGg&1q@3Qwk#vpY&Nh5Sz+|2Uy^nGtSW$AmU}le02A`5Q6vU+_JS5~oW<3MC-w$#h-{?VS51=|lSml1t z#6+&=o@Xm%P*d;|sT z#^EnkqAjyd+e9B)W*2^!ZRfycYY(j+i&Wrp^=)th;&^Fa+gyUpQ|n3wF07(-KJ$Wf zASfTMXkHszQ#=@aNB4Me5wYGY0O|PHzBq49$>2^l>&MRjoG`s{VSAYIVj3qq_sbU% z@&ftBzqh@$zFArppgvBP`%890L?A$#v@cEoTS_GcdJR!WoG!``xK4dhg zDM@iW)QxytnKS_ID`EaEYktr~Y#ZtILA%&-n>IW2daN1l*?UWwH)MC$0=nM%0+1AM zco)8Ne`$7OZD}>8XlZq%7y)0Bu)N&cHk{s|j?{{MM{)}=FoI?nVpwZJh^Lu8jKVxy*3hkNT9f`vw*Zmb z19+?zZ$7f82eA&YeZz+{SIfC}lsQ8uY^q5dFl*f+$+Pp3$Nnq`Ezg@R<3Ui#Z{IiN z;ofdfE0prmo8Rdyb;9L=JoClxViK8Sdq$$n(&Xk2{30ky9u4)27KXufXcqvDr5xD@ ztdaYD){_{!{bq_F{ki`?X9nnkU;COsV(bi3ks?;xPbYOMt=_U7SM9#k5Px?A_!eG! z*Z0>z_sFi#ZtlY>>bv-cSe8bHt&Lx5IknKZbJi+bsbej*;M91&H+I4DZP|tZtV^APtIxMv(;H&f4*WXJNr_}>p_KE(@)wQIH({a`1S6j0x;U&84(;$8 ze{lWwdhT2o9Hkmg>rf{gUSQdd(oRJfm%Z|&c+P|Ju~BJP3B}x%Kpjr+jX1xev^-8- zVul^nzXY6}BS)+USjQVL4gC)4Tw_>6RPS3mY#Hus7r=Rbc$~((v;A@=YByot-F0$> zQ*UYJyJ(dhT?A3~SSz(O;&iKTx{LQTW=o*)q@kB1x^Y7r9+b z_y5d7RJy0!0PTmr1(?ZaIQOR$2&T1ERmh&`{Y(Vgrzm287`tEby#x$P1k`3F&*DxK=zEKE%Kvuecb44Ki=VvhR%>OqS{Pmp$RXTpaW}j+zs8 zF;cPx_Jh5Nqh3xVD!NsgJEXWR1ZR~VSsw1+L!sR=6`u8{QSXUS*JxEmvC_Y-Vth0Z zMmO|sgr)GaPue=%Q8l5V`uebW?%`FY8Cos=*Fm&~=2~!yrKCp?04PSBx*bMQYVhFz zebG72$>vxxvpy=HO+dq1*MP(3<7;K>#A2lPE6}Z}oCABEqD!0iNW)Q=oO zLnKX+`sud4>@{?MNZS)qR+h+`C;PcXYX`Pv<{Q3cQPi@wD>x#bF^-0_i&BtP-ZA>n zxQCdWG~{K^uc1d@=+}6iN2KFt+y*6!e!9jUp5KLmYeBlvG2>hfj$OKCr0bR>ME*hy!%;l z_h+>2vNV%$eELE|)bW0eCv4DZb3#EbPOH`gvEQT(FQ-eL*zFG@06I-V;kix$y)R{7 z_YcDSaVcwf&=7v7-heW|X2^&dm0;01S|vorK>WtExrCA!RfHX^8_i~-vdsh_u|Voq z4I)r3MGviFyy59fc0**gm8;Gl{0aaJCAZg6Y?RGzOJ7lH)Q}+Z<$DgoD z0+txokVkFjy8K)HPUsE*2>5axOBOx2y#28&toq^Na-3?lVcw}T7ynFk?gc-J;ycZ< z>k)VVX1qrh@+0 zfbk2htn9qe27Xs+$P_2(DmF_SwZ7UusF(Y&Ybcu@2la%ASD0|cQs|^k$gXCx ze2R)1_2J0q8G#AjWj?mQ1E}(qhFjL*a&!l>^xqEg=3o57{WAeE9drQUt#IKc`zW?YIYv3M=WjNR@qE2J8!l_W-cQjq(&;@htikI$VE0Z&;c;Uq&=3yu zKm~f~He7i5(OY-ln-j)|31IP**&v@z&DQE}_qMQBLy4zfFt6E#x4uxE2b~@tO8IVm zL0_1fTNR0G-wSJKQ{s}nnPT~xcM<_hM`v7ts4C(m|8!QG1*2iGE*+7-uS(tgiXC-P33Ds61LZI z{TW#z+Q@hyB>_Ea11{0Ceyn;XoAo^D(3`4vfEG<7IzR#+S?FLH`msouIiMEoJ6 zCwAQa6)B4p_onfuU*IT&OqsyTv5JxpXL98w522_ee%(4=xj8oXC7`W%rZrZ&C)qO+ zK}(mhJ@-VV9Kx)b8B7!i94@Cg z5Nuj)xLY7BVgjH~k-GO>YGi^deaf+iPF$2=>8w~fo-!y2k?hP0d+D| ziJj>Tpc4sbh0O8lw?uYR;4L3&&cK}Dg9Nz{;>4AdR2dGW@QKKzj(xupW=eCrt=aQCY+P&o=cbJ@La3qv@xMF377cmO&hv?>pfh}Z=o5*z3%)lQ|I#8R4i128O&Krqhyvim0bVD^EFwuif-5zs zgit=Vd%Ln^b*`JbU8Lmxhf_S+d#e9EZ9E7A#|FS9nrExfBdQ*(+FcztxJs@$mp86l zn`Hj)11~Qx9*OT`+bi-!i6AKtc0^s@;_!CAPf%YGR8Nx}Hko3P)MnmF8=!Lr5-(LP zFAad}0T^bI9cPCcZ-L6zygMmFzx$OABqdSbW8^!FGIA(sd!tN(D z)?p`qo36dN3#lnS=Xr@*#%Q14uy*SWZGW26*k414Ttfg?mS3}pgEp~Z0RiBwQqJ+p zX6a4BtKU0bas7Ans1HzSQdIA!iiTGIttRT)ue6yhzxlfpy3ovR^o7TE47t*V0d%wm zv&jeKat1g8hUk;I<~L=+?xBL(Oc9?4JO1v-dTIqf%pLM7rD6k0*aoQE5|H$Q|DV6s zi}9UItDI_u)7uUB;gYuXlKudBqjwnc_U~yw`Jh0*-Urq|g{41@#EOE%`bmE4c>|bc zgo6e^8^gN1uByH__A$m*P)uH0l{c!)!x#y8gFrpvVHozG)<$e}k9l4WD&Fq`K3R+mIzN1-$uM9H4*+ zHsQ6$wX^B$=vE$;K3B@U6Mdo>-{$R5{!na6S$CBOrhA$i`M5w%k+&+&Xj%fi_)1d> zCE(shcs0XBa-yP9si=O;>e}e+?Rg4zTAo>`1^i}TS!$0If!!z4T}#O2{#Ij)etFx| z;IQ{~Ui99@A6M5CAs3^dV%+}DmPVJU@(IR&ZPEnn|C-l)b@X@Ir9)azM}zvh0~^bW z9B^U%L7yR!<0I~CZ>HSmsr#F`zttA#070KUyhe6Lax!#dtN+N~`B1!4EJX35BdgcV z=9>3v_Bp$DZnY@`COS#9Z1=t6bp|9Wp9TNoZ7Um^nM;O7)V1)d?+sh+MA!}7CV<%~ zwXs#%O|n(M^+CYgx4y*|h+-8N5wf-8Y z*~Bz4s#Slxgwl;Y8>q?Nj)lwk2%M}z}Ej@ zq6ARznTeUQ zxQs%{UZ}=(+vAG&SExo)Po(+1jP;YHIYSH03sEp_QP@l>uQ!jFx3=1I|AaX<9)wZO zXe*HOYzIkd@h?rNdrlDx@xm9n3-jK|N-M<1zQx7B{QE|#!4zIb`kGxsGaTU;9A5%`sRzX@ zTHHQgHFd-!w>LR;Lb?UqQi{LOY-RFTH9XN`4*7~c{j%GNcc>8GM>Gsw)1I|PVGKf1eSU0sy1!5NH$iE>t)0PmI~R|VEjNt& zFk1{N-wnwJxxOa9KaWSHZ2B%^L`Wlgay@2s*WLIPkS&CwdFXwMD~*6|G!h5zI3aGU zPxwjoZfq8I2wl=wwq2mUA)y9P-fWK7`#-i|UNSJ8TS(KdFU>|f-QkukPNasHy0J5w z%4dJ^jkA-Q{d?>ywy)`DzC>#?T43jp($b(kk4C)eUIIAtEf-6T8{^eINj94HZ z6>O*2f=_S=qy;;5g_5rAxFO$QyVOzw?&Ae&BOg2Y>cE0ks{()opX^U0#E=C>DAQ`J9y;5_12?x;?) z2PEACd0E6HL&_p%ex1>%QmN2XCT8GzVJIYmtm(zfcA|b_fv_BZ)=ff-jl?NO3JNui z^6wyLEs k`MKuX?7j0OfDC%iX^2`f1J*D*oUEESj^MSrt|row*I#(M=m!=4x`Cy z=hcngcr9Wyih>9K>T64FJt`#(3&yf}Vnh47`MDQHSIhNv6OLMyigth-QGlXlq-|FI z7WtPQzGT%s>vt|2BsLG^o1@|2ag+})gMm=$tbGbTSI$lH`aq+p)30tvY3?XEqK_iR zyl2uuP=$@vU;SHAzFE~_vsaNR8Al#UpM$Z=hs_{{BBj6{7KmQphPbo^Vly!ScNCzE z9z}DiAycI%eN{w1UbwaB@A_$WIgAmiWodgr>eLq&rH3THc7;sAR48hfT!*sh-gy=g zDZkd%tkL)<K!V$4&dHD zm;l)>&Rn4btC^xZGXa{d4u34ClBN1D3nIm_sep(HHZo`9QD|{Bd8=^a3X!QKGF7N$ z#w0HI=dGe4IJE|84zzTaviKqPZ*?Gf7_u+FI_G;RSuz2e+t0P+37H25A}N9GNOdCj zZ#{vkc;_JgEM2v_w%qw@ktt>E8HVZ-TwoHXJCj7woJF4EP#0x3qFyW{Fa8{uRaTirZAEl--Wcl zVg479FZS`gga6Ghj;M>jjpdw!6CYU~rN3Whx%9o`FoVkFnZZfipP?QvV)W~{eq_rZ zA6%seYRFpmcf(*B^||+Rf!m*>!hoa=5co1NQoNE1Fhy`H?mG70ymKu?>4MJWCC`XK z=L6IFEk^39ejVU`rncJ|{x+Xm3%Lo4H*N_C36eLmPf^#-OTW$MR^ej+d9c^Ky?{{F zi*_OuC4R!R#8A~bnz&mhtGVtI<56n5^Eh+xeb-g=)||K4^RyUn=cpDH0kd7Q8(zi! z10*W-O3-FXRF`m;_rr|#wEd2q{Ms3}N+9gheT6G+eWYSw}j`j_oOH2Cfmm=k5>X~ zK)MM5pvoHo7|Z)MGL7)jQu%_Z)Lg_&bEioMEgySJT)+y(F4m1tD1>Jt3WAz1@<~s* zzw|6^R3e|wwf#^jHa!E*{rb>T+m)7*Ra5v}xiQQpMMXLl>ZD}1 zG64Ft^)<9oi6K9_+TEo;v#A@^G6U6;RQLWG!~VJBd+03>=I!hA>^+QAmaC;QBR`Mh0A-h3<( zf+~+H4_q(!KkTEqi&ic-_V%DrZ6M&_$19&F_M2b$l&*1DS;eudD|z)!_mkegBQJ5a zNp|15ctjTrF<=}3ta?V&Ap8T7Rv_S|p#&zo4Kl<^eR;K7%rXKAuu);`#`iN~y!+o0 zo^o%$s^sVE_?P_bS!ix_<#}B$sb4qm`pflWJq6(>@i@|Pso%_Nt*&u*f~u%N4HKCz zeZ@zA`t0XZD!-8$g0?W`y`x34ZRg5Nipr-UetvyAeLL-rqVGyCT8dOM5g*>IKQLRUs4Z zEWuWfk**`|#lnk6U_;P&%eNNr-}?DVmXtF0YH5|$muf0myuj#e88Z>aM^a$*>?>u`Z*HUCYjscn5BS9$JBYHCm}dsXcfhVUlJ@78;p-^AJMW0@x@LWj^TlTz0DU~fj{p&Np4ZsZJ;BdJ3D zziGnBrjx0CXnN?S=DE^0lLRRRuCUui`o4U5>9Nom0g_4Bg$i zetCAhe^(^F@?j3n^>dqtm!=6VE>NX& z&X)&s%X*=Jhtl@q2XnhjfR@16D#nrWa~3ue>uXqK1|ox0K3ng{6Ae_5*l-DwkPF+6 z;KwPxy_bb%oHHhy8}LFBoG#wZ+Z-W1Ofl)FmZ1U^JcmwP2bpv6w{H>Eu+gOs^RAbTL*GT~{a#D(3S>=MP#nxiNQ}1Ljr{Ex z9^>epIkN>>jrrB7FPNvFmV5+%`_5!c`00XF*T&zky<5)u z=L@#FuX9+7iaMEqT@f%tX)>Ll5;hicKaq@Rhr*?Mo47RX)GbZOR$JzoF4b~l>ADeOHM8QLXItJf#dGTm zXjfN{itIU+SR%o-bHj=X6BiEcGDe_FjKwN*v@|YXVZnQ`7m1gXnRl3Ha)|xpF6f6b z$)W9GQ722@7w18h22DN!vv?H$3Nes=5fc*^*1={kH(2AAX=_BJFz@3c`#kQi0I2}a zppkC(yPC&F@Lx6};Y|Ys4NfkM^fPB>GzHX|FQ{}F_rk3D;S2TAiM~v*aJa<6KT`=) zwzbPMbXr)Clzf`5onyt}2E<_&8Db-lK&|X8Z(A?=NcVf^47*9E)c)$_p?P0Rsw$@i zkLuSiJ4&@E%n+zpD9kMI=bLDY)_D1<8U!L#Lg4*1^E#=-YW(F6I zXN0k}Z{u8T=S4530eHxS9;7W|)%Vt*=1)FCv9DOuW}M>02W`VJ5^`UDHnE4N+eway z!IK}Npb3!sO32~t--uDOt-fg4YC})NWQUpG*j^_0-@iXP^@sh0PhJSd?DEuWO>u{{ zdaSeK3`Dqoz_mIq`#o>Du7_Zi57%Zru}6=gCn&KtVm&=^EZ{ORLTDtd%M_f>V|rmW z<2Ug3yVvdM{@uZ}^5x+nse`l;t3h~{?7zPM5=) z+ztW>*bF20PU?+(Iy3T&*!6xGdK}Q#Y#)`MLz49!VFLxQ))@7(B_N>D4~6cXBpe4} zjGMkq)rKH^KSJqvD3mrj`#pQ>%yl|UoHMj8o)gk!&I9MdV%?EYNl1v^WXU_`FI{G6 zS$l-};%i|Ck#Q0ewJ_F4=fH9HM!nY$)g*|)`Hhbw_vR`LPBbQaEL^gh<+J`Z&rNeD=~sw}&BRZI8}>TB!)_0tp??_V(t@pDHAc#3~7&kLg+ky-t7!hJKyZ}kP8!}MKZJZpZf z>}bJqYb}XQ$;0FkdO5!T2$UgnWbKAba}vaj_~hID57J5Zt_d>w0(yCETZ-HlARu z&!&b)&J8-8iylXxFx1r0$i6l7BVU6*S+Tav3>nogZ$E>ZMG*cbO##GJdRonh+-C2N zrg2&lK>xyKSKG+JNN2cA%0P)ZKCFp4QXxh40#gkox__9AZkUFIe2GVD3tbPAWAkvk zJzd#aWGjGu>drJ=q?%>)?4 zqGW${TS-{6_^@1s_Q)QUM>9o8&52;u((COy+xe`QiEI~P&p?8fm^RD5u}K{J$)UzI zR;$9=xLgf(9ejJ5)5zIaY%t&YUeF}c-JdmaIsJps#20O4=2%+1I!e#IW98^xQv1E# zjauE_&)#EDUSC*YcgP;nTC8Tg11_3frK-cjmBwLy_mG4-ZBe2z2mkYSV9-GzT*&DB_IV^!>$zvwxOyQy=fNsvWLVu-SrePCPtaAaDeux zz}|YZ=rQwfqwpC_?r0%Qi+J}s;N2RxiM^+^ZAq<9=){qn>) zL%;v26Y#T3otYQYR=8CzpqP+mYT#ukbgW^OUYR1a5+VSdBYJ(^ zl)jo~Z#O=HOEI^`K%P)HGdItedy{^&5la4pf`}8&b!c36&H(fQ?k`GXhf~|_ zKW$UwE9~wcImncr!Sd`gMZ;jkWyt3?TIpiopIJ)|f~pFJ z!__Yi6p<(93D-%Le!zVEVl0@so<0J*9^Tw3b!w1%ph$2fLD^9N`@D8GAywIDcR#I~ zcZnX)RugfB>!Z9O4!iyaE_@aAblp(*tA;Z7`^LIt$6Pm-=+71Gf$RNv)!f`v?ycR~ zcQP{b!f3mOUq2$H#-jx)oPy3I&>0xTuJLB?1KR&48vY>LXKOr@oM}}gyjuRFvmZU0 zK6$Xxl;iyaqr32H{d>d-WN|DW(2A?UIK)+}c{7^ek;IR@kRtYe9I@*|npYLDO_NBKG+`9l#)#7pf5F9Y`W;8AbELO;t6ETRV>j*4mdx04#a?W_#J6!@jBH=^HD+sXG8uR?pVf-T8cn@X*U(SR}=f>>RO#FXTp!@Be8N?ZRk!2>vXW!-biMI zeftsH(r!j1)h+VABICsT(mE+7;#=zxIFbW|wZTA9xQ=*4Q2XQkdqGH?;u-Z`TQj5& zgotZfx~xy;pWr?v-(Wp1`XcPLeGW`<{sWCybu`A+=Rm5*po{{Us0!`i`Cu($89#Tm zAhD97vU%Nv5Kho;_2n#-w}nRm@4#o^yxuB+HdMkJ(-6G^7)rOBVe$kg3UtnVC6j zxy92ZQk_XzJA#1Knb&UqQ<8$KZ~F_4j2aTJ_0)D?TwI*UC+(%WZ=}b-(7zA!WnCMN z{jU>b6%`fhb=Kgi*tofIN5tE$(r)VXgx~_i*$w8zq)}?;cvvlFGqR{fV`HooO*FS}bZf4oyi7W_}&6x3t?i98*P{vI zRxgu1*Lh*sjyN>&{iF+LB{X>KHhb-=Y%DnILZwVP7VjqV0~nHrH$L#>SXfs1xIVad z9{;X7U9w%339dTz4<`PSVm=2@WkY*-p*2+j7VK$YsduTMFZi zH!DpW@MvUlFidbELvifw(nku4mAs@ii;fa!IAp&2XuBN3@EUUKmwdNCl_?f9&I}^} z<7F&)I^QY;_ieSuX-mnqLjsN`#LsRqxE&QvOP=~{G=x{jfMZ_)W&hIoZAc{98k?Rj z5xgU3+h-iJ$;**ECmuHG#lV-Wb2jw}5*R6cdwqycJ|huk_8)bQ(8yI+y#;9d!_)I_ zc&;&yri_}(jH^hUv3hdZ5#JBV9Ktxih$neXO+MOSFWWSNrG~hMNWnClG$iyFFME6Y zZb$yd%3P*QY)L(uSUDr`_^lH#d~CAi2I?rmrm6WLYntBywrVQ0hF>u(FJZR(4w04E z#7`@1U8*u4{urKnY*=rCnB!%WRA#)Q%d(^k_&%n2nS|?C#0qlv$tDcT96?~_@~LqRGbI62uWl2 zi7~ZP7U>0HgzHy?!B*%s+mlBHx8%Az;Q9wUH@iXlvaywHwW35|iVai*5QS>=*aa2N z(}vmmJFrGZjC?OKR(+_ah*tO9BuID%mfj>MkFw!UBx7b*mUqFR#}j6#uHGB1~#o-!Yzj;jcJYv zgfmngWtcCXz-3wfAg^O(^->n1<(?#Q+oo-7_4EeUVkM<`7Wz$X?Tm7SnT|}DW+Ax7TnOp>M-g9kNY~>BqH@yXPH5BnZSN_klHORO+9^wqNHJ3}?F_{>PDSV2a2))mzbX)Tq9Tob$ zhGy^Xtnr{6nc922kAJ2aOFuK5J$s<d9H=B%A6VIxEtk#jy37WBI5ajcsDRwtDyO zJ}~eKfe(>F1rlP{dpX^#9bf-R$930HUU(i@lz2he7!V~+l7(+YE1@E5RMF&8C@ZCIGiQgg@E z)5AU1`xBpWl-ZEBRa7o;+#Dvw73uG`cf%;~_*-PLgBF2pVgbgSI$2i6&+rasajfB< zgN3;@@f^)scPifyocQO$DFl^XIcChI8KST+Q8MmUw@LVVljjGn6EDp;&45|LL_79N ztzSmJn3p8J*CG@UM0Ohtcf+U4Wk06-y)4l*|1pDkta+0|uoG@cq*9v6r`t?z%*1UI zn}gA6OTuK@(i~oPG*mHOz|&xbc*#nQe{LMUhI5Re_jWff0ADpu3~drOJAGO-iRctQ z*0#bENT{Bq9?1VN*}+=;O%Ova0;li`vMdn>vwfey0Gd#3uaVH9D3t-O-RI-wT?943 zTvs~XZEd%j;)-BDy}LSrDaN&c-TK5|5CZ8 z3ZkoBtwiF#{b8Xe3P~oRiz0#K7h}s6m+$-AK@JNT4GfOta1d&@5Y1^67x5uNsm>GV z?=_5!jC2%V*3}QR-WyPC5-aLH*==8WKI;uiV+t)#E8N}x?644@ARhMjSjlXbrJQH* zt(pGwt3ZI?n=I4J`H^^OPW>VBVtz-S2W|A)!Oc-rsUxKeyMqa9I&v7{MxwsUm>rcaM%M3Zzcd zi-wouu3qHg{OEu!cdI9(W0vWq8GG%`FaA6PF=*iHnp>DcqSTA#9 zHo68JJmCqrB*|4}xj$l)c0Dt&1DJ&0;OZ#ZG3L#h z?r+cEgiDB!I7-ZZ$=h5I(;Xg{0q#xZKqJ-!wH!{`RGc}e-A*$|ElgGyft!(5psk}5 zP)HNneej8BPvYGtw*%OY=lbt&`{uXG>x}~DL<>}-Ob`>AW9oz_`@A9mW9s%RjHG)1 z>^itS4+1}z2ke~QDrt0h_%jCQ2r#?aHbuqShC=A)talJR97?z{|K-iVL3<5G_9i*9 z3}HxU0k{Ag28sdzZ7Nz?WA3u~uBAo5eNy4QzVOAeeSe1haS63q?Y-G*%OD;Tr-QE9oy!$wFf$*QN9J92zhtF2By4?2H;a5W1;%lZ$N(>BIBy zs9xk?YHJ2T59G7+x-lR(J3D6WlwU##TCJRlBGG+RYjRHaMowQ0&bZ|AFNMd4hITj3 zt}`CTi4cxt^;(h?nPq2IRwlDVFmp^9>mE!)xD~EP5UXAdfJ3;B4Gn=wFnUSVVVdDG zKa4z~pa#IGC^T9tE5j<9a!yz$pys6iB)GMbhQ`KfZifYX^q*XC;vM!bY3JBz7NiBE zk1ogcDX@x=YnY;w_SAk7=io-fdnSsJ`hto8SY<^(syI0|1d-8R6OMk1i7TsXa4{Db z7dMrVknl}ZR8$N=;m}cze{UU=%w4m5)@^NHjNzz(dw$SpBd>q|9lo`n&Eops`8$Gw?i8}OP*C9uK2rdm5@Q?p1=eR})v8$q1{GFtPKGQIovUhjSMGLh|%n~Qy4^Dcj}tR&6M)g$a`YQ_fO zL~lh^m2-AwC5XGX{J{F#$d7~O%F4Az*s>ny-d$x5g2qg7$kg!!rHirTqoJsZg%?`5 zK#m2_j7mCk(^|+kyuZ4!kz$)N!jgFH2pdjA09DpS{Y3-w>-Hu>00g|LG3l#XzzbTI^38uf+xd5uC+Q8HY$x8#h-RB{n;kgoBsUyqr40{UO_&> z_UNj?2MOc0Dj!kpihtF4TT(Nx962D0752{`(7(3Y&At=iF~L^&Z}}&!Vf4qgyUH1i z*V9ex7&q|!n?EzSC~B^MH>vbw^0U7w&wC}@214IPvbzfSJ!LvJ4qKzy7}mjNs8F9( zWhzJnE)s0u50g~Yow*v&H(&t0@_x%OIyfl#gq{e4X^sQ~&R{)J%s1)%uabL!>8jBi zB}AJ(vlsIk!7%C0^|u_|E*_m z@gjnxvnSZl&@fHR2@Mh>XeCmB=gc-bOveLPT(j^~p5q5n!~^*Nw=rD_rCU+6&p@FF zKCsbSD;*geys8D?K%?ag?RLhl{@s73RP_6h)xF#=e}5}wwIS8*WXbY3+5qmB3*On=viVBoEc+pnGtzHa2d}%f-aU0lu>L%HV#p;WJ zK&7ckY$g+>bAvB?sE5tI0s}~fT z7b@%`jP}O*29X|20DKpuAs8zefRW%dPJ1(;PM!dOwG{A_PxgaY=@QDewzl`G_V$0b z0zdJ12S9@0*eIXJKG+_7i31 zu*XH3{7mimN@9;yr8*1g-im$+m_EhuOXg>n4eF0FbsjCui{N(bW3&7Zh&!Si9rQFq zJ+&Nw)lF-1nuSEhewY?~Zt$}>5yzy;VR&?O^rtsN>+ZrM%M)(1S=S2Fmc!1E(!RDv zu_-LiaY{n)Bjqt;ga--?J{v|G>g&S_^ZJ z6IA}%Jc#*+Z!qZv&ef6T49rEOEi)|*Lw7`*Hx7dAd0F4kuv&*SN1Q6@rr$ggcMe@6 zB_Ck4zW7vGd6S?BWx&Baob_gaz(Yl#jTxXjEwncSYZ!uVyG)1sJg_?Jy~9ok*97*F zx`2OX8Z6hnvPr+>dCqb}z8q+zlV2H^x3d^FXFY1zzrFaYBBhS`zquAYkQ zLAK&ReShW?;Rgh6%WEH>ze)doDFc;?U<9{y#KdNL-S&RFtSALu7u%25MvtIBs*_d2 zWnJ5RM>*paWX-MBRIRZB`yIG#CVWj-c_+-mv4?idTINyL44~EDHXK<;LdFMV`cFO4 zPCIT9Lu;EK!Z1OBflba*$PEO2Rxm>XTb3`EW;S2(!qbH3^(L}0OF?h0GfyGxh_zFEiG)|1%^OhZt@FowE6EmD=Dy z{sc#yU%&p(ehI`erVOM1cqEBS)x{!p9nOexEPU0xIC&A?Yw@Jb$!!(5L($;h8?M0V~sA)ziJsw?74XS6?h{2NCRWrHTpHuiX5Y;ri07{i5}F02odaQK6Rx z4b%}0l>U<2&gO1QNO#q@@`va!7p=*K!ftASGi3pD?bRJuivms5*5K)(b`#heMQ=ls zb7iZ!jPAdR@iXz*%JwKQr2Jm``vzZYZ-Qr4ofF4jh?#PZKd3e%Cue|G4U{j(my_<0 z*_mp83z7tA8ycJ9r;Mg-@#HS#Dy+1k9R^`*v)Efc5O(k#BHv=0h~b4tq)~m9!n?Xk zH#Obcrod~7lbnK5-}c<#=h_r= zZQ1^49(=V9yo?u>=s$l>AYDqrdqB7JMsfEESa!#@q}3+c9sZ(Ch;|x}bS7ReUtX_V zBNe4>xusu3kZX$v3&cDwWeqr0dqE9)hO^UZcMM0MXAW5#%XZO=QC5lGkLg~1hJgdW zg@EqXkV1Va5a)cts2E;sdSFa8R>5&|Z%gqTX`kLzc@gT7Yo^RGC07cwX$<9^{%~=t zrffDBzum|48^cy~UyaTMPIl7@1haJ$o`rjkmg$EFzH?Op^<&+uKN4Daln7hkmI(of zhq1)6f?G+l*bNZBPW!?J?s>0zUy(2E7M}WJ@hNb3g9pJeLMkFxLl27)^Ga^i&0pJ~ zIOPxX#6pDi-dxV^2I%-7@y|ZY?ubDNgSP1)c2x3GxO*smW5{WoDrjrqszNwvO6bLe zDucEhm+wvjhQk!@RZOScy0Wst^Y<#0r+q>84sI6*9-{~bVO(~0jE8qTk^;)vbY{eU{l6R6CFMY3Dj_k1+tL{mkPDu<~ z*=o|o{E0syVURG^dIhmgB7QVMNO-VHiQ~I|&L>}H@>)Q)BZ{Q97HZjebDr`??Hp|0 z`Le0Snwi817jqa$+XeOY^=4YB$G87pLcqe-`8bjCypFXqf8UP(3x04`)D-}q+Jb_0 zEq+=J%E)g+S33AfK0hVFktyB3`50G}OG*HJM(r2(-cXq}Dh}} zfvBdz9yPl2hEN|OtXK~JfMems}8 z%S7#y*FGnYqhdSWE)JoD1YRBUlCAX?Iu(krxR429_(DLmfe_~z%g@D&|ndYXJ zHc<2Q0$_V+WQ3r~v_p*z+VB*jC4=b~Y^jBR38Ss7KtbD##(?3kNK z=qls>;Xg>&8T`+`z?-xkK*AN=YU`Fl?}+X35Gw5eHx&N$*Kq(qPB=w8cIV!>ynO~> z9~rY*LEK1ruMFx#J@!jaSfY8nSCVIH!8m=_Foy3FAUTZnVRt3DUkYE{aVIjdP-~XA z3IFU(A6Lg!0e(gtI)e4xR}pW{&QxcBsUCuUj#L7gRJ@?ER0zNbP1}$}w@5w0!8F-x zCt6_FFW36WhORNguRyoHgi#-a3;mVNuMKY3i=ZuV?W)GQe5$? z-vQ|(cupV^eibOIf_vHVI*MB4LP<2EN=)Os#PhWXIVhpSMernyaB8yDi*^k*Fc@-I zqhiB;BxLy3s3fC6LL%^)u^2AF{b=+;*qZWzn*1rz*&^uUS!TyD|8 zAaaC35a0?b0C@_gX2JSTz`dV8=H-15#|x@)SfH(}l#L?!3V$&Tn?3RImoqmv|9Euym6qS&Kcw5&I7F3fA%R}BJq{gWQT29&9b#zAP$D#n}W(P zFQlJYsUZG;`=o-4qqbJKIL@CZ9rB@YQytT-Re7(B>6kXhQicuNJlfj~>67?H-+=NC z<dGmwIN@rU>SWP4mj`=p73+n}Q*UEF9XB#;G z(RfmEMb3Qu{9=lxP0sVDF;4^j(pzQmWMAM7_6mEnxhysl`W!550%i`7q2P%mpd4nZ z_rKT+!CLsvXEnIRw7y6#{uAKaOeqz!`=@?L4=q-I%!B76{MSoHihAi~P?@dyl3>q& zSUd*>zhd|h`HMS0R!e~m|67g8`boL`O=1Fdx?sNan&;&x8v`Qdl{tt${u8aok^H&9 zggLEKYlEIE9vJ|gpSA-bHg{~@wrOiLM`CPbq!Xat%Gzr(XDjr!4LUuIh zeBjqJ@P_NB`SjH66Gs3|CKb;lsjaN4gT)q$iv63Aq7>vJTgu=7;Em6Yk@!3v=qh83 zgHQDt|Mf4|&#svj?)lbR1i$?{Rs=Bf75P0h36?*OJ(-q`&EPe$DD8VFW2T#a>17u3 zm;!HklatlJfSN60?}Rl72#kqwMRx$BDIFQwNX2imVQp=FSG4c1%1yENYeKLnJFL-P zaJQZ4l#W6yN~~Zs<^K?|-?_<17Jz33pVTS9i3aSftvj(qlyRPR0K#7B;o;$yX&2Eu zYB^Epk#bzoIX*O8^w+9x!>%{*AD_{!@%K9LvNgM_@E^bq^*mznqLtsFiJ0(E)GcEQ zJnj{IxIOC0d>nUL2`-5Xl3fMHdK{GlPli8~2=T{FDjlysQf@loe=<;8#623`yT)|f zp_hX*Ck6}HW{vOw{0SA}`VuI={AL<&p9|5*^kxlQDzT<$TXs*^BV28OZh+}8b7qp( zN8RAh&2y?NZ_mh*ll52%)F!>VK=QZMq!ue6CP4{y(_%YQX3Bu`BUH|~F;2Nd#R)mB zt+A3CT+Px|ow>t9@s~T7Ih1oIkoozcx6-0KFJU~_s*IM2TBn;HZOT%;H%Y!M#`!NV zw~9eXqx|Gj*Y(!U7t4%K@0Rmjaok$Y>O&Wx$#7Zg@FJ8LR#!eRd z>Qya!qu~E)0SpbHCUk)nl{YNu06!sMr4)H(oB^p{;hiK9H&rr5(6dLYx#b7x)h*SCxalPu$vZ47O$d7i!5xA$m>@s4-W35&vBks zIV@zdp1m?K5Nh#>Z6>zX!qDflAbYxxE~~7p3U(gr<1;|2o@nPn-|`UCY!!U?&>_0KJ}g)-snCXZr=jR&3H|8KoKML{S! z8yRUp6{3=hHQH|$SsYUBEkA+%7$;W-TJ*c5U)$PtSmXud1tdTdVi620eRpN14S^40 z$5AnV;Y#P(DAjT*v}g4AG#t!r*goy#ZWWYhtYbfsnFJy-FnH~mTgv@o7dnV>pydi! zORVTh1YqMxK&)c}SoMd3UJMug|HErPLy-8(Ps1ka*5Zp+nBiOD_WD~`07SY1AX0uY zr@Tf}_66qhIHNyd2X}C0x73<_P~HQ; zwG9A`5f?*>O$HDW_}EXMY)MdJI-fLfpy9r$&66f(dGtWQgM*@u17I(%JAt*(hCf#t z%^w2X=<=nZ;XQ#}ICouM*?#-8%0w(n9NT%xR&P4q=hN2#6eJH+1khwdgA1Px>}AnM%G>>t*X?U-ge|$PG`YCYH^=nWCf%>-U!Gg0eVeQ=vm{uBI3SvUPGyqDQN1T+ZZ25XXm2tgkV z(zSm+QE{RqitZ_2&~h3U(4pA0V^j0ZD07gY@y?_Di3#3`7}mvCMhFnxpl0S<-Pftr z)zrQMtbg)6zb?o>8`!*}Jtt%a_9jrJJ-G>#1^F}CBYg^oHxi}?XpUNe26+Yao%R9%?DLv2(0IXxhP$c6SoFV&wMU{yk1jE!Wv;BJw%mS=@Bo-9 zjs((9b(aT}M&BesAjEZ`*=!FciV82XEVdCB#0YCtP2;Q%P46&nuywm)Nm((4X-ZEW zT@r(YR8f5C*l}5a3tbeL)qMIi2nD&?hf9-FgAEK;eNtQOmB_{m1g{SM7}VTXR`KV?!Xzpc*hK^kv?hUMW6Yj<7qAMQ)R` zk0f}dy?WNU!RmjVK^Y)~Gx$-x@at=E&{}#jIsLbOTB7J}fOKOP?xsUMat>3_ z14z$U&hVIk7wK`oi7<@h(mAqDIRV{DC=Q7JxC)^}5IC8~e)o=qCX}RzjkyOP2cJ-m zpg<6iz7oS(05rTeIZ=~3jNvU-K1|44zFF>gQ*_~-Y^V&7uEU_oB3)*rE|;bV_?k8I zUF6@;T86BH!LmOvJ8r!9hCpXX+;hSfB6XyvTiJ6P+BnZl3Dsk|iU)skR=mAB*}J^` zS6y6>btw4`8c5a~LAdqTAZiJuQUk=5n40}Wl(Pe-ZfC~FkN>!@@&I;mfwYD`!Jj!+ z+vx9TaT7L<6As7R27 zE;C+tP{H!I1*PZGH^8NJk8k+(ynE;RG5Am|9^aw}ZJ;C=2RyPMoJL$C&ZmfcVG2A# zhsh$v;)DbOA-Qjt;B!GYoIS^@<}f9SoK~QFy2l%L8Yj$DaGh1e0Th$P`!`ZbYb4;C zSAOw-7s+?Rcg!UFrn1Fy?^LrWuryG1!p6rt<}{bPX{SsNd)FV62vLw%z%qkyGH32% zwXlt~{@Zk22tggTrQ=?!x=yX=!fQ2Raj|%u)`o2sJEtqjXp5-fgfF^#6G~UUNV!!H zv)O@gCFtEs5g4+)4cu&}$VxhB2(FQc4qrurwTMLS$}#|Q+=O1}%U9bgh5x^s(E)y? zudm<8YO7{ofC#SvL@OYX6)5?u^d+j1zRc&w-L-?Dv9Xz_vVJJ6J4NVMS-r~GK3W8q+!x^2g82j9_z(#pkwzo z;P0PZ-23PPT>@zMnw?#Tz5%~SYPhf~N|4kEpJfldefA$SowMO>7LB3;1*M5;Vq7oQ z0Lj3V!b=Nk@lA)DVwjib9To(^=52=k+W~Y}P#P6V54t6xf!xP`Wd02l3(tU;c1z*o zLBIT5`D9d*z_LO1vqNxCNMRATAF_;r5eF05+B76o`0{ZaWOwc65m+c$5g2Vw*C-?k z#K|ZdTiY6O_~{)tzdDK=yUatoK`d@ z$~cV|n$RVp$zTOre8*j#UjZeG*w$srs2Cb>T2~w~p+>oQubD{=UEt zIsE>~_^Nx_HtzGB$q0T1FP&zQud0rDWqmwywysT-jSb_jTwGCZB?gc!CYS@mn~BVI z47{CZByg{G8Ix=iL6#V6M4-75;477xCqOVaptWcQau`Lm3~itN15BKAfk5T-gCi3C zAFi^n^88%*FJN$@00G^2AP@@GERGtVxdzb`KN19CgJMCS?)2-vn*xllCl#gfTewl4%9@GjKZ(JOX!RTvF2g{Q5vD%(>Z17oZZn%IN4Avi=cAO zJyP?3m6hfsSOnuhP0WCwk{7k*9Y-nz)*Uhiy1q)DX6gPV@mNd$qcZ|p#TxS<|16I= zV0c0U(1SmA4d-5R(bbV!+QG*BwG=eS5*^qQbnC+mg9MpiIWRjaR-AEk z-{ueqHS6N&Sv=Ve4Ar1iY?B5u7cG4^zR>;(E=(2>oJqAZD~OH11Qm#XGB(#Wpd`ZKeO@?$ z(SL`{x{cq^(6HS$Bn`Bx`Q(4|Rqcj5)5H}~WMpLY>n{_<6Womv4XRjgua$dv`lxY! z-M|=|Yv zh=Orc3F=2w$<|O=LL^hiDv!m8u_oZKXYF9RP$n6 z890~i0^;+- zF)cpE@4>IhpEaPfWsMjN@*uu{JEb!uxLQUn{UO}HYCQGE_;RRgnRbr&rx$~}z2f~= z&py?+hll%BrRf00JufG&nUoNZ<*;?>OTLu@C)y+FrCMs^)sNo9!EBd>1pjT!v+)(}{nY5dDA~b7z`0L6To`E}*;c#9lQ%Z3q&+PVD?V ze@H8?ncUzYAg-)R`zf08gTt^Fo65S}f(>Ed@8%)0cW@$`#;v%`04M+CCgNt-Nh#{f zDc5i;i|PryUmfhLQ!ba?b~oK?u2+fP`HhixM60y_62Bdlto*0+?r}oR0 z>O6nPA)Bi5&ueS;nE(bvqdE1_(Lu1>Mm<1`pkoK6vc+kTe8-lYaKk8I*ufkA2lgb=pb8- z-4AdMO_pOGVXzaW*%)Qm57Zcp$Rh?d|6v}HDI5Fe(a1{kMs0h_rpAtsWOTBB9`sBv zhs&0%?AF0rFw8V7S85d5-PKfE+GI|a1*T;&%4UYYX$ZJHd}5fWVe;sg4(*9q@o4C7 zu!Q|CPzusT%Cq1kyxuCZ8DgnKM1;nYksgrd@}ity)tYxzljx)!$`0N*lc|`j)QtQg zxyD-3`rg?A=`Ht&$yUwwKmsHhs);%Cz05el|105fcGG9RXsdy@OaPGTC)Yq`&_~{WadS1k>`>jX$9=>c;Lq;#Fu_Bv$(?^%V*^ky0&{ z@H*{j%3&WZ7@|DJ4Goa3lPG_!Vb58;aD#cpdC=4xUoN(ZA$#JdhM_?>@{PU(V{y>r z`&4J?_ddJqVm_35ts=V_N7b^|;j$N|hyFIhL`CnR@;BtE;wCoL+Ua+@gvvYhrrVOInD8gh>@+V$JPW3f8=F?Y9lu=vB zuU~Ar9*a^Thl-`RYzWwMCEVNd1DWlA${IIu36EwPf9pp>Q)Jt&vE8YI^U6YhOTfYb zOU^}S)P=f3j8KxsAnAds?S3xX3{lf>j&yp^7*8ZID?BdaY4+^-!|sV4f}p6>BOo&k zop@bE2+X2{In_LI`c*xn`i1TtD$ZPc4gr;E;GB^XI@IcQ;c`m){dEjJj*v|7c^F_Exa_eN;w)nyiaSyiLM-QDl1BXf3m1T@!8g-gl@SIX06;+$622%ZAb zEq{MeP+i2mIOXz0le`{e^P^UGth>i=cVX&0ucQ*l%m0eNWNXARL$PU<3bOhK?0|xI zd8KE+=vT41cMGNd0mBh$2jq8UL~Cw=D#(0IH7UMMEQX z)#bpgwW#`nX6Xtl(KzQThO@2STaEBvpPs&Uu+KJ8c5Rb)nCQhSC*pj)cxFCg6SdV( zbTyI#e18mvY|`$m2dHph=x|~j%7ym(C39JAJ4w^3c5K%UQYU>dj>^s_y!vw=ymf5^ zdjeLdev>kR7Tr!dktffxatNaJ%p9DqJlIMRjGt(l@P1PB#{EoY@dEW$I5x-*(K%4( zLl=`E7qy$TQti``RVw$NY!_hj@D!ly*9F{w%tcOx(y+P)Xaz2*u-C8fbIjj6!W7of z6?)h&vX|`>$CfQzQjavvAV430p=;QrmF!VthhS#IUxdv9S&2L8#d=(hF2R zw*7H+XTzX@sTU!Nrk?AeiBS-eE@Z3j$P$ZW;kAA>13%?;X)gXg#Zo>M3e0gMovnz}jyyRO}g zr0ec^qwf2&%j!L}wt;k-^M)GK`VZwhK15g1F8QwBy4at?TYDyKGHVLhT) zRvEF7(aV1XCtYq-l)yNP8YQavf)uI#S0-2Y=>6{;At^a&dHrWHqFvNhrs7>#3?;p1 ziyqLxvDNTTobR!#a{Hz3bAHK(?yr>!!?InaEI+KPAy&UZ>cRaTqwIO+YLrO8d+0o*=gPO#-Y`kr(|h7 z49x4$t3SHk1e%Yd2|f~D8DVw@(xvEE7>^*}-}Q&b`ZTx4Y?%nG%3ke1c{6*=0c-f{ z=Qvw(wz3Hue=`^hlD#}a{{!{^5Y)PzIfeBHp4v+w8%4*c$ZH_aH^^1EwhU_hk`(mGadEL#12QZ~r=e5Jb zJJ19k=C04wYPJN*?k{Oc4}Qk=+ySGy&sdvhHQgK8YZ1+O>y0`7#w}&+iRi_G{dm-P zE%d;mp7%exm+`-&1S$W`Ot5OkHE7KJIGz|(nTTKnpW1LDs>#Lh15!2>b*C;BCCKwa z==ILF-UrMPT;<9&CdMb@CX6zVXG?3nk59&LrFj*ok$MziK_?|+gb0QlXa8%+mC#cv zqai<{I~W*<+1moKa|y^QlW^@cY!Y12(EIWc@(<6>kQ5n}2s~FGoGuX+`))PE=Y_(o zHNzdPddixGUU+g5UyhqJF2R=*(Y&ZO`Zej556Dh~@wwcpO_|Ta-9dN;@kmQ4NAdd$ z5Qkj;fSE2;CfTRn|1{lMlO4H{`3%OkW*bH((!t-E)0{JlyWBi?wsIEfM|dfYjIBIl zPUiaLaP*vpYDA${{4*j%p~+BpKG4Wi*~De)_V0$AeIth=qem>n=j@00lHUW0Y=7Ol zox(&Knb^jwR5SuPnOT5j39XAgA=&)x35+^9H{BrldcmfSy+%HH?6FnjO;i_X;J~b` z+;4KLz?AncrG9I>%k#u|8>E*r2(glJvo$Mz2Q$dG6IfLP++lg3emxg!E7&0zs`@$-9N>xhFeVw-)2mf2j&oifbgqE}GPbl~B=)ts4eWRQ zJE36CLCaJ@PmKowdf%kprxhM2xLJ+H(G1E{p4x{Le{lk&*VH4Ckt3#`etz7@4G|LV zh&GyK^e3tV=eO)wOcoHQG{L}_%bPAS

  • 0+?qgmu`03Qc_Xigf&PnG-&CV=7AyVBwY04DN*wkC$pu$ISHU@x~~5w4#@Ig#$6ET`0vKvku^uhL|_ zkBYNGiB|+iJH!I1GndoIj+qf9@KtkgAQ3)SK#K2pkK^)2Zrj!OaN>7TX4w@R$Ch=X znC#-_0gqwIZr{(c$wb)Z#a>x=1NgNAPhdXO9mM1>y|zkWE9>7G1@D0fPiax0lcV($al!cx_DJKQ4+s!Qw7g766pnGeV{4& zZC7(hrWA4+e0ox5>s8BnWA;B@5`Sg76g=gf^yx>-SyPboMV3?~uPz5GC(*zJKD z##&9c?@KMOjry}t{|Lz8|9wS+@=-ti+U}(%uA6a6Y(k_c6go1r;b+XglgRglG^^=l zti9srT{Pp>`-vA>yD)`OMZQG5WdZV5l8xVNrzTVD*wf<2J5NroE{xVDbUCZ^-vSZH7_MHV+1T?4+YQ(AM9NK%jrW(7i*g~cePucc9 z(l#A>&3&1bQ_0c{4kR+M01jDyCE{WFK=$c1nF`(c7jee!5bEdZeep9k!gu&?CzD*h z(@J0GyxQPjzXtSUIRmeBqVaKwFoS_o9Xsh*VveTOv)J}ELO?K`dJI7gkwQw{+l)wY zd{X7~{Hie|ugquaQ6HzYSFbUp0UA|}+(IDx97U+G(6Qf=0_ZxfWbCg0-~v}9!5`Pe zHg4QEIU+xTnT#Fg<#fJaX#7D9aj8)i+Oo)ThG84&0(mp+-DmCk>-Xy6?>_g1I-tFU z&(!m~>6)E}4^?nW{tH$4+-vKO)|g->u-#XOfvOY)m55D)Qh4E})m7{KV476yM%UZ^ zkwyo|Bfeq3eEd0X!k0_A{RPn~327X0?;X%@+|q^NLiiD$M}EJ4lP56RV#q!z=N&$J zJo$hb=PMF@?n#7~|EmQ!{|VcY zaFN$cLiX*=4%ZP_qK1b4sh84umD#!z)2!F%R=FC(-~1`@w#oKx!*fehDyn@&Gjq?jWgNCj=wP|Lw})tlB+n4J#X z!W0O>JmIV6bq%sks_5}(S#go4)=JVKH~$?i15EpdaH=P23n|FR(jm$cL!b~ABrW)j&5xGY-FP%m zZmT*H!Z^pZ^qv#dKk;5lc~1n=h`GdK&-~VW`VuOJzkWRAChRWrM+kKhAslp$s~BH+ zo#hcp&s-fbCxe$CE1E$uF+Q8xrRk#w1mjQ^@XHD8duEcRN3jZ2Q@J{~6vysBv9LgV zxH~&UTx;Tf5?h+OjzQI-6uB8PG|L?m4*d&V2es1L>VCFh!yo(-ijy56z9JpRBrHDL z^`hYzj34U%0>%%Nl}>?;qF@8bjE7Pyw%B37X*fn#3*-Vgzu!Mt*&B98VW8+?Re zkgf5}Ln8gZn^!*mPpm>k#OQr-NFk5;;eBda$hLTel)=`-jUFF2*tf$Jz;Qp3I-dVB z_|~P|*S17xAc4YHN20vT>WuvH@-oDlUak?oSAi*6%%(E`eVLDWfGx)xX%{=51r0QO zCPMtEGx9b;ooRz(lm596E-G`da6dL)+ftwb7JCxFm)MnN!B^UA)h56WX!z0SFY5NT zeup%+iS#eYM=vBaLi-h-NcIQTDGJ0hTGHd7vCu88oTzbEu2j8u-Tx84 zJ!a8_v&VeNNx`2qi+j0q^UUPf=}z17H@21G&87a~Zu{FSvms)~5S0SGXmR@s1!*Pjp0eYRRf$jV+4rrYZp_AL#=M?)0PX<(92%eT#K{T^A!o*VI9!qqHQrZ5kxJ^vn-daC zk2K3Qh`a1}iTcw=o6x%-$KrQS*rxdQ+Wu%)Zov{?VQJY|Ckz;Vcx+f>(j$F;kA86Q z{vG0>v%302r&EiY%U|22$oFXBK%w!omecf^_oee7u^qj>$)}%o=iciut7~ZayUUZqS{<_Hd9W*eZb+erL_weRlL~L!Y!omQa zWL$NMvjhg-F|DmxQZ0YlnR~zd{x8!o*%aEx!z#ElM7ZxTgA#Vk!0l<@e-AMKwYecX zDH2(Bkoj?WC*|K?QUvj5iRueNF|@GO#&_;exGg#_1xH`Dy121=w>C-qypIok*&?n# zup0Ynie=sUc3b>@2#r5px=;&nw2ds;ZR^0x4VSa(p&LXwH3wSa^YW5rbNV%NM)pGT z80(<)eITY`L5Zy-GD%u&bCdxMA8q8r>xQtpKozNMN9*&q?aC%-E)KUfwf_L0;t}3d z%y()j)5^z^z3mMv4Ph`NTU*GLm)0`1 zM(K|xs$ODW>*a%!$x{#r_i8`n7R9K!M^EL;@C*9Ug@1~RieE0m91BDCQAa2>UVav* zuF?^@ah~IrjpKbMW-2sjiMyRbMC+LCjEpo97vv!OZz|N))#-04bxYuj|A2L~N+_s@ zwpKR!^ochLm8^IaHrrS&N~OhTlIseRrQoAAu;=jp`;}NVC#lr0rFlehUYiH(i_4C6 zBLjTaY5EBe_~q!VCmUbn+%=p<|6Wg$?dg~~Y$I;xW8q-tsB>kXct8eUDT(A7Ax-B;zf!lSaElEch@5C@_EnqoL~OR z*<|--Z|*)b_nDbzq^bLEl5CddmDD_qL>*0FR;A`8gCA}z&8L4m&90MZ_ZaE^-VfkL ztNivv!w9@WUM4_l!L9b$qA)e;U%TwLf3$JWlHGmMc(U#^4G$KPBD)KoWLG9QpBV08 zY-D7N4hGnDsKdE~=jtovSsD%YRB{a4etw<2C?9Ar9U>?X*PI|u3QG5MD_0Cs)js8e zO>TPkvV#cP3WZK#G|0CkZ1J?DM7&ftc~~Y{08NrNEW z(9~xjD2=X=($J^sG6|i;_%V`sGdc;H@(K(&UOJzEVpl+_;LHbVj=M}yGBcV0e^M25 ziuGq6W+s5Y7;BoT&nc?wTJ&Cst7iC-=k{W&G#r##He-1x))hm>0!i035sA}&ui zwb9}=k3WyRcDOeXEcSZRTiii|(L^LrQn7uV-yt}EU7JihM-LPbF-G%muUTzcqOy12NUF>c3=J-HbmOC}+n;mw7= z$`gog;g5&xCNObdNz9d(5iLKOAlq0rn>TBk!YhqkKcSy;z&;N2tbXpX{$+bg+9r|_ z9z`}0oupkwH2W^(t{`oyTcuxaXq~a)}H68NE?y-5Y_*BbH zGIi=%V5QwZ6H&5P0QPa#Q31SAJdCH+2Z5=peT*O5C^=rrj{7tS|=VNEq zAot#E;9NA<687;MnmQsi_+(J!3^MXY2KksZzY|CW*e^jx-d*K^!B1R6z*3mjGAdt; zFmnzGmr3_?B0JOmx6G!{WfWaUhecA?CHgCfx4GK~^8nvII!G2cf%AqOe!pwXJ-B_W z5VA(q@3|-OBllL@>}S&t@AK6vuB@M38gf&M(zF32U^^NfGgV{=`8rDu`TUd1xlzeW_N%06X%RHAagATK7Mk;TnFzBt8)HkHKif9_1C2#E zC=>Cw@Kt0)6g%`Sxr~NCI^l8hK-;pn$AKHkIo##Ez23R*V*$9VdEMyz3|De((C21M z=T)U0YQufO-0{*7LXa?ho=3o*I(i!!-nqO|o1Kc*F=}0Jnr(q@3cE$M>0}$qZW=sT z2=80^m<_IUFHM@btn-~lM#{o16ACX2bJ?$GNvDs_h5f73Msx;{-reVEnscPNR`%&2 zQ~YNh^53pGT}pcg-{~bG0zOMhp|95!4BgZNQ`%oog%hIP^~fMaX)}p1e&F!R-u9ed z=^4_L|M__@R%Z+2*ZJEb)3Z5p*A36aY?37(R7&r=ih?U3^_Ld(MLk8ZVx<1AVgciklHz=2AD5fk zZe>WC#LO4J;e5Am_)Q2kv7gmOE!)Tto1YBxdU`0*+{V_q!ro+wY-Z_81#H}pp(+Vw zQj)M*f(uF~dZ&_(%(*`wNqUcOwDcAlLaX;mJ*%{f1xr`oC-_`od#xivM!ss1A>3yK z5_9o$kK|vka5s1lJDqp5F`iUHC}G^9`FkweCxx1mCDL(l9)>KE%|FmWP&G_dAB-uW z{({oH>o+ykLFyKGoj{uWdo?HNF(W7!Krp)hk9r_{Mi+2q*{!IJH3Hv8%) zxx1Y^JV@EdeT{r9bdbMu{TN5>CtAiB?9A14Pe=Y~Zect6Ye?4A7UD}L{Ew!e$xve^ zJZjuTfO7(J)IdFIl^v2v9t4`lZUS)F>7;ABn^&z?;XlH5+#_J8WG%&v*>HeI|?R+P`Q*BcC05fi9Zw_0;}UT3sA%_huw^NzDxh{93ZV=b7QP zK|P}6MHculOSv^-}V@Sfi zULY?o@392P{^!<)CHIY=Bf?+cv-|lAf+?KC#Xm1hhvCe=4x^9itxQ{61^rTE%o?(} z)PCqeQXn7j51GdDqa~7wa`Wa*91D)4WXb0F~a74NHYxBM$n{lgJ6)*ilQk za*r!}vLwCpjelSSy@#qm@%3@uPE{auWZM*LnmtWt-WwnZe2O-Zq;KzAd{9%Nb~&d- zh6LBPCyAsl1C&Yp$1{x|<@7I_C{T?y-X0kKtU2H@eRjQS|6obD>p5G0Qd!LqT7$=L zN8NM=^*TDkjh0;QGHOgMZ^AESzo8<@lz5adai3ai%t|PAsc5FEUxe*o^E;ed{#sf# z9&QnXNYCAyxMG20TK(UCx4oU?Kmx3-%=4w4J=uD3Gv{znMZ(K^kW>2Q0J!+2!n8;&d@ z5^MaZC{@eJl;!q3bx7+b!P#}O&^ouT437K_wvDLMqH*a|PrQ;(eVC4%y|1O5ZK$Uh zFyn?u`*%-6s5@?48Z(ol{IinfjxM2Rbk9wwR(>9L=r>evVFS{`Mh?Y z8|Ti1M8$d2NF3??R6ZCBqb?Bo65=0TV0ZEy&X$x+U(x+Vo#|Z-b=J($7hzUab@PGL zsWa#uc)`63PO9be`#QHSIsR~`$^x2xjOFEXnEFe7E_aw{%Pd@)F3CNr|HF6Rn-yz* zzr&xT1_K^$Ot;JFA_imbd%vY^CZd`xvLLM#z-9qw;d47pb%h;0nimL64S&Qh2@~7A zwya*bQXZR8a7J&8`rC&GJZHJ#lZQ%R~M4Y-)MCb_2r#c_E~~ zNK5j1qP0pt(+@S}>H>MZ?t^98iKX7i*)Le1-uPKg#&&0bQ1-GH_JX7xgO~M#H+r?( zR)!bx?%0tRzukKJcEC#Ru;S4`2bly-6~rfC(s}DL-KJ+NVuU`Is!dY55$B_;@a*N3 z`F7luWM`K1NiWxL>YOIq@8H#}a=$5$OIpS6611F%=@pW^bp=00Y4d?()k>lglL~x7Z;o{tpG$u5~@mYg^ zR(SYA;|MJ_?w^2P&9(R6CQHnMQUn~o8eJPFiGrIcXOFd3Gy*ZMhQDHKpQUY11Hlm0 z@~%h7A$-tOQ~L4Y9{1Lv!<{rZa1yV7xZ{i@XY1!cWSn|?pVZv6UpMG3vdK09Y?BGy zPNv@o$6JobwCT7gZM6`v;PX3bM7RSDVf$dQG)Pt)Gf3llzhUI|jkhPmX05don~o{?ryz}X}nI%BntKyS!Y07dHzO#^@%+FOTP$<`NScq@1Bl7zT7?qua%Ye5x9t;Q|uP?ZV z?-IGa`Z{*>ArWzRhZ04+-n+eED>n76Jr8V~4^}}K2HcvD;l`Jk&g3emw}%^k%qEm4 z%1l8eqLFBQ(>r<`<1T$(21uPa-}Y#zVk9xpfB{udN(nou+Q97l#w2w@6PfoTAZ%bu zXP7sCXSRy@^V2AND*%7b@A2Zwg!`md6>wGn@}@z_qBC#Drel;S`Xs*&7|NR)Wz69D z>(1L}_uO$@ac+c$p&0}GhUZ4C0zMP(1-m~hVeFeftxB5$KvN?~H3|vmB=B$eIfpek z^jN2!<(I#c4iWr(A2YM*@sl|~10Ds(Iwk_N0=FvQIUb1BD&9Lb{{eWMTH+b0Gyn*_ z^Ej8-)3WMgvor@)o{HC+E<;0+_hTGV$?B8&;aHl_5S#!?j$BrU+G)tXmZz zo&~7zNswY)()fSFJ}gmg7BTS^A4u0a=Uifd-L$x4w)IL|C=?%-NQJKIt~sMTg9XABsu8-4aD0n|m55Kxho|BA&M!BTw?5}R9@HoZZm$KA5njwU|MFTB);)NTHLcSrA{C(+!>2NOS-RcHiJ3H&0oG zOSi&b6HB6eFM9o0PxyOw1CyY6BMjH7ASSa)p&9JaOG^2YY%x!vCgbuz*2)aJepU`Y3`8spHNGU7 zwO??82a=X=gq8SL(o*VI9%*(pzNZv0NB&11O<+I07;7i`ue}%((PPc5(P?^p?|$$f zi$hux*Ppi0^eUd%Lh&Q`15NkmFP}6%D$kqcX)Z0Mysrc}H55f;nJnA}6euky3*A1# zgH`Y$kOAx30Kr9k#zQOgCnF2;6fSy_fTsousXw)y!97{R2_T*6r{l0;(a|G9IAka^ zfrw)(Un3)O+4MNoxOv;Tq0F-AS)KpcCz+8|nTCh|I+gehr8l#hX`E9Pp4GZ-bWCpT z3E0d#O&s}^HYlvNYRP>iubu(~_s2Xx#v9VNlCzDUBNH($ruNeG0 zrD_vIXt7pb+T!vqonfe|zj?piec$l72knXi<2E)Kr2vv7$82>Ms5yNBrl zTQCz?WY;~-0O?h3j3e+tE0zq`?>qUFBx829YaERk!3Hu-duO4zwVDE{>~`Kbm%YDM zFBOh@iW9q*9MR>Ocs4C3nvW2Z;^OA|7``aOkmH4;kFX4i??6-%f9 zDxze-_)>m9QPn!nP86$rt^ zLf1j~D_JDCLwtMd|183jci_m-uYR$h$hn{@n#TC?R=|ZzE;W?2pT*XMLGLiNGpM2#qMLrf;uO~`reA^;; zbuka<0^q(^mXm(P(<$zhQa6MOtJ6H>HzYV`tP<$82CPj1I9NJ!B{Mej!2)LyqfY7P znTn|GBKYo}LO{Rm&fiKMMbg}=XgRVx1`o|TVW5Q&Z>3<$62*)h>`lcSAsCq&VW{=7 z8wFPK;Ek-v{!IWS_*BpZAr_pZ(EH4*2?aWAgw0=1_M3mlus$gH!}@5J`kD=^oFGm) zFMc6kMg16l@ao^+Irgi_&;kW|;scwhS&hEhz!%8ZHo8^J_BmOdvlz$E`et%GoySGz z)UrzUal}PBs%xxtc@$OO^K6Y7xm2ma2YfQr=BpEOKu}IGg@1%hHnZwMQ+{XSgs3nx zoRqMd(Q)>Qlit}f9VPkJ!68Nhr~)7qdx-mkt`Wl3uP ztmF1w*hP#Z0vQ9b`Q_)gwP6+m609*>_r#rNGyYAg66D{M<#D) z55Z7k9yhNjz32Ri7+{DnE{j&!`Vi|S6?;%xXemClxZtb1P>r)!)yrE(qG(eWt9k$oi zQXZJ=eHZogv*n(2$Fq3p14)qF`T*kliyCnu3fbh&90qrTi^srJz6aozx4(glhA*lb}&>@ z3dDeeCj*_MA^Y^510O_kMh(+yoLZd8C_2>F<#R7ya1R^u=Brw8gx(Gm7wMmU&HW;` zQx>kF^L#TNH%i7vzrS_8=yj>#FVJ}G5@j}7Ny}fFR@%1Bj#tW5Q!rALH@7D>|1n`mQo1Q&mvKREuUv#l_o-^?+6Zj)>*ZN-(HdRP=)X4V zEiH~Kc#CS+Cp6TZDEnG7@yP7{eXEZ9pP{k)$bSzL%}cU_=RE3}nnw9$883bj@eU}x z;~h^tQW@IaFhU5wppybOq1P#!KRbEIB(E|XJSZ;qJhWABVeZQ{t8?zeirYyz&3P$_ z;1St3lgcbRz51AK)B&2tstwpOWLxJ^dP%UEF<59?_>q`DYYHbR`iOZYoG!mmkvpt& zoIe6R`Hk}UI|}x9r+Bol(iOr!c#&?-8Bg-slod6HsAC112 zF&7By&uCnH9WzH5z^KroeygKOU5FMpk2pd!3%FzPId;8%ZRA(1u|lr&z5=$TwxNo7 zuul6Xvn}+czFIrq@xEw*P*QVml`=c6l^{)i-KrNFd#^R9F#v0p;fV ztD6LmiOum)DG-v-PTWy!tr9J4)Z0y*%2CPXgf8Ydm}sO8!iJ08{f!TUKB<=Qwdb8k zG?MfC)w~&~T3KkOTLloE4K;ATq53T$6>SNaEy@8ko!H zCYsxm-tA@URQJBnez)37riZ1?5MU^2`EA~2l8)-j$Ipjb@pf@?FIJYyimd5)IogT} z%k(}YALz@bjRuHLGfeS}obmrF8tF(3gPx+??B4RA;&+2#fi|o#@!3@1zlh zE{wmeb{lJWwvJTW=xw<*2yrPpdGGv+S!M**yc$HJg%a{AOh&G|+WuEuBkgH18hxvU zLuz4DvPcpnA}+Fa(zI32^?95_agL{WX5vmgH9T1JsH61akg`-rVmCbaHC(Z@Nr~|y z=XGd&w{}hGteK{6Q+`gZ*@gLE5zIbYR&$XdgYsC7saGoS7`^2EwiOeMdJ%jBe6VO7 zqF|OedvR_~%;o!$4QK34^m#A{n{GVaL>_*fQ?w=Zj4`q>pZ{gL0CHC(fkNu>8%$S| z^zRwg#r7%Dxpo1NPZvv=wQ_P@eR*}Mk!DyEV0 zb~>z=+;5XM*?btIj>da(ji-DO-a)KO;U&vyO!!W8cyvAkIXD<+OfM3-S5O)auvWaM zBHBm?g!nHNi4Q!K=5>Wvez$zWKWiWmH@0Y;iN1C^jd2oaX6r*`3$YcD|5>JG8$3{Y z{Nc*XKW!#krvq~+`E5*b!TYvZY~AXdX*w7mLCQs`!-e`Kd7ftG`HoSXYpRR&_i|G} zu`EW%A?+iQ5HkQ#sCeix&{k&r<`a)5#slAV^|NBtpN`e1Rwfa?{k0mnLLZn4Qk+pQ zftE2a2i5Wk$Q2+XwJj~?j2f|X6XfoBBjZ2c-)q1-gr7~`#a&}^uj^6z>{n^61W zf&)F9?KJTn^n}yIS`)T4Fl*%U#jkH4h(`w+>`7Oy?|i#u+gJt^(3dj(?%7zE?iaV& ze*1n3m-7c!5PBT++x5l(+`gPe3r;F?!z(LR(UksDq+MpzjP5mank;MDbXwChON#)s zgSRRS=6tzBX$DvwV;st32 zOMnsA2h$S`Ic~U9v-f54NIhRyK1!F@!@gS?WIhcYFMv@oi)1vBI~K2fowla2F@XwN zKeN5BE~ap8Au#lwM3-4nTfn~VULbcBWpDt6M9F*P$N?cvF{r}xMP5$IIqWN5-`^&U zcWMN?&x&`a$WANQ7Ki&kMkycUlV>b??!o33(_z!x6&!65 zhaM1L`5+STmx@X8YgZcE-R#vL5{_G*P|qx5`M$2muI)*}w|Zf!HFv|8OV*0%J4?(sXu zVTVC-Q=d55B1i7MnP3+9$x+85GFwGk%bTdQ-pxxh$$WqPF3wLD=4t%GrdTz;0h3RK zM;d&d|7l}gGh7_;aQV|Zbs@|z@;-0L8E>aPtQ!8OT3Y(AofY>0hhkrz^ZE)2p^q> zTX?7MRdd>1&!bQV(tC}g;B+F`=-TJp5Vnnhn3HHT>H(Xc`9!Edw8-Q=)y!|U!?Nz}XhNCv!NZj4+&VNP63h>8^FPp0Re9(M- zmwPOcuoUGSl_BcsDwCIDDPtxW&Xu3yZ2eqO*&##R`*5Mr-MmLNSflOF2a}zdx-Gxn zqIp_Q4XQZw5*lQP%&l|UmGdJLH8a7FxP;AB+KASJgY+-rrZ;qnxRq>SZ0a@TmVzXd zH&8p2*fX_${a=SyGN{vH>N(<4X3@A1v;o5n4#GJEe~ zF3Ewd0D**ec9}Kt|G4EP#p^y9171?76n4ND8lOoT#(iGj;{gr~%1NfcS)x44$?rnr zOSrfHLQfG0qsdb}&FyPxi)`hkqBQVe96BD-(*;5J zG{~~_QlmorZQ@YiJpgw9eLxICibbFbV^ARfpMzf&{PP@bf<0mXI}`XeI|!M<2h)i_ z82o<@VtoTCFAbxgUH|WLz&HjVu+lB@GJ_NP|2arX4h)lxzj*?z%Kr`i8-#ubNp=XJ Udla_q1pzN*c@4QT8H>RG2e&-vMF0Q* literal 0 HcmV?d00001 diff --git a/copy-of-sdk-docs/learn/learn.md b/copy-of-sdk-docs/learn/learn.md new file mode 100644 index 00000000..ff14d726 --- /dev/null +++ b/copy-of-sdk-docs/learn/learn.md @@ -0,0 +1,11 @@ +--- +sidebar_position: 0 +--- +# Learn + +* [Introduction](./intro/00-overview.md) - Dive into the fundamentals of Cosmos SDK with an insightful introduction, +laying the groundwork for understanding blockchain development. In this section we provide a High-Level Overview of the SDK, then dive deeper into Core concepts such as Application-Specific Blockchains, Blockchain Architecture, and finally we begin to explore the main components of the SDK. +* [Beginner](./beginner/00-app-anatomy.md) - Start your journey with beginner-friendly resources in the Cosmos SDK's "Learn" +section, providing a gentle entry point for newcomers to blockchain development. Here we focus on a little more detail, covering the Anatomy of a Cosmos SDK Application, Transaction Lifecycles, Accounts and lastly, Gas and Fees. +* [Advanced](./advanced/00-baseapp.md) - Level up your Cosmos SDK expertise with advanced topics, tailored for experienced +developers diving into intricate blockchain application development. We cover the Cosmos SDK on a lower level as we dive into the core of the SDK with BaseApp, Transactions, Context, Node Client (Daemon), Store, Encoding, gRPC, REST, and CometBFT Endpoints, CLI, Events, Telemetry, Object-Capability Model, RunTx recovery middleware, Cosmos Blockchain Simulator, Protobuf Documentation, In-Place Store Migrations, Configuration and AutoCLI. diff --git a/copy-of-sdk-docs/tutorials/_category_.json b/copy-of-sdk-docs/tutorials/_category_.json new file mode 100644 index 00000000..f27bca92 --- /dev/null +++ b/copy-of-sdk-docs/tutorials/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Advanced Tutorials", + "position": 2, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/tutorials/transactions/00-building-a-transaction.md b/copy-of-sdk-docs/tutorials/transactions/00-building-a-transaction.md new file mode 100644 index 00000000..3751a2c2 --- /dev/null +++ b/copy-of-sdk-docs/tutorials/transactions/00-building-a-transaction.md @@ -0,0 +1,190 @@ +# Building a Transaction + +These are the steps to build, sign and broadcast a transaction using v2 semantics. + +1. Correctly set up imports + +```go +import ( + "context" + "fmt" + "log" + + "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" + + apisigning "cosmossdk.io/api/cosmos/tx/signing/v1beta1" + "cosmossdk.io/client/v2/broadcast/comet" + "cosmossdk.io/client/v2/tx" + "cosmossdk.io/core/transaction" + "cosmossdk.io/math" + banktypes "cosmossdk.io/x/bank/types" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + cryptocodec "github.com/cosmos/cosmos-sdk/crypto/codec" + "github.com/cosmos/cosmos-sdk/crypto/keyring" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + + "github.com/cosmos/cosmos-sdk/codec" + addrcodec "github.com/cosmos/cosmos-sdk/codec/address" + sdk "github.com/cosmos/cosmos-sdk/types" +) + +``` + +2. Create a gRPC connection + +```go +clientConn, err := grpc.NewClient("127.0.0.1:9090", grpc.WithTransportCredentials(insecure.NewCredentials())) +if err != nil { + log.Fatal(err) +} +``` + +3. Setup codec and interface registry + +```go + // Setup interface registry and register necessary interfaces + interfaceRegistry := codectypes.NewInterfaceRegistry() + banktypes.RegisterInterfaces(interfaceRegistry) + authtypes.RegisterInterfaces(interfaceRegistry) + cryptocodec.RegisterInterfaces(interfaceRegistry) + + // Create a ProtoCodec for encoding/decoding + protoCodec := codec.NewProtoCodec(interfaceRegistry) + +``` + +4. Initialize keyring + +```go + + ckr, err := keyring.New("autoclikeyring", "test", home, nil, protoCodec) + if err != nil { + log.Fatal("error creating keyring", err) + } + kr, err := keyring.NewAutoCLIKeyring(ckr, addrcodec.NewBech32Codec("cosmos")) + if err != nil { + log.Fatal("error creating auto cli keyring", err) + } + + +``` + +5. Setup transaction parameters + +```go + + // Setup transaction parameters + txParams := tx.TxParameters{ + ChainID: "simapp-v2-chain", + SignMode: apisigning.SignMode_SIGN_MODE_DIRECT, + AccountConfig: tx.AccountConfig{ + FromAddress: "cosmos1t0fmn0lyp2v99ga55mm37mpnqrlnc4xcs2hhhy", + FromName: "alice", + }, + } + + // Configure gas settings + gasConfig, err := tx.NewGasConfig(100, 100, "0stake") + if err != nil { + log.Fatal("error creating gas config: ", err) + } + txParams.GasConfig = gasConfig + + // Create auth query client + authClient := authtypes.NewQueryClient(clientConn) + + // Retrieve account information for the sender + fromAccount, err := getAccount("cosmos1t0fmn0lyp2v99ga55mm37mpnqrlnc4xcs2hhhy", authClient, protoCodec) + if err != nil { + log.Fatal("error getting from account: ", err) + } + + // Update txParams with the correct account number and sequence + txParams.AccountConfig.AccountNumber = fromAccount.GetAccountNumber() + txParams.AccountConfig.Sequence = fromAccount.GetSequence() + + // Retrieve account information for the recipient + toAccount, err := getAccount("cosmos1e2wanzh89mlwct7cs7eumxf7mrh5m3ykpsh66m", authClient, protoCodec) + if err != nil { + log.Fatal("error getting to account: ", err) + } + + // Configure transaction settings + txConf, _ := tx.NewTxConfig(tx.ConfigOptions{ + AddressCodec: addrcodec.NewBech32Codec("cosmos"), + Cdc: protoCodec, + ValidatorAddressCodec: addrcodec.NewBech32Codec("cosmosval"), + EnabledSignModes: []apisigning.SignMode{apisigning.SignMode_SIGN_MODE_DIRECT}, + }) +``` + +6. Build the transaction + +```go +// Create a transaction factory + f, err := tx.NewFactory(kr, codec.NewProtoCodec(codectypes.NewInterfaceRegistry()), nil, txConf, addrcodec.NewBech32Codec("cosmos"), clientConn, txParams) + if err != nil { + log.Fatal("error creating factory", err) + } + + // Define the transaction message + msgs := []transaction.Msg{ + &banktypes.MsgSend{ + FromAddress: fromAccount.GetAddress().String(), + ToAddress: toAccount.GetAddress().String(), + Amount: sdk.Coins{ + sdk.NewCoin("stake", math.NewInt(1000000)), + }, + }, + } + + // Build and sign the transaction + tx, err := f.BuildsSignedTx(context.Background(), msgs...) + if err != nil { + log.Fatal("error building signed tx", err) + } + + +``` + +7. Broadcast the transaction + +```go +// Create a broadcaster for the transaction + c, err := comet.NewCometBFTBroadcaster("http://127.0.0.1:26657", comet.BroadcastSync, protoCodec) + if err != nil { + log.Fatal("error creating comet broadcaster", err) + } + + // Broadcast the transaction + res, err := c.Broadcast(context.Background(), tx.Bytes()) + if err != nil { + log.Fatal("error broadcasting tx", err) + } + +``` + +8. Helpers + +```go +// getAccount retrieves account information using the provided address +func getAccount(address string, authClient authtypes.QueryClient, codec codec.Codec) (sdk.AccountI, error) { + // Query account info + accountQuery, err := authClient.Account(context.Background(), &authtypes.QueryAccountRequest{ + Address: string(address), + }) + if err != nil { + return nil, fmt.Errorf("error getting account: %w", err) + } + + // Unpack the account information + var account sdk.AccountI + err = codec.InterfaceRegistry().UnpackAny(accountQuery.Account, &account) + if err != nil { + return nil, fmt.Errorf("error unpacking account: %w", err) + } + + return account, nil +} +``` \ No newline at end of file diff --git a/copy-of-sdk-docs/tutorials/transactions/_category_.json b/copy-of-sdk-docs/tutorials/transactions/_category_.json new file mode 100644 index 00000000..5b0cdfc1 --- /dev/null +++ b/copy-of-sdk-docs/tutorials/transactions/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Transaction Tutorials", + "position": 2, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/tutorials/tutorials.md b/copy-of-sdk-docs/tutorials/tutorials.md new file mode 100644 index 00000000..e6828c9f --- /dev/null +++ b/copy-of-sdk-docs/tutorials/tutorials.md @@ -0,0 +1,12 @@ +--- +sidebar_position: 0 +--- +# Tutorials + +## Advanced Tutorials + +This section provides a concise overview of tutorials focused on implementing vote extensions in the Cosmos SDK. Vote extensions are a powerful feature for enhancing the security and fairness of blockchain applications, particularly in scenarios like implementing oracles and mitigating auction front-running. + +* **Implementing Oracle with Vote Extensions** - This tutorial details how to use vote extensions for the implementation of a secure and reliable oracle within a blockchain application. It demonstrates the use of vote extensions to securely include oracle data submissions in blocks, ensuring the data's integrity and reliability for the blockchain. + +* **Mitigating Auction Front-Running with Vote Extensions** - Explore how to prevent auction front-running using vote extensions. This tutorial outlines the creation of a module aimed at mitigating front-running in nameservice auctions, emphasising the `ExtendVote`, `PrepareProposal`, and `ProcessProposal` functions to facilitate a fair auction process. \ No newline at end of file diff --git a/copy-of-sdk-docs/tutorials/vote-extensions/_category_.json b/copy-of-sdk-docs/tutorials/vote-extensions/_category_.json new file mode 100644 index 00000000..a2aecebd --- /dev/null +++ b/copy-of-sdk-docs/tutorials/vote-extensions/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Vote Extensions Tutorials", + "position": 1, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/00-getting-started.md b/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/00-getting-started.md new file mode 100644 index 00000000..a68a6e15 --- /dev/null +++ b/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/00-getting-started.md @@ -0,0 +1,40 @@ +# Getting Started + +## Table of Contents + +- [Getting Started](#overview-of-the-project) +- [Understanding Front-Running](./01-understanding-frontrunning.md) +- [Mitigating Front-running with Vote Extensions](./02-mitigating-front-running-with-vote-extesions.md) +- [Demo of Mitigating Front-Running](./03-demo-of-mitigating-front-running.md) + +## Getting Started + +### Overview of the Project + +This tutorial outlines the development of a module designed to mitigate front-running in nameservice auctions. The following functions are central to this module: + +* `ExtendVote`: Gathers bids from the mempool and includes them in the vote extension to ensure a fair and transparent auction process. +* `PrepareProposal`: Processes the vote extensions from the previous block, creating a special transaction that encapsulates bids to be included in the current proposal. +* `ProcessProposal`: Validates that the first transaction in the proposal is the special transaction containing the vote extensions and ensures the integrity of the bids. + +In this advanced tutorial, we will be working with an example application that facilitates the auctioning of nameservices. To see what frontrunning and nameservices are [here](./01-understanding-frontrunning.md) This application provides a practical use case to explore the prevention of auction front-running, also known as "bid sniping", where a validator takes advantage of seeing a bid in the mempool to place their own higher bid before the original bid is processed. + +The tutorial will guide you through using the Cosmos SDK to mitigate front-running using vote extensions. The module will be built on top of the base blockchain provided in the `tutorials/base` directory and will use the `auction` module as a foundation. By the end of this tutorial, you will have a better understanding of how to prevent front-running in blockchain auctions, specifically in the context of nameservice auctioning. + +## What are Vote extensions? + +Vote extensions is arbitrary information which can be inserted into a block. This feature is part of ABCI 2.0, which is available for use in the SDK 0.50 release and part of the 0.38 CometBFT release. + +More information about vote extensions can be seen [here](https://docs.cosmos.network/main/build/abci/vote-extensions). + +## Requirements and Setup + +Before diving into the advanced tutorial on auction front-running simulation, ensure you meet the following requirements: + +* [Golang >1.21.5](https://golang.org/doc/install) installed +* Familiarity with the concepts of front-running and MEV, as detailed in [Understanding Front-Running](./01-understanding-frontrunning.md) +* Understanding of Vote Extensions as described [here](https://docs.cosmos.network/main/build/abci/vote-extensions) + +You will also need a foundational blockchain to build upon coupled with your own module. The `tutorials/base` directory has the necessary blockchain code to start your custom project with the Cosmos SDK. For the module, you can use the `auction` module provided in the `tutorials/auction/x/auction` directory as a reference but please be aware that all of the code needed to implement vote extensions is already implemented in this module. + +This will set up a strong base for your blockchain, enabling the integration of advanced features such as auction front-running simulation. diff --git a/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/01-understanding-frontrunning.md b/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/01-understanding-frontrunning.md new file mode 100644 index 00000000..31602b0e --- /dev/null +++ b/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/01-understanding-frontrunning.md @@ -0,0 +1,41 @@ +# Understanding Front-Running and more + +## Introduction + +Blockchain technology is vulnerable to practices that can affect the fairness and security of the network. Two such practices are front-running and Maximal Extractable Value (MEV), which are important for blockchain participants to understand. + +## What is Front-Running? + +Front-running is when someone, such as a validator, uses their ability to see pending transactions to execute their own transactions first, benefiting from the knowledge of upcoming transactions. In nameservice auctions, a front-runner might place a higher bid before the original bid is confirmed, unfairly winning the auction. + +## Nameservices and Nameservice Auctions + +Nameservices are human-readable identifiers on a blockchain, akin to internet domain names, that correspond to specific addresses or resources. They simplify interactions with typically long and complex blockchain addresses, allowing users to have a memorable and unique identifier for their blockchain address or smart contract. + +Nameservice auctions are the process by which these identifiers are bid on and acquired. To combat front-running—where someone might use knowledge of pending bids to place a higher bid first—mechanisms such as commit-reveal schemes, auction extensions, and fair sequencing are implemented. These strategies ensure a transparent and fair bidding process, reducing the potential for Maximal Extractable Value (MEV) exploitation. + +## What is Maximal Extractable Value (MEV)? + +MEV is the highest value that can be extracted by manipulating the order of transactions within a block, beyond the standard block rewards and fees. This has become more prominent with the growth of decentralised finance (DeFi), where transaction order can greatly affect profits. + +## Implications of MEV + +MEV can lead to: + +- **Network Security**: Potential centralisation, as those with more computational power might dominate the process, increasing the risk of attacks. +- **Market Fairness**: An uneven playing field where only a few can gain at the expense of the majority. +- **User Experience**: Higher fees and network congestion due to the competition for MEV. + +## Mitigating MEV and Front-Running + +Some solutions being developed to mitigate MEV and front-running, including: + +- **Time-delayed Transactions**: Random delays to make transaction timing unpredictable. +- **Private Transaction Pools**: Concealing transactions until they are mined. +- **Fair Sequencing Services**: Processing transactions in the order they are received. + +For this tutorial, we will be exploring the last solution, fair sequencing services, in the context of nameservice auctions. + +## Conclusion + +MEV and front-running are challenges to blockchain integrity and fairness. Ongoing innovation and implementation of mitigation strategies are crucial for the ecosystem's health and success. diff --git a/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md b/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md new file mode 100644 index 00000000..a3d7549e --- /dev/null +++ b/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md @@ -0,0 +1,331 @@ +# Mitigating Front-running with Vote Extensions + +## Table of Contents + +* [Prerequisites](#prerequisites) +* [Implementing Structs for Vote Extensions](#implementing-structs-for-vote-extensions) +* [Implementing Handlers and Configuring Handlers](#implementing-handlers-and-configuring-handlers) + +## Prerequisites + +Before implementing vote extensions to mitigate front-running, ensure you have a module ready to implement the vote extensions with. If you need to create or reference a similar module, see `x/auction` for guidance. + +In this section, we will discuss the steps to mitigate front-running using vote extensions. We will introduce new types within the `abci/types.go` file. These types will be used to handle the process of preparing proposals, processing proposals, and handling vote extensions. + +### Implementing Structs for Vote Extensions + +First, copy the following structs into the `abci/types.go` and each of these structs serves a specific purpose in the process of mitigating front-running using vote extensions: + +```go +package abci + +import ( + //import the necessary files +) + +type PrepareProposalHandler struct { + logger log.Logger + txConfig client.TxConfig + cdc codec.Codec + mempool *mempool.ThresholdMempool + txProvider provider.TxProvider + keyname string + runProvider bool +} +``` + +The `PrepareProposalHandler` struct is used to handle the preparation of a proposal in the consensus process. It contains several fields: logger for logging information and errors, txConfig for transaction configuration, cdc (Codec) for encoding and decoding transactions, mempool for referencing the set of unconfirmed transactions, txProvider for building the proposal with transactions, keyname for the name of the key used for signing transactions, and runProvider, a boolean flag indicating whether the provider should be run to build the proposal. + +```go +type ProcessProposalHandler struct { + TxConfig client.TxConfig + Codec codec.Codec + Logger log.Logger +} +``` + +After the proposal has been prepared and vote extensions have been included, the `ProcessProposalHandler` is used to process the proposal. This includes validating the proposal and the included vote extensions. The `ProcessProposalHandler` allows you to access the transaction configuration and codec, which are necessary for processing the vote extensions. + +```go +type VoteExtHandler struct { + logger log.Logger + currentBlock int64 + mempool *mempool.ThresholdMempool + cdc codec.Codec +} +``` + +This struct is used to handle vote extensions. It contains a logger for logging events, the current block number, a mempool for storing transactions, and a codec for encoding and decoding. Vote extensions are a key part of the process to mitigate front-running, as they allow for additional information to be included with each vote. + +```go +type InjectedVoteExt struct { + VoteExtSigner []byte + Bids [][]byte +} + +type InjectedVotes struct { + Votes []InjectedVoteExt +} +``` + +These structs are used to handle injected vote extensions. They include the signer of the vote extension and the bids associated with the vote extension. Each byte array in Bids is a serialised form of a bid transaction. Injected vote extensions are used to add additional information to a vote after it has been created, which can be useful for adding context or additional data to a vote. The serialised bid transactions provide a way to include complex transaction data in a compact, efficient format. + +```go +type AppVoteExtension struct { + Height int64 + Bids [][]byte +} +``` + +This struct is used for application vote extensions. It includes the height of the block and the bids associated with the vote extension. Application vote extensions are used to add additional information to a vote at the application level, which can be useful for adding context or additional data to a vote that is specific to the application. + +```go +type SpecialTransaction struct { + Height int + Bids [][]byte +} +``` + +This struct is used for special transactions. It includes the height of the block and the bids associated with the transaction. Special transactions are used for transactions that need to be handled differently from regular transactions, such as transactions that are part of the process to mitigate front-running. + +### Implementing Handlers and Configuring Handlers + +To establish the `VoteExtensionHandler`, follow these steps: + +1. Navigate to the `abci/proposal.go` file. This is where we will implement the `VoteExtensionHandler``. + +2. Implement the `NewVoteExtensionHandler` function. This function is a constructor for the `VoteExtHandler` struct. It takes a logger, a mempool, and a codec as parameters and returns a new instance of `VoteExtHandler`. + +```go +func NewVoteExtensionHandler(lg log.Logger, mp *mempool.ThresholdMempool, cdc codec.Codec) *VoteExtHandler { + return &VoteExtHandler{ + logger: lg, + mempool: mp, + cdc: cdc, + } +} +``` + +3. Implement the `ExtendVoteHandler()` method. This method should handle the logic of extending votes, including inspecting the mempool and submitting a list of all pending bids. This will allow you to access the list of unconfirmed transactions in the abci.`RequestPrepareProposal` during the ensuing block. + +```go +func (h *VoteExtHandler) ExtendVoteHandler() sdk.ExtendVoteHandler { + return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + h.logger.Info(fmt.Sprintf("Extending votes at block height : %v", req.Height)) + + voteExtBids := [][]byte{} + + // Get mempool txs + itr := h.mempool.SelectPending(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + sdkMsgs := tmptx.GetMsgs() + + // Iterate through msgs, check for any bids + for _, msg := range sdkMsgs { + switch msg := msg.(type) { + case *nstypes.MsgBid: + // Marshal sdk bids to []byte + bz, err := h.cdc.Marshal(msg) + if err != nil { + h.logger.Error(fmt.Sprintf("Error marshalling VE Bid : %v", err)) + break + } + voteExtBids = append(voteExtBids, bz) + default: + } + } + + // Move tx to ready pool + err := h.mempool.Update(context.Background(), tmptx) + + // Remove tx from app side mempool + if err != nil { + h.logger.Info(fmt.Sprintf("Unable to update mempool tx: %v", err)) + } + + itr = itr.Next() + } + + // Create vote extension + voteExt := AppVoteExtension{ + Height: req.Height, + Bids: voteExtBids, + } + + // Encode Vote Extension + bz, err := json.Marshal(voteExt) + if err != nil { + return nil, fmt.Errorf("Error marshalling VE: %w", err) + } + + return &abci.ResponseExtendVote{VoteExtension: bz}, nil +} +``` + +4. Configure the handler in `app/app.go` as shown below + +```go +bApp := baseapp.NewBaseApp(AppName, logger, db, txConfig.TxDecoder(), baseAppOptions...) +voteExtHandler := abci2.NewVoteExtensionHandler(logger, mempool, appCodec) +bApp.SetExtendVoteHandler(voteExtHandler.ExtendVoteHandler()) +``` + +To give a bit of context on what is happening above, we first create a new instance of `VoteExtensionHandler` with the necessary dependencies (logger, mempool, and codec). Then, we set this handler as the `ExtendVoteHandler` for our application. This means that whenever a vote needs to be extended, our custom `ExtendVoteHandler()` method will be called. + +To test if vote extensions have been propagated, add the following to the `PrepareProposalHandler`: + +```go +if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf(" :: Get vote extensions: %v", voteExt)) +} +``` + +This is how the whole function should look: + +```go +func (h *PrepareProposalHandler) PrepareProposalHandler() sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + h.logger.Info(fmt.Sprintf(" :: Prepare Proposal")) + var proposalTxs [][]byte + + var txs []sdk.Tx + + // Get Vote Extensions + if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf(" :: Get vote extensions: %v", voteExt)) + } + + itr := h.mempool.Select(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + + txs = append(txs, tmptx) + itr = itr.Next() + } + h.logger.Info(fmt.Sprintf(" :: Number of Transactions available from mempool: %v", len(txs))) + + if h.runProvider { + tmpMsgs, err := h.txProvider.BuildProposal(ctx, txs) + if err != nil { + h.logger.Error(fmt.Sprintf(" :: Error Building Custom Proposal: %v", err)) + } + txs = tmpMsgs + } + + for _, sdkTxs := range txs { + txBytes, err := h.txConfig.TxEncoder()(sdkTxs) + if err != nil { + h.logger.Info(fmt.Sprintf("~Error encoding transaction: %v", err.Error())) + } + proposalTxs = append(proposalTxs, txBytes) + } + + h.logger.Info(fmt.Sprintf(" :: Number of Transactions in proposal: %v", len(proposalTxs))) + + return &abci.ResponsePrepareProposal{Txs: proposalTxs}, nil + } +} +``` + +As mentioned above, we check if vote extensions have been propagated, you can do this by checking the logs for any relevant messages such as ` :: Get vote extensions:`. If the logs do not provide enough information, you can also reinitialise your local testing environment by running the `./scripts/single_node/setup.sh` script again. + +5. Implement the `ProcessProposalHandler()`. This function is responsible for processing the proposal. It should handle the logic of processing vote extensions, including inspecting the proposal and validating the bids. + +```go +func (h *ProcessProposalHandler) ProcessProposalHandler() sdk.ProcessProposalHandler { + return func(ctx sdk.Context, req *abci.RequestProcessProposal) (resp *abci.ResponseProcessProposal, err error) { + h.Logger.Info(fmt.Sprintf(" :: Process Proposal")) + + // The first transaction will always be the Special Transaction + numTxs := len(req.Txs) + + h.Logger.Info(fmt.Sprintf(":: Number of transactions :: %v", numTxs)) + + if numTxs >= 1 { + var st SpecialTransaction + err = json.Unmarshal(req.Txs[0], &st) + if err != nil { + h.Logger.Error(fmt.Sprintf(":: Error unmarshalling special Tx in Process Proposal :: %v", err)) + } + if len(st.Bids) > 0 { + h.Logger.Info(fmt.Sprintf(":: There are bids in the Special Transaction")) + var bids []nstypes.MsgBid + for i, b := range st.Bids { + var bid nstypes.MsgBid + h.Codec.Unmarshal(b, &bid) + h.Logger.Info(fmt.Sprintf(":: Special Transaction Bid No %v :: %v", i, bid)) + bids = append(bids, bid) + } + // Validate Bids in Tx + txs := req.Txs[1:] + ok, err := ValidateBids(h.TxConfig, bids, txs, h.Logger) + if err != nil { + h.Logger.Error(fmt.Sprintf(":: Error validating bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + if !ok { + h.Logger.Error(fmt.Sprintf(":: Unable to validate bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + h.Logger.Info(":: Successfully validated bids in Process Proposal") + } + } + + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil + } +} +``` + +6. Implement the `ProcessVoteExtensions()` function. This function should handle the logic of processing vote extensions, including validating the bids. + +```go +func processVoteExtensions(req *abci.RequestPrepareProposal, log log.Logger) (SpecialTransaction, error) { + log.Info(fmt.Sprintf(" :: Process Vote Extensions")) + + // Create empty response + st := SpecialTransaction{ + 0, + [][]byte{}, + } + + // Get Vote Ext for H-1 from Req + voteExt := req.GetLocalLastCommit() + votes := voteExt.Votes + + // Iterate through votes + var ve AppVoteExtension + for _, vote := range votes { + // Unmarshal to AppExt + err := json.Unmarshal(vote.VoteExtension, &ve) + if err != nil { + log.Error(fmt.Sprintf(" :: Error unmarshalling Vote Extension")) + } + + st.Height = int(ve.Height) + + // If Bids in VE, append to Special Transaction + if len(ve.Bids) > 0 { + log.Info(" :: Bids in VE") + for _, b := range ve.Bids { + st.Bids = append(st.Bids, b) + } + } + } + + return st, nil +} +``` + +7. Configure the `ProcessProposalHandler()` in app/app.go: + +```go +processPropHandler := abci2.ProcessProposalHandler{app.txConfig, appCodec, logger} +bApp.SetProcessProposal(processPropHandler.ProcessProposalHandler()) +``` + +This sets the `ProcessProposalHandler()` for our application. This means that whenever a proposal needs to be processed, our custom `ProcessProposalHandler()` method will be called. + +To test if the proposal processing and vote extensions are working correctly, you can check the logs for any relevant messages. If the logs do not provide enough information, you can also reinitialize your local testing environment by running `./scripts/single_node/setup.sh` script. diff --git a/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md.bak b/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md.bak new file mode 100644 index 00000000..421b6ed8 --- /dev/null +++ b/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md.bak @@ -0,0 +1,331 @@ +# Mitigating Front-running with Vote Extensions + +## Table of Contents + +* [Prerequisites](#prerequisites) +* [Implementing Structs for Vote Extensions](#implementing-structs-for-vote-extensions) +* [Implementing Handlers and Configuring Handlers](#implementing-handlers-and-configuring-handlers) + +## Prerequisites + +Before implementing vote extensions to mitigate front-running, ensure you have a module ready to implement the vote extensions with. If you need to create or reference a similar module, see `x/auction` for guidance. + +In this section, we will discuss the steps to mitigate front-running using vote extensions. We will introduce new types within the `abci/types.go` file. These types will be used to handle the process of preparing proposals, processing proposals, and handling vote extensions. + +### Implementing Structs for Vote Extensions + +First, copy the following structs into the `abci/types.go` and each of these structs serves a specific purpose in the process of mitigating front-running using vote extensions: + +```go +package abci + +import ( + //import the necessary files +) + +type PrepareProposalHandler struct { + logger log.Logger + txConfig client.TxConfig + cdc codec.Codec + mempool *mempool.ThresholdMempool + txProvider provider.TxProvider + keyname string + runProvider bool +} +``` + +The `PrepareProposalHandler` struct is used to handle the preparation of a proposal in the consensus process. It contains several fields: logger for logging information and errors, txConfig for transaction configuration, cdc (Codec) for encoding and decoding transactions, mempool for referencing the set of unconfirmed transactions, txProvider for building the proposal with transactions, keyname for the name of the key used for signing transactions, and runProvider, a boolean flag indicating whether the provider should be run to build the proposal. + +```go +type ProcessProposalHandler struct { + TxConfig client.TxConfig + Codec codec.Codec + Logger log.Logger +} +``` + +After the proposal has been prepared and vote extensions have been included, the `ProcessProposalHandler` is used to process the proposal. This includes validating the proposal and the included vote extensions. The `ProcessProposalHandler` allows you to access the transaction configuration and codec, which are necessary for processing the vote extensions. + +```go +type VoteExtHandler struct { + logger log.Logger + currentBlock int64 + mempool *mempool.ThresholdMempool + cdc codec.Codec +} +``` + +This struct is used to handle vote extensions. It contains a logger for logging events, the current block number, a mempool for storing transactions, and a codec for encoding and decoding. Vote extensions are a key part of the process to mitigate front-running, as they allow for additional information to be included with each vote. + +```go +type InjectedVoteExt struct { + VoteExtSigner []byte + Bids [][]byte +} + +type InjectedVotes struct { + Votes []InjectedVoteExt +} +``` + +These structs are used to handle injected vote extensions. They include the signer of the vote extension and the bids associated with the vote extension. Each byte array in Bids is a serialised form of a bid transaction. Injected vote extensions are used to add additional information to a vote after it has been created, which can be useful for adding context or additional data to a vote. The serialised bid transactions provide a way to include complex transaction data in a compact, efficient format. + +```go +type AppVoteExtension struct { + Height int64 + Bids [][]byte +} +``` + +This struct is used for application vote extensions. It includes the height of the block and the bids associated with the vote extension. Application vote extensions are used to add additional information to a vote at the application level, which can be useful for adding context or additional data to a vote that is specific to the application. + +```go +type SpecialTransaction struct { + Height int + Bids [][]byte +} +``` + +This struct is used for special transactions. It includes the height of the block and the bids associated with the transaction. Special transactions are used for transactions that need to be handled differently from regular transactions, such as transactions that are part of the process to mitigate front-running. + +### Implementing Handlers and Configuring Handlers + +To establish the `VoteExtensionHandler`, follow these steps: + +1. Navigate to the `abci/proposal.go` file. This is where we will implement the `VoteExtensionHandler``. + +2. Implement the `NewVoteExtensionHandler` function. This function is a constructor for the `VoteExtHandler` struct. It takes a logger, a mempool, and a codec as parameters and returns a new instance of `VoteExtHandler`. + +```go +func NewVoteExtensionHandler(lg log.Logger, mp *mempool.ThresholdMempool, cdc codec.Codec) *VoteExtHandler { + return &VoteExtHandler{ + logger: lg, + mempool: mp, + cdc: cdc, + } +} +``` + +3. Implement the `ExtendVoteHandler()` method. This method should handle the logic of extending votes, including inspecting the mempool and submitting a list of all pending bids. This will allow you to access the list of unconfirmed transactions in the abci.`RequestPrepareProposal` during the ensuing block. + +```go +func (h *VoteExtHandler) ExtendVoteHandler() sdk.ExtendVoteHandler { + return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + h.logger.Info(fmt.Sprintf("Extending votes at block height : %v", req.Height)) + + voteExtBids := [][]byte{} + + // Get mempool txs + itr := h.mempool.SelectPending(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + sdkMsgs := tmptx.GetMsgs() + + // Iterate through msgs, check for any bids + for _, msg := range sdkMsgs { + switch msg := msg.(type) { + case *nstypes.MsgBid: + // Marshal sdk bids to []byte + bz, err := h.cdc.Marshal(msg) + if err != nil { + h.logger.Error(fmt.Sprintf("Error marshalling VE Bid : %v", err)) + break + } + voteExtBids = append(voteExtBids, bz) + default: + } + } + + // Move tx to ready pool + err := h.mempool.Update(context.Background(), tmptx) + + // Remove tx from app side mempool + if err != nil { + h.logger.Info(fmt.Sprintf("Unable to update mempool tx: %v", err)) + } + + itr = itr.Next() + } + + // Create vote extension + voteExt := AppVoteExtension{ + Height: req.Height, + Bids: voteExtBids, + } + + // Encode Vote Extension + bz, err := json.Marshal(voteExt) + if err != nil { + return nil, fmt.Errorf("Error marshalling VE: %w", err) + } + + return &abci.ResponseExtendVote{VoteExtension: bz}, nil +} +``` + +4. Configure the handler in `app/app.go` as shown below + +```go +bApp := baseapp.NewBaseApp(AppName, logger, db, txConfig.TxDecoder(), baseAppOptions...) +voteExtHandler := abci2.NewVoteExtensionHandler(logger, mempool, appCodec) +bApp.SetExtendVoteHandler(voteExtHandler.ExtendVoteHandler()) +``` + +To give a bit of context on what is happening above, we first create a new instance of `VoteExtensionHandler` with the necessary dependencies (logger, mempool, and codec). Then, we set this handler as the `ExtendVoteHandler` for our application. This means that whenever a vote needs to be extended, our custom `ExtendVoteHandler()` method will be called. + +To test if vote extensions have been propagated, add the following to the `PrepareProposalHandler`: + +```go +if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf("🛠️ :: Get vote extensions: %v", voteExt)) +} +``` + +This is how the whole function should look: + +```go +func (h *PrepareProposalHandler) PrepareProposalHandler() sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + h.logger.Info(fmt.Sprintf("🛠️ :: Prepare Proposal")) + var proposalTxs [][]byte + + var txs []sdk.Tx + + // Get Vote Extensions + if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf("🛠️ :: Get vote extensions: %v", voteExt)) + } + + itr := h.mempool.Select(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + + txs = append(txs, tmptx) + itr = itr.Next() + } + h.logger.Info(fmt.Sprintf("🛠️ :: Number of Transactions available from mempool: %v", len(txs))) + + if h.runProvider { + tmpMsgs, err := h.txProvider.BuildProposal(ctx, txs) + if err != nil { + h.logger.Error(fmt.Sprintf("❌️ :: Error Building Custom Proposal: %v", err)) + } + txs = tmpMsgs + } + + for _, sdkTxs := range txs { + txBytes, err := h.txConfig.TxEncoder()(sdkTxs) + if err != nil { + h.logger.Info(fmt.Sprintf("❌~Error encoding transaction: %v", err.Error())) + } + proposalTxs = append(proposalTxs, txBytes) + } + + h.logger.Info(fmt.Sprintf("🛠️ :: Number of Transactions in proposal: %v", len(proposalTxs))) + + return &abci.ResponsePrepareProposal{Txs: proposalTxs}, nil + } +} +``` + +As mentioned above, we check if vote extensions have been propagated, you can do this by checking the logs for any relevant messages such as `🛠️ :: Get vote extensions:`. If the logs do not provide enough information, you can also reinitialise your local testing environment by running the `./scripts/single_node/setup.sh` script again. + +5. Implement the `ProcessProposalHandler()`. This function is responsible for processing the proposal. It should handle the logic of processing vote extensions, including inspecting the proposal and validating the bids. + +```go +func (h *ProcessProposalHandler) ProcessProposalHandler() sdk.ProcessProposalHandler { + return func(ctx sdk.Context, req *abci.RequestProcessProposal) (resp *abci.ResponseProcessProposal, err error) { + h.Logger.Info(fmt.Sprintf("⚙️ :: Process Proposal")) + + // The first transaction will always be the Special Transaction + numTxs := len(req.Txs) + + h.Logger.Info(fmt.Sprintf("⚙️:: Number of transactions :: %v", numTxs)) + + if numTxs >= 1 { + var st SpecialTransaction + err = json.Unmarshal(req.Txs[0], &st) + if err != nil { + h.Logger.Error(fmt.Sprintf("❌️:: Error unmarshalling special Tx in Process Proposal :: %v", err)) + } + if len(st.Bids) > 0 { + h.Logger.Info(fmt.Sprintf("⚙️:: There are bids in the Special Transaction")) + var bids []nstypes.MsgBid + for i, b := range st.Bids { + var bid nstypes.MsgBid + h.Codec.Unmarshal(b, &bid) + h.Logger.Info(fmt.Sprintf("⚙️:: Special Transaction Bid No %v :: %v", i, bid)) + bids = append(bids, bid) + } + // Validate Bids in Tx + txs := req.Txs[1:] + ok, err := ValidateBids(h.TxConfig, bids, txs, h.Logger) + if err != nil { + h.Logger.Error(fmt.Sprintf("❌️:: Error validating bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + if !ok { + h.Logger.Error(fmt.Sprintf("❌️:: Unable to validate bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + h.Logger.Info("⚙️:: Successfully validated bids in Process Proposal") + } + } + + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil + } +} +``` + +6. Implement the `ProcessVoteExtensions()` function. This function should handle the logic of processing vote extensions, including validating the bids. + +```go +func processVoteExtensions(req *abci.RequestPrepareProposal, log log.Logger) (SpecialTransaction, error) { + log.Info(fmt.Sprintf("🛠️ :: Process Vote Extensions")) + + // Create empty response + st := SpecialTransaction{ + 0, + [][]byte{}, + } + + // Get Vote Ext for H-1 from Req + voteExt := req.GetLocalLastCommit() + votes := voteExt.Votes + + // Iterate through votes + var ve AppVoteExtension + for _, vote := range votes { + // Unmarshal to AppExt + err := json.Unmarshal(vote.VoteExtension, &ve) + if err != nil { + log.Error(fmt.Sprintf("❌ :: Error unmarshalling Vote Extension")) + } + + st.Height = int(ve.Height) + + // If Bids in VE, append to Special Transaction + if len(ve.Bids) > 0 { + log.Info("🛠️ :: Bids in VE") + for _, b := range ve.Bids { + st.Bids = append(st.Bids, b) + } + } + } + + return st, nil +} +``` + +7. Configure the `ProcessProposalHandler()` in app/app.go: + +```go +processPropHandler := abci2.ProcessProposalHandler{app.txConfig, appCodec, logger} +bApp.SetProcessProposal(processPropHandler.ProcessProposalHandler()) +``` + +This sets the `ProcessProposalHandler()` for our application. This means that whenever a proposal needs to be processed, our custom `ProcessProposalHandler()` method will be called. + +To test if the proposal processing and vote extensions are working correctly, you can check the logs for any relevant messages. If the logs do not provide enough information, you can also reinitialize your local testing environment by running `./scripts/single_node/setup.sh` script. diff --git a/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md b/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md new file mode 100644 index 00000000..55c84fa7 --- /dev/null +++ b/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md @@ -0,0 +1,331 @@ +# Mitigating Front-running with Vote Extensions + +## Table of Contents + +- [Prerequisites](#prerequisites) +- [Implementing Structs for Vote Extensions](#implementing-structs-for-vote-extensions) +- [Implementing Handlers and Configuring Handlers](#implementing-handlers-and-configuring-handlers) + +## Prerequisites + +Before implementing vote extensions to mitigate front-running, ensure you have a module ready to implement the vote extensions with. If you need to create or reference a similar module, see `x/auction` for guidance. + +In this section, we will discuss the steps to mitigate front-running using vote extensions. We will introduce new types within the `abci/types.go` file. These types will be used to handle the process of preparing proposals, processing proposals, and handling vote extensions. + +### Implementing Structs for Vote Extensions + +First, copy the following structs into the `abci/types.go` and each of these structs serves a specific purpose in the process of mitigating front-running using vote extensions: + +```go +package abci + +import ( + //import the necessary files +) + +type PrepareProposalHandler struct { + logger log.Logger + txConfig client.TxConfig + cdc codec.Codec + mempool *mempool.ThresholdMempool + txProvider provider.TxProvider + keyname string + runProvider bool +} +``` + +The `PrepareProposalHandler` struct is used to handle the preparation of a proposal in the consensus process. It contains several fields: logger for logging information and errors, txConfig for transaction configuration, cdc (Codec) for encoding and decoding transactions, mempool for referencing the set of unconfirmed transactions, txProvider for building the proposal with transactions, keyname for the name of the key used for signing transactions, and runProvider, a boolean flag indicating whether the provider should be run to build the proposal. + +```go +type ProcessProposalHandler struct { + TxConfig client.TxConfig + Codec codec.Codec + Logger log.Logger +} +``` + +After the proposal has been prepared and vote extensions have been included, the `ProcessProposalHandler` is used to process the proposal. This includes validating the proposal and the included vote extensions. The `ProcessProposalHandler` allows you to access the transaction configuration and codec, which are necessary for processing the vote extensions. + +```go +type VoteExtHandler struct { + logger log.Logger + currentBlock int64 + mempool *mempool.ThresholdMempool + cdc codec.Codec +} +``` + +This struct is used to handle vote extensions. It contains a logger for logging events, the current block number, a mempool for storing transactions, and a codec for encoding and decoding. Vote extensions are a key part of the process to mitigate front-running, as they allow for additional information to be included with each vote. + +```go +type InjectedVoteExt struct { + VoteExtSigner []byte + Bids [][]byte +} + +type InjectedVotes struct { + Votes []InjectedVoteExt +} +``` + +These structs are used to handle injected vote extensions. They include the signer of the vote extension and the bids associated with the vote extension. Each byte array in Bids is a serialised form of a bid transaction. Injected vote extensions are used to add additional information to a vote after it has been created, which can be useful for adding context or additional data to a vote. The serialised bid transactions provide a way to include complex transaction data in a compact, efficient format. + +```go +type AppVoteExtension struct { + Height int64 + Bids [][]byte +} +``` + +This struct is used for application vote extensions. It includes the height of the block and the bids associated with the vote extension. Application vote extensions are used to add additional information to a vote at the application level, which can be useful for adding context or additional data to a vote that is specific to the application. + +```go +type SpecialTransaction struct { + Height int + Bids [][]byte +} +``` + +This struct is used for special transactions. It includes the height of the block and the bids associated with the transaction. Special transactions are used for transactions that need to be handled differently from regular transactions, such as transactions that are part of the process to mitigate front-running. + +### Implementing Handlers and Configuring Handlers + +To establish the `VoteExtensionHandler`, follow these steps: + +1. Navigate to the `abci/proposal.go` file. This is where we will implement the `VoteExtensionHandler``. + +2. Implement the `NewVoteExtensionHandler` function. This function is a constructor for the `VoteExtHandler` struct. It takes a logger, a mempool, and a codec as parameters and returns a new instance of `VoteExtHandler`. + +```go +func NewVoteExtensionHandler(lg log.Logger, mp *mempool.ThresholdMempool, cdc codec.Codec) *VoteExtHandler { + return &VoteExtHandler{ + logger: lg, + mempool: mp, + cdc: cdc, + } +} +``` + +3. Implement the `ExtendVoteHandler()` method. This method should handle the logic of extending votes, including inspecting the mempool and submitting a list of all pending bids. This will allow you to access the list of unconfirmed transactions in the abci.`RequestPrepareProposal` during the ensuing block. + +```go +func (h *VoteExtHandler) ExtendVoteHandler() sdk.ExtendVoteHandler { + return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + h.logger.Info(fmt.Sprintf("Extending votes at block height : %v", req.Height)) + + voteExtBids := [][]byte{} + + // Get mempool txs + itr := h.mempool.SelectPending(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + sdkMsgs := tmptx.GetMsgs() + + // Iterate through msgs, check for any bids + for _, msg := range sdkMsgs { + switch msg := msg.(type) { + case *nstypes.MsgBid: + // Marshal sdk bids to []byte + bz, err := h.cdc.Marshal(msg) + if err != nil { + h.logger.Error(fmt.Sprintf("Error marshalling VE Bid : %v", err)) + break + } + voteExtBids = append(voteExtBids, bz) + default: + } + } + + // Move tx to ready pool + err := h.mempool.Update(context.Background(), tmptx) + + // Remove tx from app side mempool + if err != nil { + h.logger.Info(fmt.Sprintf("Unable to update mempool tx: %v", err)) + } + + itr = itr.Next() + } + + // Create vote extension + voteExt := AppVoteExtension{ + Height: req.Height, + Bids: voteExtBids, + } + + // Encode Vote Extension + bz, err := json.Marshal(voteExt) + if err != nil { + return nil, fmt.Errorf("Error marshalling VE: %w", err) + } + + return &abci.ResponseExtendVote{VoteExtension: bz}, nil +} +``` + +4. Configure the handler in `app/app.go` as shown below + +```go +bApp := baseapp.NewBaseApp(AppName, logger, db, txConfig.TxDecoder(), baseAppOptions...) +voteExtHandler := abci2.NewVoteExtensionHandler(logger, mempool, appCodec) +bApp.SetExtendVoteHandler(voteExtHandler.ExtendVoteHandler()) +``` + +To give a bit of context on what is happening above, we first create a new instance of `VoteExtensionHandler` with the necessary dependencies (logger, mempool, and codec). Then, we set this handler as the `ExtendVoteHandler` for our application. This means that whenever a vote needs to be extended, our custom `ExtendVoteHandler()` method will be called. + +To test if vote extensions have been propagated, add the following to the `PrepareProposalHandler`: + +```go +if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf(" :: Get vote extensions: %v", voteExt)) +} +``` + +This is how the whole function should look: + +```go +func (h *PrepareProposalHandler) PrepareProposalHandler() sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + h.logger.Info(fmt.Sprintf(" :: Prepare Proposal")) + var proposalTxs [][]byte + + var txs []sdk.Tx + + // Get Vote Extensions + if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf(" :: Get vote extensions: %v", voteExt)) + } + + itr := h.mempool.Select(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + + txs = append(txs, tmptx) + itr = itr.Next() + } + h.logger.Info(fmt.Sprintf(" :: Number of Transactions available from mempool: %v", len(txs))) + + if h.runProvider { + tmpMsgs, err := h.txProvider.BuildProposal(ctx, txs) + if err != nil { + h.logger.Error(fmt.Sprintf(" :: Error Building Custom Proposal: %v", err)) + } + txs = tmpMsgs + } + + for _, sdkTxs := range txs { + txBytes, err := h.txConfig.TxEncoder()(sdkTxs) + if err != nil { + h.logger.Info(fmt.Sprintf("~Error encoding transaction: %v", err.Error())) + } + proposalTxs = append(proposalTxs, txBytes) + } + + h.logger.Info(fmt.Sprintf(" :: Number of Transactions in proposal: %v", len(proposalTxs))) + + return &abci.ResponsePrepareProposal{Txs: proposalTxs}, nil + } +} +``` + +As mentioned above, we check if vote extensions have been propagated, you can do this by checking the logs for any relevant messages such as ` :: Get vote extensions:`. If the logs do not provide enough information, you can also reinitialise your local testing environment by running the `./scripts/single_node/setup.sh` script again. + +5. Implement the `ProcessProposalHandler()`. This function is responsible for processing the proposal. It should handle the logic of processing vote extensions, including inspecting the proposal and validating the bids. + +```go +func (h *ProcessProposalHandler) ProcessProposalHandler() sdk.ProcessProposalHandler { + return func(ctx sdk.Context, req *abci.RequestProcessProposal) (resp *abci.ResponseProcessProposal, err error) { + h.Logger.Info(fmt.Sprintf(" :: Process Proposal")) + + // The first transaction will always be the Special Transaction + numTxs := len(req.Txs) + + h.Logger.Info(fmt.Sprintf(":: Number of transactions :: %v", numTxs)) + + if numTxs >= 1 { + var st SpecialTransaction + err = json.Unmarshal(req.Txs[0], &st) + if err != nil { + h.Logger.Error(fmt.Sprintf(":: Error unmarshalling special Tx in Process Proposal :: %v", err)) + } + if len(st.Bids) > 0 { + h.Logger.Info(fmt.Sprintf(":: There are bids in the Special Transaction")) + var bids []nstypes.MsgBid + for i, b := range st.Bids { + var bid nstypes.MsgBid + h.Codec.Unmarshal(b, &bid) + h.Logger.Info(fmt.Sprintf(":: Special Transaction Bid No %v :: %v", i, bid)) + bids = append(bids, bid) + } + // Validate Bids in Tx + txs := req.Txs[1:] + ok, err := ValidateBids(h.TxConfig, bids, txs, h.Logger) + if err != nil { + h.Logger.Error(fmt.Sprintf(":: Error validating bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + if !ok { + h.Logger.Error(fmt.Sprintf(":: Unable to validate bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + h.Logger.Info(":: Successfully validated bids in Process Proposal") + } + } + + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil + } +} +``` + +6. Implement the `ProcessVoteExtensions()` function. This function should handle the logic of processing vote extensions, including validating the bids. + +```go +func processVoteExtensions(req *abci.RequestPrepareProposal, log log.Logger) (SpecialTransaction, error) { + log.Info(fmt.Sprintf(" :: Process Vote Extensions")) + + // Create empty response + st := SpecialTransaction{ + 0, + [][]byte{}, + } + + // Get Vote Ext for H-1 from Req + voteExt := req.GetLocalLastCommit() + votes := voteExt.Votes + + // Iterate through votes + var ve AppVoteExtension + for _, vote := range votes { + // Unmarshal to AppExt + err := json.Unmarshal(vote.VoteExtension, &ve) + if err != nil { + log.Error(fmt.Sprintf(" :: Error unmarshalling Vote Extension")) + } + + st.Height = int(ve.Height) + + // If Bids in VE, append to Special Transaction + if len(ve.Bids) > 0 { + log.Info(" :: Bids in VE") + for _, b := range ve.Bids { + st.Bids = append(st.Bids, b) + } + } + } + + return st, nil +} +``` + +7. Configure the `ProcessProposalHandler()` in app/app.go: + +```go +processPropHandler := abci2.ProcessProposalHandler{app.txConfig, appCodec, logger} +bApp.SetProcessProposal(processPropHandler.ProcessProposalHandler()) +``` + +This sets the `ProcessProposalHandler()` for our application. This means that whenever a proposal needs to be processed, our custom `ProcessProposalHandler()` method will be called. + +To test if the proposal processing and vote extensions are working correctly, you can check the logs for any relevant messages. If the logs do not provide enough information, you can also reinitialize your local testing environment by running `./scripts/single_node/setup.sh` script. diff --git a/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md.bak b/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md.bak new file mode 100644 index 00000000..56c2d402 --- /dev/null +++ b/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md.bak @@ -0,0 +1,331 @@ +# Mitigating Front-running with Vote Extensions + +## Table of Contents + +- [Prerequisites](#prerequisites) +- [Implementing Structs for Vote Extensions](#implementing-structs-for-vote-extensions) +- [Implementing Handlers and Configuring Handlers](#implementing-handlers-and-configuring-handlers) + +## Prerequisites + +Before implementing vote extensions to mitigate front-running, ensure you have a module ready to implement the vote extensions with. If you need to create or reference a similar module, see `x/auction` for guidance. + +In this section, we will discuss the steps to mitigate front-running using vote extensions. We will introduce new types within the `abci/types.go` file. These types will be used to handle the process of preparing proposals, processing proposals, and handling vote extensions. + +### Implementing Structs for Vote Extensions + +First, copy the following structs into the `abci/types.go` and each of these structs serves a specific purpose in the process of mitigating front-running using vote extensions: + +```go +package abci + +import ( + //import the necessary files +) + +type PrepareProposalHandler struct { + logger log.Logger + txConfig client.TxConfig + cdc codec.Codec + mempool *mempool.ThresholdMempool + txProvider provider.TxProvider + keyname string + runProvider bool +} +``` + +The `PrepareProposalHandler` struct is used to handle the preparation of a proposal in the consensus process. It contains several fields: logger for logging information and errors, txConfig for transaction configuration, cdc (Codec) for encoding and decoding transactions, mempool for referencing the set of unconfirmed transactions, txProvider for building the proposal with transactions, keyname for the name of the key used for signing transactions, and runProvider, a boolean flag indicating whether the provider should be run to build the proposal. + +```go +type ProcessProposalHandler struct { + TxConfig client.TxConfig + Codec codec.Codec + Logger log.Logger +} +``` + +After the proposal has been prepared and vote extensions have been included, the `ProcessProposalHandler` is used to process the proposal. This includes validating the proposal and the included vote extensions. The `ProcessProposalHandler` allows you to access the transaction configuration and codec, which are necessary for processing the vote extensions. + +```go +type VoteExtHandler struct { + logger log.Logger + currentBlock int64 + mempool *mempool.ThresholdMempool + cdc codec.Codec +} +``` + +This struct is used to handle vote extensions. It contains a logger for logging events, the current block number, a mempool for storing transactions, and a codec for encoding and decoding. Vote extensions are a key part of the process to mitigate front-running, as they allow for additional information to be included with each vote. + +```go +type InjectedVoteExt struct { + VoteExtSigner []byte + Bids [][]byte +} + +type InjectedVotes struct { + Votes []InjectedVoteExt +} +``` + +These structs are used to handle injected vote extensions. They include the signer of the vote extension and the bids associated with the vote extension. Each byte array in Bids is a serialised form of a bid transaction. Injected vote extensions are used to add additional information to a vote after it has been created, which can be useful for adding context or additional data to a vote. The serialised bid transactions provide a way to include complex transaction data in a compact, efficient format. + +```go +type AppVoteExtension struct { + Height int64 + Bids [][]byte +} +``` + +This struct is used for application vote extensions. It includes the height of the block and the bids associated with the vote extension. Application vote extensions are used to add additional information to a vote at the application level, which can be useful for adding context or additional data to a vote that is specific to the application. + +```go +type SpecialTransaction struct { + Height int + Bids [][]byte +} +``` + +This struct is used for special transactions. It includes the height of the block and the bids associated with the transaction. Special transactions are used for transactions that need to be handled differently from regular transactions, such as transactions that are part of the process to mitigate front-running. + +### Implementing Handlers and Configuring Handlers + +To establish the `VoteExtensionHandler`, follow these steps: + +1. Navigate to the `abci/proposal.go` file. This is where we will implement the `VoteExtensionHandler``. + +2. Implement the `NewVoteExtensionHandler` function. This function is a constructor for the `VoteExtHandler` struct. It takes a logger, a mempool, and a codec as parameters and returns a new instance of `VoteExtHandler`. + +```go +func NewVoteExtensionHandler(lg log.Logger, mp *mempool.ThresholdMempool, cdc codec.Codec) *VoteExtHandler { + return &VoteExtHandler{ + logger: lg, + mempool: mp, + cdc: cdc, + } +} +``` + +3. Implement the `ExtendVoteHandler()` method. This method should handle the logic of extending votes, including inspecting the mempool and submitting a list of all pending bids. This will allow you to access the list of unconfirmed transactions in the abci.`RequestPrepareProposal` during the ensuing block. + +```go +func (h *VoteExtHandler) ExtendVoteHandler() sdk.ExtendVoteHandler { + return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + h.logger.Info(fmt.Sprintf("Extending votes at block height : %v", req.Height)) + + voteExtBids := [][]byte{} + + // Get mempool txs + itr := h.mempool.SelectPending(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + sdkMsgs := tmptx.GetMsgs() + + // Iterate through msgs, check for any bids + for _, msg := range sdkMsgs { + switch msg := msg.(type) { + case *nstypes.MsgBid: + // Marshal sdk bids to []byte + bz, err := h.cdc.Marshal(msg) + if err != nil { + h.logger.Error(fmt.Sprintf("Error marshalling VE Bid : %v", err)) + break + } + voteExtBids = append(voteExtBids, bz) + default: + } + } + + // Move tx to ready pool + err := h.mempool.Update(context.Background(), tmptx) + + // Remove tx from app side mempool + if err != nil { + h.logger.Info(fmt.Sprintf("Unable to update mempool tx: %v", err)) + } + + itr = itr.Next() + } + + // Create vote extension + voteExt := AppVoteExtension{ + Height: req.Height, + Bids: voteExtBids, + } + + // Encode Vote Extension + bz, err := json.Marshal(voteExt) + if err != nil { + return nil, fmt.Errorf("Error marshalling VE: %w", err) + } + + return &abci.ResponseExtendVote{VoteExtension: bz}, nil +} +``` + +4. Configure the handler in `app/app.go` as shown below + +```go +bApp := baseapp.NewBaseApp(AppName, logger, db, txConfig.TxDecoder(), baseAppOptions...) +voteExtHandler := abci2.NewVoteExtensionHandler(logger, mempool, appCodec) +bApp.SetExtendVoteHandler(voteExtHandler.ExtendVoteHandler()) +``` + +To give a bit of context on what is happening above, we first create a new instance of `VoteExtensionHandler` with the necessary dependencies (logger, mempool, and codec). Then, we set this handler as the `ExtendVoteHandler` for our application. This means that whenever a vote needs to be extended, our custom `ExtendVoteHandler()` method will be called. + +To test if vote extensions have been propagated, add the following to the `PrepareProposalHandler`: + +```go +if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf("🛠️ :: Get vote extensions: %v", voteExt)) +} +``` + +This is how the whole function should look: + +```go +func (h *PrepareProposalHandler) PrepareProposalHandler() sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + h.logger.Info(fmt.Sprintf("🛠️ :: Prepare Proposal")) + var proposalTxs [][]byte + + var txs []sdk.Tx + + // Get Vote Extensions + if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf("🛠️ :: Get vote extensions: %v", voteExt)) + } + + itr := h.mempool.Select(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + + txs = append(txs, tmptx) + itr = itr.Next() + } + h.logger.Info(fmt.Sprintf("🛠️ :: Number of Transactions available from mempool: %v", len(txs))) + + if h.runProvider { + tmpMsgs, err := h.txProvider.BuildProposal(ctx, txs) + if err != nil { + h.logger.Error(fmt.Sprintf("❌️ :: Error Building Custom Proposal: %v", err)) + } + txs = tmpMsgs + } + + for _, sdkTxs := range txs { + txBytes, err := h.txConfig.TxEncoder()(sdkTxs) + if err != nil { + h.logger.Info(fmt.Sprintf("❌~Error encoding transaction: %v", err.Error())) + } + proposalTxs = append(proposalTxs, txBytes) + } + + h.logger.Info(fmt.Sprintf("🛠️ :: Number of Transactions in proposal: %v", len(proposalTxs))) + + return &abci.ResponsePrepareProposal{Txs: proposalTxs}, nil + } +} +``` + +As mentioned above, we check if vote extensions have been propagated, you can do this by checking the logs for any relevant messages such as `🛠️ :: Get vote extensions:`. If the logs do not provide enough information, you can also reinitialise your local testing environment by running the `./scripts/single_node/setup.sh` script again. + +5. Implement the `ProcessProposalHandler()`. This function is responsible for processing the proposal. It should handle the logic of processing vote extensions, including inspecting the proposal and validating the bids. + +```go +func (h *ProcessProposalHandler) ProcessProposalHandler() sdk.ProcessProposalHandler { + return func(ctx sdk.Context, req *abci.RequestProcessProposal) (resp *abci.ResponseProcessProposal, err error) { + h.Logger.Info(fmt.Sprintf("⚙️ :: Process Proposal")) + + // The first transaction will always be the Special Transaction + numTxs := len(req.Txs) + + h.Logger.Info(fmt.Sprintf("⚙️:: Number of transactions :: %v", numTxs)) + + if numTxs >= 1 { + var st SpecialTransaction + err = json.Unmarshal(req.Txs[0], &st) + if err != nil { + h.Logger.Error(fmt.Sprintf("❌️:: Error unmarshalling special Tx in Process Proposal :: %v", err)) + } + if len(st.Bids) > 0 { + h.Logger.Info(fmt.Sprintf("⚙️:: There are bids in the Special Transaction")) + var bids []nstypes.MsgBid + for i, b := range st.Bids { + var bid nstypes.MsgBid + h.Codec.Unmarshal(b, &bid) + h.Logger.Info(fmt.Sprintf("⚙️:: Special Transaction Bid No %v :: %v", i, bid)) + bids = append(bids, bid) + } + // Validate Bids in Tx + txs := req.Txs[1:] + ok, err := ValidateBids(h.TxConfig, bids, txs, h.Logger) + if err != nil { + h.Logger.Error(fmt.Sprintf("❌️:: Error validating bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + if !ok { + h.Logger.Error(fmt.Sprintf("❌️:: Unable to validate bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + h.Logger.Info("⚙️:: Successfully validated bids in Process Proposal") + } + } + + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil + } +} +``` + +6. Implement the `ProcessVoteExtensions()` function. This function should handle the logic of processing vote extensions, including validating the bids. + +```go +func processVoteExtensions(req *abci.RequestPrepareProposal, log log.Logger) (SpecialTransaction, error) { + log.Info(fmt.Sprintf("🛠️ :: Process Vote Extensions")) + + // Create empty response + st := SpecialTransaction{ + 0, + [][]byte{}, + } + + // Get Vote Ext for H-1 from Req + voteExt := req.GetLocalLastCommit() + votes := voteExt.Votes + + // Iterate through votes + var ve AppVoteExtension + for _, vote := range votes { + // Unmarshal to AppExt + err := json.Unmarshal(vote.VoteExtension, &ve) + if err != nil { + log.Error(fmt.Sprintf("❌ :: Error unmarshalling Vote Extension")) + } + + st.Height = int(ve.Height) + + // If Bids in VE, append to Special Transaction + if len(ve.Bids) > 0 { + log.Info("🛠️ :: Bids in VE") + for _, b := range ve.Bids { + st.Bids = append(st.Bids, b) + } + } + } + + return st, nil +} +``` + +7. Configure the `ProcessProposalHandler()` in app/app.go: + +```go +processPropHandler := abci2.ProcessProposalHandler{app.txConfig, appCodec, logger} +bApp.SetProcessProposal(processPropHandler.ProcessProposalHandler()) +``` + +This sets the `ProcessProposalHandler()` for our application. This means that whenever a proposal needs to be processed, our custom `ProcessProposalHandler()` method will be called. + +To test if the proposal processing and vote extensions are working correctly, you can check the logs for any relevant messages. If the logs do not provide enough information, you can also reinitialize your local testing environment by running `./scripts/single_node/setup.sh` script. diff --git a/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md b/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md new file mode 100644 index 00000000..24c688c9 --- /dev/null +++ b/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md @@ -0,0 +1,106 @@ +# Demo of Mitigating Front-Running with Vote Extensions + +The purpose of this demo is to test the implementation of the `VoteExtensionHandler` and `PrepareProposalHandler` that we have just added to the codebase. These handlers are designed to mitigate front-running by ensuring that all validators have a consistent view of the mempool when preparing proposals. + +In this demo, we are using a 3 validator network. The Beacon validator is special because it has a custom transaction provider enabled. This means that it can potentially manipulate the order of transactions in a proposal to its advantage (i.e., front-running). + +1. Bootstrap the validator network: This sets up a network with 3 validators. The script `./scripts/configure.sh is used to configure the network and the validators. + +```shell +cd scripts +configure.sh +``` + +If this doesn't work please ensure you have run `make build` in the `tutorials/nameservice/base` directory. + + +2. Have alice attempt to reserve `bob.cosmos`: This is a normal transaction that alice wants to execute. The script ``./scripts/reserve.sh "bob.cosmos"` is used to send this transaction. + +```shell +reserve.sh "bob.cosmos" +``` + +3. Query to verify the name has been reserved: This is to check the result of the transaction. The script `./scripts/whois.sh "bob.cosmos"` is used to query the state of the blockchain. + +```shell +whois.sh "bob.cosmos" +``` + +It should return: + +```{ + "name": { + "name": "bob.cosmos", + "owner": "cosmos1nq9wuvuju4jdmpmzvxmg8zhhu2ma2y2l2pnu6w", + "resolve_address": "cosmos1h6zy2kn9efxtw5z22rc5k9qu7twl70z24kr3ht", + "amount": [ + { + "denom": "uatom", + "amount": "1000" + } + ] + } +} +``` + +To detect front-running attempts by the beacon, scrutinise the logs during the `ProcessProposal` stage. Open the logs for each validator, including the beacon, `val1`, and `val2`, to observe the following behavior. Open the log file of the validator node. The location of this file can vary depending on your setup, but it's typically located in a directory like `$HOME/cosmos/nodes/#{validator}/logs`. The directory in this case will be under the validator so, `beacon` `val1` or `val2`. Run the following to tail the logs of the validator or beacon: + +```shell +tail -f $HOME/cosmos/nodes/#{validator}/logs +``` + +```shell +2:47PM ERR :: Detected invalid proposal bid :: name:"bob.cosmos" resolveAddress:"cosmos1wmuwv38pdur63zw04t0c78r2a8dyt08hf9tpvd" owner:"cosmos1wmuwv38pdur63zw04t0c78r2a8dyt08hf9tpvd" amount: module=server +2:47PM ERR :: Unable to validate bids in Process Proposal :: module=server +2:47PM ERR prevote step: state machine rejected a proposed block; this should not happen:the proposer may be misbehaving; prevoting nil err=null height=142 module=consensus round=0 +``` + + +4. List the Beacon's keys: This is to verify the addresses of the validators. The script `./scripts/list-beacon-keys.sh` is used to list the keys. + +```shell +list-beacon-keys.sh +``` + +We should receive something similar to the following: + +```shell +[ + { + "name": "alice", + "type": "local", + "address": "cosmos1h6zy2kn9efxtw5z22rc5k9qu7twl70z24kr3ht", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"A32cvBUkNJz+h2vld4A5BxvU5Rd+HyqpR3aGtvEhlm4C\"}" + }, + { + "name": "barbara", + "type": "local", + "address": "cosmos1nq9wuvuju4jdmpmzvxmg8zhhu2ma2y2l2pnu6w", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"Ag9PFsNyTQPoJdbyCWia5rZH9CrvSrjMsk7Oz4L3rXQ5\"}" + }, + { + "name": "beacon-key", + "type": "local", + "address": "cosmos1ez9a6x7lz4gvn27zr368muw8jeyas7sv84lfup", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"AlzJZMWyN7lass710TnAhyuFKAFIaANJyw5ad5P2kpcH\"}" + }, + { + "name": "cindy", + "type": "local", + "address": "cosmos1m5j6za9w4qc2c5ljzxmm2v7a63mhjeag34pa3g", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"A6F1/3yot5OpyXoSkBbkyl+3rqBkxzRVSJfvSpm/AvW5\"}" + } +] +``` + +This allows us to match up the addresses and see that the bid was not front run by the beacon due as the resolve address is Alice's address and not the beacons address. + +By running this demo, we can verify that the `VoteExtensionHandler` and `PrepareProposalHandler` are working as expected and that they are able to prevent front-running. + +## Conclusion + +In this tutorial, we've tackled front-running and MEV, focusing on nameservice auctions' vulnerability to these issues. We've explored vote extensions, a key feature of ABCI 2.0, and integrated them into a Cosmos SDK application. + +Through practical exercises, you've implemented vote extensions, and tested their effectiveness in creating a fair auction system. You've gained practical insights by configuring a validator network and analysing blockchain logs. + +Keep experimenting with these concepts, engage with the community, and stay updated on new advancements. The knowledge you've acquired here is crucial for developing secure and fair blockchain applications. diff --git a/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md.bak b/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md.bak new file mode 100644 index 00000000..63f37b4a --- /dev/null +++ b/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md.bak @@ -0,0 +1,106 @@ +# Demo of Mitigating Front-Running with Vote Extensions + +The purpose of this demo is to test the implementation of the `VoteExtensionHandler` and `PrepareProposalHandler` that we have just added to the codebase. These handlers are designed to mitigate front-running by ensuring that all validators have a consistent view of the mempool when preparing proposals. + +In this demo, we are using a 3 validator network. The Beacon validator is special because it has a custom transaction provider enabled. This means that it can potentially manipulate the order of transactions in a proposal to its advantage (i.e., front-running). + +1. Bootstrap the validator network: This sets up a network with 3 validators. The script `./scripts/configure.sh is used to configure the network and the validators. + +```shell +cd scripts +configure.sh +``` + +If this doesn't work please ensure you have run `make build` in the `tutorials/nameservice/base` directory. + + +2. Have alice attempt to reserve `bob.cosmos`: This is a normal transaction that alice wants to execute. The script ``./scripts/reserve.sh "bob.cosmos"` is used to send this transaction. + +```shell +reserve.sh "bob.cosmos" +``` + +3. Query to verify the name has been reserved: This is to check the result of the transaction. The script `./scripts/whois.sh "bob.cosmos"` is used to query the state of the blockchain. + +```shell +whois.sh "bob.cosmos" +``` + +It should return: + +```{ + "name": { + "name": "bob.cosmos", + "owner": "cosmos1nq9wuvuju4jdmpmzvxmg8zhhu2ma2y2l2pnu6w", + "resolve_address": "cosmos1h6zy2kn9efxtw5z22rc5k9qu7twl70z24kr3ht", + "amount": [ + { + "denom": "uatom", + "amount": "1000" + } + ] + } +} +``` + +To detect front-running attempts by the beacon, scrutinise the logs during the `ProcessProposal` stage. Open the logs for each validator, including the beacon, `val1`, and `val2`, to observe the following behavior. Open the log file of the validator node. The location of this file can vary depending on your setup, but it's typically located in a directory like `$HOME/cosmos/nodes/#{validator}/logs`. The directory in this case will be under the validator so, `beacon` `val1` or `val2`. Run the following to tail the logs of the validator or beacon: + +```shell +tail -f $HOME/cosmos/nodes/#{validator}/logs +``` + +```shell +2:47PM ERR ❌️:: Detected invalid proposal bid :: name:"bob.cosmos" resolveAddress:"cosmos1wmuwv38pdur63zw04t0c78r2a8dyt08hf9tpvd" owner:"cosmos1wmuwv38pdur63zw04t0c78r2a8dyt08hf9tpvd" amount: module=server +2:47PM ERR ❌️:: Unable to validate bids in Process Proposal :: module=server +2:47PM ERR prevote step: state machine rejected a proposed block; this should not happen:the proposer may be misbehaving; prevoting nil err=null height=142 module=consensus round=0 +``` + + +4. List the Beacon's keys: This is to verify the addresses of the validators. The script `./scripts/list-beacon-keys.sh` is used to list the keys. + +```shell +list-beacon-keys.sh +``` + +We should receive something similar to the following: + +```shell +[ + { + "name": "alice", + "type": "local", + "address": "cosmos1h6zy2kn9efxtw5z22rc5k9qu7twl70z24kr3ht", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"A32cvBUkNJz+h2vld4A5BxvU5Rd+HyqpR3aGtvEhlm4C\"}" + }, + { + "name": "barbara", + "type": "local", + "address": "cosmos1nq9wuvuju4jdmpmzvxmg8zhhu2ma2y2l2pnu6w", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"Ag9PFsNyTQPoJdbyCWia5rZH9CrvSrjMsk7Oz4L3rXQ5\"}" + }, + { + "name": "beacon-key", + "type": "local", + "address": "cosmos1ez9a6x7lz4gvn27zr368muw8jeyas7sv84lfup", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"AlzJZMWyN7lass710TnAhyuFKAFIaANJyw5ad5P2kpcH\"}" + }, + { + "name": "cindy", + "type": "local", + "address": "cosmos1m5j6za9w4qc2c5ljzxmm2v7a63mhjeag34pa3g", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"A6F1/3yot5OpyXoSkBbkyl+3rqBkxzRVSJfvSpm/AvW5\"}" + } +] +``` + +This allows us to match up the addresses and see that the bid was not front run by the beacon due as the resolve address is Alice's address and not the beacons address. + +By running this demo, we can verify that the `VoteExtensionHandler` and `PrepareProposalHandler` are working as expected and that they are able to prevent front-running. + +## Conclusion + +In this tutorial, we've tackled front-running and MEV, focusing on nameservice auctions' vulnerability to these issues. We've explored vote extensions, a key feature of ABCI 2.0, and integrated them into a Cosmos SDK application. + +Through practical exercises, you've implemented vote extensions, and tested their effectiveness in creating a fair auction system. You've gained practical insights by configuring a validator network and analysing blockchain logs. + +Keep experimenting with these concepts, engage with the community, and stay updated on new advancements. The knowledge you've acquired here is crucial for developing secure and fair blockchain applications. diff --git a/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/_category_.json b/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/_category_.json new file mode 100644 index 00000000..aab0cfdf --- /dev/null +++ b/copy-of-sdk-docs/tutorials/vote-extensions/auction-frontrunning/_category_.json @@ -0,0 +1,5 @@ +{ + "label": " Mitigating Auction Front-Running Tutorial", + "position": 0, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/tutorials/vote-extensions/oracle/00-getting-started.md b/copy-of-sdk-docs/tutorials/vote-extensions/oracle/00-getting-started.md new file mode 100644 index 00000000..59ea65be --- /dev/null +++ b/copy-of-sdk-docs/tutorials/vote-extensions/oracle/00-getting-started.md @@ -0,0 +1,36 @@ +# Getting Started + +## Table of Contents + +* [What is an Oracle?](./01-what-is-an-oracle.md) +* [Implementing Vote Extensions](./02-implementing-vote-extensions.md) +* [Testing the Oracle Module](./03-testing-oracle.md) + +## Prerequisites + +Before you start with this tutorial, make sure you have: + +* A working chain project. This tutorial won't cover the steps of creating a new chain/module. +* Familiarity with the Cosmos SDK. If you're not, we suggest you start with [Cosmos SDK Tutorials](https://tutorials.cosmos.network), as ABCI++ is considered an advanced topic. +* Read and understood [What is an Oracle?](01-what-is-an-oracle.md). This provides necessary background information for understanding the Oracle module. +* Basic understanding of Go programming language. + +## What are Vote extensions? + +Vote extensions is arbitrary information which can be inserted into a block. This feature is part of ABCI 2.0, which is available for use in the SDK 0.50 release and part of the 0.38 CometBFT release. + +More information about vote extensions can be seen [here](https://docs.cosmos.network/main/build/abci/vote-extensions). + +## Overview of the project + +We’ll go through the creation of a simple price oracle module focusing on the vote extensions implementation, ignoring the details inside the price oracle itself. + +We’ll go through the implementation of: + +* `ExtendVote` to get information from external price APIs. +* `VerifyVoteExtension` to check that the format of the provided votes is correct. +* `PrepareProposal` to process the vote extensions from the previous block and include them into the proposal as a transaction. +* `ProcessProposal` to check that the first transaction in the proposal is actually a “special tx” that contains the price information. +* `PreBlocker` to make price information available during FinalizeBlock. + +If you would like to see the complete working oracle module please see [here](https://github.com/cosmos/sdk-tutorials/blob/master/tutorials/oracle/base/x/oracle) diff --git a/copy-of-sdk-docs/tutorials/vote-extensions/oracle/01-what-is-an-oracle.md b/copy-of-sdk-docs/tutorials/vote-extensions/oracle/01-what-is-an-oracle.md new file mode 100644 index 00000000..9d50ddb3 --- /dev/null +++ b/copy-of-sdk-docs/tutorials/vote-extensions/oracle/01-what-is-an-oracle.md @@ -0,0 +1,13 @@ +# What is an Oracle? + +An oracle in blockchain technology is a system that provides external data to a blockchain network. It acts as a source of information that is not natively accessible within the blockchain's closed environment. This can range from financial market prices to real-world event, making it crucial for decentralised applications. + +## Oracle in the Cosmos SDK + +In the Cosmos SDK, an oracle module can be implemented to provide external data to the blockchain. This module can use features like vote extensions to submit additional data during the consensus process, which can then be used by the blockchain to update its state with information from the outside world. + +For instance, a price oracle module in the Cosmos SDK could supply timely and accurate asset price information, which is vital for various financial operations within the blockchain ecosystem. + +## Conclusion + +Oracles are essential for blockchains to interact with external data, enabling them to respond to real-world information and events. Their implementation is key to the reliability and robustness of blockchain networks. diff --git a/copy-of-sdk-docs/tutorials/vote-extensions/oracle/02-implementing-vote-extensions.md b/copy-of-sdk-docs/tutorials/vote-extensions/oracle/02-implementing-vote-extensions.md new file mode 100644 index 00000000..aa610b5d --- /dev/null +++ b/copy-of-sdk-docs/tutorials/vote-extensions/oracle/02-implementing-vote-extensions.md @@ -0,0 +1,219 @@ +# Implementing Vote Extensions + +## Implement ExtendVote + +First we’ll create the `OracleVoteExtension` struct, this is the object that will be marshaled as bytes and signed by the validator. + +In our example we’ll use JSON to marshal the vote extension for simplicity but we recommend to find an encoding that produces a smaller output, given that large vote extensions could impact CometBFT’s performance. Custom encodings and compressed bytes can be used out of the box. + +```go +// OracleVoteExtension defines the canonical vote extension structure. +type OracleVoteExtension struct { + Height int64 + Prices map[string]math.LegacyDec +} +``` + +Then we’ll create a `VoteExtensionsHandler` struct that contains everything we need to query for prices. + +```go +type VoteExtHandler struct { + logger log.Logger + currentBlock int64 // current block height + lastPriceSyncTS time.Time // last time we synced prices + providerTimeout time.Duration // timeout for fetching prices from providers + providers map[string]Provider // mapping of provider name to provider (e.g. Binance -> BinanceProvider) + providerPairs map[string][]keeper.CurrencyPair // mapping of provider name to supported pairs (e.g. Binance -> [ATOM/USD]) + + Keeper keeper.Keeper // keeper of our oracle module +} +``` + +Finally, a function that returns `sdk.ExtendVoteHandler` is needed too, and this is where our vote extension logic will live. + +```go +func (h *VoteExtHandler) ExtendVoteHandler() sdk.ExtendVoteHandler { + return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + // here we'd have a helper function that gets all the prices and does a weighted average using the volume of each market + prices := h.getAllVolumeWeightedPrices() + + voteExt := OracleVoteExtension{ + Height: req.Height, + Prices: prices, + } + + bz, err := json.Marshal(voteExt) + if err != nil { + return nil, fmt.Errorf("failed to marshal vote extension: %w", err) + } + + return &abci.ResponseExtendVote{VoteExtension: bz}, nil + } +} +``` + +As you can see above, the creation of a vote extension is pretty simple and we just have to return bytes. CometBFT will handle the signing of these bytes for us. We ignored the process of getting the prices but you can see a more complete example [here:](https://github.com/cosmos/sdk-tutorials/blob/master/tutorials/oracle/base/x/oracle/abci/vote_extensions.go) + +Here we’ll do some simple checks like: + +* Is the vote extension unmarshaled correctly? +* Is the vote extension for the right height? +* Some other validation, for example, are the prices from this extension too deviated from my own prices? Or maybe checks that can detect malicious behavior. + +```go +func (h *VoteExtHandler) VerifyVoteExtensionHandler() sdk.VerifyVoteExtensionHandler { + return func(ctx sdk.Context, req *abci.RequestVerifyVoteExtension) (*abci.ResponseVerifyVoteExtension, error) { + var voteExt OracleVoteExtension + err := json.Unmarshal(req.VoteExtension, &voteExt) + if err != nil { + return nil, fmt.Errorf("failed to unmarshal vote extension: %w", err) + } + + if voteExt.Height != req.Height { + return nil, fmt.Errorf("vote extension height does not match request height; expected: %d, got: %d", req.Height, voteExt.Height) + } + + // Verify incoming prices from a validator are valid. Note, verification during + // VerifyVoteExtensionHandler MUST be deterministic. For brevity and demo + // purposes, we omit implementation. + if err := h.verifyOraclePrices(ctx, voteExt.Prices); err != nil { + return nil, fmt.Errorf("failed to verify oracle prices from validator %X: %w", req.ValidatorAddress, err) + } + + return &abci.ResponseVerifyVoteExtension{Status: abci.ResponseVerifyVoteExtension_ACCEPT}, nil + } +} +``` + +## Implement PrepareProposal + +```go +type ProposalHandler struct { + logger log.Logger + keeper keeper.Keeper // our oracle module keeper + valStore baseapp.ValidatorStore // to get the current validators' pubkeys +} +``` + +And we create the struct for our “special tx”, that will contain the prices and the votes so validators can later re-check in ProcessPRoposal that they get the same result than the block’s proposer. With this we could also check if all the votes have been used by comparing the votes received in ProcessProposal. + +```go +type StakeWeightedPrices struct { + StakeWeightedPrices map[string]math.LegacyDec + ExtendedCommitInfo abci.ExtendedCommitInfo +} +``` + +Now we create the `PrepareProposalHandler`. In this step we’ll first check if the vote extensions’ signatures are correct using a helper function called ValidateVoteExtensions from the baseapp package. + +```go +func (h *ProposalHandler) PrepareProposal() sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + err := baseapp.ValidateVoteExtensions(ctx, h.valStore, req.Height, ctx.ChainID(), req.LocalLastCommit) + if err != nil { + return nil, err + } +... +``` + +Then we proceed to make the calculations only if the current height if higher than the height at which vote extensions have been enabled. Remember that vote extensions are made available to the block proposer on the next block at which they are produced/enabled. + +```go +... + proposalTxs := req.Txs + + if req.Height > ctx.ConsensusParams().Abci.VoteExtensionsEnableHeight { + stakeWeightedPrices, err := h.computeStakeWeightedOraclePrices(ctx, req.LocalLastCommit) + if err != nil { + return nil, errors.New("failed to compute stake-weighted oracle prices") + } + + injectedVoteExtTx := StakeWeightedPrices{ + StakeWeightedPrices: stakeWeightedPrices, + ExtendedCommitInfo: req.LocalLastCommit, + } +... +``` + +Finally we inject the result as a transaction at a specific location, usually at the beginning of the block: + +## Implement ProcessProposal + +Now we can implement the method that all validators will execute to ensure the proposer is doing his work correctly. + +Here, if vote extensions are enabled, we’ll check if the tx at index 0 is an injected vote extension + +```go +func (h *ProposalHandler) ProcessProposal() sdk.ProcessProposalHandler { + return func(ctx sdk.Context, req *abci.RequestProcessProposal) (*abci.ResponseProcessProposal, error) { + if req.Height > ctx.ConsensusParams().Abci.VoteExtensionsEnableHeight { + var injectedVoteExtTx StakeWeightedPrices + if err := json.Unmarshal(req.Txs[0], &injectedVoteExtTx); err != nil { + h.logger.Error("failed to decode injected vote extension tx", "err", err) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } +... +``` + +Then we re-validate the vote extensions signatures using +baseapp.ValidateVoteExtensions, re-calculate the results (just like in PrepareProposal) and compare them with the results we got from the injected tx. + +```go + err := baseapp.ValidateVoteExtensions(ctx, h.valStore, req.Height, ctx.ChainID(), injectedVoteExtTx.ExtendedCommitInfo) + if err != nil { + return nil, err + } + + // Verify the proposer's stake-weighted oracle prices by computing the same + // calculation and comparing the results. We omit verification for brevity + // and demo purposes. + stakeWeightedPrices, err := h.computeStakeWeightedOraclePrices(ctx, injectedVoteExtTx.ExtendedCommitInfo) + if err != nil { + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + + if err := compareOraclePrices(injectedVoteExtTx.StakeWeightedPrices, stakeWeightedPrices); err != nil { + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + } + + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil + } +} +``` + +Important: In this example we avoided using the mempool and other basics, please refer to the DefaultProposalHandler for a complete implementation: [https://github.com/cosmos/cosmos-sdk/blob/v0.50.1/baseapp/abci_utils.go](https://github.com/cosmos/cosmos-sdk/blob/v0.50.1/baseapp/abci_utils.go) + +## Implement PreBlocker + +Now validators are extending their vote, verifying other votes and including the result in the block. But how do we actually make use of this result? This is done in the PreBlocker which is code that is run before any other code during FinalizeBlock so we make sure we make this information available to the chain and its modules during the entire block execution (from BeginBlock). + +At this step we know that the injected tx is well-formatted and has been verified by the validators participating in consensus, so making use of it is straightforward. Just check if vote extensions are enabled, pick up the first transaction and use a method in your module’s keeper to set the result. + +```go +func (h *ProposalHandler) PreBlocker(ctx sdk.Context, req *abci.RequestFinalizeBlock) (*sdk.ResponsePreBlock, error) { + res := &sdk.ResponsePreBlock{} + if len(req.Txs) == 0 { + return res, nil + } + + if req.Height > ctx.ConsensusParams().Abci.VoteExtensionsEnableHeight { + var injectedVoteExtTx StakeWeightedPrices + if err := json.Unmarshal(req.Txs[0], &injectedVoteExtTx); err != nil { + h.logger.Error("failed to decode injected vote extension tx", "err", err) + return nil, err + } + + // set oracle prices using the passed in context, which will make these prices available in the current block + if err := h.keeper.SetOraclePrices(ctx, injectedVoteExtTx.StakeWeightedPrices); err != nil { + return nil, err + } + } + return res, nil +} + +``` + +## Conclusion + +In this tutorial, we've created a simple price oracle module that incorporates vote extensions. We've seen how to implement `ExtendVote`, `VerifyVoteExtension`, `PrepareProposal`, `ProcessProposal`, and `PreBlocker` to handle the voting and verification process of vote extensions, as well as how to make use of the results during the block execution. diff --git a/copy-of-sdk-docs/tutorials/vote-extensions/oracle/03-testing-oracle.md b/copy-of-sdk-docs/tutorials/vote-extensions/oracle/03-testing-oracle.md new file mode 100644 index 00000000..905ca0d7 --- /dev/null +++ b/copy-of-sdk-docs/tutorials/vote-extensions/oracle/03-testing-oracle.md @@ -0,0 +1,57 @@ +# Testing the Oracle Module + +We will guide you through the process of testing the Oracle module in your application. The Oracle module uses vote extensions to provide current price data. If you would like to see the complete working oracle module please see [here](https://github.com/cosmos/sdk-tutorials/blob/master/tutorials/oracle/base/x/oracle). + +## Step 1: Compile and Install the Application + +First, we need to compile and install the application. Please ensure you are in the `tutorials/oracle/base` directory. Run the following command in your terminal: + +```shell +make install +``` + +This command compiles the application and moves the resulting binary to a location in your system's PATH. + +## Step 2: Initialise the Application + +Next, we need to initialise the application. Run the following command in your terminal: + +```shell +make init +``` + +This command runs the script `tutorials/oracle/base/scripts/init.sh`, which sets up the necessary configuration for your application to run. This includes creating the `app.toml` configuration file and initialising the blockchain with a genesis block. + +## Step 3: Start the Application + +Now, we can start the application. Run the following command in your terminal: + +```shell +exampled start +``` + +This command starts your application, begins the blockchain node, and starts processing transactions. + +## Step 4: Query the Oracle Prices + +Finally, we can query the current prices from the Oracle module. Run the following command in your terminal: + +```shell +exampled q oracle prices +``` + +This command queries the current prices from the Oracle module. The expected output shows that the vote extensions were successfully included in the block and the Oracle module was able to retrieve the price data. + +## Understanding Vote Extensions in Oracle + +In the Oracle module, the `ExtendVoteHandler` function is responsible for creating the vote extensions. This function fetches the current prices from the provider, creates a `OracleVoteExtension` struct with these prices, and then marshals this struct into bytes. These bytes are then set as the vote extension. + +In the context of testing, the Oracle module uses a mock provider to simulate the behavior of a real price provider. This mock provider is defined in the mockprovider package and is used to return predefined prices for specific currency pairs. + +## Conclusion + +In this tutorial, we've delved into the concept of Oracle's in blockchain technology, focusing on their role in providing external data to a blockchain network. We've explored vote extensions, a powerful feature of ABCI++, and integrated them into a Cosmos SDK application to create a price oracle module. + +Through hands-on exercises, you've implemented vote extensions, and tested their effectiveness in providing timely and accurate asset price information. You've gained practical insights by setting up a mock provider for testing and analysing the process of extending votes, verifying vote extensions, and preparing and processing proposals. + +Keep experimenting with these concepts, engage with the community, and stay updated on new advancements. The knowledge you've acquired here is crucial for developing robust and reliable blockchain applications that can interact with real-world data. diff --git a/copy-of-sdk-docs/tutorials/vote-extensions/oracle/_category_.json b/copy-of-sdk-docs/tutorials/vote-extensions/oracle/_category_.json new file mode 100644 index 00000000..b63ffe2f --- /dev/null +++ b/copy-of-sdk-docs/tutorials/vote-extensions/oracle/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Oracle Tutorial", + "position": 1, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/user/run-node/00-keyring.md b/copy-of-sdk-docs/user/run-node/00-keyring.md new file mode 100644 index 00000000..95f754d9 --- /dev/null +++ b/copy-of-sdk-docs/user/run-node/00-keyring.md @@ -0,0 +1,145 @@ +--- +sidebar_position: 1 +--- + +# Setting up the keyring + +:::note Synopsis +This document describes how to configure and use the keyring and its various backends for an [**application**](../../learn/beginner/00-app-anatomy.md). +::: + +The keyring holds the private/public key pairs used to interact with a node. For instance, a validator key needs to be set up before running the blockchain node, so that blocks can be correctly signed. The private key can be stored in different locations, called "backends," such as a file or the operating system's own key storage. + +## Available backends for the keyring + +Starting with the v0.38.0 release, Cosmos SDK comes with a new keyring implementation +that provides a set of commands to manage cryptographic keys in a secure fashion. The +new keyring supports multiple storage backends, some of which may not be available on +all operating systems. + +### The `os` backend + +The `os` backend relies on operating system-specific defaults to handle key storage +securely. Typically, an operating system's credential subsystem handles password prompts, +private keys storage, and user sessions according to the user's password policies. Here +is a list of the most popular operating systems and their respective password managers: + +* macOS: [Keychain](https://support.apple.com/en-gb/guide/keychain-access/welcome/mac) +* Windows: [Credentials Management API](https://docs.microsoft.com/en-us/windows/win32/secauthn/credentials-management) +* GNU/Linux: + * [libsecret](https://gitlab.gnome.org/GNOME/libsecret) + * [kwallet](https://api.kde.org/frameworks/kwallet/html/index.html) + * [keyctl](https://www.kernel.org/doc/html/latest/security/keys/core.html) + +GNU/Linux distributions that use GNOME as the default desktop environment typically come with +[Seahorse](https://wiki.gnome.org/Apps/Seahorse). Users of KDE based distributions are +commonly provided with [KDE Wallet Manager](https://userbase.kde.org/KDE_Wallet_Manager). +Whilst the former is in fact a `libsecret` convenient frontend, the latter is a `kwallet` +client. `keyctl` is a secure backend that leverages the Linux kernel security key management system +to store cryptographic keys securely in memory. + +`os` is the default option since operating system's default credentials managers are +designed to meet users' most common needs and provide them with a comfortable +experience without compromising on security. + +The recommended backends for headless environments are `file` and `pass`. + +### The `file` backend + +The `file` backend more closely resembles the keybase implementation used prior to +v0.38.1. It stores the keyring encrypted within the app's configuration directory. This +keyring will request a password each time it is accessed, which may occur multiple +times in a single command resulting in repeated password prompts. If using bash scripts +to execute commands using the `file` option you may want to utilize the following format +for multiple prompts: + +```shell +# assuming that KEYPASSWD is set in the environment +$ gaiacli config keyring-backend file # use file backend +$ (echo $KEYPASSWD; echo $KEYPASSWD) | gaiacli keys add me # multiple prompts +$ echo $KEYPASSWD | gaiacli keys show me # single prompt +``` + +:::tip +The first time you add a key to an empty keyring, you will be prompted to type the password twice. +::: + +### The `pass` backend + +The `pass` backend uses the [pass](https://www.passwordstore.org/) utility to manage on-disk +encryption of keys' sensitive data and metadata. Keys are stored inside `gpg` encrypted files +within app-specific directories. `pass` is available for the most popular UNIX +operating systems as well as GNU/Linux distributions. Please refer to its manual page for +information on how to download and install it. + +:::tip +**pass** uses [GnuPG](https://gnupg.org/) for encryption. `gpg` automatically invokes the `gpg-agent` +daemon upon execution, which handles the caching of GnuPG credentials. Please refer to `gpg-agent` +man page for more information on how to configure cache parameters such as credentials TTL and +passphrase expiration. +::: + +The password store must be set up prior to first use: + +```shell +pass init +``` + +Replace `` with your GPG key ID. You can use your personal GPG key or an alternative +one you may want to use specifically to encrypt the password store. + +### The `kwallet` backend + +The `kwallet` backend uses `KDE Wallet Manager`, which comes installed by default on the +GNU/Linux distributions that ship KDE as the default desktop environment. Please refer to +[KWallet API documentation](https://api.kde.org/frameworks/kwallet/html/index.html) for more +information. + +### The `keyctl` backend + +The *Kernel Key Retention Service* is a security facility that +has been added to the Linux kernel relatively recently. It allows sensitive +cryptographic data such as passwords, private key, authentication tokens, etc +to be stored securely in memory. + +The `keyctl` backend is available on Linux platforms only. + +### The `test` backend + +The `test` backend is a password-less variation of the `file` backend. Keys are stored +unencrypted on disk. + +**Provided for testing purposes only. The `test` backend is not recommended for use in production environments**. + +### The `memory` backend + +The `memory` backend stores keys in memory. The keys are immediately deleted after the program has exited. + +**Provided for testing purposes only. The `memory` backend is not recommended for use in production environments**. + +### Setting backend using an env variable + +You can set the keyring-backend using env variable: `BINNAME_KEYRING_BACKEND`. For example, if your binary name is `gaia-v5` then set: `export GAIA_V5_KEYRING_BACKEND=pass` + +## Adding keys to the keyring + +:::warning +Make sure you can build your own binary, and replace `simd` with the name of your binary in the snippets. +::: + +Applications developed using the Cosmos SDK come with the `keys` subcommand. For the purpose of this tutorial, we're running the `simd` CLI, which is an application built using the Cosmos SDK for testing and educational purposes. For more information, see [`simapp`](https://github.com/cosmos/cosmos-sdk/tree/main/simapp). + +You can use `simd keys` for help about the keys command and `simd keys [command] --help` for more information about a particular subcommand. + +To create a new key in the keyring, run the `add` subcommand with a `` argument. For the purpose of this tutorial, we will solely use the `test` backend, and call our new key `my_validator`. This key will be used in the next section. + +```bash +$ simd keys add my_validator --keyring-backend test + +# Put the generated address in a variable for later use. +MY_VALIDATOR_ADDRESS=$(simd keys show my_validator -a --keyring-backend test) +``` + +This command generates a new 24-word mnemonic phrase, persists it to the relevant backend, and outputs information about the keypair. If this keypair will be used to hold value-bearing tokens, be sure to write down the mnemonic phrase somewhere safe! + +By default, the keyring generates a `secp256k1` keypair. The keyring also supports `ed25519` keys, which may be created by passing the `--algo ed25519` flag. A keyring can of course hold both types of keys simultaneously, and the Cosmos SDK's `x/auth` module supports natively these two public key algorithms. diff --git a/copy-of-sdk-docs/user/run-node/01-run-node.md b/copy-of-sdk-docs/user/run-node/01-run-node.md new file mode 100644 index 00000000..88aa38f2 --- /dev/null +++ b/copy-of-sdk-docs/user/run-node/01-run-node.md @@ -0,0 +1,218 @@ +--- +sidebar_position: 1 +--- + +# Running a Node + +:::note Synopsis +Now that the application is ready and the keyring populated, it's time to see how to run the blockchain node. In this section, the application we are running is called [`simapp`](https://github.com/cosmos/cosmos-sdk/tree/main/simapp), and its corresponding CLI binary `simd`. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK Application](../../learn/beginner/00-app-anatomy.md) +* [Setting up the keyring](./00-keyring.md) + +::: + +## Initialize the Chain + +:::warning +Make sure you can build your own binary, and replace `simd` with the name of your binary in the snippets. +::: + +Before actually running the node, we need to initialize the chain, and most importantly, its genesis file. This is done with the `init` subcommand: + +```bash +# The argument is the custom username of your node, it should be human-readable. +simd init --chain-id my-test-chain +``` + +The command above creates all the configuration files needed for your node to run, as well as a default genesis file, which defines the initial state of the network. + +:::tip +All these configuration files are in `~/.simapp` by default, but you can overwrite the location of this folder by passing the `--home` flag to each command, +or set an `$APPD_HOME` environment variable (where `APPD` is the name of the binary). +::: + +The `~/.simapp` folder has the following structure: + +```bash +. # ~/.simapp + |- data # Contains the databases used by the node. + |- config/ + |- app.toml # Application-related configuration file. + |- config.toml # CometBFT-related configuration file. + |- genesis.json # The genesis file. + |- node_key.json # Private key to use for node authentication in the p2p protocol. + |- priv_validator_key.json # Private key to use as a validator in the consensus protocol. +``` + +## Updating Some Default Settings + +If you want to change any field values in configuration files (for ex: genesis.json) you can use `jq` ([installation](https://stedolan.github.io/jq/download/) & [docs](https://stedolan.github.io/jq/manual/#Assignment)) & `sed` commands to do that. A few examples are listed here. + +```bash +# to change the chain-id +jq '.chain_id = "testing"' genesis.json > temp.json && mv temp.json genesis.json + +# to enable the api server +sed -i '/\[api\]/,+3 s/enable = false/enable = true/' app.toml + +# to change the voting_period +jq '.app_state.gov.voting_params.voting_period = "600s"' genesis.json > temp.json && mv temp.json genesis.json + +# to change the inflation +jq '.app_state.mint.minter.inflation = "0.300000000000000000"' genesis.json > temp.json && mv temp.json genesis.json +``` + +### Client Interaction + +When instantiating a node, GRPC and REST are defaulted to localhost to avoid unknown exposure of your node to the public. It is recommended not to expose these endpoints without a proxy that can handle load balancing or authentication set up between your node and the public. + +:::tip +A commonly used tool for this is [nginx](https://nginx.org). +::: + + +## Adding Genesis Accounts + +Before starting the chain, you need to populate the state with at least one account. To do so, first [create a new account in the keyring](./00-keyring.md#adding-keys-to-the-keyring) named `my_validator` under the `test` keyring backend (feel free to choose another name and another backend). + +Now that you have created a local account, go ahead and grant it some `stake` tokens in your chain's genesis file. Doing so will also make sure your chain is aware of this account's existence: + +```bash +simd genesis add-genesis-account $MY_VALIDATOR_ADDRESS 100000000000stake +``` + +Recall that `$MY_VALIDATOR_ADDRESS` is a variable that holds the address of the `my_validator` key in the [keyring](./00-keyring.md#adding-keys-to-the-keyring). Also note that the tokens in the Cosmos SDK have the `{amount}{denom}` format: `amount` is an 18-digit-precision decimal number, and `denom` is the unique token identifier with its denomination key (e.g. `atom` or `uatom`). Here, we are granting `stake` tokens, as `stake` is the token identifier used for staking in [`simapp`](https://github.com/cosmos/cosmos-sdk/tree/main/simapp). For your own chain with its own staking denom, that token identifier should be used instead. + +Now that your account has some tokens, you need to add a validator to your chain. Validators are special full-nodes that participate in the consensus process (implemented in the [underlying consensus engine](../../learn/intro/02-sdk-app-architecture.md#cometbft)) in order to add new blocks to the chain. Any account can declare its intention to become a validator operator, but only those with sufficient delegation get to enter the active set (for example, only the top 125 validator candidates with the most delegation get to be validators in the Cosmos Hub). For this guide, you will add your local node (created via the `init` command above) as a validator of your chain. Validators can be declared before a chain is first started via a special transaction included in the genesis file called a `gentx`: + +```bash +# Create a gentx. +simd genesis gentx my_validator 100000000stake --chain-id my-test-chain --keyring-backend test + +# Add the gentx to the genesis file. +simd genesis collect-gentxs +``` + +A `gentx` does three things: + +1. Registers the `validator` account you created as a validator operator account (i.e., the account that controls the validator). +2. Self-delegates the provided `amount` of staking tokens. +3. Link the operator account with a CometBFT node pubkey that will be used for signing blocks. If no `--pubkey` flag is provided, it defaults to the local node pubkey created via the `simd init` command above. + +For more information on `gentx`, use the following command: + +```bash +simd genesis gentx --help +``` + +## Configuring the Node Using `app.toml` and `config.toml` + +The Cosmos SDK automatically generates two configuration files inside `~/.simapp/config`: + +* `config.toml`: used to configure the CometBFT, learn more on [CometBFT's documentation](https://docs.cometbft.com/v0.37/core/configuration), +* `app.toml`: generated by the Cosmos SDK, and used to configure your app, such as state pruning strategies, telemetry, gRPC and REST servers configuration, state sync... + +Both files are heavily commented, please refer to them directly to tweak your node. + +One example config to tweak is the `minimum-gas-prices` field inside `app.toml`, which defines the minimum gas prices the validator node is willing to accept for processing a transaction. Depending on the chain, it might be an empty string or not. If it's empty, make sure to edit the field with some value, for example `10token`, or else the node will halt on startup. For the purpose of this tutorial, let's set the minimum gas price to 0: + +```toml + # The minimum gas prices a validator is willing to accept for processing a + # transaction. A transaction's fees must meet the minimum of any denomination + # specified in this config (e.g. 0.25token1;0.0001token2). + minimum-gas-prices = "0stake" +``` + +:::tip +When running a node (not a validator!) and not wanting to run the application mempool, set the `max-txs` field to `-1`. + +```toml +[mempool] +# Setting max-txs to 0 will allow for an unbounded amount of transactions in the mempool. +# Setting max_txs to negative 1 (-1) will disable transactions from being inserted into the mempool. +# Setting max_txs to a positive number (> 0) will limit the number of transactions in the mempool, by the specified amount. +# +# Note, this configuration only applies to SDK built-in app-side mempool +# implementations. +max-txs = "-1" +``` + +::: + +## Run a Localnet + +Now that everything is set up, you can finally start your node: + +```bash +simd start +``` + +You should see blocks come in. + +The previous command allows you to run a single node. This is enough for the next section on interacting with this node, but you may wish to run multiple nodes at the same time, and see how consensus happens between them. + +The naive way would be to run the same commands again in separate terminal windows. This is possible, however, in the Cosmos SDK, we leverage the power of [Docker Compose](https://docs.docker.com/compose/) to run a localnet. If you need inspiration on how to set up your own localnet with Docker Compose, you can have a look at the Cosmos SDK's [`docker-compose.yml`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/docker-compose.yml). + +### Standalone App/CometBFT + +By default, the Cosmos SDK runs CometBFT in-process with the application +If you want to run the application and CometBFT in separate processes, +start the application with the `--with-comet=false` flag +and set `rpc.laddr` in `config.toml` to the CometBFT node's RPC address. + +## Logging + +Logging provides a way to see what is going on with a node. The default logging level is info. This is a global level and all info logs will be outputted to the terminal. If you would like to filter specific logs to the terminal instead of all, then setting `module:log_level` is how this can work. + +Example: + +In config.toml: + +```toml +log_level: "state:info,p2p:info,consensus:info,x/staking:info,x/ibc:info,*error" +``` + +## State Sync + +State sync is the act in which a node syncs the latest or close to the latest state of a blockchain. This is useful for users who don't want to sync all the blocks in history. Read more in [CometBFT documentation](https://docs.cometbft.com/v0.37/core/state-sync). + +State sync works thanks to snapshots. Read how the SDK handles snapshots [here](https://github.com/cosmos/cosmos-sdk/blob/825245d/store/snapshots/README.md). + +### Local State Sync + +Local state sync works similar to normal state sync except that it works off a local snapshot of state instead of one provided via the p2p network. The steps to start local state sync are similar to normal state sync with a few different designs. + +1. As mentioned in https://docs.cometbft.com/v0.37/core/state-sync, one must set a height and hash in the config.toml along with a few rpc servers (the aforementioned link has instructions on how to do this). +2. Run ` ` to restore a local snapshot (note: first load it from a file with the *load* command). +3. Bootstrapping Comet state to start the node after the snapshot has been ingested. This can be done with the bootstrap command ` comet bootstrap-state` + +### Snapshots Commands + +The Cosmos SDK provides commands for managing snapshots. +These commands can be added in an app with the following snippet in `cmd//root.go`: + +```go +import ( + "github.com/cosmos/cosmos-sdk/client/snapshot" +) + +func initRootCmd(/* ... */) { + // ... + rootCmd.AddCommand( + snapshot.Cmd(appCreator), + ) +} +``` + +Then the following commands are available at ` snapshots [command]`: + +* **list**: list local snapshots +* **load**: Load a snapshot archive file into snapshot store +* **restore**: Restore app state from local snapshot +* **export**: Export app state to snapshot store +* **dump**: Dump the snapshot as portable archive format +* **delete**: Delete a local snapshot diff --git a/copy-of-sdk-docs/user/run-node/02-interact-node.md b/copy-of-sdk-docs/user/run-node/02-interact-node.md new file mode 100644 index 00000000..1a76f02f --- /dev/null +++ b/copy-of-sdk-docs/user/run-node/02-interact-node.md @@ -0,0 +1,289 @@ +--- +sidebar_position: 1 +--- + +# Interacting with the Node + +:::note Synopsis +There are multiple ways to interact with a node: using the CLI, using gRPC or using the REST endpoints. +::: + +:::note Pre-requisite Readings + +* [gRPC, REST and CometBFT Endpoints](../../learn/advanced/06-grpc_rest.md) +* [Running a Node](./01-run-node.md) + +::: + +## Using the CLI + +Now that your chain is running, it is time to try sending tokens from the first account you created to a second account. In a new terminal window, start by running the following query command: + +```bash +simd query bank balances $MY_VALIDATOR_ADDRESS +``` + +You should see the current balance of the account you created, equal to the original balance of `stake` you granted it minus the amount you delegated via the `gentx`. Now, create a second account: + +```bash +simd keys add recipient --keyring-backend test + +# Put the generated address in a variable for later use. +RECIPIENT=$(simd keys show recipient -a --keyring-backend test) +``` + +The command above creates a local key-pair that is not yet registered on the chain. An account is created the first time it receives tokens from another account. Now, run the following command to send tokens to the `recipient` account: + +```bash +simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000000stake --chain-id my-test-chain --keyring-backend test + +# Check that the recipient account did receive the tokens. +simd query bank balances $RECIPIENT +``` + +Finally, delegate some of the stake tokens sent to the `recipient` account to the validator: + +```bash +simd tx staking delegate $(simd keys show my_validator --bech val -a --keyring-backend test) 500stake --from recipient --chain-id my-test-chain --keyring-backend test + +# Query the total delegations to `validator`. +simd query staking delegations-to $(simd keys show my_validator --bech val -a --keyring-backend test) +``` + +You should see two delegations, the first one made from the `gentx`, and the second one you just performed from the `recipient` account. + +## Using gRPC + +The Protobuf ecosystem developed tools for different use cases, including code-generation from `*.proto` files into various languages. These tools allow the building of clients easily. Often, the client connection (i.e. the transport) can be plugged and replaced very easily. Let's explore one of the most popular transports: [gRPC](../../learn/advanced/06-grpc_rest.md). + +Since the code generation library largely depends on your own tech stack, we will only present three alternatives: + +* `grpcurl` for generic debugging and testing, +* programmatically via Go, +* CosmJS for JavaScript/TypeScript developers. + +### grpcurl + +[grpcurl](https://github.com/fullstorydev/grpcurl) is like `curl` but for gRPC. It is also available as a Go library, but we will use it only as a CLI command for debugging and testing purposes. Follow the instructions in the previous link to install it. + +Assuming you have a local node running (either a localnet, or connected to a live network), you should be able to run the following command to list the Protobuf services available (you can replace `localhost:9000` by the gRPC server endpoint of another node, which is configured under the `grpc.address` field inside [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml)): + +```bash +grpcurl -plaintext localhost:9090 list +``` + +You should see a list of gRPC services, like `cosmos.bank.v1beta1.Query`. This is called reflection, which is a Protobuf endpoint returning a description of all available endpoints. Each of these represents a different Protobuf service, and each service exposes multiple RPC methods you can query against. + +In order to get a description of the service you can run the following command: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + describe cosmos.bank.v1beta1.Query # Service we want to inspect +``` + +It's also possible to execute an RPC call to query the node for information: + +```bash +grpcurl \ + -plaintext \ + -d "{\"address\":\"$MY_VALIDATOR_ADDRESS\"}" \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/AllBalances +``` + +The list of all available gRPC query endpoints is [coming soon](https://github.com/cosmos/cosmos-sdk/issues/7786). + +#### Query for historical state using grpcurl + +You may also query for historical data by passing some [gRPC metadata](https://github.com/grpc/grpc-go/blob/master/Documentation/grpc-metadata.md) to the query: the `x-cosmos-block-height` metadata should contain the block to query. Using grpcurl as above, the command looks like: + +```bash +grpcurl \ + -plaintext \ + -H "x-cosmos-block-height: 123" \ + -d "{\"address\":\"$MY_VALIDATOR_ADDRESS\"}" \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/AllBalances +``` + +Assuming the state at that block has not yet been pruned by the node, this query should return a non-empty response. + +### Programmatically via Go + +The following snippet shows how to query the state using gRPC inside a Go program. The idea is to create a gRPC connection, and use the Protobuf-generated client code to query the gRPC server. + +#### Install Cosmos SDK + + +```bash +go get github.com/cosmos/cosmos-sdk@main +``` + +```go +package main + +import ( + "context" + "fmt" + + "google.golang.org/grpc" + + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" +) + +func queryState() error { + myAddress, err := sdk.AccAddressFromBech32("cosmos1...") // the my_validator or recipient address. + if err != nil { + return err + } + + // Create a connection to the gRPC server. + grpcConn, err := grpc.Dial( + "127.0.0.1:9090", // your gRPC server address. + grpc.WithInsecure(), // The Cosmos SDK doesn't support any transport security mechanism. + // This instantiates a general gRPC codec which handles proto bytes. We pass in a nil interface registry + // if the request/response types contain interface instead of 'nil' you should pass the application specific codec. + grpc.WithDefaultCallOptions(grpc.ForceCodec(codec.NewProtoCodec(nil).GRPCCodec())), + ) + if err != nil { + return err + } + defer grpcConn.Close() + + // This creates a gRPC client to query the x/bank service. + bankClient := banktypes.NewQueryClient(grpcConn) + bankRes, err := bankClient.Balance( + context.Background(), + &banktypes.QueryBalanceRequest{Address: myAddress.String(), Denom: "stake"}, + ) + if err != nil { + return err + } + + fmt.Println(bankRes.GetBalance()) // Prints the account balance + + return nil +} + +func main() { + if err := queryState(); err != nil { + panic(err) + } +} +``` + +You can replace the query client (here we are using `x/bank`'s) with one generated from any other Protobuf service. The list of all available gRPC query endpoints is [coming soon](https://github.com/cosmos/cosmos-sdk/issues/7786). + +#### Query for historical state using Go + +Querying for historical blocks is done by adding the block height metadata in the gRPC request. + +```go +package main + +import ( + "context" + "fmt" + + "google.golang.org/grpc" + "google.golang.org/grpc/metadata" + + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + grpctypes "github.com/cosmos/cosmos-sdk/types/grpc" + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" +) + +func queryState() error { + myAddress, err := sdk.AccAddressFromBech32("cosmos1yerherx4d43gj5wa3zl5vflj9d4pln42n7kuzu") // the my_validator or recipient address. + if err != nil { + return err + } + + // Create a connection to the gRPC server. + grpcConn, err := grpc.Dial( + "127.0.0.1:9090", // your gRPC server address. + grpc.WithInsecure(), // The Cosmos SDK doesn't support any transport security mechanism. + // This instantiates a general gRPC codec which handles proto bytes. We pass in a nil interface registry + // if the request/response types contain interface instead of 'nil' you should pass the application specific codec. + grpc.WithDefaultCallOptions(grpc.ForceCodec(codec.NewProtoCodec(nil).GRPCCodec())), + ) + if err != nil { + return err + } + defer grpcConn.Close() + + // This creates a gRPC client to query the x/bank service. + bankClient := banktypes.NewQueryClient(grpcConn) + + var header metadata.MD + _, err = bankClient.Balance( + metadata.AppendToOutgoingContext(context.Background(), grpctypes.GRPCBlockHeightHeader, "12"), // Add metadata to request + &banktypes.QueryBalanceRequest{Address: myAddress.String(), Denom: "stake"}, + grpc.Header(&header), // Retrieve header from response + ) + if err != nil { + return err + } + blockHeight := header.Get(grpctypes.GRPCBlockHeightHeader) + + fmt.Println(blockHeight) // Prints the block height (12) + + return nil +} + +func main() { + if err := queryState(); err != nil { + panic(err) + } +} +``` + +### CosmJS + +CosmJS documentation can be found at [https://cosmos.github.io/cosmjs](https://cosmos.github.io/cosmjs). As of January 2021, CosmJS documentation is still a work in progress. + +## Using the REST Endpoints + +As described in the [gRPC guide](../../learn/advanced/06-grpc_rest.md), all gRPC services on the Cosmos SDK are made available for more convenient REST-based queries through gRPC-gateway. The format of the URL path is based on the Protobuf service method's full-qualified name, but may contain small customizations so that final URLs look more idiomatic. For example, the REST endpoint for the `cosmos.bank.v1beta1.Query/AllBalances` method is `GET /cosmos/bank/v1beta1/balances/{address}`. Request arguments are passed as query parameters. + +Note that the REST endpoints are not enabled by default. To enable them, edit the `api` section of your `~/.simapp/config/app.toml` file: + +```toml +# Enable defines if the API server should be enabled. +enable = true +``` + +As a concrete example, the `curl` command to make balances request is: + +```bash +curl \ + -X GET \ + -H "Content-Type: application/json" \ + http://localhost:1317/cosmos/bank/v1beta1/balances/$MY_VALIDATOR_ADDRESS +``` + +Make sure to replace `localhost:1317` with the REST endpoint of your node, configured under the `api.address` field. + +The list of all available REST endpoints is available as a Swagger specification file, it can be viewed at `localhost:1317/swagger`. Make sure that the `api.swagger` field is set to true in your [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml) file. + +### Query for historical state using REST + +Querying for historical state is done using the HTTP header `x-cosmos-block-height`. For example, a curl command would look like: + +```bash +curl \ + -X GET \ + -H "Content-Type: application/json" \ + -H "x-cosmos-block-height: 123" \ + http://localhost:1317/cosmos/bank/v1beta1/balances/$MY_VALIDATOR_ADDRESS +``` + +Assuming the state at that block has not yet been pruned by the node, this query should return a non-empty response. + +### Cross-Origin Resource Sharing (CORS) + +[CORS policies](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) are not enabled by default to help with security. If you would like to use the rest-server in a public environment we recommend you provide a reverse proxy, this can be done with [nginx](https://www.nginx.com/). For testing and development purposes there is an `enabled-unsafe-cors` field inside [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml). diff --git a/copy-of-sdk-docs/user/run-node/03-txs.md b/copy-of-sdk-docs/user/run-node/03-txs.md new file mode 100644 index 00000000..93f81055 --- /dev/null +++ b/copy-of-sdk-docs/user/run-node/03-txs.md @@ -0,0 +1,429 @@ +--- +sidebar_position: 1 +--- + +# Generating, Signing and Broadcasting Transactions + +:::note Synopsis +This document describes how to generate an (unsigned) transaction, signing it (with one or multiple keys), and broadcasting it to the network. +::: + +## Using the CLI + +The easiest way to send transactions is using the CLI, as we have seen in the previous page when [interacting with a node](./02-interact-node.md#using-the-cli). For example, running the following command + +```bash +simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake --chain-id my-test-chain --keyring-backend test +``` + +will run the following steps: + +* generate a transaction with one `Msg` (`x/bank`'s `MsgSend`), and print the generated transaction to the console. +* ask the user for confirmation to send the transaction from the `$MY_VALIDATOR_ADDRESS` account. +* fetch `$MY_VALIDATOR_ADDRESS` from the keyring. This is possible because we have [set up the CLI's keyring](./00-keyring.md) in a previous step. +* sign the generated transaction with the keyring's account. +* broadcast the signed transaction to the network. This is possible because the CLI connects to the node's CometBFT RPC endpoint. + +The CLI bundles all the necessary steps into a simple-to-use user experience. However, it's possible to run all the steps individually too. + +### Generating a Transaction + +Generating a transaction can simply be done by appending the `--generate-only` flag on any `tx` command, e.g.: + +```bash +simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake --chain-id my-test-chain --generate-only +``` + +This will output the unsigned transaction as JSON in the console. We can also save the unsigned transaction to a file (to be passed around between signers more easily) by appending `> unsigned_tx.json` to the above command. + +### Signing a Transaction + +Signing a transaction using the CLI requires the unsigned transaction to be saved in a file. Let's assume the unsigned transaction is in a file called `unsigned_tx.json` in the current directory (see previous paragraph on how to do that). Then, simply run the following command: + +```bash +simd tx sign unsigned_tx.json --chain-id my-test-chain --keyring-backend test --from $MY_VALIDATOR_ADDRESS +``` + +This command will decode the unsigned transaction and sign it with `SIGN_MODE_DIRECT` with `$MY_VALIDATOR_ADDRESS`'s key, which we already set up in the keyring. The signed transaction will be output as JSON to the console, and, as above, we can save it to a file by appending `--output-document signed_tx.json`. + +Some useful flags to consider in the `tx sign` command: + +* `--sign-mode`: you may use `amino-json` to sign the transaction using `SIGN_MODE_LEGACY_AMINO_JSON`, +* `--offline`: sign in offline mode. This means that the `tx sign` command doesn't connect to the node to retrieve the signer's account number and sequence, both needed for signing. In this case, you must manually supply the `--account-number` and `--sequence` flags. This is useful for offline signing, i.e. signing in a secure environment which doesn't have access to the internet. + +#### Signing with Multiple Signers + +:::warning +Please note that signing a transaction with multiple signers or with a multisig account, where at least one signer uses `SIGN_MODE_DIRECT`, is not yet possible. You may follow [this Github issue](https://github.com/cosmos/cosmos-sdk/issues/8141) for more info. +::: + +Signing with multiple signers is done with the `tx multisign` command. This command assumes that all signers use `SIGN_MODE_LEGACY_AMINO_JSON`. The flow is similar to the `tx sign` command flow, but instead of signing an unsigned transaction file, each signer signs the file signed by previous signer(s). The `tx multisign` command will append signatures to the existing transactions. It is important that signers sign the transaction **in the same order** as given by the transaction, which is retrievable using the `GetSigners()` method. + +For example, starting with the `unsigned_tx.json`, and assuming the transaction has 4 signers, we would run: + +```bash +# Let signer1 sign the unsigned tx. +simd tx multisign unsigned_tx.json signer_key_1 --chain-id my-test-chain --keyring-backend test > partial_tx_1.json +# Now signer1 will send the partial_tx_1.json to the signer2. +# Signer2 appends their signature: +simd tx multisign partial_tx_1.json signer_key_2 --chain-id my-test-chain --keyring-backend test > partial_tx_2.json +# Signer2 sends the partial_tx_2.json file to signer3, and signer3 can append his signature: +simd tx multisign partial_tx_2.json signer_key_3 --chain-id my-test-chain --keyring-backend test > partial_tx_3.json +``` + +### Broadcasting a Transaction + +Broadcasting a transaction is done using the following command: + +```bash +simd tx broadcast tx_signed.json +``` + +You may optionally pass the `--broadcast-mode` flag to specify which response to receive from the node: + +* `sync`: the CLI waits for a CheckTx execution response only. +* `async`: the CLI returns immediately (transaction might fail). + +### Encoding a Transaction + +In order to broadcast a transaction using the gRPC or REST endpoints, the transaction will need to be encoded first. This can be done using the CLI. + +Encoding a transaction is done using the following command: + +```bash +simd tx encode tx_signed.json +``` + +This will read the transaction from the file, serialize it using Protobuf, and output the transaction bytes as base64 in the console. + +### Decoding a Transaction + +The CLI can also be used to decode transaction bytes. + +Decoding a transaction is done using the following command: + +```bash +simd tx decode [protobuf-byte-string] +``` + +This will decode the transaction bytes and output the transaction as JSON in the console. You can also save the transaction to a file by appending `> tx.json` to the above command. + +## Programmatically with Go + +It is possible to manipulate transactions programmatically via Go using the Cosmos SDK's `TxBuilder` interface. + +### Generating a Transaction + +Before generating a transaction, a new instance of a `TxBuilder` needs to be created. Since the Cosmos SDK supports both Amino and Protobuf transactions, the first step would be to decide which encoding scheme to use. All the subsequent steps remain unchanged, whether you're using Amino or Protobuf, as `TxBuilder` abstracts the encoding mechanisms. In the following snippet, we will use Protobuf. + +```go +import ( + "github.com/cosmos/cosmos-sdk/simapp" +) + +func sendTx() error { + // Choose your codec: Amino or Protobuf. Here, we use Protobuf, given by the following function. + app := simapp.NewSimApp(...) + + // Create a new TxBuilder. + txBuilder := app.TxConfig().NewTxBuilder() + + // --snip-- +} +``` + +We can also set up some keys and addresses that will send and receive the transactions. Here, for the purpose of the tutorial, we will be using some dummy data to create keys. + +```go +import ( + "github.com/cosmos/cosmos-sdk/testutil/testdata" +) + +priv1, _, addr1 := testdata.KeyTestPubAddr() +priv2, _, addr2 := testdata.KeyTestPubAddr() +priv3, _, addr3 := testdata.KeyTestPubAddr() +``` + +Populating the `TxBuilder` can be done via its methods: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/tx_config.go#L39-L57 +``` + +```go +import ( + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" +) + +func sendTx() error { + // --snip-- + + // Define two x/bank MsgSend messages: + // - from addr1 to addr3, + // - from addr2 to addr3. + // This means that the transaction needs two signers: addr1 and addr2. + msg1 := banktypes.NewMsgSend(addr1, addr3, types.NewCoins(types.NewInt64Coin("atom", 12))) + msg2 := banktypes.NewMsgSend(addr2, addr3, types.NewCoins(types.NewInt64Coin("atom", 34))) + + err := txBuilder.SetMsgs(msg1, msg2) + if err != nil { + return err + } + + txBuilder.SetGasLimit(...) + txBuilder.SetFeeAmount(...) + txBuilder.SetMemo(...) + txBuilder.SetTimeoutHeight(...) +} +``` + +At this point, `TxBuilder`'s underlying transaction is ready to be signed. + +#### Generating an Unordered Transaction + +Starting with Cosmos SDK v0.53.0, users may send unordered transactions to chains that have the feature enabled. + +:::warning + +Unordered transactions MUST leave sequence values unset. When a transaction is both unordered and contains a non-zero sequence value, +the transaction will be rejected. External services that operate on prior assumptions about transaction sequence values should be updated to handle unordered transactions. +Services should be aware that when the transaction is unordered, the transaction sequence will always be zero. + +::: + +Using the example above, we can set the required fields to mark a transaction as unordered. +By default, unordered transactions charge an extra 2240 units of gas to offset the additional storage overhead that supports their functionality. +The extra units of gas are customizable and therefore vary by chain, so be sure to check the chain's ante handler for the gas value set, if any. + +```go +func sendTx() error { + // --snip-- + expiration := 5 * time.Minute + txBuilder.SetUnordered(true) + txBuilder.SetTimeoutTimestamp(time.Now().Add(expiration + (1 * time.Nanosecond))) +} +``` + +Unordered transactions from the same account must use a unique timeout timestamp value. The difference between each timeout timestamp value may be as small as a nanosecond, however. + +```go +import ( + "github.com/cosmos/cosmos-sdk/client" +) + +func sendMessages(txBuilders []client.TxBuilder) error { + // --snip-- + expiration := 5 * time.Minute + for _, txb := range txBuilders { + txb.SetUnordered(true) + txb.SetTimeoutTimestamp(time.Now().Add(expiration + (1 * time.Nanosecond))) + } +} +``` + +### Signing a Transaction + +We set encoding config to use Protobuf, which will use `SIGN_MODE_DIRECT` by default. As per [ADR-020](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-020-protobuf-transaction-encoding.md), each signer needs to sign the `SignerInfo`s of all other signers. This means that we need to perform two steps sequentially: + +* for each signer, populate the signer's `SignerInfo` inside `TxBuilder`, +* once all `SignerInfo`s are populated, for each signer, sign the `SignDoc` (the payload to be signed). + +In the current `TxBuilder`'s API, both steps are done using the same method: `SetSignatures()`. The current API requires us to first perform a round of `SetSignatures()` _with empty signatures_, only to populate `SignerInfo`s, and a second round of `SetSignatures()` to actually sign the correct payload. + +```go +import ( + cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" + "github.com/cosmos/cosmos-sdk/types/tx/signing" + xauthsigning "github.com/cosmos/cosmos-sdk/x/auth/signing" +) + +func sendTx() error { + // --snip-- + + privs := []cryptotypes.PrivKey{priv1, priv2} + accNums:= []uint64{..., ...} // The accounts' account numbers + accSeqs:= []uint64{..., ...} // The accounts' sequence numbers + + // First round: we gather all the signer infos. We use the "set empty + // signature" hack to do that. + var sigsV2 []signing.SignatureV2 + for i, priv := range privs { + sigV2 := signing.SignatureV2{ + PubKey: priv.PubKey(), + Data: &signing.SingleSignatureData{ + SignMode: encCfg.TxConfig.SignModeHandler().DefaultMode(), + Signature: nil, + }, + Sequence: accSeqs[i], + } + + sigsV2 = append(sigsV2, sigV2) + } + err := txBuilder.SetSignatures(sigsV2...) + if err != nil { + return err + } + + // Second round: all signer infos are set, so each signer can sign. + sigsV2 = []signing.SignatureV2{} + for i, priv := range privs { + signerData := xauthsigning.SignerData{ + ChainID: chainID, + AccountNumber: accNums[i], + Sequence: accSeqs[i], + } + sigV2, err := tx.SignWithPrivKey( + encCfg.TxConfig.SignModeHandler().DefaultMode(), signerData, + txBuilder, priv, encCfg.TxConfig, accSeqs[i]) + if err != nil { + return nil, err + } + + sigsV2 = append(sigsV2, sigV2) + } + err = txBuilder.SetSignatures(sigsV2...) + if err != nil { + return err + } +} +``` + +The `TxBuilder` is now correctly populated. To print it, you can use the `TxConfig` interface from the initial encoding config `encCfg`: + +```go +func sendTx() error { + // --snip-- + + // Generated Protobuf-encoded bytes. + txBytes, err := encCfg.TxConfig.TxEncoder()(txBuilder.GetTx()) + if err != nil { + return err + } + + // Generate a JSON string. + txJSONBytes, err := encCfg.TxConfig.TxJSONEncoder()(txBuilder.GetTx()) + if err != nil { + return err + } + txJSON := string(txJSONBytes) +} +``` + +### Broadcasting a Transaction + +The preferred way to broadcast a transaction is to use gRPC, though using REST (via `gRPC-gateway`) or the CometBFT RPC is also possible. An overview of the differences between these methods is exposed [here](../../learn/advanced/06-grpc_rest.md). For this tutorial, we will only describe the gRPC method. + +```go +import ( + "context" + "fmt" + + "google.golang.org/grpc" + + "github.com/cosmos/cosmos-sdk/types/tx" +) + +func sendTx(ctx context.Context) error { + // --snip-- + + // Create a connection to the gRPC server. + grpcConn := grpc.Dial( + "127.0.0.1:9090", // Or your gRPC server address. + grpc.WithInsecure(), // The Cosmos SDK doesn't support any transport security mechanism. + ) + defer grpcConn.Close() + + // Broadcast the tx via gRPC. We create a new client for the Protobuf Tx + // service. + txClient := tx.NewServiceClient(grpcConn) + // We then call the BroadcastTx method on this client. + grpcRes, err := txClient.BroadcastTx( + ctx, + &tx.BroadcastTxRequest{ + Mode: tx.BroadcastMode_BROADCAST_MODE_SYNC, + TxBytes: txBytes, // Proto-binary of the signed transaction, see previous step. + }, + ) + if err != nil { + return err + } + + fmt.Println(grpcRes.TxResponse.Code) // Should be `0` if the tx is successful + + return nil +} +``` + +#### Simulating a Transaction + +Before broadcasting a transaction, we sometimes may want to dry-run the transaction, to estimate some information about the transaction without actually committing it. This is called simulating a transaction, and can be done as follows: + +```go +import ( + "context" + "fmt" + "testing" + + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/types/tx" + authtx "github.com/cosmos/cosmos-sdk/x/auth/tx" +) + +func simulateTx() error { + // --snip-- + + // Simulate the tx via gRPC. We create a new client for the Protobuf Tx + // service. + txClient := tx.NewServiceClient(grpcConn) + txBytes := /* Fill in with your signed transaction bytes. */ + + // We then call the Simulate method on this client. + grpcRes, err := txClient.Simulate( + context.Background(), + &tx.SimulateRequest{ + TxBytes: txBytes, + }, + ) + if err != nil { + return err + } + + fmt.Println(grpcRes.GasInfo) // Prints estimated gas used. + + return nil +} +``` + +## Using gRPC + +It is not possible to generate or sign a transaction using gRPC, only to broadcast one. In order to broadcast a transaction using gRPC, you will need to generate, sign, and encode the transaction using either the CLI or programmatically with Go. + +### Broadcasting a Transaction + +Broadcasting a transaction using the gRPC endpoint can be done by sending a `BroadcastTx` request as follows, where the `txBytes` are the protobuf-encoded bytes of a signed transaction: + +```bash +grpcurl -plaintext \ + -d '{"tx_bytes":"{{txBytes}}","mode":"BROADCAST_MODE_SYNC"}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/BroadcastTx +``` + +## Using REST + +It is not possible to generate or sign a transaction using REST, only to broadcast one. In order to broadcast a transaction using REST, you will need to generate, sign, and encode the transaction using either the CLI or programmatically with Go. + +### Broadcasting a Transaction + +Broadcasting a transaction using the REST endpoint (served by `gRPC-gateway`) can be done by sending a POST request as follows, where the `txBytes` are the protobuf-encoded bytes of a signed transaction: + +```bash +curl -X POST \ + -H "Content-Type: application/json" \ + -d' {"tx_bytes":"{{txBytes}}","mode":"BROADCAST_MODE_SYNC"}' \ + localhost:1317/cosmos/tx/v1beta1/txs +``` + +## Using CosmJS (JavaScript & TypeScript) + +CosmJS aims to build client libraries in JavaScript that can be embedded in web applications. Please see [https://cosmos.github.io/cosmjs](https://cosmos.github.io/cosmjs) for more information. As of January 2021, CosmJS documentation is still a work in progress. diff --git a/copy-of-sdk-docs/user/run-node/04-rosetta.md b/copy-of-sdk-docs/user/run-node/04-rosetta.md new file mode 100644 index 00000000..e4527abb --- /dev/null +++ b/copy-of-sdk-docs/user/run-node/04-rosetta.md @@ -0,0 +1,144 @@ +# Rosetta + +The `rosetta` project implements Coinbase's [Rosetta API](https://www.rosetta-api.org). This document provides instructions on how to use the Rosetta API integration. For information about the motivation and design choices, refer to [ADR 035](https://docs.cosmos.network/main/architecture/adr-035-rosetta-api-support). + +## Installing Rosetta + +The Rosetta API server is a stand-alone server that connects to a node of a chain developed with Cosmos SDK. + +Rosetta can be added to any cosmos chain node. standalone or natively. + +### Standalone + +Rosetta can be executed as a standalone service, it connects to the node endpoints and expose the required endpoints. + +Install Rosetta standalone server with the following command: + +```bash +go install github.com/cosmos/rosetta +``` + +Alternatively, for building from source, simply run `make build`. The binary will be located in the root folder. + +### Native - As a node command + +To enable Native Rosetta API support, it's required to add the `RosettaCommand` to your application's root command file (e.g. `simd/cmd/root.go`). + +Import the `rosettaCmd` package: + +```go +import "github.com/cosmos/rosetta/cmd" +``` + +Find the following line: + +```go +initRootCmd(rootCmd, encodingConfig) +``` + +After that line, add the following: + +```go +rootCmd.AddCommand( + rosettaCmd.RosettaCommand(encodingConfig.InterfaceRegistry, encodingConfig.Codec) +) +``` + +The `RosettaCommand` function builds the `rosetta` root command and is defined in the `rosettaCmd` package (`github.com/cosmos/rosetta/cmd`). + +Since we’ve updated the Cosmos SDK to work with the Rosetta API, updating the application's root command file is all you need to do. + +An implementation example can be found in `simapp` package. + +## Use Rosetta Command + +To run Rosetta in your application CLI, use the following command: + +> **Note:** if using the native approach, add your node name before any rosetta command. + +```shell +rosetta --help +``` + +To test and run Rosetta API endpoints for applications that are running and exposed, use the following command: + +```shell +rosetta + --blockchain "your application name (ex: gaia)" + --network "your chain identifier (ex: testnet-1)" + --tendermint "tendermint endpoint (ex: localhost:26657)" + --grpc "gRPC endpoint (ex: localhost:9090)" + --addr "rosetta binding address (ex: :8080)" + --grpc-types-server (optional) "gRPC endpoint for message descriptor types" +``` + +## Plugins - Multi chain connections + +Rosetta will try to reflect the node types trough reflection over the node gRPC endpoints, there may be cases were this approach is not enough. It is possible to extend or implement the required types easily through plugins. + +To use Rosetta over any chain, it is required to set up prefixes and registering zone specific interfaces through plugins. + +Each plugin is a minimalist implementation of `InitZone` and `RegisterInterfaces` which allow Rosetta to parse chain specific data. There is an example for cosmos-hub chain under `plugins/cosmos-hun/` folder +- **InitZone**: An empty method that is executed first and defines prefixes, parameters and other settings. +- **RegisterInterfaces**: This method receives an interface registry which is were the zone specific types and interfaces will be loaded + +In order to add a new plugin: +1. Create a folder over `plugins` folder with the name of the desired zone +2. Add a `main.go` file with the mentioned methods above. +3. Build the code binary through `go build -buildmode=plugin -o main.so main.go` + +The plugin folder is selected through the cli `--plugin` flag and loaded into the Rosetta server. + +## Extensions + +There are two ways in which you can customize and extend the implementation with your custom settings. + +### Message extension + +In order to make an `sdk.Msg` understandable by rosetta the only thing which is required is adding the methods to your messages that satisfy the `rosetta.Msg` interface. Examples on how to do so can be found in the staking types such as `MsgDelegate`, or in bank types such as `MsgSend`. + +### Client interface override + +In case more customization is required, it's possible to embed the Client type and override the methods which require customizations. + +Example: + +```go +package custom_client +import ( + +"context" +"github.com/coinbase/rosetta-sdk-go/types" +"github.com/cosmos/rosetta/lib" +) + +// CustomClient embeds the standard cosmos client +// which means that it implements the cosmos-rosetta-gateway Client +// interface while at the same time allowing to customize certain methods +type CustomClient struct { + *rosetta.Client +} + +func (c *CustomClient) ConstructionPayload(_ context.Context, request *types.ConstructionPayloadsRequest) (resp *types.ConstructionPayloadsResponse, err error) { + // provide custom signature bytes + panic("implement me") +} +``` + +NOTE: when using a customized client, the command cannot be used as the constructors required **may** differ, so it's required to create a new one. We intend to provide a way to init a customized client without writing extra code in the future. + +### Error extension + +Since rosetta requires to provide 'returned' errors to network options. In order to declare a new rosetta error, we use the `errors` package in cosmos-rosetta-gateway. + +Example: + +```go +package custom_errors +import crgerrs "github.com/cosmos/rosetta/lib/errors" + +var customErrRetriable = true +var CustomError = crgerrs.RegisterError(100, "custom message", customErrRetriable, "description") +``` + +Note: errors must be registered before cosmos-rosetta-gateway's `Server`.`Start` method is called. Otherwise the registration will be ignored. Errors with same code will be ignored too. diff --git a/copy-of-sdk-docs/user/run-node/05-run-testnet.md b/copy-of-sdk-docs/user/run-node/05-run-testnet.md new file mode 100644 index 00000000..9200042e --- /dev/null +++ b/copy-of-sdk-docs/user/run-node/05-run-testnet.md @@ -0,0 +1,101 @@ +--- +sidebar_position: 1 +--- + +# Running a Testnet + +:::note Synopsis +The `simd testnet` subcommand makes it easy to initialize and start a simulated test network for testing purposes. +::: + +In addition to the commands for [running a node](./01-run-node.md), the `simd` binary also includes a `testnet` command that allows you to start a simulated test network in-process or to initialize files for a simulated test network that runs in a separate process. + +## Initialize Files + +First, let's take a look at the `init-files` subcommand. + +This is similar to the `init` command when initializing a single node, but in this case we are initializing multiple nodes, generating the genesis transactions for each node, and then collecting those transactions. + +The `init-files` subcommand initializes the necessary files to run a test network in a separate process (i.e. using a Docker container). Running this command is not a prerequisite for the `start` subcommand ([see below](#start-testnet)). + +In order to initialize the files for a test network, run the following command: + +```bash +simd testnet init-files +``` + +You should see the following output in your terminal: + +```bash +Successfully initialized 4 node directories +``` + +The default output directory is a relative `.testnets` directory. Let's take a look at the files created within the `.testnets` directory. + +### gentxs + +The `gentxs` directory includes a genesis transaction for each validator node. Each file includes a JSON encoded genesis transaction used to register a validator node at the time of genesis. The genesis transactions are added to the `genesis.json` file within each node directory during the initialization process. + +### nodes + +A node directory is created for each validator node. Within each node directory is a `simd` directory. The `simd` directory is the home directory for each node, which includes the configuration and data files for that node (i.e. the same files included in the default `~/.simapp` directory when running a single node). + +## Start Testnet + +Now, let's take a look at the `start` subcommand. + +The `start` subcommand both initializes and starts an in-process test network. This is the fastest way to spin up a local test network for testing purposes. + +You can start the local test network by running the following command: + +```bash +simd testnet start +``` + +You should see something similar to the following: + +```bash +acquiring test network lock +preparing test network with chain-id "chain-mtoD9v" + + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++ THIS MNEMONIC IS FOR TESTING PURPOSES ONLY ++ +++ DO NOT USE IN PRODUCTION ++ +++ ++ +++ sustain know debris minute gate hybrid stereo custom ++ +++ divorce cross spoon machine latin vibrant term oblige ++ +++ moment beauty laundry repeat grab game bronze truly ++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + +starting test network... +started test network +press the Enter Key to terminate +``` + +The first validator node is now running in-process, which means the test network will terminate once you either close the terminal window or you press the Enter key. In the output, the mnemonic phrase for the first validator node is provided for testing purposes. The validator node is using the same default addresses being used when initializing and starting a single node (no need to provide a `--node` flag). + +Check the status of the first validator node: + +```shell +simd status +``` + +Import the key from the provided mnemonic: + +```shell +simd keys add test --recover --keyring-backend test +``` + +Check the balance of the account address: + +```shell +simd q bank balances [address] +``` + +Use this test account to manually test against the test network. + +## Testnet Options + +You can customize the configuration of the test network with flags. In order to see all flag options, append the `--help` flag to each command. diff --git a/copy-of-sdk-docs/user/run-node/06-run-production.md b/copy-of-sdk-docs/user/run-node/06-run-production.md new file mode 100644 index 00000000..6eee4808 --- /dev/null +++ b/copy-of-sdk-docs/user/run-node/06-run-production.md @@ -0,0 +1,269 @@ +--- +sidebar_position: 1 +--- + +# Running in Production + +:::note Synopsis +This section describes how to securely run a node in a public setting and/or on a mainnet on one of the many Cosmos SDK public blockchains. +::: + +When operating a node, full node or validator, in production it is important to set your server up securely. + +:::note +There are many different ways to secure a server and your node, the described steps here is one way. To see another way of setting up a server see the [run in production tutorial](https://tutorials.cosmos.network/hands-on-exercise/4-run-in-prod). +::: + +:::note +This walkthrough assumes the underlying operating system is Ubuntu. +::: + +## Server Setup + +### User + +When creating a server most times it is created as user `root`. This user has heightened privileges on the server. When operating a node, it is recommended to not run your node as the root user. + +1. Create a new user + +```bash +sudo adduser change_me +``` + +2. We want to allow this user to perform sudo tasks + +```bash +sudo usermod -aG sudo change_me +``` + +Now when logging into the server, the non `root` user can be used. + +### Go + +1. Install the [Go](https://go.dev/doc/install) version preconized by the application. + +:::warning +In the past, validators [have had issues](https://github.com/cosmos/cosmos-sdk/issues/13976) when using different versions of Go. It is recommended that the whole validator set uses the version of Go that is preconized by the application. +::: + +### Firewall + +Nodes should not have all ports open to the public, this is a simple way to get DDOS'd. Secondly it is recommended by [CometBFT](https://github.com/cometbft/cometbft) to never expose ports that are not required to operate a node. + +When setting up a firewall there are a few ports that can be open when operating a Cosmos SDK node. There is the CometBFT json-RPC, prometheus, p2p, remote signer and Cosmos SDK GRPC and REST. If the node is being operated as a node that does not offer endpoints to be used for submission or querying then a max of three endpoints are needed. + +Most, if not all servers come equipped with [ufw](https://help.ubuntu.com/community/UFW). Ufw will be used in this tutorial. + +1. Reset UFW to disallow all incoming connections and allow outgoing + +```bash +sudo ufw default deny incoming +sudo ufw default allow outgoing +``` + +2. Lets make sure that port 22 (ssh) stays open. + +```bash +sudo ufw allow ssh +``` + +or + +```bash +sudo ufw allow 22 +``` + +Both of the above commands are the same. + +3. Allow Port 26656 (cometbft p2p port). If the node has a modified p2p port then that port must be used here. + +```bash +sudo ufw allow 26656/tcp +``` + +4. Allow port 26660 (cometbft [prometheus](https://prometheus.io)). This acts as the applications monitoring port as well. + +```bash +sudo ufw allow 26660/tcp +``` + +5. IF the node which is being setup would like to expose CometBFTs jsonRPC and Cosmos SDK GRPC and REST then follow this step. (Optional) + +##### CometBFT JsonRPC + +```bash +sudo ufw allow 26657/tcp +``` + +##### Cosmos SDK GRPC + +```bash +sudo ufw allow 9090/tcp +``` + +##### Cosmos SDK REST + +```bash +sudo ufw allow 1317/tcp +``` + +6. Lastly, enable ufw + +```bash +sudo ufw enable +``` + +### Signing + +If the node that is being started is a validator there are multiple ways a validator could sign blocks. + +#### File + +File based signing is the simplest and default approach. This approach works by storing the consensus key, generated on initialization, to sign blocks. This approach is only as safe as your server setup as if the server is compromised so is your key. This key is located in the `config/priv_val_key.json` directory generated on initialization. + +A second file exists that user must be aware of, the file is located in the data directory `data/priv_val_state.json`. This file protects your node from double signing. It keeps track of the consensus keys last sign height, round and latest signature. If the node crashes and needs to be recovered this file must be kept in order to ensure that the consensus key will not be used for signing a block that was previously signed. + +#### Remote Signer + +A remote signer is a secondary server that is separate from the running node that signs blocks with the consensus key. This means that the consensus key does not live on the node itself. This increases security because your full node which is connected to the remote signer can be swapped without missing blocks. + +The two most used remote signers are [tmkms](https://github.com/iqlusioninc/tmkms) from [Iqlusion](https://www.iqlusion.io) and [horcrux](https://github.com/strangelove-ventures/horcrux) from [Strangelove](https://strange.love). + +##### TMKMS + +###### Dependencies + +1. Update server dependencies and install extras needed. + +```sh +sudo apt update -y && sudo apt install build-essential curl jq -y +``` + +2. Install Rust: + +```sh +curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh +``` + +3. Install Libusb: + +```sh +sudo apt install libusb-1.0-0-dev +``` + +###### Setup + +There are two ways to install tmkms, from source or `cargo install`. In the examples we will cover downloading or building from source and using softsign. Softsign stands for software signing, but you could use a [yubihsm](https://www.yubico.com/products/hardware-security-module/) as your signing key if you wish. + +1. Build: + +From source: + +```bash +cd $HOME +git clone https://github.com/iqlusioninc/tmkms.git +cd $HOME/tmkms +cargo install tmkms --features=softsign +tmkms init config +tmkms softsign keygen ./config/secrets/secret_connection_key +``` + +or + +Cargo install: + +```bash +cargo install tmkms --features=softsign +tmkms init config +tmkms softsign keygen ./config/secrets/secret_connection_key +``` + +:::note +To use tmkms with a yubikey install the binary with `--features=yubihsm`. +::: + +2. Migrate the validator key from the full node to the new tmkms instance. + +```bash +scp user@123.456.32.123:~/.simd/config/priv_validator_key.json ~/tmkms/config/secrets +``` + +3. Import the validator key into tmkms. + +```bash +tmkms softsign import $HOME/tmkms/config/secrets/priv_validator_key.json $HOME/tmkms/config/secrets/priv_validator_key +``` + +At this point, it is necessary to delete the `priv_validator_key.json` from the validator node and the tmkms node. Since the key has been imported into tmkms (above) it is no longer necessary on the nodes. The key can be safely stored offline. + +4. Modify the `tmkms.toml`. + +```bash +vim $HOME/tmkms/config/tmkms.toml +``` + +This example shows a configuration that could be used for soft signing. The example has an IP of `123.456.12.345` with a port of `26659` a chain_id of `test-chain-waSDSe`. These are items that must be modified for the usecase of tmkms and the network. + +```toml +# CometBFT KMS configuration file + +## Chain Configuration + +[[chain]] +id = "osmosis-1" +key_format = { type = "bech32", account_key_prefix = "cosmospub", consensus_key_prefix = "cosmosvalconspub" } +state_file = "/root/tmkms/config/state/priv_validator_state.json" + +## Signing Provider Configuration + +### Software-based Signer Configuration + +[[providers.softsign]] +chain_ids = ["test-chain-waSDSe"] +key_type = "consensus" +path = "/root/tmkms/config/secrets/priv_validator_key" + +## Validator Configuration + +[[validator]] +chain_id = "test-chain-waSDSe" +addr = "tcp://123.456.12.345:26659" +secret_key = "/root/tmkms/config/secrets/secret_connection_key" +protocol_version = "v0.34" +reconnect = true +``` + +5. Set the address of the tmkms instance. + +```bash +vim $HOME/.simd/config/config.toml + +priv_validator_laddr = "tcp://0.0.0.0:26659" +``` + +:::tip +The above address it set to `0.0.0.0` but it is recommended to set the tmkms server to secure the startup +::: + +:::tip +It is recommended to comment or delete the lines that specify the path of the validator key and validator: + +```toml +# Path to the JSON file containing the private key to use as a validator in the consensus protocol +# priv_validator_key_file = "config/priv_validator_key.json" + +# Path to the JSON file containing the last sign state of a validator +# priv_validator_state_file = "data/priv_validator_state.json" +``` + +::: + +6. Start the two processes. + +```bash +tmkms start -c $HOME/tmkms/config/tmkms.toml +``` + +```bash +simd start +``` diff --git a/copy-of-sdk-docs/user/run-node/_category_.json b/copy-of-sdk-docs/user/run-node/_category_.json new file mode 100644 index 00000000..65e64b94 --- /dev/null +++ b/copy-of-sdk-docs/user/run-node/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Running a Node, API and CLI", + "position": 0, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/user/user.md b/copy-of-sdk-docs/user/user.md new file mode 100644 index 00000000..5429e8ad --- /dev/null +++ b/copy-of-sdk-docs/user/user.md @@ -0,0 +1,10 @@ +--- +sidebar_position: 0 +--- +# User Guides + +This section is designed for developers who are using the Cosmos SDK to build applications. It provides essential guides and references to effectively use the SDK's features. + +* [Setting up keys](./run-node/00-keyring.md) - Learn how to set up secure key management using the Cosmos SDK's keyring feature. This guide provides a streamlined approach to cryptographic key handling, which is crucial for securing your application. +* [Running a node](./run-node/01-run-node.md) - This guide provides step-by-step instructions to deploy and manage a node in the Cosmos network. It ensures a smooth and reliable operation of your blockchain application by covering all the necessary setup and maintenance steps. +* [CLI](./run-node/02-interact-node.md) - Discover how to navigate and interact with the Cosmos SDK using the Command Line Interface (CLI). This section covers efficient and powerful command-based operations that can help you manage your application effectively. diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/_category_.json b/copy-of-sdk-versioned_docs/version-0.47/learn/_category_.json new file mode 100644 index 00000000..f40637f4 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Develop", + "position": 0, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/00-baseapp.md b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/00-baseapp.md new file mode 100644 index 00000000..b78bf6ac --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/00-baseapp.md @@ -0,0 +1,509 @@ +# BaseApp + +:::note Synopsis +This document describes `BaseApp`, the abstraction that implements the core functionalities of a Cosmos SDK application. +::: + +:::note + +### Pre-requisite Readings + +* [Anatomy of a Cosmos SDK application](../beginner/00-overview-app.md) +* [Lifecycle of a Cosmos SDK transaction](../beginner/01-tx-lifecycle.md) + +::: + +## Introduction + +`BaseApp` is a base type that implements the core of a Cosmos SDK application, namely: + +* The [Application Blockchain Interface](#main-abci-10-messages), for the state-machine to communicate with the underlying consensus engine (e.g. CometBFT). +* [Service Routers](#service-routers), to route messages and queries to the appropriate module. +* Different [states](#state-updates), as the state-machine can have different volatile states updated based on the ABCI message received. + +The goal of `BaseApp` is to provide the fundamental layer of a Cosmos SDK application +that developers can easily extend to build their own custom application. Usually, +developers will create a custom type for their application, like so: + +```go +type App struct { + // reference to a BaseApp + *baseapp.BaseApp + + // list of application store keys + + // list of application keepers + + // module manager +} +``` + +Extending the application with `BaseApp` gives the former access to all of `BaseApp`'s methods. +This allows developers to compose their custom application with the modules they want, while not +having to concern themselves with the hard work of implementing the ABCI, the service routers and state +management logic. + +## Type Definition + +The `BaseApp` type holds many important parameters for any Cosmos SDK based application. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/baseapp/baseapp.go#L50-L146 +``` + +Let us go through the most important components. + +> **Note**: Not all parameters are described, only the most important ones. Refer to the +> type definition for the full list. + +First, the important parameters that are initialized during the bootstrapping of the application: + +* [`CommitMultiStore`](04-store.md#commitmultistore): This is the main store of the application, + which holds the canonical state that is committed at the [end of each block](#commit). This store + is **not** cached, meaning it is not used to update the application's volatile (un-committed) states. + The `CommitMultiStore` is a multi-store, meaning a store of stores. Each module of the application + uses one or multiple `KVStores` in the multi-store to persist their subset of the state. +* Database: The `db` is used by the `CommitMultiStore` to handle data persistence. +* [`Msg` Service Router](#msg-service-router): The `msgServiceRouter` facilitates the routing of `sdk.Msg` requests to the appropriate + module `Msg` service for processing. Here a `sdk.Msg` refers to the transaction component that needs to be + processed by a service in order to update the application state, and not to ABCI message which implements + the interface between the application and the underlying consensus engine. +* [gRPC Query Router](#grpc-query-router): The `grpcQueryRouter` facilitates the routing of gRPC queries to the + appropriate module for it to be processed. These queries are not ABCI messages themselves, but they + are relayed to the relevant module's gRPC `Query` service. +* [`TxDecoder`](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/types#TxDecoder): It is used to decode + raw transaction bytes relayed by the underlying CometBFT engine. +* [`AnteHandler`](#antehandler): This handler is used to handle signature verification, fee payment, + and other pre-message execution checks when a transaction is received. It's executed during + [`CheckTx/RecheckTx`](#checktx) and [`DeliverTx`](#delivertx). +* [`InitChainer`](../beginner/00-overview-app.md#initchainer), + [`BeginBlocker` and `EndBlocker`](../beginner/00-overview-app.md#beginblocker-and-endblocker): These are + the functions executed when the application receives the `InitChain`, `BeginBlock` and `EndBlock` + ABCI messages from the underlying CometBFT engine. + +Then, parameters used to define [volatile states](#state-updates) (i.e. cached states): + +* `checkState`: This state is updated during [`CheckTx`](#checktx), and reset on [`Commit`](#commit). +* `deliverState`: This state is updated during [`DeliverTx`](#delivertx), and set to `nil` on + [`Commit`](#commit) and gets re-initialized on BeginBlock. +* `processProposalState`: This state is updated during [`ProcessProposal`](#process-proposal). +* `prepareProposalState`: This state is updated during [`PrepareProposal`](#prepare-proposal). + +Finally, a few more important parameters: + +* `voteInfos`: This parameter carries the list of validators whose precommit is missing, either + because they did not vote or because the proposer did not include their vote. This information is + carried by the and can be used by the application for various things like + punishing absent validators. +* `minGasPrices`: This parameter defines the minimum gas prices accepted by the node. This is a + **local** parameter, meaning each full-node can set a different `minGasPrices`. It is used in the + `AnteHandler` during [`CheckTx`](#checktx), mainly as a spam protection mechanism. The transaction + enters the [mempool](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#mempool-methods) + only if the gas prices of the transaction are greater than one of the minimum gas price in + `minGasPrices` (e.g. if `minGasPrices == 1uatom,1photon`, the `gas-price` of the transaction must be + greater than `1uatom` OR `1photon`). +* `appVersion`: Version of the application. It is set in the + [application's constructor function](../beginner/00-overview-app.md#constructor-function). + +## Constructor + +```go +func NewBaseApp( + name string, logger log.Logger, db dbm.DB, txDecoder sdk.TxDecoder, options ...func(*BaseApp), +) *BaseApp { + + // ... +} +``` + +The `BaseApp` constructor function is pretty straightforward. The only thing worth noting is the +possibility to provide additional [`options`](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/baseapp/options.go) +to the `BaseApp`, which will execute them in order. The `options` are generally `setter` functions +for important parameters, like `SetPruning()` to set pruning options or `SetMinGasPrices()` to set +the node's `min-gas-prices`. + +Naturally, developers can add additional `options` based on their application's needs. + +## State Updates + +The `BaseApp` maintains four primary volatile states and a root or main state. The main state +is the canonical state of the application and the volatile states, `checkState`, `deliverState`, `prepareProposalState`, `processPreposalState`, +are used to handle state transitions in-between the main state made during [`Commit`](#commit). + +Internally, there is only a single `CommitMultiStore` which we refer to as the main or root state. +From this root state, we derive four volatile states by using a mechanism called _store branching_ (performed by `CacheWrap` function). +The types can be illustrated as follows: + +![Types](baseapp_state.png) + +### InitChain State Updates + +During `InitChain`, the four volatile states, `checkState`, `prepareProposalState`, `processProposalState` +and `deliverState` are set by branching the root `CommitMultiStore`. Any subsequent reads and writes happen +on branched versions of the `CommitMultiStore`. +To avoid unnecessary roundtrip to the main state, all reads to the branched store are cached. + +![InitChain](baseapp_state-initchain.png) + +### CheckTx State Updates + +During `CheckTx`, the `checkState`, which is based off of the last committed state from the root +store, is used for any reads and writes. Here we only execute the `AnteHandler` and verify a service router +exists for every message in the transaction. Note, when we execute the `AnteHandler`, we branch +the already branched `checkState`. +This has the side effect that if the `AnteHandler` fails, the state transitions won't be reflected in the `checkState` +-- i.e. `checkState` is only updated on success. + +![CheckTx](baseapp_state-checktx.png) + +### PrepareProposal State Updates + +During `PrepareProposal`, the `prepareProposalState` is set by branching the root `CommitMultiStore`. +The `prepareProposalState` is used for any reads and writes that occur during the `PrepareProposal` phase. +The function uses the `Select()` method of the mempool to iterate over the transactions. `runTx` is then called, +which encodes and validates each transaction and from there the `AnteHandler` is executed. +If successful, valid transactions are returned inclusive of the events, tags, and data generated +during the execution of the proposal. +The described behavior is that of the default handler, applications have the flexibility to define their own +[custom mempool handlers](https://docs.cosmos.network/main/building-apps/app-mempool#custom-mempool-handlers). + +![ProcessProposal](baseapp_state-prepareproposal.png) + +### ProcessProposal State Updates + +During `ProcessProposal`, the `processProposalState` is set based off of the last committed state +from the root store and is used to process a signed proposal received from a validator. +In this state, `runTx` is called and the `AnteHandler` is executed and the context used in this state is built with information +from the header and the main state, including the minimum gas prices, which are also set. +Again we want to highlight that the described behavior is that of the default handler and applications have the flexibility to define their own +[custom mempool handlers](https://docs.cosmos.network/main/building-apps/app-mempool#custom-mempool-handlers). + +![ProcessProposal](baseapp_state-processproposal.png) + +### BeginBlock State Updates + +During `BeginBlock`, the `deliverState` is set for use in subsequent `DeliverTx` ABCI messages. The +`deliverState` is based off of the last committed state from the root store and is branched. +Note, the `deliverState` is set to `nil` on [`Commit`](#commit). + +![BeginBlock](baseapp_state-begin_block.png) + +### DeliverTx State Updates + +The state flow for `DeliverTx` is nearly identical to `CheckTx` except state transitions occur on +the `deliverState` and messages in a transaction are executed. Similarly to `CheckTx`, state transitions +occur on a doubly branched state -- `deliverState`. Successful message execution results in +writes being committed to `deliverState`. Note, if message execution fails, state transitions from +the AnteHandler are persisted. + +![DeliverTx](baseapp_state-deliver_tx.png) + +### Commit State Updates + +During `Commit` all the state transitions that occurred in the `deliverState` are finally written to +the root `CommitMultiStore` which in turn is committed to disk and results in a new application +root hash. These state transitions are now considered final. Finally, the `checkState` is set to the +newly committed state and `deliverState` is set to `nil` to be reset on `BeginBlock`. + +![Commit](baseapp_state-commit.png) + +## ParamStore + +During `InitChain`, the `RequestInitChain` provides `ConsensusParams` which contains parameters +related to block execution such as maximum gas and size in addition to evidence parameters. If these +parameters are non-nil, they are set in the BaseApp's `ParamStore`. Behind the scenes, the `ParamStore` +is managed by an `x/consensus_params` module. This allows the parameters to be tweaked via + on-chain governance. + +## Service Routers + +When messages and queries are received by the application, they must be routed to the appropriate module in order to be processed. Routing is done via `BaseApp`, which holds a `msgServiceRouter` for messages, and a `grpcQueryRouter` for queries. + +### `Msg` Service Router + +[`sdk.Msg`s](../../build/building-modules/02-messages-and-queries.md#messages) need to be routed after they are extracted from transactions, which are sent from the underlying CometBFT engine via the [`CheckTx`](#checktx) and [`DeliverTx`](#delivertx) ABCI messages. To do so, `BaseApp` holds a `msgServiceRouter` which maps fully-qualified service methods (`string`, defined in each module's Protobuf `Msg` service) to the appropriate module's `MsgServer` implementation. + +The [default `msgServiceRouter` included in `BaseApp`](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/baseapp/msg_service_router.go) is stateless. However, some applications may want to make use of more stateful routing mechanisms such as allowing governance to disable certain routes or point them to new modules for upgrade purposes. For this reason, the `sdk.Context` is also passed into each [route handler inside `msgServiceRouter`](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/baseapp/msg_service_router.go#L31-L32). For a stateless router that doesn't want to make use of this, you can just ignore the `ctx`. + +The application's `msgServiceRouter` is initialized with all the routes using the application's [module manager](../../build/building-modules/01-module-manager.md#manager) (via the `RegisterServices` method), which itself is initialized with all the application's modules in the application's [constructor](../beginner/00-overview-app.md#constructor-function). + +### gRPC Query Router + +Similar to `sdk.Msg`s, [`queries`](../../build/building-modules/02-messages-and-queries.md#queries) need to be routed to the appropriate module's [`Query` service](../../build/building-modules/04-query-services.md). To do so, `BaseApp` holds a `grpcQueryRouter`, which maps modules' fully-qualified service methods (`string`, defined in their Protobuf `Query` gRPC) to their `QueryServer` implementation. The `grpcQueryRouter` is called during the initial stages of query processing, which can be either by directly sending a gRPC query to the gRPC endpoint, or via the [`Query` ABCI message](#query) on the CometBFT RPC endpoint. + +Just like the `msgServiceRouter`, the `grpcQueryRouter` is initialized with all the query routes using the application's [module manager](../../build/building-modules/01-module-manager.md) (via the `RegisterServices` method), which itself is initialized with all the application's modules in the application's [constructor](../beginner/00-overview-app.md#app-constructor). + +## Main ABCI 1.0 Messages + +The [Application-Blockchain Interface](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md) (ABCI) is a generic interface that connects a state-machine with a consensus engine to form a functional full-node. It can be wrapped in any language, and needs to be implemented by each application-specific blockchain built on top of an ABCI-compatible consensus engine like CometBFT. + +The consensus engine handles two main tasks: + +* The networking logic, which mainly consists in gossiping block parts, transactions and consensus votes. +* The consensus logic, which results in the deterministic ordering of transactions in the form of blocks. + +It is **not** the role of the consensus engine to define the state or the validity of transactions. Generally, transactions are handled by the consensus engine in the form of `[]bytes`, and relayed to the application via the ABCI to be decoded and processed. At keys moments in the networking and consensus processes (e.g. beginning of a block, commit of a block, reception of an unconfirmed transaction, ...), the consensus engine emits ABCI messages for the state-machine to act on. + +Developers building on top of the Cosmos SDK need not implement the ABCI themselves, as `BaseApp` comes with a built-in implementation of the interface. Let us go through the main ABCI messages that `BaseApp` implements: + +* [`Prepare Proposal`](#prepare-proposal) +* [`Process Proposal`](#process-proposal) +* [`CheckTx`](#checktx) +* [`DeliverTx`](#delivertx) + + +### Prepare Proposal + +The `PrepareProposal` function is part of the new methods introduced in Application Blockchain Interface (ABCI++) in CometBFT and is an important part of the application's overall governance system. In the Cosmos SDK, it allows the application to have more fine-grained control over the transactions that are processed, and ensures that only valid transactions are committed to the blockchain. + +Here is how the `PrepareProposal` function can be implemented: + +1. Extract the `sdk.Msg`s from the transaction. +2. Perform _stateful_ checks by calling `Validate()` on each of the `sdk.Msg`'s. This is done after _stateless_ checks as _stateful_ checks are more computationally expensive. If `Validate()` fails, `PrepareProposal` returns before running further checks, which saves resources. +3. Perform any additional checks that are specific to the application, such as checking account balances, or ensuring that certain conditions are met before a transaction is proposed.hey are processed by the consensus engine, if necessary. +4. Return the updated transactions to be processed by the consensus engine + +Note that, unlike `CheckTx()`, `PrepareProposal` process `sdk.Msg`s, so it can directly update the state. However, unlike `DeliverTx()`, it does not commit the state updates. It's important to exercise caution when using `PrepareProposal` as incorrect coding could affect the overall liveness of the network. + +It's important to note that `PrepareProposal` complements the `ProcessProposal` method which is executed after this method. The combination of these two methods means that it is possible to guarantee that no invalid transactions are ever committed. Furthermore, such a setup can give rise to other interesting use cases such as Oracles, threshold decryption and more. + +`PrepareProposal` returns a response to the underlying consensus engine of type [`abci.ResponseCheckTx`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#processproposal). The response contains: + +* `Code (uint32)`: Response Code. `0` if successful. +* `Data ([]byte)`: Result bytes, if any. +* `Log (string):` The output of the application's logger. May be non-deterministic. +* `Info (string):` Additional information. May be non-deterministic. + + +### Process Proposal + +The `ProcessProposal` function is called by the BaseApp as part of the ABCI message flow, and is executed during the `BeginBlock` phase of the consensus process. The purpose of this function is to give more control to the application for block validation, allowing it to check all transactions in a proposed block before the validator sends the prevote for the block. It allows a validator to perform application-dependent work in a proposed block, enabling features such as immediate block execution, and allows the Application to reject invalid blocks. + +The `ProcessProposal` function performs several key tasks, including: + +1. Validating the proposed block by checking all transactions in it. +2. Checking the proposed block against the current state of the application, to ensure that it is valid and that it can be executed. +3. Updating the application's state based on the proposal, if it is valid and passes all checks. +4. Returning a response to CometBFT indicating the result of the proposal processing. + +The `ProcessProposal` is an important part of the application's overall governance system. It is used to manage the network's parameters and other key aspects of its operation. It also ensures that the coherence property is adhered to i.e. all honest validators must accept a proposal by an honest proposer. + +It's important to note that `ProcessProposal` complements the `PrepareProposal` method which enables the application to have more fine-grained transaction control by allowing it to reorder, drop, delay, modify, and even add transactions as they see necessary. The combination of these two methods means that it is possible to guarantee that no invalid transactions are ever committed. Furthermore, such a setup can give rise to other interesting use cases such as Oracles, threshold decryption and more. + +CometBFT calls it when it receives a proposal and the CometBFT algorithm has not locked on a value. The Application cannot modify the proposal at this point but can reject it if it is invalid. If that is the case, CometBFT will prevote `nil` on the proposal, which has strong liveness implications for CometBFT. As a general rule, the Application SHOULD accept a prepared proposal passed via `ProcessProposal`, even if a part of the proposal is invalid (e.g., an invalid transaction); the Application can ignore the invalid part of the prepared proposal at block execution time. + +However, developers must exercise greater caution when using these methods. Incorrectly coding these methods could affect liveness as CometBFT is unable to receive 2/3 valid precommits to finalize a block. + +`ProcessProposal` returns a response to the underlying consensus engine of type [`abci.ResponseCheckTx`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#processproposal). The response contains: + +* `Code (uint32)`: Response Code. `0` if successful. +* `Data ([]byte)`: Result bytes, if any. +* `Log (string):` The output of the application's logger. May be non-deterministic. +* `Info (string):` Additional information. May be non-deterministic. + + +### CheckTx + +`CheckTx` is sent by the underlying consensus engine when a new unconfirmed (i.e. not yet included in a valid block) +transaction is received by a full-node. The role of `CheckTx` is to guard the full-node's mempool +(where unconfirmed transactions are stored until they are included in a block) from spam transactions. +Unconfirmed transactions are relayed to peers only if they pass `CheckTx`. + +`CheckTx()` can perform both _stateful_ and _stateless_ checks, but developers should strive to +make the checks **lightweight** because gas fees are not charged for the resources (CPU, data load...) used during the `CheckTx`. + +In the Cosmos SDK, after [decoding transactions](06-encoding.md), `CheckTx()` is implemented +to do the following checks: + +1. Extract the `sdk.Msg`s from the transaction. +2. **Optionally** perform _stateless_ checks by calling `ValidateBasic()` on each of the `sdk.Msg`s. This is done + first, as _stateless_ checks are less computationally expensive than _stateful_ checks. If + `ValidateBasic()` fail, `CheckTx` returns before running _stateful_ checks, which saves resources. + This check is still performed for messages that have not yet migrated to the new message validation mechanism defined in [RFC 001](https://docs.cosmos.network/main/rfc/rfc-001-tx-validation) and still have a `ValidateBasic()` method. +3. Perform non-module related _stateful_ checks on the [account](../beginner/03-accounts.md). This step is mainly about checking + that the `sdk.Msg` signatures are valid, that enough fees are provided and that the sending account + has enough funds to pay for said fees. Note that no precise [`gas`](../beginner/04-gas-fees.md) counting occurs here, + as `sdk.Msg`s are not processed. Usually, the [`AnteHandler`](../beginner/04-gas-fees.md#antehandler) will check that the `gas` provided + with the transaction is superior to a minimum reference gas amount based on the raw transaction size, + in order to avoid spam with transactions that provide 0 gas. + +`CheckTx` does **not** process `sdk.Msg`s - they only need to be processed when the canonical state need to be updated, which happens during `DeliverTx`. + +Steps 2. and 3. are performed by the [`AnteHandler`](../beginner/04-gas-fees.md#antehandler) in the [`RunTx()`](#runtx) +function, which `CheckTx()` calls with the `runTxModeCheck` mode. During each step of `CheckTx()`, a +special [volatile state](#state-updates) called `checkState` is updated. This state is used to keep +track of the temporary changes triggered by the `CheckTx()` calls of each transaction without modifying +the [main canonical state](#state-updates). For example, when a transaction goes through `CheckTx()`, the +transaction's fees are deducted from the sender's account in `checkState`. If a second transaction is +received from the same account before the first is processed, and the account has consumed all its +funds in `checkState` during the first transaction, the second transaction will fail `CheckTx`() and +be rejected. In any case, the sender's account will not actually pay the fees until the transaction +is actually included in a block, because `checkState` never gets committed to the main state. The +`checkState` is reset to the latest state of the main state each time a blocks gets [committed](#commit). + +`CheckTx` returns a response to the underlying consensus engine of type [`abci.ResponseCheckTx`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#checktx). +The response contains: + +* `Code (uint32)`: Response Code. `0` if successful. +* `Data ([]byte)`: Result bytes, if any. +* `Log (string):` The output of the application's logger. May be non-deterministic. +* `Info (string):` Additional information. May be non-deterministic. +* `GasWanted (int64)`: Amount of gas requested for transaction. It is provided by users when they generate the transaction. +* `GasUsed (int64)`: Amount of gas consumed by transaction. During `CheckTx`, this value is computed by multiplying the standard cost of a transaction byte by the size of the raw transaction. Next is an example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/ante/basic.go#L96 +``` + +* `Events ([]cmn.KVPair)`: Key-Value tags for filtering and indexing transactions (eg. by account). See [`event`s](08-events.md) for more. +* `Codespace (string)`: Namespace for the Code. + +#### RecheckTx + +After `Commit`, `CheckTx` is run again on all transactions that remain in the node's local mempool +excluding the transactions that are included in the block. To prevent the mempool from rechecking all transactions +every time a block is committed, the configuration option `mempool.recheck=false` can be set. As of +Tendermint v0.32.1, an additional `Type` parameter is made available to the `CheckTx` function that +indicates whether an incoming transaction is new (`CheckTxType_New`), or a recheck (`CheckTxType_Recheck`). +This allows certain checks like signature verification can be skipped during `CheckTxType_Recheck`. + +### DeliverTx + +When the underlying consensus engine receives a block proposal, each transaction in the block needs to be processed by the application. To that end, the underlying consensus engine sends a `DeliverTx` message to the application for each transaction in a sequential order. + +Before the first transaction of a given block is processed, a [volatile state](#state-updates) called `deliverState` is initialized during [`BeginBlock`](#beginblock). This state is updated each time a transaction is processed via `DeliverTx`, and committed to the [main state](#state-updates) when the block is [committed](#commit), after what it is set to `nil`. + +`DeliverTx` performs the **exact same steps as `CheckTx`**, with a little caveat at step 3 and the addition of a fifth step: + +1. The `AnteHandler` does **not** check that the transaction's `gas-prices` is sufficient. That is because the `min-gas-prices` value `gas-prices` is checked against is local to the node, and therefore what is enough for one full-node might not be for another. This means that the proposer can potentially include transactions for free, although they are not incentivised to do so, as they earn a bonus on the total fee of the block they propose. +2. For each `sdk.Msg` in the transaction, route to the appropriate module's Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md). Additional _stateful_ checks are performed, and the branched multistore held in `deliverState`'s `context` is updated by the module's `keeper`. If the `Msg` service returns successfully, the branched multistore held in `context` is written to `deliverState` `CacheMultiStore`. + +During the additional fifth step outlined in (2), each read/write to the store increases the value of `GasConsumed`. You can find the default cost of each operation: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/store/types/gas.go#L230-L241 +``` + +At any point, if `GasConsumed > GasWanted`, the function returns with `Code != 0` and `DeliverTx` fails. + +`DeliverTx` returns a response to the underlying consensus engine of type [`abci.ResponseDeliverTx`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#delivertx). The response contains: + +* `Code (uint32)`: Response Code. `0` if successful. +* `Data ([]byte)`: Result bytes, if any. +* `Log (string):` The output of the application's logger. May be non-deterministic. +* `Info (string):` Additional information. May be non-deterministic. +* `GasWanted (int64)`: Amount of gas requested for transaction. It is provided by users when they generate the transaction. +* `GasUsed (int64)`: Amount of gas consumed by transaction. During `DeliverTx`, this value is computed by multiplying the standard cost of a transaction byte by the size of the raw transaction, and by adding gas each time a read/write to the store occurs. +* `Events ([]cmn.KVPair)`: Key-Value tags for filtering and indexing transactions (eg. by account). See [`event`s](08-events.md) for more. +* `Codespace (string)`: Namespace for the Code. + +## RunTx, AnteHandler, RunMsgs, PostHandler + +### RunTx + +`RunTx` is called from `CheckTx`/`DeliverTx` to handle the transaction, with `runTxModeCheck` or `runTxModeDeliver` as parameter to differentiate between the two modes of execution. Note that when `RunTx` receives a transaction, it has already been decoded. + +The first thing `RunTx` does upon being called is to retrieve the `context`'s `CacheMultiStore` by calling the `getContextForTx()` function with the appropriate mode (either `runTxModeCheck` or `runTxModeDeliver`). This `CacheMultiStore` is a branch of the main store, with cache functionality (for query requests), instantiated during `BeginBlock` for `DeliverTx` and during the `Commit` of the previous block for `CheckTx`. After that, two `defer func()` are called for [`gas`](../beginner/04-gas-fees.md) management. They are executed when `runTx` returns and make sure `gas` is actually consumed, and will throw errors, if any. + +After that, `RunTx()` calls `ValidateBasic()`, when available and for backward compatibility, on each `sdk.Msg`in the `Tx`, which runs preliminary _stateless_ validity checks. If any `sdk.Msg` fails to pass `ValidateBasic()`, `RunTx()` returns with an error. + +Then, the [`anteHandler`](#antehandler) of the application is run (if it exists). In preparation of this step, both the `checkState`/`deliverState`'s `context` and `context`'s `CacheMultiStore` are branched using the `cacheTxContext()` function. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/baseapp/baseapp.go#L663-L672 +``` + +This allows `RunTx` not to commit the changes made to the state during the execution of `anteHandler` if it ends up failing. It also prevents the module implementing the `anteHandler` from writing to state, which is an important part of the [object-capabilities](10-ocap.md) of the Cosmos SDK. + +Finally, the [`RunMsgs()`](#runmsgs) function is called to process the `sdk.Msg`s in the `Tx`. In preparation of this step, just like with the `anteHandler`, both the `checkState`/`deliverState`'s `context` and `context`'s `CacheMultiStore` are branched using the `cacheTxContext()` function. + +### AnteHandler + +The `AnteHandler` is a special handler that implements the `AnteHandler` interface and is used to authenticate the transaction before the transaction's internal messages are processed. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/handler.go#L6-L8 +``` + +The `AnteHandler` is theoretically optional, but still a very important component of public blockchain networks. It serves 3 primary purposes: + +* Be a primary line of defense against spam and second line of defense (the first one being the mempool) against transaction replay with fees deduction and [`sequence`](01-transactions.md#transaction-generation) checking. +* Perform preliminary _stateful_ validity checks like ensuring signatures are valid or that the sender has enough funds to pay for fees. +* Play a role in the incentivisation of stakeholders via the collection of transaction fees. + +`BaseApp` holds an `anteHandler` as parameter that is initialized in the [application's constructor](../beginner/00-overview-app.md#application-constructor). The most widely used `anteHandler` is the [`auth` module](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/ante/ante.go). + +Click [here](../beginner/04-gas-fees.md#antehandler) for more on the `anteHandler`. + +### RunMsgs + +`RunMsgs` is called from `RunTx` with `runTxModeCheck` as parameter to check the existence of a route for each message the transaction, and with `runTxModeDeliver` to actually process the `sdk.Msg`s. + +First, it retrieves the `sdk.Msg`'s fully-qualified type name, by checking the `type_url` of the Protobuf `Any` representing the `sdk.Msg`. Then, using the application's [`msgServiceRouter`](#msg-service-router), it checks for the existence of `Msg` service method related to that `type_url`. At this point, if `mode == runTxModeCheck`, `RunMsgs` returns. Otherwise, if `mode == runTxModeDeliver`, the [`Msg` service](../../build/building-modules/03-msg-services.md) RPC is executed, before `RunMsgs` returns. + +### PostHandler + +`PostHandler` is similar to `AnteHandler`, but it, as the name suggests, executes custom post tx processing logic after [`RunMsgs`](#runmsgs) is called. `PostHandler` receives the `Result` of the the `RunMsgs` in order to enable this customizable behavior. + +Like `AnteHandler`s, `PostHandler`s are theoretically optional, one use case for `PostHandler`s is transaction tips (enabled by default in simapp). +Other use cases like unused gas refund can also be enabled by `PostHandler`s. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/posthandler/post.go#L1-L15 +``` + +Note, when `PostHandler`s fail, the state from `runMsgs` is also reverted, effectively making the transaction fail. + +## Other ABCI Messages + +### InitChain + +The [`InitChain` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#method-overview) is sent from the underlying CometBFT engine when the chain is first started. It is mainly used to **initialize** parameters and state like: + +* [Consensus Parameters](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_app_requirements.md#consensus-parameters) via `setConsensusParams`. +* [`checkState` and `deliverState`](#state-updates) via `setState`. +* The [block gas meter](../beginner/04-gas-fees.md#block-gas-meter), with infinite gas to process genesis transactions. + +Finally, the `InitChain(req abci.RequestInitChain)` method of `BaseApp` calls the [`initChainer()`](../beginner/00-overview-app.md#initchainer) of the application in order to initialize the main state of the application from the `genesis file` and, if defined, call the [`InitGenesis`](../../build/building-modules/08-genesis.md#initgenesis) function of each of the application's modules. + +### BeginBlock + +The [`BeginBlock` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#method-overview) is sent from the underlying CometBFT engine when a block proposal created by the correct proposer is received, before [`DeliverTx`](#delivertx) is run for each transaction in the block. It allows developers to have logic be executed at the beginning of each block. In the Cosmos SDK, the `BeginBlock(req abci.RequestBeginBlock)` method does the following: + +* Initialize [`deliverState`](#state-updates) with the latest header using the `req abci.RequestBeginBlock` passed as parameter via the `setState` function. + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/baseapp/baseapp.go#L406-L433 + ``` + + This function also resets the [main gas meter](../beginner/04-gas-fees.md#main-gas-meter). + +* Initialize the [block gas meter](../beginner/04-gas-fees.md#block-gas-meter) with the `maxGas` limit. The `gas` consumed within the block cannot go above `maxGas`. This parameter is defined in the application's consensus parameters. +* Run the application's [`beginBlocker()`](../beginner/00-overview-app.md#beginblocker-and-endblock), which mainly runs the [`BeginBlocker()`](../../build/building-modules/05-beginblock-endblock.md#beginblock) method of each of the application's modules. +* Set the [`VoteInfos`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#voteinfo) of the application, i.e. the list of validators whose _precommit_ for the previous block was included by the proposer of the current block. This information is carried into the [`Context`](02-context.md) so that it can be used during `DeliverTx` and `EndBlock`. + +### EndBlock + +The [`EndBlock` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#method-overview) is sent from the underlying CometBFT engine after [`DeliverTx`](#delivertx) as been run for each transaction in the block. It allows developers to have logic be executed at the end of each block. In the Cosmos SDK, the bulk `EndBlock(req abci.RequestEndBlock)` method is to run the application's [`EndBlocker()`](../beginner/00-overview-app.md#beginblocker-and-endblock), which mainly runs the [`EndBlocker()`](../../build/building-modules/05-beginblock-endblock.md#beginblock) method of each of the application's modules. + +### Commit + +The [`Commit` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#method-overview) is sent from the underlying CometBFT engine after the full-node has received _precommits_ from 2/3+ of validators (weighted by voting power). On the `BaseApp` end, the `Commit(res abci.ResponseCommit)` function is implemented to commit all the valid state transitions that occurred during `BeginBlock`, `DeliverTx` and `EndBlock` and to reset state for the next block. + +To commit state-transitions, the `Commit` function calls the `Write()` function on `deliverState.ms`, where `deliverState.ms` is a branched multistore of the main store `app.cms`. Then, the `Commit` function sets `checkState` to the latest header (obtained from `deliverState.ctx.BlockHeader`) and `deliverState` to `nil`. + +Finally, `Commit` returns the hash of the commitment of `app.cms` back to the underlying consensus engine. This hash is used as a reference in the header of the next block. + +### Info + +The [`Info` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#info-methods) is a simple query from the underlying consensus engine, notably used to sync the latter with the application during a handshake that happens on startup. When called, the `Info(res abci.ResponseInfo)` function from `BaseApp` will return the application's name, version and the hash of the last commit of `app.cms`. + +### Query + +The [`Query` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#info-methods) is used to serve queries received from the underlying consensus engine, including queries received via RPC like CometBFT RPC. It used to be the main entrypoint to build interfaces with the application, but with the introduction of [gRPC queries](../../build/building-modules/04-query-services.md) in Cosmos SDK v0.40, its usage is more limited. The application must respect a few rules when implementing the `Query` method, which are outlined [here](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_app_requirements.md#query). + +Each CometBFT `query` comes with a `path`, which is a `string` which denotes what to query. If the `path` matches a gRPC fully-qualified service method, then `BaseApp` will defer the query to the `grpcQueryRouter` and let it handle it like explained [above](#grpc-query-router). Otherwise, the `path` represents a query that is not (yet) handled by the gRPC router. `BaseApp` splits the `path` string with the `/` delimiter. By convention, the first element of the split string (`split[0]`) contains the category of `query` (`app`, `p2p`, `store` or `custom` ). The `BaseApp` implementation of the `Query(req abci.RequestQuery)` method is a simple dispatcher serving these 4 main categories of queries: + +* Application-related queries like querying the application's version, which are served via the `handleQueryApp` method. +* Direct queries to the multistore, which are served by the `handlerQueryStore` method. These direct queries are different from custom queries which go through `app.queryRouter`, and are mainly used by third-party service provider like block explorers. +* P2P queries, which are served via the `handleQueryP2P` method. These queries return either `app.addrPeerFilter` or `app.ipPeerFilter` that contain the list of peers filtered by address or IP respectively. These lists are first initialized via `options` in `BaseApp`'s [constructor](#constructor). diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/01-transactions.md b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/01-transactions.md new file mode 100644 index 00000000..deee7514 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/01-transactions.md @@ -0,0 +1,197 @@ +# Transactions + +:::note Synopsis +`Transactions` are objects created by end-users to trigger state changes in the application. +::: + +:::note + +### Pre-requisite Readings + +* [Anatomy of a Cosmos SDK Application](../beginner/00-overview-app.md) + +::: + +## Transactions + +Transactions are comprised of metadata held in [contexts](02-context.md) and [`sdk.Msg`s](../../build/building-modules/02-messages-and-queries.md) that trigger state changes within a module through the module's Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md). + +When users want to interact with an application and make state changes (e.g. sending coins), they create transactions. Each of a transaction's `sdk.Msg` must be signed using the private key associated with the appropriate account(s), before the transaction is broadcasted to the network. A transaction must then be included in a block, validated, and approved by the network through the consensus process. To read more about the lifecycle of a transaction, click [here](../beginner/01-tx-lifecycle.md). + +## Type Definition + +Transaction objects are Cosmos SDK types that implement the `Tx` interface + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/tx_msg.go#L42-L50 +``` + +It contains the following methods: + +* **GetMsgs:** unwraps the transaction and returns a list of contained `sdk.Msg`s - one transaction may have one or multiple messages, which are defined by module developers. +* **ValidateBasic:** lightweight, [_stateless_](../beginner/01-tx-lifecycle.md#types-of-checks) checks used by ABCI messages [`CheckTx`](00-baseapp.md#checktx) and [`DeliverTx`](00-baseapp.md#delivertx) to make sure transactions are not invalid. For example, the [`auth`](https://github.com/cosmos/cosmos-sdk/tree/main/x/auth) module's `ValidateBasic` function checks that its transactions are signed by the correct number of signers and that the fees do not exceed what the user's maximum. When [`runTx`](00-baseapp.md#runtx) is checking a transaction created from the [`auth`](https://github.com/cosmos/cosmos-sdk/tree/main/x/auth/spec) module, it first runs `ValidateBasic` on each message, then runs the `auth` module AnteHandler which calls `ValidateBasic` for the transaction itself. + + :::note + This function is different from the deprecated `sdk.Msg` [`ValidateBasic`](../beginner/01-tx-lifecycle.md#ValidateBasic) methods, which was performing basic validity checks on messages only. + ::: + +As a developer, you should rarely manipulate `Tx` directly, as `Tx` is really an intermediate type used for transaction generation. Instead, developers should prefer the `TxBuilder` interface, which you can learn more about [below](#transaction-generation). + +### Signing Transactions + +Every message in a transaction must be signed by the addresses specified by its `GetSigners`. The Cosmos SDK currently allows signing transactions in two different ways. + +#### `SIGN_MODE_DIRECT` (preferred) + +The most used implementation of the `Tx` interface is the Protobuf `Tx` message, which is used in `SIGN_MODE_DIRECT`: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/tx/v1beta1/tx.proto#L13-L26 +``` + +Because Protobuf serialization is not deterministic, the Cosmos SDK uses an additional `TxRaw` type to denote the pinned bytes over which a transaction is signed. Any user can generate a valid `body` and `auth_info` for a transaction, and serialize these two messages using Protobuf. `TxRaw` then pins the user's exact binary representation of `body` and `auth_info`, called respectively `body_bytes` and `auth_info_bytes`. The document that is signed by all signers of the transaction is `SignDoc` (deterministically serialized using [ADR-027](../../build/architecture/adr-027-deterministic-protobuf-serialization.md)): + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/tx/v1beta1/tx.proto#L48-L65 +``` + +Once signed by all signers, the `body_bytes`, `auth_info_bytes` and `signatures` are gathered into `TxRaw`, whose serialized bytes are broadcasted over the network. + +#### `SIGN_MODE_LEGACY_AMINO_JSON` + +The legacy implementation of the `Tx` interface is the `StdTx` struct from `x/auth`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/migrations/legacytx/stdtx.go#L83-L93 +``` + +The document signed by all signers is `StdSignDoc`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/migrations/legacytx/stdsign.go#L38-L52 +``` + +which is encoded into bytes using Amino JSON. Once all signatures are gathered into `StdTx`, `StdTx` is serialized using Amino JSON, and these bytes are broadcasted over the network. + +#### Other Sign Modes + +The Cosmos SDK also provides a couple of other sign modes for particular use cases. + +#### `SIGN_MODE_DIRECT_AUX` + +`SIGN_MODE_DIRECT_AUX` is a sign mode released in the Cosmos SDK v0.46 which targets transactions with multiple signers. Whereas `SIGN_MODE_DIRECT` expects each signer to sign over both `TxBody` and `AuthInfo` (which includes all other signers' signer infos, i.e. their account sequence, public key and mode info), `SIGN_MODE_DIRECT_AUX` allows N-1 signers to only sign over `TxBody` and _their own_ signer info. Morever, each auxiliary signer (i.e. a signer using `SIGN_MODE_DIRECT_AUX`) doesn't +need to sign over the fees: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/tx/v1beta1/tx.proto#L67-L97 +``` + +The use case is a multi-signer transaction, where one of the signers is appointed to gather all signatures, broadcast the signature and pay for fees, and the others only care about the transaction body. This generally allows for a better multi-signing UX. If Alice, Bob and Charlie are part of a 3-signer transaction, then Alice and Bob can both use `SIGN_MODE_DIRECT_AUX` to sign over the `TxBody` and their own signer info (no need an additional step to gather other signers' ones, like in `SIGN_MODE_DIRECT`), without specifying a fee in their SignDoc. Charlie can then gather both signatures from Alice and Bob, and +create the final transaction by appending a fee. Note that the fee payer of the transaction (in our case Charlie) must sign over the fees, so must use `SIGN_MODE_DIRECT` or `SIGN_MODE_LEGACY_AMINO_JSON`. + +#### `SIGN_MODE_TEXTUAL` + +`SIGN_MODE_TEXTUAL` is a new sign mode for delivering a better signing experience on hardware wallets, it is currently still under implementation. If you wish to learn more, please refer to [ADR-050](https://github.com/cosmos/cosmos-sdk/pull/10701). + +#### Custom Sign modes + +There is the the opportunity to add your own custom sign mode to the Cosmos-SDK. While we can not accept the implementation of the sign mode to the repository, we can accept a pull request to add the custom signmode to the SignMode enum located [here](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/tx/signing/v1beta1/signing.proto#L17) + +## Transaction Process + +The process of an end-user sending a transaction is: + +* decide on the messages to put into the transaction, +* generate the transaction using the Cosmos SDK's `TxBuilder`, +* broadcast the transaction using one of the available interfaces. + +The next paragraphs will describe each of these components, in this order. + +### Messages + +:::tip +Module `sdk.Msg`s are not to be confused with [ABCI Messages](https://docs.cometbft.com/v0.37/spec/abci/) which define interactions between the CometBFT and application layers. +::: + +**Messages** (or `sdk.Msg`s) are module-specific objects that trigger state transitions within the scope of the module they belong to. Module developers define the messages for their module by adding methods to the Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md), and also implement the corresponding `MsgServer`. + +Each `sdk.Msg`s is related to exactly one Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md) RPC, defined inside each module's `tx.proto` file. A SDK app router automatically maps every `sdk.Msg` to a corresponding RPC. Protobuf generates a `MsgServer` interface for each module `Msg` service, and the module developer needs to implement this interface. +This design puts more responsibility on module developers, allowing application developers to reuse common functionalities without having to implement state transition logic repetitively. + +To learn more about Protobuf `Msg` services and how to implement `MsgServer`, click [here](../../build/building-modules/03-msg-services.md). + +While messages contain the information for state transition logic, a transaction's other metadata and relevant information are stored in the `TxBuilder` and `Context`. + +### Transaction Generation + +The `TxBuilder` interface contains data closely related with the generation of transactions, which an end-user can freely set to generate the desired transaction: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/client/tx_config.go#L33-L50 +``` + +* `Msg`s, the array of [messages](#messages) included in the transaction. +* `GasLimit`, option chosen by the users for how to calculate how much gas they will need to pay. +* `Memo`, a note or comment to send with the transaction. +* `FeeAmount`, the maximum amount the user is willing to pay in fees. +* `TimeoutHeight`, block height until which the transaction is valid. +* `Signatures`, the array of signatures from all signers of the transaction. + +As there are currently two sign modes for signing transactions, there are also two implementations of `TxBuilder`: + +* [wrapper](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/tx/builder.go#L18-L34) for creating transactions for `SIGN_MODE_DIRECT`, +* [StdTxBuilder](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/migrations/legacytx/stdtx_builder.go#L15-L21) for `SIGN_MODE_LEGACY_AMINO_JSON`. + +However, the two implementation of `TxBuilder` should be hidden away from end-users, as they should prefer using the overarching `TxConfig` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/client/tx_config.go#L22-L31 +``` + +`TxConfig` is an app-wide configuration for managing transactions. Most importantly, it holds the information about whether to sign each transaction with `SIGN_MODE_DIRECT` or `SIGN_MODE_LEGACY_AMINO_JSON`. By calling `txBuilder := txConfig.NewTxBuilder()`, a new `TxBuilder` will be created with the appropriate sign mode. + +Once `TxBuilder` is correctly populated with the setters exposed above, `TxConfig` will also take care of correctly encoding the bytes (again, either using `SIGN_MODE_DIRECT` or `SIGN_MODE_LEGACY_AMINO_JSON`). Here's a pseudo-code snippet of how to generate and encode a transaction, using the `TxEncoder()` method: + +```go +txBuilder := txConfig.NewTxBuilder() +txBuilder.SetMsgs(...) // and other setters on txBuilder + +bz, err := txConfig.TxEncoder()(txBuilder.GetTx()) +// bz are bytes to be broadcasted over the network +``` + +### Broadcasting the Transaction + +Once the transaction bytes are generated, there are currently three ways of broadcasting it. + +#### CLI + +Application developers create entry points to the application by creating a [command-line interface](07-cli.md), [gRPC and/or REST interface](09-grpc_rest.md), typically found in the application's `./cmd` folder. These interfaces allow users to interact with the application through command-line. + +For the [command-line interface](../../build/building-modules/09-module-interfaces.md#cli), module developers create subcommands to add as children to the application top-level transaction command `TxCmd`. CLI commands actually bundle all the steps of transaction processing into one simple command: creating messages, generating transactions and broadcasting. For concrete examples, see the [Interacting with a Node](../../user/run-node/02-interact-node.md) section. An example transaction made using CLI looks like: + +```bash +simd tx send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake +``` + +#### gRPC + +[gRPC](https://grpc.io) is the main component for the Cosmos SDK's RPC layer. Its principal usage is in the context of modules' [`Query` services](../../build/building-modules/04-query-services.md). However, the Cosmos SDK also exposes a few other module-agnostic gRPC services, one of them being the `Tx` service: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/tx/v1beta1/service.proto +``` + +The `Tx` service exposes a handful of utility functions, such as simulating a transaction or querying a transaction, and also one method to broadcast transactions. + +Examples of broadcasting and simulating a transaction are shown [here](../../user/run-node/03-txs.md#programmatically-with-go). + +#### REST + +Each gRPC method has its corresponding REST endpoint, generated using [gRPC-gateway](https://github.com/grpc-ecosystem/grpc-gateway). Therefore, instead of using gRPC, you can also use HTTP to broadcast the same transaction, on the `POST /cosmos/tx/v1beta1/txs` endpoint. + +An example can be seen [here](../../user/run-node/03-txs.md#using-rest) + +#### CometBFT RPC + +The three methods presented above are actually higher abstractions over the CometBFT RPC `/broadcast_tx_{async,sync,commit}` endpoints, documented [here](https://docs.cometbft.com/v0.37/core/rpc). This means that you can use the CometBFT RPC endpoints directly to broadcast the transaction, if you wish so. diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/02-context.md b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/02-context.md new file mode 100644 index 00000000..e52b63ab --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/02-context.md @@ -0,0 +1,102 @@ +--- +sidebar_position: 1 +--- + +# Context + +:::note Synopsis +The `context` is a data structure intended to be passed from function to function that carries information about the current state of the application. It provides access to a branched storage (a safe branch of the entire state) as well as useful objects and information like `gasMeter`, `block height`, `consensus parameters` and more. +::: + +:::note + +### Pre-requisites Readings + +* [Anatomy of a Cosmos SDK Application](../beginner/00-overview-app.md) +* [Lifecycle of a Transaction](../beginner/01-tx-lifecycle.md) + +::: + +## Context Definition + +The Cosmos SDK `Context` is a custom data structure that contains Go's stdlib [`context`](https://pkg.go.dev/context) as its base, and has many additional types within its definition that are specific to the Cosmos SDK. The `Context` is integral to transaction processing in that it allows modules to easily access their respective [store](04-store.md#base-layer-kvstores) in the [`multistore`](04-store.md#multistore) and retrieve transactional context such as the block header and gas meter. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/context.go#L17-L44 +``` + +* **Base Context:** The base type is a Go [Context](https://pkg.go.dev/context), which is explained further in the [Go Context Package](#go-context-package) section below. +* **Multistore:** Every application's `BaseApp` contains a [`CommitMultiStore`](04-store.md#multistore) which is provided when a `Context` is created. Calling the `KVStore()` and `TransientStore()` methods allows modules to fetch their respective [`KVStore`](04-store.md#base-layer-kvstores) using their unique `StoreKey`. +* **Header:** The [header](https://docs.cometbft.com/v0.37/spec/core/data_structures#header) is a Blockchain type. It carries important information about the state of the blockchain, such as block height and proposer of the current block. +* **Header Hash:** The current block header hash, obtained during `abci.RequestBeginBlock`. +* **Chain ID:** The unique identification number of the blockchain a block pertains to. +* **Transaction Bytes:** The `[]byte` representation of a transaction being processed using the context. Every transaction is processed by various parts of the Cosmos SDK and consensus engine (e.g. CometBFT) throughout its [lifecycle](../beginner/01-tx-lifecycle.md), some of which do not have any understanding of transaction types. Thus, transactions are marshaled into the generic `[]byte` type using some kind of [encoding format](06-encoding.md) such as [Amino](06-encoding.md). +* **Logger:** A `logger` from the CometBFT libraries. Learn more about logs [here](https://docs.cometbft.com/v0.37/core/configuration). Modules call this method to create their own unique module-specific logger. +* **VoteInfo:** A list of the ABCI type [`VoteInfo`](https://docs.cometbft.com/master/spec/abci/abci.html#voteinfo), which includes the name of a validator and a boolean indicating whether they have signed the block. +* **Gas Meters:** Specifically, a [`gasMeter`](../beginner/04-gas-fees.md#main-gas-meter) for the transaction currently being processed using the context and a [`blockGasMeter`](../beginner/04-gas-fees.md#block-gas-meter) for the entire block it belongs to. Users specify how much in fees they wish to pay for the execution of their transaction; these gas meters keep track of how much [gas](../beginner/04-gas-fees.md) has been used in the transaction or block so far. If the gas meter runs out, execution halts. +* **CheckTx Mode:** A boolean value indicating whether a transaction should be processed in `CheckTx` or `DeliverTx` mode. +* **Min Gas Price:** The minimum [gas](../beginner/04-gas-fees.md) price a node is willing to take in order to include a transaction in its block. This price is a local value configured by each node individually, and should therefore **not be used in any functions used in sequences leading to state-transitions**. +* **Consensus Params:** The ABCI type [Consensus Parameters](https://docs.cometbft.com/master/spec/abci/apps.html#consensus-parameters), which specify certain limits for the blockchain, such as maximum gas for a block. +* **Event Manager:** The event manager allows any caller with access to a `Context` to emit [`Events`](08-events.md). Modules may define module specific + `Events` by defining various `Types` and `Attributes` or use the common definitions found in `types/`. Clients can subscribe or query for these `Events`. These `Events` are collected throughout `DeliverTx`, `BeginBlock`, and `EndBlock` and are returned to CometBFT for indexing. For example: +* **Priority:** The transaction priority, only relevant in `CheckTx`. +* **KV `GasConfig`:** Enables applications to set a custom `GasConfig` for the `KVStore`. +* **Transient KV `GasConfig`:** Enables applications to set a custom `GasConfig` for the transiant `KVStore`. + +## Go Context Package + +A basic `Context` is defined in the [Golang Context Package](https://pkg.go.dev/context). A `Context` +is an immutable data structure that carries request-scoped data across APIs and processes. Contexts +are also designed to enable concurrency and to be used in goroutines. + +Contexts are intended to be **immutable**; they should never be edited. Instead, the convention is +to create a child context from its parent using a `With` function. For example: + +```go +childCtx = parentCtx.WithBlockHeader(header) +``` + +The [Golang Context Package](https://pkg.go.dev/context) documentation instructs developers to +explicitly pass a context `ctx` as the first argument of a process. + +## Store branching + +The `Context` contains a `MultiStore`, which allows for branchinig and caching functionality using `CacheMultiStore` +(queries in `CacheMultiStore` are cached to avoid future round trips). +Each `KVStore` is branched in a safe and isolated ephemeral storage. Processes are free to write changes to +the `CacheMultiStore`. If a state-transition sequence is performed without issue, the store branch can +be committed to the underlying store at the end of the sequence or disregard them if something +goes wrong. The pattern of usage for a Context is as follows: + +1. A process receives a Context `ctx` from its parent process, which provides information needed to + perform the process. +2. The `ctx.ms` is a **branched store**, i.e. a branch of the [multistore](04-store.md#multistore) is made so that the process can make changes to the state as it executes, without changing the original`ctx.ms`. This is useful to protect the underlying multistore in case the changes need to be reverted at some point in the execution. +3. The process may read and write from `ctx` as it is executing. It may call a subprocess and pass + `ctx` to it as needed. +4. When a subprocess returns, it checks if the result is a success or failure. If a failure, nothing + needs to be done - the branch `ctx` is simply discarded. If successful, the changes made to + the `CacheMultiStore` can be committed to the original `ctx.ms` via `Write()`. + +For example, here is a snippet from the [`runTx`](00-baseapp.md#runtx-antehandler-runmsgs-posthandler) function in [`baseapp`](00-baseapp.md): + +```go +runMsgCtx, msCache := app.cacheTxContext(ctx, txBytes) +result = app.runMsgs(runMsgCtx, msgs, mode) +result.GasWanted = gasWanted +if mode != runTxModeDeliver { + return result +} +if result.IsOK() { + msCache.Write() +} +``` + +Here is the process: + +1. Prior to calling `runMsgs` on the message(s) in the transaction, it uses `app.cacheTxContext()` + to branch and cache the context and multistore. +2. `runMsgCtx` - the context with branched store, is used in `runMsgs` to return a result. +3. If the process is running in [`checkTxMode`](00-baseapp.md#checktx), there is no need to write the + changes - the result is returned immediately. +4. If the process is running in [`deliverTxMode`](00-baseapp.md#delivertx) and the result indicates + a successful run over all the messages, the branched multistore is written back to the original. diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/03-node.md b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/03-node.md new file mode 100644 index 00000000..8affd2e2 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/03-node.md @@ -0,0 +1,98 @@ +--- +sidebar_position: 1 +--- + +# Node Client (Daemon) + +:::note Synopsis +The main endpoint of a Cosmos SDK application is the daemon client, otherwise known as the full-node client. The full-node runs the state-machine, starting from a genesis file. It connects to peers running the same client in order to receive and relay transactions, block proposals and signatures. The full-node is constituted of the application, defined with the Cosmos SDK, and of a consensus engine connected to the application via the ABCI. +::: + +:::note + +### Pre-requisite Readings + +* [Anatomy of an SDK application](../beginner/00-overview-app.md) + +::: + +## `main` function + +The full-node client of any Cosmos SDK application is built by running a `main` function. The client is generally named by appending the `-d` suffix to the application name (e.g. `appd` for an application named `app`), and the `main` function is defined in a `./appd/cmd/main.go` file. Running this function creates an executable `appd` that comes with a set of commands. For an app named `app`, the main command is [`appd start`](#start-command), which starts the full-node. + +In general, developers will implement the `main.go` function with the following structure: + +* First, an [`encodingCodec`](06-encoding.md) is instantiated for the application. +* Then, the `config` is retrieved and config parameters are set. This mainly involves setting the Bech32 prefixes for [addresses](../beginner/03-accounts.md#addresses). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/config.go#L14-L29 +``` + +* Using [cobra](https://github.com/spf13/cobra), the root command of the full-node client is created. After that, all the custom commands of the application are added using the `AddCommand()` method of `rootCmd`. +* Add default server commands to `rootCmd` using the `server.AddCommands()` method. These commands are separated from the ones added above since they are standard and defined at Cosmos SDK level. They should be shared by all Cosmos SDK-based applications. They include the most important command: the [`start` command](#start-command). +* Prepare and execute the `executor`. + +```go reference +https://github.com/cometbft/cometbft/blob/v0.37.0/libs/cli/setup.go#L74-L78 +``` + +See an example of `main` function from the `simapp` application, the Cosmos SDK's application for demo purposes: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/simd/main.go +``` + +## `start` command + +The `start` command is defined in the `/server` folder of the Cosmos SDK. It is added to the root command of the full-node client in the [`main` function](#main-function) and called by the end-user to start their node: + +```bash +# For an example app named "app", the following command starts the full-node. +appd start + +# Using the Cosmos SDK's own simapp, the following commands start the simapp node. +simd start +``` + +As a reminder, the full-node is composed of three conceptual layers: the networking layer, the consensus layer and the application layer. The first two are generally bundled together in an entity called the consensus engine (CometBFT by default), while the third is the state-machine defined with the help of the Cosmos SDK. Currently, the Cosmos SDK uses CometBFT as the default consensus engine, meaning the start command is implemented to boot up a CometBFT node. + +The flow of the `start` command is pretty straightforward. First, it retrieves the `config` from the `context` in order to open the `db` (a [`leveldb`](https://github.com/syndtr/goleveldb) instance by default). This `db` contains the latest known state of the application (empty if the application is started from the first time. + +With the `db`, the `start` command creates a new instance of the application using an `appCreator` function: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/server/start.go#L220 +``` + +Note that an `appCreator` is a function that fulfills the `AppCreator` signature: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/server/types/app.go#L64-L66 +``` + +In practice, the [constructor of the application](../beginner/00-overview-app.md#constructor-function) is passed as the `appCreator`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/simd/cmd/root.go#L254-L268 +``` + +Then, the instance of `app` is used to instantiate a new CometBFT node: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/server/start.go#L336-L348 +``` + +The CometBFT node can be created with `app` because the latter satisfies the [`abci.Application` interface](https://github.com/cometbft/cometbft/blob/v0.37.0/abci/types/application.go#L9-L35) (given that `app` extends [`baseapp`](00-baseapp.md)). As part of the `node.New` method, CometBFT makes sure that the height of the application (i.e. number of blocks since genesis) is equal to the height of the CometBFT node. The difference between these two heights should always be negative or null. If it is strictly negative, `node.New` will replay blocks until the height of the application reaches the height of the CometBFT node. Finally, if the height of the application is `0`, the CometBFT node will call [`InitChain`](00-baseapp.md#initchain) on the application to initialize the state from the genesis file. + +Once the CometBFT node is instantiated and in sync with the application, the node can be started: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/server/start.go#L350-L352 +``` + +Upon starting, the node will bootstrap its RPC and P2P server and start dialing peers. During handshake with its peers, if the node realizes they are ahead, it will query all the blocks sequentially in order to catch up. Then, it will wait for new block proposals and block signatures from validators in order to make progress. + +## Other commands + +To discover how to concretely run a node and interact with it, please refer to our [Running a Node, API and CLI](../../user/run-node/01-run-node.md) guide. diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/04-store.md b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/04-store.md new file mode 100644 index 00000000..f92484ab --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/04-store.md @@ -0,0 +1,105 @@ +--- +sidebar_position: 1 +--- + +# Store + +:::note Synopsis +A store is a data structure that holds the state of the application. +::: + +:::note + +### Pre-requisite Readings + +* [Anatomy of a Cosmos SDK application](../beginner/00-overview-app.md) + +::: + +## Introduction + +The Cosmos SDK store package provides interfaces, types, and abstractions for managing Merkleized state storage and commitment within a Cosmos SDK application. The package supplies various primitives for developers to work with, including state storage, state commitment, and wrapper KVStores. This document highlights the key abstractions and their significance. + +## Multistore + +The main store in Cosmos SDK applications is a multistore, a store of stores, that supports modularity. Developers can add any number of key-value stores to the multistore based on their application needs. Each module can declare and manage its own subset of the state, allowing for a modular approach. Key-value stores within the multistore can only be accessed with a specific capability key, which is typically held in the keeper of the module that declared the store. + +## Store Interfaces + +### KVStore + +The `KVStore` interface defines a key-value store that can be used to store and retrieve data. The default implementation of `KVStore` used in `baseapp` is the `iavl.Store`, which is based on an IAVL Tree. KVStores can be accessed by objects that hold a specific key and can provide an `Iterator` method that returns an `Iterator` object, used to iterate over a range of keys. + +### CommitKVStore + +The `CommitKVStore` interface extends the `KVStore` interface and adds methods for state commitment. The default implementation of `CommitKVStore` used in `baseapp` is also the `iavl.Store`. + +### StoreDB + +The `StoreDB` interface defines a database that can be used to persist key-value stores. The default implementation of `StoreDB` used in `baseapp` is the `dbm.DB`, which is a simple persistent key-value store. + +### DBAdapter + +The `DBAdapter` interface defines an adapter for `dbm.DB` that fulfills the `KVStore` interface. This interface is used to provide compatibility between the `dbm.DB` implementation and the `KVStore` interface. + +### TransientStore + +The `TransientStore` interface defines a base-layer KVStore which is automatically discarded at the end of the block and is useful for persisting information that is only relevant per-block, like storing parameter changes. + +## Store Abstractions + +The store package provides a comprehensive set of abstractions for managing state commitment and storage in an SDK application. These abstractions include CacheWrapping, KVStore, and CommitMultiStore, which offer a range of features such as CRUD functionality, prefix-based iteration, and state commitment management. + +By utilizing these abstractions, developers can create modular applications with independent state management for each module. This approach allows for a more organized and maintainable application structure. + +### CacheWrap + +CacheWrap is a wrapper around a KVStore that provides caching for both read and write operations. The CacheWrap can be used to improve performance by reducing the number of disk reads and writes required for state storage operations. The CacheWrap also includes a Write method that commits the pending writes to the underlying KVStore. + +### HistoryStore + +The HistoryStore is an optional feature that can be used to store historical versions of the state. The HistoryStore can be used to track changes to the state over time, allowing developers to analyze changes in the state and roll back to previous versions if necessary. + +### IndexStore + +The IndexStore is a type of KVStore that is used to maintain indexes of data stored in other KVStores. IndexStores can be used to improve query performance by providing a way to quickly search for data based on specific criteria. + +### Queryable + +The Queryable interface is used to provide a way for applications to query the state stored in a KVStore. The Queryable interface includes methods for retrieving data based on a key or a range of keys, as well as methods for retrieving data based on specific criteria. + +### PrefixIterator + +The PrefixIterator interface is used to iterate over a range of keys in a KVStore that share a common prefix. PrefixIterators can be used to efficiently retrieve subsets of data from a KVStore based on a specific prefix. + +### RootMultiStore + +The RootMultiStore is a Multistore that provides the ability to retrieve a snapshot of the state at a specific height. This is useful for implementing light clients. + +### GasKVStore + +The GasKVStore is a wrapper around a KVStore that provides gas measurement for read and write operations. The GasKVStore is typically used to measure the cost of executing transactions. + +## Implementation Details + +While there are many interfaces that the store package provides, there is typically a core implementation for each main interface that modules and developers interact with that are defined in the Cosmos SDK. + +The `iavl.Store` provides the core implementation for state storage and commitment by implementing the following interfaces: + +- `KVStore` +- `CommitStore` +- `CommitKVStore` +- `Queryable` +- `StoreWithInitialVersion` + +The `iavl.Store` also provides the ability to remove historical state from the state commitment layer. + +An overview of the IAVL implementation can be found [here](https://github.com/cosmos/iavl/blob/master/docs/overview.md). + +Other store abstractions include `cachekv.Store`, `gaskv.Store`, `cachemulti.Store`, and `rootmulti.Store`. Each of these stores provide additional functionality and abstractions for developers to work with. + +Note that concurrent access to the `iavl.Store` tree is not safe, and it is the responsibility of the caller to ensure that concurrent access to the store is not performed. + +## Store Migration + +Store migration is the process of updating the structure of a KVStore to support new features or changes in the data model. Store migration can be a complex process, but it is essential for maintaining the integrity of the state stored in a KVStore. diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/05-interblock-cache.md b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/05-interblock-cache.md new file mode 100644 index 00000000..9914c5b5 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/05-interblock-cache.md @@ -0,0 +1,293 @@ +--- +sidebar_position: 1 +--- + +# Inter-block Cache + +* [Inter-block Cache](#inter-block-cache) + * [Synopsis](#synopsis) + * [Overview and basic concepts](#overview-and-basic-concepts) + * [Motivation](#motivation) + * [Definitions](#definitions) + * [System model and properties](#system-model-and-properties) + * [Assumptions](#assumptions) + * [Properties](#properties) + * [Thread safety](#thread-safety) + * [Crash recovery](#crash-recovery) + * [Iteration](#iteration) + * [Technical specification](#technical-specification) + * [General design](#general-design) + * [API](#api) + * [CommitKVCacheManager](#commitkvcachemanager) + * [CommitKVStoreCache](#commitkvstorecache) + * [Implementation details](#implementation-details) + * [History](#history) + * [Copyright](#copyright) + +## Synopsis + +The inter-block cache is an in-memory cache storing (in-most-cases) immutable state that modules need to read in between blocks. When enabled, all sub-stores of a multi store, e.g., `rootmulti`, are wrapped. + +## Overview and basic concepts + +### Motivation + +The goal of the inter-block cache is to allow SDK modules to have fast access to data that it is typically queried during the execution of every block. This is data that do not change often, e.g. module parameters. The inter-block cache wraps each `CommitKVStore` of a multi store such as `rootmulti` with a fixed size, write-through cache. Caches are not cleared after a block is committed, as opposed to other caching layers such as `cachekv`. + +### Definitions + +* `Store key` uniquely identifies a store. +* `KVCache` is a `CommitKVStore` wrapped with a cache. +* `Cache manager` is a key component of the inter-block cache responsible for maintaining a map from `store keys` to `KVCaches`. + +## System model and properties + +### Assumptions + +This specification assumes that there exists a cache implementation accessible to the inter-block cache feature. + +> The implementation uses adaptive replacement cache (ARC), an enhancement over the standard last-recently-used (LRU) cache in that tracks both frequency and recency of use. + +The inter-block cache requires that the cache implementation to provide methods to create a cache, add a key/value pair, remove a key/value pair and retrieve the value associated to a key. In this specification, we assume that a `Cache` feature offers this functionality through the following methods: + +* `NewCache(size int)` creates a new cache with `size` capacity and returns it. +* `Get(key string)` attempts to retrieve a key/value pair from `Cache.` It returns `(value []byte, success bool)`. If `Cache` contains the key, it `value` contains the associated value and `success=true`. Otherwise, `success=false` and `value` should be ignored. +* `Add(key string, value []byte)` inserts a key/value pair into the `Cache`. +* `Remove(key string)` removes the key/value pair identified by `key` from `Cache`. + +The specification also assumes that `CommitKVStore` offers the following API: + +* `Get(key string)` attempts to retrieve a key/value pair from `CommitKVStore`. +* `Set(key, string, value []byte)` inserts a key/value pair into the `CommitKVStore`. +* `Delete(key string)` removes the key/value pair identified by `key` from `CommitKVStore`. + +> Ideally, both `Cache` and `CommitKVStore` should be specified in a different document and referenced here. + +### Properties + +#### Thread safety + +Accessing the `cache manager` or a `KVCache` is not thread-safe: no method is guarded with a lock. +Note that this is true even if the cache implementation is thread-safe. + +> For instance, assume that two `Set` operations are executed concurrently on the same key, each writing a different value. After both are executed, the cache and the underlying store may be inconsistent, each storing a different value under the same key. + +#### Crash recovery + +The inter-block cache transparently delegates `Commit()` to its aggregate `CommitKVStore`. If the +aggregate `CommitKVStore` supports atomic writes and use them to guarantee that the store is always in a consistent state in disk, the inter-block cache can be transparently moved to a consistent state when a failure occurs. + +> Note that this is the case for `IAVLStore`, the preferred `CommitKVStore`. On commit, it calls `SaveVersion()` on the underlying `MutableTree`. `SaveVersion` writes to disk are atomic via batching. This means that only consistent versions of the store (the tree) are written to the disk. Thus, in case of a failure during a `SaveVersion` call, on recovery from disk, the version of the store will be consistent. + +#### Iteration + +Iteration over each wrapped store is supported via the embedded `CommitKVStore` interface. + +## Technical specification + +### General design + +The inter-block cache feature is composed by two components: `CommitKVCacheManager` and `CommitKVCache`. + +`CommitKVCacheManager` implements the cache manager. It maintains a mapping from a store key to a `KVStore`. + +```go +type CommitKVStoreCacheManager interface{ + cacheSize uint + caches map[string]CommitKVStore +} +``` + +`CommitKVStoreCache` implements a `KVStore`: a write-through cache that wraps a `CommitKVStore`. This means that deletes and writes always happen to both the cache and the underlying `CommitKVStore`. Reads on the other hand first hit the internal cache. During a cache miss, the read is delegated to the underlying `CommitKVStore` and cached. + +```go +type CommitKVStoreCache interface{ + store CommitKVStore + cache Cache +} +``` + +To enable inter-block cache on `rootmulti`, one needs to instantiate a `CommitKVCacheManager` and set it by calling `SetInterBlockCache()` before calling one of `LoadLatestVersion()`, `LoadLatestVersionAndUpgrade(...)`, `LoadVersionAndUpgrade(...)` and `LoadVersion(version)`. + +### API + +#### CommitKVCacheManager + +The method `NewCommitKVStoreCacheManager` creates a new cache manager and returns it. + +| Name | Type | Description | +| ------------- | ---------|------- | +| size | integer | Determines the capacity of each of the KVCache maintained by the manager | + +```go +func NewCommitKVStoreCacheManager(size uint) CommitKVStoreCacheManager { + manager = CommitKVStoreCacheManager{size, make(map[string]CommitKVStore)} + return manager +} +``` + +`GetStoreCache` returns a cache from the CommitStoreCacheManager for a given store key. If no cache exists for the store key, then one is created and set. + +| Name | Type | Description | +| ------------- | ---------|------- | +| manager | `CommitKVStoreCacheManager` | The cache manager | +| storeKey | string | The store key of the store being retrieved | +| store | `CommitKVStore` | The store that it is cached in case the manager does not have any in its map of caches | + +```go +func GetStoreCache( + manager CommitKVStoreCacheManager, + storeKey string, + store CommitKVStore) CommitKVStore { + + if manager.caches.has(storeKey) { + return manager.caches.get(storeKey) + } else { + cache = CommitKVStoreCacheManager{store, manager.cacheSize} + manager.set(storeKey, cache) + return cache + } +} +``` + +`Unwrap` returns the underlying CommitKVStore for a given store key. + +| Name | Type | Description | +| ------------- | ---------|------- | +| manager | `CommitKVStoreCacheManager` | The cache manager | +| storeKey | string | The store key of the store being unwrapped | + +```go +func Unwrap( + manager CommitKVStoreCacheManager, + storeKey string) CommitKVStore { + + if manager.caches.has(storeKey) { + cache = manager.caches.get(storeKey) + return cache.store + } else { + return nil + } +} +``` + +`Reset` resets the manager's map of caches. + +| Name | Type | Description | +| ------------- | ---------|------- | +| manager | `CommitKVStoreCacheManager` | The cache manager | + +```go +function Reset(manager CommitKVStoreCacheManager) { + + for (let storeKey of manager.caches.keys()) { + manager.caches.delete(storeKey) + } +} +``` + +#### CommitKVStoreCache + +`NewCommitKVStoreCache` creates a new `CommitKVStoreCache` and returns it. + +| Name | Type | Description | +| ------------- | ---------|------- | +| store | CommitKVStore | The store to be cached | +| size | string | Determines the capacity of the cache being created | + +```go +func NewCommitKVStoreCache( + store CommitKVStore, + size uint) CommitKVStoreCache { + KVCache = CommitKVStoreCache{store, NewCache(size)} + return KVCache +} +``` + +`Get` retrieves a value by key. It first looks in the cache. If the key is not in the cache, the query is delegated to the underlying `CommitKVStore`. In the latter case, the key/value pair is cached. The method returns the value. + +| Name | Type | Description | +| ------------- | ---------|------- | +| KVCache | `CommitKVStoreCache` | The `CommitKVStoreCache` from which the key/value pair is retrieved | +| key | string | Key of the key/value pair being retrieved | + +```go +func Get( + KVCache CommitKVStoreCache, + key string) []byte { + valueCache, success := KVCache.cache.Get(key) + if success { + // cache hit + return valueCache + } else { + // cache miss + valueStore = KVCache.store.Get(key) + KVCache.cache.Add(key, valueStore) + return valueStore + } +} +``` + +`Set` inserts a key/value pair into both the write-through cache and the underlying `CommitKVStore`. + +| Name | Type | Description | +| ------------- | ---------|------- | +| KVCache | `CommitKVStoreCache` | The `CommitKVStoreCache` to which the key/value pair is inserted | +| key | string | Key of the key/value pair being inserted | +| value | []byte | Value of the key/value pair being inserted | + +```go +func Set( + KVCache CommitKVStoreCache, + key string, + value []byte) { + + KVCache.cache.Add(key, value) + KVCache.store.Set(key, value) +} +``` + +`Delete` removes a key/value pair from both the write-through cache and the underlying `CommitKVStore`. + +| Name | Type | Description | +| ------------- | ---------|------- | +| KVCache | `CommitKVStoreCache` | The `CommitKVStoreCache` from which the key/value pair is deleted | +| key | string | Key of the key/value pair being deleted | + +```go +func Delete( + KVCache CommitKVStoreCache, + key string) { + + KVCache.cache.Remove(key) + KVCache.store.Delete(key) +} +``` + +`CacheWrap` wraps a `CommitKVStoreCache` with another caching layer (`CacheKV`). + +> It is unclear whether there is a use case for `CacheWrap`. + +| Name | Type | Description | +| ------------- | ---------|------- | +| KVCache | `CommitKVStoreCache` | The `CommitKVStoreCache` being wrapped | + +```go +func CacheWrap( + KVCache CommitKVStoreCache) { + + return CacheKV.NewStore(KVCache) +} +``` + +### Implementation details + +The inter-block cache implementation uses a fixed-sized adaptive replacement cache (ARC) as cache. [The ARC implementation](https://github.com/hashicorp/golang-lru/blob/master/arc.go) is thread-safe. ARC is an enhancement over the standard LRU cache in that tracks both frequency and recency of use. This avoids a burst in access to new entries from evicting the frequently used older entries. It adds some additional tracking overhead to a standard LRU cache, computationally it is roughly `2x` the cost, and the extra memory overhead is linear with the size of the cache. The default cache size is `1000`. + +## History + +Dec 20, 2022 - Initial draft finished and submitted as a PR + +## Copyright + +All content herein is licensed under [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0). diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/06-encoding.md b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/06-encoding.md new file mode 100644 index 00000000..9f854423 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/06-encoding.md @@ -0,0 +1,350 @@ +--- +sidebar_position: 1 +--- + +# Encoding + +:::note Synopsis +While encoding in the Cosmos SDK used to be mainly handled by `go-amino` codec, the Cosmos SDK is moving towards using `gogoprotobuf` for both state and client-side encoding. +::: + +:::note + +### Pre-requisite Readings + +* [Anatomy of a Cosmos SDK application](../beginner/00-overview-app.md) + +::: + +## Encoding + +The Cosmos SDK utilizes two binary wire encoding protocols, [Amino](https://github.com/tendermint/go-amino/) which is an object encoding specification and [Protocol Buffers](https://developers.google.com/protocol-buffers), a subset of Proto3 with an extension for +interface support. See the [Proto3 spec](https://developers.google.com/protocol-buffers/docs/proto3) +for more information on Proto3, which Amino is largely compatible with (but not with Proto2). + +Due to Amino having significant performance drawbacks, being reflection-based, and +not having any meaningful cross-language/client support, Protocol Buffers, specifically +[gogoprotobuf](https://github.com/cosmos/gogoproto/), is being used in place of Amino. +Note, this process of using Protocol Buffers over Amino is still an ongoing process. + +Binary wire encoding of types in the Cosmos SDK can be broken down into two main +categories, client encoding and store encoding. Client encoding mainly revolves +around transaction processing and signing, whereas store encoding revolves around +types used in state-machine transitions and what is ultimately stored in the Merkle +tree. + +For store encoding, protobuf definitions can exist for any type and will typically +have an Amino-based "intermediary" type. Specifically, the protobuf-based type +definition is used for serialization and persistence, whereas the Amino-based type +is used for business logic in the state-machine where they may convert back-n-forth. +Note, the Amino-based types may slowly be phased-out in the future, so developers +should take note to use the protobuf message definitions where possible. + +In the `codec` package, there exists two core interfaces, `BinaryCodec` and `JSONCodec`, +where the former encapsulates the current Amino interface except it operates on +types implementing the latter instead of generic `interface{}` types. + +In addition, there exists two implementations of `Codec`. The first being +`AminoCodec`, where both binary and JSON serialization is handled via Amino. The +second being `ProtoCodec`, where both binary and JSON serialization is handled +via Protobuf. + +This means that modules may use Amino or Protobuf encoding, but the types must +implement `ProtoMarshaler`. If modules wish to avoid implementing this interface +for their types, they may use an Amino codec directly. + +### Amino + +Every module uses an Amino codec to serialize types and interfaces. This codec typically +has types and interfaces registered in that module's domain only (e.g. messages), +but there are exceptions like `x/gov`. Each module exposes a `RegisterLegacyAminoCodec` function +that allows a user to provide a codec and have all the types registered. An application +will call this method for each necessary module. + +Where there is no protobuf-based type definition for a module (see below), Amino +is used to encode and decode raw wire bytes to the concrete type or interface: + +```go +bz := keeper.cdc.MustMarshal(typeOrInterface) +keeper.cdc.MustUnmarshal(bz, &typeOrInterface) +``` + +Note, there are length-prefixed variants of the above functionality and this is +typically used for when the data needs to be streamed or grouped together +(e.g. `ResponseDeliverTx.Data`) + +#### Authz authorizations and Gov/Group proposals + +Since authz's `MsgExec` and `MsgGrant` message types, as well as gov's and group's `MsgSubmitProposal`, can contain different messages instances, it is important that developers +add the following code inside the `init` method of their module's `codec.go` file: + +```go +import ( + authzcodec "github.com/cosmos/cosmos-sdk/x/authz/codec" + govcodec "github.com/cosmos/cosmos-sdk/x/gov/codec" + groupcodec "github.com/cosmos/cosmos-sdk/x/group/codec" +) + +init() { + // Register all Amino interfaces and concrete types on the authz and gov Amino codec so that this can later be + // used to properly serialize MsgGrant, MsgExec and MsgSubmitProposal instances + RegisterLegacyAminoCodec(authzcodec.Amino) + RegisterLegacyAminoCodec(govcodec.Amino) + RegisterLegacyAminoCodec(groupcodec.Amino) +} +``` + +This will allow the `x/authz` module to properly serialize and de-serializes `MsgExec` instances using Amino, +which is required when signing this kind of messages using a Ledger. + +### Gogoproto + +Modules are encouraged to utilize Protobuf encoding for their respective types. In the Cosmos SDK, we use the [Gogoproto](https://github.com/cosmos/gogoproto) specific implementation of the Protobuf spec that offers speed and DX improvements compared to the official [Google protobuf implementation](https://github.com/protocolbuffers/protobuf). + +### Guidelines for protobuf message definitions + +In addition to [following official Protocol Buffer guidelines](https://developers.google.com/protocol-buffers/docs/proto3#simple), we recommend using these annotations in .proto files when dealing with interfaces: + +* use `cosmos_proto.accepts_interface` to annote `Any` fields that accept interfaces + * pass the same fully qualified name as `protoName` to `InterfaceRegistry.RegisterInterface` + * example: `(cosmos_proto.accepts_interface) = "cosmos.gov.v1beta1.Content"` (and not just `Content`) +* annotate interface implementations with `cosmos_proto.implements_interface` + * pass the same fully qualified name as `protoName` to `InterfaceRegistry.RegisterInterface` + * example: `(cosmos_proto.implements_interface) = "cosmos.authz.v1beta1.Authorization"` (and not just `Authorization`) + +Code generators can then match the `accepts_interface` and `implements_interface` annotations to know whether some Protobuf messages are allowed to be packed in a given `Any` field or not. + +### Transaction Encoding + +Another important use of Protobuf is the encoding and decoding of +[transactions](01-transactions.md). Transactions are defined by the application or +the Cosmos SDK but are then passed to the underlying consensus engine to be relayed to +other peers. Since the underlying consensus engine is agnostic to the application, +the consensus engine accepts only transactions in the form of raw bytes. + +* The `TxEncoder` object performs the encoding. +* The `TxDecoder` object performs the decoding. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/tx_msg.go#L76-L80 +``` + +A standard implementation of both these objects can be found in the [`auth/tx` module](../../build/modules/auth/2-tx.md): + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/tx/decoder.go +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/tx/encoder.go +``` + +See [ADR-020](../../build/architecture/adr-020-protobuf-transaction-encoding.md) for details of how a transaction is encoded. + +### Interface Encoding and Usage of `Any` + +The Protobuf DSL is strongly typed, which can make inserting variable-typed fields difficult. Imagine we want to create a `Profile` protobuf message that serves as a wrapper over [an account](../beginner/03-accounts.md): + +```protobuf +message Profile { + // account is the account associated to a profile. + cosmos.auth.v1beta1.BaseAccount account = 1; + // bio is a short description of the account. + string bio = 4; +} +``` + +In this `Profile` example, we hardcoded `account` as a `BaseAccount`. However, there are several other types of [user accounts related to vesting](../../build/modules/auth/1-vesting.md), such as `BaseVestingAccount` or `ContinuousVestingAccount`. All of these accounts are different, but they all implement the `AccountI` interface. How would you create a `Profile` that allows all these types of accounts with an `account` field that accepts an `AccountI` interface? + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/types/account.go#L307-L330 +``` + +In [ADR-019](../../build/architecture/adr-019-protobuf-state-encoding.md), it has been decided to use [`Any`](https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/any.proto)s to encode interfaces in protobuf. An `Any` contains an arbitrary serialized message as bytes, along with a URL that acts as a globally unique identifier for and resolves to that message's type. This strategy allows us to pack arbitrary Go types inside protobuf messages. Our new `Profile` then looks like: + +```protobuf +message Profile { + // account is the account associated to a profile. + google.protobuf.Any account = 1 [ + (cosmos_proto.accepts_interface) = "cosmos.auth.v1beta1.AccountI"; // Asserts that this field only accepts Go types implementing `AccountI`. It is purely informational for now. + ]; + // bio is a short description of the account. + string bio = 4; +} +``` + +To add an account inside a profile, we need to "pack" it inside an `Any` first, using `codectypes.NewAnyWithValue`: + +```go +var myAccount AccountI +myAccount = ... // Can be a BaseAccount, a ContinuousVestingAccount or any struct implementing `AccountI` + +// Pack the account into an Any +accAny, err := codectypes.NewAnyWithValue(myAccount) +if err != nil { + return nil, err +} + +// Create a new Profile with the any. +profile := Profile { + Account: accAny, + Bio: "some bio", +} + +// We can then marshal the profile as usual. +bz, err := cdc.Marshal(profile) +jsonBz, err := cdc.MarshalJSON(profile) +``` + +To summarize, to encode an interface, you must 1/ pack the interface into an `Any` and 2/ marshal the `Any`. For convenience, the Cosmos SDK provides a `MarshalInterface` method to bundle these two steps. Have a look at [a real-life example in the x/auth module](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/keeper/keeper.go#L240-L243). + +The reverse operation of retrieving the concrete Go type from inside an `Any`, called "unpacking", is done with the `GetCachedValue()` on `Any`. + +```go +profileBz := ... // The proto-encoded bytes of a Profile, e.g. retrieved through gRPC. +var myProfile Profile +// Unmarshal the bytes into the myProfile struct. +err := cdc.Unmarshal(profilebz, &myProfile) + +// Let's see the types of the Account field. +fmt.Printf("%T\n", myProfile.Account) // Prints "Any" +fmt.Printf("%T\n", myProfile.Account.GetCachedValue()) // Prints "BaseAccount", "ContinuousVestingAccount" or whatever was initially packed in the Any. + +// Get the address of the accountt. +accAddr := myProfile.Account.GetCachedValue().(AccountI).GetAddress() +``` + +It is important to note that for `GetCachedValue()` to work, `Profile` (and any other structs embedding `Profile`) must implement the `UnpackInterfaces` method: + +```go +func (p *Profile) UnpackInterfaces(unpacker codectypes.AnyUnpacker) error { + if p.Account != nil { + var account AccountI + return unpacker.UnpackAny(p.Account, &account) + } + + return nil +} +``` + +The `UnpackInterfaces` gets called recursively on all structs implementing this method, to allow all `Any`s to have their `GetCachedValue()` correctly populated. + +For more information about interface encoding, and especially on `UnpackInterfaces` and how the `Any`'s `type_url` gets resolved using the `InterfaceRegistry`, please refer to [ADR-019](../../build/architecture/adr-019-protobuf-state-encoding.md). + +#### `Any` Encoding in the Cosmos SDK + +The above `Profile` example is a fictive example used for educational purposes. In the Cosmos SDK, we use `Any` encoding in several places (non-exhaustive list): + +* the `cryptotypes.PubKey` interface for encoding different types of public keys, +* the `sdk.Msg` interface for encoding different `Msg`s in a transaction, +* the `AccountI` interface for encodinig different types of accounts (similar to the above example) in the x/auth query responses, +* the `Evidencei` interface for encoding different types of evidences in the x/evidence module, +* the `AuthorizationI` interface for encoding different types of x/authz authorizations, +* the [`Validator`](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/staking/types/staking.pb.go#L340-L377) struct that contains information about a validator. + +A real-life example of encoding the pubkey as `Any` inside the Validator struct in x/staking is shown in the following example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/staking/types/validator.go#L41-L64 +``` + +#### `Any`'s TypeURL + +When packing a protobuf message inside an `Any`, the message's type is uniquely defined by its type URL, which is the message's fully qualified name prefixed by a `/` (slash) character. In some implementations of `Any`, like the gogoproto one, there's generally [a resolvable prefix, e.g. `type.googleapis.com`](https://github.com/gogo/protobuf/blob/b03c65ea87cdc3521ede29f62fe3ce239267c1bc/protobuf/google/protobuf/any.proto#L87-L91). However, in the Cosmos SDK, we made the decision to not include such prefix, to have shorter type URLs. The Cosmos SDK's own `Any` implementation can be found in `github.com/cosmos/cosmos-sdk/codec/types`. + +The Cosmos SDK is also switching away from gogoproto to the official `google.golang.org/protobuf` (known as the Protobuf API v2). Its default `Any` implementation also contains the [`type.googleapis.com`](https://github.com/protocolbuffers/protobuf-go/blob/v1.28.1/types/known/anypb/any.pb.go#L266) prefix. To maintain compatibility with the SDK, the following methods from `"google.golang.org/protobuf/types/known/anypb"` should not be used: + +* `anypb.New` +* `anypb.MarshalFrom` +* `anypb.Any#MarshalFrom` + +Instead, the Cosmos SDK provides helper functions in `"github.com/cosmos/cosmos-proto/anyutil"`, which create an official `anypb.Any` without inserting the prefixes: + +* `anyutil.New` +* `anyutil.MarshalFrom` + +For example, to pack a `sdk.Msg` called `internalMsg`, use: + +```diff +import ( +- "google.golang.org/protobuf/types/known/anypb" ++ "github.com/cosmos/cosmos-proto/anyutil" +) + +- anyMsg, err := anypb.New(internalMsg.Message().Interface()) ++ anyMsg, err := anyutil.New(internalMsg.Message().Interface()) + +- fmt.Println(anyMsg.TypeURL) // type.googleapis.com/cosmos.bank.v1beta1.MsgSend ++ fmt.Println(anyMsg.TypeURL) // /cosmos.bank.v1beta1.MsgSend +``` + +## FAQ + +### How to create modules using protobuf encoding + +#### Defining module types + +Protobuf types can be defined to encode: + +* state +* [`Msg`s](../../build/building-modules/02-messages-and-queries.md#messages) +* [Query services](../../build/building-modules/04-query-services.md) +* [genesis](../../build/building-modules/08-genesis.md) + +#### Naming and conventions + +We encourage developers to follow industry guidelines: [Protocol Buffers style guide](https://developers.google.com/protocol-buffers/docs/style) +and [Buf](https://buf.build/docs/style-guide), see more details in [ADR 023](../../build/architecture/adr-023-protobuf-naming.md) + +### How to update modules to protobuf encoding + +If modules do not contain any interfaces (e.g. `Account` or `Content`), then they +may simply migrate any existing types that +are encoded and persisted via their concrete Amino codec to Protobuf (see 1. for further guidelines) and accept a `Marshaler` as the codec which is implemented via the `ProtoCodec` +without any further customization. + +However, if a module type composes an interface, it must wrap it in the `sdk.Any` (from `/types` package) type. To do that, a module-level .proto file must use [`google.protobuf.Any`](https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/any.proto) for respective message type interface types. + +For example, in the `x/evidence` module defines an `Evidence` interface, which is used by the `MsgSubmitEvidence`. The structure definition must use `sdk.Any` to wrap the evidence file. In the proto file we define it as follows: + +```protobuf +// proto/cosmos/evidence/v1beta1/tx.proto + +message MsgSubmitEvidence { + string submitter = 1; + google.protobuf.Any evidence = 2 [(cosmos_proto.accepts_interface) = "cosmos.evidence.v1beta1.Evidence"]; +} +``` + +The Cosmos SDK `codec.Codec` interface provides support methods `MarshalInterface` and `UnmarshalInterface` to easy encoding of state to `Any`. + +Module should register interfaces using `InterfaceRegistry` which provides a mechanism for registering interfaces: `RegisterInterface(protoName string, iface interface{}, impls ...proto.Message)` and implementations: `RegisterImplementations(iface interface{}, impls ...proto.Message)` that can be safely unpacked from Any, similarly to type registration with Amino: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/codec/types/interface_registry.go#L24-L57 +``` + +In addition, an `UnpackInterfaces` phase should be introduced to deserialization to unpack interfaces before they're needed. Protobuf types that contain a protobuf `Any` either directly or via one of their members should implement the `UnpackInterfacesMessage` interface: + +```go +type UnpackInterfacesMessage interface { + UnpackInterfaces(InterfaceUnpacker) error +} +``` + +### Custom Stringer + +Using `option (gogoproto.goproto_stringer) = false;` in a proto message definition leads to unexpected behaviour, like returning wrong output or having missing fields in the output. +For that reason a proto Message's `String()` must not be customized, and the `goproto_stringer` option must be avoided. + +A correct YAML output can be obtained through ProtoJSON, using the `JSONToYAML` function: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/codec/yaml.go#L8-L20 +``` + +For example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/types/account.go#L141-L151 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/07-cli.md b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/07-cli.md new file mode 100644 index 00000000..d786ceb0 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/07-cli.md @@ -0,0 +1,195 @@ +--- +sidebar_position: 1 +--- + +# Command-Line Interface + +:::note Synopsis +This document describes how command-line interface (CLI) works on a high-level, for an [**application**](../beginner/00-overview-app.md). A separate document for implementing a CLI for a Cosmos SDK [**module**](../../build/building-modules/00-intro.md) can be found [here](../../build/building-modules/09-module-interfaces.md#cli). +::: + +## Command-Line Interface + +### Example Command + +There is no set way to create a CLI, but Cosmos SDK modules typically use the [Cobra Library](https://github.com/spf13/cobra). Building a CLI with Cobra entails defining commands, arguments, and flags. [**Commands**](#root-command) understand the actions users wish to take, such as `tx` for creating a transaction and `query` for querying the application. Each command can also have nested subcommands, necessary for naming the specific transaction type. Users also supply **Arguments**, such as account numbers to send coins to, and [**Flags**](#flags) to modify various aspects of the commands, such as gas prices or which node to broadcast to. + +Here is an example of a command a user might enter to interact with the simapp CLI `simd` in order to send some tokens: + +```bash +simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake --gas auto --gas-prices +``` + +The first four strings specify the command: + +* The root command for the entire application `simd`. +* The subcommand `tx`, which contains all commands that let users create transactions. +* The subcommand `bank` to indicate which module to route the command to ([`x/bank`](../../build/modules/bank/README.md) module in this case). +* The type of transaction `send`. + +The next two strings are arguments: the `from_address` the user wishes to send from, the `to_address` of the recipient, and the `amount` they want to send. Finally, the last few strings of the command are optional flags to indicate how much the user is willing to pay in fees (calculated using the amount of gas used to execute the transaction and the gas prices provided by the user). + +The CLI interacts with a [node](03-node.md) to handle this command. The interface itself is defined in a `main.go` file. + +### Building the CLI + +The `main.go` file needs to have a `main()` function that creates a root command, to which all the application commands will be added as subcommands. The root command additionally handles: + +* **setting configurations** by reading in configuration files (e.g. the Cosmos SDK config file). +* **adding any flags** to it, such as `--chain-id`. +* **instantiating the `codec`** by calling the application's `MakeCodec()` function (called `MakeTestEncodingConfig` in `simapp`). The [`codec`](06-encoding.md) is used to encode and decode data structures for the application - stores can only persist `[]byte`s so the developer must define a serialization format for their data structures or use the default, Protobuf. +* **adding subcommand** for all the possible user interactions, including [transaction commands](#transaction-commands) and [query commands](#query-commands). + +The `main()` function finally creates an executor and [execute](https://pkg.go.dev/github.com/spf13/cobra#Command.Execute) the root command. See an example of `main()` function from the `simapp` application: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/simd/main.go#L12-L24 +``` + +The rest of the document will detail what needs to be implemented for each step and include smaller portions of code from the `simapp` CLI files. + +## Adding Commands to the CLI + +Every application CLI first constructs a root command, then adds functionality by aggregating subcommands (often with further nested subcommands) using `rootCmd.AddCommand()`. The bulk of an application's unique capabilities lies in its transaction and query commands, called `TxCmd` and `QueryCmd` respectively. + +### Root Command + +The root command (called `rootCmd`) is what the user first types into the command line to indicate which application they wish to interact with. The string used to invoke the command (the "Use" field) is typically the name of the application suffixed with `-d`, e.g. `simd` or `gaiad`. The root command typically includes the following commands to support basic functionality in the application. + +* **Status** command from the Cosmos SDK rpc client tools, which prints information about the status of the connected [`Node`](03-node.md). The Status of a node includes `NodeInfo`,`SyncInfo` and `ValidatorInfo`. +* **Keys** [commands](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/client/keys) from the Cosmos SDK client tools, which includes a collection of subcommands for using the key functions in the Cosmos SDK crypto tools, including adding a new key and saving it to the keyring, listing all public keys stored in the keyring, and deleting a key. For example, users can type `simd keys add ` to add a new key and save an encrypted copy to the keyring, using the flag `--recover` to recover a private key from a seed phrase or the flag `--multisig` to group multiple keys together to create a multisig key. For full details on the `add` key command, see the code [here](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/client/keys/add.go). For more details about usage of `--keyring-backend` for storage of key credentials look at the [keyring docs](../../user/run-node/00-keyring.md). +* **Server** commands from the Cosmos SDK server package. These commands are responsible for providing the mechanisms necessary to start an ABCI CometBFT application and provides the CLI framework (based on [cobra](https://github.com/spf13/cobra)) necessary to fully bootstrap an application. The package exposes two core functions: `StartCmd` and `ExportCmd` which creates commands to start the application and export state respectively. +Learn more [here](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/server). +* [**Transaction**](#transaction-commands) commands. +* [**Query**](#query-commands) commands. + +Next is an example `rootCmd` function from the `simapp` application. It instantiates the root command, adds a [*persistent* flag](#flags) and `PreRun` function to be run before every execution, and adds all of the necessary subcommands. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/simd/cmd/root.go#L38-L92 +``` + +`rootCmd` has a function called `initAppConfig()` which is useful for setting the application's custom configs. +By default app uses CometBFT app config template from Cosmos SDK, which can be over-written via `initAppConfig()`. +Here's an example code to override default `app.toml` template. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/simd/cmd/root.go#L106-L161 +``` + +The `initAppConfig()` also allows overriding the default Cosmos SDK's [server config](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/server/config/config.go#L235). One example is the `min-gas-prices` config, which defines the minimum gas prices a validator is willing to accept for processing a transaction. By default, the Cosmos SDK sets this parameter to `""` (empty string), which forces all validators to tweak their own `app.toml` and set a non-empty value, or else the node will halt on startup. This might not be the best UX for validators, so the chain developer can set a default `app.toml` value for validators inside this `initAppConfig()` function. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/simd/cmd/root.go#L126-L142 +``` + +The root-level `status` and `keys` subcommands are common across most applications and do not interact with application state. The bulk of an application's functionality - what users can actually *do* with it - is enabled by its `tx` and `query` commands. + +### Transaction Commands + +[Transactions](01-transactions.md) are objects wrapping [`Msg`s](../../build/building-modules/02-messages-and-queries.md#messages) that trigger state changes. To enable the creation of transactions using the CLI interface, a function `txCommand` is generally added to the `rootCmd`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/simd/cmd/root.go#L177-L184 +``` + +This `txCommand` function adds all the transaction available to end-users for the application. This typically includes: + +* **Sign command** from the [`auth`](../../build/modules/auth/README.md) module that signs messages in a transaction. To enable multisig, add the `auth` module's `MultiSign` command. Since every transaction requires some sort of signature in order to be valid, the signing command is necessary for every application. +* **Broadcast command** from the Cosmos SDK client tools, to broadcast transactions. +* **All [module transaction commands](../../build/building-modules/09-module-interfaces.md#transaction-commands)** the application is dependent on, retrieved by using the [basic module manager's](../../build/building-modules/01-module-manager.md#basic-manager) `AddTxCommands()` function. + +Here is an example of a `txCommand` aggregating these subcommands from the `simapp` application: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/simd/cmd/root.go#L227-L251 +``` + +### Query Commands + +[**Queries**](../../build/building-modules/02-messages-and-queries.md#queries) are objects that allow users to retrieve information about the application's state. To enable the creation of queries using the CLI interface, a function `queryCommand` is generally added to the `rootCmd`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/simd/cmd/root.go#L177-L184 +``` + +This `queryCommand` function adds all the queries available to end-users for the application. This typically includes: + +* **QueryTx** and/or other transaction query commands] from the `auth` module which allow the user to search for a transaction by inputting its hash, a list of tags, or a block height. These queries allow users to see if transactions have been included in a block. +* **Account command** from the `auth` module, which displays the state (e.g. account balance) of an account given an address. +* **Validator command** from the Cosmos SDK rpc client tools, which displays the validator set of a given height. +* **Block command** from the Cosmos SDK RPC client tools, which displays the block data for a given height. +* **All [module query commands](../../build/building-modules/09-module-interfaces.md#query-commands)** the application is dependent on, retrieved by using the [basic module manager's](../../build/building-modules/01-module-manager.md#basic-manager) `AddQueryCommands()` function. + +Here is an example of a `queryCommand` aggregating subcommands from the `simapp` application: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/simd/cmd/root.go#L204-L225 +``` + +## Flags + +Flags are used to modify commands; developers can include them in a `flags.go` file with their CLI. Users can explicitly include them in commands or pre-configure them by inside their [`app.toml`](../../user/run-node/02-interact-node.md#configuring-the-node-using-apptoml). Commonly pre-configured flags include the `--node` to connect to and `--chain-id` of the blockchain the user wishes to interact with. + +A *persistent* flag (as opposed to a *local* flag) added to a command transcends all of its children: subcommands will inherit the configured values for these flags. Additionally, all flags have default values when they are added to commands; some toggle an option off but others are empty values that the user needs to override to create valid commands. A flag can be explicitly marked as *required* so that an error is automatically thrown if the user does not provide a value, but it is also acceptable to handle unexpected missing flags differently. + +Flags are added to commands directly (generally in the [module's CLI file](../../build/building-modules/09-module-interfaces.md#flags) where module commands are defined) and no flag except for the `rootCmd` persistent flags has to be added at application level. It is common to add a *persistent* flag for `--chain-id`, the unique identifier of the blockchain the application pertains to, to the root command. Adding this flag can be done in the `main()` function. Adding this flag makes sense as the chain ID should not be changing across commands in this application CLI. + +## Environment variables + +Each flag is bound to it's respecteve named environment variable. Then name of the environment variable consist of two parts - capital case `basename` followed by flag name of the flag. `-` must be substituted with `_`. For example flag `--home` for application with basename `GAIA` is bound to `GAIA_HOME`. It allows reducing the amount of flags typed for routine operations. For example instead of: + +```shell +gaia --home=./ --node= --chain-id="testchain-1" --keyring-backend=test tx ... --from= +``` + +this will be more convenient: + +```shell +# define env variables in .env, .envrc etc +GAIA_HOME= +GAIA_NODE= +GAIA_CHAIN_ID="testchain-1" +GAIA_KEYRING_BACKEND="test" + +# and later just use +gaia tx ... --from= +``` + +## Configurations + +It is vital that the root command of an application uses `PersistentPreRun()` cobra command property for executing the command, so all child commands have access to the server and client contexts. These contexts are set as their default values initially and maybe modified, scoped to the command, in their respective `PersistentPreRun()` functions. Note that the `client.Context` is typically pre-populated with "default" values that may be useful for all commands to inherit and override if necessary. + +Here is an example of an `PersistentPreRun()` function from `simapp`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/simd/cmd/root.go#L63-L86 +``` + +The `SetCmdClientContextHandler` call reads persistent flags via `ReadPersistentCommandFlags` which creates a `client.Context` and sets that on the root command's `Context`. + +The `InterceptConfigsPreRunHandler` call creates a viper literal, default `server.Context`, and a logger and sets that on the root command's `Context`. The `server.Context` will be modified and saved to disk. The internal `interceptConfigs` call reads or creates a CometBFT configuration based on the home path provided. In addition, `interceptConfigs` also reads and loads the application configuration, `app.toml`, and binds that to the `server.Context` viper literal. This is vital so the application can get access to not only the CLI flags, but also to the application configuration values provided by this file. + +:::tip +When willing to configure which logger is used, do not to use `InterceptConfigsPreRunHandler`, which sets the default SDK logger, but instead use `InterceptConfigsAndCreateContext` and set the server context and the logger manually: + +```diff +-return server.InterceptConfigsPreRunHandler(cmd, customAppTemplate, customAppConfig, customCMTConfig) + ++serverCtx, err := server.InterceptConfigsAndCreateContext(cmd, customAppTemplate, customAppConfig, customCMTConfig) ++if err != nil { ++ return err ++} + ++// overwrite default server logger ++logger, err := server.CreateSDKLogger(serverCtx, cmd.OutOrStdout()) ++if err != nil { ++ return err ++} ++serverCtx.Logger = logger.With(log.ModuleKey, "server") + ++// set server context ++return server.SetCmdServerContext(cmd, serverCtx) +``` + +::: diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/08-events.md b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/08-events.md new file mode 100644 index 00000000..96f4cbb2 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/08-events.md @@ -0,0 +1,168 @@ +--- +sidebar_position: 1 +--- +# Events + +:::note Synopsis +`Event`s are objects that contain information about the execution of the application. They are mainly used by service providers like block explorers and wallet to track the execution of various messages and index transactions. +::: + +:::note + +### Pre-requisite Readings + +* [Anatomy of a Cosmos SDK application](../beginner/00-overview-app.md) +* [CometBFT Documentation on Events](https://docs.cometbft.com/v0.37/spec/abci/abci++_basic_concepts#events) + +::: + +## Events + +Events are implemented in the Cosmos SDK as an alias of the ABCI `Event` type and +take the form of: `{eventType}.{attributeKey}={attributeValue}`. + +```protobuf reference +https://github.com/cometbft/cometbft/blob/v0.37.0/proto/tendermint/abci/types.proto#L334-L343 +``` + +An Event contains: + +* A `type` to categorize the Event at a high-level; for example, the Cosmos SDK uses the `"message"` type to filter Events by `Msg`s. +* A list of `attributes` are key-value pairs that give more information about the categorized Event. For example, for the `"message"` type, we can filter Events by key-value pairs using `message.action={some_action}`, `message.module={some_module}` or `message.sender={some_sender}`. +* A `msg_index` to identify which messages relate to the same transaction + +:::tip +To parse the attribute values as strings, make sure to add `'` (single quotes) around each attribute value. +::: + +_Typed Events_ are Protobuf-defined [messages](../../build/architecture/adr-032-typed-events.md) used by the Cosmos SDK +for emitting and querying Events. They are defined in a `event.proto` file, on a **per-module basis** and are read as `proto.Message`. +_Legacy Events_ are defined on a **per-module basis** in the module's `/types/events.go` file. +They are triggered from the module's Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md) +by using the [`EventManager`](#eventmanager). + +In addition, each module documents its events under in the `Events` sections of its specs (x/{moduleName}/`README.md`). + +Lastly, Events are returned to the underlying consensus engine in the response of the following ABCI messages: + +* [`BeginBlock`](00-baseapp.md#beginblock) +* [`EndBlock`](00-baseapp.md#endblock) +* [`CheckTx`](00-baseapp.md#checktx) +* [`DeliverTx`](00-baseapp.md#delivertx) + +### Examples + +The following examples show how to query Events using the Cosmos SDK. + +| Event | Description | +| ------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `tx.height=23` | Query all transactions at height 23 | +| `message.action='/cosmos.bank.v1beta1.Msg/Send'` | Query all transactions containing a x/bank `Send` [Service `Msg`](../../build/building-modules/03-msg-services.md). Note the `'`s around the value. | +| `message.module='bank'` | Query all transactions containing messages from the x/bank module. Note the `'`s around the value. | +| `create_validator.validator='cosmosval1...'` | x/staking-specific Event, see [x/staking SPEC](../../build/modules/staking/README.md). | + +## EventManager + +In Cosmos SDK applications, Events are managed by an abstraction called the `EventManager`. +Internally, the `EventManager` tracks a list of Events for the entire execution flow of a +transaction or `BeginBlock`/`EndBlock`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/events.go#L24-L27 +``` + +The `EventManager` comes with a set of useful methods to manage Events. The method +that is used most by module and application developers is `EmitTypedEvent` or `EmitEvent` that tracks +an Event in the `EventManager`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/events.go#L53-L62 +``` + +Module developers should handle Event emission via the `EventManager#EmitTypedEvent` or `EventManager#EmitEvent` in each message +`Handler` and in each `BeginBlock`/`EndBlock` handler. The `EventManager` is accessed via +the [`Context`](02-context.md), where Event should be already registered, and emitted like this: + + +**Typed events:** + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/group/keeper/msg_server.go#L88-L91 +``` + +**Legacy events:** + +```go +ctx.EventManager().EmitEvent( + sdk.NewEvent(eventType, sdk.NewAttribute(attributeKey, attributeValue)), +) +``` + +Module's `handler` function should also set a new `EventManager` to the `context` to isolate emitted Events per `message`: + +```go +func NewHandler(keeper Keeper) sdk.Handler { + return func(ctx sdk.Context, msg sdk.Msg) (*sdk.Result, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + switch msg := msg.(type) { +``` + +See the [`Msg` services](../../build/building-modules/03-msg-services.md) concept doc for a more detailed +view on how to typically implement Events and use the `EventManager` in modules. + +## Subscribing to Events + +You can use CometBFT's [Websocket](https://docs.cometbft.com/v0.37/core/subscription) to subscribe to Events by calling the `subscribe` RPC method: + +```json +{ + "jsonrpc": "2.0", + "method": "subscribe", + "id": "0", + "params": { + "query": "tm.event='eventCategory' AND eventType.eventAttribute='attributeValue'" + } +} +``` + +The main `eventCategory` you can subscribe to are: + +* `NewBlock`: Contains Events triggered during `BeginBlock` and `EndBlock`. +* `Tx`: Contains Events triggered during `DeliverTx` (i.e. transaction processing). +* `ValidatorSetUpdates`: Contains validator set updates for the block. + +These Events are triggered from the `state` package after a block is committed. You can get the +full list of Event categories [on the CometBFT Go documentation](https://pkg.go.dev/github.com/cometbft/cometbft/types#pkg-constants). + +The `type` and `attribute` value of the `query` allow you to filter the specific Event you are looking for. For example, a `Mint` transaction triggers an Event of type `EventMint` and has an `Id` and an `Owner` as `attributes` (as defined in the [`events.proto` file of the `NFT` module](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/nft/v1beta1/event.proto#L21-L31)). + +Subscribing to this Event would be done like so: + +```json +{ + "jsonrpc": "2.0", + "method": "subscribe", + "id": "0", + "params": { + "query": "tm.event='Tx' AND mint.owner='ownerAddress'" + } +} +``` + +where `ownerAddress` is an address following the [`AccAddress`](../beginner/03-accounts.md#addresses) format. + +The same way can be used to subscribe to [legacy events](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/bank/types/events.go). + +## Default Events + +There are a few events that are automatically emitted for all messages, directly from `baseapp`. + +* `message.action`: The name of the message type. +* `message.sender`: The address of the message signer. +* `message.module`: The name of the module that emitted the message. + +:::tip +The module name is assumed by `baseapp` to be the second element of the message route: `"cosmos.bank.v1beta1.MsgSend" -> "bank"`. +In case a module does not follow the standard message path, (e.g. IBC), it is advised to keep emitting the module name event. +`Baseapp` only emits that event if the module have not already done so. +::: diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/09-grpc_rest.md b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/09-grpc_rest.md new file mode 100644 index 00000000..a1c648f6 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/09-grpc_rest.md @@ -0,0 +1,100 @@ +--- +sidebar_position: 1 +--- + +# gRPC, REST, and CometBFT Endpoints + +:::note Synopsis +This document presents an overview of all the endpoints a node exposes: gRPC, REST as well as some other endpoints. +::: + +## An Overview of All Endpoints + +Each node exposes the following endpoints for users to interact with a node, each endpoint is served on a different port. Details on how to configure each endpoint is provided in the endpoint's own section. + +* the gRPC server (default port: `9090`), +* the REST server (default port: `1317`), +* the CometBFT RPC endpoint (default port: `26657`). + +:::tip +The node also exposes some other endpoints, such as the CometBFT P2P endpoint, or the [Prometheus endpoint](https://docs.cometbft.com/v0.37/core/metrics), which are not directly related to the Cosmos SDK. Please refer to the [CometBFT documentation](https://docs.cometbft.com/v0.37/core/configuration) for more information about these endpoints. +::: + +## gRPC Server + +In the Cosmos SDK, Protobuf is the main [encoding](./06-encoding.md) library. This brings a wide range of Protobuf-based tools that can be plugged into the Cosmos SDK. One such tool is [gRPC](https://grpc.io), a modern open-source high performance RPC framework that has decent client support in several languages. + +Each module exposes a [Protobuf `Query` service](../../build/building-modules/02-messages-and-queries.md#queries) that defines state queries. The `Query` services and a transaction service used to broadcast transactions are hooked up to the gRPC server via the following function inside the application: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/server/types/app.go#L46-L48 +``` + +Note: It is not possible to expose any [Protobuf `Msg` service](../../build/building-modules/02-messages-and-queries.md#messages) endpoints via gRPC. Transactions must be generated and signed using the CLI or programmatically before they can be broadcasted using gRPC. See [Generating, Signing, and Broadcasting Transactions](../../user/run-node/03-txs.md) for more information. + +The `grpc.Server` is a concrete gRPC server, which spawns and serves all gRPC query requests and a broadcast transaction request. This server can be configured inside `~/.simapp/config/app.toml`: + +* `grpc.enable = true|false` field defines if the gRPC server should be enabled. Defaults to `true`. +* `grpc.address = {string}` field defines the `ip:port` the server should bind to. Defaults to `localhost:9090`. + +:::tip +`~/.simapp` is the directory where the node's configuration and databases are stored. By default, it's set to `~/.{app_name}`. +::: + +Once the gRPC server is started, you can send requests to it using a gRPC client. Some examples are given in our [Interact with the Node](../../user/run-node/02-interact-node.md#using-grpc) tutorial. + +An overview of all available gRPC endpoints shipped with the Cosmos SDK is [Protobuf documentation](https://buf.build/cosmos/cosmos-sdk). + +## REST Server + +Cosmos SDK supports REST routes via gRPC-gateway. + +All routes are configured under the following fields in `~/.simapp/config/app.toml`: + +* `api.enable = true|false` field defines if the REST server should be enabled. Defaults to `false`. +* `api.address = {string}` field defines the `ip:port` the server should bind to. Defaults to `tcp://localhost:1317`. +* some additional API configuration options are defined in `~/.simapp/config/app.toml`, along with comments, please refer to that file directly. + +### gRPC-gateway REST Routes + +If, for various reasons, you cannot use gRPC (for example, you are building a web application, and browsers don't support HTTP2 on which gRPC is built), then the Cosmos SDK offers REST routes via gRPC-gateway. + +[gRPC-gateway](https://grpc-ecosystem.github.io/grpc-gateway/) is a tool to expose gRPC endpoints as REST endpoints. For each gRPC endpoint defined in a Protobuf `Query` service, the Cosmos SDK offers a REST equivalent. For instance, querying a balance could be done via the `/cosmos.bank.v1beta1.QueryAllBalances` gRPC endpoint, or alternatively via the gRPC-gateway `"/cosmos/bank/v1beta1/balances/{address}"` REST endpoint: both will return the same result. For each RPC method defined in a Protobuf `Query` service, the corresponding REST endpoint is defined as an option: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/query.proto#L23-L30 +``` + +For application developers, gRPC-gateway REST routes needs to be wired up to the REST server, this is done by calling the `RegisterGRPCGatewayRoutes` function on the ModuleManager. + +### Swagger + +A [Swagger](https://swagger.io/) (or OpenAPIv2) specification file is exposed under the `/swagger` route on the API server. Swagger is an open specification describing the API endpoints a server serves, including description, input arguments, return types and much more about each endpoint. + +Enabling the `/swagger` endpoint is configurable inside `~/.simapp/config/app.toml` via the `api.swagger` field, which is set to true by default. + +For application developers, you may want to generate your own Swagger definitions based on your custom modules. +The Cosmos SDK's [Swagger generation script](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/scripts/protoc-swagger-gen.sh) is a good place to start. + +## CometBFT RPC + +Independently from the Cosmos SDK, CometBFT also exposes a RPC server. This RPC server can be configured by tuning parameters under the `rpc` table in the `~/.simapp/config/config.toml`, the default listening address is `tcp://localhost:26657`. An OpenAPI specification of all CometBFT RPC endpoints is available [here](https://docs.cometbft.com/master/rpc/). + +Some CometBFT RPC endpoints are directly related to the Cosmos SDK: + +* `/abci_query`: this endpoint will query the application for state. As the `path` parameter, you can send the following strings: + * any Protobuf fully-qualified service method, such as `/cosmos.bank.v1beta1.Query/AllBalances`. The `data` field should then include the method's request parameter(s) encoded as bytes using Protobuf. + * `/app/simulate`: this will simulate a transaction, and return some information such as gas used. + * `/app/version`: this will return the application's version. + * `/store/{path}`: this will query the store directly. + * `/p2p/filter/addr/{port}`: this will return a filtered list of the node's P2P peers by address port. + * `/p2p/filter/id/{id}`: this will return a filtered list of the node's P2P peers by ID. +* `/broadcast_tx_{aync,async,commit}`: these 3 endpoint will broadcast a transaction to other peers. CLI, gRPC and REST expose [a way to broadcast transations](01-transactions.md#broadcasting-the-transaction), but they all use these 3 CometBFT RPCs under the hood. + +## Comparison Table + +| Name | Advantages | Disadvantages | +| -------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------- | +| gRPC | - can use code-generated stubs in various languages
    - supports streaming and bidirectional communication (HTTP2)
    - small wire binary sizes, faster transmission | - based on HTTP2, not available in browsers
    - learning curve (mostly due to Protobuf) | +| REST | - ubiquitous
    - client libraries in all languages, faster implementation
    | - only supports unary request-response communication (HTTP1.1)
    - bigger over-the-wire message sizes (JSON) | +| CometBFT RPC | - easy to use | - bigger over-the-wire message sizes (JSON) | diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/10-ocap.md b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/10-ocap.md new file mode 100644 index 00000000..078b23e5 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/10-ocap.md @@ -0,0 +1,77 @@ +--- +sidebar_position: 1 +--- + +# Object-Capability Model + +## Intro + +When thinking about security, it is good to start with a specific threat model. Our threat model is the following: + +> We assume that a thriving ecosystem of Cosmos SDK modules that are easy to compose into a blockchain application will contain faulty or malicious modules. + +The Cosmos SDK is designed to address this threat by being the +foundation of an object capability system. + +> The structural properties of object capability systems favor +> modularity in code design and ensure reliable encapsulation in +> code implementation. +> +> These structural properties facilitate the analysis of some +> security properties of an object-capability program or operating +> system. Some of these — in particular, information flow properties +> — can be analyzed at the level of object references and +> connectivity, independent of any knowledge or analysis of the code +> that determines the behavior of the objects. +> +> As a consequence, these security properties can be established +> and maintained in the presence of new objects that contain unknown +> and possibly malicious code. +> +> These structural properties stem from the two rules governing +> access to existing objects: +> +> 1. An object A can send a message to B only if object A holds a +> reference to B. +> 2. An object A can obtain a reference to C only +> if object A receives a message containing a reference to C. As a +> consequence of these two rules, an object can obtain a reference +> to another object only through a preexisting chain of references. +> In short, "Only connectivity begets connectivity." + +For an introduction to object-capabilities, see this [Wikipedia article](https://en.wikipedia.org/wiki/Object-capability_model). + +## Ocaps in practice + +The idea is to only reveal what is necessary to get the work done. + +For example, the following code snippet violates the object capabilities +principle: + +```go +type AppAccount struct {...} +account := &AppAccount{ + Address: pub.Address(), + Coins: sdk.Coins{sdk.NewInt64Coin("ATM", 100)}, +} +sumValue := externalModule.ComputeSumValue(account) +``` + +The method `ComputeSumValue` implies a pure function, yet the implied +capability of accepting a pointer value is the capability to modify that +value. The preferred method signature should take a copy instead. + +```go +sumValue := externalModule.ComputeSumValue(*account) +``` + +In the Cosmos SDK, you can see the application of this principle in simapp. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/app.go#L294-L318 +``` + +The following diagram shows the current dependencies between keepers. + +![Keeper dependencies](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/keeper_dependencies.svg) + diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/11-telemetry.md b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/11-telemetry.md new file mode 100644 index 00000000..2be2dc68 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/11-telemetry.md @@ -0,0 +1,128 @@ +--- +sidebar_position: 1 +--- + +# Telemetry + +:::note Synopsis +Gather relevant insights about your application and modules with custom metrics and telemetry. +::: + +The Cosmos SDK enables operators and developers to gain insight into the performance and behavior of +their application through the use of the `telemetry` package. To enable telemetrics, set `telemetry.enabled = true` in the app.toml config file. + +The Cosmos SDK currently supports enabling in-memory and prometheus as telemetry sinks. In-memory sink is always attached (when the telemetry is enabled) with 10 second interval and 1 minute retention. This means that metrics will be aggregated over 10 seconds, and metrics will be kept alive for 1 minute. + +To query active metrics (see retention note above) you have to enable API server (`api.enabled = true` in the app.toml). Single API endpoint is exposed: `http://localhost:1317/metrics?format={text|prometheus}`, the default being `text`. + +## Emitting metrics + +If telemetry is enabled via configuration, a single global metrics collector is registered via the +[go-metrics](https://github.com/armon/go-metrics) library. This allows emitting and collecting +metrics through simple [API](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/telemetry/wrapper.go). Example: + +```go +func EndBlocker(ctx sdk.Context, k keeper.Keeper) { + defer telemetry.ModuleMeasureSince(types.ModuleName, time.Now(), telemetry.MetricKeyEndBlocker) + + // ... +} +``` + +Developers may use the `telemetry` package directly, which provides wrappers around metric APIs +that include adding useful labels, or they must use the `go-metrics` library directly. It is preferable +to add as much context and adequate dimensionality to metrics as possible, so the `telemetry` package +is advised. Regardless of the package or method used, the Cosmos SDK supports the following metrics +types: + +* gauges +* summaries +* counters + +## Labels + +Certain components of modules will have their name automatically added as a label (e.g. `BeginBlock`). +Operators may also supply the application with a global set of labels that will be applied to all +metrics emitted using the `telemetry` package (e.g. chain-id). Global labels are supplied as a list +of [name, value] tuples. + +Example: + +```toml +global-labels = [ + ["chain_id", "chain-OfXo4V"], +] +``` + +## Cardinality + +Cardinality is key, specifically label and key cardinality. Cardinality is how many unique values of +something there are. So there is naturally a tradeoff between granularity and how much stress is put +on the telemetry sink in terms of indexing, scrape, and query performance. + +Developers should take care to support metrics with enough dimensionality and granularity to be +useful, but not increase the cardinality beyond the sink's limits. A general rule of thumb is to not +exceed a cardinality of 10. + +Consider the following examples with enough granularity and adequate cardinality: + +* begin/end blocker time +* tx gas used +* block gas used +* amount of tokens minted +* amount of accounts created + +The following examples expose too much cardinality and may not even prove to be useful: + +* transfers between accounts with amount +* voting/deposit amount from unique addresses + +## Supported Metrics + +| Metric | Description | Unit | Type | +|:--------------------------------|:------------------------------------------------------------------------------------------|:----------------|:--------| +| `tx_count` | Total number of txs processed via `DeliverTx` | tx | counter | +| `tx_successful` | Total number of successful txs processed via `DeliverTx` | tx | counter | +| `tx_failed` | Total number of failed txs processed via `DeliverTx` | tx | counter | +| `tx_gas_used` | The total amount of gas used by a tx | gas | gauge | +| `tx_gas_wanted` | The total amount of gas requested by a tx | gas | gauge | +| `tx_msg_send` | The total amount of tokens sent in a `MsgSend` (per denom) | token | gauge | +| `tx_msg_withdraw_reward` | The total amount of tokens withdrawn in a `MsgWithdrawDelegatorReward` (per denom) | token | gauge | +| `tx_msg_withdraw_commission` | The total amount of tokens withdrawn in a `MsgWithdrawValidatorCommission` (per denom) | token | gauge | +| `tx_msg_delegate` | The total amount of tokens delegated in a `MsgDelegate` | token | gauge | +| `tx_msg_begin_unbonding` | The total amount of tokens undelegated in a `MsgUndelegate` | token | gauge | +| `tx_msg_begin_begin_redelegate` | The total amount of tokens redelegated in a `MsgBeginRedelegate` | token | gauge | +| `tx_msg_ibc_transfer` | The total amount of tokens transferred via IBC in a `MsgTransfer` (source or sink chain) | token | gauge | +| `ibc_transfer_packet_receive` | The total amount of tokens received in a `FungibleTokenPacketData` (source or sink chain) | token | gauge | +| `new_account` | Total number of new accounts created | account | counter | +| `gov_proposal` | Total number of governance proposals | proposal | counter | +| `gov_vote` | Total number of governance votes for a proposal | vote | counter | +| `gov_deposit` | Total number of governance deposits for a proposal | deposit | counter | +| `staking_delegate` | Total number of delegations | delegation | counter | +| `staking_undelegate` | Total number of undelegations | undelegation | counter | +| `staking_redelegate` | Total number of redelegations | redelegation | counter | +| `ibc_transfer_send` | Total number of IBC transfers sent from a chain (source or sink) | transfer | counter | +| `ibc_transfer_receive` | Total number of IBC transfers received to a chain (source or sink) | transfer | counter | +| `ibc_client_create` | Total number of clients created | create | counter | +| `ibc_client_update` | Total number of client updates | update | counter | +| `ibc_client_upgrade` | Total number of client upgrades | upgrade | counter | +| `ibc_client_misbehaviour` | Total number of client misbehaviours | misbehaviour | counter | +| `ibc_connection_open-init` | Total number of connection `OpenInit` handshakes | handshake | counter | +| `ibc_connection_open-try` | Total number of connection `OpenTry` handshakes | handshake | counter | +| `ibc_connection_open-ack` | Total number of connection `OpenAck` handshakes | handshake | counter | +| `ibc_connection_open-confirm` | Total number of connection `OpenConfirm` handshakes | handshake | counter | +| `ibc_channel_open-init` | Total number of channel `OpenInit` handshakes | handshake | counter | +| `ibc_channel_open-try` | Total number of channel `OpenTry` handshakes | handshake | counter | +| `ibc_channel_open-ack` | Total number of channel `OpenAck` handshakes | handshake | counter | +| `ibc_channel_open-confirm` | Total number of channel `OpenConfirm` handshakes | handshake | counter | +| `ibc_channel_close-init` | Total number of channel `CloseInit` handshakes | handshake | counter | +| `ibc_channel_close-confirm` | Total number of channel `CloseConfirm` handshakes | handshake | counter | +| `tx_msg_ibc_recv_packet` | Total number of IBC packets received | packet | counter | +| `tx_msg_ibc_acknowledge_packet` | Total number of IBC packets acknowledged | acknowledgement | counter | +| `ibc_timeout_packet` | Total number of IBC timeout packets | timeout | counter | +| `store_iavl_get` | Duration of an IAVL `Store#Get` call | ms | summary | +| `store_iavl_set` | Duration of an IAVL `Store#Set` call | ms | summary | +| `store_iavl_has` | Duration of an IAVL `Store#Has` call | ms | summary | +| `store_iavl_delete` | Duration of an IAVL `Store#Delete` call | ms | summary | +| `store_iavl_commit` | Duration of an IAVL `Store#Commit` call | ms | summary | +| `store_iavl_query` | Duration of an IAVL `Store#Query` call | ms | summary | diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/12-runtx_middleware.md b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/12-runtx_middleware.md new file mode 100644 index 00000000..a6287656 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/12-runtx_middleware.md @@ -0,0 +1,67 @@ +--- +sidebar_position: 1 +--- + +# RunTx recovery middleware + +`BaseApp.runTx()` function handles Go panics that might occur during transactions execution, for example, keeper has faced an invalid state and paniced. +Depending on the panic type different handler is used, for instance the default one prints an error log message. +Recovery middleware is used to add custom panic recovery for Cosmos SDK application developers. + +More context can found in the corresponding [ADR-022](../../build/architecture/adr-022-custom-panic-handling.md) and the implementation in [recovery.go](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/baseapp/recovery.go). + +## Interface + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/baseapp/recovery.go#L11-L14 +``` + +`recoveryObj` is a return value for `recover()` function from the `buildin` Go package. + +**Contract:** + +* RecoveryHandler returns `nil` if `recoveryObj` wasn't handled and should be passed to the next recovery middleware; +* RecoveryHandler returns a non-nil `error` if `recoveryObj` was handled; + +## Custom RecoveryHandler register + +`BaseApp.AddRunTxRecoveryHandler(handlers ...RecoveryHandler)` + +BaseApp method adds recovery middleware to the default recovery chain. + +## Example + +Lets assume we want to emit the "Consensus failure" chain state if some particular error occurred. + +We have a module keeper that panics: + +```go +func (k FooKeeper) Do(obj interface{}) { + if obj == nil { + // that shouldn't happen, we need to crash the app + err := errorsmod.Wrap(fooTypes.InternalError, "obj is nil") + panic(err) + } +} +``` + +By default that panic would be recovered and an error message will be printed to log. To override that behaviour we should register a custom RecoveryHandler: + +```go +// Cosmos SDK application constructor +customHandler := func(recoveryObj interface{}) error { + err, ok := recoveryObj.(error) + if !ok { + return nil + } + + if fooTypes.InternalError.Is(err) { + panic(fmt.Errorf("FooKeeper did panic with error: %w", err)) + } + + return nil +} + +baseApp := baseapp.NewBaseApp(...) +baseApp.AddRunTxRecoveryHandler(customHandler) +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/13-simulation.md b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/13-simulation.md new file mode 100644 index 00000000..1ee27c86 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/13-simulation.md @@ -0,0 +1,101 @@ +--- +sidebar_position: 1 +--- + +# Cosmos Blockchain Simulator + +The Cosmos SDK offers a full fledged simulation framework to fuzz test every +message defined by a module. + +On the Cosmos SDK, this functionality is provided by [`SimApp`](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/app_v2.go), which is a +`Baseapp` application that is used for running the [`simulation`](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/simulation) module. +This module defines all the simulation logic as well as the operations for +randomized parameters like accounts, balances etc. + +## Goals + +The blockchain simulator tests how the blockchain application would behave under +real life circumstances by generating and sending randomized messages. +The goal of this is to detect and debug failures that could halt a live chain, +by providing logs and statistics about the operations run by the simulator as +well as exporting the latest application state when a failure was found. + +Its main difference with integration testing is that the simulator app allows +you to pass parameters to customize the chain that's being simulated. +This comes in handy when trying to reproduce bugs that were generated in the +provided operations (randomized or not). + +## Simulation commands + +The simulation app has different commands, each of which tests a different +failure type: + +* `AppImportExport`: The simulator exports the initial app state and then it + creates a new app with the exported `genesis.json` as an input, checking for + inconsistencies between the stores. +* `AppSimulationAfterImport`: Queues two simulations together. The first one provides the app state (_i.e_ genesis) to the second. Useful to test software upgrades or hard-forks from a live chain. +* `AppStateDeterminism`: Checks that all the nodes return the same values, in the same order. +* `BenchmarkInvariants`: Analysis of the performance of running all modules' invariants (_i.e_ sequentially runs a [benchmark](https://pkg.go.dev/testing/#hdr-Benchmarks) test). An invariant checks for + differences between the values that are on the store and the passive tracker. Eg: total coins held by accounts vs total supply tracker. +* `FullAppSimulation`: General simulation mode. Runs the chain and the specified operations for a given number of blocks. Tests that there're no `panics` on the simulation. It does also run invariant checks on every `Period` but they are not benchmarked. + +Each simulation must receive a set of inputs (_i.e_ flags) such as the number of +blocks that the simulation is run, seed, block size, etc. +Check the full list of flags [here](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/simulation/client/cli/flags.go#L33-L57). + +## Simulator Modes + +In addition to the various inputs and commands, the simulator runs in three modes: + +1. Completely random where the initial state, module parameters and simulation + parameters are **pseudo-randomly generated**. +2. From a `genesis.json` file where the initial state and the module parameters are defined. + This mode is helpful for running simulations on a known state such as a live network export where a new (mostly likely breaking) version of the application needs to be tested. +3. From a `params.json` file where the initial state is pseudo-randomly generated but the module and simulation parameters can be provided manually. + This allows for a more controlled and deterministic simulation setup while allowing the state space to still be pseudo-randomly simulated. + The list of available parameters are listed [here](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/simulation/client/cli/flags.go#L59-L78). + +:::tip +These modes are not mutually exclusive. So you can for example run a randomly +generated genesis state (`1`) with manually generated simulation params (`3`). +::: + +## Usage + +This is a general example of how simulations are run. For more specific examples +check the Cosmos SDK [Makefile](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/Makefile#L282-L318). + +```bash + $ go test -mod=readonly github.com/cosmos/cosmos-sdk/simapp \ + -run=TestApp \ + ... + -v -timeout 24h +``` + +## Debugging Tips + +Here are some suggestions when encountering a simulation failure: + +* Export the app state at the height where the failure was found. You can do this + by passing the `-ExportStatePath` flag to the simulator. +* Use `-Verbose` logs. They could give you a better hint on all the operations + involved. +* Reduce the simulation `-Period`. This will run the invariants checks more + frequently. +* Print all the failed invariants at once with `-PrintAllInvariants`. +* Try using another `-Seed`. If it can reproduce the same error and if it fails + sooner, you will spend less time running the simulations. +* Reduce the `-NumBlocks` . How's the app state at the height previous to the + failure? +* Run invariants on every operation with `-SimulateEveryOperation`. _Note_: this + will slow down your simulation **a lot**. +* Try adding logs to operations that are not logged. You will have to define a + [Logger](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/staking/keeper/keeper.go#L65-L68) on your `Keeper`. + +## Use simulation in your Cosmos SDK-based application + +Learn how you can integrate the simulation into your Cosmos SDK-based application: + +* Application Simulation Manager +* [Building modules: Simulator](../../build/building-modules/14-simulator.md) +* Simulator tests diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/14-proto-docs.md b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/14-proto-docs.md new file mode 100644 index 00000000..6c857446 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/14-proto-docs.md @@ -0,0 +1,7 @@ +--- +sidebar_position: 1 +--- + +# Protobuf Documentation + +See [Cosmos SDK Buf Proto-docs](https://buf.build/cosmos/cosmos-sdk/docs/main) diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/16-upgrade.md b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/16-upgrade.md new file mode 100644 index 00000000..5d56f2b5 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/16-upgrade.md @@ -0,0 +1,162 @@ +--- +sidebar_position: 1 +--- + +# In-Place Store Migrations + +:::warning +Read and understand all the in-place store migration documentation before you run a migration on a live chain. +::: + +:::note Synopsis +Upgrade your app modules smoothly with custom in-place store migration logic. +::: + +The Cosmos SDK uses two methods to perform upgrades: + +* Exporting the entire application state to a JSON file using the `export` CLI command, making changes, and then starting a new binary with the changed JSON file as the genesis file. + +* Perform upgrades in place, which significantly decrease the upgrade time for chains with a larger state. Use the [Module Upgrade Guide](../../build/building-modules/13-upgrade.md) to set up your application modules to take advantage of in-place upgrades. + +This document provides steps to use the In-Place Store Migrations upgrade method. + +## Tracking Module Versions + +Each module gets assigned a consensus version by the module developer. The consensus version serves as the breaking change version of the module. The Cosmos SDK keeps track of all module consensus versions in the x/upgrade `VersionMap` store. During an upgrade, the difference between the old `VersionMap` stored in state and the new `VersionMap` is calculated by the Cosmos SDK. For each identified difference, the module-specific migrations are run and the respective consensus version of each upgraded module is incremented. + +### Consensus Version + +The consensus version is defined on each app module by the module developer and serves as the breaking change version of the module. The consensus version informs the Cosmos SDK on which modules need to be upgraded. For example, if the bank module was version 2 and an upgrade introduces bank module 3, the Cosmos SDK upgrades the bank module and runs the "version 2 to 3" migration script. + +### Version Map + +The version map is a mapping of module names to consensus versions. The map is persisted to x/upgrade's state for use during in-place migrations. When migrations finish, the updated version map is persisted in the state. + +## Upgrade Handlers + +Upgrades use an `UpgradeHandler` to facilitate migrations. The `UpgradeHandler` functions implemented by the app developer must conform to the following function signature. These functions retrieve the `VersionMap` from x/upgrade's state and return the new `VersionMap` to be stored in x/upgrade after the upgrade. The diff between the two `VersionMap`s determines which modules need upgrading. + +```go +type UpgradeHandler func(ctx sdk.Context, plan Plan, fromVM VersionMap) (VersionMap, error) +``` + +Inside these functions, you must perform any upgrade logic to include in the provided `plan`. All upgrade handler functions must end with the following line of code: + +```go + return app.mm.RunMigrations(ctx, cfg, fromVM) +``` + +## Running Migrations + +Migrations are run inside of an `UpgradeHandler` using `app.mm.RunMigrations(ctx, cfg, vm)`. The `UpgradeHandler` functions describe the functionality to occur during an upgrade. The `RunMigration` function loops through the `VersionMap` argument and runs the migration scripts for all versions that are less than the versions of the new binary app module. After the migrations are finished, a new `VersionMap` is returned to persist the upgraded module versions to state. + +```go +cfg := module.NewConfigurator(...) +app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + + // ... + // additional upgrade logic + // ... + + // returns a VersionMap with the updated module ConsensusVersions + return app.mm.RunMigrations(ctx, fromVM) +}) +``` + +To learn more about configuring migration scripts for your modules, see the [Module Upgrade Guide](../../build/building-modules/13-upgrade.md). + +### Order Of Migrations + +By default, all migrations are run in module name alphabetical ascending order, except `x/auth` which is run last. The reason is state dependencies between x/auth and other modules (you can read more in [issue #10606](https://github.com/cosmos/cosmos-sdk/issues/10606)). + +If you want to change the order of migration, then you should call `app.mm.SetOrderMigrations(module1, module2, ...)` in your app.go file. The function will panic if you forget to include a module in the argument list. + +## Adding New Modules During Upgrades + +You can introduce entirely new modules to the application during an upgrade. New modules are recognized because they have not yet been registered in `x/upgrade`'s `VersionMap` store. In this case, `RunMigrations` calls the `InitGenesis` function from the corresponding module to set up its initial state. + +### Add StoreUpgrades for New Modules + +All chains preparing to run in-place store migrations will need to manually add store upgrades for new modules and then configure the store loader to apply those upgrades. This ensures that the new module's stores are added to the multistore before the migrations begin. + +```go +upgradeInfo, err := app.UpgradeKeeper.ReadUpgradeInfoFromDisk() +if err != nil { + panic(err) +} + +if upgradeInfo.Name == "my-plan" && !app.UpgradeKeeper.IsSkipHeight(upgradeInfo.Height) { + storeUpgrades := storetypes.StoreUpgrades{ + // add store upgrades for new modules + // Example: + // Added: []string{"foo", "bar"}, + // ... + } + + // configure store loader that checks if version == upgradeHeight and applies store upgrades + app.SetStoreLoader(upgradetypes.UpgradeStoreLoader(upgradeInfo.Height, &storeUpgrades)) +} +``` + +## Genesis State + +When starting a new chain, the consensus version of each module MUST be saved to state during the application's genesis. To save the consensus version, add the following line to the `InitChainer` method in `app.go`: + +```diff +func (app *MyApp) InitChainer(ctx sdk.Context, req abci.RequestInitChain) abci.ResponseInitChain { + ... ++ app.UpgradeKeeper.SetModuleVersionMap(ctx, app.mm.GetVersionMap()) + ... +} +``` + +This information is used by the Cosmos SDK to detect when modules with newer versions are introduced to the app. + +For a new module `foo`, `InitGenesis` is called by `RunMigration` only when `foo` is registered in the module manager but it's not set in the `fromVM`. Therefore, if you want to skip `InitGenesis` when a new module is added to the app, then you should set its module version in `fromVM` to the module consensus version: + +```go +app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + // ... + + // Set foo's version to the latest ConsensusVersion in the VersionMap. + // This will skip running InitGenesis on Foo + fromVM[foo.ModuleName] = foo.AppModule{}.ConsensusVersion() + + return app.mm.RunMigrations(ctx, fromVM) +}) +``` + +### Overwriting Genesis Functions + +The Cosmos SDK offers modules that the application developer can import in their app. These modules often have an `InitGenesis` function already defined. + +You can write your own `InitGenesis` function for an imported module. To do this, manually trigger your custom genesis function in the upgrade handler. + +:::warning +You MUST manually set the consensus version in the version map passed to the `UpgradeHandler` function. Without this, the SDK will run the Module's existing `InitGenesis` code even if you triggered your custom function in the `UpgradeHandler`. +::: + +```go +import foo "github.com/my/module/foo" + +app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + + // Register the consensus version in the version map + // to avoid the SDK from triggering the default + // InitGenesis function. + fromVM["foo"] = foo.AppModule{}.ConsensusVersion() + + // Run custom InitGenesis for foo + app.mm["foo"].InitGenesis(ctx, app.appCodec, myCustomGenesisState) + + return app.mm.RunMigrations(ctx, cfg, fromVM) +}) +``` + +## Syncing a Full Node to an Upgraded Blockchain + +You can sync a full node to an existing blockchain which has been upgraded using Cosmovisor + +To successfully sync, you must start with the initial binary that the blockchain started with at genesis. If all Software Upgrade Plans contain binary instruction, then you can run Cosmovisor with auto-download option to automatically handle downloading and switching to the binaries associated with each sequential upgrade. Otherwise, you need to manually provide all binaries to Cosmovisor. + +To learn more about Cosmovisor, see the [Cosmovisor Quick Start](../../build/tooling/01-cosmovisor.md). diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/17-config.md b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/17-config.md new file mode 100644 index 00000000..03aa55a2 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/17-config.md @@ -0,0 +1,24 @@ +--- +sidebar_position: 1 +--- + +# Configuration + +This documentation refers to the app.toml, if you'd like to read about the config.toml please visit [CometBFT docs](https://docs.cometbft.com/v0.37/). + + +```python reference +https://github.com/cosmos/cosmos-sdk/blob/main/tools/confix/data/v0.47-app.toml +``` + +## inter-block-cache + +This feature will consume more ram than a normal node, if enabled. + +## iavl-cache-size + +Using this feature will increase ram consumption + +## iavl-lazy-loading + +This feature is to be used for archive nodes, allowing them to have a faster start up time. diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/_category_.json b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/_category_.json new file mode 100644 index 00000000..c4b02f46 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Advanced Concepts", + "position": 3, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/baseapp_state-begin_block.png b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/baseapp_state-begin_block.png new file mode 100644 index 0000000000000000000000000000000000000000..745d4a5a971292bb0346c35893b42ebfbcdc206e GIT binary patch literal 20565 zcmd@6WmHw)_s5SOT1t>oKnbP0kwyXOls^@mAbnmtInrrSg=X%fAB3eUDo)C`;4+H`cDk{iofk5bB;P(%Y zuz|Kwc!>%Gq5~<)zR~tI+0VxLLe@?3iQ7OH`t2Lbw>%a+5;={2I?Zq>qb)4UzcMqTUgc(sw|^lU@i-m}r2F)d?D!dQ|5HQrK_9|8 z>_gzDV-qon_vBIbSY!wbf6Q+?*LdJo{Ibf;rcZ_+E`Xc-DzbBm@w#f!@xZ(i=%b!@ zpzty=NpF!JT}xKT)oXYEMs?t-D~8-0I9}I}e^;@EoEnQKnxTeY9Qv}qLGLuc1CRR5 z|4Bht02~cOMc@>}Ml1(B?i-6fM8e2?@FMB`;QzO;OWyEFkIRI3q3c2_QHz98?fDh1 zB#qntVH<M47WREX5ZenxMVdFUDUgRj&DsTh$mM_lddu3jm2Z!9%eH&|<=JDG|I;}qYaCW>J zNo{?U=LY35?_jChyd05IYzxk|?m4yAloVEadc3kS0|Ez}?{R(@7*xg5;6 zGiIBJqtz5b(GXtL>$W$YyPr&mZ=+O7zn*V=C2Z9dL-ew2dH%E7;j~W9K!&Q)tN))c>V zFpv{pYJFHJIA;FKQ^aT2=gp0LZlIE+QI*1Q&aG+*mKR@0jinQ+c&xT;!ft#rkR|)- zZu<9$xN|cOPI=mOPQL0zRK7xr;pdQxI{R3um>`_C#0wpJGVwl31)@hY=t>TgT+IAM z+{qKg;{!vP!q(FVMAkjOaI4quh!~vaaK6Kzcs;*9=I>9ENM%r5%W()R#wC^S+fc;+ zC0K6U!gjKyp1j^0@?~cnHV`>4GyrAv_|^7Zly$UXI6HF?+D-j^pWd5Uo33-JKsj}z zFX`1-z9OmpY;^%97FIVI#F*@fq|5A{kKN_FF2FZ}Z<#44;DvF^NIhqxHk;7sr@bc) zrb%F7=Yg*+V%F{>=QhbgXBY51=Qw63e!|OJK>*;)hBg-L{yGQb9@0=G~83pG( zlWz{%Oj|`Ri%-knYhI6-a&kZA;J~2L6Xu?__1O4){}nL z5mq}d2`Ju~H7dMW-HN9^K0hHET;mRg-MlY!FD)wS)%>~D?Xhv`BVV9+XukEGPITaN zVgX;FCI60~WigtYnbqJ}Lp5YgA-!=wFF%;Y_)BJ$#~I(x5~FhG_X#6+`!f&ua(~64 zw_#uSu0CKu&sXJ#8uaJqU;#scEAe=<^aj=2oA7qV?M)dimCT*S9jaFR=%ift)rp(eBB$fS?shskDT84gbnHK znp74|3wym)!d2s>)g6xD229JT@49||^_C+FQtta$7}y9Zfk5z7#p0{}|`5 zFDxl~LQXTxJL6JZZTHtTaa0l-2&ZKRK}Uf^8`XKmj1ZNIOyEl}e|4>pBYwrGesBwY z?M70paqpBa=2FrOZmKeB4OHCXPU9MpdiZv_H)&FtF_hM-o#S_HFk9`F%@GjN`YR0~ z;7NSGzsxA}>6|aG_v|ug?n}4(!2+d6b{TkjFqXTOwaBS8p4!>Y=2} z!9x3vOYjyWq^~3y!g;xsGr1@ZM#f5$ha%;+wzPJ66E2N!*3sI)L-QPvyq#81xkiizguFHSXS#0__Gj*($6O|vhXrtAl zs&~?{JHO&|wRz*RQHIT#@7-%MhJd`;5p`=7Pv#8xBQcn|QH|Saz0lKQWAU&%o?va1 z3UmLvU{Jg$sXs7f&sOie^eBQ8{-|lX0@{&MLK&+ad;fjtDXTTA`l`oWqt=};^=zTl z@BLQ%9pP|h z8n5k6DK8$Av|Gq7p9>Si6-G;5u8w~7OaJ*yl>wU&0kqmH16g+XyH{+pJ~ucq)>eIx zNdB?n(U%B553@?EK|N^`_V=UPsezz&*m6z+_xWC8zr=ih0LptXJPCuLliwf?L8dp- zhuSRZyL2wY)acJ(&ppklGvdk>WB2%UCNzRiyj*+usQ-3tkgwcPBW)eZp!iamIgV$F z9By~kbSAu_LOEI(rtPpGdirXmNhY`dhj;uhi7w={-Mp%6NLjjsVoor9Q}c9jLltI9 z`J{%fDy{87r>;zoa=(L@5n^6)-usBNZvr)EiU$j3Kg}^a4zBRP_iHi$TPlh+`=qKo za(0^g>)$Xi_M_L#GU)rBVg1{82q&xiMfkFUUyTjMY>j!!^E=N9zaCf|HCshW8N-_o zy-G1(idCBs6-FGEO|=4T^^`(C#i=O}KZ?d@436JjHQlrZ-^~W^=YNe)~G#?5A7Ymsf%!l^+j}<<}ReQ~f_rFJe{Nh(%H5fd)9R1U2 zqao`mU;C`F&^h$5{WB+tfE|2fz?)CHub~7kEHR9 zinelv0=Dja-Jwrf@R>|Lr#bzr^@LbaSwGjA!eC=gTm*#(+_Tk<_%P0&QYg_VumD4DrTQw2sXB9 zSLmwmHqSGV_4FiUzdGC1gJv}xD}M0jj0%PM#+@XKZ%ng+c5*v6L`M7T_0>x-OFcD1cs?LsQHB%jAw}7nL7)W7f zGLJ3HqIhy+?>B^I{C&(b%WH8u-rFtc@3$`Nqv_4TtpXvtQPGodCj-7*?H|iVfXz){ zpJ|<2&#!;^n@TPr4Pk1}oH?{qNTx(nx>qe8?q(9k>gF=}>`_HqjB^c2ZaYGLVd5F| z-w7Ob^pv#AUXfE{MdZX@<#@*t%yI>x^k5z2B~(w->z<*hb?G2Wagb;rFu^lUtffHZ zw>D~tDesp_+gas*zU^_hY5Nj#w}V4D{xni;hn4>p+d`iBb-kR3~5wd*A=# zTs7aK69yH$U^oBlF-_E(WgpOL;XqPmRo@c;alpzm3DlVIT(9|m(icr=JQNqXqyNQ3gv8* zpq(1PQ+ei_aTWXne`b*%N@xC-aOE4h=LfHH@R@>gz5>CK+Si}UmImmqIE=y! z2cP%>8_9eIaap(wWLc%?r4kDsm%KU|!%7`NjJJfWg)A$&4!LhFd2VY-UGys2YpnR~ z2zVEc+U)Q3yWgMEj{R++tPVk8Q;vN@5EvoVc)HAuDVu#;j9v%yEChIop1~F(l%7?h zgQ~iYM{9idG)~am?*W(oVZiC3HYYzuEnPw}Vc-onv4Ou2>;uUo1+T!Uuj@krX0n-| z`22^|PQ-#LA6i^a3^Bmjy~8jskD_OK7H3n&o0%gQ)b%!-g-!$;1a{g(AIX|^5!K>J zjHTk&vhPkHCZax5p>T=A%X-uF^U<~mB1tQb>+a=p&PhWr7;BJde-D<=&x5mLosClU zbL5`hR;oMI;PVUZPqsON)8>$XR`44p$P#z|d-0W>TFO;7%{nG*0tlMSh{VlXJB|Hm zQ(72vP9Mw3c6ky;?!I8TB!_A=DKkt;Ef=cgvX$)R=-rRR?abHiKi2x@Yw+sV^%=YM z);Gzz|n0`+8Bo za(B{+%gNA3kmr+isYj9ISfLY!L5oAtg3of$mLvTS9b;DG#+SJk)j_>B7@ra!gqNT5 zo>8zGX;BII%g0c#GU7 z;r^{16sGz>m`jqZfej{)NOHH)K4?N2RBc+1qms<3SJ*$Ns(%RQ?yG$fsS6F)hX@DQ-s&y7u?Go(Vu4jeKR=w^k)%wb!`#^^n)%caNtXg{Y>V z$H}b6y`RC2R(Ff2@W4nf1-$8}lS;tc<6Nt}tCa&MC@Ox<-E5vIb>z{}QlknQWt~H2 z^x04U%*}$Vtz|o@ANHyq4;VP-NPJs$YK@F4R8&>9;e~pNjnh!ec#FTi<%@2I2(Ps5 z@gC>9%gI!1q$#WBJ5gOWHhxJ_2q;?dy!~_8)_wJbVbhaj)i`LWZ6<1NEl_RoCk1cD za?n*n70Gg=n+zh7BW1r7))$K9Xr&U#gf49uO9+$PrN8Z72zcl+vv~1M3Ir}1=#I-I z^O3afzchD08<867C9f28{b_jewdW=xg7Zy*2{6rieLxT=gorGY|8hC~d369nVE;0; zggdsAma7P$6FU*iZqo*_WKs!18bAYNVz*Ey*#nhSxL@S+?CavG z+>Fb935!9Yfp5+ag?I#mcA>wy)q`>FVO+CT7WJ1cTHU+VUMNvYe*brNx09h^i*eL{ ze}5feFl`M#_D(T0&#*(SCWKn57}Wi;k}&(k0iKld4<~uq3O>Ai1iok_TIB?vV*9*= zl{o@m16TCUT@#hw3oJdkN!@H;F1UdlvqbIB)hkvNz!yi!T~0DS6M0dYwCAFrb=@xzYt-iM-e;ScF7Bo zWfq$SsJDATJZWP+%(i+HFiW}QLW=iVRjj>ux{*Xs1I`a?_JI)`Vp5~hECOSMB3IUZ zr~Xqn+!u2-ohl^@>*YC5q(j{h`1Dx^0#rXG9zz&g4qJb(b7f08nz0A|e9`7Q0kVwP z6LrhEqWrxbOxX4)oOi>rH=N+$)e5LI>BQufWWP?+xcI5-pUvnt$b&9@YL&qa0-oB- zC&8H@m13Z)5}@w;*{NTzIj-t6qT=Ws%X85i+006kIXc%I&Vz0fewgC4k5YtzMyH=X z$^n57TcNVH9*E5C&-&W3xj7v>@QO0$3-024-_a&G-*VFeUG`HXCtOzM!|tcxAF~0$ z({r0&LpMKiTJ*cVB4G=g-c2CwjaQ!jC<<9%*Y5?@jMY)4B|OJ(s~x|({Y5!9DE^_D z*@%;@`mUq;ljE4ZM6K()kSrQB^;`+PUfzT%9-LTzS(s9Qb9)B`A*M}^|1PEC#qZAQ z!0xx{qSi^cIc;7jSm4RN9`vpti)5lPrxtIQL&S90@w(Q$lg)s#dP53U_M?3&o?1BH ze`sv1{^F5{->xtQIGzf#KT7j%H&HDoKmI8<`1(z& zsDB@l?1SNSib##FQW4kC=H_$1f}p05yQx+JPwf$%nPUZBTa}n>*|*ES_ffNJKN-yU z4URXMq=OuC)!vHZ@jlL^7)iQ6d8-1M+y~ch^nN#0nlh^B+gT1y`nzaI?ejgN?1&eP z#Pwa}Gk6l1Dd;1~3hV=z$Nb_kCoxx1Q>5wzo#Xpm`7OZNZLVT#;&VV4NQk5{2r_k$yw z4OxCb_H~WT6>7(<@cOVWa!l&rc-Fg|xHd8Ltkz|in`xg3}q~LPHp{KmBb-HSB4hkW(ehgoTW9+fDCUm$1yLcOrD`njK07Z zrP#F>YvqA?ajYeXCutr7!8n3lCl$tc{4qF9#GF*shVa0CNnXeXe~_ZGTmI=t)npX! zdiJ>gpN~9Y8zHyXHMOia8CQ8%kX{N8lk~axe8)+xF*@J8s+aGB?++YzrjN2U24NAL z)HhotrpP$l5YWpqYxY~Qj_&AmGiKq{$Mp@A?z{o2mwKQgXts+6XPNk04 zJJHN`PY!T=hIaBSzh0lmNDCcmsv>dJ61)GC7wzDJ-+Mr(e8K0u2N4N4sBOMei~gNf zmQgqOsqqOAj}9b_zI>NgP5y{WGVr3|6}ui6Oov`sMSN--M~b)fN!6DWwrusDR^h>k zkd<~5`-R#@h*6s!kkAZCFW>r=ZdRRA=6lU!L&c`qwaSgildsLU;x0DlUD}{jbprz( zSg4I|h{!GPlxB&H`QWPteJ8JFsnRD8cktV7Z9pO@&5erqBjuCApq8P%75~Rp*W$07 zQ|o!Ev%p_4lF)`|hjCo$T1)NWI@TaZ5^|->Z*JyQJeD8doVcyi5PVnie5SR#nFWV? z*33jJ4TZb3c}Yf;&sW-7Zq#T;SE8DZ{!j(s4I{2xC~{_8pR0A|QQt*FxDFjbH{?_k z`Bu6Hzu>ZkL|5A!qh}qbayYh=TxiZkj%T*jkiea0r}NE^=t#xZ#UH2Umj)B3M#N%V zsC~sdlzjxoC1r9iWv|>Uc|lH9%VT;wYZ}yvsjzO?O%-;wf3kH3e9ZSwM$3gpMOvFrZ+UiRg z)M%-X(sdD^qHDbSvFj&h)hJM<^`V~`YM%S?GrN0VO9i`tOJd9)_RJaqS8IL-yneNA z-N$aofV+X;C%P&xUYYLAaY+<%!t(o}{q0PG1Ps+b&`^Ab@5~;*Gpnm94dxxL&6Xqc zKBK421U=&!M*jxvF9u3oba~cSIod^HaYM~J#In}06KQU)qrSjRrrX(^=So9N{`z9s zNw>pF#li5oS7teR-U9}vIf5hKrV!sLs_oKJ#Dr zlQf>MUo~d4VzB?(|CjU$`14)^;TPk^Kwg!cGR0*1{w+>N>#ORr4!ra~993wDxmx>I z1~oSE{h%wYm(|^i$V&{wrNg04(KlSKBH}2~y*tjWhio^FE&&2V zqJ{;sJH#^^B=!k=`S)jE-HRq2O_@~E2PV5{{|D+pE{CTE!Xg91+cT z<#SB(M0@xWpDXnB?#vkJO^2m|g1VYN8XF)WQueuG#zcqn`-m4RGb%iYcy-B49lSQ3 zA^leilk&s#bDO`WKh|NcoXCI9{kKsTr(MWBd3P#UI>@raZ^OrKSmlhyVC^96c@;-o z6A^)RL5g;OYy~~VoBBTD9ZbhME^fymy-~ULnuEFR_9#9K5BvzitySE3rC!9Ca`F0N zb&p=+A;`IqGl@Nw>!Y7;R_SkeLCg#j2e>@PDF@6HLIEcJZlw$6%A}>L>FIvdx-Ek> z$fH|AQ#U|aPgh_w@61H}+>GH*kS_|`-R#EZg!;Fv#%)eKz4Jgf|d zR+V-x2l&E-{^|;OhKv6Gx}HXPtY2u0iJv5qupLXpm02-TE*?au!SVFd6k# z{SCvz<;e(pcx(ca3w@InhbWlsqDbKhlTEDU?&O&`?dPKDZDiZSJ($b1fq^LBcSY*w zL09@;x`H@592M>I%@IpW42ay+vYmnhl{x7x8rTSw%5Pd_^D>0TI8Dc)ISmLITWCFCQ_&7Pe+bEBRd z&Q|Pb;#wrk6El7V={-XoZ*Rsz`Ml;HtU7)4a!;-i@gC)5?TrI8`JRVHS@wdnAN>Lr=;H=&Q5V# zj~u9G%#3f+9BlhnOAQvj#76|WL{EjHr~OsGJt~_(4O~aGvzHde^T%6UHAyKMec%kS zTXTGYteXGAY6q8b5q3HB@PBMN|9$&L9xaYWzg|hV!dB8qF~a=mYqR)U*Q>XzI^To8 zkfw}_b};pAdb>^wt?$;cI=^)EgGX|TUT&u5W~-X)F}DMiZ(`q>F{F z1k{v6sXhlxKLbkQbwFNiEK~L~0H`iEPpge+V_6si|DQ$^X4lvXl*Hcx<0=0-wbBCI zzvNhCTY}D820TM0L0Z7r6ex**1#08d8jeQ*5y5#_H_opUmZmFh&R!@_mr-5;l*E7k zGsO=NJPO@FJk}j0G1x~$GyD$by;H#?R<~F9wj-voDa7d2iY1C|A z`T&&vrOGeXeo-&KV9DBOXcjw^TQn^4!8^KTgZLF0!$p+M*{29ngtY%-GeTHg;Q zNOlt*_wg-2`JycS1nWicXL=MKoYQn zA{BrJr#n|wYv#Bp!!Y$fKIA_V1oSwmLl^WoMk+JEa#LNfj_W_T1pOa60($=PUqcom zq-Z{v>)>Gg9}t4s4A>a$wd}u!65O13V&Miu7Y6Te6OLu+*Cj{bWoUL}n(t;1Hd zneu?CeA8eF!^?hxS?{G9d`z?M!ME4FrM!>Z>3=i*Z-~ag5am+GG?8k7wZ4DipG8p1 z{%?My$)j}e{ycvg+F9^#Am3E~8}~nmM_fBEKZ@gNlF&;&Jy{OOBxzFBOD$Ddgs*-o zjduc>#!RDpheO@}fjA}70<5k&vd%Gm%P*m7vcpk*K`)`&vQWAA)Tew;Sn?_h>LdS~ zSm1i%Ch|W_FYoTd*yocSA8wr#_6`ge>{>c>7oN%QNBr+9>04b;Da8~AGeqP;EVz`k zvqf(vW)X}wp*b$1BPL47J=TwM+1Vjj zzs>C4|K|t)gOe(!INjMD;4q@M*EiaLE3lWG{b#2RsN+059aM`F&{ogl{B6* zC3oQC2)gn9b_fKlGTYoBZ`F>ExGsw~?7QSZbuviuO*m$+^HQ^)>-pYn8}hxZx$+_T z|8Y=lti)tw6JXgnMnx#Y=z4-wFsdNcMCs;Y*|)wHz@XH_Hu{qXlU~UWKb+6IL_04a z-Le;KNSW21KWi-l;2xK~I{E(wEZc+*l=(*z85E&JC)*>r<(@lZM7+56npkVe=z-dh z1?1mf_jfny#trTTU0EW4EPl@p=`Ip`b5ruqTiYcx^5hd})Q#JM@5Y%_GsM&AWj@JX ztdJNMun{|wy$-&;97^Z6%~8yH?RIb8`RPuj6TpOqj_hT0{vlnDRIoAx9le8QD$Rj$ zD3YWRPUse+kHXvQ9H$vxzrNi4!umcgTF;z414o+sKUz%MNGs0^HO0Qcd|99 zjp1f*R>v*LUK#Rm&rVNIPu&|&t*2@}Xe&~O{-3qhiqPY!1ldxhLhkbwgTuJ-^nFCxjKt?T|Nr{7 zPzlp5Gc?{C{Voq^iCW$I)TbRK(sb;uJ7bKLuU%KHBg&*{7@aczw@|^Q0gpM1qvU4_ z1^-Zek7Z#JcD_H4a_CB<#ddm=$DUZ&sd7#^{td4y4gKjmVZ6Qo4RiJ$XWSN74lQ8$ zqacI{32u=ojJr)`EBWOnG+_TpS+7H<$7xN%|4xOS|MaanyUB8fxoF7!tzU!3_U9EX zwXD}wcJ+P%bd zdm?BzU2d$^=xGm-QSuwf>XJ#3w81l|a}SHV>$7<5C25RGLFa|nv$gi`KUSs)yO^X4 zyX1(U{+8*W2_BI;q;(7`Qp=7zXm^SsV+AzjJFV70zput}u@vN?QOn00{iI*t<-2ISAX=71M8^|;yX#Cv+HG$c0jq@}+=NIaPz1M_es2HNA zD~KY(0i*Z#(uP2o27i9QQBGmgu>zJGsHm3%hE*&DC!a29o(=FAY}bybX6&Y|fn#}Z zKK#!0zc_FLnf=at<9>B)O(_|OjH8h-)GAbAJ#4winfRgE`Mk-p_p!$kZOARXn&Y#? z*PeegC=g;GeN_W3dylhQXc$T5d{yn_KnV z(E?!Ed6xjJXdgQ`U<`U0=Cjq65jv0CgKq!!s#1?;dM`Hnjn_VvFbTf0PCcu{Qq7eN z0`{sFh06elmO51irbd}0y_9=9-@lw2c&vDJe{-n%K-mT?5CiYkB{tnT{uG@cpPB}a zey_?E@hGg~vgwC*@9T?pf4_?ZR+_t^79QK-=ili=iVnMDp9)+4bD%*eqjLV+2t0Ji zC@n?!DQa5X=2x0|9!bkH_I62tfqT*_4&(_ZizQ`vJpa-Li1eC)#~L1FR&fv)jI;wi zW~u^upsMT`82=`R&;Jw6Y%rBuxV*<Rn9V<4j9=?S4r&lDa#6j{#D-rxt?nz<5J@8w)Cbf#{5AW3g8vZuUpzX$777 zvqWlcPsi1J{5$g@Wi$vWz>r^nHBVuGu5NQkcv*n-wNuBUJXD#pLc>|s=dn*Bt_Xw?^V zix)eqzVo_p(3**{<#yUH_W@E9zoN{XO?fCM;1LPu|}PKHFJiP}?M$v?i@Ev+Cxnib#t`JNCbhsRF35Z)^7DTp#tkQr;BpkxvF1rP>U-=scj5 zym|BH7?`6>B=g*dlqY=w>+!-y4(bxpxKs4_EupV|Kl-z(RnUAqz>fVkjCc+ol2_bR z1v1%l0~8iPuK>Pt5Z~Y6ov{Lb(Fj`Qo)HQTf9{r3XqaQ>$JDCZqfVlsJDJ?DH=yhr zI=ynEYTv&W7;)_s8raR|UUE36b1eb&(H~+tY}CyMr4HYgb@O8#_QslyZ`LyL7GCB1N|!7S?@p{AKcD>Px%Lj%Y_b4*uzThe*q+f%{5XV z$7Mjuln~g0MHOv#`D3l|LC~1J*KG4RUW3e$tCcX2T(em4?O%C}7poXe#y=^zUcwdh z9YRxqRDhEGY1Mm`&t0yXBS4N6*B#qf?yFPAvXWXM;B* ztu6yxPdcuSV^$v-CD6G`u~dx(Nm^_+`x%byZ7_K?Ynz*XzcrG(TyQ?@4|;wbX-$-f z_1NjFDiUp!7P)39P3Gh+NTD`kVYFZ@bvpx|>CoDA;K-(nMUkPlS34tRFm}tV9RZ5- zU1XnGYy?&@R>`q~ZKmFM_KB_dSpD=Nz!K0{3pLiiI0{2n7oV>VRhJbyXpzTPG1U9nr6PhqG z9YngI51Io)7$F1bJ&^Amqbk}m^4!6fhub*;!|jwX4!9xa5{9aNeAL~VFO!`aHai{# z-CDLQCyB6C*;`O-ydZ`ZsOgAQ^g!Dvp?wAjMXIz&ij`e8{_9md1d_|ypgn3vXdyb3 z)2nf8$$%&nla7Q#y_pOYRT#=;DfP<^BxOeex~BuLH~s=(Q8NqcBn9UqSt0e zOon4%6Y$tSezXGUu}xQ$&lGdS8`8DiaM9fL3m|BsZKXfMD~BWN)lz3hLRB1m_! zVOczVA*35>zh9T0_f1;iJF_skEx-`O0a)U5Z$qjuMJ&TZ6^84|Rmvj)Z(Ov;CYu!p z|Jj*%UQea_!pPFQn^BkUzYmN3DD-Xk>Hh0cZw_Dh<#!kF0{RS${PG_3JO*7NVXj`Z zgq%2u&`;$^{4iQQ%bjL!IQx@qmfDDiC*R3w5O5PvZ3}Z*3TY|(ewQFhQFG>4mQkX| z^q*d&tXS5|j#X}a2L@2@fjyRJ3(Zd`Bs$oHFe3`>kuJ4G%Q1pjzFXEF)n08yADQ;b z3`_3?1qm1swVkyXR=7OxCB6yquv$jE3Xbzm9_t7v(R~I7k4WCY`#r4JvpS~bOYpSR zU5BEsRqjrI;yNO@LhRldYZgaZhVh>IuY}=rc;W|9$|%WNu8MP&OmF-8Snfaw*k8Me zRHKhAK9d#b(Ps|xTOo73$Oq!fHz>_IH`YA{SX@8Q>o}slk9r?fKY%j!vE zc}wNcTbJH@=JlpJ*qhiXzwDiv;-B17f$aYWu_INteD3CSaLYAyTOW>3c#i961$FTB z;7r2hrpb@VV-Qd27EDGO{Q;?5Rh-(O~92-=3n)v8Mx z|DnlxzHE-7QScur=@MP%5)*TlfwL?zaJASHPQ`rB53L(Be^XPcBvA|;v>;76eHOw> zjEy+TC6)R4^!d+{F4d!#76k;R!NVkkm0p^%mwOg9%U@T;o`cO$T@S6v{VigB?O2Yl zjAQot^X>s`AJD*rj{}`A3Xe-e?pU)+$Wj}#Zxptkn!>>K&I460tO<(AH-WegAUe5H0rQ(7L-h<{G;oQB4U(d z(JVJcnGbC8?*Bh&Tn7%_?fciPC-SGME#N7oA;jY5Lh*9`UXyBEsnf-^&arMM?09o2 zVdJu1esk;0kX?I68fuYK;~u_a@nR>ws=%2`Cxl}}CZtIeSdLaU2L@~@R%_ouAs zQ}s1uAw`G{&g;VYdw9Bp0Zo6RCW0%I*$*!@@i`X0GQh;~dChPCn4icxwg)se*!f+OaZNpX>!`J6ulJ?oBlf;vyJx=06z^cn{fqHG6aeZM7rAC*sHDI z3UpGWigCW&xo2? z0MOG`0ClL<;-%OBK0m+eaSB{l9ypI-yYSIP(2iBzdWfmsW$_EQ_hBM{HV**DAsFRK zCcajt@C|(!tL+;cbLjKMkdEykfF3>$Vj>mVPgbvYg3)t247Nw0K1u`yOt5i(cv_Ll z-}b;ZJtJEWVO+-!tkd?xu#Fz=xbU9wAf~j*A)8 zpt7!i1v#Pb{YQ+Lz_4E_0y{KGhWj5>ryn0K0$>hUc{=*UN?&79gPmx*mh&RR?Pf8T zFNFZVgxPW`nBm_klWxn%k3BB?v&1jwWnfB0Rs03-H!ZMZXhu%sim6fL6!|}6rv^z4 za_}R{ESG6gWCFa?E;;d>2e!IT`a-Wtt!KNQ93MN%#p`^oeq~iGo+uiR#>t_*{qUNx zVTpz5tnr+`9doZ?cjQv_ChiP1%FK_uA~#!W2U}=%lNp$9$~=YMRGN1BBnpH#ZHx*R_FRMsCCt|zvRV4{Izd~pqFV_qxEHi67C-tgC8#>r|n|p#PpNJo~|#9BE>BZ zzVzo-qP0WU(*Ztxt%sJ1cFb{Rjlwx@CZ==IgCj%B0q&C zieW*V^k2*P59u>G4N`n5C*2<8pFO~C$Ka1$rhX|E95mDZtj&i?Oj&m%i$w&FjBko3 z#>w>L{<~G+G~JGn{e4LIp9_eQ6NdvChdq+Zo|#v_{F)!&hWTvmxc!*Gk6FP*(e{G? z{>BJi(i;ky=ldGq*nfJf{1rseM^pmH_1`TohHGZ0B#NW8u{VO&IunR-%sy4(WO^+m zi+0eiLvYwB3^o<~FXsx@k}^0R1Zp9?ElInAH#_`Dn`EQrx@h*_ za_Sy%fHlK7Jv&L>?P(tx94a@3a9HDbLy`dLN3kwX?VX{cA4=G#K!w1W-K*(Tkmuc% z#f7&bRG>IZ;;bp~sObb}(eZ^P)^-DXpQI4bEE(Uq_Jo3Q#4$+HqfK6jIJ zwfYXf?Rbw!p}!G1;)TrcB;$c%pG3=5AxOvj3j0(}^}W;f`h(=q)k&}_fJ|3UhRm$MpyKc z?g@lCLGzM{^xQMd3toK?v!_fuQruGP@%L$**^f|glGf65kAE`vW=w1Q-CB`)u8=*) zB{kh3LZ+QIVxyv+t`SNd?>Huj5AO2h`&^srE&BDdRpsjZ;4{~RB$v2asz1>Mu`?zD zSoeEu-sg53b7aHxqnz7KjZ#^e0n4ZxJ#&-^JN!)SU$hjTfQxS6$LtLTrvH`F-K{MC zQ6q~1siI246obDbh=9*L0(U{o>CqJsWkwu>%n5v49sBH02TOL=t!9qPple~;d<}X5 z4emSNaAjTekFZDw<#?_D>U+pdvkJ2M4!%@UgZ7+`D%B#_KV@_AbBl^fnsNLiBSMJb z`*-k5>6~BCN&QA4jx^_moKjoWFGNeGbgy)S?W8LWMzfeAx@Q5rX%l}t9xG-UcevNT zF5pfn^=?PfFAQ)G(jEu7>qi#T;n)fM+~>e4$aL~AWuM}bf#Y0{FN?G}!9I~uT?G(6 z!WFX}Gc9Y!=Nw`TFR@xf(V4u=!U*%yAy+Q29Wi4KhW%fF6jC`&GhdM?m(?wb?5h+< zd&9uDnJxPQghPxGn)DE}oW6nf3L1_c&M;+lYzwt*qIHZge`RSa2Erprf@-9Y&jM~H z7=%XbX4+ViOPKA1wg(cB)V&JP+D>#1KT+&bbk{^Ye<>zvu;kZU{Y2QWHB{+(MeXU* z;OPe;G=32KK4UBFzFIzSu^uY>qn)H(PB*}lE$lmqZ3E=nQ_Zu_ndp{PPuPKz;wv~M$Am92Ak4@t#T<2cO4?%T7 zWuYs!)adt0V1&Y1OjnWXxx{ZHd|{i1D|#p^D%Kr1!U~)<`yYG&-ehvhS1VeowzX9F zhQ?oTPZMa31Mf&LQF+*%OjPVyRJM$V8k=4tqM1lVsEF-ap}l!+0iR{!@~e zRwtsY>3cXM)(CC@e&%_R>h#k17R_ zkhg8FQ3s=$nH;#F+p7 zE`Tfd^`8+@a>PMNzZDVYlLb}tvEJ+OOgv#&4Nt?`fF(8E{ZmPs*pCDH1Fp8S=)Wsd zh%>dosZZJOvq*z{?beOp79fx=n-4YVyu_^?4iG?wO3DHrJCaqBw`#OuJ-W%Pkz|I< z-Vt3TZnpN;;Sy-MN~}rd6AhnaPvg_}skw>2iMdnqGn%)O@1Eu-!}b3eci$r~tu_M215>eJm!Bfj*o;i|GiM%Sv*RXiJZ7upGRN)Q4MWAWI{|8gd_y>AxlE!s zjDy3Zi+VQbI26YsT0DXiU*20v0UwN{?HBx061>)w)lE9{@*aQs`QOS@d!QhN{i$*Z zO{ScV%=agGZ)?&iQ5k2u!3?@dqxU|QLplc3b>5<(gRSqGKKm6P$;8O z{i?8=_q0h*3>LnAUnK;1`dn;X{N1xET`eR9ez_}7Q^MWFsZ&IE`YS^2L{#}hVl z`>vVX?1LjTnkuoA4_$i(H(P=L4dedv4Poq)u=R;vud3^n&t01U)@Pm$e0(ou1ND7p zI#M3ZAWI&A<0ec52*6C&fV>(v|9QnV6h9G@1x?wa*l5SX65(2WEQWSj+uQRmat&1* zTq*E~PDx9XDOgpF1E*dHw4ZFB0reQF?5O<`gPKB0VT&KGb;rUB(Zd=fKKoeJuO(m3 zbbRZh5aqyInF9$Qs9zHtH8e?eR3Mx64lyIj0t(<$C?&K*1=MoJf!8ih{dbCKphh;` z4&W51gG-)Oa4FUUA>HbdMaSMu)%SD=t3I#(o6FxaM3kjZ%lVlc?w#@9Y=u&@Z?Ry4 zE$t~q-1EbjG96=5Jdj*y6zC&pc)EXP!zVElD-SrN(M$C%*C04Nktx4AC}7kpM0uUZ z8zuKgXJ{_S12~uj+1`kG`xT>HfJ3E=*TDG4hZT>7zyr^!O6v-FQxFWO&}K}gA+n`O z>8$acdR1}BYSKW{<(h+HaZbui>h)UZITVgQOs zDSQWGRsq?u7P{`%v_cT6jkA_n)RMnZX5WV<*1_A=1c^o$cfxtYD-UW@M;u;KjvS5#7$AaFw)6}DB2;y6();e_MVpV0z{j@R* zcI2|RK2d&6E=2@=YEqt17@;AJB1>~(JQHQIjvG{Nm~QBVtEZn&(o^=8R)LSWTrVvS z3k}1%FUKzh$CP&qz58en6*PZ;Ss`4(+ZGN2Xzl`0_^jT%3O)^$M__h(Y#FS!Y8+iU z+wCzBgnlr;Pc*g=;T!X0_zLgf3p|`1(TrCik^?2S}a)k3ErJItJv!r8| zz`5bYUTfyuvT%|p1X2P8BY8F9XX<9msg#qh_EPB;Ppl2av^x%{eSIEU`mnfbYs_P( zYi01;zvMrziz@_najCBBX|IE}9I6KH!!yjKprCvdeBXihbsvGSDm z7uIezdm10ZlgNKXurYYWZ$kn9_DRf^=5pP#ha`pq4`Dkc6d9+-$Ktp!$`}_+d|c(^ z{-XFJrN5Xja8`FgzV5(Z{y2yd=}wNJDr5D~`nbJL+s9!!|H8k9d_OCfQ)}=I-kNmJ z%ZaxuX7yziMJ_5=9Jehx{isjgEInb48(mBeo9FMrFn*+#-x=k}5_6k1y7tM5xguwW zWBM0g!dO7JKnU+EgX^|fnpaoNV=i#+)w)t zmZbGayeWEx*LBK28FLuyj$<*_^$*m4)t}j8p)(r9Aq5*WqnnF^#K9sxA$@&+s$4uu zWXasdf>?n}3lP#`EAirpw}9Gt(gJ!LPJC=Av3{Oa03=2%pGa73!y zwIiX(dC8Yki$HYIhRrL{ADmSi>psqCx-+Uu=~acTcZHH@HzAo#$p4!<8jHb3)DHcd z?h#!PrqbpLq9QO8`oTO`CUMC@%bx6TobKutKU&*ykJ%mTSNA4gRl$T3Llfxb7^xmV zFUV|T-(KsIyu;AR(1)_On?tdfk?u=;Vr(k)-ym#x@I;|um7CTe>L+AXB5YPZynNjd zn_hKms?THg&Ur_NC){1S$DMfL|ip*0Q~SKZ?DjR32n0Gy<^TmZr@tF zDPt{wt%?=|bHF}S35*n@!R^e<;-I)remxP*>Q0&Y(!YZ+<;uC_q=&N7=tr!mOB=>d z2QTwVV+LwF9 zm16(ufJ;?wwBUM5E!mc#yj%~ous)b83f4JdpM(^Mc^TyqOPz1mCx^BS@2kw?Zq3|N zwD$XxB!OurWm&>xzKpRZ>I4L!$YtcI{y%KhV8~PVF_99rR4T5Y#K1^bR6~;?3IZY* z^lHzz->M^@Cs-E9yS&m<_Z}=cESk!kfj_RW7>l;&8NHfZM_V*qx1C~rE1=FjvkN2b znk_m}2s{LtOOJ%&-Pkhl(pH>5M35?2{q|RwJlB&QxV@V$dRP5smq>@R1*UE*QKowc z{cZumfU_I{XJW%5tv2niPhaNd=5~-;pr;#=_796<6YKX^H08m`XtOtO znhPf?{l%b|@`d8hWZek;4WuUcgWGkDIp`@~y!0cGhYj80&4+SNoW>|a1hAg<4+G$p z7O4ls*&g#t=z2xdRuK3L59P9y)t~KGGY+Tn*+%Nk#A^6WY)Wd%IEeYcp=I;J!*bD! z!YYpL8nn(NvsA5SLB)d!gC6 z5gUxd&m>7y_&}q#BDVlOm!&yiLP9WGTBDjGemxF)>)hF9Pm5B*J_3gl>)lzh6?j7= z!KdDlF{o1+7O6sycL}A7p^;?O@|ffp2&RX`jO*YIRw0@aBZIqBrA?ea6YAwASt*6- zivdpl39Sz_OIh0g5j+#9|K&uZjQaV^y}qD*DB+QAg~RHvI6>Ldx`G`Pf%e7@l$L8= znPo4_B(M_?Jz)zXxP7XMWj^fl>PP&?s(aec*=9b?Mrw`+`7l}+Iy?J>T-r8Lnr-=q zC8l0CB=AMD$yIC$SQ{xL;AnpICZ=T`FWd!&T;x1^s!NotjYJ&!Y|&lTeu7i~@AHv) zw4f9Igictmz;-d@F64kspTY;q*cppGu4VK5Q+u#apj2ZX35vUe2-}d*3{{5QMd7MJ znnZu{m8O&fDx!e6eOB$K<=^Fqa|I^6u$5{_bf&of%=!fDjb7)=$m4xkPpETA-eJkR z(>>CfikoYzJk`f%`PT`T+BIX$r|g1mJbGK51rrdOh{KFi69$lZi5OYhSCz`~$fmSV z3CsIc+gKPGL4*~NVis*%7pL*(jle7E)tvpd7bk1fe`{Csjy^S@+`KmQrTf^|LW!AX zh~-2^nMdGA@E7$jvd7>K6~7rIx9Q_oi;3rcP3vCzw{*hp`nd+S50162iFgeMJoqK- z^fkExq!a#1Q?0ro;F?^iQ3D>kJ#M0iy3E;-3FPge zn_K6h*diDQ-wUDCU%p#)WXE0XR!VasS|A&JJb zCi8c&VI*qmJ{v$0Z2&I~RT#zZ<9u0aXl)0d0r6lhzM%?8vdcTgWqJPQ>W$LA=4EJUVW_{IppNZ!w>h%8gvamqh=%Yz;$wI|Elm!3P61+XAZ zn;%fh(nwnukUoDN0q>Rs0H$gXwd+Oyyez1XGmio+$65TSyV+6CVL~oy@Sc4Xh634o z8MZ#ZHUf;A-2m8r!RY6W-Pk37j!{3qFM>@y{p}wB4Tej(b>2NPDfY4nB~ZXc&ECNz zYT4S?J~aU3L;{fI?esw6?m{3~$ZM>cwL+b8bUx@+x8K-m?` zhu0zPrBqRL2ctXulKRA%_ISBE;M-6#1&UUrkYHz7(=CHCVFPj>MPv!o1wzb?t&Auq HU84U7#M|-t literal 0 HcmV?d00001 diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/baseapp_state-checktx.png b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/baseapp_state-checktx.png new file mode 100644 index 0000000000000000000000000000000000000000..38b217acdd04fb2430a2332946864de04474ae5a GIT binary patch literal 82308 zcma&OWn5HI*FHRefP#Psh_rMGD9zAa0@7X5(%mg3-O?ir-45M?f}nJ_NVjyuyYYUW z`}cf!Km5PosE0HA>=k>h>$=v7c&jLlg+Yt~fk3ciWh7J}5ELi`f)xD_4gAaW(u21U z$P0+9gs7T_!A{nr%>MDK9*SOK^ee z3r7Q;Z~%j}(d%Su{pxi0N`Q`TO@$Xnt>@WuR29?$B3nsR=YXyLAjH-@u&T)vlF& z(`G@G=rG^z2d3Y7$n;9t*GIp<1{21T@ux8QULJ>48ni;+cYb(;=UXPlriuCo|LxFl zFASrB0kSd1sNP^WkB(W)?Wbn+z0lkAf_{-{<6POK9O^^haqyiGvEXym|5`HgSt~*; z1S8F9?H5s7@OZo=99cS+Jo(e7Pos-q39;ZW<-Gp4*Q2Yn;xJSKzI{95V?TeKg}m27I>Yhu1eE236GCB@j8Z`L#)%=TTXo3$$) zYV|%-QX^IGAVkG?@llqqjD83{Ae)$@W_4_om48S@R#sNdcV78XT@AiCt;^aJO053E z4>c5v#O?I_V40v$F{??nRt2?1T|~4;H~+XPTvq_?Cf8 zK7^B^hqi`vVjOaHbv3)s`QNDsJo<&Cq1wwvCL^%^;l}%|g2C`UF@A>OJ+Pu!G zDHV0K;xNrD^Yl#@P`M&vJTz(y&{hzoH&U?{H-?F*sf~?SoAiW!m2r7kA~HhYaj}|e z)*VH()kUY@S5+xWFFTc?g}xygs7jTfC~+D2!(pB4^8;vM%pI%6JEb44#i~D77Rca# zQOs7VFWG*4KU$|zO({#@y1MhsgizS)G0#qx#|@ZR^x22`r5Iq9^d>3f$Tl4lA+uWn zf2KlkKcxeq@*#rK^?7e@K#<~>AJ1`<88#$7q`Ah~;agHsB}#rcVyO7|1A-|Kh@7<; zd(E`HKA6&i8u{Z_prC07$^Ix&n(S1|avy$sLZ zrS)IRorIU}PE~1y*4oh^>ULAgOH=zoB`be^IHBmRHuR78Q`j=V`+8wCk1<{CSnfj1 zA+C~tc&8a06k}MJszGjkzv*eBuDr4!r08W2CCB=2&&;Xh6v=Eb7^}1;m}pgJ3E4Gl zn+p9#i>^?Rpjq!VldLk_WhZRvAO7aZwZ$W9_9~6o;Pt=Tm>>V*aQ%v?{S*a7RHXNc zc_G1IbS=Z0aZhA@YrK@b+FRGteiPZb{~K7^t~+7E&7u!2BJ4Cl)V|_l^WE>W#UE3O zcR?ELo14|dsAT@kWhY^YAV!x=70BdOK>Cp_35s`a4^mv2f@Vs~ZE3$-`(iDD9*t(Y z`-<8mD{Rl3_6ck>?-q~UY`M@}Fq(OTl&`@swBFXH!(w);es!h#PB!b=ZWI|(mg|v) zJ_^&GNSL+%e7n+&8YAtA!4`u;Q#Fn32ZhJnFSEV-Z))~;V%zDXf@0bUCN8^VkxX8_)%dFlU;jb0|87PgTGm3V_s<5$<%;;ff#~FM@zm0N;y8l%l{JM*IVmXU z*gtO07Ab1z&cPq~W2w_tQ>FLzlu}m5cjwme3tMp_gUA15B@q6B0tgkM| z3a1F)o>ME{QTUyUf+R=1-*Tj=cf2tFgH^wY#?bd9dCq;&x3d~$>i({&8Fo#*?v%(5 zVL^%z3G75Ve3#B|akxTJ-vY3kEAsCwCb>{}>)`ksRdj{64@!D^&E zv!xScsm9G3e8>Hxlq~&c!}zS}iM6WPUG_Y?#{$#E?vN5YY*W>|HD=yyH&J2R^rB3b z-Q)IsBKi7$E^OI8r1sW9<;4&z*g2C{{+ZQyN%HRpsu~q~jCk~lNg(Zh--hfjwi|9u zRm>jP=4v7-2$scLEiUA-0$hm z`|@FlMU2GpJd7I>@aZnQp$Md`5~{=f(iZ#&S(_Q|X_lD7sgt3tRLm9#qD+~CFpA{u zQ8*V2;k(PucQ8BbuR1wV$+>BZUi;Rb}I5Wb^6HcqW{gK@CO@7OzLv!+_uDp zFRZ|`uEY-tUA@5|V4^|CAy3K{^zJKBFMUJvAqP}X^tINL+=}kaZo7{e`ait}2Mp1> zwo<>#P5Lx$+w=?HpD8S2-h_eZY3-dutu!i)FjRl9=b;uju`E z))Qq`d!qEY&SN*<@RUC3&P@yI*4ZHWj)0wJa+l#LfZ>g-jSk%9iM$i($@2*OxZ$w{ z32^dF=S&dF^FR8o*)F6$kSV~3Ww=LMGhHNM;OX0Q<}}K}hs<96e~mTgdp6(AhbG_< zI$5F5d~4iokYo*+e?J`Nt$vUPFPm$ov~z_6q_iQWeEE681yZpggA= zIhitvCGv&{b}+=Vb;SJ{*o$JWX7rEnlpt_v~fNA{7v>dATU#EesnE-n_SEc#Qv$bK@^}4nwFl5!9s!=|Scu5(?V$brST{ zq(Wp=j2}FUJ|=dQodK$Ls)a(A8`OB8JFL(I&dGRReCcu>6V19Ffa1X(I&=)1>kqY_ zEm%|GLVg@9_k^f1=gJR=)r1$RR=@kcvNMesX>_(&PHI0MX`lV;EciC$X#dh(cM`a> zZ3m>PH;ytmq7KCbz8p`i(dOeh-RfO0>uKU6g7m~;Ypl4z5yd&xyB%5 zwV|Tb;8}lmC*j->_Hg*m_ecdeDg%+QU&|&Av199a@^m$%Rnh2Hv||Cc;X~eHlFV9od|ySpl+ShgggoA6g!{LhdsC z6K$ON@~NSLH4G$A;6LL;W5_Pl4+)!;MjGHA=Lj|o=&hROHZ~6`G8VK062rWyqFJH$ z8aER})${e#@PPt_j5iWrYvXPu@xMan%lNB>QJ?{$Ah5AEASfIb1Dx@Xg{bp)>KFYY zBWoZ~A4TYNnKt5$TCmty0q9xorgs8r*l!1X>!OG_)`Ue+7~-7Ph;egmb4BrC+vW8O zALS{iosgr{id9zA4}PB?@ra;9oW(NfeFNBXMI@4+kHSQQ-()C0tg*7bCL5wke(WHQ zGcx=fC7!y5MhvB+VU+YHf?V6f<#e)f7^3{L841auXOM))j`LNI1+9Dv=kBng&oaiC zb0G|mAz!>b%hVZL+z^9I^dU10H|q&!c97yjVuj|+cNie8Hb@C(4o8CHa1ySEMA>p+ zQOHX5LgINi!&FwA9+~Znh%ru;!WLArk!HnAUdl$NRd&qXMV}*u<%UG$wK-nY=SV-o zF>qU7WW`_+XyGlt3?Q&_JSJpt7Q=nj;|oa)K@kbAsRFr~7~&9=!Mri$i063#S4!u! zdi=Y}EuvNsUXF_uX&=U!E8Kxq?5(HtjgFgJ16)s6*>c#&7570(@ka1ul5ArtJjQvF zi+%%Qnccmrx4*KFE-Bixh!LiA1L`T0pEBeT;Hh*BMd=?z7w9X#Mh!x8(K76s!Otb^ zcx)}{u|1gb4T5Z~Art?HV`8YP?t>aT)$=kW<9UoKhpXNC49iEbuI>kJt>J~?*qHm; z=n`Zd*pp}5lYUapA)sBfzZ)~+v($VJ1rSls5|hn^#0mzI&YO4$O_Hrv052}MR0l)m+9 z50R4v)@d60s)wt+R)j^XaawR%F1GnPp1jhq7YSo2wk0NQ@<1l*7#VE{e}Gy7!e4H4 z$X;5M{@AvN`ib(;qp#Ya2Mv-MWi9-K9Ee7iOI;S}SYcvZ{&1VuVE_r@#%qE=#)y9e z`Ec?Y9 zd?etp%N0GIRi~JkQ7d{Y+T^zT-Y86eObeak-M5DvVSWl;9WAt~mNWRly zmF@Rt3tn;Ea-ETw<6{A&FF_q0Cj-R ze4bAUQnZ{^^1iDF1vMov9=?m%kmbxOzA7lDmUl&_L!$JjWpJJMnk1P>1`zWzX+N+7 zx>#)@Sm2eo%9N{2zFsk+SN0c2gTh!2aZTOGzElJUwX#|8g<=0mXmKPKS^#fd$Z0`C z%xt1i_LfuYVg~oTej-Tkldk-B?k88!if=JpqrMo>-g3+H2@q**bf1pi%% zmMH!A2g9M%I!K_u=5ALC)*L#JWo_k^xra_vy1q@apn`ZzcjNmGZ~)oYo3%?X)Ijn5 zF#0K6A46`a*s#$4?!~x#bMhOEmjvKl8IST$@C=Uz6r|Lc6}Rhf4}%n$=|kLA3D`M7)i)?*(5z5<%w?VF>+RxFP{@DR`iDoY&vo+qx3(EhI<=G}oP@ZmO0UlUbK`Co^x+S7_eHc(frS-HTaUX{hs46kNEv}5oWRjU$* zg?!<1RKeh{tac1^uIDk_b|&}R6kzV2^x8SG(e0&fM7HNEJu1>tOHo+AY%ms>X)d&tbux6(ZPr-OHT!N!gjaqCmAy4Ujqm3 z50IyR?d}M5^S!oV-0^BKcZx={$U(R|6!2N%g+UonhxmNXt6X-bUJs9J4H=iNtb|u_ z+RaS`WHK{2XfdHj=JF^Cp}V&I?Zh;{vZxzddqdvcsWEauU|)HphCVBc@FumGg9)!g zs$IFDrv2&THH+XlUV>;@e08(A>pz{472HWY@`ng$M(bVe?7BW80{M?JWSMyHzTw>xTj_zzRu#@n2Y9SHqj4-_by@EQpJ$L&W*{f#mve z%fEDRASNw7Vrc5PnPaMw5DiJ#x!ga79i!~LjFJx_wK+ufh%j0ynbi~lSh);DY4&LV;uW|KgLF7p;Z zq2{FKMjuh6B7Qg&6$zRq+%4-Zn>zR3mwni9AJ7CV@Jmn-bG@gD6~1kFOvL^T-X3q> zW1MT~a}aVtq8vtO=%b8HF2GPf=Omx`;PgrV7qg$~j&Cx!`=e}uTc|WTnJq`5$Vk)- znSlZxZG-nyV*7I3DEBaq(W6&?j1;;%YOmY8&+Jg%%{RFw0o(`rJEyjG-NIbyUb$$C=>>hUjgXcQtO=|m_7Lw zj?XQ{yheGtdyLCLS*NNSmqm-Z&S%~=_?YZ!o^tW#ic}2s-R1(1h3m(-k(|WCn zX{E}0)zZ4oatk*1*CnBlu=i=1bF z4B?)`3~+c(?;yVQES@COX2R<)(GxLzr1N+4*tjU9HkrN^(@n0Wo?U~Vvkm<&^2dr* zdpbh&nS-1MJ}1HdEUBT8g5I^!9P0H#(&Q=#i`q``JkDYr*L{}LjJ{+4r?!Y~j zV(t#Dn?ij;+lOq5#5MKU$m~|VSVa~pm2%=xmGzQ z1rlZ6PL%8RoZwnaJ%R>IAO?j27Gd6c@+6qR@Q{$0hLzW6c}oU>Cb@yMA3cgY@(KzfMZ-9h}krVX_Df#R@-`VOZNa=62gS5pohiKkIr z2J1FIPXllHY9s9Fno!7o=K@Z|QJL2pE5KTG9oX>E7S=V=M~O8C5oVKjevJiZxGXeg zL(iyW0%BTYYPgJgN9UYoM&~^UTzqbYK2DL~yHHIWGx9h9SG3A`-qUBFHT+RM@S$eM zoyixCu#9Gz%fnHm%wFWK&CHtI`jNc;OGN=@pL~vY_R1>K! zzo^B1ui7ULrO<&eOE66l?GEtob1vuUclXT@Q)yF6MLlt=M0qcBKz$Pvj*80+i>RIn ziWzIS7$i@eF%OJk_{hH-C@9in5GJ*Ei5};nIu{tTZH|#GLQmN`EtPT1Ma8x8%?J6t zHXhm(#0By=o_OM>Y9ZWJ(-OT1Dq3jtHAtn&#j4&pa_}kBe@G2ofI+*k{!fYfI zkFf+^$MpNiZGWdJ5;{k?(W zv*RNrf!;wm9>v8VLQL!|?66WIxT~7l8dH?meCvpH`XU79`4?RN$@O2lLzIFzyhyO2 zpd7rB3_kHoN?c~6u#-2C*Zh0n)c7Ux;wTszs1HjidiKI*{h9ANG&e}%$$UQxr()56 z(qsiJ&-ulDwRwXLAqzhfVHaLFb@mZDwh8xn zvh;hu16}b83-3WoGJR*Tv;2o3WY}M#X6xx_J>iLP9-D^j`pg zfPwP3ZisN?R{*N6!?kP%0=4H;4dbLMlUp!qMIQMU-HfT~7aIxmzequQZC7>(?uZ;l z2_;AZ05{VZo|@D$YD%~~#~f%B4C}5?{Y*BqvC!HaaXl5ZFoyLYp#n9a+U}vuAzbi< zMWu;gY~gLZQ#i}=EK}wfPseB@Q6S>(cr*s}N;gZ!@r{f`e`758;yowGED4B(7{KvWl~(zMo;ih#}3( zP`aqe46zxa^xO<8b3OJ-zg$IP~ zPo{APDu!iE@w{{&+|!z0yU!dqFrY#h1*!Dk9xp^AE-L8ALv@Xh1K`Hu# z2!m$(==pmX9ueJyazPR}PZ;xkHfl>@cwXF?7v#(v=lvi4b2X)woIF7bUTb5?b!#~L-Av(MC z019x;k`zpzc0g8FdVZ@ff-ToG#+Ah+FM1IL5m@XBtiR7nc$BmIBuIReHS)*D!M4Py z;r@iH#V%7{a=<`NeT@zl-@V}5qay+dy7twqVvoDNlhRw2ttn)$f33%4spg=~Ch1}* zdiJF;4t=ezw)d=I9jrjV?$??Cm2Lo=+rVtSea>_pC~kh)mDXekR-x#877O_$S_nt} zk`|<@Sx2yLL*1N6x?M2UnU3%u>RjlVminv)`r2L{#@Wf0+jmMS!()}RXYVV8SQ7GC z%W2O4g|R}yc=e$!n|Rebk@aZq6S1oG88dr)OLnugpco!8PfsjeQRipTN54oWbsfJ< zhkn}40+qwIS-)&^R5;o!4+^afW532|=JzhqR0)qMrs<6G=&aT%Sl2YW+Zoi}t2a&B zrWy+l3${IL-f!b*LZY$h*?EMV6$V4*B{lb2`GM;!QaFAB_}Dc8%DP0flJhLGeIR8p z9gsub+41FB@W|tt$4C4U4PZS^h*$a-itO}4|3zP9V z!S7LLG`i<_H}D(KprkuHGGz95rLlwdguUsI<5GKQiFo~U>8SuQCNz`YvhawcNlIQWuM8Qh?puYv`db$13RuGO*T&|`eSqKZPhNvvXM{6 z1gJWqZ~SgfG)KGd0a~{{l#Z&jW=GVmc%XAg8u`2!6QsB?`)WlB20D*K#*K4X9aJ*m zMn*Cy3XpNLB}FC4G6yrcn*1Jadyx{!4tz(1%cc% z25@;tVa3;BQchL$%E6!&l5=sXDPAnlA`|x0+iSn`LqP{>3hsd`z|^f~xi7qCGz$n2 z%uM1AKp$ABMujW|C_?f9gUIfAXzDz~h~0jqNA@D1X_?<)lw4%1qJ8IuW}S`ps6Y1J z3NfVAX|-?d<#VIpV4kbvO_Oc~M&;ZOff(3It1$JtaXP0Deh|rp7EfC5(;d1J)6wA} zr;Y%m0&JDJ=M?C!D$h~c@zOdq;GZ2sahjaYtpOhS7#{cZ6Qe2}iZQ9vOr@bPqiR8v zRV)K`2t(45kWJ5d`1ueIwg)Okpu!G{4^p9C@W5X8s>DMjw_>txh4A0SIR{IkRv_s zz$_$@&f#{balDR@b5O_@@T`#C%r)#FeAP`%cv%gKpgRbbZzi8}!KU!Ci>AN{;g4dC z@^tOd&L*O6P9T-QYehZ|5T#?Ep$Xu31k2wlec^VGXTQE;SU{Szz5q_ zVT4R}nUM5UZBYROD*M{(?;^=2Og!mH=ru3DUa*K?w2-fQr+yN^VVC-Cfmmx~YM;19r%oxMzfD9wH$dq}o&CcL| zeGsNyC@S%x{%Rordw|^)FO5=6f(EIFB-}~L(5qb* zK`bT4ml(H^BvG}+pCY-j)yL^OTIwtn9HSsMZy#o{W>BKx(! zg$ZOLpo-xJV6r^+cY=YyStV$T!myBK_)sKdraOCkE@D1@lzZY5z!DHX_G%*d8nj6& zz+DpQ)*g_N+CwmmDEp&NggbBGWn1Q#0w`B*rdq7Wul);Uj3-Yz#?Q|`*ggOK})0P|M#SP|q&O>x; zL~G8&hqg=CCrvU78-r9)xbZEA zb3>*B`xoj#pNR6&&7G&BCnaj~w5LMp4~NpSQvuoKkq-@O){Be7$ANYLxekc$ERO^} zgD3)90lzO3szg<6;lVLnD4SX$vHGLNcLOunnT{eov--8+$Z=i?L9nu7Omr>3QBFBR-XnajYwF1%+3P|#g^t=YnR*7J|KYTMp8)R zE{6|#1mmbuv9k)^P3AcH&bUx%R?2N{SDtwefqGlMfTswVu>{D)KK4!7$(X4NroggjFS z*+y2^_e7ixVfbtsa$6Ig6EE>w4!U0^u*|lj7kToP;Wxek#poAwu8o$P(^+$4j*z+I z7bsb(RASi*{~zK4#1ub$^~!iIcW|*MUye`J2YlgDJc_}tWGuUcZ(#QY1h2u zDyBclh00_-^UvYjx8^$>MIt&Jab|bCk&d{ma9Z#`==9uFYt9|BCSq|XWVUJ}wCzp2 zvuhMmAg*jWn`IMzZ*bYJrKE#HOznxez?{mapJc;lm;5-5y}2BHDEB5?bzOGP z2h~(=KgP*04MXMgnyNvqH5))e0jZ=#Ama$I5|z0Jl%oKWW_xo2So%JWL5<`XGOu2f zSdG}`E}Nd|%0y1v5uK5IB{tjH)))Qhb;*IjO_;;k#j0zvw?6J^+wQxU5|^j@G(c(` z$6ekm6Ks+3sXnGB=7x^iaF>mQry}`_8F_q#{-tb%o@YhGMwxcATAiJ@651&RUOfbF zsPU>o%uzWLlW;)39Z5fbgjzlS{dl_5=?)PQZ$tA~$w87@(cdD%yvK92_kA_ANVF#= zU9#$XBq0v>5G5&8TjGben6!pr50cV55sUp){?%Gz-<3ZX&WBnzgex0L=?|b2Q33HC_#uqm~D!(`lnD!br0HqEn`%tZE zy0FsV{-cE}slJQ7i3++I(3qRc$X`S=x^6aF)LbO(G=oy^sgH^5;~ojl$ZqzO$X^h< zV!0^n&5M$Iz(2ms;G^8TmCCx33EMKuKRXU_x|$EU<)~I7zv?%+n;6Vt@x*)ZU=z{vn{fA~ zsLR89l6VwoZtBH_)3_8Paq|@I8vYzBr{`#a7YvBa<1${>ORF=4ULi;9jcVf2C?KAoN z)Knd$I06@>qnf@e{?mfuA$8xLcaqp{dFo%q2Vdon=h4D<;|`o=^-=SsZ+ft7;s#vr z#iz9kc_SuU0=@B9ZbZWs)dHu#FjeYwY>8$W<(MYD70LY$iP9$O5wg>V_>I+8CLwY{ zG)k>wqC#5rD$f*1DOGuV>HKdTHFSh81Cq*)8w4glhqW|sxbht@3vJ$As$3ZDI(b@; z$ZSHFxOzRkg{)Nblg7NNlLgdj3tG4w;iPxF;g7TH<%H(1D;`_V%b45Fvgm5EC1XVz zqz*HitRzNn|Jg&g3ojCwu8GEPsQ*+I8ZU;w)}4V!tEoG`45KSYi%C&Q&Uy8!=hKYv zLEL7Bf+qjjI>pFMTF>fN>C#?2tPDAXQwY{nl4naw%gpD-q>}3f0hQ)9tI35$?{2Eb zn~ETVS!R5ZLLje32RduAPbTZF8j5Uyx0MP6Gza-}c2k+#BrAPgELxB#TB@Es8LgRC zeH5hFCBWV(VY^2pY}_ErY(3h9u-XM;^CYC;rry%L0{M(OwjW!` zx~rii?7f?#)$F#HS`qK3mD6iIbjU0IetPM7rJ()FzkJToyUp5b3)@AjY|dVU5JfvF zU!J=+%l#Hp+TbzQi_~irXz%pI6_pAfAM@kkrl;;=g*j;3n;mc2sG)va$%Es68rgo$ zcq-xEIHuKY8FXvKB867E%3Vf$qXo_XlKaCf&)T*CBz{8S1*pCu5zHtf4wZPcf8 zvuBP95i21v5>HQS&2iyyw{|hu5|+ad*5dwpt1#R06TUM22ixU5s@ko{U_ehJ{}yw^ z{D()PTaQQ1{;?b>zBX2N8fB@*@ zpUei|z4E(0Z&x)3<0=PWW?}jJ@%d_M4qUYBy*bN3KaW}S8g?#2{d~$~OSDg;DyH_~ z1X^Ok+K0U2(eA!Z$x40a#eN=()Vgy1jHH@s6LWn;Adtsea{@iW4PI=US21h zf9N&#*RK@$imh@Z$KNMLD4Pli^DwVz{lYgM_&xbLoh#*%U`{w0j$IqyDJ8Mq!UhwE zf3{2u%YPr-&hv2ku3wYR?D3EmuidAzH2$0P>>10!F(Ed2AX8Q#p816|Pb+__3-_C4 zoz#jdWrw ztWQ_IJKXq10B)Z~V@S58W`GO&%pr7o%SS&C;d05_=(DLp3cr`zAA41VB4MeF>@h0K zmGHbbZo?Vq&gQh1#}It0BPGcbjgqCrU7jf03jI-Y<|fzui>Es}s%g=%O=ikBnoH0v z^>r>$rJE%kEqU>~t&cb^bf=c~6FWA#H+3zDzpg~Q?jhRe{;P*((|5a?PD%&p{Zh!I zSMJFtN9Jk$knXamcs&!6eXbUlJonuHVfi5uR}WiK6<8V*;%j z%i$af|7*uoA`bI6SU1BP53kEb-uhKf{tr5OE$EiBRo`3@O)4bWms&|vsQ5j-mK)fU zbKA)8Y7sXUcC;7Db=W;;g%-|k*7q_PNcK4jm1J`?rDRrnK9azS-?n}El_C5S80M9I zIj2us=r4cg+Rf!eSMvB&9k&K^!5IFb={jG;@y4{`f=+|M8rvu8MgP0#U!U3-l+lwe zXkuasLG8})=`1zu!G?sibjIknV24Sr7#(^WTy)+DRI<$LC0m2IrO3s28$PGrfC8o7 zJHMOn0RyMCKTR)wJ!1c}8|@@sKoY_*Fg;rMYrr^eF_50zIHv0ns#MzZ)=8+ z!-k!f6{deR5g8R+tu&&U8~ALHZwi`x)^7je-Q(t&udIM5So;%#NiIr%dUn?fdv>C5 zMIS>RZ-8a}<8S>$hW-GAf&1;J#uMi0R+EgtP{-2x-mS@kzFWcO{+TRl;oaC~VUvPi zK*sh%)#v8unadO`fJ-r|TJHo(*U4$Qz=ZcY&mTufLxH^Fq~`TFn32hsZT*vAR={Z>ECyeKfF?Xk9NFb5u`fneo~pV8x5rjSB`(?4^xp}+ zv^nM(HCdOXH#@Qj*0m>d1z;kshsK6zI`tPxUp`4cKmjRYT-u8pB z+w}1nlt+^?F|&K1xMAuW1u2{B_5EPdZfSD-GvCl&UmW%DX8*A-XTQ2JvU&!Rd_ry) zX#2JQY*WBEe2*%u>tgC=CEZE6xa{Wp3uuo_m(Gm~D&dWvhnsjTel&2+h7?T(3L5^5 z6huom-&~hZj_fH{kh83q9u!A%*{}u*#MERkeP#zZzMo0-^Ioujq+2HkJ*-prE%YcB;gDg|iF@kPA@ zOR*Wes#>rXk$JbRg!l@H>pUG^NCHXpXR>_ipBYLomxDi&jg&{x24oUjUj9C|bOrtk zQGwP2*&maoXb<~Ha&|Z}h(QTmlF8@EZkLB{zx{|{$XEcVZ!ElyH{u!PQ(i7$D^;qZ zc8Uci(kt~9Dd#E1QV1K+`)g@&z6!n{a2%NVD1I;TQ2?}{u~HItgzCP`cw{fboi4^_!FRh&YIl! z_sGUCsXiE#Vmzou?h3;Z_WtuNLYht~yM;NtxmX{Q9RxwpuNUz{WZ+A+`HDp7Bk~>t z9MMoTtQv3J*qyV^#t-&R9Z?`9f5_ZXfFrzftLL=J{GuoJ_WcC$g^t)Gm*=zKIpipK z9gK7%pRtToEht1XJsH3N5ho2M51p$;0+G%5UAK<4d1KXkQm!!`By$*t5k_U;(zGAP z>*j%@#fIVypvXiEB))_BkED&lx-?!?F)WwoW?-O^-R##VM|mKI!boN_6cVq{^RHYS z%f3KuLQyPj-M$I)&Qv825pEdKvdqffu;7WfdL2GI-6LR)S^+N`hQ*FMXo{$m4(MB`mX{>Zhmsi+4=`L`iD! zI$@%(fA2y6@5UCW*oAV*?=Bc*gp|cS5N`2*_yZk)Xuba6CQbk@3^dgM8<2)NzV-C}gK_jz z&yXNRsu1}NZq%#~_!zr`Ks7q+H{-1?0xlN->mY5r3Eb3EAwbr$a z@PB!Y*1Y;N-g(4<1OPG5jgY2`^6e1;{;EIn;vu`Zmx z!E2(+6l!lcLr9Oz={w2uMl*h{{uX0JuFS0{gL9+zZN3y@(Ke_EU z^)hG1KW{2fH2!_h_5Je-XQ17L-#;&vtK!Z7<0W%S5@-^0MXnt{y#d20LN?9^D3?|m z2Paw{NV@!h!cx!y-15I&z25{e1;9JMMQA-g27)_#DK)U5dm-cful~Ekhjd`<&*s&y zHUJX07zH?89xLjKcMAHEyouWZfTtHBcqj~v*Ev`qDok~se`LUYMx^wi)llsH|I(?fkNv-1lHT;pk!}*H^nNu@{D7%G(RNDKy~Y=o=}l<|EG0e{ zAUfuoB`<0kwX!7#LfOfn$%QdBe9j9Lx0%H%`F)?5)JrlFOa02F|E=4QpaIZzvbY!G z5;1zMUMDg@^%*Gg7W<%vg=5JOh~rR(LXQU%g`!LP*~e+W>Y9fA^09fE_-v0uZW7V@8blBf{!;x ze}Zmxpu4-s7BF+}fvDfDS0q9Eq*@8ElLmpM}KeHWUWD0nyv|X%` zTv)!g79RV&XjjWa%F&vp^bAf8A<8@X+8sGf#5QaHx0eW2k}YluICB zQ)u$JIK({Jo>X!MNvZID)^%}q91Yl9gy3%~aw@BS0$cm_;UDl2Z2JB;C(dB#j(EP^ z|BiW~t`N3duHu!&^yC_N&x7`8vHURLR7@$Cg*kvBvhzRPnXU$UxhBAIpG`|C|_DX(0ExHY6%1(U52>wSSgz+H;c`GwCraY*%5Skh^ zFLrlasamLL2!<+`FTm-WLn+ZzHm~;2v3oIqTxYdXA%lCD3{>OQ=S-?YvR}q@0-2t0 zViY+Oa~3?jh_T$#dHAUc*x`zV+vXDwc$dJXz30Oz`Q{=J%)O-@KzGI3elnqZ1youZ zKUDiKS3k9+Tice1$T5Mr@`Nqx*%A>5!Tl(DzU%gcryUsCgVdEM{KtlR7^J)oBIW~` z7f0ar0Q(M;9H?2pzoec@5y*T5?jWnIw6BgTCJ_j@So;cqjZ6cp3BBL-1Ja-sJ==`@lpb#4Agd>-jHMl51QUC28c}!vT)J*Ln_&Z9rcmRm{(_I-?K&slc+^gl3%J1z z(2(4L9Vm~Sa}1kRJAScK?IwF4sev7g4u5}(rV068?tz(neD$G6nR_z{Oivh4$M~?4 zMwS+13Mx?3qJbcJ>wY#50p4-o>m28*(42RlPDO?o?q5!TcW>ax(LyCdg+k6;JkEmQ zm?C7^`}3;z>3h@?5eKFxWMsYobTDi?xx3xJ3ql0XF#q$VAdx`ustASdSc5n(>`>uHLN=j7(O@(lH2Itwihl|4LFxTl4TKTS>jP2} zuHc)?G)DZ2k=uX}X}Q_lE6f{})0HLMTq+EkECt9x>kU9W1Qlt{5d7!6RRe*_S?m6F z36>*p*+IsQ2Zhl!nk6FdK+ctodhZp>j|w(#xW#g`pnn?3_UGb2)V$bAb^|ZyFhFJ1 zYj^=XlZ&k7!d!piSxd^H(qPq1020aonCqiO1jYDsp4LwEQ+<(?K)ZIPwpYEnJL0&* z>1l7Lq7uL6HSnL@kJd*6bDb~`=hjL$_wpQWj{@Iv>B_rVsgkaCr~nmJvhNMm=ysxE zASh{4n|JGGHQaY+P72Q7gF0zHUn1hE9b2(MYZK6EOU%?-(}QW{7(MrSSJ|x%An2wB z9tV4=RVDI%vSL?VAB@=4t_)=9+BGpQ7|VdM#MS$$X`ttRU9kWrgk_mD${2t@%l-AU zhdS@g@i7{wl>}fPyWi_Q37++F9ESEKXwz?wh1zCr`6%v zqJO)RLZvoBYQbX}%M-{NeA2}?^nvFtvG5c7gO1H<(f6!(^=Inp=P>dFaJjJd&U}T)&us-^5B4mK>m_r$AlDgMk zgJa*p6R0FR`@GI?xld1?Y@Uv4YpMcvc@(OVN=Ts>oYd|%J1f2~e6}j~&&b)7+8L$2 zt5X6sv~->{dL3?A?pf0I2(L+gFx}XgXwwS7U@+3)3fa^x(W}{5re6Rm+WX+3{g|tn zF^9m_IZEXwT~O7}4=k?_n$Fe>hXGXt7eYeK^J(Kp%rC32 z(}2=dh^hd}UxFt|+uMkDj{?>ed?gK{4MQqTxc268<5pLixPrSqZ zijRGD;p*}{4?q-qYxx;xLeyAk;1xW%)r;8glUPWqNffqvA?COeo~xcZhFD|ziSUCF9)Rhn!jIkZ@*)+L;uMCEj6ooUBuYe(HTXr z1};ILz(Fu^9n^+N)VCsNj{$4n6zJPm>)2h^M-A4fo@7=4T2n80_??VOJBc5m#nc{I z{;O?XEb#{Mncy%adYnuB4JRv47R>v+4^WI3dVUzIrYE&Cc6d5gqECO!LG|hz;Cui! z&!ed-8!KeS^THRjXgCe4I0Yr;-OY6omvtSFr3lU$;=?W`Kb5uNJkmn&20(_le4R)>q|`o-_v(F33Zr(lks1&-M&0oj@kRo^&?3d zr+4CqX;1uk-!lo(f{!(}Bu6H;CS=TX=nOGgFMs@T!8wo_kqkW^o;y3*;sP0v;8YV} zkdODxd+jugHz#jM{xg+Xl{lO{9k{%67Q*p@OsLg0^5Z?~Oydle)zUf-zrVjJDW1Db zjnI~*NqJRC?scFZwq#OpVpqdK!OMZ7KU3h$}vW6D!pM)t4;Te+=uA(vt2int5sxBV~5xdcHND9@KYyJNEZQb|$IQ zT_7hi@QI+v(+BUE1hKe5Pabsv4oeoeUR9D*B?^e$f5?K}?FQI>Ck7-Gb2AY^rVMvB z4zR>?A1u}{?&7k7x4XteB1Z6r{^S8-Ia1he)%C2~ys%xnK1nnYN*YBP`>gnl@N&^J zd-jO<1tgfj4#cP|*4kr)hT^AhsjiYg!`Ol-f(1i!o`{n*Eljj^Q@Al))Bx45(#K3>~a#kAY*4`n+{zxT`&}gQVD}&sQRr!|l1Zv+z+X z;Hrx0N|p+^ZGgUd++*eF>dErcA^Efpl(wy;>5b)x8mpXe-=)NKo7{#!}V zq+@0l2(v|elO>Dod4q?1iA6+M1F*5L>SrqFz_B9BgI@DJThp@a@>5&{mTsf>>8;8k zkxZqA+(mwZ%%HPUY7G#pN?WZfc}e`RA6pZIp0<(6STokQ7!~zA!=h4@`xQ6n~^QLQ2aPd&lqt8{uOdM$DtMAOcbW zr{rraHERe)3WNfkEdgt6i~ZeQ(ia9+eHGx>~G_J1TeFtUB?mYxM@ z^)+e7&0MbKN6tPhZ`o8OVpYtRBt|pKUDm`paqJ)rws9e5HV@mCLvlYI$GsZp_>{~G(F_|t3%tFz!MLA+x zN!32s!QO+-5O9S?c##}%i)?IEEBy<&A6yY`1UG|g`x7y@47E9|Zt;Z77w<>q;6Y{q zhl+qs5*$_w7{G?%F0n+Kb;j%mvjuBEX2N2D%Nt>Fk}^AtOG5=r@NT(R*vwxnV79q=KyZ z*`Ox~T;$*1)_4#t>4Hs-$nl>AK2?!H(a>f>6Ff6}c84h$pyJ!sPdTBNX0Y<02f~wkVeGI>~EJN@9eoTf08C&Y-Y)i5(=W7BFqkxA_m#*ltAAh{qCE@9(PUu_sfr}> zN!}k@TosdlsU?@Z(`Q(6_{SGxhi=-az1L}dXvDMEw;PE?erM|K4A#ed56$1-f96}g z`Hp{Emay37j1ks~B%q2Y!YXvthno;|s)VUSoc)Pdt6ykxT5}vo{u99ETS_L7wFw@c zO56DcfSi;aoW>X|_DZ944{fZU4$GYk&u$j_+AycU>S`Qu`wj5R!sFVYVS5|^BEf56 z_uYkqda=VQAd-f^*l2&94;yTeGcT*GsBWx53uaR(YU`2M0{ay$bvI zYfaWa|H%C#pyqdpze7|ZY7t|K@2puuI>mEPAv0AznSr9Hv9({Rtw<}0F^By530N0ZY1t6s zb7H|FhehKq9hL@_r-~*{xLz+{*G4Avi}Ti%{GP2}l19E`C08W&=MiEn4~fFo&t`KS z!Im94G@o0gU}@vg+tDyLe@|)iX4geYnT9$J_`*40s9}9)0{I56JbW5RSN}iqp-%Ov z@X#MeIZdutbtTVoe9)n{DiwqVl(e_tt2^nd4I}9#^ie=*G&K{*>qO_@F5MhO!LtTZ zjs0Ywv50N#&KH85)}Ef}N$BPWyi7$8RrPUEX_;o)%xhr}EfyYPGHo)XeNcc;aLya% z_d}cTPt%#w<1O(R){bFuRQR(@z=Sndj-*)}d2FMZNs*DGaP|hI?ERh$a85XMyyGyp z&LM4f#UFy@vF}P6SSW~wI)6(D56M459=~FfNaKWiv9i<$bR~B>m|xzyk0@Cat||dq z(Z|Qzv&-33=^|_kQBraEV@@z2VivIb9DvY-B77<{+vwkq9l`#{Dr6J-=WV>TJzFbb zfY0qTp7TJtF=Vpl^YIh`ENMi_pVNBnXUzLk-krVAQP3lChuwAGu0by~kF`R?heRtE z&BwHNMbe`P21D)$XUj(>i(VCVlxqB{`)L@N@eSfHmwW5vZ821X3;$IwzytgiI+dJ} z8jYNT*uyFVxQ#T_u5vP<8hVV&UnJ5qirIDd-XvPPLzkxi?Qjo@F#c4r0^k-bZCx%#FZ=5&I6i(&0HuhlPuol@*AvO;1wvCfyOkg$ z9sWup$V7GJV>f;+zlPQy_Z&?feBH@@LKTPH7`+&_-{Q2LW*he6qlm_d^h%Lz#3ri} zJ8^!}Pw74e5~18e?AnPyVU;=m=vnbJXK|4`=_K5Vx!0Q|Rudl_upePb-}l`V z2s7(5Jiw`a&82t;s$SN_IcRKaOnrbq>{G^sWsH_NmdK$Ji5gbYnQ7o|=20w>?Dvu# zoEj1C5C+d^AMgbe!hyj*;dgs&(m}`UYj)wPfU6~ViZZgruIUrrewQA%-M#;)Aw8Y* zpv~6XjZYa#u4^6~y@NAWi|syy?A(SkPlA0KcZUifqC8?wG9ND zQUEZdvJ^+~p!PMwKTP~OL5)(*%_V${q3C_w!JT8%@24{o6N75mc z%-56lpTM=WRhE~E#Zl$?M;JD{4XLyo1w#j;N&b)WwRh~iRaIF%mkNA@%BiAhUNy$5oe0D$PiM>nV-0$ zyI+tF3%gmgLxOP6;WB?_PHyrtY=ObF?vyP-OM^|;&iRwb)`rL!u>f2WBYRRC>{kbA z^6ikWFX2!P?$no9@9#7xHr7eJ>?j$>;ZUh)Z!FqrVMHBpubWE|X$aV3>r6X2BhmC? zE+9$@Yq;0Uts!7{sy`4SPv+kn9kxM>8+V`Ce*jx4Gks}>sDEnct1&+Z(sk;t);l!s z!dl^F62+14>gR{DnSX-NWL-0}aIXeEO}#%+i5uWB8Y27B0R#PFfk9k=XYD%i2_F3E=paOPTxuI z9|u>oasBWm|Cu z9rT`BKHp*lttW1=WbJ#01F3)MtoY;zO+jiPTUt`UDq#M{{#N?;-PsVAWki{Ip} zL3IUNEuS4$TJUPrR;pEo&rd^dlOv^=lhuYosfMAELpmWj-UFAHgLh^lCTgfEu}Wur z+}wwW&YyCM92}&zp(lvwapV-6y_3U$Xd;=&Gv)!T{sy%CVN+@TT{im;gdM~FJ;*cR zKLDlN4S#i)MoD`-u!|~dh62F&Rq03il=eBGE~7#6U+5!XP-rYU?|131XPzni=`Pep zKU0y*&9x7=~CI=Qls z{i8QpGFaGOX4kG;{^Hf8MR(axe0^Bsgr;&`S-Qw<|J07@t(w{_5q|gk4yZP%>Qx|p z+Kw8nY5TV=Hs7xn*bm;VD=71#t25(=iaas0S_1f1N?P4ST$EGr#GgK@Dwi+#>>>0>+oySg_qU+lIE?^D5w{v z8yd9vzN-^=)4TJ<#wHSDwYYiLRnuvE8>7bXZ?akJrBA`gA*e9re#<}pj?;28o4b>W zUb)2VssW#{7*KOYy05B+qJozsWk>%kR-nsEeMEGhI6XwK+kYX^m3DfS{o^kG8P1F5 zo0P84bwuR%TQZt=$ECqYBQ))!X3}ZR3iTZTD;Z~ol`R;R2T^B~)ls7ObssH{I>K`I zr475bHV#oiZ`06)CvRdJe6KD}9Zz>J3q15T_%*72niXxP zbh=^`H~hCjeootc_>+%wVtdl%qn+KxqBnb0xfzM;OZsXF&E9FxwDJ2uKPcRw{C{Ka z%+H8VaKw=rZwE3KV~0RqN@BjckmRI3I_a@h3-DcGcfzk`;09}Fq?>l$eA zqP;1gOn*n6;kT<|-qpQC)i3DXhGwnYiUO&=p`b{W_*W?u*J2;T+}WN;nv)_HJ_@mT zL63@BZ1+4<)>l+liiTUBwWpdx->q!kI_qgktq<`9_7+ccvBIUSbB{zOI4MQhnq;pnO6hssvYFZ;x1d5+{qX zk_*$o;(%AFmZ2$tcnnT|fHrze97lUD;fimd+NQwf6?%)W?X?VikEqXqgM0{A7r@+> zP`118SL$P=jo4NRkK_pteja`QFBGH)xz@gjBESb}XHqkY%d5XDFOR`TLD1hM#=qgYQE!G?fQM+rn^Ebn@c#qtm z=6}7JSwDHdbC zKnX^RK`98Gm++Pb`3T_0z}tzQ5P1hKjoWOW>EP|)k4*`6Zl^WXgBL;k7c)mR*YT`X z{>f7eyZ`?3&`RT7*D0>)pfP}JSFsdz-It#*Eq(lyX~lfd@yvWPSO48W`Yb%fQhVF~ zG1NUbBQmCJ>6R8^cj(GCP1zb3FNZQEw$?O90?{DL)MRpF@Yc=%Bf%hcmc^0pvi1GV z0EA0gkCQp^5tpwkhRN>0cbU%J%vRz3Dr+VXc0*6S(8sE{uZB4IXdul-h&&HEP1 z4k8p@pC*5!af&(pC?#f*fDRLUhauY~`ebCj$~i#2H8rXVT~Z{RT77LgXE#$lq&SBp z3=tOwJQs&u&MK^X?giM@MxxM%>fbcd2LSUY8BKJu#K`K6#lwuYzE0^!1Y%+!kF60aCX zD4~#qshWIXfZfTDjpcqGQvrc2RFeO}{(i4M1mEc7A}`S(9zYz)O}NkM^SVwulULL| z0Vva_Yefvz0KS3!hj6W)X@hL+(WthdgdjmxLx(;4OjQY8e0kL}j zD-Ak6P&3tT>&s`76n#yvqiB!~&(;{c057?B`d;SB&xr1M%-%n89~ zU>=%+7H{oPIhPXc<8i{gvI)m2jGIFh3CadIGrZqAFK@{l!qO^^v1JvRR3zR;gLrL$ zkX`Vldm9-|W=_6G8y#G;qd*4AxBH&KlR2PfLyzfg2JSlhZ55VboW4>NVR%aofo(x* zvEF_j z+W+yT<{SSOL`Rd>)wy^m)xA$mS0*2&U-KU>OtkyOa9%i--m>H896L%1kp zW`*Ci@BY#3>>GHeVs69%EvwemXyUIUL>}T$5#K%~fboj$abQrC$rjYvUOwV2mVib> zn*H)ca^*dsHryw^#L_}O!J07m*w%N^V)+Xy$V|Ml>&J_@H5_-pNARu4-L;_le&uOF zO0zdZ^FJN%6LD;r4^Sm3DzWtT7Y{)bcbh}q-&nO@RM}%sOlPERq^ksd{Go9k8JkWB z(=H+nmj#%3|FRylz+WQgqy*Qfn0>LzOx#cVJ{|B?F}6nojTZk_nQ-wL>~x6xghAc< zKkI^@X8)@+ns@2uMMM_7b+y4SZ4rkfA4sEZ5K!&{zSrfZ{A&-~<~;Hj`u4x3|LR4U zD9X4y+05@s$aS@nlcWZ)!Jo)Rh>mmXODyXnknorxYb4ii>#6u8Pd5x~=&400+_`Ua65>URm{eH6ynHd zRAi#50Nz1Ps8kPG3c@L>vHDmXh$K$-=%dl-ds!4XHi}_)*g0Vn7QuBM6!T`##=vMF zX!y*co_6>IR+XZ&KPyRxs~`?ZUDd;3YSkzwQ9Bh*++m<_dp&8Y zCg)R?SmS;0fO;e3!tQZSO?X79dx#Vy3W>sfn`6+(ds^OWpSNYZPKW)k;@;31rYWBJ zTN;fwVi_A?`B`+3;AlDp>|n3nU6%7J$!h{%tlnvAhQW0ecxi;(h8 zY(f&{^g|kid+r4mF5-1brh+HE29XBwno%?4J|{v7;UMDE^9I5ht%9{1j2litI@5AF^@o>F|#TnK5*-q^^>{avPRM?M;$6Fin;fyd(uZs z7ykHQUg)#={M}jgAwN zt|XkHNr=M09?6pV-`W}s{7I?NfGyfgAra3Q+z>GqcLix*9DFOd&Y=!@n5+O~nx%tn zD5kmUgc5>LtuP8mk<*6l9PByso}4(X|0Z{1AoN(^m%~+rDLZJ(fc3727&&l8JEl70gB;o0$yUHbjz;Csvk0g_hD1Wxg3`&dMrm|fcY zHWP8wM5A)o9vT3mvP~H4tiYSlo!%F8!lf6>kt z+OO-|_b~2-pKe&2p&;GKGUnXMd$8~mXD$$0m$jIQEqVv;3HL_ZY9j=jiAmxda&HP^ zNXpa)1fLfAYSQ=R=}4i1eqEEzW#u8FKY*DRa{6CvYp_$~a^Q%nE<$ls*uESuNnp9d}qc!wZbc&FE(to;sd(HTWR1yNx$i9^U*45S;&Nsq_ktc*@? zkA*fW8f}^*dJ(xA#Q`vpFIbAmV{+Q|^rHN1BZ(_Ed4i*- zV!!V;9z(YJ#BmUrG@nQnb6dqui3TTM)zc5Rcwo zup=gXheaEku(Zc_2n>W^HLPdLy)OxQN2}_$IV_Tv_;^K|JgE$tR}I+vTH3)|pk36DWfWgA=m&p^ zv>^8Bc-`7!%7A_8;u~F|cI~j@Q0)+?H~wJP4FG19mv`~Q%dotOD1}x$D}P$O3Vd#8 zrM*cpkJ3RDq+3UuA&y2Dk!q2X9!xfigLNYv&$azf^y5|B-eTIj)uGaSe)W@Oy(9Ii z7A5QlVoniaA5C_?7jHBuLX)qzS9uP1FD3_G#hA;r6ZvhQEu)V5?8e1sXFu|I8&)eV zETxi+s^95$fsgL=yTRh*4Z5*n8}HyV7>@4k`~;Z5%XyUoee|>3S8uv#`H4?}%j>;J z^fde5x@8~tbIH)9xU8|F~0|h%ypD=#O~Y0Jlz3_)HmIy z=Rf|_`6Nf1m4?#jmxSw_$;Mhc6>uwfkbmq^2&UuLJQ)>TARf;`XB^P^nIq6JtqEz7x_(4?l=ahg5_jK7H9Y0v-(3+xb4w0aLX_ka;Fm z7$USE0Wp}UkD>^mM#9a0JxjZ)72!nOy4~6Up5A!ba{M{A8<d$dSk=)@}_7C zja+#;1;~%~a|r<~tdj7mo>Lwy*fF*g-0Zi91RUA3Q#lVD0R@5A^h$Z@*z$K-l>iN3 zO@tk=3)~O&+!m+Ftnwb}m__Ak_=sH)+`A3ziQK1nP9pO%DZE977z=RzyB)<^KNKI~ zWC5!7<-nEQ$%13|9|%FzfG5v8Pysh<=mQ1yel!UccP!v}(b6mldC?Co3TE@dWz}+5 zfhW8O;Tu4B(fXFrM9FKQH*q8ZEQQUi>=yuQL&Fg`&PD@RbC5+Vq8Qfpu4eFWSnq#_)P z-hA371H$$46(GmB;Iii?VvClb@5DK}f)Kwt=#AKhDPR)`_+Eg(p(NxUIbVmz zJqB@SKBjAsMRU;QW+ntCu=b@w#Rffc)EoFjRZmEN^n7{;3`7JA12q;Z$G+$U_}{eO zfhDtL$AQic$q+SAZ0d85_=d%ln|ufy`2j11%MGyIZV;Ut&Q3zr5inBk0U^42W!QgN zXzG$Nh?@>ib5{b7RZ>krm^1~hCh=lUW)xz8=<|c!u+dw`-0bU-SCvGGul-90PlvB6EE`DM5|k%0G;e(XJ(r zwvSc|kJWSJLhrb$gndh13xvDK4~OVHz7z6ESLbn!jyMo#{OS9o#qJh8<1*ujT+y&q zRZqFf*!e9uR=?GNp7lCPpY$52kj{`6_L_5Ru)0h?-1cocl-%(6S|=zyZC#=6!XMEu z*a1lb?!(Pv4dFy-kM;36oF7oydL^;Mdg497bpGSrR7==xAHAec}*3}-`aEf5X6 z9?!b<0%w^y&T5nkPg0_d~^Nm9)N_@_k|P%w2bPLR|>Q|rj=H@8H()xGn6u^78oC1IR*HQNz3udl+R%1gu}o`$TXuF zB$pBVyr63$-3UU1GkNoko0V2?`hN#&wp z9d6nx+xz=lv#Q$noWbpj1l6U)dqaA^b9KgsjTgzj8;5zvjMHBm4jB1gR842eeM1xS zW)ECnp=~Ukn_J4C7r${hCSSX{=Jrxu)l7Y$PjKt=hUb++=YZE-Ubs*eg=l?2ZA-Am z_t>AlqyZ1)!NXBv+rS{Yn#oku~a8i!}k@P$egC{#kOwE#=6?Ot(1(vwU+o< zlAJBke$%CL8Zt)a9+;@l<%d<%9SyI7j@hmVswAG3R6C_?HXb)Rb`7en#OA~#E<0(8 zf^pW~uLI-!o%u7GG~l}&7}}o&Tg{ts_9-)Sg`g@P#r(!x&8E3{>Px(NlQG**6!}PS zJ8>E?qcW~@=3!zv$5;i=^P`Kd&eUqWR$v~!S8%ZlyW*8VW6|Fk^xJDHm&w%7PlR2w z3-v-TXQdQUepzpAU$2i`_cYnkJm3Yk$~EYN_=+=9o@I|k&_3hJt!AU=T^_5+cGGrj z#tT2LG{Rdh%N{GJvh5wJVvU5x{Hu(a(-ncq;%Cdl&krv}4SO(ZwY`*X8g6gbIzmDm zM;__V?hG(_2CbxzXg?OQ{nW$8lh_t5p~^_-m*ai5=(T-D#rgBgG{JFPKDsZKBkWgf z;q_rS*MYFf(nFM!^9m7XuZMzCclx>LXHZR~&G0>FtZ+1Z;CC}HXL;gQoQFe?dEipZbQ`BJMQAw%+yOh^i#mmMX3zhk)OQBS?jsNC@_>#OsNufLkP zUGuk$^IdmxF@9M9;qt!bi*BEs5{E_e%8wehEFS2?FV_-xUz$Cse%*M!{!t*Ex`b(X zZB$_Ky`lGB*@3M~u-^U;<=kzN>26B%wAJ?hFgu;MC z(4gY5ekn_8;#2v4CI)~$h8{usl2iy*_}1Jdc#-qQ789@#PHZW}TB zU0?SLD(x=4=oJT=l=lAgl_g;^|39E4@iVrBZAH5ZZE zti+JpP}qBsr7N-Wf4@k#k$qjg^YI*EOn=iKedKV4y%9Z@8qg227prwir_hknwBT6& zkp7Tu@Ty|-9h$$!X{eA#r+E7FxY!R;o44LZ(`=IT!7){y5LfA;ul zu3A{BQ+~Fg>QvC!FKa8fE~nvKXhV;N%FSJ}wW;i~TWJ@uYC=zUe@K`vwjGOOw@gy2 z^KN-P?*8uj4qfFq64{j|YSObA_BWmWNBsSP`sbeaWa0-~3P&%igG^T{abBPA4+w0R z&uw$}LnW>|-syWCu00a4{@peVS`Q#&Ybt%z5;2)w!Z|C8L^&%_=84q~VUsCn&GF6fZyV#1;-Amnrw$hAR9BoCSA7|7 zujgZ95)1blV?QPI987LtPz|!gk9zyBA#F$+(fBUzTJTte~zf z+SHt0cfH8#fglFttLZJ%iKuhpj^ zu9>&u5LVQzbl9#j)UL^LqxLwS=k1;ysDB79mUOk)Oq=E;;2#72!?QMYC&~3|&+GF1 zj93t9FeDa7DG_fPa5C^Dq~x?9r5!{6=6@E>5M)R<#qRYtbW1hHet=dwQyj?kLdDxBVu4;LEq=sK{2c z^OL2Rlc0|Ij$ znbemSo$THxn62@5zZ#A|?=)WYr9FG_BUw3LGC2Osi$YvAWJFvL?>l3FDM{MW(%Zy$ z&V}rcSaqc2C;0<2{N~_ywJOZiCw40A?Kl7_rp)*E7v&cxAveOH$V!-ef0DT!IfgNj`b6JP* zmAloS@04y#W!o8`!`n^&14jT9bDAS1p9iq<9D4vp(*(cw3qssWaSCucLJa<+39%G)mL3-*>i^8QvAon;4f=7(E*_4}xVAgH(sPu->fP;u3=68#Jv~D0)N5YLZYT^>(o!qKfg3k?GeAPiP^mXPP**+7)g+UJC5tS_1v_m z%kbWdfO~D0m0M2=O!^$pCXjlBob5L`J+NW`+a|VWbCnP5T%sVY;Szqw6rp>CKFU>J z9@r5*4LEZpXDKAD)^7Tyv)j()Jm-OCK$BMk3B9|Ev4mKyXuP)Fsy};adEtqzzm$%8e zm1ODYxanHow(-;q?GRWLNhka}$_M1^+h~xk&gq|nKP5Iy+|mI0cC3K4{Bm}<(F=Ny zEY@>fgN^hT>4b{gD5*pBhw;l|Ww7TsfHE3yE8ah5UYRJ~nW?Eb zmr8oeB>5`Qz_Xz8{h!~)0nIo;BN`ILeeRQ6%18&MbT;emLqbOP%qK~FEkuRjx2NLl z#z>Y(yoRW&9c4@gLlbv_4{B_Ez2r?Nr#t|T>;a*QL~7|O4C$-T?gPfP2U?1BgXiUO z7lJJov8DU`dH%BI-xBu6v3a0W`$Z#@J@|`cnSF(9dIt2|L)CSO-(Uh2r0MBk&VK{9 zFW%*@7`Kh!L7p+;>#wt5f1s9CwZ4OnSAQn4&I3iAZrn+M1WM=ZU~O4i=JH@gNgpgU&-BN70mW=ARUdS1}fz+s1UBlu_k#CG*E^q9xu zW3Wl3OS9)f+M`&-GlR?lAgK_GwD>jWS?IhoH|sONd~&Lh#ZTqC%3x%(?uIhF+DjaE zX_ts1OmK^HgQsH7+vz&KNO>OE`!KIAkxv33Vn?R@{W<$h`tQk>|C!kBg-oCP_=EBK z+|g0V%MGa(!LL9#*by6EN*Yfn7M2V5-ffA#_tRpiHO?My5HLu1yWmcdY-o3RW`0;Z zTQowRrxwGiY{X*h?zMYQwib9kaD(QQ4l8*#7AXp+00(5769tU}$9I5Qn88Epe6wQK z1?Jbyp5+9=304ONHl~ZMA;a|^PGXC}6f+ZG%b{Jrv8cm(fdHglXcQ9vjpaQM-?=H$ z|7+zD$qpzj12#EB9wp44!B>%Rv0-wRyK#Ml0v+`d&X@)H3mU`9(Bn=&DC;f97+AoJ z{1_3hJkW}7*X*^D@FE1FCggP%ECXSz#BOt^F+~M1&UjQzqtt-j!wZVK@yinhV7Kb8b)H~D7f+&c$rO)#r6kJ zS#vLTMLQ#BVQ~&*VlBRD?RjMg*OdF3C#$hRvsr*ZFCME75Sho=kBiRUZQI(nL zg#$a_%`vD!9XJJNjYFCV6#UX5g(?H+HzIJ>e!|7D>UL?#mmM}9Sym66cVDpNmJ06B z?lhEe;aLm8bBb|A2(o>6OQT^S7g2nQNxO`Kc4LI8ghGA|%x8xZVQ%t2mM>cfyg6Bl zUi~P#kuTRq-9A&|+be;^Q^&mQ3)Yyp7Tc^1CI|OEpL4{Fg*+$u=qBUMbuM|A^bXDMK&I% z8^Rb0aO-i8=SM&u6V75=wrz4uA0L$;a6Z`)#;1U?tNBZ1Iq4{<0}%|TT1jItM9q{I zehd#RWhrIO^yDDO$}u;cC=TtD+V2xYS!HD?oK!QuRWwmf7E?%P*1hs>R_U=8nkHxc zD-$Lr8_1G(5uN4+;Z7F}mv9Q%RY-54WZ6BMwv$*|&0x|B{9VnOHtmm;Z=bHTTvoZO zF6A1|yDR^cWsin15Qg0n{VSSU?yG@t`j4zAi1FE9&w4u{$OXXt*3O2{gR<;kFT15$ z@$ImzNEch*EJ>#?ijIYUkQ$?!<8fVO`6YB1>yN)ob`;i-6UAh_8beVRBsE}CtPo2H z+^UXm3q&QE`S`OSn6+TL3V(`5|Az|zdWzcP;5nc?L`qwD!evU7b;xgrx|@|;F#aGn z&2Tv1k390;?2sh?D(6+I@y{Pq`k)n2}biL)-g-rTWesg9xOQOukA|^5W23 zo-^W_?e)tzu=v^qT>p#v{bqg|cg%|!$}*9k*u@l)aXIfkv7kwcj^ukNl{pYCgoif} zcAM09O#e7jYAq(s7^1~z8f9fN+oi!**Sq;%!Jhd~>RpT0%%KGWB;&Qgk}&XKD3%|5_!-EdfSNYb?m?%yFZ8F zKXCqJzph6f89aZ24r3mHWG%FKv_p=Jp$j+>iq*r+MKJGrr3)0bzc>^xd?^si*taEA z6es@s#O@PGmhd6w)vJbD+uhnlT3jnS17bzX-Pdyb%H2$hAAA)~n3-R3wp{HBJ))Ok zRYI$}GcYPk%DP*R&b>Eh2;+6$<>6<6+&9tBR-O1|AOxd1brSR!XA3I4^LLD8#;+{BydWJBxxu<7N= ztr!7%&c2@Ow5!w|t}AAa=Q{g(W02I_*8a=}$!f18FT~7{gKL9JvgdxnZLp-voxgi+ zN&9Wjjr&V$@)qs6TN9S_Llv}uzgMAw(w(uam-{lagv@CI+l zzG9h!-0gOFidhg2n6ZRVN-S;aIPtaz?ZV}sW)lUxIvygEXoUF)G|9bq{P?k61}M+C z)J;XwzU@Q_W;w>{9X=?l>!+pb=Dz$^I%qG}o$()uP`7MA>dTW4JJ0cOhS>zaAzuw4oeWWaO4zm= zC{O4R!Wk*}CY)=N2pat1(K?y2e^R)R?`qJXF|z1&yRehOldCN|KPU5e7+eS?R>tF< z6~t_uW?upsV9TW$>VHku`PG0^k}DimFNHLJ%Rp|{mC{)uckeT=^Q-fr^nto?*(f2V zc0Q3I7qxF}=>w(^hC^sa1vI;1zQ}m&j`{mt+o9cNX1GTT?Jrb7g=qc!1Lun!xTKVO z2JGwl&n(_Uj6KhHPolH{?H-kc&o*s@KhmFCU9YNDI6AWKwM}flwyG1Vc%7}t)&JGF zO%)f<`eBD%up&R(#+%vsijvR7NcRxvzilLwKm7cD9*dbfH6$#+^o)@Kf?%hMAFp+> z;^bhS@eHTe>JM;}R)FEtzr8o*v*}%-FtE*w_MNaXKSny?#J-WFMdk$@uzY3Kh*jQR zoOd^X5VBPg#SbJisgN7sc0X7llmBS{);w8kV_SOZ1B_cf7P7o_i)@Y%+U8^=e$Uz2 z7l|H>mGCQp#%g%fZwbrE*2ZVuIy40X*J_9*gJTUP?T~S;f{N7?8$w!s!9pzTY*BuI>A}sw z*#mW_GQgs%UbMuPz!ULtlA5C@)o*iZ_TDWj`$B_@&IE~p_SgWU*XE-AGUFJHJZ%}4 zK{#tW_eRX1aPTLT;M9H%$CP&xZtE8`t0HiO+V1Rn)0L_?CLpgKbm(wVWW}!f^hfs2 z&=6^$`xv%7`_y?<7d|hCNuJ#pj}w}knUPmoxw?GLBk|v+0QDuxxbGmw?K2*&`yfmN z;xs11s66&nCb8%k(|+xzp)?zZ@r$JuR;9Q8OAPjFG zp9l8IcP51~)vgZ2G$QPB2n$?FHn){Mqlp=UgVKlOCj8UV{|-tscZ5G||1b}egWxH~ zigfnVG~*3Wp`Bq0LjA!?GICit%L_$8(bPyWXR@m)p*or{G`U3VV>(qfgnu+Oz9wBY zfmNBsz1vnH`~r41;kO}$^Eyv39@G$trPn(q(vT+rRJn2nYI5_UMtw+HTS5UNfxUvY zBX3mAp0)jptRUrl;1Q5#700J3X$lc-=Wo~LR}OcSX=mb>TfRkv2JC)hTVVHwWR6q@ zDWRmHoEINcFz+Qx{3xS)p}QTzDuj?X-mU9LPLP}WxY6#+OLlmf69~L(WoeYo42))% zY>bOXN*Ok&u)|-*9uAyG*sn0KjrL!oShUkZD+_)_hz(DSE|4M4ot|Yaht+(3ZB6dm z{cZ5)9!J7rljea;_pOX7Qkfpeg!p5D%sErcPwsnMw-TqFgmGx?z*&;rlR| zBjRb^V<#q3vNuUrZ=+!(q1+h&S38I7_ z=^75DGg(O=XsYPvy1>SchDy{-8QMLYJi3yaGCJuZcgF&s!4enTqU{JJWe+IzC@7OF zh|)e}CeC<8>9A7|tWW7a4u9c-KeB2A3YM~u=bChg(-7#y!$gV?ZMM!2AZBAh<`hDB z!!S^1w6wTGAJ6g>8&6BV@&O-X-5=OD4M^_FrC^qJ+Lze=KcG$-e^Y`q&9?NR#d#hh z3;y&U&0eLa_>iPTG2cP$y{qKGhD`W4ZhqT3CH|Uu#N1OP z{;_=X*t5IX`lO5|R`-3`^6>;I#Q)K=>Tk=^fP6#?*be(J|9o%bDJ# zrhzq)MsG#L@u)fBdAH@cH$2wgg#+QLVcUg=!?y(QXq`L?IaosCT zX`+y?(4eF^LNtB2Nx-Vm!tY^a8w4|7ZO2i z2@fyEWL1kv-a@#-xu-6#A6bjE=|G5h%hjp*b(pprr^3gVivQhxZzp-qRU)&QTHYHm zjF9mCsP*zdvAGZxeLPSc!gcjI-zd=?9$NVGTdZ%+Cguw;W2%V-nv+QaqJA8_2-8e* zjpCZ2e5H_P@6Y5H?roo7wJtAcvxcA%(LWwbIBCq8*4sJsnlPMGG3<50R*Dg7VjhCCEbql{9ch7E=7i zew6YkaCe1etM9h$QKFg%NY4r!UJT_a%$?Av7vp&IFKj3M#pQ)Y*MVdicL|Rv5$+;p z@38$@z4fS`y|c_$O}|NCoF(I|9nFPAHi$jDSQV@?uHzq2!TwiR$o3@kKX?7)lw>h1 z)pBUz`~J8Y6fw+8ueycB}u+rbJp8y5VeOvk+t(%M8=BoR2(;uEnJ-Hw% zj7f+n2pFmEZM_Y#uOss|<`I1GA^pv8#}9PDBU}K-QxR$5CV(@R3+c8+=JSzWbv$ZF zmFNqEhDHE zgf)r~+3|OUgA|C^@sBp8?R?3;@&wHN_rXEHMadvK1d9=GqX>vSUb3d^_3kG%+|)D4sHA5Zfblv!`c*R+SJZ8+!~clKrod1A{f+&YK^ z0~3bee?ideo`A42WTA=l6Pfd=s36u^xp*Ma+Dv;nVXOJH@!U+ZNFsGw%6 z&~z?Qb@t}(CkgAR2e7GLLtmZL^dC6KgRIDDh&c^+0m-P_)jxzM=B05jjyNwm*(#Ua zAH=MZ!DirqNvmeu#@9ap`bcsWmvy=zBQ$lJ{U8mhWQ2G--#Zk8!uV_qcaSJ{D|$Y6 zaX>u1%9KU+6D%cK6*=(P(3tVgziV6hVmlDd9iF%z(RJJIg1ijzx3EEREBvu35+$Tk z1zOeQtFf`MU_oBqMg=9M8*HyBOU*az;A<$I}ruqjdc*etfu49cVSvC#E9Y+y;8 za^Eq~6ZzAEFMcx(VgOkIN9B8KDQoW-5RWCs$#yU-#Y&iYjf(}x(%hVZePcKrK8^L+ zY-H;}F<5Y9TlvO5vzeUp`8Du?mJq%ir5J%Ct{rNM6%X!-$gmn%3L3Q^O=oTD@hbr| zgRd=0J<)`sYWvm+(8K62P?3&0(SAxfYBh}wrc*dqyN1fzu`_g=?j=QMl%ABl6(}2c z-Tl{US79!nI+doj!DvI4qP75Hr_G|2-w&m3z!Vtg=MX&tnlq8rcs>DuY%%u~!Vgyb zXT|+`{{fp9_mT{UeUU*5N-=dPxUw0qQ&gRg+48^r&tz-iMqPKzamBzFq6{%>}6 z*1oYDt7G>juqx5d^ST`vPBc`h5|VSI!qx$Jk~AfL^S};`${V}`f9UQsvbLA>RNl|dwq6TCqY?@^$sYI|70anz$l+TU#VJ?EAt zuTT65A*-}Q-9T@5U6Jb;mrpXF5=x}h8?el(MM(-HB<>WhP*?Ab0(Gbme47JeCGN$P z2+2!B9(9MYrqa;J%7Q!VAnYk?vGzpE_h{~p40<`_Pg(YMcpl7Kztr&Zn>q?;A;+jg zTxUR1w{z&Clpabh9I{(#o?hW4jeJo=S?E4>VW|a^bLUYzbSV9Am@ilAdP3{ZK^)(8 zf)theYV<6^kR5hT88vngNSIvtEJ)Ca2`>s`>oS6wgveYbNbzO?q*&-bW5P(CeQkRf z{5wX;5w!5eS8(>T%1<*ukoCeX>DZ9H?EhTj4@IDf`@sGvDkbHcd2^pyb|k&g-@8Bi zh**uwt20QTmKmI)f_9@L9vu*rrwAv}#CF#_jh`$4n0JEmcMFq@O&UE)|cO7PJ~P__*OpjeHewP(cKPbsogv{C6O@kh5YKPrdUEBnsnn zTtUupo9yPh40*|PM9%I7;S znkPhRqx+A+0*1N-eI~FUjDAgD(%%W&V5|o1M-F z2Clw>Q7V^^M}r*D9s-g0V?U09u0*93wvTb^o~;B)$^N9$XkayZ`BrimObG5HXGK`L z*%BHTMew8)_MpctgesH!uMngAZ&b7Hhtuw~lM3M{)Ij;}&UeJS%qSHEV)irWZK99( zL61*jhbh+^*ro}G$X6PHNg<4-I9ctVuzlWobfx2j#DsD20kut3JEwSxVhyErJaUhu zFzZMuN6w}aN4o={QCh9BiL9~F(E?e+Nb))#C_5H*mv;TH-oLb|5cil6#cQ!<9n=KO(M^-kZ=@VG5CHI?93z0;}ZaM`#0 zjoHhscUl(r^?O?nJ}=n)ef6{?DCwcy`wuUk{k|vkvb7PcIR$Kd{01S(u0HQb+QP8N zDfkPB0%z(mt~$)h9hW_XXo7gTU;?J*PE{u1_QCI-_sPx|0>jRqxn!eRq990%I*!7p z8?nFyj#MWWrT^n84>n5zdT2N%TWkA!g=P6^m6>`7p9c1zLBG5C$D&GoJQPV(N-8ZR zD&bRg5#WO;tHXE=Z&&FSa3&Xrp8IgJWH*WD+XJcPJ2j{=VHw&`h;>gQvB0QVCbeW& zz?<+bAPC)^aPE|+?8Ch!++W9^5)>3IW%Os?eSEnz#}-I^pe46ioHl!Y7@4Tp z6;cV55k(+0aJ?`-Tv9-x;;g{jjHu=WB(TA~c7V0t8=wpx^_HLCdHf9`8&v3BLR+txa-UXlkIn^v zQ(PpB%FjyIgUbtpqOC9q*NN+p;39#U^-C7fZ}r#G4J;ih>@6Cq#vg|wR_t9dQDx0k z5Zv1^X+ z-W^PPQiK`bDmwB{tpDG4w`M(^ETEkD;o;$NzP7g3s+R}V-gp(Q_xE}ptMhke;`!@9 zLeLMk%NSv_=o&Qm*#M-E=2oAbRPs&&sm&^8cd7C2k1QV#55^5RxPSiWG%08}LQgHr z*fv3(2bBNVf;wgjyjv|0&;LHw_)Y-$7`5Hk+mB@dYWV@3Tv-=#Csk@$>y+=U+rU>> zY0G4HAe{#j(ch(Cx3cT*_R&OZ*e9f3aBKsA-SvN86C~gz5agWljlKLas`Sm9#jTc> zmJ}HonSQxSV1)`c)Na`TC4c6aP?T{>*TFa#@hj6ZLtnkK4zO}bt9hMnYYSrJOsTJ%#G zx4l(gvDyGlZPp3Eizf#c>p$1xP*~haoTtyHU1>HQRP=ZU(t}*22&l-d`qosr#7OU_&ZmoiHH9g*>T~-@*e+Eo z@V+UR2)|Q+DVit`8%{CJ2+t9>gy`i*;}?xEm50>-C6h2H+f;dHkEUVV;F*_k7>29U zoWYD$*fby9@fjy$`|s0y`V@KBLL^1sKh=XLu_>wVriWHlnQXgr^Ut&AugALC)BW4jDM+Eg)xm6PTZvIuQ!p?Pj4;SD>i; z%$#0BI;iGpf1;w%xT76OQ6e#s@Im|jOYPt9iJ*->Ki?S%n!5}asVLB#|88&AjV}`- z=qP;+$^+*OH9&}Ot;P4ehLO8&mjK{%PDhjlAumW1X{TfM!&S~`ccpPRMV-anTbqYP zvy1HOP?Jif1m+(M3)XUsPxoVgUKSQ!N-$cbG?Xc({#Gk<`9(!2R1zr7{QUKc<$g!W|Q5d5tzvHwv5jvo~^1Yio(;@DyaGsuVCyP@8E-w3d-uD z=irs`^_t*+IWscj@}!>tTy;}T^)8eJh?Y(@_nrIsLCCqQ`Ob6_hZoyG2*4tFw$ms3 z_7nJ|(7}qZay*K3MsDWPyT3o()BxvwzCyXD;6#*!*ki~`*Es3`)9iD85s!3}^V!*` zR%u6P5jQ-VqGcAg*e4*Kw{LkWpDjN3vgIJ^NF$tek6Ut0A?8GW=NlLCc z{z(v70M#b+CCT1R$+ke6@22Mmexj+H*X6&1L9wVQWxHGc{I37bYQS5YFC(TL)B#RB zss0V^FnsL>rbtomFCwgc0&JP})jtHArOm2|Cod=vUG?!4s6h;r1%%&1jdO`@UpBD` z3YWMFXZ^(XN5XgsifvcBGH--!1VIBX;996n=kv%=QMlb~is9duTUFxC^nq|IsX^tVKY2!4;2)dd?)Gu7vMdvrgax|0M#6kP=p_-;Eq9tQVewXT za;*nHC=1t%D&XV2>;n)f-$5`ml^uCFbveQeJ`OqZKiO)uBf?O_|0e5lo+P{Fb;z)S zJ|w2)x`QmIw&BBuIQ24phF35roC1nCr5!BRM$Asggnt)>8(xy}SF%aGIJQ685Dp=P z6UO_AJ?|64Cn}V6n&4MI1gaof;^^H}b_@o5iWEki#cLiI#Y3x;OAJlhV>P4*`y03IC0l@DKnlrEGZPpZ>1F6D+c{uVL4A+Y3+R7NQGkD%x)C% zndfeKRY5>oIU+CXUwMD@@@L{y{x)WEpQ+NMu7^Zwt@C2hG8&g89@4W;{})|RQ+`LV zKmF`T$Ma>ynXt|R*qKMz63c}zE=}1j!BP#VJEe!Tfn=K1Tl<%V$<@6i{!cj*Ur}hR7Ev>nc zfkACZaB%P>1~0}3XlC0XGB1OtuF|!$S3gsHH7K>17EZU5{~!y3X%N~yR*g$yo@e&4 zyoy-EGS`ezIFd!Z-eiRN7$M>=wTvOlpwym9=V}2U7~Jm(mv+{wkFO)s7B!75Mip+| zksI76+B_@nGj!!XBGpZta(CoOYWyjw$3sxAk`AH9)V5*9a5^dE#$<|>c_C-lRH{UXm5D_Y@TC9a_R(*q(O*fLCVUywD zxC|31{C=2Z2AAv6qi+$nHga%qT%~_oJ!Zhm954cqfew|!Me-D*3o))8GRfe!WSj2d z1!E~3-9)w${Z&pqgeK3bO98_SA+*v0#+Q{>`5-MCmx3sGTLwODpcIT-GoW zLhaL|P+{Ks(xD{{B-Bd3ueWtUdl}q*KRP-iN`S;%<&w)|4d^)ey~O;!ng;}Pl-th1 z2Bu`NRy%hW74j*Wm50eU)e!;=O^=O@r?`cL_Ws&23C0hbTwanLp4ukGoKGp~2Ak|Q zm)VL&(>}4hH7c~4oyF{U>eXeO23>z6ZQRN~6Ls%+Xi#(l>|IY0v4 zd8c%>t7M>VXmfos!lwmVj>GdQotBBtQE_(I38eTrok_8VStzQIs8qHc6 zk3XjKXAQ@2!3{UyOrV8M&pz3}#W3O=3W*)v{Pkb)LxCQ9O3a^n38G=6!QUv zD-PB|8aU{^H4?+=g^@Dmo_dumDo@4N&q#*POiATL6TogPbF=zOENj@L*~euZc!2!q z3KP%ZtB}SD-&Dow-9UbbN6H$j{1d|GAh#X{8rhmPYVD0hYjh~_9}P=DFhy@TO9+TJ z_b_&b-E8v*;4p3{;nZR4FP?cx350VycRZE6MDuPSS{vOFug#r6#Y*^&_r2iNJNyT~ zDa)6YY(aO>jzIRu{Rn=P{cTkWNY3gMjgq6GvT`uLR~16@@F(VhDQ5Fd4@LBTqSoVX zuAbalwE&aO*9>x*`44b3KHYkGQ)-~WZ87rXuS~UxLF8ag`R5-Jr}AuoNrXLp z&L?RnK;xL-FvU5}*x&W~9(QW1X}v+^Wv`=0@A8upojHHar=&lT8~d#Y!YS?FEyRo+ zQ!!Cxb&npjDDD-pJm;Q`gPHc->%NOWB*?eqI2&gi!{G%)LDet)K_Ei8SVO(2Wxoze zSupkxq(rw6DyU_7C+y)3zH-xJ6phb795GsZVl6p8D2?M~H%E~8&rmW5H;hW$H|a;$Dl8W!A%c|+tWFIPb# zoH$NJD+@C3p`c5)Tcfa6<^N~@u@mU$5;>9T;-T&&L6>ue#Rv(OQaMQACU>^!tkoS% zISL}~s5)2sK#4Bfu+kjzWAw7|6gl-mgA9no{bK0%NQD}wVmrckZeXLiu=Pc)S2Le3 zmfH@9C@sum#niHtY>yRS6`DOHIxSCI)ww4ErGHUtVyaz@S&?#wLG3*xAuB|WDA}DJ ze31)Ws1`gJt}g$k#%&=u0sjlUH73L``?=WU!!8PH%_lA>ZpRyMQ}rliQ+Vuwu!kz{9_Pxb?p zXGfYVq>LU*4*3vtEC(e0=BOq`kD*OY`x9pVUw?*`4L7t*&Yx%MRm(+L zum$Wc7+F&bSio^Y)I(q+6^V3r$!C!05HiQ5D8ufMO~ zTxkGiSLU;gT&ZV^Q{P14dl*KKUV@UmH@xgoePIHLuWfam(m$5y0o9Ea6ihfW3XvF~ zyE|=_7N#Z*ZLUeC_0c-95^q~ki0nQ?@NJER@i@&vz>+Ex4j6LyM~JHioxKzMlQ?P? z!i5P9uYUqR&Urs9%vKrw%JCm*Cvj>eMd7!pt2w80EXRR)#H30Z!^Sk@+;4CItQ*`B zEk&dolZV73=$xD?wvNZt(op)mhrR}0M>{I`P%+$tO8XrgS&QLfVy;(zvTSF0Usg$i z80uc7IvSyPqKIR+(Q~3iewu!!e*Eum0jqPn@keN^*WYRTbpLf@X2p(EOUav@`26_x z-Z9EQUDy5563B3(i5N*LYIy6_8nDA%4NKfiV_0R{3a>;g`()NtFmw&0)e0GlFhmj4 zJWAVfH;Eb`}iYvrUju+4F9;Kp;&-*ugi5#b-6MLdXTDz2i{e^vohR{-OglDLQE9D6{yH zR(2<&M(+DA|IL9)_&+JjjjTK)Xu@l6flM5*)ycp7d?TmRdUYLex*=Qdlunw5x1P`4 zyl`Y{04(}Ht(V7ba;SXY`N+eGxS_s?&lY>Af!3S9PL0(+Q$|~!ImtBNKurGaf2n=( zHCps?Uj6r(U){5w?(E!kJHV3n`v1o*OV;RW8Wvc;6;hehDy9AE{MQ~lTk=1Rfe)Wj zFJ3l2p7GigEcMxBIX!|t9imguNSzAzFCQK9 zW&;lzJ^IVfQUferPPcaG+?ss9W8CucmDC%+&{usS9w`%A-cZ^8Ts_f2Hs#c90I^9* z+A7ecrRe&zB2ra1FY3+~+OevGr_ z^%rwON>>}*UmFVTe@7A#iMsS_a3?}U-nX5jnqXswTuN7OooD}LQ_JQIO@A0+UE;kz z@At@`qD>VrwF?xiFLK5Fv! zdNKK~e!9r>AX4;Y;Lj zjHDoHrokdIft1s711)E1nDRt6k|j5m{QlM#fJTA;-une0m->0<78+q|M`r$z^{L&V z#^~dX#kr+BT*NpTY@c7QgMc}9a7|2hvJrBJRyrc!gdgTpJGik}vN^W}YIIz~2i_!W zwQIes#e0tG(Nwb3QODl)K6wIxXgYbXs`!SGMCVJF2r|wK%-Pe?)%~K?>>;Iu%=pFq zm8V~?E)S0K(w5e91r@3ojk0JdYK**YibYZDbxBI`vXxKhhJ@I?G|+l(d%4f#Wvx7e z_69|R=Z`c`HUj64s@%Vv2FF|;wjiuw8fV`?^>A>q`&gcr&;D_`Dbz>qOx4vFizw2x^=;y z=Xks#6LZ>MH@92+Q#5CCue-adt%CPt1~~mG1zyz0w*aAF{&p!9*N0?{wVqEK9eY-8 zZL<&42(|py1kQGU4B3+AKJU#*9zKFf0KrG8`gM89+MJvoCo+GYtph`pwD>n_30eBR zCtHumN;a;)>6C5GR{rs6y2TEZm`p%a>h|(@0PDVZLE1CR$3KH)bCecCzts05Lp|9q z+f+Yw#O5%6d&TJaDN6hMqF4XFTKvV*6q2>e4n15~=1rhn z)gc8TZdUp)Q4edegHb2j&zAqYTHTZpyGQs(r~ybHGw1(xT^@GaXx%a!{Om^5M!9Qv zqUyrvmay^3sk-P0BY)QC)p+$ixRP>k#Z2jo24K*4aBTQhTxt<#tiHagv(9lGm?u^k zzD>GLWYo z()g^%{w#e=BwU8K?OSkZLVP&ZTK%C7#3?vt`C$TE-a{s5(Ot(C7{UpmD*dfmy))4v zp|i+Nm7_Vk(rF^)2Aryv`*AkQC6NPv{F&_azZG+AM2Kb6w1_mz?LtEQe-=_V!3*HR zANJ(%7ZeShokj0Gdv98AwzUC(Aq3@2|HyjVf(e$50Irk4_G!FnTjg}iO2fdXUyTIU z2OrUSx;ILJrwQX9KG%-}bH=hHGP%mmfW24wZ8sLOlntYi``$8zDYF-&7qwl3Au;xR zB2^LvY2rL-6C<}azHW-ItO&DW2d+60Z!g80OHc0b)Df!9q|+EIZ}B|mdwLXc7!_BX zS+U620x%xlB?NCKWXje1bna$dtRSe3`Ld`EV*ABtR~|geAHjkdoAx-CVs<8v^SRvjF&9V89j*p)FQqO;=A-zWyUfj}|RqUen(GpNAm278u7w^H@ zVvbj7L{$w_z9fo|<&<+?$#m*0L>qo+vzwX5>WGe17+Y?l_3lejH#hS^HA=lds)~kJ zw;Mhwpr*@rZUtBA3{g{hX0E;-%-noCQ?UMA$f!1pB)3)rWpS&{BZZ@0_awr$TgWg< zW%p4o41C!tZ#4F_C|D{>JmhZv`hG-29;=FI#ge2NQSl$m;}SZG1m_^2x9ZFCsCuFmlG-0;Cu|vf zRzjVcr0_T6eZ30O-kD(fL!Ue^qWuUMBBf}reb4G_#YxDY$)}(5(>#dOSdoBp@Xz=c zUqhA#k2{RZ)gv^}*hLa_g`QN5znGbd0~`@PZr#D&Wm*IVJ0+`)81}SBL4SkG{!r17 z^0DoE>@@GSmb@*tppdpD>oH^e_ior4QeiIe>4UeQ;l}=aSldM2@|WR!sBFtv|CptE zh3!1@`o?9VB9mHToU{<(10kP{Q@FY)>x#6G^9836f?FtK0z){q<>vQ*u@ax2cEu3T z1dADH-+e%Q+XMrKjnT9zVYYBQWUl|oYBo@k1ZA-pY<+kz0jR<+!#D` zoWN=}%myc8Ee0_mC0^D<&MI?}gd`jX_VHaIYa0@ePlgmPoHN}_e3lLh9YWr?4I_yg zh2g^R9P;HKtRc}XRcg2MjR7Gy8?*7supPuynFFO`F>qfOSUG4e8SY1NWl{pdkAIjW zvF6?6r}D((%wwJDvMh>6U6Z6_Wab)F;m}UfC63vc_;ecM+sryx&+Gy~0$W#zn6-Ht z+zPmCXC)q{3wkdXu^pi~Mv1p${MbYvSDI~t&H)kTif{-3Y&Ub)BrOK=qvw}A0FZT$ zSrTZpBZ9d3Y2H7yR}40Rhgvf_`Vy%3LH8@tnM;?ExLoWKh3W5 z>ONO_4Y=Cn)G@eT^&REsa05O<2>Fg%8?fg;8yt313$3QtZ~%fKb1>oK)C-hLk#@B! zt$iTyaoiWV-fA^I46c#XJEiys$< zw(sTHy*(A6eQQ?YkD6>JbSKnY^W~d|C|K_wT&Q?$%t9R$=YfIF;13bN^hy7&8!U%~ z?cox8DPf)2J&hFIk$~jKHivUL82s8(@>Vhk4slNGLpoU5`m8kGMTXu{<>{8w-A5UY z>{lZcO>BY8IKF|8XSbHaFwmJ=Mz!ERNci+{!uEEWR^1WTZk$O#n0;MMnMXm$;uP<6 z2D@qlPAZ9*F{Ncnvl^*9aJ|yxe)F4Qq_I|}=+_Tq^0p~Vgl(ex&zv!j{Mx1+pgSMyR8`wa|@TQ;|~RVEu<)1AHP+dbb7&l{qlIq_kZ_rA|Ihwe>)s@=PLz*dIv0j|B}9bo$-M5>>jl&BJ6wT z53P+?67N{Ix?hT45{0<~k90bfl9F@J9%4gAAOHIaCT5B=ilep;j0l(KoesY<7MS|` zhFP?NP+;Qd;FIz-mQyN~KV--G&|yu0%B~kw-0v+mVk} zCJ3XtX>F{4M1yASrS-lC@Uo8^zi7Y zs>;;(Q(zNGu2-GL?}T3LAgl2TC)|+8597Fa&U2?UISaFBH-xOB3UJZxs_ zAacJ>1w3MXY95-i_)|5mE9Q8AFTqu z=iWJ>7)|hfBOiF%D`Q#d8dGzi$0q2Bbt7!8+d6g`0fgO3jyMIelD#EToaRg7hiRO7gG70un!N19J4=31H z*k%WwIbNFEp_ZXKxI6WnS8(MFDdH_CFQ%e_l9FIvsU;L=^dOz=z#ARV!=zox$cf<&%SU+o;m}sly}Q#VF#A-exHI z655W9{OTl{q4yy!9n9~zHDVpnMKAlmORf}ld&#pfA%Lh$+Q(;|6;zxs%*(?gt-#G) z>Iw{UkG;f`f$RS9!S8rLSIi2e7)@z%U&gD<7t25Y%s|!K2(jFNzkmxS^MDorHS~th zR=SYoE-L2oZU={WloO~Fu*N6cr_*XnHXpbwmfP<%R5iJ$>c&PYw{ay~1{IR}3S?MJ(h=L7Ib# z2y%!wF#W|i0!CDBLRe?Q(S3}cwDF)HoAbbx)q_527P=Omoqp=`$SV^2?q*ue4QwuV z2D|_M*3y3{h}&QUM08LVIRPbZ9p-(hKxNuzX8b5VjgY`!jrgh9%T(&cnyw!mjrS*{ zh&N1hr(XLZmq~`$w9*0~idd}(-{GPnlSz;#0k`n80qWOZ#bly;{42==Ww?v2y>Mh` z4yV*Jc%QV=TNco zC7#*7YCoRMd7mkatnl@YS4?mS$59AAFdaqL*#wnPAU{lr@9graz4<;l0x&|i0hj&e zB*63#mp&PP^yG;Mi$3d16t}rR+PQn?@EL*a;3H);B1ya(ADd_%LZL8n#C(}oCuw>b z3-izrmuu?isT3|Y6f;5w!p$L?xZ0@9O%tl?i6QX_8jkD(WV?)1=TxD>LR)?f;l<l!@mDQDJ2g&&y9gxEB9sA~x zbdFKecpVHr65+5T35$dy10kI_it3c8eBR*SAJj)ZE)uE*z}>`Mh1Hzl_b3VNdmwja z`Ye2b-l7~dDw+(XyCSw9I!-*s6>*>VNT#ls!mJ}5O&zSJl$XmFcp!Obad=wQcD>c& ziqY*bP}#$*?|<@8Ox%~Be?%xcS&ewJclY#c8-#q*HnvKtIKjbzv`cg7Zqx0WJm#k? zh`mIx7qsQAoLy_I-2nQ!)R^aA&)<23o7OD-nsW?S{;v|q=q^m;B=fa?2 zQNRlNthd!;kFtO03?!KUX}Mb*DhTi`?d}>dl`m~BF`@F8Kd@3wyn|Sv+#TfOlG%eE ztLC%rP!16nL&KSz6t6RE28s$-jxM6AJs!uZISlWWpUw@{^mOIyKd{zyN%mfg!IiMe z8<~>f77(%!?Q1bUr@W4Jv}qECA3~QLC>++l&7`WFc7BhIatUk`IRNznWh^$Wnc!Y3 zq)|ByVwb}ZL4;MhQh_FNR-HN2CX-fo2U`L#%f~^6ftM$}b^G^f*1o?d{;&U(z5f)D zsSEQM4N3qgAsK1=i%0LYHfZSRzzcv%uH)?N%-#;a?;DjY%+$HE*Gj15@)#XKmS&C#m-YGE|jG0 z(o*>UY5`zRp#Vh_p~s1`|CY-6^i~l4WNm#tsgFiF4dLY)>}~W`YqEz?dGTwI+HrcUR0p!t<7e-Rgsb!6#gWf7KQWAWXar~Y8v~OHyrr|UC&JcABSbD6`{tbDl z5@a!++Js4F483)12uL@})uaP&{!`QIqWo6buT04I3^tG}cRB?Kvu5+s(?36JDj~-k z!0JRX@M%XmqPS}jJZMerT;Oki{YZ0Sd5a%P|8}1-LHu(uKbWpbYqjF8W70Q=9%Nu! zwT)_z48TK5Z!%%NN@I-oYKf5y$%#4EAGz@3iaz-ER#olGcUKPfVOf#jw=%T}DWaKL zp7(O9D(K8E?)7lP#7xNQ^{a3+<1t)+%6R6luQ;;d6yn?MFHPZ7z2bCHRv%QIBPNOB zR_=ySsug#0)xj87G}1qu_!>OB{l8F>*TMHA-}ET)H?wy^%3gUJ8X9_8ySnb?GDc}< zE@cgWv)eYho_cSvas21kX=%1=ljE=N`QB%`#Rjs`?NE`Lng5mb=voa5zzNrf^dMt= z-kZ@RZOzOU&jcT5LIluHH~OFM!v6jhsAM++8jGw!$NEp|h!7exjxT7=B57BGLX`$F zd%w?P=XF^Duu9E)1(kOj)zi~dj84S?g(R@S_2h(vCi(wlxI+FoSsQK*1RFi~S6QrH>jXK|)^8*9g|9=*(8ZXq_r(*h+-1lRL9)igOYQ+ivYA&${9! z?ou$VzS!4mi}lSoP4_x1|M&|aF;5z5(q*E_^M0QiZGfkx zPt8qRK(|RVU$Nc77dfa(Z~oB-@PnO%tIALlo&67Mgnh9!PG5kMM@KgaK%k1z#|r?d zc#xoDP{OVlAm+ICX2Gm{Y&2Ki*PBc&mB3ek+;;O^n9mhrA~}E*0!T!E{^8oI>1FW% z!nm7exW|PHz~swpLPA5@#8j#j;H{!+>cKXE2cv!}C!qI$;xz!@YNTmHCV}O?gJ@$J zdi)b@N+kk5Mu8*Ym2WfufE8mkT@hz$_R1#V&#%uy z63}`Ku+}#UTxl3ia40#fEN`al&LuHP&% z7-IlolTXh#A;y^UeAoPgs3iKe*rM_D9@!J0Ym@iILW<`bMY+8K#>0=cdv8HGm4Z}G zOi-;q3=?cq0C0S2I{X0DU7oojl@~GfEb%x(c~Nn~m?P(`-|}LLo>^3K^rMrl0&1iD zX9Prn+15h63DzxLyUgYwe2-k>I1BE%q zxi{UBVxEZeRJHeQ&$~V;r}(4znv4MPiCuE% zab1x%LhoIHN-QE0@&I(N`O_u%04<_{hM=jIx+_IbWNsCw>R5OW1kGf$Ly~~}r~G=K zuI5paFZSJTlKdf#{R<60cKm=}$&6$Kn;c=R9+1ddcmy=pZlhoUF{9w%Bc%Q#LeN(@ zuMbYT;0^bc{zj?{TPVaoo-&YUu{_}{^igvBg^x;q7(qBzuOfwAy-APd8m@&=#Gnij z74ocyyGfpa$y7%gMRf{*!lZ&hvQyUT8ba7K(o+x`_aP)i_?YaXwiVt}fwx2dksv(A zrm%v{x%Z43&D5FfHPmk&qE;qK+0AkVk7XaYPge<&#>q&pgbnMpYoMYJZ0}>G8*F-? zSonSQ1Mk0sgX*O>0l_G2ccz`HF!7Dc%*S%-C8j}Iignkyrp9gWKa@cFJkN8cAD$6z z_$m{kh1EbVb|se{Ans&uwZtlI1%LoE+ZW&Q(})v|6axddp)83XUy5!C1>2T?zA`Q5 zT4{?sMsrgLkllW@J*EcNTKSlDgXuc45-T~UjRz-iPcAv1&<`i z#2@9G{)e(}55=njhKqjD`oF&vQm}RFeB6EK;l{KK{ub@5JbQ2tX$&t91aC&d9j9nl zDVHghu)}auc*PEf$^;^1=P#-gF`X=oLvZLt4g%@vk;1H%5nk>Baz`NY^F=KJj#QbI zrBDqvINVd5kivokXQsEI>H&Wl4l#hAi>K=iTc6EDJ?J$9pq7`W|NY~D4G z;ZV4I$rHhDDp`#EYkreuz^yThk@VDGDjka62&dqH7L=|Ohbwebdpvlg%QPi&*I7;F zQn|0AFTb=cv4N$+nEIIH?#NDi5Uw8ps%aV%S7ZYG@{to=rE{@{FvdyiAMi@qD&vN5 zvTkGdSS~g{K_}WF=+YC+&wU*P59Ir;9@i<>8@q4v$=M`xpKs^K7tEG}S#;Ugs4b#6 ztXQGpq@oR&xptRL0!Cd36H&E=Rex(=>i|$TtOr+}b#F23qD9k0H9zF~%p99si^W$| zX&C@ibn%}2$hL@pz(YHds{kw6Tg1brl`U#h#R!m~S;MfO3!D$at3loTc?NchWlJczZ-0M>*&X)FXIwGetSy4#)h>fhS@R49r2)69h8joxtgl zkQ&83wQnjS<${%8g2s5!5!;X-bQRrMLSK%IkF{UIpU2v}<;5aaIJ%REQEg|@-x2fi zu<#_|qO+spJ+fFav?hlfB&r^GNB##0sqM7dr(`e23^3AIJW-lj)-`3vcUcoscQG} zV9A_3_S69tt!R|7V!kXFnm|1vSK!*p5dW9u$*SC7Te^g}{a_CM(FOwr6`+CT@$bwl;+1~GpOAL~;~~e>Em$p*?Yb=!B@+-wU)E&*??;5^E~ny!dVT%Y>K) z_5*?{2#OmfiOS-=iw!u;Q)RZ4M@65+t4Hs+Vs#D`Lem*U`i5GEH6Oq3a#)DVDald_ zx&8?N{mzxtJ$7}OklKT873t)vaNg~*>S{MlV5_?TYLDlBQOkO})qv}UEX6#T3stI~ z#L~OdxSkhB48CVvRj8)lIiPdD!0MjYIynW}<>uJZWzO&8Ku30bQ@}e*80hBKQH(V&mgJo3Q)Q6*hgSLte8fj9u&ndx5r*y|5_<^C#i^}rwn6rQXt zNyb3Aj%_C%f_6q#YjytI2OZ9<2DC~4D#m!~iZ}1K9`d7!g4i-hRJwk=Jzdd^oNnX~O13F_&$3GUtPI8@3i%`xlJpU3{1t{45)s9yR;tIK+mSeCBkG+30J_r zsM*&2$7t^rj!)PTI)$1|HVf4<5trwNJoCvqkWUFCXH#d#665uNKZmHP`{Jf05>M`h zL^`ZVvIxcXxMpzQuR%eShBj0YBiJz4wYe*IHwaIR<~`*)nTq zm?%p94ezJqvp1%2t+O8~Ue2#vreO+Fo)N6IYa7PGaS~`FzG5dcJzi$|B1U6Jp@e+W zQ{l=#Wv1x1TSLzm{uS{PUbWEr4mKuxkYZiST^6~bKC1=RsJ6)1ggT@ zZ`%nTJGMfWiuTru2tA8()6}r@Tf_#^7^lfr*_2pc4fgB6uvQkjO=@dB3~%f|3ZY#A?FDCPHX3XT}q~0!ceXS6G!y0jX+L zi|m5)x7c@#DbcnWox54asaLK&&VFY8%&W?wl~m*dj6a<60VMLUp@(;L-Row2eubn` z-{D-2_0=C5g)H}7cG|O5I}i(~u{=@$H50Bee;L*BeW)R|;;g`ECkIL{HG`xuf5s1mFwIz#UxXqv2e$NZhX zyE0_{?Q9cv&Zt-?hfF5tkgsD}F>4PPS}eX0g@XO6RXn|h}4+`P!EC) z;K8Z|L9~g43O|l*1OnH}U=>99Pf$}KX5_2VID!{gT*=ZD5B4B$5#>nIMM}StgH0`S zZ$Dpc<91pDd{U-a7PZ%?{+{qP7Z$xiYOe?bxj{E`P?oCb>G`-Y0ZVKZMP;9t)IrO! zWRC>}GOpcLqnSN$xZ2JuoA>3D0D5T#LP(VYx~=}mOV5(KPxT-*wgsyB(%@g=3QDKx z&54bo`N-{=07oNsZin6S60kH}fz#2@s5wR~3rO9>!rD#pP(HIMwQYOe^|=9=;&S;v zB5HmG((T~dXg-E-1!m836>}PSE$6Gh&gQt-M}4>KxGfp3__<>2WF?ZWnV~2rXRQt@ z1x3L=jP#4~Fz7Ply)OPM`%C@3g0SdrqOzohMKZLjAO1HE1B&AHnB1Zq)$ z)uV2+_mnK(%{mozvb9iy^QPex0W4^LL=O@j@HSll_G630tY4+hRL`DmJHAv7SDY6M zXNR}qLMfgzQG@5mS*G{kDE{5t@iJ*p2(cXzo#4D#FOb;L6j)68)sm;%B9LKr*LJD?HB5u~_O9V=1WxT70fROlsyr!nR z3fMRXYgCvjPe~aAf?9w;<=bK)vvYB_HB_Vs_O+-~GRYs=`|rV*1$zpaUyKs@JnOAb z02@ej$3uqX4DgS(p2FD>0V<@FC5zZ+ECBggMb~pu&3J-mJwn)YqEKtD-{ilGcaqC# zYSLLX-fRW{_$YR~P|Ix;2)xhor}h9kA7a6{mRW{bZX3s*8_*P*&B)AL{|6Y?>Od(Y z0ql4`ChzBkU_&jNpWjmqAgNSmb1+-6#c4imJpk%7YuZ{6N$Ef|W{UowUcN+f2S=XM zLGGh&@VJdn`(;CwxjIdcC(2dBJmXef=A zyfREkecoS2EPcOJ>TKIwuLPB$dN~s)Rj1OB=S<}(|9dvlwyOjkJ_82ClpUZZk3eI2 zp!dHCu7nQ@5+;!V&?-;^Dd~VT&s*`I!NHQ?$BUMR#>E_*0n316d z^m2S%PtC&h105X?87Oq&wQ7BShNb^`h7eq6BXXU?UZovqvlF<)jPxhRfu5dRM)J+g z5(i7rzsf<)yWmV;0DO=-x5!UF+t{3J0jsSc&K?4gRx^C7R^mx#U!Z@jTvvyRg0dMb zmIgZa2~>V8fjPF?l@DEt6g0NaD@!mx{I3n>KHkX08aM$00dM70Rj-=>EPQS{S9##u zJUs9Rdo+&9UI^AG-Y8bItN+`7!|U)2aXXY%4{-i@ISqnsXpP<0;bNo5oh*eEz{kb* z5{HqIW3;{sbxl480X$gz5KwD=&Xfw!?LgvDM;t%|@ERHz(9#@)NN@X>rz59C2+SB! z*_)$-sR`bjmgg#X%r$&LX-w|SjrSm`Q~&Hv0&kxpcqh9)fdq-4fx}M6;Icn1j;nfe0qg+0bS#+%3|))FJg#wNLMVq{|`3d-&tvlsMV__^q{YoI-uVD&cdAa zIe7iAo!7+I*cK!l9Gv8G0Qlg7MdjQqd5kFo`xO&5w8W>iE-SS#BI4@>=#J9adJeAV z;(UEjRc}~gV_}*QC?F^(*p!@{d=D0(CTb>EKpqeT0!**o*YyLLy{K-<*fg)$uJ8V4!HtR$AN{ z!2{PZYD#A+dwn<{C1iBM94^z1+sDBAU(g(Q?(eS%B`ZpdFTmPZCJK&AbDJ9*3$gwQ zK#2wUHxL~XP-6jU#iYj%U&=+mv{6s$LWmzg0^5Yt_vBXxwR?qk99E0&!ml<> z!QFmP*@Hl%`Qeb|?0?IBo@3SRfAWLodK9@|pT8(G(AT$@+WzhNKH2}>XFJiwUZ_#R zG2y?)e+vbTFXsqHAH@2B3R?Dd1?av!cMuP>65+ov+O7NCp~WZW+y8ZFO9*&D$`sga zpF4;Be?I&F(>a@D#kwuN2pt_AI##pgJKkWu^N9H!`TQ99fHo)KQRZ6FuXUcOX+4>6 zi0ipMJDyNRSu`Pjx<%}S7G!y;_0`zEbSRsH0u1S25-`PcNgONHzA(cAg$EB?JG-O) zo*o+U6}jgCKIJc?mcHnE#LKlA;??a4Yy|$c_+{QjWUyRh?-?Ec9XTCKWIw&n58N2e zM)d#0dB*@ssXaI<@bN)^T?l}Vz9=pmDE*1`i`(f?2gveYDZk?dnh|2@(%a_9N_~S` z8#hKp;tvH?alkT8tf%vpTA5=3kzM=B>ACQj5P4Ece8O;#Ox^7Bx9_d9F_QA zUc$n|!-r4iDsHucLS8Q|apC8gYl02cfc>trEaUMTs-cZ5wunadbn*@gk z0!X9k{|!z67#ud%AL!KFSnsdBE(hVDdB20#I5SXxzW}EAHQRU z1@n}48Ymi&Km7gyJL8S=KAr6EGNP}9{LfLrpE$WaPM&^N9%_zbeU`RcL>My*SK0T* z95qc&NAt+YGkaTGQ;bYZ)}P74#004m^=Y@OaeGg9Rnzh~x58ebKu7NNcZ~A9Kcu5L zCjf6pZH~9I#7inef4lc-fGZ`fM)yCS#VZ-E-d)! zvJtQvb)NAzadKDj86F;Hfq{YHjxk*i|MMry|+AZfg92ral4Se>4<4l14CjZ+Z~`mkv>8G+u{``M zVIN1~&EEMMyR`#1oGw1v?N5r$*RUxa#DpScpBwr$a7?()6oCV80@^{~e@}v(FHnzf z;%tv&|H`?t+_gwiK(K2sn^K(^JZ_v+&nY>4iXm44^u4mcYdQG&XH!yC;nzR>Kp)y* zF(O+j4~q+(L|1=Tt9ndH!{o4N-_e^-LAFv zc6L;Q`UgwfDPeeG#s{HyLRC?$+s|=4rm4v*_xSiY@c!XpjM6uG)*rNwG6HsGWrY*` zNjBj7_lIY0A2;^j1VbH*dVK7}5VDz~*Tm_Bz+sigPsZ7KU$tv!=wAJ2)si#{^md|x zHX>PIt71yK?g?=C2$O&hEfko__B;TO5v{%?POCignbNEVkGo2ldT_7nVpwp9x>kC*(7N8!kLu{bhyJ}IWwcYfS{;gmt@>; zM~XxgO59;!(%aq~O)ZOI3LZ8uU#%>=7u3nKy&mp+9&g;&A0799CG)ynUV=SsD>#9$ zmg_WmQh3-91uYl@o8T{+bCO@cI{{3M|G}rgBCPGDk5${ODS-p~d@MMwl7nR;xT^6(ePJ4EX*7s{r zg-oP-e#>^FDyK!VeN&*miFqo0O4qFO6qdkkx+}l<(+(Ct%E#W_H>(n3iRT8ie@!|F{4nzEL-gQrW4J z@kQNRgq6LEOBj;3_TRFcS6~$i^tr^7z6dwJ2D3Hl9yc)DVY&0dY;|jk@!M#&bX4jc z%Qny+-CYD*ej>}s{292#cJXR)kWloNuZ)Q)=qNqj)IJb-!iPqr=yoI|I71yM>~Q z(rpsaaOxIwJ!4;OqmJ~d`?nEB!to?w)JZCuc($GbTYfsW$1s=IV|@rAr;O**gAt$L(S__5hp+LQH?%)_@lw69O-j#zzmVV7S=9);v(5+1h};9S08DM9TL8J~fxI z;vX+Xa5frq0Cb~k!7Z!*j6U;hPkQ|z(nJ59zWajxW9yRb+NN|*sTZ;7`qYb-RU?SBTpPPx~7-fbKms9$`%aZ||tv?5k#e=zGnqh1l@&gNDg z<5Bvfe2-N^CYjHynVODHDlCPEf~(A!UAwS^^-bToQ(Vtx?AgW&50`Yqoa25RiceAB zwctXgN}$U67`u*mV57nMa-}i~^rQk$Uj_4U&-qTKs}OatuJxb?3FymF#nP(8{r(&* z0gfJqC#xN$dTj_RK}rE=FIT2D1gOmta@KD{lUV-RiSCRQ9%$KKf7sTnbN#$%eqT?t zSSK3LL`wedgA#{N}FJC-5%pz)Tn8LdgebuS=kX$w$Ot zt{NP}y1O0DwirTgg{eizVpG_!Ua#rsb&-K>OP6qL5|Ugg=UAZgA%SI)Vz2R0X10l| z*O}q?Uds7j5)Q4B0MZQsk6s~;Gi7)()J^6#G?BqV$CAv-(UgXkZ;q@XP&U@~U2yMe zuCSEzOwX8c*3sV`g{SWyN_T^$OSdTkL-2<`6HFF<__OHQRd4x9NpUmefbq(>Q6=ts ze)JjcQ(U@w?8f)_x?b5PA|{W8>mH&TmnFfSaj$&C-d`;OYFEqgDV^edmVO%z8)p4` zqO;I1i`3^9!`CyXmp>MxpvoVpxA$*1yvujE<~3O}jf?F~X2hrl zJ(un=r^^r6g)T|&g*iN+Dv#^}0~LPM{meyXJa;iX8cm@tMV6rwrz`pLk*3`athgR@ zm|uJ7?mYR)`H%SDOB#p8G!5#+tVD11&7tzMFwJHuE9Pny=%1_DzS7DiAr5a9g`_+? zc7a_BIndVU&^-f|(qdsmT%c%&0>tS!q*!Ov?fNSHEPH&YrsWa_tC@#x4#rDwY8rv9 z{UC$WnJD;Ev5em=R;oJqwa(woRZEn#_qa8|x&{AB_2H1{>^7%Br!Uf@sk?x1YGdI< zI7>g}cGPBFNj!-m<=j%W&0A(c#V_kX!(ib0kq_`vJXgNeTuUxfE(+ zpPhv~YHb8XZ6rf37HTI-J=WBB*lbOId%AhNw4bfA(qRTGq8UJLTx5U$%nE(plgYkk z^1Q$P2hwY~9ANo7a{t{HG~I&(1LetWCyb(UFjZqQ@MlKiiH%LOia{uF6;BH*k`Nd$ z4n0A?h6sl9Mv128jg9&{HKg#M z7(#TgG6)IMi{4C_n%Bt!x+pBx_2r(qsr^Yz!^p4G21%(KM5S2C#y=JZgb+?ES03Fe zzwxY=Fy+zE-mHJh-M`tTShIo2wvBTaq{294;0=`FNQW~V849B(6wjGD!ox?zczheX zTNT-$!x)dYGsY#jHJ)Ji>UfvX)+#%M#mEFRSFX|@$EC0&7tu<#N)Q`7B4(CO{8W}+ zN}j@UWIaM}{^_2N@aW%zBoS=yaGT%p)aa5pE}FF%L{{Db93%PCXSWK4ga2%AdihyA z3`uA1A7sX;AmjOuXF=BvKU@^S-W4td;5^+Meev&}ZMII=#nnpmze}a^sDbm(y9Abn z8Pu<@tzd|6qxW_sY%lL!#wzT;jX`~K-2P2bUUBnNxo*#%v^7Zv?ix{^`ORcL6bD7^ zMRpn54mq;W7)EDG#7cxcHtKXbSr}A=gsaC2QV*Wz{3luqU-`9F=auYHY?^ z!Dsc|yW@&Wmb(J&)4ebY7Ml%(8kevobXnex6SH zhQGV|6Hdr0OT_mcPUA)IIb&lq8a_p#&o3|RKVE^1zF=|jxCGpjyA!uV`N5z^slC`d zfnIs)AR2~y+-YnylRPFKOVs@wOx5}vodRqbodND*>0PYAAk6STLij-l)w8<2brP|V!*^gTE3DutN7nkk1 zf4=HRK~L`UoSiawsQ=gn9&|<^Uip{>{a`{y+lt^l*t5k(Fmi~`EmCX@JH17qq8P(U zhr{?5KFoD_E|pr>?%xGth0l`7IS|shRzY`O_#if-F&X3(8}BoyLaxAmB0}mSc{n)2 zWxedpbJC8z+4=042)1X`;L5>rkqdU)^adqYe(Z~xmc(jW>7G&E7!fRY|426;5zCO5 zSt}JK6ZWrXd74X_7H_``$H@@WE2>yAH=H|P zW084o$8KoyPeh@~!FcB4fT|~swJIj}w*CdbickRE?YMu{gU2Idjl)?s)-A_x3&n)X znJ?n;e10zI?Q%;x)Zu;e86Jkmts7BSCqlNX-GbuL94UtNSA07Pb-wivGhb@97P)&A z3bk+N>P4US@BCl64#K3MVr#tn#7g)nQ{7#Kh=@p&50nk*Ts~{WyH6EdfN&*nDz6K& z87i`=JU8>nTy~YzY4RN&lr*sRNL>GB@}tM|HMMV@8tyQO5dTFUggi-3xT-BC@Th*^ z*P6{`AVGo{?u5KNRa%(JbhEajW`ZGLeM2A37(c)gfROH;VTG8Ivd0%e9lXeVIE|@z z+0#n39;)B;6k0_E6%6G4?6_Pku+_!582^>{HYuW{F-3}krj^Nf-G6w&ac6U6OVcikbquJ~8M_f0t3T-EvT|i{BBw`K0m@5>h zf0`Qxj#}TwGHcdGcIE|Zn;vV|)neF4QW~YTtzGpr1rZs0e#sOO9N%=7Xbz@vS@1C7 z2pA7U-LRNEvcN$fw%p06!-=8>%)Us>2^vUE6D+1&QK3Z#roE@D&?t`_T1;cK3pnSv z;@6@TNOU};@OrFNX;f3%wgKru+<<6?6CQqArnub+vzG7_JFa=5F77P%=>hih8RDM-KYm3J(5) zpnG_ITAlZU=(|FeNcd8~ zc%wJA)Otlot->_cu1E!tz_I{Ac(l@@J@j!A7V31l9m3>xM%V08rd4d$EM6jtSZo8I zB7dOc=xTv+fBuJ#h<(^U_%l4zYS3Ahq(5@ZSsCdYx5vKh4)eFdeuC+ReVDw(ZKE3J z!+f4!6!FRTYZ3W6jh`+buN&&;4buBP{{@yw*NJYm1llHig4w|oTw0AH+`U}>VKuDs%OVE!$g5ODd*?Ln z;~QBHH>>>9tE|3LbHB>3YrJ}T8@uIfcXsL=$V~CN<7G?!#cZ_p^vr@?un0U*??E5> zwB8z2FK$IX{#$Fy8;3Dl?A=S}4uqGN+ta+Vkk@Yw3f=4>#Jdk?*EG=%10=Pb+N45{ z-smc_(}=WuoEeUe!x>gQ7gXkh(E*d%l-&C;UX(m!JH8+?L!$nA%L!Xy7y-0|WP5+1 zP6Y**fet_eai<%7eITAnzo`TXM9C8U4sxYc`t;}uDVG|@hg!7VQTcsu1BXdMfk0la z6jR=J(O)d00!chS-E#h;ow40wUyS=J5GYsH^)r_3&bje{r`g-?^G#_8A?e1CAvkV1~MSrnO}C)vMom#k2Gmz8fWW-GSFaqO?CA^ejh875C9L2KU|H%E3x{&cle zTFh+@fzlr$(ZZ^K;El5V;=RrXGFJQ_L0MZ@)Y(S^XeBtCU+fj~+9b zeqXIZxrbZ0&pJ8_N=;66;Rr4PWs)Mh=Q`o2H}ma6mi)plI7rgZT&`K#Wy=C^Sjrah z&|PL?2!QEQ)}Xfp1|DbYieQb~6SbBmCfZ}6hzQli6Nk9zXrdH+Qm zUF+QXVrOit3Fi>tJMkFA(D_)Rb`1gJg-v>evZ$?oFL7k3UE{4hi(%~)&kq;la{;vq z-GGE23bFqrciFz7Z<}jBn+XJsPfQSSa0b16@76d+SB7{Mm79_DF7`mP*#GhHmSFpQZ|X=6 zumDJd=z?T~%(5@QxO!jFHlL7z=n3URaAjlFt2q*ldLMB7d$)Af^=6=B>`oXN)& z+pde2RyXO*>QkYtz7o5!o>1Rn&y=!MFN#ww#+m;u=+6s1V$iX8g>)R)O;Wqb5Q2Kt zp_uhk!aA565q&kc zRxqw@YMp_Lw|5n_*}c=U&eY^U|1Y}XmOUY%7nc|ov$eu`_0xmN1K6b|zj2(ieOS*! z4AI)ChT`SN-iWCBXL^w==J-Lh3_aaSMeJ_2W*xYsgnZd@c}>OMnLv(J?_!*XPOH^I z>nGXdzJ?y|P3W1OD+^M)rW-!Y|9xAKgpHy>uc>P1d z=WwB}?-|A&s0`2J)w$+bY(KsnX1_CBUa5B9$h(2-*T!}JCdn4yYG0GDjC%3jF@c@U7!UE~_~iHC_!rh|Xe7%4X94^0Ynzh=b1x6Wa|8Te zYS+3?j7t+X%Hi1SBS1$I6ya00|Hjx)6;o4JONi5`7y2q;n9>DzqD6u8fcT!zA8AKU z*$!w#`PZ>HD%81gKH`)+_g8joDA1tX%E~MNZU^Oh`wlLc=7#Z-l8yDnva1JF?|TMIdW zC%+PhfhUGf`J`?-DS4WD& z;z4DF24CP6p0Q&TD2+kZ-g|6m7;uefs5T*p)GAyac`We6X^9L6`2eqK7x?cEcyzc8 zO0R#YgAe{?KkcN&v9GuJ@+wCbH0)1VRIoYxf?&p@LHXznTkl*qGqaIF1SVUpcSGkKPJ34r1N-j@FVVBE{00Ih9Dw`ce% z27QT7PHv$253Ki{?}|JmOu&_1sjv9w>IhQn*Gx@{rJ#y+-xG+c4pJ~;EU#AJjra%zpyl4K_#v0Fgk!S?g>v+Boxm8_2& zkHKREG60~(B&6xAmUr??MD>^Iw=o0Q6tBVTp^Vo~4tZT|yYbVo{}(fU_;6KVb~?7* z@QuW$JQ3yt&QFHltgWpj;fa?XeNB!G3cY=0`q|F{xL4uq>-C6c1KZ`Brv!|b8a)(h z?Y~v60(mJ>KnI}#=yx1|Q|=4>v~}E1KJP5lRq+5v>XBER*;Atb6yk$D?+!RKmVg3s z1YqTJawt>o@&avxsQ-unxQq;7r3!MK0|<8{0PwqkbH{tY2(ekjoxAryQ;+t9T!6) zBuUw`fgwf{q0bZ0r^SkAm(+P}|H`d%HHQ}@NJf~m##hbK?JjneZvcw)4&3t;Fvfbo z`HTvj{v(f%t4{WK; znurT9;@JSq5?`2!CND3*26iJiAsO2Pq!hg`18{a7ST|rT9?g{HC>3ch zI43g|^WPr}Bcq|=^dT+OyOg2fF$sW@F3M*uk{!eVx{LbrQOTFL4%f$eJHQhQ9~Xh1 z-?%rX=U%hQQmX~~dt`|5KcF6vjS0Fs65uaAGiAoogrFWOUI~Qto@naO_`NY%{#Zca z=mvS0bwHP4P7ERDo-CJra*ZU*YWb?nYj5=i@-?c$JoH8WfH^AxcrY7aCb5$=fn;=2EqFyf z(5e*1fNEvYV=P!va7tpc6X2(oPNX#Iiwkw+-)XA5JCG|i9wMo+Uh!3ftp43fXDX)58$n zSK!dYA>h~2(Zp^x*)5F8O9>t)kNH|t*x#9vY6=bu? zt>mJ|mDbyP3^KBi;43Da6RP^tUfNeUIEEntv^?JcJ&|g?@59zm8fPax0zCp#grGCF zK}+34z8dRWx;>EZivyzKy`U+&Au15eblrL9di6^4Z)nPkUO?F-6XZz{2%7FsC0no< zl=EVc_gdiubR=Tl>uEm$orlgJ2p^t#PMtrfEyn-KXM5b10iOssrDm)m7>KU#DnV_4 zp7}(e3jFkMes9z>R9!h804^sJKuE{C?wn(X-GLJL*L;D(x<}1gdvR4C9Zj*V>#i5U zf7}d*@G-yPE#QS=KZ25|31?zwf^anS*9yv$}| z__j0~ST?-txDrd=ktd)=lBwO`+F9LY2lq+u*dXLIlca4DmRL7*$~o*9&mDxMPC^78 zh^0wjAi~kh2wzcTM&#npD+GLY@WkcCyLVukprykyZ3}%QUmndA$A&ZhB4`$3FZ2cm zQn+FV8CLX4bzVg_h++Lw-fY*(i+4~Cq;wUr54(p<9FLa;#}IenzR)wi_RvihKsZ=| zf04QKXK$M4BAVH?b_rHz7uMbz%O1{@UMt_#2SX(sBfZU)R;@Hskx_^VpVa}@DxbI! z+hmBqkQn0VP71O1j@yGs^BH5Dbe|9q)3|f0_Bn=QXp=eZgzrsdWdI%MO%R;?fd{13J*s>Q zBQi?VwlVF$!8wP89ViC+!n{}=(*c;ImJDSfI(NKynF6mF?FUQ?|60)hapUCInJ}x`c|lIBv!u~_$Rfo?ozRL+s5Fmmu=pbqc6}Gh5q9x zOhxQ8L?lk{^d-4;h$LDCTw5lAdEhk-7g896d;DvL^In5&r53SMi~mH%rFMyUd%Z7y z$hp&-WwYn>^0QMoM(P_LF>egr04Kzv2xUCR#Ij8Yt=VAy5w5p(jqL_f5W#RtO_d*p zS?tAO?Vw3~u~cEWba$e18rT?nDg5reAw95z!LfH=J*sdV%?5qitAX+Ck#z(De~#5) zDiiB{Z&s6HDlBw$`or;RCn*;lcj>Exrg-KZVa=hDlNZpqk)QJ081~22Sn41R$#Aw# zGK8vY_?=eGpjdz!I)$y@u6PcR2kvNMRgx62NDvGOE2Xz-Behl^ljt7Xk>2s|e{bOB z(ZfVXXO~^~p$Kv3A;MdOgjG}_7Qqzz2+H8$-^qK!0U?fBvHj+YI42}f%}6E?S

    z98ukZ65pmdPSP#u41UIl)r2MU&|Nn6T0AM@_ zgD7+}S)^lCFTd^ASV%&=IiSU_W|w;Cgb3YdbUPd1OgY0*W`R{nFZM!2Dr+n2y7o3* z{&u|Fg5b>SgRzGd9=3sQpb2?TBE`K8AwQhN*ERQv^p%nF6c+I)@Rb=S*m>Qf1mcV# zv?LOZmW}QF25dnrO-3`3znxV4g+0j?D1{}yw2qMZCC99bNP%fE4??_k z|JITsL?kjzbSv25<=wY7TO%!m-o^+9#H!8F5Y=f^xwc1SGXH&bf8vw!WI0}47$#k! z@?brQ_r!P1Vo}Xs&w$=X(!)n{TVubEL5Rl;!&HPrGyeol2ua>wnqrN9uR=X;jiA1P z$bA;WUNLp9>kKEgy41pI{p^g_?92JnngPwMlf|$b3l1x_weBxw5mFCi8&eyhQ&<6V zNwfjBiM|+Lei0dTm{8;N!Lm3#z`!0PZBoDyr%y;A!TcTeaw}0t#%Ab#B<9%uL)dJ* zB-ze;c#A*t;GC83sh(lh5Az^MAv8T4`S3Y4>gA_6hfwGV#)!(SJ}H4mw&f*N&Dr)x zB8)P=5}R}8 z{o0Mpn^?dvXAf^>zwPZ_61(OMr| zgHgK;3Vf-X?KufeMzQ%vp-&y=f|IV57zomqo|X96C`ObsgN^= zF;-$GJ;^4KwW&4-Bt!(fd~{{^`WJ5am>(Q6)9tGC0W(bNv#Uob*e^YAtux_lJ`ybj z1O_${;o#VB6+Ls!^l*+PhJ*Ix#7}}pf~et(q?O)*Xdxk@N<{JkZRyvW`d7{p^DeLU z9ZuL%*_xeAG|_EjEk?b5nl&+bBEJ*_$B5e~bmgR0tiVBAi>8 z&?_3#CVhZm@y3lJZ7=^cnYKL+zr8FE%OP%$m5_>ebsotv@&UTnorh_mZ`;Ja1rgUo zF^j28VBCx-b5$*pFQAZAnUpo0a#c6B*AOBpph7q{- z)!F&F46tzLetSe~|3zt+@i9b(mPC`U9FmuZ3{_@~y8I44@un+?RlI!hpJ!QRh* z$H-F<&v`z-4{D)kHrXf=E!|T#kw9qx)E-4G`Ucs((w`@S%OF{0H>eEP=*p@q)3rt@ z>cfQBjQVel6IsNtULD*bu?$g?sAM$?KKkEFbB?4@Rm=MtNrv)WV?|@cslHNB_7Kn+YN+f`bJ0>n4QlYP@s!E z+%`vZAoPzB@i;T(i$_yct!XDsrlWiUNQz9%tBwcQ`j7sQ60dHO#n)Gf6#?5Hyg9>| zL|#!>AEN%WBzDzmeGiCv>DYokZCyhW7Z}kS%OzzBt0z3RvbW`>7FU9H11e>1ViTqC zYvr%v-7iz@@y>jRY(k>wt~!X46EBl!`z8+}7K;3VI$DWVs2%+J)Nm?s^pM5I*YP5Rrm~Odh}L}54lQSc@g8esys3T?=}WdpyIintrf%s z1hb&Pe0lIKzPgf6JK!NwpOjC=J(J!-|HE-);0v{yXf|{RDX5=n->1p$eaJ%DU`<r4^V-Vk)5h0K8TVK64>`89%(Zr7@k^A4iI#i5h z;Y`QbZM5?X(Q{8Zby+(1A&rVBFbpj*QWBr zCld*0^HzavCn-Pb@$vAgnQua6MAtXKWd6h=xbH%?A|Q2X?0n;HcBKUKOuYn5z})8B zBhT2xl|yh)M2kQo^z=LY@Hh5-t%TXKTq$R-f_vLze>7x_7?=W6 z$z89uE+h*=HnUjw3Xe3lTzQd2=iFKx+K9RHoUv(4!=n|&(+NyBqdjh`L@ag`J(DbL z5 zx8A=zi>BiEWl~vF(?}N&sEvYoR>$Fwrphd+yKC_m3`e6bSgbm}0yX}%IZ3~~EVTFN zNloh6?#EdtFVL+>DTxVqsX<;c?oZBOUrd&cL}(5Q{_&l&Irkq$Lj&26B@zJ9W!SD( ztXO~i5*QeWiHw4B`}RbA0!*G9*b?}ZMDo(X=r9{zQEIBQwp7$XhLw;vQ^LdruH6uk zZM=khP0SzX<8iScew8`qpXun27F{<^UK9^q7cQynQv4&BSrZZxl0q^37ZE$SF!Qkl zA2%Za)LUFur{+WdxTQ2;8ZJ?=Cf32J8H}mOUQIXQQhF6n@*k5-T)pGFdzn&;V}JOC zrh|$?wc0fJJgGzo!yT%5*oVW6*rb(hkTWEi3iZgc31t~ATq!Gc**an|EEJ9lx1eVH z!bsor;G#}q#Uz$mB&P(%CXo*9<_n*8ldz`_SL=SzxBE>^#f1<~oha1!N9MPB&XTj^ zMU)Wboi`L49i~}XM$KcLZe@pcIvZO?ep%grYBC3oo!+Tb-faw@lzj~kd)+89tsd=Z zmt_~7$Ko-Au$IN;a5$>vU3wmTWHfnNWYo4#VtYJIJUnwbn1mqqhO07>IdpGUuJK_f z-9D|H&bKN@b3`7kD!#@=667*RrRIqE@FI+PX!Uu7og;M|sRTey|<>%p<9~v6MG*Arw z5P^fz{sw@fNVzp1BkV)Wy0EeBz3~)qqg~^rR1Q(J@i7i4J1p(5x+4Ny0Kt>$p(yq{ z9Sv2t=@=~WD8F$(-dXW!=DwSIrG*a$nSS8h^~dVbU21XEkE}fxaw=0cpRS;H9+~x< zMC7l?DGe1+?yh_t^Dn%Bn8&9ZkD#HOpE6p{AhHO|D0wA8<+S;^4p)ZX80(tlOBj|R zr_>Kk45X&@*qI{kw-+U&rIzs6l@nJ7vPL~yOWbW;h4*$^5^RK26wpc5q(_((i{M)V zymSa7KA>;V@DfUfhADc4V)f~Ji<1}#&bQRhr=z+k}#z!!$@yF=Ip))VO zTFhY_iu*v;Lb1f@ZF|{jWU4=$vp2r1mYWv}vIDKdKl$SNoKug>Roy(k zSS`}SSV@JGiT+FfIa;Bn>~b1ZpPdF?VH&N(FYL{iGjY5MIdgLeha?YEN#$UcWPZuX zMVKA-Y2>1Eit;v={B<`&_1|6;j6O6B434d)XRwOMwECG9N$Irg$5szP+VZiM=>})nhY@J-8~YZ9Ha`OZlZ(pqiPeREfR~N8 zpz4;-d}zlho6mLU003B4W30&9#CAkK1aublXy3UHK#PghnAAq*rCE%ZNnZoNgqgSS zS6pmzC=%{IcE>0UTQyw7v6)W~6TLuft|ml0kV)m4IftRozZkmVO0N4fmpQaqw`{2; zI=Oh%^kg~sZR2q92@QR*od3pyW8Qx>ea-c4(km6m{rWBb+R(tn%I#p7_@0&hZx!*Gc^S`5d!a-2rYwg?seQQlo5ucw-<*1WQqf{o%;l zgqG{8$=*Ut1g;87r9y!RAB1`q<6hl*@i+{VJEgvn$S__GwO##NNkKvC?4K@E7f**> z3B-7K*GoYGixZy@qELRM^~SL*nzjHcgn-Yz+I*>T;l2&8Q*K@JO^5}W%Rg&J zj6mj7zMU-Q-EdNV%UJ}pk4({iyeBLp{1|*$i~=Zu!KVbpYXpVH_szH>v% zhL}T`0)jurS381@fPP+QamV|v_Z!}#XnmUlNlA3p`}{&y7$uor5MpgaC#Y@b&$_Dw zR5o}dZ%hRfIKpy50s>PqMFE zdZX-HSJSMOPN9ZC!VCA(fphvOz)W0#y63>Gu#VH&3%0qUw(A_N&d&|=vN{l+f5oY) zQ|EzgA_-2N5Tz3jy#lNcJ2Ije?w`2@64){ST05Jpb%rj4`BfNrFnZo>;FdM2KIO|U zV_M-E6MU`!)vRlG%}xMpn| z@k_cZi7|DftU3R1G@KO&*Kf`4F625Gxfk{?znyOqaaEgUx|duSM^6kyiw0gA)78!W z!N%Vvx?U^ahgy$2o9-9tM&U2V!W`pO5!)Y|KG<%5dU5pY^{6o-ai4*q?2DCe`^Y;1 zm7C&%)EwE-PV;NlA7{aF>}dSq<03QZEb5=;XEGj1MfF>9NswmK=tQumqwoNhlT_$T z@PCd0hh(#d*NvPhlLjv`nPUk1FelA(*7*yQE3+jt3Ns!vA9E(NbzdwkH6R~XKuDeG znd+IPo^JOTqpiK$cn-cpA@r#~ngITp{Rq(ML`kM;W;qZJ>GwA>to(;+NGg%6VWc20 zf$n)1->cOAvn$_5-Aq{3gr~#n8SMa0BdJ6NPh}Rk)y5`-WGk~2fV*-j}AT196OO-j53CJkm3Aj zw)4Acfu=_fF`eefq?j&GXx({7fnl8fX))vn7a!1jUVv0wzj(vlYC{0IBN*^eGLvKIbqzZ1v8{ z=dziPucy!Em}wTxf1#NwssvP`+7n#3N4iO?F&uearojC0Df`lMdvw)1M2gO_h{8ks zPMd&gA!&+w;3n?n(oqF2rGx1c(pxOV9j#sOm#(>`AJ|XELFG5>r&Y3+OJ0L6a$qF3~rMgchd%U z@4|aL03;ya$6cre3eUrUFJ{VV*rExel8>`u^TZ$F4*%knks1<>;g;d9_f@#{L_8ap zS67^}hs>u;NX)|rN$1F20$1B)rp98qNVe2}IFR{XD*W0!kA z%C_y`J}J`u`o(G-#_WG01jBniqzxekm{c4nLGNtFJz#nBPb!g3oW*$1Txe8NcsbwZ z^qdEz(6TW>vWa~dLZ;Sn0d0m1&<(|H+%(T^SPJvVZu`JGLG_vH+|u~QoP^f$Ve=sY z&3Fhk@CFdPPIeLQ^fh%8Qtx9Wy5X5xhkwW(2HHq}$caLZX`F7=th-!`Q7!{=9K7S7 zWz#y(1gjJ3Twv|@r!r9A+FrueSG&&dKXln4SgTJhpMZtbOmC*t=qv9iBg$TY17beb z<7RCt>KnRk%`-^a|5MeM2SVAsVUJ<#Av;;i5-LjxV;iXuMu^DXC?rePv9Bdr%f5{f zA-nAR+91V5+1F&>WnaHD{oeQc-tX@@&ok$_pXZ!&FV}V56{m&i6tXj1TFZw(%+G!l zmBt_(67sHzlu6^epmOA@@y-kzS&h~?{4 z1^2F%nveQL_et;;y)<4y!U?`(sZq++Y*sTjJ{sPQk9^Kx5k+(4yEU+CdpLG{kYl+M zKi=a@FRbzl@~OrLUexd#y`d2E%xn97ujV^gpD{~Mx~^~~m*8yJTtd~zfF!TWSWx7N z(a)P~L(sZju_Hg$oH+6p--+Je{L7a(>pCXCZte#JBIVvBk?YBDL?)e{p6V_Q6xJ!8 zPwp20k-biHqe{q4qSWvDGo|C1&a+>bW=f}pmsg zdx+rIm8zDFS#}L+q}cG+JA1e^^C%i1jXocN4hL}rB+h3b3JuQ9Ws=I5qQP_*wj;S^fiU>|!#<>Jpr zI4Osf$fVo)aT5|n9aJPFMl+Q-6q(jTJW=@gB6*f4G!5Vs40=FWf6z1gTD?&LF_pc+ z87R+Kyu}Pi+O}{SfV$khNG|zjE_2SU!bxTiv0+`JfUB7pg!HcaCEvqB<%x7mO8jb- zT0E<+Zq0JxWOX+4yWI!1Z=dF_E+4Z&f?B83(0rZIl~0toJ?6SPG&s>(1zV>Z`ddz` zTc4hG+uKMz3*96&Od3DbIJ$i*=V2NjZp{y*>Lk!bZ5((TrcY(A&%NiLv&+F#EtKaZ zPNl!!?Hp8;Vc-saKEj`dyXx9VdOLZ$A!at>ejU3OQ@r}aVm5~u@WR*S7d5517E9RL zUUom!R4n|1R?QjrZuTx?=@R}?WxZjmQ}&p_gxboHi15zE^lo)TDBPGWsNyAsNe zB@Z=Mc!s&Fdp~Ayx^zx34-d`A)qKwd$s+cP9$oyvzw;0TOx(%@7qz+!%Ju}PrO8b6 zjZZ}~L>+l@l^{BiYApcdtWFj$aPN))HKFIYu8fW}#ZT5# zV)wy1Gi8-y4|XnX3YKT^r|}9Fdrt8r(+|QljcA6FULlp!>ZZ^d1;7Ie=QpDG7TX}f z*J4WaH^rEj$V%|7X_1h(b$gpgqGt#yuS|dS31x>RvpToJ;gr_Xi}m->UK_r2$k`&F z-DAjAL|@FqcDZ5rIAjTc=Bc#OIxya0NjFbQ#UQL49|r&S46>hW?Kcu<+h^xRDkco?^=wZ z;L4w0evMQEhbl(PM}hM{`fG9d3q|t&RPu?sh&LOuyS^Z~KUh2|Hi zpY+IJo#~K$=h$sB&V1T|fTVg~F=qj_^lO^IYi}?6<4eNX`jR4c7;pagGa{U7=e+Ee zNHOlzpeU>@ofUIa`gOml)q}m7qg3Cqde_nIet3R|uKb|GSgec9rO2PP@pKI{R@YuP zHKk`EAimL%P{K3SM{C zZbk$V&ttR5C;mn|(^rYGXl~-9X!!E=U8-T_w^yQQ%zxQOMLy|tO0!*H=hbJeL)Spq z%gZQv?~68UzY}*HUwkd~b^K_I7XS7|#AALco=aSKh~ua9SDP~?khu*@k7tux`qKw5 zG&fh^TqBuH;cVtGg^eB}A$<$`EAoYV8?_Mp+5nMln4{zXjSo@m*tdQF!C0=R5oOzW z_A|ttOq#b1(_jFkDMgZARd9!i$!Niy8Y;Lx_C9h)^AX7pzJS~ufFs;(Pl(IILrTx% z7Hv#M2b&t?%d<3Z@f5c1#r!5`ubn$wjXD9m?jhS8_rq$Crkwyqw~(2S&CSj04Rr}4 zvY_C=^qOkHKz?RX(aRnU=Zd+7W~Cs#9E=!_5Zy%>SpA|~YqK?PZZwqpR7tM#*o+)I zlZ@v1bhP0Fu?YX{%RR08LuG;egpaQWekr6^?9-yz^K+dG3wN6!BD>%k@m5 z9jy4w#fa^_Nk0cj2jO@Lpnj9Ho7unDS)`;W7g+vn;-c2)et1c7T<2VuFQ?so?w2w< z5Abw&CwB#g^qPM0ydCDWot2S?`F^E_g9SD&7T?;pWtZ~8UKNcu=m4bM;RVF{o*}^8 z)w?fo&~$7AqIq#pU|_t5gJ^|S9->u*jvE`Z(eQ(rUYV%1RJBbbm)+{z^f+((H;m9V z@xu%|bn)LL_Cy`L!YY&ieS5FYRY=N7(@_9!H4cgy?tRqHv|&0WV3-hkYn+<1n8qKr9r#qRkUm!A!uMHvFAn zshPZ|)hB`qfNb^+K0eD=>FJXd;B{gqzF%5>DLf@lxlg$ejY%%BE(&pebnnr}Fg4nf zHd@8Ra0|u>ZV=QGuuhi6P`A#FyTAO0n03y@RD`dXtVx6!?l@)lY|eC~Ssk`lHni9F zDipOpyDmP;d&Fkd?PyAG(>7j6tYhT-D$2D|%X?Q;XlFK+rw8>${h3YqeZ1Nnc4p{> z@h$h%*S)UAt{xwuL{FUVnI{>)SV{{-rv45~Na3VWaaL4p`U)f<&PTOGCX7_j>oxB& zZ7|_WkqKnz6{`h<>j+`U4NJECpob-j&%w zgnI=3hP92%gWEN10ABSiD3w5}`6K5(5xQD4KDn4cWMA*?6)(_R=+!omD{82G_A`$I zh%3o59VKrg^>{o)=q})gYn*dDmLeVoG0e+c?|=sdw{gpGzm)LUvW)p0#xOqK(5tq} z8b2T-%<;U_mPYS)Y8<#rlCuf{y+lARI_ifB;#<60Ei$rV1T^eG>MENyl~&m#HKZ*d zD)r7|MWc{Ep3*sUE5l`T2t24crMR>ftvZ_vzWk%R^fTWo+@j}_h4;A&HyL~Cr>VK> zNqBjAN$nSC7qM)#R^$z*hs$$3NX#3QWgXQA=RxkC8*||mT1@64vyJv}>)imbqkU2@KLdWWS$!j#XPXHt)3kVoI zC1iZdwK%`ZY`l(79c+~md&}hCdq~^$FBSmE3I=3f>lvMHzE8tf!J;Evw-gz25O?9KLsWh<&dd@r>yh$eNDfrH~Y zP8lahQ(Q3z)J-OCv9AC}m3)3RS4HsDFCD;RnzA3Epa2vc(+m}K+{wtuD7z>yP6ZH5r`18Ok5!=(G8mrFEElZ9>s=J6Fc# z2R!HHHm)95GUKlqz6OLP*on_aox`{BVgLxDndEY-YCGLLR-+r+whXm4XLM#23VHJ@ zU^-L*ClwO)I2V8%+vZMy#w+`!!3v+AgADU<6ge>z!fN%MuJzSsXa<#|MQWcGwK|TN zQAaT(%}Gbz@wHXx@+$1y_zoGlg?D&95V)G7(+)SH8Tj3--=o4N`7HK3=j9>L+Sa(y z+mL`=o1?%^iQON$tv)gj(S*1F&gWD#(gsT@^C7gQR8r^QKW)M0MlFK97~ zeXcFJ;bijM!ouQd;e!H$@69}TpeZIcT#5>jk?jy}_BV0Ik#W>s;GQ@?_eO!(^k@D< zsbthj-39I${^#fL0A~B9+-`KBhGxYgJh(_(bg*pqJ-Z;H^|=3<`PtX&y{rz=`S#lk z_)puj)B;*3B&3Gdca{gGb|4+~q!{Te#%g8fshCZ%y#loX_T}Vt4%9E62Xhez^HUGs z1R{^m#P8!n{WL3ZB>KRg41ghZg{Mjm4k6J>JDA+@p%$;_givoN5xJlvLSR8GL9u5-tg-%`fDE(_O#{Lm ztSAm*MS%RANOAz$v)^@H%>9A4^Lyq?i) z8M5MNrgSCpZstdHX2ha>@mylJFU*}YXtl0%DPMjg)y~dx_W-~)&ow(i=0X_+3E(qB4#=13;?ma3i$nTG4|ysGbzj=MYJJZ=AgpAJ}S`6X5U$ zQzUs4(~iGsXlZH5DJhd<5SrE%K*vOvM*ypwNUb#_K5&r!SPHq>Ztg!!o5*)eMm)ab zBRd2lL^6^fcKo!^4K4-|%de+doLa#Rbd`5hqZ+0fn!}W0?PM++xb5>WL;;+D8~4NFiTG!4irJ}vMvK4Kd+vrG=3 zvY!PGab5CuBOjr<-jx-l*EXP#3KB3MK&Pv&2m`(MQXip04+0YXY3MiGS@9*UMG&@K zL336Hogl%NV*Hd|j_8XK9ql_OE{lCh_b=C9(l?Ro68!y*bHThBN&{fGkz%^cs+;X8 zf=A7)rcApj8;r65*2bkohDzAr+LfAe@-xcEbMA%NT1 zZ5;KGS`4%vrm@2u66X?mHnYJ{F%6dnbUo$NgZ(WSXAF5(!sSK6ySDUST+Milu97DI z0lhwPiSG-0nB+Aqg98Kuuh&}n(=0+#F5wVN1g!}seJ^?Ry5O|NH%{yqMW#`cZ-WhY z+IM+jeCTs;vD-scxiXy zia|*;-ry3dIMKdw>R7w(bBWy4|yfw zI%VMqJ4b!5wT)c6%!=ev8#@<+*F76*=iTQJF+O;Smy16|xWz;VD@jrACBO&B=4xHs zAhC${+FCI8M?G*(&nIi)T%aTEFlBF@_vgG}(cfUp%H{a0NYVeiE8YPM&5Yj=k-LSi zCpUR4_m#-v0ot3DZ1BAuI5NM@uW+|8w90S8crFGg0aX!=ku^{mlkRwF6>-9owTx5l zz+eG!GZ8O|2<;UcQ9Jf0`ew>QFAn5(+E+?1YT$(z?xc*RT(?3p{Msk5Bk+odR$>1b zp9w={3@*eC0h{(fzuQc_{+O8V}<-51m>yhZ>z~c{4_8F1F_BY0^Be@+;N`K=V(kNy%9_ z{-qm*r1x|g@Ht8QQQ$3@mQ~kh-)Wr0;5~1n`aJBZNm!v%qicF#q{G*QwrN&YF0Rwp zYaN>r2S9}?2PzKZ#IU0bPzKs7N%>-)W*)OlC{-P?>gvc1argDIvw&}#1KBRrdb=M> z$Y4R7s3FRrOU7ix!y~sHK6dS}x>_axtd~uh3X!!1Lp@V1sp|QgI9o&pU^QfOQks(9 zbVX&=RXP->_((M~gwjGFa)$cvNV+#ZPtD5v2lyyjTU02UJYNzl|7t3R0B3M65&32- z9oJ`8AXJ1x1e}N?qV@dw5y2kNTV3T(BO*4$55IbO-<>u^5aD^d6C|&VKuZ>6VNvI2 zT1H_H9+}E2w4uq|)UH|ZGnA|kS{VOO-oNOY>5Q}>0^2owExWjOUN1KSwZV^GwO+milHa*);tZtz>kBh|_E+jASo%*P@6e8Te1)kT5<$x)GAILeT*0s?xO1|I-8&g` zNaw~WrPNz}V6Kw0VO?6Iw#MB_DWF>7JH8^pS#avf&h5irO8ipnYMs?9$pw3Fw{ymW z0d)t?Qa!nINxkxmb9oLfhiqxP{wxFUm*p~L@H2#RIdHNSNuL`2;0*JS(&=5O& z7p-k=wq&HFcgG?)L@R9hfl>xRp6y9bUF0LC*92sh8a4b*y6u%F4r#^=7C@GYf4YN7 zpr-u|C~e>JkO6x@UvDxiBsh5Ebx9*wEsZtbxehA9b&c|VBVKwu;!GeodyL=g)*BcO zDvwvm@iJ=3?0@n@7JzaN>^7z=LCoy1rC)4nQVHN+qYcGYBbW4=tH4#8s|WoP`G4tx zNcun;FBelU)axOl9J4`LvSe+SDCA>bChxkdFwXTvMF6470+Hwke}Dg=|3#wF#~|2M z^L5Up7|{n>a_Kfjn*$%DSV zyIw#T4hX8dyjvez>U?Y559)A*08j~1AB7TWimv>JDW7Wh`jii~R{ zikq6w%*Uf*%Ku;sbEv`9IykxI%X$I(_y1lUl0BR`V~72-oId|#wzBQrmq{)A3Cfry zt-1IdsuOp5M`PxRK`*2#rhsksd&pYY3rRn-242NeU;Q<;ghyZGxx~-p;y9&!wIeYN z7Z04rM52CIOMN+XKX$vz)ftQ2s$1-?Y{=p3IAKdoH>vehRyfdVpO|IF=+ z$cyXb2Nhh0zmvKACZpZKCCe|)FPxejx%rcyX_P|%fB%0Kp*lz7USqwatkuFXO?1`=+km}H~Xek^O|9N{yX^wAgZEbaAFj$;=@LV|s zNX?W8;Q_Br`Q&KNuYGdT%vJlZ^kXIz#8CjHlG_FvF7y;joa7Lc9OYb-K>}9Cu7TfW zbzoKOV_&ZY^-&!0Gqt4$XD37yw6qEFF;eWbq_0jCrR=FN=@cTq@A_Fz-%hbms;9rw z`ht>K56;vcERbwc9juv59&~8j&)ST&)JPxkN5(yt;ol2ld(!NsmgFqa#vH3JNtsM1E+?c_ex$k--z^wiYRAgP^YL_5kSl4RzwxH4hJ)GnW~%iQ zpPg(MD&eP7vxnbCv$Y&Zm||Kz%3j0Zi~U*eZaPfXxU2q==quJ%OIjMb^n}VXM)&INFWKJ%vbpl9O+Ss-7j0Tz^QbIttJj=VSTQk?c%ph~`PBWvNbfNY?YBWP zy(+Z3K|EKRl3vS-#af}n199|pKr7eQ@MTJFWK+c3^icGb67 zV(HkW-Oz1YW8r%a-O;peo%j#3zsJ|~eouJyv75ITm05YBW?)NydfX*W`%NT@)t@M7 z@Vs|MXcMc=dKJZ{)1=3cGI5DdJGLnvrc^sV3F-zFZf zr7<6eAG`f>__+P_b-3L@Y`ubO%qFI!2}fzLQL9W~ry9c^Ii>x`{r(rCi09ENV^nzjDuw_B@{_*SZND0xljoXGD4 zsLc9xgf-Ld4N3MgQ{RJ``hZ%cZ}+-u(>lW43wpz}?jdTtC63#;zj+1M#&w=yUDC?# zOwgPRm&=sc2rd4^2H#*i`p{82O4L2RE&@wqJTx*6DWuFozyJ)Uw(;@jH$O!l72c5PGImf+pT3vj?#u9uG`0)k?cP&n~hQkBJ=_u1urUZ*oO9hBYOeY1&-w-Jy+peDJB0tRatWzhq=w zG3R4y&3@E_6^4t7z1COmY(04~VB(BtFB6;}`8JBn{4@Kyc5C3>Dru)_zBYbwaaf@y zz$LN9@R7b>D}++)#s2n_nT)Nyz3XE7<^3JMDB;XsIb?j)^r>^7$SI;R@ByL6OEP{3 zwcCkJddxmGlR^}j+>CGCod7p?ul5FLzEjuM=XNONWPPgsP9U!7!AjY^JjP!B8B%OU70RaJV3{9?f z+F-w1p#;=b>>0?PDF8k!PBr2Zj3w%UgX{92k6B zj)F-o^V?*1kyXOy%gd`;Fg&(?bUW8^oj5K%P+nT#8!Ils zevbgap!6>ZqLVnl%zN^>%g3{jut=}KK!Yx?9ni}x4sbS`E zqV}m-F`<;?tTRQXHVNB?47_Cz(ob1=x{@w*cH0d#wCA@@hWhO=?)4=&Zqu3B2+hLu z$j$&mKT#IcGu@w{vB1uiRBw3w%W8?EuF5k%MVqY^l)wdcY?<>&SZibQEzbC^#$ip3 zivf3;xZ`$38RO|q6km8g9t)s>lLhc6-w7Q zoPPEUcQ{*w0@6eEkGB7G9n-=qKo}bDAj7&iG~CZvHnRYUS-ms*=W2W-*e=pgAD zQ!u=l^PKGhAI#~A81J$U=(ibodhln3$x1*{M5AXZMSeN?LsDjaUb@a5)>(R4}qW_0hD5sLdl>Vz(@gC zHUD7!H0ZcaJ}>!%&k~le=u}9dIV!VrCx-1xudTY}(WPbvg|hY(w3?MC;0oxh+0 zOKgLyNjGO;!X|PrCKQjy!j%=JE*y81d*8z>)%0CjkV}=1v2@tP+$h@4)v(c3x_08+ z4~oN5A)3dCFwXY^#m8!%SB3Okz#dH2L4pzaRSG>b5_Zz_+X;y*^BIRtQ)? zyga@z?u)V!adFmPH#^?XS-eh`JaS~i|1j~#q0Nj;?F$i&%2iqZs{;1XPvf{__~rAH zyiy{MbZ(K#JM_%)1`v69qD>^uf&}V|23zeu+1>IHG83!2ejaM4JCx1{K)&!MAkls5 z8*x&{Js$$R>>s|qz80Gg%LcN5B{x4dgDhb}+%=QK&!F63gIU~X)L+(tc^e0~E)R@P zGCZ5^2^!zKPL?$tXo0&|kJ72V{pt?J zMq(BBgE(npN!a`6B&xjNmKAjuP~f>i)44=%@b!n*%__LE!gaB`7K-1t z@#$$30&;MK%IG{*clLP4hkIxDV@RftD0Z@z{D1cN{+ednosN1sw%f;#&82qG?gZtOg~WaRX_nTS#}&)1;~$$hw|VF>r==mKsN{31=OvO8lVr~!!P=+e-?Ca zEEs&6vS@Zzx+@OBRixIrXo9HWIt5hPIm8l%_PWyBwmNFzw7GQ7xhH(tG%c5z%Qfxb zD0w(U`Q(Mr_Dr$*;5X?4M`^8{@AlQNYX(ee91m*Q7-qhCYdwmg88x+D);B;0AIYF& zp%7}vRFfOqfthl*sFjDKBJR^G}!|n%maYr&9DWk4?DdWd9RVtDhDqk z_X)<`;~rlN8NN(=>i9o&B2R?b!Nmzh)_;6ENd zmL0B^obC}9*3Ay5_Wc-6!W`~2<{3asP?Kqk$uW5d>_wuB1@wCUlamwm@kSrn1R!kQ z9uY?|kf&b&z9WhZgn_}(IZ)`F0m!N|kZ$WK3bww)|05|E%aDX!ef2etptq4#gX(zk zR$UO(uCw0nO#+eV6B#FI4qXs3O};+m^!)JGUHGf9o(t_FgoeMxqlBI@Qo^;h_JG*P zZYOYjX#iMN5j1LXxx6I1P5F24{HsrNANDQ*WB|Hs6?EIJ8C~9E=AxscEkF_5;f~J- z(+n`ne{Kxq6$#k}j~?4kTycSs^NT=jfA7zqKQpiSuKqiOp#Psmkh;;?-aeX}Vscr- zRDt?qRwGC4rvL)To-`q< zbLXxy(9uOZlIb3deZkWZl(PP>*|3?m%^^&xi&)fZ$N9JZ;DcB6MhjOg|7Qp#Um~=t zCzGLe=5}D{2PUtm|5vlVUsoe**%Lig{Zrhs=xds+6p$qRzNn$9+Iem~ih=XPHv9jx zwrUq;drAN^2L}fiOJ?af2p9#cHSS@kIK3{4Ood??xVYBV=jU1CJ9TWF|NHOzso+@^ zq@IjS@9Q)tAO!jNvNZ4C#~<&r*9~O;_Z>Ms1n;P(w(BHwdaT7EIq440BlkgTmr{OdMd2hkWWnGgvT zH)2hb@27x;yJ_>>VVmFvuQ##0Q8!y>y6~8Yfq{|Xqj6VyJ}h?X<(Ovt%2P$3r*nHp z$Jqz1G%^^38eUDvhl01>A$e|QQ}`1D5tM|SjtAl2j6~pH(2_Hf%SkR=VGd&%UEPg4 z>kw+LiiP}dNQnvH$~?Fn|ERSSKr-KbcSvo{uo-fmvfb1On+-yRGzKmx3I=Miu}KID@67{z;*0eYqzMD~YH7 zXDB6%B<&WWJLKwyJKnH(us1)i)~rxpG^c+t%A$J#^Uq&8J_1i&eu`YLX->z+I5%=d z+)X*~KCPI)DwO{35N2p#k72krLk|5AEUmW4;TE~OW`DiB9%m2#|7Jx_xBqY|SBdOe zKn6v4$BdPpo{2})_42Oeg#X=Qp|<&ZAad}69(TY^lA9^tK3hs04C5wt`To5eUE3@w Yq-4INjgJ_x8*%bR%63NVkLt2#lz-f`Bk|mvlGGs2~bRNh2U7-7PWF4T5yT(4}3kac^mC~!B34?rRj>y;p2bDs-pC4M8Gy~M8J-`x8(7ZC4)wd{ZvA?c6No< z2?2k$M%7uEBFjtGsZ-0F^nJ~tBkwsWxAnm$uf17`q4iNtk;CSp1HbvCQ@MGhhbyN0=UV%RI}=tzY0{cYt-)$>TrXL> zmfGI8Nmree5@h>f17Bg;o+y=V^w=KnSBPYmjsxB`2K>SF$a81X_J;Z!S>j%;A@JY z1Q=E$1Kk=-ct^X$K%zt~UFJCzL=%>3RPe6@L`h}}4L5jf_i0YV{`0mU zJVJnDL;yw>G`Cu#aW_F^3k4l6M%eS6Auxy$0?G2J!JqB)7JjlRCCs7W(YZN@S7Y z_Y*Ew1G_z6w-myVrlsQyGTUS?fG1KSs%)bD4+q3cxuGFSCcE1I z8emZs8!$^ljb8O@c9nR({DZ$cNY7p7xvQ5XW;d=Ej24{+G5zypRCpe|FP{IjqpK_3 z>*jpjx_xy!`4uWp-DIIT;9x{Wa90N}{NwJh(m(Tvx=$Gz7N$ZgY@yhRC@RsQ3N^!? zu5l>zfn<3HxxfC$fbFRe0@VH5oQ4ed0>BF-=N^8k`6p5~Ux96UOP7YLwCXF6RB+z$m$3f*x!dgQy(?4YwZ*PK_)rw>RJ2cP3x{ z_3y68y9t@k!aiPJ|2j&aZQ7G$5Ve8v>(_i9$x-3-(qA5WJ0`veX7yfj8} z$eZqe@FAQ|M1DT#HlQblU8Ul1w$3H%SCQ^0+%i}7CbAvZ_lp<0i`h?gd1XZt`n2c8 zbQgBZ%|#)jj6b5JVT&h8(xU*}O2Q-=dU z4-?4$cuYs-aBbj;jQwkm7mjiSs2=WYS)KpVNbBN@U(oO7i@4MLs5{+#vv=-$vs2;XUV8@TN26-1 zfd9lz82LSC_Fe?%YkvDgL@NZxA!X)U|KgQK#3ZTpdaQsQNM2%OufED*Z;pP8Oj?+6 zYT=LLc|~EoU3WaLKhSu(Gj*@tbu|Xq-pT$IV80Wt&JR=e-2|_N<$*Lg;N8FS^*uAe z>qlN+=RH0#OY1o{pIc#J_M0zD=t=<>!RZY;U!~a`FHZSMtioc~a<&{cG(1tge32sV zma)fQ*7p#T^mK@VUHR-vCjKSty|m@^kzI>Xy=zW6*Zyq1X7lBqROPq+u|R2uY0>k8 zKEWK@(cFUxG~eF% zx!oSD_F*TiUL0>*0$zl3!=aYOhfPTRxlgcV7EP|*`7%o$e_VktY`^jF#j;0&p=Z*p z`{?t7evu*Cx@F6-RfivMuw#ILf9mkSei8=cnRw20{}BWO>Z^`%z!-9AB~n%Z+0maQ zLW~w7frmV!umd(`o*M{5;X|{u{*>bv$)cO#9`^H%x-u6V_poHtq>n#?=VWir+K}9K ztCw)v#e;dj{iJFWmLl!qWRxXLIA_Jsdnq_@qQ}74XO#+T8a?u?S67pt)C7~1XX=RuaD=}rN8Eu8rHz*w8#`Y^-hu@Eu(=@h zkE9-%qe|M+Z}#p(_75>?*5jdTQk^4;Q+fX|mZ!cx+gNURqOR7^Cs6_s!8N}C?^toI}g?ywIr z+-3IeJO_2)5)F=KCdiq%21OsO|8pqhLC7^>WO(hxV@-aiqigTJQx`I=_rz2}&G@lS zkV^E9ZQs%Z^_;iO#(uoPvNyfo?qJU#_?*u(+_d!GZ)jn3t?BN8UO5P2f;YiQ*4;PN z3MNzh4Jxso*}%f9ayB!?KIK6sa;h<>ZYP8% zdL!#*W<4P9;G8fOw+Z5m25Mn60UlJZxVeOvHtLVK(}n5YPNW~{cGvXgwM@KhX~~J* z_?}+W&(Z5-QgWNs2Wx{5AKk0l;ivUGP4bJ;Q_#5JJbrXON;iB=wSnoA+zbdAqo6I9 z^^=VHH_kx>Y`7@IOXnf8q#qxjeJ=B`K5$)KWyXUp6RhYh66$OKC(i(#q|tQh3S_VB zXpyyJ6_>X8cPrtVH9Vuq@#1KcUlQ^ez+4ZhF|<0J1(W$2jx$UA!(FsQ%G!O_4- zOnbMx0{l$rF$~>du(G@yZW-a{gCjB2-E1BKC9p*hmp3%TqqE1OKi?=l&XE05ZhXBX3P&8?9b0y$ zAN}xq0Y}LoLUc9Y9g$_o1=V#*=m6eQqR*EGVpR|Kqg6>`c;%SR;Jy<6_1gF9><>p? zi1j;Cl1GvKNln(Wy>YzOX<)tqkQlWk4J20Yz3g@Ql`o4B*%y@I9>YWD44*yc?}sQX zt`{XTwQ?p;Z;v)j{)-^MW+1m7_5`-HoXU@;_2A?(vIEx6X;d8kHqGLi-e)8$A6pHW z5o+s9O$=h4d`BZ&BE6lqn)6~ou;r>k!rZF#UKEIzUR|MW8p3B%e(-=nA}lV#56QVr z!X)Eg2d2npUbBSzr^t~H&xJExHn#n}$ zjcMd4Q4diBT z$r^(7Gs&gg%-pA%IP}>qCK*UA1e-(u6&G>^a91+gf*;<|=1ohBEh&T8UIGF#tnl;G zg`iu9!GS+w^{0c9+k9@3eoStx@RiAO^G;!mJhtC@U)|Aa;gU8~d-H8b@b6T&K_%Co zoAIUj_Qs6~DZz30$2;Rtf9w$mU1VU4-Zv?di{%Gh1bvUnW597n0dsya$>Q;bi-{sW zj_My;_A8yjZN*5RV)+rfee|}yw+a16YLper;VrDGnz5+ zU$v2~hf;iOQovcjln1$A0$i8Foyr8%{@&tIHh(Y4)1FV)V_#CK-8kYHUwXel*)%;H!?wMNwKq*VlwsepnjrG;)-&tNjnSr@Jw5DcC8q4@D13;euYgHRUrWa0$p%;=a?(9MczF zC0+D3gWMHQW4_e9>r*a=&}MMxi<*efLTq5px_5b|e#RMYk-^(HDD>;OJ9~}Wod`r^ z$&dGtKAFoGxh)eSu^<1fCPcZ&@bTD)dmU=$tVUYB-Ae1}C$F4=5>w0vUkQ8pIfyCT zirSIuu|hhU@%*BDt}{qW;Ojej^9J&g`Eo@)rfv^7?0mU#Q~PS*OBKJ?In0T9({woO zH6P}{?T+dS#%w)UI z321nbWchtVp`G%aTe~r!RK}QWvWin|$x}p~06AnO-HC#5`={8M`eKgJ3KitI=kLDf zy@VN%DaPRx$zTTBTAx6S^`|3%`+4`h7UrIm^V$I_#hb_QH`7fZBG|jJPncg-PR-}? zWvU3FIc+n!ryj$uxP^MX6<|_HhV0qbq13V!!PPtlHa_~6B>m{@`=$T-2f{l zV%a_~(8_n6_CRNq{+TG&w=RfOO%(cpX1pHhrom?o2 z=n^do(hjOJEiIdMxjQZg8VY<~0zZi|2(x*zCzHWEA*inG>IhG`igX-&w#TiJ9UA4G z@^s`xrXZ+JTVriN1na5B%Mky!zgF4nMUb0zhV#Y`Vj{h^#|It-fp~^EaxQ@C&Ppav zh-0XvxNyfVvh5FH5g9GXtE?imU^LeZ*_Tf|Q9r2gaG_?l_s)f=SV0n?_wNP~(I2V# zUl*a!IzX-0ufia{^ah)-UxkhqWKtwWOCuc5nu4Skw*z1pV%YgM?gr=)il=kQ7xtb; z#`%5qHc$zO1MX9*uxz?W8pVYu%Q&a|jgz`WjZKSUT(d0AB1&xeQ=it$i1?Mah|*8E z@8#y<`0JXhlLvgu}4Z==~}5-^9wrdQ%zilIB1HJ0994F6*5 zWbIBxD5N}aQ1yYM3GME}ygR6L61RjzVPv7zr}uGAMH2ka50Zkgj@iEBaG<X4NI0C}>09`lfcnLn~nki)x1V_HGsml0$aX7e^Z}EwbFbvw4)kG4O(DDat zNRJGO`)J2a7lKWo2+p%_yRhopJAVt$n4U-lt;1EH3k0Ew(Aq;oKv-HywWWYwo*0+dz z9^NPmV>i~bH;JDXp};?Tw) zdi+7r0tp@d@rrQPh3S++f@sqDBs?8#e4 zC)QJ!A1lo{i^!lB?`OU76~D-zMXR9Wti*O zEV4xK4IVGl3i*7Ty#Vqv2Yt<2(Y^4w6^uF|VxVT6ZEaNj5QvRIX5!xUSEuIJvnbN3 z(<_(!(d5!7)b^uqTyjq6Uc_y zeXLFpTaX*;0P(3yO~fVMYm+%-mLOg`yDAx!+ZgZ4 zALl}%Xr%VUGd?6#5TZc%k8zNc18Q&olD1EeThK(>aQgcFvYkIcwfAKWI<@Zvb|T;ui8;oN{AFGIT0>O8G2KSPr19Ed z-E7+*P>^IchK^8P!7ozIXk&f9+Q2w!L;Agn=r2aq#hovbvIkaCCj@_ z+9>aWv-r~-jVn`(U*z@2>`&R-o5NqGin`2O?qD?TQ;V-H9ST|OWN26b9)7mc zu&S=$!73PqiNi_`Y}vsJ1lk0o|Lpn3uD_reVZ6y)HlCzj7kkBZXtE3-5I% zLn^gPVx`~G=Nu6kYY1lpkosrQS+dX^hn>lCvmvG!OhUokI9{Cx=lgk`kE`)x$YO&? z!idKt6*-=lGy+I59V}Y|*H#+Ik;40_iVt%U78WLw|0K^&#e?vIeS&eE`+)F3gyN;& zWAs|q$~s1jjYX{5rbp-f*n38oqjd+&@u8T&L^M{UtNUNn+C-^dJcfRB*41+3XPt|A zEIOHo4oO5Mf)F|1LZr-eSK~(Q%+`;xd2?{y_4$+hz=21L=CKYu#$vV~<&R=(=5S)( zW=j&Or%-y^`sj>K=}UQC4A1)`Q8p_Mah9I+o(OLMn!ijHPZm-;$$1t=eXtxRnC$9~ z31-`8zO6Zq?FkAUi?48HOE?iTE^WrpV|?k|GLs25eTIYCMt2C^Fn(J4UyGRWdzCsP z_Aug@w~!(1<200gOmOT3nGKsDj9Tu5?n{wX^T~6dmvY1U?T;@dmo8`WcWgGG- zpX6uC6-y%ki^sx3j{e1kp(gjUEeuf*?C?uk1Q;)G_VI|h{^NF;L;$Q5g2{W3>|syR zk_xrGfg*(!^kW9*6>O!9S7H{E?YLd!<;)7aLG*PL=i*V&aEM`lL_Nd?od66U(AfyKg7xhYmf<;L8n*S&_YVz$oP^@^J z5p@siv)c+Iw*vmzA_zKt;8V2FlwMjsG7?!DaQI5?VQSC}C8RCi@$*qJkftKk@xmL| zBs1kQE{RMcGIwZywZy$JDNzNuPSA;D<}^O;a8R+}i@ zt`1WP9iSzYQT9MV#W-rW=jK1LvvCxq9#inIjWU@@1N1k z@ju+3`>sPk&6j9{4*-hIprMm1PBNQIH^XCX@nHD13bQLVCFF^KZ3Pn#l!G_gh)f<^ zxPhI_7A(dml3Ll;6e>l&O;63q_ZY6O0l?n$Iwirxd?+|wzzd*I2N7wrp|Qf4%4~n! zSI5H?(KYP%lPUv+qKb+s4FYCHHxKPy?=U+;D%cLTBzAT)XHVh zo-&S$6xks1z3UGuI5R*KX%iajdP!vmAa$tl;tAFjlF*Q0eG9b@_UeYL?Pm$luJ?|Z`5Th40JIQAC|G{3O|0fNRo8e{+Rqy2>iw19K)@tspP zYb@}CHPT6nb~FB00K$r5JTbUeV(VgzgIFot>yr5} zIwr<@pDsd?(c(@`yF$s2 zbeW*mQZvRTwn=KP%U=M-DNH5BJ((gJO~)TCPWv}Cdlfx_rN_Lry$z%wvZRk_x8;K3 zRNnJd%liwKHpQT+O5|q0QFHCIoYUK^*g5IN!4+`S?SsOxvzMo_=VM;qbh5`0qj*zA z+FvO-hZ6^)2^1Hu_$VXFZRYFEen1v!C$`?O6VY-~k$}19{StY{pYr*6HhX>ovcX&e ze0;^JdESpd)Z9h2A768JhH^JG@UPYTL3z&+7vSV#D)@WsZ3!#$lIy6G6@1pq_V80a`ki@ zdinYyoEqMsSGpqUG)4GzN@h17FXSbf%Ll^;4}PmCe@-aPjYt2IPQyLfyZwDvP!xN0PS}0Et{@&|C5nfM5`6EbWYGKAl4KzS z4B4lNes;s$?3{*w<+e?|sowM^+^9-!@c7VlWAf*{krHJeTUm=#3+Zk9&4tWnqLf=7 z#aT)}uWR-;NznwS_^aBh_-h5F;I6I2(C-7=6N=4{;H$xb*VG#xOBdL8C$eHOkM{k2 zDhzc*pz1TtuYK~zDq?3fn`+MI_fvxIOMddcRjDsCS!&PEa5^N&iOBUoSZKDaq~!H5 ztk7Id)%Gt|z$D2$v7EOv$L#TlW&h&8&CbEI)Wo||dp?*SEf@t4Ga1?sc6IVU?l>2g zQFjseq$LvVNUNhLTFmc2si<;2iVYo1zb$bOXpRV{eW0YA(ERE}>O+D3=F|9a23fha z!E@CEgD7z`sng5-mY(P=h3rX79p%1p;v8E8hWgxJ$K(vMi6~)uC`GYVR$FKV!5!!x z75R(sShL)8FXK!wL|?|e(4AIBiGaGvpvE4-sWa!UA{049cM4MDRQvLIx>!=>Bvrz4 z&WktOZ;ofgt=GQ(=Hz>hPAq4(cHs-xRgYV?_s0{ECIPnClb=27gjPKaZ~gkZN#hw* z)*=`D*}vGya9Q#^;`?KsOJAqo?A)xnHS;Q@C4#zx)>4FQpzxuq3pidx*QXVkga)MN|5ycwfCphecgg9aqe@N8FkrIzRgl zELlt=f>NxGpodd|QkXnF8;?aDOATA%)Lx6n&DC!Ez%*WqjT>K7akIgBB8DruN)*#( zp7xbCQdATzUScACAc^qe4j_B?xPi_+8$7r>T`j`CX}?Mm^SqKHGkFfrj%~eQtIyE$HhP z(V_)|k2HeZvNv^llJ2hs^lKfX3tpuOO{@&(=q5D*9X0cKMo8o_cSuk z#zwMq6sDRko#@1tJ?fW2gu%wO2Pvx+K?_DxCznnK2N`KGoN6+3m%S;jt8qHdeD@*D zf?1C}%l1%vspV#Xrm)f{Fqb#;o_D-esoF7+Au5!2G0BcJMoh2Y*P~Qn6#@RhYQE$LQ?pMB#|kPR%@-B(B}y(;ZGVjCT6ObxN)F$b zz16C@I?7^{EK{4OpVp!G2vGVM*QhPuSu467WV%emt$U#@;cwE?C~?G|B(g~*k|0pp zXzK2kQhm@=;hkgPY#Qj}_cTcNaBTfxTTPZeqc2W8J$!pgcTn=u-lxK0V$|J6%BHC3 z!tBHBA4RdvQ&q!rhc?Ol*|K`k@cnyTk<8Jy_i%fq%tI76zwamDeDUjL?@;NDeuA6h z(IJ(6xWVnJ+haGNwQ;*8T-(D$s)K)aDiK8}A_;}yvT?0F8+zaRm*%jcKl06lE?ZSU zo6oVauv=e2l1hdx%Jbb33*tI7dDR;v0Z~eVWJlqISoD6*xyQ*YTlpabYwGf|fqCE0 zX!?*5E6=p2bl+;Cv!dt+A8_82pxl(LCsn@bJbr}=Ht_HGNF`Dm#Tn)Q>4DN2KpIqC zwoM+OQ+o4yaJT*(TeIN>di*~}rErX;iE@|I%K2as=8HF5wP|g8<^DYBc&{sPu4Jah zA^Kz7-e;Ny(x{5sS(Yq$(wMvB{(}4c2)=axi?8k*lLph(yBs=3x*Ex{huPrTgbSkB zg}}>Kooci!`-4}C&1bGk@Ckn13PsPIE6qLbTV%VJ9e>>200ZX0I%Tcz?|`hoOtN`>wC2@CO19HsL$2}c4MT>$U!`*vr?y;&>v`pTC0-ercL*C~thUeaEN#u~_|g4Pu`R?SOItbEJUZpxf2S zTPezJ+j+aP*%K4XBr((MMk&ucaKpBvpfz6voYG+?H{DY4`@{NLUk7fT`jD%}3n`zk zfnuBD*H0wY8xJkjXTIeqXIW>rKd(*o{L?&`1jBoAHgAcw3j$=QpDb{+SM@s8pLaN@> z(7(IpcP!Zmo0#`Za3R!ZQceg`mz?m28wKv0pF3_U2s>av<{nK~$qeDIj&^n=vP~0= zDweZIEvEBO5F6&%+KK*&>MPR-gJzrNDu%1q!-5LNq`LC&;UJLna*lF<(F_vjpav}6 zXkSiX#@$}=G!FmZIJzO2!kNu^Z??Wt$yN?xHG)$2B&o}O!OuUu9YREBwuf~=%K*dN zg6>lD=>Kf<7ors(L=*nN30G^NDEJa(*0JCZbmZ}y;<1G#4IJuCqnL&u7NO^z zpV~8S4xl(T_(aE)ksrGC>u1!8?(*On2>Ue@UAafQu#D8)9K^Oyl-R(W50Et2D#l-G z{;XLSwp{fiI&cPVw5D~qozU;xoUYT01)r=5#0knK-g6?}w;rsxZg7lnF^90<@%8vK zqqd$*s&tt4mSU)cN!C{@e$Y=r#@{Zc=+-fquC_hGGMq539%L}KqL(7#TK9-_XNo_; z*sY0C#v9&wyuqbo;FtAC<8*Vhgki2aV(5>8f0@DHV7#A12U9mspY9RA zdJn*`_#lNk`Vu$=<@aN+Ci9p2@d*!)jmz7AALMunAd&i?Dmy?#)ci5`uq@afbb54! z-QhLNn9%hSTJ5HPV9y1d)Z!Ts!~rpaEG}#GK@sbV6rcagN~%{(iHM4xRiNABoR+s#8y7x zh9bpz-bE25zrNRhCyXDzTz4B_oqC7Z{USuw%rYPe6~R78YB$`;yc<*gW`ieGcRC>l zSSYwbFI$wnTT$0eLUHQy+!NzVjXG!3N-I#DH50l`qesGnC#8%Np}foJAR)a*TU0HY zxbQ9SJ-o=Hdh5~7;m!g;%H#?rH0HU(@#(X$rDH-@!Nh%fMrq%tuVr;#`kv78wOrTe zmQhl4KgOC(^WCy_`!s~zKh%Pt81@i=0y#VUSK*A-5ESPSgY8M`IF5;t;LN6g#BR&x zC;9TD48rtjRTh7$KZYT-epm2jzm5%(i8d3%>PNy&tmiT1-v-G0CWn3cvit6krh!p@ zH`6S{PT!S{ZnrqkF>|%ViQp)-y6ZK_sp{I#v(KkqQ0TU^quytZo{nyzx9)v84~hMl zdcgx*+d-(Sk>j$8A$C}T!*gRs8`yBu;KJGbVnU9abuuhGdFVzTKhwk9{Mdp|hlbE9 zW#ZZ-#Noi-*eCCW`O35hgZ0tIVf-a?bX+>0Xa?}w0mK2valkx+8X&(#+vq;SrGcF8 z&d1?R&D7cplWjN*HH#WlSPlsgep8bnhRjJ^5+301=&T+UwwmA*Se31#&slK}8s%E@TttJ-o7_`qAXB7! z*p5>)7q|tw_pU1yY@!5>We!E8LRvh0*CSP!2doB?Ez`(h6l7M$JIrQ?gIYlhF-Btf z3I@aD(kKqD@Me4liki~ty>@YoIR;(ZEKB3u88Mbovj);9$Z*d0Rkn69jz-h8EV-ZP z;NhI+5>C?9G~c=FxomI~|AxyavQwdW^zrrto8DgC5VklC#ITO=ND}B3$t36Q+l0VR zRbg(}Hy3)(R-<(EXzPn+{b%ClPX%sv$#z*I$!i1xC^DG^i& zdz4zDV67t?kg;O@CGC={?n)X7)F1Ge$ElRuU0jbGV93!8PQe_PiYx9l(s0Oti~}F) z%rnm~AgXX`9RNlmi0|{Bc;QGC??}A)l<}_i&p9bCHb^;Pj1gXc zz|ylfV-$9lL!Dyb+v5yHZ?s*!Ztsls={C(U7g?ZB>bI!Ew@>p=h6n|0GlsS{2_XvZ zj@$wBshllN7gGq^_XEaO8tWFlsk#q}4f(MJ>ieNF{XV;KqcAe*OVPqR72OWsS?HJ` zF6jrY)nXRK0w8i^upQNQg8oQEf+(o_mRmu->_;$-k+-}$Ry-q&ke7Uza>FB4t=(he z4fPnSJvK3#k_>J5k(YiVw^)ks5ybUo4L~Brg@mlX4qQ$op-J^G!qe}k`5C*CB^m_H zr)O0br}w1}r-(#07V-~+A0fH6JsGsM4ayzKKF~mZe)Busli6R{XI%Ug2+&r9%WPE2 zunACg2`t?g6?0Y795Ow>HQs-b`#i{S-f#VmZk3JE zBy6}L{;q$9#?ygX?q{X${v1ND$P@>Zd(Yl+3%%Pgx%&JRm$TLQAG5-3 zx4a?zqZ2!g0RruxUKvq*xBdxz$LalXsZ&XVzUJ}A@GhGDp?Ejf)p&+IEIj>ff>>(OtP&9gJCk<5MP9{r3A|ARe!jdG(@30$A$GnYH$jUFpFS;54K zbcd~O2R95Wt2wo64C3AzWT76_ISiYim`0W+z z@{y3cbrvq92bU|sa0W~IZVzfmIh2Af{L*7I_j#v=#SEZ@iSVO@w@xbx5n69N)LD0G zMv(GD&8{J;2wrQZBoWZl#rKB1=HMr24r{Wc_p*Ppk};X$7Q*Qk_%q-%j$R-_!nA6>X%9WSqLx!`5Mf!2 zB(BbPX~=MuttQsNEGgH;42{86(STfrbS5%5+ARzU1s@l^JvOmrlbd|ws=RRc!zf(< z7DXKBG(Iy@sq?MfV?HS8+2%-o0{+3`dfhvPPxLl{d-6NYw?FKs>JQc2LL%21-p+}j z>fUPl&M|0qrQn$sMNhEDlH8jlCg=#Dqk_ba3dHqf-X)6;Du}qW`C0`%@NW?-N>^q0 zxe%_^tjB+DdT!0}=D4V`vZqj5s<*ZF_PnZhs?l*JH|ZDu12q_mWn80!aB27^V5G)X z!hCg^kBK-;7hnK{YTGrnYFII-KLcT#i1{ts+&PyrS!0#xWVz(LE0(a7D_~rm+n*-X zi&z~mF-Y?^EH5lQl(;#k!Q3xX^kpb|U*~vx-QgXg@JSQ;UPwhx+%Tc z*tD}OLUH-vRk~t0$)2=_k=fv5*1zh#7@O7Sdr8Dc>p*sLa2LwgaaLKbXrubzN5b{B ziUxcKP9|t);C4l1N9Vkuw+%r_4SvOT{Sr(AAw<%2HXMzpM2tm-YQk~s$hG+f`ONB9 ziWsanK?FgEO~4iZ4hz|Dh`)0XMK^j%YW8a#OY!!MjKWdm-WG6cQ!3Ytco1!%T;+=7`KTeIqiYm7qx}d+=)B{65n2hDP!=f!8 zG(=9mSz<}LXii$rc=+R;39UirqXhqli;sA$B_-N=aG`^l%gUUuAEoje!ZWCl%cJi} zn1s@60$veK)jCB^nZSfJmTtQ~F~wC5-F!oPS3L-ZFG$5I3)Rfqqm$7OIccoWrIS#f>nhhpE`h`wj#X!Gei6+$$q z?#uR>B>M_yt^9>dT~MjTV9YCIkMjc~w(QYzJDI?pL^_6qGKNXv(`p@y+r7C?VP)4X zPA49oQhwufT0^D+2`hKJrwT=)sa|ar)(jb7liz`5)B*;+q7d3M(!}3#uyI)iN@N(> zS^1vH1V!Sk2byY}IRm;)v1ih}wovnDc^yzn+>+muPef97!V0Je(@W1GKG0G`A*Z&= z8-)Em^-Ry*+fSNP`&bePn(~->GQ7_qV=1!R67xWQxhqZ6X7_%n=XL{Z|1b9*3r zH|{oqo}QpYPemjxPhv}8 zLI$kuzAXf(X0L}$k4=hXztNcnfSe7^8C2Q+#ORI=#1wW^6P%AwL2hF|a~Tui)j^x6 zo*=#W!@csK&&VP z8tH8~(p*BEExR8uixrM-_W3cE=!e__fsNOCUsPw-rSfoL5%&Q&3(9?Zs!w{H%waIhO|*69#CyD{mcXH9ob8`b`Q$dBt4xN z_oeNv=YfW33{38Yx$|RQvEgRcRJ}xYJJM@!DT)W96?xNeRyrO+aTJiZyH9|YSA7-% z%Jz50cGL%gr&3U$&+TgL?|hs3%@{WMsNJFc*2p-*5KP z0U^s%Z7{^@ukiH+i%>;_g1;!huTc>oKt)d&D5%Pk(bCZ9tR&l&_++`Pbbd>4{`veb zfjpF32;c{|0aCFQO#&2o>>~#pfCSmN_kWK~W;}k&3y4$CUxrchf81#Phr+}4S1xND z1n5xxs34>Ax1kXQWVHA5@8JG@c1_ak0tL64F4nL8lcSR0s9Is@08rn_bg==M<+Wy^ zcCl}@PN~rV735xFK)V94x;jiJlRL?ez-*Wq+9&Lz)L)6_h3(R4LB-go_0L4wo2TfRa6ldYfx0VwU z+hu*r^_NqV7lZ?BMZn?LC+}sp0Ts%=eJ7nose4iZoQ-N@s&f5jqtD^|bh&xgJ}{|# zfBJ|VvPAjT?J{86QALpJ%hOWd158gX04p=i9gD{relP;eT?+xIkuiYk`>yomPNkju z#;|G0mts9gmfwPgv=l&GQpp3<0tIkdD(}7e^{t(mTBp}h zt-N764|j8uqz33Km>B`%LuYu6;~WpKcG1HMhnbo&X}=S`6hJc#-G>5flNxqgktjKn z>5Y;sK+gd0rTQyqTG9OWqFUPf_u}dla3E;qsegS3C}6E*{m-0xrADOy0%$HAkoRJ` z?gl-o_$y-v(z28Xu#%e?VBp69|KkfrjUX6J8>9%#*#E7EPXRof=dWD4Rky;T{tqCK z@2IfoaeW*vpqY?E@JG6u+%pTyO^l@KJ5 z5pw*G3-FKB4^Vo)1Q=UF9~p=Zd7<)c0vn9~Xz~A2@HhTSFD_2lvPCrTi1JgXlm3-+ z0lp?ezy*S;_c{r{vI|48`%Qp#Y#DuT7#(ABLJn|sXuYkcSeE*A^60HCG z$EFKqk0V1)$}!?gc| z9*hn@irUiqPdmd}g4EMv6{shn%>Za_V1k?kAP)b^;PW6qxH8CS!(aQVu>mdA@OQnE zA^!~<@^?XPjsd>}4OoP>Y85&2{u588{p~~!eW#gm12p5i*JESenO(39{Oo`Rc_*Wz}stj1UO2eq@ z6*g-T+`wS=xz7QHt|935M&EU@~pZTXN*eN?K1TQ8uxC3Tvq z;U5KpTlfo*llpFf2z#*78F4v3(Mt&#Jq_$S*r9@$`*?Xc6rfuOj<&|^{>D1bSc##O z0>Bwy_dD4shybki4vqp~t3JTbF$3ZYk5Yjs(w%GYC|udqW)XtQ+0mH31Wd|T@%mc< z+?|Vzh9&{H;iWR{*RQ9A0f8(NK=Z7tW`oa63l&UA!@&ozh%U#A^##-Kn|GRiSH12C z`$-&$vgC$#qB*uGw7@|GRZa_m6O}_UDY)C|5B~nZL<GxBi-HI-H1ptDu@Eot$=iQ=g^%}(n^bjbaOZ7oZnq{t@|Hq9KYG$j(5ND zJkOf~#311tbI#^2x0i;X18VpY@00N$Ag zD>H7XEir1U%@#NPv+Gn`EKA3w{aStI8`gCZ;=78N(GFOK^x1N=PD++fU~;p+LW!6Z zUmSPhiSdB_*Ca9)9jgtaQ%%R$qU|Bxnl71-19nK%bHC-RXLjI~Kq2f>eFcz`V*uw` z5wNjLt`efHi|~`8UmMJ%&=GGfG#t&P@H!;0sbxxr=$3H+kppd1Fx|{x4h)O%NlQQl zNgZR-21XM43{}6*xuwWqrW6Q*YCHXo;+^y+D~}@ z9!22p`iK$mfYk(gb-zxwzeB&L-UqUx^!$F1cjuWSgfX<}+!3~I^4jR7kGARPN{`wN zPEU6?BMuoigNOp<*a9GCvq*e+AhJ3aaC0dKfMv+PJ6pDZ2~V&|^OhDpUqSBwBCuU7 z$gKP&>g78$Ilzx6YRWfmX-rlDEK&{O*X8__0`8Ik7bAG_yQplf`Di5e?q)yGeYa+2 zK+onYqmb8LTz&luJ&?aNKeOlwkIqZ;k>|D=U=X`Lct^~lDa%p6^49djnQyvKnd>pl zA?AmQPC&k~|CGe_yT~X{8Geio-(_afY`G|$EYaWBMt!SkIz8Z7X``Bze`}hqMvHF> zMxDyzG^ZKFJ@39b!XAvBC(K2T;dj{2Y;|$CjuvyxTWk+l^|30V7brUE#GJ;4x0gGd zc7OBi&HO_+y~jMM~ZKNOaYg6+h&@tvT~a6)4zZJzSSaC^*bJyu>vpb z4)~*e7Lg*>0op*TfHsigdU<1H=TFt>1Mj=-0tp~SQEfoxQo2nDH3`i1>6w3OhkfI>H z1oitIP`yA)OS_j#U|d})DiyquUneC?tq5F@c9NTR*LAd&kj4XMU~BHf}rQ^ zQ~EH^7`GtqjaO%jUJ9EdUm1akn*d4+_X-Mb6y)`O+c}9tB5>mmQ;Ane{1#c5cj)KF z0T)(JLA>;fvNwW)`ChaEmx3?pFK6S{<76SPQbUhn-hj=k4s1@0m(rjh9@`(wOd+C+ zmoSD-{RRej#q_`woY?ug9&f3c8Q<$X09y7yC;@$V_u+P4I-doQAGosFB4>=$>dX6v zPwFmL(}@r8)uiIjYKmrcz##@{X^bwG-a9w3i6FM1HGuQxJ@DwI@*>SZu5?`t0Foq? z09Ay{kR=nzr#hRjMsGpV`PKL4WG3~_3+Qnyy;;S*0H$rk6|e2)be`Momn1Ux7u4ga zjnQ;Ypjf~&vo@GGdffzOy+{8Ia8?I^5XIWP`U8Ll4gk}F6Se5I?B5fC%fpopE34XD zsd1Q*2Z?_xpfjTmN>NqDh(`!1?4YRxJQOGezq2D-`p|9|XREAxEAUCPa47f`S#(Mr zd-~Eun&4W~==jhsXFKs3s%D27j;tLCJQ0TagYi8;O2_Kkr4~^!ICy@qOe56t{2F)w zAtn}7bRqZGV%l)m;mH7N*_UVEfXc=YYzdf}wcJ$a7_e2ylaODx-kcgBjg<$Ov9JE2 zfxL65Gw=T7K4avC$rT*D2hgj$2VEk24YlA^bjtI`Bg?AZ1=#^RyB;k=9SxKak}uqD zAJku8AC0d6{6ND8`PBV@w8Ol2)GZb06tHEWqM*4imeeiTZ{VFLJk^j+;4rdZXxCk} z9!jDEHZiKK?RIYH-7~mu5N;7;&|B^P;l!%XL+FVDu)2U7pH=tXUF-!jM$493B=~D% z80}f9af?1j^MQD~IQD^$XG9t^YxVtWm!!=Z*xoBvX!v4?)|{o+{#pQsJYVQVH6Hx* zVLiCq;SMBwtQ8PK6nN^C4swv8&NF9O#Jfc9JzdzK6Xd~I&kq4MKR zB2*ofr{WX0m|+9BYMv*^Ei{2d)`^e_4+0lQ)d1u8w}|~@{`cxraoUHyfb={8s}eKn zylKwXx&sbKPV;AqP%v+%P#f{LcGurb5p>$&Biz zmbdve=ZaOCKFYzb}iXbwlwdARD_B ze+J$w@18CBv{XO{BYr+~4#GT^ri)O;QR)iz$PyAKH~?|LG$nhy zMUfK*A({KtZk+Zk-?$sRLla$U1hoA{1n+uJ@Ebs{R5Mt|af)XR}-DVzWFyX?Qh8-|pZKlPQjvu`Wc4h)Q z)3ICFhfn6VzZ2sTMYN=3pCP39#q>`XZezrN?t^;-)@}4dKuBGiam4 zD6{ESh!_aWB}2SD?C8=P-#zbO-P_}5D*#L6}XPVJ;azQ}tOI57Y|W(&-Q3t1w9 zka|wWaugoL{)X^}+=Hy^+**C^b5N85ug0#onisxtqLO@?it1G&BwXwIYZ1dPGot#6 zY+Mw?ax8TZa_<$!z)Rgc>^X+2SOBdxii+kD`W~@5b<{$f;{ja|;!4UgT5O7! ztE-OtzHW0VqQU?7!vzNi!y@xYltNf~TEEzW%8|@|^V6oy z7j)QpEgauvTG%YaZUM|~_)*2?-Druy+H7>E`r0SLiK2cY^&&0ihQr3xp>q@V6wbki zLoufkJ(x4yGd{Y~oW@UoRBndOUaJd%5O;uh?awS68GT5J&&FuLC-iI4$KrJf59t}Y z*ROfX;{n(-H`X|w4=bA#x@Z?e^GOq%=g=`agcb!~*F;kKqpUW8SpWlt;`{bvG`LvF zr8HWN9UCZPCdlmY#_N{|4UTtyupG%AzsDt6ZFvl@wUVp!OL&s^`>uuz0!W@*SS$V7 zZHnhGw#9gLKX;*n1HHriON(^?NmOBVj=ZY7$2A4yrMX{8#1pNfqkMR6%Mr=z#4c6V zC>?NN7LQ}Aw>;ydLWBIz@^#)s##_i++Eg)##V-Id1F@kRfB=0Hm`nc zA{*KMi8?gDMLZMsSY+TBq#FdrfAs&wsI!Efvl*wSo*}FDd~_r$FUj+J&&eM)ox}#E zy*KspbHX<-!^w;AWgnZ_ugBEBuV&J{{+O?%L`98fn1y5C`#JhpHW3b?NCKa#QIeQfrz@nkAAs3y89Tju9J9YHmvcX`gjSnQU$ z`e;;DWC(ijmX-Pde!1Dc&`xocdULJo!iq}SRinYaG`ul#p%IVRasX>4=hOB{v?lEn3702|j9@Gy zD0{>N4y})ol7ib`0yv0pf-y_Tb%l2pPmyaZyb*vM6WX0t*FMV>4tymkk^|7u;kF_k zA8lzb2iE(-HZ9)F(}&drG;E3Qu1@;~ODHJn_PznFEstUJoYB;ywUkOPCQ*8Wzzexw z4mxq;VcHChMlE<_>1{VGZtG?INA-KBP3yyS{wOb~F52Do09**iR?UR`^)^^i7Dmp= zGHXQ1Vw79u%}fNh#WAhNVqLmF<(Q{Q;Bo8q&F1Td^;;Rs{|6=Y=fdH`_I%AXQgisS z^FdJ_+=(F&NnKF8Se&+3KsH&u@s*v%$=g1aiH|7rvcnVEazytDLYyZ^+GQ=LDg84x zgC9`mz2x`l#i$9IQOX*2P-Od4(Gd+(VjwWGc~wp#y%6JOoKY@t93&=+f;<{mkR>+J z;fnJ1B(@Z7WzFGu-GvFW1n88dzDeiDRg#|}E8Mx+j-R{jAH^_SmAgD!jB-pA=GWE{ zR)NuOj>)+ZDORnFphGV+0}rKY?Wg3I{En0g)N?*vWQaGW0|B@sx;L-$Qx)w~vwurn zr2@Vgmr%}`q&z&R64un8dBKl5b0N`BbDk|qhI$!By<+}9R8P7wZPbxlJ**-iS}$-l z<*vVwGog?DOoVN>Xo-F`v6OG6*7Ed~-o^IgRVER)>-y?~SBceR=br=&&g>&UA9i#l ztFH|dtwoyfgLug%790Daa@?P@;Wk-->|w-&huJ8{Yo!O;U*=KGwW*|NJz;NIPNHwS zIgD-QEiMD-<%Xy6sIL-Q?g$!o#(TpDYb8#wa$Pon=ESmJqw4GZ1v;(NYA%1RNC)MEgoi*%=xdc0|!hK=(#A z!jOHQe3brW!6L7U^cK$>f$e=F3-55lC&Z2oBHfWq7xh;>!KqWr4A1Tc4nLn3w_|4^ z(W6H;1GPv>n$wVu@&{@i;XCk55LV3&nSn@l!#DhcRYZ(U;LS-QAn>Cwj_u?#;!HX( zHUIE?Q?t`G(R7#zA00K>=a`zkYG5F>_Me7rjqR)JIw z*zqa;v_E-hh|d>Mv-4r%g5=XZ=vbz+fa+lyU4?HXn;U^TIdj`IihX0?e=e4ig*S>i zin~wCk~Eg&qVD60i{F=qU%(+mP(Hrc`6 zLnSs8SKopku^(4zUhOIVI6LF;t`5);czqmN?YE`9&E*#(pu=Bk!>q^S|H)g_m3hYY z@0YcaD--Wrv4BMeC)UIx?^BnHjtljbiA-*fBc@DN$^T5tS~ z88Uyp`CuX^XN%7XH>d6`vLsphGe{(ejwxJ`jmw#$n{gKQU^0y!>9=I8}vf723{eO@-Ty8m6mFRYIE*iik{y$qu8x6&}H4`yagQ`1IJ zT17J301{jMclAvkH&W?5?%kF4r)AeF9NTeN$dHl!Z68E-+Gj)DbP0+Iv^ z^@scb29`^s!~A)8n4`WSYNG?d>Kgpb2)-W8vF5#`-8&Q={>{+g%0P2%+WScgLlT=d zGLa+$E`^0nga0o6LzTa-{P|J@|B|i!ZVV0aAhkAWP%sNs?T=6RaxYf^BVI90t=N`_ z%^@7Oe7sGlmEA>po7WV}wwiMXR*L+qybsBHPY})qNL{T#5|B7e9Uvr0uz~KUk5PSQ zfU)MlW?m|kG}k$~TjQ)?u#1dMG1k5;n<`8`NVU?ltnIs;z-|yeMY5IkfJ+Q{2;vch zm(=BhhM}LBQ=|AZr1jS)R>fpt+V6ZLJe8sdJO#?2cLr%kq4&H@3;%<5bZM6zLUeck zZ7H#ECkGBry~?iZVHue;>}nK3I1>)CFugPKb%ANe3t<(o zp{QD1EjDdd(r{qM*f%>v~UvMdwv?+1+@2kZ}rQ6_}<$D z(78%jTf(Z| zXnf(@@kH;S=LK1fYp`GIN=y063{Q6CQe8@49>1ZXUTNgOmN)Qb{($V`G(rCEKwXVP z%8tdK{- z(T%p9hJH9fEeaPB^+%>18ur)Y)USS$v152Io7M=du63~)3>CjKP*<>m94gmJJBBt= zkB?D5n}G@$xuwuyEjKUvh);(jY$lZo6i(r`zU)U`E&X54U1cp6k0YcK?$~takHVK) z5GT6CyqDU}e6JWisAl~L zdefANPnxgpW2FBCKLY<8((8QvF*=P6?iYhz&vdeDouKinhkIgos%{<8D#D%Vp+L0O zPGhvtj-p}uvnrt_;YJ!G0kOHG9lgv~{QNBTs_ZU2*gYVvxyR~yq5NadlznDso=UXZ z-@67D48eQ!k{i{L2UIxs!JgA)1woUPLY$zJW5EC5F1wV-EzYN1<4oeD4r@7#rF`S< zEqNmf!rw!4CTmo4yE$Reluz{Rc3{WQkG5W_OEJaZ(K ze-y?PU8Q?cPHO(KIzrU-1S)_hdY*yATb#%kV#jwf4^#hT!m8I^Jo(rCl2_(kjkGyP#_*R z%@>8?&BPVLf7QD>kSTxg1zf)=03z6A1|4BXAnhx*`-N+BF_fh?J|swv&6S6uB8+z| zHE+xly~zfOMC+9XH{2|Zt@5dt0QtRLkOkt^eqQ`)`d6PqI-dELyw2T^sByG}rS0;Y z8<=a&6tpOPP?u9hT5Xk;K_^`;xo;9$uRP)65@zw4BkUcvL~nINmG_Omlfh*rZJdP z@8Gbw&bc+#|u1f@z=$xvG59rP-a-Hy{*D>kZ%3)Q7NVa$8b}+U%ErZ#Dy=% z7(sc}4&JLf}qOfCu?6gvQ4RU-OHhQlR6~`*{48iv^z%zYpt%Ni#AmOei5n z7;YA)01CC-%^-J1c1sXyj|9?wKEAKq$8%vxvuhxW-3jQ#Q)fW0Jh1!7vZ(hUH{~s10u0s$t7*Re@^fm8a zQJDNX8#dJcHm5Siv9x7l(;X-+%HE3^ng;QA@Ta5^PGsSuIv)L%>Rgb0B*9aY`b3a? zqdOoL9lr!alTI*M){s8}`-s6GKc06%-EHZD=$SGxhXC~B7pBG+bL7zzntgPe8L3N5 zyhoZCiV;3OF7=?wjZ@b#7pVC3zd^f-XDFp8D2usV$hsrcqTjwE&!(Y!n{?SYKK(>Z zM)2X`k(2^5v_BqXI-~}hL)RF;Vk4wKOFT}M85{oKIiy9$#ru1^<)=2Sk+^9Mx6TKHN4q8@2L%XU*6D$?ml5JASKO28%&73% zr5$jiEB-Pr=DsJ*BjFdnVHoNzl!(xDZ;O_3zB=9Q>5!1)X0u)MI!a)!x>$2;6^nVO zK^-pt7~n}_3O)`FrfV|QBNwD9jKB)bR7=`Z196K;pUS*}PxNie)L?JO`4E_#fg1ZT z!xyF*+9Sp?8ttzS*>4MKl$1L`^@A*oI*O;Z0ET_zGTVF;_2s>5s0=@ORYwBGpe>)DHAGgrt+AtER3st2ul*|w zx%rbPw)liZmeB6-Fk141pch7HmgrAy-mHbve|uJrS`UFSSZ){xpp8BALc~dq!dOh6n{2!!w7oT|b2ieD zNtPU2J4M#bcSXXPn`=3hWB&16oBf#1?fDMc1Bhz1l_&%{CG7f4eJT7Ik`PdS$$~Ir zM#J5Yy%wV;_0bHIX%b#sW_F;K$4)i_aj=O=X6ryCaTwYGsyu1f2>_>hq9dP9`k-}< zPk3S?_X(T)DHB_i)yI{rk}mGMPPGZM!8^|^{B$OOA!*XIeBAA!WG8sJ(EvS{Gu+)! zRs4O1(2joTbxAAtVwAOwm4UgJU6}x-G^-N#p=yAREZ6R6BS@b=Tf*M*pF<{&@@)JmD;Vuf}--vc-CG_77n8(AaRetX5Ale0nDh)I;Q)X?{+t7vc;s{X=Ku~YPR_{mJ zekjjKWp83(hsNeqAZgF2L4r1mHrWD_s_KCkufCXq+9-}RZ;Q-*gNW;ww9agX@w!Kj z$PA87dJv?#FTk_Y>dZ9XLChiWO>Ce$Q$;pxw#P3`F*ubdo|rB=B9H*TM^~S1Yc}1C z3|a|MUw99BS95yNNOSJGv-9h9&mxB5xGNqv4J~9$xA{%Q!s~e_w0ySNABT>ROoPke z5{;c;lNqDI7m)m5SWm@VgFo^#q;zWDQ$io()y_ua%J$CHlD9<-RQN*l@<&z3b*g_i zA=Uz_4;7r!52G9=dk_i0@UP0;Jds6rN6W3D`lVO%P?oE;+U#S`GYX8Z%Rf#_S=e$n z)CchP>DZn^hsC=;PxnkSVm3SU^U1>8+^nvIWb*Mzy93!g?KAQ7@!%}@7XR!u?NPD2 z<_bQuaftGZEL2*E>BAKOyMH?YRM{O%NzO>p_u0(K#2=P(y4`#B76Q6s4eS;??H8;o4w< zv?0(v{Gj;f;~p$~1F%~j0%FsMojY38CdT505z_H2w!>nMiUa2HBQ=0EwFoq|a1;Pt zLTbM?QfeV+P!40d3W4yY+Nz;0z)eLkh9B7(gGui4W*#AM$JHjdT>0{Krt$6XAcmk5 z&~1YP8;?_k6Xh3S&#|ja(amP6pgc8YtOoD5bn*-ht=d)l_=0q z2o3o&zRe}qA5h9A1U_3`{ZfT|#cRXpQ$=gqqX#H^<-bwgsmP(4#)&Vk;?)&sPd5 zaV^CRVjBEn*7VJ|qg0e7e9Xwfi+{9h&=yy5_Dtx2Qcx=8FmP<7kM_0}?!}o8(BYCr zhcRoy4zfj%wqN+*^q{bh1P^gvgmEFRFOGR$iJ zW5;($0;;OC8DDTTT$aiu$->Qd(FmeBAG~c}rA|bc=rHhTb^T^-3M6SLX zQ}Y`h`FJ79{J{-uW7iXXmAdV4fR$*my_9jxlj5rJff5pJaklO6#`jLfvLh&$-y_@> z)6KM2-vv3@>H^T}_q2Cw$Lrp;SHlq~U(0EDHo}}?E%Py#B9QAp9-o5olpI%)iLdNR z#)V%0;SzfcO};A^yt2oFi&~AlNPh$#qgo|_Ag&gzCKf~dW3)$P1v)QgRSHRhFtAf7 zM7ABMbstnLoy*t#G#*t*4TyC(mXasfKyuBgM)eWfVT8R4Y5FnK?jK-nvi0Q#EBD*e z1n#%YNfgs9u<7pl%`YCGFE|TANTU2R1M6~LFSQr*j)^?Tb}@a(FN)YOO7#ttKdu>N zQQNys+kpk*ZG{O`CLY^RoZW#y###k(n+^2KX;t1D$7+K$&5b`4EM>uGLhVRq6I9fg zcGiL?-2*JG>-d-+=HinQ&F6=yqTT|eo@zRp7Ol@esFRkl}jJ>W5lHz6?tAu$$f zmGmZb(cO}rF}5jN_JkZCGEu+N6nKP&GRh}IPy;c)Ab+J1z?bvx5Oku4h4eX2q>st& zDe_d!11HWt4u~eB32KHkgJ3|y*|$-zTHLhp2g}!d7W^de|xTmPwtZ6VX zQ%;HSIWO4Cr>b?%nq<4lOXKB=5z=W0ekK-{WI%>zJIQf$%q}-Ol8^=^wr-_2zrUAY zYB-g3bW*5{mWd4E(+s3TjcAi6dpb^+P^NW{l2y8M0EOc_-+We8RAn$t2Vw&GlH(-? z{IQ%-hAHE8C@#U=4qpLoap}zQ) zKU-ln_%N3K!HdiVvOA`T5r9#4B$SQi2w|Ag9q-G+X#OGHDhL_e#lxl%K(63ZhX)e| zI_pyx2i^C9@y6`8>${WVQ8E@QT^A*!($EU-x%M9(^*43oB@T-G&0K4S%g9fig5(pY zv3gfqAzj!oYtMb@uw{T04D;s(8cx9o+a;>6sVw;K!PMo2p}mi;!;^(Vp594G;T8K$ zK43!PfnfNlaeqc>2dJr3$K}>VgarVkDsA%yMX*pIXiC-P7uDF`?-b-hxqgZp0|7a? za-~2BDP{y*n$V@m)2+XbABZ1z-S+XzM63ZGY-;wxebzo`J(#UH06@s%0PH-~{vpE% zlL;-XPcZ+rxE5hb+r>>=%X6f<0{hkTFv~P?2Du!3wa4)>k1c`+;-VC06gMh{xJNBH z7$msk)SpQ5;K{b~*e2-p4V_(Um&~{J3T&qRUGf<5pE){ywb*n?LGidb{(XAS51F#65uOutMTtqJj>GNyRLck|PVLb(u zx~C8^*n^CpmYBa5S+t97M-ta9F_l$*l0*8vPoEw1NGem(Ch#f`uLzDLuOC0awyU=Z zBYtYm7NkqmKbjUX_@f_|vQyzYa$Vl+_7*)aBr5b#w&LfZPJKI~J^hiV8~MBo?O!aR zFU-lRZG;TUL8)!zeQiGx${dk08w#}M^cdIl(ZL!D(Fot^D}8B5C;x`C8b){nM??V{ zK;de7*;{BLwF`QLfSi+Uf40wE`rNv2kD?#Med%h;p_s`uf zl8@X42)Z#}b@BQXrXO8fsNnZCwA9A~b|bO>*kF&ix)&`8?Q80sJY>#${I%fY$M+jd zc8{tAY_K5k$ww)A4t!Fmz3VVxuXe4Yp2s*~Jg>E*(;Q<%cgdQ*B!*2n1K?s0v{&A! z_|y7eBLBq&7M!mQaE(aA$lX3<6EQ2x0+=gj1q#$DC>`XP(xw#VU3HK%(|&(I9iJlH zA_uv=qkE}`1Z8t-Bf2qtsuB|Jpl>NGV73%V7Ab2YG%>>GO22<9g6@G3xLNbjLOBo! zu&&vmj}(3kV1RL;=NuWUcB|h7PBrM|G+ZBS#13eIA94Mz|MueQR_G^55!465<%?Z) zJNlYjmRl=5HkI4ux3E#5xqM;)r8;G4ZaPF|vO_dcpB$2(+dDxYASo>j@-Mxy$YeMF zqAe0Mp>b1AD@cc*$XyOqjX^i)z(=mP9wsO9veiM?V7i1%*H2#H9jq^7KV;(y(}o)5 zP!^3=iJKOmIyzQ^bO+z1n!z_L1^|_Rvu#>lst^=hFLGLkT-w1}|eICcX*IhCI^6D!7VX@FDjOnEAw*`La&D$QDf<49#rLbEw81}JPZHRiH_nkII73&VufZP7C4_ZbC(Cvo~M%t zp;XSw1Z{opd%V4W9j>iFf}sfq8jwz9fP*7v_$dXjDQMS;Y1dZ323Y)tpXBbJ!RQO1 zqpC8Y_rCD)-lFe_k=No>v-|qMvuSRp&n);xSj7f)pUdIEH5{LEDJZA~$hU&Jnvw!> zxORy??-RYswLkUs^=t*1?Q^nPwBjU502$T~>Tf)N>@)UY!v3Rp#sld6?FPEk4JI(F zqJ6?b-^afm}F*<$JIxwTZ5vr&FlAk8x>s$y@m5YFr zq)d^eG-+J`B`83El!==eI6kQ%cr?Zzv4EPeCBI#c)y?d}68xk%@yoNgdpbc*+>HBwv=Q}SVAcvU zQ?n|g!2?lfC)I4beC*@dyqvgMU zfRP-ifLrv6X zzFZOebuB=dX9P|{XUlH+@EQ^nUseDeRjhx)x+7?(EYQx8zu`4-~;ehi2o zS>VZL#5z?E?rAU?{}00k>EBK9Q4@@TzQ(57_&?guvv1%)E55Q&Hp&i6~DV*@Fy3?*8e^UNej^g zo-HW;_`bEI>@HbJ;(r_^#e4D+(IRQ=y}WF{^OW>|R3yny_hXqL(#O-eADiNTRIq%& zE&@*u|7Ab@^4^_}^Yf|t-zu#bfsH^#7kzK&vQNXO75||emV79Js-eRLnue$|7W1*PtD!PIwV@4eNmVsRfwY+2 zl7YqW4myqwH`+8T)~MCxmd%pN2e+c`-)#=eSKOhNN^nGj6HUY#i#@R7#2OhtCasXf z&cFemcG7nx#FAu0`7N2VD#%EJVa+Yu@58KBD{iWewY{uS1#K4w-z)H5lYBi7XoyXL z)vpQiVO+5PNZxX$?gCvx9tm6j8ZNfM1!P8JHHAxr#z z+-V!u7+;y4gb6H^qlFKz2o>$BfJ67AISO_)9#oSn!7|qux#_S8mycAgc0I6fSYdVjL}=aK7-}2>)_<^}e6mV8rm- zkl^DZLH|P+fp;T`CLCnXZR8RJ(**qG0fx?D0LKc;vKb5l)HEv3c*<14*(80;t3oZt z1ZWvbz*64{^wD%4~rIO?Et;#zs^kF?g%Pf%C+l z?;cl9e`mjitz39)uGQGBTDI4JbHDP(lkbhzV6aJJZJ7@74Y;;$BIeLm=TJyrTCHg{ zmO+!jqmF84-x(yiD2*}J*i@LSw!6__Kor%r9);kz%rpGl6V@?eA077ADs9=`2y*wk zi^y@`8f{U}v+_;fzdM>qXS{7ySI=3Bop7G*l5`66{7vfZJ!G1Euwk85mv`L$JHGN{ zcP3}BJ{kNsF_hgSBaf2it2tJ8*ZqC93)|ul{+#8>nJE%CWrg zRiu&-xlj-BmwVLI(%kD4oQaq8r%_B_FSqnYvT~zuTO(m}BrV>Cx>YBHLzhv&ee>@& zwFxJdHTOYHIG2%^rX*LQ+umQ-8SZO1f|I{2@lo0?Tj#@8#-fekC`z3*IYQH|*xpa; z@xdmyY{^wtXS0$fW%Td79=0-w`8R2#1vtOIzG}sceRXHmWY%p?Hd7NXEaXrTSD*FP zyLFl^ja4BxJYjp^pJ43Ge7*a}10W%NkW1X-K4Loy z_-WN}+4z|5>08mAt1gK{%b9=;s%-_VjRqZzV=1#1CPv}|3aH9gV5eBM<3QD0*3j_F z&{rXydo?AH%83GvvKj3qg78TzKeAB1z5V+=lDk@qKDpYbs6Rk`^!4FXLd1ku&*P_W zIwN|xpY1l39-jTR;9gswu{uf}ybfsaeTN{}P3f=aUs6GV`~7%bU?gYXTNCSRKOK$z zh_kPUM8WbhXz%dXv{8(R&R&#C>qsKcL*(DQ0aLl6n;E+VgqOX`(6|&vhSJ z$}cN#EPw4)O!T!EVTtvrc?2oka#~+&5Kvg3{r2u~B6M@DlecKCN8O4c0P&>Zo1|Ux zY?V>w&P1LHXBcxN_wDX_Er*`7<3L0vtK)h8 zOe&OPwB7#FY$!cv=WaD{un;J^mHfh%E}$m*#v!;mFd#-)x9#J+&$3QaKxTynQjy;1 zOLwmm8NzIImL4w``pBB!mTWHbbuJf z3wiB1XqsybUk6l9`8Bhryf8eEa^!b>`jlQ|hJD{{_TN<{4Dt`@2(-wI9rP zc6i?F1HL)H6l(4j>nm74_+wY>21!>E5}k9bmOcxJpi!=m6ns&V?dJcXUqWe>anUNV ze}}V`R>#;#cA6uZxo%lU%3k=#gj194ew--Pdal8s+!UIU($cA(Gyki%G@XlAIky2B z=>Hhx;(4AdeAX3ylzXn4dVxA4=nWeQZv{+Zc@S={0p?eXVFO`rHwp%vE;T=9VqnqI z%H%Q-=m1_^TD>*rwi~O+yWplCyMA_I1@N2M-V_DuZ3VB2-4dG*_H5KM4sbEMsg~~Y z!UJ-Hj|0r$eywgLy@^7xv3dQ&inJS!wz; zaGgv2h{G^y`=+VCQ>Esip~SZ@enut}iqgobVoZ@Wd*;SV^*!Kp4(Srengmu#F`e47 z%HUDO^?bdO9cKC)!(k-Y9^7jAn^cd_zq!J?nv6$!4D84%w6hrO%~6HF^MivuGl@*P zP?7ab!G6tx<*s^vS0ZE2T~9e&^z=LGADVxv-$Q?>VM_oKA~Ao$~X&30kCYjEh7+QV(x z{@v4!=YLoL7PBLiVl`l+pUOO-j*8w*m5X&Al}rAlg>!(Ei^uE0SoCNpA($wHVsQ1R zzps^T5%Z8pL+OwUq9mYcuhMLt&|-MC0Xp{v?ZW88&sfFlrTous+@~iI8~fGmw^yBB zOI-M~{vBbJ_Im)#;XL*&@6Y8m{c2h%#qzkHEUvSf35(e2d(C`3&@tdC%LUd$Zu;Xg z33Oc3`Ky4-<(b@oYR+DghGBG%^o1XdaE={_>ORqx^Ao%P1yV}br^O^F#o3UQ2 zUqd(rzjEv4Z`S@4-oKq>v?voJQHq*!m>YJLzZ6<`->u`o7WGc(^n~rQ-Mo&|j|v_2 zTGSt^P(NK{Zhg{rQ*N+ie6HRxIAi49wNUTduzKoUD(6%eJ6}M=yr68YOKtq7Gz=%D zZbDb#wg2h2aJ>dKZtDRyqn!oLz}w4M;U78a#BDdq{W|&OmczFyj*rKP2l^8e%a0hH z*a;OY>tkH;{OeX(pM!2oH`uEKyC)rkG5f#8d#sFdjEOv`o+;=`z4?JWq8O^H%Q+ym zt-I>n{>fEin;R^4pm~`qx<*3YwIOq|IRC@vu|CP4;@9E5X|nb&&acl*nUK@5FZMgm zB-d^sdq0H*+TRRP&J9XF{Q1tbG^{jkj=JHFjYc(gRZGjx8Ik>W z-*FvscIuPOJJHg}PTqcmd+4|f)O`FqQxxD?hA-RKS2r)3sP3f|cVsg9#HWES7^i*aRy@J5_MVitdknl3En?6;0;T8w8CbO>eI zcUq%CKQv#592c7m>;8IfGt9JGxI}kj;-}Oj{CxsOTk4gE4(FQU{LLC z!i<3EP-LB7T~;-elc*KbkE^;#v3FT6K_>RmX!k={@uPNU&vT!1Karzg#La;bF7D)Zp z`P!Q5hh`7r``vYSdNzWw@efIcu_rZPg7{l|>z@^h7T>KeC_DFlraXO-eB!JsvFBHw z;CN?S6>ii(_p^wU|F}_Sb8tXFV}0u-seU->^U{6QRb{O8HG{*?SRaii6j|!CY@8RY zA7;N;tUHo^z=e%g%-Y}BU*3FuKK!8J*MOh9R4df|7$Lg7SS}4UoR>>^{i1|(=`i(K zhHnRh#Z|!K1giUW-%p0ssTgwBk+wS_vU3jwu9?zD(dcjc5$nb?cx<=f_d=d_CbanV zzmFu@$y(Q(1S$j5k6pB9>Q7rQP2YK2k9-xOe~x|K(aH6NjWnJ#pfBJ=c^qOo1y*Y^9#@z34NFULG zi&1TARrOFw^mn;oQ<2xm!d+U&{;Uy7B4@yz7Ab`tjJWxv;`ekZ5{Xdh|G26xU&(+Dj}p zF+_|xXTQOuwE2=ed7&vQ+^|u)aoQgiWT1o5Rmj(Dq_L{zD!!7-pTHE9P6Yj^)kQUQ z^@U{oD&VHSej`FE;6%GU1%pdFFtg#}MYXE3|JSkWi36MU%Txt2-RiLC3pLmZ3>?-r zIOW08bI8{p9{)A=+xX@?jGoW=w+A3`RE>^8c~GxwQ5yLmq|HE0z!G%*JVYRW+$_Y` zhu);+`w@_P6*nc`&d|63RlylazlfvY%fF3NhljK6+-6hO$YFeDB?uCYJ^1g#^^LQI z)`fW-Y8%=y-iiU2`Gg2+=I26m8=RW6x=0nL$hyafm2aR zt&{s3fEDKcu|c_VT@*))#7>9oHZ@Xcma?s|Q zo*LyVCfF+)uMa*h*3n8iBYVs^u;?^*c2u|Ahp6u*VuOR$rH(mGuYX?l&fzWSE6_Fy ziP4JxHN>CkgVH?YuXrq2Kn#)>pym1G)V)m#kXZRd!fHA4MW7O7v)>18qv4Xvf*w|D z+j)1GICW297&!fs>tPvbOssD+-Hr|?L<9GVKPp_AZSp*d5t zs+H9h)S?s3C78CojGs6zJm+N7}SPBj#bfQ&P7Fsy8Zw4ak+xuID7<9>t(QeTK zuehB-M#!&UEPSSX>(h;&F4c8<^6zD+e=sZq?U9I^9jrHmL?PVae8b%B~JK7s-A=$w`|^C4cFyTn|-ir zl8BDZNL|S)^ZvszC(Qh=m)eg=FX9wdys{-wN_kht zv^_j3pJGEm2rCwg6*IxRn2kxf6FXb%DJ$(0BnLaFd^fgYE=SyD%NzQD$Cay|%eUmX zR>&vOyV9oiAgM^5r!Vr+yNA>L4V>HT$!gN}{>phyfz2peic95by@wXMnBuhrR05Wt zv|na+B@NToF^$ATV3Q9({shvCoZnEN+3z9pD14+T=sxct<+_0C<17yF*aGza6P;h6 zblTvEJ5^>IgGQi*Yw?;>fjXM;2Jk$7*kV^_a0+q#wfXy2_5k59d@qOFqipBFgRRzN%z zu^TXOnZLjyRqwS(zK(Aa@av|>yaP|oys)OGH)ExmyarD~0r*_sm90Wpk_k&d`X15# zZ0?8lJ8I8Q@R4?<;*LX*l8LC6*RL%PUSY2KYlO8q@7YC7SYnU`%i`ZNHZpHxCug4u zva@+ZK$^-pAeCZo$U5#~Y${nd77(#sc>i*5ng>%{h~JH4*v91Qk0A{qA}>)w*4Vo) z<&@fF%(0D8^lJ2@i~*&n6k*=;h%r$vefYEoEMSP@*@5)@C<#&ZGBMA2z*T{m8@R&kjh}JUC#Rf@_ ze48YggncXyx!lT#!YUwgR`5z*Uhog`U?lbaiRx7Lq$~DX+ zuVw2l@D5EeD0aO^YSn00`(3BFDsy%Y-^ljNym!4_abZP$Jsv)o5Bq7}C};CggQdp1gOGE(*rvgTb$^T@fmydx+fOFk$;d^fvjeFR7NZYB)^(+Nlb<&h~QnxXc zu(D7sKsT#9UOPn*zFte=X0$Uq$186#VRmL?eI|%~m)BS$GxEdO7$QX`)en6MNd(s;9B(`2VXHwnG8`V+z%fL53ijXtCh)3wp zQQmkTw-$SB2fdanuAF3@bSn4cWZU9OUy5)v|1CPD-V>7*n;WQ`<05y~>2@tCc#Y-9 zyr(>9{KTC%vYhe6g;{a-ih50rit%izqKn`{_QyJox;=Q!A|4B<^lGk4=7f?c;%LdW zE(MlMklfP+YPcjqZ`^9=F7*C%GEy1-M3#nBX|m{h8NiUei2bB_?%u16o`;$F2?NzL zaz+ZhuNBqIM~teS^ddHIIfAqd2AyVX8c!xvI&$y>v6L?!>}=ogq}rMby`1h(Ngl9` z(!{6-@sQy+()8F9L3^Q+4%VbCG!R~}dF=j8QBm2E*Qd_EFPV9S$7>^i(V}LY9;GNT6m1$=XUFL2CpTeJ)LO5FnoH8d*x12z zm8evzB5Aiz3$$vig|9pN^zuOu&WpUUdK^Kj6a6QOh7@a7oT3vAPX_XsR+`s~Mv@*^ z(OI|*J?nBR@W1T$E_@`ofAzfUZgt`Np=K_-hkDb~p8VGBh~zKPv#=1JBr0bClSy?w|L$N5#aaA6 zU*w~$SD@qol%yzwT}qC=y7by4m3WPwCD}gOw|Rs&c6DTL0Tn^R^F+g;R63Q{{+F#5 z(u52bT@5AF@u`(E#6N){ACc1z?iP@0N7jC=!1;j|X8Pa0=g0IZZ$e9hhksR!P*3JE zjF0L5ydJDQB#7FLhuCZ$|4bipR;(+X`saiaN(X1ub`+ z=xG%j=aa|fO=^pFqGf$v55QC-HfA0shhf3-axeLm-~89 zY@tiPM$b1+HVFMc06}^n&k;&LtbLFNw8VGX#yvo`L<_j|Wt<=F9%!Yh;duXvwDh6qTkzDdM~n@;GvJe&qt3rl zx;j=3xEWdZm^8pKgbpPSc>a}XThInL{(&(5aa^ExZ|K;6{;TVzqjg<&iLZxF;Jnp; z2L30~{y!$A!zpi5@|nOVfIY=94tQk@c#UfiGBPgjzf$&Skjazb8={=%;qmuv>Z)Jw zF2n$Iz?76pgFnI69q=RNc=uRK2p~Z@s#Q3D;GY!0y}i8?fG%=~0#TmHz&Mn`4nU|Q zz)E4f<)`ZT9$bS|G}EmQ0m1Jd8Gu#74{$PF7J;KHqdF&zBh$y|EHfoxViPrv}ngQ5w7V1YAmuq*b8FwIujx)6F@$l@H9!(lY2-Lxu*nydmHPN01G4Yh%#e77-|ym5FEu z4wX>A<@Bo3%GK$4KeEaUekvqHSULs9+-Qt1aO@DdKIl_tBk>^_bM0*vdmi%k+h+WG z4w6VHr{pv<5d38iylTNq6F}F4?pKSBPZ(uS9l=ivIY%~D=TnWQd%l#Z=X&Fqu}sp6 z*7bYs&#iAO0U~Jt7+N)qy7`6!JQX9)$b$5-u8ini)EW3*RP!x! z0*QU!DDMVg8T2UxX(Q&k_R0bPGshoKyY;An%XFcc3d}fiWYEiB$_1*D=;xQ3EjRm< z+d)v=&nG7*A;41_az}YMPbLvzm9=_W%D}P&Luf+SkM~Lwk6}HYX9* zap1|c!O?EAt(N|>H~%Hi3uO~7!rE2)0BMthqoff-GWmZWl+N6JbXeZVh7e%QI%e$) zw8bI1+up};<2{&$vN#Vi{&EH%Z~`9}dRo{e3g25kg&`?;UE;3URqizV;Ulku-WHhmM?i&024u*L*res!Ecj=4Gmm|SQ!0vw^%)alcH5Dd?@%Jjp` z0&VfoyZl=A6zl(ZA`R3@f)Y^RwhVrgC8z`peBP&;(~TYC4dHYWj0XzKdE-n#Zen(v z&&~q;YptR22`z1UdGvI4Tiua37y9VY9GVUZ@dY4D4M5LUe>8`d>os%lIh(ep)L(H; z)BWJm9Q9??d%5_^;7~AAO(ACDOFAg$y6ByCJ(oGR6qxTJW&$_=k^9a-0FH(9vC!Ul z+qK0ypV$t^^oJJ3J}cLM`O6` zC%$}AVBljO9xV=dItN0$(KOQinU0V5$`ST6WH=swFDU?3Fvj>fAq?0e^H?!M7=X$>1XL5#w_L^1Z!+w2@sUha`i zt%{wGd-P9VyT9fMk;S!}EdK%2-_ai?zzG*6WIxdksJqPl=BvJEe=?P7umHjBJD8Vb zfH#&RIsDeg)({FM0LQifDHtxl!-TQ5djUC-74YC9g=f7r2QyUGb&b*RY_F|KIb-i# z*~+D8gNHNK-lr~ll`h|vlf<+gY7cczSJNV(BU5E0dp--n*OI9KOT`GhteiTE%W5=@_b5R~1xz&yr0hWjxiaX-zJvP?!0?v?V|Pf0;MK1z0ylTF=} zj=aX&#irAJjf%7J4W&K}$wlUo?U4xl1=j%eZ-A@fg+*OyuXxS=sP|qw0H+cF&lX*1H z+&-OL-TOXd1QM${*RV>M9g%PLCL?CM62JN|$!*mLSYP2+9%Upv-(2umrqyT;uU*_7 zNm}}WRYGc{i?YV6SUNwuCFONiYUkngeabld#V7K1Ouq{j&K2d4>yA9kzpKlHTxrfa zIWT>JSjzo_1N6VgdeK@9nVh3RXSB^@btPSU?BsUlWBGMvY3O~5M1dL6MdS4&S<@#;=isx55&BT&MD>ZS&b*IbJ zXwqu`Cax@Ygv3#-4PYnEZaom6q_BSHTeq44ATg8&7?;01 z3A>{JHoJ@ElMdDCGZ@nJryCSE#W@q*8s=gXjaCvB{`7qFJ9EnfqH#sbAq|W07oK~4 z6*guQ;o>L960_8!P6ZUk(cZcgpKfj@D1Px&Np}lz!y}1h(6pqQ&VCzeTx5*>P+ND) z3ze*8Kc<}5MVZMMsi=)U9ikSn(6;xQMK;x79=p*SGm&Q#T_DZW;=8K0Fx zygA7UTrZXB+rO;Z*&e4juvJ(1@My0|*yOn*cBfSMJ`V%;iN?{@i@_{SUJt7QrM>mz z>KnKYp61zi&t4V`g>7e%to}@3=r{k(mAB(;#eF&QLH1%B;HyGq7Xf!#&|elx50LuY z09{&DM7j48q#lwEllw!N>aWgh0f4vUbP^Ej*#SDW_F~)bItn;XJKMsjzk}<|;>WTE zyy@-Qx<<@kbs)F|kidF{v^<6=b&z$W8iivrk)zEi>NMy75ODPeK}HG8mXth2j?QOD z`2@|W^^aoLWWlW3@WEd^S|9COG~d4fw;F_dvS&;I+b!NmF<9g%fJSgw$Oy0?JwMtQ z-y2loRREpPJ+&p4JpxXvV&%tM)3!5V2!>O2z=X^@rNTW(r<&t`xvad8lmJb8zi3~j z(thF86Fp=~B$IsTUE$*h#|2y`cAR0kM!svXV=`F!BW}^qqPOR2!+8==3zY%B--x-Q=YjBb%G%U7INSg(y zVIH{%T33VcdUH$y&dW{_XeoQMX0gvBqczYmoi%-h0O47yKSPvwRot*g)jyza#)jXH{U4Eh9=*Jdg z)gId~ktQZ2tfMkIRC7#{{j0e4;;7kS9JQyd_s}D~Xs7HBpW=O0NiGP4s!~Dbk(Q!v z*5`IHz`QO0HG3}YveR;IBXGgZmlLwkNKp8mnM5Uu>5%wPi4{4-vXi9y~8qbH^j zv&ioN1a5X5cLtKCYU14G+T)poejh~rR^7Qnw))pM7@~Xg@jVH`NEfWwwk<}buMPsH373oW|hx-Puewn>YvMn?rI)#QHDw&mbv4FdyK z3v9tNNieU#duQZBpcvE=p1Lolw&Z1Sv0(3?Eak2`V^r0E`dUy~g!m@QziRb0R-rfB z3ijB9{`W+JOdVp$#}_B?4%B(cOt$fh^^dm=c%(wCn0f@iz?O{xAiVhtVH;x>tZpXV z`rl$}FoHol7G(@8h}YEWSR~%50qv7b=h&3LeIAQ~O%=t$N8}wY1Ai!7u{c_0Pt@NErIBy~TA@5W;Ni(wATFp%oO zNBa>Zo)`-NV)W`g%5@g?3(&1WwSJGB502dqHI}f!Mi}72d?8wM)MMYLsRS(e{7XT5 zOyl4mcDg)2^7tP!h7n|>UC}E3B0BKY_+zn#kdfpwXjfWo_|f^qF~|?|;PTo!8^kj| z3NQsR0U3UOSk;#Jwok-`{9PKjvQOj)kS+dZyQP~)qo}VWtNXS}yrJq?w*ah(#sj${ zO{l4y`nG<>zVagpsmM!pUh^WeR*pY?&wM{^MQHPrhyVki#{UXi(}i`W9wq!pRV8}f z&jU#d!0-6nqWMEB+V#W!%A6l05OUDbljQ0FW0A$y&uV6?t?RlBv=x>sUPQXBuI_1@ zn?oD~1P~s2=8T$Ph9g$N)6jIP44^=?BzGfvOMS~ zig7K0-JcSN^cj$TQI-k2$?3H`f3CGu@dhZ&GA$nbOkj!EBIHezJY zYr+p9e~=n_R09z0c&?3A@4knMiBb3=a=!{jZ-bjDWMDr2_CBfsN!?kF=hVo7f3jox zyZdK?WkW0{toTC(;6S&z-mru6!{f`2Du2x^n^P1)N=g&XF)SKf2ENI%sGS8`Ji38< zJVem~n^;F!FWAmbdObY+F1R)Dj;KGPfdMp9yg$*H>rN?ZlxDcvXJ(14gFm*azI4V) z%axvEF2K2z{mdRYMbf@zauJqCr0Oq~tH%VNJ0cdQuGq{P9Z|Tl#qYY{4*)lY85=5G zU#T43m&kT6IvA8woUt99`rZkwe5W-YwZcKIXG#)Y()1RP=f!`f*5bNZ; z2~}&^oR`MB3kob&aC`!qT|LO%B2NU1a|nQbzk+aewq45CH88s_7{g)5j1C6${go3` z6oQcU+LmJ<(AkE!^Umw8Zt*k$neYRG^dNgC$#8{a$|ns?EaVL)jiuxoD@`Ph@n6$8 zVNhv+IWNX*Z1m}Zl1@NdJO;u2WQaVPzbezwTvG_8J2Rcf$|#KfChWA5&FjzLMH7EA zajXh(Z856!FWkc|6T)}eEVuLXj-UAY1JdnIWlPN675`5WDa9-n`Yfd z2oe=Ru1d)h!WzamoTpXsb>qY-N?E^Fd+=HEBTK?H23zvWl4W}}i)d}Ezxa-F8Xq)3dC zN#07=JPxc>!t^NLtkZB>0y!)FML>q+ zFoPk*TN~HHdXiOFsUG#}fTaG#K)6X3fUC4A22GMtIDkj@b70eN+p~yr-JO?)iM)PS z*l8+@sfCb1E_GMkLvpaV?|Ff{r9!3LgqYu|zxKuCK|R!Ky#V;BIEigBw+%L6tmCi8 zgg6U}SG;ZXAyjv91YKJ_j5uqG5{TE0hczWmqzmC~5}{pQV9$cLWjcX*0%1WcK#caD zyOxkbZHW72B~foH>j32*d$Gpm-Fd>8_^aYA6M9es;%>PI9kgz~mauW$$5?y)Gxg?S z!w(e$XEjYfuK3j;ZStPV@aw5VEc?bo`-0}fZQEH)WDBfV{io40&j7gECetEB?X#45 zfN#T|VXh9hU_Rsw)FCO?bJjcESJq703hXO>Ev$EmKjB8!Wu=dTKHQEQNaL~~7;Y(9 z%itFwBYkt9mns)wpf44=Y2vph>f%(NDCIT6^|0eJv+XxVWak0ZnD5iYgO2*8gKW(V z2W3wPb)ohAFXNx}m+VsgLQf`rZbFg9$G-@%p~2TLtE7;Uy11{lJbs!HQ4RA8zVe>n^)U%t2(v&YcC#wHL2@VHT#^Oi%spL(=`9 ztHsZs!L+QSNTHkggm6}8r;$5fv?Sg5@s87|zKRQdm5RJOag615JQTBRB zrEYoxda$9fnMzswiLaCAeX&t>Nq8I?+wY?wBuN}X@f@mkbU;Y{>fwI3V4Il7&fFtR z232^`=}S64)|;$NDcTg!Tx|mS5KL^6*eB(0s0CW>= zHuEn{(y`zk*z~E=={p|%0O5+<8U_jB&Tt;X5r0x27Un2+yj?f{1<6V$!8S zwN2AB(>AI(6G#~+rNfCnn)J#fs|NGI1$(FzOAwuB188(i!(Lj*ezazxFY%y43&2O+O?k#1F$sa1W|d zEVCH;sW^YW&^!8Mo_kwJ!IHUf-Lh^&>F0~dbfLu?KeJ5KB+9kEIwao;c`QO5N0y&= zV8P6l`zERW*e#vXAh+K^hkDYx#%SACyrV)U_?9I#sbk0JdZNe4w~&HE8CIb}%d!GN z4>7s%QE$D|o+7^^J8SpjN&_3!&`b&P$l=yJhYSZd*P?=@>iodtLrKR`cGx><*`CK_ zC!p#Ir@;q;Um!en^z#1W8_11&Kcm^~GB&29ZuFaXksh7DWD#1#(t@Nfs=}e1AplLX zTx7if9gm8%f9`vEsQWUUYci}5I&?KtIbLS_#Lh#yTC}nyX5DAFA=z*tCv*L>&UmG! zkHX0N2WyCJQ1;#X){#ilgTGLuaAfl_dMRRSH;4R9BUt=%^a@t@iKp83p#1Pok0{3rU;A1I-k4S@5=h^ z!mo~JEd|YlOxxmHl6{Zv6D8moyjJJ&8Y`-xvD$*VDop>pv}-5CEu@$Op>a2~oJM$} z`BL9$=&Y9@|nIljq3>*PYF*^xT}dXRva66G~mFM40<#YySnfg zxY$eut;pk?Bo43U0*FJOfPyvOS+OWTx%`BvSqtty-5gGLYEf=-a(Ws#%V=?WT>~=xaYo^&6A=C|P!nTda3KvpjNaWe2D; z6y+yh9mt`l;tB76ZTI@HSH5@Cz>$1022c2nEBd3Yl9lD0ZIJaLU2jj{rN@mN=6<@e z1AT3JJS=~-46BobZYDH2Wffm)k3~f~_}pG=JHbRA-NzSFw7eE!k>(P!Lv;Ik*x?f1 z#kgx%8pK$<_g~ouX<fw)*aC3hfNHYnw#2C~<4o?iWRwVC3v5OL)3dt=wM{fi4aOj9o z(LhP&`dH}1pK!OT5@EYBlLqR|Y+i$flWzpB+?pAol{lAKG3$E$<$nIprbgXbA8eU$ zrJ<}O4h7}*o;tQ+lUuF@ok#mNGZNTEvHG_ghgxG!VFVoD)&F)pumQ%t8z&k(uF~ec zD&-{YRPA$0HLYmp+r9c>vu6Tajv|fq{=m8Q4D_&dC8np~;_v zC)#rwST1gHG=tn$TISmHBv|30_BRK9_tW9R21PJ1yQs;j%H=Azs@A&$Lzr<#XY4Dc zE$6TRQS%mV3*^(H5|pVZ2l8sMH61WL9$^wEQobo8CUFA%UJ>OJgkNDzWi_!ACQKf2 zS%@&BTA&n$zbiM{W!QC8rEfg5;+91GyaTq)b8o#jwlQw!d7#82=%gIDG#hT3%muhMGv)`di6^s!xuGxB*|nZ8O?QVt~SO|u1a1u zyS@PvQ&Yt#{xpci#@Ktaf+L#OK#2ZHg5f!iuGr7tADx!W?3-0W$cBylFl0g~c!kIj zbDv?Tk5W!;sIRkJFahI!%oyI^?`*RvJYu-?1We6cIx|viN?dV3`D8pasba>H6Jvq$ zeFN=^nBdGtHq(J19dm;?>nI-!hSJ^~Zj;F;0R0CX!@oMVFXtRF$Zi>7WzpwCB6JHU z=10t-2_On9_{%;H6iLPMvYHQOOGqwCfXu()Qsyh#$BHe<1*@9*dGiJQ52yupr^L<` z!Su$QjZzngW(v8+%bnMP-?B}`!7(B&Nu!w^NrKkNtTXNsB#&^c<%z2Yx#E*FnpsnP z89NhY=x=MNtnQ_TnVFW78%*th&0;#ih{hULmNT)xVJaM>A{uUTr?A2~1;Irn=uftT zS6az(@OwEN+Ez8YLKU5+&5`;=D|jfB3p#j)b#sdJP5;X38|Z*=@3Aj zl-MVc$Q$0>#IZ*B`%m7HXLRc`k^~8i4*>N}!8=vr896uP@xod=aV}|oM{a&qr?u)i zQu>z8V=hBg+(mu0Q9WG4YPTN)5j9B5Jk$(*e-sad#gnqa&Wz2dDpvoyZxgG!xEki)S~O9$d5`P=30D!5B={ zsuISGE>%1@oOega7DeL3gH@BZ>bB;;#sXY<3_q}4JA&0AWFRtyYyk*3mp&pbkwl)5 z3}e3~u+o4g^pIfvZnWqg6M5uoVQR-VMb)YB&u_bWA8d7!LAj@xTb9wgD9sDxY5k#UWW6a{37gNNX`H;YazPz*isi~(i;`?mIqaU1gE#TR(5aFDCg z-FLT)xLiMrzTPp>bXVg?qO_fRp!2AA!Cx)9OYO!78?vgenq0c1X{MH}iIpc};RmH# zCXOWSu?%!`iN#2rxw}r7O-Oj#?RdWBAVCWxfsQmi85@o~QbLlaP<3y>+^D_f!zXL% zc<7RMy9x73?|$X`0ofJDMgPUET}^|nhk_SgvO^sngj7*`nFUfv~U9TLY`+U z(%1>ei3Toijk$C42mIjA2wv98zruLH8I?bKMs9yrj=(LMWg0L}~d+dDp- z0PG7Yimde~o&FRfd@QeYF3#eiwY=FE!5-IKFzkp=3s}4YHiFj&*oTPtjLOWUTba<-U(^u?}#amH92Jy0FsBC9F z^Z63~@Wyi7bqkQM+zq`!K4?Nl*a{6bStrXs2cF>XdCUJz8#?I4Bqfpq5__|+((Blv zWRD_-eQQyjg`5t<7omrT#RgJ**-9d^Y5<-gN4!+vpEAa z(2)&~2Y4^Ky8;&S`HNgyU1(c{64~l#!R-8fj?n+iLXn351f)I#@tFHn$&rzUOSYom z6X=`R`R~bvPZf}4r9JxhZqtw7ULDH*RRxqh?Q*%7%m$76k>FF9*cwhj=O&L~CP`Mn zU)BbAsr7Kqa6^uE?op0$?b%X?P8KSNzz_zGNnRA|j<7>wEeL0+7XqS`0jRWUO)zCOqoouxX>0SpjEGK)DtKuD|t;=N0v zxVx$@v7F!N3jz&!BoO73Wt;=wG^;B#pMs5N}UPVts2-)%R#_D N1zA-Y;BI{L{{e+~Yq9_U literal 0 HcmV?d00001 diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/baseapp_state-deliver_tx.png b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/baseapp_state-deliver_tx.png new file mode 100644 index 0000000000000000000000000000000000000000..f0a54b4ec34bbe282ed6eff81369428d02dec095 GIT binary patch literal 59007 zcmeFZbyU>f_b;sE00J|lbcujcN_P$2pfI!uf=Eg?0z)?_2oj1Qpma#rAP7vz}ltaaD(*S*Vs)R{T&eRiF_U;B055n39Gg!t6>*REY7R91rPT)T$J zdF|TuFbEF#ADwR_sn@PCUQ>q4Jn%H#$iRL1Kz=BcAi?fhJ7ktE`zCMpV?DKeI85rE zDl~$G3_BuGh721H<$Zfo=4B}(ek5dxQ{lmv@No8 z)FqYAmMHtPG?O?LqN)>bQw|M}kdC95xP7tTFXbj^H&%M)f3{iu?%9uztSYbWR8{;W z!B~Yqnyz!BX}UaJkCD1McZncjRVm~!sXHiqCl@BDzMN?&<^zM8cbQJA?h8Z0OMkoY z!x87L2KAQQ7~qHXzK3f+;;NnwWRFRnZRpySG#-63ev)hO7KW&G&b>I_?>D-wkzP}4 zT7AT3lGXKgQp>6W_{%iJ(Zmed&X8WEYQ_A$%68P?Y^#2IoXhAl zr*4DiZqEZ9!w{mt7#g7o^v+GIp8YsSiw4QSAQ3JF5@C(-lN9Ddq2{}|UNDLPrxEVd zkd|aFBb6I8f*ZYU#8T(4UHTm|9cLXM#y2R+GE;H|5dc!gKxQX*I~((a)pGbP_+0Iq<@J|1*v>GFuwr|-n%hY zW>MSoUCGdr0E0y__S|Q6FxPDhtQj(%U2&i$0mLr&`rvLT?RD_z8|D%3WN`~ZHH{8H{Cc3bS9$CLf@ z_=B|{wsR-TSplcJUm3Fg`uWcckC`$`Q_s0yGQl_*83HP*120(^QHjnpp?Uyg=@ks;=Bxf@F3Fc#2!anyYyBu9RPvDEj(nMT6de82eqKXdD{`I^r03vMTZkVe=Pmp0al05vJ@|dT9pj_IC@T7`fZJ zJ-nPQmV?tMpFNjImjdcPvB;s4ZINSqh|IO_&lG(8C4BQmF1OWKsk!@J7uz!4Z-#(# z^I6~h7&@1pdw~KyCC!)5M$G~w1W0S|6VZtdPkgqw72EC+`?#oRe#qUkpA~RfYvOnK z<7nxPX&55cC5tpSg4Y5r!{Q`7cDKhw3D$=>Vw4bQ#8uz?BKhb+9 z8?qS4{)Lp8Gvu0PoG2C?;R?NfJusz*lf2z`y>}yG&xGFY4l41|f(e!AA6+H4#29}E z6_ivDLf7bxp#2T&UnuJy~AJ{yh4Gu=Z8CUvd_0ycwRX8h0W@9J@SZef1;IjpN$ zHKZZd>wUas@3UEz!evnYg<8<=DKPhEjSNxp6=^cPZIpPNMwZ`EYKH5eGDU44*s#66 ziQB8j-3}VBiN|fBgnCWBUhiXbKuE`yHk__~YEsOABk)}h4z#c^TF;_b_920bFvg<0 z;}x`Y=H~i3ZQ-Sbq~^*qkS<9eJm=%ItX@b?V(D<9!BCpe)fM~wRoz#2^#vVVM9+8H zfMuVIH2QeFxn~g?rM5F`J6bGI{Gh|DX)ct8c8*HQzk!gNzq4`f>S)q&v*~QhMT!Se z+7f=P(71MRCg93X=y*s|s_Jlk)F?~RukiUoM=ax#bWN zo>JMGdCrAwB_P~qfi${%RY2!>(FTo5}UOs-TD_cJT@oX#NIdlo{!>IK{b0!+6yTcV@P8U`d6K8<*5<`#zXi?-*8!?*%^C3n$(~ zvHkRYyY{_bf+quEn|1DVg?23j>hcI3xAQ6uL3C83Cf%~}2P}4ew)PEt<=7f6$#Thl z{y>>k^!LwToAYJ*xfrRws+7co)Af@2@aug%SV39O_aZ8J;{*^%Sp{t`rlhYqy)Jko zve(ICVtI|Z?AebyEFlq3H5VDZ<;YgXEaIw~FHgJcTvzAQ*GGzs9EFITk)#Y4K8}OH zt2bzUAu6f&pBQUP=0x%f=@e^7UAP)Gc$TTM%1NdBq@M`bjx4Sb+C+sBFGhvqEC$M~ z8H0+%WD(WIb^lfD3VuJdELGgAJjz#^TOpQqb@4jOl26Tj9+H4XR_Cg(^gcC^Q3LCY zDmg<2PZDjPU$69yha;>zqNx^`xqWe%yjR|ZrC-diKFn2_<2fcV?+R_!S^c4nWNrNY z%q;+|;B-f;E3*VDR*UZ}oLgMxF)SNR%9@5Tq|XfB*p`&0v1P3(eH$!kstjFDcZiZa zpGtVmNDND6G*T?bCJcN4qe%Cr)f$W!be!2>z7r>PS>y6JqO|9YP=DiG9DUBiUA9mkNT4}+QMw~yV|Y9p&>VH2H#~dFd%Z}E z>@cagecP*#22=>6L|?GNvK|z#KnQ(EGt8wkGriXerYbp^sp2Cis%#zeh>66TgG;4z zn7a_-zKq)NC*gZ|CCsHp?SG4V_k_VE5iwe=OA^|rCNgWX8^f4>TM>a`2bZX7FHrFr`H;- zD=HBWM-CU3tX7tDu!9-+fFyZ^9d5~wE)+Zp)Z+1GT3jl~V0bgX_d{pvQ}0Zehi=60 z$*bsOBSR_+X8q54k7fe`^tB{y25&9DNHUba)j<=FA5N}KosE}M@cj8T0hR>JAb1_s zo@_C57hz8HGNWW>60tes^cpBgJz{-tU5~oWnK=WOouAXqhT|zd$lrW-6ynO8t?MxWJ;(`*0$5v({G zZJyY0m+oq)N~3fpsA&hVg4U^zhg zCd`vlWt{AF^SF%4jKU!V`b<8nPkxfbl}bYwR^=@}l*%DJmCdiJx)gyR>w5BrGd%NA6L<@fk^mNtlV%`T#)1XMrECD zUOnX;#lkgpDxcB0Sv|XTuxVq#clD+;xJM2~0+mSA z_ms?Y8WILrnRVgzj3GI%Wxh8^a&D-r6a1FbSQwWe4>LuwlCxVKQ!{gp+h3^-fPW&B z|7SHM=3`8ywR1hrF_oVok&nEoQRWc;!~+=rR7$$-a=CZaTlNVVwY2@t}vDTdEL4utpTVyU{^ zK^wKyFY4S|6}gJr$s9(S1lRGS5)F60@k7fc@L!ThfrQNE8f$W7)pm3*R&Vv{b@GqE{Gmu5Tns*4&y zkuf<+&PzwJm5Xs#BD_tf2`5jCe{^+!S@`w20m zwI5TBI*G(KN-e7+MY62oe-g|Q}QnS zzMTuIIYE~tH4hi+_s+k*xvv%E)!mJI?`XW>z4Bll6u*fUuYN=UdsUr8DV*>^le1+$ z{H!nbv#)z4d6*rh&##d^RgwDLSx>xi4$_3_#UhbY4)@$>#aJIkY1s;%8P0Ei-2X zLfK_cmNC9B=o#Yv*>{|bQY6{MOH*;E&W&52p`8dUd|AXw{quHmec?pZ8~1GP9QF+N z37e5>M>C(()x6DA>&)kbOwV;}^ukGFFx4>?>$>HrJ-apK;LKRUyTQ1`?u0j)c!XQd zHY(!KsEYe{8C;RP6n2bW>eRMLKWh0ze0d9%y56C88O3W*dP`;rS62nFW6oYgcHy{KF zJV&w=nGsK-0FGoQ6em)4@M!xybQH0NZUfcj_S5ua)ok8&(L$JAT5!cdb^R2SYu%Jr z=SP(0UBpa&nGEPom?@`U7le`OHzqe8;a<-8+2zWopX5WNlbPZ<&F6|l5->!E`6Pe; z#5{IXx|T7+#0Di{#uqLG;E{W*Sb;WN-KnoY-k|E)E8CWE7gc27FtbiXxVW@)IQwvs z(WqO%GF3Qc&aajCai29MPris;xz^>~m4IPp(+OX}&77irjy6_ly=gr^qy~7Y&zwNaN!XeN4q0|{LtLJPRvDud29n_iCCFspT(dWMjj3E z*BuquRbn#@a>NqDMRc|S;b#6U^ycQh_bfVu$4mK;iG9aoMB+*;mKy%Qm#dp0s{WAG z{c|WJC-^=1yA{FlGBc-5Sr$aq@X?QKS;m`?TdIg~Y!h3K{MgjmVoVqjYQxOSih*m!-6Jig3U@l^Jd zDz=W&yj4b#zLWe*2s?o`-C(0qNpQ=r>e#%mj?EWVJ{x6WlZmc;nZb}U91b^l@mLg@ zC`6Uhs5Dt9&b8F@j8r~o>X*PgjAAV~9HH$YVf>G`#dyP~y^J2*|g6 zVQ2s@2iqB-U@aekr|?3Ru+86vBA?>GFd;33LQ_ApxrP(9l4R+y<(I+!K1DTfn$!); zYbZ4{+eawjYlsW*2zN609VA4-e~#%G$x7fH!r(Giy=lK@hMPgl#l0DwuQXb0Lic(Y zK3t&tRUQ$~R9>1{oAVNu`XV0Mbpk+3<6iu;2GBmnO2a=0!g?7aFgOGloQR)mh^?kGhZOu!7WF#vL#|)l zDIVI`4zWR%&{u(sT0=oDnkpo>mO%`7#0nxU(V!m?xK7s1ac7??jCLME)OUY?Jo1Ez z9?p{=VlG)=3&mi*3un&1VpNZwAjfHLTRnc}$cP#LUI~Q~A8b%!3I1+3(=fi;VhZ;N zCy`+UP=U4WNa1tKhZ>u7lA~{ZDY1Q8dR$a%$sSzcQMAdt2 zZ%KB%uL@v+Wz!S230iH6!Kwyts>tvAMq#pkIA0=B0gjsfinj^^t}Zo%wsClQ z!-m_-v2&vR*>e`}5o1u;22ktB+J(1x+IS2se~l`Zr<|5cW@h0m+fl;0I&WhAE2r+G zfp;n7f!8-Q+ANaOC#5yuXXpfSMGFsBTH1J{)#v@s+b+#Y^NF11%J8RaDoSp9r_Rvc zop20+o5JTg_%OoV4q&!vx9S{!`Af-?i*RS?_}fgJJ?TcIqG0|2<2RimLxIubwohl_ zrg65fYxPnkB)lv(yG~c2)B4C--;Q1zFNrLOLswy&aX8F#6TnN8T*OVCZJpf|3Hv$) zip+K1E+p+zGil76U2ltO%K)%HP`mR7-j?P@B~l=&@}WEAfv>Feo=?WEGlzHY=oJ|j zvDvdnvy>FC=DdKJuq(NA@;*)|x*t_)`RSK#UNuB@t#nugj~QUhj9Ojl0Ei;u>7~F} zRrtxuH|ZVcFxTPD=ac>Llb(8;3Zf<a9B6r}xec4TgMWTXXoVDlYU#(76lbT$eGuRCIbe!lK&gjHZ2hY6 zku@BgXF<|7hQ?Sr7r3IVTAzqjRUX~gU`$|Y+M3gLo-eFXj^kI^Q)re~k zAH_8ki9y>u>=jdH;GlLJ^8&&3X7r?kV6|sj5y|RePlM=1M?0vZD_iQ^v|-8oK{PLN zF=Y`otkG-k4tU+HcT!al?C`ue0-MLIDlfx*@JTXK`YgT>S{^)z_#w>aJlpWhZIHw4 z<_Lv3Uhu0RE^v~RZYCuRf_lEa5Xctz5Xl--iet6<0-C(vyAk5~*3uC91mLd4ju3r3 zmtehygp~$Y`rFj%f&kt%c~0x~%K0GEn65|NI)dL>Ew4ew*a*oQu7{VR#>_cauCJhU z7if(y5+rLqATEmfHCo)gFD!+~5PwcmHVs!l-J1sv@61^)WHUYI@x*q&keUp20_zw6 z+};jAGw$cRU+d}b1MsGB-GoG>1R%e~VfchppoQ`s{W-9nM1sdCq5Jf=lAOHvS1<(X zA(A-IGAerFYThR~ZASTsb)Fy*8Asx{GPHtSM+Xq$UI6yYn(hLSQvFV;_)jG|| zzQ+{Trlb}Hfc56q;5GmLSN)woa#bnCj;CBQe8sze^zr*ghkX5&V%CHS%Z^j!r{}M| zu?{uI`}8Y_1-P7(U4lR&IFj0jWmq_Ks>rO!j!sY;jcpYwc&Z%ffktXbR=?YG6ui`W zvMMXT0!gK;`)Eh6a=rGKiUWU*TW8sWVn$H3UJlFD|K!Q&quptbSvMPt8S%QBq5MQs zPSTN|sMn>^C zyBuE=0LhM2SZj_tId>(p3i_QMOnJqL?}ejhOMgmA5{362KHH6>35;o)l83{(INCv$ z1214C9eh)XIM3hNEPzoCJ!u?YpD>I5W$zoINdTUalM+K7+zf-L-YlZvOa;x_leofo z1(0d2h^WoSodI+~uB2UOhg*dA0iqhHMwJ!@T-N#{0J9Z|KB&L30vKw|`ZeOY7mv^w zys6hO^1DW#3%Lv{J3&Du3@WhZt0vV}RBPUNwou&d=y-gH^sjHPOym?GIP0TDMnd{{ zN-`OuZnWdAt$7?QSYZMsb!&GNwZ6UNSjeV}p%!p%4)c}1Pr+llL2bm$mOy3sc9qp+ zeN~CL%nQIBwC@;AVpjUW$+p!w^pZoD*6W?jZQB@Hk--F_r62j)ZN04aoD}pc3xo%e zVYo5kZNhK_>S@)ZE>08)r;lX_KRSM0enJTPq-8oj)9y-N*prxZgtNBoM?+Lk?c_bY zbxJ|gXD|X4`z7xU0`V1KeXmS^mW|iA}SQ zl{29Zw#$?e^_1X{t87Plwi8ASuz`b&hefn@SQx*^JhfI07alRBp;XvVItVNaNuIwF z7?|WJIANAn0)eBYzr6F@o#%Fz<-&EGC^%!p57gB}g2~paVt31#1~2Y3SvYbc8GWMT zA4KFsR~el#$`~V^e+J^#<%bKIdatrlwlk8HgNli!+V^=dON&cnzE#XOA+=U;4fr2mura72)O zR`g2^v}2K*D-)oT6HI9Q1XoOd z#gnXnhH1n4?b?)>)HC;D`V)KpIv?COVqQ8uHf?#m)xmKeVIC3vGk$GWQl~FW+$=O{ z#@3u^MAjdsI4AXhN(iTDaoGV3KYs-BDosajJPC3!{rG_6cpP*nOW9oTha)9sj#J6< zfs!oF^jXjSc-?qsmdkRo{c*~rsUI$8o@dH>4}KfFn-EAu*2Z%8DyDFwzaL7SW|rum z+}TMG*SWlpVoC4|;s-~z(g-AvlbI85Y;$tEsVs{6$ArUDLEdorRy9%O)%o%Zas8j; zdPO|d)|vhTroOu(XHS0hkL=YE;ccWHzx2PTpQsqhj22lfQ*_w~U&D4$z~@3>5P(ML zn$Dgsh9*KOrRHEzHN)z?VjM`m@4AIeNk=(|V?t+nQ1{>ddgAW&)j@A_Wr4P=rfe?N z9p07hHk|*-XVB1iU?}^0J)yq6_i7xtpd8Rj#_JMRevzQCTsES@AOBq>4AWLAbITVldhdzz7= zs{J%$3#ov!7!xlG;=2YPEB*G4Yz05siW%)s-l<>fpw~N2(@Wmp5%zJ?B4!aC2pHr) zJKERW*o6h#AM88UKHzoqJzrw>aoOUuow0~7GN>B7eXwm+(wDiUq!Bi$IC(wnLA6=R z)zcw{hS86DQWNq|5iZ{sMD#vPagS7=upV8cWEr(B*-um74LF~nr=1#_@nrhCW;Qv& zy*}3a?IoA>dxyqW4bhU~4Abq$ikVxR<6W^O4<|EIdG8#be5yP6tl_3vmAQ~vdPTo? zC4iM#*j!=^({Ea)_h|w4LaMI>*gEiAErb$|)V5N&51Eh_K0ACrb)TW>bBmQmLqDjB zN;dV(iG3DA435@Zh6*p2&U*@7Iw(?evGqIHOWY6VnKThDYcklLRtKRLALK~y%GsotVawa(+gY8VY zLU@GEy-|a*$F=I2d*Kg1xz`ZZzb|2tuHV#~ncnsvC#RfW_QzPBkC;M>R7+wqk;po`ioH8%?8zy zGTn7!OOM&%Z+$ktAsOR4I`t)*lqvY+Jc;wU7IgloE_da1jia@V)uTm;>d7&$?Xl*7 zt0(sT5;GdYXBhR_Lq$jDNu--$CC!yhqwas(M^Y=<6EVcrmyyn6vrN{R-87^sT4h2$e)?|N9_iv#7ShB`YikI`?#} zA%o6$vFx*Xn|ByYJ7M~0Y$!MC7c0Z-%2lbUXPGYVSe~p5&!Lhs>`bZ0CIT)$JEWLC zV#_r8%H2?2TP0jn$HJax{Jmvs!!_fF_%g;PH*M1Dl4IZgUCoJrPjtzpjc^1>s0wL_ zbRaN32h`463CUW^2UQkj#G837=9nz8`$bOBe=2FD_(DMMqpMAQfs3Zm&NuNlPFL)2 zE;qW5j->*Y6%Z6$X^zc>#^zt?T^gocU2OLu(Dmr1VBkOsgcU@cD+w}_Vot=`jaP=nNQocX|0zt zb=gGPhxkF`!qq}ixT0 ztsbvdm8_c4H(P{sv$UNWo<#c8KP9l(T_>=2jU#gJPZzR#FnYv29d$~wCK?_;+_-f5 z8bf#c{?EGGf>twP+-cWlE)386`w9ah=-khhW0j(PR{bXZ`Xg}y*G3jGs;_1P3d>sU zi_2jm1e;YNd>aFEn05#0LdNPnj(3xd_H~J?cX&REM_`tZZSIi`w+e=xV=-S!Wm!*8rY z^f>yi4L^vAwE4{C99cN=`Zb;Aefh-LT5C@r@7oZv1KbOb z5HBtxfwHCE34>R6aP1Wl{w7s}3E`?dVzZ~mjor_N^H-Hrf^n`Y0M*dF>i+IX?cPUk zL6_6Jv6Y@I6y|dkJk94*o2@l91HVS<-4d;#&|SvUs98PJLr05j3VOq4UFoiNBoNEM-$EEFt61I+m)Ny z_h!V`%+`eLGj<}Bbdjuc7o@2-Z=+CGm|?^W4i{&~{SS)(-w4piARbA2<-s>XI~AfM zB(DI(PjePa#n*9Yw2N~qa_b22kaE}G%kKIW!o2D!M{f`9|H^+K>nwkKp!_b20Q+L< zmI5*5_7blH#(U*OFi4#{zrHPkzhB`721kFxD;Nl1+zM+cTTM;Bo`k?Cp7C9I!>pO= z$=$D64VdP&M`?P34(E_##qDo*4H1nvdA}4avZKymJl+|d?3&^zlndFC+{X_ZsmtLH zv=qQJRYtpr{TIj%w5JIIoLlP_R&oujNk!(Vq7FzH}>y+T+7c)eMi4-)fpAL7fM`>v&BrJ z^1XH)+UI+>GBOOuo>x7qui9hgJf50p{ZYx8ep1=%^*H-5z%uQw(`s z)5CkPl<^8{Hs3eNdG(5jnu!|Y+Ak%C{zv21n`@s++$9WG-po(WxBut_B$%bF-+~tsLR_LCUa(m zCCg&mJlp*aO^&4#n|K#SPhFYqCQIjAFCi$7~jVWsj^^t%r z-=i8(m1yegV{ojxZ?nX{pte<>L}%lpIjce|%D2 zzd@Z+3dQ@T+62cV2>CsH?cIWn8%=F^{|iOy8VJQ+hNmf=SVikd6E!FmE8fs#*$UmD zs*?M{R^pfeShi1HU+=NZ@0_lm^zCrfXp z$y)&>yJFh8o2z&h??NvW%vsZV21w>)jr;U^zbx@h|6;S|CNxb)VZVEK;j7p< z69<&U`y->2H_SdTeFG$R2R|hOBGJ+6p~XQTBCncEDv9sJga3tZ=tB#JgdyiCu&iv;`O z-?Z!Qs#5hogK&;k^BBfo>5oL9)F-J6^0_g44(HvK~2qV*p4v-=yXwOdroJi$h0wI*3f zTNVrzN&O|unSN)vB7!@o-7f7P;;&xruRBs=N2uYk7*;rJHjfm{tQNCpuJlA{N+sWA zOL!?0_iIcN1W6sgX!qsl=crFq1{G`i>srfXw&OnGbZ&c8wf(cZJyBa2f!rRNrI^IC z-kP=oc|`XXsiq43()M}02xYswYVnBQXV8--p`tTf)^C6O z>&V7PQGsIT_-Q(IZI#$bhQPK9n*Q-EfWA+hNRp6x;jnEtO?1yOn+U*jLZ+7A1)2ar z{%7`|wOzk0Y0(#iO|X&f(sxg^Z{d7svCLz8rmw*IJ2}1c_qQ^bqal}hS^mxm>8X6y zqK~z5Rmjm`O4OdGjcI(0|HWyofD&CWyW7^(cu^S9xmpecCF@Pus2A@toUaWA+Ib@7 zGAcLyj2U$SO{-|yebV0j8%JKvMfgYFaC~`5Ts%1`X5LOg%T6eOv<@OVlHq>&4G z*eJb|kZPxa;5v*t{T6Qc%*g!Cwsnr`}r1!mekRh#U_~1mUElb2@hU30PNh@PbY7S zks@fGz(70!cTLNWZ0Ow2LfISP&eEog^xF;lv8pG`Pog^e*s^@*J0aSXgH>oIuaGr> zf!zVGa3V)J$vDg>t`y1<_??%L^IYw#cU);aiC%@3`X5%LOLu2l8sJ5X>c|CfD3J#% z5idrNiEP(yH=Xt6#>fD)b=+H90T5J;B?uR>=7YE5DYEbF9t1%{?88fuy^mXy^pUI~ zf^#aGIxUQ3x!LKFmYh<0tPE*pd4#aphwkjOMn^WA6M-0R`H8 zzQiQKsNL-_@tFRl)2?&~D35ucS;R~UyQgYh?7=k^=YAhJ#-3b;$^oLr>76RM1y?vB z9Cr^Tm8+Wa831eJfRaI#RH~LKJ`T%LLg@e!pm8F`I7qEj6j1hU3VtOD7*pg91DbI6 zd8wB*k+g`xG7^CH#haJA&z><4jWfH+@pPJug+f%vI4Q)v05EQy6rBRP9j@C%wC1am z9_vLqU9tB4*lUiu;O1#IATXETOuc{Yhu;iyOkBBYR+Lkp;VXMgFfg_cOZKV;Ou_7BXcc@mK;fR{X4K%URg&8j@ z#gI~!hgsa5hMCj60xR8GjVc| zOGo9B14v-Fb$yy7ltt>vH!^+rq&k2lo0#BWuMNM8ufwiwS!H_|h2fLQ za$n}T_&@^SIMuoqAduK!vs~{f;bN_Vize0JT27rr!Ta68AvEm2Cd=LsCM;c;&$bKn zuoQ6eD`h&yYB;Y{XwNf&wv)_RN3M<9bQn27;jeJHUeY`RqZ?7Y-HDSxw=JU6_))KD z?ckG9bur65czR9#i^u0mD2&y}Jj(XpaL4>I<)x9zVFQtqS8zn)S2az$IKW2GK>o!> z*n10Ho890+6aWs$_bxZUSUQg|Aj_xgiyGX*04rK#B%;Vm4-NsEOPurLL2%_ zwV@wOMV6R(fHNmtXftw536C`S`5fP<;&EB(d470rctA@Z)yzZzw^3qXIhENYz`Fie z`oU6m6n8n``j1Lz21>ew`%AxMR5yodH8M)xxHC3D?%Mr+U4GM`dpC2C|79WMupt6_Yl41TE*dp`E zWep1EhuBu_jg((Td7w!X7`15T z445sj6b2fI-azJpP4NKAM?HlAIkhaK8sz(H7r?68$0ek8)p)&_T-XYJ%!)Yb#J52Y zVXe@bL61@pm=&%!A>Dv0=sWow+@?TZog(YJa>VU;O>)Z#q6SL+ZczPwUk3B7n>U5$ zZfQM*LKYb$r%5Q%_H`L$K&y&nBOGzQ&n(A5VKQylin* zhhaR20Rf-N18&rDWlyLSRM(?R1;7)FSUG%}ZWWpx~bi4mp4IJW1bL}Z0#Fj+#sd#T`XF)X`p&-iHp zKA7XPshTpSsJI&2Pm8eE_n&;L;{lgXj+o>^r;^Wyyk#N(CCZ#dUjGrMy>%s}Y691I z7nCWDPCfU&4u9Bv7Yc;5U;9xuUU7H z0Ha{EiG+5NVS$O2M73-PzI8RY*XRjwqxKAX+gGqwoWNGV^*LtQ=+e?sawAmNb6;4K4@Sg2}3fQ^+ezs+g8Y z^1B;gmik#a>9#%kqS2)L#@KUNg}a=;d=;gU?H-*~fQxI`2i7)x)H@;niiCoB=onn4 z8w8VDBY*>4O*aBcXFEtv&%lMz8wofh0@08{lll>G^U+EQESOyWq`R2o;m6?~aLdkw zM#1Ek%MM_D;5EhE*N_FC`uYLdC#*KJMKziD{lFy~l@xaEd0{@WI`p;EP%Z2TT5hal z%DZ|S@7>l%8l|4kf2o=yF&PXc1c|!TfD>~O1WFX_*P{>EBZVdpmN{(IdD=r>K%p3| zXqJhmV3%hEIw~IjZJmcIh>47|7(x&MCf!B_;G{`;}YDAoR?ZkZFsMP zx<6hwsE*bF^gj4p)`~X*aB>+LQQ7YkRIpq#bs|2D{E-6^D2t9T_TLAkP{<7oXI@N; z$Y>~hnS-T=o%PS-Qv-p9t;VzsA=gD-i((eQr8&$C;JUVWX#FCk-=UFNGGA{51Pce~ zy5+TO(0@b+Uq-UNdisouNy`;2Io;8O!C!^}ODnMe&D&t+u$5i0hW1W zS-}3sG6djr^RkzVWEfsxXW68Q|7S_gyYV|QHN)P@ueWekFhQy7r*)`*GYb)BPoaM3 zLa=|ZE4}Mw)JnQfKvdAKzK+gcT9+OH)FqM|LwC)@Z@NP&$h=wTt=5&@(Wd(2GmP9o zsiL&9jC{auT{py32>$aCK7e59@R;JM&}U^RU2e#~P6n3jp*My%SCT z{dss4@GoAXFdbBoc^I!M6N==&2n>!~Yp{keScA&pQ32aO`!Iq5f}Rlgyu5@qfgD1lEB4VJ$dyj^Ft6ai7+I`53JBBI~-y zo9jYakS{}2_<;$xz-aOBwd2JxKzPO(h-PZ3AVjr#iv{En<=r!bdJqngWV3&`0RNZ* z#9N}khvaN3G(S0%2C?>6%)Eeh>Vcpv|FJhHHiR|25MaUe8(jAP zsK$~ID9*s*8AsY2+68I?b2Ic(FY*4yJE_$F;!iO=@2 z6%Ur0RRpOWP*spUgYrL?mxho*fy3cLjPdD>Y^`W|H_Z5ax_bKVRSa6`4fd$yKJw#A zFhR?o(wJNHkNkz`f?`F@?^EjGq=J?>$B6yebbL0cs#qBMHc33S#^XPy&7UAaXB(YL zHslJv_A4b6$%)H=O5SuE64>x{A*;bZ%7O$U(agx3A1l?Oqs!Ur0I*bH1z2^3_o~SL zIe_BPa*#DPHnI~SD(@h+nD<@O#UQK|w2hLC8Gf7)jN znLC67zFyhxt-61o31tZUE}RHW?#C5K;gSn&F_&Pt52G-PzKxnE=$U~3yW$QFND0lb z{_+br!k4cG66L66%kqym$+l<$)11S_2*7Q}-CjW6Xp$+4`76z!k6$TtQYYQyoKi)$ z3xT8eH%^t{UuO>5Abk^+(qM8QgRva8yz&#+iXor842k;NWB5K7kzog7cYPR7@!BJCl0Zqvt2`_Wa z{A>vOMW!kIe%G?xGiN|w8`C2C@ZT;pSE~Co7raBF*VUQVFIe=hppFVc@3p~S(xcF| zi|_`SA%{G0qm2JuH*(Xn%XwK^$XoG}41FFTF+u8Z8sn(c0q=~k68&3$u9@Yi9&j9^ zYcF(dhBD9lt^(ds@n&`L(J2mkiT#)4R>_Iz!z$1T91$c$Vj+4e;MZzwxI;qu6^~hR zkxxQWb92y!Vx$Eb1lgwX?iF~agwPN$)c;--0aK{pb>s7?Dx+OQS{Mo;H^;-xNxV-T z_@m7Txs)C<<_+!y3YuP%9|aAY_N~M}QW(MFS*UJwcZ)#&Ju)f9$K5i6tVxw`p^e&U zh)&by-XgfIrE;%xzf<8?90sw~gG2p)@ePpCDh_Ye|LcrUN_6!>^xsthSR}Ob z26)E(wpf_~S?$@k2wCU93(W{{nnOGP77cya|9=v#Pj|BNm_ej6>s1Z!;wm%=mn%aK+ zQ7;@gJ}&U9#=*~id0xz5m4vm>df`-XCzaNy+CSKSs$qPlUc%?%kjGlWHfFgw?@Hfl zbW~;n#3z&&>p)TX5l(`z?AsUMA&Z#C8XA36pv$JJm@A%)Eex2=!9bxR|T<6v{`7hu9y1B(|`FxuK+mrZT-+4k+c@5Nbn+AZ-qhG(RGy9&y=Jj zmql=oZ`&TcUZlvnPtqX@qH0&_E_Nym_){iZVYw>Fl~R<=W;IDvdwDLP+i;MH-~lV$ zMmzV7yLVVQ|ELwLMVidFHd@jg&%w;O8yJZ`HOtA_V9C5!1}`^2Jb+j3fWoab=il0< zz0?%!XBWH^BS2`61(w_pS4;Us+Z7OOdIF%VXy-` z0X6liz^Hl)q>l&&`)tk&g_zHhbd%O@n~`C!!T)8^_5KOt90Cx=u1s&H>Hysuu>EIX z;NSMI?ZE3i^3v1O9fcfcj4uFUcFIS6M;@_vc?w>R)M|LVVR1~j;RqV)&eQEQi0TN# z_3P+}x`tNY3)rn7sM2+?n@Q<(@Y_Dx4(+Ykh0Uw0dYE1!uQHp{DkBH92zFNAP77dID?`j z@GIsa;8&Pf%&$3+5CRC;fFVX$wDWvI)~@S$$z`yW8wm9{Vd|)a!AUg4FxhmdUJgq` z25^0qWZ>CtR8-3j01>kupgToa97XQ+pPR=X*FFK?uKJR9QdtML{C1CMFTU4D(MF;Ifq< z2j*{yB0i?Fw+Wki^be^W7#lI@+4z76Y!@a3(Q}jT+#W z!2VKCu>vPlnZ_(&gR6iqaW)ZvJI377_C3|UBI2M&v7?g(uU)BrtUVMm&T2@G>h0}a zZ33>mN zJKnEt1Zvb^ZucJEm(@?cJ9xn*54y!z^t44#|D7lhWt4fXOBT@R_bmu8ClPUn?;Y#%tccnMwbxn z%WHSv>VfD#d!ql!jW&Uqrvq6!-1RBq+cCihDjt<$cd#rGNvjjjLfrpp~aqN{) zb%u06lUjmIq)iZ)Q~|7zV?dGpbn26LE!YLXFaN9w7yXcbdS^CM81=^IET+cgoOC@< zOKE-lAtA3?WC9h_+b1=`gPB>QGu6Mw!dsXtFS^SP#Fgs zvg==6LqI&!*j3S^r!!tk^RTx0Bf6UdK^f{um*(T8+kNR`N*^q1U0|Yb5KI<2;2B@x zmGs$}4OVa-zvHy>HP6)_1d9;2tN(BRtdmPlnf&5X5^xzhBWhk*cn)}ztDkHKMtLK0LJ}vxl$3Hi3Ht4He4^?} z4~P}AJ^Bh12Ts8KmI$yuVe`3k@rwPyk-`VouRYP=glN++=f4@1g}+4q?}5d#mhCxW zt`n9c|6fb?H?+k_qRAep?pr@jH~A|?X@D-{)=)5TKAcGnKX0T1>v()FT{3pdwdv12 zb}3sdHJ9?})hV!Io|2V^rO-z{Or}c*$LF(n{N&dWmuJ(H*KPuE^tnx+Bttqd&1Rdv zF)LzrY257^Ms+-p{;#J@(U=`n+CKB|jJ>*?$SSiWN0)A&WHe(1b_d#tXXc2n*oenQ zaZF+xAbGDA5VQ?`={|hI*hfy(U(_e+-0Z|nS4SG|z8`&yB455Q+K>I6Zt3D%4qm5{ z(jh~|p=|I5Y4RY5^{Fo-&fWpHm6A190I?x!2_e3ExoAH$pY%YdIo-A zE9d-hV(8kvvO3OU4PN-wM77?L_m+-LN*}BA^XJK58(>Myld|39aK+p2@aFfUYxg_rQ^Jz|y z#UxR>0roO|?B2UBItYDgmwdq~FVkX<56C4qlKx93 z(3XyDA#$mzw4$h0a5dY2hWPmJ-^J1A8`4o8|KUoDF)hIGvvC<$P<{zl8GZ#t zN-j(!MT6(DWp+{Buy#Ik-p@ zho9@%J`aGO6>@|sO#8G0<$k9*3@#E?qfSXWFa}Se_bb)ET!_FLG`x^Iu)qtw*X9mh zp1|**ins=Nb(0u3kaA}350c(CV}!EtARVB$eASG|>1QQK5bU}!cOYLZSne{_uw}6a zOvz(nwUf4&4mgcsuyeXbtkTL{=B)vHI>xi?&YKk8bviu`)W*bnYo*sRjwbK>Nl1vS z?RqH%!I@;;|7g2mUEB$T!kAfhO$fcw(Ui`xP<&smwpLmIbkkukEKp8^Ew7~PHu`0T zK1Ol*^^`M5?t=Y+eYsk4S&ho?L~H>timt%&Z3)l?g}sU+uq#MzKpjND`Ak9XFn%Gg zf;n`vT$@pNlQf?pB2e}f%G77a2wTdbGJb+<-`hcbRjW=Po%WHI2)s~mvr(?oHO z*dGKB>b}%Vf!MX$&N$|Y zOgX2Gx9{FdPuDRqMfqsk0>2XYug{k;VC7m-H1AuTzZV;GW)wL705O%RjEB>z;0=2F z;!B8;=$;vuf9N+*CjfHD%ZNhAReE{vGRckqPhqM_-w~YYajL9}2S`mrf+)=m;Mu6pIs_CB%v9CTix(Qbhic+9kWKO0Y<4h}`#!Q zyb>~}{TctQ`jWUip)$m=Mn)iJN(6K`zwFkQoi}UK z!>y{bjn+(?;PdLsAc)>b1`{l~<`*AuWmX>4fk~f0Wie%WGQjeFpu zD6Q>f5=tgTUmq^`u}ZD3-!lDkBpIiop4GTni3w+|f+Ap92O_ChE3FGJPxhEMzf_JU z7Y4OK4BzCL(stwb^Vbg^Lbs5At7xkkR(fVX=`C)8lnf8Aqo=(fnvhMyV-R-h~B zJc^YRb_eYiHS!SiKpXY+GVe`^d-O6s!fTXArh|GI_v^UJ1f&+qkIV-YY+t50Ietcd zc9du)8fBRH%DxF=l!mHBy%r}me}Koo)@%e$%!GG08w1S_yZidHvOYF--YCkoFapPR z03C$!vX&<0eLe(CT8hFpy@A<)0+N{}m@vUUdZ)3+2ZvH{IG^x9-HzwuBsjkDylvZ7 zZqw8zCL;?YLiui1|C$_!lHn|Rv_U*TQF-vZbeQD;g?NqG1^x^F!tFuQX*?w<5H%7lTHFd9cpj06&~7#zMD{(xua%!rk1l>KxWZP*)0qZrcjrG?IsJDR8N z4CL%=op>MCgMda(jRj2RM%OScY>B#O3bBl{18QaO)jLV;Kunb2GMDfd2hMkzBhmMD zFdP5N#DD=ZKHTz4o1n3BBQ~Cf**mEl$fIyMl#B~)Phd;16rg5X-fcv3*u0V-hr4))@ZPf0TSJPT9L=gdY`Jn7 z_cC?FIQcDJrk|Ba$Yp!czvT;sJ;6Vpla7g;K>XdeKrr++34V6nkX%$ba;#bNA><2) zT@e=nX>Y5b!BS?@E&$NOw`&)@fZgOku_D|HF{-{=HU+xW%N`3je{9k15|b`9C=&>1 z7`kjGKpj#UPOCbKSW!Gzw9-bQ--65-=e388bgb3Aadg+Hw(#1;>Rhb1;LrVJ&0Iz{!7Aag%58`7LsB@wMq%P6Per2uIT8+!G7();EG4u zR4vI0ONz@YHy8%BmBb4w600Ol#&}B^M;9<9S(Dupf z6QN}54~2RN{)m3VlGqY-DemA@1{tKa=d))J`@__&R)WZ(Nk5DHV%0=``F@1O$+UhdDR>IVDg-`BL)nIBVL`k&IJE;Sy;NVGeMirvPw z_Ap9tn0#oCIKd*Z5ehAe{!|>!u|+C+(kEAT1xGQY$5f7K!jQo~4?xJ}ln2g^Lvs4c z{>TJo3uZuL!u^s&n}#F6EHk<#$?UhacngQb9-WvgICF+x!p-M<*bC!ofBI4nnJ$+r z`030?YxPb1S*ZX%_hk>=5td{#CZo?Q(TuJOyaI(mq3kSBH_e+HWECBGgF{>aTp9G8 zL(>ypIK5}avI6efDfH1g2gkcXkykXz^h5VZ7q7C@k;DkX9}X;Q%RQF8!B148REbyn zj9H@7i+*)f#yl0>6(%bI;pP`;nB^X3Hb6$7smt<8{(9hFeyWgMq`ld>KbjfM8@^3! zA0>DB6u46~u!B`}BB&%TefzQ*Ev5?2RiEkEemd5;kD?#~gxkO4H0XDAFlxOYwh3#a z$NeK=uCHR{5au@^pc5XJNlQ)r?z6u%@LBfRDB6_Z_tB=*C6r6Es0)Kz4ruxr)w)d8 zV9t6vyE6nhOL(v(Q7l3)YiG21&{VuI?K?b@+KN2X+DbG)P_r2wqsLPk70oZbxVwN} z2%x*m`#aKuc_hYT1^w9P)6FJI6Om-#X!E3oQcA>zCiIZ*@;YC$nAR6ke1MJk!{fQK zpp!DsdAKrv0fb|_yhU&zztdrpcOG9fd!e5?@12Y#xnaA?95^6%qH$JA9>!?)A#A_z z3QMkwhX1BS{d3 zhRbR~WJLUviNjB5Irbm7rIa@1li%WBHCPPT&*Ixm%)A=S=pOd_GNWwGHb3}gpCEta zxab<1C$W$w#V^tt|4uI(_FZ-%@bmm;&i$v38W-IFPJ;dz-hXb^HXQCGUv6QKeYDh{ z5m@_d%-tUJDq7#Z0UP)0W+tVzYi*TR8TPi`@Xb0a(1Ibj})_hYF`HbzcKRAX9cu1$O4i=7e4%0>{>>108IQ_ugDl@qgVfjhFldqf> z;bzNFK{j}8U!OAn0XE+UtPXWeULnQ0f5$_?IBQ-59A6KU7eA~k7*j0%X+zqZ2~U>* zXEFQGZqcK4PT3K=EWD%V8cj*u`>A43=>v}8AZ$mMCK1|s-BFvE7O@D`^BGN)6Bk$&#Kj|2DKsV&@c_(p)|8Wfm(osU zlp0jH-hHBS9TRiK)NGs0ZOPP9+k%zs>BuI${y35P4_ zAM>V!hI4=U*45hmL4w7#g@9Ficn15J&5Z{ zc8qzbzE|p+M?+8q&10(~SIVG#GRuqZh!)SVbH=LJX4!hKAs z*ED$86f3ox(3wqX{Q7JndXv*q1j_IJPYa+!Od`akqmnRszO|x%cN_0P3yo1CxavFN5y>T_e ztV=an1OXV#Y)k$M=)$44}xe&Z5RL#r*ImxUO>JJX$mmf2TyF*~?pWWvL|E0c$k zQ|n`7-BOkM$|K`FSUY{cdzD#RF+J2>L}j1rtA*?HcrS)*sPnL{bjf_f=m*<54-#PjU}@vH z?Q>E^>j{U31L<4AACo&DdY1RvxT84hzs|7t(70(HKKAAFbPRgC@q3fgRmEfWx!r61 zvW0W5CjEB@OZ2EBCbAUb`b8y8Mv6w2wv?BuyN3pcR$Z?@q~Y)In*a4oqrc}vRTW4w z1Nj0}hKbWpO0pW{08aQ;G7LbNy6>)L^=FtMV`;|v$1@s8VGwN@S+lq+CbCcLpo5L? zlT0?>kJYl>_e`DFJ%~tCg;`9;Kh=o`RhOyd?7yR#tm8l_?h2W`9>1PDU<+C1mu6qLI8A!PI1xJ#96}W$^0`?J!^v$QsMxFmd56T9IEU~;d)U$knRxu#~bDYIY!ar-NZ?2 z0FPGaAO#FWQF(P28&yNoEcei`-%O}pV$qY5a7bJ*(n;t)AOsHJeh+c1I*4CqYLf&_eYYvmiQ@7_3{=_&tp3DZEBE6nI1 zBR?C&j{IQydZEeV2`R+k`$5Ze1Umho`(Vxk-`Ys|sn(jd*f>y9$1?rHZ)S^NBQ69E znxdO|<6eiL#S1=t@%P#TQM5mG51Gkdb27YmNg94YFt_%=uLtcZ5z+H)G1SR_RmN;o z<0ix5uHQ_DrNrfxV=%1usTXoF1$VELMeI%%x@As zB^eK|56i?*Fyb`7Gvkn^xgB{6H zyL9>pR0hb?j{$AGkLY)G5MwACSA0Jwmw}1nS!~McPC}I~ky7UJoT8bsQGu?X*w>ZB zX4nBTB=>7>B0@I%9oX2`xlAys`C?@TIW!G6-(zqWFlD25<$MC!SbcIgm`tqneKu3Q|T#B_SnE>G`1+G+q;^+iEvR}<%MCV4x)CVxer0?H} z_QId9T;?V@@}awS$+X^+BxFa?^pHjV=SeemrE}f6$JIX;6~v~^^_YnzhW-Ay?nLO| z@0BPTkA~%9;l+rSPz+opdXQH^J7i)Q|2c~N*Yci!!@KXL$(WAgwrN?%!r+@4henH* ziGg@adzo7&*zEWXFvQ1tGmRS|xQapE0fCCwj@&T+cYyn8YOE=*WvBix)lf!sVqFg=Q$8gZ;*QtREU_(8F6B|HmnTzT3V2hp{qQ7vOPKq^v>#t9~Q z_(iSQQ7$eRuGtUL*$dMtsW;kXY4ub(az6`KuGrA9$Wch#hDmVS_8N4b_7EUC90E%I zHt+4vcgAs&N5c04i;o5Tv=kSz)SA1Y$3DxG6H(jBj?l0U-(`OWTJAynG7RI;dq83z z+c@{(24+k74FYs|1RNiOl6F6iSz@{wz_K|f@XxLjmr@Q--Div*ZJHht!VuRrYLN2yR{NJ0GV8}?zr3(q(K@FQLsUO=|mns>-HUlDm!#f(DPgdMij*@gBGQ=bk^q#o{{58us!A~}@0mK4by1qY34Wj({9RPOBmZN2x zwKtMdQyKO-G$oZ!cdVlwX*2Kn?fbYv0g8wG&Mq5v(EKmpW-B|)4d4U~`isC{y!Nbf z=fN}Rw>a+$o~4RGgnhdHB=CJrvD$O@uy({T6YcKszP-B6(OLBlB(+_50~Pn|D6A}n zF%#eaN@~GQ#%TtRY9~RF@X~?wX?hI@WHfg0NP!f*I=zZsmI@E>o+o1?go!(d3A=fwX!c0I9oUCH^bt|cR-Fws=5d== z#yy+%(xaVD>8>Pyqn3ny{He2w2rH2J)pxm*5Bbe6w>FCC+cjE+MEopHFGnJ=qtdJL zRHJ2&y#hjc*v5nl*Z0@h;f43&_+ZGG(a<|p$mOI4ShLJ1nVw3v3O-ALcB130%3Pyf zPzlct)O(vmyYNB3(^zE@UknwkP!RX_S*Ox+Vc2dy5iC{}d_7oBz=wso_PA8!Oq7oo z$QR%KxQ^k4auHJ)Bf$&xKNyLn&mHksg+K|=E@qiSaUInv-pJdjj$Ut#YYk4w%A& zSXLTwdje}8JNAsh@b}+N{S#Q}C}3JEQK`D)jC4$9%|8Cd*BDJ`U6TzgWBJjA1XvBAa+&g`e}(Ol2U9f363RqIQ?&l=mE7D;y=^0KATf zN>*4)rpeKh2Z#_qDzvb(N-GE}kj@321|XE{F)umSlf&tb+Ze12n2QioZ6h1={LhgH z6KWTd#%#Rs%e$}YF+t0X%l?C|OXu0%n1yvW z4lxrbRq*lonQSqdwU| z8jI(lt(5FJ(J%fJMoT}XZ$qV51U?1^)tq)?-{rm-)) zN8D*wj|x<7r$#Ik$l7>~J?cs!K=C>dr-T@>EJnIzjr|;ULRDE6k3Qwt zQcV)JP5!H=9P3HDfRSvKqY6Wv=6#fA8i7Y&ak1;j%$3cb9AEOFYyh0vZ6tCdW4D^N zZtX7&3RRk<4lHjsK=Sx8DM;#|qIl9pZg=4%%5;Tipik#RA>$_70sIL(4q>AV!DH*g zT1cK{Xu|=HZ?N)pp!$;|PnrsMWUbg>$>*am8Qar2-IeXeg~P|}_E{L?NvPD*#_m~~ zP~M721=Jh|>i4eqg}(IMmlR0v5`9?k^DjEY{sY@QJ+CAJ6fqr@$Jg~PqD$%1`~Qhi z{(!8}GYRwadE-17m=e2XWUgIXJAL)))owEJYx;Ek@y-4ZavTs!!^XQedITdXP1NPK z?g+0;Z<&v@wUsLq9M&!63PTm+MakkP?xlGLOl7%<%CAh_r;4k}Il>`BZe^M}kk{yu zm*gon0j627hBW1hRLfn8INCs*#^OjDA+OsYt&|3;GX9yqu(mK#co2F2v2Z<9A}r2y z9&%Q+3#Z`glcQki6TmDuXi?D)JtV0dsF!C%I9k(&HEiyiyp%j7B>5%Z(+y-F1J_&Q zsca?>3+|-wJ|`vTb-6-scowx8^}-gs&ZK&5=>mAZg0w2SlCWxOThe5{uha9S20OL1 z9n49}AyQdPh(Sv2?qAoV-SCR)USckFHe*9EouOxAq+Ph$AK=a(1GiQ3#>k4qR%m$>QAn=M@4rvBOZ z$dJ$8oJ^+|3z=jwJDwMcITz>!%%Bi66+dh?*yzUj+`@JsPgno_+ifYwpC5&?@lN$Q zTp8u_humgi^efg?0!jO~ zM2S*bHl;*D>*;jOTiHT~6H*Lr)l77;)V0p(ZQt=jzijJ_iTv^$V~li6;;lZB7CtPr zrO~#7+heha+fY8f#W3H$Y|oHnGq)$OEL_=chgw{4-ZJ)I?5?)UX$sYHewv?o#uRLJ6M~#k-iX}smtgFC+pFThM zU`=jxBK2j3q405W0?{rf6zNpx z?~uoJFYrd$ZGz8Q*|;im>Uh5`<=h`?LNAOWFPSnkze=FPBLvIE3J7hzeJ^50w_}6^ z%#7PE$kFic=>oye`;h!A#$_V z{ddjW15GBuuzyWeZ1tS&V?zioIRPANqO^4OK5KBs_sImO^`g-q-v*a^a&_nl%_tUJ z7&ex&T1ENxOCo5;y7lquSG^~Mr43G2AIh7t-{!{pNr7WPR?Y1o=|2c_<;26MdxjVr2#8z(BnP?u^95%*PN|uHA__0DCtZ&ak+rf zUX8xTYr(g!W|cXE)Nv{8kOtWw+~oK8R*805fc8j1?g5Vk)Yt9L=h||BxTq9w>crvZ zgmI0ESzu~{AJ8Utt+hKQ$pmlT)SdQJZ~|{RY0>O~X&XHU4zmaEbrk01&8vy-kB*OT zx_<3i>`*lVtcUz=UKPk9aa$ODXj|uiSl>TTiasaQwlJk=+*L7T{$m7?lJz4@EOZip!3G7Fjx=4X)bk*2(t{&}gdM-60 zYf&U&76OGgHb=@|zu`)7kEo1;Gxpg{0&YO?=dLgwf(TIu2I)58=pS6XD)`sCEI4)t zm-*fV;+ol>Uu6^A(}lq*9xJ!p#pq8}s-%4w3 z#i;*p5)-3mc2RE8K0emtN-e@ zt(de)^NWkSJmiO8=W_yk7u^roQ3hHF&Y1WPNEJ;_ME)v(n_2K`FL6GIkxZLFqe4Su zs?M$8jq3I~rYEvWQ+_dOo0U6)olqLgyUOz^`krZ9&R)aqX?m;2O$F5YGbRhR-+@|V zfveqEDey8;nNdDXhA|+`=&9O{Tx~Oy)+Nl;!mT_{ILCQP#(enh?yjz> zp0Ae-m*FZftHZ%8HQAwDcsTPLtBSC{?XO{}!h1<#Z1(ZntVCz{kLao)YI$T8O=dMd zw?BU}tQ`bPxa_p*klW5bt4R`;He+FoNX^fEPHC>~lIDk2pX;2W@`f`y7|~38d}25G zf(LUsSMguLl?8bnI>V7K&BrNZn!jne5BqBXK*2&u@nSYB0+Hopuz9BGFs66NMUn+e zOR`FHxYnRGjAZ}$YwAEt#8GX9GPIK-%zem@H>fU3BVTcUWPmyXhaqOFOE@04IbkM^bTC;SCXi( zF)~SqAaPP3H9SXh{E#sYx}GiPbdRFVR?K92o7TRkdHqMs+_Pb3&0Y(HOkM4xLJ?Fi z13AlP12sWc-XrPI#b>BCln<9yg@HbIUC0>LbeakUtsS&ZI`9eY9#( ze{)OcmWRY-?s362F1oa0!iY`Ba1$7pWYdmgD&JwY#GHaN4dJ@gnpg#XDrO-YpMo3o z;p#szpJ*VIGX=ADzt!{XIBRN1Sn^iP+oVBuR6(?@d0sg%i$gEvzr8?U?4lapI5&cg z2s!5QA$BYHVP~#!OsZrx^p{ODx-vchdgUOrJ5gisF=`FHQRn(t-c zvz^XfMB?|o$l;-eCNcNHzeRz; zs5C-8$f?a%`Pp~hVJ=HuH5yEFYCe2s~qdFV54yRht1_|b(Y$z&^P+sIvKa$Pr&1_`7=I_&n^Pv}D>Wlz zP#V2+_tGuV7bRn_Q7)eKowbJLQ&-Z|(}K2#j=@x^d4G1QL>*qa&hG|DNMmj5?>8c4 zgY~b-W`d0(%l4wAX;Hf_pw*YEM7+i*!wn}V?WA(ei>P3~KVBJKZtB(|*N*A14Rv>w z>Kx)$;I;ADmw~I8M2wLB(?Yg%UaRPLvg6_rO~)gRQZd%TMZ&Q^-sk0U9WQfOb zXZ5n;+~0%2q<7VXP!;y{zhCbYq+doOR1j-C_!~t?qj5>H-E5n`vGs5W{*rjmyCvJ` zkeV=2iH$mioVPPJ@@KsFuqs)`oIfP5+`BEvE&{vp13ZMWr%%dxr?;a$ZEmbHe~@UK z-#!o3wrFef!;j9J>4p33HoHwr52xYniL1+eb*y&%G?v=LMF@^$zA5$vRVTv+}j<`s7St@Vi;|$ z?vB^Gx|Z=BbjOC?6?{h?r(jyy$E|QK>_V(*XP}OVdi+A%`b3T3Vo(a#SDK2S)g%&p z5+7wd0fu`lS~@x2La6OWDD-h;^x-JvW3Q{8r{fi?un2<;0l2WUaDN>hWvuz8bG~&z zsZTAwK1L$s{ADo9nHu7AWM+vc578V{!LesVlyhTh|Z!%WPKa93Ho(K8?4zXXk&4mK6& z2Jyx>ZpdO+z*w5d6*P@LI_cg%n5EjJX3`cW5E0m(67^2lk;GfdCZlsWB{WC$f9kPP zrJHEVO4z-LW2lAWue6ogykiW3}o%h~!`PnM_v_=tomBZ=X4E)*#&N6T5G#%FBDD+PPgmtdIXatlEe4>EW;x8*S3K9$}lWj%j$b zWjx{FfaHL~bX!WBvzo?I%@z?86XV_B96Mh869?byZPVf2zKFK?y*RVQDcpOzX>rs= zb`|R@{BYQ~4g>bvdnw74h26&1HwaGFzqI2JIr{Gd$13U0!ysy-IHrW&DG` z<2Ge{hy8n2Km|notu~$PRAxDQ4AUY&V$U+a7BJWlVcyRZaJFC_IeXpudhbYQ^LM;< z)k+e)q;@U{Q_zm~QFK0OpEpavfrv*qZW=ema zn=Ut0YJ?n_&E(TF*4Iah!?G6U=W7s5rP$8jF5rdxuQnj=ZPS!%5P_vEb32J_z)0MB zg;5m~(Us3DBcxaQX|O4s#-a*k!nrlarySml(pSbdbj*Ek=zrQs>z%Rc3Ac?`Q*$G^ zu*mJ^JEg;%!l<6iZGOm98q%P81`q#GJsP|7dV)Y75O^V`@}NX$Km%e5&L1AvAo#!QP<4Hc+kZl3=>AQ zzn9>f6TFOh7%3M|nD!)#vZOpV;UC0DQ+sS#7!R#XBtz zj|0mG^Pmu_S2ILf5f)8_86aQ9$==kt2tBV0ue+5yZ|^`J=TZXVfQ1R?VngWD(Nl;Q zN-#QoL&LsmkY6+pJUY``L{|jh;x{AyXK6o&rhDrw-e@Rp`N#kZ`!@&%^biu2Cgfj! zLKOIfuVXTv71MNLPNYX&WJ`ZsO_>;YW@+5G%`aRZCh zP!eU*N+;?(lcbCso+%QK-r6tio$dVYf6u< zj%4NMrJ9_heS2NL?{uLX=3_uEW-o1;T>bn`uYGX7e(^qL&1!K`H**!t6v<%IG?_G@ zdbkVeIFSK3z!}tPt3T)^U537gdaLm;B30vgnSCL<;6Tmm^l$qc4$mC99V4p`R9|OY z7$T*^A3V(QY{2fy1%G^e7A(kI6dlBcQUvy%GAj=c*<-{Mj_l-?qS;W)7mReSlOyZb zqSRFtkG(srCvbyI?Sp+0v-QZe%BRzlEf?vO-@k>~quvO?TuVqz3&FSh74gidh9-tR zMcqxgQZ%`10=^?YTgdd;fJKgVbI;A}}1F2b=Y$5}hatv!>Nt?Yv*>^Ef zeRYL`f>oTWud?ctc6SB^)9J?k`*ulg)NO>{cJ2@Hi`BDy0I)@5X_DY;3+0#AUgnu& zpEv4QRfeAQ{yxX7btUz&?Q!&jP4v~{b*tDAN@99?dKWbS{zZX5b^1le+mX2%Uq^gH z4E}_OB(%z2d~+J{NiPXvl*!|O#U~L~2miY$Zm|NQ@#lN()Z(24BIs^vaZf@0tXR=L zz-8K>{oO4Vp4ypfHx9fy4u&ZkbCS7Kn{u#*YkD*0b&RWv(YmxpQL(~+*Fxs%`;5yd zrQ#aWK2pQx+IN(FN5EsT2x9K!|L_Vc>N_*Q;ZNw8TngVvd;^1q`1t!3ig?LRm_0{n=k6QmRMi!=1%88cUD60oL z*Cn^KMqn;sv*P7AC|W7};2A=YPV%%&7EEbk^jKu=`pw;WR_dv-X1Vs_mQPCLSy>MI zzk|W$^1uH8%lEG}UL`MyFGBB)Liq3Su$aQmVp0f;jGB$oZIvqB!;l6JMr*7OcwbE% zhO(W_M5}~wa)WscH%EF#e+g((e5e&`I>jQf1H7dLb)f;T`JnvvYDgTlwO91UGY zv^E)+eUK}77q@BCufF$j>#dn{%4#^iHP(t>2fq=qPtCd`BG2B;X>sqc$UaU&6#SUY zOAQn^j^p}_ufqC`edeqj8nE1BajGQ{djdjoa`Hr79i7h3uC5D9l7Vw&uxZ#9{r8#< z@PP8Ov*DhbWg@-yU8l*iTNlC!(VEe)khZwC2zTPpyl9?2iB1Aj`8R6`w(ZVpKR><^ zA5;Y17Rf$FwSs1%SUHlTI@aRh6W}WOonj;|Wyq~frt^KQbS=RwVZQy9u#a%nqrNnQ zRQxT;l(4uY`e<4(v%v*o8g|1}jBEV{Se(>zVcK~Q^A7UT#)B9MwY_ZCB>;w6*#lg6 zQn6ewW-5FnxniAxIw2lLHqGc%c!g(#v#W$n#i>M+f00~sA8@qn^I?^VaW6l3-ipHx znNpea#Uh3@PyPk~TYy7TPiv4VHsyn5_0vZbn#JC#*NP@|t(ibYG}oo-_9=lrZa&Uz zp#I@GRC18oKCa1oVN7EgKR8IRS&aibu2EpYFW7CsxIE!JEk7+FX)k|8zOqyLFZ3Nt}y`Y?X;P>))nUrJQk9;{2^RdZzR6 zG6)tz$d$Nk7^~6M)#ddiSO4;)D*2zyxf{xqCIP2;t>7w8LArYd$;bnrd{*$IfH6=1 zc3vjCeHt5tJXWHQt&iPBNcfsW(?N=9iZ7SWZ(xs6K#on^XB6!E-Nm_16MKC~x~3|x zP~$Q1&zTi$@RAuKhKe7d3_y{-XWDuW^1GSfgisoYF3{mT0y~3l{cyyNa*>Cd`5LH8BGm9D8jk3(RdZzKgCW?nlQneSQN$Wu{kGW%C~p2`u}wz5Y1j4$_F&rr^1TWWaHuo$+OCZHl!P{F-pD za3Fvvq$uLzm+=do-QDb8C}S1lEv?F~Ph-@Pw;J5?D&i+B6tE=B@-BfD9N+5Xy2HXN zm#9L#8rr_n3b40nN`BsqqTg~ozt>x}XRebXS8!!0Q|^m!Ro$=I2OZasC*>!f-eSp; zMp#edCI4EG#a0TyJCHuXO;3MbD`2!NN;w|2(dV`&Z3~-^w_S5kMZ3ud*M+{2DTcI# zg{@DG>M@#6+nyrqT{4^O{IY~G(a2cW2Jkr}qaL;&9lzN?|uBcW7WguZYZbJv*Ap~+A zkxTk`1+XNm1T6Q+a@X3z&pobjWdF{Q44lT*VHTHWNbBF9C z5jlBf4^`%hIggmqj3yiFM7n=*4TtZw8NX9NwTe9f2DL8tuu2uzX=Tip_`6*WHI=bE zF4sG<9}@6-MZRJJ&p{`x!YAP`5hI(`2jJ#@$OvN;ur&haZ~HU>mv+<43Rwg>mfxM-Q<~_08bF96S<*uI@v^BkzQVBY?MEf z{fI+L*d)x=4-(f&^im*r-}1iJrLji}QOklyA&H}h#y;A? zH7F)r-MqSWfp|wNWZ0ct3!!P=rN$kR%tAh|Sa)8n&RP+SP;Qv5F*3*YzNmKsPGKLlT6~0jqXNMzKv$>SG7OC0MwEvXgyE+p zAH1`Xf}nIb{gAlL_5Vu;dICVME6K~(I15I(slEqi$1AWOks4aJxr?JfXF3;)t&F%! zDBT+0I0%!RIhh#kU5^+UO&O78qOx!@<+ypH03v&GX?3q_j52JoOjyV|856;Xo?4f> z+hKLkc5SBvg`GHF^JeX3xpWvJ+?Fezku@5rj~) z_*z;ZqamZoyggdM&RF&}EA`&IF>*MQ_Uswo^p#pMo4UD%PG9sES%vUH2`W!ZK04LA zy)9~;lRrw4*^0(AzZKfaMYz(z03+o^&EV?nR;zr_q!qKrnKQ@Al|G5CzZc+RyF53A z|904o24Wct7M0lV5%~}D$V`j-FuC@Gvjez=vf~w&TE4utb7G)=Sy}0J$bxR<&(y%Y zU6)GL_3JBv4-nlrIdRSn|HKHAlr8J1&gT7qEr+as2u5+WTmRAJ#Skn3AvnNYQvMIL zQnW-4e~JL~6nZwqH073`bNhhfOmpB8#>(JUalNyN=qc?`?peMvq8roK886YNDlQ=F z@_wozo`+f7P}Zsz_r^Da+5AaQXf??@3MYQc7caWUhGtHh+&okl&SlcHc0w6>6JP%+ ztf5)v%H^MsLo5qC3AuZHYNP)3@o?LKKNnnLwp+E>Q+%>#UVt2hg zH*eaTa-r&~St~7v-od|Gm$*VVg+VJ-h9cxF^OFp!X z?;P}+1RZR)R=#S&B&Ft1{Y2%q=*WPpUcd`1DC^dm3_$H3nHN5(B6#-WH(^240Kj)8 zu$}n!E1QZ<0c;hy$p9z0vu9l_mp$KDXcPcf<@Vsq?0A25JXLAxczoEtK33lD9AP)Q z3qm*V3p_thjeVS-wx(uXZoF2CD$#J;rV%;6QckeKYfkp&CFmi7hr+v&lJEh+!NF6< zn`29rKmyqEGj(+vv#~=&B@V%ocuYE%VyLi?v`XeJ|B!22i-)=Rl*)LsREwgslL0?H zB(L!+9xT5Mo>wcAI6f}L$cDx7wO1D(ONS~b44R24*q@9p!_KdO7(&|MiKaMXMyhQb zlZJd^S=ye>V$YS0m~L^XjY+{9hSzvHUy(zE z#i(?}STasZbS9aP47S{}$H!DwS6BA|K#C<~8Yp-L0!xE?#MCx5n+!gZi)GJK`?YyH zx~~zk$B(2hfMM8ZyQYOei6}f^*ol%rL#aojOi%E2cfv%&yjr4xV5?3E#F!ePY7X5Z z*P^&Xicc=pdXqkcyVin=pba@Sv0~cu1=IK=SzP`^u~Mm*HinCMOfFB+Q>Pz$DUl?t zD;m!~ICo|<69GZW=}pgsRNi?Qo6L@)N|JfAucgCabQubq4xp#Lwhy`H8I^f&gPi2{ zRNc>sD+SjcHRc>t_Y0gx<%S|pqRAE=zr3j%7R_0_0#lTbYrh=1Kv|o82rvZ#wzjrL zBoGzB{OJJm2WimCTzz+tIFlx%;zPBFX)ij6S7TO#m>ec#^A?dqD2rMpvE^AT^Rb+w zVvF%>RY2$;ogj~amSmHiH;RZrdULvM`aV-laSd2d^F&fxg&6vrX}v~|Hwl=qqsHL0 z(oTPdhSIb9?MiapYZfr|E$o^rIjKlp_*(FN6%lPpF}-Gs3_ET4Yo+7TKVeVsRhiBfjs{FGXT7*?B!(ZuR?%Jjf&u`*IQoIUNK;b{sfJ^p5S3szyy?Epd_5T(EsTZ;RPW&n`7oU%3W$~> z_@NbHSnoLdc4W!%%>KIBWnMN3j$zU1x+hzD_)Q}rbG!Ic>17sOoor@Yb&gEVRMvXA zGk!agihs=s)BDh-!!uo}T0pt!_Jl4HE+bRwMwr{o9N?&uw|1tnL&Qx?O#T2^8^%n- zJCG>s1n8WXYLkPXCzE*uq*0A$YOPb%zo~nxJFATsUB;NSfMR{V(lM{r99x`>ci9=cuQ;6{lnqd zw9%^(#|T&AR+56NUU(fqhvL)S5d(xto#|3IN@J^7ot%QE_W?@&w%*P*^3|vwB z>h6Z{iEkhw5Sr-iE4s50*7dXm(3MR} zqVOEnTmJgaIrW_A?Aw7fdSPJx0$#wxW4bv%F(IKXIx0%&wThtEC$OE{TV86e3crPh$eK$YnWWytnA5X|o$Pwl;6l7+rjBWi4AQ~w-HOeu}GP7?L3zMHAw z#r0nvdjQZ81qRMiRhf|mClmSew3vUUiwH0SB>9qb+XYt0 zy`>`X@F8R^#H7}61O&(>3moT|Avr$Ahtt-`garvAYgZv?gd|--jtYi;H}KmPyPKKR z7eH_%W{vp6ak6`OF%pdhMLNEd@^^)ZD8C*lCnob3(oM7n7QDOkv+);BkyLt1QcNEMXuO#svJkId{9?4vIQCJh564>3uIJMKOvO-0P7I zC7o;l8dqt)SUQUs=Mk+|Q)O9KWF|l8LoQzG-(QV<0NXKfs0yVf{3sQOabz^)1VPEm zhR+lv(bo|Hq>h~F9?NBmU+oJfDb3aKx=Y0S(R~6y79;NtiMo?LlF54uyw4kbWOO=c zx@?QJa!XCZ%!B6~=1MYfBk2ay>7P$lb=YzQBUuNMKU+`JeTQdvNNUGQI7s-agXIhh z!Op7{1#OTgGMC39n2SnmURz2o4gn{S`yDB}1XCdv3!Ww8OeGft8mtz1wYci95mVdI z><|?*glQ^aLj{V5_r?-|WRj?$wy3v2B?@Y=x|v$z)THOu^V8Ej83-5&AtoPr1MY$* zX4>K;56>!PqcKucgtHE8Mr%Eql`Ai>MC|5lr6M-GHaA@#9E9j*{1bBplO20aV=Jjv zzHC_MfU~nTy~k6p4Pip2xlC5eHE)ys&OZa9Yr+{tprCmofD+{vh&UNkg-M+&K~zFN zwAAP@7&qxrM@On*jEgA1wY*>+YpWEOwG=_U8R0645uX9B%hLJw}*6)N%D8V*JGoOz?`^;jGnBkD~4k&SMDu6rFmup zmY##n20h+nclRsY*H7~NZK$4&IjoIgaE*x*Y)J*7e<0mchEicMEk~~mUv^(WaiO%q zp|!a`O;9=jKyFM~V3N$5t&_zcA;4uBCv^SE`h+~RBF#uz+&BE$5%2tb5N(d}ey2#Z zASRgrl~Io;H3{Dk@vHE&=~{`c@XaG>XbT$zn$>_&&pj6ulYrW3ivD3k@R~EM)@FLn z!z5&D4KyErV5%uI;9wXdWim404Bm0Tld8>C8OjwN8_-ep)eafW`fsgj9QD_b9?E#} zfpuY=)J}m+)lnn|4k!i0q6lFDMEcv*kmZ<=9??T(A_4pR(HPvNno%AHNofBxlHUBg zN4qS+-Mwc7^omcif(LL2VBLc~9`pubXwOD_fZ_NEF&#npNu+dWsLOZ2ix~*+Df@lK zF@f%i&IIIQ1RQ@GSYY}2K!&lmINcfA^3x41CN6kAL`7L|^!tJ&LO|G;Hg*N5 z_aUMJJ%1?^tieqJQEdV+32pQgG9zEscQAdujlIF0Oa*dTq=C-_E4V<;WA(aw6Mo!D zD#|g6yN6BG>GP8n*HE}I_l7Uaz*KU6?=y7uJlG^O0~;POUF~}-sG@%lrind6q9;c9 zh}YgAkNskpjpyl3f50A-HIsM4d+gl~C%$E(Mh7pc=Z3)u=9q4eu01FrA8R=oxez8r zFjDDP8NzW*M3_ELx}Xdpr9dWSN}dn05j=ra!eeuXWG)X7X&W;V1RTcawF-<3?~HXpwJKrJ~FOocP842e&y5O2CIjUx4!tI)tA4A=vTelKo%U(P7%gzehd}qryssw}SEXlR;NE`USgCS6R12 zTR~kQRVONpqpM5sDJ}ow!DdgSQdl6h8N2JgxNIt$W7R!Sc*1sQXAb;P>eY z0oiA>-HI3Xi}Pl!lH0O*HSmKB*dGoc0Vhl=-3&9Eaw$*JYi9bl>`@An`+5)m^7!pK zj{a!#C!eW!mx+svJ<~yzy=+(6Z4%~aqrX_7}F*~&e8;`U~&TIHruTT`-DV{x!i+w=CTNK6IxLdbOpPTb^@ekbED~BHw zqT!Gw#C2qgUfntukp7DWz}`Gh?cHbZMjm<++2UsI+UqZn%QR!TXEVHB=O_|Mw#F0c zR_K)^F2t{mV%KXMgYO$!6^+w7HvhsdCqBbtTz50%h?;HQrg~!{Tek8Q_J!Rr#wgQ1 z)AvQ6%&|(*4HMPr>WNQtE&;r-9#YHsiVk9vEdoM&oxAQ zjo{xdoa~O)8z)A2#OhH9J7#T9QWCiYgcfhM?1k%hompeseL97XYfGjP1Ya z!pXiNU@A(kfJYse=<6H_*VQBCSlNr=4R9{ED-J`FHOZ33R)d$s2QxOWiHGG4lnUVB zA$8kgk}Ti@e9)36Kz%;MY-jC5^+zx4^oo{Jyau0mlGFx5+em+qY$yl;sfHS?@f=pT zqQ_hRtZ@k>hA~!;-DDY{C^EP)3{!$eY><9iWrcg(b-*R7b$Wzkav+yb5NUxUQBG|2 z0B_agL^jp|4;ugE?Q>5sRL^IX^cB>wsZ>Hu0$&`u$K|5pbR}ZnydsO|;dMZcBIWzc zY>bjosv#kT4O(7=O902oGk)(tsSeP%e^1k2fEs=R!z=8$01`GJCO38*E!*~l0fDPW zur*5C({ci}cOz~a)lGE#j|N>_o%6OvqQwl~2O3;05NvTnG%Sw3RM7Eie&DF#4QL6; z<3rgll%I&xu4ay?x1BrBDXXJ;|9+-|N%WBefm@;S)>=1+q15AS(~1^6o^3S9!YmVl zW+^~xo-1D71p-`xuNMI%qG(Uq(?A!-0X^Zy3=TQ%;1em&%5ZKsQ_BBoQ9(lIuVmVO ze_cHAR;I~NgYNZI@Qb0_%%qlyg}gR&1QDKb?x+i3^k@dOQNPGwS)~_IsScW&F}^0p z=#qZ>zCK1W7udU@tK){A_VJk#)aq7bU%of%$^VG4oiq@t4Sf7yp9JkTCw=d+!v(sI zZzylpYt0V_7k!YFu3L9mk`kMD<{^MkJaF!GyuVTExOa)tct3mm5O3aBCQ@ZS=h_Hc zMO)utReado%<(xZCA&ZQrZaZ6nU%Qnwn0$mVdeogdu;yj`(n$m5B8g*J${!(j~*D$ zGW=Ot5sU5DEfz~s7Q3ZGINnUOE@x-0pDJO$I?ifziGY0xmPUyJ80!Z_0f*bPSJLYV zEmy~d4=YcE^MdK0P=)@&n%EIfFZ@e)rdVNwb*hTszB8;QjKeKHLa^iaA@O5EB#jb@ zj&5}@38A-Yp2WO%Yl;6mK(LhYJ@7BY9sk!*tioH%4*=9@^M2Ifr1sy|LF zw@TA8*sjw9vo)J#eIwxmk?2A`vBbgo$`~tt|2h}SF7Z?r)`=sv>m=(mx+y z1V6oPeQo@^FUPxW6saKCC;uG{eD|b|gxx6mZZ2kRL8-_Ld^7;vap1wadFOpUlXbvdy#J)q6^%v%Ccu=3I z^GWq?wury2b8B}dePIxKaX@FTn3{x8-p-8aOiZ<2)}Ys>)5Lf{vM63OsDnDktO-+QOig?#A>jJFwD+~ z5u%Dkz8K^SdHBYq-t20dANTstJd9CqP7{pMg+QR$Xn9wVD$_^_lx-a{ zBt`L@kqv+la!gOy&Y7k}{mJF5dXksk4=Nu#V=@r?#|QZhk7Z)9vNY#U=TE#Qn~31| zBlO-!JM*N{1!4&aAUTre62yE1#{dl=B85Z9GtL4y(xO3TD zQ}2%Ck!+T|7vk2CcQR+X*?V)<;6NGeOs_x$?`K<@ka z`q-_|G)KMaEWc0zT6G4G@|0GG;37VtkY3Ofiu{VMmD%sbCGAKI5x?#wCm|#)VJj5X zm|5ctQP6j_0DWs*K6~ruy%<(7tFfT#Y51w#TSMR3(^~Yb9IE8^6WrFO?Y$zCGK+@i zq0SUX(G%A9Mu>F_542vcw=}AC@2FnC@nL9m+KjiWtXEjFIw^GDu6mlqSlS8py%4q0 zYr#lBKu0}fI@Y}IjSMso0hY>dUl&rWlW+%`1h1k=biOw(uADopd?F5IP|19EU$1pY z&B4^%peO;Mf@f+~!3l7T(ZwbR1JGI0D%0Xp9?^C}=9+CfNOy%d5G4HaUN~kcJuU~x z(vyA;)+LA(HIy=*)(uhTeCS2+o9jVwFR*V|`3ZzQ`IU#62ljjux zL6CgzZ_`QTJp6sL=ygck^80ae-L!y{^;n4)nV}SWXXY8GYmQ`6TgO!9R34O+!R1sh zLYImoh`PAlZy5V9a+rOy_X+ zen9_1jOF3RH7ed^#F__|aagag$tVk2gn-ewL*eIF6?pX1G{|gmb$#PTb;i+O8-A$J?ej zXIjn(b#AVQ@jOnEVls@|+SevYVUxZ4!zaJo=4r~6NaI;TPcvQuA^X3#PU|<6ekt~R z_Q|PVpQnnQQzqr%W+z&1LS7V9S!ZmFFQ4<&ljY4%bS3N@6aeGjyp@fZ3;|@+GGuth z)r;M`Az@AAp%(rWxv8(AgFs+r#N%+O(G+zxfjrp!uv}<;1fjZ6^9q&QT8`3VCxqYZ zjFe;OhfgR8J(5PnUJvoc&4W*aitqis?$u4VgNMW3YmI7S)9n}D39z9YLkfGxFlxvz z%wENtfc%l`=leHOP4g~^WVdSo$D3B#vETCQyI`$M6lS$j$tG>hv4a zIPVDqDp&i^<>GzjlD!I?@n-j1|3FcIt$?``+Y8zn!a82Y2oaAI$%z4Xf!;2E);aT3 z{S+n9y=uO2GJ4YDx+_v)m+$fTI7omH0%fC8cU2ztIT_)jm&pLWN_FLP=OLC}$;IT0CK($4?xyf3CbyEr9h5wn}4^xVMDE?QW0k67y6r`|ld#}QlF^2OQ6^ZcLh8YvX?I8hl3VidtD)BtFJ{0WNH;0mG{3`kd<)6Vh}No4f{%8 zyV|lTlT5}}6)KQ8n$NlE)(y1odyy(p*_Gh7+!{l-Ke4X=x;Mq(GFIWVo~o+Uw7<-~ z^?-4t3*Vx6JS1|AWMZWg#Ozug1X~{cR)A_C2p||&ZgZj-be9I|j-lW(5M4a8ck=j# zMWF4rtz6%~cy}`*d9pc_s-)Lc?*WYzd+_+F-{pFDn(thqt2NsCm&U`a-@UPB0-rn2 z63OGGaVZMk!qJ)q@y$EZlRH^^#=$gpO!Z7_Rzmct>-Tz zd@ixmMJrOh>sM%r+s$e-g&pRxG6S3plJmnb6>}`k%r6xqG|p#Pj-k%V!~!>3%my0@ zL7U}bw#oOH-GeZEO2tk|OOuVjUtP%+r~9A}fsD0+2ca=KqQ#1E7(ceSJj0~_C0ddS zo@0_Wp0f!@2^@yRN??zLXV+)AbCB7B|6uAumHl)Gt<3Otly(s=mB~c5V*F=+7cY<{ z&mkcAO4dMf1R3O-#4KTJkX`u#%fdh_kJ#FJhwJp?`rTy0k3&PflnRJZ>2g<48WA$` z(r-#Mv~3Udb800%(IAKL^^U^l$3Rr}Fl|YUfHfS4ix~q(kDO!#`xg2JJN(9FVV#HVH;!&|eHdI+>;>~| z%CN?xXXwnvx9>6DrdJw#;vN=`9r}Zm<4bQpOu@Q(D@|xcHIvvU- zAO`x!%(?UH{EVbN^;#x>lpWL1Am1oK7u-zR{lTW=VhAA$yoK{-m|37@mbyUZl3zm? zEr%)zb7G2*k?)dsg?B`WL6w@P@+Y=f-WDASzYPx$k8vieOL3vbwsZ1h%?z(XhdK7+ zKi9R6>XoY+wJJUl<@)l7V?GNFG32ukVYfcV1hL z!`?e6#4ju>lUk};Zm&NVrkfU2~i7>B^Rr;U%GcRL9J<&eS&~XV^nRA-SGU1iYOB;NtV)Q!fZwI zYMp@sAxGTH?i7WL(GG5%tQbvVs^Hwk+IXdv)-Gtt2`XR{C&FwWA0Vi9PEF7qVMKp~ z?~JJ<{`{OmGGsoEe783Q?yyE!;Fp9Bqw$kUZY(mhKFNS&lzI-m5hw==3YBUDFEtVu z@g%qDLT&|1C50SCrD%7kk@+&QUVdDq_ti1OIl>T}DNgYk5bwdUI0CNcbxS_fy`g87 z&yh)vai+Smxx}n*0ZsR|sceN{Lshio)#!kJ9NBA^QmM;WZErzt5G~y5I zG|wfatLYF;P@Z->hU}RS-tLYc-s8!-j)6+B6pP>JQE&+1^(aBs`siDJu(jS_#NzQ& zm~E~;u$&#FZZe`Lyyd^MZu>#=B;MU)kh78c+IX8{i97vLoaoE2KHVYYlSL8&o-dv& zqw$sFx}rv7S2`7BRT`YxXB!fJWsbR#3W%mxU^%VPJx{6dZZm1C*}5!n=-K(bZfq*} zUE_$w%Ei7$&p?Dh3M9WV$Ad{ToeXXw#r1qIt(v`$d-#t}hY`L|mRXIVd(E5a|Im-& z-5kwg)k05yh8{Qb*3X@Qzw*~z6AAjjD?Z~%#opDfG%ItFq0uRUZe&GQ$rbAZJOYBl z=U9aI0>@!-89bE1^i=H`-Y6;AUGXYtiU2Y)28A{`CmodPDn>NUm>O^Y-YYXJ4hO)+ z_gvpkfEYMakwe4Gk&k!BOhJscgL*5%QGKel8 zD7PAkkQZ=y8C5HwTI$|@a^@UAj6 zvrN0(Q+r^7&_J01qB6w_B!nhWdua^1i%NuYRDo_fVhK@qQ*@^Ao5f5q`Lb`nrlD>h zes|HVjdiWkX@JZ%1mfxgbdNvf#n>2^7lkV(!3!NRle;$DrvNi1d3y}xK2CjPb5 zU|c8-^;At~BqU(7C?RWzysL9+K6Ur}qO`lT(A_`Ldf_YBU|+5WJ=K`G8{*Tcbq}z) zzQt{9m-Pdu3)$mL6||v{RK53bJ12w?rgobdIv&I`?lN=UgUH0bjEUs!LmRoe3UMe! zRGV~fTOG?5LCVsqz4Ki$-BG;uxY^m}(<|L=PYp_PSzzK*2S}N%HlG%TqYK9(E1&;t zVXezw)-C2BOa}$27Yg5bPP9Fb*7zvup%B`|HKQ}CHM|E6YhWG13qxL?u?ms#U`Xb4 zplc)Pyu!k_L`SQd-m~v;47>7Fpd0OVdT(9GnX(BP z(x&m|o|E6dwrg!}Md9pQ`0n{5OzCz|YQ#i|Fv)3^>%&DAyKyHSMEj_(3(k1vxO2Da zupT5yO%{o$->Rj{CbS9nNg^7HX! z+jP(EnEGh6jKm5mQvRO}`By)F_U;JClhS?c@J&F2b_H6KKfP-B8&c&JheL1?j3BlG z?5bwx6IR}L#GvT>V0zihrpJVnLZfA$WZD-y-bq&hS_pv&wx&+9M+SFO0E~_H;Ehf+njY36Kra^9dofF=V^z7E(g>< zvjv|##q+WI+gRJjHqb=l!GW=h6ZwMOXyS9{Y*%SJJ*VK4$T(==NPlP{f{8*&;z%?B z4qRv@7O;^K@Y$QLYytt0+`4YDd<%1=oYBR8y(Zy&=F4+(^D2jx@gB?hb6lZ#&I_wV zTkG>7#loq$h-39ty&~v+#up@emlhcL0VpZ zNy+*fDaYGt)lrU2To3)s0ZQp&Yy(mM)@BK`m2e3Xx!vX)V7W@!-O(TI>)h6t)ha7W zydR!5o)A3D>{KOI47*=AF+(qHoQjTb`|qoq&xr{`SZa3^vRkgujXi)US(W|RfuDZY zq8^KNDtiJ2u7&)e*RK4O`WVTZlGsH9hSxW4JV*4K2GDN!&D2uo)``}yg-VnYuNQsS zLtrrsPk=CVoJb1AEIvLf>1S@!v((-y?p!U}nKtvpE1h_g9`n;;d(tkcLD*bI%?p$# z?+pEJ+ra&b4D@XrjVJKs?)D8hDPfep4dR`F2oGfZc6tYDcUj*Y5ip-Z+PgR77z9fp znhjAB8Wq0Fy|1Dp>pE!t5s(P$sz+ZA-R6r%f!y`aYRj?Tez!-mo#9lF4g?7aLB?mv zwoFG694egK;Z~Y1v3}kSEmf!cFwue?+r@9$&~e;{js<2DsDWO~F#KS?GkER18)c1^ z8}bwoBK&eAh$)96eC`M0Un_CGr1O6wylO{9kLPf^AA84;Pc+llUltOwc0YP&{v-0r z@ve3~akmZ{g-%y;O#VRN<5gpeR?VOYtq8=rRJ9qI#pLg|y>RBN)yLWRm|DfZl(jc5 zJsv;}GB4O;nFFPEq*h^JqQBIsRLxk5y=4`zcBdV#B06qbJZ??;PmG>8R5}QITd*0q z-iBrL4c5f_NY0X@>i~kqbyPoC>)L;Et*qTIm#1le!%C^~9kBqZ1;*bwNSJcjEgpp( zIz`RN1+@%@Vq)G#?U};9N~k$*ZLlFj@wBLpTT;7r#p8`JdlTsFqK105ZvC$Y*A*El zbp?`1d~5n1{rzoajY;+f;Xr9_m1%cNTwTM7#K2_?H1cAU7yrq}LD9l|Df9x0IR<+_4r z|XlUT^#nM*| z;T!{WhcThsO?4hVr(h|71@!G&wJ-!?5faQd*I3m!eseAwd7c`#mXv<-_LzzwB|%f}|- zx0^o#W;9dj0uHNT*s@T^)6t#PKtNR{poefczcgiwsd4=q+j`vNb=W^zDkisWUB*k? z-J*ZvZ5-%g0n%Y~egW0dH`55xL5JMfqrlifHkxRqNV7;oDeEP5a*y!1!BhQmPzW{S zg2RK}0Z);X^X=b#6Lg>w+2gc>E&AzGnT ztc~z2BlHsNn_M9B`yB9Q9CH$YynF)AeX9V0&g&nU?wtj8&*^SEdgw=R}$WCy*DDxF`IuSs@7e0WEK?~S>&CLMILobyX2K`6q`ztIs z_-Wvpc%TMUQQpUr3!N((D!M5`pGP8F;T^G3u8YLsq#(c4YML;6#IkQ1gVO9j1#%}6 z_^YrqUSO{uc|Nn5z=?Puq1Oo@gfnfpD^cRE{NGFuU6M zYa8dm^7krOV=#$U1t80>H}g^8$uxMS)2rjc2^*pWTga9RGT*M zE0z6)=6YxCk)kygIMAqN%m6fwmcL(t9gYk>yWVA(WC*Gcumt@Q0*W5@CLnvsxbQh; zl4He9nyz+7lkpX7{qpiMEUBU)MDJ!D@1O2h0otI!n>$)Nr!-g}gXvqXC+`1w+~AjR zfHpnfZbJzGiq=0KY5qsUSOj=t0Jv6x-9MZztxXT{oS{DX}V7{$^v?wS0Z1l{Nk-BtSEk?COj zhaP`J`ic$W+0lgou3o7#4M+rX1IrcB!SR6J)y2L`@+eU-f&D=ds-YhSh#gB7$z!D8 z(s(b1#jSCMBE4oXxY}wkrJ3N2{lR<1IZcPp_4jcu34h5G zT?I7cF+uPe+cOdlXMU>j+RRf+eY1{64u7C?A}F0$%ltS*U{S&aY?>+*_bfiIM?^&H zrDfki2$G#A{1#xddjK}OTuMhK zSs5%L|8$fZ{4IDhrB!8LJ*p;h*Db6am8dExG>HLKG+nb2=$oQ{KNKbm1{&5P@&~_B zTpT3|Ev~Bth%pMLCnY&s1F1||<2F2e!+$?E{2e^arwTGL2MyuFJJq(iI$cL;Y59oH zn~Hm-$*@2tH1lh<+op?Ln_J_r6Qu?Qj+>*&2S@ky=3%!Ef5VeFTq5vT9ql4F<8Sg~ z=IB%p^c;WJnvat`{LJwi*j##`;bl!tZt-yZN`xlJ|Ii|9*H~tAEHK=u#TFmjRHOOqKS#_uq z*H5wj2+iF6Yp+HftcQE5+Tg9&S>Wx_=PF=;1XPBWTbjk0Ts+ZE|)FY5XAp7|Z) zUdV4+)DJBAYQwXwU{GjU*88)Ps?SDhHsLuMj;Cr7f<(k{i7l!k9hG9+ZR{~ckx z03%wg_~7;FqeREGANgh%lt}BPmK4b>>l{1{rnc`UoW9>WEUR95u23;UsSHCeOpk;} z3r@CD&2_twr9#K&D9CRjg_}RrCNUelYV-8)#}h3UKgN3Ym9hWlW(slC&j$mFI0g_{ z4N)`}Ep|j{7>I`Q# z>}wnCY)f``T8Mpp3hjItbYo(6It|enX?2>5cY9t|uCiL&u7>(W(7FcVdeCWRzg4|p z3#$ABVPhA3Wri>2o4?PC4MRgA#+BNM*ja}utO|N&*QGOmTT2!yq!DYZnZyn*7qC)l zdAt-(+Qv}W4WX8k!&}U8{QYuElNhkng_~&ljo*Yf3bob>^lO2mBZ*hbSf_wb#;%|M`(r4_fjJ`+G*Y9)fTZD z-pIOf3KZ6z8?}5?fCdIQ{@nnu{UJa{L+tD6@gZr^abfu9i1E+*fQ$%-4Qyf|cjDJ7 z9#VBJqMD=3dOtZvh5Y6?=t<7wzqn~8KUcO(zG%NyM;trtU;RZ6%Wj$)!kqIhk5vp!PmBN3YWb=1>uHdQ4e&=H4)B_@C%Z}+CMj~fRIS^ewKjp4=n@?mja-i=v5)NZ!=#I2 z{+Nxm{dk}z;V8d+^@YuVvH0snT&d6)R!VI4p>24N-dLE0vMGfv&F(|JR+CsOQ^;AN zXNbmechFhE?4MM{h^R4D253W&geXPM=_hL8D4E`&7<@%W-C_&jEB`$q_gAyeeSSgT zS)6-yV6k$3=51*FthDn->0a1V_)jg;+A^y#3gTdA1}!r)GYj~`?9Q|EKby)wD>4=Y zp5|i(9X-8#1~o^T|2h5IO9ov9@2AhHiUgJVC%&%s8lxT-`p!= z)2a7jqurzE`_pnCP-wSA>a^*%U!LP%x&AUTZC!RUYphk!iJ%l+!is4{x=(UcM*LC{ zEuQ(Mtx0AveNtqmYtk1@- z#q(l%O?>61;Zqru-fS3@UXyV(+z(JUZQt9{iCy7=IF1kEd}G0*I8N5|C&HCdMWrG{ zVTLG*oNA-9g2EJI4S<+#pd%FZvFzW?g$ZsZM!XxF;0fhjmu}VGUHSTg)k0z^(rApo zJ8UeY@788+wDtJFG9y}XDuLIKBH3FRp8?n1rQ%I0i(KXk(X9#C<g$_^4{;B76|WcXw{+9%+)LvRZ>B=~%~SQL zv~)34KN?fN^V@5wUoTEYq%(~`dppy6hY|3y{)2?+LZyKJJ_crtlFL5v!1t6zLU|NL zPi(Z(`-kpgrP!DlAJH1R*H-_#4}%|6KLM1*xbldeX?c-3$X14JRpx^}%_PDFW8iSH zo|Z=Fh>jfu(jfdNk}}oC_GppF@Kpy+%A3&oL=xNHwA_bLW&1=^MwL%bEE;*A}xLd zXSd?Gk!uGL3e_8M^yc6-px>>WB>wlw0@TE*Xi$cx#P*V`bGuxi$89@ecwbrMCHb>$AI(_a+dhB5K!(4z-FKf9Y^PS_zg&~%q7{WPmT%B(3KItB^^qD-PP zh&3@O_>?}hzhaeBHW6zQ(sWq{O6U&<{H;)`uFj}?HCCcAj8zmreAxEfNOmji3w}fI zU_#hfWMY+A6qS|~{8dQargV@Qd8kcFwotOV^LVc92Lr?U`Of-lECQ3a;aNp4cgbJc zQ0??4w5?n%wLCoBoAJ0H-91Us2c~9rIuD3C=bgP~f({b2;@Nwq<*^>GA`RR>${z_k z9_TWpKiN($XV+JHUq?>Mug%2vY)+PR>P7a`KE}BhoWws&npL@uxJrH_-U{vZC_yV& z9#_UfpxKF@^o&2OZ!P^3h(jWN{rZ*hjQ{(`g8yFq6@T%!!Rz|iMTvjVB4T4xiI23Z zJwM^CnTB+jNBX;3>Izh~zG$xgbk#q}5y145X*E2=KiYtD*jLi7%sYhmnRTe`NmyO{ z4e317kk~X6xeSDJk~kw`FT&CwaliRuDA3pzcDhYR{NlGMD(|ceU!{uj*aTl^mm~%r zx2?pNG+N_@hlFRhxRbv0S$!>;w<5uxb#i!g20j=!uZ0$`|NUj!d%aduk?EuTbZtY1 z#A5Qp@>sr%itbp*i&3^45la&n8`GA?Ac_=3Ue-^sG9x~U*DAhJp)NLbce8vi;3Hu0 zb@727+m|05j}SKLOtsOCr9RbAZvg-dG+dfEAv30G! zX9HTm@;r!r%{#lrufsZdf>fX-WOW~CmJHqPjG5!a>`}2%!u!_0t99No_-D#23oOma z*e12BX7RDBFOGdhK-)$Z^yM}Yb2q)@MTKWcZb zYzb4YOiw+5(ap}(>c~zwN9au%%%cN4({VGBTbgO1M!alc#CufqQQ!r7ergD`EqXwy zs$FkQs|v|4OY7e=88QMqO?E|a7sEI7PFawQ_{*g_77cWLLctTN0^iAVt^b}d^O4@3 z*;wB6{l%l$dXsGT+L4lqg2G!uLc)3`=R(baf7cMOIzk^q8G`Ybs&bFvZ$TZc4iQj$ zU}I*sG6exhdX4++|G9YeQTy#kmWul+`1$DuM7_t>fckc6`%dAj#{b4t|C1a8pCzO= zC0I=kVz`+$1eM~!*2>DtC@EQ*=|IO*VQ1Oq{kZg=*I)@+Sd7!h z|M~N1%p<2i?x_pbf9J0Lcw`t;7fqO7@^rByOmzG6y#$p*wVVbx>92TGX_p)5=c;7A z>;sU!w>1F6?A7JL#?t&xjQP(pWG3<$EmD|fQTso38dcg1rzVL1NU^Utf%!+XO`5@1 z&HqM$^A#8-BD=SAQ6+%V@Ai1w%K@1 zuN~oma4|9>Dk>x1R&uNR|15$jkKa6G8>N?*ToF9AI46)S9YwGX)ZJ$y{w5d{{-0T( z1_DY&roF(yWfIWIWqE_=AHfa@n}Qh4wBfTnM!)}ajG9D-52+~8yQrMk*_CM*cOepf zZPEQ^1TU_DcM@Wp9>@uy01|)%b9BJM!4Eh%Fvq+>iM`Wc1_AqH&I~U=O@@joczxcn zcKtE}m%G6dY5Vut%EK}MrzgeAy&C|61~unDa$bPATG`aZ!~g@+N=xDYJij@7pd{1) zn#7cK{V@RunR=>Wr;kD#8;1Epd63mc;E?>N7q@(K& zmoo*u(AugV@$btKkm)b}6FKU4SHjp^Xj45Q1fnl14ERornO~?%Bv2Hw#8o!&hEmvy z3CPLsbY4>aKKO4?bCDY)K^OM)R*-@GFl;PG7170>!-vu~3zFMg(J;%pPe%h{?KL7G z*f#gBjo)6BARKuxMG^{@>k9aNE+4gScNyDc?HFFF#TE2joxP!fO0bA1CEu0JO?X zegNpXVvM^d?=2u@>HpjP;dGDR3(3usfws-H8K!ujCc;MX=@}nH*<4r&Q!@q$G5YVz zZ?4}ks~5y2HNrBTW8Jp4P_AzKS{=3Tg*EO5qm*QLE$6CsbN8mbUMUcY=qlig2#p-^ z-~MgZQxj-UI;S3z%{Z6)b%M(9u=n>D?(yWNklF8#&ornE?HbRI(O~BasS0f^jlVM) ziO7>G;Gda4IDw9$0n3e7^&8axnyLm*gAx!<4|$#9L#zMA&*;2K;!ncyM(F;=u0?%P zJYmxk1H$q8z+XWD$Grm0ohIl@-V!R2!?L6U2P(8TZhB_fH|8pe%pU41FfNrGm4vrG zIIy6@^Zo`t{zeipi+){=W)m)t7J2jZYRAMq5$9oVpVP}FjfU+L?!AEbLrYyzr_lLLiNOcT=metz$|?mjaQMX+T1)32{)<_1*X(e=W5``_~{%b&saTr$bK0| zA=tR>gW`c`{ly*Q$(0(LEcct%rDB0!+G8pTqz-)UJbU;NBp!T59#-X#c= zXh(!0wVl=%yE`y`B2q~Sf06KmrFt*-pPt!{l9%ll;oO6g&p`m6Jgi|XPDu);`UT#;oHGkab1}kD$l5G6urn(p z@P2D?&-U1&bJCn=k=2$!HD<&%sbYWyqkGwW_Q_#D(E(2p+ex@(NY-ZMe}X%YXpq zE0c_1nN3M?TzY0uKyrJ11>sswvLx<-dVLlueGa~lWf~ZmyZG|fb1E1B9}Cs|&g(xv z1Gk&}A`sIAz7wPuSjFwzr}X$kwrsTQ<9L?n=xCNxjMDte1rkF1_dzWpY+x{_??(vR zd970d+CQ@VFIo0#8EUH-!G*t5jg9(Cwl&I{=P#{{N+{=!X;n_r@Xotc>C^qHDuzNl z^4>I_Fr!NXR)}lt65sK)rL-GLywX%q{#qU6&E-dQAVz+mAv0UnHssQex21nistwJs zo?K`gXWEsW?ni~p4+P%a9v>D7{;|+pc}Bghxb0EJrItJ&nZ&~_PeJCQ+v8ul#6^}e zf<|g9AN1=3o8=uZ z+j5MLhG3m8^l^^zS#7hvcist*GO0JMpO>0P8~OKkwCBw>SuD#|mo#$syw~IK2sKgX zSR(3pKCIDHyRNYtn9St%L|WarK-$5}s^r82ReS9@IV??7S{7Yk+mxoLtnJOCY@5~L z;JqATR(5q}OS(OOu4|rlkv6ue5{3?Cg6`?-(9wh0U_eux3VY82bqF^+_*v>Vu-qTN ze|~aJ*Y-w}R@oOes+XY95oHjp#;uq}1B*qd#0(hBD01Vu4Gmn<})l zb0A~#!Q)~3vNc^LUT=$vpxl7}vc(3=egNv1F5fHnDB)e-hPM$46$<&*Rr4vTfi3Zw zXVzzIs!;7a!EtSes3$`ma<^yCxq7Ca!1ik%2uQ6ov7hF*iCwa|&owA+Lm9!P72+*%Xc%Hh}gKM3VlEZ{Gs z?ELwf|BTokV{XNOxmN7#lsP}m6xAAqRQU^4Uxo*~JZqwJHvbHDzwd$S%h9va zr)nq~lW5;%Dn!vCBb`JNSyLE#@NGxxcAaVll8=nK-pJvC?97$P@e=;m@ zVWPRA1?C}b+;Dv3pUK#DMnCRBDytCKvT=i7{Vr=e=Emn6@M9>V zT1$nsLtYcVifkgjGiO=coQa?E_7JrtP@ZjEPQHGb_6eRTIXAYo{E(p)e}PxxbScU@ z^qq!jq~nM-^TW~G1S1bhG*^k|&Qn$$Gh(eJH3293##F@y*!Nz+wtuq9FD{+%&+9Fd zY8m@@)tXXgwVzqyv4b|LeFb6B%K;I3aN`0fwPVBD@gDbgvz5!B1V?|8b@PzJ`NR;( zf##HindW@2_|(-Zd-qbxX43=T6ZyEHTK62%0P)8mzI&SStrunM+-x)Pc4|{dJI`n4 zgUzu}_kGh}qhVhWjQxDr6DGA(3b$rsj<{=sYj}+Q%nlXrXOlW!K&}Nsam-ZIZP*qDB>Ahx+c!@yABjxf}6y z)o-ljJ^Twj@0t*|%Td)^ZXRjM-S^geC>B(au+uQ=2WNFTHTV5%d4jBQUYFLh-o0N+ zkMkRj^ZCNO7to4}%zrpxah*opsMz>eEn+#Jvne82nc8TDeh{Je=~IA*XmeY_pkXa$ zsNgI5p!}2vdiy0pGk`opii&CbFqQBy$71?Gvh&JR4-bEM<=3)$&X(dUwahD5@w+e) z(xJ;zQWS&AXFf|dw9m?4lV2Qq4AL8JCf%5Sn3a;!-&Oe(>4%A7sTxd;v$luG#%Ia-wY%J$YFVCA_ zRl&cWa*E!dFc_1&d;Ihm*%0g&0lcE02$a{KZ6@v>XZ1BOBQ(XWJ+npYQNvAz&qm22 znP;MOxqzKj7Mp-4bxP=ChLiub#>me`M-MWl6N!>uKEq%BoYFh4)L}A07{OBRmTDg* zlO)j_MVS2XszsMC-}acfz3$#E{uX9k{8#!d!*#g@4th|GnaE@BV;56|0JsaV|#t?Sw7p1c6WlL^WsPCdK>GM=An3K*T3xW9w#ar}t;-2smt9RhA2q;rH?#?oQ( zrxOgky_YK@A|f31^17$IMhD-LauIZg9*9Saq`j z%X)>a0i%Hv_k;DbMG`v%j=Jz9KMbi%2Q|G;qQkfh@;bY@6-H|3M28fauNC6>j%mC? z4`R6#31hO{ZkX&Zd1}~1p!hJzhdkgq;y~;PEQJ|5wCmXlYY^7rV9e(eoal>W3ZPNV zcV+$VyWa6S#U~7`fssh9*U6_mol+Vpf{VZ5n)_X5!fvsNrOMdiaJX(=(q2kq`f|xX z&VNR>a4_CMM(O8?V_ozl%%W6}i_+$E{N+OEKYnPjgCCzo@HSQt5GdV7$Vu!`2f}(F zj8G#yNafin3_qC5-rUzdsN(5Hg;$uBY{m!CBgH+t2Pm%6?Ga5>kDn1k4j2uBw(@+Y z-AYEE_4S=T``ir{sh-x0RHsfpTZ@AcjOX| zrU9`2qXzaDMY(x1;^U1Cm9-8t-S?H$NNSDOY>$0?2KcI#rA~ElrLTu@HToWK#p$Oy zJ3B+A*0Vpb9Z~%1F^I$jz14-iylcmw7<6*JYhzz4ilihfDq3hB8cN;PD9jBzw%G$l zok1iignGxqK%l5!zBM9%MZ;&A!_#1jAI=^d?E!(Y66$rQN(CV7Owjl#=zHj56yPC2 zfMz&yY_02;hj=Y2UJg@v0-KSM5t?ZD^2!R_Xt>YU={FmU&*(71uw*^>zVQ8Q4B0mW z*rKg-V^HkJ=_9tseSqOvKlk_8E@B)8ikVWX*_0e4PzJ-*glZy>2-`7z)G%2qo};66 zM$8N8YrhR?t#k!6dG3j<0yXLwr3au=aoLwJ9001hy;eu82aYr;MIUL~exWgSGJLk-M+mxpwiVjz_i@vJwA zCGlrtgwHa^y@h%jEAcL;{w00i_(*=)EiBJ%kwt4aPqAU@zzcmvf*u|obw%)rJj@XX zmKm^WFgALTPfBpy5%Vjj0Bhc4Hhfs;xsQ5<4TU*mxO~(7E97qF5FKzC>6z-5Y9k;2 E2iU8KRR910 literal 0 HcmV?d00001 diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/baseapp_state-initchain.png b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/baseapp_state-initchain.png new file mode 100644 index 0000000000000000000000000000000000000000..167b4fad9ed05c2fc28884d7ab6bb1c9762eb87a GIT binary patch literal 243455 zcmYhj$IkOiwWJ)L|JQ%}U;m%K{>T6LKX0FC>#wruiogDWa(}=22LjdO zy8Q#?|A8RsH2w42q}7u4>pzEL1Bbxp{rGLlruhDS4gw+Qe}UltfxBO4)pD_CO zC)+(0e;@u9N0WmqzHLt6rq{m@WA73414j7Yh7x={q@ZhmhB!;t0u1xt-)jDCOgS@? z=iXMU%$AK~z!}Z^b2aosN{_VeE3xiT1Z&LC`B0`C&&7BY9^Wla0n6?|Vk{ZKI~<{~ zdCW%9*~79EA@N~b<)=k%OvO5m^A3X9@*Fg_ITIN~SPnX)jw zC&%2XO(^~${i%G1kHAk6-Sefa$g&)vuh$tzscrW#e?c=D_$w%hLfZUBA8FTXUeWgtXZ@`4S z4@PW+_;JM{Jg=S%sxIP*x zUmumWMYYCAa2gn5*1>58GQns?&R6(-(_;D9i63s3AJ~5Nvt(Bk`XYw;9gGf(YbJ9j zEtm+_C(QHSX(>Owb7V8})bqUhJ&;RL>ThM#JkMz)*@xEZf9daVY`Ds#1I#wN@$2?* z+h}Xg#e53>Wa0ueRNL6AWaQ$YF+djzqlzAQDDQYmu$TFl=p;1Et@9ifO~V-ErKirp~-(n zL;cXL^*RF+{#73Me|PnO%hp1nVksW69F*JTukVcPykn?c=T^yQH2VnwtDN14Z`WsH zAX@mdUV4uit%B0AiJIk%yV;GY3*Gav?mg2j##r^#KDBc#nO3%tLemX#`5VBNA5Tb*KfCKrM<`#m<@C*Vygldc?M_v;)n zl*`d89J$<^-aecBF-8W zE%!?oqpZ;*_XEhhDpiA&H1{kBXX1F^(C=q1+^RGYamBa~W(i;RgHjo)y-pH)S3l+W zNSwypAz5{|gqu+0-!;puS{9nsF8ww^)HUX(qnG$AVip<%Uc}28P@7dGdQbUv$^u{#v3Hw~*IN)Xn^o zjod8^J}|e*w~OxBrMjti`GB696moo}h24X^uNa88&DCwo;JZ^m?^agL&0*^)vY<_o|)sP%7||yfapGPoXdb{{z03&DeSlc6>4N zIY9B)MYgUvwvr6(A0v0fZ&mo#PO$|KoQ47CMFbmP&PCD4gn z4H{Op&-0C`{^=!L@a4Woc&yNlGCf_VCiS^Mf4xlBI{sAYeu9>Lue`pm2oK(#Q)J2s~xxDs+YKZ?qWOFt;cDr3f6IT3l54Ox{ieC55 zvTiauC+>$O?vGxCAdRC}CfKwt+*2cISowniPgY*uudq zu1wnfA|EL%9OgPnl$Hpf<8qeBI5-oIOD#xRK5f?!H`^|o#^pr803y=aL_;mjl0cXP zPPBT_fm2sQCxOFC-gU@d(Ia{~n;Y_+FPO;qF1Bjps;}I^@NXkZ-F7*gOb3MzOgHjZ~H|9_P?XwwOQ@48vj$I*gx6GERsNJSdNY!&U-!K=< z1R(TMvB>iI4-0*SiZz^!iWiBHS&+3<^;~zLw2-J|X`4gv16(rZ%@nc=JtZSM!j*oOr)o8|cy+ zEj6@0;X0%dkNYefn%y58o`oDhEj0H&FuRobWkmF z$GsNV8th+g7?=-Y@y7BQr5&vW0);EiO+Fs;`R&j5Sv^~D1Q2lsPC8J&!nnyR4xUoe z4-$VZ<8hk?5?$Ty1X7|(zGsTLMKz`Yj+xcq=yjU|V$9L%{nT7H^@GhhCCk9gu;@1Q ztRr~gN^YH8cx=yNM7!Qih$CN4dtLhmPV;N3>;1|N*G+B%hxE;8X9~-GKlkJxSURD1 zXqMDcx8>0tq-**(Vw!zCnUm`NAVa~HUHtCbl zhCK!$h;|rGTPor!1o~m0Wv3c(Z!FTbHO?1m*zu?KKxe6-`Dm%nPE`%MDW5 zi~0oS2~`X)#TkwecN4NA$K^*?xw-Z+zuAE(qnS0J6e<73lxF)&aD@TV#TI8e$6V|FUy4J2B;0~U!@a`R# z0l*Qs>S6+e%=pW*=PkQuTxlW=*Bl|jbt5O#Z*0bo3Zb;iR5fWgOG3B-(`tJ%@yW;j zQi_pps3-!9{Nh;Vs#K6QzuwFoZh-94u1^G!It`I)Du3)3u40%5vR*dIuU*RV9UU>YsY6pBELv7q}QmI|T7MK!A4e5B~-XLG0~1 zad5`6;CUu(ki3%X%f_Zng@mZhfU;muPWN`xKsQPi+$@xw-wjKEW@94ljIu+MYEQFf z{bBUaqN2Y>1>f-lXVPoO6U&r%z2vK=EFIx!e!qs@Hp?$@6L#uT+O8ZG8Z zGwKcH=IPcsrgg!StL40weMOKtmNY9E;Nu?$ATONhkoQ{DbNnp={aX&ViqV0#! zNe8UX5^z-CEl+HWc1iTXF*BZp;yH&hykO)aa;nh|Zlitia~vpEY+7}k=U1()CNO)p2pD_5 zKJTh*LP9#8bp3}Q?Y|%&O0Xx=Vd;% zgZ1m{1Fwtp_O92L@9{hrU>R2AvhMnPg1i-X9UJdZaTKs96y@(NgNDPY++9VKWr$+PAT9g`Q^RkUrTY1r0dkdNEOQ=p3Bd?A&#+Po*D@t z++*vI_v`6-HuVf5VbG2_$!#k-0Ljq1K7_zwHWyJ^3AhKLaZY* zl?JVSm#gPn<$UO37}(C|&CixK{iTONjBZ#WIs?JVZ%`udCZ@hCBkn^wQ24xN<2#o! zzz{npaLRFfPThjWVvTB~gVYQJDvrqZWvZ`RZi*Hwo?)asoaRL5O@>WNE>ITtomHPIh)BJVS75R3 zXFzmD!xmxBx*hP|jl6AwV2p_E(vX)Y6amD10bMOnv&=^w%5Xow>%?(VIP$Dblw|Ay zPhcU>#}wDoo`FKK%aY7~9+8Zzc@x|c$1 z^B$@cv?~G#^)*6lPLJjJlwxha=IKhmahbiA@eZ{KGjThmeATrc<7VAqoW)L&z$gpC zv?4RK<+EwB55JSgws%bw@T+9Dy54*$_2{Wpi|wDzQ%^O?Rmv4#TJNq0#wYnV>nTS@ zmfiMxGnAF(uV1k8WOE(R6v}Jl3a2k=mkA@b1^@`)z75pXSn~*`qzs# zG$@D|`GFMvBPPkju|{k9ETWR;Yl%`(tSAj*ssLrx5!3m&DD$WR_Oe<*N4Zc!g!@1>r23NnZv z*q!3^0VD)UK0loHYlwQnAvZxZq&~lO27ZFImmRyGUpFn)lK}_J?>{$th9{2j`$JYr zBZ0T=2VMlMy0UMwU3$XsOku`0REyJR5@0RN{e4Ro(1ZL;-1_`cEBi*>pBkewOVl+V ztBFxBMeBqchKgj2eZ{?W0sC4DfMR2*#5&ZIYM`wMs-o?q2nBdeKOKOwpw_&u92cIz zCt%_vNjwoBL1RW+0tb7P^dxddrw3R{1R;eGl;E)1DvGupOAP zljE?yoYU7|mT#Qo>kIM-;*bFCL(qIPc=Oh#{CvGdehfN(lN4(Q$-9QG9}w*#=6UTh z*TN@aU{enzsxvOqNc87Yd?IUgflr4LNjd!21;c{SqLMp4?IVMtAs(bQs>_MkG6U=Mqvmwrt5x0KBxY zdRvhXL}a|>7xHp&e7q-0ITnsei}h3=QAQnwqE%cPxx;vYHB_|kO<;H*GFQ@E(g_Yq z+&3^GRK!7IAS~zk!dS!C9c_dedm0+kKd6eS0rgMgUCQgaAF82mdHn=DJi(;m%yND4 z1Qo#-kN+`1a1yK=5DY@is=sd|7aL8X1Hva_y@W|Ja+V~n$nDS#?x>QchTj2-QFf-hUW_=uH`brf3!N4KGuW@$(;0O57&Gb4;IvEw0Wd@@snUp zs>*2{uZyPs*r&)q4NC~?P4Fo;&(Z$d$~MPMP(NL zs$0M)28;`B`&56JwOJnk%44QS0^}$RyNTZkL@(K0a%$Snq&()85O;c@EW`iuvviDT z4NmdbC)Q)~QOY=h6D_(W6|hPDz>JkdG-8H+v${?bmuqZj0zP9~YZawi0E2`T#LzEd z%iWk)wA6z2IhVtWf{njazYYd|7}w58j10qveFCW#9o$s?TL{2`G$T<2=-Tu?mBSiXZ>%Ef}n%_-wNCB|8Myh=WhelsmaJ z=vQQxm|i}X^CTQpy^flElVZhwRA88tg@v9*&)xyij4xsO_ySt#=ZHfG@@Lm#A1%LOwEi5%x#Hk_;%>c)C0 zGL~FF>t)1m5S!5k9vDvOuk4d?R$Mj~eIVxQdvG}r?#R==%`Numcv2NT@h$nfPzS;a zpu$u*br>BF7Va(o04$3Xic8b`WO|w>nK4=N=0i5j3mOzrPP<+8U6v&esEP8-dtfNP z;`6pZ#nqc=+`Of%BSUsi!-%WU_FDyA8becNn_^O@m|CHhOwzYuSb4>OS(X!nWVc=yk{LODlxMlmU;{X>p6pKI;ir z#o|ZtFkj07H39K*dofIlxbtCjIL1B9>HDBa_jR(m^VpF3NCC>LH??t5Xi<*?bMbbF zQVLB8KBr^TxF%Kpq{8}L7NgMhJ11aBpfGbUd31O<=@U%w3z&vJES`#{cTmlb4m+KHB z<>n40<9^mw8R%)#wNZ7J&zppK{Pz5cn$(|I@OYa}u`G%Ajm)&b$I-U2;Y8~xAXDF3#p@Z$^ z>?yiM_wp-ydQe0W`ju;ySjw_O@Qx(e_XIX~rYVD?Q(b+Y;VUyjy&Gh-O15 zvb_D0J%8NKS+YNL)gEQr9D1r7F+*pzU_; znF#vAATaap8XC;67uB@XJ}2j(B1c$AE{HG1(Mt)zg7IEnl)Mr&dOS=f&F`|_+KLT% zN;u`tJf0~3wmbnqde$ZiR9X@lA%=e(k3|;MC6+e`_rf|YtS+>OgboavwGd6|dIqmL zpCh2eqZot_04_@h)du|$zIaa1gOQf8P~&~+Uh946&ovI0Ym>Am&X!Tb)@~aHM_LN@-@h*5AaM&a}S`i>^<{ogV90dam zUMvGvK*Y${J^L64o3S|S zVm7qd;yhd#sgy6Wn^*?@y@5#>v4C<#N;x}WUnfxPt(pb-?xxPpSbFC4Gv+x6_-yV< z@}kyy)5xy&9dcH(0HHwPW6?9@g4Vb6GCF*wJfLVvg~mT@5!9B(9}_^nxwViYs0_q7A7%+rIc5{H`r8b1=wO{GO64I@^M83KnpDJfdx? z>}d{;H8fifAj)D>dbrhoITS!8%Qt!*&P%ochbZ)7R(sw3rTS7+<}RdX#Irw~5FSvb z4=-TO*i>q@q`ln}v+(QXjM^%=h17$ufjn3I&FfiS!%<*0SMbS>3;I#)OU=svX;)b+=qvbxA&!JFFjm<5>7*=;+@cL~O~KAmgnC%M4iUkoZmMk_oU3FSU(crHS8O#IdGgr)u1&T^J2-!@=- z_!8eJM{>!A`=~X@2k0Aeih(X!&s7;ZYa87(1?d!_q$94Gbg=%%u~5?}BK?a8)&jb- z1kdEZ;9wJf31bG$`+mMiQ`Cw~hd zkcBc)GVV*8!oJk`b(CQ{qCia%KN(8twDs}7hJgb|f5PgHy@p|wTBQI|Ju>Hx5!%5y z^16y%OIGXNzLM8k&A}VDejaGJbg870OG1Z^MD^uyBgL*aw|d#74Wz{~C}8cfr2N}?fgESAd6ZlRedTZZD3$CD0 zC%V+WzfoE>+^Q{nrTo>^2}~AKSM=JZ9!cgclsdovsjL%{_3CoI=m%Re8{}!;eY}zN#c3G=vXAhdE-bV?H0Iu*3^S9 zUXPdK(#-tCepr!K+!} z`(_YQyDazP1#kEAh5jWwup~CHdc24L7x#rKg?Z=gC>b8F_7j-8klmg2mQi4Y$6oG> zAdH3)Q46&`Gah1L6MnS1J!~LjH9f$12!Wi>nP1)sgh3VWrjpCO^Ev2EaJE!L`c0-_JTAUgr3Zr+V zF!2}-Xhvh3UTKuA}St*bF_{u1!sU~%tgX#JFRtcV zd|+(Ce7yiq;&I~)5!-&Sf=4O5Cr`YHJ;IljpKp&GWb7~Um+&6Y9Bye`V$^gA$avUv zLxBiTjHBdtdHn?w6uuD&$ap6EQRVg7=@;%5zBa8muY7JvT6$UEGIv@(0G9~>Tb(R_ zQ7->W!~Cv7K$n-5vise4(#TPzSWm7u~%H&8k6J zy>4uCh%$%L-J7)wi0N!E4%;Of=Hr_Mh3>=g+Rc0GIN&&?T0IXujj*|+-(1rjA!G98 zTTr9}2Oq$>K+4-Vc!VZHm5#w5;|Y|bBM`sO6WOMy<$}B(#6M_wJ&!saMaQadOebG+ ze(zCn4w*XpZQ0yRvxdrcKT)99&U=;sblkSxo{?L=013G1&GqnV$u1iA2uIz3_Nh0D zym*JvhDmkRqp!{S+;40id8}P|{N?O@?mLd08o)?Q{jydD+Cr?;8&p;^+nz_aGv-~>$JQkD%+&ahsjJ=!R9Fu~L56&%1 z@FK1Q?tFLa6==CWkglWF!Cr-KG?!MoEqy8)M3KW3>ozlF;!dJG8$X*hHKIms6*Iyk z^4e;MnmADG16HWgtr#YNm|`K9QdZrV-hhsBEP1g5Ol$CZR`zF@Q2NI8pD(B~qXUiC zpCTsiUjrKiOBKF1ma@w;FMy`Hg?Ak&A~tc?=v2J~0WNhssRN)1#l|V^hPG9Qo&r*X z-Z{=F(!&gVqa2`wOTF0waRxLC>b$9dPk&TQ_Vwe;hxjc*rpYM!*t>pnq(@bBIJdE- zU6U1~?k9=C@`yhA2iBQ=MRMY4)ImDG>dd?@d?Lu^h6Dkg_Y8kcN4Y;4^lJ&W11aXY ze2<#y$Hi5|w55HKU@HVcJH?Y4lj$`1Gl9B++&Rt<_f3Nh{Oo*$T@k7u#aXi$SFhW>C@ zd8(+NxB<5hzNLdYhr=xh2^mfe^xbI|fwm>PdSos=zy083jFE)fRfv2ub8%suKdqfm zPv@t27TiC8XYZ7VAutwD>0vU-2NO9mu>k4eX+|KbFCma5>`Yp|?C7d2O<5Iu11|n? zhw%Z)#66GX3RuHS2YR@}>zLaRC9t8R)3(R@*Fp^pfmMJWd|o*w+UTe_eGuZoK@&qj zO|6MCqeeYO8L~+A7G>!oIBL`9gWF=H*^`ZFpp>O`<8I)f1TFeeyyGb?eIdLu&vNYh z@M!3-+;b+U^4h_4p2Ro>M*T>{)>V-s!KI{LPV`xI`K5A|G8)pnb9b=+#ntn0k%h;8 zk+<@oWiOF9ftq^)5BEBquBO#~U3SU2eSkKo+6e}~cvPtnz$_?JRFo>aiz~>!$;t49 znGqiAwO&i6$^Z_9k9-1t1$5xa#odlk{fr^>!qKyp3iP_@Zx+Kfn5Kofe0xd+JscS% z;Iy~TUjb-Ibyob&vy>fjSQHuJm`6I1eXFd)1ZpJ00v*yN5k(4@OaddM`botC@_+(C zz2j7h_Zc&NRdS-bSY36P6&UUwc$;sae*r>i(8APpxHOn?*ZLd414PB^gF$L`8->@= zRdQsTu9`q})CI4LZCvX);Hd}mCzOqSfPdgCd#-(I%%VG?1_Mz0gCQRfe`o|;c*VGSV=>300q@O9^SLmgCXT1# zCA3cm>EjOW}9X}i5 zz~;fX`*4)^_0r#L1Kv;A3y4QEAn8cXm}{uf_)R%DoVl6816>X)37G#4q+bJnr(X!E zFxcZz)7tDk>*3RFs&#!~(@?D4=aoA102Jgupg*|xjL`~xpG9#V6@FM-xC1?+n~oRG z=*dAY{*HcBQxyfsb%*uhm1Xr-s(@9qIn2+C>pzyS4&*#9oUOBVXvgN4Tt%?grXc$P z@DnE3zSge4ZHsRTe8B<4Jlm{x|}$P(Xv%K?ryQ$J7P^ z2HWPY54HtB&q_+8i4O7af@pG{J|)m#wc=L=zJ?`CS|hZ2dr{<*%~xc_KrynOGKh@7 z&xgT2ax5qPnF;CVox{16_0D84_FIt(VAa<UC3 zp=rQSW7r?YS}0or?7y4n2eKoUXQfz@CPIsDYe9iir6hh z{LSH3lvX>#f|bVvt(bWZf(Y0pRY5=$7X%LN^)oLNT@^1X`^IV#16IstfdukE*oy#5 zn{^Mfl#U7<6cDE1tEmL6lwDdoda_O;*QBDFPJ)`{&jK-qcnHx9=Jn*mgmEv=LPJq>8`c)WLZJ-{f~+ z94N~<_{`Jes+8#-*enMvNDWH&{N43OJDv0w58;Ql)~dHZ#Zl_fC^ipjk`ujC6j zy(Cm9lzZX-MVoyN)|IgA-BefNABL?sy)K=sZ6`#LUMDa&EWkVX^hLwdx5h53N+wwN z1YglSUjS1BOT;-eo&K}X3OL|l-o6I)uD<2v@W4YyYVaI%)eh#3qYXG&f##$J5z_wU z6(9kG@j2|`Gtgu%nJ!+hoTMm_aWlh24Hg2KW;^VBq>4UXn7qYz z(0-yup#k#q`?)5H3C(o*ZATZps|$X30kqp?1zZ-p zx)g|f{s5(e1J2Tr)9;%}X1vK-l~kPLrf^_)rw?GD!eJbQ{q|7-Tsdz$tua8KKIZ9| z4=tBamccE}GK3x(>^5oEW!F%FlY)uXu5WW0e}y(=at?w}uF-Z1hJ>K71b*;-&^j)&P5EHG9yb%z~VG&(t&>m?KO z3?NIXVtIHgFd-dHvzj%VMtMLm&_bnDtBCy-xccbl$?YM6BdA8t zB9VmUQvZ1%Tm$PA=$>?O3%vL)z^w{9Ee1$RJ{p&RT^(0c89;`QP4$bq%;~v+`1qk$ z+srQF^ZW6c?7=nDTGRBU*H0T!oey!K_^UA^i!BgO*0|~89?LsY?L7HA?4UUX zAbKmiP7Z8ygy)RdANvd|NviD>T}AV?gDrTM45&wM0T7M48#p9_L1QuI#UyaWuQVT3 zAYrLdu#eCd;RY-NiZ|k90(-;Wl$d%v9Ia2L1%*XaN*K+TmR~QSApGJmiuq;5Z+Ty^ zY1r&zv1ZdCrXmvf4{m=Y4(!nYdpvK6ToT84LSDlt77ZV0dQ<-e&geM+m2z+$0RkoT z{VcN(yapw0>cM3Svjb7*zi08a9@rZYdC-_UUcnxW#QLo^Qhj%32Rj#;F;z|)iHchP z4hY->rJ_I!hWD7FqaS4Z> zj?jSg;3Eog8v#nI4NyPPnOE&#^Du}JLWp=cNCj2|$xnM);j zDfjj5>zUH!zKevhm4zI#g?j^m%q<)rp%tkFN|Ug()KZ}@qWFAA=GPcg9rr;h!iS$V zl5By>#GZHLEw`MjDhVzlgSCx<+CTVB94EXG*i)l_L@Q>N)*f?KK~eW zGz{*6k_NhP=K)xi1=7`*n#;i6P|so>#-tfN*8E=o_;1-W185SNPh+_FbL{xE`!X~K zwk3gYg2!#A;vS_qeQj^_Wg15Da`;q7Ibj|f`y#l4O|S&NU~q1OYwQ7K!Db~URtmd? zQ!qSWQL??)lCOIeP`Kf-8iY<(ut9tIQM?OpZE*R=LCxC`seHmOUrUYAudmyL6;ZIIQ zKqZ8cIoIfkof#l!21_i&YkG@10{%M&vn>3`s{8RbWQ?(BqTJ( z7nVQb!Bm#L(+~&1jewS8nKM7Fn}9YC0(+FnWPZoU2Rg*xPfPe9(JnAvEZ~q>=pwMY zd`>;4SoeIEMciUO17$@~ejM@l4)+F_coxB1pjH7BBfLw$iNP;s2%h2q%1Q_xD!1zT zMHoiSTZ-M?$y($mxDF;)-8HhaU?cg9@Z?X7Fa&5%5HuaM3SO`sRa`eAr7|9NeZW@! zf*Pom4@Do^C^M*Hx7sTFIz_-BLSR`&_)ETIA7efy$pHz-p5D%(1ZGhsSMp4I~Jx0WRXR!q~#f9L+{$cFuhps9bG9~%q z#E5oM`iod6Bq|O0UNLhTO8-<-OB5p4eI(i6=n;91N_(e;S$Wx?DL?CdOxtj zI%x~9AzZ3zr3;KVxZ&M_u?&O)AvJE#2&IeU&JT`5R)-aQ#jMRg*w^-LzKno4L)Ok@ z)oLgP;>fJ^e?%(|92@?r4}m@o#xYsNB)xH_%)kw^;?@TrN_ff|H@8*ol90nBn~UDa zJ^UWq5#jw1mn zn`(u=-{PeA-UJZ4L2YD&ED(ZXRBUNp{bfY0S{7C8;v#ehh4eU9=0WDSb0VbiFayc0 z)DZp2k!UXQB%79V8iQ)cm60?Le&b}~*6N#*18O*Z9w;+Ne}pM0(;U__T4A=wF^Byo z6+rXL;D-wmq4(qx?C$$qdWtD+1cd>wys1hh04yrxX?WcTUVpIWU5y*qPp)({5d1Oi zfu>%ERt4D2omcJPSJlwN_PFu4g%;DXXw%L^h&t-g!b6O`JZGPHW~mR~_%YVuyo>Nr zYSr_r5iDpH$bVmxI($@)IHG5?#2|D~QGL4t7O*g+$9aItkfBEqzT)3?JZM<$^@03= zjmNWG#J-prNs|0C(Twj4!b=r57O zBba0|Ci7-Y4km-)>qqpQ(>vSkfH72+RMHJV%oZH1v~4^7ks3aL!>>Ti@H-zJyO+Ar67p zEmwp>D(554xq)!@v|>@>R_Wcze!}y(!)^8ZE+O7$pFcGqfT9LYUEI^*Q#Wqm3g3^2 zCC@v&emvx3&*7q{w9VH~g8wmi$5L0K4Bp!OghGGg#e%Jhap8D{y*ZXl*JQ_`8CxM0 z(4)PPIOyL=Kn1nll{~pLV9@0nscv~m0QLcTnG1^3NT+n(Al=D+41AqW(fNIfPs(xC zz~}#&c(*vI{27zU$4>mSg8}{cM&PF3rJq8B4iNv|7x8Oe z4KI{q)K60RJ+J=Qd^}_X7SN$Yx_pixoBzQ!41afz-eQffY-mK?wti5A!*BgOS#K@Y zXnMa2&*#!w`z4$DZM)1mDz!ZF;Gqbn$3EUW%ICet;SXXs%m=VW0I$v;_|oAOe6pqF zTU3&(0?3tzR<*|vzerFU_=GPMdlVmDClx1I~nl0Q4;!^B3C~V z?%_eQE4{?uLUp`SEm85Ko;md?s_n&wU*9wJ8xt|{FlGNWHXUgMMkCw-{wy_(*>@YfU^OgPd4!=3;Zv2 z-m?PR=iP$dXWVe6a9;0wM@#vkG!+)x^@9ur-kU`aG60IyJ5b+&`#8JDM`qrqW#F#~ z2tIH$+AYai-l1VVw4y3PbzAAtwQ!HQ?ym-55wMWc3$tX0il zckosob5=1*_YA*;#je=JO?u=#qx45>ZplQFHf_tpHl%wo8O3V03{R4 zaIyie1;6ljPMsi}#QZho&^Y)#qS-gkCx$!Z*zX|GBX1@i#Kj9@zm$(eGV|)dGn^ET z?W1;$c|PQ@l6Dq2oyQz|cF~(syt8=JWOLbz5H^)H7TH{9;wpcu?c(ek~}B zMUHqY>PV5Rz@7&v4!DQa?7R(3(G_TQZQnaqz|8_RkJEAGRH|NoECar&xC(*`lq+UX zB*0il_1sYFiYtkQ{0OO%gpdAmI?h2z8EH$`bWjmOA>xC;5#2sI;$D%UhQk9)yj1$~ znLjFMQr(fC((YxJ{Z;Olegwf`c|%$h$vw>0OsmU}$6%o{F((vLY$e7+y2!$q*~N^u ze_|2zDU%8j3I~_+yck)wx+j1PYtATO3s!aTOD;s@|xQ(2`N0(8tF-Hda9&c64TC`-o7cAsJh1dOKwASkw>H=G*r8If@Nd&wL>#qY#d z8k&B@NjF@01~>WM6d7u9EsY(Jo^nxhA_y*`D zRQR2f-`AHtjr=adj_~_RKOWNd3by-8vG$8>?7P}2?StpSBV`Sx%!Fh=dFUM{&wn`M zluRg)+IN(T_H6s%?2Y=6;{C6-xeBH~{NF!I6maioc$6&-_L~bB_#H5IF0L&gWMbZ4ZE=8gB)U>)!~j4_w^!gbw6qSD&##K z3ee@L&^d~P-xIoGks>saZQhrKCRum6%+Hza12N7vJoI<;Tm!22eOdz}F!z;z{%PU? z*9d-xlWPw9nwjRfFUP>#Z=>w{j0eM>LJ!S`rUGd$cmPs~#~6!I{?bb^ywf)i1hKds z6n^}9{sKkr&1oFlDECW<@sJM=~5iO7a?g| z!asKN{Y`TJ1VC_=Eydih8G-Bh););qa+RRFFEku7=~qH}6BY2z4`&udK9N)ai{s_d zT=kZSmLEVSBI)cF^2xA+q z2G~-waylqP?m9eev<&>4F`rnLm2IsVq&8{6qU7O^xN%W$r7(&^%Pj0#fs-oU=lMN< zQm@og$UnS%F={AG-)q}f5|PXS?$T3Q?#uI_^t^*oGW#iPbtz|kiir{)hXKT6F(p6? zD7WX&v#=qvgfR#=8025->&|MSX;Q{#_k{*o&*HY+^Q&PU~f^W#8cC+RAd+W*Aeg=%r zy2ed=!LsKq;%Dc1U+}VQfn<)$>OmHLLEB~rmOoYjJ2;V(c2+yQ6L4{4;Xo35(hNoA zUgW5lHU3E}!RG3IhClYzSe}l8Lt`3+Ww_JGXPaed@ZdC4BCsueY=FV;U!Z@Pt&e+h zU#Em(S!XC(34H3h6q0t~@6oPu<+AX5yubJrcf!b8a9y8mz!GZAswScmQFfonDZ#lyLSQ?z{s}=686h-?){LujMO>@=8Or z!ii}&>n(;C{PL-A=HR&y+}vaEKFKvodKrVi@&&KAiqysSvHnKPp-xglMS)IX&Ei8K z(eoct)BN2cjVZ#;{4QnGMt41WlNq9{ycRz%qOPsJJjej>Xi-4uS?-1^0^Ih(;7HYs zVVkd}fdSaC6v}HH0}y{5J>e5zjp}shVDjf1nIjC=Et>B2WODpjr=*wZUhUp3<$D+^YoLhc4+i+ibpP#DuT=XiS|f>Yk=@6dprA^kpf=?A6)9E)Y9G zzETPA>wTw+NKq{*^y6ogDK%U&N$ObNcR}0>&UD1ajbZoFD+rF}ph5eCN-38>kK(w$ z*-pN=SEeRmkn(5)cY|{*8@6M2FaQAsK+nK01zETiXNR1*w|xIn>IG{z4w=2d3XOYC z)`2TwEs+HvDq~1HG)gA~KLzyQm_ec5hNaGQvFu(s&ghA!VxIwd_&!t1eaqh{zZYAd zeTn;0&P5?H00$PR8dOw4Qeh5F-4$SFwcAjnAfB0`bNG(N`W`50Qg+TmwRn|IV{sXg&0CBg_la0y~NM?Wy&n^q53ggP~fg=cGo|~ z^B8Yj=)FV=Ve*LfgpKt(V=I3{z26tr(p+@rKUZ1B{_D!7W-lU6a4~oXgB%%UR01?k z2MTSK2ZgVOduJg}coxr#qLS?=dfy}XkwK}I=#rFu3Qar#x=#9_lWRaJ^9eJJC*p=q zC?w*ear+q|@&4Ug;~#yGcsB4rp9SU}pMM(2j_6l7X#K0YH1p}#3+z^; z+50p|0?g&mAHNAZ?#gJwL7*Ml^IQVG-%X&zCukJV{n}@w=0geO@=SPz;nN>$GgRyO zB_Fqtv4n>=XGLle=i^+<06S}V*?KPNQs^L>VZXmUJ0AQ|G&#X)nTaJA8?7Hkr!VVC zEA&NVP{zfmY<3w(;I{hZ9^4@Sj2(`8e?P?!l{McExB;+aat{%RD0d&Q1Hp;{sn;__$8HH*T(WVur#Dht*xc$06SxAJ>c9pR(B$o+N0s{uFd%39vlokn3M!s=Z`3_yfy7U+Oj ztDIaz0%DS~9;U~=m(5IL*V=FGGSG?zWXBbU5dj=w!4oz84&41qFJ$^Sz55RhDw_4*3+qG-I3;XERBkU~`Q8AB~4a_)v(gENG+&k#D&-*^}d=KDa8?sA!=zt;+n!X0ugX+LPk4pAV z!0fVLK(na#odV|d1o{;^q!Mmb{cWWuZ)dTd2Z2I%si-> zhWg<%S!n*n;&fFlZbHPW7U_GjtU1-F`g3s^dc2}z^Xu8x;Lt!u$NkmQKTNKxDU&nz z^n+Rj(9I}2vyo$?1?2O1gF2)i&m^;6?`}r`Dnr25$|vj{Ck%V#t&@( zQKmzlWALOujlhkB56|6k{md@bDVq1Xs_6Ayo?+Svq9Lc2L<>;EHB-u;AUP>^07%Xt z4$eIa8GS7cW0a1KK5|d&4?bJ32~}AJtJB@tKmtt8tjA_a zXLOi44&^tO&Ju1o?+`Q`_7qoAlOI;5I0)Lh6(BroJ|lM{8!~%4XpMvIvn4%a@Sx@ZRlA@873 zsAiZzRrHT05*r|OTwGUS-HQ*S;=%Pv0?LvNh=mXOx8iu@uR%EgyPPOPb*)*tE}k6; zaGsAVxbgAH_^)6o8r5mA239a1Bz`sLd}ebGKyR+@FX3_D!vxZ131nw}R#nyjS%b&y zX;Y-nvTqGAkP{S?WtNIe?v!{5n8Gge(UGV1k==rF;xN-6Nj#+8%SK=;rAjuwKkvyQ zVN3n^NEJs2l5x4!p>m#*`Pf3rgPNM3`T{K{6p{)u1$Eh#(s$6PXOB^S|Du6{s-7A* z78Fa_nV>xK)!a!sD6Bzoaz)TC9PbF>)~is{`x6v00FnxMVLV|4+tTfi>mzC(owQdi zNDX&H?WC_>ATyAlTQ{4q1DX;ogf6F_f75!>{Y3!XRN6q!-+tqyB(~gZ`}*FSDzqaE zX0NO%6edVN`vTwH8QeTVTNE)CG+2cn+Y-26SF@Iss{Sy69}GKgX&aB@@+6*%z@p((>cp1O zDBSq)4?p8Qr6fy1QL30`MUeA4X-ejTxu|CJJ*PDc( z!IP+_gR&yZ%hi7GcdrAg8u0(j?^{_jeHxhEH@cP=bJh2ORB{4Ki_lH7$GW&L4(?-q z@8RPy_W=E5SC<~K$cq|bxqBkq_{K`{?|&!Xq;;CcqsJboTbLUn0uc_L`81Drn62 zJF>iqg^FlynTEXpbKUB2!i0GVDMn_OSr#Vz3j7MIB`8=rr5QB~Zo|UXcM)S9K_)>s zYC7R&U*&{(?c#wZv0TR!YIE5Q6+X+eugoN%ezoa5QZ>gb3wv<27i z9nJ94LfO2+x3>tYlI@+demm=VK^#6Mnt7lgi42cf6iN6%5(np<8r9DT!1~{?)R*G@zF6T) zc{uaM2Xo8g+`-ti`l;%x7fJR&hLvBfyS6mJ>1_L{yFxNNa-a|M3x5<>KZ%;xm>`0hqHUoz{P3un~6G9L-6QU$%YrCd92=3p!ehs$|ufr zNB}<3KlOV)_+a+)?KUkjT7le~~hQ-GWg?u-11Y%o{GkMA=D_I#T6z|-HK@C}l{ z0HpmWKt`m~d4PxKMWcEYv;rM$%6ma(w*xTkAhI$ait`aDQ+$f}49bnn$JnuMJ-g^$ zXngS#1#`L>@ytWHqDGL;ecp>Yoi$%J+s!8_2%XF3R@kOITJw$-s^)TI{DmssQL17)ZP~X zFkC$}Fp)sI$8Nozm8ys*P+IP^lL8s=ZSx#dDqOttS%bhHcj=_}uLnSpPDVxqQESdt zS4zJhLb)9+h33~2cmOlNPqMt2<`+`F*VFk?XP-I zGoAUd5I)uz39P+86vc6DQYOM*b! zln@6ca{O|2>;+2Hrv9ME)S~STV5<+0I8+z8%gTXs?1x=*n zR3Z1URSqaKD)bNdo($Y2a*5bIyk|#iqKK+p;#l;sSy8SJ((mWDPIeC_`7*Ua()*_} z1suD>tKoGCut^nwWj(Az#kPDhl=n_G@3MMaw6MOqv*FD*R7E7f^iMOp8|wmcKJW#T zdr*KhieQ6>M*gQA3oF|*^!K*JvP6wGMCFy}B(rF$FzrSm)j{#Dr-I6~}f-M{A z*INV72!SK{y3=J4xBgxy_$nHPk_Y};zUff3=!;(itRUTM8vFn zJ}SU~L_e1uw5T+SGVF~9(JtV$%}eK@lo}5<2ss+XRH|oeA!CbThZw-x=0U~X3z;(P zE}jbSXcJ>9<)=GhaR!j0oPkCVUEX!P+w3n~PM}YKlw#}rF22)=Fsiwn6k{EETahS6 zf6Y|DR(2^pl#tH+`XmhiZBUjJV~IH6C{W484-L4+cUCn>CT*ZT*akdnnv@|%dw>^M zEO4fR)`623O}~IL6$hpj3S&<{Vk#lE(a8EaJ%SA{8B667X!9aJcT!^wn_f}Wy%q91 zgR+-I?zHOJCl%g9413G&9p{6r=-iqKg9Cf0n_7@}7@o_r1|g}^F|O^S5U3f;q33dM zP%m!+fMO=77sn1;Rfh6c>bRQ%Kj z#j-wQH-Zo&RUyxyh@wXGUWssw`f~5Z{fo;h7ZD%PSU4{uZCsj;?0gmJ^t^4dz(%LS z`h0bM24&d}~>CK%E#m`1*^JHCSR1A2me7(uu6)HKdx*eY=f13DWL zaI*p59$086PLA~_6mCB$7x^IEQGB{Mu>4x88?uB&K#BpnP&E7S1LWzyn4o zpj30d`s1{Kvb*_{r~2i1FBXGLEg&pk`}0<{{+%L3~9Q_%*Ah;d*yL7;v){c2?QI4NsAIM|D)nhE7zr#e>-ltTQixdIo#tf!9-*J9J=T|9yvv3I-qGyRDugBpR`201UP9N8uJE6=wsxU|MuZ@|qTl`ud|JhD z1l0e^dyhC2KNJjK;5U-zj^*k=Hzmc-ip=jw`y8eD^3i*)3?E(i8f7Y8naj19F0rm7 z7)3IR>iU|4wk@lD>ySv74YWc|@mqKh1n&XfiIy{|MU{cBTgK}cfYneaW`2_pu|%cy zMriA2o4kENG`gVcJUO~ZoN2H5MxP~sR&rsDws0#>@s_%_+MSvkWw}=)zZH%(2#{~! z@0FmEYW{t;C9E?8!R$BF={*#8m8|Rcfe|1 zAM8hMl&%=#Pt6bw&n>AQ-iQ9e9trIVzio3Yx-$d1t2zUiim3%OUW~aTkNbq9lA`1T zFfQ_`DH>jZoH%@vVYe*jSfSdLSBJl1$`977-^6kY0!qN3TzpX$;k&kd?ckb;%K}T@EdVYy#?TPM#|={ z&Ra4;n9J2~l}R4i=M@|V>qd%ULXh4!J>uI@8B_p=0zSm_(kZvEBUXR$J%;#BEP&Ym z>M)(?!JW_UfX)g_(TasoaQYMTOAZM&8;i5CM?j>1^9WS7*&d{^!Tah2CGI=@1x4AG zOSsq?5=1-QbAGT{VlwyG^hX}t^aEPBX|w?7UPyb-sPh5;$vj!|;BwL|n-H29;gsD|jD+oxYfLFYm&r3IwR&+zYjrsY9%7pbs6w zhQj!*Z}8#kzkL)xlA+N}0ybM)%WL>YldSB6wlQg`Fag zh;ve|*#LN1InwwhGoqnhFi z0zMWWJoA%==5Vh`zX<#v z2r?e>3<@a<__Oh_@8>u7l&hz3;p-ue7;+-$tT7Dl@hUi_P65iuC2EIDI;iD;l|8S z5;De363?(_4s(rlv zkwO=<`iWJ{cwc&%k17Ot@yztcxARg@&|iDArphFrr#%b{Mm@8Rc@4@5>-rgVn4fzCy#OgP{vf2nbYqMjT4GbuW zthg@YPeTCp{&nVTSG!*gKU@cASVyj(n8O5gW^8+rm3IBb?qDsFWtalIA08e)CJ6YhHy@;lP zGA=wgbqEDbufT|$2pkIhB!zJd6}ORiW}m`J1?80eYyGHV4Fvf;zO-Wv)@tG381;ZfXg;qZi&|Y^Fl(Ro~f-V#!pG^ zAMontP~$nhvQ?d4bQ`g56UwVLqA#Uj&kSH3_SX$ms9P}GJc6LQG-D4blh3R7iQhT< z)M^c{Tl`VlG;n^i2lQAi%2(X!H7wdp`P)3fM#B5qjkGnXfLh@JaF+<&MQrHuf8T~j zI0>-EWU#Q!s^H$v1q^8lF{!@70x76Yy%#a9)W5;E2Z2n>l@7O7vhAgVNIVXsS@PIk zj|{WieJeq_cP{HO4xZGXtc(*kd-71tf$}a0U47CO=d+_Mh*R7Ur5_~Nn*bEFb1_8W z0DI1eXQCwj&^pk93th2ze}!DcI_JK}L5jvEh#8WJW!1Xxrc;KTZ`ta^*3QXUAuQm)~QfYr=qUz_{}GJn6*%;;a#7yr{C;Zu| zZdqBWp^)I+{t&N?)`-DaZ%z>SB25;ZF)0{`Z==abB3+1)_;`2_Bup%I?5E(QLlAca zmnB+(W6Ct+-O3?w$@~!_58`ES;v$NE0FH9>;E;B*+~*X4M6G#Q(1EzX0N5kK$py;g zL(DyjdM>sE{?1@}sR58E1c|`ce!c}@%fj_3cs4=jPA$JH1r*>joy|~uj#yjJ8`2N= z#4Wq$Y0V(jv`%aE)gU=s^%0(s7WCQGXmq{TSpk^Q1eUvPLz!<91vF1H#tF`QK=^td z%7aZV>V(Os~%Xp1Cj<$V(t|(!Ja@BEQlQFi)#)XiEd(n8!;q z*XpfEI?jWG^60*Y`6`?C1F9ZE@q!)nDlz9v3q1kk1pln_(4Es~2z|su@+Y8zB=xr@ z%{76&Dz8opS8G^yXm>jn;XuQk=PPfyWq?Am$~zknHZ<@h;X2htRuG^g4dSbbbZM2D z;O+{DjE2P;xipEF3!L!yS&*Bkd!Q;b3eC@dRMrIT8mL>NYY0ZEGasdL0sd$pAa1@f zV>Uo0KV=4#{kuuF1@_i(Uhr|~!|k=#lUU*R63G5mz=2+^>-BOO%K&tAD$q8*+>HU_ zo8GmIh9aVj!@5oyhwE3*(a@r*eCWKR8(*l$5M9Y&gzI>HOkV0>cNYl>q;LzMi4EA3|hrXQvP3Ylz@UpOMXe<;nI={5fF_^RCBlCI0Kpuv?)`b*Z>c}Hy1fB5mlEql zA9w|}4aY@jw+_66UeF+cubIBE=rQrt_N;2yV1Zx-OUb}CxXL93H|ijSN>|0ee#M%SD*t1Rt2Zq;H(4ET3!aE??eBU?-S%h(v)}S0cd*3 zF}ptyT{ypuqz)j}3Q|e7G_=zqmIUSb~gLpdYXa#$!1PTx}a>2xT61K;St^!bm_h2*T0Lt{W zqAi>oIQ{c15fSl)RY!xIc^rg`481d%|{fP(Uc)Bw%} z3Y`qx+C5l{U$-4+4^QxrK0w8aFCE;?0nJ0Pq4T%nOW%+a*Nbn9Nor1m4fc~u54FunBV77Nvw|;O)Xk6YlKP&VLg4@TH3d41fmA!I}Pt+~t6yUsBgt&e_;RKsP0z zQZv@oRMb1L$Kj3NbZn0VjO19M3>Tm?hKvD4bDuYI4faLA3aZ@;_L0{oZn_n-uARTP z*4ggphz1FSex~f)iGMO>_bBz-l_rwTq?qgj6fDj9VnD7HfoO>>{Hncl(5T{?l4X7h zYWgjy83Nl0_YlsQDBlI_+WpYHGNDc~?MDqGj4}>G0HUl1?=h`NX zDF9aZT^AlAu+Tdb$qUO_l6EVNXDv?O!8fo3g1L#sKboE2ujCsiUI5v^&x7FFQg1DK z*i+&^i;6x~xdO>s#7r|>k*x{yqitR!c6_}C8C=Jv6VBImdUBab@LE*Z^aV=4obxbxH`LHD+`*6W zMl^^FxU#YKt>wW3efZr{&d;X6?$Ezo4a+&4nYU#yCK-GLR7Aq>FE|{a1Q$hu#`4U}%@^#ByzE69X8SZi^rsk0QJ`RBQ)-tY$k7GCN;CIC~r^ro?Zafas&AG#pJd! zLe(^0u9|KTj=3vt^P>YA35GHX`LZ9Y+QDObzV>~zO|-ql75!TNWVpP^FeeN2)5xgM z+-FB|V+w`3}d|Fo*EO@(srRK>kWW@3>*uluJAYakMts zFmS^aQq%0-|}y_yj{K>(IwSpcFAM+?GJGr)D1#61ng@e=|X?=F1>{XIoJ zSyFrEe)|<9rhxh|Z?pJMk4QD?pm}w{Ba$W8^D_YG-rYG;WSIg*L5TcP3-V;R9NfWR z)(#iSj#Xp~=woQ`Usry&bpKX!{Me19Jl$3SLFIvj=Bo#Pzp;M+znv@gY9$yIn`S3A!ACS77y@8FG@^(!DJXs>3C4!b7 z*yuHJ;6qcEk8&;S-b?(eO6dXmkbR>_cU|#`6tGCL>Kni5UWC&Gn1`bHha(nO&X43GMHFbVqQUx{c>(M>NRi+_kS=e$f&#P(=*T)A|155IM3Ln9b zMKRadP*5&m@bjVoL$@4v+1i}sntH$D+;;Cp0)EUi7#26vqr9iZc5L(%xE}DzVn)iu znwjfPXNr3&fba+H0u5UToli!g7ml^~uhsv|+rH402nWmjTMNE3_gGNBYX^YVf;SQz z;Op=TMk_|fF|R4VOgwR}tkUWyTA~(W;LR}b?^uin_^dz5tf<-3{LZF0gZ304BOe8V zPcu~+yniohK&|zmXt#+t@rFP5vwo&^$^)ep@=oclsAPhF4VpBz0E<3w@{5x2VCh!f z*QvC{uNct+hj`3`qB4Nwq)zj@rD0AE>tD%hTKc4^Ujs-Qa(fImA{9}5TX$z#tUt?x zMZ)ZuK}0;kpXyvBEyg37Yy`w3443DOx)e)2|E%W0D{WjO2{d?amk~8?WbXjRKWQj*K1~{wL*P#` z7^u&7q+pvC3G?)RPsKa>A@Wyq_&k#i1>7p)7uZ|88970%+F zv>vn`fHAPhlMAKzQxSt3QBN44kT|_i^~*qWn*~+=^%p&hhb5+ip1Dsbi)C3By+t#} zjR%AIE0jWt5`z?;*DtLAMY|U%8HoT3A@7(Q`XSkE_J0_VC4Z#ErU~py_)7=WEkOcb z8d>)42aT)#M|~+FpeyHtet9d*X-N~okr%EQv~0+(OTnwb{wNpoG*Dvn12MP5U!%#! z#lp5`pKNI)8yqYr*GHJd_Yhdim?TnDP|~+tqHc(*pJN=4w-(5n+rdcUSDPf~Yv|y* z!2FaNv#h?v`Ir`S_}qos*V@1u#CN68H`ezw!MSZM0x;`fOQ`nWo&82AK7(12L!$a2 z(!ULYEaUDRE zB*kmle8&#H_;%+Mbo-ZYpDEfe2=K3LXRmXm0WD2yUeMKK0YI4$eeNgAQ>8(Swx7%Q zv`}N}86{rD)B5X9xqSA+ltLWRm^$F78JY~o`Stom1e(;Bisy%0P$HrXf`SDK1A@Hy z5B)|c(Rx7Y>@&vnLnidnU+@TQ6iAq^1z2sU;en>?>yow4T1k=tILx(%X@LffW|X9%dY{w$`LU3KkPM1{LjmZg#je>6Nq%Mr~nw| z-m-XB4^P7CH?n<5E2&qlLlkTO8oOIKPR~T3z<3f> zVj2FXDpk|0;GwAg6!z@ovB3?3F;<83KOeohHf&18loQRyRix)Okm5oDu>xc+JT2GE z34LA4nqsKnQ*n~G3_Ab{0yfx>1-cu~fM$l&e|ZBCuC#1?Ve7bh_VUUhRfjqt7@2-G zNv;?`j&JRrfw}6&&A3iJ`tWyXTg*SCwqX#EUT!!DhkM(s!C^m?P|DlwV(s3Bg%%Vl ztoT*bAcbbPpb=1QG8<&E$1_U195lEVL=wDB=gk`_C2`%oPvC?v|J*L<9>uZ4#DR04NLwL-@B+J!?Y%JjsvhK~&|b75$Jrc4 zQ_8)eJoY}fXi-Dc;3g?8cB!nEZ!}xn3iiVtTRFUk3Ke4WAT$)`M4(XnplXAuf4iU+ ziU$?~E{a)0=!}AOW3H9T2Yrd=3Ge{;G8hbopH&~8NXDZwdEOd~pwLjtnE447nC9>&;PpI$-rwg8$~AskaJm0w z`@*GpP-Q&sMSbd`YQ;cg_NAv0_PXIUs+71EDImWit881Hkg&a1t};GR#su>JujD#I z-8lLF{xjHxU5Q~ETR3xrC;?J3;lbn)4h`DH7W#qZzeBs#i9C>2bzw5{Jf!AI;{I(T zen8!B3kL&C!T}`i=Rj+7O76px9{70V zWDkNp_y`%N$bsVSDEC1Ey=M3z>0hP41OJWMIWMCSv{#+6J-m zR8!~tOV>FnS_WuxCO-FghM1fdgpv+&>)aUC!1qv_np=@ep|};?n)}? zL3vQ98^Kn?P4;(^#xMQF5Gu&>muV4F2q15a0lZK_^tzwWU5u}7DXp5!5x;$`m@*?oA0s)!ItcAztG#|bIDRc8fVUN@G!g_yGe*8Tog*-7l*LTmas4Q3aOk-T^fIQ1`dKWeRArvG3a3rg0J;mrJ=wR z7YLn&mvQbpVCttD}yo4-d0QpDBKhqJw(O6}cjnud- z?$`k;K$7t>K_DKEr{&;b?;|GO=kezUiW;%~A&9U4Ok(#Fx|?_kCX^JXQIE8_^`*Bi zo&kQOXJzPLV9v+3tp1Srp->-a=UZgd>c6$2P*c}3L?O%h{4Jq65-C($GwV#4@tvOY zeV1kEKaCSt9bZoNLONWU-Q`7g5<# z1T?&X$25XcZwzwTcOnKq)s4P(a|Zky&XXIS4$e5!8~cG>T8zAvPGtc>dQrKNz1)k4Qb5zldY*bI9M2UQah;j;9pXvgp1s=aE?%ZN!V z;LYcw_4zrEN_TNALAIG}8LKbgkNfTbn=hHmOO%Dk$UI41Y5sJ6yqfV%m)+bc53SyL z6ioB%b6;2`f#8a_^=y6(n>|vHo|0sKATEzuQn!n-VS1S3zNaTh^>XRxOGKZ&ZyPQ6 zUF&i|0GOqZ2Tn(Qg>f=jP2;}D#OK@HAq9$AM7WCr`3;Uld%|VRTR?6wo!z)2$dTFw z!2#D@^$D_R@yPM9+1G6TF;x6kn0?*;cBl?ky;L zb8F^}Ub`X_{5T{NlB^~mO0BLTdl>JEr}T5TRjd7yN5jpX?xLo*?ip+wiv2-pKZ! zaO@^tgFi~XAwcC2&!bM0e+Mb3buRI+4MO6 zP`>O(IP*gi2oY9zJ;;Il<^FiQdBtouS$o;L$5W{_!KebydA8q5rjg<&`!dwbAK;rtemu;yqF zS%O@{@L$>yB+?p(3S5k*{Q`qnCS=O_IDdp83LRlU(9iKIiJ7cR&(;9@uWG(z2vqSx z2=(Ao+J0V8trL#*?{zN94bJEEXklt##uj_8IcfYY$?eW)bQp~EUvv2>$s~o6Q0CT~ z7*4cNU48~09oM_pw~Zrl=u35=VuYD%w;A_eUZF970{PnzziD_-N9k@&`eN5)asg%I zvGm3MSxy&EdXd8#I#g9uA&20j{rwiyQ{1@h>+x6luOIF*K1~{+(Afbl3pW@y(@1XU zZ);*f=`*?xpZ5OF)+S8jV~ILT&fj-r4cWJA@<2L+v(T1vi0UJ*JF$KbAaKHM+^ZE( z`<8l=5OL$-et#FH!09I+9vQfGr`10U22K2UjI9I$XVhESMB5_1t7I2e)TYz~5z0@! z;ZPSu{gHl)(H%a|7Zd$LIc?tK(Ud5So|=Qvi{6*>m`0;l9b#T7x#!33Mx8Dk~@VJov zw@+W=#R4|&1M2T2B8m+Ya8#{St~{oR22~9hm6z8_Q3w+^-yF=nCXH#tH#PJ3J6ix8 zWaq8XTm2N6VD-X)o7)8swcNw=FYUb`o9j=n&-PvAG>*W`?H=CYeL%t}4YxPRe6aKg z&2ZV+G+TTwz9aH=zaV#FJ>=7)Jt$k55)pso$Ar#=9@`-Ld+4%J|EUs4H-zBo~8J zM6mq+rX)F?s)0nlJpRR+uTrnA_28Ueht3!rGTn~>-PS*?A@)T*Z7q{;fmS0dT46>f zfnzY`v@?zAmg%wQYD$7dLY*e#scVbu_Q&8$To4{E1#5i%wI6Ears%nBxkfvk}Z+@n{u!C zAa^Y0gv>Zp_z;4kHjbu4);y&Z2i{9O-_4G6AjgM_!&>S*GWG(hVy#;?U3F4kE{~-)TJoU$kH_ zi|d12)~|0aL6rkHsA&z~8?Aq5`bWQEDT>5xUSU|&t_qSfX#yBaqUE3SxKWkvjLsZ% zqJkN+YNt1qdsgiV3QmH+HT#$ySn$R^-~bp+O*g??d7eIEa8DBExTJ`W^at|;P;mXJ zj!18fuG6)Y;{EtvC#ySsNUx_LuP?0jhTW5Fv~-yS_yXo)MrmdG`=+y=>B6;RBq4i% zad-=7`7X4KWBV)v44jIUh2H$vl|vm>IK0r>q9@@5 z^*qFhQ*a!fGbWSgkKpEfEAeeHi@#U>^IpdX|3%FpceR*SkJk^D74z1UuTY9a?B3iv zb)FwDTg*(@0vQO@KEa!nNR8!E@Fbh%vcDF7-(?zWxQD#RF+YB@+H|VmxOvq8zIAgB zkNshO*1fhd?fb0;B5B$>bt3grb_dXD80k3V3b6OX2+j$zoVEI33mp?+BOoK20uFmE zj4tg(IRnWMe%iex9v>io9eji*!_u$VBf?EBC^#gH_3I|Zj69thsa1OE^@;q~*Ed9l z1xxCAkWi$_xP$F2VH)>~$j;gjz`1j9S>nZ=cm(uP+om&TFuQO&B|LW5mK19a`!nK~ z7$?G%Z-lLT_e;n`)4}*etTUU9d7>C^y!i(;;$vzvXLu|NB+g!>B-|_Up}A4YD_3+s z>UiL01z-e^x`YBoK0-TyTihBQ-MgDHBRV#Gn1Cio`{nWSmx=f?CwjZbFx=fSnAG35 zoIWr==fN9$wV{@m%T=S8(>O#7dqZ{Z;!rjsd zIZlXKjNJW%lc*zoC_c)7uQyPtO=@nwh8~*yPs5HzR0Mst`t#$}Ga=}3;>8 zW%!yq9B<)HqY&sL6n6ZqTb7w{YG{bpM)}zd^Tak-vMgfV!x){@`2joJCX79mj(P9=(wViFEcMB6)-_ z;Kj}mog#n_Ar6Y-J|<6siF|1vDH{B2O&I(~El)B7CQtAL?~uL?*tIhEssfnxbQ2W3 z2ZRyuG8KPFGBG3QlL*~^mLK(|8jF0jDCPnuJJh4>W8b~~rPo-5yJEO-J1;x0=3w4X z>>+#Y;vwP|)waS)iMi*A0h#FzDJdNcG~zFX!R{qhh=)vM?NPwol=3)jpKI65w-{3_ zTegc=Te;D{YfUOa?eatVYX<3FHD#qt}u3g#8 z1?>rIjs5-{&qiRLIW{#O#lBVk46h*?j*w^JW* zw%+2yW?mAFjPLhm?%s#FvW|F2X}%KW-pg4@Ppx?oMpHzPHEc(Vov=z#V^p zqI%!Us*hUA&Bo^~&BW&qcWa(nQBn_=drzbYB3-t3J>4n)-aU}nbTr7hbNn`}!|RZC zQtnMrNg#E=V4bIrEAfIk%o^e}l(~mrRUQeYQ~q_&z%+D% z<+CELYNT7>h`Z0((Kj1!gm!W55RBJoybw~kfTRZ^911lb+0uJEtP67mrF%lW zaIMNT@wf>yM+Tki`rfjTSJPU0-LDfhf7Ck*tEcl!ihy8M=5Vq#uO zINIwUZJ}|C0CK36u84TsAf9Qy{;?pamNHD&Anb$;2J<--FJ$PkL2Np^)>=q!9jC*I zbs3fFZ6Q|oTL}BcWduq2fnn=|^*X{K$g*K+d|T+>*DmM>v^`sCkiB>6saKQfk-)A( zk;I%>^tOM;X^z7tcv9&sAAg_g7p{TR@QYh+L5Jvx7S9}iI24e^Qy2)VBT#&N*sL)z zLpgYQ5k2>*Yg-y?r55CuxJtl#K?qWWXFO+F=m>}Mr{t2&wf-vRASxC;(82a;_huAp*?l-=egT>|K{kHh~qs*Y!VEfO#n9pk%ZPf_pw zEdH2Y)sIzmpvPQ7wE9@q6j%n!`QVcJ#4we4M1Cw7R5a(~ZWi_fG$fS5%%c%PV!N>> zJ`PbWdqT()M*ew`I8Bl5eu@HUbDJ2|QJ zN4&O!h2H=EzDSo*{N4obZoHSbZDy1oKe0Vrx^gthc%EP*EW@jI*lZRq=eRz#Z6wdD zbP2y|6lA6jz{Tf*XMoJ4AHf|IE}`~*Qr0V%5WI@(5%~{{q$CBgyoaLVe^uU)>kq$i z7s!YXZ4>}o1BEim+787Z za@yyiB$f7wk3$#^ce-(9dyk~CPHvOvYU8+fgpYf11wajT0IYvmUk9S-v%VfPV*KHV zu*w#}SrhA?HWctV;adCh+Fl|RFGY~RT&zwxAoYmCsGk;|j^o_risL9e;4R7n`HyX7pph$d%x@XFs8Mrk2276K&FS0}~D0(t|wiRrf@pq0SI(4Y+ zHXT}M{vONv2{P?x%G_tR?R`c03v)1otiRB#ecW3=@y}VWlMN;>@*g@^eS0xuNEc6E z;Ni#55d>$eM3lxwS7DtLx?p=Nj!+^>?MJ$1iW)YNm`YLiQ|=xemct8Jkv4}mwx|}u z|0UvYU$?zs45+L4rGJr)_5IY3qf}_6eZ46M@BqHME(clg!8n)7;Sm2_sK+cSCt#cQ z68}kkWAhD}wP&R(Xaqb=ex)`csfbFeUSlOKgc-AYU8Q(YqV7sAjgM&U+qHJQ>n&pM zFhKDhJZeyTz)-qSGy5eS(D1w4wXr%*@scm+ItKT+b-ckR`vUU<4&ft(C_G2archQB?~ouMPif9R`?~iuF8mbSAhl7wCR6kIa*mpKJ6i70 z8qTR-t~hq(fdx$W1(v*@@4wWQhqQqF4%$Nei@cnieyqT~L_qT|v+@@kdI#?LDjS;x zxHN3w{WnW$<=Xpkj7ps!RzjQbo6Gb5JLJ|>#%Cb>V+mc+;hD9M)nV^nlsXNuZVhyH zgnLX=k4C!Yli&mO9h6BC7&P_NV=Q|5=laL#JP)2N2HAcBj&GvA1g|q?TD9AC$>Voj zZ@+Ae*sfk7F`Uj+MQq~fe7osp55Rd)6Y(v}KNlAT5jdcGLlUE@GjThfEOFnJRi_Uv zJJ&it%up`^NA%_c3T4+#@)^y(|x+_h|nO?Z?F)pH5^jyoN;2KnX< z?5zZy>&qWQff%x85 z(IzfilHgl1CJER0C|~sjw{KnlJoX!A8uqPjK_k4q{Sw}kRae-CE%`MgY3B>x403TY76}rD2sxug^<3;#9 zM&_!h;1^`S`IB$QT<+sc=WfX+vHL1F`ZNB{ATyEQ=543pqGKeO;4JmS76JWK)9h$g1k{5sXa$M--{(X1}; zAJEkR=sIOfet59cWv%nCnO$ldkh2@8>qZ_$uo-E63$2O6%&ve8S@}+e@#9!nBp8ut zzi#I{(1@NjZ0?E=6L~IT*8$&px*}0r_a-gOi@{B zwi1fhig;CF@;D5_Y& zr6P}RtR(1_r7)8oyoH%|r0X-pr38NY?tu1&&T6my!h7&al~1kBLq{dWd1v*EPgvO+ zSw>PXx?Fs^TBGbWX)E`LE7@AK#u8M>Y4c>aeHoW7dP4qK0=!&Xl>^5v?(~_Ho?mVk zBntA=u<>{5`%E6xxB3P6439oAV5&QrR!m)bBMn!D?U!V4mSS>sFu&sLhUn$<`d_Y{ z_{du0@SPpAaNoA~c9bCzz5`f#xMaz&?Z~pUEdo;!R{e3$Fd-xDyYg=YR4n-6kXnv@ zzQ_Gh`}>ej&xnC+6>*&`h>S{Cj5-{w$EOvb?TeCc``O6-Os<9d;7QUbvq(S;WM+g- ztFpxjJXPRs{T{pb9|UCI&b_$QwLge!2%JPoe~(81YRow*a=UsRC57SN|mA-xy`1d=LB#>-=2{Zrj3!HQ=ZngR4m!KdKw+g#J;b2f_ zckDCjPy{FTZK%4TZG)|kJU)E|_uBy%`(>qRoZ9lXzcY!opWIjTwQYEp#tn9zkJdX6 zNx5-7{eirg9* z9slv4z42~O-rkBBJS1$K2Jh4&YRWtts{VWd?#vY~CW{W6vHbbD8C+}FbyL+kYju7a z>=(_fxzE?Iy8v*%*Qn&a9OB#KqXcyDN|^;KJQ2_1C(E%fkomt$f!#ni5sp|NaNnMz?e*wMtOB%KCoHsbPKs1U zYi^V^Eq3SJa-;r6r7XgCUP!a%zaWLeCR=g>)X?l9&rT`axq8cj4zH?7tr*JY}XkO#GNR8A<8@b*6Q$8 zB1gAA`-o4__D6B{$1XQaeDj(-&5@5QC;v*;{K>;rR+-K^>?R#y&!V*z@u^LAOEb}C=?CyKrwqFdIE7_YND@TlyGv2dDHXU(`-_nF=he{l?76%ZWD1zH^H^iw z!NxH_=d42P#_8-eZiyBTZEhcIN6DNGzOr&Cx5gP$fjB({41nEPs38b;1>^1pnoWK( zJW8Av1t;F#o@+_W@O&6BmJH^}3=h`^BP><%5bf0NXIHbOW>sg6Mb%HGMt<(SZ;%h7 zVC|5b$>NY|P1;CP?v~GTzc@!>-=KFfzo-&TKkxeyagD>1p^=aGk@a3TopS}@O1xyW ze_xDxc>0!33aG$v%YFBw31t;|`^hwxRG$vQ8)B{T56La)hZMvE1lkwV{{X&!hMLfI7co!w%1fa>Q5+tg7j`AP|^idTY%1!&6fU&F&>%O0GhRpfO?I z?)6~QF3J7H<)xR?{d-cTfw-$uLa%AodqGZkhK5uHM1?gX4k>{X^BG&PBgyvE2(nvr zsb0`cG$O*|_ZOpnh1r=8SDEmb^J71AuFd?DA?y3hS4;IC2Mk!gh<01}=l)Sq9b(`Q zm~s$9Bo($S&zyXEP;5&lelVe}kH;ia{frSljBwxDHi(8*jfc}ych9JLW&;i5^?nDRTv?jEhB-W@bBlNAM>HQq z`cC_6@ki|pSA8}VDH zEaeb=k(zn~sG2@`1V(69F%R*32J33xX9Bbl&q_>k_4%4HCPSUj!vA%$O$#=H=viS3 znsZ;cmSAs%8-7F3<3$C}$Sw^$F&Q(kG{bF^E@@-+eR$$$-~?8uG`$b1>>ie%e|bJ% z-NO%gA3tj$puxc*h~^zj4o|!zDjya5p-^+agzdXtGJqm>(4H`DAeEDeVI~E2fW&?6 z{duOs#2l$Yi>Dg)Dj-895>?oaW0zy(wQ-b1~S4@HY**JpbE_}s{h z-mLHQGdw24Nl{d_`?C4$kqQ@1C&uUO;(mT%upm_HvEF{!6$4Gy_Ae$*f3vLTW0PilEU7HcYtgHrH`) zr&-tES=6A=`#rlbJeR8mGy5EE>{rO*QE^|(7-7N0!zdAh)IInJIjf=01#a!gWaqD* zCIR1S|K2-;!IC*Y8ymImLHKf&ApW_x68hLiVm%!CV zFz{d9Kef*RDH^zFW4u40o00zFn#WkG-{1C=+0Q?LoXIF~vVDW_{+Q)BC>7NEB7z4B zOuW=JdmICv(yOQxF-g`2-a$y)2WI>M8;sHZT28IaTmL!a!m4i5*o+$A}^ zIwp6_x3!)aCYr;OxG(R7Ilo-suK)6<#|?-U~|T^7kO{xyG*bby`3-guPvW z(Jk1@_)0UjhDSbl=LrBU6?VD8VIDZjMkO;`1gPfo?~4lx!e%+*HPqk_I9u+FWG0Qt zEBsCsRV<&#lRs{9@O<9Lu8W;OEo}^+ySE%AQXM37vu}_7M>oiZ`ePTEpP-ZjG_$fevuw2Yc(=>^JE7D zV=qn3;n@y*?MxZUehs|H!Oe+BLml7r&Ae*fc|YQWm-dFeNxvs$Kv2VcEJZYEaWBu& z*sB2L@ueQbILrKtNeOpj4(a>V2U0Mx`>FdRJ2|veOS-m-mQ4(wOYaW9cF04gKPUJK zf8K6Wk^bmBQYO8;PG}GRMMKX*K(0f09Q%z@{6AW7UxO4p!Uk3cfOB?Q&R(H6{K~Oj z@GS*_Pn|u7^rA$zL*Q&Mf2X1my(C9N-D7EGzJUM+1g*shoG~9*p`rb{ZltrEn=wNW zZUQ2Zhr>~(FGf=U8$u(W>U?<3ASn~Y7br-lEW(^%-vygIh*i~r&QWlkkiR)N3ZQ6D z@Hq`|IXSkp(8U0s181BU5$~9w3>+~YfwX4sAG^)O@h!%_Vw_B8CrZkv$heVD^rsR8 z5RtR9Na@ErF$z)br{bZ1sSW$(f~5i6%teYadzvc~*7#GqI0#5MvyW}~sONAQCfQ5u z7x__O+o4yaIvKQ3ulz~7&feQztat&LVS?`h-R93dTt8kesn7F$enea3ZF^ZvoQmJ+ znl~KRjC^s93` znYkL4bRsX~>&#EWxL43u)L-B42aHCaHzT5Dp{@Stoz6gZW13s*E2i~fj&x!H=pt4} zUcEP@O2MW1?d#T{#s(5rY^hm+^~!v^Fr?4Hk!TxMz|ae|9x@mrNVSE;eJTOHIiufm zJT6GyRX=_7owp9KBsZ~f7>C;1y3V$9J7J&#&_C>Q2;YcJu4;(dO_m40bZv*63Z;D) zw(pxzU?nu!@E{<)Qq;Zs%f6QK*P?Hl)95(ZnM{~Z-?w8tC+X0VU=V!C=m2=`bm_m$ zk$=nyI=*-t$kJf2eff#!O1~}JUUguH;ds2fm`r@V2U>t{#SiMDo!`9wYp9QTe;})2 z|472}>|7o`q|4g6Zwq21l5h7#La-Qul+@%PU%p)K&FXvK!(OP+xg>JAoDmBjm>zLr zuD@ZwhP-^Ht@oM}v*_>T;M)=26XNdku4#pZ#|#^Tpvry6Iysn_o_1MLNCcc34`n zXEN71A&FWxN(cho7?xA>Jbi<0a~$Fh!AR{F*XyvKtv9tpf<@`SsPT-!{fJIhy0`DI z&wbBcM#F5Hyc4@h`%AEfe{!~qQ(7XdPwfh(Qk`@`YLO??#@HyB20}Xbb@m6DFhXQ- zSLp^ma96?CkLkwo^QM5^&kdJ7vEO zHgNQboAd#6?|=j{x^R1JcCS~D@+|-z{PvlGjLQG^=XL(Mr;t*}QC$-2m(s_OT}+g9 zvRAA(v?7{>#&blmeVL5(RosaHeo#EKeaW#ku|C95IlZogw0I(W9dQAYY4%7R^Tmy6 z(z`vNi)+d_^5MQ>f6;`WOU}@LhZ*kIVN&o}HdL$Q^bqK#{Ol!?P-}U-?jKJFs%Bd^c--mw?8G5282EG`M;lGQtVz8$FOGBb}~MbA?>_EU6byBj+{(eE}npOaB++ zLf=~MY6FnduvBK=oxT)GNv`79Ja!c30HAvQQmC-to%I@qN={ z5OeTvD05z49pe1o>QWQzA#>TxIe>vO{<0W z0x@9ZUAn}5ed|T*iwBJyREwe{0plG11gwu?;Mfxmn}dNJWfR=B2#9bZMqONBGp-k< zwx!;K|4oc-k*OcZ84A}{fW9)sc1iB&(`Fy*GAS)%I=h7szt7nhHM9&GSL#@um+hY0(j@FFw9i2P#SmzS^ zD%h}gkllPyVc{nGeZHfvC;f3 z=JItao~|@$vo~YP(+@^8`ZRpSu{r7vqzV>}Q~6g|hyGHjzCPf6zAXHF+^X9LRQ}-Y zm&1ApKoU|eX!z{6K2mujz#`9#a|^8chzem6&Qq^3D`2CZc@D+ZvFR6Qn_s-qXpk0W zgM8wzftlB$b@Ju#P8f3fOU!;1L+?iYA#E7M1H`90xH8%*7;uu7c&woJ7o?%RO9HR- zc=HYF=B+S{&pGFQj;sSpED*8NUW0XMtozK-->Qj}k^Mkd$3fG+G>td(1P z<@7P4?Ec(a2OxQWIG1%rl73PkEf!`aNa5=-ZcpA{AMYD~J@|a!nWu`6H9Z>`xO?lE=A|iJfS4qKO;66*%WZ!NM)2d*&W&oC|f2Qyq(`oY{ zz4K>M*weUrK~f%&yb~&f@C|(T;f?ndYqjhJ2Y0{NYws)Q;ulm&o}O(q)MU3{cxCZ1 zSk5b%JCt&7^|rbN1+Zv;2Di{{F%ou6=cGsIlWoQ5waJFeRozC*Hrq7q8z3>xJ(dNP zy3U1s3mLPa20k2AggY|E4~4#z)tKN{&TGS zI%^}rOY=>q+R&#ORAJPIYFBzM&G+rgYzm=2O$4lv5dy## zWad!7kM5H{i+Dy{3Ya-v94gZk$d;jMBv>!#j0SY+N1HoBnL;s8yT-V?v^)bxQL2r9 zA+b+=M2gP1RM&lFB9xg{vKS!?>QFxxP_3DGPBW0{_cYABE1bX;z~GIyU&P(uA#{jt z*>}m8DM{A{F~21t#(n#B%UG8Rq%V74-;Uy59v#f#q7mx(w6F~vM%yPV83K~hky6~O_KEuV-G~#of z0G|oh=e_wG$O9;o#pK>DkT%Bd*@{lYU2PAo2T-oxC%*z^M|HK}DQIm|!&d9fo4Up= zjD!fAN5vnnf!8%FL7jW@-VSNPLawtvzdP}k`iLaBYCn{%2)vq#Kc0p5z4=cO>ZK=A zwt9p5GZE3~_}BYyxxab)dJ*X6n2y%1NSo)AxV(2DhkQuLgF8rwhrt|oJBMo7KW^`EFxo2nFxI;ugX&vV%#lNw5F}iclvcj%-hhPF-w6ldG7KRTXy{i% zIvz8_R3vIIYWdU<@6C$nolmxuX18UN&KpbA(fecexpf|-nQ}p!?LQ7K`;mR(5Gi7N zi%6n#ybyKyo67gKSUhcfn1TLtzq6n4q6&Szy8?jlRIIM-*`G*I6#^ODz#ojWTY=~m z+34HLAcW!X*TFHP$tiwsMY(T!Cyr3MYdqVH#k-4AgWlg^^2da9*M=NPoGsHT92v^C zbVNln#}ZPPPnw_*_kb;#fm-ON(APRgIGJNoxI9U)3MBjuy z78g(8uBW#u5F|9+a4KA1?Pfc)YarT5Zq4!=bw% z@lc19-;;R&)O2^0ejIiNLX`~X#?>U)s?-Mzz7*0b&c}!3By$=l4_f_IS3*_V#ffAah!;BVoTz2aCN7Au~T%vqfcnP4DMfYF8WC_BcLp%Vm&0 z-{T{HJ80r4+AbI}Hg>tSvs=wc#n_Od>M!q8etSB7;h2OmX$x;mupxzrU*fCERY-gg z7qKqmkY>}g#JDQeqEC~7F9iw3mTia`4P|IZ71C&Rw$DuMk_IBQoRtK~zppG8Umapr ziY|_#Vjilw%Bh(-9|PlHDE1-#PU@*%?)(GCs6bYTh=we_{cYmBq^&x9aA5jYU}qEb zi)fs^wt84b-dXYVDU1`6%(0+j3xx0Iv~*Xkf(0EWa8P-F6;23+!}~hM^V4pINy|H_ z0L>(xuXpPnil2QXk4u(@&FbO&V}KAn7A0bAlex_;KnIFIe?6r4=rC+^2>)z&&@`cj16gdT7S2Wzg~mp`%WwU8N6UG#d6FO}RsCS9s6V6_VVBT6e{4akTHM2Y!!{F4 zrB~{l2l0f}dcqoxSkfZF4}?%H_rYRzPl60qDJGVc>sr&lnw!@3@p@(iu+QI9XIG1@ z-QKA=aj9Xu-@^rD;}^_RB!{w^OZPLE#!N^+TG&F6aHV5a6XxQ0O`~F8uKSC09nKCD zNVeu5uWDL{OR=kWPA`2yl+q1pV2M8=N-jJqt;4$eGPK2di!wq#Hn!r#oJ=1s=@S8| z$IBB-Dnyob9Y2vS-(akHK3&jzGLhAqeQ9|=2=`0jC-%g$pA3!WaryAh#1r_^p6K@D z+QlOTWIHni(gi(451fw0m1e)T_Jz`#t~4%nsrcN?j{_yL2ml*3ow9eP0?7R7Wc|AH-)I}Di8OsZbSA5i{8hKO(P*M{5*8`ZGy4Q6|IS-6!oob-5 zVF*t1z;V{=!Y{)mBV#-}f!2}q@D%Bv3Gx5Od>s6rK9zbpApw&|K+VjHR-wz9;7%@IszZ|LXL$UkY|C+gnb2|i6)q392`t79w)eAdm z`xkcV)`d_pp4I63+n?_ICh_-!Au*xn_N%g);BfCUg(ObvCGok-6xUCtIp9_U_9))& z0>p-J5atI|6$+Fnd#_M^p5FEf<+}X)rbJrFb+Eqc{n%BFS`Ld{)GnVtTDeXqKT*_Z z>$-PKe(N1BA%jE3!w`&?lm-Cw&$`A${H)$gucaevPM}b_?H# zZJy8}xs5~j2slv7c24HcC1E8@j$T@ewV7^wm*&z9m6L3ar&u4G@T%5b%AX!xj<)WM z8K#uX(q1m)&NOiQ*h7fy9)>Z13T)+@q{kowdlhU~A}-}37Jr$)+-?KIv2c?^>T^@b z?09|5@eAZJ$HL}baLZSJIH0SC=vGSSdlAkzR~!e*mZ?`C)AlQ?iu4%-^Nf-76PC{7 zzDM{Jdxt@|*;Q#|j#%X~u((N}>dx&$W8LS}5M6 znBn<9QMI$0PN^hAX8R?^?2;?{ z2cR+lb~26qnWZF@dxucaVX4;CewoSisJs}&1Y3!adFdY_RFYGuNQT&m?{Aj%f#xg- zbiSV;$GSdG;BFLu@QzpWC}40ZOi;oGI7;PTT6UR3J*Lx4e;88Qs+jc!cASwZI8!I~ zQ$^emU-NJ;F_1rRZaIxvoNEU=z6l4mkmephjgFH6k9ZM zHg@XSyrKiwc74Di=KgpN^ArK@4Y{AqvG*g|Iqmi%Q328h`yI6O|*!$*2^M(FN|N)IUfOperM?6Q1o^S1*#t|jJgiuW1t<$-c7K!b=dfQE@MqsG z6>r3-J69?+_K&O>h{W<|fxO-%{m$m5vkY-EX)lLHH%&2sfQe4S__5E`f%q1B5?qBA z!SwSLy>pc>N%&3>?X+Dj=Xd1cfLI%3TW0db{NTl08Ax-V zYu(~cF_=&x#M=~rV5S;;rnEw|k%Ssph_d3w6SE%lgQe=HSbB%ygm~L_JaiL0Vtgk9 zv77Ekc63hnlO%31@nwKm#l-=fvcIP&G%|z1O*$wm>h6z}47UUzv6Lb)_l=K3&9TIx z@JQ(WKV8d*;DqjnpGm}oQ7{Lc%}m%vhetWT-YtB~jnEB~6K+3_sGj}T1StsY!ikHMMx1t+(9kJ+Yr95v*alHy~}%#vAFp0JF;An<{=4@a$lzIS_5 zKd1Cd2;S^s6bi-z>tUV^k<{VI8P>dT!~8c?Oj5VPwrau$IxZ9GW=B5*Q^i!y#rP2J zw8a<^``VAQPy_(!MQ9R%mvu%)^gaDK@v}P&cW|UA=DqJcn#0)SXnjD^{b6ZxUo`aJ zs;cx^JqQP|6|bMLutCjdl#W+lPgEiBz|!~qgvrYMFQ!QmM8JZn z>%7JV1=4|FJti-?n0y`gjAD!ifO0v)Z?rZ$3xy(1|uG<|9 zDDX>e6#K)s`Pyfv>8e`hzWW!*Ti4Ny2=ir;I|`Cde{S#>65iD6(3WE3ZpW(Hn#7wg z&A=msmnqz4YwPd5X;w>Y3^;0W$EkmFThh3AbNBAO7yv-`0Au1kjeOMMUWXR zKsb$s3%l$UXX(Cw2mViq*rI?j=FwTL(neIc$eWGW5fn{|`$v->k!lF0RL5Yiu4(?f z3Mdrvdk}oA`!<&h|Cy@CnU;7~AuptV+LF_VjTPN_-~H^WE@BwyNTzLJWULC^LfqvV zng_=~8^gy9gct$eSSE!QY(~h(&h!KP!*`ev!xuz*f6npEBM#?h<1|w zmUxyguF&qASj2%=T3VMgvnmznQSWbD$BN{5bB{J>h>)~3<=rMb=~b`AQh9j zm%F3hmLH_Tbz`5)bAt@~T-dP4Jq0Z( z5n$Z@y;2r}^GTMFkAeZUOP$6lQq1~PZ%0k;T+V_7Ynw7ieju~Yq9-K(&b*+4{f-HR zfrKglY05tKZg#q%fmJCq{|rIo)J>NMG!&FE*gr>OWjS0QkIRY;8^r2MP=(7!+7|k` zr-Dy`ov8DbUj42`Oi*tSSpHoZlvK4N@wqCXH=Z)odiSmdS(k(U#HuHlmmeQtR+ix&G#EyP1rTLy03<$w;QW02sa_T!IG$iU zvqy_FU3{^AeyQ=Bu37i~!95$!3(X;KL3T|D^y8UL2E zsYy?d^EB_tqCcxROK#6S(Y;oO@h{oP*b?ra!C^G#nQ*U2Ay-GMqZiD5%-1e(RKCdz z9$o2Z^Lb>9A@`PUXDd>!MkU|Dw2C>SWmxk0Qv`X3Yl>G)l+Zr~*jp$dq%kQR-cEf_ z&ZPlvlEs5|Bk@w@_D8VQ_KSkQsf8LS%@eRfXBh6hz6m|Z*AXUR&GGxewpV2&rHT}YqS>{ z#P+4~5SYd*`m~DeFxBS>UalyqlF?g~^N#KfM?&f9O?XAI_Z=%|jYhMNP;4}88?k8_ zd_#ZlH;sn|?T07tbAX!V7hB>Kq`i6m;}AFu7o15m{L}!Vh41wOf9C%Bpw6O8?%kQxP4$)%u0Ly#MwanQ3QL zxRfv0eEIR=ECH}!A-3RO&EYV-<{w>jcXmn7vDG@981sio1f!T^bUi)eL%9Nej+e}~ zGq`|GB&U*(Z1t_w4}V#VZV$x62Uy6LlnDLL-5baEONi1MREFCYkiW3L!xr$BL92)A zPDmZk0ZJ}+Z$8hYCKg|qgyZ6gC&~bV_uk!tTBDFN9$GM%=b~LD`k=>fc+14WD6Brb z^roKVJH%Z)6Hg32Q8D+yKEva%sAR<_3$B)BE{i|6{Wd+zSC;7^>ks#P9Zy`64|_si zuDY!%4C%dD8;9Hvsp~5H`{82AulL~@YpK==x@o#N!i`!pngbWakOYatAe2`C2j zb~3&Yq>$AIz1m_|YFSrPyHE`Ou(&A}^Tz-9ci!WWwOf?&vEM}gXNV_3|H{`er!?FG z*o)P}_$kWPL`mhl?wh;c;r>uRqZ4k&h(V||C-~7QpMdv;;2V&1(^zQ%6|5eHlt@7digWuq>mImm2@f|&d!t$fZ6`sq zsTdIcQI~VC^Dz)oP#I4BEoy|B;VbQ{h10%lRVq9c z8?J|!mAkwWyiii(qp*=Y1?zNH9yY(Mw*tIPLe*x!*^K^br1>;cjBbC5-mgN57VcVq zLxJ6ff|3TY*TlMcsE-LXJ^@^bKk%%!Nap(c!IIv`OBmXi)wxw3XqD^iK`f5Za~p(I zM&_2L?zMc^-Rj#02(}bw`^KkZMLy9@NQ~!q&qx3l+9ww!tL^k|nb!aq+%wMTZgqso zxC)Pf+2i^$QwM5{BAsB=?OT4hgluldsJj&wPu)F@CJ(jwwb(&JkDwAC>g|5!Nx!J7fjLx|CuUAz9 zbQst932ilk0>Y!G#xut9eW}nq@Q~S0Qk}T%hcvW#r}`N+Z|x-Mmn6aCdt85~{RbSrnX5;SJ@h9WH?Sy(ABrglHttgzD_8ZUPg?{F`L<;L{`qS}-fic^488E2kb2y~q#I6A*DDxC z{bjm0dO>c)v-#U7BKwd+Um``50y{H<-}v&-89z(|=IHM?UxcplqyDY7*`eO;8syM3 zw@>rQgQZma%+=dh$Z@lM?cjkv(Ffr2HQ?cE*oUKE*j}F*_h$&V%h~qHt~`^1(^q2% z34Z|*w9%YzTb3nnboaD;bbQERK}9>p5;cw~xDAu1_jRtwm1c>+;b$cUrG-N47UVfWzt0Xg?0$Js^V# zdKX)75ykv2DeG5rw63%ad=HXB*S=7jewctVaaec6YdE>F2ZMCoz}W0y&Bhp9sV_Nr zBT|BQiS&~OgX&LZy4+g_$-cj=hvl?~08Phx$I7?aM674xdKb?yJq`1@b_}7#%proo zMiS`ahL%L8mtzh8xN^R-E+6bKdUES;^DS8Wl0NrXiG|bj$bTkbUss$UZS0^bgaqMtyGkAy?s2;A`4^KCjS4{L!&7|JKMU!f&NaX=`9S zF9OLl!RS9v8P^6(CL9exCG#KP6ZKjDF2(e*_IP8~FFAVCKRSAI#k=QbR8Tw} z{-QjuGJ&qXZ!&LR$l7vpgW~+Gl#04Utv0BL<^fsr97NRzjVWlIi*5oWSH*8(EV*r& z7WcMj7$hxffQ}wErZ}V$>1M@#&sRkdl$pb|NBCIp>G}003KXZX$s^2e$+JO=U^E>T93{d3n~kI@(RxxTOfB%4Jf4Q_@BRcuH*Nz5dXTfh)Av-}{ru z{82#9?qu#%b`x=0> z>jzb038oLv<&Y<+F0m6r(Q6vJ{_|*AgcG>dZI6V=;`w$EzAMN}K|`dAdxi<6R_8;C zGLzF8u5Y7E1K7y;40wXP~Ejgzg@BINzm_zwYs(t*-zVQ6*Qiqw|x} zT>%V*XTX<W^Ay>;*_jqdTCoZZZ?obuuq+g)vSoEF zfCr(PNaw`Jmy_|i-Xd!CVkiV3KLWJXC0X~_Ovl8gU>XrQVP&!G=q$UR7&a;B4B(d2 zar*9igKiOioZJLj&Qx138~LXs4ve^hAH1U_l>*AUGdx#LFX^<$zz>F`|9GzC0@82* z+t^-`;<!3}xuS)x1MBkkQKsYILjiH1es4~&j-Ttal`^^z`1ek-LdA!Mf!Lb>w?K;mvOT5Ia}gW%Th zp`Q}xS4MjdSadJaIwpSvn&>{P zST4&QwPBag{iQ1^uvsql{(?v;@c;@%%`4zP7Q`MtXEVFJvImF=B9u>hoJXN7A5AgC zcSUn7D+ACqb=3V%;swyU*ar1$(d`lUipK%Fg%jc!@k$=Q<^stKKRz0eRoBH7xaFCn z@kWIY>GIfDHo(NY>(R_VCpxwc)Sb9`vP0RYpN>gZbO17+`akFN0^V0Z9vb{NuJlJ2 zK=Qw|*6Gp;?#y0Lga^gtaKGYHtx6W4>_DCZ-Bq}K;XgTU%;UFaJo4)7 z=>{@t3d2qeP(T;(diwKq0Axwto~`(hUZ<0uTv1hmMWYv3$?1YvSII9_n6hMeJ&ci# z>Ji(RhBDbUdg;~M+C--o?@7Z z2gcrtY`Yfhr4CKelZ~D-6h<2VuOAkb~ z>SrNUQf++IUx`^0EZ?3c9AP%1p?rOg9HtHYtW;pnNfIZ9YO{Pg=i+?BvyJ&q3@WmI zW|XB1$~xajel|YXCL7iESpLQ>$y(2KpT_XqX&eu}7i}^#y?)RuC#Sh*iOyd7?}Lz1 zaOBGE)AyJI+PB!M-x>~={ZVu9IR=kLDFq)GZeb!8t&g^0=cY?i@?!fi8Dx*aJs?FQB720g{83q6-T!Xe>o& zXLN3bBIuJta>F1}`wISG)qaz~y(qGA+(KyHGLwyml+Ex`U9o2)muhyTfuv z4Zw`h=mvZcZb*d{_am~lM#oFRRIPLTW^j3UqR}CWueYZkUzb8eX))15{Q_5jJy_Pq zJRJ}^fOvV{z9}vt{E5&5=dK&vnI*Tn2NWm5?MV>Q>AIJ&6d|IX`v9X}2^|kcdlZiQ zfv`#_HF+GYE5R9PJWihdSrvbeESec;{Lc02c;gKw5G83jHS{kBnQoigho^ff)qC?o zYr6iWVVb2>57AaQU!`~z-BIL85%eFltUUKxA_o>l_lXj!MKN@N91Z#UL8tc~Z5+RU zorS}Gy+2RkrQsg?06?o;-my(TB4i+4neSe(NG-7TCet)r7E_D%>?c-H_}YsHR8?ID z%N<`iY?-EVgME@%`}Q=otPyefVm=%f+7mr0_pMhDis%P*rdd57&eK66MmIH1%L)Bw zp-E&SakMu; zHTOH9l`~O%)X{#S*_vec8xQq41NOPwOK#lCexW<8k6$3_n*%v{N+;J79IK4kL!38#3f%Ed)VgVFt^Io$~3F-l&Y3d?~MS-SA% zIY^P=WYoC}U&uDtd*m^ipXjSCeEnRb)A^7J=&G*MpheM#F%_ori)-F5JgFXebPnPV z;_h#fmc}23zQ}l|A?;o<*`F7ix88ex+~PCC`?b%mdLTXpIN%)h5VSt^3`Pj|&zYt6 ztmVz6r(}BGsQsdeuHg!gZ=RoHk=Pe%ZLGTv=H&am^S!~v($61EM+yJ zrz_seg!GxF8J)Qh1e4cIXs#nEp8DaBD}J5>0l>8NedK<*4AkIDOivGfxLHFd9sR#q z=TZ;6N;wsiz~dLMz2!IjiNv?SH`<=j69EGWWMnkS*^Y#^C}F-_tZ4A7t{b z+(pHw2$!1e0ONAu&GiLzc`@9^aIhIRJ`2o8roCZLH>IEd;}}xEeJl@(Cik)3pn(yN z%ffiZux7pV6jm)#n1jm$3anKh$La*MKOdaierk(H+~9S=#XT$6=PO@B;BoT6rT^U? zD4QfFS~je+1Rni^Ivh1vvgAF^Ehx!-S5t@hY!{0BUYp&31I29k4383Aecqn%g&Tt} zm-pk+1pL__9%yw4@TB99{i6m*z|`~Thjw4Ud6;Wvoz))Pku_$h;UiXw@a*-9tbk5F6E@Hr{o)V`x9vUO`QW5&^#=qe;%=cZj+ig9Qhbiegj z1N1Ww0iWs-EVXSR&CvbHw}J*u%?m8_*vVENB0XQF=d+?~!QV>p^2eZ&iF5e1N_AN+ z4iNERSNQ`(uz%RnvcYv!2~8dptxL2Cr_X3j9UJXWK@0r`oWp`Ha3ixWw*Q#YdpCs} zPlG4-1&B4BAdxgOlop_-`IR*H8QCa`G_rQ#6N_FiS$|EiJlJj>L!O{=n4xDRu`_$K z9-4I-k$S$oZ&UXWqZ?-YTvxM{SGCfqhjotZFKeoiu-x6;7M$pK4^+drI%_$d&=Nk- zRcXM82{CX-20F$)IPSlzX+N#l1&o_GJ zv+YAOG*nt{<7tVQMiu(fQoCH~D(%kB#t}@H**dIRo;t zRr=vfzK(_jbIa2eWMpNj3GE}l$J@hhuiQn^;EFyK?3!^LOO~~nMisu-PB%|h(ULqvvQXgui}D> z`=&jJJiwjdykNCoTBI{N8?;Y%vPzkda6IV?Ic10EttZe^D8wry(Kpk>E`3H+avy7wH?hC>_Oi_97=+%P_m*azk2;7-Z#wuy!y->Sn*yGk$TqNgt+A7HRI6M6HcjZoI zVkJY>Uh;N3zoR1~OSc#qdo;g2uFiX0C;DLf><=yCmK0UYM1`$HVi-KsD-yS-2mQO; z0^}`|q?;u74aXw*Ra0>d4+WYb_v;0_i{mB%a#G`miy+41!x>?8i0dfcf7wxTU*M0f z#rp+4Eh!KFS>EF|_2WMV;);Q)2n2QxT_Cw1FHurVUh1AxG5glU2W3zZYC zpcb<&STdAg+zm$+u5w>4P`dOCZ#e0qgv>Bdk#UnBck%V0j{718V>eJm;e__xw%{#k z_iLSr@=e<6RN4~uL9qP{YJaUSNq2}N4-!-m++~NPw5>e@@x*O|{KHa*AdbE{jQuu( zZhx=Ie)NLG^&_{@vH6Qf zjMhqjxwd?on`sS?$LmCf=y)W-`t!2r^?rfB%N*Z-tUs7q=_}8R$Bt)-**Mwj#@bY2 z%qx%cP-y^Hhrewn5knOA@lY7HxR@ioE$c~gPc1`h7Fbs|?~DQf-lOT8kZzr+stw-A z0lRGT=o0d$J%Qs+eU+pLFMg!WZ+f~(6xT_ZB<%6Mpg8+e?%CJUJbi%_@B29<%kc|t zaf~?avJJ$qVNQD>R;!G1+u4<(Rfh_D+x$nXb;@#`9@h6eV7mwv^K~Zi)EI=O8%rw% z3`$|L-kGmt8SwaUYd#l^QJBd{LOEX6=k+6gO`8g~k@#wGiBEm*2)mtgAA1ROHgXVL z&ssw>YjzGVQBA@wZ#(^tarKn!3{4@1ucjad;WdMIQ54otT|#8pJZnw%t7pC*Sc3K| z%IRHtiIg(#V?S$v|o`w+^c zd&ZNie~{#4(|urkuor$A-GZHcdmg_@q@DHUwQdA798Jp?p>`95iT!efS>~_J1}bGE)Z6W$wnu`fs#G?Afp6URm7&yi zXTIf%8&!uXo?sCZANiOM-R+IG%Paa0J0R36op~l_P>?h8`m_S{SHDNXNNV?n=HNR1 zZk0!qecV2Lqxteb{dzF8-)*BNNedFwsNd_48~2Ofo|5bEv#$|Lm!GiRta?VT%i&~K zS0;1>Z_g4Fd%hw1HM#ZXkB+fdJm>=l^&=j$@L7s)IFP-#MMfN!05hmOX{tF`RWuCF z*FNR<2NUGmpMB*tB5P*`P!hf0t~b>;bc6-#&x1wFuerVj7#4a+GNrk99$wBZ0Gii! z+aaPKe7HlsHk9U`iP7HTecrTT;v2(iX z!|?Br_I2<3o0wiJrD$xhhwEqQleIoLSm~gj$A=8vdNR(KR{FDcdE_vHoXJs!=0?f`&VBL@bqTEtkqIB?LIV85N<}5fF)y4(LGTAo0<6ISV+F>5Y z&ic8wM%#Bfa-_`7@3QqajizzV%X0NkXwkq(qd^AEX}T6=m}sGVc7G;hi=?i^>mCgY z-Qc?@&+Z6ZnwK)aK`{;Y=Z`rS2E7W z#D?)joAJSu;Q!!qZ+@U^+!7~io?u+$|H{`Gt>|&02x@%*$a-LYtl3~Q1Sw(Je*SXg z`Jk}vX$e|yynfrP-;Ea|I15!_si!3R8kw{O(|rt|@N8ZTNb$|EPl=CwwF9)t!AG}7 zgdhSH?sF7sIYQ+)htwe-TFmk($SptG57Sq@&w_YiI0zg!rqY_KV-kXs(X#sg0rpQ% zqGEK5{;+F9SKl(^>j^BxV;HaAw_K+oF^(L z*$U2a+3^ZI`}o+GiX=N6uF6@FjWhOVp2c3COI&+5q>C4j@AKayq@=_ozN=x^Amh82 zMYX>#ivvvlu_%{dA33E0&nThJ(8Sp$?7-iOQR`ghioR| ze!krI`FWn(YJdAzIGX+)$K8A=e7%G&&G`&ex>VBMwVv@9%V{r+$1H6Vl5J~ZZ>T1& z(S0jI!{b)-GVWKLf=6q>#@t7N7N25P`d}O-`4EbnF{)r<#H4?PZ^&sApob(6+LN>3 z+160WzW2ZBoE&ndl!jA_a_xbn{rY+W{orLkzK?Oe@QanjZD7tnG$n~=59lw$7M&Wc z+wb#bPxk1NeAzWx%5m+<3vsROkZz@I_vg;c&5geMTF3dtf=`(-0HaKg-jZc#uB{QTg|gJ_7T% z`r8FOh(~dnk7RqK7P7gn7UO^^R@r5G9+wb(0t{oS4EP&XLBwNFEw|)z{y^J$$@vp? zVlzoUt-qBE08SruFGi==3Rv-eJ}yDo#mcX?YewK8$*EBP_>3dbdrxGvmGJSHn&uiO zAhKXM;S&7dd5dN(>u1NRpgK6l*H0AU(ceq(neW_UoC8SGp~8aR0*`{^vqVu-7e)*0 zC_1#s4%tBgM*`FT);u42TdoysP5%n=-W^~t)amjQR&DzmBjQn9Cj3e&X<7sk5oVWH zA97}R$AwAUizfsr$eH!U^aAo&ZK@=hms^gUT`^x~NBDnzkUhsyPSE5&U%~<5i#fRP zOYZa>T@(&f4YxEV_(%P|W-#lD*;76t7DXlEeoTk{>COSP0{i){`<^G8-evc_hYN=^ zK%jUA4*8}|%;ESm6S^rY4suk%+_rO-tjD(jp43fIWsoYNSeXt$Ty(#| zUSWboYs@MBcOuL4M{oe|XJGoqsX}}q3FF2^$Mr=Kw@&R|@Lj}3J{tF`BTpI)$NiD&Iia1?zz z&*wO&r){`$XH@x~9T3{&(6^l)G%$+J=(i@jJSH3T9#@xo39!H`j1isDMdv@S_4+mW zlNA=u>7d`-FC@=U!I#fQq;=y73+!~CqxqgVqJ@$;kAEG2p$GHf_~sQe%G)>`o`L^Q zspFugN)keHPo3g;F7nISpMMt#QO!x;!=3EWk<10PYp{AKdtYF#JRKJO;ZNBI$2|(Z zvZwH)T^4{@hwph`3-EU%T*i-h*NPd{KHJfoLMB{52M3H={cM{3_lhuF#BR@jk-Wao zge>;PF~7XI;B?+zLv(-j5142?J@00KJWZarbP#}G^)F>#j>VZ$fuHvs=Xuy`m_!ZK z&JS4`yJ|atE2R06>&G8K*sNLf3*%5OAfUEnCYNbJ(w$X4k*BzLT`7p}utsT_?E~iR zB!%Yw#vh~CduPv#g`6!B-Y7{w5*_!ZiC%%-;6PaT)9CY@Q`r1@cYzytlwlMZTN?FB ze;%fABe?aZWLLlElc&Iv_2r8;cMkT;E*vCuxqDhsqI)?ibB~n0RWn3N+V|!bw>tqJ zoznEgSI1R82Y&_Qu=osoZ8oSD{d;gGhGCBS$#))5nq^AXd@uJFOnsceA1h>y_PIUy z&Jz{;uNtZfwBo1>i=ezte|h2>A1Rg9DzppK-|F{ ziOhttz}u_b%I_R;wrkzs-$#Bxv+%b(Y(1<7ZsqK8dL^sBl#MMOuN~?J=zd;P19-iU zWqrTLMz-PEjAmCPT%vhn^ zhfUyN60uzG@%x>XdpP*0n#rdpBe~2+DZ%*ZuHLia?BDb%4)48*%h_kfkHB!aK1y#f zEHXl;?LK9b$-k=CBFc82ku2+)QX3JC-aeA^=b|L$ud2@Dm3h7!5`Cq_(+^&b`(gCY zLW)!I$2WR@KI`V=w7!NhK`GBbejKis%)nZ+YM2p}eFviuj0^}x`&rN-16;DNee>{x zZc~TmO(NOU#~8AH{kq8Z zzLKTJ_PK=1&)Yud0>ENR?W4}V++S=}?g2;x1LY#p&pHOZ_$7^7Rw1=@uco~71`06L zU&B)Q{RgfV;+;4RdOp(RkkGrsxxE8c)uNuG52 z$w_*@Od}ED|5sHcXgcsM9m)IoxQ0P#1QAhP+Ei=~tiLW+daCx@63-5X*=y|IeVyx{@y=;Ybg)5`xy4!@m+aGHYvuagn+!=1#xJN z5b#O%J}F#FbQsrGvCaKezOvW`aZR*g27#CRlQ;&J#~|+*!$H&Md0S- zg!y|OSLgA-y(K=CNwx|)oXt*gVxSSZ?<)fbC3Lf`Sj{Elsx?7>#B^NT@stuhGK3E%5!M3fqMn z^j)Z+Ked8j0_)QLVEqi25Buwd7bJ+>^MGC`SPSE2?cp-jk5}S@b(xeo3Qt(KV<*M9 zRDx!>mHQ3@Fx>Z{^jotU9zP2?ND%@yP@@?{$79amF2zN4jvjRgki<{x7b<=e?ujm3 zs$Te(swHSP5+F;vv5@%1NPf=7r6s>L{r#gL&?-f0CkQ|&lbx>#USQxK`-sNoeG4xy zLK=dff5XMxFPemRErOA^mer;sy@*e@qR|LPUZF~&z8|IDPdc`l!w+=6C9z#t(^t19 zxr>U%kgP-9PChSRiVGW3Q}A&-d}7K2`NUW^(I)*>U|ycYANLlz9DifvJNn*_UB>=V zSh|QQ>8eHiMC24K&JX6Hvh0!Qxq}-(1mICI+@c&xTViC$iOfo-`E%{J!7%Js(oy+xUbq*t3mig7= zgr^>@CCeXUIxj%mE$AQg;m`UBTU>c{T&xb4(*+;iv%SB55R!c(eZTcvjC8SXR)3fM zpt4hN-X5Y#Pwje)G=f!cwxJzR?6Kht?i^mJVuHV)Jt1bJnS|SinZJit;P45^n0*=P+&bGgld{QaysV)o3Rgre%wE#1;sFHC_rTV@QS7cDy%!zA_F z`zipTxJk`k;xE6eoJA2kJi_>-qw?02>#&dAu1aS}7%HmV8^X7rE4UVXC2=C1)am<3 zML$3d17YUQnEDZ7mKXVL%@?4IYTA&LQ6=uL{J`<@Gn60y+U|2nIo{jiJ$yZdWB@2U zS_F>s6o^c<@r@%tneQD1h)F+D+I)W!reC}8%{aqFUCLEyw$Or&GV+tv*mEuMq@zD@ z)Mk%r!#9kyC;J!RNN8=yRgKGGT@2YpOj*yim z*KYS_#T=?=wS3OZh0NN^;KURV4GsHh`cp{x#J9SA3G>VTUfkwZ>56ra_wHVHY4#xd znH*{W>DqWeSFE0LoDoxGx{=9#2NoPK*V_HkW11lHpwG}(-oe7Hs+Lkfj3K zfQsb8qrA#Qmv-dGv=0hd1gy{XGV3;?Z~pTv=AQ@y@dXcke@y&%7rrR(!8CSMzYBgF z@OOPgAB`685jAtn*6ze23EWhgx6kwk8ZPXUH|e1$-yKrp04o@n?m_kbiTKVOojmJhqKj0TNEKn6BgtM;PtY%URwp z%Sbc_IPGJWACdjbLkC1wU-Yz#pvAp$|Mb`*Z!m?d{e#XOdLOw`%^mO}3bbb*G(BOV z!0tNL4n{mV>O9Z~GsYBj{OsYHA&C~uX%4q2B&1ejx^^zM(+To?pYP00J@B2|6#%Yo z516{+57cLp6n2NeO2lB+(wi3oF?^qmXZW(VI<%fUx}*~ZIk7$=~ z1~ZI8e&fsHq1wjl_ah&ad&IzhoMAd0lYI>U<)+=gUK2B&=KH)q9#+{ViR)|+y#>n! zNgFnx@X@*{*OGJ3S^YgPfo&L;rZisyBM7+_m)U%qIrDW-fXc+fh4npA>$`-9If)Am zBqw#6B#ES0?Q^k59jTyw78GobQnL|)l1V$>Mb1-TY1V!?PQ6V>nNMP<^Alr&cy6C@ zgY8u|a83Me67HzWzB7HD_%V7N&mUvEqprA5i59%VF`kv*rQlWaOaHL03MX?mJ^T7f z4Kb-%MW|o1XckVvj!69;H|VK<`<5Z?6My>>9yDZH{n!J2LL~C0DP;ZG5Q&%?Rd{Z-q25^aeRy)yvp)7Z2jMDwvNm3250cjrv`F<{FOWP;LAeR1@*y~s83nO zyY3~+{YW3&PxQ&z6f)e~*9Gf*pQFC{F?^2b_#XH5X1`*=(z`Cc?sM8z%?$R@8T0%L zm6U-`M2ZCP`{mKLPA5I7PHP^h0nct4>r9K>1BjqHv>)N9&E0M({eLBbjW(3|ViuJeKbor6{N>_I<@lsmNtH5T;?2NFWk7wwW(Sl*)PT8OefZ>2)0vvljWXA8Kg0) zpB9)r;zf@4;&6DC9LxLD(JWvrtN!*--ds3i5VS8^@ed5hO-sxc0XpnJs`$>@-0Wu5G+w7Ek1jPP{$6oG@WkB1uHvUP1D+=bf zNmt{&C-*Dj)P6SS!)C?ET^>$9+Bk3~49r2%Aoq7h@XcSEI+Dq+uxOax_Rk4TRQSK$ zSL1EOe>De0FVDgL5kK6K`3pUt+LsYhXbqegDGl?+8NWb2eXHVjv=n+^nf)*EkDo2n z5N9-Z-1k5ZwCXMI-R-CH`*5KQr3dcGDO~b4B}2Y9UXuA;n&Rf0iaOQ;=WPT$pWce81U^UPq?dm$|9-Gu>vVP zXp10cl0K#9=rFE@51L34d%7QpdViZEm!ABAi760FkXD$k_mP8tPWXUjeUHb1A3xO% z%vT~zAEUYsIruFA^Yf%2@>C5E4t_t$SX}Pqeo@X8XS@5>mcwkT_%uEsk!4TK{CE1l&%ZX)>5E`WN;nah&?&c?r%I_ z;~%{r)9-&FPf3n_lem0EvP7#;0Amh%2!} zwzSgk_;MQ!G=OolNtPL1<>&9q#0iUzzu#MqLrhF%l^syVxwm7v&=b=c@SA26cGrGN z#X%h5%jfs+?6SX6Iv9C@YlYjJD7^`9l%Lbj=I)QkBXiI)fYqdV;4Bw!3R7r$V&L0(GciKleNze>{N8zPauHMI}~}X1-DhmAeBqI#l!eaE=|oxd0}xk z{ci4=l5E;XDfll1k4ZcW`ROwm`>GoHl4R_w_TX{C;;gU)K@3*comnYl&OOzfkq>%~`NG_dn zA|^RvzqB^ZlgwEs#b-?-MT;{C#8^Fo)NPq0y{7GxgiSDT#9}eyV}oE$q>I=3fQ@%A zK=&>>c5f`0em&qi58SBYm=vXvMd7WKhr>OodWE&3m!G0nWApG4a{636%OQ+pUXs)i z&FR72Hp3*CP>JsQ&~gNWRLuw`sfKfR<^1Lg32>#t8#u?`d#$7$BQBo&_yv;x9&AA~ z2LvkP;=I1ER|emk`4%r5ld6%+-FQoj4Ji0PN*b9)F3_+Mj)01?1 zKX-^9AJV6k0Z!vH{OrCKcl>?pzIsbn6?RcswtQs!67d9Ktg?2~f^%yCnZOYOI_6$9 z55mREBr^iX7p;qA-@W3r9)8|}z(e`Dr@9#tCTW`~Bs?N3~?%}$|2?m*uc9sDnV;8(}zVRNO5R&640Fhf_UQkuL13@96L=t z=!a)Q>d(+jI9hUT$bp~uc;CiZb=w?4`IH6YugJrNrDY8Zd;hc(L!6TM4I3=`} zmR^@h>1%)4TH_ss@fi@ts!^YsbudoVtZnNZe+<@<@A=$a^ralj1A)fYeM0)cOX{08 zUjELJI8wpPEe=E=|I$710T=DkyyKVT&KA}_q%ai4N~8OpXBtr2za&O>QonzVsb`u{(){)n#AGM5oR@b$g!MuzOvCMiAvf^RX&P~%Fa_TD{U$OF z-SM@VEc`<-A~Qex$RR&kLvv)eFN?g!tBjW{0}XkCKkAiTCvvjj*XlwP&xK=t zY+yT#g8?uDUnqPd^{bry>{^>cHGi-#8T0k8XDeI!(a24fQiqw61|t&XAqNoJyNyIj zozTHX!QJ>lsHQXeJy%SxeqY2a>J`>YsDk*rd2+0M8mF&y5CY)^NKOGC8`{ApN_4I*T=nKt zm=(S>-=uSI!N`U90_zStgoL_2U*!Ipx_Vgc2US1qu7|knEgDgGLfWk1O!#Wv`|D4d z9%q8wSj+-Suir$UTPqamAcZ6>?63NS4PWQW5)yCJVelO1%cW?>v2M<7Q%Rc5oFmSs zA+f6`?1~Ag^njf5XE@det1YmJ-EQAQQunr`oF)DgxOXl&)tTetuhQaCSU2RIaa?ms z21<7J2uQdz%lCa9ClCYBiu1(8RFh%;oAyf=Ot;)deJ33_WH0r_;JjCU1ZW`5(UV@M z4PWhRcRaB}#NxV0-aWlOocE2jfoeC8p&w2coHD8%p|T8lRHr5q9^r+q*uxzFAtB?B z$@{ijb}$XQgo<;$j#wyuzaLq|czi5|r+@=wk3OqIAfNDZ%i%%_!1C_F!p3~Lo_#(z zmhtz%`+)@zpiPR#7j9VV{l&3N3F`Hh=GvNTTLN!0=M`u$Z>w+06^|zi9VPzZyS}7; z{EjN@3mo>{=YG4^cZougKghib9}C>fS|l#x8=T+E?x<>9@GU~{B^CxOOZHj3NCvMP z3Exu{bL*NYTeDC2FQjWs*L7oY*rTq9{9be+@Lw7J6cyvr1E;6(Q#9cww<*sO*84T; z7(PVR{4D)=J%ouZb)BsplFGQ8o%syL9f>o4_a&(3m5|{3ptI0qa1-8x8N<;Q2D>Ta7p8$H;b$gT_+piufXL^t8 z`RV>{hu4UvJ1eaAi1JO|^R}ZGWfxhAVkwnM_(@&qFV&Ve4s(4EGzWop&@}P=H?*Id zIfx!EJCdBd9>4|O=-YET!0^uV%n52O3@mh_5XMGGhc5f{Cql9!R3|A3)l4MxOwe9z zDz$rW`iM`5-FTcwk|#XH`Y3uYd(e%o6cx zo*w~iY}^@@)%Z}1=`_YvuUB{MEIvl@(!fd6a5MbQ4!yr^bVD?E-NUUZ#+V`s{*e|Z zW@JKjg|1g?-@g2nWdzd-g))#a#iCzGjdjS-)PbF=D7c>U(f2c&yjB#C#J*P8??zPd zsM5W~r!iIRKa#F%OHpl${*oktM~NaqGRm7MC`p3kukT6q9d%Dv84zKI6=ranX?n?k zl(o01@AZ2lckA$2yyHHtb(kPmYAIfhr+uy3^&HXq>}RfuFFmd%Iu)<))E!Q=@p9tj zYrf|XBTfg=0oCA3nRaZA?^Z4k25f!HV4p)D;`#G<-M*uieaTLTNN_`OUC6fx!MWSU z0D2psU$B3=J*b4ed5~sK^0k`C%j+Nk-qWWWDL=Gk<@%NnY5fe((uOauF-OAQIF%J8~SEi>|a^^m_b6DN^L_w@@E@si{wd$1_EpQpCXF~mv`PM1gq5JY?X!g_9$9aUKkTL8J9SV_ zD4&yhL82tUDII+>uxUU+3BPcfUO+=>NbF&q<_Tt#8v_an+!n zemVuM{YUHdC8>Fa)GWXn-4qgjOgD)-e6&?RqMVz%MS&d$REhIP0Tw9)sE|A##0rHP z>!kZ|i2NOI;e)JUh1e~MbroAMODr^>_?!GRuKNa$AMl+!Nq!jR_alpN09bnE51FA; z_Vz=qJPyM{F#8o30y-~L-RJS{LFqoZ>}z)p6TTFn51mA|2evbz@Mz22u|N5K_)fD_ z+1Of2+m&>^5=HNg`o8y-@;l$TM_%m9@qS5~oudzW3{6O+QpdP|xn=M;)!85x(UvA+2}|kew2=GrIgYjCxR5Ht$R<)$TtG1b-8woJ>yjw{SnrHxj_J!BmcN%(h z=hk5ewm66OBozM5az8#T56!`AshRgbsd4g8TgP9LF1RMkwU<{*#(yE6rJ zm7we|9im{&NZU1q40?7vg|omP(R=uvh*A%n!GXe3`aR$8Ei5tK=7HRY(|V%Hl8FS7 z+N2CaY|I@O+}rH{yPt1$XT#~E@a0Q*F!?F#3ZNyW08xmtMd}awm=y3rEo@J%4B*(& z?wgxm!!C4Lp=Ned}$JdXQ7+*7X4X-xfNn>W9tR21Yo6I&VnIHs@1d%#?7JmO%3Ur=?^>(>EeCOZm4O)usF4bX6#xqR zrR=j}GTGl*Io`Uui%*&p+aP^cP6x9CH1NsDD|j6!g=t&x+Sg-Sjja)mTm9ZsdK{{x z6A&}Mu+`4A0h87~GZ6dWb5#pN$sQHs{ZRL6nLyi)R4P9CgWC_D-Nr+dI^@hvDynA(o%TzF*gEhczgNn`$+L zl2|b->zhi7VtL*clg|dOb=u>5ksm}qzkvf`8hI@mmMF-DeOzb`q8E7o4-jg!%J|#n ze=Yu_W3yTaJ_(NV$CvwQ>yyFxl*)=sqMbSr5mW(h6Pyr)rg2=x_#u7!r9OsaN)(G| zlcEtGz1Exqq;Eo(WC`e_=2X-XnH`bwJm5D(Fe%(QbC^DPDLHBnXp#=eHQIhLH(e%} zj>h)zT?pzv64;u7U8GBb?Heq4xK{h+>TW+3agG3HCYwO|B+`s;Yuj!USMyQNoc!}N z^kO=HYS|BQ=~{=GfJZ z3lo%DnJ?w-cil%|YjprnY!^HJaJ}()9k>m!u|Fx^m>`MRT_#tl)&#}6{%FX1DCQ1K zCjRah!h%CNM<3sNssO;X(-N)ZY*!B}if~Vj^J>N8EI8EQ2$UXLSf z*q1$;eE9|Q$^`7gjC%M;d(*@7rjdye?OdlsgFYQLS@M?QQ<}WsiCwJgw9DGoJDLAuk;v{cQ&7#>9huRRIq(+Y^u!xcYDmGf?Em;;0b9)IaEH zHKuGyY!h7czP1H^o*f9lfA#T`L#HkJuesXJVZ;P`>Ms=5 zuft+LM2uGW{zq4q<%UemKj$lrw%d_>f~XFf$m~JOqExBs`v3{77Se;wSdW-$uKJ!w z%CT9?$5ra~73w67Z)k^8vEcr!_%%Km^4s*qkfMJ_+ZGWqscn9e-;o1i^F{>z??(VO zCcYpk1ttSuw9PPA2}M;i)PR}cex3ID16xhN^nXa=lsbHq=hx_S9P(+!qG*WliT+d^ zB2;Ddr*!3r$I8IV0&>(Cq>6;lMhL$729ACXtlS=+YL0!YnVB>aSJ;(B{nIwCr!8PYW zBnrthc+U*?_(K71LZzE-y*>wToU-$mYTN56$ZG_1dkxH;ceS5fG1zu6nrwBN^r zbMxcebKh}4#=BZs&NwRhDe!E#xW62n+fQP`L$`0+dqF^v&s7R3e+U_@=-t2Id)rRq zyLt3y*m*wrO-iW4E=#-5&7BKWAO%x4W-Y3hc7O2FJ_Glm!q?>?m*gTT@9)|&E?SBR z`J8USn_Inl@LuE3vpJ|A-Z$^G&(VzoYeN(hMc!Imc%hDuK~GM1w5t0{+1cFWfyEi( zna2ta&*8OSQ?413yw8`rwCwk!=C7d#37U`af~OQY$%>BEMDS%&Z8S6x(>+U(yy$NB z*fjS&QMrGUlW}F>SgPj|tWaHbQ}=y`^obt|R9M2{ny^1t;VmTCQkxR>c+jpT<$jLb$@l+8Ip$zw9r=n{r%urN6+6TRTuFZCB&ACt~k8=wAz#O$GY& z#PrRDh%QIzc0QFs=e&qpC0nVj0L)))C~etx_hKI`WpQ^`Sv~J|@a)7xUMf5(YaIbx zsM?D$aa|k`9S$nxj7h~`2ms47{#=JKk>4mi*0!B~cjTr3MO!>UphIzGXd-=;=>-E( zxV?@RkvzkFGk)=`WQ!@ht$6FZr!w4#&_(I#zd|Q|Lt$1(?-Vu64;S2&4$j;i=qhLM zQ?bzP=nUvxE5zS>N_?Df8*d(E?424zA#TPJ>?6!sjC~3eLU^#@r-I`0XJGv3Z_20> zuzfEAfOC$nrz^(^0l`0m-R407-)N~E9%Zg)BcV5gqu#@aMqc!gE4I-QfZE{-2^LQRlrnmoSQV9GBY`|;M-OGks+PzhQ`Z&k+4~tZ$bh!&{wpV z1UVmto3c67@{{)7VB*bi>Ul3*v&)-cGv)d5DJg%eT)qaTvnO4@`CXD#OwncO-7jW< zX-kg$Wb z-?@rKU+F(YB~4AiFS#XMjW95>I^l#)Ld2Xr%`wh9@=A(PC zt2&J3+CA~!S65bx_|T(#AK6#gXeSLFxhsbkell6-Dv91hqv37c@eq+}-hK}}LG&|y zi;q2Ls?&aY*Ww1PjCkJ<4k2|OsW2vQ7rs`Up72>gbwtWLH@;we51A&&>X5&;MG}j@ zVl#J3zEC;%;dRnYX_45+8}wY=mXlHA^j4l}Z;jY)WcJZySdosh z&LHJ+{rYv{5vc~;6sp;!KB1s_l~J#QodK*zARvPS{nwxC$AjyjtsPAy3>kD7(;VbBr5nJXjtG*4Q;yUy+3^VrfIoebABLQJ!t*LZCy^_=iu=#TAx!{{RV zA+3krx9oKlql#e%FVGx%ZGZhq&d91N0?LH`%?D3nt%qy#()$_?_xvF=``V+Vp0vQeM8z!iiXE7P!p6*h|YF9W|e^v>XUw}X( zLn#8f8OK6cS)ndFh3g|1=D6^=y^GNr5wC{4MsZnf=`?kb&qVvMJwW%+f4|S+_vpDa zHcgOxz>fV=)N?9s5wol~`aFI2x#W#N-WJE?-sX?nL5^Od)tKMg<9MJ-;`ou~6}TK} zuOr^?A<3xqwTGIc!HCz>VnJ2SzQ}XFABgokryH>OgNwr6pb>O>`5LTY@BkQe5A-c` zb&KW1X?8lWK<-mcgA9gw4M4-3P>a6Z89SwpNF9|sS$TID!i75ih@rMrQNIf`aKKb( zp1{%>_ak^;T{6-`3)mWJwjo%tZGVE`j+*_ky+VNih3k8P1dCmc@nuIUgS2H9ynwuESpavlqjAJ#RH_5rpKLh6 zhVJzEEcE59%8J>i)blIBQnIQZ-M4GrD%gYA&4slwR{I*@bLT(!V#=E)#pG>Nxpa(#LQn9T6i;4|KY1vLJOsYX=5b+!w4Enr*V%u=%ssc*)D4P7j2c*XO z>Nvl>s}J=)yyhTqqYPP+khwR~6-+1(IZ?I@t z?bjKF6Ofy58u&3Skz8JKncuPqiCXTe+FX3}T}DGOp-mkPi3NMoQ!aDP_v#0)lEt^- z*6*qUk@?xL36KAuei}Osz+-x>-XRPVp8o5qJ2l9ZFkViGM!nd8?A8NRR@RKQBp*gU z!9}!xZ2Mz3F1w2qAx>`2bf02wf{U)Y$cbatR9pQN*t%=_-0Nwm`zDo6XdXK9NmEQe zo8O21B&N?rLWCm_FEo1{SCj>%G7axEcLbb30ue0#R$?rE4U)&)Y$dPDkkXFmP*5$RvAJkjbM< zWM0Hl&|m-q8{mJ)fX(X|-IwFrmqae2O6 zUNPo_$aW|HJP&d@@wik3%(3ZE~-(FXAK#%Eu zU+tl8>WwI8GTTf3i}f>7F5*p5{BcSdgYp>t0hsZAGR`xs>G;0oQZ)~VGK7=0UWf3l zT+iR2S5%5uCNAFt?YgJ7w_KY5{MK8dZD3O;9w^!#z5ipsd)H(SW7PaLjvBxV)F zYVK_WFyZ8y*iqW);rBS9?6Ez&}j5#Xn;G>FjV+ zsUu=kg$ctdjDqS70qH6i zPoJWrZPc6NuIc7l(S7!nwUwFX6jn87sb*z?>@v9MR~H)~TRg z&w~l2#QsO&&7AxplH4~jRl(b?`{oE?K12ZuwC~)jpji+Z9ivs-2!x|xhN{MPc_^HD zIKl&iFkvfvyy&tHLwLOB{xNwveNwG%j2xZJshUlu*nPGh0W*jCvrkb+e^HCN+!%Ov z;`WLQlCaLQ{ghs|ZE9IE*ZR-=DRrpK_)xe%>lcW&J#J%skNi(4 z?+fg8^q`7{U&`_IW(jMR>TsMdanZio0GvHx(1p(){?gLE`wj00#JK!pb2%NQw_$M* zPl(JOAvsFe=ND*^Kj+7P=t$gY27>;mS&5JOKjY#UQi0ov^jj#fG5OfUe$gb(T>mT% z0)(k*!wv$R*b2IGNn?(I*WJpvbsy)ATo(S^!qCV@gt+S2g&5@`diLi_nb5#8b7+jh zcqU}N_5#}-k-_DIB#$dj=3$!KOaB)PL}SbgoI^EFPJt5z>yq;1pSs(VKfrW&(Zh(6 z9*>i&+D3ODphem=&3=1lV>_h!-;Q9>SKsWfbp`Yyomumir_plo#(gSZo8LtrPP=aC zq1v>YO}}e_C67vZ(5`Avob2$#7+?W=U%B#SuJRijI^L>qDblb0hE$%0DHjVx%9IiQ zcSBiQ3vTQN^ogQ-J*0ebGSV3hXa*sE``RbLP-cn(M-K4=ZWBg~utyQ-B1|%;QM9N= z@ZxGoN3Hl<^kSZG2l|`L!Tg~3ANI^4PABlv;jFn`pL*0b>@-K_=^<&vdvn(mer{Iq zG;P>-m~($^w5G%1RThfJh&(L4Rp{5DXB&eQ4>Q)5CGM4%_jvmS$OunTwyMV?vX6Hf zTJ(&o1G3Isqs_a^@3Xuoivy!LAuN6C$*ppb81=s+Q*{;?2j4r!%w!=Qb= zm^HfWaWBDr=HDxqzKXteCY#hd*I^QZC@@-%Lv0ZV|<-x#wBH^sfux`ePjp**nj3<7ESvF(Jl8@#`cHlsv~x%>TKtz}++(_2F(E zsa|^Dg0P+eb~-S_^~X5}=uUhl2tQ!G(Ph6_INMkWevtqf8v%8*edJgc01aNx>Id4` z*Y*~HhOI&5fAxsqy-J6xS^_Sjl>=zXD^(p&6;y3<=v;^*nv&05^j{J5aS2HEPN4YY ztFFpVtaF|RrE_(J)cke79Ss9*`7OO3GAL^f3|1Ae?9u1NW{g20Y_|e8N=Yh0*Y?ERgbX%`4mEMa7U<~2E z#r?-Ux|6V%Q;c&E1%ws$ABFb>WCZ|cf+=cu0$(XKw8;E^iEx(JvC}>Urb_Xa7}Z z!+wKoMT6BY8#5>WEPilGzwZ&~nI{wuUmYLNt=hZD;T;PBh-u|t-uc*s{axq+Ec^f?ZASzS6{$eSkF2$4b7{`w7ut&(^bkA9*kuz1$8E z{rN!j_An*HW5360bx>ZvY|XYPi=n0xM%klRr7-D;ShrT0NGZc*q}l^9g)=S4OgH0j zIW*V(q>>xqcg7g_9X8*~z|$H{DH_!ft-O36Z4@U%twzJ$d%pmez5T#Fp(<~4q2snd zDJgNE%yXhi7~o0#?0IDc1WsWMpb`$z zN9I-yrl78$75e#Kul&92hRa=8qJ}kN_p&3mg@j&(#XC(^FI~a=wOf3h`ikFi34rZ* z4(GEErh5yQ#x%%sWpThl!m0Rad0J0G2|awP=R~{N-o*Q70zDW!Zk-o^?=#~}3G;P& zqanzs1^$H1*Pnm2_5$*@BbM%((h0~Q-M#JxfXJW}L9g;j*>oelITD)s?e0`47#EWx zwXVA+q+9R#uxRDq89RjlXl>{xw_cd&2IRUkx|sOX$)jNd{-ao-e9@)Dt5s7%QN(5I zNPn9}8NEJGp;hf_aH>Ex6gO=3;{Yvr3QNK>c$}BvA~jodf58^&lB{(Kf{k}k?ys0R zlVI@Oz03NQKYS=SUNEakPo1M0}-$Y)14`{UKy;f%Bd&g;Ik4?$6+D@bE*W*#`S z`D+vz)eLA`r|T5bPadzl>B8aO(UE)BxdVv@?$8^Rwuf;}mkW(uq)lI4zE^)nB{^jK zecR(~xH)?_n&?#U&Vrhn@5|v^XI$c*rE9`=kiQ)Z9g=;Ik%PxmZm~SWz;&9pgB2dp zU(vaIQXA$7LCZieL3V=HB!Hs)VzemsRio2A1^d%mFsh+T$L82ads1;S9g@!GrIP@z zjH9{~dbNQJ>LY*(z`o{^wmCZW(d7>De$q_R$2l;FOz6e8sQ=UII}B}($V(wsv4Ja@ z_Vz`gond+hjk5P8oc$uNcM`vV>jMWpE+XRYdGvL3^}lP~Us4wi?06~{D$j5S9*TvY zAgNvfWoThJD$e7v>bLv%`kkYepXQOprM2somCm`NEqeT+_EW1RYGu8*_cM_We8WL_ zEN72zRP%f=7xc7b&4;)7#L>$73g7+(5KZzc=kGBJ>^$WTiU(oQ-!r_wQQ$5P>$L;9 zRCP|#iEAI z`4e=@LiJTyrsqfUIS%i%gfMrxRhQZMh`|k`RypTwbtv+L-sVSJwv^}t`V-=x#oa$qtID$HfRe9qkSoDd463+XUFSgg`n7Q)IIbS*hjQrGJ7*Ua>H0kL-ecCr(?KY=@{dy6AW(HzU43l! zO^BX%Fui4tL>Bd?DHq2r3nyGD{`hs?{Phcf{4Zdf^-hVoZvIpjXyNU2zn3PtN+KZ{ z?0&!YxI3=C@2vO=#34;-01-^6R9L*Suov&{<9WS92e;Fubp`m0_kRpkaYg)`+2CwT zx9l%&GMsA3OaBXxB?Dn3?P=QFz`9VAGAxC{wf?o0oFBfZ$!*I^(PFfG1nJUXT>VJW z9vtNjmy2BqqqnlVd5WfU2&pY~l~KLDML@SP@V|U8>=(K4a}CE6q}{6(+5B{vp()!*cnNe)^oy$CAP;dfYsMhO6FiOsK{M2Ql+NnpPBn-vtc*zgcpTkCRw8nEN z-J;sPc*3ujJ4t)Yd*6p`UhWb<%jfki5z0HU<|dZAngL(7<4wqGJ;k7mh&_NvfT3A` zPb2)Tx}OXBHRQ(1;v{>hOo$1PE0w1&Y$XC+>K=4xYW*GoP{_g~F1qtV$ZvHd>(FOeT-?yEV+aQXWK8_SUTk(B0PDk`sg$sp@}d^d$E^4neKA7 z_Jsuvq}QAo&(IMbeX&9{E+gv=o)*H)x+wE$jL!Fx$ zAiCaC`|i|ag#6qGAw)mYk6LT)U3h%C+X~$6_1K9|{((~2l-ccxHLCl6_hmeso-Kx? zo)EWkFUjKrEUC*p2i_d--w+wVNr)5p1*hcz-P;81UqvmYADm~9M-wM9CF805@ejBW z?Q6XzeP2vdtC{u`{P5zX17lb^%}{lFelUYNCL;#9639p-kD3J!!t8s*jk+opAX(e5 zy*%cFyO_o44}S3ct6hjFeAnn^9%`cgeBz9aZ8~`!mTI_bE)_u?>U!aS4V=$Vk`b+q zVgsmH<71p;0*Eb%PL(cb-Q|7GvJa{`if%={80)Kn>kl=Hz1}7`>K85-=?#8Ib?m_e z2{4`GLDgT}OEK>=X-~IPp|gPQgaqK&Fa}TecjM=XQH$@se;}ME>~_a_3MXYxVp}*x zo(ojvm19QFQ5W+sx!c$H{;d7>?b=FYxtqU^uBMNfDT!ypUQYF4n@$AX!w<%qVK3e* zcu{BH?(|h&g6y_JA@O=cadV9wK_hN;32Uj|7M~Ib4JYbP7Loq=J*!=_;GG0wOmNh` z{^JZ;siMoPLIw#K1oic>$8(U+Uby>rU-my110F`*-mFitGL9u1_@cq33WSTMsd3_p z&@@?!w3Nrk0b)J-ibXrn#l?FYI1s?L^mK*UwP{a@jN%U-K0Te}_p__#p+YCGMaO-d zo!s|I>6OdRgG?^=cY`nVXtrZbY23r|{9RHBMRNg^_DMIrXnv*a*M&2UH^FWK@p*cx z?otY~gPD_wQfP-%FFMok3IEs{V7k* zp!Sa4`?Ik42MMS`nJc7vw%q2zCVM~I^ZQd4(3Qk-wU?`0;-_Ww=7GMAIbxRBuF>L@ zbkTVBL?Xpo(mOZCaOpxF!p(|^v+1$Mt}-MPpkgyBELEbDF+7e}XLA5C(Nc7Wh4HM> zk5jzYNKJ-%^|BhS89X2&($YAOYaMrN@-%**L!e^8(|%8fkhb5 ztJv3*J>&0!C{K5Il|q)0;f{#-=Hg&mmm}auo5iPYb^GI*Sb`#Rk9sjb1+nZ`k`d(i zyVril^%;ft^Ghv=Gi>=3&HME4SLJ>^ULxSKPLt(c5Wpx$DFlKe*8m(f_>i;-J!Bul zPX?`y9?m5f7MQ){HPM0MwMQ&7-1F`O??SALI0UE2u#{v z;+D#VtM@F@;k^eTN*KWuN_}}vTCcOoJuZga<{l67+ZTopuVr6Fr_f|_sPKI=$8xXy z?Y-?6x93y!1iT>hZBPAScwiXeQR{OQAY^xGd4loZ*P@zZj97wWz!t*OyIiesJmKU1 z2u)oTI-Pq!un*v+iOt60lNbCGkFMtcQ5M6T-cD9lEJr}xBthV>LC(JVQy;t^y>(6uzdBHCJW~8bsArQf?cZ4k zC&Pwe`|We$a2CvT4a7a8)}LhyM0{$lnkK#?OQP8DooO9QeIGIO7RM)L_nL7IA=v`U zZc(o5gDgSD_qz`|-S1H{12%5zDRC38?DyxvHFJ|Gdvey?4M$cB5t9{8 z;gKDfqN<@(8x?-hmPGhexV=- z|E-TOgMU^|mzYxB6SE%1*XvD^k0vC!D?j1&H?Exfa&aGj3UUqKH_r0H^n?b4cdwQO z4xg78tKtj=cpYWI6WRnEvr_%u)#EhL^UI}~g|@Yn;n)y84C^!8E?g;aICUF2wgNM`n#_vmSxnj@K-S`@> zXS@F03p#EFcbVT%3#n&frcL2Q2CXdff(`U zG+N#!@XsV(A`0YRB+{>}Vn5W^HivTn*(ofxhb$!|TBDp-THmAwhxthHrG?*1*DTcs zl`$Whv8vF)*Q5Lek0!T`51Unq3M zeMOOA!p~a_jb)UN;8gv#`8yxY-f{D=Vj#O{md~p7nr>QLPh91r_)z=KUpsSsvMEw= z?Oj@Zd{CeTJ{C8h#Cg`_4dPo_j9ISm96nB|4b6Oue5LQE#{oV+nv~B>Y?C+fzts#- zq-PP5Ua)uzA@NNYhqbJnr-nw*Zj62(fSic-Jo&osWuOp0=A0@rjT+r2e{_@Zr=K5T z5TCi-B|(`)^L*NmwN>L$X+gv(*wo#=720L*39!k0B-SR2&()>to`Z6<(T8rD>T>=8 zsNTgrY~oXmHlkYA_$wgc0AYL~lqPuBK!#G?J^`!fBV=qS*AmgR9o<2`V=CS!=sly{ zc**Il%&wqk@)Q8h{>#BZ3Fr_08ID_z&3M!oPwlhQi|_+AiEj4!r0s~V`tkt& z&Ho|J!gu)iKXVN}hhh3@kmh!$4;OBf1%p80mZR1*RYSEV5R|Uea}s_$v+Jrmeo`MRqM`-b28&dWbO^ zX0H=6_5fI`KRbw~dRessc=QVf8(xWNtT3mS`q0{+z1=#jJ6a0n%--4Yt)Fd@LmETR3JZxI z*9=bdp9fW7eRXl>35;^p{GEU-4#Zz|-G|Wpis%@qg!eJ$739t4U3PohFVuCm9^%Ss zYk%_GZ}2;BA+?4_=6Ana_t%(x01iphGY^C0AxKRj-ml*+1awh@Dvb;6rByKG!ws~f z^5~4`RoNq70%}#EIUx2j^0ph{c*pvvc3s(IejGAma(BTOA&6ZvG43xD`5YQHhhGh$=!_j$Bc_oKikC7iu>vwugeVjskdwIB>ZC@rdkWMEfk8_F# zIjqcqFqReLw|;-cow1~yPYQ7mUwmZLO(ZpVqYQa@91J9cp%ix{4>{>$!ibxZr_*~Q z`W5|C%uq#>4UfqAh^Z<*O@jb#tr))#as!9s%EFxMvjTN%%MJl$lqbv*7YRTO?ka9E zQ+x=ug@8BFKq7Vzp0hBiMPfY@T$d@2W-#ox#$SjPPszeuAL~6urKh=TdVXIa=|pMl zARX_oNS$0y;7XozlgD1#x!?&gbu8vysBOng9sl)fZYPD!p?{&jC zq0gOuxFUwoZa@071?>t;kOK3CV8O<2)g_fmREq6dJIM5}reOMHdj3^w`0;dqtiXYrW4C`DjfdD*cjS`-EGfwIvje^#(rm=Ng;bMh|NYr*J>QaZ+~BM;3n`|yk4!r38XqlS;I zW%?zd~}W|yFT1=nl{Z^3wS`k?SHRs%nKC#rPja3)gu3#jMI zW+u-uVjpq@knO3n>l`F06x-moWKvdJRB=kxFo(7FrBpV|=}&O4(tlUqc*P`DLQr>o z|6Bv-EMPF0F`)aUNvRE>75@2+(#8}a!GJ?fm3%*@OPx|;fktIEtnk_q;a|TSN5iaz ztmAUfc0G1QYMT&n5B!#9#?{8t&tCY58@6J(bwk=e+wxBDE<{dWxDc;X;4lShICi>S zeo?rohu-e4d3j?*;tw;FLT|}AkNZX1*N?|ukF*!)r5#uM`%Sw$bTRPUEf2Yj@RQ)J zFU1#F#^Zja55G2dh>rq=^K7h%7fvU>MA=Nw?Dw&H z`gA%x)e0>^9BD50eSb7OF_{fcdv2u#|K&E0pWPXv>pUWkAo`}-*M=$Gs;MEXe&VY^ z#~!GWSV&M@yJ02UiD?Sha`y*BILq$|AgnWTTp_Jn!|<}|b~zoK?G}h5Y9h0hsrW4gJ}0QPK3R??I@ur;M)oZph11Uk>K4$Xz923LJ;QqoIaab%#eJ{ zTa%_Z;_a9MF!qA8PxCWp29LW8!v$PV*xK1ohy@9|iOPBXjU#aJ5nWXt3g3(ocJl>Pze9qE|8j$WL@RT2$?6<)J|O|$FIDhf^5 z<|C_H^s8fG0O82~L_*!tvn*ZbCs{6yM7rgi+w#6?2e zAw1dR?GM@ugKzon?vY0fyIG%Hoj4L-HXH|u$K&&{%ExiE=itu6o~tLnl~>5UvED)w zz&5hI7U%QB;&`3Sj3N&&+v<|AN}x`*-AJ!lakcb*jeJfj6^`AWPEB`{&Q?2gO_IuxkYg5V7;<-ZXZ5S^j~+$wGDd z72ZEh{HL9kb42K$#F#?0NZfu-guOPQIc{;&uMjZ1N`%s}7Q2SOuiBe&q6Lfl1YR`$ z(;tTz4qlM`v2ShJEJx=$vtiS|!tgXAcos0^Y#-Hl<%7oS`A@yq4mFPSRpERcqEyA6 zL`yeiSY`c6rgwPQ|C;?)QU#G(KhjLn`B@t?6F;1Y+B&bcq5U;o-A^(2_wdkU`V36R zbJRPUEWng#vQH~s^8it5A_WigWs+doM%3#Fp0oZ#g;B7OKhgp8i6^Jh5SBg9o#_xF;vhT^sR_?j7e%>C!W;2-6pOW0&^37Y`qksGf7ryhOlG@<<8m?zoJq&bja> zkRm=_98p67^hsl0=&&nlV`;h%ojelG;+gao-r?_Dz?tPC_9OkxTAoamYm{_GGk#C(#Y(Jlw>A;3bLEv& zm#kh>a5DtQ4z&S`SBK6D!o5T+42zN|wFG7zgoywGhJo4h9vWTdo;8Yg6;5`;^u7Sa zlgE2L)7MA|jdgw>`S49>85UH9E^HFi2dz$62D#t9{eq-d24Vy2aP8O%!-j^fA16IK z7-v*Oj%XFYVcE(&elkWcIi6j-N4+?0U5KoAH3Z{EQ%oCz9@0Ah^=jParQn-GkMeK7 z`xP8@DRVBHA%>Q!-!Ddu((cm$5Y0XU43RK<1>O&Q6#hQJD%;|KNy~T-@Z~|p^!NQ5 z#?4XdjLU0g&yP7sw zZ{*+O4+NOgZUFf@(u3#O<`%C{o8u({LvL(VBv5bRH(uK!jzq8hk>1Y=3>3cM15v>J z4{T8>K_$0ccSyu~59dxRyLZ5d(jFcS6J*^sU#|0I5>F@4t10Dg+NKxU!x?dQ) z5~BHgD`U|5_pzV>c-YREKZ476A06^%y=WVYOY@7Ov(JgZGxDuZGMiwi%&A!I{)YC| zWv=}GA&U?C>8Y(HG}AN7^WbSYpJ` z!oN5t_&slaG>R{1`=-1yN_O)?*pZxu{245dJt-%Xl-lKb6)OYQbCsFx;}?TC*DE-V zNA5gKJn!Vv_)`yxU#2&*l9?9`6h7=ztSBk>nj4XyyFh2saU@DKu-?xaWa6Ov8prS5 zSeVQ`O0eBI-25CfMWJfQoa1J))gIn_3H|BV?P@&us(WnvlBsHgH_tvqREQ0QU4~;< z52+8HiMfEBtHVZYB@D&<3rPKKr=2G0Qhi9abhsxCbKY}VF$fqFSfuXlCh$Z|>JBup zUIG)6os=sHx1)*XHNG%8h&ktUui7P z88gySyIy7zCO_a0{{^d%+dZ~Ty>5_I%u_4p$w-jKEL;Y5+L z=p;u}>!Rg&V>D|)N_@IJ>XeNg?=9 zF*=JHe!$X#P2ip&X|d=O0&Hlu^K9L>roG(#{zQ&9C7~~N57nh=KFIeb8=kOPZo;#h z1Qf|Vrt3}F!*Mt@cUcanTYSi~xdFmHvLzh|%qb28qx_MdHbG$P6N1~E8(89K{0oS_ zbIk|<{UF|S(!u{+&m@GYPZY#xgp!;c=djK=_)y+xct1hDgU4S_m0cVC1p|yqqYtXM z#{nL_$ho2p_XO(IH-w5*a%NJvo(WcQ0tgu3nfu&Zt^ZR{E?Bepo*w7|BUd>gZBU0N zt25R4T_$MgsGmC#Nxp8ZpNB(smw2hxY(A|F`MA|g-#)%q>J!l9Z5O&ni6oDiW^pB* zpwI7mqAO7ujVAGXxLX3^xSlD4tll5@z8weFRUP}%tl<~#K^csW)x0<>!R7QLoxr$d zx|6ToGCASx=Gw^hVY=h%oB;*pGrRJ4Y1cAJo)EA57Crom&UGajmsLBf_d!4KdmtHs zMOU4B=VyGPvp)CVhw<7k+P6M*>OgA7Blw`tzOU5XZBDjIg_*=~MjR^qao83S^HtEl zJp8Hx!nQN6)-*Z^lhHCGo9kayT37~&Anf#umOW0w4`PF#=)~{jyUd^k-E;AwJ^9mG zLhkO>sgig<%8?<>@HVDF;(RMxX)wSW26!*iqpM`ZTjcL|WBREQS_55SZ7PJhNYIp7@1#3FDbhMpEZLB}^Q2AgH-T@nJ#^&*j9qg!~cS z#jrK0Wi` zk?a$n(74+BG#pXP(;%+`EOoy7baR=1JD}&T+`WlPvIi7P5q=5g@haPPFwo@m!R0y* zunx!SEF_CQ+Fs4b@SH?uM*e2nbJj8{TDUjzmS+$Ues^oXB2zKR@=vKh8cC@+c6hyu zZJi|YrMk!vzQ5T$;uZ6QV|2y4t}KeNGSKXZvoN1A**ZU60tbyIm+Lr+XE-L!@7LtO z+JQ-;Zat&>1#i;a!QP_$|HzEILvmKBds|MLZ#q8@HI*P94-O z{dG$wbLhvidxh58gR{hmZGjT<)L9K?SOqO-1+!0x>gkaF`Gbg${d;9YfAK))@V|kk zaiUi-@*!;CEes8y{<=!j?WUG=%Xy?cqg_%6e++p{tkv`^&8sO(&@cGp@?#k?+Vvo6 z5%k!=3~<_zwA`ZrcOlDYO~LfJYjk;Mc%Tf6?L)-cz|)g#1SHz!#cc#@5Cr>4JxR-n zWk5ft;V&uF*Ew%FK8KMpSS)?}a7U;j?wwtNtOP^F#FAJ;n5x#P=X{)QA-)p+NKiv6 zc7WX6@wI$JFP+zwrFD3C?uiiI|_cdwW za*In&E#Y3F+(?)PrtVfzOGavn(wLV|Q)K&TIuHRO|g zi@#hVARM%&<-;sB!XEjz2fN&G{wd1utb#E5EX-I}+a@Z!Z8ZGTM+x0V*QDc1j;J|> zkZHW;KrxfGW1dziOshKfR%FlFPjh_lg=bUJgZy`yuAjv^4SNA|$h|i_m#~(6Z!?jO z5aYbpHY_zv9F1@EK7FjrVYsNe2;esT4ai!hPDF96Bq#z5c2nZp$0~p;*cAJ{?nww? zKYK8HAlu=y{wg#<7mx(QK%P{d&)33ZTO#AK5ni{K!d-#$pzJZnt{bBa!u023On*Z6 zIJDqO-Rl({oYWs*#tXAb-4}}pcw;!pH!qw!%xI4q>@B=>d*^YN6g3WtCo3QU&NknB61a1|}KWOH+#hgQM%WHC$8r6o)JK z6_V)BhEi=SRJPSRhfB3~MXJtFQto&yQ;q+$OG3Q*t6(S6u{Mh#kQ&J)@zortamB_V z4*Ky z@OZ-SgMPdHw)K>S-*~-08B8N1s1y_ILt{F3bM<>}r9MTn`M8OLz<^$D^8iB{c>_cY3pKw_1X?A8a;1G?o+gO%9enp zg60=#Fi?Cjrcom?05pL9`BA9~JM`a(jio%JG3oSdre2WDNMZ04{4uC`hzI+9C{+dx z=1D2~k)+u69!rjBFYU3L&cpUH@bPNU`BMZW@EYZhD3Z9N*d3gD@NU5bBj77~eXYW} z->kP_t_hmN(KGybA+*0DJ}IGt#vzH2ewnP#BZY-q$F=a(+q|gWx%(8Q)wHK?9G1%A zz0YWCFw1rvCZCv`euHZ-`G!-^|n~-+13Ui8z{d23NAK%>rQY1QneQJ-? z7c%Owz+djubk*CI`&{niT7!Qz>C!Lfi}*FyFF&sH6$)!k8R(YscwtYN7z#h zaDnch-F=uFVnLCoTV%MvP*(N=gGqf}Ps8K;8gjjH#7W*;FWDdKP*m_!ys|vflOskA zk=EZ5?s%XU8of$)NA!{a2J&j)IlWJLpts5AF{mciS>RHixpqlAseMZeW(fuG`Dv^sfIitAr-KK|uiUw@-ap#RdNi}Sl zci(+&_cY9~hmpH?m6q{qpD;G}Ya<^3=f>nJJ*l0PDZCEJ>qa%7_w={K?{8jcjnPd( zyKS!jqAz^;t)AH#Hk}#7303XY67!zoD`_jay4OfL(JalrwgjSbBwz1osT1 zefru_>c55gJm|f%=G_TS3Ar&;{EdKq7yKy@n8QZcd>AXPI&n93g7`iz2PPiX^L3~p zo?F~4%dU@`>bZKc1jGJ=P4ClpBXk$2ANvRbiuC>n`LE=eqnzBsubDhW*Kslw#c#cw z>@;P8ExbdrHsTwYl{&Y<^?Qu2o*GJR zJhMG+R~B)=aygTr<%wK(0mk_34&BB*&#}H0(-TR!6RWIrl~PaQt4Y@>IOy}^yP2zw zNeV~7?6}sek~eW0s_5Ko9_zC&y^Z)lG2rg1Q-DzJ$J_UHr-HF)=Aiy;t52uQnW}pF z_}#b58v$R_|TJzCqCynT+X1(8MUZj<=cp`RJiTzFK7M=`sYx^9p3r_BZvUW%&X zVLSj8%C&MB>45+c8mIkppXse?>~{ni*R=I_T@)Wp;#GdZ{kHz`yt{Y3LCu;CTfJPU z57Fq4UWHcPBqGE@lc zy`mYna?UW7v>29{n(y;@5n0KyyZNj6QE~G3MHR5k^3vwyL(4Ju3TwbNkB&UR{J!>Y z36Z+l=iSr+zn#v&eZ5mAvuxzf8)>5rJ|24-5tDpU$d{>)A2mJD*XP?fsZLFJqQXH9 z0W0{$qa4V_Bf7b;FYkpV8|3+W5b z;V2jclKEZx#-tJOI48mBOa7G+q>L$J)`AkbZD-}aO87Wi%((9yBMPuIbD1adk@sFy z@vS|e%;&zl=s;%c&4DQbg;PU!-3A(jd8m;J^RNf_~e{WC;-maKxSRJZaLSCxP zEO1Ru=q9^o4o5a!|x_1u<&`8 zKMPm2t_8#BeZaMTK1jCAeSX&2T7R>0@(Sl!Kl}{xYY)xGK1RpUiYV`)P#2H)4fxq5 zshS=B)J`I%H2DCbc|}X!yGlHwdh|)aVNU(P!=ViVfIMM=UK8BMg+0;{UnGW6$z$vf z+QPIw(>UAuJ`iY+sEI++9sUQ#5*VZXM~aqI)K-t8;vOZjE!7 z7QhVFFE+RZGsev!V+dUe&6)aH$$cj5d>Vw9$w4ne0P}x@5pi8+ojk%!p|qJ-el#v^#elD$4&aW&uzq_32H0M{9}F6 zh(`lI8wnN^=$QY-Cs-1nvjg#m6>FxI^M33FOO8AZ_z8WP@gD~IGx~c#xE8JdsjWvu zi^r>%D3o+b3@d*OXcf_jm><~(2hI^x%6m2+%G+cigpZ* zz+bJ;?e&`uG;#xH(fb`h)e_Ii#pm4pDr-=G^$xntvDAJ#P1tatC$A{pN2DJKoAByC zet;8Y`AB|i-#Pj-a5Vde596C2i3`kOyyMo##p60u$~#mJdikIRtvT0=aJr#3#As42 ziBJb2C2J377V{^Whi~-3T~1H;g}&=|Oeu#-)L%1XWw+no)TsC2iR2M^2#?L_-!B^V zgz?RvZd+M1;_)^7ZbWG3F%(?PhsV=SNIcz53i#(0TL085(k zXa6)yiU2s{-DHvT?16OM6Madrrq7R??%mi;UMf%t&D48f@n7FYAq6D_DI))S=&$eL z*HGQwDK7X;c7XiR2ck?=&S}UOXHPfhAwPk%LQGHJ0JO*9Ksu${*WzM7E=wrrk=)_~ zUbq*{gii3q+)nsJqnDUtNY{M8_!=OlJz)k*^o_J^_j<1$GqAGsORDsJseUrTp94Rd zLB}-q0$E42FYNoV$GEWcgSzPUk1cM4HW>q;e(LZwQgVdm_FTWNd8gO+l3utCO-wuy z9&W^z+1(zL6NlfBjE!43(*ga7i3=;0Wfvt0_9alN=7zUeD8(wIVj}I8+36+L53RZVw>+ethX646)vn;*Y9U^K^YN-qAJnV1e9~@d&b>lq+Ls6KD z@Pa_BT2oO_ZW4D;&cyH1!B)Qe%Pux?_xRY*SR83n`Eq*-8o4q9-_J6h9sgdS=g6;` z9`t)8&rTN`E1Ga@%;=6Nl1m-Itu6E{`iM9%Uo*y4^iRrY7r&_EzSF^wn$Ahcv)YMo5RTB_-#D zCzxqof5EVP!1V0GW>`Y%atVzn$y{*6G%J6pcgz+PS z=ZHHT#SgFF1_kn|s+Qtyx{ccHFvVxS%TjY7-5d``D_dZ*5R}Ws zs#J86+Uo~6YPbeN%Sqn-K?&64)A{b%t`Xe|CW1FT%yLeP&F zSQQZC7qK~Dzsj<1eEw`3Ro1{6wtJx!MHZgfFVW?`kNagMZz@BuW_^E)aEAF#UY{Wn z(2xx5S?U9eEiOBK&%(pfLAgm`A_wtWx+vCU&m(j+(2hNs$B}e!OyQZu{FRyRUfn* z9y&wU)|quVFnJL+gfLnijB&Ofh0iWioC?z4pIY5ZK&yaXx3R)*t9aE(_K7k&LS9aY zk5P-Mn18bDebT8PfYzVKjbcs|*|<*2d;15+(cC#WpH5MGC5V;7pjo*4@r^E`Se6^= zA(HuKc4stXBdfPRJ(MoAw7mSwHQkU>#E?N|apC1&=-vamXAD9_!AqeWI1qCph<|hY zdme71$j&$m@^N{f6V8yUq*M=SroL0UeZw~T#nYn08vBW)0L5w}_g$WAVVq937(H=~ z3h!xqK3a6q7W5%)4>f};73A>IhMVV^+mDTv0kW3hL?qgghKVSXaMW_Y{g5N^1(|uM zrsjLTT&&hzN2i@cuy+>H;9-{1J%{q`h88-N1?Ij|Ysgu3x69WjT7*CKj_Us`w!$Te z$s_#@FK0*qE0rvuDim~53)Q}h$D^n7K|>k*mVb5ngauMQ=MOC<{ZLNFOC7>WpU%+3 zIqKsJ-~^FWE@Ns0imKJe^{T5|tnZJ!$0yxw9IV}HI9}AL85g1@vv6bw)8Zh*zpj5Sp0FQ%($k8`ZmSP z0nUB_)hrC16m?STQ8N1`>vNPwPsJ7%I|$JmR|RIurp4TEBHjHanr4s-H0#^he0Fqx zaEIjUX5F0wdkvc;S$FD%r0%5ly|FEEZ8H()L@*a$T^=TVFYq-(LK*V8agpo0o>A~E z^gNmB6ht!S<-xoNxf~UK8P)PfF75kDDqr-#^}o0=bUY0!Y#Nde_T&vY zgeUaV_?}O_Kz;W2H^w^K7Yc3qagR*M6>m9((I>kTCxcqgd6gheIdZL@4|hyL61qbo z>mcptho$tw_Xt&1FJTs*Hz+x@7|>^!CE5_jQE@j1lo((91KfmPmOPwfSQPA)`0Mvx zImLrT_Y14{&~Cv#u$Yu@zPuk&AaP`Ue(tMfU4BCO2$1;|eOJ0vinZ+SyQ1s2xcK99 zz9+E!#Pg>6me37Y)gK*K!6i#B=z~ZP<^wf8D$K-Ye;u+8iUoZ`zwaYn>%F9QxNu; zgZ0wS@I1-UCa_RLb0;ce3ws#sTMzRF{2~D+F-=`8!R#^{z~1 zpz?6{V@%*_FPLy3b*IARs-a_BGft0*052FTkPyDj4KT#2q<%!Oddq8riD5t9Dvq~d z`|0U~d|@3q`bDz&V0+^ro}qT}xjjg4_e{YGim1^o^esezvNFPxQeAP0CO<{wxt2!Q zjUsbi?}MaXAsOIetP{jI9K4C_&2Bs7Oh_lUFAp~R)-)-Aa$|@d+Ddw06#- zB{}k?y3`vub~9^w`4JyL7Si7MB^Vv@Kj4dUwzqI?70!K$_mm9>L}g%XoFb4buDWQr zR`f!?fa0cRe27QV>r}Nwam5l~q3sLUy`fDpg<)X1hcMd1vwB)aw|@FChC@z;`)NRA zkD{!Fr@r^uiphrywrRg>S%lqf=*|Z2jN!b4+Tw2#-ExvR*n-lWaQ!}th4Pb&I=d4* zop_3XK8|2Lya0db%)Rgc@+yR!Nh$ORNWb zIAegmqwmr83XT}G@6R8X-?pR2wbq9C01u2wLP%2_V++vA`<4w|*U-26mrC8UEaY%h z$#mqAPeOa|hth(=xyXUlG?VNorMZVVb~3zbl@n+C`!zG=_l&>fHT^Pph>NuM^+?2@ z4{Sq{BZj? zwC|0{&qr*!KZf0OeEa8T|HN*X+Xukt1$F}Pz#XI=hCP7~*U-Y3YQaO%_QeTFz$+o4 z6Wh2j-w~k^jCyB6_tkU_apV+a#5ZLd!G%5ZYI#^RZki+CLS~RZdY5ovEq^CD%WY|2 zK7-)A20vi(-P70(U!Qrt%r-ZkBl#Q3yvGvz+MGfLhT$jP!&q*sk@)vjrMJID2?b)fR#SVqI$8Xcq7F12aqlza3-`m;SV@7AEN;jJ7` z)3N%9zz>|Ad)a&+V*9xKo`ikVv-{03C|X4uDs_03$EW}gBLNNEk66V6xAly%C#2T! zw@nQoHWpS%8Z|Qjz8xi~eU{5k$L#!xg2zn@1udMwN!8Fs*r4$m&kP@q$5;wC^$;x8ydIQJ6 zxXD}fdBNIPsRw+npy$o2kIpJ@&9f#MpzFOJB*XohLxYFE2B&k9h#pm26-S^l*x$jF zX+{czyyIVQQrdigaK{JZ)F*wqVQVJ%2PG{c`~pN<@b#}y*UM}0mgH{LwW0fZ7Jk&q zHR{-ZRzc{~AJs15(`;%pUwY41v7(v$R%WXGhF{i_;Xu<9mS`+|}t{@sSedi_y7ibZ)f!_`(|?qwIJGjX1?1DB+0rdP2L`Qx`wK{ewk` zrJ5c3=Ax}RKLwW0VH?_Y?TzQ&paNI1(5&_id88kdsQ|9M2IC6wWF`jiGQkG|kcK+; z`qPC9KY|YnTZIhUcBj~Y;S~8DIv;Tkynx*@E=^xlH8;&#>O;d0qqOJVF3v^RYoLcE z{6d{fdI=`w(B@2ETK9EH%+`@+DX;h6;?7PIA6}^FVS$k>%VQ}XRV2^DEx`7GBd_o3 zt1%1-QJa`uZ3<`8JPLuWI&~8 z&WueEY+OP_B!K=f?~m3SVMp$t1_+&fxfB==rO$mvlq1!VY$dQpX+cB&k=_DT!%!)NVE_16;MbTv12AO4(*I zY53kEtFQ_8RqhZB#IfcdEwdE4d8LBwmT}s}KGRJ^k{N<4$3-s89r!xs5pB0(2X^GI z<8+mKer~Pvw`zR%823g5I3WIk6r;AM+U{#K#@Q~N5-#`S;chAR3M*~PnXL+iZX&;j z5XGq-GzvZYT)N5xlb7)<;M2<*6frl}I_!Z~hfd_50q=H|qP+_cSGk z9W(F57pI`1e#@!$cu+lZSVStTRtBxyc#dC$7p3^ecUB9akbJn$FZdIl zGel&dCk5nST;R(W@7FBj(n7YP$bI$nJ4#ijcW(M*Y#w0G3%qK@1uq&_`}y;Y2~F## ziC3AuPcuNo9_8MPz|Z|2uD^w_bDA?!7stGh5we9PAxRflAD*4ucYH|%t;)^$_4R&f z?7DIbk-b@TYIZpxGJ0m?!^j^1Hc7oZM*>)<5Co+3R02K4*k^v(ZnjnFNwn;s*jI6`aVUt#{IPKXKimRUi3Ra=$hAnaeU9Wc$Uc zA?%U>ieNh>=Aoqil>R-FLWzY-^vS!vapjPo{X5y;mW^u<9WHs$4vqh~YT46xH+T0J zrq8^&D)SV&A`e>n=NQ0QXo;OSwaDcBiE};vK=j58Pqu04R{puiEI@6@?UQ9#!l- z7v83cmHQ39yj%`2vDsHK8G;_T#UGH@dWbAc{^o*3xlgds5^x|L>3+Fx`XnCNeFsqd zid#-?3S=rIBldS_0RjI!49%|zpe^AJ?i(Wc{N}j7eNQBV9Nx<=@s*RHI-+snzHH)t zb#L%KFn{b>uzSDHRFpyYJ6j;m)vULFK}k!G@_wX$HOgJbl~STJ_w{Z|`>an4Z>aI- z&UVeAD<;>x3BJ!>1@o33%I$`wLZI(48hl!ZekCw3?6-HvVCxxfJ-2oPtg)Yv1U;g; zn-G;`&9q;X_DARE{+OCk0^GS%tgTyRu$SGmEkDbCesrKR$n%iT(OiAX?wtGi%@9|K zpE6dyFF}x8vDwRLvUs)oRbQ{l!Ie@1dic2klIYme*iOp4f7_mBL<4?x(>}+G#2c`c z{jd)j4=N|u!CzLtpBDV%z|*7Ts)eNck?vhbG`qT|o2&=gxB00=W}FQlEND~G{Z3&)i|C^0^<5(bCE2TLTNXC-}$9N_M3Xf zT-zsCw`S|*6nMjFU_0gu|Lt;P6~6RbU=FWYJgYpe~vye-WbG@ ztUM9ezW#`mpr4t-)YXdW#ddoJO{6~`Fw zHB}oN6P|Ih%un21z~dF3OYBBgga{t{O?rM$3Ve4!>CIGm;*SXvIX$PoDyqLQ$7?XX zFDSh_S_OIf`twjjocHg55%~(;nAp<|qq|@*G4{ok>8W_x_n&jMIpQ0Ei6T4BBpnvE zRN-FE&Q~8c1H)JmYNEV4wHp$3#m8dU=}VoTM}+_I!>c}fPK;aj^NH>(g~f(leTPz2 zeaexB2%Ee-&ar>&i9EgBUhva9M6hq%oPE`5Qn(F0m#4P#Pc1=c7P^0CXEEIVI4`VaDF z{pJ`{030RW?Bh{Wo%dx?yh?%#-tr7@Gdu;EQ_I*ewNZOCfc1BFK@6Mxkw5VR5zy0w znesx;cxVku7gl6si`H*S|LU(d5m>}^c*zsqVWYE@yE*ggh5nHSh%rp}_3d~|yEp&H z`a27Ybi44eIv-0z9V?7T_+zM>L9JXh3XOXPOjvoRKuu>lwRFY))4s7x$CdR%XL zaSDr71m|xfgdTyl>yAw)Gfa2H5AN( ztd=imxri8D>(?%6#&?$>On-7Xm~AH?(gg%`!p|Z^JID)o7%?=M{$){5h!eWHdrPoW zM`Ga_jt}ry`>;34sGA~rFu^q`62qUrJ8DRNlvH3c2BBA@FYQSBTHsCqoX4k3f%ZPw(wZX3!kXNOzEtjAENkykA=r7@?sH4 z@A_a~ac71!S}G0Xp~2E9_>~NCYE+3=9$n@f&&d;Hp{pGdNWq#LPgAR@m$!+%M0p&iLC+3x94eE5N?l(%@D}|wK>g@+ z%_gtBKEdZ;zu*pC9UT8KvyO6pE!aC?9u;1Gu+;24ifv;E#-o}}{Dlw5%=Z` zYXIgJT)tn_J)s7x%jNe}t&_)Gt74C;Ph>4><+&%mVN?|mu>sWy(s+l$*ZDAoX5jK^ zip}(&50bXT#D4LP@@vIPjipG2_~CEDY|5SYY(N-9&niIavX148x+ zZj=5#B4TSQ_O(&IqSH`Ve)r=18Rzc%fTHHIZ>MG{QKO!^CDikR`d5#47=`SzHb|{I z!PV(rO55u%GO>hD{)cBQFDRegE;`jytoXL>b?P4XQJ~%R*HK$J_`HcKs9o!qfG9o zCx!j8Q(>A1=U0ZzBF#*Bkv3Mh5*YltHZ2Bt3^kD_upAVPm3+68zr@F(?j_rf zD^P7yCxR+}DQ?om+%KWiAY-F}E@^?_QSH`vngzcq4= zFRJBnmRMla&K`d-OPtW1z9{F^{sZwPQQ67_62*dM^02+Vv*IWcReHhtE7%Pmzrw`A_1&|s_+@i!T|GiUFwH@zIuoDcYN;w0p3Ec2dff#x4DN?l%^PRj%EL( zr`Z*x&Byzq8wvZhN8EyAT32%&AKKM=EI3Ez%|ZJXj{eezzn)9{a}Z&b0UsCi8yY7z z_m97AydK_$ZFbtB{sWvg?Awg@A2VdJTGRooNPpxac7yu@it_NgAO5YP&>7)?^#j3i zQ=X3n2Ol#=`)LtOl`*ynWXl8uu!HSRTL6C#XP<@VfN`P-R3@l4|9YQn&y$5YM zJJR2}Vcv^av={36T-kwFl^NNXSt$8aD;Pi8;$gHOPrn7VJlAt0gw;N%gl!dw{R@eE z9Orj>Vtf4FS0toN&*&FIGf|4GN(KuVclxXb7kyWU7X_>!aJ%G zBu+UxT3?3Dy2z#CvHHlX@;*Xt{9Cn!v(S~wvuwzWzhCiA=C%j7U$w zNBXIcUk6s9o5#1sv0Ab_?%ye+u`M>L@$UzJruPO?t5$@Jq&po7FY3Yf`0|wpKXWoe zcN|`FIPNHEx!J9A&Bw5^YF(JxKrIo+d z`&b~rK6U~a2Ifo^YEo$n7fw&|)59#&>EOZem*hHZno-rq;~pN)CihxdxjCZ8UL%d; z9m8A*WL{Se6HX#IJ`gffR)Nr)Bs*&VeEUZ&_cLK)O=azS#X=1b;Ai|RQ0#->eod2` z`FOSfHepcc!12Z^WZo!f!j4K<6gr%tnqW-%)2#@BUM=lGmN&-6>fX(Rgl!|3LiE!T zrGB}pozn_uuRFK<)(v4AU^B^!EO@%yL%;Eiw)P&WyR4zx^~D~a)67O?+_vYbb9^N= z;hsWW>aX=a^~%ds@7vJt@FSUz$15r;-tADn3LBkYFZ*gi zJrz#jgE&ozaO%B_Djkmdg=XCqROgS>e90A(KMw(axi1B9+YdE)VV8@tT6t~->iUhT zB!#hk`^)qR#zbV-|ISV12Py)9asMq02_FsJ*>M=Ly+}V6Ogwhyq}1XO_dOt^J;Xx& z$)c2F{JbUE7QFeGtl-N4!Iv-=v09Adz8pCWxND^ji7t3umsvLKmU+CzTNNvjKb+C@ zrMYIfBsUa)&ii#Vo7o)t`o0dp3Q?Sc%e?(5#pd7giK4cGN@zl>4JHlW()0&k^%Ot@YKK>~`i( z1bXKg{OdFMpM~^Pd|z-4xrKN=@K7d`|O{H^~{Iw{_F_ROTHb)>mL8!ns$W@ z(AUIN79-A9n>SH4%y2|}M*jl#EmPy~MK2q9jIs;ow3)r9MRt2^c|CqWQ&Zpq?0Kkt zeXIkLxwxN=e!9TbsfKFR^ixB)e_y+G`2iCmqquM5>mF~l%2(S@I@2ye|3HsCv6Uz5 z^1aQ1(Gy_giCGM@i|oeM1Aje;dYXkd6QI~V>zuq0WRs19K^yQHBB}H^Tq*rDChA$_ zn`?8vzF%+uhj(g)Dm|XXZta1A{PqYcdq|Ov@h8b`PWHwOQH&MB`Q5?0+_-M7-h@}Y z_qW!eQruTj0@Ze2byTI>?D*k`r4LKpEf7Eu?{aM3bQb$!jSu?W<8(ZBPGB6KK9`GKJGK1 zrup|xhw0nU?{zaN(WHC(MiIqC(6rm$3vCq(8&es!`j0q?X5Z=^sC- zs3I=52kO1JU3>^0$$cLPE9qS}kpWnaz;n4W>-dg61}8(TR#3~&P_ZSCRew}vPay#O zwbjK`URBcG69$gg8glX?k5O?sp6e$bmdpJQHj}-x9`nIv0vNl@yU0_JUkWlgsNZ zb;&g@CwQZXHq+~D1X>rM)ALpY6H1^88Mlc+0ng>0Y zeBw543T5S@l{1_tHtq43AA*Th%+kz_5GtKB7hZ4AUi!}V3M0)AJIdU9+m6B?9(q4R zlGUR_ZVV^c{O(!S>m__6xlTFNM{6&qjw`=8rDgVlyteGh^FiOiLm&}6y~sWH#sWra z@)LXx$08bFoleX!anPac69oJ7An*q2;=-21KGkEC2tb(z+552PT4W@adA+jojVY3-EYZ zatQ9~9->eceWRT8+rhdoOtK4V6nPfUY4zRiKxVdK$g(1yH@O0B`=acbe|p~2JUWw* zRVO5ya>P<&UtjHesMb&to=;GcU8#Y;)+QBj#1O3Tf@$80Qu6%Eck1iAn|T@AIys9> z+v~K-lk`#K&JgE!^fXyTB*Bm^?8D^LD!UF-uFQ0_!s$|FR#oU}6W_rC^-5dygMk7h zGU>NtEIU6SGd)KNJM1^Q59SI_)b0l_(H%7ZRR@g~PR^r#KdI*OHgCcA&BJAF3m@Gr zYq@fJPwa`12yF_eCtrB(%2tlx!9?DF!QC`v#ag)`heNzC_xcCxa1z$0ZBhq^LsC6Y zkp$Oe{8Zn{YY12**3rBk;4D7F=A#T$d@x!lZ1IL^3LF-{e?%e*vgR!u82P1Uj^PUg zLrvY4g{UIN3d`S})ehoS95L0{IlLjh&lolnqPVFks;kO>jd8sN7Cr?$f zA-`k(b?aBV2NA!&R5J_+Iq8sPhC8h|^eh*@EGy5NoZt85@9M*D3?0X3<-6G}yHSVS zM$^hS!!G~Mpo647pWBkSRM0L~PiF2;h7z8B}PA`K63Q+2_pR*J=HMt6I@0xMypYVM+<7!*$D| zv2LD&XC=O<`Qw+dfYQl>llr>1dfyWgn2h%2Rtdy!j^HNOzH)v4Y0I!w9VVC)@4YT( z_5>aFY>8O%_}(;N3Oo}fWe)Cg4R4)3lUZAZaQ*?Sfod!n1|Rz*?5taCj$|x+_=RZ_ zG^@doNO}4RfM-{-<_M&#xNxxPdt_0yseMN8K9cvw>nF+oB-`a0-we8fL3Kmi1HT0` zWxbpri@P9~Ap~5Dc}u7-kURBb zacPtTYaLocRR&=6ZZ9fJ@zmPEYYG*C2J&hmNN>{@X0229 zR@r`!h}>(;SCX7Kd&Fx%HKD_XayYd=DAM*ICF~iJwj*R{sg}^b&*A|i5`~%e{ZYNV zIO5b@w;i}E&nK@AVM=#?D2BFA$0zrP-FnsTi?{lHF<32NAN?1_+NWT6mY*xEZyJ)H za=1(nXKTgWFCe56YH{Qpzj$lSk^kJiRI$*ahxU!{vLR|Y@tU&?r^@jUZ28oZ7B;Sm z{u9%ty$BRnjEm$6_9SZBbA08n*ZT!&!|+}LX-FU<#C$V-^{(5p9vOHt@xgbaFCzWi z{8y=l*%!^G706h0QgeIch0ntuEjvP+b|H#<_nDf~@|_SSpfc@V-yt6-59cH9iC=0% zv+XTNeJ-!>lv1@&*lPhKTZvp^cg>|d%-S3CMe&K)=6#n) z{6iOu3b=r+|8ty+UcEjFS9hpK_p?P^GQ?F;`yQlkdW8p?OqSnImX-o|# z26^mmlXL%m6_FWvnHI) z`rD4g-8L0|_3%kJQDX37ndaUEJV-BStot6cW<2wxLQaF||JE$gDlm1n$5dWz(C==D zy7o0sUDRv5?7a!XX?%n4LcZKTgBg_KPIVz4Fpmkxw>kO9q2{yXHn4|TPJ3Pi4~+IZ zpJ-!m-AGkZoy=;PU#No5nTs(Rdln5w1-Zj^v(gUly)SC^3q zf%jbJV8cC*xH57i<~-p}c35%{nO}_Sl$r2dFiBs$&;na#Vw;?)TX(lQl+%Rmaq!}& zg@6rWUQOJ8#m{jxCafS5&z3Ovvzrw_gVBAL?7?GA11}8K2Sp)2pWF8QFHnIcj z=AwU70^nEdvD+AJ!&f4?&1qDJ=c@Gf8#`XVKGg0t)`j{vN8P-~sm@k<-RZJa`g-g; zItmbg`1nq#UST|+3JI8*{$B4JpIb|4TKDc1Ie=~el7%OS$YYi;3EVRYhP5j7O&ML` zL4SS56vId3P`03bqpGqc^GEiybTTu0@Csm`ZeUA6?>Idb-(y{v5sGXzWh&5KU@~qyyWj`JF_tn}9(rg( zk>JX3W4U5`fWA`6%I!yPeE?#b0Fk^xd;&t(qYgyaPB01IjOpJ0KEB5Q|2JT%HFZE^n?u(Cgo_(XMP$^RP zEA~~pO(|iIN!2F>xQr+7_u<|t)TWbjmMTKJt1litod1z@U0aGOQS_HY zqK}{?0g<36Z)BC6!`IKIXRW?Ln?@{(suOmI+K0VyAr}JY!Z;_O*?ia%KyvJ%ly6m& z;eaSxOgl*~z@&yBWg=XgW#%W`L=ImZdSdY->YUqzU2lKz1Gj!pu`|TCXy0RR6ujA@ zu#t-o1kBh9LOA3YT7U4<1^SD2oBItxb;*1`grPchuPyvC3ASWF1HSXC`c5|ST&i|b zzUIWBtgSxL$w52EKAJi68yvXJq1rIR3gHReAEWMcA}8Y`)O4O9MLhrf+qL#m6jZV= z<{95z;j{51nCAQz&c|8weV!q>{TX#pb8A%RoKhQ7iCN-JqR>UO=sgdEYx-b=NC=Oq)t6_M3ftsJPyNBvb7PNNr1OD& zhFLj2=aV@@2t{jryK%crD2WF#><_9B@t-4WM{N3B;Bk+Ki7+6p9|qHx8-B)p#b=jq zce%N7yB9V+O22^;aenp<2;OVqP&UjvJ7%yERZ9FV4);J;-&TpUOS!-oJ(+~5v^R18 z>sWpr0=Z$pT+(|*efZ@)0`lYykwOuk>G1#u2{q0``}LP8=F!bQ<=0xWwc@P&(4D8T zUZEl24jLJuP7K14hrR)VUJXF1LSr;`F_^GYw|Bjd+D6QbPxyz!3cI&9!Ks zV$pm)l2$kna9Ji=rur#;x!VKb)^rj5402oN{s?0&=Zk8iR4L4?zCTdYZL;G&s(E7H z64grD`qPSgvNwdvm!^!*q6CfO)#4(o!qOeizi;$;pEPiTPt3Qyze9*89?ft&jQr%j z6AzNXTUE>7RtaHQO#&9n-XNvwod$;Dtvh`dFYfIQ|1gi!$P@kejgZ?R z0i|Su%{vaMiA(TVcs$?(J4Z%K3DWGo<#0%r| z`FTW_VBg*y3356N;YNEPb$);1l>yQ{*|#eSQlvP#w(_K2wCutT1+?*W(Q(1I|4GNG zh0HZ1Aku)}j+evrOuahGVL<#&<4oJHxh5@LVPbo`oJW)@(t;^aQ!_So-@E3`P}XnX zQ}*`&Gi;;f%GdX7?2CmQlrg%Yyd$fDWPgX&0h+?igWsFy<4byvET)vLmfBuioXm@I z1_EI-P+|OCVP*0>HKEnQS0wy4RBK7`6D#y7g!Pa{)r~ZXt>D~!6k{_F^Wh6Wi73p8)4R`(vdbs9;F>Dx9yj~* zaN|=KQb*OE8%URk52HWy>zo!@Pd6*5e&7A? zd-{##P_bRd!dWcWpNrhj^YRg=cn|;oeuO<)IM~*{Q*fI7c^rB2rM4$z6<)UVrNbPY zC$=bQv8O0A09AT(bpE}swQ{;NNGbp!Co@pTm#%vq2XD~IWV&Tn9e*-V^q0MUpbDRU z$mXpMBRVeSX@3F^a&@+0YKEi6l>sL${$!`-LY~4voZ(A0lG>c{AT&!z1*2E+d)`*8 z^a6L5f2H|4bvV_%D%e%k?huK&z>&w$JY=mOM_~6*w=5pPuV<{x|2d7LdgmyZ>q~|F z!PDu0Ky1;(#naD;V;qfs44Fhnu zw8JMi3s_nlgTH=fwf=4ct737Iyg%LP*ZUbx4WPR0HHP+b49%Y)CJYf_KM4RiKIWI8&iOud$o&?a@DFTvCiH6m z76!cEWaN+#?@VI^>FM`mTPTML(r|SBf|Ant#p3bqG+%c=Si)cp^1;U*H7f^>eeJp7 zmc9*iS*D9VZavfSXK~%ExUm7wdVMdDaLZZwwo+-p-oWC=;`^C9OF6aV(En_;%`p~~}PiG)|UonB58 z0%A?w2JUnYd6KU8nXR%T$Vl>^Rn7bkwaZ<*f3G024Dv6t+$&d}nD9<LUIA z0c`Mtq#GJF8iPdcHEUdV=l$zG`mV`~em{K5Yc#`k@3u$~$to(c8egcu@zHgG6LJ@* z=Y@E659I|_{PAmcF$}z`X|i~m{)z%4TcYuS8Gw46`iZ(d&%q>5vb}o|08e>fYe*ne?f6s!>O8&Y?Et6T!fW*!Kyl`S?ppKs~kQs{3$_ukQrV z{Qhc#SajKjbACDJMq$?bNT^RoTlhLIE=O-Q!f#OEuKIMRQ+64lq~%+C`r%;)6)xRJ> zDq=mE=i{{pWQwGzNbelRsE{5B?miu*s{_Vn`cxu5uYX|Nw<9edy!lTZYM?_R_-5cj zKge0V!yXmBW=Z0HFv7rFhCJNj*iUmq1(ccr^sS}_BFR0Pe4ddZ&L>6Uh0nba&Q^B9 zdemVK3HHOi9swf@QnLbBt}}txs58 zA*`o|yrrV+vL5}|f=!}0KF1)uD-=Rl!Km(%+!k7ncDd|ME^@sE(Cv;=uFQgku(KaE zRKtx2;B`|n#yNrkp|fth_^eJA`{n@uCjm`>y8NBeB$N##(7dfb8uD~@vUB1;221>* zHJHFH?o~rNUY(BT$0_>(HmbeHR5T^_+xStPI?1p99m{vt%6<@Qv`b6fbIyr7E9>`Y zo)NSP;y!nT--#HjBc0{^fOte$(+2@~C?|l%dCzs(ldZFLt2Xh-gii(%SZ*rA+v37I zaqqv0#n_k3W$x~k_EAUoHhk%$6FDc7Vb?R+V7v3&GhT{peFco65x-7~Dmjzus2Df4|>|9)r$$z$B-BI=Ghy0472E(qyTJXJ5=`zruyWk6%_K8Mc(E z)2AP5#P@Az?!@y=>KXAZ<=Y*NKm{k3jCb6f#8TJlLlDV)bvq9W(MDy(1FgN`vn7*f z^M~1+keB#+MXj#C_@tb`FL-Py3j05S=>er>WD>{5au??#)8!%mE496XC#{AUPrvE` zzg>hM5O_O-KYI?d?ah}UBnqNQS=B)Lv1)ryq^ieyA#|dA*YLmr)E5Dq8j&ShY}qP%<0oPHs^$X&@@#BlKPXEj% z1pz&lD@d$}2&2Y}h~IwxD+>Cn;YTWm#iGt_HS|2#pSp#{4Tl*Fs;zYeanZAd;D1Nbg zPUWqdVPOevG8h!m*u`9ZD8-jzgId9+K)2PYtz6g$Vh1X4U(wTRNCoP*kg8IOH}egF z>2$m|#BlayKeiOQd7TY}UDDLlSs6J5wdp!&ym@nH4p%C^K$MGF-xp0h?0cJZYfjSA z@H|Iwsle2BL4e|OF3bD5^}_Pjkn;@%^oXNo=4gG8&kM`@P(uZG?0>$W4h|-)VBDaGMyr*;d%)`q6dN=en8?96+dIpYKG>SJF?2Kq+O zs!5+t#c&9=T77ANC!u z4#ym1@3w@7$4mp7+d;08 zMrdqlw12JZQy3FL2ku6jY3^^+QgrTc`%DH&z4I0dMq+)X16y=ocTjI5{Gkb5JqhuTr_D21>*5-4gPyE zLn<2gO<}Jo9FNfU%g)Zxxi-h(ijF&4v@bv}Gv)YwJf`pX(U_7qG&+h7Zz30$^zasc zS=urvbKVNjfu7G-8xEFmzKPeW*lWh#&j9;nB=^NmS<1+U=FuyQGuuNgkfA}Xs9HR9 z?d|b26*`vOla;YazTPDH!iyY4oWSkbD*=o9)}ZiGB%_*amAB9mL+tBbu3X}?(zT_( zeg{Cu!TuuJZ{=4M%n7+e8!S?$@^?iOl7j7Yrs)Gcbl#?OOoHxPIIXr9Wo#R^rmbuY z&G5v_z3zwYJJz*9TG-t zEqssjAm&OFfWe^cAQ5S}TVN4#rwMKt^2pyrn|XKLb=S<7dQbTLfQAT#UuAb{lV<>< zcVe%Gg1_Rl*8=~Reo;E5vK{Z6J8{vD@DFP2882XVeL}N3u9*31Yy^yE>U|)@5K`+u z)ZUM^036s+_fEv~bOm(}h8QgBG3Hh^1bJ9KLEWz2PN)f*^lrqH)qOZL+^8zuJ+I?eFp2ey6ucsOz9$bF z>sZRnGN6KFA(B0mKz1SA`s4oP;`6l`j=zlMiD`j#C8WdVM_4D$!t37?EZY#t!GMGW zKf6;@n6Y28R5(Me?Q(aSOJ+M!od-DcTO; zQjQaPd8x2tfLBpNwelm@hi-057-H``q8SiZ$TuM80kZSTz}h{AUAPfGOk>}&R&5Dx z{j)MZ;!6@D2j^aT6tH%*SlPpyz+=CD~SE zI4t#DhO=htWA}hAZx%&R0EDq-Qn_*D_R2_s_I>R4G}x9`KSuMDtNr08E0xjy zXiZweDNdX{!Y#_q()C3;zvJN3uWMC<1#~D?NGh^0e?ROa^u|BTNiW>h_FW z+;FP;9x_8!`rV3K%4*Oa4#cAd(Kf@K-`8RIX&3b%!tnRL#;oN!zs)buUt{|;8tWlF zg808L_I&|P(cO^%oI+$LjI6RmZ_2-X!Wmy|PaD~q zekSMwo*wY7JYOiN6TPJ>+4qH?ULVI43Z6HE=qgXEssQ3G$5Rz=JV9u;H%tBm6Ho5L z(jVAV#~HTD#yx`NNSl3IC;S2fYw(dv9Rp4Jsa948Z*&p1Ob*mhgy0mRSbe>LkW`nD z%;<}93wLgskY8RP0CMs#c%DjAC`(9zO9k{AIta%pjyr4*W3rcJNy$M^y?th0;NVaP zSa1N~F8{QW1enDg9$DkA#9#A-CqF6CqTYf6$>V)IeFYdvp6&cdgPF3yWDM=zv^J{s z3LhmNCc+^csf+iO64_7u%=H`wV}n|L(=|_=F`NcT2ir|NS6LWK7F6QN_Kqx{E z&MKLRG$rmg-xoB#os|zW`*EE6Al{sudk3GwfjH#kgzNddsQoLP5LL=DcY-E3LGfaY zv7jW^Em*k5t|Vc|aMivr75V|E;&mIj^L0U>chc?LQKE+JMTf5I;yU0n*F)B<6Y%=% zmA(ZZC;FCplf9*SAKh$}o>Cr7(bc!kF)%373f{UHM>VUIdAB0tLUZXJS0rD`ie}Q;sNuxUSMAZYmy6Xpq-t!k z&XHqM^B7Laes(CR=Lo-~>P_96*M&pS{Yt?^g%Jtf#n1D4j}PrwWY_8Vl`G0viSKRD z&QDcQa(b^52OdIJ4E~$oNH+kQ$CTLm91PnIT*T5?0@w9QtzNyXOG;`$w?u6#QUdujMlUbGN zi%L^7Jc0N(oM)3dI%S?RyR$OVXK8NR%b>E{ZSQ$98<{skF} zKP7eFsRNzt+G)dBI*1- zpEYIK9}PME`xkoKIrekqn@d;7Ej%6cB@PIaB)F4jPaJUNCi4jh8Fc5h>=eQ2nZxE- zuDUd>aG>iC{Ntjk{hUIX>}M&3eukMu#CF_)Jz`bkg0j`AEBZPbdkj__BqQ~bG$7AxR z&wzuraEc!4x-q|OBA)t%+o1D+#g3Tt%8W|~hrq_pg^V#{fLwhczlY=;Jz)%y3MTpE zsdMb^nh!#1UxgRSq4)3F^#u%RKdwbD_=UmcLI1Y4WVad-R8c`&1Jc%42X?lMv3%Zg zy7&nJeMR#!wF)!JFD~ORj6{ZcaeWrAqs+G8`Qb{u&vd$<2l(m~_V%EE7wmM>WSP=8 zPaY;)!u0he?F%7(WSc(-V=>Y#h@&T=|D-{1F=;9SKG=Db^8Q4GvD$PxmltobD*X2P z7Y5X%55ZQP_@r$pW5aRWX?#VBu!-#}+5Q^Db^2Bx~(=R8K-fVhxnK=Br$YF@k5h zWygvDJ>IfPfA*O^Pm#-ym%4VAR7#2QyamA!Luv&z)9Lr8P151gz`p9kvg4TSVt!jf zQU5R=Pp$Tz0+1P?7JNhRa3k{GK5+Z-Y)MASBtI?rm8w$HRM=q8PkjvM_^j5tNL`0I z=t`rzRJxzbg;`EtBR`^KA3XWbdJd2I`=RA`qZ9RVLUB%Ff<)v#f8LbG7dl#`KY&If zE~Fx&n2fp?$o$;NDGx&bSUjr%^AUE85rK;tY`>Fql_RH8q@X*9w;Cde+`G(0cDKCO zbD;%&ocHeyzcL^RWR%NltR}jrxln=C&59|VVpVwXDU1w{>%MZzI5t|lul3h7f5cGk zq&x7tY93u!vGF$smZmt43{HTWWvtsyK@1Jfe!Cr*pMSm@Hr8-NlBYobzoW2-^D*QSLMLh(N zQdCElNNcVwBdC1|4(*!OyhqdfgLCo06+|R$56NJ@KCM@^%QT3T(cGneg;||t&>x7y za`N5P{N~j%8}ooOhBQKX44}W`P-WA7%rqZasq_tL_ugGp6CClaj@Gn|M7tklTn4=2 zK1-DE6VPp`|I8?5)@8(&U4MrCRHLkb$M4sKg&P0H4`dx)z-S?7;L^`o&R(zjJf6YB z64O2FOuJ8KofdeROt9?(?lPch`s_2A-K9fI6K1_78S6v+d*rFiZvnWkQ2K5uQZ4D< zue!b1+w}q?PG6=Cm>=zHn23r$3qz_pJn7jdI0kZA9?7MR-sc`bxaON4;DCIvr&@}i zRw!a3(lcQ&hl3si@z>5rt+u=rkMHU#z0O6%ZB3xmJ@gyN+WK7Q5aYix1{s~hs7wgxvyBt49X z?fdi{hS@ z`O#D(`5x%3#6gE*TGn^2I`H^D;h6oo$Iq#Qs~~4fAjpeMULm`d+|M|L<1rlAJ(Byx zzlBWH`Q2ncj>dv0X~7!NZ!bFIGy-!=-ShWgchQ&rrZmhB1+#@5^(bztegv8#xCkl{h~Kl?^@0~z0#hst@b*7?s9m;0Ut zz1>p^m>fhnzbkYwIc7Ycqk2#O`WQ-E<#o=%2-&y9Riqz9 z2pRCLcyNXdxMnq#i@;Lp6K9nSn0POH=SPHGP250axou4+c8GpBjy@G2-vV*jLI1g#i1v-!}zdJ>mX!D-q!t z)MbvyE+aO$9Y4^!IzmbB2+TqDW+!7g!LGJB^@6g4d9mIJB@tg?>-66xfuNP z!#`ujiVvnZ=xH&emU<{PX$SzU7AuD90W9lJr;+6dr6JF7pv?; ztUIX=+@e1*I`b(kc#s|E@xmjQ|0EmFKsx~1X1L<&dWH&qvqkaE)L5O-`tzf@$ReMg z(%L3*eK~+Du|G2SF!{$A%^Xu=kbZY z)%ti}$Y=0sqHeCT@l$G_e0>ory`ZxmqO+4u$3FP-=964?@=SQAam0Cr=%UW*rz?nA zu$EM?fj2q0cvQiKNk3g`i?)Y4I4dN~a93AY`z=k0L4gm+t{5aFCy2AU9Vn8aJr3jx z&f-0k%JKI^<^Ni?p;VUqQz3OEhJ~4z)5-SA3%FhWAj0aN*+1*iWuDkGo~FD#=;DyM zOoOLnPIo20A?%BkiUKaa?O*rrnF_Bb)L`~IUl~xbxX5`1w|nY4aXRQx2l7rAMaLfY zqN21vd$;}v9k?(1Wlp!7KrYXkng*S00OY_CxiUA`Hk>$E|+7A>U$+LRvwwPF%FuD0>ESb5GMMI-|SCdgd@rn*;FvMayYTdF}jRL4G z9%t;>_dVpH(An8gaHJL(cE@Gx@>k|VO*v*m`yC6DNcpkq+NuBDn^*icVg~%WUkHr) zb<6sGGQ%LZU(?jw$MKJeh7Df$3G($}4)xu}rSrSLxg>U~J{WlgVdHsmCn%oWl7xH< z1%5|e1co~wwy}&%sBR@Lzbyyt9a16diWGYS!Tsp6>qnz6zbF>je(CSR9=MIq!$47J z4X$bFT*t;=i3r#&LGAd1lHP7~re_;`dLM^W|H+o>7!C&_3L~}EhjMPagFD=Fj-*Oa&sLRE-`>|3K1*UGY#D4_i!`^I zzo?3e1^55nK)fJd@5A>4;%QW$0~Fw7_r!i-i6B7JF@qtA$!Cdoem*AJZKDAnb_0B1 z-)6WYz=mzyzxAhVgy5{M?+7Y~$HZfwAmx9x>lH+OjDOz!j58S7_#63hA0uFC-xwI_ zejrXf2%+ZW^tZd84@WqNz!}EvDa6*=@pagjdnsJ(NBANVVQQ)$+qYdgEu~yJTQQ%G zHfTPOYN3iJt=^!|+pqF{Zf9)S*cb)o{t(!?frp6K(TB@R-q%q`Eheu0qPi|;pxHy> zE%gk!GJ*V+5fvDRbY4!6V<#D_FDduM6`)^%^99iXh{_~@pKXz;i{>LZ5pIV#KinHJ z<$=faSs}>9mVi2FQ9)7;j5$!ZChqUy_*K0=2T!J%U%_4q2)Q)nwz%kw#&GvW&%P`O zpem>*C;~Lk*GCRB*JT_ZhS=8+CQhfZzw}`35bS zg*{hfGB8yvQX_e-XSZ5S4$x!n#J=w!-XX>)=ARC`u8 zCwum20fZqG+AqI-V+C|6?uMUYSel{#_|D7zC`0@{0u6+!FRyTyLo|@G64m^vBc}Sq zme{!Y>S=*7ohLJfi6@lBthD)+-=_fD@PnTq8!yfj$7jzp+%6Y};vm=QoCydXD_{2W zZu(X|1W9@8Fr5hUN3Kv|o%rXGU)O>cq}$nkU4e>mm1nV`M`!`wLTWMmyl~OR%U!C1 zLMcJ;mGiwb_suw0xgU^g)7N6X2Vru3(L19rCVFcVV$w5obf1s`1cUBYa9xi510ZPW z8RD7`J!L;f!#cwG=)&!je62_}(?Y}m(rDVPRyO{mCR2mga{Zx@jvYFqZ?P6iE6D}p z7i76mICtM&s%?L;?lGjERSULhcx~p+;o4*>S+<+l+BSK*zBcaC7BFf4VCNpWhMurn zeM3F(-PG9=*A^$)+PW+U`yStzzlRmJeglmaPyAL%$S2IZfUE}h*U5eajpPI;c<`pp zP=3DB>rtd{NKnAfgO<59jm5n5!^bsxvXG}}!mqFhm;LeMtz;xsy|{k2=ItHzZ?S&O z<*vMd=cewZWU76--8V)yT`bH(D!2V}eT0|Wv)#hNe=++SG=b{Bwg)LW@@nzipY{+i z@BUThFDM^*OO2$749PQ9@cS4(l)?A&4|5EUcqy3Q>J-mwSRSODp}ijBrgeY)ftB!s zBt?-xD+@*eAj(J$BnS4j&I)ytoIyo=$D)!h5a)v-z&_M0IQwl|2>x$o$&Y|66mN?0 z0a9tyFL2#E$@Wu*w#|MleJ%AIXY-Y|o&qnczx)c$<@5Q5gBPAcY58^tfrXW876k&s z@Vr*aa=z&LZ~0j@TPAmuq_pa6KoX4E*Y&jDg!#>zNzRJN`Y!61(^nMuX>a>d{WQ1? zEk`Pk2`azrYYv&8_FM3Gzh@cV1Wy@dHX%{LIo}E~H^bzGJ`04pK&vOj5AVC`XpGum zru!F2%TD2BW*O~~-lQS(lm~NxyvUM>E8$YWv3>7Pix0-vQAd7C-SsZ!p$XKc`=`+K zDY`-)=A{H4G^P28?vmxQM)mz$#Mlo6n`g_(07HEEkg*Uj`fK0%>^DNleW-u*2tm3K zfLfE8xX{B$LTAN1TWU+co-aY?VX?Qz+x+1Hb|sX9Q?aE>^v%G7g=dVJ>dKK@i?(M; zjDU22G62L-oci9rLbN1j9fe&-wuJk#jY{ zAMr<6Y92xwY_$dP`9#mtNlGx7&LZDD9m|#=dgFP^%s#iz5G0MAY?~yWvz~_bOLM|E z0D~3(1^`HVh2XG{$M-4x>x7i2`{U^D`{eXdSaXh&;C13Tkml=!+joWihNeIcOdcG{ zzguER7hLAL&-b$;M^Da%fR+I__cklUZYj+EkEzEsGnTv3DaMWN0HC)1gz|nqOas`b z>`e^YiT79#Ppw!mO*nCP*hM~1k2GjBfN}Xd>ft=Z^R_X45{@n7HeeK8+$Nu zgH1b&VoAeda&+e7_tmjc%HDkR-%bmunWOYz#&GBM2;8p14TvxAlCe`?|((FNfgn=1{Zd(>u%?Fi2pE(pQLAKZ>fBKu1OCjiSc^|R(ufU)II%}@;z)%t%|Ta2-+zs zb)3E~%oi)cM7lR?|DGNo~)@>p*Q5z!)rx*!`1S9ecn}AKS8hUgq2?K z09Dqf+ylYmb1ys5ZG`^llcy6!EgMSlzc7{P!r0U4Tzbsuer=Mvt`6n;4RbRW(0mRQ z+-)-g=<##zy}&rrt?+rCGcBlrykX8rxpqOQp<$R7B!`YCH^XRu)jY{DFSX zl(}vnaeVp1PAzP((mO(CK4)AG+PFzKm(}<#Y3DpYe){7zolkS0_CNYEVW0(Crqd{{ z#_lvd0Km}h+kUFU6)Hg1ZYUJ&WBsM?!>wtAeVBt*qfLd6ZlBweZawpv#MjVJcpE!o zAMJ5%zklz{z!cbIBF?Jq`6I@-zj_)#fI2QR$TO};3=!*MG5 zk$ii-GxTL1O#EiE*i&AxzGd;-`B~C?c)&r}Ti4>pr1-!L+*X;>ndefTFRR*Bg#Nnd zp&;Ggj(S+j(1OL9#j2PkQubZm)t=f(sR^I1lr`b^ce%rta#hF@ftuu5yM%)L?rE+} zmVFYgS<|?u2j|$qW&F(V8#{hqj4{87!VBKWaFYuh>+R+mngs^}D;V0*?GTYvsg(Am z)0*=>KcC)^!tzL~QVxlYa59cR8$Fceu*9$Dz9ASChnY)z?x%ttgLTr+_HAYLWJBi& zzcxeYLU`r=)KeZ9HK*J8c7&wPzB0Z?RTgx(DjqJ1JWCi5_V*cS$3Bp+#8f-?z%uM${+QDTXbe9V zwSo9bd-WCFu<;63hJ8Qil)f?4hr8D>smhfCHe)}sJ`(8>HTW16n(Ho-EveEm8ON%) z5q+EA^i3t?<8AJg!qC>iv0O!Q;peGjBX{#d4mG z0(O^@nztHG!^Lc5?`=L=Lmhc4B1tC@-W74=YwmzQ#nqko`uYN(HU7-d71>xJr7D@R zuzGy_{SYy}(TSsxnoR7^S4OBXWgV_ty{BHxK4Sd_`>@(g@2khSC&}F_zVyCkzF$>@ zK2@ca9QZe6!rs$wvft?kauF+iv$KmTgqwwg4N&Q~N zeKnuobfU1u$Qj9Z#uW;R`~0-@c$=78BrIu1H=FzmV;I=Y{P9~CFiP()$%&~?C3>m# zJEgf^lFtH7o@s=$60bvweJ~~{0Z6(s9FIg0Zu^qPk=&P1{+v{V*DOl13}C}v_;;*x z_|OwtZ%0TV9V3USrP`Y18)SIvSF#SD%l3I|Wxc3D?*~ zqdG|{17|5~Fda^t7m)U!q6igSn>Tdr*e@V7n}qyAO)Rj1(NI zm>SxY@N)`g1!96YHuu1^PcZQXB}|6o_384`V*!DqlMpz#TO7NA?C#qr7G`qc3nTIP zpbx4Y(O$Y_YE-Epx?j0j|Fw_DZJqBfaLw%S@x$`u<#Ahot=jP~2l=ft*{YU*bSkLp zQ&-jMbEhp5`yfAoTn`nV7L{^e+4m(00Y){h!5tQH(vFP~j?=VXepe1p8v7C0ur^?o zL=kb0_BmU=ukTMn=h!UW^pLRILvFRp+`7%EHxL~QS}tAcNwAd1I;d7ebflevKyMY7qrW0X8e$l)DR$ zGm+APT&ONwSe0vr&>Oip&M+~uGw-x{2^5;Me&s4ZAT9)XCnEOne$<~N{*=`xdcB%A z?x2)sO66_)Y^HWO0wI_f`@Jtu?L2(nMpbjnb3ZOc{h+`KBy+5_oYEJ!r4_Gbd3qWu zW!)s-p&;Uk`ie)|01xd>t`cGpLG&sB*I8ztPi1lYb-{ikDL1>r;LGEprUJJ#{n#xo zL7JxLPMU#hOetTeFvt$j4;S6zVbZliME*zF!Fr5GHP33k;p`Ig;w7vi=fp zCcNsL=i%Mq!kjc9;HF2eujlJ?;^6(>T0b!{fA&7ZgC0m$8P4)=K5jRb?a-Ji(QCS+ zXmb$EZvUvca|qST`$>if4niWq=rM5oDg$d(pT-+1fJY!z_thIeoCRP7blIN45!%0f z6V1U7Tu=o{did?37Qa@Z_L}>$NVV?q)D=?gGNGP2dwpuVL`w*2G+kfe=Va zr}DXi$q6O!7sy#PLP*Hm6SGc$tkxCv=j6%&N%rB9Me;^k7i*P?bplNs&SwZpG6Grn zMJHBr~!vG#evNdfk?l%!WP0G==-Lwz!Y8c+oDF}UD+t-XsLYw|) zxoFdVbD-v#9tjZTT&o^`Zl{dg7`dRqM!=bVU!~z*4hydDPfwKIa|`?|aZL_~I7aK- zg4blTIRz|Y@rxR1l!UXU>jAG`&$`c7zvp<@P={lZgAk=$SLkvJ`}hd8aiYGi59o|< zI1hR?!}a!=p`!(lp}gy|Reya;!ms|YInb6UYpmgy`bvn0IkR34OMmW%ZTIi^V6%=YuB8>2c?4jkM;8SnZSf(hIG@K?&(uVMPg&Rl2pho(^b8HVIz7y3_b9sKlLdnswj%`=e%seQ}VO_eN)y?GCLR2clHv-<2&Zk zM1FtpKKeUj-r4gDF8OuuGYZKyx-d{0m-q|{=w4Wf`%_tU%U^jcAiIcnHED)%=%a!l zFi!pxT2_HNw^JRL0`9SY)>3F!T))i|{1K^ddCGXe+HdiMXX+U%<3mT)>|VUu(97c; z)p6HZ!5ImeFc2mzIL@u^E6NY8uI;+mRyUlUErj1Tnz)q`Neo?8(;}srv-2IieL7{* z=}VsBWgYm7`Wz-cM#DKcjeppfIXaMRo;DYls22Qz&3`XQBCNy`8jc(aO?rIf?ctp( z8<(lS<@h7b+GJn64!zwOIvIrm-|p}`z>wR0{@4)TA6fi4+c5|NlIMsD#;K(fA}w(KDWE;yQ+>Fj z3D(wokOq&9njX0N$DRfNr&a3hT&6B>TtHtIxCdJBQGAl!tE8!qtzU?gd9>+1a2HXs zu5EF--XQG{HgD-p?eQp!QN1|dma4tw#P-k6R9a6ea}x_fK>{T|EN?@K5SCAcafn$p ziK^9a$*~n<iP38C5Q{qLZ>Iy-yD`L|c4I zvO>=ZQp(pnIqLwj)?#*J-#HlqEd^jJ!Zm>dS$vEO%-({IZ=AHr!asq|D4e9UT>%$a6@~dc18vln7+=fby z{AY>1TJzV;sUna+I><)B-B+L`bZjL%eXsXOH|AlIEyG~<;H9xUFAm4nRS!)MHY7#B zXt8*km-p#+Ptc_RE%S-zRqmm4=H{GWHh5x2{N;BdZK=c~E%+4s8mm@ryYL-fz4T3KZp3d^`7g!Z5_AyDiPHPvs;tc}9M@)EnNfpvmh>z3{C`cnpGs$h)s}toToK+d{ANoymQC^$calzPEF@Qx-u13zoz8nHgv{( zFR!CuRs(kopRt_{Dab5vGDR5$d>q`mYT|}Yc&8Aov0^QMSdMbwet`6C?RY~d?X(V0 z2&aobxhN=05-gc<4v<5dVw&_oB&@Xot>rcADH3i9Q}-3btcdMAto!fjb9S{!ACA5Q z(9bk+>+|FjrnvB5pK1yx{)F0<<_fRYN+8r9x1#}!=aT?~aB|^q>y%6toyzq&7$>w1 z@X2qHDi+Fcp~0D>E(}~bg<_|9spL#o!V3Nk$JK1yRyvKAAH0kc|58RL--ki!5D5rW z+1`0$dYoE11`u9s`=Tj+e;yS~+e;reV_~jxJsd#fd+qbA%?&+MuRd@Y7ywpe)=Bt2 ziI@CE|JCeY&uX7ZrW_Io?1g)?9;?0>(BH$+1~v!brI`o*ZM$oG4(SQn_q;rImihVI zbAOLfg~_F;L)}Q{NAtc_UYfMOj8YRT4algdzwSHIg7=n0iZEYna{fF*m;vSgSUR&V zMUf~7|0R+AQA9u%5!rcT7etUvgkL{F^_ElzSeVmtBXO=-DA>E;dpXtus$V>D({wVC2`~+gJZh!Wn%dk#}9Q8iJ|AzPf zY$8!RX>n_ zpKY)&5aaoH?-LsNMnA#fY@ET%fGBK2(8#Kc#*4Lfr{gRX3;e0a#Q3USKsOYH)amIgJ zK3AL3qf=SRu9vb|UtKV*zlJBaA*G9UVB+E@qSXWVp4wBzI|*Sc_`Z3;ga>qV1NDs% zAJ>`|`cIg_plie*3@$&*?M8yTIl~m+d%wD7bj{~Z0Ta&EaU^WsW(bn(oiP=5s?hOf zWyg>tCpzcfAiCoKP4L|E9E~6|D=EKEqdZ$w`-xM{e7D0vk{7vg;J5R*^H;VfEfG?) z^$H^`DLnabO_1OLo1Nov;-!Lw^TvbBvr6$-3sS9=q{8y~!Jj!H&K?YwI~{`J`MdR2 zK8HhYhmgL!m-%bTl<-WD;K_Jrl;477&$xFa)AfX7?>yIJXxHDB z!A&SAC?1|(C;o)02`%-g%CPhDAS9!)mLMIOew1&@bZ__CN0ak{9r2NxFmP4eSI0DZ zjmm(f@jAzO%ELP{Oc#fa&iPyc)JAm3<`MD3=Bb*Ptq@dx>9;C&MT(Hs{ca86xdMN) zheHX}?naigwL8Nf5lHEALsU~{H@7G6o%7oeW3{a@R91?<-#v{PgQ)b<@9u5L=<;i1 zYOHmyHAl?v=kn8Sj_z)i^xzN}8qb@OaCt71#Amb(5|;MQ9_J2PsPifI&-HsU`~T>D z^cN3tcfP*N-lLljyjc4{qVx>&xQZ@z^~amoKQB+&`5?C@-(98x(q|@%6r007?+h0o zsn|W$B5Z7nu~#;cgm=EVQu%g=T-(n~kW@#OWF5m~a%XpL4Up$ARc>hHlK@l{?i%iN zJtjyL$VKQu-h}ZTZine2etntgkR8>;6^}VwH0DM#s{qmOr}OACS)85^`>jel;OU%) z?=h~LbP(!e)i-G@CGFn(aYC{)9}&<%Ci<+daXKm5KXS+k37MzOEb?typ8gm-L)YC z<-RC!OGu+t>r7o=Z#a~gQfYQihy*|?>;idOll`2!$wj$SuTi#CLPDa!<-R7ym6Z=(53OtevY1V!ZDRL#r1bFhFqlw<9R&+$zJ#hY=RnNT7 zO5BM}gEv{5P-08G&4CC-oW7ldjHA;^GsgP*}(NHl_~)b*Vg5%*gz&k!Y@2ME`txrFWwNki+`JHirfv}Y3m zU;7pJK8LpP!#~zr`>4)m^Ct)Sv9*Qtdn_^NC5QyN+uVksBXW!-LdOeR00fVir5`h@&4 zUr%kg6reC%tbDxIkHyG16Jp8p^PAd7BDjQV9D4h(-g@%ko{st^I4w_J3Rl0nePoke z`Bhuw+qKL-9pwiEa3EU4B55*~a_-)DhEbnuW7Yi8YkxMxb<)aSlWFU%JR zd!In1>wTi`Lt$I$KL~qazR4xERj(0j^k@Hm$er-TsJK3H21h<`ep|Zc0(bqTZ|M=m zEPE<(FeG+5Xb@dI?rchQj9)C8u3b7b9>)7;>GSfy9r37eYqVci+G|V1WnCt^cH>Gtdm%7P+_nN{kKnnKLAv!&+O_s-~np_ut7o`cy`ZBkr; zh(U&H2i3Oph*#>4!kM%`obZ4*R{X5^IdK~92_J>xcGL_La&`GY`I+w>c^-?<#TLWPg2)exwgn6~ zz!##+CYT0^b1Z-rdV9UT7;KdCduC)`5V^2Wq6JV=Qrx?6-^h;(+qxUgK!=dg$@P^y zt4^ADY~@ppvuNuF@~iJzSsztCu@j4z&D^!B0iIKy1=^tW>tg6#@tR^TTP~^TcDj(WB?(lCds@VHmQ|H!$?anq4Q& z@FaqTyk_42fF0Xb=x z68)Wg`-r@!4d&}TO3(xGP`MlgH+80rx^pG=v(8gk$V7ET5{H?D}wR!iZMyDxY%)HCwV?qkFfQyY-v9e3LgWdg1X zbXak$SpwTJ)`DKieSRIe*UTfPhpRn=eemfBq>R76=*OIk8@C`p8eg2Ry-lB`=kYV( zt9Arvnp`Z(Y-9%0gkR_Apz-QVu3lq;8}1PqtC|HrCTrPFUM zxX7fvKn84WE(WHpgz|dcGR~j?n9<)88ys6!FKZjyD{(0dx6@h8yLZ#=2ctt$&7zGh zai^43ygy$K5`PKyS%sf-fSMF+&1VIb&IJdIi|oR=7~k9H3JPnsMVW>>RKR{Qe>YAR zkL*M}RSwQW?A1GuHByaT3qR9;XWvn8=o>;Xa5(RG4a#a+uiF9{9j84)W^@sq8ywFy z#=b6-HtkTfHeb*$Ic{XCN^h<{WltFE4`m z`fv%YHiIs(FXGv#Wb56VI>6h)J-@~svLG1edTC4zgZup%s!qlxPxaaoMbV{JJmyy| zBJzxTlnLCSJWxIH!P~@rK0dwFvW2D}L|8Uq0yAcU3S^eNb0B;zubWWj<#K5JA2wd* zZ;QmyCn7%7A;h&Ui2Pm_(7g3D`Z%<$uWe}TzA6;yHforsxW@5~g@907BP>$tch=D{ z3Z0f!MQib}-=SFKvEZ|Vr9BPn>&MR@ThPY9hkaemIdhl`4PXwS?kR$By1!sOD|Cxj zd9*M7gpW{rrVuu4Mwr{faS6f~y1KjxLcfhsrHZO8ERq*5^z&PdweI41WUToDpA?~|B%QypkWEv#xkK2$ncZ8-0}HaLa(`9>kkBTq4#e3UzX zt1;5N?{P*vCE&+LeP4;jmz+@fRDF?C%Y;F@&wT!F79FZ8}QJzmDX^Aws8 zHulwDJ%Hqw$AdGS{c>Tc?{SiYZJcJ4v@8K&tp!Ct(iBVQH86Mtw&o9o7@m&b>AjLe zE8iYj!@M7{v>{Wkm<|XSdN*gy|K#GLvtSG>OS?#4!S8wVHyzGFaBitZJ6&L;h3#wp z?SV(qMQmOI@BFfT@)9HR0>==j{hLm7uZgpcI?(5q{X;|+QZp^YxH>D^wW(Gkl6dfP zW)4aU)@7F>cfE)7hrvRm)PDT%hhz)5C0UJ-oUO;#r3{@dvONKKwm&Sne*h=B#!mIf ztUJt?Cn|q6*Be5v&+MffQfV3-W4_)WMjrCndLe6m*F#HZ+PfoO+LJ&Im~aO&_4A5U z-kgX4pE2>OJfQuy2s+!Feq{iXo)M^O1+win`nCr z!C$KEnT>- z{O6MWe35?6vchUXMn~^15!A~`t6bFE19swG@M)Z?r8M14LV^IY%);Ig+#k$|k0xkU z0R1)?pd(*?_G-LI-afjQkJpe*Jt{?^!C@Etan4EfF*4*cilb6Q&UZYFCxUaRGq!^~ zB+rI;8oF=?R_i3a$US_y7kt_x_)A9p0wJ&;^*+)dI)H$quDh1l#yXAfw@L3YQ<91R zioJOI_BZ$}o^V+AVj$b>o6OwSw&A5`XMQ?Q|9i{s9aos!RbzB2iL7_8?+pln(uuXZ?^pOE?00>r6S+QGIAf&rXPk3 z;nK>GWE0eCzaM{tJ;Lyg^XCjD`Q3D=FO5fzc-)FpjsGES2#z1|fq;c(IPKPPsY0vt zbeCS_+7+thH-h*9)A1#i^U#$^P}*9EV&>6FaZ(x|sx$-*<%VGOi?HlsX34XC;kJP$Ek`Yu zs#0sX^`-1d8j75C)xyV_N#1hg8Jv4ECS-|=1@ZZP+CH?dryrm1EFL9N4-s{34H@=d zSer(J?>qSGRGqBEgQL~&^|MYh;&`6p7tK-aha)T9`=MI3;RR$vyZ3&!EBd=)Vkc9G zD}%P!#)FMeUfq{aIYH`~adP7#UE}x57V|!oQ}^kN7^6}RY`(cJ&XCjlEN6>K`mFV) zy4Otsd$ydU(RMd^gBy~uOI~PhmCiEcS5wQrtOX#70nkytuH6F`3#fsG2Xo&lNNPdi z{K6wmZIiJl{YlT0jM5o= zC*o^Z>P_y{q>H$ZTd!PMvlmd2N~!#ji08}ex7sl_nY&1-1b-k8lX@imy@ZA-HdWYp zh20IdqT@AtcONl1K?>^L>3(}&Uk2}3`ym*8?x?Nqb*vf zfN$6kLe+m=yv^GS1AJbge4jGuwr5-lTDcFgMC6lSU%6!IP9>4#*LwK$ZB>K;Fu^~e zB^NJ7o=$T4hEZ2aQJe4mI>8Je=S=4_9ltH1I%k9T_kjikJHpmJ&VVaClk)bse?R?n zW-!Z*LM)gWkXu^N`}+Cq8@4;lEBTA(wn{Id1NB zFa?A3f*s`9sogq9peRB@xq zfxKW)739tFAi;Ooe6d!=N?nLls>|rwOg5g|3xr>yJk%pMnEZaw5ypnbl zqo4~SIlFSNW!MMKR}$*<@eT=dQA-$8L2Y>#4J2&rQFBTC2{E+Rnzhf%=y6HioJGx* z#mM4a$@<4%)#^Ha&wR;l86U4H+;oe0WKy{ z!9XhQGa?TxDl_w*+V0X`>D)_MWamg4hw#QXI$9f}D{(=nX&4pVr(@6)V~8UtG=GtwYi`AG{G*T=2{|MVXF#dr=OPk=jc`e>hb&z5*> zOTvjqPho!ns^^p47wT@QOYt~~Kuw2nhld!TuHb)4$y5GYJC(Qc<>AG&DwJE`>n9dBWR-@1xm>R|KQ>v5!#Lk~C+}zJ+9F)>p4U0`Y-*#Lv#*%ukpocQ|BOlg8?~e!LF9 zA5z^xUR;t=d7nE#^6q?fK`9T}}v8 z{Z7XVxgro^Q`m#fW@80A+Bzzpdq5V+%QAyTn6#ETB{+Whe7lD;cv%P%{DijB4Gx)} zpSD8a9qfDGS0A&w)ZCvuz#C3Kl4An|ZC%;uI8f-eqVXn1P)gxnpf5b0ImuiWPvZQ% z71dI6HWb3=uQG4gF>fgPCimDRlB)Wp6(8N7d@} ztO(+5&6FmJljLC&=V5PUdo;uq!AfZamR>^W9?IA%TDndrbcD;s;S1Zx=8pyE z{G-=GdFYN5w*f9WpVS7l*YC<)hp(~^C|hCkV7X3j@?4X)8u+@~VsoA>k~obMw{T9U zgZ$7tfCU9NUs;DTn<5G}IBsBg*m_uet_Zg&YtU_QBp7nAUX9_!;=&_>7(uLl^et~! zo{qCqPggQPMF!A|+!IWfHXn8=lh}HU@l9#^l%M){kxIU^n97xM`36g$5afaGy*vj~ zuGShP6oBOv3EI-rLXccaza@JwB;GIMUM0?!-e^RE)%^Ooy8h;<;pey4Y^PTgDSBTa z6*$gJ{v6N4_8pqJqWlVh;KeIxXxq3|HrpTuGF2i zIgB;d(w5?=TS#ive(mT_L0xR?W{Q>0MW-7xg^HvW`E(V4I4fT&maV6m{DpOEr1M2w zCV6irmPd^z1R4T>=GomuLwx&DUnr04Oubg&z=Ioz{2%rYut*mB85^uCHg_EWd-iYI-!oo^jeX#q5z(EV<1PUFnAVEvZFIeB8 zo469SMhSyq1lLnIg+DdQZZbcOX(D0Bm5gMsT403@Y~%s@Ok4J@YIrMD8(HB^W&9$9 zJz_!#flAM>Zwik_pS@5oqgLXm+sWC0_Mk|rqBTkj(DLWIeS_o9XulSbgyLCpg3{rR>$f7Q4%xJw}$ zdLr3z(yhK7O-fqF0iYDjdTkp9CG=8d{B@46MZRi~CKP+@C@-!#X&t{K#W*5cTbJJy z-LDxSvn|KR)c2%7#HE4GlFV+q)$^Y=We;u=xOP3L--Us--^C$6>zSrNA8#wM^bJX>kS;wH}zx?VD z+;ZkFD^GIhz|tPtYL(bt?ecsM4LXvC=_&!<@reKL3?@Z+cK$AE_SzuRr7}JslWM1s z$ZzbIPs!Oa7pdN>gUI@f`XTjUoFkJV*-|7CW`!V$!DGY1l z0WbJ#J>{1ZdLHk61Z=2(E0 zLdoJp4MTMAmEgbu>)fv_vAr-7!tvT3p7+F<*A}ff7@nQE{9zSjVS1HX{8IJORx7zr zltzLr?&@n%i|&uesXWQ5gL$y;nhrQ}1$4d)>ubFWXk7yyA4gWgR&TSC1 zWZ$0psL}7;Kl2y{7(AK!ZZOSuTjWn-1ZT`Gd4%1`03YkN&u%8vOLyWr?x!fG`|p>R z7JXQ+0iiiL(?OB6-=Xl)*(tx*Rx1A6Yjow9S$o}q?!(BYCHY=7;F3g%hiDPJU-8Ex z2l#Ye4aomWCSAgw_;IJl8?OKGf&9V17`x>nmyrjkmv_8>K5Mo$22k>>!L^vHC73qW z;kh3&{f~u-I`zB!F(TOm+MimvY9cE4RTwXq;kaLCk5}@&v}cY+MsAo`gwb$6tX_?+ z{o?8~gBw!n38fD4lB>CB3Ug2It&#Z{4DN}{8GcagYs7^z{IASBzQBU}SB0f~y!Lt+ z4Ft|x#8Oqq_oN-Zppg0!{SBs=zOx_Lp6<>}uvKJ5mO?;@az^l&IlM7hj23=x&({;uD$wvl;N}y^TTHc6H>25kb zmG9)G>?44oRFRG!OrYpnzGGy<_Z-H!Yc54LT#|ylPZoWcuBX1=hv8!wROLNOA_SG| zP`^1Tr<36>NfX|$`Id!`{jvs>oc}1)C;asJn)FzPNhph@N<$ znHX=dIPUwvvyWl;6HlH97*KP;PUO##8of+u)HBj0Xb zeOpgur9}E@rk|=yZu{uWa4Id@M;;pC>M$rIe+M2O-!GQK{ANg~9^Uxg4H88Y_nHu- z%KQ191b)8U6sp)bXH~b&a5ivmZYPAh*DBUt((-&lOG=@45%-`9@yCGaf>4F^Y1Ya5 z`IZ{eYKC~fbALnm6RvNz#lPXWEmQ4WAWIhugoDsYCX8PA0eoH+`wl#7t@tytWt{!N zJTIX_ub&Ec$pY;p_43G7?{4A3L&M;!#Wz#!nIge$l`=;x%pbJ=G<8i&rrAI(d)I)v zuyj9TW*8*%UO!{m{LaHzTqvP{$6@8Lo5}}6f){S$lzHqE)TS}2*!9pw|D7Mle`Hy9 zg+7@qUKIctihFW>sgGa1n5q2Xcrv#|+}FD&vOjt7wno?Pa6!b@D|#fM>%1$ww)@Y+ zI-UlueI{aQ@hs*L!66vM-%VJ^J~d68RplJFEVnYOM*|?$Z0$*SZ`b4?N#BNOaD53p z3@7a3vS@bKc6TVP;~d%F7G4yCqFe<6sWgP;QNImEw>_KO^rIff3T>(muF#L zLJFLwDT_fHQ~S<6B*>z**~e%Ewe?JGAKW65RGapd<(UNz>06VT=wbf z7VW>XLT#nFS33y=j0DnUD&(oYz%n>|1s0fu7vm8I4T#ixxc1Vl@<^S13zi1uG0HCq zlmU*`$>r8}+c^`TwWNfG0YV)$t%``C_U7SLr_)CY|ScqVxYcP~5WXub3 zCbg>#dAvAPHTA=&BY@MO#t#~t`|8x`joiRZzxYqla=RgY=*D^Pj|Dz9WFqfw^|-@= z(V(f?!A*|0ZhGMIRA#Pgt_xBk4Q|Gu_~je;~K zWzzQ0cFBQJ<#cL}$(^vT7msIPD1^rL2bBx}srz6|d?hKoeR0Q1=T|a({x~#8{;CMC za+t-d+FOF5*{G?6K}w%MrJ4t)W-M%}HL`RFaPmR48Vu>oJlBO)9}I;ITPr?Z9&}L? zu)sF|SoR;yl|gC^eC4_Hp${%z z(7EO!X)!c{ATL(>a)#Shff^D5Swki;5tsvizW`yT-+%Ur&P2gvtyz6U;nV(6``iu1 z+88d?DkJC!fKFCUpdA@=f>pG>GIUn|xw>`92D(_t{f!GQ#f730N=f;B-{rW-f)kZ<{Y=3z=&w#yP0aAG>RS1C; zy@9`d9-HDOEm;ft;5GCfi$Y?4xK@G3m~pz1^O4A+Z$};=ciKyaBI;z#eewGZUmF+L zjEx6z9OW~1)e5EpPvC1Tu(TehyX#ixuf9(yV1c4GmvYST`tjW((;7If?KHoeQ*jMr zhIbEM{%tPfFNTn zOhn1Y=QFRrhNN>9;4)Xa+gsMZO%s%Auj$jl^p%LXXhCrx_9={#aTJ zKTihc5ZSA&0cs*w!MM}& z-(knGy3$pd8!bk2z*NwOyHm_NT`0djVRzzpjoOd-YJDuFnq%;K*VpTQjrr$hrOrp# z3(nxoKhQ#AQ+awrM1vH2BS=ZO9534=Jstug>rA4vIw_A*keuU}iXKSM4%;a2QaCg! zPPkTt3w&eZIJNe-wdH>#{su)-3 zfWwM4`C02OdV2qMC;H_k6YnLBt=PZ9MJ$MqUT=T$J7GLZ$M39zGNB5mom zq)FO%bq)E;YAD&XkG28w>AdP3XU<@Dc{f=n6J*bRv6oAv8;}Z ztf!(|mUGIul(r7VU0J@UTXFw21X>JLNG;Zjk@8`4nj=Z?MbGgOH2bLnBTYNRf{7ma z zg~VdpwVv0gk#BQgEM3|^7tVM6hw4CM3`tm&HSajYZ)qjCL5h(HgY)+n?Q6wU-l+zDd91k$Ybk|1$-!XbK1y`Mkr{{voLDJc&X6ds#pIJe?j}ft}t`nzD=R zyHwiK>*{3(2Y$HQC3^aj_xNGCK#NFX*&$bEcp%Q+EA|--6%AL@pPc#175{L*4A$?G z#>9cx!`c>!>9=r(XQ$ak*xiC4p6lEDXz@yNFEmv@a-gsgt*RQEHnA(2cBk?0%;{_X6N?LGVZ>{cdj3oCX&z}Vg`hp`YhC=H!eNY zRz*E~eSP;c6|nC!qNXotjC{pn>*3%wT>Dd#689WZFM5%NTLS+=&q#g9$e4NxWpS{4 z48q4wduI7HRKWY~vKxTD4>R~BhkAB}#rA~((HdFey}_5TFsb_}s)X1PX1koYMj0np zJN(|s5qKYvWbiZTSqa9&l~U}GP6r|z!I-AU&+TMB5M_YHJwn!q5`{3GI#`fwQHuAz3r1llMLHKU+b$?j? z1LXCGAVH>ZOt6s;W^(rm)b7O3IRa~p8%HrK#iit0&x5#|GMz}c=N0im(kik$k*#f9 zlmw;()ST`K7bD&h;R&BX*bB3c*pKdGpJ;Ec7PHIpDZG9DP@oS;ERwzF4?htSA>haN zNBgGy7$Q~x8zt$$O_RcR>2<$X#^~62*0_IgrP0oSk3uY+RU_8+&iUhPkas!aGsN-- z#BeRg4Qy@|DJAn&lpmgD7T^oon2(n4-dK??_1-g?fgHb+vQ$6Rh(CS*^cefc4N6k2 zgIPHtVphC^vT zW&L%}IjmoyHnD&Ec+pqx_!Q!2w2I?BNMxIb`HQ4!1c(fh*Uq1ts*#5;k7(8N z6BV`(aNwMfeYzo4{);w@!NfPJNc`@XR=~7Dcz1Bz<&gxUO#8I?n+sOn`)52o9b1Yy z2aj@-mREfVqw6`|UKnIYD0|~Ap+RqsLZQ}HhAXTSB~dEt`97j2)#QG7FsZ9x6MlVK z7gcm;m3U)cAXTnjClTK&1^jtqqgiNgQzE;MUV^tl`*^N~7-;m%0g;+)+I7@Knc?{g zE(2BDf85J;m@PLQ2fByhHSPIya5sTJ6UtJu9!RV6tazJ%XcWE*kLKCX?PR+A-Rco9 zx!_)3O04ft1dG(ucU8UcBG8mc>2*v=*Bv74hwMEIg~eZC$)O>g3m|l|(HJ0yF44lc znk8%_Y=!wmv<;TL=0S`vD!}=2T8qZ>4Y|5~awR-*SWg{dh)>6+GR})|$EJ?;9&Z;}RpQIRl7||CMhE69{E)oM zM16Ncq~Y4?ioH>!U~bpTphE#@yY-c3*yemNUnk}C2J~5-wy(kI_qZ`Gh!pbi3iPY{ zowx0|Qo^J@-^MNil7e;AnWj^r1_=EK8;R#*;&ZrMmv>BCwl;+Cta{ABw-=<}L)>Tg z^l=HEhUyiqYQjpFDF6o4)OmCJamy<6DTek<^5)kEDt{~2xMp+B=XV?56L7W$dYacL zbA|aOj12j@ix2PZ{O$o4mvK>~8M$s$}b#sSmG#2y-@8ESI`}Oq|-glgveREgxFz zoP)Z-?{0ds|Uw43>-Zvcql~M&;3NNtw6d#M?tA0X=XS>lqLF0h227nIei}n@ph2QJ1^DHDj z-#_=N%r50<(#BJ?$%DSv0J z;A8W`NLn)GUqOGRWvUF->>|A^`J>VmJ`?1p%o5@!H$QdPt}D^;^CD zSXX&(6T^aY!9f{u{ zBvaiyShh6LqmQu`e9 z`5g9@;y%o7$36*)F#!1KEe|O(!hV~Tu!1HtK{L|wY&SVVG|mveDBoYI&g zODx=yh;+!qi|jA#XELF8*%#bH;}QVGW%*B-E;e<#L}SATCboMWL}EUa2;%eI-@QLp zYi|}A)853#0lR_~g-xFN6UVX)1z7cdzHae8_J7LNKaPLVg%G@z1dK4R$}Ogkq3b&0 zre2}eMy!;(62Td-Uv!_Y@M9&`^IhI$03hNYJJE^jvU{+CG$z=^q!_`Z5HA4P?;dCP zrIHPr>;CKBU~32S90+J8jBXRL_YR8rJm~z>)zp09DITGk--Crf$0skb20?J@gSg;f zr-$;J2Ix`YV?Qb5eLBeROtkP5nS8LFv?`M6Gw-<-h5e@M#C*b}bMlo0UmXwjYcJH_ zj6Z5u_5I)moHarDeH6j&CeBmZqEzH!o2vLkrMo+0eRzP zRyibU!+yuIj(zA!>p2r(K4#$H#)I!t@u0ri`T1}tXX{SydxRUf{0h?H85pguZJIy8 zP)L7w1?%0TieDNqknD9UMb`5Dkr!^Tgowp#2)<#?aB!Y{o3K56w&Ts^Pf!0gf9}P~ z9rAqRMPQBC;};SX!A?~PFp6`3 zqucV#ddW~Z2bB;k6l|THLk! zyc~NUCsw84$5LhX3c^y5Zr=T_j}*C3d!5l%uYF~kt^i$JpNk{gXBAHpJnc2yA89he z*iU}wk#ddsyWh^I!*NZZ=}RY>;98}mxP3~!El{^Q@^9~Vl9(xl$eVw(9b8mwmd-!( zV?JKCy2P|hv?2W80)zNvao;so-FNh|{Sy5x)0jBvKAu(XtysxA9`ex6u==kfq8Lae4y+&W6x;TAQdCMi{u1pnO$qFjz@Z#K-7+aU1V0fefSx}#^e5bt zNf40h+mdBq)ZY&(!n&*OVEo|7jI~G|r<1$Ch_B#@WO z%04~psgH{&k_r?f+JM9PxZUPW4j~D9!>sE_CYcnPga_f zds)!wi(Zb@XSH7CltEd$a^fv9(E!zTLWTDjkJ0x#mtAm*rKG;DP7l;Sn{4TF3Epr1 zMOhd3FzgC6_>egKUArKj+|J{z{z7~muuI{cAMqZfEr0WsW>JEF11t4nJAHiS^S(MlID?T}I|bx+#5&WKa#GrT{Sff|D`hfXiO0jif_h}nGnBz z-`2jab~G#oHT4IO4I)F9#%h&u1F zUjoK<`4_JhbTAx+z3sDR1Qd6N>I?Ef_-GeBdRQBHar9e;?Jxim^7ytM8{kw@A6}gn) zpI4Q#&Ew@oT;OMz!+7Lrtc^+b;TeRC5c67fC|n95bE-qDBag2wEB{L&Y7e~V%zDC> z?)m(foKbMic~_hh@0W88H0CqGSoUqQd3X(W9aX-cFwd-2-z0Kh>8Nqw)8Z)9E3I-U ze;(TjBwwd&xD#X>#f}Jc$P&4D<&v54H*{6zmkV}d$a~sHc$Nc%Qo#inbt=_-jJdh9 zH;ts>{eG)2urHQN z_-(Es_RJXL|t66^u!$-Y&WOq#i zU}W%R%YPh*?7AKAR#u&jbt{lJ?(==B&f@9@+Fjg&+DhN<=tH4-NS_CF<<eKg1;{Gb40s|T*T(2(QhgmP2w$M$wNxT+4K|$0)Bk^#=2g$zQh{ce< zl1n$;e*qFI@hFo^sVRxnu!KKiHB-sfk+%Jv$}hApH-~E0{Ik;Cx0%W`Ks5_aL@=Yr z0lIotV66FOl=>>1s`Djhj+4vW{A=}a$M4V70@kYQ+$C`EAy6iq8?d9NKF-~KVaAxJ z9V>oF&9y&O$#Zg&BC}viJ;wEGI)Vr&x`oDa+n%Hv_308Xo(`K5h<_zIfS|gsy6 z8WaX2ruk6S75!e@8zWr>UECvZIF`ONsog>unF3G;W_D*_Q!_*E0rqB&J*~f~y zk2gHG7c)pDxEsUiygWHzGYILM%)$Jc=DzjTCzd(*!$V|!r~x#tg|+6u(L#RQI%?rG zAcN4gcP(}DV&}oO^1bbAo)tY0?2Y^7=`?Pt>Ln{0mCaa2*N5{IzOD^scRuPziR0j9 zSC#Kng{7piUTJh?dwyN{U{Z#cJ|!|?Mwp_8*`!-*qad{x2DO%Z?q^?j z^>b$(MP^(%w?rTH+PbB28b!SaKx1~;{4Aa+{e3zQ(9-gVIn&kDf~8|{K}IjaEdow+ zpOez6AuZ`ZIIn6XD{?viGg>MrVG- zK>=L4>ohJoUze;np z`Ch6R{e_anb}+fYs=Y;pj6F>TH_`uigyjp{6OlH&RFL38sS%gbN~bReo{M#dgN3CJ z>1>Lf!J@MGUywBh1rk{4{bSySBN0Vp`_`ITgl zCSbjSv?nS_#(1`jf`Y0Z>JoOucx36bu4}yw^sz}6Qk#EK3{q>t`*2IcW~6K z0``-(TKR=CkM_N2sU7$?1=Ks^x1S{^}=@sm__P0$^>3%?wr->ts2R8@@r z5ex^m_E1NFmMozlxmBxWKGL`RN?QCHJ}_Zm(m3mn=%Kyo`e+y0erv>i;kk90n=lBO z^3M;uSafJu8M;?IOwSXWe67nFZUvQbh4=uam&h<{QAwIMly%)NtB<*dr>Ux-$9!_$ zDrf`ToplJ;tEBZf=WF!4zkCH8(Kigy3r}{DTZ$*?AvWPauni2sKht`nAmbhD{k&%w zDD7>L4<=?t-)@&UJR@xM;L+P`Tq2!Y|5+c5>zMq8K@PoPD&X|Xp`}3Gz00}=jh`++ z4<^79>}PT`gFY($B8op%Eo~bZ75Pl{;P&H8Pe70LekeUwBdUvdh`tx<_8AQMZQs6t zMtminP3Mqa(jwX{*xR44!-*LTI)7JB5dM}W*2wcIZ4m8ZYf>*|N|45?!ZK2isgivV zp7~Do?3PJ(F@YTqi^vdubblhXckz1rI(dj#?D4v7UV=C19}T-WP;6+_^5;h;V3`Ld zRxF~GBpZ?6-JI!{EI?|&WND&@U=d_8++sfIMXi2jE2-u$caRME@)=LgD)#`BQnuZ8 zky@|M04lw(>2tn4U*$1$r6KL3o=cf)h%We+A6lQnYW7kuheQ^Sk^#v?HRFH{b~4%e z08D%6wMw#`Og0iRXgkIjISfFQl#72lrFzAN6o!VEHdkI@=ZV#B9^U^A=>~a&>XMKc5(^E?TWp*y7MZ1mTH7O8iTzRG z7{oB(DB^8Q=IJHjn+m=TtL-@=o>*c*fF)0Gi!PZkUwC**!;rFodSS23AKsDw4pYHA z-_^vRX>NW;)ydw${m>1H&F*XY@}9UO{UORXx)!ziU0tzJ*&lz}&+I|wGS5S)|5N14 zd37}4BYI%cxzvlySG#jCZ%;m&d7>uGe95klq7ctX$1|f+0#hm~FyA|3?w#&touv9( zW`D8l9+BvXiz)i;dhO)CIK|HC5bc8k#-yi*v0w1LDW^Zjq;bcSNbJukw6Ri+=LDWCi0 z3n%EJqOQf@>ZnbaXWg-Rpw4b7>7k5&2k5_e(mO*P+Rx*VvFiPPj!});^1Um;X}30h zn)3N*(;P!jP(2`;S2x&adG?6!Hk>UuzTBJV*SdCBAL_LUz7&LJCOVPGn=AYz#fF-_ zk-8t&s(|<7$l~kBuOP7A1Uk)oX@WP)bIr9S0LIx75coYJ6Ad!*=6S&V6;mBtXJHxk zL@C$NqnABs_*%9UGY$RxJeqU-h3!p_@SmjPIit$-q#YJMgoMWVOqwfk4vc5(7uLQb z(PQg@l+k~<@Ch1xf9{6LT@e};n@gO4o6=uDXa@PgunMPR3sk;%yC~tMK~5>=@*xgi zkMG#E(4xq=f&Vn0P0fBr0HdDOh6u9P(P(mFqr>o3Nzez+LdZ;y(}vyzH1GFKi$ByJ?V&1;zj*ipvdt>4n$g@O z-6uZWx7_EC@N2Jh#5={2UHCLxuM8lRh6ztFZst*sf;;p)7ikzM8EGW2tH`pNfW z&YQ1G!BfYuEeR=F9sw86gSZ!nqf7;T!DqjB?JQK#OC0v7@qeH$XUs!RtDK=2NoHTb%XlV5GcB`S#N6e1BfN^8r2?SI{zYCU8*|3tKS?PqThQX zqUSol-pETIflB)O8qpJwm^$tv!Bs?D;pXKw6aSmjrrD!<)t=b>ezDu|k}tQtUvW?2 z(u_27e*IKM(HHG=o3M=JZ_|5j=^l03+fHH?+5Nw;f>(N=hy7kI;|>~Mey2id1?vifp9-FWm<9VN~+%@6?*` z)(nKH`;%7zH^#u%QO$V3|BGtNy`R9tcM*RX09Zp_zMjfqrbyrnxD3q9_E$o^!%+5N zlrQ^KF`ljxyA06Ix)Vjls4{i@jQO^OFwKa8F7eP66p)$W*$uX zNAG8R}#UBhyIPz4= z+x|W(<`kXB=P~Yjyx5fF)17`z&2>-<73xjLeL2a?d)FkNKW-C8@x?xuA63 z&r`n%b27T-kzzr-3eMbMQYL@O@&r&!1}9rD#-F?69*I<>jE|{aHxJk*{IX@*Q#)ms zZ5X)a*6^@Y3R^;`qYhGj4^&V!sATu+Y>Sk0_%k&x3BmI#XimBS8lQjYO}vEz-l>`L ztg;+gyq#1yc@OX?iy8Nhj%Db6-R0&&%iv3)-rSCFmu8JQd-sQy{T&H3>C;ahi@LyK(OZ(BV5sX z*V==-KSJseN;O$m%S_L~b;k7K8-b_DXb4x(fqa2MMP9b9MAq#^p7rYiYLL_wP6YW? z$8doLt_BmCJ@Bu`YYNO*N?C4yAsw0d@dqWcjhEh(vuxS5t`KH>G&3^Cf&-#8{wE=9 z-j3emYXv!Gj`%%otbFhs@?pMvA02^vl5io+(jAk~bvAnD&Lp|f14G>gf?#!tbXLSK zE4(9mn3Fi(qanz;jAxfGP!$ji6gzF@N-tn0<;9IibFK`=ua)F?;|(#QrGHk_o}J)(|>~}G3;6JNK*pTr~3!o;lZ36Zu|V>UX1jk z4=+Fr6eFYV;pqY^T0U)vUKMZ<&+ifpJ4rXD#Xwf9`AKH*x5HaPcF&{rIOl+v zZZuz-7@?wbf4?XW-d&{I;nk_7^ZIR(K^;1%Ccl1g5}D^%?>?;t4;bA}ZIyz^H4cBS z4LzL>x!|v2@}0E`2w!yBs*a%_IZz4q$_W;;vv*Z~Si^=-``4Laq)RH_{d|syB+pV} zSm@WMkco=hSHr=$tH+52?lB;5F;W|K%uxKkbsT*$D!}cAmi{5@nwg&x_O3y9tMYqA z46C_U*u&&3*H$te*sua}iu?T>{K_YTtVN#3`}eLxTRuiaoqOYTQJ?)MA)*>h;wUtR zJIZ$A)5|`e!wp)8sCw347w@ zDh-;4KyOf*<&F`V*+1{YpN);%@AS6~U*3e1K$K~GE%i@_b@c#)NA|dX^VicmG?0Q? zz0X&d;AgJvlleGbG=_S|rc(XLeav9zFiMwc%GJ2~*F;t0flJQsxw}s+cG)~y z|Fop6E8QLHPhnfF`p%@I^*u?>{rvpS3*J+&y1AHuQ9@-kDVxxI=hMC_^mBY}=yG37Z&&W>#~hs5zS(+taf?gP0P}pk&o7HXUcW;c7%%jc`P|B! za?*vK%;7`N*O<`!caNoR?ILuohBpgZ{B+Rv#)RWWmVMp`M~2h zv2p?3$cIyrKLJ&{zbQj&SaSHP#fc)jFx!KS3tx6Q$?Q?Ua2%flqDbr|Q^#v?bGsdG zGwdTYvvJwCx)9UBCF8ilU=nG4K;?6+pQtrW*8_jhBKhY%&S`p|k0>)8_XZgslet}O zpXZGxlUkc46(PQju=Gzc=VX+hd_S@A^R*me7+rezHa7rq_GZ8il@$Jn$=CD|^sRp36N9=3gXua1xBIQWwmE6t@8lNywS969w z8Ub@Aq|QW0|Ke~6ejf5`pP26=+4iva<`;uEF+tmnLn(IYmuxg64?V8}@%S=Q;s9zg*aoz2WKSeaVl^Anqge5QAE#g9$`6 zpmbhJ-s&nynp{vEqNb@3$u{A0GTS!+vt(B|T$c=t)P|XTOc4Kkc8;Y*E_2vEWVP|f zo4Ak2LgTp`415?TKPu8`K4mk(t;f+%A}1c%UWOP^5f0LtfY7ej+D4r>amsw!FKjw)2{9UKgvfW7_42T zf}|CNY-{`WANY6~{vEP|8Xzg4TCivwRfWJ5*%CFn)WV=p%i=iH7L(wf5ZlUtNz(TbKrCSgPS?j2Ketn+u z8-HVQeb2Ri;2#V+#IMVji?PZK#bds&9s?Z!bkdW=iXmY%a2FH}Q!`XQ^_%n~U;qHN zC|6ymNC2vF_Qb6BkO2Vcc$j72=5G5k`<`5s6`$cgh}GkD>Ewtu&gukfgddbQ`?u5P z(*3)AY-c&_J8r4)B^Hx?)Zr(2eUdJKt<0M^xfxpyaCxYWgIRmyIR#TtR?pL0wRy!g zk`u?(>8nopeXt{BVN3`9)Q5X>cIUtGwxG+Kw&B+&E@bPXciO67iQZ!-{RU^q5GNGz z)S7ah^2)4lQyL`skabHd?_jRJjG+-BeHlVFbGJTeNBZiGd?mBY&O}#xZ1)&nb12f# zi*u_R$p3deIw0g01JdthPSTA%1TnMoj~syX%Uz(Q&f1-RlbZWFC<81`E?Kge@#KF& zVIzDIYHkBtWaz8jPsa&2FL&J>GA)(`wA#;#@4=(kw7%D^EIwUcnJvcIYny)rsPJKp zND4?<;SQIMGsF{33b+C>`;_<)nG&f_<>9Z5!kC?Lnx10~g(v<6;|9A)3!PTFbG{i* zF@t>22X6K+Uat79ew3#${)y!68n9xH0@X~&;AnVW&{nhxHRWOfj9Kx#ufmik=Nl{| z@C$JIwZn<_Irr<`Q$x_2k~mU}b}B~*`aKzOfC>GK>h!|jj&86*KI;q-yHjE9+te!S z7xf68G&ze@`vjd(=rKY7tZ!>=v7q{nC0Wg>=as7x$Z63PB{y})`vud~>!GC%PLJ(b zJiVlSJx?9{4}Z4jekwYND1&rgiHUc1K3?-i#+I)>$)W=q-+%uVLhZN#tHHJ-LJA5n z^|9`#`cWf-2e1%KSLzncuF%G+$rvouaF_%bN?9_TF72&BON%)THn zSIpiU1`4izF!D}y?k28W&QL$R`P>+=WE>U0@KVWFI+ekB%T}+}#q+s7W{%Yza?*xa}QCmaV z>puI31bgl%#zJhl?za)mZ?AlKQfTH$6j|nNGMC|p?n@mj9!qwD^JyEjp#-VDM%|1S z>%(LoD|B}0{P5|(e zi6xe#3oAs$0ANW)S}jWAQtX4F(~747uQN?+Zc<;-kz7mnOTz%ce>=$Em<5O^CO=M~e)5=HgaS zgh?M^hz5`4;sp~8Xud1w4$a6V3rT%L66&tO+E2hS0b?^oqZkQIT2Ya#zEBiZjTIkb zgZAMBO#F|x`TIfNG7F}RYsekXll2>}zT!ixvYuD1Fihq|ykN@W`0)|@wpyI6FaBBA zI>qL6`U&~^z9PmAGEkJ$0IZX@g(5C1YS=^wvq#H#5$uBuP0|V7wV+m8U zr074lx_Kd)B4ixv2UWdEe&rR$^D}Quyz^ASbhplfZ_PdiEf|nEuxKiqK&! z0G!l;zQYvca6bLM({%+2hb{U7jzln?_WSCr_8&*5?)KBxD5R{a7$*e&u?qEfg>NQ4 zw|pI%zb@EQ2EirV2U+y^QvSyA-NDeJJ+%gx3Q@zA@Gj zPTHKMDl`d96Z9|rxdRFs@8JM^HLISb{^z~J%=MLRr)Kp4!PRj z0omW~?X6hfh*Hq<>bwd3w$BLDNRj2zynOpd=k+*nPl;5{K%nJ4FhcN$?OxEs!8zWv z{;hSrGO|WdFxACFw$gFzs}r0C?b0H3x~`}F0?e3XD%%VGPdQ06ey>7EFT#BCM@I+z znZ{rCKtuAAN7ApNI2MMp|Ko)VY=&+?KRH+P^AqQ=Lht-A6)>?8D`CcBs5S-MNQhia zLh#Lo^%Q~J2_0!q{>X0H!?1kwcGeY`I_z~O56mtFhwVMTVobUpu*^jWM=mf*Y%Z(e zYUyL;wm1mx_2WwYnv>ELXEXT~=mtJ|M}-*&2%(yFijEpV^0(8k-=~ttUA`+l({>iJgpB-Z zm4ic0BkDj1L!0Tfdze>ZJ}zHT`6ITP&{)Py0bl1#vIwEpZH#)@!lc zEblyBAW4QZaP>FQAhyfUd?5v_RD|?QLigd+g;;FWClpihL5sMiXp$hafRfn*1U>N- ztP#m4`liiKMD`@Mh^~A}RF50Ce{%GW5@6ky9iJp>mtO|`k&K|Qecn?YB*~2X?3euU zc+f60Ac5O%!@h1J0}wl2Ck@)&W0f2Qe0MYX8^C({51x``=!05vyVfH`Ou~a%-jMUJ z3y>REBP`r8hZ&N(zU0ZW2WiPKyplOmj$*NX_N&uskORWSTb>-{@OFcGpL=-8N~33c zEJOgCCDeG=J5>6Q6=)avF%Ch*i&&VmXAMs@F`(68W3!=%g=;+fg07yHQIoe9T zC$&b^0xm@+7l=oE7D9>-6!SV{Qmv$)EA$9;co>Otvw~b1=$OaSr3+t}UZ8~F)SjO6m8K@8!# zdk3IQ+vm(T?kH?PX$r>mjgjUm_3vMk_U8KWJ6(8`LkNa7q^gHa9i82-{=VYCDPE29 zehc4St_+8T{An+X-EYs$froq~vJXr`l@DDXo!*ii$}9$pnPkTk+HerK$A}gC1dGEL z%y?#Qn5K!-(c86OBwSljANMxvbTTd!)eOsIw$od8)N0S|Mj&w2{977n6=fkET_vZ1 zDPpz>tcs~-8Q~6*7R#F|-XILp9AA%Tscyy59rZuIH`on}A4C1_p$2{LiI#^iK;#m9 zOdOcJxuxq5m_58jCI&)Ykh*gDWFQBkiFklVU7PXXq7l~~0xW6R&u*Cl>@H{Xh@cvM4!AA9yt1X00AngDY

    v$N=pCa=dvkBF_0HaHgVKN9U2`&ip=Ph6w{$%(hn3UqG~s?) z;^48L=db54`4$%-po)So4t?CJ)+}z;zVH3SvZ>k<@ z-rSGqr8aep>YJ!3TX0-%;}#XjjZb!?-hWb#=I-0n=;vVehUzzSN9{So${NjOZ-4Z} zU|W&({{0KR^^$+*D8ia_<-79qQIx4o`|sKHvulzKm)DWbJ$uHge{zwq!|?VIzrb^D zj2b2oD-v{kFOOi^Hp6MvgqK;`Mj!I0({EH+>&wAwyYFZ z-eYjCS^FJPZ0R}sgK>WMq3iP+p1*ze^x!+j@>i$P!DsB~ryq-U_nON$4i3-o6&Q|t zqTegmH6B&K&J(sjosr*ZMWaJg|Jj^A)Zf20eu*xtP5)`z?`%`-V20Rmu%p5+7@?*-Et^hn{YJa#)XA@X}_~rn@g1i z_Ubk-?yZ^Kkrbg{ST@ud{0TSl6`Aeo+-`J^_1@OWKj!YsW-M=;yg2F3-p*3*_EEdm za?nL{3T)TAEkZjp&n-KwDUMVvy*@YD*<e$eo8A+M&zL$2%^~ zMApa-+@_1>i_3EZFRny+us}Kw9pCTWqvESi8uwzwP460heOtbcB&eQ>-mvJ2%sx<5 z?`8jt^+nOIl<}+;^yNeLZ_s7dcdX*z92fnvRPKzA*)n4aF8<)1AP5Zdc1%X{Zs^1)u^q^zg?Y68L z@%`uSt;PWZq4ZoJYqAoC8tu>nDAG7b?WJzCp!`_ND6J^%x>cpe3 zIlsI0O&OeL9XIgoiJ>m`3U%L)184<=l%+{emh8?c3id61gh^+8$+%xxy?HIS>-oR3 z;tsVUjtv2T;1j_Y|Zx z=rmyWuTHwV1xDwsBX1`C8e4j4R6*qQtBb0X(chNzQx9MkeeH2*ebSnxq_Gs+_2k5! zS>@SJ&bHk+f5_O+v=%3Y-P7+Le%-U=#*N<}U+7!wSp&wOrXLL4-QVEHw_2#8(9fBT zI}-&*@-RwHJK~tFKi+e-KlkNF%kucs<(c8vgSPd4(5t`ZMqXySU1!#Dk8roDylbi7 zM|}(G{RLAS;aMLosI~sGr@qQ-s7}--KU$1DkTob05%%E4_jpOzIzJ<>Tje;M9q&`4 zwvXDj{>OOlz7yj|jsN!jwjB1;?i~*^*xCTj8G39R@`_+0UBZ=~FW9+eh!s zNbSv*vh5@1CNi7yZ~dM-l(lJEeEOHS$9A;y^c}u;t0Qal&21;+B?Hq9>9-Ep@>dY^ zte36`GoN)S+}`_qub-9j`LZFml0wH%PWt#Vzr*L3Wlc`wy5F8q3)T77-c{!Y`{+lo z+uS`HwC=O}+8Y$>cM~#w{?|)4J{4%Ic3)iYxVwIGL3)KPnpVAccjqDMBlmZYX|t(( z)0`h8_D`AV+@d2HzJ8sK)(=zW`qqwJGh#qgHbCC1JOA74`Az&A&Q9q+{YT{+$qVId z-sk~Q+UiqTeLo#cue><@$gjCGH&v8w#1%e1S>|cg zOum^BzhtI&%%>GZuc{as%sTpf@qY4}Gm?$NP@6^^*gI-(;MSmWRpXzNDSL?p5Z_Kx@RiB!(LNuxz#T!{LTF%%0(x-4FA>n(w_2zLH|J1 zy~AVowd$u59iP(R13i6a>%KkqxyrAYn^77s@2}Z?DR`>)w5|TWsO6-UOGXR`$_8Y8 z%3b)b<(Zv%!S3Rj^T+E3jjL`qBe!eLh2Zs%4b}-3jBoL-uoP|g2>Fv4sBYV&;pKCQ zGva?sPIf5*P{4}Ar%Mj=bgJAEM3;~T+Xj1eNG>rx9{;w(W)OM zm(8CWj@*@2@k9M$kazoy*FA5y?R=*4MMdwDs`u&k&-4B^=v`F}_V0=BGH5?@F@8rv z5hia_Ou}Q_U%$H^M z~StPvt3%C<#u~n^2_bz&fB=`E|RtL8BK=2{A*P7 z!@7CJjR>bto<5N@{t)fTI{(meL*r`Yj(fw}6Kp4Bwt?g4AHwCvZWS1>?9@`DU*E6e zcxSiA1(taqot%-ox^Nq+>i)_C#)J-^I?tXK4^S%uhX}n!?DMDwf*V5{tINARaYy&%?4J@xQa!X zo~55UD2)#$pl&yn>{x=`lAzq4#;HBMbWWFnT?7>mUlaawI*So!cjOsIRI=Nzdx4>{aK7zTV!6 zq-lJ5>5iT2an*|sON_W^<;OnfR4ayWqBDD!ZQQf{{<53f_DuQNanByvv ze|8^!O!uqXp_`?R;vS48Y`1lK9-i}p+gj`|Kmn@320XR9WhYT@aP+PeT9nlk>|#~Ix@3u(uvHQI1} zSY{&qn;>!BmmxR$ENQc~c=nHxtr~P0GAS+cd(^%3$d0mlvRa$(FE9G_{SC9cdE?&O z^Yy2$?m2z4Ya`tu_r*8wpPuiVd&~2%=$-Os#i?evKABBU@h&n;%Bt=aCN^l<{f0Nb zZjR~hc%Zw*T<<{jHW?-&QTdmd;bu zt$zJd+2_3W$k&e_>g7y1spG#}Q@AfFH0k8~>%Y64H>D`=P7jS96z%t}MbCMuzkf%K z&T%($+xNaF*Mx4wbS2;K7yY%db|HUg)FXVhj@K666=&9N z-!in3(dX0ZtKpCR#$459yvvZUDBzA*6|WnyMekNV&${{z(jDz%c;3J7sm|P^`r^p% zU&~tH9mIF=gJ zfPbZFsOyIa<0`UO6)QR-X-CWIt#kf1#S{J~|K|=@w9*$|e#fZS9C9c%x^4Lx9wUunYs^V?P;xyw$qs=EGhP~uasO|9_XJuJ#BANN;z;qO-Z>g7W}FaP%!kI1Q! zShAhicht3>%C;3n# z)`U+yXuq$pjEf3Yw+p=aCCw}!`|IY|f1kdG4jCuq($*=JEsJjs?%6>%qNL}#v7zOM zLt|@gnKLT;Sz_hEpG0Dfe?r!>1h_`a4!k|H9FEn0d%9!ri{+id`J<{|UscAcy}z%; z%wt|lh-)y5jZ6MHoX$v6cvZ`n$tPCF7oO$iuQ*12uw_Tl`;7B9Crxhhvim<7yNTJ| zhoPFXZ#!OMkW5&sdywFIb$-{y{C~2h`&&S6w(t3AZ9h-dy_!1jLc(`A)eqW#roU^= zvaWE1v!icskAf>5sw8>hR>gln{omd&6LQ-BoL~!2JNW7aiyFRpRloS=z-PEuI)~&*-=(SH7S|NF4<7z30w4JD=`XpT!p#D+ahb3^>KD zC4ebItVm;I1=aia3VJhAe=#p{j^p0WlES~vU!HrkZHq5^B34q`n2T+19KQp}{H;*% z*qhgCN24~iz?D9BhEqNTzLVc$X88{tjP$+v_#a=y?#8YA%pceKZSsPIw-<;0W<9^O z%30a0_-2n0hZfc;T3Dm_%dEJ9NhxrT{Av+9R8|gC2RHPsbbEuF-AW3>Z}J$k+n-*? zUGVs3zP=XeTwebrd-!#u<=;NNObS+Bn~Swx>AE9WQg{8&4roKh-NLZ2WOkzi{ImCt zq^F!+kg~w{e{I}pfXsEjsDI0zg1~|Ci^IKOAr*Kl80>jHW?vt- zE`IpznQiAzpw<^4+`#Iu;|}{HKD80|_phIy?w_8UG|zT@GyD8vobl31GFo@C{*1OM%Ngx< znJ*?!uGcINXTQOET$;1acs8$nZ(K^s=%V?_BM+8NYto@RBQyTWdVYsZ@-2CdJK%Yv z4#$#e|CM%|^yN|UtSg72e)R$0x~}hMj{W@R{*JiHA>+QW4hCL4KDP*iwq5IWdMRmF zzmW%JpR3AWmMx9`ZrXWJuML7_bL+=-vkZnT{{qNZJzv;maIDpspBo*oZsw!Yf2BpM ztCk_j=&uhkr&|oY`YsRl_0O;GY#7IQ9RI5F`j(z8d+;s|xPK_R=ELM7sXtZkks-tL^tCM+SzgN>5C0_URxjr(w6X}!F9DsRP*k%ARNw$+*} zyVHZec%y|}+4XMrGq_i_l#*vAY)k+3b;HarxA)kSl-o!AdRp5_xp}$Sh%$&T)cLxp zhsJ$Z)NS{E@@{>`gY6>=>%1tc+o+A~)-Ba+L1i+)zScirKKEG+Q03vTD@ zrxy()j{mX${oXyJA0D6jfja3~iu3mFZ}00mA57(*ncq9uI6m=dy_8{Z9go^)9+qwp z%K0g&v;J(kN$EWAvY~jzZ)U(G^YV0zd-z?T-^sUph*0fse6Gtje&DmkkO^1X_?ukLs z_Zc}ehZh*wx&2v<42{-7#NTIE^UiCA6@fk4+AY(P(D3%Gc+_e}(&fLpEzc&=1aYX6 z0TNcy>IJM-^u6^?Hn?ot-2hec&6+VUiW07yCUf83%}$|WTeoOBai8or7>F&CX1se^ znnOJ`2cM9i_oaAd>$5vLtlxBPf3y3wmG%2Htn4k@n0=vUw@ul`t&^vHArFfyuG^u0 z>bIJt>8ZLy8S5w2-ahrqBMog{!qSbkuQY2{as<`0q*1-nH%m!=q#7~)!*p5XT+1Tm zDoWi=s{GY^>&{@-4A&==jIkf#l_@6I>-Ib{YWbk(>Xf0)Kb=~-avbeP!tY+$rp!(L zXBQq-R3yT}%Xxlz&C5@bzxLHwr~exZ&<@q~w6N1&dab=sD8F+dGfaef`^|}|>RfJ| zXLsp`jhP1y%Q`;wBS)VZSsV);coECq+ z(dvsuMMdLBPm54f6CSZ@GbT1ChuS2M*q9@u#V2gZPN0z!hGkPeOtSPkxf6DXKHi$G z{itb{c1ySkbvqQy&e*>0+p!us*Xgs`Z0fGqF>2)07Gf{=NAsFE&M;lt^GgX|A5QP` zaqc3F**5>80JSC=wDf7~T3b zA~EX3$Bo`P2RA!Dv2w;n^kcmH-XTp-T9X$?*5{1adX+AV&mnIuq)(i0D$OQeU3@1B<%m8Vxc1;yyB4X5 zV|K(R2IJ$%G*6RTQ#OwI+2ck$bz}3^j6T~EN^Tan*G&#?Vx<>P<7ZTE*X-fcjel`T zHOsN~H6<&@*XS#y6YG0%HJ=OV9IPhud5_i8hW`GsYi9e$@sqMX9se?b*31c;ri|Xg zJ~zRy8r{fyLNkJ9sNGV3_1B^|9A^gVn|;&x-BW`{Fs5_aZ;HMPzSll|@>BfiVLx~m z%Zh<8_e{faKVcWc<=$?tcNnJ5_inud-?e#t;|h9>QN4yu>EEE&mxt?W;ZN1-`Ia*D zT|w=3O;faxSWFzg&vpIW#0e+kUtLb`S9e%?bM17jH1q3aR;}$w zSa|zG#k<36;>Z4IHTHFl+AY;vnJ50j-R%C?kq3$ATp(v9B=l;|+*(cRgSwHB*f6tx(v=18f@$eDwyOK2 zWXnpMG#sCtaHn~ftF=%k+bdX|8r~*%$`GuMx85sRtV(OrE$gFp&9J$*_d2)yoG?Po zS%-h!rQ5crar(8MM4NTfcv|oLU-8x2AI&AS;)H^{FN=m6Sk#h*`O7E2ChmeMi1z{wt#kelt-|4ez>2t8{-rxI@ct#ui#y7(JToH9jUk=n{ocg(%? zAMcpyAL>oL zO+H|px3RM`*L1z!A;r_&h%acm_3N>xq>>w=N4V|}h~QqI$~W*s5K7;vIeXv!x)YDm z+8pVq-yqeOcl|YsRWGYkzN}Y?3-$Wd+Pa7r5p8|*N5f4;C4ytkTWxjIWgnKfi}Fi5 zULH*I$Gw|!>0xL6yxwWeF3U3dXEmTSOvYy(|0d?vjpJ_JK<`wdsaV;g<3Ls7>KSXs z?R;6Vr+9bz#B%+n@mpun3oTaz`u^99{f9bc8aG{x)U0v21SNSe>2r2LXVtMmkBl{* zHmPn`x0*5}U)^TNvr9v-%|1YGkIg!9e6jwjZbq}!<;~?=_4x8(XP1v(bZ_#rdKc?| z%XmKE+Y~c;=d)(jiT)a8tA~E>_>hU(`?=?|vYZL}`Wxd1uJ3b$QtNY^s-R%UIKunn z79MS_i8K0LY5tB&k`To^hcrFXQD+{Gtf%Ai&Tp^Fe!x9REIkvg*&xyj?(yk@e$$^6 z)G7MbY{xOxzW`tzIY-;)(7V@sag9}easbgmq@qI4u{+Uik=Q+F#u&ognXn&iTR&^r zry4N#%@)#{POQT^`l)`Mq!QKiX=`}RaieyQnOJqQy{f_HA!Uh2JLeqz4gSMdZ1#lL z;N$JZRCMb8HVJ+kO_@_Y7eG=I>LQ1X*PdQJxUfn!Gb2BLVzc6fbLJsHl(CiPd?Svr zAq-d=P!k%Y2_QeR;SZQ*(!^n7AZaw*^Q%{AG_K*}_`)JhpUn7rC%WgKX%10bQ`EJI z_$lX0&xP;q-C(}?sa*%*qRt--!oi1ndf>Q+By?|H00)t9cFDG!8Vw>1kY&Tn8c~#X ztIG_;hF7g?rB8_tJLFi{N*}kBoVnsVxZ^i*--&tkneh*ACfXa}Kb`P$o}9_OI{eY8 zIVq}=iMuAh?tfF>iom>Mcw1K}T?k=1e2>WmN0*S(hz+<6ctZR$9D zxM!>Q{o~Vh2R^JIu1jgHr!DmcT6~-IVO9TJh*m1UUTS_TrPIF4e`T#Wjtcjdtlb&< z;!5vSeDn2&?AjhAGeTIB8d?CCY;b*|#?Wcxim@U?%HXLJ3TM7s!<@60yCAuJC;qYl zdp^Fn%Dl3U+Y^GN%e@@yIJtqDo@-z(?#N;U*WHcc^WfHUiqgKW1%E!4m7kD-xW;pn zxRvY2LSjB=pZh*%lVqI%cKQ~HjLaHurZ>;)KU{H9T(SoOD+Re^NL@?M^j|;Fo(D%S zUQm|o`TqI!)uI&5Zr1mE2mEIB;n<$eab>Hh^)@NCEzUZ&_#4D%N#N)&fa7}U`bMnX zKDcy1kTW$1G27h!!}0muOEMPL3ycHvzPk%}d-GcNRg^-cWPE*l&*JT~>jx*+s$1t- zpNg&304w1_sdpVr=b3gDM{&f@O^p!bv|m?pIEgbq8ywYHJ9g|C{;QWbv)p(4rj>vI zsVYwE%OKDnv0%a)`VF{5$)wNcS~l3fCcXlDc2eC&wzYeLFK-l#t#(bkc5lCz3c+EI zw#g&1bNebQ1LR@;Cufqt@6Oq6y~;V2)hWsU^c<2C=M$#wZm$~z5hr_Y_Zg!(A0V(w zvR+x+{`%}T{WTM+tDj${N_W1i*P`j=62a%2J8C%RbRY;u9U0%h1K#nr`pYW_uFfn- zNdb>C_wE6|ePBk{>dNcfsqMaZyn7^l^rd?C%7MPe8CC0>^`4gb?A#)$WF2SSlKNFQ z^QqtK#ZBG1gqeA2PM00LS_g|p9~lpcQk8KED&c1bv9&(2WMh8%miUn_lhDem*FWk}W{`uS!Ua$*aT z{^fWjH_GbtfmN%jS4qYs%CEQgp(4yt{wuVuv~LwZQA z++IN4CIFtV#0{v6K2O~ji(-`02j%&38bm&k*C+;lhfz{Dno){tA{gsfr|6k%-XMT9 z#+}Wgs*1rkpyv~Kcec#w=YyzkM^eMau1uexrz|`#S^*fjP+B#(jR6@4K6N$&kg=Wz zODVE6Z^KpZ)n=*^`70%Om>1M&yzyR1cvL}bvb_SURbMI;IUq;B>!88Lg40SnJhN3}IoIa?|n6i&>^K$7Mx>^^yRdqHZu#Y%lv#F-3Els8hD~ zVOqp4C{BfzXlzClIrVFb6e|TSy8fm?R=VQ8|2ah3E-Yc=G=Zmvb_m@Yk`r*HC(0wQ z@VYA&deuGwxjm)m23dF*@Ye;KbBCjl^VjxC@FTcKrye5b7Y1<4vWoEos?k?^|Ecs= zs^=%*F|6~^=Jxqe7X5Ie1&zO+NWL*_7ByOlM=X00!j(jHBBO_&b>BwTnCELDc=?Cl z+>C(GnZHHu!CEeI%~2J44Rczks$@^_pieOph;+!=dZJM@!fcZqK@QE9Txi`vJ2k&T zbJVD1X|1BIcyxxm0>f7$L}SskWKzS^tOs{1lxpaPOd9WfBYQ>~P&ya}rl+cT$`GaI zIWE!;Y23{<1G!JcjRo7GT-@iyQhU!sgPE~9F?!={PP>0_Vl^i>w^mp-54aH=z$!#3 z^X0bb9!KDDD*Of2H|;N>kh}X>#T|-+%;57`fhJ1{eo%XZ z;b>%k(<_qoZ|LXA+e!?)26c&`k}%p(N~AK+1m$y7k@+uJvz1R>WtBgTpJGPgSIvwF zP#eXRl?-a3qTHM3gZn>y`vAbAbmQnmYghO!x>7>oRi6VI7;S7=6jFluP`OyK1$FSs zt{t+_dFI$9KHNTZJO8z7RF#CkZRH><=^iF>4QBHG6F$jJDN{+_d?p3!4LxHj<#>5^ zcv*=5^&#T6McxVc^XTzzEhrLJ2YPf(P{Z$JZ~m$zY`Z-qG5|*xYLH4%cF}p{he7gm z8(KizYY;j4y3_o8w>``-;lA3iZ!CG#=sKv^Umqz$n`kzis`wz};1zU4@GuL+xUJp# zcOTov8~p1J3A_PxG3fLcfz?AtN$eFxA zYUTso1qc64N@jFDi9poR-}oDvQNn+8JyD42nJWIIDF&-3KMyMqtUR-&j7g9HtfLlea@Eln7xI)&4U)XlaTTt?S`?bX_oMSiXtUV zoKLx5ti8q`)sstN*4Zx>3E#i(A|d1W!LX7zy!XAO83Uz;|C4 z9doVT;(bf9S#|tkRteh}WKNq&BLlLSqp`u!+= z{14m*8DUoEES3JzefX`NR@LNQLbA2t+63--D<u3P#tS((=jRSOhMzcrsdMpjl_Ax7!^bZWo<(Nm}if0u2=I_=nHn z)_EM(9^RrH0q2OQ>V3j1@kbFe_Ck7_T;Mva00HDX_Im08trI1JUrzsUibZK@G|6u7 z&!L?`)vgcuUuA3!=11{&IOA1|OQk(NsAs$Zyv!n^O%@l-r!)V}mxmZ`$21)5nO}2= zoTv~x+3wNVIC5b(I>ao*K2Z$#+E6-;F$_q#zZB=ggkezCdz^9-j1g<1f~jEK>{t~bqd8h%TbbVi->;*f z$IvGCf?$BexYB&H?I+VQ(XB%|N&+wwd;+H5ZrA|yy)!D~CIMhHQq^yP#rX;h@@;Cpv5jtU@!67J>FL15 ztCD$Lp4BSEFdE6dCFTXX>evtJIVymWS_GQpJ;0Bwwy->kSk&};Y4s)sjOEEh^-J=< z9$;jg03@+rWKNRf zyZ>7Q)nwl$Zb*(Ni%q)V<8Isio27Gcxhw-HqjR7W4>Fjs##u<=<~Wam?#H4x{ZYh~ zz5+R$%84F3C%RnJX_E}x>st!`C|VZ%nK}mpBhS7+Mqn6bh3Dvb@k1zsG`MwoOD=Ec zYju;y_p?W`swHbRM?v8E=~fb~^YJ*djegvs<#Vy$m14RJ)eQ0#!p(=v)wlxyMe}uW zwCXuneA!RF3EB2pSFsPe%_9J;uruSj$Vy6&lim25E$d}}T>Bh*iqGMOW?1k|fsF$^ z>{yFAJ=evtG6@0ut{dTGEMd`+=9^?Ay|Tb`P)~=Y5LKlr?D2ki%G@(Us`DVld=nB~ z3M8WQ6hS@+v}!W_WPxpxiUQECnBoRKicIOLT43++L{mmoQ8jwuV|aZWLhvISqs1&B z(O;hWV+!3oOVUIc1w>EClfR)$T5-#O#^7&v<|g-y@|7tO zJE@M*@i_E=5ZlzvF6|cq3u@ZSd*mlrm+21UbRR#pL+m0qgi2u`*f~pafcdY-3IYSs zz4?U@JkI<&o6Pw2^q9w4EnLSPX}+mF;xJ;$i5B_&r-S(ZJP&+eu9$A5h(R)?bl@wV z^#k``x4=o$J))Cw=rPnVn2Zi-aMJU7@9#$7q^XwU40)g0#lSvY?fsp09QS*6Tp%4O zhM#2V!S(7g%Ft~+e>+llFt@5xWG75 za&CFD{M~7}Cb$YAW|;cb;OHIzxFnXj*ZXR*hn{HS=%gkdlV(F;oM8X`{q5(5 z=);Y1)%DS0OvUqJjzW_f)O|{Tvx9=2BpGZ1s(Ff0o687?9EMf|NbIUzSDvOxc$Rm( z+{%L4b^f+C2B35jApBHnZGYxFOxFom4bV@v1hnKoNfY?Nr-3TVf*UJ=-4yH|sU#tS zU=s)~REHC%lU3ZqQlj{K7cTAf_nlU`p&sBt9jM!Ynq3vt)k~nnA!mO||8b)$OX9QJ z>JQnak)J)FW-I`x9#<#KxG@$}_$Hfn&A=Hxvv}#UppOPpYF!ttjjaYUHpZVso6S*FWxxW9b+l*Xj5OQee&cS7w$sj3IPl?_tO`3{8Fw^uqRAs-T1~P>Nxk zs*}1D$kuaZ{Nl1iP|1)_nsK+1QTlbg;wB(EizMOKs~ezh#Lm2Jw?ZiQ;9pjC;O2z+ z!0-ok*#2^V0$2@z)K<$6xV~}$m~B)^@Nstn`=wXV2-xnIzyQ*Aqnp4NFiJXPfz`yt zNvJ8s(7hS= zh_N3omhdoExd><$CZ83u8+$TVZuD`eU%%ECIC4CN%V>r{Amf{?Gz$iaJYERl+*=N( z={hxHda--T1)%5|#-l0MDvoDvYniUG$QD5iIo$zo9%O9r4f*ML;P&f?ylGdx#azB-5-|v`c=2 znb_>jGYkuy?)cTT6+6lP!1r+dXZ(FNT8z%@VdXty^iX^2yag3E!S$DJs?RapbpF)BYp$*so;@!2gTeFmVz>=IFb}9_b$mL%K1lM@J2+7Ok>I~yX42)`y%DOo)|%Sq!>sF z9o7Z>Yru2I^app=vP2xxG4y=%)tTLw*QeD4oCVmF1KUZC|V*mtyQ$fClE-ru7-?PLlVE&3Rz;?VH& z?)X9sv8IEd z$X!4V3OyhsCN*CuAgreR`{pKnlodId5njVCGnRQHP@nt3gWsf(>$XH$jSmZ=e4j)@ z(NtVoKR9ICr2(KO>;D>T`3miXAVQ{)iW7?nlRe(xqt%n9Psc`?JepGvQlgbcpLg z!927x*EFJv_OLDaV^pT*dFdIV9JiQ(N9JI=-?~LNTr6jnR=1JZe>^oBdy}sa5}9Z_ z{1r&2SKJdThtFpAia>Gf)Y^@++Kv{{+Q=UeYe*w;HA92R5lG=&KP1EegUmpS zVxRA0?+RZxe1XVYKsz~NVO_HT&t05$YWZ0q`4ZPpcQXnSV~Zr!a8e?H&&Q&gPTpHS9CN`Zz@@Myo$o`4;bNk-L*g z^FzkjFKp^evm+1EiRf99*IWFSa-RT`REEOHgorgMeHNQ+pgI|?!~V~ zLj@imr2jmh*J-M-iqee#V1di2bvi<4p~DLZiv_X5O`DOP2($03j(w?Dh1~pbG^|b+ z@s>#2P!IKerLTBne`>r4`fGhGNtrCze{vz*e5OesU)<9x=Vcz{$H`|N<%T>)_xqDL z;O5un-#t0hm(#${ zUw-*0NLlU%+2k~k$Ed&+$aBL|UMgEE9#CyaKow&xk-87fXMmtG||k#HD5Wd#_2>tfs#yaggg}j5*MSq%2?+a!tUTA8gmqfC-4{4K9EQ4%8|lw zNTFfvPy&?CUq1y+&&`SVoIjOw6kigxL&!7~;>o0x^gcUgRr{U%H3NE2JdP_N>mLs* zIwSG&jaXdn!0QT36y3&6&3nFUO00gi2@?8K5IPi)uPvY5+B+;6LO|7{j=Grv%U8&V zglBWI*b>2sDej|8YNp~L3p7A(l<6@|ifA;%+oTa;Vi913!0XQQP@*6cpOE|Zvjal5 zP!_qOJgZ5?hRDW_7uX*pXCL|?M0*kQ74ZcdV^Gm7*RaDlVM|j5^zUXj7PJ8sKn##I zpZ)w;G&CF19gtX+mHs%6tG2)}PefD3lXkb;M1df&f{*({OcKWsq9pK-57K^!mPo6R zZdr|8b@12tfzpMXSitCwEfUQJnZ|4GZ)ebb-iQmH-2^`v#*Vo0Qtj@6W#5@PIny&Z zHNr61M3Rgxr~VMhLo1;R40N#IyAH9!%?XPKK}MRN{M5y(d^3)0PD9_4-?tY_o2`hv z!rok8i={-wxiCodlw?Uq@6(|eoZbV6S=lbhG9V5h;F zkytYQ#3hB}1M?kc#zu>T&FMt#w(M0 zTLM2VU5BGGm)lBhrGofEq>` z=TH28y21TpGly=SeVR)f;q81=`L5kRH;UVIKcm#zQFt67#N+Z4WZsIl@Ua8)J9S5d z?)rbsiW&I%c@?jRnEGy_GXM|g$H&uub2zRn4OU6O2SsSV-W< zNO&$w3vU+p?a!qNg13)XQw0}$K4>I?#;O|)b8BA*l}mAQ#sq&390d!liE84GgB!ko z^~?OPS5v@r^=Y;FIt1gWB`AY7BC(zHBn@ocH_KY`L4tE)dDq;wR3{8lks+wPOy9t2 z;&)lATN3c?qE-`T#g*oJP@)ihSDtaEnG<+rEA>$D^5#RXuB~3`#kF8xfwj+h^ROia4PZ4CY z#?tnw?J#|zE?1P15ekl8#U<$almc^aH2WT+A?s++)X;%f%^p$Z%_Z#r@~akCZkz$0 zb1yVUlNgFVb~H|aIR804AF>m4DQSNitJ~rA?Tvf<(aOx;_7+`nJYP_=*mRXkT)7%! zqgTSLr_VK?_v;;!F9913nNl@6VZeXda@ASeJKXr{MOxKyCJ#jTVRPhNqjmT5L~`+Z z8=_06f@KEm%h#b0^+{*BKlh1Wdrr)sZQ^bF80n#)_OW*r7M|U+iern7l(CMBKtp9 zw#IAt9Bmfs@h;8EXl_Gs52 z5wcJcE^}1W;NQIwp`o-1OQO>k05EdXK`1WK)x^nPFIh=S~U3p9$n^EOk zQpd?$3=_tky)@mWktjX(n{l>I_IU!KPBE{{%fCZ4=KI4n*Bp-%nG13tqP(e(wtv;H z?^ORKYe{M_I`3Uiqp;koL*)E4<3h(ixo8tN|4H0LZ2o#>oelK2YPg!#yd-r~c!@fT ztJVen-;5531El34b&1x9`d?`GcY~iJCLs%~PnZkVg(>U@f?d3(6={Bz$NjP^m0x%6 zgyp~##|Vp;XX+R(%;|Kiv{6R53aLNd7g%IVrpq}RH_D>m%d@q;J;i{NbFlqFo?Rt6 zH)kNhNZ7B@P|{g9#aws)be(H3KJWZ@53o}IDT3xJE1@77c`0L*3P`BM#Jin}mMcvg zp}B+`CceO@*B(K&@rmo^SEfm>30Yd)Aszam;MM%y+Q75hyJ4@Ho5ma8F_CKJubP|S zAbHP#M-$yte|sxeZRBcUpQ7{`^;n0wD{sCbT_=<5EGnu2)$olPg%Tb>kCSOA(bY2v zpqg>Dc@BFoq@Od6)dl;TH;LsBHC6=m2TSc!jfy#3HcJgw);c^xm9ceffFj_6?3E?F z+4nL+hgz0Sb|73noVSC-KzL5qxd2qlN*b~2wm!E_? ze;^2DRU6Cn-$Wm=8bLAC7E`R})T*A!U`|={KnLl;*^QR{> zKDy+r*BW_$3{v`bBT2ukBLUtSJ5{d$af^IBfT7=Kn0#gor5mi8;9 z3;yEr9um-uo=|>&R3nTwVt*1FbKQa#tE9AD@IGuu!p9C@^rq^{WW{wqUYEHx zZ;cz|xjh25bt>Kzk}sraWZKx5YCMhOOHh3Jiicd}NG=2i*W@iF`^A+~nrLp$Hu<#8 zh5c^#^~XYn=xMiS0> z>1AGO<{HjQpjxFENC)veuFYLYIjdGGnD#rW!H zZt95Llr0s9K3)%kj_8ldK?=6!rX4h$!p=JD*ZoLmMd#4_4wl~=*V3`xu%x0r?767b z88Jp%<(TyXY{^bYj-P|#6QXCRDnTLX9JHs+`>%_6rYUCw3oFX2m1dR}8MhjOrKDkh z%_~<9I^voAUU~x{4%6J@lf$!0iGYb$zYhe5(+72Qu3n$UH*26;LKs2Mr~lB2G6w8e zpVytKLkD6X0#!^8St5dk9P+*BIAfAM3hEAJ z<2T&ZQBkLDgGB{{T)xYr7mPd=-&XE=Y>M)p(E9+FrN6Q1DN^Gv&H4NoQTSbn^0`Qn z1wd~$Kgb;{fALl{9Da2jDqN-;K&Oejq3YaDd4=OCYk(C+B=LfdE*aO8iC$YqZ!R+@4*a$Ij+Mi!DF|Pz!#2p7g}{eH>9fhkbYg)oS_ zC^TPR`F?cjwfIQ@r6 zc(g`ac`q=)ct*^N>7)7w<%od=VPF8D^gr{;?0EqMpURynZtvin51Agh?#~e2h zh^VUlgvNxQnK0nQbQIKPoYVk6I|3-+|56baaG>dG!oa_AwN7)!0v28G;s$AjZMy*c za`41d!PNQb&i{}EQd7mii=EDYrKU{3c6i@a?O6QV)$Jm?={kog z;;U#pPEep4WVS}ih<&I78ZRGuiUFbRAMb-P+PMN}pq-E92|#+ zh5%&=0kCtqPqg5`O-2#>)Xm9H?B9^iK;dz~V|nle+^{CV4$J8NyiK`HYLXcv`D*@Q z_+8%gmd-m?>whFI6r6_Mo*(aQXgo!(7OLkM0|!oi=ff7o)xqiT)`AV+8>p5$}U6a1Ltuce+$6Yhd57tU0$jY=)(9l>>1$7CJ zO%Bo{z#VMlXccQd2Ee8T5ON7v_E3rgKTf8!pZ-*h4NI&;B2X5UK){R1I>dl}BA!Q2 zpjhuy;cTP_PdI!LREb)4NO}wU;-4~?2MH=nIIn=YYVYjO4#NnvRHYR%lh6n#(7cnW zr(OU^VRJK2AZxHZ;KM8~PIkF^y<|<1@Q{(=`WNMf#dGparqQQ2dc|Frl`$-l<)e+U zGGQOWFKF+6QmdNDdS}F?6X0l;0D2cxsA;e+V@wZO0xU!iML;s25f@U-z{l|~GmZet z2czS*nQi%jK7;HK07$!~gN`$zn&}pYJxm z^J2Mplr$5#H{_WWkne_m`5dm>Sdfz6CKDLL7Im1?vMdE84aOfB6(KhYgl>F9v_j8l zgm_~|>BU{FeF1AYj>pq{3qAmpegsSy@o9~kf&%x8(pC1E6UN++q}DZbi4ac!8oqx0 z8Z;%~CYSPY1NV!%*z1Me1vrW0!A%%8@TlYt*(mcf{{c$EpHUBnRsd7i11L7_mr>?? zXy4=Q!vw3pt%SEdrfcq=+=ik*p0QkNU9*uSLmi4DtRmw)8hpcqWB+?UjgmThA zze$DYqd5x}@H=zEO8EvH5T-ZRuYuU}qW^<8m;1v(BID$Fwj0?Djam=&fH*qh9FQ&y zmwB|NVAx1o`xKSGVFWQ!PEUW?D1c$JA~fGz-2?P&boub_L+5?ow=9;SBBXzT*yWeP z`j7YWnx&vAJC@?&SR>FGE57#g6BfR^kx1tJD3N-+Gn}GxZYfNX**tue2Zw0rITFs? zK*~Wmir=bOvIP{eOY^P4{)hAW3XX9v9JtWPy`$Bk?;vAUrW3)rLx+M2&uF$!c+mu+ zW0{G=!`kKU_Y-O+gT=XaZ0QPDG{P7RcUatMG#tCQS*H#0)W#t|N2=C|yY?sxB13Q$ zo#>*l5!YjHOe(GvLJuPgBW5U>Qk|hvm^E zDFUha1_xiL1EQf#smwA~#;i?K9q!&8`wK|&tRre|yaD4}&V<%CFFnr!8!+{76gL;I?(zU5OIeay~(^IHS6y{ z?szD}0ViJlA}gUt&=mI|s>Uw=FCxoZnKHsz`PoZ4*7+bnB{PZ@I|{J^QN(?q-VjSJ z4abo*LRGz>ic?YW@Asq@X`dja?}BTlLEU5Fr8#AQhA$@yyNCG2KWq^tWU{ap1YzkR zgobgvXHW=-)*%Pd8OJS<@byO#B4g6>E};Ka0l7DzOPgTeapEeC)m2Cx3Io#A+=%|B z*oLU{s%`3c+sCM?Tab-1=1_UZb%Bf5-T*!-0j8la1x1l&< zHI(&J`OOaIbXibcyko!9ccxG~i0@^?FkTx>$l zN3wHq`cX$uRG*onjB=_BgmcT02f6pwQ9jUX@O|BBdmBS!^_wU%wobxZc=y*sz0%9q z(7iYCIL1^LEZ>l|c3v=RI(>xDU5YXY8b{yrz46rxA@!+XWqGML|nVcCJdd-H*%0Qj59|i8Y{et+IQV5L5ao%Vxkknoy4EO@&Vw;*uYxwB#p)YaR<~< z5ZNngxMB?rXKTyV*+)mm4ms>{1u&E0~lbhI!cGQS>hnX7cx!h`$K-EZgEc7 zhyy_E%CTctMa-k?0`<~&-E&b&jH?9rh_6c8eRcpPyPnonuKQ|JE0loh;Pu)(ABfcV z`_6!w;UDcBP=&&oh`@y_VH{LSyFdr+gBFPPsy?=6qc5hE@qdkBS}X=K^#;|@r!5Q; z9*H0YR*j(K+}tqapRq*lg2;IYVWpoAaSe5r7B(i<_2qfN@78agM7jW^2&%wWAKauD z;ath`^5(zyPs)#x8r}Klq*Aa!zovZ~YKe~Dv7xze4W1gsu~L-WAuZLL6q z9rfVVOrpjeI9S}U9*hgw3W{-L0BMh{@MqBQpa=MP7C}1gaAb^$=H04HqCn*A?B!0$zUnkZE=S{hRpleCo-ZbhEXCQY2gjHzWl6Js;l91 zu=?IgZyfXkFyT5mJF}I#dFxIr@bItB@jBnJZ~j5Nd;@m(8OcBcF=#yjR{k!2>jTWJ zV?>i3;88Go{boXn{1pW@6pALT2I(tC0aXBu9>77U-Q@`UI|r}L@kYQc=D+&g7B6V^ zl#0EJ)4~bZXD~+bpv3-ExcsX^c)J&nWayKGNC30YFfhSS0_Qo<-8_nBlHmioDxIK5 zMqqYyG(tw-GvEmh$cL3W%rzTzTwGnAb9u*_8J+{ZkqQv&2$y{UIuC!r2uf=_CLDTm zqSFv-=CXRjFD_hjt1P)Kq`sp>r*C7^3mNFl8*P7bC7CLi4Sg1InCb%aw+Qy97p|D* z4}Iyvs-g6-+kb~|yv`7^VV0Jbj_20lW4L`5nL>>8$|JH{=^$MI?F=~N`#Qjeg|Ywi zcmoCK7210NO=L;f+Bx$M_OnF$IVYNs81I2Gt0^()A$cEUDSWD0z;=u}VR-KZXi~jpy&8vcp?mzGXIX_-VK7>ia;|Zwe3fl;WWZfvpOn|W_ zOnKzds0a{K(5eBqeWO2#CQ2rj3n@&Xzz>8{T)M!Itbe-o8FX(10-5|=N*2XCN%y-9 z+mU42fzYS*ch`DWNd^?d3_&)w!Xp39naP3ym&`<&DYvo^7yB1b`bW_o@64Hm(%N)z z0K54R9zSz6SnnFUUtj%xW0L=~s1w97AF`iert;BI)C6O%`0j6;T zPYNQ7+BH$wzCPcP@v91=rb=Z}rHB5;>Ze}5J7h5$1piIb+M5J={sLPp98;QOKC_r+ z*+ifE;PDUtQs8mI%MHI&&)wIKO$HMiAW{$HTD?H)CDd>NbU;bQhJ-^PhuI^*m#2~O zZ&aisbIyL?UZRq(@rtO~QGp9u!2t$VW7q#^Gfjn(6(R?GC0*7)RVUmK!I5th^eV%t z5|~bao@u1UCLbpcl3@$=A)1swk5$|^N5XUGA>1k;yJUTm%75mG>ehEGx(OpkNk3$6 zC8CFRAz2r8ARC~>zigkFI)lSV5u=2y;O(-&{d*aP0~cXnH-380#RR13O=zSTi#DS< zikeZ`Oi4C`G0wb^qpBVLqEr`afLe1L{<1NU-xzhT2S^jI28rwb6Cpq!AlX3ki2_cO z|7rm?$w$6DjSZZpcoha=!KG=d_rLU6dMjLnRA$Bwchg5wT!D)Zp%4hgvj>Jlt=wn# z26dlD6gdDLAWrdDU7ZL#3qWTJyAbS#u>SU^1U3F;J#jor=L>OJ@CrpiKO#Q~xM?x@05iEH2_Ov72qU#gfM3)*h z>a0q?YltIc0vvHe)>oij)*g)`3%qj!7##wHoNxRaFiaUhOmxrmq5?X~d7Mlr8hK#; z8PvASt+8xKB28bYFsZqM1es-fbQ`H^7nkM-ol@QR84hMdoSLasj#PFjRmN1Ed!`Ir z%=M(43hzKNSssc+Ab3j=iVXGCer@R{_RAr7tYhou<2DD~@eqXTM~stE3gbpU!nOH5 z(cWtaQQN??-Y@&sK0z*O{|1-L5YVL2G-OtI%(>r@ZxAeeT|T2l8ix<;6~dIc7e}>F zH$O5RP60;XZk`PAj|WB7&H`cU3-~RaF3I7>xTz@NLC~J^bJx)DYuROJpYn*vGS*PQ zXumM};sB$^$9!O*9o5mB$IGOT@8RHugg{uxBb6&`9teoMl%u4;-LM6@<*&@Dt9nqg zo(Usan8RZw@r1_k<*_v?yQ#`Uapd&Leus9+xx~FR0*D5covJws31jV7ZV6S8{ZVCe zcYtj6lT}Pzur*I^yt1)+M=2h->$~Dw%eWTz8&kK^zVJ3vIjq-w2fkGM|C` z!MexaTroFqkQ-VvbB)-M{FcepEaH!YwZ>4OgH^yWEK8}7uM=mS%%`lh))aX#n=*?l zixtPEnU6mV{*~btwB!ADXE}$cdt2@3{+DjQ6>qP=%_hN>ivj!i<7`1e-Q#r7Wq{ub z3v|9QNIC;ASK3NtMLsD_=$IpY27)&62rmxrwrnzGo0j_brxT$|gpg@*~X7;bU?xC#eip*bkZpPubkrv7L7e9l1y%ic& z_RKbFA$!7@J@8XF0)(99ObbC5IYowzXpP~hCoYvj1Pi9&te5{udhvh{AB}#CYMbyX z+|-c43cz0&eBhCkCivlT=0w#YT`xBXi}pBIet#dXi(2zIH7bxv0~g4@S-3j>GYDNw z#{V1~#?q;*oS+DL?s{CJ_f)|3(t#w9xCf=@%83$Z|L+Q6!r?$geRyhSFZukaC?~Kb zWH;aBMQ_tYRlalHt+S}5B(Q&oU_bvb80+P{pb2q(`rk9k;DIx$XZ_C^UB}BGcm0Ut z`7p-BW&9W%Rf2kuU)7f?9om+<|KHa)T*wB3L)O8q3R=dT;h(5NzPJ5W4TuMLj_Sr3 z?;%|u<~}VBCU$K-w~ibPoGu&mk>w>@mOjnr51&|4K(~$F@ya=WY%%U|&(9 zD=F-v_9?kIgzdCkJME2Cv6I>O16r9Uo2)9HkS0~Bh1j%Cx zH27Q7Reqjfc-IAvKpN-l~R@r?nHEvP_DRf@Xhpmhy0W^LKQSC+h zy&F5E^-_snWqscA__ARPN?^$umhqt~OeA5Q*Rw34y;=m++j9n@-NW5^7IVo_>kY>) z)UmJ@M|N)+ZqAd*N)I)Qu>lJ7ZH_Kqp-BE)%NJ!+kH5$IR3la##a)k3l3suLyVgde z$nkO>f+kt4MpJI_GA4|iMkV?Aj}y*n>3BFX3%u=%Ja!oQGo~;~beMpp6)Wi`X6?jO z{tVqMKWyn4_0O^#F7)I3E$w}vTwCC2k51W&cxg;S`Hjel7!X{oAL)zA1S)qL)q*`Q`XBK=&g#Lxa)ADcp3a3FyVmt z4ZeqTYrO`4xn#Pj4@!K+ZzgT^z$>#fIo{tXOdky^!Lsua3L)+7VJ_ zS*I}vd&}oIp;e-5)lTGprLhPQJA%u2ckh7(6m)Oo5jlSQ&X$uG^z1x&likwiY7L5X+zY zig#j_NUoBeF1#$R?X;urPX?)YbKQp9_qH9?0(2Rx!}76x8-%$*HENg~W@f%7Z5gBx zPODwDty>#nF{m@~;=$!klZ4C4nRa*TrTp_gvH%)cvrX6@eF_c=3dZw}(vi6{xY)Zn zH{5b?B=60un_(p6oWL2=LpumwK7z5|l;7?W(uDYuS}@I3`!3MZ{3|Py((C?Cm7hj(o}X0H1q9&C|zFjn0g&$Sn8~2y(KPoM;{f8 zZrP64IiM{MHP;PvDwL=99YMi#lZcG1Rc4fou2 zNz_j%9?>lkadMLA^g7#$ig+v--hT@H(fr*MRCtyNW^MfSxg(J!Nk9aykj z$^WMCJ5JRUgBLew6+THbzj@OcW0g;N*T;<75}m82ZcqRHf*L&^c=%n+A3ts8FRk>T zbItS831?QDo>9l^_<1}Ii-H^}KW5HhE6t6RvRMvPne@%ofOiz{_=$hu+0xlQnLYU2 znDwBH59Vmx#6v{bw6Zs~#J*F1G1=m|(-p$FWzpMXS!d_sr)j89!pI&z>#sC^5>5U4 z`@!*2WP$P**w2?t+jU*DJKJ8rjnvKTS=EjnVUOLLhnZ!vson*wofo7Fz)Mu6;vPTy z?xDO56NLR?*psRR3lF0i9oVtR2o`Q+;b!A4P!HzxX3>o&b$*Cpe6|s;STa#^FCB)i0W6dK~T{lOy;bYreG zy@?W3B2mdUXDjeHcZ}!Ib16=i`Z8)i^2pLTN6MS$r@njQACoanzpNAAm?uo5Mts?4 zO44Wf^+M|+&;HzhVzGa;*y=ajY_5@3yTKHm!x8S|hn~-NS=f8D#%~_+@D7Q?w6efb z7h9T47t1f(q@-Ot&&NG?cBan6JpUAxrcrabOB}_o4k5bY!@n<$d%w3;dp;Cl@;HlF zO529YqlQQCQxH#%$kWMi;U{b*;|Y$nJ>9Jg2CPP7_QRe>ED)sV}RC8@%A<*R;+SC^rjU-54JqwvOIpDwS{oiz%}l@NDdi_V550jI@x!jzH`kw6X+`Ye7QpKlc zwCCf8L1+QCjF16peyclK1fwn#<7c$#C=rX`WaZR+(OonP#brds4UY^@1cw z7Cx)$|0VpY#hejU=kc2-O~$8^e5{hXf`=p zc2X>ghl^0c?U&?l$^jy-ymQF_$ONr=7!Sc-GBy~Y6CX$e z3X*d%F4EAlTQNy(mRzAUG;DpYVTTD(y>}-(;!8*ClUSdmKk-i&*%sC)DT8O%|Asxz z776B(M^_QB1WYo60H!&K=oIle^mv?c`g7T!Jfvz27VY>Wyl`pQ`WaNbkcfz0mh1#^fYtX?%Z6mBxa?P;W^rUsShX9SiMy; z_@%2?)MG#E@|#E_M0WF{?qd+;EeJx1P^Mm_pQ9;XJC%!7f=fykecRwHS!OV5rY!#(cil zy0DweWm<@N-4CBSW4gYIyH55*8R0Kby{E94MPhM%iWI~*+gM|{UEuH~M!VZJ2-Y)+ zlx+ucOWpAQN7`G5Rkd~P!vb4jBSAd z^TsN5Hs5%Diuh||WZ(j29VD+xf27OAAdw8%a~(^+G`3oPBl@m~1M5a|b8=>c?Ip{J z5wBNbk$#Z@666G@kU;)Y{J+Uz8Nm#aAO_xZW@`xx_gcAE?0pv<9moT%`^=x}5G=yuM1?s%V{O{p=zRyMnq8}aGoRh;xU z{;`)ACk*J{g?d$Sk{t4Xb4p1jBsNtmPnpno^p$!*^=h_3LEhk+yx)OZ{Xa5a^Mu+n z%p!Y&HjKL7Nh>7ST~Y1o9=XEqxlhJk)Src(;RVfS+4bsYEu96or@o^N=AsiEY#%TW z=r9aFA5?w*KEqsl=~#15VoxJkTjl$)tW7Za_C!pEfO^7n-Nn4qDTPez&Y@Lj+q?Ah zQ%tKrb*EV#CxNAb#y45&FX1+`Dj8k%{Iq$NGYbn2{Wh)8{W*zC&t?1hUCCFmtkm98 z0k4HCGK4BJ8vGv((0yI}ot%14&bki0cf>Nh|9r%Sm1FPN$1+X2S>K=eNA4%){FP7k z-CV@9;!iLVEH9Q=xzLJi|2sb|mSD+;6S-<-yjH-E=BmN8r2UeV##Lpre-3Rz?jLK( z*%6C8tB&%^>CVx+jit};@N&-eKb12!7lDSDhvqo|AA;7Y4g@!ra9{6fW?e;(W}Q?h zxx087v;ET2WSJ{^vk{_Vy{B@Qnpi&F{)j2Z85}NpZ8x-MdDAcH)p7a2%J8+P4Vx)n zAzFU025-lar6pmnoZ54|F<0Pu9H}n|bhYFJQLQt6{l7VukR7!2Z6R zoX$ujH-rvY{beX}rk+w({H0_~M{4~v{yZ9BfJHH-@y^6cxJs)Fn-R^%g4`DK#JES4 z?ZlU2;$_1KHF{~j)J`$%vjsh2{U0Cz?8xl?wo}*EC^*q&iR)$0b*>hONn{6~sPbJ5 zZ;j5@r5_0uuNb!CwJtTvbol95#W+v-TrE@SXlcCz8kQ}z?O zeSVwGCbJZSBrW)I#F;T|53&`_AM%}-z-S(L-yU-&+q4b{xG;2YaULT3@%4_v!|VLw zgRW)qib4=$NXS3@4-Rq#lY4&;`Xqj;@zOjzwSnL@)Nnu|Xi5miW53z%S^_dv@htqv$nhB-al)o)|jl9EXH74*V2l zv-k>|x`|Bt-jo}Xo)}*9cyC^CDEC>qJ|0Q`pLNx%HP)csR7gEjXYGn-edope(F4-< z|6)z7O>vb8fyg=O#u4&`0ksp(b7_qVUK;`N^Hpr5W+?f^;bgmkrgQrDW^8a@X4NR! z5ZW+$%->Sd_&eIO?Mi#6ZS^X-u>3SWHCni*C^{!zK02tmUENeyDntH;GDzQ!S08hY z_xrEGYp4TuY~5_E$^LB7fPFO4@_HzIGv|O02{6U1ICafCkov7px1E0Q^VUnXC**!d z2h}2SP}Lc$RcA%>wm{4k3?Egt>o=NIR1ds6!CSi3J*t5B%%nK_H|CykZ_ux$-6IwBLaoLTq5v zz(bjcx)Q9Z)`1D*DY+3URI&1b6pwi6I~ZgekccwHM9)`BK&0C)5|2lZwgmC5wi7-7IPBv+z8U{3x=5`N1gU_MQ6KE@S zH`5%1hep)(KsCRAdNB(1)E>A!5w~$!uihAX8C&3YL~PoL9KY3+gN^$YfPr&Db-)|Z zcCs;OeQ89L8ybQkrGHRv&&f67I#l!s@kjuNcV6&7j58^-udZdx`v|@U=OT9y8wrr= zp}aSNqtnm7>{xcrh8QZOff3GWM-0Ca#|D^Ob}*huCXwG!wBx2=*I)w@^2*_qmu(tk z+OJ(I-C_>Sp>i8$>v`!%xBA`uQrdt<#34TsFee`WsokifOVKoWBEMo8$aBsodnd~^fztn2P=CIGMZs=f(U`e*kRkiFehmiL*#x-do5q3=Zmjn9)D_X}w0 zqv*88l;Zk5jhZ_vMP?r7@O>NH74|x$z%9X`0&aMSUC`kO8m+#cmF*7|p3C&BCCx@S zdJqr3JP198St6vM*x$uH7O<@61NVg3FHJz-FuK5O(FLO7A7TSTfAXztjrxyG(5ZdyAZKM-{@h@T9PEr$Ka>%cd zrd3(+=6QP^L*aU%NEE3&sRmax(k`rK``ev~@)1HMbiWxuUXBAV;t_5;dI+#E_IvT> zUqXM(X9oy?Y|<#0e72f&AB>C)iyeDQ6bMQ{FWBjj?U(^Gk#`-IiOLv2i!N7h8 zo;Sm%jLI~H%sp#0?PMg>Orh={;JGcf=t%RyOm!Dkj^BGfCmHHfYTLyIUMinT?KB++ z3)4Y^+Quy?bbIat=uOS~D6}w8!zz5acJ4#ApxUj*Enw$)Cz$U8&Tn1TTc1R84kuD@ z&JtW#&dIdWAC6XnJHJM2xY>CD_Bezo(VTp@z;xKe1Sp=G_a!QGBi zr-ne}Rp|K@$@(i>YPhbXRpz2DhM%IZ$<>RoSQkE+2GyrJ(5@}mT(k{AKM}P^XN}il z^SSm;Pp4)SE}1eo1HIIU;|Hr4^j8o%7(w%Z+))13k~$%8Z-qT>-6w(F&s4!T>cK67 zYnQBvTIe+kn4f_+`Rn`5cb1WHeDTB`{Q~Ea=*_y7MXi9D%btL^r+5!q0{d6x|si`5bDjnDXo6|T({~aZ}Hfx!K zOA@9tG&D3kUw-@--_;5mZ-&Ufqi_U3?bDD%u}i?v$baX zn|%k+UQjW#dAKBrrkQes$i%W0Z>_C`bia3!E^Li4;D8x?EUx-bTjLIz=UVR1@c^st zrQbX}lBFV!7go~YCOudi&(fOVE?GA8HF>nBKj-E@kg0m78n+IqU_Q9$u}`1AdlKyv z6!?y=15|&6%Vmp}WbE~+2xc&%`)~|X>e@|w& zPdxR-YQ7APufGUv2-uT2b930}SXSWVzk0o|L}}-Iy{q8c<)QXzi%6Fw4?(jkT|1-x z`rSENaFCr7ENvw1>x`LZc%x)brA&L+q9ZG%DD4A=KFLDiK8&LFSX0TH6H7ywvD2z% zvHoBQk}J^hA#NnRu4p-8SO=4PmCj@s zP|gD1enF8(rtQP&4P0MT9fd?%N$+;z<}$7Zc0%QO2v33P?k_lqAvxxj5$WQ}QQhC2 z&t?ai%)^k1-IO}3)(o42{#N=y4wW<(42bw9;{R#^e0oTdtXnLS)SRcy_W3=|wr{O@v185K)G6Bg=IFvoj<&@uc8^hohWWIS zK@M14VW+q0C<`R)^5=jl`3-!K5;bF-ZJ8xp$)&FNH(Y# z4QTbGDcWDqwYXp5a`yh3Y)aAo13$0j2mXjtp>tc!cd%UIwsxLa+V|+e%rFp0Cvk%j z)PzPY%likH3wUuJ-gdP8R$?Iq$n^q)ZE%S?C2VoA9Z=6MOeup!(g2NX5+&Fv8Qb?| zaf9sOD*G_$cTSzhNzhXReLa}yb;{k25JEGOrZYi=_K_56J}lVyFL&BbFJDxa+XQIY*@vXcw!2r2cP8z>}&PQlC>92hvs(c!huwHEQf{sRgvP2sbTgzef(dZ zd245oxG$Uh-_SM99HXM^G-A=qYrC|XVW<%;a_xXIyOQhV(f33h)S|r{SvzTvv5vE) z#3w^3g8#vd05*_JMFq(lTS`rL^?01~4WvSoE@{+EF679^ocyrub9T z=LxgT1LCI1(-!z1k#1i@dW1#VkX8{o3WrzGE`_m!QrA0f+WIsR^21L{!Ij6WSk#*6 zomIr(Tm6McGIulpULAN3yNA!=h>2pw>G5zj)DTgbc*wGS?EXaN&>{MQmAu_5W@l8= z$X%IRVNe{>kpPmJWH!=|s6r0x>p3??9c>y$W{4pP$g2Ht!b-+EeL{jzkS(*$(4fe? zudAxRsic*t3ib(6Y}HeivLKvoe}mJ(AuVBR#!UH$zS<^$zqD9t0bk~33zZRn?Ge)r zX5Eq^stF|~7ZBiK{u!>qpSgZ{>8McL1vmV*`>&G?Z>lMGoMcp0E<4kDjYJKDwZ~ZN zv#s+|)hsa-mIlBy?qVS2x(SV{E_|Rj;4mlfQAk z^HHNIzv|icx$MNZx(W~u9~SVGPtotfVgoM7Do6{JyQJJ1Hab+%t%Ul{j3^ zJa?#Dl%+89YmQlSPy+7u(98yjWn*XMI z=vqR_{{iT`V5Z=WN7;dQZ?b_hr9{2rg;(!v4o zd0ydyeXi}hHB#E0^-~8^;Hz`(bwFRLVD=FG+sc;iW*=bskh-2R;p?g)&xIs1UYy*s zNiW(BaVf_D`4XW0N%;^KY_sf>Z{E4EwLNx^*@fM*+Zzk)$pv9Thuh=y1zWv$2*Icub`~0qbMJ;zLe^87V+S)=W!w(fQSLaz~ zT*i?k!ye?NjDEl3&o@xbkAtF4AOX)rPl z)iW=T5%UyCT$rJWuC4>VPMVMsgRIXJiS^(gUVM+j7=d9ma3E@-{2Fz1%lpmXq(W)c z8wv-Er1Kyj5&jOgej8d?8H1~t?sDOBOu(pd)zJ8vNR?kvHqnhF5|^{2^xDWf*raEi z7|+seT&-|1*#YVN)0OnWc+X)?L zLxy(NX1P#q0s2v2iw!eP#2bb9}dq;p~`GQF6?M#WA1INr~bW6cIP*cfq4bq)tg0}Putqd`} z>-e~Y^J~h+Q|Aecvsjmg-?)B0Iv?4|WAIW9ip#$Ekm`VI(^VNAl~n`qP#lSDU>?5Z zFWky(3JEGwV$|(TH#-15(7p_jC>$`s{xG;+4|K4`ucrglTlpHv8jw6QlZN`xQyUSy zg~U}AeIIK*vFZ`YMR3b3HUhM(;t9|rZcJdT+T%IWz7(YF9AIN!{Y)!!upNhl5D}in zq&R`z7m9F{&_i;*Tb)3ad+p*27l{+d`N}Z0GEaV#WZ(!?S5u2DrK*scc{ubIik(=! z+J!NS7g{2qPKb-r=cC?pZTd}9$WP6-o=a+T`GNMfWPz4Wc;)GZ2TvKEB5Gpv6y#t$ zhH06QukJAwAGV^%QUUAjC3PqD(8)OxgSiZ=b+qQHQ9XG zoG?7PtTE)s2ZYqQxg)nrT8S*P^cn)c^+G zq|J=Dbzu{EZe{lYr-FI^0iP@b&66e_ z+e^ar4986WEN9wqi^F=NX4Krg{kpSY0GLiuHoG z?TqJa_c?ZKd`UEz+?G<{QU;{*8fhbq+d}1N=9n3pq3EEST|rjp77zgw^{-py4r<+J z!ZR|{PFscgTraW`c%meh4OOe>y%yLY4KeV*Cy~1)$8bZ)hE8pzh~v!{C%YOB#eXW$ z*m#JM@X%@D2%nPk#;JYhK%wK=VI()Y#*C@HZ|m)j1MkT#6CZqz+{^1bwQDaS=L-UE*u?0<`U_JvGaZM|Z~c?8-@% zARs3a6$s@;<@jw}#W)`|RY1&&?)EPazwK$;RNiyr!cmUc*LujK2xMe`D5^M$Fo--k zJABS)e@NWA7W!ed(XIu4$f&ELB;i@*EOif7Ys14KxFWVZb&BDJRSdJ{wfxJ}o1&3^ zvSNV>MLT{wQxV!>!VFifj-Dt$-B5Mhc`v6-p?c7(-wO;mH5I)iS30v(xn+gQ`vwEa z6O!27=k8_2sYDy|zxrTa@a-{6ZBr`}cafY4TjRCHCd>`0wDUINWq#35w|Jd&Z#}8(&&{>DX-i?o7Jb zFOvS~^7b1$lA%3NqHwi=wEPBXJ5Y3GXe%vDZW8s7V(3$5)`PVU#xaq^&I>GMk?SV+ zFDZ5jhw4JZzMFZUq5MwI`N34wpXrC3ODmZ;SB&lw4>M~_p^V7LWI;zmWT^09h;zD| z7KT-zsEXyvYjOU3uGk3kqEKNTLKa$10-Gca=d}Tm{m!?Q&=*sVPf?ZnCV+hl%)}xG zMLSBh=ig&&EM}C>FkqQjqwnI3Lq7XBl>;j*z<_I=j>AwtX^l6?C~D(Ue&@y>?XSOS z!bcseC>b@74Wgb1QJRQ5yyVM1Z@AZIQ6w?tWI1((`^xi@j^>>P2OS{nbiNf%=O4(P@;BCQVXfBiTfEBUI2 z0ng$qXvabmRc}o5Ic0)ia%F?qTdf%;NxcH#S~wC?&s0=WO-WNaL;7Wy=<<7l>8TUl z5$+@+ZN?$k=*Rimj~4WS(V%mFT@pT2FU^}b7%I$g-pXtk<-JO>7*lc=Bl7Fs0g`un zOZ}tq8f{~1Z|?p@f+d9HUYKyGjqMD|8tdOkN5Zb#ABnLV588*ynlG{!!l_2CCmGG$ zGddvEbZEwmcw8l)#5vRbvV?<{b*Mx4bJ;Qs? zUds5P%A&WX)t!~oCFgK-IBvt2p=dYbx5pUmSluxQExn3>SpU~`c zAXI&8y{h}uQ}YH-rSpE9VP9)+tJ^({r`Jwp&(yS*b(%FSPb?p#(<~@CEq?SQ^t@~H z1(Ah!bGJQL1gOjIW%6apnu1h-Z6f-NL1ng_x3Os|H=Dwt$FZDT~kGiOYA7O z%$bo^lgi)dOqrp(UPxBqMyhXGAfiz+<$UADjWpKGHzO1pZ{xk%R1LT2K2lwvlDHFm zb27Z}KC}Sx+K>3;xNq-2pi=MI}l!;+TRgt~8tBE1{;+!4G;U#{Bl4%<6g`dEJ|H zChBtDEO_Xg*wPz!XhNk>)Gi@HSeMVv5oBh|H={2H_}mI|5n#wr?0M=*OIzzmoY$X* z_d=)<@6^6e)q4^WC*As(+rCMv6VQZsleS;>(n-9ci&yS8KMY;@L|$p zxwpl@!d4``9=d9p(j&-fcpw0b=w=-=2ZpS9r|(TTgUP!6z>9U4jx(|U^#0}AE^Xht zO)(ff4g}@0eUBK5)kc)4U8LC8BV~N_j`qUbqBVy_`6r;|s zlGFTyE!HZj;GY`4Z#R@pZG&=v@^1a5#p2ninGSL}Q!%BIqB>-7KhGM5$bo*?+s%xX zx-5W6ve+!eWw)6@Va7M=K=Qh+NV}BB*Uz~h@AG31FTs9IJ~3Eiga2bSW<%uFat0)` z_OYbPtU&|>e_m$0ykwV=VTh*;Pf^TkTpu#dB6(nLZZ2Ls|I2lBpx8RC{(4x}yW4H{ zcqkFmx>7qk^>#v$vWq*5&kmhr@kyLO$Dl-Sah~csybwcV8$AVg(8gMrYrPYb*-e96 zA7Q`fHJV;-GUh~F!7m43wGBgU~QTzm=?YVYMX6W#r0`&1$Z&fDzkFL;+bk4em2 z=PoBp8i{xgW07O0s@k?@<>J$9;?Q+L6j@SlX6C&Xxs_|-A*oUie5d~ojZMwWK%SNu zU8Q`?eAcukeT-$3y_rO81QPtXZk&nf@4_Eta z|MM+@S>@CRnJ?~~eZKASa>I4k+*(>xToesUuD1=v*nJv{s4Oa*|52qP!4P`AMr2f)iRWZslwbzPbCXLsc>5O@5gpHS-{-%k?@1?4WzX6WlW<`uF#yj zR(^VoSnEkZG(J2(6~onBq5)PdhL;u|9sKuOZSN%lPT>l%xWw!kfhPzrR z6i&R85W2zSUeDFHf_<^;YqapM7%-y?>wbak`-eL9Mkja@9?582on9J^mEThXvyt3B zrH<;i{~`pUpWNB#Bz9Y6FeqR z^Hj0)GKQd$<$=b&34q6UBU#F=|2QU(`95aUA zZb1vyR!}UQBnM+)>LP5~~%EP~;qXnPwK9iIK!;;xYw8L8!u%FY`qM zr?eToXYb%br1Fn4EK5wM1>sC2!P@*dn-v5qO(@}rIy6%!Q>*v#C_9iYsnAY}M;Mhu z82`K46=_Gu{;88lg>LFzmILkF1sV01Y-pUoZCx}HK}^IPY+38W3=S%~mp>}F^d+!I-QVbyT)

    kV~nocoZJ@&Isg-y|s8A&T_; zLE7%t+MWJrd92cCWM9gCS`8AjSs*P_AOd=YPq2#TK-JO#K`gpHTRIB5W*t5c6`i{P zHHrf&#IjN*pz<~g>wYJu>0ct`PH z9>a>=`aX0TM-1ta?h=UOG-ByxDwtGGTNi%ABa6zT1#2GN zbgkD(G}GsXMo!xlE?#7WzJf+3riIDCq5xEF*gg%Sm)g1_>hryKx7(;_=ItXV8@AOU{dK-b}g3dH7(V`Y%$LEAfn}Wb% zfFlxsF@hnIUtvpPG$;o^=GbfXowP72wPX9s-P*E+fkNRsgMFOg7y-Sfp_BWVR{mBI z2A9d8pt2oin==y-UU*NpqQw=EPVx*7r8a0yZUu;e3PqRXiLeRa-c~062lqx>!+Y+C z?bf^eMUTdovc+gwaNnk%*r;^kY$!7O=Sn3g0(cP0lUifHyl`}}vz|CMnH}c*~X$#I!>aG9sDt9%Ye~`70SR|oYbJ1%{!+(e-&so@7GG{E)?kF0o z1U?0*M+3T8G3_if&RM>wv~KePe)1bpRqEC* z@rs|d$UiDEeT0Om2g3Z(3J%KI7E&!hCz9Yi)3w7bsh}dBK2xlusN9+3Ni||GCfAH% z?=&48)WfJeaSSG3ykBC88_Iow{lYzPwD=;mBe_&==@B)w940*2HBB#qeu=?1}w z&gPJJkSy0N>FSu|*DDSFes-dzZNRx3;xd|O-CPzL>=>0yI$7!TMFYJ4pGj=rX2&++ zRao#OYSpFer6?&&g8b=1L{6 zOjC;m#)itZ@NRgOR+>Hdu zY%wLdq867_IH*`irn}OG220;d$)DL)4zx~nPBOE3{TfgN5wj!%6*KGm1Wqm)VVf1C z&q%vW7oiY?JU@nb@vb#(D7(Z1<#5ViD<ng2rzYm&I;QytyLbeY;)z$hdL|P`*U& zNY|u?&WFrpnSh`Ygb9}}be7hv-6?3@w>>^b7||BWnmyPldv5NF7KY zlGg5MKNT-zZ`->6^yp6BpohgFGUAWtdd<9tUV=+7Je9kJDk*qaZ#a+}Gg`iCi)%ErQ(<`G=$m_<=1Ast{g!=%Xlr;Iw+k;l~`*NfwC}Ix4g=N|*M?XnjC0b6a)Q zmHZ9YZ(Z*mG0l5gLA|Ses{bv>i3{8YX@PGnzb{9SA}cAi_19b9F=)q6YPY|4GTdk3~Upt$5ZMr>AXe*H3jTz_jUrI02exaZA5wY9Jf3*O3h{)kYym_2r94Xv} z{GH{DP$K%S+Y3zTr#)LLQCF$G)NIm){Rlz9*zX}mE|e1ZCA8$rfw*_Y8_6<+8@zVm z1_^p6R?#+8xR9a#7iTr2T+Lh8Z=V9RZ`qO)DB|XJ#H3ca&uHvdyynK@3Hi&5rrXuX zt1Pc6{>}$Fu7pWu#KGBv4pB~2Yt%up@M5hc25IKGuj)DtzL?__l;T69D1&xSQ+E9$ z=WDk&@SyvaYyCOnwT*)Ev&`~sy-l8^lSKpPnbr~lp;C)ZDCcPo+oTt+D!~lxofY+t zkLd{#S5zH`U*Oy+*t$0$rTBzgarf7+kLkC!mhMuER5h@vCxkXj>4yB|eFws^iy1Re zGi4kPBRZF>ovq#|jl&A!d(rNfsW-oIoa;_aJh;1|wny}nJ3)GlPv^w-onHl?OKpZ+ zq2+LN60ebJvd);KJ(gcV%M9<0X}T+u_Q`fG(p=R{^~rOv75h+dzD5VeHyhVAymjIv zR$1tZdGv0!XGC;;vPq?x14onM|ElHn8`?vfhd*5j?ZZF+=VA1E^1*o24GJvMHjwt& znaw^O6}>31{FyujUm|I>rcW+J`zPvguGm%e#Ue$ed^%gIxIvd2X{l|X>gX}q+iyq# z^r4cRV!JIcnRs^p50g0!q&`yS8Y0*HOOO;c3chmEfi3IB$m~WB<5W}?uQ=x=A=mL5Pb8cEO$E1g=cwG4n1VrSREP zngzs=E%PBVJzS-&fs3z_f8Oiv%H9@MJ$m+`**rl#=*k+O$Hj zy3u>5P?{WF1&Y9)>Zybia0)0$7gDnNy9*s>Jq!DD!G96jM ziDw~PX-dEy!V6r=x|eQ?=ON7h`Hf zuWs-+;;C(f1cPK&H?&_y`_1Jc8MEl6FHXYKRQRk8B>T{i5pF@~G>(6LIy?E>mTtJ< zYq~>%`}3J%oDm}gw~U<1E{1OXxets|;6yd{NvFIT({1=1Ylq;AmAOn$-H6n_zlKxQ0a@JI)Ss^t@WgrELs^-<;jdJ2BurWz9;@+=ULuOcdo zS92%jXNJOkIA0p1(hz3;_d4Nh!-Vwu+1G}kuyFpni1jlq#JYj~Ll2XC7|46nnSMgM zNmwyO4DLZ+8;H)2;Ot*I#-t76)n66e{j68H#6aW(&-=QPe=q%Tt4 zaw^BHMTNwdMfm+$h_tX13KKo#=uvAsxS(N-KdOF1DY+5f2qA0 zvypnay?>q+Hd3hk5_UkLcR@PKNOuv@6$jw98q=Jhz=WRUl?JiMnZ>3RUcX8!Xe z@56-5$%~FF;i|&^kjS_}y4fN5lZntiuBsX2H*9g9z>^}&MTFx&KOM@1a||Eb3Lv`d zj5F~}ibuGDYP| z?%QE&)l>bT9qte26V|e27thJ1uG5eUWhox6X@)fq-zr>+L-DD@E=;g~{<%rH(Mcx_ z9^E%RW_y6e!AZ)U5j1}~%zd&AOPLsG0&|clF7h@Cj5FT+u75e7e?pKMrvVwIF9F|8 zn995soq6>}U6}gtX`-S&M5E;MAC1z-d&uKTA%>JkETlTlv ztV=7ktOdeKxSJJOf!;=5I2SQLLk<3*j+U?bocHLBQ4oMbQ!9&@J)L_iHq+&oA$G;-J9(-MyWXx5dU+5#xbfR(uU87t^f& zpt(phlt~3}VWPl32aYpLQH5dcxAhde8rP}y_ieue8q0iYeD1raA(!pHnTmP$o*SnUnSxU1= zRzF`mQD_U%{#352wo{q7ztyA9)cka|;F;l=>%wu#bbE5;^)~OHi_>c@-}^S5KRp}T zzCHWZ@u%_T>GWDh%c^Z3R9|l<7xo*f{XM)@%|HS?_x+Zf^tg|TpS2Y$P8kwF**`!n zGX))!0Tv|>RkfFYe%5ofY~Z-aYmj&)Vq3GN2oGfTNw=q0UnNQrItPWd}FyYM?VV{#_MHT4$e{lO459O&sKY>4Gx{sk`*dVhqmHf-1dZp>?_sJM&(c>)fQ^vO% z%nHpOtU<1ZC{$AS9_^`xZ+moOo8)HyI$dn0%e=kG+Lgqbx-{}uqUSKAzKHeiL%*E8 zJ1#%Q(*4|2qd4earNn(Ir|l}`wt2SrtU7_kT-D3>I3F7RjS_u&Gp4v1VEY1J>=irX z*}bcFF>dB{EGnj9YP}MV*d3a5p3Ox#+D--=blbmW@Z#y@oPEV(c{l=5lzO&JBGRf@ z=uD9h%>r?mNBFd@19F~`CLtjFSQ0-Ub(tU2uDl?tCTDDdjqjbVstIq6tR3{T|54Yw zH_{TYqQ3GmZ+!!cE@kly<~bei^H}nBT+is;X1n|T*MzR*lPqy;)-SRMOTUpQeXa98nS57Z^`dmYcZik4pW=O&OWO7%Z3)SD9O}M{tQ9iwFK56tUAW&OA%QIRjY}kk zxRlLR$6vGAF9orz|7dE^2dRv>|9=aC7d@UI)LSOxY2=EukS<$p)905Cl6G+!s5%ci zq@8_bW}cO-pDle)mz-mNBE!M9~nU7&4 zd-J9Ahwt(56I9t@ONc?)^A~*5-Tj9nwanN}0+TxV#dEdyia*N;6oZr3-|2ub6nF#( z1xt9vy9@e3y~G2Zy{;b5Eq-s@ootwhLeb~H@1Zm}Sg)^gA5q?w_N*ncTzf}zyt{Fn zL>ek&4h(x?miVstJJsTGfuX+aa`cRX|E^wmg(I8CR#r+CntZhAQrBk2uITrT;sv!t zo!e^frV`nY=j{eQ#IIeHmJoSC+D;*Pz~1%QURU8&ns5;Iz%Ghsb`W}IeCA7Hmyw7Z z)i0-c>DBOqb4`ZZMR`13$lE}JSooiw`n(Re1BF=n1Rk3dz%B%&N*y9RiwyNOuD;^s z$B)+ARz$fOpSKJb7_(Zm>8LRfdFpq?4eKSN1G+3!@Ixes4NL4Zj{cp2 zPHP6JGm#SPh}zWJ&FWK+<(2cO$B>J^{95mApiF45*Nl--UOBX>BTB1WPrh-qlAa~! ze_^~gU31HI+=`+d6qHF7v+{=QOz~0_@(#sT=ULe-f0c&nXCp4#BYNyQ$)kC?=er#SZwEb@1mXO^OS`NQ05ktR&$ap zB_i4`Pm{9u4-Ny=CsZv9J~BR$YYprK*vd)>+^JQjpC1 z8oRrxqaMdrFwmQ*hv*LBkw+|-J{7xrZI=BIzOME^YKV8e#y#x<{!`~`W#nW;ZDX{R z{CcRB-x`Zgtnk+Lg~p2x@0;Ok@YIkmH-PA2cO5qnFaaJX*0??%n_l@FBhLKe^% z?>=-7uF(?P3o08w`epHajLZV!$w??vw5g0YnLkypevNbRR}vEH$+Ckn3sI&XVYF8> z`06CYzBe>=_Tp~-oym#StYTyB}!V9T;- zsk#J`Gb>WS+n_rvvEzHD;JW5J>%?ce1rOH^D(;}{emIIYJU0uJTbbv7AtAZp;K7as zT_i73Y^M@&rVFw3ffk)LJp&ux=10q&$;ruCz?m~1%Jjp=iXR_+3>shblx~VbW(28v zBa?9c+A8Vj+?s9yUH_0odgls8r6*^pQt?6QLeCUP#Wizd%g}>^EEHJp?Lp$r^D!I` zDOtmN4GJ&$Lnt&_V&aS#dyPpJb&VB#s`r)n(g`{~7q&3`P2XiHQiMrSUO zAgbqto#pQpLoClY`J^Ivw2?Yl83lmB>;E=(BZ z4t(n@)K;y7xDqKh1IEQr$7msAwSHd~dMhC91AsOp$3mqWJ#-hA4=Zu4sf|PRAj$IA zwY67Xe4jUY{mnx}|0vdf472#DkO-ci8kC-YEwUE^}=TW{D%~wr(VR2ObD1#y6 zhHp8yg{j}!M~q?@M?ODaz}f^zYGIDI#@sYWS!E6;oA5GCs07SDKH`soLeCmcb(m<* zO1BAM>hDZS%R|)^yr-z1lxmW%p2M-<{EHk_vHaeFMdnhRGLnTU?;W%?!(F8FZsa*t zxCrOk^98BMR2I1Gt~K1zte>{Cc>j`CCZm3w39E4EP<^nsSPX*7L?KCb?JQ&YgVh$H zVrlz5`s3Kkw=Q&u(@Wh_ygk=bAY%jOkt4TmHj)JF&ZZJ{e7O{A1bLs222975+qJQ% z%Lt-^QhI`BvvNnIK9n79cek0b&#APTz{~g^|FtaW!Hgy*_S3p`o}zx#+4BC{#ZcTY z=GL{qr4roavaG)!I%6t7j8eq4K=N0+#-OiqNCqa?-gzMWH0(dH(A?Gs|L8SnqVBR7 zrKe3VXdw$2X#UlgSJf*i?lDNcktZ{W3rOYV6XxCPuR7VXjVzJSZNN&{z` zHeo6X$@jXNFzE`aZ{z-?vbP8@{JNW4&$nwDnbkGbnO2cB$)e}Jz3{{{zwiva{~|Gg zf&CMHzu=SSDVUz3*+}0a38=)|_&Zp)Pw@_&VD$d`iqPFS;@?mHpKHGN^a~%I0i)d5 z{x#JgckVyQvNe8q0keIJ~YAckKzKSVD!Y7y3eRLB5ruDtTX@mwv(ozc4lRS zW>jB=WS)w+IcrHGrsSoaj|!wZ&&6Mc|is zRZK1Ys@8cQ8_f?e^@ZwzB(krm@7%lT4~Uf=45#_;0Jnx!>eYR*F-ViwKdTWJ=n9|7 zqdh0chEohXc#CGVaRrLV8e^H|{@eomDTKgr8y%69r{FI$ld-~b$PGILO@OHGzt7B#4-|z_Wl;&Bg~}Scl>S0+@WtZ@ zkmuJ<7ldMgi_noVAN?`H3`7MZ>vjsDKh=-O`A`%0DFVAV+b53IwY`&lO&HTqci91GMyF57J4f5_vE(Z=KlwAo=se8HT^eAWSU*f<~T0 zSPdmWaHJwbXibLFOd|P|#&!OCgJb|1#iWrHGvT-);E{y&*1x~xU~a^J%z;MrGT|Vu zuUX`5lL7GmqgWjN-wO+?mrXjE>XvOa$ArXGN3J!|Sjm5PF^w#}NExYY$umx5CQiWW z_1=Xx*=&syS|06Th9*()pp;K9r&Qig{0kN_;e4i;#MAj45qZiq3GU8BY}Iq@D(o6K z_dKXuBpp54LI(eC$rET4Cm?f#eN~@cH6jaRytZCY-ov+ZRucbT4`U$GU{6M!dhD7B z89+%vvy#oHAS74zf45WJOh(u4%J;Z;FnBoR?l24|tbdrBRWSgYNJ^1$PjM0_`?mzHm@{UMp zE1J!G+lH%s2X}H-^WABU=R7CBN@Z&Z0Ks-`Yay zGw3RK8~2R-yRj*m8wDpQ(PH0-q+rNIRdM~3Ot5!dN}o(e$48?I)h0jXX-?J9_phkF zIi|Z6{H;TA`vZ~i!yk1ami4SGt=Wlz0R-^0DtwjZK@Y>ekr=tJ>xNDB&g|jIK)}~k z)rYd{P<9~{B6T#;9~|i)v&dQ#u0ZlW3u~D@fApA@taoNT`K1OJS9=`?TgV1z15}l} ze-FZQd-gXrWAz1WjFA6k~s4Yp*rN(rjGqQp=gwZ>X6_1p&J7a`d z?<)vhV#84&M?6lzLreGsT?Q&R36``A7sPs{fgkCzVNJHs_GidLVNZn!z3}8#hUq6` znLY_~%7FaxM24hWj?fl|`PNNC_!Z)VA|iuxC(J#&D>2XLbH4qZsI7R#|Dd3?$N@xq zm9?KU%$;p=Z7>ipXSz2zxl{felSM-QtU3&Lt26hFccfkDj0bvS!h^^39HJx9$=7$m&l&_je{ZR67kEWM0npf z58HYmf8gXu%fkV^MA1XXMu4v3#hPf)hbA@#3+Q343H|U)N8LwaNc^~O)WKi~ZCWc~ zjKmq5Y(FE4kxzphpqRCF?eE-;aKe^_HJbaqP|6l29ZHYdPJo8Tz6eF!fzgz`#RUz1|_dvog^ z{RPEnvE>ScLfJ)*WMY`2@h3D75cW(bak^Z)*z6tmkn2~d3!B#LzLQY5wZY1%{l3iMSUvw&L9*qPxLL&F zBlG?5Kd(q{eHal^@Lih@a~Z3%)XqB3S#YJEHEhG5NqFL+b=C~dR|?T~96DM0{8!uM zse)c+U7BCnVY_%&27vV@;&rS=rvE{Dapjx&2VhlFB#F%ENh>d$(n@27njq6bL zax!kUN9R_yO3N_1>A<^BaKJg>NJM2lAW6JzW>&6fRNuQf`#}z$%{8l-ozC@NEr9XMiT{tSuYiiW>-rT$ zC8Pxhq!Ey2=i%hcE68dq{KbJGG^WhmMyiDV`Te*%Eh) zP^F8OVj|ypCu{nJ*Ee?xT9pR=(anikgod@g3&um$j+$`QIZXkiNlq&Qw4n=%ZY{<; zk(~`b>r&jV-{ag?cb9%`=SOyadn9aDH;^dJm8Y6{k^p~S_e?Fj{iE#02M%@}E0S{Q zt7FaMgSb00>wM{T%2k~{`Ohy3xh*c)^lJm7^Hr0KhOCwXs8SO8~3is?Ar}Z2J~&(k(pyoh4HZ{O}h0=zHGh` zXWRCRd%MaL)}PsYGs}&z7ubDE%{ZtzmB^y|H0;QZNwsa8Gw(crRiC>sDUOx@-Ijp! z*B?tMPk~r>FsJj&0LF+e`>uoY_ z$Y1*U?KZD7MBSx?aUtv?*TPTU^Askn9hJ;F2+U~Xo8!HydY>mVH>d){7~HrxCA-Dk zD#gZ-fcT%P@gn$KtoE@P8-Wj<3Ls$34IvF z?B_n+WOz0`eN6Q)Io9tbTdXM@jE&XS8t<3uRPFjB#JA;G3$l3Xvf&xrrswz5%aEAG zCMIhf#^s@|A)BjrV4fpsLM7SC&nuM&j0%!IY=5&31sRy1Vm6jE4EW0mD-2J1)tEI} z-xw|2q>Fl=PBX%(MSUMrUc~6W|GDG%h&dgpTr7eQ$-@vqmg_Vo615-WlfIqV5%G^= z)4NVrAs^GR(`8|Z4m5eh(KXTd^&_`uqLtS9yeWIRFvAqB1pxsAy-cQCSE_{s7|H#r_{SmH>fXgJX_4OHQIZ@Qb?X zjWVA7O9}SV_yPaiocZ(Z42FD-Atj}j-0Zl6fG4GEa9xSYi4P%crU%VN^UVfH)&Rwn zO`?_%t<|xF({hJlYK(diQ=)5l<8Za(`aOmTgu2p6WXVwz*a~ z(-@*EQFsi~*b|6gdFG=|A)Z!i0+3zh0+f~(1gpa}Dc$PV-M?uNkDA zT4HE4^x9GUc_NYEdRwIUk9B!c$)wU1@r)IwxrI=3t?fq>`|qwFSj?{duKbUJ94y}O zeHFlWe%Aa{1|oAvHy(9YL$Ah-nIUa+n>Vu`5OXc#HZC?I0{Z_)j_Pq`Jv;xI#c{f`Svhndx62&UY`#PTw^o-N zHz2dsWwn;CM*{$mi2J`GXZ;&JRH@KoIwN9_Ax{5A9P~F;sK~$y7MD3Pjd_VFCfgaL z$oyN|n$y(T(+nO{{|W8kKw_0o^7l_Bf?7FBN)52*YY_%du)H zK8CTk(Bpb8`8EEanR6E9%aws6x2-*SA(z8!u1<(2U0xYwPUz9VlSWSkNKmR+&Cgev zMYYHZM7d5qEw}qVXC>B3(MXnD-!~12c}VrDJ%4{@UixFD#OIIv%Z=*ghBMk9FY$WU z%FmX8S|4Q~Ly;p{^HJBRKIaa$InX?uq(~tc(2>AM9U(FSNhS2a?2&vo449b5{^1W>HcqD4#S)Ntk znRcAS^_{zN`Wv=o@ANGkdpNB_l`h$PSRzloou0A$$&K1El_;q^+6>MadJs|!TIcYIm(xJel$59;Mq>MRnCe%67d-^ zsaD#o-6@8w4rJ+UenwJp$bfQLgz%boRio2WM{S8iK|4v#O?bK@T0u8A4C{>PJN)iI z1d)@?T6&@rVy&3DuPdGGuUNW#O&%+>QXTayxEAtwJ$RlIH{rBo%);kn>nUJs`WBe% zg=id6*uHT3O0&F&jb-``5FSSoeM|IVGS%3LFVqSMQmW0tbc`N&Hfrf+Y4&*QTt zM<&+FO40BDf+1mIRr$H&vy&y^YN-m7pjrednAK#P$ugE_Z2mGJol3@XyiTmL92$1Y zu322=uy9mANHzXkEknFAHvRP{x$%K^fh$3MN76#96-riXr8c7(hvsK11`alF%+nDg zdTdj8Wl8t&sTI#JNh~f#ayB6)mZbtpN%BjICBOO;1;d6!o)0CqP+KL;fsDiG;gHFS zaf6HYzNI%Sj_1bUl$g&p2CgT$CQb?zlt9@JDjH zQ@q>ag~~5}*XdwlVX3{N?MV&ys^WIG7xj-0cbOqCJ*OTdiynN>ZGcp4=c9cXNg0^{H3A>4(P`pOJ9nUOt*QmwqPR>j&(jQ#gCFkTZe#Bknf-joZ*M#sh?s)(&!R%e$A?NrVV zv{%e@y+W-TS1CJV5kzD@^oF_zc@tduq158O=sxc2vOiv*QDhb>R3GJeMXRO;7y1)S#>3^a zq3IGGR(|JB_y^CeVVgzk)UDTABVm#%9=y5cxr7i%A|u_6Q7ih|_IYh-Ulx;d+WDV} zp+!2x{>U@eyPVf^G{uZi&%2gKwCJ|T*7_rp#|BiGgzwZ`7!JjQHdN^nSpciB^8e@-v81o>Bhp<6|b%nu-d>%+Cn!7F-=P@(u5vF7Tdg zltb-F8ieUhLC~HMmIeBPARVG*sLjryq^Dds$7ktB1UzM1YiocrGEo-3ZhE#02bDl9hqv@$Y*5d|@%${=jx&tMh+*qAn>f(GTpApB zc~)s6cAr9!OG+vk(hQ{~AK(TTBrCo_-{(e;je-{SlhwKT zm;-7LLq3kShz;nJ$Hc9x_8hfW!jKpCszJofwQc2Y*F%38ymMhBHHpFnD|6?T3{9>l zuOi^^j$EuR)r`7=i3cleUKYx{6{|cM~f-k_7+T1arqn;q#n>*$p((-E2g#B|7m z^|;@05+fPi!86J&n~_NnWq9l6E1ge)3X(A7S|VtLMhNP>NI!c<019`;N`>5Apz9kZ zHOCH5!)$mhIk-WowxtV0@+NNfjbP@>!u9!vX9}4}EA=Ab`b4IU77U?@Q@yO(XgBSy zb5o`JR+YzkRl5|&+tYU4ry-_l?^nB<`2$0+j15vPM~{_@nfq9m(qik|m+V2OmR|(I zVmBCzXFqNQE*!TKuJmRHTqiTv?6Oqy3cxbb_KOa8g3E;5awj`R3zw=W)6;HhAFddK zN}}Xb0@NG`>)qj=W(f+(rr=vO67LU8K3_dE%CILL=`C^|QSoeSNOJ4f^Ou9CaGJ)F zuO5IvspnIWR4WtkrBB|p9+VQ}+8<}c-%C)!M@--|&M;TU8(%&(3i049=V5^pt=H{W z-ein{e;nsU>jG--Iv+cD&0X6tt$6u*wb39zWOUnL;z5h1IM4Bz8=VX zv_$4b68xLbFy`ff*q5KUyhlCv$?T@}Pv>!KcUwEC7Y7RTiaJ?fa~pz2jr-pXorR1A zA0up4s-4OzNXqN2XFVkp>&}-CNbwYx!w%%f|~VAG5fs` z^{?fOa0MsT2nY#Zz2~t;ta+`efMcZS09jN{te|hdP1%U(+8E!XTRs3>Y^wqdipQlE zHv)5yZCYr?dB^|LAb>m9L+ z*O1-0dVEj|ST0BU&HWs!p)^`iQ3_CKG^cy|&Ir8e0h$-lTS!s7r&0>7 zD(1p2ry6U1n;h6$4Ex@*3aYt{gSgLq;X1R^_x@39QCrMU%WNsPU8s|gi$@8f-Q$`f zjJGs~IQ%3Xs;uLWM!PYdck=m8eM>J8z^8VF3GLLfafOP%4+QJ-4WS(J83M{`@=Qxv!d|BMu5s!ZWn)%u#Yqeh;&rP@Z z@PK|&Oi(p;mjxztQd%0Qr#l@IAGCpi8A5*^vTq_WBvC?+L&IgV+G7}OuMe13gSoO06=jPA7%y$tHXC5BJL1|7%c z^~DPW8QsUi-Lx@s4?C8&siUwNb0@fNb0c%i;t10>-Ia`OIn(5QsBQ{q;NV3A6z3tV zr|IQ1mlp^2T7QDY$1Kv7g=Vjno`KDLN?Hm+P1U`g}T-x5tD${1)$wZK1jpT4Sz#KTcCwe0Ko>~mN{ql4_ zK`xqcE`_NF)iP_kJxF40BugMcdWVh%-Ifm6Uc};phs-aO z!T|M#CRZFi01~&T&u_iq{9g9fA7G_X8Xh4*Jaxsly|OcRvZ^RlE5fndrOn?)r!-k6 zWZ3k8VYbe8<6CWUV?=lfqwbG@-#Otfd&^%8n{aV)@0?IDeRsH5%SfWEXCSE{7gLO z^STEoCnrZ-6k@J;8#1r=m&NWlHQ)T2k#OA@kSM&F7pi8QySb)kieHI+_N(9L;<|1r zP$JT3rUr3DOi3A1-h8sMM{TX~BuFjMuMCshDk6X{rCuPis^0or>%PdvNxolR{jm*^ zx&6Ar=z>zm!)`%7p(IFASlSLD+6gg=uN!MpFn#kNoW@6#2FK}6Pe}(;h>M0zcum!R zpRhF5e|#_BDLJe;#8s_e?qR3N*Aq}acg|B%M{c$w(tc%ZfivWbJKv;M18UV*60^q3V$)@tkrHc66rNcoY5;tGkFt@G&wPuDkN~Y0 zumz>{YBFo9D*So*T&%A#;|J%t6s}KNVt~G=f{f1|IdkZ}**_3RjP;8>Yqu*CEUXh! zhA)vVk;K@G5kI_J+TK&@B@m<*0}Q66&ql<2 zm0yX!*yUB;X`lZ5sCG66@!Ldov`Ce*rSKq_6CHEz$;SV5Df@nTFmHV#r$-W**w|1tL%VSIAqjl7^}H1hqOc(S)zC{{>h zxZC6Qd%O-0cz0%{kd(kfsb77hQR?gWBcffA8F72p>*+3kkaG7owU@L3ly@wio0|vC z^)q)j_Lj{r7HnT^CCuVD!gL^6+3QPBy*w^jOJh+_>8KX)%W)m)|9ArvYSAvZ&%#Rv z#|bj-87VEI;i92&8XT>8{^3Oyg%z`B9294ed$))x2(qiXVHxWCCF*5rqXlkkrfA$d zx!sUO1io**@_+{PGNgk8+n1X7+0u^L6-ta+h z`_ojI_|8Mt7m!E6%BC+N!K*|1Dy!mgUp!;6*GR@}cyc;R+;hc#maK4iIRl%^VcH8-W|wqxu6IibZEhE!^5o2st~ zQa`84nHYHr%kcGV8o$CIA~rV!O#n<4YzkHS?-mwJ^wW)@Byceekid6%FAOuTu(H8& zwskQ*%eBI95y^Q(KIt#4_-;X=HKsaF%mU-B<9Y7nZ$8f)efi6a{TlDnHyo+L`MART zfuooHhh?jJpWSZb`SXoqGBNlL&B+XoIDD;-b4tC3&B)qBJ%S7;9}zPP6hB%R8MU4l zY4{XC=y~Zoed)hGpja3sVk@cq+51fB5}e^s`o0sHEuM|O!&Apz;HeE~F5FMioZE#K zK0ATb-olYEc-Xu8su|~la*dshaXYv4>kubHCF9@4-@VTx6;zJi$NU-Dtu1?wMSM}u z1skmM+UBjXSkT2)ci8a?WxR=to)Et#TA6rvFmjP`*rCQv-+6X6PiFN>eV zx2_*YmqF+RhEJ-tGM;(5O=O;ua|BMGg2^+{7Px5=t!TdZ}ebK+NtDAkiO!|o;cm)W3F&kWMrwb7jM>;fM3yWyUvYkgqOt(}cSJbdJpUeLop z)p&26)8tE8fqe{QPOVnFIuH-Eetl^uv5&v>({|W$^N0`D;=gTG!=&QL}qq+Kk$ z`IEoD0etuSAF^K}kxL1IVVwONh4SzobqrC(WzD>wwp5FgBrCl4Qls!5BZ`9y4P`s} zfu*2!H|_gQiz?h_c_OOT5bm%xk}2kNURT0Vn$DNaYN-}fXUd|QlQ*pa7r1VCn3Rs+ z6-5@HQ971Th)*TiQ?gsHEWdc%#OMcI)3n|Bx^OU)?n=~j^37E%erL3VKXBTeMh%X$ zHe|~(FG>-8;pKQT9SvP~KO2y6{aQD5vxoDfX#WJl#DK_5*Of{Bi96IkUbk6+dp{+S z)1>hSKQuO?#dgQc(%)g%YRye|hKIzjr=`$tVEMc2MY<6GqZC^vzLP<+@uDMFmBT+Wwc}zX1+FDYod{Z6fGLK4Tii>Y-NlV5MY{yVFC3e?sKd@Z&(%L6SSXx+weUx zsF8k!A$$1s|{ZKnV*ppbK+?P_4res!8*-fYW9W| zmR?^3G{Vz{OyE9tyy}I4_A1s7{Ps9LQ}PnGQ=HOEL9I;Fy>@yZ;)MMizHD?7@-LNZ zw_SUw$`e-06CQR4BfqPOy*>5XAv|h^Wz{exPC)1I`GrbPm}C3T8lR9oV6_d2I|O=n zWJ{PJ+vd8bb%)d(b}IZoGaxGROWWi+T!EJF)!$HB0ygk*rjZ>Z-3tbEq7`1Nt{G(v zV2?!ZUSzhvA6U&XFIutDXN7 z#4AI0Z{$nStC=h{z|*={FSSFVPfTLIL%SwEJGtf6O&Qwb$J|Oigp8&;A#GBHJMI!u zeXpgxd(~|H{+&RZv-_cqK2EQ?X~zM3So+kHDpv_E{DW$pn#PfO<#D^h>WdA5xo0=E z0)ye`3R5F|z&ahfwO}~WT~HddQaiPtu2tk1b6_Rs|1+3$ZI3NhW3ym!?e=S#r9o*I z7Xp(FVZymUj-E%z|H%aqhIqvVBrOCw%-vBO5{rrRd{?gwH&&cFIrlu?Ra~M^JSS6x zYmKOR`Emj?{bWroJ~}uF7;NLIl-9dg`|?mmX(|@i&3UDBV%r3SJ&=}I z2QCdL+x5qWo}D)cnvdnYm-rQ+=4XtigZw%CjzBx z??aeWWMN2*h|SI|RQQ0y5?c?WC^9#Z~Y!vwx_RoY5pf-tMVTTmFz5d1V zdnuImv+fWyqq8Mk0f8z{X^c&23{7>EAS`auhh?xhG${gKi464saXOTz^gnO?*FWr@ z0si4#I5FcpU1(svmNAoT4hPD&GRZuGK1STQj_>v-O2{Em)dQ9|wHZN!0&4a+~6WPl;x*7dN{U(#@so&^Z#J@)i(R}M1 zm;XpIAUG7t&}2Jk!HR`*ZP4Km?cIf{DOqSm@e1v$?yNIYs!v7#XIQ?71@U0zHV;pu zhtuYKEko#XHCx0N8oQ^9#ykb99Nzbd*Y1lHqPqmUS{%vJ(Wv0e@C7QEM5)}A-R&KyIQJ#KSI`Zx! zn5!|nng0=ZxNI@UwFzB_07WNA8sw+Upztdded(3J^U--`Jzg`x*>-Wl$+SAx^X2h#PwC<)&Sk_=&|dGWRvSK- z&*QzHl*0FWrWw1PIgF#yM@PMzWU*S(2myXtdl0W5^JW)e)|VtZF4V zU~eakkMB#Q4T=BB6ir&24^fblqotv_1*!)k)`rqYK}B}|tD~upMvc|o(=7O@KM7uG z696L)J&n~l9@6}-!uf<9pj(%|2guK|-(JonK$ZrM``WUr{MTef^>QEZmtEeXR8T`i z2|2^|T26-Ev~SOc>EKx9E)B|^y3I%%iTd4LSG#@%Ag!LO9;FX+-7^jJ3LMYiI1;B^ zZmXP_1JJqm60sk;+!`e=U~zXgw;G(GMuIS}}oLUW0D*)rY0u<5mldre6;SH&Ea5^#4iy`E>qm5K?E zT5?2Sy?F=i&x?`&i3*jfK6n5#WX<5D24!TEY&;I8{3Gie4Vrk*!I`OahHb@KusG(R zQ5+^NZqLb5P#mZ%$Ha_4@>H$$d2?ib5`KtA_>IcERO~j`Ov`S+pYaes^@>Y&&B&@P zZVqT$(smnlJxsEzCg$xtpy$sO zAWH5<9W1iT`C6#UH_x|*-+Q$-P#*rsb35*h`Ms5^Y;`*GH8#Do@AoOreTw2YtnJ$1 zMRpT%HJT@6uETB${A>^&%#le)_-wgINYd&>lz0>q>+`POgTkL3JJisF((Q)8Z5H`j z`%o$OrLHrrUR4MBhe1*Ir~)X;2P9rQ5nKHj{X?QsX4rmtU+co7+pqaXQu4)zEh;+v zBP0$?#RD90l1yM!B_Jb<1Wmk(4B$R1pUk>M6LE1_(di`7OCW|wAz&7=(V75#G#&kJ z)jG$Hxps?)1FEJ6U-xguIooY|DAIl*tO&hc4Ud6bTpNt{|BR$}`7wc|l~VvYdEZ8W z(|cbk&*^H&ZF7-REIeh_laB-zwNIQ>k~=is^UY}*L%U=OV~WF6T6P-OqA!swvs5&a zK_o7K$G?9Cg(j)H^w{^niYhG61S8|?kK#y0Ec20C}xzHkA{{VzWor!HWu+Ql9 zEVuF0;R{j_dc8Go>p>Zo%HAEs-GvxDU9Ws#VPr?8OpddwI zid2-WDV-a6;iCaRjkNtYk_182?pFe2;-he(|8;A;{*L|{t&w9GoG;wtCArug_2-q* za?UNWwaQEUuok~@VdUk`qrn1Y*+$Y1^FLiTUhB4-qcV@$uP$EMyZ-E|SG|HMU9%oRvSM&F=m&2!^*%^TYM{4v zLZLoQs;QB549e!?>(pjF$o{oSHFcdJtfk6p4EL#B{;&CdAa5bsT0Px+hePvz$Qrwh zO&t<4_BlEJ*TYBk+`pcTHw#pBbu{k!1m|ystEj;fqB^i)8Jg1PVyT+2CKHT#bznOO zt|`VoLD_aKPe6*wLx!&-(vuRH#wmN<-KP_02Oqz+iEZkXguY@oq~mo*w&`4~MZ+>6 z8_Exd$=ZC(qTj>iD~+-Mu(~01-X)h>B0=HVXj1E6~ovE8W7Dz zqR8r4@INKNpPFYNALb>NdI`*^D!|WSw&tD`8rtv0e5|`Y#1=uo-m+Xi&eAW~`6Epx zdis0C`*eS7Ewjf<>=4uBkpO)^7c4h#wDJp%&1g`*Pvw5|O1K&Fp8e2N+w@~ZTdK~G zB1TI(%Bnd__z%fj@Jy~l5#t@v%69v8R1~G~vacQl#Jr?hs~=hb6YJeuNr82Bs@`Mg zsh@*Yc@6b8u0WY~Xh$d5i)N;gSham;^4k$zOVVna1usd{9|CSZ%I|uaprvBnYdPYL!UuY>2ReKukDIZWfASL@iSZ8x`z^5W^0g?V~Uw>ye$ zehr?RN{m7~j%7wquN-)>*Hpr}@iFK^4(cm~E<=^zl=1~QVv;nqKYO1sj8$PNM}%}w z-^Q;A^T0*}NlQg46BWc27|)2&2tRS4d@VO~Iq3C^1J%#j#AZ)P`r`45ZlbPw#G70( zg`cYi+UmJQ;MBIh%E5g-x^tFzQfub?U=xlbAae;7px^29DE*eaK^=Bglnbra;4&#C zHDp#S5gXgSJNq0H9cnrFpz{vAsm zL9jfw1Wj#QV`K~>jl7dNp10HfGu41#m}sSuQhHD6?B-Y6JY=MnsxMh6v$(sim?E?$1@>tt<;i>sCuLYW z(Q9se1V_x8+eZ9X`n{nMji=NZc$`Uiyg$hvU{13j)aR*R{Ji||ysW!g^^%u}wNC!W zuO7&uA9G(f&syG7S-IOXo4vZOUC!t)5pT?%wh|<=65TTF5fmj#tvfGlEOgty)pB6q z`#FO!Hbv>)`)N}OvM`BC#EZF8IOb==FJfkvkFhP{jH4Eu6)|Enjm z-P@ZYB{;f2bc>-uzSBV9ndLo)F51k55t;1@E8pHj%E;e}_c!(ic`zVIFTR$!$adgj z95yiuNPZ{aK%ul)x-VJK>E7N&x#%74J>|MYE38xIF3&F>xsrU#U$Za$;8{s%aeSa= zKoZHcgWr7_Tb1r)IC5V=b8vO4tTXoFG0{*KZs#FCEig^)pPeb(j=4W__NS0=BjJGO z^_*)-3|<#!P&Xugjc66D-Ds000b?y@B(eFi$nRE6iuakLnB0cN;sW3HifP~mgk;a5 zPU7qo^N(8c4a+3mGcL<3(

    Ca5F$kg?&u`bYMrO4@tVd8s38KN3l9cMxc zR908fVi^Ka@S~-cln#TYQpmooU4n#48z^Y(F-t~JIyhwNz+g`?zS`pZmI=@whEhr? zQ}PWhhg~T@E#1(76$d_-j9;r}F&nzK>$1*|>!^vr<0~c%YlgS-5Doa4wjBCyJ;BGG zOysfq_U<@7v)a^~<*64YKKC?Q?mfk~4P6w>m3@BzeJ{@h&E_T8lM*m*sK6x#=3Mfk zlnJB*5J2G4p2Do??Hy!G@UX4diYFG^;YdNTRZpFTK5sj}jIV(2Xj?xMIa5_({I%qx zwFuTiLA-pF^Nyu(!B6|TYm8aWFbZChSmQIz7>{U?$=5cLHtt~6#@QR>)r%LLej5I< zahoyIV#y4dVfbeLr;mg8pu%?__l|!zU4RSmr2RSG*itpQefz{-1- zdcbqI5*p0r8c1n}V;e|f)8CfhV@@tcHT;Q#JgoNg1>JSTC^9LUgvt>M&9P6-kNdb{ zP4d4gp5JD46FW6iFa%Mn2+2LLy(^05o%)YO-OL86gJRAWf|wvOyCxl^^~6^^kFQEyd)~ZJNd}Ia|vTVnXmMB#rm{9 z5&CH>{LE!?8I>8X)Evu88QQ3sOU|BV+3`}_&`XBY0mUX{#CmeU#diC=o6KhnpJvZ+ zA#&Sg{pBa!FmzlNoiANpi*>)nH)ZO_@lE)_)Z&vc6J>#n9tkh$LFa zPPNCb+eWqAliZ4T3rScL9Kn5iJIk8^v@36ckF4pA>Q;c`~JYgUW=CER{ z7Sm&BPDaB8Blt(W04JV}W-FaCVhT#|Eia6F*Ey+Za`^Y(S02w?LU1jE*!=iua+b~@ z({k74EjCX=>*`_UX2>2{G_ImI2ND;VX27dN4vHh53pQ@Hh`yP#4@kalZXoZn9Z`^c zVj9^!^+5L?7cx5pml9GSZ+Qd!Px@c{51tYf$*2fVnblwds8s|8REhfx#)5(m`g2Jun&!fqM)k zJP{L6aTXV|v5Qzpt9FK*qfp>EMtqcVG z2^&M8McIl$0{|@`>~Ok!s8YRT*fGvw!nKol^9JPO`{y1!4wi zqG)kt!~b{N3Xt-g0;4{bPGg*dUtyV}rWmQ*T0VMheQ71t@Pjh>H6b|Lv zJ<$wNHVBO0={g=49btMvZ!i*MlKwR`bVV0n0cQlVHs^3rPP8#8X-+AIvn#MYd1hom z)%O^BKu+3kaTq?cDg{{I!a2-G@$NVPf?KIJf6U+L(^=9{h9Ey4uCX(@04W{G#W+av zw8(F6uB>a8;WEoV@(SS~=664!OQLYt8htB$3m_J*3oxT+furlPHi95SFg)L1CKpEN!5F>(vBvwJWNL!0SNT;yN9s&;6GsE#meuD$GJRoHw9eUW) zF#b89-sV@@>(W8NE2$9tp?hBEOGssgvG(Cr-0ob8iXREdm zZ(x<<`Z5eUHKnh(7mz1Ba*{+ zJ8?P5vX5`Ab8Nakj$*z!#F+3{OExM}uP|^t1WIx%aUAA`O+HwY+mqQC_+9=0IGqC^ z!d%I_^NqTfhBrw(hvC;$F=x{D=bO!u+$c_Z2+NQ}I-N9Ui|2PPrJ@I9lD0cdKud_-a`IKqzU@p0 zfzEdH)O*!8v1~f55LyRGWR>c*p-95W01~IK!AZfRRcjyVgT*Ta2^&o~gBC!@&X6Rf zHDGg|eD06u23R0%0k*@9l(y7vYXdwSNkzmKu2Y@#fD1i5IrKa`{}}NhPURreMxK1n&hB-MCi0y zgp`oOu$bSy^G>e&_=4>gMke*BKEM0+Q$mhqkD9%T+{1o4@?K)LMvArRU!8ikGC5eK zwi}9s*FRrfm@i4xR|Ej3-f?)ay_n_4Hgh3n0_udR?CserQyfRZOT~04%r0HPvO4LGrTv`7A)QI~OEUQvfVx@>-ZI zlvw6T*18ueSp;BE=P@EP$Mm%TSCq@? zdt0vW_wJfOCCT19Y5Ky#)bX??195vA;yk>aWS70gf|&M}S*Y6@v{=b!emiK!L@;Zk z@%B)uMFGN)3VGXrZE zBlw8f$FJtrCueigO=WyCH9J*KhFC`3d*-|^dOIqiY2p35x3HV@CF~sj^y3mcvfMP^ zvZ!#8o?RZ;OLXcU;<{P-Wcm(zYx*O4U%)%-Gj&(;f#ij#8m8S0fSHq?1$3ZfKPI5S zs|E|{9&m|Lt&80|BTz(6qt>sx|5f?b8W%4+<@&AM}j2RW(72f*$eN|DWf`W=FRYRZ)gu*w-EZ)jr+ zF9NQj?M$Q32lm5kkC62{+(aBl!kI`|ZTN{JV1d)%+REZ;>mx}Lg%91;C1WZS%exw65B zie~kW0IOP*@%^k;%DQKs8|RVMhP|aV52BUqaB$AEx9sep{jRJ~kv5Cmj7MV9c%x5} z$AUQf)gS3Yu_le|%NB=~VOLb?KbwEFv<%3f($ZCK&3iPR_DPKmnv;9H$1=6eKeq6I zzt2;6Cz#0bZa4MN*z0N}V^AoHNtSm=%hfO>cG#}#x!QB5FK>unPO1q}5Jd;c39{C` zpM3j;d&5vcad`KKwk?7%r*02hpfUHDgjaL5{)LiBO_@LwZ?CUjo0hW4`=rR>Du=d8tSe7=o9-PF8ZK zP`lE`zI8cnFUvY>NnkeWd^E@dJk`UcGFA2VkHDpxbz4>Tvz&xzz(qfjo|gVboDrzV z+3#xBYV?2Mg5ko(z+Kg3{j8oxJ!g@UWDGzo&mout9lwX=ETG2fKd=#xpCwqgwYIoA zmX)}r{TljqdA#K42sUJR;mb_M2gd~ZnRT-_YIg%MVJz!t0MOAVQSHzs!5-sU zKI^7OdpufGs<>8;iD5*xkZdwWC~@z-QKaaNvH{*+HDgC0{FGCFWnyvt5};oZkK1Ke z0nu$y5+v3pHC6aUzn--=>joh8S+_GS>yNm6gZKF6+n)0&&d3r z!(|k&RxV7Ek@&9*2(1Ey)DKt~1+1EWtI7Lo{&|;BX-OxrTP6<)zojKQmxgzw)g+A_1@uZy#e328WlSt_DT>m?>|zUZ zE}2=%_5xB4t?J*iIG{)Noq`0OfK?^47~*NaFpI&mN2pOO+o|2L?~kLU&nB)t+w8#e zrauN`sw^EH4yR9i99Ee2qgP*CPn9H`uz0~f4XM70B0OkmcsKQ>v}M)hg#c%hjEdjq z^z9!V@qe}S9Uexm)>@?I9)zN3+|V_O7sU*7vICfEIL&gWS;=$ml(KmAFsH`$>M z1#=P0<}$!iWz?7!h0fFJV-ny=1d->{G(&&}J18Hu6%DQqgr$cGHm;h&5RDzhwg90& zhBCuJ0s}g2mmfhKvKBW001zsKh&XvjQBdF$SW@~oCp2vFYtY9n1G))xhfijQVJsvA zlE&V9$q&pkXnGLuG1gyPG++B+Ipt9Va~qh2Ucac`MDK%{oTOQg8Y17s`KOYvaPEo~Xtodm|A#8K!;tEzBoXZiPb8T&k6M>*!Z zd7?ElSK0Op9LKcs<4P80+$25E%ggzG5^Ypw$FC zB*2&9b!;kJwlh3!4;BVy2hnI#nSI)~@%bJ@IQS}ULi|*IxU<|Mrw?6%xU#-TzK^*6 z4%gx!3N#pz&L#`QbVf*SC&ST()SIzh>L~cXeZ`>h5ZHosCiH(xSsBqp_fexE&cc);M%!q1xyVm^tTl$0`Yt{P^)c-`DCZ#2BAI@!`wYFUpS?C{^M zEN{94ySc1TAr)T8^Ses>(BgdQQ4cIVG-wt%CPWD4c0E{s(|jK(^z6L9WktZvqJlrb z{LqZUXHxcNMB)esuCZ4;Z4+w~C{x84*R>j}4jw~5S?k;X9zy^^`$QszP%-xkz+CSi zlH&XouqI#IyDcC8@ag4rvpbH_iL&!4da$W_rse6=PU$fCu-L~80K3fwnmD|sFI~?9 zWTq2n!((4f4YHbLg=u@!rxFYQ?u(pCN9P5v95@IA zQ71RIgqT&8&mS~LuGkdqGprI&y^e^b{5>NcZ(~RxR9MDD%!&3KcZK7En9ywXFy1Nl zqL3wSJt(p_-gh=XiH2H;o^IBDNnt$qyw^Aj0;095(f>2-CT;ej91 zD0cL2Y}211fBkUM;fI}izePj0_GmKN6|Rile)8OMP~YG=uHoT48UP#^>$@3wFAH8T zm>bj}q<}vc#V$0u-4K+s=~h#;T@MW~Y!8@@{P)r}_<^t-btpZD)a5wxLIrPqOg$$kk5|`5FZOBl4Yw6e9rAGpkHpsoz5M34gvjC0Uwk`ZAMk;8`|pt)WSaNHJ7nkSM2eK_UYRa~NGW$VNELafq1g^U74+^P#5pyU2~UE|+|pIfQu+r)un+ z6^OT_t0kT|4K~Xq-L#z*zch34XQRDuLcAQ(=1SF-xFi|reRvqyr<<}VCf8?%?<2Jp z`;oRZMf&B0W1$9rKp&%&qcF%B&FLLKz|>1MFX7PEDtrYj_U#TMI9NY9gVV#2bVyA% z$2bV|Y4f9FaXYpE@HiOoWE z<8)}|qLlF_hGP=+W||+WUL>f&{+--U)R%zVLt&iJrET#YT?G#H!~7yFHikrCyfb@S z)KC5$Kdn7peYN;GZ=?BC?b{oZ=y+j#nRcJqu$dVY6|!1ZQ|sTA;$b z$jtWc)uno`4SmQmhL8lb&wspuBSc-`5E`5S;*C!LgYeZdBcnXO?}nd_{@y-2Iy>TD zHUe&VA^6kHosiMUuRcxt2|vyLM$(4IzP(P1D!IW-R~mP(5E8hGA!FK14}f^{WTRPS zX718r$R0bV2$TD2%l$()L!arC{cF86DTw|j&D+JjwYRR**=R#sf{#*b2e?c{!aWqi z<3Sn%Fa>0JTUp#$`wN?fd+T8ov_q%{kBPu#W<>(O_{;_CZM!s>ls1W|5oelYc@azv zja2QNyQLAfFCiVhM*ZV?jJJJOwYeBBgRKg4th5mokfKB}*vseFk)axW;XM~`BT$jdecPGzA!~B0%OE3S7myVs|qZg}F-yNGtD$gng-6^pfdO^=Y zYoEe5R(LhAUif0sK(L;`+oo5HPflO^-zNGX|E+L*VgTHbZz?RZ@T$*m1}$U8`iUIe z2*t)|r;`#}`3H@BU$!kmHjjQv%09l2!lW`kF7`0-KwS#_Mb7*87!P@CC4t~0zgxzq zx_;`bIC7`Kc5H!5&oCxDp77G)jd3-fY!!u@Q26XcKu9l{xNydKXq24S{1R2; zlEe7XWd8FI&hX3gvZcztVViVD;vt46st1BKGOz1IZTK26|g>_`@dQMv_JHxK4RoFhF0Cx zKGPDaK=_A^_kiMal`8NksslLOfcGFB#Jtw?D0~id!LF0=_kMjE% zV%M|#Oww_w>wLe&x!SrCT7{`XZDAAYdvSa|+FC(ef__@6PZefOuhIT!cU$!`R8C89 z2yO73B9HJ7Pd7jKtr;G$?ArYF66cSAH&;}CyK+81SjzZQw)*mfbf|Qu?)pm76O2>y z`VR8;3)fXygji>At66lb?^Q6Edy+&xEJ)7bUA_n5BUE4EgjWUeSe=lF{o8MLANA;^ zXQ=~du-C`OKY%O!h~V0c+!be7S8r@J^%<&h1_7kZHTAxav0_}0B?et*ALnF{-&TGA z?y=_r=+1K_pW18<%F3}n%X=UB;ICz;0It-gUi@IK^Y`b)rHr%4=y4TNo9+Iu`E^r; zS-(WP&~(Paqi3meWgKZA*SVo1;i<>)HZeAD*ZUa)mNNoNE%#sk`+GC!?kTXM3bOu@ zjO{AfVt!klW!@4H6k>I7gIY{n5M20n@6{r6tBY^cgO@h12Tn{B=UAz{{m1F(ogU^$ z9Y1@&J-6@jXXT6EVPt-DjgRr|wM{3Qzot?nUF$8!XUkd@nLC2ZKOWSj5_Goy^;_d} z1S5v6i|fIYslGmimy#|_+->6mrE%OC_2;TK|3XX9IVF{Fy?uUW+%B5vKo4yJ8TS ztB@OjiZdy3r*k*4*D5XAm&4MB;UM(0sN3Hpi(ftYmM=(SR%LwlSt|^C*G*}Lw4i?lL6Up9o%N6UCKhB-A)9&23&|rcr0%nAW!G9hp}$^p_3pKM6Vvo< z-vF@oaCPI|VvkbY;x_thX$jC0oI4Q=08Jr@gnJVhe$G$C1Mu_Ji$5jaowOOlgd0N`e|<4;e){EGfV$=St%G+ii(R9|5r6U$auS3@(Z%dq z8mu$NG;|=;?`uJiymyrpI*x}3%Yd!E*)6JplkS{JlVXhKJ73M+q4&#q$h5E#d7Aa| z&9~=Z?vbCOPY6Cq`AH@`pOONT=Cnw}2mJQsH-to3y^^0YAIv?{$h@m#1ETqOA&{9@ z3Xmn$kz%{DMZM*<(Lz%)-d9Cdc6RDarDzGUCn)dGuD3&(&Q?>`I)3UAB!ryYN8d^B zyHnn9O?qNRl64;yv2M6$IqIs%8;8`jx4CRp^-IW%l}@rCUb-JBe|m6uH%UcTUGa)w znlA0ur7O}(fl02q59EkVtUA{jFr6U8^#{tb^>X`7dJN0YK=3N>)W(N+Wkf-jzQMJT z*RKJy3BXGx!2icw z)%|NYq7?YiwSbjIk)XJKgdlaaCaAy&YekStf|P{NO&T5i&`vF4eX4JeAKIaw#J6Tb z^x{~K==gKqBnZZc8LK+2M-#w>R&pN_n|e%O28z@AG)jI2MXl1;e~eVa`$XdMeR>yG zG?Xq~uU`5*LVA>3&$?%?d7`O(mn}x~*PRZ;zsX6sNTdBWcatrQ57&6E(eNY2`*g-# z6y23ovToc1n6bdWa-4Y#04y3fw05rK8~KducKY|^R{-FE(ivVi`Oj?@P5c5l(a!zF zvKpYSUz%Ki1Si%{_vb}=dPqxSyVeX+PrF*EC~gCyV-JF`I?JF(gkMoAHvrmFe|ii+ z-rWX%yc2Us{>U3^^jdsNg9WQABJW}@+c;HsI&0xufeyh&>S!?GTm*XUD@OE%JUkMG z`~-BSJ(!?jI1y4-2-iT1yrMQ(0~Pcu9%lI3hAd`FDrn;fclUf%(*`aay{K+}Uaan@ zX?34qP<6>w@g0yXD6|A`U%co{lP44+Fxi692GZN>PfLSK7c`%m+Oz-yK7AMI6gDsU zdt>^0r_&*qPu>A|kmR&Z>_w)h^7LURPm#zs+KHO4)AE{P%Banf0Jw3+U=Wh6Za~pz zp!xP~=zidYhG;uDK95fr+HocJu)1Y^rOJ502@Z#yJ%VMuKG||aX`p)U#p^_!^)0R6 zqPn7d?W>$yy|lx*Hc?-mgLfJ~cZ&jUhdd0+%*I8;s!p!LEgd`eon8rZ3nfb$MD^_y zH-(b(!N$4E(Y9)7$s6pv-9!HLSsnBh27-N}EF-WS#*&D3bB3X1Ak%L4sItj8SkhpV z%d0gGo^VW-l;*7YppEzVis;ifz>?OQ|DRPXL4)UZV;S8V=bYR#fbujc&mC2ZG*4>O@l(>j*kA2nItLR+_PWk2Me4IF-GHf% zX{phzmoxQpxf-&a0C6QLm-pQxVGc7i%*YI!JXE_kabx{iKjKgrW`%rVXliOv+IPw3 z3}aI>=Lk15qd|de5ICBX*!QNpk-gw;p=p{%yfoOaqY=}O={DHbmxd(q`OW_X0PZfk zo**1mFD(ajrChC-i8|Bt4YGHNssz>#O=)Znh*sF&p>ond(|Yvs8!80L3iLv$<9)L} z$2RT#E-z}{IIg+p+((qn)vEd}MM_@CKE81^XsP1$tNBs!zhMf#bJ`R4YoC2qJ4p-R zcV*fh+DS+Y9tTk|zHa1&-~}`X_)I&J!W2K!9L{ieeT)4PiyG(2~BnK6Pj+^`ObVG=!tkfgJ_CYHMgp0A6S*!lg^YKwIfH zEuW4cBJ)2TC}9FSQ4{)cl0uyC93JRrH)JEx>d+%@JnF3ZKIj(4VzBv-AsUTx&Ea#_ z2zQ;)J)FO87*Ee`oA4kB)URadiXp`{*CgGIROF0q&>WH(=A3$NYL7W?aEzYy?*(%& zPqypHBv$y^i5wP7>#eGDut3caxS7=J?GsWp`gGMHD=Tq-8LKLIS7{#$({o%IBorrU zfqO4!>cmkhxfs{@XWC{drBrRS#XB?Q>D)o~W8pAMxjO?saX4V}NDiy`o@Eo`gV1g- z=O4UYp+jwbNc!-`=g?oHMq_VEYfh7&(-pj}<3$I` zhDj5-Ih|frk^NEMz;7bp#mitoJc1JN4$Oh$e9wh1idk_hrogx9ACnaX$|terOxs6m z$muOwpd2JQb`|hHun;a2SO``K>ao5IReC-{R6l<}u?P{nqC|~Q`Se5~$W6o9E-^sI zfG%R^NZ~J074IpjBIf@ zddq5+`mY#@j-I`YE2vg~yM4O@EBsebXCEk_4xo;Lq?=weNEW~)g5b2`806OTq*!>$ zo9Rf`s__f9gD{SW_7qCrC=HbLra>RTY>GxL_07<+t^(#rX`*<{lg`VhwZ4)UoW|(~HK?u^6wOS@!kd0C1OK>uR|9TxBl}GLbxcXbGd!-P( zN3T3dbPQLZrU!q$pHtvE9+_dxBa}xNQGKFC*#pt%GV74M=B)bK5u*TYxJcTSJj;ilJ^qr0=vt#jb9p|jgp%= zqiMa0E&Mp*f7}b~5bmSB4RttkJcElN8`^GJT``OC8#rXBf~N_}(npK{Ul1EU;?gyQ zO5;#Ew_Gq0M-z{4Q8xzZP%JcZAOSn z?mmWCR^@$u{$7s7$2|tjB%tz@RedlkiiQT!dh?b2pc!SQl}hYR-z9|FBq+2%{b~}I zm5goe`^+6l?6)wnBFL@Y39?fseU*pd?)%KTTQ+2ox$5{;4mUHHWG~+wr&p^dJraev zF5D;Y38n;8l~(uusqurLsRWDQz^7Gjf9F5gl`8WhgX<~)gOuNeX#V?cT2^nw){e4z z8-X~Q82f|JP8j1E6l-+e^?@2ETcq<-_KSjSk3}7yX1ps+C%h?hcgti%eTnlXfQ?;xG1C0 z$}=4F2r$aTy=8*jaP3jz7_4%X(Lg6q&&ELefHS92gLoie*jgCh{;l2VzK>R(&iVkS z?Xb^{m?=O=j(w$=_Nf5}Y@W9z5P*|p9^;%4Pi5^?Ksm3!>~`gd!)4|=L%;e0+nW2M zf8+yn^?T}7=5h5xns+B;SK+mQUWzv|3(VCkwa-X&Q(Tu0if@`KnzEcu%_ou)#{7~5 zUWg{nbMsR3=gH*2!m&0m;V=QO)+)Md4i?>63n>gvxq#oD(J=7FbKv$4{Q1RyV8w(D zxONwKCM zQaiH4X1kqMu+g6l`J(aqY)d92S#zz0>=?cEud@Mp1Wm7nqNFZLUIhzCU=fPbW`r;< zf6^)Kj{>p}+-TZRL;2~Gs5mon2JEJ)hJXkHC&HYsr2(_!Lzeqg@Z5wGTwJ3m`=bNt zl~0lHu@846s(9N~5Qf1u$4>*st=H|<-SjZ?TfVW{U~f)m18SLf6$r+T=Q`Qpy`tg8 z{GZyjB*8wN{QdXU^{*bQNDQd<3Skr98q;0$FAV8D-cq23G2>LlEe1mAhq#wLcHh6v zNR+e0Dv=M|qj%v7`YCwzBo2T0x8T^Fcr_hhVKt=pd7S#V* z66rpdN|WLqg7iMJ7)rL(GI-_jM0FFsjkd5JyW5G8;wQ@;v zPly-galptj>!3v5*>N&3ka;oG`~3?QCP{^o{Z_B7{wpz zCL(R)#=5>m#WTKn?P&a1`tPKC<@vVpo==0#JfIQ zy!++9>)s}P&^LJf$$IrZ^juT8Jl1>joJFj)=cQ~qcQ;HCJYJ{wpTDi=le%#SVT6)A zZ5m;Lpy(x?pkZ~6n22>f_AdZbQqd%8a|N}D-zpz+R`OoD%sJkbrn7ne-T3ASLPDXA zKr$Nb^SZ=O60s2g>uN$ph0dS>&xENEz#1`}}F!&2G^VNF|%n+XwdEIdq+ zH4I|?vwWIVeipGH{ZpwcJ14VT&|SQ+&GlmgV1w5&Yx*%%kB8WE2!`)w8HLsV9lw>M zSc@nqcLmJEqs;*xoP+qTB66}eV#Kr%@W8%EH5~;K-S&w$t_B`}9_>23qI^ZH(B>>Zb#_GMxzZ9hTdE(m_COxn$9WCbm)38z6JS z401=*^{4!Az>gT(u76!yOLO*>dAYHL52*8di56`R89}6!^eg0kW-BKR9CUe=b+2P$CsY~^8tMbcH2TuYXwZc6MvkaaJ zE?vZQV{g$J@DKP2ti6FG?)~}RBD0v+TkX z_W)oRUP)eXiySpH1o`V7C~I1Fw1+M*qSh({Y1^c)$elT?7L!ON#&kdF6Lf)XPooLfRk{<$0 zZqD95I$SO?0(QszORk_(z#%$iTx4RH#A@QKbfjAqwjNy!_HP5w`RW#2{<$OXwvOnX z$mYd6K*mI!s47rtVwgMRx~f}QjBANYTUH5L+r@v@tSi_Fd&CeYPqT<$j`q<1+T9%M ztUt(H9Zjm6|75#t1J%=PAyyFM@a1qWRl4oLYw`gr7CCZpVekcErCHckD)*97EI7>y-GHixtZw~6Of3Uty*`zP|rbM4f}sagM9pnnFx`L zEm^f2)Rm-#bAEo?RX8II23_J0#(RijV}fNRuT}xtx=VV!y+xF5*tCwhzLxBL*b_&v zz?qWsDc&>dP=)&|?mC#MUuhctlp>B(^|5w3_gP3(t^=I&L zyP#Zu>-60&(Hs%wgDEesecgJWHJp5~Dy|vFXZzYS&nP8cRzJZa@Oo0^P-=`$9H)4y zBnxV5ZgS+#$b!>ys6D-tA(xq^rj$T%6_2=(xUTrK)(^qlqXN^PSs;Y1?K|S)5o_YI z97o;qU}g?=!o}LHZOU7KQI>ZCpiBPLuGLCgR@*i?`d+GJ=Q0hdtuZ(2FjklCAhvUz z(B#wL;|t?)By*g|`YIr3Zb_sm>dMkK3F}EU%|1?MyL4^Rv21g`IHGHo;?+hNMH7dW+LLjLa0oqg1F=SdfubAHg)TrT$Wed>+=Mw5h5{k@!*ps8Mz2 z^WOZl(O5C2A&B)-c5&6MH-j&;kv+DZ3G71%dd}&Zi=!-UWRvnAIjXuyd`{<8qov(6GotgzEy}j5OVM&B zrUxBvFG|AgF()>)uF0MGq{O(9c%<{l#c9Ae{?luPyj}w*#s`V?w`3IE5c1Ip>Gu1e zqVdcXAGw%)bBfF0N}n!dRjH`%=Mk{a^Ew=<#U{d?C2Z<_=s4l^ILJ>Lu#W6wEzb}= zP94Kt`=7k`P)<}Ct^BPnzlERVrcqJGQ3Bhm#M4m@{|mPZgIJ$9^v2528qn2hsSP{< zCQEja#D$ZUc`has@_fWDPtvs^5d3AHVCzuF3|-ceP2r6tUcUvUjvrvaWmd?h!mBbt zMa%pkj(WSJRc9aV=Ge9^zGLj_Ez+4jtZ%UNmUp{G4+TdwwveUCpxWncn-YoCsfz>hY+T7E{OEj4A>HJalJ9fRVXKAac)*2r$ zfJ%OIVMd$zSeLv*QnX^*b7`if25xcy#z^IxNZmBH)%Z*C@`@wB#KN$}R z^uZv3o#Ncmr6GDl<{|ng!fWfLzc$lcvbzwvb#F@f&`|7<=~{4G2*=m#JN|TC_#5Kq$n6xI+*6e_bxs4iTTGxlV;~M&N$9d_!fX6oAxjlLw=GqMimNW#@WZO zff6pafsx}FedZI_>uFm+euIB_r%mS_=G8^O^8XaVV32CX^2Y<7critCUANW6)CW$9 zZ15Z(tFrzaFLuXko=3Xu6icFxXVbYh8k}{Lv~_qwj0AK3bZcd4F9;nI>I_Zz%XxVC z7)YAHK6sxUz>Fx`=QI>wNRj8hozsxoafg>0C$G$iLJxX&lauv%Tm8QrQCNX*>T6-v zBSr=ZWNYoW`7Z@p-KqQrz72)VyiF4iKC6Z6EAI-X<>pKYiXdz=uUijcj(i{KKGP{+ z+TMyQ-Wr^!yXje7GQVl;rk2poHbsbvsnHdj?uXR%17wK`xiyNcLardkb`n2S({Nnm;J5dCs8)=OP5?&cFW*~^tUY`~ z3|tMw-Dtg3B)6DY#DH}SD?j@-^cu{vx*-Gixk$Wh-Qs3kisS*NfA z_(Kc{>g#6idLQXd#+7PUjDFPom`-i{QX+R!U6@to2;sO(pr7Wa|9rJYxm81m z-5y!9MB#1T3n@$Dlz9jDS^HHJwNo1pj&EW%i`R+sz}!_V)ry4Mg9Ye!m^j(P+qbz- z_mEU;gXlo_Oisy`5d>Vp@_I}z4| zxGD<@y0~9!KWvf&8LIFOlosfvesUA(j+Hf?EB(U82#e9o7}Zmr>fz~RR;RD54&RLp zbk2e>fr?2Yio)Ddk2Ce>8TO1`N+JPy+`Ug*zGVW_@frK&8G>cm`_C?qtOO=(r>g9( z5%*Yybf2{8h~UfOf>;|hzJ3+aKI}n-JVa__p1*RdH9Ul8LXl(PkSedP%%~c zF{ntZ8|Qvhsbg?M#EcUD0pI&nyR9`dR(l{PFY}T=gL98=VSm&r*h>qr_RZcs(ivgVc zT?L8B@kT>A8fvC{!Qew<7NgbZ%^63yLaU0Yv}L7hc^pkg5NFCoGXPy;czik^QJhG0 z&rvG{IqI}Gcew&7lc6FyIGv{0UZJj zD%upS_BAV(qVoPV*$+M6r5;LB=ZHgTdO2DYT0LuEhqOJ`u9Z2Qr4BG>@l7xX^xs{7 z3IuxS8CmYbI%}<|Uj@lzap+@H#VUb7&Rv~eYg@?!+h4_2z=p7igr{3(8d;8<+z#QV z3F0?aAOBx1fOP3`cHGp1AUVZXK=N!e-{XOkJ{V%a9e}hPF|`d-ZRKKjbAM|h*Jc=bYo-MSpdLs&Fnb}J<&+QH{S2GU2~>CYm!^8^>Cei32D z_(R=*F2}fS68o}N@Kua)h&nmC^IHrhAoFztU#ybFE{C+0ekmOn$iDiuCZZ-{e!Q=R z-bm$4Ywqh6mwAR9GT`aIU!`94X(nEik=sIu)x8zjoz=~`mV<|k+g3^5LlsZoLtS8T z_^p>bzO{-DI+_vNX?$1nTFy9$=HyOmFLi38gHQnq6NLWx1=)o*>p1Z=+lpYsi@x)Y zWWJpIWup@hu`S8_-ntV~Br}ocfZYT>=eQ?`omaWlp@xrxUH^U0=SxU6RCMr`Hz>Be z-{Sk&G6<4-i)SbK6HWJr(5!TQvZEaMg}@GU`}xM*Zr*w_dl0*vnVIdvTAQm7up*2Z zP1fw`7^uFcy!aF~tB|T7#Txh)3zlDl#{#Ph<-mjR%P6PBq^`sQCTNfVHn4R|=C+JZ zvNmQhJ}xHhJL|Hlb2fk`MAR|pg}3Y9FfjMD<2fVhm7J-8ja9W=w-2zN)pqx9dBSV;7W>T}KJn6=e)OCn z^6;<1@97;s_wREA3wez5U(r}XF_~;7T@;cLA`s#oavJb|+Cp(K#U9>A8ZAVE6}c@Xy;=4*2Kx-Un)hKZ zrighc-s6N z8pA6AfY4+U(p8X@gQ&JytF4>Yr{=ad#tI*##pCTR54>%cL*T@06HLP<|3-^wRC6h~ zrp-|FePH%$|2TE?*Q88oX6qGc}=eQUpQcdxk^zU2(i&nFC z49Q|ur7ojD6unN#r`p1&lS$M?ZsI0sAK(0}{3sZ{*mV(YF`)^)pju8Mr7u^AEO3PR zuI#jizv5lodh1+NM&CmDSj^li@KwFX*N^5AKQ73h2C(!s;2F&*MZuKx^qh%>@|Ph` zU;qwl2*lVsl~T+_3w`949CxAjkP{L571+`I-dn0a%i(};(T;&$ez`lh4y%e;Y9Qye z=Ya!yFmGg_4p5PCB>fQokci80gfnVbKG6dP_jD$YbRL96C`~{r1;km}V>)_5X;#&M z^-{(W#t>Cy4Hg(@7+3zOu*=zM8i#5m61hAmqVCS8Uu|=IcZHJEMX$2_#<&B0ZM@>e z(xS?aPX}=El$`r0r&wC?aL-_eXdta9ols8A0Aa08={Jwjc@iXd;<7GH8%sStgoqJZ z&nYew`KE~dC_l%us^DhX&eYN0VzI2SW4xTB%QAn``K+|?EnHti`f^3)r3KnaR3#1X z1HM5=c#d>1$6vlJ?=dBQl}Du|d2kF4`b~2JWlR{jy9(r%+lJP;E(Zf62wM@7RpX+C zp47ddjqbS@RXb=*X!iMiNXG$=zbon-F(EU+@juU3p0cI+?gFqx{Rb~bcEl^Mi1x5IY&!1H&0+#NC`EjutM-F zegF4EB^}JHDfq%avwWbhT94=6X1xCD6fc54&ee+ml#<531ylHU(m3Vgn68tzWg<_$ z9{zrOt3IT_bN?lFC^Ni>j~cIIi2uy%+cJ&xu5xmkay$uy%OI;7V~E)2%Fpd%%Xn`h zp^=0acjMK39!JI0a{q=&DNj`?jK#*Ry=nie^2TWeMXzx5zAgi=KW&{Dd-9AWtS1zO zC8jHQzJuvqrdoHp;cSbxJqdI-?-BGcChwS>s72JQ_tkH-7YRx`O<{i#y{3kProO{I zx0)+bJs%NHe!z~hL|@x-HU2EHt^b%tq^cF*fpz+;jS%O{lLuITt4#%EyHlh1oNUQ8 z+aAd)43SlgORWP~l6BZI?c<{dHIkR9oxr`)BoTqlNeL%CLkBK#>9r1k?6^+XBHr3a zkaowaNABacqG^?{H;Pj`MD=w`4jcsgVq&(@XtxP{mMwoKhRasc4t>l1E5mYf=nk$S zKG5fB>4{-csZt`eRQm5P`8=2cko2rC?qB^0=o|sbdh(ECU%44VDnA0YbbLC+hWHZl zvES76@P)5y9c4K)R}O6foV9LO&TS0^IPm2@{8BZzib@{C7Xb;%_aXc&B-7lQs|$GWQ~reKZA*a|datZGzvk z2|szMRrwwWqQ7j~aBUul*6LF~`;cmFJK>_*{wcW?f##$p=FY4nWFxu4MXGfTXPj*x zlbOL-jXtQ`L+tKhk^hypRCBrqG8_58rzsE`LIA%ZWB@h(-&}$JLU|wIuY+sVKE*|Kay+9d!TR~Q57<8@qwgxA{>{qQCl&gZG03e$hm-wn+M$N@Q&-n} zEZ^^+w@1~ko=2BLfM|}V4pu?`pYQ`X9-=?`I_O?j8j%%e^Tzv+t$JS*1f}gE`^`|7 zAB?1I1amXSKj}Pa7YTDc({*PS6=8gBl8f!2)9Vi|N^85L$**QVa>RCiOhc`36td)Z ztmJT4W#%yqY~UK5D%&0a%CVgymW0u{U-uCZiri8d=>TmQS?Db_F9{1%Fu0~%p^u9Z zCHOT1wC;HjEfh$k1rBsCZUF?4R<-81N+AUGB$w*L`j0Qr1SP1VUmosHzV`h%(Mu?S z6!|9Y-q80-GTWXwxfJQ;xC6u$|E**_tT@u$d2DQ<&OhZ&K!5W6r9 z;}N76?B^VhavWwsAQq;-0%kNjern3(K(0KWRoA6w#n&4=Cr7_~;8A zf-Xk*K6^-IlAi%6@DrNSx5~DumVw>mMQs|IgI^(xp+o&qT`Dpc z4Dwr-7FZH-6|y-Cvjr+(WHnw2lF}#$iKXnBMy4WfO{JP8+~VlxbHc{blZeSJj3UuQ172bH z%XQ=W9v_=8MR|g&&)XdVV$_ z3KDc*TAu)cs)w~TqtV6{Y;zQCI8+jd{>pruBg{y1#rejtZ?tf`Esn}dmIJb&Ns;H) zOVbLIPRnj~7gTzrkrx`y$9;=**r#%yL}?_#xOLlG?yR>=2X8L{C<0Lyf*%kZ)oE;a z9sP)-Ymuj66Y8};wO+$E7Zl)hBK{&~XZl3GWCBb}y;*eUK9D&O$V=VJ;KzcBeya5g z=AI@|2&GM~HvE5zygMivBLmr`tS?y?&KWZbIJA@jxEO0onxdPTdePch&dWJJ?4c5} zaW1SS#lxD{zS8I!#Ndh@(G;dI%VeRZ%YA#M_BCl5hNchu1O|;&Y4+I&zgdNKfz&cB z`ftn1Q2Qj7luC!q#U5u0?idjIsXozY@DkKZB8^V=gJkQSM{Yg&$0o;;&jqoL>>qB&CIJFS^m#&Kr9~y){2^T0^){`T1p4}WZUlQw zvjaldBC1r~*xZb+7CE17i%@%IX_r6F* zJHH4AUlQGk4Z9gv)HB-gHFo`0S35fcUwF(Wup$lq)r6|@e9Go5jy)Fo%QDBAK#&$B zTgeJ^_a9&CyFzpGjic_qv$&Y=G%%ri_pT*C0XG3aFw#HEwzP%-7XU>!#&+L-I5(%P zrz{6ykBQ?kg<&Wr19b9Sa+-kXTH{L1-}?;fC@e)7f@M00@E5QoHX32ZVTz3`XhWYS zwDs+rCw89nDbj|r>pE-TI)16@FF{S8BP#Jc?&!~! z9cd``r1-{EmT94HW(W|YQ1DmR&hyu55SYJH}8ce%O+kVp%YSYO`6X{<5Mj9aaStOb|z0(PyU2nTYkF{y7BL4kj=l4hmHG% zbwfX=8}^i@H|#w&ZjeN?R$;A|4GBK96NCd|+-j-M@IN>aY^Uy({yHlrk?EMApiS2S zN~;H}q6x4@0_g>kuK6Mnqr)G`;M}ocku(VOJ~y;WY4?+*D(!I|4dnvHy$!apcFFm} z0-KtOjDl)Y$=vjnUiF;laz&Uk@pz|kKEvOcGg5TBSQF`a!@$7jub1vZ#@%dhi{c1P zX!_W5@>ZwZNmA0rt)tLm{_m`l?o*95tLhQ78PHSXGewj5U)QY*91L!{GoK0{B*kZc2<(cbAeZfs~|eS$IOh6-GtfEIaAXC%n+N& z!*r8-2I?`4a$=umE5JdcUb(mR2pVy$Fj4?ut@TbqzOV?9tI7P5TbiKtCOqs`>k zKcG&^oHnN&fk-s(QI9@%UOac=hZ7}|>$T_{lkzY0Adt5)9mnk%oVt+318hQwSy;K$myT zZV{G>ZLvrt=NB)AXI#AN)~`bG>RoP3hw}ro`mpGZ=`j;9J!p%(#Wpnt^SnW~S_9tC zm*j>bR8lJ#M_v|l-S`p;$Fi`R662dC#qEY_9x_GGfu%8KGsHL+7ODGUO_{(Mo~obq zcbR@{xBp$;E7b-LR4ZnQ#wd=A@!h#&Ft6E&8`YwRh)i%Ig!M8WETlD1@g*2Oh=%g9 zBQ8IH731WE__S|a>4mOCY+TWO-X4U`3 z6yhQiDD+3)!c*iS|Ay&i1t4|Gf{GQ50Y;QFAgdosjw+OAs`7fTrY(PLA;#|Om~eNv z>jaRn24sPzBW7Yhv5MAb20#ujknGJrSP(Wtg;+rV-Qw&Ig!V|>~dxgxS<4 z_f=Yr2hUaAIo)s7Q$^E{=!hH<mzbSFuc zsFS4PbBU)k3lhiAD$4(A?7})p{Mieb3M=`bfL#mr2t?2)tVP9)! zL4--eQrds?TZs5DEj+zT$3TMr1K(*7j4Zkq@SKgyreiQ_$CRu4Dj8+ zuV(-79dU|G-yV6ue%NfHHbv+=BH=%A4_~IPR`9mZ%=g9|NuP;aBl7b5NbO5t$;J9d z#cJPQv6y8_qnK|7Ue_xA95lXmuuOn4lTk5A4~gHFGrP$ChS(vkeCJkwLvVR>C-*6u z)X%wH8PQdPy5Nxy_OSx8v4l*43irN?-|Ng%H4fkI=U9GzXW&(4^#q7J6G?kt6|!@C zq5M&q-M>A$b7U)z?#|w|d#iSZv8GO2Qt^bM3aTF!sU5^$cxbN_C2h=&4`q#-Pzrp% z4dXk)YyK`(g|!XwW7-}I=%#2_a@%30M|<;cb(GybWg&L<%N8In%CGo99r~MGuP+-W zC4if@SHIAIp`B|;_OQMmr?H@fiO{jDr<+}Qb1BJ%5V_5`uE*6S77?C2XZZF&@qqIt zgj>DqOBPe4n;$xe;$y-dmY1IM0vjUUBXq)_4MDR`F@BOJO!oV7`S;#eHpy+rE^se3 zW&T4z4`0!!iDdJtb9*Lu;m5;#=nXNT*@aaagE!c%o0$|ftbGp}kBiZpsg$`7jHe=7 zk)d}pXc>xr#tW)~u@5RNbi(?pw)Tq6;O`#~RdqS*T?3x~?ELxe46X-4Q^@$0^*Om{$$*7uCD^WS^l8)UfUr0Ut%(zGKgX|VjQ-)RsUNy zeD?mjqw;xnog;|Edm-?q^5%Q0#U$Yj{r%D^AomOoOz|Sr=BM_qM3G1@57m#V)JK^S zcFgKWT$Mm(^Sb;`8&BXnq7+NfQd{$#%Z<_+D5;2mZLmEqxR)N%CWNA0fui0%Z|^pQn=5 zk%>|g_pIofy zcYZcRpU|BNUdlYQ!98+!id6SJ5oD2kA z_ouLnod>ejM1Fa3lT*1;^~Hc|dU7mqh?GGr|1&PbwTd;sTt8lyU5NO$4O1dV8z zBax)R==I|Y5N!8U2N+U=`I7QX3K%>O-%F13`T}oY#JIi*uL}6@JpT#sc-$E*r6kfibnSD305pk*0C+O>uk`{CW0=8b@Q%_R$-wtg_ZjfEakIel z`|Pi^xBtzzhqo35TH8j`*5H6miv94ou0LbS4~^6T8o5%msXpRJ!dTco^bXKM4A_wY zp6@!{qigxlyAN-D{;%^;#{Ts`@Hj|ljs3&G4Zwg#S}Lccg#sN<5c4Jy8uuF;Kv<~o zPZ$T;+M7;ITOb*BLDT5}-h<^a@XHF1jP~XMVeE4|D-kXX(f|sv-^l{4>~Rlfh}nR7 z23`N%N3nZDCcQU>uw(L@cjCZ&dx+^LX!6ik#kzbt4bH#?KwX+mtAt(8wmd|$SoigV zBFv;sX>-E2?{$&NNu*(~vhHW$@>x_94JqT;MFzDhqS>NSUk9@2jee&+E59FU9vZzzVzH}PhS97 zSH1vviU*?%b=ehQ%mzaR)GC2N;7a5h25A!o943D4%^$Job)9zLa1v0*EfjTOPFpkkX}Be0ai5b@3^?80cc*yTeM5Lw;X%rr@e<7~r(= zzu|op)CPQ!`9WlDv{2c4LX>9N75&cW6?(^X-WTaCg{g~&! z$i@!{lwL@+%!+>y52&@tDlmwp zP)wZuNMQXiKyg4aaI+tuu>sv>qr0t5NZ*Ev=$yM3FWI$X)f2Flv1#}>1w;MAPzv>d zg)l<@ttk*tv%o?hAmr~Nwhb~)DdxDPO>Eq+XWpK&AOOro{^$6k5Yz^k7BB;cNrKtr zez?4K-0vVS<)oDWa50`oNL$-bsp9R2fog-Aqo3c#DE`+XRFJV&$%}b!4FG>xNeg*s zhU|aQUx|xKD3ejW;wDfk9a;1)h3~(<|F^4fHXQ^4zz&TE4;0wzG#2^C9Rj+s;R)1y z8GJ&V;Ek&dl+EGdbQ%D7F;=beUtsyS0fLvTMVyP&B&`pN-2H!x+#n@Jw{jY+wRBpX zlHWdq&yLMb>OpEvOZrE|WAof-el|N79iMw((KZ97ih7H;2OthF`KIvRWXUKREf zU<Ca6#t{2$gM_#IQ@=Q78qEMel=b zqhbn2^y_JWyH}?t(d~6N0m#k(?ih)HwGQW^1q}3XQ?gijknSwhuXoy+1B5n}0176< zY@=Jsh>Fm&ih=qM>p%I%_345C6x{#;TVe5=vQW4B+YO-5=QN`HqEACrgz>>92=H$= z%yM4}*A@Z(YS9N)g&6jDvEp;anF~^VxqH1@`)7a}idB4zM)mw1;5Ni~TLr+s3~Odx zr<2Chouwk`q2DqO?a^xieZgOoZh%gP+&B3PJm0%NQbfsC)Xb-4_pKMeEKUZLL%Cg_ zx|*DMoX@&(%Dbp1l%FjG5jBK|DRMTCiX?KoU9P6|OOqRrQW+Vem)PPp0y3H@1$OP} z4t^(6G(aoN6Cn}3Kt=memGgX4@`{=Rm)+RX3orgC6UWL9-W z`)t(eyO*13>jC6YSAbPE0U&!act4fgjd)rTH(6=f4~zomgYLvR3}#=yN(Kmhy5#{b zA;X^~f_ep^>RLuV)xrRu@CZ1}2$}*qhl)A?bdvt;WEJ>giY%=M{OV+L8F6)UdAtfN z@*e@wt^x4Z7jy3Pu0|cvs_h|c3Lr%UeXBU7^*ta8sf}cI0Zy6VfdvUGQ4Yp$FMqs{ zuI8D03sFD_+_(VND)Qf?FYwS%%XP^}(AmjafX>bY0iIDGNm_GdV_jiafO0AOkk@C1 zx6$Rijtk<?J@%^VtKL zjCmciA9(YX2Pw=4_*^`b9Bc5}gC$6cFEFQ^fR2tB5Cvp2C->5T86;iOe5UL6`)#ZU z6Bf0jKeg9RIR~0JM&K?@ve_T9tqI%8-!ry3Mxpo=u!jvf0{{>`2Tq4Cf{5b%FW&D0 zTD$8UbbuJp$SN)5EikbKTL<~_;V$j%tz-I{F z03(B2tT4jw4BQt(I3j{r0G(Ei3@Zt5u1Xx0tK$Sl#hHB%GKS<1SqgkB5}r_7J9!}x zL>Ckeh!`3aIe0$!U<9)eR~`UXO_dpdA<}S-o!)q9j#OBKCZ-%C-6kNTA9nWiR|)7< z7gpVf=&l&g$VJD497v~6OsY&11>kkYZilOIC*o{&IZV|$Z~_>(auO3`WtBQH z`u%am`-^KpdU&SUxDJ3|7p z{Sk+5fSh!ZlX6n_l7sMfz!J#b+myZ}Y=I=8lN>Z&HP4B#?-B!y$=rf*-o{zc#AmT; ze66eT=UfimSmd9!)j*cZL}+R^^5RN*0kLiKLZ;mbu&ODSC%(aMN82Qvas|Zxa_qX? zKCNg2betwY@-+tkt=rrSvAc`hPC7kqdlx{=b=o>VGs5_XdzW7s(S8>E=J}3DaGj|) z48n53R>NdYqE-PM;RTJx!|~zr6JE(146d@mM?`)yuMR~Q4OYoZ@Tleiy8f*oawk+( z<}~c8{R|MAbbgy@)ol_+vv$>28ye2kjj^u{n_vvD89I;(7$$=ULj@aTOAt z&{0u)$}a@oxOgSDIr%-swxW+o{sm|WTg?-QGV`Ub@D3$r9z=U=@YgS81L#YgvNZ3} za+akC>i_Agz7OUdFEyI~VtCLV41Yz3hHCnI-UD#1naO3fR7m>t%mS0AsK}skOe8YZ z02?OH4STBVc1r#+k07J4y9%r!=fdcJlzdcF!odGuW7&tv`T^JE_9(8;u z3NkwmL+;rtQeee!5nS|l#D%=bO4!U%Bo;v`{Gax@E|FxisP z1pmmnuX;QjThPe~i2;JE3|ed{uA%D*CK|QVlwcc+nj|0hhaAQ)qB`^1-%?z6)>%`T)aB zi12UcuS!27QR}q)s+zrLE9A7&Tjz`Gip|D_{&wyWz#GcZfTAppBlGlc1#OEq8v_m_ z#P9(Z36s3#7pdi#{1dPu1B8=zbdnrKqfFYTF8?Z?u}hj|+V+KMvKh#-iCtGI#rXx+ z>5-vHEtBJ-NSNxZV<$m*FLt3cqRv=>X*}?euM%CvvEm$&$pqKO1Dh@mNo*nREDys^ zEa9G|fjAvt(?NF=+vhQzu-YHd`(@|#VoYFKHCL$v>C-T`N6Y@@F+|5aONet`wD|Hb zi6|1N*}r7*+c9FIo<)QwnEmPRv;huqIcmj<0wHZt*=s*P^%?cP-knM=n0?zF6%W|% z4EhLvA_!S|;8zy=97IMCBZ9tq9=u;!4&0b{_r2J(^0i#QOZbdNRwl`OI; z3<79N54Krh~Zc+CtSXz&`>Owv~8Ujg0Xw&DJtgFN|@+mXN3X??!v2yFsuE3&$Ed zDoK>r6H9mt9{~3O0o0$BhyBK$AXqGg`3?0VmX75a-C+bm^FAnVSS1*?OV~+rO^*q( zxyZ%c{!DaC4HsBKONa3uXmpbVhKoY-JP6e&$uj7Pp-Tw+l1RW`Ifnp2$<@VtfVI=@ z-cA^0<2baGPbTvPXVC~@h{1I#J|NHBWd!o?i{eA_U07%~jt;uhah=tvXpmEQU7)oF zO^g^-+i6l25<%sYq%|AXH%O<_M%;m}j8oMKUB z1LKaynDSpQbACsZ;~otcg+M74TElsPbPbrGH#;4;e8)a3X08u!)64c|O5b_)ddoAI zekhB@#N_L5P7@yc_K?9AfBzev>s4}#!pn=}7g^}#4{m5QLkmH;@oQ3B`3fwlZvt1x zv2y&MaE)x{%QzAYnp#i}W7gwwa9JEa!%!vvCaDfah08k6BJSBOzJWEowdL3SK|I?E zTey-TzK6mHZzM9fig9YNXM&tDj?FP3t^$vEaH&%Sp#R7&fum-^K&CQrq$0QePYn^z zdpYRLMF)Jhbjpm3OX68GpRIfRdZW>XsRyHm7=!3<)3eV@kPNtDW9Y9^N^lOQC8*k< zbzi%B9=%63QNM;^hNoRz-XSpQVp%$rh1@O5xTF+Ult)@m_60wD-wpP*W-|h*j@>~J zuZ_Pc2ihn&cT=?c@ACmBk-ur_4cnZ6l>2~es)^QNQ3t9TS~*iP*H6{g7_8y=XM8We z>NH|p66pyA{*hV$ME6BL2IiicXifDu1GAu;7s>F=KsfPzbTq|N;hO|b zZpi2ei&`LEaI=<&1GpIy@hwnYI(j}E-d$^N2Ihm34rU_+!%nfl+xgv>{Fc9#t|`k2 zY}}CZoXvX=)%qblmq^c0ZA^7)dDV*5CRle2~Gd>o*(lQQ9^s2!zbJ9P>&xaFK<*I} zBq%zEO+4)I>6DQ%LJn^b#;B0{JWkf&L=Gd++pgCi7maZaB!$3Ri6A9}aSCHqU>-7t z;G%X!aaC>z2Tl5IEnRu-H;)(V0BeUANHz}AOWyG#Hc7lH333TW4JJ~<8GC01#mZWj z5WKl=BT~}T-&87)QP50c;l|xgY1K|iB9*I9RpL`e3uo+D-EUbPTr;J^mM8U1qy54! z;|-MyCyetXR!xH7)@7&q?qGsf+}bti587g#MF<(9QhjdFPz%SU*uZuR!QyMQM}OM! zIux&ntc~D;b+LZGjK8y>^6Zd?GW*8tR%aiQHIPh7AV8@SqcHup5I*4(=o1MI;^IJ| ztn6EqpqIz+&3n9fq$B?q?bUrIMR^#$ELf!GLFeIrQeIGAa;`v*E)ZNAO z&0qm>@Re%~U!EU4ds z-H)%t$kfl94WDYO=Nxnd?>L~ag*ThT6FU-ll^%(9(DCVFSiq^>=`L^OExcvJ6Ws5D zwF$S05(VMOh|kO0OsZbLx;8 z|0kPEtEYX~fyFRP32`CF>$nfIU_`9wO7QyO`?Yff^%UM_i01L46iS>YI!^FHXgG22 z$A25>iznS;rb96$g|Ne=jCJp1=zPiEJ3JCxcWLE0#;O>%w(c%^1{cu2x9TJ zaQ;8O!)a}(evnK8Dk#P!XFOXkDO%{Ym6(k#@*v16u_PE}@xDAK0+2z~gpHA3#uG8F z8p{dE_d^&TJ;$+^P(zddTD%b84{i7{MM(DTx^lBBGgYq(T{JpdyrDfyRN_;4p?&Q4 zLGw2$u1k2oPQn)ZYyt0=)b|)X7$5IKR{Nw54h+;U4tREof+;)57!?lQW2nFPjfhiM zQ}Sz1@%Ein(9$>=y=%B83&a$nKPdnHbqf5Y6YEf8I2tsVM>3?v1WTZ>G46AZc$boJ z30!&mL{vv)DRM7f!lXtePyBHpc28lx+CEjb%tx)8d$$W9( z?o`DEelgsjvn;1L&KZM6jdPBw3D3iD0x0+0mYsjIPiTWvEsLpxg@*#n%|O$b;&+lRoVk3>cO`KYPq3`VaCj4xIBOJ zo|H9$A9W}%=H@hNfxjShe+|gugFmk)adqP5_$NW_<(@5}t1hBr1u#bk%uD%d8yETo znen7=WovW{0v>*k2mOBsn2>$^eS>IbE1pm+d-snL%RL1;I~U~lmr8mo43NNvF--#A<|EOWH!V)-;U01$>1potT_ud=X3 zn>>`pZ&5Hnn9T1(#z9&JgB|k+%Ehq-G%JW2md#~K_@g0W*ArAr7!@|d6i#7uhXy&n z1{NC85XHxq+#wtULp(|s6O2Utw>D0e22u@Gj^kYB()vK3w2Sg~TvFkQnV_~a=5$Z0 zj{ObkVLQenSYVPQ?k*FoZ~wr{8E+&ir4dSZUR}T zmLI>jLo%SY9bFQWFkadkZ0m7A{?yOE9d7O+;2?mENUIvF{wVx|Kr4^yz9(@Lc)nS^ zpgtpi9)5yX1dbeiY$22-JN4;|fEXop%!Sk#bV@B!NISGK4SJ6=cZmDRNz64m>?xQ- z;eAc6XxWM&U9IswC<3T9aKe2V&i%)-Mcdv)LCh4~G`mlwl?6=QRRH zHi85X$I|cwVJ@T#)DpbV={b%kwc5a8;8a62b}%D}BGC~gvZ>zwsJ;F#iH%(g{i_-I z9XM(@41CLgl-1;8^Gx5@UiG|3n35Rqt0ioIWH-N7PD&ycZ=40OFrsOld;E!)0!pGf zkhUF8R{p%yxTUv1?ez_YoPlYmSRGaNyrKGroY<=Fuu2ek(snn!`a27nQc@hIC6J01 z0ZNqrQqju~wVyhiBGmu#>J)GwgO1rg_*FKYrH{!*TMriuEChWznS5vsm{23jt4UV* zaZ|HS-P{#+Gc5qrDvrc1vky{cjnI3MWaU%unHip-U#%Z84NRFI{<D07&y3Vq9IDWV`^w9Y=33bJfAgjwpNc7%0wJ7~gFNB*X;&QkU^b2fKkGO{>0 z*OiyedbY5Rh`4`}F)DtEUqSB2vATh*V@gHBSZwCYCzZVU;mpT7a38)QK^H8J?hnXi z#-Rp9Cj-Z@?u1dbVK1emB+`1}#zCNrL^0Zs_~D_=i%J---8flSG=t)YgeA+~1ZPL< z!DcGap&6BJkDY#npJ9KlV0*BAA%O{#1O!?wWZ>51uR8L>aRP&%@marM)}YVes9Qi| zW_gJv)&I1#X-Q5P3*SkbTJOn+SCG>WWN7QAjxA{Gs%6#edd@J!uz@?_6OvR@Ft<+t z##?%ovUO_o8vZeZk}45+Im7|G2(Ew}PwC1g_VAtH^IXF)d$F?P_QOQHwUCSN|?DGsb$*=Fd39pfrmY=9o zsftN31ZGrT@9Lxvlfu!j&tsVxQjkm}hGbv+Tiet=4+2|}KH94t)j`)X+v>hc3U81A zc~B+Y#Ve-)OoliL?*WiWzsx}G=L<2Z4uPVm`S+h`)&m{)dV#$4N>={5BUgH#goEvM z?>=OXx>t5+UGhZ0G4>cQ5NrI4I> z3sgU{G^rghM+UhB#-kk6OUv(S7znZfkA)e6sX{E~id|MX`?ps3bJsZ!OXjJUil|X- z$@jx=VAOzn!+0S%VTuH@O@G+U&5D0zsMaO1_kS2vdBI2V67erWV|up!x(x?Z?E zYg>Q59*|N=99B_zn!o{$Iiv zX+%%*^PZNEWuI1ASX@D6GD`4SgTjGlJ#>ztxZbNx5u~_BW z6`IA}u^+L`d7E4OV7s!Sb*-xBK?crW!WAWrBHMrlo?r<{Re)QK`#gxL149YGI@C*j zAKcF#oYM@`a9x)@55k0D)QVfG#sye1ri#Pc2l4~q3lw?%3t?4>EFk9kV|Jtfr=0P~FQyc%bEPhj@0oiq zDMrcrG7)3Dn(UfY1fApYxA8~G!yoTcb>rWE$;Ou5LZ@>i>GNVNDzu8Mfw=l(!Qo8Q*4BKLGlT)9;fD*V(_-G(=qNd3*rP8pDQc@nt zEcLf(xI7_6e_C1!c2WonbPF{gBuQfIQ(q9i^%XipNURW@y-Jrw=;Mw~oK6rGHW&?Ko;k8+1rZ+~X-}C{mKnoot0j4GV|0q!mP-CG7`(G(kx$ z7cdhav6LS#O;7^l8I=E)@}{BXSh%K58X~ztbTGXP8Nztk;78#lUyqDmOled4NkaZ` zct>b7zfO9Kz9S`69*c`&@wYvBp2S1EN~#LHEukiffrl3MdxM_gV{uc^Evjrck!Y0h ztBxq_;0Y5V1o!QawUbl=D$NovVSiuyn>omENH1ERgv`~0}JHH)aXS5taOSHd* z?Fdmci^m+AzY3Gc>q}V3cFQ2F7??OeF<~q({QuyKg{qM#VMtUDe&-D z$O1@yON#4NQk0aFT%Z3Rt`7tImz;&fC($~RaFi~(BI0^ND3Dtts=pHpemsme>97Bs zB=!~Thcq5f0!TL)+cd_eAQtV=Y%Dp|1skM>F|4bNG3dj7V)+}lE5KLglzbRN2i@(e z-zD$kWr!R;oPq6Bt~8pMvBl_eT->P*C0$bdb<(0AwgE;$w&+SEvBj|BvMM~(Ta8M; zZo8JGbySmK_o-<2leY69Bu2S{0#kr zf3Kp6?uX?UOozt$&Rc@x&}X&`C4KoryTSGi>C=0GyC-In=&c$sDpG*P4R;1OKpgO% zwLIU=C3{~P$018!@=z?bH;AW&N`f}~tqwP5TxU;STtLv0t=J3g)m{cL`Yd0vQI{)% zUcd$}_zMdWa*wTqr}xooqL1FTW@4Mn6~kQ*rVFmhc9rRf&P}K~gJ%SfA3rNtY@;5Y>SDbX>79k!gqmpinV_N#}rK8$L z$kfw5@r7)Z%VkWuTRde2VGlb&$Uu~j3E33tu#VOviH!glF#ya(h?jGqm`I6Tat=c6 zG6nu?#PwPYx&0o*2Jf;W zhY{WQ3{&ux0cpL{?_6qV9!yx-IvxmeWW+q{;mG=>Xn60BQiUzmmD%e;i$ge0OPFzp zxD%ZX+=@=E68QX^I5`ZM8mcXs4DlwpuM#Cb!zVfXe_(Po+#TRWuarm=5yaMhc@{(b zuJ@*Av`&gY2`i`JM;H0X;In0PwdF__D!+9@B-u%F1MgNLoOes0#g7Xd;4kAo;&+26 zm*&Mp(vGQ&r42DJ6S@AsSb%6WsO`a9pk;iSQP{*+T*3&lA=PM$Kdw7nf^nZ|5NI$s z$XGZioM_Gs81(oE7#zok00?PJpC77qS6Qfm z)0r;618$ha)!ZXaWH3C}S{68tt{AAL#RBlE;m;|Z=N!5faG59?&J=#3@zV}+Mpb+o zCd)A)wVG+qZR))ozFAQ3GmHv}B(6llMgNVXMf0!mIwr#*+VH-x%o7~!7iMV`4(e4M za2$q!Sav$atw0QJy*}CG6C6>0Yz*~A$h2?@g(Tu-UThL_LDKE96o^3dDlbZW5Al*^ zk@3iJuYSFO z%l^mWO|}cq%I0-Q65O@NbS92AsFmmY?=udkkAqJ^?r%2)ie=@F9c+q-axUQ@x4EO6t?gt`ayJSRX;s zEkUZHWC(nSfUUz(Lk%ezRxW22ZS~lvlOyiReg6lSTA+xPjiyfnmHq_BTgF2=CMS2l zV_K6BxJXrahKJEn3~*c4qlV?{3As%17J3bMsMo7AZqBX>*5}y}c`TJoe^K1`S{($O zE`v;hzKpfp>qRAxWL9@mp$Yhl>qHWZIw~L_@^JZ!0zbftbg%QYXvBR! zx>heR5@^ydga-4KNoT=$9jM`fuefb!qWsHTgFLM{8Mr35HI2phHnaUyaCZI8BrzZ?8`j8{; z+@3lQe%%&Z9&JP?8tMq=UC0%Vz4JGB+_t$ksOL=46ATSJrQRC)0r&ep>EyNf`7Q1*wu`(rGaQ%0QoDXmzT%8v3k+W%T#pNCZ+wx68OTdrki2U$LiGsP$m zL_F4lpvO^K_;#u|GY59;aCSXStsy&~arawa&iqM|T1^!9$C$1?Y0`XG@A<9yw#HQ7 z(ozN6#2eLo&fQeX@GA|VH%h^?7ks|*LhXD%9YBn~ev!<+4SRuG$Ok$uICd|{zPdRi z9TUaCV6>vz>zRw7X(_hsWC+Ca8Et?bsjUZgdBw~d`jG#@^t0`0%yz?Kq_~z{Z1)O0 zB(mn%yom86dUTzNZ9giF<3-N66?W&sSX|0*7u0&Zht@xwL9UVDi@DFOmVit8p^6a6 z*pulOaMOH~txd#cUz4ijz9hY*h0`bzh#oCQcq1-XdjJ|v}BZq6M4gKXkIprbo6dqaC{ zs=AO2lg0!#QaJ#aIPcXnhg+3LXhr76#aP=^&c)JfTfe^wR>k&}Z2tTzstp*Ey91Bn zzK`2)xi^fl9o7`}wl3JI?b!=O00>Pp6d<)lfig?0^A)@7Pby9N#B;vX4wcs#A&Ycd zh3APXKUB0EuEDLAZk(>JPdCvv%%;AMSCr%dPFnV|>|}Y@w`TcFHHLqs4}kUbTA%E` zvY-6cG@s8e2&<-S&Dp_K&Qwic{KCg9Ot?nZ!sPk%QUy;EEt7V_*|bQgI6nX>XTW(n zBVuhxtTp{*GFW_F@bAwifi+HZEDxrg^sTv67I{A88>1R%n@K7)DGsWtMG74pM~`ot zY;1~CggTao^JP$|!IzhA7#)KikUIhD&F;V;;?}z>8#feKWBTRo$>4X$Q~=1NCl?hR z^Ck631_2@K-@v#<2kI`_Rxp#TmJ%sqy^N7_J*KQCB;?%on!5T}tKr)IlnSj-637D* z%h{h_Fb@~RWX{H8nCZOV{GRx=ucM!c^SI_yYZAdqYK6l$FH0oDUxcoY8n)w0Doe+* z;^$axV4a0OA_K(Gqc%V26{$#3?EN`CD1%Y0*51JF+e>M`wFB`1#RZTI5;J2`lHu(G zS9KkFz!N5-PA;SkeN~qdgevetdN5(Z%o^|(d-Xz2)LN%q4hL&`$QOxYOHdrb(%BVG zGRp(Pqu%L}KeO$L6#uM}_1nakx}!%x5Ki$jHxON_FtO6%B}#0LSHx)*%WA-Cs&;R4iS#c2{QeeL%sB_&DXnOZ+P^ zd|CeuA1NC30k%MxGd&szFHTp5h&c_lZ@o>Z*XMk1mL{CB8gb8Tju;sZ%748*IEod% z)`WrJ#F~YwfF4m_^zb*_(8i;oE;f-)wdZ6i#DOuXKld&Mz_C3~HlPoJZ(dA=YPyi! zQ4&sA;O9?VCV@gbF}vOZIuD3Ja>9|k%)D1>oG?TX-X>Kb?vS`3*`V?X;2&&!aXVv~ z?K4ve_UH^FA}3st3NBABBO|<^hoSLLpbp8+m!odWZlGgbfe98tzu*1+);Ff-uxl@y zz_pb#4QBxuVumxGZM6qU_AK<@+9uHdX)Bl+Z0w; z7p>RMV#!D=SblRPUlpu|bOEudIjJa+2B&YJ4}mRi}Ek>yZpDdKWzJ$8K9ABy(V0gw#}Q*`k@p z<6wlSE!khdgN+6;SHOa^6uV*j=W_r7trUbFSbycwTBKkR`7G;4rh;V1n%64;@k)!~OM8UeSsCvW%z z@dGLz=rF_xsy-#OBK8Jejl91%Uu-iV8fVHb`@lX(srJ2;7a44YE$NRy$NQyo9Uuq2 zLMdc=-m(Ab*3yj~@j}fXK>7(hSMTVs$B=FHy`^4cf}wDiXq9FuWsA;Ab3m3s_DBKt z1(^eJO;^C;@RY1!drvR#Sv-dfZ$LF`6#;UfAsir#*CWujxyd*UchqY@4D1(Y^n!(? zj1S27QxYgx-%kpc3@s*PH}99)Sc$>*Ri7ZOn688_mHR%xmF9@(fO#PGXS{xK_tcSc zD!0D9#dDWA)uMj`S8(R`d2)x~9h-^ ziDSL~+Tg~dpdMZDmplX|IGdE&0J4|wu$e{-$Em!yQ6B6ura_O#L2$Fee>G_!VnEU+ zZp>pQz)=-M6=#Kfd_!>9#(od*8kW_6RF!?ceejcfR!}BqfEO6x!h*o8QIu%||As0Pb;$;j z)M93H+#FO^qOs27iLFl?Q6<0Ss+t*_IVJ`Z#z?w?Jli8q>3vPOn@rP`{FWE9Blz`b zLdBo|3#VuQKjHKrPh*AnVTUSv17kSOHutNaOe5&GV|o0dGy%R_@3C1S=IbWVn(lBo z59@Fyx9~Tc71XKpOtw|e*-%m&t>lr`B{?K-{T;F<)*4=ES0Bx<@H6_k z`FtK_YTFNh>x0tA0WiQGm@B<{4}?jRDR+kBc|Mz!)w}cl0Z2H=B zzX2r=Ku&t36#99nR_F6?xXOI*0;((WUe;e?WcW5CZaAb#D8{BNUEgi7M0@G8TjC0 zeZ{@WkNx~C*5R}QmOjjRwZ_^#*K}&989zKuOO;I6IG?B*t+yTW81*MsX>6Q?kEi_n zxLAVbNuRk=tTuU@;9>~-&`N)qB{z_|#yt9T*^@E&01i`wFo=Sc=uN=SgC|dhE9jTMYdvw~Vy}l&L2>r4b3&vMo>3?cZ=OzLBKd zZ@H2zYyo7n7dFDn*9S8B3`#^#9hqsbqHo#NHx6c8^J$>tVkb%TNaeH1H-5!`xO|P+L+ne$+ct>d$0H8 zzR%D2QeUpUX8z=xd7kJjw(q?8!al*a!aAg`_G?g8%k5B)(?Ig>%D}deeEQmYh^QD? zE#X;@!|vRLQm$5U>}AEpeSQaMzF zv+LA}W1elX(M5T@CKRp7()aAltT3pijJe46l9u&Y3=qkPOq_VJy9!4&FNlJ3~zYw)MNNN7oLKt2OJgeXTZc`cEyhSKxTC({+K$ zmDqW*zM|4rQuvPxlOV}kuV0@7)O{0`S8sAKozDQ#q~i1I|IXn=Ii6SMz+j zt~KRng9%}V_XXPJg)*usK8fypc`NE9jI04eZ2z}bsQp_j>R1vk_YgTp-I1z7OJvEe zXcUc?9o&?sQ#dTR3NYzR0vQMl~Al2((X8uzxrC%2W6b zN&RNuxxTiO(P<+*|L1#xbirfmycopWXpwVyE9bBMEjS{=A>_dI1^Vet^8c8O;sXz) zX`Dpqc%|OMPwQ9;rRy@?DwYIq`tc7c=2L#|@!1GG7hM<|sOUk(>Ib5E+aiz7%PT@} zy}jd*oUTbRt-8^$A=}7kYIbs5noXO;>33>R-RPHWzfZeek9eloaSe~QIi23m`m7$} z82v0N6-|kqqh=)FtXJ6EcCT-=xZ6o}T2FrVrN2|PU%8mF2i`XNH75(*512Ivx_r6i@qU8M9jYo;zGSW1#b$05C zTA)UPWHSG3F$Uw@&nv>V{IsV06xZYy7I@S}GaG4q(|O{sau;K_(h|SlZ4iWFEn+^U zD6cJesMw>D!2QohnP(}0|I^L_L&Yu7>~(Hw;$IO=GhN7rx--WT8!oA`E6xaaR- zH=gRxJe;?g6MHV!8qBs7c%-MX$J1^uzS(l}`99Ukr(3kF#e>SiU)bYau}Zns)QLxT zX#dNWcs~%ni9bdWGt#x5rr|e~YQ^(WYxbk9;n0Wv%wf)A`u^r-c{l-*qdPU@6suXJ zFFogHSLeKc?+up7wNcokJPOsE^h}??e{LfJ@&BccrI@WX|K8dluM=W8m93^_4`}*$ z->k8)wr+lPnvl;|%$H#fjYv3`XKTqAv+L#&;0yZQev=ib*@Vx&G8s``UCE72$nl|zqrvojQv{%u<|UrQ5!ZGO zH1;AdKbW82+SFrrr*n!vi}cNU`uM2>bO$tcGqpDm>jPC`GyLR7udrwBSI*l~;>j2fUtO89WT;$<&*|bs{RmC-YAtIv(`Z%#pbG&& zUM7A1+np}`A9kmrCyWXpoD@2@&%#_+w-cUN-)`-Xm^s)EE`*Hgdb?ZiOX4FN&YY&# z2|X_CWw*ZXme=Y<<_ra_`rWcF8+k~?I80~)QLbQn{>%?m5F^vMJZrFJ>*!|u?z;5X zo$I$9p97Pl%{uNF_Bnp5Bw@dKJC38H%j@OUugszK&$LR#8nZ}HHRh<+#|n9yw*55XG?Oss858Geo(9ov(b!ZE@`@w!Yc!*woENLCaIMQP1;dWoZ-JeUUyZ zBA#bElf})g-te1!Yi1Bb{7JFx5lz?Ey*Zg{m*}JtuSK_J%;+TaSYcNYwZPrZ8!8it zh&Q)yQiQxTcz5@5^kjxiYkEb4~1YEM86;X$gw3H2f2pj}uuTPr7Ta+VS@E%y6jptuq8B|J0Y)2+EB zy+x{D#$mDZ%Viep*;`kEoI{V{qd&6-F(Q!@vZ9lNUw+TLFb!1vGW0CKN3CKpbT!ZG z_{wQKZhSWCNT?I5U&C#V1${1^Epg75hd=1H)6J;A+LC5F7!7H;*p!{8IHK`3o|x>< z{PB_d<=Z~fTAuObS`i3yhL0h;&-bZ4uX;Y(yvbK#G72v>0;?ZY-B*zn&w9qB8mYK$ zT8Ly*LA~fSnO*6&r8xvm_a`U=OGUFb##qWY0!|=3bpn2WGF1MW&PLphTlk zi5@K0*?4d{2*PpTEbJ&Hr&?$6Z(!*~rWR%UjNMd`NJLg@6RLT*0_pbdKoQl;VAdGvV{4O!E;Mx2+ zQ|8jW`)BHw&wlO>#=365hHTMiZLPy_^P*e?&NWTSxg)puW()5x`s{0q^f&~kGo{;a zU)M}c*&TYRk9?FKV6D%!!>e^{o}Z8(&h@zcBzJXlTRVH}YyDxn*-7_!%wCqQ*^~CpoItToBrs><$w=8%Ub!$!1?SoMavQlE2>|zxF$eb@obR z{U()^9j4b{^G5jIVq74&hHPNpdj1+*Yl7zT>vGSgzQ9KH+;WVqTHw&Qb|MQFg!+ z&^6&GUD5Y`>u=F+LB@#y%V_83MwMHoLV8bg_N2`f2|HZyPWLL^R=Xr)+vb4sUi2#L z0^nN}XtQ!`soheZp5y}i)EAB^xUO!blxuvxSk|7!-g2^Y;#h$t^AhJ>bNz~tiBHUt z!&nlp^|YGnlpT@I>HS^l`FEP^OXsiCJ8iY^ky1RfXVr4@$d6_J35fvWAPEnddz_sF z##DJtyA&pW6xiO;GLe&w+smSOq#ot}!`@#;MHTho|FFU!LkKf8A}~Xjq)PW74T4BW zH!9NIF~A^5iy);qfG8k{BHb+=f^*R_KyMp(*IHt z0CeOU!9rFBsuvLb=aoq<8)*O%6BUrkSGD0QV+UbBUcNr}qW5*@5yUIL<9g!;Wn%$t zk3Wy*#1s}7wC#?EoH%6Y2(td?j0OJ`zx?lN0?zn9FFF(dQ!^X}USzYBwrc$HS5LC~ zQ+w$4--m3Y%=HO)fKnqw-@xs8rSjLvgswZ{lZOwq5)9792LJnggt*tM(ml(NmnOHJYb5b<)-}rM2~`!!B^9ARII;~@3~g( zzvVME0VJHqT=L(HDh4v1m+rLEz5Bud;y~N+AT+`+{}jZl%Xt)ag&i8w-40g!PjO*L zJ&EN%n#}+G6+~J|1^Oj&*Kh;xm7I4Lt%as_wML-b9uPjx@72HsuUnwkLA!s6FX+to z{_C?=m}AlMTF|!V?sLGXQ%SekoTzZ=elXHr+AGBkIvDb+K?kGD{2O7hoy5-XPP1}~ z{9kno-*>)vVnXe;zd30LQ|%i39~XeZXZfSH`8EI(bY6#p+Gcv&bdJ+}YveVqY{#QE zLV%8OnN%s^VbZgmHpU$5-^t$r_n`e6rf|&{IbgOpr~#0MoZYh$%eGF(x(l|YjH9~J z=7B$>6uMyE)F}Za`Cr9SW@6`C?!4l~tEcV&7oY-+Zq}gFTV3@cr!dL6)Aw+HQ1jjY zFbhA-wZ_WWeCnXn%9F$$3|@;?|3;s0y*=?xa79J!3Y`lbBl&I6SVkvON-@Dw$WL}n6jVm&LL z@q+9azzy276{7C;cP-*DU<5Hv*-OS@2cR+f|F-T6Zfr)=3f(OkbNPMm_kKlw0FB&D z)9S6-GovJd427(x+I4~87g_=Nlubo0+HJ2}SQW_PuhojNgUKC#x*^RVoO`pCGvqQm zinsIG&9`>bK&E+}1YTC+00(+d{n_=bo?0n${1}-4U>04G;WNZ67M}n(VHfoOR{j;q zM#f6)VyZ#o@BmhsykfhN$Qn!omr3`L4pQlJ1UT8E>lAGlP{ZlGh7{bsbKfbZ@!&c_ z?kl%``BfOTNgOaK4!{Q)Bz@XJ^EO-H)y1!uq=DlA1c0?{i*f1X%u{-tRDHVo)#d8q zsH#jB$_~&D5ez<`jRG$YzJq3Y3h%ptX~K?~JjRteph=k5bHX{o543S#qX#;{IP$(T za*0d_0D|3r?@TN0i18BSencDsb5HNZCcwPJTu8VrKmP07MsK~p-0uQv`r;BWccaka z=YzR#m;+_|lkDrfH-U`LE$Msc=8qQ$?Eq7M~*v`q)szS%Aqw=&NSrW(>;kS zJMyc~L}&c+YF8JH?$?GR;yd>_4uww*sytprh~vQh%6qOvS1V+z?S3O8?lN7=l-cf3 z!)Bh|^10XCM*FwccVf+(!bKSy^qQEsyDrHELVj$4n`dc&QT&53b+i)zeK-YZ z?5t^G86}9Mo4*x%?k#p(#uKkHk3n0Z`({_7#I$KOfE^4PIkH5YHPd_!R{x#Wqi+Nr z5nVi~vz40#sDLCu$7y^+etyu-9P9Q@adtL}tjK#N7=IyJsK+V$VP`Mks%$p@Io_G4 z&or*`a4$WWXj-@tpnL`JDSj2lb5Yg+WpZy|@$-(Fskf9Rm3g->T8h!NOJFm=k0A}f z7ykV9n<#hw7@tsFqLrgUnF?Z#>8PVq$u&e|0Yily4Dp*Lk@Xtf6?PT5topx3Iu#l(vd|S}*^@-|VnM{W> zs`nhh5MGn&Q3X{Fl-h9{;8-dIpOZZ>3nyu;S4>vIVf54fj41L80+C_1iYmwDdsh_b z8}7`42#o;qGHSVK85xdkAr>N>QxGg%<&!e}FCeqwltNk?aNp3Lt3%2$l85@Dr^}y= z3GYDoQXb)U1pNT)4(B4qAq6og3&l-WaQz54Ut;-X85$sSR{%XD9)drcEwj3Bi@EVi z=0gS`!{B(&+paQg+(zC~4mL~9orcM^^B%~)M-)nsX18?lUbRR8+DT;-oJkneg!(R# zW-u-opM5z0+H_srSHm!D+1qK&6#j;IjiQKh=F$4d!yti>w+Hg4LWd+xZx8WyvIF>U zF}4#d5SpI>^hqn`?pzFpur9CghjlXsu8_?w!H9D`C&VO*A6$kwYG#Q2#7w>%{z55) zcVz7G*E$9}_i`UDDC)Is#;!xY(x#%{ek`4) zo0V(4OHbl7AhaVfAa8iqr|GsZMP$fHHe|X{>IePq>)Y@MfQ*W64wV|1zD6+d*6eEw zJ1n!Kr8|4`ufTIBF@iB*bn-XLO{wOECIj1yf2S&yZ1Y5Q#JMjAdWv_d0f0yJ{0fkT zmZGo?vrnqIz3R4kWrt?>P!P_B4)XJR_VzQMMng-W4AoD(-faubGq2Z#DzVSCh|99e z+nr7MZqct~?Hfj&lFt!F*HZ=F-g|kDb`zNT`1>87=f%Q>qT8Lj@b?%G{{F1gZNQ)P zv6}}hi^c85t(Kar&c(I#^Cw^l4gNcsxX9}4zG+nXV)%u($FWnz4}-yp=WYr2HjMI~ zC3q%X?)n|P8(>a6y)*E9T8@mh>yPZMU=MjncmMRH9z-W7v?%^NdvM|Vyl}-tB;0mSm{b} zs36>61Au~8;d>G%B-F`MWr}e95p3Is4@E$NpacrGPoInT(__elCK}wRuWZ}ztZCfu z=3cjjQZ^UfzpybTd4%)~Z2lx7&7O^yNr4vbmti8sxU=2bCTb-vYYGoQCcqzNJ{QhLE90HV`aTyA zkn%mW7q0kV0dbkC^*=j65o~=eE(xxGltMoI$>cPm{-1v^4UzBGjPwiAv0ibU20sA* zQaEKV`;(mwk!_Sjd3-v5zf4*-IHcT6nMjI}I_>g(T~fsP{=6Wb?3`E@_wWZbag^^> z&LwyH`#aaLzP9wDoB}01jZmvMeEN{i7k);QOR~aWQ&;3(kTA(VNru5;+EOuo`#MQ7 zh|sV)B*i{+C;okszzrnpi@9&5 z+qNkuqwU5V%!_NBk#pN-+mQbx z7vMuzN3_O>C1#SjuN3L8FMd(EF9xj5T01D^A=d^<`20L21*_~;i2k6XAAW*LFjT(& z+<3AWF0=!4SMS#Tj!*l?EpH|q%9RV#=E^>hvibh$oOzV=AU^yy9Tj}+$4Hxi7vp8f zR@{3Ed(}QuO1cZlhp2K{?9YwLDTrLm=m9cI0qp)Ld^kD@2?f2k96kj}ij@dh5_CvyY~f^nAD+7wOUowU-$Y(OLR14UPuKXUpU<4Y?q@&1 zdL!kIYjUx1CgG#OJa`?|niPK8^NI+S0Y`fj-GeWo#V6oB#j5V&(6yf^Q1__(%(0u?n?#OL^It8*`jCSLcwWARt;a+UQ+$bx@5a8tCdX-GY?S5qCfLqDzhYc z?AA6>U7~R3(+`-j=_m1I{v$J*)t=XP6+P-wbF9FF3o@3A2i?2{ah$-0BtU4HS$|L8j;ICw^^^A$6?K(QZ!1Sc58i6WCwgNbE&KX0 z|FHZH(gpTM`p+jb)qz(qb}V&#j~up(niZo7eVFfmPXAqb(g=TQB5E>aC+z-?1b?g# zZ+QaSzxj_|C1p24)T>4x2e}Jiu`(k0X)WWh04h3WpB-V-q|bd%Le#k!HdyG1#ZNts zrkzw$3~W(>KVng&`OMb?zx|2$2W>nmDP%~%USZ(|&-{t1U^e;^mSNUv+D6*1p?$JV zZnFYEH}~T2(Qy(Y_<+MOOZRUHL)Vau2Yj>m}_4E$8E*HD^l z>4JL%zE?ZER(|B&oZXv#D^_@HDg%)YF+;|>SZ>9cVw*cS3NWRXWBngik#9L87d+u)gZcStA~eO!=3z>0 z&It2&w~yC1q^qLcs5k&yAYfu`rPfbd)hsZi$C=4OF~6{f9_+?4d3q(4~|CD zp*Tb%4iBqf2w;(AfU2ODo`(ui=!z^ z!_Rwh@Zvm^1D43#P||SxhniAh>bxaBjKOx_+-3=#mXWUYUidsg8 ze8$DUR5e{D4;vD2Y9-aL`gGYe4PT#-$Fi@p-38g3=z|`-&?2M zZFx6`>8r{kXrDrn3pZVw74g3}clqhhnqcm-x1aS|CBt_e zSFEGoPYwCJOLT!6>eGD19FM4*&Y_iLT@e=1(jJyZ-R5-PImK=)h@m;OZcFw;y1+8A z5!v{F!NyD@t^O}HJxnbiRvJn8iSQ7gx!KYw?^m%ecuByCG&{LmjE&^K;^;ZVl4;*p zC@No5J@s6dhmg|U@)t3X$UaZUP!aV-N(C8gi;mtIM^f@uonLfDGrP~BS*hBSVP0-JmDT@>a^%qM8kJiK z?+HGAB3tS5A?*)J{sRh%ec_kxZeZv=Uvrc*V3XFt_V4#Mc8%{^NlDP+diD2pJq6;Z z5Q+r1ESHSe9)|QS%rb<;Q9aBQH&LyQoLv0S;l(! z!|$4fTx;+Ha-mGQ!qxC;gGwH;1~>Ct4>(sA^j_H3{^`C*D&6kA@$Id&yT>>=dtr|Q z%f_ZJ2e-#G*Hd<82b<*BC$q}`W*Ldh3m2qtu-XD^1-5+)KC$}3^3M<}k5;52CEt}W z;YA+Yei-BW_x0bu9ss5M{GH&dw~+~gVdD(RmQdIW$G`cdYT%iy{mbt}nj3w<8o*h% z)B1gXuXkZA;`Co32j>GP-QfS0N~f+h&n})nQiC!Cxv-X_Jos2h#hP1}MLr#NurmIgw9u~9zhvy4S%zVIB@_po?^&dfUR_j|oB|po+Q?_^5UH<&jYk%Ix zKpqth`3Nl5A9~CuAO0V;(FuILfFg{XbrBLSa|%xpa?D(RR`_fo6g&>6ZyiGZD{=lu zV?7+p?RsXDjqUnShEEHQ)P?{5YOpY%S*953W1Ibe{|5)cqn&{FsF>}4r$v12tqzs) zWw4J=ST70tiFE=tG41lQUzyiQSm08Pz9-we36Dxjp$2I2>-rfFf5?M||FVHCq54>m zlxN!;dQUq+vaC3nf)^Z|aOCih>wooe@QtlaT{uS`wV}rwy?co|ev5*26@aFXe1T6ah{qE>%1^EB#vHx@W@(Awh z0tlr|@uUC!Zs^UZBrE8#y-$GxsNdiDlPq^FRa+!q0X#G?;<#&zW32@B|UxbzA{`b%)Uh0$9`kF#|K$N~I}wO&28UxWza>btZe9c2$y@=yeGxZYhU!|xt_5i$ z+p;G|(}DlyqWF>tDY@D~^2j}UagQV*e`&4`<&*0rr2`>F(58##I_!sIr+lMq{2C4K z(kpq?-hj`@1IVe``87e6fOsrd@h{mh9aaJ4#%rNil@5N8^$RGU6ypI<@$!wjt4m&$ zq#kgssVkPVqpW~zd~cTqO5cbD+gN8tM)$z#v?;Io+t+B^A0Xf>G68^h`y;cwvL9s7 z*iCY&+#?iyL?~FO7(sPS9@>uoxSpKo}$wFd$cHfbr{X#7G{Z&}-`*ptR-W$+d z>do3>6Uy{nOpQL%RX%%Pcm$yMy1$dmt3dUTxS>pu76%S)*GP}slw|Z`ZgD_YYva8Z zKdsL;e!XLkmC#md3t^D}O2M_T`I{1qAgT?3Us)Y%4wBb_sHqX8_Wr(dYYaU%hRmk# zni~7-_I20ay)=i)=kbpUp8ZrY@tVa8)_(=A%)lo_QqlF|rUfwU9u}c>0!>jOV%IFy z83J-vY&tU2>+oX)0~Z*88t^HSHFvMpXj%u4WP?$m9uavEA;5jjbR}kx&<7FP;wQ)R zv3PTnx$1PHTh)6;Izda5fJL|4ugEBxZ2)=!^!WNecuxE46;-Z&q2a_z^VJ?_r~7VJ zgox0HxqXg8z=N{`p>;roQUG(3ddx(7ati$a=mF|WeWnkft2(ojFnZ106kP@3V894o zq;Yz!h_;=o+@A*meR8gPTIEv2!CKBclLP?xW$_3+SRFR5%JP~ch!DQ`R}pZnS4OF6 z9gCNa&iFOpQMUt-@<#SU|I>Zvi>Ot_K19b@)>+`$hA?%;HBLCaaQv6!mc2UUP1%g< z=sS*>!{DryEkIM}Q-6Qo`C-dugB;@u(MXn4Bf&tCu{fZezghsgZX%!)iwAnGm$Xex z7gcSF{RO|la^nO{W+NSVR*P;e$H%OTvm?*BbPt$<{Np`|G2g?#w!h!%nQ;F5{m!#i zwmG6q8$U&;taxpEwkf0V>~LePmEM2h63~t-ub74+hw_zl0_{OyQBxOV9%gaIYYL!N zCS14gWrj`*YTS8fzuXE<@!Xs+xO3lb#$Li_-%fauGupV-?(v5&H6h3LKZkV%r19`i z)qf;A{{-mK6Ht5km+so*>@VllM(26huX-0ON0F9qf9Zj$l;PmBHWw)P!_FJL=b(%2 zEQa5l%@q_OJcMOsj#J_V@w`s~1=|vROR&GxR#R~R5ea5t6>}(z;x%EU_*V53z~3KX zdJ}||KSW9cGrK32-i4SmL|?u#na6+$!;0$G5a0Nb$q}qCn*i3c{|KyrDMk2<-=82m zvM)%dUmAK0rp?mnO>_Amq(0`*>2`C%;TPz8z%+}d6YlvLuXBIwmU#_eT3h(<4q9Jh z$gd+YnnIQb+vA!4LOY+H!Q-s~9M-yPRcg~c-r&7zm#+XEr| zv5gV7U$bh#K}gTl? zJTWT%LB_|~7ljUG0MS!!0aq5X5@9F!l~{I1AtcvPb_{U>R3MilCK?!`>-02i|9eLw zdsPxMA(|io|0LJ6ATg*~8?gkvx%xy4@S-Ud(W!;uk5_6gUC)2s#*jJ5Sjn;=J7K>* zA2OAfXQl?KzY9$XmTZiuLnN!_Rb{vP9NW(DTn)p0z<#Qc6dWMH3!6hBVJsN+ zy5r0CX}5I2-0kV&9kqS(Dkd2?awe$VcH($Nk8AzM#<6fb!xZVWA6e$dX40!xUF6OX z!%IdwfdKfzxkEz;UQ3MlStV->7|7<5&T($QSt)#8Xeo*Ye>iRp*_YwvjN_(~6C(0y zM@EQ{5k?YF*$jbKl7&$wODL5bvr;GG1RKhKwnk2c!IG)fIiTSE)a{YUW($p`Pa26O z7ve&0$UtQOBt2&K`W#!E4jz1)Vyv&@q@XmVjg?ZNhoEUXQyXY2DICEZ2`ae3><9P) zIVinx8VXjGN+ruDWCRVwFZqNPUgNo#c+k9slAWB6!a47RQwPdM6BI2(r>*|;^tvj`4vcQk`Q2$ig)rCk3&SL&S95*7?Ju=sb6(?GN>?b7&Sx%lan& z&pWnS5{fR^KqH$0hMT3cOw5KQvH0M<2E+512qBhzffPrnz*w;(GA|GZ&r;q-3?0Xl zslP++%IH95Z#0O`1mR8)b1?;nRdmrLj`v>6k60Rb3-P_?c-jD{tp zVQ_lNP*fG@2ak?y1i@ue-XKI$BRnH@g?+<*u`88V;rDd(4V*WmuJm4|WjCdn6hM67 z%qNhe7WI?;#YbN!&tinfs$)T(#a*T%jP`)3_P=Zt=t6qHg+kL92C#rn_bC>)jWo6j zrJP!fQD;jP6(E_oP69VF@ROb@{0WQAhG;dQMJ-VZE%#sFgtYN2r^pB}+puB?7kM5% zrl54~A$f#iNl{dw?J|&&RY2j%5?`HmUhPx7qpmVNBC2_LkE+k#aX8=DeQUC+NA#&g z7CJnbu9thSo9LtceoGs7D|;G8q^HO4!-==`OF8yxaU7g!AHPV-|KrS;w0~L(Yp1*! znXs=UONF=}C(vk#QMC=D{Vso3DssFaM9#`%!nv(@Kof&+70NO%LQKTeMJR-dm($k= zErjxR>eXK~U3leixA2;yiYd{g3pC&G88zjaV2|Qh5`2*h9VkyFewNhf(#|z=ZDlP% zhlz3+p?uNJg_J&8)F^mYwDzJ%SfKAEF`;yfEz3|EI7cODp7ac3_-kBLpsBq&R9&y@TVw_tal* zG36W7O~S&T8w5Y^KNulihU9%QbkTG1-L zDn8%%$ijkK?*8PS+OZCAHo8ynR8@n>o!Mg>(VE?y^-kxQMS&nwblT(&-<@OTW17$f z*ESqTg{4`h-!0b*hM|!)7M0btcEyWij(!#xPK%;UHp?E3%p!p}QfrKed(}&7)aLD5 zOQm?~YUF|u!tPi&8z-TiMAu8pZ#enb9phe2w&f1XRIsm!crM$C{2M0-CBU1z>1}0u zuUBu|Ri!v0j!w6N;K3fwa~n!=wlyyX7}t<&q-RmchqhV6<__i$Fx>#&*Gn}rVsK(u z;ljr_WliPkv9(M{BUUM0!!DgF>nKbtOQx~Ymdhl!c(1cmTDZYds z^JfI(A>~546cCu4fOi>jBgx0+Q6~L?1Jb+N2h5Rrwe!8l@yBXjnXyQJxq{}UB$i$x zWd6iXYbpMTdS-A#(G#;7SNO*_dQn;MKTrXW#%{ko`o-;Zfh$g^c=P)uYrE9i^+RlQU zm4zcJ`%zE2pHMb77o$^Wqb)h=Vc(KsPBJ`0=kpxAw z)w2MqEp5taMZ-8hH0hD=EJHg6^a?t>T_Gm)cxW+hvA*l8eURdV)WanBX}(t+o#{4z zmrL(4iWHU^G5v8l&RhIgG=!fvu?m z=z=AmM}%IM;wibM^oA*nU5?v%^hMo&^uCD?KWrMNrE?M4mfAiy7c$9N*wfAMNpxi! z+)G!zmfqFKU zCqn&^9t{o|tGnmI!E7Un->Weavzf5eXe?={qY=} zJek%8X((j_lCFEpJ{OB?nUkwwe@RXgnJ|X> zrM8;P!I>DGkV^SRrYL&>e0_16W9?rDP@~+QMWakXOv~(aUZ&3r*lkS2rx>wLAZ&?@ z1CQHRr}-u0O1Bb2$C_a(11tF1LZW5?@BxbY2LaQYgW-$(oJRaJAf*8>UL~cK1e->> z-8BPm61ck#PuISUrwCZCcM0_pU$o~$Gf0XVZCL|P+^?w`-|^kwd|5k(pkzCgY+yrc z2%?yp+ygI9@-o1FeRc}?&DzC0*6o0tyIf%RYCA(f!+(>w$V{ALpdI;=Jt`A?0-4_RM zYcFapfF#lg_8$e?8Wvhe-Zv+sCR`t=|I$5B)AKu32Ar+EtqLBeQ)xg{VB z{37Bluh%uOetRbtkI`tg^$-+>2N}RScc_dN6UP*X$F&CM0R*lHsqS>q!CRyZ_CSmZ zcx(3?AkcV7VQ2Wt$5#GLof(~hS}GJ+#UuIgtab(e4d+|Nt{QkY~{hF`JO<^*si?h(k_ zyBcMIT?yi`mxpRe^WklfCLI8_q~1ynul^DvAEnqAH{7C4lMyM#Jf5t0>u?UAjG*_> z*RKz*pT}F2bZe!xMSChg1c4o@l_zt($9*5=n|$MUW-p>Rt}TeS1zbmrJ-hdM_O>9> zd77zHi9m=b{8Po8TN6?Z_mAIvNSN-AfZ9MsURSjNPB6-G82744jw2=ifjc zXoI-ixU$wRumk;ls%LCH-}72Z0nImM$x`iXANLIWrv(uDVvNDP zbqH3DF}UJga}W*Ssc%pXjA1wp6}z3>O{)(M_CB_`qCS!qbe6pwaj2D&i_@R9e(Ddd z%WZ}TAoYz0UhXl1iQC)w`WR%%H`aKWPyt=>WL3$U8qG|vp|cHKTzG1B@1ANkH-a0Q zLf6|s!6qHyaLr^>2?mKfMBiZkbOIJASSU=W9XTHW?8&;_@4!W5!$jjvh9XYod>6!vJ?}B-x?yYP*DjiWv`;{l|dH;uVCZnnVt{Bj+TLD zO}0K~oUtj{;SY4rEZeEQo&!&>3DepK)mg_E!2UQwAM?ZS-1zwK$ONVq#~{^Q(6ytr z5K1iYaq>^0VMHuD3kG&yt}FmZ>)sNqermlSO>O2P_%oT{t&a^~6NzbEH3=9sFf8aB zjq5uzae5G33rirQ6UkZpn)E0IBDB=GJy4FzfPWkv%X5rqH#!E~4Nt$~`KPYXdsq_L zKR~4J6F%yaaVeopAi5cvgjh)Uy0@~v3UvNrVM>irrDgh!xyfK`2mw0&>^SYIm##XJ zxWlQ)OCjY&9nvA*LctN)l(q=ZRz8cIGZM%~th>l6eFmUM;tE=%v-5G9lsms{~bEf!#RR*$k7V)BCdgK#{t_j}n3H3I2PE*dnR+_Xi(YBT7u=!9Ra9I^>U2%89{7xlWAGWq` zd@`nn?}+S>H10t+CGvj!w!p=SJPFnh3lg;TqVkSOVKj^U{HV*k2|#G*(KH)D^!`f1 zb%^fjURXL*cFM8q-l8MeQF_LTc9zy>t9~J?8?<{@VjHtvL?a#GR~+xjW)W1jLOmZk z^5$gCJio$7k;eMVN#k8y+}0p(LaKdEDm}9f3G5(SMa{TguJzKr8;bc(MBR zo5=x*=7{N3mV`8qRZd#l@WmsQBpvDs!b;6-Y{;!A#+-(bT{vr;snlFSD>F_Hc!X~w zL%fOwZ#9HJeg&#*!RtGLx(p}vWIio~d=@wZa`Z40DH#T`#hvyzGpOK*?36_0-NyP} z1iSNH={fuaA5gb~XxDQ|F*-?|dr>0_;sP$a3HcdcVeIbK;;jVNZ###j_u&^cu%Y$8 z%V>j2$d1fHwT!*~EV}O=h;o!o*MiCW4XqGiUq93jYi0mgm=0yu133vvtH!l(8nUTb zECWw{jBkdTub%{@Rqw6k_xC-#W2c}kLwgQlZa#r@8Vc(k4Hm}TZSQmd!u4VYWn|l} zkgm?E@i&EDB}O0tedj~VUYL~7ue*7pLSc#+0kj(ur-GDN|H0yPL4tfAj1a0_6pFCi z0$M)B48*eaG&jwGkb4*e?Gf(1DX|Glt7TG2RirpooYJZc;D0yxM%V(U|Fyca29?~+ z-EhTVoLS3r#L!AnlL_kG5w3j)XXFy8`;Mzq7|r}!3x@gBj{AHi=#vZTS zlE_22X*8H_bH^d3JOdU+ele#ZcwWp>?V^@&_ErKqT70zQUEOxq_rKkFNU-nu%$mhp ziCla4pcl5A^z24Nq>Nh*650~dmjyY#n&128_A-~=+X_AjJZatTvVGrX_9TNzOPhX( zYn>r7fspR8dmazGT`}nxzn7f;BuHif!4GqRGT?*`+XXB#PUa8U#C#gxxH`)4{(VG zW>qG6RhFN8pOKVNs@j0<=#0qj5@eWHOEPj!inL|3Tzcm2*rp@A{d}4>U_)AYG_Y^_z zg;`7THYZdPC7H$%ybTk)p%tVg*9FzHu;ta&Kk1v#jwN`+<1iOX%Kh=jnt14}0^-&k zM|^H9Ol((4zng`EIU^53)*0aj_AMmlu!4bv4_RtKOY<7X5x#Qu8O0A)**594<@F!s zX=LC~{U8zz+HSE*qqHk}qgQD#do9cH_H`bFFDgof zzl%j>qBaHAHh0Il{+wBY;2Zm1@KWNDLbWo^7CDvZgyAFlP0rcBK-YrhdUe7wYnybd z_2Z&AW{q3D1i!(Ft0TO!g1svP_KXlk^YmBC)bpz4+{oyK+VW-3UW&T;8kqFfjyUVv z<)g_imkQoYzM(MK;w0f8uej}`AcN}1q54d*B*->#Iy%n3Q;F40{!{bA$|I)L6D1rS z_hY~A-Ch8<_$rg0?2&SkPM_HqZtEx+scf{y?#)LWGBX6UPP_H^vBT1hzY=B%1UiCe zyj_Hyr;JDq5S~FPE~_)2V)!HFmF(CjV-#x>V${(zuskXI(PG#wJX$2`*2kL$b4xJ2 zMxKN!M{f>NM&kq@P8yxLhQu*c8<1 zQymo6E)de>s&YPsg)z~-ed*Fiw}`1cpXz9@>bh8J7ruWxe_93KJ8xR%2ja&uIP?tMM!Vu$c;3G;ur`s*>BeXp6wHT{UH4DrQ_aYlCksKAjhi2Z#x;fp6p z$6ko!c`2c#?U(_@smRO`#R1X1C{LTa&(gr{KbqF-yQ(o_y52DU@8reGlx4N40Y7s8 z_LjPo_+RCuq9b_4VNKc(2!dCc;=Xar$~Q$2&dyX&)lwEaTCaRmD8S0sCy288 zjUE^8!r37B-)CC(1pTaG1GC(YuqV1&YDV zj}qIcwUV?Qi`vI9p=jnS#r=}X4N+Dp({kQc0zL>TY1qDq)ejO&WVt+5vXDwxA~_V% zj!bVkt3NmM#9}#QDcU@mkMq{>53qEOV+~(%l`TwyOM9u6sOF%=#i36S$sdIm}e+@m*IRo?bZP89We7J(bAVF^|F~FYkpqMb@FGc_vzfk{_+gNlXrAraAS+n% z+b=UEL64DQb58|#6}S6jMC_s{ht&w;je6bVzN(Fs3@ou%%5x-ey9Q_rSqbqvPb1~f z-?jygj@L!B?*G*+`WX8|Z*nke@b6m!b|^3jvK7^uo~J5#(!2MQHd-Gis(zGQ%>DH)Dx+d(ZDfdI1nZwV zmV1xC^L}hSe2eo!UCK9q)kc_m>UQltVdUFUG&|c!V^xIo5Bxu1J!!=^^q0`Ck^h`% zOL{g(kMH{PtJugtA%=>ftQE=B^rMsgUvYc-*(~qk3$|YZdD<^%xaPae2k;karwPMG zE+H25<8XU+{v~ZkPUHCsWI+eNO#HnyEB=-rQ62Nzd zcU9JG-OuEsMU-bjc1ic|LG8&yH`5FGpo~w@s3s!iWvU7>t^<6an4b#$dG5=lm930` zypEO0k4l(hW&yr&Af3v6NVpdF7y7$P9LZQkadLj6W$qzmyoOkhB+P2g4hwUrbPBIO zCj*5B4?GIm`!vdL5nOl7bs6aW!=G;aB3xW`+{HleTBj$xmBU4bGyG^~s6l=`I^aS+ zp+aR6F@xV*!u&{`Lyyrvj3YlLC;YZ zTJEo*ek6o+DJgkaWbVn}QTzH=QclJ~kMo1)X%OpH5$|I*_r=$G>SMibj>t1*@fMm9 zH-EEBSwYd1guM)^bOx2unP{|?7YZi{>vB=uE`p#O-r_fPBHGcdIL>_ZfK zBl38G`+M3)l(IShz2DDRR61Qot=z(pP7NELhQEL=2zqyG8+~-gCe7EhA&|h*xBQGK zYMk`D3|Y;Yh3s*rXafA5e};2H)^^fTzmZv$BA)Z$-HK=&ogmWX@WOulJ&%1BVZOW{ zWhqu%8ppilusXdkLEDZliCSnXE}`{wqb?t>w9^xbtna zYylp(#ud*z1_Jm$9tDfmmlywZ^V3je3bP1)W?Mo3M8uEU3fp(Ri4i!R*e59YlHMigkgsAprN;Z9b z!O~dzMb*5@N`j=I(lrPqfNxMY6X%7vF4KkSKi3U95w&G=GJ%Ah?&!k`X7ci@IA(+7 z$IQ|!G>YM&T6Sxw(Ym1vJ428?B9Q@J>^P2x{(Z|y_X_S-i$&!3eOVyvcN)EHO{l0)BJ5^<8TGa403Yx-AD<4E0nR};oQ=~~Q!j*=1x=wfz? zA&?Z;$Z6tqqKXyxpBLcWVM$Bd+dU5vqOd)mQO?*)*U$8}`Yc3r68ya>duDI!X71kg zFq{vP05qcXTRyZ_Q(tN1CucFbe* zO&|dtB=hw`9TFc%&$}DGMZ@dj^UjXoH>SInEoPc)5=J+@ml&yL2s@L4?ZVFU6eBH$Z zAAKi;_+%dK5YWmseJ%P1zl8Y(;GfLN6U{E(!O-IiGfACeUqDT@lVG)Y%Ax1-UnJDR zD*;zlh*1T`Ptv#mdDTq9=)Jjgf8$=+C{x^nGWW&$2d2*#c_2_^1jOYJ5tg2bK1()q z3D1!z1ZojcE@vjgBYKi4e@k?x2!K6XAH!$1?1ATyf%q zWn`9TI%I$B_@eL{@zo@C1gN!eGI8{^O2y{>!+w$bR-B^CR9x&T)O_ z%O~CN)`$wMwh<)75m2mQ*z|-sl1BoD?>IQwPG1;8&)?KeKfu|02_K^HXY0S*SAGw3X})z8(X6F!t+?(~DT#c# zAdJ8P>5tY*PqaZ}CUQu4!bu)6TJVfKJc)AzvPF!du!xNd!JMWFeo~Aj!NGA3fd%t0 znHAsc?FQlzgKqj?!oQkjZ5|kIf7E>^7(;nn>73||IQ3?#g}BQn(BYM_pI?mufums_ z0?(`AABiCSc3Kxjh9;iEg)*6t_8ut{639tF@tE{(&Z0~WI`aI-=3#2~N83mxfeSfQ zki4KDH+40ldjACIwgu1b2k8g}KoNXhc#C+Why)l}!RXP}v^4ZShR^UhvkA2KljA5= zRDzC(`{slwG}?Z{G9uB3n)O>{DU1FPml)m+?78L7S9eAZ50!5<-7|tk(bd}R&$&E>!rK^(2s^@O+>FkQlI7`AJe;~_9an^xRVZ}MKg_WL1xL&y>B1xB80f9@6Z$lE{_nMQ*7DWto{2qcm6aW2&epe@|QYBXjXOQJf7W(8M3 zY+g{A!Se_ic{@v{bTk*+Im;dSxsoioG?+CyB#KN)ATu763I&aT)$cL8reWR|OkaW( zrsg7`|0b7LHydt&5te()u{j((6Y@%}Y#!oA&06rDxf+oSGpUnKeS-76!7?;18x{k} zUm9{iDSw}-2u>2>HSzRQ=k+Q{i1j4aqM@!fj9X6m0BouAKf>DO+L4){Qc;7@nOCRW zuCyj&jUfj{BXFaXaF}P3C5O@UBvp|`&<;pXF9h>fc}>inBq}GxmB+Ai@GkHnor=RM z_JMsJ{W9exuSvO-o)($uyB|>}U3+BIr_CZEmS05YqVN^G4nB8WDVl+#>)DIYxVIen zZG&>zSO(JCN)v79{vEfP4A;#H^A_zK2e=Ze3e-DT|2vcTi=odlQ<68wI~a83w&5(G zXh*m}{k=m)1k&DA09CKYz1h!FfR`{1nhIo^3Fbq(@^+IDHxQ+9dX0h5-j1XRq7F8V zEdJyar#y02kg^7q3l%*AwJH4gVBz+fJ5q!T(Be)tDToQq|5MmkheiE-;nFN1urx?6 zAtj)qbS{kwf|L@{NQv|!A>aawpdcY2un1q2?(Qx{KjGM7H479tri}*jhTez1|u78JF6v*Ob$CGxfxl#Sh-TQzT0B338u9S+1cYEYECwSm^-40pk6i?NP&>xpPEec8^+BswIvfAAnGv- zRB~^!GNm#I{4h8r8U#MtCWE!L!{DyPb z5xnq!Rb5bJpB#6LCux{L2Fe!#I@H@7$`52mO%XHv>k@JO7XI3-bhbli={4BLgcf zbnCEtPbbHipj&8Ryt7X217D8uS;Wl58*OEMO;9Dg z%e8zk*dW5)yu(h zc-C+h=3BlcXjVd_0WiWU(-C3C~-31ZA@fGoGj3p4x$5?mw z%eSDjdloBbhWybXL1i0^X(Nldxnu*a>`2*3 zO-c&Q6$XyEwPlW`;5~`He;Vys{AJquh@LatYaxYtng5s`C7PCnP){^O zb!PJI9LHXp-K|YZHs3gAeg81`9T&m?`p)%2H+Mi#OkVv}jUTb_vH>zcVIz@sSGtN^{y;UQMR~f5x-4Avrqya(L}cvBYz?cZD^LLU`^H zx-Hl6kl-x|)q=IW2QEDa(o(dB?jm2-jlitaALpP@v)-_L(HKT`= zjDLr$j=r^J$(eKw-Opz($Ox-mIIzce4e9=7&0xl{5k)zAe^~Cojdk7`B_VPa`I2=a z{I%BU84M}>WVeMZMvFD6Q-;;doTfiPZxKzN^{G6~o~4CGn`w_$CUNq1z;SO-Z7u!I z2M3u3|Fl6FJ68>Hwe@c=Dnv!_Kp89bCg)L|8t~hFF#(1qHux@eZOdl|#`@dI!oS)J zCCi#TC+i-|Dl41P18}1GQu3nH1pDhJSq+E6jko`f;Xx>mp$N@|N37hc=>Nek`mjTZljcKfHq;F43SKH$*?dViHAQ{F*b=Vs#%a` zrY!2~xw&aAo8FGUK5@vuN8Eb2vB&E1Iu9ZgXDI zO4Yr=lJGvhR2c%ny#k)R#`oSQW%;8j31j38DG4j7wI<*M zKA}AKJ?HV}3`3_;(Tu-C8Pl-Pe}CQwHD6Kad(LTBWS(JN#b8!3`qj_SF7=TTIJ#S_ znScNNv4nThIsP1OszVQ{-`zSDv)C2)TD@c!(5F}Zu8ti%b{zcBxid6?{PZTMQ9pYs zq}}uDkfKcb{pyVYU=%(WK`nVhTciBTDC$!6uS2v!hrACf8D=lLDTdSE-V4z^B>UG2 zAE0y5?V!v&2EanGKk>q2ILV_w(cy)t0<_)$>Z7VZ;(=;Znt8(sUtHc@Rb_+!7_Sfl zEv*2OI^zb$Hc?B_d_8pfro052EFgtJ&Hnj%;^FX6j@Pj)r4cwNR0tZ9zZ@#SCMIxU zkHjIx-$wu|#R1gttKtow@@J{?Xu1V!FpvcO0_fSy{jTgA^reEM&cJz-f4XVu>#=Sf zA<~F=m^;|;Zxb8@r0;Qvxd3+{Hho5K^1{~PQAXxmTRLfof-4jN>L|86r`H{~8(pHB zj$)jrYAZH>=9CGQ55PU0gC}V4{%zzIB_6;F)sZuc^>#+FyI|2KoyY@^0gbrlx+FoQ zieMygqB~tL>M{E_1`9Mh67@gv z0Jp>yfE&%ch70vFGCvLcNEPk65M7W=-tXzEY{ny-(ETprlI*?lJmTK7j8FG2wkt*C z5wo`apKSg(O?-Xo>A!Q~d$6~^R=My=$hpTRAvKF);{xQXMm{Uz8~YB5&2K;WJsD23 znYA`p@LQGnhxd4Ulw9fTa&O5!@u}i<@AC7$u@bSB(I+E*N%WO1@)s6@`HiX-C+W$% zN&ucLUoSAf4p2VdXD*Itm@n5>4raCG%jiBD_lZqAi5gd1v_WTvLHvgC2Ksk`>2>RG z{>>`U;szy&+D!o5jJ2q3FXVN9s`O~*J7zm9#;pPz)y~GPV;?#=B`Is%<3MJodCmoh z{r)cET=93LO7-EVu`rhgCI_j@3u5QCf~p+Vg3CIa<`P+_UEZ`YI&Jx6{kxeCsMBZH z4_y9CEgDH@KD+c0PQt7Uj=Y}r&maGFf6`MV5_os<{^x&I)!0kI3R#~UQof$C^}B2! zmpycnUL9(zoXX7`_aXMK$f4n#`269Y;8aTT>(9MSy~6K3@z61L*%R6*U{DRMt$X$| zeG_QP9dvCsO|mkWK4-3Qc66TDHsS(8cxMpxxaS6bckE03FaC;)*_=d)SuHmP~FQFoa~_H8HZ|~ zT~v*iZ4SwLSFO$ZJKD|qR27u8%$fzWf7Pmph?3|HxNxmC6}8N~=U{Sv>uqx1y34FK z+9_+=FG8re8PDhG^UibanO6})RqMH4!)09g8s(a=`hVkZ1UVL#e);&UrI1OEGmp<_ zE!^T@pS5bz=TH{vwBGplqt~!#oAX}-<}nfZi|0-Ksg6Gqo^;wiNVW}gs!wP29{)Wu zABg{E+CAWW_=W7HiSO^VET=gXL;l)A#3aA8ce!aTE4A`l&HrF^(U_^(&|5(a?QXsg}6vD;o=3HTcsVQdwDtESx0b@IuWXMd`;<-9r`_amdf zM0GaUM9sWxXxJT!g|*ukZOP_uqJ77M$%GlVd>4u*v?h1%gQ%-VLbI`?zc8JB(eNZQ2yYx`RA*&46d z#TSOnUtMAPAwfS*j_v-`eAjAeTg*UW%5ii@w27U~%Chfih>53_FHCKC&AtpC zt~ssDxEGzDer0w(lJyRoP4yZacqHGtd;uoLLVT81=BDYZGzV$+DIsK<-{p@{v5n>A zg1?oM6YtLZi{(aV8DI7e9m<52We6wmb9xWPfss>rh%p(skCSJ!^*#fb>oixa#jrN zJ_tw&eCnF)O8z4TGkSOm#zWyEO5)VS*LQ=F`MCKUtfl_(^*>d2oT@9mMJBg1A3Oc7 z7%5He2X%C%DM2^qG&4oL2dPK#LgSX>xlmzv6%mVj`KH&Z#lezuRVb#w+l<9g96j!W zepD#>E~W9QYVSF%K1`=L8D2SoRUULE>-nU2D< zBkt^sq zFX8gRpa?N_PWkg?<6IfGoZO@3i2lu~H??EHQMBb=0xr3||KZg1#AaR5=Fo2r>4rTs zSp9mO;%LaL8~(c*n7h|r1;oj^kFp-Di}oXL<#Z&N+(Bq+Z4C6)rv99L>Rh7_iCy>H zG@tY;(n_~yP_Uc!sdBDWs++S<5_SCOJmbn+w*$1eH@kIO$Xfato>r$9G9`gIxUqfC-v`;J@;0yD^It%7tswMq4a`_F29(hDI(r;$-?iczw#9>_O)NuQxO zzBYee>60cb8Qf_WK3FE>dUNo672(REeIrJ#d?-5M`AC-*9xs0hTqz@O#r9MwX-RN!^KxC;Vf_sFPP zx4#Dbjeqz0m?wGvr`o{;#tuG4t1&CRab5&f_3Y(Ic=D%m(qLMPk6vR>qcnWxEx>jlB+?ru!G=OtFCIFu@ob5v#n^2+yJXL~>Q82p%=>XsyU-~b zcs!KGv3#PLjRo-#6X!J2s08uUTz*!~pQPN=IqA%f#I?|MQk1bfaKaur?wMug6abab zf=SylALSo(UF^)e#$w|yeCx`)bi|gv7&=d_>Ugy=WqqOJd7~{oYydKi$1*&iE#Af1 z5|J5S5ro15a-vB7^5$3s`OZ6M8r=j8Fqc(xilh4tkYZbFFPJH`GcXgv-Bsx`B=jojaq z-j=15>>{9Ur4m5UqH8xtd|ERswZkJ~j0T|ee+NE0I-T~Nj+N%+--+V$v1)hs`bqVA z+oR%7df1c0J(0V}_%J7*qmL`yb8C_XgJ|GD3++|HS1Q{V>^A_nKV1~DA5p0sL9d_P zSy?sf{rXQ?S0OHbJDJxt*+Uj)nO9C2sE*t#-;~tat{3|A#t6-r4DSE$L$C`o!7Qs)n2 zSxAWiTYd>w)mZO)=9eMPqd9{zUIEfOd2{pThDC!fYR5l`G(?`uoD=&V)jBG%8d9=b z2v(Q~F8#`{=($mO*(2*b(k~z4+r0CvD~-`>w-$p@0xo-$#Gm)4EIkjZ$jQH`^QA$r z5H$~-XxzHG5C`ytWS?_2uTDI;*a9L^B0^;T&^r+NZ>p27IG)~m1DstG7l`Y@phw(b7e7(RdQcv$40*Qb1Zlv#kwOevwbUHY;+LMsNg{a5r1iPUuUK z$$hPhjX|G!CJ~vlN05?}KmGDb>JvyqGYbFDePddc3XQwSMfg@E!-?lYyrFTj*JfK3 zl;7LT?Stp$;OK$uPG+>X+m<4+foVVgK^A4hFfd%XWathoDuC@lZKI);gy8Z=O?sZe z*B9eA{7+LKp04qpdLE>_WfJw|7AN?0*TMR}xTCFLg;D1xk;>;U#CZy1_;To-YBjD- zDRyAf7{YNtU5bbXT)Q_{@_ej%N2cNf@?wut-sm3{dJ%-}B5Z zC|`Ix;s%%^2OHxyx31qQiH6*LF*PQ4fl*49@hL5+J#+JV)OAp)zTlr+AR8Xz1X(-0 z3MLjf!D28u8?J@&G2+GF&}>ADO&2y^DoWR?Q5xIC>yw7Y3JACmG#)LG)wy;<{|wu_ zHhvMlEa|P9!EKlAk$$zC@&Uup5_;VeARvuW-~r;#jTfD4*H24Rf8`m@2kE|}3u>mr zCmIU^k&=Fbu~^mx*nA0Mg{iT}E?RQ1;bbTlg@yq3S2nlKufr4O&GNziVikr0vkL`_ z5BknuP*`z9>jcW`USYYD?v&nGz8;brrrZSB)WCJ%uT|cdk&^|raz5hESQ;NSt5OyE zSmj)KKHCCR$TTbTN%5@IqAKOT`rENqjooxi;MOdKXZ~A2S5X0Hx@=6IE9{X3fq+V! z$>ms+^PdA&r}Mv~A}kWQIh<73doUZs)(QXow2#U^2VIkX5WcFY(_(418LdT~Aqw-* zY+4<+&gk@!GH(~4p8jOMS?3{LcyknpunnL2gqV(AzA@@0f z)}P5yVfjY25usrazP!4g?G7xZhl4jv&0{PpJtB8Jzr82Elcd5F!&};&NPpQ5+{;$ms#!hs%^OQAmq8{0g^Xlk6U4%Ja1qQ>wZps;% zweD(%@mPK!j~K_DEG=-*{+D5iO^A#D#{x2Oe>J`mtrG!D4M_mKm;^6C|IRx54WQS~ z45l6*gsSI)B`K+S-==wvJn;g;A5Q_vz^yTgY^68JN{!W1ueu3v3A}(X^&}8Owg42d zA9?87M#MsUxEHAZOaR&2z1CdejX1s>vbf>UtJQe$Z^!3PzS6G~U^~7A>gAJPwNf3x z!M+^u6#B5L>C%8Q)z)$51jf|w=obK_Y?Q9pI6l)W8B5Vh6eaF`lDv=)fO#^5C2Cf6i8g~XPw=yhY4oDfW)d9I7;6y$a2b`ab0~U*gs9oPR%Qv$^rQMwAjj3J}{Mb#A zK%0E@@AmBMr@Qvl>+PXH-9x%OEjKey-e(igNSi^MPd11K&Lrj{Lc5AR)7E#QULf*={-Qwx=Xn6$kHle2IzNkj-iVf_)k~AG=kDl zZTFho)jnbmKg+MK;QiUuq5=uV}Rh&ELMm`z=g00dyD2KU>}uR zy_f9d_=^;30RMsIXiWkD07F1%meuM&y4PmK=meHg1aFo*!zk4)e{u{?^Z{$<&CB^2 zAga)!CAG#4Xe*OW9dw2%+HpW7XpBMz(>$4NUoi%XIM_7J2oS`ltFWZs0`4-*7Pdt9hWFbBfOub}G}_Daj8QMv(!z?+376w+h8S)2fP8K`-_NQv7R zqJdYmCceq9i7{aTv>UHh65cTYTz6>jJ;ZW22sq!X;TJUvMn{00Q}7w!taJ2gCN0S4IPne{`VMSRr-K?V0H*FSeOf)sP<`z=VlYDhHPrphNpXZ0 zScG}yteS?eZ)#@mfx2|>cR6L^1*a(4<>{x_x5?A((Nq1Gvh1O0vS%1@0j4J3&uhTrrZE5h?V0xsVO#boV|XPouefVlA_~j*95QD%X_JYPL zaAGf@SB2JoR?d(bfI^5ODk5YH!j`0$QZc@6T9|6E|4Se&fmUf8My@?iv5&}F?(uHj z_FR1Kg;5+wxs>--N`gN?@Z_EYi6(tB%3@f%GuZVg(abW6h)0$>@BoTLkM$w`DJ(;l zSesO0u3#so{}gtrez8p&9^*IgtKw=k{8IU>r9#4;lxU;w#J?f-_(cZ6ZDPe|0E4g@ z&Wna9I~-x=iCiy%zMM0lqLFilbL+!-Z-7jeU5cw}i|s79=z+b}nBxfg7t51C+=XnL z+epp^Cxju5y5&7*JV#Ao6se6^Kd7juH~`^Ef6YC*Y+Rg_67*1PoO{Li2|w=|V@t^Z zoGfJe6Xco2-^79I>P)W>*N49Y3Tbo#CCT?)oB9^A6K4P1ndL&9o zMHVTF#$D#yCRZk|;hhSz3$lI*FC1G)00k-{YbGisH`!52a3{l3WagxQMD5O3mY2=A zUVy_uwEY8I(?Ns&kT~FLWRQE}qlP#JhRSRG09jU&te_fKi$_n9(B znWRQ&X(F2Wjo})g4^wUv%E)_`JWf#7IPfVFyxLWN2Pzbxs12?io722`U@=VT*8Po( z-K>?GW7O~Y6XzwXsxixmkSIx#nEc(nphc^0wKQc-gWtykWdc2Kx$;KxwMqrLNZB;9 zu{HFjm5m@1&2*I>Al`@P14FZ%jw#v!>Y|v;H82gPtD;EWaLUnA6@Hk}esa9N+^*9z zQj)+&3NZkTZ%uu@#X$~^gS$Yuy9dPd2!s1cg+g96%N;0~GcdxdTi&sHFctwVHJ)f# z-^0%jF`53INVqJD#c~7OnZmqrMIwY7LYW}fWF&?<#&pHcS5_Khq5jHor2-r1YX+7~ zE|x#7v`LUu)N1Nvf<-&^Z(Z@(W8NM!d5QJ|<}~AktvGilQ3>vvH3Q6xNYh3{uyKnJ zhDNuW-Xb#Y{3ws&TIN~okl|KzJE-u$~QJ2*QwSuC^Yy(>B% zBOLG8f)G*EaB#;Uyd|XC$Kdr25evAR0@tehwiVIw4Fk4dMF`R1jwrQX$-9!dR{_NK zhjb=L`pVtcC)#Hca3t$1D0}|Fua9Brir=WTw)_>rI(UZ@Li<$!Rqjy@qexUUSCL@6 z?5YbUFAw2Uf>>}h@$L)6H|&$#>DW%n>NTyu8Lf}xdd-n^cC9pY;O&Zlg;^v%-YNU# zks601)DXq%de}=@FF%Jmvb;uR8N&CQLsPYJH+R!Vk8;vGA$7BKP`koLcj?;jS3Zp} z(QO!-q5VdO3W+;w6#lkwzmUd=VmCE#19Ak@WZR8LaxyGQ@I*)~r*dRXC`vJ!3yDDM z`h0XRXp%bc(K4)+%W9>fl=vdHt9nP49boJczS$I4LC_9WHl5BcAgG5uB8F2M*}sY2 z`(QJiG=-xM6C8GWMxwKPos=XN$+cqvbXQUy%Yh~MU3$^|T%<8QRTfeFd)K##p0+vG>Baz{st6`z};y-@Ok1ylEf z7`YUTm_i_RS;*P>FXsAm_54s@WmYtGp<2o#-c2s$v0t&l>WVm=(MO*}DG&-Kw~Bx8 ziamk`jzL^QSCudg9Hir%ajgO(OJ{jSjiedWa1{gt8-+S63>L}mY(?g5RRlm}ILflI ze7J3T)v#V@5QGxRjMuX#52b*J8D#M@z`^l~{0a@PC%@*HUXV8=n11{EHU%kOuxYu2pro{9A$MX~GD8IZO@&8@epo(L zi@+L){(o*<9nkcM@G3YpArV1CB@5a?9%Tak4rxUPW%}HLi_uS>5i0vBph*5f8UC2Y z|A1t1Re~^(e1zbV3J#`-K#PpNGUvi0s13TPG$DMNDb^3=Q$1pr-q|6CpNOP*2L=Xa z(wHrU&%P%y<5iA~pmvku*xkpq49OzFle6tjgjy0P+J&H8!dZM1Mg))Q3VbAXNKwsaks!389xn~QAYvmq zNhTF1pxq<12pk9}vugHh9#m4?|4G5dpsXR_TSJr{R)Erk2+jx-(AANYxIKJ9&Pg_9 zb(=2igU>WN0xuLLfDT)dSmMkmYjFFf5+`#o1(9CvEpwjOXIDyyS;!PtAz5HbM@7Gn zZ9kTrH;{3!slQ+P?qTKZp0H9o^~76m6&`PJnsMvWG`!Mi(PRpG3h1d8yL71duxiQi zWfx@0#ksJ%pt3SE})G_Rs=ya zdy7&NiEk^tj6UiCimryvv9QKgA}Wu=6 zo3?wLBQvrla2jIST80@yxCPwQH0jPPO*p`OJL zG*NUGCdkzwrum5c(5?(Rs*tSk;#9v@>t79zKCyYG6v!>t=myM!TfV2u**7Nb2bW7c z(}~EPI;CAE`0hVdY0B}WUgUE%JNFQGR%l`*|@=|Oy5nc{;`+WT>H zsT@O*1AH>%`y@XD83F@1CNPmuF%<~Oyc2-EpUOz`K*Zry9CcV70w@Q!E0-#i6>3g! z?eBsj?B;tvves3j8a0o(0tFlnS}J@rL-6Wn;nrS=d#f2d)A9phAxa)ez=pG7J%#ab zWtDcjjUIyoq#OT`O14qGmA*;Vc4Nq9B)>oWWic7mp}Cd7)YuLm`aU88Ab)7x06Y_U z5wjB0W7aNm%nh+ZMv&3=x9rFy1NP46+l5m~MleY(2#<^*>b{t-xhNjI4Z+4piB5pW zb)2TUSY4Fpz;bhkr5aC89RIx1bUC#d$sf>a3t^z(Jm_7Fs+dt@wcs_81aJTYwa=vj zprn?+qvrzRt?VYq&|AJ1<7Umfg5PK>^KHH`yQ%U~W_}pp{sbGR>Zir%W?Iu&TX*2I?bo zP0kB~>(sUvzupUq7soOvO1GPg;vy)u6V;ZoV6{-cYa0jD5!8n-k0jj5&w0zqQyBL= zs^{OeyjZ5_@MgU~!E(qTqAKN^gFheU{oZR$p3p*()phKtj3J4Rl0qHpPz!te_29P` zh;(g;v$73Lvj*w1>ApcCwsHJn5A{KA`f`Oe?>nXdK4%sywGjI=wr2yO`=s82S6bxe ze(^xFbnqF2d<1ezwExHA(@V*1nwg5TG;ak@(rr7LI0V=I67{&ah3xJdSDWF*m3glL zNHr%v9-YcK`J{+=*=;c^3;=q8_KqD!&~NyObTJK`*Df-1dQ0A!{LPnhV4R`3lko!WSHE5{OXv>9c6qFH;nSA+B>X7LZO`C}*LTQ;4rcG&A*FJm6a z8p-9~f=?iZF!looc=X~Uij1X2k;d|ehpYRCPuRQI9ZMKp0i*LmHCPBi@_PUA&&54G z8E$%5Kb#^sA+@&tD3o+#se==`S5ljSB){K{zj!TO_a;aHNC=c(C5@xy@hWa;?uvie z+U5hX$EdNJEC*9hnE_NN+6N*$NeHSC!?JG26{xBp))0v|LG9iz)vT%9RI;y|m5)uv zKimB6evjY-3*Rgxec)rl8@{BwHgBgdF#n8fS6lt^YPyj@@bi9litl2#3fHsnnowwa zn*xekI)loryOR-7+Pwy2iLr|)mV@K%$h@TVf#38hmZqOkZ)Ms!p$^qV2plVMcf<;Y z8n&&7vl+J@LtMG5zIRBNsms`HXofkfI`+%I@TGT5F6 zPlGN&=uWgzH{ihoKLCrGx)II zr)5x*K*-Vc>Y1W%%^3GgS~%FgemXF~kp zzq^MmCr#lPNDg;Y1UW~yuhQyb{M-~*E1Kgt+Nbi@jjkNysuvdSB=AEh0andtEa@Ev zF7skYMVOw96lw#u3K0qU9zs&|9c4mm^bfA$keCR*^oM8$v3JdX6pbOga4stLr8_@~ zy8^|05|%hMq3UCi2rd>XnCkPJ8Sh>%{VA3{cY90r?3cR4cJdT(<}eK01|4tmKm9d$BIG;(jcuwUr!mW=ay;IpytPc zft@4Z96KoJF7~1)>(&g80ptT}w{9&r6zvv_1=^4DoA{uzB_SdLIsfom}gED zfmh$63^QdN{K4D~a-)tBHjCf?P)sK{j1~r$BayT!*M5;2=A?MACUVK^L8cSJH*Z&i zqL#lIlOiuxpfE7c(^B__mzV`JHm7fi52+mbT75`_8zzD8c(V2Pr}*p)%Qcdw$hKb6 zonDPNT0E6u*j0*N?kXqNkrq<=nFHj+&d9keabP$lq1CZ8En0R?q7NX{$(+TXC|eH7 zG&p7u*X!rPJ#<=asiy7+e2jHAI3FJiPT?!UzukQB6P2iU%z!j2ITy9dKm>HPhtsqz zQ;sW>NJCHT_g-+-yh3nd?kspJuW~4_axue;t=M@0i`NsWdvb$yKh5+H=2NsuR2M{> z*9;A$qc|X3nojZ={cS&*NfcL^<*I*-h4_caM1Z_5M-ip|6}FF0>T2{VX~;XDZ(&FO zjw|ml+OAK-(i1I1rDe;zPx7m878}Iii4X~%BXq~CgC6lP@GRlzL`6_<@n{FnF3NI< zAcOf}%GVTw1388wSSZ~djA;zWiXmmGNL5>ygY0->`C#JsxFLxx5kcaRU)t)|ktt{7 z4EK>q03u!e?S5=t0-+coLV!XxY3=C=lVeB7UM?_ZU#WI!Cpt@&2`bjVE+1j)zDT9Dg$`%6C2P%U9f z>rc@_ltOP+NML$rDbATY84ATzw^5|6@4ES0q!k(o<#~NrKftMF(UdX0_B8!?%2PDG zB&M8cAttvbRG}qgtY-9;7?sT89ei}8M+S1b3M0(%V3lkV$2Z--@>!Qsu(_qTc+8Id z;Oou`gjDw*xIz#Kp{v65R!MUJLH}pPH*hmjIQh;z$X;K&%-V*~D>F%oauyQ!?kpQtB^mA;A*ybZd2JP|G+*Z zdnkAMV~$qtggWnkfPAvP8KDe05~esLsZQ&v04pcm#<9@JftPgu0XhWj5Y7&=1>Bgv zgQ>-?C`yYbW|&Ha6WAXVD*z+k&zLaF%LE^Yi=RqM7pPqW#X|=u_2MJiGn`2X=U!0t0l6$j;-Ieu;Q-b zVg&alwGt5wt)T^+7EV6VhsS*4%s#!suYL)-swdd@DnHS&0yF181nZef;Z+(N#i~^% z(xM?=@tokaw3AXMA~&7syiD5}ZsUB2uTyvRu1AgE$?DGb#Jb|98BX#bH|+ z9uK&)gVXftSA5v?ze>oncK}Emtvq+q6*@k$>3z-4JR1`90P+A_t!c(A`|Z_6g|ETq z|6>)BgCGWS?e#gioT%8%;27|73%nknm)4mkkT;#qyX4?O* zyr1{AvtU7aOhLm|t(fn@hRKWJdvr(zpbEFyb~sz50VDxG2^N?WdrtklF7A|QNXetQ z8+@PP3ZuM^1r^wi5=`q*^};K`lf z%ebAn9uKfK)(OEB|FujU*1#?lg>x(>Iv}d)l?eE-hQ*kjSaFm62Z0_6em4YFm=?ZT zQ8w7On8{op{3RBu-GK!*A6apbU42RdMU$UrS3V39^cMToLYNUNEm*w0z>V?m;l>^R zJD6xzFt!cGHPWl@Z)3l_Vklk}A+PG4QbAANU46>MPI*Q8;Jg1k2KJ?m`>x)jg?$V` z>|=N?4ZB>mBa0PcWh1Yw6#$R%1d9py*mmQee;7x?U-M_Q`Kxm^js3t_IV&^@(_nO;m#~&QhQ$Q^$2gC%v-9@z*44;| zgh4A65k(IFc@Ao9#fyMQ@y3;1?*ITz#@bbE1I42QbzhAR$`UC)V7Vl$F_!W9_Wolz zY}ht_``5o^GfU1}X?*-&Zv#5%RWnEhXV`$xQgVfU#X9g(SbJUPycNZlV_{kgMvr~C iD`WgSz-V#2OJd4~i?gpLjs7^`pN5K-av|J2_ 1000uatom --from --gas auto --gas-adjustment 1.5 --gas-prices 0.025uatom +``` + +#### Other Transaction Creation Methods + +The command-line is an easy way to interact with an application, but `Tx` can also be created using a [gRPC or REST interface](../advanced/09-grpc_rest.md) or some other entry point defined by the application developer. From the user's perspective, the interaction depends on the web interface or wallet they are using (e.g. creating `Tx` using [Lunie.io](https://lunie.io/#/) and signing it with a Ledger Nano S). + +## Addition to Mempool + +Each full-node (running CometBFT) that receives a `Tx` sends an [ABCI message](https://docs.cometbft.com/v0.37/spec/p2p/messages/), +`CheckTx`, to the application layer to check for validity, and receives an `abci.ResponseCheckTx`. If the `Tx` passes the checks, it is held in the node's +[**Mempool**](https://docs.cometbft.com/v0.37/spec/p2p/messages/mempool/), an in-memory pool of transactions unique to each node, pending inclusion in a block - honest nodes discard a `Tx` if it is found to be invalid. Prior to consensus, nodes continuously check incoming transactions and gossip them to their peers. + +### Types of Checks + +The full-nodes perform stateless, then stateful checks on `Tx` during `CheckTx`, with the goal to +identify and reject an invalid transaction as early on as possible to avoid wasted computation. + +**_Stateless_** checks do not require nodes to access state - light clients or offline nodes can do +them - and are thus less computationally expensive. Stateless checks include making sure addresses +are not empty, enforcing nonnegative numbers, and other logic specified in the definitions. + +**_Stateful_** checks validate transactions and messages based on a committed state. Examples +include checking that the relevant values exist and can be transacted with, the address +has sufficient funds, and the sender is authorized or has the correct ownership to transact. +At any given moment, full-nodes typically have [multiple versions](../advanced/00-baseapp.md#state-updates) +of the application's internal state for different purposes. For example, nodes execute state +changes while in the process of verifying transactions, but still need a copy of the last committed +state in order to answer queries - they should not respond using state with uncommitted changes. + +In order to verify a `Tx`, full-nodes call `CheckTx`, which includes both _stateless_ and _stateful_ +checks. Further validation happens later in the [`DeliverTx`](#delivertx) stage. `CheckTx` goes +through several steps, beginning with decoding `Tx`. + +### Decoding + +When `Tx` is received by the application from the underlying consensus engine (e.g. CometBFT ), it is still in its [encoded](../advanced/06-encoding.md) `[]byte` form and needs to be unmarshaled in order to be processed. Then, the [`runTx`](../advanced/00-baseapp.md#runtx-antehandler-runmsgs-posthandler) function is called to run in `runTxModeCheck` mode, meaning the function runs all checks but exits before executing messages and writing state changes. + +### ValidateBasic (deprecated) + +Messages ([`sdk.Msg`](../advanced/01-transactions.md#messages)) are extracted from transactions (`Tx`). The `ValidateBasic` method of the `sdk.Msg` interface implemented by the module developer is run for each transaction. +To discard obviously invalid messages, the `BaseApp` type calls the `ValidateBasic` method very early in the processing of the message in the [`CheckTx`](../advanced/00-baseapp.md#checktx) and [`DeliverTx`](../advanced/00-baseapp.md#delivertx) transactions. +`ValidateBasic` can include only **stateless** checks (the checks that do not require access to the state). + +:::warning +The `ValidateBasic` method on messages has been deprecated in favor of validating messages directly in their respective [`Msg` services](../../build/building-modules/03-msg-services.md#Validation). + +Read [RFC 001](https://docs.cosmos.network/main/rfc/rfc-001-tx-validation) for more details. +::: + +:::note +`BaseApp` still calls `ValidateBasic` on messages that implements that method for backwards compatibility. +::: + +#### Guideline + +`ValidateBasic` should not be used anymore. Message validation should be performed in the `Msg` service when [handling a message](../../build/building-modules/03-msg-services#Validation) in a module Msg Server. + +### AnteHandler + +`AnteHandler`s even though optional, are in practice very often used to perform signature verification, gas calculation, fee deduction, and other core operations related to blockchain transactions. + +A copy of the cached context is provided to the `AnteHandler`, which performs limited checks specified for the transaction type. Using a copy allows the `AnteHandler` to do stateful checks for `Tx` without modifying the last committed state, and revert back to the original if the execution fails. + +For example, the [`auth`](https://github.com/cosmos/cosmos-sdk/tree/main/x/auth/spec) module `AnteHandler` checks and increments sequence numbers, checks signatures and account numbers, and deducts fees from the first signer of the transaction - all state changes are made using the `checkState`. + +### Gas + +The [`Context`](../advanced/02-context.md), which keeps a `GasMeter` that tracks how much gas is used during the execution of `Tx`, is initialized. The user-provided amount of gas for `Tx` is known as `GasWanted`. If `GasConsumed`, the amount of gas consumed during execution, ever exceeds `GasWanted`, the execution stops and the changes made to the cached copy of the state are not committed. Otherwise, `CheckTx` sets `GasUsed` equal to `GasConsumed` and returns it in the result. After calculating the gas and fee values, validator-nodes check that the user-specified `gas-prices` is greater than their locally defined `min-gas-prices`. + +### Discard or Addition to Mempool + +If at any point during `CheckTx` the `Tx` fails, it is discarded and the transaction lifecycle ends +there. Otherwise, if it passes `CheckTx` successfully, the default protocol is to relay it to peer +nodes and add it to the Mempool so that the `Tx` becomes a candidate to be included in the next block. + +The **mempool** serves the purpose of keeping track of transactions seen by all full-nodes. +Full-nodes keep a **mempool cache** of the last `mempool.cache_size` transactions they have seen, as a first line of +defense to prevent replay attacks. Ideally, `mempool.cache_size` is large enough to encompass all +of the transactions in the full mempool. If the mempool cache is too small to keep track of all +the transactions, `CheckTx` is responsible for identifying and rejecting replayed transactions. + +Currently existing preventative measures include fees and a `sequence` (nonce) counter to distinguish +replayed transactions from identical but valid ones. If an attacker tries to spam nodes with many +copies of a `Tx`, full-nodes keeping a mempool cache reject all identical copies instead of running +`CheckTx` on them. Even if the copies have incremented `sequence` numbers, attackers are +disincentivized by the need to pay fees. + +Validator nodes keep a mempool to prevent replay attacks, just as full-nodes do, but also use it as +a pool of unconfirmed transactions in preparation of block inclusion. Note that even if a `Tx` +passes all checks at this stage, it is still possible to be found invalid later on, because +`CheckTx` does not fully validate the transaction (that is, it does not actually execute the messages). + +## Inclusion in a Block + +Consensus, the process through which validator nodes come to agreement on which transactions to +accept, happens in **rounds**. Each round begins with a proposer creating a block of the most +recent transactions and ends with **validators**, special full-nodes with voting power responsible +for consensus, agreeing to accept the block or go with a `nil` block instead. Validator nodes +execute the consensus algorithm, such as [CometBFT](https://docs.cometbft.com/v0.37/spec/consensus/), +confirming the transactions using ABCI requests to the application, in order to come to this agreement. + +The first step of consensus is the **block proposal**. One proposer amongst the validators is chosen +by the consensus algorithm to create and propose a block - in order for a `Tx` to be included, it +must be in this proposer's mempool. + +## State Changes + +The next step of consensus is to execute the transactions to fully validate them. All full-nodes +that receive a block proposal from the correct proposer execute the transactions by calling the ABCI functions +[`BeginBlock`](00-overview-app.md#beginblocker-and-endblocker), `DeliverTx` for each transaction, +and [`EndBlock`](00-overview-app.md#beginblocker-and-endblocker). While each full-node runs everything +locally, this process yields a single, unambiguous result, since the messages' state transitions are deterministic and transactions are +explicitly ordered in the block proposal. + +```text + ----------------------- + |Receive Block Proposal| + ----------------------- + | + v + ----------------------- + | BeginBlock | + ----------------------- + | + v + ----------------------- + | DeliverTx(tx0) | + | DeliverTx(tx1) | + | DeliverTx(tx2) | + | DeliverTx(tx3) | + | . | + | . | + | . | + ----------------------- + | + v + ----------------------- + | EndBlock | + ----------------------- + | + v + ----------------------- + | Consensus | + ----------------------- + | + v + ----------------------- + | Commit | + ----------------------- +``` + +### DeliverTx + +The `DeliverTx` ABCI function defined in [`BaseApp`](../advanced/00-baseapp.md) does the bulk of the +state transitions: it is run for each transaction in the block in sequential order as committed +to during consensus. Under the hood, `DeliverTx` is almost identical to `CheckTx` but calls the +[`runTx`](../advanced/00-baseapp.md#runtx) function in deliver mode instead of check mode. +Instead of using their `checkState`, full-nodes use `deliverState`: + +* **Decoding:** Since `DeliverTx` is an ABCI call, `Tx` is received in the encoded `[]byte` form. + Nodes first unmarshal the transaction, using the [`TxConfig`](00-overview-app#register-codec) defined in the app, then call `runTx` in `runTxModeDeliver`, which is very similar to `CheckTx` but also executes and writes state changes. + +* **Checks and `AnteHandler`:** Full-nodes call `validateBasicMsgs` and `AnteHandler` again. This second check + happens because they may not have seen the same transactions during the addition to Mempool stage + and a malicious proposer may have included invalid ones. One difference here is that the + `AnteHandler` does not compare `gas-prices` to the node's `min-gas-prices` since that value is local + to each node - differing values across nodes yield nondeterministic results. + +* **`MsgServiceRouter`:** After `CheckTx` exits, `DeliverTx` continues to run + [`runMsgs`](../advanced/00-baseapp.md#runtx-antehandler-runmsgs-posthandler) to fully execute each `Msg` within the transaction. + Since the transaction may have messages from different modules, `BaseApp` needs to know which module + to find the appropriate handler. This is achieved using `BaseApp`'s `MsgServiceRouter` so that it can be processed by the module's Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md). + For `LegacyMsg` routing, the `Route` function is called via the [module manager](../../build/building-modules/01-module-manager.md) to retrieve the route name and find the legacy [`Handler`](../../build/building-modules/03-msg-services.md#handler-type) within the module. + +* **`Msg` service:** Protobuf `Msg` service is responsible for executing each message in the `Tx` and causes state transitions to persist in `deliverTxState`. + +* **PostHandlers:** [`PostHandler`](../advanced/00-baseapp.md#posthandler)s run after the execution of the message. If they fail, the state change of `runMsgs`, as well of `PostHandlers`, are both reverted. + +* **Gas:** While a `Tx` is being delivered, a `GasMeter` is used to keep track of how much + gas is being used; if execution completes, `GasUsed` is set and returned in the + `abci.ResponseDeliverTx`. If execution halts because `BlockGasMeter` or `GasMeter` has run out or something else goes + wrong, a deferred function at the end appropriately errors or panics. + +If there are any failed state changes resulting from a `Tx` being invalid or `GasMeter` running out, +the transaction processing terminates and any state changes are reverted. Invalid transactions in a +block proposal cause validator nodes to reject the block and vote for a `nil` block instead. + +### Commit + +The final step is for nodes to commit the block and state changes. Validator nodes +perform the previous step of executing state transitions in order to validate the transactions, +then sign the block to confirm it. Full nodes that are not validators do not +participate in consensus - i.e. they cannot vote - but listen for votes to understand whether or +not they should commit the state changes. + +When they receive enough validator votes (2/3+ _precommits_ weighted by voting power), full nodes commit to a new block to be added to the blockchain and +finalize the state transitions in the application layer. A new state root is generated to serve as +a merkle proof for the state transitions. Applications use the [`Commit`](../advanced/00-baseapp.md#commit) +ABCI method inherited from [Baseapp](../advanced/00-baseapp.md); it syncs all the state transitions by +writing the `deliverState` into the application's internal state. As soon as the state changes are +committed, `checkState` starts afresh from the most recently committed state and `deliverState` +resets to `nil` in order to be consistent and reflect the changes. + +Note that not all blocks have the same number of transactions and it is possible for consensus to +result in a `nil` block or one with none at all. In a public blockchain network, it is also possible +for validators to be **byzantine**, or malicious, which may prevent a `Tx` from being committed in +the blockchain. Possible malicious behaviors include the proposer deciding to censor a `Tx` by +excluding it from the block or a validator voting against the block. + +At this point, the transaction lifecycle of a `Tx` is over: nodes have verified its validity, +delivered it by executing its state changes, and committed those changes. The `Tx` itself, +in `[]byte` form, is stored in a block and appended to the blockchain. diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/beginner/02-query-lifecycle.md b/copy-of-sdk-versioned_docs/version-0.47/learn/beginner/02-query-lifecycle.md new file mode 100644 index 00000000..f3839cd9 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/beginner/02-query-lifecycle.md @@ -0,0 +1,150 @@ +--- +sidebar_position: 1 + +--- + +# Query Lifecycle + +:::note Synopsis +This document describes the lifecycle of a query in a Cosmos SDK application, from the user interface to application stores and back. The query is referred to as `MyQuery`. +::: + +:::note + +### Pre-requisite Readings + +* [Transaction Lifecycle](01-tx-lifecycle.md) +::: + +## Query Creation + +A [**query**](../../build/building-modules/02-messages-and-queries.md#queries) is a request for information made by end-users of applications through an interface and processed by a full-node. Users can query information about the network, the application itself, and application state directly from the application's stores or modules. Note that queries are different from [transactions](../advanced/01-transactions.md) (view the lifecycle [here](01-tx-lifecycle.md)), particularly in that they do not require consensus to be processed (as they do not trigger state-transitions); they can be fully handled by one full-node. + +For the purpose of explaining the query lifecycle, let's say the query, `MyQuery`, is requesting a list of delegations made by a certain delegator address in the application called `simapp`. As is to be expected, the [`staking`](../../build/modules/staking/README.md) module handles this query. But first, there are a few ways `MyQuery` can be created by users. + +### CLI + +The main interface for an application is the command-line interface. Users connect to a full-node and run the CLI directly from their machines - the CLI interacts directly with the full-node. To create `MyQuery` from their terminal, users type the following command: + +```bash +simd query staking delegations +``` + +This query command was defined by the [`staking`](../../build/modules/staking/README.md) module developer and added to the list of subcommands by the application developer when creating the CLI. + +Note that the general format is as follows: + +```bash +simd query [moduleName] [command] --flag +``` + +To provide values such as `--node` (the full-node the CLI connects to), the user can use the [`app.toml`](../../user/run-node/02-interact-node.md#configuring-the-node-using-apptoml) config file to set them or provide them as flags. + +The CLI understands a specific set of commands, defined in a hierarchical structure by the application developer: from the [root command](../advanced/07-cli.md#root-command) (`simd`), the type of command (`Myquery`), the module that contains the command (`staking`), and command itself (`delegations`). Thus, the CLI knows exactly which module handles this command and directly passes the call there. + +### gRPC + +Another interface through which users can make queries is [gRPC](https://grpc.io) requests to a [gRPC server](../advanced/09-grpc_rest.md#grpc-server). The endpoints are defined as [Protocol Buffers](https://developers.google.com/protocol-buffers) service methods inside `.proto` files, written in Protobuf's own language-agnostic interface definition language (IDL). The Protobuf ecosystem developed tools for code-generation from `*.proto` files into various languages. These tools allow to build gRPC clients easily. + +One such tool is [grpcurl](https://github.com/fullstorydev/grpcurl), and a gRPC request for `MyQuery` using this client looks like: + +```bash +grpcurl \ + -plaintext # We want results in plain test + -import-path ./proto \ # Import these .proto files + -proto ./proto/cosmos/staking/v1beta1/query.proto \ # Look into this .proto file for the Query protobuf service + -d '{"address":"$MY_DELEGATOR"}' \ # Query arguments + localhost:9090 \ # gRPC server endpoint + cosmos.staking.v1beta1.Query/Delegations # Fully-qualified service method name +``` + +### REST + +Another interface through which users can make queries is through HTTP Requests to a [REST server](../advanced/09-grpc_rest.md#rest-server). The REST server is fully auto-generated from Protobuf services, using [gRPC-gateway](https://github.com/grpc-ecosystem/grpc-gateway). + +An example HTTP request for `MyQuery` looks like: + +```bash +GET http://localhost:1317/cosmos/staking/v1beta1/delegators/{delegatorAddr}/delegations +``` + +## How Queries are Handled by the CLI + +The preceding examples show how an external user can interact with a node by querying its state. To understand in more detail the exact lifecycle of a query, let's dig into how the CLI prepares the query, and how the node handles it. The interactions from the users' perspective are a bit different, but the underlying functions are almost identical because they are implementations of the same command defined by the module developer. This step of processing happens within the CLI, gRPC, or REST server, and heavily involves a `client.Context`. + +### Context + +The first thing that is created in the execution of a CLI command is a `client.Context`. A `client.Context` is an object that stores all the data needed to process a request on the user side. In particular, a `client.Context` stores the following: + +* **Codec**: The [encoder/decoder](../advanced/06-encoding.md) used by the application, used to marshal the parameters and query before making the CometBFT RPC request and unmarshal the returned response into a JSON object. The default codec used by the CLI is Protobuf. +* **Account Decoder**: The account decoder from the [`auth`](../../build/modules/auth/README.md) module, which translates `[]byte`s into accounts. +* **RPC Client**: The CometBFT RPC Client, or node, to which requests are relayed. +* **Keyring**: A [Key Manager](03-accounts.md#keyring) used to sign transactions and handle other operations with keys. +* **Output Writer**: A [Writer](https://pkg.go.dev/io/#Writer) used to output the response. +* **Configurations**: The flags configured by the user for this command, including `--height`, specifying the height of the blockchain to query, and `--indent`, which indicates to add an indent to the JSON response. + +The `client.Context` also contains various functions such as `Query()`, which retrieves the RPC Client and makes an ABCI call to relay a query to a full-node. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/client/context.go#L24-L64 +``` + +The `client.Context`'s primary role is to store data used during interactions with the end-user and provide methods to interact with this data - it is used before and after the query is processed by the full-node. Specifically, in handling `MyQuery`, the `client.Context` is utilized to encode the query parameters, retrieve the full-node, and write the output. Prior to being relayed to a full-node, the query needs to be encoded into a `[]byte` form, as full-nodes are application-agnostic and do not understand specific types. The full-node (RPC Client) itself is retrieved using the `client.Context`, which knows which node the user CLI is connected to. The query is relayed to this full-node to be processed. Finally, the `client.Context` contains a `Writer` to write output when the response is returned. These steps are further described in later sections. + +### Arguments and Route Creation + +At this point in the lifecycle, the user has created a CLI command with all of the data they wish to include in their query. A `client.Context` exists to assist in the rest of the `MyQuery`'s journey. Now, the next step is to parse the command or request, extract the arguments, and encode everything. These steps all happen on the user side within the interface they are interacting with. + +#### Encoding + +In our case (querying an address's delegations), `MyQuery` contains an [address](03-accounts.md#addresses) `delegatorAddress` as its only argument. However, the request can only contain `[]byte`s, as it is ultimately relayed to a consensus engine (e.g. CometBFT) of a full-node that has no inherent knowledge of the application types. Thus, the `codec` of `client.Context` is used to marshal the address. + +Here is what the code looks like for the CLI command: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/staking/client/cli/query.go#L323-L326 +``` + +#### gRPC Query Client Creation + +The Cosmos SDK leverages code generated from Protobuf services to make queries. The `staking` module's `MyQuery` service generates a `queryClient`, which the CLI uses to make queries. Here is the relevant code: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/staking/client/cli/query.go#L317-L343 +``` + +Under the hood, the `client.Context` has a `Query()` function used to retrieve the pre-configured node and relay a query to it; the function takes the query fully-qualified service method name as path (in our case: `/cosmos.staking.v1beta1.Query/Delegations`), and arguments as parameters. It first retrieves the RPC Client (called the [**node**](../advanced/03-node.md)) configured by the user to relay this query to, and creates the `ABCIQueryOptions` (parameters formatted for the ABCI call). The node is then used to make the ABCI call, `ABCIQueryWithOptions()`. + +Here is what the code looks like: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/client/query.go#L79-L113 +``` + +## RPC + +With a call to `ABCIQueryWithOptions()`, `MyQuery` is received by a [full-node](../advanced/06-encoding.md) which then processes the request. Note that, while the RPC is made to the consensus engine (e.g. CometBFT) of a full-node, queries are not part of consensus and so are not broadcasted to the rest of the network, as they do not require anything the network needs to agree upon. + +Read more about ABCI Clients and CometBFT RPC in the [CometBFT documentation](https://docs.cometbft.com/v0.37/spec/rpc/). + +## Application Query Handling + +When a query is received by the full-node after it has been relayed from the underlying consensus engine, it is at that point being handled within an environment that understands application-specific types and has a copy of the state. [`baseapp`](../advanced/00-baseapp.md) implements the ABCI [`Query()`](../advanced/00-baseapp.md#query) function and handles gRPC queries. The query route is parsed, and it matches the fully-qualified service method name of an existing service method (most likely in one of the modules), then `baseapp` relays the request to the relevant module. + +Since `MyQuery` has a Protobuf fully-qualified service method name from the `staking` module (recall `/cosmos.staking.v1beta1.Query/Delegations`), `baseapp` first parses the path, then uses its own internal `GRPCQueryRouter` to retrieve the corresponding gRPC handler, and routes the query to the module. The gRPC handler is responsible for recognizing this query, retrieving the appropriate values from the application's stores, and returning a response. Read more about query services [here](../../build/building-modules/04-query-services.md). + +Once a result is received from the querier, `baseapp` begins the process of returning a response to the user. + +## Response + +Since `Query()` is an ABCI function, `baseapp` returns the response as an [`abci.ResponseQuery`](https://docs.cometbft.com/master/spec/abci/abci.html#query-2) type. The `client.Context` `Query()` routine receives the response and. + +### CLI Response + +The application [`codec`](../advanced/06-encoding.md) is used to unmarshal the response to a JSON and the `client.Context` prints the output to the command line, applying any configurations such as the output type (text, JSON or YAML). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/client/context.go#L330-L358 +``` + +And that's a wrap! The result of the query is outputted to the console by the CLI. diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/beginner/03-accounts.md b/copy-of-sdk-versioned_docs/version-0.47/learn/beginner/03-accounts.md new file mode 100644 index 00000000..d3a55436 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/beginner/03-accounts.md @@ -0,0 +1,282 @@ +--- +sidebar_position: 1 + +--- + +# Accounts + +:::note Synopsis +This document describes the in-built account and public key system of the Cosmos SDK. +::: + +:::note + +### Pre-requisite Readings + +* [Anatomy of a Cosmos SDK Application](00-overview-app.md) + +::: + +## Account Definition + +In the Cosmos SDK, an _account_ designates a pair of _public key_ `PubKey` and _private key_ `PrivKey`. The `PubKey` can be derived to generate various `Addresses`, which are used to identify users (among other parties) in the application. `Addresses` are also associated with [`message`s](../../build/building-modules/02-messages-and-queries.md#messages) to identify the sender of the `message`. The `PrivKey` is used to generate [digital signatures](#keys-accounts-addresses-and-signatures) to prove that an `Address` associated with the `PrivKey` approved of a given `message`. + +For HD key derivation the Cosmos SDK uses a standard called [BIP32](https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki). The BIP32 allows users to create an HD wallet (as specified in [BIP44](https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki)) - a set of accounts derived from an initial secret seed. A seed is usually created from a 12- or 24-word mnemonic. A single seed can derive any number of `PrivKey`s using a one-way cryptographic function. Then, a `PubKey` can be derived from the `PrivKey`. Naturally, the mnemonic is the most sensitive information, as private keys can always be re-generated if the mnemonic is preserved. + +```text + Account 0 Account 1 Account 2 + ++------------------+ +------------------+ +------------------+ +| | | | | | +| Address 0 | | Address 1 | | Address 2 | +| ^ | | ^ | | ^ | +| | | | | | | | | +| | | | | | | | | +| | | | | | | | | +| + | | + | | + | +| Public key 0 | | Public key 1 | | Public key 2 | +| ^ | | ^ | | ^ | +| | | | | | | | | +| | | | | | | | | +| | | | | | | | | +| + | | + | | + | +| Private key 0 | | Private key 1 | | Private key 2 | +| ^ | | ^ | | ^ | ++------------------+ +------------------+ +------------------+ + | | | + | | | + | | | + +--------------------------------------------------------------------+ + | + | + +---------+---------+ + | | + | Master PrivKey | + | | + +-------------------+ + | + | + +---------+---------+ + | | + | Mnemonic (Seed) | + | | + +-------------------+ +``` + +In the Cosmos SDK, keys are stored and managed by using an object called a [`Keyring`](#keyring). + +## Keys, accounts, addresses, and signatures + +The principal way of authenticating a user is done using [digital signatures](https://en.wikipedia.org/wiki/Digital_signature). Users sign transactions using their own private key. Signature verification is done with the associated public key. For on-chain signature verification purposes, we store the public key in an `Account` object (alongside other data required for a proper transaction validation). + +In the node, all data is stored using Protocol Buffers serialization. + +The Cosmos SDK supports the following digital key schemes for creating digital signatures: + +* `secp256k1`, as implemented in the [Cosmos SDK's `crypto/keys/secp256k1` package](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/crypto/keys/secp256k1/secp256k1.go). +* `secp256r1`, as implemented in the [Cosmos SDK's `crypto/keys/secp256r1` package](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/crypto/keys/secp256r1/pubkey.go), +* `tm-ed25519`, as implemented in the [Cosmos SDK `crypto/keys/ed25519` package](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/crypto/keys/ed25519/ed25519.go). This scheme is supported only for the consensus validation. + +| | Address length in bytes | Public key length in bytes | Used for transaction authentication | Used for consensus (cometbft) | +| :----------: | :---------------------: | :------------------------: | :---------------------------------: | :-----------------------------: | +| `secp256k1` | 20 | 33 | yes | no | +| `secp256r1` | 32 | 33 | yes | no | +| `tm-ed25519` | -- not used -- | 32 | no | yes | + +## Addresses + +`Addresses` and `PubKey`s are both public information that identifies actors in the application. `Account` is used to store authentication information. The basic account implementation is provided by a `BaseAccount` object. + +Each account is identified using `Address` which is a sequence of bytes derived from a public key. In the Cosmos SDK, we define 3 types of addresses that specify a context where an account is used: + +* `AccAddress` identifies users (the sender of a `message`). +* `ValAddress` identifies validator operators. +* `ConsAddress` identifies validator nodes that are participating in consensus. Validator nodes are derived using the **`ed25519`** curve. + +These types implement the `Address` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/address.go#L108-L124 +``` + +Address construction algorithm is defined in [ADR-28](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-028-public-key-addresses.md). +Here is the standard way to obtain an account address from a `pub` public key: + +```go +sdk.AccAddress(pub.Address().Bytes()) +``` + +Of note, the `Marshal()` and `Bytes()` method both return the same raw `[]byte` form of the address. `Marshal()` is required for Protobuf compatibility. + +For user interaction, addresses are formatted using [Bech32](https://en.bitcoin.it/wiki/Bech32) and implemented by the `String` method. The Bech32 method is the only supported format to use when interacting with a blockchain. The Bech32 human-readable part (Bech32 prefix) is used to denote an address type. Example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/address.go#L281-L295 +``` + +| | Address Bech32 Prefix | +| ------------------ | --------------------- | +| Accounts | cosmos | +| Validator Operator | cosmosvaloper | +| Consensus Nodes | cosmosvalcons | + +### Public Keys + +Public keys in Cosmos SDK are defined by `cryptotypes.PubKey` interface. Since public keys are saved in a store, `cryptotypes.PubKey` extends the `proto.Message` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/crypto/types/types.go#L8-L17 +``` + +A compressed format is used for `secp256k1` and `secp256r1` serialization. + +* The first byte is a `0x02` byte if the `y`-coordinate is the lexicographically largest of the two associated with the `x`-coordinate. +* Otherwise the first byte is a `0x03`. + +This prefix is followed by the `x`-coordinate. + +Public Keys are not used to reference accounts (or users) and in general are not used when composing transaction messages (with few exceptions: `MsgCreateValidator`, `Validator` and `Multisig` messages). +For user interactions, `PubKey` is formatted using Protobufs JSON ([ProtoMarshalJSON](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/codec/json.go#L14-L34) function). Example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/crypto/keyring/output.go#L23-L39 +``` + +## Keyring + +A `Keyring` is an object that stores and manages accounts. In the Cosmos SDK, a `Keyring` implementation follows the `Keyring` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/crypto/keyring/keyring.go#L54-L101 +``` + +The default implementation of `Keyring` comes from the third-party [`99designs/keyring`](https://github.com/99designs/keyring) library. + +A few notes on the `Keyring` methods: + +* `Sign(uid string, msg []byte) ([]byte, types.PubKey, error)` strictly deals with the signature of the `msg` bytes. You must prepare and encode the transaction into a canonical `[]byte` form. Because protobuf is not deterministic, it has been decided in [ADR-020](../../build/architecture/adr-020-protobuf-transaction-encoding.md) that the canonical `payload` to sign is the `SignDoc` struct, deterministically encoded using [ADR-027](../../build/architecture/adr-027-deterministic-protobuf-serialization.md). Note that signature verification is not implemented in the Cosmos SDK by default, it is deferred to the [`anteHandler`](../advanced/00-baseapp.md#antehandler). + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/tx/v1beta1/tx.proto#L48-L65 +``` + +* `NewAccount(uid, mnemonic, bip39Passphrase, hdPath string, algo SignatureAlgo) (*Record, error)` creates a new account based on the [`bip44 path`](https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki) and persists it on disk. The `PrivKey` is **never stored unencrypted**, instead it is [encrypted with a passphrase](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/crypto/armor.go) before being persisted. In the context of this method, the key type and sequence number refer to the segment of the BIP44 derivation path (for example, `0`, `1`, `2`, ...) that is used to derive a private and a public key from the mnemonic. Using the same mnemonic and derivation path, the same `PrivKey`, `PubKey` and `Address` is generated. The following keys are supported by the keyring: + +* `secp256k1` +* `ed25519` + +* `ExportPrivKeyArmor(uid, encryptPassphrase string) (armor string, err error)` exports a private key in ASCII-armored encrypted format using the given passphrase. You can then either import the private key again into the keyring using the `ImportPrivKey(uid, armor, passphrase string)` function or decrypt it into a raw private key using the `UnarmorDecryptPrivKey(armorStr string, passphrase string)` function. + +### Create New Key Type + +To create a new key type for using in keyring, `keyring.SignatureAlgo` interface must be fulfilled. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/crypto/keyring/signing_algorithms.go#L10-L15 +``` + +The interface consists in three methods where `Name()` returns the name of the algorithm as a `hd.PubKeyType` and `Derive()` and `Generate()` must return the following functions respectively: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/crypto/hd/algo.go#L28-L31 +``` +Once the `keyring.SignatureAlgo` has been implemented it must be added to the [list of supported algos](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/crypto/keyring/keyring.go#L217) of the keyring. + +For simplicity the implementation of a new key type should be done inside the `crypto/hd` package. +There is an example of a working `secp256k1` implementation in [algo.go](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/crypto/hd/algo.go#L38). + + +#### Implementing secp256r1 algo + +Here is an example of how secp256r1 could be implemented. + +First a new function to create a private key from a secret number is needed in the secp256r1 package. This function could look like this: + +```go +// cosmos-sdk/crypto/keys/secp256r1/privkey.go + +// NewPrivKeyFromSecret creates a private key derived for the secret number +// represented in big-endian. The `secret` must be a valid ECDSA field element. +func NewPrivKeyFromSecret(secret []byte) (*PrivKey, error) { + var d = new(big.Int).SetBytes(secret) + if d.Cmp(secp256r1.Params().N) >= 1 { + return nil, errorsmod.Wrap(errors.ErrInvalidRequest, "secret not in the curve base field") + } + sk := new(ecdsa.PrivKey) + return &PrivKey{&ecdsaSK{*sk}}, nil +} +``` + +After that `secp256r1Algo` can be implemented. + +```go +// cosmos-sdk/crypto/hd/secp256r1Algo.go + +package hd + +import ( + "github.com/cosmos/go-bip39" + + "github.com/cosmos/cosmos-sdk/crypto/keys/secp256r1" + "github.com/cosmos/cosmos-sdk/crypto/types" +) + +// Secp256r1Type uses the secp256r1 ECDSA parameters. +const Secp256r1Type = PubKeyType("secp256r1") + +var Secp256r1 = secp256r1Algo{} + +type secp256r1Algo struct{} + +func (s secp256r1Algo) Name() PubKeyType { + return Secp256r1Type +} + +// Derive derives and returns the secp256r1 private key for the given seed and HD path. +func (s secp256r1Algo) Derive() DeriveFn { + return func(mnemonic string, bip39Passphrase, hdPath string) ([]byte, error) { + seed, err := bip39.NewSeedWithErrorChecking(mnemonic, bip39Passphrase) + if err != nil { + return nil, err + } + + masterPriv, ch := ComputeMastersFromSeed(seed) + if len(hdPath) == 0 { + return masterPriv[:], nil + } + derivedKey, err := DerivePrivateKeyForPath(masterPriv, ch, hdPath) + + return derivedKey, err + } +} + +// Generate generates a secp256r1 private key from the given bytes. +func (s secp256r1Algo) Generate() GenerateFn { + return func(bz []byte) types.PrivKey { + key, err := secp256r1.NewPrivKeyFromSecret(bz) + if err != nil { + panic(err) + } + return key + } +} +``` + +Finally, the algo must be added to the list of [supported algos](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/crypto/keyring/keyring.go#L217) by the keyring. + +```go +// cosmos-sdk/crypto/keyring/keyring.go + +func newKeystore(kr keyring.Keyring, cdc codec.Codec, backend string, opts ...Option) keystore { + // Default options for keybase, these can be overwritten using the + // Option function + options := Options{ + SupportedAlgos: SigningAlgoList{hd.Secp256k1, hd.Secp256r1}, // added here + SupportedAlgosLedger: SigningAlgoList{hd.Secp256k1}, + } +... +``` + +Hereafter to create new keys using your algo, you must specify it with the flag `--algo` : + +`simd keys add myKey --algo secp256r1` \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/beginner/04-gas-fees.md b/copy-of-sdk-versioned_docs/version-0.47/learn/beginner/04-gas-fees.md new file mode 100644 index 00000000..a96e2525 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/beginner/04-gas-fees.md @@ -0,0 +1,100 @@ +--- +sidebar_position: 1 + +--- + +# Gas and Fees + +:::note Synopsis +This document describes the default strategies to handle gas and fees within a Cosmos SDK application. +::: + +:::note + +### Pre-requisite Readings + +* [Anatomy of a Cosmos SDK Application](00-overview-app.md) + +::: + +## Introduction to `Gas` and `Fees` + +In the Cosmos SDK, `gas` is a special unit that is used to track the consumption of resources during execution. `gas` is typically consumed whenever read and writes are made to the store, but it can also be consumed if expensive computation needs to be done. It serves two main purposes: + +* Make sure blocks are not consuming too many resources and are finalized. This is implemented by default in the Cosmos SDK via the [block gas meter](#block-gas-meter). +* Prevent spam and abuse from end-user. To this end, `gas` consumed during [`message`](../../build/building-modules/02-messages-and-queries.md#messages) execution is typically priced, resulting in a `fee` (`fees = gas * gas-prices`). `fees` generally have to be paid by the sender of the `message`. Note that the Cosmos SDK does not enforce `gas` pricing by default, as there may be other ways to prevent spam (e.g. bandwidth schemes). Still, most applications implement `fee` mechanisms to prevent spam by using the [`AnteHandler`](#antehandler). + +## Gas Meter + +In the Cosmos SDK, `gas` is a simple alias for `uint64`, and is managed by an object called a _gas meter_. Gas meters implement the `GasMeter` interface + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/store/types/gas.go#L40-L51 +``` + +where: + +* `GasConsumed()` returns the amount of gas that was consumed by the gas meter instance. +* `GasConsumedToLimit()` returns the amount of gas that was consumed by gas meter instance, or the limit if it is reached. +* `GasRemaining()` returns the gas left in the GasMeter. +* `Limit()` returns the limit of the gas meter instance. `0` if the gas meter is infinite. +* `ConsumeGas(amount Gas, descriptor string)` consumes the amount of `gas` provided. If the `gas` overflows, it panics with the `descriptor` message. If the gas meter is not infinite, it panics if `gas` consumed goes above the limit. +* `RefundGas()` deducts the given amount from the gas consumed. This functionality enables refunding gas to the transaction or block gas pools so that EVM-compatible chains can fully support the go-ethereum StateDB interface. +* `IsPastLimit()` returns `true` if the amount of gas consumed by the gas meter instance is strictly above the limit, `false` otherwise. +* `IsOutOfGas()` returns `true` if the amount of gas consumed by the gas meter instance is above or equal to the limit, `false` otherwise. + +The gas meter is generally held in [`ctx`](../advanced/02-context.md), and consuming gas is done with the following pattern: + +```go +ctx.GasMeter().ConsumeGas(amount, "description") +``` + +By default, the Cosmos SDK makes use of two different gas meters, the [main gas meter](#main-gas-meter) and the [block gas meter](#block-gas-meter). + +### Main Gas Meter + +`ctx.GasMeter()` is the main gas meter of the application. The main gas meter is initialized in `BeginBlock` via `setDeliverState`, and then tracks gas consumption during execution sequences that lead to state-transitions, i.e. those originally triggered by [`BeginBlock`](../advanced/00-baseapp.md#beginblock), [`DeliverTx`](../advanced/00-baseapp.md#delivertx) and [`EndBlock`](../advanced/00-baseapp.md#endblock). At the beginning of each `DeliverTx`, the main gas meter **must be set to 0** in the [`AnteHandler`](#antehandler), so that it can track gas consumption per-transaction. + +Gas consumption can be done manually, generally by the module developer in the [`BeginBlocker`, `EndBlocker`](../../build/building-modules/05-beginblock-endblock.md) or [`Msg` service](../../build/building-modules/03-msg-services.md), but most of the time it is done automatically whenever there is a read or write to the store. This automatic gas consumption logic is implemented in a special store called [`GasKv`](../advanced/04-store.md#gaskv-store). + +### Block Gas Meter + +`ctx.BlockGasMeter()` is the gas meter used to track gas consumption per block and make sure it does not go above a certain limit. A new instance of the `BlockGasMeter` is created each time [`BeginBlock`](../advanced/00-baseapp.md#beginblock) is called. The `BlockGasMeter` is finite, and the limit of gas per block is defined in the application's consensus parameters. By default, Cosmos SDK applications use the default consensus parameters provided by CometBFT: + +```go reference +https://github.com/cometbft/cometbft/blob/v0.37.0/types/params.go#L66-L105 +``` + +When a new [transaction](../advanced/01-transactions.md) is being processed via `DeliverTx`, the current value of `BlockGasMeter` is checked to see if it is above the limit. If it is, `DeliverTx` returns immediately. This can happen even with the first transaction in a block, as `BeginBlock` itself can consume gas. If not, the transaction is processed normally. At the end of `DeliverTx`, the gas tracked by `ctx.BlockGasMeter()` is increased by the amount consumed to process the transaction: + +```go +ctx.BlockGasMeter().ConsumeGas( + ctx.GasMeter().GasConsumedToLimit(), + "block gas meter", +) +``` + +## AnteHandler + +The `AnteHandler` is run for every transaction during `CheckTx` and `DeliverTx`, before a Protobuf `Msg` service method for each `sdk.Msg` in the transaction. + +The anteHandler is not implemented in the core Cosmos SDK but in a module. That said, most applications today use the default implementation defined in the [`auth` module](https://github.com/cosmos/cosmos-sdk/tree/main/x/auth). Here is what the `anteHandler` is intended to do in a normal Cosmos SDK application: + +* Verify that the transactions are of the correct type. Transaction types are defined in the module that implements the `anteHandler`, and they follow the transaction interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/tx_msg.go#L42-L50 +``` + + This enables developers to play with various types for the transaction of their application. In the default `auth` module, the default transaction type is `Tx`: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/tx/v1beta1/tx.proto#L13-L26 +``` + +* Verify signatures for each [`message`](../../build/building-modules/02-messages-and-queries.md#messages) contained in the transaction. Each `message` should be signed by one or multiple sender(s), and these signatures must be verified in the `anteHandler`. +* During `CheckTx`, verify that the gas prices provided with the transaction is greater than the local `min-gas-prices` (as a reminder, gas-prices can be deducted from the following equation: `fees = gas * gas-prices`). `min-gas-prices` is a parameter local to each full-node and used during `CheckTx` to discard transactions that do not provide a minimum amount of fees. This ensures that the mempool cannot be spammed with garbage transactions. +* Verify that the sender of the transaction has enough funds to cover for the `fees`. When the end-user generates a transaction, they must indicate 2 of the 3 following parameters (the third one being implicit): `fees`, `gas` and `gas-prices`. This signals how much they are willing to pay for nodes to execute their transaction. The provided `gas` value is stored in a parameter called `GasWanted` for later use. +* Set `newCtx.GasMeter` to 0, with a limit of `GasWanted`. **This step is crucial**, as it not only makes sure the transaction cannot consume infinite gas, but also that `ctx.GasMeter` is reset in-between each `DeliverTx` (`ctx` is set to `newCtx` after `anteHandler` is run, and the `anteHandler` is run each time `DeliverTx` is called). + +As explained above, the `anteHandler` returns a maximum limit of `gas` the transaction can consume during execution called `GasWanted`. The actual amount consumed in the end is denominated `GasUsed`, and we must therefore have `GasUsed =< GasWanted`. Both `GasWanted` and `GasUsed` are relayed to the underlying consensus engine when [`DeliverTx`](../advanced/00-baseapp.md#delivertx) returns. diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/beginner/_category_.json b/copy-of-sdk-versioned_docs/version-0.47/learn/beginner/_category_.json new file mode 100644 index 00000000..d09097fa --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/beginner/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Beginner", + "position": 2, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/glossary.md b/copy-of-sdk-versioned_docs/version-0.47/learn/glossary.md new file mode 100644 index 00000000..a2da9d7b --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/glossary.md @@ -0,0 +1,57 @@ +--- +sidebar_position: 3 + +--- + +# Glossary + +## ABCI (Application Blockchain Interface) +The interface between the Tendermint consensus engine and the application state machine, allowing them to communicate and perform state transitions. ABCI is a critical component of the Cosmos SDK, enabling developers to build applications using any programming language that can communicate via ABCI. + +## ATOM +The native staking token of the Cosmos Hub, used for securing the network, participating in governance, and paying fees for transactions. + +## CometBFT +A Byzantine Fault Tolerant (BFT) consensus engine that powers the Cosmos SDK. CometBFT is responsible for handling the consensus and networking layers of a blockchain. + +## Cosmos Hub +The first blockchain built with the Cosmos SDK, functioning as a hub for connecting other blockchains in the Cosmos ecosystem through IBC. + +## Cosmos SDK +A framework for building blockchain applications, focusing on modularity, scalability, and interoperability. + +## CosmWasm +A smart contract engine for the Cosmos SDK that enables developers to write and deploy smart contracts in WebAssembly (Wasm). CosmWasm is designed to be secure, efficient, and easy to use, allowing developers to build complex applications on top of the Cosmos SDK. + +## Delegator +A participant in a Proof of Stake network who delegates their tokens to a validator. Delegators share in the rewards and risks associated with the validator's performance in the consensus process. + +## Gas +A measure of computational effort required to execute a transaction or smart contract on a blockchain. In the Cosmos ecosystem, gas is used to meter transactions and allocate resources fairly among users. Users must pay a gas fee, usually in the native token, to have their transactions processed by the network. + +## Governance +The decision-making process in the Cosmos ecosystem, which allows token holders to propose and vote on network upgrades, parameter changes, and other critical decisions. + +## IBC (Inter-Blockchain Communication) +A protocol for secure and reliable communication between heterogeneous blockchains built on the Cosmos SDK. IBC enables the transfer of tokens and data across multiple blockchains. + +## Interoperability +The ability of different blockchains and distributed systems to communicate and interact with each other, enabling the seamless transfer of information, tokens, and other digital assets. In the context of Cosmos, the Inter-Blockchain Communication (IBC) protocol is a core technology that enables interoperability between blockchains built with the Cosmos SDK and other compatible blockchains. Interoperability allows for increased collaboration, innovation, and value creation across different blockchain ecosystems. + +## Light Clients +Lightweight blockchain clients that verify and process only a small subset of the blockchain data, allowing users to interact with the network without downloading the entire blockchain. ABCI++ aims to enhance the security and performance of light clients by enabling them to efficiently verify state transitions and proofs. + +## Module +A self-contained, reusable piece of code that can be used to build blockchain functionality within a Cosmos SDK application. Modules can be developed by the community and shared for others to use. + +## Slashing +The process of penalizing validators or delegators by reducing their staked tokens if they behave maliciously or fail to meet the network's performance requirements. + +## Staking +The process of locking up tokens as collateral to secure the network, participate in consensus, and earn rewards in a Proof of Stake (PoS) blockchain like Cosmos. + +## State Sync +A feature that allows new nodes to quickly synchronize with the current state of the blockchain without downloading and processing all previous blocks. State Sync is particularly useful for nodes that have been offline for an extended period or are joining the network for the first time. ABCI++ aims to improve the efficiency and security of State Sync. + +## Validator +A network participant responsible for proposing new blocks, validating transactions, and securing the Cosmos SDK-based blockchain through staking tokens. Validators play a crucial role in maintaining the security and integrity of the network. \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/intro/00-overview.md b/copy-of-sdk-versioned_docs/version-0.47/learn/intro/00-overview.md new file mode 100644 index 00000000..3c77e795 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/intro/00-overview.md @@ -0,0 +1,32 @@ +--- +sidebar_position: 0 + +--- + +# What is the Cosmos SDK + +The [Cosmos SDK](https://github.com/cosmos/cosmos-sdk) is an open-source framework for building multi-asset public Proof-of-Stake (PoS) blockchains, like the Cosmos Hub, as well as permissioned Proof-of-Authority (PoA) blockchains. Blockchains built with the Cosmos SDK are generally referred to as **application-specific blockchains**. + +The goal of the Cosmos SDK is to allow developers to easily create custom blockchains from scratch that can natively interoperate with other blockchains. We envision the Cosmos SDK as the npm-like framework to build secure blockchain applications on top of [CometBFT](https://github.com/cometbft/cometbft). SDK-based blockchains are built out of composable [modules](../../build/building-modules/00-intro.md), most of which are open-source and readily available for any developers to use. Anyone can create a module for the Cosmos SDK, and integrating already-built modules is as simple as importing them into your blockchain application. What's more, the Cosmos SDK is a capabilities-based system that allows developers to better reason about the security of interactions between modules. For a deeper look at capabilities, jump to [Object-Capability Model](../advanced/10-ocap.md). + +## What are Application-Specific Blockchains + +One development paradigm in the blockchain world today is that of virtual-machine blockchains like Ethereum, where development generally revolves around building decentralized applications on top of an existing blockchain as a set of smart contracts. While smart contracts can be very good for some use cases like single-use applications (e.g. ICOs), they often fall short for building complex decentralized platforms. More generally, smart contracts can be limiting in terms of flexibility, sovereignty and performance. + +Application-specific blockchains offer a radically different development paradigm than virtual-machine blockchains. An application-specific blockchain is a blockchain customized to operate a single application: developers have all the freedom to make the design decisions required for the application to run optimally. They can also provide better sovereignty, security and performance. + +Learn more about [application-specific blockchains](01-why-app-specific.md). + +## Why the Cosmos SDK + +The Cosmos SDK is the most advanced framework for building custom application-specific blockchains today. Here are a few reasons why you might want to consider building your decentralized application with the Cosmos SDK: + +* The default consensus engine available within the Cosmos SDK is [CometBFT](https://github.com/cometbft/cometbft). CometBFT is the most (and only) mature BFT consensus engine in existence. It is widely used across the industry and is considered the gold standard consensus engine for building Proof-of-Stake systems. +* The Cosmos SDK is open-source and designed to make it easy to build blockchains out of composable [modules](../../build/modules). As the ecosystem of open-source Cosmos SDK modules grows, it will become increasingly easier to build complex decentralized platforms with it. +* The Cosmos SDK is inspired by capabilities-based security, and informed by years of wrestling with blockchain state-machines. This makes the Cosmos SDK a very secure environment to build blockchains. +* Most importantly, the Cosmos SDK has already been used to build many application-specific blockchains that are already in production. Among others, we can cite [Cosmos Hub](https://hub.cosmos.network), [IRIS Hub](https://irisnet.org), [Binance Chain](https://docs.binance.org/), [Terra](https://terra.money/) or [Kava](https://www.kava.io/). [Many more](https://cosmos.network/ecosystem) are building on the Cosmos SDK. + +## Getting started with the Cosmos SDK + +* Learn more about the [architecture of a Cosmos SDK application](02-sdk-app-architecture.md) +* Learn how to build an application-specific blockchain from scratch with the [Cosmos SDK Tutorial](https://cosmos.network/docs/tutorial) diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/intro/01-why-app-specific.md b/copy-of-sdk-versioned_docs/version-0.47/learn/intro/01-why-app-specific.md new file mode 100644 index 00000000..5cbbc0e5 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/intro/01-why-app-specific.md @@ -0,0 +1,80 @@ +--- +sidebar_position: 0 + +--- + +# Application-Specific Blockchains + +:::note Synopsis +This document explains what application-specific blockchains are, and why developers would want to build one as opposed to writing Smart Contracts. +::: + +## What are application-specific blockchains + +Application-specific blockchains are blockchains customized to operate a single application. Instead of building a decentralized application on top of an underlying blockchain like Ethereum, developers build their own blockchain from the ground up. This means building a full-node client, a light-client, and all the necessary interfaces (CLI, REST, ...) to interact with the nodes. + +```text + ^ +-------------------------------+ ^ + | | | | Built with Cosmos SDK + | | State-machine = Application | | + | | | v + | +-------------------------------+ + | | | ^ +Blockchain node | | Consensus | | + | | | | + | +-------------------------------+ | CometBFT + | | | | + | | Networking | | + | | | | + v +-------------------------------+ v +``` + +## What are the shortcomings of Smart Contracts + +Virtual-machine blockchains like Ethereum addressed the demand for more programmability back in 2014. At the time, the options available for building decentralized applications were quite limited. Most developers would build on top of the complex and limited Bitcoin scripting language, or fork the Bitcoin codebase which was hard to work with and customize. + +Virtual-machine blockchains came in with a new value proposition. Their state-machine incorporates a virtual-machine that is able to interpret turing-complete programs called Smart Contracts. These Smart Contracts are very good for use cases like one-time events (e.g. ICOs), but they can fall short for building complex decentralized platforms. Here is why: + +* Smart Contracts are generally developed with specific programming languages that can be interpreted by the underlying virtual-machine. These programming languages are often immature and inherently limited by the constraints of the virtual-machine itself. For example, the Ethereum Virtual Machine does not allow developers to implement automatic execution of code. Developers are also limited to the account-based system of the EVM, and they can only choose from a limited set of functions for their cryptographic operations. These are examples, but they hint at the lack of **flexibility** that a smart contract environment often entails. +* Smart Contracts are all run by the same virtual machine. This means that they compete for resources, which can severely restrain **performance**. And even if the state-machine were to be split in multiple subsets (e.g. via sharding), Smart Contracts would still need to be interpreted by a virtual machine, which would limit performance compared to a native application implemented at state-machine level (our benchmarks show an improvement on the order of 10x in performance when the virtual-machine is removed). +* Another issue with the fact that Smart Contracts share the same underlying environment is the resulting limitation in **sovereignty**. A decentralized application is an ecosystem that involves multiple players. If the application is built on a general-purpose virtual-machine blockchain, stakeholders have very limited sovereignty over their application, and are ultimately superseded by the governance of the underlying blockchain. If there is a bug in the application, very little can be done about it. + +Application-Specific Blockchains are designed to address these shortcomings. + +## Application-Specific Blockchains Benefits + +### Flexibility + +Application-specific blockchains give maximum flexibility to developers: + +* In Cosmos blockchains, the state-machine is typically connected to the underlying consensus engine via an interface called the [ABCI](https://docs.cometbft.com/v0.37/spec/abci/). This interface can be wrapped in any programming language, meaning developers can build their state-machine in the programming language of their choice. + +* Developers can choose among multiple frameworks to build their state-machine. The most widely used today is the Cosmos SDK, but others exist (e.g. [Lotion](https://github.com/nomic-io/lotion), [Weave](https://github.com/iov-one/weave), ...). Typically the choice will be made based on the programming language they want to use (Cosmos SDK and Weave are in Golang, Lotion is in Javascript, ...). +* The ABCI also allows developers to swap the consensus engine of their application-specific blockchain. Today, only CometBFT is production-ready, but in the future other consensus engines are expected to emerge. +* Even when they settle for a framework and consensus engine, developers still have the freedom to tweak them if they don't perfectly match their requirements in their pristine forms. +* Developers are free to explore the full spectrum of tradeoffs (e.g. number of validators vs transaction throughput, safety vs availability in asynchrony, ...) and design choices (DB or IAVL tree for storage, UTXO or account model, ...). +* Developers can implement automatic execution of code. In the Cosmos SDK, logic can be automatically triggered at the beginning and the end of each block. They are also free to choose the cryptographic library used in their application, as opposed to being constrained by what is made available by the underlying environment in the case of virtual-machine blockchains. + +The list above contains a few examples that show how much flexibility application-specific blockchains give to developers. The goal of Cosmos and the Cosmos SDK is to make developer tooling as generic and composable as possible, so that each part of the stack can be forked, tweaked and improved without losing compatibility. As the community grows, more alternatives for each of the core building blocks will emerge, giving more options to developers. + +### Performance + +decentralized applications built with Smart Contracts are inherently capped in performance by the underlying environment. For a decentralized application to optimise performance, it needs to be built as an application-specific blockchain. Next are some of the benefits an application-specific blockchain brings in terms of performance: + +* Developers of application-specific blockchains can choose to operate with a novel consensus engine such as CometBFT BFT. Compared to Proof-of-Work (used by most virtual-machine blockchains today), it offers significant gains in throughput. +* An application-specific blockchain only operates a single application, so that the application does not compete with others for computation and storage. This is the opposite of most non-sharded virtual-machine blockchains today, where smart contracts all compete for computation and storage. +* Even if a virtual-machine blockchain offered application-based sharding coupled with an efficient consensus algorithm, performance would still be limited by the virtual-machine itself. The real throughput bottleneck is the state-machine, and requiring transactions to be interpreted by a virtual-machine significantly increases the computational complexity of processing them. + +### Security + +Security is hard to quantify, and greatly varies from platform to platform. That said here are some important benefits an application-specific blockchain can bring in terms of security: + +* Developers can choose proven programming languages like Go when building their application-specific blockchains, as opposed to smart contract programming languages that are often more immature. +* Developers are not constrained by the cryptographic functions made available by the underlying virtual-machines. They can use their own custom cryptography, and rely on well-audited crypto libraries. +* Developers do not have to worry about potential bugs or exploitable mechanisms in the underlying virtual-machine, making it easier to reason about the security of the application. + +### Sovereignty + +One of the major benefits of application-specific blockchains is sovereignty. A decentralized application is an ecosystem that involves many actors: users, developers, third-party services, and more. When developers build on virtual-machine blockchain where many decentralized applications coexist, the community of the application is different than the community of the underlying blockchain, and the latter supersedes the former in the governance process. If there is a bug or if a new feature is needed, stakeholders of the application have very little leeway to upgrade the code. If the community of the underlying blockchain refuses to act, nothing can happen. + +The fundamental issue here is that the governance of the application and the governance of the network are not aligned. This issue is solved by application-specific blockchains. Because application-specific blockchains specialize to operate a single application, stakeholders of the application have full control over the entire chain. This ensures that the community will not be stuck if a bug is discovered, and that it has the freedom to choose how it is going to evolve. diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/intro/02-sdk-app-architecture.md b/copy-of-sdk-versioned_docs/version-0.47/learn/intro/02-sdk-app-architecture.md new file mode 100644 index 00000000..c608bbe1 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/intro/02-sdk-app-architecture.md @@ -0,0 +1,94 @@ +--- +sidebar_position: 0 + +--- + +# Introduction to Blockchain Architecture + +## State machine + +At its core, a blockchain is a [replicated deterministic state machine](https://en.wikipedia.org/wiki/State_machine_replication). + +A state machine is a computer science concept whereby a machine can have multiple states, but only one at any given time. There is a `state`, which describes the current state of the system, and `transactions`, that trigger state transitions. + +Given a state S and a transaction T, the state machine will return a new state S'. + +```text ++--------+ +--------+ +| | | | +| S +---------------->+ S' | +| | apply(T) | | ++--------+ +--------+ +``` + +In practice, the transactions are bundled in blocks to make the process more efficient. Given a state S and a block of transactions B, the state machine will return a new state S'. + +```text ++--------+ +--------+ +| | | | +| S +----------------------------> | S' | +| | For each T in B: apply(T) | | ++--------+ +--------+ +``` + +In a blockchain context, the state machine is deterministic. This means that if a node is started at a given state and replays the same sequence of transactions, it will always end up with the same final state. + +The Cosmos SDK gives developers maximum flexibility to define the state of their application, transaction types and state transition functions. The process of building state-machines with the Cosmos SDK will be described more in depth in the following sections. But first, let us see how the state-machine is replicated using **CometBFT**. + +## CometBFT + +Thanks to the Cosmos SDK, developers just have to define the state machine, and [*CometBFT*](https://docs.cometbft.com/v0.37/introduction/what-is-cometbft) will handle replication over the network for them. + +```text + ^ +-------------------------------+ ^ + | | | | Built with Cosmos SDK + | | State-machine = Application | | + | | | v + | +-------------------------------+ + | | | ^ +Blockchain node | | Consensus | | + | | | | + | +-------------------------------+ | CometBFT + | | | | + | | Networking | | + | | | | + v +-------------------------------+ v +``` + +[CometBFT](https://docs.cometbft.com/v0.37/introduction/what-is-cometbft) is an application-agnostic engine that is responsible for handling the *networking* and *consensus* layers of a blockchain. In practice, this means that CometBFT is responsible for propagating and ordering transaction bytes. CometBFT relies on an eponymous Byzantine-Fault-Tolerant (BFT) algorithm to reach consensus on the order of transactions. + +The CometBFT [consensus algorithm](https://docs.cometbft.com/v0.37/introduction/what-is-cometbft#consensus-overview) works with a set of special nodes called *Validators*. Validators are responsible for adding blocks of transactions to the blockchain. At any given block, there is a validator set V. A validator in V is chosen by the algorithm to be the proposer of the next block. This block is considered valid if more than two thirds of V signed a `prevote` and a `precommit` on it, and if all the transactions that it contains are valid. The validator set can be changed by rules written in the state-machine. + +## ABCI + +CometBFT passes transactions to the application through an interface called the [ABCI](https://docs.cometbft.com/v0.37/spec/abci/), which the application must implement. + +```text + +---------------------+ + | | + | Application | + | | + +--------+---+--------+ + ^ | + | | ABCI + | v + +--------+---+--------+ + | | + | | + | CometBFT | + | | + | | + +---------------------+ +``` + +Note that **CometBFT only handles transaction bytes**. It has no knowledge of what these bytes mean. All CometBFT does is order these transaction bytes deterministically. CometBFT passes the bytes to the application via the ABCI, and expects a return code to inform it if the messages contained in the transactions were successfully processed or not. + +Here are the most important messages of the ABCI: + +* `CheckTx`: When a transaction is received by CometBFT, it is passed to the application to check if a few basic requirements are met. `CheckTx` is used to protect the mempool of full-nodes against spam transactions. . A special handler called the [`AnteHandler`](../beginner/04-gas-fees.md#antehandler) is used to execute a series of validation steps such as checking for sufficient fees and validating the signatures. If the checks are valid, the transaction is added to the [mempool](https://docs.cometbft.com/v0.37/spec/p2p/messages/mempool) and relayed to peer nodes. Note that transactions are not processed (i.e. no modification of the state occurs) with `CheckTx` since they have not been included in a block yet. +* `DeliverTx`: When a [valid block](https://docs.cometbft.com/v0.37/spec/core/data_structures#block) is received by CometBFT, each transaction in the block is passed to the application via `DeliverTx` in order to be processed. It is during this stage that the state transitions occur. The `AnteHandler` executes again, along with the actual [`Msg` service](../../build/building-modules/03-msg-services.md) RPC for each message in the transaction. +* `BeginBlock`/`EndBlock`: These messages are executed at the beginning and the end of each block, whether the block contains transactions or not. It is useful to trigger automatic execution of logic. Proceed with caution though, as computationally expensive loops could slow down your blockchain, or even freeze it if the loop is infinite. + +Find a more detailed view of the ABCI methods from the [CometBFT docs](https://docs.cometbft.com/v0.37/spec/abci/). + +Any application built on CometBFT needs to implement the ABCI interface in order to communicate with the underlying local CometBFT engine. Fortunately, you do not have to implement the ABCI interface. The Cosmos SDK provides a boilerplate implementation of it in the form of [baseapp](03-sdk-design.md#baseapp). diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/intro/03-sdk-design.md b/copy-of-sdk-versioned_docs/version-0.47/learn/intro/03-sdk-design.md new file mode 100644 index 00000000..8d5ca962 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/intro/03-sdk-design.md @@ -0,0 +1,96 @@ +--- +sidebar_position: 0 + +--- + +# Main Components of the Cosmos SDK + +The Cosmos SDK is a framework that facilitates the development of secure state-machines on top of CometBFT. At its core, the Cosmos SDK is a boilerplate implementation of the [ABCI](02-sdk-app-architecture.md#abci) in Golang. It comes with a [`multistore`](../advanced/04-store.md#multistore) to persist data and a [`router`](../advanced/00-baseapp.md#routing) to handle transactions. + +Here is a simplified view of how transactions are handled by an application built on top of the Cosmos SDK when transferred from CometBFT via `DeliverTx`: + +1. Decode `transactions` received from the CometBFT consensus engine (remember that CometBFT only deals with `[]bytes`). +2. Extract `messages` from `transactions` and do basic sanity checks. +3. Route each message to the appropriate module so that it can be processed. +4. Commit state changes. + +## `baseapp` + +`baseapp` is the boilerplate implementation of a Cosmos SDK application. It comes with an implementation of the ABCI to handle the connection with the underlying consensus engine. Typically, a Cosmos SDK application extends `baseapp` by embedding it in [`app.go`](../beginner/00-overview-app.md#core-application-file). + +Here is an example of this from `simapp`, the Cosmos SDK demonstration app: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/app.go#L164-L203 +``` + +The goal of `baseapp` is to provide a secure interface between the store and the extensible state machine while defining as little about the state machine as possible (staying true to the ABCI). + +For more on `baseapp`, please click [here](../advanced/00-baseapp.md). + +## Multistore + +The Cosmos SDK provides a [`multistore`](../advanced/04-store.md#multistore) for persisting state. The multistore allows developers to declare any number of [`KVStores`](../advanced/04-store.md#base-layer-kvstores). These `KVStores` only accept the `[]byte` type as value and therefore any custom structure needs to be marshalled using [a codec](../advanced/06-encoding.md) before being stored. + +The multistore abstraction is used to divide the state in distinct compartments, each managed by its own module. For more on the multistore, click [here](../advanced/04-store.md#multistore) + +## Modules + +The power of the Cosmos SDK lies in its modularity. Cosmos SDK applications are built by aggregating a collection of interoperable modules. Each module defines a subset of the state and contains its own message/transaction processor, while the Cosmos SDK is responsible for routing each message to its respective module. + +Here is a simplified view of how a transaction is processed by the application of each full-node when it is received in a valid block: + +```text + + + | + | Transaction relayed from the full-node's + | CometBFT engine to the node's application + | via DeliverTx + | + | + +---------------------v--------------------------+ + | APPLICATION | + | | + | Using baseapp's methods: Decode the Tx, | + | extract and route the message(s) | + | | + +---------------------+--------------------------+ + | + | + | + +---------------------------+ + | + | + | Message routed to + | the correct module + | to be processed + | + | ++----------------+ +---------------+ +----------------+ +------v----------+ +| | | | | | | | +| AUTH MODULE | | BANK MODULE | | STAKING MODULE | | GOV MODULE | +| | | | | | | | +| | | | | | | Handles message,| +| | | | | | | Updates state | +| | | | | | | | ++----------------+ +---------------+ +----------------+ +------+----------+ + | + | + | + | + +--------------------------+ + | + | Return result to CometBFT + | (0=Ok, 1=Err) + v +``` + +Each module can be seen as a little state-machine. Developers need to define the subset of the state handled by the module, as well as custom message types that modify the state (*Note:* `messages` are extracted from `transactions` by `baseapp`). In general, each module declares its own `KVStore` in the `multistore` to persist the subset of the state it defines. Most developers will need to access other 3rd party modules when building their own modules. Given that the Cosmos SDK is an open framework, some of the modules may be malicious, which means there is a need for security principles to reason about inter-module interactions. These principles are based on [object-capabilities](../advanced/10-ocap.md). In practice, this means that instead of having each module keep an access control list for other modules, each module implements special objects called `keepers` that can be passed to other modules to grant a pre-defined set of capabilities. + +Cosmos SDK modules are defined in the `x/` folder of the Cosmos SDK. Some core modules include: + +* `x/auth`: Used to manage accounts and signatures. +* `x/bank`: Used to enable tokens and token transfers. +* `x/staking` + `x/slashing`: Used to build Proof-Of-Stake blockchains. + +In addition to the already existing modules in `x/`, that anyone can use in their app, the Cosmos SDK lets you build your own custom modules. You can check an [example of that in the tutorial](https://tutorials.cosmos.network/). diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/intro/_category_.json b/copy-of-sdk-versioned_docs/version-0.47/learn/intro/_category_.json new file mode 100644 index 00000000..bb0bcd14 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/intro/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Introduction", + "position": 1, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/learn.md b/copy-of-sdk-versioned_docs/version-0.47/learn/learn.md new file mode 100644 index 00000000..e0454f62 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/learn/learn.md @@ -0,0 +1,11 @@ +--- +sidebar_position: 0 +--- +# Learn + +* [Introduction](intro/00-overview.md) - Dive into the fundamentals of Cosmos SDK with an insightful introduction, +laying the groundwork for understanding blockchain development. In this section we provide a High-Level Overview of the SDK, then dive deeper into Core concepts such as Application-Specific Blockchains, Blockchain Architecture, and finally we begin to explore what are the main components of the SDK. +* [Beginner](beginner/00-overview-app.md) - Start your journey with beginner-friendly resources in the Cosmos SDK's "Learn" +section, providing a gentle entry point for newcomers to blockchain development. Here we focus on a little more detail, covering the Anatomy of a Cosmos SDK Application, Transaction Lifecycles, Accounts and lastly, Gas and Fees. +* [Advanced](advanced/00-baseapp.md) - Level up your Cosmos SDK expertise with advanced topics, tailored for experienced +developers diving into intricate blockchain application development. We cover the Cosmos SDK on a lower level as we dive into the core of the SDK with BaseApp, Transactions, Context, Node Client (Daemon), Store, Encoding, gRPC, REST, and CometBFT Endpoints, CLI, Events, Telementry, Object-Capability Model, RunTx recovery middleware, Cosmos Blockchain Simulator, Protobuf Documentation, In-Place Store Migrations, Configuration and AutoCLI. diff --git a/copy-of-sdk-versioned_docs/version-0.47/user/run-node/00-keyring.md b/copy-of-sdk-versioned_docs/version-0.47/user/run-node/00-keyring.md new file mode 100644 index 00000000..2a0d5c64 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/user/run-node/00-keyring.md @@ -0,0 +1,134 @@ +--- +sidebar_position: 1 +--- + +# Setting up the keyring + +:::note Synopsis +This document describes how to configure and use the keyring and its various backends for an [**application**](../../learn/beginner/00-overview-app.md). +::: + +The keyring holds the private/public keypairs used to interact with a node. For instance, a validator key needs to be set up before running the blockchain node, so that blocks can be correctly signed. The private key can be stored in different locations, called "backends", such as a file or the operating system's own key storage. + +## Available backends for the keyring + +Starting with the v0.38.0 release, Cosmos SDK comes with a new keyring implementation +that provides a set of commands to manage cryptographic keys in a secure fashion. The +new keyring supports multiple storage backends, some of which may not be available on +all operating systems. + +### The `os` backend + +The `os` backend relies on operating system-specific defaults to handle key storage +securely. Typically, an operating system's credential sub-system handles password prompts, +private keys storage, and user sessions according to the user's password policies. Here +is a list of the most popular operating systems and their respective passwords manager: + +* macOS: [Keychain](https://support.apple.com/en-gb/guide/keychain-access/welcome/mac) +* Windows: [Credentials Management API](https://docs.microsoft.com/en-us/windows/win32/secauthn/credentials-management) +* GNU/Linux: + * [libsecret](https://gitlab.gnome.org/GNOME/libsecret) + * [kwallet](https://api.kde.org/frameworks/kwallet/html/index.html) + +GNU/Linux distributions that use GNOME as default desktop environment typically come with +[Seahorse](https://wiki.gnome.org/Apps/Seahorse). Users of KDE based distributions are +commonly provided with [KDE Wallet Manager](https://userbase.kde.org/KDE_Wallet_Manager). +Whilst the former is in fact a `libsecret` convenient frontend, the latter is a `kwallet` +client. + +`os` is the default option since operating system's default credentials managers are +designed to meet users' most common needs and provide them with a comfortable +experience without compromising on security. + +The recommended backends for headless environments are `file` and `pass`. + +### The `file` backend + +The `file` backend more closely resembles the keybase implementation used prior to +v0.38.1. It stores the keyring encrypted within the app's configuration directory. This +keyring will request a password each time it is accessed, which may occur multiple +times in a single command resulting in repeated password prompts. If using bash scripts +to execute commands using the `file` option you may want to utilize the following format +for multiple prompts: + +```shell +# assuming that KEYPASSWD is set in the environment +$ gaiacli config keyring-backend file # use file backend +$ (echo $KEYPASSWD; echo $KEYPASSWD) | gaiacli keys add me # multiple prompts +$ echo $KEYPASSWD | gaiacli keys show me # single prompt +``` + +:::tip +The first time you add a key to an empty keyring, you will be prompted to type the password twice. +::: + +### The `pass` backend + +The `pass` backend uses the [pass](https://www.passwordstore.org/) utility to manage on-disk +encryption of keys' sensitive data and metadata. Keys are stored inside `gpg` encrypted files +within app-specific directories. `pass` is available for the most popular UNIX +operating systems as well as GNU/Linux distributions. Please refer to its manual page for +information on how to download and install it. + +:::tip +**pass** uses [GnuPG](https://gnupg.org/) for encryption. `gpg` automatically invokes the `gpg-agent` +daemon upon execution, which handles the caching of GnuPG credentials. Please refer to `gpg-agent` +man page for more information on how to configure cache parameters such as credentials TTL and +passphrase expiration. +::: + +The password store must be set up prior to first use: + +```shell +pass init +``` + +Replace `` with your GPG key ID. You can use your personal GPG key or an alternative +one you may want to use specifically to encrypt the password store. + +### The `kwallet` backend + +The `kwallet` backend uses `KDE Wallet Manager`, which comes installed by default on the +GNU/Linux distributions that ships KDE as default desktop environment. Please refer to +[KWallet Handbook](https://docs.kde.org/stable5/en/kdeutils/kwallet5/index.html) for more +information. + +### The `test` backend + +The `test` backend is a password-less variation of the `file` backend. Keys are stored +unencrypted on disk. + +**Provided for testing purposes only. The `test` backend is not recommended for use in production environments**. + +### The `memory` backend + +The `memory` backend stores keys in memory. The keys are immediately deleted after the program has exited. + +**Provided for testing purposes only. The `memory` backend is not recommended for use in production environments**. + +### Setting backend using the env variable + +You can set the keyring-backend using env variable: `BINNAME_KEYRING_BACKEND`. For example, if you binary name is `gaia-v5` then set: `export GAIA_V5_KEYRING_BACKEND=pass` + +## Adding keys to the keyring + +:::warning +Make sure you can build your own binary, and replace `simd` with the name of your binary in the snippets. +::: + +Applications developed using the Cosmos SDK come with the `keys` subcommand. For the purpose of this tutorial, we're running the `simd` CLI, which is an application built using the Cosmos SDK for testing and educational purposes. For more information, see [`simapp`](https://github.com/cosmos/cosmos-sdk/tree/main/simapp). + +You can use `simd keys` for help about the keys command and `simd keys [command] --help` for more information about a particular subcommand. + +To create a new key in the keyring, run the `add` subcommand with a `` argument. For the purpose of this tutorial, we will solely use the `test` backend, and call our new key `my_validator`. This key will be used in the next section. + +```bash +$ simd keys add my_validator --keyring-backend test + +# Put the generated address in a variable for later use. +MY_VALIDATOR_ADDRESS=$(simd keys show my_validator -a --keyring-backend test) +``` + +This command generates a new 24-word mnemonic phrase, persists it to the relevant backend, and outputs information about the keypair. If this keypair will be used to hold value-bearing tokens, be sure to write down the mnemonic phrase somewhere safe! + +By default, the keyring generates a `secp256k1` keypair. The keyring also supports `ed25519` keys, which may be created by passing the `--algo ed25519` flag. A keyring can of course hold both types of keys simultaneously, and the Cosmos SDK's `x/auth` module supports natively these two public key algorithms. diff --git a/copy-of-sdk-versioned_docs/version-0.47/user/run-node/01-run-node.md b/copy-of-sdk-versioned_docs/version-0.47/user/run-node/01-run-node.md new file mode 100644 index 00000000..3ac0958d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/user/run-node/01-run-node.md @@ -0,0 +1,211 @@ +--- +sidebar_position: 1 +--- + +# Running a Node + +:::note Synopsis +Now that the application is ready and the keyring populated, it's time to see how to run the blockchain node. In this section, the application we are running is called [`simapp`](https://github.com/cosmos/cosmos-sdk/tree/main/simapp), and its corresponding CLI binary `simd`. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK Application](../../learn/beginner/00-overview-app.md) +* [Setting up the keyring](./00-keyring.md) + +::: + +## Initialize the Chain + +:::warning +Make sure you can build your own binary, and replace `simd` with the name of your binary in the snippets. +::: + +Before actually running the node, we need to initialize the chain, and most importantly its genesis file. This is done with the `init` subcommand: + +```bash +# The argument is the custom username of your node, it should be human-readable. +simd init --chain-id my-test-chain +``` + +The command above creates all the configuration files needed for your node to run, as well as a default genesis file, which defines the initial state of the network. + +:::tip +All these configuration files are in `~/.simapp` by default, but you can overwrite the location of this folder by passing the `--home` flag to each commands, +or set an `$APPD_HOME` environment variable (where `APPD` is the name of the binary). +::: + +The `~/.simapp` folder has the following structure: + +```bash +. # ~/.simapp + |- data # Contains the databases used by the node. + |- config/ + |- app.toml # Application-related configuration file. + |- config.toml # CometBFT-related configuration file. + |- genesis.json # The genesis file. + |- node_key.json # Private key to use for node authentication in the p2p protocol. + |- priv_validator_key.json # Private key to use as a validator in the consensus protocol. +``` + +## Updating Some Default Settings + +If you want to change any field values in configuration files (for ex: genesis.json) you can use `jq` ([installation](https://stedolan.github.io/jq/download/) & [docs](https://stedolan.github.io/jq/manual/#Assignment)) & `sed` commands to do that. Few examples are listed here. + +```bash +# to change the chain-id +jq '.chain_id = "testing"' genesis.json > temp.json && mv temp.json genesis.json + +# to enable the api server +sed -i '/\[api\]/,+3 s/enable = false/enable = true/' app.toml + +# to change the voting_period +jq '.app_state.gov.voting_params.voting_period = "600s"' genesis.json > temp.json && mv temp.json genesis.json + +# to change the inflation +jq '.app_state.mint.minter.inflation = "0.300000000000000000"' genesis.json > temp.json && mv temp.json genesis.json +``` + +### Client Interaction + +When instantiating a node, GRPC and REST are defaulted to localhost to avoid unknown exposure of your node to the public. It is recommended to not expose these endpoints without a proxy that can handle load balancing or authentication is setup between your node and the public. + +:::tip +A commonly used tool for this is [nginx](https://nginx.org). +::: + + +## Adding Genesis Accounts + +Before starting the chain, you need to populate the state with at least one account. To do so, first [create a new account in the keyring](./00-keyring.md#adding-keys-to-the-keyring) named `my_validator` under the `test` keyring backend (feel free to choose another name and another backend). + +Now that you have created a local account, go ahead and grant it some `stake` tokens in your chain's genesis file. Doing so will also make sure your chain is aware of this account's existence: + +```bash +simd genesis add-genesis-account $MY_VALIDATOR_ADDRESS 100000000000stake +``` + +Recall that `$MY_VALIDATOR_ADDRESS` is a variable that holds the address of the `my_validator` key in the [keyring](./00-keyring.md#adding-keys-to-the-keyring). Also note that the tokens in the Cosmos SDK have the `{amount}{denom}` format: `amount` is is a 18-digit-precision decimal number, and `denom` is the unique token identifier with its denomination key (e.g. `atom` or `uatom`). Here, we are granting `stake` tokens, as `stake` is the token identifier used for staking in [`simapp`](https://github.com/cosmos/cosmos-sdk/tree/main/simapp). For your own chain with its own staking denom, that token identifier should be used instead. + +Now that your account has some tokens, you need to add a validator to your chain. Validators are special full-nodes that participate in the consensus process (implemented in the [underlying consensus engine](../../learn/intro/02-sdk-app-architecture.md#cometbft)) in order to add new blocks to the chain. Any account can declare its intention to become a validator operator, but only those with sufficient delegation get to enter the active set (for example, only the top 125 validator candidates with the most delegation get to be validators in the Cosmos Hub). For this guide, you will add your local node (created via the `init` command above) as a validator of your chain. Validators can be declared before a chain is first started via a special transaction included in the genesis file called a `gentx`: + +```bash +# Create a gentx. +simd genesis gentx my_validator 100000000stake --chain-id my-test-chain --keyring-backend test + +# Add the gentx to the genesis file. +simd genesis collect-gentxs +``` + +A `gentx` does three things: + +1. Registers the `validator` account you created as a validator operator account (i.e. the account that controls the validator). +2. Self-delegates the provided `amount` of staking tokens. +3. Link the operator account with a CometBFT node pubkey that will be used for signing blocks. If no `--pubkey` flag is provided, it defaults to the local node pubkey created via the `simd init` command above. + +For more information on `gentx`, use the following command: + +```bash +simd genesis gentx --help +``` + +## Configuring the Node Using `app.toml` and `config.toml` + +The Cosmos SDK automatically generates two configuration files inside `~/.simapp/config`: + +* `config.toml`: used to configure the CometBFT, learn more on [CometBFT's documentation](https://docs.cometbft.com/v0.37/core/configuration), +* `app.toml`: generated by the Cosmos SDK, and used to configure your app, such as state pruning strategies, telemetry, gRPC and REST servers configuration, state sync... + +Both files are heavily commented, please refer to them directly to tweak your node. + +One example config to tweak is the `minimum-gas-prices` field inside `app.toml`, which defines the minimum gas prices the validator node is willing to accept for processing a transaction. Depending on the chain, it might be an empty string or not. If it's empty, make sure to edit the field with some value, for example `10token`, or else the node will halt on startup. For the purpose of this tutorial, let's set the minimum gas price to 0: + +```toml + # The minimum gas prices a validator is willing to accept for processing a + # transaction. A transaction's fees must meet the minimum of any denomination + # specified in this config (e.g. 0.25token1;0.0001token2). + minimum-gas-prices = "0stake" +``` + +:::tip +When running a node (not a validator!) and not wanting to run the application mempool, set the `max-txs` field to `-1`. + +```toml +[mempool] +# Setting max-txs to 0 will allow for a unbounded amount of transactions in the mempool. +# Setting max_txs to negative 1 (-1) will disable transactions from being inserted into the mempool. +# Setting max_txs to a positive number (> 0) will limit the number of transactions in the mempool, by the specified amount. +# +# Note, this configuration only applies to SDK built-in app-side mempool +# implementations. +max-txs = "-1" +``` + +::: + +## Run a Localnet + +Now that everything is set up, you can finally start your node: + +```bash +simd start +``` + +You should see blocks come in. + +The previous command allow you to run a single node. This is enough for the next section on interacting with this node, but you may wish to run multiple nodes at the same time, and see how consensus happens between them. + +The naive way would be to run the same commands again in separate terminal windows. This is possible, however in the Cosmos SDK, we leverage the power of [Docker Compose](https://docs.docker.com/compose/) to run a localnet. If you need inspiration on how to set up your own localnet with Docker Compose, you can have a look at the Cosmos SDK's [`docker-compose.yml`](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/docker-compose.yml). + +## Logging + +Logging provides a way to see what is going on with a node. By default the info level is set. This is a global level and all info logs will be outputted to the terminal. If you would like to filter specific logs to the terminal instead of all, then setting `module:log_level` is how this can work. + +Example: + +In config.toml: + +```toml +log_level: "state:info,p2p:info,consensus:info,x/staking:info,x/ibc:info,*error" +``` + +## State Sync + +State sync is the act in which a node syncs the latest or close to the latest state of a blockchain. This is useful for users who don't want to sync all the blocks in history. Read more in [CometBFT documentation](https://docs.cometbft.com/v0.37/core/state-sync). + +State sync works thanks to snapshots. Read how the SDK handles snapshots [here](https://github.com/cosmos/cosmos-sdk/blob/825245d/store/snapshots/README.md). + +### Local State Sync + +Local state sync work similar to normal state sync except that it works off a local snapshot of state instead of one provided via the p2p network. The steps to start local state sync are similar to normal state sync with a few different designs. + +1. As mentioned in https://docs.cometbft.com/v0.37/core/state-sync, one must set a height and hash in the config.toml along with a few rpc servers (the afromentioned link has instructions on how to do this). +2. Run ` ` to restore a local snapshot (note: first load it from a file with the *load* command). +3. Bootsrapping Comet state in order to start the node after the snapshot has been ingested. This can be done with the bootstrap command ` comet bootstrap-state` + +### Snapshots Commands + +The Cosmos SDK provides commands for managing snapshots. +These commands can be added in an app with the following snippet in `cmd//root.go`: + +```go +import ( + "github.com/cosmos/cosmos-sdk/client/snapshot" +) + +func initRootCmd(/* ... */) { + // ... + rootCmd.AddCommand( + snapshot.Cmd(appCreator), + ) +} +``` + +Then following commands are available at ` snapshots [command]`: + +* **list**: list local snapshots +* **load**: Load a snapshot archive file into snapshot store +* **restore**: Restore app state from local snapshot +* **export**: Export app state to snapshot store +* **dump**: Dump the snapshot as portable archive format +* **delete**: Delete a local snapshot diff --git a/copy-of-sdk-versioned_docs/version-0.47/user/run-node/02-interact-node.md b/copy-of-sdk-versioned_docs/version-0.47/user/run-node/02-interact-node.md new file mode 100644 index 00000000..c73355ee --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/user/run-node/02-interact-node.md @@ -0,0 +1,289 @@ +--- +sidebar_position: 1 +--- + +# Interacting with the Node + +:::note Synopsis +There are multiple ways to interact with a node: using the CLI, using gRPC or using the REST endpoints. +::: + +:::note Pre-requisite Readings + +* [gRPC, REST and CometBFT Endpoints](../../learn/advanced/09-grpc_rest.md) +* [Running a Node](./01-run-node.md) + +::: + +## Using the CLI + +Now that your chain is running, it is time to try sending tokens from the first account you created to a second account. In a new terminal window, start by running the following query command: + +```bash +simd query bank balances $MY_VALIDATOR_ADDRESS +``` + +You should see the current balance of the account you created, equal to the original balance of `stake` you granted it minus the amount you delegated via the `gentx`. Now, create a second account: + +```bash +simd keys add recipient --keyring-backend test + +# Put the generated address in a variable for later use. +RECIPIENT=$(simd keys show recipient -a --keyring-backend test) +``` + +The command above creates a local key-pair that is not yet registered on the chain. An account is created the first time it receives tokens from another account. Now, run the following command to send tokens to the `recipient` account: + +```bash +simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000000stake --chain-id my-test-chain --keyring-backend test + +# Check that the recipient account did receive the tokens. +simd query bank balances $RECIPIENT +``` + +Finally, delegate some of the stake tokens sent to the `recipient` account to the validator: + +```bash +simd tx staking delegate $(simd keys show my_validator --bech val -a --keyring-backend test) 500stake --from recipient --chain-id my-test-chain --keyring-backend test + +# Query the total delegations to `validator`. +simd query staking delegations-to $(simd keys show my_validator --bech val -a --keyring-backend test) +``` + +You should see two delegations, the first one made from the `gentx`, and the second one you just performed from the `recipient` account. + +## Using gRPC + +The Protobuf ecosystem developed tools for different use cases, including code-generation from `*.proto` files into various languages. These tools allow the building of clients easily. Often, the client connection (i.e. the transport) can be plugged and replaced very easily. Let's explore one of the most popular transport: [gRPC](../../learn/advanced/09-grpc_rest.md). + +Since the code generation library largely depends on your own tech stack, we will only present three alternatives: + +* `grpcurl` for generic debugging and testing, +* programmatically via Go, +* CosmJS for JavaScript/TypeScript developers. + +### grpcurl + +[grpcurl](https://github.com/fullstorydev/grpcurl) is like `curl` but for gRPC. It is also available as a Go library, but we will use it only as a CLI command for debugging and testing purposes. Follow the instructions in the previous link to install it. + +Assuming you have a local node running (either a localnet, or connected a live network), you should be able to run the following command to list the Protobuf services available (you can replace `localhost:9000` by the gRPC server endpoint of another node, which is configured under the `grpc.address` field inside [`app.toml`](01-run-node.md#configuring-the-node-using-apptoml-and-configtoml)): + +```bash +grpcurl -plaintext localhost:9090 list +``` + +You should see a list of gRPC services, like `cosmos.bank.v1beta1.Query`. This is called reflection, which is a Protobuf endpoint returning a description of all available endpoints. Each of these represents a different Protobuf service, and each service exposes multiple RPC methods you can query against. + +In order to get a description of the service you can run the following command: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + describe cosmos.bank.v1beta1.Query # Service we want to inspect +``` + +It's also possible to execute an RPC call to query the node for information: + +```bash +grpcurl \ + -plaintext \ + -d "{\"address\":\"$MY_VALIDATOR_ADDRESS\"}" \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/AllBalances +``` + +The list of all available gRPC query endpoints is [coming soon](https://github.com/cosmos/cosmos-sdk/issues/7786). + +#### Query for historical state using grpcurl + +You may also query for historical data by passing some [gRPC metadata](https://github.com/grpc/grpc-go/blob/master/Documentation/grpc-metadata.md) to the query: the `x-cosmos-block-height` metadata should contain the block to query. Using grpcurl as above, the command looks like: + +```bash +grpcurl \ + -plaintext \ + -H "x-cosmos-block-height: 123" \ + -d "{\"address\":\"$MY_VALIDATOR_ADDRESS\"}" \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/AllBalances +``` + +Assuming the state at that block has not yet been pruned by the node, this query should return a non-empty response. + +### Programmatically via Go + +The following snippet shows how to query the state using gRPC inside a Go program. The idea is to create a gRPC connection, and use the Protobuf-generated client code to query the gRPC server. + +#### Install Cosmos SDK + + +```bash +go get github.com/cosmos/cosmos-sdk@main +``` + +```go +package main + +import ( + "context" + "fmt" + + "google.golang.org/grpc" + + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" +) + +func queryState() error { + myAddress, err := sdk.AccAddressFromBech32("cosmos1...") // the my_validator or recipient address. + if err != nil { + return err + } + + // Create a connection to the gRPC server. + grpcConn, err := grpc.Dial( + "127.0.0.1:9090", // your gRPC server address. + grpc.WithInsecure(), // The Cosmos SDK doesn't support any transport security mechanism. + // This instantiates a general gRPC codec which handles proto bytes. We pass in a nil interface registry + // if the request/response types contain interface instead of 'nil' you should pass the application specific codec. + grpc.WithDefaultCallOptions(grpc.ForceCodec(codec.NewProtoCodec(nil).GRPCCodec())), + ) + if err != nil { + return err + } + defer grpcConn.Close() + + // This creates a gRPC client to query the x/bank service. + bankClient := banktypes.NewQueryClient(grpcConn) + bankRes, err := bankClient.Balance( + context.Background(), + &banktypes.QueryBalanceRequest{Address: myAddress.String(), Denom: "stake"}, + ) + if err != nil { + return err + } + + fmt.Println(bankRes.GetBalance()) // Prints the account balance + + return nil +} + +func main() { + if err := queryState(); err != nil { + panic(err) + } +} +``` + +You can replace the query client (here we are using `x/bank`'s) with one generated from any other Protobuf service. The list of all available gRPC query endpoints is [coming soon](https://github.com/cosmos/cosmos-sdk/issues/7786). + +#### Query for historical state using Go + +Querying for historical blocks is done by adding the block height metadata in the gRPC request. + +```go +package main + +import ( + "context" + "fmt" + + "google.golang.org/grpc" + "google.golang.org/grpc/metadata" + + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + grpctypes "github.com/cosmos/cosmos-sdk/types/grpc" + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" +) + +func queryState() error { + myAddress, err := sdk.AccAddressFromBech32("cosmos1yerherx4d43gj5wa3zl5vflj9d4pln42n7kuzu") // the my_validator or recipient address. + if err != nil { + return err + } + + // Create a connection to the gRPC server. + grpcConn, err := grpc.Dial( + "127.0.0.1:9090", // your gRPC server address. + grpc.WithInsecure(), // The Cosmos SDK doesn't support any transport security mechanism. + // This instantiates a general gRPC codec which handles proto bytes. We pass in a nil interface registry + // if the request/response types contain interface instead of 'nil' you should pass the application specific codec. + grpc.WithDefaultCallOptions(grpc.ForceCodec(codec.NewProtoCodec(nil).GRPCCodec())), + ) + if err != nil { + return err + } + defer grpcConn.Close() + + // This creates a gRPC client to query the x/bank service. + bankClient := banktypes.NewQueryClient(grpcConn) + + var header metadata.MD + _, err = bankClient.Balance( + metadata.AppendToOutgoingContext(context.Background(), grpctypes.GRPCBlockHeightHeader, "12"), // Add metadata to request + &banktypes.QueryBalanceRequest{Address: myAddress.String(), Denom: "stake"}, + grpc.Header(&header), // Retrieve header from response + ) + if err != nil { + return err + } + blockHeight := header.Get(grpctypes.GRPCBlockHeightHeader) + + fmt.Println(blockHeight) // Prints the block height (12) + + return nil +} + +func main() { + if err := queryState(); err != nil { + panic(err) + } +} +``` + +### CosmJS + +CosmJS documentation can be found at [https://cosmos.github.io/cosmjs](https://cosmos.github.io/cosmjs). As of January 2021, CosmJS documentation is still work in progress. + +## Using the REST Endpoints + +As described in the [gRPC guide](../../learn/advanced/09-grpc_rest.md), all gRPC services on the Cosmos SDK are made available for more convenient REST-based queries through gRPC-gateway. The format of the URL path is based on the Protobuf service method's full-qualified name, but may contain small customizations so that final URLs look more idiomatic. For example, the REST endpoint for the `cosmos.bank.v1beta1.Query/AllBalances` method is `GET /cosmos/bank/v1beta1/balances/{address}`. Request arguments are passed as query parameters. + +Note that the REST endpoints are not enabled by default. To enable them, edit the `api` section of your `~/.simapp/config/app.toml` file: + +```toml +# Enable defines if the API server should be enabled. +enable = true +``` + +As a concrete example, the `curl` command to make balances request is: + +```bash +curl \ + -X GET \ + -H "Content-Type: application/json" \ + http://localhost:1317/cosmos/bank/v1beta1/balances/$MY_VALIDATOR_ADDRESS +``` + +Make sure to replace `localhost:1317` with the REST endpoint of your node, configured under the `api.address` field. + +The list of all available REST endpoints is available as a Swagger specification file, it can be viewed at `localhost:1317/swagger`. Make sure that the `api.swagger` field is set to true in your [`app.toml`](01-run-node.md#configuring-the-node-using-apptoml-and-configtoml) file. + +### Query for historical state using REST + +Querying for historical state is done using the HTTP header `x-cosmos-block-height`. For example, a curl command would look like: + +```bash +curl \ + -X GET \ + -H "Content-Type: application/json" \ + -H "x-cosmos-block-height: 123" \ + http://localhost:1317/cosmos/bank/v1beta1/balances/$MY_VALIDATOR_ADDRESS +``` + +Assuming the state at that block has not yet been pruned by the node, this query should return a non-empty response. + +### Cross-Origin Resource Sharing (CORS) + +[CORS policies](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) are not enabled by default to help with security. If you would like to use the rest-server in a public environment we recommend you provide a reverse proxy, this can be done with [nginx](https://www.nginx.com/). For testing and development purposes there is an `enabled-unsafe-cors` field inside [`app.toml`](01-run-node.md#configuring-the-node-using-apptoml-and-configtoml). diff --git a/copy-of-sdk-versioned_docs/version-0.47/user/run-node/03-txs.md b/copy-of-sdk-versioned_docs/version-0.47/user/run-node/03-txs.md new file mode 100644 index 00000000..fb4de189 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/user/run-node/03-txs.md @@ -0,0 +1,387 @@ +--- +sidebar_position: 1 +--- + +# Generating, Signing and Broadcasting Transactions + +:::note Synopsis +This document describes how to generate an (unsigned) transaction, signing it (with one or multiple keys), and broadcasting it to the network. +::: + +## Using the CLI + +The easiest way to send transactions is using the CLI, as we have seen in the previous page when [interacting with a node](./02-interact-node.md#using-the-cli). For example, running the following command + +```bash +simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake --chain-id my-test-chain --keyring-backend test +``` + +will run the following steps: + +* generate a transaction with one `Msg` (`x/bank`'s `MsgSend`), and print the generated transaction to the console. +* ask the user for confirmation to send the transaction from the `$MY_VALIDATOR_ADDRESS` account. +* fetch `$MY_VALIDATOR_ADDRESS` from the keyring. This is possible because we have [set up the CLI's keyring](./00-keyring.md) in a previous step. +* sign the generated transaction with the keyring's account. +* broadcast the signed transaction to the network. This is possible because the CLI connects to the node's CometBFT RPC endpoint. + +The CLI bundles all the necessary steps into a simple-to-use user experience. However, it's possible to run all the steps individually too. + +### Generating a Transaction + +Generating a transaction can simply be done by appending the `--generate-only` flag on any `tx` command, e.g.: + +```bash +simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake --chain-id my-test-chain --generate-only +``` + +This will output the unsigned transaction as JSON in the console. We can also save the unsigned transaction to a file (to be passed around between signers more easily) by appending `> unsigned_tx.json` to the above command. + +### Signing a Transaction + +Signing a transaction using the CLI requires the unsigned transaction to be saved in a file. Let's assume the unsigned transaction is in a file called `unsigned_tx.json` in the current directory (see previous paragraph on how to do that). Then, simply run the following command: + +```bash +simd tx sign unsigned_tx.json --chain-id my-test-chain --keyring-backend test --from $MY_VALIDATOR_ADDRESS +``` + +This command will decode the unsigned transaction and sign it with `SIGN_MODE_DIRECT` with `$MY_VALIDATOR_ADDRESS`'s key, which we already set up in the keyring. The signed transaction will be output as JSON to the console, and, as above, we can save it to a file by appending `--output-document signed_tx.json`. + +Some useful flags to consider in the `tx sign` command: + +* `--sign-mode`: you may use `amino-json` to sign the transaction using `SIGN_MODE_LEGACY_AMINO_JSON`, +* `--offline`: sign in offline mode. This means that the `tx sign` command doesn't connect to the node to retrieve the signer's account number and sequence, both needed for signing. In this case, you must manually supply the `--account-number` and `--sequence` flags. This is useful for offline signing, i.e. signing in a secure environment which doesn't have access to the internet. + +#### Signing with Multiple Signers + +:::warning +Please note that signing a transaction with multiple signers or with a multisig account, where at least one signer uses `SIGN_MODE_DIRECT`, is not yet possible. You may follow [this Github issue](https://github.com/cosmos/cosmos-sdk/issues/8141) for more info. +::: + +Signing with multiple signers is done with the `tx multisign` command. This command assumes that all signers use `SIGN_MODE_LEGACY_AMINO_JSON`. The flow is similar to the `tx sign` command flow, but instead of signing an unsigned transaction file, each signer signs the file signed by previous signer(s). The `tx multisign` command will append signatures to the existing transactions. It is important that signers sign the transaction **in the same order** as given by the transaction, which is retrievable using the `GetSigners()` method. + +For example, starting with the `unsigned_tx.json`, and assuming the transaction has 4 signers, we would run: + +```bash +# Let signer1 sign the unsigned tx. +simd tx multisign unsigned_tx.json signer_key_1 --chain-id my-test-chain --keyring-backend test > partial_tx_1.json +# Now signer1 will send the partial_tx_1.json to the signer2. +# Signer2 appends their signature: +simd tx multisign partial_tx_1.json signer_key_2 --chain-id my-test-chain --keyring-backend test > partial_tx_2.json +# Signer2 sends the partial_tx_2.json file to signer3, and signer3 can append his signature: +simd tx multisign partial_tx_2.json signer_key_3 --chain-id my-test-chain --keyring-backend test > partial_tx_3.json +``` + +### Broadcasting a Transaction + +Broadcasting a transaction is done using the following command: + +```bash +simd tx broadcast tx_signed.json +``` + +You may optionally pass the `--broadcast-mode` flag to specify which response to receive from the node: + +* `sync`: the CLI waits for a CheckTx execution response only. +* `async`: the CLI returns immediately (transaction might fail). + +### Encoding a Transaction + +In order to broadcast a transaction using the gRPC or REST endpoints, the transaction will need to be encoded first. This can be done using the CLI. + +Encoding a transaction is done using the following command: + +```bash +simd tx encode tx_signed.json +``` + +This will read the transaction from the file, serialize it using Protobuf, and output the transaction bytes as base64 in the console. + +### Decoding a Transaction + +The CLI can also be used to decode transaction bytes. + +Decoding a transaction is done using the following command: + +```bash +simd tx decode [protobuf-byte-string] +``` + +This will decode the transaction bytes and output the transaction as JSON in the console. You can also save the transaction to a file by appending `> tx.json` to the above command. + +## Programmatically with Go + +It is possible to manipulate transactions programmatically via Go using the Cosmos SDK's `TxBuilder` interface. + +### Generating a Transaction + +Before generating a transaction, a new instance of a `TxBuilder` needs to be created. Since the Cosmos SDK supports both Amino and Protobuf transactions, the first step would be to decide which encoding scheme to use. All the subsequent steps remain unchanged, whether you're using Amino or Protobuf, as `TxBuilder` abstracts the encoding mechanisms. In the following snippet, we will use Protobuf. + +```go +import ( + "github.com/cosmos/cosmos-sdk/simapp" +) + +func sendTx() error { + // Choose your codec: Amino or Protobuf. Here, we use Protobuf, given by the following function. + app := simapp.NewSimApp(...) + + // Create a new TxBuilder. + txBuilder := app.TxConfig().NewTxBuilder() + + // --snip-- +} +``` + +We can also set up some keys and addresses that will send and receive the transactions. Here, for the purpose of the tutorial, we will be using some dummy data to create keys. + +```go +import ( + "github.com/cosmos/cosmos-sdk/testutil/testdata" +) + +priv1, _, addr1 := testdata.KeyTestPubAddr() +priv2, _, addr2 := testdata.KeyTestPubAddr() +priv3, _, addr3 := testdata.KeyTestPubAddr() +``` + +Populating the `TxBuilder` can be done via its methods: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/client/tx_config.go#L33-L50 +``` + +```go +import ( + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" +) + +func sendTx() error { + // --snip-- + + // Define two x/bank MsgSend messages: + // - from addr1 to addr3, + // - from addr2 to addr3. + // This means that the transactions needs two signers: addr1 and addr2. + msg1 := banktypes.NewMsgSend(addr1, addr3, types.NewCoins(types.NewInt64Coin("atom", 12))) + msg2 := banktypes.NewMsgSend(addr2, addr3, types.NewCoins(types.NewInt64Coin("atom", 34))) + + err := txBuilder.SetMsgs(msg1, msg2) + if err != nil { + return err + } + + txBuilder.SetGasLimit(...) + txBuilder.SetFeeAmount(...) + txBuilder.SetMemo(...) + txBuilder.SetTimeoutHeight(...) +} +``` + +At this point, `TxBuilder`'s underlying transaction is ready to be signed. + +### Signing a Transaction + +We set encoding config to use Protobuf, which will use `SIGN_MODE_DIRECT` by default. As per [ADR-020](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-020-protobuf-transaction-encoding.md), each signer needs to sign the `SignerInfo`s of all other signers. This means that we need to perform two steps sequentially: + +* for each signer, populate the signer's `SignerInfo` inside `TxBuilder`, +* once all `SignerInfo`s are populated, for each signer, sign the `SignDoc` (the payload to be signed). + +In the current `TxBuilder`'s API, both steps are done using the same method: `SetSignatures()`. The current API requires us to first perform a round of `SetSignatures()` _with empty signatures_, only to populate `SignerInfo`s, and a second round of `SetSignatures()` to actually sign the correct payload. + +```go +import ( + cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" + "github.com/cosmos/cosmos-sdk/types/tx/signing" + xauthsigning "github.com/cosmos/cosmos-sdk/x/auth/signing" +) + +func sendTx() error { + // --snip-- + + privs := []cryptotypes.PrivKey{priv1, priv2} + accNums:= []uint64{..., ...} // The accounts' account numbers + accSeqs:= []uint64{..., ...} // The accounts' sequence numbers + + // First round: we gather all the signer infos. We use the "set empty + // signature" hack to do that. + var sigsV2 []signing.SignatureV2 + for i, priv := range privs { + sigV2 := signing.SignatureV2{ + PubKey: priv.PubKey(), + Data: &signing.SingleSignatureData{ + SignMode: encCfg.TxConfig.SignModeHandler().DefaultMode(), + Signature: nil, + }, + Sequence: accSeqs[i], + } + + sigsV2 = append(sigsV2, sigV2) + } + err := txBuilder.SetSignatures(sigsV2...) + if err != nil { + return err + } + + // Second round: all signer infos are set, so each signer can sign. + sigsV2 = []signing.SignatureV2{} + for i, priv := range privs { + signerData := xauthsigning.SignerData{ + ChainID: chainID, + AccountNumber: accNums[i], + Sequence: accSeqs[i], + } + sigV2, err := tx.SignWithPrivKey( + encCfg.TxConfig.SignModeHandler().DefaultMode(), signerData, + txBuilder, priv, encCfg.TxConfig, accSeqs[i]) + if err != nil { + return nil, err + } + + sigsV2 = append(sigsV2, sigV2) + } + err = txBuilder.SetSignatures(sigsV2...) + if err != nil { + return err + } +} +``` + +The `TxBuilder` is now correctly populated. To print it, you can use the `TxConfig` interface from the initial encoding config `encCfg`: + +```go +func sendTx() error { + // --snip-- + + // Generated Protobuf-encoded bytes. + txBytes, err := encCfg.TxConfig.TxEncoder()(txBuilder.GetTx()) + if err != nil { + return err + } + + // Generate a JSON string. + txJSONBytes, err := encCfg.TxConfig.TxJSONEncoder()(txBuilder.GetTx()) + if err != nil { + return err + } + txJSON := string(txJSONBytes) +} +``` + +### Broadcasting a Transaction + +The preferred way to broadcast a transaction is to use gRPC, though using REST (via `gRPC-gateway`) or the CometBFT RPC is also posible. An overview of the differences between these methods is exposed [here](../../learn/advanced/09-grpc_rest.md). For this tutorial, we will only describe the gRPC method. + +```go +import ( + "context" + "fmt" + + "google.golang.org/grpc" + + "github.com/cosmos/cosmos-sdk/types/tx" +) + +func sendTx(ctx context.Context) error { + // --snip-- + + // Create a connection to the gRPC server. + grpcConn := grpc.Dial( + "127.0.0.1:9090", // Or your gRPC server address. + grpc.WithInsecure(), // The Cosmos SDK doesn't support any transport security mechanism. + ) + defer grpcConn.Close() + + // Broadcast the tx via gRPC. We create a new client for the Protobuf Tx + // service. + txClient := tx.NewServiceClient(grpcConn) + // We then call the BroadcastTx method on this client. + grpcRes, err := txClient.BroadcastTx( + ctx, + &tx.BroadcastTxRequest{ + Mode: tx.BroadcastMode_BROADCAST_MODE_SYNC, + TxBytes: txBytes, // Proto-binary of the signed transaction, see previous step. + }, + ) + if err != nil { + return err + } + + fmt.Println(grpcRes.TxResponse.Code) // Should be `0` if the tx is successful + + return nil +} +``` + +#### Simulating a Transaction + +Before broadcasting a transaction, we sometimes may want to dry-run the transaction, to estimate some information about the transaction without actually committing it. This is called simulating a transaction, and can be done as follows: + +```go +import ( + "context" + "fmt" + "testing" + + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/types/tx" + authtx "github.com/cosmos/cosmos-sdk/x/auth/tx" +) + +func simulateTx() error { + // --snip-- + + // Simulate the tx via gRPC. We create a new client for the Protobuf Tx + // service. + txClient := tx.NewServiceClient(grpcConn) + txBytes := /* Fill in with your signed transaction bytes. */ + + // We then call the Simulate method on this client. + grpcRes, err := txClient.Simulate( + context.Background(), + &tx.SimulateRequest{ + TxBytes: txBytes, + }, + ) + if err != nil { + return err + } + + fmt.Println(grpcRes.GasInfo) // Prints estimated gas used. + + return nil +} +``` + +## Using gRPC + +It is not possible to generate or sign a transaction using gRPC, only to broadcast one. In order to broadcast a transaction using gRPC, you will need to generate, sign, and encode the transaction using either the CLI or programmatically with Go. + +### Broadcasting a Transaction + +Broadcasting a transaction using the gRPC endpoint can be done by sending a `BroadcastTx` request as follows, where the `txBytes` are the protobuf-encoded bytes of a signed transaction: + +```bash +grpcurl -plaintext \ + -d '{"tx_bytes":"{{txBytes}}","mode":"BROADCAST_MODE_SYNC"}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/BroadcastTx +``` + +## Using REST + +It is not possible to generate or sign a transaction using REST, only to broadcast one. In order to broadcast a transaction using REST, you will need to generate, sign, and encode the transaction using either the CLI or programmatically with Go. + +### Broadcasting a Transaction + +Broadcasting a transaction using the REST endpoint (served by `gRPC-gateway`) can be done by sending a POST request as follows, where the `txBytes` are the protobuf-encoded bytes of a signed transaction: + +```bash +curl -X POST \ + -H "Content-Type: application/json" \ + -d'{"tx_bytes":"{{txBytes}}","mode":"BROADCAST_MODE_SYNC"}' \ + localhost:1317/cosmos/tx/v1beta1/txs +``` + +## Using CosmJS (JavaScript & TypeScript) + +CosmJS aims to build client libraries in JavaScript that can be embedded in web applications. Please see [https://cosmos.github.io/cosmjs](https://cosmos.github.io/cosmjs) for more information. As of January 2021, CosmJS documentation is still work in progress. diff --git a/copy-of-sdk-versioned_docs/version-0.47/user/run-node/04-rosetta.md b/copy-of-sdk-versioned_docs/version-0.47/user/run-node/04-rosetta.md new file mode 100644 index 00000000..3d8467ae --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/user/run-node/04-rosetta.md @@ -0,0 +1,122 @@ +--- +sidebar_position: 1 +--- + +# Rosetta + +The `rosetta` package implements Coinbase's [Rosetta API](https://www.rosetta-api.org). This document provides instructions on how to use the Rosetta API integration. For information about the motivation and design choices, refer to [ADR 035](https://docs.cosmos.network/main/architecture/adr-035-rosetta-api-support). + +## Add Rosetta Command + +The Rosetta API server is a stand-alone server that connects to a node of a chain developed with Cosmos SDK. + +To enable Rosetta API support, it's required to add the `RosettaCommand` to your application's root command file (e.g. `simd/cmd/root.go`). + +Import the `rosettaCmd` package: + +```go +import "cosmossdk.io/tools/rosetta/cmd" +``` + +Find the following line: + +```go +initRootCmd(rootCmd, encodingConfig) +``` + +After that line, add the following: + +```go +rootCmd.AddCommand( + rosettaCmd.RosettaCommand(encodingConfig.InterfaceRegistry, encodingConfig.Codec) +) +``` + +The `RosettaCommand` function builds the `rosetta` root command and is defined in the `rosettaCmd` package (`cosmossdk.io/tools/rosetta/cmd`). + +Since we’ve updated the Cosmos SDK to work with the Rosetta API, updating the application's root command file is all you need to do. + +An implementation example can be found in `simapp` package. + +## Use Rosetta Command + +To run Rosetta in your application CLI, use the following command: + +```shell +simd rosetta --help +``` + +To test and run Rosetta API endpoints for applications that are running and exposed, use the following command: + +```shell +simd rosetta + --blockchain "your application name (ex: gaia)" + --network "your chain identifier (ex: testnet-1)" + --tendermint "tendermint endpoint (ex: localhost:26657)" + --grpc "gRPC endpoint (ex: localhost:9090)" + --addr "rosetta binding address (ex: :8080)" +``` + +## Use Rosetta Standalone + +To use Rosetta standalone, without having to add it in your application, install it with the following command: + +```bash +go install cosmossdk.io/tools/rosetta/cmd/rosetta +``` + +Alternatively, for building from source, simply run `make rosetta`. The binary will be located in `tools/rosetta`. + +## Extensions + +There are two ways in which you can customize and extend the implementation with your custom settings. + +### Message extension + +In order to make an `sdk.Msg` understandable by rosetta the only thing which is required is adding the methods to your messages that satisfy the `rosetta.Msg` interface. Examples on how to do so can be found in the staking types such as `MsgDelegate`, or in bank types such as `MsgSend`. + +### Client interface override + +In case more customization is required, it's possible to embed the Client type and override the methods which require customizations. + +Example: + +```go +package custom_client +import ( + +"context" +"github.com/coinbase/rosetta-sdk-go/types" +"cosmossdk.io/tools/rosetta/lib" +) + +// CustomClient embeds the standard cosmos client +// which means that it implements the cosmos-rosetta-gateway Client +// interface while at the same time allowing to customize certain methods +type CustomClient struct { + *rosetta.Client +} + +func (c *CustomClient) ConstructionPayload(_ context.Context, request *types.ConstructionPayloadsRequest) (resp *types.ConstructionPayloadsResponse, err error) { + // provide custom signature bytes + panic("implement me") +} +``` + +NOTE: when using a customized client, the command cannot be used as the constructors required **may** differ, so it's required to create a new one. We intend to provide a way to init a customized client without writing extra code in the future. + +### Error extension + +Since rosetta requires to provide 'returned' errors to network options. In order to declare a new rosetta error, we use the `errors` package in cosmos-rosetta-gateway. + +Example: + +```go +package custom_errors +import crgerrs "cosmossdk.io/tools/rosetta/lib/errors" + +var customErrRetriable = true +var CustomError = crgerrs.RegisterError(100, "custom message", customErrRetriable, "description") +``` + +Note: errors must be registered before cosmos-rosetta-gateway's `Server`.`Start` method is called. Otherwise the registration will be ignored. Errors with same code will be ignored too. diff --git a/copy-of-sdk-versioned_docs/version-0.47/user/run-node/05-run-testnet.md b/copy-of-sdk-versioned_docs/version-0.47/user/run-node/05-run-testnet.md new file mode 100644 index 00000000..c2b5da59 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/user/run-node/05-run-testnet.md @@ -0,0 +1,101 @@ +--- +sidebar_position: 1 +--- + +# Running a Testnet + +:::note Synopsis +The `simd testnet` subcommand makes it easy to initialize and start a simulated test network for testing purposes. +::: + +In addition to the commands for [running a node](./01-run-node.md), the `simd` binary also includes a `testnet` command that allows you to start a simulated test network in-process or to initialize files for a simulated test network that runs in a separate process. + +## Initialize Files + +First, let's take a look at the `init-files` subcommand. + +This is similar to the `init` command when initializing a single node, but in this case we are initializing multiple nodes, generating the genesis transactions for each node, and then collecting those transactions. + +The `init-files` subcommand initializes the necessary files to run a test network in a separate process (i.e. using a Docker container). Running this command is not a prerequisite for the `start` subcommand ([see below](#start-testnet)). + +In order to initialize the files for a test network, run the following command: + +```bash +simd testnet init-files +``` + +You should see the following output in your terminal: + +```bash +Successfully initialized 4 node directories +``` + +The default output directory is a relative `.testnets` directory. Let's take a look at the files created within the `.testnets` directory. + +### gentxs + +The `gentxs` directory includes a genesis transaction for each validator node. Each file includes a JSON encoded genesis transaction used to register a validator node at the time of genesis. The genesis transactions are added to the `genesis.json` file within each node directory during the initilization process. + +### nodes + +A node directory is created for each validator node. Within each node directory is a `simd` directory. The `simd` directory is the home directory for each node, which includes the configuration and data files for that node (i.e. the same files included in the default `~/.simapp` directory when running a single node). + +## Start Testnet + +Now, let's take a look at the `start` subcommand. + +The `start` subcommand both initializes and starts an in-process test network. This is the fastest way to spin up a local test network for testing purposes. + +You can start the local test network by running the following command: + +```bash +simd testnet start +``` + +You should see something similar to the following: + +```bash +acquiring test network lock +preparing test network with chain-id "chain-mtoD9v" + + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++ THIS MNEMONIC IS FOR TESTING PURPOSES ONLY ++ +++ DO NOT USE IN PRODUCTION ++ +++ ++ +++ sustain know debris minute gate hybrid stereo custom ++ +++ divorce cross spoon machine latin vibrant term oblige ++ +++ moment beauty laundry repeat grab game bronze truly ++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + +starting test network... +started test network +press the Enter Key to terminate +``` + +The first validator node is now running in-process, which means the test network will terminate once you either close the terminal window or you press the Enter key. In the output, the mnemonic phrase for the first validator node is provided for testing purposes. The validator node is using the same default addresses being used when initializing and starting a single node (no need to provide a `--node` flag). + +Check the status of the first validator node: + +```shell +simd status +``` + +Import the key from the provided mnemonic: + +```shell +simd keys add test --recover --keyring-backend test +``` + +Check the balance of the account address: + +```shell +simd q bank balances [address] +``` + +Use this test account to manually test against the test network. + +## Testnet Options + +You can customize the configuration of the test network with flags. In order to see all flag options, append the `--help` flag to each command. diff --git a/copy-of-sdk-versioned_docs/version-0.47/user/run-node/06-run-production.md b/copy-of-sdk-versioned_docs/version-0.47/user/run-node/06-run-production.md new file mode 100644 index 00000000..807ceea5 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/user/run-node/06-run-production.md @@ -0,0 +1,269 @@ +--- +sidebar_position: 1 +--- + +# Running in Production + +:::note Synopsis +This section describes how to securely run a node in a public setting and/or on a mainnet on one of the many Cosmos SDK public blockchains. +::: + +When operating a node, full node or validator, in production it is important to set your server up securely. + +:::note +There are many different ways to secure a server and your node, the described steps here is one way. To see another way of setting up a server see the [run in production tutorial](https://tutorials.cosmos.network/hands-on-exercise/5-run-in-prod/1-overview.html). +::: + +:::note +This walkthrough assumes the underlying operating system is Ubuntu. +::: + +## Sever Setup + +### User + +When creating a server most times it is created as user `root`. This user has heightened privileges on the server. When operating a node, it is recommended to not run your node as the root user. + +1. Create a new user + +```bash +sudo adduser change_me +``` + +2. We want to allow this user to perform sudo tasks + +```bash +sudo usermod -aG sudo change_me +``` + +Now when logging into the server, the non `root` user can be used. + +### Go + +1. Install the [Go](https://go.dev/doc/install) version preconized by the application. + +:::warning +In the past, validators [have had issues](https://github.com/cosmos/cosmos-sdk/issues/13976) when using different versions of Go. It is recommended that the whole validator set uses the version of Go that is preconized by the application. +::: + +### Firewall + +Nodes should not have all ports open to the public, this is a simple way to get DDOS'd. Secondly it is recommended by [CometBFT](github.com/cometbft/cometbft) to never expose ports that are not required to operate a node. + +When setting up a firewall there are a few ports that can be open when operating a Cosmos SDK node. There is the CometBFT json-RPC, prometheus, p2p, remote signer and Cosmos SDK GRPC and REST. If the node is being operated as a node that does not offer endpoints to be used for submission or querying then a max of three endpoints are needed. + +Most, if not all servers come equipped with [ufw](https://help.ubuntu.com/community/UFW). Ufw will be used in this tutorial. + +1. Reset UFW to disallow all incoming connections and allow outgoing + +```bash +sudo ufw default deny incoming +sudo ufw default allow outgoing +``` + +2. Lets make sure that port 22 (ssh) stays open. + +```bash +sudo ufw allow ssh +``` + +or + +```bash +sudo ufw allow 22 +``` + +Both of the above commands are the same. + +3. Allow Port 26656 (cometbft p2p port). If the node has a modified p2p port then that port must be used here. + +```bash +sudo ufw allow 26656/tcp +``` + +4. Allow port 26660 (cometbft [prometheus](https://prometheus.io)). This acts as the applications monitoring port as well. + +```bash +sudo ufw allow 26660/tcp +``` + +5. IF the node which is being setup would like to expose CometBFTs jsonRPC and Cosmos SDK GRPC and REST then follow this step. (Optional) + +##### CometBFT JsonRPC + +```bash +sudo ufw allow 26657/tcp +``` + +##### Cosmos SDK GRPC + +```bash +sudo ufw allow 9090/tcp +``` + +##### Cosmos SDK REST + +```bash +sudo ufw allow 1317/tcp +``` + +6. Lastly, enable ufw + +```bash +sudo ufw enable +``` + +### Signing + +If the node that is being started is a validator there are multiple ways a validator could sign blocks. + +#### File + +File based signing is the simplest and default approach. This approach works by storing the consensus key, generated on initialization, to sign blocks. This approach is only as safe as your server setup as if the server is compromised so is your key. This key is located in the `config/priv_val_key.json` directory generated on initialization. + +A second file exists that user must be aware of, the file is located in the data directory `data/priv_val_state.json`. This file protects your node from double signing. It keeps track of the consensus keys last sign height, round and latest signature. If the node crashes and needs to be recovered this file must be kept in order to ensure that the consensus key will not be used for signing a block that was previously signed. + +#### Remote Signer + +A remote signer is a secondary server that is separate from the running node that signs blocks with the consensus key. This means that the consensus key does not live on the node itself. This increases security because your full node which is connected to the remote signer can be swapped without missing blocks. + +The two most used remote signers are [tmkms](https://github.com/iqlusioninc/tmkms) from [Iqlusion](https://www.iqlusion.io) and [horcrux](https://github.com/strangelove-ventures/horcrux) from [Strangelove](https://strange.love). + +##### TMKMS + +###### Dependencies + +1. Update server dependencies and install extras needed. + +```sh +sudo apt update -y && sudo apt install build-essential curl jq -y +``` + +2. Install Rust: + +```sh +curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh +``` + +3. Install Libusb: + +```sh +sudo apt install libusb-1.0-0-dev +``` + +###### Setup + +There are two ways to install tmkms, from source or `cargo install`. In the examples we will cover downloading or building from source and using softsign. Softsign stands for software signing, but you could use a [yubihsm](https://www.yubico.com/products/hardware-security-module/) as your signing key if you wish. + +1. Build: + +From source: + +```bash +cd $HOME +git clone https://github.com/iqlusioninc/tmkms.git +cd $HOME/tmkms +cargo install tmkms --features=softsign +tmkms init config +tmkms softsign keygen ./config/secrets/secret_connection_key +``` + +or + +Cargo install: + +```bash +cargo install tmkms --features=softsign +tmkms init config +tmkms softsign keygen ./config/secrets/secret_connection_key +``` + +:::note +To use tmkms with a yubikey install the binary with `--features=yubihsm`. +::: + +2. Migrate the validator key from the full node to the new tmkms instance. + +```bash +scp user@123.456.32.123:~/.simd/config/priv_validator_key.json ~/tmkms/config/secrets +``` + +3. Import the validator key into tmkms. + +```bash +tmkms softsign import $HOME/tmkms/config/secrets/priv_validator_key.json $HOME/tmkms/config/secrets/priv_validator_key +``` + +At this point, it is necessary to delete the `priv_validator_key.json` from the validator node and the tmkms node. Since the key has been imported into tmkms (above) it is no longer necessary on the nodes. The key can be safely stored offline. + +4. Modifiy the `tmkms.toml`. + +```bash +vim $HOME/tmkms/config/tmkms.toml +``` + +This example shows a configuration that could be used for soft signing. The example has an IP of `123.456.12.345` with a port of `26659` a chain_id of `test-chain-waSDSe`. These are items that most be modified for the usecase of tmkms and the network. + +```toml +# CometBFT KMS configuration file + +## Chain Configuration + +[[chain]] +id = "osmosis-1" +key_format = { type = "bech32", account_key_prefix = "cosmospub", consensus_key_prefix = "cosmosvalconspub" } +state_file = "/root/tmkms/config/state/priv_validator_state.json" + +## Signing Provider Configuration + +### Software-based Signer Configuration + +[[providers.softsign]] +chain_ids = ["test-chain-waSDSe"] +key_type = "consensus" +path = "/root/tmkms/config/secrets/priv_validator_key" + +## Validator Configuration + +[[validator]] +chain_id = "test-chain-waSDSe" +addr = "tcp://123.456.12.345:26659" +secret_key = "/root/tmkms/config/secrets/secret_connection_key" +protocol_version = "v0.34" +reconnect = true +``` + +5. Set the address of the tmkms instance. + +```bash +vim $HOME/.simd/config/config.toml + +priv_validator_laddr = "tcp://127.0.0.1:26659" +``` + +:::tip +The above address it set to `127.0.0.1` but it is recommended to set the tmkms server to secure the startup +::: + +:::tip +It is recommended to comment or delete the lines that specify the path of the validator key and validator: + +```toml +# Path to the JSON file containing the private key to use as a validator in the consensus protocol +# priv_validator_key_file = "config/priv_validator_key.json" + +# Path to the JSON file containing the last sign state of a validator +# priv_validator_state_file = "data/priv_validator_state.json" +``` + +::: + +6. Start the two processes. + +```bash +tmkms start -c $HOME/tmkms/config/tmkms.toml +``` + +```bash +simd start +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/user/run-node/07-multisig-guide.md b/copy-of-sdk-versioned_docs/version-0.47/user/run-node/07-multisig-guide.md new file mode 100644 index 00000000..d9112929 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/user/run-node/07-multisig-guide.md @@ -0,0 +1,108 @@ +--- +sidebar_position: 1 +--- + +# Guide to Multisig transactions + +## Overview + +Multisignature accounts are accounts that are generated from multiple public keys. A multisig necessitates that any transaction made on its behalf must be signed by a specified threshold of its members. + +A common use case for multisigs is to increase security of a signing account, and/or enable multiple parties to agree on and authorize a transaction. + +The first step is to create a multisig signing key by using the public keys of all possible signers and the minimum threshold of addresses that are needed to sign any transaction from the account. The threshold can be the same amount as the total number of addresses comprising the multisig. + +Whatever machine is generating the multisig, it should at least have all of the public keys imported into the same keyring. + +When you want to create a multisig transaction, you would create the transaction as normal, but instead of signing it with a single account's private key, you would need to sign it with the private keys of the accounts that make up the multisig key. + +This is done by signing the transaction multiple times, once with each private key. The order of the signatures matters and must match the order of the public keys in the multisig key. + +Once you have a transaction with the necessary signatures, it can be broadcasted to the network. The network will verify that the transaction has the necessary signatures from the accounts in the multisig key before it is executed. + +## Step by step guide to multisig transactions + +This tutorial will use the test keyring which will store the keys in the default home directory `~/.simapp` unless otherwise specified. +Verify which keys are available in the test keyring by running `--keyring-backend test`. + +In order to specify a consistent keyring for the entirety of the tutorial, set the default keyring by running `simd config keyring-backend test`. + +```shell +simd keys list +``` + +If you don't already have accounts listed create the accounts using the below. + +```shell +simd keys add alice +simd keys add bob +simd keys add recipient +``` + +Alternatively the public keys comprising the multisig can be imported into the keyring. + +```shell +simd keys add alice --pubkey --keyring backend test +``` + +Create the multisig account between bob and alice. + +```shell +simd keys add alice-bob-multisig --multisig alice,bob --multisig-threshold 2 +``` + +Before generating any transaction, verify the balance of each account and note the amount. This step is crucial to confirm that the transaction can be processed successfully. + +```shell +simd query bank balances $(simd keys show my_validator -a) +simd query bank balances $(simd keys show alice-bob-multisig -a) +``` + +Ensure that the alice-bob-multisig account is funded with a sufficient balance to complete the transaction (gas included). In our case, the genesis account, my_validator, holds our funds. Therefore, we will transfer funds from the `my_validator` account to the `alice-bob-multisig` account. +Fund the multisig by sending it `stake` from the genesis account. + +```shell + simd tx bank send $(simd keys show my_validator -a) $(simd keys show alice-bob-multisig -a) "10000stake" +``` + +Check both accounts again to see if the funds have transferred. + +```shell +simd query bank balances $(simd keys show alice-bob-multisig -a) +``` + +Initiate the transaction. This command will create a transaction from the multisignature account `alice-bob-multisig` to send 1000stake to the recipient account. The transaction will be generated but not broadcasted yet. + +```shell +simd tx bank send $(simd keys show alice-bob-multisig -a) $(simd keys show recipient -a) 1000stake --generate-only --chain-id my-test-chain > tx.json +``` + +Alice signs the transaction using their key and refers to the multisig address. Execute the command below to accomplish this: + +```shell +simd tx sign --from $(simd keys show alice -a) --multisig=cosmos1re6mg24kvzjzmwmly3dqrqzdkruxwvctw8wwds tx.json --chain-id my-test-chain > tx-signed-alice.json +``` + +Let's repeat for Bob. + +```shell +simd tx sign --from $(simd keys show bob -a) --multisig=cosmos1re6mg24kvzjzmwmly3dqrqzdkruxwvctw8wwds tx.json --chain-id my-test-chain > tx-signed-bob.json +``` + +Execute a multisign transaction by using the `simd tx multisign` command. This command requires the names and signed transactions of all the participants in the multisig account. Here, Alice and Bob are the participants: + +```shell +simd tx multisign tx.json alice-bob-multisig tx-signed-alice.json tx-signed-bob.json --chain-id my-test-chain > tx-signed.json +``` + +Once the multisigned transaction is generated, it needs to be broadcasted to the network. This is done using the simd tx broadcast command: + +```shell +simd tx broadcast tx-signed.json --chain-id my-test-chain --gas auto --fees 250stake +``` + +Once the transaction is broadcasted, it's a good practice to verify if the transaction was successful. You can query the recipient's account balance again to confirm if the funds were indeed transferred: + +```shell +simd query bank balances $(simd keys show alice-bob-multisig -a) +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/user/run-node/_category_.json b/copy-of-sdk-versioned_docs/version-0.47/user/run-node/_category_.json new file mode 100644 index 00000000..7fcac509 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/user/run-node/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Running a Node, API and CLI", + "position": 1, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.47/user/user.md b/copy-of-sdk-versioned_docs/version-0.47/user/user.md new file mode 100644 index 00000000..34f3e8cd --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/user/user.md @@ -0,0 +1,11 @@ +--- +sidebar_position: 0 +--- +# User Guides + +This section is designed for developers who are using the Cosmos SDK to build applications. It provides essential guides and references to effectively use the SDK's features. + +* [Setting up keys](./run-node/00-keyring.md) - Learn how to set up secure key management using the Cosmos SDK's keyring feature. This guide provides a streamlined approach to cryptographic key handling, which is crucial for securing your application. +* [Running a node](./run-node/01-run-node.md) - This guide provides step-by-step instructions to deploy and manage a node in the Cosmos network. It ensures a smooth and reliable operation of your blockchain application by covering all the necessary setup and maintenance steps. +* [CLI](./run-node/02-interact-node.md) - Discover how to navigate and interact with the Cosmos SDK using the Command Line Interface (CLI). This section covers efficient and powerful command-based operations that can help you manage your application effectively. + diff --git a/copy-of-sdk-versioned_docs/version-0.47/validate/05-run-testnet.md b/copy-of-sdk-versioned_docs/version-0.47/validate/05-run-testnet.md new file mode 100644 index 00000000..e9a06ed3 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/validate/05-run-testnet.md @@ -0,0 +1,101 @@ +--- +sidebar_position: 1 +--- + +# Running a Testnet + +:::note Synopsis +The `simd testnet` subcommand makes it easy to initialize and start a simulated test network for testing purposes. +::: + +In addition to the commands for [running a node](../user/run-node/01-run-node.md), the `simd` binary also includes a `testnet` command that allows you to start a simulated test network in-process or to initialize files for a simulated test network that runs in a separate process. + +## Initialize Files + +First, let's take a look at the `init-files` subcommand. + +This is similar to the `init` command when initializing a single node, but in this case we are initializing multiple nodes, generating the genesis transactions for each node, and then collecting those transactions. + +The `init-files` subcommand initializes the necessary files to run a test network in a separate process (i.e. using a Docker container). Running this command is not a prerequisite for the `start` subcommand ([see below](#start-testnet)). + +In order to initialize the files for a test network, run the following command: + +```bash +simd testnet init-files +``` + +You should see the following output in your terminal: + +```bash +Successfully initialized 4 node directories +``` + +The default output directory is a relative `.testnets` directory. Let's take a look at the files created within the `.testnets` directory. + +### gentxs + +The `gentxs` directory includes a genesis transaction for each validator node. Each file includes a JSON encoded genesis transaction used to register a validator node at the time of genesis. The genesis transactions are added to the `genesis.json` file within each node directory during the initilization process. + +### nodes + +A node directory is created for each validator node. Within each node directory is a `simd` directory. The `simd` directory is the home directory for each node, which includes the configuration and data files for that node (i.e. the same files included in the default `~/.simapp` directory when running a single node). + +## Start Testnet + +Now, let's take a look at the `start` subcommand. + +The `start` subcommand both initializes and starts an in-process test network. This is the fastest way to spin up a local test network for testing purposes. + +You can start the local test network by running the following command: + +```bash +simd testnet start +``` + +You should see something similar to the following: + +```bash +acquiring test network lock +preparing test network with chain-id "chain-mtoD9v" + + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++ THIS MNEMONIC IS FOR TESTING PURPOSES ONLY ++ +++ DO NOT USE IN PRODUCTION ++ +++ ++ +++ sustain know debris minute gate hybrid stereo custom ++ +++ divorce cross spoon machine latin vibrant term oblige ++ +++ moment beauty laundry repeat grab game bronze truly ++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + +starting test network... +started test network +press the Enter Key to terminate +``` + +The first validator node is now running in-process, which means the test network will terminate once you either close the terminal window or you press the Enter key. In the output, the mnemonic phrase for the first validator node is provided for testing purposes. The validator node is using the same default addresses being used when initializing and starting a single node (no need to provide a `--node` flag). + +Check the status of the first validator node: + +```shell +simd status +``` + +Import the key from the provided mnemonic: + +```shell +simd keys add test --recover --keyring-backend test +``` + +Check the balance of the account address: + +```shell +simd q bank balances [address] +``` + +Use this test account to manually test against the test network. + +## Testnet Options + +You can customize the configuration of the test network with flags. In order to see all flag options, append the `--help` flag to each command. diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/00-baseapp.md b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/00-baseapp.md new file mode 100644 index 00000000..161a1d1a --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/00-baseapp.md @@ -0,0 +1,547 @@ +--- +sidebar_position: 1 +--- + +# BaseApp + +:::note Synopsis +This document describes `BaseApp`, the abstraction that implements the core functionalities of a Cosmos SDK application. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK application](../beginner/00-app-anatomy.md) +* [Lifecycle of a Cosmos SDK transaction](../beginner/01-tx-lifecycle.md) + +::: + +## Introduction + +`BaseApp` is a base type that implements the core of a Cosmos SDK application, namely: + +* The [Application Blockchain Interface](#main-abci-messages), for the state-machine to communicate with the underlying consensus engine (e.g. CometBFT). +* [Service Routers](#service-routers), to route messages and queries to the appropriate module. +* Different [states](#state-updates), as the state-machine can have different volatile states updated based on the ABCI message received. + +The goal of `BaseApp` is to provide the fundamental layer of a Cosmos SDK application +that developers can easily extend to build their own custom application. Usually, +developers will create a custom type for their application, like so: + +```go +type App struct { + // reference to a BaseApp + *baseapp.BaseApp + + // list of application store keys + + // list of application keepers + + // module manager +} +``` + +Extending the application with `BaseApp` gives the former access to all of `BaseApp`'s methods. +This allows developers to compose their custom application with the modules they want, while not +having to concern themselves with the hard work of implementing the ABCI, the service routers and state +management logic. + +## Type Definition + +The `BaseApp` type holds many important parameters for any Cosmos SDK based application. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/baseapp/baseapp.go#L58-L182 +``` + +Let us go through the most important components. + +> **Note**: Not all parameters are described, only the most important ones. Refer to the +> type definition for the full list. + +First, the important parameters that are initialized during the bootstrapping of the application: + +* [`CommitMultiStore`](./04-store.md#commitmultistore): This is the main store of the application, + which holds the canonical state that is committed at the [end of each block](#commit). This store + is **not** cached, meaning it is not used to update the application's volatile (un-committed) states. + The `CommitMultiStore` is a multi-store, meaning a store of stores. Each module of the application + uses one or multiple `KVStores` in the multi-store to persist their subset of the state. +* Database: The `db` is used by the `CommitMultiStore` to handle data persistence. +* [`Msg` Service Router](#msg-service-router): The `msgServiceRouter` facilitates the routing of `sdk.Msg` requests to the appropriate + module `Msg` service for processing. Here a `sdk.Msg` refers to the transaction component that needs to be + processed by a service in order to update the application state, and not to ABCI message which implements + the interface between the application and the underlying consensus engine. +* [gRPC Query Router](#grpc-query-router): The `grpcQueryRouter` facilitates the routing of gRPC queries to the + appropriate module for it to be processed. These queries are not ABCI messages themselves, but they + are relayed to the relevant module's gRPC `Query` service. +* [`TxDecoder`](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/types#TxDecoder): It is used to decode + raw transaction bytes relayed by the underlying CometBFT engine. +* [`AnteHandler`](#antehandler): This handler is used to handle signature verification, fee payment, + and other pre-message execution checks when a transaction is received. It's executed during + [`CheckTx/RecheckTx`](#checktx) and [`FinalizeBlock`](#finalizeblock). +* [`InitChainer`](../beginner/00-app-anatomy.md#initchainer), [`PreBlocker`](../beginner/00-app-anatomy.md#preblocker), [`BeginBlocker` and `EndBlocker`](../beginner/00-app-anatomy.md#beginblocker-and-endblocker): These are + the functions executed when the application receives the `InitChain` and `FinalizeBlock` + ABCI messages from the underlying CometBFT engine. + +Then, parameters used to define [volatile states](#state-updates) (i.e. cached states): + +* `checkState`: This state is updated during [`CheckTx`](#checktx), and reset on [`Commit`](#commit). +* `finalizeBlockState`: This state is updated during [`FinalizeBlock`](#finalizeblock), and set to `nil` on + [`Commit`](#commit) and gets re-initialized on `FinalizeBlock`. +* `processProposalState`: This state is updated during [`ProcessProposal`](#process-proposal). +* `prepareProposalState`: This state is updated during [`PrepareProposal`](#prepare-proposal). + +Finally, a few more important parameters: + +* `voteInfos`: This parameter carries the list of validators whose precommit is missing, either + because they did not vote or because the proposer did not include their vote. This information is + carried by the [Context](./02-context.md) and can be used by the application for various things like + punishing absent validators. +* `minGasPrices`: This parameter defines the minimum gas prices accepted by the node. This is a + **local** parameter, meaning each full-node can set a different `minGasPrices`. It is used in the + `AnteHandler` during [`CheckTx`](#checktx), mainly as a spam protection mechanism. The transaction + enters the [mempool](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#mempool-methods) + only if the gas prices of the transaction are greater than one of the minimum gas price in + `minGasPrices` (e.g. if `minGasPrices == 1uatom,1photon`, the `gas-price` of the transaction must be + greater than `1uatom` OR `1photon`). +* `appVersion`: Version of the application. It is set in the + [application's constructor function](../beginner/00-app-anatomy.md#constructor-function). + +## Constructor + +```go +func NewBaseApp( + name string, logger log.Logger, db dbm.DB, txDecoder sdk.TxDecoder, options ...func(*BaseApp), +) *BaseApp { + + // ... +} +``` + +The `BaseApp` constructor function is pretty straightforward. The only thing worth noting is the +possibility to provide additional [`options`](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/baseapp/options.go) +to the `BaseApp`, which will execute them in order. The `options` are generally `setter` functions +for important parameters, like `SetPruning()` to set pruning options or `SetMinGasPrices()` to set +the node's `min-gas-prices`. + +Naturally, developers can add additional `options` based on their application's needs. + +## State Updates + +The `BaseApp` maintains four primary volatile states and a root or main state. The main state +is the canonical state of the application and the volatile states, `checkState`, `prepareProposalState`, `processProposalState` and `finalizeBlockState` +are used to handle state transitions in-between the main state made during [`Commit`](#commit). + +Internally, there is only a single `CommitMultiStore` which we refer to as the main or root state. +From this root state, we derive four volatile states by using a mechanism called _store branching_ (performed by `CacheWrap` function). +The types can be illustrated as follows: + +![Types](./baseapp_state.png) + +### InitChain State Updates + +During `InitChain`, the four volatile states, `checkState`, `prepareProposalState`, `processProposalState` +and `finalizeBlockState` are set by branching the root `CommitMultiStore`. Any subsequent reads and writes happen +on branched versions of the `CommitMultiStore`. +To avoid unnecessary roundtrip to the main state, all reads to the branched store are cached. + +![InitChain](./baseapp_state-initchain.png) + +### CheckTx State Updates + +During `CheckTx`, the `checkState`, which is based off of the last committed state from the root +store, is used for any reads and writes. Here we only execute the `AnteHandler` and verify a service router +exists for every message in the transaction. Note, when we execute the `AnteHandler`, we branch +the already branched `checkState`. +This has the side effect that if the `AnteHandler` fails, the state transitions won't be reflected in the `checkState` +-- i.e. `checkState` is only updated on success. + +![CheckTx](./baseapp_state-checktx.png) + +### PrepareProposal State Updates + +During `PrepareProposal`, the `prepareProposalState` is set by branching the root `CommitMultiStore`. +The `prepareProposalState` is used for any reads and writes that occur during the `PrepareProposal` phase. +The function uses the `Select()` method of the mempool to iterate over the transactions. `runTx` is then called, +which encodes and validates each transaction and from there the `AnteHandler` is executed. +If successful, valid transactions are returned inclusive of the events, tags, and data generated +during the execution of the proposal. +The described behavior is that of the default handler, applications have the flexibility to define their own +[custom mempool handlers](https://docs.cosmos.network/main/building-apps/app-mempool#custom-mempool-handlers). + +![ProcessProposal](./baseapp_state-prepareproposal.png) + +### ProcessProposal State Updates + +During `ProcessProposal`, the `processProposalState` is set based off of the last committed state +from the root store and is used to process a signed proposal received from a validator. +In this state, `runTx` is called and the `AnteHandler` is executed and the context used in this state is built with information +from the header and the main state, including the minimum gas prices, which are also set. +Again we want to highlight that the described behavior is that of the default handler and applications have the flexibility to define their own +[custom mempool handlers](https://docs.cosmos.network/main/building-apps/app-mempool#custom-mempool-handlers). + +![ProcessProposal](./baseapp_state-processproposal.png) + +### FinalizeBlock State Updates + +During `FinalizeBlock`, the `finalizeBlockState` is set for use during transaction execution and endblock. The +`finalizeBlockState` is based off of the last committed state from the root store and is branched. +Note, the `finalizeBlockState` is set to `nil` on [`Commit`](#commit). + +The state flow for transaction execution is nearly identical to `CheckTx` except state transitions occur on +the `finalizeBlockState` and messages in a transaction are executed. Similarly to `CheckTx`, state transitions +occur on a doubly branched state -- `finalizeBlockState`. Successful message execution results in +writes being committed to `finalizeBlockState`. Note, if message execution fails, state transitions from +the AnteHandler are persisted. + +### Commit State Updates + +During `Commit` all the state transitions that occurred in the `finalizeBlockState` are finally written to +the root `CommitMultiStore` which in turn is committed to disk and results in a new application +root hash. These state transitions are now considered final. Finally, the `checkState` is set to the +newly committed state and `finalizeBlockState` is set to `nil` to be reset on `FinalizeBlock`. + +![Commit](./baseapp_state-commit.png) + +## ParamStore + +During `InitChain`, the `RequestInitChain` provides `ConsensusParams` which contains parameters +related to block execution such as maximum gas and size in addition to evidence parameters. If these +parameters are non-nil, they are set in the BaseApp's `ParamStore`. Behind the scenes, the `ParamStore` +is managed by an `x/consensus_params` module. This allows the parameters to be tweaked via + on-chain governance. + +## Service Routers + +When messages and queries are received by the application, they must be routed to the appropriate module in order to be processed. Routing is done via `BaseApp`, which holds a `msgServiceRouter` for messages, and a `grpcQueryRouter` for queries. + +### `Msg` Service Router + +[`sdk.Msg`s](../../build/building-modules/02-messages-and-queries.md#messages) need to be routed after they are extracted from transactions, which are sent from the underlying CometBFT engine via the [`CheckTx`](#checktx) and [`FinalizeBlock`](#finalizeblock) ABCI messages. To do so, `BaseApp` holds a `msgServiceRouter` which maps fully-qualified service methods (`string`, defined in each module's Protobuf `Msg` service) to the appropriate module's `MsgServer` implementation. + +The [default `msgServiceRouter` included in `BaseApp`](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/baseapp/msg_service_router.go) is stateless. However, some applications may want to make use of more stateful routing mechanisms such as allowing governance to disable certain routes or point them to new modules for upgrade purposes. For this reason, the `sdk.Context` is also passed into each [route handler inside `msgServiceRouter`](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/baseapp/msg_service_router.go#L31-L32). For a stateless router that doesn't want to make use of this, you can just ignore the `ctx`. + +The application's `msgServiceRouter` is initialized with all the routes using the application's [module manager](../../build/building-modules/01-module-manager.md#manager) (via the `RegisterServices` method), which itself is initialized with all the application's modules in the application's [constructor](../beginner/00-app-anatomy.md#constructor-function). + +### gRPC Query Router + +Similar to `sdk.Msg`s, [`queries`](../../build/building-modules/02-messages-and-queries.md#queries) need to be routed to the appropriate module's [`Query` service](../../build/building-modules/04-query-services.md). To do so, `BaseApp` holds a `grpcQueryRouter`, which maps modules' fully-qualified service methods (`string`, defined in their Protobuf `Query` gRPC) to their `QueryServer` implementation. The `grpcQueryRouter` is called during the initial stages of query processing, which can be either by directly sending a gRPC query to the gRPC endpoint, or via the [`Query` ABCI message](#query) on the CometBFT RPC endpoint. + +Just like the `msgServiceRouter`, the `grpcQueryRouter` is initialized with all the query routes using the application's [module manager](../../build/building-modules/01-module-manager.md) (via the `RegisterServices` method), which itself is initialized with all the application's modules in the application's [constructor](../beginner/00-app-anatomy.md#app-constructor). + +## Main ABCI 2.0 Messages + +The [Application-Blockchain Interface](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md) (ABCI) is a generic interface that connects a state-machine with a consensus engine to form a functional full-node. It can be wrapped in any language, and needs to be implemented by each application-specific blockchain built on top of an ABCI-compatible consensus engine like CometBFT. + +The consensus engine handles two main tasks: + +* The networking logic, which mainly consists in gossiping block parts, transactions and consensus votes. +* The consensus logic, which results in the deterministic ordering of transactions in the form of blocks. + +It is **not** the role of the consensus engine to define the state or the validity of transactions. Generally, transactions are handled by the consensus engine in the form of `[]bytes`, and relayed to the application via the ABCI to be decoded and processed. At keys moments in the networking and consensus processes (e.g. beginning of a block, commit of a block, reception of an unconfirmed transaction, ...), the consensus engine emits ABCI messages for the state-machine to act on. + +Developers building on top of the Cosmos SDK need not implement the ABCI themselves, as `BaseApp` comes with a built-in implementation of the interface. Let us go through the main ABCI messages that `BaseApp` implements: + +* [`Prepare Proposal`](#prepare-proposal) +* [`Process Proposal`](#process-proposal) +* [`CheckTx`](#checktx) +* [`FinalizeBlock`](#finalizeblock) +* [`ExtendVote`](#extendvote) +* [`VerifyVoteExtension`](#verifyvoteextension) + + +### Prepare Proposal + +The `PrepareProposal` function is part of the new methods introduced in Application Blockchain Interface (ABCI++) in CometBFT and is an important part of the application's overall governance system. In the Cosmos SDK, it allows the application to have more fine-grained control over the transactions that are processed, and ensures that only valid transactions are committed to the blockchain. + +Here is how the `PrepareProposal` function can be implemented: + +1. Extract the `sdk.Msg`s from the transaction. +2. Perform _stateful_ checks by calling `Validate()` on each of the `sdk.Msg`'s. This is done after _stateless_ checks as _stateful_ checks are more computationally expensive. If `Validate()` fails, `PrepareProposal` returns before running further checks, which saves resources. +3. Perform any additional checks that are specific to the application, such as checking account balances, or ensuring that certain conditions are met before a transaction is proposed.hey are processed by the consensus engine, if necessary. +4. Return the updated transactions to be processed by the consensus engine + +Note that, unlike `CheckTx()`, `PrepareProposal` process `sdk.Msg`s, so it can directly update the state. However, unlike `FinalizeBlock()`, it does not commit the state updates. It's important to exercise caution when using `PrepareProposal` as incorrect coding could affect the overall liveness of the network. + +It's important to note that `PrepareProposal` complements the `ProcessProposal` method which is executed after this method. The combination of these two methods means that it is possible to guarantee that no invalid transactions are ever committed. Furthermore, such a setup can give rise to other interesting use cases such as Oracles, threshold decryption and more. + +`PrepareProposal` returns a response to the underlying consensus engine of type [`abci.ResponseCheckTx`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#processproposal). The response contains: + +* `Code (uint32)`: Response Code. `0` if successful. +* `Data ([]byte)`: Result bytes, if any. +* `Log (string):` The output of the application's logger. May be non-deterministic. +* `Info (string):` Additional information. May be non-deterministic. + + +### Process Proposal + +The `ProcessProposal` function is called by the BaseApp as part of the ABCI message flow, and is executed during the `FinalizeBlock` phase of the consensus process. The purpose of this function is to give more control to the application for block validation, allowing it to check all transactions in a proposed block before the validator sends the prevote for the block. It allows a validator to perform application-dependent work in a proposed block, enabling features such as immediate block execution, and allows the Application to reject invalid blocks. + +The `ProcessProposal` function performs several key tasks, including: + +1. Validating the proposed block by checking all transactions in it. +2. Checking the proposed block against the current state of the application, to ensure that it is valid and that it can be executed. +3. Updating the application's state based on the proposal, if it is valid and passes all checks. +4. Returning a response to CometBFT indicating the result of the proposal processing. + +The `ProcessProposal` is an important part of the application's overall governance system. It is used to manage the network's parameters and other key aspects of its operation. It also ensures that the coherence property is adhered to i.e. all honest validators must accept a proposal by an honest proposer. + +It's important to note that `ProcessProposal` complements the `PrepareProposal` method which enables the application to have more fine-grained transaction control by allowing it to reorder, drop, delay, modify, and even add transactions as they see necessary. The combination of these two methods means that it is possible to guarantee that no invalid transactions are ever committed. Furthermore, such a setup can give rise to other interesting use cases such as Oracles, threshold decryption and more. + +CometBFT calls it when it receives a proposal and the CometBFT algorithm has not locked on a value. The Application cannot modify the proposal at this point but can reject it if it is invalid. If that is the case, CometBFT will prevote `nil` on the proposal, which has strong liveness implications for CometBFT. As a general rule, the Application SHOULD accept a prepared proposal passed via `ProcessProposal`, even if a part of the proposal is invalid (e.g., an invalid transaction); the Application can ignore the invalid part of the prepared proposal at block execution time. + +However, developers must exercise greater caution when using these methods. Incorrectly coding these methods could affect liveness as CometBFT is unable to receive 2/3 valid precommits to finalize a block. + +`ProcessProposal` returns a response to the underlying consensus engine of type [`abci.ResponseCheckTx`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#processproposal). The response contains: + +* `Code (uint32)`: Response Code. `0` if successful. +* `Data ([]byte)`: Result bytes, if any. +* `Log (string):` The output of the application's logger. May be non-deterministic. +* `Info (string):` Additional information. May be non-deterministic. + + +### CheckTx + +`CheckTx` is sent by the underlying consensus engine when a new unconfirmed (i.e. not yet included in a valid block) +transaction is received by a full-node. The role of `CheckTx` is to guard the full-node's mempool +(where unconfirmed transactions are stored until they are included in a block) from spam transactions. +Unconfirmed transactions are relayed to peers only if they pass `CheckTx`. + +`CheckTx()` can perform both _stateful_ and _stateless_ checks, but developers should strive to +make the checks **lightweight** because gas fees are not charged for the resources (CPU, data load...) used during the `CheckTx`. + +In the Cosmos SDK, after [decoding transactions](./05-encoding.md), `CheckTx()` is implemented +to do the following checks: + +1. Extract the `sdk.Msg`s from the transaction. +2. **Optionally** perform _stateless_ checks by calling `ValidateBasic()` on each of the `sdk.Msg`s. This is done + first, as _stateless_ checks are less computationally expensive than _stateful_ checks. If + `ValidateBasic()` fail, `CheckTx` returns before running _stateful_ checks, which saves resources. + This check is still performed for messages that have not yet migrated to the new message validation mechanism defined in [RFC 001](https://docs.cosmos.network/main/rfc/rfc-001-tx-validation) and still have a `ValidateBasic()` method. +3. Perform non-module related _stateful_ checks on the [account](../beginner/03-accounts.md). This step is mainly about checking + that the `sdk.Msg` signatures are valid, that enough fees are provided and that the sending account + has enough funds to pay for said fees. Note that no precise [`gas`](../beginner/04-gas-fees.md) counting occurs here, + as `sdk.Msg`s are not processed. Usually, the [`AnteHandler`](../beginner/04-gas-fees.md#antehandler) will check that the `gas` provided + with the transaction is superior to a minimum reference gas amount based on the raw transaction size, + in order to avoid spam with transactions that provide 0 gas. + +`CheckTx` does **not** process `sdk.Msg`s - they only need to be processed when the canonical state needs to be updated, which happens during `FinalizeBlock`. + +Steps 2. and 3. are performed by the [`AnteHandler`](../beginner/04-gas-fees.md#antehandler) in the [`RunTx()`](#runtx-antehandler-and-runmsgs) +function, which `CheckTx()` calls with the `runTxModeCheck` mode. During each step of `CheckTx()`, a +special [volatile state](#state-updates) called `checkState` is updated. This state is used to keep +track of the temporary changes triggered by the `CheckTx()` calls of each transaction without modifying +the [main canonical state](#main-state). For example, when a transaction goes through `CheckTx()`, the +transaction's fees are deducted from the sender's account in `checkState`. If a second transaction is +received from the same account before the first is processed, and the account has consumed all its +funds in `checkState` during the first transaction, the second transaction will fail `CheckTx`() and +be rejected. In any case, the sender's account will not actually pay the fees until the transaction +is actually included in a block, because `checkState` never gets committed to the main state. The +`checkState` is reset to the latest state of the main state each time a blocks gets [committed](#commit). + +`CheckTx` returns a response to the underlying consensus engine of type [`abci.ResponseCheckTx`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#checktx). +The response contains: + +* `Code (uint32)`: Response Code. `0` if successful. +* `Data ([]byte)`: Result bytes, if any. +* `Log (string):` The output of the application's logger. May be non-deterministic. +* `Info (string):` Additional information. May be non-deterministic. +* `GasWanted (int64)`: Amount of gas requested for transaction. It is provided by users when they generate the transaction. +* `GasUsed (int64)`: Amount of gas consumed by transaction. During `CheckTx`, this value is computed by multiplying the standard cost of a transaction byte by the size of the raw transaction. Next is an example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/ante/basic.go#L102 +``` + +* `Events ([]cmn.KVPair)`: Key-Value tags for filtering and indexing transactions (eg. by account). See [`event`s](./08-events.md) for more. +* `Codespace (string)`: Namespace for the Code. + +#### RecheckTx + +After `Commit`, `CheckTx` is run again on all transactions that remain in the node's local mempool +excluding the transactions that are included in the block. To prevent the mempool from rechecking all transactions +every time a block is committed, the configuration option `mempool.recheck=false` can be set. As of +Tendermint v0.32.1, an additional `Type` parameter is made available to the `CheckTx` function that +indicates whether an incoming transaction is new (`CheckTxType_New`), or a recheck (`CheckTxType_Recheck`). +This allows certain checks like signature verification can be skipped during `CheckTxType_Recheck`. + +## RunTx, AnteHandler, RunMsgs, PostHandler + +### RunTx + +`RunTx` is called from `CheckTx`/`Finalizeblock` to handle the transaction, with `execModeCheck` or `execModeFinalize` as parameter to differentiate between the two modes of execution. Note that when `RunTx` receives a transaction, it has already been decoded. + +The first thing `RunTx` does upon being called is to retrieve the `context`'s `CacheMultiStore` by calling the `getContextForTx()` function with the appropriate mode (either `runTxModeCheck` or `execModeFinalize`). This `CacheMultiStore` is a branch of the main store, with cache functionality (for query requests), instantiated during `FinalizeBlock` for transaction execution and during the `Commit` of the previous block for `CheckTx`. After that, two `defer func()` are called for [`gas`](../beginner/04-gas-fees.md) management. They are executed when `runTx` returns and make sure `gas` is actually consumed, and will throw errors, if any. + +After that, `RunTx()` calls `ValidateBasic()`, when available and for backward compatibility, on each `sdk.Msg`in the `Tx`, which runs preliminary _stateless_ validity checks. If any `sdk.Msg` fails to pass `ValidateBasic()`, `RunTx()` returns with an error. + +Then, the [`anteHandler`](#antehandler) of the application is run (if it exists). In preparation of this step, both the `checkState`/`finalizeBlockState`'s `context` and `context`'s `CacheMultiStore` are branched using the `cacheTxContext()` function. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/baseapp/baseapp.go#L663-L680 +``` + +This allows `RunTx` not to commit the changes made to the state during the execution of `anteHandler` if it ends up failing. It also prevents the module implementing the `anteHandler` from writing to state, which is an important part of the [object-capabilities](./10-ocap.md) of the Cosmos SDK. + +Finally, the [`RunMsgs()`](#runmsgs) function is called to process the `sdk.Msg`s in the `Tx`. In preparation of this step, just like with the `anteHandler`, both the `checkState`/`finalizeBlockState`'s `context` and `context`'s `CacheMultiStore` are branched using the `cacheTxContext()` function. + +### AnteHandler + +The `AnteHandler` is a special handler that implements the `AnteHandler` interface and is used to authenticate the transaction before the transaction's internal messages are processed. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/handler.go#L6-L8 +``` + +The `AnteHandler` is theoretically optional, but still a very important component of public blockchain networks. It serves 3 primary purposes: + +* Be a primary line of defense against spam and second line of defense (the first one being the mempool) against transaction replay with fees deduction and [`sequence`](./01-transactions.md#transaction-generation) checking. +* Perform preliminary _stateful_ validity checks like ensuring signatures are valid or that the sender has enough funds to pay for fees. +* Play a role in the incentivisation of stakeholders via the collection of transaction fees. + +`BaseApp` holds an `anteHandler` as parameter that is initialized in the [application's constructor](../beginner/00-app-anatomy.md#application-constructor). The most widely used `anteHandler` is the [`auth` module](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/ante/ante.go). + +Click [here](../beginner/04-gas-fees.md#antehandler) for more on the `anteHandler`. + +### RunMsgs + +`RunMsgs` is called from `RunTx` with `runTxModeCheck` as parameter to check the existence of a route for each message the transaction, and with `execModeFinalize` to actually process the `sdk.Msg`s. + +First, it retrieves the `sdk.Msg`'s fully-qualified type name, by checking the `type_url` of the Protobuf `Any` representing the `sdk.Msg`. Then, using the application's [`msgServiceRouter`](#msg-service-router), it checks for the existence of `Msg` service method related to that `type_url`. At this point, if `mode == runTxModeCheck`, `RunMsgs` returns. Otherwise, if `mode == execModeFinalize`, the [`Msg` service](../../build/building-modules/03-msg-services.md) RPC is executed, before `RunMsgs` returns. + +### PostHandler + +`PostHandler` is similar to `AnteHandler`, but it, as the name suggests, executes custom post tx processing logic after [`RunMsgs`](#runmsgs) is called. `PostHandler` receives the `Result` of the `RunMsgs` in order to enable this customizable behavior. + +Like `AnteHandler`s, `PostHandler`s are theoretically optional. + +Other use cases like unused gas refund can also be enabled by `PostHandler`s. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/posthandler/post.go#L1-L15 +``` + +Note, when `PostHandler`s fail, the state from `runMsgs` is also reverted, effectively making the transaction fail. + +## Other ABCI Messages + +### InitChain + +The [`InitChain` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#method-overview) is sent from the underlying CometBFT engine when the chain is first started. It is mainly used to **initialize** parameters and state like: + +* [Consensus Parameters](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_app_requirements.md#consensus-parameters) via `setConsensusParams`. +* [`checkState` and `finalizeBlockState`](#state-updates) via `setState`. +* The [block gas meter](../beginner/04-gas-fees.md#block-gas-meter), with infinite gas to process genesis transactions. + +Finally, the `InitChain(req abci.RequestInitChain)` method of `BaseApp` calls the [`initChainer()`](../beginner/00-app-anatomy.md#initchainer) of the application in order to initialize the main state of the application from the `genesis file` and, if defined, call the [`InitGenesis`](../../build/building-modules/08-genesis.md#initgenesis) function of each of the application's modules. + + +### FinalizeBlock + +The [`FinalizeBlock` ABCI message](https://github.com/cometbft/cometbft/blob/v0.38.x/spec/abci/abci++_basic_concepts.md#method-overview) is sent from the underlying CometBFT engine when a block proposal created by the correct proposer is received. The previous `BeginBlock, DeliverTx and Endblock` calls are private methods on the BaseApp struct. + + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/baseapp/abci.go#L623 +``` + +#### PreBlock + +* Run the application's [`preBlocker()`](../beginner/00-app-anatomy.md#preblocker), which mainly runs the [`PreBlocker()`](../../build/building-modules/17-preblock.md#preblock) method of each of the modules. + +#### BeginBlock + +* Initialize [`finalizeBlockState`](#state-updates) with the latest header using the `req abci.RequestFinalizeBlock` passed as parameter via the `setState` function. + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/baseapp/baseapp.go#L682-L706 + ``` + + This function also resets the [main gas meter](../beginner/04-gas-fees.md#main-gas-meter). + +* Initialize the [block gas meter](../beginner/04-gas-fees.md#block-gas-meter) with the `maxGas` limit. The `gas` consumed within the block cannot go above `maxGas`. This parameter is defined in the application's consensus parameters. +* Run the application's [`beginBlocker()`](../beginner/00-app-anatomy.md#beginblocker-and-endblocker), which mainly runs the [`BeginBlocker()`](../../build/building-modules/06-beginblock-endblock.md#beginblock) method of each of the modules. +* Set the [`VoteInfos`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#voteinfo) of the application, i.e. the list of validators whose _precommit_ for the previous block was included by the proposer of the current block. This information is carried into the [`Context`](./02-context.md) so that it can be used during transaction execution and EndBlock. + +#### Transaction Execution + +When the underlying consensus engine receives a block proposal, each transaction in the block needs to be processed by the application. To that end, the underlying consensus engine sends the transactions in FinalizeBlock message to the application for each transaction in a sequential order. + +Before the first transaction of a given block is processed, a [volatile state](#state-updates) called `finalizeBlockState` is initialized during FinalizeBlock. This state is updated each time a transaction is processed via `FinalizeBlock`, and committed to the [main state](#main-state) when the block is [committed](#commit), after what it is set to `nil`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/baseapp/baseapp.go#LL708-L743 +``` + +Transaction execution within `FinalizeBlock` performs the **exact same steps as `CheckTx`**, with a little caveat at step 3 and the addition of a fifth step: + +1. The `AnteHandler` does **not** check that the transaction's `gas-prices` is sufficient. That is because the `min-gas-prices` value `gas-prices` is checked against is local to the node, and therefore what is enough for one full-node might not be for another. This means that the proposer can potentially include transactions for free, although they are not incentivised to do so, as they earn a bonus on the total fee of the block they propose. +2. For each `sdk.Msg` in the transaction, route to the appropriate module's Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md). Additional _stateful_ checks are performed, and the branched multistore held in `finalizeBlockState`'s `context` is updated by the module's `keeper`. If the `Msg` service returns successfully, the branched multistore held in `context` is written to `finalizeBlockState` `CacheMultiStore`. + +During the additional fifth step outlined in (2), each read/write to the store increases the value of `GasConsumed`. You can find the default cost of each operation: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/store/types/gas.go#L230-L241 +``` + +At any point, if `GasConsumed > GasWanted`, the function returns with `Code != 0` and the execution fails. + +Each transactions returns a response to the underlying consensus engine of type [`abci.ExecTxResult`](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/spec/abci/abci%2B%2B_methods.md#exectxresult). The response contains: + +* `Code (uint32)`: Response Code. `0` if successful. +* `Data ([]byte)`: Result bytes, if any. +* `Log (string):` The output of the application's logger. May be non-deterministic. +* `Info (string):` Additional information. May be non-deterministic. +* `GasWanted (int64)`: Amount of gas requested for transaction. It is provided by users when they generate the transaction. +* `GasUsed (int64)`: Amount of gas consumed by transaction. During transaction execution, this value is computed by multiplying the standard cost of a transaction byte by the size of the raw transaction, and by adding gas each time a read/write to the store occurs. +* `Events ([]cmn.KVPair)`: Key-Value tags for filtering and indexing transactions (eg. by account). See [`event`s](./08-events.md) for more. +* `Codespace (string)`: Namespace for the Code. + +#### EndBlock + +EndBlock is run after transaction execution completes. It allows developers to have logic be executed at the end of each block. In the Cosmos SDK, the bulk EndBlock() method is to run the application's EndBlocker(), which mainly runs the EndBlocker() method of each of the application's modules. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/baseapp/baseapp.go#L747-L769 +``` + +### Commit + +The [`Commit` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#method-overview) is sent from the underlying CometBFT engine after the full-node has received _precommits_ from 2/3+ of validators (weighted by voting power). On the `BaseApp` end, the `Commit(res abci.ResponseCommit)` function is implemented to commit all the valid state transitions that occurred during `FinalizeBlock` and to reset state for the next block. + +To commit state-transitions, the `Commit` function calls the `Write()` function on `finalizeBlockState.ms`, where `finalizeBlockState.ms` is a branched multistore of the main store `app.cms`. Then, the `Commit` function sets `checkState` to the latest header (obtained from `finalizeBlockState.ctx.BlockHeader`) and `finalizeBlockState` to `nil`. + +Finally, `Commit` returns the hash of the commitment of `app.cms` back to the underlying consensus engine. This hash is used as a reference in the header of the next block. + +### Info + +The [`Info` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#info-methods) is a simple query from the underlying consensus engine, notably used to sync the latter with the application during a handshake that happens on startup. When called, the `Info(res abci.ResponseInfo)` function from `BaseApp` will return the application's name, version and the hash of the last commit of `app.cms`. + +### Query + +The [`Query` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#info-methods) is used to serve queries received from the underlying consensus engine, including queries received via RPC like CometBFT RPC. It used to be the main entrypoint to build interfaces with the application, but with the introduction of [gRPC queries](../../build/building-modules/04-query-services.md) in Cosmos SDK v0.40, its usage is more limited. The application must respect a few rules when implementing the `Query` method, which are outlined [here](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_app_requirements.md#query). + +Each CometBFT `query` comes with a `path`, which is a `string` which denotes what to query. If the `path` matches a gRPC fully-qualified service method, then `BaseApp` will defer the query to the `grpcQueryRouter` and let it handle it like explained [above](#grpc-query-router). Otherwise, the `path` represents a query that is not (yet) handled by the gRPC router. `BaseApp` splits the `path` string with the `/` delimiter. By convention, the first element of the split string (`split[0]`) contains the category of `query` (`app`, `p2p`, `store` or `custom` ). The `BaseApp` implementation of the `Query(req abci.RequestQuery)` method is a simple dispatcher serving these 4 main categories of queries: + +* Application-related queries like querying the application's version, which are served via the `handleQueryApp` method. +* Direct queries to the multistore, which are served by the `handlerQueryStore` method. These direct queries are different from custom queries which go through `app.queryRouter`, and are mainly used by third-party service provider like block explorers. +* P2P queries, which are served via the `handleQueryP2P` method. These queries return either `app.addrPeerFilter` or `app.ipPeerFilter` that contain the list of peers filtered by address or IP respectively. These lists are first initialized via `options` in `BaseApp`'s [constructor](#constructor). + +### ExtendVote + +`ExtendVote` allows an application to extend a pre-commit vote with arbitrary data. This process does NOT have to be deterministic and the data returned can be unique to the validator process. + +In the Cosmos-SDK this is implemented as a NoOp: + +``` go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/baseapp/abci_utils.go#L274-L281 +``` + +### VerifyVoteExtension + +`VerifyVoteExtension` allows an application to verify that the data returned by `ExtendVote` is valid. This process MUST be deterministic. Moreover, the value of ResponseVerifyVoteExtension.status MUST exclusively depend on the parameters passed in the call to RequestVerifyVoteExtension, and the last committed Application state. + +In the Cosmos-SDK this is implemented as a NoOp: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/baseapp/abci_utils.go#L282-L288 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/01-transactions.md b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/01-transactions.md new file mode 100644 index 00000000..900d8b3f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/01-transactions.md @@ -0,0 +1,206 @@ +--- +sidebar_position: 1 +--- + +# Transactions + +:::note Synopsis +`Transactions` are objects created by end-users to trigger state changes in the application. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK Application](../beginner/00-app-anatomy.md) + +::: + +## Transactions + +Transactions are comprised of metadata held in [contexts](./02-context.md) and [`sdk.Msg`s](../../build/building-modules/02-messages-and-queries.md) that trigger state changes within a module through the module's Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md). + +When users want to interact with an application and make state changes (e.g. sending coins), they create transactions. Each of a transaction's `sdk.Msg` must be signed using the private key associated with the appropriate account(s), before the transaction is broadcasted to the network. A transaction must then be included in a block, validated, and approved by the network through the consensus process. To read more about the lifecycle of a transaction, click [here](../beginner/01-tx-lifecycle.md). + +## Type Definition + +Transaction objects are Cosmos SDK types that implement the `Tx` interface + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/tx_msg.go#L51-L56 +``` + +It contains the following methods: + +* **GetMsgs:** unwraps the transaction and returns a list of contained `sdk.Msg`s - one transaction may have one or multiple messages, which are defined by module developers. +* **ValidateBasic:** lightweight, [_stateless_](../beginner/01-tx-lifecycle.md#types-of-checks) checks used by ABCI messages [`CheckTx`](./00-baseapp.md#checktx) and [`DeliverTx`](./00-baseapp.md#delivertx) to make sure transactions are not invalid. For example, the [`auth`](https://github.com/cosmos/cosmos-sdk/tree/main/x/auth) module's `ValidateBasic` function checks that its transactions are signed by the correct number of signers and that the fees do not exceed what the user's maximum. When [`runTx`](./00-baseapp.md#runtx) is checking a transaction created from the [`auth`](https://github.com/cosmos/cosmos-sdk/tree/main/x/auth/spec) module, it first runs `ValidateBasic` on each message, then runs the `auth` module AnteHandler which calls `ValidateBasic` for the transaction itself. + +:::note +This function is different from the deprecated `sdk.Msg` [`ValidateBasic`](../beginner/01-tx-lifecycle.md#ValidateBasic) methods, which was performing basic validity checks on messages only. +::: + +As a developer, you should rarely manipulate `Tx` directly, as `Tx` is really an intermediate type used for transaction generation. Instead, developers should prefer the `TxBuilder` interface, which you can learn more about [below](#transaction-generation). + +### Signing Transactions + +Every message in a transaction must be signed by the addresses specified by its `GetSigners`. The Cosmos SDK currently allows signing transactions in two different ways. + +#### `SIGN_MODE_DIRECT` (preferred) + +The most used implementation of the `Tx` interface is the Protobuf `Tx` message, which is used in `SIGN_MODE_DIRECT`: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/tx/v1beta1/tx.proto#L13-L26 +``` + +Because Protobuf serialization is not deterministic, the Cosmos SDK uses an additional `TxRaw` type to denote the pinned bytes over which a transaction is signed. Any user can generate a valid `body` and `auth_info` for a transaction, and serialize these two messages using Protobuf. `TxRaw` then pins the user's exact binary representation of `body` and `auth_info`, called respectively `body_bytes` and `auth_info_bytes`. The document that is signed by all signers of the transaction is `SignDoc` (deterministically serialized using [ADR-027](../../build/architecture/adr-027-deterministic-protobuf-serialization.md)): + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/tx/v1beta1/tx.proto#L48-L65 +``` + +Once signed by all signers, the `body_bytes`, `auth_info_bytes` and `signatures` are gathered into `TxRaw`, whose serialized bytes are broadcasted over the network. + +#### `SIGN_MODE_LEGACY_AMINO_JSON` + +The legacy implementation of the `Tx` interface is the `StdTx` struct from `x/auth`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/migrations/legacytx/stdtx.go#L83-L90 +``` + +The document signed by all signers is `StdSignDoc`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/migrations/legacytx/stdsign.go#L31-L45 +``` + +which is encoded into bytes using Amino JSON. Once all signatures are gathered into `StdTx`, `StdTx` is serialized using Amino JSON, and these bytes are broadcasted over the network. + +#### Other Sign Modes + +The Cosmos SDK also provides a couple of other sign modes for particular use cases. + +#### `SIGN_MODE_DIRECT_AUX` + +`SIGN_MODE_DIRECT_AUX` is a sign mode released in the Cosmos SDK v0.46 which targets transactions with multiple signers. Whereas `SIGN_MODE_DIRECT` expects each signer to sign over both `TxBody` and `AuthInfo` (which includes all other signers' signer infos, i.e. their account sequence, public key and mode info), `SIGN_MODE_DIRECT_AUX` allows N-1 signers to only sign over `TxBody` and _their own_ signer info. Morever, each auxiliary signer (i.e. a signer using `SIGN_MODE_DIRECT_AUX`) doesn't +need to sign over the fees: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/tx/v1beta1/tx.proto#L67-L98 +``` + +The use case is a multi-signer transaction, where one of the signers is appointed to gather all signatures, broadcast the signature and pay for fees, and the others only care about the transaction body. This generally allows for a better multi-signing UX. If Alice, Bob and Charlie are part of a 3-signer transaction, then Alice and Bob can both use `SIGN_MODE_DIRECT_AUX` to sign over the `TxBody` and their own signer info (no need an additional step to gather other signers' ones, like in `SIGN_MODE_DIRECT`), without specifying a fee in their SignDoc. Charlie can then gather both signatures from Alice and Bob, and +create the final transaction by appending a fee. Note that the fee payer of the transaction (in our case Charlie) must sign over the fees, so must use `SIGN_MODE_DIRECT` or `SIGN_MODE_LEGACY_AMINO_JSON`. + + +#### `SIGN_MODE_TEXTUAL` + +`SIGN_MODE_TEXTUAL` is a new sign mode for delivering a better signing experience on hardware wallets and it is included in the v0.50 release. In this mode, the signer signs over the human-readable string representation of the transaction (CBOR) and makes all data being displayed easier to read. The data is formatted as screens, and each screen is meant to be displayed in its entirety even on small devices like the Ledger Nano. + +There are also _expert_ screens, which will only be displayed if the user has chosen that option in its hardware device. These screens contain things like account number, account sequence and the sign data hash. + +Data is formatted using a set of `ValueRenderer` which the SDK provides defaults for all the known messages and value types. Chain developers can also opt to implement their own `ValueRenderer` for a type/message if they'd like to display information differently. + +If you wish to learn more, please refer to [ADR-050](../../build/architecture/adr-050-sign-mode-textual.md). + +#### Custom Sign modes + +There is the opportunity to add your own custom sign mode to the Cosmos-SDK. While we can not accept the implementation of the sign mode to the repository, we can accept a pull request to add the custom signmode to the SignMode enum located [here](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/tx/signing/v1beta1/signing.proto#L17) + +## Transaction Process + +The process of an end-user sending a transaction is: + +* decide on the messages to put into the transaction, +* generate the transaction using the Cosmos SDK's `TxBuilder`, +* broadcast the transaction using one of the available interfaces. + +The next paragraphs will describe each of these components, in this order. + +### Messages + +:::tip +Module `sdk.Msg`s are not to be confused with [ABCI Messages](https://docs.cometbft.com/v0.37/spec/abci/) which define interactions between the CometBFT and application layers. +::: + +**Messages** (or `sdk.Msg`s) are module-specific objects that trigger state transitions within the scope of the module they belong to. Module developers define the messages for their module by adding methods to the Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md), and also implement the corresponding `MsgServer`. + +Each `sdk.Msg`s is related to exactly one Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md) RPC, defined inside each module's `tx.proto` file. A SDK app router automatically maps every `sdk.Msg` to a corresponding RPC. Protobuf generates a `MsgServer` interface for each module `Msg` service, and the module developer needs to implement this interface. +This design puts more responsibility on module developers, allowing application developers to reuse common functionalities without having to implement state transition logic repetitively. + +To learn more about Protobuf `Msg` services and how to implement `MsgServer`, click [here](../../build/building-modules/03-msg-services.md). + +While messages contain the information for state transition logic, a transaction's other metadata and relevant information are stored in the `TxBuilder` and `Context`. + +### Transaction Generation + +The `TxBuilder` interface contains data closely related with the generation of transactions, which an end-user can freely set to generate the desired transaction: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/client/tx_config.go#L40-L53 +``` + +* `Msg`s, the array of [messages](#messages) included in the transaction. +* `GasLimit`, option chosen by the users for how to calculate how much gas they will need to pay. +* `Memo`, a note or comment to send with the transaction. +* `FeeAmount`, the maximum amount the user is willing to pay in fees. +* `TimeoutHeight`, block height until which the transaction is valid. +* `Signatures`, the array of signatures from all signers of the transaction. + +As there are currently two sign modes for signing transactions, there are also two implementations of `TxBuilder`: + +* [wrapper](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/tx/builder.go#L26-L43) for creating transactions for `SIGN_MODE_DIRECT`, +* [StdTxBuilder](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/migrations/legacytx/stdtx_builder.go#L14-L17) for `SIGN_MODE_LEGACY_AMINO_JSON`. + +However, the two implementations of `TxBuilder` should be hidden away from end-users, as they should prefer using the overarching `TxConfig` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/client/tx_config.go#L24-L34 +``` + +`TxConfig` is an app-wide configuration for managing transactions. Most importantly, it holds the information about whether to sign each transaction with `SIGN_MODE_DIRECT` or `SIGN_MODE_LEGACY_AMINO_JSON`. By calling `txBuilder := txConfig.NewTxBuilder()`, a new `TxBuilder` will be created with the appropriate sign mode. + +Once `TxBuilder` is correctly populated with the setters exposed above, `TxConfig` will also take care of correctly encoding the bytes (again, either using `SIGN_MODE_DIRECT` or `SIGN_MODE_LEGACY_AMINO_JSON`). Here's a pseudo-code snippet of how to generate and encode a transaction, using the `TxEncoder()` method: + +```go +txBuilder := txConfig.NewTxBuilder() +txBuilder.SetMsgs(...) // and other setters on txBuilder + +bz, err := txConfig.TxEncoder()(txBuilder.GetTx()) +// bz are bytes to be broadcasted over the network +``` + +### Broadcasting the Transaction + +Once the transaction bytes are generated, there are currently three ways of broadcasting it. + +#### CLI + +Application developers create entry points to the application by creating a [command-line interface](./07-cli.md), [gRPC and/or REST interface](./06-grpc_rest.md), typically found in the application's `./cmd` folder. These interfaces allow users to interact with the application through command-line. + +For the [command-line interface](../../build/building-modules/09-module-interfaces.md#cli), module developers create subcommands to add as children to the application top-level transaction command `TxCmd`. CLI commands actually bundle all the steps of transaction processing into one simple command: creating messages, generating transactions and broadcasting. For concrete examples, see the [Interacting with a Node](../../user/run-node/02-interact-node.md) section. An example transaction made using CLI looks like: + +```bash +simd tx send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake +``` + +#### gRPC + +[gRPC](https://grpc.io) is the main component for the Cosmos SDK's RPC layer. Its principal usage is in the context of modules' [`Query` services](../../build/building-modules/04-query-services.md). However, the Cosmos SDK also exposes a few other module-agnostic gRPC services, one of them being the `Tx` service: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/tx/v1beta1/service.proto +``` + +The `Tx` service exposes a handful of utility functions, such as simulating a transaction or querying a transaction, and also one method to broadcast transactions. + +Examples of broadcasting and simulating a transaction are shown [here](../../user/run-node/03-txs.md#programmatically-with-go). + +#### REST + +Each gRPC method has its corresponding REST endpoint, generated using [gRPC-gateway](https://github.com/grpc-ecosystem/grpc-gateway). Therefore, instead of using gRPC, you can also use HTTP to broadcast the same transaction, on the `POST /cosmos/tx/v1beta1/txs` endpoint. + +An example can be seen [here](../../user/run-node/03-txs.md#using-rest) + +#### CometBFT RPC + +The three methods presented above are actually higher abstractions over the CometBFT RPC `/broadcast_tx_{async,sync,commit}` endpoints, documented [here](https://docs.cometbft.com/v0.37/core/rpc). This means that you can use the CometBFT RPC endpoints directly to broadcast the transaction, if you wish so. diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/02-context.md b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/02-context.md new file mode 100644 index 00000000..0056ec10 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/02-context.md @@ -0,0 +1,103 @@ +--- +sidebar_position: 1 +--- + +# Context + +:::note Synopsis +The `context` is a data structure intended to be passed from function to function that carries information about the current state of the application. It provides access to a branched storage (a safe branch of the entire state) as well as useful objects and information like `gasMeter`, `block height`, `consensus parameters` and more. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK Application](../beginner/00-app-anatomy.md) +* [Lifecycle of a Transaction](../beginner/01-tx-lifecycle.md) + +::: + +## Context Definition + +The Cosmos SDK `Context` is a custom data structure that contains Go's stdlib [`context`](https://pkg.go.dev/context) as its base, and has many additional types within its definition that are specific to the Cosmos SDK. The `Context` is integral to transaction processing in that it allows modules to easily access their respective [store](./04-store.md#base-layer-kvstores) in the [`multistore`](./04-store.md#multistore) and retrieve transactional context such as the block header and gas meter. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/context.go#L41-L67 +``` + +* **Base Context:** The base type is a Go [Context](https://pkg.go.dev/context), which is explained further in the [Go Context Package](#go-context-package) section below. +* **Multistore:** Every application's `BaseApp` contains a [`CommitMultiStore`](./04-store.md#multistore) which is provided when a `Context` is created. Calling the `KVStore()` and `TransientStore()` methods allows modules to fetch their respective [`KVStore`](./04-store.md#base-layer-kvstores) using their unique `StoreKey`. +* **Header:** The [header](https://docs.cometbft.com/v0.37/spec/core/data_structures#header) is a Blockchain type. It carries important information about the state of the blockchain, such as block height and proposer of the current block. +* **Header Hash:** The current block header hash, obtained during `abci.FinalizeBlock`. +* **Chain ID:** The unique identification number of the blockchain a block pertains to. +* **Transaction Bytes:** The `[]byte` representation of a transaction being processed using the context. Every transaction is processed by various parts of the Cosmos SDK and consensus engine (e.g. CometBFT) throughout its [lifecycle](../beginner/01-tx-lifecycle.md), some of which do not have any understanding of transaction types. Thus, transactions are marshaled into the generic `[]byte` type using some kind of [encoding format](./05-encoding.md) such as [Amino](./05-encoding.md). +* **Logger:** A `logger` from the CometBFT libraries. Learn more about logs [here](https://docs.cometbft.com/v0.37/core/configuration). Modules call this method to create their own unique module-specific logger. +* **VoteInfo:** A list of the ABCI type [`VoteInfo`](https://docs.cometbft.com/master/spec/abci/abci.html#voteinfo), which includes the name of a validator and a boolean indicating whether they have signed the block. +* **Gas Meters:** Specifically, a [`gasMeter`](../beginner/04-gas-fees.md#main-gas-meter) for the transaction currently being processed using the context and a [`blockGasMeter`](../beginner/04-gas-fees.md#block-gas-meter) for the entire block it belongs to. Users specify how much in fees they wish to pay for the execution of their transaction; these gas meters keep track of how much [gas](../beginner/04-gas-fees.md) has been used in the transaction or block so far. If the gas meter runs out, execution halts. +* **CheckTx Mode:** A boolean value indicating whether a transaction should be processed in `CheckTx` or `DeliverTx` mode. +* **Min Gas Price:** The minimum [gas](../beginner/04-gas-fees.md) price a node is willing to take in order to include a transaction in its block. This price is a local value configured by each node individually, and should therefore **not be used in any functions used in sequences leading to state-transitions**. +* **Consensus Params:** The ABCI type [Consensus Parameters](https://docs.cometbft.com/master/spec/abci/apps.html#consensus-parameters), which specify certain limits for the blockchain, such as maximum gas for a block. +* **Event Manager:** The event manager allows any caller with access to a `Context` to emit [`Events`](./08-events.md). Modules may define module specific + `Events` by defining various `Types` and `Attributes` or use the common definitions found in `types/`. Clients can subscribe or query for these `Events`. These `Events` are collected throughout `FinalizeBlock` and are returned to CometBFT for indexing. +* **Priority:** The transaction priority, only relevant in `CheckTx`. +* **KV `GasConfig`:** Enables applications to set a custom `GasConfig` for the `KVStore`. +* **Transient KV `GasConfig`:** Enables applications to set a custom `GasConfig` for the transiant `KVStore`. +* **StreamingManager:** The streamingManager field provides access to the streaming manager, which allows modules to subscribe to state changes emitted by the blockchain. The streaming manager is used by the state listening API, which is described in [ADR 038](https://docs.cosmos.network/main/architecture/adr-038-state-listening). +* **CometInfo:** A lightweight field that contains information about the current block, such as the block height, time, and hash. This information can be used for validating evidence, providing historical data, and enhancing the user experience. For further details see [here](https://github.com/cosmos/cosmos-sdk/blob/main/core/comet/service.go#L14). +* **HeaderInfo:** The `headerInfo` field contains information about the current block header, such as the chain ID, gas limit, and timestamp. For further details see [here](https://github.com/cosmos/cosmos-sdk/blob/main/core/header/service.go#L14). + +## Go Context Package + +A basic `Context` is defined in the [Golang Context Package](https://pkg.go.dev/context). A `Context` +is an immutable data structure that carries request-scoped data across APIs and processes. Contexts +are also designed to enable concurrency and to be used in goroutines. + +Contexts are intended to be **immutable**; they should never be edited. Instead, the convention is +to create a child context from its parent using a `With` function. For example: + +```go +childCtx = parentCtx.WithBlockHeader(header) +``` + +The [Golang Context Package](https://pkg.go.dev/context) documentation instructs developers to +explicitly pass a context `ctx` as the first argument of a process. + +## Store branching + +The `Context` contains a `MultiStore`, which allows for branching and caching functionality using `CacheMultiStore` +(queries in `CacheMultiStore` are cached to avoid future round trips). +Each `KVStore` is branched in a safe and isolated ephemeral storage. Processes are free to write changes to +the `CacheMultiStore`. If a state-transition sequence is performed without issue, the store branch can +be committed to the underlying store at the end of the sequence or disregard them if something +goes wrong. The pattern of usage for a Context is as follows: + +1. A process receives a Context `ctx` from its parent process, which provides information needed to + perform the process. +2. The `ctx.ms` is a **branched store**, i.e. a branch of the [multistore](./04-store.md#multistore) is made so that the process can make changes to the state as it executes, without changing the original`ctx.ms`. This is useful to protect the underlying multistore in case the changes need to be reverted at some point in the execution. +3. The process may read and write from `ctx` as it is executing. It may call a subprocess and pass + `ctx` to it as needed. +4. When a subprocess returns, it checks if the result is a success or failure. If a failure, nothing + needs to be done - the branch `ctx` is simply discarded. If successful, the changes made to + the `CacheMultiStore` can be committed to the original `ctx.ms` via `Write()`. + +For example, here is a snippet from the [`runTx`](./00-baseapp.md#runtx-antehandler-runmsgs-posthandler) function in [`baseapp`](./00-baseapp.md): + +```go +runMsgCtx, msCache := app.cacheTxContext(ctx, txBytes) +result = app.runMsgs(runMsgCtx, msgs, mode) +result.GasWanted = gasWanted +if mode != runTxModeDeliver { + return result +} +if result.IsOK() { + msCache.Write() +} +``` + +Here is the process: + +1. Prior to calling `runMsgs` on the message(s) in the transaction, it uses `app.cacheTxContext()` + to branch and cache the context and multistore. +2. `runMsgCtx` - the context with branched store, is used in `runMsgs` to return a result. +3. If the process is running in [`checkTxMode`](./00-baseapp.md#checktx), there is no need to write the + changes - the result is returned immediately. +4. If the process is running in [`deliverTxMode`](./00-baseapp.md#delivertx) and the result indicates + a successful run over all the messages, the branched multistore is written back to the original. diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/03-node.md b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/03-node.md new file mode 100644 index 00000000..47b691b3 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/03-node.md @@ -0,0 +1,96 @@ +--- +sidebar_position: 1 +--- + +# Node Client (Daemon) + +:::note Synopsis +The main endpoint of a Cosmos SDK application is the daemon client, otherwise known as the full-node client. The full-node runs the state-machine, starting from a genesis file. It connects to peers running the same client in order to receive and relay transactions, block proposals and signatures. The full-node is constituted of the application, defined with the Cosmos SDK, and of a consensus engine connected to the application via the ABCI. +::: + +:::note Pre-requisite Readings + +* [Anatomy of an SDK application](../beginner/00-app-anatomy.md) + +::: + +## `main` function + +The full-node client of any Cosmos SDK application is built by running a `main` function. The client is generally named by appending the `-d` suffix to the application name (e.g. `appd` for an application named `app`), and the `main` function is defined in a `./appd/cmd/main.go` file. Running this function creates an executable `appd` that comes with a set of commands. For an app named `app`, the main command is [`appd start`](#start-command), which starts the full-node. + +In general, developers will implement the `main.go` function with the following structure: + +* First, an [`encodingCodec`](./05-encoding.md) is instantiated for the application. +* Then, the `config` is retrieved and config parameters are set. This mainly involves setting the Bech32 prefixes for [addresses](../beginner/03-accounts.md#addresses). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/config.go#L14-L29 +``` + +* Using [cobra](https://github.com/spf13/cobra), the root command of the full-node client is created. After that, all the custom commands of the application are added using the `AddCommand()` method of `rootCmd`. +* Add default server commands to `rootCmd` using the `server.AddCommands()` method. These commands are separated from the ones added above since they are standard and defined at Cosmos SDK level. They should be shared by all Cosmos SDK-based applications. They include the most important command: the [`start` command](#start-command). +* Prepare and execute the `executor`. + +```go reference +https://github.com/cometbft/cometbft/blob/v0.37.0/libs/cli/setup.go#L74-L78 +``` + +See an example of `main` function from the `simapp` application, the Cosmos SDK's application for demo purposes: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/simd/main.go +``` + +## `start` command + +The `start` command is defined in the `/server` folder of the Cosmos SDK. It is added to the root command of the full-node client in the [`main` function](#main-function) and called by the end-user to start their node: + +```bash +# For an example app named "app", the following command starts the full-node. +appd start + +# Using the Cosmos SDK's own simapp, the following commands start the simapp node. +simd start +``` + +As a reminder, the full-node is composed of three conceptual layers: the networking layer, the consensus layer and the application layer. The first two are generally bundled together in an entity called the consensus engine (CometBFT by default), while the third is the state-machine defined with the help of the Cosmos SDK. Currently, the Cosmos SDK uses CometBFT as the default consensus engine, meaning the start command is implemented to boot up a CometBFT node. + +The flow of the `start` command is pretty straightforward. First, it retrieves the `config` from the `context` in order to open the `db` (a [`leveldb`](https://github.com/syndtr/goleveldb) instance by default). This `db` contains the latest known state of the application (empty if the application is started from the first time. + +With the `db`, the `start` command creates a new instance of the application using an `appCreator` function: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/server/start.go#L220 +``` + +Note that an `appCreator` is a function that fulfills the `AppCreator` signature: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/server/types/app.go#L68 +``` + +In practice, the [constructor of the application](../beginner/00-app-anatomy.md#constructor-function) is passed as the `appCreator`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/simd/cmd/root_v2.go#L294-L308 +``` + +Then, the instance of `app` is used to instantiate a new CometBFT node: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/server/start.go#L341-L378 +``` + +The CometBFT node can be created with `app` because the latter satisfies the [`abci.Application` interface](https://github.com/cometbft/cometbft/blob/v0.37.0/abci/types/application.go#L9-L35) (given that `app` extends [`baseapp`](./00-baseapp.md)). As part of the `node.New` method, CometBFT makes sure that the height of the application (i.e. number of blocks since genesis) is equal to the height of the CometBFT node. The difference between these two heights should always be negative or null. If it is strictly negative, `node.New` will replay blocks until the height of the application reaches the height of the CometBFT node. Finally, if the height of the application is `0`, the CometBFT node will call [`InitChain`](./00-baseapp.md#initchain) on the application to initialize the state from the genesis file. + +Once the CometBFT node is instantiated and in sync with the application, the node can be started: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/server/start.go#L350-L352 +``` + +Upon starting, the node will bootstrap its RPC and P2P server and start dialing peers. During handshake with its peers, if the node realizes they are ahead, it will query all the blocks sequentially in order to catch up. Then, it will wait for new block proposals and block signatures from validators in order to make progress. + +## Other commands + +To discover how to concretely run a node and interact with it, please refer to our [Running a Node, API and CLI](../../user/run-node/01-run-node.md) guide. diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/04-store.md b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/04-store.md new file mode 100644 index 00000000..1419b54a --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/04-store.md @@ -0,0 +1,288 @@ +--- +sidebar_position: 1 +--- + +# Store + +:::note Synopsis +A store is a data structure that holds the state of the application. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK application](../beginner/00-app-anatomy.md) + +::: + +## Introduction to Cosmos SDK Stores + +The Cosmos SDK comes with a large set of stores to persist the state of applications. By default, the main store of Cosmos SDK applications is a `multistore`, i.e. a store of stores. Developers can add any number of key-value stores to the multistore, depending on their application needs. The multistore exists to support the modularity of the Cosmos SDK, as it lets each module declare and manage their own subset of the state. Key-value stores in the multistore can only be accessed with a specific capability `key`, which is typically held in the [`keeper`](../../build/building-modules/06-keeper.md) of the module that declared the store. + +```text ++-----------------------------------------------------+ +| | +| +--------------------------------------------+ | +| | | | +| | KVStore 1 - Manage by keeper of Module 1 | +| | | | +| +--------------------------------------------+ | +| | +| +--------------------------------------------+ | +| | | | +| | KVStore 2 - Manage by keeper of Module 2 | | +| | | | +| +--------------------------------------------+ | +| | +| +--------------------------------------------+ | +| | | | +| | KVStore 3 - Manage by keeper of Module 2 | | +| | | | +| +--------------------------------------------+ | +| | +| +--------------------------------------------+ | +| | | | +| | KVStore 4 - Manage by keeper of Module 3 | | +| | | | +| +--------------------------------------------+ | +| | +| +--------------------------------------------+ | +| | | | +| | KVStore 5 - Manage by keeper of Module 4 | | +| | | | +| +--------------------------------------------+ | +| | +| Main Multistore | +| | ++-----------------------------------------------------+ + + Application's State +``` + +### Store Interface + +At its very core, a Cosmos SDK `store` is an object that holds a `CacheWrapper` and has a `GetStoreType()` method: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/store/types/store.go#L15-L18 +``` + +The `GetStoreType` is a simple method that returns the type of store, whereas a `CacheWrapper` is a simple interface that implements store read caching and write branching through `Write` method: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/store/types/store.go#L287-L320 +``` + +Branching and cache is used ubiquitously in the Cosmos SDK and required to be implemented on every store type. A storage branch creates an isolated, ephemeral branch of a store that can be passed around and updated without affecting the main underlying store. This is used to trigger temporary state-transitions that may be reverted later should an error occur. Read more about it in [context](./02-context.md#Store-branching) + +### Commit Store + +A commit store is a store that has the ability to commit changes made to the underlying tree or db. The Cosmos SDK differentiates simple stores from commit stores by extending the basic store interfaces with a `Committer`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/store/types/store.go#L32-L37 +``` + +The `Committer` is an interface that defines methods to persist changes to disk: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/store/types/store.go#L20-L30 +``` + +The `CommitID` is a deterministic commit of the state tree. Its hash is returned to the underlying consensus engine and stored in the block header. Note that commit store interfaces exist for various purposes, one of which is to make sure not every object can commit the store. As part of the [object-capabilities model](./10-ocap.md) of the Cosmos SDK, only `baseapp` should have the ability to commit stores. For example, this is the reason why the `ctx.KVStore()` method by which modules typically access stores returns a `KVStore` and not a `CommitKVStore`. + +The Cosmos SDK comes with many types of stores, the most used being [`CommitMultiStore`](#multistore), [`KVStore`](#kvstore) and [`GasKv` store](#gaskv-store). [Other types of stores](#other-stores) include `Transient` and `TraceKV` stores. + +## Multistore + +### Multistore Interface + +Each Cosmos SDK application holds a multistore at its root to persist its state. The multistore is a store of `KVStores` that follows the `Multistore` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/store/types/store.go#L123-L155 +``` + +If tracing is enabled, then branching the multistore will firstly wrap all the underlying `KVStore` in [`TraceKv.Store`](#tracekv-store). + +### CommitMultiStore + +The main type of `Multistore` used in the Cosmos SDK is `CommitMultiStore`, which is an extension of the `Multistore` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/store/types/store.go#L164-L227 +``` + +As for concrete implementation, the [`rootMulti.Store`] is the go-to implementation of the `CommitMultiStore` interface. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/store/rootmulti/store.go#L53-L77 +``` + +The `rootMulti.Store` is a base-layer multistore built around a `db` on top of which multiple `KVStores` can be mounted, and is the default multistore store used in [`baseapp`](./00-baseapp.md). + +### CacheMultiStore + +Whenever the `rootMulti.Store` needs to be branched, a [`cachemulti.Store`](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/store/cachemulti/store.go) is used. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/store/cachemulti/store.go#L19-L33 +``` + +`cachemulti.Store` branches all substores (creates a virtual store for each substore) in its constructor and hold them in `Store.stores`. Moreover caches all read queries. `Store.GetKVStore()` returns the store from `Store.stores`, and `Store.Write()` recursively calls `CacheWrap.Write()` on all the substores. + +## Base-layer KVStores + +### `KVStore` and `CommitKVStore` Interfaces + +A `KVStore` is a simple key-value store used to store and retrieve data. A `CommitKVStore` is a `KVStore` that also implements a `Committer`. By default, stores mounted in `baseapp`'s main `CommitMultiStore` are `CommitKVStore`s. The `KVStore` interface is primarily used to restrict modules from accessing the committer. + +Individual `KVStore`s are used by modules to manage a subset of the global state. `KVStores` can be accessed by objects that hold a specific key. This `key` should only be exposed to the [`keeper`](../../build/building-modules/06-keeper.md) of the module that defines the store. + +`CommitKVStore`s are declared by proxy of their respective `key` and mounted on the application's [multistore](#multistore) in the [main application file](../beginner/00-app-anatomy.md#core-application-file). In the same file, the `key` is also passed to the module's `keeper` that is responsible for managing the store. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/store/types/store.go#L229-L266 +``` + +Apart from the traditional `Get` and `Set` methods, that a `KVStore` must implement via the `BasicKVStore` interface; a `KVStore` must provide an `Iterator(start, end)` method which returns an `Iterator` object. It is used to iterate over a range of keys, typically keys that share a common prefix. Below is an example from the bank's module keeper, used to iterate over all account balances: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/keeper/view.go#L125-L140 +``` + +### `IAVL` Store + +The default implementation of `KVStore` and `CommitKVStore` used in `baseapp` is the `iavl.Store`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/store/iavl/store.go#L35-L40 +``` + +`iavl` stores are based around an [IAVL Tree](https://github.com/cosmos/iavl), a self-balancing binary tree which guarantees that: + +* `Get` and `Set` operations are O(log n), where n is the number of elements in the tree. +* Iteration efficiently returns the sorted elements within the range. +* Each tree version is immutable and can be retrieved even after a commit (depending on the pruning settings). + +The documentation on the IAVL Tree is located [here](https://github.com/cosmos/iavl/blob/master/docs/overview.md). + +### `DbAdapter` Store + +`dbadapter.Store` is an adapter for `dbm.DB` making it fulfilling the `KVStore` interface. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/store/dbadapter/store.go#L13-L16 +``` + +`dbadapter.Store` embeds `dbm.DB`, meaning most of the `KVStore` interface functions are implemented. The other functions (mostly miscellaneous) are manually implemented. This store is primarily used within [Transient Stores](#transient-store) + +### `Transient` Store + +`Transient.Store` is a base-layer `KVStore` which is automatically discarded at the end of the block. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/store/transient/store.go#L16-L19 +``` + +`Transient.Store` is a `dbadapter.Store` with a `dbm.NewMemDB()`. All `KVStore` methods are reused. When `Store.Commit()` is called, a new `dbadapter.Store` is assigned, discarding previous reference and making it garbage collected. + +This type of store is useful to persist information that is only relevant per-block. One example would be to store parameter changes (i.e. a bool set to `true` if a parameter changed in a block). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/params/types/subspace.go#L21-L31 +``` + +Transient stores are typically accessed via the [`context`](./02-context.md) via the `TransientStore()` method: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/context.go#L340-L343 +``` + +## KVStore Wrappers + +### CacheKVStore + +`cachekv.Store` is a wrapper `KVStore` which provides buffered writing / cached reading functionalities over the underlying `KVStore`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/store/cachekv/store.go#L26-L36 +``` + +This is the type used whenever an IAVL Store needs to be branched to create an isolated store (typically when we need to mutate a state that might be reverted later). + +#### `Get` + +`Store.Get()` firstly checks if `Store.cache` has an associated value with the key. If the value exists, the function returns it. If not, the function calls `Store.parent.Get()`, caches the result in `Store.cache`, and returns it. + +#### `Set` + +`Store.Set()` sets the key-value pair to the `Store.cache`. `cValue` has the field dirty bool which indicates whether the cached value is different from the underlying value. When `Store.Set()` caches a new pair, the `cValue.dirty` is set `true` so when `Store.Write()` is called it can be written to the underlying store. + +#### `Iterator` + +`Store.Iterator()` have to traverse on both cached items and the original items. In `Store.iterator()`, two iterators are generated for each of them, and merged. `memIterator` is essentially a slice of the `KVPairs`, used for cached items. `mergeIterator` is a combination of two iterators, where traverse happens ordered on both iterators. + +### `GasKv` Store + +Cosmos SDK applications use [`gas`](../beginner/04-gas-fees.md) to track resources usage and prevent spam. [`GasKv.Store`](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/store/gaskv/store.go) is a `KVStore` wrapper that enables automatic gas consumption each time a read or write to the store is made. It is the solution of choice to track storage usage in Cosmos SDK applications. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/store/gaskv/store.go#L11-L17 +``` + +When methods of the parent `KVStore` are called, `GasKv.Store` automatically consumes appropriate amount of gas depending on the `Store.gasConfig`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/store/types/gas.go#L219-L228 +``` + +By default, all `KVStores` are wrapped in `GasKv.Stores` when retrieved. This is done in the `KVStore()` method of the [`context`](./02-context.md): + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/context.go#L335-L338 +``` + +In this case, the gas configuration set in the `context` is used. The gas configuration can be set using the `WithKVGasConfig` method of the `context`. +Otherwise it uses the following default: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/store/types/gas.go#L230-L241 +``` + +### `TraceKv` Store + +`tracekv.Store` is a wrapper `KVStore` which provides operation tracing functionalities over the underlying `KVStore`. It is applied automatically by the Cosmos SDK on all `KVStore` if tracing is enabled on the parent `MultiStore`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/store/tracekv/store.go#L20-L43 +``` + +When each `KVStore` methods are called, `tracekv.Store` automatically logs `traceOperation` to the `Store.writer`. `traceOperation.Metadata` is filled with `Store.context` when it is not nil. `TraceContext` is a `map[string]interface{}`. + +### `Prefix` Store + +`prefix.Store` is a wrapper `KVStore` which provides automatic key-prefixing functionalities over the underlying `KVStore`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/store/prefix/store.go#L15-L21 +``` + +When `Store.{Get, Set}()` is called, the store forwards the call to its parent, with the key prefixed with the `Store.prefix`. + +When `Store.Iterator()` is called, it does not simply prefix the `Store.prefix`, since it does not work as intended. In that case, some of the elements are traversed even if they are not starting with the prefix. + +### `ListenKv` Store + +`listenkv.Store` is a wrapper `KVStore` which provides state listening capabilities over the underlying `KVStore`. +It is applied automatically by the Cosmos SDK on any `KVStore` whose `StoreKey` is specified during state streaming configuration. +Additional information about state streaming configuration can be found in the [store/streaming/README.md](https://github.com/cosmos/cosmos-sdk/tree/v0.50.0-alpha.0/store/streaming). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/store/listenkv/store.go#L11-L18 +``` + +When `KVStore.Set` or `KVStore.Delete` methods are called, `listenkv.Store` automatically writes the operations to the set of `Store.listeners`. + +## `BasicKVStore` interface + +An interface providing only the basic CRUD functionality (`Get`, `Set`, `Has`, and `Delete` methods), without iteration or caching. This is used to partially expose components of a larger store. diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/05-encoding.md b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/05-encoding.md new file mode 100644 index 00000000..707568fd --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/05-encoding.md @@ -0,0 +1,285 @@ +--- +sidebar_position: 1 +--- + +# Encoding + +:::note Synopsis +While encoding in the Cosmos SDK used to be mainly handled by `go-amino` codec, the Cosmos SDK is moving towards using `gogoprotobuf` for both state and client-side encoding. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK application](../beginner/00-app-anatomy.md) + +::: + +## Encoding + +The Cosmos SDK utilizes two binary wire encoding protocols, [Amino](https://github.com/tendermint/go-amino/) which is an object encoding specification and [Protocol Buffers](https://developers.google.com/protocol-buffers), a subset of Proto3 with an extension for +interface support. See the [Proto3 spec](https://developers.google.com/protocol-buffers/docs/proto3) +for more information on Proto3, which Amino is largely compatible with (but not with Proto2). + +Due to Amino having significant performance drawbacks, being reflection-based, and +not having any meaningful cross-language/client support, Protocol Buffers, specifically +[gogoprotobuf](https://github.com/cosmos/gogoproto/), is being used in place of Amino. +Note, this process of using Protocol Buffers over Amino is still an ongoing process. + +Binary wire encoding of types in the Cosmos SDK can be broken down into two main +categories, client encoding and store encoding. Client encoding mainly revolves +around transaction processing and signing, whereas store encoding revolves around +types used in state-machine transitions and what is ultimately stored in the Merkle +tree. + +For store encoding, protobuf definitions can exist for any type and will typically +have an Amino-based "intermediary" type. Specifically, the protobuf-based type +definition is used for serialization and persistence, whereas the Amino-based type +is used for business logic in the state-machine where they may convert back-n-forth. +Note, the Amino-based types may slowly be phased-out in the future, so developers +should take note to use the protobuf message definitions where possible. + +In the `codec` package, there exists two core interfaces, `BinaryCodec` and `JSONCodec`, +where the former encapsulates the current Amino interface except it operates on +types implementing the latter instead of generic `interface{}` types. + +The `ProtoCodec`, where both binary and JSON serialization is handled +via Protobuf. This means that modules may use Protobuf encoding, but the types must +implement `ProtoMarshaler`. If modules wish to avoid implementing this interface +for their types, this is autogenerated via [buf](https://buf.build/) + +If modules use [Collections](../../build/packages/02-collections.md) or [ORM](../../build/packages/03-orm.md), encoding and decoding are handled, marshal and unmarshal should not be handled manually unless for specific cases identified by the developer. + +### Gogoproto + +Modules are encouraged to utilize Protobuf encoding for their respective types. In the Cosmos SDK, we use the [Gogoproto](https://github.com/cosmos/gogoproto) specific implementation of the Protobuf spec that offers speed and DX improvements compared to the official [Google protobuf implementation](https://github.com/protocolbuffers/protobuf). + +### Guidelines for protobuf message definitions + +In addition to [following official Protocol Buffer guidelines](https://developers.google.com/protocol-buffers/docs/proto3#simple), we recommend using these annotations in .proto files when dealing with interfaces: + +* use `cosmos_proto.accepts_interface` to annote `Any` fields that accept interfaces + * pass the same fully qualified name as `protoName` to `InterfaceRegistry.RegisterInterface` + * example: `(cosmos_proto.accepts_interface) = "cosmos.gov.v1beta1.Content"` (and not just `Content`) +* annotate interface implementations with `cosmos_proto.implements_interface` + * pass the same fully qualified name as `protoName` to `InterfaceRegistry.RegisterInterface` + * example: `(cosmos_proto.implements_interface) = "cosmos.authz.v1beta1.Authorization"` (and not just `Authorization`) + +Code generators can then match the `accepts_interface` and `implements_interface` annotations to know whether some Protobuf messages are allowed to be packed in a given `Any` field or not. + +### Transaction Encoding + +Another important use of Protobuf is the encoding and decoding of +[transactions](./01-transactions.md). Transactions are defined by the application or +the Cosmos SDK but are then passed to the underlying consensus engine to be relayed to +other peers. Since the underlying consensus engine is agnostic to the application, +the consensus engine accepts only transactions in the form of raw bytes. + +* The `TxEncoder` object performs the encoding. +* The `TxDecoder` object performs the decoding. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/tx_msg.go#L91-L95 +``` + +A standard implementation of both these objects can be found in the [`auth/tx` module](../../build/modules/auth/2-tx.md): + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/tx/decoder.go +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/tx/encoder.go +``` + +See [ADR-020](../../architecture/adr-020-protobuf-transaction-encoding.md) for details of how a transaction is encoded. + +### Interface Encoding and Usage of `Any` + +The Protobuf DSL is strongly typed, which can make inserting variable-typed fields difficult. Imagine we want to create a `Profile` protobuf message that serves as a wrapper over [an account](../beginner/03-accounts.md): + +```protobuf +message Profile { + // account is the account associated to a profile. + cosmos.auth.v1beta1.BaseAccount account = 1; + // bio is a short description of the account. + string bio = 4; +} +``` + +In this `Profile` example, we hardcoded `account` as a `BaseAccount`. However, there are several other types of [user accounts related to vesting](../../build/modules/auth/1-vesting.md), such as `BaseVestingAccount` or `ContinuousVestingAccount`. All of these accounts are different, but they all implement the `AccountI` interface. How would you create a `Profile` that allows all these types of accounts with an `account` field that accepts an `AccountI` interface? + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/account.go#L15-L32 +``` + +In [ADR-019](../../architecture/adr-019-protobuf-state-encoding.md), it has been decided to use [`Any`](https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/any.proto)s to encode interfaces in protobuf. An `Any` contains an arbitrary serialized message as bytes, along with a URL that acts as a globally unique identifier for and resolves to that message's type. This strategy allows us to pack arbitrary Go types inside protobuf messages. Our new `Profile` then looks like: + +```protobuf +message Profile { + // account is the account associated to a profile. + google.protobuf.Any account = 1 [ + (cosmos_proto.accepts_interface) = "cosmos.auth.v1beta1.AccountI"; // Asserts that this field only accepts Go types implementing `AccountI`. It is purely informational for now. + ]; + // bio is a short description of the account. + string bio = 4; +} +``` + +To add an account inside a profile, we need to "pack" it inside an `Any` first, using `codectypes.NewAnyWithValue`: + +```go +var myAccount AccountI +myAccount = ... // Can be a BaseAccount, a ContinuousVestingAccount or any struct implementing `AccountI` + +// Pack the account into an Any +accAny, err := codectypes.NewAnyWithValue(myAccount) +if err != nil { + return nil, err +} + +// Create a new Profile with the any. +profile := Profile { + Account: accAny, + Bio: "some bio", +} + +// We can then marshal the profile as usual. +bz, err := cdc.Marshal(profile) +jsonBz, err := cdc.MarshalJSON(profile) +``` + +To summarize, to encode an interface, you must 1/ pack the interface into an `Any` and 2/ marshal the `Any`. For convenience, the Cosmos SDK provides a `MarshalInterface` method to bundle these two steps. Have a look at [a real-life example in the x/auth module](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/keeper/keeper.go#L240-L243). + +The reverse operation of retrieving the concrete Go type from inside an `Any`, called "unpacking", is done with the `GetCachedValue()` on `Any`. + +```go +profileBz := ... // The proto-encoded bytes of a Profile, e.g. retrieved through gRPC. +var myProfile Profile +// Unmarshal the bytes into the myProfile struct. +err := cdc.Unmarshal(profilebz, &myProfile) + +// Let's see the types of the Account field. +fmt.Printf("%T\n", myProfile.Account) // Prints "Any" +fmt.Printf("%T\n", myProfile.Account.GetCachedValue()) // Prints "BaseAccount", "ContinuousVestingAccount" or whatever was initially packed in the Any. + +// Get the address of the account. +accAddr := myProfile.Account.GetCachedValue().(AccountI).GetAddress() +``` + +It is important to note that for `GetCachedValue()` to work, `Profile` (and any other structs embedding `Profile`) must implement the `UnpackInterfaces` method: + +```go +func (p *Profile) UnpackInterfaces(unpacker codectypes.AnyUnpacker) error { + if p.Account != nil { + var account AccountI + return unpacker.UnpackAny(p.Account, &account) + } + + return nil +} +``` + +The `UnpackInterfaces` gets called recursively on all structs implementing this method, to allow all `Any`s to have their `GetCachedValue()` correctly populated. + +For more information about interface encoding, and especially on `UnpackInterfaces` and how the `Any`'s `type_url` gets resolved using the `InterfaceRegistry`, please refer to [ADR-019](../../architecture/adr-019-protobuf-state-encoding.md). + +#### `Any` Encoding in the Cosmos SDK + +The above `Profile` example is a fictive example used for educational purposes. In the Cosmos SDK, we use `Any` encoding in several places (non-exhaustive list): + +* the `cryptotypes.PubKey` interface for encoding different types of public keys, +* the `sdk.Msg` interface for encoding different `Msg`s in a transaction, +* the `AccountI` interface for encoding different types of accounts (similar to the above example) in the x/auth query responses, +* the `EvidenceI` interface for encoding different types of evidences in the x/evidence module, +* the `AuthorizationI` interface for encoding different types of x/authz authorizations, +* the [`Validator`](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/staking/types/staking.pb.go#L340-L377) struct that contains information about a validator. + +A real-life example of encoding the pubkey as `Any` inside the Validator struct in x/staking is shown in the following example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/staking/types/validator.go#L41-L64 +``` + +#### `Any`'s TypeURL + +When packing a protobuf message inside an `Any`, the message's type is uniquely defined by its type URL, which is the message's fully qualified name prefixed by a `/` (slash) character. In some implementations of `Any`, like the gogoproto one, there's generally [a resolvable prefix, e.g. `type.googleapis.com`](https://github.com/gogo/protobuf/blob/b03c65ea87cdc3521ede29f62fe3ce239267c1bc/protobuf/google/protobuf/any.proto#L87-L91). However, in the Cosmos SDK, we made the decision to not include such prefix, to have shorter type URLs. The Cosmos SDK's own `Any` implementation can be found in `github.com/cosmos/cosmos-sdk/codec/types`. + +The Cosmos SDK is also switching away from gogoproto to the official `google.golang.org/protobuf` (known as the Protobuf API v2). Its default `Any` implementation also contains the [`type.googleapis.com`](https://github.com/protocolbuffers/protobuf-go/blob/v1.28.1/types/known/anypb/any.pb.go#L266) prefix. To maintain compatibility with the SDK, the following methods from `"google.golang.org/protobuf/types/known/anypb"` should not be used: + +* `anypb.New` +* `anypb.MarshalFrom` +* `anypb.Any#MarshalFrom` + +Instead, the Cosmos SDK provides helper functions in `"github.com/cosmos/cosmos-proto/anyutil"`, which create an official `anypb.Any` without inserting the prefixes: + +* `anyutil.New` +* `anyutil.MarshalFrom` + +For example, to pack a `sdk.Msg` called `internalMsg`, use: + +```diff +import ( +- "google.golang.org/protobuf/types/known/anypb" ++ "github.com/cosmos/cosmos-proto/anyutil" +) + +- anyMsg, err := anypb.New(internalMsg.Message().Interface()) ++ anyMsg, err := anyutil.New(internalMsg.Message().Interface()) + +- fmt.Println(anyMsg.TypeURL) // type.googleapis.com/cosmos.bank.v1beta1.MsgSend ++ fmt.Println(anyMsg.TypeURL) // /cosmos.bank.v1beta1.MsgSend +``` + +## FAQ + +### How to create modules using protobuf encoding + +#### Defining module types + +Protobuf types can be defined to encode: + +* state +* [`Msg`s](../../build/building-modules/02-messages-and-queries.md#messages) +* [Query services](../../build/building-modules/04-query-services.md) +* [genesis](../../build/building-modules/08-genesis.md) + +#### Naming and conventions + +We encourage developers to follow industry guidelines: [Protocol Buffers style guide](https://developers.google.com/protocol-buffers/docs/style) +and [Buf](https://buf.build/docs/style-guide), see more details in [ADR 023](../../architecture/adr-023-protobuf-naming.md) + +### How to update modules to protobuf encoding + +If modules do not contain any interfaces (e.g. `Account` or `Content`), then they +may simply migrate any existing types that +are encoded and persisted via their concrete Amino codec to Protobuf (see 1. for further guidelines) and accept a `Marshaler` as the codec which is implemented via the `ProtoCodec` +without any further customization. + +However, if a module type composes an interface, it must wrap it in the `sdk.Any` (from `/types` package) type. To do that, a module-level .proto file must use [`google.protobuf.Any`](https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/any.proto) for respective message type interface types. + +For example, in the `x/evidence` module defines an `Evidence` interface, which is used by the `MsgSubmitEvidence`. The structure definition must use `sdk.Any` to wrap the evidence file. In the proto file we define it as follows: + +```protobuf +// proto/cosmos/evidence/v1beta1/tx.proto + +message MsgSubmitEvidence { + string submitter = 1; + google.protobuf.Any evidence = 2 [(cosmos_proto.accepts_interface) = "cosmos.evidence.v1beta1.Evidence"]; +} +``` + +The Cosmos SDK `codec.Codec` interface provides support methods `MarshalInterface` and `UnmarshalInterface` to easy encoding of state to `Any`. + +Module should register interfaces using `InterfaceRegistry` which provides a mechanism for registering interfaces: `RegisterInterface(protoName string, iface interface{}, impls ...proto.Message)` and implementations: `RegisterImplementations(iface interface{}, impls ...proto.Message)` that can be safely unpacked from Any, similarly to type registration with Amino: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/codec/types/interface_registry.go#L28-L75 +``` + +In addition, an `UnpackInterfaces` phase should be introduced to deserialization to unpack interfaces before they're needed. Protobuf types that contain a protobuf `Any` either directly or via one of their members should implement the `UnpackInterfacesMessage` interface: + +```go +type UnpackInterfacesMessage interface { + UnpackInterfaces(InterfaceUnpacker) error +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/06-grpc_rest.md b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/06-grpc_rest.md new file mode 100644 index 00000000..ee3af79e --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/06-grpc_rest.md @@ -0,0 +1,105 @@ +--- +sidebar_position: 1 +--- + +# gRPC, REST, and CometBFT Endpoints + +:::note Synopsis +This document presents an overview of all the endpoints a node exposes: gRPC, REST as well as some other endpoints. +::: + +## An Overview of All Endpoints + +Each node exposes the following endpoints for users to interact with a node, each endpoint is served on a different port. Details on how to configure each endpoint is provided in the endpoint's own section. + +* the gRPC server (default port: `9090`), +* the REST server (default port: `1317`), +* the CometBFT RPC endpoint (default port: `26657`). + +:::tip +The node also exposes some other endpoints, such as the CometBFT P2P endpoint, or the [Prometheus endpoint](https://docs.cometbft.com/v0.37/core/metrics), which are not directly related to the Cosmos SDK. Please refer to the [CometBFT documentation](https://docs.cometbft.com/v0.37/core/configuration) for more information about these endpoints. +::: + +:::note +All endpoints are defaulted to localhost and must be modified to be exposed to the public internet. +::: + +## gRPC Server + +In the Cosmos SDK, Protobuf is the main [encoding](./encoding) library. This brings a wide range of Protobuf-based tools that can be plugged into the Cosmos SDK. One such tool is [gRPC](https://grpc.io), a modern open-source high performance RPC framework that has decent client support in several languages. + +Each module exposes a [Protobuf `Query` service](../../build/building-modules/02-messages-and-queries.md#queries) that defines state queries. The `Query` services and a transaction service used to broadcast transactions are hooked up to the gRPC server via the following function inside the application: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/server/types/app.go#L46-L48 +``` + +Note: It is not possible to expose any [Protobuf `Msg` service](../../build/building-modules/02-messages-and-queries.md#messages) endpoints via gRPC. Transactions must be generated and signed using the CLI or programmatically before they can be broadcasted using gRPC. See [Generating, Signing, and Broadcasting Transactions](../../user/run-node/03-txs.md) for more information. + +The `grpc.Server` is a concrete gRPC server, which spawns and serves all gRPC query requests and a broadcast transaction request. This server can be configured inside `~/.simapp/config/app.toml`: + +* `grpc.enable = true|false` field defines if the gRPC server should be enabled. Defaults to `true`. +* `grpc.address = {string}` field defines the `ip:port` the server should bind to. Defaults to `localhost:9090`. + +:::tip +`~/.simapp` is the directory where the node's configuration and databases are stored. By default, it's set to `~/.{app_name}`. +::: + +Once the gRPC server is started, you can send requests to it using a gRPC client. Some examples are given in our [Interact with the Node](../../user/run-node/02-interact-node.md#using-grpc) tutorial. + +An overview of all available gRPC endpoints shipped with the Cosmos SDK is [Protobuf documentation](https://buf.build/cosmos/cosmos-sdk). + +## REST Server + +Cosmos SDK supports REST routes via gRPC-gateway. + +All routes are configured under the following fields in `~/.simapp/config/app.toml`: + +* `api.enable = true|false` field defines if the REST server should be enabled. Defaults to `false`. +* `api.address = {string}` field defines the `ip:port` the server should bind to. Defaults to `tcp://localhost:1317`. +* some additional API configuration options are defined in `~/.simapp/config/app.toml`, along with comments, please refer to that file directly. + +### gRPC-gateway REST Routes + +If, for various reasons, you cannot use gRPC (for example, you are building a web application, and browsers don't support HTTP2 on which gRPC is built), then the Cosmos SDK offers REST routes via gRPC-gateway. + +[gRPC-gateway](https://grpc-ecosystem.github.io/grpc-gateway/) is a tool to expose gRPC endpoints as REST endpoints. For each gRPC endpoint defined in a Protobuf `Query` service, the Cosmos SDK offers a REST equivalent. For instance, querying a balance could be done via the `/cosmos.bank.v1beta1.QueryAllBalances` gRPC endpoint, or alternatively via the gRPC-gateway `"/cosmos/bank/v1beta1/balances/{address}"` REST endpoint: both will return the same result. For each RPC method defined in a Protobuf `Query` service, the corresponding REST endpoint is defined as an option: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/bank/v1beta1/query.proto#L23-L30 +``` + +For application developers, gRPC-gateway REST routes needs to be wired up to the REST server, this is done by calling the `RegisterGRPCGatewayRoutes` function on the ModuleManager. + +### Swagger + +A [Swagger](https://swagger.io/) (or OpenAPIv2) specification file is exposed under the `/swagger` route on the API server. Swagger is an open specification describing the API endpoints a server serves, including description, input arguments, return types and much more about each endpoint. + +Enabling the `/swagger` endpoint is configurable inside `~/.simapp/config/app.toml` via the `api.swagger` field, which is set to false by default. + +For application developers, you may want to generate your own Swagger definitions based on your custom modules. +The Cosmos SDK's [Swagger generation script](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/scripts/protoc-swagger-gen.sh) is a good place to start. + +## CometBFT RPC + +Independently from the Cosmos SDK, CometBFT also exposes a RPC server. This RPC server can be configured by tuning parameters under the `rpc` table in the `~/.simapp/config/config.toml`, the default listening address is `tcp://localhost:26657`. An OpenAPI specification of all CometBFT RPC endpoints is available [here](https://docs.cometbft.com/main/rpc/). + +Some CometBFT RPC endpoints are directly related to the Cosmos SDK: + +* `/abci_query`: this endpoint will query the application for state. As the `path` parameter, you can send the following strings: + * any Protobuf fully-qualified service method, such as `/cosmos.bank.v1beta1.Query/AllBalances`. The `data` field should then include the method's request parameter(s) encoded as bytes using Protobuf. + * `/app/simulate`: this will simulate a transaction, and return some information such as gas used. + * `/app/version`: this will return the application's version. + * `/store/{storeName}/key`: this will directly query the named store for data associated with the key represented in the `data` parameter. + * `/store/{storeName}/subspace`: this will directly query the named store for key/value pairs in which the key has the value of the `data` parameter as a prefix. + * `/p2p/filter/addr/{port}`: this will return a filtered list of the node's P2P peers by address port. + * `/p2p/filter/id/{id}`: this will return a filtered list of the node's P2P peers by ID. +* `/broadcast_tx_{sync,async,commit}`: these 3 endpoints will broadcast a transaction to other peers. CLI, gRPC and REST expose [a way to broadcast transactions](./01-transactions.md#broadcasting-the-transaction), but they all use these 3 CometBFT RPCs under the hood. + +## Comparison Table + +| Name | Advantages | Disadvantages | +| -------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------- | +| gRPC | - can use code-generated stubs in various languages
    - supports streaming and bidirectional communication (HTTP2)
    - small wire binary sizes, faster transmission | - based on HTTP2, not available in browsers
    - learning curve (mostly due to Protobuf) | +| REST | - ubiquitous
    - client libraries in all languages, faster implementation
    | - only supports unary request-response communication (HTTP1.1)
    - bigger over-the-wire message sizes (JSON) | +| CometBFT RPC | - easy to use | - bigger over-the-wire message sizes (JSON) | diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/07-cli.md b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/07-cli.md new file mode 100644 index 00000000..1420f2e1 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/07-cli.md @@ -0,0 +1,211 @@ +--- +sidebar_position: 1 +--- + +# Command-Line Interface + +:::note Synopsis +This document describes how command-line interface (CLI) works on a high-level, for an [**application**](../beginner/00-app-anatomy.md). A separate document for implementing a CLI for a Cosmos SDK [**module**](../../build/building-modules/00-intro.md) can be found [here](../../build/building-modules/09-module-interfaces.md#cli). +::: + +## Command-Line Interface + +### Example Command + +There is no set way to create a CLI, but Cosmos SDK modules typically use the [Cobra Library](https://github.com/spf13/cobra). Building a CLI with Cobra entails defining commands, arguments, and flags. [**Commands**](#root-command) understand the actions users wish to take, such as `tx` for creating a transaction and `query` for querying the application. Each command can also have nested subcommands, necessary for naming the specific transaction type. Users also supply **Arguments**, such as account numbers to send coins to, and [**Flags**](#flags) to modify various aspects of the commands, such as gas prices or which node to broadcast to. + +Here is an example of a command a user might enter to interact with the simapp CLI `simd` in order to send some tokens: + +```bash +simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake --gas auto --gas-prices +``` + +The first four strings specify the command: + +* The root command for the entire application `simd`. +* The subcommand `tx`, which contains all commands that let users create transactions. +* The subcommand `bank` to indicate which module to route the command to ([`x/bank`](../../build/modules/bank/README.md) module in this case). +* The type of transaction `send`. + +The next two strings are arguments: the `from_address` the user wishes to send from, the `to_address` of the recipient, and the `amount` they want to send. Finally, the last few strings of the command are optional flags to indicate how much the user is willing to pay in fees (calculated using the amount of gas used to execute the transaction and the gas prices provided by the user). + +The CLI interacts with a [node](./03-node.md) to handle this command. The interface itself is defined in a `main.go` file. + +### Building the CLI + +The `main.go` file needs to have a `main()` function that creates a root command, to which all the application commands will be added as subcommands. The root command additionally handles: + +* **setting configurations** by reading in configuration files (e.g. the Cosmos SDK config file). +* **adding any flags** to it, such as `--chain-id`. +* **instantiating the `codec`** by injecting the application codecs. The [`codec`](./05-encoding.md) is used to encode and decode data structures for the application - stores can only persist `[]byte`s so the developer must define a serialization format for their data structures or use the default, Protobuf. +* **adding subcommand** for all the possible user interactions, including [transaction commands](#transaction-commands) and [query commands](#query-commands). + +The `main()` function finally creates an executor and [execute](https://pkg.go.dev/github.com/spf13/cobra#Command.Execute) the root command. See an example of `main()` function from the `simapp` application: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/simd/main.go#L12-L24 +``` + +The rest of the document will detail what needs to be implemented for each step and include smaller portions of code from the `simapp` CLI files. + +## Adding Commands to the CLI + +Every application CLI first constructs a root command, then adds functionality by aggregating subcommands (often with further nested subcommands) using `rootCmd.AddCommand()`. The bulk of an application's unique capabilities lies in its transaction and query commands, called `TxCmd` and `QueryCmd` respectively. + +### Root Command + +The root command (called `rootCmd`) is what the user first types into the command line to indicate which application they wish to interact with. The string used to invoke the command (the "Use" field) is typically the name of the application suffixed with `-d`, e.g. `simd` or `gaiad`. The root command typically includes the following commands to support basic functionality in the application. + +* **Status** command from the Cosmos SDK rpc client tools, which prints information about the status of the connected [`Node`](./03-node.md). The Status of a node includes `NodeInfo`,`SyncInfo` and `ValidatorInfo`. +* **Keys** [commands](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/client/keys) from the Cosmos SDK client tools, which includes a collection of subcommands for using the key functions in the Cosmos SDK crypto tools, including adding a new key and saving it to the keyring, listing all public keys stored in the keyring, and deleting a key. For example, users can type `simd keys add ` to add a new key and save an encrypted copy to the keyring, using the flag `--recover` to recover a private key from a seed phrase or the flag `--multisig` to group multiple keys together to create a multisig key. For full details on the `add` key command, see the code [here](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/client/keys/add.go). For more details about usage of `--keyring-backend` for storage of key credentials look at the [keyring docs](../../user/run-node/00-keyring.md). +* **Server** commands from the Cosmos SDK server package. These commands are responsible for providing the mechanisms necessary to start an ABCI CometBFT application and provides the CLI framework (based on [cobra](https://github.com/spf13/cobra)) necessary to fully bootstrap an application. The package exposes two core functions: `StartCmd` and `ExportCmd` which creates commands to start the application and export state respectively. +Learn more [here](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/server). +* [**Transaction**](#transaction-commands) commands. +* [**Query**](#query-commands) commands. + +Next is an example `rootCmd` function from the `simapp` application. It instantiates the root command, adds a [*persistent* flag](#flags) and `PreRun` function to be run before every execution, and adds all of the necessary subcommands. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/simd/cmd/root_v2.go#L47-L130 +``` + +:::tip +Use the `EnhanceRootCommand()` from the AutoCLI options to automatically add auto-generated commands from the modules to the root command. +Additionnally it adds all manually defined modules commands (`tx` and `query`) as well. +Read more about [AutoCLI](https://docs.cosmos.network/main/core/autocli) in its dedicated section. +::: + +`rootCmd` has a function called `initAppConfig()` which is useful for setting the application's custom configs. +By default app uses CometBFT app config template from Cosmos SDK, which can be over-written via `initAppConfig()`. +Here's an example code to override default `app.toml` template. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/simd/cmd/root_v2.go#L144-L199 +``` + +The `initAppConfig()` also allows overriding the default Cosmos SDK's [server config](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/server/config/config.go#L235). One example is the `min-gas-prices` config, which defines the minimum gas prices a validator is willing to accept for processing a transaction. By default, the Cosmos SDK sets this parameter to `""` (empty string), which forces all validators to tweak their own `app.toml` and set a non-empty value, or else the node will halt on startup. This might not be the best UX for validators, so the chain developer can set a default `app.toml` value for validators inside this `initAppConfig()` function. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/simd/cmd/root_v2.go#L164-L180 +``` + +The root-level `status` and `keys` subcommands are common across most applications and do not interact with application state. The bulk of an application's functionality - what users can actually *do* with it - is enabled by its `tx` and `query` commands. + +### Transaction Commands + +[Transactions](./01-transactions.md) are objects wrapping [`Msg`s](../../build/building-modules/02-messages-and-queries.md#messages) that trigger state changes. To enable the creation of transactions using the CLI interface, a function `txCommand` is generally added to the `rootCmd`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/simd/cmd/root_v2.go#L222-L229 +``` + +This `txCommand` function adds all the transaction available to end-users for the application. This typically includes: + +* **Sign command** from the [`auth`](../../build/modules/auth/README.md) module that signs messages in a transaction. To enable multisig, add the `auth` module's `MultiSign` command. Since every transaction requires some sort of signature in order to be valid, the signing command is necessary for every application. +* **Broadcast command** from the Cosmos SDK client tools, to broadcast transactions. +* **All [module transaction commands](../../build/building-modules/09-module-interfaces.md#transaction-commands)** the application is dependent on, retrieved by using the [basic module manager's](../../build/building-modules/01-module-manager.md#basic-manager) `AddTxCommands()` function, or enhanced by [AutoCLI](https://docs.cosmos.network/main/core/autocli). + +Here is an example of a `txCommand` aggregating these subcommands from the `simapp` application: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/simd/cmd/root_v2.go#L270-L292 +``` + +:::tip +When using AutoCLI to generate module transaction commands, `EnhanceRootCommand()` automatically adds the module `tx` command to the root command. +Read more about [AutoCLI](https://docs.cosmos.network/main/core/autocli) in its dedicated section. +::: + +### Query Commands + +[**Queries**](../../build/building-modules/02-messages-and-queries.md#queries) are objects that allow users to retrieve information about the application's state. To enable the creation of queries using the CLI interface, a function `queryCommand` is generally added to the `rootCmd`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/simd/cmd/root_v2.go#L222-L229 +``` + +This `queryCommand` function adds all the queries available to end-users for the application. This typically includes: + +* **QueryTx** and/or other transaction query commands from the `auth` module which allow the user to search for a transaction by inputting its hash, a list of tags, or a block height. These queries allow users to see if transactions have been included in a block. +* **Account command** from the `auth` module, which displays the state (e.g. account balance) of an account given an address. +* **Validator command** from the Cosmos SDK rpc client tools, which displays the validator set of a given height. +* **Block command** from the Cosmos SDK RPC client tools, which displays the block data for a given height. +* **All [module query commands](../../build/building-modules/09-module-interfaces.md#query-commands)** the application is dependent on, retrieved by using the [basic module manager's](../../build/building-modules/01-module-manager.md#basic-manager) `AddQueryCommands()` function, or enhanced by [AutoCLI](https://docs.cosmos.network/main/core/autocli). + +Here is an example of a `queryCommand` aggregating subcommands from the `simapp` application: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/simd/cmd/root_v2.go#L249-L268 +``` + +:::tip +When using AutoCLI to generate module query commands, `EnhanceRootCommand()` automatically adds the module `query` command to the root command. +Read more about [AutoCLI](https://docs.cosmos.network/main/core/autocli) in its dedicated section. +::: + +## Flags + +Flags are used to modify commands; developers can include them in a `flags.go` file with their CLI. Users can explicitly include them in commands or pre-configure them by inside their [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml). Commonly pre-configured flags include the `--node` to connect to and `--chain-id` of the blockchain the user wishes to interact with. + +A *persistent* flag (as opposed to a *local* flag) added to a command transcends all of its children: subcommands will inherit the configured values for these flags. Additionally, all flags have default values when they are added to commands; some toggle an option off but others are empty values that the user needs to override to create valid commands. A flag can be explicitly marked as *required* so that an error is automatically thrown if the user does not provide a value, but it is also acceptable to handle unexpected missing flags differently. + +Flags are added to commands directly (generally in the [module's CLI file](../../build/building-modules/09-module-interfaces.md#flags) where module commands are defined) and no flag except for the `rootCmd` persistent flags has to be added at application level. It is common to add a *persistent* flag for `--chain-id`, the unique identifier of the blockchain the application pertains to, to the root command. Adding this flag can be done in the `main()` function. Adding this flag makes sense as the chain ID should not be changing across commands in this application CLI. + +## Environment variables + +Each flag is bound to its respective named environment variable. Then name of the environment variable consist of two parts - capital case `basename` followed by flag name of the flag. `-` must be substituted with `_`. For example flag `--node` for application with basename `GAIA` is bound to `GAIA_NODE`. It allows reducing the amount of flags typed for routine operations. For example instead of: + +```shell +gaia --home=./ --node= --chain-id="testchain-1" --keyring-backend=test tx ... --from= +``` + +this will be more convenient: + +```shell +# define env variables in .env, .envrc etc +GAIA_HOME= +GAIA_NODE= +GAIA_CHAIN_ID="testchain-1" +GAIA_KEYRING_BACKEND="test" + +# and later just use +gaia tx ... --from= +``` + +## Configurations + +It is vital that the root command of an application uses `PersistentPreRun()` cobra command property for executing the command, so all child commands have access to the server and client contexts. These contexts are set as their default values initially and may be modified, scoped to the command, in their respective `PersistentPreRun()` functions. Note that the `client.Context` is typically pre-populated with "default" values that may be useful for all commands to inherit and override if necessary. + +Here is an example of an `PersistentPreRun()` function from `simapp`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/simd/cmd/root_v2.go#L81-L120 +``` + +The `SetCmdClientContextHandler` call reads persistent flags via `ReadPersistentCommandFlags` which creates a `client.Context` and sets that on the root command's `Context`. + +The `InterceptConfigsPreRunHandler` call creates a viper literal, default `server.Context`, and a logger and sets that on the root command's `Context`. The `server.Context` will be modified and saved to disk. The internal `interceptConfigs` call reads or creates a CometBFT configuration based on the home path provided. In addition, `interceptConfigs` also reads and loads the application configuration, `app.toml`, and binds that to the `server.Context` viper literal. This is vital so the application can get access to not only the CLI flags, but also to the application configuration values provided by this file. + +:::tip +When willing to configure which logger is used, do not use `InterceptConfigsPreRunHandler`, which sets the default SDK logger, but instead use `InterceptConfigsAndCreateContext` and set the server context and the logger manually: + +```diff +-return server.InterceptConfigsPreRunHandler(cmd, customAppTemplate, customAppConfig, customCMTConfig) + ++serverCtx, err := server.InterceptConfigsAndCreateContext(cmd, customAppTemplate, customAppConfig, customCMTConfig) ++if err != nil { ++ return err ++} + ++// overwrite default server logger ++logger, err := server.CreateSDKLogger(serverCtx, cmd.OutOrStdout()) ++if err != nil { ++ return err ++} ++serverCtx.Logger = logger.With(log.ModuleKey, "server") + ++// set server context ++return server.SetCmdServerContext(cmd, serverCtx) +``` + +::: diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/08-events.md b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/08-events.md new file mode 100644 index 00000000..410e20ad --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/08-events.md @@ -0,0 +1,159 @@ +--- +sidebar_position: 1 +--- +# Events + +:::note Synopsis +`Event`s are objects that contain information about the execution of the application. They are mainly used by service providers like block explorers and wallet to track the execution of various messages and index transactions. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK application](../beginner/00-app-anatomy.md) +* [CometBFT Documentation on Events](https://docs.cometbft.com/v0.37/spec/abci/abci++_basic_concepts#events) + +::: + +## Events + +Events are implemented in the Cosmos SDK as an alias of the ABCI `Event` type and +take the form of: `{eventType}.{attributeKey}={attributeValue}`. + +```protobuf reference +https://github.com/cometbft/cometbft/blob/v0.37.0/proto/tendermint/abci/types.proto#L334-L343 +``` + +An Event contains: + +* A `type` to categorize the Event at a high-level; for example, the Cosmos SDK uses the `"message"` type to filter Events by `Msg`s. +* A list of `attributes` are key-value pairs that give more information about the categorized Event. For example, for the `"message"` type, we can filter Events by key-value pairs using `message.action={some_action}`, `message.module={some_module}` or `message.sender={some_sender}`. +* A `msg_index` to identify which messages relate to the same transaction + +:::tip +To parse the attribute values as strings, make sure to add `'` (single quotes) around each attribute value. +::: + +_Typed Events_ are Protobuf-defined [messages](../../build/architecture/adr-032-typed-events.md) used by the Cosmos SDK +for emitting and querying Events. They are defined in a `event.proto` file, on a **per-module basis** and are read as `proto.Message`. +_Legacy Events_ are defined on a **per-module basis** in the module's `/types/events.go` file. +They are triggered from the module's Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md) +by using the [`EventManager`](#eventmanager). + +In addition, each module documents its events under in the `Events` sections of its specs (x/{moduleName}/`README.md`). + +Lastly, Events are returned to the underlying consensus engine in the response of the following ABCI messages: + +* [`BeginBlock`](./00-baseapp.md#beginblock) +* [`EndBlock`](./00-baseapp.md#endblock) +* [`CheckTx`](./00-baseapp.md#checktx) +* [`Transaction Execution`](./00-baseapp.md#transactionexecution) + +### Examples + +The following examples show how to query Events using the Cosmos SDK. + +| Event | Description | +| ------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `tx.height=23` | Query all transactions at height 23 | +| `message.action='/cosmos.bank.v1beta1.Msg/Send'` | Query all transactions containing a x/bank `Send` [Service `Msg`](../../build/building-modules/03-msg-services.md). Note the `'`s around the value. | +| `message.module='bank'` | Query all transactions containing messages from the x/bank module. Note the `'`s around the value. | +| `create_validator.validator='cosmosval1...'` | x/staking-specific Event, see [x/staking SPEC](../../build/modules/staking/README.md). | + +## EventManager + +In Cosmos SDK applications, Events are managed by an abstraction called the `EventManager`. +Internally, the `EventManager` tracks a list of Events for the entire execution flow of `FinalizeBlock` +(i.e. transaction execution, `BeginBlock`, `EndBlock`). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/events.go#L19-L26 +``` + +The `EventManager` comes with a set of useful methods to manage Events. The method +that is used most by module and application developers is `EmitTypedEvent` or `EmitEvent` that tracks +an Event in the `EventManager`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/events.go#L53-L62 +``` + +Module developers should handle Event emission via the `EventManager#EmitTypedEvent` or `EventManager#EmitEvent` in each message +`Handler` and in each `BeginBlock`/`EndBlock` handler. The `EventManager` is accessed via +the [`Context`](./02-context.md), where Event should be already registered, and emitted like this: + + +**Typed events:** + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/group/keeper/msg_server.go#L95-L97 +``` + +**Legacy events:** + +```go +ctx.EventManager().EmitEvent( + sdk.NewEvent(eventType, sdk.NewAttribute(attributeKey, attributeValue)), +) +``` + +Where the `EventManager` is accessed via the [`Context`](./02-context.md). + +See the [`Msg` services](../../build/building-modules/03-msg-services.md) concept doc for a more detailed +view on how to typically implement Events and use the `EventManager` in modules. + +## Subscribing to Events + +You can use CometBFT's [Websocket](https://docs.cometbft.com/v0.37/core/subscription) to subscribe to Events by calling the `subscribe` RPC method: + +```json +{ + "jsonrpc": "2.0", + "method": "subscribe", + "id": "0", + "params": { + "query": "tm.event='eventCategory' AND eventType.eventAttribute='attributeValue'" + } +} +``` + +The main `eventCategory` you can subscribe to are: + +* `NewBlock`: Contains Events triggered during `BeginBlock` and `EndBlock`. +* `Tx`: Contains Events triggered during `DeliverTx` (i.e. transaction processing). +* `ValidatorSetUpdates`: Contains validator set updates for the block. + +These Events are triggered from the `state` package after a block is committed. You can get the +full list of Event categories [on the CometBFT Go documentation](https://pkg.go.dev/github.com/cometbft/cometbft/types#pkg-constants). + +The `type` and `attribute` value of the `query` allow you to filter the specific Event you are looking for. For example, a `Mint` transaction triggers an Event of type `EventMint` and has an `Id` and an `Owner` as `attributes` (as defined in the [`events.proto` file of the `NFT` module](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/nft/v1beta1/event.proto#L21-L31)). + +Subscribing to this Event would be done like so: + +```json +{ + "jsonrpc": "2.0", + "method": "subscribe", + "id": "0", + "params": { + "query": "tm.event='Tx' AND mint.owner='ownerAddress'" + } +} +``` + +where `ownerAddress` is an address following the [`AccAddress`](../beginner/03-accounts.md#addresses) format. + +The same way can be used to subscribe to [legacy events](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/types/events.go). + +## Default Events + +There are a few events that are automatically emitted for all messages, directly from `baseapp`. + +* `message.action`: The name of the message type. +* `message.sender`: The address of the message signer. +* `message.module`: The name of the module that emitted the message. + +:::tip +The module name is assumed by `baseapp` to be the second element of the message route: `"cosmos.bank.v1beta1.MsgSend" -> "bank"`. +In case a module does not follow the standard message path, (e.g. IBC), it is advised to keep emitting the module name event. +`Baseapp` only emits that event if the module have not already done so. +::: diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/09-telemetry.md b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/09-telemetry.md new file mode 100644 index 00000000..c5916544 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/09-telemetry.md @@ -0,0 +1,128 @@ +--- +sidebar_position: 1 +--- + +# Telemetry + +:::note Synopsis +Gather relevant insights about your application and modules with custom metrics and telemetry. +::: + +The Cosmos SDK enables operators and developers to gain insight into the performance and behavior of +their application through the use of the `telemetry` package. To enable telemetrics, set `telemetry.enabled = true` in the app.toml config file. + +The Cosmos SDK currently supports enabling in-memory and prometheus as telemetry sinks. In-memory sink is always attached (when the telemetry is enabled) with 10 second interval and 1 minute retention. This means that metrics will be aggregated over 10 seconds, and metrics will be kept alive for 1 minute. + +To query active metrics (see retention note above) you have to enable API server (`api.enabled = true` in the app.toml). Single API endpoint is exposed: `http://localhost:1317/metrics?format={text|prometheus}`, the default being `text`. + +## Emitting metrics + +If telemetry is enabled via configuration, a single global metrics collector is registered via the +[go-metrics](https://github.com/hashicorp/go-metrics) library. This allows emitting and collecting +metrics through simple [API](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/telemetry/wrapper.go). Example: + +```go +func EndBlocker(ctx sdk.Context, k keeper.Keeper) { + defer telemetry.ModuleMeasureSince(types.ModuleName, time.Now(), telemetry.MetricKeyEndBlocker) + + // ... +} +``` + +Developers may use the `telemetry` package directly, which provides wrappers around metric APIs +that include adding useful labels, or they must use the `go-metrics` library directly. It is preferable +to add as much context and adequate dimensionality to metrics as possible, so the `telemetry` package +is advised. Regardless of the package or method used, the Cosmos SDK supports the following metrics +types: + +* gauges +* summaries +* counters + +## Labels + +Certain components of modules will have their name automatically added as a label (e.g. `BeginBlock`). +Operators may also supply the application with a global set of labels that will be applied to all +metrics emitted using the `telemetry` package (e.g. chain-id). Global labels are supplied as a list +of [name, value] tuples. + +Example: + +```toml +global-labels = [ + ["chain_id", "chain-OfXo4V"], +] +``` + +## Cardinality + +Cardinality is key, specifically label and key cardinality. Cardinality is how many unique values of +something there are. So there is naturally a tradeoff between granularity and how much stress is put +on the telemetry sink in terms of indexing, scrape, and query performance. + +Developers should take care to support metrics with enough dimensionality and granularity to be +useful, but not increase the cardinality beyond the sink's limits. A general rule of thumb is to not +exceed a cardinality of 10. + +Consider the following examples with enough granularity and adequate cardinality: + +* begin/end blocker time +* tx gas used +* block gas used +* amount of tokens minted +* amount of accounts created + +The following examples expose too much cardinality and may not even prove to be useful: + +* transfers between accounts with amount +* voting/deposit amount from unique addresses + +## Supported Metrics + +| Metric | Description | Unit | Type | +|:--------------------------------|:------------------------------------------------------------------------------------------|:----------------|:--------| +| `tx_count` | Total number of txs processed via `DeliverTx` | tx | counter | +| `tx_successful` | Total number of successful txs processed via `DeliverTx` | tx | counter | +| `tx_failed` | Total number of failed txs processed via `DeliverTx` | tx | counter | +| `tx_gas_used` | The total amount of gas used by a tx | gas | gauge | +| `tx_gas_wanted` | The total amount of gas requested by a tx | gas | gauge | +| `tx_msg_send` | The total amount of tokens sent in a `MsgSend` (per denom) | token | gauge | +| `tx_msg_withdraw_reward` | The total amount of tokens withdrawn in a `MsgWithdrawDelegatorReward` (per denom) | token | gauge | +| `tx_msg_withdraw_commission` | The total amount of tokens withdrawn in a `MsgWithdrawValidatorCommission` (per denom) | token | gauge | +| `tx_msg_delegate` | The total amount of tokens delegated in a `MsgDelegate` | token | gauge | +| `tx_msg_begin_unbonding` | The total amount of tokens undelegated in a `MsgUndelegate` | token | gauge | +| `tx_msg_begin_begin_redelegate` | The total amount of tokens redelegated in a `MsgBeginRedelegate` | token | gauge | +| `tx_msg_ibc_transfer` | The total amount of tokens transferred via IBC in a `MsgTransfer` (source or sink chain) | token | gauge | +| `ibc_transfer_packet_receive` | The total amount of tokens received in a `FungibleTokenPacketData` (source or sink chain) | token | gauge | +| `new_account` | Total number of new accounts created | account | counter | +| `gov_proposal` | Total number of governance proposals | proposal | counter | +| `gov_vote` | Total number of governance votes for a proposal | vote | counter | +| `gov_deposit` | Total number of governance deposits for a proposal | deposit | counter | +| `staking_delegate` | Total number of delegations | delegation | counter | +| `staking_undelegate` | Total number of undelegations | undelegation | counter | +| `staking_redelegate` | Total number of redelegations | redelegation | counter | +| `ibc_transfer_send` | Total number of IBC transfers sent from a chain (source or sink) | transfer | counter | +| `ibc_transfer_receive` | Total number of IBC transfers received to a chain (source or sink) | transfer | counter | +| `ibc_client_create` | Total number of clients created | create | counter | +| `ibc_client_update` | Total number of client updates | update | counter | +| `ibc_client_upgrade` | Total number of client upgrades | upgrade | counter | +| `ibc_client_misbehaviour` | Total number of client misbehaviours | misbehaviour | counter | +| `ibc_connection_open-init` | Total number of connection `OpenInit` handshakes | handshake | counter | +| `ibc_connection_open-try` | Total number of connection `OpenTry` handshakes | handshake | counter | +| `ibc_connection_open-ack` | Total number of connection `OpenAck` handshakes | handshake | counter | +| `ibc_connection_open-confirm` | Total number of connection `OpenConfirm` handshakes | handshake | counter | +| `ibc_channel_open-init` | Total number of channel `OpenInit` handshakes | handshake | counter | +| `ibc_channel_open-try` | Total number of channel `OpenTry` handshakes | handshake | counter | +| `ibc_channel_open-ack` | Total number of channel `OpenAck` handshakes | handshake | counter | +| `ibc_channel_open-confirm` | Total number of channel `OpenConfirm` handshakes | handshake | counter | +| `ibc_channel_close-init` | Total number of channel `CloseInit` handshakes | handshake | counter | +| `ibc_channel_close-confirm` | Total number of channel `CloseConfirm` handshakes | handshake | counter | +| `tx_msg_ibc_recv_packet` | Total number of IBC packets received | packet | counter | +| `tx_msg_ibc_acknowledge_packet` | Total number of IBC packets acknowledged | acknowledgement | counter | +| `ibc_timeout_packet` | Total number of IBC timeout packets | timeout | counter | +| `store_iavl_get` | Duration of an IAVL `Store#Get` call | ms | summary | +| `store_iavl_set` | Duration of an IAVL `Store#Set` call | ms | summary | +| `store_iavl_has` | Duration of an IAVL `Store#Has` call | ms | summary | +| `store_iavl_delete` | Duration of an IAVL `Store#Delete` call | ms | summary | +| `store_iavl_commit` | Duration of an IAVL `Store#Commit` call | ms | summary | +| `store_iavl_query` | Duration of an IAVL `Store#Query` call | ms | summary | diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/10-ocap.md b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/10-ocap.md new file mode 100644 index 00000000..c5a472b7 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/10-ocap.md @@ -0,0 +1,76 @@ +--- +sidebar_position: 1 +--- + +# Object-Capability Model + +## Intro + +When thinking about security, it is good to start with a specific threat model. Our threat model is the following: + +> We assume that a thriving ecosystem of Cosmos SDK modules that are easy to compose into a blockchain application will contain faulty or malicious modules. + +The Cosmos SDK is designed to address this threat by being the +foundation of an object capability system. + +> The structural properties of object capability systems favor +> modularity in code design and ensure reliable encapsulation in +> code implementation. +> +> These structural properties facilitate the analysis of some +> security properties of an object-capability program or operating +> system. Some of these — in particular, information flow properties +> — can be analyzed at the level of object references and +> connectivity, independent of any knowledge or analysis of the code +> that determines the behavior of the objects. +> +> As a consequence, these security properties can be established +> and maintained in the presence of new objects that contain unknown +> and possibly malicious code. +> +> These structural properties stem from the two rules governing +> access to existing objects: +> +> 1. An object A can send a message to B only if object A holds a +> reference to B. +> 2. An object A can obtain a reference to C only +> if object A receives a message containing a reference to C. As a +> consequence of these two rules, an object can obtain a reference +> to another object only through a preexisting chain of references. +> In short, "Only connectivity begets connectivity." + +For an introduction to object-capabilities, see this [Wikipedia article](https://en.wikipedia.org/wiki/Object-capability_model). + +## Ocaps in practice + +The idea is to only reveal what is necessary to get the work done. + +For example, the following code snippet violates the object capabilities +principle: + +```go +type AppAccount struct {...} +account := &AppAccount{ + Address: pub.Address(), + Coins: sdk.Coins{sdk.NewInt64Coin("ATM", 100)}, +} +sumValue := externalModule.ComputeSumValue(account) +``` + +The method `ComputeSumValue` implies a pure function, yet the implied +capability of accepting a pointer value is the capability to modify that +value. The preferred method signature should take a copy instead. + +```go +sumValue := externalModule.ComputeSumValue(*account) +``` + +In the Cosmos SDK, you can see the application of this principle in simapp. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/app.go +``` + +The following diagram shows the current dependencies between keepers. + +![Keeper dependencies](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/keeper_dependencies.svg) diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/11-runtx_middleware.md b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/11-runtx_middleware.md new file mode 100644 index 00000000..f083a778 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/11-runtx_middleware.md @@ -0,0 +1,67 @@ +--- +sidebar_position: 1 +--- + +# RunTx recovery middleware + +`BaseApp.runTx()` function handles Go panics that might occur during transactions execution, for example, keeper has faced an invalid state and paniced. +Depending on the panic type different handler is used, for instance the default one prints an error log message. +Recovery middleware is used to add custom panic recovery for Cosmos SDK application developers. + +More context can found in the corresponding [ADR-022](../../build/architecture/adr-022-custom-panic-handling.md) and the implementation in [recovery.go](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/baseapp/recovery.go). + +## Interface + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/baseapp/recovery.go#L14-L17 +``` + +`recoveryObj` is a return value for `recover()` function from the `buildin` Go package. + +**Contract:** + +* RecoveryHandler returns `nil` if `recoveryObj` wasn't handled and should be passed to the next recovery middleware; +* RecoveryHandler returns a non-nil `error` if `recoveryObj` was handled; + +## Custom RecoveryHandler register + +`BaseApp.AddRunTxRecoveryHandler(handlers ...RecoveryHandler)` + +BaseApp method adds recovery middleware to the default recovery chain. + +## Example + +Lets assume we want to emit the "Consensus failure" chain state if some particular error occurred. + +We have a module keeper that panics: + +```go +func (k FooKeeper) Do(obj interface{}) { + if obj == nil { + // that shouldn't happen, we need to crash the app + err := errorsmod.Wrap(fooTypes.InternalError, "obj is nil") + panic(err) + } +} +``` + +By default that panic would be recovered and an error message will be printed to log. To override that behaviour we should register a custom RecoveryHandler: + +```go +// Cosmos SDK application constructor +customHandler := func(recoveryObj interface{}) error { + err, ok := recoveryObj.(error) + if !ok { + return nil + } + + if fooTypes.InternalError.Is(err) { + panic(fmt.Errorf("FooKeeper did panic with error: %w", err)) + } + + return nil +} + +baseApp := baseapp.NewBaseApp(...) +baseApp.AddRunTxRecoveryHandler(customHandler) +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/12-simulation.md b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/12-simulation.md new file mode 100644 index 00000000..dfbcddd0 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/12-simulation.md @@ -0,0 +1,101 @@ +--- +sidebar_position: 1 +--- + +# Cosmos Blockchain Simulator + +The Cosmos SDK offers a full fledged simulation framework to fuzz test every +message defined by a module. + +On the Cosmos SDK, this functionality is provided by [`SimApp`](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/app_v2.go), which is a +`Baseapp` application that is used for running the [`simulation`](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/simulation) module. +This module defines all the simulation logic as well as the operations for +randomized parameters like accounts, balances etc. + +## Goals + +The blockchain simulator tests how the blockchain application would behave under +real life circumstances by generating and sending randomized messages. +The goal of this is to detect and debug failures that could halt a live chain, +by providing logs and statistics about the operations run by the simulator as +well as exporting the latest application state when a failure was found. + +Its main difference with integration testing is that the simulator app allows +you to pass parameters to customize the chain that's being simulated. +This comes in handy when trying to reproduce bugs that were generated in the +provided operations (randomized or not). + +## Simulation commands + +The simulation app has different commands, each of which tests a different +failure type: + +* `AppImportExport`: The simulator exports the initial app state and then it + creates a new app with the exported `genesis.json` as an input, checking for + inconsistencies between the stores. +* `AppSimulationAfterImport`: Queues two simulations together. The first one provides the app state (_i.e_ genesis) to the second. Useful to test software upgrades or hard-forks from a live chain. +* `AppStateDeterminism`: Checks that all the nodes return the same values, in the same order. +* `BenchmarkInvariants`: Analysis of the performance of running all modules' invariants (_i.e_ sequentially runs a [benchmark](https://pkg.go.dev/testing/#hdr-Benchmarks) test). An invariant checks for + differences between the values that are on the store and the passive tracker. Eg: total coins held by accounts vs total supply tracker. +* `FullAppSimulation`: General simulation mode. Runs the chain and the specified operations for a given number of blocks. Tests that there're no `panics` on the simulation. It does also run invariant checks on every `Period` but they are not benchmarked. + +Each simulation must receive a set of inputs (_i.e_ flags) such as the number of +blocks that the simulation is run, seed, block size, etc. +Check the full list of flags [here](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/simulation/client/cli/flags.go#L35-L59). + +## Simulator Modes + +In addition to the various inputs and commands, the simulator runs in three modes: + +1. Completely random where the initial state, module parameters and simulation + parameters are **pseudo-randomly generated**. +2. From a `genesis.json` file where the initial state and the module parameters are defined. + This mode is helpful for running simulations on a known state such as a live network export where a new (mostly likely breaking) version of the application needs to be tested. +3. From a `params.json` file where the initial state is pseudo-randomly generated but the module and simulation parameters can be provided manually. + This allows for a more controlled and deterministic simulation setup while allowing the state space to still be pseudo-randomly simulated. + The list of available parameters are listed [here](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/simulation/client/cli/flags.go#L59-L78). + +:::tip +These modes are not mutually exclusive. So you can for example run a randomly +generated genesis state (`1`) with manually generated simulation params (`3`). +::: + +## Usage + +This is a general example of how simulations are run. For more specific examples +check the Cosmos SDK [Makefile](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/Makefile#L282-L318). + +```bash + $ go test -mod=readonly github.com/cosmos/cosmos-sdk/simapp \ + -run=TestApp \ + ... + -v -timeout 24h +``` + +## Debugging Tips + +Here are some suggestions when encountering a simulation failure: + +* Export the app state at the height where the failure was found. You can do this + by passing the `-ExportStatePath` flag to the simulator. +* Use `-Verbose` logs. They could give you a better hint on all the operations + involved. +* Reduce the simulation `-Period`. This will run the invariants checks more + frequently. +* Print all the failed invariants at once with `-PrintAllInvariants`. +* Try using another `-Seed`. If it can reproduce the same error and if it fails + sooner, you will spend less time running the simulations. +* Reduce the `-NumBlocks` . How's the app state at the height previous to the + failure? +* Run invariants on every operation with `-SimulateEveryOperation`. _Note_: this + will slow down your simulation **a lot**. +* Try adding logs to operations that are not logged. You will have to define a + [Logger](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/staking/keeper/keeper.go#L65-L68) on your `Keeper`. + +## Use simulation in your Cosmos SDK-based application + +Learn how you can build the simulation into your Cosmos SDK-based application: + +* Application Simulation Manager +* [Building modules: Simulator](../../build/building-modules/14-simulator.md) +* Simulator tests diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/13-proto-docs.md b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/13-proto-docs.md new file mode 100644 index 00000000..6c857446 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/13-proto-docs.md @@ -0,0 +1,7 @@ +--- +sidebar_position: 1 +--- + +# Protobuf Documentation + +See [Cosmos SDK Buf Proto-docs](https://buf.build/cosmos/cosmos-sdk/docs/main) diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/15-upgrade.md b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/15-upgrade.md new file mode 100644 index 00000000..5d56f2b5 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/15-upgrade.md @@ -0,0 +1,162 @@ +--- +sidebar_position: 1 +--- + +# In-Place Store Migrations + +:::warning +Read and understand all the in-place store migration documentation before you run a migration on a live chain. +::: + +:::note Synopsis +Upgrade your app modules smoothly with custom in-place store migration logic. +::: + +The Cosmos SDK uses two methods to perform upgrades: + +* Exporting the entire application state to a JSON file using the `export` CLI command, making changes, and then starting a new binary with the changed JSON file as the genesis file. + +* Perform upgrades in place, which significantly decrease the upgrade time for chains with a larger state. Use the [Module Upgrade Guide](../../build/building-modules/13-upgrade.md) to set up your application modules to take advantage of in-place upgrades. + +This document provides steps to use the In-Place Store Migrations upgrade method. + +## Tracking Module Versions + +Each module gets assigned a consensus version by the module developer. The consensus version serves as the breaking change version of the module. The Cosmos SDK keeps track of all module consensus versions in the x/upgrade `VersionMap` store. During an upgrade, the difference between the old `VersionMap` stored in state and the new `VersionMap` is calculated by the Cosmos SDK. For each identified difference, the module-specific migrations are run and the respective consensus version of each upgraded module is incremented. + +### Consensus Version + +The consensus version is defined on each app module by the module developer and serves as the breaking change version of the module. The consensus version informs the Cosmos SDK on which modules need to be upgraded. For example, if the bank module was version 2 and an upgrade introduces bank module 3, the Cosmos SDK upgrades the bank module and runs the "version 2 to 3" migration script. + +### Version Map + +The version map is a mapping of module names to consensus versions. The map is persisted to x/upgrade's state for use during in-place migrations. When migrations finish, the updated version map is persisted in the state. + +## Upgrade Handlers + +Upgrades use an `UpgradeHandler` to facilitate migrations. The `UpgradeHandler` functions implemented by the app developer must conform to the following function signature. These functions retrieve the `VersionMap` from x/upgrade's state and return the new `VersionMap` to be stored in x/upgrade after the upgrade. The diff between the two `VersionMap`s determines which modules need upgrading. + +```go +type UpgradeHandler func(ctx sdk.Context, plan Plan, fromVM VersionMap) (VersionMap, error) +``` + +Inside these functions, you must perform any upgrade logic to include in the provided `plan`. All upgrade handler functions must end with the following line of code: + +```go + return app.mm.RunMigrations(ctx, cfg, fromVM) +``` + +## Running Migrations + +Migrations are run inside of an `UpgradeHandler` using `app.mm.RunMigrations(ctx, cfg, vm)`. The `UpgradeHandler` functions describe the functionality to occur during an upgrade. The `RunMigration` function loops through the `VersionMap` argument and runs the migration scripts for all versions that are less than the versions of the new binary app module. After the migrations are finished, a new `VersionMap` is returned to persist the upgraded module versions to state. + +```go +cfg := module.NewConfigurator(...) +app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + + // ... + // additional upgrade logic + // ... + + // returns a VersionMap with the updated module ConsensusVersions + return app.mm.RunMigrations(ctx, fromVM) +}) +``` + +To learn more about configuring migration scripts for your modules, see the [Module Upgrade Guide](../../build/building-modules/13-upgrade.md). + +### Order Of Migrations + +By default, all migrations are run in module name alphabetical ascending order, except `x/auth` which is run last. The reason is state dependencies between x/auth and other modules (you can read more in [issue #10606](https://github.com/cosmos/cosmos-sdk/issues/10606)). + +If you want to change the order of migration, then you should call `app.mm.SetOrderMigrations(module1, module2, ...)` in your app.go file. The function will panic if you forget to include a module in the argument list. + +## Adding New Modules During Upgrades + +You can introduce entirely new modules to the application during an upgrade. New modules are recognized because they have not yet been registered in `x/upgrade`'s `VersionMap` store. In this case, `RunMigrations` calls the `InitGenesis` function from the corresponding module to set up its initial state. + +### Add StoreUpgrades for New Modules + +All chains preparing to run in-place store migrations will need to manually add store upgrades for new modules and then configure the store loader to apply those upgrades. This ensures that the new module's stores are added to the multistore before the migrations begin. + +```go +upgradeInfo, err := app.UpgradeKeeper.ReadUpgradeInfoFromDisk() +if err != nil { + panic(err) +} + +if upgradeInfo.Name == "my-plan" && !app.UpgradeKeeper.IsSkipHeight(upgradeInfo.Height) { + storeUpgrades := storetypes.StoreUpgrades{ + // add store upgrades for new modules + // Example: + // Added: []string{"foo", "bar"}, + // ... + } + + // configure store loader that checks if version == upgradeHeight and applies store upgrades + app.SetStoreLoader(upgradetypes.UpgradeStoreLoader(upgradeInfo.Height, &storeUpgrades)) +} +``` + +## Genesis State + +When starting a new chain, the consensus version of each module MUST be saved to state during the application's genesis. To save the consensus version, add the following line to the `InitChainer` method in `app.go`: + +```diff +func (app *MyApp) InitChainer(ctx sdk.Context, req abci.RequestInitChain) abci.ResponseInitChain { + ... ++ app.UpgradeKeeper.SetModuleVersionMap(ctx, app.mm.GetVersionMap()) + ... +} +``` + +This information is used by the Cosmos SDK to detect when modules with newer versions are introduced to the app. + +For a new module `foo`, `InitGenesis` is called by `RunMigration` only when `foo` is registered in the module manager but it's not set in the `fromVM`. Therefore, if you want to skip `InitGenesis` when a new module is added to the app, then you should set its module version in `fromVM` to the module consensus version: + +```go +app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + // ... + + // Set foo's version to the latest ConsensusVersion in the VersionMap. + // This will skip running InitGenesis on Foo + fromVM[foo.ModuleName] = foo.AppModule{}.ConsensusVersion() + + return app.mm.RunMigrations(ctx, fromVM) +}) +``` + +### Overwriting Genesis Functions + +The Cosmos SDK offers modules that the application developer can import in their app. These modules often have an `InitGenesis` function already defined. + +You can write your own `InitGenesis` function for an imported module. To do this, manually trigger your custom genesis function in the upgrade handler. + +:::warning +You MUST manually set the consensus version in the version map passed to the `UpgradeHandler` function. Without this, the SDK will run the Module's existing `InitGenesis` code even if you triggered your custom function in the `UpgradeHandler`. +::: + +```go +import foo "github.com/my/module/foo" + +app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + + // Register the consensus version in the version map + // to avoid the SDK from triggering the default + // InitGenesis function. + fromVM["foo"] = foo.AppModule{}.ConsensusVersion() + + // Run custom InitGenesis for foo + app.mm["foo"].InitGenesis(ctx, app.appCodec, myCustomGenesisState) + + return app.mm.RunMigrations(ctx, cfg, fromVM) +}) +``` + +## Syncing a Full Node to an Upgraded Blockchain + +You can sync a full node to an existing blockchain which has been upgraded using Cosmovisor + +To successfully sync, you must start with the initial binary that the blockchain started with at genesis. If all Software Upgrade Plans contain binary instruction, then you can run Cosmovisor with auto-download option to automatically handle downloading and switching to the binaries associated with each sequential upgrade. Otherwise, you need to manually provide all binaries to Cosmovisor. + +To learn more about Cosmovisor, see the [Cosmovisor Quick Start](../../build/tooling/01-cosmovisor.md). diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/16-config.md b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/16-config.md new file mode 100644 index 00000000..03aa55a2 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/16-config.md @@ -0,0 +1,24 @@ +--- +sidebar_position: 1 +--- + +# Configuration + +This documentation refers to the app.toml, if you'd like to read about the config.toml please visit [CometBFT docs](https://docs.cometbft.com/v0.37/). + + +```python reference +https://github.com/cosmos/cosmos-sdk/blob/main/tools/confix/data/v0.47-app.toml +``` + +## inter-block-cache + +This feature will consume more ram than a normal node, if enabled. + +## iavl-cache-size + +Using this feature will increase ram consumption + +## iavl-lazy-loading + +This feature is to be used for archive nodes, allowing them to have a faster start up time. diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/17-autocli.md b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/17-autocli.md new file mode 100644 index 00000000..06410452 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/17-autocli.md @@ -0,0 +1,215 @@ +--- +sidebar_position: 1 +--- + +# AutoCLI + +:::note Synopsis +This document details how to build CLI and REST interfaces for a module. Examples from various Cosmos SDK modules are included. +::: + +:::note Pre-requisite Readings + +* [CLI](https://docs.cosmos.network/main/core/cli) + +::: + +The `autocli` (also known as `client/v2`) package is a [Go library](https://pkg.go.dev/cosmossdk.io/client/v2/autocli) for generating CLI (command line interface) interfaces for Cosmos SDK-based applications. It provides a simple way to add CLI commands to your application by generating them automatically based on your gRPC service definitions. Autocli generates CLI commands and flags directly from your protobuf messages, including options, input parameters, and output parameters. This means that you can easily add a CLI interface to your application without having to manually create and manage commands. + +## Overview + +`autocli` generates CLI commands and flags for each method defined in your gRPC service. By default, it generates commands for each gRPC services. The commands are named based on the name of the service method. + +For example, given the following protobuf definition for a service: + +```protobuf +service MyService { + rpc MyMethod(MyRequest) returns (MyResponse) {} +} +``` + +For instance, `autocli` would generate a command named `my-method` for the `MyMethod` method. The command will have flags for each field in the `MyRequest` message. + +It is possible to customize the generation of transactions and queries by defining options for each service. + +## Application Wiring + +Here are the steps to use AutoCLI: + +1. Ensure your app's modules implements the `appmodule.AppModule` interface. +2. (optional) Configure how behave `autocli` command generation, by implementing the `func (am AppModule) AutoCLIOptions() *autocliv1.ModuleOptions` method on the module. +3. Use the `autocli.AppOptions` struct to specify the modules you defined. If you are using `depinject`, it can automatically create an instance of `autocli.AppOptions` based on your app's configuration. +4. Use the `EnhanceRootCommand()` method provided by `autocli` to add the CLI commands for the specified modules to your root command. + +:::tip +AutoCLI is additive only, meaning _enhancing_ the root command will only add subcommands that are not already registered. This means that you can use AutoCLI alongside other custom commands within your app. +::: + +Here's an example of how to use `autocli` in your app: + +``` go +// Define your app's modules +testModules := map[string]appmodule.AppModule{ + "testModule": &TestModule{}, +} + +// Define the autocli AppOptions +autoCliOpts := autocli.AppOptions{ + Modules: testModules, +} + +// Create the root command +rootCmd := &cobra.Command{ + Use: "app", +} + +if err := appOptions.EnhanceRootCommand(rootCmd); err != nil { + return err +} + +// Run the root command +if err := rootCmd.Execute(); err != nil { + return err +} +``` + +### Keyring + +`autocli` uses a keyring for key name resolving names and signing transactions. + +:::tip +AutoCLI provides a better UX than normal CLI as it allows to resolve key names directly from the keyring in all transactions and commands. + +```sh + q bank balances alice + tx bank send alice bob 1000denom +``` + +::: + +The keyring used for resolving names and signing transactions is provided via the `client.Context`. +The keyring is then converted to the `client/v2/autocli/keyring` interface. +If no keyring is provided, the `autocli` generated command will not be able to sign transactions, but will still be able to query the chain. + +:::tip +The Cosmos SDK keyring and Hubl keyring both implement the `client/v2/autocli/keyring` interface, thanks to the following wrapper: + +```go +keyring.NewAutoCLIKeyring(kb) +``` + +::: + +## Signing + +`autocli` supports signing transactions with the keyring. +The [`cosmos.msg.v1.signer` protobuf annotation](https://docs.cosmos.network/main/build/building-modules/protobuf-annotations) defines the signer field of the message. +This field is automatically filled when using the `--from` flag or defining the signer as a positional argument. + +:::warning +AutoCLI currently supports only one signer per transaction. +::: + +## Module Wiring & Customization + +The `AutoCLIOptions()` method on your module allows to specify custom commands, sub-commands or flags for each service, as it was a `cobra.Command` instance, within the `RpcCommandOptions` struct. Defining such options will customize the behavior of the `autocli` command generation, which by default generates a command for each method in your gRPC service. + +```go +*autocliv1.RpcCommandOptions{ + RpcMethod: "Params", // The name of the gRPC service + Use: "params", // Command usage that is displayed in the help + Short: "Query the parameters of the governance process", // Short description of the command + Long: "Query the parameters of the governance process. Specify specific param types (voting|tallying|deposit) to filter results.", // Long description of the command + PositionalArgs: []*autocliv1.PositionalArgDescriptor{ + {ProtoField: "params_type", Optional: true}, // Transform a flag into a positional argument + }, +} +``` + +### Specifying Subcommands + +By default, `autocli` generates a command for each method in your gRPC service. However, you can specify subcommands to group related commands together. To specify subcommands, use the `autocliv1.ServiceCommandDescriptor` struct. + +This example shows how to use the `autocliv1.ServiceCommandDescriptor` struct to group related commands together and specify subcommands in your gRPC service by defining an instance of `autocliv1.ModuleOptions` in your `autocli.go`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-beta.0/x/gov/autocli.go#L94-L97 +``` + +### Positional Arguments + +By default `autocli` generates a flag for each field in your protobuf message. However, you can choose to use positional arguments instead of flags for certain fields. + +To add positional arguments to a command, use the `autocliv1.PositionalArgDescriptor` struct, as seen in the example below. Specify the `ProtoField` parameter, which is the name of the protobuf field that should be used as the positional argument. In addition, if the parameter is a variable-length argument, you can specify the `Varargs` parameter as `true`. This can only be applied to the last positional parameter, and the `ProtoField` must be a repeated field. + +Here's an example of how to define a positional argument for the `Account` method of the `auth` service: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-beta.0/x/auth/autocli.go#L25-L30 +``` + +Then the command can be used as follows, instead of having to specify the `--address` flag: + +```bash + query auth account cosmos1abcd...xyz +``` + +### Customising Flag Names + +By default, `autocli` generates flag names based on the names of the fields in your protobuf message. However, you can customise the flag names by providing a `FlagOptions`. This parameter allows you to specify custom names for flags based on the names of the message fields. + +For example, if you have a message with the fields `test` and `test1`, you can use the following naming options to customise the flags: + +``` go +autocliv1.RpcCommandOptions{ + FlagOptions: map[string]*autocliv1.FlagOptions{ + "test": { Name: "custom_name", }, + "test1": { Name: "other_name", }, + }, +} +``` + +`FlagsOptions` is defined like sub commands in the `AutoCLIOptions()` method on your module. + +### Combining AutoCLI with Other Commands Within A Module + +AutoCLI can be used alongside other commands within a module. For example, the `gov` module uses AutoCLI to generate commands for the `query` subcommand, but also defines custom commands for the `proposer` subcommands. + +In order to enable this behavior, set in `AutoCLIOptions()` the `EnhanceCustomCommand` field to `true`, for the command type (queries and/or transactions) you want to enhance. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/fa4d87ef7e6d87aaccc94c337ffd2fe90fcb7a9d/x/gov/autocli.go#L98 +``` + +If not set to true, `AutoCLI` will not generate commands for the module if there are already commands registered for the module (when `GetTxCmd()` or `GetTxCmd()` are defined). + +### Skip a command + +AutoCLI automatically skips unsupported commands when [`cosmos_proto.method_added_in` protobuf annotation](https://docs.cosmos.network/main/build/building-modules/protobuf-annotations) is present. + +Additionally, a command can be manually skipped using the `autocliv1.RpcCommandOptions`: + +```go +*autocliv1.RpcCommandOptions{ + RpcMethod: "Params", // The name of the gRPC service + Skip: true, +} +``` + +### Use AutoCLI for non module commands + +It is possible to use `AutoCLI` for non module commands. The trick is still to implement the `appmodule.Module` interface and append it to the `appOptions.ModuleOptions` map. + +For example, here is how the SDK does it for `cometbft` gRPC commands: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/client/v2.0.0-beta.1/client/grpc/cmtservice/autocli.go#L52-L71 +``` + +## Summary + +`autocli` let you generate CLI to your Cosmos SDK-based applications without any cobra boilerplate. It allows you to easily generate CLI commands and flags from your protobuf messages, and provides many options for customising the behavior of your CLI application. + +To further enhance your CLI experience with Cosmos SDK-based blockchains, you can use `hubl`. `hubl` is a tool that allows you to query any Cosmos SDK-based blockchain using the new AutoCLI feature of the Cosmos SDK. With `hubl`, you can easily configure a new chain and query modules with just a few simple commands. + +For more information on `hubl`, including how to configure a new chain and query a module, see the [Hubl documentation](https://docs.cosmos.network/main/tooling/hubl). diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/_category_.json b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/_category_.json new file mode 100644 index 00000000..a49201e6 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Advanced", + "position": 3, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/baseapp_state-begin_block.png b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/baseapp_state-begin_block.png new file mode 100644 index 0000000000000000000000000000000000000000..745d4a5a971292bb0346c35893b42ebfbcdc206e GIT binary patch literal 20565 zcmd@6WmHw)_s5SOT1t>oKnbP0kwyXOls^@mAbnmtInrrSg=X%fAB3eUDo)C`;4+H`cDk{iofk5bB;P(%Y zuz|Kwc!>%Gq5~<)zR~tI+0VxLLe@?3iQ7OH`t2Lbw>%a+5;={2I?Zq>qb)4UzcMqTUgc(sw|^lU@i-m}r2F)d?D!dQ|5HQrK_9|8 z>_gzDV-qon_vBIbSY!wbf6Q+?*LdJo{Ibf;rcZ_+E`Xc-DzbBm@w#f!@xZ(i=%b!@ zpzty=NpF!JT}xKT)oXYEMs?t-D~8-0I9}I}e^;@EoEnQKnxTeY9Qv}qLGLuc1CRR5 z|4Bht02~cOMc@>}Ml1(B?i-6fM8e2?@FMB`;QzO;OWyEFkIRI3q3c2_QHz98?fDh1 zB#qntVH<M47WREX5ZenxMVdFUDUgRj&DsTh$mM_lddu3jm2Z!9%eH&|<=JDG|I;}qYaCW>J zNo{?U=LY35?_jChyd05IYzxk|?m4yAloVEadc3kS0|Ez}?{R(@7*xg5;6 zGiIBJqtz5b(GXtL>$W$YyPr&mZ=+O7zn*V=C2Z9dL-ew2dH%E7;j~W9K!&Q)tN))c>V zFpv{pYJFHJIA;FKQ^aT2=gp0LZlIE+QI*1Q&aG+*mKR@0jinQ+c&xT;!ft#rkR|)- zZu<9$xN|cOPI=mOPQL0zRK7xr;pdQxI{R3um>`_C#0wpJGVwl31)@hY=t>TgT+IAM z+{qKg;{!vP!q(FVMAkjOaI4quh!~vaaK6Kzcs;*9=I>9ENM%r5%W()R#wC^S+fc;+ zC0K6U!gjKyp1j^0@?~cnHV`>4GyrAv_|^7Zly$UXI6HF?+D-j^pWd5Uo33-JKsj}z zFX`1-z9OmpY;^%97FIVI#F*@fq|5A{kKN_FF2FZ}Z<#44;DvF^NIhqxHk;7sr@bc) zrb%F7=Yg*+V%F{>=QhbgXBY51=Qw63e!|OJK>*;)hBg-L{yGQb9@0=G~83pG( zlWz{%Oj|`Ri%-knYhI6-a&kZA;J~2L6Xu?__1O4){}nL z5mq}d2`Ju~H7dMW-HN9^K0hHET;mRg-MlY!FD)wS)%>~D?Xhv`BVV9+XukEGPITaN zVgX;FCI60~WigtYnbqJ}Lp5YgA-!=wFF%;Y_)BJ$#~I(x5~FhG_X#6+`!f&ua(~64 zw_#uSu0CKu&sXJ#8uaJqU;#scEAe=<^aj=2oA7qV?M)dimCT*S9jaFR=%ift)rp(eBB$fS?shskDT84gbnHK znp74|3wym)!d2s>)g6xD229JT@49||^_C+FQtta$7}y9Zfk5z7#p0{}|`5 zFDxl~LQXTxJL6JZZTHtTaa0l-2&ZKRK}Uf^8`XKmj1ZNIOyEl}e|4>pBYwrGesBwY z?M70paqpBa=2FrOZmKeB4OHCXPU9MpdiZv_H)&FtF_hM-o#S_HFk9`F%@GjN`YR0~ z;7NSGzsxA}>6|aG_v|ug?n}4(!2+d6b{TkjFqXTOwaBS8p4!>Y=2} z!9x3vOYjyWq^~3y!g;xsGr1@ZM#f5$ha%;+wzPJ66E2N!*3sI)L-QPvyq#81xkiizguFHSXS#0__Gj*($6O|vhXrtAl zs&~?{JHO&|wRz*RQHIT#@7-%MhJd`;5p`=7Pv#8xBQcn|QH|Saz0lKQWAU&%o?va1 z3UmLvU{Jg$sXs7f&sOie^eBQ8{-|lX0@{&MLK&+ad;fjtDXTTA`l`oWqt=};^=zTl z@BLQ%9pP|h z8n5k6DK8$Av|Gq7p9>Si6-G;5u8w~7OaJ*yl>wU&0kqmH16g+XyH{+pJ~ucq)>eIx zNdB?n(U%B553@?EK|N^`_V=UPsezz&*m6z+_xWC8zr=ih0LptXJPCuLliwf?L8dp- zhuSRZyL2wY)acJ(&ppklGvdk>WB2%UCNzRiyj*+usQ-3tkgwcPBW)eZp!iamIgV$F z9By~kbSAu_LOEI(rtPpGdirXmNhY`dhj;uhi7w={-Mp%6NLjjsVoor9Q}c9jLltI9 z`J{%fDy{87r>;zoa=(L@5n^6)-usBNZvr)EiU$j3Kg}^a4zBRP_iHi$TPlh+`=qKo za(0^g>)$Xi_M_L#GU)rBVg1{82q&xiMfkFUUyTjMY>j!!^E=N9zaCf|HCshW8N-_o zy-G1(idCBs6-FGEO|=4T^^`(C#i=O}KZ?d@436JjHQlrZ-^~W^=YNe)~G#?5A7Ymsf%!l^+j}<<}ReQ~f_rFJe{Nh(%H5fd)9R1U2 zqao`mU;C`F&^h$5{WB+tfE|2fz?)CHub~7kEHR9 zinelv0=Dja-Jwrf@R>|Lr#bzr^@LbaSwGjA!eC=gTm*#(+_Tk<_%P0&QYg_VumD4DrTQw2sXB9 zSLmwmHqSGV_4FiUzdGC1gJv}xD}M0jj0%PM#+@XKZ%ng+c5*v6L`M7T_0>x-OFcD1cs?LsQHB%jAw}7nL7)W7f zGLJ3HqIhy+?>B^I{C&(b%WH8u-rFtc@3$`Nqv_4TtpXvtQPGodCj-7*?H|iVfXz){ zpJ|<2&#!;^n@TPr4Pk1}oH?{qNTx(nx>qe8?q(9k>gF=}>`_HqjB^c2ZaYGLVd5F| z-w7Ob^pv#AUXfE{MdZX@<#@*t%yI>x^k5z2B~(w->z<*hb?G2Wagb;rFu^lUtffHZ zw>D~tDesp_+gas*zU^_hY5Nj#w}V4D{xni;hn4>p+d`iBb-kR3~5wd*A=# zTs7aK69yH$U^oBlF-_E(WgpOL;XqPmRo@c;alpzm3DlVIT(9|m(icr=JQNqXqyNQ3gv8* zpq(1PQ+ei_aTWXne`b*%N@xC-aOE4h=LfHH@R@>gz5>CK+Si}UmImmqIE=y! z2cP%>8_9eIaap(wWLc%?r4kDsm%KU|!%7`NjJJfWg)A$&4!LhFd2VY-UGys2YpnR~ z2zVEc+U)Q3yWgMEj{R++tPVk8Q;vN@5EvoVc)HAuDVu#;j9v%yEChIop1~F(l%7?h zgQ~iYM{9idG)~am?*W(oVZiC3HYYzuEnPw}Vc-onv4Ou2>;uUo1+T!Uuj@krX0n-| z`22^|PQ-#LA6i^a3^Bmjy~8jskD_OK7H3n&o0%gQ)b%!-g-!$;1a{g(AIX|^5!K>J zjHTk&vhPkHCZax5p>T=A%X-uF^U<~mB1tQb>+a=p&PhWr7;BJde-D<=&x5mLosClU zbL5`hR;oMI;PVUZPqsON)8>$XR`44p$P#z|d-0W>TFO;7%{nG*0tlMSh{VlXJB|Hm zQ(72vP9Mw3c6ky;?!I8TB!_A=DKkt;Ef=cgvX$)R=-rRR?abHiKi2x@Yw+sV^%=YM z);Gzz|n0`+8Bo za(B{+%gNA3kmr+isYj9ISfLY!L5oAtg3of$mLvTS9b;DG#+SJk)j_>B7@ra!gqNT5 zo>8zGX;BII%g0c#GU7 z;r^{16sGz>m`jqZfej{)NOHH)K4?N2RBc+1qms<3SJ*$Ns(%RQ?yG$fsS6F)hX@DQ-s&y7u?Go(Vu4jeKR=w^k)%wb!`#^^n)%caNtXg{Y>V z$H}b6y`RC2R(Ff2@W4nf1-$8}lS;tc<6Nt}tCa&MC@Ox<-E5vIb>z{}QlknQWt~H2 z^x04U%*}$Vtz|o@ANHyq4;VP-NPJs$YK@F4R8&>9;e~pNjnh!ec#FTi<%@2I2(Ps5 z@gC>9%gI!1q$#WBJ5gOWHhxJ_2q;?dy!~_8)_wJbVbhaj)i`LWZ6<1NEl_RoCk1cD za?n*n70Gg=n+zh7BW1r7))$K9Xr&U#gf49uO9+$PrN8Z72zcl+vv~1M3Ir}1=#I-I z^O3afzchD08<867C9f28{b_jewdW=xg7Zy*2{6rieLxT=gorGY|8hC~d369nVE;0; zggdsAma7P$6FU*iZqo*_WKs!18bAYNVz*Ey*#nhSxL@S+?CavG z+>Fb935!9Yfp5+ag?I#mcA>wy)q`>FVO+CT7WJ1cTHU+VUMNvYe*brNx09h^i*eL{ ze}5feFl`M#_D(T0&#*(SCWKn57}Wi;k}&(k0iKld4<~uq3O>Ai1iok_TIB?vV*9*= zl{o@m16TCUT@#hw3oJdkN!@H;F1UdlvqbIB)hkvNz!yi!T~0DS6M0dYwCAFrb=@xzYt-iM-e;ScF7Bo zWfq$SsJDATJZWP+%(i+HFiW}QLW=iVRjj>ux{*Xs1I`a?_JI)`Vp5~hECOSMB3IUZ zr~Xqn+!u2-ohl^@>*YC5q(j{h`1Dx^0#rXG9zz&g4qJb(b7f08nz0A|e9`7Q0kVwP z6LrhEqWrxbOxX4)oOi>rH=N+$)e5LI>BQufWWP?+xcI5-pUvnt$b&9@YL&qa0-oB- zC&8H@m13Z)5}@w;*{NTzIj-t6qT=Ws%X85i+006kIXc%I&Vz0fewgC4k5YtzMyH=X z$^n57TcNVH9*E5C&-&W3xj7v>@QO0$3-024-_a&G-*VFeUG`HXCtOzM!|tcxAF~0$ z({r0&LpMKiTJ*cVB4G=g-c2CwjaQ!jC<<9%*Y5?@jMY)4B|OJ(s~x|({Y5!9DE^_D z*@%;@`mUq;ljE4ZM6K()kSrQB^;`+PUfzT%9-LTzS(s9Qb9)B`A*M}^|1PEC#qZAQ z!0xx{qSi^cIc;7jSm4RN9`vpti)5lPrxtIQL&S90@w(Q$lg)s#dP53U_M?3&o?1BH ze`sv1{^F5{->xtQIGzf#KT7j%H&HDoKmI8<`1(z& zsDB@l?1SNSib##FQW4kC=H_$1f}p05yQx+JPwf$%nPUZBTa}n>*|*ES_ffNJKN-yU z4URXMq=OuC)!vHZ@jlL^7)iQ6d8-1M+y~ch^nN#0nlh^B+gT1y`nzaI?ejgN?1&eP z#Pwa}Gk6l1Dd;1~3hV=z$Nb_kCoxx1Q>5wzo#Xpm`7OZNZLVT#;&VV4NQk5{2r_k$yw z4OxCb_H~WT6>7(<@cOVWa!l&rc-Fg|xHd8Ltkz|in`xg3}q~LPHp{KmBb-HSB4hkW(ehgoTW9+fDCUm$1yLcOrD`njK07Z zrP#F>YvqA?ajYeXCutr7!8n3lCl$tc{4qF9#GF*shVa0CNnXeXe~_ZGTmI=t)npX! zdiJ>gpN~9Y8zHyXHMOia8CQ8%kX{N8lk~axe8)+xF*@J8s+aGB?++YzrjN2U24NAL z)HhotrpP$l5YWpqYxY~Qj_&AmGiKq{$Mp@A?z{o2mwKQgXts+6XPNk04 zJJHN`PY!T=hIaBSzh0lmNDCcmsv>dJ61)GC7wzDJ-+Mr(e8K0u2N4N4sBOMei~gNf zmQgqOsqqOAj}9b_zI>NgP5y{WGVr3|6}ui6Oov`sMSN--M~b)fN!6DWwrusDR^h>k zkd<~5`-R#@h*6s!kkAZCFW>r=ZdRRA=6lU!L&c`qwaSgildsLU;x0DlUD}{jbprz( zSg4I|h{!GPlxB&H`QWPteJ8JFsnRD8cktV7Z9pO@&5erqBjuCApq8P%75~Rp*W$07 zQ|o!Ev%p_4lF)`|hjCo$T1)NWI@TaZ5^|->Z*JyQJeD8doVcyi5PVnie5SR#nFWV? z*33jJ4TZb3c}Yf;&sW-7Zq#T;SE8DZ{!j(s4I{2xC~{_8pR0A|QQt*FxDFjbH{?_k z`Bu6Hzu>ZkL|5A!qh}qbayYh=TxiZkj%T*jkiea0r}NE^=t#xZ#UH2Umj)B3M#N%V zsC~sdlzjxoC1r9iWv|>Uc|lH9%VT;wYZ}yvsjzO?O%-;wf3kH3e9ZSwM$3gpMOvFrZ+UiRg z)M%-X(sdD^qHDbSvFj&h)hJM<^`V~`YM%S?GrN0VO9i`tOJd9)_RJaqS8IL-yneNA z-N$aofV+X;C%P&xUYYLAaY+<%!t(o}{q0PG1Ps+b&`^Ab@5~;*Gpnm94dxxL&6Xqc zKBK421U=&!M*jxvF9u3oba~cSIod^HaYM~J#In}06KQU)qrSjRrrX(^=So9N{`z9s zNw>pF#li5oS7teR-U9}vIf5hKrV!sLs_oKJ#Dr zlQf>MUo~d4VzB?(|CjU$`14)^;TPk^Kwg!cGR0*1{w+>N>#ORr4!ra~993wDxmx>I z1~oSE{h%wYm(|^i$V&{wrNg04(KlSKBH}2~y*tjWhio^FE&&2V zqJ{;sJH#^^B=!k=`S)jE-HRq2O_@~E2PV5{{|D+pE{CTE!Xg91+cT z<#SB(M0@xWpDXnB?#vkJO^2m|g1VYN8XF)WQueuG#zcqn`-m4RGb%iYcy-B49lSQ3 zA^leilk&s#bDO`WKh|NcoXCI9{kKsTr(MWBd3P#UI>@raZ^OrKSmlhyVC^96c@;-o z6A^)RL5g;OYy~~VoBBTD9ZbhME^fymy-~ULnuEFR_9#9K5BvzitySE3rC!9Ca`F0N zb&p=+A;`IqGl@Nw>!Y7;R_SkeLCg#j2e>@PDF@6HLIEcJZlw$6%A}>L>FIvdx-Ek> z$fH|AQ#U|aPgh_w@61H}+>GH*kS_|`-R#EZg!;Fv#%)eKz4Jgf|d zR+V-x2l&E-{^|;OhKv6Gx}HXPtY2u0iJv5qupLXpm02-TE*?au!SVFd6k# z{SCvz<;e(pcx(ca3w@InhbWlsqDbKhlTEDU?&O&`?dPKDZDiZSJ($b1fq^LBcSY*w zL09@;x`H@592M>I%@IpW42ay+vYmnhl{x7x8rTSw%5Pd_^D>0TI8Dc)ISmLITWCFCQ_&7Pe+bEBRd z&Q|Pb;#wrk6El7V={-XoZ*Rsz`Ml;HtU7)4a!;-i@gC)5?TrI8`JRVHS@wdnAN>Lr=;H=&Q5V# zj~u9G%#3f+9BlhnOAQvj#76|WL{EjHr~OsGJt~_(4O~aGvzHde^T%6UHAyKMec%kS zTXTGYteXGAY6q8b5q3HB@PBMN|9$&L9xaYWzg|hV!dB8qF~a=mYqR)U*Q>XzI^To8 zkfw}_b};pAdb>^wt?$;cI=^)EgGX|TUT&u5W~-X)F}DMiZ(`q>F{F z1k{v6sXhlxKLbkQbwFNiEK~L~0H`iEPpge+V_6si|DQ$^X4lvXl*Hcx<0=0-wbBCI zzvNhCTY}D820TM0L0Z7r6ex**1#08d8jeQ*5y5#_H_opUmZmFh&R!@_mr-5;l*E7k zGsO=NJPO@FJk}j0G1x~$GyD$by;H#?R<~F9wj-voDa7d2iY1C|A z`T&&vrOGeXeo-&KV9DBOXcjw^TQn^4!8^KTgZLF0!$p+M*{29ngtY%-GeTHg;Q zNOlt*_wg-2`JycS1nWicXL=MKoYQn zA{BrJr#n|wYv#Bp!!Y$fKIA_V1oSwmLl^WoMk+JEa#LNfj_W_T1pOa60($=PUqcom zq-Z{v>)>Gg9}t4s4A>a$wd}u!65O13V&Miu7Y6Te6OLu+*Cj{bWoUL}n(t;1Hd zneu?CeA8eF!^?hxS?{G9d`z?M!ME4FrM!>Z>3=i*Z-~ag5am+GG?8k7wZ4DipG8p1 z{%?My$)j}e{ycvg+F9^#Am3E~8}~nmM_fBEKZ@gNlF&;&Jy{OOBxzFBOD$Ddgs*-o zjduc>#!RDpheO@}fjA}70<5k&vd%Gm%P*m7vcpk*K`)`&vQWAA)Tew;Sn?_h>LdS~ zSm1i%Ch|W_FYoTd*yocSA8wr#_6`ge>{>c>7oN%QNBr+9>04b;Da8~AGeqP;EVz`k zvqf(vW)X}wp*b$1BPL47J=TwM+1Vjj zzs>C4|K|t)gOe(!INjMD;4q@M*EiaLE3lWG{b#2RsN+059aM`F&{ogl{B6* zC3oQC2)gn9b_fKlGTYoBZ`F>ExGsw~?7QSZbuviuO*m$+^HQ^)>-pYn8}hxZx$+_T z|8Y=lti)tw6JXgnMnx#Y=z4-wFsdNcMCs;Y*|)wHz@XH_Hu{qXlU~UWKb+6IL_04a z-Le;KNSW21KWi-l;2xK~I{E(wEZc+*l=(*z85E&JC)*>r<(@lZM7+56npkVe=z-dh z1?1mf_jfny#trTTU0EW4EPl@p=`Ip`b5ruqTiYcx^5hd})Q#JM@5Y%_GsM&AWj@JX ztdJNMun{|wy$-&;97^Z6%~8yH?RIb8`RPuj6TpOqj_hT0{vlnDRIoAx9le8QD$Rj$ zD3YWRPUse+kHXvQ9H$vxzrNi4!umcgTF;z414o+sKUz%MNGs0^HO0Qcd|99 zjp1f*R>v*LUK#Rm&rVNIPu&|&t*2@}Xe&~O{-3qhiqPY!1ldxhLhkbwgTuJ-^nFCxjKt?T|Nr{7 zPzlp5Gc?{C{Voq^iCW$I)TbRK(sb;uJ7bKLuU%KHBg&*{7@aczw@|^Q0gpM1qvU4_ z1^-Zek7Z#JcD_H4a_CB<#ddm=$DUZ&sd7#^{td4y4gKjmVZ6Qo4RiJ$XWSN74lQ8$ zqacI{32u=ojJr)`EBWOnG+_TpS+7H<$7xN%|4xOS|MaanyUB8fxoF7!tzU!3_U9EX zwXD}wcJ+P%bd zdm?BzU2d$^=xGm-QSuwf>XJ#3w81l|a}SHV>$7<5C25RGLFa|nv$gi`KUSs)yO^X4 zyX1(U{+8*W2_BI;q;(7`Qp=7zXm^SsV+AzjJFV70zput}u@vN?QOn00{iI*t<-2ISAX=71M8^|;yX#Cv+HG$c0jq@}+=NIaPz1M_es2HNA zD~KY(0i*Z#(uP2o27i9QQBGmgu>zJGsHm3%hE*&DC!a29o(=FAY}bybX6&Y|fn#}Z zKK#!0zc_FLnf=at<9>B)O(_|OjH8h-)GAbAJ#4winfRgE`Mk-p_p!$kZOARXn&Y#? z*PeegC=g;GeN_W3dylhQXc$T5d{yn_KnV z(E?!Ed6xjJXdgQ`U<`U0=Cjq65jv0CgKq!!s#1?;dM`Hnjn_VvFbTf0PCcu{Qq7eN z0`{sFh06elmO51irbd}0y_9=9-@lw2c&vDJe{-n%K-mT?5CiYkB{tnT{uG@cpPB}a zey_?E@hGg~vgwC*@9T?pf4_?ZR+_t^79QK-=ili=iVnMDp9)+4bD%*eqjLV+2t0Ji zC@n?!DQa5X=2x0|9!bkH_I62tfqT*_4&(_ZizQ`vJpa-Li1eC)#~L1FR&fv)jI;wi zW~u^upsMT`82=`R&;Jw6Y%rBuxV*<Rn9V<4j9=?S4r&lDa#6j{#D-rxt?nz<5J@8w)Cbf#{5AW3g8vZuUpzX$777 zvqWlcPsi1J{5$g@Wi$vWz>r^nHBVuGu5NQkcv*n-wNuBUJXD#pLc>|s=dn*Bt_Xw?^V zix)eqzVo_p(3**{<#yUH_W@E9zoN{XO?fCM;1LPu|}PKHFJiP}?M$v?i@Ev+Cxnib#t`JNCbhsRF35Z)^7DTp#tkQr;BpkxvF1rP>U-=scj5 zym|BH7?`6>B=g*dlqY=w>+!-y4(bxpxKs4_EupV|Kl-z(RnUAqz>fVkjCc+ol2_bR z1v1%l0~8iPuK>Pt5Z~Y6ov{Lb(Fj`Qo)HQTf9{r3XqaQ>$JDCZqfVlsJDJ?DH=yhr zI=ynEYTv&W7;)_s8raR|UUE36b1eb&(H~+tY}CyMr4HYgb@O8#_QslyZ`LyL7GCB1N|!7S?@p{AKcD>Px%Lj%Y_b4*uzThe*q+f%{5XV z$7Mjuln~g0MHOv#`D3l|LC~1J*KG4RUW3e$tCcX2T(em4?O%C}7poXe#y=^zUcwdh z9YRxqRDhEGY1Mm`&t0yXBS4N6*B#qf?yFPAvXWXM;B* ztu6yxPdcuSV^$v-CD6G`u~dx(Nm^_+`x%byZ7_K?Ynz*XzcrG(TyQ?@4|;wbX-$-f z_1NjFDiUp!7P)39P3Gh+NTD`kVYFZ@bvpx|>CoDA;K-(nMUkPlS34tRFm}tV9RZ5- zU1XnGYy?&@R>`q~ZKmFM_KB_dSpD=Nz!K0{3pLiiI0{2n7oV>VRhJbyXpzTPG1U9nr6PhqG z9YngI51Io)7$F1bJ&^Amqbk}m^4!6fhub*;!|jwX4!9xa5{9aNeAL~VFO!`aHai{# z-CDLQCyB6C*;`O-ydZ`ZsOgAQ^g!Dvp?wAjMXIz&ij`e8{_9md1d_|ypgn3vXdyb3 z)2nf8$$%&nla7Q#y_pOYRT#=;DfP<^BxOeex~BuLH~s=(Q8NqcBn9UqSt0e zOon4%6Y$tSezXGUu}xQ$&lGdS8`8DiaM9fL3m|BsZKXfMD~BWN)lz3hLRB1m_! zVOczVA*35>zh9T0_f1;iJF_skEx-`O0a)U5Z$qjuMJ&TZ6^84|Rmvj)Z(Ov;CYu!p z|Jj*%UQea_!pPFQn^BkUzYmN3DD-Xk>Hh0cZw_Dh<#!kF0{RS${PG_3JO*7NVXj`Z zgq%2u&`;$^{4iQQ%bjL!IQx@qmfDDiC*R3w5O5PvZ3}Z*3TY|(ewQFhQFG>4mQkX| z^q*d&tXS5|j#X}a2L@2@fjyRJ3(Zd`Bs$oHFe3`>kuJ4G%Q1pjzFXEF)n08yADQ;b z3`_3?1qm1swVkyXR=7OxCB6yquv$jE3Xbzm9_t7v(R~I7k4WCY`#r4JvpS~bOYpSR zU5BEsRqjrI;yNO@LhRldYZgaZhVh>IuY}=rc;W|9$|%WNu8MP&OmF-8Snfaw*k8Me zRHKhAK9d#b(Ps|xTOo73$Oq!fHz>_IH`YA{SX@8Q>o}slk9r?fKY%j!vE zc}wNcTbJH@=JlpJ*qhiXzwDiv;-B17f$aYWu_INteD3CSaLYAyTOW>3c#i961$FTB z;7r2hrpb@VV-Qd27EDGO{Q;?5Rh-(O~92-=3n)v8Mx z|DnlxzHE-7QScur=@MP%5)*TlfwL?zaJASHPQ`rB53L(Be^XPcBvA|;v>;76eHOw> zjEy+TC6)R4^!d+{F4d!#76k;R!NVkkm0p^%mwOg9%U@T;o`cO$T@S6v{VigB?O2Yl zjAQot^X>s`AJD*rj{}`A3Xe-e?pU)+$Wj}#Zxptkn!>>K&I460tO<(AH-WegAUe5H0rQ(7L-h<{G;oQB4U(d z(JVJcnGbC8?*Bh&Tn7%_?fciPC-SGME#N7oA;jY5Lh*9`UXyBEsnf-^&arMM?09o2 zVdJu1esk;0kX?I68fuYK;~u_a@nR>ws=%2`Cxl}}CZtIeSdLaU2L@~@R%_ouAs zQ}s1uAw`G{&g;VYdw9Bp0Zo6RCW0%I*$*!@@i`X0GQh;~dChPCn4icxwg)se*!f+OaZNpX>!`J6ulJ?oBlf;vyJx=06z^cn{fqHG6aeZM7rAC*sHDI z3UpGWigCW&xo2? z0MOG`0ClL<;-%OBK0m+eaSB{l9ypI-yYSIP(2iBzdWfmsW$_EQ_hBM{HV**DAsFRK zCcajt@C|(!tL+;cbLjKMkdEykfF3>$Vj>mVPgbvYg3)t247Nw0K1u`yOt5i(cv_Ll z-}b;ZJtJEWVO+-!tkd?xu#Fz=xbU9wAf~j*A)8 zpt7!i1v#Pb{YQ+Lz_4E_0y{KGhWj5>ryn0K0$>hUc{=*UN?&79gPmx*mh&RR?Pf8T zFNFZVgxPW`nBm_klWxn%k3BB?v&1jwWnfB0Rs03-H!ZMZXhu%sim6fL6!|}6rv^z4 za_}R{ESG6gWCFa?E;;d>2e!IT`a-Wtt!KNQ93MN%#p`^oeq~iGo+uiR#>t_*{qUNx zVTpz5tnr+`9doZ?cjQv_ChiP1%FK_uA~#!W2U}=%lNp$9$~=YMRGN1BBnpH#ZHx*R_FRMsCCt|zvRV4{Izd~pqFV_qxEHi67C-tgC8#>r|n|p#PpNJo~|#9BE>BZ zzVzo-qP0WU(*Ztxt%sJ1cFb{Rjlwx@CZ==IgCj%B0q&C zieW*V^k2*P59u>G4N`n5C*2<8pFO~C$Ka1$rhX|E95mDZtj&i?Oj&m%i$w&FjBko3 z#>w>L{<~G+G~JGn{e4LIp9_eQ6NdvChdq+Zo|#v_{F)!&hWTvmxc!*Gk6FP*(e{G? z{>BJi(i;ky=ldGq*nfJf{1rseM^pmH_1`TohHGZ0B#NW8u{VO&IunR-%sy4(WO^+m zi+0eiLvYwB3^o<~FXsx@k}^0R1Zp9?ElInAH#_`Dn`EQrx@h*_ za_Sy%fHlK7Jv&L>?P(tx94a@3a9HDbLy`dLN3kwX?VX{cA4=G#K!w1W-K*(Tkmuc% z#f7&bRG>IZ;;bp~sObb}(eZ^P)^-DXpQI4bEE(Uq_Jo3Q#4$+HqfK6jIJ zwfYXf?Rbw!p}!G1;)TrcB;$c%pG3=5AxOvj3j0(}^}W;f`h(=q)k&}_fJ|3UhRm$MpyKc z?g@lCLGzM{^xQMd3toK?v!_fuQruGP@%L$**^f|glGf65kAE`vW=w1Q-CB`)u8=*) zB{kh3LZ+QIVxyv+t`SNd?>Huj5AO2h`&^srE&BDdRpsjZ;4{~RB$v2asz1>Mu`?zD zSoeEu-sg53b7aHxqnz7KjZ#^e0n4ZxJ#&-^JN!)SU$hjTfQxS6$LtLTrvH`F-K{MC zQ6q~1siI246obDbh=9*L0(U{o>CqJsWkwu>%n5v49sBH02TOL=t!9qPple~;d<}X5 z4emSNaAjTekFZDw<#?_D>U+pdvkJ2M4!%@UgZ7+`D%B#_KV@_AbBl^fnsNLiBSMJb z`*-k5>6~BCN&QA4jx^_moKjoWFGNeGbgy)S?W8LWMzfeAx@Q5rX%l}t9xG-UcevNT zF5pfn^=?PfFAQ)G(jEu7>qi#T;n)fM+~>e4$aL~AWuM}bf#Y0{FN?G}!9I~uT?G(6 z!WFX}Gc9Y!=Nw`TFR@xf(V4u=!U*%yAy+Q29Wi4KhW%fF6jC`&GhdM?m(?wb?5h+< zd&9uDnJxPQghPxGn)DE}oW6nf3L1_c&M;+lYzwt*qIHZge`RSa2Erprf@-9Y&jM~H z7=%XbX4+ViOPKA1wg(cB)V&JP+D>#1KT+&bbk{^Ye<>zvu;kZU{Y2QWHB{+(MeXU* z;OPe;G=32KK4UBFzFIzSu^uY>qn)H(PB*}lE$lmqZ3E=nQ_Zu_ndp{PPuPKz;wv~M$Am92Ak4@t#T<2cO4?%T7 zWuYs!)adt0V1&Y1OjnWXxx{ZHd|{i1D|#p^D%Kr1!U~)<`yYG&-ehvhS1VeowzX9F zhQ?oTPZMa31Mf&LQF+*%OjPVyRJM$V8k=4tqM1lVsEF-ap}l!+0iR{!@~e zRwtsY>3cXM)(CC@e&%_R>h#k17R_ zkhg8FQ3s=$nH;#F+p7 zE`Tfd^`8+@a>PMNzZDVYlLb}tvEJ+OOgv#&4Nt?`fF(8E{ZmPs*pCDH1Fp8S=)Wsd zh%>dosZZJOvq*z{?beOp79fx=n-4YVyu_^?4iG?wO3DHrJCaqBw`#OuJ-W%Pkz|I< z-Vt3TZnpN;;Sy-MN~}rd6AhnaPvg_}skw>2iMdnqGn%)O@1Eu-!}b3eci$r~tu_M215>eJm!Bfj*o;i|GiM%Sv*RXiJZ7upGRN)Q4MWAWI{|8gd_y>AxlE!s zjDy3Zi+VQbI26YsT0DXiU*20v0UwN{?HBx061>)w)lE9{@*aQs`QOS@d!QhN{i$*Z zO{ScV%=agGZ)?&iQ5k2u!3?@dqxU|QLplc3b>5<(gRSqGKKm6P$;8O z{i?8=_q0h*3>LnAUnK;1`dn;X{N1xET`eR9ez_}7Q^MWFsZ&IE`YS^2L{#}hVl z`>vVX?1LjTnkuoA4_$i(H(P=L4dedv4Poq)u=R;vud3^n&t01U)@Pm$e0(ou1ND7p zI#M3ZAWI&A<0ec52*6C&fV>(v|9QnV6h9G@1x?wa*l5SX65(2WEQWSj+uQRmat&1* zTq*E~PDx9XDOgpF1E*dHw4ZFB0reQF?5O<`gPKB0VT&KGb;rUB(Zd=fKKoeJuO(m3 zbbRZh5aqyInF9$Qs9zHtH8e?eR3Mx64lyIj0t(<$C?&K*1=MoJf!8ih{dbCKphh;` z4&W51gG-)Oa4FUUA>HbdMaSMu)%SD=t3I#(o6FxaM3kjZ%lVlc?w#@9Y=u&@Z?Ry4 zE$t~q-1EbjG96=5Jdj*y6zC&pc)EXP!zVElD-SrN(M$C%*C04Nktx4AC}7kpM0uUZ z8zuKgXJ{_S12~uj+1`kG`xT>HfJ3E=*TDG4hZT>7zyr^!O6v-FQxFWO&}K}gA+n`O z>8$acdR1}BYSKW{<(h+HaZbui>h)UZITVgQOs zDSQWGRsq?u7P{`%v_cT6jkA_n)RMnZX5WV<*1_A=1c^o$cfxtYD-UW@M;u;KjvS5#7$AaFw)6}DB2;y6();e_MVpV0z{j@R* zcI2|RK2d&6E=2@=YEqt17@;AJB1>~(JQHQIjvG{Nm~QBVtEZn&(o^=8R)LSWTrVvS z3k}1%FUKzh$CP&qz58en6*PZ;Ss`4(+ZGN2Xzl`0_^jT%3O)^$M__h(Y#FS!Y8+iU z+wCzBgnlr;Pc*g=;T!X0_zLgf3p|`1(TrCik^?2S}a)k3ErJItJv!r8| zz`5bYUTfyuvT%|p1X2P8BY8F9XX<9msg#qh_EPB;Ppl2av^x%{eSIEU`mnfbYs_P( zYi01;zvMrziz@_najCBBX|IE}9I6KH!!yjKprCvdeBXihbsvGSDm z7uIezdm10ZlgNKXurYYWZ$kn9_DRf^=5pP#ha`pq4`Dkc6d9+-$Ktp!$`}_+d|c(^ z{-XFJrN5Xja8`FgzV5(Z{y2yd=}wNJDr5D~`nbJL+s9!!|H8k9d_OCfQ)}=I-kNmJ z%ZaxuX7yziMJ_5=9Jehx{isjgEInb48(mBeo9FMrFn*+#-x=k}5_6k1y7tM5xguwW zWBM0g!dO7JKnU+EgX^|fnpaoNV=i#+)w)t zmZbGayeWEx*LBK28FLuyj$<*_^$*m4)t}j8p)(r9Aq5*WqnnF^#K9sxA$@&+s$4uu zWXasdf>?n}3lP#`EAirpw}9Gt(gJ!LPJC=Av3{Oa03=2%pGa73!y zwIiX(dC8Yki$HYIhRrL{ADmSi>psqCx-+Uu=~acTcZHH@HzAo#$p4!<8jHb3)DHcd z?h#!PrqbpLq9QO8`oTO`CUMC@%bx6TobKutKU&*ykJ%mTSNA4gRl$T3Llfxb7^xmV zFUV|T-(KsIyu;AR(1)_On?tdfk?u=;Vr(k)-ym#x@I;|um7CTe>L+AXB5YPZynNjd zn_hKms?THg&Ur_NC){1S$DMfL|ip*0Q~SKZ?DjR32n0Gy<^TmZr@tF zDPt{wt%?=|bHF}S35*n@!R^e<;-I)remxP*>Q0&Y(!YZ+<;uC_q=&N7=tr!mOB=>d z2QTwVV+LwF9 zm16(ufJ;?wwBUM5E!mc#yj%~ous)b83f4JdpM(^Mc^TyqOPz1mCx^BS@2kw?Zq3|N zwD$XxB!OurWm&>xzKpRZ>I4L!$YtcI{y%KhV8~PVF_99rR4T5Y#K1^bR6~;?3IZY* z^lHzz->M^@Cs-E9yS&m<_Z}=cESk!kfj_RW7>l;&8NHfZM_V*qx1C~rE1=FjvkN2b znk_m}2s{LtOOJ%&-Pkhl(pH>5M35?2{q|RwJlB&QxV@V$dRP5smq>@R1*UE*QKowc z{cZumfU_I{XJW%5tv2niPhaNd=5~-;pr;#=_796<6YKX^H08m`XtOtO znhPf?{l%b|@`d8hWZek;4WuUcgWGkDIp`@~y!0cGhYj80&4+SNoW>|a1hAg<4+G$p z7O4ls*&g#t=z2xdRuK3L59P9y)t~KGGY+Tn*+%Nk#A^6WY)Wd%IEeYcp=I;J!*bD! z!YYpL8nn(NvsA5SLB)d!gC6 z5gUxd&m>7y_&}q#BDVlOm!&yiLP9WGTBDjGemxF)>)hF9Pm5B*J_3gl>)lzh6?j7= z!KdDlF{o1+7O6sycL}A7p^;?O@|ffp2&RX`jO*YIRw0@aBZIqBrA?ea6YAwASt*6- zivdpl39Sz_OIh0g5j+#9|K&uZjQaV^y}qD*DB+QAg~RHvI6>Ldx`G`Pf%e7@l$L8= znPo4_B(M_?Jz)zXxP7XMWj^fl>PP&?s(aec*=9b?Mrw`+`7l}+Iy?J>T-r8Lnr-=q zC8l0CB=AMD$yIC$SQ{xL;AnpICZ=T`FWd!&T;x1^s!NotjYJ&!Y|&lTeu7i~@AHv) zw4f9Igictmz;-d@F64kspTY;q*cppGu4VK5Q+u#apj2ZX35vUe2-}d*3{{5QMd7MJ znnZu{m8O&fDx!e6eOB$K<=^Fqa|I^6u$5{_bf&of%=!fDjb7)=$m4xkPpETA-eJkR z(>>CfikoYzJk`f%`PT`T+BIX$r|g1mJbGK51rrdOh{KFi69$lZi5OYhSCz`~$fmSV z3CsIc+gKPGL4*~NVis*%7pL*(jle7E)tvpd7bk1fe`{Csjy^S@+`KmQrTf^|LW!AX zh~-2^nMdGA@E7$jvd7>K6~7rIx9Q_oi;3rcP3vCzw{*hp`nd+S50162iFgeMJoqK- z^fkExq!a#1Q?0ro;F?^iQ3D>kJ#M0iy3E;-3FPge zn_K6h*diDQ-wUDCU%p#)WXE0XR!VasS|A&JJb zCi8c&VI*qmJ{v$0Z2&I~RT#zZ<9u0aXl)0d0r6lhzM%?8vdcTgWqJPQ>W$LA=4EJUVW_{IppNZ!w>h%8gvamqh=%Yz;$wI|Elm!3P61+XAZ zn;%fh(nwnukUoDN0q>Rs0H$gXwd+Oyyez1XGmio+$65TSyV+6CVL~oy@Sc4Xh634o z8MZ#ZHUf;A-2m8r!RY6W-Pk37j!{3qFM>@y{p}wB4Tej(b>2NPDfY4nB~ZXc&ECNz zYT4S?J~aU3L;{fI?esw6?m{3~$ZM>cwL+b8bUx@+x8K-m?` zhu0zPrBqRL2ctXulKRA%_ISBE;M-6#1&UUrkYHz7(=CHCVFPj>MPv!o1wzb?t&Auq HU84U7#M|-t literal 0 HcmV?d00001 diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/baseapp_state-checktx.png b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/baseapp_state-checktx.png new file mode 100644 index 0000000000000000000000000000000000000000..38b217acdd04fb2430a2332946864de04474ae5a GIT binary patch literal 82308 zcma&OWn5HI*FHRefP#Psh_rMGD9zAa0@7X5(%mg3-O?ir-45M?f}nJ_NVjyuyYYUW z`}cf!Km5PosE0HA>=k>h>$=v7c&jLlg+Yt~fk3ciWh7J}5ELi`f)xD_4gAaW(u21U z$P0+9gs7T_!A{nr%>MDK9*SOK^ee z3r7Q;Z~%j}(d%Su{pxi0N`Q`TO@$Xnt>@WuR29?$B3nsR=YXyLAjH-@u&T)vlF& z(`G@G=rG^z2d3Y7$n;9t*GIp<1{21T@ux8QULJ>48ni;+cYb(;=UXPlriuCo|LxFl zFASrB0kSd1sNP^WkB(W)?Wbn+z0lkAf_{-{<6POK9O^^haqyiGvEXym|5`HgSt~*; z1S8F9?H5s7@OZo=99cS+Jo(e7Pos-q39;ZW<-Gp4*Q2Yn;xJSKzI{95V?TeKg}m27I>Yhu1eE236GCB@j8Z`L#)%=TTXo3$$) zYV|%-QX^IGAVkG?@llqqjD83{Ae)$@W_4_om48S@R#sNdcV78XT@AiCt;^aJO053E z4>c5v#O?I_V40v$F{??nRt2?1T|~4;H~+XPTvq_?Cf8 zK7^B^hqi`vVjOaHbv3)s`QNDsJo<&Cq1wwvCL^%^;l}%|g2C`UF@A>OJ+Pu!G zDHV0K;xNrD^Yl#@P`M&vJTz(y&{hzoH&U?{H-?F*sf~?SoAiW!m2r7kA~HhYaj}|e z)*VH()kUY@S5+xWFFTc?g}xygs7jTfC~+D2!(pB4^8;vM%pI%6JEb44#i~D77Rca# zQOs7VFWG*4KU$|zO({#@y1MhsgizS)G0#qx#|@ZR^x22`r5Iq9^d>3f$Tl4lA+uWn zf2KlkKcxeq@*#rK^?7e@K#<~>AJ1`<88#$7q`Ah~;agHsB}#rcVyO7|1A-|Kh@7<; zd(E`HKA6&i8u{Z_prC07$^Ix&n(S1|avy$sLZ zrS)IRorIU}PE~1y*4oh^>ULAgOH=zoB`be^IHBmRHuR78Q`j=V`+8wCk1<{CSnfj1 zA+C~tc&8a06k}MJszGjkzv*eBuDr4!r08W2CCB=2&&;Xh6v=Eb7^}1;m}pgJ3E4Gl zn+p9#i>^?Rpjq!VldLk_WhZRvAO7aZwZ$W9_9~6o;Pt=Tm>>V*aQ%v?{S*a7RHXNc zc_G1IbS=Z0aZhA@YrK@b+FRGteiPZb{~K7^t~+7E&7u!2BJ4Cl)V|_l^WE>W#UE3O zcR?ELo14|dsAT@kWhY^YAV!x=70BdOK>Cp_35s`a4^mv2f@Vs~ZE3$-`(iDD9*t(Y z`-<8mD{Rl3_6ck>?-q~UY`M@}Fq(OTl&`@swBFXH!(w);es!h#PB!b=ZWI|(mg|v) zJ_^&GNSL+%e7n+&8YAtA!4`u;Q#Fn32ZhJnFSEV-Z))~;V%zDXf@0bUCN8^VkxX8_)%dFlU;jb0|87PgTGm3V_s<5$<%;;ff#~FM@zm0N;y8l%l{JM*IVmXU z*gtO07Ab1z&cPq~W2w_tQ>FLzlu}m5cjwme3tMp_gUA15B@q6B0tgkM| z3a1F)o>ME{QTUyUf+R=1-*Tj=cf2tFgH^wY#?bd9dCq;&x3d~$>i({&8Fo#*?v%(5 zVL^%z3G75Ve3#B|akxTJ-vY3kEAsCwCb>{}>)`ksRdj{64@!D^&E zv!xScsm9G3e8>Hxlq~&c!}zS}iM6WPUG_Y?#{$#E?vN5YY*W>|HD=yyH&J2R^rB3b z-Q)IsBKi7$E^OI8r1sW9<;4&z*g2C{{+ZQyN%HRpsu~q~jCk~lNg(Zh--hfjwi|9u zRm>jP=4v7-2$scLEiUA-0$hm z`|@FlMU2GpJd7I>@aZnQp$Md`5~{=f(iZ#&S(_Q|X_lD7sgt3tRLm9#qD+~CFpA{u zQ8*V2;k(PucQ8BbuR1wV$+>BZUi;Rb}I5Wb^6HcqW{gK@CO@7OzLv!+_uDp zFRZ|`uEY-tUA@5|V4^|CAy3K{^zJKBFMUJvAqP}X^tINL+=}kaZo7{e`ait}2Mp1> zwo<>#P5Lx$+w=?HpD8S2-h_eZY3-dutu!i)FjRl9=b;uju`E z))Qq`d!qEY&SN*<@RUC3&P@yI*4ZHWj)0wJa+l#LfZ>g-jSk%9iM$i($@2*OxZ$w{ z32^dF=S&dF^FR8o*)F6$kSV~3Ww=LMGhHNM;OX0Q<}}K}hs<96e~mTgdp6(AhbG_< zI$5F5d~4iokYo*+e?J`Nt$vUPFPm$ov~z_6q_iQWeEE681yZpggA= zIhitvCGv&{b}+=Vb;SJ{*o$JWX7rEnlpt_v~fNA{7v>dATU#EesnE-n_SEc#Qv$bK@^}4nwFl5!9s!=|Scu5(?V$brST{ zq(Wp=j2}FUJ|=dQodK$Ls)a(A8`OB8JFL(I&dGRReCcu>6V19Ffa1X(I&=)1>kqY_ zEm%|GLVg@9_k^f1=gJR=)r1$RR=@kcvNMesX>_(&PHI0MX`lV;EciC$X#dh(cM`a> zZ3m>PH;ytmq7KCbz8p`i(dOeh-RfO0>uKU6g7m~;Ypl4z5yd&xyB%5 zwV|Tb;8}lmC*j->_Hg*m_ecdeDg%+QU&|&Av199a@^m$%Rnh2Hv||Cc;X~eHlFV9od|ySpl+ShgggoA6g!{LhdsC z6K$ON@~NSLH4G$A;6LL;W5_Pl4+)!;MjGHA=Lj|o=&hROHZ~6`G8VK062rWyqFJH$ z8aER})${e#@PPt_j5iWrYvXPu@xMan%lNB>QJ?{$Ah5AEASfIb1Dx@Xg{bp)>KFYY zBWoZ~A4TYNnKt5$TCmty0q9xorgs8r*l!1X>!OG_)`Ue+7~-7Ph;egmb4BrC+vW8O zALS{iosgr{id9zA4}PB?@ra;9oW(NfeFNBXMI@4+kHSQQ-()C0tg*7bCL5wke(WHQ zGcx=fC7!y5MhvB+VU+YHf?V6f<#e)f7^3{L841auXOM))j`LNI1+9Dv=kBng&oaiC zb0G|mAz!>b%hVZL+z^9I^dU10H|q&!c97yjVuj|+cNie8Hb@C(4o8CHa1ySEMA>p+ zQOHX5LgINi!&FwA9+~Znh%ru;!WLArk!HnAUdl$NRd&qXMV}*u<%UG$wK-nY=SV-o zF>qU7WW`_+XyGlt3?Q&_JSJpt7Q=nj;|oa)K@kbAsRFr~7~&9=!Mri$i063#S4!u! zdi=Y}EuvNsUXF_uX&=U!E8Kxq?5(HtjgFgJ16)s6*>c#&7570(@ka1ul5ArtJjQvF zi+%%Qnccmrx4*KFE-Bixh!LiA1L`T0pEBeT;Hh*BMd=?z7w9X#Mh!x8(K76s!Otb^ zcx)}{u|1gb4T5Z~Art?HV`8YP?t>aT)$=kW<9UoKhpXNC49iEbuI>kJt>J~?*qHm; z=n`Zd*pp}5lYUapA)sBfzZ)~+v($VJ1rSls5|hn^#0mzI&YO4$O_Hrv052}MR0l)m+9 z50R4v)@d60s)wt+R)j^XaawR%F1GnPp1jhq7YSo2wk0NQ@<1l*7#VE{e}Gy7!e4H4 z$X;5M{@AvN`ib(;qp#Ya2Mv-MWi9-K9Ee7iOI;S}SYcvZ{&1VuVE_r@#%qE=#)y9e z`Ec?Y9 zd?etp%N0GIRi~JkQ7d{Y+T^zT-Y86eObeak-M5DvVSWl;9WAt~mNWRly zmF@Rt3tn;Ea-ETw<6{A&FF_q0Cj-R ze4bAUQnZ{^^1iDF1vMov9=?m%kmbxOzA7lDmUl&_L!$JjWpJJMnk1P>1`zWzX+N+7 zx>#)@Sm2eo%9N{2zFsk+SN0c2gTh!2aZTOGzElJUwX#|8g<=0mXmKPKS^#fd$Z0`C z%xt1i_LfuYVg~oTej-Tkldk-B?k88!if=JpqrMo>-g3+H2@q**bf1pi%% zmMH!A2g9M%I!K_u=5ALC)*L#JWo_k^xra_vy1q@apn`ZzcjNmGZ~)oYo3%?X)Ijn5 zF#0K6A46`a*s#$4?!~x#bMhOEmjvKl8IST$@C=Uz6r|Lc6}Rhf4}%n$=|kLA3D`M7)i)?*(5z5<%w?VF>+RxFP{@DR`iDoY&vo+qx3(EhI<=G}oP@ZmO0UlUbK`Co^x+S7_eHc(frS-HTaUX{hs46kNEv}5oWRjU$* zg?!<1RKeh{tac1^uIDk_b|&}R6kzV2^x8SG(e0&fM7HNEJu1>tOHo+AY%ms>X)d&tbux6(ZPr-OHT!N!gjaqCmAy4Ujqm3 z50IyR?d}M5^S!oV-0^BKcZx={$U(R|6!2N%g+UonhxmNXt6X-bUJs9J4H=iNtb|u_ z+RaS`WHK{2XfdHj=JF^Cp}V&I?Zh;{vZxzddqdvcsWEauU|)HphCVBc@FumGg9)!g zs$IFDrv2&THH+XlUV>;@e08(A>pz{472HWY@`ng$M(bVe?7BW80{M?JWSMyHzTw>xTj_zzRu#@n2Y9SHqj4-_by@EQpJ$L&W*{f#mve z%fEDRASNw7Vrc5PnPaMw5DiJ#x!ga79i!~LjFJx_wK+ufh%j0ynbi~lSh);DY4&LV;uW|KgLF7p;Z zq2{FKMjuh6B7Qg&6$zRq+%4-Zn>zR3mwni9AJ7CV@Jmn-bG@gD6~1kFOvL^T-X3q> zW1MT~a}aVtq8vtO=%b8HF2GPf=Omx`;PgrV7qg$~j&Cx!`=e}uTc|WTnJq`5$Vk)- znSlZxZG-nyV*7I3DEBaq(W6&?j1;;%YOmY8&+Jg%%{RFw0o(`rJEyjG-NIbyUb$$C=>>hUjgXcQtO=|m_7Lw zj?XQ{yheGtdyLCLS*NNSmqm-Z&S%~=_?YZ!o^tW#ic}2s-R1(1h3m(-k(|WCn zX{E}0)zZ4oatk*1*CnBlu=i=1bF z4B?)`3~+c(?;yVQES@COX2R<)(GxLzr1N+4*tjU9HkrN^(@n0Wo?U~Vvkm<&^2dr* zdpbh&nS-1MJ}1HdEUBT8g5I^!9P0H#(&Q=#i`q``JkDYr*L{}LjJ{+4r?!Y~j zV(t#Dn?ij;+lOq5#5MKU$m~|VSVa~pm2%=xmGzQ z1rlZ6PL%8RoZwnaJ%R>IAO?j27Gd6c@+6qR@Q{$0hLzW6c}oU>Cb@yMA3cgY@(KzfMZ-9h}krVX_Df#R@-`VOZNa=62gS5pohiKkIr z2J1FIPXllHY9s9Fno!7o=K@Z|QJL2pE5KTG9oX>E7S=V=M~O8C5oVKjevJiZxGXeg zL(iyW0%BTYYPgJgN9UYoM&~^UTzqbYK2DL~yHHIWGx9h9SG3A`-qUBFHT+RM@S$eM zoyixCu#9Gz%fnHm%wFWK&CHtI`jNc;OGN=@pL~vY_R1>K! zzo^B1ui7ULrO<&eOE66l?GEtob1vuUclXT@Q)yF6MLlt=M0qcBKz$Pvj*80+i>RIn ziWzIS7$i@eF%OJk_{hH-C@9in5GJ*Ei5};nIu{tTZH|#GLQmN`EtPT1Ma8x8%?J6t zHXhm(#0By=o_OM>Y9ZWJ(-OT1Dq3jtHAtn&#j4&pa_}kBe@G2ofI+*k{!fYfI zkFf+^$MpNiZGWdJ5;{k?(W zv*RNrf!;wm9>v8VLQL!|?66WIxT~7l8dH?meCvpH`XU79`4?RN$@O2lLzIFzyhyO2 zpd7rB3_kHoN?c~6u#-2C*Zh0n)c7Ux;wTszs1HjidiKI*{h9ANG&e}%$$UQxr()56 z(qsiJ&-ulDwRwXLAqzhfVHaLFb@mZDwh8xn zvh;hu16}b83-3WoGJR*Tv;2o3WY}M#X6xx_J>iLP9-D^j`pg zfPwP3ZisN?R{*N6!?kP%0=4H;4dbLMlUp!qMIQMU-HfT~7aIxmzequQZC7>(?uZ;l z2_;AZ05{VZo|@D$YD%~~#~f%B4C}5?{Y*BqvC!HaaXl5ZFoyLYp#n9a+U}vuAzbi< zMWu;gY~gLZQ#i}=EK}wfPseB@Q6S>(cr*s}N;gZ!@r{f`e`758;yowGED4B(7{KvWl~(zMo;ih#}3( zP`aqe46zxa^xO<8b3OJ-zg$IP~ zPo{APDu!iE@w{{&+|!z0yU!dqFrY#h1*!Dk9xp^AE-L8ALv@Xh1K`Hu# z2!m$(==pmX9ueJyazPR}PZ;xkHfl>@cwXF?7v#(v=lvi4b2X)woIF7bUTb5?b!#~L-Av(MC z019x;k`zpzc0g8FdVZ@ff-ToG#+Ah+FM1IL5m@XBtiR7nc$BmIBuIReHS)*D!M4Py z;r@iH#V%7{a=<`NeT@zl-@V}5qay+dy7twqVvoDNlhRw2ttn)$f33%4spg=~Ch1}* zdiJF;4t=ezw)d=I9jrjV?$??Cm2Lo=+rVtSea>_pC~kh)mDXekR-x#877O_$S_nt} zk`|<@Sx2yLL*1N6x?M2UnU3%u>RjlVminv)`r2L{#@Wf0+jmMS!()}RXYVV8SQ7GC z%W2O4g|R}yc=e$!n|Rebk@aZq6S1oG88dr)OLnugpco!8PfsjeQRipTN54oWbsfJ< zhkn}40+qwIS-)&^R5;o!4+^afW532|=JzhqR0)qMrs<6G=&aT%Sl2YW+Zoi}t2a&B zrWy+l3${IL-f!b*LZY$h*?EMV6$V4*B{lb2`GM;!QaFAB_}Dc8%DP0flJhLGeIR8p z9gsub+41FB@W|tt$4C4U4PZS^h*$a-itO}4|3zP9V z!S7LLG`i<_H}D(KprkuHGGz95rLlwdguUsI<5GKQiFo~U>8SuQCNz`YvhawcNlIQWuM8Qh?puYv`db$13RuGO*T&|`eSqKZPhNvvXM{6 z1gJWqZ~SgfG)KGd0a~{{l#Z&jW=GVmc%XAg8u`2!6QsB?`)WlB20D*K#*K4X9aJ*m zMn*Cy3XpNLB}FC4G6yrcn*1Jadyx{!4tz(1%cc% z25@;tVa3;BQchL$%E6!&l5=sXDPAnlA`|x0+iSn`LqP{>3hsd`z|^f~xi7qCGz$n2 z%uM1AKp$ABMujW|C_?f9gUIfAXzDz~h~0jqNA@D1X_?<)lw4%1qJ8IuW}S`ps6Y1J z3NfVAX|-?d<#VIpV4kbvO_Oc~M&;ZOff(3It1$JtaXP0Deh|rp7EfC5(;d1J)6wA} zr;Y%m0&JDJ=M?C!D$h~c@zOdq;GZ2sahjaYtpOhS7#{cZ6Qe2}iZQ9vOr@bPqiR8v zRV)K`2t(45kWJ5d`1ueIwg)Okpu!G{4^p9C@W5X8s>DMjw_>txh4A0SIR{IkRv_s zz$_$@&f#{balDR@b5O_@@T`#C%r)#FeAP`%cv%gKpgRbbZzi8}!KU!Ci>AN{;g4dC z@^tOd&L*O6P9T-QYehZ|5T#?Ep$Xu31k2wlec^VGXTQE;SU{Szz5q_ zVT4R}nUM5UZBYROD*M{(?;^=2Og!mH=ru3DUa*K?w2-fQr+yN^VVC-Cfmmx~YM;19r%oxMzfD9wH$dq}o&CcL| zeGsNyC@S%x{%Rordw|^)FO5=6f(EIFB-}~L(5qb* zK`bT4ml(H^BvG}+pCY-j)yL^OTIwtn9HSsMZy#o{W>BKx(! zg$ZOLpo-xJV6r^+cY=YyStV$T!myBK_)sKdraOCkE@D1@lzZY5z!DHX_G%*d8nj6& zz+DpQ)*g_N+CwmmDEp&NggbBGWn1Q#0w`B*rdq7Wul);Uj3-Yz#?Q|`*ggOK})0P|M#SP|q&O>x; zL~G8&hqg=CCrvU78-r9)xbZEA zb3>*B`xoj#pNR6&&7G&BCnaj~w5LMp4~NpSQvuoKkq-@O){Be7$ANYLxekc$ERO^} zgD3)90lzO3szg<6;lVLnD4SX$vHGLNcLOunnT{eov--8+$Z=i?L9nu7Omr>3QBFBR-XnajYwF1%+3P|#g^t=YnR*7J|KYTMp8)R zE{6|#1mmbuv9k)^P3AcH&bUx%R?2N{SDtwefqGlMfTswVu>{D)KK4!7$(X4NroggjFS z*+y2^_e7ixVfbtsa$6Ig6EE>w4!U0^u*|lj7kToP;Wxek#poAwu8o$P(^+$4j*z+I z7bsb(RASi*{~zK4#1ub$^~!iIcW|*MUye`J2YlgDJc_}tWGuUcZ(#QY1h2u zDyBclh00_-^UvYjx8^$>MIt&Jab|bCk&d{ma9Z#`==9uFYt9|BCSq|XWVUJ}wCzp2 zvuhMmAg*jWn`IMzZ*bYJrKE#HOznxez?{mapJc;lm;5-5y}2BHDEB5?bzOGP z2h~(=KgP*04MXMgnyNvqH5))e0jZ=#Ama$I5|z0Jl%oKWW_xo2So%JWL5<`XGOu2f zSdG}`E}Nd|%0y1v5uK5IB{tjH)))Qhb;*IjO_;;k#j0zvw?6J^+wQxU5|^j@G(c(` z$6ekm6Ks+3sXnGB=7x^iaF>mQry}`_8F_q#{-tb%o@YhGMwxcATAiJ@651&RUOfbF zsPU>o%uzWLlW;)39Z5fbgjzlS{dl_5=?)PQZ$tA~$w87@(cdD%yvK92_kA_ANVF#= zU9#$XBq0v>5G5&8TjGben6!pr50cV55sUp){?%Gz-<3ZX&WBnzgex0L=?|b2Q33HC_#uqm~D!(`lnD!br0HqEn`%tZE zy0FsV{-cE}slJQ7i3++I(3qRc$X`S=x^6aF)LbO(G=oy^sgH^5;~ojl$ZqzO$X^h< zV!0^n&5M$Iz(2ms;G^8TmCCx33EMKuKRXU_x|$EU<)~I7zv?%+n;6Vt@x*)ZU=z{vn{fA~ zsLR89l6VwoZtBH_)3_8Paq|@I8vYzBr{`#a7YvBa<1${>ORF=4ULi;9jcVf2C?KAoN z)Knd$I06@>qnf@e{?mfuA$8xLcaqp{dFo%q2Vdon=h4D<;|`o=^-=SsZ+ft7;s#vr z#iz9kc_SuU0=@B9ZbZWs)dHu#FjeYwY>8$W<(MYD70LY$iP9$O5wg>V_>I+8CLwY{ zG)k>wqC#5rD$f*1DOGuV>HKdTHFSh81Cq*)8w4glhqW|sxbht@3vJ$As$3ZDI(b@; z$ZSHFxOzRkg{)Nblg7NNlLgdj3tG4w;iPxF;g7TH<%H(1D;`_V%b45Fvgm5EC1XVz zqz*HitRzNn|Jg&g3ojCwu8GEPsQ*+I8ZU;w)}4V!tEoG`45KSYi%C&Q&Uy8!=hKYv zLEL7Bf+qjjI>pFMTF>fN>C#?2tPDAXQwY{nl4naw%gpD-q>}3f0hQ)9tI35$?{2Eb zn~ETVS!R5ZLLje32RduAPbTZF8j5Uyx0MP6Gza-}c2k+#BrAPgELxB#TB@Es8LgRC zeH5hFCBWV(VY^2pY}_ErY(3h9u-XM;^CYC;rry%L0{M(OwjW!` zx~rii?7f?#)$F#HS`qK3mD6iIbjU0IetPM7rJ()FzkJToyUp5b3)@AjY|dVU5JfvF zU!J=+%l#Hp+TbzQi_~irXz%pI6_pAfAM@kkrl;;=g*j;3n;mc2sG)va$%Es68rgo$ zcq-xEIHuKY8FXvKB867E%3Vf$qXo_XlKaCf&)T*CBz{8S1*pCu5zHtf4wZPcf8 zvuBP95i21v5>HQS&2iyyw{|hu5|+ad*5dwpt1#R06TUM22ixU5s@ko{U_ehJ{}yw^ z{D()PTaQQ1{;?b>zBX2N8fB@*@ zpUei|z4E(0Z&x)3<0=PWW?}jJ@%d_M4qUYBy*bN3KaW}S8g?#2{d~$~OSDg;DyH_~ z1X^Ok+K0U2(eA!Z$x40a#eN=()Vgy1jHH@s6LWn;Adtsea{@iW4PI=US21h zf9N&#*RK@$imh@Z$KNMLD4Pli^DwVz{lYgM_&xbLoh#*%U`{w0j$IqyDJ8Mq!UhwE zf3{2u%YPr-&hv2ku3wYR?D3EmuidAzH2$0P>>10!F(Ed2AX8Q#p816|Pb+__3-_C4 zoz#jdWrw ztWQ_IJKXq10B)Z~V@S58W`GO&%pr7o%SS&C;d05_=(DLp3cr`zAA41VB4MeF>@h0K zmGHbbZo?Vq&gQh1#}It0BPGcbjgqCrU7jf03jI-Y<|fzui>Es}s%g=%O=ikBnoH0v z^>r>$rJE%kEqU>~t&cb^bf=c~6FWA#H+3zDzpg~Q?jhRe{;P*((|5a?PD%&p{Zh!I zSMJFtN9Jk$knXamcs&!6eXbUlJonuHVfi5uR}WiK6<8V*;%j z%i$af|7*uoA`bI6SU1BP53kEb-uhKf{tr5OE$EiBRo`3@O)4bWms&|vsQ5j-mK)fU zbKA)8Y7sXUcC;7Db=W;;g%-|k*7q_PNcK4jm1J`?rDRrnK9azS-?n}El_C5S80M9I zIj2us=r4cg+Rf!eSMvB&9k&K^!5IFb={jG;@y4{`f=+|M8rvu8MgP0#U!U3-l+lwe zXkuasLG8})=`1zu!G?sibjIknV24Sr7#(^WTy)+DRI<$LC0m2IrO3s28$PGrfC8o7 zJHMOn0RyMCKTR)wJ!1c}8|@@sKoY_*Fg;rMYrr^eF_50zIHv0ns#MzZ)=8+ z!-k!f6{deR5g8R+tu&&U8~ALHZwi`x)^7je-Q(t&udIM5So;%#NiIr%dUn?fdv>C5 zMIS>RZ-8a}<8S>$hW-GAf&1;J#uMi0R+EgtP{-2x-mS@kzFWcO{+TRl;oaC~VUvPi zK*sh%)#v8unadO`fJ-r|TJHo(*U4$Qz=ZcY&mTufLxH^Fq~`TFn32hsZT*vAR={Z>ECyeKfF?Xk9NFb5u`fneo~pV8x5rjSB`(?4^xp}+ zv^nM(HCdOXH#@Qj*0m>d1z;kshsK6zI`tPxUp`4cKmjRYT-u8pB z+w}1nlt+^?F|&K1xMAuW1u2{B_5EPdZfSD-GvCl&UmW%DX8*A-XTQ2JvU&!Rd_ry) zX#2JQY*WBEe2*%u>tgC=CEZE6xa{Wp3uuo_m(Gm~D&dWvhnsjTel&2+h7?T(3L5^5 z6huom-&~hZj_fH{kh83q9u!A%*{}u*#MERkeP#zZzMo0-^Ioujq+2HkJ*-prE%YcB;gDg|iF@kPA@ zOR*Wes#>rXk$JbRg!l@H>pUG^NCHXpXR>_ipBYLomxDi&jg&{x24oUjUj9C|bOrtk zQGwP2*&maoXb<~Ha&|Z}h(QTmlF8@EZkLB{zx{|{$XEcVZ!ElyH{u!PQ(i7$D^;qZ zc8Uci(kt~9Dd#E1QV1K+`)g@&z6!n{a2%NVD1I;TQ2?}{u~HItgzCP`cw{fboi4^_!FRh&YIl! z_sGUCsXiE#Vmzou?h3;Z_WtuNLYht~yM;NtxmX{Q9RxwpuNUz{WZ+A+`HDp7Bk~>t z9MMoTtQv3J*qyV^#t-&R9Z?`9f5_ZXfFrzftLL=J{GuoJ_WcC$g^t)Gm*=zKIpipK z9gK7%pRtToEht1XJsH3N5ho2M51p$;0+G%5UAK<4d1KXkQm!!`By$*t5k_U;(zGAP z>*j%@#fIVypvXiEB))_BkED&lx-?!?F)WwoW?-O^-R##VM|mKI!boN_6cVq{^RHYS z%f3KuLQyPj-M$I)&Qv825pEdKvdqffu;7WfdL2GI-6LR)S^+N`hQ*FMXo{$m4(MB`mX{>Zhmsi+4=`L`iD! zI$@%(fA2y6@5UCW*oAV*?=Bc*gp|cS5N`2*_yZk)Xuba6CQbk@3^dgM8<2)NzV-C}gK_jz z&yXNRsu1}NZq%#~_!zr`Ks7q+H{-1?0xlN->mY5r3Eb3EAwbr$a z@PB!Y*1Y;N-g(4<1OPG5jgY2`^6e1;{;EIn;vu`Zmx z!E2(+6l!lcLr9Oz={w2uMl*h{{uX0JuFS0{gL9+zZN3y@(Ke_EU z^)hG1KW{2fH2!_h_5Je-XQ17L-#;&vtK!Z7<0W%S5@-^0MXnt{y#d20LN?9^D3?|m z2Paw{NV@!h!cx!y-15I&z25{e1;9JMMQA-g27)_#DK)U5dm-cful~Ekhjd`<&*s&y zHUJX07zH?89xLjKcMAHEyouWZfTtHBcqj~v*Ev`qDok~se`LUYMx^wi)llsH|I(?fkNv-1lHT;pk!}*H^nNu@{D7%G(RNDKy~Y=o=}l<|EG0e{ zAUfuoB`<0kwX!7#LfOfn$%QdBe9j9Lx0%H%`F)?5)JrlFOa02F|E=4QpaIZzvbY!G z5;1zMUMDg@^%*Gg7W<%vg=5JOh~rR(LXQU%g`!LP*~e+W>Y9fA^09fE_-v0uZW7V@8blBf{!;x ze}Zmxpu4-s7BF+}fvDfDS0q9Eq*@8ElLmpM}KeHWUWD0nyv|X%` zTv)!g79RV&XjjWa%F&vp^bAf8A<8@X+8sGf#5QaHx0eW2k}YluICB zQ)u$JIK({Jo>X!MNvZID)^%}q91Yl9gy3%~aw@BS0$cm_;UDl2Z2JB;C(dB#j(EP^ z|BiW~t`N3duHu!&^yC_N&x7`8vHURLR7@$Cg*kvBvhzRPnXU$UxhBAIpG`|C|_DX(0ExHY6%1(U52>wSSgz+H;c`GwCraY*%5Skh^ zFLrlasamLL2!<+`FTm-WLn+ZzHm~;2v3oIqTxYdXA%lCD3{>OQ=S-?YvR}q@0-2t0 zViY+Oa~3?jh_T$#dHAUc*x`zV+vXDwc$dJXz30Oz`Q{=J%)O-@KzGI3elnqZ1youZ zKUDiKS3k9+Tice1$T5Mr@`Nqx*%A>5!Tl(DzU%gcryUsCgVdEM{KtlR7^J)oBIW~` z7f0ar0Q(M;9H?2pzoec@5y*T5?jWnIw6BgTCJ_j@So;cqjZ6cp3BBL-1Ja-sJ==`@lpb#4Agd>-jHMl51QUC28c}!vT)J*Ln_&Z9rcmRm{(_I-?K&slc+^gl3%J1z z(2(4L9Vm~Sa}1kRJAScK?IwF4sev7g4u5}(rV068?tz(neD$G6nR_z{Oivh4$M~?4 zMwS+13Mx?3qJbcJ>wY#50p4-o>m28*(42RlPDO?o?q5!TcW>ax(LyCdg+k6;JkEmQ zm?C7^`}3;z>3h@?5eKFxWMsYobTDi?xx3xJ3ql0XF#q$VAdx`ustASdSc5n(>`>uHLN=j7(O@(lH2Itwihl|4LFxTl4TKTS>jP2} zuHc)?G)DZ2k=uX}X}Q_lE6f{})0HLMTq+EkECt9x>kU9W1Qlt{5d7!6RRe*_S?m6F z36>*p*+IsQ2Zhl!nk6FdK+ctodhZp>j|w(#xW#g`pnn?3_UGb2)V$bAb^|ZyFhFJ1 zYj^=XlZ&k7!d!piSxd^H(qPq1020aonCqiO1jYDsp4LwEQ+<(?K)ZIPwpYEnJL0&* z>1l7Lq7uL6HSnL@kJd*6bDb~`=hjL$_wpQWj{@Iv>B_rVsgkaCr~nmJvhNMm=ysxE zASh{4n|JGGHQaY+P72Q7gF0zHUn1hE9b2(MYZK6EOU%?-(}QW{7(MrSSJ|x%An2wB z9tV4=RVDI%vSL?VAB@=4t_)=9+BGpQ7|VdM#MS$$X`ttRU9kWrgk_mD${2t@%l-AU zhdS@g@i7{wl>}fPyWi_Q37++F9ESEKXwz?wh1zCr`6%v zqJO)RLZvoBYQbX}%M-{NeA2}?^nvFtvG5c7gO1H<(f6!(^=Inp=P>dFaJjJd&U}T)&us-^5B4mK>m_r$AlDgMk zgJa*p6R0FR`@GI?xld1?Y@Uv4YpMcvc@(OVN=Ts>oYd|%J1f2~e6}j~&&b)7+8L$2 zt5X6sv~->{dL3?A?pf0I2(L+gFx}XgXwwS7U@+3)3fa^x(W}{5re6Rm+WX+3{g|tn zF^9m_IZEXwT~O7}4=k?_n$Fe>hXGXt7eYeK^J(Kp%rC32 z(}2=dh^hd}UxFt|+uMkDj{?>ed?gK{4MQqTxc268<5pLixPrSqZ zijRGD;p*}{4?q-qYxx;xLeyAk;1xW%)r;8glUPWqNffqvA?COeo~xcZhFD|ziSUCF9)Rhn!jIkZ@*)+L;uMCEj6ooUBuYe(HTXr z1};ILz(Fu^9n^+N)VCsNj{$4n6zJPm>)2h^M-A4fo@7=4T2n80_??VOJBc5m#nc{I z{;O?XEb#{Mncy%adYnuB4JRv47R>v+4^WI3dVUzIrYE&Cc6d5gqECO!LG|hz;Cui! z&!ed-8!KeS^THRjXgCe4I0Yr;-OY6omvtSFr3lU$;=?W`Kb5uNJkmn&20(_le4R)>q|`o-_v(F33Zr(lks1&-M&0oj@kRo^&?3d zr+4CqX;1uk-!lo(f{!(}Bu6H;CS=TX=nOGgFMs@T!8wo_kqkW^o;y3*;sP0v;8YV} zkdODxd+jugHz#jM{xg+Xl{lO{9k{%67Q*p@OsLg0^5Z?~Oydle)zUf-zrVjJDW1Db zjnI~*NqJRC?scFZwq#OpVpqdK!OMZ7KU3h$}vW6D!pM)t4;Te+=uA(vt2int5sxBV~5xdcHND9@KYyJNEZQb|$IQ zT_7hi@QI+v(+BUE1hKe5Pabsv4oeoeUR9D*B?^e$f5?K}?FQI>Ck7-Gb2AY^rVMvB z4zR>?A1u}{?&7k7x4XteB1Z6r{^S8-Ia1he)%C2~ys%xnK1nnYN*YBP`>gnl@N&^J zd-jO<1tgfj4#cP|*4kr)hT^AhsjiYg!`Ol-f(1i!o`{n*Eljj^Q@Al))Bx45(#K3>~a#kAY*4`n+{zxT`&}gQVD}&sQRr!|l1Zv+z+X z;Hrx0N|p+^ZGgUd++*eF>dErcA^Efpl(wy;>5b)x8mpXe-=)NKo7{#!}V zq+@0l2(v|elO>Dod4q?1iA6+M1F*5L>SrqFz_B9BgI@DJThp@a@>5&{mTsf>>8;8k zkxZqA+(mwZ%%HPUY7G#pN?WZfc}e`RA6pZIp0<(6STokQ7!~zA!=h4@`xQ6n~^QLQ2aPd&lqt8{uOdM$DtMAOcbW zr{rraHERe)3WNfkEdgt6i~ZeQ(ia9+eHGx>~G_J1TeFtUB?mYxM@ z^)+e7&0MbKN6tPhZ`o8OVpYtRBt|pKUDm`paqJ)rws9e5HV@mCLvlYI$GsZp_>{~G(F_|t3%tFz!MLA+x zN!32s!QO+-5O9S?c##}%i)?IEEBy<&A6yY`1UG|g`x7y@47E9|Zt;Z77w<>q;6Y{q zhl+qs5*$_w7{G?%F0n+Kb;j%mvjuBEX2N2D%Nt>Fk}^AtOG5=r@NT(R*vwxnV79q=KyZ z*`Ox~T;$*1)_4#t>4Hs-$nl>AK2?!H(a>f>6Ff6}c84h$pyJ!sPdTBNX0Y<02f~wkVeGI>~EJN@9eoTf08C&Y-Y)i5(=W7BFqkxA_m#*ltAAh{qCE@9(PUu_sfr}> zN!}k@TosdlsU?@Z(`Q(6_{SGxhi=-az1L}dXvDMEw;PE?erM|K4A#ed56$1-f96}g z`Hp{Emay37j1ks~B%q2Y!YXvthno;|s)VUSoc)Pdt6ykxT5}vo{u99ETS_L7wFw@c zO56DcfSi;aoW>X|_DZ944{fZU4$GYk&u$j_+AycU>S`Qu`wj5R!sFVYVS5|^BEf56 z_uYkqda=VQAd-f^*l2&94;yTeGcT*GsBWx53uaR(YU`2M0{ay$bvI zYfaWa|H%C#pyqdpze7|ZY7t|K@2puuI>mEPAv0AznSr9Hv9({Rtw<}0F^By530N0ZY1t6s zb7H|FhehKq9hL@_r-~*{xLz+{*G4Avi}Ti%{GP2}l19E`C08W&=MiEn4~fFo&t`KS z!Im94G@o0gU}@vg+tDyLe@|)iX4geYnT9$J_`*40s9}9)0{I56JbW5RSN}iqp-%Ov z@X#MeIZdutbtTVoe9)n{DiwqVl(e_tt2^nd4I}9#^ie=*G&K{*>qO_@F5MhO!LtTZ zjs0Ywv50N#&KH85)}Ef}N$BPWyi7$8RrPUEX_;o)%xhr}EfyYPGHo)XeNcc;aLya% z_d}cTPt%#w<1O(R){bFuRQR(@z=Sndj-*)}d2FMZNs*DGaP|hI?ERh$a85XMyyGyp z&LM4f#UFy@vF}P6SSW~wI)6(D56M459=~FfNaKWiv9i<$bR~B>m|xzyk0@Cat||dq z(Z|Qzv&-33=^|_kQBraEV@@z2VivIb9DvY-B77<{+vwkq9l`#{Dr6J-=WV>TJzFbb zfY0qTp7TJtF=Vpl^YIh`ENMi_pVNBnXUzLk-krVAQP3lChuwAGu0by~kF`R?heRtE z&BwHNMbe`P21D)$XUj(>i(VCVlxqB{`)L@N@eSfHmwW5vZ821X3;$IwzytgiI+dJ} z8jYNT*uyFVxQ#T_u5vP<8hVV&UnJ5qirIDd-XvPPLzkxi?Qjo@F#c4r0^k-bZCx%#FZ=5&I6i(&0HuhlPuol@*AvO;1wvCfyOkg$ z9sWup$V7GJV>f;+zlPQy_Z&?feBH@@LKTPH7`+&_-{Q2LW*he6qlm_d^h%Lz#3ri} zJ8^!}Pw74e5~18e?AnPyVU;=m=vnbJXK|4`=_K5Vx!0Q|Rudl_upePb-}l`V z2s7(5Jiw`a&82t;s$SN_IcRKaOnrbq>{G^sWsH_NmdK$Ji5gbYnQ7o|=20w>?Dvu# zoEj1C5C+d^AMgbe!hyj*;dgs&(m}`UYj)wPfU6~ViZZgruIUrrewQA%-M#;)Aw8Y* zpv~6XjZYa#u4^6~y@NAWi|syy?A(SkPlA0KcZUifqC8?wG9ND zQUEZdvJ^+~p!PMwKTP~OL5)(*%_V${q3C_w!JT8%@24{o6N75mc z%-56lpTM=WRhE~E#Zl$?M;JD{4XLyo1w#j;N&b)WwRh~iRaIF%mkNA@%BiAhUNy$5oe0D$PiM>nV-0$ zyI+tF3%gmgLxOP6;WB?_PHyrtY=ObF?vyP-OM^|;&iRwb)`rL!u>f2WBYRRC>{kbA z^6ikWFX2!P?$no9@9#7xHr7eJ>?j$>;ZUh)Z!FqrVMHBpubWE|X$aV3>r6X2BhmC? zE+9$@Yq;0Uts!7{sy`4SPv+kn9kxM>8+V`Ce*jx4Gks}>sDEnct1&+Z(sk;t);l!s z!dl^F62+14>gR{DnSX-NWL-0}aIXeEO}#%+i5uWB8Y27B0R#PFfk9k=XYD%i2_F3E=paOPTxuI z9|u>oasBWm|Cu z9rT`BKHp*lttW1=WbJ#01F3)MtoY;zO+jiPTUt`UDq#M{{#N?;-PsVAWki{Ip} zL3IUNEuS4$TJUPrR;pEo&rd^dlOv^=lhuYosfMAELpmWj-UFAHgLh^lCTgfEu}Wur z+}wwW&YyCM92}&zp(lvwapV-6y_3U$Xd;=&Gv)!T{sy%CVN+@TT{im;gdM~FJ;*cR zKLDlN4S#i)MoD`-u!|~dh62F&Rq03il=eBGE~7#6U+5!XP-rYU?|131XPzni=`Pep zKU0y*&9x7=~CI=Qls z{i8QpGFaGOX4kG;{^Hf8MR(axe0^Bsgr;&`S-Qw<|J07@t(w{_5q|gk4yZP%>Qx|p z+Kw8nY5TV=Hs7xn*bm;VD=71#t25(=iaas0S_1f1N?P4ST$EGr#GgK@Dwi+#>>>0>+oySg_qU+lIE?^D5w{v z8yd9vzN-^=)4TJ<#wHSDwYYiLRnuvE8>7bXZ?akJrBA`gA*e9re#<}pj?;28o4b>W zUb)2VssW#{7*KOYy05B+qJozsWk>%kR-nsEeMEGhI6XwK+kYX^m3DfS{o^kG8P1F5 zo0P84bwuR%TQZt=$ECqYBQ))!X3}ZR3iTZTD;Z~ol`R;R2T^B~)ls7ObssH{I>K`I zr475bHV#oiZ`06)CvRdJe6KD}9Zz>J3q15T_%*72niXxP zbh=^`H~hCjeootc_>+%wVtdl%qn+KxqBnb0xfzM;OZsXF&E9FxwDJ2uKPcRw{C{Ka z%+H8VaKw=rZwE3KV~0RqN@BjckmRI3I_a@h3-DcGcfzk`;09}Fq?>l$eA zqP;1gOn*n6;kT<|-qpQC)i3DXhGwnYiUO&=p`b{W_*W?u*J2;T+}WN;nv)_HJ_@mT zL63@BZ1+4<)>l+liiTUBwWpdx->q!kI_qgktq<`9_7+ccvBIUSbB{zOI4MQhnq;pnO6hssvYFZ;x1d5+{qX zk_*$o;(%AFmZ2$tcnnT|fHrze97lUD;fimd+NQwf6?%)W?X?VikEqXqgM0{A7r@+> zP`118SL$P=jo4NRkK_pteja`QFBGH)xz@gjBESb}XHqkY%d5XDFOR`TLD1hM#=qgYQE!G?fQM+rn^Ebn@c#qtm z=6}7JSwDHdbC zKnX^RK`98Gm++Pb`3T_0z}tzQ5P1hKjoWOW>EP|)k4*`6Zl^WXgBL;k7c)mR*YT`X z{>f7eyZ`?3&`RT7*D0>)pfP}JSFsdz-It#*Eq(lyX~lfd@yvWPSO48W`Yb%fQhVF~ zG1NUbBQmCJ>6R8^cj(GCP1zb3FNZQEw$?O90?{DL)MRpF@Yc=%Bf%hcmc^0pvi1GV z0EA0gkCQp^5tpwkhRN>0cbU%J%vRz3Dr+VXc0*6S(8sE{uZB4IXdul-h&&HEP1 z4k8p@pC*5!af&(pC?#f*fDRLUhauY~`ebCj$~i#2H8rXVT~Z{RT77LgXE#$lq&SBp z3=tOwJQs&u&MK^X?giM@MxxM%>fbcd2LSUY8BKJu#K`K6#lwuYzE0^!1Y%+!kF60aCX zD4~#qshWIXfZfTDjpcqGQvrc2RFeO}{(i4M1mEc7A}`S(9zYz)O}NkM^SVwulULL| z0Vva_Yefvz0KS3!hj6W)X@hL+(WthdgdjmxLx(;4OjQY8e0kL}j zD-Ak6P&3tT>&s`76n#yvqiB!~&(;{c057?B`d;SB&xr1M%-%n89~ zU>=%+7H{oPIhPXc<8i{gvI)m2jGIFh3CadIGrZqAFK@{l!qO^^v1JvRR3zR;gLrL$ zkX`Vldm9-|W=_6G8y#G;qd*4AxBH&KlR2PfLyzfg2JSlhZ55VboW4>NVR%aofo(x* zvEF_j z+W+yT<{SSOL`Rd>)wy^m)xA$mS0*2&U-KU>OtkyOa9%i--m>H896L%1kp zW`*Ci@BY#3>>GHeVs69%EvwemXyUIUL>}T$5#K%~fboj$abQrC$rjYvUOwV2mVib> zn*H)ca^*dsHryw^#L_}O!J07m*w%N^V)+Xy$V|Ml>&J_@H5_-pNARu4-L;_le&uOF zO0zdZ^FJN%6LD;r4^Sm3DzWtT7Y{)bcbh}q-&nO@RM}%sOlPERq^ksd{Go9k8JkWB z(=H+nmj#%3|FRylz+WQgqy*Qfn0>LzOx#cVJ{|B?F}6nojTZk_nQ-wL>~x6xghAc< zKkI^@X8)@+ns@2uMMM_7b+y4SZ4rkfA4sEZ5K!&{zSrfZ{A&-~<~;Hj`u4x3|LR4U zD9X4y+05@s$aS@nlcWZ)!Jo)Rh>mmXODyXnknorxYb4ii>#6u8Pd5x~=&400+_`Ua65>URm{eH6ynHd zRAi#50Nz1Ps8kPG3c@L>vHDmXh$K$-=%dl-ds!4XHi}_)*g0Vn7QuBM6!T`##=vMF zX!y*co_6>IR+XZ&KPyRxs~`?ZUDd;3YSkzwQ9Bh*++m<_dp&8Y zCg)R?SmS;0fO;e3!tQZSO?X79dx#Vy3W>sfn`6+(ds^OWpSNYZPKW)k;@;31rYWBJ zTN;fwVi_A?`B`+3;AlDp>|n3nU6%7J$!h{%tlnvAhQW0ecxi;(h8 zY(f&{^g|kid+r4mF5-1brh+HE29XBwno%?4J|{v7;UMDE^9I5ht%9{1j2litI@5AF^@o>F|#TnK5*-q^^>{avPRM?M;$6Fin;fyd(uZs z7ykHQUg)#={M}jgAwN zt|XkHNr=M09?6pV-`W}s{7I?NfGyfgAra3Q+z>GqcLix*9DFOd&Y=!@n5+O~nx%tn zD5kmUgc5>LtuP8mk<*6l9PByso}4(X|0Z{1AoN(^m%~+rDLZJ(fc3727&&l8JEl70gB;o0$yUHbjz;Csvk0g_hD1Wxg3`&dMrm|fcY zHWP8wM5A)o9vT3mvP~H4tiYSlo!%F8!lf6>kt z+OO-|_b~2-pKe&2p&;GKGUnXMd$8~mXD$$0m$jIQEqVv;3HL_ZY9j=jiAmxda&HP^ zNXpa)1fLfAYSQ=R=}4i1eqEEzW#u8FKY*DRa{6CvYp_$~a^Q%nE<$ls*uESuNnp9d}qc!wZbc&FE(to;sd(HTWR1yNx$i9^U*45S;&Nsq_ktc*@? zkA*fW8f}^*dJ(xA#Q`vpFIbAmV{+Q|^rHN1BZ(_Ed4i*- zV!!V;9z(YJ#BmUrG@nQnb6dqui3TTM)zc5Rcwo zup=gXheaEku(Zc_2n>W^HLPdLy)OxQN2}_$IV_Tv_;^K|JgE$tR}I+vTH3)|pk36DWfWgA=m&p^ zv>^8Bc-`7!%7A_8;u~F|cI~j@Q0)+?H~wJP4FG19mv`~Q%dotOD1}x$D}P$O3Vd#8 zrM*cpkJ3RDq+3UuA&y2Dk!q2X9!xfigLNYv&$azf^y5|B-eTIj)uGaSe)W@Oy(9Ii z7A5QlVoniaA5C_?7jHBuLX)qzS9uP1FD3_G#hA;r6ZvhQEu)V5?8e1sXFu|I8&)eV zETxi+s^95$fsgL=yTRh*4Z5*n8}HyV7>@4k`~;Z5%XyUoee|>3S8uv#`H4?}%j>;J z^fde5x@8~tbIH)9xU8|F~0|h%ypD=#O~Y0Jlz3_)HmIy z=Rf|_`6Nf1m4?#jmxSw_$;Mhc6>uwfkbmq^2&UuLJQ)>TARf;`XB^P^nIq6JtqEz7x_(4?l=ahg5_jK7H9Y0v-(3+xb4w0aLX_ka;Fm z7$USE0Wp}UkD>^mM#9a0JxjZ)72!nOy4~6Up5A!ba{M{A8<d$dSk=)@}_7C zja+#;1;~%~a|r<~tdj7mo>Lwy*fF*g-0Zi91RUA3Q#lVD0R@5A^h$Z@*z$K-l>iN3 zO@tk=3)~O&+!m+Ftnwb}m__Ak_=sH)+`A3ziQK1nP9pO%DZE977z=RzyB)<^KNKI~ zWC5!7<-nEQ$%13|9|%FzfG5v8Pysh<=mQ1yel!UccP!v}(b6mldC?Co3TE@dWz}+5 zfhW8O;Tu4B(fXFrM9FKQH*q8ZEQQUi>=yuQL&Fg`&PD@RbC5+Vq8Qfpu4eFWSnq#_)P z-hA371H$$46(GmB;Iii?VvClb@5DK}f)Kwt=#AKhDPR)`_+Eg(p(NxUIbVmz zJqB@SKBjAsMRU;QW+ntCu=b@w#Rffc)EoFjRZmEN^n7{;3`7JA12q;Z$G+$U_}{eO zfhDtL$AQic$q+SAZ0d85_=d%ln|ufy`2j11%MGyIZV;Ut&Q3zr5inBk0U^42W!QgN zXzG$Nh?@>ib5{b7RZ>krm^1~hCh=lUW)xz8=<|c!u+dw`-0bU-SCvGGul-90PlvB6EE`DM5|k%0G;e(XJ(r zwvSc|kJWSJLhrb$gndh13xvDK4~OVHz7z6ESLbn!jyMo#{OS9o#qJh8<1*ujT+y&q zRZqFf*!e9uR=?GNp7lCPpY$52kj{`6_L_5Ru)0h?-1cocl-%(6S|=zyZC#=6!XMEu z*a1lb?!(Pv4dFy-kM;36oF7oydL^;Mdg497bpGSrR7==xAHAec}*3}-`aEf5X6 z9?!b<0%w^y&T5nkPg0_d~^Nm9)N_@_k|P%w2bPLR|>Q|rj=H@8H()xGn6u^78oC1IR*HQNz3udl+R%1gu}o`$TXuF zB$pBVyr63$-3UU1GkNoko0V2?`hN#&wp z9d6nx+xz=lv#Q$noWbpj1l6U)dqaA^b9KgsjTgzj8;5zvjMHBm4jB1gR842eeM1xS zW)ECnp=~Ukn_J4C7r${hCSSX{=Jrxu)l7Y$PjKt=hUb++=YZE-Ubs*eg=l?2ZA-Am z_t>AlqyZ1)!NXBv+rS{Yn#oku~a8i!}k@P$egC{#kOwE#=6?Ot(1(vwU+o< zlAJBke$%CL8Zt)a9+;@l<%d<%9SyI7j@hmVswAG3R6C_?HXb)Rb`7en#OA~#E<0(8 zf^pW~uLI-!o%u7GG~l}&7}}o&Tg{ts_9-)Sg`g@P#r(!x&8E3{>Px(NlQG**6!}PS zJ8>E?qcW~@=3!zv$5;i=^P`Kd&eUqWR$v~!S8%ZlyW*8VW6|Fk^xJDHm&w%7PlR2w z3-v-TXQdQUepzpAU$2i`_cYnkJm3Yk$~EYN_=+=9o@I|k&_3hJt!AU=T^_5+cGGrj z#tT2LG{Rdh%N{GJvh5wJVvU5x{Hu(a(-ncq;%Cdl&krv}4SO(ZwY`*X8g6gbIzmDm zM;__V?hG(_2CbxzXg?OQ{nW$8lh_t5p~^_-m*ai5=(T-D#rgBgG{JFPKDsZKBkWgf z;q_rS*MYFf(nFM!^9m7XuZMzCclx>LXHZR~&G0>FtZ+1Z;CC}HXL;gQoQFe?dEipZbQ`BJMQAw%+yOh^i#mmMX3zhk)OQBS?jsNC@_>#OsNufLkP zUGuk$^IdmxF@9M9;qt!bi*BEs5{E_e%8wehEFS2?FV_-xUz$Cse%*M!{!t*Ex`b(X zZB$_Ky`lGB*@3M~u-^U;<=kzN>26B%wAJ?hFgu;MC z(4gY5ekn_8;#2v4CI)~$h8{usl2iy*_}1Jdc#-qQ789@#PHZW}TB zU0?SLD(x=4=oJT=l=lAgl_g;^|39E4@iVrBZAH5ZZE zti+JpP}qBsr7N-Wf4@k#k$qjg^YI*EOn=iKedKV4y%9Z@8qg227prwir_hknwBT6& zkp7Tu@Ty|-9h$$!X{eA#r+E7FxY!R;o44LZ(`=IT!7){y5LfA;ul zu3A{BQ+~Fg>QvC!FKa8fE~nvKXhV;N%FSJ}wW;i~TWJ@uYC=zUe@K`vwjGOOw@gy2 z^KN-P?*8uj4qfFq64{j|YSObA_BWmWNBsSP`sbeaWa0-~3P&%igG^T{abBPA4+w0R z&uw$}LnW>|-syWCu00a4{@peVS`Q#&Ybt%z5;2)w!Z|C8L^&%_=84q~VUsCn&GF6fZyV#1;-Amnrw$hAR9BoCSA7|7 zujgZ95)1blV?QPI987LtPz|!gk9zyBA#F$+(fBUzTJTte~zf z+SHt0cfH8#fglFttLZJ%iKuhpj^ zu9>&u5LVQzbl9#j)UL^LqxLwS=k1;ysDB79mUOk)Oq=E;;2#72!?QMYC&~3|&+GF1 zj93t9FeDa7DG_fPa5C^Dq~x?9r5!{6=6@E>5M)R<#qRYtbW1hHet=dwQyj?kLdDxBVu4;LEq=sK{2c z^OL2Rlc0|Ij$ znbemSo$THxn62@5zZ#A|?=)WYr9FG_BUw3LGC2Osi$YvAWJFvL?>l3FDM{MW(%Zy$ z&V}rcSaqc2C;0<2{N~_ywJOZiCw40A?Kl7_rp)*E7v&cxAveOH$V!-ef0DT!IfgNj`b6JP* zmAloS@04y#W!o8`!`n^&14jT9bDAS1p9iq<9D4vp(*(cw3qssWaSCucLJa<+39%G)mL3-*>i^8QvAon;4f=7(E*_4}xVAgH(sPu->fP;u3=68#Jv~D0)N5YLZYT^>(o!qKfg3k?GeAPiP^mXPP**+7)g+UJC5tS_1v_m z%kbWdfO~D0m0M2=O!^$pCXjlBob5L`J+NW`+a|VWbCnP5T%sVY;Szqw6rp>CKFU>J z9@r5*4LEZpXDKAD)^7Tyv)j()Jm-OCK$BMk3B9|Ev4mKyXuP)Fsy};adEtqzzm$%8e zm1ODYxanHow(-;q?GRWLNhka}$_M1^+h~xk&gq|nKP5Iy+|mI0cC3K4{Bm}<(F=Ny zEY@>fgN^hT>4b{gD5*pBhw;l|Ww7TsfHE3yE8ah5UYRJ~nW?Eb zmr8oeB>5`Qz_Xz8{h!~)0nIo;BN`ILeeRQ6%18&MbT;emLqbOP%qK~FEkuRjx2NLl z#z>Y(yoRW&9c4@gLlbv_4{B_Ez2r?Nr#t|T>;a*QL~7|O4C$-T?gPfP2U?1BgXiUO z7lJJov8DU`dH%BI-xBu6v3a0W`$Z#@J@|`cnSF(9dIt2|L)CSO-(Uh2r0MBk&VK{9 zFW%*@7`Kh!L7p+;>#wt5f1s9CwZ4OnSAQn4&I3iAZrn+M1WM=ZU~O4i=JH@gNgpgU&-BN70mW=ARUdS1}fz+s1UBlu_k#CG*E^q9xu zW3Wl3OS9)f+M`&-GlR?lAgK_GwD>jWS?IhoH|sONd~&Lh#ZTqC%3x%(?uIhF+DjaE zX_ts1OmK^HgQsH7+vz&KNO>OE`!KIAkxv33Vn?R@{W<$h`tQk>|C!kBg-oCP_=EBK z+|g0V%MGa(!LL9#*by6EN*Yfn7M2V5-ffA#_tRpiHO?My5HLu1yWmcdY-o3RW`0;Z zTQowRrxwGiY{X*h?zMYQwib9kaD(QQ4l8*#7AXp+00(5769tU}$9I5Qn88Epe6wQK z1?Jbyp5+9=304ONHl~ZMA;a|^PGXC}6f+ZG%b{Jrv8cm(fdHglXcQ9vjpaQM-?=H$ z|7+zD$qpzj12#EB9wp44!B>%Rv0-wRyK#Ml0v+`d&X@)H3mU`9(Bn=&DC;f97+AoJ z{1_3hJkW}7*X*^D@FE1FCggP%ECXSz#BOt^F+~M1&UjQzqtt-j!wZVK@yinhV7Kb8b)H~D7f+&c$rO)#r6kJ zS#vLTMLQ#BVQ~&*VlBRD?RjMg*OdF3C#$hRvsr*ZFCME75Sho=kBiRUZQI(nL zg#$a_%`vD!9XJJNjYFCV6#UX5g(?H+HzIJ>e!|7D>UL?#mmM}9Sym66cVDpNmJ06B z?lhEe;aLm8bBb|A2(o>6OQT^S7g2nQNxO`Kc4LI8ghGA|%x8xZVQ%t2mM>cfyg6Bl zUi~P#kuTRq-9A&|+be;^Q^&mQ3)Yyp7Tc^1CI|OEpL4{Fg*+$u=qBUMbuM|A^bXDMK&I% z8^Rb0aO-i8=SM&u6V75=wrz4uA0L$;a6Z`)#;1U?tNBZ1Iq4{<0}%|TT1jItM9q{I zehd#RWhrIO^yDDO$}u;cC=TtD+V2xYS!HD?oK!QuRWwmf7E?%P*1hs>R_U=8nkHxc zD-$Lr8_1G(5uN4+;Z7F}mv9Q%RY-54WZ6BMwv$*|&0x|B{9VnOHtmm;Z=bHTTvoZO zF6A1|yDR^cWsin15Qg0n{VSSU?yG@t`j4zAi1FE9&w4u{$OXXt*3O2{gR<;kFT15$ z@$ImzNEch*EJ>#?ijIYUkQ$?!<8fVO`6YB1>yN)ob`;i-6UAh_8beVRBsE}CtPo2H z+^UXm3q&QE`S`OSn6+TL3V(`5|Az|zdWzcP;5nc?L`qwD!evU7b;xgrx|@|;F#aGn z&2Tv1k390;?2sh?D(6+I@y{Pq`k)n2}biL)-g-rTWesg9xOQOukA|^5W23 zo-^W_?e)tzu=v^qT>p#v{bqg|cg%|!$}*9k*u@l)aXIfkv7kwcj^ukNl{pYCgoif} zcAM09O#e7jYAq(s7^1~z8f9fN+oi!**Sq;%!Jhd~>RpT0%%KGWB;&Qgk}&XKD3%|5_!-EdfSNYb?m?%yFZ8F zKXCqJzph6f89aZ24r3mHWG%FKv_p=Jp$j+>iq*r+MKJGrr3)0bzc>^xd?^si*taEA z6es@s#O@PGmhd6w)vJbD+uhnlT3jnS17bzX-Pdyb%H2$hAAA)~n3-R3wp{HBJ))Ok zRYI$}GcYPk%DP*R&b>Eh2;+6$<>6<6+&9tBR-O1|AOxd1brSR!XA3I4^LLD8#;+{BydWJBxxu<7N= ztr!7%&c2@Ow5!w|t}AAa=Q{g(W02I_*8a=}$!f18FT~7{gKL9JvgdxnZLp-voxgi+ zN&9Wjjr&V$@)qs6TN9S_Llv}uzgMAw(w(uam-{lagv@CI+l zzG9h!-0gOFidhg2n6ZRVN-S;aIPtaz?ZV}sW)lUxIvygEXoUF)G|9bq{P?k61}M+C z)J;XwzU@Q_W;w>{9X=?l>!+pb=Dz$^I%qG}o$()uP`7MA>dTW4JJ0cOhS>zaAzuw4oeWWaO4zm= zC{O4R!Wk*}CY)=N2pat1(K?y2e^R)R?`qJXF|z1&yRehOldCN|KPU5e7+eS?R>tF< z6~t_uW?upsV9TW$>VHku`PG0^k}DimFNHLJ%Rp|{mC{)uckeT=^Q-fr^nto?*(f2V zc0Q3I7qxF}=>w(^hC^sa1vI;1zQ}m&j`{mt+o9cNX1GTT?Jrb7g=qc!1Lun!xTKVO z2JGwl&n(_Uj6KhHPolH{?H-kc&o*s@KhmFCU9YNDI6AWKwM}flwyG1Vc%7}t)&JGF zO%)f<`eBD%up&R(#+%vsijvR7NcRxvzilLwKm7cD9*dbfH6$#+^o)@Kf?%hMAFp+> z;^bhS@eHTe>JM;}R)FEtzr8o*v*}%-FtE*w_MNaXKSny?#J-WFMdk$@uzY3Kh*jQR zoOd^X5VBPg#SbJisgN7sc0X7llmBS{);w8kV_SOZ1B_cf7P7o_i)@Y%+U8^=e$Uz2 z7l|H>mGCQp#%g%fZwbrE*2ZVuIy40X*J_9*gJTUP?T~S;f{N7?8$w!s!9pzTY*BuI>A}sw z*#mW_GQgs%UbMuPz!ULtlA5C@)o*iZ_TDWj`$B_@&IE~p_SgWU*XE-AGUFJHJZ%}4 zK{#tW_eRX1aPTLT;M9H%$CP&xZtE8`t0HiO+V1Rn)0L_?CLpgKbm(wVWW}!f^hfs2 z&=6^$`xv%7`_y?<7d|hCNuJ#pj}w}knUPmoxw?GLBk|v+0QDuxxbGmw?K2*&`yfmN z;xs11s66&nCb8%k(|+xzp)?zZ@r$JuR;9Q8OAPjFG zp9l8IcP51~)vgZ2G$QPB2n$?FHn){Mqlp=UgVKlOCj8UV{|-tscZ5G||1b}egWxH~ zigfnVG~*3Wp`Bq0LjA!?GICit%L_$8(bPyWXR@m)p*or{G`U3VV>(qfgnu+Oz9wBY zfmNBsz1vnH`~r41;kO}$^Eyv39@G$trPn(q(vT+rRJn2nYI5_UMtw+HTS5UNfxUvY zBX3mAp0)jptRUrl;1Q5#700J3X$lc-=Wo~LR}OcSX=mb>TfRkv2JC)hTVVHwWR6q@ zDWRmHoEINcFz+Qx{3xS)p}QTzDuj?X-mU9LPLP}WxY6#+OLlmf69~L(WoeYo42))% zY>bOXN*Ok&u)|-*9uAyG*sn0KjrL!oShUkZD+_)_hz(DSE|4M4ot|Yaht+(3ZB6dm z{cZ5)9!J7rljea;_pOX7Qkfpeg!p5D%sErcPwsnMw-TqFgmGx?z*&;rlR| zBjRb^V<#q3vNuUrZ=+!(q1+h&S38I7_ z=^75DGg(O=XsYPvy1>SchDy{-8QMLYJi3yaGCJuZcgF&s!4enTqU{JJWe+IzC@7OF zh|)e}CeC<8>9A7|tWW7a4u9c-KeB2A3YM~u=bChg(-7#y!$gV?ZMM!2AZBAh<`hDB z!!S^1w6wTGAJ6g>8&6BV@&O-X-5=OD4M^_FrC^qJ+Lze=KcG$-e^Y`q&9?NR#d#hh z3;y&U&0eLa_>iPTG2cP$y{qKGhD`W4ZhqT3CH|Uu#N1OP z{;_=X*t5IX`lO5|R`-3`^6>;I#Q)K=>Tk=^fP6#?*be(J|9o%bDJ# zrhzq)MsG#L@u)fBdAH@cH$2wgg#+QLVcUg=!?y(QXq`L?IaosCT zX`+y?(4eF^LNtB2Nx-Vm!tY^a8w4|7ZO2i z2@fyEWL1kv-a@#-xu-6#A6bjE=|G5h%hjp*b(pprr^3gVivQhxZzp-qRU)&QTHYHm zjF9mCsP*zdvAGZxeLPSc!gcjI-zd=?9$NVGTdZ%+Cguw;W2%V-nv+QaqJA8_2-8e* zjpCZ2e5H_P@6Y5H?roo7wJtAcvxcA%(LWwbIBCq8*4sJsnlPMGG3<50R*Dg7VjhCCEbql{9ch7E=7i zew6YkaCe1etM9h$QKFg%NY4r!UJT_a%$?Av7vp&IFKj3M#pQ)Y*MVdicL|Rv5$+;p z@38$@z4fS`y|c_$O}|NCoF(I|9nFPAHi$jDSQV@?uHzq2!TwiR$o3@kKX?7)lw>h1 z)pBUz`~J8Y6fw+8ueycB}u+rbJp8y5VeOvk+t(%M8=BoR2(;uEnJ-Hw% zj7f+n2pFmEZM_Y#uOss|<`I1GA^pv8#}9PDBU}K-QxR$5CV(@R3+c8+=JSzWbv$ZF zmFNqEhDHE zgf)r~+3|OUgA|C^@sBp8?R?3;@&wHN_rXEHMadvK1d9=GqX>vSUb3d^_3kG%+|)D4sHA5Zfblv!`c*R+SJZ8+!~clKrod1A{f+&YK^ z0~3bee?ideo`A42WTA=l6Pfd=s36u^xp*Ma+Dv;nVXOJH@!U+ZNFsGw%6 z&~z?Qb@t}(CkgAR2e7GLLtmZL^dC6KgRIDDh&c^+0m-P_)jxzM=B05jjyNwm*(#Ua zAH=MZ!DirqNvmeu#@9ap`bcsWmvy=zBQ$lJ{U8mhWQ2G--#Zk8!uV_qcaSJ{D|$Y6 zaX>u1%9KU+6D%cK6*=(P(3tVgziV6hVmlDd9iF%z(RJJIg1ijzx3EEREBvu35+$Tk z1zOeQtFf`MU_oBqMg=9M8*HyBOU*az;A<$I}ruqjdc*etfu49cVSvC#E9Y+y;8 za^Eq~6ZzAEFMcx(VgOkIN9B8KDQoW-5RWCs$#yU-#Y&iYjf(}x(%hVZePcKrK8^L+ zY-H;}F<5Y9TlvO5vzeUp`8Du?mJq%ir5J%Ct{rNM6%X!-$gmn%3L3Q^O=oTD@hbr| zgRd=0J<)`sYWvm+(8K62P?3&0(SAxfYBh}wrc*dqyN1fzu`_g=?j=QMl%ABl6(}2c z-Tl{US79!nI+doj!DvI4qP75Hr_G|2-w&m3z!Vtg=MX&tnlq8rcs>DuY%%u~!Vgyb zXT|+`{{fp9_mT{UeUU*5N-=dPxUw0qQ&gRg+48^r&tz-iMqPKzamBzFq6{%>}6 z*1oYDt7G>juqx5d^ST`vPBc`h5|VSI!qx$Jk~AfL^S};`${V}`f9UQsvbLA>RNl|dwq6TCqY?@^$sYI|70anz$l+TU#VJ?EAt zuTT65A*-}Q-9T@5U6Jb;mrpXF5=x}h8?el(MM(-HB<>WhP*?Ab0(Gbme47JeCGN$P z2+2!B9(9MYrqa;J%7Q!VAnYk?vGzpE_h{~p40<`_Pg(YMcpl7Kztr&Zn>q?;A;+jg zTxUR1w{z&Clpabh9I{(#o?hW4jeJo=S?E4>VW|a^bLUYzbSV9Am@ilAdP3{ZK^)(8 zf)theYV<6^kR5hT88vngNSIvtEJ)Ca2`>s`>oS6wgveYbNbzO?q*&-bW5P(CeQkRf z{5wX;5w!5eS8(>T%1<*ukoCeX>DZ9H?EhTj4@IDf`@sGvDkbHcd2^pyb|k&g-@8Bi zh**uwt20QTmKmI)f_9@L9vu*rrwAv}#CF#_jh`$4n0JEmcMFq@O&UE)|cO7PJ~P__*OpjeHewP(cKPbsogv{C6O@kh5YKPrdUEBnsnn zTtUupo9yPh40*|PM9%I7;S znkPhRqx+A+0*1N-eI~FUjDAgD(%%W&V5|o1M-F z2Clw>Q7V^^M}r*D9s-g0V?U09u0*93wvTb^o~;B)$^N9$XkayZ`BrimObG5HXGK`L z*%BHTMew8)_MpctgesH!uMngAZ&b7Hhtuw~lM3M{)Ij;}&UeJS%qSHEV)irWZK99( zL61*jhbh+^*ro}G$X6PHNg<4-I9ctVuzlWobfx2j#DsD20kut3JEwSxVhyErJaUhu zFzZMuN6w}aN4o={QCh9BiL9~F(E?e+Nb))#C_5H*mv;TH-oLb|5cil6#cQ!<9n=KO(M^-kZ=@VG5CHI?93z0;}ZaM`#0 zjoHhscUl(r^?O?nJ}=n)ef6{?DCwcy`wuUk{k|vkvb7PcIR$Kd{01S(u0HQb+QP8N zDfkPB0%z(mt~$)h9hW_XXo7gTU;?J*PE{u1_QCI-_sPx|0>jRqxn!eRq990%I*!7p z8?nFyj#MWWrT^n84>n5zdT2N%TWkA!g=P6^m6>`7p9c1zLBG5C$D&GoJQPV(N-8ZR zD&bRg5#WO;tHXE=Z&&FSa3&Xrp8IgJWH*WD+XJcPJ2j{=VHw&`h;>gQvB0QVCbeW& zz?<+bAPC)^aPE|+?8Ch!++W9^5)>3IW%Os?eSEnz#}-I^pe46ioHl!Y7@4Tp z6;cV55k(+0aJ?`-Tv9-x;;g{jjHu=WB(TA~c7V0t8=wpx^_HLCdHf9`8&v3BLR+txa-UXlkIn^v zQ(PpB%FjyIgUbtpqOC9q*NN+p;39#U^-C7fZ}r#G4J;ih>@6Cq#vg|wR_t9dQDx0k z5Zv1^X+ z-W^PPQiK`bDmwB{tpDG4w`M(^ETEkD;o;$NzP7g3s+R}V-gp(Q_xE}ptMhke;`!@9 zLeLMk%NSv_=o&Qm*#M-E=2oAbRPs&&sm&^8cd7C2k1QV#55^5RxPSiWG%08}LQgHr z*fv3(2bBNVf;wgjyjv|0&;LHw_)Y-$7`5Hk+mB@dYWV@3Tv-=#Csk@$>y+=U+rU>> zY0G4HAe{#j(ch(Cx3cT*_R&OZ*e9f3aBKsA-SvN86C~gz5agWljlKLas`Sm9#jTc> zmJ}HonSQxSV1)`c)Na`TC4c6aP?T{>*TFa#@hj6ZLtnkK4zO}bt9hMnYYSrJOsTJ%#G zx4l(gvDyGlZPp3Eizf#c>p$1xP*~haoTtyHU1>HQRP=ZU(t}*22&l-d`qosr#7OU_&ZmoiHH9g*>T~-@*e+Eo z@V+UR2)|Q+DVit`8%{CJ2+t9>gy`i*;}?xEm50>-C6h2H+f;dHkEUVV;F*_k7>29U zoWYD$*fby9@fjy$`|s0y`V@KBLL^1sKh=XLu_>wVriWHlnQXgr^Ut&AugALC)BW4jDM+Eg)xm6PTZvIuQ!p?Pj4;SD>i; z%$#0BI;iGpf1;w%xT76OQ6e#s@Im|jOYPt9iJ*->Ki?S%n!5}asVLB#|88&AjV}`- z=qP;+$^+*OH9&}Ot;P4ehLO8&mjK{%PDhjlAumW1X{TfM!&S~`ccpPRMV-anTbqYP zvy1HOP?Jif1m+(M3)XUsPxoVgUKSQ!N-$cbG?Xc({#Gk<`9(!2R1zr7{QUKc<$g!W|Q5d5tzvHwv5jvo~^1Yio(;@DyaGsuVCyP@8E-w3d-uD z=irs`^_t*+IWscj@}!>tTy;}T^)8eJh?Y(@_nrIsLCCqQ`Ob6_hZoyG2*4tFw$ms3 z_7nJ|(7}qZay*K3MsDWPyT3o()BxvwzCyXD;6#*!*ki~`*Es3`)9iD85s!3}^V!*` zR%u6P5jQ-VqGcAg*e4*Kw{LkWpDjN3vgIJ^NF$tek6Ut0A?8GW=NlLCc z{z(v70M#b+CCT1R$+ke6@22Mmexj+H*X6&1L9wVQWxHGc{I37bYQS5YFC(TL)B#RB zss0V^FnsL>rbtomFCwgc0&JP})jtHArOm2|Cod=vUG?!4s6h;r1%%&1jdO`@UpBD` z3YWMFXZ^(XN5XgsifvcBGH--!1VIBX;996n=kv%=QMlb~is9duTUFxC^nq|IsX^tVKY2!4;2)dd?)Gu7vMdvrgax|0M#6kP=p_-;Eq9tQVewXT za;*nHC=1t%D&XV2>;n)f-$5`ml^uCFbveQeJ`OqZKiO)uBf?O_|0e5lo+P{Fb;z)S zJ|w2)x`QmIw&BBuIQ24phF35roC1nCr5!BRM$Asggnt)>8(xy}SF%aGIJQ685Dp=P z6UO_AJ?|64Cn}V6n&4MI1gaof;^^H}b_@o5iWEki#cLiI#Y3x;OAJlhV>P4*`y03IC0l@DKnlrEGZPpZ>1F6D+c{uVL4A+Y3+R7NQGkD%x)C% zndfeKRY5>oIU+CXUwMD@@@L{y{x)WEpQ+NMu7^Zwt@C2hG8&g89@4W;{})|RQ+`LV zKmF`T$Ma>ynXt|R*qKMz63c}zE=}1j!BP#VJEe!Tfn=K1Tl<%V$<@6i{!cj*Ur}hR7Ev>nc zfkACZaB%P>1~0}3XlC0XGB1OtuF|!$S3gsHH7K>17EZU5{~!y3X%N~yR*g$yo@e&4 zyoy-EGS`ezIFd!Z-eiRN7$M>=wTvOlpwym9=V}2U7~Jm(mv+{wkFO)s7B!75Mip+| zksI76+B_@nGj!!XBGpZta(CoOYWyjw$3sxAk`AH9)V5*9a5^dE#$<|>c_C-lRH{UXm5D_Y@TC9a_R(*q(O*fLCVUywD zxC|31{C=2Z2AAv6qi+$nHga%qT%~_oJ!Zhm954cqfew|!Me-D*3o))8GRfe!WSj2d z1!E~3-9)w${Z&pqgeK3bO98_SA+*v0#+Q{>`5-MCmx3sGTLwODpcIT-GoW zLhaL|P+{Ks(xD{{B-Bd3ueWtUdl}q*KRP-iN`S;%<&w)|4d^)ey~O;!ng;}Pl-th1 z2Bu`NRy%hW74j*Wm50eU)e!;=O^=O@r?`cL_Ws&23C0hbTwanLp4ukGoKGp~2Ak|Q zm)VL&(>}4hH7c~4oyF{U>eXeO23>z6ZQRN~6Ls%+Xi#(l>|IY0v4 zd8c%>t7M>VXmfos!lwmVj>GdQotBBtQE_(I38eTrok_8VStzQIs8qHc6 zk3XjKXAQ@2!3{UyOrV8M&pz3}#W3O=3W*)v{Pkb)LxCQ9O3a^n38G=6!QUv zD-PB|8aU{^H4?+=g^@Dmo_dumDo@4N&q#*POiATL6TogPbF=zOENj@L*~euZc!2!q z3KP%ZtB}SD-&Dow-9UbbN6H$j{1d|GAh#X{8rhmPYVD0hYjh~_9}P=DFhy@TO9+TJ z_b_&b-E8v*;4p3{;nZR4FP?cx350VycRZE6MDuPSS{vOFug#r6#Y*^&_r2iNJNyT~ zDa)6YY(aO>jzIRu{Rn=P{cTkWNY3gMjgq6GvT`uLR~16@@F(VhDQ5Fd4@LBTqSoVX zuAbalwE&aO*9>x*`44b3KHYkGQ)-~WZ87rXuS~UxLF8ag`R5-Jr}AuoNrXLp z&L?RnK;xL-FvU5}*x&W~9(QW1X}v+^Wv`=0@A8upojHHar=&lT8~d#Y!YS?FEyRo+ zQ!!Cxb&npjDDD-pJm;Q`gPHc->%NOWB*?eqI2&gi!{G%)LDet)K_Ei8SVO(2Wxoze zSupkxq(rw6DyU_7C+y)3zH-xJ6phb795GsZVl6p8D2?M~H%E~8&rmW5H;hW$H|a;$Dl8W!A%c|+tWFIPb# zoH$NJD+@C3p`c5)Tcfa6<^N~@u@mU$5;>9T;-T&&L6>ue#Rv(OQaMQACU>^!tkoS% zISL}~s5)2sK#4Bfu+kjzWAw7|6gl-mgA9no{bK0%NQD}wVmrckZeXLiu=Pc)S2Le3 zmfH@9C@sum#niHtY>yRS6`DOHIxSCI)ww4ErGHUtVyaz@S&?#wLG3*xAuB|WDA}DJ ze31)Ws1`gJt}g$k#%&=u0sjlUH73L``?=WU!!8PH%_lA>ZpRyMQ}rliQ+Vuwu!kz{9_Pxb?p zXGfYVq>LU*4*3vtEC(e0=BOq`kD*OY`x9pVUw?*`4L7t*&Yx%MRm(+L zum$Wc7+F&bSio^Y)I(q+6^V3r$!C!05HiQ5D8ufMO~ zTxkGiSLU;gT&ZV^Q{P14dl*KKUV@UmH@xgoePIHLuWfam(m$5y0o9Ea6ihfW3XvF~ zyE|=_7N#Z*ZLUeC_0c-95^q~ki0nQ?@NJER@i@&vz>+Ex4j6LyM~JHioxKzMlQ?P? z!i5P9uYUqR&Urs9%vKrw%JCm*Cvj>eMd7!pt2w80EXRR)#H30Z!^Sk@+;4CItQ*`B zEk&dolZV73=$xD?wvNZt(op)mhrR}0M>{I`P%+$tO8XrgS&QLfVy;(zvTSF0Usg$i z80uc7IvSyPqKIR+(Q~3iewu!!e*Eum0jqPn@keN^*WYRTbpLf@X2p(EOUav@`26_x z-Z9EQUDy5563B3(i5N*LYIy6_8nDA%4NKfiV_0R{3a>;g`()NtFmw&0)e0GlFhmj4 zJWAVfH;Eb`}iYvrUju+4F9;Kp;&-*ugi5#b-6MLdXTDz2i{e^vohR{-OglDLQE9D6{yH zR(2<&M(+DA|IL9)_&+JjjjTK)Xu@l6flM5*)ycp7d?TmRdUYLex*=Qdlunw5x1P`4 zyl`Y{04(}Ht(V7ba;SXY`N+eGxS_s?&lY>Af!3S9PL0(+Q$|~!ImtBNKurGaf2n=( zHCps?Uj6r(U){5w?(E!kJHV3n`v1o*OV;RW8Wvc;6;hehDy9AE{MQ~lTk=1Rfe)Wj zFJ3l2p7GigEcMxBIX!|t9imguNSzAzFCQK9 zW&;lzJ^IVfQUferPPcaG+?ss9W8CucmDC%+&{usS9w`%A-cZ^8Ts_f2Hs#c90I^9* z+A7ecrRe&zB2ra1FY3+~+OevGr_ z^%rwON>>}*UmFVTe@7A#iMsS_a3?}U-nX5jnqXswTuN7OooD}LQ_JQIO@A0+UE;kz z@At@`qD>VrwF?xiFLK5Fv! zdNKK~e!9r>AX4;Y;Lj zjHDoHrokdIft1s711)E1nDRt6k|j5m{QlM#fJTA;-une0m->0<78+q|M`r$z^{L&V z#^~dX#kr+BT*NpTY@c7QgMc}9a7|2hvJrBJRyrc!gdgTpJGik}vN^W}YIIz~2i_!W zwQIes#e0tG(Nwb3QODl)K6wIxXgYbXs`!SGMCVJF2r|wK%-Pe?)%~K?>>;Iu%=pFq zm8V~?E)S0K(w5e91r@3ojk0JdYK**YibYZDbxBI`vXxKhhJ@I?G|+l(d%4f#Wvx7e z_69|R=Z`c`HUj64s@%Vv2FF|;wjiuw8fV`?^>A>q`&gcr&;D_`Dbz>qOx4vFizw2x^=;y z=Xks#6LZ>MH@92+Q#5CCue-adt%CPt1~~mG1zyz0w*aAF{&p!9*N0?{wVqEK9eY-8 zZL<&42(|py1kQGU4B3+AKJU#*9zKFf0KrG8`gM89+MJvoCo+GYtph`pwD>n_30eBR zCtHumN;a;)>6C5GR{rs6y2TEZm`p%a>h|(@0PDVZLE1CR$3KH)bCecCzts05Lp|9q z+f+Yw#O5%6d&TJaDN6hMqF4XFTKvV*6q2>e4n15~=1rhn z)gc8TZdUp)Q4edegHb2j&zAqYTHTZpyGQs(r~ybHGw1(xT^@GaXx%a!{Om^5M!9Qv zqUyrvmay^3sk-P0BY)QC)p+$ixRP>k#Z2jo24K*4aBTQhTxt<#tiHagv(9lGm?u^k zzD>GLWYo z()g^%{w#e=BwU8K?OSkZLVP&ZTK%C7#3?vt`C$TE-a{s5(Ot(C7{UpmD*dfmy))4v zp|i+Nm7_Vk(rF^)2Aryv`*AkQC6NPv{F&_azZG+AM2Kb6w1_mz?LtEQe-=_V!3*HR zANJ(%7ZeShokj0Gdv98AwzUC(Aq3@2|HyjVf(e$50Irk4_G!FnTjg}iO2fdXUyTIU z2OrUSx;ILJrwQX9KG%-}bH=hHGP%mmfW24wZ8sLOlntYi``$8zDYF-&7qwl3Au;xR zB2^LvY2rL-6C<}azHW-ItO&DW2d+60Z!g80OHc0b)Df!9q|+EIZ}B|mdwLXc7!_BX zS+U620x%xlB?NCKWXje1bna$dtRSe3`Ld`EV*ABtR~|geAHjkdoAx-CVs<8v^SRvjF&9V89j*p)FQqO;=A-zWyUfj}|RqUen(GpNAm278u7w^H@ zVvbj7L{$w_z9fo|<&<+?$#m*0L>qo+vzwX5>WGe17+Y?l_3lejH#hS^HA=lds)~kJ zw;Mhwpr*@rZUtBA3{g{hX0E;-%-noCQ?UMA$f!1pB)3)rWpS&{BZZ@0_awr$TgWg< zW%p4o41C!tZ#4F_C|D{>JmhZv`hG-29;=FI#ge2NQSl$m;}SZG1m_^2x9ZFCsCuFmlG-0;Cu|vf zRzjVcr0_T6eZ30O-kD(fL!Ue^qWuUMBBf}reb4G_#YxDY$)}(5(>#dOSdoBp@Xz=c zUqhA#k2{RZ)gv^}*hLa_g`QN5znGbd0~`@PZr#D&Wm*IVJ0+`)81}SBL4SkG{!r17 z^0DoE>@@GSmb@*tppdpD>oH^e_ior4QeiIe>4UeQ;l}=aSldM2@|WR!sBFtv|CptE zh3!1@`o?9VB9mHToU{<(10kP{Q@FY)>x#6G^9836f?FtK0z){q<>vQ*u@ax2cEu3T z1dADH-+e%Q+XMrKjnT9zVYYBQWUl|oYBo@k1ZA-pY<+kz0jR<+!#D` zoWN=}%myc8Ee0_mC0^D<&MI?}gd`jX_VHaIYa0@ePlgmPoHN}_e3lLh9YWr?4I_yg zh2g^R9P;HKtRc}XRcg2MjR7Gy8?*7supPuynFFO`F>qfOSUG4e8SY1NWl{pdkAIjW zvF6?6r}D((%wwJDvMh>6U6Z6_Wab)F;m}UfC63vc_;ecM+sryx&+Gy~0$W#zn6-Ht z+zPmCXC)q{3wkdXu^pi~Mv1p${MbYvSDI~t&H)kTif{-3Y&Ub)BrOK=qvw}A0FZT$ zSrTZpBZ9d3Y2H7yR}40Rhgvf_`Vy%3LH8@tnM;?ExLoWKh3W5 z>ONO_4Y=Cn)G@eT^&REsa05O<2>Fg%8?fg;8yt313$3QtZ~%fKb1>oK)C-hLk#@B! zt$iTyaoiWV-fA^I46c#XJEiys$< zw(sTHy*(A6eQQ?YkD6>JbSKnY^W~d|C|K_wT&Q?$%t9R$=YfIF;13bN^hy7&8!U%~ z?cox8DPf)2J&hFIk$~jKHivUL82s8(@>Vhk4slNGLpoU5`m8kGMTXu{<>{8w-A5UY z>{lZcO>BY8IKF|8XSbHaFwmJ=Mz!ERNci+{!uEEWR^1WTZk$O#n0;MMnMXm$;uP<6 z2D@qlPAZ9*F{Ncnvl^*9aJ|yxe)F4Qq_I|}=+_Tq^0p~Vgl(ex&zv!j{Mx1+pgSMyR8`wa|@TQ;|~RVEu<)1AHP+dbb7&l{qlIq_kZ_rA|Ihwe>)s@=PLz*dIv0j|B}9bo$-M5>>jl&BJ6wT z53P+?67N{Ix?hT45{0<~k90bfl9F@J9%4gAAOHIaCT5B=ilep;j0l(KoesY<7MS|` zhFP?NP+;Qd;FIz-mQyN~KV--G&|yu0%B~kw-0v+mVk} zCJ3XtX>F{4M1yASrS-lC@Uo8^zi7Y zs>;;(Q(zNGu2-GL?}T3LAgl2TC)|+8597Fa&U2?UISaFBH-xOB3UJZxs_ zAacJ>1w3MXY95-i_)|5mE9Q8AFTqu z=iWJ>7)|hfBOiF%D`Q#d8dGzi$0q2Bbt7!8+d6g`0fgO3jyMIelD#EToaRg7hiRO7gG70un!N19J4=31H z*k%WwIbNFEp_ZXKxI6WnS8(MFDdH_CFQ%e_l9FIvsU;L=^dOz=z#ARV!=zox$cf<&%SU+o;m}sly}Q#VF#A-exHI z655W9{OTl{q4yy!9n9~zHDVpnMKAlmORf}ld&#pfA%Lh$+Q(;|6;zxs%*(?gt-#G) z>Iw{UkG;f`f$RS9!S8rLSIi2e7)@z%U&gD<7t25Y%s|!K2(jFNzkmxS^MDorHS~th zR=SYoE-L2oZU={WloO~Fu*N6cr_*XnHXpbwmfP<%R5iJ$>c&PYw{ay~1{IR}3S?MJ(h=L7Ib# z2y%!wF#W|i0!CDBLRe?Q(S3}cwDF)HoAbbx)q_527P=Omoqp=`$SV^2?q*ue4QwuV z2D|_M*3y3{h}&QUM08LVIRPbZ9p-(hKxNuzX8b5VjgY`!jrgh9%T(&cnyw!mjrS*{ zh&N1hr(XLZmq~`$w9*0~idd}(-{GPnlSz;#0k`n80qWOZ#bly;{42==Ww?v2y>Mh` z4yV*Jc%QV=TNco zC7#*7YCoRMd7mkatnl@YS4?mS$59AAFdaqL*#wnPAU{lr@9graz4<;l0x&|i0hj&e zB*63#mp&PP^yG;Mi$3d16t}rR+PQn?@EL*a;3H);B1ya(ADd_%LZL8n#C(}oCuw>b z3-izrmuu?isT3|Y6f;5w!p$L?xZ0@9O%tl?i6QX_8jkD(WV?)1=TxD>LR)?f;l<l!@mDQDJ2g&&y9gxEB9sA~x zbdFKecpVHr65+5T35$dy10kI_it3c8eBR*SAJj)ZE)uE*z}>`Mh1Hzl_b3VNdmwja z`Ye2b-l7~dDw+(XyCSw9I!-*s6>*>VNT#ls!mJ}5O&zSJl$XmFcp!Obad=wQcD>c& ziqY*bP}#$*?|<@8Ox%~Be?%xcS&ewJclY#c8-#q*HnvKtIKjbzv`cg7Zqx0WJm#k? zh`mIx7qsQAoLy_I-2nQ!)R^aA&)<23o7OD-nsW?S{;v|q=q^m;B=fa?2 zQNRlNthd!;kFtO03?!KUX}Mb*DhTi`?d}>dl`m~BF`@F8Kd@3wyn|Sv+#TfOlG%eE ztLC%rP!16nL&KSz6t6RE28s$-jxM6AJs!uZISlWWpUw@{^mOIyKd{zyN%mfg!IiMe z8<~>f77(%!?Q1bUr@W4Jv}qECA3~QLC>++l&7`WFc7BhIatUk`IRNznWh^$Wnc!Y3 zq)|ByVwb}ZL4;MhQh_FNR-HN2CX-fo2U`L#%f~^6ftM$}b^G^f*1o?d{;&U(z5f)D zsSEQM4N3qgAsK1=i%0LYHfZSRzzcv%uH)?N%-#;a?;DjY%+$HE*Gj15@)#XKmS&C#m-YGE|jG0 z(o*>UY5`zRp#Vh_p~s1`|CY-6^i~l4WNm#tsgFiF4dLY)>}~W`YqEz?dGTwI+HrcUR0p!t<7e-Rgsb!6#gWf7KQWAWXar~Y8v~OHyrr|UC&JcABSbD6`{tbDl z5@a!++Js4F483)12uL@})uaP&{!`QIqWo6buT04I3^tG}cRB?Kvu5+s(?36JDj~-k z!0JRX@M%XmqPS}jJZMerT;Oki{YZ0Sd5a%P|8}1-LHu(uKbWpbYqjF8W70Q=9%Nu! zwT)_z48TK5Z!%%NN@I-oYKf5y$%#4EAGz@3iaz-ER#olGcUKPfVOf#jw=%T}DWaKL zp7(O9D(K8E?)7lP#7xNQ^{a3+<1t)+%6R6luQ;;d6yn?MFHPZ7z2bCHRv%QIBPNOB zR_=ySsug#0)xj87G}1qu_!>OB{l8F>*TMHA-}ET)H?wy^%3gUJ8X9_8ySnb?GDc}< zE@cgWv)eYho_cSvas21kX=%1=ljE=N`QB%`#Rjs`?NE`Lng5mb=voa5zzNrf^dMt= z-kZ@RZOzOU&jcT5LIluHH~OFM!v6jhsAM++8jGw!$NEp|h!7exjxT7=B57BGLX`$F zd%w?P=XF^Duu9E)1(kOj)zi~dj84S?g(R@S_2h(vCi(wlxI+FoSsQK*1RFi~S6QrH>jXK|)^8*9g|9=*(8ZXq_r(*h+-1lRL9)igOYQ+ivYA&${9! z?ou$VzS!4mi}lSoP4_x1|M&|aF;5z5(q*E_^M0QiZGfkx zPt8qRK(|RVU$Nc77dfa(Z~oB-@PnO%tIALlo&67Mgnh9!PG5kMM@KgaK%k1z#|r?d zc#xoDP{OVlAm+ICX2Gm{Y&2Ki*PBc&mB3ek+;;O^n9mhrA~}E*0!T!E{^8oI>1FW% z!nm7exW|PHz~swpLPA5@#8j#j;H{!+>cKXE2cv!}C!qI$;xz!@YNTmHCV}O?gJ@$J zdi)b@N+kk5Mu8*Ym2WfufE8mkT@hz$_R1#V&#%uy z63}`Ku+}#UTxl3ia40#fEN`al&LuHP&% z7-IlolTXh#A;y^UeAoPgs3iKe*rM_D9@!J0Ym@iILW<`bMY+8K#>0=cdv8HGm4Z}G zOi-;q3=?cq0C0S2I{X0DU7oojl@~GfEb%x(c~Nn~m?P(`-|}LLo>^3K^rMrl0&1iD zX9Prn+15h63DzxLyUgYwe2-k>I1BE%q zxi{UBVxEZeRJHeQ&$~V;r}(4znv4MPiCuE% zab1x%LhoIHN-QE0@&I(N`O_u%04<_{hM=jIx+_IbWNsCw>R5OW1kGf$Ly~~}r~G=K zuI5paFZSJTlKdf#{R<60cKm=}$&6$Kn;c=R9+1ddcmy=pZlhoUF{9w%Bc%Q#LeN(@ zuMbYT;0^bc{zj?{TPVaoo-&YUu{_}{^igvBg^x;q7(qBzuOfwAy-APd8m@&=#Gnij z74ocyyGfpa$y7%gMRf{*!lZ&hvQyUT8ba7K(o+x`_aP)i_?YaXwiVt}fwx2dksv(A zrm%v{x%Z43&D5FfHPmk&qE;qK+0AkVk7XaYPge<&#>q&pgbnMpYoMYJZ0}>G8*F-? zSonSQ1Mk0sgX*O>0l_G2ccz`HF!7Dc%*S%-C8j}Iignkyrp9gWKa@cFJkN8cAD$6z z_$m{kh1EbVb|se{Ans&uwZtlI1%LoE+ZW&Q(})v|6axddp)83XUy5!C1>2T?zA`Q5 zT4{?sMsrgLkllW@J*EcNTKSlDgXuc45-T~UjRz-iPcAv1&<`i z#2@9G{)e(}55=njhKqjD`oF&vQm}RFeB6EK;l{KK{ub@5JbQ2tX$&t91aC&d9j9nl zDVHghu)}auc*PEf$^;^1=P#-gF`X=oLvZLt4g%@vk;1H%5nk>Baz`NY^F=KJj#QbI zrBDqvINVd5kivokXQsEI>H&Wl4l#hAi>K=iTc6EDJ?J$9pq7`W|NY~D4G z;ZV4I$rHhDDp`#EYkreuz^yThk@VDGDjka62&dqH7L=|Ohbwebdpvlg%QPi&*I7;F zQn|0AFTb=cv4N$+nEIIH?#NDi5Uw8ps%aV%S7ZYG@{to=rE{@{FvdyiAMi@qD&vN5 zvTkGdSS~g{K_}WF=+YC+&wU*P59Ir;9@i<>8@q4v$=M`xpKs^K7tEG}S#;Ugs4b#6 ztXQGpq@oR&xptRL0!Cd36H&E=Rex(=>i|$TtOr+}b#F23qD9k0H9zF~%p99si^W$| zX&C@ibn%}2$hL@pz(YHds{kw6Tg1brl`U#h#R!m~S;MfO3!D$at3loTc?NchWlJczZ-0M>*&X)FXIwGetSy4#)h>fhS@R49r2)69h8joxtgl zkQ&83wQnjS<${%8g2s5!5!;X-bQRrMLSK%IkF{UIpU2v}<;5aaIJ%REQEg|@-x2fi zu<#_|qO+spJ+fFav?hlfB&r^GNB##0sqM7dr(`e23^3AIJW-lj)-`3vcUcoscQG} zV9A_3_S69tt!R|7V!kXFnm|1vSK!*p5dW9u$*SC7Te^g}{a_CM(FOwr6`+CT@$bwl;+1~GpOAL~;~~e>Em$p*?Yb=!B@+-wU)E&*??;5^E~ny!dVT%Y>K) z_5*?{2#OmfiOS-=iw!u;Q)RZ4M@65+t4Hs+Vs#D`Lem*U`i5GEH6Oq3a#)DVDald_ zx&8?N{mzxtJ$7}OklKT873t)vaNg~*>S{MlV5_?TYLDlBQOkO})qv}UEX6#T3stI~ z#L~OdxSkhB48CVvRj8)lIiPdD!0MjYIynW}<>uJZWzO&8Ku30bQ@}e*80hBKQH(V&mgJo3Q)Q6*hgSLte8fj9u&ndx5r*y|5_<^C#i^}rwn6rQXt zNyb3Aj%_C%f_6q#YjytI2OZ9<2DC~4D#m!~iZ}1K9`d7!g4i-hRJwk=Jzdd^oNnX~O13F_&$3GUtPI8@3i%`xlJpU3{1t{45)s9yR;tIK+mSeCBkG+30J_r zsM*&2$7t^rj!)PTI)$1|HVf4<5trwNJoCvqkWUFCXH#d#665uNKZmHP`{Jf05>M`h zL^`ZVvIxcXxMpzQuR%eShBj0YBiJz4wYe*IHwaIR<~`*)nTq zm?%p94ezJqvp1%2t+O8~Ue2#vreO+Fo)N6IYa7PGaS~`FzG5dcJzi$|B1U6Jp@e+W zQ{l=#Wv1x1TSLzm{uS{PUbWEr4mKuxkYZiST^6~bKC1=RsJ6)1ggT@ zZ`%nTJGMfWiuTru2tA8()6}r@Tf_#^7^lfr*_2pc4fgB6uvQkjO=@dB3~%f|3ZY#A?FDCPHX3XT}q~0!ceXS6G!y0jX+L zi|m5)x7c@#DbcnWox54asaLK&&VFY8%&W?wl~m*dj6a<60VMLUp@(;L-Row2eubn` z-{D-2_0=C5g)H}7cG|O5I}i(~u{=@$H50Bee;L*BeW)R|;;g`ECkIL{HG`xuf5s1mFwIz#UxXqv2e$NZhX zyE0_{?Q9cv&Zt-?hfF5tkgsD}F>4PPS}eX0g@XO6RXn|h}4+`P!EC) z;K8Z|L9~g43O|l*1OnH}U=>99Pf$}KX5_2VID!{gT*=ZD5B4B$5#>nIMM}StgH0`S zZ$Dpc<91pDd{U-a7PZ%?{+{qP7Z$xiYOe?bxj{E`P?oCb>G`-Y0ZVKZMP;9t)IrO! zWRC>}GOpcLqnSN$xZ2JuoA>3D0D5T#LP(VYx~=}mOV5(KPxT-*wgsyB(%@g=3QDKx z&54bo`N-{=07oNsZin6S60kH}fz#2@s5wR~3rO9>!rD#pP(HIMwQYOe^|=9=;&S;v zB5HmG((T~dXg-E-1!m836>}PSE$6Gh&gQt-M}4>KxGfp3__<>2WF?ZWnV~2rXRQt@ z1x3L=jP#4~Fz7Ply)OPM`%C@3g0SdrqOzohMKZLjAO1HE1B&AHnB1Zq)$ z)uV2+_mnK(%{mozvb9iy^QPex0W4^LL=O@j@HSll_G630tY4+hRL`DmJHAv7SDY6M zXNR}qLMfgzQG@5mS*G{kDE{5t@iJ*p2(cXzo#4D#FOb;L6j)68)sm;%B9LKr*LJD?HB5u~_O9V=1WxT70fROlsyr!nR z3fMRXYgCvjPe~aAf?9w;<=bK)vvYB_HB_Vs_O+-~GRYs=`|rV*1$zpaUyKs@JnOAb z02@ej$3uqX4DgS(p2FD>0V<@FC5zZ+ECBggMb~pu&3J-mJwn)YqEKtD-{ilGcaqC# zYSLLX-fRW{_$YR~P|Ix;2)xhor}h9kA7a6{mRW{bZX3s*8_*P*&B)AL{|6Y?>Od(Y z0ql4`ChzBkU_&jNpWjmqAgNSmb1+-6#c4imJpk%7YuZ{6N$Ef|W{UowUcN+f2S=XM zLGGh&@VJdn`(;CwxjIdcC(2dBJmXef=A zyfREkecoS2EPcOJ>TKIwuLPB$dN~s)Rj1OB=S<}(|9dvlwyOjkJ_82ClpUZZk3eI2 zp!dHCu7nQ@5+;!V&?-;^Dd~VT&s*`I!NHQ?$BUMR#>E_*0n316d z^m2S%PtC&h105X?87Oq&wQ7BShNb^`h7eq6BXXU?UZovqvlF<)jPxhRfu5dRM)J+g z5(i7rzsf<)yWmV;0DO=-x5!UF+t{3J0jsSc&K?4gRx^C7R^mx#U!Z@jTvvyRg0dMb zmIgZa2~>V8fjPF?l@DEt6g0NaD@!mx{I3n>KHkX08aM$00dM70Rj-=>EPQS{S9##u zJUs9Rdo+&9UI^AG-Y8bItN+`7!|U)2aXXY%4{-i@ISqnsXpP<0;bNo5oh*eEz{kb* z5{HqIW3;{sbxl480X$gz5KwD=&Xfw!?LgvDM;t%|@ERHz(9#@)NN@X>rz59C2+SB! z*_)$-sR`bjmgg#X%r$&LX-w|SjrSm`Q~&Hv0&kxpcqh9)fdq-4fx}M6;Icn1j;nfe0qg+0bS#+%3|))FJg#wNLMVq{|`3d-&tvlsMV__^q{YoI-uVD&cdAa zIe7iAo!7+I*cK!l9Gv8G0Qlg7MdjQqd5kFo`xO&5w8W>iE-SS#BI4@>=#J9adJeAV z;(UEjRc}~gV_}*QC?F^(*p!@{d=D0(CTb>EKpqeT0!**o*YyLLy{K-<*fg)$uJ8V4!HtR$AN{ z!2{PZYD#A+dwn<{C1iBM94^z1+sDBAU(g(Q?(eS%B`ZpdFTmPZCJK&AbDJ9*3$gwQ zK#2wUHxL~XP-6jU#iYj%U&=+mv{6s$LWmzg0^5Yt_vBXxwR?qk99E0&!ml<> z!QFmP*@Hl%`Qeb|?0?IBo@3SRfAWLodK9@|pT8(G(AT$@+WzhNKH2}>XFJiwUZ_#R zG2y?)e+vbTFXsqHAH@2B3R?Dd1?av!cMuP>65+ov+O7NCp~WZW+y8ZFO9*&D$`sga zpF4;Be?I&F(>a@D#kwuN2pt_AI##pgJKkWu^N9H!`TQ99fHo)KQRZ6FuXUcOX+4>6 zi0ipMJDyNRSu`Pjx<%}S7G!y;_0`zEbSRsH0u1S25-`PcNgONHzA(cAg$EB?JG-O) zo*o+U6}jgCKIJc?mcHnE#LKlA;??a4Yy|$c_+{QjWUyRh?-?Ec9XTCKWIw&n58N2e zM)d#0dB*@ssXaI<@bN)^T?l}Vz9=pmDE*1`i`(f?2gveYDZk?dnh|2@(%a_9N_~S` z8#hKp;tvH?alkT8tf%vpTA5=3kzM=B>ACQj5P4Ece8O;#Ox^7Bx9_d9F_QA zUc$n|!-r4iDsHucLS8Q|apC8gYl02cfc>trEaUMTs-cZ5wunadbn*@gk z0!X9k{|!z67#ud%AL!KFSnsdBE(hVDdB20#I5SXxzW}EAHQRU z1@n}48Ymi&Km7gyJL8S=KAr6EGNP}9{LfLrpE$WaPM&^N9%_zbeU`RcL>My*SK0T* z95qc&NAt+YGkaTGQ;bYZ)}P74#004m^=Y@OaeGg9Rnzh~x58ebKu7NNcZ~A9Kcu5L zCjf6pZH~9I#7inef4lc-fGZ`fM)yCS#VZ-E-d)! zvJtQvb)NAzadKDj86F;Hfq{YHjxk*i|MMry|+AZfg92ral4Se>4<4l14CjZ+Z~`mkv>8G+u{``M zVIN1~&EEMMyR`#1oGw1v?N5r$*RUxa#DpScpBwr$a7?()6oCV80@^{~e@}v(FHnzf z;%tv&|H`?t+_gwiK(K2sn^K(^JZ_v+&nY>4iXm44^u4mcYdQG&XH!yC;nzR>Kp)y* zF(O+j4~q+(L|1=Tt9ndH!{o4N-_e^-LAFv zc6L;Q`UgwfDPeeG#s{HyLRC?$+s|=4rm4v*_xSiY@c!XpjM6uG)*rNwG6HsGWrY*` zNjBj7_lIY0A2;^j1VbH*dVK7}5VDz~*Tm_Bz+sigPsZ7KU$tv!=wAJ2)si#{^md|x zHX>PIt71yK?g?=C2$O&hEfko__B;TO5v{%?POCignbNEVkGo2ldT_7nVpwp9x>kC*(7N8!kLu{bhyJ}IWwcYfS{;gmt@>; zM~XxgO59;!(%aq~O)ZOI3LZ8uU#%>=7u3nKy&mp+9&g;&A0799CG)ynUV=SsD>#9$ zmg_WmQh3-91uYl@o8T{+bCO@cI{{3M|G}rgBCPGDk5${ODS-p~d@MMwl7nR;xT^6(ePJ4EX*7s{r zg-oP-e#>^FDyK!VeN&*miFqo0O4qFO6qdkkx+}l<(+(Ct%E#W_H>(n3iRT8ie@!|F{4nzEL-gQrW4J z@kQNRgq6LEOBj;3_TRFcS6~$i^tr^7z6dwJ2D3Hl9yc)DVY&0dY;|jk@!M#&bX4jc z%Qny+-CYD*ej>}s{292#cJXR)kWloNuZ)Q)=qNqj)IJb-!iPqr=yoI|I71yM>~Q z(rpsaaOxIwJ!4;OqmJ~d`?nEB!to?w)JZCuc($GbTYfsW$1s=IV|@rAr;O**gAt$L(S__5hp+LQH?%)_@lw69O-j#zzmVV7S=9);v(5+1h};9S08DM9TL8J~fxI z;vX+Xa5frq0Cb~k!7Z!*j6U;hPkQ|z(nJ59zWajxW9yRb+NN|*sTZ;7`qYb-RU?SBTpPPx~7-fbKms9$`%aZ||tv?5k#e=zGnqh1l@&gNDg z<5Bvfe2-N^CYjHynVODHDlCPEf~(A!UAwS^^-bToQ(Vtx?AgW&50`Yqoa25RiceAB zwctXgN}$U67`u*mV57nMa-}i~^rQk$Uj_4U&-qTKs}OatuJxb?3FymF#nP(8{r(&* z0gfJqC#xN$dTj_RK}rE=FIT2D1gOmta@KD{lUV-RiSCRQ9%$KKf7sTnbN#$%eqT?t zSSK3LL`wedgA#{N}FJC-5%pz)Tn8LdgebuS=kX$w$Ot zt{NP}y1O0DwirTgg{eizVpG_!Ua#rsb&-K>OP6qL5|Ugg=UAZgA%SI)Vz2R0X10l| z*O}q?Uds7j5)Q4B0MZQsk6s~;Gi7)()J^6#G?BqV$CAv-(UgXkZ;q@XP&U@~U2yMe zuCSEzOwX8c*3sV`g{SWyN_T^$OSdTkL-2<`6HFF<__OHQRd4x9NpUmefbq(>Q6=ts ze)JjcQ(U@w?8f)_x?b5PA|{W8>mH&TmnFfSaj$&C-d`;OYFEqgDV^edmVO%z8)p4` zqO;I1i`3^9!`CyXmp>MxpvoVpxA$*1yvujE<~3O}jf?F~X2hrl zJ(un=r^^r6g)T|&g*iN+Dv#^}0~LPM{meyXJa;iX8cm@tMV6rwrz`pLk*3`athgR@ zm|uJ7?mYR)`H%SDOB#p8G!5#+tVD11&7tzMFwJHuE9Pny=%1_DzS7DiAr5a9g`_+? zc7a_BIndVU&^-f|(qdsmT%c%&0>tS!q*!Ov?fNSHEPH&YrsWa_tC@#x4#rDwY8rv9 z{UC$WnJD;Ev5em=R;oJqwa(woRZEn#_qa8|x&{AB_2H1{>^7%Br!Uf@sk?x1YGdI< zI7>g}cGPBFNj!-m<=j%W&0A(c#V_kX!(ib0kq_`vJXgNeTuUxfE(+ zpPhv~YHb8XZ6rf37HTI-J=WBB*lbOId%AhNw4bfA(qRTGq8UJLTx5U$%nE(plgYkk z^1Q$P2hwY~9ANo7a{t{HG~I&(1LetWCyb(UFjZqQ@MlKiiH%LOia{uF6;BH*k`Nd$ z4n0A?h6sl9Mv128jg9&{HKg#M z7(#TgG6)IMi{4C_n%Bt!x+pBx_2r(qsr^Yz!^p4G21%(KM5S2C#y=JZgb+?ES03Fe zzwxY=Fy+zE-mHJh-M`tTShIo2wvBTaq{294;0=`FNQW~V849B(6wjGD!ox?zczheX zTNT-$!x)dYGsY#jHJ)Ji>UfvX)+#%M#mEFRSFX|@$EC0&7tu<#N)Q`7B4(CO{8W}+ zN}j@UWIaM}{^_2N@aW%zBoS=yaGT%p)aa5pE}FF%L{{Db93%PCXSWK4ga2%AdihyA z3`uA1A7sX;AmjOuXF=BvKU@^S-W4td;5^+Meev&}ZMII=#nnpmze}a^sDbm(y9Abn z8Pu<@tzd|6qxW_sY%lL!#wzT;jX`~K-2P2bUUBnNxo*#%v^7Zv?ix{^`ORcL6bD7^ zMRpn54mq;W7)EDG#7cxcHtKXbSr}A=gsaC2QV*Wz{3luqU-`9F=auYHY?^ z!Dsc|yW@&Wmb(J&)4ebY7Ml%(8kevobXnex6SH zhQGV|6Hdr0OT_mcPUA)IIb&lq8a_p#&o3|RKVE^1zF=|jxCGpjyA!uV`N5z^slC`d zfnIs)AR2~y+-YnylRPFKOVs@wOx5}vodRqbodND*>0PYAAk6STLij-l)w8<2brP|V!*^gTE3DutN7nkk1 zf4=HRK~L`UoSiawsQ=gn9&|<^Uip{>{a`{y+lt^l*t5k(Fmi~`EmCX@JH17qq8P(U zhr{?5KFoD_E|pr>?%xGth0l`7IS|shRzY`O_#if-F&X3(8}BoyLaxAmB0}mSc{n)2 zWxedpbJC8z+4=042)1X`;L5>rkqdU)^adqYe(Z~xmc(jW>7G&E7!fRY|426;5zCO5 zSt}JK6ZWrXd74X_7H_``$H@@WE2>yAH=H|P zW084o$8KoyPeh@~!FcB4fT|~swJIj}w*CdbickRE?YMu{gU2Idjl)?s)-A_x3&n)X znJ?n;e10zI?Q%;x)Zu;e86Jkmts7BSCqlNX-GbuL94UtNSA07Pb-wivGhb@97P)&A z3bk+N>P4US@BCl64#K3MVr#tn#7g)nQ{7#Kh=@p&50nk*Ts~{WyH6EdfN&*nDz6K& z87i`=JU8>nTy~YzY4RN&lr*sRNL>GB@}tM|HMMV@8tyQO5dTFUggi-3xT-BC@Th*^ z*P6{`AVGo{?u5KNRa%(JbhEajW`ZGLeM2A37(c)gfROH;VTG8Ivd0%e9lXeVIE|@z z+0#n39;)B;6k0_E6%6G4?6_Pku+_!582^>{HYuW{F-3}krj^Nf-G6w&ac6U6OVcikbquJ~8M_f0t3T-EvT|i{BBw`K0m@5>h zf0`Qxj#}TwGHcdGcIE|Zn;vV|)neF4QW~YTtzGpr1rZs0e#sOO9N%=7Xbz@vS@1C7 z2pA7U-LRNEvcN$fw%p06!-=8>%)Us>2^vUE6D+1&QK3Z#roE@D&?t`_T1;cK3pnSv z;@6@TNOU};@OrFNX;f3%wgKru+<<6?6CQqArnub+vzG7_JFa=5F77P%=>hih8RDM-KYm3J(5) zpnG_ITAlZU=(|FeNcd8~ zc%wJA)Otlot->_cu1E!tz_I{Ac(l@@J@j!A7V31l9m3>xM%V08rd4d$EM6jtSZo8I zB7dOc=xTv+fBuJ#h<(^U_%l4zYS3Ahq(5@ZSsCdYx5vKh4)eFdeuC+ReVDw(ZKE3J z!+f4!6!FRTYZ3W6jh`+buN&&;4buBP{{@yw*NJYm1llHig4w|oTw0AH+`U}>VKuDs%OVE!$g5ODd*?Ln z;~QBHH>>>9tE|3LbHB>3YrJ}T8@uIfcXsL=$V~CN<7G?!#cZ_p^vr@?un0U*??E5> zwB8z2FK$IX{#$Fy8;3Dl?A=S}4uqGN+ta+Vkk@Yw3f=4>#Jdk?*EG=%10=Pb+N45{ z-smc_(}=WuoEeUe!x>gQ7gXkh(E*d%l-&C;UX(m!JH8+?L!$nA%L!Xy7y-0|WP5+1 zP6Y**fet_eai<%7eITAnzo`TXM9C8U4sxYc`t;}uDVG|@hg!7VQTcsu1BXdMfk0la z6jR=J(O)d00!chS-E#h;ow40wUyS=J5GYsH^)r_3&bje{r`g-?^G#_8A?e1CAvkV1~MSrnO}C)vMom#k2Gmz8fWW-GSFaqO?CA^ejh875C9L2KU|H%E3x{&cle zTFh+@fzlr$(ZZ^K;El5V;=RrXGFJQ_L0MZ@)Y(S^XeBtCU+fj~+9b zeqXIZxrbZ0&pJ8_N=;66;Rr4PWs)Mh=Q`o2H}ma6mi)plI7rgZT&`K#Wy=C^Sjrah z&|PL?2!QEQ)}Xfp1|DbYieQb~6SbBmCfZ}6hzQli6Nk9zXrdH+Qm zUF+QXVrOit3Fi>tJMkFA(D_)Rb`1gJg-v>evZ$?oFL7k3UE{4hi(%~)&kq;la{;vq z-GGE23bFqrciFz7Z<}jBn+XJsPfQSSa0b16@76d+SB7{Mm79_DF7`mP*#GhHmSFpQZ|X=6 zumDJd=z?T~%(5@QxO!jFHlL7z=n3URaAjlFt2q*ldLMB7d$)Af^=6=B>`oXN)& z+pde2RyXO*>QkYtz7o5!o>1Rn&y=!MFN#ww#+m;u=+6s1V$iX8g>)R)O;Wqb5Q2Kt zp_uhk!aA565q&kc zRxqw@YMp_Lw|5n_*}c=U&eY^U|1Y}XmOUY%7nc|ov$eu`_0xmN1K6b|zj2(ieOS*! z4AI)ChT`SN-iWCBXL^w==J-Lh3_aaSMeJ_2W*xYsgnZd@c}>OMnLv(J?_!*XPOH^I z>nGXdzJ?y|P3W1OD+^M)rW-!Y|9xAKgpHy>uc>P1d z=WwB}?-|A&s0`2J)w$+bY(KsnX1_CBUa5B9$h(2-*T!}JCdn4yYG0GDjC%3jF@c@U7!UE~_~iHC_!rh|Xe7%4X94^0Ynzh=b1x6Wa|8Te zYS+3?j7t+X%Hi1SBS1$I6ya00|Hjx)6;o4JONi5`7y2q;n9>DzqD6u8fcT!zA8AKU z*$!w#`PZ>HD%81gKH`)+_g8joDA1tX%E~MNZU^Oh`wlLc=7#Z-l8yDnva1JF?|TMIdW zC%+PhfhUGf`J`?-DS4WD& z;z4DF24CP6p0Q&TD2+kZ-g|6m7;uefs5T*p)GAyac`We6X^9L6`2eqK7x?cEcyzc8 zO0R#YgAe{?KkcN&v9GuJ@+wCbH0)1VRIoYxf?&p@LHXznTkl*qGqaIF1SVUpcSGkKPJ34r1N-j@FVVBE{00Ih9Dw`ce% z27QT7PHv$253Ki{?}|JmOu&_1sjv9w>IhQn*Gx@{rJ#y+-xG+c4pJ~;EU#AJjra%zpyl4K_#v0Fgk!S?g>v+Boxm8_2& zkHKREG60~(B&6xAmUr??MD>^Iw=o0Q6tBVTp^Vo~4tZT|yYbVo{}(fU_;6KVb~?7* z@QuW$JQ3yt&QFHltgWpj;fa?XeNB!G3cY=0`q|F{xL4uq>-C6c1KZ`Brv!|b8a)(h z?Y~v60(mJ>KnI}#=yx1|Q|=4>v~}E1KJP5lRq+5v>XBER*;Atb6yk$D?+!RKmVg3s z1YqTJawt>o@&avxsQ-unxQq;7r3!MK0|<8{0PwqkbH{tY2(ekjoxAryQ;+t9T!6) zBuUw`fgwf{q0bZ0r^SkAm(+P}|H`d%HHQ}@NJf~m##hbK?JjneZvcw)4&3t;Fvfbo z`HTvj{v(f%t4{WK; znurT9;@JSq5?`2!CND3*26iJiAsO2Pq!hg`18{a7ST|rT9?g{HC>3ch zI43g|^WPr}Bcq|=^dT+OyOg2fF$sW@F3M*uk{!eVx{LbrQOTFL4%f$eJHQhQ9~Xh1 z-?%rX=U%hQQmX~~dt`|5KcF6vjS0Fs65uaAGiAoogrFWOUI~Qto@naO_`NY%{#Zca z=mvS0bwHP4P7ERDo-CJra*ZU*YWb?nYj5=i@-?c$JoH8WfH^AxcrY7aCb5$=fn;=2EqFyf z(5e*1fNEvYV=P!va7tpc6X2(oPNX#Iiwkw+-)XA5JCG|i9wMo+Uh!3ftp43fXDX)58$n zSK!dYA>h~2(Zp^x*)5F8O9>t)kNH|t*x#9vY6=bu? zt>mJ|mDbyP3^KBi;43Da6RP^tUfNeUIEEntv^?JcJ&|g?@59zm8fPax0zCp#grGCF zK}+34z8dRWx;>EZivyzKy`U+&Au15eblrL9di6^4Z)nPkUO?F-6XZz{2%7FsC0no< zl=EVc_gdiubR=Tl>uEm$orlgJ2p^t#PMtrfEyn-KXM5b10iOssrDm)m7>KU#DnV_4 zp7}(e3jFkMes9z>R9!h804^sJKuE{C?wn(X-GLJL*L;D(x<}1gdvR4C9Zj*V>#i5U zf7}d*@G-yPE#QS=KZ25|31?zwf^anS*9yv$}| z__j0~ST?-txDrd=ktd)=lBwO`+F9LY2lq+u*dXLIlca4DmRL7*$~o*9&mDxMPC^78 zh^0wjAi~kh2wzcTM&#npD+GLY@WkcCyLVukprykyZ3}%QUmndA$A&ZhB4`$3FZ2cm zQn+FV8CLX4bzVg_h++Lw-fY*(i+4~Cq;wUr54(p<9FLa;#}IenzR)wi_RvihKsZ=| zf04QKXK$M4BAVH?b_rHz7uMbz%O1{@UMt_#2SX(sBfZU)R;@Hskx_^VpVa}@DxbI! z+hmBqkQn0VP71O1j@yGs^BH5Dbe|9q)3|f0_Bn=QXp=eZgzrsdWdI%MO%R;?fd{13J*s>Q zBQi?VwlVF$!8wP89ViC+!n{}=(*c;ImJDSfI(NKynF6mF?FUQ?|60)hapUCInJ}x`c|lIBv!u~_$Rfo?ozRL+s5Fmmu=pbqc6}Gh5q9x zOhxQ8L?lk{^d-4;h$LDCTw5lAdEhk-7g896d;DvL^In5&r53SMi~mH%rFMyUd%Z7y z$hp&-WwYn>^0QMoM(P_LF>egr04Kzv2xUCR#Ij8Yt=VAy5w5p(jqL_f5W#RtO_d*p zS?tAO?Vw3~u~cEWba$e18rT?nDg5reAw95z!LfH=J*sdV%?5qitAX+Ck#z(De~#5) zDiiB{Z&s6HDlBw$`or;RCn*;lcj>Exrg-KZVa=hDlNZpqk)QJ081~22Sn41R$#Aw# zGK8vY_?=eGpjdz!I)$y@u6PcR2kvNMRgx62NDvGOE2Xz-Behl^ljt7Xk>2s|e{bOB z(ZfVXXO~^~p$Kv3A;MdOgjG}_7Qqzz2+H8$-^qK!0U?fBvHj+YI42}f%}6E?S

    z98ukZ65pmdPSP#u41UIl)r2MU&|Nn6T0AM@_ zgD7+}S)^lCFTd^ASV%&=IiSU_W|w;Cgb3YdbUPd1OgY0*W`R{nFZM!2Dr+n2y7o3* z{&u|Fg5b>SgRzGd9=3sQpb2?TBE`K8AwQhN*ERQv^p%nF6c+I)@Rb=S*m>Qf1mcV# zv?LOZmW}QF25dnrO-3`3znxV4g+0j?D1{}yw2qMZCC99bNP%fE4??_k z|JITsL?kjzbSv25<=wY7TO%!m-o^+9#H!8F5Y=f^xwc1SGXH&bf8vw!WI0}47$#k! z@?brQ_r!P1Vo}Xs&w$=X(!)n{TVubEL5Rl;!&HPrGyeol2ua>wnqrN9uR=X;jiA1P z$bA;WUNLp9>kKEgy41pI{p^g_?92JnngPwMlf|$b3l1x_weBxw5mFCi8&eyhQ&<6V zNwfjBiM|+Lei0dTm{8;N!Lm3#z`!0PZBoDyr%y;A!TcTeaw}0t#%Ab#B<9%uL)dJ* zB-ze;c#A*t;GC83sh(lh5Az^MAv8T4`S3Y4>gA_6hfwGV#)!(SJ}H4mw&f*N&Dr)x zB8)P=5}R}8 z{o0Mpn^?dvXAf^>zwPZ_61(OMr| zgHgK;3Vf-X?KufeMzQ%vp-&y=f|IV57zomqo|X96C`ObsgN^= zF;-$GJ;^4KwW&4-Bt!(fd~{{^`WJ5am>(Q6)9tGC0W(bNv#Uob*e^YAtux_lJ`ybj z1O_${;o#VB6+Ls!^l*+PhJ*Ix#7}}pf~et(q?O)*Xdxk@N<{JkZRyvW`d7{p^DeLU z9ZuL%*_xeAG|_EjEk?b5nl&+bBEJ*_$B5e~bmgR0tiVBAi>8 z&?_3#CVhZm@y3lJZ7=^cnYKL+zr8FE%OP%$m5_>ebsotv@&UTnorh_mZ`;Ja1rgUo zF^j28VBCx-b5$*pFQAZAnUpo0a#c6B*AOBpph7q{- z)!F&F46tzLetSe~|3zt+@i9b(mPC`U9FmuZ3{_@~y8I44@un+?RlI!hpJ!QRh* z$H-F<&v`z-4{D)kHrXf=E!|T#kw9qx)E-4G`Ucs((w`@S%OF{0H>eEP=*p@q)3rt@ z>cfQBjQVel6IsNtULD*bu?$g?sAM$?KKkEFbB?4@Rm=MtNrv)WV?|@cslHNB_7Kn+YN+f`bJ0>n4QlYP@s!E z+%`vZAoPzB@i;T(i$_yct!XDsrlWiUNQz9%tBwcQ`j7sQ60dHO#n)Gf6#?5Hyg9>| zL|#!>AEN%WBzDzmeGiCv>DYokZCyhW7Z}kS%OzzBt0z3RvbW`>7FU9H11e>1ViTqC zYvr%v-7iz@@y>jRY(k>wt~!X46EBl!`z8+}7K;3VI$DWVs2%+J)Nm?s^pM5I*YP5Rrm~Odh}L}54lQSc@g8esys3T?=}WdpyIintrf%s z1hb&Pe0lIKzPgf6JK!NwpOjC=J(J!-|HE-);0v{yXf|{RDX5=n->1p$eaJ%DU`<r4^V-Vk)5h0K8TVK64>`89%(Zr7@k^A4iI#i5h z;Y`QbZM5?X(Q{8Zby+(1A&rVBFbpj*QWBr zCld*0^HzavCn-Pb@$vAgnQua6MAtXKWd6h=xbH%?A|Q2X?0n;HcBKUKOuYn5z})8B zBhT2xl|yh)M2kQo^z=LY@Hh5-t%TXKTq$R-f_vLze>7x_7?=W6 z$z89uE+h*=HnUjw3Xe3lTzQd2=iFKx+K9RHoUv(4!=n|&(+NyBqdjh`L@ag`J(DbL z5 zx8A=zi>BiEWl~vF(?}N&sEvYoR>$Fwrphd+yKC_m3`e6bSgbm}0yX}%IZ3~~EVTFN zNloh6?#EdtFVL+>DTxVqsX<;c?oZBOUrd&cL}(5Q{_&l&Irkq$Lj&26B@zJ9W!SD( ztXO~i5*QeWiHw4B`}RbA0!*G9*b?}ZMDo(X=r9{zQEIBQwp7$XhLw;vQ^LdruH6uk zZM=khP0SzX<8iScew8`qpXun27F{<^UK9^q7cQynQv4&BSrZZxl0q^37ZE$SF!Qkl zA2%Za)LUFur{+WdxTQ2;8ZJ?=Cf32J8H}mOUQIXQQhF6n@*k5-T)pGFdzn&;V}JOC zrh|$?wc0fJJgGzo!yT%5*oVW6*rb(hkTWEi3iZgc31t~ATq!Gc**an|EEJ9lx1eVH z!bsor;G#}q#Uz$mB&P(%CXo*9<_n*8ldz`_SL=SzxBE>^#f1<~oha1!N9MPB&XTj^ zMU)Wboi`L49i~}XM$KcLZe@pcIvZO?ep%grYBC3oo!+Tb-faw@lzj~kd)+89tsd=Z zmt_~7$Ko-Au$IN;a5$>vU3wmTWHfnNWYo4#VtYJIJUnwbn1mqqhO07>IdpGUuJK_f z-9D|H&bKN@b3`7kD!#@=667*RrRIqE@FI+PX!Uu7og;M|sRTey|<>%p<9~v6MG*Arw z5P^fz{sw@fNVzp1BkV)Wy0EeBz3~)qqg~^rR1Q(J@i7i4J1p(5x+4Ny0Kt>$p(yq{ z9Sv2t=@=~WD8F$(-dXW!=DwSIrG*a$nSS8h^~dVbU21XEkE}fxaw=0cpRS;H9+~x< zMC7l?DGe1+?yh_t^Dn%Bn8&9ZkD#HOpE6p{AhHO|D0wA8<+S;^4p)ZX80(tlOBj|R zr_>Kk45X&@*qI{kw-+U&rIzs6l@nJ7vPL~yOWbW;h4*$^5^RK26wpc5q(_((i{M)V zymSa7KA>;V@DfUfhADc4V)f~Ji<1}#&bQRhr=z+k}#z!!$@yF=Ip))VO zTFhY_iu*v;Lb1f@ZF|{jWU4=$vp2r1mYWv}vIDKdKl$SNoKug>Roy(k zSS`}SSV@JGiT+FfIa;Bn>~b1ZpPdF?VH&N(FYL{iGjY5MIdgLeha?YEN#$UcWPZuX zMVKA-Y2>1Eit;v={B<`&_1|6;j6O6B434d)XRwOMwECG9N$Irg$5szP+VZiM=>})nhY@J-8~YZ9Ha`OZlZ(pqiPeREfR~N8 zpz4;-d}zlho6mLU003B4W30&9#CAkK1aublXy3UHK#PghnAAq*rCE%ZNnZoNgqgSS zS6pmzC=%{IcE>0UTQyw7v6)W~6TLuft|ml0kV)m4IftRozZkmVO0N4fmpQaqw`{2; zI=Oh%^kg~sZR2q92@QR*od3pyW8Qx>ea-c4(km6m{rWBb+R(tn%I#p7_@0&hZx!*Gc^S`5d!a-2rYwg?seQQlo5ucw-<*1WQqf{o%;l zgqG{8$=*Ut1g;87r9y!RAB1`q<6hl*@i+{VJEgvn$S__GwO##NNkKvC?4K@E7f**> z3B-7K*GoYGixZy@qELRM^~SL*nzjHcgn-Yz+I*>T;l2&8Q*K@JO^5}W%Rg&J zj6mj7zMU-Q-EdNV%UJ}pk4({iyeBLp{1|*$i~=Zu!KVbpYXpVH_szH>v% zhL}T`0)jurS381@fPP+QamV|v_Z!}#XnmUlNlA3p`}{&y7$uor5MpgaC#Y@b&$_Dw zR5o}dZ%hRfIKpy50s>PqMFE zdZX-HSJSMOPN9ZC!VCA(fphvOz)W0#y63>Gu#VH&3%0qUw(A_N&d&|=vN{l+f5oY) zQ|EzgA_-2N5Tz3jy#lNcJ2Ije?w`2@64){ST05Jpb%rj4`BfNrFnZo>;FdM2KIO|U zV_M-E6MU`!)vRlG%}xMpn| z@k_cZi7|DftU3R1G@KO&*Kf`4F625Gxfk{?znyOqaaEgUx|duSM^6kyiw0gA)78!W z!N%Vvx?U^ahgy$2o9-9tM&U2V!W`pO5!)Y|KG<%5dU5pY^{6o-ai4*q?2DCe`^Y;1 zm7C&%)EwE-PV;NlA7{aF>}dSq<03QZEb5=;XEGj1MfF>9NswmK=tQumqwoNhlT_$T z@PCd0hh(#d*NvPhlLjv`nPUk1FelA(*7*yQE3+jt3Ns!vA9E(NbzdwkH6R~XKuDeG znd+IPo^JOTqpiK$cn-cpA@r#~ngITp{Rq(ML`kM;W;qZJ>GwA>to(;+NGg%6VWc20 zf$n)1->cOAvn$_5-Aq{3gr~#n8SMa0BdJ6NPh}Rk)y5`-WGk~2fV*-j}AT196OO-j53CJkm3Aj zw)4Acfu=_fF`eefq?j&GXx({7fnl8fX))vn7a!1jUVv0wzj(vlYC{0IBN*^eGLvKIbqzZ1v8{ z=dziPucy!Em}wTxf1#NwssvP`+7n#3N4iO?F&uearojC0Df`lMdvw)1M2gO_h{8ks zPMd&gA!&+w;3n?n(oqF2rGx1c(pxOV9j#sOm#(>`AJ|XELFG5>r&Y3+OJ0L6a$qF3~rMgchd%U z@4|aL03;ya$6cre3eUrUFJ{VV*rExel8>`u^TZ$F4*%knks1<>;g;d9_f@#{L_8ap zS67^}hs>u;NX)|rN$1F20$1B)rp98qNVe2}IFR{XD*W0!kA z%C_y`J}J`u`o(G-#_WG01jBniqzxekm{c4nLGNtFJz#nBPb!g3oW*$1Txe8NcsbwZ z^qdEz(6TW>vWa~dLZ;Sn0d0m1&<(|H+%(T^SPJvVZu`JGLG_vH+|u~QoP^f$Ve=sY z&3Fhk@CFdPPIeLQ^fh%8Qtx9Wy5X5xhkwW(2HHq}$caLZX`F7=th-!`Q7!{=9K7S7 zWz#y(1gjJ3Twv|@r!r9A+FrueSG&&dKXln4SgTJhpMZtbOmC*t=qv9iBg$TY17beb z<7RCt>KnRk%`-^a|5MeM2SVAsVUJ<#Av;;i5-LjxV;iXuMu^DXC?rePv9Bdr%f5{f zA-nAR+91V5+1F&>WnaHD{oeQc-tX@@&ok$_pXZ!&FV}V56{m&i6tXj1TFZw(%+G!l zmBt_(67sHzlu6^epmOA@@y-kzS&h~?{4 z1^2F%nveQL_et;;y)<4y!U?`(sZq++Y*sTjJ{sPQk9^Kx5k+(4yEU+CdpLG{kYl+M zKi=a@FRbzl@~OrLUexd#y`d2E%xn97ujV^gpD{~Mx~^~~m*8yJTtd~zfF!TWSWx7N z(a)P~L(sZju_Hg$oH+6p--+Je{L7a(>pCXCZte#JBIVvBk?YBDL?)e{p6V_Q6xJ!8 zPwp20k-biHqe{q4qSWvDGo|C1&a+>bW=f}pmsg zdx+rIm8zDFS#}L+q}cG+JA1e^^C%i1jXocN4hL}rB+h3b3JuQ9Ws=I5qQP_*wj;S^fiU>|!#<>Jpr zI4Osf$fVo)aT5|n9aJPFMl+Q-6q(jTJW=@gB6*f4G!5Vs40=FWf6z1gTD?&LF_pc+ z87R+Kyu}Pi+O}{SfV$khNG|zjE_2SU!bxTiv0+`JfUB7pg!HcaCEvqB<%x7mO8jb- zT0E<+Zq0JxWOX+4yWI!1Z=dF_E+4Z&f?B83(0rZIl~0toJ?6SPG&s>(1zV>Z`ddz` zTc4hG+uKMz3*96&Od3DbIJ$i*=V2NjZp{y*>Lk!bZ5((TrcY(A&%NiLv&+F#EtKaZ zPNl!!?Hp8;Vc-saKEj`dyXx9VdOLZ$A!at>ejU3OQ@r}aVm5~u@WR*S7d5517E9RL zUUom!R4n|1R?QjrZuTx?=@R}?WxZjmQ}&p_gxboHi15zE^lo)TDBPGWsNyAsNe zB@Z=Mc!s&Fdp~Ayx^zx34-d`A)qKwd$s+cP9$oyvzw;0TOx(%@7qz+!%Ju}PrO8b6 zjZZ}~L>+l@l^{BiYApcdtWFj$aPN))HKFIYu8fW}#ZT5# zV)wy1Gi8-y4|XnX3YKT^r|}9Fdrt8r(+|QljcA6FULlp!>ZZ^d1;7Ie=QpDG7TX}f z*J4WaH^rEj$V%|7X_1h(b$gpgqGt#yuS|dS31x>RvpToJ;gr_Xi}m->UK_r2$k`&F z-DAjAL|@FqcDZ5rIAjTc=Bc#OIxya0NjFbQ#UQL49|r&S46>hW?Kcu<+h^xRDkco?^=wZ z;L4w0evMQEhbl(PM}hM{`fG9d3q|t&RPu?sh&LOuyS^Z~KUh2|Hi zpY+IJo#~K$=h$sB&V1T|fTVg~F=qj_^lO^IYi}?6<4eNX`jR4c7;pagGa{U7=e+Ee zNHOlzpeU>@ofUIa`gOml)q}m7qg3Cqde_nIet3R|uKb|GSgec9rO2PP@pKI{R@YuP zHKk`EAimL%P{K3SM{C zZbk$V&ttR5C;mn|(^rYGXl~-9X!!E=U8-T_w^yQQ%zxQOMLy|tO0!*H=hbJeL)Spq z%gZQv?~68UzY}*HUwkd~b^K_I7XS7|#AALco=aSKh~ua9SDP~?khu*@k7tux`qKw5 zG&fh^TqBuH;cVtGg^eB}A$<$`EAoYV8?_Mp+5nMln4{zXjSo@m*tdQF!C0=R5oOzW z_A|ttOq#b1(_jFkDMgZARd9!i$!Niy8Y;Lx_C9h)^AX7pzJS~ufFs;(Pl(IILrTx% z7Hv#M2b&t?%d<3Z@f5c1#r!5`ubn$wjXD9m?jhS8_rq$Crkwyqw~(2S&CSj04Rr}4 zvY_C=^qOkHKz?RX(aRnU=Zd+7W~Cs#9E=!_5Zy%>SpA|~YqK?PZZwqpR7tM#*o+)I zlZ@v1bhP0Fu?YX{%RR08LuG;egpaQWekr6^?9-yz^K+dG3wN6!BD>%k@m5 z9jy4w#fa^_Nk0cj2jO@Lpnj9Ho7unDS)`;W7g+vn;-c2)et1c7T<2VuFQ?so?w2w< z5Abw&CwB#g^qPM0ydCDWot2S?`F^E_g9SD&7T?;pWtZ~8UKNcu=m4bM;RVF{o*}^8 z)w?fo&~$7AqIq#pU|_t5gJ^|S9->u*jvE`Z(eQ(rUYV%1RJBbbm)+{z^f+((H;m9V z@xu%|bn)LL_Cy`L!YY&ieS5FYRY=N7(@_9!H4cgy?tRqHv|&0WV3-hkYn+<1n8qKr9r#qRkUm!A!uMHvFAn zshPZ|)hB`qfNb^+K0eD=>FJXd;B{gqzF%5>DLf@lxlg$ejY%%BE(&pebnnr}Fg4nf zHd@8Ra0|u>ZV=QGuuhi6P`A#FyTAO0n03y@RD`dXtVx6!?l@)lY|eC~Ssk`lHni9F zDipOpyDmP;d&Fkd?PyAG(>7j6tYhT-D$2D|%X?Q;XlFK+rw8>${h3YqeZ1Nnc4p{> z@h$h%*S)UAt{xwuL{FUVnI{>)SV{{-rv45~Na3VWaaL4p`U)f<&PTOGCX7_j>oxB& zZ7|_WkqKnz6{`h<>j+`U4NJECpob-j&%w zgnI=3hP92%gWEN10ABSiD3w5}`6K5(5xQD4KDn4cWMA*?6)(_R=+!omD{82G_A`$I zh%3o59VKrg^>{o)=q})gYn*dDmLeVoG0e+c?|=sdw{gpGzm)LUvW)p0#xOqK(5tq} z8b2T-%<;U_mPYS)Y8<#rlCuf{y+lARI_ifB;#<60Ei$rV1T^eG>MENyl~&m#HKZ*d zD)r7|MWc{Ep3*sUE5l`T2t24crMR>ftvZ_vzWk%R^fTWo+@j}_h4;A&HyL~Cr>VK> zNqBjAN$nSC7qM)#R^$z*hs$$3NX#3QWgXQA=RxkC8*||mT1@64vyJv}>)imbqkU2@KLdWWS$!j#XPXHt)3kVoI zC1iZdwK%`ZY`l(79c+~md&}hCdq~^$FBSmE3I=3f>lvMHzE8tf!J;Evw-gz25O?9KLsWh<&dd@r>yh$eNDfrH~Y zP8lahQ(Q3z)J-OCv9AC}m3)3RS4HsDFCD;RnzA3Epa2vc(+m}K+{wtuD7z>yP6ZH5r`18Ok5!=(G8mrFEElZ9>s=J6Fc# z2R!HHHm)95GUKlqz6OLP*on_aox`{BVgLxDndEY-YCGLLR-+r+whXm4XLM#23VHJ@ zU^-L*ClwO)I2V8%+vZMy#w+`!!3v+AgADU<6ge>z!fN%MuJzSsXa<#|MQWcGwK|TN zQAaT(%}Gbz@wHXx@+$1y_zoGlg?D&95V)G7(+)SH8Tj3--=o4N`7HK3=j9>L+Sa(y z+mL`=o1?%^iQON$tv)gj(S*1F&gWD#(gsT@^C7gQR8r^QKW)M0MlFK97~ zeXcFJ;bijM!ouQd;e!H$@69}TpeZIcT#5>jk?jy}_BV0Ik#W>s;GQ@?_eO!(^k@D< zsbthj-39I${^#fL0A~B9+-`KBhGxYgJh(_(bg*pqJ-Z;H^|=3<`PtX&y{rz=`S#lk z_)puj)B;*3B&3Gdca{gGb|4+~q!{Te#%g8fshCZ%y#loX_T}Vt4%9E62Xhez^HUGs z1R{^m#P8!n{WL3ZB>KRg41ghZg{Mjm4k6J>JDA+@p%$;_givoN5xJlvLSR8GL9u5-tg-%`fDE(_O#{Lm ztSAm*MS%RANOAz$v)^@H%>9A4^Lyq?i) z8M5MNrgSCpZstdHX2ha>@mylJFU*}YXtl0%DPMjg)y~dx_W-~)&ow(i=0X_+3E(qB4#=13;?ma3i$nTG4|ysGbzj=MYJJZ=AgpAJ}S`6X5U$ zQzUs4(~iGsXlZH5DJhd<5SrE%K*vOvM*ypwNUb#_K5&r!SPHq>Ztg!!o5*)eMm)ab zBRd2lL^6^fcKo!^4K4-|%de+doLa#Rbd`5hqZ+0fn!}W0?PM++xb5>WL;;+D8~4NFiTG!4irJ}vMvK4Kd+vrG=3 zvY!PGab5CuBOjr<-jx-l*EXP#3KB3MK&Pv&2m`(MQXip04+0YXY3MiGS@9*UMG&@K zL336Hogl%NV*Hd|j_8XK9ql_OE{lCh_b=C9(l?Ro68!y*bHThBN&{fGkz%^cs+;X8 zf=A7)rcApj8;r65*2bkohDzAr+LfAe@-xcEbMA%NT1 zZ5;KGS`4%vrm@2u66X?mHnYJ{F%6dnbUo$NgZ(WSXAF5(!sSK6ySDUST+Milu97DI z0lhwPiSG-0nB+Aqg98Kuuh&}n(=0+#F5wVN1g!}seJ^?Ry5O|NH%{yqMW#`cZ-WhY z+IM+jeCTs;vD-scxiXy zia|*;-ry3dIMKdw>R7w(bBWy4|yfw zI%VMqJ4b!5wT)c6%!=ev8#@<+*F76*=iTQJF+O;Smy16|xWz;VD@jrACBO&B=4xHs zAhC${+FCI8M?G*(&nIi)T%aTEFlBF@_vgG}(cfUp%H{a0NYVeiE8YPM&5Yj=k-LSi zCpUR4_m#-v0ot3DZ1BAuI5NM@uW+|8w90S8crFGg0aX!=ku^{mlkRwF6>-9owTx5l zz+eG!GZ8O|2<;UcQ9Jf0`ew>QFAn5(+E+?1YT$(z?xc*RT(?3p{Msk5Bk+odR$>1b zp9w={3@*eC0h{(fzuQc_{+O8V}<-51m>yhZ>z~c{4_8F1F_BY0^Be@+;N`K=V(kNy%9_ z{-qm*r1x|g@Ht8QQQ$3@mQ~kh-)Wr0;5~1n`aJBZNm!v%qicF#q{G*QwrN&YF0Rwp zYaN>r2S9}?2PzKZ#IU0bPzKs7N%>-)W*)OlC{-P?>gvc1argDIvw&}#1KBRrdb=M> z$Y4R7s3FRrOU7ix!y~sHK6dS}x>_axtd~uh3X!!1Lp@V1sp|QgI9o&pU^QfOQks(9 zbVX&=RXP->_((M~gwjGFa)$cvNV+#ZPtD5v2lyyjTU02UJYNzl|7t3R0B3M65&32- z9oJ`8AXJ1x1e}N?qV@dw5y2kNTV3T(BO*4$55IbO-<>u^5aD^d6C|&VKuZ>6VNvI2 zT1H_H9+}E2w4uq|)UH|ZGnA|kS{VOO-oNOY>5Q}>0^2owExWjOUN1KSwZV^GwO+milHa*);tZtz>kBh|_E+jASo%*P@6e8Te1)kT5<$x)GAILeT*0s?xO1|I-8&g` zNaw~WrPNz}V6Kw0VO?6Iw#MB_DWF>7JH8^pS#avf&h5irO8ipnYMs?9$pw3Fw{ymW z0d)t?Qa!nINxkxmb9oLfhiqxP{wxFUm*p~L@H2#RIdHNSNuL`2;0*JS(&=5O& z7p-k=wq&HFcgG?)L@R9hfl>xRp6y9bUF0LC*92sh8a4b*y6u%F4r#^=7C@GYf4YN7 zpr-u|C~e>JkO6x@UvDxiBsh5Ebx9*wEsZtbxehA9b&c|VBVKwu;!GeodyL=g)*BcO zDvwvm@iJ=3?0@n@7JzaN>^7z=LCoy1rC)4nQVHN+qYcGYBbW4=tH4#8s|WoP`G4tx zNcun;FBelU)axOl9J4`LvSe+SDCA>bChxkdFwXTvMF6470+Hwke}Dg=|3#wF#~|2M z^L5Up7|{n>a_Kfjn*$%DSV zyIw#T4hX8dyjvez>U?Y559)A*08j~1AB7TWimv>JDW7Wh`jii~R{ zikq6w%*Uf*%Ku;sbEv`9IykxI%X$I(_y1lUl0BR`V~72-oId|#wzBQrmq{)A3Cfry zt-1IdsuOp5M`PxRK`*2#rhsksd&pYY3rRn-242NeU;Q<;ghyZGxx~-p;y9&!wIeYN z7Z04rM52CIOMN+XKX$vz)ftQ2s$1-?Y{=p3IAKdoH>vehRyfdVpO|IF=+ z$cyXb2Nhh0zmvKACZpZKCCe|)FPxejx%rcyX_P|%fB%0Kp*lz7USqwatkuFXO?1`=+km}H~Xek^O|9N{yX^wAgZEbaAFj$;=@LV|s zNX?W8;Q_Br`Q&KNuYGdT%vJlZ^kXIz#8CjHlG_FvF7y;joa7Lc9OYb-K>}9Cu7TfW zbzoKOV_&ZY^-&!0Gqt4$XD37yw6qEFF;eWbq_0jCrR=FN=@cTq@A_Fz-%hbms;9rw z`ht>K56;vcERbwc9juv59&~8j&)ST&)JPxkN5(yt;ol2ld(!NsmgFqa#vH3JNtsM1E+?c_ex$k--z^wiYRAgP^YL_5kSl4RzwxH4hJ)GnW~%iQ zpPg(MD&eP7vxnbCv$Y&Zm||Kz%3j0Zi~U*eZaPfXxU2q==quJ%OIjMb^n}VXM)&INFWKJ%vbpl9O+Ss-7j0Tz^QbIttJj=VSTQk?c%ph~`PBWvNbfNY?YBWP zy(+Z3K|EKRl3vS-#af}n199|pKr7eQ@MTJFWK+c3^icGb67 zV(HkW-Oz1YW8r%a-O;peo%j#3zsJ|~eouJyv75ITm05YBW?)NydfX*W`%NT@)t@M7 z@Vs|MXcMc=dKJZ{)1=3cGI5DdJGLnvrc^sV3F-zFZf zr7<6eAG`f>__+P_b-3L@Y`ubO%qFI!2}fzLQL9W~ry9c^Ii>x`{r(rCi09ENV^nzjDuw_B@{_*SZND0xljoXGD4 zsLc9xgf-Ld4N3MgQ{RJ``hZ%cZ}+-u(>lW43wpz}?jdTtC63#;zj+1M#&w=yUDC?# zOwgPRm&=sc2rd4^2H#*i`p{82O4L2RE&@wqJTx*6DWuFozyJ)Uw(;@jH$O!l72c5PGImf+pT3vj?#u9uG`0)k?cP&n~hQkBJ=_u1urUZ*oO9hBYOeY1&-w-Jy+peDJB0tRatWzhq=w zG3R4y&3@E_6^4t7z1COmY(04~VB(BtFB6;}`8JBn{4@Kyc5C3>Dru)_zBYbwaaf@y zz$LN9@R7b>D}++)#s2n_nT)Nyz3XE7<^3JMDB;XsIb?j)^r>^7$SI;R@ByL6OEP{3 zwcCkJddxmGlR^}j+>CGCod7p?ul5FLzEjuM=XNONWPPgsP9U!7!AjY^JjP!B8B%OU70RaJV3{9?f z+F-w1p#;=b>>0?PDF8k!PBr2Zj3w%UgX{92k6B zj)F-o^V?*1kyXOy%gd`;Fg&(?bUW8^oj5K%P+nT#8!Ils zevbgap!6>ZqLVnl%zN^>%g3{jut=}KK!Yx?9ni}x4sbS`E zqV}m-F`<;?tTRQXHVNB?47_Cz(ob1=x{@w*cH0d#wCA@@hWhO=?)4=&Zqu3B2+hLu z$j$&mKT#IcGu@w{vB1uiRBw3w%W8?EuF5k%MVqY^l)wdcY?<>&SZibQEzbC^#$ip3 zivf3;xZ`$38RO|q6km8g9t)s>lLhc6-w7Q zoPPEUcQ{*w0@6eEkGB7G9n-=qKo}bDAj7&iG~CZvHnRYUS-ms*=W2W-*e=pgAD zQ!u=l^PKGhAI#~A81J$U=(ibodhln3$x1*{M5AXZMSeN?LsDjaUb@a5)>(R4}qW_0hD5sLdl>Vz(@gC zHUD7!H0ZcaJ}>!%&k~le=u}9dIV!VrCx-1xudTY}(WPbvg|hY(w3?MC;0oxh+0 zOKgLyNjGO;!X|PrCKQjy!j%=JE*y81d*8z>)%0CjkV}=1v2@tP+$h@4)v(c3x_08+ z4~oN5A)3dCFwXY^#m8!%SB3Okz#dH2L4pzaRSG>b5_Zz_+X;y*^BIRtQ)? zyga@z?u)V!adFmPH#^?XS-eh`JaS~i|1j~#q0Nj;?F$i&%2iqZs{;1XPvf{__~rAH zyiy{MbZ(K#JM_%)1`v69qD>^uf&}V|23zeu+1>IHG83!2ejaM4JCx1{K)&!MAkls5 z8*x&{Js$$R>>s|qz80Gg%LcN5B{x4dgDhb}+%=QK&!F63gIU~X)L+(tc^e0~E)R@P zGCZ5^2^!zKPL?$tXo0&|kJ72V{pt?J zMq(BBgE(npN!a`6B&xjNmKAjuP~f>i)44=%@b!n*%__LE!gaB`7K-1t z@#$$30&;MK%IG{*clLP4hkIxDV@RftD0Z@z{D1cN{+ednosN1sw%f;#&82qG?gZtOg~WaRX_nTS#}&)1;~$$hw|VF>r==mKsN{31=OvO8lVr~!!P=+e-?Ca zEEs&6vS@Zzx+@OBRixIrXo9HWIt5hPIm8l%_PWyBwmNFzw7GQ7xhH(tG%c5z%Qfxb zD0w(U`Q(Mr_Dr$*;5X?4M`^8{@AlQNYX(ee91m*Q7-qhCYdwmg88x+D);B;0AIYF& zp%7}vRFfOqfthl*sFjDKBJR^G}!|n%maYr&9DWk4?DdWd9RVtDhDqk z_X)<`;~rlN8NN(=>i9o&B2R?b!Nmzh)_;6ENd zmL0B^obC}9*3Ay5_Wc-6!W`~2<{3asP?Kqk$uW5d>_wuB1@wCUlamwm@kSrn1R!kQ z9uY?|kf&b&z9WhZgn_}(IZ)`F0m!N|kZ$WK3bww)|05|E%aDX!ef2etptq4#gX(zk zR$UO(uCw0nO#+eV6B#FI4qXs3O};+m^!)JGUHGf9o(t_FgoeMxqlBI@Qo^;h_JG*P zZYOYjX#iMN5j1LXxx6I1P5F24{HsrNANDQ*WB|Hs6?EIJ8C~9E=AxscEkF_5;f~J- z(+n`ne{Kxq6$#k}j~?4kTycSs^NT=jfA7zqKQpiSuKqiOp#Psmkh;;?-aeX}Vscr- zRDt?qRwGC4rvL)To-`q< zbLXxy(9uOZlIb3deZkWZl(PP>*|3?m%^^&xi&)fZ$N9JZ;DcB6MhjOg|7Qp#Um~=t zCzGLe=5}D{2PUtm|5vlVUsoe**%Lig{Zrhs=xds+6p$qRzNn$9+Iem~ih=XPHv9jx zwrUq;drAN^2L}fiOJ?af2p9#cHSS@kIK3{4Ood??xVYBV=jU1CJ9TWF|NHOzso+@^ zq@IjS@9Q)tAO!jNvNZ4C#~<&r*9~O;_Z>Ms1n;P(w(BHwdaT7EIq440BlkgTmr{OdMd2hkWWnGgvT zH)2hb@27x;yJ_>>VVmFvuQ##0Q8!y>y6~8Yfq{|Xqj6VyJ}h?X<(Ovt%2P$3r*nHp z$Jqz1G%^^38eUDvhl01>A$e|QQ}`1D5tM|SjtAl2j6~pH(2_Hf%SkR=VGd&%UEPg4 z>kw+LiiP}dNQnvH$~?Fn|ERSSKr-KbcSvo{uo-fmvfb1On+-yRGzKmx3I=Miu}KID@67{z;*0eYqzMD~YH7 zXDB6%B<&WWJLKwyJKnH(us1)i)~rxpG^c+t%A$J#^Uq&8J_1i&eu`YLX->z+I5%=d z+)X*~KCPI)DwO{35N2p#k72krLk|5AEUmW4;TE~OW`DiB9%m2#|7Jx_xBqY|SBdOe zKn6v4$BdPpo{2})_42Oeg#X=Qp|<&ZAad}69(TY^lA9^tK3hs04C5wt`To5eUE3@w Yq-4INjgJ_x8*%bR%63NVkLt2#lz-f`Bk|mvlGGs2~bRNh2U7-7PWF4T5yT(4}3kac^mC~!B34?rRj>y;p2bDs-pC4M8Gy~M8J-`x8(7ZC4)wd{ZvA?c6No< z2?2k$M%7uEBFjtGsZ-0F^nJ~tBkwsWxAnm$uf17`q4iNtk;CSp1HbvCQ@MGhhbyN0=UV%RI}=tzY0{cYt-)$>TrXL> zmfGI8Nmree5@h>f17Bg;o+y=V^w=KnSBPYmjsxB`2K>SF$a81X_J;Z!S>j%;A@JY z1Q=E$1Kk=-ct^X$K%zt~UFJCzL=%>3RPe6@L`h}}4L5jf_i0YV{`0mU zJVJnDL;yw>G`Cu#aW_F^3k4l6M%eS6Auxy$0?G2J!JqB)7JjlRCCs7W(YZN@S7Y z_Y*Ew1G_z6w-myVrlsQyGTUS?fG1KSs%)bD4+q3cxuGFSCcE1I z8emZs8!$^ljb8O@c9nR({DZ$cNY7p7xvQ5XW;d=Ej24{+G5zypRCpe|FP{IjqpK_3 z>*jpjx_xy!`4uWp-DIIT;9x{Wa90N}{NwJh(m(Tvx=$Gz7N$ZgY@yhRC@RsQ3N^!? zu5l>zfn<3HxxfC$fbFRe0@VH5oQ4ed0>BF-=N^8k`6p5~Ux96UOP7YLwCXF6RB+z$m$3f*x!dgQy(?4YwZ*PK_)rw>RJ2cP3x{ z_3y68y9t@k!aiPJ|2j&aZQ7G$5Ve8v>(_i9$x-3-(qA5WJ0`veX7yfj8} z$eZqe@FAQ|M1DT#HlQblU8Ul1w$3H%SCQ^0+%i}7CbAvZ_lp<0i`h?gd1XZt`n2c8 zbQgBZ%|#)jj6b5JVT&h8(xU*}O2Q-=dU z4-?4$cuYs-aBbj;jQwkm7mjiSs2=WYS)KpVNbBN@U(oO7i@4MLs5{+#vv=-$vs2;XUV8@TN26-1 zfd9lz82LSC_Fe?%YkvDgL@NZxA!X)U|KgQK#3ZTpdaQsQNM2%OufED*Z;pP8Oj?+6 zYT=LLc|~EoU3WaLKhSu(Gj*@tbu|Xq-pT$IV80Wt&JR=e-2|_N<$*Lg;N8FS^*uAe z>qlN+=RH0#OY1o{pIc#J_M0zD=t=<>!RZY;U!~a`FHZSMtioc~a<&{cG(1tge32sV zma)fQ*7p#T^mK@VUHR-vCjKSty|m@^kzI>Xy=zW6*Zyq1X7lBqROPq+u|R2uY0>k8 zKEWK@(cFUxG~eF% zx!oSD_F*TiUL0>*0$zl3!=aYOhfPTRxlgcV7EP|*`7%o$e_VktY`^jF#j;0&p=Z*p z`{?t7evu*Cx@F6-RfivMuw#ILf9mkSei8=cnRw20{}BWO>Z^`%z!-9AB~n%Z+0maQ zLW~w7frmV!umd(`o*M{5;X|{u{*>bv$)cO#9`^H%x-u6V_poHtq>n#?=VWir+K}9K ztCw)v#e;dj{iJFWmLl!qWRxXLIA_Jsdnq_@qQ}74XO#+T8a?u?S67pt)C7~1XX=RuaD=}rN8Eu8rHz*w8#`Y^-hu@Eu(=@h zkE9-%qe|M+Z}#p(_75>?*5jdTQk^4;Q+fX|mZ!cx+gNURqOR7^Cs6_s!8N}C?^toI}g?ywIr z+-3IeJO_2)5)F=KCdiq%21OsO|8pqhLC7^>WO(hxV@-aiqigTJQx`I=_rz2}&G@lS zkV^E9ZQs%Z^_;iO#(uoPvNyfo?qJU#_?*u(+_d!GZ)jn3t?BN8UO5P2f;YiQ*4;PN z3MNzh4Jxso*}%f9ayB!?KIK6sa;h<>ZYP8% zdL!#*W<4P9;G8fOw+Z5m25Mn60UlJZxVeOvHtLVK(}n5YPNW~{cGvXgwM@KhX~~J* z_?}+W&(Z5-QgWNs2Wx{5AKk0l;ivUGP4bJ;Q_#5JJbrXON;iB=wSnoA+zbdAqo6I9 z^^=VHH_kx>Y`7@IOXnf8q#qxjeJ=B`K5$)KWyXUp6RhYh66$OKC(i(#q|tQh3S_VB zXpyyJ6_>X8cPrtVH9Vuq@#1KcUlQ^ez+4ZhF|<0J1(W$2jx$UA!(FsQ%G!O_4- zOnbMx0{l$rF$~>du(G@yZW-a{gCjB2-E1BKC9p*hmp3%TqqE1OKi?=l&XE05ZhXBX3P&8?9b0y$ zAN}xq0Y}LoLUc9Y9g$_o1=V#*=m6eQqR*EGVpR|Kqg6>`c;%SR;Jy<6_1gF9><>p? zi1j;Cl1GvKNln(Wy>YzOX<)tqkQlWk4J20Yz3g@Ql`o4B*%y@I9>YWD44*yc?}sQX zt`{XTwQ?p;Z;v)j{)-^MW+1m7_5`-HoXU@;_2A?(vIEx6X;d8kHqGLi-e)8$A6pHW z5o+s9O$=h4d`BZ&BE6lqn)6~ou;r>k!rZF#UKEIzUR|MW8p3B%e(-=nA}lV#56QVr z!X)Eg2d2npUbBSzr^t~H&xJExHn#n}$ zjcMd4Q4diBT z$r^(7Gs&gg%-pA%IP}>qCK*UA1e-(u6&G>^a91+gf*;<|=1ohBEh&T8UIGF#tnl;G zg`iu9!GS+w^{0c9+k9@3eoStx@RiAO^G;!mJhtC@U)|Aa;gU8~d-H8b@b6T&K_%Co zoAIUj_Qs6~DZz30$2;Rtf9w$mU1VU4-Zv?di{%Gh1bvUnW597n0dsya$>Q;bi-{sW zj_My;_A8yjZN*5RV)+rfee|}yw+a16YLper;VrDGnz5+ zU$v2~hf;iOQovcjln1$A0$i8Foyr8%{@&tIHh(Y4)1FV)V_#CK-8kYHUwXel*)%;H!?wMNwKq*VlwsepnjrG;)-&tNjnSr@Jw5DcC8q4@D13;euYgHRUrWa0$p%;=a?(9MczF zC0+D3gWMHQW4_e9>r*a=&}MMxi<*efLTq5px_5b|e#RMYk-^(HDD>;OJ9~}Wod`r^ z$&dGtKAFoGxh)eSu^<1fCPcZ&@bTD)dmU=$tVUYB-Ae1}C$F4=5>w0vUkQ8pIfyCT zirSIuu|hhU@%*BDt}{qW;Ojej^9J&g`Eo@)rfv^7?0mU#Q~PS*OBKJ?In0T9({woO zH6P}{?T+dS#%w)UI z321nbWchtVp`G%aTe~r!RK}QWvWin|$x}p~06AnO-HC#5`={8M`eKgJ3KitI=kLDf zy@VN%DaPRx$zTTBTAx6S^`|3%`+4`h7UrIm^V$I_#hb_QH`7fZBG|jJPncg-PR-}? zWvU3FIc+n!ryj$uxP^MX6<|_HhV0qbq13V!!PPtlHa_~6B>m{@`=$T-2f{l zV%a_~(8_n6_CRNq{+TG&w=RfOO%(cpX1pHhrom?o2 z=n^do(hjOJEiIdMxjQZg8VY<~0zZi|2(x*zCzHWEA*inG>IhG`igX-&w#TiJ9UA4G z@^s`xrXZ+JTVriN1na5B%Mky!zgF4nMUb0zhV#Y`Vj{h^#|It-fp~^EaxQ@C&Ppav zh-0XvxNyfVvh5FH5g9GXtE?imU^LeZ*_Tf|Q9r2gaG_?l_s)f=SV0n?_wNP~(I2V# zUl*a!IzX-0ufia{^ah)-UxkhqWKtwWOCuc5nu4Skw*z1pV%YgM?gr=)il=kQ7xtb; z#`%5qHc$zO1MX9*uxz?W8pVYu%Q&a|jgz`WjZKSUT(d0AB1&xeQ=it$i1?Mah|*8E z@8#y<`0JXhlLvgu}4Z==~}5-^9wrdQ%zilIB1HJ0994F6*5 zWbIBxD5N}aQ1yYM3GME}ygR6L61RjzVPv7zr}uGAMH2ka50Zkgj@iEBaG<X4NI0C}>09`lfcnLn~nki)x1V_HGsml0$aX7e^Z}EwbFbvw4)kG4O(DDat zNRJGO`)J2a7lKWo2+p%_yRhopJAVt$n4U-lt;1EH3k0Ew(Aq;oKv-HywWWYwo*0+dz z9^NPmV>i~bH;JDXp};?Tw) zdi+7r0tp@d@rrQPh3S++f@sqDBs?8#e4 zC)QJ!A1lo{i^!lB?`OU76~D-zMXR9Wti*O zEV4xK4IVGl3i*7Ty#Vqv2Yt<2(Y^4w6^uF|VxVT6ZEaNj5QvRIX5!xUSEuIJvnbN3 z(<_(!(d5!7)b^uqTyjq6Uc_y zeXLFpTaX*;0P(3yO~fVMYm+%-mLOg`yDAx!+ZgZ4 zALl}%Xr%VUGd?6#5TZc%k8zNc18Q&olD1EeThK(>aQgcFvYkIcwfAKWI<@Zvb|T;ui8;oN{AFGIT0>O8G2KSPr19Ed z-E7+*P>^IchK^8P!7ozIXk&f9+Q2w!L;Agn=r2aq#hovbvIkaCCj@_ z+9>aWv-r~-jVn`(U*z@2>`&R-o5NqGin`2O?qD?TQ;V-H9ST|OWN26b9)7mc zu&S=$!73PqiNi_`Y}vsJ1lk0o|Lpn3uD_reVZ6y)HlCzj7kkBZXtE3-5I% zLn^gPVx`~G=Nu6kYY1lpkosrQS+dX^hn>lCvmvG!OhUokI9{Cx=lgk`kE`)x$YO&? z!idKt6*-=lGy+I59V}Y|*H#+Ik;40_iVt%U78WLw|0K^&#e?vIeS&eE`+)F3gyN;& zWAs|q$~s1jjYX{5rbp-f*n38oqjd+&@u8T&L^M{UtNUNn+C-^dJcfRB*41+3XPt|A zEIOHo4oO5Mf)F|1LZr-eSK~(Q%+`;xd2?{y_4$+hz=21L=CKYu#$vV~<&R=(=5S)( zW=j&Or%-y^`sj>K=}UQC4A1)`Q8p_Mah9I+o(OLMn!ijHPZm-;$$1t=eXtxRnC$9~ z31-`8zO6Zq?FkAUi?48HOE?iTE^WrpV|?k|GLs25eTIYCMt2C^Fn(J4UyGRWdzCsP z_Aug@w~!(1<200gOmOT3nGKsDj9Tu5?n{wX^T~6dmvY1U?T;@dmo8`WcWgGG- zpX6uC6-y%ki^sx3j{e1kp(gjUEeuf*?C?uk1Q;)G_VI|h{^NF;L;$Q5g2{W3>|syR zk_xrGfg*(!^kW9*6>O!9S7H{E?YLd!<;)7aLG*PL=i*V&aEM`lL_Nd?od66U(AfyKg7xhYmf<;L8n*S&_YVz$oP^@^J z5p@siv)c+Iw*vmzA_zKt;8V2FlwMjsG7?!DaQI5?VQSC}C8RCi@$*qJkftKk@xmL| zBs1kQE{RMcGIwZywZy$JDNzNuPSA;D<}^O;a8R+}i@ zt`1WP9iSzYQT9MV#W-rW=jK1LvvCxq9#inIjWU@@1N1k z@ju+3`>sPk&6j9{4*-hIprMm1PBNQIH^XCX@nHD13bQLVCFF^KZ3Pn#l!G_gh)f<^ zxPhI_7A(dml3Ll;6e>l&O;63q_ZY6O0l?n$Iwirxd?+|wzzd*I2N7wrp|Qf4%4~n! zSI5H?(KYP%lPUv+qKb+s4FYCHHxKPy?=U+;D%cLTBzAT)XHVh zo-&S$6xks1z3UGuI5R*KX%iajdP!vmAa$tl;tAFjlF*Q0eG9b@_UeYL?Pm$luJ?|Z`5Th40JIQAC|G{3O|0fNRo8e{+Rqy2>iw19K)@tspP zYb@}CHPT6nb~FB00K$r5JTbUeV(VgzgIFot>yr5} zIwr<@pDsd?(c(@`yF$s2 zbeW*mQZvRTwn=KP%U=M-DNH5BJ((gJO~)TCPWv}Cdlfx_rN_Lry$z%wvZRk_x8;K3 zRNnJd%liwKHpQT+O5|q0QFHCIoYUK^*g5IN!4+`S?SsOxvzMo_=VM;qbh5`0qj*zA z+FvO-hZ6^)2^1Hu_$VXFZRYFEen1v!C$`?O6VY-~k$}19{StY{pYr*6HhX>ovcX&e ze0;^JdESpd)Z9h2A768JhH^JG@UPYTL3z&+7vSV#D)@WsZ3!#$lIy6G6@1pq_V80a`ki@ zdinYyoEqMsSGpqUG)4GzN@h17FXSbf%Ll^;4}PmCe@-aPjYt2IPQyLfyZwDvP!xN0PS}0Et{@&|C5nfM5`6EbWYGKAl4KzS z4B4lNes;s$?3{*w<+e?|sowM^+^9-!@c7VlWAf*{krHJeTUm=#3+Zk9&4tWnqLf=7 z#aT)}uWR-;NznwS_^aBh_-h5F;I6I2(C-7=6N=4{;H$xb*VG#xOBdL8C$eHOkM{k2 zDhzc*pz1TtuYK~zDq?3fn`+MI_fvxIOMddcRjDsCS!&PEa5^N&iOBUoSZKDaq~!H5 ztk7Id)%Gt|z$D2$v7EOv$L#TlW&h&8&CbEI)Wo||dp?*SEf@t4Ga1?sc6IVU?l>2g zQFjseq$LvVNUNhLTFmc2si<;2iVYo1zb$bOXpRV{eW0YA(ERE}>O+D3=F|9a23fha z!E@CEgD7z`sng5-mY(P=h3rX79p%1p;v8E8hWgxJ$K(vMi6~)uC`GYVR$FKV!5!!x z75R(sShL)8FXK!wL|?|e(4AIBiGaGvpvE4-sWa!UA{049cM4MDRQvLIx>!=>Bvrz4 z&WktOZ;ofgt=GQ(=Hz>hPAq4(cHs-xRgYV?_s0{ECIPnClb=27gjPKaZ~gkZN#hw* z)*=`D*}vGya9Q#^;`?KsOJAqo?A)xnHS;Q@C4#zx)>4FQpzxuq3pidx*QXVkga)MN|5ycwfCphecgg9aqe@N8FkrIzRgl zELlt=f>NxGpodd|QkXnF8;?aDOATA%)Lx6n&DC!Ez%*WqjT>K7akIgBB8DruN)*#( zp7xbCQdATzUScACAc^qe4j_B?xPi_+8$7r>T`j`CX}?Mm^SqKHGkFfrj%~eQtIyE$HhP z(V_)|k2HeZvNv^llJ2hs^lKfX3tpuOO{@&(=q5D*9X0cKMo8o_cSuk z#zwMq6sDRko#@1tJ?fW2gu%wO2Pvx+K?_DxCznnK2N`KGoN6+3m%S;jt8qHdeD@*D zf?1C}%l1%vspV#Xrm)f{Fqb#;o_D-esoF7+Au5!2G0BcJMoh2Y*P~Qn6#@RhYQE$LQ?pMB#|kPR%@-B(B}y(;ZGVjCT6ObxN)F$b zz16C@I?7^{EK{4OpVp!G2vGVM*QhPuSu467WV%emt$U#@;cwE?C~?G|B(g~*k|0pp zXzK2kQhm@=;hkgPY#Qj}_cTcNaBTfxTTPZeqc2W8J$!pgcTn=u-lxK0V$|J6%BHC3 z!tBHBA4RdvQ&q!rhc?Ol*|K`k@cnyTk<8Jy_i%fq%tI76zwamDeDUjL?@;NDeuA6h z(IJ(6xWVnJ+haGNwQ;*8T-(D$s)K)aDiK8}A_;}yvT?0F8+zaRm*%jcKl06lE?ZSU zo6oVauv=e2l1hdx%Jbb33*tI7dDR;v0Z~eVWJlqISoD6*xyQ*YTlpabYwGf|fqCE0 zX!?*5E6=p2bl+;Cv!dt+A8_82pxl(LCsn@bJbr}=Ht_HGNF`Dm#Tn)Q>4DN2KpIqC zwoM+OQ+o4yaJT*(TeIN>di*~}rErX;iE@|I%K2as=8HF5wP|g8<^DYBc&{sPu4Jah zA^Kz7-e;Ny(x{5sS(Yq$(wMvB{(}4c2)=axi?8k*lLph(yBs=3x*Ex{huPrTgbSkB zg}}>Kooci!`-4}C&1bGk@Ckn13PsPIE6qLbTV%VJ9e>>200ZX0I%Tcz?|`hoOtN`>wC2@CO19HsL$2}c4MT>$U!`*vr?y;&>v`pTC0-ercL*C~thUeaEN#u~_|g4Pu`R?SOItbEJUZpxf2S zTPezJ+j+aP*%K4XBr((MMk&ucaKpBvpfz6voYG+?H{DY4`@{NLUk7fT`jD%}3n`zk zfnuBD*H0wY8xJkjXTIeqXIW>rKd(*o{L?&`1jBoAHgAcw3j$=QpDb{+SM@s8pLaN@> z(7(IpcP!Zmo0#`Za3R!ZQceg`mz?m28wKv0pF3_U2s>av<{nK~$qeDIj&^n=vP~0= zDweZIEvEBO5F6&%+KK*&>MPR-gJzrNDu%1q!-5LNq`LC&;UJLna*lF<(F_vjpav}6 zXkSiX#@$}=G!FmZIJzO2!kNu^Z??Wt$yN?xHG)$2B&o}O!OuUu9YREBwuf~=%K*dN zg6>lD=>Kf<7ors(L=*nN30G^NDEJa(*0JCZbmZ}y;<1G#4IJuCqnL&u7NO^z zpV~8S4xl(T_(aE)ksrGC>u1!8?(*On2>Ue@UAafQu#D8)9K^Oyl-R(W50Et2D#l-G z{;XLSwp{fiI&cPVw5D~qozU;xoUYT01)r=5#0knK-g6?}w;rsxZg7lnF^90<@%8vK zqqd$*s&tt4mSU)cN!C{@e$Y=r#@{Zc=+-fquC_hGGMq539%L}KqL(7#TK9-_XNo_; z*sY0C#v9&wyuqbo;FtAC<8*Vhgki2aV(5>8f0@DHV7#A12U9mspY9RA zdJn*`_#lNk`Vu$=<@aN+Ci9p2@d*!)jmz7AALMunAd&i?Dmy?#)ci5`uq@afbb54! z-QhLNn9%hSTJ5HPV9y1d)Z!Ts!~rpaEG}#GK@sbV6rcagN~%{(iHM4xRiNABoR+s#8y7x zh9bpz-bE25zrNRhCyXDzTz4B_oqC7Z{USuw%rYPe6~R78YB$`;yc<*gW`ieGcRC>l zSSYwbFI$wnTT$0eLUHQy+!NzVjXG!3N-I#DH50l`qesGnC#8%Np}foJAR)a*TU0HY zxbQ9SJ-o=Hdh5~7;m!g;%H#?rH0HU(@#(X$rDH-@!Nh%fMrq%tuVr;#`kv78wOrTe zmQhl4KgOC(^WCy_`!s~zKh%Pt81@i=0y#VUSK*A-5ESPSgY8M`IF5;t;LN6g#BR&x zC;9TD48rtjRTh7$KZYT-epm2jzm5%(i8d3%>PNy&tmiT1-v-G0CWn3cvit6krh!p@ zH`6S{PT!S{ZnrqkF>|%ViQp)-y6ZK_sp{I#v(KkqQ0TU^quytZo{nyzx9)v84~hMl zdcgx*+d-(Sk>j$8A$C}T!*gRs8`yBu;KJGbVnU9abuuhGdFVzTKhwk9{Mdp|hlbE9 zW#ZZ-#Noi-*eCCW`O35hgZ0tIVf-a?bX+>0Xa?}w0mK2valkx+8X&(#+vq;SrGcF8 z&d1?R&D7cplWjN*HH#WlSPlsgep8bnhRjJ^5+301=&T+UwwmA*Se31#&slK}8s%E@TttJ-o7_`qAXB7! z*p5>)7q|tw_pU1yY@!5>We!E8LRvh0*CSP!2doB?Ez`(h6l7M$JIrQ?gIYlhF-Btf z3I@aD(kKqD@Me4liki~ty>@YoIR;(ZEKB3u88Mbovj);9$Z*d0Rkn69jz-h8EV-ZP z;NhI+5>C?9G~c=FxomI~|AxyavQwdW^zrrto8DgC5VklC#ITO=ND}B3$t36Q+l0VR zRbg(}Hy3)(R-<(EXzPn+{b%ClPX%sv$#z*I$!i1xC^DG^i& zdz4zDV67t?kg;O@CGC={?n)X7)F1Ge$ElRuU0jbGV93!8PQe_PiYx9l(s0Oti~}F) z%rnm~AgXX`9RNlmi0|{Bc;QGC??}A)l<}_i&p9bCHb^;Pj1gXc zz|ylfV-$9lL!Dyb+v5yHZ?s*!Ztsls={C(U7g?ZB>bI!Ew@>p=h6n|0GlsS{2_XvZ zj@$wBshllN7gGq^_XEaO8tWFlsk#q}4f(MJ>ieNF{XV;KqcAe*OVPqR72OWsS?HJ` zF6jrY)nXRK0w8i^upQNQg8oQEf+(o_mRmu->_;$-k+-}$Ry-q&ke7Uza>FB4t=(he z4fPnSJvK3#k_>J5k(YiVw^)ks5ybUo4L~Brg@mlX4qQ$op-J^G!qe}k`5C*CB^m_H zr)O0br}w1}r-(#07V-~+A0fH6JsGsM4ayzKKF~mZe)Busli6R{XI%Ug2+&r9%WPE2 zunACg2`t?g6?0Y795Ow>HQs-b`#i{S-f#VmZk3JE zBy6}L{;q$9#?ygX?q{X${v1ND$P@>Zd(Yl+3%%Pgx%&JRm$TLQAG5-3 zx4a?zqZ2!g0RruxUKvq*xBdxz$LalXsZ&XVzUJ}A@GhGDp?Ejf)p&+IEIj>ff>>(OtP&9gJCk<5MP9{r3A|ARe!jdG(@30$A$GnYH$jUFpFS;54K zbcd~O2R95Wt2wo64C3AzWT76_ISiYim`0W+z z@{y3cbrvq92bU|sa0W~IZVzfmIh2Af{L*7I_j#v=#SEZ@iSVO@w@xbx5n69N)LD0G zMv(GD&8{J;2wrQZBoWZl#rKB1=HMr24r{Wc_p*Ppk};X$7Q*Qk_%q-%j$R-_!nA6>X%9WSqLx!`5Mf!2 zB(BbPX~=MuttQsNEGgH;42{86(STfrbS5%5+ARzU1s@l^JvOmrlbd|ws=RRc!zf(< z7DXKBG(Iy@sq?MfV?HS8+2%-o0{+3`dfhvPPxLl{d-6NYw?FKs>JQc2LL%21-p+}j z>fUPl&M|0qrQn$sMNhEDlH8jlCg=#Dqk_ba3dHqf-X)6;Du}qW`C0`%@NW?-N>^q0 zxe%_^tjB+DdT!0}=D4V`vZqj5s<*ZF_PnZhs?l*JH|ZDu12q_mWn80!aB27^V5G)X z!hCg^kBK-;7hnK{YTGrnYFII-KLcT#i1{ts+&PyrS!0#xWVz(LE0(a7D_~rm+n*-X zi&z~mF-Y?^EH5lQl(;#k!Q3xX^kpb|U*~vx-QgXg@JSQ;UPwhx+%Tc z*tD}OLUH-vRk~t0$)2=_k=fv5*1zh#7@O7Sdr8Dc>p*sLa2LwgaaLKbXrubzN5b{B ziUxcKP9|t);C4l1N9Vkuw+%r_4SvOT{Sr(AAw<%2HXMzpM2tm-YQk~s$hG+f`ONB9 ziWsanK?FgEO~4iZ4hz|Dh`)0XMK^j%YW8a#OY!!MjKWdm-WG6cQ!3Ytco1!%T;+=7`KTeIqiYm7qx}d+=)B{65n2hDP!=f!8 zG(=9mSz<}LXii$rc=+R;39UirqXhqli;sA$B_-N=aG`^l%gUUuAEoje!ZWCl%cJi} zn1s@60$veK)jCB^nZSfJmTtQ~F~wC5-F!oPS3L-ZFG$5I3)Rfqqm$7OIccoWrIS#f>nhhpE`h`wj#X!Gei6+$$q z?#uR>B>M_yt^9>dT~MjTV9YCIkMjc~w(QYzJDI?pL^_6qGKNXv(`p@y+r7C?VP)4X zPA49oQhwufT0^D+2`hKJrwT=)sa|ar)(jb7liz`5)B*;+q7d3M(!}3#uyI)iN@N(> zS^1vH1V!Sk2byY}IRm;)v1ih}wovnDc^yzn+>+muPef97!V0Je(@W1GKG0G`A*Z&= z8-)Em^-Ry*+fSNP`&bePn(~->GQ7_qV=1!R67xWQxhqZ6X7_%n=XL{Z|1b9*3r zH|{oqo}QpYPemjxPhv}8 zLI$kuzAXf(X0L}$k4=hXztNcnfSe7^8C2Q+#ORI=#1wW^6P%AwL2hF|a~Tui)j^x6 zo*=#W!@csK&&VP z8tH8~(p*BEExR8uixrM-_W3cE=!e__fsNOCUsPw-rSfoL5%&Q&3(9?Zs!w{H%waIhO|*69#CyD{mcXH9ob8`b`Q$dBt4xN z_oeNv=YfW33{38Yx$|RQvEgRcRJ}xYJJM@!DT)W96?xNeRyrO+aTJiZyH9|YSA7-% z%Jz50cGL%gr&3U$&+TgL?|hs3%@{WMsNJFc*2p-*5KP z0U^s%Z7{^@ukiH+i%>;_g1;!huTc>oKt)d&D5%Pk(bCZ9tR&l&_++`Pbbd>4{`veb zfjpF32;c{|0aCFQO#&2o>>~#pfCSmN_kWK~W;}k&3y4$CUxrchf81#Phr+}4S1xND z1n5xxs34>Ax1kXQWVHA5@8JG@c1_ak0tL64F4nL8lcSR0s9Is@08rn_bg==M<+Wy^ zcCl}@PN~rV735xFK)V94x;jiJlRL?ez-*Wq+9&Lz)L)6_h3(R4LB-go_0L4wo2TfRa6ldYfx0VwU z+hu*r^_NqV7lZ?BMZn?LC+}sp0Ts%=eJ7nose4iZoQ-N@s&f5jqtD^|bh&xgJ}{|# zfBJ|VvPAjT?J{86QALpJ%hOWd158gX04p=i9gD{relP;eT?+xIkuiYk`>yomPNkju z#;|G0mts9gmfwPgv=l&GQpp3<0tIkdD(}7e^{t(mTBp}h zt-N764|j8uqz33Km>B`%LuYu6;~WpKcG1HMhnbo&X}=S`6hJc#-G>5flNxqgktjKn z>5Y;sK+gd0rTQyqTG9OWqFUPf_u}dla3E;qsegS3C}6E*{m-0xrADOy0%$HAkoRJ` z?gl-o_$y-v(z28Xu#%e?VBp69|KkfrjUX6J8>9%#*#E7EPXRof=dWD4Rky;T{tqCK z@2IfoaeW*vpqY?E@JG6u+%pTyO^l@KJ5 z5pw*G3-FKB4^Vo)1Q=UF9~p=Zd7<)c0vn9~Xz~A2@HhTSFD_2lvPCrTi1JgXlm3-+ z0lp?ezy*S;_c{r{vI|48`%Qp#Y#DuT7#(ABLJn|sXuYkcSeE*A^60HCG z$EFKqk0V1)$}!?gc| z9*hn@irUiqPdmd}g4EMv6{shn%>Za_V1k?kAP)b^;PW6qxH8CS!(aQVu>mdA@OQnE zA^!~<@^?XPjsd>}4OoP>Y85&2{u588{p~~!eW#gm12p5i*JESenO(39{Oo`Rc_*Wz}stj1UO2eq@ z6*g-T+`wS=xz7QHt|935M&EU@~pZTXN*eN?K1TQ8uxC3Tvq z;U5KpTlfo*llpFf2z#*78F4v3(Mt&#Jq_$S*r9@$`*?Xc6rfuOj<&|^{>D1bSc##O z0>Bwy_dD4shybki4vqp~t3JTbF$3ZYk5Yjs(w%GYC|udqW)XtQ+0mH31Wd|T@%mc< z+?|Vzh9&{H;iWR{*RQ9A0f8(NK=Z7tW`oa63l&UA!@&ozh%U#A^##-Kn|GRiSH12C z`$-&$vgC$#qB*uGw7@|GRZa_m6O}_UDY)C|5B~nZL<GxBi-HI-H1ptDu@Eot$=iQ=g^%}(n^bjbaOZ7oZnq{t@|Hq9KYG$j(5ND zJkOf~#311tbI#^2x0i;X18VpY@00N$Ag zD>H7XEir1U%@#NPv+Gn`EKA3w{aStI8`gCZ;=78N(GFOK^x1N=PD++fU~;p+LW!6Z zUmSPhiSdB_*Ca9)9jgtaQ%%R$qU|Bxnl71-19nK%bHC-RXLjI~Kq2f>eFcz`V*uw` z5wNjLt`efHi|~`8UmMJ%&=GGfG#t&P@H!;0sbxxr=$3H+kppd1Fx|{x4h)O%NlQQl zNgZR-21XM43{}6*xuwWqrW6Q*YCHXo;+^y+D~}@ z9!22p`iK$mfYk(gb-zxwzeB&L-UqUx^!$F1cjuWSgfX<}+!3~I^4jR7kGARPN{`wN zPEU6?BMuoigNOp<*a9GCvq*e+AhJ3aaC0dKfMv+PJ6pDZ2~V&|^OhDpUqSBwBCuU7 z$gKP&>g78$Ilzx6YRWfmX-rlDEK&{O*X8__0`8Ik7bAG_yQplf`Di5e?q)yGeYa+2 zK+onYqmb8LTz&luJ&?aNKeOlwkIqZ;k>|D=U=X`Lct^~lDa%p6^49djnQyvKnd>pl zA?AmQPC&k~|CGe_yT~X{8Geio-(_afY`G|$EYaWBMt!SkIz8Z7X``Bze`}hqMvHF> zMxDyzG^ZKFJ@39b!XAvBC(K2T;dj{2Y;|$CjuvyxTWk+l^|30V7brUE#GJ;4x0gGd zc7OBi&HO_+y~jMM~ZKNOaYg6+h&@tvT~a6)4zZJzSSaC^*bJyu>vpb z4)~*e7Lg*>0op*TfHsigdU<1H=TFt>1Mj=-0tp~SQEfoxQo2nDH3`i1>6w3OhkfI>H z1oitIP`yA)OS_j#U|d})DiyquUneC?tq5F@c9NTR*LAd&kj4XMU~BHf}rQ^ zQ~EH^7`GtqjaO%jUJ9EdUm1akn*d4+_X-Mb6y)`O+c}9tB5>mmQ;Ane{1#c5cj)KF z0T)(JLA>;fvNwW)`ChaEmx3?pFK6S{<76SPQbUhn-hj=k4s1@0m(rjh9@`(wOd+C+ zmoSD-{RRej#q_`woY?ug9&f3c8Q<$X09y7yC;@$V_u+P4I-doQAGosFB4>=$>dX6v zPwFmL(}@r8)uiIjYKmrcz##@{X^bwG-a9w3i6FM1HGuQxJ@DwI@*>SZu5?`t0Foq? z09Ay{kR=nzr#hRjMsGpV`PKL4WG3~_3+Qnyy;;S*0H$rk6|e2)be`Momn1Ux7u4ga zjnQ;Ypjf~&vo@GGdffzOy+{8Ia8?I^5XIWP`U8Ll4gk}F6Se5I?B5fC%fpopE34XD zsd1Q*2Z?_xpfjTmN>NqDh(`!1?4YRxJQOGezq2D-`p|9|XREAxEAUCPa47f`S#(Mr zd-~Eun&4W~==jhsXFKs3s%D27j;tLCJQ0TagYi8;O2_Kkr4~^!ICy@qOe56t{2F)w zAtn}7bRqZGV%l)m;mH7N*_UVEfXc=YYzdf}wcJ$a7_e2ylaODx-kcgBjg<$Ov9JE2 zfxL65Gw=T7K4avC$rT*D2hgj$2VEk24YlA^bjtI`Bg?AZ1=#^RyB;k=9SxKak}uqD zAJku8AC0d6{6ND8`PBV@w8Ol2)GZb06tHEWqM*4imeeiTZ{VFLJk^j+;4rdZXxCk} z9!jDEHZiKK?RIYH-7~mu5N;7;&|B^P;l!%XL+FVDu)2U7pH=tXUF-!jM$493B=~D% z80}f9af?1j^MQD~IQD^$XG9t^YxVtWm!!=Z*xoBvX!v4?)|{o+{#pQsJYVQVH6Hx* zVLiCq;SMBwtQ8PK6nN^C4swv8&NF9O#Jfc9JzdzK6Xd~I&kq4MKR zB2*ofr{WX0m|+9BYMv*^Ei{2d)`^e_4+0lQ)d1u8w}|~@{`cxraoUHyfb={8s}eKn zylKwXx&sbKPV;AqP%v+%P#f{LcGurb5p>$&Biz zmbdve=ZaOCKFYzb}iXbwlwdARD_B ze+J$w@18CBv{XO{BYr+~4#GT^ri)O;QR)iz$PyAKH~?|LG$nhy zMUfK*A({KtZk+Zk-?$sRLla$U1hoA{1n+uJ@Ebs{R5Mt|af)XR}-DVzWFyX?Qh8-|pZKlPQjvu`Wc4h)Q z)3ICFhfn6VzZ2sTMYN=3pCP39#q>`XZezrN?t^;-)@}4dKuBGiam4 zD6{ESh!_aWB}2SD?C8=P-#zbO-P_}5D*#L6}XPVJ;azQ}tOI57Y|W(&-Q3t1w9 zka|wWaugoL{)X^}+=Hy^+**C^b5N85ug0#onisxtqLO@?it1G&BwXwIYZ1dPGot#6 zY+Mw?ax8TZa_<$!z)Rgc>^X+2SOBdxii+kD`W~@5b<{$f;{ja|;!4UgT5O7! ztE-OtzHW0VqQU?7!vzNi!y@xYltNf~TEEzW%8|@|^V6oy z7j)QpEgauvTG%YaZUM|~_)*2?-Druy+H7>E`r0SLiK2cY^&&0ihQr3xp>q@V6wbki zLoufkJ(x4yGd{Y~oW@UoRBndOUaJd%5O;uh?awS68GT5J&&FuLC-iI4$KrJf59t}Y z*ROfX;{n(-H`X|w4=bA#x@Z?e^GOq%=g=`agcb!~*F;kKqpUW8SpWlt;`{bvG`LvF zr8HWN9UCZPCdlmY#_N{|4UTtyupG%AzsDt6ZFvl@wUVp!OL&s^`>uuz0!W@*SS$V7 zZHnhGw#9gLKX;*n1HHriON(^?NmOBVj=ZY7$2A4yrMX{8#1pNfqkMR6%Mr=z#4c6V zC>?NN7LQ}Aw>;ydLWBIz@^#)s##_i++Eg)##V-Id1F@kRfB=0Hm`nc zA{*KMi8?gDMLZMsSY+TBq#FdrfAs&wsI!Efvl*wSo*}FDd~_r$FUj+J&&eM)ox}#E zy*KspbHX<-!^w;AWgnZ_ugBEBuV&J{{+O?%L`98fn1y5C`#JhpHW3b?NCKa#QIeQfrz@nkAAs3y89Tju9J9YHmvcX`gjSnQU$ z`e;;DWC(ijmX-Pde!1Dc&`xocdULJo!iq}SRinYaG`ul#p%IVRasX>4=hOB{v?lEn3702|j9@Gy zD0{>N4y})ol7ib`0yv0pf-y_Tb%l2pPmyaZyb*vM6WX0t*FMV>4tymkk^|7u;kF_k zA8lzb2iE(-HZ9)F(}&drG;E3Qu1@;~ODHJn_PznFEstUJoYB;ywUkOPCQ*8Wzzexw z4mxq;VcHChMlE<_>1{VGZtG?INA-KBP3yyS{wOb~F52Do09**iR?UR`^)^^i7Dmp= zGHXQ1Vw79u%}fNh#WAhNVqLmF<(Q{Q;Bo8q&F1Td^;;Rs{|6=Y=fdH`_I%AXQgisS z^FdJ_+=(F&NnKF8Se&+3KsH&u@s*v%$=g1aiH|7rvcnVEazytDLYyZ^+GQ=LDg84x zgC9`mz2x`l#i$9IQOX*2P-Od4(Gd+(VjwWGc~wp#y%6JOoKY@t93&=+f;<{mkR>+J z;fnJ1B(@Z7WzFGu-GvFW1n88dzDeiDRg#|}E8Mx+j-R{jAH^_SmAgD!jB-pA=GWE{ zR)NuOj>)+ZDORnFphGV+0}rKY?Wg3I{En0g)N?*vWQaGW0|B@sx;L-$Qx)w~vwurn zr2@Vgmr%}`q&z&R64un8dBKl5b0N`BbDk|qhI$!By<+}9R8P7wZPbxlJ**-iS}$-l z<*vVwGog?DOoVN>Xo-F`v6OG6*7Ed~-o^IgRVER)>-y?~SBceR=br=&&g>&UA9i#l ztFH|dtwoyfgLug%790Daa@?P@;Wk-->|w-&huJ8{Yo!O;U*=KGwW*|NJz;NIPNHwS zIgD-QEiMD-<%Xy6sIL-Q?g$!o#(TpDYb8#wa$Pon=ESmJqw4GZ1v;(NYA%1RNC)MEgoi*%=xdc0|!hK=(#A z!jOHQe3brW!6L7U^cK$>f$e=F3-55lC&Z2oBHfWq7xh;>!KqWr4A1Tc4nLn3w_|4^ z(W6H;1GPv>n$wVu@&{@i;XCk55LV3&nSn@l!#DhcRYZ(U;LS-QAn>Cwj_u?#;!HX( zHUIE?Q?t`G(R7#zA00K>=a`zkYG5F>_Me7rjqR)JIw z*zqa;v_E-hh|d>Mv-4r%g5=XZ=vbz+fa+lyU4?HXn;U^TIdj`IihX0?e=e4ig*S>i zin~wCk~Eg&qVD60i{F=qU%(+mP(Hrc`6 zLnSs8SKopku^(4zUhOIVI6LF;t`5);czqmN?YE`9&E*#(pu=Bk!>q^S|H)g_m3hYY z@0YcaD--Wrv4BMeC)UIx?^BnHjtljbiA-*fBc@DN$^T5tS~ z88Uyp`CuX^XN%7XH>d6`vLsphGe{(ejwxJ`jmw#$n{gKQU^0y!>9=I8}vf723{eO@-Ty8m6mFRYIE*iik{y$qu8x6&}H4`yagQ`1IJ zT17J301{jMclAvkH&W?5?%kF4r)AeF9NTeN$dHl!Z68E-+Gj)DbP0+Iv^ z^@scb29`^s!~A)8n4`WSYNG?d>Kgpb2)-W8vF5#`-8&Q={>{+g%0P2%+WScgLlT=d zGLa+$E`^0nga0o6LzTa-{P|J@|B|i!ZVV0aAhkAWP%sNs?T=6RaxYf^BVI90t=N`_ z%^@7Oe7sGlmEA>po7WV}wwiMXR*L+qybsBHPY})qNL{T#5|B7e9Uvr0uz~KUk5PSQ zfU)MlW?m|kG}k$~TjQ)?u#1dMG1k5;n<`8`NVU?ltnIs;z-|yeMY5IkfJ+Q{2;vch zm(=BhhM}LBQ=|AZr1jS)R>fpt+V6ZLJe8sdJO#?2cLr%kq4&H@3;%<5bZM6zLUeck zZ7H#ECkGBry~?iZVHue;>}nK3I1>)CFugPKb%ANe3t<(o zp{QD1EjDdd(r{qM*f%>v~UvMdwv?+1+@2kZ}rQ6_}<$D z(78%jTf(Z| zXnf(@@kH;S=LK1fYp`GIN=y063{Q6CQe8@49>1ZXUTNgOmN)Qb{($V`G(rCEKwXVP z%8tdK{- z(T%p9hJH9fEeaPB^+%>18ur)Y)USS$v152Io7M=du63~)3>CjKP*<>m94gmJJBBt= zkB?D5n}G@$xuwuyEjKUvh);(jY$lZo6i(r`zU)U`E&X54U1cp6k0YcK?$~takHVK) z5GT6CyqDU}e6JWisAl~L zdefANPnxgpW2FBCKLY<8((8QvF*=P6?iYhz&vdeDouKinhkIgos%{<8D#D%Vp+L0O zPGhvtj-p}uvnrt_;YJ!G0kOHG9lgv~{QNBTs_ZU2*gYVvxyR~yq5NadlznDso=UXZ z-@67D48eQ!k{i{L2UIxs!JgA)1woUPLY$zJW5EC5F1wV-EzYN1<4oeD4r@7#rF`S< zEqNmf!rw!4CTmo4yE$Reluz{Rc3{WQkG5W_OEJaZ(K ze-y?PU8Q?cPHO(KIzrU-1S)_hdY*yATb#%kV#jwf4^#hT!m8I^Jo(rCl2_(kjkGyP#_*R z%@>8?&BPVLf7QD>kSTxg1zf)=03z6A1|4BXAnhx*`-N+BF_fh?J|swv&6S6uB8+z| zHE+xly~zfOMC+9XH{2|Zt@5dt0QtRLkOkt^eqQ`)`d6PqI-dELyw2T^sByG}rS0;Y z8<=a&6tpOPP?u9hT5Xk;K_^`;xo;9$uRP)65@zw4BkUcvL~nINmG_Omlfh*rZJdP z@8Gbw&bc+#|u1f@z=$xvG59rP-a-Hy{*D>kZ%3)Q7NVa$8b}+U%ErZ#Dy=% z7(sc}4&JLf}qOfCu?6gvQ4RU-OHhQlR6~`*{48iv^z%zYpt%Ni#AmOei5n z7;YA)01CC-%^-J1c1sXyj|9?wKEAKq$8%vxvuhxW-3jQ#Q)fW0Jh1!7vZ(hUH{~s10u0s$t7*Re@^fm8a zQJDNX8#dJcHm5Siv9x7l(;X-+%HE3^ng;QA@Ta5^PGsSuIv)L%>Rgb0B*9aY`b3a? zqdOoL9lr!alTI*M){s8}`-s6GKc06%-EHZD=$SGxhXC~B7pBG+bL7zzntgPe8L3N5 zyhoZCiV;3OF7=?wjZ@b#7pVC3zd^f-XDFp8D2usV$hsrcqTjwE&!(Y!n{?SYKK(>Z zM)2X`k(2^5v_BqXI-~}hL)RF;Vk4wKOFT}M85{oKIiy9$#ru1^<)=2Sk+^9Mx6TKHN4q8@2L%XU*6D$?ml5JASKO28%&73% zr5$jiEB-Pr=DsJ*BjFdnVHoNzl!(xDZ;O_3zB=9Q>5!1)X0u)MI!a)!x>$2;6^nVO zK^-pt7~n}_3O)`FrfV|QBNwD9jKB)bR7=`Z196K;pUS*}PxNie)L?JO`4E_#fg1ZT z!xyF*+9Sp?8ttzS*>4MKl$1L`^@A*oI*O;Z0ET_zGTVF;_2s>5s0=@ORYwBGpe>)DHAGgrt+AtER3st2ul*|w zx%rbPw)liZmeB6-Fk141pch7HmgrAy-mHbve|uJrS`UFSSZ){xpp8BALc~dq!dOh6n{2!!w7oT|b2ieD zNtPU2J4M#bcSXXPn`=3hWB&16oBf#1?fDMc1Bhz1l_&%{CG7f4eJT7Ik`PdS$$~Ir zM#J5Yy%wV;_0bHIX%b#sW_F;K$4)i_aj=O=X6ryCaTwYGsyu1f2>_>hq9dP9`k-}< zPk3S?_X(T)DHB_i)yI{rk}mGMPPGZM!8^|^{B$OOA!*XIeBAA!WG8sJ(EvS{Gu+)! zRs4O1(2joTbxAAtVwAOwm4UgJU6}x-G^-N#p=yAREZ6R6BS@b=Tf*M*pF<{&@@)JmD;Vuf}--vc-CG_77n8(AaRetX5Ale0nDh)I;Q)X?{+t7vc;s{X=Ku~YPR_{mJ zekjjKWp83(hsNeqAZgF2L4r1mHrWD_s_KCkufCXq+9-}RZ;Q-*gNW;ww9agX@w!Kj z$PA87dJv?#FTk_Y>dZ9XLChiWO>Ce$Q$;pxw#P3`F*ubdo|rB=B9H*TM^~S1Yc}1C z3|a|MUw99BS95yNNOSJGv-9h9&mxB5xGNqv4J~9$xA{%Q!s~e_w0ySNABT>ROoPke z5{;c;lNqDI7m)m5SWm@VgFo^#q;zWDQ$io()y_ua%J$CHlD9<-RQN*l@<&z3b*g_i zA=Uz_4;7r!52G9=dk_i0@UP0;Jds6rN6W3D`lVO%P?oE;+U#S`GYX8Z%Rf#_S=e$n z)CchP>DZn^hsC=;PxnkSVm3SU^U1>8+^nvIWb*Mzy93!g?KAQ7@!%}@7XR!u?NPD2 z<_bQuaftGZEL2*E>BAKOyMH?YRM{O%NzO>p_u0(K#2=P(y4`#B76Q6s4eS;??H8;o4w< zv?0(v{Gj;f;~p$~1F%~j0%FsMojY38CdT505z_H2w!>nMiUa2HBQ=0EwFoq|a1;Pt zLTbM?QfeV+P!40d3W4yY+Nz;0z)eLkh9B7(gGui4W*#AM$JHjdT>0{Krt$6XAcmk5 z&~1YP8;?_k6Xh3S&#|ja(amP6pgc8YtOoD5bn*-ht=d)l_=0q z2o3o&zRe}qA5h9A1U_3`{ZfT|#cRXpQ$=gqqX#H^<-bwgsmP(4#)&Vk;?)&sPd5 zaV^CRVjBEn*7VJ|qg0e7e9Xwfi+{9h&=yy5_Dtx2Qcx=8FmP<7kM_0}?!}o8(BYCr zhcRoy4zfj%wqN+*^q{bh1P^gvgmEFRFOGR$iJ zW5;($0;;OC8DDTTT$aiu$->Qd(FmeBAG~c}rA|bc=rHhTb^T^-3M6SLX zQ}Y`h`FJ79{J{-uW7iXXmAdV4fR$*my_9jxlj5rJff5pJaklO6#`jLfvLh&$-y_@> z)6KM2-vv3@>H^T}_q2Cw$Lrp;SHlq~U(0EDHo}}?E%Py#B9QAp9-o5olpI%)iLdNR z#)V%0;SzfcO};A^yt2oFi&~AlNPh$#qgo|_Ag&gzCKf~dW3)$P1v)QgRSHRhFtAf7 zM7ABMbstnLoy*t#G#*t*4TyC(mXasfKyuBgM)eWfVT8R4Y5FnK?jK-nvi0Q#EBD*e z1n#%YNfgs9u<7pl%`YCGFE|TANTU2R1M6~LFSQr*j)^?Tb}@a(FN)YOO7#ttKdu>N zQQNys+kpk*ZG{O`CLY^RoZW#y###k(n+^2KX;t1D$7+K$&5b`4EM>uGLhVRq6I9fg zcGiL?-2*JG>-d-+=HinQ&F6=yqTT|eo@zRp7Ol@esFRkl}jJ>W5lHz6?tAu$$f zmGmZb(cO}rF}5jN_JkZCGEu+N6nKP&GRh}IPy;c)Ab+J1z?bvx5Oku4h4eX2q>st& zDe_d!11HWt4u~eB32KHkgJ3|y*|$-zTHLhp2g}!d7W^de|xTmPwtZ6VX zQ%;HSIWO4Cr>b?%nq<4lOXKB=5z=W0ekK-{WI%>zJIQf$%q}-Ol8^=^wr-_2zrUAY zYB-g3bW*5{mWd4E(+s3TjcAi6dpb^+P^NW{l2y8M0EOc_-+We8RAn$t2Vw&GlH(-? z{IQ%-hAHE8C@#U=4qpLoap}zQ) zKU-ln_%N3K!HdiVvOA`T5r9#4B$SQi2w|Ag9q-G+X#OGHDhL_e#lxl%K(63ZhX)e| zI_pyx2i^C9@y6`8>${WVQ8E@QT^A*!($EU-x%M9(^*43oB@T-G&0K4S%g9fig5(pY zv3gfqAzj!oYtMb@uw{T04D;s(8cx9o+a;>6sVw;K!PMo2p}mi;!;^(Vp594G;T8K$ zK43!PfnfNlaeqc>2dJr3$K}>VgarVkDsA%yMX*pIXiC-P7uDF`?-b-hxqgZp0|7a? za-~2BDP{y*n$V@m)2+XbABZ1z-S+XzM63ZGY-;wxebzo`J(#UH06@s%0PH-~{vpE% zlL;-XPcZ+rxE5hb+r>>=%X6f<0{hkTFv~P?2Du!3wa4)>k1c`+;-VC06gMh{xJNBH z7$msk)SpQ5;K{b~*e2-p4V_(Um&~{J3T&qRUGf<5pE){ywb*n?LGidb{(XAS51F#65uOutMTtqJj>GNyRLck|PVLb(u zx~C8^*n^CpmYBa5S+t97M-ta9F_l$*l0*8vPoEw1NGem(Ch#f`uLzDLuOC0awyU=Z zBYtYm7NkqmKbjUX_@f_|vQyzYa$Vl+_7*)aBr5b#w&LfZPJKI~J^hiV8~MBo?O!aR zFU-lRZG;TUL8)!zeQiGx${dk08w#}M^cdIl(ZL!D(Fot^D}8B5C;x`C8b){nM??V{ zK;de7*;{BLwF`QLfSi+Uf40wE`rNv2kD?#Med%h;p_s`uf zl8@X42)Z#}b@BQXrXO8fsNnZCwA9A~b|bO>*kF&ix)&`8?Q80sJY>#${I%fY$M+jd zc8{tAY_K5k$ww)A4t!Fmz3VVxuXe4Yp2s*~Jg>E*(;Q<%cgdQ*B!*2n1K?s0v{&A! z_|y7eBLBq&7M!mQaE(aA$lX3<6EQ2x0+=gj1q#$DC>`XP(xw#VU3HK%(|&(I9iJlH zA_uv=qkE}`1Z8t-Bf2qtsuB|Jpl>NGV73%V7Ab2YG%>>GO22<9g6@G3xLNbjLOBo! zu&&vmj}(3kV1RL;=NuWUcB|h7PBrM|G+ZBS#13eIA94Mz|MueQR_G^55!465<%?Z) zJNlYjmRl=5HkI4ux3E#5xqM;)r8;G4ZaPF|vO_dcpB$2(+dDxYASo>j@-Mxy$YeMF zqAe0Mp>b1AD@cc*$XyOqjX^i)z(=mP9wsO9veiM?V7i1%*H2#H9jq^7KV;(y(}o)5 zP!^3=iJKOmIyzQ^bO+z1n!z_L1^|_Rvu#>lst^=hFLGLkT-w1}|eICcX*IhCI^6D!7VX@FDjOnEAw*`La&D$QDf<49#rLbEw81}JPZHRiH_nkII73&VufZP7C4_ZbC(Cvo~M%t zp;XSw1Z{opd%V4W9j>iFf}sfq8jwz9fP*7v_$dXjDQMS;Y1dZ323Y)tpXBbJ!RQO1 zqpC8Y_rCD)-lFe_k=No>v-|qMvuSRp&n);xSj7f)pUdIEH5{LEDJZA~$hU&Jnvw!> zxORy??-RYswLkUs^=t*1?Q^nPwBjU502$T~>Tf)N>@)UY!v3Rp#sld6?FPEk4JI(F zqJ6?b-^afm}F*<$JIxwTZ5vr&FlAk8x>s$y@m5YFr zq)d^eG-+J`B`83El!==eI6kQ%cr?Zzv4EPeCBI#c)y?d}68xk%@yoNgdpbc*+>HBwv=Q}SVAcvU zQ?n|g!2?lfC)I4beC*@dyqvgMU zfRP-ifLrv6X zzFZOebuB=dX9P|{XUlH+@EQ^nUseDeRjhx)x+7?(EYQx8zu`4-~;ehi2o zS>VZL#5z?E?rAU?{}00k>EBK9Q4@@TzQ(57_&?guvv1%)E55Q&Hp&i6~DV*@Fy3?*8e^UNej^g zo-HW;_`bEI>@HbJ;(r_^#e4D+(IRQ=y}WF{^OW>|R3yny_hXqL(#O-eADiNTRIq%& zE&@*u|7Ab@^4^_}^Yf|t-zu#bfsH^#7kzK&vQNXO75||emV79Js-eRLnue$|7W1*PtD!PIwV@4eNmVsRfwY+2 zl7YqW4myqwH`+8T)~MCxmd%pN2e+c`-)#=eSKOhNN^nGj6HUY#i#@R7#2OhtCasXf z&cFemcG7nx#FAu0`7N2VD#%EJVa+Yu@58KBD{iWewY{uS1#K4w-z)H5lYBi7XoyXL z)vpQiVO+5PNZxX$?gCvx9tm6j8ZNfM1!P8JHHAxr#z z+-V!u7+;y4gb6H^qlFKz2o>$BfJ67AISO_)9#oSn!7|qux#_S8mycAgc0I6fSYdVjL}=aK7-}2>)_<^}e6mV8rm- zkl^DZLH|P+fp;T`CLCnXZR8RJ(**qG0fx?D0LKc;vKb5l)HEv3c*<14*(80;t3oZt z1ZWvbz*64{^wD%4~rIO?Et;#zs^kF?g%Pf%C+l z?;cl9e`mjitz39)uGQGBTDI4JbHDP(lkbhzV6aJJZJ7@74Y;;$BIeLm=TJyrTCHg{ zmO+!jqmF84-x(yiD2*}J*i@LSw!6__Kor%r9);kz%rpGl6V@?eA077ADs9=`2y*wk zi^y@`8f{U}v+_;fzdM>qXS{7ySI=3Bop7G*l5`66{7vfZJ!G1Euwk85mv`L$JHGN{ zcP3}BJ{kNsF_hgSBaf2it2tJ8*ZqC93)|ul{+#8>nJE%CWrg zRiu&-xlj-BmwVLI(%kD4oQaq8r%_B_FSqnYvT~zuTO(m}BrV>Cx>YBHLzhv&ee>@& zwFxJdHTOYHIG2%^rX*LQ+umQ-8SZO1f|I{2@lo0?Tj#@8#-fekC`z3*IYQH|*xpa; z@xdmyY{^wtXS0$fW%Td79=0-w`8R2#1vtOIzG}sceRXHmWY%p?Hd7NXEaXrTSD*FP zyLFl^ja4BxJYjp^pJ43Ge7*a}10W%NkW1X-K4Loy z_-WN}+4z|5>08mAt1gK{%b9=;s%-_VjRqZzV=1#1CPv}|3aH9gV5eBM<3QD0*3j_F z&{rXydo?AH%83GvvKj3qg78TzKeAB1z5V+=lDk@qKDpYbs6Rk`^!4FXLd1ku&*P_W zIwN|xpY1l39-jTR;9gswu{uf}ybfsaeTN{}P3f=aUs6GV`~7%bU?gYXTNCSRKOK$z zh_kPUM8WbhXz%dXv{8(R&R&#C>qsKcL*(DQ0aLl6n;E+VgqOX`(6|&vhSJ z$}cN#EPw4)O!T!EVTtvrc?2oka#~+&5Kvg3{r2u~B6M@DlecKCN8O4c0P&>Zo1|Ux zY?V>w&P1LHXBcxN_wDX_Er*`7<3L0vtK)h8 zOe&OPwB7#FY$!cv=WaD{un;J^mHfh%E}$m*#v!;mFd#-)x9#J+&$3QaKxTynQjy;1 zOLwmm8NzIImL4w``pBB!mTWHbbuJf z3wiB1XqsybUk6l9`8Bhryf8eEa^!b>`jlQ|hJD{{_TN<{4Dt`@2(-wI9rP zc6i?F1HL)H6l(4j>nm74_+wY>21!>E5}k9bmOcxJpi!=m6ns&V?dJcXUqWe>anUNV ze}}V`R>#;#cA6uZxo%lU%3k=#gj194ew--Pdal8s+!UIU($cA(Gyki%G@XlAIky2B z=>Hhx;(4AdeAX3ylzXn4dVxA4=nWeQZv{+Zc@S={0p?eXVFO`rHwp%vE;T=9VqnqI z%H%Q-=m1_^TD>*rwi~O+yWplCyMA_I1@N2M-V_DuZ3VB2-4dG*_H5KM4sbEMsg~~Y z!UJ-Hj|0r$eywgLy@^7xv3dQ&inJS!wz; zaGgv2h{G^y`=+VCQ>Esip~SZ@enut}iqgobVoZ@Wd*;SV^*!Kp4(Srengmu#F`e47 z%HUDO^?bdO9cKC)!(k-Y9^7jAn^cd_zq!J?nv6$!4D84%w6hrO%~6HF^MivuGl@*P zP?7ab!G6tx<*s^vS0ZE2T~9e&^z=LGADVxv-$Q?>VM_oKA~Ao$~X&30kCYjEh7+QV(x z{@v4!=YLoL7PBLiVl`l+pUOO-j*8w*m5X&Al}rAlg>!(Ei^uE0SoCNpA($wHVsQ1R zzps^T5%Z8pL+OwUq9mYcuhMLt&|-MC0Xp{v?ZW88&sfFlrTous+@~iI8~fGmw^yBB zOI-M~{vBbJ_Im)#;XL*&@6Y8m{c2h%#qzkHEUvSf35(e2d(C`3&@tdC%LUd$Zu;Xg z33Oc3`Ky4-<(b@oYR+DghGBG%^o1XdaE={_>ORqx^Ao%P1yV}br^O^F#o3UQ2 zUqd(rzjEv4Z`S@4-oKq>v?voJQHq*!m>YJLzZ6<`->u`o7WGc(^n~rQ-Mo&|j|v_2 zTGSt^P(NK{Zhg{rQ*N+ie6HRxIAi49wNUTduzKoUD(6%eJ6}M=yr68YOKtq7Gz=%D zZbDb#wg2h2aJ>dKZtDRyqn!oLz}w4M;U78a#BDdq{W|&OmczFyj*rKP2l^8e%a0hH z*a;OY>tkH;{OeX(pM!2oH`uEKyC)rkG5f#8d#sFdjEOv`o+;=`z4?JWq8O^H%Q+ym zt-I>n{>fEin;R^4pm~`qx<*3YwIOq|IRC@vu|CP4;@9E5X|nb&&acl*nUK@5FZMgm zB-d^sdq0H*+TRRP&J9XF{Q1tbG^{jkj=JHFjYc(gRZGjx8Ik>W z-*FvscIuPOJJHg}PTqcmd+4|f)O`FqQxxD?hA-RKS2r)3sP3f|cVsg9#HWES7^i*aRy@J5_MVitdknl3En?6;0;T8w8CbO>eI zcUq%CKQv#592c7m>;8IfGt9JGxI}kj;-}Oj{CxsOTk4gE4(FQU{LLC z!i<3EP-LB7T~;-elc*KbkE^;#v3FT6K_>RmX!k={@uPNU&vT!1Karzg#La;bF7D)Zp z`P!Q5hh`7r``vYSdNzWw@efIcu_rZPg7{l|>z@^h7T>KeC_DFlraXO-eB!JsvFBHw z;CN?S6>ii(_p^wU|F}_Sb8tXFV}0u-seU->^U{6QRb{O8HG{*?SRaii6j|!CY@8RY zA7;N;tUHo^z=e%g%-Y}BU*3FuKK!8J*MOh9R4df|7$Lg7SS}4UoR>>^{i1|(=`i(K zhHnRh#Z|!K1giUW-%p0ssTgwBk+wS_vU3jwu9?zD(dcjc5$nb?cx<=f_d=d_CbanV zzmFu@$y(Q(1S$j5k6pB9>Q7rQP2YK2k9-xOe~x|K(aH6NjWnJ#pfBJ=c^qOo1y*Y^9#@z34NFULG zi&1TARrOFw^mn;oQ<2xm!d+U&{;Uy7B4@yz7Ab`tjJWxv;`ekZ5{Xdh|G26xU&(+Dj}p zF+_|xXTQOuwE2=ed7&vQ+^|u)aoQgiWT1o5Rmj(Dq_L{zD!!7-pTHE9P6Yj^)kQUQ z^@U{oD&VHSej`FE;6%GU1%pdFFtg#}MYXE3|JSkWi36MU%Txt2-RiLC3pLmZ3>?-r zIOW08bI8{p9{)A=+xX@?jGoW=w+A3`RE>^8c~GxwQ5yLmq|HE0z!G%*JVYRW+$_Y` zhu);+`w@_P6*nc`&d|63RlylazlfvY%fF3NhljK6+-6hO$YFeDB?uCYJ^1g#^^LQI z)`fW-Y8%=y-iiU2`Gg2+=I26m8=RW6x=0nL$hyafm2aR zt&{s3fEDKcu|c_VT@*))#7>9oHZ@Xcma?s|Q zo*LyVCfF+)uMa*h*3n8iBYVs^u;?^*c2u|Ahp6u*VuOR$rH(mGuYX?l&fzWSE6_Fy ziP4JxHN>CkgVH?YuXrq2Kn#)>pym1G)V)m#kXZRd!fHA4MW7O7v)>18qv4Xvf*w|D z+j)1GICW297&!fs>tPvbOssD+-Hr|?L<9GVKPp_AZSp*d5t zs+H9h)S?s3C78CojGs6zJm+N7}SPBj#bfQ&P7Fsy8Zw4ak+xuID7<9>t(QeTK zuehB-M#!&UEPSSX>(h;&F4c8<^6zD+e=sZq?U9I^9jrHmL?PVae8b%B~JK7s-A=$w`|^C4cFyTn|-ir zl8BDZNL|S)^ZvszC(Qh=m)eg=FX9wdys{-wN_kht zv^_j3pJGEm2rCwg6*IxRn2kxf6FXb%DJ$(0BnLaFd^fgYE=SyD%NzQD$Cay|%eUmX zR>&vOyV9oiAgM^5r!Vr+yNA>L4V>HT$!gN}{>phyfz2peic95by@wXMnBuhrR05Wt zv|na+B@NToF^$ATV3Q9({shvCoZnEN+3z9pD14+T=sxct<+_0C<17yF*aGza6P;h6 zblTvEJ5^>IgGQi*Yw?;>fjXM;2Jk$7*kV^_a0+q#wfXy2_5k59d@qOFqipBFgRRzN%z zu^TXOnZLjyRqwS(zK(Aa@av|>yaP|oys)OGH)ExmyarD~0r*_sm90Wpk_k&d`X15# zZ0?8lJ8I8Q@R4?<;*LX*l8LC6*RL%PUSY2KYlO8q@7YC7SYnU`%i`ZNHZpHxCug4u zva@+ZK$^-pAeCZo$U5#~Y${nd77(#sc>i*5ng>%{h~JH4*v91Qk0A{qA}>)w*4Vo) z<&@fF%(0D8^lJ2@i~*&n6k*=;h%r$vefYEoEMSP@*@5)@C<#&ZGBMA2z*T{m8@R&kjh}JUC#Rf@_ ze48YggncXyx!lT#!YUwgR`5z*Uhog`U?lbaiRx7Lq$~DX+ zuVw2l@D5EeD0aO^YSn00`(3BFDsy%Y-^ljNym!4_abZP$Jsv)o5Bq7}C};CggQdp1gOGE(*rvgTb$^T@fmydx+fOFk$;d^fvjeFR7NZYB)^(+Nlb<&h~QnxXc zu(D7sKsT#9UOPn*zFte=X0$Uq$186#VRmL?eI|%~m)BS$GxEdO7$QX`)en6MNd(s;9B(`2VXHwnG8`V+z%fL53ijXtCh)3wp zQQmkTw-$SB2fdanuAF3@bSn4cWZU9OUy5)v|1CPD-V>7*n;WQ`<05y~>2@tCc#Y-9 zyr(>9{KTC%vYhe6g;{a-ih50rit%izqKn`{_QyJox;=Q!A|4B<^lGk4=7f?c;%LdW zE(MlMklfP+YPcjqZ`^9=F7*C%GEy1-M3#nBX|m{h8NiUei2bB_?%u16o`;$F2?NzL zaz+ZhuNBqIM~teS^ddHIIfAqd2AyVX8c!xvI&$y>v6L?!>}=ogq}rMby`1h(Ngl9` z(!{6-@sQy+()8F9L3^Q+4%VbCG!R~}dF=j8QBm2E*Qd_EFPV9S$7>^i(V}LY9;GNT6m1$=XUFL2CpTeJ)LO5FnoH8d*x12z zm8evzB5Aiz3$$vig|9pN^zuOu&WpUUdK^Kj6a6QOh7@a7oT3vAPX_XsR+`s~Mv@*^ z(OI|*J?nBR@W1T$E_@`ofAzfUZgt`Np=K_-hkDb~p8VGBh~zKPv#=1JBr0bClSy?w|L$N5#aaA6 zU*w~$SD@qol%yzwT}qC=y7by4m3WPwCD}gOw|Rs&c6DTL0Tn^R^F+g;R63Q{{+F#5 z(u52bT@5AF@u`(E#6N){ACc1z?iP@0N7jC=!1;j|X8Pa0=g0IZZ$e9hhksR!P*3JE zjF0L5ydJDQB#7FLhuCZ$|4bipR;(+X`saiaN(X1ub`+ z=xG%j=aa|fO=^pFqGf$v55QC-HfA0shhf3-axeLm-~89 zY@tiPM$b1+HVFMc06}^n&k;&LtbLFNw8VGX#yvo`L<_j|Wt<=F9%!Yh;duXvwDh6qTkzDdM~n@;GvJe&qt3rl zx;j=3xEWdZm^8pKgbpPSc>a}XThInL{(&(5aa^ExZ|K;6{;TVzqjg<&iLZxF;Jnp; z2L30~{y!$A!zpi5@|nOVfIY=94tQk@c#UfiGBPgjzf$&Skjazb8={=%;qmuv>Z)Jw zF2n$Iz?76pgFnI69q=RNc=uRK2p~Z@s#Q3D;GY!0y}i8?fG%=~0#TmHz&Mn`4nU|Q zz)E4f<)`ZT9$bS|G}EmQ0m1Jd8Gu#74{$PF7J;KHqdF&zBh$y|EHfoxViPrv}ngQ5w7V1YAmuq*b8FwIujx)6F@$l@H9!(lY2-Lxu*nydmHPN01G4Yh%#e77-|ym5FEu z4wX>A<@Bo3%GK$4KeEaUekvqHSULs9+-Qt1aO@DdKIl_tBk>^_bM0*vdmi%k+h+WG z4w6VHr{pv<5d38iylTNq6F}F4?pKSBPZ(uS9l=ivIY%~D=TnWQd%l#Z=X&Fqu}sp6 z*7bYs&#iAO0U~Jt7+N)qy7`6!JQX9)$b$5-u8ini)EW3*RP!x! z0*QU!DDMVg8T2UxX(Q&k_R0bPGshoKyY;An%XFcc3d}fiWYEiB$_1*D=;xQ3EjRm< z+d)v=&nG7*A;41_az}YMPbLvzm9=_W%D}P&Luf+SkM~Lwk6}HYX9* zap1|c!O?EAt(N|>H~%Hi3uO~7!rE2)0BMthqoff-GWmZWl+N6JbXeZVh7e%QI%e$) zw8bI1+up};<2{&$vN#Vi{&EH%Z~`9}dRo{e3g25kg&`?;UE;3URqizV;Ulku-WHhmM?i&024u*L*res!Ecj=4Gmm|SQ!0vw^%)alcH5Dd?@%Jjp` z0&VfoyZl=A6zl(ZA`R3@f)Y^RwhVrgC8z`peBP&;(~TYC4dHYWj0XzKdE-n#Zen(v z&&~q;YptR22`z1UdGvI4Tiua37y9VY9GVUZ@dY4D4M5LUe>8`d>os%lIh(ep)L(H; z)BWJm9Q9??d%5_^;7~AAO(ACDOFAg$y6ByCJ(oGR6qxTJW&$_=k^9a-0FH(9vC!Ul z+qK0ypV$t^^oJJ3J}cLM`O6` zC%$}AVBljO9xV=dItN0$(KOQinU0V5$`ST6WH=swFDU?3Fvj>fAq?0e^H?!M7=X$>1XL5#w_L^1Z!+w2@sUha`i zt%{wGd-P9VyT9fMk;S!}EdK%2-_ai?zzG*6WIxdksJqPl=BvJEe=?P7umHjBJD8Vb zfH#&RIsDeg)({FM0LQifDHtxl!-TQ5djUC-74YC9g=f7r2QyUGb&b*RY_F|KIb-i# z*~+D8gNHNK-lr~ll`h|vlf<+gY7cczSJNV(BU5E0dp--n*OI9KOT`GhteiTE%W5=@_b5R~1xz&yr0hWjxiaX-zJvP?!0?v?V|Pf0;MK1z0ylTF=} zj=aX&#irAJjf%7J4W&K}$wlUo?U4xl1=j%eZ-A@fg+*OyuXxS=sP|qw0H+cF&lX*1H z+&-OL-TOXd1QM${*RV>M9g%PLCL?CM62JN|$!*mLSYP2+9%Upv-(2umrqyT;uU*_7 zNm}}WRYGc{i?YV6SUNwuCFONiYUkngeabld#V7K1Ouq{j&K2d4>yA9kzpKlHTxrfa zIWT>JSjzo_1N6VgdeK@9nVh3RXSB^@btPSU?BsUlWBGMvY3O~5M1dL6MdS4&S<@#;=isx55&BT&MD>ZS&b*IbJ zXwqu`Cax@Ygv3#-4PYnEZaom6q_BSHTeq44ATg8&7?;01 z3A>{JHoJ@ElMdDCGZ@nJryCSE#W@q*8s=gXjaCvB{`7qFJ9EnfqH#sbAq|W07oK~4 z6*guQ;o>L960_8!P6ZUk(cZcgpKfj@D1Px&Np}lz!y}1h(6pqQ&VCzeTx5*>P+ND) z3ze*8Kc<}5MVZMMsi=)U9ikSn(6;xQMK;x79=p*SGm&Q#T_DZW;=8K0Fx zygA7UTrZXB+rO;Z*&e4juvJ(1@My0|*yOn*cBfSMJ`V%;iN?{@i@_{SUJt7QrM>mz z>KnKYp61zi&t4V`g>7e%to}@3=r{k(mAB(;#eF&QLH1%B;HyGq7Xf!#&|elx50LuY z09{&DM7j48q#lwEllw!N>aWgh0f4vUbP^Ej*#SDW_F~)bItn;XJKMsjzk}<|;>WTE zyy@-Qx<<@kbs)F|kidF{v^<6=b&z$W8iivrk)zEi>NMy75ODPeK}HG8mXth2j?QOD z`2@|W^^aoLWWlW3@WEd^S|9COG~d4fw;F_dvS&;I+b!NmF<9g%fJSgw$Oy0?JwMtQ z-y2loRREpPJ+&p4JpxXvV&%tM)3!5V2!>O2z=X^@rNTW(r<&t`xvad8lmJb8zi3~j z(thF86Fp=~B$IsTUE$*h#|2y`cAR0kM!svXV=`F!BW}^qqPOR2!+8==3zY%B--x-Q=YjBb%G%U7INSg(y zVIH{%T33VcdUH$y&dW{_XeoQMX0gvBqczYmoi%-h0O47yKSPvwRot*g)jyza#)jXH{U4Eh9=*Jdg z)gId~ktQZ2tfMkIRC7#{{j0e4;;7kS9JQyd_s}D~Xs7HBpW=O0NiGP4s!~Dbk(Q!v z*5`IHz`QO0HG3}YveR;IBXGgZmlLwkNKp8mnM5Uu>5%wPi4{4-vXi9y~8qbH^j zv&ioN1a5X5cLtKCYU14G+T)poejh~rR^7Qnw))pM7@~Xg@jVH`NEfWwwk<}buMPsH373oW|hx-Puewn>YvMn?rI)#QHDw&mbv4FdyK z3v9tNNieU#duQZBpcvE=p1Lolw&Z1Sv0(3?Eak2`V^r0E`dUy~g!m@QziRb0R-rfB z3ijB9{`W+JOdVp$#}_B?4%B(cOt$fh^^dm=c%(wCn0f@iz?O{xAiVhtVH;x>tZpXV z`rl$}FoHol7G(@8h}YEWSR~%50qv7b=h&3LeIAQ~O%=t$N8}wY1Ai!7u{c_0Pt@NErIBy~TA@5W;Ni(wATFp%oO zNBa>Zo)`-NV)W`g%5@g?3(&1WwSJGB502dqHI}f!Mi}72d?8wM)MMYLsRS(e{7XT5 zOyl4mcDg)2^7tP!h7n|>UC}E3B0BKY_+zn#kdfpwXjfWo_|f^qF~|?|;PTo!8^kj| z3NQsR0U3UOSk;#Jwok-`{9PKjvQOj)kS+dZyQP~)qo}VWtNXS}yrJq?w*ah(#sj${ zO{l4y`nG<>zVagpsmM!pUh^WeR*pY?&wM{^MQHPrhyVki#{UXi(}i`W9wq!pRV8}f z&jU#d!0-6nqWMEB+V#W!%A6l05OUDbljQ0FW0A$y&uV6?t?RlBv=x>sUPQXBuI_1@ zn?oD~1P~s2=8T$Ph9g$N)6jIP44^=?BzGfvOMS~ zig7K0-JcSN^cj$TQI-k2$?3H`f3CGu@dhZ&GA$nbOkj!EBIHezJY zYr+p9e~=n_R09z0c&?3A@4knMiBb3=a=!{jZ-bjDWMDr2_CBfsN!?kF=hVo7f3jox zyZdK?WkW0{toTC(;6S&z-mru6!{f`2Du2x^n^P1)N=g&XF)SKf2ENI%sGS8`Ji38< zJVem~n^;F!FWAmbdObY+F1R)Dj;KGPfdMp9yg$*H>rN?ZlxDcvXJ(14gFm*azI4V) z%axvEF2K2z{mdRYMbf@zauJqCr0Oq~tH%VNJ0cdQuGq{P9Z|Tl#qYY{4*)lY85=5G zU#T43m&kT6IvA8woUt99`rZkwe5W-YwZcKIXG#)Y()1RP=f!`f*5bNZ; z2~}&^oR`MB3kob&aC`!qT|LO%B2NU1a|nQbzk+aewq45CH88s_7{g)5j1C6${go3` z6oQcU+LmJ<(AkE!^Umw8Zt*k$neYRG^dNgC$#8{a$|ns?EaVL)jiuxoD@`Ph@n6$8 zVNhv+IWNX*Z1m}Zl1@NdJO;u2WQaVPzbezwTvG_8J2Rcf$|#KfChWA5&FjzLMH7EA zajXh(Z856!FWkc|6T)}eEVuLXj-UAY1JdnIWlPN675`5WDa9-n`Yfd z2oe=Ru1d)h!WzamoTpXsb>qY-N?E^Fd+=HEBTK?H23zvWl4W}}i)d}Ezxa-F8Xq)3dC zN#07=JPxc>!t^NLtkZB>0y!)FML>q+ zFoPk*TN~HHdXiOFsUG#}fTaG#K)6X3fUC4A22GMtIDkj@b70eN+p~yr-JO?)iM)PS z*l8+@sfCb1E_GMkLvpaV?|Ff{r9!3LgqYu|zxKuCK|R!Ky#V;BIEigBw+%L6tmCi8 zgg6U}SG;ZXAyjv91YKJ_j5uqG5{TE0hczWmqzmC~5}{pQV9$cLWjcX*0%1WcK#caD zyOxkbZHW72B~foH>j32*d$Gpm-Fd>8_^aYA6M9es;%>PI9kgz~mauW$$5?y)Gxg?S z!w(e$XEjYfuK3j;ZStPV@aw5VEc?bo`-0}fZQEH)WDBfV{io40&j7gECetEB?X#45 zfN#T|VXh9hU_Rsw)FCO?bJjcESJq703hXO>Ev$EmKjB8!Wu=dTKHQEQNaL~~7;Y(9 z%itFwBYkt9mns)wpf44=Y2vph>f%(NDCIT6^|0eJv+XxVWak0ZnD5iYgO2*8gKW(V z2W3wPb)ohAFXNx}m+VsgLQf`rZbFg9$G-@%p~2TLtE7;Uy11{lJbs!HQ4RA8zVe>n^)U%t2(v&YcC#wHL2@VHT#^Oi%spL(=`9 ztHsZs!L+QSNTHkggm6}8r;$5fv?Sg5@s87|zKRQdm5RJOag615JQTBRB zrEYoxda$9fnMzswiLaCAeX&t>Nq8I?+wY?wBuN}X@f@mkbU;Y{>fwI3V4Il7&fFtR z232^`=}S64)|;$NDcTg!Tx|mS5KL^6*eB(0s0CW>= zHuEn{(y`zk*z~E=={p|%0O5+<8U_jB&Tt;X5r0x27Un2+yj?f{1<6V$!8S zwN2AB(>AI(6G#~+rNfCnn)J#fs|NGI1$(FzOAwuB188(i!(Lj*ezazxFY%y43&2O+O?k#1F$sa1W|d zEVCH;sW^YW&^!8Mo_kwJ!IHUf-Lh^&>F0~dbfLu?KeJ5KB+9kEIwao;c`QO5N0y&= zV8P6l`zERW*e#vXAh+K^hkDYx#%SACyrV)U_?9I#sbk0JdZNe4w~&HE8CIb}%d!GN z4>7s%QE$D|o+7^^J8SpjN&_3!&`b&P$l=yJhYSZd*P?=@>iodtLrKR`cGx><*`CK_ zC!p#Ir@;q;Um!en^z#1W8_11&Kcm^~GB&29ZuFaXksh7DWD#1#(t@Nfs=}e1AplLX zTx7if9gm8%f9`vEsQWUUYci}5I&?KtIbLS_#Lh#yTC}nyX5DAFA=z*tCv*L>&UmG! zkHX0N2WyCJQ1;#X){#ilgTGLuaAfl_dMRRSH;4R9BUt=%^a@t@iKp83p#1Pok0{3rU;A1I-k4S@5=h^ z!mo~JEd|YlOxxmHl6{Zv6D8moyjJJ&8Y`-xvD$*VDop>pv}-5CEu@$Op>a2~oJM$} z`BL9$=&Y9@|nIljq3>*PYF*^xT}dXRva66G~mFM40<#YySnfg zxY$eut;pk?Bo43U0*FJOfPyvOS+OWTx%`BvSqtty-5gGLYEf=-a(Ws#%V=?WT>~=xaYo^&6A=C|P!nTda3KvpjNaWe2D; z6y+yh9mt`l;tB76ZTI@HSH5@Cz>$1022c2nEBd3Yl9lD0ZIJaLU2jj{rN@mN=6<@e z1AT3JJS=~-46BobZYDH2Wffm)k3~f~_}pG=JHbRA-NzSFw7eE!k>(P!Lv;Ik*x?f1 z#kgx%8pK$<_g~ouX<fw)*aC3hfNHYnw#2C~<4o?iWRwVC3v5OL)3dt=wM{fi4aOj9o z(LhP&`dH}1pK!OT5@EYBlLqR|Y+i$flWzpB+?pAol{lAKG3$E$<$nIprbgXbA8eU$ zrJ<}O4h7}*o;tQ+lUuF@ok#mNGZNTEvHG_ghgxG!VFVoD)&F)pumQ%t8z&k(uF~ec zD&-{YRPA$0HLYmp+r9c>vu6Tajv|fq{=m8Q4D_&dC8np~;_v zC)#rwST1gHG=tn$TISmHBv|30_BRK9_tW9R21PJ1yQs;j%H=Azs@A&$Lzr<#XY4Dc zE$6TRQS%mV3*^(H5|pVZ2l8sMH61WL9$^wEQobo8CUFA%UJ>OJgkNDzWi_!ACQKf2 zS%@&BTA&n$zbiM{W!QC8rEfg5;+91GyaTq)b8o#jwlQw!d7#82=%gIDG#hT3%muhMGv)`di6^s!xuGxB*|nZ8O?QVt~SO|u1a1u zyS@PvQ&Yt#{xpci#@Ktaf+L#OK#2ZHg5f!iuGr7tADx!W?3-0W$cBylFl0g~c!kIj zbDv?Tk5W!;sIRkJFahI!%oyI^?`*RvJYu-?1We6cIx|viN?dV3`D8pasba>H6Jvq$ zeFN=^nBdGtHq(J19dm;?>nI-!hSJ^~Zj;F;0R0CX!@oMVFXtRF$Zi>7WzpwCB6JHU z=10t-2_On9_{%;H6iLPMvYHQOOGqwCfXu()Qsyh#$BHe<1*@9*dGiJQ52yupr^L<` z!Su$QjZzngW(v8+%bnMP-?B}`!7(B&Nu!w^NrKkNtTXNsB#&^c<%z2Yx#E*FnpsnP z89NhY=x=MNtnQ_TnVFW78%*th&0;#ih{hULmNT)xVJaM>A{uUTr?A2~1;Irn=uftT zS6az(@OwEN+Ez8YLKU5+&5`;=D|jfB3p#j)b#sdJP5;X38|Z*=@3Aj zl-MVc$Q$0>#IZ*B`%m7HXLRc`k^~8i4*>N}!8=vr896uP@xod=aV}|oM{a&qr?u)i zQu>z8V=hBg+(mu0Q9WG4YPTN)5j9B5Jk$(*e-sad#gnqa&Wz2dDpvoyZxgG!xEki)S~O9$d5`P=30D!5B={ zsuISGE>%1@oOega7DeL3gH@BZ>bB;;#sXY<3_q}4JA&0AWFRtyYyk*3mp&pbkwl)5 z3}e3~u+o4g^pIfvZnWqg6M5uoVQR-VMb)YB&u_bWA8d7!LAj@xTb9wgD9sDxY5k#UWW6a{37gNNX`H;YazPz*isi~(i;`?mIqaU1gE#TR(5aFDCg z-FLT)xLiMrzTPp>bXVg?qO_fRp!2AA!Cx)9OYO!78?vgenq0c1X{MH}iIpc};RmH# zCXOWSu?%!`iN#2rxw}r7O-Oj#?RdWBAVCWxfsQmi85@o~QbLlaP<3y>+^D_f!zXL% zc<7RMy9x73?|$X`0ofJDMgPUET}^|nhk_SgvO^sngj7*`nFUfv~U9TLY`+U z(%1>ei3Toijk$C42mIjA2wv98zruLH8I?bKMs9yrj=(LMWg0L}~d+dDp- z0PG7Yimde~o&FRfd@QeYF3#eiwY=FE!5-IKFzkp=3s}4YHiFj&*oTPtjLOWUTba<-U(^u?}#amH92Jy0FsBC9F z^Z63~@Wyi7bqkQM+zq`!K4?Nl*a{6bStrXs2cF>XdCUJz8#?I4Bqfpq5__|+((Blv zWRD_-eQQyjg`5t<7omrT#RgJ**-9d^Y5<-gN4!+vpEAa z(2)&~2Y4^Ky8;&S`HNgyU1(c{64~l#!R-8fj?n+iLXn351f)I#@tFHn$&rzUOSYom z6X=`R`R~bvPZf}4r9JxhZqtw7ULDH*RRxqh?Q*%7%m$76k>FF9*cwhj=O&L~CP`Mn zU)BbAsr7Kqa6^uE?op0$?b%X?P8KSNzz_zGNnRA|j<7>wEeL0+7XqS`0jRWUO)zCOqoouxX>0SpjEGK)DtKuD|t;=N0v zxVx$@v7F!N3jz&!BoO73Wt;=wG^;B#pMs5N}UPVts2-)%R#_D N1zA-Y;BI{L{{e+~Yq9_U literal 0 HcmV?d00001 diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/baseapp_state-deliver_tx.png b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/baseapp_state-deliver_tx.png new file mode 100644 index 0000000000000000000000000000000000000000..f0a54b4ec34bbe282ed6eff81369428d02dec095 GIT binary patch literal 59007 zcmeFZbyU>f_b;sE00J|lbcujcN_P$2pfI!uf=Eg?0z)?_2oj1Qpma#rAP7vz}ltaaD(*S*Vs)R{T&eRiF_U;B055n39Gg!t6>*REY7R91rPT)T$J zdF|TuFbEF#ADwR_sn@PCUQ>q4Jn%H#$iRL1Kz=BcAi?fhJ7ktE`zCMpV?DKeI85rE zDl~$G3_BuGh721H<$Zfo=4B}(ek5dxQ{lmv@No8 z)FqYAmMHtPG?O?LqN)>bQw|M}kdC95xP7tTFXbj^H&%M)f3{iu?%9uztSYbWR8{;W z!B~Yqnyz!BX}UaJkCD1McZncjRVm~!sXHiqCl@BDzMN?&<^zM8cbQJA?h8Z0OMkoY z!x87L2KAQQ7~qHXzK3f+;;NnwWRFRnZRpySG#-63ev)hO7KW&G&b>I_?>D-wkzP}4 zT7AT3lGXKgQp>6W_{%iJ(Zmed&X8WEYQ_A$%68P?Y^#2IoXhAl zr*4DiZqEZ9!w{mt7#g7o^v+GIp8YsSiw4QSAQ3JF5@C(-lN9Ddq2{}|UNDLPrxEVd zkd|aFBb6I8f*ZYU#8T(4UHTm|9cLXM#y2R+GE;H|5dc!gKxQX*I~((a)pGbP_+0Iq<@J|1*v>GFuwr|-n%hY zW>MSoUCGdr0E0y__S|Q6FxPDhtQj(%U2&i$0mLr&`rvLT?RD_z8|D%3WN`~ZHH{8H{Cc3bS9$CLf@ z_=B|{wsR-TSplcJUm3Fg`uWcckC`$`Q_s0yGQl_*83HP*120(^QHjnpp?Uyg=@ks;=Bxf@F3Fc#2!anyYyBu9RPvDEj(nMT6de82eqKXdD{`I^r03vMTZkVe=Pmp0al05vJ@|dT9pj_IC@T7`fZJ zJ-nPQmV?tMpFNjImjdcPvB;s4ZINSqh|IO_&lG(8C4BQmF1OWKsk!@J7uz!4Z-#(# z^I6~h7&@1pdw~KyCC!)5M$G~w1W0S|6VZtdPkgqw72EC+`?#oRe#qUkpA~RfYvOnK z<7nxPX&55cC5tpSg4Y5r!{Q`7cDKhw3D$=>Vw4bQ#8uz?BKhb+9 z8?qS4{)Lp8Gvu0PoG2C?;R?NfJusz*lf2z`y>}yG&xGFY4l41|f(e!AA6+H4#29}E z6_ivDLf7bxp#2T&UnuJy~AJ{yh4Gu=Z8CUvd_0ycwRX8h0W@9J@SZef1;IjpN$ zHKZZd>wUas@3UEz!evnYg<8<=DKPhEjSNxp6=^cPZIpPNMwZ`EYKH5eGDU44*s#66 ziQB8j-3}VBiN|fBgnCWBUhiXbKuE`yHk__~YEsOABk)}h4z#c^TF;_b_920bFvg<0 z;}x`Y=H~i3ZQ-Sbq~^*qkS<9eJm=%ItX@b?V(D<9!BCpe)fM~wRoz#2^#vVVM9+8H zfMuVIH2QeFxn~g?rM5F`J6bGI{Gh|DX)ct8c8*HQzk!gNzq4`f>S)q&v*~QhMT!Se z+7f=P(71MRCg93X=y*s|s_Jlk)F?~RukiUoM=ax#bWN zo>JMGdCrAwB_P~qfi${%RY2!>(FTo5}UOs-TD_cJT@oX#NIdlo{!>IK{b0!+6yTcV@P8U`d6K8<*5<`#zXi?-*8!?*%^C3n$(~ zvHkRYyY{_bf+quEn|1DVg?23j>hcI3xAQ6uL3C83Cf%~}2P}4ew)PEt<=7f6$#Thl z{y>>k^!LwToAYJ*xfrRws+7co)Af@2@aug%SV39O_aZ8J;{*^%Sp{t`rlhYqy)Jko zve(ICVtI|Z?AebyEFlq3H5VDZ<;YgXEaIw~FHgJcTvzAQ*GGzs9EFITk)#Y4K8}OH zt2bzUAu6f&pBQUP=0x%f=@e^7UAP)Gc$TTM%1NdBq@M`bjx4Sb+C+sBFGhvqEC$M~ z8H0+%WD(WIb^lfD3VuJdELGgAJjz#^TOpQqb@4jOl26Tj9+H4XR_Cg(^gcC^Q3LCY zDmg<2PZDjPU$69yha;>zqNx^`xqWe%yjR|ZrC-diKFn2_<2fcV?+R_!S^c4nWNrNY z%q;+|;B-f;E3*VDR*UZ}oLgMxF)SNR%9@5Tq|XfB*p`&0v1P3(eH$!kstjFDcZiZa zpGtVmNDND6G*T?bCJcN4qe%Cr)f$W!be!2>z7r>PS>y6JqO|9YP=DiG9DUBiUA9mkNT4}+QMw~yV|Y9p&>VH2H#~dFd%Z}E z>@cagecP*#22=>6L|?GNvK|z#KnQ(EGt8wkGriXerYbp^sp2Cis%#zeh>66TgG;4z zn7a_-zKq)NC*gZ|CCsHp?SG4V_k_VE5iwe=OA^|rCNgWX8^f4>TM>a`2bZX7FHrFr`H;- zD=HBWM-CU3tX7tDu!9-+fFyZ^9d5~wE)+Zp)Z+1GT3jl~V0bgX_d{pvQ}0Zehi=60 z$*bsOBSR_+X8q54k7fe`^tB{y25&9DNHUba)j<=FA5N}KosE}M@cj8T0hR>JAb1_s zo@_C57hz8HGNWW>60tes^cpBgJz{-tU5~oWnK=WOouAXqhT|zd$lrW-6ynO8t?MxWJ;(`*0$5v({G zZJyY0m+oq)N~3fpsA&hVg4U^zhg zCd`vlWt{AF^SF%4jKU!V`b<8nPkxfbl}bYwR^=@}l*%DJmCdiJx)gyR>w5BrGd%NA6L<@fk^mNtlV%`T#)1XMrECD zUOnX;#lkgpDxcB0Sv|XTuxVq#clD+;xJM2~0+mSA z_ms?Y8WILrnRVgzj3GI%Wxh8^a&D-r6a1FbSQwWe4>LuwlCxVKQ!{gp+h3^-fPW&B z|7SHM=3`8ywR1hrF_oVok&nEoQRWc;!~+=rR7$$-a=CZaTlNVVwY2@t}vDTdEL4utpTVyU{^ zK^wKyFY4S|6}gJr$s9(S1lRGS5)F60@k7fc@L!ThfrQNE8f$W7)pm3*R&Vv{b@GqE{Gmu5Tns*4&y zkuf<+&PzwJm5Xs#BD_tf2`5jCe{^+!S@`w20m zwI5TBI*G(KN-e7+MY62oe-g|Q}QnS zzMTuIIYE~tH4hi+_s+k*xvv%E)!mJI?`XW>z4Bll6u*fUuYN=UdsUr8DV*>^le1+$ z{H!nbv#)z4d6*rh&##d^RgwDLSx>xi4$_3_#UhbY4)@$>#aJIkY1s;%8P0Ei-2X zLfK_cmNC9B=o#Yv*>{|bQY6{MOH*;E&W&52p`8dUd|AXw{quHmec?pZ8~1GP9QF+N z37e5>M>C(()x6DA>&)kbOwV;}^ukGFFx4>?>$>HrJ-apK;LKRUyTQ1`?u0j)c!XQd zHY(!KsEYe{8C;RP6n2bW>eRMLKWh0ze0d9%y56C88O3W*dP`;rS62nFW6oYgcHy{KF zJV&w=nGsK-0FGoQ6em)4@M!xybQH0NZUfcj_S5ua)ok8&(L$JAT5!cdb^R2SYu%Jr z=SP(0UBpa&nGEPom?@`U7le`OHzqe8;a<-8+2zWopX5WNlbPZ<&F6|l5->!E`6Pe; z#5{IXx|T7+#0Di{#uqLG;E{W*Sb;WN-KnoY-k|E)E8CWE7gc27FtbiXxVW@)IQwvs z(WqO%GF3Qc&aajCai29MPris;xz^>~m4IPp(+OX}&77irjy6_ly=gr^qy~7Y&zwNaN!XeN4q0|{LtLJPRvDud29n_iCCFspT(dWMjj3E z*BuquRbn#@a>NqDMRc|S;b#6U^ycQh_bfVu$4mK;iG9aoMB+*;mKy%Qm#dp0s{WAG z{c|WJC-^=1yA{FlGBc-5Sr$aq@X?QKS;m`?TdIg~Y!h3K{MgjmVoVqjYQxOSih*m!-6Jig3U@l^Jd zDz=W&yj4b#zLWe*2s?o`-C(0qNpQ=r>e#%mj?EWVJ{x6WlZmc;nZb}U91b^l@mLg@ zC`6Uhs5Dt9&b8F@j8r~o>X*PgjAAV~9HH$YVf>G`#dyP~y^J2*|g6 zVQ2s@2iqB-U@aekr|?3Ru+86vBA?>GFd;33LQ_ApxrP(9l4R+y<(I+!K1DTfn$!); zYbZ4{+eawjYlsW*2zN609VA4-e~#%G$x7fH!r(Giy=lK@hMPgl#l0DwuQXb0Lic(Y zK3t&tRUQ$~R9>1{oAVNu`XV0Mbpk+3<6iu;2GBmnO2a=0!g?7aFgOGloQR)mh^?kGhZOu!7WF#vL#|)l zDIVI`4zWR%&{u(sT0=oDnkpo>mO%`7#0nxU(V!m?xK7s1ac7??jCLME)OUY?Jo1Ez z9?p{=VlG)=3&mi*3un&1VpNZwAjfHLTRnc}$cP#LUI~Q~A8b%!3I1+3(=fi;VhZ;N zCy`+UP=U4WNa1tKhZ>u7lA~{ZDY1Q8dR$a%$sSzcQMAdt2 zZ%KB%uL@v+Wz!S230iH6!Kwyts>tvAMq#pkIA0=B0gjsfinj^^t}Zo%wsClQ z!-m_-v2&vR*>e`}5o1u;22ktB+J(1x+IS2se~l`Zr<|5cW@h0m+fl;0I&WhAE2r+G zfp;n7f!8-Q+ANaOC#5yuXXpfSMGFsBTH1J{)#v@s+b+#Y^NF11%J8RaDoSp9r_Rvc zop20+o5JTg_%OoV4q&!vx9S{!`Af-?i*RS?_}fgJJ?TcIqG0|2<2RimLxIubwohl_ zrg65fYxPnkB)lv(yG~c2)B4C--;Q1zFNrLOLswy&aX8F#6TnN8T*OVCZJpf|3Hv$) zip+K1E+p+zGil76U2ltO%K)%HP`mR7-j?P@B~l=&@}WEAfv>Feo=?WEGlzHY=oJ|j zvDvdnvy>FC=DdKJuq(NA@;*)|x*t_)`RSK#UNuB@t#nugj~QUhj9Ojl0Ei;u>7~F} zRrtxuH|ZVcFxTPD=ac>Llb(8;3Zf<a9B6r}xec4TgMWTXXoVDlYU#(76lbT$eGuRCIbe!lK&gjHZ2hY6 zku@BgXF<|7hQ?Sr7r3IVTAzqjRUX~gU`$|Y+M3gLo-eFXj^kI^Q)re~k zAH_8ki9y>u>=jdH;GlLJ^8&&3X7r?kV6|sj5y|RePlM=1M?0vZD_iQ^v|-8oK{PLN zF=Y`otkG-k4tU+HcT!al?C`ue0-MLIDlfx*@JTXK`YgT>S{^)z_#w>aJlpWhZIHw4 z<_Lv3Uhu0RE^v~RZYCuRf_lEa5Xctz5Xl--iet6<0-C(vyAk5~*3uC91mLd4ju3r3 zmtehygp~$Y`rFj%f&kt%c~0x~%K0GEn65|NI)dL>Ew4ew*a*oQu7{VR#>_cauCJhU z7if(y5+rLqATEmfHCo)gFD!+~5PwcmHVs!l-J1sv@61^)WHUYI@x*q&keUp20_zw6 z+};jAGw$cRU+d}b1MsGB-GoG>1R%e~VfchppoQ`s{W-9nM1sdCq5Jf=lAOHvS1<(X zA(A-IGAerFYThR~ZASTsb)Fy*8Asx{GPHtSM+Xq$UI6yYn(hLSQvFV;_)jG|| zzQ+{Trlb}Hfc56q;5GmLSN)woa#bnCj;CBQe8sze^zr*ghkX5&V%CHS%Z^j!r{}M| zu?{uI`}8Y_1-P7(U4lR&IFj0jWmq_Ks>rO!j!sY;jcpYwc&Z%ffktXbR=?YG6ui`W zvMMXT0!gK;`)Eh6a=rGKiUWU*TW8sWVn$H3UJlFD|K!Q&quptbSvMPt8S%QBq5MQs zPSTN|sMn>^C zyBuE=0LhM2SZj_tId>(p3i_QMOnJqL?}ejhOMgmA5{362KHH6>35;o)l83{(INCv$ z1214C9eh)XIM3hNEPzoCJ!u?YpD>I5W$zoINdTUalM+K7+zf-L-YlZvOa;x_leofo z1(0d2h^WoSodI+~uB2UOhg*dA0iqhHMwJ!@T-N#{0J9Z|KB&L30vKw|`ZeOY7mv^w zys6hO^1DW#3%Lv{J3&Du3@WhZt0vV}RBPUNwou&d=y-gH^sjHPOym?GIP0TDMnd{{ zN-`OuZnWdAt$7?QSYZMsb!&GNwZ6UNSjeV}p%!p%4)c}1Pr+llL2bm$mOy3sc9qp+ zeN~CL%nQIBwC@;AVpjUW$+p!w^pZoD*6W?jZQB@Hk--F_r62j)ZN04aoD}pc3xo%e zVYo5kZNhK_>S@)ZE>08)r;lX_KRSM0enJTPq-8oj)9y-N*prxZgtNBoM?+Lk?c_bY zbxJ|gXD|X4`z7xU0`V1KeXmS^mW|iA}SQ zl{29Zw#$?e^_1X{t87Plwi8ASuz`b&hefn@SQx*^JhfI07alRBp;XvVItVNaNuIwF z7?|WJIANAn0)eBYzr6F@o#%Fz<-&EGC^%!p57gB}g2~paVt31#1~2Y3SvYbc8GWMT zA4KFsR~el#$`~V^e+J^#<%bKIdatrlwlk8HgNli!+V^=dON&cnzE#XOA+=U;4fr2mura72)O zR`g2^v}2K*D-)oT6HI9Q1XoOd z#gnXnhH1n4?b?)>)HC;D`V)KpIv?COVqQ8uHf?#m)xmKeVIC3vGk$GWQl~FW+$=O{ z#@3u^MAjdsI4AXhN(iTDaoGV3KYs-BDosajJPC3!{rG_6cpP*nOW9oTha)9sj#J6< zfs!oF^jXjSc-?qsmdkRo{c*~rsUI$8o@dH>4}KfFn-EAu*2Z%8DyDFwzaL7SW|rum z+}TMG*SWlpVoC4|;s-~z(g-AvlbI85Y;$tEsVs{6$ArUDLEdorRy9%O)%o%Zas8j; zdPO|d)|vhTroOu(XHS0hkL=YE;ccWHzx2PTpQsqhj22lfQ*_w~U&D4$z~@3>5P(ML zn$Dgsh9*KOrRHEzHN)z?VjM`m@4AIeNk=(|V?t+nQ1{>ddgAW&)j@A_Wr4P=rfe?N z9p07hHk|*-XVB1iU?}^0J)yq6_i7xtpd8Rj#_JMRevzQCTsES@AOBq>4AWLAbITVldhdzz7= zs{J%$3#ov!7!xlG;=2YPEB*G4Yz05siW%)s-l<>fpw~N2(@Wmp5%zJ?B4!aC2pHr) zJKERW*o6h#AM88UKHzoqJzrw>aoOUuow0~7GN>B7eXwm+(wDiUq!Bi$IC(wnLA6=R z)zcw{hS86DQWNq|5iZ{sMD#vPagS7=upV8cWEr(B*-um74LF~nr=1#_@nrhCW;Qv& zy*}3a?IoA>dxyqW4bhU~4Abq$ikVxR<6W^O4<|EIdG8#be5yP6tl_3vmAQ~vdPTo? zC4iM#*j!=^({Ea)_h|w4LaMI>*gEiAErb$|)V5N&51Eh_K0ACrb)TW>bBmQmLqDjB zN;dV(iG3DA435@Zh6*p2&U*@7Iw(?evGqIHOWY6VnKThDYcklLRtKRLALK~y%GsotVawa(+gY8VY zLU@GEy-|a*$F=I2d*Kg1xz`ZZzb|2tuHV#~ncnsvC#RfW_QzPBkC;M>R7+wqk;po`ioH8%?8zy zGTn7!OOM&%Z+$ktAsOR4I`t)*lqvY+Jc;wU7IgloE_da1jia@V)uTm;>d7&$?Xl*7 zt0(sT5;GdYXBhR_Lq$jDNu--$CC!yhqwas(M^Y=<6EVcrmyyn6vrN{R-87^sT4h2$e)?|N9_iv#7ShB`YikI`?#} zA%o6$vFx*Xn|ByYJ7M~0Y$!MC7c0Z-%2lbUXPGYVSe~p5&!Lhs>`bZ0CIT)$JEWLC zV#_r8%H2?2TP0jn$HJax{Jmvs!!_fF_%g;PH*M1Dl4IZgUCoJrPjtzpjc^1>s0wL_ zbRaN32h`463CUW^2UQkj#G837=9nz8`$bOBe=2FD_(DMMqpMAQfs3Zm&NuNlPFL)2 zE;qW5j->*Y6%Z6$X^zc>#^zt?T^gocU2OLu(Dmr1VBkOsgcU@cD+w}_Vot=`jaP=nNQocX|0zt zb=gGPhxkF`!qq}ixT0 ztsbvdm8_c4H(P{sv$UNWo<#c8KP9l(T_>=2jU#gJPZzR#FnYv29d$~wCK?_;+_-f5 z8bf#c{?EGGf>twP+-cWlE)386`w9ah=-khhW0j(PR{bXZ`Xg}y*G3jGs;_1P3d>sU zi_2jm1e;YNd>aFEn05#0LdNPnj(3xd_H~J?cX&REM_`tZZSIi`w+e=xV=-S!Wm!*8rY z^f>yi4L^vAwE4{C99cN=`Zb;Aefh-LT5C@r@7oZv1KbOb z5HBtxfwHCE34>R6aP1Wl{w7s}3E`?dVzZ~mjor_N^H-Hrf^n`Y0M*dF>i+IX?cPUk zL6_6Jv6Y@I6y|dkJk94*o2@l91HVS<-4d;#&|SvUs98PJLr05j3VOq4UFoiNBoNEM-$EEFt61I+m)Ny z_h!V`%+`eLGj<}Bbdjuc7o@2-Z=+CGm|?^W4i{&~{SS)(-w4piARbA2<-s>XI~AfM zB(DI(PjePa#n*9Yw2N~qa_b22kaE}G%kKIW!o2D!M{f`9|H^+K>nwkKp!_b20Q+L< zmI5*5_7blH#(U*OFi4#{zrHPkzhB`721kFxD;Nl1+zM+cTTM;Bo`k?Cp7C9I!>pO= z$=$D64VdP&M`?P34(E_##qDo*4H1nvdA}4avZKymJl+|d?3&^zlndFC+{X_ZsmtLH zv=qQJRYtpr{TIj%w5JIIoLlP_R&oujNk!(Vq7FzH}>y+T+7c)eMi4-)fpAL7fM`>v&BrJ z^1XH)+UI+>GBOOuo>x7qui9hgJf50p{ZYx8ep1=%^*H-5z%uQw(`s z)5CkPl<^8{Hs3eNdG(5jnu!|Y+Ak%C{zv21n`@s++$9WG-po(WxBut_B$%bF-+~tsLR_LCUa(m zCCg&mJlp*aO^&4#n|K#SPhFYqCQIjAFCi$7~jVWsj^^t%r z-=i8(m1yegV{ojxZ?nX{pte<>L}%lpIjce|%D2 zzd@Z+3dQ@T+62cV2>CsH?cIWn8%=F^{|iOy8VJQ+hNmf=SVikd6E!FmE8fs#*$UmD zs*?M{R^pfeShi1HU+=NZ@0_lm^zCrfXp z$y)&>yJFh8o2z&h??NvW%vsZV21w>)jr;U^zbx@h|6;S|CNxb)VZVEK;j7p< z69<&U`y->2H_SdTeFG$R2R|hOBGJ+6p~XQTBCncEDv9sJga3tZ=tB#JgdyiCu&iv;`O z-?Z!Qs#5hogK&;k^BBfo>5oL9)F-J6^0_g44(HvK~2qV*p4v-=yXwOdroJi$h0wI*3f zTNVrzN&O|unSN)vB7!@o-7f7P;;&xruRBs=N2uYk7*;rJHjfm{tQNCpuJlA{N+sWA zOL!?0_iIcN1W6sgX!qsl=crFq1{G`i>srfXw&OnGbZ&c8wf(cZJyBa2f!rRNrI^IC z-kP=oc|`XXsiq43()M}02xYswYVnBQXV8--p`tTf)^C6O z>&V7PQGsIT_-Q(IZI#$bhQPK9n*Q-EfWA+hNRp6x;jnEtO?1yOn+U*jLZ+7A1)2ar z{%7`|wOzk0Y0(#iO|X&f(sxg^Z{d7svCLz8rmw*IJ2}1c_qQ^bqal}hS^mxm>8X6y zqK~z5Rmjm`O4OdGjcI(0|HWyofD&CWyW7^(cu^S9xmpecCF@Pus2A@toUaWA+Ib@7 zGAcLyj2U$SO{-|yebV0j8%JKvMfgYFaC~`5Ts%1`X5LOg%T6eOv<@OVlHq>&4G z*eJb|kZPxa;5v*t{T6Qc%*g!Cwsnr`}r1!mekRh#U_~1mUElb2@hU30PNh@PbY7S zks@fGz(70!cTLNWZ0Ow2LfISP&eEog^xF;lv8pG`Pog^e*s^@*J0aSXgH>oIuaGr> zf!zVGa3V)J$vDg>t`y1<_??%L^IYw#cU);aiC%@3`X5%LOLu2l8sJ5X>c|CfD3J#% z5idrNiEP(yH=Xt6#>fD)b=+H90T5J;B?uR>=7YE5DYEbF9t1%{?88fuy^mXy^pUI~ zf^#aGIxUQ3x!LKFmYh<0tPE*pd4#aphwkjOMn^WA6M-0R`H8 zzQiQKsNL-_@tFRl)2?&~D35ucS;R~UyQgYh?7=k^=YAhJ#-3b;$^oLr>76RM1y?vB z9Cr^Tm8+Wa831eJfRaI#RH~LKJ`T%LLg@e!pm8F`I7qEj6j1hU3VtOD7*pg91DbI6 zd8wB*k+g`xG7^CH#haJA&z><4jWfH+@pPJug+f%vI4Q)v05EQy6rBRP9j@C%wC1am z9_vLqU9tB4*lUiu;O1#IATXETOuc{Yhu;iyOkBBYR+Lkp;VXMgFfg_cOZKV;Ou_7BXcc@mK;fR{X4K%URg&8j@ z#gI~!hgsa5hMCj60xR8GjVc| zOGo9B14v-Fb$yy7ltt>vH!^+rq&k2lo0#BWuMNM8ufwiwS!H_|h2fLQ za$n}T_&@^SIMuoqAduK!vs~{f;bN_Vize0JT27rr!Ta68AvEm2Cd=LsCM;c;&$bKn zuoQ6eD`h&yYB;Y{XwNf&wv)_RN3M<9bQn27;jeJHUeY`RqZ?7Y-HDSxw=JU6_))KD z?ckG9bur65czR9#i^u0mD2&y}Jj(XpaL4>I<)x9zVFQtqS8zn)S2az$IKW2GK>o!> z*n10Ho890+6aWs$_bxZUSUQg|Aj_xgiyGX*04rK#B%;Vm4-NsEOPurLL2%_ zwV@wOMV6R(fHNmtXftw536C`S`5fP<;&EB(d470rctA@Z)yzZzw^3qXIhENYz`Fie z`oU6m6n8n``j1Lz21>ew`%AxMR5yodH8M)xxHC3D?%Mr+U4GM`dpC2C|79WMupt6_Yl41TE*dp`E zWep1EhuBu_jg((Td7w!X7`15T z445sj6b2fI-azJpP4NKAM?HlAIkhaK8sz(H7r?68$0ek8)p)&_T-XYJ%!)Yb#J52Y zVXe@bL61@pm=&%!A>Dv0=sWow+@?TZog(YJa>VU;O>)Z#q6SL+ZczPwUk3B7n>U5$ zZfQM*LKYb$r%5Q%_H`L$K&y&nBOGzQ&n(A5VKQylin* zhhaR20Rf-N18&rDWlyLSRM(?R1;7)FSUG%}ZWWpx~bi4mp4IJW1bL}Z0#Fj+#sd#T`XF)X`p&-iHp zKA7XPshTpSsJI&2Pm8eE_n&;L;{lgXj+o>^r;^Wyyk#N(CCZ#dUjGrMy>%s}Y691I z7nCWDPCfU&4u9Bv7Yc;5U;9xuUU7H z0Ha{EiG+5NVS$O2M73-PzI8RY*XRjwqxKAX+gGqwoWNGV^*LtQ=+e?sawAmNb6;4K4@Sg2}3fQ^+ezs+g8Y z^1B;gmik#a>9#%kqS2)L#@KUNg}a=;d=;gU?H-*~fQxI`2i7)x)H@;niiCoB=onn4 z8w8VDBY*>4O*aBcXFEtv&%lMz8wofh0@08{lll>G^U+EQESOyWq`R2o;m6?~aLdkw zM#1Ek%MM_D;5EhE*N_FC`uYLdC#*KJMKziD{lFy~l@xaEd0{@WI`p;EP%Z2TT5hal z%DZ|S@7>l%8l|4kf2o=yF&PXc1c|!TfD>~O1WFX_*P{>EBZVdpmN{(IdD=r>K%p3| zXqJhmV3%hEIw~IjZJmcIh>47|7(x&MCf!B_;G{`;}YDAoR?ZkZFsMP zx<6hwsE*bF^gj4p)`~X*aB>+LQQ7YkRIpq#bs|2D{E-6^D2t9T_TLAkP{<7oXI@N; z$Y>~hnS-T=o%PS-Qv-p9t;VzsA=gD-i((eQr8&$C;JUVWX#FCk-=UFNGGA{51Pce~ zy5+TO(0@b+Uq-UNdisouNy`;2Io;8O!C!^}ODnMe&D&t+u$5i0hW1W zS-}3sG6djr^RkzVWEfsxXW68Q|7S_gyYV|QHN)P@ueWekFhQy7r*)`*GYb)BPoaM3 zLa=|ZE4}Mw)JnQfKvdAKzK+gcT9+OH)FqM|LwC)@Z@NP&$h=wTt=5&@(Wd(2GmP9o zsiL&9jC{auT{py32>$aCK7e59@R;JM&}U^RU2e#~P6n3jp*My%SCT z{dss4@GoAXFdbBoc^I!M6N==&2n>!~Yp{keScA&pQ32aO`!Iq5f}Rlgyu5@qfgD1lEB4VJ$dyj^Ft6ai7+I`53JBBI~-y zo9jYakS{}2_<;$xz-aOBwd2JxKzPO(h-PZ3AVjr#iv{En<=r!bdJqngWV3&`0RNZ* z#9N}khvaN3G(S0%2C?>6%)Eeh>Vcpv|FJhHHiR|25MaUe8(jAP zsK$~ID9*s*8AsY2+68I?b2Ic(FY*4yJE_$F;!iO=@2 z6%Ur0RRpOWP*spUgYrL?mxho*fy3cLjPdD>Y^`W|H_Z5ax_bKVRSa6`4fd$yKJw#A zFhR?o(wJNHkNkz`f?`F@?^EjGq=J?>$B6yebbL0cs#qBMHc33S#^XPy&7UAaXB(YL zHslJv_A4b6$%)H=O5SuE64>x{A*;bZ%7O$U(agx3A1l?Oqs!Ur0I*bH1z2^3_o~SL zIe_BPa*#DPHnI~SD(@h+nD<@O#UQK|w2hLC8Gf7)jN znLC67zFyhxt-61o31tZUE}RHW?#C5K;gSn&F_&Pt52G-PzKxnE=$U~3yW$QFND0lb z{_+br!k4cG66L66%kqym$+l<$)11S_2*7Q}-CjW6Xp$+4`76z!k6$TtQYYQyoKi)$ z3xT8eH%^t{UuO>5Abk^+(qM8QgRva8yz&#+iXor842k;NWB5K7kzog7cYPR7@!BJCl0Zqvt2`_Wa z{A>vOMW!kIe%G?xGiN|w8`C2C@ZT;pSE~Co7raBF*VUQVFIe=hppFVc@3p~S(xcF| zi|_`SA%{G0qm2JuH*(Xn%XwK^$XoG}41FFTF+u8Z8sn(c0q=~k68&3$u9@Yi9&j9^ zYcF(dhBD9lt^(ds@n&`L(J2mkiT#)4R>_Iz!z$1T91$c$Vj+4e;MZzwxI;qu6^~hR zkxxQWb92y!Vx$Eb1lgwX?iF~agwPN$)c;--0aK{pb>s7?Dx+OQS{Mo;H^;-xNxV-T z_@m7Txs)C<<_+!y3YuP%9|aAY_N~M}QW(MFS*UJwcZ)#&Ju)f9$K5i6tVxw`p^e&U zh)&by-XgfIrE;%xzf<8?90sw~gG2p)@ePpCDh_Ye|LcrUN_6!>^xsthSR}Ob z26)E(wpf_~S?$@k2wCU93(W{{nnOGP77cya|9=v#Pj|BNm_ej6>s1Z!;wm%=mn%aK+ zQ7;@gJ}&U9#=*~id0xz5m4vm>df`-XCzaNy+CSKSs$qPlUc%?%kjGlWHfFgw?@Hfl zbW~;n#3z&&>p)TX5l(`z?AsUMA&Z#C8XA36pv$JJm@A%)Eex2=!9bxR|T<6v{`7hu9y1B(|`FxuK+mrZT-+4k+c@5Nbn+AZ-qhG(RGy9&y=Jj zmql=oZ`&TcUZlvnPtqX@qH0&_E_Nym_){iZVYw>Fl~R<=W;IDvdwDLP+i;MH-~lV$ zMmzV7yLVVQ|ELwLMVidFHd@jg&%w;O8yJZ`HOtA_V9C5!1}`^2Jb+j3fWoab=il0< zz0?%!XBWH^BS2`61(w_pS4;Us+Z7OOdIF%VXy-` z0X6liz^Hl)q>l&&`)tk&g_zHhbd%O@n~`C!!T)8^_5KOt90Cx=u1s&H>Hysuu>EIX z;NSMI?ZE3i^3v1O9fcfcj4uFUcFIS6M;@_vc?w>R)M|LVVR1~j;RqV)&eQEQi0TN# z_3P+}x`tNY3)rn7sM2+?n@Q<(@Y_Dx4(+Ykh0Uw0dYE1!uQHp{DkBH92zFNAP77dID?`j z@GIsa;8&Pf%&$3+5CRC;fFVX$wDWvI)~@S$$z`yW8wm9{Vd|)a!AUg4FxhmdUJgq` z25^0qWZ>CtR8-3j01>kupgToa97XQ+pPR=X*FFK?uKJR9QdtML{C1CMFTU4D(MF;Ifq< z2j*{yB0i?Fw+Wki^be^W7#lI@+4z76Y!@a3(Q}jT+#W z!2VKCu>vPlnZ_(&gR6iqaW)ZvJI377_C3|UBI2M&v7?g(uU)BrtUVMm&T2@G>h0}a zZ33>mN zJKnEt1Zvb^ZucJEm(@?cJ9xn*54y!z^t44#|D7lhWt4fXOBT@R_bmu8ClPUn?;Y#%tccnMwbxn z%WHSv>VfD#d!ql!jW&Uqrvq6!-1RBq+cCihDjt<$cd#rGNvjjjLfrpp~aqN{) zb%u06lUjmIq)iZ)Q~|7zV?dGpbn26LE!YLXFaN9w7yXcbdS^CM81=^IET+cgoOC@< zOKE-lAtA3?WC9h_+b1=`gPB>QGu6Mw!dsXtFS^SP#Fgs zvg==6LqI&!*j3S^r!!tk^RTx0Bf6UdK^f{um*(T8+kNR`N*^q1U0|Yb5KI<2;2B@x zmGs$}4OVa-zvHy>HP6)_1d9;2tN(BRtdmPlnf&5X5^xzhBWhk*cn)}ztDkHKMtLK0LJ}vxl$3Hi3Ht4He4^?} z4~P}AJ^Bh12Ts8KmI$yuVe`3k@rwPyk-`VouRYP=glN++=f4@1g}+4q?}5d#mhCxW zt`n9c|6fb?H?+k_qRAep?pr@jH~A|?X@D-{)=)5TKAcGnKX0T1>v()FT{3pdwdv12 zb}3sdHJ9?})hV!Io|2V^rO-z{Or}c*$LF(n{N&dWmuJ(H*KPuE^tnx+Bttqd&1Rdv zF)LzrY257^Ms+-p{;#J@(U=`n+CKB|jJ>*?$SSiWN0)A&WHe(1b_d#tXXc2n*oenQ zaZF+xAbGDA5VQ?`={|hI*hfy(U(_e+-0Z|nS4SG|z8`&yB455Q+K>I6Zt3D%4qm5{ z(jh~|p=|I5Y4RY5^{Fo-&fWpHm6A190I?x!2_e3ExoAH$pY%YdIo-A zE9d-hV(8kvvO3OU4PN-wM77?L_m+-LN*}BA^XJK58(>Myld|39aK+p2@aFfUYxg_rQ^Jz|y z#UxR>0roO|?B2UBItYDgmwdq~FVkX<56C4qlKx93 z(3XyDA#$mzw4$h0a5dY2hWPmJ-^J1A8`4o8|KUoDF)hIGvvC<$P<{zl8GZ#t zN-j(!MT6(DWp+{Buy#Ik-p@ zho9@%J`aGO6>@|sO#8G0<$k9*3@#E?qfSXWFa}Se_bb)ET!_FLG`x^Iu)qtw*X9mh zp1|**ins=Nb(0u3kaA}350c(CV}!EtARVB$eASG|>1QQK5bU}!cOYLZSne{_uw}6a zOvz(nwUf4&4mgcsuyeXbtkTL{=B)vHI>xi?&YKk8bviu`)W*bnYo*sRjwbK>Nl1vS z?RqH%!I@;;|7g2mUEB$T!kAfhO$fcw(Ui`xP<&smwpLmIbkkukEKp8^Ew7~PHu`0T zK1Ol*^^`M5?t=Y+eYsk4S&ho?L~H>timt%&Z3)l?g}sU+uq#MzKpjND`Ak9XFn%Gg zf;n`vT$@pNlQf?pB2e}f%G77a2wTdbGJb+<-`hcbRjW=Po%WHI2)s~mvr(?oHO z*dGKB>b}%Vf!MX$&N$|Y zOgX2Gx9{FdPuDRqMfqsk0>2XYug{k;VC7m-H1AuTzZV;GW)wL705O%RjEB>z;0=2F z;!B8;=$;vuf9N+*CjfHD%ZNhAReE{vGRckqPhqM_-w~YYajL9}2S`mrf+)=m;Mu6pIs_CB%v9CTix(Qbhic+9kWKO0Y<4h}`#!Q zyb>~}{TctQ`jWUip)$m=Mn)iJN(6K`zwFkQoi}UK z!>y{bjn+(?;PdLsAc)>b1`{l~<`*AuWmX>4fk~f0Wie%WGQjeFpu zD6Q>f5=tgTUmq^`u}ZD3-!lDkBpIiop4GTni3w+|f+Ap92O_ChE3FGJPxhEMzf_JU z7Y4OK4BzCL(stwb^Vbg^Lbs5At7xkkR(fVX=`C)8lnf8Aqo=(fnvhMyV-R-h~B zJc^YRb_eYiHS!SiKpXY+GVe`^d-O6s!fTXArh|GI_v^UJ1f&+qkIV-YY+t50Ietcd zc9du)8fBRH%DxF=l!mHBy%r}me}Koo)@%e$%!GG08w1S_yZidHvOYF--YCkoFapPR z03C$!vX&<0eLe(CT8hFpy@A<)0+N{}m@vUUdZ)3+2ZvH{IG^x9-HzwuBsjkDylvZ7 zZqw8zCL;?YLiui1|C$_!lHn|Rv_U*TQF-vZbeQD;g?NqG1^x^F!tFuQX*?w<5H%7lTHFd9cpj06&~7#zMD{(xua%!rk1l>KxWZP*)0qZrcjrG?IsJDR8N z4CL%=op>MCgMda(jRj2RM%OScY>B#O3bBl{18QaO)jLV;Kunb2GMDfd2hMkzBhmMD zFdP5N#DD=ZKHTz4o1n3BBQ~Cf**mEl$fIyMl#B~)Phd;16rg5X-fcv3*u0V-hr4))@ZPf0TSJPT9L=gdY`Jn7 z_cC?FIQcDJrk|Ba$Yp!czvT;sJ;6Vpla7g;K>XdeKrr++34V6nkX%$ba;#bNA><2) zT@e=nX>Y5b!BS?@E&$NOw`&)@fZgOku_D|HF{-{=HU+xW%N`3je{9k15|b`9C=&>1 z7`kjGKpj#UPOCbKSW!Gzw9-bQ--65-=e388bgb3Aadg+Hw(#1;>Rhb1;LrVJ&0Iz{!7Aag%58`7LsB@wMq%P6Per2uIT8+!G7();EG4u zR4vI0ONz@YHy8%BmBb4w600Ol#&}B^M;9<9S(Dupf z6QN}54~2RN{)m3VlGqY-DemA@1{tKa=d))J`@__&R)WZ(Nk5DHV%0=``F@1O$+UhdDR>IVDg-`BL)nIBVL`k&IJE;Sy;NVGeMirvPw z_Ap9tn0#oCIKd*Z5ehAe{!|>!u|+C+(kEAT1xGQY$5f7K!jQo~4?xJ}ln2g^Lvs4c z{>TJo3uZuL!u^s&n}#F6EHk<#$?UhacngQb9-WvgICF+x!p-M<*bC!ofBI4nnJ$+r z`030?YxPb1S*ZX%_hk>=5td{#CZo?Q(TuJOyaI(mq3kSBH_e+HWECBGgF{>aTp9G8 zL(>ypIK5}avI6efDfH1g2gkcXkykXz^h5VZ7q7C@k;DkX9}X;Q%RQF8!B148REbyn zj9H@7i+*)f#yl0>6(%bI;pP`;nB^X3Hb6$7smt<8{(9hFeyWgMq`ld>KbjfM8@^3! zA0>DB6u46~u!B`}BB&%TefzQ*Ev5?2RiEkEemd5;kD?#~gxkO4H0XDAFlxOYwh3#a z$NeK=uCHR{5au@^pc5XJNlQ)r?z6u%@LBfRDB6_Z_tB=*C6r6Es0)Kz4ruxr)w)d8 zV9t6vyE6nhOL(v(Q7l3)YiG21&{VuI?K?b@+KN2X+DbG)P_r2wqsLPk70oZbxVwN} z2%x*m`#aKuc_hYT1^w9P)6FJI6Om-#X!E3oQcA>zCiIZ*@;YC$nAR6ke1MJk!{fQK zpp!DsdAKrv0fb|_yhU&zztdrpcOG9fd!e5?@12Y#xnaA?95^6%qH$JA9>!?)A#A_z z3QMkwhX1BS{d3 zhRbR~WJLUviNjB5Irbm7rIa@1li%WBHCPPT&*Ixm%)A=S=pOd_GNWwGHb3}gpCEta zxab<1C$W$w#V^tt|4uI(_FZ-%@bmm;&i$v38W-IFPJ;dz-hXb^HXQCGUv6QKeYDh{ z5m@_d%-tUJDq7#Z0UP)0W+tVzYi*TR8TPi`@Xb0a(1Ibj})_hYF`HbzcKRAX9cu1$O4i=7e4%0>{>>108IQ_ugDl@qgVfjhFldqf> z;bzNFK{j}8U!OAn0XE+UtPXWeULnQ0f5$_?IBQ-59A6KU7eA~k7*j0%X+zqZ2~U>* zXEFQGZqcK4PT3K=EWD%V8cj*u`>A43=>v}8AZ$mMCK1|s-BFvE7O@D`^BGN)6Bk$&#Kj|2DKsV&@c_(p)|8Wfm(osU zlp0jH-hHBS9TRiK)NGs0ZOPP9+k%zs>BuI${y35P4_ zAM>V!hI4=U*45hmL4w7#g@9Ficn15J&5Z{ zc8qzbzE|p+M?+8q&10(~SIVG#GRuqZh!)SVbH=LJX4!hKAs z*ED$86f3ox(3wqX{Q7JndXv*q1j_IJPYa+!Od`akqmnRszO|x%cN_0P3yo1CxavFN5y>T_e ztV=an1OXV#Y)k$M=)$44}xe&Z5RL#r*ImxUO>JJX$mmf2TyF*~?pWWvL|E0c$k zQ|n`7-BOkM$|K`FSUY{cdzD#RF+J2>L}j1rtA*?HcrS)*sPnL{bjf_f=m*<54-#PjU}@vH z?Q>E^>j{U31L<4AACo&DdY1RvxT84hzs|7t(70(HKKAAFbPRgC@q3fgRmEfWx!r61 zvW0W5CjEB@OZ2EBCbAUb`b8y8Mv6w2wv?BuyN3pcR$Z?@q~Y)In*a4oqrc}vRTW4w z1Nj0}hKbWpO0pW{08aQ;G7LbNy6>)L^=FtMV`;|v$1@s8VGwN@S+lq+CbCcLpo5L? zlT0?>kJYl>_e`DFJ%~tCg;`9;Kh=o`RhOyd?7yR#tm8l_?h2W`9>1PDU<+C1mu6qLI8A!PI1xJ#96}W$^0`?J!^v$QsMxFmd56T9IEU~;d)U$knRxu#~bDYIY!ar-NZ?2 z0FPGaAO#FWQF(P28&yNoEcei`-%O}pV$qY5a7bJ*(n;t)AOsHJeh+c1I*4CqYLf&_eYYvmiQ@7_3{=_&tp3DZEBE6nI1 zBR?C&j{IQydZEeV2`R+k`$5Ze1Umho`(Vxk-`Ys|sn(jd*f>y9$1?rHZ)S^NBQ69E znxdO|<6eiL#S1=t@%P#TQM5mG51Gkdb27YmNg94YFt_%=uLtcZ5z+H)G1SR_RmN;o z<0ix5uHQ_DrNrfxV=%1usTXoF1$VELMeI%%x@As zB^eK|56i?*Fyb`7Gvkn^xgB{6H zyL9>pR0hb?j{$AGkLY)G5MwACSA0Jwmw}1nS!~McPC}I~ky7UJoT8bsQGu?X*w>ZB zX4nBTB=>7>B0@I%9oX2`xlAys`C?@TIW!G6-(zqWFlD25<$MC!SbcIgm`tqneKu3Q|T#B_SnE>G`1+G+q;^+iEvR}<%MCV4x)CVxer0?H} z_QId9T;?V@@}awS$+X^+BxFa?^pHjV=SeemrE}f6$JIX;6~v~^^_YnzhW-Ay?nLO| z@0BPTkA~%9;l+rSPz+opdXQH^J7i)Q|2c~N*Yci!!@KXL$(WAgwrN?%!r+@4henH* ziGg@adzo7&*zEWXFvQ1tGmRS|xQapE0fCCwj@&T+cYyn8YOE=*WvBix)lf!sVqFg=Q$8gZ;*QtREU_(8F6B|HmnTzT3V2hp{qQ7vOPKq^v>#t9~Q z_(iSQQ7$eRuGtUL*$dMtsW;kXY4ub(az6`KuGrA9$Wch#hDmVS_8N4b_7EUC90E%I zHt+4vcgAs&N5c04i;o5Tv=kSz)SA1Y$3DxG6H(jBj?l0U-(`OWTJAynG7RI;dq83z z+c@{(24+k74FYs|1RNiOl6F6iSz@{wz_K|f@XxLjmr@Q--Div*ZJHht!VuRrYLN2yR{NJ0GV8}?zr3(q(K@FQLsUO=|mns>-HUlDm!#f(DPgdMij*@gBGQ=bk^q#o{{58us!A~}@0mK4by1qY34Wj({9RPOBmZN2x zwKtMdQyKO-G$oZ!cdVlwX*2Kn?fbYv0g8wG&Mq5v(EKmpW-B|)4d4U~`isC{y!Nbf z=fN}Rw>a+$o~4RGgnhdHB=CJrvD$O@uy({T6YcKszP-B6(OLBlB(+_50~Pn|D6A}n zF%#eaN@~GQ#%TtRY9~RF@X~?wX?hI@WHfg0NP!f*I=zZsmI@E>o+o1?go!(d3A=fwX!c0I9oUCH^bt|cR-Fws=5d== z#yy+%(xaVD>8>Pyqn3ny{He2w2rH2J)pxm*5Bbe6w>FCC+cjE+MEopHFGnJ=qtdJL zRHJ2&y#hjc*v5nl*Z0@h;f43&_+ZGG(a<|p$mOI4ShLJ1nVw3v3O-ALcB130%3Pyf zPzlct)O(vmyYNB3(^zE@UknwkP!RX_S*Ox+Vc2dy5iC{}d_7oBz=wso_PA8!Oq7oo z$QR%KxQ^k4auHJ)Bf$&xKNyLn&mHksg+K|=E@qiSaUInv-pJdjj$Ut#YYk4w%A& zSXLTwdje}8JNAsh@b}+N{S#Q}C}3JEQK`D)jC4$9%|8Cd*BDJ`U6TzgWBJjA1XvBAa+&g`e}(Ol2U9f363RqIQ?&l=mE7D;y=^0KATf zN>*4)rpeKh2Z#_qDzvb(N-GE}kj@321|XE{F)umSlf&tb+Ze12n2QioZ6h1={LhgH z6KWTd#%#Rs%e$}YF+t0X%l?C|OXu0%n1yvW z4lxrbRq*lonQSqdwU| z8jI(lt(5FJ(J%fJMoT}XZ$qV51U?1^)tq)?-{rm-)) zN8D*wj|x<7r$#Ik$l7>~J?cs!K=C>dr-T@>EJnIzjr|;ULRDE6k3Qwt zQcV)JP5!H=9P3HDfRSvKqY6Wv=6#fA8i7Y&ak1;j%$3cb9AEOFYyh0vZ6tCdW4D^N zZtX7&3RRk<4lHjsK=Sx8DM;#|qIl9pZg=4%%5;Tipik#RA>$_70sIL(4q>AV!DH*g zT1cK{Xu|=HZ?N)pp!$;|PnrsMWUbg>$>*am8Qar2-IeXeg~P|}_E{L?NvPD*#_m~~ zP~M721=Jh|>i4eqg}(IMmlR0v5`9?k^DjEY{sY@QJ+CAJ6fqr@$Jg~PqD$%1`~Qhi z{(!8}GYRwadE-17m=e2XWUgIXJAL)))owEJYx;Ek@y-4ZavTs!!^XQedITdXP1NPK z?g+0;Z<&v@wUsLq9M&!63PTm+MakkP?xlGLOl7%<%CAh_r;4k}Il>`BZe^M}kk{yu zm*gon0j627hBW1hRLfn8INCs*#^OjDA+OsYt&|3;GX9yqu(mK#co2F2v2Z<9A}r2y z9&%Q+3#Z`glcQki6TmDuXi?D)JtV0dsF!C%I9k(&HEiyiyp%j7B>5%Z(+y-F1J_&Q zsca?>3+|-wJ|`vTb-6-scowx8^}-gs&ZK&5=>mAZg0w2SlCWxOThe5{uha9S20OL1 z9n49}AyQdPh(Sv2?qAoV-SCR)USckFHe*9EouOxAq+Ph$AK=a(1GiQ3#>k4qR%m$>QAn=M@4rvBOZ z$dJ$8oJ^+|3z=jwJDwMcITz>!%%Bi66+dh?*yzUj+`@JsPgno_+ifYwpC5&?@lN$Q zTp8u_humgi^efg?0!jO~ zM2S*bHl;*D>*;jOTiHT~6H*Lr)l77;)V0p(ZQt=jzijJ_iTv^$V~li6;;lZB7CtPr zrO~#7+heha+fY8f#W3H$Y|oHnGq)$OEL_=chgw{4-ZJ)I?5?)UX$sYHewv?o#uRLJ6M~#k-iX}smtgFC+pFThM zU`=jxBK2j3q405W0?{rf6zNpx z?~uoJFYrd$ZGz8Q*|;im>Uh5`<=h`?LNAOWFPSnkze=FPBLvIE3J7hzeJ^50w_}6^ z%#7PE$kFic=>oye`;h!A#$_V z{ddjW15GBuuzyWeZ1tS&V?zioIRPANqO^4OK5KBs_sImO^`g-q-v*a^a&_nl%_tUJ z7&ex&T1ENxOCo5;y7lquSG^~Mr43G2AIh7t-{!{pNr7WPR?Y1o=|2c_<;26MdxjVr2#8z(BnP?u^95%*PN|uHA__0DCtZ&ak+rf zUX8xTYr(g!W|cXE)Nv{8kOtWw+~oK8R*805fc8j1?g5Vk)Yt9L=h||BxTq9w>crvZ zgmI0ESzu~{AJ8Utt+hKQ$pmlT)SdQJZ~|{RY0>O~X&XHU4zmaEbrk01&8vy-kB*OT zx_<3i>`*lVtcUz=UKPk9aa$ODXj|uiSl>TTiasaQwlJk=+*L7T{$m7?lJz4@EOZip!3G7Fjx=4X)bk*2(t{&}gdM-60 zYf&U&76OGgHb=@|zu`)7kEo1;Gxpg{0&YO?=dLgwf(TIu2I)58=pS6XD)`sCEI4)t zm-*fV;+ol>Uu6^A(}lq*9xJ!p#pq8}s-%4w3 z#i;*p5)-3mc2RE8K0emtN-e@ zt(de)^NWkSJmiO8=W_yk7u^roQ3hHF&Y1WPNEJ;_ME)v(n_2K`FL6GIkxZLFqe4Su zs?M$8jq3I~rYEvWQ+_dOo0U6)olqLgyUOz^`krZ9&R)aqX?m;2O$F5YGbRhR-+@|V zfveqEDey8;nNdDXhA|+`=&9O{Tx~Oy)+Nl;!mT_{ILCQP#(enh?yjz> zp0Ae-m*FZftHZ%8HQAwDcsTPLtBSC{?XO{}!h1<#Z1(ZntVCz{kLao)YI$T8O=dMd zw?BU}tQ`bPxa_p*klW5bt4R`;He+FoNX^fEPHC>~lIDk2pX;2W@`f`y7|~38d}25G zf(LUsSMguLl?8bnI>V7K&BrNZn!jne5BqBXK*2&u@nSYB0+Hopuz9BGFs66NMUn+e zOR`FHxYnRGjAZ}$YwAEt#8GX9GPIK-%zem@H>fU3BVTcUWPmyXhaqOFOE@04IbkM^bTC;SCXi( zF)~SqAaPP3H9SXh{E#sYx}GiPbdRFVR?K92o7TRkdHqMs+_Pb3&0Y(HOkM4xLJ?Fi z13AlP12sWc-XrPI#b>BCln<9yg@HbIUC0>LbeakUtsS&ZI`9eY9#( ze{)OcmWRY-?s362F1oa0!iY`Ba1$7pWYdmgD&JwY#GHaN4dJ@gnpg#XDrO-YpMo3o z;p#szpJ*VIGX=ADzt!{XIBRN1Sn^iP+oVBuR6(?@d0sg%i$gEvzr8?U?4lapI5&cg z2s!5QA$BYHVP~#!OsZrx^p{ODx-vchdgUOrJ5gisF=`FHQRn(t-c zvz^XfMB?|o$l;-eCNcNHzeRz; zs5C-8$f?a%`Pp~hVJ=HuH5yEFYCe2s~qdFV54yRht1_|b(Y$z&^P+sIvKa$Pr&1_`7=I_&n^Pv}D>Wlz zP#V2+_tGuV7bRn_Q7)eKowbJLQ&-Z|(}K2#j=@x^d4G1QL>*qa&hG|DNMmj5?>8c4 zgY~b-W`d0(%l4wAX;Hf_pw*YEM7+i*!wn}V?WA(ei>P3~KVBJKZtB(|*N*A14Rv>w z>Kx)$;I;ADmw~I8M2wLB(?Yg%UaRPLvg6_rO~)gRQZd%TMZ&Q^-sk0U9WQfOb zXZ5n;+~0%2q<7VXP!;y{zhCbYq+doOR1j-C_!~t?qj5>H-E5n`vGs5W{*rjmyCvJ` zkeV=2iH$mioVPPJ@@KsFuqs)`oIfP5+`BEvE&{vp13ZMWr%%dxr?;a$ZEmbHe~@UK z-#!o3wrFef!;j9J>4p33HoHwr52xYniL1+eb*y&%G?v=LMF@^$zA5$vRVTv+}j<`s7St@Vi;|$ z?vB^Gx|Z=BbjOC?6?{h?r(jyy$E|QK>_V(*XP}OVdi+A%`b3T3Vo(a#SDK2S)g%&p z5+7wd0fu`lS~@x2La6OWDD-h;^x-JvW3Q{8r{fi?un2<;0l2WUaDN>hWvuz8bG~&z zsZTAwK1L$s{ADo9nHu7AWM+vc578V{!LesVlyhTh|Z!%WPKa93Ho(K8?4zXXk&4mK6& z2Jyx>ZpdO+z*w5d6*P@LI_cg%n5EjJX3`cW5E0m(67^2lk;GfdCZlsWB{WC$f9kPP zrJHEVO4z-LW2lAWue6ogykiW3}o%h~!`PnM_v_=tomBZ=X4E)*#&N6T5G#%FBDD+PPgmtdIXatlEe4>EW;x8*S3K9$}lWj%j$b zWjx{FfaHL~bX!WBvzo?I%@z?86XV_B96Mh869?byZPVf2zKFK?y*RVQDcpOzX>rs= zb`|R@{BYQ~4g>bvdnw74h26&1HwaGFzqI2JIr{Gd$13U0!ysy-IHrW&DG` z<2Ge{hy8n2Km|notu~$PRAxDQ4AUY&V$U+a7BJWlVcyRZaJFC_IeXpudhbYQ^LM;< z)k+e)q;@U{Q_zm~QFK0OpEpavfrv*qZW=ema zn=Ut0YJ?n_&E(TF*4Iah!?G6U=W7s5rP$8jF5rdxuQnj=ZPS!%5P_vEb32J_z)0MB zg;5m~(Us3DBcxaQX|O4s#-a*k!nrlarySml(pSbdbj*Ek=zrQs>z%Rc3Ac?`Q*$G^ zu*mJ^JEg;%!l<6iZGOm98q%P81`q#GJsP|7dV)Y75O^V`@}NX$Km%e5&L1AvAo#!QP<4Hc+kZl3=>AQ zzn9>f6TFOh7%3M|nD!)#vZOpV;UC0DQ+sS#7!R#XBtz zj|0mG^Pmu_S2ILf5f)8_86aQ9$==kt2tBV0ue+5yZ|^`J=TZXVfQ1R?VngWD(Nl;Q zN-#QoL&LsmkY6+pJUY``L{|jh;x{AyXK6o&rhDrw-e@Rp`N#kZ`!@&%^biu2Cgfj! zLKOIfuVXTv71MNLPNYX&WJ`ZsO_>;YW@+5G%`aRZCh zP!eU*N+;?(lcbCso+%QK-r6tio$dVYf6u< zj%4NMrJ9_heS2NL?{uLX=3_uEW-o1;T>bn`uYGX7e(^qL&1!K`H**!t6v<%IG?_G@ zdbkVeIFSK3z!}tPt3T)^U537gdaLm;B30vgnSCL<;6Tmm^l$qc4$mC99V4p`R9|OY z7$T*^A3V(QY{2fy1%G^e7A(kI6dlBcQUvy%GAj=c*<-{Mj_l-?qS;W)7mReSlOyZb zqSRFtkG(srCvbyI?Sp+0v-QZe%BRzlEf?vO-@k>~quvO?TuVqz3&FSh74gidh9-tR zMcqxgQZ%`10=^?YTgdd;fJKgVbI;A}}1F2b=Y$5}hatv!>Nt?Yv*>^Ef zeRYL`f>oTWud?ctc6SB^)9J?k`*ulg)NO>{cJ2@Hi`BDy0I)@5X_DY;3+0#AUgnu& zpEv4QRfeAQ{yxX7btUz&?Q!&jP4v~{b*tDAN@99?dKWbS{zZX5b^1le+mX2%Uq^gH z4E}_OB(%z2d~+J{NiPXvl*!|O#U~L~2miY$Zm|NQ@#lN()Z(24BIs^vaZf@0tXR=L zz-8K>{oO4Vp4ypfHx9fy4u&ZkbCS7Kn{u#*YkD*0b&RWv(YmxpQL(~+*Fxs%`;5yd zrQ#aWK2pQx+IN(FN5EsT2x9K!|L_Vc>N_*Q;ZNw8TngVvd;^1q`1t!3ig?LRm_0{n=k6QmRMi!=1%88cUD60oL z*Cn^KMqn;sv*P7AC|W7};2A=YPV%%&7EEbk^jKu=`pw;WR_dv-X1Vs_mQPCLSy>MI zzk|W$^1uH8%lEG}UL`MyFGBB)Liq3Su$aQmVp0f;jGB$oZIvqB!;l6JMr*7OcwbE% zhO(W_M5}~wa)WscH%EF#e+g((e5e&`I>jQf1H7dLb)f;T`JnvvYDgTlwO91UGY zv^E)+eUK}77q@BCufF$j>#dn{%4#^iHP(t>2fq=qPtCd`BG2B;X>sqc$UaU&6#SUY zOAQn^j^p}_ufqC`edeqj8nE1BajGQ{djdjoa`Hr79i7h3uC5D9l7Vw&uxZ#9{r8#< z@PP8Ov*DhbWg@-yU8l*iTNlC!(VEe)khZwC2zTPpyl9?2iB1Aj`8R6`w(ZVpKR><^ zA5;Y17Rf$FwSs1%SUHlTI@aRh6W}WOonj;|Wyq~frt^KQbS=RwVZQy9u#a%nqrNnQ zRQxT;l(4uY`e<4(v%v*o8g|1}jBEV{Se(>zVcK~Q^A7UT#)B9MwY_ZCB>;w6*#lg6 zQn6ewW-5FnxniAxIw2lLHqGc%c!g(#v#W$n#i>M+f00~sA8@qn^I?^VaW6l3-ipHx znNpea#Uh3@PyPk~TYy7TPiv4VHsyn5_0vZbn#JC#*NP@|t(ibYG}oo-_9=lrZa&Uz zp#I@GRC18oKCa1oVN7EgKR8IRS&aibu2EpYFW7CsxIE!JEk7+FX)k|8zOqyLFZ3Nt}y`Y?X;P>))nUrJQk9;{2^RdZzR6 zG6)tz$d$Nk7^~6M)#ddiSO4;)D*2zyxf{xqCIP2;t>7w8LArYd$;bnrd{*$IfH6=1 zc3vjCeHt5tJXWHQt&iPBNcfsW(?N=9iZ7SWZ(xs6K#on^XB6!E-Nm_16MKC~x~3|x zP~$Q1&zTi$@RAuKhKe7d3_y{-XWDuW^1GSfgisoYF3{mT0y~3l{cyyNa*>Cd`5LH8BGm9D8jk3(RdZzKgCW?nlQneSQN$Wu{kGW%C~p2`u}wz5Y1j4$_F&rr^1TWWaHuo$+OCZHl!P{F-pD za3Fvvq$uLzm+=do-QDb8C}S1lEv?F~Ph-@Pw;J5?D&i+B6tE=B@-BfD9N+5Xy2HXN zm#9L#8rr_n3b40nN`BsqqTg~ozt>x}XRebXS8!!0Q|^m!Ro$=I2OZasC*>!f-eSp; zMp#edCI4EG#a0TyJCHuXO;3MbD`2!NN;w|2(dV`&Z3~-^w_S5kMZ3ud*M+{2DTcI# zg{@DG>M@#6+nyrqT{4^O{IY~G(a2cW2Jkr}qaL;&9lzN?|uBcW7WguZYZbJv*Ap~+A zkxTk`1+XNm1T6Q+a@X3z&pobjWdF{Q44lT*VHTHWNbBF9C z5jlBf4^`%hIggmqj3yiFM7n=*4TtZw8NX9NwTe9f2DL8tuu2uzX=Tip_`6*WHI=bE zF4sG<9}@6-MZRJJ&p{`x!YAP`5hI(`2jJ#@$OvN;ur&haZ~HU>mv+<43Rwg>mfxM-Q<~_08bF96S<*uI@v^BkzQVBY?MEf z{fI+L*d)x=4-(f&^im*r-}1iJrLji}QOklyA&H}h#y;A? zH7F)r-MqSWfp|wNWZ0ct3!!P=rN$kR%tAh|Sa)8n&RP+SP;Qv5F*3*YzNmKsPGKLlT6~0jqXNMzKv$>SG7OC0MwEvXgyE+p zAH1`Xf}nIb{gAlL_5Vu;dICVME6K~(I15I(slEqi$1AWOks4aJxr?JfXF3;)t&F%! zDBT+0I0%!RIhh#kU5^+UO&O78qOx!@<+ypH03v&GX?3q_j52JoOjyV|856;Xo?4f> z+hKLkc5SBvg`GHF^JeX3xpWvJ+?Fezku@5rj~) z_*z;ZqamZoyggdM&RF&}EA`&IF>*MQ_Uswo^p#pMo4UD%PG9sES%vUH2`W!ZK04LA zy)9~;lRrw4*^0(AzZKfaMYz(z03+o^&EV?nR;zr_q!qKrnKQ@Al|G5CzZc+RyF53A z|904o24Wct7M0lV5%~}D$V`j-FuC@Gvjez=vf~w&TE4utb7G)=Sy}0J$bxR<&(y%Y zU6)GL_3JBv4-nlrIdRSn|HKHAlr8J1&gT7qEr+as2u5+WTmRAJ#Skn3AvnNYQvMIL zQnW-4e~JL~6nZwqH073`bNhhfOmpB8#>(JUalNyN=qc?`?peMvq8roK886YNDlQ=F z@_wozo`+f7P}Zsz_r^Da+5AaQXf??@3MYQc7caWUhGtHh+&okl&SlcHc0w6>6JP%+ ztf5)v%H^MsLo5qC3AuZHYNP)3@o?LKKNnnLwp+E>Q+%>#UVt2hg zH*eaTa-r&~St~7v-od|Gm$*VVg+VJ-h9cxF^OFp!X z?;P}+1RZR)R=#S&B&Ft1{Y2%q=*WPpUcd`1DC^dm3_$H3nHN5(B6#-WH(^240Kj)8 zu$}n!E1QZ<0c;hy$p9z0vu9l_mp$KDXcPcf<@Vsq?0A25JXLAxczoEtK33lD9AP)Q z3qm*V3p_thjeVS-wx(uXZoF2CD$#J;rV%;6QckeKYfkp&CFmi7hr+v&lJEh+!NF6< zn`29rKmyqEGj(+vv#~=&B@V%ocuYE%VyLi?v`XeJ|B!22i-)=Rl*)LsREwgslL0?H zB(L!+9xT5Mo>wcAI6f}L$cDx7wO1D(ONS~b44R24*q@9p!_KdO7(&|MiKaMXMyhQb zlZJd^S=ye>V$YS0m~L^XjY+{9hSzvHUy(zE z#i(?}STasZbS9aP47S{}$H!DwS6BA|K#C<~8Yp-L0!xE?#MCx5n+!gZi)GJK`?YyH zx~~zk$B(2hfMM8ZyQYOei6}f^*ol%rL#aojOi%E2cfv%&yjr4xV5?3E#F!ePY7X5Z z*P^&Xicc=pdXqkcyVin=pba@Sv0~cu1=IK=SzP`^u~Mm*HinCMOfFB+Q>Pz$DUl?t zD;m!~ICo|<69GZW=}pgsRNi?Qo6L@)N|JfAucgCabQubq4xp#Lwhy`H8I^f&gPi2{ zRNc>sD+SjcHRc>t_Y0gx<%S|pqRAE=zr3j%7R_0_0#lTbYrh=1Kv|o82rvZ#wzjrL zBoGzB{OJJm2WimCTzz+tIFlx%;zPBFX)ij6S7TO#m>ec#^A?dqD2rMpvE^AT^Rb+w zVvF%>RY2$;ogj~amSmHiH;RZrdULvM`aV-laSd2d^F&fxg&6vrX}v~|Hwl=qqsHL0 z(oTPdhSIb9?MiapYZfr|E$o^rIjKlp_*(FN6%lPpF}-Gs3_ET4Yo+7TKVeVsRhiBfjs{FGXT7*?B!(ZuR?%Jjf&u`*IQoIUNK;b{sfJ^p5S3szyy?Epd_5T(EsTZ;RPW&n`7oU%3W$~> z_@NbHSnoLdc4W!%%>KIBWnMN3j$zU1x+hzD_)Q}rbG!Ic>17sOoor@Yb&gEVRMvXA zGk!agihs=s)BDh-!!uo}T0pt!_Jl4HE+bRwMwr{o9N?&uw|1tnL&Qx?O#T2^8^%n- zJCG>s1n8WXYLkPXCzE*uq*0A$YOPb%zo~nxJFATsUB;NSfMR{V(lM{r99x`>ci9=cuQ;6{lnqd zw9%^(#|T&AR+56NUU(fqhvL)S5d(xto#|3IN@J^7ot%QE_W?@&w%*P*^3|vwB z>h6Z{iEkhw5Sr-iE4s50*7dXm(3MR} zqVOEnTmJgaIrW_A?Aw7fdSPJx0$#wxW4bv%F(IKXIx0%&wThtEC$OE{TV86e3crPh$eK$YnWWytnA5X|o$Pwl;6l7+rjBWi4AQ~w-HOeu}GP7?L3zMHAw z#r0nvdjQZ81qRMiRhf|mClmSew3vUUiwH0SB>9qb+XYt0 zy`>`X@F8R^#H7}61O&(>3moT|Avr$Ahtt-`garvAYgZv?gd|--jtYi;H}KmPyPKKR z7eH_%W{vp6ak6`OF%pdhMLNEd@^^)ZD8C*lCnob3(oM7n7QDOkv+);BkyLt1QcNEMXuO#svJkId{9?4vIQCJh564>3uIJMKOvO-0P7I zC7o;l8dqt)SUQUs=Mk+|Q)O9KWF|l8LoQzG-(QV<0NXKfs0yVf{3sQOabz^)1VPEm zhR+lv(bo|Hq>h~F9?NBmU+oJfDb3aKx=Y0S(R~6y79;NtiMo?LlF54uyw4kbWOO=c zx@?QJa!XCZ%!B6~=1MYfBk2ay>7P$lb=YzQBUuNMKU+`JeTQdvNNUGQI7s-agXIhh z!Op7{1#OTgGMC39n2SnmURz2o4gn{S`yDB}1XCdv3!Ww8OeGft8mtz1wYci95mVdI z><|?*glQ^aLj{V5_r?-|WRj?$wy3v2B?@Y=x|v$z)THOu^V8Ej83-5&AtoPr1MY$* zX4>K;56>!PqcKucgtHE8Mr%Eql`Ai>MC|5lr6M-GHaA@#9E9j*{1bBplO20aV=Jjv zzHC_MfU~nTy~k6p4Pip2xlC5eHE)ys&OZa9Yr+{tprCmofD+{vh&UNkg-M+&K~zFN zwAAP@7&qxrM@On*jEgA1wY*>+YpWEOwG=_U8R0645uX9B%hLJw}*6)N%D8V*JGoOz?`^;jGnBkD~4k&SMDu6rFmup zmY##n20h+nclRsY*H7~NZK$4&IjoIgaE*x*Y)J*7e<0mchEicMEk~~mUv^(WaiO%q zp|!a`O;9=jKyFM~V3N$5t&_zcA;4uBCv^SE`h+~RBF#uz+&BE$5%2tb5N(d}ey2#Z zASRgrl~Io;H3{Dk@vHE&=~{`c@XaG>XbT$zn$>_&&pj6ulYrW3ivD3k@R~EM)@FLn z!z5&D4KyErV5%uI;9wXdWim404Bm0Tld8>C8OjwN8_-ep)eafW`fsgj9QD_b9?E#} zfpuY=)J}m+)lnn|4k!i0q6lFDMEcv*kmZ<=9??T(A_4pR(HPvNno%AHNofBxlHUBg zN4qS+-Mwc7^omcif(LL2VBLc~9`pubXwOD_fZ_NEF&#npNu+dWsLOZ2ix~*+Df@lK zF@f%i&IIIQ1RQ@GSYY}2K!&lmINcfA^3x41CN6kAL`7L|^!tJ&LO|G;Hg*N5 z_aUMJJ%1?^tieqJQEdV+32pQgG9zEscQAdujlIF0Oa*dTq=C-_E4V<;WA(aw6Mo!D zD#|g6yN6BG>GP8n*HE}I_l7Uaz*KU6?=y7uJlG^O0~;POUF~}-sG@%lrind6q9;c9 zh}YgAkNskpjpyl3f50A-HIsM4d+gl~C%$E(Mh7pc=Z3)u=9q4eu01FrA8R=oxez8r zFjDDP8NzW*M3_ELx}Xdpr9dWSN}dn05j=ra!eeuXWG)X7X&W;V1RTcawF-<3?~HXpwJKrJ~FOocP842e&y5O2CIjUx4!tI)tA4A=vTelKo%U(P7%gzehd}qryssw}SEXlR;NE`USgCS6R12 zTR~kQRVONpqpM5sDJ}ow!DdgSQdl6h8N2JgxNIt$W7R!Sc*1sQXAb;P>eY z0oiA>-HI3Xi}Pl!lH0O*HSmKB*dGoc0Vhl=-3&9Eaw$*JYi9bl>`@An`+5)m^7!pK zj{a!#C!eW!mx+svJ<~yzy=+(6Z4%~aqrX_7}F*~&e8;`U~&TIHruTT`-DV{x!i+w=CTNK6IxLdbOpPTb^@ekbED~BHw zqT!Gw#C2qgUfntukp7DWz}`Gh?cHbZMjm<++2UsI+UqZn%QR!TXEVHB=O_|Mw#F0c zR_K)^F2t{mV%KXMgYO$!6^+w7HvhsdCqBbtTz50%h?;HQrg~!{Tek8Q_J!Rr#wgQ1 z)AvQ6%&|(*4HMPr>WNQtE&;r-9#YHsiVk9vEdoM&oxAQ zjo{xdoa~O)8z)A2#OhH9J7#T9QWCiYgcfhM?1k%hompeseL97XYfGjP1Ya z!pXiNU@A(kfJYse=<6H_*VQBCSlNr=4R9{ED-J`FHOZ33R)d$s2QxOWiHGG4lnUVB zA$8kgk}Ti@e9)36Kz%;MY-jC5^+zx4^oo{Jyau0mlGFx5+em+qY$yl;sfHS?@f=pT zqQ_hRtZ@k>hA~!;-DDY{C^EP)3{!$eY><9iWrcg(b-*R7b$Wzkav+yb5NUxUQBG|2 z0B_agL^jp|4;ugE?Q>5sRL^IX^cB>wsZ>Hu0$&`u$K|5pbR}ZnydsO|;dMZcBIWzc zY>bjosv#kT4O(7=O902oGk)(tsSeP%e^1k2fEs=R!z=8$01`GJCO38*E!*~l0fDPW zur*5C({ci}cOz~a)lGE#j|N>_o%6OvqQwl~2O3;05NvTnG%Sw3RM7Eie&DF#4QL6; z<3rgll%I&xu4ay?x1BrBDXXJ;|9+-|N%WBefm@;S)>=1+q15AS(~1^6o^3S9!YmVl zW+^~xo-1D71p-`xuNMI%qG(Uq(?A!-0X^Zy3=TQ%;1em&%5ZKsQ_BBoQ9(lIuVmVO ze_cHAR;I~NgYNZI@Qb0_%%qlyg}gR&1QDKb?x+i3^k@dOQNPGwS)~_IsScW&F}^0p z=#qZ>zCK1W7udU@tK){A_VJk#)aq7bU%of%$^VG4oiq@t4Sf7yp9JkTCw=d+!v(sI zZzylpYt0V_7k!YFu3L9mk`kMD<{^MkJaF!GyuVTExOa)tct3mm5O3aBCQ@ZS=h_Hc zMO)utReado%<(xZCA&ZQrZaZ6nU%Qnwn0$mVdeogdu;yj`(n$m5B8g*J${!(j~*D$ zGW=Ot5sU5DEfz~s7Q3ZGINnUOE@x-0pDJO$I?ifziGY0xmPUyJ80!Z_0f*bPSJLYV zEmy~d4=YcE^MdK0P=)@&n%EIfFZ@e)rdVNwb*hTszB8;QjKeKHLa^iaA@O5EB#jb@ zj&5}@38A-Yp2WO%Yl;6mK(LhYJ@7BY9sk!*tioH%4*=9@^M2Ifr1sy|LF zw@TA8*sjw9vo)J#eIwxmk?2A`vBbgo$`~tt|2h}SF7Z?r)`=sv>m=(mx+y z1V6oPeQo@^FUPxW6saKCC;uG{eD|b|gxx6mZZ2kRL8-_Ld^7;vap1wadFOpUlXbvdy#J)q6^%v%Ccu=3I z^GWq?wury2b8B}dePIxKaX@FTn3{x8-p-8aOiZ<2)}Ys>)5Lf{vM63OsDnDktO-+QOig?#A>jJFwD+~ z5u%Dkz8K^SdHBYq-t20dANTstJd9CqP7{pMg+QR$Xn9wVD$_^_lx-a{ zBt`L@kqv+la!gOy&Y7k}{mJF5dXksk4=Nu#V=@r?#|QZhk7Z)9vNY#U=TE#Qn~31| zBlO-!JM*N{1!4&aAUTre62yE1#{dl=B85Z9GtL4y(xO3TD zQ}2%Ck!+T|7vk2CcQR+X*?V)<;6NGeOs_x$?`K<@ka z`q-_|G)KMaEWc0zT6G4G@|0GG;37VtkY3Ofiu{VMmD%sbCGAKI5x?#wCm|#)VJj5X zm|5ctQP6j_0DWs*K6~ruy%<(7tFfT#Y51w#TSMR3(^~Yb9IE8^6WrFO?Y$zCGK+@i zq0SUX(G%A9Mu>F_542vcw=}AC@2FnC@nL9m+KjiWtXEjFIw^GDu6mlqSlS8py%4q0 zYr#lBKu0}fI@Y}IjSMso0hY>dUl&rWlW+%`1h1k=biOw(uADopd?F5IP|19EU$1pY z&B4^%peO;Mf@f+~!3l7T(ZwbR1JGI0D%0Xp9?^C}=9+CfNOy%d5G4HaUN~kcJuU~x z(vyA;)+LA(HIy=*)(uhTeCS2+o9jVwFR*V|`3ZzQ`IU#62ljjux zL6CgzZ_`QTJp6sL=ygck^80ae-L!y{^;n4)nV}SWXXY8GYmQ`6TgO!9R34O+!R1sh zLYImoh`PAlZy5V9a+rOy_X+ zen9_1jOF3RH7ed^#F__|aagag$tVk2gn-ewL*eIF6?pX1G{|gmb$#PTb;i+O8-A$J?ej zXIjn(b#AVQ@jOnEVls@|+SevYVUxZ4!zaJo=4r~6NaI;TPcvQuA^X3#PU|<6ekt~R z_Q|PVpQnnQQzqr%W+z&1LS7V9S!ZmFFQ4<&ljY4%bS3N@6aeGjyp@fZ3;|@+GGuth z)r;M`Az@AAp%(rWxv8(AgFs+r#N%+O(G+zxfjrp!uv}<;1fjZ6^9q&QT8`3VCxqYZ zjFe;OhfgR8J(5PnUJvoc&4W*aitqis?$u4VgNMW3YmI7S)9n}D39z9YLkfGxFlxvz z%wENtfc%l`=leHOP4g~^WVdSo$D3B#vETCQyI`$M6lS$j$tG>hv4a zIPVDqDp&i^<>GzjlD!I?@n-j1|3FcIt$?``+Y8zn!a82Y2oaAI$%z4Xf!;2E);aT3 z{S+n9y=uO2GJ4YDx+_v)m+$fTI7omH0%fC8cU2ztIT_)jm&pLWN_FLP=OLC}$;IT0CK($4?xyf3CbyEr9h5wn}4^xVMDE?QW0k67y6r`|ld#}QlF^2OQ6^ZcLh8YvX?I8hl3VidtD)BtFJ{0WNH;0mG{3`kd<)6Vh}No4f{%8 zyV|lTlT5}}6)KQ8n$NlE)(y1odyy(p*_Gh7+!{l-Ke4X=x;Mq(GFIWVo~o+Uw7<-~ z^?-4t3*Vx6JS1|AWMZWg#Ozug1X~{cR)A_C2p||&ZgZj-be9I|j-lW(5M4a8ck=j# zMWF4rtz6%~cy}`*d9pc_s-)Lc?*WYzd+_+F-{pFDn(thqt2NsCm&U`a-@UPB0-rn2 z63OGGaVZMk!qJ)q@y$EZlRH^^#=$gpO!Z7_Rzmct>-Tz zd@ixmMJrOh>sM%r+s$e-g&pRxG6S3plJmnb6>}`k%r6xqG|p#Pj-k%V!~!>3%my0@ zL7U}bw#oOH-GeZEO2tk|OOuVjUtP%+r~9A}fsD0+2ca=KqQ#1E7(ceSJj0~_C0ddS zo@0_Wp0f!@2^@yRN??zLXV+)AbCB7B|6uAumHl)Gt<3Otly(s=mB~c5V*F=+7cY<{ z&mkcAO4dMf1R3O-#4KTJkX`u#%fdh_kJ#FJhwJp?`rTy0k3&PflnRJZ>2g<48WA$` z(r-#Mv~3Udb800%(IAKL^^U^l$3Rr}Fl|YUfHfS4ix~q(kDO!#`xg2JJN(9FVV#HVH;!&|eHdI+>;>~| z%CN?xXXwnvx9>6DrdJw#;vN=`9r}Zm<4bQpOu@Q(D@|xcHIvvU- zAO`x!%(?UH{EVbN^;#x>lpWL1Am1oK7u-zR{lTW=VhAA$yoK{-m|37@mbyUZl3zm? zEr%)zb7G2*k?)dsg?B`WL6w@P@+Y=f-WDASzYPx$k8vieOL3vbwsZ1h%?z(XhdK7+ zKi9R6>XoY+wJJUl<@)l7V?GNFG32ukVYfcV1hL z!`?e6#4ju>lUk};Zm&NVrkfU2~i7>B^Rr;U%GcRL9J<&eS&~XV^nRA-SGU1iYOB;NtV)Q!fZwI zYMp@sAxGTH?i7WL(GG5%tQbvVs^Hwk+IXdv)-Gtt2`XR{C&FwWA0Vi9PEF7qVMKp~ z?~JJ<{`{OmGGsoEe783Q?yyE!;Fp9Bqw$kUZY(mhKFNS&lzI-m5hw==3YBUDFEtVu z@g%qDLT&|1C50SCrD%7kk@+&QUVdDq_ti1OIl>T}DNgYk5bwdUI0CNcbxS_fy`g87 z&yh)vai+Smxx}n*0ZsR|sceN{Lshio)#!kJ9NBA^QmM;WZErzt5G~y5I zG|wfatLYF;P@Z->hU}RS-tLYc-s8!-j)6+B6pP>JQE&+1^(aBs`siDJu(jS_#NzQ& zm~E~;u$&#FZZe`Lyyd^MZu>#=B;MU)kh78c+IX8{i97vLoaoE2KHVYYlSL8&o-dv& zqw$sFx}rv7S2`7BRT`YxXB!fJWsbR#3W%mxU^%VPJx{6dZZm1C*}5!n=-K(bZfq*} zUE_$w%Ei7$&p?Dh3M9WV$Ad{ToeXXw#r1qIt(v`$d-#t}hY`L|mRXIVd(E5a|Im-& z-5kwg)k05yh8{Qb*3X@Qzw*~z6AAjjD?Z~%#opDfG%ItFq0uRUZe&GQ$rbAZJOYBl z=U9aI0>@!-89bE1^i=H`-Y6;AUGXYtiU2Y)28A{`CmodPDn>NUm>O^Y-YYXJ4hO)+ z_gvpkfEYMakwe4Gk&k!BOhJscgL*5%QGKel8 zD7PAkkQZ=y8C5HwTI$|@a^@UAj6 zvrN0(Q+r^7&_J01qB6w_B!nhWdua^1i%NuYRDo_fVhK@qQ*@^Ao5f5q`Lb`nrlD>h zes|HVjdiWkX@JZ%1mfxgbdNvf#n>2^7lkV(!3!NRle;$DrvNi1d3y}xK2CjPb5 zU|c8-^;At~BqU(7C?RWzysL9+K6Ur}qO`lT(A_`Ldf_YBU|+5WJ=K`G8{*Tcbq}z) zzQt{9m-Pdu3)$mL6||v{RK53bJ12w?rgobdIv&I`?lN=UgUH0bjEUs!LmRoe3UMe! zRGV~fTOG?5LCVsqz4Ki$-BG;uxY^m}(<|L=PYp_PSzzK*2S}N%HlG%TqYK9(E1&;t zVXezw)-C2BOa}$27Yg5bPP9Fb*7zvup%B`|HKQ}CHM|E6YhWG13qxL?u?ms#U`Xb4 zplc)Pyu!k_L`SQd-m~v;47>7Fpd0OVdT(9GnX(BP z(x&m|o|E6dwrg!}Md9pQ`0n{5OzCz|YQ#i|Fv)3^>%&DAyKyHSMEj_(3(k1vxO2Da zupT5yO%{o$->Rj{CbS9nNg^7HX! z+jP(EnEGh6jKm5mQvRO}`By)F_U;JClhS?c@J&F2b_H6KKfP-B8&c&JheL1?j3BlG z?5bwx6IR}L#GvT>V0zihrpJVnLZfA$WZD-y-bq&hS_pv&wx&+9M+SFO0E~_H;Ehf+njY36Kra^9dofF=V^z7E(g>< zvjv|##q+WI+gRJjHqb=l!GW=h6ZwMOXyS9{Y*%SJJ*VK4$T(==NPlP{f{8*&;z%?B z4qRv@7O;^K@Y$QLYytt0+`4YDd<%1=oYBR8y(Zy&=F4+(^D2jx@gB?hb6lZ#&I_wV zTkG>7#loq$h-39ty&~v+#up@emlhcL0VpZ zNy+*fDaYGt)lrU2To3)s0ZQp&Yy(mM)@BK`m2e3Xx!vX)V7W@!-O(TI>)h6t)ha7W zydR!5o)A3D>{KOI47*=AF+(qHoQjTb`|qoq&xr{`SZa3^vRkgujXi)US(W|RfuDZY zq8^KNDtiJ2u7&)e*RK4O`WVTZlGsH9hSxW4JV*4K2GDN!&D2uo)``}yg-VnYuNQsS zLtrrsPk=CVoJb1AEIvLf>1S@!v((-y?p!U}nKtvpE1h_g9`n;;d(tkcLD*bI%?p$# z?+pEJ+ra&b4D@XrjVJKs?)D8hDPfep4dR`F2oGfZc6tYDcUj*Y5ip-Z+PgR77z9fp znhjAB8Wq0Fy|1Dp>pE!t5s(P$sz+ZA-R6r%f!y`aYRj?Tez!-mo#9lF4g?7aLB?mv zwoFG694egK;Z~Y1v3}kSEmf!cFwue?+r@9$&~e;{js<2DsDWO~F#KS?GkER18)c1^ z8}bwoBK&eAh$)96eC`M0Un_CGr1O6wylO{9kLPf^AA84;Pc+llUltOwc0YP&{v-0r z@ve3~akmZ{g-%y;O#VRN<5gpeR?VOYtq8=rRJ9qI#pLg|y>RBN)yLWRm|DfZl(jc5 zJsv;}GB4O;nFFPEq*h^JqQBIsRLxk5y=4`zcBdV#B06qbJZ??;PmG>8R5}QITd*0q z-iBrL4c5f_NY0X@>i~kqbyPoC>)L;Et*qTIm#1le!%C^~9kBqZ1;*bwNSJcjEgpp( zIz`RN1+@%@Vq)G#?U};9N~k$*ZLlFj@wBLpTT;7r#p8`JdlTsFqK105ZvC$Y*A*El zbp?`1d~5n1{rzoajY;+f;Xr9_m1%cNTwTM7#K2_?H1cAU7yrq}LD9l|Df9x0IR<+_4r z|XlUT^#nM*| z;T!{WhcThsO?4hVr(h|71@!G&wJ-!?5faQd*I3m!eseAwd7c`#mXv<-_LzzwB|%f}|- zx0^o#W;9dj0uHNT*s@T^)6t#PKtNR{poefczcgiwsd4=q+j`vNb=W^zDkisWUB*k? z-J*ZvZ5-%g0n%Y~egW0dH`55xL5JMfqrlifHkxRqNV7;oDeEP5a*y!1!BhQmPzW{S zg2RK}0Z);X^X=b#6Lg>w+2gc>E&AzGnT ztc~z2BlHsNn_M9B`yB9Q9CH$YynF)AeX9V0&g&nU?wtj8&*^SEdgw=R}$WCy*DDxF`IuSs@7e0WEK?~S>&CLMILobyX2K`6q`ztIs z_-Wvpc%TMUQQpUr3!N((D!M5`pGP8F;T^G3u8YLsq#(c4YML;6#IkQ1gVO9j1#%}6 z_^YrqUSO{uc|Nn5z=?Puq1Oo@gfnfpD^cRE{NGFuU6M zYa8dm^7krOV=#$U1t80>H}g^8$uxMS)2rjc2^*pWTga9RGT*M zE0z6)=6YxCk)kygIMAqN%m6fwmcL(t9gYk>yWVA(WC*Gcumt@Q0*W5@CLnvsxbQh; zl4He9nyz+7lkpX7{qpiMEUBU)MDJ!D@1O2h0otI!n>$)Nr!-g}gXvqXC+`1w+~AjR zfHpnfZbJzGiq=0KY5qsUSOj=t0Jv6x-9MZztxXT{oS{DX}V7{$^v?wS0Z1l{Nk-BtSEk?COj zhaP`J`ic$W+0lgou3o7#4M+rX1IrcB!SR6J)y2L`@+eU-f&D=ds-YhSh#gB7$z!D8 z(s(b1#jSCMBE4oXxY}wkrJ3N2{lR<1IZcPp_4jcu34h5G zT?I7cF+uPe+cOdlXMU>j+RRf+eY1{64u7C?A}F0$%ltS*U{S&aY?>+*_bfiIM?^&H zrDfki2$G#A{1#xddjK}OTuMhK zSs5%L|8$fZ{4IDhrB!8LJ*p;h*Db6am8dExG>HLKG+nb2=$oQ{KNKbm1{&5P@&~_B zTpT3|Ev~Bth%pMLCnY&s1F1||<2F2e!+$?E{2e^arwTGL2MyuFJJq(iI$cL;Y59oH zn~Hm-$*@2tH1lh<+op?Ln_J_r6Qu?Qj+>*&2S@ky=3%!Ef5VeFTq5vT9ql4F<8Sg~ z=IB%p^c;WJnvat`{LJwi*j##`;bl!tZt-yZN`xlJ|Ii|9*H~tAEHK=u#TFmjRHOOqKS#_uq z*H5wj2+iF6Yp+HftcQE5+Tg9&S>Wx_=PF=;1XPBWTbjk0Ts+ZE|)FY5XAp7|Z) zUdV4+)DJBAYQwXwU{GjU*88)Ps?SDhHsLuMj;Cr7f<(k{i7l!k9hG9+ZR{~ckx z03%wg_~7;FqeREGANgh%lt}BPmK4b>>l{1{rnc`UoW9>WEUR95u23;UsSHCeOpk;} z3r@CD&2_twr9#K&D9CRjg_}RrCNUelYV-8)#}h3UKgN3Ym9hWlW(slC&j$mFI0g_{ z4N)`}Ep|j{7>I`Q# z>}wnCY)f``T8Mpp3hjItbYo(6It|enX?2>5cY9t|uCiL&u7>(W(7FcVdeCWRzg4|p z3#$ABVPhA3Wri>2o4?PC4MRgA#+BNM*ja}utO|N&*QGOmTT2!yq!DYZnZyn*7qC)l zdAt-(+Qv}W4WX8k!&}U8{QYuElNhkng_~&ljo*Yf3bob>^lO2mBZ*hbSf_wb#;%|M`(r4_fjJ`+G*Y9)fTZD z-pIOf3KZ6z8?}5?fCdIQ{@nnu{UJa{L+tD6@gZr^abfu9i1E+*fQ$%-4Qyf|cjDJ7 z9#VBJqMD=3dOtZvh5Y6?=t<7wzqn~8KUcO(zG%NyM;trtU;RZ6%Wj$)!kqIhk5vp!PmBN3YWb=1>uHdQ4e&=H4)B_@C%Z}+CMj~fRIS^ewKjp4=n@?mja-i=v5)NZ!=#I2 z{+Nxm{dk}z;V8d+^@YuVvH0snT&d6)R!VI4p>24N-dLE0vMGfv&F(|JR+CsOQ^;AN zXNbmechFhE?4MM{h^R4D253W&geXPM=_hL8D4E`&7<@%W-C_&jEB`$q_gAyeeSSgT zS)6-yV6k$3=51*FthDn->0a1V_)jg;+A^y#3gTdA1}!r)GYj~`?9Q|EKby)wD>4=Y zp5|i(9X-8#1~o^T|2h5IO9ov9@2AhHiUgJVC%&%s8lxT-`p!= z)2a7jqurzE`_pnCP-wSA>a^*%U!LP%x&AUTZC!RUYphk!iJ%l+!is4{x=(UcM*LC{ zEuQ(Mtx0AveNtqmYtk1@- z#q(l%O?>61;Zqru-fS3@UXyV(+z(JUZQt9{iCy7=IF1kEd}G0*I8N5|C&HCdMWrG{ zVTLG*oNA-9g2EJI4S<+#pd%FZvFzW?g$ZsZM!XxF;0fhjmu}VGUHSTg)k0z^(rApo zJ8UeY@788+wDtJFG9y}XDuLIKBH3FRp8?n1rQ%I0i(KXk(X9#C<g$_^4{;B76|WcXw{+9%+)LvRZ>B=~%~SQL zv~)34KN?fN^V@5wUoTEYq%(~`dppy6hY|3y{)2?+LZyKJJ_crtlFL5v!1t6zLU|NL zPi(Z(`-kpgrP!DlAJH1R*H-_#4}%|6KLM1*xbldeX?c-3$X14JRpx^}%_PDFW8iSH zo|Z=Fh>jfu(jfdNk}}oC_GppF@Kpy+%A3&oL=xNHwA_bLW&1=^MwL%bEE;*A}xLd zXSd?Gk!uGL3e_8M^yc6-px>>WB>wlw0@TE*Xi$cx#P*V`bGuxi$89@ecwbrMCHb>$AI(_a+dhB5K!(4z-FKf9Y^PS_zg&~%q7{WPmT%B(3KItB^^qD-PP zh&3@O_>?}hzhaeBHW6zQ(sWq{O6U&<{H;)`uFj}?HCCcAj8zmreAxEfNOmji3w}fI zU_#hfWMY+A6qS|~{8dQargV@Qd8kcFwotOV^LVc92Lr?U`Of-lECQ3a;aNp4cgbJc zQ0??4w5?n%wLCoBoAJ0H-91Us2c~9rIuD3C=bgP~f({b2;@Nwq<*^>GA`RR>${z_k z9_TWpKiN($XV+JHUq?>Mug%2vY)+PR>P7a`KE}BhoWws&npL@uxJrH_-U{vZC_yV& z9#_UfpxKF@^o&2OZ!P^3h(jWN{rZ*hjQ{(`g8yFq6@T%!!Rz|iMTvjVB4T4xiI23Z zJwM^CnTB+jNBX;3>Izh~zG$xgbk#q}5y145X*E2=KiYtD*jLi7%sYhmnRTe`NmyO{ z4e317kk~X6xeSDJk~kw`FT&CwaliRuDA3pzcDhYR{NlGMD(|ceU!{uj*aTl^mm~%r zx2?pNG+N_@hlFRhxRbv0S$!>;w<5uxb#i!g20j=!uZ0$`|NUj!d%aduk?EuTbZtY1 z#A5Qp@>sr%itbp*i&3^45la&n8`GA?Ac_=3Ue-^sG9x~U*DAhJp)NLbce8vi;3Hu0 zb@727+m|05j}SKLOtsOCr9RbAZvg-dG+dfEAv30G! zX9HTm@;r!r%{#lrufsZdf>fX-WOW~CmJHqPjG5!a>`}2%!u!_0t99No_-D#23oOma z*e12BX7RDBFOGdhK-)$Z^yM}Yb2q)@MTKWcZb zYzb4YOiw+5(ap}(>c~zwN9au%%%cN4({VGBTbgO1M!alc#CufqQQ!r7ergD`EqXwy zs$FkQs|v|4OY7e=88QMqO?E|a7sEI7PFawQ_{*g_77cWLLctTN0^iAVt^b}d^O4@3 z*;wB6{l%l$dXsGT+L4lqg2G!uLc)3`=R(baf7cMOIzk^q8G`Ybs&bFvZ$TZc4iQj$ zU}I*sG6exhdX4++|G9YeQTy#kmWul+`1$DuM7_t>fckc6`%dAj#{b4t|C1a8pCzO= zC0I=kVz`+$1eM~!*2>DtC@EQ*=|IO*VQ1Oq{kZg=*I)@+Sd7!h z|M~N1%p<2i?x_pbf9J0Lcw`t;7fqO7@^rByOmzG6y#$p*wVVbx>92TGX_p)5=c;7A z>;sU!w>1F6?A7JL#?t&xjQP(pWG3<$EmD|fQTso38dcg1rzVL1NU^Utf%!+XO`5@1 z&HqM$^A#8-BD=SAQ6+%V@Ai1w%K@1 zuN~oma4|9>Dk>x1R&uNR|15$jkKa6G8>N?*ToF9AI46)S9YwGX)ZJ$y{w5d{{-0T( z1_DY&roF(yWfIWIWqE_=AHfa@n}Qh4wBfTnM!)}ajG9D-52+~8yQrMk*_CM*cOepf zZPEQ^1TU_DcM@Wp9>@uy01|)%b9BJM!4Eh%Fvq+>iM`Wc1_AqH&I~U=O@@joczxcn zcKtE}m%G6dY5Vut%EK}MrzgeAy&C|61~unDa$bPATG`aZ!~g@+N=xDYJij@7pd{1) zn#7cK{V@RunR=>Wr;kD#8;1Epd63mc;E?>N7q@(K& zmoo*u(AugV@$btKkm)b}6FKU4SHjp^Xj45Q1fnl14ERornO~?%Bv2Hw#8o!&hEmvy z3CPLsbY4>aKKO4?bCDY)K^OM)R*-@GFl;PG7170>!-vu~3zFMg(J;%pPe%h{?KL7G z*f#gBjo)6BARKuxMG^{@>k9aNE+4gScNyDc?HFFF#TE2joxP!fO0bA1CEu0JO?X zegNpXVvM^d?=2u@>HpjP;dGDR3(3usfws-H8K!ujCc;MX=@}nH*<4r&Q!@q$G5YVz zZ?4}ks~5y2HNrBTW8Jp4P_AzKS{=3Tg*EO5qm*QLE$6CsbN8mbUMUcY=qlig2#p-^ z-~MgZQxj-UI;S3z%{Z6)b%M(9u=n>D?(yWNklF8#&ornE?HbRI(O~BasS0f^jlVM) ziO7>G;Gda4IDw9$0n3e7^&8axnyLm*gAx!<4|$#9L#zMA&*;2K;!ncyM(F;=u0?%P zJYmxk1H$q8z+XWD$Grm0ohIl@-V!R2!?L6U2P(8TZhB_fH|8pe%pU41FfNrGm4vrG zIIy6@^Zo`t{zeipi+){=W)m)t7J2jZYRAMq5$9oVpVP}FjfU+L?!AEbLrYyzr_lLLiNOcT=metz$|?mjaQMX+T1)32{)<_1*X(e=W5``_~{%b&saTr$bK0| zA=tR>gW`c`{ly*Q$(0(LEcct%rDB0!+G8pTqz-)UJbU;NBp!T59#-X#c= zXh(!0wVl=%yE`y`B2q~Sf06KmrFt*-pPt!{l9%ll;oO6g&p`m6Jgi|XPDu);`UT#;oHGkab1}kD$l5G6urn(p z@P2D?&-U1&bJCn=k=2$!HD<&%sbYWyqkGwW_Q_#D(E(2p+ex@(NY-ZMe}X%YXpq zE0c_1nN3M?TzY0uKyrJ11>sswvLx<-dVLlueGa~lWf~ZmyZG|fb1E1B9}Cs|&g(xv z1Gk&}A`sIAz7wPuSjFwzr}X$kwrsTQ<9L?n=xCNxjMDte1rkF1_dzWpY+x{_??(vR zd970d+CQ@VFIo0#8EUH-!G*t5jg9(Cwl&I{=P#{{N+{=!X;n_r@Xotc>C^qHDuzNl z^4>I_Fr!NXR)}lt65sK)rL-GLywX%q{#qU6&E-dQAVz+mAv0UnHssQex21nistwJs zo?K`gXWEsW?ni~p4+P%a9v>D7{;|+pc}Bghxb0EJrItJ&nZ&~_PeJCQ+v8ul#6^}e zf<|g9AN1=3o8=uZ z+j5MLhG3m8^l^^zS#7hvcist*GO0JMpO>0P8~OKkwCBw>SuD#|mo#$syw~IK2sKgX zSR(3pKCIDHyRNYtn9St%L|WarK-$5}s^r82ReS9@IV??7S{7Yk+mxoLtnJOCY@5~L z;JqATR(5q}OS(OOu4|rlkv6ue5{3?Cg6`?-(9wh0U_eux3VY82bqF^+_*v>Vu-qTN ze|~aJ*Y-w}R@oOes+XY95oHjp#;uq}1B*qd#0(hBD01Vu4Gmn<})l zb0A~#!Q)~3vNc^LUT=$vpxl7}vc(3=egNv1F5fHnDB)e-hPM$46$<&*Rr4vTfi3Zw zXVzzIs!;7a!EtSes3$`ma<^yCxq7Ca!1ik%2uQ6ov7hF*iCwa|&owA+Lm9!P72+*%Xc%Hh}gKM3VlEZ{Gs z?ELwf|BTokV{XNOxmN7#lsP}m6xAAqRQU^4Uxo*~JZqwJHvbHDzwd$S%h9va zr)nq~lW5;%Dn!vCBb`JNSyLE#@NGxxcAaVll8=nK-pJvC?97$P@e=;m@ zVWPRA1?C}b+;Dv3pUK#DMnCRBDytCKvT=i7{Vr=e=Emn6@M9>V zT1$nsLtYcVifkgjGiO=coQa?E_7JrtP@ZjEPQHGb_6eRTIXAYo{E(p)e}PxxbScU@ z^qq!jq~nM-^TW~G1S1bhG*^k|&Qn$$Gh(eJH3293##F@y*!Nz+wtuq9FD{+%&+9Fd zY8m@@)tXXgwVzqyv4b|LeFb6B%K;I3aN`0fwPVBD@gDbgvz5!B1V?|8b@PzJ`NR;( zf##HindW@2_|(-Zd-qbxX43=T6ZyEHTK62%0P)8mzI&SStrunM+-x)Pc4|{dJI`n4 zgUzu}_kGh}qhVhWjQxDr6DGA(3b$rsj<{=sYj}+Q%nlXrXOlW!K&}Nsam-ZIZP*qDB>Ahx+c!@yABjxf}6y z)o-ljJ^Twj@0t*|%Td)^ZXRjM-S^geC>B(au+uQ=2WNFTHTV5%d4jBQUYFLh-o0N+ zkMkRj^ZCNO7to4}%zrpxah*opsMz>eEn+#Jvne82nc8TDeh{Je=~IA*XmeY_pkXa$ zsNgI5p!}2vdiy0pGk`opii&CbFqQBy$71?Gvh&JR4-bEM<=3)$&X(dUwahD5@w+e) z(xJ;zQWS&AXFf|dw9m?4lV2Qq4AL8JCf%5Sn3a;!-&Oe(>4%A7sTxd;v$luG#%Ia-wY%J$YFVCA_ zRl&cWa*E!dFc_1&d;Ihm*%0g&0lcE02$a{KZ6@v>XZ1BOBQ(XWJ+npYQNvAz&qm22 znP;MOxqzKj7Mp-4bxP=ChLiub#>me`M-MWl6N!>uKEq%BoYFh4)L}A07{OBRmTDg* zlO)j_MVS2XszsMC-}acfz3$#E{uX9k{8#!d!*#g@4th|GnaE@BV;56|0JsaV|#t?Sw7p1c6WlL^WsPCdK>GM=An3K*T3xW9w#ar}t;-2smt9RhA2q;rH?#?oQ( zrxOgky_YK@A|f31^17$IMhD-LauIZg9*9Saq`j z%X)>a0i%Hv_k;DbMG`v%j=Jz9KMbi%2Q|G;qQkfh@;bY@6-H|3M28fauNC6>j%mC? z4`R6#31hO{ZkX&Zd1}~1p!hJzhdkgq;y~;PEQJ|5wCmXlYY^7rV9e(eoal>W3ZPNV zcV+$VyWa6S#U~7`fssh9*U6_mol+Vpf{VZ5n)_X5!fvsNrOMdiaJX(=(q2kq`f|xX z&VNR>a4_CMM(O8?V_ozl%%W6}i_+$E{N+OEKYnPjgCCzo@HSQt5GdV7$Vu!`2f}(F zj8G#yNafin3_qC5-rUzdsN(5Hg;$uBY{m!CBgH+t2Pm%6?Ga5>kDn1k4j2uBw(@+Y z-AYEE_4S=T``ir{sh-x0RHsfpTZ@AcjOX| zrU9`2qXzaDMY(x1;^U1Cm9-8t-S?H$NNSDOY>$0?2KcI#rA~ElrLTu@HToWK#p$Oy zJ3B+A*0Vpb9Z~%1F^I$jz14-iylcmw7<6*JYhzz4ilihfDq3hB8cN;PD9jBzw%G$l zok1iignGxqK%l5!zBM9%MZ;&A!_#1jAI=^d?E!(Y66$rQN(CV7Owjl#=zHj56yPC2 zfMz&yY_02;hj=Y2UJg@v0-KSM5t?ZD^2!R_Xt>YU={FmU&*(71uw*^>zVQ8Q4B0mW z*rKg-V^HkJ=_9tseSqOvKlk_8E@B)8ikVWX*_0e4PzJ-*glZy>2-`7z)G%2qo};66 zM$8N8YrhR?t#k!6dG3j<0yXLwr3au=aoLwJ9001hy;eu82aYr;MIUL~exWgSGJLk-M+mxpwiVjz_i@vJwA zCGlrtgwHa^y@h%jEAcL;{w00i_(*=)EiBJ%kwt4aPqAU@zzcmvf*u|obw%)rJj@XX zmKm^WFgALTPfBpy5%Vjj0Bhc4Hhfs;xsQ5<4TU*mxO~(7E97qF5FKzC>6z-5Y9k;2 E2iU8KRR910 literal 0 HcmV?d00001 diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/baseapp_state-initchain.png b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/baseapp_state-initchain.png new file mode 100644 index 0000000000000000000000000000000000000000..167b4fad9ed05c2fc28884d7ab6bb1c9762eb87a GIT binary patch literal 243455 zcmYhj$IkOiwWJ)L|JQ%}U;m%K{>T6LKX0FC>#wruiogDWa(}=22LjdO zy8Q#?|A8RsH2w42q}7u4>pzEL1Bbxp{rGLlruhDS4gw+Qe}UltfxBO4)pD_CO zC)+(0e;@u9N0WmqzHLt6rq{m@WA73414j7Yh7x={q@ZhmhB!;t0u1xt-)jDCOgS@? z=iXMU%$AK~z!}Z^b2aosN{_VeE3xiT1Z&LC`B0`C&&7BY9^Wla0n6?|Vk{ZKI~<{~ zdCW%9*~79EA@N~b<)=k%OvO5m^A3X9@*Fg_ITIN~SPnX)jw zC&%2XO(^~${i%G1kHAk6-Sefa$g&)vuh$tzscrW#e?c=D_$w%hLfZUBA8FTXUeWgtXZ@`4S z4@PW+_;JM{Jg=S%sxIP*x zUmumWMYYCAa2gn5*1>58GQns?&R6(-(_;D9i63s3AJ~5Nvt(Bk`XYw;9gGf(YbJ9j zEtm+_C(QHSX(>Owb7V8})bqUhJ&;RL>ThM#JkMz)*@xEZf9daVY`Ds#1I#wN@$2?* z+h}Xg#e53>Wa0ueRNL6AWaQ$YF+djzqlzAQDDQYmu$TFl=p;1Et@9ifO~V-ErKirp~-(n zL;cXL^*RF+{#73Me|PnO%hp1nVksW69F*JTukVcPykn?c=T^yQH2VnwtDN14Z`WsH zAX@mdUV4uit%B0AiJIk%yV;GY3*Gav?mg2j##r^#KDBc#nO3%tLemX#`5VBNA5Tb*KfCKrM<`#m<@C*Vygldc?M_v;)n zl*`d89J$<^-aecBF-8W zE%!?oqpZ;*_XEhhDpiA&H1{kBXX1F^(C=q1+^RGYamBa~W(i;RgHjo)y-pH)S3l+W zNSwypAz5{|gqu+0-!;puS{9nsF8ww^)HUX(qnG$AVip<%Uc}28P@7dGdQbUv$^u{#v3Hw~*IN)Xn^o zjod8^J}|e*w~OxBrMjti`GB696moo}h24X^uNa88&DCwo;JZ^m?^agL&0*^)vY<_o|)sP%7||yfapGPoXdb{{z03&DeSlc6>4N zIY9B)MYgUvwvr6(A0v0fZ&mo#PO$|KoQ47CMFbmP&PCD4gn z4H{Op&-0C`{^=!L@a4Woc&yNlGCf_VCiS^Mf4xlBI{sAYeu9>Lue`pm2oK(#Q)J2s~xxDs+YKZ?qWOFt;cDr3f6IT3l54Ox{ieC55 zvTiauC+>$O?vGxCAdRC}CfKwt+*2cISowniPgY*uudq zu1wnfA|EL%9OgPnl$Hpf<8qeBI5-oIOD#xRK5f?!H`^|o#^pr803y=aL_;mjl0cXP zPPBT_fm2sQCxOFC-gU@d(Ia{~n;Y_+FPO;qF1Bjps;}I^@NXkZ-F7*gOb3MzOgHjZ~H|9_P?XwwOQ@48vj$I*gx6GERsNJSdNY!&U-!K=< z1R(TMvB>iI4-0*SiZz^!iWiBHS&+3<^;~zLw2-J|X`4gv16(rZ%@nc=JtZSM!j*oOr)o8|cy+ zEj6@0;X0%dkNYefn%y58o`oDhEj0H&FuRobWkmF z$GsNV8th+g7?=-Y@y7BQr5&vW0);EiO+Fs;`R&j5Sv^~D1Q2lsPC8J&!nnyR4xUoe z4-$VZ<8hk?5?$Ty1X7|(zGsTLMKz`Yj+xcq=yjU|V$9L%{nT7H^@GhhCCk9gu;@1Q ztRr~gN^YH8cx=yNM7!Qih$CN4dtLhmPV;N3>;1|N*G+B%hxE;8X9~-GKlkJxSURD1 zXqMDcx8>0tq-**(Vw!zCnUm`NAVa~HUHtCbl zhCK!$h;|rGTPor!1o~m0Wv3c(Z!FTbHO?1m*zu?KKxe6-`Dm%nPE`%MDW5 zi~0oS2~`X)#TkwecN4NA$K^*?xw-Z+zuAE(qnS0J6e<73lxF)&aD@TV#TI8e$6V|FUy4J2B;0~U!@a`R# z0l*Qs>S6+e%=pW*=PkQuTxlW=*Bl|jbt5O#Z*0bo3Zb;iR5fWgOG3B-(`tJ%@yW;j zQi_pps3-!9{Nh;Vs#K6QzuwFoZh-94u1^G!It`I)Du3)3u40%5vR*dIuU*RV9UU>YsY6pBELv7q}QmI|T7MK!A4e5B~-XLG0~1 zad5`6;CUu(ki3%X%f_Zng@mZhfU;muPWN`xKsQPi+$@xw-wjKEW@94ljIu+MYEQFf z{bBUaqN2Y>1>f-lXVPoO6U&r%z2vK=EFIx!e!qs@Hp?$@6L#uT+O8ZG8Z zGwKcH=IPcsrgg!StL40weMOKtmNY9E;Nu?$ATONhkoQ{DbNnp={aX&ViqV0#! zNe8UX5^z-CEl+HWc1iTXF*BZp;yH&hykO)aa;nh|Zlitia~vpEY+7}k=U1()CNO)p2pD_5 zKJTh*LP9#8bp3}Q?Y|%&O0Xx=Vd;% zgZ1m{1Fwtp_O92L@9{hrU>R2AvhMnPg1i-X9UJdZaTKs96y@(NgNDPY++9VKWr$+PAT9g`Q^RkUrTY1r0dkdNEOQ=p3Bd?A&#+Po*D@t z++*vI_v`6-HuVf5VbG2_$!#k-0Ljq1K7_zwHWyJ^3AhKLaZY* zl?JVSm#gPn<$UO37}(C|&CixK{iTONjBZ#WIs?JVZ%`udCZ@hCBkn^wQ24xN<2#o! zzz{npaLRFfPThjWVvTB~gVYQJDvrqZWvZ`RZi*Hwo?)asoaRL5O@>WNE>ITtomHPIh)BJVS75R3 zXFzmD!xmxBx*hP|jl6AwV2p_E(vX)Y6amD10bMOnv&=^w%5Xow>%?(VIP$Dblw|Ay zPhcU>#}wDoo`FKK%aY7~9+8Zzc@x|c$1 z^B$@cv?~G#^)*6lPLJjJlwxha=IKhmahbiA@eZ{KGjThmeATrc<7VAqoW)L&z$gpC zv?4RK<+EwB55JSgws%bw@T+9Dy54*$_2{Wpi|wDzQ%^O?Rmv4#TJNq0#wYnV>nTS@ zmfiMxGnAF(uV1k8WOE(R6v}Jl3a2k=mkA@b1^@`)z75pXSn~*`qzs# zG$@D|`GFMvBPPkju|{k9ETWR;Yl%`(tSAj*ssLrx5!3m&DD$WR_Oe<*N4Zc!g!@1>r23NnZv z*q!3^0VD)UK0loHYlwQnAvZxZq&~lO27ZFImmRyGUpFn)lK}_J?>{$th9{2j`$JYr zBZ0T=2VMlMy0UMwU3$XsOku`0REyJR5@0RN{e4Ro(1ZL;-1_`cEBi*>pBkewOVl+V ztBFxBMeBqchKgj2eZ{?W0sC4DfMR2*#5&ZIYM`wMs-o?q2nBdeKOKOwpw_&u92cIz zCt%_vNjwoBL1RW+0tb7P^dxddrw3R{1R;eGl;E)1DvGupOAP zljE?yoYU7|mT#Qo>kIM-;*bFCL(qIPc=Oh#{CvGdehfN(lN4(Q$-9QG9}w*#=6UTh z*TN@aU{enzsxvOqNc87Yd?IUgflr4LNjd!21;c{SqLMp4?IVMtAs(bQs>_MkG6U=Mqvmwrt5x0KBxY zdRvhXL}a|>7xHp&e7q-0ITnsei}h3=QAQnwqE%cPxx;vYHB_|kO<;H*GFQ@E(g_Yq z+&3^GRK!7IAS~zk!dS!C9c_dedm0+kKd6eS0rgMgUCQgaAF82mdHn=DJi(;m%yND4 z1Qo#-kN+`1a1yK=5DY@is=sd|7aL8X1Hva_y@W|Ja+V~n$nDS#?x>QchTj2-QFf-hUW_=uH`brf3!N4KGuW@$(;0O57&Gb4;IvEw0Wd@@snUp zs>*2{uZyPs*r&)q4NC~?P4Fo;&(Z$d$~MPMP(NL zs$0M)28;`B`&56JwOJnk%44QS0^}$RyNTZkL@(K0a%$Snq&()85O;c@EW`iuvviDT z4NmdbC)Q)~QOY=h6D_(W6|hPDz>JkdG-8H+v${?bmuqZj0zP9~YZawi0E2`T#LzEd z%iWk)wA6z2IhVtWf{njazYYd|7}w58j10qveFCW#9o$s?TL{2`G$T<2=-Tu?mBSiXZ>%Ef}n%_-wNCB|8Myh=WhelsmaJ z=vQQxm|i}X^CTQpy^flElVZhwRA88tg@v9*&)xyij4xsO_ySt#=ZHfG@@Lm#A1%LOwEi5%x#Hk_;%>c)C0 zGL~FF>t)1m5S!5k9vDvOuk4d?R$Mj~eIVxQdvG}r?#R==%`Numcv2NT@h$nfPzS;a zpu$u*br>BF7Va(o04$3Xic8b`WO|w>nK4=N=0i5j3mOzrPP<+8U6v&esEP8-dtfNP z;`6pZ#nqc=+`Of%BSUsi!-%WU_FDyA8becNn_^O@m|CHhOwzYuSb4>OS(X!nWVc=yk{LODlxMlmU;{X>p6pKI;ir z#o|ZtFkj07H39K*dofIlxbtCjIL1B9>HDBa_jR(m^VpF3NCC>LH??t5Xi<*?bMbbF zQVLB8KBr^TxF%Kpq{8}L7NgMhJ11aBpfGbUd31O<=@U%w3z&vJES`#{cTmlb4m+KHB z<>n40<9^mw8R%)#wNZ7J&zppK{Pz5cn$(|I@OYa}u`G%Ajm)&b$I-U2;Y8~xAXDF3#p@Z$^ z>?yiM_wp-ydQe0W`ju;ySjw_O@Qx(e_XIX~rYVD?Q(b+Y;VUyjy&Gh-O15 zvb_D0J%8NKS+YNL)gEQr9D1r7F+*pzU_; znF#vAATaap8XC;67uB@XJ}2j(B1c$AE{HG1(Mt)zg7IEnl)Mr&dOS=f&F`|_+KLT% zN;u`tJf0~3wmbnqde$ZiR9X@lA%=e(k3|;MC6+e`_rf|YtS+>OgboavwGd6|dIqmL zpCh2eqZot_04_@h)du|$zIaa1gOQf8P~&~+Uh946&ovI0Ym>Am&X!Tb)@~aHM_LN@-@h*5AaM&a}S`i>^<{ogV90dam zUMvGvK*Y${J^L64o3S|S zVm7qd;yhd#sgy6Wn^*?@y@5#>v4C<#N;x}WUnfxPt(pb-?xxPpSbFC4Gv+x6_-yV< z@}kyy)5xy&9dcH(0HHwPW6?9@g4Vb6GCF*wJfLVvg~mT@5!9B(9}_^nxwViYs0_q7A7%+rIc5{H`r8b1=wO{GO64I@^M83KnpDJfdx? z>}d{;H8fifAj)D>dbrhoITS!8%Qt!*&P%ochbZ)7R(sw3rTS7+<}RdX#Irw~5FSvb z4=-TO*i>q@q`ln}v+(QXjM^%=h17$ufjn3I&FfiS!%<*0SMbS>3;I#)OU=svX;)b+=qvbxA&!JFFjm<5>7*=;+@cL~O~KAmgnC%M4iUkoZmMk_oU3FSU(crHS8O#IdGgr)u1&T^J2-!@=- z_!8eJM{>!A`=~X@2k0Aeih(X!&s7;ZYa87(1?d!_q$94Gbg=%%u~5?}BK?a8)&jb- z1kdEZ;9wJf31bG$`+mMiQ`Cw~hd zkcBc)GVV*8!oJk`b(CQ{qCia%KN(8twDs}7hJgb|f5PgHy@p|wTBQI|Ju>Hx5!%5y z^16y%OIGXNzLM8k&A}VDejaGJbg870OG1Z^MD^uyBgL*aw|d#74Wz{~C}8cfr2N}?fgESAd6ZlRedTZZD3$CD0 zC%V+WzfoE>+^Q{nrTo>^2}~AKSM=JZ9!cgclsdovsjL%{_3CoI=m%Re8{}!;eY}zN#c3G=vXAhdE-bV?H0Iu*3^S9 zUXPdK(#-tCepr!K+!} z`(_YQyDazP1#kEAh5jWwup~CHdc24L7x#rKg?Z=gC>b8F_7j-8klmg2mQi4Y$6oG> zAdH3)Q46&`Gah1L6MnS1J!~LjH9f$12!Wi>nP1)sgh3VWrjpCO^Ev2EaJE!L`c0-_JTAUgr3Zr+V zF!2}-Xhvh3UTKuA}St*bF_{u1!sU~%tgX#JFRtcV zd|+(Ce7yiq;&I~)5!-&Sf=4O5Cr`YHJ;IljpKp&GWb7~Um+&6Y9Bye`V$^gA$avUv zLxBiTjHBdtdHn?w6uuD&$ap6EQRVg7=@;%5zBa8muY7JvT6$UEGIv@(0G9~>Tb(R_ zQ7->W!~Cv7K$n-5vise4(#TPzSWm7u~%H&8k6J zy>4uCh%$%L-J7)wi0N!E4%;Of=Hr_Mh3>=g+Rc0GIN&&?T0IXujj*|+-(1rjA!G98 zTTr9}2Oq$>K+4-Vc!VZHm5#w5;|Y|bBM`sO6WOMy<$}B(#6M_wJ&!saMaQadOebG+ ze(zCn4w*XpZQ0yRvxdrcKT)99&U=;sblkSxo{?L=013G1&GqnV$u1iA2uIz3_Nh0D zym*JvhDmkRqp!{S+;40id8}P|{N?O@?mLd08o)?Q{jydD+Cr?;8&p;^+nz_aGv-~>$JQkD%+&ahsjJ=!R9Fu~L56&%1 z@FK1Q?tFLa6==CWkglWF!Cr-KG?!MoEqy8)M3KW3>ozlF;!dJG8$X*hHKIms6*Iyk z^4e;MnmADG16HWgtr#YNm|`K9QdZrV-hhsBEP1g5Ol$CZR`zF@Q2NI8pD(B~qXUiC zpCTsiUjrKiOBKF1ma@w;FMy`Hg?Ak&A~tc?=v2J~0WNhssRN)1#l|V^hPG9Qo&r*X z-Z{=F(!&gVqa2`wOTF0waRxLC>b$9dPk&TQ_Vwe;hxjc*rpYM!*t>pnq(@bBIJdE- zU6U1~?k9=C@`yhA2iBQ=MRMY4)ImDG>dd?@d?Lu^h6Dkg_Y8kcN4Y;4^lJ&W11aXY ze2<#y$Hi5|w55HKU@HVcJH?Y4lj$`1Gl9B++&Rt<_f3Nh{Oo*$T@k7u#aXi$SFhW>C@ zd8(+NxB<5hzNLdYhr=xh2^mfe^xbI|fwm>PdSos=zy083jFE)fRfv2ub8%suKdqfm zPv@t27TiC8XYZ7VAutwD>0vU-2NO9mu>k4eX+|KbFCma5>`Yp|?C7d2O<5Iu11|n? zhw%Z)#66GX3RuHS2YR@}>zLaRC9t8R)3(R@*Fp^pfmMJWd|o*w+UTe_eGuZoK@&qj zO|6MCqeeYO8L~+A7G>!oIBL`9gWF=H*^`ZFpp>O`<8I)f1TFeeyyGb?eIdLu&vNYh z@M!3-+;b+U^4h_4p2Ro>M*T>{)>V-s!KI{LPV`xI`K5A|G8)pnb9b=+#ntn0k%h;8 zk+<@oWiOF9ftq^)5BEBquBO#~U3SU2eSkKo+6e}~cvPtnz$_?JRFo>aiz~>!$;t49 znGqiAwO&i6$^Z_9k9-1t1$5xa#odlk{fr^>!qKyp3iP_@Zx+Kfn5Kofe0xd+JscS% z;Iy~TUjb-Ibyob&vy>fjSQHuJm`6I1eXFd)1ZpJ00v*yN5k(4@OaddM`botC@_+(C zz2j7h_Zc&NRdS-bSY36P6&UUwc$;sae*r>i(8APpxHOn?*ZLd414PB^gF$L`8->@= zRdQsTu9`q})CI4LZCvX);Hd}mCzOqSfPdgCd#-(I%%VG?1_Mz0gCQRfe`o|;c*VGSV=>300q@O9^SLmgCXT1# zCA3cm>EjOW}9X}i5 zz~;fX`*4)^_0r#L1Kv;A3y4QEAn8cXm}{uf_)R%DoVl6816>X)37G#4q+bJnr(X!E zFxcZz)7tDk>*3RFs&#!~(@?D4=aoA102Jgupg*|xjL`~xpG9#V6@FM-xC1?+n~oRG z=*dAY{*HcBQxyfsb%*uhm1Xr-s(@9qIn2+C>pzyS4&*#9oUOBVXvgN4Tt%?grXc$P z@DnE3zSge4ZHsRTe8B<4Jlm{x|}$P(Xv%K?ryQ$J7P^ z2HWPY54HtB&q_+8i4O7af@pG{J|)m#wc=L=zJ?`CS|hZ2dr{<*%~xc_KrynOGKh@7 z&xgT2ax5qPnF;CVox{16_0D84_FIt(VAa<UC3 zp=rQSW7r?YS}0or?7y4n2eKoUXQfz@CPIsDYe9iir6hh z{LSH3lvX>#f|bVvt(bWZf(Y0pRY5=$7X%LN^)oLNT@^1X`^IV#16IstfdukE*oy#5 zn{^Mfl#U7<6cDE1tEmL6lwDdoda_O;*QBDFPJ)`{&jK-qcnHx9=Jn*mgmEv=LPJq>8`c)WLZJ-{f~+ z94N~<_{`Jes+8#-*enMvNDWH&{N43OJDv0w58;Ql)~dHZ#Zl_fC^ipjk`ujC6j zy(Cm9lzZX-MVoyN)|IgA-BefNABL?sy)K=sZ6`#LUMDa&EWkVX^hLwdx5h53N+wwN z1YglSUjS1BOT;-eo&K}X3OL|l-o6I)uD<2v@W4YyYVaI%)eh#3qYXG&f##$J5z_wU z6(9kG@j2|`Gtgu%nJ!+hoTMm_aWlh24Hg2KW;^VBq>4UXn7qYz z(0-yup#k#q`?)5H3C(o*ZATZps|$X30kqp?1zZ-p zx)g|f{s5(e1J2Tr)9;%}X1vK-l~kPLrf^_)rw?GD!eJbQ{q|7-Tsdz$tua8KKIZ9| z4=tBamccE}GK3x(>^5oEW!F%FlY)uXu5WW0e}y(=at?w}uF-Z1hJ>K71b*;-&^j)&P5EHG9yb%z~VG&(t&>m?KO z3?NIXVtIHgFd-dHvzj%VMtMLm&_bnDtBCy-xccbl$?YM6BdA8t zB9VmUQvZ1%Tm$PA=$>?O3%vL)z^w{9Ee1$RJ{p&RT^(0c89;`QP4$bq%;~v+`1qk$ z+srQF^ZW6c?7=nDTGRBU*H0T!oey!K_^UA^i!BgO*0|~89?LsY?L7HA?4UUX zAbKmiP7Z8ygy)RdANvd|NviD>T}AV?gDrTM45&wM0T7M48#p9_L1QuI#UyaWuQVT3 zAYrLdu#eCd;RY-NiZ|k90(-;Wl$d%v9Ia2L1%*XaN*K+TmR~QSApGJmiuq;5Z+Ty^ zY1r&zv1ZdCrXmvf4{m=Y4(!nYdpvK6ToT84LSDlt77ZV0dQ<-e&geM+m2z+$0RkoT z{VcN(yapw0>cM3Svjb7*zi08a9@rZYdC-_UUcnxW#QLo^Qhj%32Rj#;F;z|)iHchP z4hY->rJ_I!hWD7FqaS4Z> zj?jSg;3Eog8v#nI4NyPPnOE&#^Du}JLWp=cNCj2|$xnM);j zDfjj5>zUH!zKevhm4zI#g?j^m%q<)rp%tkFN|Ug()KZ}@qWFAA=GPcg9rr;h!iS$V zl5By>#GZHLEw`MjDhVzlgSCx<+CTVB94EXG*i)l_L@Q>N)*f?KK~eW zGz{*6k_NhP=K)xi1=7`*n#;i6P|so>#-tfN*8E=o_;1-W185SNPh+_FbL{xE`!X~K zwk3gYg2!#A;vS_qeQj^_Wg15Da`;q7Ibj|f`y#l4O|S&NU~q1OYwQ7K!Db~URtmd? zQ!qSWQL??)lCOIeP`Kf-8iY<(ut9tIQM?OpZE*R=LCxC`seHmOUrUYAudmyL6;ZIIQ zKqZ8cIoIfkof#l!21_i&YkG@10{%M&vn>3`s{8RbWQ?(BqTJ( z7nVQb!Bm#L(+~&1jewS8nKM7Fn}9YC0(+FnWPZoU2Rg*xPfPe9(JnAvEZ~q>=pwMY zd`>;4SoeIEMciUO17$@~ejM@l4)+F_coxB1pjH7BBfLw$iNP;s2%h2q%1Q_xD!1zT zMHoiSTZ-M?$y($mxDF;)-8HhaU?cg9@Z?X7Fa&5%5HuaM3SO`sRa`eAr7|9NeZW@! zf*Pom4@Do^C^M*Hx7sTFIz_-BLSR`&_)ETIA7efy$pHz-p5D%(1ZGhsSMp4I~Jx0WRXR!q~#f9L+{$cFuhps9bG9~%q z#E5oM`iod6Bq|O0UNLhTO8-<-OB5p4eI(i6=n;91N_(e;S$Wx?DL?CdOxtj zI%x~9AzZ3zr3;KVxZ&M_u?&O)AvJE#2&IeU&JT`5R)-aQ#jMRg*w^-LzKno4L)Ok@ z)oLgP;>fJ^e?%(|92@?r4}m@o#xYsNB)xH_%)kw^;?@TrN_ff|H@8*ol90nBn~UDa zJ^UWq5#jw1mn zn`(u=-{PeA-UJZ4L2YD&ED(ZXRBUNp{bfY0S{7C8;v#ehh4eU9=0WDSb0VbiFayc0 z)DZp2k!UXQB%79V8iQ)cm60?Le&b}~*6N#*18O*Z9w;+Ne}pM0(;U__T4A=wF^Byo z6+rXL;D-wmq4(qx?C$$qdWtD+1cd>wys1hh04yrxX?WcTUVpIWU5y*qPp)({5d1Oi zfu>%ERt4D2omcJPSJlwN_PFu4g%;DXXw%L^h&t-g!b6O`JZGPHW~mR~_%YVuyo>Nr zYSr_r5iDpH$bVmxI($@)IHG5?#2|D~QGL4t7O*g+$9aItkfBEqzT)3?JZM<$^@03= zjmNWG#J-prNs|0C(Twj4!b=r57O zBba0|Ci7-Y4km-)>qqpQ(>vSkfH72+RMHJV%oZH1v~4^7ks3aL!>>Ti@H-zJyO+Ar67p zEmwp>D(554xq)!@v|>@>R_Wcze!}y(!)^8ZE+O7$pFcGqfT9LYUEI^*Q#Wqm3g3^2 zCC@v&emvx3&*7q{w9VH~g8wmi$5L0K4Bp!OghGGg#e%Jhap8D{y*ZXl*JQ_`8CxM0 z(4)PPIOyL=Kn1nll{~pLV9@0nscv~m0QLcTnG1^3NT+n(Al=D+41AqW(fNIfPs(xC zz~}#&c(*vI{27zU$4>mSg8}{cM&PF3rJq8B4iNv|7x8Oe z4KI{q)K60RJ+J=Qd^}_X7SN$Yx_pixoBzQ!41afz-eQffY-mK?wti5A!*BgOS#K@Y zXnMa2&*#!w`z4$DZM)1mDz!ZF;Gqbn$3EUW%ICet;SXXs%m=VW0I$v;_|oAOe6pqF zTU3&(0?3tzR<*|vzerFU_=GPMdlVmDClx1I~nl0Q4;!^B3C~V z?%_eQE4{?uLUp`SEm85Ko;md?s_n&wU*9wJ8xt|{FlGNWHXUgMMkCw-{wy_(*>@YfU^OgPd4!=3;Zv2 z-m?PR=iP$dXWVe6a9;0wM@#vkG!+)x^@9ur-kU`aG60IyJ5b+&`#8JDM`qrqW#F#~ z2tIH$+AYai-l1VVw4y3PbzAAtwQ!HQ?ym-55wMWc3$tX0il zckosob5=1*_YA*;#je=JO?u=#qx45>ZplQFHf_tpHl%wo8O3V03{R4 zaIyie1;6ljPMsi}#QZho&^Y)#qS-gkCx$!Z*zX|GBX1@i#Kj9@zm$(eGV|)dGn^ET z?W1;$c|PQ@l6Dq2oyQz|cF~(syt8=JWOLbz5H^)H7TH{9;wpcu?c(ek~}B zMUHqY>PV5Rz@7&v4!DQa?7R(3(G_TQZQnaqz|8_RkJEAGRH|NoECar&xC(*`lq+UX zB*0il_1sYFiYtkQ{0OO%gpdAmI?h2z8EH$`bWjmOA>xC;5#2sI;$D%UhQk9)yj1$~ znLjFMQr(fC((YxJ{Z;Olegwf`c|%$h$vw>0OsmU}$6%o{F((vLY$e7+y2!$q*~N^u ze_|2zDU%8j3I~_+yck)wx+j1PYtATO3s!aTOD;s@|xQ(2`N0(8tF-Hda9&c64TC`-o7cAsJh1dOKwASkw>H=G*r8If@Nd&wL>#qY#d z8k&B@NjF@01~>WM6d7u9EsY(Jo^nxhA_y*`D zRQR2f-`AHtjr=adj_~_RKOWNd3by-8vG$8>?7P}2?StpSBV`Sx%!Fh=dFUM{&wn`M zluRg)+IN(T_H6s%?2Y=6;{C6-xeBH~{NF!I6maioc$6&-_L~bB_#H5IF0L&gWMbZ4ZE=8gB)U>)!~j4_w^!gbw6qSD&##K z3ee@L&^d~P-xIoGks>saZQhrKCRum6%+Hza12N7vJoI<;Tm!22eOdz}F!z;z{%PU? z*9d-xlWPw9nwjRfFUP>#Z=>w{j0eM>LJ!S`rUGd$cmPs~#~6!I{?bb^ywf)i1hKds z6n^}9{sKkr&1oFlDECW<@sJM=~5iO7a?g| z!asKN{Y`TJ1VC_=Eydih8G-Bh););qa+RRFFEku7=~qH}6BY2z4`&udK9N)ai{s_d zT=kZSmLEVSBI)cF^2xA+q z2G~-waylqP?m9eev<&>4F`rnLm2IsVq&8{6qU7O^xN%W$r7(&^%Pj0#fs-oU=lMN< zQm@og$UnS%F={AG-)q}f5|PXS?$T3Q?#uI_^t^*oGW#iPbtz|kiir{)hXKT6F(p6? zD7WX&v#=qvgfR#=8025->&|MSX;Q{#_k{*o&*HY+^Q&PU~f^W#8cC+RAd+W*Aeg=%r zy2ed=!LsKq;%Dc1U+}VQfn<)$>OmHLLEB~rmOoYjJ2;V(c2+yQ6L4{4;Xo35(hNoA zUgW5lHU3E}!RG3IhClYzSe}l8Lt`3+Ww_JGXPaed@ZdC4BCsueY=FV;U!Z@Pt&e+h zU#Em(S!XC(34H3h6q0t~@6oPu<+AX5yubJrcf!b8a9y8mz!GZAswScmQFfonDZ#lyLSQ?z{s}=686h-?){LujMO>@=8Or z!ii}&>n(;C{PL-A=HR&y+}vaEKFKvodKrVi@&&KAiqysSvHnKPp-xglMS)IX&Ei8K z(eoct)BN2cjVZ#;{4QnGMt41WlNq9{ycRz%qOPsJJjej>Xi-4uS?-1^0^Ih(;7HYs zVVkd}fdSaC6v}HH0}y{5J>e5zjp}shVDjf1nIjC=Et>B2WODpjr=*wZUhUp3<$D+^YoLhc4+i+ibpP#DuT=XiS|f>Yk=@6dprA^kpf=?A6)9E)Y9G zzETPA>wTw+NKq{*^y6ogDK%U&N$ObNcR}0>&UD1ajbZoFD+rF}ph5eCN-38>kK(w$ z*-pN=SEeRmkn(5)cY|{*8@6M2FaQAsK+nK01zETiXNR1*w|xIn>IG{z4w=2d3XOYC z)`2TwEs+HvDq~1HG)gA~KLzyQm_ec5hNaGQvFu(s&ghA!VxIwd_&!t1eaqh{zZYAd zeTn;0&P5?H00$PR8dOw4Qeh5F-4$SFwcAjnAfB0`bNG(N`W`50Qg+TmwRn|IV{sXg&0CBg_la0y~NM?Wy&n^q53ggP~fg=cGo|~ z^B8Yj=)FV=Ve*LfgpKt(V=I3{z26tr(p+@rKUZ1B{_D!7W-lU6a4~oXgB%%UR01?k z2MTSK2ZgVOduJg}coxr#qLS?=dfy}XkwK}I=#rFu3Qar#x=#9_lWRaJ^9eJJC*p=q zC?w*ear+q|@&4Ug;~#yGcsB4rp9SU}pMM(2j_6l7X#K0YH1p}#3+z^; z+50p|0?g&mAHNAZ?#gJwL7*Ml^IQVG-%X&zCukJV{n}@w=0geO@=SPz;nN>$GgRyO zB_Fqtv4n>=XGLle=i^+<06S}V*?KPNQs^L>VZXmUJ0AQ|G&#X)nTaJA8?7Hkr!VVC zEA&NVP{zfmY<3w(;I{hZ9^4@Sj2(`8e?P?!l{McExB;+aat{%RD0d&Q1Hp;{sn;__$8HH*T(WVur#Dht*xc$06SxAJ>c9pR(B$o+N0s{uFd%39vlokn3M!s=Z`3_yfy7U+Oj ztDIaz0%DS~9;U~=m(5IL*V=FGGSG?zWXBbU5dj=w!4oz84&41qFJ$^Sz55RhDw_4*3+qG-I3;XERBkU~`Q8AB~4a_)v(gENG+&k#D&-*^}d=KDa8?sA!=zt;+n!X0ugX+LPk4pAV z!0fVLK(na#odV|d1o{;^q!Mmb{cWWuZ)dTd2Z2I%si-> zhWg<%S!n*n;&fFlZbHPW7U_GjtU1-F`g3s^dc2}z^Xu8x;Lt!u$NkmQKTNKxDU&nz z^n+Rj(9I}2vyo$?1?2O1gF2)i&m^;6?`}r`Dnr25$|vj{Ck%V#t&@( zQKmzlWALOujlhkB56|6k{md@bDVq1Xs_6Ayo?+Svq9Lc2L<>;EHB-u;AUP>^07%Xt z4$eIa8GS7cW0a1KK5|d&4?bJ32~}AJtJB@tKmtt8tjA_a zXLOi44&^tO&Ju1o?+`Q`_7qoAlOI;5I0)Lh6(BroJ|lM{8!~%4XpMvIvn4%a@Sx@ZRlA@873 zsAiZzRrHT05*r|OTwGUS-HQ*S;=%Pv0?LvNh=mXOx8iu@uR%EgyPPOPb*)*tE}k6; zaGsAVxbgAH_^)6o8r5mA239a1Bz`sLd}ebGKyR+@FX3_D!vxZ131nw}R#nyjS%b&y zX;Y-nvTqGAkP{S?WtNIe?v!{5n8Gge(UGV1k==rF;xN-6Nj#+8%SK=;rAjuwKkvyQ zVN3n^NEJs2l5x4!p>m#*`Pf3rgPNM3`T{K{6p{)u1$Eh#(s$6PXOB^S|Du6{s-7A* z78Fa_nV>xK)!a!sD6Bzoaz)TC9PbF>)~is{`x6v00FnxMVLV|4+tTfi>mzC(owQdi zNDX&H?WC_>ATyAlTQ{4q1DX;ogf6F_f75!>{Y3!XRN6q!-+tqyB(~gZ`}*FSDzqaE zX0NO%6edVN`vTwH8QeTVTNE)CG+2cn+Y-26SF@Iss{Sy69}GKgX&aB@@+6*%z@p((>cp1O zDBSq)4?p8Qr6fy1QL30`MUeA4X-ejTxu|CJJ*PDc( z!IP+_gR&yZ%hi7GcdrAg8u0(j?^{_jeHxhEH@cP=bJh2ORB{4Ki_lH7$GW&L4(?-q z@8RPy_W=E5SC<~K$cq|bxqBkq_{K`{?|&!Xq;;CcqsJboTbLUn0uc_L`81Drn62 zJF>iqg^FlynTEXpbKUB2!i0GVDMn_OSr#Vz3j7MIB`8=rr5QB~Zo|UXcM)S9K_)>s zYC7R&U*&{(?c#wZv0TR!YIE5Q6+X+eugoN%ezoa5QZ>gb3wv<27i z9nJ94LfO2+x3>tYlI@+demm=VK^#6Mnt7lgi42cf6iN6%5(np<8r9DT!1~{?)R*G@zF6T) zc{uaM2Xo8g+`-ti`l;%x7fJR&hLvBfyS6mJ>1_L{yFxNNa-a|M3x5<>KZ%;xm>`0hqHUoz{P3un~6G9L-6QU$%YrCd92=3p!ehs$|ufr zNB}<3KlOV)_+a+)?KUkjT7le~~hQ-GWg?u-11Y%o{GkMA=D_I#T6z|-HK@C}l{ z0HpmWKt`m~d4PxKMWcEYv;rM$%6ma(w*xTkAhI$ait`aDQ+$f}49bnn$JnuMJ-g^$ zXngS#1#`L>@ytWHqDGL;ecp>Yoi$%J+s!8_2%XF3R@kOITJw$-s^)TI{DmssQL17)ZP~X zFkC$}Fp)sI$8Nozm8ys*P+IP^lL8s=ZSx#dDqOttS%bhHcj=_}uLnSpPDVxqQESdt zS4zJhLb)9+h33~2cmOlNPqMt2<`+`F*VFk?XP-I zGoAUd5I)uz39P+86vc6DQYOM*b! zln@6ca{O|2>;+2Hrv9ME)S~STV5<+0I8+z8%gTXs?1x=*n zR3Z1URSqaKD)bNdo($Y2a*5bIyk|#iqKK+p;#l;sSy8SJ((mWDPIeC_`7*Ua()*_} z1suD>tKoGCut^nwWj(Az#kPDhl=n_G@3MMaw6MOqv*FD*R7E7f^iMOp8|wmcKJW#T zdr*KhieQ6>M*gQA3oF|*^!K*JvP6wGMCFy}B(rF$FzrSm)j{#Dr-I6~}f-M{A z*INV72!SK{y3=J4xBgxy_$nHPk_Y};zUff3=!;(itRUTM8vFn zJ}SU~L_e1uw5T+SGVF~9(JtV$%}eK@lo}5<2ss+XRH|oeA!CbThZw-x=0U~X3z;(P zE}jbSXcJ>9<)=GhaR!j0oPkCVUEX!P+w3n~PM}YKlw#}rF22)=Fsiwn6k{EETahS6 zf6Y|DR(2^pl#tH+`XmhiZBUjJV~IH6C{W484-L4+cUCn>CT*ZT*akdnnv@|%dw>^M zEO4fR)`623O}~IL6$hpj3S&<{Vk#lE(a8EaJ%SA{8B667X!9aJcT!^wn_f}Wy%q91 zgR+-I?zHOJCl%g9413G&9p{6r=-iqKg9Cf0n_7@}7@o_r1|g}^F|O^S5U3f;q33dM zP%m!+fMO=77sn1;Rfh6c>bRQ%Kj z#j-wQH-Zo&RUyxyh@wXGUWssw`f~5Z{fo;h7ZD%PSU4{uZCsj;?0gmJ^t^4dz(%LS z`h0bM24&d}~>CK%E#m`1*^JHCSR1A2me7(uu6)HKdx*eY=f13DWL zaI*p59$086PLA~_6mCB$7x^IEQGB{Mu>4x88?uB&K#BpnP&E7S1LWzyn4o zpj30d`s1{Kvb*_{r~2i1FBXGLEg&pk`}0<{{+%L3~9Q_%*Ah;d*yL7;v){c2?QI4NsAIM|D)nhE7zr#e>-ltTQixdIo#tf!9-*J9J=T|9yvv3I-qGyRDugBpR`201UP9N8uJE6=wsxU|MuZ@|qTl`ud|JhD z1l0e^dyhC2KNJjK;5U-zj^*k=Hzmc-ip=jw`y8eD^3i*)3?E(i8f7Y8naj19F0rm7 z7)3IR>iU|4wk@lD>ySv74YWc|@mqKh1n&XfiIy{|MU{cBTgK}cfYneaW`2_pu|%cy zMriA2o4kENG`gVcJUO~ZoN2H5MxP~sR&rsDws0#>@s_%_+MSvkWw}=)zZH%(2#{~! z@0FmEYW{t;C9E?8!R$BF={*#8m8|Rcfe|1 zAM8hMl&%=#Pt6bw&n>AQ-iQ9e9trIVzio3Yx-$d1t2zUiim3%OUW~aTkNbq9lA`1T zFfQ_`DH>jZoH%@vVYe*jSfSdLSBJl1$`977-^6kY0!qN3TzpX$;k&kd?ckb;%K}T@EdVYy#?TPM#|={ z&Ra4;n9J2~l}R4i=M@|V>qd%ULXh4!J>uI@8B_p=0zSm_(kZvEBUXR$J%;#BEP&Ym z>M)(?!JW_UfX)g_(TasoaQYMTOAZM&8;i5CM?j>1^9WS7*&d{^!Tah2CGI=@1x4AG zOSsq?5=1-QbAGT{VlwyG^hX}t^aEPBX|w?7UPyb-sPh5;$vj!|;BwL|n-H29;gsD|jD+oxYfLFYm&r3IwR&+zYjrsY9%7pbs6w zhQj!*Z}8#kzkL)xlA+N}0ybM)%WL>YldSB6wlQg`Fag zh;ve|*#LN1InwwhGoqnhFi z0zMWWJoA%==5Vh`zX<#v z2r?e>3<@a<__Oh_@8>u7l&hz3;p-ue7;+-$tT7Dl@hUi_P65iuC2EIDI;iD;l|8S z5;De363?(_4s(rlv zkwO=<`iWJ{cwc&%k17Ot@yztcxARg@&|iDArphFrr#%b{Mm@8Rc@4@5>-rgVn4fzCy#OgP{vf2nbYqMjT4GbuW zthg@YPeTCp{&nVTSG!*gKU@cASVyj(n8O5gW^8+rm3IBb?qDsFWtalIA08e)CJ6YhHy@;lP zGA=wgbqEDbufT|$2pkIhB!zJd6}ORiW}m`J1?80eYyGHV4Fvf;zO-Wv)@tG381;ZfXg;qZi&|Y^Fl(Ro~f-V#!pG^ zAMontP~$nhvQ?d4bQ`g56UwVLqA#Uj&kSH3_SX$ms9P}GJc6LQG-D4blh3R7iQhT< z)M^c{Tl`VlG;n^i2lQAi%2(X!H7wdp`P)3fM#B5qjkGnXfLh@JaF+<&MQrHuf8T~j zI0>-EWU#Q!s^H$v1q^8lF{!@70x76Yy%#a9)W5;E2Z2n>l@7O7vhAgVNIVXsS@PIk zj|{WieJeq_cP{HO4xZGXtc(*kd-71tf$}a0U47CO=d+_Mh*R7Ur5_~Nn*bEFb1_8W z0DI1eXQCwj&^pk93th2ze}!DcI_JK}L5jvEh#8WJW!1Xxrc;KTZ`ta^*3QXUAuQm)~QfYr=qUz_{}GJn6*%;;a#7yr{C;Zu| zZdqBWp^)I+{t&N?)`-DaZ%z>SB25;ZF)0{`Z==abB3+1)_;`2_Bup%I?5E(QLlAca zmnB+(W6Ct+-O3?w$@~!_58`ES;v$NE0FH9>;E;B*+~*X4M6G#Q(1EzX0N5kK$py;g zL(DyjdM>sE{?1@}sR58E1c|`ce!c}@%fj_3cs4=jPA$JH1r*>joy|~uj#yjJ8`2N= z#4Wq$Y0V(jv`%aE)gU=s^%0(s7WCQGXmq{TSpk^Q1eUvPLz!<91vF1H#tF`QK=^td z%7aZV>V(Os~%Xp1Cj<$V(t|(!Ja@BEQlQFi)#)XiEd(n8!;q z*XpfEI?jWG^60*Y`6`?C1F9ZE@q!)nDlz9v3q1kk1pln_(4Es~2z|su@+Y8zB=xr@ z%{76&Dz8opS8G^yXm>jn;XuQk=PPfyWq?Am$~zknHZ<@h;X2htRuG^g4dSbbbZM2D z;O+{DjE2P;xipEF3!L!yS&*Bkd!Q;b3eC@dRMrIT8mL>NYY0ZEGasdL0sd$pAa1@f zV>Uo0KV=4#{kuuF1@_i(Uhr|~!|k=#lUU*R63G5mz=2+^>-BOO%K&tAD$q8*+>HU_ zo8GmIh9aVj!@5oyhwE3*(a@r*eCWKR8(*l$5M9Y&gzI>HOkV0>cNYl>q;LzMi4EA3|hrXQvP3Ylz@UpOMXe<;nI={5fF_^RCBlCI0Kpuv?)`b*Z>c}Hy1fB5mlEql zA9w|}4aY@jw+_66UeF+cubIBE=rQrt_N;2yV1Zx-OUb}CxXL93H|ijSN>|0ee#M%SD*t1Rt2Zq;H(4ET3!aE??eBU?-S%h(v)}S0cd*3 zF}ptyT{ypuqz)j}3Q|e7G_=zqmIUSb~gLpdYXa#$!1PTx}a>2xT61K;St^!bm_h2*T0Lt{W zqAi>oIQ{c15fSl)RY!xIc^rg`481d%|{fP(Uc)Bw%} z3Y`qx+C5l{U$-4+4^QxrK0w8aFCE;?0nJ0Pq4T%nOW%+a*Nbn9Nor1m4fc~u54FunBV77Nvw|;O)Xk6YlKP&VLg4@TH3d41fmA!I}Pt+~t6yUsBgt&e_;RKsP0z zQZv@oRMb1L$Kj3NbZn0VjO19M3>Tm?hKvD4bDuYI4faLA3aZ@;_L0{oZn_n-uARTP z*4ggphz1FSex~f)iGMO>_bBz-l_rwTq?qgj6fDj9VnD7HfoO>>{Hncl(5T{?l4X7h zYWgjy83Nl0_YlsQDBlI_+WpYHGNDc~?MDqGj4}>G0HUl1?=h`NX zDF9aZT^AlAu+Tdb$qUO_l6EVNXDv?O!8fo3g1L#sKboE2ujCsiUI5v^&x7FFQg1DK z*i+&^i;6x~xdO>s#7r|>k*x{yqitR!c6_}C8C=Jv6VBImdUBab@LE*Z^aV=4obxbxH`LHD+`*6W zMl^^FxU#YKt>wW3efZr{&d;X6?$Ezo4a+&4nYU#yCK-GLR7Aq>FE|{a1Q$hu#`4U}%@^#ByzE69X8SZi^rsk0QJ`RBQ)-tY$k7GCN;CIC~r^ro?Zafas&AG#pJd! zLe(^0u9|KTj=3vt^P>YA35GHX`LZ9Y+QDObzV>~zO|-ql75!TNWVpP^FeeN2)5xgM z+-FB|V+w`3}d|Fo*EO@(srRK>kWW@3>*uluJAYakMts zFmS^aQq%0-|}y_yj{K>(IwSpcFAM+?GJGr)D1#61ng@e=|X?=F1>{XIoJ zSyFrEe)|<9rhxh|Z?pJMk4QD?pm}w{Ba$W8^D_YG-rYG;WSIg*L5TcP3-V;R9NfWR z)(#iSj#Xp~=woQ`Usry&bpKX!{Me19Jl$3SLFIvj=Bo#Pzp;M+znv@gY9$yIn`S3A!ACS77y@8FG@^(!DJXs>3C4!b7 z*yuHJ;6qcEk8&;S-b?(eO6dXmkbR>_cU|#`6tGCL>Kni5UWC&Gn1`bHha(nO&X43GMHFbVqQUx{c>(M>NRi+_kS=e$f&#P(=*T)A|155IM3Ln9b zMKRadP*5&m@bjVoL$@4v+1i}sntH$D+;;Cp0)EUi7#26vqr9iZc5L(%xE}DzVn)iu znwjfPXNr3&fba+H0u5UToli!g7ml^~uhsv|+rH402nWmjTMNE3_gGNBYX^YVf;SQz z;Op=TMk_|fF|R4VOgwR}tkUWyTA~(W;LR}b?^uin_^dz5tf<-3{LZF0gZ304BOe8V zPcu~+yniohK&|zmXt#+t@rFP5vwo&^$^)ep@=oclsAPhF4VpBz0E<3w@{5x2VCh!f z*QvC{uNct+hj`3`qB4Nwq)zj@rD0AE>tD%hTKc4^Ujs-Qa(fImA{9}5TX$z#tUt?x zMZ)ZuK}0;kpXyvBEyg37Yy`w3443DOx)e)2|E%W0D{WjO2{d?amk~8?WbXjRKWQj*K1~{wL*P#` z7^u&7q+pvC3G?)RPsKa>A@Wyq_&k#i1>7p)7uZ|88970%+F zv>vn`fHAPhlMAKzQxSt3QBN44kT|_i^~*qWn*~+=^%p&hhb5+ip1Dsbi)C3By+t#} zjR%AIE0jWt5`z?;*DtLAMY|U%8HoT3A@7(Q`XSkE_J0_VC4Z#ErU~py_)7=WEkOcb z8d>)42aT)#M|~+FpeyHtet9d*X-N~okr%EQv~0+(OTnwb{wNpoG*Dvn12MP5U!%#! z#lp5`pKNI)8yqYr*GHJd_Yhdim?TnDP|~+tqHc(*pJN=4w-(5n+rdcUSDPf~Yv|y* z!2FaNv#h?v`Ir`S_}qos*V@1u#CN68H`ezw!MSZM0x;`fOQ`nWo&82AK7(12L!$a2 z(!ULYEaUDRE zB*kmle8&#H_;%+Mbo-ZYpDEfe2=K3LXRmXm0WD2yUeMKK0YI4$eeNgAQ>8(Swx7%Q zv`}N}86{rD)B5X9xqSA+ltLWRm^$F78JY~o`Stom1e(;Bisy%0P$HrXf`SDK1A@Hy z5B)|c(Rx7Y>@&vnLnidnU+@TQ6iAq^1z2sU;en>?>yow4T1k=tILx(%X@LffW|X9%dY{w$`LU3KkPM1{LjmZg#je>6Nq%Mr~nw| z-m-XB4^P7CH?n<5E2&qlLlkTO8oOIKPR~T3z<3f> zVj2FXDpk|0;GwAg6!z@ovB3?3F;<83KOeohHf&18loQRyRix)Okm5oDu>xc+JT2GE z34LA4nqsKnQ*n~G3_Ab{0yfx>1-cu~fM$l&e|ZBCuC#1?Ve7bh_VUUhRfjqt7@2-G zNv;?`j&JRrfw}6&&A3iJ`tWyXTg*SCwqX#EUT!!DhkM(s!C^m?P|DlwV(s3Bg%%Vl ztoT*bAcbbPpb=1QG8<&E$1_U195lEVL=wDB=gk`_C2`%oPvC?v|J*L<9>uZ4#DR04NLwL-@B+J!?Y%JjsvhK~&|b75$Jrc4 zQ_8)eJoY}fXi-Dc;3g?8cB!nEZ!}xn3iiVtTRFUk3Ke4WAT$)`M4(XnplXAuf4iU+ ziU$?~E{a)0=!}AOW3H9T2Yrd=3Ge{;G8hbopH&~8NXDZwdEOd~pwLjtnE447nC9>&;PpI$-rwg8$~AskaJm0w z`@*GpP-Q&sMSbd`YQ;cg_NAv0_PXIUs+71EDImWit881Hkg&a1t};GR#su>JujD#I z-8lLF{xjHxU5Q~ETR3xrC;?J3;lbn)4h`DH7W#qZzeBs#i9C>2bzw5{Jf!AI;{I(T zen8!B3kL&C!T}`i=Rj+7O76px9{70V zWDkNp_y`%N$bsVSDEC1Ey=M3z>0hP41OJWMIWMCSv{#+6J-m zR8!~tOV>FnS_WuxCO-FghM1fdgpv+&>)aUC!1qv_np=@ep|};?n)}? zL3vQ98^Kn?P4;(^#xMQF5Gu&>muV4F2q15a0lZK_^tzwWU5u}7DXp5!5x;$`m@*?oA0s)!ItcAztG#|bIDRc8fVUN@G!g_yGe*8Tog*-7l*LTmas4Q3aOk-T^fIQ1`dKWeRArvG3a3rg0J;mrJ=wR z7YLn&mvQbpVCttD}yo4-d0QpDBKhqJw(O6}cjnud- z?$`k;K$7t>K_DKEr{&;b?;|GO=kezUiW;%~A&9U4Ok(#Fx|?_kCX^JXQIE8_^`*Bi zo&kQOXJzPLV9v+3tp1Srp->-a=UZgd>c6$2P*c}3L?O%h{4Jq65-C($GwV#4@tvOY zeV1kEKaCSt9bZoNLONWU-Q`7g5<# z1T?&X$25XcZwzwTcOnKq)s4P(a|Zky&XXIS4$e5!8~cG>T8zAvPGtc>dQrKNz1)k4Qb5zldY*bI9M2UQah;j;9pXvgp1s=aE?%ZN!V z;LYcw_4zrEN_TNALAIG}8LKbgkNfTbn=hHmOO%Dk$UI41Y5sJ6yqfV%m)+bc53SyL z6ioB%b6;2`f#8a_^=y6(n>|vHo|0sKATEzuQn!n-VS1S3zNaTh^>XRxOGKZ&ZyPQ6 zUF&i|0GOqZ2Tn(Qg>f=jP2;}D#OK@HAq9$AM7WCr`3;Uld%|VRTR?6wo!z)2$dTFw z!2#D@^$D_R@yPM9+1G6TF;x6kn0?*;cBl?ky;L zb8F^}Ub`X_{5T{NlB^~mO0BLTdl>JEr}T5TRjd7yN5jpX?xLo*?ip+wiv2-pKZ! zaO@^tgFi~XAwcC2&!bM0e+Mb3buRI+4MO6 zP`>O(IP*gi2oY9zJ;;Il<^FiQdBtouS$o;L$5W{_!KebydA8q5rjg<&`!dwbAK;rtemu;yqF zS%O@{@L$>yB+?p(3S5k*{Q`qnCS=O_IDdp83LRlU(9iKIiJ7cR&(;9@uWG(z2vqSx z2=(Ao+J0V8trL#*?{zN94bJEEXklt##uj_8IcfYY$?eW)bQp~EUvv2>$s~o6Q0CT~ z7*4cNU48~09oM_pw~Zrl=u35=VuYD%w;A_eUZF970{PnzziD_-N9k@&`eN5)asg%I zvGm3MSxy&EdXd8#I#g9uA&20j{rwiyQ{1@h>+x6luOIF*K1~{+(Afbl3pW@y(@1XU zZ);*f=`*?xpZ5OF)+S8jV~ILT&fj-r4cWJA@<2L+v(T1vi0UJ*JF$KbAaKHM+^ZE( z`<8l=5OL$-et#FH!09I+9vQfGr`10U22K2UjI9I$XVhESMB5_1t7I2e)TYz~5z0@! z;ZPSu{gHl)(H%a|7Zd$LIc?tK(Ud5So|=Qvi{6*>m`0;l9b#T7x#!33Mx8Dk~@VJov zw@+W=#R4|&1M2T2B8m+Ya8#{St~{oR22~9hm6z8_Q3w+^-yF=nCXH#tH#PJ3J6ix8 zWaq8XTm2N6VD-X)o7)8swcNw=FYUb`o9j=n&-PvAG>*W`?H=CYeL%t}4YxPRe6aKg z&2ZV+G+TTwz9aH=zaV#FJ>=7)Jt$k55)pso$Ar#=9@`-Ld+4%J|EUs4H-zBo~8J zM6mq+rX)F?s)0nlJpRR+uTrnA_28Ueht3!rGTn~>-PS*?A@)T*Z7q{;fmS0dT46>f zfnzY`v@?zAmg%wQYD$7dLY*e#scVbu_Q&8$To4{E1#5i%wI6Ears%nBxkfvk}Z+@n{u!C zAa^Y0gv>Zp_z;4kHjbu4);y&Z2i{9O-_4G6AjgM_!&>S*GWG(hVy#;?U3F4kE{~-)TJoU$kH_ zi|d12)~|0aL6rkHsA&z~8?Aq5`bWQEDT>5xUSU|&t_qSfX#yBaqUE3SxKWkvjLsZ% zqJkN+YNt1qdsgiV3QmH+HT#$ySn$R^-~bp+O*g??d7eIEa8DBExTJ`W^at|;P;mXJ zj!18fuG6)Y;{EtvC#ySsNUx_LuP?0jhTW5Fv~-yS_yXo)MrmdG`=+y=>B6;RBq4i% zad-=7`7X4KWBV)v44jIUh2H$vl|vm>IK0r>q9@@5 z^*qFhQ*a!fGbWSgkKpEfEAeeHi@#U>^IpdX|3%FpceR*SkJk^D74z1UuTY9a?B3iv zb)FwDTg*(@0vQO@KEa!nNR8!E@Fbh%vcDF7-(?zWxQD#RF+YB@+H|VmxOvq8zIAgB zkNshO*1fhd?fb0;B5B$>bt3grb_dXD80k3V3b6OX2+j$zoVEI33mp?+BOoK20uFmE zj4tg(IRnWMe%iex9v>io9eji*!_u$VBf?EBC^#gH_3I|Zj69thsa1OE^@;q~*Ed9l z1xxCAkWi$_xP$F2VH)>~$j;gjz`1j9S>nZ=cm(uP+om&TFuQO&B|LW5mK19a`!nK~ z7$?G%Z-lLT_e;n`)4}*etTUU9d7>C^y!i(;;$vzvXLu|NB+g!>B-|_Up}A4YD_3+s z>UiL01z-e^x`YBoK0-TyTihBQ-MgDHBRV#Gn1Cio`{nWSmx=f?CwjZbFx=fSnAG35 zoIWr==fN9$wV{@m%T=S8(>O#7dqZ{Z;!rjsd zIZlXKjNJW%lc*zoC_c)7uQyPtO=@nwh8~*yPs5HzR0Mst`t#$}Ga=}3;>8 zW%!yq9B<)HqY&sL6n6ZqTb7w{YG{bpM)}zd^Tak-vMgfV!x){@`2joJCX79mj(P9=(wViFEcMB6)-_ z;Kj}mog#n_Ar6Y-J|<6siF|1vDH{B2O&I(~El)B7CQtAL?~uL?*tIhEssfnxbQ2W3 z2ZRyuG8KPFGBG3QlL*~^mLK(|8jF0jDCPnuJJh4>W8b~~rPo-5yJEO-J1;x0=3w4X z>>+#Y;vwP|)waS)iMi*A0h#FzDJdNcG~zFX!R{qhh=)vM?NPwol=3)jpKI65w-{3_ zTegc=Te;D{YfUOa?eatVYX<3FHD#qt}u3g#8 z1?>rIjs5-{&qiRLIW{#O#lBVk46h*?j*w^JW* zw%+2yW?mAFjPLhm?%s#FvW|F2X}%KW-pg4@Ppx?oMpHzPHEc(Vov=z#V^p zqI%!Us*hUA&Bo^~&BW&qcWa(nQBn_=drzbYB3-t3J>4n)-aU}nbTr7hbNn`}!|RZC zQtnMrNg#E=V4bIrEAfIk%o^e}l(~mrRUQeYQ~q_&z%+D% z<+CELYNT7>h`Z0((Kj1!gm!W55RBJoybw~kfTRZ^911lb+0uJEtP67mrF%lW zaIMNT@wf>yM+Tki`rfjTSJPU0-LDfhf7Ck*tEcl!ihy8M=5Vq#uO zINIwUZJ}|C0CK36u84TsAf9Qy{;?pamNHD&Anb$;2J<--FJ$PkL2Np^)>=q!9jC*I zbs3fFZ6Q|oTL}BcWduq2fnn=|^*X{K$g*K+d|T+>*DmM>v^`sCkiB>6saKQfk-)A( zk;I%>^tOM;X^z7tcv9&sAAg_g7p{TR@QYh+L5Jvx7S9}iI24e^Qy2)VBT#&N*sL)z zLpgYQ5k2>*Yg-y?r55CuxJtl#K?qWWXFO+F=m>}Mr{t2&wf-vRASxC;(82a;_huAp*?l-=egT>|K{kHh~qs*Y!VEfO#n9pk%ZPf_pw zEdH2Y)sIzmpvPQ7wE9@q6j%n!`QVcJ#4we4M1Cw7R5a(~ZWi_fG$fS5%%c%PV!N>> zJ`PbWdqT()M*ew`I8Bl5eu@HUbDJ2|QJ zN4&O!h2H=EzDSo*{N4obZoHSbZDy1oKe0Vrx^gthc%EP*EW@jI*lZRq=eRz#Z6wdD zbP2y|6lA6jz{Tf*XMoJ4AHf|IE}`~*Qr0V%5WI@(5%~{{q$CBgyoaLVe^uU)>kq$i z7s!YXZ4>}o1BEim+787Z za@yyiB$f7wk3$#^ce-(9dyk~CPHvOvYU8+fgpYf11wajT0IYvmUk9S-v%VfPV*KHV zu*w#}SrhA?HWctV;adCh+Fl|RFGY~RT&zwxAoYmCsGk;|j^o_risL9e;4R7n`HyX7pph$d%x@XFs8Mrk2276K&FS0}~D0(t|wiRrf@pq0SI(4Y+ zHXT}M{vONv2{P?x%G_tR?R`c03v)1otiRB#ecW3=@y}VWlMN;>@*g@^eS0xuNEc6E z;Ni#55d>$eM3lxwS7DtLx?p=Nj!+^>?MJ$1iW)YNm`YLiQ|=xemct8Jkv4}mwx|}u z|0UvYU$?zs45+L4rGJr)_5IY3qf}_6eZ46M@BqHME(clg!8n)7;Sm2_sK+cSCt#cQ z68}kkWAhD}wP&R(Xaqb=ex)`csfbFeUSlOKgc-AYU8Q(YqV7sAjgM&U+qHJQ>n&pM zFhKDhJZeyTz)-qSGy5eS(D1w4wXr%*@scm+ItKT+b-ckR`vUU<4&ft(C_G2archQB?~ouMPif9R`?~iuF8mbSAhl7wCR6kIa*mpKJ6i70 z8qTR-t~hq(fdx$W1(v*@@4wWQhqQqF4%$Nei@cnieyqT~L_qT|v+@@kdI#?LDjS;x zxHN3w{WnW$<=Xpkj7ps!RzjQbo6Gb5JLJ|>#%Cb>V+mc+;hD9M)nV^nlsXNuZVhyH zgnLX=k4C!Yli&mO9h6BC7&P_NV=Q|5=laL#JP)2N2HAcBj&GvA1g|q?TD9AC$>Voj zZ@+Ae*sfk7F`Uj+MQq~fe7osp55Rd)6Y(v}KNlAT5jdcGLlUE@GjThfEOFnJRi_Uv zJJ&it%up`^NA%_c3T4+#@)^y(|x+_h|nO?Z?F)pH5^jyoN;2KnX< z?5zZy>&qWQff%x85 z(IzfilHgl1CJER0C|~sjw{KnlJoX!A8uqPjK_k4q{Sw}kRae-CE%`MgY3B>x403TY76}rD2sxug^<3;#9 zM&_!h;1^`S`IB$QT<+sc=WfX+vHL1F`ZNB{ATyEQ=543pqGKeO;4JmS76JWK)9h$g1k{5sXa$M--{(X1}; zAJEkR=sIOfet59cWv%nCnO$ldkh2@8>qZ_$uo-E63$2O6%&ve8S@}+e@#9!nBp8ut zzi#I{(1@NjZ0?E=6L~IT*8$&px*}0r_a-gOi@{B zwi1fhig;CF@;D5_Y& zr6P}RtR(1_r7)8oyoH%|r0X-pr38NY?tu1&&T6my!h7&al~1kBLq{dWd1v*EPgvO+ zSw>PXx?Fs^TBGbWX)E`LE7@AK#u8M>Y4c>aeHoW7dP4qK0=!&Xl>^5v?(~_Ho?mVk zBntA=u<>{5`%E6xxB3P6439oAV5&QrR!m)bBMn!D?U!V4mSS>sFu&sLhUn$<`d_Y{ z_{du0@SPpAaNoA~c9bCzz5`f#xMaz&?Z~pUEdo;!R{e3$Fd-xDyYg=YR4n-6kXnv@ zzQ_Gh`}>ej&xnC+6>*&`h>S{Cj5-{w$EOvb?TeCc``O6-Os<9d;7QUbvq(S;WM+g- ztFpxjJXPRs{T{pb9|UCI&b_$QwLge!2%JPoe~(81YRow*a=UsRC57SN|mA-xy`1d=LB#>-=2{Zrj3!HQ=ZngR4m!KdKw+g#J;b2f_ zckDCjPy{FTZK%4TZG)|kJU)E|_uBy%`(>qRoZ9lXzcY!opWIjTwQYEp#tn9zkJdX6 zNx5-7{eirg9* z9slv4z42~O-rkBBJS1$K2Jh4&YRWtts{VWd?#vY~CW{W6vHbbD8C+}FbyL+kYju7a z>=(_fxzE?Iy8v*%*Qn&a9OB#KqXcyDN|^;KJQ2_1C(E%fkomt$f!#ni5sp|NaNnMz?e*wMtOB%KCoHsbPKs1U zYi^V^Eq3SJa-;r6r7XgCUP!a%zaWLeCR=g>)X?l9&rT`axq8cj4zH?7tr*JY}XkO#GNR8A<8@b*6Q$8 zB1gAA`-o4__D6B{$1XQaeDj(-&5@5QC;v*;{K>;rR+-K^>?R#y&!V*z@u^LAOEb}C=?CyKrwqFdIE7_YND@TlyGv2dDHXU(`-_nF=he{l?76%ZWD1zH^H^iw z!NxH_=d42P#_8-eZiyBTZEhcIN6DNGzOr&Cx5gP$fjB({41nEPs38b;1>^1pnoWK( zJW8Av1t;F#o@+_W@O&6BmJH^}3=h`^BP><%5bf0NXIHbOW>sg6Mb%HGMt<(SZ;%h7 zVC|5b$>NY|P1;CP?v~GTzc@!>-=KFfzo-&TKkxeyagD>1p^=aGk@a3TopS}@O1xyW ze_xDxc>0!33aG$v%YFBw31t;|`^hwxRG$vQ8)B{T56La)hZMvE1lkwV{{X&!hMLfI7co!w%1fa>Q5+tg7j`AP|^idTY%1!&6fU&F&>%O0GhRpfO?I z?)6~QF3J7H<)xR?{d-cTfw-$uLa%AodqGZkhK5uHM1?gX4k>{X^BG&PBgyvE2(nvr zsb0`cG$O*|_ZOpnh1r=8SDEmb^J71AuFd?DA?y3hS4;IC2Mk!gh<01}=l)Sq9b(`Q zm~s$9Bo($S&zyXEP;5&lelVe}kH;ia{frSljBwxDHi(8*jfc}ych9JLW&;i5^?nDRTv?jEhB-W@bBlNAM>HQq z`cC_6@ki|pSA8}VDH zEaeb=k(zn~sG2@`1V(69F%R*32J33xX9Bbl&q_>k_4%4HCPSUj!vA%$O$#=H=viS3 znsZ;cmSAs%8-7F3<3$C}$Sw^$F&Q(kG{bF^E@@-+eR$$$-~?8uG`$b1>>ie%e|bJ% z-NO%gA3tj$puxc*h~^zj4o|!zDjya5p-^+agzdXtGJqm>(4H`DAeEDeVI~E2fW&?6 z{duOs#2l$Yi>Dg)Dj-895>?oaW0zy(wQ-b1~S4@HY**JpbE_}s{h z-mLHQGdw24Nl{d_`?C4$kqQ@1C&uUO;(mT%upm_HvEF{!6$4Gy_Ae$*f3vLTW0PilEU7HcYtgHrH`) zr&-tES=6A=`#rlbJeR8mGy5EE>{rO*QE^|(7-7N0!zdAh)IInJIjf=01#a!gWaqD* zCIR1S|K2-;!IC*Y8ymImLHKf&ApW_x68hLiVm%!CV zFz{d9Kef*RDH^zFW4u40o00zFn#WkG-{1C=+0Q?LoXIF~vVDW_{+Q)BC>7NEB7z4B zOuW=JdmICv(yOQxF-g`2-a$y)2WI>M8;sHZT28IaTmL!a!m4i5*o+$A}^ zIwp6_x3!)aCYr;OxG(R7Ilo-suK)6<#|?-U~|T^7kO{xyG*bby`3-guPvW z(Jk1@_)0UjhDSbl=LrBU6?VD8VIDZjMkO;`1gPfo?~4lx!e%+*HPqk_I9u+FWG0Qt zEBsCsRV<&#lRs{9@O<9Lu8W;OEo}^+ySE%AQXM37vu}_7M>oiZ`ePTEpP-ZjG_$fevuw2Yc(=>^JE7D zV=qn3;n@y*?MxZUehs|H!Oe+BLml7r&Ae*fc|YQWm-dFeNxvs$Kv2VcEJZYEaWBu& z*sB2L@ueQbILrKtNeOpj4(a>V2U0Mx`>FdRJ2|veOS-m-mQ4(wOYaW9cF04gKPUJK zf8K6Wk^bmBQYO8;PG}GRMMKX*K(0f09Q%z@{6AW7UxO4p!Uk3cfOB?Q&R(H6{K~Oj z@GS*_Pn|u7^rA$zL*Q&Mf2X1my(C9N-D7EGzJUM+1g*shoG~9*p`rb{ZltrEn=wNW zZUQ2Zhr>~(FGf=U8$u(W>U?<3ASn~Y7br-lEW(^%-vygIh*i~r&QWlkkiR)N3ZQ6D z@Hq`|IXSkp(8U0s181BU5$~9w3>+~YfwX4sAG^)O@h!%_Vw_B8CrZkv$heVD^rsR8 z5RtR9Na@ErF$z)br{bZ1sSW$(f~5i6%teYadzvc~*7#GqI0#5MvyW}~sONAQCfQ5u z7x__O+o4yaIvKQ3ulz~7&feQztat&LVS?`h-R93dTt8kesn7F$enea3ZF^ZvoQmJ+ znl~KRjC^s93` znYkL4bRsX~>&#EWxL43u)L-B42aHCaHzT5Dp{@Stoz6gZW13s*E2i~fj&x!H=pt4} zUcEP@O2MW1?d#T{#s(5rY^hm+^~!v^Fr?4Hk!TxMz|ae|9x@mrNVSE;eJTOHIiufm zJT6GyRX=_7owp9KBsZ~f7>C;1y3V$9J7J&#&_C>Q2;YcJu4;(dO_m40bZv*63Z;D) zw(pxzU?nu!@E{<)Qq;Zs%f6QK*P?Hl)95(ZnM{~Z-?w8tC+X0VU=V!C=m2=`bm_m$ zk$=nyI=*-t$kJf2eff#!O1~}JUUguH;ds2fm`r@V2U>t{#SiMDo!`9wYp9QTe;})2 z|472}>|7o`q|4g6Zwq21l5h7#La-Qul+@%PU%p)K&FXvK!(OP+xg>JAoDmBjm>zLr zuD@ZwhP-^Ht@oM}v*_>T;M)=26XNdku4#pZ#|#^Tpvry6Iysn_o_1MLNCcc34`n zXEN71A&FWxN(cho7?xA>Jbi<0a~$Fh!AR{F*XyvKtv9tpf<@`SsPT-!{fJIhy0`DI z&wbBcM#F5Hyc4@h`%AEfe{!~qQ(7XdPwfh(Qk`@`YLO??#@HyB20}Xbb@m6DFhXQ- zSLp^ma96?CkLkwo^QM5^&kdJ7vEO zHgNQboAd#6?|=j{x^R1JcCS~D@+|-z{PvlGjLQG^=XL(Mr;t*}QC$-2m(s_OT}+g9 zvRAA(v?7{>#&blmeVL5(RosaHeo#EKeaW#ku|C95IlZogw0I(W9dQAYY4%7R^Tmy6 z(z`vNi)+d_^5MQ>f6;`WOU}@LhZ*kIVN&o}HdL$Q^bqK#{Ol!?P-}U-?jKJFs%Bd^c--mw?8G5282EG`M;lGQtVz8$FOGBb}~MbA?>_EU6byBj+{(eE}npOaB++ zLf=~MY6FnduvBK=oxT)GNv`79Ja!c30HAvQQmC-to%I@qN={ z5OeTvD05z49pe1o>QWQzA#>TxIe>vO{<0W z0x@9ZUAn}5ed|T*iwBJyREwe{0plG11gwu?;Mfxmn}dNJWfR=B2#9bZMqONBGp-k< zwx!;K|4oc-k*OcZ84A}{fW9)sc1iB&(`Fy*GAS)%I=h7szt7nhHM9&GSL#@um+hY0(j@FFw9i2P#SmzS^ zD%h}gkllPyVc{nGeZHfvC;f3 z=JItao~|@$vo~YP(+@^8`ZRpSu{r7vqzV>}Q~6g|hyGHjzCPf6zAXHF+^X9LRQ}-Y zm&1ApKoU|eX!z{6K2mujz#`9#a|^8chzem6&Qq^3D`2CZc@D+ZvFR6Qn_s-qXpk0W zgM8wzftlB$b@Ju#P8f3fOU!;1L+?iYA#E7M1H`90xH8%*7;uu7c&woJ7o?%RO9HR- zc=HYF=B+S{&pGFQj;sSpED*8NUW0XMtozK-->Qj}k^Mkd$3fG+G>td(1P z<@7P4?Ec(a2OxQWIG1%rl73PkEf!`aNa5=-ZcpA{AMYD~J@|a!nWu`6H9Z>`xO?lE=A|iJfS4qKO;66*%WZ!NM)2d*&W&oC|f2Qyq(`oY{ zz4K>M*weUrK~f%&yb~&f@C|(T;f?ndYqjhJ2Y0{NYws)Q;ulm&o}O(q)MU3{cxCZ1 zSk5b%JCt&7^|rbN1+Zv;2Di{{F%ou6=cGsIlWoQ5waJFeRozC*Hrq7q8z3>xJ(dNP zy3U1s3mLPa20k2AggY|E4~4#z)tKN{&TGS zI%^}rOY=>q+R&#ORAJPIYFBzM&G+rgYzm=2O$4lv5dy## zWad!7kM5H{i+Dy{3Ya-v94gZk$d;jMBv>!#j0SY+N1HoBnL;s8yT-V?v^)bxQL2r9 zA+b+=M2gP1RM&lFB9xg{vKS!?>QFxxP_3DGPBW0{_cYABE1bX;z~GIyU&P(uA#{jt z*>}m8DM{A{F~21t#(n#B%UG8Rq%V74-;Uy59v#f#q7mx(w6F~vM%yPV83K~hky6~O_KEuV-G~#of z0G|oh=e_wG$O9;o#pK>DkT%Bd*@{lYU2PAo2T-oxC%*z^M|HK}DQIm|!&d9fo4Up= zjD!fAN5vnnf!8%FL7jW@-VSNPLawtvzdP}k`iLaBYCn{%2)vq#Kc0p5z4=cO>ZK=A zwt9p5GZE3~_}BYyxxab)dJ*X6n2y%1NSo)AxV(2DhkQuLgF8rwhrt|oJBMo7KW^`EFxo2nFxI;ugX&vV%#lNw5F}iclvcj%-hhPF-w6ldG7KRTXy{i% zIvz8_R3vIIYWdU<@6C$nolmxuX18UN&KpbA(fecexpf|-nQ}p!?LQ7K`;mR(5Gi7N zi%6n#ybyKyo67gKSUhcfn1TLtzq6n4q6&Szy8?jlRIIM-*`G*I6#^ODz#ojWTY=~m z+34HLAcW!X*TFHP$tiwsMY(T!Cyr3MYdqVH#k-4AgWlg^^2da9*M=NPoGsHT92v^C zbVNln#}ZPPPnw_*_kb;#fm-ON(APRgIGJNoxI9U)3MBjuy z78g(8uBW#u5F|9+a4KA1?Pfc)YarT5Zq4!=bw% z@lc19-;;R&)O2^0ejIiNLX`~X#?>U)s?-Mzz7*0b&c}!3By$=l4_f_IS3*_V#ffAah!;BVoTz2aCN7Au~T%vqfcnP4DMfYF8WC_BcLp%Vm&0 z-{T{HJ80r4+AbI}Hg>tSvs=wc#n_Od>M!q8etSB7;h2OmX$x;mupxzrU*fCERY-gg z7qKqmkY>}g#JDQeqEC~7F9iw3mTia`4P|IZ71C&Rw$DuMk_IBQoRtK~zppG8Umapr ziY|_#Vjilw%Bh(-9|PlHDE1-#PU@*%?)(GCs6bYTh=we_{cYmBq^&x9aA5jYU}qEb zi)fs^wt84b-dXYVDU1`6%(0+j3xx0Iv~*Xkf(0EWa8P-F6;23+!}~hM^V4pINy|H_ z0L>(xuXpPnil2QXk4u(@&FbO&V}KAn7A0bAlex_;KnIFIe?6r4=rC+^2>)z&&@`cj16gdT7S2Wzg~mp`%WwU8N6UG#d6FO}RsCS9s6V6_VVBT6e{4akTHM2Y!!{F4 zrB~{l2l0f}dcqoxSkfZF4}?%H_rYRzPl60qDJGVc>sr&lnw!@3@p@(iu+QI9XIG1@ z-QKA=aj9Xu-@^rD;}^_RB!{w^OZPLE#!N^+TG&F6aHV5a6XxQ0O`~F8uKSC09nKCD zNVeu5uWDL{OR=kWPA`2yl+q1pV2M8=N-jJqt;4$eGPK2di!wq#Hn!r#oJ=1s=@S8| z$IBB-Dnyob9Y2vS-(akHK3&jzGLhAqeQ9|=2=`0jC-%g$pA3!WaryAh#1r_^p6K@D z+QlOTWIHni(gi(451fw0m1e)T_Jz`#t~4%nsrcN?j{_yL2ml*3ow9eP0?7R7Wc|AH-)I}Di8OsZbSA5i{8hKO(P*M{5*8`ZGy4Q6|IS-6!oob-5 zVF*t1z;V{=!Y{)mBV#-}f!2}q@D%Bv3Gx5Od>s6rK9zbpApw&|K+VjHR-wz9;7%@IszZ|LXL$UkY|C+gnb2|i6)q392`t79w)eAdm z`xkcV)`d_pp4I63+n?_ICh_-!Au*xn_N%g);BfCUg(ObvCGok-6xUCtIp9_U_9))& z0>p-J5atI|6$+Fnd#_M^p5FEf<+}X)rbJrFb+Eqc{n%BFS`Ld{)GnVtTDeXqKT*_Z z>$-PKe(N1BA%jE3!w`&?lm-Cw&$`A${H)$gucaevPM}b_?H# zZJy8}xs5~j2slv7c24HcC1E8@j$T@ewV7^wm*&z9m6L3ar&u4G@T%5b%AX!xj<)WM z8K#uX(q1m)&NOiQ*h7fy9)>Z13T)+@q{kowdlhU~A}-}37Jr$)+-?KIv2c?^>T^@b z?09|5@eAZJ$HL}baLZSJIH0SC=vGSSdlAkzR~!e*mZ?`C)AlQ?iu4%-^Nf-76PC{7 zzDM{Jdxt@|*;Q#|j#%X~u((N}>dx&$W8LS}5M6 znBn<9QMI$0PN^hAX8R?^?2;?{ z2cR+lb~26qnWZF@dxucaVX4;CewoSisJs}&1Y3!adFdY_RFYGuNQT&m?{Aj%f#xg- zbiSV;$GSdG;BFLu@QzpWC}40ZOi;oGI7;PTT6UR3J*Lx4e;88Qs+jc!cASwZI8!I~ zQ$^emU-NJ;F_1rRZaIxvoNEU=z6l4mkmephjgFH6k9ZM zHg@XSyrKiwc74Di=KgpN^ArK@4Y{AqvG*g|Iqmi%Q328h`yI6O|*!$*2^M(FN|N)IUfOperM?6Q1o^S1*#t|jJgiuW1t<$-c7K!b=dfQE@MqsG z6>r3-J69?+_K&O>h{W<|fxO-%{m$m5vkY-EX)lLHH%&2sfQe4S__5E`f%q1B5?qBA z!SwSLy>pc>N%&3>?X+Dj=Xd1cfLI%3TW0db{NTl08Ax-V zYu(~cF_=&x#M=~rV5S;;rnEw|k%Ssph_d3w6SE%lgQe=HSbB%ygm~L_JaiL0Vtgk9 zv77Ekc63hnlO%31@nwKm#l-=fvcIP&G%|z1O*$wm>h6z}47UUzv6Lb)_l=K3&9TIx z@JQ(WKV8d*;DqjnpGm}oQ7{Lc%}m%vhetWT-YtB~jnEB~6K+3_sGj}T1StsY!ikHMMx1t+(9kJ+Yr95v*alHy~}%#vAFp0JF;An<{=4@a$lzIS_5 zKd1Cd2;S^s6bi-z>tUV^k<{VI8P>dT!~8c?Oj5VPwrau$IxZ9GW=B5*Q^i!y#rP2J zw8a<^``VAQPy_(!MQ9R%mvu%)^gaDK@v}P&cW|UA=DqJcn#0)SXnjD^{b6ZxUo`aJ zs;cx^JqQP|6|bMLutCjdl#W+lPgEiBz|!~qgvrYMFQ!QmM8JZn z>%7JV1=4|FJti-?n0y`gjAD!ifO0v)Z?rZ$3xy(1|uG<|9 zDDX>e6#K)s`Pyfv>8e`hzWW!*Ti4Ny2=ir;I|`Cde{S#>65iD6(3WE3ZpW(Hn#7wg z&A=msmnqz4YwPd5X;w>Y3^;0W$EkmFThh3AbNBAO7yv-`0Au1kjeOMMUWXR zKsb$s3%l$UXX(Cw2mViq*rI?j=FwTL(neIc$eWGW5fn{|`$v->k!lF0RL5Yiu4(?f z3Mdrvdk}oA`!<&h|Cy@CnU;7~AuptV+LF_VjTPN_-~H^WE@BwyNTzLJWULC^LfqvV zng_=~8^gy9gct$eSSE!QY(~h(&h!KP!*`ev!xuz*f6npEBM#?h<1|w zmUxyguF&qASj2%=T3VMgvnmznQSWbD$BN{5bB{J>h>)~3<=rMb=~b`AQh9j zm%F3hmLH_Tbz`5)bAt@~T-dP4Jq0Z( z5n$Z@y;2r}^GTMFkAeZUOP$6lQq1~PZ%0k;T+V_7Ynw7ieju~Yq9-K(&b*+4{f-HR zfrKglY05tKZg#q%fmJCq{|rIo)J>NMG!&FE*gr>OWjS0QkIRY;8^r2MP=(7!+7|k` zr-Dy`ov8DbUj42`Oi*tSSpHoZlvK4N@wqCXH=Z)odiSmdS(k(U#HuHlmmeQtR+ix&G#EyP1rTLy03<$w;QW02sa_T!IG$iU zvqy_FU3{^AeyQ=Bu37i~!95$!3(X;KL3T|D^y8UL2E zsYy?d^EB_tqCcxROK#6S(Y;oO@h{oP*b?ra!C^G#nQ*U2Ay-GMqZiD5%-1e(RKCdz z9$o2Z^Lb>9A@`PUXDd>!MkU|Dw2C>SWmxk0Qv`X3Yl>G)l+Zr~*jp$dq%kQR-cEf_ z&ZPlvlEs5|Bk@w@_D8VQ_KSkQsf8LS%@eRfXBh6hz6m|Z*AXUR&GGxewpV2&rHT}YqS>{ z#P+4~5SYd*`m~DeFxBS>UalyqlF?g~^N#KfM?&f9O?XAI_Z=%|jYhMNP;4}88?k8_ zd_#ZlH;sn|?T07tbAX!V7hB>Kq`i6m;}AFu7o15m{L}!Vh41wOf9C%Bpw6O8?%kQxP4$)%u0Ly#MwanQ3QL zxRfv0eEIR=ECH}!A-3RO&EYV-<{w>jcXmn7vDG@981sio1f!T^bUi)eL%9Nej+e}~ zGq`|GB&U*(Z1t_w4}V#VZV$x62Uy6LlnDLL-5baEONi1MREFCYkiW3L!xr$BL92)A zPDmZk0ZJ}+Z$8hYCKg|qgyZ6gC&~bV_uk!tTBDFN9$GM%=b~LD`k=>fc+14WD6Brb z^roKVJH%Z)6Hg32Q8D+yKEva%sAR<_3$B)BE{i|6{Wd+zSC;7^>ks#P9Zy`64|_si zuDY!%4C%dD8;9Hvsp~5H`{82AulL~@YpK==x@o#N!i`!pngbWakOYatAe2`C2j zb~3&Yq>$AIz1m_|YFSrPyHE`Ou(&A}^Tz-9ci!WWwOf?&vEM}gXNV_3|H{`er!?FG z*o)P}_$kWPL`mhl?wh;c;r>uRqZ4k&h(V||C-~7QpMdv;;2V&1(^zQ%6|5eHlt@7digWuq>mImm2@f|&d!t$fZ6`sq zsTdIcQI~VC^Dz)oP#I4BEoy|B;VbQ{h10%lRVq9c z8?J|!mAkwWyiii(qp*=Y1?zNH9yY(Mw*tIPLe*x!*^K^br1>;cjBbC5-mgN57VcVq zLxJ6ff|3TY*TlMcsE-LXJ^@^bKk%%!Nap(c!IIv`OBmXi)wxw3XqD^iK`f5Za~p(I zM&_2L?zMc^-Rj#02(}bw`^KkZMLy9@NQ~!q&qx3l+9ww!tL^k|nb!aq+%wMTZgqso zxC)Pf+2i^$QwM5{BAsB=?OT4hgluldsJj&wPu)F@CJ(jwwb(&JkDwAC>g|5!Nx!J7fjLx|CuUAz9 zbQst932ilk0>Y!G#xut9eW}nq@Q~S0Qk}T%hcvW#r}`N+Z|x-Mmn6aCdt85~{RbSrnX5;SJ@h9WH?Sy(ABrglHttgzD_8ZUPg?{F`L<;L{`qS}-fic^488E2kb2y~q#I6A*DDxC z{bjm0dO>c)v-#U7BKwd+Um``50y{H<-}v&-89z(|=IHM?UxcplqyDY7*`eO;8syM3 zw@>rQgQZma%+=dh$Z@lM?cjkv(Ffr2HQ?cE*oUKE*j}F*_h$&V%h~qHt~`^1(^q2% z34Z|*w9%YzTb3nnboaD;bbQERK}9>p5;cw~xDAu1_jRtwm1c>+;b$cUrG-N47UVfWzt0Xg?0$Js^V# zdKX)75ykv2DeG5rw63%ad=HXB*S=7jewctVaaec6YdE>F2ZMCoz}W0y&Bhp9sV_Nr zBT|BQiS&~OgX&LZy4+g_$-cj=hvl?~08Phx$I7?aM674xdKb?yJq`1@b_}7#%proo zMiS`ahL%L8mtzh8xN^R-E+6bKdUES;^DS8Wl0NrXiG|bj$bTkbUss$UZS0^bgaqMtyGkAy?s2;A`4^KCjS4{L!&7|JKMU!f&NaX=`9S zF9OLl!RS9v8P^6(CL9exCG#KP6ZKjDF2(e*_IP8~FFAVCKRSAI#k=QbR8Tw} z{-QjuGJ&qXZ!&LR$l7vpgW~+Gl#04Utv0BL<^fsr97NRzjVWlIi*5oWSH*8(EV*r& z7WcMj7$hxffQ}wErZ}V$>1M@#&sRkdl$pb|NBCIp>G}003KXZX$s^2e$+JO=U^E>T93{d3n~kI@(RxxTOfB%4Jf4Q_@BRcuH*Nz5dXTfh)Av-}{ru z{82#9?qu#%b`x=0> z>jzb038oLv<&Y<+F0m6r(Q6vJ{_|*AgcG>dZI6V=;`w$EzAMN}K|`dAdxi<6R_8;C zGLzF8u5Y7E1K7y;40wXP~Ejgzg@BINzm_zwYs(t*-zVQ6*Qiqw|x} zT>%V*XTX<W^Ay>;*_jqdTCoZZZ?obuuq+g)vSoEF zfCr(PNaw`Jmy_|i-Xd!CVkiV3KLWJXC0X~_Ovl8gU>XrQVP&!G=q$UR7&a;B4B(d2 zar*9igKiOioZJLj&Qx138~LXs4ve^hAH1U_l>*AUGdx#LFX^<$zz>F`|9GzC0@82* z+t^-`;<!3}xuS)x1MBkkQKsYILjiH1es4~&j-Ttal`^^z`1ek-LdA!Mf!Lb>w?K;mvOT5Ia}gW%Th zp`Q}xS4MjdSadJaIwpSvn&>{P zST4&QwPBag{iQ1^uvsql{(?v;@c;@%%`4zP7Q`MtXEVFJvImF=B9u>hoJXN7A5AgC zcSUn7D+ACqb=3V%;swyU*ar1$(d`lUipK%Fg%jc!@k$=Q<^stKKRz0eRoBH7xaFCn z@kWIY>GIfDHo(NY>(R_VCpxwc)Sb9`vP0RYpN>gZbO17+`akFN0^V0Z9vb{NuJlJ2 zK=Qw|*6Gp;?#y0Lga^gtaKGYHtx6W4>_DCZ-Bq}K;XgTU%;UFaJo4)7 z=>{@t3d2qeP(T;(diwKq0Axwto~`(hUZ<0uTv1hmMWYv3$?1YvSII9_n6hMeJ&ci# z>Ji(RhBDbUdg;~M+C--o?@7Z z2gcrtY`Yfhr4CKelZ~D-6h<2VuOAkb~ z>SrNUQf++IUx`^0EZ?3c9AP%1p?rOg9HtHYtW;pnNfIZ9YO{Pg=i+?BvyJ&q3@WmI zW|XB1$~xajel|YXCL7iESpLQ>$y(2KpT_XqX&eu}7i}^#y?)RuC#Sh*iOyd7?}Lz1 zaOBGE)AyJI+PB!M-x>~={ZVu9IR=kLDFq)GZeb!8t&g^0=cY?i@?!fi8Dx*aJs?FQB720g{83q6-T!Xe>o& zXLN3bBIuJta>F1}`wISG)qaz~y(qGA+(KyHGLwyml+Ex`U9o2)muhyTfuv z4Zw`h=mvZcZb*d{_am~lM#oFRRIPLTW^j3UqR}CWueYZkUzb8eX))15{Q_5jJy_Pq zJRJ}^fOvV{z9}vt{E5&5=dK&vnI*Tn2NWm5?MV>Q>AIJ&6d|IX`v9X}2^|kcdlZiQ zfv`#_HF+GYE5R9PJWihdSrvbeESec;{Lc02c;gKw5G83jHS{kBnQoigho^ff)qC?o zYr6iWVVb2>57AaQU!`~z-BIL85%eFltUUKxA_o>l_lXj!MKN@N91Z#UL8tc~Z5+RU zorS}Gy+2RkrQsg?06?o;-my(TB4i+4neSe(NG-7TCet)r7E_D%>?c-H_}YsHR8?ID z%N<`iY?-EVgME@%`}Q=otPyefVm=%f+7mr0_pMhDis%P*rdd57&eK66MmIH1%L)Bw zp-E&SakMu; zHTOH9l`~O%)X{#S*_vec8xQq41NOPwOK#lCexW<8k6$3_n*%v{N+;J79IK4kL!38#3f%Ed)VgVFt^Io$~3F-l&Y3d?~MS-SA% zIY^P=WYoC}U&uDtd*m^ipXjSCeEnRb)A^7J=&G*MpheM#F%_ori)-F5JgFXebPnPV z;_h#fmc}23zQ}l|A?;o<*`F7ix88ex+~PCC`?b%mdLTXpIN%)h5VSt^3`Pj|&zYt6 ztmVz6r(}BGsQsdeuHg!gZ=RoHk=Pe%ZLGTv=H&am^S!~v($61EM+yJ zrz_seg!GxF8J)Qh1e4cIXs#nEp8DaBD}J5>0l>8NedK<*4AkIDOivGfxLHFd9sR#q z=TZ;6N;wsiz~dLMz2!IjiNv?SH`<=j69EGWWMnkS*^Y#^C}F-_tZ4A7t{b z+(pHw2$!1e0ONAu&GiLzc`@9^aIhIRJ`2o8roCZLH>IEd;}}xEeJl@(Cik)3pn(yN z%ffiZux7pV6jm)#n1jm$3anKh$La*MKOdaierk(H+~9S=#XT$6=PO@B;BoT6rT^U? zD4QfFS~je+1Rni^Ivh1vvgAF^Ehx!-S5t@hY!{0BUYp&31I29k4383Aecqn%g&Tt} zm-pk+1pL__9%yw4@TB99{i6m*z|`~Thjw4Ud6;Wvoz))Pku_$h;UiXw@a*-9tbk5F6E@Hr{o)V`x9vUO`QW5&^#=qe;%=cZj+ig9Qhbiegj z1N1Ww0iWs-EVXSR&CvbHw}J*u%?m8_*vVENB0XQF=d+?~!QV>p^2eZ&iF5e1N_AN+ z4iNERSNQ`(uz%RnvcYv!2~8dptxL2Cr_X3j9UJXWK@0r`oWp`Ha3ixWw*Q#YdpCs} zPlG4-1&B4BAdxgOlop_-`IR*H8QCa`G_rQ#6N_FiS$|EiJlJj>L!O{=n4xDRu`_$K z9-4I-k$S$oZ&UXWqZ?-YTvxM{SGCfqhjotZFKeoiu-x6;7M$pK4^+drI%_$d&=Nk- zRcXM82{CX-20F$)IPSlzX+N#l1&o_GJ zv+YAOG*nt{<7tVQMiu(fQoCH~D(%kB#t}@H**dIRo;t zRr=vfzK(_jbIa2eWMpNj3GE}l$J@hhuiQn^;EFyK?3!^LOO~~nMisu-PB%|h(ULqvvQXgui}D> z`=&jJJiwjdykNCoTBI{N8?;Y%vPzkda6IV?Ic10EttZe^D8wry(Kpk>E`3H+avy7wH?hC>_Oi_97=+%P_m*azk2;7-Z#wuy!y->Sn*yGk$TqNgt+A7HRI6M6HcjZoI zVkJY>Uh;N3zoR1~OSc#qdo;g2uFiX0C;DLf><=yCmK0UYM1`$HVi-KsD-yS-2mQO; z0^}`|q?;u74aXw*Ra0>d4+WYb_v;0_i{mB%a#G`miy+41!x>?8i0dfcf7wxTU*M0f z#rp+4Eh!KFS>EF|_2WMV;);Q)2n2QxT_Cw1FHurVUh1AxG5glU2W3zZYC zpcb<&STdAg+zm$+u5w>4P`dOCZ#e0qgv>Bdk#UnBck%V0j{718V>eJm;e__xw%{#k z_iLSr@=e<6RN4~uL9qP{YJaUSNq2}N4-!-m++~NPw5>e@@x*O|{KHa*AdbE{jQuu( zZhx=Ie)NLG^&_{@vH6Qf zjMhqjxwd?on`sS?$LmCf=y)W-`t!2r^?rfB%N*Z-tUs7q=_}8R$Bt)-**Mwj#@bY2 z%qx%cP-y^Hhrewn5knOA@lY7HxR@ioE$c~gPc1`h7Fbs|?~DQf-lOT8kZzr+stw-A z0lRGT=o0d$J%Qs+eU+pLFMg!WZ+f~(6xT_ZB<%6Mpg8+e?%CJUJbi%_@B29<%kc|t zaf~?avJJ$qVNQD>R;!G1+u4<(Rfh_D+x$nXb;@#`9@h6eV7mwv^K~Zi)EI=O8%rw% z3`$|L-kGmt8SwaUYd#l^QJBd{LOEX6=k+6gO`8g~k@#wGiBEm*2)mtgAA1ROHgXVL z&ssw>YjzGVQBA@wZ#(^tarKn!3{4@1ucjad;WdMIQ54otT|#8pJZnw%t7pC*Sc3K| z%IRHtiIg(#V?S$v|o`w+^c zd&ZNie~{#4(|urkuor$A-GZHcdmg_@q@DHUwQdA798Jp?p>`95iT!efS>~_J1}bGE)Z6W$wnu`fs#G?Afp6URm7&yi zXTIf%8&!uXo?sCZANiOM-R+IG%Paa0J0R36op~l_P>?h8`m_S{SHDNXNNV?n=HNR1 zZk0!qecV2Lqxteb{dzF8-)*BNNedFwsNd_48~2Ofo|5bEv#$|Lm!GiRta?VT%i&~K zS0;1>Z_g4Fd%hw1HM#ZXkB+fdJm>=l^&=j$@L7s)IFP-#MMfN!05hmOX{tF`RWuCF z*FNR<2NUGmpMB*tB5P*`P!hf0t~b>;bc6-#&x1wFuerVj7#4a+GNrk99$wBZ0Gii! z+aaPKe7HlsHk9U`iP7HTecrTT;v2(iX z!|?Br_I2<3o0wiJrD$xhhwEqQleIoLSm~gj$A=8vdNR(KR{FDcdE_vHoXJs!=0?f`&VBL@bqTEtkqIB?LIV85N<}5fF)y4(LGTAo0<6ISV+F>5Y z&ic8wM%#Bfa-_`7@3QqajizzV%X0NkXwkq(qd^AEX}T6=m}sGVc7G;hi=?i^>mCgY z-Qc?@&+Z6ZnwK)aK`{;Y=Z`rS2E7W z#D?)joAJSu;Q!!qZ+@U^+!7~io?u+$|H{`Gt>|&02x@%*$a-LYtl3~Q1Sw(Je*SXg z`Jk}vX$e|yynfrP-;Ea|I15!_si!3R8kw{O(|rt|@N8ZTNb$|EPl=CwwF9)t!AG}7 zgdhSH?sF7sIYQ+)htwe-TFmk($SptG57Sq@&w_YiI0zg!rqY_KV-kXs(X#sg0rpQ% zqGEK5{;+F9SKl(^>j^BxV;HaAw_K+oF^(L z*$U2a+3^ZI`}o+GiX=N6uF6@FjWhOVp2c3COI&+5q>C4j@AKayq@=_ozN=x^Amh82 zMYX>#ivvvlu_%{dA33E0&nThJ(8Sp$?7-iOQR`ghioR| ze!krI`FWn(YJdAzIGX+)$K8A=e7%G&&G`&ex>VBMwVv@9%V{r+$1H6Vl5J~ZZ>T1& z(S0jI!{b)-GVWKLf=6q>#@t7N7N25P`d}O-`4EbnF{)r<#H4?PZ^&sApob(6+LN>3 z+160WzW2ZBoE&ndl!jA_a_xbn{rY+W{orLkzK?Oe@QanjZD7tnG$n~=59lw$7M&Wc z+wb#bPxk1NeAzWx%5m+<3vsROkZz@I_vg;c&5geMTF3dtf=`(-0HaKg-jZc#uB{QTg|gJ_7T% z`r8FOh(~dnk7RqK7P7gn7UO^^R@r5G9+wb(0t{oS4EP&XLBwNFEw|)z{y^J$$@vp? zVlzoUt-qBE08SruFGi==3Rv-eJ}yDo#mcX?YewK8$*EBP_>3dbdrxGvmGJSHn&uiO zAhKXM;S&7dd5dN(>u1NRpgK6l*H0AU(ceq(neW_UoC8SGp~8aR0*`{^vqVu-7e)*0 zC_1#s4%tBgM*`FT);u42TdoysP5%n=-W^~t)amjQR&DzmBjQn9Cj3e&X<7sk5oVWH zA97}R$AwAUizfsr$eH!U^aAo&ZK@=hms^gUT`^x~NBDnzkUhsyPSE5&U%~<5i#fRP zOYZa>T@(&f4YxEV_(%P|W-#lD*;76t7DXlEeoTk{>COSP0{i){`<^G8-evc_hYN=^ zK%jUA4*8}|%;ESm6S^rY4suk%+_rO-tjD(jp43fIWsoYNSeXt$Ty(#| zUSWboYs@MBcOuL4M{oe|XJGoqsX}}q3FF2^$Mr=Kw@&R|@Lj}3J{tF`BTpI)$NiD&Iia1?zz z&*wO&r){`$XH@x~9T3{&(6^l)G%$+J=(i@jJSH3T9#@xo39!H`j1isDMdv@S_4+mW zlNA=u>7d`-FC@=U!I#fQq;=y73+!~CqxqgVqJ@$;kAEG2p$GHf_~sQe%G)>`o`L^Q zspFugN)keHPo3g;F7nISpMMt#QO!x;!=3EWk<10PYp{AKdtYF#JRKJO;ZNBI$2|(Z zvZwH)T^4{@hwph`3-EU%T*i-h*NPd{KHJfoLMB{52M3H={cM{3_lhuF#BR@jk-Wao zge>;PF~7XI;B?+zLv(-j5142?J@00KJWZarbP#}G^)F>#j>VZ$fuHvs=Xuy`m_!ZK z&JS4`yJ|atE2R06>&G8K*sNLf3*%5OAfUEnCYNbJ(w$X4k*BzLT`7p}utsT_?E~iR zB!%Yw#vh~CduPv#g`6!B-Y7{w5*_!ZiC%%-;6PaT)9CY@Q`r1@cYzytlwlMZTN?FB ze;%fABe?aZWLLlElc&Iv_2r8;cMkT;E*vCuxqDhsqI)?ibB~n0RWn3N+V|!bw>tqJ zoznEgSI1R82Y&_Qu=osoZ8oSD{d;gGhGCBS$#))5nq^AXd@uJFOnsceA1h>y_PIUy z&Jz{;uNtZfwBo1>i=ezte|h2>A1Rg9DzppK-|F{ ziOhttz}u_b%I_R;wrkzs-$#Bxv+%b(Y(1<7ZsqK8dL^sBl#MMOuN~?J=zd;P19-iU zWqrTLMz-PEjAmCPT%vhn^ zhfUyN60uzG@%x>XdpP*0n#rdpBe~2+DZ%*ZuHLia?BDb%4)48*%h_kfkHB!aK1y#f zEHXl;?LK9b$-k=CBFc82ku2+)QX3JC-aeA^=b|L$ud2@Dm3h7!5`Cq_(+^&b`(gCY zLW)!I$2WR@KI`V=w7!NhK`GBbejKis%)nZ+YM2p}eFviuj0^}x`&rN-16;DNee>{x zZc~TmO(NOU#~8AH{kq8Z zzLKTJ_PK=1&)Yud0>ENR?W4}V++S=}?g2;x1LY#p&pHOZ_$7^7Rw1=@uco~71`06L zU&B)Q{RgfV;+;4RdOp(RkkGrsxxE8c)uNuG52 z$w_*@Od}ED|5sHcXgcsM9m)IoxQ0P#1QAhP+Ei=~tiLW+daCx@63-5X*=y|IeVyx{@y=;Ybg)5`xy4!@m+aGHYvuagn+!=1#xJN z5b#O%J}F#FbQsrGvCaKezOvW`aZR*g27#CRlQ;&J#~|+*!$H&Md0S- zg!y|OSLgA-y(K=CNwx|)oXt*gVxSSZ?<)fbC3Lf`Sj{Elsx?7>#B^NT@stuhGK3E%5!M3fqMn z^j)Z+Ked8j0_)QLVEqi25Buwd7bJ+>^MGC`SPSE2?cp-jk5}S@b(xeo3Qt(KV<*M9 zRDx!>mHQ3@Fx>Z{^jotU9zP2?ND%@yP@@?{$79amF2zN4jvjRgki<{x7b<=e?ujm3 zs$Te(swHSP5+F;vv5@%1NPf=7r6s>L{r#gL&?-f0CkQ|&lbx>#USQxK`-sNoeG4xy zLK=dff5XMxFPemRErOA^mer;sy@*e@qR|LPUZF~&z8|IDPdc`l!w+=6C9z#t(^t19 zxr>U%kgP-9PChSRiVGW3Q}A&-d}7K2`NUW^(I)*>U|ycYANLlz9DifvJNn*_UB>=V zSh|QQ>8eHiMC24K&JX6Hvh0!Qxq}-(1mICI+@c&xTViC$iOfo-`E%{J!7%Js(oy+xUbq*t3mig7= zgr^>@CCeXUIxj%mE$AQg;m`UBTU>c{T&xb4(*+;iv%SB55R!c(eZTcvjC8SXR)3fM zpt4hN-X5Y#Pwje)G=f!cwxJzR?6Kht?i^mJVuHV)Jt1bJnS|SinZJit;P45^n0*=P+&bGgld{QaysV)o3Rgre%wE#1;sFHC_rTV@QS7cDy%!zA_F z`zipTxJk`k;xE6eoJA2kJi_>-qw?02>#&dAu1aS}7%HmV8^X7rE4UVXC2=C1)am<3 zML$3d17YUQnEDZ7mKXVL%@?4IYTA&LQ6=uL{J`<@Gn60y+U|2nIo{jiJ$yZdWB@2U zS_F>s6o^c<@r@%tneQD1h)F+D+I)W!reC}8%{aqFUCLEyw$Or&GV+tv*mEuMq@zD@ z)Mk%r!#9kyC;J!RNN8=yRgKGGT@2YpOj*yim z*KYS_#T=?=wS3OZh0NN^;KURV4GsHh`cp{x#J9SA3G>VTUfkwZ>56ra_wHVHY4#xd znH*{W>DqWeSFE0LoDoxGx{=9#2NoPK*V_HkW11lHpwG}(-oe7Hs+Lkfj3K zfQsb8qrA#Qmv-dGv=0hd1gy{XGV3;?Z~pTv=AQ@y@dXcke@y&%7rrR(!8CSMzYBgF z@OOPgAB`685jAtn*6ze23EWhgx6kwk8ZPXUH|e1$-yKrp04o@n?m_kbiTKVOojmJhqKj0TNEKn6BgtM;PtY%URwp z%Sbc_IPGJWACdjbLkC1wU-Yz#pvAp$|Mb`*Z!m?d{e#XOdLOw`%^mO}3bbb*G(BOV z!0tNL4n{mV>O9Z~GsYBj{OsYHA&C~uX%4q2B&1ejx^^zM(+To?pYP00J@B2|6#%Yo z516{+57cLp6n2NeO2lB+(wi3oF?^qmXZW(VI<%fUx}*~ZIk7$=~ z1~ZI8e&fsHq1wjl_ah&ad&IzhoMAd0lYI>U<)+=gUK2B&=KH)q9#+{ViR)|+y#>n! zNgFnx@X@*{*OGJ3S^YgPfo&L;rZisyBM7+_m)U%qIrDW-fXc+fh4npA>$`-9If)Am zBqw#6B#ES0?Q^k59jTyw78GobQnL|)l1V$>Mb1-TY1V!?PQ6V>nNMP<^Alr&cy6C@ zgY8u|a83Me67HzWzB7HD_%V7N&mUvEqprA5i59%VF`kv*rQlWaOaHL03MX?mJ^T7f z4Kb-%MW|o1XckVvj!69;H|VK<`<5Z?6My>>9yDZH{n!J2LL~C0DP;ZG5Q&%?Rd{Z-q25^aeRy)yvp)7Z2jMDwvNm3250cjrv`F<{FOWP;LAeR1@*y~s83nO zyY3~+{YW3&PxQ&z6f)e~*9Gf*pQFC{F?^2b_#XH5X1`*=(z`Cc?sM8z%?$R@8T0%L zm6U-`M2ZCP`{mKLPA5I7PHP^h0nct4>r9K>1BjqHv>)N9&E0M({eLBbjW(3|ViuJeKbor6{N>_I<@lsmNtH5T;?2NFWk7wwW(Sl*)PT8OefZ>2)0vvljWXA8Kg0) zpB9)r;zf@4;&6DC9LxLD(JWvrtN!*--ds3i5VS8^@ed5hO-sxc0XpnJs`$>@-0Wu5G+w7Ek1jPP{$6oG@WkB1uHvUP1D+=bf zNmt{&C-*Dj)P6SS!)C?ET^>$9+Bk3~49r2%Aoq7h@XcSEI+Dq+uxOax_Rk4TRQSK$ zSL1EOe>De0FVDgL5kK6K`3pUt+LsYhXbqegDGl?+8NWb2eXHVjv=n+^nf)*EkDo2n z5N9-Z-1k5ZwCXMI-R-CH`*5KQr3dcGDO~b4B}2Y9UXuA;n&Rf0iaOQ;=WPT$pWce81U^UPq?dm$|9-Gu>vVP zXp10cl0K#9=rFE@51L34d%7QpdViZEm!ABAi760FkXD$k_mP8tPWXUjeUHb1A3xO% z%vT~zAEUYsIruFA^Yf%2@>C5E4t_t$SX}Pqeo@X8XS@5>mcwkT_%uEsk!4TK{CE1l&%ZX)>5E`WN;nah&?&c?r%I_ z;~%{r)9-&FPf3n_lem0EvP7#;0Amh%2!} zwzSgk_;MQ!G=OolNtPL1<>&9q#0iUzzu#MqLrhF%l^syVxwm7v&=b=c@SA26cGrGN z#X%h5%jfs+?6SX6Iv9C@YlYjJD7^`9l%Lbj=I)QkBXiI)fYqdV;4Bw!3R7r$V&L0(GciKleNze>{N8zPauHMI}~}X1-DhmAeBqI#l!eaE=|oxd0}xk z{ci4=l5E;XDfll1k4ZcW`ROwm`>GoHl4R_w_TX{C;;gU)K@3*comnYl&OOzfkq>%~`NG_dn zA|^RvzqB^ZlgwEs#b-?-MT;{C#8^Fo)NPq0y{7GxgiSDT#9}eyV}oE$q>I=3fQ@%A zK=&>>c5f`0em&qi58SBYm=vXvMd7WKhr>OodWE&3m!G0nWApG4a{636%OQ+pUXs)i z&FR72Hp3*CP>JsQ&~gNWRLuw`sfKfR<^1Lg32>#t8#u?`d#$7$BQBo&_yv;x9&AA~ z2LvkP;=I1ER|emk`4%r5ld6%+-FQoj4Ji0PN*b9)F3_+Mj)01?1 zKX-^9AJV6k0Z!vH{OrCKcl>?pzIsbn6?RcswtQs!67d9Ktg?2~f^%yCnZOYOI_6$9 z55mREBr^iX7p;qA-@W3r9)8|}z(e`Dr@9#tCTW`~Bs?N3~?%}$|2?m*uc9sDnV;8(}zVRNO5R&640Fhf_UQkuL13@96L=t z=!a)Q>d(+jI9hUT$bp~uc;CiZb=w?4`IH6YugJrNrDY8Zd;hc(L!6TM4I3=`} zmR^@h>1%)4TH_ss@fi@ts!^YsbudoVtZnNZe+<@<@A=$a^ralj1A)fYeM0)cOX{08 zUjELJI8wpPEe=E=|I$710T=DkyyKVT&KA}_q%ai4N~8OpXBtr2za&O>QonzVsb`u{(){)n#AGM5oR@b$g!MuzOvCMiAvf^RX&P~%Fa_TD{U$OF z-SM@VEc`<-A~Qex$RR&kLvv)eFN?g!tBjW{0}XkCKkAiTCvvjj*XlwP&xK=t zY+yT#g8?uDUnqPd^{bry>{^>cHGi-#8T0k8XDeI!(a24fQiqw61|t&XAqNoJyNyIj zozTHX!QJ>lsHQXeJy%SxeqY2a>J`>YsDk*rd2+0M8mF&y5CY)^NKOGC8`{ApN_4I*T=nKt zm=(S>-=uSI!N`U90_zStgoL_2U*!Ipx_Vgc2US1qu7|knEgDgGLfWk1O!#Wv`|D4d z9%q8wSj+-Suir$UTPqamAcZ6>?63NS4PWQW5)yCJVelO1%cW?>v2M<7Q%Rc5oFmSs zA+f6`?1~Ag^njf5XE@det1YmJ-EQAQQunr`oF)DgxOXl&)tTetuhQaCSU2RIaa?ms z21<7J2uQdz%lCa9ClCYBiu1(8RFh%;oAyf=Ot;)deJ33_WH0r_;JjCU1ZW`5(UV@M z4PWhRcRaB}#NxV0-aWlOocE2jfoeC8p&w2coHD8%p|T8lRHr5q9^r+q*uxzFAtB?B z$@{ijb}$XQgo<;$j#wyuzaLq|czi5|r+@=wk3OqIAfNDZ%i%%_!1C_F!p3~Lo_#(z zmhtz%`+)@zpiPR#7j9VV{l&3N3F`Hh=GvNTTLN!0=M`u$Z>w+06^|zi9VPzZyS}7; z{EjN@3mo>{=YG4^cZougKghib9}C>fS|l#x8=T+E?x<>9@GU~{B^CxOOZHj3NCvMP z3Exu{bL*NYTeDC2FQjWs*L7oY*rTq9{9be+@Lw7J6cyvr1E;6(Q#9cww<*sO*84T; z7(PVR{4D)=J%ouZb)BsplFGQ8o%syL9f>o4_a&(3m5|{3ptI0qa1-8x8N<;Q2D>Ta7p8$H;b$gT_+piufXL^t8 z`RV>{hu4UvJ1eaAi1JO|^R}ZGWfxhAVkwnM_(@&qFV&Ve4s(4EGzWop&@}P=H?*Id zIfx!EJCdBd9>4|O=-YET!0^uV%n52O3@mh_5XMGGhc5f{Cql9!R3|A3)l4MxOwe9z zDz$rW`iM`5-FTcwk|#XH`Y3uYd(e%o6cx zo*w~iY}^@@)%Z}1=`_YvuUB{MEIvl@(!fd6a5MbQ4!yr^bVD?E-NUUZ#+V`s{*e|Z zW@JKjg|1g?-@g2nWdzd-g))#a#iCzGjdjS-)PbF=D7c>U(f2c&yjB#C#J*P8??zPd zsM5W~r!iIRKa#F%OHpl${*oktM~NaqGRm7MC`p3kukT6q9d%Dv84zKI6=ranX?n?k zl(o01@AZ2lckA$2yyHHtb(kPmYAIfhr+uy3^&HXq>}RfuFFmd%Iu)<))E!Q=@p9tj zYrf|XBTfg=0oCA3nRaZA?^Z4k25f!HV4p)D;`#G<-M*uieaTLTNN_`OUC6fx!MWSU z0D2psU$B3=J*b4ed5~sK^0k`C%j+Nk-qWWWDL=Gk<@%NnY5fe((uOauF-OAQIF%J8~SEi>|a^^m_b6DN^L_w@@E@si{wd$1_EpQpCXF~mv`PM1gq5JY?X!g_9$9aUKkTL8J9SV_ zD4&yhL82tUDII+>uxUU+3BPcfUO+=>NbF&q<_Tt#8v_an+!n zemVuM{YUHdC8>Fa)GWXn-4qgjOgD)-e6&?RqMVz%MS&d$REhIP0Tw9)sE|A##0rHP z>!kZ|i2NOI;e)JUh1e~MbroAMODr^>_?!GRuKNa$AMl+!Nq!jR_alpN09bnE51FA; z_Vz=qJPyM{F#8o30y-~L-RJS{LFqoZ>}z)p6TTFn51mA|2evbz@Mz22u|N5K_)fD_ z+1Of2+m&>^5=HNg`o8y-@;l$TM_%m9@qS5~oudzW3{6O+QpdP|xn=M;)!85x(UvA+2}|kew2=GrIgYjCxR5Ht$R<)$TtG1b-8woJ>yjw{SnrHxj_J!BmcN%(h z=hk5ewm66OBozM5az8#T56!`AshRgbsd4g8TgP9LF1RMkwU<{*#(yE6rJ zm7we|9im{&NZU1q40?7vg|omP(R=uvh*A%n!GXe3`aR$8Ei5tK=7HRY(|V%Hl8FS7 z+N2CaY|I@O+}rH{yPt1$XT#~E@a0Q*F!?F#3ZNyW08xmtMd}awm=y3rEo@J%4B*(& z?wgxm!!C4Lp=Ned}$JdXQ7+*7X4X-xfNn>W9tR21Yo6I&VnIHs@1d%#?7JmO%3Ur=?^>(>EeCOZm4O)usF4bX6#xqR zrR=j}GTGl*Io`Uui%*&p+aP^cP6x9CH1NsDD|j6!g=t&x+Sg-Sjja)mTm9ZsdK{{x z6A&}Mu+`4A0h87~GZ6dWb5#pN$sQHs{ZRL6nLyi)R4P9CgWC_D-Nr+dI^@hvDynA(o%TzF*gEhczgNn`$+L zl2|b->zhi7VtL*clg|dOb=u>5ksm}qzkvf`8hI@mmMF-DeOzb`q8E7o4-jg!%J|#n ze=Yu_W3yTaJ_(NV$CvwQ>yyFxl*)=sqMbSr5mW(h6Pyr)rg2=x_#u7!r9OsaN)(G| zlcEtGz1Exqq;Eo(WC`e_=2X-XnH`bwJm5D(Fe%(QbC^DPDLHBnXp#=eHQIhLH(e%} zj>h)zT?pzv64;u7U8GBb?Heq4xK{h+>TW+3agG3HCYwO|B+`s;Yuj!USMyQNoc!}N z^kO=HYS|BQ=~{=GfJZ z3lo%DnJ?w-cil%|YjprnY!^HJaJ}()9k>m!u|Fx^m>`MRT_#tl)&#}6{%FX1DCQ1K zCjRah!h%CNM<3sNssO;X(-N)ZY*!B}if~Vj^J>N8EI8EQ2$UXLSf z*q1$;eE9|Q$^`7gjC%M;d(*@7rjdye?OdlsgFYQLS@M?QQ<}WsiCwJgw9DGoJDLAuk;v{cQ&7#>9huRRIq(+Y^u!xcYDmGf?Em;;0b9)IaEH zHKuGyY!h7czP1H^o*f9lfA#T`L#HkJuesXJVZ;P`>Ms=5 zuft+LM2uGW{zq4q<%UemKj$lrw%d_>f~XFf$m~JOqExBs`v3{77Se;wSdW-$uKJ!w z%CT9?$5ra~73w67Z)k^8vEcr!_%%Km^4s*qkfMJ_+ZGWqscn9e-;o1i^F{>z??(VO zCcYpk1ttSuw9PPA2}M;i)PR}cex3ID16xhN^nXa=lsbHq=hx_S9P(+!qG*WliT+d^ zB2;Ddr*!3r$I8IV0&>(Cq>6;lMhL$729ACXtlS=+YL0!YnVB>aSJ;(B{nIwCr!8PYW zBnrthc+U*?_(K71LZzE-y*>wToU-$mYTN56$ZG_1dkxH;ceS5fG1zu6nrwBN^r zbMxcebKh}4#=BZs&NwRhDe!E#xW62n+fQP`L$`0+dqF^v&s7R3e+U_@=-t2Id)rRq zyLt3y*m*wrO-iW4E=#-5&7BKWAO%x4W-Y3hc7O2FJ_Glm!q?>?m*gTT@9)|&E?SBR z`J8USn_Inl@LuE3vpJ|A-Z$^G&(VzoYeN(hMc!Imc%hDuK~GM1w5t0{+1cFWfyEi( zna2ta&*8OSQ?413yw8`rwCwk!=C7d#37U`af~OQY$%>BEMDS%&Z8S6x(>+U(yy$NB z*fjS&QMrGUlW}F>SgPj|tWaHbQ}=y`^obt|R9M2{ny^1t;VmTCQkxR>c+jpT<$jLb$@l+8Ip$zw9r=n{r%urN6+6TRTuFZCB&ACt~k8=wAz#O$GY& z#PrRDh%QIzc0QFs=e&qpC0nVj0L)))C~etx_hKI`WpQ^`Sv~J|@a)7xUMf5(YaIbx zsM?D$aa|k`9S$nxj7h~`2ms47{#=JKk>4mi*0!B~cjTr3MO!>UphIzGXd-=;=>-E( zxV?@RkvzkFGk)=`WQ!@ht$6FZr!w4#&_(I#zd|Q|Lt$1(?-Vu64;S2&4$j;i=qhLM zQ?bzP=nUvxE5zS>N_?Df8*d(E?424zA#TPJ>?6!sjC~3eLU^#@r-I`0XJGv3Z_20> zuzfEAfOC$nrz^(^0l`0m-R407-)N~E9%Zg)BcV5gqu#@aMqc!gE4I-QfZE{-2^LQRlrnmoSQV9GBY`|;M-OGks+PzhQ`Z&k+4~tZ$bh!&{wpV z1UVmto3c67@{{)7VB*bi>Ul3*v&)-cGv)d5DJg%eT)qaTvnO4@`CXD#OwncO-7jW< zX-kg$Wb z-?@rKU+F(YB~4AiFS#XMjW95>I^l#)Ld2Xr%`wh9@=A(PC zt2&J3+CA~!S65bx_|T(#AK6#gXeSLFxhsbkell6-Dv91hqv37c@eq+}-hK}}LG&|y zi;q2Ls?&aY*Ww1PjCkJ<4k2|OsW2vQ7rs`Up72>gbwtWLH@;we51A&&>X5&;MG}j@ zVl#J3zEC;%;dRnYX_45+8}wY=mXlHA^j4l}Z;jY)WcJZySdosh z&LHJ+{rYv{5vc~;6sp;!KB1s_l~J#QodK*zARvPS{nwxC$AjyjtsPAy3>kD7(;VbBr5nJXjtG*4Q;yUy+3^VrfIoebABLQJ!t*LZCy^_=iu=#TAx!{{RV zA+3krx9oKlql#e%FVGx%ZGZhq&d91N0?LH`%?D3nt%qy#()$_?_xvF=``V+Vp0vQeM8z!iiXE7P!p6*h|YF9W|e^v>XUw}X( zLn#8f8OK6cS)ndFh3g|1=D6^=y^GNr5wC{4MsZnf=`?kb&qVvMJwW%+f4|S+_vpDa zHcgOxz>fV=)N?9s5wol~`aFI2x#W#N-WJE?-sX?nL5^Od)tKMg<9MJ-;`ou~6}TK} zuOr^?A<3xqwTGIc!HCz>VnJ2SzQ}XFABgokryH>OgNwr6pb>O>`5LTY@BkQe5A-c` zb&KW1X?8lWK<-mcgA9gw4M4-3P>a6Z89SwpNF9|sS$TID!i75ih@rMrQNIf`aKKb( zp1{%>_ak^;T{6-`3)mWJwjo%tZGVE`j+*_ky+VNih3k8P1dCmc@nuIUgS2H9ynwuESpavlqjAJ#RH_5rpKLh6 zhVJzEEcE59%8J>i)blIBQnIQZ-M4GrD%gYA&4slwR{I*@bLT(!V#=E)#pG>Nxpa(#LQn9T6i;4|KY1vLJOsYX=5b+!w4Enr*V%u=%ssc*)D4P7j2c*XO z>Nvl>s}J=)yyhTqqYPP+khwR~6-+1(IZ?I@t z?bjKF6Ofy58u&3Skz8JKncuPqiCXTe+FX3}T}DGOp-mkPi3NMoQ!aDP_v#0)lEt^- z*6*qUk@?xL36KAuei}Osz+-x>-XRPVp8o5qJ2l9ZFkViGM!nd8?A8NRR@RKQBp*gU z!9}!xZ2Mz3F1w2qAx>`2bf02wf{U)Y$cbatR9pQN*t%=_-0Nwm`zDo6XdXK9NmEQe zo8O21B&N?rLWCm_FEo1{SCj>%G7axEcLbb30ue0#R$?rE4U)&)Y$dPDkkXFmP*5$RvAJkjbM< zWM0Hl&|m-q8{mJ)fX(X|-IwFrmqae2O6 zUNPo_$aW|HJP&d@@wik3%(3ZE~-(FXAK#%Eu zU+tl8>WwI8GTTf3i}f>7F5*p5{BcSdgYp>t0hsZAGR`xs>G;0oQZ)~VGK7=0UWf3l zT+iR2S5%5uCNAFt?YgJ7w_KY5{MK8dZD3O;9w^!#z5ipsd)H(SW7PaLjvBxV)F zYVK_WFyZ8y*iqW);rBS9?6Ez&}j5#Xn;G>FjV+ zsUu=kg$ctdjDqS70qH6i zPoJWrZPc6NuIc7l(S7!nwUwFX6jn87sb*z?>@v9MR~H)~TRg z&w~l2#QsO&&7AxplH4~jRl(b?`{oE?K12ZuwC~)jpji+Z9ivs-2!x|xhN{MPc_^HD zIKl&iFkvfvyy&tHLwLOB{xNwveNwG%j2xZJshUlu*nPGh0W*jCvrkb+e^HCN+!%Ov z;`WLQlCaLQ{ghs|ZE9IE*ZR-=DRrpK_)xe%>lcW&J#J%skNi(4 z?+fg8^q`7{U&`_IW(jMR>TsMdanZio0GvHx(1p(){?gLE`wj00#JK!pb2%NQw_$M* zPl(JOAvsFe=ND*^Kj+7P=t$gY27>;mS&5JOKjY#UQi0ov^jj#fG5OfUe$gb(T>mT% z0)(k*!wv$R*b2IGNn?(I*WJpvbsy)ATo(S^!qCV@gt+S2g&5@`diLi_nb5#8b7+jh zcqU}N_5#}-k-_DIB#$dj=3$!KOaB)PL}SbgoI^EFPJt5z>yq;1pSs(VKfrW&(Zh(6 z9*>i&+D3ODphem=&3=1lV>_h!-;Q9>SKsWfbp`Yyomumir_plo#(gSZo8LtrPP=aC zq1v>YO}}e_C67vZ(5`Avob2$#7+?W=U%B#SuJRijI^L>qDblb0hE$%0DHjVx%9IiQ zcSBiQ3vTQN^ogQ-J*0ebGSV3hXa*sE``RbLP-cn(M-K4=ZWBg~utyQ-B1|%;QM9N= z@ZxGoN3Hl<^kSZG2l|`L!Tg~3ANI^4PABlv;jFn`pL*0b>@-K_=^<&vdvn(mer{Iq zG;P>-m~($^w5G%1RThfJh&(L4Rp{5DXB&eQ4>Q)5CGM4%_jvmS$OunTwyMV?vX6Hf zTJ(&o1G3Isqs_a^@3Xuoivy!LAuN6C$*ppb81=s+Q*{;?2j4r!%w!=Qb= zm^HfWaWBDr=HDxqzKXteCY#hd*I^QZC@@-%Lv0ZV|<-x#wBH^sfux`ePjp**nj3<7ESvF(Jl8@#`cHlsv~x%>TKtz}++(_2F(E zsa|^Dg0P+eb~-S_^~X5}=uUhl2tQ!G(Ph6_INMkWevtqf8v%8*edJgc01aNx>Id4` z*Y*~HhOI&5fAxsqy-J6xS^_Sjl>=zXD^(p&6;y3<=v;^*nv&05^j{J5aS2HEPN4YY ztFFpVtaF|RrE_(J)cke79Ss9*`7OO3GAL^f3|1Ae?9u1NW{g20Y_|e8N=Yh0*Y?ERgbX%`4mEMa7U<~2E z#r?-Ux|6V%Q;c&E1%ws$ABFb>WCZ|cf+=cu0$(XKw8;E^iEx(JvC}>Urb_Xa7}Z z!+wKoMT6BY8#5>WEPilGzwZ&~nI{wuUmYLNt=hZD;T;PBh-u|t-uc*s{axq+Ec^f?ZASzS6{$eSkF2$4b7{`w7ut&(^bkA9*kuz1$8E z{rN!j_An*HW5360bx>ZvY|XYPi=n0xM%klRr7-D;ShrT0NGZc*q}l^9g)=S4OgH0j zIW*V(q>>xqcg7g_9X8*~z|$H{DH_!ft-O36Z4@U%twzJ$d%pmez5T#Fp(<~4q2snd zDJgNE%yXhi7~o0#?0IDc1WsWMpb`$z zN9I-yrl78$75e#Kul&92hRa=8qJ}kN_p&3mg@j&(#XC(^FI~a=wOf3h`ikFi34rZ* z4(GEErh5yQ#x%%sWpThl!m0Rad0J0G2|awP=R~{N-o*Q70zDW!Zk-o^?=#~}3G;P& zqanzs1^$H1*Pnm2_5$*@BbM%((h0~Q-M#JxfXJW}L9g;j*>oelITD)s?e0`47#EWx zwXVA+q+9R#uxRDq89RjlXl>{xw_cd&2IRUkx|sOX$)jNd{-ao-e9@)Dt5s7%QN(5I zNPn9}8NEJGp;hf_aH>Ex6gO=3;{Yvr3QNK>c$}BvA~jodf58^&lB{(Kf{k}k?ys0R zlVI@Oz03NQKYS=SUNEakPo1M0}-$Y)14`{UKy;f%Bd&g;Ik4?$6+D@bE*W*#`S z`D+vz)eLA`r|T5bPadzl>B8aO(UE)BxdVv@?$8^Rwuf;}mkW(uq)lI4zE^)nB{^jK zecR(~xH)?_n&?#U&Vrhn@5|v^XI$c*rE9`=kiQ)Z9g=;Ik%PxmZm~SWz;&9pgB2dp zU(vaIQXA$7LCZieL3V=HB!Hs)VzemsRio2A1^d%mFsh+T$L82ads1;S9g@!GrIP@z zjH9{~dbNQJ>LY*(z`o{^wmCZW(d7>De$q_R$2l;FOz6e8sQ=UII}B}($V(wsv4Ja@ z_Vz`gond+hjk5P8oc$uNcM`vV>jMWpE+XRYdGvL3^}lP~Us4wi?06~{D$j5S9*TvY zAgNvfWoThJD$e7v>bLv%`kkYepXQOprM2somCm`NEqeT+_EW1RYGu8*_cM_We8WL_ zEN72zRP%f=7xc7b&4;)7#L>$73g7+(5KZzc=kGBJ>^$WTiU(oQ-!r_wQQ$5P>$L;9 zRCP|#iEAI z`4e=@LiJTyrsqfUIS%i%gfMrxRhQZMh`|k`RypTwbtv+L-sVSJwv^}t`V-=x#oa$qtID$HfRe9qkSoDd463+XUFSgg`n7Q)IIbS*hjQrGJ7*Ua>H0kL-ecCr(?KY=@{dy6AW(HzU43l! zO^BX%Fui4tL>Bd?DHq2r3nyGD{`hs?{Phcf{4Zdf^-hVoZvIpjXyNU2zn3PtN+KZ{ z?0&!YxI3=C@2vO=#34;-01-^6R9L*Suov&{<9WS92e;Fubp`m0_kRpkaYg)`+2CwT zx9l%&GMsA3OaBXxB?Dn3?P=QFz`9VAGAxC{wf?o0oFBfZ$!*I^(PFfG1nJUXT>VJW z9vtNjmy2BqqqnlVd5WfU2&pY~l~KLDML@SP@V|U8>=(K4a}CE6q}{6(+5B{vp()!*cnNe)^oy$CAP;dfYsMhO6FiOsK{M2Ql+NnpPBn-vtc*zgcpTkCRw8nEN z-J;sPc*3ujJ4t)Yd*6p`UhWb<%jfki5z0HU<|dZAngL(7<4wqGJ;k7mh&_NvfT3A` zPb2)Tx}OXBHRQ(1;v{>hOo$1PE0w1&Y$XC+>K=4xYW*GoP{_g~F1qtV$ZvHd>(FOeT-?yEV+aQXWK8_SUTk(B0PDk`sg$sp@}d^d$E^4neKA7 z_Jsuvq}QAo&(IMbeX&9{E+gv=o)*H)x+wE$jL!Fx$ zAiCaC`|i|ag#6qGAw)mYk6LT)U3h%C+X~$6_1K9|{((~2l-ccxHLCl6_hmeso-Kx? zo)EWkFUjKrEUC*p2i_d--w+wVNr)5p1*hcz-P;81UqvmYADm~9M-wM9CF805@ejBW z?Q6XzeP2vdtC{u`{P5zX17lb^%}{lFelUYNCL;#9639p-kD3J!!t8s*jk+opAX(e5 zy*%cFyO_o44}S3ct6hjFeAnn^9%`cgeBz9aZ8~`!mTI_bE)_u?>U!aS4V=$Vk`b+q zVgsmH<71p;0*Eb%PL(cb-Q|7GvJa{`if%={80)Kn>kl=Hz1}7`>K85-=?#8Ib?m_e z2{4`GLDgT}OEK>=X-~IPp|gPQgaqK&Fa}TecjM=XQH$@se;}ME>~_a_3MXYxVp}*x zo(ojvm19QFQ5W+sx!c$H{;d7>?b=FYxtqU^uBMNfDT!ypUQYF4n@$AX!w<%qVK3e* zcu{BH?(|h&g6y_JA@O=cadV9wK_hN;32Uj|7M~Ib4JYbP7Loq=J*!=_;GG0wOmNh` z{^JZ;siMoPLIw#K1oic>$8(U+Uby>rU-my110F`*-mFitGL9u1_@cq33WSTMsd3_p z&@@?!w3Nrk0b)J-ibXrn#l?FYI1s?L^mK*UwP{a@jN%U-K0Te}_p__#p+YCGMaO-d zo!s|I>6OdRgG?^=cY`nVXtrZbY23r|{9RHBMRNg^_DMIrXnv*a*M&2UH^FWK@p*cx z?otY~gPD_wQfP-%FFMok3IEs{V7k* zp!Sa4`?Ik42MMS`nJc7vw%q2zCVM~I^ZQd4(3Qk-wU?`0;-_Ww=7GMAIbxRBuF>L@ zbkTVBL?Xpo(mOZCaOpxF!p(|^v+1$Mt}-MPpkgyBELEbDF+7e}XLA5C(Nc7Wh4HM> zk5jzYNKJ-%^|BhS89X2&($YAOYaMrN@-%**L!e^8(|%8fkhb5 ztJv3*J>&0!C{K5Il|q)0;f{#-=Hg&mmm}auo5iPYb^GI*Sb`#Rk9sjb1+nZ`k`d(i zyVril^%;ft^Ghv=Gi>=3&HME4SLJ>^ULxSKPLt(c5Wpx$DFlKe*8m(f_>i;-J!Bul zPX?`y9?m5f7MQ){HPM0MwMQ&7-1F`O??SALI0UE2u#{v z;+D#VtM@F@;k^eTN*KWuN_}}vTCcOoJuZga<{l67+ZTopuVr6Fr_f|_sPKI=$8xXy z?Y-?6x93y!1iT>hZBPAScwiXeQR{OQAY^xGd4loZ*P@zZj97wWz!t*OyIiesJmKU1 z2u)oTI-Pq!un*v+iOt60lNbCGkFMtcQ5M6T-cD9lEJr}xBthV>LC(JVQy;t^y>(6uzdBHCJW~8bsArQf?cZ4k zC&Pwe`|We$a2CvT4a7a8)}LhyM0{$lnkK#?OQP8DooO9QeIGIO7RM)L_nL7IA=v`U zZc(o5gDgSD_qz`|-S1H{12%5zDRC38?DyxvHFJ|Gdvey?4M$cB5t9{8 z;gKDfqN<@(8x?-hmPGhexV=- z|E-TOgMU^|mzYxB6SE%1*XvD^k0vC!D?j1&H?Exfa&aGj3UUqKH_r0H^n?b4cdwQO z4xg78tKtj=cpYWI6WRnEvr_%u)#EhL^UI}~g|@Yn;n)y84C^!8E?g;aICUF2wgNM`n#_vmSxnj@K-S`@> zXS@F03p#EFcbVT%3#n&frcL2Q2CXdff(`U zG+N#!@XsV(A`0YRB+{>}Vn5W^HivTn*(ofxhb$!|TBDp-THmAwhxthHrG?*1*DTcs zl`$Whv8vF)*Q5Lek0!T`51Unq3M zeMOOA!p~a_jb)UN;8gv#`8yxY-f{D=Vj#O{md~p7nr>QLPh91r_)z=KUpsSsvMEw= z?Oj@Zd{CeTJ{C8h#Cg`_4dPo_j9ISm96nB|4b6Oue5LQE#{oV+nv~B>Y?C+fzts#- zq-PP5Ua)uzA@NNYhqbJnr-nw*Zj62(fSic-Jo&osWuOp0=A0@rjT+r2e{_@Zr=K5T z5TCi-B|(`)^L*NmwN>L$X+gv(*wo#=720L*39!k0B-SR2&()>to`Z6<(T8rD>T>=8 zsNTgrY~oXmHlkYA_$wgc0AYL~lqPuBK!#G?J^`!fBV=qS*AmgR9o<2`V=CS!=sly{ zc**Il%&wqk@)Q8h{>#BZ3Fr_08ID_z&3M!oPwlhQi|_+AiEj4!r0s~V`tkt& z&Ho|J!gu)iKXVN}hhh3@kmh!$4;OBf1%p80mZR1*RYSEV5R|Uea}s_$v+Jrmeo`MRqM`-b28&dWbO^ zX0H=6_5fI`KRbw~dRessc=QVf8(xWNtT3mS`q0{+z1=#jJ6a0n%--4Yt)Fd@LmETR3JZxI z*9=bdp9fW7eRXl>35;^p{GEU-4#Zz|-G|Wpis%@qg!eJ$739t4U3PohFVuCm9^%Ss zYk%_GZ}2;BA+?4_=6Ana_t%(x01iphGY^C0AxKRj-ml*+1awh@Dvb;6rByKG!ws~f z^5~4`RoNq70%}#EIUx2j^0ph{c*pvvc3s(IejGAma(BTOA&6ZvG43xD`5YQHhhGh$=!_j$Bc_oKikC7iu>vwugeVjskdwIB>ZC@rdkWMEfk8_F# zIjqcqFqReLw|;-cow1~yPYQ7mUwmZLO(ZpVqYQa@91J9cp%ix{4>{>$!ibxZr_*~Q z`W5|C%uq#>4UfqAh^Z<*O@jb#tr))#as!9s%EFxMvjTN%%MJl$lqbv*7YRTO?ka9E zQ+x=ug@8BFKq7Vzp0hBiMPfY@T$d@2W-#ox#$SjPPszeuAL~6urKh=TdVXIa=|pMl zARX_oNS$0y;7XozlgD1#x!?&gbu8vysBOng9sl)fZYPD!p?{&jC zq0gOuxFUwoZa@071?>t;kOK3CV8O<2)g_fmREq6dJIM5}reOMHdj3^w`0;dqtiXYrW4C`DjfdD*cjS`-EGfwIvje^#(rm=Ng;bMh|NYr*J>QaZ+~BM;3n`|yk4!r38XqlS;I zW%?zd~}W|yFT1=nl{Z^3wS`k?SHRs%nKC#rPja3)gu3#jMI zW+u-uVjpq@knO3n>l`F06x-moWKvdJRB=kxFo(7FrBpV|=}&O4(tlUqc*P`DLQr>o z|6Bv-EMPF0F`)aUNvRE>75@2+(#8}a!GJ?fm3%*@OPx|;fktIEtnk_q;a|TSN5iaz ztmAUfc0G1QYMT&n5B!#9#?{8t&tCY58@6J(bwk=e+wxBDE<{dWxDc;X;4lShICi>S zeo?rohu-e4d3j?*;tw;FLT|}AkNZX1*N?|ukF*!)r5#uM`%Sw$bTRPUEf2Yj@RQ)J zFU1#F#^Zja55G2dh>rq=^K7h%7fvU>MA=Nw?Dw&H z`gA%x)e0>^9BD50eSb7OF_{fcdv2u#|K&E0pWPXv>pUWkAo`}-*M=$Gs;MEXe&VY^ z#~!GWSV&M@yJ02UiD?Sha`y*BILq$|AgnWTTp_Jn!|<}|b~zoK?G}h5Y9h0hsrW4gJ}0QPK3R??I@ur;M)oZph11Uk>K4$Xz923LJ;QqoIaab%#eJ{ zTa%_Z;_a9MF!qA8PxCWp29LW8!v$PV*xK1ohy@9|iOPBXjU#aJ5nWXt3g3(ocJl>Pze9qE|8j$WL@RT2$?6<)J|O|$FIDhf^5 z<|C_H^s8fG0O82~L_*!tvn*ZbCs{6yM7rgi+w#6?2e zAw1dR?GM@ugKzon?vY0fyIG%Hoj4L-HXH|u$K&&{%ExiE=itu6o~tLnl~>5UvED)w zz&5hI7U%QB;&`3Sj3N&&+v<|AN}x`*-AJ!lakcb*jeJfj6^`AWPEB`{&Q?2gO_IuxkYg5V7;<-ZXZ5S^j~+$wGDd z72ZEh{HL9kb42K$#F#?0NZfu-guOPQIc{;&uMjZ1N`%s}7Q2SOuiBe&q6Lfl1YR`$ z(;tTz4qlM`v2ShJEJx=$vtiS|!tgXAcos0^Y#-Hl<%7oS`A@yq4mFPSRpERcqEyA6 zL`yeiSY`c6rgwPQ|C;?)QU#G(KhjLn`B@t?6F;1Y+B&bcq5U;o-A^(2_wdkU`V36R zbJRPUEWng#vQH~s^8it5A_WigWs+doM%3#Fp0oZ#g;B7OKhgp8i6^Jh5SBg9o#_xF;vhT^sR_?j7e%>C!W;2-6pOW0&^37Y`qksGf7ryhOlG@<<8m?zoJq&bja> zkRm=_98p67^hsl0=&&nlV`;h%ojelG;+gao-r?_Dz?tPC_9OkxTAoamYm{_GGk#C(#Y(Jlw>A;3bLEv& zm#kh>a5DtQ4z&S`SBK6D!o5T+42zN|wFG7zgoywGhJo4h9vWTdo;8Yg6;5`;^u7Sa zlgE2L)7MA|jdgw>`S49>85UH9E^HFi2dz$62D#t9{eq-d24Vy2aP8O%!-j^fA16IK z7-v*Oj%XFYVcE(&elkWcIi6j-N4+?0U5KoAH3Z{EQ%oCz9@0Ah^=jParQn-GkMeK7 z`xP8@DRVBHA%>Q!-!Ddu((cm$5Y0XU43RK<1>O&Q6#hQJD%;|KNy~T-@Z~|p^!NQ5 z#?4XdjLU0g&yP7sw zZ{*+O4+NOgZUFf@(u3#O<`%C{o8u({LvL(VBv5bRH(uK!jzq8hk>1Y=3>3cM15v>J z4{T8>K_$0ccSyu~59dxRyLZ5d(jFcS6J*^sU#|0I5>F@4t10Dg+NKxU!x?dQ) z5~BHgD`U|5_pzV>c-YREKZ476A06^%y=WVYOY@7Ov(JgZGxDuZGMiwi%&A!I{)YC| zWv=}GA&U?C>8Y(HG}AN7^WbSYpJ` z!oN5t_&slaG>R{1`=-1yN_O)?*pZxu{245dJt-%Xl-lKb6)OYQbCsFx;}?TC*DE-V zNA5gKJn!Vv_)`yxU#2&*l9?9`6h7=ztSBk>nj4XyyFh2saU@DKu-?xaWa6Ov8prS5 zSeVQ`O0eBI-25CfMWJfQoa1J))gIn_3H|BV?P@&us(WnvlBsHgH_tvqREQ0QU4~;< z52+8HiMfEBtHVZYB@D&<3rPKKr=2G0Qhi9abhsxCbKY}VF$fqFSfuXlCh$Z|>JBup zUIG)6os=sHx1)*XHNG%8h&ktUui7P z88gySyIy7zCO_a0{{^d%+dZ~Ty>5_I%u_4p$w-jKEL;Y5+L z=p;u}>!Rg&V>D|)N_@IJ>XeNg?=9 zF*=JHe!$X#P2ip&X|d=O0&Hlu^K9L>roG(#{zQ&9C7~~N57nh=KFIeb8=kOPZo;#h z1Qf|Vrt3}F!*Mt@cUcanTYSi~xdFmHvLzh|%qb28qx_MdHbG$P6N1~E8(89K{0oS_ zbIk|<{UF|S(!u{+&m@GYPZY#xgp!;c=djK=_)y+xct1hDgU4S_m0cVC1p|yqqYtXM z#{nL_$ho2p_XO(IH-w5*a%NJvo(WcQ0tgu3nfu&Zt^ZR{E?Bepo*w7|BUd>gZBU0N zt25R4T_$MgsGmC#Nxp8ZpNB(smw2hxY(A|F`MA|g-#)%q>J!l9Z5O&ni6oDiW^pB* zpwI7mqAO7ujVAGXxLX3^xSlD4tll5@z8weFRUP}%tl<~#K^csW)x0<>!R7QLoxr$d zx|6ToGCASx=Gw^hVY=h%oB;*pGrRJ4Y1cAJo)EA57Crom&UGajmsLBf_d!4KdmtHs zMOU4B=VyGPvp)CVhw<7k+P6M*>OgA7Blw`tzOU5XZBDjIg_*=~MjR^qao83S^HtEl zJp8Hx!nQN6)-*Z^lhHCGo9kayT37~&Anf#umOW0w4`PF#=)~{jyUd^k-E;AwJ^9mG zLhkO>sgig<%8?<>@HVDF;(RMxX)wSW26!*iqpM`ZTjcL|WBREQS_55SZ7PJhNYIp7@1#3FDbhMpEZLB}^Q2AgH-T@nJ#^&*j9qg!~cS z#jrK0Wi` zk?a$n(74+BG#pXP(;%+`EOoy7baR=1JD}&T+`WlPvIi7P5q=5g@haPPFwo@m!R0y* zunx!SEF_CQ+Fs4b@SH?uM*e2nbJj8{TDUjzmS+$Ues^oXB2zKR@=vKh8cC@+c6hyu zZJi|YrMk!vzQ5T$;uZ6QV|2y4t}KeNGSKXZvoN1A**ZU60tbyIm+Lr+XE-L!@7LtO z+JQ-;Zat&>1#i;a!QP_$|HzEILvmKBds|MLZ#q8@HI*P94-O z{dG$wbLhvidxh58gR{hmZGjT<)L9K?SOqO-1+!0x>gkaF`Gbg${d;9YfAK))@V|kk zaiUi-@*!;CEes8y{<=!j?WUG=%Xy?cqg_%6e++p{tkv`^&8sO(&@cGp@?#k?+Vvo6 z5%k!=3~<_zwA`ZrcOlDYO~LfJYjk;Mc%Tf6?L)-cz|)g#1SHz!#cc#@5Cr>4JxR-n zWk5ft;V&uF*Ew%FK8KMpSS)?}a7U;j?wwtNtOP^F#FAJ;n5x#P=X{)QA-)p+NKiv6 zc7WX6@wI$JFP+zwrFD3C?uiiI|_cdwW za*In&E#Y3F+(?)PrtVfzOGavn(wLV|Q)K&TIuHRO|g zi@#hVARM%&<-;sB!XEjz2fN&G{wd1utb#E5EX-I}+a@Z!Z8ZGTM+x0V*QDc1j;J|> zkZHW;KrxfGW1dziOshKfR%FlFPjh_lg=bUJgZy`yuAjv^4SNA|$h|i_m#~(6Z!?jO z5aYbpHY_zv9F1@EK7FjrVYsNe2;esT4ai!hPDF96Bq#z5c2nZp$0~p;*cAJ{?nww? zKYK8HAlu=y{wg#<7mx(QK%P{d&)33ZTO#AK5ni{K!d-#$pzJZnt{bBa!u023On*Z6 zIJDqO-Rl({oYWs*#tXAb-4}}pcw;!pH!qw!%xI4q>@B=>d*^YN6g3WtCo3QU&NknB61a1|}KWOH+#hgQM%WHC$8r6o)JK z6_V)BhEi=SRJPSRhfB3~MXJtFQto&yQ;q+$OG3Q*t6(S6u{Mh#kQ&J)@zortamB_V z4*Ky z@OZ-SgMPdHw)K>S-*~-08B8N1s1y_ILt{F3bM<>}r9MTn`M8OLz<^$D^8iB{c>_cY3pKw_1X?A8a;1G?o+gO%9enp zg60=#Fi?Cjrcom?05pL9`BA9~JM`a(jio%JG3oSdre2WDNMZ04{4uC`hzI+9C{+dx z=1D2~k)+u69!rjBFYU3L&cpUH@bPNU`BMZW@EYZhD3Z9N*d3gD@NU5bBj77~eXYW} z->kP_t_hmN(KGybA+*0DJ}IGt#vzH2ewnP#BZY-q$F=a(+q|gWx%(8Q)wHK?9G1%A zz0YWCFw1rvCZCv`euHZ-`G!-^|n~-+13Ui8z{d23NAK%>rQY1QneQJ-? z7c%Owz+djubk*CI`&{niT7!Qz>C!Lfi}*FyFF&sH6$)!k8R(YscwtYN7z#h zaDnch-F=uFVnLCoTV%MvP*(N=gGqf}Ps8K;8gjjH#7W*;FWDdKP*m_!ys|vflOskA zk=EZ5?s%XU8of$)NA!{a2J&j)IlWJLpts5AF{mciS>RHixpqlAseMZeW(fuG`Dv^sfIitAr-KK|uiUw@-ap#RdNi}Sl zci(+&_cY9~hmpH?m6q{qpD;G}Ya<^3=f>nJJ*l0PDZCEJ>qa%7_w={K?{8jcjnPd( zyKS!jqAz^;t)AH#Hk}#7303XY67!zoD`_jay4OfL(JalrwgjSbBwz1osT1 zefru_>c55gJm|f%=G_TS3Ar&;{EdKq7yKy@n8QZcd>AXPI&n93g7`iz2PPiX^L3~p zo?F~4%dU@`>bZKc1jGJ=P4ClpBXk$2ANvRbiuC>n`LE=eqnzBsubDhW*Kslw#c#cw z>@;P8ExbdrHsTwYl{&Y<^?Qu2o*GJR zJhMG+R~B)=aygTr<%wK(0mk_34&BB*&#}H0(-TR!6RWIrl~PaQt4Y@>IOy}^yP2zw zNeV~7?6}sek~eW0s_5Ko9_zC&y^Z)lG2rg1Q-DzJ$J_UHr-HF)=Aiy;t52uQnW}pF z_}#b58v$R_|TJzCqCynT+X1(8MUZj<=cp`RJiTzFK7M=`sYx^9p3r_BZvUW%&X zVLSj8%C&MB>45+c8mIkppXse?>~{ni*R=I_T@)Wp;#GdZ{kHz`yt{Y3LCu;CTfJPU z57Fq4UWHcPBqGE@lc zy`mYna?UW7v>29{n(y;@5n0KyyZNj6QE~G3MHR5k^3vwyL(4Ju3TwbNkB&UR{J!>Y z36Z+l=iSr+zn#v&eZ5mAvuxzf8)>5rJ|24-5tDpU$d{>)A2mJD*XP?fsZLFJqQXH9 z0W0{$qa4V_Bf7b;FYkpV8|3+W5b z;V2jclKEZx#-tJOI48mBOa7G+q>L$J)`AkbZD-}aO87Wi%((9yBMPuIbD1adk@sFy z@vS|e%;&zl=s;%c&4DQbg;PU!-3A(jd8m;J^RNf_~e{WC;-maKxSRJZaLSCxP zEO1Ru=q9^o4o5a!|x_1u<&`8 zKMPm2t_8#BeZaMTK1jCAeSX&2T7R>0@(Sl!Kl}{xYY)xGK1RpUiYV`)P#2H)4fxq5 zshS=B)J`I%H2DCbc|}X!yGlHwdh|)aVNU(P!=ViVfIMM=UK8BMg+0;{UnGW6$z$vf z+QPIw(>UAuJ`iY+sEI++9sUQ#5*VZXM~aqI)K-t8;vOZjE!7 z7QhVFFE+RZGsev!V+dUe&6)aH$$cj5d>Vw9$w4ne0P}x@5pi8+ojk%!p|qJ-el#v^#elD$4&aW&uzq_32H0M{9}F6 zh(`lI8wnN^=$QY-Cs-1nvjg#m6>FxI^M33FOO8AZ_z8WP@gD~IGx~c#xE8JdsjWvu zi^r>%D3o+b3@d*OXcf_jm><~(2hI^x%6m2+%G+cigpZ* zz+bJ;?e&`uG;#xH(fb`h)e_Ii#pm4pDr-=G^$xntvDAJ#P1tatC$A{pN2DJKoAByC zet;8Y`AB|i-#Pj-a5Vde596C2i3`kOyyMo##p60u$~#mJdikIRtvT0=aJr#3#As42 ziBJb2C2J377V{^Whi~-3T~1H;g}&=|Oeu#-)L%1XWw+no)TsC2iR2M^2#?L_-!B^V zgz?RvZd+M1;_)^7ZbWG3F%(?PhsV=SNIcz53i#(0TL085(k zXa6)yiU2s{-DHvT?16OM6Madrrq7R??%mi;UMf%t&D48f@n7FYAq6D_DI))S=&$eL z*HGQwDK7X;c7XiR2ck?=&S}UOXHPfhAwPk%LQGHJ0JO*9Ksu${*WzM7E=wrrk=)_~ zUbq*{gii3q+)nsJqnDUtNY{M8_!=OlJz)k*^o_J^_j<1$GqAGsORDsJseUrTp94Rd zLB}-q0$E42FYNoV$GEWcgSzPUk1cM4HW>q;e(LZwQgVdm_FTWNd8gO+l3utCO-wuy z9&W^z+1(zL6NlfBjE!43(*ga7i3=;0Wfvt0_9alN=7zUeD8(wIVj}I8+36+L53RZVw>+ethX646)vn;*Y9U^K^YN-qAJnV1e9~@d&b>lq+Ls6KD z@Pa_BT2oO_ZW4D;&cyH1!B)Qe%Pux?_xRY*SR83n`Eq*-8o4q9-_J6h9sgdS=g6;` z9`t)8&rTN`E1Ga@%;=6Nl1m-Itu6E{`iM9%Uo*y4^iRrY7r&_EzSF^wn$Ahcv)YMo5RTB_-#D zCzxqof5EVP!1V0GW>`Y%atVzn$y{*6G%J6pcgz+PS z=ZHHT#SgFF1_kn|s+Qtyx{ccHFvVxS%TjY7-5d``D_dZ*5R}Ws zs#J86+Uo~6YPbeN%Sqn-K?&64)A{b%t`Xe|CW1FT%yLeP&F zSQQZC7qK~Dzsj<1eEw`3Ro1{6wtJx!MHZgfFVW?`kNagMZz@BuW_^E)aEAF#UY{Wn z(2xx5S?U9eEiOBK&%(pfLAgm`A_wtWx+vCU&m(j+(2hNs$B}e!OyQZu{FRyRUfn* z9y&wU)|quVFnJL+gfLnijB&Ofh0iWioC?z4pIY5ZK&yaXx3R)*t9aE(_K7k&LS9aY zk5P-Mn18bDebT8PfYzVKjbcs|*|<*2d;15+(cC#WpH5MGC5V;7pjo*4@r^E`Se6^= zA(HuKc4stXBdfPRJ(MoAw7mSwHQkU>#E?N|apC1&=-vamXAD9_!AqeWI1qCph<|hY zdme71$j&$m@^N{f6V8yUq*M=SroL0UeZw~T#nYn08vBW)0L5w}_g$WAVVq937(H=~ z3h!xqK3a6q7W5%)4>f};73A>IhMVV^+mDTv0kW3hL?qgghKVSXaMW_Y{g5N^1(|uM zrsjLTT&&hzN2i@cuy+>H;9-{1J%{q`h88-N1?Ij|Ysgu3x69WjT7*CKj_Us`w!$Te z$s_#@FK0*qE0rvuDim~53)Q}h$D^n7K|>k*mVb5ngauMQ=MOC<{ZLNFOC7>WpU%+3 zIqKsJ-~^FWE@Ns0imKJe^{T5|tnZJ!$0yxw9IV}HI9}AL85g1@vv6bw)8Zh*zpj5Sp0FQ%($k8`ZmSP z0nUB_)hrC16m?STQ8N1`>vNPwPsJ7%I|$JmR|RIurp4TEBHjHanr4s-H0#^he0Fqx zaEIjUX5F0wdkvc;S$FD%r0%5ly|FEEZ8H()L@*a$T^=TVFYq-(LK*V8agpo0o>A~E z^gNmB6ht!S<-xoNxf~UK8P)PfF75kDDqr-#^}o0=bUY0!Y#Nde_T&vY zgeUaV_?}O_Kz;W2H^w^K7Yc3qagR*M6>m9((I>kTCxcqgd6gheIdZL@4|hyL61qbo z>mcptho$tw_Xt&1FJTs*Hz+x@7|>^!CE5_jQE@j1lo((91KfmPmOPwfSQPA)`0Mvx zImLrT_Y14{&~Cv#u$Yu@zPuk&AaP`Ue(tMfU4BCO2$1;|eOJ0vinZ+SyQ1s2xcK99 zz9+E!#Pg>6me37Y)gK*K!6i#B=z~ZP<^wf8D$K-Ye;u+8iUoZ`zwaYn>%F9QxNu; zgZ0wS@I1-UCa_RLb0;ce3ws#sTMzRF{2~D+F-=`8!R#^{z~1 zpz?6{V@%*_FPLy3b*IARs-a_BGft0*052FTkPyDj4KT#2q<%!Oddq8riD5t9Dvq~d z`|0U~d|@3q`bDz&V0+^ro}qT}xjjg4_e{YGim1^o^esezvNFPxQeAP0CO<{wxt2!Q zjUsbi?}MaXAsOIetP{jI9K4C_&2Bs7Oh_lUFAp~R)-)-Aa$|@d+Ddw06#- zB{}k?y3`vub~9^w`4JyL7Si7MB^Vv@Kj4dUwzqI?70!K$_mm9>L}g%XoFb4buDWQr zR`f!?fa0cRe27QV>r}Nwam5l~q3sLUy`fDpg<)X1hcMd1vwB)aw|@FChC@z;`)NRA zkD{!Fr@r^uiphrywrRg>S%lqf=*|Z2jN!b4+Tw2#-ExvR*n-lWaQ!}th4Pb&I=d4* zop_3XK8|2Lya0db%)Rgc@+yR!Nh$ORNWb zIAegmqwmr83XT}G@6R8X-?pR2wbq9C01u2wLP%2_V++vA`<4w|*U-26mrC8UEaY%h z$#mqAPeOa|hth(=xyXUlG?VNorMZVVb~3zbl@n+C`!zG=_l&>fHT^Pph>NuM^+?2@ z4{Sq{BZj? zwC|0{&qr*!KZf0OeEa8T|HN*X+Xukt1$F}Pz#XI=hCP7~*U-Y3YQaO%_QeTFz$+o4 z6Wh2j-w~k^jCyB6_tkU_apV+a#5ZLd!G%5ZYI#^RZki+CLS~RZdY5ovEq^CD%WY|2 zK7-)A20vi(-P70(U!Qrt%r-ZkBl#Q3yvGvz+MGfLhT$jP!&q*sk@)vjrMJID2?b)fR#SVqI$8Xcq7F12aqlza3-`m;SV@7AEN;jJ7` z)3N%9zz>|Ad)a&+V*9xKo`ikVv-{03C|X4uDs_03$EW}gBLNNEk66V6xAly%C#2T! zw@nQoHWpS%8Z|Qjz8xi~eU{5k$L#!xg2zn@1udMwN!8Fs*r4$m&kP@q$5;wC^$;x8ydIQJ6 zxXD}fdBNIPsRw+npy$o2kIpJ@&9f#MpzFOJB*XohLxYFE2B&k9h#pm26-S^l*x$jF zX+{czyyIVQQrdigaK{JZ)F*wqVQVJ%2PG{c`~pN<@b#}y*UM}0mgH{LwW0fZ7Jk&q zHR{-ZRzc{~AJs15(`;%pUwY41v7(v$R%WXGhF{i_;Xu<9mS`+|}t{@sSedi_y7ibZ)f!_`(|?qwIJGjX1?1DB+0rdP2L`Qx`wK{ewk` zrJ5c3=Ax}RKLwW0VH?_Y?TzQ&paNI1(5&_id88kdsQ|9M2IC6wWF`jiGQkG|kcK+; z`qPC9KY|YnTZIhUcBj~Y;S~8DIv;Tkynx*@E=^xlH8;&#>O;d0qqOJVF3v^RYoLcE z{6d{fdI=`w(B@2ETK9EH%+`@+DX;h6;?7PIA6}^FVS$k>%VQ}XRV2^DEx`7GBd_o3 zt1%1-QJa`uZ3<`8JPLuWI&~8 z&WueEY+OP_B!K=f?~m3SVMp$t1_+&fxfB==rO$mvlq1!VY$dQpX+cB&k=_DT!%!)NVE_16;MbTv12AO4(*I zY53kEtFQ_8RqhZB#IfcdEwdE4d8LBwmT}s}KGRJ^k{N<4$3-s89r!xs5pB0(2X^GI z<8+mKer~Pvw`zR%823g5I3WIk6r;AM+U{#K#@Q~N5-#`S;chAR3M*~PnXL+iZX&;j z5XGq-GzvZYT)N5xlb7)<;M2<*6frl}I_!Z~hfd_50q=H|qP+_cSGk z9W(F57pI`1e#@!$cu+lZSVStTRtBxyc#dC$7p3^ecUB9akbJn$FZdIl zGel&dCk5nST;R(W@7FBj(n7YP$bI$nJ4#ijcW(M*Y#w0G3%qK@1uq&_`}y;Y2~F## ziC3AuPcuNo9_8MPz|Z|2uD^w_bDA?!7stGh5we9PAxRflAD*4ucYH|%t;)^$_4R&f z?7DIbk-b@TYIZpxGJ0m?!^j^1Hc7oZM*>)<5Co+3R02K4*k^v(ZnjnFNwn;s*jI6`aVUt#{IPKXKimRUi3Ra=$hAnaeU9Wc$Uc zA?%U>ieNh>=Aoqil>R-FLWzY-^vS!vapjPo{X5y;mW^u<9WHs$4vqh~YT46xH+T0J zrq8^&D)SV&A`e>n=NQ0QXo;OSwaDcBiE};vK=j58Pqu04R{puiEI@6@?UQ9#!l- z7v83cmHQ39yj%`2vDsHK8G;_T#UGH@dWbAc{^o*3xlgds5^x|L>3+Fx`XnCNeFsqd zid#-?3S=rIBldS_0RjI!49%|zpe^AJ?i(Wc{N}j7eNQBV9Nx<=@s*RHI-+snzHH)t zb#L%KFn{b>uzSDHRFpyYJ6j;m)vULFK}k!G@_wX$HOgJbl~STJ_w{Z|`>an4Z>aI- z&UVeAD<;>x3BJ!>1@o33%I$`wLZI(48hl!ZekCw3?6-HvVCxxfJ-2oPtg)Yv1U;g; zn-G;`&9q;X_DARE{+OCk0^GS%tgTyRu$SGmEkDbCesrKR$n%iT(OiAX?wtGi%@9|K zpE6dyFF}x8vDwRLvUs)oRbQ{l!Ie@1dic2klIYme*iOp4f7_mBL<4?x(>}+G#2c`c z{jd)j4=N|u!CzLtpBDV%z|*7Ts)eNck?vhbG`qT|o2&=gxB00=W}FQlEND~G{Z3&)i|C^0^<5(bCE2TLTNXC-}$9N_M3Xf zT-zsCw`S|*6nMjFU_0gu|Lt;P6~6RbU=FWYJgYpe~vye-WbG@ ztUM9ezW#`mpr4t-)YXdW#ddoJO{6~`Fw zHB}oN6P|Ih%un21z~dF3OYBBgga{t{O?rM$3Ve4!>CIGm;*SXvIX$PoDyqLQ$7?XX zFDSh_S_OIf`twjjocHg55%~(;nAp<|qq|@*G4{ok>8W_x_n&jMIpQ0Ei6T4BBpnvE zRN-FE&Q~8c1H)JmYNEV4wHp$3#m8dU=}VoTM}+_I!>c}fPK;aj^NH>(g~f(leTPz2 zeaexB2%Ee-&ar>&i9EgBUhva9M6hq%oPE`5Qn(F0m#4P#Pc1=c7P^0CXEEIVI4`VaDF z{pJ`{030RW?Bh{Wo%dx?yh?%#-tr7@Gdu;EQ_I*ewNZOCfc1BFK@6Mxkw5VR5zy0w znesx;cxVku7gl6si`H*S|LU(d5m>}^c*zsqVWYE@yE*ggh5nHSh%rp}_3d~|yEp&H z`a27Ybi44eIv-0z9V?7T_+zM>L9JXh3XOXPOjvoRKuu>lwRFY))4s7x$CdR%XL zaSDr71m|xfgdTyl>yAw)Gfa2H5AN( ztd=imxri8D>(?%6#&?$>On-7Xm~AH?(gg%`!p|Z^JID)o7%?=M{$){5h!eWHdrPoW zM`Ga_jt}ry`>;34sGA~rFu^q`62qUrJ8DRNlvH3c2BBA@FYQSBTHsCqoX4k3f%ZPw(wZX3!kXNOzEtjAENkykA=r7@?sH4 z@A_a~ac71!S}G0Xp~2E9_>~NCYE+3=9$n@f&&d;Hp{pGdNWq#LPgAR@m$!+%M0p&iLC+3x94eE5N?l(%@D}|wK>g@+ z%_gtBKEdZ;zu*pC9UT8KvyO6pE!aC?9u;1Gu+;24ifv;E#-o}}{Dlw5%=Z` zYXIgJT)tn_J)s7x%jNe}t&_)Gt74C;Ph>4><+&%mVN?|mu>sWy(s+l$*ZDAoX5jK^ zip}(&50bXT#D4LP@@vIPjipG2_~CEDY|5SYY(N-9&niIavX148x+ zZj=5#B4TSQ_O(&IqSH`Ve)r=18Rzc%fTHHIZ>MG{QKO!^CDikR`d5#47=`SzHb|{I z!PV(rO55u%GO>hD{)cBQFDRegE;`jytoXL>b?P4XQJ~%R*HK$J_`HcKs9o!qfG9o zCx!j8Q(>A1=U0ZzBF#*Bkv3Mh5*YltHZ2Bt3^kD_upAVPm3+68zr@F(?j_rf zD^P7yCxR+}DQ?om+%KWiAY-F}E@^?_QSH`vngzcq4= zFRJBnmRMla&K`d-OPtW1z9{F^{sZwPQQ67_62*dM^02+Vv*IWcReHhtE7%Pmzrw`A_1&|s_+@i!T|GiUFwH@zIuoDcYN;w0p3Ec2dff#x4DN?l%^PRj%EL( zr`Z*x&Byzq8wvZhN8EyAT32%&AKKM=EI3Ez%|ZJXj{eezzn)9{a}Z&b0UsCi8yY7z z_m97AydK_$ZFbtB{sWvg?Awg@A2VdJTGRooNPpxac7yu@it_NgAO5YP&>7)?^#j3i zQ=X3n2Ol#=`)LtOl`*ynWXl8uu!HSRTL6C#XP<@VfN`P-R3@l4|9YQn&y$5YM zJJR2}Vcv^av={36T-kwFl^NNXSt$8aD;Pi8;$gHOPrn7VJlAt0gw;N%gl!dw{R@eE z9Orj>Vtf4FS0toN&*&FIGf|4GN(KuVclxXb7kyWU7X_>!aJ%G zBu+UxT3?3Dy2z#CvHHlX@;*Xt{9Cn!v(S~wvuwzWzhCiA=C%j7U$w zNBXIcUk6s9o5#1sv0Ab_?%ye+u`M>L@$UzJruPO?t5$@Jq&po7FY3Yf`0|wpKXWoe zcN|`FIPNHEx!J9A&Bw5^YF(JxKrIo+d z`&b~rK6U~a2Ifo^YEo$n7fw&|)59#&>EOZem*hHZno-rq;~pN)CihxdxjCZ8UL%d; z9m8A*WL{Se6HX#IJ`gffR)Nr)Bs*&VeEUZ&_cLK)O=azS#X=1b;Ai|RQ0#->eod2` z`FOSfHepcc!12Z^WZo!f!j4K<6gr%tnqW-%)2#@BUM=lGmN&-6>fX(Rgl!|3LiE!T zrGB}pozn_uuRFK<)(v4AU^B^!EO@%yL%;Eiw)P&WyR4zx^~D~a)67O?+_vYbb9^N= z;hsWW>aX=a^~%ds@7vJt@FSUz$15r;-tADn3LBkYFZ*gi zJrz#jgE&ozaO%B_Djkmdg=XCqROgS>e90A(KMw(axi1B9+YdE)VV8@tT6t~->iUhT zB!#hk`^)qR#zbV-|ISV12Py)9asMq02_FsJ*>M=Ly+}V6Ogwhyq}1XO_dOt^J;Xx& z$)c2F{JbUE7QFeGtl-N4!Iv-=v09Adz8pCWxND^ji7t3umsvLKmU+CzTNNvjKb+C@ zrMYIfBsUa)&ii#Vo7o)t`o0dp3Q?Sc%e?(5#pd7giK4cGN@zl>4JHlW()0&k^%Ot@YKK>~`i( z1bXKg{OdFMpM~^Pd|z-4xrKN=@K7d`|O{H^~{Iw{_F_ROTHb)>mL8!ns$W@ z(AUIN79-A9n>SH4%y2|}M*jl#EmPy~MK2q9jIs;ow3)r9MRt2^c|CqWQ&Zpq?0Kkt zeXIkLxwxN=e!9TbsfKFR^ixB)e_y+G`2iCmqquM5>mF~l%2(S@I@2ye|3HsCv6Uz5 z^1aQ1(Gy_giCGM@i|oeM1Aje;dYXkd6QI~V>zuq0WRs19K^yQHBB}H^Tq*rDChA$_ zn`?8vzF%+uhj(g)Dm|XXZta1A{PqYcdq|Ov@h8b`PWHwOQH&MB`Q5?0+_-M7-h@}Y z_qW!eQruTj0@Ze2byTI>?D*k`r4LKpEf7Eu?{aM3bQb$!jSu?W<8(ZBPGB6KK9`GKJGK1 zrup|xhw0nU?{zaN(WHC(MiIqC(6rm$3vCq(8&es!`j0q?X5Z=^sC- zs3I=52kO1JU3>^0$$cLPE9qS}kpWnaz;n4W>-dg61}8(TR#3~&P_ZSCRew}vPay#O zwbjK`URBcG69$gg8glX?k5O?sp6e$bmdpJQHj}-x9`nIv0vNl@yU0_JUkWlgsNZ zb;&g@CwQZXHq+~D1X>rM)ALpY6H1^88Mlc+0ng>0Y zeBw543T5S@l{1_tHtq43AA*Th%+kz_5GtKB7hZ4AUi!}V3M0)AJIdU9+m6B?9(q4R zlGUR_ZVV^c{O(!S>m__6xlTFNM{6&qjw`=8rDgVlyteGh^FiOiLm&}6y~sWH#sWra z@)LXx$08bFoleX!anPac69oJ7An*q2;=-21KGkEC2tb(z+552PT4W@adA+jojVY3-EYZ zatQ9~9->eceWRT8+rhdoOtK4V6nPfUY4zRiKxVdK$g(1yH@O0B`=acbe|p~2JUWw* zRVO5ya>P<&UtjHesMb&to=;GcU8#Y;)+QBj#1O3Tf@$80Qu6%Eck1iAn|T@AIys9> z+v~K-lk`#K&JgE!^fXyTB*Bm^?8D^LD!UF-uFQ0_!s$|FR#oU}6W_rC^-5dygMk7h zGU>NtEIU6SGd)KNJM1^Q59SI_)b0l_(H%7ZRR@g~PR^r#KdI*OHgCcA&BJAF3m@Gr zYq@fJPwa`12yF_eCtrB(%2tlx!9?DF!QC`v#ag)`heNzC_xcCxa1z$0ZBhq^LsC6Y zkp$Oe{8Zn{YY12**3rBk;4D7F=A#T$d@x!lZ1IL^3LF-{e?%e*vgR!u82P1Uj^PUg zLrvY4g{UIN3d`S})ehoS95L0{IlLjh&lolnqPVFks;kO>jd8sN7Cr?$f zA-`k(b?aBV2NA!&R5J_+Iq8sPhC8h|^eh*@EGy5NoZt85@9M*D3?0X3<-6G}yHSVS zM$^hS!!G~Mpo647pWBkSRM0L~PiF2;h7z8B}PA`K63Q+2_pR*J=HMt6I@0xMypYVM+<7!*$D| zv2LD&XC=O<`Qw+dfYQl>llr>1dfyWgn2h%2Rtdy!j^HNOzH)v4Y0I!w9VVC)@4YT( z_5>aFY>8O%_}(;N3Oo}fWe)Cg4R4)3lUZAZaQ*?Sfod!n1|Rz*?5taCj$|x+_=RZ_ zG^@doNO}4RfM-{-<_M&#xNxxPdt_0yseMN8K9cvw>nF+oB-`a0-we8fL3Kmi1HT0` zWxbpri@P9~Ap~5Dc}u7-kURBb zacPtTYaLocRR&=6ZZ9fJ@zmPEYYG*C2J&hmNN>{@X0229 zR@r`!h}>(;SCX7Kd&Fx%HKD_XayYd=DAM*ICF~iJwj*R{sg}^b&*A|i5`~%e{ZYNV zIO5b@w;i}E&nK@AVM=#?D2BFA$0zrP-FnsTi?{lHF<32NAN?1_+NWT6mY*xEZyJ)H za=1(nXKTgWFCe56YH{Qpzj$lSk^kJiRI$*ahxU!{vLR|Y@tU&?r^@jUZ28oZ7B;Sm z{u9%ty$BRnjEm$6_9SZBbA08n*ZT!&!|+}LX-FU<#C$V-^{(5p9vOHt@xgbaFCzWi z{8y=l*%!^G706h0QgeIch0ntuEjvP+b|H#<_nDf~@|_SSpfc@V-yt6-59cH9iC=0% zv+XTNeJ-!>lv1@&*lPhKTZvp^cg>|d%-S3CMe&K)=6#n) z{6iOu3b=r+|8ty+UcEjFS9hpK_p?P^GQ?F;`yQlkdW8p?OqSnImX-o|# z26^mmlXL%m6_FWvnHI) z`rD4g-8L0|_3%kJQDX37ndaUEJV-BStot6cW<2wxLQaF||JE$gDlm1n$5dWz(C==D zy7o0sUDRv5?7a!XX?%n4LcZKTgBg_KPIVz4Fpmkxw>kO9q2{yXHn4|TPJ3Pi4~+IZ zpJ-!m-AGkZoy=;PU#No5nTs(Rdln5w1-Zj^v(gUly)SC^3q zf%jbJV8cC*xH57i<~-p}c35%{nO}_Sl$r2dFiBs$&;na#Vw;?)TX(lQl+%Rmaq!}& zg@6rWUQOJ8#m{jxCafS5&z3Ovvzrw_gVBAL?7?GA11}8K2Sp)2pWF8QFHnIcj z=AwU70^nEdvD+AJ!&f4?&1qDJ=c@Gf8#`XVKGg0t)`j{vN8P-~sm@k<-RZJa`g-g; zItmbg`1nq#UST|+3JI8*{$B4JpIb|4TKDc1Ie=~el7%OS$YYi;3EVRYhP5j7O&ML` zL4SS56vId3P`03bqpGqc^GEiybTTu0@Csm`ZeUA6?>Idb-(y{v5sGXzWh&5KU@~qyyWj`JF_tn}9(rg( zk>JX3W4U5`fWA`6%I!yPeE?#b0Fk^xd;&t(qYgyaPB01IjOpJ0KEB5Q|2JT%HFZE^n?u(Cgo_(XMP$^RP zEA~~pO(|iIN!2F>xQr+7_u<|t)TWbjmMTKJt1litod1z@U0aGOQS_HY zqK}{?0g<36Z)BC6!`IKIXRW?Ln?@{(suOmI+K0VyAr}JY!Z;_O*?ia%KyvJ%ly6m& z;eaSxOgl*~z@&yBWg=XgW#%W`L=ImZdSdY->YUqzU2lKz1Gj!pu`|TCXy0RR6ujA@ zu#t-o1kBh9LOA3YT7U4<1^SD2oBItxb;*1`grPchuPyvC3ASWF1HSXC`c5|ST&i|b zzUIWBtgSxL$w52EKAJi68yvXJq1rIR3gHReAEWMcA}8Y`)O4O9MLhrf+qL#m6jZV= z<{95z;j{51nCAQz&c|8weV!q>{TX#pb8A%RoKhQ7iCN-JqR>UO=sgdEYx-b=NC=Oq)t6_M3ftsJPyNBvb7PNNr1OD& zhFLj2=aV@@2t{jryK%crD2WF#><_9B@t-4WM{N3B;Bk+Ki7+6p9|qHx8-B)p#b=jq zce%N7yB9V+O22^;aenp<2;OVqP&UjvJ7%yERZ9FV4);J;-&TpUOS!-oJ(+~5v^R18 z>sWpr0=Z$pT+(|*efZ@)0`lYykwOuk>G1#u2{q0``}LP8=F!bQ<=0xWwc@P&(4D8T zUZEl24jLJuP7K14hrR)VUJXF1LSr;`F_^GYw|Bjd+D6QbPxyz!3cI&9!Ks zV$pm)l2$kna9Ji=rur#;x!VKb)^rj5402oN{s?0&=Zk8iR4L4?zCTdYZL;G&s(E7H z64grD`qPSgvNwdvm!^!*q6CfO)#4(o!qOeizi;$;pEPiTPt3Qyze9*89?ft&jQr%j z6AzNXTUE>7RtaHQO#&9n-XNvwod$;Dtvh`dFYfIQ|1gi!$P@kejgZ?R z0i|Su%{vaMiA(TVcs$?(J4Z%K3DWGo<#0%r| z`FTW_VBg*y3356N;YNEPb$);1l>yQ{*|#eSQlvP#w(_K2wCutT1+?*W(Q(1I|4GNG zh0HZ1Aku)}j+evrOuahGVL<#&<4oJHxh5@LVPbo`oJW)@(t;^aQ!_So-@E3`P}XnX zQ}*`&Gi;;f%GdX7?2CmQlrg%Yyd$fDWPgX&0h+?igWsFy<4byvET)vLmfBuioXm@I z1_EI-P+|OCVP*0>HKEnQS0wy4RBK7`6D#y7g!Pa{)r~ZXt>D~!6k{_F^Wh6Wi73p8)4R`(vdbs9;F>Dx9yj~* zaN|=KQb*OE8%URk52HWy>zo!@Pd6*5e&7A? zd-{##P_bRd!dWcWpNrhj^YRg=cn|;oeuO<)IM~*{Q*fI7c^rB2rM4$z6<)UVrNbPY zC$=bQv8O0A09AT(bpE}swQ{;NNGbp!Co@pTm#%vq2XD~IWV&Tn9e*-V^q0MUpbDRU z$mXpMBRVeSX@3F^a&@+0YKEi6l>sL${$!`-LY~4voZ(A0lG>c{AT&!z1*2E+d)`*8 z^a6L5f2H|4bvV_%D%e%k?huK&z>&w$JY=mOM_~6*w=5pPuV<{x|2d7LdgmyZ>q~|F z!PDu0Ky1;(#naD;V;qfs44Fhnu zw8JMi3s_nlgTH=fwf=4ct737Iyg%LP*ZUbx4WPR0HHP+b49%Y)CJYf_KM4RiKIWI8&iOud$o&?a@DFTvCiH6m z76!cEWaN+#?@VI^>FM`mTPTML(r|SBf|Ant#p3bqG+%c=Si)cp^1;U*H7f^>eeJp7 zmc9*iS*D9VZavfSXK~%ExUm7wdVMdDaLZZwwo+-p-oWC=;`^C9OF6aV(En_;%`p~~}PiG)|UonB58 z0%A?w2JUnYd6KU8nXR%T$Vl>^Rn7bkwaZ<*f3G024Dv6t+$&d}nD9<LUIA z0c`Mtq#GJF8iPdcHEUdV=l$zG`mV`~em{K5Yc#`k@3u$~$to(c8egcu@zHgG6LJ@* z=Y@E659I|_{PAmcF$}z`X|i~m{)z%4TcYuS8Gw46`iZ(d&%q>5vb}o|08e>fYe*ne?f6s!>O8&Y?Et6T!fW*!Kyl`S?ppKs~kQs{3$_ukQrV z{Qhc#SajKjbACDJMq$?bNT^RoTlhLIE=O-Q!f#OEuKIMRQ+64lq~%+C`r%;)6)xRJ> zDq=mE=i{{pWQwGzNbelRsE{5B?miu*s{_Vn`cxu5uYX|Nw<9edy!lTZYM?_R_-5cj zKge0V!yXmBW=Z0HFv7rFhCJNj*iUmq1(ccr^sS}_BFR0Pe4ddZ&L>6Uh0nba&Q^B9 zdemVK3HHOi9swf@QnLbBt}}txs58 zA*`o|yrrV+vL5}|f=!}0KF1)uD-=Rl!Km(%+!k7ncDd|ME^@sE(Cv;=uFQgku(KaE zRKtx2;B`|n#yNrkp|fth_^eJA`{n@uCjm`>y8NBeB$N##(7dfb8uD~@vUB1;221>* zHJHFH?o~rNUY(BT$0_>(HmbeHR5T^_+xStPI?1p99m{vt%6<@Qv`b6fbIyr7E9>`Y zo)NSP;y!nT--#HjBc0{^fOte$(+2@~C?|l%dCzs(ldZFLt2Xh-gii(%SZ*rA+v37I zaqqv0#n_k3W$x~k_EAUoHhk%$6FDc7Vb?R+V7v3&GhT{peFco65x-7~Dmjzus2Df4|>|9)r$$z$B-BI=Ghy0472E(qyTJXJ5=`zruyWk6%_K8Mc(E z)2AP5#P@Az?!@y=>KXAZ<=Y*NKm{k3jCb6f#8TJlLlDV)bvq9W(MDy(1FgN`vn7*f z^M~1+keB#+MXj#C_@tb`FL-Py3j05S=>er>WD>{5au??#)8!%mE496XC#{AUPrvE` zzg>hM5O_O-KYI?d?ah}UBnqNQS=B)Lv1)ryq^ieyA#|dA*YLmr)E5Dq8j&ShY}qP%<0oPHs^$X&@@#BlKPXEj% z1pz&lD@d$}2&2Y}h~IwxD+>Cn;YTWm#iGt_HS|2#pSp#{4Tl*Fs;zYeanZAd;D1Nbg zPUWqdVPOevG8h!m*u`9ZD8-jzgId9+K)2PYtz6g$Vh1X4U(wTRNCoP*kg8IOH}egF z>2$m|#BlayKeiOQd7TY}UDDLlSs6J5wdp!&ym@nH4p%C^K$MGF-xp0h?0cJZYfjSA z@H|Iwsle2BL4e|OF3bD5^}_Pjkn;@%^oXNo=4gG8&kM`@P(uZG?0>$W4h|-)VBDaGMyr*;d%)`q6dN=en8?96+dIpYKG>SJF?2Kq+O zs!5+t#c&9=T77ANC!u z4#ym1@3w@7$4mp7+d;08 zMrdqlw12JZQy3FL2ku6jY3^^+QgrTc`%DH&z4I0dMq+)X16y=ocTjI5{Gkb5JqhuTr_D21>*5-4gPyE zLn<2gO<}Jo9FNfU%g)Zxxi-h(ijF&4v@bv}Gv)YwJf`pX(U_7qG&+h7Zz30$^zasc zS=urvbKVNjfu7G-8xEFmzKPeW*lWh#&j9;nB=^NmS<1+U=FuyQGuuNgkfA}Xs9HR9 z?d|b26*`vOla;YazTPDH!iyY4oWSkbD*=o9)}ZiGB%_*amAB9mL+tBbu3X}?(zT_( zeg{Cu!TuuJZ{=4M%n7+e8!S?$@^?iOl7j7Yrs)Gcbl#?OOoHxPIIXr9Wo#R^rmbuY z&G5v_z3zwYJJz*9TG-t zEqssjAm&OFfWe^cAQ5S}TVN4#rwMKt^2pyrn|XKLb=S<7dQbTLfQAT#UuAb{lV<>< zcVe%Gg1_Rl*8=~Reo;E5vK{Z6J8{vD@DFP2882XVeL}N3u9*31Yy^yE>U|)@5K`+u z)ZUM^036s+_fEv~bOm(}h8QgBG3Hh^1bJ9KLEWz2PN)f*^lrqH)qOZL+^8zuJ+I?eFp2ey6ucsOz9$bF z>sZRnGN6KFA(B0mKz1SA`s4oP;`6l`j=zlMiD`j#C8WdVM_4D$!t37?EZY#t!GMGW zKf6;@n6Y28R5(Me?Q(aSOJ+M!od-DcTO; zQjQaPd8x2tfLBpNwelm@hi-057-H``q8SiZ$TuM80kZSTz}h{AUAPfGOk>}&R&5Dx z{j)MZ;!6@D2j^aT6tH%*SlPpyz+=CD~SE zI4t#DhO=htWA}hAZx%&R0EDq-Qn_*D_R2_s_I>R4G}x9`KSuMDtNr08E0xjy zXiZweDNdX{!Y#_q()C3;zvJN3uWMC<1#~D?NGh^0e?ROa^u|BTNiW>h_FW z+;FP;9x_8!`rV3K%4*Oa4#cAd(Kf@K-`8RIX&3b%!tnRL#;oN!zs)buUt{|;8tWlF zg808L_I&|P(cO^%oI+$LjI6RmZ_2-X!Wmy|PaD~q zekSMwo*wY7JYOiN6TPJ>+4qH?ULVI43Z6HE=qgXEssQ3G$5Rz=JV9u;H%tBm6Ho5L z(jVAV#~HTD#yx`NNSl3IC;S2fYw(dv9Rp4Jsa948Z*&p1Ob*mhgy0mRSbe>LkW`nD z%;<}93wLgskY8RP0CMs#c%DjAC`(9zO9k{AIta%pjyr4*W3rcJNy$M^y?th0;NVaP zSa1N~F8{QW1enDg9$DkA#9#A-CqF6CqTYf6$>V)IeFYdvp6&cdgPF3yWDM=zv^J{s z3LhmNCc+^csf+iO64_7u%=H`wV}n|L(=|_=F`NcT2ir|NS6LWK7F6QN_Kqx{E z&MKLRG$rmg-xoB#os|zW`*EE6Al{sudk3GwfjH#kgzNddsQoLP5LL=DcY-E3LGfaY zv7jW^Em*k5t|Vc|aMivr75V|E;&mIj^L0U>chc?LQKE+JMTf5I;yU0n*F)B<6Y%=% zmA(ZZC;FCplf9*SAKh$}o>Cr7(bc!kF)%373f{UHM>VUIdAB0tLUZXJS0rD`ie}Q;sNuxUSMAZYmy6Xpq-t!k z&XHqM^B7Laes(CR=Lo-~>P_96*M&pS{Yt?^g%Jtf#n1D4j}PrwWY_8Vl`G0viSKRD z&QDcQa(b^52OdIJ4E~$oNH+kQ$CTLm91PnIT*T5?0@w9QtzNyXOG;`$w?u6#QUdujMlUbGN zi%L^7Jc0N(oM)3dI%S?RyR$OVXK8NR%b>E{ZSQ$98<{skF} zKP7eFsRNzt+G)dBI*1- zpEYIK9}PME`xkoKIrekqn@d;7Ej%6cB@PIaB)F4jPaJUNCi4jh8Fc5h>=eQ2nZxE- zuDUd>aG>iC{Ntjk{hUIX>}M&3eukMu#CF_)Jz`bkg0j`AEBZPbdkj__BqQ~bG$7AxR z&wzuraEc!4x-q|OBA)t%+o1D+#g3Tt%8W|~hrq_pg^V#{fLwhczlY=;Jz)%y3MTpE zsdMb^nh!#1UxgRSq4)3F^#u%RKdwbD_=UmcLI1Y4WVad-R8c`&1Jc%42X?lMv3%Zg zy7&nJeMR#!wF)!JFD~ORj6{ZcaeWrAqs+G8`Qb{u&vd$<2l(m~_V%EE7wmM>WSP=8 zPaY;)!u0he?F%7(WSc(-V=>Y#h@&T=|D-{1F=;9SKG=Db^8Q4GvD$PxmltobD*X2P z7Y5X%55ZQP_@r$pW5aRWX?#VBu!-#}+5Q^Db^2Bx~(=R8K-fVhxnK=Br$YF@k5h zWygvDJ>IfPfA*O^Pm#-ym%4VAR7#2QyamA!Luv&z)9Lr8P151gz`p9kvg4TSVt!jf zQU5R=Pp$Tz0+1P?7JNhRa3k{GK5+Z-Y)MASBtI?rm8w$HRM=q8PkjvM_^j5tNL`0I z=t`rzRJxzbg;`EtBR`^KA3XWbdJd2I`=RA`qZ9RVLUB%Ff<)v#f8LbG7dl#`KY&If zE~Fx&n2fp?$o$;NDGx&bSUjr%^AUE85rK;tY`>Fql_RH8q@X*9w;Cde+`G(0cDKCO zbD;%&ocHeyzcL^RWR%NltR}jrxln=C&59|VVpVwXDU1w{>%MZzI5t|lul3h7f5cGk zq&x7tY93u!vGF$smZmt43{HTWWvtsyK@1Jfe!Cr*pMSm@Hr8-NlBYobzoW2-^D*QSLMLh(N zQdCElNNcVwBdC1|4(*!OyhqdfgLCo06+|R$56NJ@KCM@^%QT3T(cGneg;||t&>x7y za`N5P{N~j%8}ooOhBQKX44}W`P-WA7%rqZasq_tL_ugGp6CClaj@Gn|M7tklTn4=2 zK1-DE6VPp`|I8?5)@8(&U4MrCRHLkb$M4sKg&P0H4`dx)z-S?7;L^`o&R(zjJf6YB z64O2FOuJ8KofdeROt9?(?lPch`s_2A-K9fI6K1_78S6v+d*rFiZvnWkQ2K5uQZ4D< zue!b1+w}q?PG6=Cm>=zHn23r$3qz_pJn7jdI0kZA9?7MR-sc`bxaON4;DCIvr&@}i zRw!a3(lcQ&hl3si@z>5rt+u=rkMHU#z0O6%ZB3xmJ@gyN+WK7Q5aYix1{s~hs7wgxvyBt49X z?fdi{hS@ z`O#D(`5x%3#6gE*TGn^2I`H^D;h6oo$Iq#Qs~~4fAjpeMULm`d+|M|L<1rlAJ(Byx zzlBWH`Q2ncj>dv0X~7!NZ!bFIGy-!=-ShWgchQ&rrZmhB1+#@5^(bztegv8#xCkl{h~Kl?^@0~z0#hst@b*7?s9m;0Ut zz1>p^m>fhnzbkYwIc7Ycqk2#O`WQ-E<#o=%2-&y9Riqz9 z2pRCLcyNXdxMnq#i@;Lp6K9nSn0POH=SPHGP250axou4+c8GpBjy@G2-vV*jLI1g#i1v-!}zdJ>mX!D-q!t z)MbvyE+aO$9Y4^!IzmbB2+TqDW+!7g!LGJB^@6g4d9mIJB@tg?>-66xfuNP z!#`ujiVvnZ=xH&emU<{PX$SzU7AuD90W9lJr;+6dr6JF7pv?; ztUIX=+@e1*I`b(kc#s|E@xmjQ|0EmFKsx~1X1L<&dWH&qvqkaE)L5O-`tzf@$ReMg z(%L3*eK~+Du|G2SF!{$A%^Xu=kbZY z)%ti}$Y=0sqHeCT@l$G_e0>ory`ZxmqO+4u$3FP-=964?@=SQAam0Cr=%UW*rz?nA zu$EM?fj2q0cvQiKNk3g`i?)Y4I4dN~a93AY`z=k0L4gm+t{5aFCy2AU9Vn8aJr3jx z&f-0k%JKI^<^Ni?p;VUqQz3OEhJ~4z)5-SA3%FhWAj0aN*+1*iWuDkGo~FD#=;DyM zOoOLnPIo20A?%BkiUKaa?O*rrnF_Bb)L`~IUl~xbxX5`1w|nY4aXRQx2l7rAMaLfY zqN21vd$;}v9k?(1Wlp!7KrYXkng*S00OY_CxiUA`Hk>$E|+7A>U$+LRvwwPF%FuD0>ESb5GMMI-|SCdgd@rn*;FvMayYTdF}jRL4G z9%t;>_dVpH(An8gaHJL(cE@Gx@>k|VO*v*m`yC6DNcpkq+NuBDn^*icVg~%WUkHr) zb<6sGGQ%LZU(?jw$MKJeh7Df$3G($}4)xu}rSrSLxg>U~J{WlgVdHsmCn%oWl7xH< z1%5|e1co~wwy}&%sBR@Lzbyyt9a16diWGYS!Tsp6>qnz6zbF>je(CSR9=MIq!$47J z4X$bFT*t;=i3r#&LGAd1lHP7~re_;`dLM^W|H+o>7!C&_3L~}EhjMPagFD=Fj-*Oa&sLRE-`>|3K1*UGY#D4_i!`^I zzo?3e1^55nK)fJd@5A>4;%QW$0~Fw7_r!i-i6B7JF@qtA$!Cdoem*AJZKDAnb_0B1 z-)6WYz=mzyzxAhVgy5{M?+7Y~$HZfwAmx9x>lH+OjDOz!j58S7_#63hA0uFC-xwI_ zejrXf2%+ZW^tZd84@WqNz!}EvDa6*=@pagjdnsJ(NBANVVQQ)$+qYdgEu~yJTQQ%G zHfTPOYN3iJt=^!|+pqF{Zf9)S*cb)o{t(!?frp6K(TB@R-q%q`Eheu0qPi|;pxHy> zE%gk!GJ*V+5fvDRbY4!6V<#D_FDduM6`)^%^99iXh{_~@pKXz;i{>LZ5pIV#KinHJ z<$=faSs}>9mVi2FQ9)7;j5$!ZChqUy_*K0=2T!J%U%_4q2)Q)nwz%kw#&GvW&%P`O zpem>*C;~Lk*GCRB*JT_ZhS=8+CQhfZzw}`35bS zg*{hfGB8yvQX_e-XSZ5S4$x!n#J=w!-XX>)=ARC`u8 zCwum20fZqG+AqI-V+C|6?uMUYSel{#_|D7zC`0@{0u6+!FRyTyLo|@G64m^vBc}Sq zme{!Y>S=*7ohLJfi6@lBthD)+-=_fD@PnTq8!yfj$7jzp+%6Y};vm=QoCydXD_{2W zZu(X|1W9@8Fr5hUN3Kv|o%rXGU)O>cq}$nkU4e>mm1nV`M`!`wLTWMmyl~OR%U!C1 zLMcJ;mGiwb_suw0xgU^g)7N6X2Vru3(L19rCVFcVV$w5obf1s`1cUBYa9xi510ZPW z8RD7`J!L;f!#cwG=)&!je62_}(?Y}m(rDVPRyO{mCR2mga{Zx@jvYFqZ?P6iE6D}p z7i76mICtM&s%?L;?lGjERSULhcx~p+;o4*>S+<+l+BSK*zBcaC7BFf4VCNpWhMurn zeM3F(-PG9=*A^$)+PW+U`yStzzlRmJeglmaPyAL%$S2IZfUE}h*U5eajpPI;c<`pp zP=3DB>rtd{NKnAfgO<59jm5n5!^bsxvXG}}!mqFhm;LeMtz;xsy|{k2=ItHzZ?S&O z<*vMd=cewZWU76--8V)yT`bH(D!2V}eT0|Wv)#hNe=++SG=b{Bwg)LW@@nzipY{+i z@BUThFDM^*OO2$749PQ9@cS4(l)?A&4|5EUcqy3Q>J-mwSRSODp}ijBrgeY)ftB!s zBt?-xD+@*eAj(J$BnS4j&I)ytoIyo=$D)!h5a)v-z&_M0IQwl|2>x$o$&Y|66mN?0 z0a9tyFL2#E$@Wu*w#|MleJ%AIXY-Y|o&qnczx)c$<@5Q5gBPAcY58^tfrXW876k&s z@Vr*aa=z&LZ~0j@TPAmuq_pa6KoX4E*Y&jDg!#>zNzRJN`Y!61(^nMuX>a>d{WQ1? zEk`Pk2`azrYYv&8_FM3Gzh@cV1Wy@dHX%{LIo}E~H^bzGJ`04pK&vOj5AVC`XpGum zru!F2%TD2BW*O~~-lQS(lm~NxyvUM>E8$YWv3>7Pix0-vQAd7C-SsZ!p$XKc`=`+K zDY`-)=A{H4G^P28?vmxQM)mz$#Mlo6n`g_(07HEEkg*Uj`fK0%>^DNleW-u*2tm3K zfLfE8xX{B$LTAN1TWU+co-aY?VX?Qz+x+1Hb|sX9Q?aE>^v%G7g=dVJ>dKK@i?(M; zjDU22G62L-oci9rLbN1j9fe&-wuJk#jY{ zAMr<6Y92xwY_$dP`9#mtNlGx7&LZDD9m|#=dgFP^%s#iz5G0MAY?~yWvz~_bOLM|E z0D~3(1^`HVh2XG{$M-4x>x7i2`{U^D`{eXdSaXh&;C13Tkml=!+joWihNeIcOdcG{ zzguER7hLAL&-b$;M^Da%fR+I__cklUZYj+EkEzEsGnTv3DaMWN0HC)1gz|nqOas`b z>`e^YiT79#Ppw!mO*nCP*hM~1k2GjBfN}Xd>ft=Z^R_X45{@n7HeeK8+$Nu zgH1b&VoAeda&+e7_tmjc%HDkR-%bmunWOYz#&GBM2;8p14TvxAlCe`?|((FNfgn=1{Zd(>u%?Fi2pE(pQLAKZ>fBKu1OCjiSc^|R(ufU)II%}@;z)%t%|Ta2-+zs zb)3E~%oi)cM7lR?|DGNo~)@>p*Q5z!)rx*!`1S9ecn}AKS8hUgq2?K z09Dqf+ylYmb1ys5ZG`^llcy6!EgMSlzc7{P!r0U4Tzbsuer=Mvt`6n;4RbRW(0mRQ z+-)-g=<##zy}&rrt?+rCGcBlrykX8rxpqOQp<$R7B!`YCH^XRu)jY{DFSX zl(}vnaeVp1PAzP((mO(CK4)AG+PFzKm(}<#Y3DpYe){7zolkS0_CNYEVW0(Crqd{{ z#_lvd0Km}h+kUFU6)Hg1ZYUJ&WBsM?!>wtAeVBt*qfLd6ZlBweZawpv#MjVJcpE!o zAMJ5%zklz{z!cbIBF?Jq`6I@-zj_)#fI2QR$TO};3=!*MG5 zk$ii-GxTL1O#EiE*i&AxzGd;-`B~C?c)&r}Ti4>pr1-!L+*X;>ndefTFRR*Bg#Nnd zp&;Ggj(S+j(1OL9#j2PkQubZm)t=f(sR^I1lr`b^ce%rta#hF@ftuu5yM%)L?rE+} zmVFYgS<|?u2j|$qW&F(V8#{hqj4{87!VBKWaFYuh>+R+mngs^}D;V0*?GTYvsg(Am z)0*=>KcC)^!tzL~QVxlYa59cR8$Fceu*9$Dz9ASChnY)z?x%ttgLTr+_HAYLWJBi& zzcxeYLU`r=)KeZ9HK*J8c7&wPzB0Z?RTgx(DjqJ1JWCi5_V*cS$3Bp+#8f-?z%uM${+QDTXbe9V zwSo9bd-WCFu<;63hJ8Qil)f?4hr8D>smhfCHe)}sJ`(8>HTW16n(Ho-EveEm8ON%) z5q+EA^i3t?<8AJg!qC>iv0O!Q;peGjBX{#d4mG z0(O^@nztHG!^Lc5?`=L=Lmhc4B1tC@-W74=YwmzQ#nqko`uYN(HU7-d71>xJr7D@R zuzGy_{SYy}(TSsxnoR7^S4OBXWgV_ty{BHxK4Sd_`>@(g@2khSC&}F_zVyCkzF$>@ zK2@ca9QZe6!rs$wvft?kauF+iv$KmTgqwwg4N&Q~N zeKnuobfU1u$Qj9Z#uW;R`~0-@c$=78BrIu1H=FzmV;I=Y{P9~CFiP()$%&~?C3>m# zJEgf^lFtH7o@s=$60bvweJ~~{0Z6(s9FIg0Zu^qPk=&P1{+v{V*DOl13}C}v_;;*x z_|OwtZ%0TV9V3USrP`Y18)SIvSF#SD%l3I|Wxc3D?*~ zqdG|{17|5~Fda^t7m)U!q6igSn>Tdr*e@V7n}qyAO)Rj1(NI zm>SxY@N)`g1!96YHuu1^PcZQXB}|6o_384`V*!DqlMpz#TO7NA?C#qr7G`qc3nTIP zpbx4Y(O$Y_YE-Epx?j0j|Fw_DZJqBfaLw%S@x$`u<#Ahot=jP~2l=ft*{YU*bSkLp zQ&-jMbEhp5`yfAoTn`nV7L{^e+4m(00Y){h!5tQH(vFP~j?=VXepe1p8v7C0ur^?o zL=kb0_BmU=ukTMn=h!UW^pLRILvFRp+`7%EHxL~QS}tAcNwAd1I;d7ebflevKyMY7qrW0X8e$l)DR$ zGm+APT&ONwSe0vr&>Oip&M+~uGw-x{2^5;Me&s4ZAT9)XCnEOne$<~N{*=`xdcB%A z?x2)sO66_)Y^HWO0wI_f`@Jtu?L2(nMpbjnb3ZOc{h+`KBy+5_oYEJ!r4_Gbd3qWu zW!)s-p&;Uk`ie)|01xd>t`cGpLG&sB*I8ztPi1lYb-{ikDL1>r;LGEprUJJ#{n#xo zL7JxLPMU#hOetTeFvt$j4;S6zVbZliME*zF!Fr5GHP33k;p`Ig;w7vi=fp zCcNsL=i%Mq!kjc9;HF2eujlJ?;^6(>T0b!{fA&7ZgC0m$8P4)=K5jRb?a-Ji(QCS+ zXmb$EZvUvca|qST`$>if4niWq=rM5oDg$d(pT-+1fJY!z_thIeoCRP7blIN45!%0f z6V1U7Tu=o{did?37Qa@Z_L}>$NVV?q)D=?gGNGP2dwpuVL`w*2G+kfe=Va zr}DXi$q6O!7sy#PLP*Hm6SGc$tkxCv=j6%&N%rB9Me;^k7i*P?bplNs&SwZpG6Grn zMJHBr~!vG#evNdfk?l%!WP0G==-Lwz!Y8c+oDF}UD+t-XsLYw|) zxoFdVbD-v#9tjZTT&o^`Zl{dg7`dRqM!=bVU!~z*4hydDPfwKIa|`?|aZL_~I7aK- zg4blTIRz|Y@rxR1l!UXU>jAG`&$`c7zvp<@P={lZgAk=$SLkvJ`}hd8aiYGi59o|< zI1hR?!}a!=p`!(lp}gy|Reya;!ms|YInb6UYpmgy`bvn0IkR34OMmW%ZTIi^V6%=YuB8>2c?4jkM;8SnZSf(hIG@K?&(uVMPg&Rl2pho(^b8HVIz7y3_b9sKlLdnswj%`=e%seQ}VO_eN)y?GCLR2clHv-<2&Zk zM1FtpKKeUj-r4gDF8OuuGYZKyx-d{0m-q|{=w4Wf`%_tU%U^jcAiIcnHED)%=%a!l zFi!pxT2_HNw^JRL0`9SY)>3F!T))i|{1K^ddCGXe+HdiMXX+U%<3mT)>|VUu(97c; z)p6HZ!5ImeFc2mzIL@u^E6NY8uI;+mRyUlUErj1Tnz)q`Neo?8(;}srv-2IieL7{* z=}VsBWgYm7`Wz-cM#DKcjeppfIXaMRo;DYls22Qz&3`XQBCNy`8jc(aO?rIf?ctp( z8<(lS<@h7b+GJn64!zwOIvIrm-|p}`z>wR0{@4)TA6fi4+c5|NlIMsD#;K(fA}w(KDWE;yQ+>Fj z3D(wokOq&9njX0N$DRfNr&a3hT&6B>TtHtIxCdJBQGAl!tE8!qtzU?gd9>+1a2HXs zu5EF--XQG{HgD-p?eQp!QN1|dma4tw#P-k6R9a6ea}x_fK>{T|EN?@K5SCAcafn$p ziK^9a$*~n<iP38C5Q{qLZ>Iy-yD`L|c4I zvO>=ZQp(pnIqLwj)?#*J-#HlqEd^jJ!Zm>dS$vEO%-({IZ=AHr!asq|D4e9UT>%$a6@~dc18vln7+=fby z{AY>1TJzV;sUna+I><)B-B+L`bZjL%eXsXOH|AlIEyG~<;H9xUFAm4nRS!)MHY7#B zXt8*km-p#+Ptc_RE%S-zRqmm4=H{GWHh5x2{N;BdZK=c~E%+4s8mm@ryYL-fz4T3KZp3d^`7g!Z5_AyDiPHPvs;tc}9M@)EnNfpvmh>z3{C`cnpGs$h)s}toToK+d{ANoymQC^$calzPEF@Qx-u13zoz8nHgv{( zFR!CuRs(kopRt_{Dab5vGDR5$d>q`mYT|}Yc&8Aov0^QMSdMbwet`6C?RY~d?X(V0 z2&aobxhN=05-gc<4v<5dVw&_oB&@Xot>rcADH3i9Q}-3btcdMAto!fjb9S{!ACA5Q z(9bk+>+|FjrnvB5pK1yx{)F0<<_fRYN+8r9x1#}!=aT?~aB|^q>y%6toyzq&7$>w1 z@X2qHDi+Fcp~0D>E(}~bg<_|9spL#o!V3Nk$JK1yRyvKAAH0kc|58RL--ki!5D5rW z+1`0$dYoE11`u9s`=Tj+e;yS~+e;reV_~jxJsd#fd+qbA%?&+MuRd@Y7ywpe)=Bt2 ziI@CE|JCeY&uX7ZrW_Io?1g)?9;?0>(BH$+1~v!brI`o*ZM$oG4(SQn_q;rImihVI zbAOLfg~_F;L)}Q{NAtc_UYfMOj8YRT4algdzwSHIg7=n0iZEYna{fF*m;vSgSUR&V zMUf~7|0R+AQA9u%5!rcT7etUvgkL{F^_ElzSeVmtBXO=-DA>E;dpXtus$V>D({wVC2`~+gJZh!Wn%dk#}9Q8iJ|AzPf zY$8!RX>n_ zpKY)&5aaoH?-LsNMnA#fY@ET%fGBK2(8#Kc#*4Lfr{gRX3;e0a#Q3USKsOYH)amIgJ zK3AL3qf=SRu9vb|UtKV*zlJBaA*G9UVB+E@qSXWVp4wBzI|*Sc_`Z3;ga>qV1NDs% zAJ>`|`cIg_plie*3@$&*?M8yTIl~m+d%wD7bj{~Z0Ta&EaU^WsW(bn(oiP=5s?hOf zWyg>tCpzcfAiCoKP4L|E9E~6|D=EKEqdZ$w`-xM{e7D0vk{7vg;J5R*^H;VfEfG?) z^$H^`DLnabO_1OLo1Nov;-!Lw^TvbBvr6$-3sS9=q{8y~!Jj!H&K?YwI~{`J`MdR2 zK8HhYhmgL!m-%bTl<-WD;K_Jrl;477&$xFa)AfX7?>yIJXxHDB z!A&SAC?1|(C;o)02`%-g%CPhDAS9!)mLMIOew1&@bZ__CN0ak{9r2NxFmP4eSI0DZ zjmm(f@jAzO%ELP{Oc#fa&iPyc)JAm3<`MD3=Bb*Ptq@dx>9;C&MT(Hs{ca86xdMN) zheHX}?naigwL8Nf5lHEALsU~{H@7G6o%7oeW3{a@R91?<-#v{PgQ)b<@9u5L=<;i1 zYOHmyHAl?v=kn8Sj_z)i^xzN}8qb@OaCt71#Amb(5|;MQ9_J2PsPifI&-HsU`~T>D z^cN3tcfP*N-lLljyjc4{qVx>&xQZ@z^~amoKQB+&`5?C@-(98x(q|@%6r007?+h0o zsn|W$B5Z7nu~#;cgm=EVQu%g=T-(n~kW@#OWF5m~a%XpL4Up$ARc>hHlK@l{?i%iN zJtjyL$VKQu-h}ZTZine2etntgkR8>;6^}VwH0DM#s{qmOr}OACS)85^`>jel;OU%) z?=h~LbP(!e)i-G@CGFn(aYC{)9}&<%Ci<+daXKm5KXS+k37MzOEb?typ8gm-L)YC z<-RC!OGu+t>r7o=Z#a~gQfYQihy*|?>;idOll`2!$wj$SuTi#CLPDa!<-R7ym6Z=(53OtevY1V!ZDRL#r1bFhFqlw<9R&+$zJ#hY=RnNT7 zO5BM}gEv{5P-08G&4CC-oW7ldjHA;^GsgP*}(NHl_~)b*Vg5%*gz&k!Y@2ME`txrFWwNki+`JHirfv}Y3m zU;7pJK8LpP!#~zr`>4)m^Ct)Sv9*Qtdn_^NC5QyN+uVksBXW!-LdOeR00fVir5`h@&4 zUr%kg6reC%tbDxIkHyG16Jp8p^PAd7BDjQV9D4h(-g@%ko{st^I4w_J3Rl0nePoke z`Bhuw+qKL-9pwiEa3EU4B55*~a_-)DhEbnuW7Yi8YkxMxb<)aSlWFU%JR zd!In1>wTi`Lt$I$KL~qazR4xERj(0j^k@Hm$er-TsJK3H21h<`ep|Zc0(bqTZ|M=m zEPE<(FeG+5Xb@dI?rchQj9)C8u3b7b9>)7;>GSfy9r37eYqVci+G|V1WnCt^cH>Gtdm%7P+_nN{kKnnKLAv!&+O_s-~np_ut7o`cy`ZBkr; zh(U&H2i3Oph*#>4!kM%`obZ4*R{X5^IdK~92_J>xcGL_La&`GY`I+w>c^-?<#TLWPg2)exwgn6~ zz!##+CYT0^b1Z-rdV9UT7;KdCduC)`5V^2Wq6JV=Qrx?6-^h;(+qxUgK!=dg$@P^y zt4^ADY~@ppvuNuF@~iJzSsztCu@j4z&D^!B0iIKy1=^tW>tg6#@tR^TTP~^TcDj(WB?(lCds@VHmQ|H!$?anq4Q& z@FaqTyk_42fF0Xb=x z68)Wg`-r@!4d&}TO3(xGP`MlgH+80rx^pG=v(8gk$V7ET5{H?D}wR!iZMyDxY%)HCwV?qkFfQyY-v9e3LgWdg1X zbXak$SpwTJ)`DKieSRIe*UTfPhpRn=eemfBq>R76=*OIk8@C`p8eg2Ry-lB`=kYV( zt9Arvnp`Z(Y-9%0gkR_Apz-QVu3lq;8}1PqtC|HrCTrPFUM zxX7fvKn84WE(WHpgz|dcGR~j?n9<)88ys6!FKZjyD{(0dx6@h8yLZ#=2ctt$&7zGh zai^43ygy$K5`PKyS%sf-fSMF+&1VIb&IJdIi|oR=7~k9H3JPnsMVW>>RKR{Qe>YAR zkL*M}RSwQW?A1GuHByaT3qR9;XWvn8=o>;Xa5(RG4a#a+uiF9{9j84)W^@sq8ywFy z#=b6-HtkTfHeb*$Ic{XCN^h<{WltFE4`m z`fv%YHiIs(FXGv#Wb56VI>6h)J-@~svLG1edTC4zgZup%s!qlxPxaaoMbV{JJmyy| zBJzxTlnLCSJWxIH!P~@rK0dwFvW2D}L|8Uq0yAcU3S^eNb0B;zubWWj<#K5JA2wd* zZ;QmyCn7%7A;h&Ui2Pm_(7g3D`Z%<$uWe}TzA6;yHforsxW@5~g@907BP>$tch=D{ z3Z0f!MQib}-=SFKvEZ|Vr9BPn>&MR@ThPY9hkaemIdhl`4PXwS?kR$By1!sOD|Cxj zd9*M7gpW{rrVuu4Mwr{faS6f~y1KjxLcfhsrHZO8ERq*5^z&PdweI41WUToDpA?~|B%QypkWEv#xkK2$ncZ8-0}HaLa(`9>kkBTq4#e3UzX zt1;5N?{P*vCE&+LeP4;jmz+@fRDF?C%Y;F@&wT!F79FZ8}QJzmDX^Aws8 zHulwDJ%Hqw$AdGS{c>Tc?{SiYZJcJ4v@8K&tp!Ct(iBVQH86Mtw&o9o7@m&b>AjLe zE8iYj!@M7{v>{Wkm<|XSdN*gy|K#GLvtSG>OS?#4!S8wVHyzGFaBitZJ6&L;h3#wp z?SV(qMQmOI@BFfT@)9HR0>==j{hLm7uZgpcI?(5q{X;|+QZp^YxH>D^wW(Gkl6dfP zW)4aU)@7F>cfE)7hrvRm)PDT%hhz)5C0UJ-oUO;#r3{@dvONKKwm&Sne*h=B#!mIf ztUJt?Cn|q6*Be5v&+MffQfV3-W4_)WMjrCndLe6m*F#HZ+PfoO+LJ&Im~aO&_4A5U z-kgX4pE2>OJfQuy2s+!Feq{iXo)M^O1+win`nCr z!C$KEnT>- z{O6MWe35?6vchUXMn~^15!A~`t6bFE19swG@M)Z?r8M14LV^IY%);Ig+#k$|k0xkU z0R1)?pd(*?_G-LI-afjQkJpe*Jt{?^!C@Etan4EfF*4*cilb6Q&UZYFCxUaRGq!^~ zB+rI;8oF=?R_i3a$US_y7kt_x_)A9p0wJ&;^*+)dI)H$quDh1l#yXAfw@L3YQ<91R zioJOI_BZ$}o^V+AVj$b>o6OwSw&A5`XMQ?Q|9i{s9aos!RbzB2iL7_8?+pln(uuXZ?^pOE?00>r6S+QGIAf&rXPk3 z;nK>GWE0eCzaM{tJ;Lyg^XCjD`Q3D=FO5fzc-)FpjsGES2#z1|fq;c(IPKPPsY0vt zbeCS_+7+thH-h*9)A1#i^U#$^P}*9EV&>6FaZ(x|sx$-*<%VGOi?HlsX34XC;kJP$Ek`Yu zs#0sX^`-1d8j75C)xyV_N#1hg8Jv4ECS-|=1@ZZP+CH?dryrm1EFL9N4-s{34H@=d zSer(J?>qSGRGqBEgQL~&^|MYh;&`6p7tK-aha)T9`=MI3;RR$vyZ3&!EBd=)Vkc9G zD}%P!#)FMeUfq{aIYH`~adP7#UE}x57V|!oQ}^kN7^6}RY`(cJ&XCjlEN6>K`mFV) zy4Otsd$ydU(RMd^gBy~uOI~PhmCiEcS5wQrtOX#70nkytuH6F`3#fsG2Xo&lNNPdi z{K6wmZIiJl{YlT0jM5o= zC*o^Z>P_y{q>H$ZTd!PMvlmd2N~!#ji08}ex7sl_nY&1-1b-k8lX@imy@ZA-HdWYp zh20IdqT@AtcONl1K?>^L>3(}&Uk2}3`ym*8?x?Nqb*vf zfN$6kLe+m=yv^GS1AJbge4jGuwr5-lTDcFgMC6lSU%6!IP9>4#*LwK$ZB>K;Fu^~e zB^NJ7o=$T4hEZ2aQJe4mI>8Je=S=4_9ltH1I%k9T_kjikJHpmJ&VVaClk)bse?R?n zW-!Z*LM)gWkXu^N`}+Cq8@4;lEBTA(wn{Id1NB zFa?A3f*s`9sogq9peRB@xq zfxKW)739tFAi;Ooe6d!=N?nLls>|rwOg5g|3xr>yJk%pMnEZaw5ypnbl zqo4~SIlFSNW!MMKR}$*<@eT=dQA-$8L2Y>#4J2&rQFBTC2{E+Rnzhf%=y6HioJGx* z#mM4a$@<4%)#^Ha&wR;l86U4H+;oe0WKy{ z!9XhQGa?TxDl_w*+V0X`>D)_MWamg4hw#QXI$9f}D{(=nX&4pVr(@6)V~8UtG=GtwYi`AG{G*T=2{|MVXF#dr=OPk=jc`e>hb&z5*> zOTvjqPho!ns^^p47wT@QOYt~~Kuw2nhld!TuHb)4$y5GYJC(Qc<>AG&DwJE`>n9dBWR-@1xm>R|KQ>v5!#Lk~C+}zJ+9F)>p4U0`Y-*#Lv#*%ukpocQ|BOlg8?~e!LF9 zA5z^xUR;t=d7nE#^6q?fK`9T}}v8 z{Z7XVxgro^Q`m#fW@80A+Bzzpdq5V+%QAyTn6#ETB{+Whe7lD;cv%P%{DijB4Gx)} zpSD8a9qfDGS0A&w)ZCvuz#C3Kl4An|ZC%;uI8f-eqVXn1P)gxnpf5b0ImuiWPvZQ% z71dI6HWb3=uQG4gF>fgPCimDRlB)Wp6(8N7d@} ztO(+5&6FmJljLC&=V5PUdo;uq!AfZamR>^W9?IA%TDndrbcD;s;S1Zx=8pyE z{G-=GdFYN5w*f9WpVS7l*YC<)hp(~^C|hCkV7X3j@?4X)8u+@~VsoA>k~obMw{T9U zgZ$7tfCU9NUs;DTn<5G}IBsBg*m_uet_Zg&YtU_QBp7nAUX9_!;=&_>7(uLl^et~! zo{qCqPggQPMF!A|+!IWfHXn8=lh}HU@l9#^l%M){kxIU^n97xM`36g$5afaGy*vj~ zuGShP6oBOv3EI-rLXccaza@JwB;GIMUM0?!-e^RE)%^Ooy8h;<;pey4Y^PTgDSBTa z6*$gJ{v6N4_8pqJqWlVh;KeIxXxq3|HrpTuGF2i zIgB;d(w5?=TS#ive(mT_L0xR?W{Q>0MW-7xg^HvW`E(V4I4fT&maV6m{DpOEr1M2w zCV6irmPd^z1R4T>=GomuLwx&DUnr04Oubg&z=Ioz{2%rYut*mB85^uCHg_EWd-iYI-!oo^jeX#q5z(EV<1PUFnAVEvZFIeB8 zo469SMhSyq1lLnIg+DdQZZbcOX(D0Bm5gMsT403@Y~%s@Ok4J@YIrMD8(HB^W&9$9 zJz_!#flAM>Zwik_pS@5oqgLXm+sWC0_Mk|rqBTkj(DLWIeS_o9XulSbgyLCpg3{rR>$f7Q4%xJw}$ zdLr3z(yhK7O-fqF0iYDjdTkp9CG=8d{B@46MZRi~CKP+@C@-!#X&t{K#W*5cTbJJy z-LDxSvn|KR)c2%7#HE4GlFV+q)$^Y=We;u=xOP3L--Us--^C$6>zSrNA8#wM^bJX>kS;wH}zx?VD z+;ZkFD^GIhz|tPtYL(bt?ecsM4LXvC=_&!<@reKL3?@Z+cK$AE_SzuRr7}JslWM1s z$ZzbIPs!Oa7pdN>gUI@f`XTjUoFkJV*-|7CW`!V$!DGY1l z0WbJ#J>{1ZdLHk61Z=2(E0 zLdoJp4MTMAmEgbu>)fv_vAr-7!tvT3p7+F<*A}ff7@nQE{9zSjVS1HX{8IJORx7zr zltzLr?&@n%i|&uesXWQ5gL$y;nhrQ}1$4d)>ubFWXk7yyA4gWgR&TSC1 zWZ$0psL}7;Kl2y{7(AK!ZZOSuTjWn-1ZT`Gd4%1`03YkN&u%8vOLyWr?x!fG`|p>R z7JXQ+0iiiL(?OB6-=Xl)*(tx*Rx1A6Yjow9S$o}q?!(BYCHY=7;F3g%hiDPJU-8Ex z2l#Ye4aomWCSAgw_;IJl8?OKGf&9V17`x>nmyrjkmv_8>K5Mo$22k>>!L^vHC73qW z;kh3&{f~u-I`zB!F(TOm+MimvY9cE4RTwXq;kaLCk5}@&v}cY+MsAo`gwb$6tX_?+ z{o?8~gBw!n38fD4lB>CB3Ug2It&#Z{4DN}{8GcagYs7^z{IASBzQBU}SB0f~y!Lt+ z4Ft|x#8Oqq_oN-Zppg0!{SBs=zOx_Lp6<>}uvKJ5mO?;@az^l&IlM7hj23=x&({;uD$wvl;N}y^TTHc6H>25kb zmG9)G>?44oRFRG!OrYpnzGGy<_Z-H!Yc54LT#|ylPZoWcuBX1=hv8!wROLNOA_SG| zP`^1Tr<36>NfX|$`Id!`{jvs>oc}1)C;asJn)FzPNhph@N<$ znHX=dIPUwvvyWl;6HlH97*KP;PUO##8of+u)HBj0Xb zeOpgur9}E@rk|=yZu{uWa4Id@M;;pC>M$rIe+M2O-!GQK{ANg~9^Uxg4H88Y_nHu- z%KQ191b)8U6sp)bXH~b&a5ivmZYPAh*DBUt((-&lOG=@45%-`9@yCGaf>4F^Y1Ya5 z`IZ{eYKC~fbALnm6RvNz#lPXWEmQ4WAWIhugoDsYCX8PA0eoH+`wl#7t@tytWt{!N zJTIX_ub&Ec$pY;p_43G7?{4A3L&M;!#Wz#!nIge$l`=;x%pbJ=G<8i&rrAI(d)I)v zuyj9TW*8*%UO!{m{LaHzTqvP{$6@8Lo5}}6f){S$lzHqE)TS}2*!9pw|D7Mle`Hy9 zg+7@qUKIctihFW>sgGa1n5q2Xcrv#|+}FD&vOjt7wno?Pa6!b@D|#fM>%1$ww)@Y+ zI-UlueI{aQ@hs*L!66vM-%VJ^J~d68RplJFEVnYOM*|?$Z0$*SZ`b4?N#BNOaD53p z3@7a3vS@bKc6TVP;~d%F7G4yCqFe<6sWgP;QNImEw>_KO^rIff3T>(muF#L zLJFLwDT_fHQ~S<6B*>z**~e%Ewe?JGAKW65RGapd<(UNz>06VT=wbf z7VW>XLT#nFS33y=j0DnUD&(oYz%n>|1s0fu7vm8I4T#ixxc1Vl@<^S13zi1uG0HCq zlmU*`$>r8}+c^`TwWNfG0YV)$t%``C_U7SLr_)CY|ScqVxYcP~5WXub3 zCbg>#dAvAPHTA=&BY@MO#t#~t`|8x`joiRZzxYqla=RgY=*D^Pj|Dz9WFqfw^|-@= z(V(f?!A*|0ZhGMIRA#Pgt_xBk4Q|Gu_~je;~K zWzzQ0cFBQJ<#cL}$(^vT7msIPD1^rL2bBx}srz6|d?hKoeR0Q1=T|a({x~#8{;CMC za+t-d+FOF5*{G?6K}w%MrJ4t)W-M%}HL`RFaPmR48Vu>oJlBO)9}I;ITPr?Z9&}L? zu)sF|SoR;yl|gC^eC4_Hp${%z z(7EO!X)!c{ATL(>a)#Shff^D5Swki;5tsvizW`yT-+%Ur&P2gvtyz6U;nV(6``iu1 z+88d?DkJC!fKFCUpdA@=f>pG>GIUn|xw>`92D(_t{f!GQ#f730N=f;B-{rW-f)kZ<{Y=3z=&w#yP0aAG>RS1C; zy@9`d9-HDOEm;ft;5GCfi$Y?4xK@G3m~pz1^O4A+Z$};=ciKyaBI;z#eewGZUmF+L zjEx6z9OW~1)e5EpPvC1Tu(TehyX#ixuf9(yV1c4GmvYST`tjW((;7If?KHoeQ*jMr zhIbEM{%tPfFNTn zOhn1Y=QFRrhNN>9;4)Xa+gsMZO%s%Auj$jl^p%LXXhCrx_9={#aTJ zKTihc5ZSA&0cs*w!MM}& z-(knGy3$pd8!bk2z*NwOyHm_NT`0djVRzzpjoOd-YJDuFnq%;K*VpTQjrr$hrOrp# z3(nxoKhQ#AQ+awrM1vH2BS=ZO9534=Jstug>rA4vIw_A*keuU}iXKSM4%;a2QaCg! zPPkTt3w&eZIJNe-wdH>#{su)-3 zfWwM4`C02OdV2qMC;H_k6YnLBt=PZ9MJ$MqUT=T$J7GLZ$M39zGNB5mom zq)FO%bq)E;YAD&XkG28w>AdP3XU<@Dc{f=n6J*bRv6oAv8;}Z ztf!(|mUGIul(r7VU0J@UTXFw21X>JLNG;Zjk@8`4nj=Z?MbGgOH2bLnBTYNRf{7ma z zg~VdpwVv0gk#BQgEM3|^7tVM6hw4CM3`tm&HSajYZ)qjCL5h(HgY)+n?Q6wU-l+zDd91k$Ybk|1$-!XbK1y`Mkr{{voLDJc&X6ds#pIJe?j}ft}t`nzD=R zyHwiK>*{3(2Y$HQC3^aj_xNGCK#NFX*&$bEcp%Q+EA|--6%AL@pPc#175{L*4A$?G z#>9cx!`c>!>9=r(XQ$ak*xiC4p6lEDXz@yNFEmv@a-gsgt*RQEHnA(2cBk?0%;{_X6N?LGVZ>{cdj3oCX&z}Vg`hp`YhC=H!eNY zRz*E~eSP;c6|nC!qNXotjC{pn>*3%wT>Dd#689WZFM5%NTLS+=&q#g9$e4NxWpS{4 z48q4wduI7HRKWY~vKxTD4>R~BhkAB}#rA~((HdFey}_5TFsb_}s)X1PX1koYMj0np zJN(|s5qKYvWbiZTSqa9&l~U}GP6r|z!I-AU&+TMB5M_YHJwn!q5`{3GI#`fwQHuAz3r1llMLHKU+b$?j? z1LXCGAVH>ZOt6s;W^(rm)b7O3IRa~p8%HrK#iit0&x5#|GMz}c=N0im(kik$k*#f9 zlmw;()ST`K7bD&h;R&BX*bB3c*pKdGpJ;Ec7PHIpDZG9DP@oS;ERwzF4?htSA>haN zNBgGy7$Q~x8zt$$O_RcR>2<$X#^~62*0_IgrP0oSk3uY+RU_8+&iUhPkas!aGsN-- z#BeRg4Qy@|DJAn&lpmgD7T^oon2(n4-dK??_1-g?fgHb+vQ$6Rh(CS*^cefc4N6k2 zgIPHtVphC^vT zW&L%}IjmoyHnD&Ec+pqx_!Q!2w2I?BNMxIb`HQ4!1c(fh*Uq1ts*#5;k7(8N z6BV`(aNwMfeYzo4{);w@!NfPJNc`@XR=~7Dcz1Bz<&gxUO#8I?n+sOn`)52o9b1Yy z2aj@-mREfVqw6`|UKnIYD0|~Ap+RqsLZQ}HhAXTSB~dEt`97j2)#QG7FsZ9x6MlVK z7gcm;m3U)cAXTnjClTK&1^jtqqgiNgQzE;MUV^tl`*^N~7-;m%0g;+)+I7@Knc?{g zE(2BDf85J;m@PLQ2fByhHSPIya5sTJ6UtJu9!RV6tazJ%XcWE*kLKCX?PR+A-Rco9 zx!_)3O04ft1dG(ucU8UcBG8mc>2*v=*Bv74hwMEIg~eZC$)O>g3m|l|(HJ0yF44lc znk8%_Y=!wmv<;TL=0S`vD!}=2T8qZ>4Y|5~awR-*SWg{dh)>6+GR})|$EJ?;9&Z;}RpQIRl7||CMhE69{E)oM zM16Ncq~Y4?ioH>!U~bpTphE#@yY-c3*yemNUnk}C2J~5-wy(kI_qZ`Gh!pbi3iPY{ zowx0|Qo^J@-^MNil7e;AnWj^r1_=EK8;R#*;&ZrMmv>BCwl;+Cta{ABw-=<}L)>Tg z^l=HEhUyiqYQjpFDF6o4)OmCJamy<6DTek<^5)kEDt{~2xMp+B=XV?56L7W$dYacL zbA|aOj12j@ix2PZ{O$o4mvK>~8M$s$}b#sSmG#2y-@8ESI`}Oq|-glgveREgxFz zoP)Z-?{0ds|Uw43>-Zvcql~M&;3NNtw6d#M?tA0X=XS>lqLF0h227nIei}n@ph2QJ1^DHDj z-#_=N%r50<(#BJ?$%DSv0J z;A8W`NLn)GUqOGRWvUF->>|A^`J>VmJ`?1p%o5@!H$QdPt}D^;^CD zSXX&(6T^aY!9f{u{ zBvaiyShh6LqmQu`e9 z`5g9@;y%o7$36*)F#!1KEe|O(!hV~Tu!1HtK{L|wY&SVVG|mveDBoYI&g zODx=yh;+!qi|jA#XELF8*%#bH;}QVGW%*B-E;e<#L}SATCboMWL}EUa2;%eI-@QLp zYi|}A)853#0lR_~g-xFN6UVX)1z7cdzHae8_J7LNKaPLVg%G@z1dK4R$}Ogkq3b&0 zre2}eMy!;(62Td-Uv!_Y@M9&`^IhI$03hNYJJE^jvU{+CG$z=^q!_`Z5HA4P?;dCP zrIHPr>;CKBU~32S90+J8jBXRL_YR8rJm~z>)zp09DITGk--Crf$0skb20?J@gSg;f zr-$;J2Ix`YV?Qb5eLBeROtkP5nS8LFv?`M6Gw-<-h5e@M#C*b}bMlo0UmXwjYcJH_ zj6Z5u_5I)moHarDeH6j&CeBmZqEzH!o2vLkrMo+0eRzP zRyibU!+yuIj(zA!>p2r(K4#$H#)I!t@u0ri`T1}tXX{SydxRUf{0h?H85pguZJIy8 zP)L7w1?%0TieDNqknD9UMb`5Dkr!^Tgowp#2)<#?aB!Y{o3K56w&Ts^Pf!0gf9}P~ z9rAqRMPQBC;};SX!A?~PFp6`3 zqucV#ddW~Z2bB;k6l|THLk! zyc~NUCsw84$5LhX3c^y5Zr=T_j}*C3d!5l%uYF~kt^i$JpNk{gXBAHpJnc2yA89he z*iU}wk#ddsyWh^I!*NZZ=}RY>;98}mxP3~!El{^Q@^9~Vl9(xl$eVw(9b8mwmd-!( zV?JKCy2P|hv?2W80)zNvao;so-FNh|{Sy5x)0jBvKAu(XtysxA9`ex6u==kfq8Lae4y+&W6x;TAQdCMi{u1pnO$qFjz@Z#K-7+aU1V0fefSx}#^e5bt zNf40h+mdBq)ZY&(!n&*OVEo|7jI~G|r<1$Ch_B#@WO z%04~psgH{&k_r?f+JM9PxZUPW4j~D9!>sE_CYcnPga_f zds)!wi(Zb@XSH7CltEd$a^fv9(E!zTLWTDjkJ0x#mtAm*rKG;DP7l;Sn{4TF3Epr1 zMOhd3FzgC6_>egKUArKj+|J{z{z7~muuI{cAMqZfEr0WsW>JEF11t4nJAHiS^S(MlID?T}I|bx+#5&WKa#GrT{Sff|D`hfXiO0jif_h}nGnBz z-`2jab~G#oHT4IO4I)F9#%h&u1F zUjoK<`4_JhbTAx+z3sDR1Qd6N>I?Ef_-GeBdRQBHar9e;?Jxim^7ytM8{kw@A6}gn) zpI4Q#&Ew@oT;OMz!+7Lrtc^+b;TeRC5c67fC|n95bE-qDBag2wEB{L&Y7e~V%zDC> z?)m(foKbMic~_hh@0W88H0CqGSoUqQd3X(W9aX-cFwd-2-z0Kh>8Nqw)8Z)9E3I-U ze;(TjBwwd&xD#X>#f}Jc$P&4D<&v54H*{6zmkV}d$a~sHc$Nc%Qo#inbt=_-jJdh9 zH;ts>{eG)2urHQN z_-(Es_RJXL|t66^u!$-Y&WOq#i zU}W%R%YPh*?7AKAR#u&jbt{lJ?(==B&f@9@+Fjg&+DhN<=tH4-NS_CF<<eKg1;{Gb40s|T*T(2(QhgmP2w$M$wNxT+4K|$0)Bk^#=2g$zQh{ce< zl1n$;e*qFI@hFo^sVRxnu!KKiHB-sfk+%Jv$}hApH-~E0{Ik;Cx0%W`Ks5_aL@=Yr z0lIotV66FOl=>>1s`Djhj+4vW{A=}a$M4V70@kYQ+$C`EAy6iq8?d9NKF-~KVaAxJ z9V>oF&9y&O$#Zg&BC}viJ;wEGI)Vr&x`oDa+n%Hv_308Xo(`K5h<_zIfS|gsy6 z8WaX2ruk6S75!e@8zWr>UECvZIF`ONsog>unF3G;W_D*_Q!_*E0rqB&J*~f~y zk2gHG7c)pDxEsUiygWHzGYILM%)$Jc=DzjTCzd(*!$V|!r~x#tg|+6u(L#RQI%?rG zAcN4gcP(}DV&}oO^1bbAo)tY0?2Y^7=`?Pt>Ln{0mCaa2*N5{IzOD^scRuPziR0j9 zSC#Kng{7piUTJh?dwyN{U{Z#cJ|!|?Mwp_8*`!-*qad{x2DO%Z?q^?j z^>b$(MP^(%w?rTH+PbB28b!SaKx1~;{4Aa+{e3zQ(9-gVIn&kDf~8|{K}IjaEdow+ zpOez6AuZ`ZIIn6XD{?viGg>MrVG- zK>=L4>ohJoUze;np z`Ch6R{e_anb}+fYs=Y;pj6F>TH_`uigyjp{6OlH&RFL38sS%gbN~bReo{M#dgN3CJ z>1>Lf!J@MGUywBh1rk{4{bSySBN0Vp`_`ITgl zCSbjSv?nS_#(1`jf`Y0Z>JoOucx36bu4}yw^sz}6Qk#EK3{q>t`*2IcW~6K z0``-(TKR=CkM_N2sU7$?1=Ks^x1S{^}=@sm__P0$^>3%?wr->ts2R8@@r z5ex^m_E1NFmMozlxmBxWKGL`RN?QCHJ}_Zm(m3mn=%Kyo`e+y0erv>i;kk90n=lBO z^3M;uSafJu8M;?IOwSXWe67nFZUvQbh4=uam&h<{QAwIMly%)NtB<*dr>Ux-$9!_$ zDrf`ToplJ;tEBZf=WF!4zkCH8(Kigy3r}{DTZ$*?AvWPauni2sKht`nAmbhD{k&%w zDD7>L4<=?t-)@&UJR@xM;L+P`Tq2!Y|5+c5>zMq8K@PoPD&X|Xp`}3Gz00}=jh`++ z4<^79>}PT`gFY($B8op%Eo~bZ75Pl{;P&H8Pe70LekeUwBdUvdh`tx<_8AQMZQs6t zMtminP3Mqa(jwX{*xR44!-*LTI)7JB5dM}W*2wcIZ4m8ZYf>*|N|45?!ZK2isgivV zp7~Do?3PJ(F@YTqi^vdubblhXckz1rI(dj#?D4v7UV=C19}T-WP;6+_^5;h;V3`Ld zRxF~GBpZ?6-JI!{EI?|&WND&@U=d_8++sfIMXi2jE2-u$caRME@)=LgD)#`BQnuZ8 zky@|M04lw(>2tn4U*$1$r6KL3o=cf)h%We+A6lQnYW7kuheQ^Sk^#v?HRFH{b~4%e z08D%6wMw#`Og0iRXgkIjISfFQl#72lrFzAN6o!VEHdkI@=ZV#B9^U^A=>~a&>XMKc5(^E?TWp*y7MZ1mTH7O8iTzRG z7{oB(DB^8Q=IJHjn+m=TtL-@=o>*c*fF)0Gi!PZkUwC**!;rFodSS23AKsDw4pYHA z-_^vRX>NW;)ydw${m>1H&F*XY@}9UO{UORXx)!ziU0tzJ*&lz}&+I|wGS5S)|5N14 zd37}4BYI%cxzvlySG#jCZ%;m&d7>uGe95klq7ctX$1|f+0#hm~FyA|3?w#&touv9( zW`D8l9+BvXiz)i;dhO)CIK|HC5bc8k#-yi*v0w1LDW^Zjq;bcSNbJukw6Ri+=LDWCi0 z3n%EJqOQf@>ZnbaXWg-Rpw4b7>7k5&2k5_e(mO*P+Rx*VvFiPPj!});^1Um;X}30h zn)3N*(;P!jP(2`;S2x&adG?6!Hk>UuzTBJV*SdCBAL_LUz7&LJCOVPGn=AYz#fF-_ zk-8t&s(|<7$l~kBuOP7A1Uk)oX@WP)bIr9S0LIx75coYJ6Ad!*=6S&V6;mBtXJHxk zL@C$NqnABs_*%9UGY$RxJeqU-h3!p_@SmjPIit$-q#YJMgoMWVOqwfk4vc5(7uLQb z(PQg@l+k~<@Ch1xf9{6LT@e};n@gO4o6=uDXa@PgunMPR3sk;%yC~tMK~5>=@*xgi zkMG#E(4xq=f&Vn0P0fBr0HdDOh6u9P(P(mFqr>o3Nzez+LdZ;y(}vyzH1GFKi$ByJ?V&1;zj*ipvdt>4n$g@O z-6uZWx7_EC@N2Jh#5={2UHCLxuM8lRh6ztFZst*sf;;p)7ikzM8EGW2tH`pNfW z&YQ1G!BfYuEeR=F9sw86gSZ!nqf7;T!DqjB?JQK#OC0v7@qeH$XUs!RtDK=2NoHTb%XlV5GcB`S#N6e1BfN^8r2?SI{zYCU8*|3tKS?PqThQX zqUSol-pETIflB)O8qpJwm^$tv!Bs?D;pXKw6aSmjrrD!<)t=b>ezDu|k}tQtUvW?2 z(u_27e*IKM(HHG=o3M=JZ_|5j=^l03+fHH?+5Nw;f>(N=hy7kI;|>~Mey2id1?vifp9-FWm<9VN~+%@6?*` z)(nKH`;%7zH^#u%QO$V3|BGtNy`R9tcM*RX09Zp_zMjfqrbyrnxD3q9_E$o^!%+5N zlrQ^KF`ljxyA06Ix)Vjls4{i@jQO^OFwKa8F7eP66p)$W*$uX zNAG8R}#UBhyIPz4= z+x|W(<`kXB=P~Yjyx5fF)17`z&2>-<73xjLeL2a?d)FkNKW-C8@x?xuA63 z&r`n%b27T-kzzr-3eMbMQYL@O@&r&!1}9rD#-F?69*I<>jE|{aHxJk*{IX@*Q#)ms zZ5X)a*6^@Y3R^;`qYhGj4^&V!sATu+Y>Sk0_%k&x3BmI#XimBS8lQjYO}vEz-l>`L ztg;+gyq#1yc@OX?iy8Nhj%Db6-R0&&%iv3)-rSCFmu8JQd-sQy{T&H3>C;ahi@LyK(OZ(BV5sX z*V==-KSJseN;O$m%S_L~b;k7K8-b_DXb4x(fqa2MMP9b9MAq#^p7rYiYLL_wP6YW? z$8doLt_BmCJ@Bu`YYNO*N?C4yAsw0d@dqWcjhEh(vuxS5t`KH>G&3^Cf&-#8{wE=9 z-j3emYXv!Gj`%%otbFhs@?pMvA02^vl5io+(jAk~bvAnD&Lp|f14G>gf?#!tbXLSK zE4(9mn3Fi(qanz;jAxfGP!$ji6gzF@N-tn0<;9IibFK`=ua)F?;|(#QrGHk_o}J)(|>~}G3;6JNK*pTr~3!o;lZ36Zu|V>UX1jk z4=+Fr6eFYV;pqY^T0U)vUKMZ<&+ifpJ4rXD#Xwf9`AKH*x5HaPcF&{rIOl+v zZZuz-7@?wbf4?XW-d&{I;nk_7^ZIR(K^;1%Ccl1g5}D^%?>?;t4;bA}ZIyz^H4cBS z4LzL>x!|v2@}0E`2w!yBs*a%_IZz4q$_W;;vv*Z~Si^=-``4Laq)RH_{d|syB+pV} zSm@WMkco=hSHr=$tH+52?lB;5F;W|K%uxKkbsT*$D!}cAmi{5@nwg&x_O3y9tMYqA z46C_U*u&&3*H$te*sua}iu?T>{K_YTtVN#3`}eLxTRuiaoqOYTQJ?)MA)*>h;wUtR zJIZ$A)5|`e!wp)8sCw347w@ zDh-;4KyOf*<&F`V*+1{YpN);%@AS6~U*3e1K$K~GE%i@_b@c#)NA|dX^VicmG?0Q? zz0X&d;AgJvlleGbG=_S|rc(XLeav9zFiMwc%GJ2~*F;t0flJQsxw}s+cG)~y z|Fop6E8QLHPhnfF`p%@I^*u?>{rvpS3*J+&y1AHuQ9@-kDVxxI=hMC_^mBY}=yG37Z&&W>#~hs5zS(+taf?gP0P}pk&o7HXUcW;c7%%jc`P|B! za?*vK%;7`N*O<`!caNoR?ILuohBpgZ{B+Rv#)RWWmVMp`M~2h zv2p?3$cIyrKLJ&{zbQj&SaSHP#fc)jFx!KS3tx6Q$?Q?Ua2%flqDbr|Q^#v?bGsdG zGwdTYvvJwCx)9UBCF8ilU=nG4K;?6+pQtrW*8_jhBKhY%&S`p|k0>)8_XZgslet}O zpXZGxlUkc46(PQju=Gzc=VX+hd_S@A^R*me7+rezHa7rq_GZ8il@$Jn$=CD|^sRp36N9=3gXua1xBIQWwmE6t@8lNywS969w z8Ub@Aq|QW0|Ke~6ejf5`pP26=+4iva<`;uEF+tmnLn(IYmuxg64?V8}@%S=Q;s9zg*aoz2WKSeaVl^Anqge5QAE#g9$`6 zpmbhJ-s&nynp{vEqNb@3$u{A0GTS!+vt(B|T$c=t)P|XTOc4Kkc8;Y*E_2vEWVP|f zo4Ak2LgTp`415?TKPu8`K4mk(t;f+%A}1c%UWOP^5f0LtfY7ej+D4r>amsw!FKjw)2{9UKgvfW7_42T zf}|CNY-{`WANY6~{vEP|8Xzg4TCivwRfWJ5*%CFn)WV=p%i=iH7L(wf5ZlUtNz(TbKrCSgPS?j2Ketn+u z8-HVQeb2Ri;2#V+#IMVji?PZK#bds&9s?Z!bkdW=iXmY%a2FH}Q!`XQ^_%n~U;qHN zC|6ymNC2vF_Qb6BkO2Vcc$j72=5G5k`<`5s6`$cgh}GkD>Ewtu&gukfgddbQ`?u5P z(*3)AY-c&_J8r4)B^Hx?)Zr(2eUdJKt<0M^xfxpyaCxYWgIRmyIR#TtR?pL0wRy!g zk`u?(>8nopeXt{BVN3`9)Q5X>cIUtGwxG+Kw&B+&E@bPXciO67iQZ!-{RU^q5GNGz z)S7ah^2)4lQyL`skabHd?_jRJjG+-BeHlVFbGJTeNBZiGd?mBY&O}#xZ1)&nb12f# zi*u_R$p3deIw0g01JdthPSTA%1TnMoj~syX%Uz(Q&f1-RlbZWFC<81`E?Kge@#KF& zVIzDIYHkBtWaz8jPsa&2FL&J>GA)(`wA#;#@4=(kw7%D^EIwUcnJvcIYny)rsPJKp zND4?<;SQIMGsF{33b+C>`;_<)nG&f_<>9Z5!kC?Lnx10~g(v<6;|9A)3!PTFbG{i* zF@t>22X6K+Uat79ew3#${)y!68n9xH0@X~&;AnVW&{nhxHRWOfj9Kx#ufmik=Nl{| z@C$JIwZn<_Irr<`Q$x_2k~mU}b}B~*`aKzOfC>GK>h!|jj&86*KI;q-yHjE9+te!S z7xf68G&ze@`vjd(=rKY7tZ!>=v7q{nC0Wg>=as7x$Z63PB{y})`vud~>!GC%PLJ(b zJiVlSJx?9{4}Z4jekwYND1&rgiHUc1K3?-i#+I)>$)W=q-+%uVLhZN#tHHJ-LJA5n z^|9`#`cWf-2e1%KSLzncuF%G+$rvouaF_%bN?9_TF72&BON%)THn zSIpiU1`4izF!D}y?k28W&QL$R`P>+=WE>U0@KVWFI+ekB%T}+}#q+s7W{%Yza?*xa}QCmaV z>puI31bgl%#zJhl?za)mZ?AlKQfTH$6j|nNGMC|p?n@mj9!qwD^JyEjp#-VDM%|1S z>%(LoD|B}0{P5|(e zi6xe#3oAs$0ANW)S}jWAQtX4F(~747uQN?+Zc<;-kz7mnOTz%ce>=$Em<5O^CO=M~e)5=HgaS zgh?M^hz5`4;sp~8Xud1w4$a6V3rT%L66&tO+E2hS0b?^oqZkQIT2Ya#zEBiZjTIkb zgZAMBO#F|x`TIfNG7F}RYsekXll2>}zT!ixvYuD1Fihq|ykN@W`0)|@wpyI6FaBBA zI>qL6`U&~^z9PmAGEkJ$0IZX@g(5C1YS=^wvq#H#5$uBuP0|V7wV+m8U zr074lx_Kd)B4ixv2UWdEe&rR$^D}Quyz^ASbhplfZ_PdiEf|nEuxKiqK&! z0G!l;zQYvca6bLM({%+2hb{U7jzln?_WSCr_8&*5?)KBxD5R{a7$*e&u?qEfg>NQ4 zw|pI%zb@EQ2EirV2U+y^QvSyA-NDeJJ+%gx3Q@zA@Gj zPTHKMDl`d96Z9|rxdRFs@8JM^HLISb{^z~J%=MLRr)Kp4!PRj z0omW~?X6hfh*Hq<>bwd3w$BLDNRj2zynOpd=k+*nPl;5{K%nJ4FhcN$?OxEs!8zWv z{;hSrGO|WdFxACFw$gFzs}r0C?b0H3x~`}F0?e3XD%%VGPdQ06ey>7EFT#BCM@I+z znZ{rCKtuAAN7ApNI2MMp|Ko)VY=&+?KRH+P^AqQ=Lht-A6)>?8D`CcBs5S-MNQhia zLh#Lo^%Q~J2_0!q{>X0H!?1kwcGeY`I_z~O56mtFhwVMTVobUpu*^jWM=mf*Y%Z(e zYUyL;wm1mx_2WwYnv>ELXEXT~=mtJ|M}-*&2%(yFijEpV^0(8k-=~ttUA`+l({>iJgpB-Z zm4ic0BkDj1L!0Tfdze>ZJ}zHT`6ITP&{)Py0bl1#vIwEpZH#)@!lc zEblyBAW4QZaP>FQAhyfUd?5v_RD|?QLigd+g;;FWClpihL5sMiXp$hafRfn*1U>N- ztP#m4`liiKMD`@Mh^~A}RF50Ce{%GW5@6ky9iJp>mtO|`k&K|Qecn?YB*~2X?3euU zc+f60Ac5O%!@h1J0}wl2Ck@)&W0f2Qe0MYX8^C({51x``=!05vyVfH`Ou~a%-jMUJ z3y>REBP`r8hZ&N(zU0ZW2WiPKyplOmj$*NX_N&uskORWSTb>-{@OFcGpL=-8N~33c zEJOgCCDeG=J5>6Q6=)avF%Ch*i&&VmXAMs@F`(68W3!=%g=;+fg07yHQIoe9T zC$&b^0xm@+7l=oE7D9>-6!SV{Qmv$)EA$9;co>Otvw~b1=$OaSr3+t}UZ8~F)SjO6m8K@8!# zdk3IQ+vm(T?kH?PX$r>mjgjUm_3vMk_U8KWJ6(8`LkNa7q^gHa9i82-{=VYCDPE29 zehc4St_+8T{An+X-EYs$froq~vJXr`l@DDXo!*ii$}9$pnPkTk+HerK$A}gC1dGEL z%y?#Qn5K!-(c86OBwSljANMxvbTTd!)eOsIw$od8)N0S|Mj&w2{977n6=fkET_vZ1 zDPpz>tcs~-8Q~6*7R#F|-XILp9AA%Tscyy59rZuIH`on}A4C1_p$2{LiI#^iK;#m9 zOdOcJxuxq5m_58jCI&)Ykh*gDWFQBkiFklVU7PXXq7l~~0xW6R&u*Cl>@H{Xh@cvM4!AA9yt1X00AngDY

    v$N=pCa=dvkBF_0HaHgVKN9U2`&ip=Ph6w{$%(hn3UqG~s?) z;^48L=db54`4$%-po)So4t?CJ)+}z;zVH3SvZ>k<@ z-rSGqr8aep>YJ!3TX0-%;}#XjjZb!?-hWb#=I-0n=;vVehUzzSN9{So${NjOZ-4Z} zU|W&({{0KR^^$+*D8ia_<-79qQIx4o`|sKHvulzKm)DWbJ$uHge{zwq!|?VIzrb^D zj2b2oD-v{kFOOi^Hp6MvgqK;`Mj!I0({EH+>&wAwyYFZ z-eYjCS^FJPZ0R}sgK>WMq3iP+p1*ze^x!+j@>i$P!DsB~ryq-U_nON$4i3-o6&Q|t zqTegmH6B&K&J(sjosr*ZMWaJg|Jj^A)Zf20eu*xtP5)`z?`%`-V20Rmu%p5+7@?*-Et^hn{YJa#)XA@X}_~rn@g1i z_Ubk-?yZ^Kkrbg{ST@ud{0TSl6`Aeo+-`J^_1@OWKj!YsW-M=;yg2F3-p*3*_EEdm za?nL{3T)TAEkZjp&n-KwDUMVvy*@YD*<e$eo8A+M&zL$2%^~ zMApa-+@_1>i_3EZFRny+us}Kw9pCTWqvESi8uwzwP460heOtbcB&eQ>-mvJ2%sx<5 z?`8jt^+nOIl<}+;^yNeLZ_s7dcdX*z92fnvRPKzA*)n4aF8<)1AP5Zdc1%X{Zs^1)u^q^zg?Y68L z@%`uSt;PWZq4ZoJYqAoC8tu>nDAG7b?WJzCp!`_ND6J^%x>cpe3 zIlsI0O&OeL9XIgoiJ>m`3U%L)184<=l%+{emh8?c3id61gh^+8$+%xxy?HIS>-oR3 z;tsVUjtv2T;1j_Y|Zx z=rmyWuTHwV1xDwsBX1`C8e4j4R6*qQtBb0X(chNzQx9MkeeH2*ebSnxq_Gs+_2k5! zS>@SJ&bHk+f5_O+v=%3Y-P7+Le%-U=#*N<}U+7!wSp&wOrXLL4-QVEHw_2#8(9fBT zI}-&*@-RwHJK~tFKi+e-KlkNF%kucs<(c8vgSPd4(5t`ZMqXySU1!#Dk8roDylbi7 zM|}(G{RLAS;aMLosI~sGr@qQ-s7}--KU$1DkTob05%%E4_jpOzIzJ<>Tje;M9q&`4 zwvXDj{>OOlz7yj|jsN!jwjB1;?i~*^*xCTj8G39R@`_+0UBZ=~FW9+eh!s zNbSv*vh5@1CNi7yZ~dM-l(lJEeEOHS$9A;y^c}u;t0Qal&21;+B?Hq9>9-Ep@>dY^ zte36`GoN)S+}`_qub-9j`LZFml0wH%PWt#Vzr*L3Wlc`wy5F8q3)T77-c{!Y`{+lo z+uS`HwC=O}+8Y$>cM~#w{?|)4J{4%Ic3)iYxVwIGL3)KPnpVAccjqDMBlmZYX|t(( z)0`h8_D`AV+@d2HzJ8sK)(=zW`qqwJGh#qgHbCC1JOA74`Az&A&Q9q+{YT{+$qVId z-sk~Q+UiqTeLo#cue><@$gjCGH&v8w#1%e1S>|cg zOum^BzhtI&%%>GZuc{as%sTpf@qY4}Gm?$NP@6^^*gI-(;MSmWRpXzNDSL?p5Z_Kx@RiB!(LNuxz#T!{LTF%%0(x-4FA>n(w_2zLH|J1 zy~AVowd$u59iP(R13i6a>%KkqxyrAYn^77s@2}Z?DR`>)w5|TWsO6-UOGXR`$_8Y8 z%3b)b<(Zv%!S3Rj^T+E3jjL`qBe!eLh2Zs%4b}-3jBoL-uoP|g2>Fv4sBYV&;pKCQ zGva?sPIf5*P{4}Ar%Mj=bgJAEM3;~T+Xj1eNG>rx9{;w(W)OM zm(8CWj@*@2@k9M$kazoy*FA5y?R=*4MMdwDs`u&k&-4B^=v`F}_V0=BGH5?@F@8rv z5hia_Ou}Q_U%$H^M z~StPvt3%C<#u~n^2_bz&fB=`E|RtL8BK=2{A*P7 z!@7CJjR>bto<5N@{t)fTI{(meL*r`Yj(fw}6Kp4Bwt?g4AHwCvZWS1>?9@`DU*E6e zcxSiA1(taqot%-ox^Nq+>i)_C#)J-^I?tXK4^S%uhX}n!?DMDwf*V5{tINARaYy&%?4J@xQa!X zo~55UD2)#$pl&yn>{x=`lAzq4#;HBMbWWFnT?7>mUlaawI*So!cjOsIRI=Nzdx4>{aK7zTV!6 zq-lJ5>5iT2an*|sON_W^<;OnfR4ayWqBDD!ZQQf{{<53f_DuQNanByvv ze|8^!O!uqXp_`?R;vS48Y`1lK9-i}p+gj`|Kmn@320XR9WhYT@aP+PeT9nlk>|#~Ix@3u(uvHQI1} zSY{&qn;>!BmmxR$ENQc~c=nHxtr~P0GAS+cd(^%3$d0mlvRa$(FE9G_{SC9cdE?&O z^Yy2$?m2z4Ya`tu_r*8wpPuiVd&~2%=$-Os#i?evKABBU@h&n;%Bt=aCN^l<{f0Nb zZjR~hc%Zw*T<<{jHW?-&QTdmd;bu zt$zJd+2_3W$k&e_>g7y1spG#}Q@AfFH0k8~>%Y64H>D`=P7jS96z%t}MbCMuzkf%K z&T%($+xNaF*Mx4wbS2;K7yY%db|HUg)FXVhj@K666=&9N z-!in3(dX0ZtKpCR#$459yvvZUDBzA*6|WnyMekNV&${{z(jDz%c;3J7sm|P^`r^p% zU&~tH9mIF=gJ zfPbZFsOyIa<0`UO6)QR-X-CWIt#kf1#S{J~|K|=@w9*$|e#fZS9C9c%x^4Lx9wUunYs^V?P;xyw$qs=EGhP~uasO|9_XJuJ#BANN;z;qO-Z>g7W}FaP%!kI1Q! zShAhicht3>%C;3n# z)`U+yXuq$pjEf3Yw+p=aCCw}!`|IY|f1kdG4jCuq($*=JEsJjs?%6>%qNL}#v7zOM zLt|@gnKLT;Sz_hEpG0Dfe?r!>1h_`a4!k|H9FEn0d%9!ri{+id`J<{|UscAcy}z%; z%wt|lh-)y5jZ6MHoX$v6cvZ`n$tPCF7oO$iuQ*12uw_Tl`;7B9Crxhhvim<7yNTJ| zhoPFXZ#!OMkW5&sdywFIb$-{y{C~2h`&&S6w(t3AZ9h-dy_!1jLc(`A)eqW#roU^= zvaWE1v!icskAf>5sw8>hR>gln{omd&6LQ-BoL~!2JNW7aiyFRpRloS=z-PEuI)~&*-=(SH7S|NF4<7z30w4JD=`XpT!p#D+ahb3^>KD zC4ebItVm;I1=aia3VJhAe=#p{j^p0WlES~vU!HrkZHq5^B34q`n2T+19KQp}{H;*% z*qhgCN24~iz?D9BhEqNTzLVc$X88{tjP$+v_#a=y?#8YA%pceKZSsPIw-<;0W<9^O z%30a0_-2n0hZfc;T3Dm_%dEJ9NhxrT{Av+9R8|gC2RHPsbbEuF-AW3>Z}J$k+n-*? zUGVs3zP=XeTwebrd-!#u<=;NNObS+Bn~Swx>AE9WQg{8&4roKh-NLZ2WOkzi{ImCt zq^F!+kg~w{e{I}pfXsEjsDI0zg1~|Ci^IKOAr*Kl80>jHW?vt- zE`IpznQiAzpw<^4+`#Iu;|}{HKD80|_phIy?w_8UG|zT@GyD8vobl31GFo@C{*1OM%Ngx< znJ*?!uGcINXTQOET$;1acs8$nZ(K^s=%V?_BM+8NYto@RBQyTWdVYsZ@-2CdJK%Yv z4#$#e|CM%|^yN|UtSg72e)R$0x~}hMj{W@R{*JiHA>+QW4hCL4KDP*iwq5IWdMRmF zzmW%JpR3AWmMx9`ZrXWJuML7_bL+=-vkZnT{{qNZJzv;maIDpspBo*oZsw!Yf2BpM ztCk_j=&uhkr&|oY`YsRl_0O;GY#7IQ9RI5F`j(z8d+;s|xPK_R=ELM7sXtZkks-tL^tCM+SzgN>5C0_URxjr(w6X}!F9DsRP*k%ARNw$+*} zyVHZec%y|}+4XMrGq_i_l#*vAY)k+3b;HarxA)kSl-o!AdRp5_xp}$Sh%$&T)cLxp zhsJ$Z)NS{E@@{>`gY6>=>%1tc+o+A~)-Ba+L1i+)zScirKKEG+Q03vTD@ zrxy()j{mX${oXyJA0D6jfja3~iu3mFZ}00mA57(*ncq9uI6m=dy_8{Z9go^)9+qwp z%K0g&v;J(kN$EWAvY~jzZ)U(G^YV0zd-z?T-^sUph*0fse6Gtje&DmkkO^1X_?ukLs z_Zc}ehZh*wx&2v<42{-7#NTIE^UiCA6@fk4+AY(P(D3%Gc+_e}(&fLpEzc&=1aYX6 z0TNcy>IJM-^u6^?Hn?ot-2hec&6+VUiW07yCUf83%}$|WTeoOBai8or7>F&CX1se^ znnOJ`2cM9i_oaAd>$5vLtlxBPf3y3wmG%2Htn4k@n0=vUw@ul`t&^vHArFfyuG^u0 z>bIJt>8ZLy8S5w2-ahrqBMog{!qSbkuQY2{as<`0q*1-nH%m!=q#7~)!*p5XT+1Tm zDoWi=s{GY^>&{@-4A&==jIkf#l_@6I>-Ib{YWbk(>Xf0)Kb=~-avbeP!tY+$rp!(L zXBQq-R3yT}%Xxlz&C5@bzxLHwr~exZ&<@q~w6N1&dab=sD8F+dGfaef`^|}|>RfJ| zXLsp`jhP1y%Q`;wBS)VZSsV);coECq+ z(dvsuMMdLBPm54f6CSZ@GbT1ChuS2M*q9@u#V2gZPN0z!hGkPeOtSPkxf6DXKHi$G z{itb{c1ySkbvqQy&e*>0+p!us*Xgs`Z0fGqF>2)07Gf{=NAsFE&M;lt^GgX|A5QP` zaqc3F**5>80JSC=wDf7~T3b zA~EX3$Bo`P2RA!Dv2w;n^kcmH-XTp-T9X$?*5{1adX+AV&mnIuq)(i0D$OQeU3@1B<%m8Vxc1;yyB4X5 zV|K(R2IJ$%G*6RTQ#OwI+2ck$bz}3^j6T~EN^Tan*G&#?Vx<>P<7ZTE*X-fcjel`T zHOsN~H6<&@*XS#y6YG0%HJ=OV9IPhud5_i8hW`GsYi9e$@sqMX9se?b*31c;ri|Xg zJ~zRy8r{fyLNkJ9sNGV3_1B^|9A^gVn|;&x-BW`{Fs5_aZ;HMPzSll|@>BfiVLx~m z%Zh<8_e{faKVcWc<=$?tcNnJ5_inud-?e#t;|h9>QN4yu>EEE&mxt?W;ZN1-`Ia*D zT|w=3O;faxSWFzg&vpIW#0e+kUtLb`S9e%?bM17jH1q3aR;}$w zSa|zG#k<36;>Z4IHTHFl+AY;vnJ50j-R%C?kq3$ATp(v9B=l;|+*(cRgSwHB*f6tx(v=18f@$eDwyOK2 zWXnpMG#sCtaHn~ftF=%k+bdX|8r~*%$`GuMx85sRtV(OrE$gFp&9J$*_d2)yoG?Po zS%-h!rQ5crar(8MM4NTfcv|oLU-8x2AI&AS;)H^{FN=m6Sk#h*`O7E2ChmeMi1z{wt#kelt-|4ez>2t8{-rxI@ct#ui#y7(JToH9jUk=n{ocg(%? zAMcpyAL>oL zO+H|px3RM`*L1z!A;r_&h%acm_3N>xq>>w=N4V|}h~QqI$~W*s5K7;vIeXv!x)YDm z+8pVq-yqeOcl|YsRWGYkzN}Y?3-$Wd+Pa7r5p8|*N5f4;C4ytkTWxjIWgnKfi}Fi5 zULH*I$Gw|!>0xL6yxwWeF3U3dXEmTSOvYy(|0d?vjpJ_JK<`wdsaV;g<3Ls7>KSXs z?R;6Vr+9bz#B%+n@mpun3oTaz`u^99{f9bc8aG{x)U0v21SNSe>2r2LXVtMmkBl{* zHmPn`x0*5}U)^TNvr9v-%|1YGkIg!9e6jwjZbq}!<;~?=_4x8(XP1v(bZ_#rdKc?| z%XmKE+Y~c;=d)(jiT)a8tA~E>_>hU(`?=?|vYZL}`Wxd1uJ3b$QtNY^s-R%UIKunn z79MS_i8K0LY5tB&k`To^hcrFXQD+{Gtf%Ai&Tp^Fe!x9REIkvg*&xyj?(yk@e$$^6 z)G7MbY{xOxzW`tzIY-;)(7V@sag9}easbgmq@qI4u{+Uik=Q+F#u&ognXn&iTR&^r zry4N#%@)#{POQT^`l)`Mq!QKiX=`}RaieyQnOJqQy{f_HA!Uh2JLeqz4gSMdZ1#lL z;N$JZRCMb8HVJ+kO_@_Y7eG=I>LQ1X*PdQJxUfn!Gb2BLVzc6fbLJsHl(CiPd?Svr zAq-d=P!k%Y2_QeR;SZQ*(!^n7AZaw*^Q%{AG_K*}_`)JhpUn7rC%WgKX%10bQ`EJI z_$lX0&xP;q-C(}?sa*%*qRt--!oi1ndf>Q+By?|H00)t9cFDG!8Vw>1kY&Tn8c~#X ztIG_;hF7g?rB8_tJLFi{N*}kBoVnsVxZ^i*--&tkneh*ACfXa}Kb`P$o}9_OI{eY8 zIVq}=iMuAh?tfF>iom>Mcw1K}T?k=1e2>WmN0*S(hz+<6ctZR$9D zxM!>Q{o~Vh2R^JIu1jgHr!DmcT6~-IVO9TJh*m1UUTS_TrPIF4e`T#Wjtcjdtlb&< z;!5vSeDn2&?AjhAGeTIB8d?CCY;b*|#?Wcxim@U?%HXLJ3TM7s!<@60yCAuJC;qYl zdp^Fn%Dl3U+Y^GN%e@@yIJtqDo@-z(?#N;U*WHcc^WfHUiqgKW1%E!4m7kD-xW;pn zxRvY2LSjB=pZh*%lVqI%cKQ~HjLaHurZ>;)KU{H9T(SoOD+Re^NL@?M^j|;Fo(D%S zUQm|o`TqI!)uI&5Zr1mE2mEIB;n<$eab>Hh^)@NCEzUZ&_#4D%N#N)&fa7}U`bMnX zKDcy1kTW$1G27h!!}0muOEMPL3ycHvzPk%}d-GcNRg^-cWPE*l&*JT~>jx*+s$1t- zpNg&304w1_sdpVr=b3gDM{&f@O^p!bv|m?pIEgbq8ywYHJ9g|C{;QWbv)p(4rj>vI zsVYwE%OKDnv0%a)`VF{5$)wNcS~l3fCcXlDc2eC&wzYeLFK-l#t#(bkc5lCz3c+EI zw#g&1bNebQ1LR@;Cufqt@6Oq6y~;V2)hWsU^c<2C=M$#wZm$~z5hr_Y_Zg!(A0V(w zvR+x+{`%}T{WTM+tDj${N_W1i*P`j=62a%2J8C%RbRY;u9U0%h1K#nr`pYW_uFfn- zNdb>C_wE6|ePBk{>dNcfsqMaZyn7^l^rd?C%7MPe8CC0>^`4gb?A#)$WF2SSlKNFQ z^QqtK#ZBG1gqeA2PM00LS_g|p9~lpcQk8KED&c1bv9&(2WMh8%miUn_lhDem*FWk}W{`uS!Ua$*aT z{^fWjH_GbtfmN%jS4qYs%CEQgp(4yt{wuVuv~LwZQA z++IN4CIFtV#0{v6K2O~ji(-`02j%&38bm&k*C+;lhfz{Dno){tA{gsfr|6k%-XMT9 z#+}Wgs*1rkpyv~Kcec#w=YyzkM^eMau1uexrz|`#S^*fjP+B#(jR6@4K6N$&kg=Wz zODVE6Z^KpZ)n=*^`70%Om>1M&yzyR1cvL}bvb_SURbMI;IUq;B>!88Lg40SnJhN3}IoIa?|n6i&>^K$7Mx>^^yRdqHZu#Y%lv#F-3Els8hD~ zVOqp4C{BfzXlzClIrVFb6e|TSy8fm?R=VQ8|2ah3E-Yc=G=Zmvb_m@Yk`r*HC(0wQ z@VYA&deuGwxjm)m23dF*@Ye;KbBCjl^VjxC@FTcKrye5b7Y1<4vWoEos?k?^|Ecs= zs^=%*F|6~^=Jxqe7X5Ie1&zO+NWL*_7ByOlM=X00!j(jHBBO_&b>BwTnCELDc=?Cl z+>C(GnZHHu!CEeI%~2J44Rczks$@^_pieOph;+!=dZJM@!fcZqK@QE9Txi`vJ2k&T zbJVD1X|1BIcyxxm0>f7$L}SskWKzS^tOs{1lxpaPOd9WfBYQ>~P&ya}rl+cT$`GaI zIWE!;Y23{<1G!JcjRo7GT-@iyQhU!sgPE~9F?!={PP>0_Vl^i>w^mp-54aH=z$!#3 z^X0bb9!KDDD*Of2H|;N>kh}X>#T|-+%;57`fhJ1{eo%XZ z;b>%k(<_qoZ|LXA+e!?)26c&`k}%p(N~AK+1m$y7k@+uJvz1R>WtBgTpJGPgSIvwF zP#eXRl?-a3qTHM3gZn>y`vAbAbmQnmYghO!x>7>oRi6VI7;S7=6jFluP`OyK1$FSs zt{t+_dFI$9KHNTZJO8z7RF#CkZRH><=^iF>4QBHG6F$jJDN{+_d?p3!4LxHj<#>5^ zcv*=5^&#T6McxVc^XTzzEhrLJ2YPf(P{Z$JZ~m$zY`Z-qG5|*xYLH4%cF}p{he7gm z8(KizYY;j4y3_o8w>``-;lA3iZ!CG#=sKv^Umqz$n`kzis`wz};1zU4@GuL+xUJp# zcOTov8~p1J3A_PxG3fLcfz?AtN$eFxA zYUTso1qc64N@jFDi9poR-}oDvQNn+8JyD42nJWIIDF&-3KMyMqtUR-&j7g9HtfLlea@Eln7xI)&4U)XlaTTt?S`?bX_oMSiXtUV zoKLx5ti8q`)sstN*4Zx>3E#i(A|d1W!LX7zy!XAO83Uz;|C4 z9doVT;(bf9S#|tkRteh}WKNq&BLlLSqp`u!+= z{14m*8DUoEES3JzefX`NR@LNQLbA2t+63--D<u3P#tS((=jRSOhMzcrsdMpjl_Ax7!^bZWo<(Nm}if0u2=I_=nHn z)_EM(9^RrH0q2OQ>V3j1@kbFe_Ck7_T;Mva00HDX_Im08trI1JUrzsUibZK@G|6u7 z&!L?`)vgcuUuA3!=11{&IOA1|OQk(NsAs$Zyv!n^O%@l-r!)V}mxmZ`$21)5nO}2= zoTv~x+3wNVIC5b(I>ao*K2Z$#+E6-;F$_q#zZB=ggkezCdz^9-j1g<1f~jEK>{t~bqd8h%TbbVi->;*f z$IvGCf?$BexYB&H?I+VQ(XB%|N&+wwd;+H5ZrA|yy)!D~CIMhHQq^yP#rX;h@@;Cpv5jtU@!67J>FL15 ztCD$Lp4BSEFdE6dCFTXX>evtJIVymWS_GQpJ;0Bwwy->kSk&};Y4s)sjOEEh^-J=< z9$;jg03@+rWKNRf zyZ>7Q)nwl$Zb*(Ni%q)V<8Isio27Gcxhw-HqjR7W4>Fjs##u<=<~Wam?#H4x{ZYh~ zz5+R$%84F3C%RnJX_E}x>st!`C|VZ%nK}mpBhS7+Mqn6bh3Dvb@k1zsG`MwoOD=Ec zYju;y_p?W`swHbRM?v8E=~fb~^YJ*djegvs<#Vy$m14RJ)eQ0#!p(=v)wlxyMe}uW zwCXuneA!RF3EB2pSFsPe%_9J;uruSj$Vy6&lim25E$d}}T>Bh*iqGMOW?1k|fsF$^ z>{yFAJ=evtG6@0ut{dTGEMd`+=9^?Ay|Tb`P)~=Y5LKlr?D2ki%G@(Us`DVld=nB~ z3M8WQ6hS@+v}!W_WPxpxiUQECnBoRKicIOLT43++L{mmoQ8jwuV|aZWLhvISqs1&B z(O;hWV+!3oOVUIc1w>EClfR)$T5-#O#^7&v<|g-y@|7tO zJE@M*@i_E=5ZlzvF6|cq3u@ZSd*mlrm+21UbRR#pL+m0qgi2u`*f~pafcdY-3IYSs zz4?U@JkI<&o6Pw2^q9w4EnLSPX}+mF;xJ;$i5B_&r-S(ZJP&+eu9$A5h(R)?bl@wV z^#k``x4=o$J))Cw=rPnVn2Zi-aMJU7@9#$7q^XwU40)g0#lSvY?fsp09QS*6Tp%4O zhM#2V!S(7g%Ft~+e>+llFt@5xWG75 za&CFD{M~7}Cb$YAW|;cb;OHIzxFnXj*ZXR*hn{HS=%gkdlV(F;oM8X`{q5(5 z=);Y1)%DS0OvUqJjzW_f)O|{Tvx9=2BpGZ1s(Ff0o687?9EMf|NbIUzSDvOxc$Rm( z+{%L4b^f+C2B35jApBHnZGYxFOxFom4bV@v1hnKoNfY?Nr-3TVf*UJ=-4yH|sU#tS zU=s)~REHC%lU3ZqQlj{K7cTAf_nlU`p&sBt9jM!Ynq3vt)k~nnA!mO||8b)$OX9QJ z>JQnak)J)FW-I`x9#<#KxG@$}_$Hfn&A=Hxvv}#UppOPpYF!ttjjaYUHpZVso6S*FWxxW9b+l*Xj5OQee&cS7w$sj3IPl?_tO`3{8Fw^uqRAs-T1~P>Nxk zs*}1D$kuaZ{Nl1iP|1)_nsK+1QTlbg;wB(EizMOKs~ezh#Lm2Jw?ZiQ;9pjC;O2z+ z!0-ok*#2^V0$2@z)K<$6xV~}$m~B)^@Nstn`=wXV2-xnIzyQ*Aqnp4NFiJXPfz`yt zNvJ8s(7hS= zh_N3omhdoExd><$CZ83u8+$TVZuD`eU%%ECIC4CN%V>r{Amf{?Gz$iaJYERl+*=N( z={hxHda--T1)%5|#-l0MDvoDvYniUG$QD5iIo$zo9%O9r4f*ML;P&f?ylGdx#azB-5-|v`c=2 znb_>jGYkuy?)cTT6+6lP!1r+dXZ(FNT8z%@VdXty^iX^2yag3E!S$DJs?RapbpF)BYp$*so;@!2gTeFmVz>=IFb}9_b$mL%K1lM@J2+7Ok>I~yX42)`y%DOo)|%Sq!>sF z9o7Z>Yru2I^app=vP2xxG4y=%)tTLw*QeD4oCVmF1KUZC|V*mtyQ$fClE-ru7-?PLlVE&3Rz;?VH& z?)X9sv8IEd z$X!4V3OyhsCN*CuAgreR`{pKnlodId5njVCGnRQHP@nt3gWsf(>$XH$jSmZ=e4j)@ z(NtVoKR9ICr2(KO>;D>T`3miXAVQ{)iW7?nlRe(xqt%n9Psc`?JepGvQlgbcpLg z!927x*EFJv_OLDaV^pT*dFdIV9JiQ(N9JI=-?~LNTr6jnR=1JZe>^oBdy}sa5}9Z_ z{1r&2SKJdThtFpAia>Gf)Y^@++Kv{{+Q=UeYe*w;HA92R5lG=&KP1EegUmpS zVxRA0?+RZxe1XVYKsz~NVO_HT&t05$YWZ0q`4ZPpcQXnSV~Zr!a8e?H&&Q&gPTpHS9CN`Zz@@Myo$o`4;bNk-L*g z^FzkjFKp^evm+1EiRf99*IWFSa-RT`REEOHgorgMeHNQ+pgI|?!~V~ zLj@imr2jmh*J-M-iqee#V1di2bvi<4p~DLZiv_X5O`DOP2($03j(w?Dh1~pbG^|b+ z@s>#2P!IKerLTBne`>r4`fGhGNtrCze{vz*e5OesU)<9x=Vcz{$H`|N<%T>)_xqDL z;O5un-#t0hm(#${ zUw-*0NLlU%+2k~k$Ed&+$aBL|UMgEE9#CyaKow&xk-87fXMmtG||k#HD5Wd#_2>tfs#yaggg}j5*MSq%2?+a!tUTA8gmqfC-4{4K9EQ4%8|lw zNTFfvPy&?CUq1y+&&`SVoIjOw6kigxL&!7~;>o0x^gcUgRr{U%H3NE2JdP_N>mLs* zIwSG&jaXdn!0QT36y3&6&3nFUO00gi2@?8K5IPi)uPvY5+B+;6LO|7{j=Grv%U8&V zglBWI*b>2sDej|8YNp~L3p7A(l<6@|ifA;%+oTa;Vi913!0XQQP@*6cpOE|Zvjal5 zP!_qOJgZ5?hRDW_7uX*pXCL|?M0*kQ74ZcdV^Gm7*RaDlVM|j5^zUXj7PJ8sKn##I zpZ)w;G&CF19gtX+mHs%6tG2)}PefD3lXkb;M1df&f{*({OcKWsq9pK-57K^!mPo6R zZdr|8b@12tfzpMXSitCwEfUQJnZ|4GZ)ebb-iQmH-2^`v#*Vo0Qtj@6W#5@PIny&Z zHNr61M3Rgxr~VMhLo1;R40N#IyAH9!%?XPKK}MRN{M5y(d^3)0PD9_4-?tY_o2`hv z!rok8i={-wxiCodlw?Uq@6(|eoZbV6S=lbhG9V5h;F zkytYQ#3hB}1M?kc#zu>T&FMt#w(M0 zTLM2VU5BGGm)lBhrGofEq>` z=TH28y21TpGly=SeVR)f;q81=`L5kRH;UVIKcm#zQFt67#N+Z4WZsIl@Ua8)J9S5d z?)rbsiW&I%c@?jRnEGy_GXM|g$H&uub2zRn4OU6O2SsSV-W< zNO&$w3vU+p?a!qNg13)XQw0}$K4>I?#;O|)b8BA*l}mAQ#sq&390d!liE84GgB!ko z^~?OPS5v@r^=Y;FIt1gWB`AY7BC(zHBn@ocH_KY`L4tE)dDq;wR3{8lks+wPOy9t2 z;&)lATN3c?qE-`T#g*oJP@)ihSDtaEnG<+rEA>$D^5#RXuB~3`#kF8xfwj+h^ROia4PZ4CY z#?tnw?J#|zE?1P15ekl8#U<$almc^aH2WT+A?s++)X;%f%^p$Z%_Z#r@~akCZkz$0 zb1yVUlNgFVb~H|aIR804AF>m4DQSNitJ~rA?Tvf<(aOx;_7+`nJYP_=*mRXkT)7%! zqgTSLr_VK?_v;;!F9913nNl@6VZeXda@ASeJKXr{MOxKyCJ#jTVRPhNqjmT5L~`+Z z8=_06f@KEm%h#b0^+{*BKlh1Wdrr)sZQ^bF80n#)_OW*r7M|U+iern7l(CMBKtp9 zw#IAt9Bmfs@h;8EXl_Gs52 z5wcJcE^}1W;NQIwp`o-1OQO>k05EdXK`1WK)x^nPFIh=S~U3p9$n^EOk zQpd?$3=_tky)@mWktjX(n{l>I_IU!KPBE{{%fCZ4=KI4n*Bp-%nG13tqP(e(wtv;H z?^ORKYe{M_I`3Uiqp;koL*)E4<3h(ixo8tN|4H0LZ2o#>oelK2YPg!#yd-r~c!@fT ztJVen-;5531El34b&1x9`d?`GcY~iJCLs%~PnZkVg(>U@f?d3(6={Bz$NjP^m0x%6 zgyp~##|Vp;XX+R(%;|Kiv{6R53aLNd7g%IVrpq}RH_D>m%d@q;J;i{NbFlqFo?Rt6 zH)kNhNZ7B@P|{g9#aws)be(H3KJWZ@53o}IDT3xJE1@77c`0L*3P`BM#Jin}mMcvg zp}B+`CceO@*B(K&@rmo^SEfm>30Yd)Aszam;MM%y+Q75hyJ4@Ho5ma8F_CKJubP|S zAbHP#M-$yte|sxeZRBcUpQ7{`^;n0wD{sCbT_=<5EGnu2)$olPg%Tb>kCSOA(bY2v zpqg>Dc@BFoq@Od6)dl;TH;LsBHC6=m2TSc!jfy#3HcJgw);c^xm9ceffFj_6?3E?F z+4nL+hgz0Sb|73noVSC-KzL5qxd2qlN*b~2wm!E_? ze;^2DRU6Cn-$Wm=8bLAC7E`R})T*A!U`|={KnLl;*^QR{> zKDy+r*BW_$3{v`bBT2ukBLUtSJ5{d$af^IBfT7=Kn0#gor5mi8;9 z3;yEr9um-uo=|>&R3nTwVt*1FbKQa#tE9AD@IGuu!p9C@^rq^{WW{wqUYEHx zZ;cz|xjh25bt>Kzk}sraWZKx5YCMhOOHh3Jiicd}NG=2i*W@iF`^A+~nrLp$Hu<#8 zh5c^#^~XYn=xMiS0> z>1AGO<{HjQpjxFENC)veuFYLYIjdGGnD#rW!H zZt95Llr0s9K3)%kj_8ldK?=6!rX4h$!p=JD*ZoLmMd#4_4wl~=*V3`xu%x0r?767b z88Jp%<(TyXY{^bYj-P|#6QXCRDnTLX9JHs+`>%_6rYUCw3oFX2m1dR}8MhjOrKDkh z%_~<9I^voAUU~x{4%6J@lf$!0iGYb$zYhe5(+72Qu3n$UH*26;LKs2Mr~lB2G6w8e zpVytKLkD6X0#!^8St5dk9P+*BIAfAM3hEAJ z<2T&ZQBkLDgGB{{T)xYr7mPd=-&XE=Y>M)p(E9+FrN6Q1DN^Gv&H4NoQTSbn^0`Qn z1wd~$Kgb;{fALl{9Da2jDqN-;K&Oejq3YaDd4=OCYk(C+B=LfdE*aO8iC$YqZ!R+@4*a$Ij+Mi!DF|Pz!#2p7g}{eH>9fhkbYg)oS_ zC^TPR`F?cjwfIQ@r6 zc(g`ac`q=)ct*^N>7)7w<%od=VPF8D^gr{;?0EqMpURynZtvin51Agh?#~e2h zh^VUlgvNxQnK0nQbQIKPoYVk6I|3-+|56baaG>dG!oa_AwN7)!0v28G;s$AjZMy*c za`41d!PNQb&i{}EQd7mii=EDYrKU{3c6i@a?O6QV)$Jm?={kog z;;U#pPEep4WVS}ih<&I78ZRGuiUFbRAMb-P+PMN}pq-E92|#+ zh5%&=0kCtqPqg5`O-2#>)Xm9H?B9^iK;dz~V|nle+^{CV4$J8NyiK`HYLXcv`D*@Q z_+8%gmd-m?>whFI6r6_Mo*(aQXgo!(7OLkM0|!oi=ff7o)xqiT)`AV+8>p5$}U6a1Ltuce+$6Yhd57tU0$jY=)(9l>>1$7CJ zO%Bo{z#VMlXccQd2Ee8T5ON7v_E3rgKTf8!pZ-*h4NI&;B2X5UK){R1I>dl}BA!Q2 zpjhuy;cTP_PdI!LREb)4NO}wU;-4~?2MH=nIIn=YYVYjO4#NnvRHYR%lh6n#(7cnW zr(OU^VRJK2AZxHZ;KM8~PIkF^y<|<1@Q{(=`WNMf#dGparqQQ2dc|Frl`$-l<)e+U zGGQOWFKF+6QmdNDdS}F?6X0l;0D2cxsA;e+V@wZO0xU!iML;s25f@U-z{l|~GmZet z2czS*nQi%jK7;HK07$!~gN`$zn&}pYJxm z^J2Mplr$5#H{_WWkne_m`5dm>Sdfz6CKDLL7Im1?vMdE84aOfB6(KhYgl>F9v_j8l zgm_~|>BU{FeF1AYj>pq{3qAmpegsSy@o9~kf&%x8(pC1E6UN++q}DZbi4ac!8oqx0 z8Z;%~CYSPY1NV!%*z1Me1vrW0!A%%8@TlYt*(mcf{{c$EpHUBnRsd7i11L7_mr>?? zXy4=Q!vw3pt%SEdrfcq=+=ik*p0QkNU9*uSLmi4DtRmw)8hpcqWB+?UjgmThA zze$DYqd5x}@H=zEO8EvH5T-ZRuYuU}qW^<8m;1v(BID$Fwj0?Djam=&fH*qh9FQ&y zmwB|NVAx1o`xKSGVFWQ!PEUW?D1c$JA~fGz-2?P&boub_L+5?ow=9;SBBXzT*yWeP z`j7YWnx&vAJC@?&SR>FGE57#g6BfR^kx1tJD3N-+Gn}GxZYfNX**tue2Zw0rITFs? zK*~Wmir=bOvIP{eOY^P4{)hAW3XX9v9JtWPy`$Bk?;vAUrW3)rLx+M2&uF$!c+mu+ zW0{G=!`kKU_Y-O+gT=XaZ0QPDG{P7RcUatMG#tCQS*H#0)W#t|N2=C|yY?sxB13Q$ zo#>*l5!YjHOe(GvLJuPgBW5U>Qk|hvm^E zDFUha1_xiL1EQf#smwA~#;i?K9q!&8`wK|&tRre|yaD4}&V<%CFFnr!8!+{76gL;I?(zU5OIeay~(^IHS6y{ z?szD}0ViJlA}gUt&=mI|s>Uw=FCxoZnKHsz`PoZ4*7+bnB{PZ@I|{J^QN(?q-VjSJ z4abo*LRGz>ic?YW@Asq@X`dja?}BTlLEU5Fr8#AQhA$@yyNCG2KWq^tWU{ap1YzkR zgobgvXHW=-)*%Pd8OJS<@byO#B4g6>E};Ka0l7DzOPgTeapEeC)m2Cx3Io#A+=%|B z*oLU{s%`3c+sCM?Tab-1=1_UZb%Bf5-T*!-0j8la1x1l&< zHI(&J`OOaIbXibcyko!9ccxG~i0@^?FkTx>$l zN3wHq`cX$uRG*onjB=_BgmcT02f6pwQ9jUX@O|BBdmBS!^_wU%wobxZc=y*sz0%9q z(7iYCIL1^LEZ>l|c3v=RI(>xDU5YXY8b{yrz46rxA@!+XWqGML|nVcCJdd-H*%0Qj59|i8Y{et+IQV5L5ao%Vxkknoy4EO@&Vw;*uYxwB#p)YaR<~< z5ZNngxMB?rXKTyV*+)mm4ms>{1u&E0~lbhI!cGQS>hnX7cx!h`$K-EZgEc7 zhyy_E%CTctMa-k?0`<~&-E&b&jH?9rh_6c8eRcpPyPnonuKQ|JE0loh;Pu)(ABfcV z`_6!w;UDcBP=&&oh`@y_VH{LSyFdr+gBFPPsy?=6qc5hE@qdkBS}X=K^#;|@r!5Q; z9*H0YR*j(K+}tqapRq*lg2;IYVWpoAaSe5r7B(i<_2qfN@78agM7jW^2&%wWAKauD z;ath`^5(zyPs)#x8r}Klq*Aa!zovZ~YKe~Dv7xze4W1gsu~L-WAuZLL6q z9rfVVOrpjeI9S}U9*hgw3W{-L0BMh{@MqBQpa=MP7C}1gaAb^$=H04HqCn*A?B!0$zUnkZE=S{hRpleCo-ZbhEXCQY2gjHzWl6Js;l91 zu=?IgZyfXkFyT5mJF}I#dFxIr@bItB@jBnJZ~j5Nd;@m(8OcBcF=#yjR{k!2>jTWJ zV?>i3;88Go{boXn{1pW@6pALT2I(tC0aXBu9>77U-Q@`UI|r}L@kYQc=D+&g7B6V^ zl#0EJ)4~bZXD~+bpv3-ExcsX^c)J&nWayKGNC30YFfhSS0_Qo<-8_nBlHmioDxIK5 zMqqYyG(tw-GvEmh$cL3W%rzTzTwGnAb9u*_8J+{ZkqQv&2$y{UIuC!r2uf=_CLDTm zqSFv-=CXRjFD_hjt1P)Kq`sp>r*C7^3mNFl8*P7bC7CLi4Sg1InCb%aw+Qy97p|D* z4}Iyvs-g6-+kb~|yv`7^VV0Jbj_20lW4L`5nL>>8$|JH{=^$MI?F=~N`#Qjeg|Ywi zcmoCK7210NO=L;f+Bx$M_OnF$IVYNs81I2Gt0^()A$cEUDSWD0z;=u}VR-KZXi~jpy&8vcp?mzGXIX_-VK7>ia;|Zwe3fl;WWZfvpOn|W_ zOnKzds0a{K(5eBqeWO2#CQ2rj3n@&Xzz>8{T)M!Itbe-o8FX(10-5|=N*2XCN%y-9 z+mU42fzYS*ch`DWNd^?d3_&)w!Xp39naP3ym&`<&DYvo^7yB1b`bW_o@64Hm(%N)z z0K54R9zSz6SnnFUUtj%xW0L=~s1w97AF`iert;BI)C6O%`0j6;T zPYNQ7+BH$wzCPcP@v91=rb=Z}rHB5;>Ze}5J7h5$1piIb+M5J={sLPp98;QOKC_r+ z*+ifE;PDUtQs8mI%MHI&&)wIKO$HMiAW{$HTD?H)CDd>NbU;bQhJ-^PhuI^*m#2~O zZ&aisbIyL?UZRq(@rtO~QGp9u!2t$VW7q#^Gfjn(6(R?GC0*7)RVUmK!I5th^eV%t z5|~bao@u1UCLbpcl3@$=A)1swk5$|^N5XUGA>1k;yJUTm%75mG>ehEGx(OpkNk3$6 zC8CFRAz2r8ARC~>zigkFI)lSV5u=2y;O(-&{d*aP0~cXnH-380#RR13O=zSTi#DS< zikeZ`Oi4C`G0wb^qpBVLqEr`afLe1L{<1NU-xzhT2S^jI28rwb6Cpq!AlX3ki2_cO z|7rm?$w$6DjSZZpcoha=!KG=d_rLU6dMjLnRA$Bwchg5wT!D)Zp%4hgvj>Jlt=wn# z26dlD6gdDLAWrdDU7ZL#3qWTJyAbS#u>SU^1U3F;J#jor=L>OJ@CrpiKO#Q~xM?x@05iEH2_Ov72qU#gfM3)*h z>a0q?YltIc0vvHe)>oij)*g)`3%qj!7##wHoNxRaFiaUhOmxrmq5?X~d7Mlr8hK#; z8PvASt+8xKB28bYFsZqM1es-fbQ`H^7nkM-ol@QR84hMdoSLasj#PFjRmN1Ed!`Ir z%=M(43hzKNSssc+Ab3j=iVXGCer@R{_RAr7tYhou<2DD~@eqXTM~stE3gbpU!nOH5 z(cWtaQQN??-Y@&sK0z*O{|1-L5YVL2G-OtI%(>r@ZxAeeT|T2l8ix<;6~dIc7e}>F zH$O5RP60;XZk`PAj|WB7&H`cU3-~RaF3I7>xTz@NLC~J^bJx)DYuROJpYn*vGS*PQ zXumM};sB$^$9!O*9o5mB$IGOT@8RHugg{uxBb6&`9teoMl%u4;-LM6@<*&@Dt9nqg zo(Usan8RZw@r1_k<*_v?yQ#`Uapd&Leus9+xx~FR0*D5covJws31jV7ZV6S8{ZVCe zcYtj6lT}Pzur*I^yt1)+M=2h->$~Dw%eWTz8&kK^zVJ3vIjq-w2fkGM|C` z!MexaTroFqkQ-VvbB)-M{FcepEaH!YwZ>4OgH^yWEK8}7uM=mS%%`lh))aX#n=*?l zixtPEnU6mV{*~btwB!ADXE}$cdt2@3{+DjQ6>qP=%_hN>ivj!i<7`1e-Q#r7Wq{ub z3v|9QNIC;ASK3NtMLsD_=$IpY27)&62rmxrwrnzGo0j_brxT$|gpg@*~X7;bU?xC#eip*bkZpPubkrv7L7e9l1y%ic& z_RKbFA$!7@J@8XF0)(99ObbC5IYowzXpP~hCoYvj1Pi9&te5{udhvh{AB}#CYMbyX z+|-c43cz0&eBhCkCivlT=0w#YT`xBXi}pBIet#dXi(2zIH7bxv0~g4@S-3j>GYDNw z#{V1~#?q;*oS+DL?s{CJ_f)|3(t#w9xCf=@%83$Z|L+Q6!r?$geRyhSFZukaC?~Kb zWH;aBMQ_tYRlalHt+S}5B(Q&oU_bvb80+P{pb2q(`rk9k;DIx$XZ_C^UB}BGcm0Ut z`7p-BW&9W%Rf2kuU)7f?9om+<|KHa)T*wB3L)O8q3R=dT;h(5NzPJ5W4TuMLj_Sr3 z?;%|u<~}VBCU$K-w~ibPoGu&mk>w>@mOjnr51&|4K(~$F@ya=WY%%U|&(9 zD=F-v_9?kIgzdCkJME2Cv6I>O16r9Uo2)9HkS0~Bh1j%Cx zH27Q7Reqjfc-IAvKpN-l~R@r?nHEvP_DRf@Xhpmhy0W^LKQSC+h zy&F5E^-_snWqscA__ARPN?^$umhqt~OeA5Q*Rw34y;=m++j9n@-NW5^7IVo_>kY>) z)UmJ@M|N)+ZqAd*N)I)Qu>lJ7ZH_Kqp-BE)%NJ!+kH5$IR3la##a)k3l3suLyVgde z$nkO>f+kt4MpJI_GA4|iMkV?Aj}y*n>3BFX3%u=%Ja!oQGo~;~beMpp6)Wi`X6?jO z{tVqMKWyn4_0O^#F7)I3E$w}vTwCC2k51W&cxg;S`Hjel7!X{oAL)zA1S)qL)q*`Q`XBK=&g#Lxa)ADcp3a3FyVmt z4ZeqTYrO`4xn#Pj4@!K+ZzgT^z$>#fIo{tXOdky^!Lsua3L)+7VJ_ zS*I}vd&}oIp;e-5)lTGprLhPQJA%u2ckh7(6m)Oo5jlSQ&X$uG^z1x&likwiY7L5X+zY zig#j_NUoBeF1#$R?X;urPX?)YbKQp9_qH9?0(2Rx!}76x8-%$*HENg~W@f%7Z5gBx zPODwDty>#nF{m@~;=$!klZ4C4nRa*TrTp_gvH%)cvrX6@eF_c=3dZw}(vi6{xY)Zn zH{5b?B=60un_(p6oWL2=LpumwK7z5|l;7?W(uDYuS}@I3`!3MZ{3|Py((C?Cm7hj(o}X0H1q9&C|zFjn0g&$Sn8~2y(KPoM;{f8 zZrP64IiM{MHP;PvDwL=99YMi#lZcG1Rc4fou2 zNz_j%9?>lkadMLA^g7#$ig+v--hT@H(fr*MRCtyNW^MfSxg(J!Nk9aykj z$^WMCJ5JRUgBLew6+THbzj@OcW0g;N*T;<75}m82ZcqRHf*L&^c=%n+A3ts8FRk>T zbItS831?QDo>9l^_<1}Ii-H^}KW5HhE6t6RvRMvPne@%ofOiz{_=$hu+0xlQnLYU2 znDwBH59Vmx#6v{bw6Zs~#J*F1G1=m|(-p$FWzpMXS!d_sr)j89!pI&z>#sC^5>5U4 z`@!*2WP$P**w2?t+jU*DJKJ8rjnvKTS=EjnVUOLLhnZ!vson*wofo7Fz)Mu6;vPTy z?xDO56NLR?*psRR3lF0i9oVtR2o`Q+;b!A4P!HzxX3>o&b$*Cpe6|s;STa#^FCB)i0W6dK~T{lOy;bYreG zy@?W3B2mdUXDjeHcZ}!Ib16=i`Z8)i^2pLTN6MS$r@njQACoanzpNAAm?uo5Mts?4 zO44Wf^+M|+&;HzhVzGa;*y=ajY_5@3yTKHm!x8S|hn~-NS=f8D#%~_+@D7Q?w6efb z7h9T47t1f(q@-Ot&&NG?cBan6JpUAxrcrabOB}_o4k5bY!@n<$d%w3;dp;Cl@;HlF zO529YqlQQCQxH#%$kWMi;U{b*;|Y$nJ>9Jg2CPP7_QRe>ED)sV}RC8@%A<*R;+SC^rjU-54JqwvOIpDwS{oiz%}l@NDdi_V550jI@x!jzH`kw6X+`Ye7QpKlc zwCCf8L1+QCjF16peyclK1fwn#<7c$#C=rX`WaZR+(OonP#brds4UY^@1cw z7Cx)$|0VpY#hejU=kc2-O~$8^e5{hXf`=p zc2X>ghl^0c?U&?l$^jy-ymQF_$ONr=7!Sc-GBy~Y6CX$e z3X*d%F4EAlTQNy(mRzAUG;DpYVTTD(y>}-(;!8*ClUSdmKk-i&*%sC)DT8O%|Asxz z776B(M^_QB1WYo60H!&K=oIle^mv?c`g7T!Jfvz27VY>Wyl`pQ`WaNbkcfz0mh1#^fYtX?%Z6mBxa?P;W^rUsShX9SiMy; z_@%2?)MG#E@|#E_M0WF{?qd+;EeJx1P^Mm_pQ9;XJC%!7f=fykecRwHS!OV5rY!#(cil zy0DweWm<@N-4CBSW4gYIyH55*8R0Kby{E94MPhM%iWI~*+gM|{UEuH~M!VZJ2-Y)+ zlx+ucOWpAQN7`G5Rkd~P!vb4jBSAd z^TsN5Hs5%Diuh||WZ(j29VD+xf27OAAdw8%a~(^+G`3oPBl@m~1M5a|b8=>c?Ip{J z5wBNbk$#Z@666G@kU;)Y{J+Uz8Nm#aAO_xZW@`xx_gcAE?0pv<9moT%`^=x}5G=yuM1?s%V{O{p=zRyMnq8}aGoRh;xU z{;`)ACk*J{g?d$Sk{t4Xb4p1jBsNtmPnpno^p$!*^=h_3LEhk+yx)OZ{Xa5a^Mu+n z%p!Y&HjKL7Nh>7ST~Y1o9=XEqxlhJk)Src(;RVfS+4bsYEu96or@o^N=AsiEY#%TW z=r9aFA5?w*KEqsl=~#15VoxJkTjl$)tW7Za_C!pEfO^7n-Nn4qDTPez&Y@Lj+q?Ah zQ%tKrb*EV#CxNAb#y45&FX1+`Dj8k%{Iq$NGYbn2{Wh)8{W*zC&t?1hUCCFmtkm98 z0k4HCGK4BJ8vGv((0yI}ot%14&bki0cf>Nh|9r%Sm1FPN$1+X2S>K=eNA4%){FP7k z-CV@9;!iLVEH9Q=xzLJi|2sb|mSD+;6S-<-yjH-E=BmN8r2UeV##Lpre-3Rz?jLK( z*%6C8tB&%^>CVx+jit};@N&-eKb12!7lDSDhvqo|AA;7Y4g@!ra9{6fW?e;(W}Q?h zxx087v;ET2WSJ{^vk{_Vy{B@Qnpi&F{)j2Z85}NpZ8x-MdDAcH)p7a2%J8+P4Vx)n zAzFU025-lar6pmnoZ54|F<0Pu9H}n|bhYFJQLQt6{l7VukR7!2Z6R zoX$ujH-rvY{beX}rk+w({H0_~M{4~v{yZ9BfJHH-@y^6cxJs)Fn-R^%g4`DK#JES4 z?ZlU2;$_1KHF{~j)J`$%vjsh2{U0Cz?8xl?wo}*EC^*q&iR)$0b*>hONn{6~sPbJ5 zZ;j5@r5_0uuNb!CwJtTvbol95#W+v-TrE@SXlcCz8kQ}z?O zeSVwGCbJZSBrW)I#F;T|53&`_AM%}-z-S(L-yU-&+q4b{xG;2YaULT3@%4_v!|VLw zgRW)qib4=$NXS3@4-Rq#lY4&;`Xqj;@zOjzwSnL@)Nnu|Xi5miW53z%S^_dv@htqv$nhB-al)o)|jl9EXH74*V2l zv-k>|x`|Bt-jo}Xo)}*9cyC^CDEC>qJ|0Q`pLNx%HP)csR7gEjXYGn-edope(F4-< z|6)z7O>vb8fyg=O#u4&`0ksp(b7_qVUK;`N^Hpr5W+?f^;bgmkrgQrDW^8a@X4NR! z5ZW+$%->Sd_&eIO?Mi#6ZS^X-u>3SWHCni*C^{!zK02tmUENeyDntH;GDzQ!S08hY z_xrEGYp4TuY~5_E$^LB7fPFO4@_HzIGv|O02{6U1ICafCkov7px1E0Q^VUnXC**!d z2h}2SP}Lc$RcA%>wm{4k3?Egt>o=NIR1ds6!CSi3J*t5B%%nK_H|CykZ_ux$-6IwBLaoLTq5v zz(bjcx)Q9Z)`1D*DY+3URI&1b6pwi6I~ZgekccwHM9)`BK&0C)5|2lZwgmC5wi7-7IPBv+z8U{3x=5`N1gU_MQ6KE@S zH`5%1hep)(KsCRAdNB(1)E>A!5w~$!uihAX8C&3YL~PoL9KY3+gN^$YfPr&Db-)|Z zcCs;OeQ89L8ybQkrGHRv&&f67I#l!s@kjuNcV6&7j58^-udZdx`v|@U=OT9y8wrr= zp}aSNqtnm7>{xcrh8QZOff3GWM-0Ca#|D^Ob}*huCXwG!wBx2=*I)w@^2*_qmu(tk z+OJ(I-C_>Sp>i8$>v`!%xBA`uQrdt<#34TsFee`WsokifOVKoWBEMo8$aBsodnd~^fztn2P=CIGMZs=f(U`e*kRkiFehmiL*#x-do5q3=Zmjn9)D_X}w0 zqv*88l;Zk5jhZ_vMP?r7@O>NH74|x$z%9X`0&aMSUC`kO8m+#cmF*7|p3C&BCCx@S zdJqr3JP198St6vM*x$uH7O<@61NVg3FHJz-FuK5O(FLO7A7TSTfAXztjrxyG(5ZdyAZKM-{@h@T9PEr$Ka>%cd zrd3(+=6QP^L*aU%NEE3&sRmax(k`rK``ev~@)1HMbiWxuUXBAV;t_5;dI+#E_IvT> zUqXM(X9oy?Y|<#0e72f&AB>C)iyeDQ6bMQ{FWBjj?U(^Gk#`-IiOLv2i!N7h8 zo;Sm%jLI~H%sp#0?PMg>Orh={;JGcf=t%RyOm!Dkj^BGfCmHHfYTLyIUMinT?KB++ z3)4Y^+Quy?bbIat=uOS~D6}w8!zz5acJ4#ApxUj*Enw$)Cz$U8&Tn1TTc1R84kuD@ z&JtW#&dIdWAC6XnJHJM2xY>CD_Bezo(VTp@z;xKe1Sp=G_a!QGBi zr-ne}Rp|K@$@(i>YPhbXRpz2DhM%IZ$<>RoSQkE+2GyrJ(5@}mT(k{AKM}P^XN}il z^SSm;Pp4)SE}1eo1HIIU;|Hr4^j8o%7(w%Z+))13k~$%8Z-qT>-6w(F&s4!T>cK67 zYnQBvTIe+kn4f_+`Rn`5cb1WHeDTB`{Q~Ea=*_y7MXi9D%btL^r+5!q0{d6x|si`5bDjnDXo6|T({~aZ}Hfx!K zOA@9tG&D3kUw-@--_;5mZ-&Ufqi_U3?bDD%u}i?v$baX zn|%k+UQjW#dAKBrrkQes$i%W0Z>_C`bia3!E^Li4;D8x?EUx-bTjLIz=UVR1@c^st zrQbX}lBFV!7go~YCOudi&(fOVE?GA8HF>nBKj-E@kg0m78n+IqU_Q9$u}`1AdlKyv z6!?y=15|&6%Vmp}WbE~+2xc&%`)~|X>e@|w& zPdxR-YQ7APufGUv2-uT2b930}SXSWVzk0o|L}}-Iy{q8c<)QXzi%6Fw4?(jkT|1-x z`rSENaFCr7ENvw1>x`LZc%x)brA&L+q9ZG%DD4A=KFLDiK8&LFSX0TH6H7ywvD2z% zvHoBQk}J^hA#NnRu4p-8SO=4PmCj@s zP|gD1enF8(rtQP&4P0MT9fd?%N$+;z<}$7Zc0%QO2v33P?k_lqAvxxj5$WQ}QQhC2 z&t?ai%)^k1-IO}3)(o42{#N=y4wW<(42bw9;{R#^e0oTdtXnLS)SRcy_W3=|wr{O@v185K)G6Bg=IFvoj<&@uc8^hohWWIS zK@M14VW+q0C<`R)^5=jl`3-!K5;bF-ZJ8xp$)&FNH(Y# z4QTbGDcWDqwYXp5a`yh3Y)aAo13$0j2mXjtp>tc!cd%UIwsxLa+V|+e%rFp0Cvk%j z)PzPY%likH3wUuJ-gdP8R$?Iq$n^q)ZE%S?C2VoA9Z=6MOeup!(g2NX5+&Fv8Qb?| zaf9sOD*G_$cTSzhNzhXReLa}yb;{k25JEGOrZYi=_K_56J}lVyFL&BbFJDxa+XQIY*@vXcw!2r2cP8z>}&PQlC>92hvs(c!huwHEQf{sRgvP2sbTgzef(dZ zd245oxG$Uh-_SM99HXM^G-A=qYrC|XVW<%;a_xXIyOQhV(f33h)S|r{SvzTvv5vE) z#3w^3g8#vd05*_JMFq(lTS`rL^?01~4WvSoE@{+EF679^ocyrub9T z=LxgT1LCI1(-!z1k#1i@dW1#VkX8{o3WrzGE`_m!QrA0f+WIsR^21L{!Ij6WSk#*6 zomIr(Tm6McGIulpULAN3yNA!=h>2pw>G5zj)DTgbc*wGS?EXaN&>{MQmAu_5W@l8= z$X%IRVNe{>kpPmJWH!=|s6r0x>p3??9c>y$W{4pP$g2Ht!b-+EeL{jzkS(*$(4fe? zudAxRsic*t3ib(6Y}HeivLKvoe}mJ(AuVBR#!UH$zS<^$zqD9t0bk~33zZRn?Ge)r zX5Eq^stF|~7ZBiK{u!>qpSgZ{>8McL1vmV*`>&G?Z>lMGoMcp0E<4kDjYJKDwZ~ZN zv#s+|)hsa-mIlBy?qVS2x(SV{E_|Rj;4mlfQAk z^HHNIzv|icx$MNZx(W~u9~SVGPtotfVgoM7Do6{JyQJJ1Hab+%t%Ul{j3^ zJa?#Dl%+89YmQlSPy+7u(98yjWn*XMI z=vqR_{{iT`V5Z=WN7;dQZ?b_hr9{2rg;(!v4o zd0ydyeXi}hHB#E0^-~8^;Hz`(bwFRLVD=FG+sc;iW*=bskh-2R;p?g)&xIs1UYy*s zNiW(BaVf_D`4XW0N%;^KY_sf>Z{E4EwLNx^*@fM*+Zzk)$pv9Thuh=y1zWv$2*Icub`~0qbMJ;zLe^87V+S)=W!w(fQSLaz~ zT*i?k!ye?NjDEl3&o@xbkAtF4AOX)rPl z)iW=T5%UyCT$rJWuC4>VPMVMsgRIXJiS^(gUVM+j7=d9ma3E@-{2Fz1%lpmXq(W)c z8wv-Er1Kyj5&jOgej8d?8H1~t?sDOBOu(pd)zJ8vNR?kvHqnhF5|^{2^xDWf*raEi z7|+seT&-|1*#YVN)0OnWc+X)?L zLxy(NX1P#q0s2v2iw!eP#2bb9}dq;p~`GQF6?M#WA1INr~bW6cIP*cfq4bq)tg0}Putqd`} z>-e~Y^J~h+Q|Aecvsjmg-?)B0Iv?4|WAIW9ip#$Ekm`VI(^VNAl~n`qP#lSDU>?5Z zFWky(3JEGwV$|(TH#-15(7p_jC>$`s{xG;+4|K4`ucrglTlpHv8jw6QlZN`xQyUSy zg~U}AeIIK*vFZ`YMR3b3HUhM(;t9|rZcJdT+T%IWz7(YF9AIN!{Y)!!upNhl5D}in zq&R`z7m9F{&_i;*Tb)3ad+p*27l{+d`N}Z0GEaV#WZ(!?S5u2DrK*scc{ubIik(=! z+J!NS7g{2qPKb-r=cC?pZTd}9$WP6-o=a+T`GNMfWPz4Wc;)GZ2TvKEB5Gpv6y#t$ zhH06QukJAwAGV^%QUUAjC3PqD(8)OxgSiZ=b+qQHQ9XG zoG?7PtTE)s2ZYqQxg)nrT8S*P^cn)c^+G zq|J=Dbzu{EZe{lYr-FI^0iP@b&66e_ z+e^ar4986WEN9wqi^F=NX4Krg{kpSY0GLiuHoG z?TqJa_c?ZKd`UEz+?G<{QU;{*8fhbq+d}1N=9n3pq3EEST|rjp77zgw^{-py4r<+J z!ZR|{PFscgTraW`c%meh4OOe>y%yLY4KeV*Cy~1)$8bZ)hE8pzh~v!{C%YOB#eXW$ z*m#JM@X%@D2%nPk#;JYhK%wK=VI()Y#*C@HZ|m)j1MkT#6CZqz+{^1bwQDaS=L-UE*u?0<`U_JvGaZM|Z~c?8-@% zARs3a6$s@;<@jw}#W)`|RY1&&?)EPazwK$;RNiyr!cmUc*LujK2xMe`D5^M$Fo--k zJABS)e@NWA7W!ed(XIu4$f&ELB;i@*EOif7Ys14KxFWVZb&BDJRSdJ{wfxJ}o1&3^ zvSNV>MLT{wQxV!>!VFifj-Dt$-B5Mhc`v6-p?c7(-wO;mH5I)iS30v(xn+gQ`vwEa z6O!27=k8_2sYDy|zxrTa@a-{6ZBr`}cafY4TjRCHCd>`0wDUINWq#35w|Jd&Z#}8(&&{>DX-i?o7Jb zFOvS~^7b1$lA%3NqHwi=wEPBXJ5Y3GXe%vDZW8s7V(3$5)`PVU#xaq^&I>GMk?SV+ zFDZ5jhw4JZzMFZUq5MwI`N34wpXrC3ODmZ;SB&lw4>M~_p^V7LWI;zmWT^09h;zD| z7KT-zsEXyvYjOU3uGk3kqEKNTLKa$10-Gca=d}Tm{m!?Q&=*sVPf?ZnCV+hl%)}xG zMLSBh=ig&&EM}C>FkqQjqwnI3Lq7XBl>;j*z<_I=j>AwtX^l6?C~D(Ue&@y>?XSOS z!bcseC>b@74Wgb1QJRQ5yyVM1Z@AZIQ6w?tWI1((`^xi@j^>>P2OS{nbiNf%=O4(P@;BCQVXfBiTfEBUI2 z0ng$qXvabmRc}o5Ic0)ia%F?qTdf%;NxcH#S~wC?&s0=WO-WNaL;7Wy=<<7l>8TUl z5$+@+ZN?$k=*Rimj~4WS(V%mFT@pT2FU^}b7%I$g-pXtk<-JO>7*lc=Bl7Fs0g`un zOZ}tq8f{~1Z|?p@f+d9HUYKyGjqMD|8tdOkN5Zb#ABnLV588*ynlG{!!l_2CCmGG$ zGddvEbZEwmcw8l)#5vRbvV?<{b*Mx4bJ;Qs? zUds5P%A&WX)t!~oCFgK-IBvt2p=dYbx5pUmSluxQExn3>SpU~`c zAXI&8y{h}uQ}YH-rSpE9VP9)+tJ^({r`Jwp&(yS*b(%FSPb?p#(<~@CEq?SQ^t@~H z1(Ah!bGJQL1gOjIW%6apnu1h-Z6f-NL1ng_x3Os|H=Dwt$FZDT~kGiOYA7O z%$bo^lgi)dOqrp(UPxBqMyhXGAfiz+<$UADjWpKGHzO1pZ{xk%R1LT2K2lwvlDHFm zb27Z}KC}Sx+K>3;xNq-2pi=MI}l!;+TRgt~8tBE1{;+!4G;U#{Bl4%<6g`dEJ|H zChBtDEO_Xg*wPz!XhNk>)Gi@HSeMVv5oBh|H={2H_}mI|5n#wr?0M=*OIzzmoY$X* z_d=)<@6^6e)q4^WC*As(+rCMv6VQZsleS;>(n-9ci&yS8KMY;@L|$p zxwpl@!d4``9=d9p(j&-fcpw0b=w=-=2ZpS9r|(TTgUP!6z>9U4jx(|U^#0}AE^Xht zO)(ff4g}@0eUBK5)kc)4U8LC8BV~N_j`qUbqBVy_`6r;|s zlGFTyE!HZj;GY`4Z#R@pZG&=v@^1a5#p2ninGSL}Q!%BIqB>-7KhGM5$bo*?+s%xX zx-5W6ve+!eWw)6@Va7M=K=Qh+NV}BB*Uz~h@AG31FTs9IJ~3Eiga2bSW<%uFat0)` z_OYbPtU&|>e_m$0ykwV=VTh*;Pf^TkTpu#dB6(nLZZ2Ls|I2lBpx8RC{(4x}yW4H{ zcqkFmx>7qk^>#v$vWq*5&kmhr@kyLO$Dl-Sah~csybwcV8$AVg(8gMrYrPYb*-e96 zA7Q`fHJV;-GUh~F!7m43wGBgU~QTzm=?YVYMX6W#r0`&1$Z&fDzkFL;+bk4em2 z=PoBp8i{xgW07O0s@k?@<>J$9;?Q+L6j@SlX6C&Xxs_|-A*oUie5d~ojZMwWK%SNu zU8Q`?eAcukeT-$3y_rO81QPtXZk&nf@4_Eta z|MM+@S>@CRnJ?~~eZKASa>I4k+*(>xToesUuD1=v*nJv{s4Oa*|52qP!4P`AMr2f)iRWZslwbzPbCXLsc>5O@5gpHS-{-%k?@1?4WzX6WlW<`uF#yj zR(^VoSnEkZG(J2(6~onBq5)PdhL;u|9sKuOZSN%lPT>l%xWw!kfhPzrR z6i&R85W2zSUeDFHf_<^;YqapM7%-y?>wbak`-eL9Mkja@9?582on9J^mEThXvyt3B zrH<;i{~`pUpWNB#Bz9Y6FeqR z^Hj0)GKQd$<$=b&34q6UBU#F=|2QU(`95aUA zZb1vyR!}UQBnM+)>LP5~~%EP~;qXnPwK9iIK!;;xYw8L8!u%FY`qM zr?eToXYb%br1Fn4EK5wM1>sC2!P@*dn-v5qO(@}rIy6%!Q>*v#C_9iYsnAY}M;Mhu z82`K46=_Gu{;88lg>LFzmILkF1sV01Y-pUoZCx}HK}^IPY+38W3=S%~mp>}F^d+!I-QVbyT)

    kV~nocoZJ@&Isg-y|s8A&T_; zLE7%t+MWJrd92cCWM9gCS`8AjSs*P_AOd=YPq2#TK-JO#K`gpHTRIB5W*t5c6`i{P zHHrf&#IjN*pz<~g>wYJu>0ct`PH z9>a>=`aX0TM-1ta?h=UOG-ByxDwtGGTNi%ABa6zT1#2GN zbgkD(G}GsXMo!xlE?#7WzJf+3riIDCq5xEF*gg%Sm)g1_>hryKx7(;_=ItXV8@AOU{dK-b}g3dH7(V`Y%$LEAfn}Wb% zfFlxsF@hnIUtvpPG$;o^=GbfXowP72wPX9s-P*E+fkNRsgMFOg7y-Sfp_BWVR{mBI z2A9d8pt2oin==y-UU*NpqQw=EPVx*7r8a0yZUu;e3PqRXiLeRa-c~062lqx>!+Y+C z?bf^eMUTdovc+gwaNnk%*r;^kY$!7O=Sn3g0(cP0lUifHyl`}}vz|CMnH}c*~X$#I!>aG9sDt9%Ye~`70SR|oYbJ1%{!+(e-&so@7GG{E)?kF0o z1U?0*M+3T8G3_if&RM>wv~KePe)1bpRqEC* z@rs|d$UiDEeT0Om2g3Z(3J%KI7E&!hCz9Yi)3w7bsh}dBK2xlusN9+3Ni||GCfAH% z?=&48)WfJeaSSG3ykBC88_Iow{lYzPwD=;mBe_&==@B)w940*2HBB#qeu=?1}w z&gPJJkSy0N>FSu|*DDSFes-dzZNRx3;xd|O-CPzL>=>0yI$7!TMFYJ4pGj=rX2&++ zRao#OYSpFer6?&&g8b=1L{6 zOjC;m#)itZ@NRgOR+>Hdu zY%wLdq867_IH*`irn}OG220;d$)DL)4zx~nPBOE3{TfgN5wj!%6*KGm1Wqm)VVf1C z&q%vW7oiY?JU@nb@vb#(D7(Z1<#5ViD<ng2rzYm&I;QytyLbeY;)z$hdL|P`*U& zNY|u?&WFrpnSh`Ygb9}}be7hv-6?3@w>>^b7||BWnmyPldv5NF7KY zlGg5MKNT-zZ`->6^yp6BpohgFGUAWtdd<9tUV=+7Je9kJDk*qaZ#a+}Gg`iCi)%ErQ(<`G=$m_<=1Ast{g!=%Xlr;Iw+k;l~`*NfwC}Ix4g=N|*M?XnjC0b6a)Q zmHZ9YZ(Z*mG0l5gLA|Ses{bv>i3{8YX@PGnzb{9SA}cAi_19b9F=)q6YPY|4GTdk3~Upt$5ZMr>AXe*H3jTz_jUrI02exaZA5wY9Jf3*O3h{)kYym_2r94Xv} z{GH{DP$K%S+Y3zTr#)LLQCF$G)NIm){Rlz9*zX}mE|e1ZCA8$rfw*_Y8_6<+8@zVm z1_^p6R?#+8xR9a#7iTr2T+Lh8Z=V9RZ`qO)DB|XJ#H3ca&uHvdyynK@3Hi&5rrXuX zt1Pc6{>}$Fu7pWu#KGBv4pB~2Yt%up@M5hc25IKGuj)DtzL?__l;T69D1&xSQ+E9$ z=WDk&@SyvaYyCOnwT*)Ev&`~sy-l8^lSKpPnbr~lp;C)ZDCcPo+oTt+D!~lxofY+t zkLd{#S5zH`U*Oy+*t$0$rTBzgarf7+kLkC!mhMuER5h@vCxkXj>4yB|eFws^iy1Re zGi4kPBRZF>ovq#|jl&A!d(rNfsW-oIoa;_aJh;1|wny}nJ3)GlPv^w-onHl?OKpZ+ zq2+LN60ebJvd);KJ(gcV%M9<0X}T+u_Q`fG(p=R{^~rOv75h+dzD5VeHyhVAymjIv zR$1tZdGv0!XGC;;vPq?x14onM|ElHn8`?vfhd*5j?ZZF+=VA1E^1*o24GJvMHjwt& znaw^O6}>31{FyujUm|I>rcW+J`zPvguGm%e#Ue$ed^%gIxIvd2X{l|X>gX}q+iyq# z^r4cRV!JIcnRs^p50g0!q&`yS8Y0*HOOO;c3chmEfi3IB$m~WB<5W}?uQ=x=A=mL5Pb8cEO$E1g=cwG4n1VrSREP zngzs=E%PBVJzS-&fs3z_f8Oiv%H9@MJ$m+`**rl#=*k+O$Hj zy3u>5P?{WF1&Y9)>Zybia0)0$7gDnNy9*s>Jq!DD!G96jM ziDw~PX-dEy!V6r=x|eQ?=ON7h`Hf zuWs-+;;C(f1cPK&H?&_y`_1Jc8MEl6FHXYKRQRk8B>T{i5pF@~G>(6LIy?E>mTtJ< zYq~>%`}3J%oDm}gw~U<1E{1OXxets|;6yd{NvFIT({1=1Ylq;AmAOn$-H6n_zlKxQ0a@JI)Ss^t@WgrELs^-<;jdJ2BurWz9;@+=ULuOcdo zS92%jXNJOkIA0p1(hz3;_d4Nh!-Vwu+1G}kuyFpni1jlq#JYj~Ll2XC7|46nnSMgM zNmwyO4DLZ+8;H)2;Ot*I#-t76)n66e{j68H#6aW(&-=QPe=q%Tt4 zaw^BHMTNwdMfm+$h_tX13KKo#=uvAsxS(N-KdOF1DY+5f2qA0 zvypnay?>q+Hd3hk5_UkLcR@PKNOuv@6$jw98q=Jhz=WRUl?JiMnZ>3RUcX8!Xe z@56-5$%~FF;i|&^kjS_}y4fN5lZntiuBsX2H*9g9z>^}&MTFx&KOM@1a||Eb3Lv`d zj5F~}ibuGDYP| z?%QE&)l>bT9qte26V|e27thJ1uG5eUWhox6X@)fq-zr>+L-DD@E=;g~{<%rH(Mcx_ z9^E%RW_y6e!AZ)U5j1}~%zd&AOPLsG0&|clF7h@Cj5FT+u75e7e?pKMrvVwIF9F|8 zn995soq6>}U6}gtX`-S&M5E;MAC1z-d&uKTA%>JkETlTlv ztV=7ktOdeKxSJJOf!;=5I2SQLLk<3*j+U?bocHLBQ4oMbQ!9&@J)L_iHq+&oA$G;-J9(-MyWXx5dU+5#xbfR(uU87t^f& zpt(phlt~3}VWPl32aYpLQH5dcxAhde8rP}y_ieue8q0iYeD1raA(!pHnTmP$o*SnUnSxU1= zRzF`mQD_U%{#352wo{q7ztyA9)cka|;F;l=>%wu#bbE5;^)~OHi_>c@-}^S5KRp}T zzCHWZ@u%_T>GWDh%c^Z3R9|l<7xo*f{XM)@%|HS?_x+Zf^tg|TpS2Y$P8kwF**`!n zGX))!0Tv|>RkfFYe%5ofY~Z-aYmj&)Vq3GN2oGfTNw=q0UnNQrItPWd}FyYM?VV{#_MHT4$e{lO459O&sKY>4Gx{sk`*dVhqmHf-1dZp>?_sJM&(c>)fQ^vO% z%nHpOtU<1ZC{$AS9_^`xZ+moOo8)HyI$dn0%e=kG+Lgqbx-{}uqUSKAzKHeiL%*E8 zJ1#%Q(*4|2qd4earNn(Ir|l}`wt2SrtU7_kT-D3>I3F7RjS_u&Gp4v1VEY1J>=irX z*}bcFF>dB{EGnj9YP}MV*d3a5p3Ox#+D--=blbmW@Z#y@oPEV(c{l=5lzO&JBGRf@ z=uD9h%>r?mNBFd@19F~`CLtjFSQ0-Ub(tU2uDl?tCTDDdjqjbVstIq6tR3{T|54Yw zH_{TYqQ3GmZ+!!cE@kly<~bei^H}nBT+is;X1n|T*MzR*lPqy;)-SRMOTUpQeXa98nS57Z^`dmYcZik4pW=O&OWO7%Z3)SD9O}M{tQ9iwFK56tUAW&OA%QIRjY}kk zxRlLR$6vGAF9orz|7dE^2dRv>|9=aC7d@UI)LSOxY2=EukS<$p)905Cl6G+!s5%ci zq@8_bW}cO-pDle)mz-mNBE!M9~nU7&4 zd-J9Ahwt(56I9t@ONc?)^A~*5-Tj9nwanN}0+TxV#dEdyia*N;6oZr3-|2ub6nF#( z1xt9vy9@e3y~G2Zy{;b5Eq-s@ootwhLeb~H@1Zm}Sg)^gA5q?w_N*ncTzf}zyt{Fn zL>ek&4h(x?miVstJJsTGfuX+aa`cRX|E^wmg(I8CR#r+CntZhAQrBk2uITrT;sv!t zo!e^frV`nY=j{eQ#IIeHmJoSC+D;*Pz~1%QURU8&ns5;Iz%Ghsb`W}IeCA7Hmyw7Z z)i0-c>DBOqb4`ZZMR`13$lE}JSooiw`n(Re1BF=n1Rk3dz%B%&N*y9RiwyNOuD;^s z$B)+ARz$fOpSKJb7_(Zm>8LRfdFpq?4eKSN1G+3!@Ixes4NL4Zj{cp2 zPHP6JGm#SPh}zWJ&FWK+<(2cO$B>J^{95mApiF45*Nl--UOBX>BTB1WPrh-qlAa~! ze_^~gU31HI+=`+d6qHF7v+{=QOz~0_@(#sT=ULe-f0c&nXCp4#BYNyQ$)kC?=er#SZwEb@1mXO^OS`NQ05ktR&$ap zB_i4`Pm{9u4-Ny=CsZv9J~BR$YYprK*vd)>+^JQjpC1 z8oRrxqaMdrFwmQ*hv*LBkw+|-J{7xrZI=BIzOME^YKV8e#y#x<{!`~`W#nW;ZDX{R z{CcRB-x`Zgtnk+Lg~p2x@0;Ok@YIkmH-PA2cO5qnFaaJX*0??%n_l@FBhLKe^% z?>=-7uF(?P3o08w`epHajLZV!$w??vw5g0YnLkypevNbRR}vEH$+Ckn3sI&XVYF8> z`06CYzBe>=_Tp~-oym#StYTyB}!V9T;- zsk#J`Gb>WS+n_rvvEzHD;JW5J>%?ce1rOH^D(;}{emIIYJU0uJTbbv7AtAZp;K7as zT_i73Y^M@&rVFw3ffk)LJp&ux=10q&$;ruCz?m~1%Jjp=iXR_+3>shblx~VbW(28v zBa?9c+A8Vj+?s9yUH_0odgls8r6*^pQt?6QLeCUP#Wizd%g}>^EEHJp?Lp$r^D!I` zDOtmN4GJ&$Lnt&_V&aS#dyPpJb&VB#s`r)n(g`{~7q&3`P2XiHQiMrSUO zAgbqto#pQpLoClY`J^Ivw2?Yl83lmB>;E=(BZ z4t(n@)K;y7xDqKh1IEQr$7msAwSHd~dMhC91AsOp$3mqWJ#-hA4=Zu4sf|PRAj$IA zwY67Xe4jUY{mnx}|0vdf472#DkO-ci8kC-YEwUE^}=TW{D%~wr(VR2ObD1#y6 zhHp8yg{j}!M~q?@M?ODaz}f^zYGIDI#@sYWS!E6;oA5GCs07SDKH`soLeCmcb(m<* zO1BAM>hDZS%R|)^yr-z1lxmW%p2M-<{EHk_vHaeFMdnhRGLnTU?;W%?!(F8FZsa*t zxCrOk^98BMR2I1Gt~K1zte>{Cc>j`CCZm3w39E4EP<^nsSPX*7L?KCb?JQ&YgVh$H zVrlz5`s3Kkw=Q&u(@Wh_ygk=bAY%jOkt4TmHj)JF&ZZJ{e7O{A1bLs222975+qJQ% z%Lt-^QhI`BvvNnIK9n79cek0b&#APTz{~g^|FtaW!Hgy*_S3p`o}zx#+4BC{#ZcTY z=GL{qr4roavaG)!I%6t7j8eq4K=N0+#-OiqNCqa?-gzMWH0(dH(A?Gs|L8SnqVBR7 zrKe3VXdw$2X#UlgSJf*i?lDNcktZ{W3rOYV6XxCPuR7VXjVzJSZNN&{z` zHeo6X$@jXNFzE`aZ{z-?vbP8@{JNW4&$nwDnbkGbnO2cB$)e}Jz3{{{zwiva{~|Gg zf&CMHzu=SSDVUz3*+}0a38=)|_&Zp)Pw@_&VD$d`iqPFS;@?mHpKHGN^a~%I0i)d5 z{x#JgckVyQvNe8q0keIJ~YAckKzKSVD!Y7y3eRLB5ruDtTX@mwv(ozc4lRS zW>jB=WS)w+IcrHGrsSoaj|!wZ&&6Mc|is zRZK1Ys@8cQ8_f?e^@ZwzB(krm@7%lT4~Uf=45#_;0Jnx!>eYR*F-ViwKdTWJ=n9|7 zqdh0chEohXc#CGVaRrLV8e^H|{@eomDTKgr8y%69r{FI$ld-~b$PGILO@OHGzt7B#4-|z_Wl;&Bg~}Scl>S0+@WtZ@ zkmuJ<7ldMgi_noVAN?`H3`7MZ>vjsDKh=-O`A`%0DFVAV+b53IwY`&lO&HTqci91GMyF57J4f5_vE(Z=KlwAo=se8HT^eAWSU*f<~T0 zSPdmWaHJwbXibLFOd|P|#&!OCgJb|1#iWrHGvT-);E{y&*1x~xU~a^J%z;MrGT|Vu zuUX`5lL7GmqgWjN-wO+?mrXjE>XvOa$ArXGN3J!|Sjm5PF^w#}NExYY$umx5CQiWW z_1=Xx*=&syS|06Th9*()pp;K9r&Qig{0kN_;e4i;#MAj45qZiq3GU8BY}Iq@D(o6K z_dKXuBpp54LI(eC$rET4Cm?f#eN~@cH6jaRytZCY-ov+ZRucbT4`U$GU{6M!dhD7B z89+%vvy#oHAS74zf45WJOh(u4%J;Z;FnBoR?l24|tbdrBRWSgYNJ^1$PjM0_`?mzHm@{UMp zE1J!G+lH%s2X}H-^WABU=R7CBN@Z&Z0Ks-`Yay zGw3RK8~2R-yRj*m8wDpQ(PH0-q+rNIRdM~3Ot5!dN}o(e$48?I)h0jXX-?J9_phkF zIi|Z6{H;TA`vZ~i!yk1ami4SGt=Wlz0R-^0DtwjZK@Y>ekr=tJ>xNDB&g|jIK)}~k z)rYd{P<9~{B6T#;9~|i)v&dQ#u0ZlW3u~D@fApA@taoNT`K1OJS9=`?TgV1z15}l} ze-FZQd-gXrWAz1WjFA6k~s4Yp*rN(rjGqQp=gwZ>X6_1p&J7a`d z?<)vhV#84&M?6lzLreGsT?Q&R36``A7sPs{fgkCzVNJHs_GidLVNZn!z3}8#hUq6` znLY_~%7FaxM24hWj?fl|`PNNC_!Z)VA|iuxC(J#&D>2XLbH4qZsI7R#|Dd3?$N@xq zm9?KU%$;p=Z7>ipXSz2zxl{felSM-QtU3&Lt26hFccfkDj0bvS!h^^39HJx9$=7$m&l&_je{ZR67kEWM0npf z58HYmf8gXu%fkV^MA1XXMu4v3#hPf)hbA@#3+Q343H|U)N8LwaNc^~O)WKi~ZCWc~ zjKmq5Y(FE4kxzphpqRCF?eE-;aKe^_HJbaqP|6l29ZHYdPJo8Tz6eF!fzgz`#RUz1|_dvog^ z{RPEnvE>ScLfJ)*WMY`2@h3D75cW(bak^Z)*z6tmkn2~d3!B#LzLQY5wZY1%{l3iMSUvw&L9*qPxLL&F zBlG?5Kd(q{eHal^@Lih@a~Z3%)XqB3S#YJEHEhG5NqFL+b=C~dR|?T~96DM0{8!uM zse)c+U7BCnVY_%&27vV@;&rS=rvE{Dapjx&2VhlFB#F%ENh>d$(n@27njq6bL zax!kUN9R_yO3N_1>A<^BaKJg>NJM2lAW6JzW>&6fRNuQf`#}z$%{8l-ozC@NEr9XMiT{tSuYiiW>-rT$ zC8Pxhq!Ey2=i%hcE68dq{KbJGG^WhmMyiDV`Te*%Eh) zP^F8OVj|ypCu{nJ*Ee?xT9pR=(anikgod@g3&um$j+$`QIZXkiNlq&Qw4n=%ZY{<; zk(~`b>r&jV-{ag?cb9%`=SOyadn9aDH;^dJm8Y6{k^p~S_e?Fj{iE#02M%@}E0S{Q zt7FaMgSb00>wM{T%2k~{`Ohy3xh*c)^lJm7^Hr0KhOCwXs8SO8~3is?Ar}Z2J~&(k(pyoh4HZ{O}h0=zHGh` zXWRCRd%MaL)}PsYGs}&z7ubDE%{ZtzmB^y|H0;QZNwsa8Gw(crRiC>sDUOx@-Ijp! z*B?tMPk~r>FsJj&0LF+e`>uoY_ z$Y1*U?KZD7MBSx?aUtv?*TPTU^Askn9hJ;F2+U~Xo8!HydY>mVH>d){7~HrxCA-Dk zD#gZ-fcT%P@gn$KtoE@P8-Wj<3Ls$34IvF z?B_n+WOz0`eN6Q)Io9tbTdXM@jE&XS8t<3uRPFjB#JA;G3$l3Xvf&xrrswz5%aEAG zCMIhf#^s@|A)BjrV4fpsLM7SC&nuM&j0%!IY=5&31sRy1Vm6jE4EW0mD-2J1)tEI} z-xw|2q>Fl=PBX%(MSUMrUc~6W|GDG%h&dgpTr7eQ$-@vqmg_Vo615-WlfIqV5%G^= z)4NVrAs^GR(`8|Z4m5eh(KXTd^&_`uqLtS9yeWIRFvAqB1pxsAy-cQCSE_{s7|H#r_{SmH>fXgJX_4OHQIZ@Qb?X zjWVA7O9}SV_yPaiocZ(Z42FD-Atj}j-0Zl6fG4GEa9xSYi4P%crU%VN^UVfH)&Rwn zO`?_%t<|xF({hJlYK(diQ=)5l<8Za(`aOmTgu2p6WXVwz*a~ z(-@*EQFsi~*b|6gdFG=|A)Z!i0+3zh0+f~(1gpa}Dc$PV-M?uNkDA zT4HE4^x9GUc_NYEdRwIUk9B!c$)wU1@r)IwxrI=3t?fq>`|qwFSj?{duKbUJ94y}O zeHFlWe%Aa{1|oAvHy(9YL$Ah-nIUa+n>Vu`5OXc#HZC?I0{Z_)j_Pq`Jv;xI#c{f`Svhndx62&UY`#PTw^o-N zHz2dsWwn;CM*{$mi2J`GXZ;&JRH@KoIwN9_Ax{5A9P~F;sK~$y7MD3Pjd_VFCfgaL z$oyN|n$y(T(+nO{{|W8kKw_0o^7l_Bf?7FBN)52*YY_%du)H zK8CTk(Bpb8`8EEanR6E9%aws6x2-*SA(z8!u1<(2U0xYwPUz9VlSWSkNKmR+&Cgev zMYYHZM7d5qEw}qVXC>B3(MXnD-!~12c}VrDJ%4{@UixFD#OIIv%Z=*ghBMk9FY$WU z%FmX8S|4Q~Ly;p{^HJBRKIaa$InX?uq(~tc(2>AM9U(FSNhS2a?2&vo449b5{^1W>HcqD4#S)Ntk znRcAS^_{zN`Wv=o@ANGkdpNB_l`h$PSRzloou0A$$&K1El_;q^+6>MadJs|!TIcYIm(xJel$59;Mq>MRnCe%67d-^ zsaD#o-6@8w4rJ+UenwJp$bfQLgz%boRio2WM{S8iK|4v#O?bK@T0u8A4C{>PJN)iI z1d)@?T6&@rVy&3DuPdGGuUNW#O&%+>QXTayxEAtwJ$RlIH{rBo%);kn>nUJs`WBe% zg=id6*uHT3O0&F&jb-``5FSSoeM|IVGS%3LFVqSMQmW0tbc`N&Hfrf+Y4&*QTt zM<&+FO40BDf+1mIRr$H&vy&y^YN-m7pjrednAK#P$ugE_Z2mGJol3@XyiTmL92$1Y zu322=uy9mANHzXkEknFAHvRP{x$%K^fh$3MN76#96-riXr8c7(hvsK11`alF%+nDg zdTdj8Wl8t&sTI#JNh~f#ayB6)mZbtpN%BjICBOO;1;d6!o)0CqP+KL;fsDiG;gHFS zaf6HYzNI%Sj_1bUl$g&p2CgT$CQb?zlt9@JDjH zQ@q>ag~~5}*XdwlVX3{N?MV&ys^WIG7xj-0cbOqCJ*OTdiynN>ZGcp4=c9cXNg0^{H3A>4(P`pOJ9nUOt*QmwqPR>j&(jQ#gCFkTZe#Bknf-joZ*M#sh?s)(&!R%e$A?NrVV zv{%e@y+W-TS1CJV5kzD@^oF_zc@tduq158O=sxc2vOiv*QDhb>R3GJeMXRO;7y1)S#>3^a zq3IGGR(|JB_y^CeVVgzk)UDTABVm#%9=y5cxr7i%A|u_6Q7ih|_IYh-Ulx;d+WDV} zp+!2x{>U@eyPVf^G{uZi&%2gKwCJ|T*7_rp#|BiGgzwZ`7!JjQHdN^nSpciB^8e@-v81o>Bhp<6|b%nu-d>%+Cn!7F-=P@(u5vF7Tdg zltb-F8ieUhLC~HMmIeBPARVG*sLjryq^Dds$7ktB1UzM1YiocrGEo-3ZhE#02bDl9hqv@$Y*5d|@%${=jx&tMh+*qAn>f(GTpApB zc~)s6cAr9!OG+vk(hQ{~AK(TTBrCo_-{(e;je-{SlhwKT zm;-7LLq3kShz;nJ$Hc9x_8hfW!jKpCszJofwQc2Y*F%38ymMhBHHpFnD|6?T3{9>l zuOi^^j$EuR)r`7=i3cleUKYx{6{|cM~f-k_7+T1arqn;q#n>*$p((-E2g#B|7m z^|;@05+fPi!86J&n~_NnWq9l6E1ge)3X(A7S|VtLMhNP>NI!c<019`;N`>5Apz9kZ zHOCH5!)$mhIk-WowxtV0@+NNfjbP@>!u9!vX9}4}EA=Ab`b4IU77U?@Q@yO(XgBSy zb5o`JR+YzkRl5|&+tYU4ry-_l?^nB<`2$0+j15vPM~{_@nfq9m(qik|m+V2OmR|(I zVmBCzXFqNQE*!TKuJmRHTqiTv?6Oqy3cxbb_KOa8g3E;5awj`R3zw=W)6;HhAFddK zN}}Xb0@NG`>)qj=W(f+(rr=vO67LU8K3_dE%CILL=`C^|QSoeSNOJ4f^Ou9CaGJ)F zuO5IvspnIWR4WtkrBB|p9+VQ}+8<}c-%C)!M@--|&M;TU8(%&(3i049=V5^pt=H{W z-ein{e;nsU>jG--Iv+cD&0X6tt$6u*wb39zWOUnL;z5h1IM4Bz8=VX zv_$4b68xLbFy`ff*q5KUyhlCv$?T@}Pv>!KcUwEC7Y7RTiaJ?fa~pz2jr-pXorR1A zA0up4s-4OzNXqN2XFVkp>&}-CNbwYx!w%%f|~VAG5fs` z^{?fOa0MsT2nY#Zz2~t;ta+`efMcZS09jN{te|hdP1%U(+8E!XTRs3>Y^wqdipQlE zHv)5yZCYr?dB^|LAb>m9L+ z*O1-0dVEj|ST0BU&HWs!p)^`iQ3_CKG^cy|&Ir8e0h$-lTS!s7r&0>7 zD(1p2ry6U1n;h6$4Ex@*3aYt{gSgLq;X1R^_x@39QCrMU%WNsPU8s|gi$@8f-Q$`f zjJGs~IQ%3Xs;uLWM!PYdck=m8eM>J8z^8VF3GLLfafOP%4+QJ-4WS(J83M{`@=Qxv!d|BMu5s!ZWn)%u#Yqeh;&rP@Z z@PK|&Oi(p;mjxztQd%0Qr#l@IAGCpi8A5*^vTq_WBvC?+L&IgV+G7}OuMe13gSoO06=jPA7%y$tHXC5BJL1|7%c z^~DPW8QsUi-Lx@s4?C8&siUwNb0@fNb0c%i;t10>-Ia`OIn(5QsBQ{q;NV3A6z3tV zr|IQ1mlp^2T7QDY$1Kv7g=Vjno`KDLN?Hm+P1U`g}T-x5tD${1)$wZK1jpT4Sz#KTcCwe0Ko>~mN{ql4_ zK`xqcE`_NF)iP_kJxF40BugMcdWVh%-Ifm6Uc};phs-aO z!T|M#CRZFi01~&T&u_iq{9g9fA7G_X8Xh4*Jaxsly|OcRvZ^RlE5fndrOn?)r!-k6 zWZ3k8VYbe8<6CWUV?=lfqwbG@-#Otfd&^%8n{aV)@0?IDeRsH5%SfWEXCSE{7gLO z^STEoCnrZ-6k@J;8#1r=m&NWlHQ)T2k#OA@kSM&F7pi8QySb)kieHI+_N(9L;<|1r zP$JT3rUr3DOi3A1-h8sMM{TX~BuFjMuMCshDk6X{rCuPis^0or>%PdvNxolR{jm*^ zx&6Ar=z>zm!)`%7p(IFASlSLD+6gg=uN!MpFn#kNoW@6#2FK}6Pe}(;h>M0zcum!R zpRhF5e|#_BDLJe;#8s_e?qR3N*Aq}acg|B%M{c$w(tc%ZfivWbJKv;M18UV*60^q3V$)@tkrHc66rNcoY5;tGkFt@G&wPuDkN~Y0 zumz>{YBFo9D*So*T&%A#;|J%t6s}KNVt~G=f{f1|IdkZ}**_3RjP;8>Yqu*CEUXh! zhA)vVk;K@G5kI_J+TK&@B@m<*0}Q66&ql<2 zm0yX!*yUB;X`lZ5sCG66@!Ldov`Ce*rSKq_6CHEz$;SV5Df@nTFmHV#r$-W**w|1tL%VSIAqjl7^}H1hqOc(S)zC{{>h zxZC6Qd%O-0cz0%{kd(kfsb77hQR?gWBcffA8F72p>*+3kkaG7owU@L3ly@wio0|vC z^)q)j_Lj{r7HnT^CCuVD!gL^6+3QPBy*w^jOJh+_>8KX)%W)m)|9ArvYSAvZ&%#Rv z#|bj-87VEI;i92&8XT>8{^3Oyg%z`B9294ed$))x2(qiXVHxWCCF*5rqXlkkrfA$d zx!sUO1io**@_+{PGNgk8+n1X7+0u^L6-ta+h z`_ojI_|8Mt7m!E6%BC+N!K*|1Dy!mgUp!;6*GR@}cyc;R+;hc#maK4iIRl%^VcH8-W|wqxu6IibZEhE!^5o2st~ zQa`84nHYHr%kcGV8o$CIA~rV!O#n<4YzkHS?-mwJ^wW)@Byceekid6%FAOuTu(H8& zwskQ*%eBI95y^Q(KIt#4_-;X=HKsaF%mU-B<9Y7nZ$8f)efi6a{TlDnHyo+L`MART zfuooHhh?jJpWSZb`SXoqGBNlL&B+XoIDD;-b4tC3&B)qBJ%S7;9}zPP6hB%R8MU4l zY4{XC=y~Zoed)hGpja3sVk@cq+51fB5}e^s`o0sHEuM|O!&Apz;HeE~F5FMioZE#K zK0ATb-olYEc-Xu8su|~la*dshaXYv4>kubHCF9@4-@VTx6;zJi$NU-Dtu1?wMSM}u z1skmM+UBjXSkT2)ci8a?WxR=to)Et#TA6rvFmjP`*rCQv-+6X6PiFN>eV zx2_*YmqF+RhEJ-tGM;(5O=O;ua|BMGg2^+{7Px5=t!TdZ}ebK+NtDAkiO!|o;cm)W3F&kWMrwb7jM>;fM3yWyUvYkgqOt(}cSJbdJpUeLop z)p&26)8tE8fqe{QPOVnFIuH-Eetl^uv5&v>({|W$^N0`D;=gTG!=&QL}qq+Kk$ z`IEoD0etuSAF^K}kxL1IVVwONh4SzobqrC(WzD>wwp5FgBrCl4Qls!5BZ`9y4P`s} zfu*2!H|_gQiz?h_c_OOT5bm%xk}2kNURT0Vn$DNaYN-}fXUd|QlQ*pa7r1VCn3Rs+ z6-5@HQ971Th)*TiQ?gsHEWdc%#OMcI)3n|Bx^OU)?n=~j^37E%erL3VKXBTeMh%X$ zHe|~(FG>-8;pKQT9SvP~KO2y6{aQD5vxoDfX#WJl#DK_5*Of{Bi96IkUbk6+dp{+S z)1>hSKQuO?#dgQc(%)g%YRye|hKIzjr=`$tVEMc2MY<6GqZC^vzLP<+@uDMFmBT+Wwc}zX1+FDYod{Z6fGLK4Tii>Y-NlV5MY{yVFC3e?sKd@Z&(%L6SSXx+weUx zsF8k!A$$1s|{ZKnV*ppbK+?P_4res!8*-fYW9W| zmR?^3G{Vz{OyE9tyy}I4_A1s7{Ps9LQ}PnGQ=HOEL9I;Fy>@yZ;)MMizHD?7@-LNZ zw_SUw$`e-06CQR4BfqPOy*>5XAv|h^Wz{exPC)1I`GrbPm}C3T8lR9oV6_d2I|O=n zWJ{PJ+vd8bb%)d(b}IZoGaxGROWWi+T!EJF)!$HB0ygk*rjZ>Z-3tbEq7`1Nt{G(v zV2?!ZUSzhvA6U&XFIutDXN7 z#4AI0Z{$nStC=h{z|*={FSSFVPfTLIL%SwEJGtf6O&Qwb$J|Oigp8&;A#GBHJMI!u zeXpgxd(~|H{+&RZv-_cqK2EQ?X~zM3So+kHDpv_E{DW$pn#PfO<#D^h>WdA5xo0=E z0)ye`3R5F|z&ahfwO}~WT~HddQaiPtu2tk1b6_Rs|1+3$ZI3NhW3ym!?e=S#r9o*I z7Xp(FVZymUj-E%z|H%aqhIqvVBrOCw%-vBO5{rrRd{?gwH&&cFIrlu?Ra~M^JSS6x zYmKOR`Emj?{bWroJ~}uF7;NLIl-9dg`|?mmX(|@i&3UDBV%r3SJ&=}I z2QCdL+x5qWo}D)cnvdnYm-rQ+=4XtigZw%CjzBx z??aeWWMN2*h|SI|RQQ0y5?c?WC^9#Z~Y!vwx_RoY5pf-tMVTTmFz5d1V zdnuImv+fWyqq8Mk0f8z{X^c&23{7>EAS`auhh?xhG${gKi464saXOTz^gnO?*FWr@ z0si4#I5FcpU1(svmNAoT4hPD&GRZuGK1STQj_>v-O2{Em)dQ9|wHZN!0&4a+~6WPl;x*7dN{U(#@so&^Z#J@)i(R}M1 zm;XpIAUG7t&}2Jk!HR`*ZP4Km?cIf{DOqSm@e1v$?yNIYs!v7#XIQ?71@U0zHV;pu zhtuYKEko#XHCx0N8oQ^9#ykb99Nzbd*Y1lHqPqmUS{%vJ(Wv0e@C7QEM5)}A-R&KyIQJ#KSI`Zx! zn5!|nng0=ZxNI@UwFzB_07WNA8sw+Upztdded(3J^U--`Jzg`x*>-Wl$+SAx^X2h#PwC<)&Sk_=&|dGWRvSK- z&*QzHl*0FWrWw1PIgF#yM@PMzWU*S(2myXtdl0W5^JW)e)|VtZF4V zU~eakkMB#Q4T=BB6ir&24^fblqotv_1*!)k)`rqYK}B}|tD~upMvc|o(=7O@KM7uG z696L)J&n~l9@6}-!uf<9pj(%|2guK|-(JonK$ZrM``WUr{MTef^>QEZmtEeXR8T`i z2|2^|T26-Ev~SOc>EKx9E)B|^y3I%%iTd4LSG#@%Ag!LO9;FX+-7^jJ3LMYiI1;B^ zZmXP_1JJqm60sk;+!`e=U~zXgw;G(GMuIS}}oLUW0D*)rY0u<5mldre6;SH&Ea5^#4iy`E>qm5K?E zT5?2Sy?F=i&x?`&i3*jfK6n5#WX<5D24!TEY&;I8{3Gie4Vrk*!I`OahHb@KusG(R zQ5+^NZqLb5P#mZ%$Ha_4@>H$$d2?ib5`KtA_>IcERO~j`Ov`S+pYaes^@>Y&&B&@P zZVqT$(smnlJxsEzCg$xtpy$sO zAWH5<9W1iT`C6#UH_x|*-+Q$-P#*rsb35*h`Ms5^Y;`*GH8#Do@AoOreTw2YtnJ$1 zMRpT%HJT@6uETB${A>^&%#le)_-wgINYd&>lz0>q>+`POgTkL3JJisF((Q)8Z5H`j z`%o$OrLHrrUR4MBhe1*Ir~)X;2P9rQ5nKHj{X?QsX4rmtU+co7+pqaXQu4)zEh;+v zBP0$?#RD90l1yM!B_Jb<1Wmk(4B$R1pUk>M6LE1_(di`7OCW|wAz&7=(V75#G#&kJ z)jG$Hxps?)1FEJ6U-xguIooY|DAIl*tO&hc4Ud6bTpNt{|BR$}`7wc|l~VvYdEZ8W z(|cbk&*^H&ZF7-REIeh_laB-zwNIQ>k~=is^UY}*L%U=OV~WF6T6P-OqA!swvs5&a zK_o7K$G?9Cg(j)H^w{^niYhG61S8|?kK#y0Ec20C}xzHkA{{VzWor!HWu+Ql9 zEVuF0;R{j_dc8Go>p>Zo%HAEs-GvxDU9Ws#VPr?8OpddwI zid2-WDV-a6;iCaRjkNtYk_182?pFe2;-he(|8;A;{*L|{t&w9GoG;wtCArug_2-q* za?UNWwaQEUuok~@VdUk`qrn1Y*+$Y1^FLiTUhB4-qcV@$uP$EMyZ-E|SG|HMU9%oRvSM&F=m&2!^*%^TYM{4v zLZLoQs;QB549e!?>(pjF$o{oSHFcdJtfk6p4EL#B{;&CdAa5bsT0Px+hePvz$Qrwh zO&t<4_BlEJ*TYBk+`pcTHw#pBbu{k!1m|ystEj;fqB^i)8Jg1PVyT+2CKHT#bznOO zt|`VoLD_aKPe6*wLx!&-(vuRH#wmN<-KP_02Oqz+iEZkXguY@oq~mo*w&`4~MZ+>6 z8_Exd$=ZC(qTj>iD~+-Mu(~01-X)h>B0=HVXj1E6~ovE8W7Dz zqR8r4@INKNpPFYNALb>NdI`*^D!|WSw&tD`8rtv0e5|`Y#1=uo-m+Xi&eAW~`6Epx zdis0C`*eS7Ewjf<>=4uBkpO)^7c4h#wDJp%&1g`*Pvw5|O1K&Fp8e2N+w@~ZTdK~G zB1TI(%Bnd__z%fj@Jy~l5#t@v%69v8R1~G~vacQl#Jr?hs~=hb6YJeuNr82Bs@`Mg zsh@*Yc@6b8u0WY~Xh$d5i)N;gSham;^4k$zOVVna1usd{9|CSZ%I|uaprvBnYdPYL!UuY>2ReKukDIZWfASL@iSZ8x`z^5W^0g?V~Uw>ye$ zehr?RN{m7~j%7wquN-)>*Hpr}@iFK^4(cm~E<=^zl=1~QVv;nqKYO1sj8$PNM}%}w z-^Q;A^T0*}NlQg46BWc27|)2&2tRS4d@VO~Iq3C^1J%#j#AZ)P`r`45ZlbPw#G70( zg`cYi+UmJQ;MBIh%E5g-x^tFzQfub?U=xlbAae;7px^29DE*eaK^=Bglnbra;4&#C zHDp#S5gXgSJNq0H9cnrFpz{vAsm zL9jfw1Wj#QV`K~>jl7dNp10HfGu41#m}sSuQhHD6?B-Y6JY=MnsxMh6v$(sim?E?$1@>tt<;i>sCuLYW z(Q9se1V_x8+eZ9X`n{nMji=NZc$`Uiyg$hvU{13j)aR*R{Ji||ysW!g^^%u}wNC!W zuO7&uA9G(f&syG7S-IOXo4vZOUC!t)5pT?%wh|<=65TTF5fmj#tvfGlEOgty)pB6q z`#FO!Hbv>)`)N}OvM`BC#EZF8IOb==FJfkvkFhP{jH4Eu6)|Enjm z-P@ZYB{;f2bc>-uzSBV9ndLo)F51k55t;1@E8pHj%E;e}_c!(ic`zVIFTR$!$adgj z95yiuNPZ{aK%ul)x-VJK>E7N&x#%74J>|MYE38xIF3&F>xsrU#U$Za$;8{s%aeSa= zKoZHcgWr7_Tb1r)IC5V=b8vO4tTXoFG0{*KZs#FCEig^)pPeb(j=4W__NS0=BjJGO z^_*)-3|<#!P&Xugjc66D-Ds000b?y@B(eFi$nRE6iuakLnB0cN;sW3HifP~mgk;a5 zPU7qo^N(8c4a+3mGcL<3(

    Ca5F$kg?&u`bYMrO4@tVd8s38KN3l9cMxc zR908fVi^Ka@S~-cln#TYQpmooU4n#48z^Y(F-t~JIyhwNz+g`?zS`pZmI=@whEhr? zQ}PWhhg~T@E#1(76$d_-j9;r}F&nzK>$1*|>!^vr<0~c%YlgS-5Doa4wjBCyJ;BGG zOysfq_U<@7v)a^~<*64YKKC?Q?mfk~4P6w>m3@BzeJ{@h&E_T8lM*m*sK6x#=3Mfk zlnJB*5J2G4p2Do??Hy!G@UX4diYFG^;YdNTRZpFTK5sj}jIV(2Xj?xMIa5_({I%qx zwFuTiLA-pF^Nyu(!B6|TYm8aWFbZChSmQIz7>{U?$=5cLHtt~6#@QR>)r%LLej5I< zahoyIV#y4dVfbeLr;mg8pu%?__l|!zU4RSmr2RSG*itpQefz{-1- zdcbqI5*p0r8c1n}V;e|f)8CfhV@@tcHT;Q#JgoNg1>JSTC^9LUgvt>M&9P6-kNdb{ zP4d4gp5JD46FW6iFa%Mn2+2LLy(^05o%)YO-OL86gJRAWf|wvOyCxl^^~6^^kFQEyd)~ZJNd}Ia|vTVnXmMB#rm{9 z5&CH>{LE!?8I>8X)Evu88QQ3sOU|BV+3`}_&`XBY0mUX{#CmeU#diC=o6KhnpJvZ+ zA#&Sg{pBa!FmzlNoiANpi*>)nH)ZO_@lE)_)Z&vc6J>#n9tkh$LFa zPPNCb+eWqAliZ4T3rScL9Kn5iJIk8^v@36ckF4pA>Q;c`~JYgUW=CER{ z7Sm&BPDaB8Blt(W04JV}W-FaCVhT#|Eia6F*Ey+Za`^Y(S02w?LU1jE*!=iua+b~@ z({k74EjCX=>*`_UX2>2{G_ImI2ND;VX27dN4vHh53pQ@Hh`yP#4@kalZXoZn9Z`^c zVj9^!^+5L?7cx5pml9GSZ+Qd!Px@c{51tYf$*2fVnblwds8s|8REhfx#)5(m`g2Jun&!fqM)k zJP{L6aTXV|v5Qzpt9FK*qfp>EMtqcVG z2^&M8McIl$0{|@`>~Ok!s8YRT*fGvw!nKol^9JPO`{y1!4wi zqG)kt!~b{N3Xt-g0;4{bPGg*dUtyV}rWmQ*T0VMheQ71t@Pjh>H6b|Lv zJ<$wNHVBO0={g=49btMvZ!i*MlKwR`bVV0n0cQlVHs^3rPP8#8X-+AIvn#MYd1hom z)%O^BKu+3kaTq?cDg{{I!a2-G@$NVPf?KIJf6U+L(^=9{h9Ey4uCX(@04W{G#W+av zw8(F6uB>a8;WEoV@(SS~=664!OQLYt8htB$3m_J*3oxT+furlPHi95SFg)L1CKpEN!5F>(vBvwJWNL!0SNT;yN9s&;6GsE#meuD$GJRoHw9eUW) zF#b89-sV@@>(W8NE2$9tp?hBEOGssgvG(Cr-0ob8iXREdm zZ(x<<`Z5eUHKnh(7mz1Ba*{+ zJ8?P5vX5`Ab8Nakj$*z!#F+3{OExM}uP|^t1WIx%aUAA`O+HwY+mqQC_+9=0IGqC^ z!d%I_^NqTfhBrw(hvC;$F=x{D=bO!u+$c_Z2+NQ}I-N9Ui|2PPrJ@I9lD0cdKud_-a`IKqzU@p0 zfzEdH)O*!8v1~f55LyRGWR>c*p-95W01~IK!AZfRRcjyVgT*Ta2^&o~gBC!@&X6Rf zHDGg|eD06u23R0%0k*@9l(y7vYXdwSNkzmKu2Y@#fD1i5IrKa`{}}NhPURreMxK1n&hB-MCi0y zgp`oOu$bSy^G>e&_=4>gMke*BKEM0+Q$mhqkD9%T+{1o4@?K)LMvArRU!8ikGC5eK zwi}9s*FRrfm@i4xR|Ej3-f?)ay_n_4Hgh3n0_udR?CserQyfRZOT~04%r0HPvO4LGrTv`7A)QI~OEUQvfVx@>-ZI zlvw6T*18ueSp;BE=P@EP$Mm%TSCq@? zdt0vW_wJfOCCT19Y5Ky#)bX??195vA;yk>aWS70gf|&M}S*Y6@v{=b!emiK!L@;Zk z@%B)uMFGN)3VGXrZE zBlw8f$FJtrCueigO=WyCH9J*KhFC`3d*-|^dOIqiY2p35x3HV@CF~sj^y3mcvfMP^ zvZ!#8o?RZ;OLXcU;<{P-Wcm(zYx*O4U%)%-Gj&(;f#ij#8m8S0fSHq?1$3ZfKPI5S zs|E|{9&m|Lt&80|BTz(6qt>sx|5f?b8W%4+<@&AM}j2RW(72f*$eN|DWf`W=FRYRZ)gu*w-EZ)jr+ zF9NQj?M$Q32lm5kkC62{+(aBl!kI`|ZTN{JV1d)%+REZ;>mx}Lg%91;C1WZS%exw65B zie~kW0IOP*@%^k;%DQKs8|RVMhP|aV52BUqaB$AEx9sep{jRJ~kv5Cmj7MV9c%x5} z$AUQf)gS3Yu_le|%NB=~VOLb?KbwEFv<%3f($ZCK&3iPR_DPKmnv;9H$1=6eKeq6I zzt2;6Cz#0bZa4MN*z0N}V^AoHNtSm=%hfO>cG#}#x!QB5FK>unPO1q}5Jd;c39{C` zpM3j;d&5vcad`KKwk?7%r*02hpfUHDgjaL5{)LiBO_@LwZ?CUjo0hW4`=rR>Du=d8tSe7=o9-PF8ZK zP`lE`zI8cnFUvY>NnkeWd^E@dJk`UcGFA2VkHDpxbz4>Tvz&xzz(qfjo|gVboDrzV z+3#xBYV?2Mg5ko(z+Kg3{j8oxJ!g@UWDGzo&mout9lwX=ETG2fKd=#xpCwqgwYIoA zmX)}r{TljqdA#K42sUJR;mb_M2gd~ZnRT-_YIg%MVJz!t0MOAVQSHzs!5-sU zKI^7OdpufGs<>8;iD5*xkZdwWC~@z-QKaaNvH{*+HDgC0{FGCFWnyvt5};oZkK1Ke z0nu$y5+v3pHC6aUzn--=>joh8S+_GS>yNm6gZKF6+n)0&&d3r z!(|k&RxV7Ek@&9*2(1Ey)DKt~1+1EWtI7Lo{&|;BX-OxrTP6<)zojKQmxgzw)g+A_1@uZy#e328WlSt_DT>m?>|zUZ zE}2=%_5xB4t?J*iIG{)Noq`0OfK?^47~*NaFpI&mN2pOO+o|2L?~kLU&nB)t+w8#e zrauN`sw^EH4yR9i99Ee2qgP*CPn9H`uz0~f4XM70B0OkmcsKQ>v}M)hg#c%hjEdjq z^z9!V@qe}S9Uexm)>@?I9)zN3+|V_O7sU*7vICfEIL&gWS;=$ml(KmAFsH`$>M z1#=P0<}$!iWz?7!h0fFJV-ny=1d->{G(&&}J18Hu6%DQqgr$cGHm;h&5RDzhwg90& zhBCuJ0s}g2mmfhKvKBW001zsKh&XvjQBdF$SW@~oCp2vFYtY9n1G))xhfijQVJsvA zlE&V9$q&pkXnGLuG1gyPG++B+Ipt9Va~qh2Ucac`MDK%{oTOQg8Y17s`KOYvaPEo~Xtodm|A#8K!;tEzBoXZiPb8T&k6M>*!Z zd7?ElSK0Op9LKcs<4P80+$25E%ggzG5^Ypw$FC zB*2&9b!;kJwlh3!4;BVy2hnI#nSI)~@%bJ@IQS}ULi|*IxU<|Mrw?6%xU#-TzK^*6 z4%gx!3N#pz&L#`QbVf*SC&ST()SIzh>L~cXeZ`>h5ZHosCiH(xSsBqp_fexE&cc);M%!q1xyVm^tTl$0`Yt{P^)c-`DCZ#2BAI@!`wYFUpS?C{^M zEN{94ySc1TAr)T8^Ses>(BgdQQ4cIVG-wt%CPWD4c0E{s(|jK(^z6L9WktZvqJlrb z{LqZUXHxcNMB)esuCZ4;Z4+w~C{x84*R>j}4jw~5S?k;X9zy^^`$QszP%-xkz+CSi zlH&XouqI#IyDcC8@ag4rvpbH_iL&!4da$W_rse6=PU$fCu-L~80K3fwnmD|sFI~?9 zWTq2n!((4f4YHbLg=u@!rxFYQ?u(pCN9P5v95@IA zQ71RIgqT&8&mS~LuGkdqGprI&y^e^b{5>NcZ(~RxR9MDD%!&3KcZK7En9ywXFy1Nl zqL3wSJt(p_-gh=XiH2H;o^IBDNnt$qyw^Aj0;095(f>2-CT;ej91 zD0cL2Y}211fBkUM;fI}izePj0_GmKN6|Rile)8OMP~YG=uHoT48UP#^>$@3wFAH8T zm>bj}q<}vc#V$0u-4K+s=~h#;T@MW~Y!8@@{P)r}_<^t-btpZD)a5wxLIrPqOg$$kk5|`5FZOBl4Yw6e9rAGpkHpsoz5M34gvjC0Uwk`ZAMk;8`|pt)WSaNHJ7nkSM2eK_UYRa~NGW$VNELafq1g^U74+^P#5pyU2~UE|+|pIfQu+r)un+ z6^OT_t0kT|4K~Xq-L#z*zch34XQRDuLcAQ(=1SF-xFi|reRvqyr<<}VCf8?%?<2Jp z`;oRZMf&B0W1$9rKp&%&qcF%B&FLLKz|>1MFX7PEDtrYj_U#TMI9NY9gVV#2bVyA% z$2bV|Y4f9FaXYpE@HiOoWE z<8)}|qLlF_hGP=+W||+WUL>f&{+--U)R%zVLt&iJrET#YT?G#H!~7yFHikrCyfb@S z)KC5$Kdn7peYN;GZ=?BC?b{oZ=y+j#nRcJqu$dVY6|!1ZQ|sTA;$b z$jtWc)uno`4SmQmhL8lb&wspuBSc-`5E`5S;*C!LgYeZdBcnXO?}nd_{@y-2Iy>TD zHUe&VA^6kHosiMUuRcxt2|vyLM$(4IzP(P1D!IW-R~mP(5E8hGA!FK14}f^{WTRPS zX718r$R0bV2$TD2%l$()L!arC{cF86DTw|j&D+JjwYRR**=R#sf{#*b2e?c{!aWqi z<3Sn%Fa>0JTUp#$`wN?fd+T8ov_q%{kBPu#W<>(O_{;_CZM!s>ls1W|5oelYc@azv zja2QNyQLAfFCiVhM*ZV?jJJJOwYeBBgRKg4th5mokfKB}*vseFk)axW;XM~`BT$jdecPGzA!~B0%OE3S7myVs|qZg}F-yNGtD$gng-6^pfdO^=Y zYoEe5R(LhAUif0sK(L;`+oo5HPflO^-zNGX|E+L*VgTHbZz?RZ@T$*m1}$U8`iUIe z2*t)|r;`#}`3H@BU$!kmHjjQv%09l2!lW`kF7`0-KwS#_Mb7*87!P@CC4t~0zgxzq zx_;`bIC7`Kc5H!5&oCxDp77G)jd3-fY!!u@Q26XcKu9l{xNydKXq24S{1R2; zlEe7XWd8FI&hX3gvZcztVViVD;vt46st1BKGOz1IZTK26|g>_`@dQMv_JHxK4RoFhF0Cx zKGPDaK=_A^_kiMal`8NksslLOfcGFB#Jtw?D0~id!LF0=_kMjE% zV%M|#Oww_w>wLe&x!SrCT7{`XZDAAYdvSa|+FC(ef__@6PZefOuhIT!cU$!`R8C89 z2yO73B9HJ7Pd7jKtr;G$?ArYF66cSAH&;}CyK+81SjzZQw)*mfbf|Qu?)pm76O2>y z`VR8;3)fXygji>At66lb?^Q6Edy+&xEJ)7bUA_n5BUE4EgjWUeSe=lF{o8MLANA;^ zXQ=~du-C`OKY%O!h~V0c+!be7S8r@J^%<&h1_7kZHTAxav0_}0B?et*ALnF{-&TGA z?y=_r=+1K_pW18<%F3}n%X=UB;ICz;0It-gUi@IK^Y`b)rHr%4=y4TNo9+Iu`E^r; zS-(WP&~(Paqi3meWgKZA*SVo1;i<>)HZeAD*ZUa)mNNoNE%#sk`+GC!?kTXM3bOu@ zjO{AfVt!klW!@4H6k>I7gIY{n5M20n@6{r6tBY^cgO@h12Tn{B=UAz{{m1F(ogU^$ z9Y1@&J-6@jXXT6EVPt-DjgRr|wM{3Qzot?nUF$8!XUkd@nLC2ZKOWSj5_Goy^;_d} z1S5v6i|fIYslGmimy#|_+->6mrE%OC_2;TK|3XX9IVF{Fy?uUW+%B5vKo4yJ8TS ztB@OjiZdy3r*k*4*D5XAm&4MB;UM(0sN3Hpi(ftYmM=(SR%LwlSt|^C*G*}Lw4i?lL6Up9o%N6UCKhB-A)9&23&|rcr0%nAW!G9hp}$^p_3pKM6Vvo< z-vF@oaCPI|VvkbY;x_thX$jC0oI4Q=08Jr@gnJVhe$G$C1Mu_Ji$5jaowOOlgd0N`e|<4;e){EGfV$=St%G+ii(R9|5r6U$auS3@(Z%dq z8mu$NG;|=;?`uJiymyrpI*x}3%Yd!E*)6JplkS{JlVXhKJ73M+q4&#q$h5E#d7Aa| z&9~=Z?vbCOPY6Cq`AH@`pOONT=Cnw}2mJQsH-to3y^^0YAIv?{$h@m#1ETqOA&{9@ z3Xmn$kz%{DMZM*<(Lz%)-d9Cdc6RDarDzGUCn)dGuD3&(&Q?>`I)3UAB!ryYN8d^B zyHnn9O?qNRl64;yv2M6$IqIs%8;8`jx4CRp^-IW%l}@rCUb-JBe|m6uH%UcTUGa)w znlA0ur7O}(fl02q59EkVtUA{jFr6U8^#{tb^>X`7dJN0YK=3N>)W(N+Wkf-jzQMJT z*RKJy3BXGx!2icw z)%|NYq7?YiwSbjIk)XJKgdlaaCaAy&YekStf|P{NO&T5i&`vF4eX4JeAKIaw#J6Tb z^x{~K==gKqBnZZc8LK+2M-#w>R&pN_n|e%O28z@AG)jI2MXl1;e~eVa`$XdMeR>yG zG?Xq~uU`5*LVA>3&$?%?d7`O(mn}x~*PRZ;zsX6sNTdBWcatrQ57&6E(eNY2`*g-# z6y23ovToc1n6bdWa-4Y#04y3fw05rK8~KducKY|^R{-FE(ivVi`Oj?@P5c5l(a!zF zvKpYSUz%Ki1Si%{_vb}=dPqxSyVeX+PrF*EC~gCyV-JF`I?JF(gkMoAHvrmFe|ii+ z-rWX%yc2Us{>U3^^jdsNg9WQABJW}@+c;HsI&0xufeyh&>S!?GTm*XUD@OE%JUkMG z`~-BSJ(!?jI1y4-2-iT1yrMQ(0~Pcu9%lI3hAd`FDrn;fclUf%(*`aay{K+}Uaan@ zX?34qP<6>w@g0yXD6|A`U%co{lP44+Fxi692GZN>PfLSK7c`%m+Oz-yK7AMI6gDsU zdt>^0r_&*qPu>A|kmR&Z>_w)h^7LURPm#zs+KHO4)AE{P%Banf0Jw3+U=Wh6Za~pz zp!xP~=zidYhG;uDK95fr+HocJu)1Y^rOJ502@Z#yJ%VMuKG||aX`p)U#p^_!^)0R6 zqPn7d?W>$yy|lx*Hc?-mgLfJ~cZ&jUhdd0+%*I8;s!p!LEgd`eon8rZ3nfb$MD^_y zH-(b(!N$4E(Y9)7$s6pv-9!HLSsnBh27-N}EF-WS#*&D3bB3X1Ak%L4sItj8SkhpV z%d0gGo^VW-l;*7YppEzVis;ifz>?OQ|DRPXL4)UZV;S8V=bYR#fbujc&mC2ZG*4>O@l(>j*kA2nItLR+_PWk2Me4IF-GHf% zX{phzmoxQpxf-&a0C6QLm-pQxVGc7i%*YI!JXE_kabx{iKjKgrW`%rVXliOv+IPw3 z3}aI>=Lk15qd|de5ICBX*!QNpk-gw;p=p{%yfoOaqY=}O={DHbmxd(q`OW_X0PZfk zo**1mFD(ajrChC-i8|Bt4YGHNssz>#O=)Znh*sF&p>ond(|Yvs8!80L3iLv$<9)L} z$2RT#E-z}{IIg+p+((qn)vEd}MM_@CKE81^XsP1$tNBs!zhMf#bJ`R4YoC2qJ4p-R zcV*fh+DS+Y9tTk|zHa1&-~}`X_)I&J!W2K!9L{ieeT)4PiyG(2~BnK6Pj+^`ObVG=!tkfgJ_CYHMgp0A6S*!lg^YKwIfH zEuW4cBJ)2TC}9FSQ4{)cl0uyC93JRrH)JEx>d+%@JnF3ZKIj(4VzBv-AsUTx&Ea#_ z2zQ;)J)FO87*Ee`oA4kB)URadiXp`{*CgGIROF0q&>WH(=A3$NYL7W?aEzYy?*(%& zPqypHBv$y^i5wP7>#eGDut3caxS7=J?GsWp`gGMHD=Tq-8LKLIS7{#$({o%IBorrU zfqO4!>cmkhxfs{@XWC{drBrRS#XB?Q>D)o~W8pAMxjO?saX4V}NDiy`o@Eo`gV1g- z=O4UYp+jwbNc!-`=g?oHMq_VEYfh7&(-pj}<3$I` zhDj5-Ih|frk^NEMz;7bp#mitoJc1JN4$Oh$e9wh1idk_hrogx9ACnaX$|terOxs6m z$muOwpd2JQb`|hHun;a2SO``K>ao5IReC-{R6l<}u?P{nqC|~Q`Se5~$W6o9E-^sI zfG%R^NZ~J074IpjBIf@ zddq5+`mY#@j-I`YE2vg~yM4O@EBsebXCEk_4xo;Lq?=weNEW~)g5b2`806OTq*!>$ zo9Rf`s__f9gD{SW_7qCrC=HbLra>RTY>GxL_07<+t^(#rX`*<{lg`VhwZ4)UoW|(~HK?u^6wOS@!kd0C1OK>uR|9TxBl}GLbxcXbGd!-P( zN3T3dbPQLZrU!q$pHtvE9+_dxBa}xNQGKFC*#pt%GV74M=B)bK5u*TYxJcTSJj;ilJ^qr0=vt#jb9p|jgp%= zqiMa0E&Mp*f7}b~5bmSB4RttkJcElN8`^GJT``OC8#rXBf~N_}(npK{Ul1EU;?gyQ zO5;#Ew_Gq0M-z{4Q8xzZP%JcZAOSn z?mmWCR^@$u{$7s7$2|tjB%tz@RedlkiiQT!dh?b2pc!SQl}hYR-z9|FBq+2%{b~}I zm5goe`^+6l?6)wnBFL@Y39?fseU*pd?)%KTTQ+2ox$5{;4mUHHWG~+wr&p^dJraev zF5D;Y38n;8l~(uusqurLsRWDQz^7Gjf9F5gl`8WhgX<~)gOuNeX#V?cT2^nw){e4z z8-X~Q82f|JP8j1E6l-+e^?@2ETcq<-_KSjSk3}7yX1ps+C%h?hcgti%eTnlXfQ?;xG1C0 z$}=4F2r$aTy=8*jaP3jz7_4%X(Lg6q&&ELefHS92gLoie*jgCh{;l2VzK>R(&iVkS z?Xb^{m?=O=j(w$=_Nf5}Y@W9z5P*|p9^;%4Pi5^?Ksm3!>~`gd!)4|=L%;e0+nW2M zf8+yn^?T}7=5h5xns+B;SK+mQUWzv|3(VCkwa-X&Q(Tu0if@`KnzEcu%_ou)#{7~5 zUWg{nbMsR3=gH*2!m&0m;V=QO)+)Md4i?>63n>gvxq#oD(J=7FbKv$4{Q1RyV8w(D zxONwKCM zQaiH4X1kqMu+g6l`J(aqY)d92S#zz0>=?cEud@Mp1Wm7nqNFZLUIhzCU=fPbW`r;< zf6^)Kj{>p}+-TZRL;2~Gs5mon2JEJ)hJXkHC&HYsr2(_!Lzeqg@Z5wGTwJ3m`=bNt zl~0lHu@846s(9N~5Qf1u$4>*st=H|<-SjZ?TfVW{U~f)m18SLf6$r+T=Q`Qpy`tg8 z{GZyjB*8wN{QdXU^{*bQNDQd<3Skr98q;0$FAV8D-cq23G2>LlEe1mAhq#wLcHh6v zNR+e0Dv=M|qj%v7`YCwzBo2T0x8T^Fcr_hhVKt=pd7S#V* z66rpdN|WLqg7iMJ7)rL(GI-_jM0FFsjkd5JyW5G8;wQ@;v zPly-galptj>!3v5*>N&3ka;oG`~3?QCP{^o{Z_B7{wpz zCL(R)#=5>m#WTKn?P&a1`tPKC<@vVpo==0#JfIQ zy!++9>)s}P&^LJf$$IrZ^juT8Jl1>joJFj)=cQ~qcQ;HCJYJ{wpTDi=le%#SVT6)A zZ5m;Lpy(x?pkZ~6n22>f_AdZbQqd%8a|N}D-zpz+R`OoD%sJkbrn7ne-T3ASLPDXA zKr$Nb^SZ=O60s2g>uN$ph0dS>&xENEz#1`}}F!&2G^VNF|%n+XwdEIdq+ zH4I|?vwWIVeipGH{ZpwcJ14VT&|SQ+&GlmgV1w5&Yx*%%kB8WE2!`)w8HLsV9lw>M zSc@nqcLmJEqs;*xoP+qTB66}eV#Kr%@W8%EH5~;K-S&w$t_B`}9_>23qI^ZH(B>>Zb#_GMxzZ9hTdE(m_COxn$9WCbm)38z6JS z401=*^{4!Az>gT(u76!yOLO*>dAYHL52*8di56`R89}6!^eg0kW-BKR9CUe=b+2P$CsY~^8tMbcH2TuYXwZc6MvkaaJ zE?vZQV{g$J@DKP2ti6FG?)~}RBD0v+TkX z_W)oRUP)eXiySpH1o`V7C~I1Fw1+M*qSh({Y1^c)$elT?7L!ON#&kdF6Lf)XPooLfRk{<$0 zZqD95I$SO?0(QszORk_(z#%$iTx4RH#A@QKbfjAqwjNy!_HP5w`RW#2{<$OXwvOnX z$mYd6K*mI!s47rtVwgMRx~f}QjBANYTUH5L+r@v@tSi_Fd&CeYPqT<$j`q<1+T9%M ztUt(H9Zjm6|75#t1J%=PAyyFM@a1qWRl4oLYw`gr7CCZpVekcErCHckD)*97EI7>y-GHixtZw~6Of3Uty*`zP|rbM4f}sagM9pnnFx`L zEm^f2)Rm-#bAEo?RX8II23_J0#(RijV}fNRuT}xtx=VV!y+xF5*tCwhzLxBL*b_&v zz?qWsDc&>dP=)&|?mC#MUuhctlp>B(^|5w3_gP3(t^=I&L zyP#Zu>-60&(Hs%wgDEesecgJWHJp5~Dy|vFXZzYS&nP8cRzJZa@Oo0^P-=`$9H)4y zBnxV5ZgS+#$b!>ys6D-tA(xq^rj$T%6_2=(xUTrK)(^qlqXN^PSs;Y1?K|S)5o_YI z97o;qU}g?=!o}LHZOU7KQI>ZCpiBPLuGLCgR@*i?`d+GJ=Q0hdtuZ(2FjklCAhvUz z(B#wL;|t?)By*g|`YIr3Zb_sm>dMkK3F}EU%|1?MyL4^Rv21g`IHGHo;?+hNMH7dW+LLjLa0oqg1F=SdfubAHg)TrT$Wed>+=Mw5h5{k@!*ps8Mz2 z^WOZl(O5C2A&B)-c5&6MH-j&;kv+DZ3G71%dd}&Zi=!-UWRvnAIjXuyd`{<8qov(6GotgzEy}j5OVM&B zrUxBvFG|AgF()>)uF0MGq{O(9c%<{l#c9Ae{?luPyj}w*#s`V?w`3IE5c1Ip>Gu1e zqVdcXAGw%)bBfF0N}n!dRjH`%=Mk{a^Ew=<#U{d?C2Z<_=s4l^ILJ>Lu#W6wEzb}= zP94Kt`=7k`P)<}Ct^BPnzlERVrcqJGQ3Bhm#M4m@{|mPZgIJ$9^v2528qn2hsSP{< zCQEja#D$ZUc`has@_fWDPtvs^5d3AHVCzuF3|-ceP2r6tUcUvUjvrvaWmd?h!mBbt zMa%pkj(WSJRc9aV=Ge9^zGLj_Ez+4jtZ%UNmUp{G4+TdwwveUCpxWncn-YoCsfz>hY+T7E{OEj4A>HJalJ9fRVXKAac)*2r$ zfJ%OIVMd$zSeLv*QnX^*b7`if25xcy#z^IxNZmBH)%Z*C@`@wB#KN$}R z^uZv3o#Ncmr6GDl<{|ng!fWfLzc$lcvbzwvb#F@f&`|7<=~{4G2*=m#JN|TC_#5Kq$n6xI+*6e_bxs4iTTGxlV;~M&N$9d_!fX6oAxjlLw=GqMimNW#@WZO zff6pafsx}FedZI_>uFm+euIB_r%mS_=G8^O^8XaVV32CX^2Y<7critCUANW6)CW$9 zZ15Z(tFrzaFLuXko=3Xu6icFxXVbYh8k}{Lv~_qwj0AK3bZcd4F9;nI>I_Zz%XxVC z7)YAHK6sxUz>Fx`=QI>wNRj8hozsxoafg>0C$G$iLJxX&lauv%Tm8QrQCNX*>T6-v zBSr=ZWNYoW`7Z@p-KqQrz72)VyiF4iKC6Z6EAI-X<>pKYiXdz=uUijcj(i{KKGP{+ z+TMyQ-Wr^!yXje7GQVl;rk2poHbsbvsnHdj?uXR%17wK`xiyNcLardkb`n2S({Nnm;J5dCs8)=OP5?&cFW*~^tUY`~ z3|tMw-Dtg3B)6DY#DH}SD?j@-^cu{vx*-Gixk$Wh-Qs3kisS*NfA z_(Kc{>g#6idLQXd#+7PUjDFPom`-i{QX+R!U6@to2;sO(pr7Wa|9rJYxm81m z-5y!9MB#1T3n@$Dlz9jDS^HHJwNo1pj&EW%i`R+sz}!_V)ry4Mg9Ye!m^j(P+qbz- z_mEU;gXlo_Oisy`5d>Vp@_I}z4| zxGD<@y0~9!KWvf&8LIFOlosfvesUA(j+Hf?EB(U82#e9o7}Zmr>fz~RR;RD54&RLp zbk2e>fr?2Yio)Ddk2Ce>8TO1`N+JPy+`Ug*zGVW_@frK&8G>cm`_C?qtOO=(r>g9( z5%*Yybf2{8h~UfOf>;|hzJ3+aKI}n-JVa__p1*RdH9Ul8LXl(PkSedP%%~c zF{ntZ8|Qvhsbg?M#EcUD0pI&nyR9`dR(l{PFY}T=gL98=VSm&r*h>qr_RZcs(ivgVc zT?L8B@kT>A8fvC{!Qew<7NgbZ%^63yLaU0Yv}L7hc^pkg5NFCoGXPy;czik^QJhG0 z&rvG{IqI}Gcew&7lc6FyIGv{0UZJj zD%upS_BAV(qVoPV*$+M6r5;LB=ZHgTdO2DYT0LuEhqOJ`u9Z2Qr4BG>@l7xX^xs{7 z3IuxS8CmYbI%}<|Uj@lzap+@H#VUb7&Rv~eYg@?!+h4_2z=p7igr{3(8d;8<+z#QV z3F0?aAOBx1fOP3`cHGp1AUVZXK=N!e-{XOkJ{V%a9e}hPF|`d-ZRKKjbAM|h*Jc=bYo-MSpdLs&Fnb}J<&+QH{S2GU2~>CYm!^8^>Cei32D z_(R=*F2}fS68o}N@Kua)h&nmC^IHrhAoFztU#ybFE{C+0ekmOn$iDiuCZZ-{e!Q=R z-bm$4Ywqh6mwAR9GT`aIU!`94X(nEik=sIu)x8zjoz=~`mV<|k+g3^5LlsZoLtS8T z_^p>bzO{-DI+_vNX?$1nTFy9$=HyOmFLi38gHQnq6NLWx1=)o*>p1Z=+lpYsi@x)Y zWWJpIWup@hu`S8_-ntV~Br}ocfZYT>=eQ?`omaWlp@xrxUH^U0=SxU6RCMr`Hz>Be z-{Sk&G6<4-i)SbK6HWJr(5!TQvZEaMg}@GU`}xM*Zr*w_dl0*vnVIdvTAQm7up*2Z zP1fw`7^uFcy!aF~tB|T7#Txh)3zlDl#{#Ph<-mjR%P6PBq^`sQCTNfVHn4R|=C+JZ zvNmQhJ}xHhJL|Hlb2fk`MAR|pg}3Y9FfjMD<2fVhm7J-8ja9W=w-2zN)pqx9dBSV;7W>T}KJn6=e)OCn z^6;<1@97;s_wREA3wez5U(r}XF_~;7T@;cLA`s#oavJb|+Cp(K#U9>A8ZAVE6}c@Xy;=4*2Kx-Un)hKZ zrighc-s6N z8pA6AfY4+U(p8X@gQ&JytF4>Yr{=ad#tI*##pCTR54>%cL*T@06HLP<|3-^wRC6h~ zrp-|FePH%$|2TE?*Q88oX6qGc}=eQUpQcdxk^zU2(i&nFC z49Q|ur7ojD6unN#r`p1&lS$M?ZsI0sAK(0}{3sZ{*mV(YF`)^)pju8Mr7u^AEO3PR zuI#jizv5lodh1+NM&CmDSj^li@KwFX*N^5AKQ73h2C(!s;2F&*MZuKx^qh%>@|Ph` zU;qwl2*lVsl~T+_3w`949CxAjkP{L571+`I-dn0a%i(};(T;&$ez`lh4y%e;Y9Qye z=Ya!yFmGg_4p5PCB>fQokci80gfnVbKG6dP_jD$YbRL96C`~{r1;km}V>)_5X;#&M z^-{(W#t>Cy4Hg(@7+3zOu*=zM8i#5m61hAmqVCS8Uu|=IcZHJEMX$2_#<&B0ZM@>e z(xS?aPX}=El$`r0r&wC?aL-_eXdta9ols8A0Aa08={Jwjc@iXd;<7GH8%sStgoqJZ z&nYew`KE~dC_l%us^DhX&eYN0VzI2SW4xTB%QAn``K+|?EnHti`f^3)r3KnaR3#1X z1HM5=c#d>1$6vlJ?=dBQl}Du|d2kF4`b~2JWlR{jy9(r%+lJP;E(Zf62wM@7RpX+C zp47ddjqbS@RXb=*X!iMiNXG$=zbon-F(EU+@juU3p0cI+?gFqx{Rb~bcEl^Mi1x5IY&!1H&0+#NC`EjutM-F zegF4EB^}JHDfq%avwWbhT94=6X1xCD6fc54&ee+ml#<531ylHU(m3Vgn68tzWg<_$ z9{zrOt3IT_bN?lFC^Ni>j~cIIi2uy%+cJ&xu5xmkay$uy%OI;7V~E)2%Fpd%%Xn`h zp^=0acjMK39!JI0a{q=&DNj`?jK#*Ry=nie^2TWeMXzx5zAgi=KW&{Dd-9AWtS1zO zC8jHQzJuvqrdoHp;cSbxJqdI-?-BGcChwS>s72JQ_tkH-7YRx`O<{i#y{3kProO{I zx0)+bJs%NHe!z~hL|@x-HU2EHt^b%tq^cF*fpz+;jS%O{lLuITt4#%EyHlh1oNUQ8 z+aAd)43SlgORWP~l6BZI?c<{dHIkR9oxr`)BoTqlNeL%CLkBK#>9r1k?6^+XBHr3a zkaowaNABacqG^?{H;Pj`MD=w`4jcsgVq&(@XtxP{mMwoKhRasc4t>l1E5mYf=nk$S zKG5fB>4{-csZt`eRQm5P`8=2cko2rC?qB^0=o|sbdh(ECU%44VDnA0YbbLC+hWHZl zvES76@P)5y9c4K)R}O6foV9LO&TS0^IPm2@{8BZzib@{C7Xb;%_aXc&B-7lQs|$GWQ~reKZA*a|datZGzvk z2|szMRrwwWqQ7j~aBUul*6LF~`;cmFJK>_*{wcW?f##$p=FY4nWFxu4MXGfTXPj*x zlbOL-jXtQ`L+tKhk^hypRCBrqG8_58rzsE`LIA%ZWB@h(-&}$JLU|wIuY+sVKE*|Kay+9d!TR~Q57<8@qwgxA{>{qQCl&gZG03e$hm-wn+M$N@Q&-n} zEZ^^+w@1~ko=2BLfM|}V4pu?`pYQ`X9-=?`I_O?j8j%%e^Tzv+t$JS*1f}gE`^`|7 zAB?1I1amXSKj}Pa7YTDc({*PS6=8gBl8f!2)9Vi|N^85L$**QVa>RCiOhc`36td)Z ztmJT4W#%yqY~UK5D%&0a%CVgymW0u{U-uCZiri8d=>TmQS?Db_F9{1%Fu0~%p^u9Z zCHOT1wC;HjEfh$k1rBsCZUF?4R<-81N+AUGB$w*L`j0Qr1SP1VUmosHzV`h%(Mu?S z6!|9Y-q80-GTWXwxfJQ;xC6u$|E**_tT@u$d2DQ<&OhZ&K!5W6r9 z;}N76?B^VhavWwsAQq;-0%kNjern3(K(0KWRoA6w#n&4=Cr7_~;8A zf-Xk*K6^-IlAi%6@DrNSx5~DumVw>mMQs|IgI^(xp+o&qT`Dpc z4Dwr-7FZH-6|y-Cvjr+(WHnw2lF}#$iKXnBMy4WfO{JP8+~VlxbHc{blZeSJj3UuQ172bH z%XQ=W9v_=8MR|g&&)XdVV$_ z3KDc*TAu)cs)w~TqtV6{Y;zQCI8+jd{>pruBg{y1#rejtZ?tf`Esn}dmIJb&Ns;H) zOVbLIPRnj~7gTzrkrx`y$9;=**r#%yL}?_#xOLlG?yR>=2X8L{C<0Lyf*%kZ)oE;a z9sP)-Ymuj66Y8};wO+$E7Zl)hBK{&~XZl3GWCBb}y;*eUK9D&O$V=VJ;KzcBeya5g z=AI@|2&GM~HvE5zygMivBLmr`tS?y?&KWZbIJA@jxEO0onxdPTdePch&dWJJ?4c5} zaW1SS#lxD{zS8I!#Ndh@(G;dI%VeRZ%YA#M_BCl5hNchu1O|;&Y4+I&zgdNKfz&cB z`ftn1Q2Qj7luC!q#U5u0?idjIsXozY@DkKZB8^V=gJkQSM{Yg&$0o;;&jqoL>>qB&CIJFS^m#&Kr9~y){2^T0^){`T1p4}WZUlQw zvjaldBC1r~*xZb+7CE17i%@%IX_r6F* zJHH4AUlQGk4Z9gv)HB-gHFo`0S35fcUwF(Wup$lq)r6|@e9Go5jy)Fo%QDBAK#&$B zTgeJ^_a9&CyFzpGjic_qv$&Y=G%%ri_pT*C0XG3aFw#HEwzP%-7XU>!#&+L-I5(%P zrz{6ykBQ?kg<&Wr19b9Sa+-kXTH{L1-}?;fC@e)7f@M00@E5QoHX32ZVTz3`XhWYS zwDs+rCw89nDbj|r>pE-TI)16@FF{S8BP#Jc?&!~! z9cd``r1-{EmT94HW(W|YQ1DmR&hyu55SYJH}8ce%O+kVp%YSYO`6X{<5Mj9aaStOb|z0(PyU2nTYkF{y7BL4kj=l4hmHG% zbwfX=8}^i@H|#w&ZjeN?R$;A|4GBK96NCd|+-j-M@IN>aY^Uy({yHlrk?EMApiS2S zN~;H}q6x4@0_g>kuK6Mnqr)G`;M}ocku(VOJ~y;WY4?+*D(!I|4dnvHy$!apcFFm} z0-KtOjDl)Y$=vjnUiF;laz&Uk@pz|kKEvOcGg5TBSQF`a!@$7jub1vZ#@%dhi{c1P zX!_W5@>ZwZNmA0rt)tLm{_m`l?o*95tLhQ78PHSXGewj5U)QY*91L!{GoK0{B*kZc2<(cbAeZfs~|eS$IOh6-GtfEIaAXC%n+N& z!*r8-2I?`4a$=umE5JdcUb(mR2pVy$Fj4?ut@TbqzOV?9tI7P5TbiKtCOqs`>k zKcG&^oHnN&fk-s(QI9@%UOac=hZ7}|>$T_{lkzY0Adt5)9mnk%oVt+318hQwSy;K$myT zZV{G>ZLvrt=NB)AXI#AN)~`bG>RoP3hw}ro`mpGZ=`j;9J!p%(#Wpnt^SnW~S_9tC zm*j>bR8lJ#M_v|l-S`p;$Fi`R662dC#qEY_9x_GGfu%8KGsHL+7ODGUO_{(Mo~obq zcbR@{xBp$;E7b-LR4ZnQ#wd=A@!h#&Ft6E&8`YwRh)i%Ig!M8WETlD1@g*2Oh=%g9 zBQ8IH731WE__S|a>4mOCY+TWO-X4U`3 z6yhQiDD+3)!c*iS|Ay&i1t4|Gf{GQ50Y;QFAgdosjw+OAs`7fTrY(PLA;#|Om~eNv z>jaRn24sPzBW7Yhv5MAb20#ujknGJrSP(Wtg;+rV-Qw&Ig!V|>~dxgxS<4 z_f=Yr2hUaAIo)s7Q$^E{=!hH<mzbSFuc zsFS4PbBU)k3lhiAD$4(A?7})p{Mieb3M=`bfL#mr2t?2)tVP9)! zL4--eQrds?TZs5DEj+zT$3TMr1K(*7j4Zkq@SKgyreiQ_$CRu4Dj8+ zuV(-79dU|G-yV6ue%NfHHbv+=BH=%A4_~IPR`9mZ%=g9|NuP;aBl7b5NbO5t$;J9d z#cJPQv6y8_qnK|7Ue_xA95lXmuuOn4lTk5A4~gHFGrP$ChS(vkeCJkwLvVR>C-*6u z)X%wH8PQdPy5Nxy_OSx8v4l*43irN?-|Ng%H4fkI=U9GzXW&(4^#q7J6G?kt6|!@C zq5M&q-M>A$b7U)z?#|w|d#iSZv8GO2Qt^bM3aTF!sU5^$cxbN_C2h=&4`q#-Pzrp% z4dXk)YyK`(g|!XwW7-}I=%#2_a@%30M|<;cb(GybWg&L<%N8In%CGo99r~MGuP+-W zC4if@SHIAIp`B|;_OQMmr?H@fiO{jDr<+}Qb1BJ%5V_5`uE*6S77?C2XZZF&@qqIt zgj>DqOBPe4n;$xe;$y-dmY1IM0vjUUBXq)_4MDR`F@BOJO!oV7`S;#eHpy+rE^se3 zW&T4z4`0!!iDdJtb9*Lu;m5;#=nXNT*@aaagE!c%o0$|ftbGp}kBiZpsg$`7jHe=7 zk)d}pXc>xr#tW)~u@5RNbi(?pw)Tq6;O`#~RdqS*T?3x~?ELxe46X-4Q^@$0^*Om{$$*7uCD^WS^l8)UfUr0Ut%(zGKgX|VjQ-)RsUNy zeD?mjqw;xnog;|Edm-?q^5%Q0#U$Yj{r%D^AomOoOz|Sr=BM_qM3G1@57m#V)JK^S zcFgKWT$Mm(^Sb;`8&BXnq7+NfQd{$#%Z<_+D5;2mZLmEqxR)N%CWNA0fui0%Z|^pQn=5 zk%>|g_pIofy zcYZcRpU|BNUdlYQ!98+!id6SJ5oD2kA z_ouLnod>ejM1Fa3lT*1;^~Hc|dU7mqh?GGr|1&PbwTd;sTt8lyU5NO$4O1dV8z zBax)R==I|Y5N!8U2N+U=`I7QX3K%>O-%F13`T}oY#JIi*uL}6@JpT#sc-$E*r6kfibnSD305pk*0C+O>uk`{CW0=8b@Q%_R$-wtg_ZjfEakIel z`|Pi^xBtzzhqo35TH8j`*5H6miv94ou0LbS4~^6T8o5%msXpRJ!dTco^bXKM4A_wY zp6@!{qigxlyAN-D{;%^;#{Ts`@Hj|ljs3&G4Zwg#S}Lccg#sN<5c4Jy8uuF;Kv<~o zPZ$T;+M7;ITOb*BLDT5}-h<^a@XHF1jP~XMVeE4|D-kXX(f|sv-^l{4>~Rlfh}nR7 z23`N%N3nZDCcQU>uw(L@cjCZ&dx+^LX!6ik#kzbt4bH#?KwX+mtAt(8wmd|$SoigV zBFv;sX>-E2?{$&NNu*(~vhHW$@>x_94JqT;MFzDhqS>NSUk9@2jee&+E59FU9vZzzVzH}PhS97 zSH1vviU*?%b=ehQ%mzaR)GC2N;7a5h25A!o943D4%^$Job)9zLa1v0*EfjTOPFpkkX}Be0ai5b@3^?80cc*yTeM5Lw;X%rr@e<7~r(= zzu|op)CPQ!`9WlDv{2c4LX>9N75&cW6?(^X-WTaCg{g~&! z$i@!{lwL@+%!+>y52&@tDlmwp zP)wZuNMQXiKyg4aaI+tuu>sv>qr0t5NZ*Ev=$yM3FWI$X)f2Flv1#}>1w;MAPzv>d zg)l<@ttk*tv%o?hAmr~Nwhb~)DdxDPO>Eq+XWpK&AOOro{^$6k5Yz^k7BB;cNrKtr zez?4K-0vVS<)oDWa50`oNL$-bsp9R2fog-Aqo3c#DE`+XRFJV&$%}b!4FG>xNeg*s zhU|aQUx|xKD3ejW;wDfk9a;1)h3~(<|F^4fHXQ^4zz&TE4;0wzG#2^C9Rj+s;R)1y z8GJ&V;Ek&dl+EGdbQ%D7F;=beUtsyS0fLvTMVyP&B&`pN-2H!x+#n@Jw{jY+wRBpX zlHWdq&yLMb>OpEvOZrE|WAof-el|N79iMw((KZ97ih7H;2OthF`KIvRWXUKREf zU<Ca6#t{2$gM_#IQ@=Q78qEMel=b zqhbn2^y_JWyH}?t(d~6N0m#k(?ih)HwGQW^1q}3XQ?gijknSwhuXoy+1B5n}0176< zY@=Jsh>Fm&ih=qM>p%I%_345C6x{#;TVe5=vQW4B+YO-5=QN`HqEACrgz>>92=H$= z%yM4}*A@Z(YS9N)g&6jDvEp;anF~^VxqH1@`)7a}idB4zM)mw1;5Ni~TLr+s3~Odx zr<2Chouwk`q2DqO?a^xieZgOoZh%gP+&B3PJm0%NQbfsC)Xb-4_pKMeEKUZLL%Cg_ zx|*DMoX@&(%Dbp1l%FjG5jBK|DRMTCiX?KoU9P6|OOqRrQW+Vem)PPp0y3H@1$OP} z4t^(6G(aoN6Cn}3Kt=memGgX4@`{=Rm)+RX3orgC6UWL9-W z`)t(eyO*13>jC6YSAbPE0U&!act4fgjd)rTH(6=f4~zomgYLvR3}#=yN(Kmhy5#{b zA;X^~f_ep^>RLuV)xrRu@CZ1}2$}*qhl)A?bdvt;WEJ>giY%=M{OV+L8F6)UdAtfN z@*e@wt^x4Z7jy3Pu0|cvs_h|c3Lr%UeXBU7^*ta8sf}cI0Zy6VfdvUGQ4Yp$FMqs{ zuI8D03sFD_+_(VND)Qf?FYwS%%XP^}(AmjafX>bY0iIDGNm_GdV_jiafO0AOkk@C1 zx6$Rijtk<?J@%^VtKL zjCmciA9(YX2Pw=4_*^`b9Bc5}gC$6cFEFQ^fR2tB5Cvp2C->5T86;iOe5UL6`)#ZU z6Bf0jKeg9RIR~0JM&K?@ve_T9tqI%8-!ry3Mxpo=u!jvf0{{>`2Tq4Cf{5b%FW&D0 zTD$8UbbuJp$SN)5EikbKTL<~_;V$j%tz-I{F z03(B2tT4jw4BQt(I3j{r0G(Ei3@Zt5u1Xx0tK$Sl#hHB%GKS<1SqgkB5}r_7J9!}x zL>Ckeh!`3aIe0$!U<9)eR~`UXO_dpdA<}S-o!)q9j#OBKCZ-%C-6kNTA9nWiR|)7< z7gpVf=&l&g$VJD497v~6OsY&11>kkYZilOIC*o{&IZV|$Z~_>(auO3`WtBQH z`u%am`-^KpdU&SUxDJ3|7p z{Sk+5fSh!ZlX6n_l7sMfz!J#b+myZ}Y=I=8lN>Z&HP4B#?-B!y$=rf*-o{zc#AmT; ze66eT=UfimSmd9!)j*cZL}+R^^5RN*0kLiKLZ;mbu&ODSC%(aMN82Qvas|Zxa_qX? zKCNg2betwY@-+tkt=rrSvAc`hPC7kqdlx{=b=o>VGs5_XdzW7s(S8>E=J}3DaGj|) z48n53R>NdYqE-PM;RTJx!|~zr6JE(146d@mM?`)yuMR~Q4OYoZ@Tleiy8f*oawk+( z<}~c8{R|MAbbgy@)ol_+vv$>28ye2kjj^u{n_vvD89I;(7$$=ULj@aTOAt z&{0u)$}a@oxOgSDIr%-swxW+o{sm|WTg?-QGV`Ub@D3$r9z=U=@YgS81L#YgvNZ3} za+akC>i_Agz7OUdFEyI~VtCLV41Yz3hHCnI-UD#1naO3fR7m>t%mS0AsK}skOe8YZ z02?OH4STBVc1r#+k07J4y9%r!=fdcJlzdcF!odGuW7&tv`T^JE_9(8;u z3NkwmL+;rtQeee!5nS|l#D%=bO4!U%Bo;v`{Gax@E|FxisP z1pmmnuX;QjThPe~i2;JE3|ed{uA%D*CK|QVlwcc+nj|0hhaAQ)qB`^1-%?z6)>%`T)aB zi12UcuS!27QR}q)s+zrLE9A7&Tjz`Gip|D_{&wyWz#GcZfTAppBlGlc1#OEq8v_m_ z#P9(Z36s3#7pdi#{1dPu1B8=zbdnrKqfFYTF8?Z?u}hj|+V+KMvKh#-iCtGI#rXx+ z>5-vHEtBJ-NSNxZV<$m*FLt3cqRv=>X*}?euM%CvvEm$&$pqKO1Dh@mNo*nREDys^ zEa9G|fjAvt(?NF=+vhQzu-YHd`(@|#VoYFKHCL$v>C-T`N6Y@@F+|5aONet`wD|Hb zi6|1N*}r7*+c9FIo<)QwnEmPRv;huqIcmj<0wHZt*=s*P^%?cP-knM=n0?zF6%W|% z4EhLvA_!S|;8zy=97IMCBZ9tq9=u;!4&0b{_r2J(^0i#QOZbdNRwl`OI; z3<79N54Krh~Zc+CtSXz&`>Owv~8Ujg0Xw&DJtgFN|@+mXN3X??!v2yFsuE3&$Ed zDoK>r6H9mt9{~3O0o0$BhyBK$AXqGg`3?0VmX75a-C+bm^FAnVSS1*?OV~+rO^*q( zxyZ%c{!DaC4HsBKONa3uXmpbVhKoY-JP6e&$uj7Pp-Tw+l1RW`Ifnp2$<@VtfVI=@ z-cA^0<2baGPbTvPXVC~@h{1I#J|NHBWd!o?i{eA_U07%~jt;uhah=tvXpmEQU7)oF zO^g^-+i6l25<%sYq%|AXH%O<_M%;m}j8oMKUB z1LKaynDSpQbACsZ;~otcg+M74TElsPbPbrGH#;4;e8)a3X08u!)64c|O5b_)ddoAI zekhB@#N_L5P7@yc_K?9AfBzev>s4}#!pn=}7g^}#4{m5QLkmH;@oQ3B`3fwlZvt1x zv2y&MaE)x{%QzAYnp#i}W7gwwa9JEa!%!vvCaDfah08k6BJSBOzJWEowdL3SK|I?E zTey-TzK6mHZzM9fig9YNXM&tDj?FP3t^$vEaH&%Sp#R7&fum-^K&CQrq$0QePYn^z zdpYRLMF)Jhbjpm3OX68GpRIfRdZW>XsRyHm7=!3<)3eV@kPNtDW9Y9^N^lOQC8*k< zbzi%B9=%63QNM;^hNoRz-XSpQVp%$rh1@O5xTF+Ult)@m_60wD-wpP*W-|h*j@>~J zuZ_Pc2ihn&cT=?c@ACmBk-ur_4cnZ6l>2~es)^QNQ3t9TS~*iP*H6{g7_8y=XM8We z>NH|p66pyA{*hV$ME6BL2IiicXifDu1GAu;7s>F=KsfPzbTq|N;hO|b zZpi2ei&`LEaI=<&1GpIy@hwnYI(j}E-d$^N2Ihm34rU_+!%nfl+xgv>{Fc9#t|`k2 zY}}CZoXvX=)%qblmq^c0ZA^7)dDV*5CRle2~Gd>o*(lQQ9^s2!zbJ9P>&xaFK<*I} zBq%zEO+4)I>6DQ%LJn^b#;B0{JWkf&L=Gd++pgCi7maZaB!$3Ri6A9}aSCHqU>-7t z;G%X!aaC>z2Tl5IEnRu-H;)(V0BeUANHz}AOWyG#Hc7lH333TW4JJ~<8GC01#mZWj z5WKl=BT~}T-&87)QP50c;l|xgY1K|iB9*I9RpL`e3uo+D-EUbPTr;J^mM8U1qy54! z;|-MyCyetXR!xH7)@7&q?qGsf+}bti587g#MF<(9QhjdFPz%SU*uZuR!QyMQM}OM! zIux&ntc~D;b+LZGjK8y>^6Zd?GW*8tR%aiQHIPh7AV8@SqcHup5I*4(=o1MI;^IJ| ztn6EqpqIz+&3n9fq$B?q?bUrIMR^#$ELf!GLFeIrQeIGAa;`v*E)ZNAO z&0qm>@Re%~U!EU4ds z-H)%t$kfl94WDYO=Nxnd?>L~ag*ThT6FU-ll^%(9(DCVFSiq^>=`L^OExcvJ6Ws5D zwF$S05(VMOh|kO0OsZbLx;8 z|0kPEtEYX~fyFRP32`CF>$nfIU_`9wO7QyO`?Yff^%UM_i01L46iS>YI!^FHXgG22 z$A25>iznS;rb96$g|Ne=jCJp1=zPiEJ3JCxcWLE0#;O>%w(c%^1{cu2x9TJ zaQ;8O!)a}(evnK8Dk#P!XFOXkDO%{Ym6(k#@*v16u_PE}@xDAK0+2z~gpHA3#uG8F z8p{dE_d^&TJ;$+^P(zddTD%b84{i7{MM(DTx^lBBGgYq(T{JpdyrDfyRN_;4p?&Q4 zLGw2$u1k2oPQn)ZYyt0=)b|)X7$5IKR{Nw54h+;U4tREof+;)57!?lQW2nFPjfhiM zQ}Sz1@%Ein(9$>=y=%B83&a$nKPdnHbqf5Y6YEf8I2tsVM>3?v1WTZ>G46AZc$boJ z30!&mL{vv)DRM7f!lXtePyBHpc28lx+CEjb%tx)8d$$W9( z?o`DEelgsjvn;1L&KZM6jdPBw3D3iD0x0+0mYsjIPiTWvEsLpxg@*#n%|O$b;&+lRoVk3>cO`KYPq3`VaCj4xIBOJ zo|H9$A9W}%=H@hNfxjShe+|gugFmk)adqP5_$NW_<(@5}t1hBr1u#bk%uD%d8yETo znen7=WovW{0v>*k2mOBsn2>$^eS>IbE1pm+d-snL%RL1;I~U~lmr8mo43NNvF--#A<|EOWH!V)-;U01$>1potT_ud=X3 zn>>`pZ&5Hnn9T1(#z9&JgB|k+%Ehq-G%JW2md#~K_@g0W*ArAr7!@|d6i#7uhXy&n z1{NC85XHxq+#wtULp(|s6O2Utw>D0e22u@Gj^kYB()vK3w2Sg~TvFkQnV_~a=5$Z0 zj{ObkVLQenSYVPQ?k*FoZ~wr{8E+&ir4dSZUR}T zmLI>jLo%SY9bFQWFkadkZ0m7A{?yOE9d7O+;2?mENUIvF{wVx|Kr4^yz9(@Lc)nS^ zpgtpi9)5yX1dbeiY$22-JN4;|fEXop%!Sk#bV@B!NISGK4SJ6=cZmDRNz64m>?xQ- z;eAc6XxWM&U9IswC<3T9aKe2V&i%)-Mcdv)LCh4~G`mlwl?6=QRRH zHi85X$I|cwVJ@T#)DpbV={b%kwc5a8;8a62b}%D}BGC~gvZ>zwsJ;F#iH%(g{i_-I z9XM(@41CLgl-1;8^Gx5@UiG|3n35Rqt0ioIWH-N7PD&ycZ=40OFrsOld;E!)0!pGf zkhUF8R{p%yxTUv1?ez_YoPlYmSRGaNyrKGroY<=Fuu2ek(snn!`a27nQc@hIC6J01 z0ZNqrQqju~wVyhiBGmu#>J)GwgO1rg_*FKYrH{!*TMriuEChWznS5vsm{23jt4UV* zaZ|HS-P{#+Gc5qrDvrc1vky{cjnI3MWaU%unHip-U#%Z84NRFI{<D07&y3Vq9IDWV`^w9Y=33bJfAgjwpNc7%0wJ7~gFNB*X;&QkU^b2fKkGO{>0 z*OiyedbY5Rh`4`}F)DtEUqSB2vATh*V@gHBSZwCYCzZVU;mpT7a38)QK^H8J?hnXi z#-Rp9Cj-Z@?u1dbVK1emB+`1}#zCNrL^0Zs_~D_=i%J---8flSG=t)YgeA+~1ZPL< z!DcGap&6BJkDY#npJ9KlV0*BAA%O{#1O!?wWZ>51uR8L>aRP&%@marM)}YVes9Qi| zW_gJv)&I1#X-Q5P3*SkbTJOn+SCG>WWN7QAjxA{Gs%6#edd@J!uz@?_6OvR@Ft<+t z##?%ovUO_o8vZeZk}45+Im7|G2(Ew}PwC1g_VAtH^IXF)d$F?P_QOQHwUCSN|?DGsb$*=Fd39pfrmY=9o zsftN31ZGrT@9Lxvlfu!j&tsVxQjkm}hGbv+Tiet=4+2|}KH94t)j`)X+v>hc3U81A zc~B+Y#Ve-)OoliL?*WiWzsx}G=L<2Z4uPVm`S+h`)&m{)dV#$4N>={5BUgH#goEvM z?>=OXx>t5+UGhZ0G4>cQ5NrI4I> z3sgU{G^rghM+UhB#-kk6OUv(S7znZfkA)e6sX{E~id|MX`?ps3bJsZ!OXjJUil|X- z$@jx=VAOzn!+0S%VTuH@O@G+U&5D0zsMaO1_kS2vdBI2V67erWV|up!x(x?Z?E zYg>Q59*|N=99B_zn!o{$Iiv zX+%%*^PZNEWuI1ASX@D6GD`4SgTjGlJ#>ztxZbNx5u~_BW z6`IA}u^+L`d7E4OV7s!Sb*-xBK?crW!WAWrBHMrlo?r<{Re)QK`#gxL149YGI@C*j zAKcF#oYM@`a9x)@55k0D)QVfG#sye1ri#Pc2l4~q3lw?%3t?4>EFk9kV|Jtfr=0P~FQyc%bEPhj@0oiq zDMrcrG7)3Dn(UfY1fApYxA8~G!yoTcb>rWE$;Ou5LZ@>i>GNVNDzu8Mfw=l(!Qo8Q*4BKLGlT)9;fD*V(_-G(=qNd3*rP8pDQc@nt zEcLf(xI7_6e_C1!c2WonbPF{gBuQfIQ(q9i^%XipNURW@y-Jrw=;Mw~oK6rGHW&?Ko;k8+1rZ+~X-}C{mKnoot0j4GV|0q!mP-CG7`(G(kx$ z7cdhav6LS#O;7^l8I=E)@}{BXSh%K58X~ztbTGXP8Nztk;78#lUyqDmOled4NkaZ` zct>b7zfO9Kz9S`69*c`&@wYvBp2S1EN~#LHEukiffrl3MdxM_gV{uc^Evjrck!Y0h ztBxq_;0Y5V1o!QawUbl=D$NovVSiuyn>omENH1ERgv`~0}JHH)aXS5taOSHd* z?Fdmci^m+AzY3Gc>q}V3cFQ2F7??OeF<~q({QuyKg{qM#VMtUDe&-D z$O1@yON#4NQk0aFT%Z3Rt`7tImz;&fC($~RaFi~(BI0^ND3Dtts=pHpemsme>97Bs zB=!~Thcq5f0!TL)+cd_eAQtV=Y%Dp|1skM>F|4bNG3dj7V)+}lE5KLglzbRN2i@(e z-zD$kWr!R;oPq6Bt~8pMvBl_eT->P*C0$bdb<(0AwgE;$w&+SEvBj|BvMM~(Ta8M; zZo8JGbySmK_o-<2leY69Bu2S{0#kr zf3Kp6?uX?UOozt$&Rc@x&}X&`C4KoryTSGi>C=0GyC-In=&c$sDpG*P4R;1OKpgO% zwLIU=C3{~P$018!@=z?bH;AW&N`f}~tqwP5TxU;STtLv0t=J3g)m{cL`Yd0vQI{)% zUcd$}_zMdWa*wTqr}xooqL1FTW@4Mn6~kQ*rVFmhc9rRf&P}K~gJ%SfA3rNtY@;5Y>SDbX>79k!gqmpinV_N#}rK8$L z$kfw5@r7)Z%VkWuTRde2VGlb&$Uu~j3E33tu#VOviH!glF#ya(h?jGqm`I6Tat=c6 zG6nu?#PwPYx&0o*2Jf;W zhY{WQ3{&ux0cpL{?_6qV9!yx-IvxmeWW+q{;mG=>Xn60BQiUzmmD%e;i$ge0OPFzp zxD%ZX+=@=E68QX^I5`ZM8mcXs4DlwpuM#Cb!zVfXe_(Po+#TRWuarm=5yaMhc@{(b zuJ@*Av`&gY2`i`JM;H0X;In0PwdF__D!+9@B-u%F1MgNLoOes0#g7Xd;4kAo;&+26 zm*&Mp(vGQ&r42DJ6S@AsSb%6WsO`a9pk;iSQP{*+T*3&lA=PM$Kdw7nf^nZ|5NI$s z$XGZioM_Gs81(oE7#zok00?PJpC77qS6Qfm z)0r;618$ha)!ZXaWH3C}S{68tt{AAL#RBlE;m;|Z=N!5faG59?&J=#3@zV}+Mpb+o zCd)A)wVG+qZR))ozFAQ3GmHv}B(6llMgNVXMf0!mIwr#*+VH-x%o7~!7iMV`4(e4M za2$q!Sav$atw0QJy*}CG6C6>0Yz*~A$h2?@g(Tu-UThL_LDKE96o^3dDlbZW5Al*^ zk@3iJuYSFO z%l^mWO|}cq%I0-Q65O@NbS92AsFmmY?=udkkAqJ^?r%2)ie=@F9c+q-axUQ@x4EO6t?gt`ayJSRX;s zEkUZHWC(nSfUUz(Lk%ezRxW22ZS~lvlOyiReg6lSTA+xPjiyfnmHq_BTgF2=CMS2l zV_K6BxJXrahKJEn3~*c4qlV?{3As%17J3bMsMo7AZqBX>*5}y}c`TJoe^K1`S{($O zE`v;hzKpfp>qRAxWL9@mp$Yhl>qHWZIw~L_@^JZ!0zbftbg%QYXvBR! zx>heR5@^ydga-4KNoT=$9jM`fuefb!qWsHTgFLM{8Mr35HI2phHnaUyaCZI8BrzZ?8`j8{; z+@3lQe%%&Z9&JP?8tMq=UC0%Vz4JGB+_t$ksOL=46ATSJrQRC)0r&ep>EyNf`7Q1*wu`(rGaQ%0QoDXmzT%8v3k+W%T#pNCZ+wx68OTdrki2U$LiGsP$m zL_F4lpvO^K_;#u|GY59;aCSXStsy&~arawa&iqM|T1^!9$C$1?Y0`XG@A<9yw#HQ7 z(ozN6#2eLo&fQeX@GA|VH%h^?7ks|*LhXD%9YBn~ev!<+4SRuG$Ok$uICd|{zPdRi z9TUaCV6>vz>zRw7X(_hsWC+Ca8Et?bsjUZgdBw~d`jG#@^t0`0%yz?Kq_~z{Z1)O0 zB(mn%yom86dUTzNZ9giF<3-N66?W&sSX|0*7u0&Zht@xwL9UVDi@DFOmVit8p^6a6 z*pulOaMOH~txd#cUz4ijz9hY*h0`bzh#oCQcq1-XdjJ|v}BZq6M4gKXkIprbo6dqaC{ zs=AO2lg0!#QaJ#aIPcXnhg+3LXhr76#aP=^&c)JfTfe^wR>k&}Z2tTzstp*Ey91Bn zzK`2)xi^fl9o7`}wl3JI?b!=O00>Pp6d<)lfig?0^A)@7Pby9N#B;vX4wcs#A&Ycd zh3APXKUB0EuEDLAZk(>JPdCvv%%;AMSCr%dPFnV|>|}Y@w`TcFHHLqs4}kUbTA%E` zvY-6cG@s8e2&<-S&Dp_K&Qwic{KCg9Ot?nZ!sPk%QUy;EEt7V_*|bQgI6nX>XTW(n zBVuhxtTp{*GFW_F@bAwifi+HZEDxrg^sTv67I{A88>1R%n@K7)DGsWtMG74pM~`ot zY;1~CggTao^JP$|!IzhA7#)KikUIhD&F;V;;?}z>8#feKWBTRo$>4X$Q~=1NCl?hR z^Ck631_2@K-@v#<2kI`_Rxp#TmJ%sqy^N7_J*KQCB;?%on!5T}tKr)IlnSj-637D* z%h{h_Fb@~RWX{H8nCZOV{GRx=ucM!c^SI_yYZAdqYK6l$FH0oDUxcoY8n)w0Doe+* z;^$axV4a0OA_K(Gqc%V26{$#3?EN`CD1%Y0*51JF+e>M`wFB`1#RZTI5;J2`lHu(G zS9KkFz!N5-PA;SkeN~qdgevetdN5(Z%o^|(d-Xz2)LN%q4hL&`$QOxYOHdrb(%BVG zGRp(Pqu%L}KeO$L6#uM}_1nakx}!%x5Ki$jHxON_FtO6%B}#0LSHx)*%WA-Cs&;R4iS#c2{QeeL%sB_&DXnOZ+P^ zd|CeuA1NC30k%MxGd&szFHTp5h&c_lZ@o>Z*XMk1mL{CB8gb8Tju;sZ%748*IEod% z)`WrJ#F~YwfF4m_^zb*_(8i;oE;f-)wdZ6i#DOuXKld&Mz_C3~HlPoJZ(dA=YPyi! zQ4&sA;O9?VCV@gbF}vOZIuD3Ja>9|k%)D1>oG?TX-X>Kb?vS`3*`V?X;2&&!aXVv~ z?K4ve_UH^FA}3st3NBABBO|<^hoSLLpbp8+m!odWZlGgbfe98tzu*1+);Ff-uxl@y zz_pb#4QBxuVumxGZM6qU_AK<@+9uHdX)Bl+Z0w; z7p>RMV#!D=SblRPUlpu|bOEudIjJa+2B&YJ4}mRi}Ek>yZpDdKWzJ$8K9ABy(V0gw#}Q*`k@p z<6wlSE!khdgN+6;SHOa^6uV*j=W_r7trUbFSbycwTBKkR`7G;4rh;V1n%64;@k)!~OM8UeSsCvW%z z@dGLz=rF_xsy-#OBK8Jejl91%Uu-iV8fVHb`@lX(srJ2;7a44YE$NRy$NQyo9Uuq2 zLMdc=-m(Ab*3yj~@j}fXK>7(hSMTVs$B=FHy`^4cf}wDiXq9FuWsA;Ab3m3s_DBKt z1(^eJO;^C;@RY1!drvR#Sv-dfZ$LF`6#;UfAsir#*CWujxyd*UchqY@4D1(Y^n!(? zj1S27QxYgx-%kpc3@s*PH}99)Sc$>*Ri7ZOn688_mHR%xmF9@(fO#PGXS{xK_tcSc zD!0D9#dDWA)uMj`S8(R`d2)x~9h-^ ziDSL~+Tg~dpdMZDmplX|IGdE&0J4|wu$e{-$Em!yQ6B6ura_O#L2$Fee>G_!VnEU+ zZp>pQz)=-M6=#Kfd_!>9#(od*8kW_6RF!?ceejcfR!}BqfEO6x!h*o8QIu%||As0Pb;$;j z)M93H+#FO^qOs27iLFl?Q6<0Ss+t*_IVJ`Z#z?w?Jli8q>3vPOn@rP`{FWE9Blz`b zLdBo|3#VuQKjHKrPh*AnVTUSv17kSOHutNaOe5&GV|o0dGy%R_@3C1S=IbWVn(lBo z59@Fyx9~Tc71XKpOtw|e*-%m&t>lr`B{?K-{T;F<)*4=ES0Bx<@H6_k z`FtK_YTFNh>x0tA0WiQGm@B<{4}?jRDR+kBc|Mz!)w}cl0Z2H=B zzX2r=Ku&t36#99nR_F6?xXOI*0;((WUe;e?WcW5CZaAb#D8{BNUEgi7M0@G8TjC0 zeZ{@WkNx~C*5R}QmOjjRwZ_^#*K}&989zKuOO;I6IG?B*t+yTW81*MsX>6Q?kEi_n zxLAVbNuRk=tTuU@;9>~-&`N)qB{z_|#yt9T*^@E&01i`wFo=Sc=uN=SgC|dhE9jTMYdvw~Vy}l&L2>r4b3&vMo>3?cZ=OzLBKd zZ@H2zYyo7n7dFDn*9S8B3`#^#9hqsbqHo#NHx6c8^J$>tVkb%TNaeH1H-5!`xO|P+L+ne$+ct>d$0H8 zzR%D2QeUpUX8z=xd7kJjw(q?8!al*a!aAg`_G?g8%k5B)(?Ig>%D}deeEQmYh^QD? zE#X;@!|vRLQm$5U>}AEpeSQaMzF zv+LA}W1elX(M5T@CKRp7()aAltT3pijJe46l9u&Y3=qkPOq_VJy9!4&FNlJ3~zYw)MNNN7oLKt2OJgeXTZc`cEyhSKxTC({+K$ zmDqW*zM|4rQuvPxlOV}kuV0@7)O{0`S8sAKozDQ#q~i1I|IXn=Ii6SMz+j zt~KRng9%}V_XXPJg)*usK8fypc`NE9jI04eZ2z}bsQp_j>R1vk_YgTp-I1z7OJvEe zXcUc?9o&?sQ#dTR3NYzR0vQMl~Al2((X8uzxrC%2W6b zN&RNuxxTiO(P<+*|L1#xbirfmycopWXpwVyE9bBMEjS{=A>_dI1^Vet^8c8O;sXz) zX`Dpqc%|OMPwQ9;rRy@?DwYIq`tc7c=2L#|@!1GG7hM<|sOUk(>Ib5E+aiz7%PT@} zy}jd*oUTbRt-8^$A=}7kYIbs5noXO;>33>R-RPHWzfZeek9eloaSe~QIi23m`m7$} z82v0N6-|kqqh=)FtXJ6EcCT-=xZ6o}T2FrVrN2|PU%8mF2i`XNH75(*512Ivx_r6i@qU8M9jYo;zGSW1#b$05C zTA)UPWHSG3F$Uw@&nv>V{IsV06xZYy7I@S}GaG4q(|O{sau;K_(h|SlZ4iWFEn+^U zD6cJesMw>D!2QohnP(}0|I^L_L&Yu7>~(Hw;$IO=GhN7rx--WT8!oA`E6xaaR- zH=gRxJe;?g6MHV!8qBs7c%-MX$J1^uzS(l}`99Ukr(3kF#e>SiU)bYau}Zns)QLxT zX#dNWcs~%ni9bdWGt#x5rr|e~YQ^(WYxbk9;n0Wv%wf)A`u^r-c{l-*qdPU@6suXJ zFFogHSLeKc?+up7wNcokJPOsE^h}??e{LfJ@&BccrI@WX|K8dluM=W8m93^_4`}*$ z->k8)wr+lPnvl;|%$H#fjYv3`XKTqAv+L#&;0yZQev=ib*@Vx&G8s``UCE72$nl|zqrvojQv{%u<|UrQ5!ZGO zH1;AdKbW82+SFrrr*n!vi}cNU`uM2>bO$tcGqpDm>jPC`GyLR7udrwBSI*l~;>j2fUtO89WT;$<&*|bs{RmC-YAtIv(`Z%#pbG&& zUM7A1+np}`A9kmrCyWXpoD@2@&%#_+w-cUN-)`-Xm^s)EE`*Hgdb?ZiOX4FN&YY&# z2|X_CWw*ZXme=Y<<_ra_`rWcF8+k~?I80~)QLbQn{>%?m5F^vMJZrFJ>*!|u?z;5X zo$I$9p97Pl%{uNF_Bnp5Bw@dKJC38H%j@OUugszK&$LR#8nZ}HHRh<+#|n9yw*55XG?Oss858Geo(9ov(b!ZE@`@w!Yc!*woENLCaIMQP1;dWoZ-JeUUyZ zBA#bElf})g-te1!Yi1Bb{7JFx5lz?Ey*Zg{m*}JtuSK_J%;+TaSYcNYwZPrZ8!8it zh&Q)yQiQxTcz5@5^kjxiYkEb4~1YEM86;X$gw3H2f2pj}uuTPr7Ta+VS@E%y6jptuq8B|J0Y)2+EB zy+x{D#$mDZ%Viep*;`kEoI{V{qd&6-F(Q!@vZ9lNUw+TLFb!1vGW0CKN3CKpbT!ZG z_{wQKZhSWCNT?I5U&C#V1${1^Epg75hd=1H)6J;A+LC5F7!7H;*p!{8IHK`3o|x>< z{PB_d<=Z~fTAuObS`i3yhL0h;&-bZ4uX;Y(yvbK#G72v>0;?ZY-B*zn&w9qB8mYK$ zT8Ly*LA~fSnO*6&r8xvm_a`U=OGUFb##qWY0!|=3bpn2WGF1MW&PLphTlk zi5@K0*?4d{2*PpTEbJ&Hr&?$6Z(!*~rWR%UjNMd`NJLg@6RLT*0_pbdKoQl;VAdGvV{4O!E;Mx2+ zQ|8jW`)BHw&wlO>#=365hHTMiZLPy_^P*e?&NWTSxg)puW()5x`s{0q^f&~kGo{;a zU)M}c*&TYRk9?FKV6D%!!>e^{o}Z8(&h@zcBzJXlTRVH}YyDxn*-7_!%wCqQ*^~CpoItToBrs><$w=8%Ub!$!1?SoMavQlE2>|zxF$eb@obR z{U()^9j4b{^G5jIVq74&hHPNpdj1+*Yl7zT>vGSgzQ9KH+;WVqTHw&Qb|MQFg!+ z&^6&GUD5Y`>u=F+LB@#y%V_83MwMHoLV8bg_N2`f2|HZyPWLL^R=Xr)+vb4sUi2#L z0^nN}XtQ!`soheZp5y}i)EAB^xUO!blxuvxSk|7!-g2^Y;#h$t^AhJ>bNz~tiBHUt z!&nlp^|YGnlpT@I>HS^l`FEP^OXsiCJ8iY^ky1RfXVr4@$d6_J35fvWAPEnddz_sF z##DJtyA&pW6xiO;GLe&w+smSOq#ot}!`@#;MHTho|FFU!LkKf8A}~Xjq)PW74T4BW zH!9NIF~A^5iy);qfG8k{BHb+=f^*R_KyMp(*IHt z0CeOU!9rFBsuvLb=aoq<8)*O%6BUrkSGD0QV+UbBUcNr}qW5*@5yUIL<9g!;Wn%$t zk3Wy*#1s}7wC#?EoH%6Y2(td?j0OJ`zx?lN0?zn9FFF(dQ!^X}USzYBwrc$HS5LC~ zQ+w$4--m3Y%=HO)fKnqw-@xs8rSjLvgswZ{lZOwq5)9792LJnggt*tM(ml(NmnOHJYb5b<)-}rM2~`!!B^9ARII;~@3~g( zzvVME0VJHqT=L(HDh4v1m+rLEz5Bud;y~N+AT+`+{}jZl%Xt)ag&i8w-40g!PjO*L zJ&EN%n#}+G6+~J|1^Oj&*Kh;xm7I4Lt%as_wML-b9uPjx@72HsuUnwkLA!s6FX+to z{_C?=m}AlMTF|!V?sLGXQ%SekoTzZ=elXHr+AGBkIvDb+K?kGD{2O7hoy5-XPP1}~ z{9kno-*>)vVnXe;zd30LQ|%i39~XeZXZfSH`8EI(bY6#p+Gcv&bdJ+}YveVqY{#QE zLV%8OnN%s^VbZgmHpU$5-^t$r_n`e6rf|&{IbgOpr~#0MoZYh$%eGF(x(l|YjH9~J z=7B$>6uMyE)F}Za`Cr9SW@6`C?!4l~tEcV&7oY-+Zq}gFTV3@cr!dL6)Aw+HQ1jjY zFbhA-wZ_WWeCnXn%9F$$3|@;?|3;s0y*=?xa79J!3Y`lbBl&I6SVkvON-@Dw$WL}n6jVm&LL z@q+9azzy276{7C;cP-*DU<5Hv*-OS@2cR+f|F-T6Zfr)=3f(OkbNPMm_kKlw0FB&D z)9S6-GovJd427(x+I4~87g_=Nlubo0+HJ2}SQW_PuhojNgUKC#x*^RVoO`pCGvqQm zinsIG&9`>bK&E+}1YTC+00(+d{n_=bo?0n${1}-4U>04G;WNZ67M}n(VHfoOR{j;q zM#f6)VyZ#o@BmhsykfhN$Qn!omr3`L4pQlJ1UT8E>lAGlP{ZlGh7{bsbKfbZ@!&c_ z?kl%``BfOTNgOaK4!{Q)Bz@XJ^EO-H)y1!uq=DlA1c0?{i*f1X%u{-tRDHVo)#d8q zsH#jB$_~&D5ez<`jRG$YzJq3Y3h%ptX~K?~JjRteph=k5bHX{o543S#qX#;{IP$(T za*0d_0D|3r?@TN0i18BSencDsb5HNZCcwPJTu8VrKmP07MsK~p-0uQv`r;BWccaka z=YzR#m;+_|lkDrfH-U`LE$Msc=8qQ$?Eq7M~*v`q)szS%Aqw=&NSrW(>;kS zJMyc~L}&c+YF8JH?$?GR;yd>_4uww*sytprh~vQh%6qOvS1V+z?S3O8?lN7=l-cf3 z!)Bh|^10XCM*FwccVf+(!bKSy^qQEsyDrHELVj$4n`dc&QT&53b+i)zeK-YZ z?5t^G86}9Mo4*x%?k#p(#uKkHk3n0Z`({_7#I$KOfE^4PIkH5YHPd_!R{x#Wqi+Nr z5nVi~vz40#sDLCu$7y^+etyu-9P9Q@adtL}tjK#N7=IyJsK+V$VP`Mks%$p@Io_G4 z&or*`a4$WWXj-@tpnL`JDSj2lb5Yg+WpZy|@$-(Fskf9Rm3g->T8h!NOJFm=k0A}f z7ykV9n<#hw7@tsFqLrgUnF?Z#>8PVq$u&e|0Yily4Dp*Lk@Xtf6?PT5topx3Iu#l(vd|S}*^@-|VnM{W> zs`nhh5MGn&Q3X{Fl-h9{;8-dIpOZZ>3nyu;S4>vIVf54fj41L80+C_1iYmwDdsh_b z8}7`42#o;qGHSVK85xdkAr>N>QxGg%<&!e}FCeqwltNk?aNp3Lt3%2$l85@Dr^}y= z3GYDoQXb)U1pNT)4(B4qAq6og3&l-WaQz54Ut;-X85$sSR{%XD9)drcEwj3Bi@EVi z=0gS`!{B(&+paQg+(zC~4mL~9orcM^^B%~)M-)nsX18?lUbRR8+DT;-oJkneg!(R# zW-u-opM5z0+H_srSHm!D+1qK&6#j;IjiQKh=F$4d!yti>w+Hg4LWd+xZx8WyvIF>U zF}4#d5SpI>^hqn`?pzFpur9CghjlXsu8_?w!H9D`C&VO*A6$kwYG#Q2#7w>%{z55) zcVz7G*E$9}_i`UDDC)Is#;!xY(x#%{ek`4) zo0V(4OHbl7AhaVfAa8iqr|GsZMP$fHHe|X{>IePq>)Y@MfQ*W64wV|1zD6+d*6eEw zJ1n!Kr8|4`ufTIBF@iB*bn-XLO{wOECIj1yf2S&yZ1Y5Q#JMjAdWv_d0f0yJ{0fkT zmZGo?vrnqIz3R4kWrt?>P!P_B4)XJR_VzQMMng-W4AoD(-faubGq2Z#DzVSCh|99e z+nr7MZqct~?Hfj&lFt!F*HZ=F-g|kDb`zNT`1>87=f%Q>qT8Lj@b?%G{{F1gZNQ)P zv6}}hi^c85t(Kar&c(I#^Cw^l4gNcsxX9}4zG+nXV)%u($FWnz4}-yp=WYr2HjMI~ zC3q%X?)n|P8(>a6y)*E9T8@mh>yPZMU=MjncmMRH9z-W7v?%^NdvM|Vyl}-tB;0mSm{b} zs36>61Au~8;d>G%B-F`MWr}e95p3Is4@E$NpacrGPoInT(__elCK}wRuWZ}ztZCfu z=3cjjQZ^UfzpybTd4%)~Z2lx7&7O^yNr4vbmti8sxU=2bCTb-vYYGoQCcqzNJ{QhLE90HV`aTyA zkn%mW7q0kV0dbkC^*=j65o~=eE(xxGltMoI$>cPm{-1v^4UzBGjPwiAv0ibU20sA* zQaEKV`;(mwk!_Sjd3-v5zf4*-IHcT6nMjI}I_>g(T~fsP{=6Wb?3`E@_wWZbag^^> z&LwyH`#aaLzP9wDoB}01jZmvMeEN{i7k);QOR~aWQ&;3(kTA(VNru5;+EOuo`#MQ7 zh|sV)B*i{+C;okszzrnpi@9&5 z+qNkuqwU5V%!_NBk#pN-+mQbx z7vMuzN3_O>C1#SjuN3L8FMd(EF9xj5T01D^A=d^<`20L21*_~;i2k6XAAW*LFjT(& z+<3AWF0=!4SMS#Tj!*l?EpH|q%9RV#=E^>hvibh$oOzV=AU^yy9Tj}+$4Hxi7vp8f zR@{3Ed(}QuO1cZlhp2K{?9YwLDTrLm=m9cI0qp)Ld^kD@2?f2k96kj}ij@dh5_CvyY~f^nAD+7wOUowU-$Y(OLR14UPuKXUpU<4Y?q@&1 zdL!kIYjUx1CgG#OJa`?|niPK8^NI+S0Y`fj-GeWo#V6oB#j5V&(6yf^Q1__(%(0u?n?#OL^It8*`jCSLcwWARt;a+UQ+$bx@5a8tCdX-GY?S5qCfLqDzhYc z?AA6>U7~R3(+`-j=_m1I{v$J*)t=XP6+P-wbF9FF3o@3A2i?2{ah$-0BtU4HS$|L8j;ICw^^^A$6?K(QZ!1Sc58i6WCwgNbE&KX0 z|FHZH(gpTM`p+jb)qz(qb}V&#j~up(niZo7eVFfmPXAqb(g=TQB5E>aC+z-?1b?g# zZ+QaSzxj_|C1p24)T>4x2e}Jiu`(k0X)WWh04h3WpB-V-q|bd%Le#k!HdyG1#ZNts zrkzw$3~W(>KVng&`OMb?zx|2$2W>nmDP%~%USZ(|&-{t1U^e;^mSNUv+D6*1p?$JV zZnFYEH}~T2(Qy(Y_<+MOOZRUHL)Vau2Yj>m}_4E$8E*HD^l z>4JL%zE?ZER(|B&oZXv#D^_@HDg%)YF+;|>SZ>9cVw*cS3NWRXWBngik#9L87d+u)gZcStA~eO!=3z>0 z&It2&w~yC1q^qLcs5k&yAYfu`rPfbd)hsZi$C=4OF~6{f9_+?4d3q(4~|CD zp*Tb%4iBqf2w;(AfU2ODo`(ui=!z^ z!_Rwh@Zvm^1D43#P||SxhniAh>bxaBjKOx_+-3=#mXWUYUidsg8 ze8$DUR5e{D4;vD2Y9-aL`gGYe4PT#-$Fi@p-38g3=z|`-&?2M zZFx6`>8r{kXrDrn3pZVw74g3}clqhhnqcm-x1aS|CBt_e zSFEGoPYwCJOLT!6>eGD19FM4*&Y_iLT@e=1(jJyZ-R5-PImK=)h@m;OZcFw;y1+8A z5!v{F!NyD@t^O}HJxnbiRvJn8iSQ7gx!KYw?^m%ecuByCG&{LmjE&^K;^;ZVl4;*p zC@No5J@s6dhmg|U@)t3X$UaZUP!aV-N(C8gi;mtIM^f@uonLfDGrP~BS*hBSVP0-JmDT@>a^%qM8kJiK z?+HGAB3tS5A?*)J{sRh%ec_kxZeZv=Uvrc*V3XFt_V4#Mc8%{^NlDP+diD2pJq6;Z z5Q+r1ESHSe9)|QS%rb<;Q9aBQH&LyQoLv0S;l(! z!|$4fTx;+Ha-mGQ!qxC;gGwH;1~>Ct4>(sA^j_H3{^`C*D&6kA@$Id&yT>>=dtr|Q z%f_ZJ2e-#G*Hd<82b<*BC$q}`W*Ldh3m2qtu-XD^1-5+)KC$}3^3M<}k5;52CEt}W z;YA+Yei-BW_x0bu9ss5M{GH&dw~+~gVdD(RmQdIW$G`cdYT%iy{mbt}nj3w<8o*h% z)B1gXuXkZA;`Co32j>GP-QfS0N~f+h&n})nQiC!Cxv-X_Jos2h#hP1}MLr#NurmIgw9u~9zhvy4S%zVIB@_po?^&dfUR_j|oB|po+Q?_^5UH<&jYk%Ix zKpqth`3Nl5A9~CuAO0V;(FuILfFg{XbrBLSa|%xpa?D(RR`_fo6g&>6ZyiGZD{=lu zV?7+p?RsXDjqUnShEEHQ)P?{5YOpY%S*953W1Ibe{|5)cqn&{FsF>}4r$v12tqzs) zWw4J=ST70tiFE=tG41lQUzyiQSm08Pz9-we36Dxjp$2I2>-rfFf5?M||FVHCq54>m zlxN!;dQUq+vaC3nf)^Z|aOCih>wooe@QtlaT{uS`wV}rwy?co|ev5*26@aFXe1T6ah{qE>%1^EB#vHx@W@(Awh z0tlr|@uUC!Zs^UZBrE8#y-$GxsNdiDlPq^FRa+!q0X#G?;<#&zW32@B|UxbzA{`b%)Uh0$9`kF#|K$N~I}wO&28UxWza>btZe9c2$y@=yeGxZYhU!|xt_5i$ z+p;G|(}DlyqWF>tDY@D~^2j}UagQV*e`&4`<&*0rr2`>F(58##I_!sIr+lMq{2C4K z(kpq?-hj`@1IVe``87e6fOsrd@h{mh9aaJ4#%rNil@5N8^$RGU6ypI<@$!wjt4m&$ zq#kgssVkPVqpW~zd~cTqO5cbD+gN8tM)$z#v?;Io+t+B^A0Xf>G68^h`y;cwvL9s7 z*iCY&+#?iyL?~FO7(sPS9@>uoxSpKo}$wFd$cHfbr{X#7G{Z&}-`*ptR-W$+d z>do3>6Uy{nOpQL%RX%%Pcm$yMy1$dmt3dUTxS>pu76%S)*GP}slw|Z`ZgD_YYva8Z zKdsL;e!XLkmC#md3t^D}O2M_T`I{1qAgT?3Us)Y%4wBb_sHqX8_Wr(dYYaU%hRmk# zni~7-_I20ay)=i)=kbpUp8ZrY@tVa8)_(=A%)lo_QqlF|rUfwU9u}c>0!>jOV%IFy z83J-vY&tU2>+oX)0~Z*88t^HSHFvMpXj%u4WP?$m9uavEA;5jjbR}kx&<7FP;wQ)R zv3PTnx$1PHTh)6;Izda5fJL|4ugEBxZ2)=!^!WNecuxE46;-Z&q2a_z^VJ?_r~7VJ zgox0HxqXg8z=N{`p>;roQUG(3ddx(7ati$a=mF|WeWnkft2(ojFnZ106kP@3V894o zq;Yz!h_;=o+@A*meR8gPTIEv2!CKBclLP?xW$_3+SRFR5%JP~ch!DQ`R}pZnS4OF6 z9gCNa&iFOpQMUt-@<#SU|I>Zvi>Ot_K19b@)>+`$hA?%;HBLCaaQv6!mc2UUP1%g< z=sS*>!{DryEkIM}Q-6Qo`C-dugB;@u(MXn4Bf&tCu{fZezghsgZX%!)iwAnGm$Xex z7gcSF{RO|la^nO{W+NSVR*P;e$H%OTvm?*BbPt$<{Np`|G2g?#w!h!%nQ;F5{m!#i zwmG6q8$U&;taxpEwkf0V>~LePmEM2h63~t-ub74+hw_zl0_{OyQBxOV9%gaIYYL!N zCS14gWrj`*YTS8fzuXE<@!Xs+xO3lb#$Li_-%fauGupV-?(v5&H6h3LKZkV%r19`i z)qf;A{{-mK6Ht5km+so*>@VllM(26huX-0ON0F9qf9Zj$l;PmBHWw)P!_FJL=b(%2 zEQa5l%@q_OJcMOsj#J_V@w`s~1=|vROR&GxR#R~R5ea5t6>}(z;x%EU_*V53z~3KX zdJ}||KSW9cGrK32-i4SmL|?u#na6+$!;0$G5a0Nb$q}qCn*i3c{|KyrDMk2<-=82m zvM)%dUmAK0rp?mnO>_Amq(0`*>2`C%;TPz8z%+}d6YlvLuXBIwmU#_eT3h(<4q9Jh z$gd+YnnIQb+vA!4LOY+H!Q-s~9M-yPRcg~c-r&7zm#+XEr| zv5gV7U$bh#K}gTl? zJTWT%LB_|~7ljUG0MS!!0aq5X5@9F!l~{I1AtcvPb_{U>R3MilCK?!`>-02i|9eLw zdsPxMA(|io|0LJ6ATg*~8?gkvx%xy4@S-Ud(W!;uk5_6gUC)2s#*jJ5Sjn;=J7K>* zA2OAfXQl?KzY9$XmTZiuLnN!_Rb{vP9NW(DTn)p0z<#Qc6dWMH3!6hBVJsN+ zy5r0CX}5I2-0kV&9kqS(Dkd2?awe$VcH($Nk8AzM#<6fb!xZVWA6e$dX40!xUF6OX z!%IdwfdKfzxkEz;UQ3MlStV->7|7<5&T($QSt)#8Xeo*Ye>iRp*_YwvjN_(~6C(0y zM@EQ{5k?YF*$jbKl7&$wODL5bvr;GG1RKhKwnk2c!IG)fIiTSE)a{YUW($p`Pa26O z7ve&0$UtQOBt2&K`W#!E4jz1)Vyv&@q@XmVjg?ZNhoEUXQyXY2DICEZ2`ae3><9P) zIVinx8VXjGN+ruDWCRVwFZqNPUgNo#c+k9slAWB6!a47RQwPdM6BI2(r>*|;^tvj`4vcQk`Q2$ig)rCk3&SL&S95*7?Ju=sb6(?GN>?b7&Sx%lan& z&pWnS5{fR^KqH$0hMT3cOw5KQvH0M<2E+512qBhzffPrnz*w;(GA|GZ&r;q-3?0Xl zslP++%IH95Z#0O`1mR8)b1?;nRdmrLj`v>6k60Rb3-P_?c-jD{tp zVQ_lNP*fG@2ak?y1i@ue-XKI$BRnH@g?+<*u`88V;rDd(4V*WmuJm4|WjCdn6hM67 z%qNhe7WI?;#YbN!&tinfs$)T(#a*T%jP`)3_P=Zt=t6qHg+kL92C#rn_bC>)jWo6j zrJP!fQD;jP6(E_oP69VF@ROb@{0WQAhG;dQMJ-VZE%#sFgtYN2r^pB}+puB?7kM5% zrl54~A$f#iNl{dw?J|&&RY2j%5?`HmUhPx7qpmVNBC2_LkE+k#aX8=DeQUC+NA#&g z7CJnbu9thSo9LtceoGs7D|;G8q^HO4!-==`OF8yxaU7g!AHPV-|KrS;w0~L(Yp1*! znXs=UONF=}C(vk#QMC=D{Vso3DssFaM9#`%!nv(@Kof&+70NO%LQKTeMJR-dm($k= zErjxR>eXK~U3leixA2;yiYd{g3pC&G88zjaV2|Qh5`2*h9VkyFewNhf(#|z=ZDlP% zhlz3+p?uNJg_J&8)F^mYwDzJ%SfKAEF`;yfEz3|EI7cODp7ac3_-kBLpsBq&R9&y@TVw_tal* zG36W7O~S&T8w5Y^KNulihU9%QbkTG1-L zDn8%%$ijkK?*8PS+OZCAHo8ynR8@n>o!Mg>(VE?y^-kxQMS&nwblT(&-<@OTW17$f z*ESqTg{4`h-!0b*hM|!)7M0btcEyWij(!#xPK%;UHp?E3%p!p}QfrKed(}&7)aLD5 zOQm?~YUF|u!tPi&8z-TiMAu8pZ#enb9phe2w&f1XRIsm!crM$C{2M0-CBU1z>1}0u zuUBu|Ri!v0j!w6N;K3fwa~n!=wlyyX7}t<&q-RmchqhV6<__i$Fx>#&*Gn}rVsK(u z;ljr_WliPkv9(M{BUUM0!!DgF>nKbtOQx~Ymdhl!c(1cmTDZYds z^JfI(A>~546cCu4fOi>jBgx0+Q6~L?1Jb+N2h5Rrwe!8l@yBXjnXyQJxq{}UB$i$x zWd6iXYbpMTdS-A#(G#;7SNO*_dQn;MKTrXW#%{ko`o-;Zfh$g^c=P)uYrE9i^+RlQU zm4zcJ`%zE2pHMb77o$^Wqb)h=Vc(KsPBJ`0=kpxAw z)w2MqEp5taMZ-8hH0hD=EJHg6^a?t>T_Gm)cxW+hvA*l8eURdV)WanBX}(t+o#{4z zmrL(4iWHU^G5v8l&RhIgG=!fvu?m z=z=AmM}%IM;wibM^oA*nU5?v%^hMo&^uCD?KWrMNrE?M4mfAiy7c$9N*wfAMNpxi! z+)G!zmfqFKU zCqn&^9t{o|tGnmI!E7Un->Weavzf5eXe?={qY=} zJek%8X((j_lCFEpJ{OB?nUkwwe@RXgnJ|X> zrM8;P!I>DGkV^SRrYL&>e0_16W9?rDP@~+QMWakXOv~(aUZ&3r*lkS2rx>wLAZ&?@ z1CQHRr}-u0O1Bb2$C_a(11tF1LZW5?@BxbY2LaQYgW-$(oJRaJAf*8>UL~cK1e->> z-8BPm61ck#PuISUrwCZCcM0_pU$o~$Gf0XVZCL|P+^?w`-|^kwd|5k(pkzCgY+yrc z2%?yp+ygI9@-o1FeRc}?&DzC0*6o0tyIf%RYCA(f!+(>w$V{ALpdI;=Jt`A?0-4_RM zYcFapfF#lg_8$e?8Wvhe-Zv+sCR`t=|I$5B)AKu32Ar+EtqLBeQ)xg{VB z{37Bluh%uOetRbtkI`tg^$-+>2N}RScc_dN6UP*X$F&CM0R*lHsqS>q!CRyZ_CSmZ zcx(3?AkcV7VQ2Wt$5#GLof(~hS}GJ+#UuIgtab(e4d+|Nt{QkY~{hF`JO<^*si?h(k_ zyBcMIT?yi`mxpRe^WklfCLI8_q~1ynul^DvAEnqAH{7C4lMyM#Jf5t0>u?UAjG*_> z*RKz*pT}F2bZe!xMSChg1c4o@l_zt($9*5=n|$MUW-p>Rt}TeS1zbmrJ-hdM_O>9> zd77zHi9m=b{8Po8TN6?Z_mAIvNSN-AfZ9MsURSjNPB6-G82744jw2=ifjc zXoI-ixU$wRumk;ls%LCH-}72Z0nImM$x`iXANLIWrv(uDVvNDP zbqH3DF}UJga}W*Ssc%pXjA1wp6}z3>O{)(M_CB_`qCS!qbe6pwaj2D&i_@R9e(Ddd z%WZ}TAoYz0UhXl1iQC)w`WR%%H`aKWPyt=>WL3$U8qG|vp|cHKTzG1B@1ANkH-a0Q zLf6|s!6qHyaLr^>2?mKfMBiZkbOIJASSU=W9XTHW?8&;_@4!W5!$jjvh9XYod>6!vJ?}B-x?yYP*DjiWv`;{l|dH;uVCZnnVt{Bj+TLD zO}0K~oUtj{;SY4rEZeEQo&!&>3DepK)mg_E!2UQwAM?ZS-1zwK$ONVq#~{^Q(6ytr z5K1iYaq>^0VMHuD3kG&yt}FmZ>)sNqermlSO>O2P_%oT{t&a^~6NzbEH3=9sFf8aB zjq5uzae5G33rirQ6UkZpn)E0IBDB=GJy4FzfPWkv%X5rqH#!E~4Nt$~`KPYXdsq_L zKR~4J6F%yaaVeopAi5cvgjh)Uy0@~v3UvNrVM>irrDgh!xyfK`2mw0&>^SYIm##XJ zxWlQ)OCjY&9nvA*LctN)l(q=ZRz8cIGZM%~th>l6eFmUM;tE=%v-5G9lsms{~bEf!#RR*$k7V)BCdgK#{t_j}n3H3I2PE*dnR+_Xi(YBT7u=!9Ra9I^>U2%89{7xlWAGWq` zd@`nn?}+S>H10t+CGvj!w!p=SJPFnh3lg;TqVkSOVKj^U{HV*k2|#G*(KH)D^!`f1 zb%^fjURXL*cFM8q-l8MeQF_LTc9zy>t9~J?8?<{@VjHtvL?a#GR~+xjW)W1jLOmZk z^5$gCJio$7k;eMVN#k8y+}0p(LaKdEDm}9f3G5(SMa{TguJzKr8;bc(MBR zo5=x*=7{N3mV`8qRZd#l@WmsQBpvDs!b;6-Y{;!A#+-(bT{vr;snlFSD>F_Hc!X~w zL%fOwZ#9HJeg&#*!RtGLx(p}vWIio~d=@wZa`Z40DH#T`#hvyzGpOK*?36_0-NyP} z1iSNH={fuaA5gb~XxDQ|F*-?|dr>0_;sP$a3HcdcVeIbK;;jVNZ###j_u&^cu%Y$8 z%V>j2$d1fHwT!*~EV}O=h;o!o*MiCW4XqGiUq93jYi0mgm=0yu133vvtH!l(8nUTb zECWw{jBkdTub%{@Rqw6k_xC-#W2c}kLwgQlZa#r@8Vc(k4Hm}TZSQmd!u4VYWn|l} zkgm?E@i&EDB}O0tedj~VUYL~7ue*7pLSc#+0kj(ur-GDN|H0yPL4tfAj1a0_6pFCi z0$M)B48*eaG&jwGkb4*e?Gf(1DX|Glt7TG2RirpooYJZc;D0yxM%V(U|Fyca29?~+ z-EhTVoLS3r#L!AnlL_kG5w3j)XXFy8`;Mzq7|r}!3x@gBj{AHi=#vZTS zlE_22X*8H_bH^d3JOdU+ele#ZcwWp>?V^@&_ErKqT70zQUEOxq_rKkFNU-nu%$mhp ziCla4pcl5A^z24Nq>Nh*650~dmjyY#n&128_A-~=+X_AjJZatTvVGrX_9TNzOPhX( zYn>r7fspR8dmazGT`}nxzn7f;BuHif!4GqRGT?*`+XXB#PUa8U#C#gxxH`)4{(VG zW>qG6RhFN8pOKVNs@j0<=#0qj5@eWHOEPj!inL|3Tzcm2*rp@A{d}4>U_)AYG_Y^_z zg;`7THYZdPC7H$%ybTk)p%tVg*9FzHu;ta&Kk1v#jwN`+<1iOX%Kh=jnt14}0^-&k zM|^H9Ol((4zng`EIU^53)*0aj_AMmlu!4bv4_RtKOY<7X5x#Qu8O0A)**594<@F!s zX=LC~{U8zz+HSE*qqHk}qgQD#do9cH_H`bFFDgof zzl%j>qBaHAHh0Il{+wBY;2Zm1@KWNDLbWo^7CDvZgyAFlP0rcBK-YrhdUe7wYnybd z_2Z&AW{q3D1i!(Ft0TO!g1svP_KXlk^YmBC)bpz4+{oyK+VW-3UW&T;8kqFfjyUVv z<)g_imkQoYzM(MK;w0f8uej}`AcN}1q54d*B*->#Iy%n3Q;F40{!{bA$|I)L6D1rS z_hY~A-Ch8<_$rg0?2&SkPM_HqZtEx+scf{y?#)LWGBX6UPP_H^vBT1hzY=B%1UiCe zyj_Hyr;JDq5S~FPE~_)2V)!HFmF(CjV-#x>V${(zuskXI(PG#wJX$2`*2kL$b4xJ2 zMxKN!M{f>NM&kq@P8yxLhQu*c8<1 zQymo6E)de>s&YPsg)z~-ed*Fiw}`1cpXz9@>bh8J7ruWxe_93KJ8xR%2ja&uIP?tMM!Vu$c;3G;ur`s*>BeXp6wHT{UH4DrQ_aYlCksKAjhi2Z#x;fp6p z$6ko!c`2c#?U(_@smRO`#R1X1C{LTa&(gr{KbqF-yQ(o_y52DU@8reGlx4N40Y7s8 z_LjPo_+RCuq9b_4VNKc(2!dCc;=Xar$~Q$2&dyX&)lwEaTCaRmD8S0sCy288 zjUE^8!r37B-)CC(1pTaG1GC(YuqV1&YDV zj}qIcwUV?Qi`vI9p=jnS#r=}X4N+Dp({kQc0zL>TY1qDq)ejO&WVt+5vXDwxA~_V% zj!bVkt3NmM#9}#QDcU@mkMq{>53qEOV+~(%l`TwyOM9u6sOF%=#i36S$sdIm}e+@m*IRo?bZP89We7J(bAVF^|F~FYkpqMb@FGc_vzfk{_+gNlXrAraAS+n% z+b=UEL64DQb58|#6}S6jMC_s{ht&w;je6bVzN(Fs3@ou%%5x-ey9Q_rSqbqvPb1~f z-?jygj@L!B?*G*+`WX8|Z*nke@b6m!b|^3jvK7^uo~J5#(!2MQHd-Gis(zGQ%>DH)Dx+d(ZDfdI1nZwV zmV1xC^L}hSe2eo!UCK9q)kc_m>UQltVdUFUG&|c!V^xIo5Bxu1J!!=^^q0`Ck^h`% zOL{g(kMH{PtJugtA%=>ftQE=B^rMsgUvYc-*(~qk3$|YZdD<^%xaPae2k;karwPMG zE+H25<8XU+{v~ZkPUHCsWI+eNO#HnyEB=-rQ62Nzd zcU9JG-OuEsMU-bjc1ic|LG8&yH`5FGpo~w@s3s!iWvU7>t^<6an4b#$dG5=lm930` zypEO0k4l(hW&yr&Af3v6NVpdF7y7$P9LZQkadLj6W$qzmyoOkhB+P2g4hwUrbPBIO zCj*5B4?GIm`!vdL5nOl7bs6aW!=G;aB3xW`+{HleTBj$xmBU4bGyG^~s6l=`I^aS+ zp+aR6F@xV*!u&{`Lyyrvj3YlLC;YZ zTJEo*ek6o+DJgkaWbVn}QTzH=QclJ~kMo1)X%OpH5$|I*_r=$G>SMibj>t1*@fMm9 zH-EEBSwYd1guM)^bOx2unP{|?7YZi{>vB=uE`p#O-r_fPBHGcdIL>_ZfK zBl38G`+M3)l(IShz2DDRR61Qot=z(pP7NELhQEL=2zqyG8+~-gCe7EhA&|h*xBQGK zYMk`D3|Y;Yh3s*rXafA5e};2H)^^fTzmZv$BA)Z$-HK=&ogmWX@WOulJ&%1BVZOW{ zWhqu%8ppilusXdkLEDZliCSnXE}`{wqb?t>w9^xbtna zYylp(#ud*z1_Jm$9tDfmmlywZ^V3je3bP1)W?Mo3M8uEU3fp(Ri4i!R*e59YlHMigkgsAprN;Z9b z!O~dzMb*5@N`j=I(lrPqfNxMY6X%7vF4KkSKi3U95w&G=GJ%Ah?&!k`X7ci@IA(+7 z$IQ|!G>YM&T6Sxw(Ym1vJ428?B9Q@J>^P2x{(Z|y_X_S-i$&!3eOVyvcN)EHO{l0)BJ5^<8TGa403Yx-AD<4E0nR};oQ=~~Q!j*=1x=wfz? zA&?Z;$Z6tqqKXyxpBLcWVM$Bd+dU5vqOd)mQO?*)*U$8}`Yc3r68ya>duDI!X71kg zFq{vP05qcXTRyZ_Q(tN1CucFbe* zO&|dtB=hw`9TFc%&$}DGMZ@dj^UjXoH>SInEoPc)5=J+@ml&yL2s@L4?ZVFU6eBH$Z zAAKi;_+%dK5YWmseJ%P1zl8Y(;GfLN6U{E(!O-IiGfACeUqDT@lVG)Y%Ax1-UnJDR zD*;zlh*1T`Ptv#mdDTq9=)Jjgf8$=+C{x^nGWW&$2d2*#c_2_^1jOYJ5tg2bK1()q z3D1!z1ZojcE@vjgBYKi4e@k?x2!K6XAH!$1?1ATyf%q zWn`9TI%I$B_@eL{@zo@C1gN!eGI8{^O2y{>!+w$bR-B^CR9x&T)O_ z%O~CN)`$wMwh<)75m2mQ*z|-sl1BoD?>IQwPG1;8&)?KeKfu|02_K^HXY0S*SAGw3X})z8(X6F!t+?(~DT#c# zAdJ8P>5tY*PqaZ}CUQu4!bu)6TJVfKJc)AzvPF!du!xNd!JMWFeo~Aj!NGA3fd%t0 znHAsc?FQlzgKqj?!oQkjZ5|kIf7E>^7(;nn>73||IQ3?#g}BQn(BYM_pI?mufums_ z0?(`AABiCSc3Kxjh9;iEg)*6t_8ut{639tF@tE{(&Z0~WI`aI-=3#2~N83mxfeSfQ zki4KDH+40ldjACIwgu1b2k8g}KoNXhc#C+Why)l}!RXP}v^4ZShR^UhvkA2KljA5= zRDzC(`{slwG}?Z{G9uB3n)O>{DU1FPml)m+?78L7S9eAZ50!5<-7|tk(bd}R&$&E>!rK^(2s^@O+>FkQlI7`AJe;~_9an^xRVZ}MKg_WL1xL&y>B1xB80f9@6Z$lE{_nMQ*7DWto{2qcm6aW2&epe@|QYBXjXOQJf7W(8M3 zY+g{A!Se_ic{@v{bTk*+Im;dSxsoioG?+CyB#KN)ATu763I&aT)$cL8reWR|OkaW( zrsg7`|0b7LHydt&5te()u{j((6Y@%}Y#!oA&06rDxf+oSGpUnKeS-76!7?;18x{k} zUm9{iDSw}-2u>2>HSzRQ=k+Q{i1j4aqM@!fj9X6m0BouAKf>DO+L4){Qc;7@nOCRW zuCyj&jUfj{BXFaXaF}P3C5O@UBvp|`&<;pXF9h>fc}>inBq}GxmB+Ai@GkHnor=RM z_JMsJ{W9exuSvO-o)($uyB|>}U3+BIr_CZEmS05YqVN^G4nB8WDVl+#>)DIYxVIen zZG&>zSO(JCN)v79{vEfP4A;#H^A_zK2e=Ze3e-DT|2vcTi=odlQ<68wI~a83w&5(G zXh*m}{k=m)1k&DA09CKYz1h!FfR`{1nhIo^3Fbq(@^+IDHxQ+9dX0h5-j1XRq7F8V zEdJyar#y02kg^7q3l%*AwJH4gVBz+fJ5q!T(Be)tDToQq|5MmkheiE-;nFN1urx?6 zAtj)qbS{kwf|L@{NQv|!A>aawpdcY2un1q2?(Qx{KjGM7H479tri}*jhTez1|u78JF6v*Ob$CGxfxl#Sh-TQzT0B338u9S+1cYEYECwSm^-40pk6i?NP&>xpPEec8^+BswIvfAAnGv- zRB~^!GNm#I{4h8r8U#MtCWE!L!{DyPb z5xnq!Rb5bJpB#6LCux{L2Fe!#I@H@7$`52mO%XHv>k@JO7XI3-bhbli={4BLgcf zbnCEtPbbHipj&8Ryt7X217D8uS;Wl58*OEMO;9Dg z%e8zk*dW5)yu(h zc-C+h=3BlcXjVd_0WiWU(-C3C~-31ZA@fGoGj3p4x$5?mw z%eSDjdloBbhWybXL1i0^X(Nldxnu*a>`2*3 zO-c&Q6$XyEwPlW`;5~`He;Vys{AJquh@LatYaxYtng5s`C7PCnP){^O zb!PJI9LHXp-K|YZHs3gAeg81`9T&m?`p)%2H+Mi#OkVv}jUTb_vH>zcVIz@sSGtN^{y;UQMR~f5x-4Avrqya(L}cvBYz?cZD^LLU`^H zx-Hl6kl-x|)q=IW2QEDa(o(dB?jm2-jlitaALpP@v)-_L(HKT`= zjDLr$j=r^J$(eKw-Opz($Ox-mIIzce4e9=7&0xl{5k)zAe^~Cojdk7`B_VPa`I2=a z{I%BU84M}>WVeMZMvFD6Q-;;doTfiPZxKzN^{G6~o~4CGn`w_$CUNq1z;SO-Z7u!I z2M3u3|Fl6FJ68>Hwe@c=Dnv!_Kp89bCg)L|8t~hFF#(1qHux@eZOdl|#`@dI!oS)J zCCi#TC+i-|Dl41P18}1GQu3nH1pDhJSq+E6jko`f;Xx>mp$N@|N37hc=>Nek`mjTZljcKfHq;F43SKH$*?dViHAQ{F*b=Vs#%a` zrY!2~xw&aAo8FGUK5@vuN8Eb2vB&E1Iu9ZgXDI zO4Yr=lJGvhR2c%ny#k)R#`oSQW%;8j31j38DG4j7wI<*M zKA}AKJ?HV}3`3_;(Tu-C8Pl-Pe}CQwHD6Kad(LTBWS(JN#b8!3`qj_SF7=TTIJ#S_ znScNNv4nThIsP1OszVQ{-`zSDv)C2)TD@c!(5F}Zu8ti%b{zcBxid6?{PZTMQ9pYs zq}}uDkfKcb{pyVYU=%(WK`nVhTciBTDC$!6uS2v!hrACf8D=lLDTdSE-V4z^B>UG2 zAE0y5?V!v&2EanGKk>q2ILV_w(cy)t0<_)$>Z7VZ;(=;Znt8(sUtHc@Rb_+!7_Sfl zEv*2OI^zb$Hc?B_d_8pfro052EFgtJ&Hnj%;^FX6j@Pj)r4cwNR0tZ9zZ@#SCMIxU zkHjIx-$wu|#R1gttKtow@@J{?Xu1V!FpvcO0_fSy{jTgA^reEM&cJz-f4XVu>#=Sf zA<~F=m^;|;Zxb8@r0;Qvxd3+{Hho5K^1{~PQAXxmTRLfof-4jN>L|86r`H{~8(pHB zj$)jrYAZH>=9CGQ55PU0gC}V4{%zzIB_6;F)sZuc^>#+FyI|2KoyY@^0gbrlx+FoQ zieMygqB~tL>M{E_1`9Mh67@gv z0Jp>yfE&%ch70vFGCvLcNEPk65M7W=-tXzEY{ny-(ETprlI*?lJmTK7j8FG2wkt*C z5wo`apKSg(O?-Xo>A!Q~d$6~^R=My=$hpTRAvKF);{xQXMm{Uz8~YB5&2K;WJsD23 znYA`p@LQGnhxd4Ulw9fTa&O5!@u}i<@AC7$u@bSB(I+E*N%WO1@)s6@`HiX-C+W$% zN&ucLUoSAf4p2VdXD*Itm@n5>4raCG%jiBD_lZqAi5gd1v_WTvLHvgC2Ksk`>2>RG z{>>`U;szy&+D!o5jJ2q3FXVN9s`O~*J7zm9#;pPz)y~GPV;?#=B`Is%<3MJodCmoh z{r)cET=93LO7-EVu`rhgCI_j@3u5QCf~p+Vg3CIa<`P+_UEZ`YI&Jx6{kxeCsMBZH z4_y9CEgDH@KD+c0PQt7Uj=Y}r&maGFf6`MV5_os<{^x&I)!0kI3R#~UQof$C^}B2! zmpycnUL9(zoXX7`_aXMK$f4n#`269Y;8aTT>(9MSy~6K3@z61L*%R6*U{DRMt$X$| zeG_QP9dvCsO|mkWK4-3Qc66TDHsS(8cxMpxxaS6bckE03FaC;)*_=d)SuHmP~FQFoa~_H8HZ|~ zT~v*iZ4SwLSFO$ZJKD|qR27u8%$fzWf7Pmph?3|HxNxmC6}8N~=U{Sv>uqx1y34FK z+9_+=FG8re8PDhG^UibanO6})RqMH4!)09g8s(a=`hVkZ1UVL#e);&UrI1OEGmp<_ zE!^T@pS5bz=TH{vwBGplqt~!#oAX}-<}nfZi|0-Ksg6Gqo^;wiNVW}gs!wP29{)Wu zABg{E+CAWW_=W7HiSO^VET=gXL;l)A#3aA8ce!aTE4A`l&HrF^(U_^(&|5(a?QXsg}6vD;o=3HTcsVQdwDtESx0b@IuWXMd`;<-9r`_amdf zM0GaUM9sWxXxJT!g|*ukZOP_uqJ77M$%GlVd>4u*v?h1%gQ%-VLbI`?zc8JB(eNZQ2yYx`RA*&46d z#TSOnUtMAPAwfS*j_v-`eAjAeTg*UW%5ii@w27U~%Chfih>53_FHCKC&AtpC zt~ssDxEGzDer0w(lJyRoP4yZacqHGtd;uoLLVT81=BDYZGzV$+DIsK<-{p@{v5n>A zg1?oM6YtLZi{(aV8DI7e9m<52We6wmb9xWPfss>rh%p(skCSJ!^*#fb>oixa#jrN zJ_tw&eCnF)O8z4TGkSOm#zWyEO5)VS*LQ=F`MCKUtfl_(^*>d2oT@9mMJBg1A3Oc7 z7%5He2X%C%DM2^qG&4oL2dPK#LgSX>xlmzv6%mVj`KH&Z#lezuRVb#w+l<9g96j!W zepD#>E~W9QYVSF%K1`=L8D2SoRUULE>-nU2D< zBkt^sq zFX8gRpa?N_PWkg?<6IfGoZO@3i2lu~H??EHQMBb=0xr3||KZg1#AaR5=Fo2r>4rTs zSp9mO;%LaL8~(c*n7h|r1;oj^kFp-Di}oXL<#Z&N+(Bq+Z4C6)rv99L>Rh7_iCy>H zG@tY;(n_~yP_Uc!sdBDWs++S<5_SCOJmbn+w*$1eH@kIO$Xfato>r$9G9`gIxUqfC-v`;J@;0yD^It%7tswMq4a`_F29(hDI(r;$-?iczw#9>_O)NuQxO zzBYee>60cb8Qf_WK3FE>dUNo672(REeIrJ#d?-5M`AC-*9xs0hTqz@O#r9MwX-RN!^KxC;Vf_sFPP zx4#Dbjeqz0m?wGvr`o{;#tuG4t1&CRab5&f_3Y(Ic=D%m(qLMPk6vR>qcnWxEx>jlB+?ru!G=OtFCIFu@ob5v#n^2+yJXL~>Q82p%=>XsyU-~b zcs!KGv3#PLjRo-#6X!J2s08uUTz*!~pQPN=IqA%f#I?|MQk1bfaKaur?wMug6abab zf=SylALSo(UF^)e#$w|yeCx`)bi|gv7&=d_>Ugy=WqqOJd7~{oYydKi$1*&iE#Af1 z5|J5S5ro15a-vB7^5$3s`OZ6M8r=j8Fqc(xilh4tkYZbFFPJH`GcXgv-Bsx`B=jojaq z-j=15>>{9Ur4m5UqH8xtd|ERswZkJ~j0T|ee+NE0I-T~Nj+N%+--+V$v1)hs`bqVA z+oR%7df1c0J(0V}_%J7*qmL`yb8C_XgJ|GD3++|HS1Q{V>^A_nKV1~DA5p0sL9d_P zSy?sf{rXQ?S0OHbJDJxt*+Uj)nO9C2sE*t#-;~tat{3|A#t6-r4DSE$L$C`o!7Qs)n2 zSxAWiTYd>w)mZO)=9eMPqd9{zUIEfOd2{pThDC!fYR5l`G(?`uoD=&V)jBG%8d9=b z2v(Q~F8#`{=($mO*(2*b(k~z4+r0CvD~-`>w-$p@0xo-$#Gm)4EIkjZ$jQH`^QA$r z5H$~-XxzHG5C`ytWS?_2uTDI;*a9L^B0^;T&^r+NZ>p27IG)~m1DstG7l`Y@phw(b7e7(RdQcv$40*Qb1Zlv#kwOevwbUHY;+LMsNg{a5r1iPUuUK z$$hPhjX|G!CJ~vlN05?}KmGDb>JvyqGYbFDePddc3XQwSMfg@E!-?lYyrFTj*JfK3 zl;7LT?Stp$;OK$uPG+>X+m<4+foVVgK^A4hFfd%XWathoDuC@lZKI);gy8Z=O?sZe z*B9eA{7+LKp04qpdLE>_WfJw|7AN?0*TMR}xTCFLg;D1xk;>;U#CZy1_;To-YBjD- zDRyAf7{YNtU5bbXT)Q_{@_ej%N2cNf@?wut-sm3{dJ%-}B5Z zC|`Ix;s%%^2OHxyx31qQiH6*LF*PQ4fl*49@hL5+J#+JV)OAp)zTlr+AR8Xz1X(-0 z3MLjf!D28u8?J@&G2+GF&}>ADO&2y^DoWR?Q5xIC>yw7Y3JACmG#)LG)wy;<{|wu_ zHhvMlEa|P9!EKlAk$$zC@&Uup5_;VeARvuW-~r;#jTfD4*H24Rf8`m@2kE|}3u>mr zCmIU^k&=Fbu~^mx*nA0Mg{iT}E?RQ1;bbTlg@yq3S2nlKufr4O&GNziVikr0vkL`_ z5BknuP*`z9>jcW`USYYD?v&nGz8;brrrZSB)WCJ%uT|cdk&^|raz5hESQ;NSt5OyE zSmj)KKHCCR$TTbTN%5@IqAKOT`rENqjooxi;MOdKXZ~A2S5X0Hx@=6IE9{X3fq+V! z$>ms+^PdA&r}Mv~A}kWQIh<73doUZs)(QXow2#U^2VIkX5WcFY(_(418LdT~Aqw-* zY+4<+&gk@!GH(~4p8jOMS?3{LcyknpunnL2gqV(AzA@@0f z)}P5yVfjY25usrazP!4g?G7xZhl4jv&0{PpJtB8Jzr82Elcd5F!&};&NPpQ5+{;$ms#!hs%^OQAmq8{0g^Xlk6U4%Ja1qQ>wZps;% zweD(%@mPK!j~K_DEG=-*{+D5iO^A#D#{x2Oe>J`mtrG!D4M_mKm;^6C|IRx54WQS~ z45l6*gsSI)B`K+S-==wvJn;g;A5Q_vz^yTgY^68JN{!W1ueu3v3A}(X^&}8Owg42d zA9?87M#MsUxEHAZOaR&2z1CdejX1s>vbf>UtJQe$Z^!3PzS6G~U^~7A>gAJPwNf3x z!M+^u6#B5L>C%8Q)z)$51jf|w=obK_Y?Q9pI6l)W8B5Vh6eaF`lDv=)fO#^5C2Cf6i8g~XPw=yhY4oDfW)d9I7;6y$a2b`ab0~U*gs9oPR%Qv$^rQMwAjj3J}{Mb#A zK%0E@@AmBMr@Qvl>+PXH-9x%OEjKey-e(igNSi^MPd11K&Lrj{Lc5AR)7E#QULf*={-Qwx=Xn6$kHle2IzNkj-iVf_)k~AG=kDl zZTFho)jnbmKg+MK;QiUuq5=uV}Rh&ELMm`z=g00dyD2KU>}uR zy_f9d_=^;30RMsIXiWkD07F1%meuM&y4PmK=meHg1aFo*!zk4)e{u{?^Z{$<&CB^2 zAga)!CAG#4Xe*OW9dw2%+HpW7XpBMz(>$4NUoi%XIM_7J2oS`ltFWZs0`4-*7Pdt9hWFbBfOub}G}_Daj8QMv(!z?+376w+h8S)2fP8K`-_NQv7R zqJdYmCceq9i7{aTv>UHh65cTYTz6>jJ;ZW22sq!X;TJUvMn{00Q}7w!taJ2gCN0S4IPne{`VMSRr-K?V0H*FSeOf)sP<`z=VlYDhHPrphNpXZ0 zScG}yteS?eZ)#@mfx2|>cR6L^1*a(4<>{x_x5?A((Nq1Gvh1O0vS%1@0j4J3&uhTrrZE5h?V0xsVO#boV|XPouefVlA_~j*95QD%X_JYPL zaAGf@SB2JoR?d(bfI^5ODk5YH!j`0$QZc@6T9|6E|4Se&fmUf8My@?iv5&}F?(uHj z_FR1Kg;5+wxs>--N`gN?@Z_EYi6(tB%3@f%GuZVg(abW6h)0$>@BoTLkM$w`DJ(;l zSesO0u3#so{}gtrez8p&9^*IgtKw=k{8IU>r9#4;lxU;w#J?f-_(cZ6ZDPe|0E4g@ z&Wna9I~-x=iCiy%zMM0lqLFilbL+!-Z-7jeU5cw}i|s79=z+b}nBxfg7t51C+=XnL z+epp^Cxju5y5&7*JV#Ao6se6^Kd7juH~`^Ef6YC*Y+Rg_67*1PoO{Li2|w=|V@t^Z zoGfJe6Xco2-^79I>P)W>*N49Y3Tbo#CCT?)oB9^A6K4P1ndL&9o zMHVTF#$D#yCRZk|;hhSz3$lI*FC1G)00k-{YbGisH`!52a3{l3WagxQMD5O3mY2=A zUVy_uwEY8I(?Ns&kT~FLWRQE}qlP#JhRSRG09jU&te_fKi$_n9(B znWRQ&X(F2Wjo})g4^wUv%E)_`JWf#7IPfVFyxLWN2Pzbxs12?io722`U@=VT*8Po( z-K>?GW7O~Y6XzwXsxixmkSIx#nEc(nphc^0wKQc-gWtykWdc2Kx$;KxwMqrLNZB;9 zu{HFjm5m@1&2*I>Al`@P14FZ%jw#v!>Y|v;H82gPtD;EWaLUnA6@Hk}esa9N+^*9z zQj)+&3NZkTZ%uu@#X$~^gS$Yuy9dPd2!s1cg+g96%N;0~GcdxdTi&sHFctwVHJ)f# z-^0%jF`53INVqJD#c~7OnZmqrMIwY7LYW}fWF&?<#&pHcS5_Khq5jHor2-r1YX+7~ zE|x#7v`LUu)N1Nvf<-&^Z(Z@(W8NM!d5QJ|<}~AktvGilQ3>vvH3Q6xNYh3{uyKnJ zhDNuW-Xb#Y{3ws&TIN~okl|KzJE-u$~QJ2*QwSuC^Yy(>B% zBOLG8f)G*EaB#;Uyd|XC$Kdr25evAR0@tehwiVIw4Fk4dMF`R1jwrQX$-9!dR{_NK zhjb=L`pVtcC)#Hca3t$1D0}|Fua9Brir=WTw)_>rI(UZ@Li<$!Rqjy@qexUUSCL@6 z?5YbUFAw2Uf>>}h@$L)6H|&$#>DW%n>NTyu8Lf}xdd-n^cC9pY;O&Zlg;^v%-YNU# zks601)DXq%de}=@FF%Jmvb;uR8N&CQLsPYJH+R!Vk8;vGA$7BKP`koLcj?;jS3Zp} z(QO!-q5VdO3W+;w6#lkwzmUd=VmCE#19Ak@WZR8LaxyGQ@I*)~r*dRXC`vJ!3yDDM z`h0XRXp%bc(K4)+%W9>fl=vdHt9nP49boJczS$I4LC_9WHl5BcAgG5uB8F2M*}sY2 z`(QJiG=-xM6C8GWMxwKPos=XN$+cqvbXQUy%Yh~MU3$^|T%<8QRTfeFd)K##p0+vG>Baz{st6`z};y-@Ok1ylEf z7`YUTm_i_RS;*P>FXsAm_54s@WmYtGp<2o#-c2s$v0t&l>WVm=(MO*}DG&-Kw~Bx8 ziamk`jzL^QSCudg9Hir%ajgO(OJ{jSjiedWa1{gt8-+S63>L}mY(?g5RRlm}ILflI ze7J3T)v#V@5QGxRjMuX#52b*J8D#M@z`^l~{0a@PC%@*HUXV8=n11{EHU%kOuxYu2pro{9A$MX~GD8IZO@&8@epo(L zi@+L){(o*<9nkcM@G3YpArV1CB@5a?9%Tak4rxUPW%}HLi_uS>5i0vBph*5f8UC2Y z|A1t1Re~^(e1zbV3J#`-K#PpNGUvi0s13TPG$DMNDb^3=Q$1pr-q|6CpNOP*2L=Xa z(wHrU&%P%y<5iA~pmvku*xkpq49OzFle6tjgjy0P+J&H8!dZM1Mg))Q3VbAXNKwsaks!389xn~QAYvmq zNhTF1pxq<12pk9}vugHh9#m4?|4G5dpsXR_TSJr{R)Erk2+jx-(AANYxIKJ9&Pg_9 zb(=2igU>WN0xuLLfDT)dSmMkmYjFFf5+`#o1(9CvEpwjOXIDyyS;!PtAz5HbM@7Gn zZ9kTrH;{3!slQ+P?qTKZp0H9o^~76m6&`PJnsMvWG`!Mi(PRpG3h1d8yL71duxiQi zWfx@0#ksJ%pt3SE})G_Rs=ya zdy7&NiEk^tj6UiCimryvv9QKgA}Wu=6 zo3?wLBQvrla2jIST80@yxCPwQH0jPPO*p`OJL zG*NUGCdkzwrum5c(5?(Rs*tSk;#9v@>t79zKCyYG6v!>t=myM!TfV2u**7Nb2bW7c z(}~EPI;CAE`0hVdY0B}WUgUE%JNFQGR%l`*|@=|Oy5nc{;`+WT>H zsT@O*1AH>%`y@XD83F@1CNPmuF%<~Oyc2-EpUOz`K*Zry9CcV70w@Q!E0-#i6>3g! z?eBsj?B;tvves3j8a0o(0tFlnS}J@rL-6Wn;nrS=d#f2d)A9phAxa)ez=pG7J%#ab zWtDcjjUIyoq#OT`O14qGmA*;Vc4Nq9B)>oWWic7mp}Cd7)YuLm`aU88Ab)7x06Y_U z5wjB0W7aNm%nh+ZMv&3=x9rFy1NP46+l5m~MleY(2#<^*>b{t-xhNjI4Z+4piB5pW zb)2TUSY4Fpz;bhkr5aC89RIx1bUC#d$sf>a3t^z(Jm_7Fs+dt@wcs_81aJTYwa=vj zprn?+qvrzRt?VYq&|AJ1<7Umfg5PK>^KHH`yQ%U~W_}pp{sbGR>Zir%W?Iu&TX*2I?bo zP0kB~>(sUvzupUq7soOvO1GPg;vy)u6V;ZoV6{-cYa0jD5!8n-k0jj5&w0zqQyBL= zs^{OeyjZ5_@MgU~!E(qTqAKN^gFheU{oZR$p3p*()phKtj3J4Rl0qHpPz!te_29P` zh;(g;v$73Lvj*w1>ApcCwsHJn5A{KA`f`Oe?>nXdK4%sywGjI=wr2yO`=s82S6bxe ze(^xFbnqF2d<1ezwExHA(@V*1nwg5TG;ak@(rr7LI0V=I67{&ah3xJdSDWF*m3glL zNHr%v9-YcK`J{+=*=;c^3;=q8_KqD!&~NyObTJK`*Df-1dQ0A!{LPnhV4R`3lko!WSHE5{OXv>9c6qFH;nSA+B>X7LZO`C}*LTQ;4rcG&A*FJm6a z8p-9~f=?iZF!looc=X~Uij1X2k;d|ehpYRCPuRQI9ZMKp0i*LmHCPBi@_PUA&&54G z8E$%5Kb#^sA+@&tD3o+#se==`S5ljSB){K{zj!TO_a;aHNC=c(C5@xy@hWa;?uvie z+U5hX$EdNJEC*9hnE_NN+6N*$NeHSC!?JG26{xBp))0v|LG9iz)vT%9RI;y|m5)uv zKimB6evjY-3*Rgxec)rl8@{BwHgBgdF#n8fS6lt^YPyj@@bi9litl2#3fHsnnowwa zn*xekI)loryOR-7+Pwy2iLr|)mV@K%$h@TVf#38hmZqOkZ)Ms!p$^qV2plVMcf<;Y z8n&&7vl+J@LtMG5zIRBNsms`HXofkfI`+%I@TGT5F6 zPlGN&=uWgzH{ihoKLCrGx)II zr)5x*K*-Vc>Y1W%%^3GgS~%FgemXF~kp zzq^MmCr#lPNDg;Y1UW~yuhQyb{M-~*E1Kgt+Nbi@jjkNysuvdSB=AEh0andtEa@Ev zF7skYMVOw96lw#u3K0qU9zs&|9c4mm^bfA$keCR*^oM8$v3JdX6pbOga4stLr8_@~ zy8^|05|%hMq3UCi2rd>XnCkPJ8Sh>%{VA3{cY90r?3cR4cJdT(<}eK01|4tmKm9d$BIG;(jcuwUr!mW=ay;IpytPc zft@4Z96KoJF7~1)>(&g80ptT}w{9&r6zvv_1=^4DoA{uzB_SdLIsfom}gED zfmh$63^QdN{K4D~a-)tBHjCf?P)sK{j1~r$BayT!*M5;2=A?MACUVK^L8cSJH*Z&i zqL#lIlOiuxpfE7c(^B__mzV`JHm7fi52+mbT75`_8zzD8c(V2Pr}*p)%Qcdw$hKb6 zonDPNT0E6u*j0*N?kXqNkrq<=nFHj+&d9keabP$lq1CZ8En0R?q7NX{$(+TXC|eH7 zG&p7u*X!rPJ#<=asiy7+e2jHAI3FJiPT?!UzukQB6P2iU%z!j2ITy9dKm>HPhtsqz zQ;sW>NJCHT_g-+-yh3nd?kspJuW~4_axue;t=M@0i`NsWdvb$yKh5+H=2NsuR2M{> z*9;A$qc|X3nojZ={cS&*NfcL^<*I*-h4_caM1Z_5M-ip|6}FF0>T2{VX~;XDZ(&FO zjw|ml+OAK-(i1I1rDe;zPx7m878}Iii4X~%BXq~CgC6lP@GRlzL`6_<@n{FnF3NI< zAcOf}%GVTw1388wSSZ~djA;zWiXmmGNL5>ygY0->`C#JsxFLxx5kcaRU)t)|ktt{7 z4EK>q03u!e?S5=t0-+coLV!XxY3=C=lVeB7UM?_ZU#WI!Cpt@&2`bjVE+1j)zDT9Dg$`%6C2P%U9f z>rc@_ltOP+NML$rDbATY84ATzw^5|6@4ES0q!k(o<#~NrKftMF(UdX0_B8!?%2PDG zB&M8cAttvbRG}qgtY-9;7?sT89ei}8M+S1b3M0(%V3lkV$2Z--@>!Qsu(_qTc+8Id z;Oou`gjDw*xIz#Kp{v65R!MUJLH}pPH*hmjIQh;z$X;K&%-V*~D>F%oauyQ!?kpQtB^mA;A*ybZd2JP|G+*Z zdnkAMV~$qtggWnkfPAvP8KDe05~esLsZQ&v04pcm#<9@JftPgu0XhWj5Y7&=1>Bgv zgQ>-?C`yYbW|&Ha6WAXVD*z+k&zLaF%LE^Yi=RqM7pPqW#X|=u_2MJiGn`2X=U!0t0l6$j;-Ieu;Q-b zVg&alwGt5wt)T^+7EV6VhsS*4%s#!suYL)-swdd@DnHS&0yF181nZef;Z+(N#i~^% z(xM?=@tokaw3AXMA~&7syiD5}ZsUB2uTyvRu1AgE$?DGb#Jb|98BX#bH|+ z9uK&)gVXftSA5v?ze>oncK}Emtvq+q6*@k$>3z-4JR1`90P+A_t!c(A`|Z_6g|ETq z|6>)BgCGWS?e#gioT%8%;27|73%nknm)4mkkT;#qyX4?O* zyr1{AvtU7aOhLm|t(fn@hRKWJdvr(zpbEFyb~sz50VDxG2^N?WdrtklF7A|QNXetQ z8+@PP3ZuM^1r^wi5=`q*^};K`lf z%ebAn9uKfK)(OEB|FujU*1#?lg>x(>Iv}d)l?eE-hQ*kjSaFm62Z0_6em4YFm=?ZT zQ8w7On8{op{3RBu-GK!*A6apbU42RdMU$UrS3V39^cMToLYNUNEm*w0z>V?m;l>^R zJD6xzFt!cGHPWl@Z)3l_Vklk}A+PG4QbAANU46>MPI*Q8;Jg1k2KJ?m`>x)jg?$V` z>|=N?4ZB>mBa0PcWh1Yw6#$R%1d9py*mmQee;7x?U-M_Q`Kxm^js3t_IV&^@(_nO;m#~&QhQ$Q^$2gC%v-9@z*44;| zgh4A65k(IFc@Ao9#fyMQ@y3;1?*ITz#@bbE1I42QbzhAR$`UC)V7Vl$F_!W9_Wolz zY}ht_``5o^GfU1}X?*-&Zv#5%RWnEhXV`$xQgVfU#X9g(SbJUPycNZlV_{kgMvr~C iD`WgSz-V#2OJd4~i?gpLjs7^`pN5K-av|J2_ 1000uatom --from --gas auto --gas-adjustment 1.5 --gas-prices 0.025uatom +``` + +#### Other Transaction Creation Methods + +The command-line is an easy way to interact with an application, but `Tx` can also be created using a [gRPC or REST interface](../advanced/06-grpc_rest.md) or some other entry point defined by the application developer. From the user's perspective, the interaction depends on the web interface or wallet they are using (e.g. creating `Tx` using [Lunie.io](https://lunie.io/#/) and signing it with a Ledger Nano S). + +## Addition to Mempool + +Each full-node (running CometBFT) that receives a `Tx` sends an [ABCI message](https://docs.cometbft.com/v0.37/spec/p2p/messages/), +`CheckTx`, to the application layer to check for validity, and receives an `abci.ResponseCheckTx`. If the `Tx` passes the checks, it is held in the node's +[**Mempool**](https://docs.cometbft.com/v0.37/spec/p2p/messages/mempool/), an in-memory pool of transactions unique to each node, pending inclusion in a block - honest nodes discard a `Tx` if it is found to be invalid. Prior to consensus, nodes continuously check incoming transactions and gossip them to their peers. + +### Types of Checks + +The full-nodes perform stateless, then stateful checks on `Tx` during `CheckTx`, with the goal to +identify and reject an invalid transaction as early on as possible to avoid wasted computation. + +**_Stateless_** checks do not require nodes to access state - light clients or offline nodes can do +them - and are thus less computationally expensive. Stateless checks include making sure addresses +are not empty, enforcing nonnegative numbers, and other logic specified in the definitions. + +**_Stateful_** checks validate transactions and messages based on a committed state. Examples +include checking that the relevant values exist and can be transacted with, the address +has sufficient funds, and the sender is authorized or has the correct ownership to transact. +At any given moment, full-nodes typically have [multiple versions](../advanced/00-baseapp.md#state-updates) +of the application's internal state for different purposes. For example, nodes execute state +changes while in the process of verifying transactions, but still need a copy of the last committed +state in order to answer queries - they should not respond using state with uncommitted changes. + +In order to verify a `Tx`, full-nodes call `CheckTx`, which includes both _stateless_ and _stateful_ +checks. Further validation happens later in the [`DeliverTx`](#delivertx) stage. `CheckTx` goes +through several steps, beginning with decoding `Tx`. + +### Decoding + +When `Tx` is received by the application from the underlying consensus engine (e.g. CometBFT ), it is still in its [encoded](../advanced/05-encoding.md) `[]byte` form and needs to be unmarshaled in order to be processed. Then, the [`runTx`](../advanced/00-baseapp.md#runtx-antehandler-runmsgs-posthandler) function is called to run in `runTxModeCheck` mode, meaning the function runs all checks but exits before executing messages and writing state changes. + +### ValidateBasic (deprecated) + +Messages ([`sdk.Msg`](../advanced/01-transactions.md#messages)) are extracted from transactions (`Tx`). The `ValidateBasic` method of the `sdk.Msg` interface implemented by the module developer is run for each transaction. +To discard obviously invalid messages, the `BaseApp` type calls the `ValidateBasic` method very early in the processing of the message in the [`CheckTx`](../advanced/00-baseapp.md#checktx) and [`DeliverTx`](../advanced/00-baseapp.md#delivertx) transactions. +`ValidateBasic` can include only **stateless** checks (the checks that do not require access to the state). + +:::warning +The `ValidateBasic` method on messages has been deprecated in favor of validating messages directly in their respective [`Msg` services](../../build/building-modules/03-msg-services.md#Validation). + +Read [RFC 001](https://docs.cosmos.network/main/rfc/rfc-001-tx-validation) for more details. +::: + +:::note +`BaseApp` still calls `ValidateBasic` on messages that implements that method for backwards compatibility. +::: + +#### Guideline + +`ValidateBasic` should not be used anymore. Message validation should be performed in the `Msg` service when [handling a message](../../build/building-modules/msg-services#Validation) in a module Msg Server. + +### AnteHandler + +`AnteHandler`s even though optional, are in practice very often used to perform signature verification, gas calculation, fee deduction, and other core operations related to blockchain transactions. + +A copy of the cached context is provided to the `AnteHandler`, which performs limited checks specified for the transaction type. Using a copy allows the `AnteHandler` to do stateful checks for `Tx` without modifying the last committed state, and revert back to the original if the execution fails. + +For example, the [`auth`](https://github.com/cosmos/cosmos-sdk/tree/main/x/auth/spec) module `AnteHandler` checks and increments sequence numbers, checks signatures and account numbers, and deducts fees from the first signer of the transaction - all state changes are made using the `checkState`. + +:::warning +Ante handlers only run on a transaction. If a transaction embed multiple messages (like some x/authz, x/gov transactions for instance), the ante handlers only have awareness of the outer message. Inner messages are mostly directly routed to the [message router](https://docs.cosmos.network/main/learn/advanced/baseapp#msg-service-router) and will skip the chain of ante handlers. Keep that in mind when designing your own ante handler. +::: + +### Gas + +The [`Context`](../advanced/02-context.md), which keeps a `GasMeter` that tracks how much gas is used during the execution of `Tx`, is initialized. The user-provided amount of gas for `Tx` is known as `GasWanted`. If `GasConsumed`, the amount of gas consumed during execution, ever exceeds `GasWanted`, the execution stops and the changes made to the cached copy of the state are not committed. Otherwise, `CheckTx` sets `GasUsed` equal to `GasConsumed` and returns it in the result. After calculating the gas and fee values, validator-nodes check that the user-specified `gas-prices` is greater than their locally defined `min-gas-prices`. + +### Discard or Addition to Mempool + +If at any point during `CheckTx` the `Tx` fails, it is discarded and the transaction lifecycle ends +there. Otherwise, if it passes `CheckTx` successfully, the default protocol is to relay it to peer +nodes and add it to the Mempool so that the `Tx` becomes a candidate to be included in the next block. + +The **mempool** serves the purpose of keeping track of transactions seen by all full-nodes. +Full-nodes keep a **mempool cache** of the last `mempool.cache_size` transactions they have seen, as a first line of +defense to prevent replay attacks. Ideally, `mempool.cache_size` is large enough to encompass all +of the transactions in the full mempool. If the mempool cache is too small to keep track of all +the transactions, `CheckTx` is responsible for identifying and rejecting replayed transactions. + +Currently existing preventative measures include fees and a `sequence` (nonce) counter to distinguish +replayed transactions from identical but valid ones. If an attacker tries to spam nodes with many +copies of a `Tx`, full-nodes keeping a mempool cache reject all identical copies instead of running +`CheckTx` on them. Even if the copies have incremented `sequence` numbers, attackers are +disincentivized by the need to pay fees. + +Validator nodes keep a mempool to prevent replay attacks, just as full-nodes do, but also use it as +a pool of unconfirmed transactions in preparation of block inclusion. Note that even if a `Tx` +passes all checks at this stage, it is still possible to be found invalid later on, because +`CheckTx` does not fully validate the transaction (that is, it does not actually execute the messages). + +## Inclusion in a Block + +Consensus, the process through which validator nodes come to agreement on which transactions to +accept, happens in **rounds**. Each round begins with a proposer creating a block of the most +recent transactions and ends with **validators**, special full-nodes with voting power responsible +for consensus, agreeing to accept the block or go with a `nil` block instead. Validator nodes +execute the consensus algorithm, such as [CometBFT](https://docs.cometbft.com/v0.37/spec/consensus/), +confirming the transactions using ABCI requests to the application, in order to come to this agreement. + +The first step of consensus is the **block proposal**. One proposer amongst the validators is chosen +by the consensus algorithm to create and propose a block - in order for a `Tx` to be included, it +must be in this proposer's mempool. + +## State Changes + +The next step of consensus is to execute the transactions to fully validate them. All full-nodes +that receive a block proposal from the correct proposer execute the transactions by calling the ABCI function `FinalizeBlock`. +As mentioned throughout the documentation `BeginBlock`, `ExecuteTx` and `EndBlock` are called within FinalizeBlock. +Although every full-node operates individually and locally, the outcome is always consistent and unequivocal. This is because the state changes brought about by the messages are predictable, and the transactions are specifically sequenced in the proposed block. + +```text + -------------------------- + | Receive Block Proposal | + -------------------------- + | + v + ------------------------- + | FinalizeBlock | + ------------------------- + | + v + ------------------- + | BeginBlock | + ------------------- + | + v + -------------------- + | ExecuteTx(tx0) | + | ExecuteTx(tx1) | + | ExecuteTx(tx2) | + | ExecuteTx(tx3) | + | . | + | . | + | . | + ------------------- + | + v + -------------------- + | EndBlock | + -------------------- + | + v + ------------------------- + | Consensus | + ------------------------- + | + v + ------------------------- + | Commit | + ------------------------- +``` + +### Transaction Execution + +The `FinalizeBlock` ABCI function defined in [`BaseApp`](../advanced/00-baseapp.md) does the bulk of the +state transitions: it is run for each transaction in the block in sequential order as committed +to during consensus. Under the hood, transaction execution is almost identical to `CheckTx` but calls the +[`runTx`](../advanced/00-baseapp.md#runtx) function in deliver mode instead of check mode. +Instead of using their `checkState`, full-nodes use `finalizeblock`: + +* **Decoding:** Since `FinalizeBlock` is an ABCI call, `Tx` is received in the encoded `[]byte` form. + Nodes first unmarshal the transaction, using the [`TxConfig`](./app-anatomy#register-codec) defined in the app, then call `runTx` in `execModeFinalize`, which is very similar to `CheckTx` but also executes and writes state changes. + +* **Checks and `AnteHandler`:** Full-nodes call `validateBasicMsgs` and `AnteHandler` again. This second check + happens because they may not have seen the same transactions during the addition to Mempool stage + and a malicious proposer may have included invalid ones. One difference here is that the + `AnteHandler` does not compare `gas-prices` to the node's `min-gas-prices` since that value is local + to each node - differing values across nodes yield nondeterministic results. + +* **`MsgServiceRouter`:** After `CheckTx` exits, `FinalizeBlock` continues to run + [`runMsgs`](../advanced/00-baseapp.md#runtx-antehandler-runmsgs-posthandler) to fully execute each `Msg` within the transaction. + Since the transaction may have messages from different modules, `BaseApp` needs to know which module + to find the appropriate handler. This is achieved using `BaseApp`'s `MsgServiceRouter` so that it can be processed by the module's Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md). + For `LegacyMsg` routing, the `Route` function is called via the [module manager](../../build/building-modules/01-module-manager.md) to retrieve the route name and find the legacy [`Handler`](../../build/building-modules/03-msg-services.md#handler-type) within the module. + +* **`Msg` service:** Protobuf `Msg` service is responsible for executing each message in the `Tx` and causes state transitions to persist in `finalizeBlockState`. + +* **PostHandlers:** [`PostHandler`](../advanced/00-baseapp.md#posthandler)s run after the execution of the message. If they fail, the state change of `runMsgs`, as well of `PostHandlers`, are both reverted. + +* **Gas:** While a `Tx` is being delivered, a `GasMeter` is used to keep track of how much + gas is being used; if execution completes, `GasUsed` is set and returned in the + `abci.ExecTxResult`. If execution halts because `BlockGasMeter` or `GasMeter` has run out or something else goes + wrong, a deferred function at the end appropriately errors or panics. + +If there are any failed state changes resulting from a `Tx` being invalid or `GasMeter` running out, +the transaction processing terminates and any state changes are reverted. Invalid transactions in a +block proposal cause validator nodes to reject the block and vote for a `nil` block instead. + +### Commit + +The final step is for nodes to commit the block and state changes. Validator nodes +perform the previous step of executing state transitions in order to validate the transactions, +then sign the block to confirm it. Full nodes that are not validators do not +participate in consensus - i.e. they cannot vote - but listen for votes to understand whether or +not they should commit the state changes. + +When they receive enough validator votes (2/3+ _precommits_ weighted by voting power), full nodes commit to a new block to be added to the blockchain and +finalize the state transitions in the application layer. A new state root is generated to serve as +a merkle proof for the state transitions. Applications use the [`Commit`](../advanced/00-baseapp.md#commit) +ABCI method inherited from [Baseapp](../advanced/00-baseapp.md); it syncs all the state transitions by +writing the `deliverState` into the application's internal state. As soon as the state changes are +committed, `checkState` starts afresh from the most recently committed state and `deliverState` +resets to `nil` in order to be consistent and reflect the changes. + +Note that not all blocks have the same number of transactions and it is possible for consensus to +result in a `nil` block or one with none at all. In a public blockchain network, it is also possible +for validators to be **byzantine**, or malicious, which may prevent a `Tx` from being committed in +the blockchain. Possible malicious behaviors include the proposer deciding to censor a `Tx` by +excluding it from the block or a validator voting against the block. + +At this point, the transaction lifecycle of a `Tx` is over: nodes have verified its validity, +delivered it by executing its state changes, and committed those changes. The `Tx` itself, +in `[]byte` form, is stored in a block and appended to the blockchain. diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/beginner/02-query-lifecycle.md b/copy-of-sdk-versioned_docs/version-0.50/learn/beginner/02-query-lifecycle.md new file mode 100644 index 00000000..04e4fc9e --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/beginner/02-query-lifecycle.md @@ -0,0 +1,147 @@ +--- +sidebar_position: 1 +--- + +# Query Lifecycle + +:::note Synopsis +This document describes the lifecycle of a query in a Cosmos SDK application, from the user interface to application stores and back. The query is referred to as `MyQuery`. +::: + +:::note Pre-requisite Readings + +* [Transaction Lifecycle](./01-tx-lifecycle.md) +::: + +## Query Creation + +A [**query**](../../build/building-modules/02-messages-and-queries.md#queries) is a request for information made by end-users of applications through an interface and processed by a full-node. Users can query information about the network, the application itself, and application state directly from the application's stores or modules. Note that queries are different from [transactions](../advanced/01-transactions.md) (view the lifecycle [here](./01-tx-lifecycle.md)), particularly in that they do not require consensus to be processed (as they do not trigger state-transitions); they can be fully handled by one full-node. + +For the purpose of explaining the query lifecycle, let's say the query, `MyQuery`, is requesting a list of delegations made by a certain delegator address in the application called `simapp`. As is to be expected, the [`staking`](../../build/modules/staking/README.md) module handles this query. But first, there are a few ways `MyQuery` can be created by users. + +### CLI + +The main interface for an application is the command-line interface. Users connect to a full-node and run the CLI directly from their machines - the CLI interacts directly with the full-node. To create `MyQuery` from their terminal, users type the following command: + +```bash +simd query staking delegations +``` + +This query command was defined by the [`staking`](../../build/modules/staking/README.md) module developer and added to the list of subcommands by the application developer when creating the CLI. + +Note that the general format is as follows: + +```bash +simd query [moduleName] [command] --flag +``` + +To provide values such as `--node` (the full-node the CLI connects to), the user can use the [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml) config file to set them or provide them as flags. + +The CLI understands a specific set of commands, defined in a hierarchical structure by the application developer: from the [root command](../advanced/07-cli.md#root-command) (`simd`), the type of command (`Myquery`), the module that contains the command (`staking`), and command itself (`delegations`). Thus, the CLI knows exactly which module handles this command and directly passes the call there. + +### gRPC + +Another interface through which users can make queries is [gRPC](https://grpc.io) requests to a [gRPC server](../advanced/06-grpc_rest.md#grpc-server). The endpoints are defined as [Protocol Buffers](https://developers.google.com/protocol-buffers) service methods inside `.proto` files, written in Protobuf's own language-agnostic interface definition language (IDL). The Protobuf ecosystem developed tools for code-generation from `*.proto` files into various languages. These tools allow to build gRPC clients easily. + +One such tool is [grpcurl](https://github.com/fullstorydev/grpcurl), and a gRPC request for `MyQuery` using this client looks like: + +```bash +grpcurl \ + -plaintext # We want results in plain test + -import-path ./proto \ # Import these .proto files + -proto ./proto/cosmos/staking/v1beta1/query.proto \ # Look into this .proto file for the Query protobuf service + -d '{"address":"$MY_DELEGATOR"}' \ # Query arguments + localhost:9090 \ # gRPC server endpoint + cosmos.staking.v1beta1.Query/Delegations # Fully-qualified service method name +``` + +### REST + +Another interface through which users can make queries is through HTTP Requests to a [REST server](../advanced/06-grpc_rest.md#rest-server). The REST server is fully auto-generated from Protobuf services, using [gRPC-gateway](https://github.com/grpc-ecosystem/grpc-gateway). + +An example HTTP request for `MyQuery` looks like: + +```bash +GET http://localhost:1317/cosmos/staking/v1beta1/delegators/{delegatorAddr}/delegations +``` + +## How Queries are Handled by the CLI + +The preceding examples show how an external user can interact with a node by querying its state. To understand in more detail the exact lifecycle of a query, let's dig into how the CLI prepares the query, and how the node handles it. The interactions from the users' perspective are a bit different, but the underlying functions are almost identical because they are implementations of the same command defined by the module developer. This step of processing happens within the CLI, gRPC, or REST server, and heavily involves a `client.Context`. + +### Context + +The first thing that is created in the execution of a CLI command is a `client.Context`. A `client.Context` is an object that stores all the data needed to process a request on the user side. In particular, a `client.Context` stores the following: + +* **Codec**: The [encoder/decoder](../advanced/05-encoding.md) used by the application, used to marshal the parameters and query before making the CometBFT RPC request and unmarshal the returned response into a JSON object. The default codec used by the CLI is Protobuf. +* **Account Decoder**: The account decoder from the [`auth`](../../build/modules/auth/README.md) module, which translates `[]byte`s into accounts. +* **RPC Client**: The CometBFT RPC Client, or node, to which requests are relayed. +* **Keyring**: A [Key Manager]../beginner/03-accounts.md#keyring) used to sign transactions and handle other operations with keys. +* **Output Writer**: A [Writer](https://pkg.go.dev/io/#Writer) used to output the response. +* **Configurations**: The flags configured by the user for this command, including `--height`, specifying the height of the blockchain to query, and `--indent`, which indicates to add an indent to the JSON response. + +The `client.Context` also contains various functions such as `Query()`, which retrieves the RPC Client and makes an ABCI call to relay a query to a full-node. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/client/context.go#L25-L68 +``` + +The `client.Context`'s primary role is to store data used during interactions with the end-user and provide methods to interact with this data - it is used before and after the query is processed by the full-node. Specifically, in handling `MyQuery`, the `client.Context` is utilized to encode the query parameters, retrieve the full-node, and write the output. Prior to being relayed to a full-node, the query needs to be encoded into a `[]byte` form, as full-nodes are application-agnostic and do not understand specific types. The full-node (RPC Client) itself is retrieved using the `client.Context`, which knows which node the user CLI is connected to. The query is relayed to this full-node to be processed. Finally, the `client.Context` contains a `Writer` to write output when the response is returned. These steps are further described in later sections. + +### Arguments and Route Creation + +At this point in the lifecycle, the user has created a CLI command with all of the data they wish to include in their query. A `client.Context` exists to assist in the rest of the `MyQuery`'s journey. Now, the next step is to parse the command or request, extract the arguments, and encode everything. These steps all happen on the user side within the interface they are interacting with. + +#### Encoding + +In our case (querying an address's delegations), `MyQuery` contains an [address](./03-accounts.md#addresses) `delegatorAddress` as its only argument. However, the request can only contain `[]byte`s, as it is ultimately relayed to a consensus engine (e.g. CometBFT) of a full-node that has no inherent knowledge of the application types. Thus, the `codec` of `client.Context` is used to marshal the address. + +Here is what the code looks like for the CLI command: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/staking/client/cli/query.go#L315-L318 +``` + +#### gRPC Query Client Creation + +The Cosmos SDK leverages code generated from Protobuf services to make queries. The `staking` module's `MyQuery` service generates a `queryClient`, which the CLI uses to make queries. Here is the relevant code: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/staking/client/cli/query.go#L308-L343 +``` + +Under the hood, the `client.Context` has a `Query()` function used to retrieve the pre-configured node and relay a query to it; the function takes the query fully-qualified service method name as path (in our case: `/cosmos.staking.v1beta1.Query/Delegations`), and arguments as parameters. It first retrieves the RPC Client (called the [**node**](../advanced/03-node.md)) configured by the user to relay this query to, and creates the `ABCIQueryOptions` (parameters formatted for the ABCI call). The node is then used to make the ABCI call, `ABCIQueryWithOptions()`. + +Here is what the code looks like: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/client/query.go#L79-L113 +``` + +## RPC + +With a call to `ABCIQueryWithOptions()`, `MyQuery` is received by a [full-node](../advanced/05-encoding.md) which then processes the request. Note that, while the RPC is made to the consensus engine (e.g. CometBFT) of a full-node, queries are not part of consensus and so are not broadcasted to the rest of the network, as they do not require anything the network needs to agree upon. + +Read more about ABCI Clients and CometBFT RPC in the [CometBFT documentation](https://docs.cometbft.com/v0.37/spec/rpc/). + +## Application Query Handling + +When a query is received by the full-node after it has been relayed from the underlying consensus engine, it is at that point being handled within an environment that understands application-specific types and has a copy of the state. [`baseapp`](../advanced/00-baseapp.md) implements the ABCI [`Query()`](../advanced/00-baseapp.md#query) function and handles gRPC queries. The query route is parsed, and it matches the fully-qualified service method name of an existing service method (most likely in one of the modules), then `baseapp` relays the request to the relevant module. + +Since `MyQuery` has a Protobuf fully-qualified service method name from the `staking` module (recall `/cosmos.staking.v1beta1.Query/Delegations`), `baseapp` first parses the path, then uses its own internal `GRPCQueryRouter` to retrieve the corresponding gRPC handler, and routes the query to the module. The gRPC handler is responsible for recognizing this query, retrieving the appropriate values from the application's stores, and returning a response. Read more about query services [here](../../build/building-modules/04-query-services.md). + +Once a result is received from the querier, `baseapp` begins the process of returning a response to the user. + +## Response + +Since `Query()` is an ABCI function, `baseapp` returns the response as an [`abci.ResponseQuery`](https://docs.cometbft.com/master/spec/abci/abci.html#query-2) type. The `client.Context` `Query()` routine receives the response and. + +### CLI Response + +The application [`codec`](../advanced/05-encoding.md) is used to unmarshal the response to a JSON and the `client.Context` prints the output to the command line, applying any configurations such as the output type (text, JSON or YAML). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/client/context.go#L341-L349 +``` + +And that's a wrap! The result of the query is outputted to the console by the CLI. diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/beginner/03-accounts.md b/copy-of-sdk-versioned_docs/version-0.50/learn/beginner/03-accounts.md new file mode 100644 index 00000000..7280108a --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/beginner/03-accounts.md @@ -0,0 +1,281 @@ +--- +sidebar_position: 1 +--- + +# Accounts + +:::note Synopsis +This document describes the in-built account and public key system of the Cosmos SDK. +::: + +:::note Pre-requisite Readings + + +* [Anatomy of a Cosmos SDK Application](./00-app-anatomy.md) + +::: + +## Account Definition + +In the Cosmos SDK, an _account_ designates a pair of _public key_ `PubKey` and _private key_ `PrivKey`. The `PubKey` can be derived to generate various `Addresses`, which are used to identify users (among other parties) in the application. `Addresses` are also associated with [`message`s](../../build/building-modules/02-messages-and-queries.md#messages) to identify the sender of the `message`. The `PrivKey` is used to generate [digital signatures](#signatures) to prove that an `Address` associated with the `PrivKey` approved of a given `message`. + +For HD key derivation the Cosmos SDK uses a standard called [BIP32](https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki). The BIP32 allows users to create an HD wallet (as specified in [BIP44](https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki)) - a set of accounts derived from an initial secret seed. A seed is usually created from a 12- or 24-word mnemonic. A single seed can derive any number of `PrivKey`s using a one-way cryptographic function. Then, a `PubKey` can be derived from the `PrivKey`. Naturally, the mnemonic is the most sensitive information, as private keys can always be re-generated if the mnemonic is preserved. + +```text + Account 0 Account 1 Account 2 + ++------------------+ +------------------+ +------------------+ +| | | | | | +| Address 0 | | Address 1 | | Address 2 | +| ^ | | ^ | | ^ | +| | | | | | | | | +| | | | | | | | | +| | | | | | | | | +| + | | + | | + | +| Public key 0 | | Public key 1 | | Public key 2 | +| ^ | | ^ | | ^ | +| | | | | | | | | +| | | | | | | | | +| | | | | | | | | +| + | | + | | + | +| Private key 0 | | Private key 1 | | Private key 2 | +| ^ | | ^ | | ^ | ++------------------+ +------------------+ +------------------+ + | | | + | | | + | | | + +--------------------------------------------------------------------+ + | + | + +---------+---------+ + | | + | Master PrivKey | + | | + +-------------------+ + | + | + +---------+---------+ + | | + | Mnemonic (Seed) | + | | + +-------------------+ +``` + +In the Cosmos SDK, keys are stored and managed by using an object called a [`Keyring`](#keyring). + +## Keys, accounts, addresses, and signatures + +The principal way of authenticating a user is done using [digital signatures](https://en.wikipedia.org/wiki/Digital_signature). Users sign transactions using their own private key. Signature verification is done with the associated public key. For on-chain signature verification purposes, we store the public key in an `Account` object (alongside other data required for a proper transaction validation). + +In the node, all data is stored using Protocol Buffers serialization. + +The Cosmos SDK supports the following digital key schemes for creating digital signatures: + +* `secp256k1`, as implemented in the [Cosmos SDK's `crypto/keys/secp256k1` package](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/crypto/keys/secp256k1/secp256k1.go). +* `secp256r1`, as implemented in the [Cosmos SDK's `crypto/keys/secp256r1` package](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/crypto/keys/secp256r1/pubkey.go), +* `tm-ed25519`, as implemented in the [Cosmos SDK `crypto/keys/ed25519` package](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/crypto/keys/ed25519/ed25519.go). This scheme is supported only for the consensus validation. + +| | Address length in bytes | Public key length in bytes | Used for transaction authentication | Used for consensus (cometbft) | +| :----------: | :---------------------: | :------------------------: | :---------------------------------: | :-----------------------------: | +| `secp256k1` | 20 | 33 | yes | no | +| `secp256r1` | 32 | 33 | yes | no | +| `tm-ed25519` | -- not used -- | 32 | no | yes | + +## Addresses + +`Addresses` and `PubKey`s are both public information that identifies actors in the application. `Account` is used to store authentication information. The basic account implementation is provided by a `BaseAccount` object. + +Each account is identified using `Address` which is a sequence of bytes derived from a public key. In the Cosmos SDK, we define 3 types of addresses that specify a context where an account is used: + +* `AccAddress` identifies users (the sender of a `message`). +* `ValAddress` identifies validator operators. +* `ConsAddress` identifies validator nodes that are participating in consensus. Validator nodes are derived using the **`ed25519`** curve. + +These types implement the `Address` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/address.go#L126-L134 +``` + +Address construction algorithm is defined in [ADR-28](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-028-public-key-addresses.md). +Here is the standard way to obtain an account address from a `pub` public key: + +```go +sdk.AccAddress(pub.Address().Bytes()) +``` + +Of note, the `Marshal()` and `Bytes()` method both return the same raw `[]byte` form of the address. `Marshal()` is required for Protobuf compatibility. + +For user interaction, addresses are formatted using [Bech32](https://en.bitcoin.it/wiki/Bech32) and implemented by the `String` method. The Bech32 method is the only supported format to use when interacting with a blockchain. The Bech32 human-readable part (Bech32 prefix) is used to denote an address type. Example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/address.go#L299-L316 +``` + +| | Address Bech32 Prefix | +| ------------------ | --------------------- | +| Accounts | cosmos | +| Validator Operator | cosmosvaloper | +| Consensus Nodes | cosmosvalcons | + +### Public Keys + +Public keys in Cosmos SDK are defined by `cryptotypes.PubKey` interface. Since public keys are saved in a store, `cryptotypes.PubKey` extends the `proto.Message` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/crypto/types/types.go#L8-L17 +``` + +A compressed format is used for `secp256k1` and `secp256r1` serialization. + +* The first byte is a `0x02` byte if the `y`-coordinate is the lexicographically largest of the two associated with the `x`-coordinate. +* Otherwise the first byte is a `0x03`. + +This prefix is followed by the `x`-coordinate. + +Public Keys are not used to reference accounts (or users) and in general are not used when composing transaction messages (with few exceptions: `MsgCreateValidator`, `Validator` and `Multisig` messages). +For user interactions, `PubKey` is formatted using Protobufs JSON ([ProtoMarshalJSON](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/codec/json.go#L14-L34) function). Example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/client/keys/output.go#L23-L39 +``` + +## Keyring + +A `Keyring` is an object that stores and manages accounts. In the Cosmos SDK, a `Keyring` implementation follows the `Keyring` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/crypto/keyring/keyring.go#L57-L105 +``` + +The default implementation of `Keyring` comes from the third-party [`99designs/keyring`](https://github.com/99designs/keyring) library. + +A few notes on the `Keyring` methods: + +* `Sign(uid string, msg []byte) ([]byte, types.PubKey, error)` strictly deals with the signature of the `msg` bytes. You must prepare and encode the transaction into a canonical `[]byte` form. Because protobuf is not deterministic, it has been decided in [ADR-020](../../build/architecture/adr-020-protobuf-transaction-encoding.md) that the canonical `payload` to sign is the `SignDoc` struct, deterministically encoded using [ADR-027](../../build/architecture/adr-027-deterministic-protobuf-serialization.md). Note that signature verification is not implemented in the Cosmos SDK by default, it is deferred to the [`anteHandler`](../advanced/00-baseapp.md#antehandler). + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/tx/v1beta1/tx.proto#L50-L66 +``` + +* `NewAccount(uid, mnemonic, bip39Passphrase, hdPath string, algo SignatureAlgo) (*Record, error)` creates a new account based on the [`bip44 path`](https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki) and persists it on disk. The `PrivKey` is **never stored unencrypted**, instead it is [encrypted with a passphrase](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/crypto/armor.go) before being persisted. In the context of this method, the key type and sequence number refer to the segment of the BIP44 derivation path (for example, `0`, `1`, `2`, ...) that is used to derive a private and a public key from the mnemonic. Using the same mnemonic and derivation path, the same `PrivKey`, `PubKey` and `Address` is generated. The following keys are supported by the keyring: + +* `secp256k1` +* `ed25519` + +* `ExportPrivKeyArmor(uid, encryptPassphrase string) (armor string, err error)` exports a private key in ASCII-armored encrypted format using the given passphrase. You can then either import the private key again into the keyring using the `ImportPrivKey(uid, armor, passphrase string)` function or decrypt it into a raw private key using the `UnarmorDecryptPrivKey(armorStr string, passphrase string)` function. + +### Create New Key Type + +To create a new key type for using in keyring, `keyring.SignatureAlgo` interface must be fulfilled. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/crypto/keyring/signing_algorithms.go#L10-L15 +``` + +The interface consists in three methods where `Name()` returns the name of the algorithm as a `hd.PubKeyType` and `Derive()` and `Generate()` must return the following functions respectively: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/crypto/hd/algo.go#L28-L31 +``` + +Once the `keyring.SignatureAlgo` has been implemented it must be added to the [list of supported algos](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/crypto/keyring/keyring.go#L217) of the keyring. + +For simplicity the implementation of a new key type should be done inside the `crypto/hd` package. +There is an example of a working `secp256k1` implementation in [algo.go](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/crypto/hd/algo.go#L38). + + +#### Implementing secp256r1 algo + +Here is an example of how secp256r1 could be implemented. + +First a new function to create a private key from a secret number is needed in the secp256r1 package. This function could look like this: + +```go +// cosmos-sdk/crypto/keys/secp256r1/privkey.go + +// NewPrivKeyFromSecret creates a private key derived for the secret number +// represented in big-endian. The `secret` must be a valid ECDSA field element. +func NewPrivKeyFromSecret(secret []byte) (*PrivKey, error) { + var d = new(big.Int).SetBytes(secret) + if d.Cmp(secp256r1.Params().N) >= 1 { + return nil, errorsmod.Wrap(errors.ErrInvalidRequest, "secret not in the curve base field") + } + sk := new(ecdsa.PrivKey) + return &PrivKey{&ecdsaSK{*sk}}, nil +} +``` + +After that `secp256r1Algo` can be implemented. + +```go +// cosmos-sdk/crypto/hd/secp256r1Algo.go + +package hd + +import ( + "github.com/cosmos/go-bip39" + + "github.com/cosmos/cosmos-sdk/crypto/keys/secp256r1" + "github.com/cosmos/cosmos-sdk/crypto/types" +) + +// Secp256r1Type uses the secp256r1 ECDSA parameters. +const Secp256r1Type = PubKeyType("secp256r1") + +var Secp256r1 = secp256r1Algo{} + +type secp256r1Algo struct{} + +func (s secp256r1Algo) Name() PubKeyType { + return Secp256r1Type +} + +// Derive derives and returns the secp256r1 private key for the given seed and HD path. +func (s secp256r1Algo) Derive() DeriveFn { + return func(mnemonic string, bip39Passphrase, hdPath string) ([]byte, error) { + seed, err := bip39.NewSeedWithErrorChecking(mnemonic, bip39Passphrase) + if err != nil { + return nil, err + } + + masterPriv, ch := ComputeMastersFromSeed(seed) + if len(hdPath) == 0 { + return masterPriv[:], nil + } + derivedKey, err := DerivePrivateKeyForPath(masterPriv, ch, hdPath) + + return derivedKey, err + } +} + +// Generate generates a secp256r1 private key from the given bytes. +func (s secp256r1Algo) Generate() GenerateFn { + return func(bz []byte) types.PrivKey { + key, err := secp256r1.NewPrivKeyFromSecret(bz) + if err != nil { + panic(err) + } + return key + } +} +``` + +Finally, the algo must be added to the list of [supported algos](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/crypto/keyring/keyring.go#L217) by the keyring. + +```go +// cosmos-sdk/crypto/keyring/keyring.go + +func newKeystore(kr keyring.Keyring, cdc codec.Codec, backend string, opts ...Option) keystore { + // Default options for keybase, these can be overwritten using the + // Option function + options := Options{ + SupportedAlgos: SigningAlgoList{hd.Secp256k1, hd.Secp256r1}, // added here + SupportedAlgosLedger: SigningAlgoList{hd.Secp256k1}, + } +... +``` + +Hereafter to create new keys using your algo, you must specify it with the flag `--algo` : + +`simd keys add myKey --algo secp256r1` diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/beginner/04-gas-fees.md b/copy-of-sdk-versioned_docs/version-0.50/learn/beginner/04-gas-fees.md new file mode 100644 index 00000000..4def021e --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/beginner/04-gas-fees.md @@ -0,0 +1,101 @@ +--- +sidebar_position: 1 +--- + +# Gas and Fees + +:::note Synopsis +This document describes the default strategies to handle gas and fees within a Cosmos SDK application. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK Application](./00-app-anatomy.md) + +::: + +## Introduction to `Gas` and `Fees` + +In the Cosmos SDK, `gas` is a special unit that is used to track the consumption of resources during execution. `gas` is typically consumed whenever read and writes are made to the store, but it can also be consumed if expensive computation needs to be done. It serves two main purposes: + +* Make sure blocks are not consuming too many resources and are finalized. This is implemented by default in the Cosmos SDK via the [block gas meter](#block-gas-meter). +* Prevent spam and abuse from end-user. To this end, `gas` consumed during [`message`](../../build/building-modules/02-messages-and-queries.md#messages) execution is typically priced, resulting in a `fee` (`fees = gas * gas-prices`). `fees` generally have to be paid by the sender of the `message`. Note that the Cosmos SDK does not enforce `gas` pricing by default, as there may be other ways to prevent spam (e.g. bandwidth schemes). Still, most applications implement `fee` mechanisms to prevent spam by using the [`AnteHandler`](#antehandler). + +## Gas Meter + +In the Cosmos SDK, `gas` is a simple alias for `uint64`, and is managed by an object called a _gas meter_. Gas meters implement the `GasMeter` interface + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/store/types/gas.go#L40-L51 +``` + +where: + +* `GasConsumed()` returns the amount of gas that was consumed by the gas meter instance. +* `GasConsumedToLimit()` returns the amount of gas that was consumed by gas meter instance, or the limit if it is reached. +* `GasRemaining()` returns the gas left in the GasMeter. +* `Limit()` returns the limit of the gas meter instance. `0` if the gas meter is infinite. +* `ConsumeGas(amount Gas, descriptor string)` consumes the amount of `gas` provided. If the `gas` overflows, it panics with the `descriptor` message. If the gas meter is not infinite, it panics if `gas` consumed goes above the limit. +* `RefundGas()` deducts the given amount from the gas consumed. This functionality enables refunding gas to the transaction or block gas pools so that EVM-compatible chains can fully support the go-ethereum StateDB interface. +* `IsPastLimit()` returns `true` if the amount of gas consumed by the gas meter instance is strictly above the limit, `false` otherwise. +* `IsOutOfGas()` returns `true` if the amount of gas consumed by the gas meter instance is above or equal to the limit, `false` otherwise. + +The gas meter is generally held in [`ctx`](../advanced/02-context.md), and consuming gas is done with the following pattern: + +```go +ctx.GasMeter().ConsumeGas(amount, "description") +``` + +By default, the Cosmos SDK makes use of two different gas meters, the [main gas meter](#main-gas-metter) and the [block gas meter](#block-gas-meter). + +### Main Gas Meter + +`ctx.GasMeter()` is the main gas meter of the application. The main gas meter is initialized in `FinalizeBlock` via `setFinalizeBlockState`, and then tracks gas consumption during execution sequences that lead to state-transitions, i.e. those originally triggered by [`FinalizeBlock`](../advanced/00-baseapp.md#finalizeblock). At the beginning of each transaction execution, the main gas meter **must be set to 0** in the [`AnteHandler`](#antehandler), so that it can track gas consumption per-transaction. + +Gas consumption can be done manually, generally by the module developer in the [`BeginBlocker`, `EndBlocker`](../../build/building-modules/06-beginblock-endblock.md) or [`Msg` service](../../build/building-modules/03-msg-services.md), but most of the time it is done automatically whenever there is a read or write to the store. This automatic gas consumption logic is implemented in a special store called [`GasKv`](../advanced/04-store.md#gaskv-store). + +### Block Gas Meter + +`ctx.BlockGasMeter()` is the gas meter used to track gas consumption per block and make sure it does not go above a certain limit. + +During the genesis phase, gas consumption is unlimited to accommodate initialisation transactions. + +```go +app.finalizeBlockState.SetContext(app.finalizeBlockState.Context().WithBlockGasMeter(storetypes.NewInfiniteGasMeter())) +``` + +Following the genesis block, the block gas meter is set to a finite value by the SDK. This transition is facilitated by the consensus engine (e.g., CometBFT) calling the `RequestFinalizeBlock` function, which in turn triggers the SDK's `FinalizeBlock` method. Within `FinalizeBlock`, `internalFinalizeBlock` is executed, performing necessary state updates and function executions. The block gas meter, initialised each with a finite limit, is then incorporated into the context for transaction execution, ensuring gas consumption does not exceed the block's gas limit and is reset at the end of each block. + +Modules within the Cosmos SDK can consume block gas at any point during their execution by utilising the `ctx`. This gas consumption primarily occurs during state read/write operations and transaction processing. The block gas meter, accessible via `ctx.BlockGasMeter()`, monitors the total gas usage within a block, enforcing the gas limit to prevent excessive computation. This ensures that gas limits are adhered to on a per-block basis, starting from the first block post-genesis. + +```go +gasMeter := app.getBlockGasMeter(app.finalizeBlockState.Context()) +app.finalizeBlockState.SetContext(app.finalizeBlockState.Context().WithBlockGasMeter(gasMeter)) +``` + +This above shows the general mechanism for setting the block gas meter with a finite limit based on the block's consensus parameters. + +## AnteHandler + +The `AnteHandler` is run for every transaction during `CheckTx` and `FinalizeBlock`, before a Protobuf `Msg` service method for each `sdk.Msg` in the transaction. + +The anteHandler is not implemented in the core Cosmos SDK but in a module. That said, most applications today use the default implementation defined in the [`auth` module](https://github.com/cosmos/cosmos-sdk/tree/main/x/auth). Here is what the `anteHandler` is intended to do in a normal Cosmos SDK application: + +* Verify that the transactions are of the correct type. Transaction types are defined in the module that implements the `anteHandler`, and they follow the transaction interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/tx_msg.go#L51-L56 +``` + + This enables developers to play with various types for the transaction of their application. In the default `auth` module, the default transaction type is `Tx`: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/tx/v1beta1/tx.proto#L14-L27 +``` + +* Verify signatures for each [`message`](../../build/building-modules/02-messages-and-queries.md#messages) contained in the transaction. Each `message` should be signed by one or multiple sender(s), and these signatures must be verified in the `anteHandler`. +* During `CheckTx`, verify that the gas prices provided with the transaction is greater than the local `min-gas-prices` (as a reminder, gas-prices can be deducted from the following equation: `fees = gas * gas-prices`). `min-gas-prices` is a parameter local to each full-node and used during `CheckTx` to discard transactions that do not provide a minimum amount of fees. This ensures that the mempool cannot be spammed with garbage transactions. +* Verify that the sender of the transaction has enough funds to cover for the `fees`. When the end-user generates a transaction, they must indicate 2 of the 3 following parameters (the third one being implicit): `fees`, `gas` and `gas-prices`. This signals how much they are willing to pay for nodes to execute their transaction. The provided `gas` value is stored in a parameter called `GasWanted` for later use. +* Set `newCtx.GasMeter` to 0, with a limit of `GasWanted`. **This step is crucial**, as it not only makes sure the transaction cannot consume infinite gas, but also that `ctx.GasMeter` is reset in-between each transaction (`ctx` is set to `newCtx` after `anteHandler` is run, and the `anteHandler` is run each time a transactions executes). + +As explained above, the `anteHandler` returns a maximum limit of `gas` the transaction can consume during execution called `GasWanted`. The actual amount consumed in the end is denominated `GasUsed`, and we must therefore have `GasUsed =< GasWanted`. Both `GasWanted` and `GasUsed` are relayed to the underlying consensus engine when [`FinalizeBlock`](../advanced/00-baseapp.md#finalizeblock) returns. diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/beginner/_category_.json b/copy-of-sdk-versioned_docs/version-0.50/learn/beginner/_category_.json new file mode 100644 index 00000000..d09097fa --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/beginner/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Beginner", + "position": 2, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/intro/00-overview.md b/copy-of-sdk-versioned_docs/version-0.50/learn/intro/00-overview.md new file mode 100644 index 00000000..a424dfdf --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/intro/00-overview.md @@ -0,0 +1,43 @@ +--- +sidebar_position: 1 +--- + +# What is the Cosmos SDK + +The [Cosmos SDK](https://github.com/cosmos/cosmos-sdk) is an open-source toolkit for building multi-asset public Proof-of-Stake (PoS) blockchains, like the Cosmos Hub, as well as permissioned Proof-of-Authority (PoA) blockchains. Blockchains built with the Cosmos SDK are generally referred to as **application-specific blockchains**. + +The goal of the Cosmos SDK is to allow developers to easily create custom blockchains from scratch that can natively interoperate with other blockchains. +We further this modular approach by allowing developers to plug and play with different consensus engines this can range from the [CometBFT](https://github.com/cometbft/cometbft) or [Rollkit](https://rollkit.dev/). + +SDK-based blockchains have the choice to use the predefined modules or to build their own modules. What this means is that developers can build a blockchain that is tailored to their specific use case, without having to worry about the low-level details of building a blockchain from scratch. Predefined modules include staking, governance, and token issuance, among others. + +What's more, the Cosmos SDK is a capabilities-based system that allows developers to better reason about the security of interactions between modules. For a deeper look at capabilities, jump to [Object-Capability Model](../advanced/10-ocap.md). + +How you can look at this is if we imagine that the SDK is like a lego kit. You can choose to build the basic house from the instructions or you can choose to modify your house and add more floors, more doors, more windows. The choice is yours. + +## What are Application-Specific Blockchains + +One development paradigm in the blockchain world today is that of virtual-machine blockchains like Ethereum, where development generally revolves around building decentralized applications on top of an existing blockchain as a set of smart contracts. While smart contracts can be very good for some use cases like single-use applications (e.g. ICOs), they often fall short for building complex decentralized platforms. More generally, smart contracts can be limiting in terms of flexibility, sovereignty and performance. + +Application-specific blockchains offer a radically different development paradigm than virtual-machine blockchains. An application-specific blockchain is a blockchain customized to operate a single application: developers have all the freedom to make the design decisions required for the application to run optimally. They can also provide better sovereignty, security and performance. + +Learn more about [application-specific blockchains](./01-why-app-specific.md). + +## What is Modularity + +Today there is a lot of talk around modularity and discussions between monolithic and modular. Originally the Cosmos SDK was built with a vision of modularity in mind. Modularity is derived from splitting a blockchain into customizable layers of execution, consensus, settlement and data availability, which is what the Cosmos SDK enables. This means that developers can plug and play, making their blockchain customisable by using different software for different layers. For example you can choose to build a vanilla chain and use the Cosmos SDK with CometBFT. CometBFT will be your consensus layer and the chain itself would be the settlement and execution layer. Another route could be to use the SDK with Rollkit and Celestia as your consensus and data availability layer. The benefit of modularity is that you can customize your chain to your specific use case. + +## Why the Cosmos SDK + +The Cosmos SDK is the most advanced framework for building custom modular application-specific blockchains today. Here are a few reasons why you might want to consider building your decentralized application with the Cosmos SDK: + +* It allows you to plug and play and customize your consensus layer. As above you can use Rollkit and Celestia as your consensus and data availability layer. This offers a lot of flexibility and customisation. +* Previously the default consensus engine available within the Cosmos SDK is [CometBFT](https://github.com/cometbft/cometbft). CometBFT is the most (and only) mature BFT consensus engine in existence. It is widely used across the industry and is considered the gold standard consensus engine for building Proof-of-Stake systems. +* The Cosmos SDK is open-source and designed to make it easy to build blockchains out of composable [modules](../../build/modules). As the ecosystem of open-source Cosmos SDK modules grows, it will become increasingly easier to build complex decentralized platforms with it. +* The Cosmos SDK is inspired by capabilities-based security, and informed by years of wrestling with blockchain state-machines. This makes the Cosmos SDK a very secure environment to build blockchains. +* Most importantly, the Cosmos SDK has already been used to build many application-specific blockchains that are already in production. Among others, we can cite [Cosmos Hub](https://hub.cosmos.network), [IRIS Hub](https://irisnet.org), [Binance Chain](https://docs.binance.org/), [Terra](https://terra.money/) or [Kava](https://www.kava.io/). [Many more](https://cosmos.network/ecosystem) are building on the Cosmos SDK. + +## Getting started with the Cosmos SDK + +* Learn more about the [architecture of a Cosmos SDK application](./02-sdk-app-architecture.md) +* Learn how to build an application-specific blockchain from scratch with the [Cosmos SDK Tutorial](https://cosmos.network/docs/tutorial) diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/intro/01-why-app-specific.md b/copy-of-sdk-versioned_docs/version-0.50/learn/intro/01-why-app-specific.md new file mode 100644 index 00000000..0f0c1c64 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/intro/01-why-app-specific.md @@ -0,0 +1,79 @@ +--- +sidebar_position: 1 +--- + +# Application-Specific Blockchains + +:::note Synopsis +This document explains what application-specific blockchains are, and why developers would want to build one as opposed to writing Smart Contracts. +::: + +## What are application-specific blockchains + +Application-specific blockchains are blockchains customized to operate a single application. Instead of building a decentralized application on top of an underlying blockchain like Ethereum, developers build their own blockchain from the ground up. This means building a full-node client, a light-client, and all the necessary interfaces (CLI, REST, ...) to interact with the nodes. + +```text + ^ +-------------------------------+ ^ + | | | | Built with Cosmos SDK + | | State-machine = Application | | + | | | v + | +-------------------------------+ + | | | ^ +Blockchain node | | Consensus | | + | | | | + | +-------------------------------+ | CometBFT + | | | | + | | Networking | | + | | | | + v +-------------------------------+ v +``` + +## What are the shortcomings of Smart Contracts + +Virtual-machine blockchains like Ethereum addressed the demand for more programmability back in 2014. At the time, the options available for building decentralized applications were quite limited. Most developers would build on top of the complex and limited Bitcoin scripting language, or fork the Bitcoin codebase which was hard to work with and customize. + +Virtual-machine blockchains came in with a new value proposition. Their state-machine incorporates a virtual-machine that is able to interpret turing-complete programs called Smart Contracts. These Smart Contracts are very good for use cases like one-time events (e.g. ICOs), but they can fall short for building complex decentralized platforms. Here is why: + +* Smart Contracts are generally developed with specific programming languages that can be interpreted by the underlying virtual-machine. These programming languages are often immature and inherently limited by the constraints of the virtual-machine itself. For example, the Ethereum Virtual Machine does not allow developers to implement automatic execution of code. Developers are also limited to the account-based system of the EVM, and they can only choose from a limited set of functions for their cryptographic operations. These are examples, but they hint at the lack of **flexibility** that a smart contract environment often entails. +* Smart Contracts are all run by the same virtual machine. This means that they compete for resources, which can severely restrain **performance**. And even if the state-machine were to be split in multiple subsets (e.g. via sharding), Smart Contracts would still need to be interpreted by a virtual machine, which would limit performance compared to a native application implemented at state-machine level (our benchmarks show an improvement on the order of 10x in performance when the virtual-machine is removed). +* Another issue with the fact that Smart Contracts share the same underlying environment is the resulting limitation in **sovereignty**. A decentralized application is an ecosystem that involves multiple players. If the application is built on a general-purpose virtual-machine blockchain, stakeholders have very limited sovereignty over their application, and are ultimately superseded by the governance of the underlying blockchain. If there is a bug in the application, very little can be done about it. + +Application-Specific Blockchains are designed to address these shortcomings. + +## Application-Specific Blockchains Benefits + +### Flexibility + +Application-specific blockchains give maximum flexibility to developers: + +* In Cosmos blockchains, the state-machine is typically connected to the underlying consensus engine via an interface called the [ABCI](https://docs.cometbft.com/v0.37/spec/abci/). This interface can be wrapped in any programming language, meaning developers can build their state-machine in the programming language of their choice. + +* Developers can choose among multiple frameworks to build their state-machine. The most widely used today is the Cosmos SDK, but others exist (e.g. [Lotion](https://github.com/nomic-io/lotion), [Weave](https://github.com/iov-one/weave), ...). Typically the choice will be made based on the programming language they want to use (Cosmos SDK and Weave are in Golang, Lotion is in Javascript, ...). +* The ABCI also allows developers to swap the consensus engine of their application-specific blockchain. Today, only CometBFT is production-ready, but in the future other consensus engines are expected to emerge. +* Even when they settle for a framework and consensus engine, developers still have the freedom to tweak them if they don't perfectly match their requirements in their pristine forms. +* Developers are free to explore the full spectrum of tradeoffs (e.g. number of validators vs transaction throughput, safety vs availability in asynchrony, ...) and design choices (DB or IAVL tree for storage, UTXO or account model, ...). +* Developers can implement automatic execution of code. In the Cosmos SDK, logic can be automatically triggered at the beginning and the end of each block. They are also free to choose the cryptographic library used in their application, as opposed to being constrained by what is made available by the underlying environment in the case of virtual-machine blockchains. + +The list above contains a few examples that show how much flexibility application-specific blockchains give to developers. The goal of Cosmos and the Cosmos SDK is to make developer tooling as generic and composable as possible, so that each part of the stack can be forked, tweaked and improved without losing compatibility. As the community grows, more alternatives for each of the core building blocks will emerge, giving more options to developers. + +### Performance + +Decentralized applications built with Smart Contracts are inherently capped in performance by the underlying environment. For a decentralized application to optimise performance, it needs to be built as an application-specific blockchain. Next are some of the benefits an application-specific blockchain brings in terms of performance: + +* Developers of application-specific blockchains can choose to operate with a novel consensus engine such as CometBFT BFT. Compared to Proof-of-Work (used by most virtual-machine blockchains today), it offers significant gains in throughput. +* An application-specific blockchain only operates a single application, so that the application does not compete with others for computation and storage. This is the opposite of most non-sharded virtual-machine blockchains today, where smart contracts all compete for computation and storage. +* Even if a virtual-machine blockchain offered application-based sharding coupled with an efficient consensus algorithm, performance would still be limited by the virtual-machine itself. The real throughput bottleneck is the state-machine, and requiring transactions to be interpreted by a virtual-machine significantly increases the computational complexity of processing them. + +### Security + +Security is hard to quantify, and greatly varies from platform to platform. That said here are some important benefits an application-specific blockchain can bring in terms of security: + +* Developers can choose proven programming languages like Go when building their application-specific blockchains, as opposed to smart contract programming languages that are often more immature. +* Developers are not constrained by the cryptographic functions made available by the underlying virtual-machines. They can use their own custom cryptography, and rely on well-audited crypto libraries. +* Developers do not have to worry about potential bugs or exploitable mechanisms in the underlying virtual-machine, making it easier to reason about the security of the application. + +### Sovereignty + +One of the major benefits of application-specific blockchains is sovereignty. A decentralized application is an ecosystem that involves many actors: users, developers, third-party services, and more. When developers build on virtual-machine blockchain where many decentralized applications coexist, the community of the application is different than the community of the underlying blockchain, and the latter supersedes the former in the governance process. If there is a bug or if a new feature is needed, stakeholders of the application have very little leeway to upgrade the code. If the community of the underlying blockchain refuses to act, nothing can happen. + +The fundamental issue here is that the governance of the application and the governance of the network are not aligned. This issue is solved by application-specific blockchains. Because application-specific blockchains specialize to operate a single application, stakeholders of the application have full control over the entire chain. This ensures that the community will not be stuck if a bug is discovered, and that it has the freedom to choose how it is going to evolve. diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/intro/02-sdk-app-architecture.md b/copy-of-sdk-versioned_docs/version-0.50/learn/intro/02-sdk-app-architecture.md new file mode 100644 index 00000000..cc18c54d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/intro/02-sdk-app-architecture.md @@ -0,0 +1,93 @@ +--- +sidebar_position: 1 +--- + +# Blockchain Architecture + +## State machine + +At its core, a blockchain is a [replicated deterministic state machine](https://en.wikipedia.org/wiki/State_machine_replication). + +A state machine is a computer science concept whereby a machine can have multiple states, but only one at any given time. There is a `state`, which describes the current state of the system, and `transactions`, that trigger state transitions. + +Given a state S and a transaction T, the state machine will return a new state S'. + +```text ++--------+ +--------+ +| | | | +| S +---------------->+ S' | +| | apply(T) | | ++--------+ +--------+ +``` + +In practice, the transactions are bundled in blocks to make the process more efficient. Given a state S and a block of transactions B, the state machine will return a new state S'. + +```text ++--------+ +--------+ +| | | | +| S +----------------------------> | S' | +| | For each T in B: apply(T) | | ++--------+ +--------+ +``` + +In a blockchain context, the state machine is deterministic. This means that if a node is started at a given state and replays the same sequence of transactions, it will always end up with the same final state. + +The Cosmos SDK gives developers maximum flexibility to define the state of their application, transaction types and state transition functions. The process of building state-machines with the Cosmos SDK will be described more in depth in the following sections. But first, let us see how the state-machine is replicated using **CometBFT**. + +## CometBFT + +Thanks to the Cosmos SDK, developers just have to define the state machine, and [*CometBFT*](https://docs.cometbft.com/v0.37/introduction/what-is-cometbft) will handle replication over the network for them. + +```text + ^ +-------------------------------+ ^ + | | | | Built with Cosmos SDK + | | State-machine = Application | | + | | | v + | +-------------------------------+ + | | | ^ +Blockchain node | | Consensus | | + | | | | + | +-------------------------------+ | CometBFT + | | | | + | | Networking | | + | | | | + v +-------------------------------+ v +``` + +[CometBFT](https://docs.cometbft.com/v0.37/introduction/what-is-cometbft) is an application-agnostic engine that is responsible for handling the *networking* and *consensus* layers of a blockchain. In practice, this means that CometBFT is responsible for propagating and ordering transaction bytes. CometBFT relies on an eponymous Byzantine-Fault-Tolerant (BFT) algorithm to reach consensus on the order of transactions. + +The CometBFT [consensus algorithm](https://docs.cometbft.com/v0.37/introduction/what-is-cometbft#consensus-overview) works with a set of special nodes called *Validators*. Validators are responsible for adding blocks of transactions to the blockchain. At any given block, there is a validator set V. A validator in V is chosen by the algorithm to be the proposer of the next block. This block is considered valid if more than two thirds of V signed a `prevote` and a `precommit` on it, and if all the transactions that it contains are valid. The validator set can be changed by rules written in the state-machine. + +## ABCI + +CometBFT passes transactions to the application through an interface called the [ABCI](https://docs.cometbft.com/v0.37/spec/abci/), which the application must implement. + +```text + +---------------------+ + | | + | Application | + | | + +--------+---+--------+ + ^ | + | | ABCI + | v + +--------+---+--------+ + | | + | | + | CometBFT | + | | + | | + +---------------------+ +``` + +Note that **CometBFT only handles transaction bytes**. It has no knowledge of what these bytes mean. All CometBFT does is order these transaction bytes deterministically. CometBFT passes the bytes to the application via the ABCI, and expects a return code to inform it if the messages contained in the transactions were successfully processed or not. + +Here are the most important messages of the ABCI: + +* `CheckTx`: When a transaction is received by CometBFT, it is passed to the application to check if a few basic requirements are met. `CheckTx` is used to protect the mempool of full-nodes against spam transactions. . A special handler called the [`AnteHandler`](../beginner/04-gas-fees.md#antehandler) is used to execute a series of validation steps such as checking for sufficient fees and validating the signatures. If the checks are valid, the transaction is added to the [mempool](https://docs.cometbft.com/v0.37/spec/p2p/messages/mempool) and relayed to peer nodes. Note that transactions are not processed (i.e. no modification of the state occurs) with `CheckTx` since they have not been included in a block yet. +* `DeliverTx`: When a [valid block](https://docs.cometbft.com/v0.37/spec/core/data_structures#block) is received by CometBFT, each transaction in the block is passed to the application via `DeliverTx` in order to be processed. It is during this stage that the state transitions occur. The `AnteHandler` executes again, along with the actual [`Msg` service](../../build/building-modules/03-msg-services.md) RPC for each message in the transaction. +* `BeginBlock`/`EndBlock`: These messages are executed at the beginning and the end of each block, whether the block contains transactions or not. It is useful to trigger automatic execution of logic. Proceed with caution though, as computationally expensive loops could slow down your blockchain, or even freeze it if the loop is infinite. + +Find a more detailed view of the ABCI methods from the [CometBFT docs](https://docs.cometbft.com/v0.37/spec/abci/). + +Any application built on CometBFT needs to implement the ABCI interface in order to communicate with the underlying local CometBFT engine. Fortunately, you do not have to implement the ABCI interface. The Cosmos SDK provides a boilerplate implementation of it in the form of [baseapp](./03-sdk-design.md#baseapp). diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/intro/03-sdk-design.md b/copy-of-sdk-versioned_docs/version-0.50/learn/intro/03-sdk-design.md new file mode 100644 index 00000000..f392ec95 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/intro/03-sdk-design.md @@ -0,0 +1,95 @@ +--- +sidebar_position: 1 +--- + +# Main Components of the Cosmos SDK + +The Cosmos SDK is a framework that facilitates the development of secure state-machines on top of CometBFT. At its core, the Cosmos SDK is a boilerplate implementation of the [ABCI](./02-sdk-app-architecture.md#abci) in Golang. It comes with a [`multistore`](../advanced/04-store.md#multistore) to persist data and a [`router`](../advanced/00-baseapp.md#routing) to handle transactions. + +Here is a simplified view of how transactions are handled by an application built on top of the Cosmos SDK when transferred from CometBFT via `DeliverTx`: + +1. Decode `transactions` received from the CometBFT consensus engine (remember that CometBFT only deals with `[]bytes`). +2. Extract `messages` from `transactions` and do basic sanity checks. +3. Route each message to the appropriate module so that it can be processed. +4. Commit state changes. + +## `baseapp` + +`baseapp` is the boilerplate implementation of a Cosmos SDK application. It comes with an implementation of the ABCI to handle the connection with the underlying consensus engine. Typically, a Cosmos SDK application extends `baseapp` by embedding it in [`app.go`](../beginner/00-app-anatomy.md#core-application-file). + +Here is an example of this from `simapp`, the Cosmos SDK demonstration app: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/app.go#L170-L212 +``` + +The goal of `baseapp` is to provide a secure interface between the store and the extensible state machine while defining as little about the state machine as possible (staying true to the ABCI). + +For more on `baseapp`, please click [here](../advanced/00-baseapp.md). + +## Multistore + +The Cosmos SDK provides a [`multistore`](../advanced/04-store.md#multistore) for persisting state. The multistore allows developers to declare any number of [`KVStores`](../advanced/04-store.md#base-layer-kvstores). These `KVStores` only accept the `[]byte` type as value and therefore any custom structure needs to be marshalled using [a codec](../advanced/05-encoding.md) before being stored. + +The multistore abstraction is used to divide the state in distinct compartments, each managed by its own module. For more on the multistore, click [here](../advanced/04-store.md#multistore) + +## Modules + +The power of the Cosmos SDK lies in its modularity. Cosmos SDK applications are built by aggregating a collection of interoperable modules. Each module defines a subset of the state and contains its own message/transaction processor, while the Cosmos SDK is responsible for routing each message to its respective module. + +Here is a simplified view of how a transaction is processed by the application of each full-node when it is received in a valid block: + +```text + + + | + | Transaction relayed from the full-node's + | CometBFT engine to the node's application + | via DeliverTx + | + | + +---------------------v--------------------------+ + | APPLICATION | + | | + | Using baseapp's methods: Decode the Tx, | + | extract and route the message(s) | + | | + +---------------------+--------------------------+ + | + | + | + +---------------------------+ + | + | + | Message routed to + | the correct module + | to be processed + | + | ++----------------+ +---------------+ +----------------+ +------v----------+ +| | | | | | | | +| AUTH MODULE | | BANK MODULE | | STAKING MODULE | | GOV MODULE | +| | | | | | | | +| | | | | | | Handles message,| +| | | | | | | Updates state | +| | | | | | | | ++----------------+ +---------------+ +----------------+ +------+----------+ + | + | + | + | + +--------------------------+ + | + | Return result to CometBFT + | (0=Ok, 1=Err) + v +``` + +Each module can be seen as a little state-machine. Developers need to define the subset of the state handled by the module, as well as custom message types that modify the state (*Note:* `messages` are extracted from `transactions` by `baseapp`). In general, each module declares its own `KVStore` in the `multistore` to persist the subset of the state it defines. Most developers will need to access other 3rd party modules when building their own modules. Given that the Cosmos SDK is an open framework, some of the modules may be malicious, which means there is a need for security principles to reason about inter-module interactions. These principles are based on [object-capabilities](../advanced/10-ocap.md). In practice, this means that instead of having each module keep an access control list for other modules, each module implements special objects called `keepers` that can be passed to other modules to grant a pre-defined set of capabilities. + +Cosmos SDK modules are defined in the `x/` folder of the Cosmos SDK. Some core modules include: + +* `x/auth`: Used to manage accounts and signatures. +* `x/bank`: Used to enable tokens and token transfers. +* `x/staking` + `x/slashing`: Used to build Proof-Of-Stake blockchains. + +In addition to the already existing modules in `x/`, that anyone can use in their app, the Cosmos SDK lets you build your own custom modules. You can check an [example of that in the tutorial](https://tutorials.cosmos.network/). diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/intro/_category_.json b/copy-of-sdk-versioned_docs/version-0.50/learn/intro/_category_.json new file mode 100644 index 00000000..bb0bcd14 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/intro/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Introduction", + "position": 1, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/learn.md b/copy-of-sdk-versioned_docs/version-0.50/learn/learn.md new file mode 100644 index 00000000..af624fa3 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/learn/learn.md @@ -0,0 +1,11 @@ +--- +sidebar_position: 0 +--- +# Learn + +* [Introduction](./intro/00-overview.md) - Dive into the fundamentals of Cosmos SDK with an insightful introduction, +laying the groundwork for understanding blockchain development. In this section we provide a High-Level Overview of the SDK, then dive deeper into Core concepts such as Application-Specific Blockchains, Blockchain Architecture, and finally we begin to explore what are the main components of the SDK. +* [Beginner](./beginner/00-app-anatomy.md) - Start your journey with beginner-friendly resources in the Cosmos SDK's "Learn" +section, providing a gentle entry point for newcomers to blockchain development. Here we focus on a little more detail, covering the Anatomy of a Cosmos SDK Application, Transaction Lifecycles, Accounts and lastly, Gas and Fees. +* [Advanced](./advanced/00-baseapp.md) - Level up your Cosmos SDK expertise with advanced topics, tailored for experienced +developers diving into intricate blockchain application development. We cover the Cosmos SDK on a lower level as we dive into the core of the SDK with BaseApp, Transactions, Context, Node Client (Daemon), Store, Encoding, gRPC, REST, and CometBFT Endpoints, CLI, Events, Telementry, Object-Capability Model, RunTx recovery middleware, Cosmos Blockchain Simulator, Protobuf Documentation, In-Place Store Migrations, Configuration and AutoCLI. diff --git a/copy-of-sdk-versioned_docs/version-0.50/tutorials/_category_.json b/copy-of-sdk-versioned_docs/version-0.50/tutorials/_category_.json new file mode 100644 index 00000000..f27bca92 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/tutorials/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Advanced Tutorials", + "position": 2, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.50/tutorials/transactions/00-building-a-transaction.md b/copy-of-sdk-versioned_docs/version-0.50/tutorials/transactions/00-building-a-transaction.md new file mode 100644 index 00000000..3751a2c2 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/tutorials/transactions/00-building-a-transaction.md @@ -0,0 +1,190 @@ +# Building a Transaction + +These are the steps to build, sign and broadcast a transaction using v2 semantics. + +1. Correctly set up imports + +```go +import ( + "context" + "fmt" + "log" + + "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" + + apisigning "cosmossdk.io/api/cosmos/tx/signing/v1beta1" + "cosmossdk.io/client/v2/broadcast/comet" + "cosmossdk.io/client/v2/tx" + "cosmossdk.io/core/transaction" + "cosmossdk.io/math" + banktypes "cosmossdk.io/x/bank/types" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + cryptocodec "github.com/cosmos/cosmos-sdk/crypto/codec" + "github.com/cosmos/cosmos-sdk/crypto/keyring" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + + "github.com/cosmos/cosmos-sdk/codec" + addrcodec "github.com/cosmos/cosmos-sdk/codec/address" + sdk "github.com/cosmos/cosmos-sdk/types" +) + +``` + +2. Create a gRPC connection + +```go +clientConn, err := grpc.NewClient("127.0.0.1:9090", grpc.WithTransportCredentials(insecure.NewCredentials())) +if err != nil { + log.Fatal(err) +} +``` + +3. Setup codec and interface registry + +```go + // Setup interface registry and register necessary interfaces + interfaceRegistry := codectypes.NewInterfaceRegistry() + banktypes.RegisterInterfaces(interfaceRegistry) + authtypes.RegisterInterfaces(interfaceRegistry) + cryptocodec.RegisterInterfaces(interfaceRegistry) + + // Create a ProtoCodec for encoding/decoding + protoCodec := codec.NewProtoCodec(interfaceRegistry) + +``` + +4. Initialize keyring + +```go + + ckr, err := keyring.New("autoclikeyring", "test", home, nil, protoCodec) + if err != nil { + log.Fatal("error creating keyring", err) + } + kr, err := keyring.NewAutoCLIKeyring(ckr, addrcodec.NewBech32Codec("cosmos")) + if err != nil { + log.Fatal("error creating auto cli keyring", err) + } + + +``` + +5. Setup transaction parameters + +```go + + // Setup transaction parameters + txParams := tx.TxParameters{ + ChainID: "simapp-v2-chain", + SignMode: apisigning.SignMode_SIGN_MODE_DIRECT, + AccountConfig: tx.AccountConfig{ + FromAddress: "cosmos1t0fmn0lyp2v99ga55mm37mpnqrlnc4xcs2hhhy", + FromName: "alice", + }, + } + + // Configure gas settings + gasConfig, err := tx.NewGasConfig(100, 100, "0stake") + if err != nil { + log.Fatal("error creating gas config: ", err) + } + txParams.GasConfig = gasConfig + + // Create auth query client + authClient := authtypes.NewQueryClient(clientConn) + + // Retrieve account information for the sender + fromAccount, err := getAccount("cosmos1t0fmn0lyp2v99ga55mm37mpnqrlnc4xcs2hhhy", authClient, protoCodec) + if err != nil { + log.Fatal("error getting from account: ", err) + } + + // Update txParams with the correct account number and sequence + txParams.AccountConfig.AccountNumber = fromAccount.GetAccountNumber() + txParams.AccountConfig.Sequence = fromAccount.GetSequence() + + // Retrieve account information for the recipient + toAccount, err := getAccount("cosmos1e2wanzh89mlwct7cs7eumxf7mrh5m3ykpsh66m", authClient, protoCodec) + if err != nil { + log.Fatal("error getting to account: ", err) + } + + // Configure transaction settings + txConf, _ := tx.NewTxConfig(tx.ConfigOptions{ + AddressCodec: addrcodec.NewBech32Codec("cosmos"), + Cdc: protoCodec, + ValidatorAddressCodec: addrcodec.NewBech32Codec("cosmosval"), + EnabledSignModes: []apisigning.SignMode{apisigning.SignMode_SIGN_MODE_DIRECT}, + }) +``` + +6. Build the transaction + +```go +// Create a transaction factory + f, err := tx.NewFactory(kr, codec.NewProtoCodec(codectypes.NewInterfaceRegistry()), nil, txConf, addrcodec.NewBech32Codec("cosmos"), clientConn, txParams) + if err != nil { + log.Fatal("error creating factory", err) + } + + // Define the transaction message + msgs := []transaction.Msg{ + &banktypes.MsgSend{ + FromAddress: fromAccount.GetAddress().String(), + ToAddress: toAccount.GetAddress().String(), + Amount: sdk.Coins{ + sdk.NewCoin("stake", math.NewInt(1000000)), + }, + }, + } + + // Build and sign the transaction + tx, err := f.BuildsSignedTx(context.Background(), msgs...) + if err != nil { + log.Fatal("error building signed tx", err) + } + + +``` + +7. Broadcast the transaction + +```go +// Create a broadcaster for the transaction + c, err := comet.NewCometBFTBroadcaster("http://127.0.0.1:26657", comet.BroadcastSync, protoCodec) + if err != nil { + log.Fatal("error creating comet broadcaster", err) + } + + // Broadcast the transaction + res, err := c.Broadcast(context.Background(), tx.Bytes()) + if err != nil { + log.Fatal("error broadcasting tx", err) + } + +``` + +8. Helpers + +```go +// getAccount retrieves account information using the provided address +func getAccount(address string, authClient authtypes.QueryClient, codec codec.Codec) (sdk.AccountI, error) { + // Query account info + accountQuery, err := authClient.Account(context.Background(), &authtypes.QueryAccountRequest{ + Address: string(address), + }) + if err != nil { + return nil, fmt.Errorf("error getting account: %w", err) + } + + // Unpack the account information + var account sdk.AccountI + err = codec.InterfaceRegistry().UnpackAny(accountQuery.Account, &account) + if err != nil { + return nil, fmt.Errorf("error unpacking account: %w", err) + } + + return account, nil +} +``` \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.50/tutorials/transactions/_category_.json b/copy-of-sdk-versioned_docs/version-0.50/tutorials/transactions/_category_.json new file mode 100644 index 00000000..5b0cdfc1 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/tutorials/transactions/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Transaction Tutorials", + "position": 2, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.50/tutorials/tutorials.md b/copy-of-sdk-versioned_docs/version-0.50/tutorials/tutorials.md new file mode 100644 index 00000000..e6828c9f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/tutorials/tutorials.md @@ -0,0 +1,12 @@ +--- +sidebar_position: 0 +--- +# Tutorials + +## Advanced Tutorials + +This section provides a concise overview of tutorials focused on implementing vote extensions in the Cosmos SDK. Vote extensions are a powerful feature for enhancing the security and fairness of blockchain applications, particularly in scenarios like implementing oracles and mitigating auction front-running. + +* **Implementing Oracle with Vote Extensions** - This tutorial details how to use vote extensions for the implementation of a secure and reliable oracle within a blockchain application. It demonstrates the use of vote extensions to securely include oracle data submissions in blocks, ensuring the data's integrity and reliability for the blockchain. + +* **Mitigating Auction Front-Running with Vote Extensions** - Explore how to prevent auction front-running using vote extensions. This tutorial outlines the creation of a module aimed at mitigating front-running in nameservice auctions, emphasising the `ExtendVote`, `PrepareProposal`, and `ProcessProposal` functions to facilitate a fair auction process. \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/_category_.json b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/_category_.json new file mode 100644 index 00000000..a2aecebd --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Vote Extensions Tutorials", + "position": 1, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/00-getting-started.md b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/00-getting-started.md new file mode 100644 index 00000000..a68a6e15 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/00-getting-started.md @@ -0,0 +1,40 @@ +# Getting Started + +## Table of Contents + +- [Getting Started](#overview-of-the-project) +- [Understanding Front-Running](./01-understanding-frontrunning.md) +- [Mitigating Front-running with Vote Extensions](./02-mitigating-front-running-with-vote-extesions.md) +- [Demo of Mitigating Front-Running](./03-demo-of-mitigating-front-running.md) + +## Getting Started + +### Overview of the Project + +This tutorial outlines the development of a module designed to mitigate front-running in nameservice auctions. The following functions are central to this module: + +* `ExtendVote`: Gathers bids from the mempool and includes them in the vote extension to ensure a fair and transparent auction process. +* `PrepareProposal`: Processes the vote extensions from the previous block, creating a special transaction that encapsulates bids to be included in the current proposal. +* `ProcessProposal`: Validates that the first transaction in the proposal is the special transaction containing the vote extensions and ensures the integrity of the bids. + +In this advanced tutorial, we will be working with an example application that facilitates the auctioning of nameservices. To see what frontrunning and nameservices are [here](./01-understanding-frontrunning.md) This application provides a practical use case to explore the prevention of auction front-running, also known as "bid sniping", where a validator takes advantage of seeing a bid in the mempool to place their own higher bid before the original bid is processed. + +The tutorial will guide you through using the Cosmos SDK to mitigate front-running using vote extensions. The module will be built on top of the base blockchain provided in the `tutorials/base` directory and will use the `auction` module as a foundation. By the end of this tutorial, you will have a better understanding of how to prevent front-running in blockchain auctions, specifically in the context of nameservice auctioning. + +## What are Vote extensions? + +Vote extensions is arbitrary information which can be inserted into a block. This feature is part of ABCI 2.0, which is available for use in the SDK 0.50 release and part of the 0.38 CometBFT release. + +More information about vote extensions can be seen [here](https://docs.cosmos.network/main/build/abci/vote-extensions). + +## Requirements and Setup + +Before diving into the advanced tutorial on auction front-running simulation, ensure you meet the following requirements: + +* [Golang >1.21.5](https://golang.org/doc/install) installed +* Familiarity with the concepts of front-running and MEV, as detailed in [Understanding Front-Running](./01-understanding-frontrunning.md) +* Understanding of Vote Extensions as described [here](https://docs.cosmos.network/main/build/abci/vote-extensions) + +You will also need a foundational blockchain to build upon coupled with your own module. The `tutorials/base` directory has the necessary blockchain code to start your custom project with the Cosmos SDK. For the module, you can use the `auction` module provided in the `tutorials/auction/x/auction` directory as a reference but please be aware that all of the code needed to implement vote extensions is already implemented in this module. + +This will set up a strong base for your blockchain, enabling the integration of advanced features such as auction front-running simulation. diff --git a/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/01-understanding-frontrunning.md b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/01-understanding-frontrunning.md new file mode 100644 index 00000000..31602b0e --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/01-understanding-frontrunning.md @@ -0,0 +1,41 @@ +# Understanding Front-Running and more + +## Introduction + +Blockchain technology is vulnerable to practices that can affect the fairness and security of the network. Two such practices are front-running and Maximal Extractable Value (MEV), which are important for blockchain participants to understand. + +## What is Front-Running? + +Front-running is when someone, such as a validator, uses their ability to see pending transactions to execute their own transactions first, benefiting from the knowledge of upcoming transactions. In nameservice auctions, a front-runner might place a higher bid before the original bid is confirmed, unfairly winning the auction. + +## Nameservices and Nameservice Auctions + +Nameservices are human-readable identifiers on a blockchain, akin to internet domain names, that correspond to specific addresses or resources. They simplify interactions with typically long and complex blockchain addresses, allowing users to have a memorable and unique identifier for their blockchain address or smart contract. + +Nameservice auctions are the process by which these identifiers are bid on and acquired. To combat front-running—where someone might use knowledge of pending bids to place a higher bid first—mechanisms such as commit-reveal schemes, auction extensions, and fair sequencing are implemented. These strategies ensure a transparent and fair bidding process, reducing the potential for Maximal Extractable Value (MEV) exploitation. + +## What is Maximal Extractable Value (MEV)? + +MEV is the highest value that can be extracted by manipulating the order of transactions within a block, beyond the standard block rewards and fees. This has become more prominent with the growth of decentralised finance (DeFi), where transaction order can greatly affect profits. + +## Implications of MEV + +MEV can lead to: + +- **Network Security**: Potential centralisation, as those with more computational power might dominate the process, increasing the risk of attacks. +- **Market Fairness**: An uneven playing field where only a few can gain at the expense of the majority. +- **User Experience**: Higher fees and network congestion due to the competition for MEV. + +## Mitigating MEV and Front-Running + +Some solutions being developed to mitigate MEV and front-running, including: + +- **Time-delayed Transactions**: Random delays to make transaction timing unpredictable. +- **Private Transaction Pools**: Concealing transactions until they are mined. +- **Fair Sequencing Services**: Processing transactions in the order they are received. + +For this tutorial, we will be exploring the last solution, fair sequencing services, in the context of nameservice auctions. + +## Conclusion + +MEV and front-running are challenges to blockchain integrity and fairness. Ongoing innovation and implementation of mitigation strategies are crucial for the ecosystem's health and success. diff --git a/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md new file mode 100644 index 00000000..a3d7549e --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md @@ -0,0 +1,331 @@ +# Mitigating Front-running with Vote Extensions + +## Table of Contents + +* [Prerequisites](#prerequisites) +* [Implementing Structs for Vote Extensions](#implementing-structs-for-vote-extensions) +* [Implementing Handlers and Configuring Handlers](#implementing-handlers-and-configuring-handlers) + +## Prerequisites + +Before implementing vote extensions to mitigate front-running, ensure you have a module ready to implement the vote extensions with. If you need to create or reference a similar module, see `x/auction` for guidance. + +In this section, we will discuss the steps to mitigate front-running using vote extensions. We will introduce new types within the `abci/types.go` file. These types will be used to handle the process of preparing proposals, processing proposals, and handling vote extensions. + +### Implementing Structs for Vote Extensions + +First, copy the following structs into the `abci/types.go` and each of these structs serves a specific purpose in the process of mitigating front-running using vote extensions: + +```go +package abci + +import ( + //import the necessary files +) + +type PrepareProposalHandler struct { + logger log.Logger + txConfig client.TxConfig + cdc codec.Codec + mempool *mempool.ThresholdMempool + txProvider provider.TxProvider + keyname string + runProvider bool +} +``` + +The `PrepareProposalHandler` struct is used to handle the preparation of a proposal in the consensus process. It contains several fields: logger for logging information and errors, txConfig for transaction configuration, cdc (Codec) for encoding and decoding transactions, mempool for referencing the set of unconfirmed transactions, txProvider for building the proposal with transactions, keyname for the name of the key used for signing transactions, and runProvider, a boolean flag indicating whether the provider should be run to build the proposal. + +```go +type ProcessProposalHandler struct { + TxConfig client.TxConfig + Codec codec.Codec + Logger log.Logger +} +``` + +After the proposal has been prepared and vote extensions have been included, the `ProcessProposalHandler` is used to process the proposal. This includes validating the proposal and the included vote extensions. The `ProcessProposalHandler` allows you to access the transaction configuration and codec, which are necessary for processing the vote extensions. + +```go +type VoteExtHandler struct { + logger log.Logger + currentBlock int64 + mempool *mempool.ThresholdMempool + cdc codec.Codec +} +``` + +This struct is used to handle vote extensions. It contains a logger for logging events, the current block number, a mempool for storing transactions, and a codec for encoding and decoding. Vote extensions are a key part of the process to mitigate front-running, as they allow for additional information to be included with each vote. + +```go +type InjectedVoteExt struct { + VoteExtSigner []byte + Bids [][]byte +} + +type InjectedVotes struct { + Votes []InjectedVoteExt +} +``` + +These structs are used to handle injected vote extensions. They include the signer of the vote extension and the bids associated with the vote extension. Each byte array in Bids is a serialised form of a bid transaction. Injected vote extensions are used to add additional information to a vote after it has been created, which can be useful for adding context or additional data to a vote. The serialised bid transactions provide a way to include complex transaction data in a compact, efficient format. + +```go +type AppVoteExtension struct { + Height int64 + Bids [][]byte +} +``` + +This struct is used for application vote extensions. It includes the height of the block and the bids associated with the vote extension. Application vote extensions are used to add additional information to a vote at the application level, which can be useful for adding context or additional data to a vote that is specific to the application. + +```go +type SpecialTransaction struct { + Height int + Bids [][]byte +} +``` + +This struct is used for special transactions. It includes the height of the block and the bids associated with the transaction. Special transactions are used for transactions that need to be handled differently from regular transactions, such as transactions that are part of the process to mitigate front-running. + +### Implementing Handlers and Configuring Handlers + +To establish the `VoteExtensionHandler`, follow these steps: + +1. Navigate to the `abci/proposal.go` file. This is where we will implement the `VoteExtensionHandler``. + +2. Implement the `NewVoteExtensionHandler` function. This function is a constructor for the `VoteExtHandler` struct. It takes a logger, a mempool, and a codec as parameters and returns a new instance of `VoteExtHandler`. + +```go +func NewVoteExtensionHandler(lg log.Logger, mp *mempool.ThresholdMempool, cdc codec.Codec) *VoteExtHandler { + return &VoteExtHandler{ + logger: lg, + mempool: mp, + cdc: cdc, + } +} +``` + +3. Implement the `ExtendVoteHandler()` method. This method should handle the logic of extending votes, including inspecting the mempool and submitting a list of all pending bids. This will allow you to access the list of unconfirmed transactions in the abci.`RequestPrepareProposal` during the ensuing block. + +```go +func (h *VoteExtHandler) ExtendVoteHandler() sdk.ExtendVoteHandler { + return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + h.logger.Info(fmt.Sprintf("Extending votes at block height : %v", req.Height)) + + voteExtBids := [][]byte{} + + // Get mempool txs + itr := h.mempool.SelectPending(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + sdkMsgs := tmptx.GetMsgs() + + // Iterate through msgs, check for any bids + for _, msg := range sdkMsgs { + switch msg := msg.(type) { + case *nstypes.MsgBid: + // Marshal sdk bids to []byte + bz, err := h.cdc.Marshal(msg) + if err != nil { + h.logger.Error(fmt.Sprintf("Error marshalling VE Bid : %v", err)) + break + } + voteExtBids = append(voteExtBids, bz) + default: + } + } + + // Move tx to ready pool + err := h.mempool.Update(context.Background(), tmptx) + + // Remove tx from app side mempool + if err != nil { + h.logger.Info(fmt.Sprintf("Unable to update mempool tx: %v", err)) + } + + itr = itr.Next() + } + + // Create vote extension + voteExt := AppVoteExtension{ + Height: req.Height, + Bids: voteExtBids, + } + + // Encode Vote Extension + bz, err := json.Marshal(voteExt) + if err != nil { + return nil, fmt.Errorf("Error marshalling VE: %w", err) + } + + return &abci.ResponseExtendVote{VoteExtension: bz}, nil +} +``` + +4. Configure the handler in `app/app.go` as shown below + +```go +bApp := baseapp.NewBaseApp(AppName, logger, db, txConfig.TxDecoder(), baseAppOptions...) +voteExtHandler := abci2.NewVoteExtensionHandler(logger, mempool, appCodec) +bApp.SetExtendVoteHandler(voteExtHandler.ExtendVoteHandler()) +``` + +To give a bit of context on what is happening above, we first create a new instance of `VoteExtensionHandler` with the necessary dependencies (logger, mempool, and codec). Then, we set this handler as the `ExtendVoteHandler` for our application. This means that whenever a vote needs to be extended, our custom `ExtendVoteHandler()` method will be called. + +To test if vote extensions have been propagated, add the following to the `PrepareProposalHandler`: + +```go +if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf(" :: Get vote extensions: %v", voteExt)) +} +``` + +This is how the whole function should look: + +```go +func (h *PrepareProposalHandler) PrepareProposalHandler() sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + h.logger.Info(fmt.Sprintf(" :: Prepare Proposal")) + var proposalTxs [][]byte + + var txs []sdk.Tx + + // Get Vote Extensions + if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf(" :: Get vote extensions: %v", voteExt)) + } + + itr := h.mempool.Select(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + + txs = append(txs, tmptx) + itr = itr.Next() + } + h.logger.Info(fmt.Sprintf(" :: Number of Transactions available from mempool: %v", len(txs))) + + if h.runProvider { + tmpMsgs, err := h.txProvider.BuildProposal(ctx, txs) + if err != nil { + h.logger.Error(fmt.Sprintf(" :: Error Building Custom Proposal: %v", err)) + } + txs = tmpMsgs + } + + for _, sdkTxs := range txs { + txBytes, err := h.txConfig.TxEncoder()(sdkTxs) + if err != nil { + h.logger.Info(fmt.Sprintf("~Error encoding transaction: %v", err.Error())) + } + proposalTxs = append(proposalTxs, txBytes) + } + + h.logger.Info(fmt.Sprintf(" :: Number of Transactions in proposal: %v", len(proposalTxs))) + + return &abci.ResponsePrepareProposal{Txs: proposalTxs}, nil + } +} +``` + +As mentioned above, we check if vote extensions have been propagated, you can do this by checking the logs for any relevant messages such as ` :: Get vote extensions:`. If the logs do not provide enough information, you can also reinitialise your local testing environment by running the `./scripts/single_node/setup.sh` script again. + +5. Implement the `ProcessProposalHandler()`. This function is responsible for processing the proposal. It should handle the logic of processing vote extensions, including inspecting the proposal and validating the bids. + +```go +func (h *ProcessProposalHandler) ProcessProposalHandler() sdk.ProcessProposalHandler { + return func(ctx sdk.Context, req *abci.RequestProcessProposal) (resp *abci.ResponseProcessProposal, err error) { + h.Logger.Info(fmt.Sprintf(" :: Process Proposal")) + + // The first transaction will always be the Special Transaction + numTxs := len(req.Txs) + + h.Logger.Info(fmt.Sprintf(":: Number of transactions :: %v", numTxs)) + + if numTxs >= 1 { + var st SpecialTransaction + err = json.Unmarshal(req.Txs[0], &st) + if err != nil { + h.Logger.Error(fmt.Sprintf(":: Error unmarshalling special Tx in Process Proposal :: %v", err)) + } + if len(st.Bids) > 0 { + h.Logger.Info(fmt.Sprintf(":: There are bids in the Special Transaction")) + var bids []nstypes.MsgBid + for i, b := range st.Bids { + var bid nstypes.MsgBid + h.Codec.Unmarshal(b, &bid) + h.Logger.Info(fmt.Sprintf(":: Special Transaction Bid No %v :: %v", i, bid)) + bids = append(bids, bid) + } + // Validate Bids in Tx + txs := req.Txs[1:] + ok, err := ValidateBids(h.TxConfig, bids, txs, h.Logger) + if err != nil { + h.Logger.Error(fmt.Sprintf(":: Error validating bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + if !ok { + h.Logger.Error(fmt.Sprintf(":: Unable to validate bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + h.Logger.Info(":: Successfully validated bids in Process Proposal") + } + } + + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil + } +} +``` + +6. Implement the `ProcessVoteExtensions()` function. This function should handle the logic of processing vote extensions, including validating the bids. + +```go +func processVoteExtensions(req *abci.RequestPrepareProposal, log log.Logger) (SpecialTransaction, error) { + log.Info(fmt.Sprintf(" :: Process Vote Extensions")) + + // Create empty response + st := SpecialTransaction{ + 0, + [][]byte{}, + } + + // Get Vote Ext for H-1 from Req + voteExt := req.GetLocalLastCommit() + votes := voteExt.Votes + + // Iterate through votes + var ve AppVoteExtension + for _, vote := range votes { + // Unmarshal to AppExt + err := json.Unmarshal(vote.VoteExtension, &ve) + if err != nil { + log.Error(fmt.Sprintf(" :: Error unmarshalling Vote Extension")) + } + + st.Height = int(ve.Height) + + // If Bids in VE, append to Special Transaction + if len(ve.Bids) > 0 { + log.Info(" :: Bids in VE") + for _, b := range ve.Bids { + st.Bids = append(st.Bids, b) + } + } + } + + return st, nil +} +``` + +7. Configure the `ProcessProposalHandler()` in app/app.go: + +```go +processPropHandler := abci2.ProcessProposalHandler{app.txConfig, appCodec, logger} +bApp.SetProcessProposal(processPropHandler.ProcessProposalHandler()) +``` + +This sets the `ProcessProposalHandler()` for our application. This means that whenever a proposal needs to be processed, our custom `ProcessProposalHandler()` method will be called. + +To test if the proposal processing and vote extensions are working correctly, you can check the logs for any relevant messages. If the logs do not provide enough information, you can also reinitialize your local testing environment by running `./scripts/single_node/setup.sh` script. diff --git a/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md.bak b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md.bak new file mode 100644 index 00000000..421b6ed8 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md.bak @@ -0,0 +1,331 @@ +# Mitigating Front-running with Vote Extensions + +## Table of Contents + +* [Prerequisites](#prerequisites) +* [Implementing Structs for Vote Extensions](#implementing-structs-for-vote-extensions) +* [Implementing Handlers and Configuring Handlers](#implementing-handlers-and-configuring-handlers) + +## Prerequisites + +Before implementing vote extensions to mitigate front-running, ensure you have a module ready to implement the vote extensions with. If you need to create or reference a similar module, see `x/auction` for guidance. + +In this section, we will discuss the steps to mitigate front-running using vote extensions. We will introduce new types within the `abci/types.go` file. These types will be used to handle the process of preparing proposals, processing proposals, and handling vote extensions. + +### Implementing Structs for Vote Extensions + +First, copy the following structs into the `abci/types.go` and each of these structs serves a specific purpose in the process of mitigating front-running using vote extensions: + +```go +package abci + +import ( + //import the necessary files +) + +type PrepareProposalHandler struct { + logger log.Logger + txConfig client.TxConfig + cdc codec.Codec + mempool *mempool.ThresholdMempool + txProvider provider.TxProvider + keyname string + runProvider bool +} +``` + +The `PrepareProposalHandler` struct is used to handle the preparation of a proposal in the consensus process. It contains several fields: logger for logging information and errors, txConfig for transaction configuration, cdc (Codec) for encoding and decoding transactions, mempool for referencing the set of unconfirmed transactions, txProvider for building the proposal with transactions, keyname for the name of the key used for signing transactions, and runProvider, a boolean flag indicating whether the provider should be run to build the proposal. + +```go +type ProcessProposalHandler struct { + TxConfig client.TxConfig + Codec codec.Codec + Logger log.Logger +} +``` + +After the proposal has been prepared and vote extensions have been included, the `ProcessProposalHandler` is used to process the proposal. This includes validating the proposal and the included vote extensions. The `ProcessProposalHandler` allows you to access the transaction configuration and codec, which are necessary for processing the vote extensions. + +```go +type VoteExtHandler struct { + logger log.Logger + currentBlock int64 + mempool *mempool.ThresholdMempool + cdc codec.Codec +} +``` + +This struct is used to handle vote extensions. It contains a logger for logging events, the current block number, a mempool for storing transactions, and a codec for encoding and decoding. Vote extensions are a key part of the process to mitigate front-running, as they allow for additional information to be included with each vote. + +```go +type InjectedVoteExt struct { + VoteExtSigner []byte + Bids [][]byte +} + +type InjectedVotes struct { + Votes []InjectedVoteExt +} +``` + +These structs are used to handle injected vote extensions. They include the signer of the vote extension and the bids associated with the vote extension. Each byte array in Bids is a serialised form of a bid transaction. Injected vote extensions are used to add additional information to a vote after it has been created, which can be useful for adding context or additional data to a vote. The serialised bid transactions provide a way to include complex transaction data in a compact, efficient format. + +```go +type AppVoteExtension struct { + Height int64 + Bids [][]byte +} +``` + +This struct is used for application vote extensions. It includes the height of the block and the bids associated with the vote extension. Application vote extensions are used to add additional information to a vote at the application level, which can be useful for adding context or additional data to a vote that is specific to the application. + +```go +type SpecialTransaction struct { + Height int + Bids [][]byte +} +``` + +This struct is used for special transactions. It includes the height of the block and the bids associated with the transaction. Special transactions are used for transactions that need to be handled differently from regular transactions, such as transactions that are part of the process to mitigate front-running. + +### Implementing Handlers and Configuring Handlers + +To establish the `VoteExtensionHandler`, follow these steps: + +1. Navigate to the `abci/proposal.go` file. This is where we will implement the `VoteExtensionHandler``. + +2. Implement the `NewVoteExtensionHandler` function. This function is a constructor for the `VoteExtHandler` struct. It takes a logger, a mempool, and a codec as parameters and returns a new instance of `VoteExtHandler`. + +```go +func NewVoteExtensionHandler(lg log.Logger, mp *mempool.ThresholdMempool, cdc codec.Codec) *VoteExtHandler { + return &VoteExtHandler{ + logger: lg, + mempool: mp, + cdc: cdc, + } +} +``` + +3. Implement the `ExtendVoteHandler()` method. This method should handle the logic of extending votes, including inspecting the mempool and submitting a list of all pending bids. This will allow you to access the list of unconfirmed transactions in the abci.`RequestPrepareProposal` during the ensuing block. + +```go +func (h *VoteExtHandler) ExtendVoteHandler() sdk.ExtendVoteHandler { + return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + h.logger.Info(fmt.Sprintf("Extending votes at block height : %v", req.Height)) + + voteExtBids := [][]byte{} + + // Get mempool txs + itr := h.mempool.SelectPending(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + sdkMsgs := tmptx.GetMsgs() + + // Iterate through msgs, check for any bids + for _, msg := range sdkMsgs { + switch msg := msg.(type) { + case *nstypes.MsgBid: + // Marshal sdk bids to []byte + bz, err := h.cdc.Marshal(msg) + if err != nil { + h.logger.Error(fmt.Sprintf("Error marshalling VE Bid : %v", err)) + break + } + voteExtBids = append(voteExtBids, bz) + default: + } + } + + // Move tx to ready pool + err := h.mempool.Update(context.Background(), tmptx) + + // Remove tx from app side mempool + if err != nil { + h.logger.Info(fmt.Sprintf("Unable to update mempool tx: %v", err)) + } + + itr = itr.Next() + } + + // Create vote extension + voteExt := AppVoteExtension{ + Height: req.Height, + Bids: voteExtBids, + } + + // Encode Vote Extension + bz, err := json.Marshal(voteExt) + if err != nil { + return nil, fmt.Errorf("Error marshalling VE: %w", err) + } + + return &abci.ResponseExtendVote{VoteExtension: bz}, nil +} +``` + +4. Configure the handler in `app/app.go` as shown below + +```go +bApp := baseapp.NewBaseApp(AppName, logger, db, txConfig.TxDecoder(), baseAppOptions...) +voteExtHandler := abci2.NewVoteExtensionHandler(logger, mempool, appCodec) +bApp.SetExtendVoteHandler(voteExtHandler.ExtendVoteHandler()) +``` + +To give a bit of context on what is happening above, we first create a new instance of `VoteExtensionHandler` with the necessary dependencies (logger, mempool, and codec). Then, we set this handler as the `ExtendVoteHandler` for our application. This means that whenever a vote needs to be extended, our custom `ExtendVoteHandler()` method will be called. + +To test if vote extensions have been propagated, add the following to the `PrepareProposalHandler`: + +```go +if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf("🛠️ :: Get vote extensions: %v", voteExt)) +} +``` + +This is how the whole function should look: + +```go +func (h *PrepareProposalHandler) PrepareProposalHandler() sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + h.logger.Info(fmt.Sprintf("🛠️ :: Prepare Proposal")) + var proposalTxs [][]byte + + var txs []sdk.Tx + + // Get Vote Extensions + if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf("🛠️ :: Get vote extensions: %v", voteExt)) + } + + itr := h.mempool.Select(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + + txs = append(txs, tmptx) + itr = itr.Next() + } + h.logger.Info(fmt.Sprintf("🛠️ :: Number of Transactions available from mempool: %v", len(txs))) + + if h.runProvider { + tmpMsgs, err := h.txProvider.BuildProposal(ctx, txs) + if err != nil { + h.logger.Error(fmt.Sprintf("❌️ :: Error Building Custom Proposal: %v", err)) + } + txs = tmpMsgs + } + + for _, sdkTxs := range txs { + txBytes, err := h.txConfig.TxEncoder()(sdkTxs) + if err != nil { + h.logger.Info(fmt.Sprintf("❌~Error encoding transaction: %v", err.Error())) + } + proposalTxs = append(proposalTxs, txBytes) + } + + h.logger.Info(fmt.Sprintf("🛠️ :: Number of Transactions in proposal: %v", len(proposalTxs))) + + return &abci.ResponsePrepareProposal{Txs: proposalTxs}, nil + } +} +``` + +As mentioned above, we check if vote extensions have been propagated, you can do this by checking the logs for any relevant messages such as `🛠️ :: Get vote extensions:`. If the logs do not provide enough information, you can also reinitialise your local testing environment by running the `./scripts/single_node/setup.sh` script again. + +5. Implement the `ProcessProposalHandler()`. This function is responsible for processing the proposal. It should handle the logic of processing vote extensions, including inspecting the proposal and validating the bids. + +```go +func (h *ProcessProposalHandler) ProcessProposalHandler() sdk.ProcessProposalHandler { + return func(ctx sdk.Context, req *abci.RequestProcessProposal) (resp *abci.ResponseProcessProposal, err error) { + h.Logger.Info(fmt.Sprintf("⚙️ :: Process Proposal")) + + // The first transaction will always be the Special Transaction + numTxs := len(req.Txs) + + h.Logger.Info(fmt.Sprintf("⚙️:: Number of transactions :: %v", numTxs)) + + if numTxs >= 1 { + var st SpecialTransaction + err = json.Unmarshal(req.Txs[0], &st) + if err != nil { + h.Logger.Error(fmt.Sprintf("❌️:: Error unmarshalling special Tx in Process Proposal :: %v", err)) + } + if len(st.Bids) > 0 { + h.Logger.Info(fmt.Sprintf("⚙️:: There are bids in the Special Transaction")) + var bids []nstypes.MsgBid + for i, b := range st.Bids { + var bid nstypes.MsgBid + h.Codec.Unmarshal(b, &bid) + h.Logger.Info(fmt.Sprintf("⚙️:: Special Transaction Bid No %v :: %v", i, bid)) + bids = append(bids, bid) + } + // Validate Bids in Tx + txs := req.Txs[1:] + ok, err := ValidateBids(h.TxConfig, bids, txs, h.Logger) + if err != nil { + h.Logger.Error(fmt.Sprintf("❌️:: Error validating bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + if !ok { + h.Logger.Error(fmt.Sprintf("❌️:: Unable to validate bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + h.Logger.Info("⚙️:: Successfully validated bids in Process Proposal") + } + } + + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil + } +} +``` + +6. Implement the `ProcessVoteExtensions()` function. This function should handle the logic of processing vote extensions, including validating the bids. + +```go +func processVoteExtensions(req *abci.RequestPrepareProposal, log log.Logger) (SpecialTransaction, error) { + log.Info(fmt.Sprintf("🛠️ :: Process Vote Extensions")) + + // Create empty response + st := SpecialTransaction{ + 0, + [][]byte{}, + } + + // Get Vote Ext for H-1 from Req + voteExt := req.GetLocalLastCommit() + votes := voteExt.Votes + + // Iterate through votes + var ve AppVoteExtension + for _, vote := range votes { + // Unmarshal to AppExt + err := json.Unmarshal(vote.VoteExtension, &ve) + if err != nil { + log.Error(fmt.Sprintf("❌ :: Error unmarshalling Vote Extension")) + } + + st.Height = int(ve.Height) + + // If Bids in VE, append to Special Transaction + if len(ve.Bids) > 0 { + log.Info("🛠️ :: Bids in VE") + for _, b := range ve.Bids { + st.Bids = append(st.Bids, b) + } + } + } + + return st, nil +} +``` + +7. Configure the `ProcessProposalHandler()` in app/app.go: + +```go +processPropHandler := abci2.ProcessProposalHandler{app.txConfig, appCodec, logger} +bApp.SetProcessProposal(processPropHandler.ProcessProposalHandler()) +``` + +This sets the `ProcessProposalHandler()` for our application. This means that whenever a proposal needs to be processed, our custom `ProcessProposalHandler()` method will be called. + +To test if the proposal processing and vote extensions are working correctly, you can check the logs for any relevant messages. If the logs do not provide enough information, you can also reinitialize your local testing environment by running `./scripts/single_node/setup.sh` script. diff --git a/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md new file mode 100644 index 00000000..55c84fa7 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md @@ -0,0 +1,331 @@ +# Mitigating Front-running with Vote Extensions + +## Table of Contents + +- [Prerequisites](#prerequisites) +- [Implementing Structs for Vote Extensions](#implementing-structs-for-vote-extensions) +- [Implementing Handlers and Configuring Handlers](#implementing-handlers-and-configuring-handlers) + +## Prerequisites + +Before implementing vote extensions to mitigate front-running, ensure you have a module ready to implement the vote extensions with. If you need to create or reference a similar module, see `x/auction` for guidance. + +In this section, we will discuss the steps to mitigate front-running using vote extensions. We will introduce new types within the `abci/types.go` file. These types will be used to handle the process of preparing proposals, processing proposals, and handling vote extensions. + +### Implementing Structs for Vote Extensions + +First, copy the following structs into the `abci/types.go` and each of these structs serves a specific purpose in the process of mitigating front-running using vote extensions: + +```go +package abci + +import ( + //import the necessary files +) + +type PrepareProposalHandler struct { + logger log.Logger + txConfig client.TxConfig + cdc codec.Codec + mempool *mempool.ThresholdMempool + txProvider provider.TxProvider + keyname string + runProvider bool +} +``` + +The `PrepareProposalHandler` struct is used to handle the preparation of a proposal in the consensus process. It contains several fields: logger for logging information and errors, txConfig for transaction configuration, cdc (Codec) for encoding and decoding transactions, mempool for referencing the set of unconfirmed transactions, txProvider for building the proposal with transactions, keyname for the name of the key used for signing transactions, and runProvider, a boolean flag indicating whether the provider should be run to build the proposal. + +```go +type ProcessProposalHandler struct { + TxConfig client.TxConfig + Codec codec.Codec + Logger log.Logger +} +``` + +After the proposal has been prepared and vote extensions have been included, the `ProcessProposalHandler` is used to process the proposal. This includes validating the proposal and the included vote extensions. The `ProcessProposalHandler` allows you to access the transaction configuration and codec, which are necessary for processing the vote extensions. + +```go +type VoteExtHandler struct { + logger log.Logger + currentBlock int64 + mempool *mempool.ThresholdMempool + cdc codec.Codec +} +``` + +This struct is used to handle vote extensions. It contains a logger for logging events, the current block number, a mempool for storing transactions, and a codec for encoding and decoding. Vote extensions are a key part of the process to mitigate front-running, as they allow for additional information to be included with each vote. + +```go +type InjectedVoteExt struct { + VoteExtSigner []byte + Bids [][]byte +} + +type InjectedVotes struct { + Votes []InjectedVoteExt +} +``` + +These structs are used to handle injected vote extensions. They include the signer of the vote extension and the bids associated with the vote extension. Each byte array in Bids is a serialised form of a bid transaction. Injected vote extensions are used to add additional information to a vote after it has been created, which can be useful for adding context or additional data to a vote. The serialised bid transactions provide a way to include complex transaction data in a compact, efficient format. + +```go +type AppVoteExtension struct { + Height int64 + Bids [][]byte +} +``` + +This struct is used for application vote extensions. It includes the height of the block and the bids associated with the vote extension. Application vote extensions are used to add additional information to a vote at the application level, which can be useful for adding context or additional data to a vote that is specific to the application. + +```go +type SpecialTransaction struct { + Height int + Bids [][]byte +} +``` + +This struct is used for special transactions. It includes the height of the block and the bids associated with the transaction. Special transactions are used for transactions that need to be handled differently from regular transactions, such as transactions that are part of the process to mitigate front-running. + +### Implementing Handlers and Configuring Handlers + +To establish the `VoteExtensionHandler`, follow these steps: + +1. Navigate to the `abci/proposal.go` file. This is where we will implement the `VoteExtensionHandler``. + +2. Implement the `NewVoteExtensionHandler` function. This function is a constructor for the `VoteExtHandler` struct. It takes a logger, a mempool, and a codec as parameters and returns a new instance of `VoteExtHandler`. + +```go +func NewVoteExtensionHandler(lg log.Logger, mp *mempool.ThresholdMempool, cdc codec.Codec) *VoteExtHandler { + return &VoteExtHandler{ + logger: lg, + mempool: mp, + cdc: cdc, + } +} +``` + +3. Implement the `ExtendVoteHandler()` method. This method should handle the logic of extending votes, including inspecting the mempool and submitting a list of all pending bids. This will allow you to access the list of unconfirmed transactions in the abci.`RequestPrepareProposal` during the ensuing block. + +```go +func (h *VoteExtHandler) ExtendVoteHandler() sdk.ExtendVoteHandler { + return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + h.logger.Info(fmt.Sprintf("Extending votes at block height : %v", req.Height)) + + voteExtBids := [][]byte{} + + // Get mempool txs + itr := h.mempool.SelectPending(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + sdkMsgs := tmptx.GetMsgs() + + // Iterate through msgs, check for any bids + for _, msg := range sdkMsgs { + switch msg := msg.(type) { + case *nstypes.MsgBid: + // Marshal sdk bids to []byte + bz, err := h.cdc.Marshal(msg) + if err != nil { + h.logger.Error(fmt.Sprintf("Error marshalling VE Bid : %v", err)) + break + } + voteExtBids = append(voteExtBids, bz) + default: + } + } + + // Move tx to ready pool + err := h.mempool.Update(context.Background(), tmptx) + + // Remove tx from app side mempool + if err != nil { + h.logger.Info(fmt.Sprintf("Unable to update mempool tx: %v", err)) + } + + itr = itr.Next() + } + + // Create vote extension + voteExt := AppVoteExtension{ + Height: req.Height, + Bids: voteExtBids, + } + + // Encode Vote Extension + bz, err := json.Marshal(voteExt) + if err != nil { + return nil, fmt.Errorf("Error marshalling VE: %w", err) + } + + return &abci.ResponseExtendVote{VoteExtension: bz}, nil +} +``` + +4. Configure the handler in `app/app.go` as shown below + +```go +bApp := baseapp.NewBaseApp(AppName, logger, db, txConfig.TxDecoder(), baseAppOptions...) +voteExtHandler := abci2.NewVoteExtensionHandler(logger, mempool, appCodec) +bApp.SetExtendVoteHandler(voteExtHandler.ExtendVoteHandler()) +``` + +To give a bit of context on what is happening above, we first create a new instance of `VoteExtensionHandler` with the necessary dependencies (logger, mempool, and codec). Then, we set this handler as the `ExtendVoteHandler` for our application. This means that whenever a vote needs to be extended, our custom `ExtendVoteHandler()` method will be called. + +To test if vote extensions have been propagated, add the following to the `PrepareProposalHandler`: + +```go +if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf(" :: Get vote extensions: %v", voteExt)) +} +``` + +This is how the whole function should look: + +```go +func (h *PrepareProposalHandler) PrepareProposalHandler() sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + h.logger.Info(fmt.Sprintf(" :: Prepare Proposal")) + var proposalTxs [][]byte + + var txs []sdk.Tx + + // Get Vote Extensions + if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf(" :: Get vote extensions: %v", voteExt)) + } + + itr := h.mempool.Select(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + + txs = append(txs, tmptx) + itr = itr.Next() + } + h.logger.Info(fmt.Sprintf(" :: Number of Transactions available from mempool: %v", len(txs))) + + if h.runProvider { + tmpMsgs, err := h.txProvider.BuildProposal(ctx, txs) + if err != nil { + h.logger.Error(fmt.Sprintf(" :: Error Building Custom Proposal: %v", err)) + } + txs = tmpMsgs + } + + for _, sdkTxs := range txs { + txBytes, err := h.txConfig.TxEncoder()(sdkTxs) + if err != nil { + h.logger.Info(fmt.Sprintf("~Error encoding transaction: %v", err.Error())) + } + proposalTxs = append(proposalTxs, txBytes) + } + + h.logger.Info(fmt.Sprintf(" :: Number of Transactions in proposal: %v", len(proposalTxs))) + + return &abci.ResponsePrepareProposal{Txs: proposalTxs}, nil + } +} +``` + +As mentioned above, we check if vote extensions have been propagated, you can do this by checking the logs for any relevant messages such as ` :: Get vote extensions:`. If the logs do not provide enough information, you can also reinitialise your local testing environment by running the `./scripts/single_node/setup.sh` script again. + +5. Implement the `ProcessProposalHandler()`. This function is responsible for processing the proposal. It should handle the logic of processing vote extensions, including inspecting the proposal and validating the bids. + +```go +func (h *ProcessProposalHandler) ProcessProposalHandler() sdk.ProcessProposalHandler { + return func(ctx sdk.Context, req *abci.RequestProcessProposal) (resp *abci.ResponseProcessProposal, err error) { + h.Logger.Info(fmt.Sprintf(" :: Process Proposal")) + + // The first transaction will always be the Special Transaction + numTxs := len(req.Txs) + + h.Logger.Info(fmt.Sprintf(":: Number of transactions :: %v", numTxs)) + + if numTxs >= 1 { + var st SpecialTransaction + err = json.Unmarshal(req.Txs[0], &st) + if err != nil { + h.Logger.Error(fmt.Sprintf(":: Error unmarshalling special Tx in Process Proposal :: %v", err)) + } + if len(st.Bids) > 0 { + h.Logger.Info(fmt.Sprintf(":: There are bids in the Special Transaction")) + var bids []nstypes.MsgBid + for i, b := range st.Bids { + var bid nstypes.MsgBid + h.Codec.Unmarshal(b, &bid) + h.Logger.Info(fmt.Sprintf(":: Special Transaction Bid No %v :: %v", i, bid)) + bids = append(bids, bid) + } + // Validate Bids in Tx + txs := req.Txs[1:] + ok, err := ValidateBids(h.TxConfig, bids, txs, h.Logger) + if err != nil { + h.Logger.Error(fmt.Sprintf(":: Error validating bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + if !ok { + h.Logger.Error(fmt.Sprintf(":: Unable to validate bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + h.Logger.Info(":: Successfully validated bids in Process Proposal") + } + } + + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil + } +} +``` + +6. Implement the `ProcessVoteExtensions()` function. This function should handle the logic of processing vote extensions, including validating the bids. + +```go +func processVoteExtensions(req *abci.RequestPrepareProposal, log log.Logger) (SpecialTransaction, error) { + log.Info(fmt.Sprintf(" :: Process Vote Extensions")) + + // Create empty response + st := SpecialTransaction{ + 0, + [][]byte{}, + } + + // Get Vote Ext for H-1 from Req + voteExt := req.GetLocalLastCommit() + votes := voteExt.Votes + + // Iterate through votes + var ve AppVoteExtension + for _, vote := range votes { + // Unmarshal to AppExt + err := json.Unmarshal(vote.VoteExtension, &ve) + if err != nil { + log.Error(fmt.Sprintf(" :: Error unmarshalling Vote Extension")) + } + + st.Height = int(ve.Height) + + // If Bids in VE, append to Special Transaction + if len(ve.Bids) > 0 { + log.Info(" :: Bids in VE") + for _, b := range ve.Bids { + st.Bids = append(st.Bids, b) + } + } + } + + return st, nil +} +``` + +7. Configure the `ProcessProposalHandler()` in app/app.go: + +```go +processPropHandler := abci2.ProcessProposalHandler{app.txConfig, appCodec, logger} +bApp.SetProcessProposal(processPropHandler.ProcessProposalHandler()) +``` + +This sets the `ProcessProposalHandler()` for our application. This means that whenever a proposal needs to be processed, our custom `ProcessProposalHandler()` method will be called. + +To test if the proposal processing and vote extensions are working correctly, you can check the logs for any relevant messages. If the logs do not provide enough information, you can also reinitialize your local testing environment by running `./scripts/single_node/setup.sh` script. diff --git a/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md.bak b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md.bak new file mode 100644 index 00000000..56c2d402 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md.bak @@ -0,0 +1,331 @@ +# Mitigating Front-running with Vote Extensions + +## Table of Contents + +- [Prerequisites](#prerequisites) +- [Implementing Structs for Vote Extensions](#implementing-structs-for-vote-extensions) +- [Implementing Handlers and Configuring Handlers](#implementing-handlers-and-configuring-handlers) + +## Prerequisites + +Before implementing vote extensions to mitigate front-running, ensure you have a module ready to implement the vote extensions with. If you need to create or reference a similar module, see `x/auction` for guidance. + +In this section, we will discuss the steps to mitigate front-running using vote extensions. We will introduce new types within the `abci/types.go` file. These types will be used to handle the process of preparing proposals, processing proposals, and handling vote extensions. + +### Implementing Structs for Vote Extensions + +First, copy the following structs into the `abci/types.go` and each of these structs serves a specific purpose in the process of mitigating front-running using vote extensions: + +```go +package abci + +import ( + //import the necessary files +) + +type PrepareProposalHandler struct { + logger log.Logger + txConfig client.TxConfig + cdc codec.Codec + mempool *mempool.ThresholdMempool + txProvider provider.TxProvider + keyname string + runProvider bool +} +``` + +The `PrepareProposalHandler` struct is used to handle the preparation of a proposal in the consensus process. It contains several fields: logger for logging information and errors, txConfig for transaction configuration, cdc (Codec) for encoding and decoding transactions, mempool for referencing the set of unconfirmed transactions, txProvider for building the proposal with transactions, keyname for the name of the key used for signing transactions, and runProvider, a boolean flag indicating whether the provider should be run to build the proposal. + +```go +type ProcessProposalHandler struct { + TxConfig client.TxConfig + Codec codec.Codec + Logger log.Logger +} +``` + +After the proposal has been prepared and vote extensions have been included, the `ProcessProposalHandler` is used to process the proposal. This includes validating the proposal and the included vote extensions. The `ProcessProposalHandler` allows you to access the transaction configuration and codec, which are necessary for processing the vote extensions. + +```go +type VoteExtHandler struct { + logger log.Logger + currentBlock int64 + mempool *mempool.ThresholdMempool + cdc codec.Codec +} +``` + +This struct is used to handle vote extensions. It contains a logger for logging events, the current block number, a mempool for storing transactions, and a codec for encoding and decoding. Vote extensions are a key part of the process to mitigate front-running, as they allow for additional information to be included with each vote. + +```go +type InjectedVoteExt struct { + VoteExtSigner []byte + Bids [][]byte +} + +type InjectedVotes struct { + Votes []InjectedVoteExt +} +``` + +These structs are used to handle injected vote extensions. They include the signer of the vote extension and the bids associated with the vote extension. Each byte array in Bids is a serialised form of a bid transaction. Injected vote extensions are used to add additional information to a vote after it has been created, which can be useful for adding context or additional data to a vote. The serialised bid transactions provide a way to include complex transaction data in a compact, efficient format. + +```go +type AppVoteExtension struct { + Height int64 + Bids [][]byte +} +``` + +This struct is used for application vote extensions. It includes the height of the block and the bids associated with the vote extension. Application vote extensions are used to add additional information to a vote at the application level, which can be useful for adding context or additional data to a vote that is specific to the application. + +```go +type SpecialTransaction struct { + Height int + Bids [][]byte +} +``` + +This struct is used for special transactions. It includes the height of the block and the bids associated with the transaction. Special transactions are used for transactions that need to be handled differently from regular transactions, such as transactions that are part of the process to mitigate front-running. + +### Implementing Handlers and Configuring Handlers + +To establish the `VoteExtensionHandler`, follow these steps: + +1. Navigate to the `abci/proposal.go` file. This is where we will implement the `VoteExtensionHandler``. + +2. Implement the `NewVoteExtensionHandler` function. This function is a constructor for the `VoteExtHandler` struct. It takes a logger, a mempool, and a codec as parameters and returns a new instance of `VoteExtHandler`. + +```go +func NewVoteExtensionHandler(lg log.Logger, mp *mempool.ThresholdMempool, cdc codec.Codec) *VoteExtHandler { + return &VoteExtHandler{ + logger: lg, + mempool: mp, + cdc: cdc, + } +} +``` + +3. Implement the `ExtendVoteHandler()` method. This method should handle the logic of extending votes, including inspecting the mempool and submitting a list of all pending bids. This will allow you to access the list of unconfirmed transactions in the abci.`RequestPrepareProposal` during the ensuing block. + +```go +func (h *VoteExtHandler) ExtendVoteHandler() sdk.ExtendVoteHandler { + return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + h.logger.Info(fmt.Sprintf("Extending votes at block height : %v", req.Height)) + + voteExtBids := [][]byte{} + + // Get mempool txs + itr := h.mempool.SelectPending(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + sdkMsgs := tmptx.GetMsgs() + + // Iterate through msgs, check for any bids + for _, msg := range sdkMsgs { + switch msg := msg.(type) { + case *nstypes.MsgBid: + // Marshal sdk bids to []byte + bz, err := h.cdc.Marshal(msg) + if err != nil { + h.logger.Error(fmt.Sprintf("Error marshalling VE Bid : %v", err)) + break + } + voteExtBids = append(voteExtBids, bz) + default: + } + } + + // Move tx to ready pool + err := h.mempool.Update(context.Background(), tmptx) + + // Remove tx from app side mempool + if err != nil { + h.logger.Info(fmt.Sprintf("Unable to update mempool tx: %v", err)) + } + + itr = itr.Next() + } + + // Create vote extension + voteExt := AppVoteExtension{ + Height: req.Height, + Bids: voteExtBids, + } + + // Encode Vote Extension + bz, err := json.Marshal(voteExt) + if err != nil { + return nil, fmt.Errorf("Error marshalling VE: %w", err) + } + + return &abci.ResponseExtendVote{VoteExtension: bz}, nil +} +``` + +4. Configure the handler in `app/app.go` as shown below + +```go +bApp := baseapp.NewBaseApp(AppName, logger, db, txConfig.TxDecoder(), baseAppOptions...) +voteExtHandler := abci2.NewVoteExtensionHandler(logger, mempool, appCodec) +bApp.SetExtendVoteHandler(voteExtHandler.ExtendVoteHandler()) +``` + +To give a bit of context on what is happening above, we first create a new instance of `VoteExtensionHandler` with the necessary dependencies (logger, mempool, and codec). Then, we set this handler as the `ExtendVoteHandler` for our application. This means that whenever a vote needs to be extended, our custom `ExtendVoteHandler()` method will be called. + +To test if vote extensions have been propagated, add the following to the `PrepareProposalHandler`: + +```go +if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf("🛠️ :: Get vote extensions: %v", voteExt)) +} +``` + +This is how the whole function should look: + +```go +func (h *PrepareProposalHandler) PrepareProposalHandler() sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + h.logger.Info(fmt.Sprintf("🛠️ :: Prepare Proposal")) + var proposalTxs [][]byte + + var txs []sdk.Tx + + // Get Vote Extensions + if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf("🛠️ :: Get vote extensions: %v", voteExt)) + } + + itr := h.mempool.Select(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + + txs = append(txs, tmptx) + itr = itr.Next() + } + h.logger.Info(fmt.Sprintf("🛠️ :: Number of Transactions available from mempool: %v", len(txs))) + + if h.runProvider { + tmpMsgs, err := h.txProvider.BuildProposal(ctx, txs) + if err != nil { + h.logger.Error(fmt.Sprintf("❌️ :: Error Building Custom Proposal: %v", err)) + } + txs = tmpMsgs + } + + for _, sdkTxs := range txs { + txBytes, err := h.txConfig.TxEncoder()(sdkTxs) + if err != nil { + h.logger.Info(fmt.Sprintf("❌~Error encoding transaction: %v", err.Error())) + } + proposalTxs = append(proposalTxs, txBytes) + } + + h.logger.Info(fmt.Sprintf("🛠️ :: Number of Transactions in proposal: %v", len(proposalTxs))) + + return &abci.ResponsePrepareProposal{Txs: proposalTxs}, nil + } +} +``` + +As mentioned above, we check if vote extensions have been propagated, you can do this by checking the logs for any relevant messages such as `🛠️ :: Get vote extensions:`. If the logs do not provide enough information, you can also reinitialise your local testing environment by running the `./scripts/single_node/setup.sh` script again. + +5. Implement the `ProcessProposalHandler()`. This function is responsible for processing the proposal. It should handle the logic of processing vote extensions, including inspecting the proposal and validating the bids. + +```go +func (h *ProcessProposalHandler) ProcessProposalHandler() sdk.ProcessProposalHandler { + return func(ctx sdk.Context, req *abci.RequestProcessProposal) (resp *abci.ResponseProcessProposal, err error) { + h.Logger.Info(fmt.Sprintf("⚙️ :: Process Proposal")) + + // The first transaction will always be the Special Transaction + numTxs := len(req.Txs) + + h.Logger.Info(fmt.Sprintf("⚙️:: Number of transactions :: %v", numTxs)) + + if numTxs >= 1 { + var st SpecialTransaction + err = json.Unmarshal(req.Txs[0], &st) + if err != nil { + h.Logger.Error(fmt.Sprintf("❌️:: Error unmarshalling special Tx in Process Proposal :: %v", err)) + } + if len(st.Bids) > 0 { + h.Logger.Info(fmt.Sprintf("⚙️:: There are bids in the Special Transaction")) + var bids []nstypes.MsgBid + for i, b := range st.Bids { + var bid nstypes.MsgBid + h.Codec.Unmarshal(b, &bid) + h.Logger.Info(fmt.Sprintf("⚙️:: Special Transaction Bid No %v :: %v", i, bid)) + bids = append(bids, bid) + } + // Validate Bids in Tx + txs := req.Txs[1:] + ok, err := ValidateBids(h.TxConfig, bids, txs, h.Logger) + if err != nil { + h.Logger.Error(fmt.Sprintf("❌️:: Error validating bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + if !ok { + h.Logger.Error(fmt.Sprintf("❌️:: Unable to validate bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + h.Logger.Info("⚙️:: Successfully validated bids in Process Proposal") + } + } + + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil + } +} +``` + +6. Implement the `ProcessVoteExtensions()` function. This function should handle the logic of processing vote extensions, including validating the bids. + +```go +func processVoteExtensions(req *abci.RequestPrepareProposal, log log.Logger) (SpecialTransaction, error) { + log.Info(fmt.Sprintf("🛠️ :: Process Vote Extensions")) + + // Create empty response + st := SpecialTransaction{ + 0, + [][]byte{}, + } + + // Get Vote Ext for H-1 from Req + voteExt := req.GetLocalLastCommit() + votes := voteExt.Votes + + // Iterate through votes + var ve AppVoteExtension + for _, vote := range votes { + // Unmarshal to AppExt + err := json.Unmarshal(vote.VoteExtension, &ve) + if err != nil { + log.Error(fmt.Sprintf("❌ :: Error unmarshalling Vote Extension")) + } + + st.Height = int(ve.Height) + + // If Bids in VE, append to Special Transaction + if len(ve.Bids) > 0 { + log.Info("🛠️ :: Bids in VE") + for _, b := range ve.Bids { + st.Bids = append(st.Bids, b) + } + } + } + + return st, nil +} +``` + +7. Configure the `ProcessProposalHandler()` in app/app.go: + +```go +processPropHandler := abci2.ProcessProposalHandler{app.txConfig, appCodec, logger} +bApp.SetProcessProposal(processPropHandler.ProcessProposalHandler()) +``` + +This sets the `ProcessProposalHandler()` for our application. This means that whenever a proposal needs to be processed, our custom `ProcessProposalHandler()` method will be called. + +To test if the proposal processing and vote extensions are working correctly, you can check the logs for any relevant messages. If the logs do not provide enough information, you can also reinitialize your local testing environment by running `./scripts/single_node/setup.sh` script. diff --git a/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md new file mode 100644 index 00000000..24c688c9 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md @@ -0,0 +1,106 @@ +# Demo of Mitigating Front-Running with Vote Extensions + +The purpose of this demo is to test the implementation of the `VoteExtensionHandler` and `PrepareProposalHandler` that we have just added to the codebase. These handlers are designed to mitigate front-running by ensuring that all validators have a consistent view of the mempool when preparing proposals. + +In this demo, we are using a 3 validator network. The Beacon validator is special because it has a custom transaction provider enabled. This means that it can potentially manipulate the order of transactions in a proposal to its advantage (i.e., front-running). + +1. Bootstrap the validator network: This sets up a network with 3 validators. The script `./scripts/configure.sh is used to configure the network and the validators. + +```shell +cd scripts +configure.sh +``` + +If this doesn't work please ensure you have run `make build` in the `tutorials/nameservice/base` directory. + + +2. Have alice attempt to reserve `bob.cosmos`: This is a normal transaction that alice wants to execute. The script ``./scripts/reserve.sh "bob.cosmos"` is used to send this transaction. + +```shell +reserve.sh "bob.cosmos" +``` + +3. Query to verify the name has been reserved: This is to check the result of the transaction. The script `./scripts/whois.sh "bob.cosmos"` is used to query the state of the blockchain. + +```shell +whois.sh "bob.cosmos" +``` + +It should return: + +```{ + "name": { + "name": "bob.cosmos", + "owner": "cosmos1nq9wuvuju4jdmpmzvxmg8zhhu2ma2y2l2pnu6w", + "resolve_address": "cosmos1h6zy2kn9efxtw5z22rc5k9qu7twl70z24kr3ht", + "amount": [ + { + "denom": "uatom", + "amount": "1000" + } + ] + } +} +``` + +To detect front-running attempts by the beacon, scrutinise the logs during the `ProcessProposal` stage. Open the logs for each validator, including the beacon, `val1`, and `val2`, to observe the following behavior. Open the log file of the validator node. The location of this file can vary depending on your setup, but it's typically located in a directory like `$HOME/cosmos/nodes/#{validator}/logs`. The directory in this case will be under the validator so, `beacon` `val1` or `val2`. Run the following to tail the logs of the validator or beacon: + +```shell +tail -f $HOME/cosmos/nodes/#{validator}/logs +``` + +```shell +2:47PM ERR :: Detected invalid proposal bid :: name:"bob.cosmos" resolveAddress:"cosmos1wmuwv38pdur63zw04t0c78r2a8dyt08hf9tpvd" owner:"cosmos1wmuwv38pdur63zw04t0c78r2a8dyt08hf9tpvd" amount: module=server +2:47PM ERR :: Unable to validate bids in Process Proposal :: module=server +2:47PM ERR prevote step: state machine rejected a proposed block; this should not happen:the proposer may be misbehaving; prevoting nil err=null height=142 module=consensus round=0 +``` + + +4. List the Beacon's keys: This is to verify the addresses of the validators. The script `./scripts/list-beacon-keys.sh` is used to list the keys. + +```shell +list-beacon-keys.sh +``` + +We should receive something similar to the following: + +```shell +[ + { + "name": "alice", + "type": "local", + "address": "cosmos1h6zy2kn9efxtw5z22rc5k9qu7twl70z24kr3ht", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"A32cvBUkNJz+h2vld4A5BxvU5Rd+HyqpR3aGtvEhlm4C\"}" + }, + { + "name": "barbara", + "type": "local", + "address": "cosmos1nq9wuvuju4jdmpmzvxmg8zhhu2ma2y2l2pnu6w", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"Ag9PFsNyTQPoJdbyCWia5rZH9CrvSrjMsk7Oz4L3rXQ5\"}" + }, + { + "name": "beacon-key", + "type": "local", + "address": "cosmos1ez9a6x7lz4gvn27zr368muw8jeyas7sv84lfup", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"AlzJZMWyN7lass710TnAhyuFKAFIaANJyw5ad5P2kpcH\"}" + }, + { + "name": "cindy", + "type": "local", + "address": "cosmos1m5j6za9w4qc2c5ljzxmm2v7a63mhjeag34pa3g", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"A6F1/3yot5OpyXoSkBbkyl+3rqBkxzRVSJfvSpm/AvW5\"}" + } +] +``` + +This allows us to match up the addresses and see that the bid was not front run by the beacon due as the resolve address is Alice's address and not the beacons address. + +By running this demo, we can verify that the `VoteExtensionHandler` and `PrepareProposalHandler` are working as expected and that they are able to prevent front-running. + +## Conclusion + +In this tutorial, we've tackled front-running and MEV, focusing on nameservice auctions' vulnerability to these issues. We've explored vote extensions, a key feature of ABCI 2.0, and integrated them into a Cosmos SDK application. + +Through practical exercises, you've implemented vote extensions, and tested their effectiveness in creating a fair auction system. You've gained practical insights by configuring a validator network and analysing blockchain logs. + +Keep experimenting with these concepts, engage with the community, and stay updated on new advancements. The knowledge you've acquired here is crucial for developing secure and fair blockchain applications. diff --git a/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md.bak b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md.bak new file mode 100644 index 00000000..63f37b4a --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md.bak @@ -0,0 +1,106 @@ +# Demo of Mitigating Front-Running with Vote Extensions + +The purpose of this demo is to test the implementation of the `VoteExtensionHandler` and `PrepareProposalHandler` that we have just added to the codebase. These handlers are designed to mitigate front-running by ensuring that all validators have a consistent view of the mempool when preparing proposals. + +In this demo, we are using a 3 validator network. The Beacon validator is special because it has a custom transaction provider enabled. This means that it can potentially manipulate the order of transactions in a proposal to its advantage (i.e., front-running). + +1. Bootstrap the validator network: This sets up a network with 3 validators. The script `./scripts/configure.sh is used to configure the network and the validators. + +```shell +cd scripts +configure.sh +``` + +If this doesn't work please ensure you have run `make build` in the `tutorials/nameservice/base` directory. + + +2. Have alice attempt to reserve `bob.cosmos`: This is a normal transaction that alice wants to execute. The script ``./scripts/reserve.sh "bob.cosmos"` is used to send this transaction. + +```shell +reserve.sh "bob.cosmos" +``` + +3. Query to verify the name has been reserved: This is to check the result of the transaction. The script `./scripts/whois.sh "bob.cosmos"` is used to query the state of the blockchain. + +```shell +whois.sh "bob.cosmos" +``` + +It should return: + +```{ + "name": { + "name": "bob.cosmos", + "owner": "cosmos1nq9wuvuju4jdmpmzvxmg8zhhu2ma2y2l2pnu6w", + "resolve_address": "cosmos1h6zy2kn9efxtw5z22rc5k9qu7twl70z24kr3ht", + "amount": [ + { + "denom": "uatom", + "amount": "1000" + } + ] + } +} +``` + +To detect front-running attempts by the beacon, scrutinise the logs during the `ProcessProposal` stage. Open the logs for each validator, including the beacon, `val1`, and `val2`, to observe the following behavior. Open the log file of the validator node. The location of this file can vary depending on your setup, but it's typically located in a directory like `$HOME/cosmos/nodes/#{validator}/logs`. The directory in this case will be under the validator so, `beacon` `val1` or `val2`. Run the following to tail the logs of the validator or beacon: + +```shell +tail -f $HOME/cosmos/nodes/#{validator}/logs +``` + +```shell +2:47PM ERR ❌️:: Detected invalid proposal bid :: name:"bob.cosmos" resolveAddress:"cosmos1wmuwv38pdur63zw04t0c78r2a8dyt08hf9tpvd" owner:"cosmos1wmuwv38pdur63zw04t0c78r2a8dyt08hf9tpvd" amount: module=server +2:47PM ERR ❌️:: Unable to validate bids in Process Proposal :: module=server +2:47PM ERR prevote step: state machine rejected a proposed block; this should not happen:the proposer may be misbehaving; prevoting nil err=null height=142 module=consensus round=0 +``` + + +4. List the Beacon's keys: This is to verify the addresses of the validators. The script `./scripts/list-beacon-keys.sh` is used to list the keys. + +```shell +list-beacon-keys.sh +``` + +We should receive something similar to the following: + +```shell +[ + { + "name": "alice", + "type": "local", + "address": "cosmos1h6zy2kn9efxtw5z22rc5k9qu7twl70z24kr3ht", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"A32cvBUkNJz+h2vld4A5BxvU5Rd+HyqpR3aGtvEhlm4C\"}" + }, + { + "name": "barbara", + "type": "local", + "address": "cosmos1nq9wuvuju4jdmpmzvxmg8zhhu2ma2y2l2pnu6w", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"Ag9PFsNyTQPoJdbyCWia5rZH9CrvSrjMsk7Oz4L3rXQ5\"}" + }, + { + "name": "beacon-key", + "type": "local", + "address": "cosmos1ez9a6x7lz4gvn27zr368muw8jeyas7sv84lfup", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"AlzJZMWyN7lass710TnAhyuFKAFIaANJyw5ad5P2kpcH\"}" + }, + { + "name": "cindy", + "type": "local", + "address": "cosmos1m5j6za9w4qc2c5ljzxmm2v7a63mhjeag34pa3g", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"A6F1/3yot5OpyXoSkBbkyl+3rqBkxzRVSJfvSpm/AvW5\"}" + } +] +``` + +This allows us to match up the addresses and see that the bid was not front run by the beacon due as the resolve address is Alice's address and not the beacons address. + +By running this demo, we can verify that the `VoteExtensionHandler` and `PrepareProposalHandler` are working as expected and that they are able to prevent front-running. + +## Conclusion + +In this tutorial, we've tackled front-running and MEV, focusing on nameservice auctions' vulnerability to these issues. We've explored vote extensions, a key feature of ABCI 2.0, and integrated them into a Cosmos SDK application. + +Through practical exercises, you've implemented vote extensions, and tested their effectiveness in creating a fair auction system. You've gained practical insights by configuring a validator network and analysing blockchain logs. + +Keep experimenting with these concepts, engage with the community, and stay updated on new advancements. The knowledge you've acquired here is crucial for developing secure and fair blockchain applications. diff --git a/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/_category_.json b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/_category_.json new file mode 100644 index 00000000..aab0cfdf --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/auction-frontrunning/_category_.json @@ -0,0 +1,5 @@ +{ + "label": " Mitigating Auction Front-Running Tutorial", + "position": 0, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/oracle/00-getting-started.md b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/oracle/00-getting-started.md new file mode 100644 index 00000000..59ea65be --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/oracle/00-getting-started.md @@ -0,0 +1,36 @@ +# Getting Started + +## Table of Contents + +* [What is an Oracle?](./01-what-is-an-oracle.md) +* [Implementing Vote Extensions](./02-implementing-vote-extensions.md) +* [Testing the Oracle Module](./03-testing-oracle.md) + +## Prerequisites + +Before you start with this tutorial, make sure you have: + +* A working chain project. This tutorial won't cover the steps of creating a new chain/module. +* Familiarity with the Cosmos SDK. If you're not, we suggest you start with [Cosmos SDK Tutorials](https://tutorials.cosmos.network), as ABCI++ is considered an advanced topic. +* Read and understood [What is an Oracle?](01-what-is-an-oracle.md). This provides necessary background information for understanding the Oracle module. +* Basic understanding of Go programming language. + +## What are Vote extensions? + +Vote extensions is arbitrary information which can be inserted into a block. This feature is part of ABCI 2.0, which is available for use in the SDK 0.50 release and part of the 0.38 CometBFT release. + +More information about vote extensions can be seen [here](https://docs.cosmos.network/main/build/abci/vote-extensions). + +## Overview of the project + +We’ll go through the creation of a simple price oracle module focusing on the vote extensions implementation, ignoring the details inside the price oracle itself. + +We’ll go through the implementation of: + +* `ExtendVote` to get information from external price APIs. +* `VerifyVoteExtension` to check that the format of the provided votes is correct. +* `PrepareProposal` to process the vote extensions from the previous block and include them into the proposal as a transaction. +* `ProcessProposal` to check that the first transaction in the proposal is actually a “special tx” that contains the price information. +* `PreBlocker` to make price information available during FinalizeBlock. + +If you would like to see the complete working oracle module please see [here](https://github.com/cosmos/sdk-tutorials/blob/master/tutorials/oracle/base/x/oracle) diff --git a/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/oracle/01-what-is-an-oracle.md b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/oracle/01-what-is-an-oracle.md new file mode 100644 index 00000000..9d50ddb3 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/oracle/01-what-is-an-oracle.md @@ -0,0 +1,13 @@ +# What is an Oracle? + +An oracle in blockchain technology is a system that provides external data to a blockchain network. It acts as a source of information that is not natively accessible within the blockchain's closed environment. This can range from financial market prices to real-world event, making it crucial for decentralised applications. + +## Oracle in the Cosmos SDK + +In the Cosmos SDK, an oracle module can be implemented to provide external data to the blockchain. This module can use features like vote extensions to submit additional data during the consensus process, which can then be used by the blockchain to update its state with information from the outside world. + +For instance, a price oracle module in the Cosmos SDK could supply timely and accurate asset price information, which is vital for various financial operations within the blockchain ecosystem. + +## Conclusion + +Oracles are essential for blockchains to interact with external data, enabling them to respond to real-world information and events. Their implementation is key to the reliability and robustness of blockchain networks. diff --git a/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/oracle/02-implementing-vote-extensions.md b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/oracle/02-implementing-vote-extensions.md new file mode 100644 index 00000000..aa610b5d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/oracle/02-implementing-vote-extensions.md @@ -0,0 +1,219 @@ +# Implementing Vote Extensions + +## Implement ExtendVote + +First we’ll create the `OracleVoteExtension` struct, this is the object that will be marshaled as bytes and signed by the validator. + +In our example we’ll use JSON to marshal the vote extension for simplicity but we recommend to find an encoding that produces a smaller output, given that large vote extensions could impact CometBFT’s performance. Custom encodings and compressed bytes can be used out of the box. + +```go +// OracleVoteExtension defines the canonical vote extension structure. +type OracleVoteExtension struct { + Height int64 + Prices map[string]math.LegacyDec +} +``` + +Then we’ll create a `VoteExtensionsHandler` struct that contains everything we need to query for prices. + +```go +type VoteExtHandler struct { + logger log.Logger + currentBlock int64 // current block height + lastPriceSyncTS time.Time // last time we synced prices + providerTimeout time.Duration // timeout for fetching prices from providers + providers map[string]Provider // mapping of provider name to provider (e.g. Binance -> BinanceProvider) + providerPairs map[string][]keeper.CurrencyPair // mapping of provider name to supported pairs (e.g. Binance -> [ATOM/USD]) + + Keeper keeper.Keeper // keeper of our oracle module +} +``` + +Finally, a function that returns `sdk.ExtendVoteHandler` is needed too, and this is where our vote extension logic will live. + +```go +func (h *VoteExtHandler) ExtendVoteHandler() sdk.ExtendVoteHandler { + return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + // here we'd have a helper function that gets all the prices and does a weighted average using the volume of each market + prices := h.getAllVolumeWeightedPrices() + + voteExt := OracleVoteExtension{ + Height: req.Height, + Prices: prices, + } + + bz, err := json.Marshal(voteExt) + if err != nil { + return nil, fmt.Errorf("failed to marshal vote extension: %w", err) + } + + return &abci.ResponseExtendVote{VoteExtension: bz}, nil + } +} +``` + +As you can see above, the creation of a vote extension is pretty simple and we just have to return bytes. CometBFT will handle the signing of these bytes for us. We ignored the process of getting the prices but you can see a more complete example [here:](https://github.com/cosmos/sdk-tutorials/blob/master/tutorials/oracle/base/x/oracle/abci/vote_extensions.go) + +Here we’ll do some simple checks like: + +* Is the vote extension unmarshaled correctly? +* Is the vote extension for the right height? +* Some other validation, for example, are the prices from this extension too deviated from my own prices? Or maybe checks that can detect malicious behavior. + +```go +func (h *VoteExtHandler) VerifyVoteExtensionHandler() sdk.VerifyVoteExtensionHandler { + return func(ctx sdk.Context, req *abci.RequestVerifyVoteExtension) (*abci.ResponseVerifyVoteExtension, error) { + var voteExt OracleVoteExtension + err := json.Unmarshal(req.VoteExtension, &voteExt) + if err != nil { + return nil, fmt.Errorf("failed to unmarshal vote extension: %w", err) + } + + if voteExt.Height != req.Height { + return nil, fmt.Errorf("vote extension height does not match request height; expected: %d, got: %d", req.Height, voteExt.Height) + } + + // Verify incoming prices from a validator are valid. Note, verification during + // VerifyVoteExtensionHandler MUST be deterministic. For brevity and demo + // purposes, we omit implementation. + if err := h.verifyOraclePrices(ctx, voteExt.Prices); err != nil { + return nil, fmt.Errorf("failed to verify oracle prices from validator %X: %w", req.ValidatorAddress, err) + } + + return &abci.ResponseVerifyVoteExtension{Status: abci.ResponseVerifyVoteExtension_ACCEPT}, nil + } +} +``` + +## Implement PrepareProposal + +```go +type ProposalHandler struct { + logger log.Logger + keeper keeper.Keeper // our oracle module keeper + valStore baseapp.ValidatorStore // to get the current validators' pubkeys +} +``` + +And we create the struct for our “special tx”, that will contain the prices and the votes so validators can later re-check in ProcessPRoposal that they get the same result than the block’s proposer. With this we could also check if all the votes have been used by comparing the votes received in ProcessProposal. + +```go +type StakeWeightedPrices struct { + StakeWeightedPrices map[string]math.LegacyDec + ExtendedCommitInfo abci.ExtendedCommitInfo +} +``` + +Now we create the `PrepareProposalHandler`. In this step we’ll first check if the vote extensions’ signatures are correct using a helper function called ValidateVoteExtensions from the baseapp package. + +```go +func (h *ProposalHandler) PrepareProposal() sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + err := baseapp.ValidateVoteExtensions(ctx, h.valStore, req.Height, ctx.ChainID(), req.LocalLastCommit) + if err != nil { + return nil, err + } +... +``` + +Then we proceed to make the calculations only if the current height if higher than the height at which vote extensions have been enabled. Remember that vote extensions are made available to the block proposer on the next block at which they are produced/enabled. + +```go +... + proposalTxs := req.Txs + + if req.Height > ctx.ConsensusParams().Abci.VoteExtensionsEnableHeight { + stakeWeightedPrices, err := h.computeStakeWeightedOraclePrices(ctx, req.LocalLastCommit) + if err != nil { + return nil, errors.New("failed to compute stake-weighted oracle prices") + } + + injectedVoteExtTx := StakeWeightedPrices{ + StakeWeightedPrices: stakeWeightedPrices, + ExtendedCommitInfo: req.LocalLastCommit, + } +... +``` + +Finally we inject the result as a transaction at a specific location, usually at the beginning of the block: + +## Implement ProcessProposal + +Now we can implement the method that all validators will execute to ensure the proposer is doing his work correctly. + +Here, if vote extensions are enabled, we’ll check if the tx at index 0 is an injected vote extension + +```go +func (h *ProposalHandler) ProcessProposal() sdk.ProcessProposalHandler { + return func(ctx sdk.Context, req *abci.RequestProcessProposal) (*abci.ResponseProcessProposal, error) { + if req.Height > ctx.ConsensusParams().Abci.VoteExtensionsEnableHeight { + var injectedVoteExtTx StakeWeightedPrices + if err := json.Unmarshal(req.Txs[0], &injectedVoteExtTx); err != nil { + h.logger.Error("failed to decode injected vote extension tx", "err", err) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } +... +``` + +Then we re-validate the vote extensions signatures using +baseapp.ValidateVoteExtensions, re-calculate the results (just like in PrepareProposal) and compare them with the results we got from the injected tx. + +```go + err := baseapp.ValidateVoteExtensions(ctx, h.valStore, req.Height, ctx.ChainID(), injectedVoteExtTx.ExtendedCommitInfo) + if err != nil { + return nil, err + } + + // Verify the proposer's stake-weighted oracle prices by computing the same + // calculation and comparing the results. We omit verification for brevity + // and demo purposes. + stakeWeightedPrices, err := h.computeStakeWeightedOraclePrices(ctx, injectedVoteExtTx.ExtendedCommitInfo) + if err != nil { + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + + if err := compareOraclePrices(injectedVoteExtTx.StakeWeightedPrices, stakeWeightedPrices); err != nil { + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + } + + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil + } +} +``` + +Important: In this example we avoided using the mempool and other basics, please refer to the DefaultProposalHandler for a complete implementation: [https://github.com/cosmos/cosmos-sdk/blob/v0.50.1/baseapp/abci_utils.go](https://github.com/cosmos/cosmos-sdk/blob/v0.50.1/baseapp/abci_utils.go) + +## Implement PreBlocker + +Now validators are extending their vote, verifying other votes and including the result in the block. But how do we actually make use of this result? This is done in the PreBlocker which is code that is run before any other code during FinalizeBlock so we make sure we make this information available to the chain and its modules during the entire block execution (from BeginBlock). + +At this step we know that the injected tx is well-formatted and has been verified by the validators participating in consensus, so making use of it is straightforward. Just check if vote extensions are enabled, pick up the first transaction and use a method in your module’s keeper to set the result. + +```go +func (h *ProposalHandler) PreBlocker(ctx sdk.Context, req *abci.RequestFinalizeBlock) (*sdk.ResponsePreBlock, error) { + res := &sdk.ResponsePreBlock{} + if len(req.Txs) == 0 { + return res, nil + } + + if req.Height > ctx.ConsensusParams().Abci.VoteExtensionsEnableHeight { + var injectedVoteExtTx StakeWeightedPrices + if err := json.Unmarshal(req.Txs[0], &injectedVoteExtTx); err != nil { + h.logger.Error("failed to decode injected vote extension tx", "err", err) + return nil, err + } + + // set oracle prices using the passed in context, which will make these prices available in the current block + if err := h.keeper.SetOraclePrices(ctx, injectedVoteExtTx.StakeWeightedPrices); err != nil { + return nil, err + } + } + return res, nil +} + +``` + +## Conclusion + +In this tutorial, we've created a simple price oracle module that incorporates vote extensions. We've seen how to implement `ExtendVote`, `VerifyVoteExtension`, `PrepareProposal`, `ProcessProposal`, and `PreBlocker` to handle the voting and verification process of vote extensions, as well as how to make use of the results during the block execution. diff --git a/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/oracle/03-testing-oracle.md b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/oracle/03-testing-oracle.md new file mode 100644 index 00000000..905ca0d7 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/oracle/03-testing-oracle.md @@ -0,0 +1,57 @@ +# Testing the Oracle Module + +We will guide you through the process of testing the Oracle module in your application. The Oracle module uses vote extensions to provide current price data. If you would like to see the complete working oracle module please see [here](https://github.com/cosmos/sdk-tutorials/blob/master/tutorials/oracle/base/x/oracle). + +## Step 1: Compile and Install the Application + +First, we need to compile and install the application. Please ensure you are in the `tutorials/oracle/base` directory. Run the following command in your terminal: + +```shell +make install +``` + +This command compiles the application and moves the resulting binary to a location in your system's PATH. + +## Step 2: Initialise the Application + +Next, we need to initialise the application. Run the following command in your terminal: + +```shell +make init +``` + +This command runs the script `tutorials/oracle/base/scripts/init.sh`, which sets up the necessary configuration for your application to run. This includes creating the `app.toml` configuration file and initialising the blockchain with a genesis block. + +## Step 3: Start the Application + +Now, we can start the application. Run the following command in your terminal: + +```shell +exampled start +``` + +This command starts your application, begins the blockchain node, and starts processing transactions. + +## Step 4: Query the Oracle Prices + +Finally, we can query the current prices from the Oracle module. Run the following command in your terminal: + +```shell +exampled q oracle prices +``` + +This command queries the current prices from the Oracle module. The expected output shows that the vote extensions were successfully included in the block and the Oracle module was able to retrieve the price data. + +## Understanding Vote Extensions in Oracle + +In the Oracle module, the `ExtendVoteHandler` function is responsible for creating the vote extensions. This function fetches the current prices from the provider, creates a `OracleVoteExtension` struct with these prices, and then marshals this struct into bytes. These bytes are then set as the vote extension. + +In the context of testing, the Oracle module uses a mock provider to simulate the behavior of a real price provider. This mock provider is defined in the mockprovider package and is used to return predefined prices for specific currency pairs. + +## Conclusion + +In this tutorial, we've delved into the concept of Oracle's in blockchain technology, focusing on their role in providing external data to a blockchain network. We've explored vote extensions, a powerful feature of ABCI++, and integrated them into a Cosmos SDK application to create a price oracle module. + +Through hands-on exercises, you've implemented vote extensions, and tested their effectiveness in providing timely and accurate asset price information. You've gained practical insights by setting up a mock provider for testing and analysing the process of extending votes, verifying vote extensions, and preparing and processing proposals. + +Keep experimenting with these concepts, engage with the community, and stay updated on new advancements. The knowledge you've acquired here is crucial for developing robust and reliable blockchain applications that can interact with real-world data. diff --git a/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/oracle/_category_.json b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/oracle/_category_.json new file mode 100644 index 00000000..b63ffe2f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/tutorials/vote-extensions/oracle/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Oracle Tutorial", + "position": 1, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.50/user/run-node/00-keyring.md b/copy-of-sdk-versioned_docs/version-0.50/user/run-node/00-keyring.md new file mode 100644 index 00000000..f96fa7d2 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/user/run-node/00-keyring.md @@ -0,0 +1,145 @@ +--- +sidebar_position: 1 +--- + +# Setting up the keyring + +:::note Synopsis +This document describes how to configure and use the keyring and its various backends for an [**application**](../../learn/beginner/00-app-anatomy.md). +::: + +The keyring holds the private/public keypairs used to interact with a node. For instance, a validator key needs to be set up before running the blockchain node, so that blocks can be correctly signed. The private key can be stored in different locations, called "backends", such as a file or the operating system's own key storage. + +## Available backends for the keyring + +Starting with the v0.38.0 release, Cosmos SDK comes with a new keyring implementation +that provides a set of commands to manage cryptographic keys in a secure fashion. The +new keyring supports multiple storage backends, some of which may not be available on +all operating systems. + +### The `os` backend + +The `os` backend relies on operating system-specific defaults to handle key storage +securely. Typically, an operating system's credential sub-system handles password prompts, +private keys storage, and user sessions according to the user's password policies. Here +is a list of the most popular operating systems and their respective passwords manager: + +* macOS: [Keychain](https://support.apple.com/en-gb/guide/keychain-access/welcome/mac) +* Windows: [Credentials Management API](https://docs.microsoft.com/en-us/windows/win32/secauthn/credentials-management) +* GNU/Linux: + * [libsecret](https://gitlab.gnome.org/GNOME/libsecret) + * [kwallet](https://api.kde.org/frameworks/kwallet/html/index.html) + * [keyctl](https://www.kernel.org/doc/html/latest/security/keys/core.html) + +GNU/Linux distributions that use GNOME as default desktop environment typically come with +[Seahorse](https://wiki.gnome.org/Apps/Seahorse). Users of KDE based distributions are +commonly provided with [KDE Wallet Manager](https://userbase.kde.org/KDE_Wallet_Manager). +Whilst the former is in fact a `libsecret` convenient frontend, the latter is a `kwallet` +client. `keyctl` is a secure backend leverages the Linux's kernel security key management system +to store cryptographic keys securely in memory. + +`os` is the default option since operating system's default credentials managers are +designed to meet users' most common needs and provide them with a comfortable +experience without compromising on security. + +The recommended backends for headless environments are `file` and `pass`. + +### The `file` backend + +The `file` backend more closely resembles the keybase implementation used prior to +v0.38.1. It stores the keyring encrypted within the app's configuration directory. This +keyring will request a password each time it is accessed, which may occur multiple +times in a single command resulting in repeated password prompts. If using bash scripts +to execute commands using the `file` option you may want to utilize the following format +for multiple prompts: + +```shell +# assuming that KEYPASSWD is set in the environment +$ gaiacli config keyring-backend file # use file backend +$ (echo $KEYPASSWD; echo $KEYPASSWD) | gaiacli keys add me # multiple prompts +$ echo $KEYPASSWD | gaiacli keys show me # single prompt +``` + +:::tip +The first time you add a key to an empty keyring, you will be prompted to type the password twice. +::: + +### The `pass` backend + +The `pass` backend uses the [pass](https://www.passwordstore.org/) utility to manage on-disk +encryption of keys' sensitive data and metadata. Keys are stored inside `gpg` encrypted files +within app-specific directories. `pass` is available for the most popular UNIX +operating systems as well as GNU/Linux distributions. Please refer to its manual page for +information on how to download and install it. + +:::tip +**pass** uses [GnuPG](https://gnupg.org/) for encryption. `gpg` automatically invokes the `gpg-agent` +daemon upon execution, which handles the caching of GnuPG credentials. Please refer to `gpg-agent` +man page for more information on how to configure cache parameters such as credentials TTL and +passphrase expiration. +::: + +The password store must be set up prior to first use: + +```shell +pass init +``` + +Replace `` with your GPG key ID. You can use your personal GPG key or an alternative +one you may want to use specifically to encrypt the password store. + +### The `kwallet` backend + +The `kwallet` backend uses `KDE Wallet Manager`, which comes installed by default on the +GNU/Linux distributions that ships KDE as default desktop environment. Please refer to +[KWallet Handbook](https://docs.kde.org/stable5/en/kdeutils/kwallet5/index.html) for more +information. + +### The `keyctl` backend + +The *Kernel Key Retention Service* is a security facility that +has been added to the Linux kernel relatively recently. It allows sensitive +cryptographic data such as passwords, private key, authentication tokens, etc +to be stored securely in memory. + +The `keyctl` backend is available on Linux platforms only. + +### The `test` backend + +The `test` backend is a password-less variation of the `file` backend. Keys are stored +unencrypted on disk. + +**Provided for testing purposes only. The `test` backend is not recommended for use in production environments**. + +### The `memory` backend + +The `memory` backend stores keys in memory. The keys are immediately deleted after the program has exited. + +**Provided for testing purposes only. The `memory` backend is not recommended for use in production environments**. + +### Setting backend using the env variable + +You can set the keyring-backend using env variable: `BINNAME_KEYRING_BACKEND`. For example, if your binary name is `gaia-v5` then set: `export GAIA_V5_KEYRING_BACKEND=pass` + +## Adding keys to the keyring + +:::warning +Make sure you can build your own binary, and replace `simd` with the name of your binary in the snippets. +::: + +Applications developed using the Cosmos SDK come with the `keys` subcommand. For the purpose of this tutorial, we're running the `simd` CLI, which is an application built using the Cosmos SDK for testing and educational purposes. For more information, see [`simapp`](https://github.com/cosmos/cosmos-sdk/tree/main/simapp). + +You can use `simd keys` for help about the keys command and `simd keys [command] --help` for more information about a particular subcommand. + +To create a new key in the keyring, run the `add` subcommand with a `` argument. For the purpose of this tutorial, we will solely use the `test` backend, and call our new key `my_validator`. This key will be used in the next section. + +```bash +$ simd keys add my_validator --keyring-backend test + +# Put the generated address in a variable for later use. +MY_VALIDATOR_ADDRESS=$(simd keys show my_validator -a --keyring-backend test) +``` + +This command generates a new 24-word mnemonic phrase, persists it to the relevant backend, and outputs information about the keypair. If this keypair will be used to hold value-bearing tokens, be sure to write down the mnemonic phrase somewhere safe! + +By default, the keyring generates a `secp256k1` keypair. The keyring also supports `ed25519` keys, which may be created by passing the `--algo ed25519` flag. A keyring can of course hold both types of keys simultaneously, and the Cosmos SDK's `x/auth` module supports natively these two public key algorithms. diff --git a/copy-of-sdk-versioned_docs/version-0.50/user/run-node/01-run-node.md b/copy-of-sdk-versioned_docs/version-0.50/user/run-node/01-run-node.md new file mode 100644 index 00000000..f16eb42f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/user/run-node/01-run-node.md @@ -0,0 +1,218 @@ +--- +sidebar_position: 1 +--- + +# Running a Node + +:::note Synopsis +Now that the application is ready and the keyring populated, it's time to see how to run the blockchain node. In this section, the application we are running is called [`simapp`](https://github.com/cosmos/cosmos-sdk/tree/main/simapp), and its corresponding CLI binary `simd`. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK Application](../../learn/beginner/00-app-anatomy.md) +* [Setting up the keyring](./00-keyring.md) + +::: + +## Initialize the Chain + +:::warning +Make sure you can build your own binary, and replace `simd` with the name of your binary in the snippets. +::: + +Before actually running the node, we need to initialize the chain, and most importantly its genesis file. This is done with the `init` subcommand: + +```bash +# The argument is the custom username of your node, it should be human-readable. +simd init --chain-id my-test-chain +``` + +The command above creates all the configuration files needed for your node to run, as well as a default genesis file, which defines the initial state of the network. + +:::tip +All these configuration files are in `~/.simapp` by default, but you can overwrite the location of this folder by passing the `--home` flag to each commands, +or set an `$APPD_HOME` environment variable (where `APPD` is the name of the binary). +::: + +The `~/.simapp` folder has the following structure: + +```bash +. # ~/.simapp + |- data # Contains the databases used by the node. + |- config/ + |- app.toml # Application-related configuration file. + |- config.toml # CometBFT-related configuration file. + |- genesis.json # The genesis file. + |- node_key.json # Private key to use for node authentication in the p2p protocol. + |- priv_validator_key.json # Private key to use as a validator in the consensus protocol. +``` + +## Updating Some Default Settings + +If you want to change any field values in configuration files (for ex: genesis.json) you can use `jq` ([installation](https://stedolan.github.io/jq/download/) & [docs](https://stedolan.github.io/jq/manual/#Assignment)) & `sed` commands to do that. Few examples are listed here. + +```bash +# to change the chain-id +jq '.chain_id = "testing"' genesis.json > temp.json && mv temp.json genesis.json + +# to enable the api server +sed -i '/\[api\]/,+3 s/enable = false/enable = true/' app.toml + +# to change the voting_period +jq '.app_state.gov.voting_params.voting_period = "600s"' genesis.json > temp.json && mv temp.json genesis.json + +# to change the inflation +jq '.app_state.mint.minter.inflation = "0.300000000000000000"' genesis.json > temp.json && mv temp.json genesis.json +``` + +### Client Interaction + +When instantiating a node, GRPC and REST are defaulted to localhost to avoid unknown exposure of your node to the public. It is recommended to not expose these endpoints without a proxy that can handle load balancing or authentication is setup between your node and the public. + +:::tip +A commonly used tool for this is [nginx](https://nginx.org). +::: + + +## Adding Genesis Accounts + +Before starting the chain, you need to populate the state with at least one account. To do so, first [create a new account in the keyring](./00-keyring.md#adding-keys-to-the-keyring) named `my_validator` under the `test` keyring backend (feel free to choose another name and another backend). + +Now that you have created a local account, go ahead and grant it some `stake` tokens in your chain's genesis file. Doing so will also make sure your chain is aware of this account's existence: + +```bash +simd genesis add-genesis-account $MY_VALIDATOR_ADDRESS 100000000000stake +``` + +Recall that `$MY_VALIDATOR_ADDRESS` is a variable that holds the address of the `my_validator` key in the [keyring](./00-keyring.md#adding-keys-to-the-keyring). Also note that the tokens in the Cosmos SDK have the `{amount}{denom}` format: `amount` is an 18-digit-precision decimal number, and `denom` is the unique token identifier with its denomination key (e.g. `atom` or `uatom`). Here, we are granting `stake` tokens, as `stake` is the token identifier used for staking in [`simapp`](https://github.com/cosmos/cosmos-sdk/tree/main/simapp). For your own chain with its own staking denom, that token identifier should be used instead. + +Now that your account has some tokens, you need to add a validator to your chain. Validators are special full-nodes that participate in the consensus process (implemented in the [underlying consensus engine](../../learn/intro/02-sdk-app-architecture.md#cometbft)) in order to add new blocks to the chain. Any account can declare its intention to become a validator operator, but only those with sufficient delegation get to enter the active set (for example, only the top 125 validator candidates with the most delegation get to be validators in the Cosmos Hub). For this guide, you will add your local node (created via the `init` command above) as a validator of your chain. Validators can be declared before a chain is first started via a special transaction included in the genesis file called a `gentx`: + +```bash +# Create a gentx. +simd genesis gentx my_validator 100000000stake --chain-id my-test-chain --keyring-backend test + +# Add the gentx to the genesis file. +simd genesis collect-gentxs +``` + +A `gentx` does three things: + +1. Registers the `validator` account you created as a validator operator account (i.e. the account that controls the validator). +2. Self-delegates the provided `amount` of staking tokens. +3. Link the operator account with a CometBFT node pubkey that will be used for signing blocks. If no `--pubkey` flag is provided, it defaults to the local node pubkey created via the `simd init` command above. + +For more information on `gentx`, use the following command: + +```bash +simd genesis gentx --help +``` + +## Configuring the Node Using `app.toml` and `config.toml` + +The Cosmos SDK automatically generates two configuration files inside `~/.simapp/config`: + +* `config.toml`: used to configure the CometBFT, learn more on [CometBFT's documentation](https://docs.cometbft.com/v0.37/core/configuration), +* `app.toml`: generated by the Cosmos SDK, and used to configure your app, such as state pruning strategies, telemetry, gRPC and REST servers configuration, state sync... + +Both files are heavily commented, please refer to them directly to tweak your node. + +One example config to tweak is the `minimum-gas-prices` field inside `app.toml`, which defines the minimum gas prices the validator node is willing to accept for processing a transaction. Depending on the chain, it might be an empty string or not. If it's empty, make sure to edit the field with some value, for example `10token`, or else the node will halt on startup. For the purpose of this tutorial, let's set the minimum gas price to 0: + +```toml + # The minimum gas prices a validator is willing to accept for processing a + # transaction. A transaction's fees must meet the minimum of any denomination + # specified in this config (e.g. 0.25token1;0.0001token2). + minimum-gas-prices = "0stake" +``` + +:::tip +When running a node (not a validator!) and not wanting to run the application mempool, set the `max-txs` field to `-1`. + +```toml +[mempool] +# Setting max-txs to 0 will allow for a unbounded amount of transactions in the mempool. +# Setting max_txs to negative 1 (-1) will disable transactions from being inserted into the mempool. +# Setting max_txs to a positive number (> 0) will limit the number of transactions in the mempool, by the specified amount. +# +# Note, this configuration only applies to SDK built-in app-side mempool +# implementations. +max-txs = "-1" +``` + +::: + +## Run a Localnet + +Now that everything is set up, you can finally start your node: + +```bash +simd start +``` + +You should see blocks come in. + +The previous command allow you to run a single node. This is enough for the next section on interacting with this node, but you may wish to run multiple nodes at the same time, and see how consensus happens between them. + +The naive way would be to run the same commands again in separate terminal windows. This is possible, however in the Cosmos SDK, we leverage the power of [Docker Compose](https://docs.docker.com/compose/) to run a localnet. If you need inspiration on how to set up your own localnet with Docker Compose, you can have a look at the Cosmos SDK's [`docker-compose.yml`](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/docker-compose.yml). + +### Standalone App/CometBFT + +By default, the Cosmos SDK runs CometBFT in-process with the application +If you want to run the application and CometBFT in separate processes, +start the application with the `--with-comet=false` flag +and set `rpc.laddr` in `config.toml` to the CometBFT node's RPC address. + +## Logging + +Logging provides a way to see what is going on with a node. By default the info level is set. This is a global level and all info logs will be outputted to the terminal. If you would like to filter specific logs to the terminal instead of all, then setting `module:log_level` is how this can work. + +Example: + +In config.toml: + +```toml +log_level: "state:info,p2p:info,consensus:info,x/staking:info,x/ibc:info,*error" +``` + +## State Sync + +State sync is the act in which a node syncs the latest or close to the latest state of a blockchain. This is useful for users who don't want to sync all the blocks in history. Read more in [CometBFT documentation](https://docs.cometbft.com/v0.37/core/state-sync). + +State sync works thanks to snapshots. Read how the SDK handles snapshots [here](https://github.com/cosmos/cosmos-sdk/blob/825245d/store/snapshots/README.md). + +### Local State Sync + +Local state sync work similar to normal state sync except that it works off a local snapshot of state instead of one provided via the p2p network. The steps to start local state sync are similar to normal state sync with a few different designs. + +1. As mentioned in https://docs.cometbft.com/v0.37/core/state-sync, one must set a height and hash in the config.toml along with a few rpc servers (the afromentioned link has instructions on how to do this). +2. Run ` ` to restore a local snapshot (note: first load it from a file with the *load* command). +3. Bootsrapping Comet state in order to start the node after the snapshot has been ingested. This can be done with the bootstrap command ` comet bootstrap-state` + +### Snapshots Commands + +The Cosmos SDK provides commands for managing snapshots. +These commands can be added in an app with the following snippet in `cmd//root.go`: + +```go +import ( + "github.com/cosmos/cosmos-sdk/client/snapshot" +) + +func initRootCmd(/* ... */) { + // ... + rootCmd.AddCommand( + snapshot.Cmd(appCreator), + ) +} +``` + +Then following commands are available at ` snapshots [command]`: + +* **list**: list local snapshots +* **load**: Load a snapshot archive file into snapshot store +* **restore**: Restore app state from local snapshot +* **export**: Export app state to snapshot store +* **dump**: Dump the snapshot as portable archive format +* **delete**: Delete a local snapshot diff --git a/copy-of-sdk-versioned_docs/version-0.50/user/run-node/02-interact-node.md b/copy-of-sdk-versioned_docs/version-0.50/user/run-node/02-interact-node.md new file mode 100644 index 00000000..a511aec4 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/user/run-node/02-interact-node.md @@ -0,0 +1,289 @@ +--- +sidebar_position: 1 +--- + +# Interacting with the Node + +:::note Synopsis +There are multiple ways to interact with a node: using the CLI, using gRPC or using the REST endpoints. +::: + +:::note Pre-requisite Readings + +* [gRPC, REST and CometBFT Endpoints](../../learn/advanced/06-grpc_rest.md) +* [Running a Node](./01-run-node.md) + +::: + +## Using the CLI + +Now that your chain is running, it is time to try sending tokens from the first account you created to a second account. In a new terminal window, start by running the following query command: + +```bash +simd query bank balances $MY_VALIDATOR_ADDRESS +``` + +You should see the current balance of the account you created, equal to the original balance of `stake` you granted it minus the amount you delegated via the `gentx`. Now, create a second account: + +```bash +simd keys add recipient --keyring-backend test + +# Put the generated address in a variable for later use. +RECIPIENT=$(simd keys show recipient -a --keyring-backend test) +``` + +The command above creates a local key-pair that is not yet registered on the chain. An account is created the first time it receives tokens from another account. Now, run the following command to send tokens to the `recipient` account: + +```bash +simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000000stake --chain-id my-test-chain --keyring-backend test + +# Check that the recipient account did receive the tokens. +simd query bank balances $RECIPIENT +``` + +Finally, delegate some of the stake tokens sent to the `recipient` account to the validator: + +```bash +simd tx staking delegate $(simd keys show my_validator --bech val -a --keyring-backend test) 500stake --from recipient --chain-id my-test-chain --keyring-backend test + +# Query the total delegations to `validator`. +simd query staking delegations-to $(simd keys show my_validator --bech val -a --keyring-backend test) +``` + +You should see two delegations, the first one made from the `gentx`, and the second one you just performed from the `recipient` account. + +## Using gRPC + +The Protobuf ecosystem developed tools for different use cases, including code-generation from `*.proto` files into various languages. These tools allow the building of clients easily. Often, the client connection (i.e. the transport) can be plugged and replaced very easily. Let's explore one of the most popular transport: [gRPC](../../learn/advanced/06-grpc_rest.md). + +Since the code generation library largely depends on your own tech stack, we will only present three alternatives: + +* `grpcurl` for generic debugging and testing, +* programmatically via Go, +* CosmJS for JavaScript/TypeScript developers. + +### grpcurl + +[grpcurl](https://github.com/fullstorydev/grpcurl) is like `curl` but for gRPC. It is also available as a Go library, but we will use it only as a CLI command for debugging and testing purposes. Follow the instructions in the previous link to install it. + +Assuming you have a local node running (either a localnet, or connected a live network), you should be able to run the following command to list the Protobuf services available (you can replace `localhost:9000` by the gRPC server endpoint of another node, which is configured under the `grpc.address` field inside [`app.toml`](../run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml)): + +```bash +grpcurl -plaintext localhost:9090 list +``` + +You should see a list of gRPC services, like `cosmos.bank.v1beta1.Query`. This is called reflection, which is a Protobuf endpoint returning a description of all available endpoints. Each of these represents a different Protobuf service, and each service exposes multiple RPC methods you can query against. + +In order to get a description of the service you can run the following command: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + describe cosmos.bank.v1beta1.Query # Service we want to inspect +``` + +It's also possible to execute an RPC call to query the node for information: + +```bash +grpcurl \ + -plaintext \ + -d "{\"address\":\"$MY_VALIDATOR_ADDRESS\"}" \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/AllBalances +``` + +The list of all available gRPC query endpoints is [coming soon](https://github.com/cosmos/cosmos-sdk/issues/7786). + +#### Query for historical state using grpcurl + +You may also query for historical data by passing some [gRPC metadata](https://github.com/grpc/grpc-go/blob/master/Documentation/grpc-metadata.md) to the query: the `x-cosmos-block-height` metadata should contain the block to query. Using grpcurl as above, the command looks like: + +```bash +grpcurl \ + -plaintext \ + -H "x-cosmos-block-height: 123" \ + -d "{\"address\":\"$MY_VALIDATOR_ADDRESS\"}" \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/AllBalances +``` + +Assuming the state at that block has not yet been pruned by the node, this query should return a non-empty response. + +### Programmatically via Go + +The following snippet shows how to query the state using gRPC inside a Go program. The idea is to create a gRPC connection, and use the Protobuf-generated client code to query the gRPC server. + +#### Install Cosmos SDK + + +```bash +go get github.com/cosmos/cosmos-sdk@main +``` + +```go +package main + +import ( + "context" + "fmt" + + "google.golang.org/grpc" + + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" +) + +func queryState() error { + myAddress, err := sdk.AccAddressFromBech32("cosmos1...") // the my_validator or recipient address. + if err != nil { + return err + } + + // Create a connection to the gRPC server. + grpcConn, err := grpc.Dial( + "127.0.0.1:9090", // your gRPC server address. + grpc.WithInsecure(), // The Cosmos SDK doesn't support any transport security mechanism. + // This instantiates a general gRPC codec which handles proto bytes. We pass in a nil interface registry + // if the request/response types contain interface instead of 'nil' you should pass the application specific codec. + grpc.WithDefaultCallOptions(grpc.ForceCodec(codec.NewProtoCodec(nil).GRPCCodec())), + ) + if err != nil { + return err + } + defer grpcConn.Close() + + // This creates a gRPC client to query the x/bank service. + bankClient := banktypes.NewQueryClient(grpcConn) + bankRes, err := bankClient.Balance( + context.Background(), + &banktypes.QueryBalanceRequest{Address: myAddress.String(), Denom: "stake"}, + ) + if err != nil { + return err + } + + fmt.Println(bankRes.GetBalance()) // Prints the account balance + + return nil +} + +func main() { + if err := queryState(); err != nil { + panic(err) + } +} +``` + +You can replace the query client (here we are using `x/bank`'s) with one generated from any other Protobuf service. The list of all available gRPC query endpoints is [coming soon](https://github.com/cosmos/cosmos-sdk/issues/7786). + +#### Query for historical state using Go + +Querying for historical blocks is done by adding the block height metadata in the gRPC request. + +```go +package main + +import ( + "context" + "fmt" + + "google.golang.org/grpc" + "google.golang.org/grpc/metadata" + + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + grpctypes "github.com/cosmos/cosmos-sdk/types/grpc" + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" +) + +func queryState() error { + myAddress, err := sdk.AccAddressFromBech32("cosmos1yerherx4d43gj5wa3zl5vflj9d4pln42n7kuzu") // the my_validator or recipient address. + if err != nil { + return err + } + + // Create a connection to the gRPC server. + grpcConn, err := grpc.Dial( + "127.0.0.1:9090", // your gRPC server address. + grpc.WithInsecure(), // The Cosmos SDK doesn't support any transport security mechanism. + // This instantiates a general gRPC codec which handles proto bytes. We pass in a nil interface registry + // if the request/response types contain interface instead of 'nil' you should pass the application specific codec. + grpc.WithDefaultCallOptions(grpc.ForceCodec(codec.NewProtoCodec(nil).GRPCCodec())), + ) + if err != nil { + return err + } + defer grpcConn.Close() + + // This creates a gRPC client to query the x/bank service. + bankClient := banktypes.NewQueryClient(grpcConn) + + var header metadata.MD + _, err = bankClient.Balance( + metadata.AppendToOutgoingContext(context.Background(), grpctypes.GRPCBlockHeightHeader, "12"), // Add metadata to request + &banktypes.QueryBalanceRequest{Address: myAddress.String(), Denom: "stake"}, + grpc.Header(&header), // Retrieve header from response + ) + if err != nil { + return err + } + blockHeight := header.Get(grpctypes.GRPCBlockHeightHeader) + + fmt.Println(blockHeight) // Prints the block height (12) + + return nil +} + +func main() { + if err := queryState(); err != nil { + panic(err) + } +} +``` + +### CosmJS + +CosmJS documentation can be found at [https://cosmos.github.io/cosmjs](https://cosmos.github.io/cosmjs). As of January 2021, CosmJS documentation is still work in progress. + +## Using the REST Endpoints + +As described in the [gRPC guide](../../learn/advanced/06-grpc_rest.md), all gRPC services on the Cosmos SDK are made available for more convenient REST-based queries through gRPC-gateway. The format of the URL path is based on the Protobuf service method's full-qualified name, but may contain small customizations so that final URLs look more idiomatic. For example, the REST endpoint for the `cosmos.bank.v1beta1.Query/AllBalances` method is `GET /cosmos/bank/v1beta1/balances/{address}`. Request arguments are passed as query parameters. + +Note that the REST endpoints are not enabled by default. To enable them, edit the `api` section of your `~/.simapp/config/app.toml` file: + +```toml +# Enable defines if the API server should be enabled. +enable = true +``` + +As a concrete example, the `curl` command to make balances request is: + +```bash +curl \ + -X GET \ + -H "Content-Type: application/json" \ + http://localhost:1317/cosmos/bank/v1beta1/balances/$MY_VALIDATOR_ADDRESS +``` + +Make sure to replace `localhost:1317` with the REST endpoint of your node, configured under the `api.address` field. + +The list of all available REST endpoints is available as a Swagger specification file, it can be viewed at `localhost:1317/swagger`. Make sure that the `api.swagger` field is set to true in your [`app.toml`](../run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml) file. + +### Query for historical state using REST + +Querying for historical state is done using the HTTP header `x-cosmos-block-height`. For example, a curl command would look like: + +```bash +curl \ + -X GET \ + -H "Content-Type: application/json" \ + -H "x-cosmos-block-height: 123" \ + http://localhost:1317/cosmos/bank/v1beta1/balances/$MY_VALIDATOR_ADDRESS +``` + +Assuming the state at that block has not yet been pruned by the node, this query should return a non-empty response. + +### Cross-Origin Resource Sharing (CORS) + +[CORS policies](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) are not enabled by default to help with security. If you would like to use the rest-server in a public environment we recommend you provide a reverse proxy, this can be done with [nginx](https://www.nginx.com/). For testing and development purposes there is an `enabled-unsafe-cors` field inside [`app.toml`](../run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml). diff --git a/copy-of-sdk-versioned_docs/version-0.50/user/run-node/03-txs.md b/copy-of-sdk-versioned_docs/version-0.50/user/run-node/03-txs.md new file mode 100644 index 00000000..106f02e8 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/user/run-node/03-txs.md @@ -0,0 +1,387 @@ +--- +sidebar_position: 1 +--- + +# Generating, Signing and Broadcasting Transactions + +:::note Synopsis +This document describes how to generate an (unsigned) transaction, signing it (with one or multiple keys), and broadcasting it to the network. +::: + +## Using the CLI + +The easiest way to send transactions is using the CLI, as we have seen in the previous page when [interacting with a node](./02-interact-node.md#using-the-cli). For example, running the following command + +```bash +simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake --chain-id my-test-chain --keyring-backend test +``` + +will run the following steps: + +* generate a transaction with one `Msg` (`x/bank`'s `MsgSend`), and print the generated transaction to the console. +* ask the user for confirmation to send the transaction from the `$MY_VALIDATOR_ADDRESS` account. +* fetch `$MY_VALIDATOR_ADDRESS` from the keyring. This is possible because we have [set up the CLI's keyring](./00-keyring.md) in a previous step. +* sign the generated transaction with the keyring's account. +* broadcast the signed transaction to the network. This is possible because the CLI connects to the node's CometBFT RPC endpoint. + +The CLI bundles all the necessary steps into a simple-to-use user experience. However, it's possible to run all the steps individually too. + +### Generating a Transaction + +Generating a transaction can simply be done by appending the `--generate-only` flag on any `tx` command, e.g.: + +```bash +simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake --chain-id my-test-chain --generate-only +``` + +This will output the unsigned transaction as JSON in the console. We can also save the unsigned transaction to a file (to be passed around between signers more easily) by appending `> unsigned_tx.json` to the above command. + +### Signing a Transaction + +Signing a transaction using the CLI requires the unsigned transaction to be saved in a file. Let's assume the unsigned transaction is in a file called `unsigned_tx.json` in the current directory (see previous paragraph on how to do that). Then, simply run the following command: + +```bash +simd tx sign unsigned_tx.json --chain-id my-test-chain --keyring-backend test --from $MY_VALIDATOR_ADDRESS +``` + +This command will decode the unsigned transaction and sign it with `SIGN_MODE_DIRECT` with `$MY_VALIDATOR_ADDRESS`'s key, which we already set up in the keyring. The signed transaction will be output as JSON to the console, and, as above, we can save it to a file by appending `--output-document signed_tx.json`. + +Some useful flags to consider in the `tx sign` command: + +* `--sign-mode`: you may use `amino-json` to sign the transaction using `SIGN_MODE_LEGACY_AMINO_JSON`, +* `--offline`: sign in offline mode. This means that the `tx sign` command doesn't connect to the node to retrieve the signer's account number and sequence, both needed for signing. In this case, you must manually supply the `--account-number` and `--sequence` flags. This is useful for offline signing, i.e. signing in a secure environment which doesn't have access to the internet. + +#### Signing with Multiple Signers + +:::warning +Please note that signing a transaction with multiple signers or with a multisig account, where at least one signer uses `SIGN_MODE_DIRECT`, is not yet possible. You may follow [this Github issue](https://github.com/cosmos/cosmos-sdk/issues/8141) for more info. +::: + +Signing with multiple signers is done with the `tx multisign` command. This command assumes that all signers use `SIGN_MODE_LEGACY_AMINO_JSON`. The flow is similar to the `tx sign` command flow, but instead of signing an unsigned transaction file, each signer signs the file signed by previous signer(s). The `tx multisign` command will append signatures to the existing transactions. It is important that signers sign the transaction **in the same order** as given by the transaction, which is retrievable using the `GetSigners()` method. + +For example, starting with the `unsigned_tx.json`, and assuming the transaction has 4 signers, we would run: + +```bash +# Let signer1 sign the unsigned tx. +simd tx multisign unsigned_tx.json signer_key_1 --chain-id my-test-chain --keyring-backend test > partial_tx_1.json +# Now signer1 will send the partial_tx_1.json to the signer2. +# Signer2 appends their signature: +simd tx multisign partial_tx_1.json signer_key_2 --chain-id my-test-chain --keyring-backend test > partial_tx_2.json +# Signer2 sends the partial_tx_2.json file to signer3, and signer3 can append his signature: +simd tx multisign partial_tx_2.json signer_key_3 --chain-id my-test-chain --keyring-backend test > partial_tx_3.json +``` + +### Broadcasting a Transaction + +Broadcasting a transaction is done using the following command: + +```bash +simd tx broadcast tx_signed.json +``` + +You may optionally pass the `--broadcast-mode` flag to specify which response to receive from the node: + +* `sync`: the CLI waits for a CheckTx execution response only. +* `async`: the CLI returns immediately (transaction might fail). + +### Encoding a Transaction + +In order to broadcast a transaction using the gRPC or REST endpoints, the transaction will need to be encoded first. This can be done using the CLI. + +Encoding a transaction is done using the following command: + +```bash +simd tx encode tx_signed.json +``` + +This will read the transaction from the file, serialize it using Protobuf, and output the transaction bytes as base64 in the console. + +### Decoding a Transaction + +The CLI can also be used to decode transaction bytes. + +Decoding a transaction is done using the following command: + +```bash +simd tx decode [protobuf-byte-string] +``` + +This will decode the transaction bytes and output the transaction as JSON in the console. You can also save the transaction to a file by appending `> tx.json` to the above command. + +## Programmatically with Go + +It is possible to manipulate transactions programmatically via Go using the Cosmos SDK's `TxBuilder` interface. + +### Generating a Transaction + +Before generating a transaction, a new instance of a `TxBuilder` needs to be created. Since the Cosmos SDK supports both Amino and Protobuf transactions, the first step would be to decide which encoding scheme to use. All the subsequent steps remain unchanged, whether you're using Amino or Protobuf, as `TxBuilder` abstracts the encoding mechanisms. In the following snippet, we will use Protobuf. + +```go +import ( + "github.com/cosmos/cosmos-sdk/simapp" +) + +func sendTx() error { + // Choose your codec: Amino or Protobuf. Here, we use Protobuf, given by the following function. + app := simapp.NewSimApp(...) + + // Create a new TxBuilder. + txBuilder := app.TxConfig().NewTxBuilder() + + // --snip-- +} +``` + +We can also set up some keys and addresses that will send and receive the transactions. Here, for the purpose of the tutorial, we will be using some dummy data to create keys. + +```go +import ( + "github.com/cosmos/cosmos-sdk/testutil/testdata" +) + +priv1, _, addr1 := testdata.KeyTestPubAddr() +priv2, _, addr2 := testdata.KeyTestPubAddr() +priv3, _, addr3 := testdata.KeyTestPubAddr() +``` + +Populating the `TxBuilder` can be done via its methods: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/client/tx_config.go#L33-L50 +``` + +```go +import ( + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" +) + +func sendTx() error { + // --snip-- + + // Define two x/bank MsgSend messages: + // - from addr1 to addr3, + // - from addr2 to addr3. + // This means that the transactions needs two signers: addr1 and addr2. + msg1 := banktypes.NewMsgSend(addr1, addr3, types.NewCoins(types.NewInt64Coin("atom", 12))) + msg2 := banktypes.NewMsgSend(addr2, addr3, types.NewCoins(types.NewInt64Coin("atom", 34))) + + err := txBuilder.SetMsgs(msg1, msg2) + if err != nil { + return err + } + + txBuilder.SetGasLimit(...) + txBuilder.SetFeeAmount(...) + txBuilder.SetMemo(...) + txBuilder.SetTimeoutHeight(...) +} +``` + +At this point, `TxBuilder`'s underlying transaction is ready to be signed. + +### Signing a Transaction + +We set encoding config to use Protobuf, which will use `SIGN_MODE_DIRECT` by default. As per [ADR-020](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-020-protobuf-transaction-encoding.md), each signer needs to sign the `SignerInfo`s of all other signers. This means that we need to perform two steps sequentially: + +* for each signer, populate the signer's `SignerInfo` inside `TxBuilder`, +* once all `SignerInfo`s are populated, for each signer, sign the `SignDoc` (the payload to be signed). + +In the current `TxBuilder`'s API, both steps are done using the same method: `SetSignatures()`. The current API requires us to first perform a round of `SetSignatures()` _with empty signatures_, only to populate `SignerInfo`s, and a second round of `SetSignatures()` to actually sign the correct payload. + +```go +import ( + cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" + "github.com/cosmos/cosmos-sdk/types/tx/signing" + xauthsigning "github.com/cosmos/cosmos-sdk/x/auth/signing" +) + +func sendTx() error { + // --snip-- + + privs := []cryptotypes.PrivKey{priv1, priv2} + accNums:= []uint64{..., ...} // The accounts' account numbers + accSeqs:= []uint64{..., ...} // The accounts' sequence numbers + + // First round: we gather all the signer infos. We use the "set empty + // signature" hack to do that. + var sigsV2 []signing.SignatureV2 + for i, priv := range privs { + sigV2 := signing.SignatureV2{ + PubKey: priv.PubKey(), + Data: &signing.SingleSignatureData{ + SignMode: encCfg.TxConfig.SignModeHandler().DefaultMode(), + Signature: nil, + }, + Sequence: accSeqs[i], + } + + sigsV2 = append(sigsV2, sigV2) + } + err := txBuilder.SetSignatures(sigsV2...) + if err != nil { + return err + } + + // Second round: all signer infos are set, so each signer can sign. + sigsV2 = []signing.SignatureV2{} + for i, priv := range privs { + signerData := xauthsigning.SignerData{ + ChainID: chainID, + AccountNumber: accNums[i], + Sequence: accSeqs[i], + } + sigV2, err := tx.SignWithPrivKey( + encCfg.TxConfig.SignModeHandler().DefaultMode(), signerData, + txBuilder, priv, encCfg.TxConfig, accSeqs[i]) + if err != nil { + return nil, err + } + + sigsV2 = append(sigsV2, sigV2) + } + err = txBuilder.SetSignatures(sigsV2...) + if err != nil { + return err + } +} +``` + +The `TxBuilder` is now correctly populated. To print it, you can use the `TxConfig` interface from the initial encoding config `encCfg`: + +```go +func sendTx() error { + // --snip-- + + // Generated Protobuf-encoded bytes. + txBytes, err := encCfg.TxConfig.TxEncoder()(txBuilder.GetTx()) + if err != nil { + return err + } + + // Generate a JSON string. + txJSONBytes, err := encCfg.TxConfig.TxJSONEncoder()(txBuilder.GetTx()) + if err != nil { + return err + } + txJSON := string(txJSONBytes) +} +``` + +### Broadcasting a Transaction + +The preferred way to broadcast a transaction is to use gRPC, though using REST (via `gRPC-gateway`) or the CometBFT RPC is also posible. An overview of the differences between these methods is exposed [here](../../learn/advanced/06-grpc_rest.md). For this tutorial, we will only describe the gRPC method. + +```go +import ( + "context" + "fmt" + + "google.golang.org/grpc" + + "github.com/cosmos/cosmos-sdk/types/tx" +) + +func sendTx(ctx context.Context) error { + // --snip-- + + // Create a connection to the gRPC server. + grpcConn := grpc.Dial( + "127.0.0.1:9090", // Or your gRPC server address. + grpc.WithInsecure(), // The Cosmos SDK doesn't support any transport security mechanism. + ) + defer grpcConn.Close() + + // Broadcast the tx via gRPC. We create a new client for the Protobuf Tx + // service. + txClient := tx.NewServiceClient(grpcConn) + // We then call the BroadcastTx method on this client. + grpcRes, err := txClient.BroadcastTx( + ctx, + &tx.BroadcastTxRequest{ + Mode: tx.BroadcastMode_BROADCAST_MODE_SYNC, + TxBytes: txBytes, // Proto-binary of the signed transaction, see previous step. + }, + ) + if err != nil { + return err + } + + fmt.Println(grpcRes.TxResponse.Code) // Should be `0` if the tx is successful + + return nil +} +``` + +#### Simulating a Transaction + +Before broadcasting a transaction, we sometimes may want to dry-run the transaction, to estimate some information about the transaction without actually committing it. This is called simulating a transaction, and can be done as follows: + +```go +import ( + "context" + "fmt" + "testing" + + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/types/tx" + authtx "github.com/cosmos/cosmos-sdk/x/auth/tx" +) + +func simulateTx() error { + // --snip-- + + // Simulate the tx via gRPC. We create a new client for the Protobuf Tx + // service. + txClient := tx.NewServiceClient(grpcConn) + txBytes := /* Fill in with your signed transaction bytes. */ + + // We then call the Simulate method on this client. + grpcRes, err := txClient.Simulate( + context.Background(), + &tx.SimulateRequest{ + TxBytes: txBytes, + }, + ) + if err != nil { + return err + } + + fmt.Println(grpcRes.GasInfo) // Prints estimated gas used. + + return nil +} +``` + +## Using gRPC + +It is not possible to generate or sign a transaction using gRPC, only to broadcast one. In order to broadcast a transaction using gRPC, you will need to generate, sign, and encode the transaction using either the CLI or programmatically with Go. + +### Broadcasting a Transaction + +Broadcasting a transaction using the gRPC endpoint can be done by sending a `BroadcastTx` request as follows, where the `txBytes` are the protobuf-encoded bytes of a signed transaction: + +```bash +grpcurl -plaintext \ + -d '{"tx_bytes":"{{txBytes}}","mode":"BROADCAST_MODE_SYNC"}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/BroadcastTx +``` + +## Using REST + +It is not possible to generate or sign a transaction using REST, only to broadcast one. In order to broadcast a transaction using REST, you will need to generate, sign, and encode the transaction using either the CLI or programmatically with Go. + +### Broadcasting a Transaction + +Broadcasting a transaction using the REST endpoint (served by `gRPC-gateway`) can be done by sending a POST request as follows, where the `txBytes` are the protobuf-encoded bytes of a signed transaction: + +```bash +curl -X POST \ + -H "Content-Type: application/json" \ + -d'{"tx_bytes":"{{txBytes}}","mode":"BROADCAST_MODE_SYNC"}' \ + localhost:1317/cosmos/tx/v1beta1/txs +``` + +## Using CosmJS (JavaScript & TypeScript) + +CosmJS aims to build client libraries in JavaScript that can be embedded in web applications. Please see [https://cosmos.github.io/cosmjs](https://cosmos.github.io/cosmjs) for more information. As of January 2021, CosmJS documentation is still work in progress. diff --git a/copy-of-sdk-versioned_docs/version-0.50/user/run-node/04-rosetta.md b/copy-of-sdk-versioned_docs/version-0.50/user/run-node/04-rosetta.md new file mode 100644 index 00000000..e4527abb --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/user/run-node/04-rosetta.md @@ -0,0 +1,144 @@ +# Rosetta + +The `rosetta` project implements Coinbase's [Rosetta API](https://www.rosetta-api.org). This document provides instructions on how to use the Rosetta API integration. For information about the motivation and design choices, refer to [ADR 035](https://docs.cosmos.network/main/architecture/adr-035-rosetta-api-support). + +## Installing Rosetta + +The Rosetta API server is a stand-alone server that connects to a node of a chain developed with Cosmos SDK. + +Rosetta can be added to any cosmos chain node. standalone or natively. + +### Standalone + +Rosetta can be executed as a standalone service, it connects to the node endpoints and expose the required endpoints. + +Install Rosetta standalone server with the following command: + +```bash +go install github.com/cosmos/rosetta +``` + +Alternatively, for building from source, simply run `make build`. The binary will be located in the root folder. + +### Native - As a node command + +To enable Native Rosetta API support, it's required to add the `RosettaCommand` to your application's root command file (e.g. `simd/cmd/root.go`). + +Import the `rosettaCmd` package: + +```go +import "github.com/cosmos/rosetta/cmd" +``` + +Find the following line: + +```go +initRootCmd(rootCmd, encodingConfig) +``` + +After that line, add the following: + +```go +rootCmd.AddCommand( + rosettaCmd.RosettaCommand(encodingConfig.InterfaceRegistry, encodingConfig.Codec) +) +``` + +The `RosettaCommand` function builds the `rosetta` root command and is defined in the `rosettaCmd` package (`github.com/cosmos/rosetta/cmd`). + +Since we’ve updated the Cosmos SDK to work with the Rosetta API, updating the application's root command file is all you need to do. + +An implementation example can be found in `simapp` package. + +## Use Rosetta Command + +To run Rosetta in your application CLI, use the following command: + +> **Note:** if using the native approach, add your node name before any rosetta command. + +```shell +rosetta --help +``` + +To test and run Rosetta API endpoints for applications that are running and exposed, use the following command: + +```shell +rosetta + --blockchain "your application name (ex: gaia)" + --network "your chain identifier (ex: testnet-1)" + --tendermint "tendermint endpoint (ex: localhost:26657)" + --grpc "gRPC endpoint (ex: localhost:9090)" + --addr "rosetta binding address (ex: :8080)" + --grpc-types-server (optional) "gRPC endpoint for message descriptor types" +``` + +## Plugins - Multi chain connections + +Rosetta will try to reflect the node types trough reflection over the node gRPC endpoints, there may be cases were this approach is not enough. It is possible to extend or implement the required types easily through plugins. + +To use Rosetta over any chain, it is required to set up prefixes and registering zone specific interfaces through plugins. + +Each plugin is a minimalist implementation of `InitZone` and `RegisterInterfaces` which allow Rosetta to parse chain specific data. There is an example for cosmos-hub chain under `plugins/cosmos-hun/` folder +- **InitZone**: An empty method that is executed first and defines prefixes, parameters and other settings. +- **RegisterInterfaces**: This method receives an interface registry which is were the zone specific types and interfaces will be loaded + +In order to add a new plugin: +1. Create a folder over `plugins` folder with the name of the desired zone +2. Add a `main.go` file with the mentioned methods above. +3. Build the code binary through `go build -buildmode=plugin -o main.so main.go` + +The plugin folder is selected through the cli `--plugin` flag and loaded into the Rosetta server. + +## Extensions + +There are two ways in which you can customize and extend the implementation with your custom settings. + +### Message extension + +In order to make an `sdk.Msg` understandable by rosetta the only thing which is required is adding the methods to your messages that satisfy the `rosetta.Msg` interface. Examples on how to do so can be found in the staking types such as `MsgDelegate`, or in bank types such as `MsgSend`. + +### Client interface override + +In case more customization is required, it's possible to embed the Client type and override the methods which require customizations. + +Example: + +```go +package custom_client +import ( + +"context" +"github.com/coinbase/rosetta-sdk-go/types" +"github.com/cosmos/rosetta/lib" +) + +// CustomClient embeds the standard cosmos client +// which means that it implements the cosmos-rosetta-gateway Client +// interface while at the same time allowing to customize certain methods +type CustomClient struct { + *rosetta.Client +} + +func (c *CustomClient) ConstructionPayload(_ context.Context, request *types.ConstructionPayloadsRequest) (resp *types.ConstructionPayloadsResponse, err error) { + // provide custom signature bytes + panic("implement me") +} +``` + +NOTE: when using a customized client, the command cannot be used as the constructors required **may** differ, so it's required to create a new one. We intend to provide a way to init a customized client without writing extra code in the future. + +### Error extension + +Since rosetta requires to provide 'returned' errors to network options. In order to declare a new rosetta error, we use the `errors` package in cosmos-rosetta-gateway. + +Example: + +```go +package custom_errors +import crgerrs "github.com/cosmos/rosetta/lib/errors" + +var customErrRetriable = true +var CustomError = crgerrs.RegisterError(100, "custom message", customErrRetriable, "description") +``` + +Note: errors must be registered before cosmos-rosetta-gateway's `Server`.`Start` method is called. Otherwise the registration will be ignored. Errors with same code will be ignored too. diff --git a/copy-of-sdk-versioned_docs/version-0.50/user/run-node/05-run-testnet.md b/copy-of-sdk-versioned_docs/version-0.50/user/run-node/05-run-testnet.md new file mode 100644 index 00000000..c2b5da59 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/user/run-node/05-run-testnet.md @@ -0,0 +1,101 @@ +--- +sidebar_position: 1 +--- + +# Running a Testnet + +:::note Synopsis +The `simd testnet` subcommand makes it easy to initialize and start a simulated test network for testing purposes. +::: + +In addition to the commands for [running a node](./01-run-node.md), the `simd` binary also includes a `testnet` command that allows you to start a simulated test network in-process or to initialize files for a simulated test network that runs in a separate process. + +## Initialize Files + +First, let's take a look at the `init-files` subcommand. + +This is similar to the `init` command when initializing a single node, but in this case we are initializing multiple nodes, generating the genesis transactions for each node, and then collecting those transactions. + +The `init-files` subcommand initializes the necessary files to run a test network in a separate process (i.e. using a Docker container). Running this command is not a prerequisite for the `start` subcommand ([see below](#start-testnet)). + +In order to initialize the files for a test network, run the following command: + +```bash +simd testnet init-files +``` + +You should see the following output in your terminal: + +```bash +Successfully initialized 4 node directories +``` + +The default output directory is a relative `.testnets` directory. Let's take a look at the files created within the `.testnets` directory. + +### gentxs + +The `gentxs` directory includes a genesis transaction for each validator node. Each file includes a JSON encoded genesis transaction used to register a validator node at the time of genesis. The genesis transactions are added to the `genesis.json` file within each node directory during the initilization process. + +### nodes + +A node directory is created for each validator node. Within each node directory is a `simd` directory. The `simd` directory is the home directory for each node, which includes the configuration and data files for that node (i.e. the same files included in the default `~/.simapp` directory when running a single node). + +## Start Testnet + +Now, let's take a look at the `start` subcommand. + +The `start` subcommand both initializes and starts an in-process test network. This is the fastest way to spin up a local test network for testing purposes. + +You can start the local test network by running the following command: + +```bash +simd testnet start +``` + +You should see something similar to the following: + +```bash +acquiring test network lock +preparing test network with chain-id "chain-mtoD9v" + + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++ THIS MNEMONIC IS FOR TESTING PURPOSES ONLY ++ +++ DO NOT USE IN PRODUCTION ++ +++ ++ +++ sustain know debris minute gate hybrid stereo custom ++ +++ divorce cross spoon machine latin vibrant term oblige ++ +++ moment beauty laundry repeat grab game bronze truly ++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + +starting test network... +started test network +press the Enter Key to terminate +``` + +The first validator node is now running in-process, which means the test network will terminate once you either close the terminal window or you press the Enter key. In the output, the mnemonic phrase for the first validator node is provided for testing purposes. The validator node is using the same default addresses being used when initializing and starting a single node (no need to provide a `--node` flag). + +Check the status of the first validator node: + +```shell +simd status +``` + +Import the key from the provided mnemonic: + +```shell +simd keys add test --recover --keyring-backend test +``` + +Check the balance of the account address: + +```shell +simd q bank balances [address] +``` + +Use this test account to manually test against the test network. + +## Testnet Options + +You can customize the configuration of the test network with flags. In order to see all flag options, append the `--help` flag to each command. diff --git a/copy-of-sdk-versioned_docs/version-0.50/user/run-node/06-run-production.md b/copy-of-sdk-versioned_docs/version-0.50/user/run-node/06-run-production.md new file mode 100644 index 00000000..31d2932e --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/user/run-node/06-run-production.md @@ -0,0 +1,269 @@ +--- +sidebar_position: 1 +--- + +# Running in Production + +:::note Synopsis +This section describes how to securely run a node in a public setting and/or on a mainnet on one of the many Cosmos SDK public blockchains. +::: + +When operating a node, full node or validator, in production it is important to set your server up securely. + +:::note +There are many different ways to secure a server and your node, the described steps here is one way. To see another way of setting up a server see the [run in production tutorial](https://tutorials.cosmos.network/hands-on-exercise/5-run-in-prod/1-overview.html). +::: + +:::note +This walkthrough assumes the underlying operating system is Ubuntu. +::: + +## Sever Setup + +### User + +When creating a server most times it is created as user `root`. This user has heightened privileges on the server. When operating a node, it is recommended to not run your node as the root user. + +1. Create a new user + +```bash +sudo adduser change_me +``` + +2. We want to allow this user to perform sudo tasks + +```bash +sudo usermod -aG sudo change_me +``` + +Now when logging into the server, the non `root` user can be used. + +### Go + +1. Install the [Go](https://go.dev/doc/install) version preconized by the application. + +:::warning +In the past, validators [have had issues](https://github.com/cosmos/cosmos-sdk/issues/13976) when using different versions of Go. It is recommended that the whole validator set uses the version of Go that is preconized by the application. +::: + +### Firewall + +Nodes should not have all ports open to the public, this is a simple way to get DDOS'd. Secondly it is recommended by [CometBFT](github.com/cometbft/cometbft) to never expose ports that are not required to operate a node. + +When setting up a firewall there are a few ports that can be open when operating a Cosmos SDK node. There is the CometBFT json-RPC, prometheus, p2p, remote signer and Cosmos SDK GRPC and REST. If the node is being operated as a node that does not offer endpoints to be used for submission or querying then a max of three endpoints are needed. + +Most, if not all servers come equipped with [ufw](https://help.ubuntu.com/community/UFW). Ufw will be used in this tutorial. + +1. Reset UFW to disallow all incoming connections and allow outgoing + +```bash +sudo ufw default deny incoming +sudo ufw default allow outgoing +``` + +2. Lets make sure that port 22 (ssh) stays open. + +```bash +sudo ufw allow ssh +``` + +or + +```bash +sudo ufw allow 22 +``` + +Both of the above commands are the same. + +3. Allow Port 26656 (cometbft p2p port). If the node has a modified p2p port then that port must be used here. + +```bash +sudo ufw allow 26656/tcp +``` + +4. Allow port 26660 (cometbft [prometheus](https://prometheus.io)). This acts as the applications monitoring port as well. + +```bash +sudo ufw allow 26660/tcp +``` + +5. IF the node which is being setup would like to expose CometBFTs jsonRPC and Cosmos SDK GRPC and REST then follow this step. (Optional) + +##### CometBFT JsonRPC + +```bash +sudo ufw allow 26657/tcp +``` + +##### Cosmos SDK GRPC + +```bash +sudo ufw allow 9090/tcp +``` + +##### Cosmos SDK REST + +```bash +sudo ufw allow 1317/tcp +``` + +6. Lastly, enable ufw + +```bash +sudo ufw enable +``` + +### Signing + +If the node that is being started is a validator there are multiple ways a validator could sign blocks. + +#### File + +File based signing is the simplest and default approach. This approach works by storing the consensus key, generated on initialization, to sign blocks. This approach is only as safe as your server setup as if the server is compromised so is your key. This key is located in the `config/priv_val_key.json` directory generated on initialization. + +A second file exists that user must be aware of, the file is located in the data directory `data/priv_val_state.json`. This file protects your node from double signing. It keeps track of the consensus keys last sign height, round and latest signature. If the node crashes and needs to be recovered this file must be kept in order to ensure that the consensus key will not be used for signing a block that was previously signed. + +#### Remote Signer + +A remote signer is a secondary server that is separate from the running node that signs blocks with the consensus key. This means that the consensus key does not live on the node itself. This increases security because your full node which is connected to the remote signer can be swapped without missing blocks. + +The two most used remote signers are [tmkms](https://github.com/iqlusioninc/tmkms) from [Iqlusion](https://www.iqlusion.io) and [horcrux](https://github.com/strangelove-ventures/horcrux) from [Strangelove](https://strange.love). + +##### TMKMS + +###### Dependencies + +1. Update server dependencies and install extras needed. + +```sh +sudo apt update -y && sudo apt install build-essential curl jq -y +``` + +2. Install Rust: + +```sh +curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh +``` + +3. Install Libusb: + +```sh +sudo apt install libusb-1.0-0-dev +``` + +###### Setup + +There are two ways to install tmkms, from source or `cargo install`. In the examples we will cover downloading or building from source and using softsign. Softsign stands for software signing, but you could use a [yubihsm](https://www.yubico.com/products/hardware-security-module/) as your signing key if you wish. + +1. Build: + +From source: + +```bash +cd $HOME +git clone https://github.com/iqlusioninc/tmkms.git +cd $HOME/tmkms +cargo install tmkms --features=softsign +tmkms init config +tmkms softsign keygen ./config/secrets/secret_connection_key +``` + +or + +Cargo install: + +```bash +cargo install tmkms --features=softsign +tmkms init config +tmkms softsign keygen ./config/secrets/secret_connection_key +``` + +:::note +To use tmkms with a yubikey install the binary with `--features=yubihsm`. +::: + +2. Migrate the validator key from the full node to the new tmkms instance. + +```bash +scp user@123.456.32.123:~/.simd/config/priv_validator_key.json ~/tmkms/config/secrets +``` + +3. Import the validator key into tmkms. + +```bash +tmkms softsign import $HOME/tmkms/config/secrets/priv_validator_key.json $HOME/tmkms/config/secrets/priv_validator_key +``` + +At this point, it is necessary to delete the `priv_validator_key.json` from the validator node and the tmkms node. Since the key has been imported into tmkms (above) it is no longer necessary on the nodes. The key can be safely stored offline. + +4. Modifiy the `tmkms.toml`. + +```bash +vim $HOME/tmkms/config/tmkms.toml +``` + +This example shows a configuration that could be used for soft signing. The example has an IP of `123.456.12.345` with a port of `26659` a chain_id of `test-chain-waSDSe`. These are items that most be modified for the usecase of tmkms and the network. + +```toml +# CometBFT KMS configuration file + +## Chain Configuration + +[[chain]] +id = "osmosis-1" +key_format = { type = "bech32", account_key_prefix = "cosmospub", consensus_key_prefix = "cosmosvalconspub" } +state_file = "/root/tmkms/config/state/priv_validator_state.json" + +## Signing Provider Configuration + +### Software-based Signer Configuration + +[[providers.softsign]] +chain_ids = ["test-chain-waSDSe"] +key_type = "consensus" +path = "/root/tmkms/config/secrets/priv_validator_key" + +## Validator Configuration + +[[validator]] +chain_id = "test-chain-waSDSe" +addr = "tcp://123.456.12.345:26659" +secret_key = "/root/tmkms/config/secrets/secret_connection_key" +protocol_version = "v0.34" +reconnect = true +``` + +5. Set the address of the tmkms instance. + +```bash +vim $HOME/.simd/config/config.toml + +priv_validator_laddr = "tcp://0.0.0.0:26659" +``` + +:::tip +The above address it set to `0.0.0.0` but it is recommended to set the tmkms server to secure the startup +::: + +:::tip +It is recommended to comment or delete the lines that specify the path of the validator key and validator: + +```toml +# Path to the JSON file containing the private key to use as a validator in the consensus protocol +# priv_validator_key_file = "config/priv_validator_key.json" + +# Path to the JSON file containing the last sign state of a validator +# priv_validator_state_file = "data/priv_validator_state.json" +``` + +::: + +6. Start the two processes. + +```bash +tmkms start -c $HOME/tmkms/config/tmkms.toml +``` + +```bash +simd start +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/user/run-node/_category_.json b/copy-of-sdk-versioned_docs/version-0.50/user/run-node/_category_.json new file mode 100644 index 00000000..65e64b94 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/user/run-node/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Running a Node, API and CLI", + "position": 0, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.50/user/user.md b/copy-of-sdk-versioned_docs/version-0.50/user/user.md new file mode 100644 index 00000000..5429e8ad --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/user/user.md @@ -0,0 +1,10 @@ +--- +sidebar_position: 0 +--- +# User Guides + +This section is designed for developers who are using the Cosmos SDK to build applications. It provides essential guides and references to effectively use the SDK's features. + +* [Setting up keys](./run-node/00-keyring.md) - Learn how to set up secure key management using the Cosmos SDK's keyring feature. This guide provides a streamlined approach to cryptographic key handling, which is crucial for securing your application. +* [Running a node](./run-node/01-run-node.md) - This guide provides step-by-step instructions to deploy and manage a node in the Cosmos network. It ensures a smooth and reliable operation of your blockchain application by covering all the necessary setup and maintenance steps. +* [CLI](./run-node/02-interact-node.md) - Discover how to navigate and interact with the Cosmos SDK using the Command Line Interface (CLI). This section covers efficient and powerful command-based operations that can help you manage your application effectively. diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/00-baseapp.md b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/00-baseapp.md new file mode 100644 index 00000000..7c6bf2ac --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/00-baseapp.md @@ -0,0 +1,547 @@ +--- +sidebar_position: 1 +--- + +# BaseApp + +:::note Synopsis +This document describes `BaseApp`, the abstraction that implements the core functionalities of a Cosmos SDK application. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK application](../beginner/00-app-anatomy.md) +* [Lifecycle of a Cosmos SDK transaction](../beginner/01-tx-lifecycle.md) + +::: + +## Introduction + +`BaseApp` is a base type that implements the core of a Cosmos SDK application, namely: + +* The [Application Blockchain Interface](#main-abci-messages), for the state-machine to communicate with the underlying consensus engine (e.g. CometBFT). +* [Service Routers](#service-routers), to route messages and queries to the appropriate module. +* Different [states](#state-updates), as the state-machine can have different volatile states updated based on the ABCI message received. + +The goal of `BaseApp` is to provide the fundamental layer of a Cosmos SDK application +that developers can easily extend to build their own custom application. Usually, +developers will create a custom type for their application, like so: + +```go +type App struct { + // reference to a BaseApp + *baseapp.BaseApp + + // list of application store keys + + // list of application keepers + + // module manager +} +``` + +Extending the application with `BaseApp` gives the former access to all of `BaseApp`'s methods. +This allows developers to compose their custom application with the modules they want, while not +having to concern themselves with the hard work of implementing the ABCI, the service routers and state +management logic. + +## Type Definition + +The `BaseApp` type holds many important parameters for any Cosmos SDK based application. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/baseapp.go#L64-L201 +``` + +Let us go through the most important components. + +> **Note**: Not all parameters are described, only the most important ones. Refer to the +> type definition for the full list. + +First, the important parameters that are initialized during the bootstrapping of the application: + +* [`CommitMultiStore`](./04-store.md#commitmultistore): This is the main store of the application, + which holds the canonical state that is committed at the [end of each block](#commit). This store + is **not** cached, meaning it is not used to update the application's volatile (un-committed) states. + The `CommitMultiStore` is a multi-store, meaning a store of stores. Each module of the application + uses one or multiple `KVStores` in the multi-store to persist their subset of the state. +* Database: The `db` is used by the `CommitMultiStore` to handle data persistence. +* [`Msg` Service Router](#msg-service-router): The `msgServiceRouter` facilitates the routing of `sdk.Msg` requests to the appropriate + module `Msg` service for processing. Here a `sdk.Msg` refers to the transaction component that needs to be + processed by a service in order to update the application state, and not to ABCI message which implements + the interface between the application and the underlying consensus engine. +* [gRPC Query Router](#grpc-query-router): The `grpcQueryRouter` facilitates the routing of gRPC queries to the + appropriate module for it to be processed. These queries are not ABCI messages themselves, but they + are relayed to the relevant module's gRPC `Query` service. +* [`TxDecoder`](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/types#TxDecoder): It is used to decode + raw transaction bytes relayed by the underlying CometBFT engine. +* [`AnteHandler`](#antehandler): This handler is used to handle signature verification, fee payment, + and other pre-message execution checks when a transaction is received. It's executed during + [`CheckTx/RecheckTx`](#checktx) and [`FinalizeBlock`](#finalizeblock). +* [`InitChainer`](../beginner/00-app-anatomy.md#initchainer), [`PreBlocker`](../beginner/00-app-anatomy.md#preblocker), [`BeginBlocker` and `EndBlocker`](../beginner/00-app-anatomy.md#beginblocker-and-endblocker): These are + the functions executed when the application receives the `InitChain` and `FinalizeBlock` + ABCI messages from the underlying CometBFT engine. + +Then, parameters used to define [volatile states](#state-updates) (i.e. cached states): + +* `checkState`: This state is updated during [`CheckTx`](#checktx), and reset on [`Commit`](#commit). +* `finalizeBlockState`: This state is updated during [`FinalizeBlock`](#finalizeblock), and set to `nil` on + [`Commit`](#commit) and gets re-initialized on `FinalizeBlock`. +* `processProposalState`: This state is updated during [`ProcessProposal`](#process-proposal). +* `prepareProposalState`: This state is updated during [`PrepareProposal`](#prepare-proposal). + +Finally, a few more important parameters: + +* `voteInfos`: This parameter carries the list of validators whose precommit is missing, either + because they did not vote or because the proposer did not include their vote. This information is + carried by the [Context](./02-context.md) and can be used by the application for various things like + punishing absent validators. +* `minGasPrices`: This parameter defines the minimum gas prices accepted by the node. This is a + **local** parameter, meaning each full-node can set a different `minGasPrices`. It is used in the + `AnteHandler` during [`CheckTx`](#checktx), mainly as a spam protection mechanism. The transaction + enters the [mempool](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#mempool-methods) + only if the gas prices of the transaction are greater than one of the minimum gas price in + `minGasPrices` (e.g. if `minGasPrices == 1uatom,1photon`, the `gas-price` of the transaction must be + greater than `1uatom` OR `1photon`). +* `appVersion`: Version of the application. It is set in the + [application's constructor function](../beginner/00-app-anatomy.md#constructor-function). + +## Constructor + +```go +func NewBaseApp( + name string, logger log.Logger, db dbm.DB, txDecoder sdk.TxDecoder, options ...func(*BaseApp), +) *BaseApp { + + // ... +} +``` + +The `BaseApp` constructor function is pretty straightforward. The only thing worth noting is the +possibility to provide additional [`options`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/options.go) +to the `BaseApp`, which will execute them in order. The `options` are generally `setter` functions +for important parameters, like `SetPruning()` to set pruning options or `SetMinGasPrices()` to set +the node's `min-gas-prices`. + +Naturally, developers can add additional `options` based on their application's needs. + +## State Updates + +The `BaseApp` maintains four primary volatile states and a root or main state. The main state +is the canonical state of the application and the volatile states, `checkState`, `prepareProposalState`, `processProposalState` and `finalizeBlockState` +are used to handle state transitions in-between the main state made during [`Commit`](#commit). + +Internally, there is only a single `CommitMultiStore` which we refer to as the main or root state. +From this root state, we derive four volatile states by using a mechanism called _store branching_ (performed by `CacheWrap` function). +The types can be illustrated as follows: + +![Types](./baseapp_state.png) + +### InitChain State Updates + +During `InitChain`, the four volatile states, `checkState`, `prepareProposalState`, `processProposalState` +and `finalizeBlockState` are set by branching the root `CommitMultiStore`. Any subsequent reads and writes happen +on branched versions of the `CommitMultiStore`. +To avoid unnecessary roundtrip to the main state, all reads to the branched store are cached. + +![InitChain](./baseapp_state-initchain.png) + +### CheckTx State Updates + +During `CheckTx`, the `checkState`, which is based off of the last committed state from the root +store, is used for any reads and writes. Here we only execute the `AnteHandler` and verify a service router +exists for every message in the transaction. Note, when we execute the `AnteHandler`, we branch +the already branched `checkState`. +This has the side effect that if the `AnteHandler` fails, the state transitions won't be reflected in the `checkState` +-- i.e. `checkState` is only updated on success. + +![CheckTx](./baseapp_state-checktx.png) + +### PrepareProposal State Updates + +During `PrepareProposal`, the `prepareProposalState` is set by branching the root `CommitMultiStore`. +The `prepareProposalState` is used for any reads and writes that occur during the `PrepareProposal` phase. +The function uses the `Select()` method of the mempool to iterate over the transactions. `runTx` is then called, +which encodes and validates each transaction and from there the `AnteHandler` is executed. +If successful, valid transactions are returned inclusive of the events, tags, and data generated +during the execution of the proposal. +The described behavior is that of the default handler, applications have the flexibility to define their own +[custom mempool handlers](https://docs.cosmos.network/main/building-apps/app-mempool#custom-mempool-handlers). + +![ProcessProposal](./baseapp_state-prepareproposal.png) + +### ProcessProposal State Updates + +During `ProcessProposal`, the `processProposalState` is set based off of the last committed state +from the root store and is used to process a signed proposal received from a validator. +In this state, `runTx` is called and the `AnteHandler` is executed and the context used in this state is built with information +from the header and the main state, including the minimum gas prices, which are also set. +Again we want to highlight that the described behavior is that of the default handler and applications have the flexibility to define their own +[custom mempool handlers](https://docs.cosmos.network/main/building-apps/app-mempool#custom-mempool-handlers). + +![ProcessProposal](./baseapp_state-processproposal.png) + +### FinalizeBlock State Updates + +During `FinalizeBlock`, the `finalizeBlockState` is set for use during transaction execution and endblock. The +`finalizeBlockState` is based off of the last committed state from the root store and is branched. +Note, the `finalizeBlockState` is set to `nil` on [`Commit`](#commit). + +The state flow for transaction execution is nearly identical to `CheckTx` except state transitions occur on +the `finalizeBlockState` and messages in a transaction are executed. Similarly to `CheckTx`, state transitions +occur on a doubly branched state -- `finalizeBlockState`. Successful message execution results in +writes being committed to `finalizeBlockState`. Note, if message execution fails, state transitions from +the AnteHandler are persisted. + +### Commit State Updates + +During `Commit` all the state transitions that occurred in the `finalizeBlockState` are finally written to +the root `CommitMultiStore` which in turn is committed to disk and results in a new application +root hash. These state transitions are now considered final. Finally, the `checkState` is set to the +newly committed state and `finalizeBlockState` is set to `nil` to be reset on `FinalizeBlock`. + +![Commit](./baseapp_state-commit.png) + +## ParamStore + +During `InitChain`, the `RequestInitChain` provides `ConsensusParams` which contains parameters +related to block execution such as maximum gas and size in addition to evidence parameters. If these +parameters are non-nil, they are set in the BaseApp's `ParamStore`. Behind the scenes, the `ParamStore` +is managed by an `x/consensus_params` module. This allows the parameters to be tweaked via + on-chain governance. + +## Service Routers + +When messages and queries are received by the application, they must be routed to the appropriate module in order to be processed. Routing is done via `BaseApp`, which holds a `msgServiceRouter` for messages, and a `grpcQueryRouter` for queries. + +### `Msg` Service Router + +[`sdk.Msg`s](../../build/building-modules/02-messages-and-queries.md#messages) need to be routed after they are extracted from transactions, which are sent from the underlying CometBFT engine via the [`CheckTx`](#checktx) and [`FinalizeBlock`](#finalizeblock) ABCI messages. To do so, `BaseApp` holds a `msgServiceRouter` which maps fully-qualified service methods (`string`, defined in each module's Protobuf `Msg` service) to the appropriate module's `MsgServer` implementation. + +The [default `msgServiceRouter` included in `BaseApp`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/msg_service_router.go) is stateless. However, some applications may want to make use of more stateful routing mechanisms such as allowing governance to disable certain routes or point them to new modules for upgrade purposes. For this reason, the `sdk.Context` is also passed into each [route handler inside `msgServiceRouter`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/msg_service_router.go#L35-L36). For a stateless router that doesn't want to make use of this, you can just ignore the `ctx`. + +The application's `msgServiceRouter` is initialized with all the routes using the application's [module manager](../../build/building-modules/01-module-manager.md#manager) (via the `RegisterServices` method), which itself is initialized with all the application's modules in the application's [constructor](../beginner/00-app-anatomy.md#constructor-function). + +### gRPC Query Router + +Similar to `sdk.Msg`s, [`queries`](../../build/building-modules/02-messages-and-queries.md#queries) need to be routed to the appropriate module's [`Query` service](../../build/building-modules/04-query-services.md). To do so, `BaseApp` holds a `grpcQueryRouter`, which maps modules' fully-qualified service methods (`string`, defined in their Protobuf `Query` gRPC) to their `QueryServer` implementation. The `grpcQueryRouter` is called during the initial stages of query processing, which can be either by directly sending a gRPC query to the gRPC endpoint, or via the [`Query` ABCI message](#query) on the CometBFT RPC endpoint. + +Just like the `msgServiceRouter`, the `grpcQueryRouter` is initialized with all the query routes using the application's [module manager](../../build/building-modules/01-module-manager.md) (via the `RegisterServices` method), which itself is initialized with all the application's modules in the application's [constructor](../beginner/00-app-anatomy.md#app-constructor). + +## Main ABCI 2.0 Messages + +The [Application-Blockchain Interface](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md) (ABCI) is a generic interface that connects a state-machine with a consensus engine to form a functional full-node. It can be wrapped in any language, and needs to be implemented by each application-specific blockchain built on top of an ABCI-compatible consensus engine like CometBFT. + +The consensus engine handles two main tasks: + +* The networking logic, which mainly consists in gossiping block parts, transactions and consensus votes. +* The consensus logic, which results in the deterministic ordering of transactions in the form of blocks. + +It is **not** the role of the consensus engine to define the state or the validity of transactions. Generally, transactions are handled by the consensus engine in the form of `[]bytes`, and relayed to the application via the ABCI to be decoded and processed. At keys moments in the networking and consensus processes (e.g. beginning of a block, commit of a block, reception of an unconfirmed transaction, ...), the consensus engine emits ABCI messages for the state-machine to act on. + +Developers building on top of the Cosmos SDK need not implement the ABCI themselves, as `BaseApp` comes with a built-in implementation of the interface. Let us go through the main ABCI messages that `BaseApp` implements: + +* [`Prepare Proposal`](#prepare-proposal) +* [`Process Proposal`](#process-proposal) +* [`CheckTx`](#checktx) +* [`FinalizeBlock`](#finalizeblock) +* [`ExtendVote`](#extendvote) +* [`VerifyVoteExtension`](#verifyvoteextension) + + +### Prepare Proposal + +The `PrepareProposal` function is part of the new methods introduced in Application Blockchain Interface (ABCI++) in CometBFT and is an important part of the application's overall governance system. In the Cosmos SDK, it allows the application to have more fine-grained control over the transactions that are processed, and ensures that only valid transactions are committed to the blockchain. + +Here is how the `PrepareProposal` function can be implemented: + +1. Extract the `sdk.Msg`s from the transaction. +2. Perform _stateful_ checks by calling `Validate()` on each of the `sdk.Msg`'s. This is done after _stateless_ checks as _stateful_ checks are more computationally expensive. If `Validate()` fails, `PrepareProposal` returns before running further checks, which saves resources. +3. Perform any additional checks that are specific to the application, such as checking account balances, or ensuring that certain conditions are met before a transaction is proposed.hey are processed by the consensus engine, if necessary. +4. Return the updated transactions to be processed by the consensus engine + +Note that, unlike `CheckTx()`, `PrepareProposal` process `sdk.Msg`s, so it can directly update the state. However, unlike `FinalizeBlock()`, it does not commit the state updates. It's important to exercise caution when using `PrepareProposal` as incorrect coding could affect the overall liveness of the network. + +It's important to note that `PrepareProposal` complements the `ProcessProposal` method which is executed after this method. The combination of these two methods means that it is possible to guarantee that no invalid transactions are ever committed. Furthermore, such a setup can give rise to other interesting use cases such as Oracles, threshold decryption and more. + +`PrepareProposal` returns a response to the underlying consensus engine of type [`abci.ResponseCheckTx`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#processproposal). The response contains: + +* `Code (uint32)`: Response Code. `0` if successful. +* `Data ([]byte)`: Result bytes, if any. +* `Log (string):` The output of the application's logger. May be non-deterministic. +* `Info (string):` Additional information. May be non-deterministic. + + +### Process Proposal + +The `ProcessProposal` function is called by the BaseApp as part of the ABCI message flow, and is executed during the `FinalizeBlock` phase of the consensus process. The purpose of this function is to give more control to the application for block validation, allowing it to check all transactions in a proposed block before the validator sends the prevote for the block. It allows a validator to perform application-dependent work in a proposed block, enabling features such as immediate block execution, and allows the Application to reject invalid blocks. + +The `ProcessProposal` function performs several key tasks, including: + +1. Validating the proposed block by checking all transactions in it. +2. Checking the proposed block against the current state of the application, to ensure that it is valid and that it can be executed. +3. Updating the application's state based on the proposal, if it is valid and passes all checks. +4. Returning a response to CometBFT indicating the result of the proposal processing. + +The `ProcessProposal` is an important part of the application's overall governance system. It is used to manage the network's parameters and other key aspects of its operation. It also ensures that the coherence property is adhered to i.e. all honest validators must accept a proposal by an honest proposer. + +It's important to note that `ProcessProposal` complements the `PrepareProposal` method which enables the application to have more fine-grained transaction control by allowing it to reorder, drop, delay, modify, and even add transactions as they see necessary. The combination of these two methods means that it is possible to guarantee that no invalid transactions are ever committed. Furthermore, such a setup can give rise to other interesting use cases such as Oracles, threshold decryption and more. + +CometBFT calls it when it receives a proposal and the CometBFT algorithm has not locked on a value. The Application cannot modify the proposal at this point but can reject it if it is invalid. If that is the case, CometBFT will prevote `nil` on the proposal, which has strong liveness implications for CometBFT. As a general rule, the Application SHOULD accept a prepared proposal passed via `ProcessProposal`, even if a part of the proposal is invalid (e.g., an invalid transaction); the Application can ignore the invalid part of the prepared proposal at block execution time. + +However, developers must exercise greater caution when using these methods. Incorrectly coding these methods could affect liveness as CometBFT is unable to receive 2/3 valid precommits to finalize a block. + +`ProcessProposal` returns a response to the underlying consensus engine of type [`abci.ResponseCheckTx`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#processproposal). The response contains: + +* `Code (uint32)`: Response Code. `0` if successful. +* `Data ([]byte)`: Result bytes, if any. +* `Log (string):` The output of the application's logger. May be non-deterministic. +* `Info (string):` Additional information. May be non-deterministic. + + +### CheckTx + +`CheckTx` is sent by the underlying consensus engine when a new unconfirmed (i.e. not yet included in a valid block) +transaction is received by a full-node. The role of `CheckTx` is to guard the full-node's mempool +(where unconfirmed transactions are stored until they are included in a block) from spam transactions. +Unconfirmed transactions are relayed to peers only if they pass `CheckTx`. + +`CheckTx()` can perform both _stateful_ and _stateless_ checks, but developers should strive to +make the checks **lightweight** because gas fees are not charged for the resources (CPU, data load...) used during the `CheckTx`. + +In the Cosmos SDK, after [decoding transactions](./05-encoding.md), `CheckTx()` is implemented +to do the following checks: + +1. Extract the `sdk.Msg`s from the transaction. +2. **Optionally** perform _stateless_ checks by calling `ValidateBasic()` on each of the `sdk.Msg`s. This is done + first, as _stateless_ checks are less computationally expensive than _stateful_ checks. If + `ValidateBasic()` fail, `CheckTx` returns before running _stateful_ checks, which saves resources. + This check is still performed for messages that have not yet migrated to the new message validation mechanism defined in [RFC 001](https://docs.cosmos.network/main/rfc/rfc-001-tx-validation) and still have a `ValidateBasic()` method. +3. Perform non-module related _stateful_ checks on the [account](../beginner/03-accounts.md). This step is mainly about checking + that the `sdk.Msg` signatures are valid, that enough fees are provided and that the sending account + has enough funds to pay for said fees. Note that no precise [`gas`](../beginner/04-gas-fees.md) counting occurs here, + as `sdk.Msg`s are not processed. Usually, the [`AnteHandler`](../beginner/04-gas-fees.md#antehandler) will check that the `gas` provided + with the transaction is superior to a minimum reference gas amount based on the raw transaction size, + in order to avoid spam with transactions that provide 0 gas. + +`CheckTx` does **not** process `sdk.Msg`s - they only need to be processed when the canonical state needs to be updated, which happens during `FinalizeBlock`. + +Steps 2. and 3. are performed by the [`AnteHandler`](../beginner/04-gas-fees.md#antehandler) in the [`RunTx()`](#runtx-antehandler-and-runmsgs) +function, which `CheckTx()` calls with the `runTxModeCheck` mode. During each step of `CheckTx()`, a +special [volatile state](#state-updates) called `checkState` is updated. This state is used to keep +track of the temporary changes triggered by the `CheckTx()` calls of each transaction without modifying +the [main canonical state](#main-state). For example, when a transaction goes through `CheckTx()`, the +transaction's fees are deducted from the sender's account in `checkState`. If a second transaction is +received from the same account before the first is processed, and the account has consumed all its +funds in `checkState` during the first transaction, the second transaction will fail `CheckTx`() and +be rejected. In any case, the sender's account will not actually pay the fees until the transaction +is actually included in a block, because `checkState` never gets committed to the main state. The +`checkState` is reset to the latest state of the main state each time a blocks gets [committed](#commit). + +`CheckTx` returns a response to the underlying consensus engine of type [`abci.ResponseCheckTx`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#checktx). +The response contains: + +* `Code (uint32)`: Response Code. `0` if successful. +* `Data ([]byte)`: Result bytes, if any. +* `Log (string):` The output of the application's logger. May be non-deterministic. +* `Info (string):` Additional information. May be non-deterministic. +* `GasWanted (int64)`: Amount of gas requested for transaction. It is provided by users when they generate the transaction. +* `GasUsed (int64)`: Amount of gas consumed by transaction. During `CheckTx`, this value is computed by multiplying the standard cost of a transaction byte by the size of the raw transaction. Next is an example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/ante/basic.go#L104 +``` + +* `Events ([]cmn.KVPair)`: Key-Value tags for filtering and indexing transactions (eg. by account). See [`event`s](./08-events.md) for more. +* `Codespace (string)`: Namespace for the Code. + +#### RecheckTx + +After `Commit`, `CheckTx` is run again on all transactions that remain in the node's local mempool +excluding the transactions that are included in the block. To prevent the mempool from rechecking all transactions +every time a block is committed, the configuration option `mempool.recheck=false` can be set. As of +Tendermint v0.32.1, an additional `Type` parameter is made available to the `CheckTx` function that +indicates whether an incoming transaction is new (`CheckTxType_New`), or a recheck (`CheckTxType_Recheck`). +This allows certain checks like signature verification can be skipped during `CheckTxType_Recheck`. + +## RunTx, AnteHandler, RunMsgs, PostHandler + +### RunTx + +`RunTx` is called from `CheckTx`/`Finalizeblock` to handle the transaction, with `execModeCheck` or `execModeFinalize` as parameter to differentiate between the two modes of execution. Note that when `RunTx` receives a transaction, it has already been decoded. + +The first thing `RunTx` does upon being called is to retrieve the `context`'s `CacheMultiStore` by calling the `getContextForTx()` function with the appropriate mode (either `runTxModeCheck` or `execModeFinalize`). This `CacheMultiStore` is a branch of the main store, with cache functionality (for query requests), instantiated during `FinalizeBlock` for transaction execution and during the `Commit` of the previous block for `CheckTx`. After that, two `defer func()` are called for [`gas`](../beginner/04-gas-fees.md) management. They are executed when `runTx` returns and make sure `gas` is actually consumed, and will throw errors, if any. + +After that, `RunTx()` calls `ValidateBasic()`, when available and for backward compatibility, on each `sdk.Msg`in the `Tx`, which runs preliminary _stateless_ validity checks. If any `sdk.Msg` fails to pass `ValidateBasic()`, `RunTx()` returns with an error. + +Then, the [`anteHandler`](#antehandler) of the application is run (if it exists). In preparation of this step, both the `checkState`/`finalizeBlockState`'s `context` and `context`'s `CacheMultiStore` are branched using the `cacheTxContext()` function. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/baseapp.go#L706-L722 +``` + +This allows `RunTx` not to commit the changes made to the state during the execution of `anteHandler` if it ends up failing. It also prevents the module implementing the `anteHandler` from writing to state, which is an important part of the [object-capabilities](./10-ocap.md) of the Cosmos SDK. + +Finally, the [`RunMsgs()`](#runmsgs) function is called to process the `sdk.Msg`s in the `Tx`. In preparation of this step, just like with the `anteHandler`, both the `checkState`/`finalizeBlockState`'s `context` and `context`'s `CacheMultiStore` are branched using the `cacheTxContext()` function. + +### AnteHandler + +The `AnteHandler` is a special handler that implements the `AnteHandler` interface and is used to authenticate the transaction before the transaction's internal messages are processed. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/handler.go#L3-L5 +``` + +The `AnteHandler` is theoretically optional, but still a very important component of public blockchain networks. It serves 3 primary purposes: + +* Be a primary line of defense against spam and second line of defense (the first one being the mempool) against transaction replay with fees deduction and [`sequence`](./01-transactions.md#transaction-generation) checking. +* Perform preliminary _stateful_ validity checks like ensuring signatures are valid or that the sender has enough funds to pay for fees. +* Play a role in the incentivisation of stakeholders via the collection of transaction fees. + +`BaseApp` holds an `anteHandler` as parameter that is initialized in the [application's constructor](../beginner/00-app-anatomy.md#application-constructor). The most widely used `anteHandler` is the [`auth` module](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/ante/ante.go). + +Click [here](../beginner/04-gas-fees.md#antehandler) for more on the `anteHandler`. + +### RunMsgs + +`RunMsgs` is called from `RunTx` with `runTxModeCheck` as parameter to check the existence of a route for each message the transaction, and with `execModeFinalize` to actually process the `sdk.Msg`s. + +First, it retrieves the `sdk.Msg`'s fully-qualified type name, by checking the `type_url` of the Protobuf `Any` representing the `sdk.Msg`. Then, using the application's [`msgServiceRouter`](#msg-service-router), it checks for the existence of `Msg` service method related to that `type_url`. At this point, if `mode == runTxModeCheck`, `RunMsgs` returns. Otherwise, if `mode == execModeFinalize`, the [`Msg` service](../../build/building-modules/03-msg-services.md) RPC is executed, before `RunMsgs` returns. + +### PostHandler + +`PostHandler` is similar to `AnteHandler`, but it, as the name suggests, executes custom post tx processing logic after [`RunMsgs`](#runmsgs) is called. `PostHandler` receives the `Result` of the `RunMsgs` in order to enable this customizable behavior. + +Like `AnteHandler`s, `PostHandler`s are theoretically optional. + +Other use cases like unused gas refund can also be enabled by `PostHandler`s. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/posthandler/post.go#L1-L15 +``` + +Note, when `PostHandler`s fail, the state from `runMsgs` is also reverted, effectively making the transaction fail. + +## Other ABCI Messages + +### InitChain + +The [`InitChain` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#method-overview) is sent from the underlying CometBFT engine when the chain is first started. It is mainly used to **initialize** parameters and state like: + +* [Consensus Parameters](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_app_requirements.md#consensus-parameters) via `setConsensusParams`. +* [`checkState` and `finalizeBlockState`](#state-updates) via `setState`. +* The [block gas meter](../beginner/04-gas-fees.md#block-gas-meter), with infinite gas to process genesis transactions. + +Finally, the `InitChain(req abci.RequestInitChain)` method of `BaseApp` calls the [`initChainer()`](../beginner/00-app-anatomy.md#initchainer) of the application in order to initialize the main state of the application from the `genesis file` and, if defined, call the [`InitGenesis`](../../build/building-modules/08-genesis.md#initgenesis) function of each of the application's modules. + + +### FinalizeBlock + +The [`FinalizeBlock` ABCI message](https://github.com/cometbft/cometbft/blob/v0.38.x/spec/abci/abci++_basic_concepts.md#method-overview) is sent from the underlying CometBFT engine when a block proposal created by the correct proposer is received. The previous `BeginBlock, DeliverTx and Endblock` calls are private methods on the BaseApp struct. + + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/abci.go#L869 +``` + +#### PreBlock + +* Run the application's [`preBlocker()`](../beginner/00-app-anatomy.md#preblocker), which mainly runs the [`PreBlocker()`](../../build/building-modules/17-preblock.md#preblock) method of each of the modules. + +#### BeginBlock + +* Initialize [`finalizeBlockState`](#state-updates) with the latest header using the `req abci.RequestFinalizeBlock` passed as parameter via the `setState` function. + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/baseapp.go#L746-L770 + ``` + + This function also resets the [main gas meter](../beginner/04-gas-fees.md#main-gas-meter). + +* Initialize the [block gas meter](../beginner/04-gas-fees.md#block-gas-meter) with the `maxGas` limit. The `gas` consumed within the block cannot go above `maxGas`. This parameter is defined in the application's consensus parameters. +* Run the application's [`beginBlocker()`](../beginner/00-app-anatomy.md#beginblocker-and-endblocker), which mainly runs the [`BeginBlocker()`](../../build/building-modules/06-beginblock-endblock.md#beginblock) method of each of the modules. +* Set the [`VoteInfos`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#voteinfo) of the application, i.e. the list of validators whose _precommit_ for the previous block was included by the proposer of the current block. This information is carried into the [`Context`](./02-context.md) so that it can be used during transaction execution and EndBlock. + +#### Transaction Execution + +When the underlying consensus engine receives a block proposal, each transaction in the block needs to be processed by the application. To that end, the underlying consensus engine sends the transactions in FinalizeBlock message to the application for each transaction in a sequential order. + +Before the first transaction of a given block is processed, a [volatile state](#state-updates) called `finalizeBlockState` is initialized during FinalizeBlock. This state is updated each time a transaction is processed via `FinalizeBlock`, and committed to the [main state](#main-state) when the block is [committed](#commit), after what it is set to `nil`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/baseapp.go#LL772-L807 +``` + +Transaction execution within `FinalizeBlock` performs the **exact same steps as `CheckTx`**, with a little caveat at step 3 and the addition of a fifth step: + +1. The `AnteHandler` does **not** check that the transaction's `gas-prices` is sufficient. That is because the `min-gas-prices` value `gas-prices` is checked against is local to the node, and therefore what is enough for one full-node might not be for another. This means that the proposer can potentially include transactions for free, although they are not incentivised to do so, as they earn a bonus on the total fee of the block they propose. +2. For each `sdk.Msg` in the transaction, route to the appropriate module's Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md). Additional _stateful_ checks are performed, and the branched multistore held in `finalizeBlockState`'s `context` is updated by the module's `keeper`. If the `Msg` service returns successfully, the branched multistore held in `context` is written to `finalizeBlockState` `CacheMultiStore`. + +During the additional fifth step outlined in (2), each read/write to the store increases the value of `GasConsumed`. You can find the default cost of each operation: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/gas.go#L230-L241 +``` + +At any point, if `GasConsumed > GasWanted`, the function returns with `Code != 0` and the execution fails. + +Each transactions returns a response to the underlying consensus engine of type [`abci.ExecTxResult`](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/spec/abci/abci%2B%2B_methods.md#exectxresult). The response contains: + +* `Code (uint32)`: Response Code. `0` if successful. +* `Data ([]byte)`: Result bytes, if any. +* `Log (string):` The output of the application's logger. May be non-deterministic. +* `Info (string):` Additional information. May be non-deterministic. +* `GasWanted (int64)`: Amount of gas requested for transaction. It is provided by users when they generate the transaction. +* `GasUsed (int64)`: Amount of gas consumed by transaction. During transaction execution, this value is computed by multiplying the standard cost of a transaction byte by the size of the raw transaction, and by adding gas each time a read/write to the store occurs. +* `Events ([]cmn.KVPair)`: Key-Value tags for filtering and indexing transactions (eg. by account). See [`event`s](./08-events.md) for more. +* `Codespace (string)`: Namespace for the Code. + +#### EndBlock + +EndBlock is run after transaction execution completes. It allows developers to have logic be executed at the end of each block. In the Cosmos SDK, the bulk EndBlock() method is to run the application's EndBlocker(), which mainly runs the EndBlocker() method of each of the application's modules. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/baseapp.go#L811-L833 +``` + +### Commit + +The [`Commit` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#method-overview) is sent from the underlying CometBFT engine after the full-node has received _precommits_ from 2/3+ of validators (weighted by voting power). On the `BaseApp` end, the `Commit(res abci.ResponseCommit)` function is implemented to commit all the valid state transitions that occurred during `FinalizeBlock` and to reset state for the next block. + +To commit state-transitions, the `Commit` function calls the `Write()` function on `finalizeBlockState.ms`, where `finalizeBlockState.ms` is a branched multistore of the main store `app.cms`. Then, the `Commit` function sets `checkState` to the latest header (obtained from `finalizeBlockState.ctx.BlockHeader`) and `finalizeBlockState` to `nil`. + +Finally, `Commit` returns the hash of the commitment of `app.cms` back to the underlying consensus engine. This hash is used as a reference in the header of the next block. + +### Info + +The [`Info` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#info-methods) is a simple query from the underlying consensus engine, notably used to sync the latter with the application during a handshake that happens on startup. When called, the `Info(res abci.ResponseInfo)` function from `BaseApp` will return the application's name, version and the hash of the last commit of `app.cms`. + +### Query + +The [`Query` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#info-methods) is used to serve queries received from the underlying consensus engine, including queries received via RPC like CometBFT RPC. It used to be the main entrypoint to build interfaces with the application, but with the introduction of [gRPC queries](../../build/building-modules/04-query-services.md) in Cosmos SDK v0.40, its usage is more limited. The application must respect a few rules when implementing the `Query` method, which are outlined [here](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_app_requirements.md#query). + +Each CometBFT `query` comes with a `path`, which is a `string` which denotes what to query. If the `path` matches a gRPC fully-qualified service method, then `BaseApp` will defer the query to the `grpcQueryRouter` and let it handle it like explained [above](#grpc-query-router). Otherwise, the `path` represents a query that is not (yet) handled by the gRPC router. `BaseApp` splits the `path` string with the `/` delimiter. By convention, the first element of the split string (`split[0]`) contains the category of `query` (`app`, `p2p`, `store` or `custom` ). The `BaseApp` implementation of the `Query(req abci.RequestQuery)` method is a simple dispatcher serving these 4 main categories of queries: + +* Application-related queries like querying the application's version, which are served via the `handleQueryApp` method. +* Direct queries to the multistore, which are served by the `handlerQueryStore` method. These direct queries are different from custom queries which go through `app.queryRouter`, and are mainly used by third-party service provider like block explorers. +* P2P queries, which are served via the `handleQueryP2P` method. These queries return either `app.addrPeerFilter` or `app.ipPeerFilter` that contain the list of peers filtered by address or IP respectively. These lists are first initialized via `options` in `BaseApp`'s [constructor](#constructor). + +### ExtendVote + +`ExtendVote` allows an application to extend a pre-commit vote with arbitrary data. This process does NOT have to be deterministic and the data returned can be unique to the validator process. + +In the Cosmos-SDK this is implemented as a NoOp: + +``` go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/abci_utils.go#L444-L450 +``` + +### VerifyVoteExtension + +`VerifyVoteExtension` allows an application to verify that the data returned by `ExtendVote` is valid. This process MUST be deterministic. Moreover, the value of ResponseVerifyVoteExtension.status MUST exclusively depend on the parameters passed in the call to RequestVerifyVoteExtension, and the last committed Application state. + +In the Cosmos-SDK this is implemented as a NoOp: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/abci_utils.go#L452-L458 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/01-transactions.md b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/01-transactions.md new file mode 100644 index 00000000..cc8b862d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/01-transactions.md @@ -0,0 +1,229 @@ +--- +sidebar_position: 1 +--- + +# Transactions + +:::note Synopsis +`Transactions` are objects created by end-users to trigger state changes in the application. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK Application](../beginner/00-app-anatomy.md) + +::: + +## Transactions + +Transactions are comprised of metadata held in [contexts](./02-context.md) and [`sdk.Msg`s](../../build/building-modules/02-messages-and-queries.md) that trigger state changes within a module through the module's Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md). + +When users want to interact with an application and make state changes (e.g. sending coins), they create transactions. Each of a transaction's `sdk.Msg` must be signed using the private key associated with the appropriate account(s), before the transaction is broadcasted to the network. A transaction must then be included in a block, validated, and approved by the network through the consensus process. To read more about the lifecycle of a transaction, click [here](../beginner/01-tx-lifecycle.md). + +## Type Definition + +Transaction objects are Cosmos SDK types that implement the `Tx` interface + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/tx_msg.go#L53-L58 +``` + +It contains the following methods: + +* **GetMsgs:** unwraps the transaction and returns a list of contained `sdk.Msg`s - one transaction may have one or multiple messages, which are defined by module developers. + +As a developer, you should rarely manipulate `Tx` directly, as `Tx` is an intermediate type used for transaction generation. Instead, developers should prefer the `TxBuilder` interface, which you can learn more about [below](#transaction-generation). + +### Signing Transactions + +Every message in a transaction must be signed by the addresses specified by its `GetSigners`. The Cosmos SDK currently allows signing transactions in two different ways. + +#### `SIGN_MODE_DIRECT` (preferred) + +The most used implementation of the `Tx` interface is the Protobuf `Tx` message, which is used in `SIGN_MODE_DIRECT`: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/v1beta1/tx.proto#L15-L28 +``` + +Because Protobuf serialization is not deterministic, the Cosmos SDK uses an additional `TxRaw` type to denote the pinned bytes over which a transaction is signed. Any user can generate a valid `body` and `auth_info` for a transaction, and serialize these two messages using Protobuf. `TxRaw` then pins the user's exact binary representation of `body` and `auth_info`, called respectively `body_bytes` and `auth_info_bytes`. The document that is signed by all signers of the transaction is `SignDoc` (deterministically serialized using [ADR-027](../../build/architecture/adr-027-deterministic-protobuf-serialization.md)): + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/v1beta1/tx.proto#L50-L67 +``` + +Once signed by all signers, the `body_bytes`, `auth_info_bytes` and `signatures` are gathered into `TxRaw`, whose serialized bytes are broadcasted over the network. + +#### `SIGN_MODE_LEGACY_AMINO_JSON` + +The legacy implementation of the `Tx` interface is the `StdTx` struct from `x/auth`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/migrations/legacytx/stdtx.go#L82-L89 +``` + +The document signed by all signers is `StdSignDoc`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/migrations/legacytx/stdsign.go#L30-L43 +``` + +which is encoded into bytes using Amino JSON. Once all signatures are gathered into `StdTx`, `StdTx` is serialized using Amino JSON, and these bytes are broadcasted over the network. + +#### Other Sign Modes + +The Cosmos SDK also provides a couple of other sign modes for particular use cases. + +#### `SIGN_MODE_DIRECT_AUX` + +`SIGN_MODE_DIRECT_AUX` is a sign mode released in the Cosmos SDK v0.46 which targets transactions with multiple signers. Whereas `SIGN_MODE_DIRECT` expects each signer to sign over both `TxBody` and `AuthInfo` (which includes all other signers' signer infos, i.e. their account sequence, public key and mode info), `SIGN_MODE_DIRECT_AUX` allows N-1 signers to only sign over `TxBody` and _their own_ signer info. Morever, each auxiliary signer (i.e. a signer using `SIGN_MODE_DIRECT_AUX`) doesn't +need to sign over the fees: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/v1beta1/tx.proto#L68-L93 +``` + +The use case is a multi-signer transaction, where one of the signers is appointed to gather all signatures, broadcast the signature and pay for fees, and the others only care about the transaction body. This generally allows for a better multi-signing UX. If Alice, Bob and Charlie are part of a 3-signer transaction, then Alice and Bob can both use `SIGN_MODE_DIRECT_AUX` to sign over the `TxBody` and their own signer info (no need an additional step to gather other signers' ones, like in `SIGN_MODE_DIRECT`), without specifying a fee in their SignDoc. Charlie can then gather both signatures from Alice and Bob, and +create the final transaction by appending a fee. Note that the fee payer of the transaction (in our case Charlie) must sign over the fees, so must use `SIGN_MODE_DIRECT` or `SIGN_MODE_LEGACY_AMINO_JSON`. + + +#### `SIGN_MODE_TEXTUAL` + +`SIGN_MODE_TEXTUAL` is a new sign mode for delivering a better signing experience on hardware wallets and it is included in the v0.50 release. In this mode, the signer signs over the human-readable string representation of the transaction (CBOR) and makes all data being displayed easier to read. The data is formatted as screens, and each screen is meant to be displayed in its entirety even on small devices like the Ledger Nano. + +There are also _expert_ screens, which will only be displayed if the user has chosen that option in its hardware device. These screens contain things like account number, account sequence and the sign data hash. + +Data is formatted using a set of `ValueRenderer` which the SDK provides defaults for all the known messages and value types. Chain developers can also opt to implement their own `ValueRenderer` for a type/message if they'd like to display information differently. + +If you wish to learn more, please refer to [ADR-050](../../build/architecture/adr-050-sign-mode-textual.md). + +#### Custom Sign modes + +There is the opportunity to add your own custom sign mode to the Cosmos-SDK. While we can not accept the implementation of the sign mode to the repository, we can accept a pull request to add the custom signmode to the SignMode enum located [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/signing/v1beta1/signing.proto#L17) + +## Transaction Process + +The process of an end-user sending a transaction is: + +* decide on the messages to put into the transaction, +* generate the transaction using the Cosmos SDK's `TxBuilder`, +* broadcast the transaction using one of the available interfaces. + +The next paragraphs will describe each of these components, in this order. + +### Messages + +:::tip +Module `sdk.Msg`s are not to be confused with [ABCI Messages](https://docs.cometbft.com/v0.37/spec/abci/) which define interactions between the CometBFT and application layers. +::: + +**Messages** (or `sdk.Msg`s) are module-specific objects that trigger state transitions within the scope of the module they belong to. Module developers define the messages for their module by adding methods to the Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md), and also implement the corresponding `MsgServer`. + +Each `sdk.Msg`s is related to exactly one Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md) RPC, defined inside each module's `tx.proto` file. A SDK app router automatically maps every `sdk.Msg` to a corresponding RPC. Protobuf generates a `MsgServer` interface for each module `Msg` service, and the module developer needs to implement this interface. +This design puts more responsibility on module developers, allowing application developers to reuse common functionalities without having to implement state transition logic repetitively. + +To learn more about Protobuf `Msg` services and how to implement `MsgServer`, click [here](../../build/building-modules/03-msg-services.md). + +While messages contain the information for state transition logic, a transaction's other metadata and relevant information are stored in the `TxBuilder` and `Context`. + +### Transaction Generation + +The `TxBuilder` interface contains data closely related with the generation of transactions, which an end-user can set to generate the desired transaction: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/tx_config.go#L39-L57 +``` + +* `Msg`s, the array of [messages](#messages) included in the transaction. +* `GasLimit`, option chosen by the users for how to calculate how much gas they will need to pay. +* `Memo`, a note or comment to send with the transaction. +* `FeeAmount`, the maximum amount the user is willing to pay in fees. +* `TimeoutHeight`, block height until which the transaction is valid. +* `Unordered`, an option indicating this transaction may be executed in any order (requires Sequence to be unset.) +* `TimeoutTimestamp`, the timeout timestamp (unordered nonce) of the transaction (required to be used with Unordered). +* `Signatures`, the array of signatures from all signers of the transaction. + +As there are currently two sign modes for signing transactions, there are also two implementations of `TxBuilder`: + +* [wrapper](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/tx/builder.go#L27-L44) for creating transactions for `SIGN_MODE_DIRECT`, +* [StdTxBuilder](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/migrations/legacytx/stdtx_builder.go#L14-L17) for `SIGN_MODE_LEGACY_AMINO_JSON`. + +However, the two implementations of `TxBuilder` should be hidden away from end-users, as they should prefer using the overarching `TxConfig` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/tx_config.go#L27-L37 +``` + +`TxConfig` is an app-wide configuration for managing transactions. Most importantly, it holds the information about whether to sign each transaction with `SIGN_MODE_DIRECT` or `SIGN_MODE_LEGACY_AMINO_JSON`. By calling `txBuilder := txConfig.NewTxBuilder()`, a new `TxBuilder` will be created with the appropriate sign mode. + +Once `TxBuilder` is correctly populated with the setters exposed above, `TxConfig` will also take care of correctly encoding the bytes (again, either using `SIGN_MODE_DIRECT` or `SIGN_MODE_LEGACY_AMINO_JSON`). Here's a pseudo-code snippet of how to generate and encode a transaction, using the `TxEncoder()` method: + +```go +txBuilder := txConfig.NewTxBuilder() +txBuilder.SetMsgs(...) // and other setters on txBuilder + +bz, err := txConfig.TxEncoder()(txBuilder.GetTx()) +// bz are bytes to be broadcasted over the network +``` + +### Broadcasting the Transaction + +Once the transaction bytes are generated, there are currently three ways of broadcasting it. + +#### CLI + +Application developers create entry points to the application by creating a [command-line interface](./07-cli.md), [gRPC and/or REST interface](./06-grpc_rest.md), typically found in the application's `./cmd` folder. These interfaces allow users to interact with the application through command-line. + +For the [command-line interface](../../build/building-modules/09-module-interfaces.md#cli), module developers create subcommands to add as children to the application top-level transaction command `TxCmd`. CLI commands actually bundle all the steps of transaction processing into one simple command: creating messages, generating transactions and broadcasting. For concrete examples, see the [Interacting with a Node](../../user/run-node/02-interact-node.md) section. An example transaction made using CLI looks like: + +```bash +simd tx send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake +``` + +#### gRPC + +[gRPC](https://grpc.io) is the main component for the Cosmos SDK's RPC layer. Its principal usage is in the context of modules' [`Query` services](../../build/building-modules/04-query-services.md). However, the Cosmos SDK also exposes a few other module-agnostic gRPC services, one of them being the `Tx` service: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/v1beta1/service.proto +``` + +The `Tx` service exposes a handful of utility functions, such as simulating a transaction or querying a transaction, and also one method to broadcast transactions. + +Examples of broadcasting and simulating a transaction are shown [here](../../user/run-node/03-txs.md#programmatically-with-go). + +#### REST + +Each gRPC method has its corresponding REST endpoint, generated using [gRPC-gateway](https://github.com/grpc-ecosystem/grpc-gateway). Therefore, instead of using gRPC, you can also use HTTP to broadcast the same transaction, on the `POST /cosmos/tx/v1beta1/txs` endpoint. + +An example can be seen [here](../../user/run-node/03-txs.md#using-rest) + +#### CometBFT RPC + +The three methods presented above are actually higher abstractions over the CometBFT RPC `/broadcast_tx_{async,sync,commit}` endpoints, documented [here](https://docs.cometbft.com/v0.37/core/rpc). This means that you can use the CometBFT RPC endpoints directly to broadcast the transaction, if you wish so. + +### Unordered Transactions + +:::tip + +Looking to enable unordered transactions on your chain? +Check out the [v0.53.0 Upgrade Guide](https://docs.cosmos.network/v0.53/build/migrations/upgrade-guide#enable-unordered-transactions-optional) + +::: + +:::warning + +Unordered transactions MUST leave sequence values unset. When a transaction is both unordered and contains a non-zero sequence value, +the transaction will be rejected. Services that operate on prior assumptions about transaction sequence values should be updated to handle unordered transactions. +Services should be aware that when the transaction is unordered, the transaction sequence will always be zero. + +::: + +Beginning with Cosmos SDK v0.53.0, chains may enable unordered transaction support. +Unordered transactions work by using a timestamp as the transaction's nonce value. The sequence value must NOT be set in the signature(s) of the transaction. +The timestamp must be greater than the current block time and not exceed the chain's configured max unordered timeout timestamp duration. +Senders must use a unique timestamp for each distinct transaction. The difference may be as small as a nanosecond, however. + +These unique timestamps serve as a one-shot nonce, and their lifespan in state is short-lived. +Upon transaction inclusion, an entry consisting of timeout timestamp and account address will be recorded to state. +Once the block time is passed the timeout timestamp value, the entry will be removed. This ensures that unordered nonces do not indefinitely fill up the chain's storage. diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/02-context.md b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/02-context.md new file mode 100644 index 00000000..312a4fd9 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/02-context.md @@ -0,0 +1,103 @@ +--- +sidebar_position: 1 +--- + +# Context + +:::note Synopsis +The `context` is a data structure intended to be passed from function to function that carries information about the current state of the application. It provides access to a branched storage (a safe branch of the entire state) as well as useful objects and information like `gasMeter`, `block height`, `consensus parameters` and more. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK Application](../beginner/00-app-anatomy.md) +* [Lifecycle of a Transaction](../beginner/01-tx-lifecycle.md) + +::: + +## Context Definition + +The Cosmos SDK `Context` is a custom data structure that contains Go's stdlib [`context`](https://pkg.go.dev/context) as its base, and has many additional types within its definition that are specific to the Cosmos SDK. The `Context` is integral to transaction processing in that it allows modules to easily access their respective [store](./04-store.md#base-layer-kvstores) in the [`multistore`](./04-store.md#multistore) and retrieve transactional context such as the block header and gas meter. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/types/context.go#L40-L67 +``` + +* **Base Context:** The base type is a Go [Context](https://pkg.go.dev/context), which is explained further in the [Go Context Package](#go-context-package) section below. +* **Multistore:** Every application's `BaseApp` contains a [`CommitMultiStore`](./04-store.md#multistore) which is provided when a `Context` is created. Calling the `KVStore()` and `TransientStore()` methods allows modules to fetch their respective [`KVStore`](./04-store.md#base-layer-kvstores) using their unique `StoreKey`. +* **Header:** The [header](https://docs.cometbft.com/v0.37/spec/core/data_structures#header) is a Blockchain type. It carries important information about the state of the blockchain, such as block height and proposer of the current block. +* **Header Hash:** The current block header hash, obtained during `abci.FinalizeBlock`. +* **Chain ID:** The unique identification number of the blockchain a block pertains to. +* **Transaction Bytes:** The `[]byte` representation of a transaction being processed using the context. Every transaction is processed by various parts of the Cosmos SDK and consensus engine (e.g. CometBFT) throughout its [lifecycle](../beginner/01-tx-lifecycle.md), some of which do not have any understanding of transaction types. Thus, transactions are marshaled into the generic `[]byte` type using some kind of [encoding format](./05-encoding.md) such as [Amino](./05-encoding.md). +* **Logger:** A `logger` from the CometBFT libraries. Learn more about logs [here](https://docs.cometbft.com/v0.37/core/configuration). Modules call this method to create their own unique module-specific logger. +* **VoteInfo:** A list of the ABCI type [`VoteInfo`](https://docs.cometbft.com/master/spec/abci/abci.html#voteinfo), which includes the name of a validator and a boolean indicating whether they have signed the block. +* **Gas Meters:** Specifically, a [`gasMeter`](../beginner/04-gas-fees.md#main-gas-meter) for the transaction currently being processed using the context and a [`blockGasMeter`](../beginner/04-gas-fees.md#block-gas-meter) for the entire block it belongs to. Users specify how much in fees they wish to pay for the execution of their transaction; these gas meters keep track of how much [gas](../beginner/04-gas-fees.md) has been used in the transaction or block so far. If the gas meter runs out, execution halts. +* **CheckTx Mode:** A boolean value indicating whether a transaction should be processed in `CheckTx` or `DeliverTx` mode. +* **Min Gas Price:** The minimum [gas](../beginner/04-gas-fees.md) price a node is willing to take in order to include a transaction in its block. This price is a local value configured by each node individually, and should therefore **not be used in any functions used in sequences leading to state-transitions**. +* **Consensus Params:** The ABCI type [Consensus Parameters](https://docs.cometbft.com/master/spec/abci/apps.html#consensus-parameters), which specify certain limits for the blockchain, such as maximum gas for a block. +* **Event Manager:** The event manager allows any caller with access to a `Context` to emit [`Events`](./08-events.md). Modules may define module specific + `Events` by defining various `Types` and `Attributes` or use the common definitions found in `types/`. Clients can subscribe or query for these `Events`. These `Events` are collected throughout `FinalizeBlock` and are returned to CometBFT for indexing. +* **Priority:** The transaction priority, only relevant in `CheckTx`. +* **KV `GasConfig`:** Enables applications to set a custom `GasConfig` for the `KVStore`. +* **Transient KV `GasConfig`:** Enables applications to set a custom `GasConfig` for the transiant `KVStore`. +* **StreamingManager:** The streamingManager field provides access to the streaming manager, which allows modules to subscribe to state changes emitted by the blockchain. The streaming manager is used by the state listening API, which is described in [ADR 038](https://docs.cosmos.network/main/architecture/adr-038-state-listening). +* **CometInfo:** A lightweight field that contains information about the current block, such as the block height, time, and hash. This information can be used for validating evidence, providing historical data, and enhancing the user experience. For further details see [here](https://github.com/cosmos/cosmos-sdk/blob/main/core/comet/service.go#L14). +* **HeaderInfo:** The `headerInfo` field contains information about the current block header, such as the chain ID, gas limit, and timestamp. For further details see [here](https://github.com/cosmos/cosmos-sdk/blob/main/core/header/service.go#L14). + +## Go Context Package + +A basic `Context` is defined in the [Golang Context Package](https://pkg.go.dev/context). A `Context` +is an immutable data structure that carries request-scoped data across APIs and processes. Contexts +are also designed to enable concurrency and to be used in goroutines. + +Contexts are intended to be **immutable**; they should never be edited. Instead, the convention is +to create a child context from its parent using a `With` function. For example: + +```go +childCtx = parentCtx.WithBlockHeader(header) +``` + +The [Golang Context Package](https://pkg.go.dev/context) documentation instructs developers to +explicitly pass a context `ctx` as the first argument of a process. + +## Store branching + +The `Context` contains a `MultiStore`, which allows for branching and caching functionality using `CacheMultiStore` +(queries in `CacheMultiStore` are cached to avoid future round trips). +Each `KVStore` is branched in a safe and isolated ephemeral storage. Processes are free to write changes to +the `CacheMultiStore`. If a state-transition sequence is performed without issue, the store branch can +be committed to the underlying store at the end of the sequence or disregard them if something +goes wrong. The pattern of usage for a Context is as follows: + +1. A process receives a Context `ctx` from its parent process, which provides information needed to + perform the process. +2. The `ctx.ms` is a **branched store**, i.e. a branch of the [multistore](./04-store.md#multistore) is made so that the process can make changes to the state as it executes, without changing the original`ctx.ms`. This is useful to protect the underlying multistore in case the changes need to be reverted at some point in the execution. +3. The process may read and write from `ctx` as it is executing. It may call a subprocess and pass + `ctx` to it as needed. +4. When a subprocess returns, it checks if the result is a success or failure. If a failure, nothing + needs to be done - the branch `ctx` is simply discarded. If successful, the changes made to + the `CacheMultiStore` can be committed to the original `ctx.ms` via `Write()`. + +For example, here is a snippet from the [`runTx`](./00-baseapp.md#runtx-antehandler-runmsgs-posthandler) function in [`baseapp`](./00-baseapp.md): + +```go +runMsgCtx, msCache := app.cacheTxContext(ctx, txBytes) +result = app.runMsgs(runMsgCtx, msgs, mode) +result.GasWanted = gasWanted +if mode != runTxModeDeliver { + return result +} +if result.IsOK() { + msCache.Write() +} +``` + +Here is the process: + +1. Prior to calling `runMsgs` on the message(s) in the transaction, it uses `app.cacheTxContext()` + to branch and cache the context and multistore. +2. `runMsgCtx` - the context with branched store, is used in `runMsgs` to return a result. +3. If the process is running in [`checkTxMode`](./00-baseapp.md#checktx), there is no need to write the + changes - the result is returned immediately. +4. If the process is running in [`deliverTxMode`](./00-baseapp.md#delivertx) and the result indicates + a successful run over all the messages, the branched multistore is written back to the original. diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/03-node.md b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/03-node.md new file mode 100644 index 00000000..375dedb0 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/03-node.md @@ -0,0 +1,96 @@ +--- +sidebar_position: 1 +--- + +# Node Client (Daemon) + +:::note Synopsis +The main endpoint of a Cosmos SDK application is the daemon client, otherwise known as the full-node client. The full-node runs the state-machine, starting from a genesis file. It connects to peers running the same client in order to receive and relay transactions, block proposals and signatures. The full-node is constituted of the application, defined with the Cosmos SDK, and of a consensus engine connected to the application via the ABCI. +::: + +:::note Pre-requisite Readings + +* [Anatomy of an SDK application](../beginner/00-app-anatomy.md) + +::: + +## `main` function + +The full-node client of any Cosmos SDK application is built by running a `main` function. The client is generally named by appending the `-d` suffix to the application name (e.g. `appd` for an application named `app`), and the `main` function is defined in a `./appd/cmd/main.go` file. Running this function creates an executable `appd` that comes with a set of commands. For an app named `app`, the main command is [`appd start`](#start-command), which starts the full-node. + +In general, developers will implement the `main.go` function with the following structure: + +* First, an [`encodingCodec`](./05-encoding.md) is instantiated for the application. +* Then, the `config` is retrieved and config parameters are set. This mainly involves setting the Bech32 prefixes for [addresses](../beginner/03-accounts.md#addresses). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/config.go#L14-L29 +``` + +* Using [cobra](https://github.com/spf13/cobra), the root command of the full-node client is created. After that, all the custom commands of the application are added using the `AddCommand()` method of `rootCmd`. +* Add default server commands to `rootCmd` using the `server.AddCommands()` method. These commands are separated from the ones added above since they are standard and defined at Cosmos SDK level. They should be shared by all Cosmos SDK-based applications. They include the most important command: the [`start` command](#start-command). +* Prepare and execute the `executor`. + +```go reference +https://github.com/cometbft/cometbft/blob/v0.37.0/libs/cli/setup.go#L74-L78 +``` + +See an example of `main` function from the `simapp` application, the Cosmos SDK's application for demo purposes: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/main.go +``` + +## `start` command + +The `start` command is defined in the `/server` folder of the Cosmos SDK. It is added to the root command of the full-node client in the [`main` function](#main-function) and called by the end-user to start their node: + +```bash +# For an example app named "app", the following command starts the full-node. +appd start + +# Using the Cosmos SDK's own simapp, the following commands start the simapp node. +simd start +``` + +As a reminder, the full-node is composed of three conceptual layers: the networking layer, the consensus layer and the application layer. The first two are generally bundled together in an entity called the consensus engine (CometBFT by default), while the third is the state-machine defined with the help of the Cosmos SDK. Currently, the Cosmos SDK uses CometBFT as the default consensus engine, meaning the start command is implemented to boot up a CometBFT node. + +The flow of the `start` command is pretty straightforward. First, it retrieves the `config` from the `context` in order to open the `db` (a [`leveldb`](https://github.com/syndtr/goleveldb) instance by default). This `db` contains the latest known state of the application (empty if the application is started from the first time. + +With the `db`, the `start` command creates a new instance of the application using an `appCreator` function: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server/start.go#L1007 +``` + +Note that an `appCreator` is a function that fulfills the `AppCreator` signature: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server/types/app.go#L69 +``` + +In practice, the [constructor of the application](../beginner/00-app-anatomy.md#constructor-function) is passed as the `appCreator`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L294-L308 +``` + +Then, the instance of `app` is used to instantiate a new CometBFT node: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server/start.go#L361-L400 +``` + +The CometBFT node can be created with `app` because the latter satisfies the [`abci.Application` interface](https://github.com/cometbft/cometbft/blob/v0.37.0/abci/types/application.go#L9-L35) (given that `app` extends [`baseapp`](./00-baseapp.md)). As part of the `node.New` method, CometBFT makes sure that the height of the application (i.e. number of blocks since genesis) is equal to the height of the CometBFT node. The difference between these two heights should always be negative or null. If it is strictly negative, `node.New` will replay blocks until the height of the application reaches the height of the CometBFT node. Finally, if the height of the application is `0`, the CometBFT node will call [`InitChain`](./00-baseapp.md#initchain) on the application to initialize the state from the genesis file. + +Once the CometBFT node is instantiated and in sync with the application, the node can be started: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server/start.go#L373-L374 +``` + +Upon starting, the node will bootstrap its RPC and P2P server and start dialing peers. During handshake with its peers, if the node realizes they are ahead, it will query all the blocks sequentially in order to catch up. Then, it will wait for new block proposals and block signatures from validators in order to make progress. + +## Other commands + +To discover how to concretely run a node and interact with it, please refer to our [Running a Node, API and CLI](../../user/run-node/01-run-node.md) guide. diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/04-store.md b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/04-store.md new file mode 100644 index 00000000..8bebc3ba --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/04-store.md @@ -0,0 +1,288 @@ +--- +sidebar_position: 1 +--- + +# Store + +:::note Synopsis +A store is a data structure that holds the state of the application. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK application](../beginner/00-app-anatomy.md) + +::: + +## Introduction to Cosmos SDK Stores + +The Cosmos SDK comes with a large set of stores to persist the state of applications. By default, the main store of Cosmos SDK applications is a `multistore`, i.e. a store of stores. Developers can add any number of key-value stores to the multistore, depending on their application needs. The multistore exists to support the modularity of the Cosmos SDK, as it lets each module declare and manage their own subset of the state. Key-value stores in the multistore can only be accessed with a specific capability `key`, which is typically held in the [`keeper`](../../build/building-modules/06-keeper.md) of the module that declared the store. + +```text ++-----------------------------------------------------+ +| | +| +--------------------------------------------+ | +| | | | +| | KVStore 1 - Manage by keeper of Module 1 | +| | | | +| +--------------------------------------------+ | +| | +| +--------------------------------------------+ | +| | | | +| | KVStore 2 - Manage by keeper of Module 2 | | +| | | | +| +--------------------------------------------+ | +| | +| +--------------------------------------------+ | +| | | | +| | KVStore 3 - Manage by keeper of Module 2 | | +| | | | +| +--------------------------------------------+ | +| | +| +--------------------------------------------+ | +| | | | +| | KVStore 4 - Manage by keeper of Module 3 | | +| | | | +| +--------------------------------------------+ | +| | +| +--------------------------------------------+ | +| | | | +| | KVStore 5 - Manage by keeper of Module 4 | | +| | | | +| +--------------------------------------------+ | +| | +| Main Multistore | +| | ++-----------------------------------------------------+ + + Application's State +``` + +### Store Interface + +At its very core, a Cosmos SDK `store` is an object that holds a `CacheWrapper` and has a `GetStoreType()` method: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L17-L20 +``` + +The `GetStoreType` is a simple method that returns the type of store, whereas a `CacheWrapper` is a simple interface that implements store read caching and write branching through `Write` method: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L285-L317 +``` + +Branching and cache is used ubiquitously in the Cosmos SDK and required to be implemented on every store type. A storage branch creates an isolated, ephemeral branch of a store that can be passed around and updated without affecting the main underlying store. This is used to trigger temporary state-transitions that may be reverted later should an error occur. Read more about it in [context](./02-context.md#Store-branching) + +### Commit Store + +A commit store is a store that has the ability to commit changes made to the underlying tree or db. The Cosmos SDK differentiates simple stores from commit stores by extending the basic store interfaces with a `Committer`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L34-L38 +``` + +The `Committer` is an interface that defines methods to persist changes to disk: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L22-L32 +``` + +The `CommitID` is a deterministic commit of the state tree. Its hash is returned to the underlying consensus engine and stored in the block header. Note that commit store interfaces exist for various purposes, one of which is to make sure not every object can commit the store. As part of the [object-capabilities model](./10-ocap.md) of the Cosmos SDK, only `baseapp` should have the ability to commit stores. For example, this is the reason why the `ctx.KVStore()` method by which modules typically access stores returns a `KVStore` and not a `CommitKVStore`. + +The Cosmos SDK comes with many types of stores, the most used being [`CommitMultiStore`](#multistore), [`KVStore`](#kvstore) and [`GasKv` store](#gaskv-store). [Other types of stores](#other-stores) include `Transient` and `TraceKV` stores. + +## Multistore + +### Multistore Interface + +Each Cosmos SDK application holds a multistore at its root to persist its state. The multistore is a store of `KVStores` that follows the `Multistore` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L115-L147 +``` + +If tracing is enabled, then branching the multistore will firstly wrap all the underlying `KVStore` in [`TraceKv.Store`](#tracekv-store). + +### CommitMultiStore + +The main type of `Multistore` used in the Cosmos SDK is `CommitMultiStore`, which is an extension of the `Multistore` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L155-L225 +``` + +As for concrete implementation, the [`rootMulti.Store`] is the go-to implementation of the `CommitMultiStore` interface. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/rootmulti/store.go#L56-L82 +``` + +The `rootMulti.Store` is a base-layer multistore built around a `db` on top of which multiple `KVStores` can be mounted, and is the default multistore store used in [`baseapp`](./00-baseapp.md). + +### CacheMultiStore + +Whenever the `rootMulti.Store` needs to be branched, a [`cachemulti.Store`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/cachemulti/store.go) is used. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/cachemulti/store.go#L20-L34 +``` + +`cachemulti.Store` branches all substores (creates a virtual store for each substore) in its constructor and hold them in `Store.stores`. Moreover caches all read queries. `Store.GetKVStore()` returns the store from `Store.stores`, and `Store.Write()` recursively calls `CacheWrap.Write()` on all the substores. + +## Base-layer KVStores + +### `KVStore` and `CommitKVStore` Interfaces + +A `KVStore` is a simple key-value store used to store and retrieve data. A `CommitKVStore` is a `KVStore` that also implements a `Committer`. By default, stores mounted in `baseapp`'s main `CommitMultiStore` are `CommitKVStore`s. The `KVStore` interface is primarily used to restrict modules from accessing the committer. + +Individual `KVStore`s are used by modules to manage a subset of the global state. `KVStores` can be accessed by objects that hold a specific key. This `key` should only be exposed to the [`keeper`](../../build/building-modules/06-keeper.md) of the module that defines the store. + +`CommitKVStore`s are declared by proxy of their respective `key` and mounted on the application's [multistore](#multistore) in the [main application file](../beginner/00-app-anatomy.md#core-application-file). In the same file, the `key` is also passed to the module's `keeper` that is responsible for managing the store. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L227-L264 +``` + +Apart from the traditional `Get` and `Set` methods, that a `KVStore` must implement via the `BasicKVStore` interface; a `KVStore` must provide an `Iterator(start, end)` method which returns an `Iterator` object. It is used to iterate over a range of keys, typically keys that share a common prefix. Below is an example from the bank's module keeper, used to iterate over all account balances: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/bank/keeper/view.go#L121-L137 +``` + +### `IAVL` Store + +The default implementation of `KVStore` and `CommitKVStore` used in `baseapp` is the `iavl.Store`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/iavl/store.go#L36-L41 +``` + +`iavl` stores are based around an [IAVL Tree](https://github.com/cosmos/iavl), a self-balancing binary tree which guarantees that: + +* `Get` and `Set` operations are O(log n), where n is the number of elements in the tree. +* Iteration efficiently returns the sorted elements within the range. +* Each tree version is immutable and can be retrieved even after a commit (depending on the pruning settings). + +The documentation on the IAVL Tree is located [here](https://github.com/cosmos/iavl/blob/master/docs/overview.md). + +### `DbAdapter` Store + +`dbadapter.Store` is an adapter for `dbm.DB` making it fulfilling the `KVStore` interface. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/dbadapter/store.go#L13-L16 +``` + +`dbadapter.Store` embeds `dbm.DB`, meaning most of the `KVStore` interface functions are implemented. The other functions (mostly miscellaneous) are manually implemented. This store is primarily used within [Transient Stores](#transient-store) + +### `Transient` Store + +`Transient.Store` is a base-layer `KVStore` which is automatically discarded at the end of the block. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/transient/store.go#L16-L19 +``` + +`Transient.Store` is a `dbadapter.Store` with a `dbm.NewMemDB()`. All `KVStore` methods are reused. When `Store.Commit()` is called, a new `dbadapter.Store` is assigned, discarding previous reference and making it garbage collected. + +This type of store is useful to persist information that is only relevant per-block. One example would be to store parameter changes (i.e. a bool set to `true` if a parameter changed in a block). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/params/types/subspace.go#L22-L32 +``` + +Transient stores are typically accessed via the [`context`](./02-context.md) via the `TransientStore()` method: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/context.go#L347-L350 +``` + +## KVStore Wrappers + +### CacheKVStore + +`cachekv.Store` is a wrapper `KVStore` which provides buffered writing / cached reading functionalities over the underlying `KVStore`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/cachekv/store.go#L26-L36 +``` + +This is the type used whenever an IAVL Store needs to be branched to create an isolated store (typically when we need to mutate a state that might be reverted later). + +#### `Get` + +`Store.Get()` firstly checks if `Store.cache` has an associated value with the key. If the value exists, the function returns it. If not, the function calls `Store.parent.Get()`, caches the result in `Store.cache`, and returns it. + +#### `Set` + +`Store.Set()` sets the key-value pair to the `Store.cache`. `cValue` has the field dirty bool which indicates whether the cached value is different from the underlying value. When `Store.Set()` caches a new pair, the `cValue.dirty` is set `true` so when `Store.Write()` is called it can be written to the underlying store. + +#### `Iterator` + +`Store.Iterator()` have to traverse on both cached items and the original items. In `Store.iterator()`, two iterators are generated for each of them, and merged. `memIterator` is essentially a slice of the `KVPairs`, used for cached items. `mergeIterator` is a combination of two iterators, where traverse happens ordered on both iterators. + +### `GasKv` Store + +Cosmos SDK applications use [`gas`](../beginner/04-gas-fees.md) to track resources usage and prevent spam. [`GasKv.Store`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/gaskv/store.go) is a `KVStore` wrapper that enables automatic gas consumption each time a read or write to the store is made. It is the solution of choice to track storage usage in Cosmos SDK applications. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/gaskv/store.go#L11-L17 +``` + +When methods of the parent `KVStore` are called, `GasKv.Store` automatically consumes appropriate amount of gas depending on the `Store.gasConfig`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/gas.go#L219-L228 +``` + +By default, all `KVStores` are wrapped in `GasKv.Stores` when retrieved. This is done in the `KVStore()` method of the [`context`](./02-context.md): + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/context.go#L342-L345 +``` + +In this case, the gas configuration set in the `context` is used. The gas configuration can be set using the `WithKVGasConfig` method of the `context`. +Otherwise it uses the following default: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/gas.go#L230-L241 +``` + +### `TraceKv` Store + +`tracekv.Store` is a wrapper `KVStore` which provides operation tracing functionalities over the underlying `KVStore`. It is applied automatically by the Cosmos SDK on all `KVStore` if tracing is enabled on the parent `MultiStore`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/tracekv/store.go#L20-L43 +``` + +When each `KVStore` methods are called, `tracekv.Store` automatically logs `traceOperation` to the `Store.writer`. `traceOperation.Metadata` is filled with `Store.context` when it is not nil. `TraceContext` is a `map[string]interface{}`. + +### `Prefix` Store + +`prefix.Store` is a wrapper `KVStore` which provides automatic key-prefixing functionalities over the underlying `KVStore`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/prefix/store.go#L15-L21 +``` + +When `Store.{Get, Set}()` is called, the store forwards the call to its parent, with the key prefixed with the `Store.prefix`. + +When `Store.Iterator()` is called, it does not simply prefix the `Store.prefix`, since it does not work as intended. In that case, some of the elements are traversed even if they are not starting with the prefix. + +### `ListenKv` Store + +`listenkv.Store` is a wrapper `KVStore` which provides state listening capabilities over the underlying `KVStore`. +It is applied automatically by the Cosmos SDK on any `KVStore` whose `StoreKey` is specified during state streaming configuration. +Additional information about state streaming configuration can be found in the [store/streaming/README.md](https://github.com/cosmos/cosmos-sdk/tree/v0.53.0/store/streaming). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/listenkv/store.go#L11-L18 +``` + +When `KVStore.Set` or `KVStore.Delete` methods are called, `listenkv.Store` automatically writes the operations to the set of `Store.listeners`. + +## `BasicKVStore` interface + +An interface providing only the basic CRUD functionality (`Get`, `Set`, `Has`, and `Delete` methods), without iteration or caching. This is used to partially expose components of a larger store. diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/05-encoding.md b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/05-encoding.md new file mode 100644 index 00000000..7698b150 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/05-encoding.md @@ -0,0 +1,285 @@ +--- +sidebar_position: 1 +--- + +# Encoding + +:::note Synopsis +While encoding in the Cosmos SDK used to be mainly handled by `go-amino` codec, the Cosmos SDK is moving towards using `gogoprotobuf` for both state and client-side encoding. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK application](../beginner/00-app-anatomy.md) + +::: + +## Encoding + +The Cosmos SDK utilizes two binary wire encoding protocols, [Amino](https://github.com/tendermint/go-amino/) which is an object encoding specification and [Protocol Buffers](https://developers.google.com/protocol-buffers), a subset of Proto3 with an extension for +interface support. See the [Proto3 spec](https://developers.google.com/protocol-buffers/docs/proto3) +for more information on Proto3, which Amino is largely compatible with (but not with Proto2). + +Due to Amino having significant performance drawbacks, being reflection-based, and +not having any meaningful cross-language/client support, Protocol Buffers, specifically +[gogoprotobuf](https://github.com/cosmos/gogoproto/), is being used in place of Amino. +Note, this process of using Protocol Buffers over Amino is still an ongoing process. + +Binary wire encoding of types in the Cosmos SDK can be broken down into two main +categories, client encoding and store encoding. Client encoding mainly revolves +around transaction processing and signing, whereas store encoding revolves around +types used in state-machine transitions and what is ultimately stored in the Merkle +tree. + +For store encoding, protobuf definitions can exist for any type and will typically +have an Amino-based "intermediary" type. Specifically, the protobuf-based type +definition is used for serialization and persistence, whereas the Amino-based type +is used for business logic in the state-machine where they may convert back-n-forth. +Note, the Amino-based types may slowly be phased-out in the future, so developers +should take note to use the protobuf message definitions where possible. + +In the `codec` package, there exists two core interfaces, `BinaryCodec` and `JSONCodec`, +where the former encapsulates the current Amino interface except it operates on +types implementing the latter instead of generic `interface{}` types. + +The `ProtoCodec`, where both binary and JSON serialization is handled +via Protobuf. This means that modules may use Protobuf encoding, but the types must +implement `ProtoMarshaler`. If modules wish to avoid implementing this interface +for their types, this is autogenerated via [buf](https://buf.build/) + +If modules use [Collections](../../build/packages/02-collections.md), encoding and decoding are handled, marshal and unmarshal should not be handled manually unless for specific cases identified by the developer. + +### Gogoproto + +Modules are encouraged to utilize Protobuf encoding for their respective types. In the Cosmos SDK, we use the [Gogoproto](https://github.com/cosmos/gogoproto) specific implementation of the Protobuf spec that offers speed and DX improvements compared to the official [Google protobuf implementation](https://github.com/protocolbuffers/protobuf). + +### Guidelines for protobuf message definitions + +In addition to [following official Protocol Buffer guidelines](https://developers.google.com/protocol-buffers/docs/proto3#simple), we recommend using these annotations in .proto files when dealing with interfaces: + +* use `cosmos_proto.accepts_interface` to annote `Any` fields that accept interfaces + * pass the same fully qualified name as `protoName` to `InterfaceRegistry.RegisterInterface` + * example: `(cosmos_proto.accepts_interface) = "cosmos.gov.v1beta1.Content"` (and not just `Content`) +* annotate interface implementations with `cosmos_proto.implements_interface` + * pass the same fully qualified name as `protoName` to `InterfaceRegistry.RegisterInterface` + * example: `(cosmos_proto.implements_interface) = "cosmos.authz.v1beta1.Authorization"` (and not just `Authorization`) + +Code generators can then match the `accepts_interface` and `implements_interface` annotations to know whether some Protobuf messages are allowed to be packed in a given `Any` field or not. + +### Transaction Encoding + +Another important use of Protobuf is the encoding and decoding of +[transactions](./01-transactions.md). Transactions are defined by the application or +the Cosmos SDK but are then passed to the underlying consensus engine to be relayed to +other peers. Since the underlying consensus engine is agnostic to the application, +the consensus engine accepts only transactions in the form of raw bytes. + +* The `TxEncoder` object performs the encoding. +* The `TxDecoder` object performs the decoding. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/types/tx_msg.go#L109-L113 +``` + +A standard implementation of both these objects can be found in the [`auth/tx` module](../../build/modules/auth/2-tx.md): + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/auth/tx/decoder.go +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/auth/tx/encoder.go +``` + +See [ADR-020](https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/docs/architecture/adr-020-protobuf-transaction-encoding.md) for details of how a transaction is encoded. + +### Interface Encoding and Usage of `Any` + +The Protobuf DSL is strongly typed, which can make inserting variable-typed fields difficult. Imagine we want to create a `Profile` protobuf message that serves as a wrapper over [an account](../beginner/03-accounts.md): + +```protobuf +message Profile { + // account is the account associated to a profile. + cosmos.auth.v1beta1.BaseAccount account = 1; + // bio is a short description of the account. + string bio = 4; +} +``` + +In this `Profile` example, we hardcoded `account` as a `BaseAccount`. However, there are several other types of [user accounts related to vesting](../../build/modules/auth/1-vesting.md), such as `BaseVestingAccount` or `ContinuousVestingAccount`. All of these accounts are different, but they all implement the `AccountI` interface. How would you create a `Profile` that allows all these types of accounts with an `account` field that accepts an `AccountI` interface? + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/types/account.go#L15-L32 +``` + +In [ADR-019](https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/docs/architecture/adr-019-protobuf-state-encoding.md), it has been decided to use [`Any`](https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/any.proto)s to encode interfaces in protobuf. An `Any` contains an arbitrary serialized message as bytes, along with a URL that acts as a globally unique identifier for and resolves to that message's type. This strategy allows us to pack arbitrary Go types inside protobuf messages. Our new `Profile` then looks like: + +```protobuf +message Profile { + // account is the account associated to a profile. + google.protobuf.Any account = 1 [ + (cosmos_proto.accepts_interface) = "cosmos.auth.v1beta1.AccountI"; // Asserts that this field only accepts Go types implementing `AccountI`. It is purely informational for now. + ]; + // bio is a short description of the account. + string bio = 4; +} +``` + +To add an account inside a profile, we need to "pack" it inside an `Any` first, using `codectypes.NewAnyWithValue`: + +```go +var myAccount AccountI +myAccount = ... // Can be a BaseAccount, a ContinuousVestingAccount or any struct implementing `AccountI` + +// Pack the account into an Any +accAny, err := codectypes.NewAnyWithValue(myAccount) +if err != nil { + return nil, err +} + +// Create a new Profile with the any. +profile := Profile { + Account: accAny, + Bio: "some bio", +} + +// We can then marshal the profile as usual. +bz, err := cdc.Marshal(profile) +jsonBz, err := cdc.MarshalJSON(profile) +``` + +To summarize, to encode an interface, you must 1/ pack the interface into an `Any` and 2/ marshal the `Any`. For convenience, the Cosmos SDK provides a `MarshalInterface` method to bundle these two steps. Have a look at [a real-life example in the x/auth module](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/auth/keeper/keeper.go#L239-L242). + +The reverse operation of retrieving the concrete Go type from inside an `Any`, called "unpacking", is done with the `GetCachedValue()` on `Any`. + +```go +profileBz := ... // The proto-encoded bytes of a Profile, e.g. retrieved through gRPC. +var myProfile Profile +// Unmarshal the bytes into the myProfile struct. +err := cdc.Unmarshal(profilebz, &myProfile) + +// Let's see the types of the Account field. +fmt.Printf("%T\n", myProfile.Account) // Prints "Any" +fmt.Printf("%T\n", myProfile.Account.GetCachedValue()) // Prints "BaseAccount", "ContinuousVestingAccount" or whatever was initially packed in the Any. + +// Get the address of the account. +accAddr := myProfile.Account.GetCachedValue().(AccountI).GetAddress() +``` + +It is important to note that for `GetCachedValue()` to work, `Profile` (and any other structs embedding `Profile`) must implement the `UnpackInterfaces` method: + +```go +func (p *Profile) UnpackInterfaces(unpacker codectypes.AnyUnpacker) error { + if p.Account != nil { + var account AccountI + return unpacker.UnpackAny(p.Account, &account) + } + + return nil +} +``` + +The `UnpackInterfaces` gets called recursively on all structs implementing this method, to allow all `Any`s to have their `GetCachedValue()` correctly populated. + +For more information about interface encoding, and especially on `UnpackInterfaces` and how the `Any`'s `type_url` gets resolved using the `InterfaceRegistry`, please refer to [ADR-019](https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/docs/architecture/adr-019-protobuf-state-encoding.md). + +#### `Any` Encoding in the Cosmos SDK + +The above `Profile` example is a fictive example used for educational purposes. In the Cosmos SDK, we use `Any` encoding in several places (non-exhaustive list): + +* the `cryptotypes.PubKey` interface for encoding different types of public keys, +* the `sdk.Msg` interface for encoding different `Msg`s in a transaction, +* the `AccountI` interface for encoding different types of accounts (similar to the above example) in the x/auth query responses, +* the `EvidenceI` interface for encoding different types of evidences in the x/evidence module, +* the `AuthorizationI` interface for encoding different types of x/authz authorizations, +* the [`Validator`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/staking/types/staking.pb.go#L340-L375) struct that contains information about a validator. + +A real-life example of encoding the pubkey as `Any` inside the Validator struct in x/staking is shown in the following example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/staking/types/validator.go#L43-L66 +``` + +#### `Any`'s TypeURL + +When packing a protobuf message inside an `Any`, the message's type is uniquely defined by its type URL, which is the message's fully qualified name prefixed by a `/` (slash) character. In some implementations of `Any`, like the gogoproto one, there's generally [a resolvable prefix, e.g. `type.googleapis.com`](https://github.com/gogo/protobuf/blob/b03c65ea87cdc3521ede29f62fe3ce239267c1bc/protobuf/google/protobuf/any.proto#L87-L91). However, in the Cosmos SDK, we made the decision to not include such prefix, to have shorter type URLs. The Cosmos SDK's own `Any` implementation can be found in `github.com/cosmos/cosmos-sdk/codec/types`. + +The Cosmos SDK is also switching away from gogoproto to the official `google.golang.org/protobuf` (known as the Protobuf API v2). Its default `Any` implementation also contains the [`type.googleapis.com`](https://github.com/protocolbuffers/protobuf-go/blob/v1.28.1/types/known/anypb/any.pb.go#L266) prefix. To maintain compatibility with the SDK, the following methods from `"google.golang.org/protobuf/types/known/anypb"` should not be used: + +* `anypb.New` +* `anypb.MarshalFrom` +* `anypb.Any#MarshalFrom` + +Instead, the Cosmos SDK provides helper functions in `"github.com/cosmos/cosmos-proto/anyutil"`, which create an official `anypb.Any` without inserting the prefixes: + +* `anyutil.New` +* `anyutil.MarshalFrom` + +For example, to pack a `sdk.Msg` called `internalMsg`, use: + +```diff +import ( +- "google.golang.org/protobuf/types/known/anypb" ++ "github.com/cosmos/cosmos-proto/anyutil" +) + +- anyMsg, err := anypb.New(internalMsg.Message().Interface()) ++ anyMsg, err := anyutil.New(internalMsg.Message().Interface()) + +- fmt.Println(anyMsg.TypeURL) // type.googleapis.com/cosmos.bank.v1beta1.MsgSend ++ fmt.Println(anyMsg.TypeURL) // /cosmos.bank.v1beta1.MsgSend +``` + +## FAQ + +### How to create modules using protobuf encoding + +#### Defining module types + +Protobuf types can be defined to encode: + +* state +* [`Msg`s](../../build/building-modules/02-messages-and-queries.md#messages) +* [Query services](../../build/building-modules/04-query-services.md) +* [genesis](../../build/building-modules/08-genesis.md) + +#### Naming and conventions + +We encourage developers to follow industry guidelines: [Protocol Buffers style guide](https://developers.google.com/protocol-buffers/docs/style) +and [Buf](https://buf.build/docs/style-guide), see more details in [ADR 023](https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/docs/architecture/adr-023-protobuf-naming.md) + +### How to update modules to protobuf encoding + +If modules do not contain any interfaces (e.g. `Account` or `Content`), then they +may simply migrate any existing types that +are encoded and persisted via their concrete Amino codec to Protobuf (see 1. for further guidelines) and accept a `Marshaler` as the codec which is implemented via the `ProtoCodec` +without any further customization. + +However, if a module type composes an interface, it must wrap it in the `sdk.Any` (from `/types` package) type. To do that, a module-level .proto file must use [`google.protobuf.Any`](https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/any.proto) for respective message type interface types. + +For example, in the `x/evidence` module defines an `Evidence` interface, which is used by the `MsgSubmitEvidence`. The structure definition must use `sdk.Any` to wrap the evidence file. In the proto file we define it as follows: + +```protobuf +// proto/cosmos/evidence/v1beta1/tx.proto + +message MsgSubmitEvidence { + string submitter = 1; + google.protobuf.Any evidence = 2 [(cosmos_proto.accepts_interface) = "cosmos.evidence.v1beta1.Evidence"]; +} +``` + +The Cosmos SDK `codec.Codec` interface provides support methods `MarshalInterface` and `UnmarshalInterface` to easy encoding of state to `Any`. + +Module should register interfaces using `InterfaceRegistry` which provides a mechanism for registering interfaces: `RegisterInterface(protoName string, iface interface{}, impls ...proto.Message)` and implementations: `RegisterImplementations(iface interface{}, impls ...proto.Message)` that can be safely unpacked from Any, similarly to type registration with Amino: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/codec/types/interface_registry.go#L40-L87 +``` + +In addition, an `UnpackInterfaces` phase should be introduced to deserialization to unpack interfaces before they're needed. Protobuf types that contain a protobuf `Any` either directly or via one of their members should implement the `UnpackInterfacesMessage` interface: + +```go +type UnpackInterfacesMessage interface { + UnpackInterfaces(InterfaceUnpacker) error +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/06-grpc_rest.md b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/06-grpc_rest.md new file mode 100644 index 00000000..e10bda09 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/06-grpc_rest.md @@ -0,0 +1,105 @@ +--- +sidebar_position: 1 +--- + +# gRPC, REST, and CometBFT Endpoints + +:::note Synopsis +This document presents an overview of all the endpoints a node exposes: gRPC, REST as well as some other endpoints. +::: + +## An Overview of All Endpoints + +Each node exposes the following endpoints for users to interact with a node, each endpoint is served on a different port. Details on how to configure each endpoint is provided in the endpoint's own section. + +* the gRPC server (default port: `9090`), +* the REST server (default port: `1317`), +* the CometBFT RPC endpoint (default port: `26657`). + +:::tip +The node also exposes some other endpoints, such as the CometBFT P2P endpoint, or the [Prometheus endpoint](https://docs.cometbft.com/v0.37/core/metrics), which are not directly related to the Cosmos SDK. Please refer to the [CometBFT documentation](https://docs.cometbft.com/v0.37/core/configuration) for more information about these endpoints. +::: + +:::note +All endpoints are defaulted to localhost and must be modified to be exposed to the public internet. +::: + +## gRPC Server + +In the Cosmos SDK, Protobuf is the main [encoding](./encoding) library. This brings a wide range of Protobuf-based tools that can be plugged into the Cosmos SDK. One such tool is [gRPC](https://grpc.io), a modern open-source high performance RPC framework that has decent client support in several languages. + +Each module exposes a [Protobuf `Query` service](../../build/building-modules/02-messages-and-queries.md#queries) that defines state queries. The `Query` services and a transaction service used to broadcast transactions are hooked up to the gRPC server via the following function inside the application: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/server/types/app.go#L46-L48 +``` + +Note: It is not possible to expose any [Protobuf `Msg` service](../../build/building-modules/02-messages-and-queries.md#messages) endpoints via gRPC. Transactions must be generated and signed using the CLI or programmatically before they can be broadcasted using gRPC. See [Generating, Signing, and Broadcasting Transactions](../../user/run-node/03-txs.md) for more information. + +The `grpc.Server` is a concrete gRPC server, which spawns and serves all gRPC query requests and a broadcast transaction request. This server can be configured inside `~/.simapp/config/app.toml`: + +* `grpc.enable = true|false` field defines if the gRPC server should be enabled. Defaults to `true`. +* `grpc.address = {string}` field defines the `ip:port` the server should bind to. Defaults to `localhost:9090`. + +:::tip +`~/.simapp` is the directory where the node's configuration and databases are stored. By default, it's set to `~/.{app_name}`. +::: + +Once the gRPC server is started, you can send requests to it using a gRPC client. Some examples are given in our [Interact with the Node](../../user/run-node/02-interact-node.md#using-grpc) tutorial. + +An overview of all available gRPC endpoints shipped with the Cosmos SDK is [Protobuf documentation](https://buf.build/cosmos/cosmos-sdk). + +## REST Server + +Cosmos SDK supports REST routes via gRPC-gateway. + +All routes are configured under the following fields in `~/.simapp/config/app.toml`: + +* `api.enable = true|false` field defines if the REST server should be enabled. Defaults to `false`. +* `api.address = {string}` field defines the `ip:port` the server should bind to. Defaults to `tcp://localhost:1317`. +* some additional API configuration options are defined in `~/.simapp/config/app.toml`, along with comments, please refer to that file directly. + +### gRPC-gateway REST Routes + +If, for various reasons, you cannot use gRPC (for example, you are building a web application, and browsers don't support HTTP2 on which gRPC is built), then the Cosmos SDK offers REST routes via gRPC-gateway. + +[gRPC-gateway](https://grpc-ecosystem.github.io/grpc-gateway/) is a tool to expose gRPC endpoints as REST endpoints. For each gRPC endpoint defined in a Protobuf `Query` service, the Cosmos SDK offers a REST equivalent. For instance, querying a balance could be done via the `/cosmos.bank.v1beta1.QueryAllBalances` gRPC endpoint, or alternatively via the gRPC-gateway `"/cosmos/bank/v1beta1/balances/{address}"` REST endpoint: both will return the same result. For each RPC method defined in a Protobuf `Query` service, the corresponding REST endpoint is defined as an option: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/proto/cosmos/bank/v1beta1/query.proto#L23-L30 +``` + +For application developers, gRPC-gateway REST routes needs to be wired up to the REST server, this is done by calling the `RegisterGRPCGatewayRoutes` function on the ModuleManager. + +### Swagger + +A [Swagger](https://swagger.io/) (or OpenAPIv2) specification file is exposed under the `/swagger` route on the API server. Swagger is an open specification describing the API endpoints a server serves, including description, input arguments, return types and much more about each endpoint. + +Enabling the `/swagger` endpoint is configurable inside `~/.simapp/config/app.toml` via the `api.swagger` field, which is set to false by default. + +For application developers, you may want to generate your own Swagger definitions based on your custom modules. +The Cosmos SDK's [Swagger generation script](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/scripts/protoc-swagger-gen.sh) is a good place to start. + +## CometBFT RPC + +Independently from the Cosmos SDK, CometBFT also exposes a RPC server. This RPC server can be configured by tuning parameters under the `rpc` table in the `~/.simapp/config/config.toml`, the default listening address is `tcp://localhost:26657`. An OpenAPI specification of all CometBFT RPC endpoints is available [here](https://docs.cometbft.com/main/rpc/). + +Some CometBFT RPC endpoints are directly related to the Cosmos SDK: + +* `/abci_query`: this endpoint will query the application for state. As the `path` parameter, you can send the following strings: + * any Protobuf fully-qualified service method, such as `/cosmos.bank.v1beta1.Query/AllBalances`. The `data` field should then include the method's request parameter(s) encoded as bytes using Protobuf. + * `/app/simulate`: this will simulate a transaction, and return some information such as gas used. + * `/app/version`: this will return the application's version. + * `/store/{storeName}/key`: this will directly query the named store for data associated with the key represented in the `data` parameter. + * `/store/{storeName}/subspace`: this will directly query the named store for key/value pairs in which the key has the value of the `data` parameter as a prefix. + * `/p2p/filter/addr/{port}`: this will return a filtered list of the node's P2P peers by address port. + * `/p2p/filter/id/{id}`: this will return a filtered list of the node's P2P peers by ID. +* `/broadcast_tx_{sync,async,commit}`: these 3 endpoints will broadcast a transaction to other peers. CLI, gRPC and REST expose [a way to broadcast transactions](./01-transactions.md#broadcasting-the-transaction), but they all use these 3 CometBFT RPCs under the hood. + +## Comparison Table + +| Name | Advantages | Disadvantages | +| -------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------- | +| gRPC | - can use code-generated stubs in various languages
    - supports streaming and bidirectional communication (HTTP2)
    - small wire binary sizes, faster transmission | - based on HTTP2, not available in browsers
    - learning curve (mostly due to Protobuf) | +| REST | - ubiquitous
    - client libraries in all languages, faster implementation
    | - only supports unary request-response communication (HTTP1.1)
    - bigger over-the-wire message sizes (JSON) | +| CometBFT RPC | - easy to use | - bigger over-the-wire message sizes (JSON) | diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/07-cli.md b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/07-cli.md new file mode 100644 index 00000000..ca97594d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/07-cli.md @@ -0,0 +1,211 @@ +--- +sidebar_position: 1 +--- + +# Command-Line Interface + +:::note Synopsis +This document describes how command-line interface (CLI) works on a high-level, for an [**application**](../beginner/00-app-anatomy.md). A separate document for implementing a CLI for a Cosmos SDK [**module**](../../build/building-modules/00-intro.md) can be found [here](../../build/building-modules/09-module-interfaces.md#cli). +::: + +## Command-Line Interface + +### Example Command + +There is no set way to create a CLI, but Cosmos SDK modules typically use the [Cobra Library](https://github.com/spf13/cobra). Building a CLI with Cobra entails defining commands, arguments, and flags. [**Commands**](#root-command) understand the actions users wish to take, such as `tx` for creating a transaction and `query` for querying the application. Each command can also have nested subcommands, necessary for naming the specific transaction type. Users also supply **Arguments**, such as account numbers to send coins to, and [**Flags**](#flags) to modify various aspects of the commands, such as gas prices or which node to broadcast to. + +Here is an example of a command a user might enter to interact with the simapp CLI `simd` in order to send some tokens: + +```bash +simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake --gas auto --gas-prices +``` + +The first four strings specify the command: + +* The root command for the entire application `simd`. +* The subcommand `tx`, which contains all commands that let users create transactions. +* The subcommand `bank` to indicate which module to route the command to ([`x/bank`](../../build/modules/bank/README.md) module in this case). +* The type of transaction `send`. + +The next two strings are arguments: the `from_address` the user wishes to send from, the `to_address` of the recipient, and the `amount` they want to send. Finally, the last few strings of the command are optional flags to indicate how much the user is willing to pay in fees (calculated using the amount of gas used to execute the transaction and the gas prices provided by the user). + +The CLI interacts with a [node](./03-node.md) to handle this command. The interface itself is defined in a `main.go` file. + +### Building the CLI + +The `main.go` file needs to have a `main()` function that creates a root command, to which all the application commands will be added as subcommands. The root command additionally handles: + +* **setting configurations** by reading in configuration files (e.g. the Cosmos SDK config file). +* **adding any flags** to it, such as `--chain-id`. +* **instantiating the `codec`** by injecting the application codecs. The [`codec`](./05-encoding.md) is used to encode and decode data structures for the application - stores can only persist `[]byte`s so the developer must define a serialization format for their data structures or use the default, Protobuf. +* **adding subcommand** for all the possible user interactions, including [transaction commands](#transaction-commands) and [query commands](#query-commands). + +The `main()` function finally creates an executor and [execute](https://pkg.go.dev/github.com/spf13/cobra#Command.Execute) the root command. See an example of `main()` function from the `simapp` application: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/main.go#L14-L24 +``` + +The rest of the document will detail what needs to be implemented for each step and include smaller portions of code from the `simapp` CLI files. + +## Adding Commands to the CLI + +Every application CLI first constructs a root command, then adds functionality by aggregating subcommands (often with further nested subcommands) using `rootCmd.AddCommand()`. The bulk of an application's unique capabilities lies in its transaction and query commands, called `TxCmd` and `QueryCmd` respectively. + +### Root Command + +The root command (called `rootCmd`) is what the user first types into the command line to indicate which application they wish to interact with. The string used to invoke the command (the "Use" field) is typically the name of the application suffixed with `-d`, e.g. `simd` or `gaiad`. The root command typically includes the following commands to support basic functionality in the application. + +* **Status** command from the Cosmos SDK rpc client tools, which prints information about the status of the connected [`Node`](./03-node.md). The Status of a node includes `NodeInfo`,`SyncInfo` and `ValidatorInfo`. +* **Keys** [commands](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/keys) from the Cosmos SDK client tools, which includes a collection of subcommands for using the key functions in the Cosmos SDK crypto tools, including adding a new key and saving it to the keyring, listing all public keys stored in the keyring, and deleting a key. For example, users can type `simd keys add ` to add a new key and save an encrypted copy to the keyring, using the flag `--recover` to recover a private key from a seed phrase or the flag `--multisig` to group multiple keys together to create a multisig key. For full details on the `add` key command, see the code [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/keys/add.go). For more details about usage of `--keyring-backend` for storage of key credentials look at the [keyring docs](../../user/run-node/00-keyring.md). +* **Server** commands from the Cosmos SDK server package. These commands are responsible for providing the mechanisms necessary to start an ABCI CometBFT application and provides the CLI framework (based on [cobra](https://github.com/spf13/cobra)) necessary to fully bootstrap an application. The package exposes two core functions: `StartCmd` and `ExportCmd` which creates commands to start the application and export state respectively. +Learn more [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server). +* [**Transaction**](#transaction-commands) commands. +* [**Query**](#query-commands) commands. + +Next is an example `rootCmd` function from the `simapp` application. It instantiates the root command, adds a [*persistent* flag](#flags) and `PreRun` function to be run before every execution, and adds all of the necessary subcommands. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L47-L130 +``` + +:::tip +Use the `EnhanceRootCommand()` from the AutoCLI options to automatically add auto-generated commands from the modules to the root command. +Additionnally it adds all manually defined modules commands (`tx` and `query`) as well. +Read more about [AutoCLI](https://docs.cosmos.network/main/core/autocli) in its dedicated section. +::: + +`rootCmd` has a function called `initAppConfig()` which is useful for setting the application's custom configs. +By default app uses CometBFT app config template from Cosmos SDK, which can be over-written via `initAppConfig()`. +Here's an example code to override default `app.toml` template. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L144-L199 +``` + +The `initAppConfig()` also allows overriding the default Cosmos SDK's [server config](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server/config/config.go#L231). One example is the `min-gas-prices` config, which defines the minimum gas prices a validator is willing to accept for processing a transaction. By default, the Cosmos SDK sets this parameter to `""` (empty string), which forces all validators to tweak their own `app.toml` and set a non-empty value, or else the node will halt on startup. This might not be the best UX for validators, so the chain developer can set a default `app.toml` value for validators inside this `initAppConfig()` function. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L164-L180 +``` + +The root-level `status` and `keys` subcommands are common across most applications and do not interact with application state. The bulk of an application's functionality - what users can actually *do* with it - is enabled by its `tx` and `query` commands. + +### Transaction Commands + +[Transactions](./01-transactions.md) are objects wrapping [`Msg`s](../../build/building-modules/02-messages-and-queries.md#messages) that trigger state changes. To enable the creation of transactions using the CLI interface, a function `txCommand` is generally added to the `rootCmd`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L222-L229 +``` + +This `txCommand` function adds all the transaction available to end-users for the application. This typically includes: + +* **Sign command** from the [`auth`](../../build/modules/auth/README.md) module that signs messages in a transaction. To enable multisig, add the `auth` module's `MultiSign` command. Since every transaction requires some sort of signature in order to be valid, the signing command is necessary for every application. +* **Broadcast command** from the Cosmos SDK client tools, to broadcast transactions. +* **All [module transaction commands](../../build/building-modules/09-module-interfaces.md#transaction-commands)** the application is dependent on, retrieved by using the [basic module manager's](../../build/building-modules/01-module-manager.md#basic-manager) `AddTxCommands()` function, or enhanced by [AutoCLI](https://docs.cosmos.network/main/core/autocli). + +Here is an example of a `txCommand` aggregating these subcommands from the `simapp` application: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L270-L292 +``` + +:::tip +When using AutoCLI to generate module transaction commands, `EnhanceRootCommand()` automatically adds the module `tx` command to the root command. +Read more about [AutoCLI](https://docs.cosmos.network/main/core/autocli) in its dedicated section. +::: + +### Query Commands + +[**Queries**](../../build/building-modules/02-messages-and-queries.md#queries) are objects that allow users to retrieve information about the application's state. To enable the creation of queries using the CLI interface, a function `queryCommand` is generally added to the `rootCmd`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L222-L229 +``` + +This `queryCommand` function adds all the queries available to end-users for the application. This typically includes: + +* **QueryTx** and/or other transaction query commands from the `auth` module which allow the user to search for a transaction by inputting its hash, a list of tags, or a block height. These queries allow users to see if transactions have been included in a block. +* **Account command** from the `auth` module, which displays the state (e.g. account balance) of an account given an address. +* **Validator command** from the Cosmos SDK rpc client tools, which displays the validator set of a given height. +* **Block command** from the Cosmos SDK RPC client tools, which displays the block data for a given height. +* **All [module query commands](../../build/building-modules/09-module-interfaces.md#query-commands)** the application is dependent on, retrieved by using the [basic module manager's](../../build/building-modules/01-module-manager.md#basic-manager) `AddQueryCommands()` function, or enhanced by [AutoCLI](https://docs.cosmos.network/main/core/autocli). + +Here is an example of a `queryCommand` aggregating subcommands from the `simapp` application: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L249-L268 +``` + +:::tip +When using AutoCLI to generate module query commands, `EnhanceRootCommand()` automatically adds the module `query` command to the root command. +Read more about [AutoCLI](https://docs.cosmos.network/main/core/autocli) in its dedicated section. +::: + +## Flags + +Flags are used to modify commands; developers can include them in a `flags.go` file with their CLI. Users can explicitly include them in commands or pre-configure them by inside their [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml). Commonly pre-configured flags include the `--node` to connect to and `--chain-id` of the blockchain the user wishes to interact with. + +A *persistent* flag (as opposed to a *local* flag) added to a command transcends all of its children: subcommands will inherit the configured values for these flags. Additionally, all flags have default values when they are added to commands; some toggle an option off but others are empty values that the user needs to override to create valid commands. A flag can be explicitly marked as *required* so that an error is automatically thrown if the user does not provide a value, but it is also acceptable to handle unexpected missing flags differently. + +Flags are added to commands directly (generally in the [module's CLI file](../../build/building-modules/09-module-interfaces.md#flags) where module commands are defined) and no flag except for the `rootCmd` persistent flags has to be added at application level. It is common to add a *persistent* flag for `--chain-id`, the unique identifier of the blockchain the application pertains to, to the root command. Adding this flag can be done in the `main()` function. Adding this flag makes sense as the chain ID should not be changing across commands in this application CLI. + +## Environment variables + +Each flag is bound to its respective named environment variable. Then name of the environment variable consist of two parts - capital case `basename` followed by flag name of the flag. `-` must be substituted with `_`. For example flag `--node` for application with basename `GAIA` is bound to `GAIA_NODE`. It allows reducing the amount of flags typed for routine operations. For example instead of: + +```shell +gaia --home=./ --node= --chain-id="testchain-1" --keyring-backend=test tx ... --from= +``` + +this will be more convenient: + +```shell +# define env variables in .env, .envrc etc +GAIA_HOME= +GAIA_NODE= +GAIA_CHAIN_ID="testchain-1" +GAIA_KEYRING_BACKEND="test" + +# and later just use +gaia tx ... --from= +``` + +## Configurations + +It is vital that the root command of an application uses `PersistentPreRun()` cobra command property for executing the command, so all child commands have access to the server and client contexts. These contexts are set as their default values initially and may be modified, scoped to the command, in their respective `PersistentPreRun()` functions. Note that the `client.Context` is typically pre-populated with "default" values that may be useful for all commands to inherit and override if necessary. + +Here is an example of an `PersistentPreRun()` function from `simapp`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L81-L120 +``` + +The `SetCmdClientContextHandler` call reads persistent flags via `ReadPersistentCommandFlags` which creates a `client.Context` and sets that on the root command's `Context`. + +The `InterceptConfigsPreRunHandler` call creates a viper literal, default `server.Context`, and a logger and sets that on the root command's `Context`. The `server.Context` will be modified and saved to disk. The internal `interceptConfigs` call reads or creates a CometBFT configuration based on the home path provided. In addition, `interceptConfigs` also reads and loads the application configuration, `app.toml`, and binds that to the `server.Context` viper literal. This is vital so the application can get access to not only the CLI flags, but also to the application configuration values provided by this file. + +:::tip +When willing to configure which logger is used, do not use `InterceptConfigsPreRunHandler`, which sets the default SDK logger, but instead use `InterceptConfigsAndCreateContext` and set the server context and the logger manually: + +```diff +-return server.InterceptConfigsPreRunHandler(cmd, customAppTemplate, customAppConfig, customCMTConfig) + ++serverCtx, err := server.InterceptConfigsAndCreateContext(cmd, customAppTemplate, customAppConfig, customCMTConfig) ++if err != nil { ++ return err ++} + ++// overwrite default server logger ++logger, err := server.CreateSDKLogger(serverCtx, cmd.OutOrStdout()) ++if err != nil { ++ return err ++} ++serverCtx.Logger = logger.With(log.ModuleKey, "server") + ++// set server context ++return server.SetCmdServerContext(cmd, serverCtx) +``` + +::: diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/08-events.md b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/08-events.md new file mode 100644 index 00000000..290615e4 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/08-events.md @@ -0,0 +1,159 @@ +--- +sidebar_position: 1 +--- +# Events + +:::note Synopsis +`Event`s are objects that contain information about the execution of the application. They are mainly used by service providers like block explorers and wallet to track the execution of various messages and index transactions. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK application](../beginner/00-app-anatomy.md) +* [CometBFT Documentation on Events](https://docs.cometbft.com/v0.37/spec/abci/abci++_basic_concepts#events) + +::: + +## Events + +Events are implemented in the Cosmos SDK as an alias of the ABCI `Event` type and +take the form of: `{eventType}.{attributeKey}={attributeValue}`. + +```protobuf reference +https://github.com/cometbft/cometbft/blob/v0.37.0/proto/tendermint/abci/types.proto#L334-L343 +``` + +An Event contains: + +* A `type` to categorize the Event at a high-level; for example, the Cosmos SDK uses the `"message"` type to filter Events by `Msg`s. +* A list of `attributes` are key-value pairs that give more information about the categorized Event. For example, for the `"message"` type, we can filter Events by key-value pairs using `message.action={some_action}`, `message.module={some_module}` or `message.sender={some_sender}`. +* A `msg_index` to identify which messages relate to the same transaction + +:::tip +To parse the attribute values as strings, make sure to add `'` (single quotes) around each attribute value. +::: + +_Typed Events_ are Protobuf-defined [messages](../../build/architecture/adr-032-typed-events.md) used by the Cosmos SDK +for emitting and querying Events. They are defined in a `event.proto` file, on a **per-module basis** and are read as `proto.Message`. +_Legacy Events_ are defined on a **per-module basis** in the module's `/types/events.go` file. +They are triggered from the module's Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md) +by using the [`EventManager`](#eventmanager). + +In addition, each module documents its events under in the `Events` sections of its specs (x/{moduleName}/`README.md`). + +Lastly, Events are returned to the underlying consensus engine in the response of the following ABCI messages: + +* [`BeginBlock`](./00-baseapp.md#beginblock) +* [`EndBlock`](./00-baseapp.md#endblock) +* [`CheckTx`](./00-baseapp.md#checktx) +* [`Transaction Execution`](./00-baseapp.md#transactionexecution) + +### Examples + +The following examples show how to query Events using the Cosmos SDK. + +| Event | Description | +| ------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `tx.height=23` | Query all transactions at height 23 | +| `message.action='/cosmos.bank.v1beta1.Msg/Send'` | Query all transactions containing a x/bank `Send` [Service `Msg`](../../build/building-modules/03-msg-services.md). Note the `'`s around the value. | +| `message.module='bank'` | Query all transactions containing messages from the x/bank module. Note the `'`s around the value. | +| `create_validator.validator='cosmosval1...'` | x/staking-specific Event, see [x/staking SPEC](../../build/modules/staking/README.md). | + +## EventManager + +In Cosmos SDK applications, Events are managed by an abstraction called the `EventManager`. +Internally, the `EventManager` tracks a list of Events for the entire execution flow of `FinalizeBlock` +(i.e. transaction execution, `BeginBlock`, `EndBlock`). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/types/events.go#L18-L25 +``` + +The `EventManager` comes with a set of useful methods to manage Events. The method +that is used most by module and application developers is `EmitTypedEvent` or `EmitEvent` that tracks +an Event in the `EventManager`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/types/events.go#L51-L60 +``` + +Module developers should handle Event emission via the `EventManager#EmitTypedEvent` or `EventManager#EmitEvent` in each message +`Handler` and in each `BeginBlock`/`EndBlock` handler. The `EventManager` is accessed via +the [`Context`](./02-context.md), where Event should be already registered, and emitted like this: + + +**Typed events:** + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/group/keeper/msg_server.go#L95-L97 +``` + +**Legacy events:** + +```go +ctx.EventManager().EmitEvent( + sdk.NewEvent(eventType, sdk.NewAttribute(attributeKey, attributeValue)), +) +``` + +Where the `EventManager` is accessed via the [`Context`](./02-context.md). + +See the [`Msg` services](../../build/building-modules/03-msg-services.md) concept doc for a more detailed +view on how to typically implement Events and use the `EventManager` in modules. + +## Subscribing to Events + +You can use CometBFT's [Websocket](https://docs.cometbft.com/v0.37/core/subscription) to subscribe to Events by calling the `subscribe` RPC method: + +```json +{ + "jsonrpc": "2.0", + "method": "subscribe", + "id": "0", + "params": { + "query": "tm.event='eventCategory' AND eventType.eventAttribute='attributeValue'" + } +} +``` + +The main `eventCategory` you can subscribe to are: + +* `NewBlock`: Contains Events triggered during `BeginBlock` and `EndBlock`. +* `Tx`: Contains Events triggered during `DeliverTx` (i.e. transaction processing). +* `ValidatorSetUpdates`: Contains validator set updates for the block. + +These Events are triggered from the `state` package after a block is committed. You can get the +full list of Event categories [on the CometBFT Go documentation](https://pkg.go.dev/github.com/cometbft/cometbft/types#pkg-constants). + +The `type` and `attribute` value of the `query` allow you to filter the specific Event you are looking for. For example, a `Mint` transaction triggers an Event of type `EventMint` and has an `Id` and an `Owner` as `attributes` (as defined in the [`events.proto` file of the `NFT` module](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/proto/cosmos/nft/v1beta1/event.proto#L21-L31)). + +Subscribing to this Event would be done like so: + +```json +{ + "jsonrpc": "2.0", + "method": "subscribe", + "id": "0", + "params": { + "query": "tm.event='Tx' AND mint.owner='ownerAddress'" + } +} +``` + +where `ownerAddress` is an address following the [`AccAddress`](../beginner/03-accounts.md#addresses) format. + +The same way can be used to subscribe to [legacy events](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/bank/types/events.go). + +## Default Events + +There are a few events that are automatically emitted for all messages, directly from `baseapp`. + +* `message.action`: The name of the message type. +* `message.sender`: The address of the message signer. +* `message.module`: The name of the module that emitted the message. + +:::tip +The module name is assumed by `baseapp` to be the second element of the message route: `"cosmos.bank.v1beta1.MsgSend" -> "bank"`. +In case a module does not follow the standard message path, (e.g. IBC), it is advised to keep emitting the module name event. +`Baseapp` only emits that event if the module have not already done so. +::: diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/09-telemetry.md b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/09-telemetry.md new file mode 100644 index 00000000..fb16da78 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/09-telemetry.md @@ -0,0 +1,128 @@ +--- +sidebar_position: 1 +--- + +# Telemetry + +:::note Synopsis +Gather relevant insights about your application and modules with custom metrics and telemetry. +::: + +The Cosmos SDK enables operators and developers to gain insight into the performance and behavior of +their application through the use of the `telemetry` package. To enable telemetrics, set `telemetry.enabled = true` in the app.toml config file. + +The Cosmos SDK currently supports enabling in-memory and prometheus as telemetry sinks. In-memory sink is always attached (when the telemetry is enabled) with 10 second interval and 1 minute retention. This means that metrics will be aggregated over 10 seconds, and metrics will be kept alive for 1 minute. + +To query active metrics (see retention note above) you have to enable API server (`api.enabled = true` in the app.toml). Single API endpoint is exposed: `http://localhost:1317/metrics?format={text|prometheus}`, the default being `text`. + +## Emitting metrics + +If telemetry is enabled via configuration, a single global metrics collector is registered via the +[go-metrics](https://github.com/hashicorp/go-metrics) library. This allows emitting and collecting +metrics through simple [API](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/telemetry/wrapper.go). Example: + +```go +func EndBlocker(ctx sdk.Context, k keeper.Keeper) { + defer telemetry.ModuleMeasureSince(types.ModuleName, time.Now(), telemetry.MetricKeyEndBlocker) + + // ... +} +``` + +Developers may use the `telemetry` package directly, which provides wrappers around metric APIs +that include adding useful labels, or they must use the `go-metrics` library directly. It is preferable +to add as much context and adequate dimensionality to metrics as possible, so the `telemetry` package +is advised. Regardless of the package or method used, the Cosmos SDK supports the following metrics +types: + +* gauges +* summaries +* counters + +## Labels + +Certain components of modules will have their name automatically added as a label (e.g. `BeginBlock`). +Operators may also supply the application with a global set of labels that will be applied to all +metrics emitted using the `telemetry` package (e.g. chain-id). Global labels are supplied as a list +of [name, value] tuples. + +Example: + +```toml +global-labels = [ + ["chain_id", "chain-OfXo4V"], +] +``` + +## Cardinality + +Cardinality is key, specifically label and key cardinality. Cardinality is how many unique values of +something there are. So there is naturally a tradeoff between granularity and how much stress is put +on the telemetry sink in terms of indexing, scrape, and query performance. + +Developers should take care to support metrics with enough dimensionality and granularity to be +useful, but not increase the cardinality beyond the sink's limits. A general rule of thumb is to not +exceed a cardinality of 10. + +Consider the following examples with enough granularity and adequate cardinality: + +* begin/end blocker time +* tx gas used +* block gas used +* amount of tokens minted +* amount of accounts created + +The following examples expose too much cardinality and may not even prove to be useful: + +* transfers between accounts with amount +* voting/deposit amount from unique addresses + +## Supported Metrics + +| Metric | Description | Unit | Type | +|:--------------------------------|:------------------------------------------------------------------------------------------|:----------------|:--------| +| `tx_count` | Total number of txs processed via `DeliverTx` | tx | counter | +| `tx_successful` | Total number of successful txs processed via `DeliverTx` | tx | counter | +| `tx_failed` | Total number of failed txs processed via `DeliverTx` | tx | counter | +| `tx_gas_used` | The total amount of gas used by a tx | gas | gauge | +| `tx_gas_wanted` | The total amount of gas requested by a tx | gas | gauge | +| `tx_msg_send` | The total amount of tokens sent in a `MsgSend` (per denom) | token | gauge | +| `tx_msg_withdraw_reward` | The total amount of tokens withdrawn in a `MsgWithdrawDelegatorReward` (per denom) | token | gauge | +| `tx_msg_withdraw_commission` | The total amount of tokens withdrawn in a `MsgWithdrawValidatorCommission` (per denom) | token | gauge | +| `tx_msg_delegate` | The total amount of tokens delegated in a `MsgDelegate` | token | gauge | +| `tx_msg_begin_unbonding` | The total amount of tokens undelegated in a `MsgUndelegate` | token | gauge | +| `tx_msg_begin_begin_redelegate` | The total amount of tokens redelegated in a `MsgBeginRedelegate` | token | gauge | +| `tx_msg_ibc_transfer` | The total amount of tokens transferred via IBC in a `MsgTransfer` (source or sink chain) | token | gauge | +| `ibc_transfer_packet_receive` | The total amount of tokens received in a `FungibleTokenPacketData` (source or sink chain) | token | gauge | +| `new_account` | Total number of new accounts created | account | counter | +| `gov_proposal` | Total number of governance proposals | proposal | counter | +| `gov_vote` | Total number of governance votes for a proposal | vote | counter | +| `gov_deposit` | Total number of governance deposits for a proposal | deposit | counter | +| `staking_delegate` | Total number of delegations | delegation | counter | +| `staking_undelegate` | Total number of undelegations | undelegation | counter | +| `staking_redelegate` | Total number of redelegations | redelegation | counter | +| `ibc_transfer_send` | Total number of IBC transfers sent from a chain (source or sink) | transfer | counter | +| `ibc_transfer_receive` | Total number of IBC transfers received to a chain (source or sink) | transfer | counter | +| `ibc_client_create` | Total number of clients created | create | counter | +| `ibc_client_update` | Total number of client updates | update | counter | +| `ibc_client_upgrade` | Total number of client upgrades | upgrade | counter | +| `ibc_client_misbehaviour` | Total number of client misbehaviours | misbehaviour | counter | +| `ibc_connection_open-init` | Total number of connection `OpenInit` handshakes | handshake | counter | +| `ibc_connection_open-try` | Total number of connection `OpenTry` handshakes | handshake | counter | +| `ibc_connection_open-ack` | Total number of connection `OpenAck` handshakes | handshake | counter | +| `ibc_connection_open-confirm` | Total number of connection `OpenConfirm` handshakes | handshake | counter | +| `ibc_channel_open-init` | Total number of channel `OpenInit` handshakes | handshake | counter | +| `ibc_channel_open-try` | Total number of channel `OpenTry` handshakes | handshake | counter | +| `ibc_channel_open-ack` | Total number of channel `OpenAck` handshakes | handshake | counter | +| `ibc_channel_open-confirm` | Total number of channel `OpenConfirm` handshakes | handshake | counter | +| `ibc_channel_close-init` | Total number of channel `CloseInit` handshakes | handshake | counter | +| `ibc_channel_close-confirm` | Total number of channel `CloseConfirm` handshakes | handshake | counter | +| `tx_msg_ibc_recv_packet` | Total number of IBC packets received | packet | counter | +| `tx_msg_ibc_acknowledge_packet` | Total number of IBC packets acknowledged | acknowledgement | counter | +| `ibc_timeout_packet` | Total number of IBC timeout packets | timeout | counter | +| `store_iavl_get` | Duration of an IAVL `Store#Get` call | ms | summary | +| `store_iavl_set` | Duration of an IAVL `Store#Set` call | ms | summary | +| `store_iavl_has` | Duration of an IAVL `Store#Has` call | ms | summary | +| `store_iavl_delete` | Duration of an IAVL `Store#Delete` call | ms | summary | +| `store_iavl_commit` | Duration of an IAVL `Store#Commit` call | ms | summary | +| `store_iavl_query` | Duration of an IAVL `Store#Query` call | ms | summary | diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/10-ocap.md b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/10-ocap.md new file mode 100644 index 00000000..62076172 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/10-ocap.md @@ -0,0 +1,76 @@ +--- +sidebar_position: 1 +--- + +# Object-Capability Model + +## Intro + +When thinking about security, it is good to start with a specific threat model. Our threat model is the following: + +> We assume that a thriving ecosystem of Cosmos SDK modules that are easy to compose into a blockchain application will contain faulty or malicious modules. + +The Cosmos SDK is designed to address this threat by being the +foundation of an object capability system. + +> The structural properties of object capability systems favor +> modularity in code design and ensure reliable encapsulation in +> code implementation. +> +> These structural properties facilitate the analysis of some +> security properties of an object-capability program or operating +> system. Some of these — in particular, information flow properties +> — can be analyzed at the level of object references and +> connectivity, independent of any knowledge or analysis of the code +> that determines the behavior of the objects. +> +> As a consequence, these security properties can be established +> and maintained in the presence of new objects that contain unknown +> and possibly malicious code. +> +> These structural properties stem from the two rules governing +> access to existing objects: +> +> 1. An object A can send a message to B only if object A holds a +> reference to B. +> 2. An object A can obtain a reference to C only +> if object A receives a message containing a reference to C. As a +> consequence of these two rules, an object can obtain a reference +> to another object only through a preexisting chain of references. +> In short, "Only connectivity begets connectivity." + +For an introduction to object-capabilities, see this [Wikipedia article](https://en.wikipedia.org/wiki/Object-capability_model). + +## Ocaps in practice + +The idea is to only reveal what is necessary to get the work done. + +For example, the following code snippet violates the object capabilities +principle: + +```go +type AppAccount struct {...} +account := &AppAccount{ + Address: pub.Address(), + Coins: sdk.Coins{sdk.NewInt64Coin("ATM", 100)}, +} +sumValue := externalModule.ComputeSumValue(account) +``` + +The method `ComputeSumValue` implies a pure function, yet the implied +capability of accepting a pointer value is the capability to modify that +value. The preferred method signature should take a copy instead. + +```go +sumValue := externalModule.ComputeSumValue(*account) +``` + +In the Cosmos SDK, you can see the application of this principle in simapp. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/simapp/app.go +``` + +The following diagram shows the current dependencies between keepers. + +![Keeper dependencies](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/keeper_dependencies.svg) diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/11-runtx_middleware.md b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/11-runtx_middleware.md new file mode 100644 index 00000000..b88c4c50 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/11-runtx_middleware.md @@ -0,0 +1,67 @@ +--- +sidebar_position: 1 +--- + +# RunTx recovery middleware + +`BaseApp.runTx()` function handles Go panics that might occur during transactions execution, for example, keeper has faced an invalid state and paniced. +Depending on the panic type different handler is used, for instance the default one prints an error log message. +Recovery middleware is used to add custom panic recovery for Cosmos SDK application developers. + +More context can found in the corresponding [ADR-022](../../build/architecture/adr-022-custom-panic-handling.md) and the implementation in [recovery.go](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/baseapp/recovery.go). + +## Interface + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/baseapp/recovery.go#L14-L17 +``` + +`recoveryObj` is a return value for `recover()` function from the `buildin` Go package. + +**Contract:** + +* RecoveryHandler returns `nil` if `recoveryObj` wasn't handled and should be passed to the next recovery middleware; +* RecoveryHandler returns a non-nil `error` if `recoveryObj` was handled; + +## Custom RecoveryHandler register + +`BaseApp.AddRunTxRecoveryHandler(handlers ...RecoveryHandler)` + +BaseApp method adds recovery middleware to the default recovery chain. + +## Example + +Lets assume we want to emit the "Consensus failure" chain state if some particular error occurred. + +We have a module keeper that panics: + +```go +func (k FooKeeper) Do(obj interface{}) { + if obj == nil { + // that shouldn't happen, we need to crash the app + err := errorsmod.Wrap(fooTypes.InternalError, "obj is nil") + panic(err) + } +} +``` + +By default that panic would be recovered and an error message will be printed to log. To override that behaviour we should register a custom RecoveryHandler: + +```go +// Cosmos SDK application constructor +customHandler := func(recoveryObj interface{}) error { + err, ok := recoveryObj.(error) + if !ok { + return nil + } + + if fooTypes.InternalError.Is(err) { + panic(fmt.Errorf("FooKeeper did panic with error: %w", err)) + } + + return nil +} + +baseApp := baseapp.NewBaseApp(...) +baseApp.AddRunTxRecoveryHandler(customHandler) +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/12-simulation.md b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/12-simulation.md new file mode 100644 index 00000000..709ce176 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/12-simulation.md @@ -0,0 +1,94 @@ +--- +sidebar_position: 1 +--- + +# Cosmos Blockchain Simulator + +The Cosmos SDK offers a full fledged simulation framework to fuzz test every +message defined by a module. + +On the Cosmos SDK, this functionality is provided by [`SimApp`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/simapp/app_di.go), which is a +`Baseapp` application that is used for running the [`simulation`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/simulation) module. +This module defines all the simulation logic as well as the operations for +randomized parameters like accounts, balances etc. + +## Goals + +The blockchain simulator tests how the blockchain application would behave under +real life circumstances by generating and sending randomized messages. +The goal of this is to detect and debug failures that could halt a live chain, +by providing logs and statistics about the operations run by the simulator as +well as exporting the latest application state when a failure was found. + +Its main difference with integration testing is that the simulator app allows +you to pass parameters to customize the chain that's being simulated. +This comes in handy when trying to reproduce bugs that were generated in the +provided operations (randomized or not). + +## Simulation commands + +The simulation app has different commands, each of which tests a different +failure type: + +* `AppImportExport`: The simulator exports the initial app state and then it + creates a new app with the exported `genesis.json` as an input, checking for + inconsistencies between the stores. +* `AppSimulationAfterImport`: Queues two simulations together. The first one provides the app state (_i.e_ genesis) to the second. Useful to test software upgrades or hard-forks from a live chain. +* `AppStateDeterminism`: Checks that all the nodes return the same values, in the same order. +* `FullAppSimulation`: General simulation mode. Runs the chain and the specified operations for a given number of blocks. Tests that there're no `panics` on the simulation. + +Each simulation must receive a set of inputs (_i.e_ flags) such as the number of +blocks that the simulation is run, seed, block size, etc. +Check the full list of flags [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/simulation/client/cli/flags.go#L43-L70). + +## Simulator Modes + +In addition to the various inputs and commands, the simulator runs in three modes: + +1. Completely random where the initial state, module parameters and simulation + parameters are **pseudo-randomly generated**. +2. From a `genesis.json` file where the initial state and the module parameters are defined. + This mode is helpful for running simulations on a known state such as a live network export where a new (mostly likely breaking) version of the application needs to be tested. +3. From a `params.json` file where the initial state is pseudo-randomly generated but the module and simulation parameters can be provided manually. + This allows for a more controlled and deterministic simulation setup while allowing the state space to still be pseudo-randomly simulated. + The list of available parameters are listed [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/simulation/client/cli/flags.go#L72-L90). + +:::tip +These modes are not mutually exclusive. So you can for example run a randomly +generated genesis state (`1`) with manually generated simulation params (`3`). +::: + +## Usage + +This is a general example of how simulations are run. For more specific examples +check the Cosmos SDK [Makefile](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/Makefile#L285-L320). + +```bash + $ go test -mod=readonly github.com/cosmos/cosmos-sdk/simapp \ + -run=TestApp \ + ... + -v -timeout 24h +``` + +## Debugging Tips + +Here are some suggestions when encountering a simulation failure: + +* Export the app state at the height where the failure was found. You can do this + by passing the `-ExportStatePath` flag to the simulator. +* Use `-Verbose` logs. They could give you a better hint on all the operations + involved. +* Try using another `-Seed`. If it can reproduce the same error and if it fails + sooner, you will spend less time running the simulations. +* Reduce the `-NumBlocks` . How's the app state at the height previous to the + failure? +* Try adding logs to operations that are not logged. You will have to define a + [Logger](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/staking/keeper/keeper.go#L77-L81) on your `Keeper`. + +## Use simulation in your Cosmos SDK-based application + +Learn how you can build the simulation into your Cosmos SDK-based application: + +* Application Simulation Manager +* [Building modules: Simulator](../../build/building-modules/14-simulator.md) +* Simulator tests diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/13-proto-docs.md b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/13-proto-docs.md new file mode 100644 index 00000000..6c857446 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/13-proto-docs.md @@ -0,0 +1,7 @@ +--- +sidebar_position: 1 +--- + +# Protobuf Documentation + +See [Cosmos SDK Buf Proto-docs](https://buf.build/cosmos/cosmos-sdk/docs/main) diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/15-upgrade.md b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/15-upgrade.md new file mode 100644 index 00000000..5d56f2b5 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/15-upgrade.md @@ -0,0 +1,162 @@ +--- +sidebar_position: 1 +--- + +# In-Place Store Migrations + +:::warning +Read and understand all the in-place store migration documentation before you run a migration on a live chain. +::: + +:::note Synopsis +Upgrade your app modules smoothly with custom in-place store migration logic. +::: + +The Cosmos SDK uses two methods to perform upgrades: + +* Exporting the entire application state to a JSON file using the `export` CLI command, making changes, and then starting a new binary with the changed JSON file as the genesis file. + +* Perform upgrades in place, which significantly decrease the upgrade time for chains with a larger state. Use the [Module Upgrade Guide](../../build/building-modules/13-upgrade.md) to set up your application modules to take advantage of in-place upgrades. + +This document provides steps to use the In-Place Store Migrations upgrade method. + +## Tracking Module Versions + +Each module gets assigned a consensus version by the module developer. The consensus version serves as the breaking change version of the module. The Cosmos SDK keeps track of all module consensus versions in the x/upgrade `VersionMap` store. During an upgrade, the difference between the old `VersionMap` stored in state and the new `VersionMap` is calculated by the Cosmos SDK. For each identified difference, the module-specific migrations are run and the respective consensus version of each upgraded module is incremented. + +### Consensus Version + +The consensus version is defined on each app module by the module developer and serves as the breaking change version of the module. The consensus version informs the Cosmos SDK on which modules need to be upgraded. For example, if the bank module was version 2 and an upgrade introduces bank module 3, the Cosmos SDK upgrades the bank module and runs the "version 2 to 3" migration script. + +### Version Map + +The version map is a mapping of module names to consensus versions. The map is persisted to x/upgrade's state for use during in-place migrations. When migrations finish, the updated version map is persisted in the state. + +## Upgrade Handlers + +Upgrades use an `UpgradeHandler` to facilitate migrations. The `UpgradeHandler` functions implemented by the app developer must conform to the following function signature. These functions retrieve the `VersionMap` from x/upgrade's state and return the new `VersionMap` to be stored in x/upgrade after the upgrade. The diff between the two `VersionMap`s determines which modules need upgrading. + +```go +type UpgradeHandler func(ctx sdk.Context, plan Plan, fromVM VersionMap) (VersionMap, error) +``` + +Inside these functions, you must perform any upgrade logic to include in the provided `plan`. All upgrade handler functions must end with the following line of code: + +```go + return app.mm.RunMigrations(ctx, cfg, fromVM) +``` + +## Running Migrations + +Migrations are run inside of an `UpgradeHandler` using `app.mm.RunMigrations(ctx, cfg, vm)`. The `UpgradeHandler` functions describe the functionality to occur during an upgrade. The `RunMigration` function loops through the `VersionMap` argument and runs the migration scripts for all versions that are less than the versions of the new binary app module. After the migrations are finished, a new `VersionMap` is returned to persist the upgraded module versions to state. + +```go +cfg := module.NewConfigurator(...) +app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + + // ... + // additional upgrade logic + // ... + + // returns a VersionMap with the updated module ConsensusVersions + return app.mm.RunMigrations(ctx, fromVM) +}) +``` + +To learn more about configuring migration scripts for your modules, see the [Module Upgrade Guide](../../build/building-modules/13-upgrade.md). + +### Order Of Migrations + +By default, all migrations are run in module name alphabetical ascending order, except `x/auth` which is run last. The reason is state dependencies between x/auth and other modules (you can read more in [issue #10606](https://github.com/cosmos/cosmos-sdk/issues/10606)). + +If you want to change the order of migration, then you should call `app.mm.SetOrderMigrations(module1, module2, ...)` in your app.go file. The function will panic if you forget to include a module in the argument list. + +## Adding New Modules During Upgrades + +You can introduce entirely new modules to the application during an upgrade. New modules are recognized because they have not yet been registered in `x/upgrade`'s `VersionMap` store. In this case, `RunMigrations` calls the `InitGenesis` function from the corresponding module to set up its initial state. + +### Add StoreUpgrades for New Modules + +All chains preparing to run in-place store migrations will need to manually add store upgrades for new modules and then configure the store loader to apply those upgrades. This ensures that the new module's stores are added to the multistore before the migrations begin. + +```go +upgradeInfo, err := app.UpgradeKeeper.ReadUpgradeInfoFromDisk() +if err != nil { + panic(err) +} + +if upgradeInfo.Name == "my-plan" && !app.UpgradeKeeper.IsSkipHeight(upgradeInfo.Height) { + storeUpgrades := storetypes.StoreUpgrades{ + // add store upgrades for new modules + // Example: + // Added: []string{"foo", "bar"}, + // ... + } + + // configure store loader that checks if version == upgradeHeight and applies store upgrades + app.SetStoreLoader(upgradetypes.UpgradeStoreLoader(upgradeInfo.Height, &storeUpgrades)) +} +``` + +## Genesis State + +When starting a new chain, the consensus version of each module MUST be saved to state during the application's genesis. To save the consensus version, add the following line to the `InitChainer` method in `app.go`: + +```diff +func (app *MyApp) InitChainer(ctx sdk.Context, req abci.RequestInitChain) abci.ResponseInitChain { + ... ++ app.UpgradeKeeper.SetModuleVersionMap(ctx, app.mm.GetVersionMap()) + ... +} +``` + +This information is used by the Cosmos SDK to detect when modules with newer versions are introduced to the app. + +For a new module `foo`, `InitGenesis` is called by `RunMigration` only when `foo` is registered in the module manager but it's not set in the `fromVM`. Therefore, if you want to skip `InitGenesis` when a new module is added to the app, then you should set its module version in `fromVM` to the module consensus version: + +```go +app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + // ... + + // Set foo's version to the latest ConsensusVersion in the VersionMap. + // This will skip running InitGenesis on Foo + fromVM[foo.ModuleName] = foo.AppModule{}.ConsensusVersion() + + return app.mm.RunMigrations(ctx, fromVM) +}) +``` + +### Overwriting Genesis Functions + +The Cosmos SDK offers modules that the application developer can import in their app. These modules often have an `InitGenesis` function already defined. + +You can write your own `InitGenesis` function for an imported module. To do this, manually trigger your custom genesis function in the upgrade handler. + +:::warning +You MUST manually set the consensus version in the version map passed to the `UpgradeHandler` function. Without this, the SDK will run the Module's existing `InitGenesis` code even if you triggered your custom function in the `UpgradeHandler`. +::: + +```go +import foo "github.com/my/module/foo" + +app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + + // Register the consensus version in the version map + // to avoid the SDK from triggering the default + // InitGenesis function. + fromVM["foo"] = foo.AppModule{}.ConsensusVersion() + + // Run custom InitGenesis for foo + app.mm["foo"].InitGenesis(ctx, app.appCodec, myCustomGenesisState) + + return app.mm.RunMigrations(ctx, cfg, fromVM) +}) +``` + +## Syncing a Full Node to an Upgraded Blockchain + +You can sync a full node to an existing blockchain which has been upgraded using Cosmovisor + +To successfully sync, you must start with the initial binary that the blockchain started with at genesis. If all Software Upgrade Plans contain binary instruction, then you can run Cosmovisor with auto-download option to automatically handle downloading and switching to the binaries associated with each sequential upgrade. Otherwise, you need to manually provide all binaries to Cosmovisor. + +To learn more about Cosmovisor, see the [Cosmovisor Quick Start](../../build/tooling/01-cosmovisor.md). diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/16-config.md b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/16-config.md new file mode 100644 index 00000000..03aa55a2 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/16-config.md @@ -0,0 +1,24 @@ +--- +sidebar_position: 1 +--- + +# Configuration + +This documentation refers to the app.toml, if you'd like to read about the config.toml please visit [CometBFT docs](https://docs.cometbft.com/v0.37/). + + +```python reference +https://github.com/cosmos/cosmos-sdk/blob/main/tools/confix/data/v0.47-app.toml +``` + +## inter-block-cache + +This feature will consume more ram than a normal node, if enabled. + +## iavl-cache-size + +Using this feature will increase ram consumption + +## iavl-lazy-loading + +This feature is to be used for archive nodes, allowing them to have a faster start up time. diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/17-autocli.md b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/17-autocli.md new file mode 100644 index 00000000..24bc5ee5 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/17-autocli.md @@ -0,0 +1,262 @@ +--- +sidebar_position: 1 +--- + +# AutoCLI + +:::note Synopsis +This document details how to build CLI and REST interfaces for a module. Examples from various Cosmos SDK modules are included. +::: + +:::note Pre-requisite Readings + +* [CLI](https://docs.cosmos.network/main/core/cli) + +::: + +The `autocli` (also known as `client/v2`) package is a [Go library](https://pkg.go.dev/cosmossdk.io/client/v2/autocli) for generating CLI (command line interface) interfaces for Cosmos SDK-based applications. It provides a simple way to add CLI commands to your application by generating them automatically based on your gRPC service definitions. Autocli generates CLI commands and flags directly from your protobuf messages, including options, input parameters, and output parameters. This means that you can easily add a CLI interface to your application without having to manually create and manage commands. + +## Overview + +`autocli` generates CLI commands and flags for each method defined in your gRPC service. By default, it generates commands for each gRPC services. The commands are named based on the name of the service method. + +For example, given the following protobuf definition for a service: + +```protobuf +service MyService { + rpc MyMethod(MyRequest) returns (MyResponse) {} +} +``` + +For instance, `autocli` would generate a command named `my-method` for the `MyMethod` method. The command will have flags for each field in the `MyRequest` message. + +It is possible to customize the generation of transactions and queries by defining options for each service. + +## Application Wiring + +Here are the steps to use AutoCLI: + +1. Ensure your app's modules implements the `appmodule.AppModule` interface. +2. (optional) Configure how behave `autocli` command generation, by implementing the `func (am AppModule) AutoCLIOptions() *autocliv1.ModuleOptions` method on the module. +3. Use the `autocli.AppOptions` struct to specify the modules you defined. If you are using `depinject`, it can automatically create an instance of `autocli.AppOptions` based on your app's configuration. +4. Use the `EnhanceRootCommand()` method provided by `autocli` to add the CLI commands for the specified modules to your root command. + +:::tip +AutoCLI is additive only, meaning _enhancing_ the root command will only add subcommands that are not already registered. This means that you can use AutoCLI alongside other custom commands within your app. +::: + +Here's an example of how to use `autocli` in your app: + +``` go +// Define your app's modules +testModules := map[string]appmodule.AppModule{ + "testModule": &TestModule{}, +} + +// Define the autocli AppOptions +autoCliOpts := autocli.AppOptions{ + Modules: testModules, +} + +// Create the root command +rootCmd := &cobra.Command{ + Use: "app", +} + +if err := appOptions.EnhanceRootCommand(rootCmd); err != nil { + return err +} + +// Run the root command +if err := rootCmd.Execute(); err != nil { + return err +} +``` + +### Keyring + +`autocli` uses a keyring for key name resolving names and signing transactions. + +:::tip +AutoCLI provides a better UX than normal CLI as it allows to resolve key names directly from the keyring in all transactions and commands. + +```sh + q bank balances alice + tx bank send alice bob 1000denom +``` + +::: + +The keyring used for resolving names and signing transactions is provided via the `client.Context`. +The keyring is then converted to the `client/v2/autocli/keyring` interface. +If no keyring is provided, the `autocli` generated command will not be able to sign transactions, but will still be able to query the chain. + +:::tip +The Cosmos SDK keyring and Hubl keyring both implement the `client/v2/autocli/keyring` interface, thanks to the following wrapper: + +```go +keyring.NewAutoCLIKeyring(kb) +``` + +::: + +## Signing + +`autocli` supports signing transactions with the keyring. +The [`cosmos.msg.v1.signer` protobuf annotation](https://docs.cosmos.network/main/build/building-modules/protobuf-annotations) defines the signer field of the message. +This field is automatically filled when using the `--from` flag or defining the signer as a positional argument. + +:::warning +AutoCLI currently supports only one signer per transaction. +::: + +## Module wiring & Customization + +The `AutoCLIOptions()` method on your module allows to specify custom commands, sub-commands or flags for each service, as it was a `cobra.Command` instance, within the `RpcCommandOptions` struct. Defining such options will customize the behavior of the `autocli` command generation, which by default generates a command for each method in your gRPC service. + +```go +*autocliv1.RpcCommandOptions{ + RpcMethod: "Params", // The name of the gRPC service + Use: "params", // Command usage that is displayed in the help + Short: "Query the parameters of the governance process", // Short description of the command + Long: "Query the parameters of the governance process. Specify specific param types (voting|tallying|deposit) to filter results.", // Long description of the command + PositionalArgs: []*autocliv1.PositionalArgDescriptor{ + {ProtoField: "params_type", Optional: true}, // Transform a flag into a positional argument + }, +} +``` + +:::tip +AutoCLI can create a gov proposal of any tx by simply setting the `GovProposal` field to `true` in the `autocli.RpcCommandOptions` struct. +Users can however use the `--no-proposal` flag to disable the proposal creation (which is useful if the authority isn't the gov module on a chain). +::: + +### Specifying Subcommands + +By default, `autocli` generates a command for each method in your gRPC service. However, you can specify subcommands to group related commands together. To specify subcommands, use the `autocliv1.ServiceCommandDescriptor` struct. + +This example shows how to use the `autocliv1.ServiceCommandDescriptor` struct to group related commands together and specify subcommands in your gRPC service by defining an instance of `autocliv1.ModuleOptions` in your `autocli.go`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-beta.0/x/gov/autocli.go#L94-L97 +``` + +### Positional Arguments + +By default `autocli` generates a flag for each field in your protobuf message. However, you can choose to use positional arguments instead of flags for certain fields. + +To add positional arguments to a command, use the `autocliv1.PositionalArgDescriptor` struct, as seen in the example below. Specify the `ProtoField` parameter, which is the name of the protobuf field that should be used as the positional argument. In addition, if the parameter is a variable-length argument, you can specify the `Varargs` parameter as `true`. This can only be applied to the last positional parameter, and the `ProtoField` must be a repeated field. + +Here's an example of how to define a positional argument for the `Account` method of the `auth` service: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-beta.0/x/auth/autocli.go#L25-L30 +``` + +Then the command can be used as follows, instead of having to specify the `--address` flag: + +```bash + query auth account cosmos1abcd...xyz +``` + +#### Flattened Fields in Positional Arguments + +AutoCLI also supports flattening nested message fields as positional arguments. This means you can access nested fields +using dot notation in the `ProtoField` parameter. This is particularly useful when you want to directly set nested +message fields as positional arguments. + +For example, if you have a nested message structure like this: + +```protobuf +message Permissions { + string level = 1; + repeated string limit_type_urls = 2; +} + +message MsgAuthorizeCircuitBreaker { + string grantee = 1; + Permissions permissions = 2; +} +``` + +You can flatten the fields in your AutoCLI configuration: + +```go +{ + RpcMethod: "AuthorizeCircuitBreaker", + Use: "authorize ", + PositionalArgs: []*autocliv1.PositionalArgDescriptor{ + {ProtoField: "grantee"}, + {ProtoField: "permissions.level"}, + {ProtoField: "permissions.limit_type_urls"}, + }, +} +``` + +This allows users to provide values for nested fields directly as positional arguments: + +```bash + tx circuit authorize cosmos1... super-admin "/cosmos.bank.v1beta1.MsgSend,/cosmos.bank.v1beta1.MsgMultiSend" +``` + +Instead of having to provide a complex JSON structure for nested fields, flattening makes the CLI more user-friendly by allowing direct access to nested fields. + +#### Customising Flag Names + +By default, `autocli` generates flag names based on the names of the fields in your protobuf message. However, you can customise the flag names by providing a `FlagOptions`. This parameter allows you to specify custom names for flags based on the names of the message fields. + +For example, if you have a message with the fields `test` and `test1`, you can use the following naming options to customise the flags: + +``` go +autocliv1.RpcCommandOptions{ + FlagOptions: map[string]*autocliv1.FlagOptions{ + "test": { Name: "custom_name", }, + "test1": { Name: "other_name", }, + }, +} +``` + +`FlagsOptions` is defined like sub commands in the `AutoCLIOptions()` method on your module. + +### Combining AutoCLI with Other Commands Within A Module + +AutoCLI can be used alongside other commands within a module. For example, the `gov` module uses AutoCLI to generate commands for the `query` subcommand, but also defines custom commands for the `proposer` subcommands. + +In order to enable this behavior, set in `AutoCLIOptions()` the `EnhanceCustomCommand` field to `true`, for the command type (queries and/or transactions) you want to enhance. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/fa4d87ef7e6d87aaccc94c337ffd2fe90fcb7a9d/x/gov/autocli.go#L98 +``` + +If not set to true, `AutoCLI` will not generate commands for the module if there are already commands registered for the module (when `GetTxCmd()` or `GetTxCmd()` are defined). + +### Skip a command + +AutoCLI automatically skips unsupported commands when [`cosmos_proto.method_added_in` protobuf annotation](https://docs.cosmos.network/main/build/building-modules/protobuf-annotations) is present. + +Additionally, a command can be manually skipped using the `autocliv1.RpcCommandOptions`: + +```go +*autocliv1.RpcCommandOptions{ + RpcMethod: "Params", // The name of the gRPC service + Skip: true, +} +``` + +### Use AutoCLI for non module commands + +It is possible to use `AutoCLI` for non module commands. The trick is still to implement the `appmodule.Module` interface and append it to the `appOptions.ModuleOptions` map. + +For example, here is how the SDK does it for `cometbft` gRPC commands: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/client/v2.0.0-beta.1/client/grpc/cmtservice/autocli.go#L52-L71 +``` + +## Summary + +`autocli` let you generate CLI to your Cosmos SDK-based applications without any cobra boilerplate. It allows you to easily generate CLI commands and flags from your protobuf messages, and provides many options for customising the behavior of your CLI application. + +To further enhance your CLI experience with Cosmos SDK-based blockchains, you can use `hubl`. `hubl` is a tool that allows you to query any Cosmos SDK-based blockchain using the new AutoCLI feature of the Cosmos SDK. With `hubl`, you can easily configure a new chain and query modules with just a few simple commands. + +For more information on `hubl`, including how to configure a new chain and query a module, see the [Hubl documentation](https://docs.cosmos.network/main/tooling/hubl). diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/_category_.json b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/_category_.json new file mode 100644 index 00000000..a49201e6 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Advanced", + "position": 3, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/baseapp_state-begin_block.png b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/baseapp_state-begin_block.png new file mode 100644 index 0000000000000000000000000000000000000000..745d4a5a971292bb0346c35893b42ebfbcdc206e GIT binary patch literal 20565 zcmd@6WmHw)_s5SOT1t>oKnbP0kwyXOls^@mAbnmtInrrSg=X%fAB3eUDo)C`;4+H`cDk{iofk5bB;P(%Y zuz|Kwc!>%Gq5~<)zR~tI+0VxLLe@?3iQ7OH`t2Lbw>%a+5;={2I?Zq>qb)4UzcMqTUgc(sw|^lU@i-m}r2F)d?D!dQ|5HQrK_9|8 z>_gzDV-qon_vBIbSY!wbf6Q+?*LdJo{Ibf;rcZ_+E`Xc-DzbBm@w#f!@xZ(i=%b!@ zpzty=NpF!JT}xKT)oXYEMs?t-D~8-0I9}I}e^;@EoEnQKnxTeY9Qv}qLGLuc1CRR5 z|4Bht02~cOMc@>}Ml1(B?i-6fM8e2?@FMB`;QzO;OWyEFkIRI3q3c2_QHz98?fDh1 zB#qntVH<M47WREX5ZenxMVdFUDUgRj&DsTh$mM_lddu3jm2Z!9%eH&|<=JDG|I;}qYaCW>J zNo{?U=LY35?_jChyd05IYzxk|?m4yAloVEadc3kS0|Ez}?{R(@7*xg5;6 zGiIBJqtz5b(GXtL>$W$YyPr&mZ=+O7zn*V=C2Z9dL-ew2dH%E7;j~W9K!&Q)tN))c>V zFpv{pYJFHJIA;FKQ^aT2=gp0LZlIE+QI*1Q&aG+*mKR@0jinQ+c&xT;!ft#rkR|)- zZu<9$xN|cOPI=mOPQL0zRK7xr;pdQxI{R3um>`_C#0wpJGVwl31)@hY=t>TgT+IAM z+{qKg;{!vP!q(FVMAkjOaI4quh!~vaaK6Kzcs;*9=I>9ENM%r5%W()R#wC^S+fc;+ zC0K6U!gjKyp1j^0@?~cnHV`>4GyrAv_|^7Zly$UXI6HF?+D-j^pWd5Uo33-JKsj}z zFX`1-z9OmpY;^%97FIVI#F*@fq|5A{kKN_FF2FZ}Z<#44;DvF^NIhqxHk;7sr@bc) zrb%F7=Yg*+V%F{>=QhbgXBY51=Qw63e!|OJK>*;)hBg-L{yGQb9@0=G~83pG( zlWz{%Oj|`Ri%-knYhI6-a&kZA;J~2L6Xu?__1O4){}nL z5mq}d2`Ju~H7dMW-HN9^K0hHET;mRg-MlY!FD)wS)%>~D?Xhv`BVV9+XukEGPITaN zVgX;FCI60~WigtYnbqJ}Lp5YgA-!=wFF%;Y_)BJ$#~I(x5~FhG_X#6+`!f&ua(~64 zw_#uSu0CKu&sXJ#8uaJqU;#scEAe=<^aj=2oA7qV?M)dimCT*S9jaFR=%ift)rp(eBB$fS?shskDT84gbnHK znp74|3wym)!d2s>)g6xD229JT@49||^_C+FQtta$7}y9Zfk5z7#p0{}|`5 zFDxl~LQXTxJL6JZZTHtTaa0l-2&ZKRK}Uf^8`XKmj1ZNIOyEl}e|4>pBYwrGesBwY z?M70paqpBa=2FrOZmKeB4OHCXPU9MpdiZv_H)&FtF_hM-o#S_HFk9`F%@GjN`YR0~ z;7NSGzsxA}>6|aG_v|ug?n}4(!2+d6b{TkjFqXTOwaBS8p4!>Y=2} z!9x3vOYjyWq^~3y!g;xsGr1@ZM#f5$ha%;+wzPJ66E2N!*3sI)L-QPvyq#81xkiizguFHSXS#0__Gj*($6O|vhXrtAl zs&~?{JHO&|wRz*RQHIT#@7-%MhJd`;5p`=7Pv#8xBQcn|QH|Saz0lKQWAU&%o?va1 z3UmLvU{Jg$sXs7f&sOie^eBQ8{-|lX0@{&MLK&+ad;fjtDXTTA`l`oWqt=};^=zTl z@BLQ%9pP|h z8n5k6DK8$Av|Gq7p9>Si6-G;5u8w~7OaJ*yl>wU&0kqmH16g+XyH{+pJ~ucq)>eIx zNdB?n(U%B553@?EK|N^`_V=UPsezz&*m6z+_xWC8zr=ih0LptXJPCuLliwf?L8dp- zhuSRZyL2wY)acJ(&ppklGvdk>WB2%UCNzRiyj*+usQ-3tkgwcPBW)eZp!iamIgV$F z9By~kbSAu_LOEI(rtPpGdirXmNhY`dhj;uhi7w={-Mp%6NLjjsVoor9Q}c9jLltI9 z`J{%fDy{87r>;zoa=(L@5n^6)-usBNZvr)EiU$j3Kg}^a4zBRP_iHi$TPlh+`=qKo za(0^g>)$Xi_M_L#GU)rBVg1{82q&xiMfkFUUyTjMY>j!!^E=N9zaCf|HCshW8N-_o zy-G1(idCBs6-FGEO|=4T^^`(C#i=O}KZ?d@436JjHQlrZ-^~W^=YNe)~G#?5A7Ymsf%!l^+j}<<}ReQ~f_rFJe{Nh(%H5fd)9R1U2 zqao`mU;C`F&^h$5{WB+tfE|2fz?)CHub~7kEHR9 zinelv0=Dja-Jwrf@R>|Lr#bzr^@LbaSwGjA!eC=gTm*#(+_Tk<_%P0&QYg_VumD4DrTQw2sXB9 zSLmwmHqSGV_4FiUzdGC1gJv}xD}M0jj0%PM#+@XKZ%ng+c5*v6L`M7T_0>x-OFcD1cs?LsQHB%jAw}7nL7)W7f zGLJ3HqIhy+?>B^I{C&(b%WH8u-rFtc@3$`Nqv_4TtpXvtQPGodCj-7*?H|iVfXz){ zpJ|<2&#!;^n@TPr4Pk1}oH?{qNTx(nx>qe8?q(9k>gF=}>`_HqjB^c2ZaYGLVd5F| z-w7Ob^pv#AUXfE{MdZX@<#@*t%yI>x^k5z2B~(w->z<*hb?G2Wagb;rFu^lUtffHZ zw>D~tDesp_+gas*zU^_hY5Nj#w}V4D{xni;hn4>p+d`iBb-kR3~5wd*A=# zTs7aK69yH$U^oBlF-_E(WgpOL;XqPmRo@c;alpzm3DlVIT(9|m(icr=JQNqXqyNQ3gv8* zpq(1PQ+ei_aTWXne`b*%N@xC-aOE4h=LfHH@R@>gz5>CK+Si}UmImmqIE=y! z2cP%>8_9eIaap(wWLc%?r4kDsm%KU|!%7`NjJJfWg)A$&4!LhFd2VY-UGys2YpnR~ z2zVEc+U)Q3yWgMEj{R++tPVk8Q;vN@5EvoVc)HAuDVu#;j9v%yEChIop1~F(l%7?h zgQ~iYM{9idG)~am?*W(oVZiC3HYYzuEnPw}Vc-onv4Ou2>;uUo1+T!Uuj@krX0n-| z`22^|PQ-#LA6i^a3^Bmjy~8jskD_OK7H3n&o0%gQ)b%!-g-!$;1a{g(AIX|^5!K>J zjHTk&vhPkHCZax5p>T=A%X-uF^U<~mB1tQb>+a=p&PhWr7;BJde-D<=&x5mLosClU zbL5`hR;oMI;PVUZPqsON)8>$XR`44p$P#z|d-0W>TFO;7%{nG*0tlMSh{VlXJB|Hm zQ(72vP9Mw3c6ky;?!I8TB!_A=DKkt;Ef=cgvX$)R=-rRR?abHiKi2x@Yw+sV^%=YM z);Gzz|n0`+8Bo za(B{+%gNA3kmr+isYj9ISfLY!L5oAtg3of$mLvTS9b;DG#+SJk)j_>B7@ra!gqNT5 zo>8zGX;BII%g0c#GU7 z;r^{16sGz>m`jqZfej{)NOHH)K4?N2RBc+1qms<3SJ*$Ns(%RQ?yG$fsS6F)hX@DQ-s&y7u?Go(Vu4jeKR=w^k)%wb!`#^^n)%caNtXg{Y>V z$H}b6y`RC2R(Ff2@W4nf1-$8}lS;tc<6Nt}tCa&MC@Ox<-E5vIb>z{}QlknQWt~H2 z^x04U%*}$Vtz|o@ANHyq4;VP-NPJs$YK@F4R8&>9;e~pNjnh!ec#FTi<%@2I2(Ps5 z@gC>9%gI!1q$#WBJ5gOWHhxJ_2q;?dy!~_8)_wJbVbhaj)i`LWZ6<1NEl_RoCk1cD za?n*n70Gg=n+zh7BW1r7))$K9Xr&U#gf49uO9+$PrN8Z72zcl+vv~1M3Ir}1=#I-I z^O3afzchD08<867C9f28{b_jewdW=xg7Zy*2{6rieLxT=gorGY|8hC~d369nVE;0; zggdsAma7P$6FU*iZqo*_WKs!18bAYNVz*Ey*#nhSxL@S+?CavG z+>Fb935!9Yfp5+ag?I#mcA>wy)q`>FVO+CT7WJ1cTHU+VUMNvYe*brNx09h^i*eL{ ze}5feFl`M#_D(T0&#*(SCWKn57}Wi;k}&(k0iKld4<~uq3O>Ai1iok_TIB?vV*9*= zl{o@m16TCUT@#hw3oJdkN!@H;F1UdlvqbIB)hkvNz!yi!T~0DS6M0dYwCAFrb=@xzYt-iM-e;ScF7Bo zWfq$SsJDATJZWP+%(i+HFiW}QLW=iVRjj>ux{*Xs1I`a?_JI)`Vp5~hECOSMB3IUZ zr~Xqn+!u2-ohl^@>*YC5q(j{h`1Dx^0#rXG9zz&g4qJb(b7f08nz0A|e9`7Q0kVwP z6LrhEqWrxbOxX4)oOi>rH=N+$)e5LI>BQufWWP?+xcI5-pUvnt$b&9@YL&qa0-oB- zC&8H@m13Z)5}@w;*{NTzIj-t6qT=Ws%X85i+006kIXc%I&Vz0fewgC4k5YtzMyH=X z$^n57TcNVH9*E5C&-&W3xj7v>@QO0$3-024-_a&G-*VFeUG`HXCtOzM!|tcxAF~0$ z({r0&LpMKiTJ*cVB4G=g-c2CwjaQ!jC<<9%*Y5?@jMY)4B|OJ(s~x|({Y5!9DE^_D z*@%;@`mUq;ljE4ZM6K()kSrQB^;`+PUfzT%9-LTzS(s9Qb9)B`A*M}^|1PEC#qZAQ z!0xx{qSi^cIc;7jSm4RN9`vpti)5lPrxtIQL&S90@w(Q$lg)s#dP53U_M?3&o?1BH ze`sv1{^F5{->xtQIGzf#KT7j%H&HDoKmI8<`1(z& zsDB@l?1SNSib##FQW4kC=H_$1f}p05yQx+JPwf$%nPUZBTa}n>*|*ES_ffNJKN-yU z4URXMq=OuC)!vHZ@jlL^7)iQ6d8-1M+y~ch^nN#0nlh^B+gT1y`nzaI?ejgN?1&eP z#Pwa}Gk6l1Dd;1~3hV=z$Nb_kCoxx1Q>5wzo#Xpm`7OZNZLVT#;&VV4NQk5{2r_k$yw z4OxCb_H~WT6>7(<@cOVWa!l&rc-Fg|xHd8Ltkz|in`xg3}q~LPHp{KmBb-HSB4hkW(ehgoTW9+fDCUm$1yLcOrD`njK07Z zrP#F>YvqA?ajYeXCutr7!8n3lCl$tc{4qF9#GF*shVa0CNnXeXe~_ZGTmI=t)npX! zdiJ>gpN~9Y8zHyXHMOia8CQ8%kX{N8lk~axe8)+xF*@J8s+aGB?++YzrjN2U24NAL z)HhotrpP$l5YWpqYxY~Qj_&AmGiKq{$Mp@A?z{o2mwKQgXts+6XPNk04 zJJHN`PY!T=hIaBSzh0lmNDCcmsv>dJ61)GC7wzDJ-+Mr(e8K0u2N4N4sBOMei~gNf zmQgqOsqqOAj}9b_zI>NgP5y{WGVr3|6}ui6Oov`sMSN--M~b)fN!6DWwrusDR^h>k zkd<~5`-R#@h*6s!kkAZCFW>r=ZdRRA=6lU!L&c`qwaSgildsLU;x0DlUD}{jbprz( zSg4I|h{!GPlxB&H`QWPteJ8JFsnRD8cktV7Z9pO@&5erqBjuCApq8P%75~Rp*W$07 zQ|o!Ev%p_4lF)`|hjCo$T1)NWI@TaZ5^|->Z*JyQJeD8doVcyi5PVnie5SR#nFWV? z*33jJ4TZb3c}Yf;&sW-7Zq#T;SE8DZ{!j(s4I{2xC~{_8pR0A|QQt*FxDFjbH{?_k z`Bu6Hzu>ZkL|5A!qh}qbayYh=TxiZkj%T*jkiea0r}NE^=t#xZ#UH2Umj)B3M#N%V zsC~sdlzjxoC1r9iWv|>Uc|lH9%VT;wYZ}yvsjzO?O%-;wf3kH3e9ZSwM$3gpMOvFrZ+UiRg z)M%-X(sdD^qHDbSvFj&h)hJM<^`V~`YM%S?GrN0VO9i`tOJd9)_RJaqS8IL-yneNA z-N$aofV+X;C%P&xUYYLAaY+<%!t(o}{q0PG1Ps+b&`^Ab@5~;*Gpnm94dxxL&6Xqc zKBK421U=&!M*jxvF9u3oba~cSIod^HaYM~J#In}06KQU)qrSjRrrX(^=So9N{`z9s zNw>pF#li5oS7teR-U9}vIf5hKrV!sLs_oKJ#Dr zlQf>MUo~d4VzB?(|CjU$`14)^;TPk^Kwg!cGR0*1{w+>N>#ORr4!ra~993wDxmx>I z1~oSE{h%wYm(|^i$V&{wrNg04(KlSKBH}2~y*tjWhio^FE&&2V zqJ{;sJH#^^B=!k=`S)jE-HRq2O_@~E2PV5{{|D+pE{CTE!Xg91+cT z<#SB(M0@xWpDXnB?#vkJO^2m|g1VYN8XF)WQueuG#zcqn`-m4RGb%iYcy-B49lSQ3 zA^leilk&s#bDO`WKh|NcoXCI9{kKsTr(MWBd3P#UI>@raZ^OrKSmlhyVC^96c@;-o z6A^)RL5g;OYy~~VoBBTD9ZbhME^fymy-~ULnuEFR_9#9K5BvzitySE3rC!9Ca`F0N zb&p=+A;`IqGl@Nw>!Y7;R_SkeLCg#j2e>@PDF@6HLIEcJZlw$6%A}>L>FIvdx-Ek> z$fH|AQ#U|aPgh_w@61H}+>GH*kS_|`-R#EZg!;Fv#%)eKz4Jgf|d zR+V-x2l&E-{^|;OhKv6Gx}HXPtY2u0iJv5qupLXpm02-TE*?au!SVFd6k# z{SCvz<;e(pcx(ca3w@InhbWlsqDbKhlTEDU?&O&`?dPKDZDiZSJ($b1fq^LBcSY*w zL09@;x`H@592M>I%@IpW42ay+vYmnhl{x7x8rTSw%5Pd_^D>0TI8Dc)ISmLITWCFCQ_&7Pe+bEBRd z&Q|Pb;#wrk6El7V={-XoZ*Rsz`Ml;HtU7)4a!;-i@gC)5?TrI8`JRVHS@wdnAN>Lr=;H=&Q5V# zj~u9G%#3f+9BlhnOAQvj#76|WL{EjHr~OsGJt~_(4O~aGvzHde^T%6UHAyKMec%kS zTXTGYteXGAY6q8b5q3HB@PBMN|9$&L9xaYWzg|hV!dB8qF~a=mYqR)U*Q>XzI^To8 zkfw}_b};pAdb>^wt?$;cI=^)EgGX|TUT&u5W~-X)F}DMiZ(`q>F{F z1k{v6sXhlxKLbkQbwFNiEK~L~0H`iEPpge+V_6si|DQ$^X4lvXl*Hcx<0=0-wbBCI zzvNhCTY}D820TM0L0Z7r6ex**1#08d8jeQ*5y5#_H_opUmZmFh&R!@_mr-5;l*E7k zGsO=NJPO@FJk}j0G1x~$GyD$by;H#?R<~F9wj-voDa7d2iY1C|A z`T&&vrOGeXeo-&KV9DBOXcjw^TQn^4!8^KTgZLF0!$p+M*{29ngtY%-GeTHg;Q zNOlt*_wg-2`JycS1nWicXL=MKoYQn zA{BrJr#n|wYv#Bp!!Y$fKIA_V1oSwmLl^WoMk+JEa#LNfj_W_T1pOa60($=PUqcom zq-Z{v>)>Gg9}t4s4A>a$wd}u!65O13V&Miu7Y6Te6OLu+*Cj{bWoUL}n(t;1Hd zneu?CeA8eF!^?hxS?{G9d`z?M!ME4FrM!>Z>3=i*Z-~ag5am+GG?8k7wZ4DipG8p1 z{%?My$)j}e{ycvg+F9^#Am3E~8}~nmM_fBEKZ@gNlF&;&Jy{OOBxzFBOD$Ddgs*-o zjduc>#!RDpheO@}fjA}70<5k&vd%Gm%P*m7vcpk*K`)`&vQWAA)Tew;Sn?_h>LdS~ zSm1i%Ch|W_FYoTd*yocSA8wr#_6`ge>{>c>7oN%QNBr+9>04b;Da8~AGeqP;EVz`k zvqf(vW)X}wp*b$1BPL47J=TwM+1Vjj zzs>C4|K|t)gOe(!INjMD;4q@M*EiaLE3lWG{b#2RsN+059aM`F&{ogl{B6* zC3oQC2)gn9b_fKlGTYoBZ`F>ExGsw~?7QSZbuviuO*m$+^HQ^)>-pYn8}hxZx$+_T z|8Y=lti)tw6JXgnMnx#Y=z4-wFsdNcMCs;Y*|)wHz@XH_Hu{qXlU~UWKb+6IL_04a z-Le;KNSW21KWi-l;2xK~I{E(wEZc+*l=(*z85E&JC)*>r<(@lZM7+56npkVe=z-dh z1?1mf_jfny#trTTU0EW4EPl@p=`Ip`b5ruqTiYcx^5hd})Q#JM@5Y%_GsM&AWj@JX ztdJNMun{|wy$-&;97^Z6%~8yH?RIb8`RPuj6TpOqj_hT0{vlnDRIoAx9le8QD$Rj$ zD3YWRPUse+kHXvQ9H$vxzrNi4!umcgTF;z414o+sKUz%MNGs0^HO0Qcd|99 zjp1f*R>v*LUK#Rm&rVNIPu&|&t*2@}Xe&~O{-3qhiqPY!1ldxhLhkbwgTuJ-^nFCxjKt?T|Nr{7 zPzlp5Gc?{C{Voq^iCW$I)TbRK(sb;uJ7bKLuU%KHBg&*{7@aczw@|^Q0gpM1qvU4_ z1^-Zek7Z#JcD_H4a_CB<#ddm=$DUZ&sd7#^{td4y4gKjmVZ6Qo4RiJ$XWSN74lQ8$ zqacI{32u=ojJr)`EBWOnG+_TpS+7H<$7xN%|4xOS|MaanyUB8fxoF7!tzU!3_U9EX zwXD}wcJ+P%bd zdm?BzU2d$^=xGm-QSuwf>XJ#3w81l|a}SHV>$7<5C25RGLFa|nv$gi`KUSs)yO^X4 zyX1(U{+8*W2_BI;q;(7`Qp=7zXm^SsV+AzjJFV70zput}u@vN?QOn00{iI*t<-2ISAX=71M8^|;yX#Cv+HG$c0jq@}+=NIaPz1M_es2HNA zD~KY(0i*Z#(uP2o27i9QQBGmgu>zJGsHm3%hE*&DC!a29o(=FAY}bybX6&Y|fn#}Z zKK#!0zc_FLnf=at<9>B)O(_|OjH8h-)GAbAJ#4winfRgE`Mk-p_p!$kZOARXn&Y#? z*PeegC=g;GeN_W3dylhQXc$T5d{yn_KnV z(E?!Ed6xjJXdgQ`U<`U0=Cjq65jv0CgKq!!s#1?;dM`Hnjn_VvFbTf0PCcu{Qq7eN z0`{sFh06elmO51irbd}0y_9=9-@lw2c&vDJe{-n%K-mT?5CiYkB{tnT{uG@cpPB}a zey_?E@hGg~vgwC*@9T?pf4_?ZR+_t^79QK-=ili=iVnMDp9)+4bD%*eqjLV+2t0Ji zC@n?!DQa5X=2x0|9!bkH_I62tfqT*_4&(_ZizQ`vJpa-Li1eC)#~L1FR&fv)jI;wi zW~u^upsMT`82=`R&;Jw6Y%rBuxV*<Rn9V<4j9=?S4r&lDa#6j{#D-rxt?nz<5J@8w)Cbf#{5AW3g8vZuUpzX$777 zvqWlcPsi1J{5$g@Wi$vWz>r^nHBVuGu5NQkcv*n-wNuBUJXD#pLc>|s=dn*Bt_Xw?^V zix)eqzVo_p(3**{<#yUH_W@E9zoN{XO?fCM;1LPu|}PKHFJiP}?M$v?i@Ev+Cxnib#t`JNCbhsRF35Z)^7DTp#tkQr;BpkxvF1rP>U-=scj5 zym|BH7?`6>B=g*dlqY=w>+!-y4(bxpxKs4_EupV|Kl-z(RnUAqz>fVkjCc+ol2_bR z1v1%l0~8iPuK>Pt5Z~Y6ov{Lb(Fj`Qo)HQTf9{r3XqaQ>$JDCZqfVlsJDJ?DH=yhr zI=ynEYTv&W7;)_s8raR|UUE36b1eb&(H~+tY}CyMr4HYgb@O8#_QslyZ`LyL7GCB1N|!7S?@p{AKcD>Px%Lj%Y_b4*uzThe*q+f%{5XV z$7Mjuln~g0MHOv#`D3l|LC~1J*KG4RUW3e$tCcX2T(em4?O%C}7poXe#y=^zUcwdh z9YRxqRDhEGY1Mm`&t0yXBS4N6*B#qf?yFPAvXWXM;B* ztu6yxPdcuSV^$v-CD6G`u~dx(Nm^_+`x%byZ7_K?Ynz*XzcrG(TyQ?@4|;wbX-$-f z_1NjFDiUp!7P)39P3Gh+NTD`kVYFZ@bvpx|>CoDA;K-(nMUkPlS34tRFm}tV9RZ5- zU1XnGYy?&@R>`q~ZKmFM_KB_dSpD=Nz!K0{3pLiiI0{2n7oV>VRhJbyXpzTPG1U9nr6PhqG z9YngI51Io)7$F1bJ&^Amqbk}m^4!6fhub*;!|jwX4!9xa5{9aNeAL~VFO!`aHai{# z-CDLQCyB6C*;`O-ydZ`ZsOgAQ^g!Dvp?wAjMXIz&ij`e8{_9md1d_|ypgn3vXdyb3 z)2nf8$$%&nla7Q#y_pOYRT#=;DfP<^BxOeex~BuLH~s=(Q8NqcBn9UqSt0e zOon4%6Y$tSezXGUu}xQ$&lGdS8`8DiaM9fL3m|BsZKXfMD~BWN)lz3hLRB1m_! zVOczVA*35>zh9T0_f1;iJF_skEx-`O0a)U5Z$qjuMJ&TZ6^84|Rmvj)Z(Ov;CYu!p z|Jj*%UQea_!pPFQn^BkUzYmN3DD-Xk>Hh0cZw_Dh<#!kF0{RS${PG_3JO*7NVXj`Z zgq%2u&`;$^{4iQQ%bjL!IQx@qmfDDiC*R3w5O5PvZ3}Z*3TY|(ewQFhQFG>4mQkX| z^q*d&tXS5|j#X}a2L@2@fjyRJ3(Zd`Bs$oHFe3`>kuJ4G%Q1pjzFXEF)n08yADQ;b z3`_3?1qm1swVkyXR=7OxCB6yquv$jE3Xbzm9_t7v(R~I7k4WCY`#r4JvpS~bOYpSR zU5BEsRqjrI;yNO@LhRldYZgaZhVh>IuY}=rc;W|9$|%WNu8MP&OmF-8Snfaw*k8Me zRHKhAK9d#b(Ps|xTOo73$Oq!fHz>_IH`YA{SX@8Q>o}slk9r?fKY%j!vE zc}wNcTbJH@=JlpJ*qhiXzwDiv;-B17f$aYWu_INteD3CSaLYAyTOW>3c#i961$FTB z;7r2hrpb@VV-Qd27EDGO{Q;?5Rh-(O~92-=3n)v8Mx z|DnlxzHE-7QScur=@MP%5)*TlfwL?zaJASHPQ`rB53L(Be^XPcBvA|;v>;76eHOw> zjEy+TC6)R4^!d+{F4d!#76k;R!NVkkm0p^%mwOg9%U@T;o`cO$T@S6v{VigB?O2Yl zjAQot^X>s`AJD*rj{}`A3Xe-e?pU)+$Wj}#Zxptkn!>>K&I460tO<(AH-WegAUe5H0rQ(7L-h<{G;oQB4U(d z(JVJcnGbC8?*Bh&Tn7%_?fciPC-SGME#N7oA;jY5Lh*9`UXyBEsnf-^&arMM?09o2 zVdJu1esk;0kX?I68fuYK;~u_a@nR>ws=%2`Cxl}}CZtIeSdLaU2L@~@R%_ouAs zQ}s1uAw`G{&g;VYdw9Bp0Zo6RCW0%I*$*!@@i`X0GQh;~dChPCn4icxwg)se*!f+OaZNpX>!`J6ulJ?oBlf;vyJx=06z^cn{fqHG6aeZM7rAC*sHDI z3UpGWigCW&xo2? z0MOG`0ClL<;-%OBK0m+eaSB{l9ypI-yYSIP(2iBzdWfmsW$_EQ_hBM{HV**DAsFRK zCcajt@C|(!tL+;cbLjKMkdEykfF3>$Vj>mVPgbvYg3)t247Nw0K1u`yOt5i(cv_Ll z-}b;ZJtJEWVO+-!tkd?xu#Fz=xbU9wAf~j*A)8 zpt7!i1v#Pb{YQ+Lz_4E_0y{KGhWj5>ryn0K0$>hUc{=*UN?&79gPmx*mh&RR?Pf8T zFNFZVgxPW`nBm_klWxn%k3BB?v&1jwWnfB0Rs03-H!ZMZXhu%sim6fL6!|}6rv^z4 za_}R{ESG6gWCFa?E;;d>2e!IT`a-Wtt!KNQ93MN%#p`^oeq~iGo+uiR#>t_*{qUNx zVTpz5tnr+`9doZ?cjQv_ChiP1%FK_uA~#!W2U}=%lNp$9$~=YMRGN1BBnpH#ZHx*R_FRMsCCt|zvRV4{Izd~pqFV_qxEHi67C-tgC8#>r|n|p#PpNJo~|#9BE>BZ zzVzo-qP0WU(*Ztxt%sJ1cFb{Rjlwx@CZ==IgCj%B0q&C zieW*V^k2*P59u>G4N`n5C*2<8pFO~C$Ka1$rhX|E95mDZtj&i?Oj&m%i$w&FjBko3 z#>w>L{<~G+G~JGn{e4LIp9_eQ6NdvChdq+Zo|#v_{F)!&hWTvmxc!*Gk6FP*(e{G? z{>BJi(i;ky=ldGq*nfJf{1rseM^pmH_1`TohHGZ0B#NW8u{VO&IunR-%sy4(WO^+m zi+0eiLvYwB3^o<~FXsx@k}^0R1Zp9?ElInAH#_`Dn`EQrx@h*_ za_Sy%fHlK7Jv&L>?P(tx94a@3a9HDbLy`dLN3kwX?VX{cA4=G#K!w1W-K*(Tkmuc% z#f7&bRG>IZ;;bp~sObb}(eZ^P)^-DXpQI4bEE(Uq_Jo3Q#4$+HqfK6jIJ zwfYXf?Rbw!p}!G1;)TrcB;$c%pG3=5AxOvj3j0(}^}W;f`h(=q)k&}_fJ|3UhRm$MpyKc z?g@lCLGzM{^xQMd3toK?v!_fuQruGP@%L$**^f|glGf65kAE`vW=w1Q-CB`)u8=*) zB{kh3LZ+QIVxyv+t`SNd?>Huj5AO2h`&^srE&BDdRpsjZ;4{~RB$v2asz1>Mu`?zD zSoeEu-sg53b7aHxqnz7KjZ#^e0n4ZxJ#&-^JN!)SU$hjTfQxS6$LtLTrvH`F-K{MC zQ6q~1siI246obDbh=9*L0(U{o>CqJsWkwu>%n5v49sBH02TOL=t!9qPple~;d<}X5 z4emSNaAjTekFZDw<#?_D>U+pdvkJ2M4!%@UgZ7+`D%B#_KV@_AbBl^fnsNLiBSMJb z`*-k5>6~BCN&QA4jx^_moKjoWFGNeGbgy)S?W8LWMzfeAx@Q5rX%l}t9xG-UcevNT zF5pfn^=?PfFAQ)G(jEu7>qi#T;n)fM+~>e4$aL~AWuM}bf#Y0{FN?G}!9I~uT?G(6 z!WFX}Gc9Y!=Nw`TFR@xf(V4u=!U*%yAy+Q29Wi4KhW%fF6jC`&GhdM?m(?wb?5h+< zd&9uDnJxPQghPxGn)DE}oW6nf3L1_c&M;+lYzwt*qIHZge`RSa2Erprf@-9Y&jM~H z7=%XbX4+ViOPKA1wg(cB)V&JP+D>#1KT+&bbk{^Ye<>zvu;kZU{Y2QWHB{+(MeXU* z;OPe;G=32KK4UBFzFIzSu^uY>qn)H(PB*}lE$lmqZ3E=nQ_Zu_ndp{PPuPKz;wv~M$Am92Ak4@t#T<2cO4?%T7 zWuYs!)adt0V1&Y1OjnWXxx{ZHd|{i1D|#p^D%Kr1!U~)<`yYG&-ehvhS1VeowzX9F zhQ?oTPZMa31Mf&LQF+*%OjPVyRJM$V8k=4tqM1lVsEF-ap}l!+0iR{!@~e zRwtsY>3cXM)(CC@e&%_R>h#k17R_ zkhg8FQ3s=$nH;#F+p7 zE`Tfd^`8+@a>PMNzZDVYlLb}tvEJ+OOgv#&4Nt?`fF(8E{ZmPs*pCDH1Fp8S=)Wsd zh%>dosZZJOvq*z{?beOp79fx=n-4YVyu_^?4iG?wO3DHrJCaqBw`#OuJ-W%Pkz|I< z-Vt3TZnpN;;Sy-MN~}rd6AhnaPvg_}skw>2iMdnqGn%)O@1Eu-!}b3eci$r~tu_M215>eJm!Bfj*o;i|GiM%Sv*RXiJZ7upGRN)Q4MWAWI{|8gd_y>AxlE!s zjDy3Zi+VQbI26YsT0DXiU*20v0UwN{?HBx061>)w)lE9{@*aQs`QOS@d!QhN{i$*Z zO{ScV%=agGZ)?&iQ5k2u!3?@dqxU|QLplc3b>5<(gRSqGKKm6P$;8O z{i?8=_q0h*3>LnAUnK;1`dn;X{N1xET`eR9ez_}7Q^MWFsZ&IE`YS^2L{#}hVl z`>vVX?1LjTnkuoA4_$i(H(P=L4dedv4Poq)u=R;vud3^n&t01U)@Pm$e0(ou1ND7p zI#M3ZAWI&A<0ec52*6C&fV>(v|9QnV6h9G@1x?wa*l5SX65(2WEQWSj+uQRmat&1* zTq*E~PDx9XDOgpF1E*dHw4ZFB0reQF?5O<`gPKB0VT&KGb;rUB(Zd=fKKoeJuO(m3 zbbRZh5aqyInF9$Qs9zHtH8e?eR3Mx64lyIj0t(<$C?&K*1=MoJf!8ih{dbCKphh;` z4&W51gG-)Oa4FUUA>HbdMaSMu)%SD=t3I#(o6FxaM3kjZ%lVlc?w#@9Y=u&@Z?Ry4 zE$t~q-1EbjG96=5Jdj*y6zC&pc)EXP!zVElD-SrN(M$C%*C04Nktx4AC}7kpM0uUZ z8zuKgXJ{_S12~uj+1`kG`xT>HfJ3E=*TDG4hZT>7zyr^!O6v-FQxFWO&}K}gA+n`O z>8$acdR1}BYSKW{<(h+HaZbui>h)UZITVgQOs zDSQWGRsq?u7P{`%v_cT6jkA_n)RMnZX5WV<*1_A=1c^o$cfxtYD-UW@M;u;KjvS5#7$AaFw)6}DB2;y6();e_MVpV0z{j@R* zcI2|RK2d&6E=2@=YEqt17@;AJB1>~(JQHQIjvG{Nm~QBVtEZn&(o^=8R)LSWTrVvS z3k}1%FUKzh$CP&qz58en6*PZ;Ss`4(+ZGN2Xzl`0_^jT%3O)^$M__h(Y#FS!Y8+iU z+wCzBgnlr;Pc*g=;T!X0_zLgf3p|`1(TrCik^?2S}a)k3ErJItJv!r8| zz`5bYUTfyuvT%|p1X2P8BY8F9XX<9msg#qh_EPB;Ppl2av^x%{eSIEU`mnfbYs_P( zYi01;zvMrziz@_najCBBX|IE}9I6KH!!yjKprCvdeBXihbsvGSDm z7uIezdm10ZlgNKXurYYWZ$kn9_DRf^=5pP#ha`pq4`Dkc6d9+-$Ktp!$`}_+d|c(^ z{-XFJrN5Xja8`FgzV5(Z{y2yd=}wNJDr5D~`nbJL+s9!!|H8k9d_OCfQ)}=I-kNmJ z%ZaxuX7yziMJ_5=9Jehx{isjgEInb48(mBeo9FMrFn*+#-x=k}5_6k1y7tM5xguwW zWBM0g!dO7JKnU+EgX^|fnpaoNV=i#+)w)t zmZbGayeWEx*LBK28FLuyj$<*_^$*m4)t}j8p)(r9Aq5*WqnnF^#K9sxA$@&+s$4uu zWXasdf>?n}3lP#`EAirpw}9Gt(gJ!LPJC=Av3{Oa03=2%pGa73!y zwIiX(dC8Yki$HYIhRrL{ADmSi>psqCx-+Uu=~acTcZHH@HzAo#$p4!<8jHb3)DHcd z?h#!PrqbpLq9QO8`oTO`CUMC@%bx6TobKutKU&*ykJ%mTSNA4gRl$T3Llfxb7^xmV zFUV|T-(KsIyu;AR(1)_On?tdfk?u=;Vr(k)-ym#x@I;|um7CTe>L+AXB5YPZynNjd zn_hKms?THg&Ur_NC){1S$DMfL|ip*0Q~SKZ?DjR32n0Gy<^TmZr@tF zDPt{wt%?=|bHF}S35*n@!R^e<;-I)remxP*>Q0&Y(!YZ+<;uC_q=&N7=tr!mOB=>d z2QTwVV+LwF9 zm16(ufJ;?wwBUM5E!mc#yj%~ous)b83f4JdpM(^Mc^TyqOPz1mCx^BS@2kw?Zq3|N zwD$XxB!OurWm&>xzKpRZ>I4L!$YtcI{y%KhV8~PVF_99rR4T5Y#K1^bR6~;?3IZY* z^lHzz->M^@Cs-E9yS&m<_Z}=cESk!kfj_RW7>l;&8NHfZM_V*qx1C~rE1=FjvkN2b znk_m}2s{LtOOJ%&-Pkhl(pH>5M35?2{q|RwJlB&QxV@V$dRP5smq>@R1*UE*QKowc z{cZumfU_I{XJW%5tv2niPhaNd=5~-;pr;#=_796<6YKX^H08m`XtOtO znhPf?{l%b|@`d8hWZek;4WuUcgWGkDIp`@~y!0cGhYj80&4+SNoW>|a1hAg<4+G$p z7O4ls*&g#t=z2xdRuK3L59P9y)t~KGGY+Tn*+%Nk#A^6WY)Wd%IEeYcp=I;J!*bD! z!YYpL8nn(NvsA5SLB)d!gC6 z5gUxd&m>7y_&}q#BDVlOm!&yiLP9WGTBDjGemxF)>)hF9Pm5B*J_3gl>)lzh6?j7= z!KdDlF{o1+7O6sycL}A7p^;?O@|ffp2&RX`jO*YIRw0@aBZIqBrA?ea6YAwASt*6- zivdpl39Sz_OIh0g5j+#9|K&uZjQaV^y}qD*DB+QAg~RHvI6>Ldx`G`Pf%e7@l$L8= znPo4_B(M_?Jz)zXxP7XMWj^fl>PP&?s(aec*=9b?Mrw`+`7l}+Iy?J>T-r8Lnr-=q zC8l0CB=AMD$yIC$SQ{xL;AnpICZ=T`FWd!&T;x1^s!NotjYJ&!Y|&lTeu7i~@AHv) zw4f9Igictmz;-d@F64kspTY;q*cppGu4VK5Q+u#apj2ZX35vUe2-}d*3{{5QMd7MJ znnZu{m8O&fDx!e6eOB$K<=^Fqa|I^6u$5{_bf&of%=!fDjb7)=$m4xkPpETA-eJkR z(>>CfikoYzJk`f%`PT`T+BIX$r|g1mJbGK51rrdOh{KFi69$lZi5OYhSCz`~$fmSV z3CsIc+gKPGL4*~NVis*%7pL*(jle7E)tvpd7bk1fe`{Csjy^S@+`KmQrTf^|LW!AX zh~-2^nMdGA@E7$jvd7>K6~7rIx9Q_oi;3rcP3vCzw{*hp`nd+S50162iFgeMJoqK- z^fkExq!a#1Q?0ro;F?^iQ3D>kJ#M0iy3E;-3FPge zn_K6h*diDQ-wUDCU%p#)WXE0XR!VasS|A&JJb zCi8c&VI*qmJ{v$0Z2&I~RT#zZ<9u0aXl)0d0r6lhzM%?8vdcTgWqJPQ>W$LA=4EJUVW_{IppNZ!w>h%8gvamqh=%Yz;$wI|Elm!3P61+XAZ zn;%fh(nwnukUoDN0q>Rs0H$gXwd+Oyyez1XGmio+$65TSyV+6CVL~oy@Sc4Xh634o z8MZ#ZHUf;A-2m8r!RY6W-Pk37j!{3qFM>@y{p}wB4Tej(b>2NPDfY4nB~ZXc&ECNz zYT4S?J~aU3L;{fI?esw6?m{3~$ZM>cwL+b8bUx@+x8K-m?` zhu0zPrBqRL2ctXulKRA%_ISBE;M-6#1&UUrkYHz7(=CHCVFPj>MPv!o1wzb?t&Auq HU84U7#M|-t literal 0 HcmV?d00001 diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/baseapp_state-checktx.png b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/baseapp_state-checktx.png new file mode 100644 index 0000000000000000000000000000000000000000..38b217acdd04fb2430a2332946864de04474ae5a GIT binary patch literal 82308 zcma&OWn5HI*FHRefP#Psh_rMGD9zAa0@7X5(%mg3-O?ir-45M?f}nJ_NVjyuyYYUW z`}cf!Km5PosE0HA>=k>h>$=v7c&jLlg+Yt~fk3ciWh7J}5ELi`f)xD_4gAaW(u21U z$P0+9gs7T_!A{nr%>MDK9*SOK^ee z3r7Q;Z~%j}(d%Su{pxi0N`Q`TO@$Xnt>@WuR29?$B3nsR=YXyLAjH-@u&T)vlF& z(`G@G=rG^z2d3Y7$n;9t*GIp<1{21T@ux8QULJ>48ni;+cYb(;=UXPlriuCo|LxFl zFASrB0kSd1sNP^WkB(W)?Wbn+z0lkAf_{-{<6POK9O^^haqyiGvEXym|5`HgSt~*; z1S8F9?H5s7@OZo=99cS+Jo(e7Pos-q39;ZW<-Gp4*Q2Yn;xJSKzI{95V?TeKg}m27I>Yhu1eE236GCB@j8Z`L#)%=TTXo3$$) zYV|%-QX^IGAVkG?@llqqjD83{Ae)$@W_4_om48S@R#sNdcV78XT@AiCt;^aJO053E z4>c5v#O?I_V40v$F{??nRt2?1T|~4;H~+XPTvq_?Cf8 zK7^B^hqi`vVjOaHbv3)s`QNDsJo<&Cq1wwvCL^%^;l}%|g2C`UF@A>OJ+Pu!G zDHV0K;xNrD^Yl#@P`M&vJTz(y&{hzoH&U?{H-?F*sf~?SoAiW!m2r7kA~HhYaj}|e z)*VH()kUY@S5+xWFFTc?g}xygs7jTfC~+D2!(pB4^8;vM%pI%6JEb44#i~D77Rca# zQOs7VFWG*4KU$|zO({#@y1MhsgizS)G0#qx#|@ZR^x22`r5Iq9^d>3f$Tl4lA+uWn zf2KlkKcxeq@*#rK^?7e@K#<~>AJ1`<88#$7q`Ah~;agHsB}#rcVyO7|1A-|Kh@7<; zd(E`HKA6&i8u{Z_prC07$^Ix&n(S1|avy$sLZ zrS)IRorIU}PE~1y*4oh^>ULAgOH=zoB`be^IHBmRHuR78Q`j=V`+8wCk1<{CSnfj1 zA+C~tc&8a06k}MJszGjkzv*eBuDr4!r08W2CCB=2&&;Xh6v=Eb7^}1;m}pgJ3E4Gl zn+p9#i>^?Rpjq!VldLk_WhZRvAO7aZwZ$W9_9~6o;Pt=Tm>>V*aQ%v?{S*a7RHXNc zc_G1IbS=Z0aZhA@YrK@b+FRGteiPZb{~K7^t~+7E&7u!2BJ4Cl)V|_l^WE>W#UE3O zcR?ELo14|dsAT@kWhY^YAV!x=70BdOK>Cp_35s`a4^mv2f@Vs~ZE3$-`(iDD9*t(Y z`-<8mD{Rl3_6ck>?-q~UY`M@}Fq(OTl&`@swBFXH!(w);es!h#PB!b=ZWI|(mg|v) zJ_^&GNSL+%e7n+&8YAtA!4`u;Q#Fn32ZhJnFSEV-Z))~;V%zDXf@0bUCN8^VkxX8_)%dFlU;jb0|87PgTGm3V_s<5$<%;;ff#~FM@zm0N;y8l%l{JM*IVmXU z*gtO07Ab1z&cPq~W2w_tQ>FLzlu}m5cjwme3tMp_gUA15B@q6B0tgkM| z3a1F)o>ME{QTUyUf+R=1-*Tj=cf2tFgH^wY#?bd9dCq;&x3d~$>i({&8Fo#*?v%(5 zVL^%z3G75Ve3#B|akxTJ-vY3kEAsCwCb>{}>)`ksRdj{64@!D^&E zv!xScsm9G3e8>Hxlq~&c!}zS}iM6WPUG_Y?#{$#E?vN5YY*W>|HD=yyH&J2R^rB3b z-Q)IsBKi7$E^OI8r1sW9<;4&z*g2C{{+ZQyN%HRpsu~q~jCk~lNg(Zh--hfjwi|9u zRm>jP=4v7-2$scLEiUA-0$hm z`|@FlMU2GpJd7I>@aZnQp$Md`5~{=f(iZ#&S(_Q|X_lD7sgt3tRLm9#qD+~CFpA{u zQ8*V2;k(PucQ8BbuR1wV$+>BZUi;Rb}I5Wb^6HcqW{gK@CO@7OzLv!+_uDp zFRZ|`uEY-tUA@5|V4^|CAy3K{^zJKBFMUJvAqP}X^tINL+=}kaZo7{e`ait}2Mp1> zwo<>#P5Lx$+w=?HpD8S2-h_eZY3-dutu!i)FjRl9=b;uju`E z))Qq`d!qEY&SN*<@RUC3&P@yI*4ZHWj)0wJa+l#LfZ>g-jSk%9iM$i($@2*OxZ$w{ z32^dF=S&dF^FR8o*)F6$kSV~3Ww=LMGhHNM;OX0Q<}}K}hs<96e~mTgdp6(AhbG_< zI$5F5d~4iokYo*+e?J`Nt$vUPFPm$ov~z_6q_iQWeEE681yZpggA= zIhitvCGv&{b}+=Vb;SJ{*o$JWX7rEnlpt_v~fNA{7v>dATU#EesnE-n_SEc#Qv$bK@^}4nwFl5!9s!=|Scu5(?V$brST{ zq(Wp=j2}FUJ|=dQodK$Ls)a(A8`OB8JFL(I&dGRReCcu>6V19Ffa1X(I&=)1>kqY_ zEm%|GLVg@9_k^f1=gJR=)r1$RR=@kcvNMesX>_(&PHI0MX`lV;EciC$X#dh(cM`a> zZ3m>PH;ytmq7KCbz8p`i(dOeh-RfO0>uKU6g7m~;Ypl4z5yd&xyB%5 zwV|Tb;8}lmC*j->_Hg*m_ecdeDg%+QU&|&Av199a@^m$%Rnh2Hv||Cc;X~eHlFV9od|ySpl+ShgggoA6g!{LhdsC z6K$ON@~NSLH4G$A;6LL;W5_Pl4+)!;MjGHA=Lj|o=&hROHZ~6`G8VK062rWyqFJH$ z8aER})${e#@PPt_j5iWrYvXPu@xMan%lNB>QJ?{$Ah5AEASfIb1Dx@Xg{bp)>KFYY zBWoZ~A4TYNnKt5$TCmty0q9xorgs8r*l!1X>!OG_)`Ue+7~-7Ph;egmb4BrC+vW8O zALS{iosgr{id9zA4}PB?@ra;9oW(NfeFNBXMI@4+kHSQQ-()C0tg*7bCL5wke(WHQ zGcx=fC7!y5MhvB+VU+YHf?V6f<#e)f7^3{L841auXOM))j`LNI1+9Dv=kBng&oaiC zb0G|mAz!>b%hVZL+z^9I^dU10H|q&!c97yjVuj|+cNie8Hb@C(4o8CHa1ySEMA>p+ zQOHX5LgINi!&FwA9+~Znh%ru;!WLArk!HnAUdl$NRd&qXMV}*u<%UG$wK-nY=SV-o zF>qU7WW`_+XyGlt3?Q&_JSJpt7Q=nj;|oa)K@kbAsRFr~7~&9=!Mri$i063#S4!u! zdi=Y}EuvNsUXF_uX&=U!E8Kxq?5(HtjgFgJ16)s6*>c#&7570(@ka1ul5ArtJjQvF zi+%%Qnccmrx4*KFE-Bixh!LiA1L`T0pEBeT;Hh*BMd=?z7w9X#Mh!x8(K76s!Otb^ zcx)}{u|1gb4T5Z~Art?HV`8YP?t>aT)$=kW<9UoKhpXNC49iEbuI>kJt>J~?*qHm; z=n`Zd*pp}5lYUapA)sBfzZ)~+v($VJ1rSls5|hn^#0mzI&YO4$O_Hrv052}MR0l)m+9 z50R4v)@d60s)wt+R)j^XaawR%F1GnPp1jhq7YSo2wk0NQ@<1l*7#VE{e}Gy7!e4H4 z$X;5M{@AvN`ib(;qp#Ya2Mv-MWi9-K9Ee7iOI;S}SYcvZ{&1VuVE_r@#%qE=#)y9e z`Ec?Y9 zd?etp%N0GIRi~JkQ7d{Y+T^zT-Y86eObeak-M5DvVSWl;9WAt~mNWRly zmF@Rt3tn;Ea-ETw<6{A&FF_q0Cj-R ze4bAUQnZ{^^1iDF1vMov9=?m%kmbxOzA7lDmUl&_L!$JjWpJJMnk1P>1`zWzX+N+7 zx>#)@Sm2eo%9N{2zFsk+SN0c2gTh!2aZTOGzElJUwX#|8g<=0mXmKPKS^#fd$Z0`C z%xt1i_LfuYVg~oTej-Tkldk-B?k88!if=JpqrMo>-g3+H2@q**bf1pi%% zmMH!A2g9M%I!K_u=5ALC)*L#JWo_k^xra_vy1q@apn`ZzcjNmGZ~)oYo3%?X)Ijn5 zF#0K6A46`a*s#$4?!~x#bMhOEmjvKl8IST$@C=Uz6r|Lc6}Rhf4}%n$=|kLA3D`M7)i)?*(5z5<%w?VF>+RxFP{@DR`iDoY&vo+qx3(EhI<=G}oP@ZmO0UlUbK`Co^x+S7_eHc(frS-HTaUX{hs46kNEv}5oWRjU$* zg?!<1RKeh{tac1^uIDk_b|&}R6kzV2^x8SG(e0&fM7HNEJu1>tOHo+AY%ms>X)d&tbux6(ZPr-OHT!N!gjaqCmAy4Ujqm3 z50IyR?d}M5^S!oV-0^BKcZx={$U(R|6!2N%g+UonhxmNXt6X-bUJs9J4H=iNtb|u_ z+RaS`WHK{2XfdHj=JF^Cp}V&I?Zh;{vZxzddqdvcsWEauU|)HphCVBc@FumGg9)!g zs$IFDrv2&THH+XlUV>;@e08(A>pz{472HWY@`ng$M(bVe?7BW80{M?JWSMyHzTw>xTj_zzRu#@n2Y9SHqj4-_by@EQpJ$L&W*{f#mve z%fEDRASNw7Vrc5PnPaMw5DiJ#x!ga79i!~LjFJx_wK+ufh%j0ynbi~lSh);DY4&LV;uW|KgLF7p;Z zq2{FKMjuh6B7Qg&6$zRq+%4-Zn>zR3mwni9AJ7CV@Jmn-bG@gD6~1kFOvL^T-X3q> zW1MT~a}aVtq8vtO=%b8HF2GPf=Omx`;PgrV7qg$~j&Cx!`=e}uTc|WTnJq`5$Vk)- znSlZxZG-nyV*7I3DEBaq(W6&?j1;;%YOmY8&+Jg%%{RFw0o(`rJEyjG-NIbyUb$$C=>>hUjgXcQtO=|m_7Lw zj?XQ{yheGtdyLCLS*NNSmqm-Z&S%~=_?YZ!o^tW#ic}2s-R1(1h3m(-k(|WCn zX{E}0)zZ4oatk*1*CnBlu=i=1bF z4B?)`3~+c(?;yVQES@COX2R<)(GxLzr1N+4*tjU9HkrN^(@n0Wo?U~Vvkm<&^2dr* zdpbh&nS-1MJ}1HdEUBT8g5I^!9P0H#(&Q=#i`q``JkDYr*L{}LjJ{+4r?!Y~j zV(t#Dn?ij;+lOq5#5MKU$m~|VSVa~pm2%=xmGzQ z1rlZ6PL%8RoZwnaJ%R>IAO?j27Gd6c@+6qR@Q{$0hLzW6c}oU>Cb@yMA3cgY@(KzfMZ-9h}krVX_Df#R@-`VOZNa=62gS5pohiKkIr z2J1FIPXllHY9s9Fno!7o=K@Z|QJL2pE5KTG9oX>E7S=V=M~O8C5oVKjevJiZxGXeg zL(iyW0%BTYYPgJgN9UYoM&~^UTzqbYK2DL~yHHIWGx9h9SG3A`-qUBFHT+RM@S$eM zoyixCu#9Gz%fnHm%wFWK&CHtI`jNc;OGN=@pL~vY_R1>K! zzo^B1ui7ULrO<&eOE66l?GEtob1vuUclXT@Q)yF6MLlt=M0qcBKz$Pvj*80+i>RIn ziWzIS7$i@eF%OJk_{hH-C@9in5GJ*Ei5};nIu{tTZH|#GLQmN`EtPT1Ma8x8%?J6t zHXhm(#0By=o_OM>Y9ZWJ(-OT1Dq3jtHAtn&#j4&pa_}kBe@G2ofI+*k{!fYfI zkFf+^$MpNiZGWdJ5;{k?(W zv*RNrf!;wm9>v8VLQL!|?66WIxT~7l8dH?meCvpH`XU79`4?RN$@O2lLzIFzyhyO2 zpd7rB3_kHoN?c~6u#-2C*Zh0n)c7Ux;wTszs1HjidiKI*{h9ANG&e}%$$UQxr()56 z(qsiJ&-ulDwRwXLAqzhfVHaLFb@mZDwh8xn zvh;hu16}b83-3WoGJR*Tv;2o3WY}M#X6xx_J>iLP9-D^j`pg zfPwP3ZisN?R{*N6!?kP%0=4H;4dbLMlUp!qMIQMU-HfT~7aIxmzequQZC7>(?uZ;l z2_;AZ05{VZo|@D$YD%~~#~f%B4C}5?{Y*BqvC!HaaXl5ZFoyLYp#n9a+U}vuAzbi< zMWu;gY~gLZQ#i}=EK}wfPseB@Q6S>(cr*s}N;gZ!@r{f`e`758;yowGED4B(7{KvWl~(zMo;ih#}3( zP`aqe46zxa^xO<8b3OJ-zg$IP~ zPo{APDu!iE@w{{&+|!z0yU!dqFrY#h1*!Dk9xp^AE-L8ALv@Xh1K`Hu# z2!m$(==pmX9ueJyazPR}PZ;xkHfl>@cwXF?7v#(v=lvi4b2X)woIF7bUTb5?b!#~L-Av(MC z019x;k`zpzc0g8FdVZ@ff-ToG#+Ah+FM1IL5m@XBtiR7nc$BmIBuIReHS)*D!M4Py z;r@iH#V%7{a=<`NeT@zl-@V}5qay+dy7twqVvoDNlhRw2ttn)$f33%4spg=~Ch1}* zdiJF;4t=ezw)d=I9jrjV?$??Cm2Lo=+rVtSea>_pC~kh)mDXekR-x#877O_$S_nt} zk`|<@Sx2yLL*1N6x?M2UnU3%u>RjlVminv)`r2L{#@Wf0+jmMS!()}RXYVV8SQ7GC z%W2O4g|R}yc=e$!n|Rebk@aZq6S1oG88dr)OLnugpco!8PfsjeQRipTN54oWbsfJ< zhkn}40+qwIS-)&^R5;o!4+^afW532|=JzhqR0)qMrs<6G=&aT%Sl2YW+Zoi}t2a&B zrWy+l3${IL-f!b*LZY$h*?EMV6$V4*B{lb2`GM;!QaFAB_}Dc8%DP0flJhLGeIR8p z9gsub+41FB@W|tt$4C4U4PZS^h*$a-itO}4|3zP9V z!S7LLG`i<_H}D(KprkuHGGz95rLlwdguUsI<5GKQiFo~U>8SuQCNz`YvhawcNlIQWuM8Qh?puYv`db$13RuGO*T&|`eSqKZPhNvvXM{6 z1gJWqZ~SgfG)KGd0a~{{l#Z&jW=GVmc%XAg8u`2!6QsB?`)WlB20D*K#*K4X9aJ*m zMn*Cy3XpNLB}FC4G6yrcn*1Jadyx{!4tz(1%cc% z25@;tVa3;BQchL$%E6!&l5=sXDPAnlA`|x0+iSn`LqP{>3hsd`z|^f~xi7qCGz$n2 z%uM1AKp$ABMujW|C_?f9gUIfAXzDz~h~0jqNA@D1X_?<)lw4%1qJ8IuW}S`ps6Y1J z3NfVAX|-?d<#VIpV4kbvO_Oc~M&;ZOff(3It1$JtaXP0Deh|rp7EfC5(;d1J)6wA} zr;Y%m0&JDJ=M?C!D$h~c@zOdq;GZ2sahjaYtpOhS7#{cZ6Qe2}iZQ9vOr@bPqiR8v zRV)K`2t(45kWJ5d`1ueIwg)Okpu!G{4^p9C@W5X8s>DMjw_>txh4A0SIR{IkRv_s zz$_$@&f#{balDR@b5O_@@T`#C%r)#FeAP`%cv%gKpgRbbZzi8}!KU!Ci>AN{;g4dC z@^tOd&L*O6P9T-QYehZ|5T#?Ep$Xu31k2wlec^VGXTQE;SU{Szz5q_ zVT4R}nUM5UZBYROD*M{(?;^=2Og!mH=ru3DUa*K?w2-fQr+yN^VVC-Cfmmx~YM;19r%oxMzfD9wH$dq}o&CcL| zeGsNyC@S%x{%Rordw|^)FO5=6f(EIFB-}~L(5qb* zK`bT4ml(H^BvG}+pCY-j)yL^OTIwtn9HSsMZy#o{W>BKx(! zg$ZOLpo-xJV6r^+cY=YyStV$T!myBK_)sKdraOCkE@D1@lzZY5z!DHX_G%*d8nj6& zz+DpQ)*g_N+CwmmDEp&NggbBGWn1Q#0w`B*rdq7Wul);Uj3-Yz#?Q|`*ggOK})0P|M#SP|q&O>x; zL~G8&hqg=CCrvU78-r9)xbZEA zb3>*B`xoj#pNR6&&7G&BCnaj~w5LMp4~NpSQvuoKkq-@O){Be7$ANYLxekc$ERO^} zgD3)90lzO3szg<6;lVLnD4SX$vHGLNcLOunnT{eov--8+$Z=i?L9nu7Omr>3QBFBR-XnajYwF1%+3P|#g^t=YnR*7J|KYTMp8)R zE{6|#1mmbuv9k)^P3AcH&bUx%R?2N{SDtwefqGlMfTswVu>{D)KK4!7$(X4NroggjFS z*+y2^_e7ixVfbtsa$6Ig6EE>w4!U0^u*|lj7kToP;Wxek#poAwu8o$P(^+$4j*z+I z7bsb(RASi*{~zK4#1ub$^~!iIcW|*MUye`J2YlgDJc_}tWGuUcZ(#QY1h2u zDyBclh00_-^UvYjx8^$>MIt&Jab|bCk&d{ma9Z#`==9uFYt9|BCSq|XWVUJ}wCzp2 zvuhMmAg*jWn`IMzZ*bYJrKE#HOznxez?{mapJc;lm;5-5y}2BHDEB5?bzOGP z2h~(=KgP*04MXMgnyNvqH5))e0jZ=#Ama$I5|z0Jl%oKWW_xo2So%JWL5<`XGOu2f zSdG}`E}Nd|%0y1v5uK5IB{tjH)))Qhb;*IjO_;;k#j0zvw?6J^+wQxU5|^j@G(c(` z$6ekm6Ks+3sXnGB=7x^iaF>mQry}`_8F_q#{-tb%o@YhGMwxcATAiJ@651&RUOfbF zsPU>o%uzWLlW;)39Z5fbgjzlS{dl_5=?)PQZ$tA~$w87@(cdD%yvK92_kA_ANVF#= zU9#$XBq0v>5G5&8TjGben6!pr50cV55sUp){?%Gz-<3ZX&WBnzgex0L=?|b2Q33HC_#uqm~D!(`lnD!br0HqEn`%tZE zy0FsV{-cE}slJQ7i3++I(3qRc$X`S=x^6aF)LbO(G=oy^sgH^5;~ojl$ZqzO$X^h< zV!0^n&5M$Iz(2ms;G^8TmCCx33EMKuKRXU_x|$EU<)~I7zv?%+n;6Vt@x*)ZU=z{vn{fA~ zsLR89l6VwoZtBH_)3_8Paq|@I8vYzBr{`#a7YvBa<1${>ORF=4ULi;9jcVf2C?KAoN z)Knd$I06@>qnf@e{?mfuA$8xLcaqp{dFo%q2Vdon=h4D<;|`o=^-=SsZ+ft7;s#vr z#iz9kc_SuU0=@B9ZbZWs)dHu#FjeYwY>8$W<(MYD70LY$iP9$O5wg>V_>I+8CLwY{ zG)k>wqC#5rD$f*1DOGuV>HKdTHFSh81Cq*)8w4glhqW|sxbht@3vJ$As$3ZDI(b@; z$ZSHFxOzRkg{)Nblg7NNlLgdj3tG4w;iPxF;g7TH<%H(1D;`_V%b45Fvgm5EC1XVz zqz*HitRzNn|Jg&g3ojCwu8GEPsQ*+I8ZU;w)}4V!tEoG`45KSYi%C&Q&Uy8!=hKYv zLEL7Bf+qjjI>pFMTF>fN>C#?2tPDAXQwY{nl4naw%gpD-q>}3f0hQ)9tI35$?{2Eb zn~ETVS!R5ZLLje32RduAPbTZF8j5Uyx0MP6Gza-}c2k+#BrAPgELxB#TB@Es8LgRC zeH5hFCBWV(VY^2pY}_ErY(3h9u-XM;^CYC;rry%L0{M(OwjW!` zx~rii?7f?#)$F#HS`qK3mD6iIbjU0IetPM7rJ()FzkJToyUp5b3)@AjY|dVU5JfvF zU!J=+%l#Hp+TbzQi_~irXz%pI6_pAfAM@kkrl;;=g*j;3n;mc2sG)va$%Es68rgo$ zcq-xEIHuKY8FXvKB867E%3Vf$qXo_XlKaCf&)T*CBz{8S1*pCu5zHtf4wZPcf8 zvuBP95i21v5>HQS&2iyyw{|hu5|+ad*5dwpt1#R06TUM22ixU5s@ko{U_ehJ{}yw^ z{D()PTaQQ1{;?b>zBX2N8fB@*@ zpUei|z4E(0Z&x)3<0=PWW?}jJ@%d_M4qUYBy*bN3KaW}S8g?#2{d~$~OSDg;DyH_~ z1X^Ok+K0U2(eA!Z$x40a#eN=()Vgy1jHH@s6LWn;Adtsea{@iW4PI=US21h zf9N&#*RK@$imh@Z$KNMLD4Pli^DwVz{lYgM_&xbLoh#*%U`{w0j$IqyDJ8Mq!UhwE zf3{2u%YPr-&hv2ku3wYR?D3EmuidAzH2$0P>>10!F(Ed2AX8Q#p816|Pb+__3-_C4 zoz#jdWrw ztWQ_IJKXq10B)Z~V@S58W`GO&%pr7o%SS&C;d05_=(DLp3cr`zAA41VB4MeF>@h0K zmGHbbZo?Vq&gQh1#}It0BPGcbjgqCrU7jf03jI-Y<|fzui>Es}s%g=%O=ikBnoH0v z^>r>$rJE%kEqU>~t&cb^bf=c~6FWA#H+3zDzpg~Q?jhRe{;P*((|5a?PD%&p{Zh!I zSMJFtN9Jk$knXamcs&!6eXbUlJonuHVfi5uR}WiK6<8V*;%j z%i$af|7*uoA`bI6SU1BP53kEb-uhKf{tr5OE$EiBRo`3@O)4bWms&|vsQ5j-mK)fU zbKA)8Y7sXUcC;7Db=W;;g%-|k*7q_PNcK4jm1J`?rDRrnK9azS-?n}El_C5S80M9I zIj2us=r4cg+Rf!eSMvB&9k&K^!5IFb={jG;@y4{`f=+|M8rvu8MgP0#U!U3-l+lwe zXkuasLG8})=`1zu!G?sibjIknV24Sr7#(^WTy)+DRI<$LC0m2IrO3s28$PGrfC8o7 zJHMOn0RyMCKTR)wJ!1c}8|@@sKoY_*Fg;rMYrr^eF_50zIHv0ns#MzZ)=8+ z!-k!f6{deR5g8R+tu&&U8~ALHZwi`x)^7je-Q(t&udIM5So;%#NiIr%dUn?fdv>C5 zMIS>RZ-8a}<8S>$hW-GAf&1;J#uMi0R+EgtP{-2x-mS@kzFWcO{+TRl;oaC~VUvPi zK*sh%)#v8unadO`fJ-r|TJHo(*U4$Qz=ZcY&mTufLxH^Fq~`TFn32hsZT*vAR={Z>ECyeKfF?Xk9NFb5u`fneo~pV8x5rjSB`(?4^xp}+ zv^nM(HCdOXH#@Qj*0m>d1z;kshsK6zI`tPxUp`4cKmjRYT-u8pB z+w}1nlt+^?F|&K1xMAuW1u2{B_5EPdZfSD-GvCl&UmW%DX8*A-XTQ2JvU&!Rd_ry) zX#2JQY*WBEe2*%u>tgC=CEZE6xa{Wp3uuo_m(Gm~D&dWvhnsjTel&2+h7?T(3L5^5 z6huom-&~hZj_fH{kh83q9u!A%*{}u*#MERkeP#zZzMo0-^Ioujq+2HkJ*-prE%YcB;gDg|iF@kPA@ zOR*Wes#>rXk$JbRg!l@H>pUG^NCHXpXR>_ipBYLomxDi&jg&{x24oUjUj9C|bOrtk zQGwP2*&maoXb<~Ha&|Z}h(QTmlF8@EZkLB{zx{|{$XEcVZ!ElyH{u!PQ(i7$D^;qZ zc8Uci(kt~9Dd#E1QV1K+`)g@&z6!n{a2%NVD1I;TQ2?}{u~HItgzCP`cw{fboi4^_!FRh&YIl! z_sGUCsXiE#Vmzou?h3;Z_WtuNLYht~yM;NtxmX{Q9RxwpuNUz{WZ+A+`HDp7Bk~>t z9MMoTtQv3J*qyV^#t-&R9Z?`9f5_ZXfFrzftLL=J{GuoJ_WcC$g^t)Gm*=zKIpipK z9gK7%pRtToEht1XJsH3N5ho2M51p$;0+G%5UAK<4d1KXkQm!!`By$*t5k_U;(zGAP z>*j%@#fIVypvXiEB))_BkED&lx-?!?F)WwoW?-O^-R##VM|mKI!boN_6cVq{^RHYS z%f3KuLQyPj-M$I)&Qv825pEdKvdqffu;7WfdL2GI-6LR)S^+N`hQ*FMXo{$m4(MB`mX{>Zhmsi+4=`L`iD! zI$@%(fA2y6@5UCW*oAV*?=Bc*gp|cS5N`2*_yZk)Xuba6CQbk@3^dgM8<2)NzV-C}gK_jz z&yXNRsu1}NZq%#~_!zr`Ks7q+H{-1?0xlN->mY5r3Eb3EAwbr$a z@PB!Y*1Y;N-g(4<1OPG5jgY2`^6e1;{;EIn;vu`Zmx z!E2(+6l!lcLr9Oz={w2uMl*h{{uX0JuFS0{gL9+zZN3y@(Ke_EU z^)hG1KW{2fH2!_h_5Je-XQ17L-#;&vtK!Z7<0W%S5@-^0MXnt{y#d20LN?9^D3?|m z2Paw{NV@!h!cx!y-15I&z25{e1;9JMMQA-g27)_#DK)U5dm-cful~Ekhjd`<&*s&y zHUJX07zH?89xLjKcMAHEyouWZfTtHBcqj~v*Ev`qDok~se`LUYMx^wi)llsH|I(?fkNv-1lHT;pk!}*H^nNu@{D7%G(RNDKy~Y=o=}l<|EG0e{ zAUfuoB`<0kwX!7#LfOfn$%QdBe9j9Lx0%H%`F)?5)JrlFOa02F|E=4QpaIZzvbY!G z5;1zMUMDg@^%*Gg7W<%vg=5JOh~rR(LXQU%g`!LP*~e+W>Y9fA^09fE_-v0uZW7V@8blBf{!;x ze}Zmxpu4-s7BF+}fvDfDS0q9Eq*@8ElLmpM}KeHWUWD0nyv|X%` zTv)!g79RV&XjjWa%F&vp^bAf8A<8@X+8sGf#5QaHx0eW2k}YluICB zQ)u$JIK({Jo>X!MNvZID)^%}q91Yl9gy3%~aw@BS0$cm_;UDl2Z2JB;C(dB#j(EP^ z|BiW~t`N3duHu!&^yC_N&x7`8vHURLR7@$Cg*kvBvhzRPnXU$UxhBAIpG`|C|_DX(0ExHY6%1(U52>wSSgz+H;c`GwCraY*%5Skh^ zFLrlasamLL2!<+`FTm-WLn+ZzHm~;2v3oIqTxYdXA%lCD3{>OQ=S-?YvR}q@0-2t0 zViY+Oa~3?jh_T$#dHAUc*x`zV+vXDwc$dJXz30Oz`Q{=J%)O-@KzGI3elnqZ1youZ zKUDiKS3k9+Tice1$T5Mr@`Nqx*%A>5!Tl(DzU%gcryUsCgVdEM{KtlR7^J)oBIW~` z7f0ar0Q(M;9H?2pzoec@5y*T5?jWnIw6BgTCJ_j@So;cqjZ6cp3BBL-1Ja-sJ==`@lpb#4Agd>-jHMl51QUC28c}!vT)J*Ln_&Z9rcmRm{(_I-?K&slc+^gl3%J1z z(2(4L9Vm~Sa}1kRJAScK?IwF4sev7g4u5}(rV068?tz(neD$G6nR_z{Oivh4$M~?4 zMwS+13Mx?3qJbcJ>wY#50p4-o>m28*(42RlPDO?o?q5!TcW>ax(LyCdg+k6;JkEmQ zm?C7^`}3;z>3h@?5eKFxWMsYobTDi?xx3xJ3ql0XF#q$VAdx`ustASdSc5n(>`>uHLN=j7(O@(lH2Itwihl|4LFxTl4TKTS>jP2} zuHc)?G)DZ2k=uX}X}Q_lE6f{})0HLMTq+EkECt9x>kU9W1Qlt{5d7!6RRe*_S?m6F z36>*p*+IsQ2Zhl!nk6FdK+ctodhZp>j|w(#xW#g`pnn?3_UGb2)V$bAb^|ZyFhFJ1 zYj^=XlZ&k7!d!piSxd^H(qPq1020aonCqiO1jYDsp4LwEQ+<(?K)ZIPwpYEnJL0&* z>1l7Lq7uL6HSnL@kJd*6bDb~`=hjL$_wpQWj{@Iv>B_rVsgkaCr~nmJvhNMm=ysxE zASh{4n|JGGHQaY+P72Q7gF0zHUn1hE9b2(MYZK6EOU%?-(}QW{7(MrSSJ|x%An2wB z9tV4=RVDI%vSL?VAB@=4t_)=9+BGpQ7|VdM#MS$$X`ttRU9kWrgk_mD${2t@%l-AU zhdS@g@i7{wl>}fPyWi_Q37++F9ESEKXwz?wh1zCr`6%v zqJO)RLZvoBYQbX}%M-{NeA2}?^nvFtvG5c7gO1H<(f6!(^=Inp=P>dFaJjJd&U}T)&us-^5B4mK>m_r$AlDgMk zgJa*p6R0FR`@GI?xld1?Y@Uv4YpMcvc@(OVN=Ts>oYd|%J1f2~e6}j~&&b)7+8L$2 zt5X6sv~->{dL3?A?pf0I2(L+gFx}XgXwwS7U@+3)3fa^x(W}{5re6Rm+WX+3{g|tn zF^9m_IZEXwT~O7}4=k?_n$Fe>hXGXt7eYeK^J(Kp%rC32 z(}2=dh^hd}UxFt|+uMkDj{?>ed?gK{4MQqTxc268<5pLixPrSqZ zijRGD;p*}{4?q-qYxx;xLeyAk;1xW%)r;8glUPWqNffqvA?COeo~xcZhFD|ziSUCF9)Rhn!jIkZ@*)+L;uMCEj6ooUBuYe(HTXr z1};ILz(Fu^9n^+N)VCsNj{$4n6zJPm>)2h^M-A4fo@7=4T2n80_??VOJBc5m#nc{I z{;O?XEb#{Mncy%adYnuB4JRv47R>v+4^WI3dVUzIrYE&Cc6d5gqECO!LG|hz;Cui! z&!ed-8!KeS^THRjXgCe4I0Yr;-OY6omvtSFr3lU$;=?W`Kb5uNJkmn&20(_le4R)>q|`o-_v(F33Zr(lks1&-M&0oj@kRo^&?3d zr+4CqX;1uk-!lo(f{!(}Bu6H;CS=TX=nOGgFMs@T!8wo_kqkW^o;y3*;sP0v;8YV} zkdODxd+jugHz#jM{xg+Xl{lO{9k{%67Q*p@OsLg0^5Z?~Oydle)zUf-zrVjJDW1Db zjnI~*NqJRC?scFZwq#OpVpqdK!OMZ7KU3h$}vW6D!pM)t4;Te+=uA(vt2int5sxBV~5xdcHND9@KYyJNEZQb|$IQ zT_7hi@QI+v(+BUE1hKe5Pabsv4oeoeUR9D*B?^e$f5?K}?FQI>Ck7-Gb2AY^rVMvB z4zR>?A1u}{?&7k7x4XteB1Z6r{^S8-Ia1he)%C2~ys%xnK1nnYN*YBP`>gnl@N&^J zd-jO<1tgfj4#cP|*4kr)hT^AhsjiYg!`Ol-f(1i!o`{n*Eljj^Q@Al))Bx45(#K3>~a#kAY*4`n+{zxT`&}gQVD}&sQRr!|l1Zv+z+X z;Hrx0N|p+^ZGgUd++*eF>dErcA^Efpl(wy;>5b)x8mpXe-=)NKo7{#!}V zq+@0l2(v|elO>Dod4q?1iA6+M1F*5L>SrqFz_B9BgI@DJThp@a@>5&{mTsf>>8;8k zkxZqA+(mwZ%%HPUY7G#pN?WZfc}e`RA6pZIp0<(6STokQ7!~zA!=h4@`xQ6n~^QLQ2aPd&lqt8{uOdM$DtMAOcbW zr{rraHERe)3WNfkEdgt6i~ZeQ(ia9+eHGx>~G_J1TeFtUB?mYxM@ z^)+e7&0MbKN6tPhZ`o8OVpYtRBt|pKUDm`paqJ)rws9e5HV@mCLvlYI$GsZp_>{~G(F_|t3%tFz!MLA+x zN!32s!QO+-5O9S?c##}%i)?IEEBy<&A6yY`1UG|g`x7y@47E9|Zt;Z77w<>q;6Y{q zhl+qs5*$_w7{G?%F0n+Kb;j%mvjuBEX2N2D%Nt>Fk}^AtOG5=r@NT(R*vwxnV79q=KyZ z*`Ox~T;$*1)_4#t>4Hs-$nl>AK2?!H(a>f>6Ff6}c84h$pyJ!sPdTBNX0Y<02f~wkVeGI>~EJN@9eoTf08C&Y-Y)i5(=W7BFqkxA_m#*ltAAh{qCE@9(PUu_sfr}> zN!}k@TosdlsU?@Z(`Q(6_{SGxhi=-az1L}dXvDMEw;PE?erM|K4A#ed56$1-f96}g z`Hp{Emay37j1ks~B%q2Y!YXvthno;|s)VUSoc)Pdt6ykxT5}vo{u99ETS_L7wFw@c zO56DcfSi;aoW>X|_DZ944{fZU4$GYk&u$j_+AycU>S`Qu`wj5R!sFVYVS5|^BEf56 z_uYkqda=VQAd-f^*l2&94;yTeGcT*GsBWx53uaR(YU`2M0{ay$bvI zYfaWa|H%C#pyqdpze7|ZY7t|K@2puuI>mEPAv0AznSr9Hv9({Rtw<}0F^By530N0ZY1t6s zb7H|FhehKq9hL@_r-~*{xLz+{*G4Avi}Ti%{GP2}l19E`C08W&=MiEn4~fFo&t`KS z!Im94G@o0gU}@vg+tDyLe@|)iX4geYnT9$J_`*40s9}9)0{I56JbW5RSN}iqp-%Ov z@X#MeIZdutbtTVoe9)n{DiwqVl(e_tt2^nd4I}9#^ie=*G&K{*>qO_@F5MhO!LtTZ zjs0Ywv50N#&KH85)}Ef}N$BPWyi7$8RrPUEX_;o)%xhr}EfyYPGHo)XeNcc;aLya% z_d}cTPt%#w<1O(R){bFuRQR(@z=Sndj-*)}d2FMZNs*DGaP|hI?ERh$a85XMyyGyp z&LM4f#UFy@vF}P6SSW~wI)6(D56M459=~FfNaKWiv9i<$bR~B>m|xzyk0@Cat||dq z(Z|Qzv&-33=^|_kQBraEV@@z2VivIb9DvY-B77<{+vwkq9l`#{Dr6J-=WV>TJzFbb zfY0qTp7TJtF=Vpl^YIh`ENMi_pVNBnXUzLk-krVAQP3lChuwAGu0by~kF`R?heRtE z&BwHNMbe`P21D)$XUj(>i(VCVlxqB{`)L@N@eSfHmwW5vZ821X3;$IwzytgiI+dJ} z8jYNT*uyFVxQ#T_u5vP<8hVV&UnJ5qirIDd-XvPPLzkxi?Qjo@F#c4r0^k-bZCx%#FZ=5&I6i(&0HuhlPuol@*AvO;1wvCfyOkg$ z9sWup$V7GJV>f;+zlPQy_Z&?feBH@@LKTPH7`+&_-{Q2LW*he6qlm_d^h%Lz#3ri} zJ8^!}Pw74e5~18e?AnPyVU;=m=vnbJXK|4`=_K5Vx!0Q|Rudl_upePb-}l`V z2s7(5Jiw`a&82t;s$SN_IcRKaOnrbq>{G^sWsH_NmdK$Ji5gbYnQ7o|=20w>?Dvu# zoEj1C5C+d^AMgbe!hyj*;dgs&(m}`UYj)wPfU6~ViZZgruIUrrewQA%-M#;)Aw8Y* zpv~6XjZYa#u4^6~y@NAWi|syy?A(SkPlA0KcZUifqC8?wG9ND zQUEZdvJ^+~p!PMwKTP~OL5)(*%_V${q3C_w!JT8%@24{o6N75mc z%-56lpTM=WRhE~E#Zl$?M;JD{4XLyo1w#j;N&b)WwRh~iRaIF%mkNA@%BiAhUNy$5oe0D$PiM>nV-0$ zyI+tF3%gmgLxOP6;WB?_PHyrtY=ObF?vyP-OM^|;&iRwb)`rL!u>f2WBYRRC>{kbA z^6ikWFX2!P?$no9@9#7xHr7eJ>?j$>;ZUh)Z!FqrVMHBpubWE|X$aV3>r6X2BhmC? zE+9$@Yq;0Uts!7{sy`4SPv+kn9kxM>8+V`Ce*jx4Gks}>sDEnct1&+Z(sk;t);l!s z!dl^F62+14>gR{DnSX-NWL-0}aIXeEO}#%+i5uWB8Y27B0R#PFfk9k=XYD%i2_F3E=paOPTxuI z9|u>oasBWm|Cu z9rT`BKHp*lttW1=WbJ#01F3)MtoY;zO+jiPTUt`UDq#M{{#N?;-PsVAWki{Ip} zL3IUNEuS4$TJUPrR;pEo&rd^dlOv^=lhuYosfMAELpmWj-UFAHgLh^lCTgfEu}Wur z+}wwW&YyCM92}&zp(lvwapV-6y_3U$Xd;=&Gv)!T{sy%CVN+@TT{im;gdM~FJ;*cR zKLDlN4S#i)MoD`-u!|~dh62F&Rq03il=eBGE~7#6U+5!XP-rYU?|131XPzni=`Pep zKU0y*&9x7=~CI=Qls z{i8QpGFaGOX4kG;{^Hf8MR(axe0^Bsgr;&`S-Qw<|J07@t(w{_5q|gk4yZP%>Qx|p z+Kw8nY5TV=Hs7xn*bm;VD=71#t25(=iaas0S_1f1N?P4ST$EGr#GgK@Dwi+#>>>0>+oySg_qU+lIE?^D5w{v z8yd9vzN-^=)4TJ<#wHSDwYYiLRnuvE8>7bXZ?akJrBA`gA*e9re#<}pj?;28o4b>W zUb)2VssW#{7*KOYy05B+qJozsWk>%kR-nsEeMEGhI6XwK+kYX^m3DfS{o^kG8P1F5 zo0P84bwuR%TQZt=$ECqYBQ))!X3}ZR3iTZTD;Z~ol`R;R2T^B~)ls7ObssH{I>K`I zr475bHV#oiZ`06)CvRdJe6KD}9Zz>J3q15T_%*72niXxP zbh=^`H~hCjeootc_>+%wVtdl%qn+KxqBnb0xfzM;OZsXF&E9FxwDJ2uKPcRw{C{Ka z%+H8VaKw=rZwE3KV~0RqN@BjckmRI3I_a@h3-DcGcfzk`;09}Fq?>l$eA zqP;1gOn*n6;kT<|-qpQC)i3DXhGwnYiUO&=p`b{W_*W?u*J2;T+}WN;nv)_HJ_@mT zL63@BZ1+4<)>l+liiTUBwWpdx->q!kI_qgktq<`9_7+ccvBIUSbB{zOI4MQhnq;pnO6hssvYFZ;x1d5+{qX zk_*$o;(%AFmZ2$tcnnT|fHrze97lUD;fimd+NQwf6?%)W?X?VikEqXqgM0{A7r@+> zP`118SL$P=jo4NRkK_pteja`QFBGH)xz@gjBESb}XHqkY%d5XDFOR`TLD1hM#=qgYQE!G?fQM+rn^Ebn@c#qtm z=6}7JSwDHdbC zKnX^RK`98Gm++Pb`3T_0z}tzQ5P1hKjoWOW>EP|)k4*`6Zl^WXgBL;k7c)mR*YT`X z{>f7eyZ`?3&`RT7*D0>)pfP}JSFsdz-It#*Eq(lyX~lfd@yvWPSO48W`Yb%fQhVF~ zG1NUbBQmCJ>6R8^cj(GCP1zb3FNZQEw$?O90?{DL)MRpF@Yc=%Bf%hcmc^0pvi1GV z0EA0gkCQp^5tpwkhRN>0cbU%J%vRz3Dr+VXc0*6S(8sE{uZB4IXdul-h&&HEP1 z4k8p@pC*5!af&(pC?#f*fDRLUhauY~`ebCj$~i#2H8rXVT~Z{RT77LgXE#$lq&SBp z3=tOwJQs&u&MK^X?giM@MxxM%>fbcd2LSUY8BKJu#K`K6#lwuYzE0^!1Y%+!kF60aCX zD4~#qshWIXfZfTDjpcqGQvrc2RFeO}{(i4M1mEc7A}`S(9zYz)O}NkM^SVwulULL| z0Vva_Yefvz0KS3!hj6W)X@hL+(WthdgdjmxLx(;4OjQY8e0kL}j zD-Ak6P&3tT>&s`76n#yvqiB!~&(;{c057?B`d;SB&xr1M%-%n89~ zU>=%+7H{oPIhPXc<8i{gvI)m2jGIFh3CadIGrZqAFK@{l!qO^^v1JvRR3zR;gLrL$ zkX`Vldm9-|W=_6G8y#G;qd*4AxBH&KlR2PfLyzfg2JSlhZ55VboW4>NVR%aofo(x* zvEF_j z+W+yT<{SSOL`Rd>)wy^m)xA$mS0*2&U-KU>OtkyOa9%i--m>H896L%1kp zW`*Ci@BY#3>>GHeVs69%EvwemXyUIUL>}T$5#K%~fboj$abQrC$rjYvUOwV2mVib> zn*H)ca^*dsHryw^#L_}O!J07m*w%N^V)+Xy$V|Ml>&J_@H5_-pNARu4-L;_le&uOF zO0zdZ^FJN%6LD;r4^Sm3DzWtT7Y{)bcbh}q-&nO@RM}%sOlPERq^ksd{Go9k8JkWB z(=H+nmj#%3|FRylz+WQgqy*Qfn0>LzOx#cVJ{|B?F}6nojTZk_nQ-wL>~x6xghAc< zKkI^@X8)@+ns@2uMMM_7b+y4SZ4rkfA4sEZ5K!&{zSrfZ{A&-~<~;Hj`u4x3|LR4U zD9X4y+05@s$aS@nlcWZ)!Jo)Rh>mmXODyXnknorxYb4ii>#6u8Pd5x~=&400+_`Ua65>URm{eH6ynHd zRAi#50Nz1Ps8kPG3c@L>vHDmXh$K$-=%dl-ds!4XHi}_)*g0Vn7QuBM6!T`##=vMF zX!y*co_6>IR+XZ&KPyRxs~`?ZUDd;3YSkzwQ9Bh*++m<_dp&8Y zCg)R?SmS;0fO;e3!tQZSO?X79dx#Vy3W>sfn`6+(ds^OWpSNYZPKW)k;@;31rYWBJ zTN;fwVi_A?`B`+3;AlDp>|n3nU6%7J$!h{%tlnvAhQW0ecxi;(h8 zY(f&{^g|kid+r4mF5-1brh+HE29XBwno%?4J|{v7;UMDE^9I5ht%9{1j2litI@5AF^@o>F|#TnK5*-q^^>{avPRM?M;$6Fin;fyd(uZs z7ykHQUg)#={M}jgAwN zt|XkHNr=M09?6pV-`W}s{7I?NfGyfgAra3Q+z>GqcLix*9DFOd&Y=!@n5+O~nx%tn zD5kmUgc5>LtuP8mk<*6l9PByso}4(X|0Z{1AoN(^m%~+rDLZJ(fc3727&&l8JEl70gB;o0$yUHbjz;Csvk0g_hD1Wxg3`&dMrm|fcY zHWP8wM5A)o9vT3mvP~H4tiYSlo!%F8!lf6>kt z+OO-|_b~2-pKe&2p&;GKGUnXMd$8~mXD$$0m$jIQEqVv;3HL_ZY9j=jiAmxda&HP^ zNXpa)1fLfAYSQ=R=}4i1eqEEzW#u8FKY*DRa{6CvYp_$~a^Q%nE<$ls*uESuNnp9d}qc!wZbc&FE(to;sd(HTWR1yNx$i9^U*45S;&Nsq_ktc*@? zkA*fW8f}^*dJ(xA#Q`vpFIbAmV{+Q|^rHN1BZ(_Ed4i*- zV!!V;9z(YJ#BmUrG@nQnb6dqui3TTM)zc5Rcwo zup=gXheaEku(Zc_2n>W^HLPdLy)OxQN2}_$IV_Tv_;^K|JgE$tR}I+vTH3)|pk36DWfWgA=m&p^ zv>^8Bc-`7!%7A_8;u~F|cI~j@Q0)+?H~wJP4FG19mv`~Q%dotOD1}x$D}P$O3Vd#8 zrM*cpkJ3RDq+3UuA&y2Dk!q2X9!xfigLNYv&$azf^y5|B-eTIj)uGaSe)W@Oy(9Ii z7A5QlVoniaA5C_?7jHBuLX)qzS9uP1FD3_G#hA;r6ZvhQEu)V5?8e1sXFu|I8&)eV zETxi+s^95$fsgL=yTRh*4Z5*n8}HyV7>@4k`~;Z5%XyUoee|>3S8uv#`H4?}%j>;J z^fde5x@8~tbIH)9xU8|F~0|h%ypD=#O~Y0Jlz3_)HmIy z=Rf|_`6Nf1m4?#jmxSw_$;Mhc6>uwfkbmq^2&UuLJQ)>TARf;`XB^P^nIq6JtqEz7x_(4?l=ahg5_jK7H9Y0v-(3+xb4w0aLX_ka;Fm z7$USE0Wp}UkD>^mM#9a0JxjZ)72!nOy4~6Up5A!ba{M{A8<d$dSk=)@}_7C zja+#;1;~%~a|r<~tdj7mo>Lwy*fF*g-0Zi91RUA3Q#lVD0R@5A^h$Z@*z$K-l>iN3 zO@tk=3)~O&+!m+Ftnwb}m__Ak_=sH)+`A3ziQK1nP9pO%DZE977z=RzyB)<^KNKI~ zWC5!7<-nEQ$%13|9|%FzfG5v8Pysh<=mQ1yel!UccP!v}(b6mldC?Co3TE@dWz}+5 zfhW8O;Tu4B(fXFrM9FKQH*q8ZEQQUi>=yuQL&Fg`&PD@RbC5+Vq8Qfpu4eFWSnq#_)P z-hA371H$$46(GmB;Iii?VvClb@5DK}f)Kwt=#AKhDPR)`_+Eg(p(NxUIbVmz zJqB@SKBjAsMRU;QW+ntCu=b@w#Rffc)EoFjRZmEN^n7{;3`7JA12q;Z$G+$U_}{eO zfhDtL$AQic$q+SAZ0d85_=d%ln|ufy`2j11%MGyIZV;Ut&Q3zr5inBk0U^42W!QgN zXzG$Nh?@>ib5{b7RZ>krm^1~hCh=lUW)xz8=<|c!u+dw`-0bU-SCvGGul-90PlvB6EE`DM5|k%0G;e(XJ(r zwvSc|kJWSJLhrb$gndh13xvDK4~OVHz7z6ESLbn!jyMo#{OS9o#qJh8<1*ujT+y&q zRZqFf*!e9uR=?GNp7lCPpY$52kj{`6_L_5Ru)0h?-1cocl-%(6S|=zyZC#=6!XMEu z*a1lb?!(Pv4dFy-kM;36oF7oydL^;Mdg497bpGSrR7==xAHAec}*3}-`aEf5X6 z9?!b<0%w^y&T5nkPg0_d~^Nm9)N_@_k|P%w2bPLR|>Q|rj=H@8H()xGn6u^78oC1IR*HQNz3udl+R%1gu}o`$TXuF zB$pBVyr63$-3UU1GkNoko0V2?`hN#&wp z9d6nx+xz=lv#Q$noWbpj1l6U)dqaA^b9KgsjTgzj8;5zvjMHBm4jB1gR842eeM1xS zW)ECnp=~Ukn_J4C7r${hCSSX{=Jrxu)l7Y$PjKt=hUb++=YZE-Ubs*eg=l?2ZA-Am z_t>AlqyZ1)!NXBv+rS{Yn#oku~a8i!}k@P$egC{#kOwE#=6?Ot(1(vwU+o< zlAJBke$%CL8Zt)a9+;@l<%d<%9SyI7j@hmVswAG3R6C_?HXb)Rb`7en#OA~#E<0(8 zf^pW~uLI-!o%u7GG~l}&7}}o&Tg{ts_9-)Sg`g@P#r(!x&8E3{>Px(NlQG**6!}PS zJ8>E?qcW~@=3!zv$5;i=^P`Kd&eUqWR$v~!S8%ZlyW*8VW6|Fk^xJDHm&w%7PlR2w z3-v-TXQdQUepzpAU$2i`_cYnkJm3Yk$~EYN_=+=9o@I|k&_3hJt!AU=T^_5+cGGrj z#tT2LG{Rdh%N{GJvh5wJVvU5x{Hu(a(-ncq;%Cdl&krv}4SO(ZwY`*X8g6gbIzmDm zM;__V?hG(_2CbxzXg?OQ{nW$8lh_t5p~^_-m*ai5=(T-D#rgBgG{JFPKDsZKBkWgf z;q_rS*MYFf(nFM!^9m7XuZMzCclx>LXHZR~&G0>FtZ+1Z;CC}HXL;gQoQFe?dEipZbQ`BJMQAw%+yOh^i#mmMX3zhk)OQBS?jsNC@_>#OsNufLkP zUGuk$^IdmxF@9M9;qt!bi*BEs5{E_e%8wehEFS2?FV_-xUz$Cse%*M!{!t*Ex`b(X zZB$_Ky`lGB*@3M~u-^U;<=kzN>26B%wAJ?hFgu;MC z(4gY5ekn_8;#2v4CI)~$h8{usl2iy*_}1Jdc#-qQ789@#PHZW}TB zU0?SLD(x=4=oJT=l=lAgl_g;^|39E4@iVrBZAH5ZZE zti+JpP}qBsr7N-Wf4@k#k$qjg^YI*EOn=iKedKV4y%9Z@8qg227prwir_hknwBT6& zkp7Tu@Ty|-9h$$!X{eA#r+E7FxY!R;o44LZ(`=IT!7){y5LfA;ul zu3A{BQ+~Fg>QvC!FKa8fE~nvKXhV;N%FSJ}wW;i~TWJ@uYC=zUe@K`vwjGOOw@gy2 z^KN-P?*8uj4qfFq64{j|YSObA_BWmWNBsSP`sbeaWa0-~3P&%igG^T{abBPA4+w0R z&uw$}LnW>|-syWCu00a4{@peVS`Q#&Ybt%z5;2)w!Z|C8L^&%_=84q~VUsCn&GF6fZyV#1;-Amnrw$hAR9BoCSA7|7 zujgZ95)1blV?QPI987LtPz|!gk9zyBA#F$+(fBUzTJTte~zf z+SHt0cfH8#fglFttLZJ%iKuhpj^ zu9>&u5LVQzbl9#j)UL^LqxLwS=k1;ysDB79mUOk)Oq=E;;2#72!?QMYC&~3|&+GF1 zj93t9FeDa7DG_fPa5C^Dq~x?9r5!{6=6@E>5M)R<#qRYtbW1hHet=dwQyj?kLdDxBVu4;LEq=sK{2c z^OL2Rlc0|Ij$ znbemSo$THxn62@5zZ#A|?=)WYr9FG_BUw3LGC2Osi$YvAWJFvL?>l3FDM{MW(%Zy$ z&V}rcSaqc2C;0<2{N~_ywJOZiCw40A?Kl7_rp)*E7v&cxAveOH$V!-ef0DT!IfgNj`b6JP* zmAloS@04y#W!o8`!`n^&14jT9bDAS1p9iq<9D4vp(*(cw3qssWaSCucLJa<+39%G)mL3-*>i^8QvAon;4f=7(E*_4}xVAgH(sPu->fP;u3=68#Jv~D0)N5YLZYT^>(o!qKfg3k?GeAPiP^mXPP**+7)g+UJC5tS_1v_m z%kbWdfO~D0m0M2=O!^$pCXjlBob5L`J+NW`+a|VWbCnP5T%sVY;Szqw6rp>CKFU>J z9@r5*4LEZpXDKAD)^7Tyv)j()Jm-OCK$BMk3B9|Ev4mKyXuP)Fsy};adEtqzzm$%8e zm1ODYxanHow(-;q?GRWLNhka}$_M1^+h~xk&gq|nKP5Iy+|mI0cC3K4{Bm}<(F=Ny zEY@>fgN^hT>4b{gD5*pBhw;l|Ww7TsfHE3yE8ah5UYRJ~nW?Eb zmr8oeB>5`Qz_Xz8{h!~)0nIo;BN`ILeeRQ6%18&MbT;emLqbOP%qK~FEkuRjx2NLl z#z>Y(yoRW&9c4@gLlbv_4{B_Ez2r?Nr#t|T>;a*QL~7|O4C$-T?gPfP2U?1BgXiUO z7lJJov8DU`dH%BI-xBu6v3a0W`$Z#@J@|`cnSF(9dIt2|L)CSO-(Uh2r0MBk&VK{9 zFW%*@7`Kh!L7p+;>#wt5f1s9CwZ4OnSAQn4&I3iAZrn+M1WM=ZU~O4i=JH@gNgpgU&-BN70mW=ARUdS1}fz+s1UBlu_k#CG*E^q9xu zW3Wl3OS9)f+M`&-GlR?lAgK_GwD>jWS?IhoH|sONd~&Lh#ZTqC%3x%(?uIhF+DjaE zX_ts1OmK^HgQsH7+vz&KNO>OE`!KIAkxv33Vn?R@{W<$h`tQk>|C!kBg-oCP_=EBK z+|g0V%MGa(!LL9#*by6EN*Yfn7M2V5-ffA#_tRpiHO?My5HLu1yWmcdY-o3RW`0;Z zTQowRrxwGiY{X*h?zMYQwib9kaD(QQ4l8*#7AXp+00(5769tU}$9I5Qn88Epe6wQK z1?Jbyp5+9=304ONHl~ZMA;a|^PGXC}6f+ZG%b{Jrv8cm(fdHglXcQ9vjpaQM-?=H$ z|7+zD$qpzj12#EB9wp44!B>%Rv0-wRyK#Ml0v+`d&X@)H3mU`9(Bn=&DC;f97+AoJ z{1_3hJkW}7*X*^D@FE1FCggP%ECXSz#BOt^F+~M1&UjQzqtt-j!wZVK@yinhV7Kb8b)H~D7f+&c$rO)#r6kJ zS#vLTMLQ#BVQ~&*VlBRD?RjMg*OdF3C#$hRvsr*ZFCME75Sho=kBiRUZQI(nL zg#$a_%`vD!9XJJNjYFCV6#UX5g(?H+HzIJ>e!|7D>UL?#mmM}9Sym66cVDpNmJ06B z?lhEe;aLm8bBb|A2(o>6OQT^S7g2nQNxO`Kc4LI8ghGA|%x8xZVQ%t2mM>cfyg6Bl zUi~P#kuTRq-9A&|+be;^Q^&mQ3)Yyp7Tc^1CI|OEpL4{Fg*+$u=qBUMbuM|A^bXDMK&I% z8^Rb0aO-i8=SM&u6V75=wrz4uA0L$;a6Z`)#;1U?tNBZ1Iq4{<0}%|TT1jItM9q{I zehd#RWhrIO^yDDO$}u;cC=TtD+V2xYS!HD?oK!QuRWwmf7E?%P*1hs>R_U=8nkHxc zD-$Lr8_1G(5uN4+;Z7F}mv9Q%RY-54WZ6BMwv$*|&0x|B{9VnOHtmm;Z=bHTTvoZO zF6A1|yDR^cWsin15Qg0n{VSSU?yG@t`j4zAi1FE9&w4u{$OXXt*3O2{gR<;kFT15$ z@$ImzNEch*EJ>#?ijIYUkQ$?!<8fVO`6YB1>yN)ob`;i-6UAh_8beVRBsE}CtPo2H z+^UXm3q&QE`S`OSn6+TL3V(`5|Az|zdWzcP;5nc?L`qwD!evU7b;xgrx|@|;F#aGn z&2Tv1k390;?2sh?D(6+I@y{Pq`k)n2}biL)-g-rTWesg9xOQOukA|^5W23 zo-^W_?e)tzu=v^qT>p#v{bqg|cg%|!$}*9k*u@l)aXIfkv7kwcj^ukNl{pYCgoif} zcAM09O#e7jYAq(s7^1~z8f9fN+oi!**Sq;%!Jhd~>RpT0%%KGWB;&Qgk}&XKD3%|5_!-EdfSNYb?m?%yFZ8F zKXCqJzph6f89aZ24r3mHWG%FKv_p=Jp$j+>iq*r+MKJGrr3)0bzc>^xd?^si*taEA z6es@s#O@PGmhd6w)vJbD+uhnlT3jnS17bzX-Pdyb%H2$hAAA)~n3-R3wp{HBJ))Ok zRYI$}GcYPk%DP*R&b>Eh2;+6$<>6<6+&9tBR-O1|AOxd1brSR!XA3I4^LLD8#;+{BydWJBxxu<7N= ztr!7%&c2@Ow5!w|t}AAa=Q{g(W02I_*8a=}$!f18FT~7{gKL9JvgdxnZLp-voxgi+ zN&9Wjjr&V$@)qs6TN9S_Llv}uzgMAw(w(uam-{lagv@CI+l zzG9h!-0gOFidhg2n6ZRVN-S;aIPtaz?ZV}sW)lUxIvygEXoUF)G|9bq{P?k61}M+C z)J;XwzU@Q_W;w>{9X=?l>!+pb=Dz$^I%qG}o$()uP`7MA>dTW4JJ0cOhS>zaAzuw4oeWWaO4zm= zC{O4R!Wk*}CY)=N2pat1(K?y2e^R)R?`qJXF|z1&yRehOldCN|KPU5e7+eS?R>tF< z6~t_uW?upsV9TW$>VHku`PG0^k}DimFNHLJ%Rp|{mC{)uckeT=^Q-fr^nto?*(f2V zc0Q3I7qxF}=>w(^hC^sa1vI;1zQ}m&j`{mt+o9cNX1GTT?Jrb7g=qc!1Lun!xTKVO z2JGwl&n(_Uj6KhHPolH{?H-kc&o*s@KhmFCU9YNDI6AWKwM}flwyG1Vc%7}t)&JGF zO%)f<`eBD%up&R(#+%vsijvR7NcRxvzilLwKm7cD9*dbfH6$#+^o)@Kf?%hMAFp+> z;^bhS@eHTe>JM;}R)FEtzr8o*v*}%-FtE*w_MNaXKSny?#J-WFMdk$@uzY3Kh*jQR zoOd^X5VBPg#SbJisgN7sc0X7llmBS{);w8kV_SOZ1B_cf7P7o_i)@Y%+U8^=e$Uz2 z7l|H>mGCQp#%g%fZwbrE*2ZVuIy40X*J_9*gJTUP?T~S;f{N7?8$w!s!9pzTY*BuI>A}sw z*#mW_GQgs%UbMuPz!ULtlA5C@)o*iZ_TDWj`$B_@&IE~p_SgWU*XE-AGUFJHJZ%}4 zK{#tW_eRX1aPTLT;M9H%$CP&xZtE8`t0HiO+V1Rn)0L_?CLpgKbm(wVWW}!f^hfs2 z&=6^$`xv%7`_y?<7d|hCNuJ#pj}w}knUPmoxw?GLBk|v+0QDuxxbGmw?K2*&`yfmN z;xs11s66&nCb8%k(|+xzp)?zZ@r$JuR;9Q8OAPjFG zp9l8IcP51~)vgZ2G$QPB2n$?FHn){Mqlp=UgVKlOCj8UV{|-tscZ5G||1b}egWxH~ zigfnVG~*3Wp`Bq0LjA!?GICit%L_$8(bPyWXR@m)p*or{G`U3VV>(qfgnu+Oz9wBY zfmNBsz1vnH`~r41;kO}$^Eyv39@G$trPn(q(vT+rRJn2nYI5_UMtw+HTS5UNfxUvY zBX3mAp0)jptRUrl;1Q5#700J3X$lc-=Wo~LR}OcSX=mb>TfRkv2JC)hTVVHwWR6q@ zDWRmHoEINcFz+Qx{3xS)p}QTzDuj?X-mU9LPLP}WxY6#+OLlmf69~L(WoeYo42))% zY>bOXN*Ok&u)|-*9uAyG*sn0KjrL!oShUkZD+_)_hz(DSE|4M4ot|Yaht+(3ZB6dm z{cZ5)9!J7rljea;_pOX7Qkfpeg!p5D%sErcPwsnMw-TqFgmGx?z*&;rlR| zBjRb^V<#q3vNuUrZ=+!(q1+h&S38I7_ z=^75DGg(O=XsYPvy1>SchDy{-8QMLYJi3yaGCJuZcgF&s!4enTqU{JJWe+IzC@7OF zh|)e}CeC<8>9A7|tWW7a4u9c-KeB2A3YM~u=bChg(-7#y!$gV?ZMM!2AZBAh<`hDB z!!S^1w6wTGAJ6g>8&6BV@&O-X-5=OD4M^_FrC^qJ+Lze=KcG$-e^Y`q&9?NR#d#hh z3;y&U&0eLa_>iPTG2cP$y{qKGhD`W4ZhqT3CH|Uu#N1OP z{;_=X*t5IX`lO5|R`-3`^6>;I#Q)K=>Tk=^fP6#?*be(J|9o%bDJ# zrhzq)MsG#L@u)fBdAH@cH$2wgg#+QLVcUg=!?y(QXq`L?IaosCT zX`+y?(4eF^LNtB2Nx-Vm!tY^a8w4|7ZO2i z2@fyEWL1kv-a@#-xu-6#A6bjE=|G5h%hjp*b(pprr^3gVivQhxZzp-qRU)&QTHYHm zjF9mCsP*zdvAGZxeLPSc!gcjI-zd=?9$NVGTdZ%+Cguw;W2%V-nv+QaqJA8_2-8e* zjpCZ2e5H_P@6Y5H?roo7wJtAcvxcA%(LWwbIBCq8*4sJsnlPMGG3<50R*Dg7VjhCCEbql{9ch7E=7i zew6YkaCe1etM9h$QKFg%NY4r!UJT_a%$?Av7vp&IFKj3M#pQ)Y*MVdicL|Rv5$+;p z@38$@z4fS`y|c_$O}|NCoF(I|9nFPAHi$jDSQV@?uHzq2!TwiR$o3@kKX?7)lw>h1 z)pBUz`~J8Y6fw+8ueycB}u+rbJp8y5VeOvk+t(%M8=BoR2(;uEnJ-Hw% zj7f+n2pFmEZM_Y#uOss|<`I1GA^pv8#}9PDBU}K-QxR$5CV(@R3+c8+=JSzWbv$ZF zmFNqEhDHE zgf)r~+3|OUgA|C^@sBp8?R?3;@&wHN_rXEHMadvK1d9=GqX>vSUb3d^_3kG%+|)D4sHA5Zfblv!`c*R+SJZ8+!~clKrod1A{f+&YK^ z0~3bee?ideo`A42WTA=l6Pfd=s36u^xp*Ma+Dv;nVXOJH@!U+ZNFsGw%6 z&~z?Qb@t}(CkgAR2e7GLLtmZL^dC6KgRIDDh&c^+0m-P_)jxzM=B05jjyNwm*(#Ua zAH=MZ!DirqNvmeu#@9ap`bcsWmvy=zBQ$lJ{U8mhWQ2G--#Zk8!uV_qcaSJ{D|$Y6 zaX>u1%9KU+6D%cK6*=(P(3tVgziV6hVmlDd9iF%z(RJJIg1ijzx3EEREBvu35+$Tk z1zOeQtFf`MU_oBqMg=9M8*HyBOU*az;A<$I}ruqjdc*etfu49cVSvC#E9Y+y;8 za^Eq~6ZzAEFMcx(VgOkIN9B8KDQoW-5RWCs$#yU-#Y&iYjf(}x(%hVZePcKrK8^L+ zY-H;}F<5Y9TlvO5vzeUp`8Du?mJq%ir5J%Ct{rNM6%X!-$gmn%3L3Q^O=oTD@hbr| zgRd=0J<)`sYWvm+(8K62P?3&0(SAxfYBh}wrc*dqyN1fzu`_g=?j=QMl%ABl6(}2c z-Tl{US79!nI+doj!DvI4qP75Hr_G|2-w&m3z!Vtg=MX&tnlq8rcs>DuY%%u~!Vgyb zXT|+`{{fp9_mT{UeUU*5N-=dPxUw0qQ&gRg+48^r&tz-iMqPKzamBzFq6{%>}6 z*1oYDt7G>juqx5d^ST`vPBc`h5|VSI!qx$Jk~AfL^S};`${V}`f9UQsvbLA>RNl|dwq6TCqY?@^$sYI|70anz$l+TU#VJ?EAt zuTT65A*-}Q-9T@5U6Jb;mrpXF5=x}h8?el(MM(-HB<>WhP*?Ab0(Gbme47JeCGN$P z2+2!B9(9MYrqa;J%7Q!VAnYk?vGzpE_h{~p40<`_Pg(YMcpl7Kztr&Zn>q?;A;+jg zTxUR1w{z&Clpabh9I{(#o?hW4jeJo=S?E4>VW|a^bLUYzbSV9Am@ilAdP3{ZK^)(8 zf)theYV<6^kR5hT88vngNSIvtEJ)Ca2`>s`>oS6wgveYbNbzO?q*&-bW5P(CeQkRf z{5wX;5w!5eS8(>T%1<*ukoCeX>DZ9H?EhTj4@IDf`@sGvDkbHcd2^pyb|k&g-@8Bi zh**uwt20QTmKmI)f_9@L9vu*rrwAv}#CF#_jh`$4n0JEmcMFq@O&UE)|cO7PJ~P__*OpjeHewP(cKPbsogv{C6O@kh5YKPrdUEBnsnn zTtUupo9yPh40*|PM9%I7;S znkPhRqx+A+0*1N-eI~FUjDAgD(%%W&V5|o1M-F z2Clw>Q7V^^M}r*D9s-g0V?U09u0*93wvTb^o~;B)$^N9$XkayZ`BrimObG5HXGK`L z*%BHTMew8)_MpctgesH!uMngAZ&b7Hhtuw~lM3M{)Ij;}&UeJS%qSHEV)irWZK99( zL61*jhbh+^*ro}G$X6PHNg<4-I9ctVuzlWobfx2j#DsD20kut3JEwSxVhyErJaUhu zFzZMuN6w}aN4o={QCh9BiL9~F(E?e+Nb))#C_5H*mv;TH-oLb|5cil6#cQ!<9n=KO(M^-kZ=@VG5CHI?93z0;}ZaM`#0 zjoHhscUl(r^?O?nJ}=n)ef6{?DCwcy`wuUk{k|vkvb7PcIR$Kd{01S(u0HQb+QP8N zDfkPB0%z(mt~$)h9hW_XXo7gTU;?J*PE{u1_QCI-_sPx|0>jRqxn!eRq990%I*!7p z8?nFyj#MWWrT^n84>n5zdT2N%TWkA!g=P6^m6>`7p9c1zLBG5C$D&GoJQPV(N-8ZR zD&bRg5#WO;tHXE=Z&&FSa3&Xrp8IgJWH*WD+XJcPJ2j{=VHw&`h;>gQvB0QVCbeW& zz?<+bAPC)^aPE|+?8Ch!++W9^5)>3IW%Os?eSEnz#}-I^pe46ioHl!Y7@4Tp z6;cV55k(+0aJ?`-Tv9-x;;g{jjHu=WB(TA~c7V0t8=wpx^_HLCdHf9`8&v3BLR+txa-UXlkIn^v zQ(PpB%FjyIgUbtpqOC9q*NN+p;39#U^-C7fZ}r#G4J;ih>@6Cq#vg|wR_t9dQDx0k z5Zv1^X+ z-W^PPQiK`bDmwB{tpDG4w`M(^ETEkD;o;$NzP7g3s+R}V-gp(Q_xE}ptMhke;`!@9 zLeLMk%NSv_=o&Qm*#M-E=2oAbRPs&&sm&^8cd7C2k1QV#55^5RxPSiWG%08}LQgHr z*fv3(2bBNVf;wgjyjv|0&;LHw_)Y-$7`5Hk+mB@dYWV@3Tv-=#Csk@$>y+=U+rU>> zY0G4HAe{#j(ch(Cx3cT*_R&OZ*e9f3aBKsA-SvN86C~gz5agWljlKLas`Sm9#jTc> zmJ}HonSQxSV1)`c)Na`TC4c6aP?T{>*TFa#@hj6ZLtnkK4zO}bt9hMnYYSrJOsTJ%#G zx4l(gvDyGlZPp3Eizf#c>p$1xP*~haoTtyHU1>HQRP=ZU(t}*22&l-d`qosr#7OU_&ZmoiHH9g*>T~-@*e+Eo z@V+UR2)|Q+DVit`8%{CJ2+t9>gy`i*;}?xEm50>-C6h2H+f;dHkEUVV;F*_k7>29U zoWYD$*fby9@fjy$`|s0y`V@KBLL^1sKh=XLu_>wVriWHlnQXgr^Ut&AugALC)BW4jDM+Eg)xm6PTZvIuQ!p?Pj4;SD>i; z%$#0BI;iGpf1;w%xT76OQ6e#s@Im|jOYPt9iJ*->Ki?S%n!5}asVLB#|88&AjV}`- z=qP;+$^+*OH9&}Ot;P4ehLO8&mjK{%PDhjlAumW1X{TfM!&S~`ccpPRMV-anTbqYP zvy1HOP?Jif1m+(M3)XUsPxoVgUKSQ!N-$cbG?Xc({#Gk<`9(!2R1zr7{QUKc<$g!W|Q5d5tzvHwv5jvo~^1Yio(;@DyaGsuVCyP@8E-w3d-uD z=irs`^_t*+IWscj@}!>tTy;}T^)8eJh?Y(@_nrIsLCCqQ`Ob6_hZoyG2*4tFw$ms3 z_7nJ|(7}qZay*K3MsDWPyT3o()BxvwzCyXD;6#*!*ki~`*Es3`)9iD85s!3}^V!*` zR%u6P5jQ-VqGcAg*e4*Kw{LkWpDjN3vgIJ^NF$tek6Ut0A?8GW=NlLCc z{z(v70M#b+CCT1R$+ke6@22Mmexj+H*X6&1L9wVQWxHGc{I37bYQS5YFC(TL)B#RB zss0V^FnsL>rbtomFCwgc0&JP})jtHArOm2|Cod=vUG?!4s6h;r1%%&1jdO`@UpBD` z3YWMFXZ^(XN5XgsifvcBGH--!1VIBX;996n=kv%=QMlb~is9duTUFxC^nq|IsX^tVKY2!4;2)dd?)Gu7vMdvrgax|0M#6kP=p_-;Eq9tQVewXT za;*nHC=1t%D&XV2>;n)f-$5`ml^uCFbveQeJ`OqZKiO)uBf?O_|0e5lo+P{Fb;z)S zJ|w2)x`QmIw&BBuIQ24phF35roC1nCr5!BRM$Asggnt)>8(xy}SF%aGIJQ685Dp=P z6UO_AJ?|64Cn}V6n&4MI1gaof;^^H}b_@o5iWEki#cLiI#Y3x;OAJlhV>P4*`y03IC0l@DKnlrEGZPpZ>1F6D+c{uVL4A+Y3+R7NQGkD%x)C% zndfeKRY5>oIU+CXUwMD@@@L{y{x)WEpQ+NMu7^Zwt@C2hG8&g89@4W;{})|RQ+`LV zKmF`T$Ma>ynXt|R*qKMz63c}zE=}1j!BP#VJEe!Tfn=K1Tl<%V$<@6i{!cj*Ur}hR7Ev>nc zfkACZaB%P>1~0}3XlC0XGB1OtuF|!$S3gsHH7K>17EZU5{~!y3X%N~yR*g$yo@e&4 zyoy-EGS`ezIFd!Z-eiRN7$M>=wTvOlpwym9=V}2U7~Jm(mv+{wkFO)s7B!75Mip+| zksI76+B_@nGj!!XBGpZta(CoOYWyjw$3sxAk`AH9)V5*9a5^dE#$<|>c_C-lRH{UXm5D_Y@TC9a_R(*q(O*fLCVUywD zxC|31{C=2Z2AAv6qi+$nHga%qT%~_oJ!Zhm954cqfew|!Me-D*3o))8GRfe!WSj2d z1!E~3-9)w${Z&pqgeK3bO98_SA+*v0#+Q{>`5-MCmx3sGTLwODpcIT-GoW zLhaL|P+{Ks(xD{{B-Bd3ueWtUdl}q*KRP-iN`S;%<&w)|4d^)ey~O;!ng;}Pl-th1 z2Bu`NRy%hW74j*Wm50eU)e!;=O^=O@r?`cL_Ws&23C0hbTwanLp4ukGoKGp~2Ak|Q zm)VL&(>}4hH7c~4oyF{U>eXeO23>z6ZQRN~6Ls%+Xi#(l>|IY0v4 zd8c%>t7M>VXmfos!lwmVj>GdQotBBtQE_(I38eTrok_8VStzQIs8qHc6 zk3XjKXAQ@2!3{UyOrV8M&pz3}#W3O=3W*)v{Pkb)LxCQ9O3a^n38G=6!QUv zD-PB|8aU{^H4?+=g^@Dmo_dumDo@4N&q#*POiATL6TogPbF=zOENj@L*~euZc!2!q z3KP%ZtB}SD-&Dow-9UbbN6H$j{1d|GAh#X{8rhmPYVD0hYjh~_9}P=DFhy@TO9+TJ z_b_&b-E8v*;4p3{;nZR4FP?cx350VycRZE6MDuPSS{vOFug#r6#Y*^&_r2iNJNyT~ zDa)6YY(aO>jzIRu{Rn=P{cTkWNY3gMjgq6GvT`uLR~16@@F(VhDQ5Fd4@LBTqSoVX zuAbalwE&aO*9>x*`44b3KHYkGQ)-~WZ87rXuS~UxLF8ag`R5-Jr}AuoNrXLp z&L?RnK;xL-FvU5}*x&W~9(QW1X}v+^Wv`=0@A8upojHHar=&lT8~d#Y!YS?FEyRo+ zQ!!Cxb&npjDDD-pJm;Q`gPHc->%NOWB*?eqI2&gi!{G%)LDet)K_Ei8SVO(2Wxoze zSupkxq(rw6DyU_7C+y)3zH-xJ6phb795GsZVl6p8D2?M~H%E~8&rmW5H;hW$H|a;$Dl8W!A%c|+tWFIPb# zoH$NJD+@C3p`c5)Tcfa6<^N~@u@mU$5;>9T;-T&&L6>ue#Rv(OQaMQACU>^!tkoS% zISL}~s5)2sK#4Bfu+kjzWAw7|6gl-mgA9no{bK0%NQD}wVmrckZeXLiu=Pc)S2Le3 zmfH@9C@sum#niHtY>yRS6`DOHIxSCI)ww4ErGHUtVyaz@S&?#wLG3*xAuB|WDA}DJ ze31)Ws1`gJt}g$k#%&=u0sjlUH73L``?=WU!!8PH%_lA>ZpRyMQ}rliQ+Vuwu!kz{9_Pxb?p zXGfYVq>LU*4*3vtEC(e0=BOq`kD*OY`x9pVUw?*`4L7t*&Yx%MRm(+L zum$Wc7+F&bSio^Y)I(q+6^V3r$!C!05HiQ5D8ufMO~ zTxkGiSLU;gT&ZV^Q{P14dl*KKUV@UmH@xgoePIHLuWfam(m$5y0o9Ea6ihfW3XvF~ zyE|=_7N#Z*ZLUeC_0c-95^q~ki0nQ?@NJER@i@&vz>+Ex4j6LyM~JHioxKzMlQ?P? z!i5P9uYUqR&Urs9%vKrw%JCm*Cvj>eMd7!pt2w80EXRR)#H30Z!^Sk@+;4CItQ*`B zEk&dolZV73=$xD?wvNZt(op)mhrR}0M>{I`P%+$tO8XrgS&QLfVy;(zvTSF0Usg$i z80uc7IvSyPqKIR+(Q~3iewu!!e*Eum0jqPn@keN^*WYRTbpLf@X2p(EOUav@`26_x z-Z9EQUDy5563B3(i5N*LYIy6_8nDA%4NKfiV_0R{3a>;g`()NtFmw&0)e0GlFhmj4 zJWAVfH;Eb`}iYvrUju+4F9;Kp;&-*ugi5#b-6MLdXTDz2i{e^vohR{-OglDLQE9D6{yH zR(2<&M(+DA|IL9)_&+JjjjTK)Xu@l6flM5*)ycp7d?TmRdUYLex*=Qdlunw5x1P`4 zyl`Y{04(}Ht(V7ba;SXY`N+eGxS_s?&lY>Af!3S9PL0(+Q$|~!ImtBNKurGaf2n=( zHCps?Uj6r(U){5w?(E!kJHV3n`v1o*OV;RW8Wvc;6;hehDy9AE{MQ~lTk=1Rfe)Wj zFJ3l2p7GigEcMxBIX!|t9imguNSzAzFCQK9 zW&;lzJ^IVfQUferPPcaG+?ss9W8CucmDC%+&{usS9w`%A-cZ^8Ts_f2Hs#c90I^9* z+A7ecrRe&zB2ra1FY3+~+OevGr_ z^%rwON>>}*UmFVTe@7A#iMsS_a3?}U-nX5jnqXswTuN7OooD}LQ_JQIO@A0+UE;kz z@At@`qD>VrwF?xiFLK5Fv! zdNKK~e!9r>AX4;Y;Lj zjHDoHrokdIft1s711)E1nDRt6k|j5m{QlM#fJTA;-une0m->0<78+q|M`r$z^{L&V z#^~dX#kr+BT*NpTY@c7QgMc}9a7|2hvJrBJRyrc!gdgTpJGik}vN^W}YIIz~2i_!W zwQIes#e0tG(Nwb3QODl)K6wIxXgYbXs`!SGMCVJF2r|wK%-Pe?)%~K?>>;Iu%=pFq zm8V~?E)S0K(w5e91r@3ojk0JdYK**YibYZDbxBI`vXxKhhJ@I?G|+l(d%4f#Wvx7e z_69|R=Z`c`HUj64s@%Vv2FF|;wjiuw8fV`?^>A>q`&gcr&;D_`Dbz>qOx4vFizw2x^=;y z=Xks#6LZ>MH@92+Q#5CCue-adt%CPt1~~mG1zyz0w*aAF{&p!9*N0?{wVqEK9eY-8 zZL<&42(|py1kQGU4B3+AKJU#*9zKFf0KrG8`gM89+MJvoCo+GYtph`pwD>n_30eBR zCtHumN;a;)>6C5GR{rs6y2TEZm`p%a>h|(@0PDVZLE1CR$3KH)bCecCzts05Lp|9q z+f+Yw#O5%6d&TJaDN6hMqF4XFTKvV*6q2>e4n15~=1rhn z)gc8TZdUp)Q4edegHb2j&zAqYTHTZpyGQs(r~ybHGw1(xT^@GaXx%a!{Om^5M!9Qv zqUyrvmay^3sk-P0BY)QC)p+$ixRP>k#Z2jo24K*4aBTQhTxt<#tiHagv(9lGm?u^k zzD>GLWYo z()g^%{w#e=BwU8K?OSkZLVP&ZTK%C7#3?vt`C$TE-a{s5(Ot(C7{UpmD*dfmy))4v zp|i+Nm7_Vk(rF^)2Aryv`*AkQC6NPv{F&_azZG+AM2Kb6w1_mz?LtEQe-=_V!3*HR zANJ(%7ZeShokj0Gdv98AwzUC(Aq3@2|HyjVf(e$50Irk4_G!FnTjg}iO2fdXUyTIU z2OrUSx;ILJrwQX9KG%-}bH=hHGP%mmfW24wZ8sLOlntYi``$8zDYF-&7qwl3Au;xR zB2^LvY2rL-6C<}azHW-ItO&DW2d+60Z!g80OHc0b)Df!9q|+EIZ}B|mdwLXc7!_BX zS+U620x%xlB?NCKWXje1bna$dtRSe3`Ld`EV*ABtR~|geAHjkdoAx-CVs<8v^SRvjF&9V89j*p)FQqO;=A-zWyUfj}|RqUen(GpNAm278u7w^H@ zVvbj7L{$w_z9fo|<&<+?$#m*0L>qo+vzwX5>WGe17+Y?l_3lejH#hS^HA=lds)~kJ zw;Mhwpr*@rZUtBA3{g{hX0E;-%-noCQ?UMA$f!1pB)3)rWpS&{BZZ@0_awr$TgWg< zW%p4o41C!tZ#4F_C|D{>JmhZv`hG-29;=FI#ge2NQSl$m;}SZG1m_^2x9ZFCsCuFmlG-0;Cu|vf zRzjVcr0_T6eZ30O-kD(fL!Ue^qWuUMBBf}reb4G_#YxDY$)}(5(>#dOSdoBp@Xz=c zUqhA#k2{RZ)gv^}*hLa_g`QN5znGbd0~`@PZr#D&Wm*IVJ0+`)81}SBL4SkG{!r17 z^0DoE>@@GSmb@*tppdpD>oH^e_ior4QeiIe>4UeQ;l}=aSldM2@|WR!sBFtv|CptE zh3!1@`o?9VB9mHToU{<(10kP{Q@FY)>x#6G^9836f?FtK0z){q<>vQ*u@ax2cEu3T z1dADH-+e%Q+XMrKjnT9zVYYBQWUl|oYBo@k1ZA-pY<+kz0jR<+!#D` zoWN=}%myc8Ee0_mC0^D<&MI?}gd`jX_VHaIYa0@ePlgmPoHN}_e3lLh9YWr?4I_yg zh2g^R9P;HKtRc}XRcg2MjR7Gy8?*7supPuynFFO`F>qfOSUG4e8SY1NWl{pdkAIjW zvF6?6r}D((%wwJDvMh>6U6Z6_Wab)F;m}UfC63vc_;ecM+sryx&+Gy~0$W#zn6-Ht z+zPmCXC)q{3wkdXu^pi~Mv1p${MbYvSDI~t&H)kTif{-3Y&Ub)BrOK=qvw}A0FZT$ zSrTZpBZ9d3Y2H7yR}40Rhgvf_`Vy%3LH8@tnM;?ExLoWKh3W5 z>ONO_4Y=Cn)G@eT^&REsa05O<2>Fg%8?fg;8yt313$3QtZ~%fKb1>oK)C-hLk#@B! zt$iTyaoiWV-fA^I46c#XJEiys$< zw(sTHy*(A6eQQ?YkD6>JbSKnY^W~d|C|K_wT&Q?$%t9R$=YfIF;13bN^hy7&8!U%~ z?cox8DPf)2J&hFIk$~jKHivUL82s8(@>Vhk4slNGLpoU5`m8kGMTXu{<>{8w-A5UY z>{lZcO>BY8IKF|8XSbHaFwmJ=Mz!ERNci+{!uEEWR^1WTZk$O#n0;MMnMXm$;uP<6 z2D@qlPAZ9*F{Ncnvl^*9aJ|yxe)F4Qq_I|}=+_Tq^0p~Vgl(ex&zv!j{Mx1+pgSMyR8`wa|@TQ;|~RVEu<)1AHP+dbb7&l{qlIq_kZ_rA|Ihwe>)s@=PLz*dIv0j|B}9bo$-M5>>jl&BJ6wT z53P+?67N{Ix?hT45{0<~k90bfl9F@J9%4gAAOHIaCT5B=ilep;j0l(KoesY<7MS|` zhFP?NP+;Qd;FIz-mQyN~KV--G&|yu0%B~kw-0v+mVk} zCJ3XtX>F{4M1yASrS-lC@Uo8^zi7Y zs>;;(Q(zNGu2-GL?}T3LAgl2TC)|+8597Fa&U2?UISaFBH-xOB3UJZxs_ zAacJ>1w3MXY95-i_)|5mE9Q8AFTqu z=iWJ>7)|hfBOiF%D`Q#d8dGzi$0q2Bbt7!8+d6g`0fgO3jyMIelD#EToaRg7hiRO7gG70un!N19J4=31H z*k%WwIbNFEp_ZXKxI6WnS8(MFDdH_CFQ%e_l9FIvsU;L=^dOz=z#ARV!=zox$cf<&%SU+o;m}sly}Q#VF#A-exHI z655W9{OTl{q4yy!9n9~zHDVpnMKAlmORf}ld&#pfA%Lh$+Q(;|6;zxs%*(?gt-#G) z>Iw{UkG;f`f$RS9!S8rLSIi2e7)@z%U&gD<7t25Y%s|!K2(jFNzkmxS^MDorHS~th zR=SYoE-L2oZU={WloO~Fu*N6cr_*XnHXpbwmfP<%R5iJ$>c&PYw{ay~1{IR}3S?MJ(h=L7Ib# z2y%!wF#W|i0!CDBLRe?Q(S3}cwDF)HoAbbx)q_527P=Omoqp=`$SV^2?q*ue4QwuV z2D|_M*3y3{h}&QUM08LVIRPbZ9p-(hKxNuzX8b5VjgY`!jrgh9%T(&cnyw!mjrS*{ zh&N1hr(XLZmq~`$w9*0~idd}(-{GPnlSz;#0k`n80qWOZ#bly;{42==Ww?v2y>Mh` z4yV*Jc%QV=TNco zC7#*7YCoRMd7mkatnl@YS4?mS$59AAFdaqL*#wnPAU{lr@9graz4<;l0x&|i0hj&e zB*63#mp&PP^yG;Mi$3d16t}rR+PQn?@EL*a;3H);B1ya(ADd_%LZL8n#C(}oCuw>b z3-izrmuu?isT3|Y6f;5w!p$L?xZ0@9O%tl?i6QX_8jkD(WV?)1=TxD>LR)?f;l<l!@mDQDJ2g&&y9gxEB9sA~x zbdFKecpVHr65+5T35$dy10kI_it3c8eBR*SAJj)ZE)uE*z}>`Mh1Hzl_b3VNdmwja z`Ye2b-l7~dDw+(XyCSw9I!-*s6>*>VNT#ls!mJ}5O&zSJl$XmFcp!Obad=wQcD>c& ziqY*bP}#$*?|<@8Ox%~Be?%xcS&ewJclY#c8-#q*HnvKtIKjbzv`cg7Zqx0WJm#k? zh`mIx7qsQAoLy_I-2nQ!)R^aA&)<23o7OD-nsW?S{;v|q=q^m;B=fa?2 zQNRlNthd!;kFtO03?!KUX}Mb*DhTi`?d}>dl`m~BF`@F8Kd@3wyn|Sv+#TfOlG%eE ztLC%rP!16nL&KSz6t6RE28s$-jxM6AJs!uZISlWWpUw@{^mOIyKd{zyN%mfg!IiMe z8<~>f77(%!?Q1bUr@W4Jv}qECA3~QLC>++l&7`WFc7BhIatUk`IRNznWh^$Wnc!Y3 zq)|ByVwb}ZL4;MhQh_FNR-HN2CX-fo2U`L#%f~^6ftM$}b^G^f*1o?d{;&U(z5f)D zsSEQM4N3qgAsK1=i%0LYHfZSRzzcv%uH)?N%-#;a?;DjY%+$HE*Gj15@)#XKmS&C#m-YGE|jG0 z(o*>UY5`zRp#Vh_p~s1`|CY-6^i~l4WNm#tsgFiF4dLY)>}~W`YqEz?dGTwI+HrcUR0p!t<7e-Rgsb!6#gWf7KQWAWXar~Y8v~OHyrr|UC&JcABSbD6`{tbDl z5@a!++Js4F483)12uL@})uaP&{!`QIqWo6buT04I3^tG}cRB?Kvu5+s(?36JDj~-k z!0JRX@M%XmqPS}jJZMerT;Oki{YZ0Sd5a%P|8}1-LHu(uKbWpbYqjF8W70Q=9%Nu! zwT)_z48TK5Z!%%NN@I-oYKf5y$%#4EAGz@3iaz-ER#olGcUKPfVOf#jw=%T}DWaKL zp7(O9D(K8E?)7lP#7xNQ^{a3+<1t)+%6R6luQ;;d6yn?MFHPZ7z2bCHRv%QIBPNOB zR_=ySsug#0)xj87G}1qu_!>OB{l8F>*TMHA-}ET)H?wy^%3gUJ8X9_8ySnb?GDc}< zE@cgWv)eYho_cSvas21kX=%1=ljE=N`QB%`#Rjs`?NE`Lng5mb=voa5zzNrf^dMt= z-kZ@RZOzOU&jcT5LIluHH~OFM!v6jhsAM++8jGw!$NEp|h!7exjxT7=B57BGLX`$F zd%w?P=XF^Duu9E)1(kOj)zi~dj84S?g(R@S_2h(vCi(wlxI+FoSsQK*1RFi~S6QrH>jXK|)^8*9g|9=*(8ZXq_r(*h+-1lRL9)igOYQ+ivYA&${9! z?ou$VzS!4mi}lSoP4_x1|M&|aF;5z5(q*E_^M0QiZGfkx zPt8qRK(|RVU$Nc77dfa(Z~oB-@PnO%tIALlo&67Mgnh9!PG5kMM@KgaK%k1z#|r?d zc#xoDP{OVlAm+ICX2Gm{Y&2Ki*PBc&mB3ek+;;O^n9mhrA~}E*0!T!E{^8oI>1FW% z!nm7exW|PHz~swpLPA5@#8j#j;H{!+>cKXE2cv!}C!qI$;xz!@YNTmHCV}O?gJ@$J zdi)b@N+kk5Mu8*Ym2WfufE8mkT@hz$_R1#V&#%uy z63}`Ku+}#UTxl3ia40#fEN`al&LuHP&% z7-IlolTXh#A;y^UeAoPgs3iKe*rM_D9@!J0Ym@iILW<`bMY+8K#>0=cdv8HGm4Z}G zOi-;q3=?cq0C0S2I{X0DU7oojl@~GfEb%x(c~Nn~m?P(`-|}LLo>^3K^rMrl0&1iD zX9Prn+15h63DzxLyUgYwe2-k>I1BE%q zxi{UBVxEZeRJHeQ&$~V;r}(4znv4MPiCuE% zab1x%LhoIHN-QE0@&I(N`O_u%04<_{hM=jIx+_IbWNsCw>R5OW1kGf$Ly~~}r~G=K zuI5paFZSJTlKdf#{R<60cKm=}$&6$Kn;c=R9+1ddcmy=pZlhoUF{9w%Bc%Q#LeN(@ zuMbYT;0^bc{zj?{TPVaoo-&YUu{_}{^igvBg^x;q7(qBzuOfwAy-APd8m@&=#Gnij z74ocyyGfpa$y7%gMRf{*!lZ&hvQyUT8ba7K(o+x`_aP)i_?YaXwiVt}fwx2dksv(A zrm%v{x%Z43&D5FfHPmk&qE;qK+0AkVk7XaYPge<&#>q&pgbnMpYoMYJZ0}>G8*F-? zSonSQ1Mk0sgX*O>0l_G2ccz`HF!7Dc%*S%-C8j}Iignkyrp9gWKa@cFJkN8cAD$6z z_$m{kh1EbVb|se{Ans&uwZtlI1%LoE+ZW&Q(})v|6axddp)83XUy5!C1>2T?zA`Q5 zT4{?sMsrgLkllW@J*EcNTKSlDgXuc45-T~UjRz-iPcAv1&<`i z#2@9G{)e(}55=njhKqjD`oF&vQm}RFeB6EK;l{KK{ub@5JbQ2tX$&t91aC&d9j9nl zDVHghu)}auc*PEf$^;^1=P#-gF`X=oLvZLt4g%@vk;1H%5nk>Baz`NY^F=KJj#QbI zrBDqvINVd5kivokXQsEI>H&Wl4l#hAi>K=iTc6EDJ?J$9pq7`W|NY~D4G z;ZV4I$rHhDDp`#EYkreuz^yThk@VDGDjka62&dqH7L=|Ohbwebdpvlg%QPi&*I7;F zQn|0AFTb=cv4N$+nEIIH?#NDi5Uw8ps%aV%S7ZYG@{to=rE{@{FvdyiAMi@qD&vN5 zvTkGdSS~g{K_}WF=+YC+&wU*P59Ir;9@i<>8@q4v$=M`xpKs^K7tEG}S#;Ugs4b#6 ztXQGpq@oR&xptRL0!Cd36H&E=Rex(=>i|$TtOr+}b#F23qD9k0H9zF~%p99si^W$| zX&C@ibn%}2$hL@pz(YHds{kw6Tg1brl`U#h#R!m~S;MfO3!D$at3loTc?NchWlJczZ-0M>*&X)FXIwGetSy4#)h>fhS@R49r2)69h8joxtgl zkQ&83wQnjS<${%8g2s5!5!;X-bQRrMLSK%IkF{UIpU2v}<;5aaIJ%REQEg|@-x2fi zu<#_|qO+spJ+fFav?hlfB&r^GNB##0sqM7dr(`e23^3AIJW-lj)-`3vcUcoscQG} zV9A_3_S69tt!R|7V!kXFnm|1vSK!*p5dW9u$*SC7Te^g}{a_CM(FOwr6`+CT@$bwl;+1~GpOAL~;~~e>Em$p*?Yb=!B@+-wU)E&*??;5^E~ny!dVT%Y>K) z_5*?{2#OmfiOS-=iw!u;Q)RZ4M@65+t4Hs+Vs#D`Lem*U`i5GEH6Oq3a#)DVDald_ zx&8?N{mzxtJ$7}OklKT873t)vaNg~*>S{MlV5_?TYLDlBQOkO})qv}UEX6#T3stI~ z#L~OdxSkhB48CVvRj8)lIiPdD!0MjYIynW}<>uJZWzO&8Ku30bQ@}e*80hBKQH(V&mgJo3Q)Q6*hgSLte8fj9u&ndx5r*y|5_<^C#i^}rwn6rQXt zNyb3Aj%_C%f_6q#YjytI2OZ9<2DC~4D#m!~iZ}1K9`d7!g4i-hRJwk=Jzdd^oNnX~O13F_&$3GUtPI8@3i%`xlJpU3{1t{45)s9yR;tIK+mSeCBkG+30J_r zsM*&2$7t^rj!)PTI)$1|HVf4<5trwNJoCvqkWUFCXH#d#665uNKZmHP`{Jf05>M`h zL^`ZVvIxcXxMpzQuR%eShBj0YBiJz4wYe*IHwaIR<~`*)nTq zm?%p94ezJqvp1%2t+O8~Ue2#vreO+Fo)N6IYa7PGaS~`FzG5dcJzi$|B1U6Jp@e+W zQ{l=#Wv1x1TSLzm{uS{PUbWEr4mKuxkYZiST^6~bKC1=RsJ6)1ggT@ zZ`%nTJGMfWiuTru2tA8()6}r@Tf_#^7^lfr*_2pc4fgB6uvQkjO=@dB3~%f|3ZY#A?FDCPHX3XT}q~0!ceXS6G!y0jX+L zi|m5)x7c@#DbcnWox54asaLK&&VFY8%&W?wl~m*dj6a<60VMLUp@(;L-Row2eubn` z-{D-2_0=C5g)H}7cG|O5I}i(~u{=@$H50Bee;L*BeW)R|;;g`ECkIL{HG`xuf5s1mFwIz#UxXqv2e$NZhX zyE0_{?Q9cv&Zt-?hfF5tkgsD}F>4PPS}eX0g@XO6RXn|h}4+`P!EC) z;K8Z|L9~g43O|l*1OnH}U=>99Pf$}KX5_2VID!{gT*=ZD5B4B$5#>nIMM}StgH0`S zZ$Dpc<91pDd{U-a7PZ%?{+{qP7Z$xiYOe?bxj{E`P?oCb>G`-Y0ZVKZMP;9t)IrO! zWRC>}GOpcLqnSN$xZ2JuoA>3D0D5T#LP(VYx~=}mOV5(KPxT-*wgsyB(%@g=3QDKx z&54bo`N-{=07oNsZin6S60kH}fz#2@s5wR~3rO9>!rD#pP(HIMwQYOe^|=9=;&S;v zB5HmG((T~dXg-E-1!m836>}PSE$6Gh&gQt-M}4>KxGfp3__<>2WF?ZWnV~2rXRQt@ z1x3L=jP#4~Fz7Ply)OPM`%C@3g0SdrqOzohMKZLjAO1HE1B&AHnB1Zq)$ z)uV2+_mnK(%{mozvb9iy^QPex0W4^LL=O@j@HSll_G630tY4+hRL`DmJHAv7SDY6M zXNR}qLMfgzQG@5mS*G{kDE{5t@iJ*p2(cXzo#4D#FOb;L6j)68)sm;%B9LKr*LJD?HB5u~_O9V=1WxT70fROlsyr!nR z3fMRXYgCvjPe~aAf?9w;<=bK)vvYB_HB_Vs_O+-~GRYs=`|rV*1$zpaUyKs@JnOAb z02@ej$3uqX4DgS(p2FD>0V<@FC5zZ+ECBggMb~pu&3J-mJwn)YqEKtD-{ilGcaqC# zYSLLX-fRW{_$YR~P|Ix;2)xhor}h9kA7a6{mRW{bZX3s*8_*P*&B)AL{|6Y?>Od(Y z0ql4`ChzBkU_&jNpWjmqAgNSmb1+-6#c4imJpk%7YuZ{6N$Ef|W{UowUcN+f2S=XM zLGGh&@VJdn`(;CwxjIdcC(2dBJmXef=A zyfREkecoS2EPcOJ>TKIwuLPB$dN~s)Rj1OB=S<}(|9dvlwyOjkJ_82ClpUZZk3eI2 zp!dHCu7nQ@5+;!V&?-;^Dd~VT&s*`I!NHQ?$BUMR#>E_*0n316d z^m2S%PtC&h105X?87Oq&wQ7BShNb^`h7eq6BXXU?UZovqvlF<)jPxhRfu5dRM)J+g z5(i7rzsf<)yWmV;0DO=-x5!UF+t{3J0jsSc&K?4gRx^C7R^mx#U!Z@jTvvyRg0dMb zmIgZa2~>V8fjPF?l@DEt6g0NaD@!mx{I3n>KHkX08aM$00dM70Rj-=>EPQS{S9##u zJUs9Rdo+&9UI^AG-Y8bItN+`7!|U)2aXXY%4{-i@ISqnsXpP<0;bNo5oh*eEz{kb* z5{HqIW3;{sbxl480X$gz5KwD=&Xfw!?LgvDM;t%|@ERHz(9#@)NN@X>rz59C2+SB! z*_)$-sR`bjmgg#X%r$&LX-w|SjrSm`Q~&Hv0&kxpcqh9)fdq-4fx}M6;Icn1j;nfe0qg+0bS#+%3|))FJg#wNLMVq{|`3d-&tvlsMV__^q{YoI-uVD&cdAa zIe7iAo!7+I*cK!l9Gv8G0Qlg7MdjQqd5kFo`xO&5w8W>iE-SS#BI4@>=#J9adJeAV z;(UEjRc}~gV_}*QC?F^(*p!@{d=D0(CTb>EKpqeT0!**o*YyLLy{K-<*fg)$uJ8V4!HtR$AN{ z!2{PZYD#A+dwn<{C1iBM94^z1+sDBAU(g(Q?(eS%B`ZpdFTmPZCJK&AbDJ9*3$gwQ zK#2wUHxL~XP-6jU#iYj%U&=+mv{6s$LWmzg0^5Yt_vBXxwR?qk99E0&!ml<> z!QFmP*@Hl%`Qeb|?0?IBo@3SRfAWLodK9@|pT8(G(AT$@+WzhNKH2}>XFJiwUZ_#R zG2y?)e+vbTFXsqHAH@2B3R?Dd1?av!cMuP>65+ov+O7NCp~WZW+y8ZFO9*&D$`sga zpF4;Be?I&F(>a@D#kwuN2pt_AI##pgJKkWu^N9H!`TQ99fHo)KQRZ6FuXUcOX+4>6 zi0ipMJDyNRSu`Pjx<%}S7G!y;_0`zEbSRsH0u1S25-`PcNgONHzA(cAg$EB?JG-O) zo*o+U6}jgCKIJc?mcHnE#LKlA;??a4Yy|$c_+{QjWUyRh?-?Ec9XTCKWIw&n58N2e zM)d#0dB*@ssXaI<@bN)^T?l}Vz9=pmDE*1`i`(f?2gveYDZk?dnh|2@(%a_9N_~S` z8#hKp;tvH?alkT8tf%vpTA5=3kzM=B>ACQj5P4Ece8O;#Ox^7Bx9_d9F_QA zUc$n|!-r4iDsHucLS8Q|apC8gYl02cfc>trEaUMTs-cZ5wunadbn*@gk z0!X9k{|!z67#ud%AL!KFSnsdBE(hVDdB20#I5SXxzW}EAHQRU z1@n}48Ymi&Km7gyJL8S=KAr6EGNP}9{LfLrpE$WaPM&^N9%_zbeU`RcL>My*SK0T* z95qc&NAt+YGkaTGQ;bYZ)}P74#004m^=Y@OaeGg9Rnzh~x58ebKu7NNcZ~A9Kcu5L zCjf6pZH~9I#7inef4lc-fGZ`fM)yCS#VZ-E-d)! zvJtQvb)NAzadKDj86F;Hfq{YHjxk*i|MMry|+AZfg92ral4Se>4<4l14CjZ+Z~`mkv>8G+u{``M zVIN1~&EEMMyR`#1oGw1v?N5r$*RUxa#DpScpBwr$a7?()6oCV80@^{~e@}v(FHnzf z;%tv&|H`?t+_gwiK(K2sn^K(^JZ_v+&nY>4iXm44^u4mcYdQG&XH!yC;nzR>Kp)y* zF(O+j4~q+(L|1=Tt9ndH!{o4N-_e^-LAFv zc6L;Q`UgwfDPeeG#s{HyLRC?$+s|=4rm4v*_xSiY@c!XpjM6uG)*rNwG6HsGWrY*` zNjBj7_lIY0A2;^j1VbH*dVK7}5VDz~*Tm_Bz+sigPsZ7KU$tv!=wAJ2)si#{^md|x zHX>PIt71yK?g?=C2$O&hEfko__B;TO5v{%?POCignbNEVkGo2ldT_7nVpwp9x>kC*(7N8!kLu{bhyJ}IWwcYfS{;gmt@>; zM~XxgO59;!(%aq~O)ZOI3LZ8uU#%>=7u3nKy&mp+9&g;&A0799CG)ynUV=SsD>#9$ zmg_WmQh3-91uYl@o8T{+bCO@cI{{3M|G}rgBCPGDk5${ODS-p~d@MMwl7nR;xT^6(ePJ4EX*7s{r zg-oP-e#>^FDyK!VeN&*miFqo0O4qFO6qdkkx+}l<(+(Ct%E#W_H>(n3iRT8ie@!|F{4nzEL-gQrW4J z@kQNRgq6LEOBj;3_TRFcS6~$i^tr^7z6dwJ2D3Hl9yc)DVY&0dY;|jk@!M#&bX4jc z%Qny+-CYD*ej>}s{292#cJXR)kWloNuZ)Q)=qNqj)IJb-!iPqr=yoI|I71yM>~Q z(rpsaaOxIwJ!4;OqmJ~d`?nEB!to?w)JZCuc($GbTYfsW$1s=IV|@rAr;O**gAt$L(S__5hp+LQH?%)_@lw69O-j#zzmVV7S=9);v(5+1h};9S08DM9TL8J~fxI z;vX+Xa5frq0Cb~k!7Z!*j6U;hPkQ|z(nJ59zWajxW9yRb+NN|*sTZ;7`qYb-RU?SBTpPPx~7-fbKms9$`%aZ||tv?5k#e=zGnqh1l@&gNDg z<5Bvfe2-N^CYjHynVODHDlCPEf~(A!UAwS^^-bToQ(Vtx?AgW&50`Yqoa25RiceAB zwctXgN}$U67`u*mV57nMa-}i~^rQk$Uj_4U&-qTKs}OatuJxb?3FymF#nP(8{r(&* z0gfJqC#xN$dTj_RK}rE=FIT2D1gOmta@KD{lUV-RiSCRQ9%$KKf7sTnbN#$%eqT?t zSSK3LL`wedgA#{N}FJC-5%pz)Tn8LdgebuS=kX$w$Ot zt{NP}y1O0DwirTgg{eizVpG_!Ua#rsb&-K>OP6qL5|Ugg=UAZgA%SI)Vz2R0X10l| z*O}q?Uds7j5)Q4B0MZQsk6s~;Gi7)()J^6#G?BqV$CAv-(UgXkZ;q@XP&U@~U2yMe zuCSEzOwX8c*3sV`g{SWyN_T^$OSdTkL-2<`6HFF<__OHQRd4x9NpUmefbq(>Q6=ts ze)JjcQ(U@w?8f)_x?b5PA|{W8>mH&TmnFfSaj$&C-d`;OYFEqgDV^edmVO%z8)p4` zqO;I1i`3^9!`CyXmp>MxpvoVpxA$*1yvujE<~3O}jf?F~X2hrl zJ(un=r^^r6g)T|&g*iN+Dv#^}0~LPM{meyXJa;iX8cm@tMV6rwrz`pLk*3`athgR@ zm|uJ7?mYR)`H%SDOB#p8G!5#+tVD11&7tzMFwJHuE9Pny=%1_DzS7DiAr5a9g`_+? zc7a_BIndVU&^-f|(qdsmT%c%&0>tS!q*!Ov?fNSHEPH&YrsWa_tC@#x4#rDwY8rv9 z{UC$WnJD;Ev5em=R;oJqwa(woRZEn#_qa8|x&{AB_2H1{>^7%Br!Uf@sk?x1YGdI< zI7>g}cGPBFNj!-m<=j%W&0A(c#V_kX!(ib0kq_`vJXgNeTuUxfE(+ zpPhv~YHb8XZ6rf37HTI-J=WBB*lbOId%AhNw4bfA(qRTGq8UJLTx5U$%nE(plgYkk z^1Q$P2hwY~9ANo7a{t{HG~I&(1LetWCyb(UFjZqQ@MlKiiH%LOia{uF6;BH*k`Nd$ z4n0A?h6sl9Mv128jg9&{HKg#M z7(#TgG6)IMi{4C_n%Bt!x+pBx_2r(qsr^Yz!^p4G21%(KM5S2C#y=JZgb+?ES03Fe zzwxY=Fy+zE-mHJh-M`tTShIo2wvBTaq{294;0=`FNQW~V849B(6wjGD!ox?zczheX zTNT-$!x)dYGsY#jHJ)Ji>UfvX)+#%M#mEFRSFX|@$EC0&7tu<#N)Q`7B4(CO{8W}+ zN}j@UWIaM}{^_2N@aW%zBoS=yaGT%p)aa5pE}FF%L{{Db93%PCXSWK4ga2%AdihyA z3`uA1A7sX;AmjOuXF=BvKU@^S-W4td;5^+Meev&}ZMII=#nnpmze}a^sDbm(y9Abn z8Pu<@tzd|6qxW_sY%lL!#wzT;jX`~K-2P2bUUBnNxo*#%v^7Zv?ix{^`ORcL6bD7^ zMRpn54mq;W7)EDG#7cxcHtKXbSr}A=gsaC2QV*Wz{3luqU-`9F=auYHY?^ z!Dsc|yW@&Wmb(J&)4ebY7Ml%(8kevobXnex6SH zhQGV|6Hdr0OT_mcPUA)IIb&lq8a_p#&o3|RKVE^1zF=|jxCGpjyA!uV`N5z^slC`d zfnIs)AR2~y+-YnylRPFKOVs@wOx5}vodRqbodND*>0PYAAk6STLij-l)w8<2brP|V!*^gTE3DutN7nkk1 zf4=HRK~L`UoSiawsQ=gn9&|<^Uip{>{a`{y+lt^l*t5k(Fmi~`EmCX@JH17qq8P(U zhr{?5KFoD_E|pr>?%xGth0l`7IS|shRzY`O_#if-F&X3(8}BoyLaxAmB0}mSc{n)2 zWxedpbJC8z+4=042)1X`;L5>rkqdU)^adqYe(Z~xmc(jW>7G&E7!fRY|426;5zCO5 zSt}JK6ZWrXd74X_7H_``$H@@WE2>yAH=H|P zW084o$8KoyPeh@~!FcB4fT|~swJIj}w*CdbickRE?YMu{gU2Idjl)?s)-A_x3&n)X znJ?n;e10zI?Q%;x)Zu;e86Jkmts7BSCqlNX-GbuL94UtNSA07Pb-wivGhb@97P)&A z3bk+N>P4US@BCl64#K3MVr#tn#7g)nQ{7#Kh=@p&50nk*Ts~{WyH6EdfN&*nDz6K& z87i`=JU8>nTy~YzY4RN&lr*sRNL>GB@}tM|HMMV@8tyQO5dTFUggi-3xT-BC@Th*^ z*P6{`AVGo{?u5KNRa%(JbhEajW`ZGLeM2A37(c)gfROH;VTG8Ivd0%e9lXeVIE|@z z+0#n39;)B;6k0_E6%6G4?6_Pku+_!582^>{HYuW{F-3}krj^Nf-G6w&ac6U6OVcikbquJ~8M_f0t3T-EvT|i{BBw`K0m@5>h zf0`Qxj#}TwGHcdGcIE|Zn;vV|)neF4QW~YTtzGpr1rZs0e#sOO9N%=7Xbz@vS@1C7 z2pA7U-LRNEvcN$fw%p06!-=8>%)Us>2^vUE6D+1&QK3Z#roE@D&?t`_T1;cK3pnSv z;@6@TNOU};@OrFNX;f3%wgKru+<<6?6CQqArnub+vzG7_JFa=5F77P%=>hih8RDM-KYm3J(5) zpnG_ITAlZU=(|FeNcd8~ zc%wJA)Otlot->_cu1E!tz_I{Ac(l@@J@j!A7V31l9m3>xM%V08rd4d$EM6jtSZo8I zB7dOc=xTv+fBuJ#h<(^U_%l4zYS3Ahq(5@ZSsCdYx5vKh4)eFdeuC+ReVDw(ZKE3J z!+f4!6!FRTYZ3W6jh`+buN&&;4buBP{{@yw*NJYm1llHig4w|oTw0AH+`U}>VKuDs%OVE!$g5ODd*?Ln z;~QBHH>>>9tE|3LbHB>3YrJ}T8@uIfcXsL=$V~CN<7G?!#cZ_p^vr@?un0U*??E5> zwB8z2FK$IX{#$Fy8;3Dl?A=S}4uqGN+ta+Vkk@Yw3f=4>#Jdk?*EG=%10=Pb+N45{ z-smc_(}=WuoEeUe!x>gQ7gXkh(E*d%l-&C;UX(m!JH8+?L!$nA%L!Xy7y-0|WP5+1 zP6Y**fet_eai<%7eITAnzo`TXM9C8U4sxYc`t;}uDVG|@hg!7VQTcsu1BXdMfk0la z6jR=J(O)d00!chS-E#h;ow40wUyS=J5GYsH^)r_3&bje{r`g-?^G#_8A?e1CAvkV1~MSrnO}C)vMom#k2Gmz8fWW-GSFaqO?CA^ejh875C9L2KU|H%E3x{&cle zTFh+@fzlr$(ZZ^K;El5V;=RrXGFJQ_L0MZ@)Y(S^XeBtCU+fj~+9b zeqXIZxrbZ0&pJ8_N=;66;Rr4PWs)Mh=Q`o2H}ma6mi)plI7rgZT&`K#Wy=C^Sjrah z&|PL?2!QEQ)}Xfp1|DbYieQb~6SbBmCfZ}6hzQli6Nk9zXrdH+Qm zUF+QXVrOit3Fi>tJMkFA(D_)Rb`1gJg-v>evZ$?oFL7k3UE{4hi(%~)&kq;la{;vq z-GGE23bFqrciFz7Z<}jBn+XJsPfQSSa0b16@76d+SB7{Mm79_DF7`mP*#GhHmSFpQZ|X=6 zumDJd=z?T~%(5@QxO!jFHlL7z=n3URaAjlFt2q*ldLMB7d$)Af^=6=B>`oXN)& z+pde2RyXO*>QkYtz7o5!o>1Rn&y=!MFN#ww#+m;u=+6s1V$iX8g>)R)O;Wqb5Q2Kt zp_uhk!aA565q&kc zRxqw@YMp_Lw|5n_*}c=U&eY^U|1Y}XmOUY%7nc|ov$eu`_0xmN1K6b|zj2(ieOS*! z4AI)ChT`SN-iWCBXL^w==J-Lh3_aaSMeJ_2W*xYsgnZd@c}>OMnLv(J?_!*XPOH^I z>nGXdzJ?y|P3W1OD+^M)rW-!Y|9xAKgpHy>uc>P1d z=WwB}?-|A&s0`2J)w$+bY(KsnX1_CBUa5B9$h(2-*T!}JCdn4yYG0GDjC%3jF@c@U7!UE~_~iHC_!rh|Xe7%4X94^0Ynzh=b1x6Wa|8Te zYS+3?j7t+X%Hi1SBS1$I6ya00|Hjx)6;o4JONi5`7y2q;n9>DzqD6u8fcT!zA8AKU z*$!w#`PZ>HD%81gKH`)+_g8joDA1tX%E~MNZU^Oh`wlLc=7#Z-l8yDnva1JF?|TMIdW zC%+PhfhUGf`J`?-DS4WD& z;z4DF24CP6p0Q&TD2+kZ-g|6m7;uefs5T*p)GAyac`We6X^9L6`2eqK7x?cEcyzc8 zO0R#YgAe{?KkcN&v9GuJ@+wCbH0)1VRIoYxf?&p@LHXznTkl*qGqaIF1SVUpcSGkKPJ34r1N-j@FVVBE{00Ih9Dw`ce% z27QT7PHv$253Ki{?}|JmOu&_1sjv9w>IhQn*Gx@{rJ#y+-xG+c4pJ~;EU#AJjra%zpyl4K_#v0Fgk!S?g>v+Boxm8_2& zkHKREG60~(B&6xAmUr??MD>^Iw=o0Q6tBVTp^Vo~4tZT|yYbVo{}(fU_;6KVb~?7* z@QuW$JQ3yt&QFHltgWpj;fa?XeNB!G3cY=0`q|F{xL4uq>-C6c1KZ`Brv!|b8a)(h z?Y~v60(mJ>KnI}#=yx1|Q|=4>v~}E1KJP5lRq+5v>XBER*;Atb6yk$D?+!RKmVg3s z1YqTJawt>o@&avxsQ-unxQq;7r3!MK0|<8{0PwqkbH{tY2(ekjoxAryQ;+t9T!6) zBuUw`fgwf{q0bZ0r^SkAm(+P}|H`d%HHQ}@NJf~m##hbK?JjneZvcw)4&3t;Fvfbo z`HTvj{v(f%t4{WK; znurT9;@JSq5?`2!CND3*26iJiAsO2Pq!hg`18{a7ST|rT9?g{HC>3ch zI43g|^WPr}Bcq|=^dT+OyOg2fF$sW@F3M*uk{!eVx{LbrQOTFL4%f$eJHQhQ9~Xh1 z-?%rX=U%hQQmX~~dt`|5KcF6vjS0Fs65uaAGiAoogrFWOUI~Qto@naO_`NY%{#Zca z=mvS0bwHP4P7ERDo-CJra*ZU*YWb?nYj5=i@-?c$JoH8WfH^AxcrY7aCb5$=fn;=2EqFyf z(5e*1fNEvYV=P!va7tpc6X2(oPNX#Iiwkw+-)XA5JCG|i9wMo+Uh!3ftp43fXDX)58$n zSK!dYA>h~2(Zp^x*)5F8O9>t)kNH|t*x#9vY6=bu? zt>mJ|mDbyP3^KBi;43Da6RP^tUfNeUIEEntv^?JcJ&|g?@59zm8fPax0zCp#grGCF zK}+34z8dRWx;>EZivyzKy`U+&Au15eblrL9di6^4Z)nPkUO?F-6XZz{2%7FsC0no< zl=EVc_gdiubR=Tl>uEm$orlgJ2p^t#PMtrfEyn-KXM5b10iOssrDm)m7>KU#DnV_4 zp7}(e3jFkMes9z>R9!h804^sJKuE{C?wn(X-GLJL*L;D(x<}1gdvR4C9Zj*V>#i5U zf7}d*@G-yPE#QS=KZ25|31?zwf^anS*9yv$}| z__j0~ST?-txDrd=ktd)=lBwO`+F9LY2lq+u*dXLIlca4DmRL7*$~o*9&mDxMPC^78 zh^0wjAi~kh2wzcTM&#npD+GLY@WkcCyLVukprykyZ3}%QUmndA$A&ZhB4`$3FZ2cm zQn+FV8CLX4bzVg_h++Lw-fY*(i+4~Cq;wUr54(p<9FLa;#}IenzR)wi_RvihKsZ=| zf04QKXK$M4BAVH?b_rHz7uMbz%O1{@UMt_#2SX(sBfZU)R;@Hskx_^VpVa}@DxbI! z+hmBqkQn0VP71O1j@yGs^BH5Dbe|9q)3|f0_Bn=QXp=eZgzrsdWdI%MO%R;?fd{13J*s>Q zBQi?VwlVF$!8wP89ViC+!n{}=(*c;ImJDSfI(NKynF6mF?FUQ?|60)hapUCInJ}x`c|lIBv!u~_$Rfo?ozRL+s5Fmmu=pbqc6}Gh5q9x zOhxQ8L?lk{^d-4;h$LDCTw5lAdEhk-7g896d;DvL^In5&r53SMi~mH%rFMyUd%Z7y z$hp&-WwYn>^0QMoM(P_LF>egr04Kzv2xUCR#Ij8Yt=VAy5w5p(jqL_f5W#RtO_d*p zS?tAO?Vw3~u~cEWba$e18rT?nDg5reAw95z!LfH=J*sdV%?5qitAX+Ck#z(De~#5) zDiiB{Z&s6HDlBw$`or;RCn*;lcj>Exrg-KZVa=hDlNZpqk)QJ081~22Sn41R$#Aw# zGK8vY_?=eGpjdz!I)$y@u6PcR2kvNMRgx62NDvGOE2Xz-Behl^ljt7Xk>2s|e{bOB z(ZfVXXO~^~p$Kv3A;MdOgjG}_7Qqzz2+H8$-^qK!0U?fBvHj+YI42}f%}6E?S

    z98ukZ65pmdPSP#u41UIl)r2MU&|Nn6T0AM@_ zgD7+}S)^lCFTd^ASV%&=IiSU_W|w;Cgb3YdbUPd1OgY0*W`R{nFZM!2Dr+n2y7o3* z{&u|Fg5b>SgRzGd9=3sQpb2?TBE`K8AwQhN*ERQv^p%nF6c+I)@Rb=S*m>Qf1mcV# zv?LOZmW}QF25dnrO-3`3znxV4g+0j?D1{}yw2qMZCC99bNP%fE4??_k z|JITsL?kjzbSv25<=wY7TO%!m-o^+9#H!8F5Y=f^xwc1SGXH&bf8vw!WI0}47$#k! z@?brQ_r!P1Vo}Xs&w$=X(!)n{TVubEL5Rl;!&HPrGyeol2ua>wnqrN9uR=X;jiA1P z$bA;WUNLp9>kKEgy41pI{p^g_?92JnngPwMlf|$b3l1x_weBxw5mFCi8&eyhQ&<6V zNwfjBiM|+Lei0dTm{8;N!Lm3#z`!0PZBoDyr%y;A!TcTeaw}0t#%Ab#B<9%uL)dJ* zB-ze;c#A*t;GC83sh(lh5Az^MAv8T4`S3Y4>gA_6hfwGV#)!(SJ}H4mw&f*N&Dr)x zB8)P=5}R}8 z{o0Mpn^?dvXAf^>zwPZ_61(OMr| zgHgK;3Vf-X?KufeMzQ%vp-&y=f|IV57zomqo|X96C`ObsgN^= zF;-$GJ;^4KwW&4-Bt!(fd~{{^`WJ5am>(Q6)9tGC0W(bNv#Uob*e^YAtux_lJ`ybj z1O_${;o#VB6+Ls!^l*+PhJ*Ix#7}}pf~et(q?O)*Xdxk@N<{JkZRyvW`d7{p^DeLU z9ZuL%*_xeAG|_EjEk?b5nl&+bBEJ*_$B5e~bmgR0tiVBAi>8 z&?_3#CVhZm@y3lJZ7=^cnYKL+zr8FE%OP%$m5_>ebsotv@&UTnorh_mZ`;Ja1rgUo zF^j28VBCx-b5$*pFQAZAnUpo0a#c6B*AOBpph7q{- z)!F&F46tzLetSe~|3zt+@i9b(mPC`U9FmuZ3{_@~y8I44@un+?RlI!hpJ!QRh* z$H-F<&v`z-4{D)kHrXf=E!|T#kw9qx)E-4G`Ucs((w`@S%OF{0H>eEP=*p@q)3rt@ z>cfQBjQVel6IsNtULD*bu?$g?sAM$?KKkEFbB?4@Rm=MtNrv)WV?|@cslHNB_7Kn+YN+f`bJ0>n4QlYP@s!E z+%`vZAoPzB@i;T(i$_yct!XDsrlWiUNQz9%tBwcQ`j7sQ60dHO#n)Gf6#?5Hyg9>| zL|#!>AEN%WBzDzmeGiCv>DYokZCyhW7Z}kS%OzzBt0z3RvbW`>7FU9H11e>1ViTqC zYvr%v-7iz@@y>jRY(k>wt~!X46EBl!`z8+}7K;3VI$DWVs2%+J)Nm?s^pM5I*YP5Rrm~Odh}L}54lQSc@g8esys3T?=}WdpyIintrf%s z1hb&Pe0lIKzPgf6JK!NwpOjC=J(J!-|HE-);0v{yXf|{RDX5=n->1p$eaJ%DU`<r4^V-Vk)5h0K8TVK64>`89%(Zr7@k^A4iI#i5h z;Y`QbZM5?X(Q{8Zby+(1A&rVBFbpj*QWBr zCld*0^HzavCn-Pb@$vAgnQua6MAtXKWd6h=xbH%?A|Q2X?0n;HcBKUKOuYn5z})8B zBhT2xl|yh)M2kQo^z=LY@Hh5-t%TXKTq$R-f_vLze>7x_7?=W6 z$z89uE+h*=HnUjw3Xe3lTzQd2=iFKx+K9RHoUv(4!=n|&(+NyBqdjh`L@ag`J(DbL z5 zx8A=zi>BiEWl~vF(?}N&sEvYoR>$Fwrphd+yKC_m3`e6bSgbm}0yX}%IZ3~~EVTFN zNloh6?#EdtFVL+>DTxVqsX<;c?oZBOUrd&cL}(5Q{_&l&Irkq$Lj&26B@zJ9W!SD( ztXO~i5*QeWiHw4B`}RbA0!*G9*b?}ZMDo(X=r9{zQEIBQwp7$XhLw;vQ^LdruH6uk zZM=khP0SzX<8iScew8`qpXun27F{<^UK9^q7cQynQv4&BSrZZxl0q^37ZE$SF!Qkl zA2%Za)LUFur{+WdxTQ2;8ZJ?=Cf32J8H}mOUQIXQQhF6n@*k5-T)pGFdzn&;V}JOC zrh|$?wc0fJJgGzo!yT%5*oVW6*rb(hkTWEi3iZgc31t~ATq!Gc**an|EEJ9lx1eVH z!bsor;G#}q#Uz$mB&P(%CXo*9<_n*8ldz`_SL=SzxBE>^#f1<~oha1!N9MPB&XTj^ zMU)Wboi`L49i~}XM$KcLZe@pcIvZO?ep%grYBC3oo!+Tb-faw@lzj~kd)+89tsd=Z zmt_~7$Ko-Au$IN;a5$>vU3wmTWHfnNWYo4#VtYJIJUnwbn1mqqhO07>IdpGUuJK_f z-9D|H&bKN@b3`7kD!#@=667*RrRIqE@FI+PX!Uu7og;M|sRTey|<>%p<9~v6MG*Arw z5P^fz{sw@fNVzp1BkV)Wy0EeBz3~)qqg~^rR1Q(J@i7i4J1p(5x+4Ny0Kt>$p(yq{ z9Sv2t=@=~WD8F$(-dXW!=DwSIrG*a$nSS8h^~dVbU21XEkE}fxaw=0cpRS;H9+~x< zMC7l?DGe1+?yh_t^Dn%Bn8&9ZkD#HOpE6p{AhHO|D0wA8<+S;^4p)ZX80(tlOBj|R zr_>Kk45X&@*qI{kw-+U&rIzs6l@nJ7vPL~yOWbW;h4*$^5^RK26wpc5q(_((i{M)V zymSa7KA>;V@DfUfhADc4V)f~Ji<1}#&bQRhr=z+k}#z!!$@yF=Ip))VO zTFhY_iu*v;Lb1f@ZF|{jWU4=$vp2r1mYWv}vIDKdKl$SNoKug>Roy(k zSS`}SSV@JGiT+FfIa;Bn>~b1ZpPdF?VH&N(FYL{iGjY5MIdgLeha?YEN#$UcWPZuX zMVKA-Y2>1Eit;v={B<`&_1|6;j6O6B434d)XRwOMwECG9N$Irg$5szP+VZiM=>})nhY@J-8~YZ9Ha`OZlZ(pqiPeREfR~N8 zpz4;-d}zlho6mLU003B4W30&9#CAkK1aublXy3UHK#PghnAAq*rCE%ZNnZoNgqgSS zS6pmzC=%{IcE>0UTQyw7v6)W~6TLuft|ml0kV)m4IftRozZkmVO0N4fmpQaqw`{2; zI=Oh%^kg~sZR2q92@QR*od3pyW8Qx>ea-c4(km6m{rWBb+R(tn%I#p7_@0&hZx!*Gc^S`5d!a-2rYwg?seQQlo5ucw-<*1WQqf{o%;l zgqG{8$=*Ut1g;87r9y!RAB1`q<6hl*@i+{VJEgvn$S__GwO##NNkKvC?4K@E7f**> z3B-7K*GoYGixZy@qELRM^~SL*nzjHcgn-Yz+I*>T;l2&8Q*K@JO^5}W%Rg&J zj6mj7zMU-Q-EdNV%UJ}pk4({iyeBLp{1|*$i~=Zu!KVbpYXpVH_szH>v% zhL}T`0)jurS381@fPP+QamV|v_Z!}#XnmUlNlA3p`}{&y7$uor5MpgaC#Y@b&$_Dw zR5o}dZ%hRfIKpy50s>PqMFE zdZX-HSJSMOPN9ZC!VCA(fphvOz)W0#y63>Gu#VH&3%0qUw(A_N&d&|=vN{l+f5oY) zQ|EzgA_-2N5Tz3jy#lNcJ2Ije?w`2@64){ST05Jpb%rj4`BfNrFnZo>;FdM2KIO|U zV_M-E6MU`!)vRlG%}xMpn| z@k_cZi7|DftU3R1G@KO&*Kf`4F625Gxfk{?znyOqaaEgUx|duSM^6kyiw0gA)78!W z!N%Vvx?U^ahgy$2o9-9tM&U2V!W`pO5!)Y|KG<%5dU5pY^{6o-ai4*q?2DCe`^Y;1 zm7C&%)EwE-PV;NlA7{aF>}dSq<03QZEb5=;XEGj1MfF>9NswmK=tQumqwoNhlT_$T z@PCd0hh(#d*NvPhlLjv`nPUk1FelA(*7*yQE3+jt3Ns!vA9E(NbzdwkH6R~XKuDeG znd+IPo^JOTqpiK$cn-cpA@r#~ngITp{Rq(ML`kM;W;qZJ>GwA>to(;+NGg%6VWc20 zf$n)1->cOAvn$_5-Aq{3gr~#n8SMa0BdJ6NPh}Rk)y5`-WGk~2fV*-j}AT196OO-j53CJkm3Aj zw)4Acfu=_fF`eefq?j&GXx({7fnl8fX))vn7a!1jUVv0wzj(vlYC{0IBN*^eGLvKIbqzZ1v8{ z=dziPucy!Em}wTxf1#NwssvP`+7n#3N4iO?F&uearojC0Df`lMdvw)1M2gO_h{8ks zPMd&gA!&+w;3n?n(oqF2rGx1c(pxOV9j#sOm#(>`AJ|XELFG5>r&Y3+OJ0L6a$qF3~rMgchd%U z@4|aL03;ya$6cre3eUrUFJ{VV*rExel8>`u^TZ$F4*%knks1<>;g;d9_f@#{L_8ap zS67^}hs>u;NX)|rN$1F20$1B)rp98qNVe2}IFR{XD*W0!kA z%C_y`J}J`u`o(G-#_WG01jBniqzxekm{c4nLGNtFJz#nBPb!g3oW*$1Txe8NcsbwZ z^qdEz(6TW>vWa~dLZ;Sn0d0m1&<(|H+%(T^SPJvVZu`JGLG_vH+|u~QoP^f$Ve=sY z&3Fhk@CFdPPIeLQ^fh%8Qtx9Wy5X5xhkwW(2HHq}$caLZX`F7=th-!`Q7!{=9K7S7 zWz#y(1gjJ3Twv|@r!r9A+FrueSG&&dKXln4SgTJhpMZtbOmC*t=qv9iBg$TY17beb z<7RCt>KnRk%`-^a|5MeM2SVAsVUJ<#Av;;i5-LjxV;iXuMu^DXC?rePv9Bdr%f5{f zA-nAR+91V5+1F&>WnaHD{oeQc-tX@@&ok$_pXZ!&FV}V56{m&i6tXj1TFZw(%+G!l zmBt_(67sHzlu6^epmOA@@y-kzS&h~?{4 z1^2F%nveQL_et;;y)<4y!U?`(sZq++Y*sTjJ{sPQk9^Kx5k+(4yEU+CdpLG{kYl+M zKi=a@FRbzl@~OrLUexd#y`d2E%xn97ujV^gpD{~Mx~^~~m*8yJTtd~zfF!TWSWx7N z(a)P~L(sZju_Hg$oH+6p--+Je{L7a(>pCXCZte#JBIVvBk?YBDL?)e{p6V_Q6xJ!8 zPwp20k-biHqe{q4qSWvDGo|C1&a+>bW=f}pmsg zdx+rIm8zDFS#}L+q}cG+JA1e^^C%i1jXocN4hL}rB+h3b3JuQ9Ws=I5qQP_*wj;S^fiU>|!#<>Jpr zI4Osf$fVo)aT5|n9aJPFMl+Q-6q(jTJW=@gB6*f4G!5Vs40=FWf6z1gTD?&LF_pc+ z87R+Kyu}Pi+O}{SfV$khNG|zjE_2SU!bxTiv0+`JfUB7pg!HcaCEvqB<%x7mO8jb- zT0E<+Zq0JxWOX+4yWI!1Z=dF_E+4Z&f?B83(0rZIl~0toJ?6SPG&s>(1zV>Z`ddz` zTc4hG+uKMz3*96&Od3DbIJ$i*=V2NjZp{y*>Lk!bZ5((TrcY(A&%NiLv&+F#EtKaZ zPNl!!?Hp8;Vc-saKEj`dyXx9VdOLZ$A!at>ejU3OQ@r}aVm5~u@WR*S7d5517E9RL zUUom!R4n|1R?QjrZuTx?=@R}?WxZjmQ}&p_gxboHi15zE^lo)TDBPGWsNyAsNe zB@Z=Mc!s&Fdp~Ayx^zx34-d`A)qKwd$s+cP9$oyvzw;0TOx(%@7qz+!%Ju}PrO8b6 zjZZ}~L>+l@l^{BiYApcdtWFj$aPN))HKFIYu8fW}#ZT5# zV)wy1Gi8-y4|XnX3YKT^r|}9Fdrt8r(+|QljcA6FULlp!>ZZ^d1;7Ie=QpDG7TX}f z*J4WaH^rEj$V%|7X_1h(b$gpgqGt#yuS|dS31x>RvpToJ;gr_Xi}m->UK_r2$k`&F z-DAjAL|@FqcDZ5rIAjTc=Bc#OIxya0NjFbQ#UQL49|r&S46>hW?Kcu<+h^xRDkco?^=wZ z;L4w0evMQEhbl(PM}hM{`fG9d3q|t&RPu?sh&LOuyS^Z~KUh2|Hi zpY+IJo#~K$=h$sB&V1T|fTVg~F=qj_^lO^IYi}?6<4eNX`jR4c7;pagGa{U7=e+Ee zNHOlzpeU>@ofUIa`gOml)q}m7qg3Cqde_nIet3R|uKb|GSgec9rO2PP@pKI{R@YuP zHKk`EAimL%P{K3SM{C zZbk$V&ttR5C;mn|(^rYGXl~-9X!!E=U8-T_w^yQQ%zxQOMLy|tO0!*H=hbJeL)Spq z%gZQv?~68UzY}*HUwkd~b^K_I7XS7|#AALco=aSKh~ua9SDP~?khu*@k7tux`qKw5 zG&fh^TqBuH;cVtGg^eB}A$<$`EAoYV8?_Mp+5nMln4{zXjSo@m*tdQF!C0=R5oOzW z_A|ttOq#b1(_jFkDMgZARd9!i$!Niy8Y;Lx_C9h)^AX7pzJS~ufFs;(Pl(IILrTx% z7Hv#M2b&t?%d<3Z@f5c1#r!5`ubn$wjXD9m?jhS8_rq$Crkwyqw~(2S&CSj04Rr}4 zvY_C=^qOkHKz?RX(aRnU=Zd+7W~Cs#9E=!_5Zy%>SpA|~YqK?PZZwqpR7tM#*o+)I zlZ@v1bhP0Fu?YX{%RR08LuG;egpaQWekr6^?9-yz^K+dG3wN6!BD>%k@m5 z9jy4w#fa^_Nk0cj2jO@Lpnj9Ho7unDS)`;W7g+vn;-c2)et1c7T<2VuFQ?so?w2w< z5Abw&CwB#g^qPM0ydCDWot2S?`F^E_g9SD&7T?;pWtZ~8UKNcu=m4bM;RVF{o*}^8 z)w?fo&~$7AqIq#pU|_t5gJ^|S9->u*jvE`Z(eQ(rUYV%1RJBbbm)+{z^f+((H;m9V z@xu%|bn)LL_Cy`L!YY&ieS5FYRY=N7(@_9!H4cgy?tRqHv|&0WV3-hkYn+<1n8qKr9r#qRkUm!A!uMHvFAn zshPZ|)hB`qfNb^+K0eD=>FJXd;B{gqzF%5>DLf@lxlg$ejY%%BE(&pebnnr}Fg4nf zHd@8Ra0|u>ZV=QGuuhi6P`A#FyTAO0n03y@RD`dXtVx6!?l@)lY|eC~Ssk`lHni9F zDipOpyDmP;d&Fkd?PyAG(>7j6tYhT-D$2D|%X?Q;XlFK+rw8>${h3YqeZ1Nnc4p{> z@h$h%*S)UAt{xwuL{FUVnI{>)SV{{-rv45~Na3VWaaL4p`U)f<&PTOGCX7_j>oxB& zZ7|_WkqKnz6{`h<>j+`U4NJECpob-j&%w zgnI=3hP92%gWEN10ABSiD3w5}`6K5(5xQD4KDn4cWMA*?6)(_R=+!omD{82G_A`$I zh%3o59VKrg^>{o)=q})gYn*dDmLeVoG0e+c?|=sdw{gpGzm)LUvW)p0#xOqK(5tq} z8b2T-%<;U_mPYS)Y8<#rlCuf{y+lARI_ifB;#<60Ei$rV1T^eG>MENyl~&m#HKZ*d zD)r7|MWc{Ep3*sUE5l`T2t24crMR>ftvZ_vzWk%R^fTWo+@j}_h4;A&HyL~Cr>VK> zNqBjAN$nSC7qM)#R^$z*hs$$3NX#3QWgXQA=RxkC8*||mT1@64vyJv}>)imbqkU2@KLdWWS$!j#XPXHt)3kVoI zC1iZdwK%`ZY`l(79c+~md&}hCdq~^$FBSmE3I=3f>lvMHzE8tf!J;Evw-gz25O?9KLsWh<&dd@r>yh$eNDfrH~Y zP8lahQ(Q3z)J-OCv9AC}m3)3RS4HsDFCD;RnzA3Epa2vc(+m}K+{wtuD7z>yP6ZH5r`18Ok5!=(G8mrFEElZ9>s=J6Fc# z2R!HHHm)95GUKlqz6OLP*on_aox`{BVgLxDndEY-YCGLLR-+r+whXm4XLM#23VHJ@ zU^-L*ClwO)I2V8%+vZMy#w+`!!3v+AgADU<6ge>z!fN%MuJzSsXa<#|MQWcGwK|TN zQAaT(%}Gbz@wHXx@+$1y_zoGlg?D&95V)G7(+)SH8Tj3--=o4N`7HK3=j9>L+Sa(y z+mL`=o1?%^iQON$tv)gj(S*1F&gWD#(gsT@^C7gQR8r^QKW)M0MlFK97~ zeXcFJ;bijM!ouQd;e!H$@69}TpeZIcT#5>jk?jy}_BV0Ik#W>s;GQ@?_eO!(^k@D< zsbthj-39I${^#fL0A~B9+-`KBhGxYgJh(_(bg*pqJ-Z;H^|=3<`PtX&y{rz=`S#lk z_)puj)B;*3B&3Gdca{gGb|4+~q!{Te#%g8fshCZ%y#loX_T}Vt4%9E62Xhez^HUGs z1R{^m#P8!n{WL3ZB>KRg41ghZg{Mjm4k6J>JDA+@p%$;_givoN5xJlvLSR8GL9u5-tg-%`fDE(_O#{Lm ztSAm*MS%RANOAz$v)^@H%>9A4^Lyq?i) z8M5MNrgSCpZstdHX2ha>@mylJFU*}YXtl0%DPMjg)y~dx_W-~)&ow(i=0X_+3E(qB4#=13;?ma3i$nTG4|ysGbzj=MYJJZ=AgpAJ}S`6X5U$ zQzUs4(~iGsXlZH5DJhd<5SrE%K*vOvM*ypwNUb#_K5&r!SPHq>Ztg!!o5*)eMm)ab zBRd2lL^6^fcKo!^4K4-|%de+doLa#Rbd`5hqZ+0fn!}W0?PM++xb5>WL;;+D8~4NFiTG!4irJ}vMvK4Kd+vrG=3 zvY!PGab5CuBOjr<-jx-l*EXP#3KB3MK&Pv&2m`(MQXip04+0YXY3MiGS@9*UMG&@K zL336Hogl%NV*Hd|j_8XK9ql_OE{lCh_b=C9(l?Ro68!y*bHThBN&{fGkz%^cs+;X8 zf=A7)rcApj8;r65*2bkohDzAr+LfAe@-xcEbMA%NT1 zZ5;KGS`4%vrm@2u66X?mHnYJ{F%6dnbUo$NgZ(WSXAF5(!sSK6ySDUST+Milu97DI z0lhwPiSG-0nB+Aqg98Kuuh&}n(=0+#F5wVN1g!}seJ^?Ry5O|NH%{yqMW#`cZ-WhY z+IM+jeCTs;vD-scxiXy zia|*;-ry3dIMKdw>R7w(bBWy4|yfw zI%VMqJ4b!5wT)c6%!=ev8#@<+*F76*=iTQJF+O;Smy16|xWz;VD@jrACBO&B=4xHs zAhC${+FCI8M?G*(&nIi)T%aTEFlBF@_vgG}(cfUp%H{a0NYVeiE8YPM&5Yj=k-LSi zCpUR4_m#-v0ot3DZ1BAuI5NM@uW+|8w90S8crFGg0aX!=ku^{mlkRwF6>-9owTx5l zz+eG!GZ8O|2<;UcQ9Jf0`ew>QFAn5(+E+?1YT$(z?xc*RT(?3p{Msk5Bk+odR$>1b zp9w={3@*eC0h{(fzuQc_{+O8V}<-51m>yhZ>z~c{4_8F1F_BY0^Be@+;N`K=V(kNy%9_ z{-qm*r1x|g@Ht8QQQ$3@mQ~kh-)Wr0;5~1n`aJBZNm!v%qicF#q{G*QwrN&YF0Rwp zYaN>r2S9}?2PzKZ#IU0bPzKs7N%>-)W*)OlC{-P?>gvc1argDIvw&}#1KBRrdb=M> z$Y4R7s3FRrOU7ix!y~sHK6dS}x>_axtd~uh3X!!1Lp@V1sp|QgI9o&pU^QfOQks(9 zbVX&=RXP->_((M~gwjGFa)$cvNV+#ZPtD5v2lyyjTU02UJYNzl|7t3R0B3M65&32- z9oJ`8AXJ1x1e}N?qV@dw5y2kNTV3T(BO*4$55IbO-<>u^5aD^d6C|&VKuZ>6VNvI2 zT1H_H9+}E2w4uq|)UH|ZGnA|kS{VOO-oNOY>5Q}>0^2owExWjOUN1KSwZV^GwO+milHa*);tZtz>kBh|_E+jASo%*P@6e8Te1)kT5<$x)GAILeT*0s?xO1|I-8&g` zNaw~WrPNz}V6Kw0VO?6Iw#MB_DWF>7JH8^pS#avf&h5irO8ipnYMs?9$pw3Fw{ymW z0d)t?Qa!nINxkxmb9oLfhiqxP{wxFUm*p~L@H2#RIdHNSNuL`2;0*JS(&=5O& z7p-k=wq&HFcgG?)L@R9hfl>xRp6y9bUF0LC*92sh8a4b*y6u%F4r#^=7C@GYf4YN7 zpr-u|C~e>JkO6x@UvDxiBsh5Ebx9*wEsZtbxehA9b&c|VBVKwu;!GeodyL=g)*BcO zDvwvm@iJ=3?0@n@7JzaN>^7z=LCoy1rC)4nQVHN+qYcGYBbW4=tH4#8s|WoP`G4tx zNcun;FBelU)axOl9J4`LvSe+SDCA>bChxkdFwXTvMF6470+Hwke}Dg=|3#wF#~|2M z^L5Up7|{n>a_Kfjn*$%DSV zyIw#T4hX8dyjvez>U?Y559)A*08j~1AB7TWimv>JDW7Wh`jii~R{ zikq6w%*Uf*%Ku;sbEv`9IykxI%X$I(_y1lUl0BR`V~72-oId|#wzBQrmq{)A3Cfry zt-1IdsuOp5M`PxRK`*2#rhsksd&pYY3rRn-242NeU;Q<;ghyZGxx~-p;y9&!wIeYN z7Z04rM52CIOMN+XKX$vz)ftQ2s$1-?Y{=p3IAKdoH>vehRyfdVpO|IF=+ z$cyXb2Nhh0zmvKACZpZKCCe|)FPxejx%rcyX_P|%fB%0Kp*lz7USqwatkuFXO?1`=+km}H~Xek^O|9N{yX^wAgZEbaAFj$;=@LV|s zNX?W8;Q_Br`Q&KNuYGdT%vJlZ^kXIz#8CjHlG_FvF7y;joa7Lc9OYb-K>}9Cu7TfW zbzoKOV_&ZY^-&!0Gqt4$XD37yw6qEFF;eWbq_0jCrR=FN=@cTq@A_Fz-%hbms;9rw z`ht>K56;vcERbwc9juv59&~8j&)ST&)JPxkN5(yt;ol2ld(!NsmgFqa#vH3JNtsM1E+?c_ex$k--z^wiYRAgP^YL_5kSl4RzwxH4hJ)GnW~%iQ zpPg(MD&eP7vxnbCv$Y&Zm||Kz%3j0Zi~U*eZaPfXxU2q==quJ%OIjMb^n}VXM)&INFWKJ%vbpl9O+Ss-7j0Tz^QbIttJj=VSTQk?c%ph~`PBWvNbfNY?YBWP zy(+Z3K|EKRl3vS-#af}n199|pKr7eQ@MTJFWK+c3^icGb67 zV(HkW-Oz1YW8r%a-O;peo%j#3zsJ|~eouJyv75ITm05YBW?)NydfX*W`%NT@)t@M7 z@Vs|MXcMc=dKJZ{)1=3cGI5DdJGLnvrc^sV3F-zFZf zr7<6eAG`f>__+P_b-3L@Y`ubO%qFI!2}fzLQL9W~ry9c^Ii>x`{r(rCi09ENV^nzjDuw_B@{_*SZND0xljoXGD4 zsLc9xgf-Ld4N3MgQ{RJ``hZ%cZ}+-u(>lW43wpz}?jdTtC63#;zj+1M#&w=yUDC?# zOwgPRm&=sc2rd4^2H#*i`p{82O4L2RE&@wqJTx*6DWuFozyJ)Uw(;@jH$O!l72c5PGImf+pT3vj?#u9uG`0)k?cP&n~hQkBJ=_u1urUZ*oO9hBYOeY1&-w-Jy+peDJB0tRatWzhq=w zG3R4y&3@E_6^4t7z1COmY(04~VB(BtFB6;}`8JBn{4@Kyc5C3>Dru)_zBYbwaaf@y zz$LN9@R7b>D}++)#s2n_nT)Nyz3XE7<^3JMDB;XsIb?j)^r>^7$SI;R@ByL6OEP{3 zwcCkJddxmGlR^}j+>CGCod7p?ul5FLzEjuM=XNONWPPgsP9U!7!AjY^JjP!B8B%OU70RaJV3{9?f z+F-w1p#;=b>>0?PDF8k!PBr2Zj3w%UgX{92k6B zj)F-o^V?*1kyXOy%gd`;Fg&(?bUW8^oj5K%P+nT#8!Ils zevbgap!6>ZqLVnl%zN^>%g3{jut=}KK!Yx?9ni}x4sbS`E zqV}m-F`<;?tTRQXHVNB?47_Cz(ob1=x{@w*cH0d#wCA@@hWhO=?)4=&Zqu3B2+hLu z$j$&mKT#IcGu@w{vB1uiRBw3w%W8?EuF5k%MVqY^l)wdcY?<>&SZibQEzbC^#$ip3 zivf3;xZ`$38RO|q6km8g9t)s>lLhc6-w7Q zoPPEUcQ{*w0@6eEkGB7G9n-=qKo}bDAj7&iG~CZvHnRYUS-ms*=W2W-*e=pgAD zQ!u=l^PKGhAI#~A81J$U=(ibodhln3$x1*{M5AXZMSeN?LsDjaUb@a5)>(R4}qW_0hD5sLdl>Vz(@gC zHUD7!H0ZcaJ}>!%&k~le=u}9dIV!VrCx-1xudTY}(WPbvg|hY(w3?MC;0oxh+0 zOKgLyNjGO;!X|PrCKQjy!j%=JE*y81d*8z>)%0CjkV}=1v2@tP+$h@4)v(c3x_08+ z4~oN5A)3dCFwXY^#m8!%SB3Okz#dH2L4pzaRSG>b5_Zz_+X;y*^BIRtQ)? zyga@z?u)V!adFmPH#^?XS-eh`JaS~i|1j~#q0Nj;?F$i&%2iqZs{;1XPvf{__~rAH zyiy{MbZ(K#JM_%)1`v69qD>^uf&}V|23zeu+1>IHG83!2ejaM4JCx1{K)&!MAkls5 z8*x&{Js$$R>>s|qz80Gg%LcN5B{x4dgDhb}+%=QK&!F63gIU~X)L+(tc^e0~E)R@P zGCZ5^2^!zKPL?$tXo0&|kJ72V{pt?J zMq(BBgE(npN!a`6B&xjNmKAjuP~f>i)44=%@b!n*%__LE!gaB`7K-1t z@#$$30&;MK%IG{*clLP4hkIxDV@RftD0Z@z{D1cN{+ednosN1sw%f;#&82qG?gZtOg~WaRX_nTS#}&)1;~$$hw|VF>r==mKsN{31=OvO8lVr~!!P=+e-?Ca zEEs&6vS@Zzx+@OBRixIrXo9HWIt5hPIm8l%_PWyBwmNFzw7GQ7xhH(tG%c5z%Qfxb zD0w(U`Q(Mr_Dr$*;5X?4M`^8{@AlQNYX(ee91m*Q7-qhCYdwmg88x+D);B;0AIYF& zp%7}vRFfOqfthl*sFjDKBJR^G}!|n%maYr&9DWk4?DdWd9RVtDhDqk z_X)<`;~rlN8NN(=>i9o&B2R?b!Nmzh)_;6ENd zmL0B^obC}9*3Ay5_Wc-6!W`~2<{3asP?Kqk$uW5d>_wuB1@wCUlamwm@kSrn1R!kQ z9uY?|kf&b&z9WhZgn_}(IZ)`F0m!N|kZ$WK3bww)|05|E%aDX!ef2etptq4#gX(zk zR$UO(uCw0nO#+eV6B#FI4qXs3O};+m^!)JGUHGf9o(t_FgoeMxqlBI@Qo^;h_JG*P zZYOYjX#iMN5j1LXxx6I1P5F24{HsrNANDQ*WB|Hs6?EIJ8C~9E=AxscEkF_5;f~J- z(+n`ne{Kxq6$#k}j~?4kTycSs^NT=jfA7zqKQpiSuKqiOp#Psmkh;;?-aeX}Vscr- zRDt?qRwGC4rvL)To-`q< zbLXxy(9uOZlIb3deZkWZl(PP>*|3?m%^^&xi&)fZ$N9JZ;DcB6MhjOg|7Qp#Um~=t zCzGLe=5}D{2PUtm|5vlVUsoe**%Lig{Zrhs=xds+6p$qRzNn$9+Iem~ih=XPHv9jx zwrUq;drAN^2L}fiOJ?af2p9#cHSS@kIK3{4Ood??xVYBV=jU1CJ9TWF|NHOzso+@^ zq@IjS@9Q)tAO!jNvNZ4C#~<&r*9~O;_Z>Ms1n;P(w(BHwdaT7EIq440BlkgTmr{OdMd2hkWWnGgvT zH)2hb@27x;yJ_>>VVmFvuQ##0Q8!y>y6~8Yfq{|Xqj6VyJ}h?X<(Ovt%2P$3r*nHp z$Jqz1G%^^38eUDvhl01>A$e|QQ}`1D5tM|SjtAl2j6~pH(2_Hf%SkR=VGd&%UEPg4 z>kw+LiiP}dNQnvH$~?Fn|ERSSKr-KbcSvo{uo-fmvfb1On+-yRGzKmx3I=Miu}KID@67{z;*0eYqzMD~YH7 zXDB6%B<&WWJLKwyJKnH(us1)i)~rxpG^c+t%A$J#^Uq&8J_1i&eu`YLX->z+I5%=d z+)X*~KCPI)DwO{35N2p#k72krLk|5AEUmW4;TE~OW`DiB9%m2#|7Jx_xBqY|SBdOe zKn6v4$BdPpo{2})_42Oeg#X=Qp|<&ZAad}69(TY^lA9^tK3hs04C5wt`To5eUE3@w Yq-4INjgJ_x8*%bR%63NVkLt2#lz-f`Bk|mvlGGs2~bRNh2U7-7PWF4T5yT(4}3kac^mC~!B34?rRj>y;p2bDs-pC4M8Gy~M8J-`x8(7ZC4)wd{ZvA?c6No< z2?2k$M%7uEBFjtGsZ-0F^nJ~tBkwsWxAnm$uf17`q4iNtk;CSp1HbvCQ@MGhhbyN0=UV%RI}=tzY0{cYt-)$>TrXL> zmfGI8Nmree5@h>f17Bg;o+y=V^w=KnSBPYmjsxB`2K>SF$a81X_J;Z!S>j%;A@JY z1Q=E$1Kk=-ct^X$K%zt~UFJCzL=%>3RPe6@L`h}}4L5jf_i0YV{`0mU zJVJnDL;yw>G`Cu#aW_F^3k4l6M%eS6Auxy$0?G2J!JqB)7JjlRCCs7W(YZN@S7Y z_Y*Ew1G_z6w-myVrlsQyGTUS?fG1KSs%)bD4+q3cxuGFSCcE1I z8emZs8!$^ljb8O@c9nR({DZ$cNY7p7xvQ5XW;d=Ej24{+G5zypRCpe|FP{IjqpK_3 z>*jpjx_xy!`4uWp-DIIT;9x{Wa90N}{NwJh(m(Tvx=$Gz7N$ZgY@yhRC@RsQ3N^!? zu5l>zfn<3HxxfC$fbFRe0@VH5oQ4ed0>BF-=N^8k`6p5~Ux96UOP7YLwCXF6RB+z$m$3f*x!dgQy(?4YwZ*PK_)rw>RJ2cP3x{ z_3y68y9t@k!aiPJ|2j&aZQ7G$5Ve8v>(_i9$x-3-(qA5WJ0`veX7yfj8} z$eZqe@FAQ|M1DT#HlQblU8Ul1w$3H%SCQ^0+%i}7CbAvZ_lp<0i`h?gd1XZt`n2c8 zbQgBZ%|#)jj6b5JVT&h8(xU*}O2Q-=dU z4-?4$cuYs-aBbj;jQwkm7mjiSs2=WYS)KpVNbBN@U(oO7i@4MLs5{+#vv=-$vs2;XUV8@TN26-1 zfd9lz82LSC_Fe?%YkvDgL@NZxA!X)U|KgQK#3ZTpdaQsQNM2%OufED*Z;pP8Oj?+6 zYT=LLc|~EoU3WaLKhSu(Gj*@tbu|Xq-pT$IV80Wt&JR=e-2|_N<$*Lg;N8FS^*uAe z>qlN+=RH0#OY1o{pIc#J_M0zD=t=<>!RZY;U!~a`FHZSMtioc~a<&{cG(1tge32sV zma)fQ*7p#T^mK@VUHR-vCjKSty|m@^kzI>Xy=zW6*Zyq1X7lBqROPq+u|R2uY0>k8 zKEWK@(cFUxG~eF% zx!oSD_F*TiUL0>*0$zl3!=aYOhfPTRxlgcV7EP|*`7%o$e_VktY`^jF#j;0&p=Z*p z`{?t7evu*Cx@F6-RfivMuw#ILf9mkSei8=cnRw20{}BWO>Z^`%z!-9AB~n%Z+0maQ zLW~w7frmV!umd(`o*M{5;X|{u{*>bv$)cO#9`^H%x-u6V_poHtq>n#?=VWir+K}9K ztCw)v#e;dj{iJFWmLl!qWRxXLIA_Jsdnq_@qQ}74XO#+T8a?u?S67pt)C7~1XX=RuaD=}rN8Eu8rHz*w8#`Y^-hu@Eu(=@h zkE9-%qe|M+Z}#p(_75>?*5jdTQk^4;Q+fX|mZ!cx+gNURqOR7^Cs6_s!8N}C?^toI}g?ywIr z+-3IeJO_2)5)F=KCdiq%21OsO|8pqhLC7^>WO(hxV@-aiqigTJQx`I=_rz2}&G@lS zkV^E9ZQs%Z^_;iO#(uoPvNyfo?qJU#_?*u(+_d!GZ)jn3t?BN8UO5P2f;YiQ*4;PN z3MNzh4Jxso*}%f9ayB!?KIK6sa;h<>ZYP8% zdL!#*W<4P9;G8fOw+Z5m25Mn60UlJZxVeOvHtLVK(}n5YPNW~{cGvXgwM@KhX~~J* z_?}+W&(Z5-QgWNs2Wx{5AKk0l;ivUGP4bJ;Q_#5JJbrXON;iB=wSnoA+zbdAqo6I9 z^^=VHH_kx>Y`7@IOXnf8q#qxjeJ=B`K5$)KWyXUp6RhYh66$OKC(i(#q|tQh3S_VB zXpyyJ6_>X8cPrtVH9Vuq@#1KcUlQ^ez+4ZhF|<0J1(W$2jx$UA!(FsQ%G!O_4- zOnbMx0{l$rF$~>du(G@yZW-a{gCjB2-E1BKC9p*hmp3%TqqE1OKi?=l&XE05ZhXBX3P&8?9b0y$ zAN}xq0Y}LoLUc9Y9g$_o1=V#*=m6eQqR*EGVpR|Kqg6>`c;%SR;Jy<6_1gF9><>p? zi1j;Cl1GvKNln(Wy>YzOX<)tqkQlWk4J20Yz3g@Ql`o4B*%y@I9>YWD44*yc?}sQX zt`{XTwQ?p;Z;v)j{)-^MW+1m7_5`-HoXU@;_2A?(vIEx6X;d8kHqGLi-e)8$A6pHW z5o+s9O$=h4d`BZ&BE6lqn)6~ou;r>k!rZF#UKEIzUR|MW8p3B%e(-=nA}lV#56QVr z!X)Eg2d2npUbBSzr^t~H&xJExHn#n}$ zjcMd4Q4diBT z$r^(7Gs&gg%-pA%IP}>qCK*UA1e-(u6&G>^a91+gf*;<|=1ohBEh&T8UIGF#tnl;G zg`iu9!GS+w^{0c9+k9@3eoStx@RiAO^G;!mJhtC@U)|Aa;gU8~d-H8b@b6T&K_%Co zoAIUj_Qs6~DZz30$2;Rtf9w$mU1VU4-Zv?di{%Gh1bvUnW597n0dsya$>Q;bi-{sW zj_My;_A8yjZN*5RV)+rfee|}yw+a16YLper;VrDGnz5+ zU$v2~hf;iOQovcjln1$A0$i8Foyr8%{@&tIHh(Y4)1FV)V_#CK-8kYHUwXel*)%;H!?wMNwKq*VlwsepnjrG;)-&tNjnSr@Jw5DcC8q4@D13;euYgHRUrWa0$p%;=a?(9MczF zC0+D3gWMHQW4_e9>r*a=&}MMxi<*efLTq5px_5b|e#RMYk-^(HDD>;OJ9~}Wod`r^ z$&dGtKAFoGxh)eSu^<1fCPcZ&@bTD)dmU=$tVUYB-Ae1}C$F4=5>w0vUkQ8pIfyCT zirSIuu|hhU@%*BDt}{qW;Ojej^9J&g`Eo@)rfv^7?0mU#Q~PS*OBKJ?In0T9({woO zH6P}{?T+dS#%w)UI z321nbWchtVp`G%aTe~r!RK}QWvWin|$x}p~06AnO-HC#5`={8M`eKgJ3KitI=kLDf zy@VN%DaPRx$zTTBTAx6S^`|3%`+4`h7UrIm^V$I_#hb_QH`7fZBG|jJPncg-PR-}? zWvU3FIc+n!ryj$uxP^MX6<|_HhV0qbq13V!!PPtlHa_~6B>m{@`=$T-2f{l zV%a_~(8_n6_CRNq{+TG&w=RfOO%(cpX1pHhrom?o2 z=n^do(hjOJEiIdMxjQZg8VY<~0zZi|2(x*zCzHWEA*inG>IhG`igX-&w#TiJ9UA4G z@^s`xrXZ+JTVriN1na5B%Mky!zgF4nMUb0zhV#Y`Vj{h^#|It-fp~^EaxQ@C&Ppav zh-0XvxNyfVvh5FH5g9GXtE?imU^LeZ*_Tf|Q9r2gaG_?l_s)f=SV0n?_wNP~(I2V# zUl*a!IzX-0ufia{^ah)-UxkhqWKtwWOCuc5nu4Skw*z1pV%YgM?gr=)il=kQ7xtb; z#`%5qHc$zO1MX9*uxz?W8pVYu%Q&a|jgz`WjZKSUT(d0AB1&xeQ=it$i1?Mah|*8E z@8#y<`0JXhlLvgu}4Z==~}5-^9wrdQ%zilIB1HJ0994F6*5 zWbIBxD5N}aQ1yYM3GME}ygR6L61RjzVPv7zr}uGAMH2ka50Zkgj@iEBaG<X4NI0C}>09`lfcnLn~nki)x1V_HGsml0$aX7e^Z}EwbFbvw4)kG4O(DDat zNRJGO`)J2a7lKWo2+p%_yRhopJAVt$n4U-lt;1EH3k0Ew(Aq;oKv-HywWWYwo*0+dz z9^NPmV>i~bH;JDXp};?Tw) zdi+7r0tp@d@rrQPh3S++f@sqDBs?8#e4 zC)QJ!A1lo{i^!lB?`OU76~D-zMXR9Wti*O zEV4xK4IVGl3i*7Ty#Vqv2Yt<2(Y^4w6^uF|VxVT6ZEaNj5QvRIX5!xUSEuIJvnbN3 z(<_(!(d5!7)b^uqTyjq6Uc_y zeXLFpTaX*;0P(3yO~fVMYm+%-mLOg`yDAx!+ZgZ4 zALl}%Xr%VUGd?6#5TZc%k8zNc18Q&olD1EeThK(>aQgcFvYkIcwfAKWI<@Zvb|T;ui8;oN{AFGIT0>O8G2KSPr19Ed z-E7+*P>^IchK^8P!7ozIXk&f9+Q2w!L;Agn=r2aq#hovbvIkaCCj@_ z+9>aWv-r~-jVn`(U*z@2>`&R-o5NqGin`2O?qD?TQ;V-H9ST|OWN26b9)7mc zu&S=$!73PqiNi_`Y}vsJ1lk0o|Lpn3uD_reVZ6y)HlCzj7kkBZXtE3-5I% zLn^gPVx`~G=Nu6kYY1lpkosrQS+dX^hn>lCvmvG!OhUokI9{Cx=lgk`kE`)x$YO&? z!idKt6*-=lGy+I59V}Y|*H#+Ik;40_iVt%U78WLw|0K^&#e?vIeS&eE`+)F3gyN;& zWAs|q$~s1jjYX{5rbp-f*n38oqjd+&@u8T&L^M{UtNUNn+C-^dJcfRB*41+3XPt|A zEIOHo4oO5Mf)F|1LZr-eSK~(Q%+`;xd2?{y_4$+hz=21L=CKYu#$vV~<&R=(=5S)( zW=j&Or%-y^`sj>K=}UQC4A1)`Q8p_Mah9I+o(OLMn!ijHPZm-;$$1t=eXtxRnC$9~ z31-`8zO6Zq?FkAUi?48HOE?iTE^WrpV|?k|GLs25eTIYCMt2C^Fn(J4UyGRWdzCsP z_Aug@w~!(1<200gOmOT3nGKsDj9Tu5?n{wX^T~6dmvY1U?T;@dmo8`WcWgGG- zpX6uC6-y%ki^sx3j{e1kp(gjUEeuf*?C?uk1Q;)G_VI|h{^NF;L;$Q5g2{W3>|syR zk_xrGfg*(!^kW9*6>O!9S7H{E?YLd!<;)7aLG*PL=i*V&aEM`lL_Nd?od66U(AfyKg7xhYmf<;L8n*S&_YVz$oP^@^J z5p@siv)c+Iw*vmzA_zKt;8V2FlwMjsG7?!DaQI5?VQSC}C8RCi@$*qJkftKk@xmL| zBs1kQE{RMcGIwZywZy$JDNzNuPSA;D<}^O;a8R+}i@ zt`1WP9iSzYQT9MV#W-rW=jK1LvvCxq9#inIjWU@@1N1k z@ju+3`>sPk&6j9{4*-hIprMm1PBNQIH^XCX@nHD13bQLVCFF^KZ3Pn#l!G_gh)f<^ zxPhI_7A(dml3Ll;6e>l&O;63q_ZY6O0l?n$Iwirxd?+|wzzd*I2N7wrp|Qf4%4~n! zSI5H?(KYP%lPUv+qKb+s4FYCHHxKPy?=U+;D%cLTBzAT)XHVh zo-&S$6xks1z3UGuI5R*KX%iajdP!vmAa$tl;tAFjlF*Q0eG9b@_UeYL?Pm$luJ?|Z`5Th40JIQAC|G{3O|0fNRo8e{+Rqy2>iw19K)@tspP zYb@}CHPT6nb~FB00K$r5JTbUeV(VgzgIFot>yr5} zIwr<@pDsd?(c(@`yF$s2 zbeW*mQZvRTwn=KP%U=M-DNH5BJ((gJO~)TCPWv}Cdlfx_rN_Lry$z%wvZRk_x8;K3 zRNnJd%liwKHpQT+O5|q0QFHCIoYUK^*g5IN!4+`S?SsOxvzMo_=VM;qbh5`0qj*zA z+FvO-hZ6^)2^1Hu_$VXFZRYFEen1v!C$`?O6VY-~k$}19{StY{pYr*6HhX>ovcX&e ze0;^JdESpd)Z9h2A768JhH^JG@UPYTL3z&+7vSV#D)@WsZ3!#$lIy6G6@1pq_V80a`ki@ zdinYyoEqMsSGpqUG)4GzN@h17FXSbf%Ll^;4}PmCe@-aPjYt2IPQyLfyZwDvP!xN0PS}0Et{@&|C5nfM5`6EbWYGKAl4KzS z4B4lNes;s$?3{*w<+e?|sowM^+^9-!@c7VlWAf*{krHJeTUm=#3+Zk9&4tWnqLf=7 z#aT)}uWR-;NznwS_^aBh_-h5F;I6I2(C-7=6N=4{;H$xb*VG#xOBdL8C$eHOkM{k2 zDhzc*pz1TtuYK~zDq?3fn`+MI_fvxIOMddcRjDsCS!&PEa5^N&iOBUoSZKDaq~!H5 ztk7Id)%Gt|z$D2$v7EOv$L#TlW&h&8&CbEI)Wo||dp?*SEf@t4Ga1?sc6IVU?l>2g zQFjseq$LvVNUNhLTFmc2si<;2iVYo1zb$bOXpRV{eW0YA(ERE}>O+D3=F|9a23fha z!E@CEgD7z`sng5-mY(P=h3rX79p%1p;v8E8hWgxJ$K(vMi6~)uC`GYVR$FKV!5!!x z75R(sShL)8FXK!wL|?|e(4AIBiGaGvpvE4-sWa!UA{049cM4MDRQvLIx>!=>Bvrz4 z&WktOZ;ofgt=GQ(=Hz>hPAq4(cHs-xRgYV?_s0{ECIPnClb=27gjPKaZ~gkZN#hw* z)*=`D*}vGya9Q#^;`?KsOJAqo?A)xnHS;Q@C4#zx)>4FQpzxuq3pidx*QXVkga)MN|5ycwfCphecgg9aqe@N8FkrIzRgl zELlt=f>NxGpodd|QkXnF8;?aDOATA%)Lx6n&DC!Ez%*WqjT>K7akIgBB8DruN)*#( zp7xbCQdATzUScACAc^qe4j_B?xPi_+8$7r>T`j`CX}?Mm^SqKHGkFfrj%~eQtIyE$HhP z(V_)|k2HeZvNv^llJ2hs^lKfX3tpuOO{@&(=q5D*9X0cKMo8o_cSuk z#zwMq6sDRko#@1tJ?fW2gu%wO2Pvx+K?_DxCznnK2N`KGoN6+3m%S;jt8qHdeD@*D zf?1C}%l1%vspV#Xrm)f{Fqb#;o_D-esoF7+Au5!2G0BcJMoh2Y*P~Qn6#@RhYQE$LQ?pMB#|kPR%@-B(B}y(;ZGVjCT6ObxN)F$b zz16C@I?7^{EK{4OpVp!G2vGVM*QhPuSu467WV%emt$U#@;cwE?C~?G|B(g~*k|0pp zXzK2kQhm@=;hkgPY#Qj}_cTcNaBTfxTTPZeqc2W8J$!pgcTn=u-lxK0V$|J6%BHC3 z!tBHBA4RdvQ&q!rhc?Ol*|K`k@cnyTk<8Jy_i%fq%tI76zwamDeDUjL?@;NDeuA6h z(IJ(6xWVnJ+haGNwQ;*8T-(D$s)K)aDiK8}A_;}yvT?0F8+zaRm*%jcKl06lE?ZSU zo6oVauv=e2l1hdx%Jbb33*tI7dDR;v0Z~eVWJlqISoD6*xyQ*YTlpabYwGf|fqCE0 zX!?*5E6=p2bl+;Cv!dt+A8_82pxl(LCsn@bJbr}=Ht_HGNF`Dm#Tn)Q>4DN2KpIqC zwoM+OQ+o4yaJT*(TeIN>di*~}rErX;iE@|I%K2as=8HF5wP|g8<^DYBc&{sPu4Jah zA^Kz7-e;Ny(x{5sS(Yq$(wMvB{(}4c2)=axi?8k*lLph(yBs=3x*Ex{huPrTgbSkB zg}}>Kooci!`-4}C&1bGk@Ckn13PsPIE6qLbTV%VJ9e>>200ZX0I%Tcz?|`hoOtN`>wC2@CO19HsL$2}c4MT>$U!`*vr?y;&>v`pTC0-ercL*C~thUeaEN#u~_|g4Pu`R?SOItbEJUZpxf2S zTPezJ+j+aP*%K4XBr((MMk&ucaKpBvpfz6voYG+?H{DY4`@{NLUk7fT`jD%}3n`zk zfnuBD*H0wY8xJkjXTIeqXIW>rKd(*o{L?&`1jBoAHgAcw3j$=QpDb{+SM@s8pLaN@> z(7(IpcP!Zmo0#`Za3R!ZQceg`mz?m28wKv0pF3_U2s>av<{nK~$qeDIj&^n=vP~0= zDweZIEvEBO5F6&%+KK*&>MPR-gJzrNDu%1q!-5LNq`LC&;UJLna*lF<(F_vjpav}6 zXkSiX#@$}=G!FmZIJzO2!kNu^Z??Wt$yN?xHG)$2B&o}O!OuUu9YREBwuf~=%K*dN zg6>lD=>Kf<7ors(L=*nN30G^NDEJa(*0JCZbmZ}y;<1G#4IJuCqnL&u7NO^z zpV~8S4xl(T_(aE)ksrGC>u1!8?(*On2>Ue@UAafQu#D8)9K^Oyl-R(W50Et2D#l-G z{;XLSwp{fiI&cPVw5D~qozU;xoUYT01)r=5#0knK-g6?}w;rsxZg7lnF^90<@%8vK zqqd$*s&tt4mSU)cN!C{@e$Y=r#@{Zc=+-fquC_hGGMq539%L}KqL(7#TK9-_XNo_; z*sY0C#v9&wyuqbo;FtAC<8*Vhgki2aV(5>8f0@DHV7#A12U9mspY9RA zdJn*`_#lNk`Vu$=<@aN+Ci9p2@d*!)jmz7AALMunAd&i?Dmy?#)ci5`uq@afbb54! z-QhLNn9%hSTJ5HPV9y1d)Z!Ts!~rpaEG}#GK@sbV6rcagN~%{(iHM4xRiNABoR+s#8y7x zh9bpz-bE25zrNRhCyXDzTz4B_oqC7Z{USuw%rYPe6~R78YB$`;yc<*gW`ieGcRC>l zSSYwbFI$wnTT$0eLUHQy+!NzVjXG!3N-I#DH50l`qesGnC#8%Np}foJAR)a*TU0HY zxbQ9SJ-o=Hdh5~7;m!g;%H#?rH0HU(@#(X$rDH-@!Nh%fMrq%tuVr;#`kv78wOrTe zmQhl4KgOC(^WCy_`!s~zKh%Pt81@i=0y#VUSK*A-5ESPSgY8M`IF5;t;LN6g#BR&x zC;9TD48rtjRTh7$KZYT-epm2jzm5%(i8d3%>PNy&tmiT1-v-G0CWn3cvit6krh!p@ zH`6S{PT!S{ZnrqkF>|%ViQp)-y6ZK_sp{I#v(KkqQ0TU^quytZo{nyzx9)v84~hMl zdcgx*+d-(Sk>j$8A$C}T!*gRs8`yBu;KJGbVnU9abuuhGdFVzTKhwk9{Mdp|hlbE9 zW#ZZ-#Noi-*eCCW`O35hgZ0tIVf-a?bX+>0Xa?}w0mK2valkx+8X&(#+vq;SrGcF8 z&d1?R&D7cplWjN*HH#WlSPlsgep8bnhRjJ^5+301=&T+UwwmA*Se31#&slK}8s%E@TttJ-o7_`qAXB7! z*p5>)7q|tw_pU1yY@!5>We!E8LRvh0*CSP!2doB?Ez`(h6l7M$JIrQ?gIYlhF-Btf z3I@aD(kKqD@Me4liki~ty>@YoIR;(ZEKB3u88Mbovj);9$Z*d0Rkn69jz-h8EV-ZP z;NhI+5>C?9G~c=FxomI~|AxyavQwdW^zrrto8DgC5VklC#ITO=ND}B3$t36Q+l0VR zRbg(}Hy3)(R-<(EXzPn+{b%ClPX%sv$#z*I$!i1xC^DG^i& zdz4zDV67t?kg;O@CGC={?n)X7)F1Ge$ElRuU0jbGV93!8PQe_PiYx9l(s0Oti~}F) z%rnm~AgXX`9RNlmi0|{Bc;QGC??}A)l<}_i&p9bCHb^;Pj1gXc zz|ylfV-$9lL!Dyb+v5yHZ?s*!Ztsls={C(U7g?ZB>bI!Ew@>p=h6n|0GlsS{2_XvZ zj@$wBshllN7gGq^_XEaO8tWFlsk#q}4f(MJ>ieNF{XV;KqcAe*OVPqR72OWsS?HJ` zF6jrY)nXRK0w8i^upQNQg8oQEf+(o_mRmu->_;$-k+-}$Ry-q&ke7Uza>FB4t=(he z4fPnSJvK3#k_>J5k(YiVw^)ks5ybUo4L~Brg@mlX4qQ$op-J^G!qe}k`5C*CB^m_H zr)O0br}w1}r-(#07V-~+A0fH6JsGsM4ayzKKF~mZe)Busli6R{XI%Ug2+&r9%WPE2 zunACg2`t?g6?0Y795Ow>HQs-b`#i{S-f#VmZk3JE zBy6}L{;q$9#?ygX?q{X${v1ND$P@>Zd(Yl+3%%Pgx%&JRm$TLQAG5-3 zx4a?zqZ2!g0RruxUKvq*xBdxz$LalXsZ&XVzUJ}A@GhGDp?Ejf)p&+IEIj>ff>>(OtP&9gJCk<5MP9{r3A|ARe!jdG(@30$A$GnYH$jUFpFS;54K zbcd~O2R95Wt2wo64C3AzWT76_ISiYim`0W+z z@{y3cbrvq92bU|sa0W~IZVzfmIh2Af{L*7I_j#v=#SEZ@iSVO@w@xbx5n69N)LD0G zMv(GD&8{J;2wrQZBoWZl#rKB1=HMr24r{Wc_p*Ppk};X$7Q*Qk_%q-%j$R-_!nA6>X%9WSqLx!`5Mf!2 zB(BbPX~=MuttQsNEGgH;42{86(STfrbS5%5+ARzU1s@l^JvOmrlbd|ws=RRc!zf(< z7DXKBG(Iy@sq?MfV?HS8+2%-o0{+3`dfhvPPxLl{d-6NYw?FKs>JQc2LL%21-p+}j z>fUPl&M|0qrQn$sMNhEDlH8jlCg=#Dqk_ba3dHqf-X)6;Du}qW`C0`%@NW?-N>^q0 zxe%_^tjB+DdT!0}=D4V`vZqj5s<*ZF_PnZhs?l*JH|ZDu12q_mWn80!aB27^V5G)X z!hCg^kBK-;7hnK{YTGrnYFII-KLcT#i1{ts+&PyrS!0#xWVz(LE0(a7D_~rm+n*-X zi&z~mF-Y?^EH5lQl(;#k!Q3xX^kpb|U*~vx-QgXg@JSQ;UPwhx+%Tc z*tD}OLUH-vRk~t0$)2=_k=fv5*1zh#7@O7Sdr8Dc>p*sLa2LwgaaLKbXrubzN5b{B ziUxcKP9|t);C4l1N9Vkuw+%r_4SvOT{Sr(AAw<%2HXMzpM2tm-YQk~s$hG+f`ONB9 ziWsanK?FgEO~4iZ4hz|Dh`)0XMK^j%YW8a#OY!!MjKWdm-WG6cQ!3Ytco1!%T;+=7`KTeIqiYm7qx}d+=)B{65n2hDP!=f!8 zG(=9mSz<}LXii$rc=+R;39UirqXhqli;sA$B_-N=aG`^l%gUUuAEoje!ZWCl%cJi} zn1s@60$veK)jCB^nZSfJmTtQ~F~wC5-F!oPS3L-ZFG$5I3)Rfqqm$7OIccoWrIS#f>nhhpE`h`wj#X!Gei6+$$q z?#uR>B>M_yt^9>dT~MjTV9YCIkMjc~w(QYzJDI?pL^_6qGKNXv(`p@y+r7C?VP)4X zPA49oQhwufT0^D+2`hKJrwT=)sa|ar)(jb7liz`5)B*;+q7d3M(!}3#uyI)iN@N(> zS^1vH1V!Sk2byY}IRm;)v1ih}wovnDc^yzn+>+muPef97!V0Je(@W1GKG0G`A*Z&= z8-)Em^-Ry*+fSNP`&bePn(~->GQ7_qV=1!R67xWQxhqZ6X7_%n=XL{Z|1b9*3r zH|{oqo}QpYPemjxPhv}8 zLI$kuzAXf(X0L}$k4=hXztNcnfSe7^8C2Q+#ORI=#1wW^6P%AwL2hF|a~Tui)j^x6 zo*=#W!@csK&&VP z8tH8~(p*BEExR8uixrM-_W3cE=!e__fsNOCUsPw-rSfoL5%&Q&3(9?Zs!w{H%waIhO|*69#CyD{mcXH9ob8`b`Q$dBt4xN z_oeNv=YfW33{38Yx$|RQvEgRcRJ}xYJJM@!DT)W96?xNeRyrO+aTJiZyH9|YSA7-% z%Jz50cGL%gr&3U$&+TgL?|hs3%@{WMsNJFc*2p-*5KP z0U^s%Z7{^@ukiH+i%>;_g1;!huTc>oKt)d&D5%Pk(bCZ9tR&l&_++`Pbbd>4{`veb zfjpF32;c{|0aCFQO#&2o>>~#pfCSmN_kWK~W;}k&3y4$CUxrchf81#Phr+}4S1xND z1n5xxs34>Ax1kXQWVHA5@8JG@c1_ak0tL64F4nL8lcSR0s9Is@08rn_bg==M<+Wy^ zcCl}@PN~rV735xFK)V94x;jiJlRL?ez-*Wq+9&Lz)L)6_h3(R4LB-go_0L4wo2TfRa6ldYfx0VwU z+hu*r^_NqV7lZ?BMZn?LC+}sp0Ts%=eJ7nose4iZoQ-N@s&f5jqtD^|bh&xgJ}{|# zfBJ|VvPAjT?J{86QALpJ%hOWd158gX04p=i9gD{relP;eT?+xIkuiYk`>yomPNkju z#;|G0mts9gmfwPgv=l&GQpp3<0tIkdD(}7e^{t(mTBp}h zt-N764|j8uqz33Km>B`%LuYu6;~WpKcG1HMhnbo&X}=S`6hJc#-G>5flNxqgktjKn z>5Y;sK+gd0rTQyqTG9OWqFUPf_u}dla3E;qsegS3C}6E*{m-0xrADOy0%$HAkoRJ` z?gl-o_$y-v(z28Xu#%e?VBp69|KkfrjUX6J8>9%#*#E7EPXRof=dWD4Rky;T{tqCK z@2IfoaeW*vpqY?E@JG6u+%pTyO^l@KJ5 z5pw*G3-FKB4^Vo)1Q=UF9~p=Zd7<)c0vn9~Xz~A2@HhTSFD_2lvPCrTi1JgXlm3-+ z0lp?ezy*S;_c{r{vI|48`%Qp#Y#DuT7#(ABLJn|sXuYkcSeE*A^60HCG z$EFKqk0V1)$}!?gc| z9*hn@irUiqPdmd}g4EMv6{shn%>Za_V1k?kAP)b^;PW6qxH8CS!(aQVu>mdA@OQnE zA^!~<@^?XPjsd>}4OoP>Y85&2{u588{p~~!eW#gm12p5i*JESenO(39{Oo`Rc_*Wz}stj1UO2eq@ z6*g-T+`wS=xz7QHt|935M&EU@~pZTXN*eN?K1TQ8uxC3Tvq z;U5KpTlfo*llpFf2z#*78F4v3(Mt&#Jq_$S*r9@$`*?Xc6rfuOj<&|^{>D1bSc##O z0>Bwy_dD4shybki4vqp~t3JTbF$3ZYk5Yjs(w%GYC|udqW)XtQ+0mH31Wd|T@%mc< z+?|Vzh9&{H;iWR{*RQ9A0f8(NK=Z7tW`oa63l&UA!@&ozh%U#A^##-Kn|GRiSH12C z`$-&$vgC$#qB*uGw7@|GRZa_m6O}_UDY)C|5B~nZL<GxBi-HI-H1ptDu@Eot$=iQ=g^%}(n^bjbaOZ7oZnq{t@|Hq9KYG$j(5ND zJkOf~#311tbI#^2x0i;X18VpY@00N$Ag zD>H7XEir1U%@#NPv+Gn`EKA3w{aStI8`gCZ;=78N(GFOK^x1N=PD++fU~;p+LW!6Z zUmSPhiSdB_*Ca9)9jgtaQ%%R$qU|Bxnl71-19nK%bHC-RXLjI~Kq2f>eFcz`V*uw` z5wNjLt`efHi|~`8UmMJ%&=GGfG#t&P@H!;0sbxxr=$3H+kppd1Fx|{x4h)O%NlQQl zNgZR-21XM43{}6*xuwWqrW6Q*YCHXo;+^y+D~}@ z9!22p`iK$mfYk(gb-zxwzeB&L-UqUx^!$F1cjuWSgfX<}+!3~I^4jR7kGARPN{`wN zPEU6?BMuoigNOp<*a9GCvq*e+AhJ3aaC0dKfMv+PJ6pDZ2~V&|^OhDpUqSBwBCuU7 z$gKP&>g78$Ilzx6YRWfmX-rlDEK&{O*X8__0`8Ik7bAG_yQplf`Di5e?q)yGeYa+2 zK+onYqmb8LTz&luJ&?aNKeOlwkIqZ;k>|D=U=X`Lct^~lDa%p6^49djnQyvKnd>pl zA?AmQPC&k~|CGe_yT~X{8Geio-(_afY`G|$EYaWBMt!SkIz8Z7X``Bze`}hqMvHF> zMxDyzG^ZKFJ@39b!XAvBC(K2T;dj{2Y;|$CjuvyxTWk+l^|30V7brUE#GJ;4x0gGd zc7OBi&HO_+y~jMM~ZKNOaYg6+h&@tvT~a6)4zZJzSSaC^*bJyu>vpb z4)~*e7Lg*>0op*TfHsigdU<1H=TFt>1Mj=-0tp~SQEfoxQo2nDH3`i1>6w3OhkfI>H z1oitIP`yA)OS_j#U|d})DiyquUneC?tq5F@c9NTR*LAd&kj4XMU~BHf}rQ^ zQ~EH^7`GtqjaO%jUJ9EdUm1akn*d4+_X-Mb6y)`O+c}9tB5>mmQ;Ane{1#c5cj)KF z0T)(JLA>;fvNwW)`ChaEmx3?pFK6S{<76SPQbUhn-hj=k4s1@0m(rjh9@`(wOd+C+ zmoSD-{RRej#q_`woY?ug9&f3c8Q<$X09y7yC;@$V_u+P4I-doQAGosFB4>=$>dX6v zPwFmL(}@r8)uiIjYKmrcz##@{X^bwG-a9w3i6FM1HGuQxJ@DwI@*>SZu5?`t0Foq? z09Ay{kR=nzr#hRjMsGpV`PKL4WG3~_3+Qnyy;;S*0H$rk6|e2)be`Momn1Ux7u4ga zjnQ;Ypjf~&vo@GGdffzOy+{8Ia8?I^5XIWP`U8Ll4gk}F6Se5I?B5fC%fpopE34XD zsd1Q*2Z?_xpfjTmN>NqDh(`!1?4YRxJQOGezq2D-`p|9|XREAxEAUCPa47f`S#(Mr zd-~Eun&4W~==jhsXFKs3s%D27j;tLCJQ0TagYi8;O2_Kkr4~^!ICy@qOe56t{2F)w zAtn}7bRqZGV%l)m;mH7N*_UVEfXc=YYzdf}wcJ$a7_e2ylaODx-kcgBjg<$Ov9JE2 zfxL65Gw=T7K4avC$rT*D2hgj$2VEk24YlA^bjtI`Bg?AZ1=#^RyB;k=9SxKak}uqD zAJku8AC0d6{6ND8`PBV@w8Ol2)GZb06tHEWqM*4imeeiTZ{VFLJk^j+;4rdZXxCk} z9!jDEHZiKK?RIYH-7~mu5N;7;&|B^P;l!%XL+FVDu)2U7pH=tXUF-!jM$493B=~D% z80}f9af?1j^MQD~IQD^$XG9t^YxVtWm!!=Z*xoBvX!v4?)|{o+{#pQsJYVQVH6Hx* zVLiCq;SMBwtQ8PK6nN^C4swv8&NF9O#Jfc9JzdzK6Xd~I&kq4MKR zB2*ofr{WX0m|+9BYMv*^Ei{2d)`^e_4+0lQ)d1u8w}|~@{`cxraoUHyfb={8s}eKn zylKwXx&sbKPV;AqP%v+%P#f{LcGurb5p>$&Biz zmbdve=ZaOCKFYzb}iXbwlwdARD_B ze+J$w@18CBv{XO{BYr+~4#GT^ri)O;QR)iz$PyAKH~?|LG$nhy zMUfK*A({KtZk+Zk-?$sRLla$U1hoA{1n+uJ@Ebs{R5Mt|af)XR}-DVzWFyX?Qh8-|pZKlPQjvu`Wc4h)Q z)3ICFhfn6VzZ2sTMYN=3pCP39#q>`XZezrN?t^;-)@}4dKuBGiam4 zD6{ESh!_aWB}2SD?C8=P-#zbO-P_}5D*#L6}XPVJ;azQ}tOI57Y|W(&-Q3t1w9 zka|wWaugoL{)X^}+=Hy^+**C^b5N85ug0#onisxtqLO@?it1G&BwXwIYZ1dPGot#6 zY+Mw?ax8TZa_<$!z)Rgc>^X+2SOBdxii+kD`W~@5b<{$f;{ja|;!4UgT5O7! ztE-OtzHW0VqQU?7!vzNi!y@xYltNf~TEEzW%8|@|^V6oy z7j)QpEgauvTG%YaZUM|~_)*2?-Druy+H7>E`r0SLiK2cY^&&0ihQr3xp>q@V6wbki zLoufkJ(x4yGd{Y~oW@UoRBndOUaJd%5O;uh?awS68GT5J&&FuLC-iI4$KrJf59t}Y z*ROfX;{n(-H`X|w4=bA#x@Z?e^GOq%=g=`agcb!~*F;kKqpUW8SpWlt;`{bvG`LvF zr8HWN9UCZPCdlmY#_N{|4UTtyupG%AzsDt6ZFvl@wUVp!OL&s^`>uuz0!W@*SS$V7 zZHnhGw#9gLKX;*n1HHriON(^?NmOBVj=ZY7$2A4yrMX{8#1pNfqkMR6%Mr=z#4c6V zC>?NN7LQ}Aw>;ydLWBIz@^#)s##_i++Eg)##V-Id1F@kRfB=0Hm`nc zA{*KMi8?gDMLZMsSY+TBq#FdrfAs&wsI!Efvl*wSo*}FDd~_r$FUj+J&&eM)ox}#E zy*KspbHX<-!^w;AWgnZ_ugBEBuV&J{{+O?%L`98fn1y5C`#JhpHW3b?NCKa#QIeQfrz@nkAAs3y89Tju9J9YHmvcX`gjSnQU$ z`e;;DWC(ijmX-Pde!1Dc&`xocdULJo!iq}SRinYaG`ul#p%IVRasX>4=hOB{v?lEn3702|j9@Gy zD0{>N4y})ol7ib`0yv0pf-y_Tb%l2pPmyaZyb*vM6WX0t*FMV>4tymkk^|7u;kF_k zA8lzb2iE(-HZ9)F(}&drG;E3Qu1@;~ODHJn_PznFEstUJoYB;ywUkOPCQ*8Wzzexw z4mxq;VcHChMlE<_>1{VGZtG?INA-KBP3yyS{wOb~F52Do09**iR?UR`^)^^i7Dmp= zGHXQ1Vw79u%}fNh#WAhNVqLmF<(Q{Q;Bo8q&F1Td^;;Rs{|6=Y=fdH`_I%AXQgisS z^FdJ_+=(F&NnKF8Se&+3KsH&u@s*v%$=g1aiH|7rvcnVEazytDLYyZ^+GQ=LDg84x zgC9`mz2x`l#i$9IQOX*2P-Od4(Gd+(VjwWGc~wp#y%6JOoKY@t93&=+f;<{mkR>+J z;fnJ1B(@Z7WzFGu-GvFW1n88dzDeiDRg#|}E8Mx+j-R{jAH^_SmAgD!jB-pA=GWE{ zR)NuOj>)+ZDORnFphGV+0}rKY?Wg3I{En0g)N?*vWQaGW0|B@sx;L-$Qx)w~vwurn zr2@Vgmr%}`q&z&R64un8dBKl5b0N`BbDk|qhI$!By<+}9R8P7wZPbxlJ**-iS}$-l z<*vVwGog?DOoVN>Xo-F`v6OG6*7Ed~-o^IgRVER)>-y?~SBceR=br=&&g>&UA9i#l ztFH|dtwoyfgLug%790Daa@?P@;Wk-->|w-&huJ8{Yo!O;U*=KGwW*|NJz;NIPNHwS zIgD-QEiMD-<%Xy6sIL-Q?g$!o#(TpDYb8#wa$Pon=ESmJqw4GZ1v;(NYA%1RNC)MEgoi*%=xdc0|!hK=(#A z!jOHQe3brW!6L7U^cK$>f$e=F3-55lC&Z2oBHfWq7xh;>!KqWr4A1Tc4nLn3w_|4^ z(W6H;1GPv>n$wVu@&{@i;XCk55LV3&nSn@l!#DhcRYZ(U;LS-QAn>Cwj_u?#;!HX( zHUIE?Q?t`G(R7#zA00K>=a`zkYG5F>_Me7rjqR)JIw z*zqa;v_E-hh|d>Mv-4r%g5=XZ=vbz+fa+lyU4?HXn;U^TIdj`IihX0?e=e4ig*S>i zin~wCk~Eg&qVD60i{F=qU%(+mP(Hrc`6 zLnSs8SKopku^(4zUhOIVI6LF;t`5);czqmN?YE`9&E*#(pu=Bk!>q^S|H)g_m3hYY z@0YcaD--Wrv4BMeC)UIx?^BnHjtljbiA-*fBc@DN$^T5tS~ z88Uyp`CuX^XN%7XH>d6`vLsphGe{(ejwxJ`jmw#$n{gKQU^0y!>9=I8}vf723{eO@-Ty8m6mFRYIE*iik{y$qu8x6&}H4`yagQ`1IJ zT17J301{jMclAvkH&W?5?%kF4r)AeF9NTeN$dHl!Z68E-+Gj)DbP0+Iv^ z^@scb29`^s!~A)8n4`WSYNG?d>Kgpb2)-W8vF5#`-8&Q={>{+g%0P2%+WScgLlT=d zGLa+$E`^0nga0o6LzTa-{P|J@|B|i!ZVV0aAhkAWP%sNs?T=6RaxYf^BVI90t=N`_ z%^@7Oe7sGlmEA>po7WV}wwiMXR*L+qybsBHPY})qNL{T#5|B7e9Uvr0uz~KUk5PSQ zfU)MlW?m|kG}k$~TjQ)?u#1dMG1k5;n<`8`NVU?ltnIs;z-|yeMY5IkfJ+Q{2;vch zm(=BhhM}LBQ=|AZr1jS)R>fpt+V6ZLJe8sdJO#?2cLr%kq4&H@3;%<5bZM6zLUeck zZ7H#ECkGBry~?iZVHue;>}nK3I1>)CFugPKb%ANe3t<(o zp{QD1EjDdd(r{qM*f%>v~UvMdwv?+1+@2kZ}rQ6_}<$D z(78%jTf(Z| zXnf(@@kH;S=LK1fYp`GIN=y063{Q6CQe8@49>1ZXUTNgOmN)Qb{($V`G(rCEKwXVP z%8tdK{- z(T%p9hJH9fEeaPB^+%>18ur)Y)USS$v152Io7M=du63~)3>CjKP*<>m94gmJJBBt= zkB?D5n}G@$xuwuyEjKUvh);(jY$lZo6i(r`zU)U`E&X54U1cp6k0YcK?$~takHVK) z5GT6CyqDU}e6JWisAl~L zdefANPnxgpW2FBCKLY<8((8QvF*=P6?iYhz&vdeDouKinhkIgos%{<8D#D%Vp+L0O zPGhvtj-p}uvnrt_;YJ!G0kOHG9lgv~{QNBTs_ZU2*gYVvxyR~yq5NadlznDso=UXZ z-@67D48eQ!k{i{L2UIxs!JgA)1woUPLY$zJW5EC5F1wV-EzYN1<4oeD4r@7#rF`S< zEqNmf!rw!4CTmo4yE$Reluz{Rc3{WQkG5W_OEJaZ(K ze-y?PU8Q?cPHO(KIzrU-1S)_hdY*yATb#%kV#jwf4^#hT!m8I^Jo(rCl2_(kjkGyP#_*R z%@>8?&BPVLf7QD>kSTxg1zf)=03z6A1|4BXAnhx*`-N+BF_fh?J|swv&6S6uB8+z| zHE+xly~zfOMC+9XH{2|Zt@5dt0QtRLkOkt^eqQ`)`d6PqI-dELyw2T^sByG}rS0;Y z8<=a&6tpOPP?u9hT5Xk;K_^`;xo;9$uRP)65@zw4BkUcvL~nINmG_Omlfh*rZJdP z@8Gbw&bc+#|u1f@z=$xvG59rP-a-Hy{*D>kZ%3)Q7NVa$8b}+U%ErZ#Dy=% z7(sc}4&JLf}qOfCu?6gvQ4RU-OHhQlR6~`*{48iv^z%zYpt%Ni#AmOei5n z7;YA)01CC-%^-J1c1sXyj|9?wKEAKq$8%vxvuhxW-3jQ#Q)fW0Jh1!7vZ(hUH{~s10u0s$t7*Re@^fm8a zQJDNX8#dJcHm5Siv9x7l(;X-+%HE3^ng;QA@Ta5^PGsSuIv)L%>Rgb0B*9aY`b3a? zqdOoL9lr!alTI*M){s8}`-s6GKc06%-EHZD=$SGxhXC~B7pBG+bL7zzntgPe8L3N5 zyhoZCiV;3OF7=?wjZ@b#7pVC3zd^f-XDFp8D2usV$hsrcqTjwE&!(Y!n{?SYKK(>Z zM)2X`k(2^5v_BqXI-~}hL)RF;Vk4wKOFT}M85{oKIiy9$#ru1^<)=2Sk+^9Mx6TKHN4q8@2L%XU*6D$?ml5JASKO28%&73% zr5$jiEB-Pr=DsJ*BjFdnVHoNzl!(xDZ;O_3zB=9Q>5!1)X0u)MI!a)!x>$2;6^nVO zK^-pt7~n}_3O)`FrfV|QBNwD9jKB)bR7=`Z196K;pUS*}PxNie)L?JO`4E_#fg1ZT z!xyF*+9Sp?8ttzS*>4MKl$1L`^@A*oI*O;Z0ET_zGTVF;_2s>5s0=@ORYwBGpe>)DHAGgrt+AtER3st2ul*|w zx%rbPw)liZmeB6-Fk141pch7HmgrAy-mHbve|uJrS`UFSSZ){xpp8BALc~dq!dOh6n{2!!w7oT|b2ieD zNtPU2J4M#bcSXXPn`=3hWB&16oBf#1?fDMc1Bhz1l_&%{CG7f4eJT7Ik`PdS$$~Ir zM#J5Yy%wV;_0bHIX%b#sW_F;K$4)i_aj=O=X6ryCaTwYGsyu1f2>_>hq9dP9`k-}< zPk3S?_X(T)DHB_i)yI{rk}mGMPPGZM!8^|^{B$OOA!*XIeBAA!WG8sJ(EvS{Gu+)! zRs4O1(2joTbxAAtVwAOwm4UgJU6}x-G^-N#p=yAREZ6R6BS@b=Tf*M*pF<{&@@)JmD;Vuf}--vc-CG_77n8(AaRetX5Ale0nDh)I;Q)X?{+t7vc;s{X=Ku~YPR_{mJ zekjjKWp83(hsNeqAZgF2L4r1mHrWD_s_KCkufCXq+9-}RZ;Q-*gNW;ww9agX@w!Kj z$PA87dJv?#FTk_Y>dZ9XLChiWO>Ce$Q$;pxw#P3`F*ubdo|rB=B9H*TM^~S1Yc}1C z3|a|MUw99BS95yNNOSJGv-9h9&mxB5xGNqv4J~9$xA{%Q!s~e_w0ySNABT>ROoPke z5{;c;lNqDI7m)m5SWm@VgFo^#q;zWDQ$io()y_ua%J$CHlD9<-RQN*l@<&z3b*g_i zA=Uz_4;7r!52G9=dk_i0@UP0;Jds6rN6W3D`lVO%P?oE;+U#S`GYX8Z%Rf#_S=e$n z)CchP>DZn^hsC=;PxnkSVm3SU^U1>8+^nvIWb*Mzy93!g?KAQ7@!%}@7XR!u?NPD2 z<_bQuaftGZEL2*E>BAKOyMH?YRM{O%NzO>p_u0(K#2=P(y4`#B76Q6s4eS;??H8;o4w< zv?0(v{Gj;f;~p$~1F%~j0%FsMojY38CdT505z_H2w!>nMiUa2HBQ=0EwFoq|a1;Pt zLTbM?QfeV+P!40d3W4yY+Nz;0z)eLkh9B7(gGui4W*#AM$JHjdT>0{Krt$6XAcmk5 z&~1YP8;?_k6Xh3S&#|ja(amP6pgc8YtOoD5bn*-ht=d)l_=0q z2o3o&zRe}qA5h9A1U_3`{ZfT|#cRXpQ$=gqqX#H^<-bwgsmP(4#)&Vk;?)&sPd5 zaV^CRVjBEn*7VJ|qg0e7e9Xwfi+{9h&=yy5_Dtx2Qcx=8FmP<7kM_0}?!}o8(BYCr zhcRoy4zfj%wqN+*^q{bh1P^gvgmEFRFOGR$iJ zW5;($0;;OC8DDTTT$aiu$->Qd(FmeBAG~c}rA|bc=rHhTb^T^-3M6SLX zQ}Y`h`FJ79{J{-uW7iXXmAdV4fR$*my_9jxlj5rJff5pJaklO6#`jLfvLh&$-y_@> z)6KM2-vv3@>H^T}_q2Cw$Lrp;SHlq~U(0EDHo}}?E%Py#B9QAp9-o5olpI%)iLdNR z#)V%0;SzfcO};A^yt2oFi&~AlNPh$#qgo|_Ag&gzCKf~dW3)$P1v)QgRSHRhFtAf7 zM7ABMbstnLoy*t#G#*t*4TyC(mXasfKyuBgM)eWfVT8R4Y5FnK?jK-nvi0Q#EBD*e z1n#%YNfgs9u<7pl%`YCGFE|TANTU2R1M6~LFSQr*j)^?Tb}@a(FN)YOO7#ttKdu>N zQQNys+kpk*ZG{O`CLY^RoZW#y###k(n+^2KX;t1D$7+K$&5b`4EM>uGLhVRq6I9fg zcGiL?-2*JG>-d-+=HinQ&F6=yqTT|eo@zRp7Ol@esFRkl}jJ>W5lHz6?tAu$$f zmGmZb(cO}rF}5jN_JkZCGEu+N6nKP&GRh}IPy;c)Ab+J1z?bvx5Oku4h4eX2q>st& zDe_d!11HWt4u~eB32KHkgJ3|y*|$-zTHLhp2g}!d7W^de|xTmPwtZ6VX zQ%;HSIWO4Cr>b?%nq<4lOXKB=5z=W0ekK-{WI%>zJIQf$%q}-Ol8^=^wr-_2zrUAY zYB-g3bW*5{mWd4E(+s3TjcAi6dpb^+P^NW{l2y8M0EOc_-+We8RAn$t2Vw&GlH(-? z{IQ%-hAHE8C@#U=4qpLoap}zQ) zKU-ln_%N3K!HdiVvOA`T5r9#4B$SQi2w|Ag9q-G+X#OGHDhL_e#lxl%K(63ZhX)e| zI_pyx2i^C9@y6`8>${WVQ8E@QT^A*!($EU-x%M9(^*43oB@T-G&0K4S%g9fig5(pY zv3gfqAzj!oYtMb@uw{T04D;s(8cx9o+a;>6sVw;K!PMo2p}mi;!;^(Vp594G;T8K$ zK43!PfnfNlaeqc>2dJr3$K}>VgarVkDsA%yMX*pIXiC-P7uDF`?-b-hxqgZp0|7a? za-~2BDP{y*n$V@m)2+XbABZ1z-S+XzM63ZGY-;wxebzo`J(#UH06@s%0PH-~{vpE% zlL;-XPcZ+rxE5hb+r>>=%X6f<0{hkTFv~P?2Du!3wa4)>k1c`+;-VC06gMh{xJNBH z7$msk)SpQ5;K{b~*e2-p4V_(Um&~{J3T&qRUGf<5pE){ywb*n?LGidb{(XAS51F#65uOutMTtqJj>GNyRLck|PVLb(u zx~C8^*n^CpmYBa5S+t97M-ta9F_l$*l0*8vPoEw1NGem(Ch#f`uLzDLuOC0awyU=Z zBYtYm7NkqmKbjUX_@f_|vQyzYa$Vl+_7*)aBr5b#w&LfZPJKI~J^hiV8~MBo?O!aR zFU-lRZG;TUL8)!zeQiGx${dk08w#}M^cdIl(ZL!D(Fot^D}8B5C;x`C8b){nM??V{ zK;de7*;{BLwF`QLfSi+Uf40wE`rNv2kD?#Med%h;p_s`uf zl8@X42)Z#}b@BQXrXO8fsNnZCwA9A~b|bO>*kF&ix)&`8?Q80sJY>#${I%fY$M+jd zc8{tAY_K5k$ww)A4t!Fmz3VVxuXe4Yp2s*~Jg>E*(;Q<%cgdQ*B!*2n1K?s0v{&A! z_|y7eBLBq&7M!mQaE(aA$lX3<6EQ2x0+=gj1q#$DC>`XP(xw#VU3HK%(|&(I9iJlH zA_uv=qkE}`1Z8t-Bf2qtsuB|Jpl>NGV73%V7Ab2YG%>>GO22<9g6@G3xLNbjLOBo! zu&&vmj}(3kV1RL;=NuWUcB|h7PBrM|G+ZBS#13eIA94Mz|MueQR_G^55!465<%?Z) zJNlYjmRl=5HkI4ux3E#5xqM;)r8;G4ZaPF|vO_dcpB$2(+dDxYASo>j@-Mxy$YeMF zqAe0Mp>b1AD@cc*$XyOqjX^i)z(=mP9wsO9veiM?V7i1%*H2#H9jq^7KV;(y(}o)5 zP!^3=iJKOmIyzQ^bO+z1n!z_L1^|_Rvu#>lst^=hFLGLkT-w1}|eICcX*IhCI^6D!7VX@FDjOnEAw*`La&D$QDf<49#rLbEw81}JPZHRiH_nkII73&VufZP7C4_ZbC(Cvo~M%t zp;XSw1Z{opd%V4W9j>iFf}sfq8jwz9fP*7v_$dXjDQMS;Y1dZ323Y)tpXBbJ!RQO1 zqpC8Y_rCD)-lFe_k=No>v-|qMvuSRp&n);xSj7f)pUdIEH5{LEDJZA~$hU&Jnvw!> zxORy??-RYswLkUs^=t*1?Q^nPwBjU502$T~>Tf)N>@)UY!v3Rp#sld6?FPEk4JI(F zqJ6?b-^afm}F*<$JIxwTZ5vr&FlAk8x>s$y@m5YFr zq)d^eG-+J`B`83El!==eI6kQ%cr?Zzv4EPeCBI#c)y?d}68xk%@yoNgdpbc*+>HBwv=Q}SVAcvU zQ?n|g!2?lfC)I4beC*@dyqvgMU zfRP-ifLrv6X zzFZOebuB=dX9P|{XUlH+@EQ^nUseDeRjhx)x+7?(EYQx8zu`4-~;ehi2o zS>VZL#5z?E?rAU?{}00k>EBK9Q4@@TzQ(57_&?guvv1%)E55Q&Hp&i6~DV*@Fy3?*8e^UNej^g zo-HW;_`bEI>@HbJ;(r_^#e4D+(IRQ=y}WF{^OW>|R3yny_hXqL(#O-eADiNTRIq%& zE&@*u|7Ab@^4^_}^Yf|t-zu#bfsH^#7kzK&vQNXO75||emV79Js-eRLnue$|7W1*PtD!PIwV@4eNmVsRfwY+2 zl7YqW4myqwH`+8T)~MCxmd%pN2e+c`-)#=eSKOhNN^nGj6HUY#i#@R7#2OhtCasXf z&cFemcG7nx#FAu0`7N2VD#%EJVa+Yu@58KBD{iWewY{uS1#K4w-z)H5lYBi7XoyXL z)vpQiVO+5PNZxX$?gCvx9tm6j8ZNfM1!P8JHHAxr#z z+-V!u7+;y4gb6H^qlFKz2o>$BfJ67AISO_)9#oSn!7|qux#_S8mycAgc0I6fSYdVjL}=aK7-}2>)_<^}e6mV8rm- zkl^DZLH|P+fp;T`CLCnXZR8RJ(**qG0fx?D0LKc;vKb5l)HEv3c*<14*(80;t3oZt z1ZWvbz*64{^wD%4~rIO?Et;#zs^kF?g%Pf%C+l z?;cl9e`mjitz39)uGQGBTDI4JbHDP(lkbhzV6aJJZJ7@74Y;;$BIeLm=TJyrTCHg{ zmO+!jqmF84-x(yiD2*}J*i@LSw!6__Kor%r9);kz%rpGl6V@?eA077ADs9=`2y*wk zi^y@`8f{U}v+_;fzdM>qXS{7ySI=3Bop7G*l5`66{7vfZJ!G1Euwk85mv`L$JHGN{ zcP3}BJ{kNsF_hgSBaf2it2tJ8*ZqC93)|ul{+#8>nJE%CWrg zRiu&-xlj-BmwVLI(%kD4oQaq8r%_B_FSqnYvT~zuTO(m}BrV>Cx>YBHLzhv&ee>@& zwFxJdHTOYHIG2%^rX*LQ+umQ-8SZO1f|I{2@lo0?Tj#@8#-fekC`z3*IYQH|*xpa; z@xdmyY{^wtXS0$fW%Td79=0-w`8R2#1vtOIzG}sceRXHmWY%p?Hd7NXEaXrTSD*FP zyLFl^ja4BxJYjp^pJ43Ge7*a}10W%NkW1X-K4Loy z_-WN}+4z|5>08mAt1gK{%b9=;s%-_VjRqZzV=1#1CPv}|3aH9gV5eBM<3QD0*3j_F z&{rXydo?AH%83GvvKj3qg78TzKeAB1z5V+=lDk@qKDpYbs6Rk`^!4FXLd1ku&*P_W zIwN|xpY1l39-jTR;9gswu{uf}ybfsaeTN{}P3f=aUs6GV`~7%bU?gYXTNCSRKOK$z zh_kPUM8WbhXz%dXv{8(R&R&#C>qsKcL*(DQ0aLl6n;E+VgqOX`(6|&vhSJ z$}cN#EPw4)O!T!EVTtvrc?2oka#~+&5Kvg3{r2u~B6M@DlecKCN8O4c0P&>Zo1|Ux zY?V>w&P1LHXBcxN_wDX_Er*`7<3L0vtK)h8 zOe&OPwB7#FY$!cv=WaD{un;J^mHfh%E}$m*#v!;mFd#-)x9#J+&$3QaKxTynQjy;1 zOLwmm8NzIImL4w``pBB!mTWHbbuJf z3wiB1XqsybUk6l9`8Bhryf8eEa^!b>`jlQ|hJD{{_TN<{4Dt`@2(-wI9rP zc6i?F1HL)H6l(4j>nm74_+wY>21!>E5}k9bmOcxJpi!=m6ns&V?dJcXUqWe>anUNV ze}}V`R>#;#cA6uZxo%lU%3k=#gj194ew--Pdal8s+!UIU($cA(Gyki%G@XlAIky2B z=>Hhx;(4AdeAX3ylzXn4dVxA4=nWeQZv{+Zc@S={0p?eXVFO`rHwp%vE;T=9VqnqI z%H%Q-=m1_^TD>*rwi~O+yWplCyMA_I1@N2M-V_DuZ3VB2-4dG*_H5KM4sbEMsg~~Y z!UJ-Hj|0r$eywgLy@^7xv3dQ&inJS!wz; zaGgv2h{G^y`=+VCQ>Esip~SZ@enut}iqgobVoZ@Wd*;SV^*!Kp4(Srengmu#F`e47 z%HUDO^?bdO9cKC)!(k-Y9^7jAn^cd_zq!J?nv6$!4D84%w6hrO%~6HF^MivuGl@*P zP?7ab!G6tx<*s^vS0ZE2T~9e&^z=LGADVxv-$Q?>VM_oKA~Ao$~X&30kCYjEh7+QV(x z{@v4!=YLoL7PBLiVl`l+pUOO-j*8w*m5X&Al}rAlg>!(Ei^uE0SoCNpA($wHVsQ1R zzps^T5%Z8pL+OwUq9mYcuhMLt&|-MC0Xp{v?ZW88&sfFlrTous+@~iI8~fGmw^yBB zOI-M~{vBbJ_Im)#;XL*&@6Y8m{c2h%#qzkHEUvSf35(e2d(C`3&@tdC%LUd$Zu;Xg z33Oc3`Ky4-<(b@oYR+DghGBG%^o1XdaE={_>ORqx^Ao%P1yV}br^O^F#o3UQ2 zUqd(rzjEv4Z`S@4-oKq>v?voJQHq*!m>YJLzZ6<`->u`o7WGc(^n~rQ-Mo&|j|v_2 zTGSt^P(NK{Zhg{rQ*N+ie6HRxIAi49wNUTduzKoUD(6%eJ6}M=yr68YOKtq7Gz=%D zZbDb#wg2h2aJ>dKZtDRyqn!oLz}w4M;U78a#BDdq{W|&OmczFyj*rKP2l^8e%a0hH z*a;OY>tkH;{OeX(pM!2oH`uEKyC)rkG5f#8d#sFdjEOv`o+;=`z4?JWq8O^H%Q+ym zt-I>n{>fEin;R^4pm~`qx<*3YwIOq|IRC@vu|CP4;@9E5X|nb&&acl*nUK@5FZMgm zB-d^sdq0H*+TRRP&J9XF{Q1tbG^{jkj=JHFjYc(gRZGjx8Ik>W z-*FvscIuPOJJHg}PTqcmd+4|f)O`FqQxxD?hA-RKS2r)3sP3f|cVsg9#HWES7^i*aRy@J5_MVitdknl3En?6;0;T8w8CbO>eI zcUq%CKQv#592c7m>;8IfGt9JGxI}kj;-}Oj{CxsOTk4gE4(FQU{LLC z!i<3EP-LB7T~;-elc*KbkE^;#v3FT6K_>RmX!k={@uPNU&vT!1Karzg#La;bF7D)Zp z`P!Q5hh`7r``vYSdNzWw@efIcu_rZPg7{l|>z@^h7T>KeC_DFlraXO-eB!JsvFBHw z;CN?S6>ii(_p^wU|F}_Sb8tXFV}0u-seU->^U{6QRb{O8HG{*?SRaii6j|!CY@8RY zA7;N;tUHo^z=e%g%-Y}BU*3FuKK!8J*MOh9R4df|7$Lg7SS}4UoR>>^{i1|(=`i(K zhHnRh#Z|!K1giUW-%p0ssTgwBk+wS_vU3jwu9?zD(dcjc5$nb?cx<=f_d=d_CbanV zzmFu@$y(Q(1S$j5k6pB9>Q7rQP2YK2k9-xOe~x|K(aH6NjWnJ#pfBJ=c^qOo1y*Y^9#@z34NFULG zi&1TARrOFw^mn;oQ<2xm!d+U&{;Uy7B4@yz7Ab`tjJWxv;`ekZ5{Xdh|G26xU&(+Dj}p zF+_|xXTQOuwE2=ed7&vQ+^|u)aoQgiWT1o5Rmj(Dq_L{zD!!7-pTHE9P6Yj^)kQUQ z^@U{oD&VHSej`FE;6%GU1%pdFFtg#}MYXE3|JSkWi36MU%Txt2-RiLC3pLmZ3>?-r zIOW08bI8{p9{)A=+xX@?jGoW=w+A3`RE>^8c~GxwQ5yLmq|HE0z!G%*JVYRW+$_Y` zhu);+`w@_P6*nc`&d|63RlylazlfvY%fF3NhljK6+-6hO$YFeDB?uCYJ^1g#^^LQI z)`fW-Y8%=y-iiU2`Gg2+=I26m8=RW6x=0nL$hyafm2aR zt&{s3fEDKcu|c_VT@*))#7>9oHZ@Xcma?s|Q zo*LyVCfF+)uMa*h*3n8iBYVs^u;?^*c2u|Ahp6u*VuOR$rH(mGuYX?l&fzWSE6_Fy ziP4JxHN>CkgVH?YuXrq2Kn#)>pym1G)V)m#kXZRd!fHA4MW7O7v)>18qv4Xvf*w|D z+j)1GICW297&!fs>tPvbOssD+-Hr|?L<9GVKPp_AZSp*d5t zs+H9h)S?s3C78CojGs6zJm+N7}SPBj#bfQ&P7Fsy8Zw4ak+xuID7<9>t(QeTK zuehB-M#!&UEPSSX>(h;&F4c8<^6zD+e=sZq?U9I^9jrHmL?PVae8b%B~JK7s-A=$w`|^C4cFyTn|-ir zl8BDZNL|S)^ZvszC(Qh=m)eg=FX9wdys{-wN_kht zv^_j3pJGEm2rCwg6*IxRn2kxf6FXb%DJ$(0BnLaFd^fgYE=SyD%NzQD$Cay|%eUmX zR>&vOyV9oiAgM^5r!Vr+yNA>L4V>HT$!gN}{>phyfz2peic95by@wXMnBuhrR05Wt zv|na+B@NToF^$ATV3Q9({shvCoZnEN+3z9pD14+T=sxct<+_0C<17yF*aGza6P;h6 zblTvEJ5^>IgGQi*Yw?;>fjXM;2Jk$7*kV^_a0+q#wfXy2_5k59d@qOFqipBFgRRzN%z zu^TXOnZLjyRqwS(zK(Aa@av|>yaP|oys)OGH)ExmyarD~0r*_sm90Wpk_k&d`X15# zZ0?8lJ8I8Q@R4?<;*LX*l8LC6*RL%PUSY2KYlO8q@7YC7SYnU`%i`ZNHZpHxCug4u zva@+ZK$^-pAeCZo$U5#~Y${nd77(#sc>i*5ng>%{h~JH4*v91Qk0A{qA}>)w*4Vo) z<&@fF%(0D8^lJ2@i~*&n6k*=;h%r$vefYEoEMSP@*@5)@C<#&ZGBMA2z*T{m8@R&kjh}JUC#Rf@_ ze48YggncXyx!lT#!YUwgR`5z*Uhog`U?lbaiRx7Lq$~DX+ zuVw2l@D5EeD0aO^YSn00`(3BFDsy%Y-^ljNym!4_abZP$Jsv)o5Bq7}C};CggQdp1gOGE(*rvgTb$^T@fmydx+fOFk$;d^fvjeFR7NZYB)^(+Nlb<&h~QnxXc zu(D7sKsT#9UOPn*zFte=X0$Uq$186#VRmL?eI|%~m)BS$GxEdO7$QX`)en6MNd(s;9B(`2VXHwnG8`V+z%fL53ijXtCh)3wp zQQmkTw-$SB2fdanuAF3@bSn4cWZU9OUy5)v|1CPD-V>7*n;WQ`<05y~>2@tCc#Y-9 zyr(>9{KTC%vYhe6g;{a-ih50rit%izqKn`{_QyJox;=Q!A|4B<^lGk4=7f?c;%LdW zE(MlMklfP+YPcjqZ`^9=F7*C%GEy1-M3#nBX|m{h8NiUei2bB_?%u16o`;$F2?NzL zaz+ZhuNBqIM~teS^ddHIIfAqd2AyVX8c!xvI&$y>v6L?!>}=ogq}rMby`1h(Ngl9` z(!{6-@sQy+()8F9L3^Q+4%VbCG!R~}dF=j8QBm2E*Qd_EFPV9S$7>^i(V}LY9;GNT6m1$=XUFL2CpTeJ)LO5FnoH8d*x12z zm8evzB5Aiz3$$vig|9pN^zuOu&WpUUdK^Kj6a6QOh7@a7oT3vAPX_XsR+`s~Mv@*^ z(OI|*J?nBR@W1T$E_@`ofAzfUZgt`Np=K_-hkDb~p8VGBh~zKPv#=1JBr0bClSy?w|L$N5#aaA6 zU*w~$SD@qol%yzwT}qC=y7by4m3WPwCD}gOw|Rs&c6DTL0Tn^R^F+g;R63Q{{+F#5 z(u52bT@5AF@u`(E#6N){ACc1z?iP@0N7jC=!1;j|X8Pa0=g0IZZ$e9hhksR!P*3JE zjF0L5ydJDQB#7FLhuCZ$|4bipR;(+X`saiaN(X1ub`+ z=xG%j=aa|fO=^pFqGf$v55QC-HfA0shhf3-axeLm-~89 zY@tiPM$b1+HVFMc06}^n&k;&LtbLFNw8VGX#yvo`L<_j|Wt<=F9%!Yh;duXvwDh6qTkzDdM~n@;GvJe&qt3rl zx;j=3xEWdZm^8pKgbpPSc>a}XThInL{(&(5aa^ExZ|K;6{;TVzqjg<&iLZxF;Jnp; z2L30~{y!$A!zpi5@|nOVfIY=94tQk@c#UfiGBPgjzf$&Skjazb8={=%;qmuv>Z)Jw zF2n$Iz?76pgFnI69q=RNc=uRK2p~Z@s#Q3D;GY!0y}i8?fG%=~0#TmHz&Mn`4nU|Q zz)E4f<)`ZT9$bS|G}EmQ0m1Jd8Gu#74{$PF7J;KHqdF&zBh$y|EHfoxViPrv}ngQ5w7V1YAmuq*b8FwIujx)6F@$l@H9!(lY2-Lxu*nydmHPN01G4Yh%#e77-|ym5FEu z4wX>A<@Bo3%GK$4KeEaUekvqHSULs9+-Qt1aO@DdKIl_tBk>^_bM0*vdmi%k+h+WG z4w6VHr{pv<5d38iylTNq6F}F4?pKSBPZ(uS9l=ivIY%~D=TnWQd%l#Z=X&Fqu}sp6 z*7bYs&#iAO0U~Jt7+N)qy7`6!JQX9)$b$5-u8ini)EW3*RP!x! z0*QU!DDMVg8T2UxX(Q&k_R0bPGshoKyY;An%XFcc3d}fiWYEiB$_1*D=;xQ3EjRm< z+d)v=&nG7*A;41_az}YMPbLvzm9=_W%D}P&Luf+SkM~Lwk6}HYX9* zap1|c!O?EAt(N|>H~%Hi3uO~7!rE2)0BMthqoff-GWmZWl+N6JbXeZVh7e%QI%e$) zw8bI1+up};<2{&$vN#Vi{&EH%Z~`9}dRo{e3g25kg&`?;UE;3URqizV;Ulku-WHhmM?i&024u*L*res!Ecj=4Gmm|SQ!0vw^%)alcH5Dd?@%Jjp` z0&VfoyZl=A6zl(ZA`R3@f)Y^RwhVrgC8z`peBP&;(~TYC4dHYWj0XzKdE-n#Zen(v z&&~q;YptR22`z1UdGvI4Tiua37y9VY9GVUZ@dY4D4M5LUe>8`d>os%lIh(ep)L(H; z)BWJm9Q9??d%5_^;7~AAO(ACDOFAg$y6ByCJ(oGR6qxTJW&$_=k^9a-0FH(9vC!Ul z+qK0ypV$t^^oJJ3J}cLM`O6` zC%$}AVBljO9xV=dItN0$(KOQinU0V5$`ST6WH=swFDU?3Fvj>fAq?0e^H?!M7=X$>1XL5#w_L^1Z!+w2@sUha`i zt%{wGd-P9VyT9fMk;S!}EdK%2-_ai?zzG*6WIxdksJqPl=BvJEe=?P7umHjBJD8Vb zfH#&RIsDeg)({FM0LQifDHtxl!-TQ5djUC-74YC9g=f7r2QyUGb&b*RY_F|KIb-i# z*~+D8gNHNK-lr~ll`h|vlf<+gY7cczSJNV(BU5E0dp--n*OI9KOT`GhteiTE%W5=@_b5R~1xz&yr0hWjxiaX-zJvP?!0?v?V|Pf0;MK1z0ylTF=} zj=aX&#irAJjf%7J4W&K}$wlUo?U4xl1=j%eZ-A@fg+*OyuXxS=sP|qw0H+cF&lX*1H z+&-OL-TOXd1QM${*RV>M9g%PLCL?CM62JN|$!*mLSYP2+9%Upv-(2umrqyT;uU*_7 zNm}}WRYGc{i?YV6SUNwuCFONiYUkngeabld#V7K1Ouq{j&K2d4>yA9kzpKlHTxrfa zIWT>JSjzo_1N6VgdeK@9nVh3RXSB^@btPSU?BsUlWBGMvY3O~5M1dL6MdS4&S<@#;=isx55&BT&MD>ZS&b*IbJ zXwqu`Cax@Ygv3#-4PYnEZaom6q_BSHTeq44ATg8&7?;01 z3A>{JHoJ@ElMdDCGZ@nJryCSE#W@q*8s=gXjaCvB{`7qFJ9EnfqH#sbAq|W07oK~4 z6*guQ;o>L960_8!P6ZUk(cZcgpKfj@D1Px&Np}lz!y}1h(6pqQ&VCzeTx5*>P+ND) z3ze*8Kc<}5MVZMMsi=)U9ikSn(6;xQMK;x79=p*SGm&Q#T_DZW;=8K0Fx zygA7UTrZXB+rO;Z*&e4juvJ(1@My0|*yOn*cBfSMJ`V%;iN?{@i@_{SUJt7QrM>mz z>KnKYp61zi&t4V`g>7e%to}@3=r{k(mAB(;#eF&QLH1%B;HyGq7Xf!#&|elx50LuY z09{&DM7j48q#lwEllw!N>aWgh0f4vUbP^Ej*#SDW_F~)bItn;XJKMsjzk}<|;>WTE zyy@-Qx<<@kbs)F|kidF{v^<6=b&z$W8iivrk)zEi>NMy75ODPeK}HG8mXth2j?QOD z`2@|W^^aoLWWlW3@WEd^S|9COG~d4fw;F_dvS&;I+b!NmF<9g%fJSgw$Oy0?JwMtQ z-y2loRREpPJ+&p4JpxXvV&%tM)3!5V2!>O2z=X^@rNTW(r<&t`xvad8lmJb8zi3~j z(thF86Fp=~B$IsTUE$*h#|2y`cAR0kM!svXV=`F!BW}^qqPOR2!+8==3zY%B--x-Q=YjBb%G%U7INSg(y zVIH{%T33VcdUH$y&dW{_XeoQMX0gvBqczYmoi%-h0O47yKSPvwRot*g)jyza#)jXH{U4Eh9=*Jdg z)gId~ktQZ2tfMkIRC7#{{j0e4;;7kS9JQyd_s}D~Xs7HBpW=O0NiGP4s!~Dbk(Q!v z*5`IHz`QO0HG3}YveR;IBXGgZmlLwkNKp8mnM5Uu>5%wPi4{4-vXi9y~8qbH^j zv&ioN1a5X5cLtKCYU14G+T)poejh~rR^7Qnw))pM7@~Xg@jVH`NEfWwwk<}buMPsH373oW|hx-Puewn>YvMn?rI)#QHDw&mbv4FdyK z3v9tNNieU#duQZBpcvE=p1Lolw&Z1Sv0(3?Eak2`V^r0E`dUy~g!m@QziRb0R-rfB z3ijB9{`W+JOdVp$#}_B?4%B(cOt$fh^^dm=c%(wCn0f@iz?O{xAiVhtVH;x>tZpXV z`rl$}FoHol7G(@8h}YEWSR~%50qv7b=h&3LeIAQ~O%=t$N8}wY1Ai!7u{c_0Pt@NErIBy~TA@5W;Ni(wATFp%oO zNBa>Zo)`-NV)W`g%5@g?3(&1WwSJGB502dqHI}f!Mi}72d?8wM)MMYLsRS(e{7XT5 zOyl4mcDg)2^7tP!h7n|>UC}E3B0BKY_+zn#kdfpwXjfWo_|f^qF~|?|;PTo!8^kj| z3NQsR0U3UOSk;#Jwok-`{9PKjvQOj)kS+dZyQP~)qo}VWtNXS}yrJq?w*ah(#sj${ zO{l4y`nG<>zVagpsmM!pUh^WeR*pY?&wM{^MQHPrhyVki#{UXi(}i`W9wq!pRV8}f z&jU#d!0-6nqWMEB+V#W!%A6l05OUDbljQ0FW0A$y&uV6?t?RlBv=x>sUPQXBuI_1@ zn?oD~1P~s2=8T$Ph9g$N)6jIP44^=?BzGfvOMS~ zig7K0-JcSN^cj$TQI-k2$?3H`f3CGu@dhZ&GA$nbOkj!EBIHezJY zYr+p9e~=n_R09z0c&?3A@4knMiBb3=a=!{jZ-bjDWMDr2_CBfsN!?kF=hVo7f3jox zyZdK?WkW0{toTC(;6S&z-mru6!{f`2Du2x^n^P1)N=g&XF)SKf2ENI%sGS8`Ji38< zJVem~n^;F!FWAmbdObY+F1R)Dj;KGPfdMp9yg$*H>rN?ZlxDcvXJ(14gFm*azI4V) z%axvEF2K2z{mdRYMbf@zauJqCr0Oq~tH%VNJ0cdQuGq{P9Z|Tl#qYY{4*)lY85=5G zU#T43m&kT6IvA8woUt99`rZkwe5W-YwZcKIXG#)Y()1RP=f!`f*5bNZ; z2~}&^oR`MB3kob&aC`!qT|LO%B2NU1a|nQbzk+aewq45CH88s_7{g)5j1C6${go3` z6oQcU+LmJ<(AkE!^Umw8Zt*k$neYRG^dNgC$#8{a$|ns?EaVL)jiuxoD@`Ph@n6$8 zVNhv+IWNX*Z1m}Zl1@NdJO;u2WQaVPzbezwTvG_8J2Rcf$|#KfChWA5&FjzLMH7EA zajXh(Z856!FWkc|6T)}eEVuLXj-UAY1JdnIWlPN675`5WDa9-n`Yfd z2oe=Ru1d)h!WzamoTpXsb>qY-N?E^Fd+=HEBTK?H23zvWl4W}}i)d}Ezxa-F8Xq)3dC zN#07=JPxc>!t^NLtkZB>0y!)FML>q+ zFoPk*TN~HHdXiOFsUG#}fTaG#K)6X3fUC4A22GMtIDkj@b70eN+p~yr-JO?)iM)PS z*l8+@sfCb1E_GMkLvpaV?|Ff{r9!3LgqYu|zxKuCK|R!Ky#V;BIEigBw+%L6tmCi8 zgg6U}SG;ZXAyjv91YKJ_j5uqG5{TE0hczWmqzmC~5}{pQV9$cLWjcX*0%1WcK#caD zyOxkbZHW72B~foH>j32*d$Gpm-Fd>8_^aYA6M9es;%>PI9kgz~mauW$$5?y)Gxg?S z!w(e$XEjYfuK3j;ZStPV@aw5VEc?bo`-0}fZQEH)WDBfV{io40&j7gECetEB?X#45 zfN#T|VXh9hU_Rsw)FCO?bJjcESJq703hXO>Ev$EmKjB8!Wu=dTKHQEQNaL~~7;Y(9 z%itFwBYkt9mns)wpf44=Y2vph>f%(NDCIT6^|0eJv+XxVWak0ZnD5iYgO2*8gKW(V z2W3wPb)ohAFXNx}m+VsgLQf`rZbFg9$G-@%p~2TLtE7;Uy11{lJbs!HQ4RA8zVe>n^)U%t2(v&YcC#wHL2@VHT#^Oi%spL(=`9 ztHsZs!L+QSNTHkggm6}8r;$5fv?Sg5@s87|zKRQdm5RJOag615JQTBRB zrEYoxda$9fnMzswiLaCAeX&t>Nq8I?+wY?wBuN}X@f@mkbU;Y{>fwI3V4Il7&fFtR z232^`=}S64)|;$NDcTg!Tx|mS5KL^6*eB(0s0CW>= zHuEn{(y`zk*z~E=={p|%0O5+<8U_jB&Tt;X5r0x27Un2+yj?f{1<6V$!8S zwN2AB(>AI(6G#~+rNfCnn)J#fs|NGI1$(FzOAwuB188(i!(Lj*ezazxFY%y43&2O+O?k#1F$sa1W|d zEVCH;sW^YW&^!8Mo_kwJ!IHUf-Lh^&>F0~dbfLu?KeJ5KB+9kEIwao;c`QO5N0y&= zV8P6l`zERW*e#vXAh+K^hkDYx#%SACyrV)U_?9I#sbk0JdZNe4w~&HE8CIb}%d!GN z4>7s%QE$D|o+7^^J8SpjN&_3!&`b&P$l=yJhYSZd*P?=@>iodtLrKR`cGx><*`CK_ zC!p#Ir@;q;Um!en^z#1W8_11&Kcm^~GB&29ZuFaXksh7DWD#1#(t@Nfs=}e1AplLX zTx7if9gm8%f9`vEsQWUUYci}5I&?KtIbLS_#Lh#yTC}nyX5DAFA=z*tCv*L>&UmG! zkHX0N2WyCJQ1;#X){#ilgTGLuaAfl_dMRRSH;4R9BUt=%^a@t@iKp83p#1Pok0{3rU;A1I-k4S@5=h^ z!mo~JEd|YlOxxmHl6{Zv6D8moyjJJ&8Y`-xvD$*VDop>pv}-5CEu@$Op>a2~oJM$} z`BL9$=&Y9@|nIljq3>*PYF*^xT}dXRva66G~mFM40<#YySnfg zxY$eut;pk?Bo43U0*FJOfPyvOS+OWTx%`BvSqtty-5gGLYEf=-a(Ws#%V=?WT>~=xaYo^&6A=C|P!nTda3KvpjNaWe2D; z6y+yh9mt`l;tB76ZTI@HSH5@Cz>$1022c2nEBd3Yl9lD0ZIJaLU2jj{rN@mN=6<@e z1AT3JJS=~-46BobZYDH2Wffm)k3~f~_}pG=JHbRA-NzSFw7eE!k>(P!Lv;Ik*x?f1 z#kgx%8pK$<_g~ouX<fw)*aC3hfNHYnw#2C~<4o?iWRwVC3v5OL)3dt=wM{fi4aOj9o z(LhP&`dH}1pK!OT5@EYBlLqR|Y+i$flWzpB+?pAol{lAKG3$E$<$nIprbgXbA8eU$ zrJ<}O4h7}*o;tQ+lUuF@ok#mNGZNTEvHG_ghgxG!VFVoD)&F)pumQ%t8z&k(uF~ec zD&-{YRPA$0HLYmp+r9c>vu6Tajv|fq{=m8Q4D_&dC8np~;_v zC)#rwST1gHG=tn$TISmHBv|30_BRK9_tW9R21PJ1yQs;j%H=Azs@A&$Lzr<#XY4Dc zE$6TRQS%mV3*^(H5|pVZ2l8sMH61WL9$^wEQobo8CUFA%UJ>OJgkNDzWi_!ACQKf2 zS%@&BTA&n$zbiM{W!QC8rEfg5;+91GyaTq)b8o#jwlQw!d7#82=%gIDG#hT3%muhMGv)`di6^s!xuGxB*|nZ8O?QVt~SO|u1a1u zyS@PvQ&Yt#{xpci#@Ktaf+L#OK#2ZHg5f!iuGr7tADx!W?3-0W$cBylFl0g~c!kIj zbDv?Tk5W!;sIRkJFahI!%oyI^?`*RvJYu-?1We6cIx|viN?dV3`D8pasba>H6Jvq$ zeFN=^nBdGtHq(J19dm;?>nI-!hSJ^~Zj;F;0R0CX!@oMVFXtRF$Zi>7WzpwCB6JHU z=10t-2_On9_{%;H6iLPMvYHQOOGqwCfXu()Qsyh#$BHe<1*@9*dGiJQ52yupr^L<` z!Su$QjZzngW(v8+%bnMP-?B}`!7(B&Nu!w^NrKkNtTXNsB#&^c<%z2Yx#E*FnpsnP z89NhY=x=MNtnQ_TnVFW78%*th&0;#ih{hULmNT)xVJaM>A{uUTr?A2~1;Irn=uftT zS6az(@OwEN+Ez8YLKU5+&5`;=D|jfB3p#j)b#sdJP5;X38|Z*=@3Aj zl-MVc$Q$0>#IZ*B`%m7HXLRc`k^~8i4*>N}!8=vr896uP@xod=aV}|oM{a&qr?u)i zQu>z8V=hBg+(mu0Q9WG4YPTN)5j9B5Jk$(*e-sad#gnqa&Wz2dDpvoyZxgG!xEki)S~O9$d5`P=30D!5B={ zsuISGE>%1@oOega7DeL3gH@BZ>bB;;#sXY<3_q}4JA&0AWFRtyYyk*3mp&pbkwl)5 z3}e3~u+o4g^pIfvZnWqg6M5uoVQR-VMb)YB&u_bWA8d7!LAj@xTb9wgD9sDxY5k#UWW6a{37gNNX`H;YazPz*isi~(i;`?mIqaU1gE#TR(5aFDCg z-FLT)xLiMrzTPp>bXVg?qO_fRp!2AA!Cx)9OYO!78?vgenq0c1X{MH}iIpc};RmH# zCXOWSu?%!`iN#2rxw}r7O-Oj#?RdWBAVCWxfsQmi85@o~QbLlaP<3y>+^D_f!zXL% zc<7RMy9x73?|$X`0ofJDMgPUET}^|nhk_SgvO^sngj7*`nFUfv~U9TLY`+U z(%1>ei3Toijk$C42mIjA2wv98zruLH8I?bKMs9yrj=(LMWg0L}~d+dDp- z0PG7Yimde~o&FRfd@QeYF3#eiwY=FE!5-IKFzkp=3s}4YHiFj&*oTPtjLOWUTba<-U(^u?}#amH92Jy0FsBC9F z^Z63~@Wyi7bqkQM+zq`!K4?Nl*a{6bStrXs2cF>XdCUJz8#?I4Bqfpq5__|+((Blv zWRD_-eQQyjg`5t<7omrT#RgJ**-9d^Y5<-gN4!+vpEAa z(2)&~2Y4^Ky8;&S`HNgyU1(c{64~l#!R-8fj?n+iLXn351f)I#@tFHn$&rzUOSYom z6X=`R`R~bvPZf}4r9JxhZqtw7ULDH*RRxqh?Q*%7%m$76k>FF9*cwhj=O&L~CP`Mn zU)BbAsr7Kqa6^uE?op0$?b%X?P8KSNzz_zGNnRA|j<7>wEeL0+7XqS`0jRWUO)zCOqoouxX>0SpjEGK)DtKuD|t;=N0v zxVx$@v7F!N3jz&!BoO73Wt;=wG^;B#pMs5N}UPVts2-)%R#_D N1zA-Y;BI{L{{e+~Yq9_U literal 0 HcmV?d00001 diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/baseapp_state-deliver_tx.png b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/baseapp_state-deliver_tx.png new file mode 100644 index 0000000000000000000000000000000000000000..f0a54b4ec34bbe282ed6eff81369428d02dec095 GIT binary patch literal 59007 zcmeFZbyU>f_b;sE00J|lbcujcN_P$2pfI!uf=Eg?0z)?_2oj1Qpma#rAP7vz}ltaaD(*S*Vs)R{T&eRiF_U;B055n39Gg!t6>*REY7R91rPT)T$J zdF|TuFbEF#ADwR_sn@PCUQ>q4Jn%H#$iRL1Kz=BcAi?fhJ7ktE`zCMpV?DKeI85rE zDl~$G3_BuGh721H<$Zfo=4B}(ek5dxQ{lmv@No8 z)FqYAmMHtPG?O?LqN)>bQw|M}kdC95xP7tTFXbj^H&%M)f3{iu?%9uztSYbWR8{;W z!B~Yqnyz!BX}UaJkCD1McZncjRVm~!sXHiqCl@BDzMN?&<^zM8cbQJA?h8Z0OMkoY z!x87L2KAQQ7~qHXzK3f+;;NnwWRFRnZRpySG#-63ev)hO7KW&G&b>I_?>D-wkzP}4 zT7AT3lGXKgQp>6W_{%iJ(Zmed&X8WEYQ_A$%68P?Y^#2IoXhAl zr*4DiZqEZ9!w{mt7#g7o^v+GIp8YsSiw4QSAQ3JF5@C(-lN9Ddq2{}|UNDLPrxEVd zkd|aFBb6I8f*ZYU#8T(4UHTm|9cLXM#y2R+GE;H|5dc!gKxQX*I~((a)pGbP_+0Iq<@J|1*v>GFuwr|-n%hY zW>MSoUCGdr0E0y__S|Q6FxPDhtQj(%U2&i$0mLr&`rvLT?RD_z8|D%3WN`~ZHH{8H{Cc3bS9$CLf@ z_=B|{wsR-TSplcJUm3Fg`uWcckC`$`Q_s0yGQl_*83HP*120(^QHjnpp?Uyg=@ks;=Bxf@F3Fc#2!anyYyBu9RPvDEj(nMT6de82eqKXdD{`I^r03vMTZkVe=Pmp0al05vJ@|dT9pj_IC@T7`fZJ zJ-nPQmV?tMpFNjImjdcPvB;s4ZINSqh|IO_&lG(8C4BQmF1OWKsk!@J7uz!4Z-#(# z^I6~h7&@1pdw~KyCC!)5M$G~w1W0S|6VZtdPkgqw72EC+`?#oRe#qUkpA~RfYvOnK z<7nxPX&55cC5tpSg4Y5r!{Q`7cDKhw3D$=>Vw4bQ#8uz?BKhb+9 z8?qS4{)Lp8Gvu0PoG2C?;R?NfJusz*lf2z`y>}yG&xGFY4l41|f(e!AA6+H4#29}E z6_ivDLf7bxp#2T&UnuJy~AJ{yh4Gu=Z8CUvd_0ycwRX8h0W@9J@SZef1;IjpN$ zHKZZd>wUas@3UEz!evnYg<8<=DKPhEjSNxp6=^cPZIpPNMwZ`EYKH5eGDU44*s#66 ziQB8j-3}VBiN|fBgnCWBUhiXbKuE`yHk__~YEsOABk)}h4z#c^TF;_b_920bFvg<0 z;}x`Y=H~i3ZQ-Sbq~^*qkS<9eJm=%ItX@b?V(D<9!BCpe)fM~wRoz#2^#vVVM9+8H zfMuVIH2QeFxn~g?rM5F`J6bGI{Gh|DX)ct8c8*HQzk!gNzq4`f>S)q&v*~QhMT!Se z+7f=P(71MRCg93X=y*s|s_Jlk)F?~RukiUoM=ax#bWN zo>JMGdCrAwB_P~qfi${%RY2!>(FTo5}UOs-TD_cJT@oX#NIdlo{!>IK{b0!+6yTcV@P8U`d6K8<*5<`#zXi?-*8!?*%^C3n$(~ zvHkRYyY{_bf+quEn|1DVg?23j>hcI3xAQ6uL3C83Cf%~}2P}4ew)PEt<=7f6$#Thl z{y>>k^!LwToAYJ*xfrRws+7co)Af@2@aug%SV39O_aZ8J;{*^%Sp{t`rlhYqy)Jko zve(ICVtI|Z?AebyEFlq3H5VDZ<;YgXEaIw~FHgJcTvzAQ*GGzs9EFITk)#Y4K8}OH zt2bzUAu6f&pBQUP=0x%f=@e^7UAP)Gc$TTM%1NdBq@M`bjx4Sb+C+sBFGhvqEC$M~ z8H0+%WD(WIb^lfD3VuJdELGgAJjz#^TOpQqb@4jOl26Tj9+H4XR_Cg(^gcC^Q3LCY zDmg<2PZDjPU$69yha;>zqNx^`xqWe%yjR|ZrC-diKFn2_<2fcV?+R_!S^c4nWNrNY z%q;+|;B-f;E3*VDR*UZ}oLgMxF)SNR%9@5Tq|XfB*p`&0v1P3(eH$!kstjFDcZiZa zpGtVmNDND6G*T?bCJcN4qe%Cr)f$W!be!2>z7r>PS>y6JqO|9YP=DiG9DUBiUA9mkNT4}+QMw~yV|Y9p&>VH2H#~dFd%Z}E z>@cagecP*#22=>6L|?GNvK|z#KnQ(EGt8wkGriXerYbp^sp2Cis%#zeh>66TgG;4z zn7a_-zKq)NC*gZ|CCsHp?SG4V_k_VE5iwe=OA^|rCNgWX8^f4>TM>a`2bZX7FHrFr`H;- zD=HBWM-CU3tX7tDu!9-+fFyZ^9d5~wE)+Zp)Z+1GT3jl~V0bgX_d{pvQ}0Zehi=60 z$*bsOBSR_+X8q54k7fe`^tB{y25&9DNHUba)j<=FA5N}KosE}M@cj8T0hR>JAb1_s zo@_C57hz8HGNWW>60tes^cpBgJz{-tU5~oWnK=WOouAXqhT|zd$lrW-6ynO8t?MxWJ;(`*0$5v({G zZJyY0m+oq)N~3fpsA&hVg4U^zhg zCd`vlWt{AF^SF%4jKU!V`b<8nPkxfbl}bYwR^=@}l*%DJmCdiJx)gyR>w5BrGd%NA6L<@fk^mNtlV%`T#)1XMrECD zUOnX;#lkgpDxcB0Sv|XTuxVq#clD+;xJM2~0+mSA z_ms?Y8WILrnRVgzj3GI%Wxh8^a&D-r6a1FbSQwWe4>LuwlCxVKQ!{gp+h3^-fPW&B z|7SHM=3`8ywR1hrF_oVok&nEoQRWc;!~+=rR7$$-a=CZaTlNVVwY2@t}vDTdEL4utpTVyU{^ zK^wKyFY4S|6}gJr$s9(S1lRGS5)F60@k7fc@L!ThfrQNE8f$W7)pm3*R&Vv{b@GqE{Gmu5Tns*4&y zkuf<+&PzwJm5Xs#BD_tf2`5jCe{^+!S@`w20m zwI5TBI*G(KN-e7+MY62oe-g|Q}QnS zzMTuIIYE~tH4hi+_s+k*xvv%E)!mJI?`XW>z4Bll6u*fUuYN=UdsUr8DV*>^le1+$ z{H!nbv#)z4d6*rh&##d^RgwDLSx>xi4$_3_#UhbY4)@$>#aJIkY1s;%8P0Ei-2X zLfK_cmNC9B=o#Yv*>{|bQY6{MOH*;E&W&52p`8dUd|AXw{quHmec?pZ8~1GP9QF+N z37e5>M>C(()x6DA>&)kbOwV;}^ukGFFx4>?>$>HrJ-apK;LKRUyTQ1`?u0j)c!XQd zHY(!KsEYe{8C;RP6n2bW>eRMLKWh0ze0d9%y56C88O3W*dP`;rS62nFW6oYgcHy{KF zJV&w=nGsK-0FGoQ6em)4@M!xybQH0NZUfcj_S5ua)ok8&(L$JAT5!cdb^R2SYu%Jr z=SP(0UBpa&nGEPom?@`U7le`OHzqe8;a<-8+2zWopX5WNlbPZ<&F6|l5->!E`6Pe; z#5{IXx|T7+#0Di{#uqLG;E{W*Sb;WN-KnoY-k|E)E8CWE7gc27FtbiXxVW@)IQwvs z(WqO%GF3Qc&aajCai29MPris;xz^>~m4IPp(+OX}&77irjy6_ly=gr^qy~7Y&zwNaN!XeN4q0|{LtLJPRvDud29n_iCCFspT(dWMjj3E z*BuquRbn#@a>NqDMRc|S;b#6U^ycQh_bfVu$4mK;iG9aoMB+*;mKy%Qm#dp0s{WAG z{c|WJC-^=1yA{FlGBc-5Sr$aq@X?QKS;m`?TdIg~Y!h3K{MgjmVoVqjYQxOSih*m!-6Jig3U@l^Jd zDz=W&yj4b#zLWe*2s?o`-C(0qNpQ=r>e#%mj?EWVJ{x6WlZmc;nZb}U91b^l@mLg@ zC`6Uhs5Dt9&b8F@j8r~o>X*PgjAAV~9HH$YVf>G`#dyP~y^J2*|g6 zVQ2s@2iqB-U@aekr|?3Ru+86vBA?>GFd;33LQ_ApxrP(9l4R+y<(I+!K1DTfn$!); zYbZ4{+eawjYlsW*2zN609VA4-e~#%G$x7fH!r(Giy=lK@hMPgl#l0DwuQXb0Lic(Y zK3t&tRUQ$~R9>1{oAVNu`XV0Mbpk+3<6iu;2GBmnO2a=0!g?7aFgOGloQR)mh^?kGhZOu!7WF#vL#|)l zDIVI`4zWR%&{u(sT0=oDnkpo>mO%`7#0nxU(V!m?xK7s1ac7??jCLME)OUY?Jo1Ez z9?p{=VlG)=3&mi*3un&1VpNZwAjfHLTRnc}$cP#LUI~Q~A8b%!3I1+3(=fi;VhZ;N zCy`+UP=U4WNa1tKhZ>u7lA~{ZDY1Q8dR$a%$sSzcQMAdt2 zZ%KB%uL@v+Wz!S230iH6!Kwyts>tvAMq#pkIA0=B0gjsfinj^^t}Zo%wsClQ z!-m_-v2&vR*>e`}5o1u;22ktB+J(1x+IS2se~l`Zr<|5cW@h0m+fl;0I&WhAE2r+G zfp;n7f!8-Q+ANaOC#5yuXXpfSMGFsBTH1J{)#v@s+b+#Y^NF11%J8RaDoSp9r_Rvc zop20+o5JTg_%OoV4q&!vx9S{!`Af-?i*RS?_}fgJJ?TcIqG0|2<2RimLxIubwohl_ zrg65fYxPnkB)lv(yG~c2)B4C--;Q1zFNrLOLswy&aX8F#6TnN8T*OVCZJpf|3Hv$) zip+K1E+p+zGil76U2ltO%K)%HP`mR7-j?P@B~l=&@}WEAfv>Feo=?WEGlzHY=oJ|j zvDvdnvy>FC=DdKJuq(NA@;*)|x*t_)`RSK#UNuB@t#nugj~QUhj9Ojl0Ei;u>7~F} zRrtxuH|ZVcFxTPD=ac>Llb(8;3Zf<a9B6r}xec4TgMWTXXoVDlYU#(76lbT$eGuRCIbe!lK&gjHZ2hY6 zku@BgXF<|7hQ?Sr7r3IVTAzqjRUX~gU`$|Y+M3gLo-eFXj^kI^Q)re~k zAH_8ki9y>u>=jdH;GlLJ^8&&3X7r?kV6|sj5y|RePlM=1M?0vZD_iQ^v|-8oK{PLN zF=Y`otkG-k4tU+HcT!al?C`ue0-MLIDlfx*@JTXK`YgT>S{^)z_#w>aJlpWhZIHw4 z<_Lv3Uhu0RE^v~RZYCuRf_lEa5Xctz5Xl--iet6<0-C(vyAk5~*3uC91mLd4ju3r3 zmtehygp~$Y`rFj%f&kt%c~0x~%K0GEn65|NI)dL>Ew4ew*a*oQu7{VR#>_cauCJhU z7if(y5+rLqATEmfHCo)gFD!+~5PwcmHVs!l-J1sv@61^)WHUYI@x*q&keUp20_zw6 z+};jAGw$cRU+d}b1MsGB-GoG>1R%e~VfchppoQ`s{W-9nM1sdCq5Jf=lAOHvS1<(X zA(A-IGAerFYThR~ZASTsb)Fy*8Asx{GPHtSM+Xq$UI6yYn(hLSQvFV;_)jG|| zzQ+{Trlb}Hfc56q;5GmLSN)woa#bnCj;CBQe8sze^zr*ghkX5&V%CHS%Z^j!r{}M| zu?{uI`}8Y_1-P7(U4lR&IFj0jWmq_Ks>rO!j!sY;jcpYwc&Z%ffktXbR=?YG6ui`W zvMMXT0!gK;`)Eh6a=rGKiUWU*TW8sWVn$H3UJlFD|K!Q&quptbSvMPt8S%QBq5MQs zPSTN|sMn>^C zyBuE=0LhM2SZj_tId>(p3i_QMOnJqL?}ejhOMgmA5{362KHH6>35;o)l83{(INCv$ z1214C9eh)XIM3hNEPzoCJ!u?YpD>I5W$zoINdTUalM+K7+zf-L-YlZvOa;x_leofo z1(0d2h^WoSodI+~uB2UOhg*dA0iqhHMwJ!@T-N#{0J9Z|KB&L30vKw|`ZeOY7mv^w zys6hO^1DW#3%Lv{J3&Du3@WhZt0vV}RBPUNwou&d=y-gH^sjHPOym?GIP0TDMnd{{ zN-`OuZnWdAt$7?QSYZMsb!&GNwZ6UNSjeV}p%!p%4)c}1Pr+llL2bm$mOy3sc9qp+ zeN~CL%nQIBwC@;AVpjUW$+p!w^pZoD*6W?jZQB@Hk--F_r62j)ZN04aoD}pc3xo%e zVYo5kZNhK_>S@)ZE>08)r;lX_KRSM0enJTPq-8oj)9y-N*prxZgtNBoM?+Lk?c_bY zbxJ|gXD|X4`z7xU0`V1KeXmS^mW|iA}SQ zl{29Zw#$?e^_1X{t87Plwi8ASuz`b&hefn@SQx*^JhfI07alRBp;XvVItVNaNuIwF z7?|WJIANAn0)eBYzr6F@o#%Fz<-&EGC^%!p57gB}g2~paVt31#1~2Y3SvYbc8GWMT zA4KFsR~el#$`~V^e+J^#<%bKIdatrlwlk8HgNli!+V^=dON&cnzE#XOA+=U;4fr2mura72)O zR`g2^v}2K*D-)oT6HI9Q1XoOd z#gnXnhH1n4?b?)>)HC;D`V)KpIv?COVqQ8uHf?#m)xmKeVIC3vGk$GWQl~FW+$=O{ z#@3u^MAjdsI4AXhN(iTDaoGV3KYs-BDosajJPC3!{rG_6cpP*nOW9oTha)9sj#J6< zfs!oF^jXjSc-?qsmdkRo{c*~rsUI$8o@dH>4}KfFn-EAu*2Z%8DyDFwzaL7SW|rum z+}TMG*SWlpVoC4|;s-~z(g-AvlbI85Y;$tEsVs{6$ArUDLEdorRy9%O)%o%Zas8j; zdPO|d)|vhTroOu(XHS0hkL=YE;ccWHzx2PTpQsqhj22lfQ*_w~U&D4$z~@3>5P(ML zn$Dgsh9*KOrRHEzHN)z?VjM`m@4AIeNk=(|V?t+nQ1{>ddgAW&)j@A_Wr4P=rfe?N z9p07hHk|*-XVB1iU?}^0J)yq6_i7xtpd8Rj#_JMRevzQCTsES@AOBq>4AWLAbITVldhdzz7= zs{J%$3#ov!7!xlG;=2YPEB*G4Yz05siW%)s-l<>fpw~N2(@Wmp5%zJ?B4!aC2pHr) zJKERW*o6h#AM88UKHzoqJzrw>aoOUuow0~7GN>B7eXwm+(wDiUq!Bi$IC(wnLA6=R z)zcw{hS86DQWNq|5iZ{sMD#vPagS7=upV8cWEr(B*-um74LF~nr=1#_@nrhCW;Qv& zy*}3a?IoA>dxyqW4bhU~4Abq$ikVxR<6W^O4<|EIdG8#be5yP6tl_3vmAQ~vdPTo? zC4iM#*j!=^({Ea)_h|w4LaMI>*gEiAErb$|)V5N&51Eh_K0ACrb)TW>bBmQmLqDjB zN;dV(iG3DA435@Zh6*p2&U*@7Iw(?evGqIHOWY6VnKThDYcklLRtKRLALK~y%GsotVawa(+gY8VY zLU@GEy-|a*$F=I2d*Kg1xz`ZZzb|2tuHV#~ncnsvC#RfW_QzPBkC;M>R7+wqk;po`ioH8%?8zy zGTn7!OOM&%Z+$ktAsOR4I`t)*lqvY+Jc;wU7IgloE_da1jia@V)uTm;>d7&$?Xl*7 zt0(sT5;GdYXBhR_Lq$jDNu--$CC!yhqwas(M^Y=<6EVcrmyyn6vrN{R-87^sT4h2$e)?|N9_iv#7ShB`YikI`?#} zA%o6$vFx*Xn|ByYJ7M~0Y$!MC7c0Z-%2lbUXPGYVSe~p5&!Lhs>`bZ0CIT)$JEWLC zV#_r8%H2?2TP0jn$HJax{Jmvs!!_fF_%g;PH*M1Dl4IZgUCoJrPjtzpjc^1>s0wL_ zbRaN32h`463CUW^2UQkj#G837=9nz8`$bOBe=2FD_(DMMqpMAQfs3Zm&NuNlPFL)2 zE;qW5j->*Y6%Z6$X^zc>#^zt?T^gocU2OLu(Dmr1VBkOsgcU@cD+w}_Vot=`jaP=nNQocX|0zt zb=gGPhxkF`!qq}ixT0 ztsbvdm8_c4H(P{sv$UNWo<#c8KP9l(T_>=2jU#gJPZzR#FnYv29d$~wCK?_;+_-f5 z8bf#c{?EGGf>twP+-cWlE)386`w9ah=-khhW0j(PR{bXZ`Xg}y*G3jGs;_1P3d>sU zi_2jm1e;YNd>aFEn05#0LdNPnj(3xd_H~J?cX&REM_`tZZSIi`w+e=xV=-S!Wm!*8rY z^f>yi4L^vAwE4{C99cN=`Zb;Aefh-LT5C@r@7oZv1KbOb z5HBtxfwHCE34>R6aP1Wl{w7s}3E`?dVzZ~mjor_N^H-Hrf^n`Y0M*dF>i+IX?cPUk zL6_6Jv6Y@I6y|dkJk94*o2@l91HVS<-4d;#&|SvUs98PJLr05j3VOq4UFoiNBoNEM-$EEFt61I+m)Ny z_h!V`%+`eLGj<}Bbdjuc7o@2-Z=+CGm|?^W4i{&~{SS)(-w4piARbA2<-s>XI~AfM zB(DI(PjePa#n*9Yw2N~qa_b22kaE}G%kKIW!o2D!M{f`9|H^+K>nwkKp!_b20Q+L< zmI5*5_7blH#(U*OFi4#{zrHPkzhB`721kFxD;Nl1+zM+cTTM;Bo`k?Cp7C9I!>pO= z$=$D64VdP&M`?P34(E_##qDo*4H1nvdA}4avZKymJl+|d?3&^zlndFC+{X_ZsmtLH zv=qQJRYtpr{TIj%w5JIIoLlP_R&oujNk!(Vq7FzH}>y+T+7c)eMi4-)fpAL7fM`>v&BrJ z^1XH)+UI+>GBOOuo>x7qui9hgJf50p{ZYx8ep1=%^*H-5z%uQw(`s z)5CkPl<^8{Hs3eNdG(5jnu!|Y+Ak%C{zv21n`@s++$9WG-po(WxBut_B$%bF-+~tsLR_LCUa(m zCCg&mJlp*aO^&4#n|K#SPhFYqCQIjAFCi$7~jVWsj^^t%r z-=i8(m1yegV{ojxZ?nX{pte<>L}%lpIjce|%D2 zzd@Z+3dQ@T+62cV2>CsH?cIWn8%=F^{|iOy8VJQ+hNmf=SVikd6E!FmE8fs#*$UmD zs*?M{R^pfeShi1HU+=NZ@0_lm^zCrfXp z$y)&>yJFh8o2z&h??NvW%vsZV21w>)jr;U^zbx@h|6;S|CNxb)VZVEK;j7p< z69<&U`y->2H_SdTeFG$R2R|hOBGJ+6p~XQTBCncEDv9sJga3tZ=tB#JgdyiCu&iv;`O z-?Z!Qs#5hogK&;k^BBfo>5oL9)F-J6^0_g44(HvK~2qV*p4v-=yXwOdroJi$h0wI*3f zTNVrzN&O|unSN)vB7!@o-7f7P;;&xruRBs=N2uYk7*;rJHjfm{tQNCpuJlA{N+sWA zOL!?0_iIcN1W6sgX!qsl=crFq1{G`i>srfXw&OnGbZ&c8wf(cZJyBa2f!rRNrI^IC z-kP=oc|`XXsiq43()M}02xYswYVnBQXV8--p`tTf)^C6O z>&V7PQGsIT_-Q(IZI#$bhQPK9n*Q-EfWA+hNRp6x;jnEtO?1yOn+U*jLZ+7A1)2ar z{%7`|wOzk0Y0(#iO|X&f(sxg^Z{d7svCLz8rmw*IJ2}1c_qQ^bqal}hS^mxm>8X6y zqK~z5Rmjm`O4OdGjcI(0|HWyofD&CWyW7^(cu^S9xmpecCF@Pus2A@toUaWA+Ib@7 zGAcLyj2U$SO{-|yebV0j8%JKvMfgYFaC~`5Ts%1`X5LOg%T6eOv<@OVlHq>&4G z*eJb|kZPxa;5v*t{T6Qc%*g!Cwsnr`}r1!mekRh#U_~1mUElb2@hU30PNh@PbY7S zks@fGz(70!cTLNWZ0Ow2LfISP&eEog^xF;lv8pG`Pog^e*s^@*J0aSXgH>oIuaGr> zf!zVGa3V)J$vDg>t`y1<_??%L^IYw#cU);aiC%@3`X5%LOLu2l8sJ5X>c|CfD3J#% z5idrNiEP(yH=Xt6#>fD)b=+H90T5J;B?uR>=7YE5DYEbF9t1%{?88fuy^mXy^pUI~ zf^#aGIxUQ3x!LKFmYh<0tPE*pd4#aphwkjOMn^WA6M-0R`H8 zzQiQKsNL-_@tFRl)2?&~D35ucS;R~UyQgYh?7=k^=YAhJ#-3b;$^oLr>76RM1y?vB z9Cr^Tm8+Wa831eJfRaI#RH~LKJ`T%LLg@e!pm8F`I7qEj6j1hU3VtOD7*pg91DbI6 zd8wB*k+g`xG7^CH#haJA&z><4jWfH+@pPJug+f%vI4Q)v05EQy6rBRP9j@C%wC1am z9_vLqU9tB4*lUiu;O1#IATXETOuc{Yhu;iyOkBBYR+Lkp;VXMgFfg_cOZKV;Ou_7BXcc@mK;fR{X4K%URg&8j@ z#gI~!hgsa5hMCj60xR8GjVc| zOGo9B14v-Fb$yy7ltt>vH!^+rq&k2lo0#BWuMNM8ufwiwS!H_|h2fLQ za$n}T_&@^SIMuoqAduK!vs~{f;bN_Vize0JT27rr!Ta68AvEm2Cd=LsCM;c;&$bKn zuoQ6eD`h&yYB;Y{XwNf&wv)_RN3M<9bQn27;jeJHUeY`RqZ?7Y-HDSxw=JU6_))KD z?ckG9bur65czR9#i^u0mD2&y}Jj(XpaL4>I<)x9zVFQtqS8zn)S2az$IKW2GK>o!> z*n10Ho890+6aWs$_bxZUSUQg|Aj_xgiyGX*04rK#B%;Vm4-NsEOPurLL2%_ zwV@wOMV6R(fHNmtXftw536C`S`5fP<;&EB(d470rctA@Z)yzZzw^3qXIhENYz`Fie z`oU6m6n8n``j1Lz21>ew`%AxMR5yodH8M)xxHC3D?%Mr+U4GM`dpC2C|79WMupt6_Yl41TE*dp`E zWep1EhuBu_jg((Td7w!X7`15T z445sj6b2fI-azJpP4NKAM?HlAIkhaK8sz(H7r?68$0ek8)p)&_T-XYJ%!)Yb#J52Y zVXe@bL61@pm=&%!A>Dv0=sWow+@?TZog(YJa>VU;O>)Z#q6SL+ZczPwUk3B7n>U5$ zZfQM*LKYb$r%5Q%_H`L$K&y&nBOGzQ&n(A5VKQylin* zhhaR20Rf-N18&rDWlyLSRM(?R1;7)FSUG%}ZWWpx~bi4mp4IJW1bL}Z0#Fj+#sd#T`XF)X`p&-iHp zKA7XPshTpSsJI&2Pm8eE_n&;L;{lgXj+o>^r;^Wyyk#N(CCZ#dUjGrMy>%s}Y691I z7nCWDPCfU&4u9Bv7Yc;5U;9xuUU7H z0Ha{EiG+5NVS$O2M73-PzI8RY*XRjwqxKAX+gGqwoWNGV^*LtQ=+e?sawAmNb6;4K4@Sg2}3fQ^+ezs+g8Y z^1B;gmik#a>9#%kqS2)L#@KUNg}a=;d=;gU?H-*~fQxI`2i7)x)H@;niiCoB=onn4 z8w8VDBY*>4O*aBcXFEtv&%lMz8wofh0@08{lll>G^U+EQESOyWq`R2o;m6?~aLdkw zM#1Ek%MM_D;5EhE*N_FC`uYLdC#*KJMKziD{lFy~l@xaEd0{@WI`p;EP%Z2TT5hal z%DZ|S@7>l%8l|4kf2o=yF&PXc1c|!TfD>~O1WFX_*P{>EBZVdpmN{(IdD=r>K%p3| zXqJhmV3%hEIw~IjZJmcIh>47|7(x&MCf!B_;G{`;}YDAoR?ZkZFsMP zx<6hwsE*bF^gj4p)`~X*aB>+LQQ7YkRIpq#bs|2D{E-6^D2t9T_TLAkP{<7oXI@N; z$Y>~hnS-T=o%PS-Qv-p9t;VzsA=gD-i((eQr8&$C;JUVWX#FCk-=UFNGGA{51Pce~ zy5+TO(0@b+Uq-UNdisouNy`;2Io;8O!C!^}ODnMe&D&t+u$5i0hW1W zS-}3sG6djr^RkzVWEfsxXW68Q|7S_gyYV|QHN)P@ueWekFhQy7r*)`*GYb)BPoaM3 zLa=|ZE4}Mw)JnQfKvdAKzK+gcT9+OH)FqM|LwC)@Z@NP&$h=wTt=5&@(Wd(2GmP9o zsiL&9jC{auT{py32>$aCK7e59@R;JM&}U^RU2e#~P6n3jp*My%SCT z{dss4@GoAXFdbBoc^I!M6N==&2n>!~Yp{keScA&pQ32aO`!Iq5f}Rlgyu5@qfgD1lEB4VJ$dyj^Ft6ai7+I`53JBBI~-y zo9jYakS{}2_<;$xz-aOBwd2JxKzPO(h-PZ3AVjr#iv{En<=r!bdJqngWV3&`0RNZ* z#9N}khvaN3G(S0%2C?>6%)Eeh>Vcpv|FJhHHiR|25MaUe8(jAP zsK$~ID9*s*8AsY2+68I?b2Ic(FY*4yJE_$F;!iO=@2 z6%Ur0RRpOWP*spUgYrL?mxho*fy3cLjPdD>Y^`W|H_Z5ax_bKVRSa6`4fd$yKJw#A zFhR?o(wJNHkNkz`f?`F@?^EjGq=J?>$B6yebbL0cs#qBMHc33S#^XPy&7UAaXB(YL zHslJv_A4b6$%)H=O5SuE64>x{A*;bZ%7O$U(agx3A1l?Oqs!Ur0I*bH1z2^3_o~SL zIe_BPa*#DPHnI~SD(@h+nD<@O#UQK|w2hLC8Gf7)jN znLC67zFyhxt-61o31tZUE}RHW?#C5K;gSn&F_&Pt52G-PzKxnE=$U~3yW$QFND0lb z{_+br!k4cG66L66%kqym$+l<$)11S_2*7Q}-CjW6Xp$+4`76z!k6$TtQYYQyoKi)$ z3xT8eH%^t{UuO>5Abk^+(qM8QgRva8yz&#+iXor842k;NWB5K7kzog7cYPR7@!BJCl0Zqvt2`_Wa z{A>vOMW!kIe%G?xGiN|w8`C2C@ZT;pSE~Co7raBF*VUQVFIe=hppFVc@3p~S(xcF| zi|_`SA%{G0qm2JuH*(Xn%XwK^$XoG}41FFTF+u8Z8sn(c0q=~k68&3$u9@Yi9&j9^ zYcF(dhBD9lt^(ds@n&`L(J2mkiT#)4R>_Iz!z$1T91$c$Vj+4e;MZzwxI;qu6^~hR zkxxQWb92y!Vx$Eb1lgwX?iF~agwPN$)c;--0aK{pb>s7?Dx+OQS{Mo;H^;-xNxV-T z_@m7Txs)C<<_+!y3YuP%9|aAY_N~M}QW(MFS*UJwcZ)#&Ju)f9$K5i6tVxw`p^e&U zh)&by-XgfIrE;%xzf<8?90sw~gG2p)@ePpCDh_Ye|LcrUN_6!>^xsthSR}Ob z26)E(wpf_~S?$@k2wCU93(W{{nnOGP77cya|9=v#Pj|BNm_ej6>s1Z!;wm%=mn%aK+ zQ7;@gJ}&U9#=*~id0xz5m4vm>df`-XCzaNy+CSKSs$qPlUc%?%kjGlWHfFgw?@Hfl zbW~;n#3z&&>p)TX5l(`z?AsUMA&Z#C8XA36pv$JJm@A%)Eex2=!9bxR|T<6v{`7hu9y1B(|`FxuK+mrZT-+4k+c@5Nbn+AZ-qhG(RGy9&y=Jj zmql=oZ`&TcUZlvnPtqX@qH0&_E_Nym_){iZVYw>Fl~R<=W;IDvdwDLP+i;MH-~lV$ zMmzV7yLVVQ|ELwLMVidFHd@jg&%w;O8yJZ`HOtA_V9C5!1}`^2Jb+j3fWoab=il0< zz0?%!XBWH^BS2`61(w_pS4;Us+Z7OOdIF%VXy-` z0X6liz^Hl)q>l&&`)tk&g_zHhbd%O@n~`C!!T)8^_5KOt90Cx=u1s&H>Hysuu>EIX z;NSMI?ZE3i^3v1O9fcfcj4uFUcFIS6M;@_vc?w>R)M|LVVR1~j;RqV)&eQEQi0TN# z_3P+}x`tNY3)rn7sM2+?n@Q<(@Y_Dx4(+Ykh0Uw0dYE1!uQHp{DkBH92zFNAP77dID?`j z@GIsa;8&Pf%&$3+5CRC;fFVX$wDWvI)~@S$$z`yW8wm9{Vd|)a!AUg4FxhmdUJgq` z25^0qWZ>CtR8-3j01>kupgToa97XQ+pPR=X*FFK?uKJR9QdtML{C1CMFTU4D(MF;Ifq< z2j*{yB0i?Fw+Wki^be^W7#lI@+4z76Y!@a3(Q}jT+#W z!2VKCu>vPlnZ_(&gR6iqaW)ZvJI377_C3|UBI2M&v7?g(uU)BrtUVMm&T2@G>h0}a zZ33>mN zJKnEt1Zvb^ZucJEm(@?cJ9xn*54y!z^t44#|D7lhWt4fXOBT@R_bmu8ClPUn?;Y#%tccnMwbxn z%WHSv>VfD#d!ql!jW&Uqrvq6!-1RBq+cCihDjt<$cd#rGNvjjjLfrpp~aqN{) zb%u06lUjmIq)iZ)Q~|7zV?dGpbn26LE!YLXFaN9w7yXcbdS^CM81=^IET+cgoOC@< zOKE-lAtA3?WC9h_+b1=`gPB>QGu6Mw!dsXtFS^SP#Fgs zvg==6LqI&!*j3S^r!!tk^RTx0Bf6UdK^f{um*(T8+kNR`N*^q1U0|Yb5KI<2;2B@x zmGs$}4OVa-zvHy>HP6)_1d9;2tN(BRtdmPlnf&5X5^xzhBWhk*cn)}ztDkHKMtLK0LJ}vxl$3Hi3Ht4He4^?} z4~P}AJ^Bh12Ts8KmI$yuVe`3k@rwPyk-`VouRYP=glN++=f4@1g}+4q?}5d#mhCxW zt`n9c|6fb?H?+k_qRAep?pr@jH~A|?X@D-{)=)5TKAcGnKX0T1>v()FT{3pdwdv12 zb}3sdHJ9?})hV!Io|2V^rO-z{Or}c*$LF(n{N&dWmuJ(H*KPuE^tnx+Bttqd&1Rdv zF)LzrY257^Ms+-p{;#J@(U=`n+CKB|jJ>*?$SSiWN0)A&WHe(1b_d#tXXc2n*oenQ zaZF+xAbGDA5VQ?`={|hI*hfy(U(_e+-0Z|nS4SG|z8`&yB455Q+K>I6Zt3D%4qm5{ z(jh~|p=|I5Y4RY5^{Fo-&fWpHm6A190I?x!2_e3ExoAH$pY%YdIo-A zE9d-hV(8kvvO3OU4PN-wM77?L_m+-LN*}BA^XJK58(>Myld|39aK+p2@aFfUYxg_rQ^Jz|y z#UxR>0roO|?B2UBItYDgmwdq~FVkX<56C4qlKx93 z(3XyDA#$mzw4$h0a5dY2hWPmJ-^J1A8`4o8|KUoDF)hIGvvC<$P<{zl8GZ#t zN-j(!MT6(DWp+{Buy#Ik-p@ zho9@%J`aGO6>@|sO#8G0<$k9*3@#E?qfSXWFa}Se_bb)ET!_FLG`x^Iu)qtw*X9mh zp1|**ins=Nb(0u3kaA}350c(CV}!EtARVB$eASG|>1QQK5bU}!cOYLZSne{_uw}6a zOvz(nwUf4&4mgcsuyeXbtkTL{=B)vHI>xi?&YKk8bviu`)W*bnYo*sRjwbK>Nl1vS z?RqH%!I@;;|7g2mUEB$T!kAfhO$fcw(Ui`xP<&smwpLmIbkkukEKp8^Ew7~PHu`0T zK1Ol*^^`M5?t=Y+eYsk4S&ho?L~H>timt%&Z3)l?g}sU+uq#MzKpjND`Ak9XFn%Gg zf;n`vT$@pNlQf?pB2e}f%G77a2wTdbGJb+<-`hcbRjW=Po%WHI2)s~mvr(?oHO z*dGKB>b}%Vf!MX$&N$|Y zOgX2Gx9{FdPuDRqMfqsk0>2XYug{k;VC7m-H1AuTzZV;GW)wL705O%RjEB>z;0=2F z;!B8;=$;vuf9N+*CjfHD%ZNhAReE{vGRckqPhqM_-w~YYajL9}2S`mrf+)=m;Mu6pIs_CB%v9CTix(Qbhic+9kWKO0Y<4h}`#!Q zyb>~}{TctQ`jWUip)$m=Mn)iJN(6K`zwFkQoi}UK z!>y{bjn+(?;PdLsAc)>b1`{l~<`*AuWmX>4fk~f0Wie%WGQjeFpu zD6Q>f5=tgTUmq^`u}ZD3-!lDkBpIiop4GTni3w+|f+Ap92O_ChE3FGJPxhEMzf_JU z7Y4OK4BzCL(stwb^Vbg^Lbs5At7xkkR(fVX=`C)8lnf8Aqo=(fnvhMyV-R-h~B zJc^YRb_eYiHS!SiKpXY+GVe`^d-O6s!fTXArh|GI_v^UJ1f&+qkIV-YY+t50Ietcd zc9du)8fBRH%DxF=l!mHBy%r}me}Koo)@%e$%!GG08w1S_yZidHvOYF--YCkoFapPR z03C$!vX&<0eLe(CT8hFpy@A<)0+N{}m@vUUdZ)3+2ZvH{IG^x9-HzwuBsjkDylvZ7 zZqw8zCL;?YLiui1|C$_!lHn|Rv_U*TQF-vZbeQD;g?NqG1^x^F!tFuQX*?w<5H%7lTHFd9cpj06&~7#zMD{(xua%!rk1l>KxWZP*)0qZrcjrG?IsJDR8N z4CL%=op>MCgMda(jRj2RM%OScY>B#O3bBl{18QaO)jLV;Kunb2GMDfd2hMkzBhmMD zFdP5N#DD=ZKHTz4o1n3BBQ~Cf**mEl$fIyMl#B~)Phd;16rg5X-fcv3*u0V-hr4))@ZPf0TSJPT9L=gdY`Jn7 z_cC?FIQcDJrk|Ba$Yp!czvT;sJ;6Vpla7g;K>XdeKrr++34V6nkX%$ba;#bNA><2) zT@e=nX>Y5b!BS?@E&$NOw`&)@fZgOku_D|HF{-{=HU+xW%N`3je{9k15|b`9C=&>1 z7`kjGKpj#UPOCbKSW!Gzw9-bQ--65-=e388bgb3Aadg+Hw(#1;>Rhb1;LrVJ&0Iz{!7Aag%58`7LsB@wMq%P6Per2uIT8+!G7();EG4u zR4vI0ONz@YHy8%BmBb4w600Ol#&}B^M;9<9S(Dupf z6QN}54~2RN{)m3VlGqY-DemA@1{tKa=d))J`@__&R)WZ(Nk5DHV%0=``F@1O$+UhdDR>IVDg-`BL)nIBVL`k&IJE;Sy;NVGeMirvPw z_Ap9tn0#oCIKd*Z5ehAe{!|>!u|+C+(kEAT1xGQY$5f7K!jQo~4?xJ}ln2g^Lvs4c z{>TJo3uZuL!u^s&n}#F6EHk<#$?UhacngQb9-WvgICF+x!p-M<*bC!ofBI4nnJ$+r z`030?YxPb1S*ZX%_hk>=5td{#CZo?Q(TuJOyaI(mq3kSBH_e+HWECBGgF{>aTp9G8 zL(>ypIK5}avI6efDfH1g2gkcXkykXz^h5VZ7q7C@k;DkX9}X;Q%RQF8!B148REbyn zj9H@7i+*)f#yl0>6(%bI;pP`;nB^X3Hb6$7smt<8{(9hFeyWgMq`ld>KbjfM8@^3! zA0>DB6u46~u!B`}BB&%TefzQ*Ev5?2RiEkEemd5;kD?#~gxkO4H0XDAFlxOYwh3#a z$NeK=uCHR{5au@^pc5XJNlQ)r?z6u%@LBfRDB6_Z_tB=*C6r6Es0)Kz4ruxr)w)d8 zV9t6vyE6nhOL(v(Q7l3)YiG21&{VuI?K?b@+KN2X+DbG)P_r2wqsLPk70oZbxVwN} z2%x*m`#aKuc_hYT1^w9P)6FJI6Om-#X!E3oQcA>zCiIZ*@;YC$nAR6ke1MJk!{fQK zpp!DsdAKrv0fb|_yhU&zztdrpcOG9fd!e5?@12Y#xnaA?95^6%qH$JA9>!?)A#A_z z3QMkwhX1BS{d3 zhRbR~WJLUviNjB5Irbm7rIa@1li%WBHCPPT&*Ixm%)A=S=pOd_GNWwGHb3}gpCEta zxab<1C$W$w#V^tt|4uI(_FZ-%@bmm;&i$v38W-IFPJ;dz-hXb^HXQCGUv6QKeYDh{ z5m@_d%-tUJDq7#Z0UP)0W+tVzYi*TR8TPi`@Xb0a(1Ibj})_hYF`HbzcKRAX9cu1$O4i=7e4%0>{>>108IQ_ugDl@qgVfjhFldqf> z;bzNFK{j}8U!OAn0XE+UtPXWeULnQ0f5$_?IBQ-59A6KU7eA~k7*j0%X+zqZ2~U>* zXEFQGZqcK4PT3K=EWD%V8cj*u`>A43=>v}8AZ$mMCK1|s-BFvE7O@D`^BGN)6Bk$&#Kj|2DKsV&@c_(p)|8Wfm(osU zlp0jH-hHBS9TRiK)NGs0ZOPP9+k%zs>BuI${y35P4_ zAM>V!hI4=U*45hmL4w7#g@9Ficn15J&5Z{ zc8qzbzE|p+M?+8q&10(~SIVG#GRuqZh!)SVbH=LJX4!hKAs z*ED$86f3ox(3wqX{Q7JndXv*q1j_IJPYa+!Od`akqmnRszO|x%cN_0P3yo1CxavFN5y>T_e ztV=an1OXV#Y)k$M=)$44}xe&Z5RL#r*ImxUO>JJX$mmf2TyF*~?pWWvL|E0c$k zQ|n`7-BOkM$|K`FSUY{cdzD#RF+J2>L}j1rtA*?HcrS)*sPnL{bjf_f=m*<54-#PjU}@vH z?Q>E^>j{U31L<4AACo&DdY1RvxT84hzs|7t(70(HKKAAFbPRgC@q3fgRmEfWx!r61 zvW0W5CjEB@OZ2EBCbAUb`b8y8Mv6w2wv?BuyN3pcR$Z?@q~Y)In*a4oqrc}vRTW4w z1Nj0}hKbWpO0pW{08aQ;G7LbNy6>)L^=FtMV`;|v$1@s8VGwN@S+lq+CbCcLpo5L? zlT0?>kJYl>_e`DFJ%~tCg;`9;Kh=o`RhOyd?7yR#tm8l_?h2W`9>1PDU<+C1mu6qLI8A!PI1xJ#96}W$^0`?J!^v$QsMxFmd56T9IEU~;d)U$knRxu#~bDYIY!ar-NZ?2 z0FPGaAO#FWQF(P28&yNoEcei`-%O}pV$qY5a7bJ*(n;t)AOsHJeh+c1I*4CqYLf&_eYYvmiQ@7_3{=_&tp3DZEBE6nI1 zBR?C&j{IQydZEeV2`R+k`$5Ze1Umho`(Vxk-`Ys|sn(jd*f>y9$1?rHZ)S^NBQ69E znxdO|<6eiL#S1=t@%P#TQM5mG51Gkdb27YmNg94YFt_%=uLtcZ5z+H)G1SR_RmN;o z<0ix5uHQ_DrNrfxV=%1usTXoF1$VELMeI%%x@As zB^eK|56i?*Fyb`7Gvkn^xgB{6H zyL9>pR0hb?j{$AGkLY)G5MwACSA0Jwmw}1nS!~McPC}I~ky7UJoT8bsQGu?X*w>ZB zX4nBTB=>7>B0@I%9oX2`xlAys`C?@TIW!G6-(zqWFlD25<$MC!SbcIgm`tqneKu3Q|T#B_SnE>G`1+G+q;^+iEvR}<%MCV4x)CVxer0?H} z_QId9T;?V@@}awS$+X^+BxFa?^pHjV=SeemrE}f6$JIX;6~v~^^_YnzhW-Ay?nLO| z@0BPTkA~%9;l+rSPz+opdXQH^J7i)Q|2c~N*Yci!!@KXL$(WAgwrN?%!r+@4henH* ziGg@adzo7&*zEWXFvQ1tGmRS|xQapE0fCCwj@&T+cYyn8YOE=*WvBix)lf!sVqFg=Q$8gZ;*QtREU_(8F6B|HmnTzT3V2hp{qQ7vOPKq^v>#t9~Q z_(iSQQ7$eRuGtUL*$dMtsW;kXY4ub(az6`KuGrA9$Wch#hDmVS_8N4b_7EUC90E%I zHt+4vcgAs&N5c04i;o5Tv=kSz)SA1Y$3DxG6H(jBj?l0U-(`OWTJAynG7RI;dq83z z+c@{(24+k74FYs|1RNiOl6F6iSz@{wz_K|f@XxLjmr@Q--Div*ZJHht!VuRrYLN2yR{NJ0GV8}?zr3(q(K@FQLsUO=|mns>-HUlDm!#f(DPgdMij*@gBGQ=bk^q#o{{58us!A~}@0mK4by1qY34Wj({9RPOBmZN2x zwKtMdQyKO-G$oZ!cdVlwX*2Kn?fbYv0g8wG&Mq5v(EKmpW-B|)4d4U~`isC{y!Nbf z=fN}Rw>a+$o~4RGgnhdHB=CJrvD$O@uy({T6YcKszP-B6(OLBlB(+_50~Pn|D6A}n zF%#eaN@~GQ#%TtRY9~RF@X~?wX?hI@WHfg0NP!f*I=zZsmI@E>o+o1?go!(d3A=fwX!c0I9oUCH^bt|cR-Fws=5d== z#yy+%(xaVD>8>Pyqn3ny{He2w2rH2J)pxm*5Bbe6w>FCC+cjE+MEopHFGnJ=qtdJL zRHJ2&y#hjc*v5nl*Z0@h;f43&_+ZGG(a<|p$mOI4ShLJ1nVw3v3O-ALcB130%3Pyf zPzlct)O(vmyYNB3(^zE@UknwkP!RX_S*Ox+Vc2dy5iC{}d_7oBz=wso_PA8!Oq7oo z$QR%KxQ^k4auHJ)Bf$&xKNyLn&mHksg+K|=E@qiSaUInv-pJdjj$Ut#YYk4w%A& zSXLTwdje}8JNAsh@b}+N{S#Q}C}3JEQK`D)jC4$9%|8Cd*BDJ`U6TzgWBJjA1XvBAa+&g`e}(Ol2U9f363RqIQ?&l=mE7D;y=^0KATf zN>*4)rpeKh2Z#_qDzvb(N-GE}kj@321|XE{F)umSlf&tb+Ze12n2QioZ6h1={LhgH z6KWTd#%#Rs%e$}YF+t0X%l?C|OXu0%n1yvW z4lxrbRq*lonQSqdwU| z8jI(lt(5FJ(J%fJMoT}XZ$qV51U?1^)tq)?-{rm-)) zN8D*wj|x<7r$#Ik$l7>~J?cs!K=C>dr-T@>EJnIzjr|;ULRDE6k3Qwt zQcV)JP5!H=9P3HDfRSvKqY6Wv=6#fA8i7Y&ak1;j%$3cb9AEOFYyh0vZ6tCdW4D^N zZtX7&3RRk<4lHjsK=Sx8DM;#|qIl9pZg=4%%5;Tipik#RA>$_70sIL(4q>AV!DH*g zT1cK{Xu|=HZ?N)pp!$;|PnrsMWUbg>$>*am8Qar2-IeXeg~P|}_E{L?NvPD*#_m~~ zP~M721=Jh|>i4eqg}(IMmlR0v5`9?k^DjEY{sY@QJ+CAJ6fqr@$Jg~PqD$%1`~Qhi z{(!8}GYRwadE-17m=e2XWUgIXJAL)))owEJYx;Ek@y-4ZavTs!!^XQedITdXP1NPK z?g+0;Z<&v@wUsLq9M&!63PTm+MakkP?xlGLOl7%<%CAh_r;4k}Il>`BZe^M}kk{yu zm*gon0j627hBW1hRLfn8INCs*#^OjDA+OsYt&|3;GX9yqu(mK#co2F2v2Z<9A}r2y z9&%Q+3#Z`glcQki6TmDuXi?D)JtV0dsF!C%I9k(&HEiyiyp%j7B>5%Z(+y-F1J_&Q zsca?>3+|-wJ|`vTb-6-scowx8^}-gs&ZK&5=>mAZg0w2SlCWxOThe5{uha9S20OL1 z9n49}AyQdPh(Sv2?qAoV-SCR)USckFHe*9EouOxAq+Ph$AK=a(1GiQ3#>k4qR%m$>QAn=M@4rvBOZ z$dJ$8oJ^+|3z=jwJDwMcITz>!%%Bi66+dh?*yzUj+`@JsPgno_+ifYwpC5&?@lN$Q zTp8u_humgi^efg?0!jO~ zM2S*bHl;*D>*;jOTiHT~6H*Lr)l77;)V0p(ZQt=jzijJ_iTv^$V~li6;;lZB7CtPr zrO~#7+heha+fY8f#W3H$Y|oHnGq)$OEL_=chgw{4-ZJ)I?5?)UX$sYHewv?o#uRLJ6M~#k-iX}smtgFC+pFThM zU`=jxBK2j3q405W0?{rf6zNpx z?~uoJFYrd$ZGz8Q*|;im>Uh5`<=h`?LNAOWFPSnkze=FPBLvIE3J7hzeJ^50w_}6^ z%#7PE$kFic=>oye`;h!A#$_V z{ddjW15GBuuzyWeZ1tS&V?zioIRPANqO^4OK5KBs_sImO^`g-q-v*a^a&_nl%_tUJ z7&ex&T1ENxOCo5;y7lquSG^~Mr43G2AIh7t-{!{pNr7WPR?Y1o=|2c_<;26MdxjVr2#8z(BnP?u^95%*PN|uHA__0DCtZ&ak+rf zUX8xTYr(g!W|cXE)Nv{8kOtWw+~oK8R*805fc8j1?g5Vk)Yt9L=h||BxTq9w>crvZ zgmI0ESzu~{AJ8Utt+hKQ$pmlT)SdQJZ~|{RY0>O~X&XHU4zmaEbrk01&8vy-kB*OT zx_<3i>`*lVtcUz=UKPk9aa$ODXj|uiSl>TTiasaQwlJk=+*L7T{$m7?lJz4@EOZip!3G7Fjx=4X)bk*2(t{&}gdM-60 zYf&U&76OGgHb=@|zu`)7kEo1;Gxpg{0&YO?=dLgwf(TIu2I)58=pS6XD)`sCEI4)t zm-*fV;+ol>Uu6^A(}lq*9xJ!p#pq8}s-%4w3 z#i;*p5)-3mc2RE8K0emtN-e@ zt(de)^NWkSJmiO8=W_yk7u^roQ3hHF&Y1WPNEJ;_ME)v(n_2K`FL6GIkxZLFqe4Su zs?M$8jq3I~rYEvWQ+_dOo0U6)olqLgyUOz^`krZ9&R)aqX?m;2O$F5YGbRhR-+@|V zfveqEDey8;nNdDXhA|+`=&9O{Tx~Oy)+Nl;!mT_{ILCQP#(enh?yjz> zp0Ae-m*FZftHZ%8HQAwDcsTPLtBSC{?XO{}!h1<#Z1(ZntVCz{kLao)YI$T8O=dMd zw?BU}tQ`bPxa_p*klW5bt4R`;He+FoNX^fEPHC>~lIDk2pX;2W@`f`y7|~38d}25G zf(LUsSMguLl?8bnI>V7K&BrNZn!jne5BqBXK*2&u@nSYB0+Hopuz9BGFs66NMUn+e zOR`FHxYnRGjAZ}$YwAEt#8GX9GPIK-%zem@H>fU3BVTcUWPmyXhaqOFOE@04IbkM^bTC;SCXi( zF)~SqAaPP3H9SXh{E#sYx}GiPbdRFVR?K92o7TRkdHqMs+_Pb3&0Y(HOkM4xLJ?Fi z13AlP12sWc-XrPI#b>BCln<9yg@HbIUC0>LbeakUtsS&ZI`9eY9#( ze{)OcmWRY-?s362F1oa0!iY`Ba1$7pWYdmgD&JwY#GHaN4dJ@gnpg#XDrO-YpMo3o z;p#szpJ*VIGX=ADzt!{XIBRN1Sn^iP+oVBuR6(?@d0sg%i$gEvzr8?U?4lapI5&cg z2s!5QA$BYHVP~#!OsZrx^p{ODx-vchdgUOrJ5gisF=`FHQRn(t-c zvz^XfMB?|o$l;-eCNcNHzeRz; zs5C-8$f?a%`Pp~hVJ=HuH5yEFYCe2s~qdFV54yRht1_|b(Y$z&^P+sIvKa$Pr&1_`7=I_&n^Pv}D>Wlz zP#V2+_tGuV7bRn_Q7)eKowbJLQ&-Z|(}K2#j=@x^d4G1QL>*qa&hG|DNMmj5?>8c4 zgY~b-W`d0(%l4wAX;Hf_pw*YEM7+i*!wn}V?WA(ei>P3~KVBJKZtB(|*N*A14Rv>w z>Kx)$;I;ADmw~I8M2wLB(?Yg%UaRPLvg6_rO~)gRQZd%TMZ&Q^-sk0U9WQfOb zXZ5n;+~0%2q<7VXP!;y{zhCbYq+doOR1j-C_!~t?qj5>H-E5n`vGs5W{*rjmyCvJ` zkeV=2iH$mioVPPJ@@KsFuqs)`oIfP5+`BEvE&{vp13ZMWr%%dxr?;a$ZEmbHe~@UK z-#!o3wrFef!;j9J>4p33HoHwr52xYniL1+eb*y&%G?v=LMF@^$zA5$vRVTv+}j<`s7St@Vi;|$ z?vB^Gx|Z=BbjOC?6?{h?r(jyy$E|QK>_V(*XP}OVdi+A%`b3T3Vo(a#SDK2S)g%&p z5+7wd0fu`lS~@x2La6OWDD-h;^x-JvW3Q{8r{fi?un2<;0l2WUaDN>hWvuz8bG~&z zsZTAwK1L$s{ADo9nHu7AWM+vc578V{!LesVlyhTh|Z!%WPKa93Ho(K8?4zXXk&4mK6& z2Jyx>ZpdO+z*w5d6*P@LI_cg%n5EjJX3`cW5E0m(67^2lk;GfdCZlsWB{WC$f9kPP zrJHEVO4z-LW2lAWue6ogykiW3}o%h~!`PnM_v_=tomBZ=X4E)*#&N6T5G#%FBDD+PPgmtdIXatlEe4>EW;x8*S3K9$}lWj%j$b zWjx{FfaHL~bX!WBvzo?I%@z?86XV_B96Mh869?byZPVf2zKFK?y*RVQDcpOzX>rs= zb`|R@{BYQ~4g>bvdnw74h26&1HwaGFzqI2JIr{Gd$13U0!ysy-IHrW&DG` z<2Ge{hy8n2Km|notu~$PRAxDQ4AUY&V$U+a7BJWlVcyRZaJFC_IeXpudhbYQ^LM;< z)k+e)q;@U{Q_zm~QFK0OpEpavfrv*qZW=ema zn=Ut0YJ?n_&E(TF*4Iah!?G6U=W7s5rP$8jF5rdxuQnj=ZPS!%5P_vEb32J_z)0MB zg;5m~(Us3DBcxaQX|O4s#-a*k!nrlarySml(pSbdbj*Ek=zrQs>z%Rc3Ac?`Q*$G^ zu*mJ^JEg;%!l<6iZGOm98q%P81`q#GJsP|7dV)Y75O^V`@}NX$Km%e5&L1AvAo#!QP<4Hc+kZl3=>AQ zzn9>f6TFOh7%3M|nD!)#vZOpV;UC0DQ+sS#7!R#XBtz zj|0mG^Pmu_S2ILf5f)8_86aQ9$==kt2tBV0ue+5yZ|^`J=TZXVfQ1R?VngWD(Nl;Q zN-#QoL&LsmkY6+pJUY``L{|jh;x{AyXK6o&rhDrw-e@Rp`N#kZ`!@&%^biu2Cgfj! zLKOIfuVXTv71MNLPNYX&WJ`ZsO_>;YW@+5G%`aRZCh zP!eU*N+;?(lcbCso+%QK-r6tio$dVYf6u< zj%4NMrJ9_heS2NL?{uLX=3_uEW-o1;T>bn`uYGX7e(^qL&1!K`H**!t6v<%IG?_G@ zdbkVeIFSK3z!}tPt3T)^U537gdaLm;B30vgnSCL<;6Tmm^l$qc4$mC99V4p`R9|OY z7$T*^A3V(QY{2fy1%G^e7A(kI6dlBcQUvy%GAj=c*<-{Mj_l-?qS;W)7mReSlOyZb zqSRFtkG(srCvbyI?Sp+0v-QZe%BRzlEf?vO-@k>~quvO?TuVqz3&FSh74gidh9-tR zMcqxgQZ%`10=^?YTgdd;fJKgVbI;A}}1F2b=Y$5}hatv!>Nt?Yv*>^Ef zeRYL`f>oTWud?ctc6SB^)9J?k`*ulg)NO>{cJ2@Hi`BDy0I)@5X_DY;3+0#AUgnu& zpEv4QRfeAQ{yxX7btUz&?Q!&jP4v~{b*tDAN@99?dKWbS{zZX5b^1le+mX2%Uq^gH z4E}_OB(%z2d~+J{NiPXvl*!|O#U~L~2miY$Zm|NQ@#lN()Z(24BIs^vaZf@0tXR=L zz-8K>{oO4Vp4ypfHx9fy4u&ZkbCS7Kn{u#*YkD*0b&RWv(YmxpQL(~+*Fxs%`;5yd zrQ#aWK2pQx+IN(FN5EsT2x9K!|L_Vc>N_*Q;ZNw8TngVvd;^1q`1t!3ig?LRm_0{n=k6QmRMi!=1%88cUD60oL z*Cn^KMqn;sv*P7AC|W7};2A=YPV%%&7EEbk^jKu=`pw;WR_dv-X1Vs_mQPCLSy>MI zzk|W$^1uH8%lEG}UL`MyFGBB)Liq3Su$aQmVp0f;jGB$oZIvqB!;l6JMr*7OcwbE% zhO(W_M5}~wa)WscH%EF#e+g((e5e&`I>jQf1H7dLb)f;T`JnvvYDgTlwO91UGY zv^E)+eUK}77q@BCufF$j>#dn{%4#^iHP(t>2fq=qPtCd`BG2B;X>sqc$UaU&6#SUY zOAQn^j^p}_ufqC`edeqj8nE1BajGQ{djdjoa`Hr79i7h3uC5D9l7Vw&uxZ#9{r8#< z@PP8Ov*DhbWg@-yU8l*iTNlC!(VEe)khZwC2zTPpyl9?2iB1Aj`8R6`w(ZVpKR><^ zA5;Y17Rf$FwSs1%SUHlTI@aRh6W}WOonj;|Wyq~frt^KQbS=RwVZQy9u#a%nqrNnQ zRQxT;l(4uY`e<4(v%v*o8g|1}jBEV{Se(>zVcK~Q^A7UT#)B9MwY_ZCB>;w6*#lg6 zQn6ewW-5FnxniAxIw2lLHqGc%c!g(#v#W$n#i>M+f00~sA8@qn^I?^VaW6l3-ipHx znNpea#Uh3@PyPk~TYy7TPiv4VHsyn5_0vZbn#JC#*NP@|t(ibYG}oo-_9=lrZa&Uz zp#I@GRC18oKCa1oVN7EgKR8IRS&aibu2EpYFW7CsxIE!JEk7+FX)k|8zOqyLFZ3Nt}y`Y?X;P>))nUrJQk9;{2^RdZzR6 zG6)tz$d$Nk7^~6M)#ddiSO4;)D*2zyxf{xqCIP2;t>7w8LArYd$;bnrd{*$IfH6=1 zc3vjCeHt5tJXWHQt&iPBNcfsW(?N=9iZ7SWZ(xs6K#on^XB6!E-Nm_16MKC~x~3|x zP~$Q1&zTi$@RAuKhKe7d3_y{-XWDuW^1GSfgisoYF3{mT0y~3l{cyyNa*>Cd`5LH8BGm9D8jk3(RdZzKgCW?nlQneSQN$Wu{kGW%C~p2`u}wz5Y1j4$_F&rr^1TWWaHuo$+OCZHl!P{F-pD za3Fvvq$uLzm+=do-QDb8C}S1lEv?F~Ph-@Pw;J5?D&i+B6tE=B@-BfD9N+5Xy2HXN zm#9L#8rr_n3b40nN`BsqqTg~ozt>x}XRebXS8!!0Q|^m!Ro$=I2OZasC*>!f-eSp; zMp#edCI4EG#a0TyJCHuXO;3MbD`2!NN;w|2(dV`&Z3~-^w_S5kMZ3ud*M+{2DTcI# zg{@DG>M@#6+nyrqT{4^O{IY~G(a2cW2Jkr}qaL;&9lzN?|uBcW7WguZYZbJv*Ap~+A zkxTk`1+XNm1T6Q+a@X3z&pobjWdF{Q44lT*VHTHWNbBF9C z5jlBf4^`%hIggmqj3yiFM7n=*4TtZw8NX9NwTe9f2DL8tuu2uzX=Tip_`6*WHI=bE zF4sG<9}@6-MZRJJ&p{`x!YAP`5hI(`2jJ#@$OvN;ur&haZ~HU>mv+<43Rwg>mfxM-Q<~_08bF96S<*uI@v^BkzQVBY?MEf z{fI+L*d)x=4-(f&^im*r-}1iJrLji}QOklyA&H}h#y;A? zH7F)r-MqSWfp|wNWZ0ct3!!P=rN$kR%tAh|Sa)8n&RP+SP;Qv5F*3*YzNmKsPGKLlT6~0jqXNMzKv$>SG7OC0MwEvXgyE+p zAH1`Xf}nIb{gAlL_5Vu;dICVME6K~(I15I(slEqi$1AWOks4aJxr?JfXF3;)t&F%! zDBT+0I0%!RIhh#kU5^+UO&O78qOx!@<+ypH03v&GX?3q_j52JoOjyV|856;Xo?4f> z+hKLkc5SBvg`GHF^JeX3xpWvJ+?Fezku@5rj~) z_*z;ZqamZoyggdM&RF&}EA`&IF>*MQ_Uswo^p#pMo4UD%PG9sES%vUH2`W!ZK04LA zy)9~;lRrw4*^0(AzZKfaMYz(z03+o^&EV?nR;zr_q!qKrnKQ@Al|G5CzZc+RyF53A z|904o24Wct7M0lV5%~}D$V`j-FuC@Gvjez=vf~w&TE4utb7G)=Sy}0J$bxR<&(y%Y zU6)GL_3JBv4-nlrIdRSn|HKHAlr8J1&gT7qEr+as2u5+WTmRAJ#Skn3AvnNYQvMIL zQnW-4e~JL~6nZwqH073`bNhhfOmpB8#>(JUalNyN=qc?`?peMvq8roK886YNDlQ=F z@_wozo`+f7P}Zsz_r^Da+5AaQXf??@3MYQc7caWUhGtHh+&okl&SlcHc0w6>6JP%+ ztf5)v%H^MsLo5qC3AuZHYNP)3@o?LKKNnnLwp+E>Q+%>#UVt2hg zH*eaTa-r&~St~7v-od|Gm$*VVg+VJ-h9cxF^OFp!X z?;P}+1RZR)R=#S&B&Ft1{Y2%q=*WPpUcd`1DC^dm3_$H3nHN5(B6#-WH(^240Kj)8 zu$}n!E1QZ<0c;hy$p9z0vu9l_mp$KDXcPcf<@Vsq?0A25JXLAxczoEtK33lD9AP)Q z3qm*V3p_thjeVS-wx(uXZoF2CD$#J;rV%;6QckeKYfkp&CFmi7hr+v&lJEh+!NF6< zn`29rKmyqEGj(+vv#~=&B@V%ocuYE%VyLi?v`XeJ|B!22i-)=Rl*)LsREwgslL0?H zB(L!+9xT5Mo>wcAI6f}L$cDx7wO1D(ONS~b44R24*q@9p!_KdO7(&|MiKaMXMyhQb zlZJd^S=ye>V$YS0m~L^XjY+{9hSzvHUy(zE z#i(?}STasZbS9aP47S{}$H!DwS6BA|K#C<~8Yp-L0!xE?#MCx5n+!gZi)GJK`?YyH zx~~zk$B(2hfMM8ZyQYOei6}f^*ol%rL#aojOi%E2cfv%&yjr4xV5?3E#F!ePY7X5Z z*P^&Xicc=pdXqkcyVin=pba@Sv0~cu1=IK=SzP`^u~Mm*HinCMOfFB+Q>Pz$DUl?t zD;m!~ICo|<69GZW=}pgsRNi?Qo6L@)N|JfAucgCabQubq4xp#Lwhy`H8I^f&gPi2{ zRNc>sD+SjcHRc>t_Y0gx<%S|pqRAE=zr3j%7R_0_0#lTbYrh=1Kv|o82rvZ#wzjrL zBoGzB{OJJm2WimCTzz+tIFlx%;zPBFX)ij6S7TO#m>ec#^A?dqD2rMpvE^AT^Rb+w zVvF%>RY2$;ogj~amSmHiH;RZrdULvM`aV-laSd2d^F&fxg&6vrX}v~|Hwl=qqsHL0 z(oTPdhSIb9?MiapYZfr|E$o^rIjKlp_*(FN6%lPpF}-Gs3_ET4Yo+7TKVeVsRhiBfjs{FGXT7*?B!(ZuR?%Jjf&u`*IQoIUNK;b{sfJ^p5S3szyy?Epd_5T(EsTZ;RPW&n`7oU%3W$~> z_@NbHSnoLdc4W!%%>KIBWnMN3j$zU1x+hzD_)Q}rbG!Ic>17sOoor@Yb&gEVRMvXA zGk!agihs=s)BDh-!!uo}T0pt!_Jl4HE+bRwMwr{o9N?&uw|1tnL&Qx?O#T2^8^%n- zJCG>s1n8WXYLkPXCzE*uq*0A$YOPb%zo~nxJFATsUB;NSfMR{V(lM{r99x`>ci9=cuQ;6{lnqd zw9%^(#|T&AR+56NUU(fqhvL)S5d(xto#|3IN@J^7ot%QE_W?@&w%*P*^3|vwB z>h6Z{iEkhw5Sr-iE4s50*7dXm(3MR} zqVOEnTmJgaIrW_A?Aw7fdSPJx0$#wxW4bv%F(IKXIx0%&wThtEC$OE{TV86e3crPh$eK$YnWWytnA5X|o$Pwl;6l7+rjBWi4AQ~w-HOeu}GP7?L3zMHAw z#r0nvdjQZ81qRMiRhf|mClmSew3vUUiwH0SB>9qb+XYt0 zy`>`X@F8R^#H7}61O&(>3moT|Avr$Ahtt-`garvAYgZv?gd|--jtYi;H}KmPyPKKR z7eH_%W{vp6ak6`OF%pdhMLNEd@^^)ZD8C*lCnob3(oM7n7QDOkv+);BkyLt1QcNEMXuO#svJkId{9?4vIQCJh564>3uIJMKOvO-0P7I zC7o;l8dqt)SUQUs=Mk+|Q)O9KWF|l8LoQzG-(QV<0NXKfs0yVf{3sQOabz^)1VPEm zhR+lv(bo|Hq>h~F9?NBmU+oJfDb3aKx=Y0S(R~6y79;NtiMo?LlF54uyw4kbWOO=c zx@?QJa!XCZ%!B6~=1MYfBk2ay>7P$lb=YzQBUuNMKU+`JeTQdvNNUGQI7s-agXIhh z!Op7{1#OTgGMC39n2SnmURz2o4gn{S`yDB}1XCdv3!Ww8OeGft8mtz1wYci95mVdI z><|?*glQ^aLj{V5_r?-|WRj?$wy3v2B?@Y=x|v$z)THOu^V8Ej83-5&AtoPr1MY$* zX4>K;56>!PqcKucgtHE8Mr%Eql`Ai>MC|5lr6M-GHaA@#9E9j*{1bBplO20aV=Jjv zzHC_MfU~nTy~k6p4Pip2xlC5eHE)ys&OZa9Yr+{tprCmofD+{vh&UNkg-M+&K~zFN zwAAP@7&qxrM@On*jEgA1wY*>+YpWEOwG=_U8R0645uX9B%hLJw}*6)N%D8V*JGoOz?`^;jGnBkD~4k&SMDu6rFmup zmY##n20h+nclRsY*H7~NZK$4&IjoIgaE*x*Y)J*7e<0mchEicMEk~~mUv^(WaiO%q zp|!a`O;9=jKyFM~V3N$5t&_zcA;4uBCv^SE`h+~RBF#uz+&BE$5%2tb5N(d}ey2#Z zASRgrl~Io;H3{Dk@vHE&=~{`c@XaG>XbT$zn$>_&&pj6ulYrW3ivD3k@R~EM)@FLn z!z5&D4KyErV5%uI;9wXdWim404Bm0Tld8>C8OjwN8_-ep)eafW`fsgj9QD_b9?E#} zfpuY=)J}m+)lnn|4k!i0q6lFDMEcv*kmZ<=9??T(A_4pR(HPvNno%AHNofBxlHUBg zN4qS+-Mwc7^omcif(LL2VBLc~9`pubXwOD_fZ_NEF&#npNu+dWsLOZ2ix~*+Df@lK zF@f%i&IIIQ1RQ@GSYY}2K!&lmINcfA^3x41CN6kAL`7L|^!tJ&LO|G;Hg*N5 z_aUMJJ%1?^tieqJQEdV+32pQgG9zEscQAdujlIF0Oa*dTq=C-_E4V<;WA(aw6Mo!D zD#|g6yN6BG>GP8n*HE}I_l7Uaz*KU6?=y7uJlG^O0~;POUF~}-sG@%lrind6q9;c9 zh}YgAkNskpjpyl3f50A-HIsM4d+gl~C%$E(Mh7pc=Z3)u=9q4eu01FrA8R=oxez8r zFjDDP8NzW*M3_ELx}Xdpr9dWSN}dn05j=ra!eeuXWG)X7X&W;V1RTcawF-<3?~HXpwJKrJ~FOocP842e&y5O2CIjUx4!tI)tA4A=vTelKo%U(P7%gzehd}qryssw}SEXlR;NE`USgCS6R12 zTR~kQRVONpqpM5sDJ}ow!DdgSQdl6h8N2JgxNIt$W7R!Sc*1sQXAb;P>eY z0oiA>-HI3Xi}Pl!lH0O*HSmKB*dGoc0Vhl=-3&9Eaw$*JYi9bl>`@An`+5)m^7!pK zj{a!#C!eW!mx+svJ<~yzy=+(6Z4%~aqrX_7}F*~&e8;`U~&TIHruTT`-DV{x!i+w=CTNK6IxLdbOpPTb^@ekbED~BHw zqT!Gw#C2qgUfntukp7DWz}`Gh?cHbZMjm<++2UsI+UqZn%QR!TXEVHB=O_|Mw#F0c zR_K)^F2t{mV%KXMgYO$!6^+w7HvhsdCqBbtTz50%h?;HQrg~!{Tek8Q_J!Rr#wgQ1 z)AvQ6%&|(*4HMPr>WNQtE&;r-9#YHsiVk9vEdoM&oxAQ zjo{xdoa~O)8z)A2#OhH9J7#T9QWCiYgcfhM?1k%hompeseL97XYfGjP1Ya z!pXiNU@A(kfJYse=<6H_*VQBCSlNr=4R9{ED-J`FHOZ33R)d$s2QxOWiHGG4lnUVB zA$8kgk}Ti@e9)36Kz%;MY-jC5^+zx4^oo{Jyau0mlGFx5+em+qY$yl;sfHS?@f=pT zqQ_hRtZ@k>hA~!;-DDY{C^EP)3{!$eY><9iWrcg(b-*R7b$Wzkav+yb5NUxUQBG|2 z0B_agL^jp|4;ugE?Q>5sRL^IX^cB>wsZ>Hu0$&`u$K|5pbR}ZnydsO|;dMZcBIWzc zY>bjosv#kT4O(7=O902oGk)(tsSeP%e^1k2fEs=R!z=8$01`GJCO38*E!*~l0fDPW zur*5C({ci}cOz~a)lGE#j|N>_o%6OvqQwl~2O3;05NvTnG%Sw3RM7Eie&DF#4QL6; z<3rgll%I&xu4ay?x1BrBDXXJ;|9+-|N%WBefm@;S)>=1+q15AS(~1^6o^3S9!YmVl zW+^~xo-1D71p-`xuNMI%qG(Uq(?A!-0X^Zy3=TQ%;1em&%5ZKsQ_BBoQ9(lIuVmVO ze_cHAR;I~NgYNZI@Qb0_%%qlyg}gR&1QDKb?x+i3^k@dOQNPGwS)~_IsScW&F}^0p z=#qZ>zCK1W7udU@tK){A_VJk#)aq7bU%of%$^VG4oiq@t4Sf7yp9JkTCw=d+!v(sI zZzylpYt0V_7k!YFu3L9mk`kMD<{^MkJaF!GyuVTExOa)tct3mm5O3aBCQ@ZS=h_Hc zMO)utReado%<(xZCA&ZQrZaZ6nU%Qnwn0$mVdeogdu;yj`(n$m5B8g*J${!(j~*D$ zGW=Ot5sU5DEfz~s7Q3ZGINnUOE@x-0pDJO$I?ifziGY0xmPUyJ80!Z_0f*bPSJLYV zEmy~d4=YcE^MdK0P=)@&n%EIfFZ@e)rdVNwb*hTszB8;QjKeKHLa^iaA@O5EB#jb@ zj&5}@38A-Yp2WO%Yl;6mK(LhYJ@7BY9sk!*tioH%4*=9@^M2Ifr1sy|LF zw@TA8*sjw9vo)J#eIwxmk?2A`vBbgo$`~tt|2h}SF7Z?r)`=sv>m=(mx+y z1V6oPeQo@^FUPxW6saKCC;uG{eD|b|gxx6mZZ2kRL8-_Ld^7;vap1wadFOpUlXbvdy#J)q6^%v%Ccu=3I z^GWq?wury2b8B}dePIxKaX@FTn3{x8-p-8aOiZ<2)}Ys>)5Lf{vM63OsDnDktO-+QOig?#A>jJFwD+~ z5u%Dkz8K^SdHBYq-t20dANTstJd9CqP7{pMg+QR$Xn9wVD$_^_lx-a{ zBt`L@kqv+la!gOy&Y7k}{mJF5dXksk4=Nu#V=@r?#|QZhk7Z)9vNY#U=TE#Qn~31| zBlO-!JM*N{1!4&aAUTre62yE1#{dl=B85Z9GtL4y(xO3TD zQ}2%Ck!+T|7vk2CcQR+X*?V)<;6NGeOs_x$?`K<@ka z`q-_|G)KMaEWc0zT6G4G@|0GG;37VtkY3Ofiu{VMmD%sbCGAKI5x?#wCm|#)VJj5X zm|5ctQP6j_0DWs*K6~ruy%<(7tFfT#Y51w#TSMR3(^~Yb9IE8^6WrFO?Y$zCGK+@i zq0SUX(G%A9Mu>F_542vcw=}AC@2FnC@nL9m+KjiWtXEjFIw^GDu6mlqSlS8py%4q0 zYr#lBKu0}fI@Y}IjSMso0hY>dUl&rWlW+%`1h1k=biOw(uADopd?F5IP|19EU$1pY z&B4^%peO;Mf@f+~!3l7T(ZwbR1JGI0D%0Xp9?^C}=9+CfNOy%d5G4HaUN~kcJuU~x z(vyA;)+LA(HIy=*)(uhTeCS2+o9jVwFR*V|`3ZzQ`IU#62ljjux zL6CgzZ_`QTJp6sL=ygck^80ae-L!y{^;n4)nV}SWXXY8GYmQ`6TgO!9R34O+!R1sh zLYImoh`PAlZy5V9a+rOy_X+ zen9_1jOF3RH7ed^#F__|aagag$tVk2gn-ewL*eIF6?pX1G{|gmb$#PTb;i+O8-A$J?ej zXIjn(b#AVQ@jOnEVls@|+SevYVUxZ4!zaJo=4r~6NaI;TPcvQuA^X3#PU|<6ekt~R z_Q|PVpQnnQQzqr%W+z&1LS7V9S!ZmFFQ4<&ljY4%bS3N@6aeGjyp@fZ3;|@+GGuth z)r;M`Az@AAp%(rWxv8(AgFs+r#N%+O(G+zxfjrp!uv}<;1fjZ6^9q&QT8`3VCxqYZ zjFe;OhfgR8J(5PnUJvoc&4W*aitqis?$u4VgNMW3YmI7S)9n}D39z9YLkfGxFlxvz z%wENtfc%l`=leHOP4g~^WVdSo$D3B#vETCQyI`$M6lS$j$tG>hv4a zIPVDqDp&i^<>GzjlD!I?@n-j1|3FcIt$?``+Y8zn!a82Y2oaAI$%z4Xf!;2E);aT3 z{S+n9y=uO2GJ4YDx+_v)m+$fTI7omH0%fC8cU2ztIT_)jm&pLWN_FLP=OLC}$;IT0CK($4?xyf3CbyEr9h5wn}4^xVMDE?QW0k67y6r`|ld#}QlF^2OQ6^ZcLh8YvX?I8hl3VidtD)BtFJ{0WNH;0mG{3`kd<)6Vh}No4f{%8 zyV|lTlT5}}6)KQ8n$NlE)(y1odyy(p*_Gh7+!{l-Ke4X=x;Mq(GFIWVo~o+Uw7<-~ z^?-4t3*Vx6JS1|AWMZWg#Ozug1X~{cR)A_C2p||&ZgZj-be9I|j-lW(5M4a8ck=j# zMWF4rtz6%~cy}`*d9pc_s-)Lc?*WYzd+_+F-{pFDn(thqt2NsCm&U`a-@UPB0-rn2 z63OGGaVZMk!qJ)q@y$EZlRH^^#=$gpO!Z7_Rzmct>-Tz zd@ixmMJrOh>sM%r+s$e-g&pRxG6S3plJmnb6>}`k%r6xqG|p#Pj-k%V!~!>3%my0@ zL7U}bw#oOH-GeZEO2tk|OOuVjUtP%+r~9A}fsD0+2ca=KqQ#1E7(ceSJj0~_C0ddS zo@0_Wp0f!@2^@yRN??zLXV+)AbCB7B|6uAumHl)Gt<3Otly(s=mB~c5V*F=+7cY<{ z&mkcAO4dMf1R3O-#4KTJkX`u#%fdh_kJ#FJhwJp?`rTy0k3&PflnRJZ>2g<48WA$` z(r-#Mv~3Udb800%(IAKL^^U^l$3Rr}Fl|YUfHfS4ix~q(kDO!#`xg2JJN(9FVV#HVH;!&|eHdI+>;>~| z%CN?xXXwnvx9>6DrdJw#;vN=`9r}Zm<4bQpOu@Q(D@|xcHIvvU- zAO`x!%(?UH{EVbN^;#x>lpWL1Am1oK7u-zR{lTW=VhAA$yoK{-m|37@mbyUZl3zm? zEr%)zb7G2*k?)dsg?B`WL6w@P@+Y=f-WDASzYPx$k8vieOL3vbwsZ1h%?z(XhdK7+ zKi9R6>XoY+wJJUl<@)l7V?GNFG32ukVYfcV1hL z!`?e6#4ju>lUk};Zm&NVrkfU2~i7>B^Rr;U%GcRL9J<&eS&~XV^nRA-SGU1iYOB;NtV)Q!fZwI zYMp@sAxGTH?i7WL(GG5%tQbvVs^Hwk+IXdv)-Gtt2`XR{C&FwWA0Vi9PEF7qVMKp~ z?~JJ<{`{OmGGsoEe783Q?yyE!;Fp9Bqw$kUZY(mhKFNS&lzI-m5hw==3YBUDFEtVu z@g%qDLT&|1C50SCrD%7kk@+&QUVdDq_ti1OIl>T}DNgYk5bwdUI0CNcbxS_fy`g87 z&yh)vai+Smxx}n*0ZsR|sceN{Lshio)#!kJ9NBA^QmM;WZErzt5G~y5I zG|wfatLYF;P@Z->hU}RS-tLYc-s8!-j)6+B6pP>JQE&+1^(aBs`siDJu(jS_#NzQ& zm~E~;u$&#FZZe`Lyyd^MZu>#=B;MU)kh78c+IX8{i97vLoaoE2KHVYYlSL8&o-dv& zqw$sFx}rv7S2`7BRT`YxXB!fJWsbR#3W%mxU^%VPJx{6dZZm1C*}5!n=-K(bZfq*} zUE_$w%Ei7$&p?Dh3M9WV$Ad{ToeXXw#r1qIt(v`$d-#t}hY`L|mRXIVd(E5a|Im-& z-5kwg)k05yh8{Qb*3X@Qzw*~z6AAjjD?Z~%#opDfG%ItFq0uRUZe&GQ$rbAZJOYBl z=U9aI0>@!-89bE1^i=H`-Y6;AUGXYtiU2Y)28A{`CmodPDn>NUm>O^Y-YYXJ4hO)+ z_gvpkfEYMakwe4Gk&k!BOhJscgL*5%QGKel8 zD7PAkkQZ=y8C5HwTI$|@a^@UAj6 zvrN0(Q+r^7&_J01qB6w_B!nhWdua^1i%NuYRDo_fVhK@qQ*@^Ao5f5q`Lb`nrlD>h zes|HVjdiWkX@JZ%1mfxgbdNvf#n>2^7lkV(!3!NRle;$DrvNi1d3y}xK2CjPb5 zU|c8-^;At~BqU(7C?RWzysL9+K6Ur}qO`lT(A_`Ldf_YBU|+5WJ=K`G8{*Tcbq}z) zzQt{9m-Pdu3)$mL6||v{RK53bJ12w?rgobdIv&I`?lN=UgUH0bjEUs!LmRoe3UMe! zRGV~fTOG?5LCVsqz4Ki$-BG;uxY^m}(<|L=PYp_PSzzK*2S}N%HlG%TqYK9(E1&;t zVXezw)-C2BOa}$27Yg5bPP9Fb*7zvup%B`|HKQ}CHM|E6YhWG13qxL?u?ms#U`Xb4 zplc)Pyu!k_L`SQd-m~v;47>7Fpd0OVdT(9GnX(BP z(x&m|o|E6dwrg!}Md9pQ`0n{5OzCz|YQ#i|Fv)3^>%&DAyKyHSMEj_(3(k1vxO2Da zupT5yO%{o$->Rj{CbS9nNg^7HX! z+jP(EnEGh6jKm5mQvRO}`By)F_U;JClhS?c@J&F2b_H6KKfP-B8&c&JheL1?j3BlG z?5bwx6IR}L#GvT>V0zihrpJVnLZfA$WZD-y-bq&hS_pv&wx&+9M+SFO0E~_H;Ehf+njY36Kra^9dofF=V^z7E(g>< zvjv|##q+WI+gRJjHqb=l!GW=h6ZwMOXyS9{Y*%SJJ*VK4$T(==NPlP{f{8*&;z%?B z4qRv@7O;^K@Y$QLYytt0+`4YDd<%1=oYBR8y(Zy&=F4+(^D2jx@gB?hb6lZ#&I_wV zTkG>7#loq$h-39ty&~v+#up@emlhcL0VpZ zNy+*fDaYGt)lrU2To3)s0ZQp&Yy(mM)@BK`m2e3Xx!vX)V7W@!-O(TI>)h6t)ha7W zydR!5o)A3D>{KOI47*=AF+(qHoQjTb`|qoq&xr{`SZa3^vRkgujXi)US(W|RfuDZY zq8^KNDtiJ2u7&)e*RK4O`WVTZlGsH9hSxW4JV*4K2GDN!&D2uo)``}yg-VnYuNQsS zLtrrsPk=CVoJb1AEIvLf>1S@!v((-y?p!U}nKtvpE1h_g9`n;;d(tkcLD*bI%?p$# z?+pEJ+ra&b4D@XrjVJKs?)D8hDPfep4dR`F2oGfZc6tYDcUj*Y5ip-Z+PgR77z9fp znhjAB8Wq0Fy|1Dp>pE!t5s(P$sz+ZA-R6r%f!y`aYRj?Tez!-mo#9lF4g?7aLB?mv zwoFG694egK;Z~Y1v3}kSEmf!cFwue?+r@9$&~e;{js<2DsDWO~F#KS?GkER18)c1^ z8}bwoBK&eAh$)96eC`M0Un_CGr1O6wylO{9kLPf^AA84;Pc+llUltOwc0YP&{v-0r z@ve3~akmZ{g-%y;O#VRN<5gpeR?VOYtq8=rRJ9qI#pLg|y>RBN)yLWRm|DfZl(jc5 zJsv;}GB4O;nFFPEq*h^JqQBIsRLxk5y=4`zcBdV#B06qbJZ??;PmG>8R5}QITd*0q z-iBrL4c5f_NY0X@>i~kqbyPoC>)L;Et*qTIm#1le!%C^~9kBqZ1;*bwNSJcjEgpp( zIz`RN1+@%@Vq)G#?U};9N~k$*ZLlFj@wBLpTT;7r#p8`JdlTsFqK105ZvC$Y*A*El zbp?`1d~5n1{rzoajY;+f;Xr9_m1%cNTwTM7#K2_?H1cAU7yrq}LD9l|Df9x0IR<+_4r z|XlUT^#nM*| z;T!{WhcThsO?4hVr(h|71@!G&wJ-!?5faQd*I3m!eseAwd7c`#mXv<-_LzzwB|%f}|- zx0^o#W;9dj0uHNT*s@T^)6t#PKtNR{poefczcgiwsd4=q+j`vNb=W^zDkisWUB*k? z-J*ZvZ5-%g0n%Y~egW0dH`55xL5JMfqrlifHkxRqNV7;oDeEP5a*y!1!BhQmPzW{S zg2RK}0Z);X^X=b#6Lg>w+2gc>E&AzGnT ztc~z2BlHsNn_M9B`yB9Q9CH$YynF)AeX9V0&g&nU?wtj8&*^SEdgw=R}$WCy*DDxF`IuSs@7e0WEK?~S>&CLMILobyX2K`6q`ztIs z_-Wvpc%TMUQQpUr3!N((D!M5`pGP8F;T^G3u8YLsq#(c4YML;6#IkQ1gVO9j1#%}6 z_^YrqUSO{uc|Nn5z=?Puq1Oo@gfnfpD^cRE{NGFuU6M zYa8dm^7krOV=#$U1t80>H}g^8$uxMS)2rjc2^*pWTga9RGT*M zE0z6)=6YxCk)kygIMAqN%m6fwmcL(t9gYk>yWVA(WC*Gcumt@Q0*W5@CLnvsxbQh; zl4He9nyz+7lkpX7{qpiMEUBU)MDJ!D@1O2h0otI!n>$)Nr!-g}gXvqXC+`1w+~AjR zfHpnfZbJzGiq=0KY5qsUSOj=t0Jv6x-9MZztxXT{oS{DX}V7{$^v?wS0Z1l{Nk-BtSEk?COj zhaP`J`ic$W+0lgou3o7#4M+rX1IrcB!SR6J)y2L`@+eU-f&D=ds-YhSh#gB7$z!D8 z(s(b1#jSCMBE4oXxY}wkrJ3N2{lR<1IZcPp_4jcu34h5G zT?I7cF+uPe+cOdlXMU>j+RRf+eY1{64u7C?A}F0$%ltS*U{S&aY?>+*_bfiIM?^&H zrDfki2$G#A{1#xddjK}OTuMhK zSs5%L|8$fZ{4IDhrB!8LJ*p;h*Db6am8dExG>HLKG+nb2=$oQ{KNKbm1{&5P@&~_B zTpT3|Ev~Bth%pMLCnY&s1F1||<2F2e!+$?E{2e^arwTGL2MyuFJJq(iI$cL;Y59oH zn~Hm-$*@2tH1lh<+op?Ln_J_r6Qu?Qj+>*&2S@ky=3%!Ef5VeFTq5vT9ql4F<8Sg~ z=IB%p^c;WJnvat`{LJwi*j##`;bl!tZt-yZN`xlJ|Ii|9*H~tAEHK=u#TFmjRHOOqKS#_uq z*H5wj2+iF6Yp+HftcQE5+Tg9&S>Wx_=PF=;1XPBWTbjk0Ts+ZE|)FY5XAp7|Z) zUdV4+)DJBAYQwXwU{GjU*88)Ps?SDhHsLuMj;Cr7f<(k{i7l!k9hG9+ZR{~ckx z03%wg_~7;FqeREGANgh%lt}BPmK4b>>l{1{rnc`UoW9>WEUR95u23;UsSHCeOpk;} z3r@CD&2_twr9#K&D9CRjg_}RrCNUelYV-8)#}h3UKgN3Ym9hWlW(slC&j$mFI0g_{ z4N)`}Ep|j{7>I`Q# z>}wnCY)f``T8Mpp3hjItbYo(6It|enX?2>5cY9t|uCiL&u7>(W(7FcVdeCWRzg4|p z3#$ABVPhA3Wri>2o4?PC4MRgA#+BNM*ja}utO|N&*QGOmTT2!yq!DYZnZyn*7qC)l zdAt-(+Qv}W4WX8k!&}U8{QYuElNhkng_~&ljo*Yf3bob>^lO2mBZ*hbSf_wb#;%|M`(r4_fjJ`+G*Y9)fTZD z-pIOf3KZ6z8?}5?fCdIQ{@nnu{UJa{L+tD6@gZr^abfu9i1E+*fQ$%-4Qyf|cjDJ7 z9#VBJqMD=3dOtZvh5Y6?=t<7wzqn~8KUcO(zG%NyM;trtU;RZ6%Wj$)!kqIhk5vp!PmBN3YWb=1>uHdQ4e&=H4)B_@C%Z}+CMj~fRIS^ewKjp4=n@?mja-i=v5)NZ!=#I2 z{+Nxm{dk}z;V8d+^@YuVvH0snT&d6)R!VI4p>24N-dLE0vMGfv&F(|JR+CsOQ^;AN zXNbmechFhE?4MM{h^R4D253W&geXPM=_hL8D4E`&7<@%W-C_&jEB`$q_gAyeeSSgT zS)6-yV6k$3=51*FthDn->0a1V_)jg;+A^y#3gTdA1}!r)GYj~`?9Q|EKby)wD>4=Y zp5|i(9X-8#1~o^T|2h5IO9ov9@2AhHiUgJVC%&%s8lxT-`p!= z)2a7jqurzE`_pnCP-wSA>a^*%U!LP%x&AUTZC!RUYphk!iJ%l+!is4{x=(UcM*LC{ zEuQ(Mtx0AveNtqmYtk1@- z#q(l%O?>61;Zqru-fS3@UXyV(+z(JUZQt9{iCy7=IF1kEd}G0*I8N5|C&HCdMWrG{ zVTLG*oNA-9g2EJI4S<+#pd%FZvFzW?g$ZsZM!XxF;0fhjmu}VGUHSTg)k0z^(rApo zJ8UeY@788+wDtJFG9y}XDuLIKBH3FRp8?n1rQ%I0i(KXk(X9#C<g$_^4{;B76|WcXw{+9%+)LvRZ>B=~%~SQL zv~)34KN?fN^V@5wUoTEYq%(~`dppy6hY|3y{)2?+LZyKJJ_crtlFL5v!1t6zLU|NL zPi(Z(`-kpgrP!DlAJH1R*H-_#4}%|6KLM1*xbldeX?c-3$X14JRpx^}%_PDFW8iSH zo|Z=Fh>jfu(jfdNk}}oC_GppF@Kpy+%A3&oL=xNHwA_bLW&1=^MwL%bEE;*A}xLd zXSd?Gk!uGL3e_8M^yc6-px>>WB>wlw0@TE*Xi$cx#P*V`bGuxi$89@ecwbrMCHb>$AI(_a+dhB5K!(4z-FKf9Y^PS_zg&~%q7{WPmT%B(3KItB^^qD-PP zh&3@O_>?}hzhaeBHW6zQ(sWq{O6U&<{H;)`uFj}?HCCcAj8zmreAxEfNOmji3w}fI zU_#hfWMY+A6qS|~{8dQargV@Qd8kcFwotOV^LVc92Lr?U`Of-lECQ3a;aNp4cgbJc zQ0??4w5?n%wLCoBoAJ0H-91Us2c~9rIuD3C=bgP~f({b2;@Nwq<*^>GA`RR>${z_k z9_TWpKiN($XV+JHUq?>Mug%2vY)+PR>P7a`KE}BhoWws&npL@uxJrH_-U{vZC_yV& z9#_UfpxKF@^o&2OZ!P^3h(jWN{rZ*hjQ{(`g8yFq6@T%!!Rz|iMTvjVB4T4xiI23Z zJwM^CnTB+jNBX;3>Izh~zG$xgbk#q}5y145X*E2=KiYtD*jLi7%sYhmnRTe`NmyO{ z4e317kk~X6xeSDJk~kw`FT&CwaliRuDA3pzcDhYR{NlGMD(|ceU!{uj*aTl^mm~%r zx2?pNG+N_@hlFRhxRbv0S$!>;w<5uxb#i!g20j=!uZ0$`|NUj!d%aduk?EuTbZtY1 z#A5Qp@>sr%itbp*i&3^45la&n8`GA?Ac_=3Ue-^sG9x~U*DAhJp)NLbce8vi;3Hu0 zb@727+m|05j}SKLOtsOCr9RbAZvg-dG+dfEAv30G! zX9HTm@;r!r%{#lrufsZdf>fX-WOW~CmJHqPjG5!a>`}2%!u!_0t99No_-D#23oOma z*e12BX7RDBFOGdhK-)$Z^yM}Yb2q)@MTKWcZb zYzb4YOiw+5(ap}(>c~zwN9au%%%cN4({VGBTbgO1M!alc#CufqQQ!r7ergD`EqXwy zs$FkQs|v|4OY7e=88QMqO?E|a7sEI7PFawQ_{*g_77cWLLctTN0^iAVt^b}d^O4@3 z*;wB6{l%l$dXsGT+L4lqg2G!uLc)3`=R(baf7cMOIzk^q8G`Ybs&bFvZ$TZc4iQj$ zU}I*sG6exhdX4++|G9YeQTy#kmWul+`1$DuM7_t>fckc6`%dAj#{b4t|C1a8pCzO= zC0I=kVz`+$1eM~!*2>DtC@EQ*=|IO*VQ1Oq{kZg=*I)@+Sd7!h z|M~N1%p<2i?x_pbf9J0Lcw`t;7fqO7@^rByOmzG6y#$p*wVVbx>92TGX_p)5=c;7A z>;sU!w>1F6?A7JL#?t&xjQP(pWG3<$EmD|fQTso38dcg1rzVL1NU^Utf%!+XO`5@1 z&HqM$^A#8-BD=SAQ6+%V@Ai1w%K@1 zuN~oma4|9>Dk>x1R&uNR|15$jkKa6G8>N?*ToF9AI46)S9YwGX)ZJ$y{w5d{{-0T( z1_DY&roF(yWfIWIWqE_=AHfa@n}Qh4wBfTnM!)}ajG9D-52+~8yQrMk*_CM*cOepf zZPEQ^1TU_DcM@Wp9>@uy01|)%b9BJM!4Eh%Fvq+>iM`Wc1_AqH&I~U=O@@joczxcn zcKtE}m%G6dY5Vut%EK}MrzgeAy&C|61~unDa$bPATG`aZ!~g@+N=xDYJij@7pd{1) zn#7cK{V@RunR=>Wr;kD#8;1Epd63mc;E?>N7q@(K& zmoo*u(AugV@$btKkm)b}6FKU4SHjp^Xj45Q1fnl14ERornO~?%Bv2Hw#8o!&hEmvy z3CPLsbY4>aKKO4?bCDY)K^OM)R*-@GFl;PG7170>!-vu~3zFMg(J;%pPe%h{?KL7G z*f#gBjo)6BARKuxMG^{@>k9aNE+4gScNyDc?HFFF#TE2joxP!fO0bA1CEu0JO?X zegNpXVvM^d?=2u@>HpjP;dGDR3(3usfws-H8K!ujCc;MX=@}nH*<4r&Q!@q$G5YVz zZ?4}ks~5y2HNrBTW8Jp4P_AzKS{=3Tg*EO5qm*QLE$6CsbN8mbUMUcY=qlig2#p-^ z-~MgZQxj-UI;S3z%{Z6)b%M(9u=n>D?(yWNklF8#&ornE?HbRI(O~BasS0f^jlVM) ziO7>G;Gda4IDw9$0n3e7^&8axnyLm*gAx!<4|$#9L#zMA&*;2K;!ncyM(F;=u0?%P zJYmxk1H$q8z+XWD$Grm0ohIl@-V!R2!?L6U2P(8TZhB_fH|8pe%pU41FfNrGm4vrG zIIy6@^Zo`t{zeipi+){=W)m)t7J2jZYRAMq5$9oVpVP}FjfU+L?!AEbLrYyzr_lLLiNOcT=metz$|?mjaQMX+T1)32{)<_1*X(e=W5``_~{%b&saTr$bK0| zA=tR>gW`c`{ly*Q$(0(LEcct%rDB0!+G8pTqz-)UJbU;NBp!T59#-X#c= zXh(!0wVl=%yE`y`B2q~Sf06KmrFt*-pPt!{l9%ll;oO6g&p`m6Jgi|XPDu);`UT#;oHGkab1}kD$l5G6urn(p z@P2D?&-U1&bJCn=k=2$!HD<&%sbYWyqkGwW_Q_#D(E(2p+ex@(NY-ZMe}X%YXpq zE0c_1nN3M?TzY0uKyrJ11>sswvLx<-dVLlueGa~lWf~ZmyZG|fb1E1B9}Cs|&g(xv z1Gk&}A`sIAz7wPuSjFwzr}X$kwrsTQ<9L?n=xCNxjMDte1rkF1_dzWpY+x{_??(vR zd970d+CQ@VFIo0#8EUH-!G*t5jg9(Cwl&I{=P#{{N+{=!X;n_r@Xotc>C^qHDuzNl z^4>I_Fr!NXR)}lt65sK)rL-GLywX%q{#qU6&E-dQAVz+mAv0UnHssQex21nistwJs zo?K`gXWEsW?ni~p4+P%a9v>D7{;|+pc}Bghxb0EJrItJ&nZ&~_PeJCQ+v8ul#6^}e zf<|g9AN1=3o8=uZ z+j5MLhG3m8^l^^zS#7hvcist*GO0JMpO>0P8~OKkwCBw>SuD#|mo#$syw~IK2sKgX zSR(3pKCIDHyRNYtn9St%L|WarK-$5}s^r82ReS9@IV??7S{7Yk+mxoLtnJOCY@5~L z;JqATR(5q}OS(OOu4|rlkv6ue5{3?Cg6`?-(9wh0U_eux3VY82bqF^+_*v>Vu-qTN ze|~aJ*Y-w}R@oOes+XY95oHjp#;uq}1B*qd#0(hBD01Vu4Gmn<})l zb0A~#!Q)~3vNc^LUT=$vpxl7}vc(3=egNv1F5fHnDB)e-hPM$46$<&*Rr4vTfi3Zw zXVzzIs!;7a!EtSes3$`ma<^yCxq7Ca!1ik%2uQ6ov7hF*iCwa|&owA+Lm9!P72+*%Xc%Hh}gKM3VlEZ{Gs z?ELwf|BTokV{XNOxmN7#lsP}m6xAAqRQU^4Uxo*~JZqwJHvbHDzwd$S%h9va zr)nq~lW5;%Dn!vCBb`JNSyLE#@NGxxcAaVll8=nK-pJvC?97$P@e=;m@ zVWPRA1?C}b+;Dv3pUK#DMnCRBDytCKvT=i7{Vr=e=Emn6@M9>V zT1$nsLtYcVifkgjGiO=coQa?E_7JrtP@ZjEPQHGb_6eRTIXAYo{E(p)e}PxxbScU@ z^qq!jq~nM-^TW~G1S1bhG*^k|&Qn$$Gh(eJH3293##F@y*!Nz+wtuq9FD{+%&+9Fd zY8m@@)tXXgwVzqyv4b|LeFb6B%K;I3aN`0fwPVBD@gDbgvz5!B1V?|8b@PzJ`NR;( zf##HindW@2_|(-Zd-qbxX43=T6ZyEHTK62%0P)8mzI&SStrunM+-x)Pc4|{dJI`n4 zgUzu}_kGh}qhVhWjQxDr6DGA(3b$rsj<{=sYj}+Q%nlXrXOlW!K&}Nsam-ZIZP*qDB>Ahx+c!@yABjxf}6y z)o-ljJ^Twj@0t*|%Td)^ZXRjM-S^geC>B(au+uQ=2WNFTHTV5%d4jBQUYFLh-o0N+ zkMkRj^ZCNO7to4}%zrpxah*opsMz>eEn+#Jvne82nc8TDeh{Je=~IA*XmeY_pkXa$ zsNgI5p!}2vdiy0pGk`opii&CbFqQBy$71?Gvh&JR4-bEM<=3)$&X(dUwahD5@w+e) z(xJ;zQWS&AXFf|dw9m?4lV2Qq4AL8JCf%5Sn3a;!-&Oe(>4%A7sTxd;v$luG#%Ia-wY%J$YFVCA_ zRl&cWa*E!dFc_1&d;Ihm*%0g&0lcE02$a{KZ6@v>XZ1BOBQ(XWJ+npYQNvAz&qm22 znP;MOxqzKj7Mp-4bxP=ChLiub#>me`M-MWl6N!>uKEq%BoYFh4)L}A07{OBRmTDg* zlO)j_MVS2XszsMC-}acfz3$#E{uX9k{8#!d!*#g@4th|GnaE@BV;56|0JsaV|#t?Sw7p1c6WlL^WsPCdK>GM=An3K*T3xW9w#ar}t;-2smt9RhA2q;rH?#?oQ( zrxOgky_YK@A|f31^17$IMhD-LauIZg9*9Saq`j z%X)>a0i%Hv_k;DbMG`v%j=Jz9KMbi%2Q|G;qQkfh@;bY@6-H|3M28fauNC6>j%mC? z4`R6#31hO{ZkX&Zd1}~1p!hJzhdkgq;y~;PEQJ|5wCmXlYY^7rV9e(eoal>W3ZPNV zcV+$VyWa6S#U~7`fssh9*U6_mol+Vpf{VZ5n)_X5!fvsNrOMdiaJX(=(q2kq`f|xX z&VNR>a4_CMM(O8?V_ozl%%W6}i_+$E{N+OEKYnPjgCCzo@HSQt5GdV7$Vu!`2f}(F zj8G#yNafin3_qC5-rUzdsN(5Hg;$uBY{m!CBgH+t2Pm%6?Ga5>kDn1k4j2uBw(@+Y z-AYEE_4S=T``ir{sh-x0RHsfpTZ@AcjOX| zrU9`2qXzaDMY(x1;^U1Cm9-8t-S?H$NNSDOY>$0?2KcI#rA~ElrLTu@HToWK#p$Oy zJ3B+A*0Vpb9Z~%1F^I$jz14-iylcmw7<6*JYhzz4ilihfDq3hB8cN;PD9jBzw%G$l zok1iignGxqK%l5!zBM9%MZ;&A!_#1jAI=^d?E!(Y66$rQN(CV7Owjl#=zHj56yPC2 zfMz&yY_02;hj=Y2UJg@v0-KSM5t?ZD^2!R_Xt>YU={FmU&*(71uw*^>zVQ8Q4B0mW z*rKg-V^HkJ=_9tseSqOvKlk_8E@B)8ikVWX*_0e4PzJ-*glZy>2-`7z)G%2qo};66 zM$8N8YrhR?t#k!6dG3j<0yXLwr3au=aoLwJ9001hy;eu82aYr;MIUL~exWgSGJLk-M+mxpwiVjz_i@vJwA zCGlrtgwHa^y@h%jEAcL;{w00i_(*=)EiBJ%kwt4aPqAU@zzcmvf*u|obw%)rJj@XX zmKm^WFgALTPfBpy5%Vjj0Bhc4Hhfs;xsQ5<4TU*mxO~(7E97qF5FKzC>6z-5Y9k;2 E2iU8KRR910 literal 0 HcmV?d00001 diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/baseapp_state-initchain.png b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/baseapp_state-initchain.png new file mode 100644 index 0000000000000000000000000000000000000000..167b4fad9ed05c2fc28884d7ab6bb1c9762eb87a GIT binary patch literal 243455 zcmYhj$IkOiwWJ)L|JQ%}U;m%K{>T6LKX0FC>#wruiogDWa(}=22LjdO zy8Q#?|A8RsH2w42q}7u4>pzEL1Bbxp{rGLlruhDS4gw+Qe}UltfxBO4)pD_CO zC)+(0e;@u9N0WmqzHLt6rq{m@WA73414j7Yh7x={q@ZhmhB!;t0u1xt-)jDCOgS@? z=iXMU%$AK~z!}Z^b2aosN{_VeE3xiT1Z&LC`B0`C&&7BY9^Wla0n6?|Vk{ZKI~<{~ zdCW%9*~79EA@N~b<)=k%OvO5m^A3X9@*Fg_ITIN~SPnX)jw zC&%2XO(^~${i%G1kHAk6-Sefa$g&)vuh$tzscrW#e?c=D_$w%hLfZUBA8FTXUeWgtXZ@`4S z4@PW+_;JM{Jg=S%sxIP*x zUmumWMYYCAa2gn5*1>58GQns?&R6(-(_;D9i63s3AJ~5Nvt(Bk`XYw;9gGf(YbJ9j zEtm+_C(QHSX(>Owb7V8})bqUhJ&;RL>ThM#JkMz)*@xEZf9daVY`Ds#1I#wN@$2?* z+h}Xg#e53>Wa0ueRNL6AWaQ$YF+djzqlzAQDDQYmu$TFl=p;1Et@9ifO~V-ErKirp~-(n zL;cXL^*RF+{#73Me|PnO%hp1nVksW69F*JTukVcPykn?c=T^yQH2VnwtDN14Z`WsH zAX@mdUV4uit%B0AiJIk%yV;GY3*Gav?mg2j##r^#KDBc#nO3%tLemX#`5VBNA5Tb*KfCKrM<`#m<@C*Vygldc?M_v;)n zl*`d89J$<^-aecBF-8W zE%!?oqpZ;*_XEhhDpiA&H1{kBXX1F^(C=q1+^RGYamBa~W(i;RgHjo)y-pH)S3l+W zNSwypAz5{|gqu+0-!;puS{9nsF8ww^)HUX(qnG$AVip<%Uc}28P@7dGdQbUv$^u{#v3Hw~*IN)Xn^o zjod8^J}|e*w~OxBrMjti`GB696moo}h24X^uNa88&DCwo;JZ^m?^agL&0*^)vY<_o|)sP%7||yfapGPoXdb{{z03&DeSlc6>4N zIY9B)MYgUvwvr6(A0v0fZ&mo#PO$|KoQ47CMFbmP&PCD4gn z4H{Op&-0C`{^=!L@a4Woc&yNlGCf_VCiS^Mf4xlBI{sAYeu9>Lue`pm2oK(#Q)J2s~xxDs+YKZ?qWOFt;cDr3f6IT3l54Ox{ieC55 zvTiauC+>$O?vGxCAdRC}CfKwt+*2cISowniPgY*uudq zu1wnfA|EL%9OgPnl$Hpf<8qeBI5-oIOD#xRK5f?!H`^|o#^pr803y=aL_;mjl0cXP zPPBT_fm2sQCxOFC-gU@d(Ia{~n;Y_+FPO;qF1Bjps;}I^@NXkZ-F7*gOb3MzOgHjZ~H|9_P?XwwOQ@48vj$I*gx6GERsNJSdNY!&U-!K=< z1R(TMvB>iI4-0*SiZz^!iWiBHS&+3<^;~zLw2-J|X`4gv16(rZ%@nc=JtZSM!j*oOr)o8|cy+ zEj6@0;X0%dkNYefn%y58o`oDhEj0H&FuRobWkmF z$GsNV8th+g7?=-Y@y7BQr5&vW0);EiO+Fs;`R&j5Sv^~D1Q2lsPC8J&!nnyR4xUoe z4-$VZ<8hk?5?$Ty1X7|(zGsTLMKz`Yj+xcq=yjU|V$9L%{nT7H^@GhhCCk9gu;@1Q ztRr~gN^YH8cx=yNM7!Qih$CN4dtLhmPV;N3>;1|N*G+B%hxE;8X9~-GKlkJxSURD1 zXqMDcx8>0tq-**(Vw!zCnUm`NAVa~HUHtCbl zhCK!$h;|rGTPor!1o~m0Wv3c(Z!FTbHO?1m*zu?KKxe6-`Dm%nPE`%MDW5 zi~0oS2~`X)#TkwecN4NA$K^*?xw-Z+zuAE(qnS0J6e<73lxF)&aD@TV#TI8e$6V|FUy4J2B;0~U!@a`R# z0l*Qs>S6+e%=pW*=PkQuTxlW=*Bl|jbt5O#Z*0bo3Zb;iR5fWgOG3B-(`tJ%@yW;j zQi_pps3-!9{Nh;Vs#K6QzuwFoZh-94u1^G!It`I)Du3)3u40%5vR*dIuU*RV9UU>YsY6pBELv7q}QmI|T7MK!A4e5B~-XLG0~1 zad5`6;CUu(ki3%X%f_Zng@mZhfU;muPWN`xKsQPi+$@xw-wjKEW@94ljIu+MYEQFf z{bBUaqN2Y>1>f-lXVPoO6U&r%z2vK=EFIx!e!qs@Hp?$@6L#uT+O8ZG8Z zGwKcH=IPcsrgg!StL40weMOKtmNY9E;Nu?$ATONhkoQ{DbNnp={aX&ViqV0#! zNe8UX5^z-CEl+HWc1iTXF*BZp;yH&hykO)aa;nh|Zlitia~vpEY+7}k=U1()CNO)p2pD_5 zKJTh*LP9#8bp3}Q?Y|%&O0Xx=Vd;% zgZ1m{1Fwtp_O92L@9{hrU>R2AvhMnPg1i-X9UJdZaTKs96y@(NgNDPY++9VKWr$+PAT9g`Q^RkUrTY1r0dkdNEOQ=p3Bd?A&#+Po*D@t z++*vI_v`6-HuVf5VbG2_$!#k-0Ljq1K7_zwHWyJ^3AhKLaZY* zl?JVSm#gPn<$UO37}(C|&CixK{iTONjBZ#WIs?JVZ%`udCZ@hCBkn^wQ24xN<2#o! zzz{npaLRFfPThjWVvTB~gVYQJDvrqZWvZ`RZi*Hwo?)asoaRL5O@>WNE>ITtomHPIh)BJVS75R3 zXFzmD!xmxBx*hP|jl6AwV2p_E(vX)Y6amD10bMOnv&=^w%5Xow>%?(VIP$Dblw|Ay zPhcU>#}wDoo`FKK%aY7~9+8Zzc@x|c$1 z^B$@cv?~G#^)*6lPLJjJlwxha=IKhmahbiA@eZ{KGjThmeATrc<7VAqoW)L&z$gpC zv?4RK<+EwB55JSgws%bw@T+9Dy54*$_2{Wpi|wDzQ%^O?Rmv4#TJNq0#wYnV>nTS@ zmfiMxGnAF(uV1k8WOE(R6v}Jl3a2k=mkA@b1^@`)z75pXSn~*`qzs# zG$@D|`GFMvBPPkju|{k9ETWR;Yl%`(tSAj*ssLrx5!3m&DD$WR_Oe<*N4Zc!g!@1>r23NnZv z*q!3^0VD)UK0loHYlwQnAvZxZq&~lO27ZFImmRyGUpFn)lK}_J?>{$th9{2j`$JYr zBZ0T=2VMlMy0UMwU3$XsOku`0REyJR5@0RN{e4Ro(1ZL;-1_`cEBi*>pBkewOVl+V ztBFxBMeBqchKgj2eZ{?W0sC4DfMR2*#5&ZIYM`wMs-o?q2nBdeKOKOwpw_&u92cIz zCt%_vNjwoBL1RW+0tb7P^dxddrw3R{1R;eGl;E)1DvGupOAP zljE?yoYU7|mT#Qo>kIM-;*bFCL(qIPc=Oh#{CvGdehfN(lN4(Q$-9QG9}w*#=6UTh z*TN@aU{enzsxvOqNc87Yd?IUgflr4LNjd!21;c{SqLMp4?IVMtAs(bQs>_MkG6U=Mqvmwrt5x0KBxY zdRvhXL}a|>7xHp&e7q-0ITnsei}h3=QAQnwqE%cPxx;vYHB_|kO<;H*GFQ@E(g_Yq z+&3^GRK!7IAS~zk!dS!C9c_dedm0+kKd6eS0rgMgUCQgaAF82mdHn=DJi(;m%yND4 z1Qo#-kN+`1a1yK=5DY@is=sd|7aL8X1Hva_y@W|Ja+V~n$nDS#?x>QchTj2-QFf-hUW_=uH`brf3!N4KGuW@$(;0O57&Gb4;IvEw0Wd@@snUp zs>*2{uZyPs*r&)q4NC~?P4Fo;&(Z$d$~MPMP(NL zs$0M)28;`B`&56JwOJnk%44QS0^}$RyNTZkL@(K0a%$Snq&()85O;c@EW`iuvviDT z4NmdbC)Q)~QOY=h6D_(W6|hPDz>JkdG-8H+v${?bmuqZj0zP9~YZawi0E2`T#LzEd z%iWk)wA6z2IhVtWf{njazYYd|7}w58j10qveFCW#9o$s?TL{2`G$T<2=-Tu?mBSiXZ>%Ef}n%_-wNCB|8Myh=WhelsmaJ z=vQQxm|i}X^CTQpy^flElVZhwRA88tg@v9*&)xyij4xsO_ySt#=ZHfG@@Lm#A1%LOwEi5%x#Hk_;%>c)C0 zGL~FF>t)1m5S!5k9vDvOuk4d?R$Mj~eIVxQdvG}r?#R==%`Numcv2NT@h$nfPzS;a zpu$u*br>BF7Va(o04$3Xic8b`WO|w>nK4=N=0i5j3mOzrPP<+8U6v&esEP8-dtfNP z;`6pZ#nqc=+`Of%BSUsi!-%WU_FDyA8becNn_^O@m|CHhOwzYuSb4>OS(X!nWVc=yk{LODlxMlmU;{X>p6pKI;ir z#o|ZtFkj07H39K*dofIlxbtCjIL1B9>HDBa_jR(m^VpF3NCC>LH??t5Xi<*?bMbbF zQVLB8KBr^TxF%Kpq{8}L7NgMhJ11aBpfGbUd31O<=@U%w3z&vJES`#{cTmlb4m+KHB z<>n40<9^mw8R%)#wNZ7J&zppK{Pz5cn$(|I@OYa}u`G%Ajm)&b$I-U2;Y8~xAXDF3#p@Z$^ z>?yiM_wp-ydQe0W`ju;ySjw_O@Qx(e_XIX~rYVD?Q(b+Y;VUyjy&Gh-O15 zvb_D0J%8NKS+YNL)gEQr9D1r7F+*pzU_; znF#vAATaap8XC;67uB@XJ}2j(B1c$AE{HG1(Mt)zg7IEnl)Mr&dOS=f&F`|_+KLT% zN;u`tJf0~3wmbnqde$ZiR9X@lA%=e(k3|;MC6+e`_rf|YtS+>OgboavwGd6|dIqmL zpCh2eqZot_04_@h)du|$zIaa1gOQf8P~&~+Uh946&ovI0Ym>Am&X!Tb)@~aHM_LN@-@h*5AaM&a}S`i>^<{ogV90dam zUMvGvK*Y${J^L64o3S|S zVm7qd;yhd#sgy6Wn^*?@y@5#>v4C<#N;x}WUnfxPt(pb-?xxPpSbFC4Gv+x6_-yV< z@}kyy)5xy&9dcH(0HHwPW6?9@g4Vb6GCF*wJfLVvg~mT@5!9B(9}_^nxwViYs0_q7A7%+rIc5{H`r8b1=wO{GO64I@^M83KnpDJfdx? z>}d{;H8fifAj)D>dbrhoITS!8%Qt!*&P%ochbZ)7R(sw3rTS7+<}RdX#Irw~5FSvb z4=-TO*i>q@q`ln}v+(QXjM^%=h17$ufjn3I&FfiS!%<*0SMbS>3;I#)OU=svX;)b+=qvbxA&!JFFjm<5>7*=;+@cL~O~KAmgnC%M4iUkoZmMk_oU3FSU(crHS8O#IdGgr)u1&T^J2-!@=- z_!8eJM{>!A`=~X@2k0Aeih(X!&s7;ZYa87(1?d!_q$94Gbg=%%u~5?}BK?a8)&jb- z1kdEZ;9wJf31bG$`+mMiQ`Cw~hd zkcBc)GVV*8!oJk`b(CQ{qCia%KN(8twDs}7hJgb|f5PgHy@p|wTBQI|Ju>Hx5!%5y z^16y%OIGXNzLM8k&A}VDejaGJbg870OG1Z^MD^uyBgL*aw|d#74Wz{~C}8cfr2N}?fgESAd6ZlRedTZZD3$CD0 zC%V+WzfoE>+^Q{nrTo>^2}~AKSM=JZ9!cgclsdovsjL%{_3CoI=m%Re8{}!;eY}zN#c3G=vXAhdE-bV?H0Iu*3^S9 zUXPdK(#-tCepr!K+!} z`(_YQyDazP1#kEAh5jWwup~CHdc24L7x#rKg?Z=gC>b8F_7j-8klmg2mQi4Y$6oG> zAdH3)Q46&`Gah1L6MnS1J!~LjH9f$12!Wi>nP1)sgh3VWrjpCO^Ev2EaJE!L`c0-_JTAUgr3Zr+V zF!2}-Xhvh3UTKuA}St*bF_{u1!sU~%tgX#JFRtcV zd|+(Ce7yiq;&I~)5!-&Sf=4O5Cr`YHJ;IljpKp&GWb7~Um+&6Y9Bye`V$^gA$avUv zLxBiTjHBdtdHn?w6uuD&$ap6EQRVg7=@;%5zBa8muY7JvT6$UEGIv@(0G9~>Tb(R_ zQ7->W!~Cv7K$n-5vise4(#TPzSWm7u~%H&8k6J zy>4uCh%$%L-J7)wi0N!E4%;Of=Hr_Mh3>=g+Rc0GIN&&?T0IXujj*|+-(1rjA!G98 zTTr9}2Oq$>K+4-Vc!VZHm5#w5;|Y|bBM`sO6WOMy<$}B(#6M_wJ&!saMaQadOebG+ ze(zCn4w*XpZQ0yRvxdrcKT)99&U=;sblkSxo{?L=013G1&GqnV$u1iA2uIz3_Nh0D zym*JvhDmkRqp!{S+;40id8}P|{N?O@?mLd08o)?Q{jydD+Cr?;8&p;^+nz_aGv-~>$JQkD%+&ahsjJ=!R9Fu~L56&%1 z@FK1Q?tFLa6==CWkglWF!Cr-KG?!MoEqy8)M3KW3>ozlF;!dJG8$X*hHKIms6*Iyk z^4e;MnmADG16HWgtr#YNm|`K9QdZrV-hhsBEP1g5Ol$CZR`zF@Q2NI8pD(B~qXUiC zpCTsiUjrKiOBKF1ma@w;FMy`Hg?Ak&A~tc?=v2J~0WNhssRN)1#l|V^hPG9Qo&r*X z-Z{=F(!&gVqa2`wOTF0waRxLC>b$9dPk&TQ_Vwe;hxjc*rpYM!*t>pnq(@bBIJdE- zU6U1~?k9=C@`yhA2iBQ=MRMY4)ImDG>dd?@d?Lu^h6Dkg_Y8kcN4Y;4^lJ&W11aXY ze2<#y$Hi5|w55HKU@HVcJH?Y4lj$`1Gl9B++&Rt<_f3Nh{Oo*$T@k7u#aXi$SFhW>C@ zd8(+NxB<5hzNLdYhr=xh2^mfe^xbI|fwm>PdSos=zy083jFE)fRfv2ub8%suKdqfm zPv@t27TiC8XYZ7VAutwD>0vU-2NO9mu>k4eX+|KbFCma5>`Yp|?C7d2O<5Iu11|n? zhw%Z)#66GX3RuHS2YR@}>zLaRC9t8R)3(R@*Fp^pfmMJWd|o*w+UTe_eGuZoK@&qj zO|6MCqeeYO8L~+A7G>!oIBL`9gWF=H*^`ZFpp>O`<8I)f1TFeeyyGb?eIdLu&vNYh z@M!3-+;b+U^4h_4p2Ro>M*T>{)>V-s!KI{LPV`xI`K5A|G8)pnb9b=+#ntn0k%h;8 zk+<@oWiOF9ftq^)5BEBquBO#~U3SU2eSkKo+6e}~cvPtnz$_?JRFo>aiz~>!$;t49 znGqiAwO&i6$^Z_9k9-1t1$5xa#odlk{fr^>!qKyp3iP_@Zx+Kfn5Kofe0xd+JscS% z;Iy~TUjb-Ibyob&vy>fjSQHuJm`6I1eXFd)1ZpJ00v*yN5k(4@OaddM`botC@_+(C zz2j7h_Zc&NRdS-bSY36P6&UUwc$;sae*r>i(8APpxHOn?*ZLd414PB^gF$L`8->@= zRdQsTu9`q})CI4LZCvX);Hd}mCzOqSfPdgCd#-(I%%VG?1_Mz0gCQRfe`o|;c*VGSV=>300q@O9^SLmgCXT1# zCA3cm>EjOW}9X}i5 zz~;fX`*4)^_0r#L1Kv;A3y4QEAn8cXm}{uf_)R%DoVl6816>X)37G#4q+bJnr(X!E zFxcZz)7tDk>*3RFs&#!~(@?D4=aoA102Jgupg*|xjL`~xpG9#V6@FM-xC1?+n~oRG z=*dAY{*HcBQxyfsb%*uhm1Xr-s(@9qIn2+C>pzyS4&*#9oUOBVXvgN4Tt%?grXc$P z@DnE3zSge4ZHsRTe8B<4Jlm{x|}$P(Xv%K?ryQ$J7P^ z2HWPY54HtB&q_+8i4O7af@pG{J|)m#wc=L=zJ?`CS|hZ2dr{<*%~xc_KrynOGKh@7 z&xgT2ax5qPnF;CVox{16_0D84_FIt(VAa<UC3 zp=rQSW7r?YS}0or?7y4n2eKoUXQfz@CPIsDYe9iir6hh z{LSH3lvX>#f|bVvt(bWZf(Y0pRY5=$7X%LN^)oLNT@^1X`^IV#16IstfdukE*oy#5 zn{^Mfl#U7<6cDE1tEmL6lwDdoda_O;*QBDFPJ)`{&jK-qcnHx9=Jn*mgmEv=LPJq>8`c)WLZJ-{f~+ z94N~<_{`Jes+8#-*enMvNDWH&{N43OJDv0w58;Ql)~dHZ#Zl_fC^ipjk`ujC6j zy(Cm9lzZX-MVoyN)|IgA-BefNABL?sy)K=sZ6`#LUMDa&EWkVX^hLwdx5h53N+wwN z1YglSUjS1BOT;-eo&K}X3OL|l-o6I)uD<2v@W4YyYVaI%)eh#3qYXG&f##$J5z_wU z6(9kG@j2|`Gtgu%nJ!+hoTMm_aWlh24Hg2KW;^VBq>4UXn7qYz z(0-yup#k#q`?)5H3C(o*ZATZps|$X30kqp?1zZ-p zx)g|f{s5(e1J2Tr)9;%}X1vK-l~kPLrf^_)rw?GD!eJbQ{q|7-Tsdz$tua8KKIZ9| z4=tBamccE}GK3x(>^5oEW!F%FlY)uXu5WW0e}y(=at?w}uF-Z1hJ>K71b*;-&^j)&P5EHG9yb%z~VG&(t&>m?KO z3?NIXVtIHgFd-dHvzj%VMtMLm&_bnDtBCy-xccbl$?YM6BdA8t zB9VmUQvZ1%Tm$PA=$>?O3%vL)z^w{9Ee1$RJ{p&RT^(0c89;`QP4$bq%;~v+`1qk$ z+srQF^ZW6c?7=nDTGRBU*H0T!oey!K_^UA^i!BgO*0|~89?LsY?L7HA?4UUX zAbKmiP7Z8ygy)RdANvd|NviD>T}AV?gDrTM45&wM0T7M48#p9_L1QuI#UyaWuQVT3 zAYrLdu#eCd;RY-NiZ|k90(-;Wl$d%v9Ia2L1%*XaN*K+TmR~QSApGJmiuq;5Z+Ty^ zY1r&zv1ZdCrXmvf4{m=Y4(!nYdpvK6ToT84LSDlt77ZV0dQ<-e&geM+m2z+$0RkoT z{VcN(yapw0>cM3Svjb7*zi08a9@rZYdC-_UUcnxW#QLo^Qhj%32Rj#;F;z|)iHchP z4hY->rJ_I!hWD7FqaS4Z> zj?jSg;3Eog8v#nI4NyPPnOE&#^Du}JLWp=cNCj2|$xnM);j zDfjj5>zUH!zKevhm4zI#g?j^m%q<)rp%tkFN|Ug()KZ}@qWFAA=GPcg9rr;h!iS$V zl5By>#GZHLEw`MjDhVzlgSCx<+CTVB94EXG*i)l_L@Q>N)*f?KK~eW zGz{*6k_NhP=K)xi1=7`*n#;i6P|so>#-tfN*8E=o_;1-W185SNPh+_FbL{xE`!X~K zwk3gYg2!#A;vS_qeQj^_Wg15Da`;q7Ibj|f`y#l4O|S&NU~q1OYwQ7K!Db~URtmd? zQ!qSWQL??)lCOIeP`Kf-8iY<(ut9tIQM?OpZE*R=LCxC`seHmOUrUYAudmyL6;ZIIQ zKqZ8cIoIfkof#l!21_i&YkG@10{%M&vn>3`s{8RbWQ?(BqTJ( z7nVQb!Bm#L(+~&1jewS8nKM7Fn}9YC0(+FnWPZoU2Rg*xPfPe9(JnAvEZ~q>=pwMY zd`>;4SoeIEMciUO17$@~ejM@l4)+F_coxB1pjH7BBfLw$iNP;s2%h2q%1Q_xD!1zT zMHoiSTZ-M?$y($mxDF;)-8HhaU?cg9@Z?X7Fa&5%5HuaM3SO`sRa`eAr7|9NeZW@! zf*Pom4@Do^C^M*Hx7sTFIz_-BLSR`&_)ETIA7efy$pHz-p5D%(1ZGhsSMp4I~Jx0WRXR!q~#f9L+{$cFuhps9bG9~%q z#E5oM`iod6Bq|O0UNLhTO8-<-OB5p4eI(i6=n;91N_(e;S$Wx?DL?CdOxtj zI%x~9AzZ3zr3;KVxZ&M_u?&O)AvJE#2&IeU&JT`5R)-aQ#jMRg*w^-LzKno4L)Ok@ z)oLgP;>fJ^e?%(|92@?r4}m@o#xYsNB)xH_%)kw^;?@TrN_ff|H@8*ol90nBn~UDa zJ^UWq5#jw1mn zn`(u=-{PeA-UJZ4L2YD&ED(ZXRBUNp{bfY0S{7C8;v#ehh4eU9=0WDSb0VbiFayc0 z)DZp2k!UXQB%79V8iQ)cm60?Le&b}~*6N#*18O*Z9w;+Ne}pM0(;U__T4A=wF^Byo z6+rXL;D-wmq4(qx?C$$qdWtD+1cd>wys1hh04yrxX?WcTUVpIWU5y*qPp)({5d1Oi zfu>%ERt4D2omcJPSJlwN_PFu4g%;DXXw%L^h&t-g!b6O`JZGPHW~mR~_%YVuyo>Nr zYSr_r5iDpH$bVmxI($@)IHG5?#2|D~QGL4t7O*g+$9aItkfBEqzT)3?JZM<$^@03= zjmNWG#J-prNs|0C(Twj4!b=r57O zBba0|Ci7-Y4km-)>qqpQ(>vSkfH72+RMHJV%oZH1v~4^7ks3aL!>>Ti@H-zJyO+Ar67p zEmwp>D(554xq)!@v|>@>R_Wcze!}y(!)^8ZE+O7$pFcGqfT9LYUEI^*Q#Wqm3g3^2 zCC@v&emvx3&*7q{w9VH~g8wmi$5L0K4Bp!OghGGg#e%Jhap8D{y*ZXl*JQ_`8CxM0 z(4)PPIOyL=Kn1nll{~pLV9@0nscv~m0QLcTnG1^3NT+n(Al=D+41AqW(fNIfPs(xC zz~}#&c(*vI{27zU$4>mSg8}{cM&PF3rJq8B4iNv|7x8Oe z4KI{q)K60RJ+J=Qd^}_X7SN$Yx_pixoBzQ!41afz-eQffY-mK?wti5A!*BgOS#K@Y zXnMa2&*#!w`z4$DZM)1mDz!ZF;Gqbn$3EUW%ICet;SXXs%m=VW0I$v;_|oAOe6pqF zTU3&(0?3tzR<*|vzerFU_=GPMdlVmDClx1I~nl0Q4;!^B3C~V z?%_eQE4{?uLUp`SEm85Ko;md?s_n&wU*9wJ8xt|{FlGNWHXUgMMkCw-{wy_(*>@YfU^OgPd4!=3;Zv2 z-m?PR=iP$dXWVe6a9;0wM@#vkG!+)x^@9ur-kU`aG60IyJ5b+&`#8JDM`qrqW#F#~ z2tIH$+AYai-l1VVw4y3PbzAAtwQ!HQ?ym-55wMWc3$tX0il zckosob5=1*_YA*;#je=JO?u=#qx45>ZplQFHf_tpHl%wo8O3V03{R4 zaIyie1;6ljPMsi}#QZho&^Y)#qS-gkCx$!Z*zX|GBX1@i#Kj9@zm$(eGV|)dGn^ET z?W1;$c|PQ@l6Dq2oyQz|cF~(syt8=JWOLbz5H^)H7TH{9;wpcu?c(ek~}B zMUHqY>PV5Rz@7&v4!DQa?7R(3(G_TQZQnaqz|8_RkJEAGRH|NoECar&xC(*`lq+UX zB*0il_1sYFiYtkQ{0OO%gpdAmI?h2z8EH$`bWjmOA>xC;5#2sI;$D%UhQk9)yj1$~ znLjFMQr(fC((YxJ{Z;Olegwf`c|%$h$vw>0OsmU}$6%o{F((vLY$e7+y2!$q*~N^u ze_|2zDU%8j3I~_+yck)wx+j1PYtATO3s!aTOD;s@|xQ(2`N0(8tF-Hda9&c64TC`-o7cAsJh1dOKwASkw>H=G*r8If@Nd&wL>#qY#d z8k&B@NjF@01~>WM6d7u9EsY(Jo^nxhA_y*`D zRQR2f-`AHtjr=adj_~_RKOWNd3by-8vG$8>?7P}2?StpSBV`Sx%!Fh=dFUM{&wn`M zluRg)+IN(T_H6s%?2Y=6;{C6-xeBH~{NF!I6maioc$6&-_L~bB_#H5IF0L&gWMbZ4ZE=8gB)U>)!~j4_w^!gbw6qSD&##K z3ee@L&^d~P-xIoGks>saZQhrKCRum6%+Hza12N7vJoI<;Tm!22eOdz}F!z;z{%PU? z*9d-xlWPw9nwjRfFUP>#Z=>w{j0eM>LJ!S`rUGd$cmPs~#~6!I{?bb^ywf)i1hKds z6n^}9{sKkr&1oFlDECW<@sJM=~5iO7a?g| z!asKN{Y`TJ1VC_=Eydih8G-Bh););qa+RRFFEku7=~qH}6BY2z4`&udK9N)ai{s_d zT=kZSmLEVSBI)cF^2xA+q z2G~-waylqP?m9eev<&>4F`rnLm2IsVq&8{6qU7O^xN%W$r7(&^%Pj0#fs-oU=lMN< zQm@og$UnS%F={AG-)q}f5|PXS?$T3Q?#uI_^t^*oGW#iPbtz|kiir{)hXKT6F(p6? zD7WX&v#=qvgfR#=8025->&|MSX;Q{#_k{*o&*HY+^Q&PU~f^W#8cC+RAd+W*Aeg=%r zy2ed=!LsKq;%Dc1U+}VQfn<)$>OmHLLEB~rmOoYjJ2;V(c2+yQ6L4{4;Xo35(hNoA zUgW5lHU3E}!RG3IhClYzSe}l8Lt`3+Ww_JGXPaed@ZdC4BCsueY=FV;U!Z@Pt&e+h zU#Em(S!XC(34H3h6q0t~@6oPu<+AX5yubJrcf!b8a9y8mz!GZAswScmQFfonDZ#lyLSQ?z{s}=686h-?){LujMO>@=8Or z!ii}&>n(;C{PL-A=HR&y+}vaEKFKvodKrVi@&&KAiqysSvHnKPp-xglMS)IX&Ei8K z(eoct)BN2cjVZ#;{4QnGMt41WlNq9{ycRz%qOPsJJjej>Xi-4uS?-1^0^Ih(;7HYs zVVkd}fdSaC6v}HH0}y{5J>e5zjp}shVDjf1nIjC=Et>B2WODpjr=*wZUhUp3<$D+^YoLhc4+i+ibpP#DuT=XiS|f>Yk=@6dprA^kpf=?A6)9E)Y9G zzETPA>wTw+NKq{*^y6ogDK%U&N$ObNcR}0>&UD1ajbZoFD+rF}ph5eCN-38>kK(w$ z*-pN=SEeRmkn(5)cY|{*8@6M2FaQAsK+nK01zETiXNR1*w|xIn>IG{z4w=2d3XOYC z)`2TwEs+HvDq~1HG)gA~KLzyQm_ec5hNaGQvFu(s&ghA!VxIwd_&!t1eaqh{zZYAd zeTn;0&P5?H00$PR8dOw4Qeh5F-4$SFwcAjnAfB0`bNG(N`W`50Qg+TmwRn|IV{sXg&0CBg_la0y~NM?Wy&n^q53ggP~fg=cGo|~ z^B8Yj=)FV=Ve*LfgpKt(V=I3{z26tr(p+@rKUZ1B{_D!7W-lU6a4~oXgB%%UR01?k z2MTSK2ZgVOduJg}coxr#qLS?=dfy}XkwK}I=#rFu3Qar#x=#9_lWRaJ^9eJJC*p=q zC?w*ear+q|@&4Ug;~#yGcsB4rp9SU}pMM(2j_6l7X#K0YH1p}#3+z^; z+50p|0?g&mAHNAZ?#gJwL7*Ml^IQVG-%X&zCukJV{n}@w=0geO@=SPz;nN>$GgRyO zB_Fqtv4n>=XGLle=i^+<06S}V*?KPNQs^L>VZXmUJ0AQ|G&#X)nTaJA8?7Hkr!VVC zEA&NVP{zfmY<3w(;I{hZ9^4@Sj2(`8e?P?!l{McExB;+aat{%RD0d&Q1Hp;{sn;__$8HH*T(WVur#Dht*xc$06SxAJ>c9pR(B$o+N0s{uFd%39vlokn3M!s=Z`3_yfy7U+Oj ztDIaz0%DS~9;U~=m(5IL*V=FGGSG?zWXBbU5dj=w!4oz84&41qFJ$^Sz55RhDw_4*3+qG-I3;XERBkU~`Q8AB~4a_)v(gENG+&k#D&-*^}d=KDa8?sA!=zt;+n!X0ugX+LPk4pAV z!0fVLK(na#odV|d1o{;^q!Mmb{cWWuZ)dTd2Z2I%si-> zhWg<%S!n*n;&fFlZbHPW7U_GjtU1-F`g3s^dc2}z^Xu8x;Lt!u$NkmQKTNKxDU&nz z^n+Rj(9I}2vyo$?1?2O1gF2)i&m^;6?`}r`Dnr25$|vj{Ck%V#t&@( zQKmzlWALOujlhkB56|6k{md@bDVq1Xs_6Ayo?+Svq9Lc2L<>;EHB-u;AUP>^07%Xt z4$eIa8GS7cW0a1KK5|d&4?bJ32~}AJtJB@tKmtt8tjA_a zXLOi44&^tO&Ju1o?+`Q`_7qoAlOI;5I0)Lh6(BroJ|lM{8!~%4XpMvIvn4%a@Sx@ZRlA@873 zsAiZzRrHT05*r|OTwGUS-HQ*S;=%Pv0?LvNh=mXOx8iu@uR%EgyPPOPb*)*tE}k6; zaGsAVxbgAH_^)6o8r5mA239a1Bz`sLd}ebGKyR+@FX3_D!vxZ131nw}R#nyjS%b&y zX;Y-nvTqGAkP{S?WtNIe?v!{5n8Gge(UGV1k==rF;xN-6Nj#+8%SK=;rAjuwKkvyQ zVN3n^NEJs2l5x4!p>m#*`Pf3rgPNM3`T{K{6p{)u1$Eh#(s$6PXOB^S|Du6{s-7A* z78Fa_nV>xK)!a!sD6Bzoaz)TC9PbF>)~is{`x6v00FnxMVLV|4+tTfi>mzC(owQdi zNDX&H?WC_>ATyAlTQ{4q1DX;ogf6F_f75!>{Y3!XRN6q!-+tqyB(~gZ`}*FSDzqaE zX0NO%6edVN`vTwH8QeTVTNE)CG+2cn+Y-26SF@Iss{Sy69}GKgX&aB@@+6*%z@p((>cp1O zDBSq)4?p8Qr6fy1QL30`MUeA4X-ejTxu|CJJ*PDc( z!IP+_gR&yZ%hi7GcdrAg8u0(j?^{_jeHxhEH@cP=bJh2ORB{4Ki_lH7$GW&L4(?-q z@8RPy_W=E5SC<~K$cq|bxqBkq_{K`{?|&!Xq;;CcqsJboTbLUn0uc_L`81Drn62 zJF>iqg^FlynTEXpbKUB2!i0GVDMn_OSr#Vz3j7MIB`8=rr5QB~Zo|UXcM)S9K_)>s zYC7R&U*&{(?c#wZv0TR!YIE5Q6+X+eugoN%ezoa5QZ>gb3wv<27i z9nJ94LfO2+x3>tYlI@+demm=VK^#6Mnt7lgi42cf6iN6%5(np<8r9DT!1~{?)R*G@zF6T) zc{uaM2Xo8g+`-ti`l;%x7fJR&hLvBfyS6mJ>1_L{yFxNNa-a|M3x5<>KZ%;xm>`0hqHUoz{P3un~6G9L-6QU$%YrCd92=3p!ehs$|ufr zNB}<3KlOV)_+a+)?KUkjT7le~~hQ-GWg?u-11Y%o{GkMA=D_I#T6z|-HK@C}l{ z0HpmWKt`m~d4PxKMWcEYv;rM$%6ma(w*xTkAhI$ait`aDQ+$f}49bnn$JnuMJ-g^$ zXngS#1#`L>@ytWHqDGL;ecp>Yoi$%J+s!8_2%XF3R@kOITJw$-s^)TI{DmssQL17)ZP~X zFkC$}Fp)sI$8Nozm8ys*P+IP^lL8s=ZSx#dDqOttS%bhHcj=_}uLnSpPDVxqQESdt zS4zJhLb)9+h33~2cmOlNPqMt2<`+`F*VFk?XP-I zGoAUd5I)uz39P+86vc6DQYOM*b! zln@6ca{O|2>;+2Hrv9ME)S~STV5<+0I8+z8%gTXs?1x=*n zR3Z1URSqaKD)bNdo($Y2a*5bIyk|#iqKK+p;#l;sSy8SJ((mWDPIeC_`7*Ua()*_} z1suD>tKoGCut^nwWj(Az#kPDhl=n_G@3MMaw6MOqv*FD*R7E7f^iMOp8|wmcKJW#T zdr*KhieQ6>M*gQA3oF|*^!K*JvP6wGMCFy}B(rF$FzrSm)j{#Dr-I6~}f-M{A z*INV72!SK{y3=J4xBgxy_$nHPk_Y};zUff3=!;(itRUTM8vFn zJ}SU~L_e1uw5T+SGVF~9(JtV$%}eK@lo}5<2ss+XRH|oeA!CbThZw-x=0U~X3z;(P zE}jbSXcJ>9<)=GhaR!j0oPkCVUEX!P+w3n~PM}YKlw#}rF22)=Fsiwn6k{EETahS6 zf6Y|DR(2^pl#tH+`XmhiZBUjJV~IH6C{W484-L4+cUCn>CT*ZT*akdnnv@|%dw>^M zEO4fR)`623O}~IL6$hpj3S&<{Vk#lE(a8EaJ%SA{8B667X!9aJcT!^wn_f}Wy%q91 zgR+-I?zHOJCl%g9413G&9p{6r=-iqKg9Cf0n_7@}7@o_r1|g}^F|O^S5U3f;q33dM zP%m!+fMO=77sn1;Rfh6c>bRQ%Kj z#j-wQH-Zo&RUyxyh@wXGUWssw`f~5Z{fo;h7ZD%PSU4{uZCsj;?0gmJ^t^4dz(%LS z`h0bM24&d}~>CK%E#m`1*^JHCSR1A2me7(uu6)HKdx*eY=f13DWL zaI*p59$086PLA~_6mCB$7x^IEQGB{Mu>4x88?uB&K#BpnP&E7S1LWzyn4o zpj30d`s1{Kvb*_{r~2i1FBXGLEg&pk`}0<{{+%L3~9Q_%*Ah;d*yL7;v){c2?QI4NsAIM|D)nhE7zr#e>-ltTQixdIo#tf!9-*J9J=T|9yvv3I-qGyRDugBpR`201UP9N8uJE6=wsxU|MuZ@|qTl`ud|JhD z1l0e^dyhC2KNJjK;5U-zj^*k=Hzmc-ip=jw`y8eD^3i*)3?E(i8f7Y8naj19F0rm7 z7)3IR>iU|4wk@lD>ySv74YWc|@mqKh1n&XfiIy{|MU{cBTgK}cfYneaW`2_pu|%cy zMriA2o4kENG`gVcJUO~ZoN2H5MxP~sR&rsDws0#>@s_%_+MSvkWw}=)zZH%(2#{~! z@0FmEYW{t;C9E?8!R$BF={*#8m8|Rcfe|1 zAM8hMl&%=#Pt6bw&n>AQ-iQ9e9trIVzio3Yx-$d1t2zUiim3%OUW~aTkNbq9lA`1T zFfQ_`DH>jZoH%@vVYe*jSfSdLSBJl1$`977-^6kY0!qN3TzpX$;k&kd?ckb;%K}T@EdVYy#?TPM#|={ z&Ra4;n9J2~l}R4i=M@|V>qd%ULXh4!J>uI@8B_p=0zSm_(kZvEBUXR$J%;#BEP&Ym z>M)(?!JW_UfX)g_(TasoaQYMTOAZM&8;i5CM?j>1^9WS7*&d{^!Tah2CGI=@1x4AG zOSsq?5=1-QbAGT{VlwyG^hX}t^aEPBX|w?7UPyb-sPh5;$vj!|;BwL|n-H29;gsD|jD+oxYfLFYm&r3IwR&+zYjrsY9%7pbs6w zhQj!*Z}8#kzkL)xlA+N}0ybM)%WL>YldSB6wlQg`Fag zh;ve|*#LN1InwwhGoqnhFi z0zMWWJoA%==5Vh`zX<#v z2r?e>3<@a<__Oh_@8>u7l&hz3;p-ue7;+-$tT7Dl@hUi_P65iuC2EIDI;iD;l|8S z5;De363?(_4s(rlv zkwO=<`iWJ{cwc&%k17Ot@yztcxARg@&|iDArphFrr#%b{Mm@8Rc@4@5>-rgVn4fzCy#OgP{vf2nbYqMjT4GbuW zthg@YPeTCp{&nVTSG!*gKU@cASVyj(n8O5gW^8+rm3IBb?qDsFWtalIA08e)CJ6YhHy@;lP zGA=wgbqEDbufT|$2pkIhB!zJd6}ORiW}m`J1?80eYyGHV4Fvf;zO-Wv)@tG381;ZfXg;qZi&|Y^Fl(Ro~f-V#!pG^ zAMontP~$nhvQ?d4bQ`g56UwVLqA#Uj&kSH3_SX$ms9P}GJc6LQG-D4blh3R7iQhT< z)M^c{Tl`VlG;n^i2lQAi%2(X!H7wdp`P)3fM#B5qjkGnXfLh@JaF+<&MQrHuf8T~j zI0>-EWU#Q!s^H$v1q^8lF{!@70x76Yy%#a9)W5;E2Z2n>l@7O7vhAgVNIVXsS@PIk zj|{WieJeq_cP{HO4xZGXtc(*kd-71tf$}a0U47CO=d+_Mh*R7Ur5_~Nn*bEFb1_8W z0DI1eXQCwj&^pk93th2ze}!DcI_JK}L5jvEh#8WJW!1Xxrc;KTZ`ta^*3QXUAuQm)~QfYr=qUz_{}GJn6*%;;a#7yr{C;Zu| zZdqBWp^)I+{t&N?)`-DaZ%z>SB25;ZF)0{`Z==abB3+1)_;`2_Bup%I?5E(QLlAca zmnB+(W6Ct+-O3?w$@~!_58`ES;v$NE0FH9>;E;B*+~*X4M6G#Q(1EzX0N5kK$py;g zL(DyjdM>sE{?1@}sR58E1c|`ce!c}@%fj_3cs4=jPA$JH1r*>joy|~uj#yjJ8`2N= z#4Wq$Y0V(jv`%aE)gU=s^%0(s7WCQGXmq{TSpk^Q1eUvPLz!<91vF1H#tF`QK=^td z%7aZV>V(Os~%Xp1Cj<$V(t|(!Ja@BEQlQFi)#)XiEd(n8!;q z*XpfEI?jWG^60*Y`6`?C1F9ZE@q!)nDlz9v3q1kk1pln_(4Es~2z|su@+Y8zB=xr@ z%{76&Dz8opS8G^yXm>jn;XuQk=PPfyWq?Am$~zknHZ<@h;X2htRuG^g4dSbbbZM2D z;O+{DjE2P;xipEF3!L!yS&*Bkd!Q;b3eC@dRMrIT8mL>NYY0ZEGasdL0sd$pAa1@f zV>Uo0KV=4#{kuuF1@_i(Uhr|~!|k=#lUU*R63G5mz=2+^>-BOO%K&tAD$q8*+>HU_ zo8GmIh9aVj!@5oyhwE3*(a@r*eCWKR8(*l$5M9Y&gzI>HOkV0>cNYl>q;LzMi4EA3|hrXQvP3Ylz@UpOMXe<;nI={5fF_^RCBlCI0Kpuv?)`b*Z>c}Hy1fB5mlEql zA9w|}4aY@jw+_66UeF+cubIBE=rQrt_N;2yV1Zx-OUb}CxXL93H|ijSN>|0ee#M%SD*t1Rt2Zq;H(4ET3!aE??eBU?-S%h(v)}S0cd*3 zF}ptyT{ypuqz)j}3Q|e7G_=zqmIUSb~gLpdYXa#$!1PTx}a>2xT61K;St^!bm_h2*T0Lt{W zqAi>oIQ{c15fSl)RY!xIc^rg`481d%|{fP(Uc)Bw%} z3Y`qx+C5l{U$-4+4^QxrK0w8aFCE;?0nJ0Pq4T%nOW%+a*Nbn9Nor1m4fc~u54FunBV77Nvw|;O)Xk6YlKP&VLg4@TH3d41fmA!I}Pt+~t6yUsBgt&e_;RKsP0z zQZv@oRMb1L$Kj3NbZn0VjO19M3>Tm?hKvD4bDuYI4faLA3aZ@;_L0{oZn_n-uARTP z*4ggphz1FSex~f)iGMO>_bBz-l_rwTq?qgj6fDj9VnD7HfoO>>{Hncl(5T{?l4X7h zYWgjy83Nl0_YlsQDBlI_+WpYHGNDc~?MDqGj4}>G0HUl1?=h`NX zDF9aZT^AlAu+Tdb$qUO_l6EVNXDv?O!8fo3g1L#sKboE2ujCsiUI5v^&x7FFQg1DK z*i+&^i;6x~xdO>s#7r|>k*x{yqitR!c6_}C8C=Jv6VBImdUBab@LE*Z^aV=4obxbxH`LHD+`*6W zMl^^FxU#YKt>wW3efZr{&d;X6?$Ezo4a+&4nYU#yCK-GLR7Aq>FE|{a1Q$hu#`4U}%@^#ByzE69X8SZi^rsk0QJ`RBQ)-tY$k7GCN;CIC~r^ro?Zafas&AG#pJd! zLe(^0u9|KTj=3vt^P>YA35GHX`LZ9Y+QDObzV>~zO|-ql75!TNWVpP^FeeN2)5xgM z+-FB|V+w`3}d|Fo*EO@(srRK>kWW@3>*uluJAYakMts zFmS^aQq%0-|}y_yj{K>(IwSpcFAM+?GJGr)D1#61ng@e=|X?=F1>{XIoJ zSyFrEe)|<9rhxh|Z?pJMk4QD?pm}w{Ba$W8^D_YG-rYG;WSIg*L5TcP3-V;R9NfWR z)(#iSj#Xp~=woQ`Usry&bpKX!{Me19Jl$3SLFIvj=Bo#Pzp;M+znv@gY9$yIn`S3A!ACS77y@8FG@^(!DJXs>3C4!b7 z*yuHJ;6qcEk8&;S-b?(eO6dXmkbR>_cU|#`6tGCL>Kni5UWC&Gn1`bHha(nO&X43GMHFbVqQUx{c>(M>NRi+_kS=e$f&#P(=*T)A|155IM3Ln9b zMKRadP*5&m@bjVoL$@4v+1i}sntH$D+;;Cp0)EUi7#26vqr9iZc5L(%xE}DzVn)iu znwjfPXNr3&fba+H0u5UToli!g7ml^~uhsv|+rH402nWmjTMNE3_gGNBYX^YVf;SQz z;Op=TMk_|fF|R4VOgwR}tkUWyTA~(W;LR}b?^uin_^dz5tf<-3{LZF0gZ304BOe8V zPcu~+yniohK&|zmXt#+t@rFP5vwo&^$^)ep@=oclsAPhF4VpBz0E<3w@{5x2VCh!f z*QvC{uNct+hj`3`qB4Nwq)zj@rD0AE>tD%hTKc4^Ujs-Qa(fImA{9}5TX$z#tUt?x zMZ)ZuK}0;kpXyvBEyg37Yy`w3443DOx)e)2|E%W0D{WjO2{d?amk~8?WbXjRKWQj*K1~{wL*P#` z7^u&7q+pvC3G?)RPsKa>A@Wyq_&k#i1>7p)7uZ|88970%+F zv>vn`fHAPhlMAKzQxSt3QBN44kT|_i^~*qWn*~+=^%p&hhb5+ip1Dsbi)C3By+t#} zjR%AIE0jWt5`z?;*DtLAMY|U%8HoT3A@7(Q`XSkE_J0_VC4Z#ErU~py_)7=WEkOcb z8d>)42aT)#M|~+FpeyHtet9d*X-N~okr%EQv~0+(OTnwb{wNpoG*Dvn12MP5U!%#! z#lp5`pKNI)8yqYr*GHJd_Yhdim?TnDP|~+tqHc(*pJN=4w-(5n+rdcUSDPf~Yv|y* z!2FaNv#h?v`Ir`S_}qos*V@1u#CN68H`ezw!MSZM0x;`fOQ`nWo&82AK7(12L!$a2 z(!ULYEaUDRE zB*kmle8&#H_;%+Mbo-ZYpDEfe2=K3LXRmXm0WD2yUeMKK0YI4$eeNgAQ>8(Swx7%Q zv`}N}86{rD)B5X9xqSA+ltLWRm^$F78JY~o`Stom1e(;Bisy%0P$HrXf`SDK1A@Hy z5B)|c(Rx7Y>@&vnLnidnU+@TQ6iAq^1z2sU;en>?>yow4T1k=tILx(%X@LffW|X9%dY{w$`LU3KkPM1{LjmZg#je>6Nq%Mr~nw| z-m-XB4^P7CH?n<5E2&qlLlkTO8oOIKPR~T3z<3f> zVj2FXDpk|0;GwAg6!z@ovB3?3F;<83KOeohHf&18loQRyRix)Okm5oDu>xc+JT2GE z34LA4nqsKnQ*n~G3_Ab{0yfx>1-cu~fM$l&e|ZBCuC#1?Ve7bh_VUUhRfjqt7@2-G zNv;?`j&JRrfw}6&&A3iJ`tWyXTg*SCwqX#EUT!!DhkM(s!C^m?P|DlwV(s3Bg%%Vl ztoT*bAcbbPpb=1QG8<&E$1_U195lEVL=wDB=gk`_C2`%oPvC?v|J*L<9>uZ4#DR04NLwL-@B+J!?Y%JjsvhK~&|b75$Jrc4 zQ_8)eJoY}fXi-Dc;3g?8cB!nEZ!}xn3iiVtTRFUk3Ke4WAT$)`M4(XnplXAuf4iU+ ziU$?~E{a)0=!}AOW3H9T2Yrd=3Ge{;G8hbopH&~8NXDZwdEOd~pwLjtnE447nC9>&;PpI$-rwg8$~AskaJm0w z`@*GpP-Q&sMSbd`YQ;cg_NAv0_PXIUs+71EDImWit881Hkg&a1t};GR#su>JujD#I z-8lLF{xjHxU5Q~ETR3xrC;?J3;lbn)4h`DH7W#qZzeBs#i9C>2bzw5{Jf!AI;{I(T zen8!B3kL&C!T}`i=Rj+7O76px9{70V zWDkNp_y`%N$bsVSDEC1Ey=M3z>0hP41OJWMIWMCSv{#+6J-m zR8!~tOV>FnS_WuxCO-FghM1fdgpv+&>)aUC!1qv_np=@ep|};?n)}? zL3vQ98^Kn?P4;(^#xMQF5Gu&>muV4F2q15a0lZK_^tzwWU5u}7DXp5!5x;$`m@*?oA0s)!ItcAztG#|bIDRc8fVUN@G!g_yGe*8Tog*-7l*LTmas4Q3aOk-T^fIQ1`dKWeRArvG3a3rg0J;mrJ=wR z7YLn&mvQbpVCttD}yo4-d0QpDBKhqJw(O6}cjnud- z?$`k;K$7t>K_DKEr{&;b?;|GO=kezUiW;%~A&9U4Ok(#Fx|?_kCX^JXQIE8_^`*Bi zo&kQOXJzPLV9v+3tp1Srp->-a=UZgd>c6$2P*c}3L?O%h{4Jq65-C($GwV#4@tvOY zeV1kEKaCSt9bZoNLONWU-Q`7g5<# z1T?&X$25XcZwzwTcOnKq)s4P(a|Zky&XXIS4$e5!8~cG>T8zAvPGtc>dQrKNz1)k4Qb5zldY*bI9M2UQah;j;9pXvgp1s=aE?%ZN!V z;LYcw_4zrEN_TNALAIG}8LKbgkNfTbn=hHmOO%Dk$UI41Y5sJ6yqfV%m)+bc53SyL z6ioB%b6;2`f#8a_^=y6(n>|vHo|0sKATEzuQn!n-VS1S3zNaTh^>XRxOGKZ&ZyPQ6 zUF&i|0GOqZ2Tn(Qg>f=jP2;}D#OK@HAq9$AM7WCr`3;Uld%|VRTR?6wo!z)2$dTFw z!2#D@^$D_R@yPM9+1G6TF;x6kn0?*;cBl?ky;L zb8F^}Ub`X_{5T{NlB^~mO0BLTdl>JEr}T5TRjd7yN5jpX?xLo*?ip+wiv2-pKZ! zaO@^tgFi~XAwcC2&!bM0e+Mb3buRI+4MO6 zP`>O(IP*gi2oY9zJ;;Il<^FiQdBtouS$o;L$5W{_!KebydA8q5rjg<&`!dwbAK;rtemu;yqF zS%O@{@L$>yB+?p(3S5k*{Q`qnCS=O_IDdp83LRlU(9iKIiJ7cR&(;9@uWG(z2vqSx z2=(Ao+J0V8trL#*?{zN94bJEEXklt##uj_8IcfYY$?eW)bQp~EUvv2>$s~o6Q0CT~ z7*4cNU48~09oM_pw~Zrl=u35=VuYD%w;A_eUZF970{PnzziD_-N9k@&`eN5)asg%I zvGm3MSxy&EdXd8#I#g9uA&20j{rwiyQ{1@h>+x6luOIF*K1~{+(Afbl3pW@y(@1XU zZ);*f=`*?xpZ5OF)+S8jV~ILT&fj-r4cWJA@<2L+v(T1vi0UJ*JF$KbAaKHM+^ZE( z`<8l=5OL$-et#FH!09I+9vQfGr`10U22K2UjI9I$XVhESMB5_1t7I2e)TYz~5z0@! z;ZPSu{gHl)(H%a|7Zd$LIc?tK(Ud5So|=Qvi{6*>m`0;l9b#T7x#!33Mx8Dk~@VJov zw@+W=#R4|&1M2T2B8m+Ya8#{St~{oR22~9hm6z8_Q3w+^-yF=nCXH#tH#PJ3J6ix8 zWaq8XTm2N6VD-X)o7)8swcNw=FYUb`o9j=n&-PvAG>*W`?H=CYeL%t}4YxPRe6aKg z&2ZV+G+TTwz9aH=zaV#FJ>=7)Jt$k55)pso$Ar#=9@`-Ld+4%J|EUs4H-zBo~8J zM6mq+rX)F?s)0nlJpRR+uTrnA_28Ueht3!rGTn~>-PS*?A@)T*Z7q{;fmS0dT46>f zfnzY`v@?zAmg%wQYD$7dLY*e#scVbu_Q&8$To4{E1#5i%wI6Ears%nBxkfvk}Z+@n{u!C zAa^Y0gv>Zp_z;4kHjbu4);y&Z2i{9O-_4G6AjgM_!&>S*GWG(hVy#;?U3F4kE{~-)TJoU$kH_ zi|d12)~|0aL6rkHsA&z~8?Aq5`bWQEDT>5xUSU|&t_qSfX#yBaqUE3SxKWkvjLsZ% zqJkN+YNt1qdsgiV3QmH+HT#$ySn$R^-~bp+O*g??d7eIEa8DBExTJ`W^at|;P;mXJ zj!18fuG6)Y;{EtvC#ySsNUx_LuP?0jhTW5Fv~-yS_yXo)MrmdG`=+y=>B6;RBq4i% zad-=7`7X4KWBV)v44jIUh2H$vl|vm>IK0r>q9@@5 z^*qFhQ*a!fGbWSgkKpEfEAeeHi@#U>^IpdX|3%FpceR*SkJk^D74z1UuTY9a?B3iv zb)FwDTg*(@0vQO@KEa!nNR8!E@Fbh%vcDF7-(?zWxQD#RF+YB@+H|VmxOvq8zIAgB zkNshO*1fhd?fb0;B5B$>bt3grb_dXD80k3V3b6OX2+j$zoVEI33mp?+BOoK20uFmE zj4tg(IRnWMe%iex9v>io9eji*!_u$VBf?EBC^#gH_3I|Zj69thsa1OE^@;q~*Ed9l z1xxCAkWi$_xP$F2VH)>~$j;gjz`1j9S>nZ=cm(uP+om&TFuQO&B|LW5mK19a`!nK~ z7$?G%Z-lLT_e;n`)4}*etTUU9d7>C^y!i(;;$vzvXLu|NB+g!>B-|_Up}A4YD_3+s z>UiL01z-e^x`YBoK0-TyTihBQ-MgDHBRV#Gn1Cio`{nWSmx=f?CwjZbFx=fSnAG35 zoIWr==fN9$wV{@m%T=S8(>O#7dqZ{Z;!rjsd zIZlXKjNJW%lc*zoC_c)7uQyPtO=@nwh8~*yPs5HzR0Mst`t#$}Ga=}3;>8 zW%!yq9B<)HqY&sL6n6ZqTb7w{YG{bpM)}zd^Tak-vMgfV!x){@`2joJCX79mj(P9=(wViFEcMB6)-_ z;Kj}mog#n_Ar6Y-J|<6siF|1vDH{B2O&I(~El)B7CQtAL?~uL?*tIhEssfnxbQ2W3 z2ZRyuG8KPFGBG3QlL*~^mLK(|8jF0jDCPnuJJh4>W8b~~rPo-5yJEO-J1;x0=3w4X z>>+#Y;vwP|)waS)iMi*A0h#FzDJdNcG~zFX!R{qhh=)vM?NPwol=3)jpKI65w-{3_ zTegc=Te;D{YfUOa?eatVYX<3FHD#qt}u3g#8 z1?>rIjs5-{&qiRLIW{#O#lBVk46h*?j*w^JW* zw%+2yW?mAFjPLhm?%s#FvW|F2X}%KW-pg4@Ppx?oMpHzPHEc(Vov=z#V^p zqI%!Us*hUA&Bo^~&BW&qcWa(nQBn_=drzbYB3-t3J>4n)-aU}nbTr7hbNn`}!|RZC zQtnMrNg#E=V4bIrEAfIk%o^e}l(~mrRUQeYQ~q_&z%+D% z<+CELYNT7>h`Z0((Kj1!gm!W55RBJoybw~kfTRZ^911lb+0uJEtP67mrF%lW zaIMNT@wf>yM+Tki`rfjTSJPU0-LDfhf7Ck*tEcl!ihy8M=5Vq#uO zINIwUZJ}|C0CK36u84TsAf9Qy{;?pamNHD&Anb$;2J<--FJ$PkL2Np^)>=q!9jC*I zbs3fFZ6Q|oTL}BcWduq2fnn=|^*X{K$g*K+d|T+>*DmM>v^`sCkiB>6saKQfk-)A( zk;I%>^tOM;X^z7tcv9&sAAg_g7p{TR@QYh+L5Jvx7S9}iI24e^Qy2)VBT#&N*sL)z zLpgYQ5k2>*Yg-y?r55CuxJtl#K?qWWXFO+F=m>}Mr{t2&wf-vRASxC;(82a;_huAp*?l-=egT>|K{kHh~qs*Y!VEfO#n9pk%ZPf_pw zEdH2Y)sIzmpvPQ7wE9@q6j%n!`QVcJ#4we4M1Cw7R5a(~ZWi_fG$fS5%%c%PV!N>> zJ`PbWdqT()M*ew`I8Bl5eu@HUbDJ2|QJ zN4&O!h2H=EzDSo*{N4obZoHSbZDy1oKe0Vrx^gthc%EP*EW@jI*lZRq=eRz#Z6wdD zbP2y|6lA6jz{Tf*XMoJ4AHf|IE}`~*Qr0V%5WI@(5%~{{q$CBgyoaLVe^uU)>kq$i z7s!YXZ4>}o1BEim+787Z za@yyiB$f7wk3$#^ce-(9dyk~CPHvOvYU8+fgpYf11wajT0IYvmUk9S-v%VfPV*KHV zu*w#}SrhA?HWctV;adCh+Fl|RFGY~RT&zwxAoYmCsGk;|j^o_risL9e;4R7n`HyX7pph$d%x@XFs8Mrk2276K&FS0}~D0(t|wiRrf@pq0SI(4Y+ zHXT}M{vONv2{P?x%G_tR?R`c03v)1otiRB#ecW3=@y}VWlMN;>@*g@^eS0xuNEc6E z;Ni#55d>$eM3lxwS7DtLx?p=Nj!+^>?MJ$1iW)YNm`YLiQ|=xemct8Jkv4}mwx|}u z|0UvYU$?zs45+L4rGJr)_5IY3qf}_6eZ46M@BqHME(clg!8n)7;Sm2_sK+cSCt#cQ z68}kkWAhD}wP&R(Xaqb=ex)`csfbFeUSlOKgc-AYU8Q(YqV7sAjgM&U+qHJQ>n&pM zFhKDhJZeyTz)-qSGy5eS(D1w4wXr%*@scm+ItKT+b-ckR`vUU<4&ft(C_G2archQB?~ouMPif9R`?~iuF8mbSAhl7wCR6kIa*mpKJ6i70 z8qTR-t~hq(fdx$W1(v*@@4wWQhqQqF4%$Nei@cnieyqT~L_qT|v+@@kdI#?LDjS;x zxHN3w{WnW$<=Xpkj7ps!RzjQbo6Gb5JLJ|>#%Cb>V+mc+;hD9M)nV^nlsXNuZVhyH zgnLX=k4C!Yli&mO9h6BC7&P_NV=Q|5=laL#JP)2N2HAcBj&GvA1g|q?TD9AC$>Voj zZ@+Ae*sfk7F`Uj+MQq~fe7osp55Rd)6Y(v}KNlAT5jdcGLlUE@GjThfEOFnJRi_Uv zJJ&it%up`^NA%_c3T4+#@)^y(|x+_h|nO?Z?F)pH5^jyoN;2KnX< z?5zZy>&qWQff%x85 z(IzfilHgl1CJER0C|~sjw{KnlJoX!A8uqPjK_k4q{Sw}kRae-CE%`MgY3B>x403TY76}rD2sxug^<3;#9 zM&_!h;1^`S`IB$QT<+sc=WfX+vHL1F`ZNB{ATyEQ=543pqGKeO;4JmS76JWK)9h$g1k{5sXa$M--{(X1}; zAJEkR=sIOfet59cWv%nCnO$ldkh2@8>qZ_$uo-E63$2O6%&ve8S@}+e@#9!nBp8ut zzi#I{(1@NjZ0?E=6L~IT*8$&px*}0r_a-gOi@{B zwi1fhig;CF@;D5_Y& zr6P}RtR(1_r7)8oyoH%|r0X-pr38NY?tu1&&T6my!h7&al~1kBLq{dWd1v*EPgvO+ zSw>PXx?Fs^TBGbWX)E`LE7@AK#u8M>Y4c>aeHoW7dP4qK0=!&Xl>^5v?(~_Ho?mVk zBntA=u<>{5`%E6xxB3P6439oAV5&QrR!m)bBMn!D?U!V4mSS>sFu&sLhUn$<`d_Y{ z_{du0@SPpAaNoA~c9bCzz5`f#xMaz&?Z~pUEdo;!R{e3$Fd-xDyYg=YR4n-6kXnv@ zzQ_Gh`}>ej&xnC+6>*&`h>S{Cj5-{w$EOvb?TeCc``O6-Os<9d;7QUbvq(S;WM+g- ztFpxjJXPRs{T{pb9|UCI&b_$QwLge!2%JPoe~(81YRow*a=UsRC57SN|mA-xy`1d=LB#>-=2{Zrj3!HQ=ZngR4m!KdKw+g#J;b2f_ zckDCjPy{FTZK%4TZG)|kJU)E|_uBy%`(>qRoZ9lXzcY!opWIjTwQYEp#tn9zkJdX6 zNx5-7{eirg9* z9slv4z42~O-rkBBJS1$K2Jh4&YRWtts{VWd?#vY~CW{W6vHbbD8C+}FbyL+kYju7a z>=(_fxzE?Iy8v*%*Qn&a9OB#KqXcyDN|^;KJQ2_1C(E%fkomt$f!#ni5sp|NaNnMz?e*wMtOB%KCoHsbPKs1U zYi^V^Eq3SJa-;r6r7XgCUP!a%zaWLeCR=g>)X?l9&rT`axq8cj4zH?7tr*JY}XkO#GNR8A<8@b*6Q$8 zB1gAA`-o4__D6B{$1XQaeDj(-&5@5QC;v*;{K>;rR+-K^>?R#y&!V*z@u^LAOEb}C=?CyKrwqFdIE7_YND@TlyGv2dDHXU(`-_nF=he{l?76%ZWD1zH^H^iw z!NxH_=d42P#_8-eZiyBTZEhcIN6DNGzOr&Cx5gP$fjB({41nEPs38b;1>^1pnoWK( zJW8Av1t;F#o@+_W@O&6BmJH^}3=h`^BP><%5bf0NXIHbOW>sg6Mb%HGMt<(SZ;%h7 zVC|5b$>NY|P1;CP?v~GTzc@!>-=KFfzo-&TKkxeyagD>1p^=aGk@a3TopS}@O1xyW ze_xDxc>0!33aG$v%YFBw31t;|`^hwxRG$vQ8)B{T56La)hZMvE1lkwV{{X&!hMLfI7co!w%1fa>Q5+tg7j`AP|^idTY%1!&6fU&F&>%O0GhRpfO?I z?)6~QF3J7H<)xR?{d-cTfw-$uLa%AodqGZkhK5uHM1?gX4k>{X^BG&PBgyvE2(nvr zsb0`cG$O*|_ZOpnh1r=8SDEmb^J71AuFd?DA?y3hS4;IC2Mk!gh<01}=l)Sq9b(`Q zm~s$9Bo($S&zyXEP;5&lelVe}kH;ia{frSljBwxDHi(8*jfc}ych9JLW&;i5^?nDRTv?jEhB-W@bBlNAM>HQq z`cC_6@ki|pSA8}VDH zEaeb=k(zn~sG2@`1V(69F%R*32J33xX9Bbl&q_>k_4%4HCPSUj!vA%$O$#=H=viS3 znsZ;cmSAs%8-7F3<3$C}$Sw^$F&Q(kG{bF^E@@-+eR$$$-~?8uG`$b1>>ie%e|bJ% z-NO%gA3tj$puxc*h~^zj4o|!zDjya5p-^+agzdXtGJqm>(4H`DAeEDeVI~E2fW&?6 z{duOs#2l$Yi>Dg)Dj-895>?oaW0zy(wQ-b1~S4@HY**JpbE_}s{h z-mLHQGdw24Nl{d_`?C4$kqQ@1C&uUO;(mT%upm_HvEF{!6$4Gy_Ae$*f3vLTW0PilEU7HcYtgHrH`) zr&-tES=6A=`#rlbJeR8mGy5EE>{rO*QE^|(7-7N0!zdAh)IInJIjf=01#a!gWaqD* zCIR1S|K2-;!IC*Y8ymImLHKf&ApW_x68hLiVm%!CV zFz{d9Kef*RDH^zFW4u40o00zFn#WkG-{1C=+0Q?LoXIF~vVDW_{+Q)BC>7NEB7z4B zOuW=JdmICv(yOQxF-g`2-a$y)2WI>M8;sHZT28IaTmL!a!m4i5*o+$A}^ zIwp6_x3!)aCYr;OxG(R7Ilo-suK)6<#|?-U~|T^7kO{xyG*bby`3-guPvW z(Jk1@_)0UjhDSbl=LrBU6?VD8VIDZjMkO;`1gPfo?~4lx!e%+*HPqk_I9u+FWG0Qt zEBsCsRV<&#lRs{9@O<9Lu8W;OEo}^+ySE%AQXM37vu}_7M>oiZ`ePTEpP-ZjG_$fevuw2Yc(=>^JE7D zV=qn3;n@y*?MxZUehs|H!Oe+BLml7r&Ae*fc|YQWm-dFeNxvs$Kv2VcEJZYEaWBu& z*sB2L@ueQbILrKtNeOpj4(a>V2U0Mx`>FdRJ2|veOS-m-mQ4(wOYaW9cF04gKPUJK zf8K6Wk^bmBQYO8;PG}GRMMKX*K(0f09Q%z@{6AW7UxO4p!Uk3cfOB?Q&R(H6{K~Oj z@GS*_Pn|u7^rA$zL*Q&Mf2X1my(C9N-D7EGzJUM+1g*shoG~9*p`rb{ZltrEn=wNW zZUQ2Zhr>~(FGf=U8$u(W>U?<3ASn~Y7br-lEW(^%-vygIh*i~r&QWlkkiR)N3ZQ6D z@Hq`|IXSkp(8U0s181BU5$~9w3>+~YfwX4sAG^)O@h!%_Vw_B8CrZkv$heVD^rsR8 z5RtR9Na@ErF$z)br{bZ1sSW$(f~5i6%teYadzvc~*7#GqI0#5MvyW}~sONAQCfQ5u z7x__O+o4yaIvKQ3ulz~7&feQztat&LVS?`h-R93dTt8kesn7F$enea3ZF^ZvoQmJ+ znl~KRjC^s93` znYkL4bRsX~>&#EWxL43u)L-B42aHCaHzT5Dp{@Stoz6gZW13s*E2i~fj&x!H=pt4} zUcEP@O2MW1?d#T{#s(5rY^hm+^~!v^Fr?4Hk!TxMz|ae|9x@mrNVSE;eJTOHIiufm zJT6GyRX=_7owp9KBsZ~f7>C;1y3V$9J7J&#&_C>Q2;YcJu4;(dO_m40bZv*63Z;D) zw(pxzU?nu!@E{<)Qq;Zs%f6QK*P?Hl)95(ZnM{~Z-?w8tC+X0VU=V!C=m2=`bm_m$ zk$=nyI=*-t$kJf2eff#!O1~}JUUguH;ds2fm`r@V2U>t{#SiMDo!`9wYp9QTe;})2 z|472}>|7o`q|4g6Zwq21l5h7#La-Qul+@%PU%p)K&FXvK!(OP+xg>JAoDmBjm>zLr zuD@ZwhP-^Ht@oM}v*_>T;M)=26XNdku4#pZ#|#^Tpvry6Iysn_o_1MLNCcc34`n zXEN71A&FWxN(cho7?xA>Jbi<0a~$Fh!AR{F*XyvKtv9tpf<@`SsPT-!{fJIhy0`DI z&wbBcM#F5Hyc4@h`%AEfe{!~qQ(7XdPwfh(Qk`@`YLO??#@HyB20}Xbb@m6DFhXQ- zSLp^ma96?CkLkwo^QM5^&kdJ7vEO zHgNQboAd#6?|=j{x^R1JcCS~D@+|-z{PvlGjLQG^=XL(Mr;t*}QC$-2m(s_OT}+g9 zvRAA(v?7{>#&blmeVL5(RosaHeo#EKeaW#ku|C95IlZogw0I(W9dQAYY4%7R^Tmy6 z(z`vNi)+d_^5MQ>f6;`WOU}@LhZ*kIVN&o}HdL$Q^bqK#{Ol!?P-}U-?jKJFs%Bd^c--mw?8G5282EG`M;lGQtVz8$FOGBb}~MbA?>_EU6byBj+{(eE}npOaB++ zLf=~MY6FnduvBK=oxT)GNv`79Ja!c30HAvQQmC-to%I@qN={ z5OeTvD05z49pe1o>QWQzA#>TxIe>vO{<0W z0x@9ZUAn}5ed|T*iwBJyREwe{0plG11gwu?;Mfxmn}dNJWfR=B2#9bZMqONBGp-k< zwx!;K|4oc-k*OcZ84A}{fW9)sc1iB&(`Fy*GAS)%I=h7szt7nhHM9&GSL#@um+hY0(j@FFw9i2P#SmzS^ zD%h}gkllPyVc{nGeZHfvC;f3 z=JItao~|@$vo~YP(+@^8`ZRpSu{r7vqzV>}Q~6g|hyGHjzCPf6zAXHF+^X9LRQ}-Y zm&1ApKoU|eX!z{6K2mujz#`9#a|^8chzem6&Qq^3D`2CZc@D+ZvFR6Qn_s-qXpk0W zgM8wzftlB$b@Ju#P8f3fOU!;1L+?iYA#E7M1H`90xH8%*7;uu7c&woJ7o?%RO9HR- zc=HYF=B+S{&pGFQj;sSpED*8NUW0XMtozK-->Qj}k^Mkd$3fG+G>td(1P z<@7P4?Ec(a2OxQWIG1%rl73PkEf!`aNa5=-ZcpA{AMYD~J@|a!nWu`6H9Z>`xO?lE=A|iJfS4qKO;66*%WZ!NM)2d*&W&oC|f2Qyq(`oY{ zz4K>M*weUrK~f%&yb~&f@C|(T;f?ndYqjhJ2Y0{NYws)Q;ulm&o}O(q)MU3{cxCZ1 zSk5b%JCt&7^|rbN1+Zv;2Di{{F%ou6=cGsIlWoQ5waJFeRozC*Hrq7q8z3>xJ(dNP zy3U1s3mLPa20k2AggY|E4~4#z)tKN{&TGS zI%^}rOY=>q+R&#ORAJPIYFBzM&G+rgYzm=2O$4lv5dy## zWad!7kM5H{i+Dy{3Ya-v94gZk$d;jMBv>!#j0SY+N1HoBnL;s8yT-V?v^)bxQL2r9 zA+b+=M2gP1RM&lFB9xg{vKS!?>QFxxP_3DGPBW0{_cYABE1bX;z~GIyU&P(uA#{jt z*>}m8DM{A{F~21t#(n#B%UG8Rq%V74-;Uy59v#f#q7mx(w6F~vM%yPV83K~hky6~O_KEuV-G~#of z0G|oh=e_wG$O9;o#pK>DkT%Bd*@{lYU2PAo2T-oxC%*z^M|HK}DQIm|!&d9fo4Up= zjD!fAN5vnnf!8%FL7jW@-VSNPLawtvzdP}k`iLaBYCn{%2)vq#Kc0p5z4=cO>ZK=A zwt9p5GZE3~_}BYyxxab)dJ*X6n2y%1NSo)AxV(2DhkQuLgF8rwhrt|oJBMo7KW^`EFxo2nFxI;ugX&vV%#lNw5F}iclvcj%-hhPF-w6ldG7KRTXy{i% zIvz8_R3vIIYWdU<@6C$nolmxuX18UN&KpbA(fecexpf|-nQ}p!?LQ7K`;mR(5Gi7N zi%6n#ybyKyo67gKSUhcfn1TLtzq6n4q6&Szy8?jlRIIM-*`G*I6#^ODz#ojWTY=~m z+34HLAcW!X*TFHP$tiwsMY(T!Cyr3MYdqVH#k-4AgWlg^^2da9*M=NPoGsHT92v^C zbVNln#}ZPPPnw_*_kb;#fm-ON(APRgIGJNoxI9U)3MBjuy z78g(8uBW#u5F|9+a4KA1?Pfc)YarT5Zq4!=bw% z@lc19-;;R&)O2^0ejIiNLX`~X#?>U)s?-Mzz7*0b&c}!3By$=l4_f_IS3*_V#ffAah!;BVoTz2aCN7Au~T%vqfcnP4DMfYF8WC_BcLp%Vm&0 z-{T{HJ80r4+AbI}Hg>tSvs=wc#n_Od>M!q8etSB7;h2OmX$x;mupxzrU*fCERY-gg z7qKqmkY>}g#JDQeqEC~7F9iw3mTia`4P|IZ71C&Rw$DuMk_IBQoRtK~zppG8Umapr ziY|_#Vjilw%Bh(-9|PlHDE1-#PU@*%?)(GCs6bYTh=we_{cYmBq^&x9aA5jYU}qEb zi)fs^wt84b-dXYVDU1`6%(0+j3xx0Iv~*Xkf(0EWa8P-F6;23+!}~hM^V4pINy|H_ z0L>(xuXpPnil2QXk4u(@&FbO&V}KAn7A0bAlex_;KnIFIe?6r4=rC+^2>)z&&@`cj16gdT7S2Wzg~mp`%WwU8N6UG#d6FO}RsCS9s6V6_VVBT6e{4akTHM2Y!!{F4 zrB~{l2l0f}dcqoxSkfZF4}?%H_rYRzPl60qDJGVc>sr&lnw!@3@p@(iu+QI9XIG1@ z-QKA=aj9Xu-@^rD;}^_RB!{w^OZPLE#!N^+TG&F6aHV5a6XxQ0O`~F8uKSC09nKCD zNVeu5uWDL{OR=kWPA`2yl+q1pV2M8=N-jJqt;4$eGPK2di!wq#Hn!r#oJ=1s=@S8| z$IBB-Dnyob9Y2vS-(akHK3&jzGLhAqeQ9|=2=`0jC-%g$pA3!WaryAh#1r_^p6K@D z+QlOTWIHni(gi(451fw0m1e)T_Jz`#t~4%nsrcN?j{_yL2ml*3ow9eP0?7R7Wc|AH-)I}Di8OsZbSA5i{8hKO(P*M{5*8`ZGy4Q6|IS-6!oob-5 zVF*t1z;V{=!Y{)mBV#-}f!2}q@D%Bv3Gx5Od>s6rK9zbpApw&|K+VjHR-wz9;7%@IszZ|LXL$UkY|C+gnb2|i6)q392`t79w)eAdm z`xkcV)`d_pp4I63+n?_ICh_-!Au*xn_N%g);BfCUg(ObvCGok-6xUCtIp9_U_9))& z0>p-J5atI|6$+Fnd#_M^p5FEf<+}X)rbJrFb+Eqc{n%BFS`Ld{)GnVtTDeXqKT*_Z z>$-PKe(N1BA%jE3!w`&?lm-Cw&$`A${H)$gucaevPM}b_?H# zZJy8}xs5~j2slv7c24HcC1E8@j$T@ewV7^wm*&z9m6L3ar&u4G@T%5b%AX!xj<)WM z8K#uX(q1m)&NOiQ*h7fy9)>Z13T)+@q{kowdlhU~A}-}37Jr$)+-?KIv2c?^>T^@b z?09|5@eAZJ$HL}baLZSJIH0SC=vGSSdlAkzR~!e*mZ?`C)AlQ?iu4%-^Nf-76PC{7 zzDM{Jdxt@|*;Q#|j#%X~u((N}>dx&$W8LS}5M6 znBn<9QMI$0PN^hAX8R?^?2;?{ z2cR+lb~26qnWZF@dxucaVX4;CewoSisJs}&1Y3!adFdY_RFYGuNQT&m?{Aj%f#xg- zbiSV;$GSdG;BFLu@QzpWC}40ZOi;oGI7;PTT6UR3J*Lx4e;88Qs+jc!cASwZI8!I~ zQ$^emU-NJ;F_1rRZaIxvoNEU=z6l4mkmephjgFH6k9ZM zHg@XSyrKiwc74Di=KgpN^ArK@4Y{AqvG*g|Iqmi%Q328h`yI6O|*!$*2^M(FN|N)IUfOperM?6Q1o^S1*#t|jJgiuW1t<$-c7K!b=dfQE@MqsG z6>r3-J69?+_K&O>h{W<|fxO-%{m$m5vkY-EX)lLHH%&2sfQe4S__5E`f%q1B5?qBA z!SwSLy>pc>N%&3>?X+Dj=Xd1cfLI%3TW0db{NTl08Ax-V zYu(~cF_=&x#M=~rV5S;;rnEw|k%Ssph_d3w6SE%lgQe=HSbB%ygm~L_JaiL0Vtgk9 zv77Ekc63hnlO%31@nwKm#l-=fvcIP&G%|z1O*$wm>h6z}47UUzv6Lb)_l=K3&9TIx z@JQ(WKV8d*;DqjnpGm}oQ7{Lc%}m%vhetWT-YtB~jnEB~6K+3_sGj}T1StsY!ikHMMx1t+(9kJ+Yr95v*alHy~}%#vAFp0JF;An<{=4@a$lzIS_5 zKd1Cd2;S^s6bi-z>tUV^k<{VI8P>dT!~8c?Oj5VPwrau$IxZ9GW=B5*Q^i!y#rP2J zw8a<^``VAQPy_(!MQ9R%mvu%)^gaDK@v}P&cW|UA=DqJcn#0)SXnjD^{b6ZxUo`aJ zs;cx^JqQP|6|bMLutCjdl#W+lPgEiBz|!~qgvrYMFQ!QmM8JZn z>%7JV1=4|FJti-?n0y`gjAD!ifO0v)Z?rZ$3xy(1|uG<|9 zDDX>e6#K)s`Pyfv>8e`hzWW!*Ti4Ny2=ir;I|`Cde{S#>65iD6(3WE3ZpW(Hn#7wg z&A=msmnqz4YwPd5X;w>Y3^;0W$EkmFThh3AbNBAO7yv-`0Au1kjeOMMUWXR zKsb$s3%l$UXX(Cw2mViq*rI?j=FwTL(neIc$eWGW5fn{|`$v->k!lF0RL5Yiu4(?f z3Mdrvdk}oA`!<&h|Cy@CnU;7~AuptV+LF_VjTPN_-~H^WE@BwyNTzLJWULC^LfqvV zng_=~8^gy9gct$eSSE!QY(~h(&h!KP!*`ev!xuz*f6npEBM#?h<1|w zmUxyguF&qASj2%=T3VMgvnmznQSWbD$BN{5bB{J>h>)~3<=rMb=~b`AQh9j zm%F3hmLH_Tbz`5)bAt@~T-dP4Jq0Z( z5n$Z@y;2r}^GTMFkAeZUOP$6lQq1~PZ%0k;T+V_7Ynw7ieju~Yq9-K(&b*+4{f-HR zfrKglY05tKZg#q%fmJCq{|rIo)J>NMG!&FE*gr>OWjS0QkIRY;8^r2MP=(7!+7|k` zr-Dy`ov8DbUj42`Oi*tSSpHoZlvK4N@wqCXH=Z)odiSmdS(k(U#HuHlmmeQtR+ix&G#EyP1rTLy03<$w;QW02sa_T!IG$iU zvqy_FU3{^AeyQ=Bu37i~!95$!3(X;KL3T|D^y8UL2E zsYy?d^EB_tqCcxROK#6S(Y;oO@h{oP*b?ra!C^G#nQ*U2Ay-GMqZiD5%-1e(RKCdz z9$o2Z^Lb>9A@`PUXDd>!MkU|Dw2C>SWmxk0Qv`X3Yl>G)l+Zr~*jp$dq%kQR-cEf_ z&ZPlvlEs5|Bk@w@_D8VQ_KSkQsf8LS%@eRfXBh6hz6m|Z*AXUR&GGxewpV2&rHT}YqS>{ z#P+4~5SYd*`m~DeFxBS>UalyqlF?g~^N#KfM?&f9O?XAI_Z=%|jYhMNP;4}88?k8_ zd_#ZlH;sn|?T07tbAX!V7hB>Kq`i6m;}AFu7o15m{L}!Vh41wOf9C%Bpw6O8?%kQxP4$)%u0Ly#MwanQ3QL zxRfv0eEIR=ECH}!A-3RO&EYV-<{w>jcXmn7vDG@981sio1f!T^bUi)eL%9Nej+e}~ zGq`|GB&U*(Z1t_w4}V#VZV$x62Uy6LlnDLL-5baEONi1MREFCYkiW3L!xr$BL92)A zPDmZk0ZJ}+Z$8hYCKg|qgyZ6gC&~bV_uk!tTBDFN9$GM%=b~LD`k=>fc+14WD6Brb z^roKVJH%Z)6Hg32Q8D+yKEva%sAR<_3$B)BE{i|6{Wd+zSC;7^>ks#P9Zy`64|_si zuDY!%4C%dD8;9Hvsp~5H`{82AulL~@YpK==x@o#N!i`!pngbWakOYatAe2`C2j zb~3&Yq>$AIz1m_|YFSrPyHE`Ou(&A}^Tz-9ci!WWwOf?&vEM}gXNV_3|H{`er!?FG z*o)P}_$kWPL`mhl?wh;c;r>uRqZ4k&h(V||C-~7QpMdv;;2V&1(^zQ%6|5eHlt@7digWuq>mImm2@f|&d!t$fZ6`sq zsTdIcQI~VC^Dz)oP#I4BEoy|B;VbQ{h10%lRVq9c z8?J|!mAkwWyiii(qp*=Y1?zNH9yY(Mw*tIPLe*x!*^K^br1>;cjBbC5-mgN57VcVq zLxJ6ff|3TY*TlMcsE-LXJ^@^bKk%%!Nap(c!IIv`OBmXi)wxw3XqD^iK`f5Za~p(I zM&_2L?zMc^-Rj#02(}bw`^KkZMLy9@NQ~!q&qx3l+9ww!tL^k|nb!aq+%wMTZgqso zxC)Pf+2i^$QwM5{BAsB=?OT4hgluldsJj&wPu)F@CJ(jwwb(&JkDwAC>g|5!Nx!J7fjLx|CuUAz9 zbQst932ilk0>Y!G#xut9eW}nq@Q~S0Qk}T%hcvW#r}`N+Z|x-Mmn6aCdt85~{RbSrnX5;SJ@h9WH?Sy(ABrglHttgzD_8ZUPg?{F`L<;L{`qS}-fic^488E2kb2y~q#I6A*DDxC z{bjm0dO>c)v-#U7BKwd+Um``50y{H<-}v&-89z(|=IHM?UxcplqyDY7*`eO;8syM3 zw@>rQgQZma%+=dh$Z@lM?cjkv(Ffr2HQ?cE*oUKE*j}F*_h$&V%h~qHt~`^1(^q2% z34Z|*w9%YzTb3nnboaD;bbQERK}9>p5;cw~xDAu1_jRtwm1c>+;b$cUrG-N47UVfWzt0Xg?0$Js^V# zdKX)75ykv2DeG5rw63%ad=HXB*S=7jewctVaaec6YdE>F2ZMCoz}W0y&Bhp9sV_Nr zBT|BQiS&~OgX&LZy4+g_$-cj=hvl?~08Phx$I7?aM674xdKb?yJq`1@b_}7#%proo zMiS`ahL%L8mtzh8xN^R-E+6bKdUES;^DS8Wl0NrXiG|bj$bTkbUss$UZS0^bgaqMtyGkAy?s2;A`4^KCjS4{L!&7|JKMU!f&NaX=`9S zF9OLl!RS9v8P^6(CL9exCG#KP6ZKjDF2(e*_IP8~FFAVCKRSAI#k=QbR8Tw} z{-QjuGJ&qXZ!&LR$l7vpgW~+Gl#04Utv0BL<^fsr97NRzjVWlIi*5oWSH*8(EV*r& z7WcMj7$hxffQ}wErZ}V$>1M@#&sRkdl$pb|NBCIp>G}003KXZX$s^2e$+JO=U^E>T93{d3n~kI@(RxxTOfB%4Jf4Q_@BRcuH*Nz5dXTfh)Av-}{ru z{82#9?qu#%b`x=0> z>jzb038oLv<&Y<+F0m6r(Q6vJ{_|*AgcG>dZI6V=;`w$EzAMN}K|`dAdxi<6R_8;C zGLzF8u5Y7E1K7y;40wXP~Ejgzg@BINzm_zwYs(t*-zVQ6*Qiqw|x} zT>%V*XTX<W^Ay>;*_jqdTCoZZZ?obuuq+g)vSoEF zfCr(PNaw`Jmy_|i-Xd!CVkiV3KLWJXC0X~_Ovl8gU>XrQVP&!G=q$UR7&a;B4B(d2 zar*9igKiOioZJLj&Qx138~LXs4ve^hAH1U_l>*AUGdx#LFX^<$zz>F`|9GzC0@82* z+t^-`;<!3}xuS)x1MBkkQKsYILjiH1es4~&j-Ttal`^^z`1ek-LdA!Mf!Lb>w?K;mvOT5Ia}gW%Th zp`Q}xS4MjdSadJaIwpSvn&>{P zST4&QwPBag{iQ1^uvsql{(?v;@c;@%%`4zP7Q`MtXEVFJvImF=B9u>hoJXN7A5AgC zcSUn7D+ACqb=3V%;swyU*ar1$(d`lUipK%Fg%jc!@k$=Q<^stKKRz0eRoBH7xaFCn z@kWIY>GIfDHo(NY>(R_VCpxwc)Sb9`vP0RYpN>gZbO17+`akFN0^V0Z9vb{NuJlJ2 zK=Qw|*6Gp;?#y0Lga^gtaKGYHtx6W4>_DCZ-Bq}K;XgTU%;UFaJo4)7 z=>{@t3d2qeP(T;(diwKq0Axwto~`(hUZ<0uTv1hmMWYv3$?1YvSII9_n6hMeJ&ci# z>Ji(RhBDbUdg;~M+C--o?@7Z z2gcrtY`Yfhr4CKelZ~D-6h<2VuOAkb~ z>SrNUQf++IUx`^0EZ?3c9AP%1p?rOg9HtHYtW;pnNfIZ9YO{Pg=i+?BvyJ&q3@WmI zW|XB1$~xajel|YXCL7iESpLQ>$y(2KpT_XqX&eu}7i}^#y?)RuC#Sh*iOyd7?}Lz1 zaOBGE)AyJI+PB!M-x>~={ZVu9IR=kLDFq)GZeb!8t&g^0=cY?i@?!fi8Dx*aJs?FQB720g{83q6-T!Xe>o& zXLN3bBIuJta>F1}`wISG)qaz~y(qGA+(KyHGLwyml+Ex`U9o2)muhyTfuv z4Zw`h=mvZcZb*d{_am~lM#oFRRIPLTW^j3UqR}CWueYZkUzb8eX))15{Q_5jJy_Pq zJRJ}^fOvV{z9}vt{E5&5=dK&vnI*Tn2NWm5?MV>Q>AIJ&6d|IX`v9X}2^|kcdlZiQ zfv`#_HF+GYE5R9PJWihdSrvbeESec;{Lc02c;gKw5G83jHS{kBnQoigho^ff)qC?o zYr6iWVVb2>57AaQU!`~z-BIL85%eFltUUKxA_o>l_lXj!MKN@N91Z#UL8tc~Z5+RU zorS}Gy+2RkrQsg?06?o;-my(TB4i+4neSe(NG-7TCet)r7E_D%>?c-H_}YsHR8?ID z%N<`iY?-EVgME@%`}Q=otPyefVm=%f+7mr0_pMhDis%P*rdd57&eK66MmIH1%L)Bw zp-E&SakMu; zHTOH9l`~O%)X{#S*_vec8xQq41NOPwOK#lCexW<8k6$3_n*%v{N+;J79IK4kL!38#3f%Ed)VgVFt^Io$~3F-l&Y3d?~MS-SA% zIY^P=WYoC}U&uDtd*m^ipXjSCeEnRb)A^7J=&G*MpheM#F%_ori)-F5JgFXebPnPV z;_h#fmc}23zQ}l|A?;o<*`F7ix88ex+~PCC`?b%mdLTXpIN%)h5VSt^3`Pj|&zYt6 ztmVz6r(}BGsQsdeuHg!gZ=RoHk=Pe%ZLGTv=H&am^S!~v($61EM+yJ zrz_seg!GxF8J)Qh1e4cIXs#nEp8DaBD}J5>0l>8NedK<*4AkIDOivGfxLHFd9sR#q z=TZ;6N;wsiz~dLMz2!IjiNv?SH`<=j69EGWWMnkS*^Y#^C}F-_tZ4A7t{b z+(pHw2$!1e0ONAu&GiLzc`@9^aIhIRJ`2o8roCZLH>IEd;}}xEeJl@(Cik)3pn(yN z%ffiZux7pV6jm)#n1jm$3anKh$La*MKOdaierk(H+~9S=#XT$6=PO@B;BoT6rT^U? zD4QfFS~je+1Rni^Ivh1vvgAF^Ehx!-S5t@hY!{0BUYp&31I29k4383Aecqn%g&Tt} zm-pk+1pL__9%yw4@TB99{i6m*z|`~Thjw4Ud6;Wvoz))Pku_$h;UiXw@a*-9tbk5F6E@Hr{o)V`x9vUO`QW5&^#=qe;%=cZj+ig9Qhbiegj z1N1Ww0iWs-EVXSR&CvbHw}J*u%?m8_*vVENB0XQF=d+?~!QV>p^2eZ&iF5e1N_AN+ z4iNERSNQ`(uz%RnvcYv!2~8dptxL2Cr_X3j9UJXWK@0r`oWp`Ha3ixWw*Q#YdpCs} zPlG4-1&B4BAdxgOlop_-`IR*H8QCa`G_rQ#6N_FiS$|EiJlJj>L!O{=n4xDRu`_$K z9-4I-k$S$oZ&UXWqZ?-YTvxM{SGCfqhjotZFKeoiu-x6;7M$pK4^+drI%_$d&=Nk- zRcXM82{CX-20F$)IPSlzX+N#l1&o_GJ zv+YAOG*nt{<7tVQMiu(fQoCH~D(%kB#t}@H**dIRo;t zRr=vfzK(_jbIa2eWMpNj3GE}l$J@hhuiQn^;EFyK?3!^LOO~~nMisu-PB%|h(ULqvvQXgui}D> z`=&jJJiwjdykNCoTBI{N8?;Y%vPzkda6IV?Ic10EttZe^D8wry(Kpk>E`3H+avy7wH?hC>_Oi_97=+%P_m*azk2;7-Z#wuy!y->Sn*yGk$TqNgt+A7HRI6M6HcjZoI zVkJY>Uh;N3zoR1~OSc#qdo;g2uFiX0C;DLf><=yCmK0UYM1`$HVi-KsD-yS-2mQO; z0^}`|q?;u74aXw*Ra0>d4+WYb_v;0_i{mB%a#G`miy+41!x>?8i0dfcf7wxTU*M0f z#rp+4Eh!KFS>EF|_2WMV;);Q)2n2QxT_Cw1FHurVUh1AxG5glU2W3zZYC zpcb<&STdAg+zm$+u5w>4P`dOCZ#e0qgv>Bdk#UnBck%V0j{718V>eJm;e__xw%{#k z_iLSr@=e<6RN4~uL9qP{YJaUSNq2}N4-!-m++~NPw5>e@@x*O|{KHa*AdbE{jQuu( zZhx=Ie)NLG^&_{@vH6Qf zjMhqjxwd?on`sS?$LmCf=y)W-`t!2r^?rfB%N*Z-tUs7q=_}8R$Bt)-**Mwj#@bY2 z%qx%cP-y^Hhrewn5knOA@lY7HxR@ioE$c~gPc1`h7Fbs|?~DQf-lOT8kZzr+stw-A z0lRGT=o0d$J%Qs+eU+pLFMg!WZ+f~(6xT_ZB<%6Mpg8+e?%CJUJbi%_@B29<%kc|t zaf~?avJJ$qVNQD>R;!G1+u4<(Rfh_D+x$nXb;@#`9@h6eV7mwv^K~Zi)EI=O8%rw% z3`$|L-kGmt8SwaUYd#l^QJBd{LOEX6=k+6gO`8g~k@#wGiBEm*2)mtgAA1ROHgXVL z&ssw>YjzGVQBA@wZ#(^tarKn!3{4@1ucjad;WdMIQ54otT|#8pJZnw%t7pC*Sc3K| z%IRHtiIg(#V?S$v|o`w+^c zd&ZNie~{#4(|urkuor$A-GZHcdmg_@q@DHUwQdA798Jp?p>`95iT!efS>~_J1}bGE)Z6W$wnu`fs#G?Afp6URm7&yi zXTIf%8&!uXo?sCZANiOM-R+IG%Paa0J0R36op~l_P>?h8`m_S{SHDNXNNV?n=HNR1 zZk0!qecV2Lqxteb{dzF8-)*BNNedFwsNd_48~2Ofo|5bEv#$|Lm!GiRta?VT%i&~K zS0;1>Z_g4Fd%hw1HM#ZXkB+fdJm>=l^&=j$@L7s)IFP-#MMfN!05hmOX{tF`RWuCF z*FNR<2NUGmpMB*tB5P*`P!hf0t~b>;bc6-#&x1wFuerVj7#4a+GNrk99$wBZ0Gii! z+aaPKe7HlsHk9U`iP7HTecrTT;v2(iX z!|?Br_I2<3o0wiJrD$xhhwEqQleIoLSm~gj$A=8vdNR(KR{FDcdE_vHoXJs!=0?f`&VBL@bqTEtkqIB?LIV85N<}5fF)y4(LGTAo0<6ISV+F>5Y z&ic8wM%#Bfa-_`7@3QqajizzV%X0NkXwkq(qd^AEX}T6=m}sGVc7G;hi=?i^>mCgY z-Qc?@&+Z6ZnwK)aK`{;Y=Z`rS2E7W z#D?)joAJSu;Q!!qZ+@U^+!7~io?u+$|H{`Gt>|&02x@%*$a-LYtl3~Q1Sw(Je*SXg z`Jk}vX$e|yynfrP-;Ea|I15!_si!3R8kw{O(|rt|@N8ZTNb$|EPl=CwwF9)t!AG}7 zgdhSH?sF7sIYQ+)htwe-TFmk($SptG57Sq@&w_YiI0zg!rqY_KV-kXs(X#sg0rpQ% zqGEK5{;+F9SKl(^>j^BxV;HaAw_K+oF^(L z*$U2a+3^ZI`}o+GiX=N6uF6@FjWhOVp2c3COI&+5q>C4j@AKayq@=_ozN=x^Amh82 zMYX>#ivvvlu_%{dA33E0&nThJ(8Sp$?7-iOQR`ghioR| ze!krI`FWn(YJdAzIGX+)$K8A=e7%G&&G`&ex>VBMwVv@9%V{r+$1H6Vl5J~ZZ>T1& z(S0jI!{b)-GVWKLf=6q>#@t7N7N25P`d}O-`4EbnF{)r<#H4?PZ^&sApob(6+LN>3 z+160WzW2ZBoE&ndl!jA_a_xbn{rY+W{orLkzK?Oe@QanjZD7tnG$n~=59lw$7M&Wc z+wb#bPxk1NeAzWx%5m+<3vsROkZz@I_vg;c&5geMTF3dtf=`(-0HaKg-jZc#uB{QTg|gJ_7T% z`r8FOh(~dnk7RqK7P7gn7UO^^R@r5G9+wb(0t{oS4EP&XLBwNFEw|)z{y^J$$@vp? zVlzoUt-qBE08SruFGi==3Rv-eJ}yDo#mcX?YewK8$*EBP_>3dbdrxGvmGJSHn&uiO zAhKXM;S&7dd5dN(>u1NRpgK6l*H0AU(ceq(neW_UoC8SGp~8aR0*`{^vqVu-7e)*0 zC_1#s4%tBgM*`FT);u42TdoysP5%n=-W^~t)amjQR&DzmBjQn9Cj3e&X<7sk5oVWH zA97}R$AwAUizfsr$eH!U^aAo&ZK@=hms^gUT`^x~NBDnzkUhsyPSE5&U%~<5i#fRP zOYZa>T@(&f4YxEV_(%P|W-#lD*;76t7DXlEeoTk{>COSP0{i){`<^G8-evc_hYN=^ zK%jUA4*8}|%;ESm6S^rY4suk%+_rO-tjD(jp43fIWsoYNSeXt$Ty(#| zUSWboYs@MBcOuL4M{oe|XJGoqsX}}q3FF2^$Mr=Kw@&R|@Lj}3J{tF`BTpI)$NiD&Iia1?zz z&*wO&r){`$XH@x~9T3{&(6^l)G%$+J=(i@jJSH3T9#@xo39!H`j1isDMdv@S_4+mW zlNA=u>7d`-FC@=U!I#fQq;=y73+!~CqxqgVqJ@$;kAEG2p$GHf_~sQe%G)>`o`L^Q zspFugN)keHPo3g;F7nISpMMt#QO!x;!=3EWk<10PYp{AKdtYF#JRKJO;ZNBI$2|(Z zvZwH)T^4{@hwph`3-EU%T*i-h*NPd{KHJfoLMB{52M3H={cM{3_lhuF#BR@jk-Wao zge>;PF~7XI;B?+zLv(-j5142?J@00KJWZarbP#}G^)F>#j>VZ$fuHvs=Xuy`m_!ZK z&JS4`yJ|atE2R06>&G8K*sNLf3*%5OAfUEnCYNbJ(w$X4k*BzLT`7p}utsT_?E~iR zB!%Yw#vh~CduPv#g`6!B-Y7{w5*_!ZiC%%-;6PaT)9CY@Q`r1@cYzytlwlMZTN?FB ze;%fABe?aZWLLlElc&Iv_2r8;cMkT;E*vCuxqDhsqI)?ibB~n0RWn3N+V|!bw>tqJ zoznEgSI1R82Y&_Qu=osoZ8oSD{d;gGhGCBS$#))5nq^AXd@uJFOnsceA1h>y_PIUy z&Jz{;uNtZfwBo1>i=ezte|h2>A1Rg9DzppK-|F{ ziOhttz}u_b%I_R;wrkzs-$#Bxv+%b(Y(1<7ZsqK8dL^sBl#MMOuN~?J=zd;P19-iU zWqrTLMz-PEjAmCPT%vhn^ zhfUyN60uzG@%x>XdpP*0n#rdpBe~2+DZ%*ZuHLia?BDb%4)48*%h_kfkHB!aK1y#f zEHXl;?LK9b$-k=CBFc82ku2+)QX3JC-aeA^=b|L$ud2@Dm3h7!5`Cq_(+^&b`(gCY zLW)!I$2WR@KI`V=w7!NhK`GBbejKis%)nZ+YM2p}eFviuj0^}x`&rN-16;DNee>{x zZc~TmO(NOU#~8AH{kq8Z zzLKTJ_PK=1&)Yud0>ENR?W4}V++S=}?g2;x1LY#p&pHOZ_$7^7Rw1=@uco~71`06L zU&B)Q{RgfV;+;4RdOp(RkkGrsxxE8c)uNuG52 z$w_*@Od}ED|5sHcXgcsM9m)IoxQ0P#1QAhP+Ei=~tiLW+daCx@63-5X*=y|IeVyx{@y=;Ybg)5`xy4!@m+aGHYvuagn+!=1#xJN z5b#O%J}F#FbQsrGvCaKezOvW`aZR*g27#CRlQ;&J#~|+*!$H&Md0S- zg!y|OSLgA-y(K=CNwx|)oXt*gVxSSZ?<)fbC3Lf`Sj{Elsx?7>#B^NT@stuhGK3E%5!M3fqMn z^j)Z+Ked8j0_)QLVEqi25Buwd7bJ+>^MGC`SPSE2?cp-jk5}S@b(xeo3Qt(KV<*M9 zRDx!>mHQ3@Fx>Z{^jotU9zP2?ND%@yP@@?{$79amF2zN4jvjRgki<{x7b<=e?ujm3 zs$Te(swHSP5+F;vv5@%1NPf=7r6s>L{r#gL&?-f0CkQ|&lbx>#USQxK`-sNoeG4xy zLK=dff5XMxFPemRErOA^mer;sy@*e@qR|LPUZF~&z8|IDPdc`l!w+=6C9z#t(^t19 zxr>U%kgP-9PChSRiVGW3Q}A&-d}7K2`NUW^(I)*>U|ycYANLlz9DifvJNn*_UB>=V zSh|QQ>8eHiMC24K&JX6Hvh0!Qxq}-(1mICI+@c&xTViC$iOfo-`E%{J!7%Js(oy+xUbq*t3mig7= zgr^>@CCeXUIxj%mE$AQg;m`UBTU>c{T&xb4(*+;iv%SB55R!c(eZTcvjC8SXR)3fM zpt4hN-X5Y#Pwje)G=f!cwxJzR?6Kht?i^mJVuHV)Jt1bJnS|SinZJit;P45^n0*=P+&bGgld{QaysV)o3Rgre%wE#1;sFHC_rTV@QS7cDy%!zA_F z`zipTxJk`k;xE6eoJA2kJi_>-qw?02>#&dAu1aS}7%HmV8^X7rE4UVXC2=C1)am<3 zML$3d17YUQnEDZ7mKXVL%@?4IYTA&LQ6=uL{J`<@Gn60y+U|2nIo{jiJ$yZdWB@2U zS_F>s6o^c<@r@%tneQD1h)F+D+I)W!reC}8%{aqFUCLEyw$Or&GV+tv*mEuMq@zD@ z)Mk%r!#9kyC;J!RNN8=yRgKGGT@2YpOj*yim z*KYS_#T=?=wS3OZh0NN^;KURV4GsHh`cp{x#J9SA3G>VTUfkwZ>56ra_wHVHY4#xd znH*{W>DqWeSFE0LoDoxGx{=9#2NoPK*V_HkW11lHpwG}(-oe7Hs+Lkfj3K zfQsb8qrA#Qmv-dGv=0hd1gy{XGV3;?Z~pTv=AQ@y@dXcke@y&%7rrR(!8CSMzYBgF z@OOPgAB`685jAtn*6ze23EWhgx6kwk8ZPXUH|e1$-yKrp04o@n?m_kbiTKVOojmJhqKj0TNEKn6BgtM;PtY%URwp z%Sbc_IPGJWACdjbLkC1wU-Yz#pvAp$|Mb`*Z!m?d{e#XOdLOw`%^mO}3bbb*G(BOV z!0tNL4n{mV>O9Z~GsYBj{OsYHA&C~uX%4q2B&1ejx^^zM(+To?pYP00J@B2|6#%Yo z516{+57cLp6n2NeO2lB+(wi3oF?^qmXZW(VI<%fUx}*~ZIk7$=~ z1~ZI8e&fsHq1wjl_ah&ad&IzhoMAd0lYI>U<)+=gUK2B&=KH)q9#+{ViR)|+y#>n! zNgFnx@X@*{*OGJ3S^YgPfo&L;rZisyBM7+_m)U%qIrDW-fXc+fh4npA>$`-9If)Am zBqw#6B#ES0?Q^k59jTyw78GobQnL|)l1V$>Mb1-TY1V!?PQ6V>nNMP<^Alr&cy6C@ zgY8u|a83Me67HzWzB7HD_%V7N&mUvEqprA5i59%VF`kv*rQlWaOaHL03MX?mJ^T7f z4Kb-%MW|o1XckVvj!69;H|VK<`<5Z?6My>>9yDZH{n!J2LL~C0DP;ZG5Q&%?Rd{Z-q25^aeRy)yvp)7Z2jMDwvNm3250cjrv`F<{FOWP;LAeR1@*y~s83nO zyY3~+{YW3&PxQ&z6f)e~*9Gf*pQFC{F?^2b_#XH5X1`*=(z`Cc?sM8z%?$R@8T0%L zm6U-`M2ZCP`{mKLPA5I7PHP^h0nct4>r9K>1BjqHv>)N9&E0M({eLBbjW(3|ViuJeKbor6{N>_I<@lsmNtH5T;?2NFWk7wwW(Sl*)PT8OefZ>2)0vvljWXA8Kg0) zpB9)r;zf@4;&6DC9LxLD(JWvrtN!*--ds3i5VS8^@ed5hO-sxc0XpnJs`$>@-0Wu5G+w7Ek1jPP{$6oG@WkB1uHvUP1D+=bf zNmt{&C-*Dj)P6SS!)C?ET^>$9+Bk3~49r2%Aoq7h@XcSEI+Dq+uxOax_Rk4TRQSK$ zSL1EOe>De0FVDgL5kK6K`3pUt+LsYhXbqegDGl?+8NWb2eXHVjv=n+^nf)*EkDo2n z5N9-Z-1k5ZwCXMI-R-CH`*5KQr3dcGDO~b4B}2Y9UXuA;n&Rf0iaOQ;=WPT$pWce81U^UPq?dm$|9-Gu>vVP zXp10cl0K#9=rFE@51L34d%7QpdViZEm!ABAi760FkXD$k_mP8tPWXUjeUHb1A3xO% z%vT~zAEUYsIruFA^Yf%2@>C5E4t_t$SX}Pqeo@X8XS@5>mcwkT_%uEsk!4TK{CE1l&%ZX)>5E`WN;nah&?&c?r%I_ z;~%{r)9-&FPf3n_lem0EvP7#;0Amh%2!} zwzSgk_;MQ!G=OolNtPL1<>&9q#0iUzzu#MqLrhF%l^syVxwm7v&=b=c@SA26cGrGN z#X%h5%jfs+?6SX6Iv9C@YlYjJD7^`9l%Lbj=I)QkBXiI)fYqdV;4Bw!3R7r$V&L0(GciKleNze>{N8zPauHMI}~}X1-DhmAeBqI#l!eaE=|oxd0}xk z{ci4=l5E;XDfll1k4ZcW`ROwm`>GoHl4R_w_TX{C;;gU)K@3*comnYl&OOzfkq>%~`NG_dn zA|^RvzqB^ZlgwEs#b-?-MT;{C#8^Fo)NPq0y{7GxgiSDT#9}eyV}oE$q>I=3fQ@%A zK=&>>c5f`0em&qi58SBYm=vXvMd7WKhr>OodWE&3m!G0nWApG4a{636%OQ+pUXs)i z&FR72Hp3*CP>JsQ&~gNWRLuw`sfKfR<^1Lg32>#t8#u?`d#$7$BQBo&_yv;x9&AA~ z2LvkP;=I1ER|emk`4%r5ld6%+-FQoj4Ji0PN*b9)F3_+Mj)01?1 zKX-^9AJV6k0Z!vH{OrCKcl>?pzIsbn6?RcswtQs!67d9Ktg?2~f^%yCnZOYOI_6$9 z55mREBr^iX7p;qA-@W3r9)8|}z(e`Dr@9#tCTW`~Bs?N3~?%}$|2?m*uc9sDnV;8(}zVRNO5R&640Fhf_UQkuL13@96L=t z=!a)Q>d(+jI9hUT$bp~uc;CiZb=w?4`IH6YugJrNrDY8Zd;hc(L!6TM4I3=`} zmR^@h>1%)4TH_ss@fi@ts!^YsbudoVtZnNZe+<@<@A=$a^ralj1A)fYeM0)cOX{08 zUjELJI8wpPEe=E=|I$710T=DkyyKVT&KA}_q%ai4N~8OpXBtr2za&O>QonzVsb`u{(){)n#AGM5oR@b$g!MuzOvCMiAvf^RX&P~%Fa_TD{U$OF z-SM@VEc`<-A~Qex$RR&kLvv)eFN?g!tBjW{0}XkCKkAiTCvvjj*XlwP&xK=t zY+yT#g8?uDUnqPd^{bry>{^>cHGi-#8T0k8XDeI!(a24fQiqw61|t&XAqNoJyNyIj zozTHX!QJ>lsHQXeJy%SxeqY2a>J`>YsDk*rd2+0M8mF&y5CY)^NKOGC8`{ApN_4I*T=nKt zm=(S>-=uSI!N`U90_zStgoL_2U*!Ipx_Vgc2US1qu7|knEgDgGLfWk1O!#Wv`|D4d z9%q8wSj+-Suir$UTPqamAcZ6>?63NS4PWQW5)yCJVelO1%cW?>v2M<7Q%Rc5oFmSs zA+f6`?1~Ag^njf5XE@det1YmJ-EQAQQunr`oF)DgxOXl&)tTetuhQaCSU2RIaa?ms z21<7J2uQdz%lCa9ClCYBiu1(8RFh%;oAyf=Ot;)deJ33_WH0r_;JjCU1ZW`5(UV@M z4PWhRcRaB}#NxV0-aWlOocE2jfoeC8p&w2coHD8%p|T8lRHr5q9^r+q*uxzFAtB?B z$@{ijb}$XQgo<;$j#wyuzaLq|czi5|r+@=wk3OqIAfNDZ%i%%_!1C_F!p3~Lo_#(z zmhtz%`+)@zpiPR#7j9VV{l&3N3F`Hh=GvNTTLN!0=M`u$Z>w+06^|zi9VPzZyS}7; z{EjN@3mo>{=YG4^cZougKghib9}C>fS|l#x8=T+E?x<>9@GU~{B^CxOOZHj3NCvMP z3Exu{bL*NYTeDC2FQjWs*L7oY*rTq9{9be+@Lw7J6cyvr1E;6(Q#9cww<*sO*84T; z7(PVR{4D)=J%ouZb)BsplFGQ8o%syL9f>o4_a&(3m5|{3ptI0qa1-8x8N<;Q2D>Ta7p8$H;b$gT_+piufXL^t8 z`RV>{hu4UvJ1eaAi1JO|^R}ZGWfxhAVkwnM_(@&qFV&Ve4s(4EGzWop&@}P=H?*Id zIfx!EJCdBd9>4|O=-YET!0^uV%n52O3@mh_5XMGGhc5f{Cql9!R3|A3)l4MxOwe9z zDz$rW`iM`5-FTcwk|#XH`Y3uYd(e%o6cx zo*w~iY}^@@)%Z}1=`_YvuUB{MEIvl@(!fd6a5MbQ4!yr^bVD?E-NUUZ#+V`s{*e|Z zW@JKjg|1g?-@g2nWdzd-g))#a#iCzGjdjS-)PbF=D7c>U(f2c&yjB#C#J*P8??zPd zsM5W~r!iIRKa#F%OHpl${*oktM~NaqGRm7MC`p3kukT6q9d%Dv84zKI6=ranX?n?k zl(o01@AZ2lckA$2yyHHtb(kPmYAIfhr+uy3^&HXq>}RfuFFmd%Iu)<))E!Q=@p9tj zYrf|XBTfg=0oCA3nRaZA?^Z4k25f!HV4p)D;`#G<-M*uieaTLTNN_`OUC6fx!MWSU z0D2psU$B3=J*b4ed5~sK^0k`C%j+Nk-qWWWDL=Gk<@%NnY5fe((uOauF-OAQIF%J8~SEi>|a^^m_b6DN^L_w@@E@si{wd$1_EpQpCXF~mv`PM1gq5JY?X!g_9$9aUKkTL8J9SV_ zD4&yhL82tUDII+>uxUU+3BPcfUO+=>NbF&q<_Tt#8v_an+!n zemVuM{YUHdC8>Fa)GWXn-4qgjOgD)-e6&?RqMVz%MS&d$REhIP0Tw9)sE|A##0rHP z>!kZ|i2NOI;e)JUh1e~MbroAMODr^>_?!GRuKNa$AMl+!Nq!jR_alpN09bnE51FA; z_Vz=qJPyM{F#8o30y-~L-RJS{LFqoZ>}z)p6TTFn51mA|2evbz@Mz22u|N5K_)fD_ z+1Of2+m&>^5=HNg`o8y-@;l$TM_%m9@qS5~oudzW3{6O+QpdP|xn=M;)!85x(UvA+2}|kew2=GrIgYjCxR5Ht$R<)$TtG1b-8woJ>yjw{SnrHxj_J!BmcN%(h z=hk5ewm66OBozM5az8#T56!`AshRgbsd4g8TgP9LF1RMkwU<{*#(yE6rJ zm7we|9im{&NZU1q40?7vg|omP(R=uvh*A%n!GXe3`aR$8Ei5tK=7HRY(|V%Hl8FS7 z+N2CaY|I@O+}rH{yPt1$XT#~E@a0Q*F!?F#3ZNyW08xmtMd}awm=y3rEo@J%4B*(& z?wgxm!!C4Lp=Ned}$JdXQ7+*7X4X-xfNn>W9tR21Yo6I&VnIHs@1d%#?7JmO%3Ur=?^>(>EeCOZm4O)usF4bX6#xqR zrR=j}GTGl*Io`Uui%*&p+aP^cP6x9CH1NsDD|j6!g=t&x+Sg-Sjja)mTm9ZsdK{{x z6A&}Mu+`4A0h87~GZ6dWb5#pN$sQHs{ZRL6nLyi)R4P9CgWC_D-Nr+dI^@hvDynA(o%TzF*gEhczgNn`$+L zl2|b->zhi7VtL*clg|dOb=u>5ksm}qzkvf`8hI@mmMF-DeOzb`q8E7o4-jg!%J|#n ze=Yu_W3yTaJ_(NV$CvwQ>yyFxl*)=sqMbSr5mW(h6Pyr)rg2=x_#u7!r9OsaN)(G| zlcEtGz1Exqq;Eo(WC`e_=2X-XnH`bwJm5D(Fe%(QbC^DPDLHBnXp#=eHQIhLH(e%} zj>h)zT?pzv64;u7U8GBb?Heq4xK{h+>TW+3agG3HCYwO|B+`s;Yuj!USMyQNoc!}N z^kO=HYS|BQ=~{=GfJZ z3lo%DnJ?w-cil%|YjprnY!^HJaJ}()9k>m!u|Fx^m>`MRT_#tl)&#}6{%FX1DCQ1K zCjRah!h%CNM<3sNssO;X(-N)ZY*!B}if~Vj^J>N8EI8EQ2$UXLSf z*q1$;eE9|Q$^`7gjC%M;d(*@7rjdye?OdlsgFYQLS@M?QQ<}WsiCwJgw9DGoJDLAuk;v{cQ&7#>9huRRIq(+Y^u!xcYDmGf?Em;;0b9)IaEH zHKuGyY!h7czP1H^o*f9lfA#T`L#HkJuesXJVZ;P`>Ms=5 zuft+LM2uGW{zq4q<%UemKj$lrw%d_>f~XFf$m~JOqExBs`v3{77Se;wSdW-$uKJ!w z%CT9?$5ra~73w67Z)k^8vEcr!_%%Km^4s*qkfMJ_+ZGWqscn9e-;o1i^F{>z??(VO zCcYpk1ttSuw9PPA2}M;i)PR}cex3ID16xhN^nXa=lsbHq=hx_S9P(+!qG*WliT+d^ zB2;Ddr*!3r$I8IV0&>(Cq>6;lMhL$729ACXtlS=+YL0!YnVB>aSJ;(B{nIwCr!8PYW zBnrthc+U*?_(K71LZzE-y*>wToU-$mYTN56$ZG_1dkxH;ceS5fG1zu6nrwBN^r zbMxcebKh}4#=BZs&NwRhDe!E#xW62n+fQP`L$`0+dqF^v&s7R3e+U_@=-t2Id)rRq zyLt3y*m*wrO-iW4E=#-5&7BKWAO%x4W-Y3hc7O2FJ_Glm!q?>?m*gTT@9)|&E?SBR z`J8USn_Inl@LuE3vpJ|A-Z$^G&(VzoYeN(hMc!Imc%hDuK~GM1w5t0{+1cFWfyEi( zna2ta&*8OSQ?413yw8`rwCwk!=C7d#37U`af~OQY$%>BEMDS%&Z8S6x(>+U(yy$NB z*fjS&QMrGUlW}F>SgPj|tWaHbQ}=y`^obt|R9M2{ny^1t;VmTCQkxR>c+jpT<$jLb$@l+8Ip$zw9r=n{r%urN6+6TRTuFZCB&ACt~k8=wAz#O$GY& z#PrRDh%QIzc0QFs=e&qpC0nVj0L)))C~etx_hKI`WpQ^`Sv~J|@a)7xUMf5(YaIbx zsM?D$aa|k`9S$nxj7h~`2ms47{#=JKk>4mi*0!B~cjTr3MO!>UphIzGXd-=;=>-E( zxV?@RkvzkFGk)=`WQ!@ht$6FZr!w4#&_(I#zd|Q|Lt$1(?-Vu64;S2&4$j;i=qhLM zQ?bzP=nUvxE5zS>N_?Df8*d(E?424zA#TPJ>?6!sjC~3eLU^#@r-I`0XJGv3Z_20> zuzfEAfOC$nrz^(^0l`0m-R407-)N~E9%Zg)BcV5gqu#@aMqc!gE4I-QfZE{-2^LQRlrnmoSQV9GBY`|;M-OGks+PzhQ`Z&k+4~tZ$bh!&{wpV z1UVmto3c67@{{)7VB*bi>Ul3*v&)-cGv)d5DJg%eT)qaTvnO4@`CXD#OwncO-7jW< zX-kg$Wb z-?@rKU+F(YB~4AiFS#XMjW95>I^l#)Ld2Xr%`wh9@=A(PC zt2&J3+CA~!S65bx_|T(#AK6#gXeSLFxhsbkell6-Dv91hqv37c@eq+}-hK}}LG&|y zi;q2Ls?&aY*Ww1PjCkJ<4k2|OsW2vQ7rs`Up72>gbwtWLH@;we51A&&>X5&;MG}j@ zVl#J3zEC;%;dRnYX_45+8}wY=mXlHA^j4l}Z;jY)WcJZySdosh z&LHJ+{rYv{5vc~;6sp;!KB1s_l~J#QodK*zARvPS{nwxC$AjyjtsPAy3>kD7(;VbBr5nJXjtG*4Q;yUy+3^VrfIoebABLQJ!t*LZCy^_=iu=#TAx!{{RV zA+3krx9oKlql#e%FVGx%ZGZhq&d91N0?LH`%?D3nt%qy#()$_?_xvF=``V+Vp0vQeM8z!iiXE7P!p6*h|YF9W|e^v>XUw}X( zLn#8f8OK6cS)ndFh3g|1=D6^=y^GNr5wC{4MsZnf=`?kb&qVvMJwW%+f4|S+_vpDa zHcgOxz>fV=)N?9s5wol~`aFI2x#W#N-WJE?-sX?nL5^Od)tKMg<9MJ-;`ou~6}TK} zuOr^?A<3xqwTGIc!HCz>VnJ2SzQ}XFABgokryH>OgNwr6pb>O>`5LTY@BkQe5A-c` zb&KW1X?8lWK<-mcgA9gw4M4-3P>a6Z89SwpNF9|sS$TID!i75ih@rMrQNIf`aKKb( zp1{%>_ak^;T{6-`3)mWJwjo%tZGVE`j+*_ky+VNih3k8P1dCmc@nuIUgS2H9ynwuESpavlqjAJ#RH_5rpKLh6 zhVJzEEcE59%8J>i)blIBQnIQZ-M4GrD%gYA&4slwR{I*@bLT(!V#=E)#pG>Nxpa(#LQn9T6i;4|KY1vLJOsYX=5b+!w4Enr*V%u=%ssc*)D4P7j2c*XO z>Nvl>s}J=)yyhTqqYPP+khwR~6-+1(IZ?I@t z?bjKF6Ofy58u&3Skz8JKncuPqiCXTe+FX3}T}DGOp-mkPi3NMoQ!aDP_v#0)lEt^- z*6*qUk@?xL36KAuei}Osz+-x>-XRPVp8o5qJ2l9ZFkViGM!nd8?A8NRR@RKQBp*gU z!9}!xZ2Mz3F1w2qAx>`2bf02wf{U)Y$cbatR9pQN*t%=_-0Nwm`zDo6XdXK9NmEQe zo8O21B&N?rLWCm_FEo1{SCj>%G7axEcLbb30ue0#R$?rE4U)&)Y$dPDkkXFmP*5$RvAJkjbM< zWM0Hl&|m-q8{mJ)fX(X|-IwFrmqae2O6 zUNPo_$aW|HJP&d@@wik3%(3ZE~-(FXAK#%Eu zU+tl8>WwI8GTTf3i}f>7F5*p5{BcSdgYp>t0hsZAGR`xs>G;0oQZ)~VGK7=0UWf3l zT+iR2S5%5uCNAFt?YgJ7w_KY5{MK8dZD3O;9w^!#z5ipsd)H(SW7PaLjvBxV)F zYVK_WFyZ8y*iqW);rBS9?6Ez&}j5#Xn;G>FjV+ zsUu=kg$ctdjDqS70qH6i zPoJWrZPc6NuIc7l(S7!nwUwFX6jn87sb*z?>@v9MR~H)~TRg z&w~l2#QsO&&7AxplH4~jRl(b?`{oE?K12ZuwC~)jpji+Z9ivs-2!x|xhN{MPc_^HD zIKl&iFkvfvyy&tHLwLOB{xNwveNwG%j2xZJshUlu*nPGh0W*jCvrkb+e^HCN+!%Ov z;`WLQlCaLQ{ghs|ZE9IE*ZR-=DRrpK_)xe%>lcW&J#J%skNi(4 z?+fg8^q`7{U&`_IW(jMR>TsMdanZio0GvHx(1p(){?gLE`wj00#JK!pb2%NQw_$M* zPl(JOAvsFe=ND*^Kj+7P=t$gY27>;mS&5JOKjY#UQi0ov^jj#fG5OfUe$gb(T>mT% z0)(k*!wv$R*b2IGNn?(I*WJpvbsy)ATo(S^!qCV@gt+S2g&5@`diLi_nb5#8b7+jh zcqU}N_5#}-k-_DIB#$dj=3$!KOaB)PL}SbgoI^EFPJt5z>yq;1pSs(VKfrW&(Zh(6 z9*>i&+D3ODphem=&3=1lV>_h!-;Q9>SKsWfbp`Yyomumir_plo#(gSZo8LtrPP=aC zq1v>YO}}e_C67vZ(5`Avob2$#7+?W=U%B#SuJRijI^L>qDblb0hE$%0DHjVx%9IiQ zcSBiQ3vTQN^ogQ-J*0ebGSV3hXa*sE``RbLP-cn(M-K4=ZWBg~utyQ-B1|%;QM9N= z@ZxGoN3Hl<^kSZG2l|`L!Tg~3ANI^4PABlv;jFn`pL*0b>@-K_=^<&vdvn(mer{Iq zG;P>-m~($^w5G%1RThfJh&(L4Rp{5DXB&eQ4>Q)5CGM4%_jvmS$OunTwyMV?vX6Hf zTJ(&o1G3Isqs_a^@3Xuoivy!LAuN6C$*ppb81=s+Q*{;?2j4r!%w!=Qb= zm^HfWaWBDr=HDxqzKXteCY#hd*I^QZC@@-%Lv0ZV|<-x#wBH^sfux`ePjp**nj3<7ESvF(Jl8@#`cHlsv~x%>TKtz}++(_2F(E zsa|^Dg0P+eb~-S_^~X5}=uUhl2tQ!G(Ph6_INMkWevtqf8v%8*edJgc01aNx>Id4` z*Y*~HhOI&5fAxsqy-J6xS^_Sjl>=zXD^(p&6;y3<=v;^*nv&05^j{J5aS2HEPN4YY ztFFpVtaF|RrE_(J)cke79Ss9*`7OO3GAL^f3|1Ae?9u1NW{g20Y_|e8N=Yh0*Y?ERgbX%`4mEMa7U<~2E z#r?-Ux|6V%Q;c&E1%ws$ABFb>WCZ|cf+=cu0$(XKw8;E^iEx(JvC}>Urb_Xa7}Z z!+wKoMT6BY8#5>WEPilGzwZ&~nI{wuUmYLNt=hZD;T;PBh-u|t-uc*s{axq+Ec^f?ZASzS6{$eSkF2$4b7{`w7ut&(^bkA9*kuz1$8E z{rN!j_An*HW5360bx>ZvY|XYPi=n0xM%klRr7-D;ShrT0NGZc*q}l^9g)=S4OgH0j zIW*V(q>>xqcg7g_9X8*~z|$H{DH_!ft-O36Z4@U%twzJ$d%pmez5T#Fp(<~4q2snd zDJgNE%yXhi7~o0#?0IDc1WsWMpb`$z zN9I-yrl78$75e#Kul&92hRa=8qJ}kN_p&3mg@j&(#XC(^FI~a=wOf3h`ikFi34rZ* z4(GEErh5yQ#x%%sWpThl!m0Rad0J0G2|awP=R~{N-o*Q70zDW!Zk-o^?=#~}3G;P& zqanzs1^$H1*Pnm2_5$*@BbM%((h0~Q-M#JxfXJW}L9g;j*>oelITD)s?e0`47#EWx zwXVA+q+9R#uxRDq89RjlXl>{xw_cd&2IRUkx|sOX$)jNd{-ao-e9@)Dt5s7%QN(5I zNPn9}8NEJGp;hf_aH>Ex6gO=3;{Yvr3QNK>c$}BvA~jodf58^&lB{(Kf{k}k?ys0R zlVI@Oz03NQKYS=SUNEakPo1M0}-$Y)14`{UKy;f%Bd&g;Ik4?$6+D@bE*W*#`S z`D+vz)eLA`r|T5bPadzl>B8aO(UE)BxdVv@?$8^Rwuf;}mkW(uq)lI4zE^)nB{^jK zecR(~xH)?_n&?#U&Vrhn@5|v^XI$c*rE9`=kiQ)Z9g=;Ik%PxmZm~SWz;&9pgB2dp zU(vaIQXA$7LCZieL3V=HB!Hs)VzemsRio2A1^d%mFsh+T$L82ads1;S9g@!GrIP@z zjH9{~dbNQJ>LY*(z`o{^wmCZW(d7>De$q_R$2l;FOz6e8sQ=UII}B}($V(wsv4Ja@ z_Vz`gond+hjk5P8oc$uNcM`vV>jMWpE+XRYdGvL3^}lP~Us4wi?06~{D$j5S9*TvY zAgNvfWoThJD$e7v>bLv%`kkYepXQOprM2somCm`NEqeT+_EW1RYGu8*_cM_We8WL_ zEN72zRP%f=7xc7b&4;)7#L>$73g7+(5KZzc=kGBJ>^$WTiU(oQ-!r_wQQ$5P>$L;9 zRCP|#iEAI z`4e=@LiJTyrsqfUIS%i%gfMrxRhQZMh`|k`RypTwbtv+L-sVSJwv^}t`V-=x#oa$qtID$HfRe9qkSoDd463+XUFSgg`n7Q)IIbS*hjQrGJ7*Ua>H0kL-ecCr(?KY=@{dy6AW(HzU43l! zO^BX%Fui4tL>Bd?DHq2r3nyGD{`hs?{Phcf{4Zdf^-hVoZvIpjXyNU2zn3PtN+KZ{ z?0&!YxI3=C@2vO=#34;-01-^6R9L*Suov&{<9WS92e;Fubp`m0_kRpkaYg)`+2CwT zx9l%&GMsA3OaBXxB?Dn3?P=QFz`9VAGAxC{wf?o0oFBfZ$!*I^(PFfG1nJUXT>VJW z9vtNjmy2BqqqnlVd5WfU2&pY~l~KLDML@SP@V|U8>=(K4a}CE6q}{6(+5B{vp()!*cnNe)^oy$CAP;dfYsMhO6FiOsK{M2Ql+NnpPBn-vtc*zgcpTkCRw8nEN z-J;sPc*3ujJ4t)Yd*6p`UhWb<%jfki5z0HU<|dZAngL(7<4wqGJ;k7mh&_NvfT3A` zPb2)Tx}OXBHRQ(1;v{>hOo$1PE0w1&Y$XC+>K=4xYW*GoP{_g~F1qtV$ZvHd>(FOeT-?yEV+aQXWK8_SUTk(B0PDk`sg$sp@}d^d$E^4neKA7 z_Jsuvq}QAo&(IMbeX&9{E+gv=o)*H)x+wE$jL!Fx$ zAiCaC`|i|ag#6qGAw)mYk6LT)U3h%C+X~$6_1K9|{((~2l-ccxHLCl6_hmeso-Kx? zo)EWkFUjKrEUC*p2i_d--w+wVNr)5p1*hcz-P;81UqvmYADm~9M-wM9CF805@ejBW z?Q6XzeP2vdtC{u`{P5zX17lb^%}{lFelUYNCL;#9639p-kD3J!!t8s*jk+opAX(e5 zy*%cFyO_o44}S3ct6hjFeAnn^9%`cgeBz9aZ8~`!mTI_bE)_u?>U!aS4V=$Vk`b+q zVgsmH<71p;0*Eb%PL(cb-Q|7GvJa{`if%={80)Kn>kl=Hz1}7`>K85-=?#8Ib?m_e z2{4`GLDgT}OEK>=X-~IPp|gPQgaqK&Fa}TecjM=XQH$@se;}ME>~_a_3MXYxVp}*x zo(ojvm19QFQ5W+sx!c$H{;d7>?b=FYxtqU^uBMNfDT!ypUQYF4n@$AX!w<%qVK3e* zcu{BH?(|h&g6y_JA@O=cadV9wK_hN;32Uj|7M~Ib4JYbP7Loq=J*!=_;GG0wOmNh` z{^JZ;siMoPLIw#K1oic>$8(U+Uby>rU-my110F`*-mFitGL9u1_@cq33WSTMsd3_p z&@@?!w3Nrk0b)J-ibXrn#l?FYI1s?L^mK*UwP{a@jN%U-K0Te}_p__#p+YCGMaO-d zo!s|I>6OdRgG?^=cY`nVXtrZbY23r|{9RHBMRNg^_DMIrXnv*a*M&2UH^FWK@p*cx z?otY~gPD_wQfP-%FFMok3IEs{V7k* zp!Sa4`?Ik42MMS`nJc7vw%q2zCVM~I^ZQd4(3Qk-wU?`0;-_Ww=7GMAIbxRBuF>L@ zbkTVBL?Xpo(mOZCaOpxF!p(|^v+1$Mt}-MPpkgyBELEbDF+7e}XLA5C(Nc7Wh4HM> zk5jzYNKJ-%^|BhS89X2&($YAOYaMrN@-%**L!e^8(|%8fkhb5 ztJv3*J>&0!C{K5Il|q)0;f{#-=Hg&mmm}auo5iPYb^GI*Sb`#Rk9sjb1+nZ`k`d(i zyVril^%;ft^Ghv=Gi>=3&HME4SLJ>^ULxSKPLt(c5Wpx$DFlKe*8m(f_>i;-J!Bul zPX?`y9?m5f7MQ){HPM0MwMQ&7-1F`O??SALI0UE2u#{v z;+D#VtM@F@;k^eTN*KWuN_}}vTCcOoJuZga<{l67+ZTopuVr6Fr_f|_sPKI=$8xXy z?Y-?6x93y!1iT>hZBPAScwiXeQR{OQAY^xGd4loZ*P@zZj97wWz!t*OyIiesJmKU1 z2u)oTI-Pq!un*v+iOt60lNbCGkFMtcQ5M6T-cD9lEJr}xBthV>LC(JVQy;t^y>(6uzdBHCJW~8bsArQf?cZ4k zC&Pwe`|We$a2CvT4a7a8)}LhyM0{$lnkK#?OQP8DooO9QeIGIO7RM)L_nL7IA=v`U zZc(o5gDgSD_qz`|-S1H{12%5zDRC38?DyxvHFJ|Gdvey?4M$cB5t9{8 z;gKDfqN<@(8x?-hmPGhexV=- z|E-TOgMU^|mzYxB6SE%1*XvD^k0vC!D?j1&H?Exfa&aGj3UUqKH_r0H^n?b4cdwQO z4xg78tKtj=cpYWI6WRnEvr_%u)#EhL^UI}~g|@Yn;n)y84C^!8E?g;aICUF2wgNM`n#_vmSxnj@K-S`@> zXS@F03p#EFcbVT%3#n&frcL2Q2CXdff(`U zG+N#!@XsV(A`0YRB+{>}Vn5W^HivTn*(ofxhb$!|TBDp-THmAwhxthHrG?*1*DTcs zl`$Whv8vF)*Q5Lek0!T`51Unq3M zeMOOA!p~a_jb)UN;8gv#`8yxY-f{D=Vj#O{md~p7nr>QLPh91r_)z=KUpsSsvMEw= z?Oj@Zd{CeTJ{C8h#Cg`_4dPo_j9ISm96nB|4b6Oue5LQE#{oV+nv~B>Y?C+fzts#- zq-PP5Ua)uzA@NNYhqbJnr-nw*Zj62(fSic-Jo&osWuOp0=A0@rjT+r2e{_@Zr=K5T z5TCi-B|(`)^L*NmwN>L$X+gv(*wo#=720L*39!k0B-SR2&()>to`Z6<(T8rD>T>=8 zsNTgrY~oXmHlkYA_$wgc0AYL~lqPuBK!#G?J^`!fBV=qS*AmgR9o<2`V=CS!=sly{ zc**Il%&wqk@)Q8h{>#BZ3Fr_08ID_z&3M!oPwlhQi|_+AiEj4!r0s~V`tkt& z&Ho|J!gu)iKXVN}hhh3@kmh!$4;OBf1%p80mZR1*RYSEV5R|Uea}s_$v+Jrmeo`MRqM`-b28&dWbO^ zX0H=6_5fI`KRbw~dRessc=QVf8(xWNtT3mS`q0{+z1=#jJ6a0n%--4Yt)Fd@LmETR3JZxI z*9=bdp9fW7eRXl>35;^p{GEU-4#Zz|-G|Wpis%@qg!eJ$739t4U3PohFVuCm9^%Ss zYk%_GZ}2;BA+?4_=6Ana_t%(x01iphGY^C0AxKRj-ml*+1awh@Dvb;6rByKG!ws~f z^5~4`RoNq70%}#EIUx2j^0ph{c*pvvc3s(IejGAma(BTOA&6ZvG43xD`5YQHhhGh$=!_j$Bc_oKikC7iu>vwugeVjskdwIB>ZC@rdkWMEfk8_F# zIjqcqFqReLw|;-cow1~yPYQ7mUwmZLO(ZpVqYQa@91J9cp%ix{4>{>$!ibxZr_*~Q z`W5|C%uq#>4UfqAh^Z<*O@jb#tr))#as!9s%EFxMvjTN%%MJl$lqbv*7YRTO?ka9E zQ+x=ug@8BFKq7Vzp0hBiMPfY@T$d@2W-#ox#$SjPPszeuAL~6urKh=TdVXIa=|pMl zARX_oNS$0y;7XozlgD1#x!?&gbu8vysBOng9sl)fZYPD!p?{&jC zq0gOuxFUwoZa@071?>t;kOK3CV8O<2)g_fmREq6dJIM5}reOMHdj3^w`0;dqtiXYrW4C`DjfdD*cjS`-EGfwIvje^#(rm=Ng;bMh|NYr*J>QaZ+~BM;3n`|yk4!r38XqlS;I zW%?zd~}W|yFT1=nl{Z^3wS`k?SHRs%nKC#rPja3)gu3#jMI zW+u-uVjpq@knO3n>l`F06x-moWKvdJRB=kxFo(7FrBpV|=}&O4(tlUqc*P`DLQr>o z|6Bv-EMPF0F`)aUNvRE>75@2+(#8}a!GJ?fm3%*@OPx|;fktIEtnk_q;a|TSN5iaz ztmAUfc0G1QYMT&n5B!#9#?{8t&tCY58@6J(bwk=e+wxBDE<{dWxDc;X;4lShICi>S zeo?rohu-e4d3j?*;tw;FLT|}AkNZX1*N?|ukF*!)r5#uM`%Sw$bTRPUEf2Yj@RQ)J zFU1#F#^Zja55G2dh>rq=^K7h%7fvU>MA=Nw?Dw&H z`gA%x)e0>^9BD50eSb7OF_{fcdv2u#|K&E0pWPXv>pUWkAo`}-*M=$Gs;MEXe&VY^ z#~!GWSV&M@yJ02UiD?Sha`y*BILq$|AgnWTTp_Jn!|<}|b~zoK?G}h5Y9h0hsrW4gJ}0QPK3R??I@ur;M)oZph11Uk>K4$Xz923LJ;QqoIaab%#eJ{ zTa%_Z;_a9MF!qA8PxCWp29LW8!v$PV*xK1ohy@9|iOPBXjU#aJ5nWXt3g3(ocJl>Pze9qE|8j$WL@RT2$?6<)J|O|$FIDhf^5 z<|C_H^s8fG0O82~L_*!tvn*ZbCs{6yM7rgi+w#6?2e zAw1dR?GM@ugKzon?vY0fyIG%Hoj4L-HXH|u$K&&{%ExiE=itu6o~tLnl~>5UvED)w zz&5hI7U%QB;&`3Sj3N&&+v<|AN}x`*-AJ!lakcb*jeJfj6^`AWPEB`{&Q?2gO_IuxkYg5V7;<-ZXZ5S^j~+$wGDd z72ZEh{HL9kb42K$#F#?0NZfu-guOPQIc{;&uMjZ1N`%s}7Q2SOuiBe&q6Lfl1YR`$ z(;tTz4qlM`v2ShJEJx=$vtiS|!tgXAcos0^Y#-Hl<%7oS`A@yq4mFPSRpERcqEyA6 zL`yeiSY`c6rgwPQ|C;?)QU#G(KhjLn`B@t?6F;1Y+B&bcq5U;o-A^(2_wdkU`V36R zbJRPUEWng#vQH~s^8it5A_WigWs+doM%3#Fp0oZ#g;B7OKhgp8i6^Jh5SBg9o#_xF;vhT^sR_?j7e%>C!W;2-6pOW0&^37Y`qksGf7ryhOlG@<<8m?zoJq&bja> zkRm=_98p67^hsl0=&&nlV`;h%ojelG;+gao-r?_Dz?tPC_9OkxTAoamYm{_GGk#C(#Y(Jlw>A;3bLEv& zm#kh>a5DtQ4z&S`SBK6D!o5T+42zN|wFG7zgoywGhJo4h9vWTdo;8Yg6;5`;^u7Sa zlgE2L)7MA|jdgw>`S49>85UH9E^HFi2dz$62D#t9{eq-d24Vy2aP8O%!-j^fA16IK z7-v*Oj%XFYVcE(&elkWcIi6j-N4+?0U5KoAH3Z{EQ%oCz9@0Ah^=jParQn-GkMeK7 z`xP8@DRVBHA%>Q!-!Ddu((cm$5Y0XU43RK<1>O&Q6#hQJD%;|KNy~T-@Z~|p^!NQ5 z#?4XdjLU0g&yP7sw zZ{*+O4+NOgZUFf@(u3#O<`%C{o8u({LvL(VBv5bRH(uK!jzq8hk>1Y=3>3cM15v>J z4{T8>K_$0ccSyu~59dxRyLZ5d(jFcS6J*^sU#|0I5>F@4t10Dg+NKxU!x?dQ) z5~BHgD`U|5_pzV>c-YREKZ476A06^%y=WVYOY@7Ov(JgZGxDuZGMiwi%&A!I{)YC| zWv=}GA&U?C>8Y(HG}AN7^WbSYpJ` z!oN5t_&slaG>R{1`=-1yN_O)?*pZxu{245dJt-%Xl-lKb6)OYQbCsFx;}?TC*DE-V zNA5gKJn!Vv_)`yxU#2&*l9?9`6h7=ztSBk>nj4XyyFh2saU@DKu-?xaWa6Ov8prS5 zSeVQ`O0eBI-25CfMWJfQoa1J))gIn_3H|BV?P@&us(WnvlBsHgH_tvqREQ0QU4~;< z52+8HiMfEBtHVZYB@D&<3rPKKr=2G0Qhi9abhsxCbKY}VF$fqFSfuXlCh$Z|>JBup zUIG)6os=sHx1)*XHNG%8h&ktUui7P z88gySyIy7zCO_a0{{^d%+dZ~Ty>5_I%u_4p$w-jKEL;Y5+L z=p;u}>!Rg&V>D|)N_@IJ>XeNg?=9 zF*=JHe!$X#P2ip&X|d=O0&Hlu^K9L>roG(#{zQ&9C7~~N57nh=KFIeb8=kOPZo;#h z1Qf|Vrt3}F!*Mt@cUcanTYSi~xdFmHvLzh|%qb28qx_MdHbG$P6N1~E8(89K{0oS_ zbIk|<{UF|S(!u{+&m@GYPZY#xgp!;c=djK=_)y+xct1hDgU4S_m0cVC1p|yqqYtXM z#{nL_$ho2p_XO(IH-w5*a%NJvo(WcQ0tgu3nfu&Zt^ZR{E?Bepo*w7|BUd>gZBU0N zt25R4T_$MgsGmC#Nxp8ZpNB(smw2hxY(A|F`MA|g-#)%q>J!l9Z5O&ni6oDiW^pB* zpwI7mqAO7ujVAGXxLX3^xSlD4tll5@z8weFRUP}%tl<~#K^csW)x0<>!R7QLoxr$d zx|6ToGCASx=Gw^hVY=h%oB;*pGrRJ4Y1cAJo)EA57Crom&UGajmsLBf_d!4KdmtHs zMOU4B=VyGPvp)CVhw<7k+P6M*>OgA7Blw`tzOU5XZBDjIg_*=~MjR^qao83S^HtEl zJp8Hx!nQN6)-*Z^lhHCGo9kayT37~&Anf#umOW0w4`PF#=)~{jyUd^k-E;AwJ^9mG zLhkO>sgig<%8?<>@HVDF;(RMxX)wSW26!*iqpM`ZTjcL|WBREQS_55SZ7PJhNYIp7@1#3FDbhMpEZLB}^Q2AgH-T@nJ#^&*j9qg!~cS z#jrK0Wi` zk?a$n(74+BG#pXP(;%+`EOoy7baR=1JD}&T+`WlPvIi7P5q=5g@haPPFwo@m!R0y* zunx!SEF_CQ+Fs4b@SH?uM*e2nbJj8{TDUjzmS+$Ues^oXB2zKR@=vKh8cC@+c6hyu zZJi|YrMk!vzQ5T$;uZ6QV|2y4t}KeNGSKXZvoN1A**ZU60tbyIm+Lr+XE-L!@7LtO z+JQ-;Zat&>1#i;a!QP_$|HzEILvmKBds|MLZ#q8@HI*P94-O z{dG$wbLhvidxh58gR{hmZGjT<)L9K?SOqO-1+!0x>gkaF`Gbg${d;9YfAK))@V|kk zaiUi-@*!;CEes8y{<=!j?WUG=%Xy?cqg_%6e++p{tkv`^&8sO(&@cGp@?#k?+Vvo6 z5%k!=3~<_zwA`ZrcOlDYO~LfJYjk;Mc%Tf6?L)-cz|)g#1SHz!#cc#@5Cr>4JxR-n zWk5ft;V&uF*Ew%FK8KMpSS)?}a7U;j?wwtNtOP^F#FAJ;n5x#P=X{)QA-)p+NKiv6 zc7WX6@wI$JFP+zwrFD3C?uiiI|_cdwW za*In&E#Y3F+(?)PrtVfzOGavn(wLV|Q)K&TIuHRO|g zi@#hVARM%&<-;sB!XEjz2fN&G{wd1utb#E5EX-I}+a@Z!Z8ZGTM+x0V*QDc1j;J|> zkZHW;KrxfGW1dziOshKfR%FlFPjh_lg=bUJgZy`yuAjv^4SNA|$h|i_m#~(6Z!?jO z5aYbpHY_zv9F1@EK7FjrVYsNe2;esT4ai!hPDF96Bq#z5c2nZp$0~p;*cAJ{?nww? zKYK8HAlu=y{wg#<7mx(QK%P{d&)33ZTO#AK5ni{K!d-#$pzJZnt{bBa!u023On*Z6 zIJDqO-Rl({oYWs*#tXAb-4}}pcw;!pH!qw!%xI4q>@B=>d*^YN6g3WtCo3QU&NknB61a1|}KWOH+#hgQM%WHC$8r6o)JK z6_V)BhEi=SRJPSRhfB3~MXJtFQto&yQ;q+$OG3Q*t6(S6u{Mh#kQ&J)@zortamB_V z4*Ky z@OZ-SgMPdHw)K>S-*~-08B8N1s1y_ILt{F3bM<>}r9MTn`M8OLz<^$D^8iB{c>_cY3pKw_1X?A8a;1G?o+gO%9enp zg60=#Fi?Cjrcom?05pL9`BA9~JM`a(jio%JG3oSdre2WDNMZ04{4uC`hzI+9C{+dx z=1D2~k)+u69!rjBFYU3L&cpUH@bPNU`BMZW@EYZhD3Z9N*d3gD@NU5bBj77~eXYW} z->kP_t_hmN(KGybA+*0DJ}IGt#vzH2ewnP#BZY-q$F=a(+q|gWx%(8Q)wHK?9G1%A zz0YWCFw1rvCZCv`euHZ-`G!-^|n~-+13Ui8z{d23NAK%>rQY1QneQJ-? z7c%Owz+djubk*CI`&{niT7!Qz>C!Lfi}*FyFF&sH6$)!k8R(YscwtYN7z#h zaDnch-F=uFVnLCoTV%MvP*(N=gGqf}Ps8K;8gjjH#7W*;FWDdKP*m_!ys|vflOskA zk=EZ5?s%XU8of$)NA!{a2J&j)IlWJLpts5AF{mciS>RHixpqlAseMZeW(fuG`Dv^sfIitAr-KK|uiUw@-ap#RdNi}Sl zci(+&_cY9~hmpH?m6q{qpD;G}Ya<^3=f>nJJ*l0PDZCEJ>qa%7_w={K?{8jcjnPd( zyKS!jqAz^;t)AH#Hk}#7303XY67!zoD`_jay4OfL(JalrwgjSbBwz1osT1 zefru_>c55gJm|f%=G_TS3Ar&;{EdKq7yKy@n8QZcd>AXPI&n93g7`iz2PPiX^L3~p zo?F~4%dU@`>bZKc1jGJ=P4ClpBXk$2ANvRbiuC>n`LE=eqnzBsubDhW*Kslw#c#cw z>@;P8ExbdrHsTwYl{&Y<^?Qu2o*GJR zJhMG+R~B)=aygTr<%wK(0mk_34&BB*&#}H0(-TR!6RWIrl~PaQt4Y@>IOy}^yP2zw zNeV~7?6}sek~eW0s_5Ko9_zC&y^Z)lG2rg1Q-DzJ$J_UHr-HF)=Aiy;t52uQnW}pF z_}#b58v$R_|TJzCqCynT+X1(8MUZj<=cp`RJiTzFK7M=`sYx^9p3r_BZvUW%&X zVLSj8%C&MB>45+c8mIkppXse?>~{ni*R=I_T@)Wp;#GdZ{kHz`yt{Y3LCu;CTfJPU z57Fq4UWHcPBqGE@lc zy`mYna?UW7v>29{n(y;@5n0KyyZNj6QE~G3MHR5k^3vwyL(4Ju3TwbNkB&UR{J!>Y z36Z+l=iSr+zn#v&eZ5mAvuxzf8)>5rJ|24-5tDpU$d{>)A2mJD*XP?fsZLFJqQXH9 z0W0{$qa4V_Bf7b;FYkpV8|3+W5b z;V2jclKEZx#-tJOI48mBOa7G+q>L$J)`AkbZD-}aO87Wi%((9yBMPuIbD1adk@sFy z@vS|e%;&zl=s;%c&4DQbg;PU!-3A(jd8m;J^RNf_~e{WC;-maKxSRJZaLSCxP zEO1Ru=q9^o4o5a!|x_1u<&`8 zKMPm2t_8#BeZaMTK1jCAeSX&2T7R>0@(Sl!Kl}{xYY)xGK1RpUiYV`)P#2H)4fxq5 zshS=B)J`I%H2DCbc|}X!yGlHwdh|)aVNU(P!=ViVfIMM=UK8BMg+0;{UnGW6$z$vf z+QPIw(>UAuJ`iY+sEI++9sUQ#5*VZXM~aqI)K-t8;vOZjE!7 z7QhVFFE+RZGsev!V+dUe&6)aH$$cj5d>Vw9$w4ne0P}x@5pi8+ojk%!p|qJ-el#v^#elD$4&aW&uzq_32H0M{9}F6 zh(`lI8wnN^=$QY-Cs-1nvjg#m6>FxI^M33FOO8AZ_z8WP@gD~IGx~c#xE8JdsjWvu zi^r>%D3o+b3@d*OXcf_jm><~(2hI^x%6m2+%G+cigpZ* zz+bJ;?e&`uG;#xH(fb`h)e_Ii#pm4pDr-=G^$xntvDAJ#P1tatC$A{pN2DJKoAByC zet;8Y`AB|i-#Pj-a5Vde596C2i3`kOyyMo##p60u$~#mJdikIRtvT0=aJr#3#As42 ziBJb2C2J377V{^Whi~-3T~1H;g}&=|Oeu#-)L%1XWw+no)TsC2iR2M^2#?L_-!B^V zgz?RvZd+M1;_)^7ZbWG3F%(?PhsV=SNIcz53i#(0TL085(k zXa6)yiU2s{-DHvT?16OM6Madrrq7R??%mi;UMf%t&D48f@n7FYAq6D_DI))S=&$eL z*HGQwDK7X;c7XiR2ck?=&S}UOXHPfhAwPk%LQGHJ0JO*9Ksu${*WzM7E=wrrk=)_~ zUbq*{gii3q+)nsJqnDUtNY{M8_!=OlJz)k*^o_J^_j<1$GqAGsORDsJseUrTp94Rd zLB}-q0$E42FYNoV$GEWcgSzPUk1cM4HW>q;e(LZwQgVdm_FTWNd8gO+l3utCO-wuy z9&W^z+1(zL6NlfBjE!43(*ga7i3=;0Wfvt0_9alN=7zUeD8(wIVj}I8+36+L53RZVw>+ethX646)vn;*Y9U^K^YN-qAJnV1e9~@d&b>lq+Ls6KD z@Pa_BT2oO_ZW4D;&cyH1!B)Qe%Pux?_xRY*SR83n`Eq*-8o4q9-_J6h9sgdS=g6;` z9`t)8&rTN`E1Ga@%;=6Nl1m-Itu6E{`iM9%Uo*y4^iRrY7r&_EzSF^wn$Ahcv)YMo5RTB_-#D zCzxqof5EVP!1V0GW>`Y%atVzn$y{*6G%J6pcgz+PS z=ZHHT#SgFF1_kn|s+Qtyx{ccHFvVxS%TjY7-5d``D_dZ*5R}Ws zs#J86+Uo~6YPbeN%Sqn-K?&64)A{b%t`Xe|CW1FT%yLeP&F zSQQZC7qK~Dzsj<1eEw`3Ro1{6wtJx!MHZgfFVW?`kNagMZz@BuW_^E)aEAF#UY{Wn z(2xx5S?U9eEiOBK&%(pfLAgm`A_wtWx+vCU&m(j+(2hNs$B}e!OyQZu{FRyRUfn* z9y&wU)|quVFnJL+gfLnijB&Ofh0iWioC?z4pIY5ZK&yaXx3R)*t9aE(_K7k&LS9aY zk5P-Mn18bDebT8PfYzVKjbcs|*|<*2d;15+(cC#WpH5MGC5V;7pjo*4@r^E`Se6^= zA(HuKc4stXBdfPRJ(MoAw7mSwHQkU>#E?N|apC1&=-vamXAD9_!AqeWI1qCph<|hY zdme71$j&$m@^N{f6V8yUq*M=SroL0UeZw~T#nYn08vBW)0L5w}_g$WAVVq937(H=~ z3h!xqK3a6q7W5%)4>f};73A>IhMVV^+mDTv0kW3hL?qgghKVSXaMW_Y{g5N^1(|uM zrsjLTT&&hzN2i@cuy+>H;9-{1J%{q`h88-N1?Ij|Ysgu3x69WjT7*CKj_Us`w!$Te z$s_#@FK0*qE0rvuDim~53)Q}h$D^n7K|>k*mVb5ngauMQ=MOC<{ZLNFOC7>WpU%+3 zIqKsJ-~^FWE@Ns0imKJe^{T5|tnZJ!$0yxw9IV}HI9}AL85g1@vv6bw)8Zh*zpj5Sp0FQ%($k8`ZmSP z0nUB_)hrC16m?STQ8N1`>vNPwPsJ7%I|$JmR|RIurp4TEBHjHanr4s-H0#^he0Fqx zaEIjUX5F0wdkvc;S$FD%r0%5ly|FEEZ8H()L@*a$T^=TVFYq-(LK*V8agpo0o>A~E z^gNmB6ht!S<-xoNxf~UK8P)PfF75kDDqr-#^}o0=bUY0!Y#Nde_T&vY zgeUaV_?}O_Kz;W2H^w^K7Yc3qagR*M6>m9((I>kTCxcqgd6gheIdZL@4|hyL61qbo z>mcptho$tw_Xt&1FJTs*Hz+x@7|>^!CE5_jQE@j1lo((91KfmPmOPwfSQPA)`0Mvx zImLrT_Y14{&~Cv#u$Yu@zPuk&AaP`Ue(tMfU4BCO2$1;|eOJ0vinZ+SyQ1s2xcK99 zz9+E!#Pg>6me37Y)gK*K!6i#B=z~ZP<^wf8D$K-Ye;u+8iUoZ`zwaYn>%F9QxNu; zgZ0wS@I1-UCa_RLb0;ce3ws#sTMzRF{2~D+F-=`8!R#^{z~1 zpz?6{V@%*_FPLy3b*IARs-a_BGft0*052FTkPyDj4KT#2q<%!Oddq8riD5t9Dvq~d z`|0U~d|@3q`bDz&V0+^ro}qT}xjjg4_e{YGim1^o^esezvNFPxQeAP0CO<{wxt2!Q zjUsbi?}MaXAsOIetP{jI9K4C_&2Bs7Oh_lUFAp~R)-)-Aa$|@d+Ddw06#- zB{}k?y3`vub~9^w`4JyL7Si7MB^Vv@Kj4dUwzqI?70!K$_mm9>L}g%XoFb4buDWQr zR`f!?fa0cRe27QV>r}Nwam5l~q3sLUy`fDpg<)X1hcMd1vwB)aw|@FChC@z;`)NRA zkD{!Fr@r^uiphrywrRg>S%lqf=*|Z2jN!b4+Tw2#-ExvR*n-lWaQ!}th4Pb&I=d4* zop_3XK8|2Lya0db%)Rgc@+yR!Nh$ORNWb zIAegmqwmr83XT}G@6R8X-?pR2wbq9C01u2wLP%2_V++vA`<4w|*U-26mrC8UEaY%h z$#mqAPeOa|hth(=xyXUlG?VNorMZVVb~3zbl@n+C`!zG=_l&>fHT^Pph>NuM^+?2@ z4{Sq{BZj? zwC|0{&qr*!KZf0OeEa8T|HN*X+Xukt1$F}Pz#XI=hCP7~*U-Y3YQaO%_QeTFz$+o4 z6Wh2j-w~k^jCyB6_tkU_apV+a#5ZLd!G%5ZYI#^RZki+CLS~RZdY5ovEq^CD%WY|2 zK7-)A20vi(-P70(U!Qrt%r-ZkBl#Q3yvGvz+MGfLhT$jP!&q*sk@)vjrMJID2?b)fR#SVqI$8Xcq7F12aqlza3-`m;SV@7AEN;jJ7` z)3N%9zz>|Ad)a&+V*9xKo`ikVv-{03C|X4uDs_03$EW}gBLNNEk66V6xAly%C#2T! zw@nQoHWpS%8Z|Qjz8xi~eU{5k$L#!xg2zn@1udMwN!8Fs*r4$m&kP@q$5;wC^$;x8ydIQJ6 zxXD}fdBNIPsRw+npy$o2kIpJ@&9f#MpzFOJB*XohLxYFE2B&k9h#pm26-S^l*x$jF zX+{czyyIVQQrdigaK{JZ)F*wqVQVJ%2PG{c`~pN<@b#}y*UM}0mgH{LwW0fZ7Jk&q zHR{-ZRzc{~AJs15(`;%pUwY41v7(v$R%WXGhF{i_;Xu<9mS`+|}t{@sSedi_y7ibZ)f!_`(|?qwIJGjX1?1DB+0rdP2L`Qx`wK{ewk` zrJ5c3=Ax}RKLwW0VH?_Y?TzQ&paNI1(5&_id88kdsQ|9M2IC6wWF`jiGQkG|kcK+; z`qPC9KY|YnTZIhUcBj~Y;S~8DIv;Tkynx*@E=^xlH8;&#>O;d0qqOJVF3v^RYoLcE z{6d{fdI=`w(B@2ETK9EH%+`@+DX;h6;?7PIA6}^FVS$k>%VQ}XRV2^DEx`7GBd_o3 zt1%1-QJa`uZ3<`8JPLuWI&~8 z&WueEY+OP_B!K=f?~m3SVMp$t1_+&fxfB==rO$mvlq1!VY$dQpX+cB&k=_DT!%!)NVE_16;MbTv12AO4(*I zY53kEtFQ_8RqhZB#IfcdEwdE4d8LBwmT}s}KGRJ^k{N<4$3-s89r!xs5pB0(2X^GI z<8+mKer~Pvw`zR%823g5I3WIk6r;AM+U{#K#@Q~N5-#`S;chAR3M*~PnXL+iZX&;j z5XGq-GzvZYT)N5xlb7)<;M2<*6frl}I_!Z~hfd_50q=H|qP+_cSGk z9W(F57pI`1e#@!$cu+lZSVStTRtBxyc#dC$7p3^ecUB9akbJn$FZdIl zGel&dCk5nST;R(W@7FBj(n7YP$bI$nJ4#ijcW(M*Y#w0G3%qK@1uq&_`}y;Y2~F## ziC3AuPcuNo9_8MPz|Z|2uD^w_bDA?!7stGh5we9PAxRflAD*4ucYH|%t;)^$_4R&f z?7DIbk-b@TYIZpxGJ0m?!^j^1Hc7oZM*>)<5Co+3R02K4*k^v(ZnjnFNwn;s*jI6`aVUt#{IPKXKimRUi3Ra=$hAnaeU9Wc$Uc zA?%U>ieNh>=Aoqil>R-FLWzY-^vS!vapjPo{X5y;mW^u<9WHs$4vqh~YT46xH+T0J zrq8^&D)SV&A`e>n=NQ0QXo;OSwaDcBiE};vK=j58Pqu04R{puiEI@6@?UQ9#!l- z7v83cmHQ39yj%`2vDsHK8G;_T#UGH@dWbAc{^o*3xlgds5^x|L>3+Fx`XnCNeFsqd zid#-?3S=rIBldS_0RjI!49%|zpe^AJ?i(Wc{N}j7eNQBV9Nx<=@s*RHI-+snzHH)t zb#L%KFn{b>uzSDHRFpyYJ6j;m)vULFK}k!G@_wX$HOgJbl~STJ_w{Z|`>an4Z>aI- z&UVeAD<;>x3BJ!>1@o33%I$`wLZI(48hl!ZekCw3?6-HvVCxxfJ-2oPtg)Yv1U;g; zn-G;`&9q;X_DARE{+OCk0^GS%tgTyRu$SGmEkDbCesrKR$n%iT(OiAX?wtGi%@9|K zpE6dyFF}x8vDwRLvUs)oRbQ{l!Ie@1dic2klIYme*iOp4f7_mBL<4?x(>}+G#2c`c z{jd)j4=N|u!CzLtpBDV%z|*7Ts)eNck?vhbG`qT|o2&=gxB00=W}FQlEND~G{Z3&)i|C^0^<5(bCE2TLTNXC-}$9N_M3Xf zT-zsCw`S|*6nMjFU_0gu|Lt;P6~6RbU=FWYJgYpe~vye-WbG@ ztUM9ezW#`mpr4t-)YXdW#ddoJO{6~`Fw zHB}oN6P|Ih%un21z~dF3OYBBgga{t{O?rM$3Ve4!>CIGm;*SXvIX$PoDyqLQ$7?XX zFDSh_S_OIf`twjjocHg55%~(;nAp<|qq|@*G4{ok>8W_x_n&jMIpQ0Ei6T4BBpnvE zRN-FE&Q~8c1H)JmYNEV4wHp$3#m8dU=}VoTM}+_I!>c}fPK;aj^NH>(g~f(leTPz2 zeaexB2%Ee-&ar>&i9EgBUhva9M6hq%oPE`5Qn(F0m#4P#Pc1=c7P^0CXEEIVI4`VaDF z{pJ`{030RW?Bh{Wo%dx?yh?%#-tr7@Gdu;EQ_I*ewNZOCfc1BFK@6Mxkw5VR5zy0w znesx;cxVku7gl6si`H*S|LU(d5m>}^c*zsqVWYE@yE*ggh5nHSh%rp}_3d~|yEp&H z`a27Ybi44eIv-0z9V?7T_+zM>L9JXh3XOXPOjvoRKuu>lwRFY))4s7x$CdR%XL zaSDr71m|xfgdTyl>yAw)Gfa2H5AN( ztd=imxri8D>(?%6#&?$>On-7Xm~AH?(gg%`!p|Z^JID)o7%?=M{$){5h!eWHdrPoW zM`Ga_jt}ry`>;34sGA~rFu^q`62qUrJ8DRNlvH3c2BBA@FYQSBTHsCqoX4k3f%ZPw(wZX3!kXNOzEtjAENkykA=r7@?sH4 z@A_a~ac71!S}G0Xp~2E9_>~NCYE+3=9$n@f&&d;Hp{pGdNWq#LPgAR@m$!+%M0p&iLC+3x94eE5N?l(%@D}|wK>g@+ z%_gtBKEdZ;zu*pC9UT8KvyO6pE!aC?9u;1Gu+;24ifv;E#-o}}{Dlw5%=Z` zYXIgJT)tn_J)s7x%jNe}t&_)Gt74C;Ph>4><+&%mVN?|mu>sWy(s+l$*ZDAoX5jK^ zip}(&50bXT#D4LP@@vIPjipG2_~CEDY|5SYY(N-9&niIavX148x+ zZj=5#B4TSQ_O(&IqSH`Ve)r=18Rzc%fTHHIZ>MG{QKO!^CDikR`d5#47=`SzHb|{I z!PV(rO55u%GO>hD{)cBQFDRegE;`jytoXL>b?P4XQJ~%R*HK$J_`HcKs9o!qfG9o zCx!j8Q(>A1=U0ZzBF#*Bkv3Mh5*YltHZ2Bt3^kD_upAVPm3+68zr@F(?j_rf zD^P7yCxR+}DQ?om+%KWiAY-F}E@^?_QSH`vngzcq4= zFRJBnmRMla&K`d-OPtW1z9{F^{sZwPQQ67_62*dM^02+Vv*IWcReHhtE7%Pmzrw`A_1&|s_+@i!T|GiUFwH@zIuoDcYN;w0p3Ec2dff#x4DN?l%^PRj%EL( zr`Z*x&Byzq8wvZhN8EyAT32%&AKKM=EI3Ez%|ZJXj{eezzn)9{a}Z&b0UsCi8yY7z z_m97AydK_$ZFbtB{sWvg?Awg@A2VdJTGRooNPpxac7yu@it_NgAO5YP&>7)?^#j3i zQ=X3n2Ol#=`)LtOl`*ynWXl8uu!HSRTL6C#XP<@VfN`P-R3@l4|9YQn&y$5YM zJJR2}Vcv^av={36T-kwFl^NNXSt$8aD;Pi8;$gHOPrn7VJlAt0gw;N%gl!dw{R@eE z9Orj>Vtf4FS0toN&*&FIGf|4GN(KuVclxXb7kyWU7X_>!aJ%G zBu+UxT3?3Dy2z#CvHHlX@;*Xt{9Cn!v(S~wvuwzWzhCiA=C%j7U$w zNBXIcUk6s9o5#1sv0Ab_?%ye+u`M>L@$UzJruPO?t5$@Jq&po7FY3Yf`0|wpKXWoe zcN|`FIPNHEx!J9A&Bw5^YF(JxKrIo+d z`&b~rK6U~a2Ifo^YEo$n7fw&|)59#&>EOZem*hHZno-rq;~pN)CihxdxjCZ8UL%d; z9m8A*WL{Se6HX#IJ`gffR)Nr)Bs*&VeEUZ&_cLK)O=azS#X=1b;Ai|RQ0#->eod2` z`FOSfHepcc!12Z^WZo!f!j4K<6gr%tnqW-%)2#@BUM=lGmN&-6>fX(Rgl!|3LiE!T zrGB}pozn_uuRFK<)(v4AU^B^!EO@%yL%;Eiw)P&WyR4zx^~D~a)67O?+_vYbb9^N= z;hsWW>aX=a^~%ds@7vJt@FSUz$15r;-tADn3LBkYFZ*gi zJrz#jgE&ozaO%B_Djkmdg=XCqROgS>e90A(KMw(axi1B9+YdE)VV8@tT6t~->iUhT zB!#hk`^)qR#zbV-|ISV12Py)9asMq02_FsJ*>M=Ly+}V6Ogwhyq}1XO_dOt^J;Xx& z$)c2F{JbUE7QFeGtl-N4!Iv-=v09Adz8pCWxND^ji7t3umsvLKmU+CzTNNvjKb+C@ zrMYIfBsUa)&ii#Vo7o)t`o0dp3Q?Sc%e?(5#pd7giK4cGN@zl>4JHlW()0&k^%Ot@YKK>~`i( z1bXKg{OdFMpM~^Pd|z-4xrKN=@K7d`|O{H^~{Iw{_F_ROTHb)>mL8!ns$W@ z(AUIN79-A9n>SH4%y2|}M*jl#EmPy~MK2q9jIs;ow3)r9MRt2^c|CqWQ&Zpq?0Kkt zeXIkLxwxN=e!9TbsfKFR^ixB)e_y+G`2iCmqquM5>mF~l%2(S@I@2ye|3HsCv6Uz5 z^1aQ1(Gy_giCGM@i|oeM1Aje;dYXkd6QI~V>zuq0WRs19K^yQHBB}H^Tq*rDChA$_ zn`?8vzF%+uhj(g)Dm|XXZta1A{PqYcdq|Ov@h8b`PWHwOQH&MB`Q5?0+_-M7-h@}Y z_qW!eQruTj0@Ze2byTI>?D*k`r4LKpEf7Eu?{aM3bQb$!jSu?W<8(ZBPGB6KK9`GKJGK1 zrup|xhw0nU?{zaN(WHC(MiIqC(6rm$3vCq(8&es!`j0q?X5Z=^sC- zs3I=52kO1JU3>^0$$cLPE9qS}kpWnaz;n4W>-dg61}8(TR#3~&P_ZSCRew}vPay#O zwbjK`URBcG69$gg8glX?k5O?sp6e$bmdpJQHj}-x9`nIv0vNl@yU0_JUkWlgsNZ zb;&g@CwQZXHq+~D1X>rM)ALpY6H1^88Mlc+0ng>0Y zeBw543T5S@l{1_tHtq43AA*Th%+kz_5GtKB7hZ4AUi!}V3M0)AJIdU9+m6B?9(q4R zlGUR_ZVV^c{O(!S>m__6xlTFNM{6&qjw`=8rDgVlyteGh^FiOiLm&}6y~sWH#sWra z@)LXx$08bFoleX!anPac69oJ7An*q2;=-21KGkEC2tb(z+552PT4W@adA+jojVY3-EYZ zatQ9~9->eceWRT8+rhdoOtK4V6nPfUY4zRiKxVdK$g(1yH@O0B`=acbe|p~2JUWw* zRVO5ya>P<&UtjHesMb&to=;GcU8#Y;)+QBj#1O3Tf@$80Qu6%Eck1iAn|T@AIys9> z+v~K-lk`#K&JgE!^fXyTB*Bm^?8D^LD!UF-uFQ0_!s$|FR#oU}6W_rC^-5dygMk7h zGU>NtEIU6SGd)KNJM1^Q59SI_)b0l_(H%7ZRR@g~PR^r#KdI*OHgCcA&BJAF3m@Gr zYq@fJPwa`12yF_eCtrB(%2tlx!9?DF!QC`v#ag)`heNzC_xcCxa1z$0ZBhq^LsC6Y zkp$Oe{8Zn{YY12**3rBk;4D7F=A#T$d@x!lZ1IL^3LF-{e?%e*vgR!u82P1Uj^PUg zLrvY4g{UIN3d`S})ehoS95L0{IlLjh&lolnqPVFks;kO>jd8sN7Cr?$f zA-`k(b?aBV2NA!&R5J_+Iq8sPhC8h|^eh*@EGy5NoZt85@9M*D3?0X3<-6G}yHSVS zM$^hS!!G~Mpo647pWBkSRM0L~PiF2;h7z8B}PA`K63Q+2_pR*J=HMt6I@0xMypYVM+<7!*$D| zv2LD&XC=O<`Qw+dfYQl>llr>1dfyWgn2h%2Rtdy!j^HNOzH)v4Y0I!w9VVC)@4YT( z_5>aFY>8O%_}(;N3Oo}fWe)Cg4R4)3lUZAZaQ*?Sfod!n1|Rz*?5taCj$|x+_=RZ_ zG^@doNO}4RfM-{-<_M&#xNxxPdt_0yseMN8K9cvw>nF+oB-`a0-we8fL3Kmi1HT0` zWxbpri@P9~Ap~5Dc}u7-kURBb zacPtTYaLocRR&=6ZZ9fJ@zmPEYYG*C2J&hmNN>{@X0229 zR@r`!h}>(;SCX7Kd&Fx%HKD_XayYd=DAM*ICF~iJwj*R{sg}^b&*A|i5`~%e{ZYNV zIO5b@w;i}E&nK@AVM=#?D2BFA$0zrP-FnsTi?{lHF<32NAN?1_+NWT6mY*xEZyJ)H za=1(nXKTgWFCe56YH{Qpzj$lSk^kJiRI$*ahxU!{vLR|Y@tU&?r^@jUZ28oZ7B;Sm z{u9%ty$BRnjEm$6_9SZBbA08n*ZT!&!|+}LX-FU<#C$V-^{(5p9vOHt@xgbaFCzWi z{8y=l*%!^G706h0QgeIch0ntuEjvP+b|H#<_nDf~@|_SSpfc@V-yt6-59cH9iC=0% zv+XTNeJ-!>lv1@&*lPhKTZvp^cg>|d%-S3CMe&K)=6#n) z{6iOu3b=r+|8ty+UcEjFS9hpK_p?P^GQ?F;`yQlkdW8p?OqSnImX-o|# z26^mmlXL%m6_FWvnHI) z`rD4g-8L0|_3%kJQDX37ndaUEJV-BStot6cW<2wxLQaF||JE$gDlm1n$5dWz(C==D zy7o0sUDRv5?7a!XX?%n4LcZKTgBg_KPIVz4Fpmkxw>kO9q2{yXHn4|TPJ3Pi4~+IZ zpJ-!m-AGkZoy=;PU#No5nTs(Rdln5w1-Zj^v(gUly)SC^3q zf%jbJV8cC*xH57i<~-p}c35%{nO}_Sl$r2dFiBs$&;na#Vw;?)TX(lQl+%Rmaq!}& zg@6rWUQOJ8#m{jxCafS5&z3Ovvzrw_gVBAL?7?GA11}8K2Sp)2pWF8QFHnIcj z=AwU70^nEdvD+AJ!&f4?&1qDJ=c@Gf8#`XVKGg0t)`j{vN8P-~sm@k<-RZJa`g-g; zItmbg`1nq#UST|+3JI8*{$B4JpIb|4TKDc1Ie=~el7%OS$YYi;3EVRYhP5j7O&ML` zL4SS56vId3P`03bqpGqc^GEiybTTu0@Csm`ZeUA6?>Idb-(y{v5sGXzWh&5KU@~qyyWj`JF_tn}9(rg( zk>JX3W4U5`fWA`6%I!yPeE?#b0Fk^xd;&t(qYgyaPB01IjOpJ0KEB5Q|2JT%HFZE^n?u(Cgo_(XMP$^RP zEA~~pO(|iIN!2F>xQr+7_u<|t)TWbjmMTKJt1litod1z@U0aGOQS_HY zqK}{?0g<36Z)BC6!`IKIXRW?Ln?@{(suOmI+K0VyAr}JY!Z;_O*?ia%KyvJ%ly6m& z;eaSxOgl*~z@&yBWg=XgW#%W`L=ImZdSdY->YUqzU2lKz1Gj!pu`|TCXy0RR6ujA@ zu#t-o1kBh9LOA3YT7U4<1^SD2oBItxb;*1`grPchuPyvC3ASWF1HSXC`c5|ST&i|b zzUIWBtgSxL$w52EKAJi68yvXJq1rIR3gHReAEWMcA}8Y`)O4O9MLhrf+qL#m6jZV= z<{95z;j{51nCAQz&c|8weV!q>{TX#pb8A%RoKhQ7iCN-JqR>UO=sgdEYx-b=NC=Oq)t6_M3ftsJPyNBvb7PNNr1OD& zhFLj2=aV@@2t{jryK%crD2WF#><_9B@t-4WM{N3B;Bk+Ki7+6p9|qHx8-B)p#b=jq zce%N7yB9V+O22^;aenp<2;OVqP&UjvJ7%yERZ9FV4);J;-&TpUOS!-oJ(+~5v^R18 z>sWpr0=Z$pT+(|*efZ@)0`lYykwOuk>G1#u2{q0``}LP8=F!bQ<=0xWwc@P&(4D8T zUZEl24jLJuP7K14hrR)VUJXF1LSr;`F_^GYw|Bjd+D6QbPxyz!3cI&9!Ks zV$pm)l2$kna9Ji=rur#;x!VKb)^rj5402oN{s?0&=Zk8iR4L4?zCTdYZL;G&s(E7H z64grD`qPSgvNwdvm!^!*q6CfO)#4(o!qOeizi;$;pEPiTPt3Qyze9*89?ft&jQr%j z6AzNXTUE>7RtaHQO#&9n-XNvwod$;Dtvh`dFYfIQ|1gi!$P@kejgZ?R z0i|Su%{vaMiA(TVcs$?(J4Z%K3DWGo<#0%r| z`FTW_VBg*y3356N;YNEPb$);1l>yQ{*|#eSQlvP#w(_K2wCutT1+?*W(Q(1I|4GNG zh0HZ1Aku)}j+evrOuahGVL<#&<4oJHxh5@LVPbo`oJW)@(t;^aQ!_So-@E3`P}XnX zQ}*`&Gi;;f%GdX7?2CmQlrg%Yyd$fDWPgX&0h+?igWsFy<4byvET)vLmfBuioXm@I z1_EI-P+|OCVP*0>HKEnQS0wy4RBK7`6D#y7g!Pa{)r~ZXt>D~!6k{_F^Wh6Wi73p8)4R`(vdbs9;F>Dx9yj~* zaN|=KQb*OE8%URk52HWy>zo!@Pd6*5e&7A? zd-{##P_bRd!dWcWpNrhj^YRg=cn|;oeuO<)IM~*{Q*fI7c^rB2rM4$z6<)UVrNbPY zC$=bQv8O0A09AT(bpE}swQ{;NNGbp!Co@pTm#%vq2XD~IWV&Tn9e*-V^q0MUpbDRU z$mXpMBRVeSX@3F^a&@+0YKEi6l>sL${$!`-LY~4voZ(A0lG>c{AT&!z1*2E+d)`*8 z^a6L5f2H|4bvV_%D%e%k?huK&z>&w$JY=mOM_~6*w=5pPuV<{x|2d7LdgmyZ>q~|F z!PDu0Ky1;(#naD;V;qfs44Fhnu zw8JMi3s_nlgTH=fwf=4ct737Iyg%LP*ZUbx4WPR0HHP+b49%Y)CJYf_KM4RiKIWI8&iOud$o&?a@DFTvCiH6m z76!cEWaN+#?@VI^>FM`mTPTML(r|SBf|Ant#p3bqG+%c=Si)cp^1;U*H7f^>eeJp7 zmc9*iS*D9VZavfSXK~%ExUm7wdVMdDaLZZwwo+-p-oWC=;`^C9OF6aV(En_;%`p~~}PiG)|UonB58 z0%A?w2JUnYd6KU8nXR%T$Vl>^Rn7bkwaZ<*f3G024Dv6t+$&d}nD9<LUIA z0c`Mtq#GJF8iPdcHEUdV=l$zG`mV`~em{K5Yc#`k@3u$~$to(c8egcu@zHgG6LJ@* z=Y@E659I|_{PAmcF$}z`X|i~m{)z%4TcYuS8Gw46`iZ(d&%q>5vb}o|08e>fYe*ne?f6s!>O8&Y?Et6T!fW*!Kyl`S?ppKs~kQs{3$_ukQrV z{Qhc#SajKjbACDJMq$?bNT^RoTlhLIE=O-Q!f#OEuKIMRQ+64lq~%+C`r%;)6)xRJ> zDq=mE=i{{pWQwGzNbelRsE{5B?miu*s{_Vn`cxu5uYX|Nw<9edy!lTZYM?_R_-5cj zKge0V!yXmBW=Z0HFv7rFhCJNj*iUmq1(ccr^sS}_BFR0Pe4ddZ&L>6Uh0nba&Q^B9 zdemVK3HHOi9swf@QnLbBt}}txs58 zA*`o|yrrV+vL5}|f=!}0KF1)uD-=Rl!Km(%+!k7ncDd|ME^@sE(Cv;=uFQgku(KaE zRKtx2;B`|n#yNrkp|fth_^eJA`{n@uCjm`>y8NBeB$N##(7dfb8uD~@vUB1;221>* zHJHFH?o~rNUY(BT$0_>(HmbeHR5T^_+xStPI?1p99m{vt%6<@Qv`b6fbIyr7E9>`Y zo)NSP;y!nT--#HjBc0{^fOte$(+2@~C?|l%dCzs(ldZFLt2Xh-gii(%SZ*rA+v37I zaqqv0#n_k3W$x~k_EAUoHhk%$6FDc7Vb?R+V7v3&GhT{peFco65x-7~Dmjzus2Df4|>|9)r$$z$B-BI=Ghy0472E(qyTJXJ5=`zruyWk6%_K8Mc(E z)2AP5#P@Az?!@y=>KXAZ<=Y*NKm{k3jCb6f#8TJlLlDV)bvq9W(MDy(1FgN`vn7*f z^M~1+keB#+MXj#C_@tb`FL-Py3j05S=>er>WD>{5au??#)8!%mE496XC#{AUPrvE` zzg>hM5O_O-KYI?d?ah}UBnqNQS=B)Lv1)ryq^ieyA#|dA*YLmr)E5Dq8j&ShY}qP%<0oPHs^$X&@@#BlKPXEj% z1pz&lD@d$}2&2Y}h~IwxD+>Cn;YTWm#iGt_HS|2#pSp#{4Tl*Fs;zYeanZAd;D1Nbg zPUWqdVPOevG8h!m*u`9ZD8-jzgId9+K)2PYtz6g$Vh1X4U(wTRNCoP*kg8IOH}egF z>2$m|#BlayKeiOQd7TY}UDDLlSs6J5wdp!&ym@nH4p%C^K$MGF-xp0h?0cJZYfjSA z@H|Iwsle2BL4e|OF3bD5^}_Pjkn;@%^oXNo=4gG8&kM`@P(uZG?0>$W4h|-)VBDaGMyr*;d%)`q6dN=en8?96+dIpYKG>SJF?2Kq+O zs!5+t#c&9=T77ANC!u z4#ym1@3w@7$4mp7+d;08 zMrdqlw12JZQy3FL2ku6jY3^^+QgrTc`%DH&z4I0dMq+)X16y=ocTjI5{Gkb5JqhuTr_D21>*5-4gPyE zLn<2gO<}Jo9FNfU%g)Zxxi-h(ijF&4v@bv}Gv)YwJf`pX(U_7qG&+h7Zz30$^zasc zS=urvbKVNjfu7G-8xEFmzKPeW*lWh#&j9;nB=^NmS<1+U=FuyQGuuNgkfA}Xs9HR9 z?d|b26*`vOla;YazTPDH!iyY4oWSkbD*=o9)}ZiGB%_*amAB9mL+tBbu3X}?(zT_( zeg{Cu!TuuJZ{=4M%n7+e8!S?$@^?iOl7j7Yrs)Gcbl#?OOoHxPIIXr9Wo#R^rmbuY z&G5v_z3zwYJJz*9TG-t zEqssjAm&OFfWe^cAQ5S}TVN4#rwMKt^2pyrn|XKLb=S<7dQbTLfQAT#UuAb{lV<>< zcVe%Gg1_Rl*8=~Reo;E5vK{Z6J8{vD@DFP2882XVeL}N3u9*31Yy^yE>U|)@5K`+u z)ZUM^036s+_fEv~bOm(}h8QgBG3Hh^1bJ9KLEWz2PN)f*^lrqH)qOZL+^8zuJ+I?eFp2ey6ucsOz9$bF z>sZRnGN6KFA(B0mKz1SA`s4oP;`6l`j=zlMiD`j#C8WdVM_4D$!t37?EZY#t!GMGW zKf6;@n6Y28R5(Me?Q(aSOJ+M!od-DcTO; zQjQaPd8x2tfLBpNwelm@hi-057-H``q8SiZ$TuM80kZSTz}h{AUAPfGOk>}&R&5Dx z{j)MZ;!6@D2j^aT6tH%*SlPpyz+=CD~SE zI4t#DhO=htWA}hAZx%&R0EDq-Qn_*D_R2_s_I>R4G}x9`KSuMDtNr08E0xjy zXiZweDNdX{!Y#_q()C3;zvJN3uWMC<1#~D?NGh^0e?ROa^u|BTNiW>h_FW z+;FP;9x_8!`rV3K%4*Oa4#cAd(Kf@K-`8RIX&3b%!tnRL#;oN!zs)buUt{|;8tWlF zg808L_I&|P(cO^%oI+$LjI6RmZ_2-X!Wmy|PaD~q zekSMwo*wY7JYOiN6TPJ>+4qH?ULVI43Z6HE=qgXEssQ3G$5Rz=JV9u;H%tBm6Ho5L z(jVAV#~HTD#yx`NNSl3IC;S2fYw(dv9Rp4Jsa948Z*&p1Ob*mhgy0mRSbe>LkW`nD z%;<}93wLgskY8RP0CMs#c%DjAC`(9zO9k{AIta%pjyr4*W3rcJNy$M^y?th0;NVaP zSa1N~F8{QW1enDg9$DkA#9#A-CqF6CqTYf6$>V)IeFYdvp6&cdgPF3yWDM=zv^J{s z3LhmNCc+^csf+iO64_7u%=H`wV}n|L(=|_=F`NcT2ir|NS6LWK7F6QN_Kqx{E z&MKLRG$rmg-xoB#os|zW`*EE6Al{sudk3GwfjH#kgzNddsQoLP5LL=DcY-E3LGfaY zv7jW^Em*k5t|Vc|aMivr75V|E;&mIj^L0U>chc?LQKE+JMTf5I;yU0n*F)B<6Y%=% zmA(ZZC;FCplf9*SAKh$}o>Cr7(bc!kF)%373f{UHM>VUIdAB0tLUZXJS0rD`ie}Q;sNuxUSMAZYmy6Xpq-t!k z&XHqM^B7Laes(CR=Lo-~>P_96*M&pS{Yt?^g%Jtf#n1D4j}PrwWY_8Vl`G0viSKRD z&QDcQa(b^52OdIJ4E~$oNH+kQ$CTLm91PnIT*T5?0@w9QtzNyXOG;`$w?u6#QUdujMlUbGN zi%L^7Jc0N(oM)3dI%S?RyR$OVXK8NR%b>E{ZSQ$98<{skF} zKP7eFsRNzt+G)dBI*1- zpEYIK9}PME`xkoKIrekqn@d;7Ej%6cB@PIaB)F4jPaJUNCi4jh8Fc5h>=eQ2nZxE- zuDUd>aG>iC{Ntjk{hUIX>}M&3eukMu#CF_)Jz`bkg0j`AEBZPbdkj__BqQ~bG$7AxR z&wzuraEc!4x-q|OBA)t%+o1D+#g3Tt%8W|~hrq_pg^V#{fLwhczlY=;Jz)%y3MTpE zsdMb^nh!#1UxgRSq4)3F^#u%RKdwbD_=UmcLI1Y4WVad-R8c`&1Jc%42X?lMv3%Zg zy7&nJeMR#!wF)!JFD~ORj6{ZcaeWrAqs+G8`Qb{u&vd$<2l(m~_V%EE7wmM>WSP=8 zPaY;)!u0he?F%7(WSc(-V=>Y#h@&T=|D-{1F=;9SKG=Db^8Q4GvD$PxmltobD*X2P z7Y5X%55ZQP_@r$pW5aRWX?#VBu!-#}+5Q^Db^2Bx~(=R8K-fVhxnK=Br$YF@k5h zWygvDJ>IfPfA*O^Pm#-ym%4VAR7#2QyamA!Luv&z)9Lr8P151gz`p9kvg4TSVt!jf zQU5R=Pp$Tz0+1P?7JNhRa3k{GK5+Z-Y)MASBtI?rm8w$HRM=q8PkjvM_^j5tNL`0I z=t`rzRJxzbg;`EtBR`^KA3XWbdJd2I`=RA`qZ9RVLUB%Ff<)v#f8LbG7dl#`KY&If zE~Fx&n2fp?$o$;NDGx&bSUjr%^AUE85rK;tY`>Fql_RH8q@X*9w;Cde+`G(0cDKCO zbD;%&ocHeyzcL^RWR%NltR}jrxln=C&59|VVpVwXDU1w{>%MZzI5t|lul3h7f5cGk zq&x7tY93u!vGF$smZmt43{HTWWvtsyK@1Jfe!Cr*pMSm@Hr8-NlBYobzoW2-^D*QSLMLh(N zQdCElNNcVwBdC1|4(*!OyhqdfgLCo06+|R$56NJ@KCM@^%QT3T(cGneg;||t&>x7y za`N5P{N~j%8}ooOhBQKX44}W`P-WA7%rqZasq_tL_ugGp6CClaj@Gn|M7tklTn4=2 zK1-DE6VPp`|I8?5)@8(&U4MrCRHLkb$M4sKg&P0H4`dx)z-S?7;L^`o&R(zjJf6YB z64O2FOuJ8KofdeROt9?(?lPch`s_2A-K9fI6K1_78S6v+d*rFiZvnWkQ2K5uQZ4D< zue!b1+w}q?PG6=Cm>=zHn23r$3qz_pJn7jdI0kZA9?7MR-sc`bxaON4;DCIvr&@}i zRw!a3(lcQ&hl3si@z>5rt+u=rkMHU#z0O6%ZB3xmJ@gyN+WK7Q5aYix1{s~hs7wgxvyBt49X z?fdi{hS@ z`O#D(`5x%3#6gE*TGn^2I`H^D;h6oo$Iq#Qs~~4fAjpeMULm`d+|M|L<1rlAJ(Byx zzlBWH`Q2ncj>dv0X~7!NZ!bFIGy-!=-ShWgchQ&rrZmhB1+#@5^(bztegv8#xCkl{h~Kl?^@0~z0#hst@b*7?s9m;0Ut zz1>p^m>fhnzbkYwIc7Ycqk2#O`WQ-E<#o=%2-&y9Riqz9 z2pRCLcyNXdxMnq#i@;Lp6K9nSn0POH=SPHGP250axou4+c8GpBjy@G2-vV*jLI1g#i1v-!}zdJ>mX!D-q!t z)MbvyE+aO$9Y4^!IzmbB2+TqDW+!7g!LGJB^@6g4d9mIJB@tg?>-66xfuNP z!#`ujiVvnZ=xH&emU<{PX$SzU7AuD90W9lJr;+6dr6JF7pv?; ztUIX=+@e1*I`b(kc#s|E@xmjQ|0EmFKsx~1X1L<&dWH&qvqkaE)L5O-`tzf@$ReMg z(%L3*eK~+Du|G2SF!{$A%^Xu=kbZY z)%ti}$Y=0sqHeCT@l$G_e0>ory`ZxmqO+4u$3FP-=964?@=SQAam0Cr=%UW*rz?nA zu$EM?fj2q0cvQiKNk3g`i?)Y4I4dN~a93AY`z=k0L4gm+t{5aFCy2AU9Vn8aJr3jx z&f-0k%JKI^<^Ni?p;VUqQz3OEhJ~4z)5-SA3%FhWAj0aN*+1*iWuDkGo~FD#=;DyM zOoOLnPIo20A?%BkiUKaa?O*rrnF_Bb)L`~IUl~xbxX5`1w|nY4aXRQx2l7rAMaLfY zqN21vd$;}v9k?(1Wlp!7KrYXkng*S00OY_CxiUA`Hk>$E|+7A>U$+LRvwwPF%FuD0>ESb5GMMI-|SCdgd@rn*;FvMayYTdF}jRL4G z9%t;>_dVpH(An8gaHJL(cE@Gx@>k|VO*v*m`yC6DNcpkq+NuBDn^*icVg~%WUkHr) zb<6sGGQ%LZU(?jw$MKJeh7Df$3G($}4)xu}rSrSLxg>U~J{WlgVdHsmCn%oWl7xH< z1%5|e1co~wwy}&%sBR@Lzbyyt9a16diWGYS!Tsp6>qnz6zbF>je(CSR9=MIq!$47J z4X$bFT*t;=i3r#&LGAd1lHP7~re_;`dLM^W|H+o>7!C&_3L~}EhjMPagFD=Fj-*Oa&sLRE-`>|3K1*UGY#D4_i!`^I zzo?3e1^55nK)fJd@5A>4;%QW$0~Fw7_r!i-i6B7JF@qtA$!Cdoem*AJZKDAnb_0B1 z-)6WYz=mzyzxAhVgy5{M?+7Y~$HZfwAmx9x>lH+OjDOz!j58S7_#63hA0uFC-xwI_ zejrXf2%+ZW^tZd84@WqNz!}EvDa6*=@pagjdnsJ(NBANVVQQ)$+qYdgEu~yJTQQ%G zHfTPOYN3iJt=^!|+pqF{Zf9)S*cb)o{t(!?frp6K(TB@R-q%q`Eheu0qPi|;pxHy> zE%gk!GJ*V+5fvDRbY4!6V<#D_FDduM6`)^%^99iXh{_~@pKXz;i{>LZ5pIV#KinHJ z<$=faSs}>9mVi2FQ9)7;j5$!ZChqUy_*K0=2T!J%U%_4q2)Q)nwz%kw#&GvW&%P`O zpem>*C;~Lk*GCRB*JT_ZhS=8+CQhfZzw}`35bS zg*{hfGB8yvQX_e-XSZ5S4$x!n#J=w!-XX>)=ARC`u8 zCwum20fZqG+AqI-V+C|6?uMUYSel{#_|D7zC`0@{0u6+!FRyTyLo|@G64m^vBc}Sq zme{!Y>S=*7ohLJfi6@lBthD)+-=_fD@PnTq8!yfj$7jzp+%6Y};vm=QoCydXD_{2W zZu(X|1W9@8Fr5hUN3Kv|o%rXGU)O>cq}$nkU4e>mm1nV`M`!`wLTWMmyl~OR%U!C1 zLMcJ;mGiwb_suw0xgU^g)7N6X2Vru3(L19rCVFcVV$w5obf1s`1cUBYa9xi510ZPW z8RD7`J!L;f!#cwG=)&!je62_}(?Y}m(rDVPRyO{mCR2mga{Zx@jvYFqZ?P6iE6D}p z7i76mICtM&s%?L;?lGjERSULhcx~p+;o4*>S+<+l+BSK*zBcaC7BFf4VCNpWhMurn zeM3F(-PG9=*A^$)+PW+U`yStzzlRmJeglmaPyAL%$S2IZfUE}h*U5eajpPI;c<`pp zP=3DB>rtd{NKnAfgO<59jm5n5!^bsxvXG}}!mqFhm;LeMtz;xsy|{k2=ItHzZ?S&O z<*vMd=cewZWU76--8V)yT`bH(D!2V}eT0|Wv)#hNe=++SG=b{Bwg)LW@@nzipY{+i z@BUThFDM^*OO2$749PQ9@cS4(l)?A&4|5EUcqy3Q>J-mwSRSODp}ijBrgeY)ftB!s zBt?-xD+@*eAj(J$BnS4j&I)ytoIyo=$D)!h5a)v-z&_M0IQwl|2>x$o$&Y|66mN?0 z0a9tyFL2#E$@Wu*w#|MleJ%AIXY-Y|o&qnczx)c$<@5Q5gBPAcY58^tfrXW876k&s z@Vr*aa=z&LZ~0j@TPAmuq_pa6KoX4E*Y&jDg!#>zNzRJN`Y!61(^nMuX>a>d{WQ1? zEk`Pk2`azrYYv&8_FM3Gzh@cV1Wy@dHX%{LIo}E~H^bzGJ`04pK&vOj5AVC`XpGum zru!F2%TD2BW*O~~-lQS(lm~NxyvUM>E8$YWv3>7Pix0-vQAd7C-SsZ!p$XKc`=`+K zDY`-)=A{H4G^P28?vmxQM)mz$#Mlo6n`g_(07HEEkg*Uj`fK0%>^DNleW-u*2tm3K zfLfE8xX{B$LTAN1TWU+co-aY?VX?Qz+x+1Hb|sX9Q?aE>^v%G7g=dVJ>dKK@i?(M; zjDU22G62L-oci9rLbN1j9fe&-wuJk#jY{ zAMr<6Y92xwY_$dP`9#mtNlGx7&LZDD9m|#=dgFP^%s#iz5G0MAY?~yWvz~_bOLM|E z0D~3(1^`HVh2XG{$M-4x>x7i2`{U^D`{eXdSaXh&;C13Tkml=!+joWihNeIcOdcG{ zzguER7hLAL&-b$;M^Da%fR+I__cklUZYj+EkEzEsGnTv3DaMWN0HC)1gz|nqOas`b z>`e^YiT79#Ppw!mO*nCP*hM~1k2GjBfN}Xd>ft=Z^R_X45{@n7HeeK8+$Nu zgH1b&VoAeda&+e7_tmjc%HDkR-%bmunWOYz#&GBM2;8p14TvxAlCe`?|((FNfgn=1{Zd(>u%?Fi2pE(pQLAKZ>fBKu1OCjiSc^|R(ufU)II%}@;z)%t%|Ta2-+zs zb)3E~%oi)cM7lR?|DGNo~)@>p*Q5z!)rx*!`1S9ecn}AKS8hUgq2?K z09Dqf+ylYmb1ys5ZG`^llcy6!EgMSlzc7{P!r0U4Tzbsuer=Mvt`6n;4RbRW(0mRQ z+-)-g=<##zy}&rrt?+rCGcBlrykX8rxpqOQp<$R7B!`YCH^XRu)jY{DFSX zl(}vnaeVp1PAzP((mO(CK4)AG+PFzKm(}<#Y3DpYe){7zolkS0_CNYEVW0(Crqd{{ z#_lvd0Km}h+kUFU6)Hg1ZYUJ&WBsM?!>wtAeVBt*qfLd6ZlBweZawpv#MjVJcpE!o zAMJ5%zklz{z!cbIBF?Jq`6I@-zj_)#fI2QR$TO};3=!*MG5 zk$ii-GxTL1O#EiE*i&AxzGd;-`B~C?c)&r}Ti4>pr1-!L+*X;>ndefTFRR*Bg#Nnd zp&;Ggj(S+j(1OL9#j2PkQubZm)t=f(sR^I1lr`b^ce%rta#hF@ftuu5yM%)L?rE+} zmVFYgS<|?u2j|$qW&F(V8#{hqj4{87!VBKWaFYuh>+R+mngs^}D;V0*?GTYvsg(Am z)0*=>KcC)^!tzL~QVxlYa59cR8$Fceu*9$Dz9ASChnY)z?x%ttgLTr+_HAYLWJBi& zzcxeYLU`r=)KeZ9HK*J8c7&wPzB0Z?RTgx(DjqJ1JWCi5_V*cS$3Bp+#8f-?z%uM${+QDTXbe9V zwSo9bd-WCFu<;63hJ8Qil)f?4hr8D>smhfCHe)}sJ`(8>HTW16n(Ho-EveEm8ON%) z5q+EA^i3t?<8AJg!qC>iv0O!Q;peGjBX{#d4mG z0(O^@nztHG!^Lc5?`=L=Lmhc4B1tC@-W74=YwmzQ#nqko`uYN(HU7-d71>xJr7D@R zuzGy_{SYy}(TSsxnoR7^S4OBXWgV_ty{BHxK4Sd_`>@(g@2khSC&}F_zVyCkzF$>@ zK2@ca9QZe6!rs$wvft?kauF+iv$KmTgqwwg4N&Q~N zeKnuobfU1u$Qj9Z#uW;R`~0-@c$=78BrIu1H=FzmV;I=Y{P9~CFiP()$%&~?C3>m# zJEgf^lFtH7o@s=$60bvweJ~~{0Z6(s9FIg0Zu^qPk=&P1{+v{V*DOl13}C}v_;;*x z_|OwtZ%0TV9V3USrP`Y18)SIvSF#SD%l3I|Wxc3D?*~ zqdG|{17|5~Fda^t7m)U!q6igSn>Tdr*e@V7n}qyAO)Rj1(NI zm>SxY@N)`g1!96YHuu1^PcZQXB}|6o_384`V*!DqlMpz#TO7NA?C#qr7G`qc3nTIP zpbx4Y(O$Y_YE-Epx?j0j|Fw_DZJqBfaLw%S@x$`u<#Ahot=jP~2l=ft*{YU*bSkLp zQ&-jMbEhp5`yfAoTn`nV7L{^e+4m(00Y){h!5tQH(vFP~j?=VXepe1p8v7C0ur^?o zL=kb0_BmU=ukTMn=h!UW^pLRILvFRp+`7%EHxL~QS}tAcNwAd1I;d7ebflevKyMY7qrW0X8e$l)DR$ zGm+APT&ONwSe0vr&>Oip&M+~uGw-x{2^5;Me&s4ZAT9)XCnEOne$<~N{*=`xdcB%A z?x2)sO66_)Y^HWO0wI_f`@Jtu?L2(nMpbjnb3ZOc{h+`KBy+5_oYEJ!r4_Gbd3qWu zW!)s-p&;Uk`ie)|01xd>t`cGpLG&sB*I8ztPi1lYb-{ikDL1>r;LGEprUJJ#{n#xo zL7JxLPMU#hOetTeFvt$j4;S6zVbZliME*zF!Fr5GHP33k;p`Ig;w7vi=fp zCcNsL=i%Mq!kjc9;HF2eujlJ?;^6(>T0b!{fA&7ZgC0m$8P4)=K5jRb?a-Ji(QCS+ zXmb$EZvUvca|qST`$>if4niWq=rM5oDg$d(pT-+1fJY!z_thIeoCRP7blIN45!%0f z6V1U7Tu=o{did?37Qa@Z_L}>$NVV?q)D=?gGNGP2dwpuVL`w*2G+kfe=Va zr}DXi$q6O!7sy#PLP*Hm6SGc$tkxCv=j6%&N%rB9Me;^k7i*P?bplNs&SwZpG6Grn zMJHBr~!vG#evNdfk?l%!WP0G==-Lwz!Y8c+oDF}UD+t-XsLYw|) zxoFdVbD-v#9tjZTT&o^`Zl{dg7`dRqM!=bVU!~z*4hydDPfwKIa|`?|aZL_~I7aK- zg4blTIRz|Y@rxR1l!UXU>jAG`&$`c7zvp<@P={lZgAk=$SLkvJ`}hd8aiYGi59o|< zI1hR?!}a!=p`!(lp}gy|Reya;!ms|YInb6UYpmgy`bvn0IkR34OMmW%ZTIi^V6%=YuB8>2c?4jkM;8SnZSf(hIG@K?&(uVMPg&Rl2pho(^b8HVIz7y3_b9sKlLdnswj%`=e%seQ}VO_eN)y?GCLR2clHv-<2&Zk zM1FtpKKeUj-r4gDF8OuuGYZKyx-d{0m-q|{=w4Wf`%_tU%U^jcAiIcnHED)%=%a!l zFi!pxT2_HNw^JRL0`9SY)>3F!T))i|{1K^ddCGXe+HdiMXX+U%<3mT)>|VUu(97c; z)p6HZ!5ImeFc2mzIL@u^E6NY8uI;+mRyUlUErj1Tnz)q`Neo?8(;}srv-2IieL7{* z=}VsBWgYm7`Wz-cM#DKcjeppfIXaMRo;DYls22Qz&3`XQBCNy`8jc(aO?rIf?ctp( z8<(lS<@h7b+GJn64!zwOIvIrm-|p}`z>wR0{@4)TA6fi4+c5|NlIMsD#;K(fA}w(KDWE;yQ+>Fj z3D(wokOq&9njX0N$DRfNr&a3hT&6B>TtHtIxCdJBQGAl!tE8!qtzU?gd9>+1a2HXs zu5EF--XQG{HgD-p?eQp!QN1|dma4tw#P-k6R9a6ea}x_fK>{T|EN?@K5SCAcafn$p ziK^9a$*~n<iP38C5Q{qLZ>Iy-yD`L|c4I zvO>=ZQp(pnIqLwj)?#*J-#HlqEd^jJ!Zm>dS$vEO%-({IZ=AHr!asq|D4e9UT>%$a6@~dc18vln7+=fby z{AY>1TJzV;sUna+I><)B-B+L`bZjL%eXsXOH|AlIEyG~<;H9xUFAm4nRS!)MHY7#B zXt8*km-p#+Ptc_RE%S-zRqmm4=H{GWHh5x2{N;BdZK=c~E%+4s8mm@ryYL-fz4T3KZp3d^`7g!Z5_AyDiPHPvs;tc}9M@)EnNfpvmh>z3{C`cnpGs$h)s}toToK+d{ANoymQC^$calzPEF@Qx-u13zoz8nHgv{( zFR!CuRs(kopRt_{Dab5vGDR5$d>q`mYT|}Yc&8Aov0^QMSdMbwet`6C?RY~d?X(V0 z2&aobxhN=05-gc<4v<5dVw&_oB&@Xot>rcADH3i9Q}-3btcdMAto!fjb9S{!ACA5Q z(9bk+>+|FjrnvB5pK1yx{)F0<<_fRYN+8r9x1#}!=aT?~aB|^q>y%6toyzq&7$>w1 z@X2qHDi+Fcp~0D>E(}~bg<_|9spL#o!V3Nk$JK1yRyvKAAH0kc|58RL--ki!5D5rW z+1`0$dYoE11`u9s`=Tj+e;yS~+e;reV_~jxJsd#fd+qbA%?&+MuRd@Y7ywpe)=Bt2 ziI@CE|JCeY&uX7ZrW_Io?1g)?9;?0>(BH$+1~v!brI`o*ZM$oG4(SQn_q;rImihVI zbAOLfg~_F;L)}Q{NAtc_UYfMOj8YRT4algdzwSHIg7=n0iZEYna{fF*m;vSgSUR&V zMUf~7|0R+AQA9u%5!rcT7etUvgkL{F^_ElzSeVmtBXO=-DA>E;dpXtus$V>D({wVC2`~+gJZh!Wn%dk#}9Q8iJ|AzPf zY$8!RX>n_ zpKY)&5aaoH?-LsNMnA#fY@ET%fGBK2(8#Kc#*4Lfr{gRX3;e0a#Q3USKsOYH)amIgJ zK3AL3qf=SRu9vb|UtKV*zlJBaA*G9UVB+E@qSXWVp4wBzI|*Sc_`Z3;ga>qV1NDs% zAJ>`|`cIg_plie*3@$&*?M8yTIl~m+d%wD7bj{~Z0Ta&EaU^WsW(bn(oiP=5s?hOf zWyg>tCpzcfAiCoKP4L|E9E~6|D=EKEqdZ$w`-xM{e7D0vk{7vg;J5R*^H;VfEfG?) z^$H^`DLnabO_1OLo1Nov;-!Lw^TvbBvr6$-3sS9=q{8y~!Jj!H&K?YwI~{`J`MdR2 zK8HhYhmgL!m-%bTl<-WD;K_Jrl;477&$xFa)AfX7?>yIJXxHDB z!A&SAC?1|(C;o)02`%-g%CPhDAS9!)mLMIOew1&@bZ__CN0ak{9r2NxFmP4eSI0DZ zjmm(f@jAzO%ELP{Oc#fa&iPyc)JAm3<`MD3=Bb*Ptq@dx>9;C&MT(Hs{ca86xdMN) zheHX}?naigwL8Nf5lHEALsU~{H@7G6o%7oeW3{a@R91?<-#v{PgQ)b<@9u5L=<;i1 zYOHmyHAl?v=kn8Sj_z)i^xzN}8qb@OaCt71#Amb(5|;MQ9_J2PsPifI&-HsU`~T>D z^cN3tcfP*N-lLljyjc4{qVx>&xQZ@z^~amoKQB+&`5?C@-(98x(q|@%6r007?+h0o zsn|W$B5Z7nu~#;cgm=EVQu%g=T-(n~kW@#OWF5m~a%XpL4Up$ARc>hHlK@l{?i%iN zJtjyL$VKQu-h}ZTZine2etntgkR8>;6^}VwH0DM#s{qmOr}OACS)85^`>jel;OU%) z?=h~LbP(!e)i-G@CGFn(aYC{)9}&<%Ci<+daXKm5KXS+k37MzOEb?typ8gm-L)YC z<-RC!OGu+t>r7o=Z#a~gQfYQihy*|?>;idOll`2!$wj$SuTi#CLPDa!<-R7ym6Z=(53OtevY1V!ZDRL#r1bFhFqlw<9R&+$zJ#hY=RnNT7 zO5BM}gEv{5P-08G&4CC-oW7ldjHA;^GsgP*}(NHl_~)b*Vg5%*gz&k!Y@2ME`txrFWwNki+`JHirfv}Y3m zU;7pJK8LpP!#~zr`>4)m^Ct)Sv9*Qtdn_^NC5QyN+uVksBXW!-LdOeR00fVir5`h@&4 zUr%kg6reC%tbDxIkHyG16Jp8p^PAd7BDjQV9D4h(-g@%ko{st^I4w_J3Rl0nePoke z`Bhuw+qKL-9pwiEa3EU4B55*~a_-)DhEbnuW7Yi8YkxMxb<)aSlWFU%JR zd!In1>wTi`Lt$I$KL~qazR4xERj(0j^k@Hm$er-TsJK3H21h<`ep|Zc0(bqTZ|M=m zEPE<(FeG+5Xb@dI?rchQj9)C8u3b7b9>)7;>GSfy9r37eYqVci+G|V1WnCt^cH>Gtdm%7P+_nN{kKnnKLAv!&+O_s-~np_ut7o`cy`ZBkr; zh(U&H2i3Oph*#>4!kM%`obZ4*R{X5^IdK~92_J>xcGL_La&`GY`I+w>c^-?<#TLWPg2)exwgn6~ zz!##+CYT0^b1Z-rdV9UT7;KdCduC)`5V^2Wq6JV=Qrx?6-^h;(+qxUgK!=dg$@P^y zt4^ADY~@ppvuNuF@~iJzSsztCu@j4z&D^!B0iIKy1=^tW>tg6#@tR^TTP~^TcDj(WB?(lCds@VHmQ|H!$?anq4Q& z@FaqTyk_42fF0Xb=x z68)Wg`-r@!4d&}TO3(xGP`MlgH+80rx^pG=v(8gk$V7ET5{H?D}wR!iZMyDxY%)HCwV?qkFfQyY-v9e3LgWdg1X zbXak$SpwTJ)`DKieSRIe*UTfPhpRn=eemfBq>R76=*OIk8@C`p8eg2Ry-lB`=kYV( zt9Arvnp`Z(Y-9%0gkR_Apz-QVu3lq;8}1PqtC|HrCTrPFUM zxX7fvKn84WE(WHpgz|dcGR~j?n9<)88ys6!FKZjyD{(0dx6@h8yLZ#=2ctt$&7zGh zai^43ygy$K5`PKyS%sf-fSMF+&1VIb&IJdIi|oR=7~k9H3JPnsMVW>>RKR{Qe>YAR zkL*M}RSwQW?A1GuHByaT3qR9;XWvn8=o>;Xa5(RG4a#a+uiF9{9j84)W^@sq8ywFy z#=b6-HtkTfHeb*$Ic{XCN^h<{WltFE4`m z`fv%YHiIs(FXGv#Wb56VI>6h)J-@~svLG1edTC4zgZup%s!qlxPxaaoMbV{JJmyy| zBJzxTlnLCSJWxIH!P~@rK0dwFvW2D}L|8Uq0yAcU3S^eNb0B;zubWWj<#K5JA2wd* zZ;QmyCn7%7A;h&Ui2Pm_(7g3D`Z%<$uWe}TzA6;yHforsxW@5~g@907BP>$tch=D{ z3Z0f!MQib}-=SFKvEZ|Vr9BPn>&MR@ThPY9hkaemIdhl`4PXwS?kR$By1!sOD|Cxj zd9*M7gpW{rrVuu4Mwr{faS6f~y1KjxLcfhsrHZO8ERq*5^z&PdweI41WUToDpA?~|B%QypkWEv#xkK2$ncZ8-0}HaLa(`9>kkBTq4#e3UzX zt1;5N?{P*vCE&+LeP4;jmz+@fRDF?C%Y;F@&wT!F79FZ8}QJzmDX^Aws8 zHulwDJ%Hqw$AdGS{c>Tc?{SiYZJcJ4v@8K&tp!Ct(iBVQH86Mtw&o9o7@m&b>AjLe zE8iYj!@M7{v>{Wkm<|XSdN*gy|K#GLvtSG>OS?#4!S8wVHyzGFaBitZJ6&L;h3#wp z?SV(qMQmOI@BFfT@)9HR0>==j{hLm7uZgpcI?(5q{X;|+QZp^YxH>D^wW(Gkl6dfP zW)4aU)@7F>cfE)7hrvRm)PDT%hhz)5C0UJ-oUO;#r3{@dvONKKwm&Sne*h=B#!mIf ztUJt?Cn|q6*Be5v&+MffQfV3-W4_)WMjrCndLe6m*F#HZ+PfoO+LJ&Im~aO&_4A5U z-kgX4pE2>OJfQuy2s+!Feq{iXo)M^O1+win`nCr z!C$KEnT>- z{O6MWe35?6vchUXMn~^15!A~`t6bFE19swG@M)Z?r8M14LV^IY%);Ig+#k$|k0xkU z0R1)?pd(*?_G-LI-afjQkJpe*Jt{?^!C@Etan4EfF*4*cilb6Q&UZYFCxUaRGq!^~ zB+rI;8oF=?R_i3a$US_y7kt_x_)A9p0wJ&;^*+)dI)H$quDh1l#yXAfw@L3YQ<91R zioJOI_BZ$}o^V+AVj$b>o6OwSw&A5`XMQ?Q|9i{s9aos!RbzB2iL7_8?+pln(uuXZ?^pOE?00>r6S+QGIAf&rXPk3 z;nK>GWE0eCzaM{tJ;Lyg^XCjD`Q3D=FO5fzc-)FpjsGES2#z1|fq;c(IPKPPsY0vt zbeCS_+7+thH-h*9)A1#i^U#$^P}*9EV&>6FaZ(x|sx$-*<%VGOi?HlsX34XC;kJP$Ek`Yu zs#0sX^`-1d8j75C)xyV_N#1hg8Jv4ECS-|=1@ZZP+CH?dryrm1EFL9N4-s{34H@=d zSer(J?>qSGRGqBEgQL~&^|MYh;&`6p7tK-aha)T9`=MI3;RR$vyZ3&!EBd=)Vkc9G zD}%P!#)FMeUfq{aIYH`~adP7#UE}x57V|!oQ}^kN7^6}RY`(cJ&XCjlEN6>K`mFV) zy4Otsd$ydU(RMd^gBy~uOI~PhmCiEcS5wQrtOX#70nkytuH6F`3#fsG2Xo&lNNPdi z{K6wmZIiJl{YlT0jM5o= zC*o^Z>P_y{q>H$ZTd!PMvlmd2N~!#ji08}ex7sl_nY&1-1b-k8lX@imy@ZA-HdWYp zh20IdqT@AtcONl1K?>^L>3(}&Uk2}3`ym*8?x?Nqb*vf zfN$6kLe+m=yv^GS1AJbge4jGuwr5-lTDcFgMC6lSU%6!IP9>4#*LwK$ZB>K;Fu^~e zB^NJ7o=$T4hEZ2aQJe4mI>8Je=S=4_9ltH1I%k9T_kjikJHpmJ&VVaClk)bse?R?n zW-!Z*LM)gWkXu^N`}+Cq8@4;lEBTA(wn{Id1NB zFa?A3f*s`9sogq9peRB@xq zfxKW)739tFAi;Ooe6d!=N?nLls>|rwOg5g|3xr>yJk%pMnEZaw5ypnbl zqo4~SIlFSNW!MMKR}$*<@eT=dQA-$8L2Y>#4J2&rQFBTC2{E+Rnzhf%=y6HioJGx* z#mM4a$@<4%)#^Ha&wR;l86U4H+;oe0WKy{ z!9XhQGa?TxDl_w*+V0X`>D)_MWamg4hw#QXI$9f}D{(=nX&4pVr(@6)V~8UtG=GtwYi`AG{G*T=2{|MVXF#dr=OPk=jc`e>hb&z5*> zOTvjqPho!ns^^p47wT@QOYt~~Kuw2nhld!TuHb)4$y5GYJC(Qc<>AG&DwJE`>n9dBWR-@1xm>R|KQ>v5!#Lk~C+}zJ+9F)>p4U0`Y-*#Lv#*%ukpocQ|BOlg8?~e!LF9 zA5z^xUR;t=d7nE#^6q?fK`9T}}v8 z{Z7XVxgro^Q`m#fW@80A+Bzzpdq5V+%QAyTn6#ETB{+Whe7lD;cv%P%{DijB4Gx)} zpSD8a9qfDGS0A&w)ZCvuz#C3Kl4An|ZC%;uI8f-eqVXn1P)gxnpf5b0ImuiWPvZQ% z71dI6HWb3=uQG4gF>fgPCimDRlB)Wp6(8N7d@} ztO(+5&6FmJljLC&=V5PUdo;uq!AfZamR>^W9?IA%TDndrbcD;s;S1Zx=8pyE z{G-=GdFYN5w*f9WpVS7l*YC<)hp(~^C|hCkV7X3j@?4X)8u+@~VsoA>k~obMw{T9U zgZ$7tfCU9NUs;DTn<5G}IBsBg*m_uet_Zg&YtU_QBp7nAUX9_!;=&_>7(uLl^et~! zo{qCqPggQPMF!A|+!IWfHXn8=lh}HU@l9#^l%M){kxIU^n97xM`36g$5afaGy*vj~ zuGShP6oBOv3EI-rLXccaza@JwB;GIMUM0?!-e^RE)%^Ooy8h;<;pey4Y^PTgDSBTa z6*$gJ{v6N4_8pqJqWlVh;KeIxXxq3|HrpTuGF2i zIgB;d(w5?=TS#ive(mT_L0xR?W{Q>0MW-7xg^HvW`E(V4I4fT&maV6m{DpOEr1M2w zCV6irmPd^z1R4T>=GomuLwx&DUnr04Oubg&z=Ioz{2%rYut*mB85^uCHg_EWd-iYI-!oo^jeX#q5z(EV<1PUFnAVEvZFIeB8 zo469SMhSyq1lLnIg+DdQZZbcOX(D0Bm5gMsT403@Y~%s@Ok4J@YIrMD8(HB^W&9$9 zJz_!#flAM>Zwik_pS@5oqgLXm+sWC0_Mk|rqBTkj(DLWIeS_o9XulSbgyLCpg3{rR>$f7Q4%xJw}$ zdLr3z(yhK7O-fqF0iYDjdTkp9CG=8d{B@46MZRi~CKP+@C@-!#X&t{K#W*5cTbJJy z-LDxSvn|KR)c2%7#HE4GlFV+q)$^Y=We;u=xOP3L--Us--^C$6>zSrNA8#wM^bJX>kS;wH}zx?VD z+;ZkFD^GIhz|tPtYL(bt?ecsM4LXvC=_&!<@reKL3?@Z+cK$AE_SzuRr7}JslWM1s z$ZzbIPs!Oa7pdN>gUI@f`XTjUoFkJV*-|7CW`!V$!DGY1l z0WbJ#J>{1ZdLHk61Z=2(E0 zLdoJp4MTMAmEgbu>)fv_vAr-7!tvT3p7+F<*A}ff7@nQE{9zSjVS1HX{8IJORx7zr zltzLr?&@n%i|&uesXWQ5gL$y;nhrQ}1$4d)>ubFWXk7yyA4gWgR&TSC1 zWZ$0psL}7;Kl2y{7(AK!ZZOSuTjWn-1ZT`Gd4%1`03YkN&u%8vOLyWr?x!fG`|p>R z7JXQ+0iiiL(?OB6-=Xl)*(tx*Rx1A6Yjow9S$o}q?!(BYCHY=7;F3g%hiDPJU-8Ex z2l#Ye4aomWCSAgw_;IJl8?OKGf&9V17`x>nmyrjkmv_8>K5Mo$22k>>!L^vHC73qW z;kh3&{f~u-I`zB!F(TOm+MimvY9cE4RTwXq;kaLCk5}@&v}cY+MsAo`gwb$6tX_?+ z{o?8~gBw!n38fD4lB>CB3Ug2It&#Z{4DN}{8GcagYs7^z{IASBzQBU}SB0f~y!Lt+ z4Ft|x#8Oqq_oN-Zppg0!{SBs=zOx_Lp6<>}uvKJ5mO?;@az^l&IlM7hj23=x&({;uD$wvl;N}y^TTHc6H>25kb zmG9)G>?44oRFRG!OrYpnzGGy<_Z-H!Yc54LT#|ylPZoWcuBX1=hv8!wROLNOA_SG| zP`^1Tr<36>NfX|$`Id!`{jvs>oc}1)C;asJn)FzPNhph@N<$ znHX=dIPUwvvyWl;6HlH97*KP;PUO##8of+u)HBj0Xb zeOpgur9}E@rk|=yZu{uWa4Id@M;;pC>M$rIe+M2O-!GQK{ANg~9^Uxg4H88Y_nHu- z%KQ191b)8U6sp)bXH~b&a5ivmZYPAh*DBUt((-&lOG=@45%-`9@yCGaf>4F^Y1Ya5 z`IZ{eYKC~fbALnm6RvNz#lPXWEmQ4WAWIhugoDsYCX8PA0eoH+`wl#7t@tytWt{!N zJTIX_ub&Ec$pY;p_43G7?{4A3L&M;!#Wz#!nIge$l`=;x%pbJ=G<8i&rrAI(d)I)v zuyj9TW*8*%UO!{m{LaHzTqvP{$6@8Lo5}}6f){S$lzHqE)TS}2*!9pw|D7Mle`Hy9 zg+7@qUKIctihFW>sgGa1n5q2Xcrv#|+}FD&vOjt7wno?Pa6!b@D|#fM>%1$ww)@Y+ zI-UlueI{aQ@hs*L!66vM-%VJ^J~d68RplJFEVnYOM*|?$Z0$*SZ`b4?N#BNOaD53p z3@7a3vS@bKc6TVP;~d%F7G4yCqFe<6sWgP;QNImEw>_KO^rIff3T>(muF#L zLJFLwDT_fHQ~S<6B*>z**~e%Ewe?JGAKW65RGapd<(UNz>06VT=wbf z7VW>XLT#nFS33y=j0DnUD&(oYz%n>|1s0fu7vm8I4T#ixxc1Vl@<^S13zi1uG0HCq zlmU*`$>r8}+c^`TwWNfG0YV)$t%``C_U7SLr_)CY|ScqVxYcP~5WXub3 zCbg>#dAvAPHTA=&BY@MO#t#~t`|8x`joiRZzxYqla=RgY=*D^Pj|Dz9WFqfw^|-@= z(V(f?!A*|0ZhGMIRA#Pgt_xBk4Q|Gu_~je;~K zWzzQ0cFBQJ<#cL}$(^vT7msIPD1^rL2bBx}srz6|d?hKoeR0Q1=T|a({x~#8{;CMC za+t-d+FOF5*{G?6K}w%MrJ4t)W-M%}HL`RFaPmR48Vu>oJlBO)9}I;ITPr?Z9&}L? zu)sF|SoR;yl|gC^eC4_Hp${%z z(7EO!X)!c{ATL(>a)#Shff^D5Swki;5tsvizW`yT-+%Ur&P2gvtyz6U;nV(6``iu1 z+88d?DkJC!fKFCUpdA@=f>pG>GIUn|xw>`92D(_t{f!GQ#f730N=f;B-{rW-f)kZ<{Y=3z=&w#yP0aAG>RS1C; zy@9`d9-HDOEm;ft;5GCfi$Y?4xK@G3m~pz1^O4A+Z$};=ciKyaBI;z#eewGZUmF+L zjEx6z9OW~1)e5EpPvC1Tu(TehyX#ixuf9(yV1c4GmvYST`tjW((;7If?KHoeQ*jMr zhIbEM{%tPfFNTn zOhn1Y=QFRrhNN>9;4)Xa+gsMZO%s%Auj$jl^p%LXXhCrx_9={#aTJ zKTihc5ZSA&0cs*w!MM}& z-(knGy3$pd8!bk2z*NwOyHm_NT`0djVRzzpjoOd-YJDuFnq%;K*VpTQjrr$hrOrp# z3(nxoKhQ#AQ+awrM1vH2BS=ZO9534=Jstug>rA4vIw_A*keuU}iXKSM4%;a2QaCg! zPPkTt3w&eZIJNe-wdH>#{su)-3 zfWwM4`C02OdV2qMC;H_k6YnLBt=PZ9MJ$MqUT=T$J7GLZ$M39zGNB5mom zq)FO%bq)E;YAD&XkG28w>AdP3XU<@Dc{f=n6J*bRv6oAv8;}Z ztf!(|mUGIul(r7VU0J@UTXFw21X>JLNG;Zjk@8`4nj=Z?MbGgOH2bLnBTYNRf{7ma z zg~VdpwVv0gk#BQgEM3|^7tVM6hw4CM3`tm&HSajYZ)qjCL5h(HgY)+n?Q6wU-l+zDd91k$Ybk|1$-!XbK1y`Mkr{{voLDJc&X6ds#pIJe?j}ft}t`nzD=R zyHwiK>*{3(2Y$HQC3^aj_xNGCK#NFX*&$bEcp%Q+EA|--6%AL@pPc#175{L*4A$?G z#>9cx!`c>!>9=r(XQ$ak*xiC4p6lEDXz@yNFEmv@a-gsgt*RQEHnA(2cBk?0%;{_X6N?LGVZ>{cdj3oCX&z}Vg`hp`YhC=H!eNY zRz*E~eSP;c6|nC!qNXotjC{pn>*3%wT>Dd#689WZFM5%NTLS+=&q#g9$e4NxWpS{4 z48q4wduI7HRKWY~vKxTD4>R~BhkAB}#rA~((HdFey}_5TFsb_}s)X1PX1koYMj0np zJN(|s5qKYvWbiZTSqa9&l~U}GP6r|z!I-AU&+TMB5M_YHJwn!q5`{3GI#`fwQHuAz3r1llMLHKU+b$?j? z1LXCGAVH>ZOt6s;W^(rm)b7O3IRa~p8%HrK#iit0&x5#|GMz}c=N0im(kik$k*#f9 zlmw;()ST`K7bD&h;R&BX*bB3c*pKdGpJ;Ec7PHIpDZG9DP@oS;ERwzF4?htSA>haN zNBgGy7$Q~x8zt$$O_RcR>2<$X#^~62*0_IgrP0oSk3uY+RU_8+&iUhPkas!aGsN-- z#BeRg4Qy@|DJAn&lpmgD7T^oon2(n4-dK??_1-g?fgHb+vQ$6Rh(CS*^cefc4N6k2 zgIPHtVphC^vT zW&L%}IjmoyHnD&Ec+pqx_!Q!2w2I?BNMxIb`HQ4!1c(fh*Uq1ts*#5;k7(8N z6BV`(aNwMfeYzo4{);w@!NfPJNc`@XR=~7Dcz1Bz<&gxUO#8I?n+sOn`)52o9b1Yy z2aj@-mREfVqw6`|UKnIYD0|~Ap+RqsLZQ}HhAXTSB~dEt`97j2)#QG7FsZ9x6MlVK z7gcm;m3U)cAXTnjClTK&1^jtqqgiNgQzE;MUV^tl`*^N~7-;m%0g;+)+I7@Knc?{g zE(2BDf85J;m@PLQ2fByhHSPIya5sTJ6UtJu9!RV6tazJ%XcWE*kLKCX?PR+A-Rco9 zx!_)3O04ft1dG(ucU8UcBG8mc>2*v=*Bv74hwMEIg~eZC$)O>g3m|l|(HJ0yF44lc znk8%_Y=!wmv<;TL=0S`vD!}=2T8qZ>4Y|5~awR-*SWg{dh)>6+GR})|$EJ?;9&Z;}RpQIRl7||CMhE69{E)oM zM16Ncq~Y4?ioH>!U~bpTphE#@yY-c3*yemNUnk}C2J~5-wy(kI_qZ`Gh!pbi3iPY{ zowx0|Qo^J@-^MNil7e;AnWj^r1_=EK8;R#*;&ZrMmv>BCwl;+Cta{ABw-=<}L)>Tg z^l=HEhUyiqYQjpFDF6o4)OmCJamy<6DTek<^5)kEDt{~2xMp+B=XV?56L7W$dYacL zbA|aOj12j@ix2PZ{O$o4mvK>~8M$s$}b#sSmG#2y-@8ESI`}Oq|-glgveREgxFz zoP)Z-?{0ds|Uw43>-Zvcql~M&;3NNtw6d#M?tA0X=XS>lqLF0h227nIei}n@ph2QJ1^DHDj z-#_=N%r50<(#BJ?$%DSv0J z;A8W`NLn)GUqOGRWvUF->>|A^`J>VmJ`?1p%o5@!H$QdPt}D^;^CD zSXX&(6T^aY!9f{u{ zBvaiyShh6LqmQu`e9 z`5g9@;y%o7$36*)F#!1KEe|O(!hV~Tu!1HtK{L|wY&SVVG|mveDBoYI&g zODx=yh;+!qi|jA#XELF8*%#bH;}QVGW%*B-E;e<#L}SATCboMWL}EUa2;%eI-@QLp zYi|}A)853#0lR_~g-xFN6UVX)1z7cdzHae8_J7LNKaPLVg%G@z1dK4R$}Ogkq3b&0 zre2}eMy!;(62Td-Uv!_Y@M9&`^IhI$03hNYJJE^jvU{+CG$z=^q!_`Z5HA4P?;dCP zrIHPr>;CKBU~32S90+J8jBXRL_YR8rJm~z>)zp09DITGk--Crf$0skb20?J@gSg;f zr-$;J2Ix`YV?Qb5eLBeROtkP5nS8LFv?`M6Gw-<-h5e@M#C*b}bMlo0UmXwjYcJH_ zj6Z5u_5I)moHarDeH6j&CeBmZqEzH!o2vLkrMo+0eRzP zRyibU!+yuIj(zA!>p2r(K4#$H#)I!t@u0ri`T1}tXX{SydxRUf{0h?H85pguZJIy8 zP)L7w1?%0TieDNqknD9UMb`5Dkr!^Tgowp#2)<#?aB!Y{o3K56w&Ts^Pf!0gf9}P~ z9rAqRMPQBC;};SX!A?~PFp6`3 zqucV#ddW~Z2bB;k6l|THLk! zyc~NUCsw84$5LhX3c^y5Zr=T_j}*C3d!5l%uYF~kt^i$JpNk{gXBAHpJnc2yA89he z*iU}wk#ddsyWh^I!*NZZ=}RY>;98}mxP3~!El{^Q@^9~Vl9(xl$eVw(9b8mwmd-!( zV?JKCy2P|hv?2W80)zNvao;so-FNh|{Sy5x)0jBvKAu(XtysxA9`ex6u==kfq8Lae4y+&W6x;TAQdCMi{u1pnO$qFjz@Z#K-7+aU1V0fefSx}#^e5bt zNf40h+mdBq)ZY&(!n&*OVEo|7jI~G|r<1$Ch_B#@WO z%04~psgH{&k_r?f+JM9PxZUPW4j~D9!>sE_CYcnPga_f zds)!wi(Zb@XSH7CltEd$a^fv9(E!zTLWTDjkJ0x#mtAm*rKG;DP7l;Sn{4TF3Epr1 zMOhd3FzgC6_>egKUArKj+|J{z{z7~muuI{cAMqZfEr0WsW>JEF11t4nJAHiS^S(MlID?T}I|bx+#5&WKa#GrT{Sff|D`hfXiO0jif_h}nGnBz z-`2jab~G#oHT4IO4I)F9#%h&u1F zUjoK<`4_JhbTAx+z3sDR1Qd6N>I?Ef_-GeBdRQBHar9e;?Jxim^7ytM8{kw@A6}gn) zpI4Q#&Ew@oT;OMz!+7Lrtc^+b;TeRC5c67fC|n95bE-qDBag2wEB{L&Y7e~V%zDC> z?)m(foKbMic~_hh@0W88H0CqGSoUqQd3X(W9aX-cFwd-2-z0Kh>8Nqw)8Z)9E3I-U ze;(TjBwwd&xD#X>#f}Jc$P&4D<&v54H*{6zmkV}d$a~sHc$Nc%Qo#inbt=_-jJdh9 zH;ts>{eG)2urHQN z_-(Es_RJXL|t66^u!$-Y&WOq#i zU}W%R%YPh*?7AKAR#u&jbt{lJ?(==B&f@9@+Fjg&+DhN<=tH4-NS_CF<<eKg1;{Gb40s|T*T(2(QhgmP2w$M$wNxT+4K|$0)Bk^#=2g$zQh{ce< zl1n$;e*qFI@hFo^sVRxnu!KKiHB-sfk+%Jv$}hApH-~E0{Ik;Cx0%W`Ks5_aL@=Yr z0lIotV66FOl=>>1s`Djhj+4vW{A=}a$M4V70@kYQ+$C`EAy6iq8?d9NKF-~KVaAxJ z9V>oF&9y&O$#Zg&BC}viJ;wEGI)Vr&x`oDa+n%Hv_308Xo(`K5h<_zIfS|gsy6 z8WaX2ruk6S75!e@8zWr>UECvZIF`ONsog>unF3G;W_D*_Q!_*E0rqB&J*~f~y zk2gHG7c)pDxEsUiygWHzGYILM%)$Jc=DzjTCzd(*!$V|!r~x#tg|+6u(L#RQI%?rG zAcN4gcP(}DV&}oO^1bbAo)tY0?2Y^7=`?Pt>Ln{0mCaa2*N5{IzOD^scRuPziR0j9 zSC#Kng{7piUTJh?dwyN{U{Z#cJ|!|?Mwp_8*`!-*qad{x2DO%Z?q^?j z^>b$(MP^(%w?rTH+PbB28b!SaKx1~;{4Aa+{e3zQ(9-gVIn&kDf~8|{K}IjaEdow+ zpOez6AuZ`ZIIn6XD{?viGg>MrVG- zK>=L4>ohJoUze;np z`Ch6R{e_anb}+fYs=Y;pj6F>TH_`uigyjp{6OlH&RFL38sS%gbN~bReo{M#dgN3CJ z>1>Lf!J@MGUywBh1rk{4{bSySBN0Vp`_`ITgl zCSbjSv?nS_#(1`jf`Y0Z>JoOucx36bu4}yw^sz}6Qk#EK3{q>t`*2IcW~6K z0``-(TKR=CkM_N2sU7$?1=Ks^x1S{^}=@sm__P0$^>3%?wr->ts2R8@@r z5ex^m_E1NFmMozlxmBxWKGL`RN?QCHJ}_Zm(m3mn=%Kyo`e+y0erv>i;kk90n=lBO z^3M;uSafJu8M;?IOwSXWe67nFZUvQbh4=uam&h<{QAwIMly%)NtB<*dr>Ux-$9!_$ zDrf`ToplJ;tEBZf=WF!4zkCH8(Kigy3r}{DTZ$*?AvWPauni2sKht`nAmbhD{k&%w zDD7>L4<=?t-)@&UJR@xM;L+P`Tq2!Y|5+c5>zMq8K@PoPD&X|Xp`}3Gz00}=jh`++ z4<^79>}PT`gFY($B8op%Eo~bZ75Pl{;P&H8Pe70LekeUwBdUvdh`tx<_8AQMZQs6t zMtminP3Mqa(jwX{*xR44!-*LTI)7JB5dM}W*2wcIZ4m8ZYf>*|N|45?!ZK2isgivV zp7~Do?3PJ(F@YTqi^vdubblhXckz1rI(dj#?D4v7UV=C19}T-WP;6+_^5;h;V3`Ld zRxF~GBpZ?6-JI!{EI?|&WND&@U=d_8++sfIMXi2jE2-u$caRME@)=LgD)#`BQnuZ8 zky@|M04lw(>2tn4U*$1$r6KL3o=cf)h%We+A6lQnYW7kuheQ^Sk^#v?HRFH{b~4%e z08D%6wMw#`Og0iRXgkIjISfFQl#72lrFzAN6o!VEHdkI@=ZV#B9^U^A=>~a&>XMKc5(^E?TWp*y7MZ1mTH7O8iTzRG z7{oB(DB^8Q=IJHjn+m=TtL-@=o>*c*fF)0Gi!PZkUwC**!;rFodSS23AKsDw4pYHA z-_^vRX>NW;)ydw${m>1H&F*XY@}9UO{UORXx)!ziU0tzJ*&lz}&+I|wGS5S)|5N14 zd37}4BYI%cxzvlySG#jCZ%;m&d7>uGe95klq7ctX$1|f+0#hm~FyA|3?w#&touv9( zW`D8l9+BvXiz)i;dhO)CIK|HC5bc8k#-yi*v0w1LDW^Zjq;bcSNbJukw6Ri+=LDWCi0 z3n%EJqOQf@>ZnbaXWg-Rpw4b7>7k5&2k5_e(mO*P+Rx*VvFiPPj!});^1Um;X}30h zn)3N*(;P!jP(2`;S2x&adG?6!Hk>UuzTBJV*SdCBAL_LUz7&LJCOVPGn=AYz#fF-_ zk-8t&s(|<7$l~kBuOP7A1Uk)oX@WP)bIr9S0LIx75coYJ6Ad!*=6S&V6;mBtXJHxk zL@C$NqnABs_*%9UGY$RxJeqU-h3!p_@SmjPIit$-q#YJMgoMWVOqwfk4vc5(7uLQb z(PQg@l+k~<@Ch1xf9{6LT@e};n@gO4o6=uDXa@PgunMPR3sk;%yC~tMK~5>=@*xgi zkMG#E(4xq=f&Vn0P0fBr0HdDOh6u9P(P(mFqr>o3Nzez+LdZ;y(}vyzH1GFKi$ByJ?V&1;zj*ipvdt>4n$g@O z-6uZWx7_EC@N2Jh#5={2UHCLxuM8lRh6ztFZst*sf;;p)7ikzM8EGW2tH`pNfW z&YQ1G!BfYuEeR=F9sw86gSZ!nqf7;T!DqjB?JQK#OC0v7@qeH$XUs!RtDK=2NoHTb%XlV5GcB`S#N6e1BfN^8r2?SI{zYCU8*|3tKS?PqThQX zqUSol-pETIflB)O8qpJwm^$tv!Bs?D;pXKw6aSmjrrD!<)t=b>ezDu|k}tQtUvW?2 z(u_27e*IKM(HHG=o3M=JZ_|5j=^l03+fHH?+5Nw;f>(N=hy7kI;|>~Mey2id1?vifp9-FWm<9VN~+%@6?*` z)(nKH`;%7zH^#u%QO$V3|BGtNy`R9tcM*RX09Zp_zMjfqrbyrnxD3q9_E$o^!%+5N zlrQ^KF`ljxyA06Ix)Vjls4{i@jQO^OFwKa8F7eP66p)$W*$uX zNAG8R}#UBhyIPz4= z+x|W(<`kXB=P~Yjyx5fF)17`z&2>-<73xjLeL2a?d)FkNKW-C8@x?xuA63 z&r`n%b27T-kzzr-3eMbMQYL@O@&r&!1}9rD#-F?69*I<>jE|{aHxJk*{IX@*Q#)ms zZ5X)a*6^@Y3R^;`qYhGj4^&V!sATu+Y>Sk0_%k&x3BmI#XimBS8lQjYO}vEz-l>`L ztg;+gyq#1yc@OX?iy8Nhj%Db6-R0&&%iv3)-rSCFmu8JQd-sQy{T&H3>C;ahi@LyK(OZ(BV5sX z*V==-KSJseN;O$m%S_L~b;k7K8-b_DXb4x(fqa2MMP9b9MAq#^p7rYiYLL_wP6YW? z$8doLt_BmCJ@Bu`YYNO*N?C4yAsw0d@dqWcjhEh(vuxS5t`KH>G&3^Cf&-#8{wE=9 z-j3emYXv!Gj`%%otbFhs@?pMvA02^vl5io+(jAk~bvAnD&Lp|f14G>gf?#!tbXLSK zE4(9mn3Fi(qanz;jAxfGP!$ji6gzF@N-tn0<;9IibFK`=ua)F?;|(#QrGHk_o}J)(|>~}G3;6JNK*pTr~3!o;lZ36Zu|V>UX1jk z4=+Fr6eFYV;pqY^T0U)vUKMZ<&+ifpJ4rXD#Xwf9`AKH*x5HaPcF&{rIOl+v zZZuz-7@?wbf4?XW-d&{I;nk_7^ZIR(K^;1%Ccl1g5}D^%?>?;t4;bA}ZIyz^H4cBS z4LzL>x!|v2@}0E`2w!yBs*a%_IZz4q$_W;;vv*Z~Si^=-``4Laq)RH_{d|syB+pV} zSm@WMkco=hSHr=$tH+52?lB;5F;W|K%uxKkbsT*$D!}cAmi{5@nwg&x_O3y9tMYqA z46C_U*u&&3*H$te*sua}iu?T>{K_YTtVN#3`}eLxTRuiaoqOYTQJ?)MA)*>h;wUtR zJIZ$A)5|`e!wp)8sCw347w@ zDh-;4KyOf*<&F`V*+1{YpN);%@AS6~U*3e1K$K~GE%i@_b@c#)NA|dX^VicmG?0Q? zz0X&d;AgJvlleGbG=_S|rc(XLeav9zFiMwc%GJ2~*F;t0flJQsxw}s+cG)~y z|Fop6E8QLHPhnfF`p%@I^*u?>{rvpS3*J+&y1AHuQ9@-kDVxxI=hMC_^mBY}=yG37Z&&W>#~hs5zS(+taf?gP0P}pk&o7HXUcW;c7%%jc`P|B! za?*vK%;7`N*O<`!caNoR?ILuohBpgZ{B+Rv#)RWWmVMp`M~2h zv2p?3$cIyrKLJ&{zbQj&SaSHP#fc)jFx!KS3tx6Q$?Q?Ua2%flqDbr|Q^#v?bGsdG zGwdTYvvJwCx)9UBCF8ilU=nG4K;?6+pQtrW*8_jhBKhY%&S`p|k0>)8_XZgslet}O zpXZGxlUkc46(PQju=Gzc=VX+hd_S@A^R*me7+rezHa7rq_GZ8il@$Jn$=CD|^sRp36N9=3gXua1xBIQWwmE6t@8lNywS969w z8Ub@Aq|QW0|Ke~6ejf5`pP26=+4iva<`;uEF+tmnLn(IYmuxg64?V8}@%S=Q;s9zg*aoz2WKSeaVl^Anqge5QAE#g9$`6 zpmbhJ-s&nynp{vEqNb@3$u{A0GTS!+vt(B|T$c=t)P|XTOc4Kkc8;Y*E_2vEWVP|f zo4Ak2LgTp`415?TKPu8`K4mk(t;f+%A}1c%UWOP^5f0LtfY7ej+D4r>amsw!FKjw)2{9UKgvfW7_42T zf}|CNY-{`WANY6~{vEP|8Xzg4TCivwRfWJ5*%CFn)WV=p%i=iH7L(wf5ZlUtNz(TbKrCSgPS?j2Ketn+u z8-HVQeb2Ri;2#V+#IMVji?PZK#bds&9s?Z!bkdW=iXmY%a2FH}Q!`XQ^_%n~U;qHN zC|6ymNC2vF_Qb6BkO2Vcc$j72=5G5k`<`5s6`$cgh}GkD>Ewtu&gukfgddbQ`?u5P z(*3)AY-c&_J8r4)B^Hx?)Zr(2eUdJKt<0M^xfxpyaCxYWgIRmyIR#TtR?pL0wRy!g zk`u?(>8nopeXt{BVN3`9)Q5X>cIUtGwxG+Kw&B+&E@bPXciO67iQZ!-{RU^q5GNGz z)S7ah^2)4lQyL`skabHd?_jRJjG+-BeHlVFbGJTeNBZiGd?mBY&O}#xZ1)&nb12f# zi*u_R$p3deIw0g01JdthPSTA%1TnMoj~syX%Uz(Q&f1-RlbZWFC<81`E?Kge@#KF& zVIzDIYHkBtWaz8jPsa&2FL&J>GA)(`wA#;#@4=(kw7%D^EIwUcnJvcIYny)rsPJKp zND4?<;SQIMGsF{33b+C>`;_<)nG&f_<>9Z5!kC?Lnx10~g(v<6;|9A)3!PTFbG{i* zF@t>22X6K+Uat79ew3#${)y!68n9xH0@X~&;AnVW&{nhxHRWOfj9Kx#ufmik=Nl{| z@C$JIwZn<_Irr<`Q$x_2k~mU}b}B~*`aKzOfC>GK>h!|jj&86*KI;q-yHjE9+te!S z7xf68G&ze@`vjd(=rKY7tZ!>=v7q{nC0Wg>=as7x$Z63PB{y})`vud~>!GC%PLJ(b zJiVlSJx?9{4}Z4jekwYND1&rgiHUc1K3?-i#+I)>$)W=q-+%uVLhZN#tHHJ-LJA5n z^|9`#`cWf-2e1%KSLzncuF%G+$rvouaF_%bN?9_TF72&BON%)THn zSIpiU1`4izF!D}y?k28W&QL$R`P>+=WE>U0@KVWFI+ekB%T}+}#q+s7W{%Yza?*xa}QCmaV z>puI31bgl%#zJhl?za)mZ?AlKQfTH$6j|nNGMC|p?n@mj9!qwD^JyEjp#-VDM%|1S z>%(LoD|B}0{P5|(e zi6xe#3oAs$0ANW)S}jWAQtX4F(~747uQN?+Zc<;-kz7mnOTz%ce>=$Em<5O^CO=M~e)5=HgaS zgh?M^hz5`4;sp~8Xud1w4$a6V3rT%L66&tO+E2hS0b?^oqZkQIT2Ya#zEBiZjTIkb zgZAMBO#F|x`TIfNG7F}RYsekXll2>}zT!ixvYuD1Fihq|ykN@W`0)|@wpyI6FaBBA zI>qL6`U&~^z9PmAGEkJ$0IZX@g(5C1YS=^wvq#H#5$uBuP0|V7wV+m8U zr074lx_Kd)B4ixv2UWdEe&rR$^D}Quyz^ASbhplfZ_PdiEf|nEuxKiqK&! z0G!l;zQYvca6bLM({%+2hb{U7jzln?_WSCr_8&*5?)KBxD5R{a7$*e&u?qEfg>NQ4 zw|pI%zb@EQ2EirV2U+y^QvSyA-NDeJJ+%gx3Q@zA@Gj zPTHKMDl`d96Z9|rxdRFs@8JM^HLISb{^z~J%=MLRr)Kp4!PRj z0omW~?X6hfh*Hq<>bwd3w$BLDNRj2zynOpd=k+*nPl;5{K%nJ4FhcN$?OxEs!8zWv z{;hSrGO|WdFxACFw$gFzs}r0C?b0H3x~`}F0?e3XD%%VGPdQ06ey>7EFT#BCM@I+z znZ{rCKtuAAN7ApNI2MMp|Ko)VY=&+?KRH+P^AqQ=Lht-A6)>?8D`CcBs5S-MNQhia zLh#Lo^%Q~J2_0!q{>X0H!?1kwcGeY`I_z~O56mtFhwVMTVobUpu*^jWM=mf*Y%Z(e zYUyL;wm1mx_2WwYnv>ELXEXT~=mtJ|M}-*&2%(yFijEpV^0(8k-=~ttUA`+l({>iJgpB-Z zm4ic0BkDj1L!0Tfdze>ZJ}zHT`6ITP&{)Py0bl1#vIwEpZH#)@!lc zEblyBAW4QZaP>FQAhyfUd?5v_RD|?QLigd+g;;FWClpihL5sMiXp$hafRfn*1U>N- ztP#m4`liiKMD`@Mh^~A}RF50Ce{%GW5@6ky9iJp>mtO|`k&K|Qecn?YB*~2X?3euU zc+f60Ac5O%!@h1J0}wl2Ck@)&W0f2Qe0MYX8^C({51x``=!05vyVfH`Ou~a%-jMUJ z3y>REBP`r8hZ&N(zU0ZW2WiPKyplOmj$*NX_N&uskORWSTb>-{@OFcGpL=-8N~33c zEJOgCCDeG=J5>6Q6=)avF%Ch*i&&VmXAMs@F`(68W3!=%g=;+fg07yHQIoe9T zC$&b^0xm@+7l=oE7D9>-6!SV{Qmv$)EA$9;co>Otvw~b1=$OaSr3+t}UZ8~F)SjO6m8K@8!# zdk3IQ+vm(T?kH?PX$r>mjgjUm_3vMk_U8KWJ6(8`LkNa7q^gHa9i82-{=VYCDPE29 zehc4St_+8T{An+X-EYs$froq~vJXr`l@DDXo!*ii$}9$pnPkTk+HerK$A}gC1dGEL z%y?#Qn5K!-(c86OBwSljANMxvbTTd!)eOsIw$od8)N0S|Mj&w2{977n6=fkET_vZ1 zDPpz>tcs~-8Q~6*7R#F|-XILp9AA%Tscyy59rZuIH`on}A4C1_p$2{LiI#^iK;#m9 zOdOcJxuxq5m_58jCI&)Ykh*gDWFQBkiFklVU7PXXq7l~~0xW6R&u*Cl>@H{Xh@cvM4!AA9yt1X00AngDY

    v$N=pCa=dvkBF_0HaHgVKN9U2`&ip=Ph6w{$%(hn3UqG~s?) z;^48L=db54`4$%-po)So4t?CJ)+}z;zVH3SvZ>k<@ z-rSGqr8aep>YJ!3TX0-%;}#XjjZb!?-hWb#=I-0n=;vVehUzzSN9{So${NjOZ-4Z} zU|W&({{0KR^^$+*D8ia_<-79qQIx4o`|sKHvulzKm)DWbJ$uHge{zwq!|?VIzrb^D zj2b2oD-v{kFOOi^Hp6MvgqK;`Mj!I0({EH+>&wAwyYFZ z-eYjCS^FJPZ0R}sgK>WMq3iP+p1*ze^x!+j@>i$P!DsB~ryq-U_nON$4i3-o6&Q|t zqTegmH6B&K&J(sjosr*ZMWaJg|Jj^A)Zf20eu*xtP5)`z?`%`-V20Rmu%p5+7@?*-Et^hn{YJa#)XA@X}_~rn@g1i z_Ubk-?yZ^Kkrbg{ST@ud{0TSl6`Aeo+-`J^_1@OWKj!YsW-M=;yg2F3-p*3*_EEdm za?nL{3T)TAEkZjp&n-KwDUMVvy*@YD*<e$eo8A+M&zL$2%^~ zMApa-+@_1>i_3EZFRny+us}Kw9pCTWqvESi8uwzwP460heOtbcB&eQ>-mvJ2%sx<5 z?`8jt^+nOIl<}+;^yNeLZ_s7dcdX*z92fnvRPKzA*)n4aF8<)1AP5Zdc1%X{Zs^1)u^q^zg?Y68L z@%`uSt;PWZq4ZoJYqAoC8tu>nDAG7b?WJzCp!`_ND6J^%x>cpe3 zIlsI0O&OeL9XIgoiJ>m`3U%L)184<=l%+{emh8?c3id61gh^+8$+%xxy?HIS>-oR3 z;tsVUjtv2T;1j_Y|Zx z=rmyWuTHwV1xDwsBX1`C8e4j4R6*qQtBb0X(chNzQx9MkeeH2*ebSnxq_Gs+_2k5! zS>@SJ&bHk+f5_O+v=%3Y-P7+Le%-U=#*N<}U+7!wSp&wOrXLL4-QVEHw_2#8(9fBT zI}-&*@-RwHJK~tFKi+e-KlkNF%kucs<(c8vgSPd4(5t`ZMqXySU1!#Dk8roDylbi7 zM|}(G{RLAS;aMLosI~sGr@qQ-s7}--KU$1DkTob05%%E4_jpOzIzJ<>Tje;M9q&`4 zwvXDj{>OOlz7yj|jsN!jwjB1;?i~*^*xCTj8G39R@`_+0UBZ=~FW9+eh!s zNbSv*vh5@1CNi7yZ~dM-l(lJEeEOHS$9A;y^c}u;t0Qal&21;+B?Hq9>9-Ep@>dY^ zte36`GoN)S+}`_qub-9j`LZFml0wH%PWt#Vzr*L3Wlc`wy5F8q3)T77-c{!Y`{+lo z+uS`HwC=O}+8Y$>cM~#w{?|)4J{4%Ic3)iYxVwIGL3)KPnpVAccjqDMBlmZYX|t(( z)0`h8_D`AV+@d2HzJ8sK)(=zW`qqwJGh#qgHbCC1JOA74`Az&A&Q9q+{YT{+$qVId z-sk~Q+UiqTeLo#cue><@$gjCGH&v8w#1%e1S>|cg zOum^BzhtI&%%>GZuc{as%sTpf@qY4}Gm?$NP@6^^*gI-(;MSmWRpXzNDSL?p5Z_Kx@RiB!(LNuxz#T!{LTF%%0(x-4FA>n(w_2zLH|J1 zy~AVowd$u59iP(R13i6a>%KkqxyrAYn^77s@2}Z?DR`>)w5|TWsO6-UOGXR`$_8Y8 z%3b)b<(Zv%!S3Rj^T+E3jjL`qBe!eLh2Zs%4b}-3jBoL-uoP|g2>Fv4sBYV&;pKCQ zGva?sPIf5*P{4}Ar%Mj=bgJAEM3;~T+Xj1eNG>rx9{;w(W)OM zm(8CWj@*@2@k9M$kazoy*FA5y?R=*4MMdwDs`u&k&-4B^=v`F}_V0=BGH5?@F@8rv z5hia_Ou}Q_U%$H^M z~StPvt3%C<#u~n^2_bz&fB=`E|RtL8BK=2{A*P7 z!@7CJjR>bto<5N@{t)fTI{(meL*r`Yj(fw}6Kp4Bwt?g4AHwCvZWS1>?9@`DU*E6e zcxSiA1(taqot%-ox^Nq+>i)_C#)J-^I?tXK4^S%uhX}n!?DMDwf*V5{tINARaYy&%?4J@xQa!X zo~55UD2)#$pl&yn>{x=`lAzq4#;HBMbWWFnT?7>mUlaawI*So!cjOsIRI=Nzdx4>{aK7zTV!6 zq-lJ5>5iT2an*|sON_W^<;OnfR4ayWqBDD!ZQQf{{<53f_DuQNanByvv ze|8^!O!uqXp_`?R;vS48Y`1lK9-i}p+gj`|Kmn@320XR9WhYT@aP+PeT9nlk>|#~Ix@3u(uvHQI1} zSY{&qn;>!BmmxR$ENQc~c=nHxtr~P0GAS+cd(^%3$d0mlvRa$(FE9G_{SC9cdE?&O z^Yy2$?m2z4Ya`tu_r*8wpPuiVd&~2%=$-Os#i?evKABBU@h&n;%Bt=aCN^l<{f0Nb zZjR~hc%Zw*T<<{jHW?-&QTdmd;bu zt$zJd+2_3W$k&e_>g7y1spG#}Q@AfFH0k8~>%Y64H>D`=P7jS96z%t}MbCMuzkf%K z&T%($+xNaF*Mx4wbS2;K7yY%db|HUg)FXVhj@K666=&9N z-!in3(dX0ZtKpCR#$459yvvZUDBzA*6|WnyMekNV&${{z(jDz%c;3J7sm|P^`r^p% zU&~tH9mIF=gJ zfPbZFsOyIa<0`UO6)QR-X-CWIt#kf1#S{J~|K|=@w9*$|e#fZS9C9c%x^4Lx9wUunYs^V?P;xyw$qs=EGhP~uasO|9_XJuJ#BANN;z;qO-Z>g7W}FaP%!kI1Q! zShAhicht3>%C;3n# z)`U+yXuq$pjEf3Yw+p=aCCw}!`|IY|f1kdG4jCuq($*=JEsJjs?%6>%qNL}#v7zOM zLt|@gnKLT;Sz_hEpG0Dfe?r!>1h_`a4!k|H9FEn0d%9!ri{+id`J<{|UscAcy}z%; z%wt|lh-)y5jZ6MHoX$v6cvZ`n$tPCF7oO$iuQ*12uw_Tl`;7B9Crxhhvim<7yNTJ| zhoPFXZ#!OMkW5&sdywFIb$-{y{C~2h`&&S6w(t3AZ9h-dy_!1jLc(`A)eqW#roU^= zvaWE1v!icskAf>5sw8>hR>gln{omd&6LQ-BoL~!2JNW7aiyFRpRloS=z-PEuI)~&*-=(SH7S|NF4<7z30w4JD=`XpT!p#D+ahb3^>KD zC4ebItVm;I1=aia3VJhAe=#p{j^p0WlES~vU!HrkZHq5^B34q`n2T+19KQp}{H;*% z*qhgCN24~iz?D9BhEqNTzLVc$X88{tjP$+v_#a=y?#8YA%pceKZSsPIw-<;0W<9^O z%30a0_-2n0hZfc;T3Dm_%dEJ9NhxrT{Av+9R8|gC2RHPsbbEuF-AW3>Z}J$k+n-*? zUGVs3zP=XeTwebrd-!#u<=;NNObS+Bn~Swx>AE9WQg{8&4roKh-NLZ2WOkzi{ImCt zq^F!+kg~w{e{I}pfXsEjsDI0zg1~|Ci^IKOAr*Kl80>jHW?vt- zE`IpznQiAzpw<^4+`#Iu;|}{HKD80|_phIy?w_8UG|zT@GyD8vobl31GFo@C{*1OM%Ngx< znJ*?!uGcINXTQOET$;1acs8$nZ(K^s=%V?_BM+8NYto@RBQyTWdVYsZ@-2CdJK%Yv z4#$#e|CM%|^yN|UtSg72e)R$0x~}hMj{W@R{*JiHA>+QW4hCL4KDP*iwq5IWdMRmF zzmW%JpR3AWmMx9`ZrXWJuML7_bL+=-vkZnT{{qNZJzv;maIDpspBo*oZsw!Yf2BpM ztCk_j=&uhkr&|oY`YsRl_0O;GY#7IQ9RI5F`j(z8d+;s|xPK_R=ELM7sXtZkks-tL^tCM+SzgN>5C0_URxjr(w6X}!F9DsRP*k%ARNw$+*} zyVHZec%y|}+4XMrGq_i_l#*vAY)k+3b;HarxA)kSl-o!AdRp5_xp}$Sh%$&T)cLxp zhsJ$Z)NS{E@@{>`gY6>=>%1tc+o+A~)-Ba+L1i+)zScirKKEG+Q03vTD@ zrxy()j{mX${oXyJA0D6jfja3~iu3mFZ}00mA57(*ncq9uI6m=dy_8{Z9go^)9+qwp z%K0g&v;J(kN$EWAvY~jzZ)U(G^YV0zd-z?T-^sUph*0fse6Gtje&DmkkO^1X_?ukLs z_Zc}ehZh*wx&2v<42{-7#NTIE^UiCA6@fk4+AY(P(D3%Gc+_e}(&fLpEzc&=1aYX6 z0TNcy>IJM-^u6^?Hn?ot-2hec&6+VUiW07yCUf83%}$|WTeoOBai8or7>F&CX1se^ znnOJ`2cM9i_oaAd>$5vLtlxBPf3y3wmG%2Htn4k@n0=vUw@ul`t&^vHArFfyuG^u0 z>bIJt>8ZLy8S5w2-ahrqBMog{!qSbkuQY2{as<`0q*1-nH%m!=q#7~)!*p5XT+1Tm zDoWi=s{GY^>&{@-4A&==jIkf#l_@6I>-Ib{YWbk(>Xf0)Kb=~-avbeP!tY+$rp!(L zXBQq-R3yT}%Xxlz&C5@bzxLHwr~exZ&<@q~w6N1&dab=sD8F+dGfaef`^|}|>RfJ| zXLsp`jhP1y%Q`;wBS)VZSsV);coECq+ z(dvsuMMdLBPm54f6CSZ@GbT1ChuS2M*q9@u#V2gZPN0z!hGkPeOtSPkxf6DXKHi$G z{itb{c1ySkbvqQy&e*>0+p!us*Xgs`Z0fGqF>2)07Gf{=NAsFE&M;lt^GgX|A5QP` zaqc3F**5>80JSC=wDf7~T3b zA~EX3$Bo`P2RA!Dv2w;n^kcmH-XTp-T9X$?*5{1adX+AV&mnIuq)(i0D$OQeU3@1B<%m8Vxc1;yyB4X5 zV|K(R2IJ$%G*6RTQ#OwI+2ck$bz}3^j6T~EN^Tan*G&#?Vx<>P<7ZTE*X-fcjel`T zHOsN~H6<&@*XS#y6YG0%HJ=OV9IPhud5_i8hW`GsYi9e$@sqMX9se?b*31c;ri|Xg zJ~zRy8r{fyLNkJ9sNGV3_1B^|9A^gVn|;&x-BW`{Fs5_aZ;HMPzSll|@>BfiVLx~m z%Zh<8_e{faKVcWc<=$?tcNnJ5_inud-?e#t;|h9>QN4yu>EEE&mxt?W;ZN1-`Ia*D zT|w=3O;faxSWFzg&vpIW#0e+kUtLb`S9e%?bM17jH1q3aR;}$w zSa|zG#k<36;>Z4IHTHFl+AY;vnJ50j-R%C?kq3$ATp(v9B=l;|+*(cRgSwHB*f6tx(v=18f@$eDwyOK2 zWXnpMG#sCtaHn~ftF=%k+bdX|8r~*%$`GuMx85sRtV(OrE$gFp&9J$*_d2)yoG?Po zS%-h!rQ5crar(8MM4NTfcv|oLU-8x2AI&AS;)H^{FN=m6Sk#h*`O7E2ChmeMi1z{wt#kelt-|4ez>2t8{-rxI@ct#ui#y7(JToH9jUk=n{ocg(%? zAMcpyAL>oL zO+H|px3RM`*L1z!A;r_&h%acm_3N>xq>>w=N4V|}h~QqI$~W*s5K7;vIeXv!x)YDm z+8pVq-yqeOcl|YsRWGYkzN}Y?3-$Wd+Pa7r5p8|*N5f4;C4ytkTWxjIWgnKfi}Fi5 zULH*I$Gw|!>0xL6yxwWeF3U3dXEmTSOvYy(|0d?vjpJ_JK<`wdsaV;g<3Ls7>KSXs z?R;6Vr+9bz#B%+n@mpun3oTaz`u^99{f9bc8aG{x)U0v21SNSe>2r2LXVtMmkBl{* zHmPn`x0*5}U)^TNvr9v-%|1YGkIg!9e6jwjZbq}!<;~?=_4x8(XP1v(bZ_#rdKc?| z%XmKE+Y~c;=d)(jiT)a8tA~E>_>hU(`?=?|vYZL}`Wxd1uJ3b$QtNY^s-R%UIKunn z79MS_i8K0LY5tB&k`To^hcrFXQD+{Gtf%Ai&Tp^Fe!x9REIkvg*&xyj?(yk@e$$^6 z)G7MbY{xOxzW`tzIY-;)(7V@sag9}easbgmq@qI4u{+Uik=Q+F#u&ognXn&iTR&^r zry4N#%@)#{POQT^`l)`Mq!QKiX=`}RaieyQnOJqQy{f_HA!Uh2JLeqz4gSMdZ1#lL z;N$JZRCMb8HVJ+kO_@_Y7eG=I>LQ1X*PdQJxUfn!Gb2BLVzc6fbLJsHl(CiPd?Svr zAq-d=P!k%Y2_QeR;SZQ*(!^n7AZaw*^Q%{AG_K*}_`)JhpUn7rC%WgKX%10bQ`EJI z_$lX0&xP;q-C(}?sa*%*qRt--!oi1ndf>Q+By?|H00)t9cFDG!8Vw>1kY&Tn8c~#X ztIG_;hF7g?rB8_tJLFi{N*}kBoVnsVxZ^i*--&tkneh*ACfXa}Kb`P$o}9_OI{eY8 zIVq}=iMuAh?tfF>iom>Mcw1K}T?k=1e2>WmN0*S(hz+<6ctZR$9D zxM!>Q{o~Vh2R^JIu1jgHr!DmcT6~-IVO9TJh*m1UUTS_TrPIF4e`T#Wjtcjdtlb&< z;!5vSeDn2&?AjhAGeTIB8d?CCY;b*|#?Wcxim@U?%HXLJ3TM7s!<@60yCAuJC;qYl zdp^Fn%Dl3U+Y^GN%e@@yIJtqDo@-z(?#N;U*WHcc^WfHUiqgKW1%E!4m7kD-xW;pn zxRvY2LSjB=pZh*%lVqI%cKQ~HjLaHurZ>;)KU{H9T(SoOD+Re^NL@?M^j|;Fo(D%S zUQm|o`TqI!)uI&5Zr1mE2mEIB;n<$eab>Hh^)@NCEzUZ&_#4D%N#N)&fa7}U`bMnX zKDcy1kTW$1G27h!!}0muOEMPL3ycHvzPk%}d-GcNRg^-cWPE*l&*JT~>jx*+s$1t- zpNg&304w1_sdpVr=b3gDM{&f@O^p!bv|m?pIEgbq8ywYHJ9g|C{;QWbv)p(4rj>vI zsVYwE%OKDnv0%a)`VF{5$)wNcS~l3fCcXlDc2eC&wzYeLFK-l#t#(bkc5lCz3c+EI zw#g&1bNebQ1LR@;Cufqt@6Oq6y~;V2)hWsU^c<2C=M$#wZm$~z5hr_Y_Zg!(A0V(w zvR+x+{`%}T{WTM+tDj${N_W1i*P`j=62a%2J8C%RbRY;u9U0%h1K#nr`pYW_uFfn- zNdb>C_wE6|ePBk{>dNcfsqMaZyn7^l^rd?C%7MPe8CC0>^`4gb?A#)$WF2SSlKNFQ z^QqtK#ZBG1gqeA2PM00LS_g|p9~lpcQk8KED&c1bv9&(2WMh8%miUn_lhDem*FWk}W{`uS!Ua$*aT z{^fWjH_GbtfmN%jS4qYs%CEQgp(4yt{wuVuv~LwZQA z++IN4CIFtV#0{v6K2O~ji(-`02j%&38bm&k*C+;lhfz{Dno){tA{gsfr|6k%-XMT9 z#+}Wgs*1rkpyv~Kcec#w=YyzkM^eMau1uexrz|`#S^*fjP+B#(jR6@4K6N$&kg=Wz zODVE6Z^KpZ)n=*^`70%Om>1M&yzyR1cvL}bvb_SURbMI;IUq;B>!88Lg40SnJhN3}IoIa?|n6i&>^K$7Mx>^^yRdqHZu#Y%lv#F-3Els8hD~ zVOqp4C{BfzXlzClIrVFb6e|TSy8fm?R=VQ8|2ah3E-Yc=G=Zmvb_m@Yk`r*HC(0wQ z@VYA&deuGwxjm)m23dF*@Ye;KbBCjl^VjxC@FTcKrye5b7Y1<4vWoEos?k?^|Ecs= zs^=%*F|6~^=Jxqe7X5Ie1&zO+NWL*_7ByOlM=X00!j(jHBBO_&b>BwTnCELDc=?Cl z+>C(GnZHHu!CEeI%~2J44Rczks$@^_pieOph;+!=dZJM@!fcZqK@QE9Txi`vJ2k&T zbJVD1X|1BIcyxxm0>f7$L}SskWKzS^tOs{1lxpaPOd9WfBYQ>~P&ya}rl+cT$`GaI zIWE!;Y23{<1G!JcjRo7GT-@iyQhU!sgPE~9F?!={PP>0_Vl^i>w^mp-54aH=z$!#3 z^X0bb9!KDDD*Of2H|;N>kh}X>#T|-+%;57`fhJ1{eo%XZ z;b>%k(<_qoZ|LXA+e!?)26c&`k}%p(N~AK+1m$y7k@+uJvz1R>WtBgTpJGPgSIvwF zP#eXRl?-a3qTHM3gZn>y`vAbAbmQnmYghO!x>7>oRi6VI7;S7=6jFluP`OyK1$FSs zt{t+_dFI$9KHNTZJO8z7RF#CkZRH><=^iF>4QBHG6F$jJDN{+_d?p3!4LxHj<#>5^ zcv*=5^&#T6McxVc^XTzzEhrLJ2YPf(P{Z$JZ~m$zY`Z-qG5|*xYLH4%cF}p{he7gm z8(KizYY;j4y3_o8w>``-;lA3iZ!CG#=sKv^Umqz$n`kzis`wz};1zU4@GuL+xUJp# zcOTov8~p1J3A_PxG3fLcfz?AtN$eFxA zYUTso1qc64N@jFDi9poR-}oDvQNn+8JyD42nJWIIDF&-3KMyMqtUR-&j7g9HtfLlea@Eln7xI)&4U)XlaTTt?S`?bX_oMSiXtUV zoKLx5ti8q`)sstN*4Zx>3E#i(A|d1W!LX7zy!XAO83Uz;|C4 z9doVT;(bf9S#|tkRteh}WKNq&BLlLSqp`u!+= z{14m*8DUoEES3JzefX`NR@LNQLbA2t+63--D<u3P#tS((=jRSOhMzcrsdMpjl_Ax7!^bZWo<(Nm}if0u2=I_=nHn z)_EM(9^RrH0q2OQ>V3j1@kbFe_Ck7_T;Mva00HDX_Im08trI1JUrzsUibZK@G|6u7 z&!L?`)vgcuUuA3!=11{&IOA1|OQk(NsAs$Zyv!n^O%@l-r!)V}mxmZ`$21)5nO}2= zoTv~x+3wNVIC5b(I>ao*K2Z$#+E6-;F$_q#zZB=ggkezCdz^9-j1g<1f~jEK>{t~bqd8h%TbbVi->;*f z$IvGCf?$BexYB&H?I+VQ(XB%|N&+wwd;+H5ZrA|yy)!D~CIMhHQq^yP#rX;h@@;Cpv5jtU@!67J>FL15 ztCD$Lp4BSEFdE6dCFTXX>evtJIVymWS_GQpJ;0Bwwy->kSk&};Y4s)sjOEEh^-J=< z9$;jg03@+rWKNRf zyZ>7Q)nwl$Zb*(Ni%q)V<8Isio27Gcxhw-HqjR7W4>Fjs##u<=<~Wam?#H4x{ZYh~ zz5+R$%84F3C%RnJX_E}x>st!`C|VZ%nK}mpBhS7+Mqn6bh3Dvb@k1zsG`MwoOD=Ec zYju;y_p?W`swHbRM?v8E=~fb~^YJ*djegvs<#Vy$m14RJ)eQ0#!p(=v)wlxyMe}uW zwCXuneA!RF3EB2pSFsPe%_9J;uruSj$Vy6&lim25E$d}}T>Bh*iqGMOW?1k|fsF$^ z>{yFAJ=evtG6@0ut{dTGEMd`+=9^?Ay|Tb`P)~=Y5LKlr?D2ki%G@(Us`DVld=nB~ z3M8WQ6hS@+v}!W_WPxpxiUQECnBoRKicIOLT43++L{mmoQ8jwuV|aZWLhvISqs1&B z(O;hWV+!3oOVUIc1w>EClfR)$T5-#O#^7&v<|g-y@|7tO zJE@M*@i_E=5ZlzvF6|cq3u@ZSd*mlrm+21UbRR#pL+m0qgi2u`*f~pafcdY-3IYSs zz4?U@JkI<&o6Pw2^q9w4EnLSPX}+mF;xJ;$i5B_&r-S(ZJP&+eu9$A5h(R)?bl@wV z^#k``x4=o$J))Cw=rPnVn2Zi-aMJU7@9#$7q^XwU40)g0#lSvY?fsp09QS*6Tp%4O zhM#2V!S(7g%Ft~+e>+llFt@5xWG75 za&CFD{M~7}Cb$YAW|;cb;OHIzxFnXj*ZXR*hn{HS=%gkdlV(F;oM8X`{q5(5 z=);Y1)%DS0OvUqJjzW_f)O|{Tvx9=2BpGZ1s(Ff0o687?9EMf|NbIUzSDvOxc$Rm( z+{%L4b^f+C2B35jApBHnZGYxFOxFom4bV@v1hnKoNfY?Nr-3TVf*UJ=-4yH|sU#tS zU=s)~REHC%lU3ZqQlj{K7cTAf_nlU`p&sBt9jM!Ynq3vt)k~nnA!mO||8b)$OX9QJ z>JQnak)J)FW-I`x9#<#KxG@$}_$Hfn&A=Hxvv}#UppOPpYF!ttjjaYUHpZVso6S*FWxxW9b+l*Xj5OQee&cS7w$sj3IPl?_tO`3{8Fw^uqRAs-T1~P>Nxk zs*}1D$kuaZ{Nl1iP|1)_nsK+1QTlbg;wB(EizMOKs~ezh#Lm2Jw?ZiQ;9pjC;O2z+ z!0-ok*#2^V0$2@z)K<$6xV~}$m~B)^@Nstn`=wXV2-xnIzyQ*Aqnp4NFiJXPfz`yt zNvJ8s(7hS= zh_N3omhdoExd><$CZ83u8+$TVZuD`eU%%ECIC4CN%V>r{Amf{?Gz$iaJYERl+*=N( z={hxHda--T1)%5|#-l0MDvoDvYniUG$QD5iIo$zo9%O9r4f*ML;P&f?ylGdx#azB-5-|v`c=2 znb_>jGYkuy?)cTT6+6lP!1r+dXZ(FNT8z%@VdXty^iX^2yag3E!S$DJs?RapbpF)BYp$*so;@!2gTeFmVz>=IFb}9_b$mL%K1lM@J2+7Ok>I~yX42)`y%DOo)|%Sq!>sF z9o7Z>Yru2I^app=vP2xxG4y=%)tTLw*QeD4oCVmF1KUZC|V*mtyQ$fClE-ru7-?PLlVE&3Rz;?VH& z?)X9sv8IEd z$X!4V3OyhsCN*CuAgreR`{pKnlodId5njVCGnRQHP@nt3gWsf(>$XH$jSmZ=e4j)@ z(NtVoKR9ICr2(KO>;D>T`3miXAVQ{)iW7?nlRe(xqt%n9Psc`?JepGvQlgbcpLg z!927x*EFJv_OLDaV^pT*dFdIV9JiQ(N9JI=-?~LNTr6jnR=1JZe>^oBdy}sa5}9Z_ z{1r&2SKJdThtFpAia>Gf)Y^@++Kv{{+Q=UeYe*w;HA92R5lG=&KP1EegUmpS zVxRA0?+RZxe1XVYKsz~NVO_HT&t05$YWZ0q`4ZPpcQXnSV~Zr!a8e?H&&Q&gPTpHS9CN`Zz@@Myo$o`4;bNk-L*g z^FzkjFKp^evm+1EiRf99*IWFSa-RT`REEOHgorgMeHNQ+pgI|?!~V~ zLj@imr2jmh*J-M-iqee#V1di2bvi<4p~DLZiv_X5O`DOP2($03j(w?Dh1~pbG^|b+ z@s>#2P!IKerLTBne`>r4`fGhGNtrCze{vz*e5OesU)<9x=Vcz{$H`|N<%T>)_xqDL z;O5un-#t0hm(#${ zUw-*0NLlU%+2k~k$Ed&+$aBL|UMgEE9#CyaKow&xk-87fXMmtG||k#HD5Wd#_2>tfs#yaggg}j5*MSq%2?+a!tUTA8gmqfC-4{4K9EQ4%8|lw zNTFfvPy&?CUq1y+&&`SVoIjOw6kigxL&!7~;>o0x^gcUgRr{U%H3NE2JdP_N>mLs* zIwSG&jaXdn!0QT36y3&6&3nFUO00gi2@?8K5IPi)uPvY5+B+;6LO|7{j=Grv%U8&V zglBWI*b>2sDej|8YNp~L3p7A(l<6@|ifA;%+oTa;Vi913!0XQQP@*6cpOE|Zvjal5 zP!_qOJgZ5?hRDW_7uX*pXCL|?M0*kQ74ZcdV^Gm7*RaDlVM|j5^zUXj7PJ8sKn##I zpZ)w;G&CF19gtX+mHs%6tG2)}PefD3lXkb;M1df&f{*({OcKWsq9pK-57K^!mPo6R zZdr|8b@12tfzpMXSitCwEfUQJnZ|4GZ)ebb-iQmH-2^`v#*Vo0Qtj@6W#5@PIny&Z zHNr61M3Rgxr~VMhLo1;R40N#IyAH9!%?XPKK}MRN{M5y(d^3)0PD9_4-?tY_o2`hv z!rok8i={-wxiCodlw?Uq@6(|eoZbV6S=lbhG9V5h;F zkytYQ#3hB}1M?kc#zu>T&FMt#w(M0 zTLM2VU5BGGm)lBhrGofEq>` z=TH28y21TpGly=SeVR)f;q81=`L5kRH;UVIKcm#zQFt67#N+Z4WZsIl@Ua8)J9S5d z?)rbsiW&I%c@?jRnEGy_GXM|g$H&uub2zRn4OU6O2SsSV-W< zNO&$w3vU+p?a!qNg13)XQw0}$K4>I?#;O|)b8BA*l}mAQ#sq&390d!liE84GgB!ko z^~?OPS5v@r^=Y;FIt1gWB`AY7BC(zHBn@ocH_KY`L4tE)dDq;wR3{8lks+wPOy9t2 z;&)lATN3c?qE-`T#g*oJP@)ihSDtaEnG<+rEA>$D^5#RXuB~3`#kF8xfwj+h^ROia4PZ4CY z#?tnw?J#|zE?1P15ekl8#U<$almc^aH2WT+A?s++)X;%f%^p$Z%_Z#r@~akCZkz$0 zb1yVUlNgFVb~H|aIR804AF>m4DQSNitJ~rA?Tvf<(aOx;_7+`nJYP_=*mRXkT)7%! zqgTSLr_VK?_v;;!F9913nNl@6VZeXda@ASeJKXr{MOxKyCJ#jTVRPhNqjmT5L~`+Z z8=_06f@KEm%h#b0^+{*BKlh1Wdrr)sZQ^bF80n#)_OW*r7M|U+iern7l(CMBKtp9 zw#IAt9Bmfs@h;8EXl_Gs52 z5wcJcE^}1W;NQIwp`o-1OQO>k05EdXK`1WK)x^nPFIh=S~U3p9$n^EOk zQpd?$3=_tky)@mWktjX(n{l>I_IU!KPBE{{%fCZ4=KI4n*Bp-%nG13tqP(e(wtv;H z?^ORKYe{M_I`3Uiqp;koL*)E4<3h(ixo8tN|4H0LZ2o#>oelK2YPg!#yd-r~c!@fT ztJVen-;5531El34b&1x9`d?`GcY~iJCLs%~PnZkVg(>U@f?d3(6={Bz$NjP^m0x%6 zgyp~##|Vp;XX+R(%;|Kiv{6R53aLNd7g%IVrpq}RH_D>m%d@q;J;i{NbFlqFo?Rt6 zH)kNhNZ7B@P|{g9#aws)be(H3KJWZ@53o}IDT3xJE1@77c`0L*3P`BM#Jin}mMcvg zp}B+`CceO@*B(K&@rmo^SEfm>30Yd)Aszam;MM%y+Q75hyJ4@Ho5ma8F_CKJubP|S zAbHP#M-$yte|sxeZRBcUpQ7{`^;n0wD{sCbT_=<5EGnu2)$olPg%Tb>kCSOA(bY2v zpqg>Dc@BFoq@Od6)dl;TH;LsBHC6=m2TSc!jfy#3HcJgw);c^xm9ceffFj_6?3E?F z+4nL+hgz0Sb|73noVSC-KzL5qxd2qlN*b~2wm!E_? ze;^2DRU6Cn-$Wm=8bLAC7E`R})T*A!U`|={KnLl;*^QR{> zKDy+r*BW_$3{v`bBT2ukBLUtSJ5{d$af^IBfT7=Kn0#gor5mi8;9 z3;yEr9um-uo=|>&R3nTwVt*1FbKQa#tE9AD@IGuu!p9C@^rq^{WW{wqUYEHx zZ;cz|xjh25bt>Kzk}sraWZKx5YCMhOOHh3Jiicd}NG=2i*W@iF`^A+~nrLp$Hu<#8 zh5c^#^~XYn=xMiS0> z>1AGO<{HjQpjxFENC)veuFYLYIjdGGnD#rW!H zZt95Llr0s9K3)%kj_8ldK?=6!rX4h$!p=JD*ZoLmMd#4_4wl~=*V3`xu%x0r?767b z88Jp%<(TyXY{^bYj-P|#6QXCRDnTLX9JHs+`>%_6rYUCw3oFX2m1dR}8MhjOrKDkh z%_~<9I^voAUU~x{4%6J@lf$!0iGYb$zYhe5(+72Qu3n$UH*26;LKs2Mr~lB2G6w8e zpVytKLkD6X0#!^8St5dk9P+*BIAfAM3hEAJ z<2T&ZQBkLDgGB{{T)xYr7mPd=-&XE=Y>M)p(E9+FrN6Q1DN^Gv&H4NoQTSbn^0`Qn z1wd~$Kgb;{fALl{9Da2jDqN-;K&Oejq3YaDd4=OCYk(C+B=LfdE*aO8iC$YqZ!R+@4*a$Ij+Mi!DF|Pz!#2p7g}{eH>9fhkbYg)oS_ zC^TPR`F?cjwfIQ@r6 zc(g`ac`q=)ct*^N>7)7w<%od=VPF8D^gr{;?0EqMpURynZtvin51Agh?#~e2h zh^VUlgvNxQnK0nQbQIKPoYVk6I|3-+|56baaG>dG!oa_AwN7)!0v28G;s$AjZMy*c za`41d!PNQb&i{}EQd7mii=EDYrKU{3c6i@a?O6QV)$Jm?={kog z;;U#pPEep4WVS}ih<&I78ZRGuiUFbRAMb-P+PMN}pq-E92|#+ zh5%&=0kCtqPqg5`O-2#>)Xm9H?B9^iK;dz~V|nle+^{CV4$J8NyiK`HYLXcv`D*@Q z_+8%gmd-m?>whFI6r6_Mo*(aQXgo!(7OLkM0|!oi=ff7o)xqiT)`AV+8>p5$}U6a1Ltuce+$6Yhd57tU0$jY=)(9l>>1$7CJ zO%Bo{z#VMlXccQd2Ee8T5ON7v_E3rgKTf8!pZ-*h4NI&;B2X5UK){R1I>dl}BA!Q2 zpjhuy;cTP_PdI!LREb)4NO}wU;-4~?2MH=nIIn=YYVYjO4#NnvRHYR%lh6n#(7cnW zr(OU^VRJK2AZxHZ;KM8~PIkF^y<|<1@Q{(=`WNMf#dGparqQQ2dc|Frl`$-l<)e+U zGGQOWFKF+6QmdNDdS}F?6X0l;0D2cxsA;e+V@wZO0xU!iML;s25f@U-z{l|~GmZet z2czS*nQi%jK7;HK07$!~gN`$zn&}pYJxm z^J2Mplr$5#H{_WWkne_m`5dm>Sdfz6CKDLL7Im1?vMdE84aOfB6(KhYgl>F9v_j8l zgm_~|>BU{FeF1AYj>pq{3qAmpegsSy@o9~kf&%x8(pC1E6UN++q}DZbi4ac!8oqx0 z8Z;%~CYSPY1NV!%*z1Me1vrW0!A%%8@TlYt*(mcf{{c$EpHUBnRsd7i11L7_mr>?? zXy4=Q!vw3pt%SEdrfcq=+=ik*p0QkNU9*uSLmi4DtRmw)8hpcqWB+?UjgmThA zze$DYqd5x}@H=zEO8EvH5T-ZRuYuU}qW^<8m;1v(BID$Fwj0?Djam=&fH*qh9FQ&y zmwB|NVAx1o`xKSGVFWQ!PEUW?D1c$JA~fGz-2?P&boub_L+5?ow=9;SBBXzT*yWeP z`j7YWnx&vAJC@?&SR>FGE57#g6BfR^kx1tJD3N-+Gn}GxZYfNX**tue2Zw0rITFs? zK*~Wmir=bOvIP{eOY^P4{)hAW3XX9v9JtWPy`$Bk?;vAUrW3)rLx+M2&uF$!c+mu+ zW0{G=!`kKU_Y-O+gT=XaZ0QPDG{P7RcUatMG#tCQS*H#0)W#t|N2=C|yY?sxB13Q$ zo#>*l5!YjHOe(GvLJuPgBW5U>Qk|hvm^E zDFUha1_xiL1EQf#smwA~#;i?K9q!&8`wK|&tRre|yaD4}&V<%CFFnr!8!+{76gL;I?(zU5OIeay~(^IHS6y{ z?szD}0ViJlA}gUt&=mI|s>Uw=FCxoZnKHsz`PoZ4*7+bnB{PZ@I|{J^QN(?q-VjSJ z4abo*LRGz>ic?YW@Asq@X`dja?}BTlLEU5Fr8#AQhA$@yyNCG2KWq^tWU{ap1YzkR zgobgvXHW=-)*%Pd8OJS<@byO#B4g6>E};Ka0l7DzOPgTeapEeC)m2Cx3Io#A+=%|B z*oLU{s%`3c+sCM?Tab-1=1_UZb%Bf5-T*!-0j8la1x1l&< zHI(&J`OOaIbXibcyko!9ccxG~i0@^?FkTx>$l zN3wHq`cX$uRG*onjB=_BgmcT02f6pwQ9jUX@O|BBdmBS!^_wU%wobxZc=y*sz0%9q z(7iYCIL1^LEZ>l|c3v=RI(>xDU5YXY8b{yrz46rxA@!+XWqGML|nVcCJdd-H*%0Qj59|i8Y{et+IQV5L5ao%Vxkknoy4EO@&Vw;*uYxwB#p)YaR<~< z5ZNngxMB?rXKTyV*+)mm4ms>{1u&E0~lbhI!cGQS>hnX7cx!h`$K-EZgEc7 zhyy_E%CTctMa-k?0`<~&-E&b&jH?9rh_6c8eRcpPyPnonuKQ|JE0loh;Pu)(ABfcV z`_6!w;UDcBP=&&oh`@y_VH{LSyFdr+gBFPPsy?=6qc5hE@qdkBS}X=K^#;|@r!5Q; z9*H0YR*j(K+}tqapRq*lg2;IYVWpoAaSe5r7B(i<_2qfN@78agM7jW^2&%wWAKauD z;ath`^5(zyPs)#x8r}Klq*Aa!zovZ~YKe~Dv7xze4W1gsu~L-WAuZLL6q z9rfVVOrpjeI9S}U9*hgw3W{-L0BMh{@MqBQpa=MP7C}1gaAb^$=H04HqCn*A?B!0$zUnkZE=S{hRpleCo-ZbhEXCQY2gjHzWl6Js;l91 zu=?IgZyfXkFyT5mJF}I#dFxIr@bItB@jBnJZ~j5Nd;@m(8OcBcF=#yjR{k!2>jTWJ zV?>i3;88Go{boXn{1pW@6pALT2I(tC0aXBu9>77U-Q@`UI|r}L@kYQc=D+&g7B6V^ zl#0EJ)4~bZXD~+bpv3-ExcsX^c)J&nWayKGNC30YFfhSS0_Qo<-8_nBlHmioDxIK5 zMqqYyG(tw-GvEmh$cL3W%rzTzTwGnAb9u*_8J+{ZkqQv&2$y{UIuC!r2uf=_CLDTm zqSFv-=CXRjFD_hjt1P)Kq`sp>r*C7^3mNFl8*P7bC7CLi4Sg1InCb%aw+Qy97p|D* z4}Iyvs-g6-+kb~|yv`7^VV0Jbj_20lW4L`5nL>>8$|JH{=^$MI?F=~N`#Qjeg|Ywi zcmoCK7210NO=L;f+Bx$M_OnF$IVYNs81I2Gt0^()A$cEUDSWD0z;=u}VR-KZXi~jpy&8vcp?mzGXIX_-VK7>ia;|Zwe3fl;WWZfvpOn|W_ zOnKzds0a{K(5eBqeWO2#CQ2rj3n@&Xzz>8{T)M!Itbe-o8FX(10-5|=N*2XCN%y-9 z+mU42fzYS*ch`DWNd^?d3_&)w!Xp39naP3ym&`<&DYvo^7yB1b`bW_o@64Hm(%N)z z0K54R9zSz6SnnFUUtj%xW0L=~s1w97AF`iert;BI)C6O%`0j6;T zPYNQ7+BH$wzCPcP@v91=rb=Z}rHB5;>Ze}5J7h5$1piIb+M5J={sLPp98;QOKC_r+ z*+ifE;PDUtQs8mI%MHI&&)wIKO$HMiAW{$HTD?H)CDd>NbU;bQhJ-^PhuI^*m#2~O zZ&aisbIyL?UZRq(@rtO~QGp9u!2t$VW7q#^Gfjn(6(R?GC0*7)RVUmK!I5th^eV%t z5|~bao@u1UCLbpcl3@$=A)1swk5$|^N5XUGA>1k;yJUTm%75mG>ehEGx(OpkNk3$6 zC8CFRAz2r8ARC~>zigkFI)lSV5u=2y;O(-&{d*aP0~cXnH-380#RR13O=zSTi#DS< zikeZ`Oi4C`G0wb^qpBVLqEr`afLe1L{<1NU-xzhT2S^jI28rwb6Cpq!AlX3ki2_cO z|7rm?$w$6DjSZZpcoha=!KG=d_rLU6dMjLnRA$Bwchg5wT!D)Zp%4hgvj>Jlt=wn# z26dlD6gdDLAWrdDU7ZL#3qWTJyAbS#u>SU^1U3F;J#jor=L>OJ@CrpiKO#Q~xM?x@05iEH2_Ov72qU#gfM3)*h z>a0q?YltIc0vvHe)>oij)*g)`3%qj!7##wHoNxRaFiaUhOmxrmq5?X~d7Mlr8hK#; z8PvASt+8xKB28bYFsZqM1es-fbQ`H^7nkM-ol@QR84hMdoSLasj#PFjRmN1Ed!`Ir z%=M(43hzKNSssc+Ab3j=iVXGCer@R{_RAr7tYhou<2DD~@eqXTM~stE3gbpU!nOH5 z(cWtaQQN??-Y@&sK0z*O{|1-L5YVL2G-OtI%(>r@ZxAeeT|T2l8ix<;6~dIc7e}>F zH$O5RP60;XZk`PAj|WB7&H`cU3-~RaF3I7>xTz@NLC~J^bJx)DYuROJpYn*vGS*PQ zXumM};sB$^$9!O*9o5mB$IGOT@8RHugg{uxBb6&`9teoMl%u4;-LM6@<*&@Dt9nqg zo(Usan8RZw@r1_k<*_v?yQ#`Uapd&Leus9+xx~FR0*D5covJws31jV7ZV6S8{ZVCe zcYtj6lT}Pzur*I^yt1)+M=2h->$~Dw%eWTz8&kK^zVJ3vIjq-w2fkGM|C` z!MexaTroFqkQ-VvbB)-M{FcepEaH!YwZ>4OgH^yWEK8}7uM=mS%%`lh))aX#n=*?l zixtPEnU6mV{*~btwB!ADXE}$cdt2@3{+DjQ6>qP=%_hN>ivj!i<7`1e-Q#r7Wq{ub z3v|9QNIC;ASK3NtMLsD_=$IpY27)&62rmxrwrnzGo0j_brxT$|gpg@*~X7;bU?xC#eip*bkZpPubkrv7L7e9l1y%ic& z_RKbFA$!7@J@8XF0)(99ObbC5IYowzXpP~hCoYvj1Pi9&te5{udhvh{AB}#CYMbyX z+|-c43cz0&eBhCkCivlT=0w#YT`xBXi}pBIet#dXi(2zIH7bxv0~g4@S-3j>GYDNw z#{V1~#?q;*oS+DL?s{CJ_f)|3(t#w9xCf=@%83$Z|L+Q6!r?$geRyhSFZukaC?~Kb zWH;aBMQ_tYRlalHt+S}5B(Q&oU_bvb80+P{pb2q(`rk9k;DIx$XZ_C^UB}BGcm0Ut z`7p-BW&9W%Rf2kuU)7f?9om+<|KHa)T*wB3L)O8q3R=dT;h(5NzPJ5W4TuMLj_Sr3 z?;%|u<~}VBCU$K-w~ibPoGu&mk>w>@mOjnr51&|4K(~$F@ya=WY%%U|&(9 zD=F-v_9?kIgzdCkJME2Cv6I>O16r9Uo2)9HkS0~Bh1j%Cx zH27Q7Reqjfc-IAvKpN-l~R@r?nHEvP_DRf@Xhpmhy0W^LKQSC+h zy&F5E^-_snWqscA__ARPN?^$umhqt~OeA5Q*Rw34y;=m++j9n@-NW5^7IVo_>kY>) z)UmJ@M|N)+ZqAd*N)I)Qu>lJ7ZH_Kqp-BE)%NJ!+kH5$IR3la##a)k3l3suLyVgde z$nkO>f+kt4MpJI_GA4|iMkV?Aj}y*n>3BFX3%u=%Ja!oQGo~;~beMpp6)Wi`X6?jO z{tVqMKWyn4_0O^#F7)I3E$w}vTwCC2k51W&cxg;S`Hjel7!X{oAL)zA1S)qL)q*`Q`XBK=&g#Lxa)ADcp3a3FyVmt z4ZeqTYrO`4xn#Pj4@!K+ZzgT^z$>#fIo{tXOdky^!Lsua3L)+7VJ_ zS*I}vd&}oIp;e-5)lTGprLhPQJA%u2ckh7(6m)Oo5jlSQ&X$uG^z1x&likwiY7L5X+zY zig#j_NUoBeF1#$R?X;urPX?)YbKQp9_qH9?0(2Rx!}76x8-%$*HENg~W@f%7Z5gBx zPODwDty>#nF{m@~;=$!klZ4C4nRa*TrTp_gvH%)cvrX6@eF_c=3dZw}(vi6{xY)Zn zH{5b?B=60un_(p6oWL2=LpumwK7z5|l;7?W(uDYuS}@I3`!3MZ{3|Py((C?Cm7hj(o}X0H1q9&C|zFjn0g&$Sn8~2y(KPoM;{f8 zZrP64IiM{MHP;PvDwL=99YMi#lZcG1Rc4fou2 zNz_j%9?>lkadMLA^g7#$ig+v--hT@H(fr*MRCtyNW^MfSxg(J!Nk9aykj z$^WMCJ5JRUgBLew6+THbzj@OcW0g;N*T;<75}m82ZcqRHf*L&^c=%n+A3ts8FRk>T zbItS831?QDo>9l^_<1}Ii-H^}KW5HhE6t6RvRMvPne@%ofOiz{_=$hu+0xlQnLYU2 znDwBH59Vmx#6v{bw6Zs~#J*F1G1=m|(-p$FWzpMXS!d_sr)j89!pI&z>#sC^5>5U4 z`@!*2WP$P**w2?t+jU*DJKJ8rjnvKTS=EjnVUOLLhnZ!vson*wofo7Fz)Mu6;vPTy z?xDO56NLR?*psRR3lF0i9oVtR2o`Q+;b!A4P!HzxX3>o&b$*Cpe6|s;STa#^FCB)i0W6dK~T{lOy;bYreG zy@?W3B2mdUXDjeHcZ}!Ib16=i`Z8)i^2pLTN6MS$r@njQACoanzpNAAm?uo5Mts?4 zO44Wf^+M|+&;HzhVzGa;*y=ajY_5@3yTKHm!x8S|hn~-NS=f8D#%~_+@D7Q?w6efb z7h9T47t1f(q@-Ot&&NG?cBan6JpUAxrcrabOB}_o4k5bY!@n<$d%w3;dp;Cl@;HlF zO529YqlQQCQxH#%$kWMi;U{b*;|Y$nJ>9Jg2CPP7_QRe>ED)sV}RC8@%A<*R;+SC^rjU-54JqwvOIpDwS{oiz%}l@NDdi_V550jI@x!jzH`kw6X+`Ye7QpKlc zwCCf8L1+QCjF16peyclK1fwn#<7c$#C=rX`WaZR+(OonP#brds4UY^@1cw z7Cx)$|0VpY#hejU=kc2-O~$8^e5{hXf`=p zc2X>ghl^0c?U&?l$^jy-ymQF_$ONr=7!Sc-GBy~Y6CX$e z3X*d%F4EAlTQNy(mRzAUG;DpYVTTD(y>}-(;!8*ClUSdmKk-i&*%sC)DT8O%|Asxz z776B(M^_QB1WYo60H!&K=oIle^mv?c`g7T!Jfvz27VY>Wyl`pQ`WaNbkcfz0mh1#^fYtX?%Z6mBxa?P;W^rUsShX9SiMy; z_@%2?)MG#E@|#E_M0WF{?qd+;EeJx1P^Mm_pQ9;XJC%!7f=fykecRwHS!OV5rY!#(cil zy0DweWm<@N-4CBSW4gYIyH55*8R0Kby{E94MPhM%iWI~*+gM|{UEuH~M!VZJ2-Y)+ zlx+ucOWpAQN7`G5Rkd~P!vb4jBSAd z^TsN5Hs5%Diuh||WZ(j29VD+xf27OAAdw8%a~(^+G`3oPBl@m~1M5a|b8=>c?Ip{J z5wBNbk$#Z@666G@kU;)Y{J+Uz8Nm#aAO_xZW@`xx_gcAE?0pv<9moT%`^=x}5G=yuM1?s%V{O{p=zRyMnq8}aGoRh;xU z{;`)ACk*J{g?d$Sk{t4Xb4p1jBsNtmPnpno^p$!*^=h_3LEhk+yx)OZ{Xa5a^Mu+n z%p!Y&HjKL7Nh>7ST~Y1o9=XEqxlhJk)Src(;RVfS+4bsYEu96or@o^N=AsiEY#%TW z=r9aFA5?w*KEqsl=~#15VoxJkTjl$)tW7Za_C!pEfO^7n-Nn4qDTPez&Y@Lj+q?Ah zQ%tKrb*EV#CxNAb#y45&FX1+`Dj8k%{Iq$NGYbn2{Wh)8{W*zC&t?1hUCCFmtkm98 z0k4HCGK4BJ8vGv((0yI}ot%14&bki0cf>Nh|9r%Sm1FPN$1+X2S>K=eNA4%){FP7k z-CV@9;!iLVEH9Q=xzLJi|2sb|mSD+;6S-<-yjH-E=BmN8r2UeV##Lpre-3Rz?jLK( z*%6C8tB&%^>CVx+jit};@N&-eKb12!7lDSDhvqo|AA;7Y4g@!ra9{6fW?e;(W}Q?h zxx087v;ET2WSJ{^vk{_Vy{B@Qnpi&F{)j2Z85}NpZ8x-MdDAcH)p7a2%J8+P4Vx)n zAzFU025-lar6pmnoZ54|F<0Pu9H}n|bhYFJQLQt6{l7VukR7!2Z6R zoX$ujH-rvY{beX}rk+w({H0_~M{4~v{yZ9BfJHH-@y^6cxJs)Fn-R^%g4`DK#JES4 z?ZlU2;$_1KHF{~j)J`$%vjsh2{U0Cz?8xl?wo}*EC^*q&iR)$0b*>hONn{6~sPbJ5 zZ;j5@r5_0uuNb!CwJtTvbol95#W+v-TrE@SXlcCz8kQ}z?O zeSVwGCbJZSBrW)I#F;T|53&`_AM%}-z-S(L-yU-&+q4b{xG;2YaULT3@%4_v!|VLw zgRW)qib4=$NXS3@4-Rq#lY4&;`Xqj;@zOjzwSnL@)Nnu|Xi5miW53z%S^_dv@htqv$nhB-al)o)|jl9EXH74*V2l zv-k>|x`|Bt-jo}Xo)}*9cyC^CDEC>qJ|0Q`pLNx%HP)csR7gEjXYGn-edope(F4-< z|6)z7O>vb8fyg=O#u4&`0ksp(b7_qVUK;`N^Hpr5W+?f^;bgmkrgQrDW^8a@X4NR! z5ZW+$%->Sd_&eIO?Mi#6ZS^X-u>3SWHCni*C^{!zK02tmUENeyDntH;GDzQ!S08hY z_xrEGYp4TuY~5_E$^LB7fPFO4@_HzIGv|O02{6U1ICafCkov7px1E0Q^VUnXC**!d z2h}2SP}Lc$RcA%>wm{4k3?Egt>o=NIR1ds6!CSi3J*t5B%%nK_H|CykZ_ux$-6IwBLaoLTq5v zz(bjcx)Q9Z)`1D*DY+3URI&1b6pwi6I~ZgekccwHM9)`BK&0C)5|2lZwgmC5wi7-7IPBv+z8U{3x=5`N1gU_MQ6KE@S zH`5%1hep)(KsCRAdNB(1)E>A!5w~$!uihAX8C&3YL~PoL9KY3+gN^$YfPr&Db-)|Z zcCs;OeQ89L8ybQkrGHRv&&f67I#l!s@kjuNcV6&7j58^-udZdx`v|@U=OT9y8wrr= zp}aSNqtnm7>{xcrh8QZOff3GWM-0Ca#|D^Ob}*huCXwG!wBx2=*I)w@^2*_qmu(tk z+OJ(I-C_>Sp>i8$>v`!%xBA`uQrdt<#34TsFee`WsokifOVKoWBEMo8$aBsodnd~^fztn2P=CIGMZs=f(U`e*kRkiFehmiL*#x-do5q3=Zmjn9)D_X}w0 zqv*88l;Zk5jhZ_vMP?r7@O>NH74|x$z%9X`0&aMSUC`kO8m+#cmF*7|p3C&BCCx@S zdJqr3JP198St6vM*x$uH7O<@61NVg3FHJz-FuK5O(FLO7A7TSTfAXztjrxyG(5ZdyAZKM-{@h@T9PEr$Ka>%cd zrd3(+=6QP^L*aU%NEE3&sRmax(k`rK``ev~@)1HMbiWxuUXBAV;t_5;dI+#E_IvT> zUqXM(X9oy?Y|<#0e72f&AB>C)iyeDQ6bMQ{FWBjj?U(^Gk#`-IiOLv2i!N7h8 zo;Sm%jLI~H%sp#0?PMg>Orh={;JGcf=t%RyOm!Dkj^BGfCmHHfYTLyIUMinT?KB++ z3)4Y^+Quy?bbIat=uOS~D6}w8!zz5acJ4#ApxUj*Enw$)Cz$U8&Tn1TTc1R84kuD@ z&JtW#&dIdWAC6XnJHJM2xY>CD_Bezo(VTp@z;xKe1Sp=G_a!QGBi zr-ne}Rp|K@$@(i>YPhbXRpz2DhM%IZ$<>RoSQkE+2GyrJ(5@}mT(k{AKM}P^XN}il z^SSm;Pp4)SE}1eo1HIIU;|Hr4^j8o%7(w%Z+))13k~$%8Z-qT>-6w(F&s4!T>cK67 zYnQBvTIe+kn4f_+`Rn`5cb1WHeDTB`{Q~Ea=*_y7MXi9D%btL^r+5!q0{d6x|si`5bDjnDXo6|T({~aZ}Hfx!K zOA@9tG&D3kUw-@--_;5mZ-&Ufqi_U3?bDD%u}i?v$baX zn|%k+UQjW#dAKBrrkQes$i%W0Z>_C`bia3!E^Li4;D8x?EUx-bTjLIz=UVR1@c^st zrQbX}lBFV!7go~YCOudi&(fOVE?GA8HF>nBKj-E@kg0m78n+IqU_Q9$u}`1AdlKyv z6!?y=15|&6%Vmp}WbE~+2xc&%`)~|X>e@|w& zPdxR-YQ7APufGUv2-uT2b930}SXSWVzk0o|L}}-Iy{q8c<)QXzi%6Fw4?(jkT|1-x z`rSENaFCr7ENvw1>x`LZc%x)brA&L+q9ZG%DD4A=KFLDiK8&LFSX0TH6H7ywvD2z% zvHoBQk}J^hA#NnRu4p-8SO=4PmCj@s zP|gD1enF8(rtQP&4P0MT9fd?%N$+;z<}$7Zc0%QO2v33P?k_lqAvxxj5$WQ}QQhC2 z&t?ai%)^k1-IO}3)(o42{#N=y4wW<(42bw9;{R#^e0oTdtXnLS)SRcy_W3=|wr{O@v185K)G6Bg=IFvoj<&@uc8^hohWWIS zK@M14VW+q0C<`R)^5=jl`3-!K5;bF-ZJ8xp$)&FNH(Y# z4QTbGDcWDqwYXp5a`yh3Y)aAo13$0j2mXjtp>tc!cd%UIwsxLa+V|+e%rFp0Cvk%j z)PzPY%likH3wUuJ-gdP8R$?Iq$n^q)ZE%S?C2VoA9Z=6MOeup!(g2NX5+&Fv8Qb?| zaf9sOD*G_$cTSzhNzhXReLa}yb;{k25JEGOrZYi=_K_56J}lVyFL&BbFJDxa+XQIY*@vXcw!2r2cP8z>}&PQlC>92hvs(c!huwHEQf{sRgvP2sbTgzef(dZ zd245oxG$Uh-_SM99HXM^G-A=qYrC|XVW<%;a_xXIyOQhV(f33h)S|r{SvzTvv5vE) z#3w^3g8#vd05*_JMFq(lTS`rL^?01~4WvSoE@{+EF679^ocyrub9T z=LxgT1LCI1(-!z1k#1i@dW1#VkX8{o3WrzGE`_m!QrA0f+WIsR^21L{!Ij6WSk#*6 zomIr(Tm6McGIulpULAN3yNA!=h>2pw>G5zj)DTgbc*wGS?EXaN&>{MQmAu_5W@l8= z$X%IRVNe{>kpPmJWH!=|s6r0x>p3??9c>y$W{4pP$g2Ht!b-+EeL{jzkS(*$(4fe? zudAxRsic*t3ib(6Y}HeivLKvoe}mJ(AuVBR#!UH$zS<^$zqD9t0bk~33zZRn?Ge)r zX5Eq^stF|~7ZBiK{u!>qpSgZ{>8McL1vmV*`>&G?Z>lMGoMcp0E<4kDjYJKDwZ~ZN zv#s+|)hsa-mIlBy?qVS2x(SV{E_|Rj;4mlfQAk z^HHNIzv|icx$MNZx(W~u9~SVGPtotfVgoM7Do6{JyQJJ1Hab+%t%Ul{j3^ zJa?#Dl%+89YmQlSPy+7u(98yjWn*XMI z=vqR_{{iT`V5Z=WN7;dQZ?b_hr9{2rg;(!v4o zd0ydyeXi}hHB#E0^-~8^;Hz`(bwFRLVD=FG+sc;iW*=bskh-2R;p?g)&xIs1UYy*s zNiW(BaVf_D`4XW0N%;^KY_sf>Z{E4EwLNx^*@fM*+Zzk)$pv9Thuh=y1zWv$2*Icub`~0qbMJ;zLe^87V+S)=W!w(fQSLaz~ zT*i?k!ye?NjDEl3&o@xbkAtF4AOX)rPl z)iW=T5%UyCT$rJWuC4>VPMVMsgRIXJiS^(gUVM+j7=d9ma3E@-{2Fz1%lpmXq(W)c z8wv-Er1Kyj5&jOgej8d?8H1~t?sDOBOu(pd)zJ8vNR?kvHqnhF5|^{2^xDWf*raEi z7|+seT&-|1*#YVN)0OnWc+X)?L zLxy(NX1P#q0s2v2iw!eP#2bb9}dq;p~`GQF6?M#WA1INr~bW6cIP*cfq4bq)tg0}Putqd`} z>-e~Y^J~h+Q|Aecvsjmg-?)B0Iv?4|WAIW9ip#$Ekm`VI(^VNAl~n`qP#lSDU>?5Z zFWky(3JEGwV$|(TH#-15(7p_jC>$`s{xG;+4|K4`ucrglTlpHv8jw6QlZN`xQyUSy zg~U}AeIIK*vFZ`YMR3b3HUhM(;t9|rZcJdT+T%IWz7(YF9AIN!{Y)!!upNhl5D}in zq&R`z7m9F{&_i;*Tb)3ad+p*27l{+d`N}Z0GEaV#WZ(!?S5u2DrK*scc{ubIik(=! z+J!NS7g{2qPKb-r=cC?pZTd}9$WP6-o=a+T`GNMfWPz4Wc;)GZ2TvKEB5Gpv6y#t$ zhH06QukJAwAGV^%QUUAjC3PqD(8)OxgSiZ=b+qQHQ9XG zoG?7PtTE)s2ZYqQxg)nrT8S*P^cn)c^+G zq|J=Dbzu{EZe{lYr-FI^0iP@b&66e_ z+e^ar4986WEN9wqi^F=NX4Krg{kpSY0GLiuHoG z?TqJa_c?ZKd`UEz+?G<{QU;{*8fhbq+d}1N=9n3pq3EEST|rjp77zgw^{-py4r<+J z!ZR|{PFscgTraW`c%meh4OOe>y%yLY4KeV*Cy~1)$8bZ)hE8pzh~v!{C%YOB#eXW$ z*m#JM@X%@D2%nPk#;JYhK%wK=VI()Y#*C@HZ|m)j1MkT#6CZqz+{^1bwQDaS=L-UE*u?0<`U_JvGaZM|Z~c?8-@% zARs3a6$s@;<@jw}#W)`|RY1&&?)EPazwK$;RNiyr!cmUc*LujK2xMe`D5^M$Fo--k zJABS)e@NWA7W!ed(XIu4$f&ELB;i@*EOif7Ys14KxFWVZb&BDJRSdJ{wfxJ}o1&3^ zvSNV>MLT{wQxV!>!VFifj-Dt$-B5Mhc`v6-p?c7(-wO;mH5I)iS30v(xn+gQ`vwEa z6O!27=k8_2sYDy|zxrTa@a-{6ZBr`}cafY4TjRCHCd>`0wDUINWq#35w|Jd&Z#}8(&&{>DX-i?o7Jb zFOvS~^7b1$lA%3NqHwi=wEPBXJ5Y3GXe%vDZW8s7V(3$5)`PVU#xaq^&I>GMk?SV+ zFDZ5jhw4JZzMFZUq5MwI`N34wpXrC3ODmZ;SB&lw4>M~_p^V7LWI;zmWT^09h;zD| z7KT-zsEXyvYjOU3uGk3kqEKNTLKa$10-Gca=d}Tm{m!?Q&=*sVPf?ZnCV+hl%)}xG zMLSBh=ig&&EM}C>FkqQjqwnI3Lq7XBl>;j*z<_I=j>AwtX^l6?C~D(Ue&@y>?XSOS z!bcseC>b@74Wgb1QJRQ5yyVM1Z@AZIQ6w?tWI1((`^xi@j^>>P2OS{nbiNf%=O4(P@;BCQVXfBiTfEBUI2 z0ng$qXvabmRc}o5Ic0)ia%F?qTdf%;NxcH#S~wC?&s0=WO-WNaL;7Wy=<<7l>8TUl z5$+@+ZN?$k=*Rimj~4WS(V%mFT@pT2FU^}b7%I$g-pXtk<-JO>7*lc=Bl7Fs0g`un zOZ}tq8f{~1Z|?p@f+d9HUYKyGjqMD|8tdOkN5Zb#ABnLV588*ynlG{!!l_2CCmGG$ zGddvEbZEwmcw8l)#5vRbvV?<{b*Mx4bJ;Qs? zUds5P%A&WX)t!~oCFgK-IBvt2p=dYbx5pUmSluxQExn3>SpU~`c zAXI&8y{h}uQ}YH-rSpE9VP9)+tJ^({r`Jwp&(yS*b(%FSPb?p#(<~@CEq?SQ^t@~H z1(Ah!bGJQL1gOjIW%6apnu1h-Z6f-NL1ng_x3Os|H=Dwt$FZDT~kGiOYA7O z%$bo^lgi)dOqrp(UPxBqMyhXGAfiz+<$UADjWpKGHzO1pZ{xk%R1LT2K2lwvlDHFm zb27Z}KC}Sx+K>3;xNq-2pi=MI}l!;+TRgt~8tBE1{;+!4G;U#{Bl4%<6g`dEJ|H zChBtDEO_Xg*wPz!XhNk>)Gi@HSeMVv5oBh|H={2H_}mI|5n#wr?0M=*OIzzmoY$X* z_d=)<@6^6e)q4^WC*As(+rCMv6VQZsleS;>(n-9ci&yS8KMY;@L|$p zxwpl@!d4``9=d9p(j&-fcpw0b=w=-=2ZpS9r|(TTgUP!6z>9U4jx(|U^#0}AE^Xht zO)(ff4g}@0eUBK5)kc)4U8LC8BV~N_j`qUbqBVy_`6r;|s zlGFTyE!HZj;GY`4Z#R@pZG&=v@^1a5#p2ninGSL}Q!%BIqB>-7KhGM5$bo*?+s%xX zx-5W6ve+!eWw)6@Va7M=K=Qh+NV}BB*Uz~h@AG31FTs9IJ~3Eiga2bSW<%uFat0)` z_OYbPtU&|>e_m$0ykwV=VTh*;Pf^TkTpu#dB6(nLZZ2Ls|I2lBpx8RC{(4x}yW4H{ zcqkFmx>7qk^>#v$vWq*5&kmhr@kyLO$Dl-Sah~csybwcV8$AVg(8gMrYrPYb*-e96 zA7Q`fHJV;-GUh~F!7m43wGBgU~QTzm=?YVYMX6W#r0`&1$Z&fDzkFL;+bk4em2 z=PoBp8i{xgW07O0s@k?@<>J$9;?Q+L6j@SlX6C&Xxs_|-A*oUie5d~ojZMwWK%SNu zU8Q`?eAcukeT-$3y_rO81QPtXZk&nf@4_Eta z|MM+@S>@CRnJ?~~eZKASa>I4k+*(>xToesUuD1=v*nJv{s4Oa*|52qP!4P`AMr2f)iRWZslwbzPbCXLsc>5O@5gpHS-{-%k?@1?4WzX6WlW<`uF#yj zR(^VoSnEkZG(J2(6~onBq5)PdhL;u|9sKuOZSN%lPT>l%xWw!kfhPzrR z6i&R85W2zSUeDFHf_<^;YqapM7%-y?>wbak`-eL9Mkja@9?582on9J^mEThXvyt3B zrH<;i{~`pUpWNB#Bz9Y6FeqR z^Hj0)GKQd$<$=b&34q6UBU#F=|2QU(`95aUA zZb1vyR!}UQBnM+)>LP5~~%EP~;qXnPwK9iIK!;;xYw8L8!u%FY`qM zr?eToXYb%br1Fn4EK5wM1>sC2!P@*dn-v5qO(@}rIy6%!Q>*v#C_9iYsnAY}M;Mhu z82`K46=_Gu{;88lg>LFzmILkF1sV01Y-pUoZCx}HK}^IPY+38W3=S%~mp>}F^d+!I-QVbyT)

    kV~nocoZJ@&Isg-y|s8A&T_; zLE7%t+MWJrd92cCWM9gCS`8AjSs*P_AOd=YPq2#TK-JO#K`gpHTRIB5W*t5c6`i{P zHHrf&#IjN*pz<~g>wYJu>0ct`PH z9>a>=`aX0TM-1ta?h=UOG-ByxDwtGGTNi%ABa6zT1#2GN zbgkD(G}GsXMo!xlE?#7WzJf+3riIDCq5xEF*gg%Sm)g1_>hryKx7(;_=ItXV8@AOU{dK-b}g3dH7(V`Y%$LEAfn}Wb% zfFlxsF@hnIUtvpPG$;o^=GbfXowP72wPX9s-P*E+fkNRsgMFOg7y-Sfp_BWVR{mBI z2A9d8pt2oin==y-UU*NpqQw=EPVx*7r8a0yZUu;e3PqRXiLeRa-c~062lqx>!+Y+C z?bf^eMUTdovc+gwaNnk%*r;^kY$!7O=Sn3g0(cP0lUifHyl`}}vz|CMnH}c*~X$#I!>aG9sDt9%Ye~`70SR|oYbJ1%{!+(e-&so@7GG{E)?kF0o z1U?0*M+3T8G3_if&RM>wv~KePe)1bpRqEC* z@rs|d$UiDEeT0Om2g3Z(3J%KI7E&!hCz9Yi)3w7bsh}dBK2xlusN9+3Ni||GCfAH% z?=&48)WfJeaSSG3ykBC88_Iow{lYzPwD=;mBe_&==@B)w940*2HBB#qeu=?1}w z&gPJJkSy0N>FSu|*DDSFes-dzZNRx3;xd|O-CPzL>=>0yI$7!TMFYJ4pGj=rX2&++ zRao#OYSpFer6?&&g8b=1L{6 zOjC;m#)itZ@NRgOR+>Hdu zY%wLdq867_IH*`irn}OG220;d$)DL)4zx~nPBOE3{TfgN5wj!%6*KGm1Wqm)VVf1C z&q%vW7oiY?JU@nb@vb#(D7(Z1<#5ViD<ng2rzYm&I;QytyLbeY;)z$hdL|P`*U& zNY|u?&WFrpnSh`Ygb9}}be7hv-6?3@w>>^b7||BWnmyPldv5NF7KY zlGg5MKNT-zZ`->6^yp6BpohgFGUAWtdd<9tUV=+7Je9kJDk*qaZ#a+}Gg`iCi)%ErQ(<`G=$m_<=1Ast{g!=%Xlr;Iw+k;l~`*NfwC}Ix4g=N|*M?XnjC0b6a)Q zmHZ9YZ(Z*mG0l5gLA|Ses{bv>i3{8YX@PGnzb{9SA}cAi_19b9F=)q6YPY|4GTdk3~Upt$5ZMr>AXe*H3jTz_jUrI02exaZA5wY9Jf3*O3h{)kYym_2r94Xv} z{GH{DP$K%S+Y3zTr#)LLQCF$G)NIm){Rlz9*zX}mE|e1ZCA8$rfw*_Y8_6<+8@zVm z1_^p6R?#+8xR9a#7iTr2T+Lh8Z=V9RZ`qO)DB|XJ#H3ca&uHvdyynK@3Hi&5rrXuX zt1Pc6{>}$Fu7pWu#KGBv4pB~2Yt%up@M5hc25IKGuj)DtzL?__l;T69D1&xSQ+E9$ z=WDk&@SyvaYyCOnwT*)Ev&`~sy-l8^lSKpPnbr~lp;C)ZDCcPo+oTt+D!~lxofY+t zkLd{#S5zH`U*Oy+*t$0$rTBzgarf7+kLkC!mhMuER5h@vCxkXj>4yB|eFws^iy1Re zGi4kPBRZF>ovq#|jl&A!d(rNfsW-oIoa;_aJh;1|wny}nJ3)GlPv^w-onHl?OKpZ+ zq2+LN60ebJvd);KJ(gcV%M9<0X}T+u_Q`fG(p=R{^~rOv75h+dzD5VeHyhVAymjIv zR$1tZdGv0!XGC;;vPq?x14onM|ElHn8`?vfhd*5j?ZZF+=VA1E^1*o24GJvMHjwt& znaw^O6}>31{FyujUm|I>rcW+J`zPvguGm%e#Ue$ed^%gIxIvd2X{l|X>gX}q+iyq# z^r4cRV!JIcnRs^p50g0!q&`yS8Y0*HOOO;c3chmEfi3IB$m~WB<5W}?uQ=x=A=mL5Pb8cEO$E1g=cwG4n1VrSREP zngzs=E%PBVJzS-&fs3z_f8Oiv%H9@MJ$m+`**rl#=*k+O$Hj zy3u>5P?{WF1&Y9)>Zybia0)0$7gDnNy9*s>Jq!DD!G96jM ziDw~PX-dEy!V6r=x|eQ?=ON7h`Hf zuWs-+;;C(f1cPK&H?&_y`_1Jc8MEl6FHXYKRQRk8B>T{i5pF@~G>(6LIy?E>mTtJ< zYq~>%`}3J%oDm}gw~U<1E{1OXxets|;6yd{NvFIT({1=1Ylq;AmAOn$-H6n_zlKxQ0a@JI)Ss^t@WgrELs^-<;jdJ2BurWz9;@+=ULuOcdo zS92%jXNJOkIA0p1(hz3;_d4Nh!-Vwu+1G}kuyFpni1jlq#JYj~Ll2XC7|46nnSMgM zNmwyO4DLZ+8;H)2;Ot*I#-t76)n66e{j68H#6aW(&-=QPe=q%Tt4 zaw^BHMTNwdMfm+$h_tX13KKo#=uvAsxS(N-KdOF1DY+5f2qA0 zvypnay?>q+Hd3hk5_UkLcR@PKNOuv@6$jw98q=Jhz=WRUl?JiMnZ>3RUcX8!Xe z@56-5$%~FF;i|&^kjS_}y4fN5lZntiuBsX2H*9g9z>^}&MTFx&KOM@1a||Eb3Lv`d zj5F~}ibuGDYP| z?%QE&)l>bT9qte26V|e27thJ1uG5eUWhox6X@)fq-zr>+L-DD@E=;g~{<%rH(Mcx_ z9^E%RW_y6e!AZ)U5j1}~%zd&AOPLsG0&|clF7h@Cj5FT+u75e7e?pKMrvVwIF9F|8 zn995soq6>}U6}gtX`-S&M5E;MAC1z-d&uKTA%>JkETlTlv ztV=7ktOdeKxSJJOf!;=5I2SQLLk<3*j+U?bocHLBQ4oMbQ!9&@J)L_iHq+&oA$G;-J9(-MyWXx5dU+5#xbfR(uU87t^f& zpt(phlt~3}VWPl32aYpLQH5dcxAhde8rP}y_ieue8q0iYeD1raA(!pHnTmP$o*SnUnSxU1= zRzF`mQD_U%{#352wo{q7ztyA9)cka|;F;l=>%wu#bbE5;^)~OHi_>c@-}^S5KRp}T zzCHWZ@u%_T>GWDh%c^Z3R9|l<7xo*f{XM)@%|HS?_x+Zf^tg|TpS2Y$P8kwF**`!n zGX))!0Tv|>RkfFYe%5ofY~Z-aYmj&)Vq3GN2oGfTNw=q0UnNQrItPWd}FyYM?VV{#_MHT4$e{lO459O&sKY>4Gx{sk`*dVhqmHf-1dZp>?_sJM&(c>)fQ^vO% z%nHpOtU<1ZC{$AS9_^`xZ+moOo8)HyI$dn0%e=kG+Lgqbx-{}uqUSKAzKHeiL%*E8 zJ1#%Q(*4|2qd4earNn(Ir|l}`wt2SrtU7_kT-D3>I3F7RjS_u&Gp4v1VEY1J>=irX z*}bcFF>dB{EGnj9YP}MV*d3a5p3Ox#+D--=blbmW@Z#y@oPEV(c{l=5lzO&JBGRf@ z=uD9h%>r?mNBFd@19F~`CLtjFSQ0-Ub(tU2uDl?tCTDDdjqjbVstIq6tR3{T|54Yw zH_{TYqQ3GmZ+!!cE@kly<~bei^H}nBT+is;X1n|T*MzR*lPqy;)-SRMOTUpQeXa98nS57Z^`dmYcZik4pW=O&OWO7%Z3)SD9O}M{tQ9iwFK56tUAW&OA%QIRjY}kk zxRlLR$6vGAF9orz|7dE^2dRv>|9=aC7d@UI)LSOxY2=EukS<$p)905Cl6G+!s5%ci zq@8_bW}cO-pDle)mz-mNBE!M9~nU7&4 zd-J9Ahwt(56I9t@ONc?)^A~*5-Tj9nwanN}0+TxV#dEdyia*N;6oZr3-|2ub6nF#( z1xt9vy9@e3y~G2Zy{;b5Eq-s@ootwhLeb~H@1Zm}Sg)^gA5q?w_N*ncTzf}zyt{Fn zL>ek&4h(x?miVstJJsTGfuX+aa`cRX|E^wmg(I8CR#r+CntZhAQrBk2uITrT;sv!t zo!e^frV`nY=j{eQ#IIeHmJoSC+D;*Pz~1%QURU8&ns5;Iz%Ghsb`W}IeCA7Hmyw7Z z)i0-c>DBOqb4`ZZMR`13$lE}JSooiw`n(Re1BF=n1Rk3dz%B%&N*y9RiwyNOuD;^s z$B)+ARz$fOpSKJb7_(Zm>8LRfdFpq?4eKSN1G+3!@Ixes4NL4Zj{cp2 zPHP6JGm#SPh}zWJ&FWK+<(2cO$B>J^{95mApiF45*Nl--UOBX>BTB1WPrh-qlAa~! ze_^~gU31HI+=`+d6qHF7v+{=QOz~0_@(#sT=ULe-f0c&nXCp4#BYNyQ$)kC?=er#SZwEb@1mXO^OS`NQ05ktR&$ap zB_i4`Pm{9u4-Ny=CsZv9J~BR$YYprK*vd)>+^JQjpC1 z8oRrxqaMdrFwmQ*hv*LBkw+|-J{7xrZI=BIzOME^YKV8e#y#x<{!`~`W#nW;ZDX{R z{CcRB-x`Zgtnk+Lg~p2x@0;Ok@YIkmH-PA2cO5qnFaaJX*0??%n_l@FBhLKe^% z?>=-7uF(?P3o08w`epHajLZV!$w??vw5g0YnLkypevNbRR}vEH$+Ckn3sI&XVYF8> z`06CYzBe>=_Tp~-oym#StYTyB}!V9T;- zsk#J`Gb>WS+n_rvvEzHD;JW5J>%?ce1rOH^D(;}{emIIYJU0uJTbbv7AtAZp;K7as zT_i73Y^M@&rVFw3ffk)LJp&ux=10q&$;ruCz?m~1%Jjp=iXR_+3>shblx~VbW(28v zBa?9c+A8Vj+?s9yUH_0odgls8r6*^pQt?6QLeCUP#Wizd%g}>^EEHJp?Lp$r^D!I` zDOtmN4GJ&$Lnt&_V&aS#dyPpJb&VB#s`r)n(g`{~7q&3`P2XiHQiMrSUO zAgbqto#pQpLoClY`J^Ivw2?Yl83lmB>;E=(BZ z4t(n@)K;y7xDqKh1IEQr$7msAwSHd~dMhC91AsOp$3mqWJ#-hA4=Zu4sf|PRAj$IA zwY67Xe4jUY{mnx}|0vdf472#DkO-ci8kC-YEwUE^}=TW{D%~wr(VR2ObD1#y6 zhHp8yg{j}!M~q?@M?ODaz}f^zYGIDI#@sYWS!E6;oA5GCs07SDKH`soLeCmcb(m<* zO1BAM>hDZS%R|)^yr-z1lxmW%p2M-<{EHk_vHaeFMdnhRGLnTU?;W%?!(F8FZsa*t zxCrOk^98BMR2I1Gt~K1zte>{Cc>j`CCZm3w39E4EP<^nsSPX*7L?KCb?JQ&YgVh$H zVrlz5`s3Kkw=Q&u(@Wh_ygk=bAY%jOkt4TmHj)JF&ZZJ{e7O{A1bLs222975+qJQ% z%Lt-^QhI`BvvNnIK9n79cek0b&#APTz{~g^|FtaW!Hgy*_S3p`o}zx#+4BC{#ZcTY z=GL{qr4roavaG)!I%6t7j8eq4K=N0+#-OiqNCqa?-gzMWH0(dH(A?Gs|L8SnqVBR7 zrKe3VXdw$2X#UlgSJf*i?lDNcktZ{W3rOYV6XxCPuR7VXjVzJSZNN&{z` zHeo6X$@jXNFzE`aZ{z-?vbP8@{JNW4&$nwDnbkGbnO2cB$)e}Jz3{{{zwiva{~|Gg zf&CMHzu=SSDVUz3*+}0a38=)|_&Zp)Pw@_&VD$d`iqPFS;@?mHpKHGN^a~%I0i)d5 z{x#JgckVyQvNe8q0keIJ~YAckKzKSVD!Y7y3eRLB5ruDtTX@mwv(ozc4lRS zW>jB=WS)w+IcrHGrsSoaj|!wZ&&6Mc|is zRZK1Ys@8cQ8_f?e^@ZwzB(krm@7%lT4~Uf=45#_;0Jnx!>eYR*F-ViwKdTWJ=n9|7 zqdh0chEohXc#CGVaRrLV8e^H|{@eomDTKgr8y%69r{FI$ld-~b$PGILO@OHGzt7B#4-|z_Wl;&Bg~}Scl>S0+@WtZ@ zkmuJ<7ldMgi_noVAN?`H3`7MZ>vjsDKh=-O`A`%0DFVAV+b53IwY`&lO&HTqci91GMyF57J4f5_vE(Z=KlwAo=se8HT^eAWSU*f<~T0 zSPdmWaHJwbXibLFOd|P|#&!OCgJb|1#iWrHGvT-);E{y&*1x~xU~a^J%z;MrGT|Vu zuUX`5lL7GmqgWjN-wO+?mrXjE>XvOa$ArXGN3J!|Sjm5PF^w#}NExYY$umx5CQiWW z_1=Xx*=&syS|06Th9*()pp;K9r&Qig{0kN_;e4i;#MAj45qZiq3GU8BY}Iq@D(o6K z_dKXuBpp54LI(eC$rET4Cm?f#eN~@cH6jaRytZCY-ov+ZRucbT4`U$GU{6M!dhD7B z89+%vvy#oHAS74zf45WJOh(u4%J;Z;FnBoR?l24|tbdrBRWSgYNJ^1$PjM0_`?mzHm@{UMp zE1J!G+lH%s2X}H-^WABU=R7CBN@Z&Z0Ks-`Yay zGw3RK8~2R-yRj*m8wDpQ(PH0-q+rNIRdM~3Ot5!dN}o(e$48?I)h0jXX-?J9_phkF zIi|Z6{H;TA`vZ~i!yk1ami4SGt=Wlz0R-^0DtwjZK@Y>ekr=tJ>xNDB&g|jIK)}~k z)rYd{P<9~{B6T#;9~|i)v&dQ#u0ZlW3u~D@fApA@taoNT`K1OJS9=`?TgV1z15}l} ze-FZQd-gXrWAz1WjFA6k~s4Yp*rN(rjGqQp=gwZ>X6_1p&J7a`d z?<)vhV#84&M?6lzLreGsT?Q&R36``A7sPs{fgkCzVNJHs_GidLVNZn!z3}8#hUq6` znLY_~%7FaxM24hWj?fl|`PNNC_!Z)VA|iuxC(J#&D>2XLbH4qZsI7R#|Dd3?$N@xq zm9?KU%$;p=Z7>ipXSz2zxl{felSM-QtU3&Lt26hFccfkDj0bvS!h^^39HJx9$=7$m&l&_je{ZR67kEWM0npf z58HYmf8gXu%fkV^MA1XXMu4v3#hPf)hbA@#3+Q343H|U)N8LwaNc^~O)WKi~ZCWc~ zjKmq5Y(FE4kxzphpqRCF?eE-;aKe^_HJbaqP|6l29ZHYdPJo8Tz6eF!fzgz`#RUz1|_dvog^ z{RPEnvE>ScLfJ)*WMY`2@h3D75cW(bak^Z)*z6tmkn2~d3!B#LzLQY5wZY1%{l3iMSUvw&L9*qPxLL&F zBlG?5Kd(q{eHal^@Lih@a~Z3%)XqB3S#YJEHEhG5NqFL+b=C~dR|?T~96DM0{8!uM zse)c+U7BCnVY_%&27vV@;&rS=rvE{Dapjx&2VhlFB#F%ENh>d$(n@27njq6bL zax!kUN9R_yO3N_1>A<^BaKJg>NJM2lAW6JzW>&6fRNuQf`#}z$%{8l-ozC@NEr9XMiT{tSuYiiW>-rT$ zC8Pxhq!Ey2=i%hcE68dq{KbJGG^WhmMyiDV`Te*%Eh) zP^F8OVj|ypCu{nJ*Ee?xT9pR=(anikgod@g3&um$j+$`QIZXkiNlq&Qw4n=%ZY{<; zk(~`b>r&jV-{ag?cb9%`=SOyadn9aDH;^dJm8Y6{k^p~S_e?Fj{iE#02M%@}E0S{Q zt7FaMgSb00>wM{T%2k~{`Ohy3xh*c)^lJm7^Hr0KhOCwXs8SO8~3is?Ar}Z2J~&(k(pyoh4HZ{O}h0=zHGh` zXWRCRd%MaL)}PsYGs}&z7ubDE%{ZtzmB^y|H0;QZNwsa8Gw(crRiC>sDUOx@-Ijp! z*B?tMPk~r>FsJj&0LF+e`>uoY_ z$Y1*U?KZD7MBSx?aUtv?*TPTU^Askn9hJ;F2+U~Xo8!HydY>mVH>d){7~HrxCA-Dk zD#gZ-fcT%P@gn$KtoE@P8-Wj<3Ls$34IvF z?B_n+WOz0`eN6Q)Io9tbTdXM@jE&XS8t<3uRPFjB#JA;G3$l3Xvf&xrrswz5%aEAG zCMIhf#^s@|A)BjrV4fpsLM7SC&nuM&j0%!IY=5&31sRy1Vm6jE4EW0mD-2J1)tEI} z-xw|2q>Fl=PBX%(MSUMrUc~6W|GDG%h&dgpTr7eQ$-@vqmg_Vo615-WlfIqV5%G^= z)4NVrAs^GR(`8|Z4m5eh(KXTd^&_`uqLtS9yeWIRFvAqB1pxsAy-cQCSE_{s7|H#r_{SmH>fXgJX_4OHQIZ@Qb?X zjWVA7O9}SV_yPaiocZ(Z42FD-Atj}j-0Zl6fG4GEa9xSYi4P%crU%VN^UVfH)&Rwn zO`?_%t<|xF({hJlYK(diQ=)5l<8Za(`aOmTgu2p6WXVwz*a~ z(-@*EQFsi~*b|6gdFG=|A)Z!i0+3zh0+f~(1gpa}Dc$PV-M?uNkDA zT4HE4^x9GUc_NYEdRwIUk9B!c$)wU1@r)IwxrI=3t?fq>`|qwFSj?{duKbUJ94y}O zeHFlWe%Aa{1|oAvHy(9YL$Ah-nIUa+n>Vu`5OXc#HZC?I0{Z_)j_Pq`Jv;xI#c{f`Svhndx62&UY`#PTw^o-N zHz2dsWwn;CM*{$mi2J`GXZ;&JRH@KoIwN9_Ax{5A9P~F;sK~$y7MD3Pjd_VFCfgaL z$oyN|n$y(T(+nO{{|W8kKw_0o^7l_Bf?7FBN)52*YY_%du)H zK8CTk(Bpb8`8EEanR6E9%aws6x2-*SA(z8!u1<(2U0xYwPUz9VlSWSkNKmR+&Cgev zMYYHZM7d5qEw}qVXC>B3(MXnD-!~12c}VrDJ%4{@UixFD#OIIv%Z=*ghBMk9FY$WU z%FmX8S|4Q~Ly;p{^HJBRKIaa$InX?uq(~tc(2>AM9U(FSNhS2a?2&vo449b5{^1W>HcqD4#S)Ntk znRcAS^_{zN`Wv=o@ANGkdpNB_l`h$PSRzloou0A$$&K1El_;q^+6>MadJs|!TIcYIm(xJel$59;Mq>MRnCe%67d-^ zsaD#o-6@8w4rJ+UenwJp$bfQLgz%boRio2WM{S8iK|4v#O?bK@T0u8A4C{>PJN)iI z1d)@?T6&@rVy&3DuPdGGuUNW#O&%+>QXTayxEAtwJ$RlIH{rBo%);kn>nUJs`WBe% zg=id6*uHT3O0&F&jb-``5FSSoeM|IVGS%3LFVqSMQmW0tbc`N&Hfrf+Y4&*QTt zM<&+FO40BDf+1mIRr$H&vy&y^YN-m7pjrednAK#P$ugE_Z2mGJol3@XyiTmL92$1Y zu322=uy9mANHzXkEknFAHvRP{x$%K^fh$3MN76#96-riXr8c7(hvsK11`alF%+nDg zdTdj8Wl8t&sTI#JNh~f#ayB6)mZbtpN%BjICBOO;1;d6!o)0CqP+KL;fsDiG;gHFS zaf6HYzNI%Sj_1bUl$g&p2CgT$CQb?zlt9@JDjH zQ@q>ag~~5}*XdwlVX3{N?MV&ys^WIG7xj-0cbOqCJ*OTdiynN>ZGcp4=c9cXNg0^{H3A>4(P`pOJ9nUOt*QmwqPR>j&(jQ#gCFkTZe#Bknf-joZ*M#sh?s)(&!R%e$A?NrVV zv{%e@y+W-TS1CJV5kzD@^oF_zc@tduq158O=sxc2vOiv*QDhb>R3GJeMXRO;7y1)S#>3^a zq3IGGR(|JB_y^CeVVgzk)UDTABVm#%9=y5cxr7i%A|u_6Q7ih|_IYh-Ulx;d+WDV} zp+!2x{>U@eyPVf^G{uZi&%2gKwCJ|T*7_rp#|BiGgzwZ`7!JjQHdN^nSpciB^8e@-v81o>Bhp<6|b%nu-d>%+Cn!7F-=P@(u5vF7Tdg zltb-F8ieUhLC~HMmIeBPARVG*sLjryq^Dds$7ktB1UzM1YiocrGEo-3ZhE#02bDl9hqv@$Y*5d|@%${=jx&tMh+*qAn>f(GTpApB zc~)s6cAr9!OG+vk(hQ{~AK(TTBrCo_-{(e;je-{SlhwKT zm;-7LLq3kShz;nJ$Hc9x_8hfW!jKpCszJofwQc2Y*F%38ymMhBHHpFnD|6?T3{9>l zuOi^^j$EuR)r`7=i3cleUKYx{6{|cM~f-k_7+T1arqn;q#n>*$p((-E2g#B|7m z^|;@05+fPi!86J&n~_NnWq9l6E1ge)3X(A7S|VtLMhNP>NI!c<019`;N`>5Apz9kZ zHOCH5!)$mhIk-WowxtV0@+NNfjbP@>!u9!vX9}4}EA=Ab`b4IU77U?@Q@yO(XgBSy zb5o`JR+YzkRl5|&+tYU4ry-_l?^nB<`2$0+j15vPM~{_@nfq9m(qik|m+V2OmR|(I zVmBCzXFqNQE*!TKuJmRHTqiTv?6Oqy3cxbb_KOa8g3E;5awj`R3zw=W)6;HhAFddK zN}}Xb0@NG`>)qj=W(f+(rr=vO67LU8K3_dE%CILL=`C^|QSoeSNOJ4f^Ou9CaGJ)F zuO5IvspnIWR4WtkrBB|p9+VQ}+8<}c-%C)!M@--|&M;TU8(%&(3i049=V5^pt=H{W z-ein{e;nsU>jG--Iv+cD&0X6tt$6u*wb39zWOUnL;z5h1IM4Bz8=VX zv_$4b68xLbFy`ff*q5KUyhlCv$?T@}Pv>!KcUwEC7Y7RTiaJ?fa~pz2jr-pXorR1A zA0up4s-4OzNXqN2XFVkp>&}-CNbwYx!w%%f|~VAG5fs` z^{?fOa0MsT2nY#Zz2~t;ta+`efMcZS09jN{te|hdP1%U(+8E!XTRs3>Y^wqdipQlE zHv)5yZCYr?dB^|LAb>m9L+ z*O1-0dVEj|ST0BU&HWs!p)^`iQ3_CKG^cy|&Ir8e0h$-lTS!s7r&0>7 zD(1p2ry6U1n;h6$4Ex@*3aYt{gSgLq;X1R^_x@39QCrMU%WNsPU8s|gi$@8f-Q$`f zjJGs~IQ%3Xs;uLWM!PYdck=m8eM>J8z^8VF3GLLfafOP%4+QJ-4WS(J83M{`@=Qxv!d|BMu5s!ZWn)%u#Yqeh;&rP@Z z@PK|&Oi(p;mjxztQd%0Qr#l@IAGCpi8A5*^vTq_WBvC?+L&IgV+G7}OuMe13gSoO06=jPA7%y$tHXC5BJL1|7%c z^~DPW8QsUi-Lx@s4?C8&siUwNb0@fNb0c%i;t10>-Ia`OIn(5QsBQ{q;NV3A6z3tV zr|IQ1mlp^2T7QDY$1Kv7g=Vjno`KDLN?Hm+P1U`g}T-x5tD${1)$wZK1jpT4Sz#KTcCwe0Ko>~mN{ql4_ zK`xqcE`_NF)iP_kJxF40BugMcdWVh%-Ifm6Uc};phs-aO z!T|M#CRZFi01~&T&u_iq{9g9fA7G_X8Xh4*Jaxsly|OcRvZ^RlE5fndrOn?)r!-k6 zWZ3k8VYbe8<6CWUV?=lfqwbG@-#Otfd&^%8n{aV)@0?IDeRsH5%SfWEXCSE{7gLO z^STEoCnrZ-6k@J;8#1r=m&NWlHQ)T2k#OA@kSM&F7pi8QySb)kieHI+_N(9L;<|1r zP$JT3rUr3DOi3A1-h8sMM{TX~BuFjMuMCshDk6X{rCuPis^0or>%PdvNxolR{jm*^ zx&6Ar=z>zm!)`%7p(IFASlSLD+6gg=uN!MpFn#kNoW@6#2FK}6Pe}(;h>M0zcum!R zpRhF5e|#_BDLJe;#8s_e?qR3N*Aq}acg|B%M{c$w(tc%ZfivWbJKv;M18UV*60^q3V$)@tkrHc66rNcoY5;tGkFt@G&wPuDkN~Y0 zumz>{YBFo9D*So*T&%A#;|J%t6s}KNVt~G=f{f1|IdkZ}**_3RjP;8>Yqu*CEUXh! zhA)vVk;K@G5kI_J+TK&@B@m<*0}Q66&ql<2 zm0yX!*yUB;X`lZ5sCG66@!Ldov`Ce*rSKq_6CHEz$;SV5Df@nTFmHV#r$-W**w|1tL%VSIAqjl7^}H1hqOc(S)zC{{>h zxZC6Qd%O-0cz0%{kd(kfsb77hQR?gWBcffA8F72p>*+3kkaG7owU@L3ly@wio0|vC z^)q)j_Lj{r7HnT^CCuVD!gL^6+3QPBy*w^jOJh+_>8KX)%W)m)|9ArvYSAvZ&%#Rv z#|bj-87VEI;i92&8XT>8{^3Oyg%z`B9294ed$))x2(qiXVHxWCCF*5rqXlkkrfA$d zx!sUO1io**@_+{PGNgk8+n1X7+0u^L6-ta+h z`_ojI_|8Mt7m!E6%BC+N!K*|1Dy!mgUp!;6*GR@}cyc;R+;hc#maK4iIRl%^VcH8-W|wqxu6IibZEhE!^5o2st~ zQa`84nHYHr%kcGV8o$CIA~rV!O#n<4YzkHS?-mwJ^wW)@Byceekid6%FAOuTu(H8& zwskQ*%eBI95y^Q(KIt#4_-;X=HKsaF%mU-B<9Y7nZ$8f)efi6a{TlDnHyo+L`MART zfuooHhh?jJpWSZb`SXoqGBNlL&B+XoIDD;-b4tC3&B)qBJ%S7;9}zPP6hB%R8MU4l zY4{XC=y~Zoed)hGpja3sVk@cq+51fB5}e^s`o0sHEuM|O!&Apz;HeE~F5FMioZE#K zK0ATb-olYEc-Xu8su|~la*dshaXYv4>kubHCF9@4-@VTx6;zJi$NU-Dtu1?wMSM}u z1skmM+UBjXSkT2)ci8a?WxR=to)Et#TA6rvFmjP`*rCQv-+6X6PiFN>eV zx2_*YmqF+RhEJ-tGM;(5O=O;ua|BMGg2^+{7Px5=t!TdZ}ebK+NtDAkiO!|o;cm)W3F&kWMrwb7jM>;fM3yWyUvYkgqOt(}cSJbdJpUeLop z)p&26)8tE8fqe{QPOVnFIuH-Eetl^uv5&v>({|W$^N0`D;=gTG!=&QL}qq+Kk$ z`IEoD0etuSAF^K}kxL1IVVwONh4SzobqrC(WzD>wwp5FgBrCl4Qls!5BZ`9y4P`s} zfu*2!H|_gQiz?h_c_OOT5bm%xk}2kNURT0Vn$DNaYN-}fXUd|QlQ*pa7r1VCn3Rs+ z6-5@HQ971Th)*TiQ?gsHEWdc%#OMcI)3n|Bx^OU)?n=~j^37E%erL3VKXBTeMh%X$ zHe|~(FG>-8;pKQT9SvP~KO2y6{aQD5vxoDfX#WJl#DK_5*Of{Bi96IkUbk6+dp{+S z)1>hSKQuO?#dgQc(%)g%YRye|hKIzjr=`$tVEMc2MY<6GqZC^vzLP<+@uDMFmBT+Wwc}zX1+FDYod{Z6fGLK4Tii>Y-NlV5MY{yVFC3e?sKd@Z&(%L6SSXx+weUx zsF8k!A$$1s|{ZKnV*ppbK+?P_4res!8*-fYW9W| zmR?^3G{Vz{OyE9tyy}I4_A1s7{Ps9LQ}PnGQ=HOEL9I;Fy>@yZ;)MMizHD?7@-LNZ zw_SUw$`e-06CQR4BfqPOy*>5XAv|h^Wz{exPC)1I`GrbPm}C3T8lR9oV6_d2I|O=n zWJ{PJ+vd8bb%)d(b}IZoGaxGROWWi+T!EJF)!$HB0ygk*rjZ>Z-3tbEq7`1Nt{G(v zV2?!ZUSzhvA6U&XFIutDXN7 z#4AI0Z{$nStC=h{z|*={FSSFVPfTLIL%SwEJGtf6O&Qwb$J|Oigp8&;A#GBHJMI!u zeXpgxd(~|H{+&RZv-_cqK2EQ?X~zM3So+kHDpv_E{DW$pn#PfO<#D^h>WdA5xo0=E z0)ye`3R5F|z&ahfwO}~WT~HddQaiPtu2tk1b6_Rs|1+3$ZI3NhW3ym!?e=S#r9o*I z7Xp(FVZymUj-E%z|H%aqhIqvVBrOCw%-vBO5{rrRd{?gwH&&cFIrlu?Ra~M^JSS6x zYmKOR`Emj?{bWroJ~}uF7;NLIl-9dg`|?mmX(|@i&3UDBV%r3SJ&=}I z2QCdL+x5qWo}D)cnvdnYm-rQ+=4XtigZw%CjzBx z??aeWWMN2*h|SI|RQQ0y5?c?WC^9#Z~Y!vwx_RoY5pf-tMVTTmFz5d1V zdnuImv+fWyqq8Mk0f8z{X^c&23{7>EAS`auhh?xhG${gKi464saXOTz^gnO?*FWr@ z0si4#I5FcpU1(svmNAoT4hPD&GRZuGK1STQj_>v-O2{Em)dQ9|wHZN!0&4a+~6WPl;x*7dN{U(#@so&^Z#J@)i(R}M1 zm;XpIAUG7t&}2Jk!HR`*ZP4Km?cIf{DOqSm@e1v$?yNIYs!v7#XIQ?71@U0zHV;pu zhtuYKEko#XHCx0N8oQ^9#ykb99Nzbd*Y1lHqPqmUS{%vJ(Wv0e@C7QEM5)}A-R&KyIQJ#KSI`Zx! zn5!|nng0=ZxNI@UwFzB_07WNA8sw+Upztdded(3J^U--`Jzg`x*>-Wl$+SAx^X2h#PwC<)&Sk_=&|dGWRvSK- z&*QzHl*0FWrWw1PIgF#yM@PMzWU*S(2myXtdl0W5^JW)e)|VtZF4V zU~eakkMB#Q4T=BB6ir&24^fblqotv_1*!)k)`rqYK}B}|tD~upMvc|o(=7O@KM7uG z696L)J&n~l9@6}-!uf<9pj(%|2guK|-(JonK$ZrM``WUr{MTef^>QEZmtEeXR8T`i z2|2^|T26-Ev~SOc>EKx9E)B|^y3I%%iTd4LSG#@%Ag!LO9;FX+-7^jJ3LMYiI1;B^ zZmXP_1JJqm60sk;+!`e=U~zXgw;G(GMuIS}}oLUW0D*)rY0u<5mldre6;SH&Ea5^#4iy`E>qm5K?E zT5?2Sy?F=i&x?`&i3*jfK6n5#WX<5D24!TEY&;I8{3Gie4Vrk*!I`OahHb@KusG(R zQ5+^NZqLb5P#mZ%$Ha_4@>H$$d2?ib5`KtA_>IcERO~j`Ov`S+pYaes^@>Y&&B&@P zZVqT$(smnlJxsEzCg$xtpy$sO zAWH5<9W1iT`C6#UH_x|*-+Q$-P#*rsb35*h`Ms5^Y;`*GH8#Do@AoOreTw2YtnJ$1 zMRpT%HJT@6uETB${A>^&%#le)_-wgINYd&>lz0>q>+`POgTkL3JJisF((Q)8Z5H`j z`%o$OrLHrrUR4MBhe1*Ir~)X;2P9rQ5nKHj{X?QsX4rmtU+co7+pqaXQu4)zEh;+v zBP0$?#RD90l1yM!B_Jb<1Wmk(4B$R1pUk>M6LE1_(di`7OCW|wAz&7=(V75#G#&kJ z)jG$Hxps?)1FEJ6U-xguIooY|DAIl*tO&hc4Ud6bTpNt{|BR$}`7wc|l~VvYdEZ8W z(|cbk&*^H&ZF7-REIeh_laB-zwNIQ>k~=is^UY}*L%U=OV~WF6T6P-OqA!swvs5&a zK_o7K$G?9Cg(j)H^w{^niYhG61S8|?kK#y0Ec20C}xzHkA{{VzWor!HWu+Ql9 zEVuF0;R{j_dc8Go>p>Zo%HAEs-GvxDU9Ws#VPr?8OpddwI zid2-WDV-a6;iCaRjkNtYk_182?pFe2;-he(|8;A;{*L|{t&w9GoG;wtCArug_2-q* za?UNWwaQEUuok~@VdUk`qrn1Y*+$Y1^FLiTUhB4-qcV@$uP$EMyZ-E|SG|HMU9%oRvSM&F=m&2!^*%^TYM{4v zLZLoQs;QB549e!?>(pjF$o{oSHFcdJtfk6p4EL#B{;&CdAa5bsT0Px+hePvz$Qrwh zO&t<4_BlEJ*TYBk+`pcTHw#pBbu{k!1m|ystEj;fqB^i)8Jg1PVyT+2CKHT#bznOO zt|`VoLD_aKPe6*wLx!&-(vuRH#wmN<-KP_02Oqz+iEZkXguY@oq~mo*w&`4~MZ+>6 z8_Exd$=ZC(qTj>iD~+-Mu(~01-X)h>B0=HVXj1E6~ovE8W7Dz zqR8r4@INKNpPFYNALb>NdI`*^D!|WSw&tD`8rtv0e5|`Y#1=uo-m+Xi&eAW~`6Epx zdis0C`*eS7Ewjf<>=4uBkpO)^7c4h#wDJp%&1g`*Pvw5|O1K&Fp8e2N+w@~ZTdK~G zB1TI(%Bnd__z%fj@Jy~l5#t@v%69v8R1~G~vacQl#Jr?hs~=hb6YJeuNr82Bs@`Mg zsh@*Yc@6b8u0WY~Xh$d5i)N;gSham;^4k$zOVVna1usd{9|CSZ%I|uaprvBnYdPYL!UuY>2ReKukDIZWfASL@iSZ8x`z^5W^0g?V~Uw>ye$ zehr?RN{m7~j%7wquN-)>*Hpr}@iFK^4(cm~E<=^zl=1~QVv;nqKYO1sj8$PNM}%}w z-^Q;A^T0*}NlQg46BWc27|)2&2tRS4d@VO~Iq3C^1J%#j#AZ)P`r`45ZlbPw#G70( zg`cYi+UmJQ;MBIh%E5g-x^tFzQfub?U=xlbAae;7px^29DE*eaK^=Bglnbra;4&#C zHDp#S5gXgSJNq0H9cnrFpz{vAsm zL9jfw1Wj#QV`K~>jl7dNp10HfGu41#m}sSuQhHD6?B-Y6JY=MnsxMh6v$(sim?E?$1@>tt<;i>sCuLYW z(Q9se1V_x8+eZ9X`n{nMji=NZc$`Uiyg$hvU{13j)aR*R{Ji||ysW!g^^%u}wNC!W zuO7&uA9G(f&syG7S-IOXo4vZOUC!t)5pT?%wh|<=65TTF5fmj#tvfGlEOgty)pB6q z`#FO!Hbv>)`)N}OvM`BC#EZF8IOb==FJfkvkFhP{jH4Eu6)|Enjm z-P@ZYB{;f2bc>-uzSBV9ndLo)F51k55t;1@E8pHj%E;e}_c!(ic`zVIFTR$!$adgj z95yiuNPZ{aK%ul)x-VJK>E7N&x#%74J>|MYE38xIF3&F>xsrU#U$Za$;8{s%aeSa= zKoZHcgWr7_Tb1r)IC5V=b8vO4tTXoFG0{*KZs#FCEig^)pPeb(j=4W__NS0=BjJGO z^_*)-3|<#!P&Xugjc66D-Ds000b?y@B(eFi$nRE6iuakLnB0cN;sW3HifP~mgk;a5 zPU7qo^N(8c4a+3mGcL<3(

    Ca5F$kg?&u`bYMrO4@tVd8s38KN3l9cMxc zR908fVi^Ka@S~-cln#TYQpmooU4n#48z^Y(F-t~JIyhwNz+g`?zS`pZmI=@whEhr? zQ}PWhhg~T@E#1(76$d_-j9;r}F&nzK>$1*|>!^vr<0~c%YlgS-5Doa4wjBCyJ;BGG zOysfq_U<@7v)a^~<*64YKKC?Q?mfk~4P6w>m3@BzeJ{@h&E_T8lM*m*sK6x#=3Mfk zlnJB*5J2G4p2Do??Hy!G@UX4diYFG^;YdNTRZpFTK5sj}jIV(2Xj?xMIa5_({I%qx zwFuTiLA-pF^Nyu(!B6|TYm8aWFbZChSmQIz7>{U?$=5cLHtt~6#@QR>)r%LLej5I< zahoyIV#y4dVfbeLr;mg8pu%?__l|!zU4RSmr2RSG*itpQefz{-1- zdcbqI5*p0r8c1n}V;e|f)8CfhV@@tcHT;Q#JgoNg1>JSTC^9LUgvt>M&9P6-kNdb{ zP4d4gp5JD46FW6iFa%Mn2+2LLy(^05o%)YO-OL86gJRAWf|wvOyCxl^^~6^^kFQEyd)~ZJNd}Ia|vTVnXmMB#rm{9 z5&CH>{LE!?8I>8X)Evu88QQ3sOU|BV+3`}_&`XBY0mUX{#CmeU#diC=o6KhnpJvZ+ zA#&Sg{pBa!FmzlNoiANpi*>)nH)ZO_@lE)_)Z&vc6J>#n9tkh$LFa zPPNCb+eWqAliZ4T3rScL9Kn5iJIk8^v@36ckF4pA>Q;c`~JYgUW=CER{ z7Sm&BPDaB8Blt(W04JV}W-FaCVhT#|Eia6F*Ey+Za`^Y(S02w?LU1jE*!=iua+b~@ z({k74EjCX=>*`_UX2>2{G_ImI2ND;VX27dN4vHh53pQ@Hh`yP#4@kalZXoZn9Z`^c zVj9^!^+5L?7cx5pml9GSZ+Qd!Px@c{51tYf$*2fVnblwds8s|8REhfx#)5(m`g2Jun&!fqM)k zJP{L6aTXV|v5Qzpt9FK*qfp>EMtqcVG z2^&M8McIl$0{|@`>~Ok!s8YRT*fGvw!nKol^9JPO`{y1!4wi zqG)kt!~b{N3Xt-g0;4{bPGg*dUtyV}rWmQ*T0VMheQ71t@Pjh>H6b|Lv zJ<$wNHVBO0={g=49btMvZ!i*MlKwR`bVV0n0cQlVHs^3rPP8#8X-+AIvn#MYd1hom z)%O^BKu+3kaTq?cDg{{I!a2-G@$NVPf?KIJf6U+L(^=9{h9Ey4uCX(@04W{G#W+av zw8(F6uB>a8;WEoV@(SS~=664!OQLYt8htB$3m_J*3oxT+furlPHi95SFg)L1CKpEN!5F>(vBvwJWNL!0SNT;yN9s&;6GsE#meuD$GJRoHw9eUW) zF#b89-sV@@>(W8NE2$9tp?hBEOGssgvG(Cr-0ob8iXREdm zZ(x<<`Z5eUHKnh(7mz1Ba*{+ zJ8?P5vX5`Ab8Nakj$*z!#F+3{OExM}uP|^t1WIx%aUAA`O+HwY+mqQC_+9=0IGqC^ z!d%I_^NqTfhBrw(hvC;$F=x{D=bO!u+$c_Z2+NQ}I-N9Ui|2PPrJ@I9lD0cdKud_-a`IKqzU@p0 zfzEdH)O*!8v1~f55LyRGWR>c*p-95W01~IK!AZfRRcjyVgT*Ta2^&o~gBC!@&X6Rf zHDGg|eD06u23R0%0k*@9l(y7vYXdwSNkzmKu2Y@#fD1i5IrKa`{}}NhPURreMxK1n&hB-MCi0y zgp`oOu$bSy^G>e&_=4>gMke*BKEM0+Q$mhqkD9%T+{1o4@?K)LMvArRU!8ikGC5eK zwi}9s*FRrfm@i4xR|Ej3-f?)ay_n_4Hgh3n0_udR?CserQyfRZOT~04%r0HPvO4LGrTv`7A)QI~OEUQvfVx@>-ZI zlvw6T*18ueSp;BE=P@EP$Mm%TSCq@? zdt0vW_wJfOCCT19Y5Ky#)bX??195vA;yk>aWS70gf|&M}S*Y6@v{=b!emiK!L@;Zk z@%B)uMFGN)3VGXrZE zBlw8f$FJtrCueigO=WyCH9J*KhFC`3d*-|^dOIqiY2p35x3HV@CF~sj^y3mcvfMP^ zvZ!#8o?RZ;OLXcU;<{P-Wcm(zYx*O4U%)%-Gj&(;f#ij#8m8S0fSHq?1$3ZfKPI5S zs|E|{9&m|Lt&80|BTz(6qt>sx|5f?b8W%4+<@&AM}j2RW(72f*$eN|DWf`W=FRYRZ)gu*w-EZ)jr+ zF9NQj?M$Q32lm5kkC62{+(aBl!kI`|ZTN{JV1d)%+REZ;>mx}Lg%91;C1WZS%exw65B zie~kW0IOP*@%^k;%DQKs8|RVMhP|aV52BUqaB$AEx9sep{jRJ~kv5Cmj7MV9c%x5} z$AUQf)gS3Yu_le|%NB=~VOLb?KbwEFv<%3f($ZCK&3iPR_DPKmnv;9H$1=6eKeq6I zzt2;6Cz#0bZa4MN*z0N}V^AoHNtSm=%hfO>cG#}#x!QB5FK>unPO1q}5Jd;c39{C` zpM3j;d&5vcad`KKwk?7%r*02hpfUHDgjaL5{)LiBO_@LwZ?CUjo0hW4`=rR>Du=d8tSe7=o9-PF8ZK zP`lE`zI8cnFUvY>NnkeWd^E@dJk`UcGFA2VkHDpxbz4>Tvz&xzz(qfjo|gVboDrzV z+3#xBYV?2Mg5ko(z+Kg3{j8oxJ!g@UWDGzo&mout9lwX=ETG2fKd=#xpCwqgwYIoA zmX)}r{TljqdA#K42sUJR;mb_M2gd~ZnRT-_YIg%MVJz!t0MOAVQSHzs!5-sU zKI^7OdpufGs<>8;iD5*xkZdwWC~@z-QKaaNvH{*+HDgC0{FGCFWnyvt5};oZkK1Ke z0nu$y5+v3pHC6aUzn--=>joh8S+_GS>yNm6gZKF6+n)0&&d3r z!(|k&RxV7Ek@&9*2(1Ey)DKt~1+1EWtI7Lo{&|;BX-OxrTP6<)zojKQmxgzw)g+A_1@uZy#e328WlSt_DT>m?>|zUZ zE}2=%_5xB4t?J*iIG{)Noq`0OfK?^47~*NaFpI&mN2pOO+o|2L?~kLU&nB)t+w8#e zrauN`sw^EH4yR9i99Ee2qgP*CPn9H`uz0~f4XM70B0OkmcsKQ>v}M)hg#c%hjEdjq z^z9!V@qe}S9Uexm)>@?I9)zN3+|V_O7sU*7vICfEIL&gWS;=$ml(KmAFsH`$>M z1#=P0<}$!iWz?7!h0fFJV-ny=1d->{G(&&}J18Hu6%DQqgr$cGHm;h&5RDzhwg90& zhBCuJ0s}g2mmfhKvKBW001zsKh&XvjQBdF$SW@~oCp2vFYtY9n1G))xhfijQVJsvA zlE&V9$q&pkXnGLuG1gyPG++B+Ipt9Va~qh2Ucac`MDK%{oTOQg8Y17s`KOYvaPEo~Xtodm|A#8K!;tEzBoXZiPb8T&k6M>*!Z zd7?ElSK0Op9LKcs<4P80+$25E%ggzG5^Ypw$FC zB*2&9b!;kJwlh3!4;BVy2hnI#nSI)~@%bJ@IQS}ULi|*IxU<|Mrw?6%xU#-TzK^*6 z4%gx!3N#pz&L#`QbVf*SC&ST()SIzh>L~cXeZ`>h5ZHosCiH(xSsBqp_fexE&cc);M%!q1xyVm^tTl$0`Yt{P^)c-`DCZ#2BAI@!`wYFUpS?C{^M zEN{94ySc1TAr)T8^Ses>(BgdQQ4cIVG-wt%CPWD4c0E{s(|jK(^z6L9WktZvqJlrb z{LqZUXHxcNMB)esuCZ4;Z4+w~C{x84*R>j}4jw~5S?k;X9zy^^`$QszP%-xkz+CSi zlH&XouqI#IyDcC8@ag4rvpbH_iL&!4da$W_rse6=PU$fCu-L~80K3fwnmD|sFI~?9 zWTq2n!((4f4YHbLg=u@!rxFYQ?u(pCN9P5v95@IA zQ71RIgqT&8&mS~LuGkdqGprI&y^e^b{5>NcZ(~RxR9MDD%!&3KcZK7En9ywXFy1Nl zqL3wSJt(p_-gh=XiH2H;o^IBDNnt$qyw^Aj0;095(f>2-CT;ej91 zD0cL2Y}211fBkUM;fI}izePj0_GmKN6|Rile)8OMP~YG=uHoT48UP#^>$@3wFAH8T zm>bj}q<}vc#V$0u-4K+s=~h#;T@MW~Y!8@@{P)r}_<^t-btpZD)a5wxLIrPqOg$$kk5|`5FZOBl4Yw6e9rAGpkHpsoz5M34gvjC0Uwk`ZAMk;8`|pt)WSaNHJ7nkSM2eK_UYRa~NGW$VNELafq1g^U74+^P#5pyU2~UE|+|pIfQu+r)un+ z6^OT_t0kT|4K~Xq-L#z*zch34XQRDuLcAQ(=1SF-xFi|reRvqyr<<}VCf8?%?<2Jp z`;oRZMf&B0W1$9rKp&%&qcF%B&FLLKz|>1MFX7PEDtrYj_U#TMI9NY9gVV#2bVyA% z$2bV|Y4f9FaXYpE@HiOoWE z<8)}|qLlF_hGP=+W||+WUL>f&{+--U)R%zVLt&iJrET#YT?G#H!~7yFHikrCyfb@S z)KC5$Kdn7peYN;GZ=?BC?b{oZ=y+j#nRcJqu$dVY6|!1ZQ|sTA;$b z$jtWc)uno`4SmQmhL8lb&wspuBSc-`5E`5S;*C!LgYeZdBcnXO?}nd_{@y-2Iy>TD zHUe&VA^6kHosiMUuRcxt2|vyLM$(4IzP(P1D!IW-R~mP(5E8hGA!FK14}f^{WTRPS zX718r$R0bV2$TD2%l$()L!arC{cF86DTw|j&D+JjwYRR**=R#sf{#*b2e?c{!aWqi z<3Sn%Fa>0JTUp#$`wN?fd+T8ov_q%{kBPu#W<>(O_{;_CZM!s>ls1W|5oelYc@azv zja2QNyQLAfFCiVhM*ZV?jJJJOwYeBBgRKg4th5mokfKB}*vseFk)axW;XM~`BT$jdecPGzA!~B0%OE3S7myVs|qZg}F-yNGtD$gng-6^pfdO^=Y zYoEe5R(LhAUif0sK(L;`+oo5HPflO^-zNGX|E+L*VgTHbZz?RZ@T$*m1}$U8`iUIe z2*t)|r;`#}`3H@BU$!kmHjjQv%09l2!lW`kF7`0-KwS#_Mb7*87!P@CC4t~0zgxzq zx_;`bIC7`Kc5H!5&oCxDp77G)jd3-fY!!u@Q26XcKu9l{xNydKXq24S{1R2; zlEe7XWd8FI&hX3gvZcztVViVD;vt46st1BKGOz1IZTK26|g>_`@dQMv_JHxK4RoFhF0Cx zKGPDaK=_A^_kiMal`8NksslLOfcGFB#Jtw?D0~id!LF0=_kMjE% zV%M|#Oww_w>wLe&x!SrCT7{`XZDAAYdvSa|+FC(ef__@6PZefOuhIT!cU$!`R8C89 z2yO73B9HJ7Pd7jKtr;G$?ArYF66cSAH&;}CyK+81SjzZQw)*mfbf|Qu?)pm76O2>y z`VR8;3)fXygji>At66lb?^Q6Edy+&xEJ)7bUA_n5BUE4EgjWUeSe=lF{o8MLANA;^ zXQ=~du-C`OKY%O!h~V0c+!be7S8r@J^%<&h1_7kZHTAxav0_}0B?et*ALnF{-&TGA z?y=_r=+1K_pW18<%F3}n%X=UB;ICz;0It-gUi@IK^Y`b)rHr%4=y4TNo9+Iu`E^r; zS-(WP&~(Paqi3meWgKZA*SVo1;i<>)HZeAD*ZUa)mNNoNE%#sk`+GC!?kTXM3bOu@ zjO{AfVt!klW!@4H6k>I7gIY{n5M20n@6{r6tBY^cgO@h12Tn{B=UAz{{m1F(ogU^$ z9Y1@&J-6@jXXT6EVPt-DjgRr|wM{3Qzot?nUF$8!XUkd@nLC2ZKOWSj5_Goy^;_d} z1S5v6i|fIYslGmimy#|_+->6mrE%OC_2;TK|3XX9IVF{Fy?uUW+%B5vKo4yJ8TS ztB@OjiZdy3r*k*4*D5XAm&4MB;UM(0sN3Hpi(ftYmM=(SR%LwlSt|^C*G*}Lw4i?lL6Up9o%N6UCKhB-A)9&23&|rcr0%nAW!G9hp}$^p_3pKM6Vvo< z-vF@oaCPI|VvkbY;x_thX$jC0oI4Q=08Jr@gnJVhe$G$C1Mu_Ji$5jaowOOlgd0N`e|<4;e){EGfV$=St%G+ii(R9|5r6U$auS3@(Z%dq z8mu$NG;|=;?`uJiymyrpI*x}3%Yd!E*)6JplkS{JlVXhKJ73M+q4&#q$h5E#d7Aa| z&9~=Z?vbCOPY6Cq`AH@`pOONT=Cnw}2mJQsH-to3y^^0YAIv?{$h@m#1ETqOA&{9@ z3Xmn$kz%{DMZM*<(Lz%)-d9Cdc6RDarDzGUCn)dGuD3&(&Q?>`I)3UAB!ryYN8d^B zyHnn9O?qNRl64;yv2M6$IqIs%8;8`jx4CRp^-IW%l}@rCUb-JBe|m6uH%UcTUGa)w znlA0ur7O}(fl02q59EkVtUA{jFr6U8^#{tb^>X`7dJN0YK=3N>)W(N+Wkf-jzQMJT z*RKJy3BXGx!2icw z)%|NYq7?YiwSbjIk)XJKgdlaaCaAy&YekStf|P{NO&T5i&`vF4eX4JeAKIaw#J6Tb z^x{~K==gKqBnZZc8LK+2M-#w>R&pN_n|e%O28z@AG)jI2MXl1;e~eVa`$XdMeR>yG zG?Xq~uU`5*LVA>3&$?%?d7`O(mn}x~*PRZ;zsX6sNTdBWcatrQ57&6E(eNY2`*g-# z6y23ovToc1n6bdWa-4Y#04y3fw05rK8~KducKY|^R{-FE(ivVi`Oj?@P5c5l(a!zF zvKpYSUz%Ki1Si%{_vb}=dPqxSyVeX+PrF*EC~gCyV-JF`I?JF(gkMoAHvrmFe|ii+ z-rWX%yc2Us{>U3^^jdsNg9WQABJW}@+c;HsI&0xufeyh&>S!?GTm*XUD@OE%JUkMG z`~-BSJ(!?jI1y4-2-iT1yrMQ(0~Pcu9%lI3hAd`FDrn;fclUf%(*`aay{K+}Uaan@ zX?34qP<6>w@g0yXD6|A`U%co{lP44+Fxi692GZN>PfLSK7c`%m+Oz-yK7AMI6gDsU zdt>^0r_&*qPu>A|kmR&Z>_w)h^7LURPm#zs+KHO4)AE{P%Banf0Jw3+U=Wh6Za~pz zp!xP~=zidYhG;uDK95fr+HocJu)1Y^rOJ502@Z#yJ%VMuKG||aX`p)U#p^_!^)0R6 zqPn7d?W>$yy|lx*Hc?-mgLfJ~cZ&jUhdd0+%*I8;s!p!LEgd`eon8rZ3nfb$MD^_y zH-(b(!N$4E(Y9)7$s6pv-9!HLSsnBh27-N}EF-WS#*&D3bB3X1Ak%L4sItj8SkhpV z%d0gGo^VW-l;*7YppEzVis;ifz>?OQ|DRPXL4)UZV;S8V=bYR#fbujc&mC2ZG*4>O@l(>j*kA2nItLR+_PWk2Me4IF-GHf% zX{phzmoxQpxf-&a0C6QLm-pQxVGc7i%*YI!JXE_kabx{iKjKgrW`%rVXliOv+IPw3 z3}aI>=Lk15qd|de5ICBX*!QNpk-gw;p=p{%yfoOaqY=}O={DHbmxd(q`OW_X0PZfk zo**1mFD(ajrChC-i8|Bt4YGHNssz>#O=)Znh*sF&p>ond(|Yvs8!80L3iLv$<9)L} z$2RT#E-z}{IIg+p+((qn)vEd}MM_@CKE81^XsP1$tNBs!zhMf#bJ`R4YoC2qJ4p-R zcV*fh+DS+Y9tTk|zHa1&-~}`X_)I&J!W2K!9L{ieeT)4PiyG(2~BnK6Pj+^`ObVG=!tkfgJ_CYHMgp0A6S*!lg^YKwIfH zEuW4cBJ)2TC}9FSQ4{)cl0uyC93JRrH)JEx>d+%@JnF3ZKIj(4VzBv-AsUTx&Ea#_ z2zQ;)J)FO87*Ee`oA4kB)URadiXp`{*CgGIROF0q&>WH(=A3$NYL7W?aEzYy?*(%& zPqypHBv$y^i5wP7>#eGDut3caxS7=J?GsWp`gGMHD=Tq-8LKLIS7{#$({o%IBorrU zfqO4!>cmkhxfs{@XWC{drBrRS#XB?Q>D)o~W8pAMxjO?saX4V}NDiy`o@Eo`gV1g- z=O4UYp+jwbNc!-`=g?oHMq_VEYfh7&(-pj}<3$I` zhDj5-Ih|frk^NEMz;7bp#mitoJc1JN4$Oh$e9wh1idk_hrogx9ACnaX$|terOxs6m z$muOwpd2JQb`|hHun;a2SO``K>ao5IReC-{R6l<}u?P{nqC|~Q`Se5~$W6o9E-^sI zfG%R^NZ~J074IpjBIf@ zddq5+`mY#@j-I`YE2vg~yM4O@EBsebXCEk_4xo;Lq?=weNEW~)g5b2`806OTq*!>$ zo9Rf`s__f9gD{SW_7qCrC=HbLra>RTY>GxL_07<+t^(#rX`*<{lg`VhwZ4)UoW|(~HK?u^6wOS@!kd0C1OK>uR|9TxBl}GLbxcXbGd!-P( zN3T3dbPQLZrU!q$pHtvE9+_dxBa}xNQGKFC*#pt%GV74M=B)bK5u*TYxJcTSJj;ilJ^qr0=vt#jb9p|jgp%= zqiMa0E&Mp*f7}b~5bmSB4RttkJcElN8`^GJT``OC8#rXBf~N_}(npK{Ul1EU;?gyQ zO5;#Ew_Gq0M-z{4Q8xzZP%JcZAOSn z?mmWCR^@$u{$7s7$2|tjB%tz@RedlkiiQT!dh?b2pc!SQl}hYR-z9|FBq+2%{b~}I zm5goe`^+6l?6)wnBFL@Y39?fseU*pd?)%KTTQ+2ox$5{;4mUHHWG~+wr&p^dJraev zF5D;Y38n;8l~(uusqurLsRWDQz^7Gjf9F5gl`8WhgX<~)gOuNeX#V?cT2^nw){e4z z8-X~Q82f|JP8j1E6l-+e^?@2ETcq<-_KSjSk3}7yX1ps+C%h?hcgti%eTnlXfQ?;xG1C0 z$}=4F2r$aTy=8*jaP3jz7_4%X(Lg6q&&ELefHS92gLoie*jgCh{;l2VzK>R(&iVkS z?Xb^{m?=O=j(w$=_Nf5}Y@W9z5P*|p9^;%4Pi5^?Ksm3!>~`gd!)4|=L%;e0+nW2M zf8+yn^?T}7=5h5xns+B;SK+mQUWzv|3(VCkwa-X&Q(Tu0if@`KnzEcu%_ou)#{7~5 zUWg{nbMsR3=gH*2!m&0m;V=QO)+)Md4i?>63n>gvxq#oD(J=7FbKv$4{Q1RyV8w(D zxONwKCM zQaiH4X1kqMu+g6l`J(aqY)d92S#zz0>=?cEud@Mp1Wm7nqNFZLUIhzCU=fPbW`r;< zf6^)Kj{>p}+-TZRL;2~Gs5mon2JEJ)hJXkHC&HYsr2(_!Lzeqg@Z5wGTwJ3m`=bNt zl~0lHu@846s(9N~5Qf1u$4>*st=H|<-SjZ?TfVW{U~f)m18SLf6$r+T=Q`Qpy`tg8 z{GZyjB*8wN{QdXU^{*bQNDQd<3Skr98q;0$FAV8D-cq23G2>LlEe1mAhq#wLcHh6v zNR+e0Dv=M|qj%v7`YCwzBo2T0x8T^Fcr_hhVKt=pd7S#V* z66rpdN|WLqg7iMJ7)rL(GI-_jM0FFsjkd5JyW5G8;wQ@;v zPly-galptj>!3v5*>N&3ka;oG`~3?QCP{^o{Z_B7{wpz zCL(R)#=5>m#WTKn?P&a1`tPKC<@vVpo==0#JfIQ zy!++9>)s}P&^LJf$$IrZ^juT8Jl1>joJFj)=cQ~qcQ;HCJYJ{wpTDi=le%#SVT6)A zZ5m;Lpy(x?pkZ~6n22>f_AdZbQqd%8a|N}D-zpz+R`OoD%sJkbrn7ne-T3ASLPDXA zKr$Nb^SZ=O60s2g>uN$ph0dS>&xENEz#1`}}F!&2G^VNF|%n+XwdEIdq+ zH4I|?vwWIVeipGH{ZpwcJ14VT&|SQ+&GlmgV1w5&Yx*%%kB8WE2!`)w8HLsV9lw>M zSc@nqcLmJEqs;*xoP+qTB66}eV#Kr%@W8%EH5~;K-S&w$t_B`}9_>23qI^ZH(B>>Zb#_GMxzZ9hTdE(m_COxn$9WCbm)38z6JS z401=*^{4!Az>gT(u76!yOLO*>dAYHL52*8di56`R89}6!^eg0kW-BKR9CUe=b+2P$CsY~^8tMbcH2TuYXwZc6MvkaaJ zE?vZQV{g$J@DKP2ti6FG?)~}RBD0v+TkX z_W)oRUP)eXiySpH1o`V7C~I1Fw1+M*qSh({Y1^c)$elT?7L!ON#&kdF6Lf)XPooLfRk{<$0 zZqD95I$SO?0(QszORk_(z#%$iTx4RH#A@QKbfjAqwjNy!_HP5w`RW#2{<$OXwvOnX z$mYd6K*mI!s47rtVwgMRx~f}QjBANYTUH5L+r@v@tSi_Fd&CeYPqT<$j`q<1+T9%M ztUt(H9Zjm6|75#t1J%=PAyyFM@a1qWRl4oLYw`gr7CCZpVekcErCHckD)*97EI7>y-GHixtZw~6Of3Uty*`zP|rbM4f}sagM9pnnFx`L zEm^f2)Rm-#bAEo?RX8II23_J0#(RijV}fNRuT}xtx=VV!y+xF5*tCwhzLxBL*b_&v zz?qWsDc&>dP=)&|?mC#MUuhctlp>B(^|5w3_gP3(t^=I&L zyP#Zu>-60&(Hs%wgDEesecgJWHJp5~Dy|vFXZzYS&nP8cRzJZa@Oo0^P-=`$9H)4y zBnxV5ZgS+#$b!>ys6D-tA(xq^rj$T%6_2=(xUTrK)(^qlqXN^PSs;Y1?K|S)5o_YI z97o;qU}g?=!o}LHZOU7KQI>ZCpiBPLuGLCgR@*i?`d+GJ=Q0hdtuZ(2FjklCAhvUz z(B#wL;|t?)By*g|`YIr3Zb_sm>dMkK3F}EU%|1?MyL4^Rv21g`IHGHo;?+hNMH7dW+LLjLa0oqg1F=SdfubAHg)TrT$Wed>+=Mw5h5{k@!*ps8Mz2 z^WOZl(O5C2A&B)-c5&6MH-j&;kv+DZ3G71%dd}&Zi=!-UWRvnAIjXuyd`{<8qov(6GotgzEy}j5OVM&B zrUxBvFG|AgF()>)uF0MGq{O(9c%<{l#c9Ae{?luPyj}w*#s`V?w`3IE5c1Ip>Gu1e zqVdcXAGw%)bBfF0N}n!dRjH`%=Mk{a^Ew=<#U{d?C2Z<_=s4l^ILJ>Lu#W6wEzb}= zP94Kt`=7k`P)<}Ct^BPnzlERVrcqJGQ3Bhm#M4m@{|mPZgIJ$9^v2528qn2hsSP{< zCQEja#D$ZUc`has@_fWDPtvs^5d3AHVCzuF3|-ceP2r6tUcUvUjvrvaWmd?h!mBbt zMa%pkj(WSJRc9aV=Ge9^zGLj_Ez+4jtZ%UNmUp{G4+TdwwveUCpxWncn-YoCsfz>hY+T7E{OEj4A>HJalJ9fRVXKAac)*2r$ zfJ%OIVMd$zSeLv*QnX^*b7`if25xcy#z^IxNZmBH)%Z*C@`@wB#KN$}R z^uZv3o#Ncmr6GDl<{|ng!fWfLzc$lcvbzwvb#F@f&`|7<=~{4G2*=m#JN|TC_#5Kq$n6xI+*6e_bxs4iTTGxlV;~M&N$9d_!fX6oAxjlLw=GqMimNW#@WZO zff6pafsx}FedZI_>uFm+euIB_r%mS_=G8^O^8XaVV32CX^2Y<7critCUANW6)CW$9 zZ15Z(tFrzaFLuXko=3Xu6icFxXVbYh8k}{Lv~_qwj0AK3bZcd4F9;nI>I_Zz%XxVC z7)YAHK6sxUz>Fx`=QI>wNRj8hozsxoafg>0C$G$iLJxX&lauv%Tm8QrQCNX*>T6-v zBSr=ZWNYoW`7Z@p-KqQrz72)VyiF4iKC6Z6EAI-X<>pKYiXdz=uUijcj(i{KKGP{+ z+TMyQ-Wr^!yXje7GQVl;rk2poHbsbvsnHdj?uXR%17wK`xiyNcLardkb`n2S({Nnm;J5dCs8)=OP5?&cFW*~^tUY`~ z3|tMw-Dtg3B)6DY#DH}SD?j@-^cu{vx*-Gixk$Wh-Qs3kisS*NfA z_(Kc{>g#6idLQXd#+7PUjDFPom`-i{QX+R!U6@to2;sO(pr7Wa|9rJYxm81m z-5y!9MB#1T3n@$Dlz9jDS^HHJwNo1pj&EW%i`R+sz}!_V)ry4Mg9Ye!m^j(P+qbz- z_mEU;gXlo_Oisy`5d>Vp@_I}z4| zxGD<@y0~9!KWvf&8LIFOlosfvesUA(j+Hf?EB(U82#e9o7}Zmr>fz~RR;RD54&RLp zbk2e>fr?2Yio)Ddk2Ce>8TO1`N+JPy+`Ug*zGVW_@frK&8G>cm`_C?qtOO=(r>g9( z5%*Yybf2{8h~UfOf>;|hzJ3+aKI}n-JVa__p1*RdH9Ul8LXl(PkSedP%%~c zF{ntZ8|Qvhsbg?M#EcUD0pI&nyR9`dR(l{PFY}T=gL98=VSm&r*h>qr_RZcs(ivgVc zT?L8B@kT>A8fvC{!Qew<7NgbZ%^63yLaU0Yv}L7hc^pkg5NFCoGXPy;czik^QJhG0 z&rvG{IqI}Gcew&7lc6FyIGv{0UZJj zD%upS_BAV(qVoPV*$+M6r5;LB=ZHgTdO2DYT0LuEhqOJ`u9Z2Qr4BG>@l7xX^xs{7 z3IuxS8CmYbI%}<|Uj@lzap+@H#VUb7&Rv~eYg@?!+h4_2z=p7igr{3(8d;8<+z#QV z3F0?aAOBx1fOP3`cHGp1AUVZXK=N!e-{XOkJ{V%a9e}hPF|`d-ZRKKjbAM|h*Jc=bYo-MSpdLs&Fnb}J<&+QH{S2GU2~>CYm!^8^>Cei32D z_(R=*F2}fS68o}N@Kua)h&nmC^IHrhAoFztU#ybFE{C+0ekmOn$iDiuCZZ-{e!Q=R z-bm$4Ywqh6mwAR9GT`aIU!`94X(nEik=sIu)x8zjoz=~`mV<|k+g3^5LlsZoLtS8T z_^p>bzO{-DI+_vNX?$1nTFy9$=HyOmFLi38gHQnq6NLWx1=)o*>p1Z=+lpYsi@x)Y zWWJpIWup@hu`S8_-ntV~Br}ocfZYT>=eQ?`omaWlp@xrxUH^U0=SxU6RCMr`Hz>Be z-{Sk&G6<4-i)SbK6HWJr(5!TQvZEaMg}@GU`}xM*Zr*w_dl0*vnVIdvTAQm7up*2Z zP1fw`7^uFcy!aF~tB|T7#Txh)3zlDl#{#Ph<-mjR%P6PBq^`sQCTNfVHn4R|=C+JZ zvNmQhJ}xHhJL|Hlb2fk`MAR|pg}3Y9FfjMD<2fVhm7J-8ja9W=w-2zN)pqx9dBSV;7W>T}KJn6=e)OCn z^6;<1@97;s_wREA3wez5U(r}XF_~;7T@;cLA`s#oavJb|+Cp(K#U9>A8ZAVE6}c@Xy;=4*2Kx-Un)hKZ zrighc-s6N z8pA6AfY4+U(p8X@gQ&JytF4>Yr{=ad#tI*##pCTR54>%cL*T@06HLP<|3-^wRC6h~ zrp-|FePH%$|2TE?*Q88oX6qGc}=eQUpQcdxk^zU2(i&nFC z49Q|ur7ojD6unN#r`p1&lS$M?ZsI0sAK(0}{3sZ{*mV(YF`)^)pju8Mr7u^AEO3PR zuI#jizv5lodh1+NM&CmDSj^li@KwFX*N^5AKQ73h2C(!s;2F&*MZuKx^qh%>@|Ph` zU;qwl2*lVsl~T+_3w`949CxAjkP{L571+`I-dn0a%i(};(T;&$ez`lh4y%e;Y9Qye z=Ya!yFmGg_4p5PCB>fQokci80gfnVbKG6dP_jD$YbRL96C`~{r1;km}V>)_5X;#&M z^-{(W#t>Cy4Hg(@7+3zOu*=zM8i#5m61hAmqVCS8Uu|=IcZHJEMX$2_#<&B0ZM@>e z(xS?aPX}=El$`r0r&wC?aL-_eXdta9ols8A0Aa08={Jwjc@iXd;<7GH8%sStgoqJZ z&nYew`KE~dC_l%us^DhX&eYN0VzI2SW4xTB%QAn``K+|?EnHti`f^3)r3KnaR3#1X z1HM5=c#d>1$6vlJ?=dBQl}Du|d2kF4`b~2JWlR{jy9(r%+lJP;E(Zf62wM@7RpX+C zp47ddjqbS@RXb=*X!iMiNXG$=zbon-F(EU+@juU3p0cI+?gFqx{Rb~bcEl^Mi1x5IY&!1H&0+#NC`EjutM-F zegF4EB^}JHDfq%avwWbhT94=6X1xCD6fc54&ee+ml#<531ylHU(m3Vgn68tzWg<_$ z9{zrOt3IT_bN?lFC^Ni>j~cIIi2uy%+cJ&xu5xmkay$uy%OI;7V~E)2%Fpd%%Xn`h zp^=0acjMK39!JI0a{q=&DNj`?jK#*Ry=nie^2TWeMXzx5zAgi=KW&{Dd-9AWtS1zO zC8jHQzJuvqrdoHp;cSbxJqdI-?-BGcChwS>s72JQ_tkH-7YRx`O<{i#y{3kProO{I zx0)+bJs%NHe!z~hL|@x-HU2EHt^b%tq^cF*fpz+;jS%O{lLuITt4#%EyHlh1oNUQ8 z+aAd)43SlgORWP~l6BZI?c<{dHIkR9oxr`)BoTqlNeL%CLkBK#>9r1k?6^+XBHr3a zkaowaNABacqG^?{H;Pj`MD=w`4jcsgVq&(@XtxP{mMwoKhRasc4t>l1E5mYf=nk$S zKG5fB>4{-csZt`eRQm5P`8=2cko2rC?qB^0=o|sbdh(ECU%44VDnA0YbbLC+hWHZl zvES76@P)5y9c4K)R}O6foV9LO&TS0^IPm2@{8BZzib@{C7Xb;%_aXc&B-7lQs|$GWQ~reKZA*a|datZGzvk z2|szMRrwwWqQ7j~aBUul*6LF~`;cmFJK>_*{wcW?f##$p=FY4nWFxu4MXGfTXPj*x zlbOL-jXtQ`L+tKhk^hypRCBrqG8_58rzsE`LIA%ZWB@h(-&}$JLU|wIuY+sVKE*|Kay+9d!TR~Q57<8@qwgxA{>{qQCl&gZG03e$hm-wn+M$N@Q&-n} zEZ^^+w@1~ko=2BLfM|}V4pu?`pYQ`X9-=?`I_O?j8j%%e^Tzv+t$JS*1f}gE`^`|7 zAB?1I1amXSKj}Pa7YTDc({*PS6=8gBl8f!2)9Vi|N^85L$**QVa>RCiOhc`36td)Z ztmJT4W#%yqY~UK5D%&0a%CVgymW0u{U-uCZiri8d=>TmQS?Db_F9{1%Fu0~%p^u9Z zCHOT1wC;HjEfh$k1rBsCZUF?4R<-81N+AUGB$w*L`j0Qr1SP1VUmosHzV`h%(Mu?S z6!|9Y-q80-GTWXwxfJQ;xC6u$|E**_tT@u$d2DQ<&OhZ&K!5W6r9 z;}N76?B^VhavWwsAQq;-0%kNjern3(K(0KWRoA6w#n&4=Cr7_~;8A zf-Xk*K6^-IlAi%6@DrNSx5~DumVw>mMQs|IgI^(xp+o&qT`Dpc z4Dwr-7FZH-6|y-Cvjr+(WHnw2lF}#$iKXnBMy4WfO{JP8+~VlxbHc{blZeSJj3UuQ172bH z%XQ=W9v_=8MR|g&&)XdVV$_ z3KDc*TAu)cs)w~TqtV6{Y;zQCI8+jd{>pruBg{y1#rejtZ?tf`Esn}dmIJb&Ns;H) zOVbLIPRnj~7gTzrkrx`y$9;=**r#%yL}?_#xOLlG?yR>=2X8L{C<0Lyf*%kZ)oE;a z9sP)-Ymuj66Y8};wO+$E7Zl)hBK{&~XZl3GWCBb}y;*eUK9D&O$V=VJ;KzcBeya5g z=AI@|2&GM~HvE5zygMivBLmr`tS?y?&KWZbIJA@jxEO0onxdPTdePch&dWJJ?4c5} zaW1SS#lxD{zS8I!#Ndh@(G;dI%VeRZ%YA#M_BCl5hNchu1O|;&Y4+I&zgdNKfz&cB z`ftn1Q2Qj7luC!q#U5u0?idjIsXozY@DkKZB8^V=gJkQSM{Yg&$0o;;&jqoL>>qB&CIJFS^m#&Kr9~y){2^T0^){`T1p4}WZUlQw zvjaldBC1r~*xZb+7CE17i%@%IX_r6F* zJHH4AUlQGk4Z9gv)HB-gHFo`0S35fcUwF(Wup$lq)r6|@e9Go5jy)Fo%QDBAK#&$B zTgeJ^_a9&CyFzpGjic_qv$&Y=G%%ri_pT*C0XG3aFw#HEwzP%-7XU>!#&+L-I5(%P zrz{6ykBQ?kg<&Wr19b9Sa+-kXTH{L1-}?;fC@e)7f@M00@E5QoHX32ZVTz3`XhWYS zwDs+rCw89nDbj|r>pE-TI)16@FF{S8BP#Jc?&!~! z9cd``r1-{EmT94HW(W|YQ1DmR&hyu55SYJH}8ce%O+kVp%YSYO`6X{<5Mj9aaStOb|z0(PyU2nTYkF{y7BL4kj=l4hmHG% zbwfX=8}^i@H|#w&ZjeN?R$;A|4GBK96NCd|+-j-M@IN>aY^Uy({yHlrk?EMApiS2S zN~;H}q6x4@0_g>kuK6Mnqr)G`;M}ocku(VOJ~y;WY4?+*D(!I|4dnvHy$!apcFFm} z0-KtOjDl)Y$=vjnUiF;laz&Uk@pz|kKEvOcGg5TBSQF`a!@$7jub1vZ#@%dhi{c1P zX!_W5@>ZwZNmA0rt)tLm{_m`l?o*95tLhQ78PHSXGewj5U)QY*91L!{GoK0{B*kZc2<(cbAeZfs~|eS$IOh6-GtfEIaAXC%n+N& z!*r8-2I?`4a$=umE5JdcUb(mR2pVy$Fj4?ut@TbqzOV?9tI7P5TbiKtCOqs`>k zKcG&^oHnN&fk-s(QI9@%UOac=hZ7}|>$T_{lkzY0Adt5)9mnk%oVt+318hQwSy;K$myT zZV{G>ZLvrt=NB)AXI#AN)~`bG>RoP3hw}ro`mpGZ=`j;9J!p%(#Wpnt^SnW~S_9tC zm*j>bR8lJ#M_v|l-S`p;$Fi`R662dC#qEY_9x_GGfu%8KGsHL+7ODGUO_{(Mo~obq zcbR@{xBp$;E7b-LR4ZnQ#wd=A@!h#&Ft6E&8`YwRh)i%Ig!M8WETlD1@g*2Oh=%g9 zBQ8IH731WE__S|a>4mOCY+TWO-X4U`3 z6yhQiDD+3)!c*iS|Ay&i1t4|Gf{GQ50Y;QFAgdosjw+OAs`7fTrY(PLA;#|Om~eNv z>jaRn24sPzBW7Yhv5MAb20#ujknGJrSP(Wtg;+rV-Qw&Ig!V|>~dxgxS<4 z_f=Yr2hUaAIo)s7Q$^E{=!hH<mzbSFuc zsFS4PbBU)k3lhiAD$4(A?7})p{Mieb3M=`bfL#mr2t?2)tVP9)! zL4--eQrds?TZs5DEj+zT$3TMr1K(*7j4Zkq@SKgyreiQ_$CRu4Dj8+ zuV(-79dU|G-yV6ue%NfHHbv+=BH=%A4_~IPR`9mZ%=g9|NuP;aBl7b5NbO5t$;J9d z#cJPQv6y8_qnK|7Ue_xA95lXmuuOn4lTk5A4~gHFGrP$ChS(vkeCJkwLvVR>C-*6u z)X%wH8PQdPy5Nxy_OSx8v4l*43irN?-|Ng%H4fkI=U9GzXW&(4^#q7J6G?kt6|!@C zq5M&q-M>A$b7U)z?#|w|d#iSZv8GO2Qt^bM3aTF!sU5^$cxbN_C2h=&4`q#-Pzrp% z4dXk)YyK`(g|!XwW7-}I=%#2_a@%30M|<;cb(GybWg&L<%N8In%CGo99r~MGuP+-W zC4if@SHIAIp`B|;_OQMmr?H@fiO{jDr<+}Qb1BJ%5V_5`uE*6S77?C2XZZF&@qqIt zgj>DqOBPe4n;$xe;$y-dmY1IM0vjUUBXq)_4MDR`F@BOJO!oV7`S;#eHpy+rE^se3 zW&T4z4`0!!iDdJtb9*Lu;m5;#=nXNT*@aaagE!c%o0$|ftbGp}kBiZpsg$`7jHe=7 zk)d}pXc>xr#tW)~u@5RNbi(?pw)Tq6;O`#~RdqS*T?3x~?ELxe46X-4Q^@$0^*Om{$$*7uCD^WS^l8)UfUr0Ut%(zGKgX|VjQ-)RsUNy zeD?mjqw;xnog;|Edm-?q^5%Q0#U$Yj{r%D^AomOoOz|Sr=BM_qM3G1@57m#V)JK^S zcFgKWT$Mm(^Sb;`8&BXnq7+NfQd{$#%Z<_+D5;2mZLmEqxR)N%CWNA0fui0%Z|^pQn=5 zk%>|g_pIofy zcYZcRpU|BNUdlYQ!98+!id6SJ5oD2kA z_ouLnod>ejM1Fa3lT*1;^~Hc|dU7mqh?GGr|1&PbwTd;sTt8lyU5NO$4O1dV8z zBax)R==I|Y5N!8U2N+U=`I7QX3K%>O-%F13`T}oY#JIi*uL}6@JpT#sc-$E*r6kfibnSD305pk*0C+O>uk`{CW0=8b@Q%_R$-wtg_ZjfEakIel z`|Pi^xBtzzhqo35TH8j`*5H6miv94ou0LbS4~^6T8o5%msXpRJ!dTco^bXKM4A_wY zp6@!{qigxlyAN-D{;%^;#{Ts`@Hj|ljs3&G4Zwg#S}Lccg#sN<5c4Jy8uuF;Kv<~o zPZ$T;+M7;ITOb*BLDT5}-h<^a@XHF1jP~XMVeE4|D-kXX(f|sv-^l{4>~Rlfh}nR7 z23`N%N3nZDCcQU>uw(L@cjCZ&dx+^LX!6ik#kzbt4bH#?KwX+mtAt(8wmd|$SoigV zBFv;sX>-E2?{$&NNu*(~vhHW$@>x_94JqT;MFzDhqS>NSUk9@2jee&+E59FU9vZzzVzH}PhS97 zSH1vviU*?%b=ehQ%mzaR)GC2N;7a5h25A!o943D4%^$Job)9zLa1v0*EfjTOPFpkkX}Be0ai5b@3^?80cc*yTeM5Lw;X%rr@e<7~r(= zzu|op)CPQ!`9WlDv{2c4LX>9N75&cW6?(^X-WTaCg{g~&! z$i@!{lwL@+%!+>y52&@tDlmwp zP)wZuNMQXiKyg4aaI+tuu>sv>qr0t5NZ*Ev=$yM3FWI$X)f2Flv1#}>1w;MAPzv>d zg)l<@ttk*tv%o?hAmr~Nwhb~)DdxDPO>Eq+XWpK&AOOro{^$6k5Yz^k7BB;cNrKtr zez?4K-0vVS<)oDWa50`oNL$-bsp9R2fog-Aqo3c#DE`+XRFJV&$%}b!4FG>xNeg*s zhU|aQUx|xKD3ejW;wDfk9a;1)h3~(<|F^4fHXQ^4zz&TE4;0wzG#2^C9Rj+s;R)1y z8GJ&V;Ek&dl+EGdbQ%D7F;=beUtsyS0fLvTMVyP&B&`pN-2H!x+#n@Jw{jY+wRBpX zlHWdq&yLMb>OpEvOZrE|WAof-el|N79iMw((KZ97ih7H;2OthF`KIvRWXUKREf zU<Ca6#t{2$gM_#IQ@=Q78qEMel=b zqhbn2^y_JWyH}?t(d~6N0m#k(?ih)HwGQW^1q}3XQ?gijknSwhuXoy+1B5n}0176< zY@=Jsh>Fm&ih=qM>p%I%_345C6x{#;TVe5=vQW4B+YO-5=QN`HqEACrgz>>92=H$= z%yM4}*A@Z(YS9N)g&6jDvEp;anF~^VxqH1@`)7a}idB4zM)mw1;5Ni~TLr+s3~Odx zr<2Chouwk`q2DqO?a^xieZgOoZh%gP+&B3PJm0%NQbfsC)Xb-4_pKMeEKUZLL%Cg_ zx|*DMoX@&(%Dbp1l%FjG5jBK|DRMTCiX?KoU9P6|OOqRrQW+Vem)PPp0y3H@1$OP} z4t^(6G(aoN6Cn}3Kt=memGgX4@`{=Rm)+RX3orgC6UWL9-W z`)t(eyO*13>jC6YSAbPE0U&!act4fgjd)rTH(6=f4~zomgYLvR3}#=yN(Kmhy5#{b zA;X^~f_ep^>RLuV)xrRu@CZ1}2$}*qhl)A?bdvt;WEJ>giY%=M{OV+L8F6)UdAtfN z@*e@wt^x4Z7jy3Pu0|cvs_h|c3Lr%UeXBU7^*ta8sf}cI0Zy6VfdvUGQ4Yp$FMqs{ zuI8D03sFD_+_(VND)Qf?FYwS%%XP^}(AmjafX>bY0iIDGNm_GdV_jiafO0AOkk@C1 zx6$Rijtk<?J@%^VtKL zjCmciA9(YX2Pw=4_*^`b9Bc5}gC$6cFEFQ^fR2tB5Cvp2C->5T86;iOe5UL6`)#ZU z6Bf0jKeg9RIR~0JM&K?@ve_T9tqI%8-!ry3Mxpo=u!jvf0{{>`2Tq4Cf{5b%FW&D0 zTD$8UbbuJp$SN)5EikbKTL<~_;V$j%tz-I{F z03(B2tT4jw4BQt(I3j{r0G(Ei3@Zt5u1Xx0tK$Sl#hHB%GKS<1SqgkB5}r_7J9!}x zL>Ckeh!`3aIe0$!U<9)eR~`UXO_dpdA<}S-o!)q9j#OBKCZ-%C-6kNTA9nWiR|)7< z7gpVf=&l&g$VJD497v~6OsY&11>kkYZilOIC*o{&IZV|$Z~_>(auO3`WtBQH z`u%am`-^KpdU&SUxDJ3|7p z{Sk+5fSh!ZlX6n_l7sMfz!J#b+myZ}Y=I=8lN>Z&HP4B#?-B!y$=rf*-o{zc#AmT; ze66eT=UfimSmd9!)j*cZL}+R^^5RN*0kLiKLZ;mbu&ODSC%(aMN82Qvas|Zxa_qX? zKCNg2betwY@-+tkt=rrSvAc`hPC7kqdlx{=b=o>VGs5_XdzW7s(S8>E=J}3DaGj|) z48n53R>NdYqE-PM;RTJx!|~zr6JE(146d@mM?`)yuMR~Q4OYoZ@Tleiy8f*oawk+( z<}~c8{R|MAbbgy@)ol_+vv$>28ye2kjj^u{n_vvD89I;(7$$=ULj@aTOAt z&{0u)$}a@oxOgSDIr%-swxW+o{sm|WTg?-QGV`Ub@D3$r9z=U=@YgS81L#YgvNZ3} za+akC>i_Agz7OUdFEyI~VtCLV41Yz3hHCnI-UD#1naO3fR7m>t%mS0AsK}skOe8YZ z02?OH4STBVc1r#+k07J4y9%r!=fdcJlzdcF!odGuW7&tv`T^JE_9(8;u z3NkwmL+;rtQeee!5nS|l#D%=bO4!U%Bo;v`{Gax@E|FxisP z1pmmnuX;QjThPe~i2;JE3|ed{uA%D*CK|QVlwcc+nj|0hhaAQ)qB`^1-%?z6)>%`T)aB zi12UcuS!27QR}q)s+zrLE9A7&Tjz`Gip|D_{&wyWz#GcZfTAppBlGlc1#OEq8v_m_ z#P9(Z36s3#7pdi#{1dPu1B8=zbdnrKqfFYTF8?Z?u}hj|+V+KMvKh#-iCtGI#rXx+ z>5-vHEtBJ-NSNxZV<$m*FLt3cqRv=>X*}?euM%CvvEm$&$pqKO1Dh@mNo*nREDys^ zEa9G|fjAvt(?NF=+vhQzu-YHd`(@|#VoYFKHCL$v>C-T`N6Y@@F+|5aONet`wD|Hb zi6|1N*}r7*+c9FIo<)QwnEmPRv;huqIcmj<0wHZt*=s*P^%?cP-knM=n0?zF6%W|% z4EhLvA_!S|;8zy=97IMCBZ9tq9=u;!4&0b{_r2J(^0i#QOZbdNRwl`OI; z3<79N54Krh~Zc+CtSXz&`>Owv~8Ujg0Xw&DJtgFN|@+mXN3X??!v2yFsuE3&$Ed zDoK>r6H9mt9{~3O0o0$BhyBK$AXqGg`3?0VmX75a-C+bm^FAnVSS1*?OV~+rO^*q( zxyZ%c{!DaC4HsBKONa3uXmpbVhKoY-JP6e&$uj7Pp-Tw+l1RW`Ifnp2$<@VtfVI=@ z-cA^0<2baGPbTvPXVC~@h{1I#J|NHBWd!o?i{eA_U07%~jt;uhah=tvXpmEQU7)oF zO^g^-+i6l25<%sYq%|AXH%O<_M%;m}j8oMKUB z1LKaynDSpQbACsZ;~otcg+M74TElsPbPbrGH#;4;e8)a3X08u!)64c|O5b_)ddoAI zekhB@#N_L5P7@yc_K?9AfBzev>s4}#!pn=}7g^}#4{m5QLkmH;@oQ3B`3fwlZvt1x zv2y&MaE)x{%QzAYnp#i}W7gwwa9JEa!%!vvCaDfah08k6BJSBOzJWEowdL3SK|I?E zTey-TzK6mHZzM9fig9YNXM&tDj?FP3t^$vEaH&%Sp#R7&fum-^K&CQrq$0QePYn^z zdpYRLMF)Jhbjpm3OX68GpRIfRdZW>XsRyHm7=!3<)3eV@kPNtDW9Y9^N^lOQC8*k< zbzi%B9=%63QNM;^hNoRz-XSpQVp%$rh1@O5xTF+Ult)@m_60wD-wpP*W-|h*j@>~J zuZ_Pc2ihn&cT=?c@ACmBk-ur_4cnZ6l>2~es)^QNQ3t9TS~*iP*H6{g7_8y=XM8We z>NH|p66pyA{*hV$ME6BL2IiicXifDu1GAu;7s>F=KsfPzbTq|N;hO|b zZpi2ei&`LEaI=<&1GpIy@hwnYI(j}E-d$^N2Ihm34rU_+!%nfl+xgv>{Fc9#t|`k2 zY}}CZoXvX=)%qblmq^c0ZA^7)dDV*5CRle2~Gd>o*(lQQ9^s2!zbJ9P>&xaFK<*I} zBq%zEO+4)I>6DQ%LJn^b#;B0{JWkf&L=Gd++pgCi7maZaB!$3Ri6A9}aSCHqU>-7t z;G%X!aaC>z2Tl5IEnRu-H;)(V0BeUANHz}AOWyG#Hc7lH333TW4JJ~<8GC01#mZWj z5WKl=BT~}T-&87)QP50c;l|xgY1K|iB9*I9RpL`e3uo+D-EUbPTr;J^mM8U1qy54! z;|-MyCyetXR!xH7)@7&q?qGsf+}bti587g#MF<(9QhjdFPz%SU*uZuR!QyMQM}OM! zIux&ntc~D;b+LZGjK8y>^6Zd?GW*8tR%aiQHIPh7AV8@SqcHup5I*4(=o1MI;^IJ| ztn6EqpqIz+&3n9fq$B?q?bUrIMR^#$ELf!GLFeIrQeIGAa;`v*E)ZNAO z&0qm>@Re%~U!EU4ds z-H)%t$kfl94WDYO=Nxnd?>L~ag*ThT6FU-ll^%(9(DCVFSiq^>=`L^OExcvJ6Ws5D zwF$S05(VMOh|kO0OsZbLx;8 z|0kPEtEYX~fyFRP32`CF>$nfIU_`9wO7QyO`?Yff^%UM_i01L46iS>YI!^FHXgG22 z$A25>iznS;rb96$g|Ne=jCJp1=zPiEJ3JCxcWLE0#;O>%w(c%^1{cu2x9TJ zaQ;8O!)a}(evnK8Dk#P!XFOXkDO%{Ym6(k#@*v16u_PE}@xDAK0+2z~gpHA3#uG8F z8p{dE_d^&TJ;$+^P(zddTD%b84{i7{MM(DTx^lBBGgYq(T{JpdyrDfyRN_;4p?&Q4 zLGw2$u1k2oPQn)ZYyt0=)b|)X7$5IKR{Nw54h+;U4tREof+;)57!?lQW2nFPjfhiM zQ}Sz1@%Ein(9$>=y=%B83&a$nKPdnHbqf5Y6YEf8I2tsVM>3?v1WTZ>G46AZc$boJ z30!&mL{vv)DRM7f!lXtePyBHpc28lx+CEjb%tx)8d$$W9( z?o`DEelgsjvn;1L&KZM6jdPBw3D3iD0x0+0mYsjIPiTWvEsLpxg@*#n%|O$b;&+lRoVk3>cO`KYPq3`VaCj4xIBOJ zo|H9$A9W}%=H@hNfxjShe+|gugFmk)adqP5_$NW_<(@5}t1hBr1u#bk%uD%d8yETo znen7=WovW{0v>*k2mOBsn2>$^eS>IbE1pm+d-snL%RL1;I~U~lmr8mo43NNvF--#A<|EOWH!V)-;U01$>1potT_ud=X3 zn>>`pZ&5Hnn9T1(#z9&JgB|k+%Ehq-G%JW2md#~K_@g0W*ArAr7!@|d6i#7uhXy&n z1{NC85XHxq+#wtULp(|s6O2Utw>D0e22u@Gj^kYB()vK3w2Sg~TvFkQnV_~a=5$Z0 zj{ObkVLQenSYVPQ?k*FoZ~wr{8E+&ir4dSZUR}T zmLI>jLo%SY9bFQWFkadkZ0m7A{?yOE9d7O+;2?mENUIvF{wVx|Kr4^yz9(@Lc)nS^ zpgtpi9)5yX1dbeiY$22-JN4;|fEXop%!Sk#bV@B!NISGK4SJ6=cZmDRNz64m>?xQ- z;eAc6XxWM&U9IswC<3T9aKe2V&i%)-Mcdv)LCh4~G`mlwl?6=QRRH zHi85X$I|cwVJ@T#)DpbV={b%kwc5a8;8a62b}%D}BGC~gvZ>zwsJ;F#iH%(g{i_-I z9XM(@41CLgl-1;8^Gx5@UiG|3n35Rqt0ioIWH-N7PD&ycZ=40OFrsOld;E!)0!pGf zkhUF8R{p%yxTUv1?ez_YoPlYmSRGaNyrKGroY<=Fuu2ek(snn!`a27nQc@hIC6J01 z0ZNqrQqju~wVyhiBGmu#>J)GwgO1rg_*FKYrH{!*TMriuEChWznS5vsm{23jt4UV* zaZ|HS-P{#+Gc5qrDvrc1vky{cjnI3MWaU%unHip-U#%Z84NRFI{<D07&y3Vq9IDWV`^w9Y=33bJfAgjwpNc7%0wJ7~gFNB*X;&QkU^b2fKkGO{>0 z*OiyedbY5Rh`4`}F)DtEUqSB2vATh*V@gHBSZwCYCzZVU;mpT7a38)QK^H8J?hnXi z#-Rp9Cj-Z@?u1dbVK1emB+`1}#zCNrL^0Zs_~D_=i%J---8flSG=t)YgeA+~1ZPL< z!DcGap&6BJkDY#npJ9KlV0*BAA%O{#1O!?wWZ>51uR8L>aRP&%@marM)}YVes9Qi| zW_gJv)&I1#X-Q5P3*SkbTJOn+SCG>WWN7QAjxA{Gs%6#edd@J!uz@?_6OvR@Ft<+t z##?%ovUO_o8vZeZk}45+Im7|G2(Ew}PwC1g_VAtH^IXF)d$F?P_QOQHwUCSN|?DGsb$*=Fd39pfrmY=9o zsftN31ZGrT@9Lxvlfu!j&tsVxQjkm}hGbv+Tiet=4+2|}KH94t)j`)X+v>hc3U81A zc~B+Y#Ve-)OoliL?*WiWzsx}G=L<2Z4uPVm`S+h`)&m{)dV#$4N>={5BUgH#goEvM z?>=OXx>t5+UGhZ0G4>cQ5NrI4I> z3sgU{G^rghM+UhB#-kk6OUv(S7znZfkA)e6sX{E~id|MX`?ps3bJsZ!OXjJUil|X- z$@jx=VAOzn!+0S%VTuH@O@G+U&5D0zsMaO1_kS2vdBI2V67erWV|up!x(x?Z?E zYg>Q59*|N=99B_zn!o{$Iiv zX+%%*^PZNEWuI1ASX@D6GD`4SgTjGlJ#>ztxZbNx5u~_BW z6`IA}u^+L`d7E4OV7s!Sb*-xBK?crW!WAWrBHMrlo?r<{Re)QK`#gxL149YGI@C*j zAKcF#oYM@`a9x)@55k0D)QVfG#sye1ri#Pc2l4~q3lw?%3t?4>EFk9kV|Jtfr=0P~FQyc%bEPhj@0oiq zDMrcrG7)3Dn(UfY1fApYxA8~G!yoTcb>rWE$;Ou5LZ@>i>GNVNDzu8Mfw=l(!Qo8Q*4BKLGlT)9;fD*V(_-G(=qNd3*rP8pDQc@nt zEcLf(xI7_6e_C1!c2WonbPF{gBuQfIQ(q9i^%XipNURW@y-Jrw=;Mw~oK6rGHW&?Ko;k8+1rZ+~X-}C{mKnoot0j4GV|0q!mP-CG7`(G(kx$ z7cdhav6LS#O;7^l8I=E)@}{BXSh%K58X~ztbTGXP8Nztk;78#lUyqDmOled4NkaZ` zct>b7zfO9Kz9S`69*c`&@wYvBp2S1EN~#LHEukiffrl3MdxM_gV{uc^Evjrck!Y0h ztBxq_;0Y5V1o!QawUbl=D$NovVSiuyn>omENH1ERgv`~0}JHH)aXS5taOSHd* z?Fdmci^m+AzY3Gc>q}V3cFQ2F7??OeF<~q({QuyKg{qM#VMtUDe&-D z$O1@yON#4NQk0aFT%Z3Rt`7tImz;&fC($~RaFi~(BI0^ND3Dtts=pHpemsme>97Bs zB=!~Thcq5f0!TL)+cd_eAQtV=Y%Dp|1skM>F|4bNG3dj7V)+}lE5KLglzbRN2i@(e z-zD$kWr!R;oPq6Bt~8pMvBl_eT->P*C0$bdb<(0AwgE;$w&+SEvBj|BvMM~(Ta8M; zZo8JGbySmK_o-<2leY69Bu2S{0#kr zf3Kp6?uX?UOozt$&Rc@x&}X&`C4KoryTSGi>C=0GyC-In=&c$sDpG*P4R;1OKpgO% zwLIU=C3{~P$018!@=z?bH;AW&N`f}~tqwP5TxU;STtLv0t=J3g)m{cL`Yd0vQI{)% zUcd$}_zMdWa*wTqr}xooqL1FTW@4Mn6~kQ*rVFmhc9rRf&P}K~gJ%SfA3rNtY@;5Y>SDbX>79k!gqmpinV_N#}rK8$L z$kfw5@r7)Z%VkWuTRde2VGlb&$Uu~j3E33tu#VOviH!glF#ya(h?jGqm`I6Tat=c6 zG6nu?#PwPYx&0o*2Jf;W zhY{WQ3{&ux0cpL{?_6qV9!yx-IvxmeWW+q{;mG=>Xn60BQiUzmmD%e;i$ge0OPFzp zxD%ZX+=@=E68QX^I5`ZM8mcXs4DlwpuM#Cb!zVfXe_(Po+#TRWuarm=5yaMhc@{(b zuJ@*Av`&gY2`i`JM;H0X;In0PwdF__D!+9@B-u%F1MgNLoOes0#g7Xd;4kAo;&+26 zm*&Mp(vGQ&r42DJ6S@AsSb%6WsO`a9pk;iSQP{*+T*3&lA=PM$Kdw7nf^nZ|5NI$s z$XGZioM_Gs81(oE7#zok00?PJpC77qS6Qfm z)0r;618$ha)!ZXaWH3C}S{68tt{AAL#RBlE;m;|Z=N!5faG59?&J=#3@zV}+Mpb+o zCd)A)wVG+qZR))ozFAQ3GmHv}B(6llMgNVXMf0!mIwr#*+VH-x%o7~!7iMV`4(e4M za2$q!Sav$atw0QJy*}CG6C6>0Yz*~A$h2?@g(Tu-UThL_LDKE96o^3dDlbZW5Al*^ zk@3iJuYSFO z%l^mWO|}cq%I0-Q65O@NbS92AsFmmY?=udkkAqJ^?r%2)ie=@F9c+q-axUQ@x4EO6t?gt`ayJSRX;s zEkUZHWC(nSfUUz(Lk%ezRxW22ZS~lvlOyiReg6lSTA+xPjiyfnmHq_BTgF2=CMS2l zV_K6BxJXrahKJEn3~*c4qlV?{3As%17J3bMsMo7AZqBX>*5}y}c`TJoe^K1`S{($O zE`v;hzKpfp>qRAxWL9@mp$Yhl>qHWZIw~L_@^JZ!0zbftbg%QYXvBR! zx>heR5@^ydga-4KNoT=$9jM`fuefb!qWsHTgFLM{8Mr35HI2phHnaUyaCZI8BrzZ?8`j8{; z+@3lQe%%&Z9&JP?8tMq=UC0%Vz4JGB+_t$ksOL=46ATSJrQRC)0r&ep>EyNf`7Q1*wu`(rGaQ%0QoDXmzT%8v3k+W%T#pNCZ+wx68OTdrki2U$LiGsP$m zL_F4lpvO^K_;#u|GY59;aCSXStsy&~arawa&iqM|T1^!9$C$1?Y0`XG@A<9yw#HQ7 z(ozN6#2eLo&fQeX@GA|VH%h^?7ks|*LhXD%9YBn~ev!<+4SRuG$Ok$uICd|{zPdRi z9TUaCV6>vz>zRw7X(_hsWC+Ca8Et?bsjUZgdBw~d`jG#@^t0`0%yz?Kq_~z{Z1)O0 zB(mn%yom86dUTzNZ9giF<3-N66?W&sSX|0*7u0&Zht@xwL9UVDi@DFOmVit8p^6a6 z*pulOaMOH~txd#cUz4ijz9hY*h0`bzh#oCQcq1-XdjJ|v}BZq6M4gKXkIprbo6dqaC{ zs=AO2lg0!#QaJ#aIPcXnhg+3LXhr76#aP=^&c)JfTfe^wR>k&}Z2tTzstp*Ey91Bn zzK`2)xi^fl9o7`}wl3JI?b!=O00>Pp6d<)lfig?0^A)@7Pby9N#B;vX4wcs#A&Ycd zh3APXKUB0EuEDLAZk(>JPdCvv%%;AMSCr%dPFnV|>|}Y@w`TcFHHLqs4}kUbTA%E` zvY-6cG@s8e2&<-S&Dp_K&Qwic{KCg9Ot?nZ!sPk%QUy;EEt7V_*|bQgI6nX>XTW(n zBVuhxtTp{*GFW_F@bAwifi+HZEDxrg^sTv67I{A88>1R%n@K7)DGsWtMG74pM~`ot zY;1~CggTao^JP$|!IzhA7#)KikUIhD&F;V;;?}z>8#feKWBTRo$>4X$Q~=1NCl?hR z^Ck631_2@K-@v#<2kI`_Rxp#TmJ%sqy^N7_J*KQCB;?%on!5T}tKr)IlnSj-637D* z%h{h_Fb@~RWX{H8nCZOV{GRx=ucM!c^SI_yYZAdqYK6l$FH0oDUxcoY8n)w0Doe+* z;^$axV4a0OA_K(Gqc%V26{$#3?EN`CD1%Y0*51JF+e>M`wFB`1#RZTI5;J2`lHu(G zS9KkFz!N5-PA;SkeN~qdgevetdN5(Z%o^|(d-Xz2)LN%q4hL&`$QOxYOHdrb(%BVG zGRp(Pqu%L}KeO$L6#uM}_1nakx}!%x5Ki$jHxON_FtO6%B}#0LSHx)*%WA-Cs&;R4iS#c2{QeeL%sB_&DXnOZ+P^ zd|CeuA1NC30k%MxGd&szFHTp5h&c_lZ@o>Z*XMk1mL{CB8gb8Tju;sZ%748*IEod% z)`WrJ#F~YwfF4m_^zb*_(8i;oE;f-)wdZ6i#DOuXKld&Mz_C3~HlPoJZ(dA=YPyi! zQ4&sA;O9?VCV@gbF}vOZIuD3Ja>9|k%)D1>oG?TX-X>Kb?vS`3*`V?X;2&&!aXVv~ z?K4ve_UH^FA}3st3NBABBO|<^hoSLLpbp8+m!odWZlGgbfe98tzu*1+);Ff-uxl@y zz_pb#4QBxuVumxGZM6qU_AK<@+9uHdX)Bl+Z0w; z7p>RMV#!D=SblRPUlpu|bOEudIjJa+2B&YJ4}mRi}Ek>yZpDdKWzJ$8K9ABy(V0gw#}Q*`k@p z<6wlSE!khdgN+6;SHOa^6uV*j=W_r7trUbFSbycwTBKkR`7G;4rh;V1n%64;@k)!~OM8UeSsCvW%z z@dGLz=rF_xsy-#OBK8Jejl91%Uu-iV8fVHb`@lX(srJ2;7a44YE$NRy$NQyo9Uuq2 zLMdc=-m(Ab*3yj~@j}fXK>7(hSMTVs$B=FHy`^4cf}wDiXq9FuWsA;Ab3m3s_DBKt z1(^eJO;^C;@RY1!drvR#Sv-dfZ$LF`6#;UfAsir#*CWujxyd*UchqY@4D1(Y^n!(? zj1S27QxYgx-%kpc3@s*PH}99)Sc$>*Ri7ZOn688_mHR%xmF9@(fO#PGXS{xK_tcSc zD!0D9#dDWA)uMj`S8(R`d2)x~9h-^ ziDSL~+Tg~dpdMZDmplX|IGdE&0J4|wu$e{-$Em!yQ6B6ura_O#L2$Fee>G_!VnEU+ zZp>pQz)=-M6=#Kfd_!>9#(od*8kW_6RF!?ceejcfR!}BqfEO6x!h*o8QIu%||As0Pb;$;j z)M93H+#FO^qOs27iLFl?Q6<0Ss+t*_IVJ`Z#z?w?Jli8q>3vPOn@rP`{FWE9Blz`b zLdBo|3#VuQKjHKrPh*AnVTUSv17kSOHutNaOe5&GV|o0dGy%R_@3C1S=IbWVn(lBo z59@Fyx9~Tc71XKpOtw|e*-%m&t>lr`B{?K-{T;F<)*4=ES0Bx<@H6_k z`FtK_YTFNh>x0tA0WiQGm@B<{4}?jRDR+kBc|Mz!)w}cl0Z2H=B zzX2r=Ku&t36#99nR_F6?xXOI*0;((WUe;e?WcW5CZaAb#D8{BNUEgi7M0@G8TjC0 zeZ{@WkNx~C*5R}QmOjjRwZ_^#*K}&989zKuOO;I6IG?B*t+yTW81*MsX>6Q?kEi_n zxLAVbNuRk=tTuU@;9>~-&`N)qB{z_|#yt9T*^@E&01i`wFo=Sc=uN=SgC|dhE9jTMYdvw~Vy}l&L2>r4b3&vMo>3?cZ=OzLBKd zZ@H2zYyo7n7dFDn*9S8B3`#^#9hqsbqHo#NHx6c8^J$>tVkb%TNaeH1H-5!`xO|P+L+ne$+ct>d$0H8 zzR%D2QeUpUX8z=xd7kJjw(q?8!al*a!aAg`_G?g8%k5B)(?Ig>%D}deeEQmYh^QD? zE#X;@!|vRLQm$5U>}AEpeSQaMzF zv+LA}W1elX(M5T@CKRp7()aAltT3pijJe46l9u&Y3=qkPOq_VJy9!4&FNlJ3~zYw)MNNN7oLKt2OJgeXTZc`cEyhSKxTC({+K$ zmDqW*zM|4rQuvPxlOV}kuV0@7)O{0`S8sAKozDQ#q~i1I|IXn=Ii6SMz+j zt~KRng9%}V_XXPJg)*usK8fypc`NE9jI04eZ2z}bsQp_j>R1vk_YgTp-I1z7OJvEe zXcUc?9o&?sQ#dTR3NYzR0vQMl~Al2((X8uzxrC%2W6b zN&RNuxxTiO(P<+*|L1#xbirfmycopWXpwVyE9bBMEjS{=A>_dI1^Vet^8c8O;sXz) zX`Dpqc%|OMPwQ9;rRy@?DwYIq`tc7c=2L#|@!1GG7hM<|sOUk(>Ib5E+aiz7%PT@} zy}jd*oUTbRt-8^$A=}7kYIbs5noXO;>33>R-RPHWzfZeek9eloaSe~QIi23m`m7$} z82v0N6-|kqqh=)FtXJ6EcCT-=xZ6o}T2FrVrN2|PU%8mF2i`XNH75(*512Ivx_r6i@qU8M9jYo;zGSW1#b$05C zTA)UPWHSG3F$Uw@&nv>V{IsV06xZYy7I@S}GaG4q(|O{sau;K_(h|SlZ4iWFEn+^U zD6cJesMw>D!2QohnP(}0|I^L_L&Yu7>~(Hw;$IO=GhN7rx--WT8!oA`E6xaaR- zH=gRxJe;?g6MHV!8qBs7c%-MX$J1^uzS(l}`99Ukr(3kF#e>SiU)bYau}Zns)QLxT zX#dNWcs~%ni9bdWGt#x5rr|e~YQ^(WYxbk9;n0Wv%wf)A`u^r-c{l-*qdPU@6suXJ zFFogHSLeKc?+up7wNcokJPOsE^h}??e{LfJ@&BccrI@WX|K8dluM=W8m93^_4`}*$ z->k8)wr+lPnvl;|%$H#fjYv3`XKTqAv+L#&;0yZQev=ib*@Vx&G8s``UCE72$nl|zqrvojQv{%u<|UrQ5!ZGO zH1;AdKbW82+SFrrr*n!vi}cNU`uM2>bO$tcGqpDm>jPC`GyLR7udrwBSI*l~;>j2fUtO89WT;$<&*|bs{RmC-YAtIv(`Z%#pbG&& zUM7A1+np}`A9kmrCyWXpoD@2@&%#_+w-cUN-)`-Xm^s)EE`*Hgdb?ZiOX4FN&YY&# z2|X_CWw*ZXme=Y<<_ra_`rWcF8+k~?I80~)QLbQn{>%?m5F^vMJZrFJ>*!|u?z;5X zo$I$9p97Pl%{uNF_Bnp5Bw@dKJC38H%j@OUugszK&$LR#8nZ}HHRh<+#|n9yw*55XG?Oss858Geo(9ov(b!ZE@`@w!Yc!*woENLCaIMQP1;dWoZ-JeUUyZ zBA#bElf})g-te1!Yi1Bb{7JFx5lz?Ey*Zg{m*}JtuSK_J%;+TaSYcNYwZPrZ8!8it zh&Q)yQiQxTcz5@5^kjxiYkEb4~1YEM86;X$gw3H2f2pj}uuTPr7Ta+VS@E%y6jptuq8B|J0Y)2+EB zy+x{D#$mDZ%Viep*;`kEoI{V{qd&6-F(Q!@vZ9lNUw+TLFb!1vGW0CKN3CKpbT!ZG z_{wQKZhSWCNT?I5U&C#V1${1^Epg75hd=1H)6J;A+LC5F7!7H;*p!{8IHK`3o|x>< z{PB_d<=Z~fTAuObS`i3yhL0h;&-bZ4uX;Y(yvbK#G72v>0;?ZY-B*zn&w9qB8mYK$ zT8Ly*LA~fSnO*6&r8xvm_a`U=OGUFb##qWY0!|=3bpn2WGF1MW&PLphTlk zi5@K0*?4d{2*PpTEbJ&Hr&?$6Z(!*~rWR%UjNMd`NJLg@6RLT*0_pbdKoQl;VAdGvV{4O!E;Mx2+ zQ|8jW`)BHw&wlO>#=365hHTMiZLPy_^P*e?&NWTSxg)puW()5x`s{0q^f&~kGo{;a zU)M}c*&TYRk9?FKV6D%!!>e^{o}Z8(&h@zcBzJXlTRVH}YyDxn*-7_!%wCqQ*^~CpoItToBrs><$w=8%Ub!$!1?SoMavQlE2>|zxF$eb@obR z{U()^9j4b{^G5jIVq74&hHPNpdj1+*Yl7zT>vGSgzQ9KH+;WVqTHw&Qb|MQFg!+ z&^6&GUD5Y`>u=F+LB@#y%V_83MwMHoLV8bg_N2`f2|HZyPWLL^R=Xr)+vb4sUi2#L z0^nN}XtQ!`soheZp5y}i)EAB^xUO!blxuvxSk|7!-g2^Y;#h$t^AhJ>bNz~tiBHUt z!&nlp^|YGnlpT@I>HS^l`FEP^OXsiCJ8iY^ky1RfXVr4@$d6_J35fvWAPEnddz_sF z##DJtyA&pW6xiO;GLe&w+smSOq#ot}!`@#;MHTho|FFU!LkKf8A}~Xjq)PW74T4BW zH!9NIF~A^5iy);qfG8k{BHb+=f^*R_KyMp(*IHt z0CeOU!9rFBsuvLb=aoq<8)*O%6BUrkSGD0QV+UbBUcNr}qW5*@5yUIL<9g!;Wn%$t zk3Wy*#1s}7wC#?EoH%6Y2(td?j0OJ`zx?lN0?zn9FFF(dQ!^X}USzYBwrc$HS5LC~ zQ+w$4--m3Y%=HO)fKnqw-@xs8rSjLvgswZ{lZOwq5)9792LJnggt*tM(ml(NmnOHJYb5b<)-}rM2~`!!B^9ARII;~@3~g( zzvVME0VJHqT=L(HDh4v1m+rLEz5Bud;y~N+AT+`+{}jZl%Xt)ag&i8w-40g!PjO*L zJ&EN%n#}+G6+~J|1^Oj&*Kh;xm7I4Lt%as_wML-b9uPjx@72HsuUnwkLA!s6FX+to z{_C?=m}AlMTF|!V?sLGXQ%SekoTzZ=elXHr+AGBkIvDb+K?kGD{2O7hoy5-XPP1}~ z{9kno-*>)vVnXe;zd30LQ|%i39~XeZXZfSH`8EI(bY6#p+Gcv&bdJ+}YveVqY{#QE zLV%8OnN%s^VbZgmHpU$5-^t$r_n`e6rf|&{IbgOpr~#0MoZYh$%eGF(x(l|YjH9~J z=7B$>6uMyE)F}Za`Cr9SW@6`C?!4l~tEcV&7oY-+Zq}gFTV3@cr!dL6)Aw+HQ1jjY zFbhA-wZ_WWeCnXn%9F$$3|@;?|3;s0y*=?xa79J!3Y`lbBl&I6SVkvON-@Dw$WL}n6jVm&LL z@q+9azzy276{7C;cP-*DU<5Hv*-OS@2cR+f|F-T6Zfr)=3f(OkbNPMm_kKlw0FB&D z)9S6-GovJd427(x+I4~87g_=Nlubo0+HJ2}SQW_PuhojNgUKC#x*^RVoO`pCGvqQm zinsIG&9`>bK&E+}1YTC+00(+d{n_=bo?0n${1}-4U>04G;WNZ67M}n(VHfoOR{j;q zM#f6)VyZ#o@BmhsykfhN$Qn!omr3`L4pQlJ1UT8E>lAGlP{ZlGh7{bsbKfbZ@!&c_ z?kl%``BfOTNgOaK4!{Q)Bz@XJ^EO-H)y1!uq=DlA1c0?{i*f1X%u{-tRDHVo)#d8q zsH#jB$_~&D5ez<`jRG$YzJq3Y3h%ptX~K?~JjRteph=k5bHX{o543S#qX#;{IP$(T za*0d_0D|3r?@TN0i18BSencDsb5HNZCcwPJTu8VrKmP07MsK~p-0uQv`r;BWccaka z=YzR#m;+_|lkDrfH-U`LE$Msc=8qQ$?Eq7M~*v`q)szS%Aqw=&NSrW(>;kS zJMyc~L}&c+YF8JH?$?GR;yd>_4uww*sytprh~vQh%6qOvS1V+z?S3O8?lN7=l-cf3 z!)Bh|^10XCM*FwccVf+(!bKSy^qQEsyDrHELVj$4n`dc&QT&53b+i)zeK-YZ z?5t^G86}9Mo4*x%?k#p(#uKkHk3n0Z`({_7#I$KOfE^4PIkH5YHPd_!R{x#Wqi+Nr z5nVi~vz40#sDLCu$7y^+etyu-9P9Q@adtL}tjK#N7=IyJsK+V$VP`Mks%$p@Io_G4 z&or*`a4$WWXj-@tpnL`JDSj2lb5Yg+WpZy|@$-(Fskf9Rm3g->T8h!NOJFm=k0A}f z7ykV9n<#hw7@tsFqLrgUnF?Z#>8PVq$u&e|0Yily4Dp*Lk@Xtf6?PT5topx3Iu#l(vd|S}*^@-|VnM{W> zs`nhh5MGn&Q3X{Fl-h9{;8-dIpOZZ>3nyu;S4>vIVf54fj41L80+C_1iYmwDdsh_b z8}7`42#o;qGHSVK85xdkAr>N>QxGg%<&!e}FCeqwltNk?aNp3Lt3%2$l85@Dr^}y= z3GYDoQXb)U1pNT)4(B4qAq6og3&l-WaQz54Ut;-X85$sSR{%XD9)drcEwj3Bi@EVi z=0gS`!{B(&+paQg+(zC~4mL~9orcM^^B%~)M-)nsX18?lUbRR8+DT;-oJkneg!(R# zW-u-opM5z0+H_srSHm!D+1qK&6#j;IjiQKh=F$4d!yti>w+Hg4LWd+xZx8WyvIF>U zF}4#d5SpI>^hqn`?pzFpur9CghjlXsu8_?w!H9D`C&VO*A6$kwYG#Q2#7w>%{z55) zcVz7G*E$9}_i`UDDC)Is#;!xY(x#%{ek`4) zo0V(4OHbl7AhaVfAa8iqr|GsZMP$fHHe|X{>IePq>)Y@MfQ*W64wV|1zD6+d*6eEw zJ1n!Kr8|4`ufTIBF@iB*bn-XLO{wOECIj1yf2S&yZ1Y5Q#JMjAdWv_d0f0yJ{0fkT zmZGo?vrnqIz3R4kWrt?>P!P_B4)XJR_VzQMMng-W4AoD(-faubGq2Z#DzVSCh|99e z+nr7MZqct~?Hfj&lFt!F*HZ=F-g|kDb`zNT`1>87=f%Q>qT8Lj@b?%G{{F1gZNQ)P zv6}}hi^c85t(Kar&c(I#^Cw^l4gNcsxX9}4zG+nXV)%u($FWnz4}-yp=WYr2HjMI~ zC3q%X?)n|P8(>a6y)*E9T8@mh>yPZMU=MjncmMRH9z-W7v?%^NdvM|Vyl}-tB;0mSm{b} zs36>61Au~8;d>G%B-F`MWr}e95p3Is4@E$NpacrGPoInT(__elCK}wRuWZ}ztZCfu z=3cjjQZ^UfzpybTd4%)~Z2lx7&7O^yNr4vbmti8sxU=2bCTb-vYYGoQCcqzNJ{QhLE90HV`aTyA zkn%mW7q0kV0dbkC^*=j65o~=eE(xxGltMoI$>cPm{-1v^4UzBGjPwiAv0ibU20sA* zQaEKV`;(mwk!_Sjd3-v5zf4*-IHcT6nMjI}I_>g(T~fsP{=6Wb?3`E@_wWZbag^^> z&LwyH`#aaLzP9wDoB}01jZmvMeEN{i7k);QOR~aWQ&;3(kTA(VNru5;+EOuo`#MQ7 zh|sV)B*i{+C;okszzrnpi@9&5 z+qNkuqwU5V%!_NBk#pN-+mQbx z7vMuzN3_O>C1#SjuN3L8FMd(EF9xj5T01D^A=d^<`20L21*_~;i2k6XAAW*LFjT(& z+<3AWF0=!4SMS#Tj!*l?EpH|q%9RV#=E^>hvibh$oOzV=AU^yy9Tj}+$4Hxi7vp8f zR@{3Ed(}QuO1cZlhp2K{?9YwLDTrLm=m9cI0qp)Ld^kD@2?f2k96kj}ij@dh5_CvyY~f^nAD+7wOUowU-$Y(OLR14UPuKXUpU<4Y?q@&1 zdL!kIYjUx1CgG#OJa`?|niPK8^NI+S0Y`fj-GeWo#V6oB#j5V&(6yf^Q1__(%(0u?n?#OL^It8*`jCSLcwWARt;a+UQ+$bx@5a8tCdX-GY?S5qCfLqDzhYc z?AA6>U7~R3(+`-j=_m1I{v$J*)t=XP6+P-wbF9FF3o@3A2i?2{ah$-0BtU4HS$|L8j;ICw^^^A$6?K(QZ!1Sc58i6WCwgNbE&KX0 z|FHZH(gpTM`p+jb)qz(qb}V&#j~up(niZo7eVFfmPXAqb(g=TQB5E>aC+z-?1b?g# zZ+QaSzxj_|C1p24)T>4x2e}Jiu`(k0X)WWh04h3WpB-V-q|bd%Le#k!HdyG1#ZNts zrkzw$3~W(>KVng&`OMb?zx|2$2W>nmDP%~%USZ(|&-{t1U^e;^mSNUv+D6*1p?$JV zZnFYEH}~T2(Qy(Y_<+MOOZRUHL)Vau2Yj>m}_4E$8E*HD^l z>4JL%zE?ZER(|B&oZXv#D^_@HDg%)YF+;|>SZ>9cVw*cS3NWRXWBngik#9L87d+u)gZcStA~eO!=3z>0 z&It2&w~yC1q^qLcs5k&yAYfu`rPfbd)hsZi$C=4OF~6{f9_+?4d3q(4~|CD zp*Tb%4iBqf2w;(AfU2ODo`(ui=!z^ z!_Rwh@Zvm^1D43#P||SxhniAh>bxaBjKOx_+-3=#mXWUYUidsg8 ze8$DUR5e{D4;vD2Y9-aL`gGYe4PT#-$Fi@p-38g3=z|`-&?2M zZFx6`>8r{kXrDrn3pZVw74g3}clqhhnqcm-x1aS|CBt_e zSFEGoPYwCJOLT!6>eGD19FM4*&Y_iLT@e=1(jJyZ-R5-PImK=)h@m;OZcFw;y1+8A z5!v{F!NyD@t^O}HJxnbiRvJn8iSQ7gx!KYw?^m%ecuByCG&{LmjE&^K;^;ZVl4;*p zC@No5J@s6dhmg|U@)t3X$UaZUP!aV-N(C8gi;mtIM^f@uonLfDGrP~BS*hBSVP0-JmDT@>a^%qM8kJiK z?+HGAB3tS5A?*)J{sRh%ec_kxZeZv=Uvrc*V3XFt_V4#Mc8%{^NlDP+diD2pJq6;Z z5Q+r1ESHSe9)|QS%rb<;Q9aBQH&LyQoLv0S;l(! z!|$4fTx;+Ha-mGQ!qxC;gGwH;1~>Ct4>(sA^j_H3{^`C*D&6kA@$Id&yT>>=dtr|Q z%f_ZJ2e-#G*Hd<82b<*BC$q}`W*Ldh3m2qtu-XD^1-5+)KC$}3^3M<}k5;52CEt}W z;YA+Yei-BW_x0bu9ss5M{GH&dw~+~gVdD(RmQdIW$G`cdYT%iy{mbt}nj3w<8o*h% z)B1gXuXkZA;`Co32j>GP-QfS0N~f+h&n})nQiC!Cxv-X_Jos2h#hP1}MLr#NurmIgw9u~9zhvy4S%zVIB@_po?^&dfUR_j|oB|po+Q?_^5UH<&jYk%Ix zKpqth`3Nl5A9~CuAO0V;(FuILfFg{XbrBLSa|%xpa?D(RR`_fo6g&>6ZyiGZD{=lu zV?7+p?RsXDjqUnShEEHQ)P?{5YOpY%S*953W1Ibe{|5)cqn&{FsF>}4r$v12tqzs) zWw4J=ST70tiFE=tG41lQUzyiQSm08Pz9-we36Dxjp$2I2>-rfFf5?M||FVHCq54>m zlxN!;dQUq+vaC3nf)^Z|aOCih>wooe@QtlaT{uS`wV}rwy?co|ev5*26@aFXe1T6ah{qE>%1^EB#vHx@W@(Awh z0tlr|@uUC!Zs^UZBrE8#y-$GxsNdiDlPq^FRa+!q0X#G?;<#&zW32@B|UxbzA{`b%)Uh0$9`kF#|K$N~I}wO&28UxWza>btZe9c2$y@=yeGxZYhU!|xt_5i$ z+p;G|(}DlyqWF>tDY@D~^2j}UagQV*e`&4`<&*0rr2`>F(58##I_!sIr+lMq{2C4K z(kpq?-hj`@1IVe``87e6fOsrd@h{mh9aaJ4#%rNil@5N8^$RGU6ypI<@$!wjt4m&$ zq#kgssVkPVqpW~zd~cTqO5cbD+gN8tM)$z#v?;Io+t+B^A0Xf>G68^h`y;cwvL9s7 z*iCY&+#?iyL?~FO7(sPS9@>uoxSpKo}$wFd$cHfbr{X#7G{Z&}-`*ptR-W$+d z>do3>6Uy{nOpQL%RX%%Pcm$yMy1$dmt3dUTxS>pu76%S)*GP}slw|Z`ZgD_YYva8Z zKdsL;e!XLkmC#md3t^D}O2M_T`I{1qAgT?3Us)Y%4wBb_sHqX8_Wr(dYYaU%hRmk# zni~7-_I20ay)=i)=kbpUp8ZrY@tVa8)_(=A%)lo_QqlF|rUfwU9u}c>0!>jOV%IFy z83J-vY&tU2>+oX)0~Z*88t^HSHFvMpXj%u4WP?$m9uavEA;5jjbR}kx&<7FP;wQ)R zv3PTnx$1PHTh)6;Izda5fJL|4ugEBxZ2)=!^!WNecuxE46;-Z&q2a_z^VJ?_r~7VJ zgox0HxqXg8z=N{`p>;roQUG(3ddx(7ati$a=mF|WeWnkft2(ojFnZ106kP@3V894o zq;Yz!h_;=o+@A*meR8gPTIEv2!CKBclLP?xW$_3+SRFR5%JP~ch!DQ`R}pZnS4OF6 z9gCNa&iFOpQMUt-@<#SU|I>Zvi>Ot_K19b@)>+`$hA?%;HBLCaaQv6!mc2UUP1%g< z=sS*>!{DryEkIM}Q-6Qo`C-dugB;@u(MXn4Bf&tCu{fZezghsgZX%!)iwAnGm$Xex z7gcSF{RO|la^nO{W+NSVR*P;e$H%OTvm?*BbPt$<{Np`|G2g?#w!h!%nQ;F5{m!#i zwmG6q8$U&;taxpEwkf0V>~LePmEM2h63~t-ub74+hw_zl0_{OyQBxOV9%gaIYYL!N zCS14gWrj`*YTS8fzuXE<@!Xs+xO3lb#$Li_-%fauGupV-?(v5&H6h3LKZkV%r19`i z)qf;A{{-mK6Ht5km+so*>@VllM(26huX-0ON0F9qf9Zj$l;PmBHWw)P!_FJL=b(%2 zEQa5l%@q_OJcMOsj#J_V@w`s~1=|vROR&GxR#R~R5ea5t6>}(z;x%EU_*V53z~3KX zdJ}||KSW9cGrK32-i4SmL|?u#na6+$!;0$G5a0Nb$q}qCn*i3c{|KyrDMk2<-=82m zvM)%dUmAK0rp?mnO>_Amq(0`*>2`C%;TPz8z%+}d6YlvLuXBIwmU#_eT3h(<4q9Jh z$gd+YnnIQb+vA!4LOY+H!Q-s~9M-yPRcg~c-r&7zm#+XEr| zv5gV7U$bh#K}gTl? zJTWT%LB_|~7ljUG0MS!!0aq5X5@9F!l~{I1AtcvPb_{U>R3MilCK?!`>-02i|9eLw zdsPxMA(|io|0LJ6ATg*~8?gkvx%xy4@S-Ud(W!;uk5_6gUC)2s#*jJ5Sjn;=J7K>* zA2OAfXQl?KzY9$XmTZiuLnN!_Rb{vP9NW(DTn)p0z<#Qc6dWMH3!6hBVJsN+ zy5r0CX}5I2-0kV&9kqS(Dkd2?awe$VcH($Nk8AzM#<6fb!xZVWA6e$dX40!xUF6OX z!%IdwfdKfzxkEz;UQ3MlStV->7|7<5&T($QSt)#8Xeo*Ye>iRp*_YwvjN_(~6C(0y zM@EQ{5k?YF*$jbKl7&$wODL5bvr;GG1RKhKwnk2c!IG)fIiTSE)a{YUW($p`Pa26O z7ve&0$UtQOBt2&K`W#!E4jz1)Vyv&@q@XmVjg?ZNhoEUXQyXY2DICEZ2`ae3><9P) zIVinx8VXjGN+ruDWCRVwFZqNPUgNo#c+k9slAWB6!a47RQwPdM6BI2(r>*|;^tvj`4vcQk`Q2$ig)rCk3&SL&S95*7?Ju=sb6(?GN>?b7&Sx%lan& z&pWnS5{fR^KqH$0hMT3cOw5KQvH0M<2E+512qBhzffPrnz*w;(GA|GZ&r;q-3?0Xl zslP++%IH95Z#0O`1mR8)b1?;nRdmrLj`v>6k60Rb3-P_?c-jD{tp zVQ_lNP*fG@2ak?y1i@ue-XKI$BRnH@g?+<*u`88V;rDd(4V*WmuJm4|WjCdn6hM67 z%qNhe7WI?;#YbN!&tinfs$)T(#a*T%jP`)3_P=Zt=t6qHg+kL92C#rn_bC>)jWo6j zrJP!fQD;jP6(E_oP69VF@ROb@{0WQAhG;dQMJ-VZE%#sFgtYN2r^pB}+puB?7kM5% zrl54~A$f#iNl{dw?J|&&RY2j%5?`HmUhPx7qpmVNBC2_LkE+k#aX8=DeQUC+NA#&g z7CJnbu9thSo9LtceoGs7D|;G8q^HO4!-==`OF8yxaU7g!AHPV-|KrS;w0~L(Yp1*! znXs=UONF=}C(vk#QMC=D{Vso3DssFaM9#`%!nv(@Kof&+70NO%LQKTeMJR-dm($k= zErjxR>eXK~U3leixA2;yiYd{g3pC&G88zjaV2|Qh5`2*h9VkyFewNhf(#|z=ZDlP% zhlz3+p?uNJg_J&8)F^mYwDzJ%SfKAEF`;yfEz3|EI7cODp7ac3_-kBLpsBq&R9&y@TVw_tal* zG36W7O~S&T8w5Y^KNulihU9%QbkTG1-L zDn8%%$ijkK?*8PS+OZCAHo8ynR8@n>o!Mg>(VE?y^-kxQMS&nwblT(&-<@OTW17$f z*ESqTg{4`h-!0b*hM|!)7M0btcEyWij(!#xPK%;UHp?E3%p!p}QfrKed(}&7)aLD5 zOQm?~YUF|u!tPi&8z-TiMAu8pZ#enb9phe2w&f1XRIsm!crM$C{2M0-CBU1z>1}0u zuUBu|Ri!v0j!w6N;K3fwa~n!=wlyyX7}t<&q-RmchqhV6<__i$Fx>#&*Gn}rVsK(u z;ljr_WliPkv9(M{BUUM0!!DgF>nKbtOQx~Ymdhl!c(1cmTDZYds z^JfI(A>~546cCu4fOi>jBgx0+Q6~L?1Jb+N2h5Rrwe!8l@yBXjnXyQJxq{}UB$i$x zWd6iXYbpMTdS-A#(G#;7SNO*_dQn;MKTrXW#%{ko`o-;Zfh$g^c=P)uYrE9i^+RlQU zm4zcJ`%zE2pHMb77o$^Wqb)h=Vc(KsPBJ`0=kpxAw z)w2MqEp5taMZ-8hH0hD=EJHg6^a?t>T_Gm)cxW+hvA*l8eURdV)WanBX}(t+o#{4z zmrL(4iWHU^G5v8l&RhIgG=!fvu?m z=z=AmM}%IM;wibM^oA*nU5?v%^hMo&^uCD?KWrMNrE?M4mfAiy7c$9N*wfAMNpxi! z+)G!zmfqFKU zCqn&^9t{o|tGnmI!E7Un->Weavzf5eXe?={qY=} zJek%8X((j_lCFEpJ{OB?nUkwwe@RXgnJ|X> zrM8;P!I>DGkV^SRrYL&>e0_16W9?rDP@~+QMWakXOv~(aUZ&3r*lkS2rx>wLAZ&?@ z1CQHRr}-u0O1Bb2$C_a(11tF1LZW5?@BxbY2LaQYgW-$(oJRaJAf*8>UL~cK1e->> z-8BPm61ck#PuISUrwCZCcM0_pU$o~$Gf0XVZCL|P+^?w`-|^kwd|5k(pkzCgY+yrc z2%?yp+ygI9@-o1FeRc}?&DzC0*6o0tyIf%RYCA(f!+(>w$V{ALpdI;=Jt`A?0-4_RM zYcFapfF#lg_8$e?8Wvhe-Zv+sCR`t=|I$5B)AKu32Ar+EtqLBeQ)xg{VB z{37Bluh%uOetRbtkI`tg^$-+>2N}RScc_dN6UP*X$F&CM0R*lHsqS>q!CRyZ_CSmZ zcx(3?AkcV7VQ2Wt$5#GLof(~hS}GJ+#UuIgtab(e4d+|Nt{QkY~{hF`JO<^*si?h(k_ zyBcMIT?yi`mxpRe^WklfCLI8_q~1ynul^DvAEnqAH{7C4lMyM#Jf5t0>u?UAjG*_> z*RKz*pT}F2bZe!xMSChg1c4o@l_zt($9*5=n|$MUW-p>Rt}TeS1zbmrJ-hdM_O>9> zd77zHi9m=b{8Po8TN6?Z_mAIvNSN-AfZ9MsURSjNPB6-G82744jw2=ifjc zXoI-ixU$wRumk;ls%LCH-}72Z0nImM$x`iXANLIWrv(uDVvNDP zbqH3DF}UJga}W*Ssc%pXjA1wp6}z3>O{)(M_CB_`qCS!qbe6pwaj2D&i_@R9e(Ddd z%WZ}TAoYz0UhXl1iQC)w`WR%%H`aKWPyt=>WL3$U8qG|vp|cHKTzG1B@1ANkH-a0Q zLf6|s!6qHyaLr^>2?mKfMBiZkbOIJASSU=W9XTHW?8&;_@4!W5!$jjvh9XYod>6!vJ?}B-x?yYP*DjiWv`;{l|dH;uVCZnnVt{Bj+TLD zO}0K~oUtj{;SY4rEZeEQo&!&>3DepK)mg_E!2UQwAM?ZS-1zwK$ONVq#~{^Q(6ytr z5K1iYaq>^0VMHuD3kG&yt}FmZ>)sNqermlSO>O2P_%oT{t&a^~6NzbEH3=9sFf8aB zjq5uzae5G33rirQ6UkZpn)E0IBDB=GJy4FzfPWkv%X5rqH#!E~4Nt$~`KPYXdsq_L zKR~4J6F%yaaVeopAi5cvgjh)Uy0@~v3UvNrVM>irrDgh!xyfK`2mw0&>^SYIm##XJ zxWlQ)OCjY&9nvA*LctN)l(q=ZRz8cIGZM%~th>l6eFmUM;tE=%v-5G9lsms{~bEf!#RR*$k7V)BCdgK#{t_j}n3H3I2PE*dnR+_Xi(YBT7u=!9Ra9I^>U2%89{7xlWAGWq` zd@`nn?}+S>H10t+CGvj!w!p=SJPFnh3lg;TqVkSOVKj^U{HV*k2|#G*(KH)D^!`f1 zb%^fjURXL*cFM8q-l8MeQF_LTc9zy>t9~J?8?<{@VjHtvL?a#GR~+xjW)W1jLOmZk z^5$gCJio$7k;eMVN#k8y+}0p(LaKdEDm}9f3G5(SMa{TguJzKr8;bc(MBR zo5=x*=7{N3mV`8qRZd#l@WmsQBpvDs!b;6-Y{;!A#+-(bT{vr;snlFSD>F_Hc!X~w zL%fOwZ#9HJeg&#*!RtGLx(p}vWIio~d=@wZa`Z40DH#T`#hvyzGpOK*?36_0-NyP} z1iSNH={fuaA5gb~XxDQ|F*-?|dr>0_;sP$a3HcdcVeIbK;;jVNZ###j_u&^cu%Y$8 z%V>j2$d1fHwT!*~EV}O=h;o!o*MiCW4XqGiUq93jYi0mgm=0yu133vvtH!l(8nUTb zECWw{jBkdTub%{@Rqw6k_xC-#W2c}kLwgQlZa#r@8Vc(k4Hm}TZSQmd!u4VYWn|l} zkgm?E@i&EDB}O0tedj~VUYL~7ue*7pLSc#+0kj(ur-GDN|H0yPL4tfAj1a0_6pFCi z0$M)B48*eaG&jwGkb4*e?Gf(1DX|Glt7TG2RirpooYJZc;D0yxM%V(U|Fyca29?~+ z-EhTVoLS3r#L!AnlL_kG5w3j)XXFy8`;Mzq7|r}!3x@gBj{AHi=#vZTS zlE_22X*8H_bH^d3JOdU+ele#ZcwWp>?V^@&_ErKqT70zQUEOxq_rKkFNU-nu%$mhp ziCla4pcl5A^z24Nq>Nh*650~dmjyY#n&128_A-~=+X_AjJZatTvVGrX_9TNzOPhX( zYn>r7fspR8dmazGT`}nxzn7f;BuHif!4GqRGT?*`+XXB#PUa8U#C#gxxH`)4{(VG zW>qG6RhFN8pOKVNs@j0<=#0qj5@eWHOEPj!inL|3Tzcm2*rp@A{d}4>U_)AYG_Y^_z zg;`7THYZdPC7H$%ybTk)p%tVg*9FzHu;ta&Kk1v#jwN`+<1iOX%Kh=jnt14}0^-&k zM|^H9Ol((4zng`EIU^53)*0aj_AMmlu!4bv4_RtKOY<7X5x#Qu8O0A)**594<@F!s zX=LC~{U8zz+HSE*qqHk}qgQD#do9cH_H`bFFDgof zzl%j>qBaHAHh0Il{+wBY;2Zm1@KWNDLbWo^7CDvZgyAFlP0rcBK-YrhdUe7wYnybd z_2Z&AW{q3D1i!(Ft0TO!g1svP_KXlk^YmBC)bpz4+{oyK+VW-3UW&T;8kqFfjyUVv z<)g_imkQoYzM(MK;w0f8uej}`AcN}1q54d*B*->#Iy%n3Q;F40{!{bA$|I)L6D1rS z_hY~A-Ch8<_$rg0?2&SkPM_HqZtEx+scf{y?#)LWGBX6UPP_H^vBT1hzY=B%1UiCe zyj_Hyr;JDq5S~FPE~_)2V)!HFmF(CjV-#x>V${(zuskXI(PG#wJX$2`*2kL$b4xJ2 zMxKN!M{f>NM&kq@P8yxLhQu*c8<1 zQymo6E)de>s&YPsg)z~-ed*Fiw}`1cpXz9@>bh8J7ruWxe_93KJ8xR%2ja&uIP?tMM!Vu$c;3G;ur`s*>BeXp6wHT{UH4DrQ_aYlCksKAjhi2Z#x;fp6p z$6ko!c`2c#?U(_@smRO`#R1X1C{LTa&(gr{KbqF-yQ(o_y52DU@8reGlx4N40Y7s8 z_LjPo_+RCuq9b_4VNKc(2!dCc;=Xar$~Q$2&dyX&)lwEaTCaRmD8S0sCy288 zjUE^8!r37B-)CC(1pTaG1GC(YuqV1&YDV zj}qIcwUV?Qi`vI9p=jnS#r=}X4N+Dp({kQc0zL>TY1qDq)ejO&WVt+5vXDwxA~_V% zj!bVkt3NmM#9}#QDcU@mkMq{>53qEOV+~(%l`TwyOM9u6sOF%=#i36S$sdIm}e+@m*IRo?bZP89We7J(bAVF^|F~FYkpqMb@FGc_vzfk{_+gNlXrAraAS+n% z+b=UEL64DQb58|#6}S6jMC_s{ht&w;je6bVzN(Fs3@ou%%5x-ey9Q_rSqbqvPb1~f z-?jygj@L!B?*G*+`WX8|Z*nke@b6m!b|^3jvK7^uo~J5#(!2MQHd-Gis(zGQ%>DH)Dx+d(ZDfdI1nZwV zmV1xC^L}hSe2eo!UCK9q)kc_m>UQltVdUFUG&|c!V^xIo5Bxu1J!!=^^q0`Ck^h`% zOL{g(kMH{PtJugtA%=>ftQE=B^rMsgUvYc-*(~qk3$|YZdD<^%xaPae2k;karwPMG zE+H25<8XU+{v~ZkPUHCsWI+eNO#HnyEB=-rQ62Nzd zcU9JG-OuEsMU-bjc1ic|LG8&yH`5FGpo~w@s3s!iWvU7>t^<6an4b#$dG5=lm930` zypEO0k4l(hW&yr&Af3v6NVpdF7y7$P9LZQkadLj6W$qzmyoOkhB+P2g4hwUrbPBIO zCj*5B4?GIm`!vdL5nOl7bs6aW!=G;aB3xW`+{HleTBj$xmBU4bGyG^~s6l=`I^aS+ zp+aR6F@xV*!u&{`Lyyrvj3YlLC;YZ zTJEo*ek6o+DJgkaWbVn}QTzH=QclJ~kMo1)X%OpH5$|I*_r=$G>SMibj>t1*@fMm9 zH-EEBSwYd1guM)^bOx2unP{|?7YZi{>vB=uE`p#O-r_fPBHGcdIL>_ZfK zBl38G`+M3)l(IShz2DDRR61Qot=z(pP7NELhQEL=2zqyG8+~-gCe7EhA&|h*xBQGK zYMk`D3|Y;Yh3s*rXafA5e};2H)^^fTzmZv$BA)Z$-HK=&ogmWX@WOulJ&%1BVZOW{ zWhqu%8ppilusXdkLEDZliCSnXE}`{wqb?t>w9^xbtna zYylp(#ud*z1_Jm$9tDfmmlywZ^V3je3bP1)W?Mo3M8uEU3fp(Ri4i!R*e59YlHMigkgsAprN;Z9b z!O~dzMb*5@N`j=I(lrPqfNxMY6X%7vF4KkSKi3U95w&G=GJ%Ah?&!k`X7ci@IA(+7 z$IQ|!G>YM&T6Sxw(Ym1vJ428?B9Q@J>^P2x{(Z|y_X_S-i$&!3eOVyvcN)EHO{l0)BJ5^<8TGa403Yx-AD<4E0nR};oQ=~~Q!j*=1x=wfz? zA&?Z;$Z6tqqKXyxpBLcWVM$Bd+dU5vqOd)mQO?*)*U$8}`Yc3r68ya>duDI!X71kg zFq{vP05qcXTRyZ_Q(tN1CucFbe* zO&|dtB=hw`9TFc%&$}DGMZ@dj^UjXoH>SInEoPc)5=J+@ml&yL2s@L4?ZVFU6eBH$Z zAAKi;_+%dK5YWmseJ%P1zl8Y(;GfLN6U{E(!O-IiGfACeUqDT@lVG)Y%Ax1-UnJDR zD*;zlh*1T`Ptv#mdDTq9=)Jjgf8$=+C{x^nGWW&$2d2*#c_2_^1jOYJ5tg2bK1()q z3D1!z1ZojcE@vjgBYKi4e@k?x2!K6XAH!$1?1ATyf%q zWn`9TI%I$B_@eL{@zo@C1gN!eGI8{^O2y{>!+w$bR-B^CR9x&T)O_ z%O~CN)`$wMwh<)75m2mQ*z|-sl1BoD?>IQwPG1;8&)?KeKfu|02_K^HXY0S*SAGw3X})z8(X6F!t+?(~DT#c# zAdJ8P>5tY*PqaZ}CUQu4!bu)6TJVfKJc)AzvPF!du!xNd!JMWFeo~Aj!NGA3fd%t0 znHAsc?FQlzgKqj?!oQkjZ5|kIf7E>^7(;nn>73||IQ3?#g}BQn(BYM_pI?mufums_ z0?(`AABiCSc3Kxjh9;iEg)*6t_8ut{639tF@tE{(&Z0~WI`aI-=3#2~N83mxfeSfQ zki4KDH+40ldjACIwgu1b2k8g}KoNXhc#C+Why)l}!RXP}v^4ZShR^UhvkA2KljA5= zRDzC(`{slwG}?Z{G9uB3n)O>{DU1FPml)m+?78L7S9eAZ50!5<-7|tk(bd}R&$&E>!rK^(2s^@O+>FkQlI7`AJe;~_9an^xRVZ}MKg_WL1xL&y>B1xB80f9@6Z$lE{_nMQ*7DWto{2qcm6aW2&epe@|QYBXjXOQJf7W(8M3 zY+g{A!Se_ic{@v{bTk*+Im;dSxsoioG?+CyB#KN)ATu763I&aT)$cL8reWR|OkaW( zrsg7`|0b7LHydt&5te()u{j((6Y@%}Y#!oA&06rDxf+oSGpUnKeS-76!7?;18x{k} zUm9{iDSw}-2u>2>HSzRQ=k+Q{i1j4aqM@!fj9X6m0BouAKf>DO+L4){Qc;7@nOCRW zuCyj&jUfj{BXFaXaF}P3C5O@UBvp|`&<;pXF9h>fc}>inBq}GxmB+Ai@GkHnor=RM z_JMsJ{W9exuSvO-o)($uyB|>}U3+BIr_CZEmS05YqVN^G4nB8WDVl+#>)DIYxVIen zZG&>zSO(JCN)v79{vEfP4A;#H^A_zK2e=Ze3e-DT|2vcTi=odlQ<68wI~a83w&5(G zXh*m}{k=m)1k&DA09CKYz1h!FfR`{1nhIo^3Fbq(@^+IDHxQ+9dX0h5-j1XRq7F8V zEdJyar#y02kg^7q3l%*AwJH4gVBz+fJ5q!T(Be)tDToQq|5MmkheiE-;nFN1urx?6 zAtj)qbS{kwf|L@{NQv|!A>aawpdcY2un1q2?(Qx{KjGM7H479tri}*jhTez1|u78JF6v*Ob$CGxfxl#Sh-TQzT0B338u9S+1cYEYECwSm^-40pk6i?NP&>xpPEec8^+BswIvfAAnGv- zRB~^!GNm#I{4h8r8U#MtCWE!L!{DyPb z5xnq!Rb5bJpB#6LCux{L2Fe!#I@H@7$`52mO%XHv>k@JO7XI3-bhbli={4BLgcf zbnCEtPbbHipj&8Ryt7X217D8uS;Wl58*OEMO;9Dg z%e8zk*dW5)yu(h zc-C+h=3BlcXjVd_0WiWU(-C3C~-31ZA@fGoGj3p4x$5?mw z%eSDjdloBbhWybXL1i0^X(Nldxnu*a>`2*3 zO-c&Q6$XyEwPlW`;5~`He;Vys{AJquh@LatYaxYtng5s`C7PCnP){^O zb!PJI9LHXp-K|YZHs3gAeg81`9T&m?`p)%2H+Mi#OkVv}jUTb_vH>zcVIz@sSGtN^{y;UQMR~f5x-4Avrqya(L}cvBYz?cZD^LLU`^H zx-Hl6kl-x|)q=IW2QEDa(o(dB?jm2-jlitaALpP@v)-_L(HKT`= zjDLr$j=r^J$(eKw-Opz($Ox-mIIzce4e9=7&0xl{5k)zAe^~Cojdk7`B_VPa`I2=a z{I%BU84M}>WVeMZMvFD6Q-;;doTfiPZxKzN^{G6~o~4CGn`w_$CUNq1z;SO-Z7u!I z2M3u3|Fl6FJ68>Hwe@c=Dnv!_Kp89bCg)L|8t~hFF#(1qHux@eZOdl|#`@dI!oS)J zCCi#TC+i-|Dl41P18}1GQu3nH1pDhJSq+E6jko`f;Xx>mp$N@|N37hc=>Nek`mjTZljcKfHq;F43SKH$*?dViHAQ{F*b=Vs#%a` zrY!2~xw&aAo8FGUK5@vuN8Eb2vB&E1Iu9ZgXDI zO4Yr=lJGvhR2c%ny#k)R#`oSQW%;8j31j38DG4j7wI<*M zKA}AKJ?HV}3`3_;(Tu-C8Pl-Pe}CQwHD6Kad(LTBWS(JN#b8!3`qj_SF7=TTIJ#S_ znScNNv4nThIsP1OszVQ{-`zSDv)C2)TD@c!(5F}Zu8ti%b{zcBxid6?{PZTMQ9pYs zq}}uDkfKcb{pyVYU=%(WK`nVhTciBTDC$!6uS2v!hrACf8D=lLDTdSE-V4z^B>UG2 zAE0y5?V!v&2EanGKk>q2ILV_w(cy)t0<_)$>Z7VZ;(=;Znt8(sUtHc@Rb_+!7_Sfl zEv*2OI^zb$Hc?B_d_8pfro052EFgtJ&Hnj%;^FX6j@Pj)r4cwNR0tZ9zZ@#SCMIxU zkHjIx-$wu|#R1gttKtow@@J{?Xu1V!FpvcO0_fSy{jTgA^reEM&cJz-f4XVu>#=Sf zA<~F=m^;|;Zxb8@r0;Qvxd3+{Hho5K^1{~PQAXxmTRLfof-4jN>L|86r`H{~8(pHB zj$)jrYAZH>=9CGQ55PU0gC}V4{%zzIB_6;F)sZuc^>#+FyI|2KoyY@^0gbrlx+FoQ zieMygqB~tL>M{E_1`9Mh67@gv z0Jp>yfE&%ch70vFGCvLcNEPk65M7W=-tXzEY{ny-(ETprlI*?lJmTK7j8FG2wkt*C z5wo`apKSg(O?-Xo>A!Q~d$6~^R=My=$hpTRAvKF);{xQXMm{Uz8~YB5&2K;WJsD23 znYA`p@LQGnhxd4Ulw9fTa&O5!@u}i<@AC7$u@bSB(I+E*N%WO1@)s6@`HiX-C+W$% zN&ucLUoSAf4p2VdXD*Itm@n5>4raCG%jiBD_lZqAi5gd1v_WTvLHvgC2Ksk`>2>RG z{>>`U;szy&+D!o5jJ2q3FXVN9s`O~*J7zm9#;pPz)y~GPV;?#=B`Is%<3MJodCmoh z{r)cET=93LO7-EVu`rhgCI_j@3u5QCf~p+Vg3CIa<`P+_UEZ`YI&Jx6{kxeCsMBZH z4_y9CEgDH@KD+c0PQt7Uj=Y}r&maGFf6`MV5_os<{^x&I)!0kI3R#~UQof$C^}B2! zmpycnUL9(zoXX7`_aXMK$f4n#`269Y;8aTT>(9MSy~6K3@z61L*%R6*U{DRMt$X$| zeG_QP9dvCsO|mkWK4-3Qc66TDHsS(8cxMpxxaS6bckE03FaC;)*_=d)SuHmP~FQFoa~_H8HZ|~ zT~v*iZ4SwLSFO$ZJKD|qR27u8%$fzWf7Pmph?3|HxNxmC6}8N~=U{Sv>uqx1y34FK z+9_+=FG8re8PDhG^UibanO6})RqMH4!)09g8s(a=`hVkZ1UVL#e);&UrI1OEGmp<_ zE!^T@pS5bz=TH{vwBGplqt~!#oAX}-<}nfZi|0-Ksg6Gqo^;wiNVW}gs!wP29{)Wu zABg{E+CAWW_=W7HiSO^VET=gXL;l)A#3aA8ce!aTE4A`l&HrF^(U_^(&|5(a?QXsg}6vD;o=3HTcsVQdwDtESx0b@IuWXMd`;<-9r`_amdf zM0GaUM9sWxXxJT!g|*ukZOP_uqJ77M$%GlVd>4u*v?h1%gQ%-VLbI`?zc8JB(eNZQ2yYx`RA*&46d z#TSOnUtMAPAwfS*j_v-`eAjAeTg*UW%5ii@w27U~%Chfih>53_FHCKC&AtpC zt~ssDxEGzDer0w(lJyRoP4yZacqHGtd;uoLLVT81=BDYZGzV$+DIsK<-{p@{v5n>A zg1?oM6YtLZi{(aV8DI7e9m<52We6wmb9xWPfss>rh%p(skCSJ!^*#fb>oixa#jrN zJ_tw&eCnF)O8z4TGkSOm#zWyEO5)VS*LQ=F`MCKUtfl_(^*>d2oT@9mMJBg1A3Oc7 z7%5He2X%C%DM2^qG&4oL2dPK#LgSX>xlmzv6%mVj`KH&Z#lezuRVb#w+l<9g96j!W zepD#>E~W9QYVSF%K1`=L8D2SoRUULE>-nU2D< zBkt^sq zFX8gRpa?N_PWkg?<6IfGoZO@3i2lu~H??EHQMBb=0xr3||KZg1#AaR5=Fo2r>4rTs zSp9mO;%LaL8~(c*n7h|r1;oj^kFp-Di}oXL<#Z&N+(Bq+Z4C6)rv99L>Rh7_iCy>H zG@tY;(n_~yP_Uc!sdBDWs++S<5_SCOJmbn+w*$1eH@kIO$Xfato>r$9G9`gIxUqfC-v`;J@;0yD^It%7tswMq4a`_F29(hDI(r;$-?iczw#9>_O)NuQxO zzBYee>60cb8Qf_WK3FE>dUNo672(REeIrJ#d?-5M`AC-*9xs0hTqz@O#r9MwX-RN!^KxC;Vf_sFPP zx4#Dbjeqz0m?wGvr`o{;#tuG4t1&CRab5&f_3Y(Ic=D%m(qLMPk6vR>qcnWxEx>jlB+?ru!G=OtFCIFu@ob5v#n^2+yJXL~>Q82p%=>XsyU-~b zcs!KGv3#PLjRo-#6X!J2s08uUTz*!~pQPN=IqA%f#I?|MQk1bfaKaur?wMug6abab zf=SylALSo(UF^)e#$w|yeCx`)bi|gv7&=d_>Ugy=WqqOJd7~{oYydKi$1*&iE#Af1 z5|J5S5ro15a-vB7^5$3s`OZ6M8r=j8Fqc(xilh4tkYZbFFPJH`GcXgv-Bsx`B=jojaq z-j=15>>{9Ur4m5UqH8xtd|ERswZkJ~j0T|ee+NE0I-T~Nj+N%+--+V$v1)hs`bqVA z+oR%7df1c0J(0V}_%J7*qmL`yb8C_XgJ|GD3++|HS1Q{V>^A_nKV1~DA5p0sL9d_P zSy?sf{rXQ?S0OHbJDJxt*+Uj)nO9C2sE*t#-;~tat{3|A#t6-r4DSE$L$C`o!7Qs)n2 zSxAWiTYd>w)mZO)=9eMPqd9{zUIEfOd2{pThDC!fYR5l`G(?`uoD=&V)jBG%8d9=b z2v(Q~F8#`{=($mO*(2*b(k~z4+r0CvD~-`>w-$p@0xo-$#Gm)4EIkjZ$jQH`^QA$r z5H$~-XxzHG5C`ytWS?_2uTDI;*a9L^B0^;T&^r+NZ>p27IG)~m1DstG7l`Y@phw(b7e7(RdQcv$40*Qb1Zlv#kwOevwbUHY;+LMsNg{a5r1iPUuUK z$$hPhjX|G!CJ~vlN05?}KmGDb>JvyqGYbFDePddc3XQwSMfg@E!-?lYyrFTj*JfK3 zl;7LT?Stp$;OK$uPG+>X+m<4+foVVgK^A4hFfd%XWathoDuC@lZKI);gy8Z=O?sZe z*B9eA{7+LKp04qpdLE>_WfJw|7AN?0*TMR}xTCFLg;D1xk;>;U#CZy1_;To-YBjD- zDRyAf7{YNtU5bbXT)Q_{@_ej%N2cNf@?wut-sm3{dJ%-}B5Z zC|`Ix;s%%^2OHxyx31qQiH6*LF*PQ4fl*49@hL5+J#+JV)OAp)zTlr+AR8Xz1X(-0 z3MLjf!D28u8?J@&G2+GF&}>ADO&2y^DoWR?Q5xIC>yw7Y3JACmG#)LG)wy;<{|wu_ zHhvMlEa|P9!EKlAk$$zC@&Uup5_;VeARvuW-~r;#jTfD4*H24Rf8`m@2kE|}3u>mr zCmIU^k&=Fbu~^mx*nA0Mg{iT}E?RQ1;bbTlg@yq3S2nlKufr4O&GNziVikr0vkL`_ z5BknuP*`z9>jcW`USYYD?v&nGz8;brrrZSB)WCJ%uT|cdk&^|raz5hESQ;NSt5OyE zSmj)KKHCCR$TTbTN%5@IqAKOT`rENqjooxi;MOdKXZ~A2S5X0Hx@=6IE9{X3fq+V! z$>ms+^PdA&r}Mv~A}kWQIh<73doUZs)(QXow2#U^2VIkX5WcFY(_(418LdT~Aqw-* zY+4<+&gk@!GH(~4p8jOMS?3{LcyknpunnL2gqV(AzA@@0f z)}P5yVfjY25usrazP!4g?G7xZhl4jv&0{PpJtB8Jzr82Elcd5F!&};&NPpQ5+{;$ms#!hs%^OQAmq8{0g^Xlk6U4%Ja1qQ>wZps;% zweD(%@mPK!j~K_DEG=-*{+D5iO^A#D#{x2Oe>J`mtrG!D4M_mKm;^6C|IRx54WQS~ z45l6*gsSI)B`K+S-==wvJn;g;A5Q_vz^yTgY^68JN{!W1ueu3v3A}(X^&}8Owg42d zA9?87M#MsUxEHAZOaR&2z1CdejX1s>vbf>UtJQe$Z^!3PzS6G~U^~7A>gAJPwNf3x z!M+^u6#B5L>C%8Q)z)$51jf|w=obK_Y?Q9pI6l)W8B5Vh6eaF`lDv=)fO#^5C2Cf6i8g~XPw=yhY4oDfW)d9I7;6y$a2b`ab0~U*gs9oPR%Qv$^rQMwAjj3J}{Mb#A zK%0E@@AmBMr@Qvl>+PXH-9x%OEjKey-e(igNSi^MPd11K&Lrj{Lc5AR)7E#QULf*={-Qwx=Xn6$kHle2IzNkj-iVf_)k~AG=kDl zZTFho)jnbmKg+MK;QiUuq5=uV}Rh&ELMm`z=g00dyD2KU>}uR zy_f9d_=^;30RMsIXiWkD07F1%meuM&y4PmK=meHg1aFo*!zk4)e{u{?^Z{$<&CB^2 zAga)!CAG#4Xe*OW9dw2%+HpW7XpBMz(>$4NUoi%XIM_7J2oS`ltFWZs0`4-*7Pdt9hWFbBfOub}G}_Daj8QMv(!z?+376w+h8S)2fP8K`-_NQv7R zqJdYmCceq9i7{aTv>UHh65cTYTz6>jJ;ZW22sq!X;TJUvMn{00Q}7w!taJ2gCN0S4IPne{`VMSRr-K?V0H*FSeOf)sP<`z=VlYDhHPrphNpXZ0 zScG}yteS?eZ)#@mfx2|>cR6L^1*a(4<>{x_x5?A((Nq1Gvh1O0vS%1@0j4J3&uhTrrZE5h?V0xsVO#boV|XPouefVlA_~j*95QD%X_JYPL zaAGf@SB2JoR?d(bfI^5ODk5YH!j`0$QZc@6T9|6E|4Se&fmUf8My@?iv5&}F?(uHj z_FR1Kg;5+wxs>--N`gN?@Z_EYi6(tB%3@f%GuZVg(abW6h)0$>@BoTLkM$w`DJ(;l zSesO0u3#so{}gtrez8p&9^*IgtKw=k{8IU>r9#4;lxU;w#J?f-_(cZ6ZDPe|0E4g@ z&Wna9I~-x=iCiy%zMM0lqLFilbL+!-Z-7jeU5cw}i|s79=z+b}nBxfg7t51C+=XnL z+epp^Cxju5y5&7*JV#Ao6se6^Kd7juH~`^Ef6YC*Y+Rg_67*1PoO{Li2|w=|V@t^Z zoGfJe6Xco2-^79I>P)W>*N49Y3Tbo#CCT?)oB9^A6K4P1ndL&9o zMHVTF#$D#yCRZk|;hhSz3$lI*FC1G)00k-{YbGisH`!52a3{l3WagxQMD5O3mY2=A zUVy_uwEY8I(?Ns&kT~FLWRQE}qlP#JhRSRG09jU&te_fKi$_n9(B znWRQ&X(F2Wjo})g4^wUv%E)_`JWf#7IPfVFyxLWN2Pzbxs12?io722`U@=VT*8Po( z-K>?GW7O~Y6XzwXsxixmkSIx#nEc(nphc^0wKQc-gWtykWdc2Kx$;KxwMqrLNZB;9 zu{HFjm5m@1&2*I>Al`@P14FZ%jw#v!>Y|v;H82gPtD;EWaLUnA6@Hk}esa9N+^*9z zQj)+&3NZkTZ%uu@#X$~^gS$Yuy9dPd2!s1cg+g96%N;0~GcdxdTi&sHFctwVHJ)f# z-^0%jF`53INVqJD#c~7OnZmqrMIwY7LYW}fWF&?<#&pHcS5_Khq5jHor2-r1YX+7~ zE|x#7v`LUu)N1Nvf<-&^Z(Z@(W8NM!d5QJ|<}~AktvGilQ3>vvH3Q6xNYh3{uyKnJ zhDNuW-Xb#Y{3ws&TIN~okl|KzJE-u$~QJ2*QwSuC^Yy(>B% zBOLG8f)G*EaB#;Uyd|XC$Kdr25evAR0@tehwiVIw4Fk4dMF`R1jwrQX$-9!dR{_NK zhjb=L`pVtcC)#Hca3t$1D0}|Fua9Brir=WTw)_>rI(UZ@Li<$!Rqjy@qexUUSCL@6 z?5YbUFAw2Uf>>}h@$L)6H|&$#>DW%n>NTyu8Lf}xdd-n^cC9pY;O&Zlg;^v%-YNU# zks601)DXq%de}=@FF%Jmvb;uR8N&CQLsPYJH+R!Vk8;vGA$7BKP`koLcj?;jS3Zp} z(QO!-q5VdO3W+;w6#lkwzmUd=VmCE#19Ak@WZR8LaxyGQ@I*)~r*dRXC`vJ!3yDDM z`h0XRXp%bc(K4)+%W9>fl=vdHt9nP49boJczS$I4LC_9WHl5BcAgG5uB8F2M*}sY2 z`(QJiG=-xM6C8GWMxwKPos=XN$+cqvbXQUy%Yh~MU3$^|T%<8QRTfeFd)K##p0+vG>Baz{st6`z};y-@Ok1ylEf z7`YUTm_i_RS;*P>FXsAm_54s@WmYtGp<2o#-c2s$v0t&l>WVm=(MO*}DG&-Kw~Bx8 ziamk`jzL^QSCudg9Hir%ajgO(OJ{jSjiedWa1{gt8-+S63>L}mY(?g5RRlm}ILflI ze7J3T)v#V@5QGxRjMuX#52b*J8D#M@z`^l~{0a@PC%@*HUXV8=n11{EHU%kOuxYu2pro{9A$MX~GD8IZO@&8@epo(L zi@+L){(o*<9nkcM@G3YpArV1CB@5a?9%Tak4rxUPW%}HLi_uS>5i0vBph*5f8UC2Y z|A1t1Re~^(e1zbV3J#`-K#PpNGUvi0s13TPG$DMNDb^3=Q$1pr-q|6CpNOP*2L=Xa z(wHrU&%P%y<5iA~pmvku*xkpq49OzFle6tjgjy0P+J&H8!dZM1Mg))Q3VbAXNKwsaks!389xn~QAYvmq zNhTF1pxq<12pk9}vugHh9#m4?|4G5dpsXR_TSJr{R)Erk2+jx-(AANYxIKJ9&Pg_9 zb(=2igU>WN0xuLLfDT)dSmMkmYjFFf5+`#o1(9CvEpwjOXIDyyS;!PtAz5HbM@7Gn zZ9kTrH;{3!slQ+P?qTKZp0H9o^~76m6&`PJnsMvWG`!Mi(PRpG3h1d8yL71duxiQi zWfx@0#ksJ%pt3SE})G_Rs=ya zdy7&NiEk^tj6UiCimryvv9QKgA}Wu=6 zo3?wLBQvrla2jIST80@yxCPwQH0jPPO*p`OJL zG*NUGCdkzwrum5c(5?(Rs*tSk;#9v@>t79zKCyYG6v!>t=myM!TfV2u**7Nb2bW7c z(}~EPI;CAE`0hVdY0B}WUgUE%JNFQGR%l`*|@=|Oy5nc{;`+WT>H zsT@O*1AH>%`y@XD83F@1CNPmuF%<~Oyc2-EpUOz`K*Zry9CcV70w@Q!E0-#i6>3g! z?eBsj?B;tvves3j8a0o(0tFlnS}J@rL-6Wn;nrS=d#f2d)A9phAxa)ez=pG7J%#ab zWtDcjjUIyoq#OT`O14qGmA*;Vc4Nq9B)>oWWic7mp}Cd7)YuLm`aU88Ab)7x06Y_U z5wjB0W7aNm%nh+ZMv&3=x9rFy1NP46+l5m~MleY(2#<^*>b{t-xhNjI4Z+4piB5pW zb)2TUSY4Fpz;bhkr5aC89RIx1bUC#d$sf>a3t^z(Jm_7Fs+dt@wcs_81aJTYwa=vj zprn?+qvrzRt?VYq&|AJ1<7Umfg5PK>^KHH`yQ%U~W_}pp{sbGR>Zir%W?Iu&TX*2I?bo zP0kB~>(sUvzupUq7soOvO1GPg;vy)u6V;ZoV6{-cYa0jD5!8n-k0jj5&w0zqQyBL= zs^{OeyjZ5_@MgU~!E(qTqAKN^gFheU{oZR$p3p*()phKtj3J4Rl0qHpPz!te_29P` zh;(g;v$73Lvj*w1>ApcCwsHJn5A{KA`f`Oe?>nXdK4%sywGjI=wr2yO`=s82S6bxe ze(^xFbnqF2d<1ezwExHA(@V*1nwg5TG;ak@(rr7LI0V=I67{&ah3xJdSDWF*m3glL zNHr%v9-YcK`J{+=*=;c^3;=q8_KqD!&~NyObTJK`*Df-1dQ0A!{LPnhV4R`3lko!WSHE5{OXv>9c6qFH;nSA+B>X7LZO`C}*LTQ;4rcG&A*FJm6a z8p-9~f=?iZF!looc=X~Uij1X2k;d|ehpYRCPuRQI9ZMKp0i*LmHCPBi@_PUA&&54G z8E$%5Kb#^sA+@&tD3o+#se==`S5ljSB){K{zj!TO_a;aHNC=c(C5@xy@hWa;?uvie z+U5hX$EdNJEC*9hnE_NN+6N*$NeHSC!?JG26{xBp))0v|LG9iz)vT%9RI;y|m5)uv zKimB6evjY-3*Rgxec)rl8@{BwHgBgdF#n8fS6lt^YPyj@@bi9litl2#3fHsnnowwa zn*xekI)loryOR-7+Pwy2iLr|)mV@K%$h@TVf#38hmZqOkZ)Ms!p$^qV2plVMcf<;Y z8n&&7vl+J@LtMG5zIRBNsms`HXofkfI`+%I@TGT5F6 zPlGN&=uWgzH{ihoKLCrGx)II zr)5x*K*-Vc>Y1W%%^3GgS~%FgemXF~kp zzq^MmCr#lPNDg;Y1UW~yuhQyb{M-~*E1Kgt+Nbi@jjkNysuvdSB=AEh0andtEa@Ev zF7skYMVOw96lw#u3K0qU9zs&|9c4mm^bfA$keCR*^oM8$v3JdX6pbOga4stLr8_@~ zy8^|05|%hMq3UCi2rd>XnCkPJ8Sh>%{VA3{cY90r?3cR4cJdT(<}eK01|4tmKm9d$BIG;(jcuwUr!mW=ay;IpytPc zft@4Z96KoJF7~1)>(&g80ptT}w{9&r6zvv_1=^4DoA{uzB_SdLIsfom}gED zfmh$63^QdN{K4D~a-)tBHjCf?P)sK{j1~r$BayT!*M5;2=A?MACUVK^L8cSJH*Z&i zqL#lIlOiuxpfE7c(^B__mzV`JHm7fi52+mbT75`_8zzD8c(V2Pr}*p)%Qcdw$hKb6 zonDPNT0E6u*j0*N?kXqNkrq<=nFHj+&d9keabP$lq1CZ8En0R?q7NX{$(+TXC|eH7 zG&p7u*X!rPJ#<=asiy7+e2jHAI3FJiPT?!UzukQB6P2iU%z!j2ITy9dKm>HPhtsqz zQ;sW>NJCHT_g-+-yh3nd?kspJuW~4_axue;t=M@0i`NsWdvb$yKh5+H=2NsuR2M{> z*9;A$qc|X3nojZ={cS&*NfcL^<*I*-h4_caM1Z_5M-ip|6}FF0>T2{VX~;XDZ(&FO zjw|ml+OAK-(i1I1rDe;zPx7m878}Iii4X~%BXq~CgC6lP@GRlzL`6_<@n{FnF3NI< zAcOf}%GVTw1388wSSZ~djA;zWiXmmGNL5>ygY0->`C#JsxFLxx5kcaRU)t)|ktt{7 z4EK>q03u!e?S5=t0-+coLV!XxY3=C=lVeB7UM?_ZU#WI!Cpt@&2`bjVE+1j)zDT9Dg$`%6C2P%U9f z>rc@_ltOP+NML$rDbATY84ATzw^5|6@4ES0q!k(o<#~NrKftMF(UdX0_B8!?%2PDG zB&M8cAttvbRG}qgtY-9;7?sT89ei}8M+S1b3M0(%V3lkV$2Z--@>!Qsu(_qTc+8Id z;Oou`gjDw*xIz#Kp{v65R!MUJLH}pPH*hmjIQh;z$X;K&%-V*~D>F%oauyQ!?kpQtB^mA;A*ybZd2JP|G+*Z zdnkAMV~$qtggWnkfPAvP8KDe05~esLsZQ&v04pcm#<9@JftPgu0XhWj5Y7&=1>Bgv zgQ>-?C`yYbW|&Ha6WAXVD*z+k&zLaF%LE^Yi=RqM7pPqW#X|=u_2MJiGn`2X=U!0t0l6$j;-Ieu;Q-b zVg&alwGt5wt)T^+7EV6VhsS*4%s#!suYL)-swdd@DnHS&0yF181nZef;Z+(N#i~^% z(xM?=@tokaw3AXMA~&7syiD5}ZsUB2uTyvRu1AgE$?DGb#Jb|98BX#bH|+ z9uK&)gVXftSA5v?ze>oncK}Emtvq+q6*@k$>3z-4JR1`90P+A_t!c(A`|Z_6g|ETq z|6>)BgCGWS?e#gioT%8%;27|73%nknm)4mkkT;#qyX4?O* zyr1{AvtU7aOhLm|t(fn@hRKWJdvr(zpbEFyb~sz50VDxG2^N?WdrtklF7A|QNXetQ z8+@PP3ZuM^1r^wi5=`q*^};K`lf z%ebAn9uKfK)(OEB|FujU*1#?lg>x(>Iv}d)l?eE-hQ*kjSaFm62Z0_6em4YFm=?ZT zQ8w7On8{op{3RBu-GK!*A6apbU42RdMU$UrS3V39^cMToLYNUNEm*w0z>V?m;l>^R zJD6xzFt!cGHPWl@Z)3l_Vklk}A+PG4QbAANU46>MPI*Q8;Jg1k2KJ?m`>x)jg?$V` z>|=N?4ZB>mBa0PcWh1Yw6#$R%1d9py*mmQee;7x?U-M_Q`Kxm^js3t_IV&^@(_nO;m#~&QhQ$Q^$2gC%v-9@z*44;| zgh4A65k(IFc@Ao9#fyMQ@y3;1?*ITz#@bbE1I42QbzhAR$`UC)V7Vl$F_!W9_Wolz zY}ht_``5o^GfU1}X?*-&Zv#5%RWnEhXV`$xQgVfU#X9g(SbJUPycNZlV_{kgMvr~C iD`WgSz-V#2OJd4~i?gpLjs7^`pN5K-av|J2_ 1000uatom --from --gas auto --gas-adjustment 1.5 --gas-prices 0.025uatom +``` + +#### Other Transaction Creation Methods + +The command-line is an easy way to interact with an application, but `Tx` can also be created using a [gRPC or REST interface](../advanced/06-grpc_rest.md) or some other entry point defined by the application developer. From the user's perspective, the interaction depends on the web interface or wallet they are using (e.g. creating `Tx` using [Lunie.io](https://lunie.io/#/) and signing it with a Ledger Nano S). + +## Addition to Mempool + +Each full-node (running CometBFT) that receives a `Tx` sends an [ABCI message](https://docs.cometbft.com/v0.37/spec/p2p/messages/), +`CheckTx`, to the application layer to check for validity, and receives an `abci.ResponseCheckTx`. If the `Tx` passes the checks, it is held in the node's +[**Mempool**](https://docs.cometbft.com/v0.37/spec/p2p/messages/mempool/), an in-memory pool of transactions unique to each node, pending inclusion in a block - honest nodes discard a `Tx` if it is found to be invalid. Prior to consensus, nodes continuously check incoming transactions and gossip them to their peers. + +### Types of Checks + +The full-nodes perform stateless, then stateful checks on `Tx` during `CheckTx`, with the goal to +identify and reject an invalid transaction as early on as possible to avoid wasted computation. + +**_Stateless_** checks do not require nodes to access state - light clients or offline nodes can do +them - and are thus less computationally expensive. Stateless checks include making sure addresses +are not empty, enforcing nonnegative numbers, and other logic specified in the definitions. + +**_Stateful_** checks validate transactions and messages based on a committed state. Examples +include checking that the relevant values exist and can be transacted with, the address +has sufficient funds, and the sender is authorized or has the correct ownership to transact. +At any given moment, full-nodes typically have [multiple versions](../advanced/00-baseapp.md#state-updates) +of the application's internal state for different purposes. For example, nodes execute state +changes while in the process of verifying transactions, but still need a copy of the last committed +state in order to answer queries - they should not respond using state with uncommitted changes. + +In order to verify a `Tx`, full-nodes call `CheckTx`, which includes both _stateless_ and _stateful_ +checks. Further validation happens later in the [`DeliverTx`](#delivertx) stage. `CheckTx` goes +through several steps, beginning with decoding `Tx`. + +### Decoding + +When `Tx` is received by the application from the underlying consensus engine (e.g. CometBFT ), it is still in its [encoded](../advanced/05-encoding.md) `[]byte` form and needs to be unmarshaled in order to be processed. Then, the [`runTx`](../advanced/00-baseapp.md#runtx-antehandler-runmsgs-posthandler) function is called to run in `runTxModeCheck` mode, meaning the function runs all checks but exits before executing messages and writing state changes. + +### ValidateBasic (deprecated) + +Messages ([`sdk.Msg`](../advanced/01-transactions.md#messages)) are extracted from transactions (`Tx`). The `ValidateBasic` method of the `sdk.Msg` interface implemented by the module developer is run for each transaction. +To discard obviously invalid messages, the `BaseApp` type calls the `ValidateBasic` method very early in the processing of the message in the [`CheckTx`](../advanced/00-baseapp.md#checktx) and [`DeliverTx`](../advanced/00-baseapp.md#delivertx) transactions. +`ValidateBasic` can include only **stateless** checks (the checks that do not require access to the state). + +:::warning +The `ValidateBasic` method on messages has been deprecated in favor of validating messages directly in their respective [`Msg` services](../../build/building-modules/03-msg-services.md#Validation). + +Read [RFC 001](https://docs.cosmos.network/main/rfc/rfc-001-tx-validation) for more details. +::: + +:::note +`BaseApp` still calls `ValidateBasic` on messages that implements that method for backwards compatibility. +::: + +#### Guideline + +`ValidateBasic` should not be used anymore. Message validation should be performed in the `Msg` service when [handling a message](../../build/building-modules/msg-services#Validation) in a module Msg Server. + +### AnteHandler + +`AnteHandler`s even though optional, are in practice very often used to perform signature verification, gas calculation, fee deduction, and other core operations related to blockchain transactions. + +A copy of the cached context is provided to the `AnteHandler`, which performs limited checks specified for the transaction type. Using a copy allows the `AnteHandler` to do stateful checks for `Tx` without modifying the last committed state, and revert back to the original if the execution fails. + +For example, the [`auth`](https://github.com/cosmos/cosmos-sdk/tree/main/x/auth/spec) module `AnteHandler` checks and increments sequence numbers, checks signatures and account numbers, and deducts fees from the first signer of the transaction - all state changes are made using the `checkState`. + +:::warning +Ante handlers only run on a transaction. If a transaction embed multiple messages (like some x/authz, x/gov transactions for instance), the ante handlers only have awareness of the outer message. Inner messages are mostly directly routed to the [message router](https://docs.cosmos.network/main/learn/advanced/baseapp#msg-service-router) and will skip the chain of ante handlers. Keep that in mind when designing your own ante handler. +::: + +### Gas + +The [`Context`](../advanced/02-context.md), which keeps a `GasMeter` that tracks how much gas is used during the execution of `Tx`, is initialized. The user-provided amount of gas for `Tx` is known as `GasWanted`. If `GasConsumed`, the amount of gas consumed during execution, ever exceeds `GasWanted`, the execution stops and the changes made to the cached copy of the state are not committed. Otherwise, `CheckTx` sets `GasUsed` equal to `GasConsumed` and returns it in the result. After calculating the gas and fee values, validator-nodes check that the user-specified `gas-prices` is greater than their locally defined `min-gas-prices`. + +### Discard or Addition to Mempool + +If at any point during `CheckTx` the `Tx` fails, it is discarded and the transaction lifecycle ends +there. Otherwise, if it passes `CheckTx` successfully, the default protocol is to relay it to peer +nodes and add it to the Mempool so that the `Tx` becomes a candidate to be included in the next block. + +The **mempool** serves the purpose of keeping track of transactions seen by all full-nodes. +Full-nodes keep a **mempool cache** of the last `mempool.cache_size` transactions they have seen, as a first line of +defense to prevent replay attacks. Ideally, `mempool.cache_size` is large enough to encompass all +of the transactions in the full mempool. If the mempool cache is too small to keep track of all +the transactions, `CheckTx` is responsible for identifying and rejecting replayed transactions. + +Currently existing preventative measures include fees and a `sequence` (nonce) counter to distinguish +replayed transactions from identical but valid ones. If an attacker tries to spam nodes with many +copies of a `Tx`, full-nodes keeping a mempool cache reject all identical copies instead of running +`CheckTx` on them. Even if the copies have incremented `sequence` numbers, attackers are +disincentivized by the need to pay fees. + +Validator nodes keep a mempool to prevent replay attacks, just as full-nodes do, but also use it as +a pool of unconfirmed transactions in preparation of block inclusion. Note that even if a `Tx` +passes all checks at this stage, it is still possible to be found invalid later on, because +`CheckTx` does not fully validate the transaction (that is, it does not actually execute the messages). + +## Inclusion in a Block + +Consensus, the process through which validator nodes come to agreement on which transactions to +accept, happens in **rounds**. Each round begins with a proposer creating a block of the most +recent transactions and ends with **validators**, special full-nodes with voting power responsible +for consensus, agreeing to accept the block or go with a `nil` block instead. Validator nodes +execute the consensus algorithm, such as [CometBFT](https://docs.cometbft.com/v0.37/spec/consensus/), +confirming the transactions using ABCI requests to the application, in order to come to this agreement. + +The first step of consensus is the **block proposal**. One proposer amongst the validators is chosen +by the consensus algorithm to create and propose a block - in order for a `Tx` to be included, it +must be in this proposer's mempool. + +## State Changes + +The next step of consensus is to execute the transactions to fully validate them. All full-nodes +that receive a block proposal from the correct proposer execute the transactions by calling the ABCI function `FinalizeBlock`. +As mentioned throughout the documentation `BeginBlock`, `ExecuteTx` and `EndBlock` are called within FinalizeBlock. +Although every full-node operates individually and locally, the outcome is always consistent and unequivocal. This is because the state changes brought about by the messages are predictable, and the transactions are specifically sequenced in the proposed block. + +```text + -------------------------- + | Receive Block Proposal | + -------------------------- + | + v + ------------------------- + | FinalizeBlock | + ------------------------- + | + v + ------------------- + | BeginBlock | + ------------------- + | + v + -------------------- + | ExecuteTx(tx0) | + | ExecuteTx(tx1) | + | ExecuteTx(tx2) | + | ExecuteTx(tx3) | + | . | + | . | + | . | + ------------------- + | + v + -------------------- + | EndBlock | + -------------------- + | + v + ------------------------- + | Consensus | + ------------------------- + | + v + ------------------------- + | Commit | + ------------------------- +``` + +### Transaction Execution + +The `FinalizeBlock` ABCI function defined in [`BaseApp`](../advanced/00-baseapp.md) does the bulk of the +state transitions: it is run for each transaction in the block in sequential order as committed +to during consensus. Under the hood, transaction execution is almost identical to `CheckTx` but calls the +[`runTx`](../advanced/00-baseapp.md#runtx) function in deliver mode instead of check mode. +Instead of using their `checkState`, full-nodes use `finalizeblock`: + +* **Decoding:** Since `FinalizeBlock` is an ABCI call, `Tx` is received in the encoded `[]byte` form. + Nodes first unmarshal the transaction, using the [`TxConfig`](./app-anatomy#register-codec) defined in the app, then call `runTx` in `execModeFinalize`, which is very similar to `CheckTx` but also executes and writes state changes. + +* **Checks and `AnteHandler`:** Full-nodes call `validateBasicMsgs` and `AnteHandler` again. This second check + happens because they may not have seen the same transactions during the addition to Mempool stage + and a malicious proposer may have included invalid ones. One difference here is that the + `AnteHandler` does not compare `gas-prices` to the node's `min-gas-prices` since that value is local + to each node - differing values across nodes yield nondeterministic results. + +* **`MsgServiceRouter`:** After `CheckTx` exits, `FinalizeBlock` continues to run + [`runMsgs`](../advanced/00-baseapp.md#runtx-antehandler-runmsgs-posthandler) to fully execute each `Msg` within the transaction. + Since the transaction may have messages from different modules, `BaseApp` needs to know which module + to find the appropriate handler. This is achieved using `BaseApp`'s `MsgServiceRouter` so that it can be processed by the module's Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md). + For `LegacyMsg` routing, the `Route` function is called via the [module manager](../../build/building-modules/01-module-manager.md) to retrieve the route name and find the legacy [`Handler`](../../build/building-modules/03-msg-services.md#handler-type) within the module. + +* **`Msg` service:** Protobuf `Msg` service is responsible for executing each message in the `Tx` and causes state transitions to persist in `finalizeBlockState`. + +* **PostHandlers:** [`PostHandler`](../advanced/00-baseapp.md#posthandler)s run after the execution of the message. If they fail, the state change of `runMsgs`, as well of `PostHandlers`, are both reverted. + +* **Gas:** While a `Tx` is being delivered, a `GasMeter` is used to keep track of how much + gas is being used; if execution completes, `GasUsed` is set and returned in the + `abci.ExecTxResult`. If execution halts because `BlockGasMeter` or `GasMeter` has run out or something else goes + wrong, a deferred function at the end appropriately errors or panics. + +If there are any failed state changes resulting from a `Tx` being invalid or `GasMeter` running out, +the transaction processing terminates and any state changes are reverted. Invalid transactions in a +block proposal cause validator nodes to reject the block and vote for a `nil` block instead. + +### Commit + +The final step is for nodes to commit the block and state changes. Validator nodes +perform the previous step of executing state transitions in order to validate the transactions, +then sign the block to confirm it. Full nodes that are not validators do not +participate in consensus - i.e. they cannot vote - but listen for votes to understand whether or +not they should commit the state changes. + +When they receive enough validator votes (2/3+ _precommits_ weighted by voting power), full nodes commit to a new block to be added to the blockchain and +finalize the state transitions in the application layer. A new state root is generated to serve as +a merkle proof for the state transitions. Applications use the [`Commit`](../advanced/00-baseapp.md#commit) +ABCI method inherited from [Baseapp](../advanced/00-baseapp.md); it syncs all the state transitions by +writing the `deliverState` into the application's internal state. As soon as the state changes are +committed, `checkState` starts afresh from the most recently committed state and `deliverState` +resets to `nil` in order to be consistent and reflect the changes. + +Note that not all blocks have the same number of transactions and it is possible for consensus to +result in a `nil` block or one with none at all. In a public blockchain network, it is also possible +for validators to be **byzantine**, or malicious, which may prevent a `Tx` from being committed in +the blockchain. Possible malicious behaviors include the proposer deciding to censor a `Tx` by +excluding it from the block or a validator voting against the block. + +At this point, the transaction lifecycle of a `Tx` is over: nodes have verified its validity, +delivered it by executing its state changes, and committed those changes. The `Tx` itself, +in `[]byte` form, is stored in a block and appended to the blockchain. diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/beginner/02-query-lifecycle.md b/copy-of-sdk-versioned_docs/version-0.53/learn/beginner/02-query-lifecycle.md new file mode 100644 index 00000000..c3d7eb1c --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/beginner/02-query-lifecycle.md @@ -0,0 +1,147 @@ +--- +sidebar_position: 1 +--- + +# Query Lifecycle + +:::note Synopsis +This document describes the lifecycle of a query in a Cosmos SDK application, from the user interface to application stores and back. The query is referred to as `MyQuery`. +::: + +:::note Pre-requisite Readings + +* [Transaction Lifecycle](./01-tx-lifecycle.md) +::: + +## Query Creation + +A [**query**](../../build/building-modules/02-messages-and-queries.md#queries) is a request for information made by end-users of applications through an interface and processed by a full-node. Users can query information about the network, the application itself, and application state directly from the application's stores or modules. Note that queries are different from [transactions](../advanced/01-transactions.md) (view the lifecycle [here](./01-tx-lifecycle.md)), particularly in that they do not require consensus to be processed (as they do not trigger state-transitions); they can be fully handled by one full-node. + +For the purpose of explaining the query lifecycle, let's say the query, `MyQuery`, is requesting a list of delegations made by a certain delegator address in the application called `simapp`. As is to be expected, the [`staking`](../../build/modules/staking/README.md) module handles this query. But first, there are a few ways `MyQuery` can be created by users. + +### CLI + +The main interface for an application is the command-line interface. Users connect to a full-node and run the CLI directly from their machines - the CLI interacts directly with the full-node. To create `MyQuery` from their terminal, users type the following command: + +```bash +simd query staking delegations +``` + +This query command was defined by the [`staking`](../../build/modules/staking/README.md) module developer and added to the list of subcommands by the application developer when creating the CLI. + +Note that the general format is as follows: + +```bash +simd query [moduleName] [command] --flag +``` + +To provide values such as `--node` (the full-node the CLI connects to), the user can use the [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml) config file to set them or provide them as flags. + +The CLI understands a specific set of commands, defined in a hierarchical structure by the application developer: from the [root command](../advanced/07-cli.md#root-command) (`simd`), the type of command (`Myquery`), the module that contains the command (`staking`), and command itself (`delegations`). Thus, the CLI knows exactly which module handles this command and directly passes the call there. + +### gRPC + +Another interface through which users can make queries is [gRPC](https://grpc.io) requests to a [gRPC server](../advanced/06-grpc_rest.md#grpc-server). The endpoints are defined as [Protocol Buffers](https://developers.google.com/protocol-buffers) service methods inside `.proto` files, written in Protobuf's own language-agnostic interface definition language (IDL). The Protobuf ecosystem developed tools for code-generation from `*.proto` files into various languages. These tools allow to build gRPC clients easily. + +One such tool is [grpcurl](https://github.com/fullstorydev/grpcurl), and a gRPC request for `MyQuery` using this client looks like: + +```bash +grpcurl \ + -plaintext # We want results in plain test + -import-path ./proto \ # Import these .proto files + -proto ./proto/cosmos/staking/v1beta1/query.proto \ # Look into this .proto file for the Query protobuf service + -d '{"address":"$MY_DELEGATOR"}' \ # Query arguments + localhost:9090 \ # gRPC server endpoint + cosmos.staking.v1beta1.Query/Delegations # Fully-qualified service method name +``` + +### REST + +Another interface through which users can make queries is through HTTP Requests to a [REST server](../advanced/06-grpc_rest.md#rest-server). The REST server is fully auto-generated from Protobuf services, using [gRPC-gateway](https://github.com/grpc-ecosystem/grpc-gateway). + +An example HTTP request for `MyQuery` looks like: + +```bash +GET http://localhost:1317/cosmos/staking/v1beta1/delegators/{delegatorAddr}/delegations +``` + +## How Queries are Handled by the CLI + +The preceding examples show how an external user can interact with a node by querying its state. To understand in more detail the exact lifecycle of a query, let's dig into how the CLI prepares the query, and how the node handles it. The interactions from the users' perspective are a bit different, but the underlying functions are almost identical because they are implementations of the same command defined by the module developer. This step of processing happens within the CLI, gRPC, or REST server, and heavily involves a `client.Context`. + +### Context + +The first thing that is created in the execution of a CLI command is a `client.Context`. A `client.Context` is an object that stores all the data needed to process a request on the user side. In particular, a `client.Context` stores the following: + +* **Codec**: The [encoder/decoder](../advanced/05-encoding.md) used by the application, used to marshal the parameters and query before making the CometBFT RPC request and unmarshal the returned response into a JSON object. The default codec used by the CLI is Protobuf. +* **Account Decoder**: The account decoder from the [`auth`](../../build/modules/auth/README.md) module, which translates `[]byte`s into accounts. +* **RPC Client**: The CometBFT RPC Client, or node, to which requests are relayed. +* **Keyring**: A [Key Manager]../beginner/03-accounts.md#keyring) used to sign transactions and handle other operations with keys. +* **Output Writer**: A [Writer](https://pkg.go.dev/io/#Writer) used to output the response. +* **Configurations**: The flags configured by the user for this command, including `--height`, specifying the height of the blockchain to query, and `--indent`, which indicates to add an indent to the JSON response. + +The `client.Context` also contains various functions such as `Query()`, which retrieves the RPC Client and makes an ABCI call to relay a query to a full-node. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/context.go#L27-70 +``` + +The `client.Context`'s primary role is to store data used during interactions with the end-user and provide methods to interact with this data - it is used before and after the query is processed by the full-node. Specifically, in handling `MyQuery`, the `client.Context` is utilized to encode the query parameters, retrieve the full-node, and write the output. Prior to being relayed to a full-node, the query needs to be encoded into a `[]byte` form, as full-nodes are application-agnostic and do not understand specific types. The full-node (RPC Client) itself is retrieved using the `client.Context`, which knows which node the user CLI is connected to. The query is relayed to this full-node to be processed. Finally, the `client.Context` contains a `Writer` to write output when the response is returned. These steps are further described in later sections. + +### Arguments and Route Creation + +At this point in the lifecycle, the user has created a CLI command with all of the data they wish to include in their query. A `client.Context` exists to assist in the rest of the `MyQuery`'s journey. Now, the next step is to parse the command or request, extract the arguments, and encode everything. These steps all happen on the user side within the interface they are interacting with. + +#### Encoding + +In our case (querying an address's delegations), `MyQuery` contains an [address](./03-accounts.md#addresses) `delegatorAddress` as its only argument. However, the request can only contain `[]byte`s, as it is ultimately relayed to a consensus engine (e.g. CometBFT) of a full-node that has no inherent knowledge of the application types. Thus, the `codec` of `client.Context` is used to marshal the address. + +Here is what the code looks like for the CLI command: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/staking/client/cli/query.go#L315-L318 +``` + +#### gRPC Query Client Creation + +The Cosmos SDK leverages code generated from Protobuf services to make queries. The `staking` module's `MyQuery` service generates a `queryClient`, which the CLI uses to make queries. Here is the relevant code: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/staking/client/cli/query.go#L308-L343 +``` + +Under the hood, the `client.Context` has a `Query()` function used to retrieve the pre-configured node and relay a query to it; the function takes the query fully-qualified service method name as path (in our case: `/cosmos.staking.v1beta1.Query/Delegations`), and arguments as parameters. It first retrieves the RPC Client (called the [**node**](../advanced/03-node.md)) configured by the user to relay this query to, and creates the `ABCIQueryOptions` (parameters formatted for the ABCI call). The node is then used to make the ABCI call, `ABCIQueryWithOptions()`. + +Here is what the code looks like: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/query.go#L79-L113 +``` + +## RPC + +With a call to `ABCIQueryWithOptions()`, `MyQuery` is received by a [full-node](../advanced/05-encoding.md) which then processes the request. Note that, while the RPC is made to the consensus engine (e.g. CometBFT) of a full-node, queries are not part of consensus and so are not broadcasted to the rest of the network, as they do not require anything the network needs to agree upon. + +Read more about ABCI Clients and CometBFT RPC in the [CometBFT documentation](https://docs.cometbft.com/v0.37/spec/rpc/). + +## Application Query Handling + +When a query is received by the full-node after it has been relayed from the underlying consensus engine, it is at that point being handled within an environment that understands application-specific types and has a copy of the state. [`baseapp`](../advanced/00-baseapp.md) implements the ABCI [`Query()`](../advanced/00-baseapp.md#query) function and handles gRPC queries. The query route is parsed, and it matches the fully-qualified service method name of an existing service method (most likely in one of the modules), then `baseapp` relays the request to the relevant module. + +Since `MyQuery` has a Protobuf fully-qualified service method name from the `staking` module (recall `/cosmos.staking.v1beta1.Query/Delegations`), `baseapp` first parses the path, then uses its own internal `GRPCQueryRouter` to retrieve the corresponding gRPC handler, and routes the query to the module. The gRPC handler is responsible for recognizing this query, retrieving the appropriate values from the application's stores, and returning a response. Read more about query services [here](../../build/building-modules/04-query-services.md). + +Once a result is received from the querier, `baseapp` begins the process of returning a response to the user. + +## Response + +Since `Query()` is an ABCI function, `baseapp` returns the response as an [`abci.ResponseQuery`](https://docs.cometbft.com/master/spec/abci/abci.html#query-2) type. The `client.Context` `Query()` routine receives the response and. + +### CLI Response + +The application [`codec`](../advanced/05-encoding.md) is used to unmarshal the response to a JSON and the `client.Context` prints the output to the command line, applying any configurations such as the output type (text, JSON or YAML). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/context.go#L350-L357 +``` + +And that's a wrap! The result of the query is outputted to the console by the CLI. diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/beginner/03-accounts.md b/copy-of-sdk-versioned_docs/version-0.53/learn/beginner/03-accounts.md new file mode 100644 index 00000000..80f787d3 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/beginner/03-accounts.md @@ -0,0 +1,281 @@ +--- +sidebar_position: 1 +--- + +# Accounts + +:::note Synopsis +This document describes the in-built account and public key system of the Cosmos SDK. +::: + +:::note Pre-requisite Readings + + +* [Anatomy of a Cosmos SDK Application](./00-app-anatomy.md) + +::: + +## Account Definition + +In the Cosmos SDK, an _account_ designates a pair of _public key_ `PubKey` and _private key_ `PrivKey`. The `PubKey` can be derived to generate various `Addresses`, which are used to identify users (among other parties) in the application. `Addresses` are also associated with [`message`s](../../build/building-modules/02-messages-and-queries.md#messages) to identify the sender of the `message`. The `PrivKey` is used to generate [digital signatures](#signatures) to prove that an `Address` associated with the `PrivKey` approved of a given `message`. + +For HD key derivation the Cosmos SDK uses a standard called [BIP32](https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki). The BIP32 allows users to create an HD wallet (as specified in [BIP44](https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki)) - a set of accounts derived from an initial secret seed. A seed is usually created from a 12- or 24-word mnemonic. A single seed can derive any number of `PrivKey`s using a one-way cryptographic function. Then, a `PubKey` can be derived from the `PrivKey`. Naturally, the mnemonic is the most sensitive information, as private keys can always be re-generated if the mnemonic is preserved. + +```text + Account 0 Account 1 Account 2 + ++------------------+ +------------------+ +------------------+ +| | | | | | +| Address 0 | | Address 1 | | Address 2 | +| ^ | | ^ | | ^ | +| | | | | | | | | +| | | | | | | | | +| | | | | | | | | +| + | | + | | + | +| Public key 0 | | Public key 1 | | Public key 2 | +| ^ | | ^ | | ^ | +| | | | | | | | | +| | | | | | | | | +| | | | | | | | | +| + | | + | | + | +| Private key 0 | | Private key 1 | | Private key 2 | +| ^ | | ^ | | ^ | ++------------------+ +------------------+ +------------------+ + | | | + | | | + | | | + +--------------------------------------------------------------------+ + | + | + +---------+---------+ + | | + | Master PrivKey | + | | + +-------------------+ + | + | + +---------+---------+ + | | + | Mnemonic (Seed) | + | | + +-------------------+ +``` + +In the Cosmos SDK, keys are stored and managed by using an object called a [`Keyring`](#keyring). + +## Keys, accounts, addresses, and signatures + +The principal way of authenticating a user is done using [digital signatures](https://en.wikipedia.org/wiki/Digital_signature). Users sign transactions using their own private key. Signature verification is done with the associated public key. For on-chain signature verification purposes, we store the public key in an `Account` object (alongside other data required for a proper transaction validation). + +In the node, all data is stored using Protocol Buffers serialization. + +The Cosmos SDK supports the following digital key schemes for creating digital signatures: + +* `secp256k1`, as implemented in the [Cosmos SDK's `crypto/keys/secp256k1` package](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keys/secp256k1/secp256k1.go). +* `secp256r1`, as implemented in the [Cosmos SDK's `crypto/keys/secp256r1` package](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keys/secp256r1/pubkey.go), +* `tm-ed25519`, as implemented in the [Cosmos SDK `crypto/keys/ed25519` package](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keys/ed25519/ed25519.go). This scheme is supported only for the consensus validation. + +| | Address length in bytes | Public key length in bytes | Used for transaction authentication | Used for consensus (cometbft) | +| :----------: | :---------------------: | :------------------------: | :---------------------------------: | :-----------------------------: | +| `secp256k1` | 20 | 33 | yes | no | +| `secp256r1` | 32 | 33 | yes | no | +| `tm-ed25519` | -- not used -- | 32 | no | yes | + +## Addresses + +`Addresses` and `PubKey`s are both public information that identifies actors in the application. `Account` is used to store authentication information. The basic account implementation is provided by a `BaseAccount` object. + +Each account is identified using `Address` which is a sequence of bytes derived from a public key. In the Cosmos SDK, we define 3 types of addresses that specify a context where an account is used: + +* `AccAddress` identifies users (the sender of a `message`). +* `ValAddress` identifies validator operators. +* `ConsAddress` identifies validator nodes that are participating in consensus. Validator nodes are derived using the **`ed25519`** curve. + +These types implement the `Address` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/address.go#L126-L134 +``` + +Address construction algorithm is defined in [ADR-28](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-028-public-key-addresses.md). +Here is the standard way to obtain an account address from a `pub` public key: + +```go +sdk.AccAddress(pub.Address().Bytes()) +``` + +Of note, the `Marshal()` and `Bytes()` method both return the same raw `[]byte` form of the address. `Marshal()` is required for Protobuf compatibility. + +For user interaction, addresses are formatted using [Bech32](https://en.bitcoin.it/wiki/Bech32) and implemented by the `String` method. The Bech32 method is the only supported format to use when interacting with a blockchain. The Bech32 human-readable part (Bech32 prefix) is used to denote an address type. Example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/address.go#L299-L316 +``` + +| | Address Bech32 Prefix | +| ------------------ | --------------------- | +| Accounts | cosmos | +| Validator Operator | cosmosvaloper | +| Consensus Nodes | cosmosvalcons | + +### Public Keys + +Public keys in Cosmos SDK are defined by `cryptotypes.PubKey` interface. Since public keys are saved in a store, `cryptotypes.PubKey` extends the `proto.Message` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/types/types.go#L8-L17 +``` + +A compressed format is used for `secp256k1` and `secp256r1` serialization. + +* The first byte is a `0x02` byte if the `y`-coordinate is the lexicographically largest of the two associated with the `x`-coordinate. +* Otherwise the first byte is a `0x03`. + +This prefix is followed by the `x`-coordinate. + +Public Keys are not used to reference accounts (or users) and in general are not used when composing transaction messages (with few exceptions: `MsgCreateValidator`, `Validator` and `Multisig` messages). +For user interactions, `PubKey` is formatted using Protobufs JSON ([ProtoMarshalJSON](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/codec/json.go#L14-L34) function). Example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/keys/output.go#L23-L39 +``` + +## Keyring + +A `Keyring` is an object that stores and manages accounts. In the Cosmos SDK, a `Keyring` implementation follows the `Keyring` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keyring/keyring.go#L58-L106 +``` + +The default implementation of `Keyring` comes from the third-party [`99designs/keyring`](https://github.com/99designs/keyring) library. + +A few notes on the `Keyring` methods: + +* `Sign(uid string, msg []byte) ([]byte, types.PubKey, error)` strictly deals with the signature of the `msg` bytes. You must prepare and encode the transaction into a canonical `[]byte` form. Because protobuf is not deterministic, it has been decided in [ADR-020](../../build/architecture/adr-020-protobuf-transaction-encoding.md) that the canonical `payload` to sign is the `SignDoc` struct, deterministically encoded using [ADR-027](../../build/architecture/adr-027-deterministic-protobuf-serialization.md). Note that signature verification is not implemented in the Cosmos SDK by default, it is deferred to the [`anteHandler`](../advanced/00-baseapp.md#antehandler). + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/v1beta1/tx.proto#L50-L67 +``` + +* `NewAccount(uid, mnemonic, bip39Passphrase, hdPath string, algo SignatureAlgo) (*Record, error)` creates a new account based on the [`bip44 path`](https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki) and persists it on disk. The `PrivKey` is **never stored unencrypted**, instead it is [encrypted with a passphrase](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/armor.go) before being persisted. In the context of this method, the key type and sequence number refer to the segment of the BIP44 derivation path (for example, `0`, `1`, `2`, ...) that is used to derive a private and a public key from the mnemonic. Using the same mnemonic and derivation path, the same `PrivKey`, `PubKey` and `Address` is generated. The following keys are supported by the keyring: + +* `secp256k1` +* `ed25519` + +* `ExportPrivKeyArmor(uid, encryptPassphrase string) (armor string, err error)` exports a private key in ASCII-armored encrypted format using the given passphrase. You can then either import the private key again into the keyring using the `ImportPrivKey(uid, armor, passphrase string)` function or decrypt it into a raw private key using the `UnarmorDecryptPrivKey(armorStr string, passphrase string)` function. + +### Create New Key Type + +To create a new key type for using in keyring, `keyring.SignatureAlgo` interface must be fulfilled. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keyring/signing_algorithms.go#L11-L16 +``` + +The interface consists in three methods where `Name()` returns the name of the algorithm as a `hd.PubKeyType` and `Derive()` and `Generate()` must return the following functions respectively: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/hd/algo.go#L28-L31 +``` + +Once the `keyring.SignatureAlgo` has been implemented it must be added to the [list of supported algos](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keyring/keyring.go#L209) of the keyring. + +For simplicity the implementation of a new key type should be done inside the `crypto/hd` package. +There is an example of a working `secp256k1` implementation in [algo.go](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/hd/algo.go#L38). + + +#### Implementing secp256r1 algo + +Here is an example of how secp256r1 could be implemented. + +First a new function to create a private key from a secret number is needed in the secp256r1 package. This function could look like this: + +```go +// cosmos-sdk/crypto/keys/secp256r1/privkey.go + +// NewPrivKeyFromSecret creates a private key derived for the secret number +// represented in big-endian. The `secret` must be a valid ECDSA field element. +func NewPrivKeyFromSecret(secret []byte) (*PrivKey, error) { + var d = new(big.Int).SetBytes(secret) + if d.Cmp(secp256r1.Params().N) >= 1 { + return nil, errorsmod.Wrap(errors.ErrInvalidRequest, "secret not in the curve base field") + } + sk := new(ecdsa.PrivKey) + return &PrivKey{&ecdsaSK{*sk}}, nil +} +``` + +After that `secp256r1Algo` can be implemented. + +```go +// cosmos-sdk/crypto/hd/secp256r1Algo.go + +package hd + +import ( + "github.com/cosmos/go-bip39" + + "github.com/cosmos/cosmos-sdk/crypto/keys/secp256r1" + "github.com/cosmos/cosmos-sdk/crypto/types" +) + +// Secp256r1Type uses the secp256r1 ECDSA parameters. +const Secp256r1Type = PubKeyType("secp256r1") + +var Secp256r1 = secp256r1Algo{} + +type secp256r1Algo struct{} + +func (s secp256r1Algo) Name() PubKeyType { + return Secp256r1Type +} + +// Derive derives and returns the secp256r1 private key for the given seed and HD path. +func (s secp256r1Algo) Derive() DeriveFn { + return func(mnemonic string, bip39Passphrase, hdPath string) ([]byte, error) { + seed, err := bip39.NewSeedWithErrorChecking(mnemonic, bip39Passphrase) + if err != nil { + return nil, err + } + + masterPriv, ch := ComputeMastersFromSeed(seed) + if len(hdPath) == 0 { + return masterPriv[:], nil + } + derivedKey, err := DerivePrivateKeyForPath(masterPriv, ch, hdPath) + + return derivedKey, err + } +} + +// Generate generates a secp256r1 private key from the given bytes. +func (s secp256r1Algo) Generate() GenerateFn { + return func(bz []byte) types.PrivKey { + key, err := secp256r1.NewPrivKeyFromSecret(bz) + if err != nil { + panic(err) + } + return key + } +} +``` + +Finally, the algo must be added to the list of [supported algos](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keyring/keyring.go#L209) by the keyring. + +```go +// cosmos-sdk/crypto/keyring/keyring.go + +func newKeystore(kr keyring.Keyring, cdc codec.Codec, backend string, opts ...Option) keystore { + // Default options for keybase, these can be overwritten using the + // Option function + options := Options{ + SupportedAlgos: SigningAlgoList{hd.Secp256k1, hd.Secp256r1}, // added here + SupportedAlgosLedger: SigningAlgoList{hd.Secp256k1}, + } +... +``` + +Hereafter to create new keys using your algo, you must specify it with the flag `--algo` : + +`simd keys add myKey --algo secp256r1` diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/beginner/04-gas-fees.md b/copy-of-sdk-versioned_docs/version-0.53/learn/beginner/04-gas-fees.md new file mode 100644 index 00000000..a502bc8e --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/beginner/04-gas-fees.md @@ -0,0 +1,101 @@ +--- +sidebar_position: 1 +--- + +# Gas and Fees + +:::note Synopsis +This document describes the default strategies to handle gas and fees within a Cosmos SDK application. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK Application](./00-app-anatomy.md) + +::: + +## Introduction to `Gas` and `Fees` + +In the Cosmos SDK, `gas` is a special unit that is used to track the consumption of resources during execution. `gas` is typically consumed whenever read and writes are made to the store, but it can also be consumed if expensive computation needs to be done. It serves two main purposes: + +* Make sure blocks are not consuming too many resources and are finalized. This is implemented by default in the Cosmos SDK via the [block gas meter](#block-gas-meter). +* Prevent spam and abuse from end-user. To this end, `gas` consumed during [`message`](../../build/building-modules/02-messages-and-queries.md#messages) execution is typically priced, resulting in a `fee` (`fees = gas * gas-prices`). `fees` generally have to be paid by the sender of the `message`. Note that the Cosmos SDK does not enforce `gas` pricing by default, as there may be other ways to prevent spam (e.g. bandwidth schemes). Still, most applications implement `fee` mechanisms to prevent spam by using the [`AnteHandler`](#antehandler). + +## Gas Meter + +In the Cosmos SDK, `gas` is a simple alias for `uint64`, and is managed by an object called a _gas meter_. Gas meters implement the `GasMeter` interface + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/store/types/gas.go#L40-L51 +``` + +where: + +* `GasConsumed()` returns the amount of gas that was consumed by the gas meter instance. +* `GasConsumedToLimit()` returns the amount of gas that was consumed by gas meter instance, or the limit if it is reached. +* `GasRemaining()` returns the gas left in the GasMeter. +* `Limit()` returns the limit of the gas meter instance. `0` if the gas meter is infinite. +* `ConsumeGas(amount Gas, descriptor string)` consumes the amount of `gas` provided. If the `gas` overflows, it panics with the `descriptor` message. If the gas meter is not infinite, it panics if `gas` consumed goes above the limit. +* `RefundGas()` deducts the given amount from the gas consumed. This functionality enables refunding gas to the transaction or block gas pools so that EVM-compatible chains can fully support the go-ethereum StateDB interface. +* `IsPastLimit()` returns `true` if the amount of gas consumed by the gas meter instance is strictly above the limit, `false` otherwise. +* `IsOutOfGas()` returns `true` if the amount of gas consumed by the gas meter instance is above or equal to the limit, `false` otherwise. + +The gas meter is generally held in [`ctx`](../advanced/02-context.md), and consuming gas is done with the following pattern: + +```go +ctx.GasMeter().ConsumeGas(amount, "description") +``` + +By default, the Cosmos SDK makes use of two different gas meters, the [main gas meter](#main-gas-metter) and the [block gas meter](#block-gas-meter). + +### Main Gas Meter + +`ctx.GasMeter()` is the main gas meter of the application. The main gas meter is initialized in `FinalizeBlock` via `setFinalizeBlockState`, and then tracks gas consumption during execution sequences that lead to state-transitions, i.e. those originally triggered by [`FinalizeBlock`](../advanced/00-baseapp.md#finalizeblock). At the beginning of each transaction execution, the main gas meter **must be set to 0** in the [`AnteHandler`](#antehandler), so that it can track gas consumption per-transaction. + +Gas consumption can be done manually, generally by the module developer in the [`BeginBlocker`, `EndBlocker`](../../build/building-modules/06-beginblock-endblock.md) or [`Msg` service](../../build/building-modules/03-msg-services.md), but most of the time it is done automatically whenever there is a read or write to the store. This automatic gas consumption logic is implemented in a special store called [`GasKv`](../advanced/04-store.md#gaskv-store). + +### Block Gas Meter + +`ctx.BlockGasMeter()` is the gas meter used to track gas consumption per block and make sure it does not go above a certain limit. + +During the genesis phase, gas consumption is unlimited to accommodate initialisation transactions. + +```go +app.finalizeBlockState.SetContext(app.finalizeBlockState.Context().WithBlockGasMeter(storetypes.NewInfiniteGasMeter())) +``` + +Following the genesis block, the block gas meter is set to a finite value by the SDK. This transition is facilitated by the consensus engine (e.g., CometBFT) calling the `RequestFinalizeBlock` function, which in turn triggers the SDK's `FinalizeBlock` method. Within `FinalizeBlock`, `internalFinalizeBlock` is executed, performing necessary state updates and function executions. The block gas meter, initialised each with a finite limit, is then incorporated into the context for transaction execution, ensuring gas consumption does not exceed the block's gas limit and is reset at the end of each block. + +Modules within the Cosmos SDK can consume block gas at any point during their execution by utilising the `ctx`. This gas consumption primarily occurs during state read/write operations and transaction processing. The block gas meter, accessible via `ctx.BlockGasMeter()`, monitors the total gas usage within a block, enforcing the gas limit to prevent excessive computation. This ensures that gas limits are adhered to on a per-block basis, starting from the first block post-genesis. + +```go +gasMeter := app.getBlockGasMeter(app.finalizeBlockState.Context()) +app.finalizeBlockState.SetContext(app.finalizeBlockState.Context().WithBlockGasMeter(gasMeter)) +``` + +This above shows the general mechanism for setting the block gas meter with a finite limit based on the block's consensus parameters. + +## AnteHandler + +The `AnteHandler` is run for every transaction during `CheckTx` and `FinalizeBlock`, before a Protobuf `Msg` service method for each `sdk.Msg` in the transaction. + +The anteHandler is not implemented in the core Cosmos SDK but in a module. That said, most applications today use the default implementation defined in the [`auth` module](https://github.com/cosmos/cosmos-sdk/tree/main/x/auth). Here is what the `anteHandler` is intended to do in a normal Cosmos SDK application: + +* Verify that the transactions are of the correct type. Transaction types are defined in the module that implements the `anteHandler`, and they follow the transaction interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/types/tx_msg.go#L53-L58 +``` + + This enables developers to play with various types for the transaction of their application. In the default `auth` module, the default transaction type is `Tx`: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/proto/cosmos/tx/v1beta1/tx.proto#L15-L28 +``` + +* Verify signatures for each [`message`](../../build/building-modules/02-messages-and-queries.md#messages) contained in the transaction. Each `message` should be signed by one or multiple sender(s), and these signatures must be verified in the `anteHandler`. +* During `CheckTx`, verify that the gas prices provided with the transaction is greater than the local `min-gas-prices` (as a reminder, gas-prices can be deducted from the following equation: `fees = gas * gas-prices`). `min-gas-prices` is a parameter local to each full-node and used during `CheckTx` to discard transactions that do not provide a minimum amount of fees. This ensures that the mempool cannot be spammed with garbage transactions. +* Verify that the sender of the transaction has enough funds to cover for the `fees`. When the end-user generates a transaction, they must indicate 2 of the 3 following parameters (the third one being implicit): `fees`, `gas` and `gas-prices`. This signals how much they are willing to pay for nodes to execute their transaction. The provided `gas` value is stored in a parameter called `GasWanted` for later use. +* Set `newCtx.GasMeter` to 0, with a limit of `GasWanted`. **This step is crucial**, as it not only makes sure the transaction cannot consume infinite gas, but also that `ctx.GasMeter` is reset in-between each transaction (`ctx` is set to `newCtx` after `anteHandler` is run, and the `anteHandler` is run each time a transactions executes). + +As explained above, the `anteHandler` returns a maximum limit of `gas` the transaction can consume during execution called `GasWanted`. The actual amount consumed in the end is denominated `GasUsed`, and we must therefore have `GasUsed =< GasWanted`. Both `GasWanted` and `GasUsed` are relayed to the underlying consensus engine when [`FinalizeBlock`](../advanced/00-baseapp.md#finalizeblock) returns. diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/beginner/_category_.json b/copy-of-sdk-versioned_docs/version-0.53/learn/beginner/_category_.json new file mode 100644 index 00000000..d09097fa --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/beginner/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Beginner", + "position": 2, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/intro/00-overview.md b/copy-of-sdk-versioned_docs/version-0.53/learn/intro/00-overview.md new file mode 100644 index 00000000..a424dfdf --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/intro/00-overview.md @@ -0,0 +1,43 @@ +--- +sidebar_position: 1 +--- + +# What is the Cosmos SDK + +The [Cosmos SDK](https://github.com/cosmos/cosmos-sdk) is an open-source toolkit for building multi-asset public Proof-of-Stake (PoS) blockchains, like the Cosmos Hub, as well as permissioned Proof-of-Authority (PoA) blockchains. Blockchains built with the Cosmos SDK are generally referred to as **application-specific blockchains**. + +The goal of the Cosmos SDK is to allow developers to easily create custom blockchains from scratch that can natively interoperate with other blockchains. +We further this modular approach by allowing developers to plug and play with different consensus engines this can range from the [CometBFT](https://github.com/cometbft/cometbft) or [Rollkit](https://rollkit.dev/). + +SDK-based blockchains have the choice to use the predefined modules or to build their own modules. What this means is that developers can build a blockchain that is tailored to their specific use case, without having to worry about the low-level details of building a blockchain from scratch. Predefined modules include staking, governance, and token issuance, among others. + +What's more, the Cosmos SDK is a capabilities-based system that allows developers to better reason about the security of interactions between modules. For a deeper look at capabilities, jump to [Object-Capability Model](../advanced/10-ocap.md). + +How you can look at this is if we imagine that the SDK is like a lego kit. You can choose to build the basic house from the instructions or you can choose to modify your house and add more floors, more doors, more windows. The choice is yours. + +## What are Application-Specific Blockchains + +One development paradigm in the blockchain world today is that of virtual-machine blockchains like Ethereum, where development generally revolves around building decentralized applications on top of an existing blockchain as a set of smart contracts. While smart contracts can be very good for some use cases like single-use applications (e.g. ICOs), they often fall short for building complex decentralized platforms. More generally, smart contracts can be limiting in terms of flexibility, sovereignty and performance. + +Application-specific blockchains offer a radically different development paradigm than virtual-machine blockchains. An application-specific blockchain is a blockchain customized to operate a single application: developers have all the freedom to make the design decisions required for the application to run optimally. They can also provide better sovereignty, security and performance. + +Learn more about [application-specific blockchains](./01-why-app-specific.md). + +## What is Modularity + +Today there is a lot of talk around modularity and discussions between monolithic and modular. Originally the Cosmos SDK was built with a vision of modularity in mind. Modularity is derived from splitting a blockchain into customizable layers of execution, consensus, settlement and data availability, which is what the Cosmos SDK enables. This means that developers can plug and play, making their blockchain customisable by using different software for different layers. For example you can choose to build a vanilla chain and use the Cosmos SDK with CometBFT. CometBFT will be your consensus layer and the chain itself would be the settlement and execution layer. Another route could be to use the SDK with Rollkit and Celestia as your consensus and data availability layer. The benefit of modularity is that you can customize your chain to your specific use case. + +## Why the Cosmos SDK + +The Cosmos SDK is the most advanced framework for building custom modular application-specific blockchains today. Here are a few reasons why you might want to consider building your decentralized application with the Cosmos SDK: + +* It allows you to plug and play and customize your consensus layer. As above you can use Rollkit and Celestia as your consensus and data availability layer. This offers a lot of flexibility and customisation. +* Previously the default consensus engine available within the Cosmos SDK is [CometBFT](https://github.com/cometbft/cometbft). CometBFT is the most (and only) mature BFT consensus engine in existence. It is widely used across the industry and is considered the gold standard consensus engine for building Proof-of-Stake systems. +* The Cosmos SDK is open-source and designed to make it easy to build blockchains out of composable [modules](../../build/modules). As the ecosystem of open-source Cosmos SDK modules grows, it will become increasingly easier to build complex decentralized platforms with it. +* The Cosmos SDK is inspired by capabilities-based security, and informed by years of wrestling with blockchain state-machines. This makes the Cosmos SDK a very secure environment to build blockchains. +* Most importantly, the Cosmos SDK has already been used to build many application-specific blockchains that are already in production. Among others, we can cite [Cosmos Hub](https://hub.cosmos.network), [IRIS Hub](https://irisnet.org), [Binance Chain](https://docs.binance.org/), [Terra](https://terra.money/) or [Kava](https://www.kava.io/). [Many more](https://cosmos.network/ecosystem) are building on the Cosmos SDK. + +## Getting started with the Cosmos SDK + +* Learn more about the [architecture of a Cosmos SDK application](./02-sdk-app-architecture.md) +* Learn how to build an application-specific blockchain from scratch with the [Cosmos SDK Tutorial](https://cosmos.network/docs/tutorial) diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/intro/01-why-app-specific.md b/copy-of-sdk-versioned_docs/version-0.53/learn/intro/01-why-app-specific.md new file mode 100644 index 00000000..0f0c1c64 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/intro/01-why-app-specific.md @@ -0,0 +1,79 @@ +--- +sidebar_position: 1 +--- + +# Application-Specific Blockchains + +:::note Synopsis +This document explains what application-specific blockchains are, and why developers would want to build one as opposed to writing Smart Contracts. +::: + +## What are application-specific blockchains + +Application-specific blockchains are blockchains customized to operate a single application. Instead of building a decentralized application on top of an underlying blockchain like Ethereum, developers build their own blockchain from the ground up. This means building a full-node client, a light-client, and all the necessary interfaces (CLI, REST, ...) to interact with the nodes. + +```text + ^ +-------------------------------+ ^ + | | | | Built with Cosmos SDK + | | State-machine = Application | | + | | | v + | +-------------------------------+ + | | | ^ +Blockchain node | | Consensus | | + | | | | + | +-------------------------------+ | CometBFT + | | | | + | | Networking | | + | | | | + v +-------------------------------+ v +``` + +## What are the shortcomings of Smart Contracts + +Virtual-machine blockchains like Ethereum addressed the demand for more programmability back in 2014. At the time, the options available for building decentralized applications were quite limited. Most developers would build on top of the complex and limited Bitcoin scripting language, or fork the Bitcoin codebase which was hard to work with and customize. + +Virtual-machine blockchains came in with a new value proposition. Their state-machine incorporates a virtual-machine that is able to interpret turing-complete programs called Smart Contracts. These Smart Contracts are very good for use cases like one-time events (e.g. ICOs), but they can fall short for building complex decentralized platforms. Here is why: + +* Smart Contracts are generally developed with specific programming languages that can be interpreted by the underlying virtual-machine. These programming languages are often immature and inherently limited by the constraints of the virtual-machine itself. For example, the Ethereum Virtual Machine does not allow developers to implement automatic execution of code. Developers are also limited to the account-based system of the EVM, and they can only choose from a limited set of functions for their cryptographic operations. These are examples, but they hint at the lack of **flexibility** that a smart contract environment often entails. +* Smart Contracts are all run by the same virtual machine. This means that they compete for resources, which can severely restrain **performance**. And even if the state-machine were to be split in multiple subsets (e.g. via sharding), Smart Contracts would still need to be interpreted by a virtual machine, which would limit performance compared to a native application implemented at state-machine level (our benchmarks show an improvement on the order of 10x in performance when the virtual-machine is removed). +* Another issue with the fact that Smart Contracts share the same underlying environment is the resulting limitation in **sovereignty**. A decentralized application is an ecosystem that involves multiple players. If the application is built on a general-purpose virtual-machine blockchain, stakeholders have very limited sovereignty over their application, and are ultimately superseded by the governance of the underlying blockchain. If there is a bug in the application, very little can be done about it. + +Application-Specific Blockchains are designed to address these shortcomings. + +## Application-Specific Blockchains Benefits + +### Flexibility + +Application-specific blockchains give maximum flexibility to developers: + +* In Cosmos blockchains, the state-machine is typically connected to the underlying consensus engine via an interface called the [ABCI](https://docs.cometbft.com/v0.37/spec/abci/). This interface can be wrapped in any programming language, meaning developers can build their state-machine in the programming language of their choice. + +* Developers can choose among multiple frameworks to build their state-machine. The most widely used today is the Cosmos SDK, but others exist (e.g. [Lotion](https://github.com/nomic-io/lotion), [Weave](https://github.com/iov-one/weave), ...). Typically the choice will be made based on the programming language they want to use (Cosmos SDK and Weave are in Golang, Lotion is in Javascript, ...). +* The ABCI also allows developers to swap the consensus engine of their application-specific blockchain. Today, only CometBFT is production-ready, but in the future other consensus engines are expected to emerge. +* Even when they settle for a framework and consensus engine, developers still have the freedom to tweak them if they don't perfectly match their requirements in their pristine forms. +* Developers are free to explore the full spectrum of tradeoffs (e.g. number of validators vs transaction throughput, safety vs availability in asynchrony, ...) and design choices (DB or IAVL tree for storage, UTXO or account model, ...). +* Developers can implement automatic execution of code. In the Cosmos SDK, logic can be automatically triggered at the beginning and the end of each block. They are also free to choose the cryptographic library used in their application, as opposed to being constrained by what is made available by the underlying environment in the case of virtual-machine blockchains. + +The list above contains a few examples that show how much flexibility application-specific blockchains give to developers. The goal of Cosmos and the Cosmos SDK is to make developer tooling as generic and composable as possible, so that each part of the stack can be forked, tweaked and improved without losing compatibility. As the community grows, more alternatives for each of the core building blocks will emerge, giving more options to developers. + +### Performance + +Decentralized applications built with Smart Contracts are inherently capped in performance by the underlying environment. For a decentralized application to optimise performance, it needs to be built as an application-specific blockchain. Next are some of the benefits an application-specific blockchain brings in terms of performance: + +* Developers of application-specific blockchains can choose to operate with a novel consensus engine such as CometBFT BFT. Compared to Proof-of-Work (used by most virtual-machine blockchains today), it offers significant gains in throughput. +* An application-specific blockchain only operates a single application, so that the application does not compete with others for computation and storage. This is the opposite of most non-sharded virtual-machine blockchains today, where smart contracts all compete for computation and storage. +* Even if a virtual-machine blockchain offered application-based sharding coupled with an efficient consensus algorithm, performance would still be limited by the virtual-machine itself. The real throughput bottleneck is the state-machine, and requiring transactions to be interpreted by a virtual-machine significantly increases the computational complexity of processing them. + +### Security + +Security is hard to quantify, and greatly varies from platform to platform. That said here are some important benefits an application-specific blockchain can bring in terms of security: + +* Developers can choose proven programming languages like Go when building their application-specific blockchains, as opposed to smart contract programming languages that are often more immature. +* Developers are not constrained by the cryptographic functions made available by the underlying virtual-machines. They can use their own custom cryptography, and rely on well-audited crypto libraries. +* Developers do not have to worry about potential bugs or exploitable mechanisms in the underlying virtual-machine, making it easier to reason about the security of the application. + +### Sovereignty + +One of the major benefits of application-specific blockchains is sovereignty. A decentralized application is an ecosystem that involves many actors: users, developers, third-party services, and more. When developers build on virtual-machine blockchain where many decentralized applications coexist, the community of the application is different than the community of the underlying blockchain, and the latter supersedes the former in the governance process. If there is a bug or if a new feature is needed, stakeholders of the application have very little leeway to upgrade the code. If the community of the underlying blockchain refuses to act, nothing can happen. + +The fundamental issue here is that the governance of the application and the governance of the network are not aligned. This issue is solved by application-specific blockchains. Because application-specific blockchains specialize to operate a single application, stakeholders of the application have full control over the entire chain. This ensures that the community will not be stuck if a bug is discovered, and that it has the freedom to choose how it is going to evolve. diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/intro/02-sdk-app-architecture.md b/copy-of-sdk-versioned_docs/version-0.53/learn/intro/02-sdk-app-architecture.md new file mode 100644 index 00000000..c2ff7bbf --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/intro/02-sdk-app-architecture.md @@ -0,0 +1,93 @@ +--- +sidebar_position: 1 +--- + +# Blockchain Architecture + +## State machine + +At its core, a blockchain is a [replicated deterministic state machine](https://en.wikipedia.org/wiki/State_machine_replication). + +A state machine is a computer science concept whereby a machine can have multiple states, but only one at any given time. There is a `state`, which describes the current state of the system, and `transactions`, that trigger state transitions. + +Given a state S and a transaction T, the state machine will return a new state S'. + +```text ++--------+ +--------+ +| | | | +| S +---------------->+ S' | +| | apply(T) | | ++--------+ +--------+ +``` + +In practice, the transactions are bundled in blocks to make the process more efficient. Given a state S and a block of transactions B, the state machine will return a new state S'. + +```text ++--------+ +--------+ +| | | | +| S +----------------------------> | S' | +| | For each T in B: apply(T) | | ++--------+ +--------+ +``` + +In a blockchain context, the state machine is deterministic. This means that if a node is started at a given state and replays the same sequence of transactions, it will always end up with the same final state. + +The Cosmos SDK gives developers maximum flexibility to define the state of their application, transaction types and state transition functions. The process of building state-machines with the Cosmos SDK will be described more in depth in the following sections. But first, let us see how the state-machine is replicated using **CometBFT**. + +## CometBFT + +Thanks to the Cosmos SDK, developers just have to define the state machine, and [*CometBFT*](https://docs.cometbft.com/v0.37/introduction/what-is-cometbft) will handle replication over the network for them. + +```text + ^ +-------------------------------+ ^ + | | | | Built with Cosmos SDK + | | State-machine = Application | | + | | | v + | +-------------------------------+ + | | | ^ +Blockchain node | | Consensus | | + | | | | + | +-------------------------------+ | CometBFT + | | | | + | | Networking | | + | | | | + v +-------------------------------+ v +``` + +[CometBFT](https://docs.cometbft.com/v0.37/introduction/what-is-cometbft) is an application-agnostic engine that is responsible for handling the *networking* and *consensus* layers of a blockchain. In practice, this means that CometBFT is responsible for propagating and ordering transaction bytes. CometBFT relies on an eponymous Byzantine-Fault-Tolerant (BFT) algorithm to reach consensus on the order of transactions. + +The CometBFT [consensus algorithm](https://docs.cometbft.com/v0.37/introduction/what-is-cometbft#consensus-overview) works with a set of special nodes called *Validators*. Validators are responsible for adding blocks of transactions to the blockchain. At any given block, there is a validator set V. A validator in V is chosen by the algorithm to be the proposer of the next block. This block is considered valid if more than two thirds of V signed a `prevote` and a `precommit` on it, and if all the transactions that it contains are valid. The validator set can be changed by rules written in the state-machine. + +## ABCI + +CometBFT passes transactions to the application through an interface called the [ABCI](https://docs.cometbft.com/v0.37/spec/abci/), which the application must implement. + +```text + +---------------------+ + | | + | Application | + | | + +--------+---+--------+ + ^ | + | | ABCI + | v + +--------+---+--------+ + | | + | | + | CometBFT | + | | + | | + +---------------------+ +``` + +Note that **CometBFT only handles transaction bytes**. It has no knowledge of what these bytes mean. All CometBFT does is order these transaction bytes deterministically. CometBFT passes the bytes to the application via the ABCI, and expects a return code to inform it if the messages contained in the transactions were successfully processed or not. + +Here are the most important messages of the ABCI: + +* `CheckTx`: When a transaction is received by CometBFT, it is passed to the application to check if a few basic requirements are met. `CheckTx` is used to protect the mempool of full-nodes against spam transactions. . A special handler called the [`AnteHandler`](../beginner/04-gas-fees.md#antehandler) is used to execute a series of validation steps such as checking for sufficient fees and validating the signatures. If the checks are valid, the transaction is added to the [mempool](https://docs.cometbft.com/v0.37/spec/p2p/legacy-docs/messages/mempool) and relayed to peer nodes. Note that transactions are not processed (i.e. no modification of the state occurs) with `CheckTx` since they have not been included in a block yet. +* `DeliverTx`: When a [valid block](https://docs.cometbft.com/v0.37/spec/core/data_structures#block) is received by CometBFT, each transaction in the block is passed to the application via `DeliverTx` in order to be processed. It is during this stage that the state transitions occur. The `AnteHandler` executes again, along with the actual [`Msg` service](../../build/building-modules/03-msg-services.md) RPC for each message in the transaction. +* `BeginBlock`/`EndBlock`: These messages are executed at the beginning and the end of each block, whether the block contains transactions or not. It is useful to trigger automatic execution of logic. Proceed with caution though, as computationally expensive loops could slow down your blockchain, or even freeze it if the loop is infinite. + +Find a more detailed view of the ABCI methods from the [CometBFT docs](https://docs.cometbft.com/v0.37/spec/abci/). + +Any application built on CometBFT needs to implement the ABCI interface in order to communicate with the underlying local CometBFT engine. Fortunately, you do not have to implement the ABCI interface. The Cosmos SDK provides a boilerplate implementation of it in the form of [baseapp](./03-sdk-design.md#baseapp). diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/intro/03-sdk-design.md b/copy-of-sdk-versioned_docs/version-0.53/learn/intro/03-sdk-design.md new file mode 100644 index 00000000..6ecffbe0 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/intro/03-sdk-design.md @@ -0,0 +1,64 @@ +--- +sidebar_position: 1 +--- + +# Main Components of the Cosmos SDK + +The Cosmos SDK is a framework that facilitates the development of secure state-machines on top of CometBFT. At its core, the Cosmos SDK is a boilerplate implementation of the [ABCI](./02-sdk-app-architecture.md#abci) in Golang. It comes with a [`multistore`](../advanced/04-store.md#multistore) to persist data and a [`router`](../advanced/00-baseapp.md#routing) to handle transactions. + +Here is a simplified view of how transactions are handled by an application built on top of the Cosmos SDK when transferred from CometBFT via `DeliverTx`: + +1. Decode `transactions` received from the CometBFT consensus engine (remember that CometBFT only deals with `[]bytes`). +2. Extract `messages` from `transactions` and do basic sanity checks. +3. Route each message to the appropriate module so that it can be processed. +4. Commit state changes. + +## `baseapp` + +`baseapp` is the boilerplate implementation of a Cosmos SDK application. It comes with an implementation of the ABCI to handle the connection with the underlying consensus engine. Typically, a Cosmos SDK application extends `baseapp` by embedding it in [`app.go`](../beginner/00-app-anatomy.md#core-application-file). + +Here is an example of this from `simapp`, the Cosmos SDK demonstration app: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/app.go#L137-L180 +``` + +The goal of `baseapp` is to provide a secure interface between the store and the extensible state machine while defining as little about the state machine as possible (staying true to the ABCI). + +For more on `baseapp`, please click [here](../advanced/00-baseapp.md). + +## Multistore + +The Cosmos SDK provides a [`multistore`](../advanced/04-store.md#multistore) for persisting state. The multistore allows developers to declare any number of [`KVStores`](../advanced/04-store.md#base-layer-kvstores). These `KVStores` only accept the `[]byte` type as value and therefore any custom structure needs to be marshalled using [a codec](../advanced/05-encoding.md) before being stored. + +The multistore abstraction is used to divide the state in distinct compartments, each managed by its own module. For more on the multistore, click [here](../advanced/04-store.md#multistore) + +## Modules + +The power of the Cosmos SDK lies in its modularity. Cosmos SDK applications are built by aggregating a collection of interoperable modules. Each module defines a subset of the state and contains its own message/transaction processor, while the Cosmos SDK is responsible for routing each message to its respective module. + +Here is a simplified view of how a transaction is processed by the application of each full-node when it is received in a valid block: + +```mermaid + flowchart TD + A[Transaction relayed from the full-node's CometBFT engine to the node's application via DeliverTx] --> B[APPLICATION] + B -->|"Using baseapp's methods: Decode the Tx, extract and route the message(s)"| C[Message routed to the correct module to be processed] + C --> D1[AUTH MODULE] + C --> D2[BANK MODULE] + C --> D3[STAKING MODULE] + C --> D4[GOV MODULE] + D1 -->|Handle message, Update state| E["Return result to CometBFT (0=Ok, 1=Err)"] + D2 -->|Handle message, Update state| E["Return result to CometBFT (0=Ok, 1=Err)"] + D3 -->|Handle message, Update state| E["Return result to CometBFT (0=Ok, 1=Err)"] + D4 -->|Handle message, Update state| E["Return result to CometBFT (0=Ok, 1=Err)"] +``` + +Each module can be seen as a little state-machine. Developers need to define the subset of the state handled by the module, as well as custom message types that modify the state (*Note:* `messages` are extracted from `transactions` by `baseapp`). In general, each module declares its own `KVStore` in the `multistore` to persist the subset of the state it defines. Most developers will need to access other 3rd party modules when building their own modules. Given that the Cosmos SDK is an open framework, some of the modules may be malicious, which means there is a need for security principles to reason about inter-module interactions. These principles are based on [object-capabilities](../advanced/10-ocap.md). In practice, this means that instead of having each module keep an access control list for other modules, each module implements special objects called `keepers` that can be passed to other modules to grant a pre-defined set of capabilities. + +Cosmos SDK modules are defined in the `x/` folder of the Cosmos SDK. Some core modules include: + +* `x/auth`: Used to manage accounts and signatures. +* `x/bank`: Used to enable tokens and token transfers. +* `x/staking` + `x/slashing`: Used to build Proof-of-Stake blockchains. + +In addition to the already existing modules in `x/`, which anyone can use in their app, the Cosmos SDK lets you build your own custom modules. You can check an [example of that in the tutorial](https://tutorials.cosmos.network/). diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/intro/_category_.json b/copy-of-sdk-versioned_docs/version-0.53/learn/intro/_category_.json new file mode 100644 index 00000000..bb0bcd14 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/intro/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Introduction", + "position": 1, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/learn.md b/copy-of-sdk-versioned_docs/version-0.53/learn/learn.md new file mode 100644 index 00000000..01eea618 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/learn/learn.md @@ -0,0 +1,11 @@ +--- +sidebar_position: 0 +--- +# Learn + +* [Introduction](./intro/00-overview.md) - Dive into the fundamentals of Cosmos SDK with an insightful introduction, +laying the groundwork for understanding blockchain development. In this section we provide a High-Level Overview of the SDK, then dive deeper into Core concepts such as Application-Specific Blockchains, Blockchain Architecture, and finally we begin to explore the main components of the SDK. +* [Beginner](./beginner/00-app-anatomy.md) - Start your journey with beginner-friendly resources in the Cosmos SDK's "Learn" +section, providing a gentle entry point for newcomers to blockchain development. Here we focus on a little more detail, covering the Anatomy of a Cosmos SDK Application, Transaction Lifecycles, Accounts and lastly, Gas and Fees. +* [Advanced](./advanced/00-baseapp.md) - Level up your Cosmos SDK expertise with advanced topics, tailored for experienced +developers diving into intricate blockchain application development. We cover the Cosmos SDK on a lower level as we dive into the core of the SDK with BaseApp, Transactions, Context, Node Client (Daemon), Store, Encoding, gRPC, REST, and CometBFT Endpoints, CLI, Events, Telemetry, Object-Capability Model, RunTx recovery middleware, Cosmos Blockchain Simulator, Protobuf Documentation, In-Place Store Migrations, Configuration and AutoCLI. diff --git a/copy-of-sdk-versioned_docs/version-0.53/tutorials/_category_.json b/copy-of-sdk-versioned_docs/version-0.53/tutorials/_category_.json new file mode 100644 index 00000000..f27bca92 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/tutorials/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Advanced Tutorials", + "position": 2, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.53/tutorials/transactions/00-building-a-transaction.md b/copy-of-sdk-versioned_docs/version-0.53/tutorials/transactions/00-building-a-transaction.md new file mode 100644 index 00000000..3751a2c2 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/tutorials/transactions/00-building-a-transaction.md @@ -0,0 +1,190 @@ +# Building a Transaction + +These are the steps to build, sign and broadcast a transaction using v2 semantics. + +1. Correctly set up imports + +```go +import ( + "context" + "fmt" + "log" + + "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" + + apisigning "cosmossdk.io/api/cosmos/tx/signing/v1beta1" + "cosmossdk.io/client/v2/broadcast/comet" + "cosmossdk.io/client/v2/tx" + "cosmossdk.io/core/transaction" + "cosmossdk.io/math" + banktypes "cosmossdk.io/x/bank/types" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + cryptocodec "github.com/cosmos/cosmos-sdk/crypto/codec" + "github.com/cosmos/cosmos-sdk/crypto/keyring" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + + "github.com/cosmos/cosmos-sdk/codec" + addrcodec "github.com/cosmos/cosmos-sdk/codec/address" + sdk "github.com/cosmos/cosmos-sdk/types" +) + +``` + +2. Create a gRPC connection + +```go +clientConn, err := grpc.NewClient("127.0.0.1:9090", grpc.WithTransportCredentials(insecure.NewCredentials())) +if err != nil { + log.Fatal(err) +} +``` + +3. Setup codec and interface registry + +```go + // Setup interface registry and register necessary interfaces + interfaceRegistry := codectypes.NewInterfaceRegistry() + banktypes.RegisterInterfaces(interfaceRegistry) + authtypes.RegisterInterfaces(interfaceRegistry) + cryptocodec.RegisterInterfaces(interfaceRegistry) + + // Create a ProtoCodec for encoding/decoding + protoCodec := codec.NewProtoCodec(interfaceRegistry) + +``` + +4. Initialize keyring + +```go + + ckr, err := keyring.New("autoclikeyring", "test", home, nil, protoCodec) + if err != nil { + log.Fatal("error creating keyring", err) + } + kr, err := keyring.NewAutoCLIKeyring(ckr, addrcodec.NewBech32Codec("cosmos")) + if err != nil { + log.Fatal("error creating auto cli keyring", err) + } + + +``` + +5. Setup transaction parameters + +```go + + // Setup transaction parameters + txParams := tx.TxParameters{ + ChainID: "simapp-v2-chain", + SignMode: apisigning.SignMode_SIGN_MODE_DIRECT, + AccountConfig: tx.AccountConfig{ + FromAddress: "cosmos1t0fmn0lyp2v99ga55mm37mpnqrlnc4xcs2hhhy", + FromName: "alice", + }, + } + + // Configure gas settings + gasConfig, err := tx.NewGasConfig(100, 100, "0stake") + if err != nil { + log.Fatal("error creating gas config: ", err) + } + txParams.GasConfig = gasConfig + + // Create auth query client + authClient := authtypes.NewQueryClient(clientConn) + + // Retrieve account information for the sender + fromAccount, err := getAccount("cosmos1t0fmn0lyp2v99ga55mm37mpnqrlnc4xcs2hhhy", authClient, protoCodec) + if err != nil { + log.Fatal("error getting from account: ", err) + } + + // Update txParams with the correct account number and sequence + txParams.AccountConfig.AccountNumber = fromAccount.GetAccountNumber() + txParams.AccountConfig.Sequence = fromAccount.GetSequence() + + // Retrieve account information for the recipient + toAccount, err := getAccount("cosmos1e2wanzh89mlwct7cs7eumxf7mrh5m3ykpsh66m", authClient, protoCodec) + if err != nil { + log.Fatal("error getting to account: ", err) + } + + // Configure transaction settings + txConf, _ := tx.NewTxConfig(tx.ConfigOptions{ + AddressCodec: addrcodec.NewBech32Codec("cosmos"), + Cdc: protoCodec, + ValidatorAddressCodec: addrcodec.NewBech32Codec("cosmosval"), + EnabledSignModes: []apisigning.SignMode{apisigning.SignMode_SIGN_MODE_DIRECT}, + }) +``` + +6. Build the transaction + +```go +// Create a transaction factory + f, err := tx.NewFactory(kr, codec.NewProtoCodec(codectypes.NewInterfaceRegistry()), nil, txConf, addrcodec.NewBech32Codec("cosmos"), clientConn, txParams) + if err != nil { + log.Fatal("error creating factory", err) + } + + // Define the transaction message + msgs := []transaction.Msg{ + &banktypes.MsgSend{ + FromAddress: fromAccount.GetAddress().String(), + ToAddress: toAccount.GetAddress().String(), + Amount: sdk.Coins{ + sdk.NewCoin("stake", math.NewInt(1000000)), + }, + }, + } + + // Build and sign the transaction + tx, err := f.BuildsSignedTx(context.Background(), msgs...) + if err != nil { + log.Fatal("error building signed tx", err) + } + + +``` + +7. Broadcast the transaction + +```go +// Create a broadcaster for the transaction + c, err := comet.NewCometBFTBroadcaster("http://127.0.0.1:26657", comet.BroadcastSync, protoCodec) + if err != nil { + log.Fatal("error creating comet broadcaster", err) + } + + // Broadcast the transaction + res, err := c.Broadcast(context.Background(), tx.Bytes()) + if err != nil { + log.Fatal("error broadcasting tx", err) + } + +``` + +8. Helpers + +```go +// getAccount retrieves account information using the provided address +func getAccount(address string, authClient authtypes.QueryClient, codec codec.Codec) (sdk.AccountI, error) { + // Query account info + accountQuery, err := authClient.Account(context.Background(), &authtypes.QueryAccountRequest{ + Address: string(address), + }) + if err != nil { + return nil, fmt.Errorf("error getting account: %w", err) + } + + // Unpack the account information + var account sdk.AccountI + err = codec.InterfaceRegistry().UnpackAny(accountQuery.Account, &account) + if err != nil { + return nil, fmt.Errorf("error unpacking account: %w", err) + } + + return account, nil +} +``` \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.53/tutorials/transactions/_category_.json b/copy-of-sdk-versioned_docs/version-0.53/tutorials/transactions/_category_.json new file mode 100644 index 00000000..5b0cdfc1 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/tutorials/transactions/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Transaction Tutorials", + "position": 2, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.53/tutorials/tutorials.md b/copy-of-sdk-versioned_docs/version-0.53/tutorials/tutorials.md new file mode 100644 index 00000000..e6828c9f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/tutorials/tutorials.md @@ -0,0 +1,12 @@ +--- +sidebar_position: 0 +--- +# Tutorials + +## Advanced Tutorials + +This section provides a concise overview of tutorials focused on implementing vote extensions in the Cosmos SDK. Vote extensions are a powerful feature for enhancing the security and fairness of blockchain applications, particularly in scenarios like implementing oracles and mitigating auction front-running. + +* **Implementing Oracle with Vote Extensions** - This tutorial details how to use vote extensions for the implementation of a secure and reliable oracle within a blockchain application. It demonstrates the use of vote extensions to securely include oracle data submissions in blocks, ensuring the data's integrity and reliability for the blockchain. + +* **Mitigating Auction Front-Running with Vote Extensions** - Explore how to prevent auction front-running using vote extensions. This tutorial outlines the creation of a module aimed at mitigating front-running in nameservice auctions, emphasising the `ExtendVote`, `PrepareProposal`, and `ProcessProposal` functions to facilitate a fair auction process. \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/_category_.json b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/_category_.json new file mode 100644 index 00000000..a2aecebd --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Vote Extensions Tutorials", + "position": 1, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/00-getting-started.md b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/00-getting-started.md new file mode 100644 index 00000000..a68a6e15 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/00-getting-started.md @@ -0,0 +1,40 @@ +# Getting Started + +## Table of Contents + +- [Getting Started](#overview-of-the-project) +- [Understanding Front-Running](./01-understanding-frontrunning.md) +- [Mitigating Front-running with Vote Extensions](./02-mitigating-front-running-with-vote-extesions.md) +- [Demo of Mitigating Front-Running](./03-demo-of-mitigating-front-running.md) + +## Getting Started + +### Overview of the Project + +This tutorial outlines the development of a module designed to mitigate front-running in nameservice auctions. The following functions are central to this module: + +* `ExtendVote`: Gathers bids from the mempool and includes them in the vote extension to ensure a fair and transparent auction process. +* `PrepareProposal`: Processes the vote extensions from the previous block, creating a special transaction that encapsulates bids to be included in the current proposal. +* `ProcessProposal`: Validates that the first transaction in the proposal is the special transaction containing the vote extensions and ensures the integrity of the bids. + +In this advanced tutorial, we will be working with an example application that facilitates the auctioning of nameservices. To see what frontrunning and nameservices are [here](./01-understanding-frontrunning.md) This application provides a practical use case to explore the prevention of auction front-running, also known as "bid sniping", where a validator takes advantage of seeing a bid in the mempool to place their own higher bid before the original bid is processed. + +The tutorial will guide you through using the Cosmos SDK to mitigate front-running using vote extensions. The module will be built on top of the base blockchain provided in the `tutorials/base` directory and will use the `auction` module as a foundation. By the end of this tutorial, you will have a better understanding of how to prevent front-running in blockchain auctions, specifically in the context of nameservice auctioning. + +## What are Vote extensions? + +Vote extensions is arbitrary information which can be inserted into a block. This feature is part of ABCI 2.0, which is available for use in the SDK 0.50 release and part of the 0.38 CometBFT release. + +More information about vote extensions can be seen [here](https://docs.cosmos.network/main/build/abci/vote-extensions). + +## Requirements and Setup + +Before diving into the advanced tutorial on auction front-running simulation, ensure you meet the following requirements: + +* [Golang >1.21.5](https://golang.org/doc/install) installed +* Familiarity with the concepts of front-running and MEV, as detailed in [Understanding Front-Running](./01-understanding-frontrunning.md) +* Understanding of Vote Extensions as described [here](https://docs.cosmos.network/main/build/abci/vote-extensions) + +You will also need a foundational blockchain to build upon coupled with your own module. The `tutorials/base` directory has the necessary blockchain code to start your custom project with the Cosmos SDK. For the module, you can use the `auction` module provided in the `tutorials/auction/x/auction` directory as a reference but please be aware that all of the code needed to implement vote extensions is already implemented in this module. + +This will set up a strong base for your blockchain, enabling the integration of advanced features such as auction front-running simulation. diff --git a/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/01-understanding-frontrunning.md b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/01-understanding-frontrunning.md new file mode 100644 index 00000000..31602b0e --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/01-understanding-frontrunning.md @@ -0,0 +1,41 @@ +# Understanding Front-Running and more + +## Introduction + +Blockchain technology is vulnerable to practices that can affect the fairness and security of the network. Two such practices are front-running and Maximal Extractable Value (MEV), which are important for blockchain participants to understand. + +## What is Front-Running? + +Front-running is when someone, such as a validator, uses their ability to see pending transactions to execute their own transactions first, benefiting from the knowledge of upcoming transactions. In nameservice auctions, a front-runner might place a higher bid before the original bid is confirmed, unfairly winning the auction. + +## Nameservices and Nameservice Auctions + +Nameservices are human-readable identifiers on a blockchain, akin to internet domain names, that correspond to specific addresses or resources. They simplify interactions with typically long and complex blockchain addresses, allowing users to have a memorable and unique identifier for their blockchain address or smart contract. + +Nameservice auctions are the process by which these identifiers are bid on and acquired. To combat front-running—where someone might use knowledge of pending bids to place a higher bid first—mechanisms such as commit-reveal schemes, auction extensions, and fair sequencing are implemented. These strategies ensure a transparent and fair bidding process, reducing the potential for Maximal Extractable Value (MEV) exploitation. + +## What is Maximal Extractable Value (MEV)? + +MEV is the highest value that can be extracted by manipulating the order of transactions within a block, beyond the standard block rewards and fees. This has become more prominent with the growth of decentralised finance (DeFi), where transaction order can greatly affect profits. + +## Implications of MEV + +MEV can lead to: + +- **Network Security**: Potential centralisation, as those with more computational power might dominate the process, increasing the risk of attacks. +- **Market Fairness**: An uneven playing field where only a few can gain at the expense of the majority. +- **User Experience**: Higher fees and network congestion due to the competition for MEV. + +## Mitigating MEV and Front-Running + +Some solutions being developed to mitigate MEV and front-running, including: + +- **Time-delayed Transactions**: Random delays to make transaction timing unpredictable. +- **Private Transaction Pools**: Concealing transactions until they are mined. +- **Fair Sequencing Services**: Processing transactions in the order they are received. + +For this tutorial, we will be exploring the last solution, fair sequencing services, in the context of nameservice auctions. + +## Conclusion + +MEV and front-running are challenges to blockchain integrity and fairness. Ongoing innovation and implementation of mitigation strategies are crucial for the ecosystem's health and success. diff --git a/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md new file mode 100644 index 00000000..a3d7549e --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md @@ -0,0 +1,331 @@ +# Mitigating Front-running with Vote Extensions + +## Table of Contents + +* [Prerequisites](#prerequisites) +* [Implementing Structs for Vote Extensions](#implementing-structs-for-vote-extensions) +* [Implementing Handlers and Configuring Handlers](#implementing-handlers-and-configuring-handlers) + +## Prerequisites + +Before implementing vote extensions to mitigate front-running, ensure you have a module ready to implement the vote extensions with. If you need to create or reference a similar module, see `x/auction` for guidance. + +In this section, we will discuss the steps to mitigate front-running using vote extensions. We will introduce new types within the `abci/types.go` file. These types will be used to handle the process of preparing proposals, processing proposals, and handling vote extensions. + +### Implementing Structs for Vote Extensions + +First, copy the following structs into the `abci/types.go` and each of these structs serves a specific purpose in the process of mitigating front-running using vote extensions: + +```go +package abci + +import ( + //import the necessary files +) + +type PrepareProposalHandler struct { + logger log.Logger + txConfig client.TxConfig + cdc codec.Codec + mempool *mempool.ThresholdMempool + txProvider provider.TxProvider + keyname string + runProvider bool +} +``` + +The `PrepareProposalHandler` struct is used to handle the preparation of a proposal in the consensus process. It contains several fields: logger for logging information and errors, txConfig for transaction configuration, cdc (Codec) for encoding and decoding transactions, mempool for referencing the set of unconfirmed transactions, txProvider for building the proposal with transactions, keyname for the name of the key used for signing transactions, and runProvider, a boolean flag indicating whether the provider should be run to build the proposal. + +```go +type ProcessProposalHandler struct { + TxConfig client.TxConfig + Codec codec.Codec + Logger log.Logger +} +``` + +After the proposal has been prepared and vote extensions have been included, the `ProcessProposalHandler` is used to process the proposal. This includes validating the proposal and the included vote extensions. The `ProcessProposalHandler` allows you to access the transaction configuration and codec, which are necessary for processing the vote extensions. + +```go +type VoteExtHandler struct { + logger log.Logger + currentBlock int64 + mempool *mempool.ThresholdMempool + cdc codec.Codec +} +``` + +This struct is used to handle vote extensions. It contains a logger for logging events, the current block number, a mempool for storing transactions, and a codec for encoding and decoding. Vote extensions are a key part of the process to mitigate front-running, as they allow for additional information to be included with each vote. + +```go +type InjectedVoteExt struct { + VoteExtSigner []byte + Bids [][]byte +} + +type InjectedVotes struct { + Votes []InjectedVoteExt +} +``` + +These structs are used to handle injected vote extensions. They include the signer of the vote extension and the bids associated with the vote extension. Each byte array in Bids is a serialised form of a bid transaction. Injected vote extensions are used to add additional information to a vote after it has been created, which can be useful for adding context or additional data to a vote. The serialised bid transactions provide a way to include complex transaction data in a compact, efficient format. + +```go +type AppVoteExtension struct { + Height int64 + Bids [][]byte +} +``` + +This struct is used for application vote extensions. It includes the height of the block and the bids associated with the vote extension. Application vote extensions are used to add additional information to a vote at the application level, which can be useful for adding context or additional data to a vote that is specific to the application. + +```go +type SpecialTransaction struct { + Height int + Bids [][]byte +} +``` + +This struct is used for special transactions. It includes the height of the block and the bids associated with the transaction. Special transactions are used for transactions that need to be handled differently from regular transactions, such as transactions that are part of the process to mitigate front-running. + +### Implementing Handlers and Configuring Handlers + +To establish the `VoteExtensionHandler`, follow these steps: + +1. Navigate to the `abci/proposal.go` file. This is where we will implement the `VoteExtensionHandler``. + +2. Implement the `NewVoteExtensionHandler` function. This function is a constructor for the `VoteExtHandler` struct. It takes a logger, a mempool, and a codec as parameters and returns a new instance of `VoteExtHandler`. + +```go +func NewVoteExtensionHandler(lg log.Logger, mp *mempool.ThresholdMempool, cdc codec.Codec) *VoteExtHandler { + return &VoteExtHandler{ + logger: lg, + mempool: mp, + cdc: cdc, + } +} +``` + +3. Implement the `ExtendVoteHandler()` method. This method should handle the logic of extending votes, including inspecting the mempool and submitting a list of all pending bids. This will allow you to access the list of unconfirmed transactions in the abci.`RequestPrepareProposal` during the ensuing block. + +```go +func (h *VoteExtHandler) ExtendVoteHandler() sdk.ExtendVoteHandler { + return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + h.logger.Info(fmt.Sprintf("Extending votes at block height : %v", req.Height)) + + voteExtBids := [][]byte{} + + // Get mempool txs + itr := h.mempool.SelectPending(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + sdkMsgs := tmptx.GetMsgs() + + // Iterate through msgs, check for any bids + for _, msg := range sdkMsgs { + switch msg := msg.(type) { + case *nstypes.MsgBid: + // Marshal sdk bids to []byte + bz, err := h.cdc.Marshal(msg) + if err != nil { + h.logger.Error(fmt.Sprintf("Error marshalling VE Bid : %v", err)) + break + } + voteExtBids = append(voteExtBids, bz) + default: + } + } + + // Move tx to ready pool + err := h.mempool.Update(context.Background(), tmptx) + + // Remove tx from app side mempool + if err != nil { + h.logger.Info(fmt.Sprintf("Unable to update mempool tx: %v", err)) + } + + itr = itr.Next() + } + + // Create vote extension + voteExt := AppVoteExtension{ + Height: req.Height, + Bids: voteExtBids, + } + + // Encode Vote Extension + bz, err := json.Marshal(voteExt) + if err != nil { + return nil, fmt.Errorf("Error marshalling VE: %w", err) + } + + return &abci.ResponseExtendVote{VoteExtension: bz}, nil +} +``` + +4. Configure the handler in `app/app.go` as shown below + +```go +bApp := baseapp.NewBaseApp(AppName, logger, db, txConfig.TxDecoder(), baseAppOptions...) +voteExtHandler := abci2.NewVoteExtensionHandler(logger, mempool, appCodec) +bApp.SetExtendVoteHandler(voteExtHandler.ExtendVoteHandler()) +``` + +To give a bit of context on what is happening above, we first create a new instance of `VoteExtensionHandler` with the necessary dependencies (logger, mempool, and codec). Then, we set this handler as the `ExtendVoteHandler` for our application. This means that whenever a vote needs to be extended, our custom `ExtendVoteHandler()` method will be called. + +To test if vote extensions have been propagated, add the following to the `PrepareProposalHandler`: + +```go +if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf(" :: Get vote extensions: %v", voteExt)) +} +``` + +This is how the whole function should look: + +```go +func (h *PrepareProposalHandler) PrepareProposalHandler() sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + h.logger.Info(fmt.Sprintf(" :: Prepare Proposal")) + var proposalTxs [][]byte + + var txs []sdk.Tx + + // Get Vote Extensions + if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf(" :: Get vote extensions: %v", voteExt)) + } + + itr := h.mempool.Select(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + + txs = append(txs, tmptx) + itr = itr.Next() + } + h.logger.Info(fmt.Sprintf(" :: Number of Transactions available from mempool: %v", len(txs))) + + if h.runProvider { + tmpMsgs, err := h.txProvider.BuildProposal(ctx, txs) + if err != nil { + h.logger.Error(fmt.Sprintf(" :: Error Building Custom Proposal: %v", err)) + } + txs = tmpMsgs + } + + for _, sdkTxs := range txs { + txBytes, err := h.txConfig.TxEncoder()(sdkTxs) + if err != nil { + h.logger.Info(fmt.Sprintf("~Error encoding transaction: %v", err.Error())) + } + proposalTxs = append(proposalTxs, txBytes) + } + + h.logger.Info(fmt.Sprintf(" :: Number of Transactions in proposal: %v", len(proposalTxs))) + + return &abci.ResponsePrepareProposal{Txs: proposalTxs}, nil + } +} +``` + +As mentioned above, we check if vote extensions have been propagated, you can do this by checking the logs for any relevant messages such as ` :: Get vote extensions:`. If the logs do not provide enough information, you can also reinitialise your local testing environment by running the `./scripts/single_node/setup.sh` script again. + +5. Implement the `ProcessProposalHandler()`. This function is responsible for processing the proposal. It should handle the logic of processing vote extensions, including inspecting the proposal and validating the bids. + +```go +func (h *ProcessProposalHandler) ProcessProposalHandler() sdk.ProcessProposalHandler { + return func(ctx sdk.Context, req *abci.RequestProcessProposal) (resp *abci.ResponseProcessProposal, err error) { + h.Logger.Info(fmt.Sprintf(" :: Process Proposal")) + + // The first transaction will always be the Special Transaction + numTxs := len(req.Txs) + + h.Logger.Info(fmt.Sprintf(":: Number of transactions :: %v", numTxs)) + + if numTxs >= 1 { + var st SpecialTransaction + err = json.Unmarshal(req.Txs[0], &st) + if err != nil { + h.Logger.Error(fmt.Sprintf(":: Error unmarshalling special Tx in Process Proposal :: %v", err)) + } + if len(st.Bids) > 0 { + h.Logger.Info(fmt.Sprintf(":: There are bids in the Special Transaction")) + var bids []nstypes.MsgBid + for i, b := range st.Bids { + var bid nstypes.MsgBid + h.Codec.Unmarshal(b, &bid) + h.Logger.Info(fmt.Sprintf(":: Special Transaction Bid No %v :: %v", i, bid)) + bids = append(bids, bid) + } + // Validate Bids in Tx + txs := req.Txs[1:] + ok, err := ValidateBids(h.TxConfig, bids, txs, h.Logger) + if err != nil { + h.Logger.Error(fmt.Sprintf(":: Error validating bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + if !ok { + h.Logger.Error(fmt.Sprintf(":: Unable to validate bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + h.Logger.Info(":: Successfully validated bids in Process Proposal") + } + } + + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil + } +} +``` + +6. Implement the `ProcessVoteExtensions()` function. This function should handle the logic of processing vote extensions, including validating the bids. + +```go +func processVoteExtensions(req *abci.RequestPrepareProposal, log log.Logger) (SpecialTransaction, error) { + log.Info(fmt.Sprintf(" :: Process Vote Extensions")) + + // Create empty response + st := SpecialTransaction{ + 0, + [][]byte{}, + } + + // Get Vote Ext for H-1 from Req + voteExt := req.GetLocalLastCommit() + votes := voteExt.Votes + + // Iterate through votes + var ve AppVoteExtension + for _, vote := range votes { + // Unmarshal to AppExt + err := json.Unmarshal(vote.VoteExtension, &ve) + if err != nil { + log.Error(fmt.Sprintf(" :: Error unmarshalling Vote Extension")) + } + + st.Height = int(ve.Height) + + // If Bids in VE, append to Special Transaction + if len(ve.Bids) > 0 { + log.Info(" :: Bids in VE") + for _, b := range ve.Bids { + st.Bids = append(st.Bids, b) + } + } + } + + return st, nil +} +``` + +7. Configure the `ProcessProposalHandler()` in app/app.go: + +```go +processPropHandler := abci2.ProcessProposalHandler{app.txConfig, appCodec, logger} +bApp.SetProcessProposal(processPropHandler.ProcessProposalHandler()) +``` + +This sets the `ProcessProposalHandler()` for our application. This means that whenever a proposal needs to be processed, our custom `ProcessProposalHandler()` method will be called. + +To test if the proposal processing and vote extensions are working correctly, you can check the logs for any relevant messages. If the logs do not provide enough information, you can also reinitialize your local testing environment by running `./scripts/single_node/setup.sh` script. diff --git a/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md.bak b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md.bak new file mode 100644 index 00000000..421b6ed8 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md.bak @@ -0,0 +1,331 @@ +# Mitigating Front-running with Vote Extensions + +## Table of Contents + +* [Prerequisites](#prerequisites) +* [Implementing Structs for Vote Extensions](#implementing-structs-for-vote-extensions) +* [Implementing Handlers and Configuring Handlers](#implementing-handlers-and-configuring-handlers) + +## Prerequisites + +Before implementing vote extensions to mitigate front-running, ensure you have a module ready to implement the vote extensions with. If you need to create or reference a similar module, see `x/auction` for guidance. + +In this section, we will discuss the steps to mitigate front-running using vote extensions. We will introduce new types within the `abci/types.go` file. These types will be used to handle the process of preparing proposals, processing proposals, and handling vote extensions. + +### Implementing Structs for Vote Extensions + +First, copy the following structs into the `abci/types.go` and each of these structs serves a specific purpose in the process of mitigating front-running using vote extensions: + +```go +package abci + +import ( + //import the necessary files +) + +type PrepareProposalHandler struct { + logger log.Logger + txConfig client.TxConfig + cdc codec.Codec + mempool *mempool.ThresholdMempool + txProvider provider.TxProvider + keyname string + runProvider bool +} +``` + +The `PrepareProposalHandler` struct is used to handle the preparation of a proposal in the consensus process. It contains several fields: logger for logging information and errors, txConfig for transaction configuration, cdc (Codec) for encoding and decoding transactions, mempool for referencing the set of unconfirmed transactions, txProvider for building the proposal with transactions, keyname for the name of the key used for signing transactions, and runProvider, a boolean flag indicating whether the provider should be run to build the proposal. + +```go +type ProcessProposalHandler struct { + TxConfig client.TxConfig + Codec codec.Codec + Logger log.Logger +} +``` + +After the proposal has been prepared and vote extensions have been included, the `ProcessProposalHandler` is used to process the proposal. This includes validating the proposal and the included vote extensions. The `ProcessProposalHandler` allows you to access the transaction configuration and codec, which are necessary for processing the vote extensions. + +```go +type VoteExtHandler struct { + logger log.Logger + currentBlock int64 + mempool *mempool.ThresholdMempool + cdc codec.Codec +} +``` + +This struct is used to handle vote extensions. It contains a logger for logging events, the current block number, a mempool for storing transactions, and a codec for encoding and decoding. Vote extensions are a key part of the process to mitigate front-running, as they allow for additional information to be included with each vote. + +```go +type InjectedVoteExt struct { + VoteExtSigner []byte + Bids [][]byte +} + +type InjectedVotes struct { + Votes []InjectedVoteExt +} +``` + +These structs are used to handle injected vote extensions. They include the signer of the vote extension and the bids associated with the vote extension. Each byte array in Bids is a serialised form of a bid transaction. Injected vote extensions are used to add additional information to a vote after it has been created, which can be useful for adding context or additional data to a vote. The serialised bid transactions provide a way to include complex transaction data in a compact, efficient format. + +```go +type AppVoteExtension struct { + Height int64 + Bids [][]byte +} +``` + +This struct is used for application vote extensions. It includes the height of the block and the bids associated with the vote extension. Application vote extensions are used to add additional information to a vote at the application level, which can be useful for adding context or additional data to a vote that is specific to the application. + +```go +type SpecialTransaction struct { + Height int + Bids [][]byte +} +``` + +This struct is used for special transactions. It includes the height of the block and the bids associated with the transaction. Special transactions are used for transactions that need to be handled differently from regular transactions, such as transactions that are part of the process to mitigate front-running. + +### Implementing Handlers and Configuring Handlers + +To establish the `VoteExtensionHandler`, follow these steps: + +1. Navigate to the `abci/proposal.go` file. This is where we will implement the `VoteExtensionHandler``. + +2. Implement the `NewVoteExtensionHandler` function. This function is a constructor for the `VoteExtHandler` struct. It takes a logger, a mempool, and a codec as parameters and returns a new instance of `VoteExtHandler`. + +```go +func NewVoteExtensionHandler(lg log.Logger, mp *mempool.ThresholdMempool, cdc codec.Codec) *VoteExtHandler { + return &VoteExtHandler{ + logger: lg, + mempool: mp, + cdc: cdc, + } +} +``` + +3. Implement the `ExtendVoteHandler()` method. This method should handle the logic of extending votes, including inspecting the mempool and submitting a list of all pending bids. This will allow you to access the list of unconfirmed transactions in the abci.`RequestPrepareProposal` during the ensuing block. + +```go +func (h *VoteExtHandler) ExtendVoteHandler() sdk.ExtendVoteHandler { + return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + h.logger.Info(fmt.Sprintf("Extending votes at block height : %v", req.Height)) + + voteExtBids := [][]byte{} + + // Get mempool txs + itr := h.mempool.SelectPending(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + sdkMsgs := tmptx.GetMsgs() + + // Iterate through msgs, check for any bids + for _, msg := range sdkMsgs { + switch msg := msg.(type) { + case *nstypes.MsgBid: + // Marshal sdk bids to []byte + bz, err := h.cdc.Marshal(msg) + if err != nil { + h.logger.Error(fmt.Sprintf("Error marshalling VE Bid : %v", err)) + break + } + voteExtBids = append(voteExtBids, bz) + default: + } + } + + // Move tx to ready pool + err := h.mempool.Update(context.Background(), tmptx) + + // Remove tx from app side mempool + if err != nil { + h.logger.Info(fmt.Sprintf("Unable to update mempool tx: %v", err)) + } + + itr = itr.Next() + } + + // Create vote extension + voteExt := AppVoteExtension{ + Height: req.Height, + Bids: voteExtBids, + } + + // Encode Vote Extension + bz, err := json.Marshal(voteExt) + if err != nil { + return nil, fmt.Errorf("Error marshalling VE: %w", err) + } + + return &abci.ResponseExtendVote{VoteExtension: bz}, nil +} +``` + +4. Configure the handler in `app/app.go` as shown below + +```go +bApp := baseapp.NewBaseApp(AppName, logger, db, txConfig.TxDecoder(), baseAppOptions...) +voteExtHandler := abci2.NewVoteExtensionHandler(logger, mempool, appCodec) +bApp.SetExtendVoteHandler(voteExtHandler.ExtendVoteHandler()) +``` + +To give a bit of context on what is happening above, we first create a new instance of `VoteExtensionHandler` with the necessary dependencies (logger, mempool, and codec). Then, we set this handler as the `ExtendVoteHandler` for our application. This means that whenever a vote needs to be extended, our custom `ExtendVoteHandler()` method will be called. + +To test if vote extensions have been propagated, add the following to the `PrepareProposalHandler`: + +```go +if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf("🛠️ :: Get vote extensions: %v", voteExt)) +} +``` + +This is how the whole function should look: + +```go +func (h *PrepareProposalHandler) PrepareProposalHandler() sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + h.logger.Info(fmt.Sprintf("🛠️ :: Prepare Proposal")) + var proposalTxs [][]byte + + var txs []sdk.Tx + + // Get Vote Extensions + if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf("🛠️ :: Get vote extensions: %v", voteExt)) + } + + itr := h.mempool.Select(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + + txs = append(txs, tmptx) + itr = itr.Next() + } + h.logger.Info(fmt.Sprintf("🛠️ :: Number of Transactions available from mempool: %v", len(txs))) + + if h.runProvider { + tmpMsgs, err := h.txProvider.BuildProposal(ctx, txs) + if err != nil { + h.logger.Error(fmt.Sprintf("❌️ :: Error Building Custom Proposal: %v", err)) + } + txs = tmpMsgs + } + + for _, sdkTxs := range txs { + txBytes, err := h.txConfig.TxEncoder()(sdkTxs) + if err != nil { + h.logger.Info(fmt.Sprintf("❌~Error encoding transaction: %v", err.Error())) + } + proposalTxs = append(proposalTxs, txBytes) + } + + h.logger.Info(fmt.Sprintf("🛠️ :: Number of Transactions in proposal: %v", len(proposalTxs))) + + return &abci.ResponsePrepareProposal{Txs: proposalTxs}, nil + } +} +``` + +As mentioned above, we check if vote extensions have been propagated, you can do this by checking the logs for any relevant messages such as `🛠️ :: Get vote extensions:`. If the logs do not provide enough information, you can also reinitialise your local testing environment by running the `./scripts/single_node/setup.sh` script again. + +5. Implement the `ProcessProposalHandler()`. This function is responsible for processing the proposal. It should handle the logic of processing vote extensions, including inspecting the proposal and validating the bids. + +```go +func (h *ProcessProposalHandler) ProcessProposalHandler() sdk.ProcessProposalHandler { + return func(ctx sdk.Context, req *abci.RequestProcessProposal) (resp *abci.ResponseProcessProposal, err error) { + h.Logger.Info(fmt.Sprintf("⚙️ :: Process Proposal")) + + // The first transaction will always be the Special Transaction + numTxs := len(req.Txs) + + h.Logger.Info(fmt.Sprintf("⚙️:: Number of transactions :: %v", numTxs)) + + if numTxs >= 1 { + var st SpecialTransaction + err = json.Unmarshal(req.Txs[0], &st) + if err != nil { + h.Logger.Error(fmt.Sprintf("❌️:: Error unmarshalling special Tx in Process Proposal :: %v", err)) + } + if len(st.Bids) > 0 { + h.Logger.Info(fmt.Sprintf("⚙️:: There are bids in the Special Transaction")) + var bids []nstypes.MsgBid + for i, b := range st.Bids { + var bid nstypes.MsgBid + h.Codec.Unmarshal(b, &bid) + h.Logger.Info(fmt.Sprintf("⚙️:: Special Transaction Bid No %v :: %v", i, bid)) + bids = append(bids, bid) + } + // Validate Bids in Tx + txs := req.Txs[1:] + ok, err := ValidateBids(h.TxConfig, bids, txs, h.Logger) + if err != nil { + h.Logger.Error(fmt.Sprintf("❌️:: Error validating bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + if !ok { + h.Logger.Error(fmt.Sprintf("❌️:: Unable to validate bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + h.Logger.Info("⚙️:: Successfully validated bids in Process Proposal") + } + } + + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil + } +} +``` + +6. Implement the `ProcessVoteExtensions()` function. This function should handle the logic of processing vote extensions, including validating the bids. + +```go +func processVoteExtensions(req *abci.RequestPrepareProposal, log log.Logger) (SpecialTransaction, error) { + log.Info(fmt.Sprintf("🛠️ :: Process Vote Extensions")) + + // Create empty response + st := SpecialTransaction{ + 0, + [][]byte{}, + } + + // Get Vote Ext for H-1 from Req + voteExt := req.GetLocalLastCommit() + votes := voteExt.Votes + + // Iterate through votes + var ve AppVoteExtension + for _, vote := range votes { + // Unmarshal to AppExt + err := json.Unmarshal(vote.VoteExtension, &ve) + if err != nil { + log.Error(fmt.Sprintf("❌ :: Error unmarshalling Vote Extension")) + } + + st.Height = int(ve.Height) + + // If Bids in VE, append to Special Transaction + if len(ve.Bids) > 0 { + log.Info("🛠️ :: Bids in VE") + for _, b := range ve.Bids { + st.Bids = append(st.Bids, b) + } + } + } + + return st, nil +} +``` + +7. Configure the `ProcessProposalHandler()` in app/app.go: + +```go +processPropHandler := abci2.ProcessProposalHandler{app.txConfig, appCodec, logger} +bApp.SetProcessProposal(processPropHandler.ProcessProposalHandler()) +``` + +This sets the `ProcessProposalHandler()` for our application. This means that whenever a proposal needs to be processed, our custom `ProcessProposalHandler()` method will be called. + +To test if the proposal processing and vote extensions are working correctly, you can check the logs for any relevant messages. If the logs do not provide enough information, you can also reinitialize your local testing environment by running `./scripts/single_node/setup.sh` script. diff --git a/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md new file mode 100644 index 00000000..55c84fa7 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md @@ -0,0 +1,331 @@ +# Mitigating Front-running with Vote Extensions + +## Table of Contents + +- [Prerequisites](#prerequisites) +- [Implementing Structs for Vote Extensions](#implementing-structs-for-vote-extensions) +- [Implementing Handlers and Configuring Handlers](#implementing-handlers-and-configuring-handlers) + +## Prerequisites + +Before implementing vote extensions to mitigate front-running, ensure you have a module ready to implement the vote extensions with. If you need to create or reference a similar module, see `x/auction` for guidance. + +In this section, we will discuss the steps to mitigate front-running using vote extensions. We will introduce new types within the `abci/types.go` file. These types will be used to handle the process of preparing proposals, processing proposals, and handling vote extensions. + +### Implementing Structs for Vote Extensions + +First, copy the following structs into the `abci/types.go` and each of these structs serves a specific purpose in the process of mitigating front-running using vote extensions: + +```go +package abci + +import ( + //import the necessary files +) + +type PrepareProposalHandler struct { + logger log.Logger + txConfig client.TxConfig + cdc codec.Codec + mempool *mempool.ThresholdMempool + txProvider provider.TxProvider + keyname string + runProvider bool +} +``` + +The `PrepareProposalHandler` struct is used to handle the preparation of a proposal in the consensus process. It contains several fields: logger for logging information and errors, txConfig for transaction configuration, cdc (Codec) for encoding and decoding transactions, mempool for referencing the set of unconfirmed transactions, txProvider for building the proposal with transactions, keyname for the name of the key used for signing transactions, and runProvider, a boolean flag indicating whether the provider should be run to build the proposal. + +```go +type ProcessProposalHandler struct { + TxConfig client.TxConfig + Codec codec.Codec + Logger log.Logger +} +``` + +After the proposal has been prepared and vote extensions have been included, the `ProcessProposalHandler` is used to process the proposal. This includes validating the proposal and the included vote extensions. The `ProcessProposalHandler` allows you to access the transaction configuration and codec, which are necessary for processing the vote extensions. + +```go +type VoteExtHandler struct { + logger log.Logger + currentBlock int64 + mempool *mempool.ThresholdMempool + cdc codec.Codec +} +``` + +This struct is used to handle vote extensions. It contains a logger for logging events, the current block number, a mempool for storing transactions, and a codec for encoding and decoding. Vote extensions are a key part of the process to mitigate front-running, as they allow for additional information to be included with each vote. + +```go +type InjectedVoteExt struct { + VoteExtSigner []byte + Bids [][]byte +} + +type InjectedVotes struct { + Votes []InjectedVoteExt +} +``` + +These structs are used to handle injected vote extensions. They include the signer of the vote extension and the bids associated with the vote extension. Each byte array in Bids is a serialised form of a bid transaction. Injected vote extensions are used to add additional information to a vote after it has been created, which can be useful for adding context or additional data to a vote. The serialised bid transactions provide a way to include complex transaction data in a compact, efficient format. + +```go +type AppVoteExtension struct { + Height int64 + Bids [][]byte +} +``` + +This struct is used for application vote extensions. It includes the height of the block and the bids associated with the vote extension. Application vote extensions are used to add additional information to a vote at the application level, which can be useful for adding context or additional data to a vote that is specific to the application. + +```go +type SpecialTransaction struct { + Height int + Bids [][]byte +} +``` + +This struct is used for special transactions. It includes the height of the block and the bids associated with the transaction. Special transactions are used for transactions that need to be handled differently from regular transactions, such as transactions that are part of the process to mitigate front-running. + +### Implementing Handlers and Configuring Handlers + +To establish the `VoteExtensionHandler`, follow these steps: + +1. Navigate to the `abci/proposal.go` file. This is where we will implement the `VoteExtensionHandler``. + +2. Implement the `NewVoteExtensionHandler` function. This function is a constructor for the `VoteExtHandler` struct. It takes a logger, a mempool, and a codec as parameters and returns a new instance of `VoteExtHandler`. + +```go +func NewVoteExtensionHandler(lg log.Logger, mp *mempool.ThresholdMempool, cdc codec.Codec) *VoteExtHandler { + return &VoteExtHandler{ + logger: lg, + mempool: mp, + cdc: cdc, + } +} +``` + +3. Implement the `ExtendVoteHandler()` method. This method should handle the logic of extending votes, including inspecting the mempool and submitting a list of all pending bids. This will allow you to access the list of unconfirmed transactions in the abci.`RequestPrepareProposal` during the ensuing block. + +```go +func (h *VoteExtHandler) ExtendVoteHandler() sdk.ExtendVoteHandler { + return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + h.logger.Info(fmt.Sprintf("Extending votes at block height : %v", req.Height)) + + voteExtBids := [][]byte{} + + // Get mempool txs + itr := h.mempool.SelectPending(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + sdkMsgs := tmptx.GetMsgs() + + // Iterate through msgs, check for any bids + for _, msg := range sdkMsgs { + switch msg := msg.(type) { + case *nstypes.MsgBid: + // Marshal sdk bids to []byte + bz, err := h.cdc.Marshal(msg) + if err != nil { + h.logger.Error(fmt.Sprintf("Error marshalling VE Bid : %v", err)) + break + } + voteExtBids = append(voteExtBids, bz) + default: + } + } + + // Move tx to ready pool + err := h.mempool.Update(context.Background(), tmptx) + + // Remove tx from app side mempool + if err != nil { + h.logger.Info(fmt.Sprintf("Unable to update mempool tx: %v", err)) + } + + itr = itr.Next() + } + + // Create vote extension + voteExt := AppVoteExtension{ + Height: req.Height, + Bids: voteExtBids, + } + + // Encode Vote Extension + bz, err := json.Marshal(voteExt) + if err != nil { + return nil, fmt.Errorf("Error marshalling VE: %w", err) + } + + return &abci.ResponseExtendVote{VoteExtension: bz}, nil +} +``` + +4. Configure the handler in `app/app.go` as shown below + +```go +bApp := baseapp.NewBaseApp(AppName, logger, db, txConfig.TxDecoder(), baseAppOptions...) +voteExtHandler := abci2.NewVoteExtensionHandler(logger, mempool, appCodec) +bApp.SetExtendVoteHandler(voteExtHandler.ExtendVoteHandler()) +``` + +To give a bit of context on what is happening above, we first create a new instance of `VoteExtensionHandler` with the necessary dependencies (logger, mempool, and codec). Then, we set this handler as the `ExtendVoteHandler` for our application. This means that whenever a vote needs to be extended, our custom `ExtendVoteHandler()` method will be called. + +To test if vote extensions have been propagated, add the following to the `PrepareProposalHandler`: + +```go +if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf(" :: Get vote extensions: %v", voteExt)) +} +``` + +This is how the whole function should look: + +```go +func (h *PrepareProposalHandler) PrepareProposalHandler() sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + h.logger.Info(fmt.Sprintf(" :: Prepare Proposal")) + var proposalTxs [][]byte + + var txs []sdk.Tx + + // Get Vote Extensions + if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf(" :: Get vote extensions: %v", voteExt)) + } + + itr := h.mempool.Select(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + + txs = append(txs, tmptx) + itr = itr.Next() + } + h.logger.Info(fmt.Sprintf(" :: Number of Transactions available from mempool: %v", len(txs))) + + if h.runProvider { + tmpMsgs, err := h.txProvider.BuildProposal(ctx, txs) + if err != nil { + h.logger.Error(fmt.Sprintf(" :: Error Building Custom Proposal: %v", err)) + } + txs = tmpMsgs + } + + for _, sdkTxs := range txs { + txBytes, err := h.txConfig.TxEncoder()(sdkTxs) + if err != nil { + h.logger.Info(fmt.Sprintf("~Error encoding transaction: %v", err.Error())) + } + proposalTxs = append(proposalTxs, txBytes) + } + + h.logger.Info(fmt.Sprintf(" :: Number of Transactions in proposal: %v", len(proposalTxs))) + + return &abci.ResponsePrepareProposal{Txs: proposalTxs}, nil + } +} +``` + +As mentioned above, we check if vote extensions have been propagated, you can do this by checking the logs for any relevant messages such as ` :: Get vote extensions:`. If the logs do not provide enough information, you can also reinitialise your local testing environment by running the `./scripts/single_node/setup.sh` script again. + +5. Implement the `ProcessProposalHandler()`. This function is responsible for processing the proposal. It should handle the logic of processing vote extensions, including inspecting the proposal and validating the bids. + +```go +func (h *ProcessProposalHandler) ProcessProposalHandler() sdk.ProcessProposalHandler { + return func(ctx sdk.Context, req *abci.RequestProcessProposal) (resp *abci.ResponseProcessProposal, err error) { + h.Logger.Info(fmt.Sprintf(" :: Process Proposal")) + + // The first transaction will always be the Special Transaction + numTxs := len(req.Txs) + + h.Logger.Info(fmt.Sprintf(":: Number of transactions :: %v", numTxs)) + + if numTxs >= 1 { + var st SpecialTransaction + err = json.Unmarshal(req.Txs[0], &st) + if err != nil { + h.Logger.Error(fmt.Sprintf(":: Error unmarshalling special Tx in Process Proposal :: %v", err)) + } + if len(st.Bids) > 0 { + h.Logger.Info(fmt.Sprintf(":: There are bids in the Special Transaction")) + var bids []nstypes.MsgBid + for i, b := range st.Bids { + var bid nstypes.MsgBid + h.Codec.Unmarshal(b, &bid) + h.Logger.Info(fmt.Sprintf(":: Special Transaction Bid No %v :: %v", i, bid)) + bids = append(bids, bid) + } + // Validate Bids in Tx + txs := req.Txs[1:] + ok, err := ValidateBids(h.TxConfig, bids, txs, h.Logger) + if err != nil { + h.Logger.Error(fmt.Sprintf(":: Error validating bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + if !ok { + h.Logger.Error(fmt.Sprintf(":: Unable to validate bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + h.Logger.Info(":: Successfully validated bids in Process Proposal") + } + } + + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil + } +} +``` + +6. Implement the `ProcessVoteExtensions()` function. This function should handle the logic of processing vote extensions, including validating the bids. + +```go +func processVoteExtensions(req *abci.RequestPrepareProposal, log log.Logger) (SpecialTransaction, error) { + log.Info(fmt.Sprintf(" :: Process Vote Extensions")) + + // Create empty response + st := SpecialTransaction{ + 0, + [][]byte{}, + } + + // Get Vote Ext for H-1 from Req + voteExt := req.GetLocalLastCommit() + votes := voteExt.Votes + + // Iterate through votes + var ve AppVoteExtension + for _, vote := range votes { + // Unmarshal to AppExt + err := json.Unmarshal(vote.VoteExtension, &ve) + if err != nil { + log.Error(fmt.Sprintf(" :: Error unmarshalling Vote Extension")) + } + + st.Height = int(ve.Height) + + // If Bids in VE, append to Special Transaction + if len(ve.Bids) > 0 { + log.Info(" :: Bids in VE") + for _, b := range ve.Bids { + st.Bids = append(st.Bids, b) + } + } + } + + return st, nil +} +``` + +7. Configure the `ProcessProposalHandler()` in app/app.go: + +```go +processPropHandler := abci2.ProcessProposalHandler{app.txConfig, appCodec, logger} +bApp.SetProcessProposal(processPropHandler.ProcessProposalHandler()) +``` + +This sets the `ProcessProposalHandler()` for our application. This means that whenever a proposal needs to be processed, our custom `ProcessProposalHandler()` method will be called. + +To test if the proposal processing and vote extensions are working correctly, you can check the logs for any relevant messages. If the logs do not provide enough information, you can also reinitialize your local testing environment by running `./scripts/single_node/setup.sh` script. diff --git a/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md.bak b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md.bak new file mode 100644 index 00000000..56c2d402 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md.bak @@ -0,0 +1,331 @@ +# Mitigating Front-running with Vote Extensions + +## Table of Contents + +- [Prerequisites](#prerequisites) +- [Implementing Structs for Vote Extensions](#implementing-structs-for-vote-extensions) +- [Implementing Handlers and Configuring Handlers](#implementing-handlers-and-configuring-handlers) + +## Prerequisites + +Before implementing vote extensions to mitigate front-running, ensure you have a module ready to implement the vote extensions with. If you need to create or reference a similar module, see `x/auction` for guidance. + +In this section, we will discuss the steps to mitigate front-running using vote extensions. We will introduce new types within the `abci/types.go` file. These types will be used to handle the process of preparing proposals, processing proposals, and handling vote extensions. + +### Implementing Structs for Vote Extensions + +First, copy the following structs into the `abci/types.go` and each of these structs serves a specific purpose in the process of mitigating front-running using vote extensions: + +```go +package abci + +import ( + //import the necessary files +) + +type PrepareProposalHandler struct { + logger log.Logger + txConfig client.TxConfig + cdc codec.Codec + mempool *mempool.ThresholdMempool + txProvider provider.TxProvider + keyname string + runProvider bool +} +``` + +The `PrepareProposalHandler` struct is used to handle the preparation of a proposal in the consensus process. It contains several fields: logger for logging information and errors, txConfig for transaction configuration, cdc (Codec) for encoding and decoding transactions, mempool for referencing the set of unconfirmed transactions, txProvider for building the proposal with transactions, keyname for the name of the key used for signing transactions, and runProvider, a boolean flag indicating whether the provider should be run to build the proposal. + +```go +type ProcessProposalHandler struct { + TxConfig client.TxConfig + Codec codec.Codec + Logger log.Logger +} +``` + +After the proposal has been prepared and vote extensions have been included, the `ProcessProposalHandler` is used to process the proposal. This includes validating the proposal and the included vote extensions. The `ProcessProposalHandler` allows you to access the transaction configuration and codec, which are necessary for processing the vote extensions. + +```go +type VoteExtHandler struct { + logger log.Logger + currentBlock int64 + mempool *mempool.ThresholdMempool + cdc codec.Codec +} +``` + +This struct is used to handle vote extensions. It contains a logger for logging events, the current block number, a mempool for storing transactions, and a codec for encoding and decoding. Vote extensions are a key part of the process to mitigate front-running, as they allow for additional information to be included with each vote. + +```go +type InjectedVoteExt struct { + VoteExtSigner []byte + Bids [][]byte +} + +type InjectedVotes struct { + Votes []InjectedVoteExt +} +``` + +These structs are used to handle injected vote extensions. They include the signer of the vote extension and the bids associated with the vote extension. Each byte array in Bids is a serialised form of a bid transaction. Injected vote extensions are used to add additional information to a vote after it has been created, which can be useful for adding context or additional data to a vote. The serialised bid transactions provide a way to include complex transaction data in a compact, efficient format. + +```go +type AppVoteExtension struct { + Height int64 + Bids [][]byte +} +``` + +This struct is used for application vote extensions. It includes the height of the block and the bids associated with the vote extension. Application vote extensions are used to add additional information to a vote at the application level, which can be useful for adding context or additional data to a vote that is specific to the application. + +```go +type SpecialTransaction struct { + Height int + Bids [][]byte +} +``` + +This struct is used for special transactions. It includes the height of the block and the bids associated with the transaction. Special transactions are used for transactions that need to be handled differently from regular transactions, such as transactions that are part of the process to mitigate front-running. + +### Implementing Handlers and Configuring Handlers + +To establish the `VoteExtensionHandler`, follow these steps: + +1. Navigate to the `abci/proposal.go` file. This is where we will implement the `VoteExtensionHandler``. + +2. Implement the `NewVoteExtensionHandler` function. This function is a constructor for the `VoteExtHandler` struct. It takes a logger, a mempool, and a codec as parameters and returns a new instance of `VoteExtHandler`. + +```go +func NewVoteExtensionHandler(lg log.Logger, mp *mempool.ThresholdMempool, cdc codec.Codec) *VoteExtHandler { + return &VoteExtHandler{ + logger: lg, + mempool: mp, + cdc: cdc, + } +} +``` + +3. Implement the `ExtendVoteHandler()` method. This method should handle the logic of extending votes, including inspecting the mempool and submitting a list of all pending bids. This will allow you to access the list of unconfirmed transactions in the abci.`RequestPrepareProposal` during the ensuing block. + +```go +func (h *VoteExtHandler) ExtendVoteHandler() sdk.ExtendVoteHandler { + return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + h.logger.Info(fmt.Sprintf("Extending votes at block height : %v", req.Height)) + + voteExtBids := [][]byte{} + + // Get mempool txs + itr := h.mempool.SelectPending(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + sdkMsgs := tmptx.GetMsgs() + + // Iterate through msgs, check for any bids + for _, msg := range sdkMsgs { + switch msg := msg.(type) { + case *nstypes.MsgBid: + // Marshal sdk bids to []byte + bz, err := h.cdc.Marshal(msg) + if err != nil { + h.logger.Error(fmt.Sprintf("Error marshalling VE Bid : %v", err)) + break + } + voteExtBids = append(voteExtBids, bz) + default: + } + } + + // Move tx to ready pool + err := h.mempool.Update(context.Background(), tmptx) + + // Remove tx from app side mempool + if err != nil { + h.logger.Info(fmt.Sprintf("Unable to update mempool tx: %v", err)) + } + + itr = itr.Next() + } + + // Create vote extension + voteExt := AppVoteExtension{ + Height: req.Height, + Bids: voteExtBids, + } + + // Encode Vote Extension + bz, err := json.Marshal(voteExt) + if err != nil { + return nil, fmt.Errorf("Error marshalling VE: %w", err) + } + + return &abci.ResponseExtendVote{VoteExtension: bz}, nil +} +``` + +4. Configure the handler in `app/app.go` as shown below + +```go +bApp := baseapp.NewBaseApp(AppName, logger, db, txConfig.TxDecoder(), baseAppOptions...) +voteExtHandler := abci2.NewVoteExtensionHandler(logger, mempool, appCodec) +bApp.SetExtendVoteHandler(voteExtHandler.ExtendVoteHandler()) +``` + +To give a bit of context on what is happening above, we first create a new instance of `VoteExtensionHandler` with the necessary dependencies (logger, mempool, and codec). Then, we set this handler as the `ExtendVoteHandler` for our application. This means that whenever a vote needs to be extended, our custom `ExtendVoteHandler()` method will be called. + +To test if vote extensions have been propagated, add the following to the `PrepareProposalHandler`: + +```go +if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf("🛠️ :: Get vote extensions: %v", voteExt)) +} +``` + +This is how the whole function should look: + +```go +func (h *PrepareProposalHandler) PrepareProposalHandler() sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + h.logger.Info(fmt.Sprintf("🛠️ :: Prepare Proposal")) + var proposalTxs [][]byte + + var txs []sdk.Tx + + // Get Vote Extensions + if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf("🛠️ :: Get vote extensions: %v", voteExt)) + } + + itr := h.mempool.Select(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + + txs = append(txs, tmptx) + itr = itr.Next() + } + h.logger.Info(fmt.Sprintf("🛠️ :: Number of Transactions available from mempool: %v", len(txs))) + + if h.runProvider { + tmpMsgs, err := h.txProvider.BuildProposal(ctx, txs) + if err != nil { + h.logger.Error(fmt.Sprintf("❌️ :: Error Building Custom Proposal: %v", err)) + } + txs = tmpMsgs + } + + for _, sdkTxs := range txs { + txBytes, err := h.txConfig.TxEncoder()(sdkTxs) + if err != nil { + h.logger.Info(fmt.Sprintf("❌~Error encoding transaction: %v", err.Error())) + } + proposalTxs = append(proposalTxs, txBytes) + } + + h.logger.Info(fmt.Sprintf("🛠️ :: Number of Transactions in proposal: %v", len(proposalTxs))) + + return &abci.ResponsePrepareProposal{Txs: proposalTxs}, nil + } +} +``` + +As mentioned above, we check if vote extensions have been propagated, you can do this by checking the logs for any relevant messages such as `🛠️ :: Get vote extensions:`. If the logs do not provide enough information, you can also reinitialise your local testing environment by running the `./scripts/single_node/setup.sh` script again. + +5. Implement the `ProcessProposalHandler()`. This function is responsible for processing the proposal. It should handle the logic of processing vote extensions, including inspecting the proposal and validating the bids. + +```go +func (h *ProcessProposalHandler) ProcessProposalHandler() sdk.ProcessProposalHandler { + return func(ctx sdk.Context, req *abci.RequestProcessProposal) (resp *abci.ResponseProcessProposal, err error) { + h.Logger.Info(fmt.Sprintf("⚙️ :: Process Proposal")) + + // The first transaction will always be the Special Transaction + numTxs := len(req.Txs) + + h.Logger.Info(fmt.Sprintf("⚙️:: Number of transactions :: %v", numTxs)) + + if numTxs >= 1 { + var st SpecialTransaction + err = json.Unmarshal(req.Txs[0], &st) + if err != nil { + h.Logger.Error(fmt.Sprintf("❌️:: Error unmarshalling special Tx in Process Proposal :: %v", err)) + } + if len(st.Bids) > 0 { + h.Logger.Info(fmt.Sprintf("⚙️:: There are bids in the Special Transaction")) + var bids []nstypes.MsgBid + for i, b := range st.Bids { + var bid nstypes.MsgBid + h.Codec.Unmarshal(b, &bid) + h.Logger.Info(fmt.Sprintf("⚙️:: Special Transaction Bid No %v :: %v", i, bid)) + bids = append(bids, bid) + } + // Validate Bids in Tx + txs := req.Txs[1:] + ok, err := ValidateBids(h.TxConfig, bids, txs, h.Logger) + if err != nil { + h.Logger.Error(fmt.Sprintf("❌️:: Error validating bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + if !ok { + h.Logger.Error(fmt.Sprintf("❌️:: Unable to validate bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + h.Logger.Info("⚙️:: Successfully validated bids in Process Proposal") + } + } + + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil + } +} +``` + +6. Implement the `ProcessVoteExtensions()` function. This function should handle the logic of processing vote extensions, including validating the bids. + +```go +func processVoteExtensions(req *abci.RequestPrepareProposal, log log.Logger) (SpecialTransaction, error) { + log.Info(fmt.Sprintf("🛠️ :: Process Vote Extensions")) + + // Create empty response + st := SpecialTransaction{ + 0, + [][]byte{}, + } + + // Get Vote Ext for H-1 from Req + voteExt := req.GetLocalLastCommit() + votes := voteExt.Votes + + // Iterate through votes + var ve AppVoteExtension + for _, vote := range votes { + // Unmarshal to AppExt + err := json.Unmarshal(vote.VoteExtension, &ve) + if err != nil { + log.Error(fmt.Sprintf("❌ :: Error unmarshalling Vote Extension")) + } + + st.Height = int(ve.Height) + + // If Bids in VE, append to Special Transaction + if len(ve.Bids) > 0 { + log.Info("🛠️ :: Bids in VE") + for _, b := range ve.Bids { + st.Bids = append(st.Bids, b) + } + } + } + + return st, nil +} +``` + +7. Configure the `ProcessProposalHandler()` in app/app.go: + +```go +processPropHandler := abci2.ProcessProposalHandler{app.txConfig, appCodec, logger} +bApp.SetProcessProposal(processPropHandler.ProcessProposalHandler()) +``` + +This sets the `ProcessProposalHandler()` for our application. This means that whenever a proposal needs to be processed, our custom `ProcessProposalHandler()` method will be called. + +To test if the proposal processing and vote extensions are working correctly, you can check the logs for any relevant messages. If the logs do not provide enough information, you can also reinitialize your local testing environment by running `./scripts/single_node/setup.sh` script. diff --git a/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md new file mode 100644 index 00000000..24c688c9 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md @@ -0,0 +1,106 @@ +# Demo of Mitigating Front-Running with Vote Extensions + +The purpose of this demo is to test the implementation of the `VoteExtensionHandler` and `PrepareProposalHandler` that we have just added to the codebase. These handlers are designed to mitigate front-running by ensuring that all validators have a consistent view of the mempool when preparing proposals. + +In this demo, we are using a 3 validator network. The Beacon validator is special because it has a custom transaction provider enabled. This means that it can potentially manipulate the order of transactions in a proposal to its advantage (i.e., front-running). + +1. Bootstrap the validator network: This sets up a network with 3 validators. The script `./scripts/configure.sh is used to configure the network and the validators. + +```shell +cd scripts +configure.sh +``` + +If this doesn't work please ensure you have run `make build` in the `tutorials/nameservice/base` directory. + + +2. Have alice attempt to reserve `bob.cosmos`: This is a normal transaction that alice wants to execute. The script ``./scripts/reserve.sh "bob.cosmos"` is used to send this transaction. + +```shell +reserve.sh "bob.cosmos" +``` + +3. Query to verify the name has been reserved: This is to check the result of the transaction. The script `./scripts/whois.sh "bob.cosmos"` is used to query the state of the blockchain. + +```shell +whois.sh "bob.cosmos" +``` + +It should return: + +```{ + "name": { + "name": "bob.cosmos", + "owner": "cosmos1nq9wuvuju4jdmpmzvxmg8zhhu2ma2y2l2pnu6w", + "resolve_address": "cosmos1h6zy2kn9efxtw5z22rc5k9qu7twl70z24kr3ht", + "amount": [ + { + "denom": "uatom", + "amount": "1000" + } + ] + } +} +``` + +To detect front-running attempts by the beacon, scrutinise the logs during the `ProcessProposal` stage. Open the logs for each validator, including the beacon, `val1`, and `val2`, to observe the following behavior. Open the log file of the validator node. The location of this file can vary depending on your setup, but it's typically located in a directory like `$HOME/cosmos/nodes/#{validator}/logs`. The directory in this case will be under the validator so, `beacon` `val1` or `val2`. Run the following to tail the logs of the validator or beacon: + +```shell +tail -f $HOME/cosmos/nodes/#{validator}/logs +``` + +```shell +2:47PM ERR :: Detected invalid proposal bid :: name:"bob.cosmos" resolveAddress:"cosmos1wmuwv38pdur63zw04t0c78r2a8dyt08hf9tpvd" owner:"cosmos1wmuwv38pdur63zw04t0c78r2a8dyt08hf9tpvd" amount: module=server +2:47PM ERR :: Unable to validate bids in Process Proposal :: module=server +2:47PM ERR prevote step: state machine rejected a proposed block; this should not happen:the proposer may be misbehaving; prevoting nil err=null height=142 module=consensus round=0 +``` + + +4. List the Beacon's keys: This is to verify the addresses of the validators. The script `./scripts/list-beacon-keys.sh` is used to list the keys. + +```shell +list-beacon-keys.sh +``` + +We should receive something similar to the following: + +```shell +[ + { + "name": "alice", + "type": "local", + "address": "cosmos1h6zy2kn9efxtw5z22rc5k9qu7twl70z24kr3ht", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"A32cvBUkNJz+h2vld4A5BxvU5Rd+HyqpR3aGtvEhlm4C\"}" + }, + { + "name": "barbara", + "type": "local", + "address": "cosmos1nq9wuvuju4jdmpmzvxmg8zhhu2ma2y2l2pnu6w", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"Ag9PFsNyTQPoJdbyCWia5rZH9CrvSrjMsk7Oz4L3rXQ5\"}" + }, + { + "name": "beacon-key", + "type": "local", + "address": "cosmos1ez9a6x7lz4gvn27zr368muw8jeyas7sv84lfup", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"AlzJZMWyN7lass710TnAhyuFKAFIaANJyw5ad5P2kpcH\"}" + }, + { + "name": "cindy", + "type": "local", + "address": "cosmos1m5j6za9w4qc2c5ljzxmm2v7a63mhjeag34pa3g", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"A6F1/3yot5OpyXoSkBbkyl+3rqBkxzRVSJfvSpm/AvW5\"}" + } +] +``` + +This allows us to match up the addresses and see that the bid was not front run by the beacon due as the resolve address is Alice's address and not the beacons address. + +By running this demo, we can verify that the `VoteExtensionHandler` and `PrepareProposalHandler` are working as expected and that they are able to prevent front-running. + +## Conclusion + +In this tutorial, we've tackled front-running and MEV, focusing on nameservice auctions' vulnerability to these issues. We've explored vote extensions, a key feature of ABCI 2.0, and integrated them into a Cosmos SDK application. + +Through practical exercises, you've implemented vote extensions, and tested their effectiveness in creating a fair auction system. You've gained practical insights by configuring a validator network and analysing blockchain logs. + +Keep experimenting with these concepts, engage with the community, and stay updated on new advancements. The knowledge you've acquired here is crucial for developing secure and fair blockchain applications. diff --git a/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md.bak b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md.bak new file mode 100644 index 00000000..63f37b4a --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md.bak @@ -0,0 +1,106 @@ +# Demo of Mitigating Front-Running with Vote Extensions + +The purpose of this demo is to test the implementation of the `VoteExtensionHandler` and `PrepareProposalHandler` that we have just added to the codebase. These handlers are designed to mitigate front-running by ensuring that all validators have a consistent view of the mempool when preparing proposals. + +In this demo, we are using a 3 validator network. The Beacon validator is special because it has a custom transaction provider enabled. This means that it can potentially manipulate the order of transactions in a proposal to its advantage (i.e., front-running). + +1. Bootstrap the validator network: This sets up a network with 3 validators. The script `./scripts/configure.sh is used to configure the network and the validators. + +```shell +cd scripts +configure.sh +``` + +If this doesn't work please ensure you have run `make build` in the `tutorials/nameservice/base` directory. + + +2. Have alice attempt to reserve `bob.cosmos`: This is a normal transaction that alice wants to execute. The script ``./scripts/reserve.sh "bob.cosmos"` is used to send this transaction. + +```shell +reserve.sh "bob.cosmos" +``` + +3. Query to verify the name has been reserved: This is to check the result of the transaction. The script `./scripts/whois.sh "bob.cosmos"` is used to query the state of the blockchain. + +```shell +whois.sh "bob.cosmos" +``` + +It should return: + +```{ + "name": { + "name": "bob.cosmos", + "owner": "cosmos1nq9wuvuju4jdmpmzvxmg8zhhu2ma2y2l2pnu6w", + "resolve_address": "cosmos1h6zy2kn9efxtw5z22rc5k9qu7twl70z24kr3ht", + "amount": [ + { + "denom": "uatom", + "amount": "1000" + } + ] + } +} +``` + +To detect front-running attempts by the beacon, scrutinise the logs during the `ProcessProposal` stage. Open the logs for each validator, including the beacon, `val1`, and `val2`, to observe the following behavior. Open the log file of the validator node. The location of this file can vary depending on your setup, but it's typically located in a directory like `$HOME/cosmos/nodes/#{validator}/logs`. The directory in this case will be under the validator so, `beacon` `val1` or `val2`. Run the following to tail the logs of the validator or beacon: + +```shell +tail -f $HOME/cosmos/nodes/#{validator}/logs +``` + +```shell +2:47PM ERR ❌️:: Detected invalid proposal bid :: name:"bob.cosmos" resolveAddress:"cosmos1wmuwv38pdur63zw04t0c78r2a8dyt08hf9tpvd" owner:"cosmos1wmuwv38pdur63zw04t0c78r2a8dyt08hf9tpvd" amount: module=server +2:47PM ERR ❌️:: Unable to validate bids in Process Proposal :: module=server +2:47PM ERR prevote step: state machine rejected a proposed block; this should not happen:the proposer may be misbehaving; prevoting nil err=null height=142 module=consensus round=0 +``` + + +4. List the Beacon's keys: This is to verify the addresses of the validators. The script `./scripts/list-beacon-keys.sh` is used to list the keys. + +```shell +list-beacon-keys.sh +``` + +We should receive something similar to the following: + +```shell +[ + { + "name": "alice", + "type": "local", + "address": "cosmos1h6zy2kn9efxtw5z22rc5k9qu7twl70z24kr3ht", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"A32cvBUkNJz+h2vld4A5BxvU5Rd+HyqpR3aGtvEhlm4C\"}" + }, + { + "name": "barbara", + "type": "local", + "address": "cosmos1nq9wuvuju4jdmpmzvxmg8zhhu2ma2y2l2pnu6w", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"Ag9PFsNyTQPoJdbyCWia5rZH9CrvSrjMsk7Oz4L3rXQ5\"}" + }, + { + "name": "beacon-key", + "type": "local", + "address": "cosmos1ez9a6x7lz4gvn27zr368muw8jeyas7sv84lfup", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"AlzJZMWyN7lass710TnAhyuFKAFIaANJyw5ad5P2kpcH\"}" + }, + { + "name": "cindy", + "type": "local", + "address": "cosmos1m5j6za9w4qc2c5ljzxmm2v7a63mhjeag34pa3g", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"A6F1/3yot5OpyXoSkBbkyl+3rqBkxzRVSJfvSpm/AvW5\"}" + } +] +``` + +This allows us to match up the addresses and see that the bid was not front run by the beacon due as the resolve address is Alice's address and not the beacons address. + +By running this demo, we can verify that the `VoteExtensionHandler` and `PrepareProposalHandler` are working as expected and that they are able to prevent front-running. + +## Conclusion + +In this tutorial, we've tackled front-running and MEV, focusing on nameservice auctions' vulnerability to these issues. We've explored vote extensions, a key feature of ABCI 2.0, and integrated them into a Cosmos SDK application. + +Through practical exercises, you've implemented vote extensions, and tested their effectiveness in creating a fair auction system. You've gained practical insights by configuring a validator network and analysing blockchain logs. + +Keep experimenting with these concepts, engage with the community, and stay updated on new advancements. The knowledge you've acquired here is crucial for developing secure and fair blockchain applications. diff --git a/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/_category_.json b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/_category_.json new file mode 100644 index 00000000..aab0cfdf --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/auction-frontrunning/_category_.json @@ -0,0 +1,5 @@ +{ + "label": " Mitigating Auction Front-Running Tutorial", + "position": 0, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/oracle/00-getting-started.md b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/oracle/00-getting-started.md new file mode 100644 index 00000000..59ea65be --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/oracle/00-getting-started.md @@ -0,0 +1,36 @@ +# Getting Started + +## Table of Contents + +* [What is an Oracle?](./01-what-is-an-oracle.md) +* [Implementing Vote Extensions](./02-implementing-vote-extensions.md) +* [Testing the Oracle Module](./03-testing-oracle.md) + +## Prerequisites + +Before you start with this tutorial, make sure you have: + +* A working chain project. This tutorial won't cover the steps of creating a new chain/module. +* Familiarity with the Cosmos SDK. If you're not, we suggest you start with [Cosmos SDK Tutorials](https://tutorials.cosmos.network), as ABCI++ is considered an advanced topic. +* Read and understood [What is an Oracle?](01-what-is-an-oracle.md). This provides necessary background information for understanding the Oracle module. +* Basic understanding of Go programming language. + +## What are Vote extensions? + +Vote extensions is arbitrary information which can be inserted into a block. This feature is part of ABCI 2.0, which is available for use in the SDK 0.50 release and part of the 0.38 CometBFT release. + +More information about vote extensions can be seen [here](https://docs.cosmos.network/main/build/abci/vote-extensions). + +## Overview of the project + +We’ll go through the creation of a simple price oracle module focusing on the vote extensions implementation, ignoring the details inside the price oracle itself. + +We’ll go through the implementation of: + +* `ExtendVote` to get information from external price APIs. +* `VerifyVoteExtension` to check that the format of the provided votes is correct. +* `PrepareProposal` to process the vote extensions from the previous block and include them into the proposal as a transaction. +* `ProcessProposal` to check that the first transaction in the proposal is actually a “special tx” that contains the price information. +* `PreBlocker` to make price information available during FinalizeBlock. + +If you would like to see the complete working oracle module please see [here](https://github.com/cosmos/sdk-tutorials/blob/master/tutorials/oracle/base/x/oracle) diff --git a/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/oracle/01-what-is-an-oracle.md b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/oracle/01-what-is-an-oracle.md new file mode 100644 index 00000000..9d50ddb3 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/oracle/01-what-is-an-oracle.md @@ -0,0 +1,13 @@ +# What is an Oracle? + +An oracle in blockchain technology is a system that provides external data to a blockchain network. It acts as a source of information that is not natively accessible within the blockchain's closed environment. This can range from financial market prices to real-world event, making it crucial for decentralised applications. + +## Oracle in the Cosmos SDK + +In the Cosmos SDK, an oracle module can be implemented to provide external data to the blockchain. This module can use features like vote extensions to submit additional data during the consensus process, which can then be used by the blockchain to update its state with information from the outside world. + +For instance, a price oracle module in the Cosmos SDK could supply timely and accurate asset price information, which is vital for various financial operations within the blockchain ecosystem. + +## Conclusion + +Oracles are essential for blockchains to interact with external data, enabling them to respond to real-world information and events. Their implementation is key to the reliability and robustness of blockchain networks. diff --git a/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/oracle/02-implementing-vote-extensions.md b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/oracle/02-implementing-vote-extensions.md new file mode 100644 index 00000000..aa610b5d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/oracle/02-implementing-vote-extensions.md @@ -0,0 +1,219 @@ +# Implementing Vote Extensions + +## Implement ExtendVote + +First we’ll create the `OracleVoteExtension` struct, this is the object that will be marshaled as bytes and signed by the validator. + +In our example we’ll use JSON to marshal the vote extension for simplicity but we recommend to find an encoding that produces a smaller output, given that large vote extensions could impact CometBFT’s performance. Custom encodings and compressed bytes can be used out of the box. + +```go +// OracleVoteExtension defines the canonical vote extension structure. +type OracleVoteExtension struct { + Height int64 + Prices map[string]math.LegacyDec +} +``` + +Then we’ll create a `VoteExtensionsHandler` struct that contains everything we need to query for prices. + +```go +type VoteExtHandler struct { + logger log.Logger + currentBlock int64 // current block height + lastPriceSyncTS time.Time // last time we synced prices + providerTimeout time.Duration // timeout for fetching prices from providers + providers map[string]Provider // mapping of provider name to provider (e.g. Binance -> BinanceProvider) + providerPairs map[string][]keeper.CurrencyPair // mapping of provider name to supported pairs (e.g. Binance -> [ATOM/USD]) + + Keeper keeper.Keeper // keeper of our oracle module +} +``` + +Finally, a function that returns `sdk.ExtendVoteHandler` is needed too, and this is where our vote extension logic will live. + +```go +func (h *VoteExtHandler) ExtendVoteHandler() sdk.ExtendVoteHandler { + return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + // here we'd have a helper function that gets all the prices and does a weighted average using the volume of each market + prices := h.getAllVolumeWeightedPrices() + + voteExt := OracleVoteExtension{ + Height: req.Height, + Prices: prices, + } + + bz, err := json.Marshal(voteExt) + if err != nil { + return nil, fmt.Errorf("failed to marshal vote extension: %w", err) + } + + return &abci.ResponseExtendVote{VoteExtension: bz}, nil + } +} +``` + +As you can see above, the creation of a vote extension is pretty simple and we just have to return bytes. CometBFT will handle the signing of these bytes for us. We ignored the process of getting the prices but you can see a more complete example [here:](https://github.com/cosmos/sdk-tutorials/blob/master/tutorials/oracle/base/x/oracle/abci/vote_extensions.go) + +Here we’ll do some simple checks like: + +* Is the vote extension unmarshaled correctly? +* Is the vote extension for the right height? +* Some other validation, for example, are the prices from this extension too deviated from my own prices? Or maybe checks that can detect malicious behavior. + +```go +func (h *VoteExtHandler) VerifyVoteExtensionHandler() sdk.VerifyVoteExtensionHandler { + return func(ctx sdk.Context, req *abci.RequestVerifyVoteExtension) (*abci.ResponseVerifyVoteExtension, error) { + var voteExt OracleVoteExtension + err := json.Unmarshal(req.VoteExtension, &voteExt) + if err != nil { + return nil, fmt.Errorf("failed to unmarshal vote extension: %w", err) + } + + if voteExt.Height != req.Height { + return nil, fmt.Errorf("vote extension height does not match request height; expected: %d, got: %d", req.Height, voteExt.Height) + } + + // Verify incoming prices from a validator are valid. Note, verification during + // VerifyVoteExtensionHandler MUST be deterministic. For brevity and demo + // purposes, we omit implementation. + if err := h.verifyOraclePrices(ctx, voteExt.Prices); err != nil { + return nil, fmt.Errorf("failed to verify oracle prices from validator %X: %w", req.ValidatorAddress, err) + } + + return &abci.ResponseVerifyVoteExtension{Status: abci.ResponseVerifyVoteExtension_ACCEPT}, nil + } +} +``` + +## Implement PrepareProposal + +```go +type ProposalHandler struct { + logger log.Logger + keeper keeper.Keeper // our oracle module keeper + valStore baseapp.ValidatorStore // to get the current validators' pubkeys +} +``` + +And we create the struct for our “special tx”, that will contain the prices and the votes so validators can later re-check in ProcessPRoposal that they get the same result than the block’s proposer. With this we could also check if all the votes have been used by comparing the votes received in ProcessProposal. + +```go +type StakeWeightedPrices struct { + StakeWeightedPrices map[string]math.LegacyDec + ExtendedCommitInfo abci.ExtendedCommitInfo +} +``` + +Now we create the `PrepareProposalHandler`. In this step we’ll first check if the vote extensions’ signatures are correct using a helper function called ValidateVoteExtensions from the baseapp package. + +```go +func (h *ProposalHandler) PrepareProposal() sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + err := baseapp.ValidateVoteExtensions(ctx, h.valStore, req.Height, ctx.ChainID(), req.LocalLastCommit) + if err != nil { + return nil, err + } +... +``` + +Then we proceed to make the calculations only if the current height if higher than the height at which vote extensions have been enabled. Remember that vote extensions are made available to the block proposer on the next block at which they are produced/enabled. + +```go +... + proposalTxs := req.Txs + + if req.Height > ctx.ConsensusParams().Abci.VoteExtensionsEnableHeight { + stakeWeightedPrices, err := h.computeStakeWeightedOraclePrices(ctx, req.LocalLastCommit) + if err != nil { + return nil, errors.New("failed to compute stake-weighted oracle prices") + } + + injectedVoteExtTx := StakeWeightedPrices{ + StakeWeightedPrices: stakeWeightedPrices, + ExtendedCommitInfo: req.LocalLastCommit, + } +... +``` + +Finally we inject the result as a transaction at a specific location, usually at the beginning of the block: + +## Implement ProcessProposal + +Now we can implement the method that all validators will execute to ensure the proposer is doing his work correctly. + +Here, if vote extensions are enabled, we’ll check if the tx at index 0 is an injected vote extension + +```go +func (h *ProposalHandler) ProcessProposal() sdk.ProcessProposalHandler { + return func(ctx sdk.Context, req *abci.RequestProcessProposal) (*abci.ResponseProcessProposal, error) { + if req.Height > ctx.ConsensusParams().Abci.VoteExtensionsEnableHeight { + var injectedVoteExtTx StakeWeightedPrices + if err := json.Unmarshal(req.Txs[0], &injectedVoteExtTx); err != nil { + h.logger.Error("failed to decode injected vote extension tx", "err", err) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } +... +``` + +Then we re-validate the vote extensions signatures using +baseapp.ValidateVoteExtensions, re-calculate the results (just like in PrepareProposal) and compare them with the results we got from the injected tx. + +```go + err := baseapp.ValidateVoteExtensions(ctx, h.valStore, req.Height, ctx.ChainID(), injectedVoteExtTx.ExtendedCommitInfo) + if err != nil { + return nil, err + } + + // Verify the proposer's stake-weighted oracle prices by computing the same + // calculation and comparing the results. We omit verification for brevity + // and demo purposes. + stakeWeightedPrices, err := h.computeStakeWeightedOraclePrices(ctx, injectedVoteExtTx.ExtendedCommitInfo) + if err != nil { + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + + if err := compareOraclePrices(injectedVoteExtTx.StakeWeightedPrices, stakeWeightedPrices); err != nil { + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + } + + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil + } +} +``` + +Important: In this example we avoided using the mempool and other basics, please refer to the DefaultProposalHandler for a complete implementation: [https://github.com/cosmos/cosmos-sdk/blob/v0.50.1/baseapp/abci_utils.go](https://github.com/cosmos/cosmos-sdk/blob/v0.50.1/baseapp/abci_utils.go) + +## Implement PreBlocker + +Now validators are extending their vote, verifying other votes and including the result in the block. But how do we actually make use of this result? This is done in the PreBlocker which is code that is run before any other code during FinalizeBlock so we make sure we make this information available to the chain and its modules during the entire block execution (from BeginBlock). + +At this step we know that the injected tx is well-formatted and has been verified by the validators participating in consensus, so making use of it is straightforward. Just check if vote extensions are enabled, pick up the first transaction and use a method in your module’s keeper to set the result. + +```go +func (h *ProposalHandler) PreBlocker(ctx sdk.Context, req *abci.RequestFinalizeBlock) (*sdk.ResponsePreBlock, error) { + res := &sdk.ResponsePreBlock{} + if len(req.Txs) == 0 { + return res, nil + } + + if req.Height > ctx.ConsensusParams().Abci.VoteExtensionsEnableHeight { + var injectedVoteExtTx StakeWeightedPrices + if err := json.Unmarshal(req.Txs[0], &injectedVoteExtTx); err != nil { + h.logger.Error("failed to decode injected vote extension tx", "err", err) + return nil, err + } + + // set oracle prices using the passed in context, which will make these prices available in the current block + if err := h.keeper.SetOraclePrices(ctx, injectedVoteExtTx.StakeWeightedPrices); err != nil { + return nil, err + } + } + return res, nil +} + +``` + +## Conclusion + +In this tutorial, we've created a simple price oracle module that incorporates vote extensions. We've seen how to implement `ExtendVote`, `VerifyVoteExtension`, `PrepareProposal`, `ProcessProposal`, and `PreBlocker` to handle the voting and verification process of vote extensions, as well as how to make use of the results during the block execution. diff --git a/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/oracle/03-testing-oracle.md b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/oracle/03-testing-oracle.md new file mode 100644 index 00000000..905ca0d7 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/oracle/03-testing-oracle.md @@ -0,0 +1,57 @@ +# Testing the Oracle Module + +We will guide you through the process of testing the Oracle module in your application. The Oracle module uses vote extensions to provide current price data. If you would like to see the complete working oracle module please see [here](https://github.com/cosmos/sdk-tutorials/blob/master/tutorials/oracle/base/x/oracle). + +## Step 1: Compile and Install the Application + +First, we need to compile and install the application. Please ensure you are in the `tutorials/oracle/base` directory. Run the following command in your terminal: + +```shell +make install +``` + +This command compiles the application and moves the resulting binary to a location in your system's PATH. + +## Step 2: Initialise the Application + +Next, we need to initialise the application. Run the following command in your terminal: + +```shell +make init +``` + +This command runs the script `tutorials/oracle/base/scripts/init.sh`, which sets up the necessary configuration for your application to run. This includes creating the `app.toml` configuration file and initialising the blockchain with a genesis block. + +## Step 3: Start the Application + +Now, we can start the application. Run the following command in your terminal: + +```shell +exampled start +``` + +This command starts your application, begins the blockchain node, and starts processing transactions. + +## Step 4: Query the Oracle Prices + +Finally, we can query the current prices from the Oracle module. Run the following command in your terminal: + +```shell +exampled q oracle prices +``` + +This command queries the current prices from the Oracle module. The expected output shows that the vote extensions were successfully included in the block and the Oracle module was able to retrieve the price data. + +## Understanding Vote Extensions in Oracle + +In the Oracle module, the `ExtendVoteHandler` function is responsible for creating the vote extensions. This function fetches the current prices from the provider, creates a `OracleVoteExtension` struct with these prices, and then marshals this struct into bytes. These bytes are then set as the vote extension. + +In the context of testing, the Oracle module uses a mock provider to simulate the behavior of a real price provider. This mock provider is defined in the mockprovider package and is used to return predefined prices for specific currency pairs. + +## Conclusion + +In this tutorial, we've delved into the concept of Oracle's in blockchain technology, focusing on their role in providing external data to a blockchain network. We've explored vote extensions, a powerful feature of ABCI++, and integrated them into a Cosmos SDK application to create a price oracle module. + +Through hands-on exercises, you've implemented vote extensions, and tested their effectiveness in providing timely and accurate asset price information. You've gained practical insights by setting up a mock provider for testing and analysing the process of extending votes, verifying vote extensions, and preparing and processing proposals. + +Keep experimenting with these concepts, engage with the community, and stay updated on new advancements. The knowledge you've acquired here is crucial for developing robust and reliable blockchain applications that can interact with real-world data. diff --git a/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/oracle/_category_.json b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/oracle/_category_.json new file mode 100644 index 00000000..b63ffe2f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/tutorials/vote-extensions/oracle/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Oracle Tutorial", + "position": 1, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.53/user/run-node/00-keyring.md b/copy-of-sdk-versioned_docs/version-0.53/user/run-node/00-keyring.md new file mode 100644 index 00000000..e46ba574 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/user/run-node/00-keyring.md @@ -0,0 +1,145 @@ +--- +sidebar_position: 1 +--- + +# Setting up the keyring + +:::note Synopsis +This document describes how to configure and use the keyring and its various backends for an [**application**](../../learn/beginner/00-app-anatomy.md). +::: + +The keyring holds the private/public key pairs used to interact with a node. For instance, a validator key needs to be set up before running the blockchain node, so that blocks can be correctly signed. The private key can be stored in different locations, called "backends," such as a file or the operating system's own key storage. + +## Available backends for the keyring + +Starting with the v0.38.0 release, Cosmos SDK comes with a new keyring implementation +that provides a set of commands to manage cryptographic keys in a secure fashion. The +new keyring supports multiple storage backends, some of which may not be available on +all operating systems. + +### The `os` backend + +The `os` backend relies on operating system-specific defaults to handle key storage +securely. Typically, an operating system's credential subsystem handles password prompts, +private keys storage, and user sessions according to the user's password policies. Here +is a list of the most popular operating systems and their respective passwords manager: + +* macOS: [Keychain](https://support.apple.com/en-gb/guide/keychain-access/welcome/mac) +* Windows: [Credentials Management API](https://docs.microsoft.com/en-us/windows/win32/secauthn/credentials-management) +* GNU/Linux: + * [libsecret](https://gitlab.gnome.org/GNOME/libsecret) + * [kwallet](https://api.kde.org/frameworks/kwallet/html/index.html) + * [keyctl](https://www.kernel.org/doc/html/latest/security/keys/core.html) + +GNU/Linux distributions that use GNOME as the default desktop environment typically come with +[Seahorse](https://wiki.gnome.org/Apps/Seahorse). Users of KDE based distributions are +commonly provided with [KDE Wallet Manager](https://userbase.kde.org/KDE_Wallet_Manager). +Whilst the former is in fact a `libsecret` convenient frontend, the latter is a `kwallet` +client. `keyctl` is a secure backend that leverages the Linux's kernel security key management system +to store cryptographic keys securely in memory. + +`os` is the default option since operating system's default credentials managers are +designed to meet users' most common needs and provide them with a comfortable +experience without compromising on security. + +The recommended backends for headless environments are `file` and `pass`. + +### The `file` backend + +The `file` backend more closely resembles the keybase implementation used prior to +v0.38.1. It stores the keyring encrypted within the app's configuration directory. This +keyring will request a password each time it is accessed, which may occur multiple +times in a single command resulting in repeated password prompts. If using bash scripts +to execute commands using the `file` option you may want to utilize the following format +for multiple prompts: + +```shell +# assuming that KEYPASSWD is set in the environment +$ gaiacli config keyring-backend file # use file backend +$ (echo $KEYPASSWD; echo $KEYPASSWD) | gaiacli keys add me # multiple prompts +$ echo $KEYPASSWD | gaiacli keys show me # single prompt +``` + +:::tip +The first time you add a key to an empty keyring, you will be prompted to type the password twice. +::: + +### The `pass` backend + +The `pass` backend uses the [pass](https://www.passwordstore.org/) utility to manage on-disk +encryption of keys' sensitive data and metadata. Keys are stored inside `gpg` encrypted files +within app-specific directories. `pass` is available for the most popular UNIX +operating systems as well as GNU/Linux distributions. Please refer to its manual page for +information on how to download and install it. + +:::tip +**pass** uses [GnuPG](https://gnupg.org/) for encryption. `gpg` automatically invokes the `gpg-agent` +daemon upon execution, which handles the caching of GnuPG credentials. Please refer to `gpg-agent` +man page for more information on how to configure cache parameters such as credentials TTL and +passphrase expiration. +::: + +The password store must be set up prior to first use: + +```shell +pass init +``` + +Replace `` with your GPG key ID. You can use your personal GPG key or an alternative +one you may want to use specifically to encrypt the password store. + +### The `kwallet` backend + +The `kwallet` backend uses `KDE Wallet Manager`, which comes installed by default on the +GNU/Linux distributions that ships KDE as default desktop environment. Please refer to +[KWallet Handbook](https://docs.kde.org/stable5/en/kdeutils/kwallet5/index.html) for more +information. + +### The `keyctl` backend + +The *Kernel Key Retention Service* is a security facility that +has been added to the Linux kernel relatively recently. It allows sensitive +cryptographic data such as passwords, private key, authentication tokens, etc +to be stored securely in memory. + +The `keyctl` backend is available on Linux platforms only. + +### The `test` backend + +The `test` backend is a password-less variation of the `file` backend. Keys are stored +unencrypted on disk. + +**Provided for testing purposes only. The `test` backend is not recommended for use in production environments**. + +### The `memory` backend + +The `memory` backend stores keys in memory. The keys are immediately deleted after the program has exited. + +**Provided for testing purposes only. The `memory` backend is not recommended for use in production environments**. + +### Setting backend using the env variable + +You can set the keyring-backend using env variable: `BINNAME_KEYRING_BACKEND`. For example, if your binary name is `gaia-v5` then set: `export GAIA_V5_KEYRING_BACKEND=pass` + +## Adding keys to the keyring + +:::warning +Make sure you can build your own binary, and replace `simd` with the name of your binary in the snippets. +::: + +Applications developed using the Cosmos SDK come with the `keys` subcommand. For the purpose of this tutorial, we're running the `simd` CLI, which is an application built using the Cosmos SDK for testing and educational purposes. For more information, see [`simapp`](https://github.com/cosmos/cosmos-sdk/tree/main/simapp). + +You can use `simd keys` for help about the keys command and `simd keys [command] --help` for more information about a particular subcommand. + +To create a new key in the keyring, run the `add` subcommand with a `` argument. For the purpose of this tutorial, we will solely use the `test` backend, and call our new key `my_validator`. This key will be used in the next section. + +```bash +$ simd keys add my_validator --keyring-backend test + +# Put the generated address in a variable for later use. +MY_VALIDATOR_ADDRESS=$(simd keys show my_validator -a --keyring-backend test) +``` + +This command generates a new 24-word mnemonic phrase, persists it to the relevant backend, and outputs information about the keypair. If this keypair will be used to hold value-bearing tokens, be sure to write down the mnemonic phrase somewhere safe! + +By default, the keyring generates a `secp256k1` keypair. The keyring also supports `ed25519` keys, which may be created by passing the `--algo ed25519` flag. A keyring can of course hold both types of keys simultaneously, and the Cosmos SDK's `x/auth` module supports natively these two public key algorithms. diff --git a/copy-of-sdk-versioned_docs/version-0.53/user/run-node/01-run-node.md b/copy-of-sdk-versioned_docs/version-0.53/user/run-node/01-run-node.md new file mode 100644 index 00000000..cf7e3b84 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/user/run-node/01-run-node.md @@ -0,0 +1,218 @@ +--- +sidebar_position: 1 +--- + +# Running a Node + +:::note Synopsis +Now that the application is ready and the keyring populated, it's time to see how to run the blockchain node. In this section, the application we are running is called [`simapp`](https://github.com/cosmos/cosmos-sdk/tree/main/simapp), and its corresponding CLI binary `simd`. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK Application](../../learn/beginner/00-app-anatomy.md) +* [Setting up the keyring](./00-keyring.md) + +::: + +## Initialize the Chain + +:::warning +Make sure you can build your own binary, and replace `simd` with the name of your binary in the snippets. +::: + +Before actually running the node, we need to initialize the chain, and most importantly, its genesis file. This is done with the `init` subcommand: + +```bash +# The argument is the custom username of your node, it should be human-readable. +simd init --chain-id my-test-chain +``` + +The command above creates all the configuration files needed for your node to run, as well as a default genesis file, which defines the initial state of the network. + +:::tip +All these configuration files are in `~/.simapp` by default, but you can overwrite the location of this folder by passing the `--home` flag to each command, +or set an `$APPD_HOME` environment variable (where `APPD` is the name of the binary). +::: + +The `~/.simapp` folder has the following structure: + +```bash +. # ~/.simapp + |- data # Contains the databases used by the node. + |- config/ + |- app.toml # Application-related configuration file. + |- config.toml # CometBFT-related configuration file. + |- genesis.json # The genesis file. + |- node_key.json # Private key to use for node authentication in the p2p protocol. + |- priv_validator_key.json # Private key to use as a validator in the consensus protocol. +``` + +## Updating Some Default Settings + +If you want to change any field values in configuration files (for ex: genesis.json) you can use `jq` ([installation](https://stedolan.github.io/jq/download/) & [docs](https://stedolan.github.io/jq/manual/#Assignment)) & `sed` commands to do that. Few examples are listed here. + +```bash +# to change the chain-id +jq '.chain_id = "testing"' genesis.json > temp.json && mv temp.json genesis.json + +# to enable the api server +sed -i '/\[api\]/,+3 s/enable = false/enable = true/' app.toml + +# to change the voting_period +jq '.app_state.gov.voting_params.voting_period = "600s"' genesis.json > temp.json && mv temp.json genesis.json + +# to change the inflation +jq '.app_state.mint.minter.inflation = "0.300000000000000000"' genesis.json > temp.json && mv temp.json genesis.json +``` + +### Client Interaction + +When instantiating a node, GRPC and REST are defaulted to localhost to avoid unknown exposure of your node to the public. It is recommended to not expose these endpoints without a proxy that can handle load balancing or authentication is set up between your node and the public. + +:::tip +A commonly used tool for this is [nginx](https://nginx.org). +::: + + +## Adding Genesis Accounts + +Before starting the chain, you need to populate the state with at least one account. To do so, first [create a new account in the keyring](./00-keyring.md#adding-keys-to-the-keyring) named `my_validator` under the `test` keyring backend (feel free to choose another name and another backend). + +Now that you have created a local account, go ahead and grant it some `stake` tokens in your chain's genesis file. Doing so will also make sure your chain is aware of this account's existence: + +```bash +simd genesis add-genesis-account $MY_VALIDATOR_ADDRESS 100000000000stake +``` + +Recall that `$MY_VALIDATOR_ADDRESS` is a variable that holds the address of the `my_validator` key in the [keyring](./00-keyring.md#adding-keys-to-the-keyring). Also note that the tokens in the Cosmos SDK have the `{amount}{denom}` format: `amount` is an 18-digit-precision decimal number, and `denom` is the unique token identifier with its denomination key (e.g. `atom` or `uatom`). Here, we are granting `stake` tokens, as `stake` is the token identifier used for staking in [`simapp`](https://github.com/cosmos/cosmos-sdk/tree/main/simapp). For your own chain with its own staking denom, that token identifier should be used instead. + +Now that your account has some tokens, you need to add a validator to your chain. Validators are special full-nodes that participate in the consensus process (implemented in the [underlying consensus engine](../../learn/intro/02-sdk-app-architecture.md#cometbft)) in order to add new blocks to the chain. Any account can declare its intention to become a validator operator, but only those with sufficient delegation get to enter the active set (for example, only the top 125 validator candidates with the most delegation get to be validators in the Cosmos Hub). For this guide, you will add your local node (created via the `init` command above) as a validator of your chain. Validators can be declared before a chain is first started via a special transaction included in the genesis file called a `gentx`: + +```bash +# Create a gentx. +simd genesis gentx my_validator 100000000stake --chain-id my-test-chain --keyring-backend test + +# Add the gentx to the genesis file. +simd genesis collect-gentxs +``` + +A `gentx` does three things: + +1. Registers the `validator` account you created as a validator operator account (i.e., the account that controls the validator). +2. Self-delegates the provided `amount` of staking tokens. +3. Link the operator account with a CometBFT node pubkey that will be used for signing blocks. If no `--pubkey` flag is provided, it defaults to the local node pubkey created via the `simd init` command above. + +For more information on `gentx`, use the following command: + +```bash +simd genesis gentx --help +``` + +## Configuring the Node Using `app.toml` and `config.toml` + +The Cosmos SDK automatically generates two configuration files inside `~/.simapp/config`: + +* `config.toml`: used to configure the CometBFT, learn more on [CometBFT's documentation](https://docs.cometbft.com/v0.37/core/configuration), +* `app.toml`: generated by the Cosmos SDK, and used to configure your app, such as state pruning strategies, telemetry, gRPC and REST servers configuration, state sync... + +Both files are heavily commented, please refer to them directly to tweak your node. + +One example config to tweak is the `minimum-gas-prices` field inside `app.toml`, which defines the minimum gas prices the validator node is willing to accept for processing a transaction. Depending on the chain, it might be an empty string or not. If it's empty, make sure to edit the field with some value, for example `10token`, or else the node will halt on startup. For the purpose of this tutorial, let's set the minimum gas price to 0: + +```toml + # The minimum gas prices a validator is willing to accept for processing a + # transaction. A transaction's fees must meet the minimum of any denomination + # specified in this config (e.g. 0.25token1;0.0001token2). + minimum-gas-prices = "0stake" +``` + +:::tip +When running a node (not a validator!) and not wanting to run the application mempool, set the `max-txs` field to `-1`. + +```toml +[mempool] +# Setting max-txs to 0 will allow for an unbounded amount of transactions in the mempool. +# Setting max_txs to negative 1 (-1) will disable transactions from being inserted into the mempool. +# Setting max_txs to a positive number (> 0) will limit the number of transactions in the mempool, by the specified amount. +# +# Note, this configuration only applies to SDK built-in app-side mempool +# implementations. +max-txs = "-1" +``` + +::: + +## Run a Localnet + +Now that everything is set up, you can finally start your node: + +```bash +simd start +``` + +You should see blocks come in. + +The previous command allows you to run a single node. This is enough for the next section on interacting with this node, but you may wish to run multiple nodes at the same time, and see how consensus happens between them. + +The naive way would be to run the same commands again in separate terminal windows. This is possible, however, in the Cosmos SDK, we leverage the power of [Docker Compose](https://docs.docker.com/compose/) to run a localnet. If you need inspiration on how to set up your own localnet with Docker Compose, you can have a look at the Cosmos SDK's [`docker-compose.yml`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/docker-compose.yml). + +### Standalone App/CometBFT + +By default, the Cosmos SDK runs CometBFT in-process with the application +If you want to run the application and CometBFT in separate processes, +start the application with the `--with-comet=false` flag +and set `rpc.laddr` in `config.toml` to the CometBFT node's RPC address. + +## Logging + +Logging provides a way to see what is going on with a node. The default logging level is info. This is a global level and all info logs will be outputted to the terminal. If you would like to filter specific logs to the terminal instead of all, then setting `module:log_level` is how this can work. + +Example: + +In config.toml: + +```toml +log_level: "state:info,p2p:info,consensus:info,x/staking:info,x/ibc:info,*error" +``` + +## State Sync + +State sync is the act in which a node syncs the latest or close to the latest state of a blockchain. This is useful for users who don't want to sync all the blocks in history. Read more in [CometBFT documentation](https://docs.cometbft.com/v0.37/core/state-sync). + +State sync works thanks to snapshots. Read how the SDK handles snapshots [here](https://github.com/cosmos/cosmos-sdk/blob/825245d/store/snapshots/README.md). + +### Local State Sync + +Local state sync works similar to normal state sync except that it works off a local snapshot of state instead of one provided via the p2p network. The steps to start local state sync are similar to normal state sync with a few different designs. + +1. As mentioned in https://docs.cometbft.com/v0.37/core/state-sync, one must set a height and hash in the config.toml along with a few rpc servers (the aforementioned link has instructions on how to do this). +2. Run ` ` to restore a local snapshot (note: first load it from a file with the *load* command). +3. Bootstrapping Comet state to start the node after the snapshot has been ingested. This can be done with the bootstrap command ` comet bootstrap-state` + +### Snapshots Commands + +The Cosmos SDK provides commands for managing snapshots. +These commands can be added in an app with the following snippet in `cmd//root.go`: + +```go +import ( + "github.com/cosmos/cosmos-sdk/client/snapshot" +) + +func initRootCmd(/* ... */) { + // ... + rootCmd.AddCommand( + snapshot.Cmd(appCreator), + ) +} +``` + +Then the following commands are available at ` snapshots [command]`: + +* **list**: list local snapshots +* **load**: Load a snapshot archive file into snapshot store +* **restore**: Restore app state from local snapshot +* **export**: Export app state to snapshot store +* **dump**: Dump the snapshot as portable archive format +* **delete**: Delete a local snapshot diff --git a/copy-of-sdk-versioned_docs/version-0.53/user/run-node/02-interact-node.md b/copy-of-sdk-versioned_docs/version-0.53/user/run-node/02-interact-node.md new file mode 100644 index 00000000..a511aec4 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/user/run-node/02-interact-node.md @@ -0,0 +1,289 @@ +--- +sidebar_position: 1 +--- + +# Interacting with the Node + +:::note Synopsis +There are multiple ways to interact with a node: using the CLI, using gRPC or using the REST endpoints. +::: + +:::note Pre-requisite Readings + +* [gRPC, REST and CometBFT Endpoints](../../learn/advanced/06-grpc_rest.md) +* [Running a Node](./01-run-node.md) + +::: + +## Using the CLI + +Now that your chain is running, it is time to try sending tokens from the first account you created to a second account. In a new terminal window, start by running the following query command: + +```bash +simd query bank balances $MY_VALIDATOR_ADDRESS +``` + +You should see the current balance of the account you created, equal to the original balance of `stake` you granted it minus the amount you delegated via the `gentx`. Now, create a second account: + +```bash +simd keys add recipient --keyring-backend test + +# Put the generated address in a variable for later use. +RECIPIENT=$(simd keys show recipient -a --keyring-backend test) +``` + +The command above creates a local key-pair that is not yet registered on the chain. An account is created the first time it receives tokens from another account. Now, run the following command to send tokens to the `recipient` account: + +```bash +simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000000stake --chain-id my-test-chain --keyring-backend test + +# Check that the recipient account did receive the tokens. +simd query bank balances $RECIPIENT +``` + +Finally, delegate some of the stake tokens sent to the `recipient` account to the validator: + +```bash +simd tx staking delegate $(simd keys show my_validator --bech val -a --keyring-backend test) 500stake --from recipient --chain-id my-test-chain --keyring-backend test + +# Query the total delegations to `validator`. +simd query staking delegations-to $(simd keys show my_validator --bech val -a --keyring-backend test) +``` + +You should see two delegations, the first one made from the `gentx`, and the second one you just performed from the `recipient` account. + +## Using gRPC + +The Protobuf ecosystem developed tools for different use cases, including code-generation from `*.proto` files into various languages. These tools allow the building of clients easily. Often, the client connection (i.e. the transport) can be plugged and replaced very easily. Let's explore one of the most popular transport: [gRPC](../../learn/advanced/06-grpc_rest.md). + +Since the code generation library largely depends on your own tech stack, we will only present three alternatives: + +* `grpcurl` for generic debugging and testing, +* programmatically via Go, +* CosmJS for JavaScript/TypeScript developers. + +### grpcurl + +[grpcurl](https://github.com/fullstorydev/grpcurl) is like `curl` but for gRPC. It is also available as a Go library, but we will use it only as a CLI command for debugging and testing purposes. Follow the instructions in the previous link to install it. + +Assuming you have a local node running (either a localnet, or connected a live network), you should be able to run the following command to list the Protobuf services available (you can replace `localhost:9000` by the gRPC server endpoint of another node, which is configured under the `grpc.address` field inside [`app.toml`](../run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml)): + +```bash +grpcurl -plaintext localhost:9090 list +``` + +You should see a list of gRPC services, like `cosmos.bank.v1beta1.Query`. This is called reflection, which is a Protobuf endpoint returning a description of all available endpoints. Each of these represents a different Protobuf service, and each service exposes multiple RPC methods you can query against. + +In order to get a description of the service you can run the following command: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + describe cosmos.bank.v1beta1.Query # Service we want to inspect +``` + +It's also possible to execute an RPC call to query the node for information: + +```bash +grpcurl \ + -plaintext \ + -d "{\"address\":\"$MY_VALIDATOR_ADDRESS\"}" \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/AllBalances +``` + +The list of all available gRPC query endpoints is [coming soon](https://github.com/cosmos/cosmos-sdk/issues/7786). + +#### Query for historical state using grpcurl + +You may also query for historical data by passing some [gRPC metadata](https://github.com/grpc/grpc-go/blob/master/Documentation/grpc-metadata.md) to the query: the `x-cosmos-block-height` metadata should contain the block to query. Using grpcurl as above, the command looks like: + +```bash +grpcurl \ + -plaintext \ + -H "x-cosmos-block-height: 123" \ + -d "{\"address\":\"$MY_VALIDATOR_ADDRESS\"}" \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/AllBalances +``` + +Assuming the state at that block has not yet been pruned by the node, this query should return a non-empty response. + +### Programmatically via Go + +The following snippet shows how to query the state using gRPC inside a Go program. The idea is to create a gRPC connection, and use the Protobuf-generated client code to query the gRPC server. + +#### Install Cosmos SDK + + +```bash +go get github.com/cosmos/cosmos-sdk@main +``` + +```go +package main + +import ( + "context" + "fmt" + + "google.golang.org/grpc" + + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" +) + +func queryState() error { + myAddress, err := sdk.AccAddressFromBech32("cosmos1...") // the my_validator or recipient address. + if err != nil { + return err + } + + // Create a connection to the gRPC server. + grpcConn, err := grpc.Dial( + "127.0.0.1:9090", // your gRPC server address. + grpc.WithInsecure(), // The Cosmos SDK doesn't support any transport security mechanism. + // This instantiates a general gRPC codec which handles proto bytes. We pass in a nil interface registry + // if the request/response types contain interface instead of 'nil' you should pass the application specific codec. + grpc.WithDefaultCallOptions(grpc.ForceCodec(codec.NewProtoCodec(nil).GRPCCodec())), + ) + if err != nil { + return err + } + defer grpcConn.Close() + + // This creates a gRPC client to query the x/bank service. + bankClient := banktypes.NewQueryClient(grpcConn) + bankRes, err := bankClient.Balance( + context.Background(), + &banktypes.QueryBalanceRequest{Address: myAddress.String(), Denom: "stake"}, + ) + if err != nil { + return err + } + + fmt.Println(bankRes.GetBalance()) // Prints the account balance + + return nil +} + +func main() { + if err := queryState(); err != nil { + panic(err) + } +} +``` + +You can replace the query client (here we are using `x/bank`'s) with one generated from any other Protobuf service. The list of all available gRPC query endpoints is [coming soon](https://github.com/cosmos/cosmos-sdk/issues/7786). + +#### Query for historical state using Go + +Querying for historical blocks is done by adding the block height metadata in the gRPC request. + +```go +package main + +import ( + "context" + "fmt" + + "google.golang.org/grpc" + "google.golang.org/grpc/metadata" + + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + grpctypes "github.com/cosmos/cosmos-sdk/types/grpc" + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" +) + +func queryState() error { + myAddress, err := sdk.AccAddressFromBech32("cosmos1yerherx4d43gj5wa3zl5vflj9d4pln42n7kuzu") // the my_validator or recipient address. + if err != nil { + return err + } + + // Create a connection to the gRPC server. + grpcConn, err := grpc.Dial( + "127.0.0.1:9090", // your gRPC server address. + grpc.WithInsecure(), // The Cosmos SDK doesn't support any transport security mechanism. + // This instantiates a general gRPC codec which handles proto bytes. We pass in a nil interface registry + // if the request/response types contain interface instead of 'nil' you should pass the application specific codec. + grpc.WithDefaultCallOptions(grpc.ForceCodec(codec.NewProtoCodec(nil).GRPCCodec())), + ) + if err != nil { + return err + } + defer grpcConn.Close() + + // This creates a gRPC client to query the x/bank service. + bankClient := banktypes.NewQueryClient(grpcConn) + + var header metadata.MD + _, err = bankClient.Balance( + metadata.AppendToOutgoingContext(context.Background(), grpctypes.GRPCBlockHeightHeader, "12"), // Add metadata to request + &banktypes.QueryBalanceRequest{Address: myAddress.String(), Denom: "stake"}, + grpc.Header(&header), // Retrieve header from response + ) + if err != nil { + return err + } + blockHeight := header.Get(grpctypes.GRPCBlockHeightHeader) + + fmt.Println(blockHeight) // Prints the block height (12) + + return nil +} + +func main() { + if err := queryState(); err != nil { + panic(err) + } +} +``` + +### CosmJS + +CosmJS documentation can be found at [https://cosmos.github.io/cosmjs](https://cosmos.github.io/cosmjs). As of January 2021, CosmJS documentation is still work in progress. + +## Using the REST Endpoints + +As described in the [gRPC guide](../../learn/advanced/06-grpc_rest.md), all gRPC services on the Cosmos SDK are made available for more convenient REST-based queries through gRPC-gateway. The format of the URL path is based on the Protobuf service method's full-qualified name, but may contain small customizations so that final URLs look more idiomatic. For example, the REST endpoint for the `cosmos.bank.v1beta1.Query/AllBalances` method is `GET /cosmos/bank/v1beta1/balances/{address}`. Request arguments are passed as query parameters. + +Note that the REST endpoints are not enabled by default. To enable them, edit the `api` section of your `~/.simapp/config/app.toml` file: + +```toml +# Enable defines if the API server should be enabled. +enable = true +``` + +As a concrete example, the `curl` command to make balances request is: + +```bash +curl \ + -X GET \ + -H "Content-Type: application/json" \ + http://localhost:1317/cosmos/bank/v1beta1/balances/$MY_VALIDATOR_ADDRESS +``` + +Make sure to replace `localhost:1317` with the REST endpoint of your node, configured under the `api.address` field. + +The list of all available REST endpoints is available as a Swagger specification file, it can be viewed at `localhost:1317/swagger`. Make sure that the `api.swagger` field is set to true in your [`app.toml`](../run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml) file. + +### Query for historical state using REST + +Querying for historical state is done using the HTTP header `x-cosmos-block-height`. For example, a curl command would look like: + +```bash +curl \ + -X GET \ + -H "Content-Type: application/json" \ + -H "x-cosmos-block-height: 123" \ + http://localhost:1317/cosmos/bank/v1beta1/balances/$MY_VALIDATOR_ADDRESS +``` + +Assuming the state at that block has not yet been pruned by the node, this query should return a non-empty response. + +### Cross-Origin Resource Sharing (CORS) + +[CORS policies](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) are not enabled by default to help with security. If you would like to use the rest-server in a public environment we recommend you provide a reverse proxy, this can be done with [nginx](https://www.nginx.com/). For testing and development purposes there is an `enabled-unsafe-cors` field inside [`app.toml`](../run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml). diff --git a/copy-of-sdk-versioned_docs/version-0.53/user/run-node/03-txs.md b/copy-of-sdk-versioned_docs/version-0.53/user/run-node/03-txs.md new file mode 100644 index 00000000..d6a34388 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/user/run-node/03-txs.md @@ -0,0 +1,429 @@ +--- +sidebar_position: 1 +--- + +# Generating, Signing and Broadcasting Transactions + +:::note Synopsis +This document describes how to generate an (unsigned) transaction, signing it (with one or multiple keys), and broadcasting it to the network. +::: + +## Using the CLI + +The easiest way to send transactions is using the CLI, as we have seen in the previous page when [interacting with a node](./02-interact-node.md#using-the-cli). For example, running the following command + +```bash +simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake --chain-id my-test-chain --keyring-backend test +``` + +will run the following steps: + +* generate a transaction with one `Msg` (`x/bank`'s `MsgSend`), and print the generated transaction to the console. +* ask the user for confirmation to send the transaction from the `$MY_VALIDATOR_ADDRESS` account. +* fetch `$MY_VALIDATOR_ADDRESS` from the keyring. This is possible because we have [set up the CLI's keyring](./00-keyring.md) in a previous step. +* sign the generated transaction with the keyring's account. +* broadcast the signed transaction to the network. This is possible because the CLI connects to the node's CometBFT RPC endpoint. + +The CLI bundles all the necessary steps into a simple-to-use user experience. However, it's possible to run all the steps individually too. + +### Generating a Transaction + +Generating a transaction can simply be done by appending the `--generate-only` flag on any `tx` command, e.g.: + +```bash +simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake --chain-id my-test-chain --generate-only +``` + +This will output the unsigned transaction as JSON in the console. We can also save the unsigned transaction to a file (to be passed around between signers more easily) by appending `> unsigned_tx.json` to the above command. + +### Signing a Transaction + +Signing a transaction using the CLI requires the unsigned transaction to be saved in a file. Let's assume the unsigned transaction is in a file called `unsigned_tx.json` in the current directory (see previous paragraph on how to do that). Then, simply run the following command: + +```bash +simd tx sign unsigned_tx.json --chain-id my-test-chain --keyring-backend test --from $MY_VALIDATOR_ADDRESS +``` + +This command will decode the unsigned transaction and sign it with `SIGN_MODE_DIRECT` with `$MY_VALIDATOR_ADDRESS`'s key, which we already set up in the keyring. The signed transaction will be output as JSON to the console, and, as above, we can save it to a file by appending `--output-document signed_tx.json`. + +Some useful flags to consider in the `tx sign` command: + +* `--sign-mode`: you may use `amino-json` to sign the transaction using `SIGN_MODE_LEGACY_AMINO_JSON`, +* `--offline`: sign in offline mode. This means that the `tx sign` command doesn't connect to the node to retrieve the signer's account number and sequence, both needed for signing. In this case, you must manually supply the `--account-number` and `--sequence` flags. This is useful for offline signing, i.e. signing in a secure environment which doesn't have access to the internet. + +#### Signing with Multiple Signers + +:::warning +Please note that signing a transaction with multiple signers or with a multisig account, where at least one signer uses `SIGN_MODE_DIRECT`, is not yet possible. You may follow [this Github issue](https://github.com/cosmos/cosmos-sdk/issues/8141) for more info. +::: + +Signing with multiple signers is done with the `tx multisign` command. This command assumes that all signers use `SIGN_MODE_LEGACY_AMINO_JSON`. The flow is similar to the `tx sign` command flow, but instead of signing an unsigned transaction file, each signer signs the file signed by previous signer(s). The `tx multisign` command will append signatures to the existing transactions. It is important that signers sign the transaction **in the same order** as given by the transaction, which is retrievable using the `GetSigners()` method. + +For example, starting with the `unsigned_tx.json`, and assuming the transaction has 4 signers, we would run: + +```bash +# Let signer1 sign the unsigned tx. +simd tx multisign unsigned_tx.json signer_key_1 --chain-id my-test-chain --keyring-backend test > partial_tx_1.json +# Now signer1 will send the partial_tx_1.json to the signer2. +# Signer2 appends their signature: +simd tx multisign partial_tx_1.json signer_key_2 --chain-id my-test-chain --keyring-backend test > partial_tx_2.json +# Signer2 sends the partial_tx_2.json file to signer3, and signer3 can append his signature: +simd tx multisign partial_tx_2.json signer_key_3 --chain-id my-test-chain --keyring-backend test > partial_tx_3.json +``` + +### Broadcasting a Transaction + +Broadcasting a transaction is done using the following command: + +```bash +simd tx broadcast tx_signed.json +``` + +You may optionally pass the `--broadcast-mode` flag to specify which response to receive from the node: + +* `sync`: the CLI waits for a CheckTx execution response only. +* `async`: the CLI returns immediately (transaction might fail). + +### Encoding a Transaction + +In order to broadcast a transaction using the gRPC or REST endpoints, the transaction will need to be encoded first. This can be done using the CLI. + +Encoding a transaction is done using the following command: + +```bash +simd tx encode tx_signed.json +``` + +This will read the transaction from the file, serialize it using Protobuf, and output the transaction bytes as base64 in the console. + +### Decoding a Transaction + +The CLI can also be used to decode transaction bytes. + +Decoding a transaction is done using the following command: + +```bash +simd tx decode [protobuf-byte-string] +``` + +This will decode the transaction bytes and output the transaction as JSON in the console. You can also save the transaction to a file by appending `> tx.json` to the above command. + +## Programmatically with Go + +It is possible to manipulate transactions programmatically via Go using the Cosmos SDK's `TxBuilder` interface. + +### Generating a Transaction + +Before generating a transaction, a new instance of a `TxBuilder` needs to be created. Since the Cosmos SDK supports both Amino and Protobuf transactions, the first step would be to decide which encoding scheme to use. All the subsequent steps remain unchanged, whether you're using Amino or Protobuf, as `TxBuilder` abstracts the encoding mechanisms. In the following snippet, we will use Protobuf. + +```go +import ( + "github.com/cosmos/cosmos-sdk/simapp" +) + +func sendTx() error { + // Choose your codec: Amino or Protobuf. Here, we use Protobuf, given by the following function. + app := simapp.NewSimApp(...) + + // Create a new TxBuilder. + txBuilder := app.TxConfig().NewTxBuilder() + + // --snip-- +} +``` + +We can also set up some keys and addresses that will send and receive the transactions. Here, for the purpose of the tutorial, we will be using some dummy data to create keys. + +```go +import ( + "github.com/cosmos/cosmos-sdk/testutil/testdata" +) + +priv1, _, addr1 := testdata.KeyTestPubAddr() +priv2, _, addr2 := testdata.KeyTestPubAddr() +priv3, _, addr3 := testdata.KeyTestPubAddr() +``` + +Populating the `TxBuilder` can be done via its methods: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/tx_config.go#L39-L57 +``` + +```go +import ( + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" +) + +func sendTx() error { + // --snip-- + + // Define two x/bank MsgSend messages: + // - from addr1 to addr3, + // - from addr2 to addr3. + // This means that the transactions needs two signers: addr1 and addr2. + msg1 := banktypes.NewMsgSend(addr1, addr3, types.NewCoins(types.NewInt64Coin("atom", 12))) + msg2 := banktypes.NewMsgSend(addr2, addr3, types.NewCoins(types.NewInt64Coin("atom", 34))) + + err := txBuilder.SetMsgs(msg1, msg2) + if err != nil { + return err + } + + txBuilder.SetGasLimit(...) + txBuilder.SetFeeAmount(...) + txBuilder.SetMemo(...) + txBuilder.SetTimeoutHeight(...) +} +``` + +At this point, `TxBuilder`'s underlying transaction is ready to be signed. + +#### Generating an Unordered Transaction + +Starting with Cosmos SDK v0.53.0, users may send unordered transactions to chains that have the feature enabled. + +:::warning + +Unordered transactions MUST leave sequence values unset. When a transaction is both unordered and contains a non-zero sequence value, +the transaction will be rejected. External services that operate on prior assumptions about transaction sequence values should be updated to handle unordered transactions. +Services should be aware that when the transaction is unordered, the transaction sequence will always be zero. + +::: + +Using the example above, we can set the required fields to mark a transaction as unordered. +By default, unordered transactions charge an extra 2240 units of gas to offset the additional storage overhead that supports their functionality. +The extra units of gas are customizable and therefore vary by chain, so be sure to check the chain's ante handler for the gas value set, if any. + +```go +func sendTx() error { + // --snip-- + expiration := 5 * time.Minute + txBuilder.SetUnordered(true) + txBuilder.SetTimeoutTimestamp(time.Now().Add(expiration + (1 * time.Nanosecond))) +} +``` + +Unordered transactions from the same account must use a unique timeout timestamp value. The difference between each timeout timestamp value may be as small as a nanosecond, however. + +```go +import ( + "github.com/cosmos/cosmos-sdk/client" +) + +func sendMessages(txBuilders []client.TxBuilder) error { + // --snip-- + expiration := 5 * time.Minute + for _, txb := range txBuilders { + txb.SetUnordered(true) + txb.SetTimeoutTimestamp(time.Now().Add(expiration + (1 * time.Nanosecond))) + } +} +``` + +### Signing a Transaction + +We set encoding config to use Protobuf, which will use `SIGN_MODE_DIRECT` by default. As per [ADR-020](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-020-protobuf-transaction-encoding.md), each signer needs to sign the `SignerInfo`s of all other signers. This means that we need to perform two steps sequentially: + +* for each signer, populate the signer's `SignerInfo` inside `TxBuilder`, +* once all `SignerInfo`s are populated, for each signer, sign the `SignDoc` (the payload to be signed). + +In the current `TxBuilder`'s API, both steps are done using the same method: `SetSignatures()`. The current API requires us to first perform a round of `SetSignatures()` _with empty signatures_, only to populate `SignerInfo`s, and a second round of `SetSignatures()` to actually sign the correct payload. + +```go +import ( + cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" + "github.com/cosmos/cosmos-sdk/types/tx/signing" + xauthsigning "github.com/cosmos/cosmos-sdk/x/auth/signing" +) + +func sendTx() error { + // --snip-- + + privs := []cryptotypes.PrivKey{priv1, priv2} + accNums:= []uint64{..., ...} // The accounts' account numbers + accSeqs:= []uint64{..., ...} // The accounts' sequence numbers + + // First round: we gather all the signer infos. We use the "set empty + // signature" hack to do that. + var sigsV2 []signing.SignatureV2 + for i, priv := range privs { + sigV2 := signing.SignatureV2{ + PubKey: priv.PubKey(), + Data: &signing.SingleSignatureData{ + SignMode: encCfg.TxConfig.SignModeHandler().DefaultMode(), + Signature: nil, + }, + Sequence: accSeqs[i], + } + + sigsV2 = append(sigsV2, sigV2) + } + err := txBuilder.SetSignatures(sigsV2...) + if err != nil { + return err + } + + // Second round: all signer infos are set, so each signer can sign. + sigsV2 = []signing.SignatureV2{} + for i, priv := range privs { + signerData := xauthsigning.SignerData{ + ChainID: chainID, + AccountNumber: accNums[i], + Sequence: accSeqs[i], + } + sigV2, err := tx.SignWithPrivKey( + encCfg.TxConfig.SignModeHandler().DefaultMode(), signerData, + txBuilder, priv, encCfg.TxConfig, accSeqs[i]) + if err != nil { + return nil, err + } + + sigsV2 = append(sigsV2, sigV2) + } + err = txBuilder.SetSignatures(sigsV2...) + if err != nil { + return err + } +} +``` + +The `TxBuilder` is now correctly populated. To print it, you can use the `TxConfig` interface from the initial encoding config `encCfg`: + +```go +func sendTx() error { + // --snip-- + + // Generated Protobuf-encoded bytes. + txBytes, err := encCfg.TxConfig.TxEncoder()(txBuilder.GetTx()) + if err != nil { + return err + } + + // Generate a JSON string. + txJSONBytes, err := encCfg.TxConfig.TxJSONEncoder()(txBuilder.GetTx()) + if err != nil { + return err + } + txJSON := string(txJSONBytes) +} +``` + +### Broadcasting a Transaction + +The preferred way to broadcast a transaction is to use gRPC, though using REST (via `gRPC-gateway`) or the CometBFT RPC is also possible. An overview of the differences between these methods is exposed [here](../../learn/advanced/06-grpc_rest.md). For this tutorial, we will only describe the gRPC method. + +```go +import ( + "context" + "fmt" + + "google.golang.org/grpc" + + "github.com/cosmos/cosmos-sdk/types/tx" +) + +func sendTx(ctx context.Context) error { + // --snip-- + + // Create a connection to the gRPC server. + grpcConn := grpc.Dial( + "127.0.0.1:9090", // Or your gRPC server address. + grpc.WithInsecure(), // The Cosmos SDK doesn't support any transport security mechanism. + ) + defer grpcConn.Close() + + // Broadcast the tx via gRPC. We create a new client for the Protobuf Tx + // service. + txClient := tx.NewServiceClient(grpcConn) + // We then call the BroadcastTx method on this client. + grpcRes, err := txClient.BroadcastTx( + ctx, + &tx.BroadcastTxRequest{ + Mode: tx.BroadcastMode_BROADCAST_MODE_SYNC, + TxBytes: txBytes, // Proto-binary of the signed transaction, see previous step. + }, + ) + if err != nil { + return err + } + + fmt.Println(grpcRes.TxResponse.Code) // Should be `0` if the tx is successful + + return nil +} +``` + +#### Simulating a Transaction + +Before broadcasting a transaction, we sometimes may want to dry-run the transaction, to estimate some information about the transaction without actually committing it. This is called simulating a transaction, and can be done as follows: + +```go +import ( + "context" + "fmt" + "testing" + + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/types/tx" + authtx "github.com/cosmos/cosmos-sdk/x/auth/tx" +) + +func simulateTx() error { + // --snip-- + + // Simulate the tx via gRPC. We create a new client for the Protobuf Tx + // service. + txClient := tx.NewServiceClient(grpcConn) + txBytes := /* Fill in with your signed transaction bytes. */ + + // We then call the Simulate method on this client. + grpcRes, err := txClient.Simulate( + context.Background(), + &tx.SimulateRequest{ + TxBytes: txBytes, + }, + ) + if err != nil { + return err + } + + fmt.Println(grpcRes.GasInfo) // Prints estimated gas used. + + return nil +} +``` + +## Using gRPC + +It is not possible to generate or sign a transaction using gRPC, only to broadcast one. In order to broadcast a transaction using gRPC, you will need to generate, sign, and encode the transaction using either the CLI or programmatically with Go. + +### Broadcasting a Transaction + +Broadcasting a transaction using the gRPC endpoint can be done by sending a `BroadcastTx` request as follows, where the `txBytes` are the protobuf-encoded bytes of a signed transaction: + +```bash +grpcurl -plaintext \ + -d '{"tx_bytes":"{{txBytes}}","mode":"BROADCAST_MODE_SYNC"}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/BroadcastTx +``` + +## Using REST + +It is not possible to generate or sign a transaction using REST, only to broadcast one. In order to broadcast a transaction using REST, you will need to generate, sign, and encode the transaction using either the CLI or programmatically with Go. + +### Broadcasting a Transaction + +Broadcasting a transaction using the REST endpoint (served by `gRPC-gateway`) can be done by sending a POST request as follows, where the `txBytes` are the protobuf-encoded bytes of a signed transaction: + +```bash +curl -X POST \ + -H "Content-Type: application/json" \ + -d'{"tx_bytes":"{{txBytes}}","mode":"BROADCAST_MODE_SYNC"}' \ + localhost:1317/cosmos/tx/v1beta1/txs +``` + +## Using CosmJS (JavaScript & TypeScript) + +CosmJS aims to build client libraries in JavaScript that can be embedded in web applications. Please see [https://cosmos.github.io/cosmjs](https://cosmos.github.io/cosmjs) for more information. As of January 2021, CosmJS documentation is still work in progress. diff --git a/copy-of-sdk-versioned_docs/version-0.53/user/run-node/05-run-testnet.md b/copy-of-sdk-versioned_docs/version-0.53/user/run-node/05-run-testnet.md new file mode 100644 index 00000000..9200042e --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/user/run-node/05-run-testnet.md @@ -0,0 +1,101 @@ +--- +sidebar_position: 1 +--- + +# Running a Testnet + +:::note Synopsis +The `simd testnet` subcommand makes it easy to initialize and start a simulated test network for testing purposes. +::: + +In addition to the commands for [running a node](./01-run-node.md), the `simd` binary also includes a `testnet` command that allows you to start a simulated test network in-process or to initialize files for a simulated test network that runs in a separate process. + +## Initialize Files + +First, let's take a look at the `init-files` subcommand. + +This is similar to the `init` command when initializing a single node, but in this case we are initializing multiple nodes, generating the genesis transactions for each node, and then collecting those transactions. + +The `init-files` subcommand initializes the necessary files to run a test network in a separate process (i.e. using a Docker container). Running this command is not a prerequisite for the `start` subcommand ([see below](#start-testnet)). + +In order to initialize the files for a test network, run the following command: + +```bash +simd testnet init-files +``` + +You should see the following output in your terminal: + +```bash +Successfully initialized 4 node directories +``` + +The default output directory is a relative `.testnets` directory. Let's take a look at the files created within the `.testnets` directory. + +### gentxs + +The `gentxs` directory includes a genesis transaction for each validator node. Each file includes a JSON encoded genesis transaction used to register a validator node at the time of genesis. The genesis transactions are added to the `genesis.json` file within each node directory during the initialization process. + +### nodes + +A node directory is created for each validator node. Within each node directory is a `simd` directory. The `simd` directory is the home directory for each node, which includes the configuration and data files for that node (i.e. the same files included in the default `~/.simapp` directory when running a single node). + +## Start Testnet + +Now, let's take a look at the `start` subcommand. + +The `start` subcommand both initializes and starts an in-process test network. This is the fastest way to spin up a local test network for testing purposes. + +You can start the local test network by running the following command: + +```bash +simd testnet start +``` + +You should see something similar to the following: + +```bash +acquiring test network lock +preparing test network with chain-id "chain-mtoD9v" + + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++ THIS MNEMONIC IS FOR TESTING PURPOSES ONLY ++ +++ DO NOT USE IN PRODUCTION ++ +++ ++ +++ sustain know debris minute gate hybrid stereo custom ++ +++ divorce cross spoon machine latin vibrant term oblige ++ +++ moment beauty laundry repeat grab game bronze truly ++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + +starting test network... +started test network +press the Enter Key to terminate +``` + +The first validator node is now running in-process, which means the test network will terminate once you either close the terminal window or you press the Enter key. In the output, the mnemonic phrase for the first validator node is provided for testing purposes. The validator node is using the same default addresses being used when initializing and starting a single node (no need to provide a `--node` flag). + +Check the status of the first validator node: + +```shell +simd status +``` + +Import the key from the provided mnemonic: + +```shell +simd keys add test --recover --keyring-backend test +``` + +Check the balance of the account address: + +```shell +simd q bank balances [address] +``` + +Use this test account to manually test against the test network. + +## Testnet Options + +You can customize the configuration of the test network with flags. In order to see all flag options, append the `--help` flag to each command. diff --git a/copy-of-sdk-versioned_docs/version-0.53/user/run-node/06-run-production.md b/copy-of-sdk-versioned_docs/version-0.53/user/run-node/06-run-production.md new file mode 100644 index 00000000..dd9d9d11 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/user/run-node/06-run-production.md @@ -0,0 +1,269 @@ +--- +sidebar_position: 1 +--- + +# Running in Production + +:::note Synopsis +This section describes how to securely run a node in a public setting and/or on a mainnet on one of the many Cosmos SDK public blockchains. +::: + +When operating a node, full node or validator, in production it is important to set your server up securely. + +:::note +There are many different ways to secure a server and your node, the described steps here is one way. To see another way of setting up a server see the [run in production tutorial](https://tutorials.cosmos.network/hands-on-exercise/4-run-in-prod). +::: + +:::note +This walkthrough assumes the underlying operating system is Ubuntu. +::: + +## Sever Setup + +### User + +When creating a server most times it is created as user `root`. This user has heightened privileges on the server. When operating a node, it is recommended to not run your node as the root user. + +1. Create a new user + +```bash +sudo adduser change_me +``` + +2. We want to allow this user to perform sudo tasks + +```bash +sudo usermod -aG sudo change_me +``` + +Now when logging into the server, the non `root` user can be used. + +### Go + +1. Install the [Go](https://go.dev/doc/install) version preconized by the application. + +:::warning +In the past, validators [have had issues](https://github.com/cosmos/cosmos-sdk/issues/13976) when using different versions of Go. It is recommended that the whole validator set uses the version of Go that is preconized by the application. +::: + +### Firewall + +Nodes should not have all ports open to the public, this is a simple way to get DDOS'd. Secondly it is recommended by [CometBFT](https://github.com/cometbft/cometbft) to never expose ports that are not required to operate a node. + +When setting up a firewall there are a few ports that can be open when operating a Cosmos SDK node. There is the CometBFT json-RPC, prometheus, p2p, remote signer and Cosmos SDK GRPC and REST. If the node is being operated as a node that does not offer endpoints to be used for submission or querying then a max of three endpoints are needed. + +Most, if not all servers come equipped with [ufw](https://help.ubuntu.com/community/UFW). Ufw will be used in this tutorial. + +1. Reset UFW to disallow all incoming connections and allow outgoing + +```bash +sudo ufw default deny incoming +sudo ufw default allow outgoing +``` + +2. Lets make sure that port 22 (ssh) stays open. + +```bash +sudo ufw allow ssh +``` + +or + +```bash +sudo ufw allow 22 +``` + +Both of the above commands are the same. + +3. Allow Port 26656 (cometbft p2p port). If the node has a modified p2p port then that port must be used here. + +```bash +sudo ufw allow 26656/tcp +``` + +4. Allow port 26660 (cometbft [prometheus](https://prometheus.io)). This acts as the applications monitoring port as well. + +```bash +sudo ufw allow 26660/tcp +``` + +5. IF the node which is being setup would like to expose CometBFTs jsonRPC and Cosmos SDK GRPC and REST then follow this step. (Optional) + +##### CometBFT JsonRPC + +```bash +sudo ufw allow 26657/tcp +``` + +##### Cosmos SDK GRPC + +```bash +sudo ufw allow 9090/tcp +``` + +##### Cosmos SDK REST + +```bash +sudo ufw allow 1317/tcp +``` + +6. Lastly, enable ufw + +```bash +sudo ufw enable +``` + +### Signing + +If the node that is being started is a validator there are multiple ways a validator could sign blocks. + +#### File + +File based signing is the simplest and default approach. This approach works by storing the consensus key, generated on initialization, to sign blocks. This approach is only as safe as your server setup as if the server is compromised so is your key. This key is located in the `config/priv_val_key.json` directory generated on initialization. + +A second file exists that user must be aware of, the file is located in the data directory `data/priv_val_state.json`. This file protects your node from double signing. It keeps track of the consensus keys last sign height, round and latest signature. If the node crashes and needs to be recovered this file must be kept in order to ensure that the consensus key will not be used for signing a block that was previously signed. + +#### Remote Signer + +A remote signer is a secondary server that is separate from the running node that signs blocks with the consensus key. This means that the consensus key does not live on the node itself. This increases security because your full node which is connected to the remote signer can be swapped without missing blocks. + +The two most used remote signers are [tmkms](https://github.com/iqlusioninc/tmkms) from [Iqlusion](https://www.iqlusion.io) and [horcrux](https://github.com/strangelove-ventures/horcrux) from [Strangelove](https://strange.love). + +##### TMKMS + +###### Dependencies + +1. Update server dependencies and install extras needed. + +```sh +sudo apt update -y && sudo apt install build-essential curl jq -y +``` + +2. Install Rust: + +```sh +curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh +``` + +3. Install Libusb: + +```sh +sudo apt install libusb-1.0-0-dev +``` + +###### Setup + +There are two ways to install tmkms, from source or `cargo install`. In the examples we will cover downloading or building from source and using softsign. Softsign stands for software signing, but you could use a [yubihsm](https://www.yubico.com/products/hardware-security-module/) as your signing key if you wish. + +1. Build: + +From source: + +```bash +cd $HOME +git clone https://github.com/iqlusioninc/tmkms.git +cd $HOME/tmkms +cargo install tmkms --features=softsign +tmkms init config +tmkms softsign keygen ./config/secrets/secret_connection_key +``` + +or + +Cargo install: + +```bash +cargo install tmkms --features=softsign +tmkms init config +tmkms softsign keygen ./config/secrets/secret_connection_key +``` + +:::note +To use tmkms with a yubikey install the binary with `--features=yubihsm`. +::: + +2. Migrate the validator key from the full node to the new tmkms instance. + +```bash +scp user@123.456.32.123:~/.simd/config/priv_validator_key.json ~/tmkms/config/secrets +``` + +3. Import the validator key into tmkms. + +```bash +tmkms softsign import $HOME/tmkms/config/secrets/priv_validator_key.json $HOME/tmkms/config/secrets/priv_validator_key +``` + +At this point, it is necessary to delete the `priv_validator_key.json` from the validator node and the tmkms node. Since the key has been imported into tmkms (above) it is no longer necessary on the nodes. The key can be safely stored offline. + +4. Modifiy the `tmkms.toml`. + +```bash +vim $HOME/tmkms/config/tmkms.toml +``` + +This example shows a configuration that could be used for soft signing. The example has an IP of `123.456.12.345` with a port of `26659` a chain_id of `test-chain-waSDSe`. These are items that most be modified for the usecase of tmkms and the network. + +```toml +# CometBFT KMS configuration file + +## Chain Configuration + +[[chain]] +id = "osmosis-1" +key_format = { type = "bech32", account_key_prefix = "cosmospub", consensus_key_prefix = "cosmosvalconspub" } +state_file = "/root/tmkms/config/state/priv_validator_state.json" + +## Signing Provider Configuration + +### Software-based Signer Configuration + +[[providers.softsign]] +chain_ids = ["test-chain-waSDSe"] +key_type = "consensus" +path = "/root/tmkms/config/secrets/priv_validator_key" + +## Validator Configuration + +[[validator]] +chain_id = "test-chain-waSDSe" +addr = "tcp://123.456.12.345:26659" +secret_key = "/root/tmkms/config/secrets/secret_connection_key" +protocol_version = "v0.34" +reconnect = true +``` + +5. Set the address of the tmkms instance. + +```bash +vim $HOME/.simd/config/config.toml + +priv_validator_laddr = "tcp://0.0.0.0:26659" +``` + +:::tip +The above address it set to `0.0.0.0` but it is recommended to set the tmkms server to secure the startup +::: + +:::tip +It is recommended to comment or delete the lines that specify the path of the validator key and validator: + +```toml +# Path to the JSON file containing the private key to use as a validator in the consensus protocol +# priv_validator_key_file = "config/priv_validator_key.json" + +# Path to the JSON file containing the last sign state of a validator +# priv_validator_state_file = "data/priv_validator_state.json" +``` + +::: + +6. Start the two processes. + +```bash +tmkms start -c $HOME/tmkms/config/tmkms.toml +``` + +```bash +simd start +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/user/run-node/_category_.json b/copy-of-sdk-versioned_docs/version-0.53/user/run-node/_category_.json new file mode 100644 index 00000000..65e64b94 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/user/run-node/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Running a Node, API and CLI", + "position": 0, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.53/user/user.md b/copy-of-sdk-versioned_docs/version-0.53/user/user.md new file mode 100644 index 00000000..14fc78e9 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/user/user.md @@ -0,0 +1,10 @@ +--- +sidebar_position: 0 +--- +# User Guides + +This section is designed for developers who are using the Cosmos SDK to build applications. It provides essential guides and references to effectively use the SDK's features. + +* [Setting up keys](./run-node/00-keyring.md) - Learn how to set up secure key management using the Cosmos SDK's keyring feature. This guide provides a streamlined approach to cryptographic key handling, which is crucial for securing your application. +* [Running a node](./run-node/01-run-node.md) - This guide provides step-by-step instructions to deploy and manage a node in the Cosmos network. It ensures a smooth and reliable operation of your blockchain application by covering all the necessary setup and maintenance steps. +* [CLI](./run-node/02-interact-node.md) - Discover how to navigate and interact with the Cosmos SDK using the Command Line Interface (CLI). This section covers efficient and powerful command-based operations that can help you manage your application effectively. \ No newline at end of file From 351203f2f18acbf640bc52d4116880909b029fd9 Mon Sep 17 00:00:00 2001 From: Cordt Date: Wed, 15 Oct 2025 09:48:15 -0600 Subject: [PATCH 02/26] restore full sdk docs --- .../docs/learn/advanced/00-baseapp.md | 547 ++++++++++++++++ .../docs/learn/advanced/01-transactions.md | 229 +++++++ .../docs/learn/advanced/02-context.md | 103 +++ .../docs/learn/advanced/03-node.md | 96 +++ .../docs/learn/advanced/04-store.md | 288 +++++++++ .../docs/learn/advanced/05-encoding.md | 285 +++++++++ .../docs/learn/advanced/06-grpc_rest.md | 105 +++ .../docs/learn/advanced/07-cli.md | 211 ++++++ .../docs/learn/advanced/08-events.md | 159 +++++ .../docs/learn/advanced/09-telemetry.md | 128 ++++ .../docs/learn/advanced/10-ocap.md | 76 +++ .../learn/advanced/11-runtx_middleware.md | 67 ++ .../docs/learn/advanced/12-simulation.md | 94 +++ .../docs/learn/advanced/13-proto-docs.md | 7 + .../docs/learn/advanced/15-upgrade.md | 162 +++++ .../docs/learn/advanced/16-config.md | 24 + .../docs/learn/advanced/17-autocli.md | 258 ++++++++ .../docs/learn/advanced/_category_.json | 5 + .../advanced/baseapp_state-begin_block.png | Bin 0 -> 20565 bytes .../learn/advanced/baseapp_state-checktx.png | Bin 0 -> 82308 bytes .../learn/advanced/baseapp_state-commit.png | Bin 0 -> 47662 bytes .../advanced/baseapp_state-deliver_tx.png | Bin 0 -> 59007 bytes .../advanced/baseapp_state-initchain.png | Bin 0 -> 243455 bytes .../baseapp_state-prepareproposal.png | Bin 0 -> 274049 bytes .../baseapp_state-processproposal.png | Bin 0 -> 248588 bytes .../docs/learn/advanced/baseapp_state.png | Bin 0 -> 338941 bytes .../docs/learn/advanced/blockprocessing-1.png | Bin 0 -> 453261 bytes .../learn/advanced/blockprocessing.excalidraw | Bin 0 -> 46151 bytes .../docs/learn/beginner/00-app-anatomy.md | 279 ++++++++ .../docs/learn/beginner/01-tx-lifecycle.md | 284 +++++++++ .../docs/learn/beginner/02-query-lifecycle.md | 147 +++++ .../docs/learn/beginner/03-accounts.md | 281 ++++++++ .../docs/learn/beginner/04-gas-fees.md | 101 +++ .../docs/learn/beginner/_category_.json | 5 + .../docs/learn/intro/00-overview.md | 43 ++ .../docs/learn/intro/01-why-app-specific.md | 79 +++ .../learn/intro/02-sdk-app-architecture.md | 93 +++ .../docs/learn/intro/03-sdk-design.md | 64 ++ .../docs/learn/intro/Maincomps.excalidraw | 603 ++++++++++++++++++ .../docs/learn/intro/_category_.json | 5 + .../docs/learn/intro/main-components.png | Bin 0 -> 61439 bytes copy-of-sdk-docs/docs/learn/learn.md | 11 + .../docs/tutorials/_category_.json | 5 + .../transactions/00-building-a-transaction.md | 190 ++++++ .../tutorials/transactions/_category_.json | 5 + copy-of-sdk-docs/docs/tutorials/tutorials.md | 12 + .../tutorials/vote-extensions/_category_.json | 5 + .../00-getting-started.md | 40 ++ .../01-understanding-frontrunning.md | 41 ++ ...ting-front-running-with-vote-extensions.md | 331 ++++++++++ ...-front-running-with-vote-extensions.md.bak | 331 ++++++++++ ...ating-front-running-with-vote-extesions.md | 331 ++++++++++ ...g-front-running-with-vote-extesions.md.bak | 331 ++++++++++ .../03-demo-of-mitigating-front-running.md | 106 +++ ...03-demo-of-mitigating-front-running.md.bak | 106 +++ .../auction-frontrunning/_category_.json | 5 + .../oracle/00-getting-started.md | 36 ++ .../oracle/01-what-is-an-oracle.md | 13 + .../oracle/02-implementing-vote-extensions.md | 219 +++++++ .../oracle/03-testing-oracle.md | 57 ++ .../vote-extensions/oracle/_category_.json | 5 + .../docs/user/run-node/00-keyring.md | 145 +++++ .../docs/user/run-node/01-run-node.md | 218 +++++++ .../docs/user/run-node/02-interact-node.md | 289 +++++++++ copy-of-sdk-docs/docs/user/run-node/03-txs.md | 429 +++++++++++++ .../docs/user/run-node/04-rosetta.md | 144 +++++ .../docs/user/run-node/05-run-testnet.md | 101 +++ .../docs/user/run-node/06-run-production.md | 269 ++++++++ .../docs/user/run-node/_category_.json | 5 + copy-of-sdk-docs/docs/user/user.md | 10 + 70 files changed, 8618 insertions(+) create mode 100644 copy-of-sdk-docs/docs/learn/advanced/00-baseapp.md create mode 100644 copy-of-sdk-docs/docs/learn/advanced/01-transactions.md create mode 100644 copy-of-sdk-docs/docs/learn/advanced/02-context.md create mode 100644 copy-of-sdk-docs/docs/learn/advanced/03-node.md create mode 100644 copy-of-sdk-docs/docs/learn/advanced/04-store.md create mode 100644 copy-of-sdk-docs/docs/learn/advanced/05-encoding.md create mode 100644 copy-of-sdk-docs/docs/learn/advanced/06-grpc_rest.md create mode 100644 copy-of-sdk-docs/docs/learn/advanced/07-cli.md create mode 100644 copy-of-sdk-docs/docs/learn/advanced/08-events.md create mode 100644 copy-of-sdk-docs/docs/learn/advanced/09-telemetry.md create mode 100644 copy-of-sdk-docs/docs/learn/advanced/10-ocap.md create mode 100644 copy-of-sdk-docs/docs/learn/advanced/11-runtx_middleware.md create mode 100644 copy-of-sdk-docs/docs/learn/advanced/12-simulation.md create mode 100644 copy-of-sdk-docs/docs/learn/advanced/13-proto-docs.md create mode 100644 copy-of-sdk-docs/docs/learn/advanced/15-upgrade.md create mode 100644 copy-of-sdk-docs/docs/learn/advanced/16-config.md create mode 100644 copy-of-sdk-docs/docs/learn/advanced/17-autocli.md create mode 100644 copy-of-sdk-docs/docs/learn/advanced/_category_.json create mode 100644 copy-of-sdk-docs/docs/learn/advanced/baseapp_state-begin_block.png create mode 100644 copy-of-sdk-docs/docs/learn/advanced/baseapp_state-checktx.png create mode 100644 copy-of-sdk-docs/docs/learn/advanced/baseapp_state-commit.png create mode 100644 copy-of-sdk-docs/docs/learn/advanced/baseapp_state-deliver_tx.png create mode 100644 copy-of-sdk-docs/docs/learn/advanced/baseapp_state-initchain.png create mode 100644 copy-of-sdk-docs/docs/learn/advanced/baseapp_state-prepareproposal.png create mode 100644 copy-of-sdk-docs/docs/learn/advanced/baseapp_state-processproposal.png create mode 100644 copy-of-sdk-docs/docs/learn/advanced/baseapp_state.png create mode 100644 copy-of-sdk-docs/docs/learn/advanced/blockprocessing-1.png create mode 100644 copy-of-sdk-docs/docs/learn/advanced/blockprocessing.excalidraw create mode 100644 copy-of-sdk-docs/docs/learn/beginner/00-app-anatomy.md create mode 100644 copy-of-sdk-docs/docs/learn/beginner/01-tx-lifecycle.md create mode 100644 copy-of-sdk-docs/docs/learn/beginner/02-query-lifecycle.md create mode 100644 copy-of-sdk-docs/docs/learn/beginner/03-accounts.md create mode 100644 copy-of-sdk-docs/docs/learn/beginner/04-gas-fees.md create mode 100644 copy-of-sdk-docs/docs/learn/beginner/_category_.json create mode 100644 copy-of-sdk-docs/docs/learn/intro/00-overview.md create mode 100644 copy-of-sdk-docs/docs/learn/intro/01-why-app-specific.md create mode 100644 copy-of-sdk-docs/docs/learn/intro/02-sdk-app-architecture.md create mode 100644 copy-of-sdk-docs/docs/learn/intro/03-sdk-design.md create mode 100644 copy-of-sdk-docs/docs/learn/intro/Maincomps.excalidraw create mode 100644 copy-of-sdk-docs/docs/learn/intro/_category_.json create mode 100644 copy-of-sdk-docs/docs/learn/intro/main-components.png create mode 100644 copy-of-sdk-docs/docs/learn/learn.md create mode 100644 copy-of-sdk-docs/docs/tutorials/_category_.json create mode 100644 copy-of-sdk-docs/docs/tutorials/transactions/00-building-a-transaction.md create mode 100644 copy-of-sdk-docs/docs/tutorials/transactions/_category_.json create mode 100644 copy-of-sdk-docs/docs/tutorials/tutorials.md create mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/_category_.json create mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/00-getting-started.md create mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/01-understanding-frontrunning.md create mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md create mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md.bak create mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md create mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md.bak create mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md create mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md.bak create mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/_category_.json create mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/00-getting-started.md create mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/01-what-is-an-oracle.md create mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/02-implementing-vote-extensions.md create mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/03-testing-oracle.md create mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/_category_.json create mode 100644 copy-of-sdk-docs/docs/user/run-node/00-keyring.md create mode 100644 copy-of-sdk-docs/docs/user/run-node/01-run-node.md create mode 100644 copy-of-sdk-docs/docs/user/run-node/02-interact-node.md create mode 100644 copy-of-sdk-docs/docs/user/run-node/03-txs.md create mode 100644 copy-of-sdk-docs/docs/user/run-node/04-rosetta.md create mode 100644 copy-of-sdk-docs/docs/user/run-node/05-run-testnet.md create mode 100644 copy-of-sdk-docs/docs/user/run-node/06-run-production.md create mode 100644 copy-of-sdk-docs/docs/user/run-node/_category_.json create mode 100644 copy-of-sdk-docs/docs/user/user.md diff --git a/copy-of-sdk-docs/docs/learn/advanced/00-baseapp.md b/copy-of-sdk-docs/docs/learn/advanced/00-baseapp.md new file mode 100644 index 00000000..b24a570d --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/advanced/00-baseapp.md @@ -0,0 +1,547 @@ +--- +sidebar_position: 1 +--- + +# BaseApp + +:::note Synopsis +This document describes `BaseApp`, the abstraction that implements the core functionalities of a Cosmos SDK application. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK application](../beginner/00-app-anatomy.md) +* [Lifecycle of a Cosmos SDK transaction](../beginner/01-tx-lifecycle.md) + +::: + +## Introduction + +`BaseApp` is a base type that implements the core of a Cosmos SDK application, namely: + +* The [Application Blockchain Interface](#main-abci-messages), for the state-machine to communicate with the underlying consensus engine (e.g. CometBFT). +* [Service Routers](#service-routers), to route messages and queries to the appropriate module. +* Different [states](#state-updates), as the state-machine can have different volatile states updated based on the ABCI message received. + +The goal of `BaseApp` is to provide the fundamental layer of a Cosmos SDK application +that developers can easily extend to build their own custom application. Usually, +developers will create a custom type for their application, like so: + +```go +type App struct { + // reference to a BaseApp + *baseapp.BaseApp + + // list of application store keys + + // list of application keepers + + // module manager +} +``` + +Extending the application with `BaseApp` gives the former access to all of `BaseApp`'s methods. +This allows developers to compose their custom application with the modules they want, while not +having to concern themselves with the hard work of implementing the ABCI, the service routers and state +management logic. + +## Type Definition + +The `BaseApp` type holds many important parameters for any Cosmos SDK based application. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/baseapp.go#L64-L201 +``` + +Let us go through the most important components. + +> **Note**: Not all parameters are described, only the most important ones. Refer to the +> type definition for the full list. + +First, the important parameters that are initialized during the bootstrapping of the application: + +* [`CommitMultiStore`](./04-store.md#commitmultistore): This is the main store of the application, + which holds the canonical state that is committed at the [end of each block](#commit). This store + is **not** cached, meaning it is not used to update the application's volatile (un-committed) states. + The `CommitMultiStore` is a multi-store, meaning a store of stores. Each module of the application + uses one or multiple `KVStores` in the multi-store to persist their subset of the state. +* Database: The `db` is used by the `CommitMultiStore` to handle data persistence. +* [`Msg` Service Router](#msg-service-router): The `msgServiceRouter` facilitates the routing of `sdk.Msg` requests to the appropriate + module `Msg` service for processing. Here a `sdk.Msg` refers to the transaction component that needs to be + processed by a service in order to update the application state, and not to ABCI message which implements + the interface between the application and the underlying consensus engine. +* [gRPC Query Router](#grpc-query-router): The `grpcQueryRouter` facilitates the routing of gRPC queries to the + appropriate module for it to be processed. These queries are not ABCI messages themselves, but they + are relayed to the relevant module's gRPC `Query` service. +* [`TxDecoder`](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/types#TxDecoder): It is used to decode + raw transaction bytes relayed by the underlying CometBFT engine. +* [`AnteHandler`](#antehandler): This handler is used to handle signature verification, fee payment, + and other pre-message execution checks when a transaction is received. It's executed during + [`CheckTx/RecheckTx`](#checktx) and [`FinalizeBlock`](#finalizeblock). +* [`InitChainer`](../beginner/00-app-anatomy.md#initchainer), [`PreBlocker`](../beginner/00-app-anatomy.md#preblocker), [`BeginBlocker` and `EndBlocker`](../beginner/00-app-anatomy.md#beginblocker-and-endblocker): These are + the functions executed when the application receives the `InitChain` and `FinalizeBlock` + ABCI messages from the underlying CometBFT engine. + +Then, parameters used to define [volatile states](#state-updates) (i.e. cached states): + +* `checkState`: This state is updated during [`CheckTx`](#checktx), and reset on [`Commit`](#commit). +* `finalizeBlockState`: This state is updated during [`FinalizeBlock`](#finalizeblock), and set to `nil` on + [`Commit`](#commit) and gets re-initialized on `FinalizeBlock`. +* `processProposalState`: This state is updated during [`ProcessProposal`](#process-proposal). +* `prepareProposalState`: This state is updated during [`PrepareProposal`](#prepare-proposal). + +Finally, a few more important parameters: + +* `voteInfos`: This parameter carries the list of validators whose precommit is missing, either + because they did not vote or because the proposer did not include their vote. This information is + carried by the [Context](./02-context.md) and can be used by the application for various things like + punishing absent validators. +* `minGasPrices`: This parameter defines the minimum gas prices accepted by the node. This is a + **local** parameter, meaning each full-node can set a different `minGasPrices`. It is used in the + `AnteHandler` during [`CheckTx`](#checktx), mainly as a spam protection mechanism. The transaction + enters the [mempool](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#mempool-methods) + only if the gas prices of the transaction are greater than one of the minimum gas price in + `minGasPrices` (e.g. if `minGasPrices == 1uatom,1photon`, the `gas-price` of the transaction must be + greater than `1uatom` OR `1photon`). +* `appVersion`: Version of the application. It is set in the + [application's constructor function](../beginner/00-app-anatomy.md#constructor-function). + +## Constructor + +```go +func NewBaseApp( + name string, logger log.Logger, db dbm.DB, txDecoder sdk.TxDecoder, options ...func(*BaseApp), +) *BaseApp { + + // ... +} +``` + +The `BaseApp` constructor function is pretty straightforward. The only thing worth noting is the +possibility to provide additional [`options`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/options.go) +to the `BaseApp`, which will execute them in order. The `options` are generally `setter` functions +for important parameters, like `SetPruning()` to set pruning options or `SetMinGasPrices()` to set +the node's `min-gas-prices`. + +Naturally, developers can add additional `options` based on their application's needs. + +## State Updates + +The `BaseApp` maintains four primary volatile states and a root or main state. The main state +is the canonical state of the application and the volatile states, `checkState`, `prepareProposalState`, `processProposalState` and `finalizeBlockState` +are used to handle state transitions in-between the main state made during [`Commit`](#commit). + +Internally, there is only a single `CommitMultiStore` which we refer to as the main or root state. +From this root state, we derive four volatile states by using a mechanism called _store branching_ (performed by `CacheWrap` function). +The types can be illustrated as follows: + +![Types](./baseapp_state.png) + +### InitChain State Updates + +During `InitChain`, the four volatile states, `checkState`, `prepareProposalState`, `processProposalState` +and `finalizeBlockState` are set by branching the root `CommitMultiStore`. Any subsequent reads and writes happen +on branched versions of the `CommitMultiStore`. +To avoid unnecessary roundtrip to the main state, all reads to the branched store are cached. + +![InitChain](./baseapp_state-initchain.png) + +### CheckTx State Updates + +During `CheckTx`, the `checkState`, which is based off of the last committed state from the root +store, is used for any reads and writes. Here we only execute the `AnteHandler` and verify a service router +exists for every message in the transaction. Note, when we execute the `AnteHandler`, we branch +the already branched `checkState`. +This has the side effect that if the `AnteHandler` fails, the state transitions won't be reflected in the `checkState` +-- i.e. `checkState` is only updated on success. + +![CheckTx](./baseapp_state-checktx.png) + +### PrepareProposal State Updates + +During `PrepareProposal`, the `prepareProposalState` is set by branching the root `CommitMultiStore`. +The `prepareProposalState` is used for any reads and writes that occur during the `PrepareProposal` phase. +The function uses the `Select()` method of the mempool to iterate over the transactions. `runTx` is then called, +which encodes and validates each transaction and from there the `AnteHandler` is executed. +If successful, valid transactions are returned inclusive of the events, tags, and data generated +during the execution of the proposal. +The described behavior is that of the default handler, applications have the flexibility to define their own +[custom mempool handlers](https://docs.cosmos.network/main/build/building-apps/app-mempool). + +![ProcessProposal](./baseapp_state-prepareproposal.png) + +### ProcessProposal State Updates + +During `ProcessProposal`, the `processProposalState` is set based off of the last committed state +from the root store and is used to process a signed proposal received from a validator. +In this state, `runTx` is called and the `AnteHandler` is executed and the context used in this state is built with information +from the header and the main state, including the minimum gas prices, which are also set. +Again we want to highlight that the described behavior is that of the default handler and applications have the flexibility to define their own +[custom mempool handlers](https://docs.cosmos.network/main/build/building-apps/app-mempool). + +![ProcessProposal](./baseapp_state-processproposal.png) + +### FinalizeBlock State Updates + +During `FinalizeBlock`, the `finalizeBlockState` is set for use during transaction execution and endblock. The +`finalizeBlockState` is based off of the last committed state from the root store and is branched. +Note, the `finalizeBlockState` is set to `nil` on [`Commit`](#commit). + +The state flow for transaction execution is nearly identical to `CheckTx` except state transitions occur on +the `finalizeBlockState` and messages in a transaction are executed. Similarly to `CheckTx`, state transitions +occur on a doubly branched state -- `finalizeBlockState`. Successful message execution results in +writes being committed to `finalizeBlockState`. Note, if message execution fails, state transitions from +the AnteHandler are persisted. + +### Commit State Updates + +During `Commit` all the state transitions that occurred in the `finalizeBlockState` are finally written to +the root `CommitMultiStore` which in turn is committed to disk and results in a new application +root hash. These state transitions are now considered final. Finally, the `checkState` is set to the +newly committed state and `finalizeBlockState` is set to `nil` to be reset on `FinalizeBlock`. + +![Commit](./baseapp_state-commit.png) + +## ParamStore + +During `InitChain`, the `RequestInitChain` provides `ConsensusParams` which contains parameters +related to block execution such as maximum gas and size in addition to evidence parameters. If these +parameters are non-nil, they are set in the BaseApp's `ParamStore`. Behind the scenes, the `ParamStore` +is managed by an `x/consensus_params` module. This allows the parameters to be tweaked via + on-chain governance. + +## Service Routers + +When messages and queries are received by the application, they must be routed to the appropriate module in order to be processed. Routing is done via `BaseApp`, which holds a `msgServiceRouter` for messages, and a `grpcQueryRouter` for queries. + +### `Msg` Service Router + +[`sdk.Msg`s](../../build/building-modules/02-messages-and-queries.md#messages) need to be routed after they are extracted from transactions, which are sent from the underlying CometBFT engine via the [`CheckTx`](#checktx) and [`FinalizeBlock`](#finalizeblock) ABCI messages. To do so, `BaseApp` holds a `msgServiceRouter` which maps fully-qualified service methods (`string`, defined in each module's Protobuf `Msg` service) to the appropriate module's `MsgServer` implementation. + +The [default `msgServiceRouter` included in `BaseApp`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/msg_service_router.go) is stateless. However, some applications may want to make use of more stateful routing mechanisms such as allowing governance to disable certain routes or point them to new modules for upgrade purposes. For this reason, the `sdk.Context` is also passed into each [route handler inside `msgServiceRouter`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/msg_service_router.go#L35-L36). For a stateless router that doesn't want to make use of this, you can just ignore the `ctx`. + +The application's `msgServiceRouter` is initialized with all the routes using the application's [module manager](../../build/building-modules/01-module-manager.md#manager) (via the `RegisterServices` method), which itself is initialized with all the application's modules in the application's [constructor](../beginner/00-app-anatomy.md#constructor-function). + +### gRPC Query Router + +Similar to `sdk.Msg`s, [`queries`](../../build/building-modules/02-messages-and-queries.md#queries) need to be routed to the appropriate module's [`Query` service](../../build/building-modules/04-query-services.md). To do so, `BaseApp` holds a `grpcQueryRouter`, which maps modules' fully-qualified service methods (`string`, defined in their Protobuf `Query` gRPC) to their `QueryServer` implementation. The `grpcQueryRouter` is called during the initial stages of query processing, which can be either by directly sending a gRPC query to the gRPC endpoint, or via the [`Query` ABCI message](#query) on the CometBFT RPC endpoint. + +Just like the `msgServiceRouter`, the `grpcQueryRouter` is initialized with all the query routes using the application's [module manager](../../build/building-modules/01-module-manager.md) (via the `RegisterServices` method), which itself is initialized with all the application's modules in the application's [constructor](../beginner/00-app-anatomy.md#app-constructor). + +## Main ABCI 2.0 Messages + +The [Application-Blockchain Interface](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md) (ABCI) is a generic interface that connects a state-machine with a consensus engine to form a functional full-node. It can be wrapped in any language, and needs to be implemented by each application-specific blockchain built on top of an ABCI-compatible consensus engine like CometBFT. + +The consensus engine handles two main tasks: + +* The networking logic, which mainly consists in gossiping block parts, transactions and consensus votes. +* The consensus logic, which results in the deterministic ordering of transactions in the form of blocks. + +It is **not** the role of the consensus engine to define the state or the validity of transactions. Generally, transactions are handled by the consensus engine in the form of `[]bytes`, and relayed to the application via the ABCI to be decoded and processed. At keys moments in the networking and consensus processes (e.g. beginning of a block, commit of a block, reception of an unconfirmed transaction, ...), the consensus engine emits ABCI messages for the state-machine to act on. + +Developers building on top of the Cosmos SDK need not implement the ABCI themselves, as `BaseApp` comes with a built-in implementation of the interface. Let us go through the main ABCI messages that `BaseApp` implements: + +* [`Prepare Proposal`](#prepare-proposal) +* [`Process Proposal`](#process-proposal) +* [`CheckTx`](#checktx) +* [`FinalizeBlock`](#finalizeblock) +* [`ExtendVote`](#extendvote) +* [`VerifyVoteExtension`](#verifyvoteextension) + + +### Prepare Proposal + +The `PrepareProposal` function is part of the new methods introduced in Application Blockchain Interface (ABCI++) in CometBFT and is an important part of the application's overall governance system. In the Cosmos SDK, it allows the application to have more fine-grained control over the transactions that are processed, and ensures that only valid transactions are committed to the blockchain. + +Here is how the `PrepareProposal` function can be implemented: + +1. Extract the `sdk.Msg`s from the transaction. +2. Perform _stateful_ checks by calling `Validate()` on each of the `sdk.Msg`'s. This is done after _stateless_ checks as _stateful_ checks are more computationally expensive. If `Validate()` fails, `PrepareProposal` returns before running further checks, which saves resources. +3. Perform any additional checks that are specific to the application, such as checking account balances, or ensuring that certain conditions are met before a transaction is proposed.hey are processed by the consensus engine, if necessary. +4. Return the updated transactions to be processed by the consensus engine + +Note that, unlike `CheckTx()`, `PrepareProposal` process `sdk.Msg`s, so it can directly update the state. However, unlike `FinalizeBlock()`, it does not commit the state updates. It's important to exercise caution when using `PrepareProposal` as incorrect coding could affect the overall liveness of the network. + +It's important to note that `PrepareProposal` complements the `ProcessProposal` method which is executed after this method. The combination of these two methods means that it is possible to guarantee that no invalid transactions are ever committed. Furthermore, such a setup can give rise to other interesting use cases such as Oracles, threshold decryption and more. + +`PrepareProposal` returns a response to the underlying consensus engine of type [`abci.CheckTxResponse`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#processproposal). The response contains: + +* `Code (uint32)`: Response Code. `0` if successful. +* `Data ([]byte)`: Result bytes, if any. +* `Log (string):` The output of the application's logger. May be non-deterministic. +* `Info (string):` Additional information. May be non-deterministic. + + +### Process Proposal + +The `ProcessProposal` function is called by the BaseApp as part of the ABCI message flow, and is executed during the `FinalizeBlock` phase of the consensus process. The purpose of this function is to give more control to the application for block validation, allowing it to check all transactions in a proposed block before the validator sends the prevote for the block. It allows a validator to perform application-dependent work in a proposed block, enabling features such as immediate block execution, and allows the Application to reject invalid blocks. + +The `ProcessProposal` function performs several key tasks, including: + +1. Validating the proposed block by checking all transactions in it. +2. Checking the proposed block against the current state of the application, to ensure that it is valid and that it can be executed. +3. Updating the application's state based on the proposal, if it is valid and passes all checks. +4. Returning a response to CometBFT indicating the result of the proposal processing. + +The `ProcessProposal` is an important part of the application's overall governance system. It is used to manage the network's parameters and other key aspects of its operation. It also ensures that the coherence property is adhered to i.e. all honest validators must accept a proposal by an honest proposer. + +It's important to note that `ProcessProposal` complements the `PrepareProposal` method which enables the application to have more fine-grained transaction control by allowing it to reorder, drop, delay, modify, and even add transactions as they see necessary. The combination of these two methods means that it is possible to guarantee that no invalid transactions are ever committed. Furthermore, such a setup can give rise to other interesting use cases such as Oracles, threshold decryption and more. + +CometBFT calls it when it receives a proposal and the CometBFT algorithm has not locked on a value. The Application cannot modify the proposal at this point but can reject it if it is invalid. If that is the case, CometBFT will prevote `nil` on the proposal, which has strong liveness implications for CometBFT. As a general rule, the Application SHOULD accept a prepared proposal passed via `ProcessProposal`, even if a part of the proposal is invalid (e.g., an invalid transaction); the Application can ignore the invalid part of the prepared proposal at block execution time. + +However, developers must exercise greater caution when using these methods. Incorrectly coding these methods could affect liveness as CometBFT is unable to receive 2/3 valid precommits to finalize a block. + +`ProcessProposal` returns a response to the underlying consensus engine of type [`abci.CheckTxResponse`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#processproposal). The response contains: + +* `Code (uint32)`: Response Code. `0` if successful. +* `Data ([]byte)`: Result bytes, if any. +* `Log (string):` The output of the application's logger. May be non-deterministic. +* `Info (string):` Additional information. May be non-deterministic. + + +### CheckTx + +`CheckTx` is sent by the underlying consensus engine when a new unconfirmed (i.e. not yet included in a valid block) +transaction is received by a full-node. The role of `CheckTx` is to guard the full-node's mempool +(where unconfirmed transactions are stored until they are included in a block) from spam transactions. +Unconfirmed transactions are relayed to peers only if they pass `CheckTx`. + +`CheckTx()` can perform both _stateful_ and _stateless_ checks, but developers should strive to +make the checks **lightweight** because gas fees are not charged for the resources (CPU, data load...) used during the `CheckTx`. + +In the Cosmos SDK, after [decoding transactions](./05-encoding.md), `CheckTx()` is implemented +to do the following checks: + +1. Extract the `sdk.Msg`s from the transaction. +2. **Optionally** perform _stateless_ checks by calling `ValidateBasic()` on each of the `sdk.Msg`s. This is done + first, as _stateless_ checks are less computationally expensive than _stateful_ checks. If + `ValidateBasic()` fail, `CheckTx` returns before running _stateful_ checks, which saves resources. + This check is still performed for messages that have not yet migrated to the new message validation mechanism defined in [RFC 001](https://docs.cosmos.network/main/rfc/rfc-001-tx-validation) and still have a `ValidateBasic()` method. +3. Perform non-module related _stateful_ checks on the [account](../beginner/03-accounts.md). This step is mainly about checking + that the `sdk.Msg` signatures are valid, that enough fees are provided and that the sending account + has enough funds to pay for said fees. Note that no precise [`gas`](../beginner/04-gas-fees.md) counting occurs here, + as `sdk.Msg`s are not processed. Usually, the [`AnteHandler`](../beginner/04-gas-fees.md#antehandler) will check that the `gas` provided + with the transaction is superior to a minimum reference gas amount based on the raw transaction size, + in order to avoid spam with transactions that provide 0 gas. + +`CheckTx` does **not** process `sdk.Msg`s - they only need to be processed when the canonical state needs to be updated, which happens during `FinalizeBlock`. + +Steps 2. and 3. are performed by the [`AnteHandler`](../beginner/04-gas-fees.md#antehandler) in the [`RunTx()`](#runtx-antehandler-and-runmsgs) +function, which `CheckTx()` calls with the `runTxModeCheck` mode. During each step of `CheckTx()`, a +special [volatile state](#state-updates) called `checkState` is updated. This state is used to keep +track of the temporary changes triggered by the `CheckTx()` calls of each transaction without modifying +the [main canonical state](#main-state). For example, when a transaction goes through `CheckTx()`, the +transaction's fees are deducted from the sender's account in `checkState`. If a second transaction is +received from the same account before the first is processed, and the account has consumed all its +funds in `checkState` during the first transaction, the second transaction will fail `CheckTx`() and +be rejected. In any case, the sender's account will not actually pay the fees until the transaction +is actually included in a block, because `checkState` never gets committed to the main state. The +`checkState` is reset to the latest state of the main state each time a blocks gets [committed](#commit). + +`CheckTx` returns a response to the underlying consensus engine of type [`abci.CheckTxResponse`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#checktx). +The response contains: + +* `Code (uint32)`: Response Code. `0` if successful. +* `Data ([]byte)`: Result bytes, if any. +* `Log (string):` The output of the application's logger. May be non-deterministic. +* `Info (string):` Additional information. May be non-deterministic. +* `GasWanted (int64)`: Amount of gas requested for transaction. It is provided by users when they generate the transaction. +* `GasUsed (int64)`: Amount of gas consumed by transaction. During `CheckTx`, this value is computed by multiplying the standard cost of a transaction byte by the size of the raw transaction. Next is an example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/ante/basic.go#L104 +``` + +* `Events ([]cmn.KVPair)`: Key-Value tags for filtering and indexing transactions (eg. by account). See [`event`s](./08-events.md) for more. +* `Codespace (string)`: Namespace for the Code. + +#### RecheckTx + +After `Commit`, `CheckTx` is run again on all transactions that remain in the node's local mempool +excluding the transactions that are included in the block. To prevent the mempool from rechecking all transactions +every time a block is committed, the configuration option `mempool.recheck=false` can be set. As of +Tendermint v0.32.1, an additional `Type` parameter is made available to the `CheckTx` function that +indicates whether an incoming transaction is new (`CheckTxType_New`), or a recheck (`CheckTxType_Recheck`). +This allows certain checks like signature verification can be skipped during `CheckTxType_Recheck`. + +## RunTx, AnteHandler, RunMsgs, PostHandler + +### RunTx + +`RunTx` is called from `CheckTx`/`Finalizeblock` to handle the transaction, with `execModeCheck` or `execModeFinalize` as parameter to differentiate between the two modes of execution. Note that when `RunTx` receives a transaction, it has already been decoded. + +The first thing `RunTx` does upon being called is to retrieve the `context`'s `CacheMultiStore` by calling the `getContextForTx()` function with the appropriate mode (either `runTxModeCheck` or `execModeFinalize`). This `CacheMultiStore` is a branch of the main store, with cache functionality (for query requests), instantiated during `FinalizeBlock` for transaction execution and during the `Commit` of the previous block for `CheckTx`. After that, two `defer func()` are called for [`gas`](../beginner/04-gas-fees.md) management. They are executed when `runTx` returns and make sure `gas` is actually consumed, and will throw errors, if any. + +After that, `RunTx()` calls `ValidateBasic()`, when available and for backward compatibility, on each `sdk.Msg`in the `Tx`, which runs preliminary _stateless_ validity checks. If any `sdk.Msg` fails to pass `ValidateBasic()`, `RunTx()` returns with an error. + +Then, the [`anteHandler`](#antehandler) of the application is run (if it exists). In preparation of this step, both the `checkState`/`finalizeBlockState`'s `context` and `context`'s `CacheMultiStore` are branched using the `cacheTxContext()` function. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/baseapp.go#L706-L722 +``` + +This allows `RunTx` not to commit the changes made to the state during the execution of `anteHandler` if it ends up failing. It also prevents the module implementing the `anteHandler` from writing to state, which is an important part of the [object-capabilities](./10-ocap.md) of the Cosmos SDK. + +Finally, the [`RunMsgs()`](#runmsgs) function is called to process the `sdk.Msg`s in the `Tx`. In preparation of this step, just like with the `anteHandler`, both the `checkState`/`finalizeBlockState`'s `context` and `context`'s `CacheMultiStore` are branched using the `cacheTxContext()` function. + +### AnteHandler + +The `AnteHandler` is a special handler that implements the `AnteHandler` interface and is used to authenticate the transaction before the transaction's internal messages are processed. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/handler.go#L3-L5 +``` + +The `AnteHandler` is theoretically optional, but still a very important component of public blockchain networks. It serves 3 primary purposes: + +* Be a primary line of defense against spam and second line of defense (the first one being the mempool) against transaction replay with fees deduction and [`sequence`](./01-transactions.md#transaction-generation) checking. +* Perform preliminary _stateful_ validity checks like ensuring signatures are valid or that the sender has enough funds to pay for fees. +* Play a role in the incentivization of stakeholders via the collection of transaction fees. + +`BaseApp` holds an `anteHandler` as parameter that is initialized in the [application's constructor](../beginner/00-app-anatomy.md#application-constructor). The most widely used `anteHandler` is the [`auth` module](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/ante/ante.go). + +Click [here](../beginner/04-gas-fees.md#antehandler) for more on the `anteHandler`. + +### RunMsgs + +`RunMsgs` is called from `RunTx` with `runTxModeCheck` as parameter to check the existence of a route for each message the transaction, and with `execModeFinalize` to actually process the `sdk.Msg`s. + +First, it retrieves the `sdk.Msg`'s fully-qualified type name, by checking the `type_url` of the Protobuf `Any` representing the `sdk.Msg`. Then, using the application's [`msgServiceRouter`](#msg-service-router), it checks for the existence of `Msg` service method related to that `type_url`. At this point, if `mode == runTxModeCheck`, `RunMsgs` returns. Otherwise, if `mode == execModeFinalize`, the [`Msg` service](../../build/building-modules/03-msg-services.md) RPC is executed, before `RunMsgs` returns. + +### PostHandler + +`PostHandler` is similar to `AnteHandler`, but it, as the name suggests, executes custom post tx processing logic after [`RunMsgs`](#runmsgs) is called. `PostHandler` receives the `Result` of the `RunMsgs` in order to enable this customizable behavior. + +Like `AnteHandler`s, `PostHandler`s are theoretically optional. + +Other use cases like unused gas refund can also be enabled by `PostHandler`s. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/posthandler/post.go#L1-L15 +``` + +Note, when `PostHandler`s fail, the state from `runMsgs` is also reverted, effectively making the transaction fail. + +## Other ABCI Messages + +### InitChain + +The [`InitChain` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#method-overview) is sent from the underlying CometBFT engine when the chain is first started. It is mainly used to **initialize** parameters and state like: + +* [Consensus Parameters](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_app_requirements.md#consensus-parameters) via `setConsensusParams`. +* [`checkState` and `finalizeBlockState`](#state-updates) via `setState`. +* The [block gas meter](../beginner/04-gas-fees.md#block-gas-meter), with infinite gas to process genesis transactions. + +Finally, the `InitChain(req abci.InitChainRequest)` method of `BaseApp` calls the [`initChainer()`](../beginner/00-app-anatomy.md#initchainer) of the application in order to initialize the main state of the application from the `genesis file` and, if defined, call the [`InitGenesis`](../../build/building-modules/08-genesis.md#initgenesis) function of each of the application's modules. + + +### FinalizeBlock + +The [`FinalizeBlock` ABCI message](https://github.com/cometbft/cometbft/blob/v0.38.x/spec/abci/abci++_basic_concepts.md#method-overview) is sent from the underlying CometBFT engine when a block proposal created by the correct proposer is received. The previous `BeginBlock, DeliverTx and Endblock` calls are private methods on the BaseApp struct. + + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/abci.go#L869 +``` + +#### PreBlock + +* Run the application's [`preBlocker()`](../beginner/00-app-anatomy.md#preblocker), which mainly runs the [`PreBlocker()`](../../build/building-modules/17-preblock.md#preblock) method of each of the modules. + +#### BeginBlock + +* Initialize [`finalizeBlockState`](#state-updates) with the latest header using the `req abci.FinalizeBlockRequest` passed as parameter via the `setState` function. + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/baseapp.go#L746-L770 + ``` + + This function also resets the [main gas meter](../beginner/04-gas-fees.md#main-gas-meter). + +* Initialize the [block gas meter](../beginner/04-gas-fees.md#block-gas-meter) with the `maxGas` limit. The `gas` consumed within the block cannot go above `maxGas`. This parameter is defined in the application's consensus parameters. +* Run the application's [`beginBlocker()`](../beginner/00-app-anatomy.md#beginblocker-and-endblocker), which mainly runs the [`BeginBlocker()`](../../build/building-modules/06-beginblock-endblock.md#beginblock) method of each of the modules. +* Set the [`VoteInfos`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#voteinfo) of the application, i.e. the list of validators whose _precommit_ for the previous block was included by the proposer of the current block. This information is carried into the [`Context`](./02-context.md) so that it can be used during transaction execution and EndBlock. + +#### Transaction Execution + +When the underlying consensus engine receives a block proposal, each transaction in the block needs to be processed by the application. To that end, the underlying consensus engine sends the transactions in FinalizeBlock message to the application for each transaction in a sequential order. + +Before the first transaction of a given block is processed, a [volatile state](#state-updates) called `finalizeBlockState` is initialized during FinalizeBlock. This state is updated each time a transaction is processed via `FinalizeBlock`, and committed to the [main state](#main-state) when the block is [committed](#commit), after what it is set to `nil`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/baseapp.go#L772-L807 +``` + +Transaction execution within `FinalizeBlock` performs the **exact same steps as `CheckTx`**, with a little caveat at step 3 and the addition of a fifth step: + +1. The `AnteHandler` does **not** check that the transaction's `gas-prices` is sufficient. That is because the `min-gas-prices` value `gas-prices` is checked against is local to the node, and therefore what is enough for one full-node might not be for another. This means that the proposer can potentially include transactions for free, although they are not incentivized to do so, as they earn a bonus on the total fee of the block they propose. +2. For each `sdk.Msg` in the transaction, route to the appropriate module's Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md). Additional _stateful_ checks are performed, and the branched multistore held in `finalizeBlockState`'s `context` is updated by the module's `keeper`. If the `Msg` service returns successfully, the branched multistore held in `context` is written to `finalizeBlockState` `CacheMultiStore`. + +During the additional fifth step outlined in (2), each read/write to the store increases the value of `GasConsumed`. You can find the default cost of each operation: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/gas.go#L230-L241 +``` + +At any point, if `GasConsumed > GasWanted`, the function returns with `Code != 0` and the execution fails. + +Each transactions returns a response to the underlying consensus engine of type [`abci.ExecTxResult`](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/spec/abci/abci%2B%2B_methods.md#exectxresult). The response contains: + +* `Code (uint32)`: Response Code. `0` if successful. +* `Data ([]byte)`: Result bytes, if any. +* `Log (string):` The output of the application's logger. May be non-deterministic. +* `Info (string):` Additional information. May be non-deterministic. +* `GasWanted (int64)`: Amount of gas requested for transaction. It is provided by users when they generate the transaction. +* `GasUsed (int64)`: Amount of gas consumed by transaction. During transaction execution, this value is computed by multiplying the standard cost of a transaction byte by the size of the raw transaction, and by adding gas each time a read/write to the store occurs. +* `Events ([]cmn.KVPair)`: Key-Value tags for filtering and indexing transactions (eg. by account). See [`event`s](./08-events.md) for more. +* `Codespace (string)`: Namespace for the Code. + +#### EndBlock + +EndBlock is run after transaction execution completes. It allows developers to have logic be executed at the end of each block. In the Cosmos SDK, the bulk EndBlock() method is to run the application's EndBlocker(), which mainly runs the EndBlocker() method of each of the application's modules. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/baseapp.go#L811-L833 +``` + +### Commit + +The [`Commit` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#method-overview) is sent from the underlying CometBFT engine after the full-node has received _precommits_ from 2/3+ of validators (weighted by voting power). On the `BaseApp` end, the `Commit(res abci.CommitResponse)` function is implemented to commit all the valid state transitions that occurred during `FinalizeBlock` and to reset state for the next block. + +To commit state-transitions, the `Commit` function calls the `Write()` function on `finalizeBlockState.ms`, where `finalizeBlockState.ms` is a branched multistore of the main store `app.cms`. Then, the `Commit` function sets `checkState` to the latest header (obtained from `finalizeBlockState.ctx.BlockHeader`) and `finalizeBlockState` to `nil`. + +Finally, `Commit` returns the hash of the commitment of `app.cms` back to the underlying consensus engine. This hash is used as a reference in the header of the next block. + +### Info + +The [`Info` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#info-methods) is a simple query from the underlying consensus engine, notably used to sync the latter with the application during a handshake that happens on startup. When called, the `Info(res abci.InfoResponse)` function from `BaseApp` will return the application's name, version and the hash of the last commit of `app.cms`. + +### Query + +The [`Query` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#info-methods) is used to serve queries received from the underlying consensus engine, including queries received via RPC like CometBFT RPC. It used to be the main entrypoint to build interfaces with the application, but with the introduction of [gRPC queries](../../build/building-modules/04-query-services.md) in Cosmos SDK v0.40, its usage is more limited. The application must respect a few rules when implementing the `Query` method, which are outlined [here](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_app_requirements.md#query). + +Each CometBFT `query` comes with a `path`, which is a `string` which denotes what to query. If the `path` matches a gRPC fully-qualified service method, then `BaseApp` will defer the query to the `grpcQueryRouter` and let it handle it like explained [above](#grpc-query-router). Otherwise, the `path` represents a query that is not (yet) handled by the gRPC router. `BaseApp` splits the `path` string with the `/` delimiter. By convention, the first element of the split string (`split[0]`) contains the category of `query` (`app`, `p2p`, `store` or `custom` ). The `BaseApp` implementation of the `Query(req abci.QueryRequest)` method is a simple dispatcher serving these 4 main categories of queries: + +* Application-related queries like querying the application's version, which are served via the `handleQueryApp` method. +* Direct queries to the multistore, which are served by the `handlerQueryStore` method. These direct queries are different from custom queries which go through `app.queryRouter`, and are mainly used by third-party service provider like block explorers. +* P2P queries, which are served via the `handleQueryP2P` method. These queries return either `app.addrPeerFilter` or `app.ipPeerFilter` that contain the list of peers filtered by address or IP respectively. These lists are first initialized via `options` in `BaseApp`'s [constructor](#constructor). + +### ExtendVote + +`ExtendVote` allows an application to extend a pre-commit vote with arbitrary data. This process does NOT have to be deterministic and the data returned can be unique to the validator process. + +In the Cosmos-SDK this is implemented as a NoOp: + +``` go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/abci_utils.go#L444-L450 +``` + +### VerifyVoteExtension + +`VerifyVoteExtension` allows an application to verify that the data returned by `ExtendVote` is valid. This process MUST be deterministic. Moreover, the value of ResponseVerifyVoteExtension.status MUST exclusively depend on the parameters passed in the call to RequestVerifyVoteExtension, and the last committed Application state. + +In the Cosmos-SDK this is implemented as a NoOp: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/abci_utils.go#L452-L458 +``` diff --git a/copy-of-sdk-docs/docs/learn/advanced/01-transactions.md b/copy-of-sdk-docs/docs/learn/advanced/01-transactions.md new file mode 100644 index 00000000..72575563 --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/advanced/01-transactions.md @@ -0,0 +1,229 @@ +--- +sidebar_position: 1 +--- + +# Transactions + +:::note Synopsis +`Transactions` are objects created by end-users to trigger state changes in the application. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK Application](../beginner/00-app-anatomy.md) + +::: + +## Transactions + +Transactions are comprised of metadata held in [contexts](./02-context.md) and [`sdk.Msg`s](../../build/building-modules/02-messages-and-queries.md) that trigger state changes within a module through the module's Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md). + +When users want to interact with an application and make state changes (e.g. sending coins), they create transactions. Each of a transaction's `sdk.Msg` must be signed using the private key associated with the appropriate account(s), before the transaction is broadcasted to the network. A transaction must then be included in a block, validated, and approved by the network through the consensus process. To read more about the lifecycle of a transaction, click [here](../beginner/01-tx-lifecycle.md). + +## Type Definition + +Transaction objects are Cosmos SDK types that implement the `Tx` interface + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/tx_msg.go#L53-L58 +``` + +It contains the following methods: + +* **GetMsgs:** unwraps the transaction and returns a list of contained `sdk.Msg`s - one transaction may have one or multiple messages, which are defined by module developers. + +As a developer, you should rarely manipulate `Tx` directly, as `Tx` is an intermediate type used for transaction generation. Instead, developers should prefer the `TxBuilder` interface, which you can learn more about [below](#transaction-generation). + +### Signing Transactions + +Every message in a transaction must be signed by the addresses specified by its `GetSigners`. The Cosmos SDK currently allows signing transactions in two different ways. + +#### `SIGN_MODE_DIRECT` (preferred) + +The most used implementation of the `Tx` interface is the Protobuf `Tx` message, which is used in `SIGN_MODE_DIRECT`: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/v1beta1/tx.proto#L15-L28 +``` + +Because Protobuf serialization is not deterministic, the Cosmos SDK uses an additional `TxRaw` type to denote the pinned bytes over which a transaction is signed. Any user can generate a valid `body` and `auth_info` for a transaction, and serialize these two messages using Protobuf. `TxRaw` then pins the user's exact binary representation of `body` and `auth_info`, called respectively `body_bytes` and `auth_info_bytes`. The document that is signed by all signers of the transaction is `SignDoc` (deterministically serialized using [ADR-027](../../build/architecture/adr-027-deterministic-protobuf-serialization.md)): + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/v1beta1/tx.proto#L50-L67 +``` + +Once signed by all signers, the `body_bytes`, `auth_info_bytes` and `signatures` are gathered into `TxRaw`, whose serialized bytes are broadcasted over the network. + +#### `SIGN_MODE_LEGACY_AMINO_JSON` + +The legacy implementation of the `Tx` interface is the `StdTx` struct from `x/auth`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/migrations/legacytx/stdtx.go#L82-L89 +``` + +The document signed by all signers is `StdSignDoc`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/migrations/legacytx/stdsign.go#L30-L43 +``` + +which is encoded into bytes using Amino JSON. Once all signatures are gathered into `StdTx`, `StdTx` is serialized using Amino JSON, and these bytes are broadcasted over the network. + +#### Other Sign Modes + +The Cosmos SDK also provides a couple of other sign modes for particular use cases. + +#### `SIGN_MODE_DIRECT_AUX` + +`SIGN_MODE_DIRECT_AUX` is a sign mode released in the Cosmos SDK v0.46 which targets transactions with multiple signers. Whereas `SIGN_MODE_DIRECT` expects each signer to sign over both `TxBody` and `AuthInfo` (which includes all other signers' signer infos, i.e. their account sequence, public key and mode info), `SIGN_MODE_DIRECT_AUX` allows N-1 signers to only sign over `TxBody` and _their own_ signer info. Moreover, each auxiliary signer (i.e. a signer using `SIGN_MODE_DIRECT_AUX`) doesn't +need to sign over the fees: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/v1beta1/tx.proto#L68-L93 +``` + +The use case is a multi-signer transaction, where one of the signers is appointed to gather all signatures, broadcast the signature and pay for fees, and the others only care about the transaction body. This generally allows for a better multi-signing UX. If Alice, Bob and Charlie are part of a 3-signer transaction, then Alice and Bob can both use `SIGN_MODE_DIRECT_AUX` to sign over the `TxBody` and their own signer info (no need an additional step to gather other signers' ones, like in `SIGN_MODE_DIRECT`), without specifying a fee in their SignDoc. Charlie can then gather both signatures from Alice and Bob, and +create the final transaction by appending a fee. Note that the fee payer of the transaction (in our case Charlie) must sign over the fees, so must use `SIGN_MODE_DIRECT` or `SIGN_MODE_LEGACY_AMINO_JSON`. + + +#### `SIGN_MODE_TEXTUAL` + +`SIGN_MODE_TEXTUAL` is a new sign mode for delivering a better signing experience on hardware wallets and it is included in the v0.50 release. In this mode, the signer signs over the human-readable string representation of the transaction (CBOR) and makes all data being displayed easier to read. The data is formatted as screens, and each screen is meant to be displayed in its entirety even on small devices like the Ledger Nano. + +There are also _expert_ screens, which will only be displayed if the user has chosen that option in its hardware device. These screens contain things like account number, account sequence and the sign data hash. + +Data is formatted using a set of `ValueRenderer` which the SDK provides defaults for all the known messages and value types. Chain developers can also opt to implement their own `ValueRenderer` for a type/message if they'd like to display information differently. + +If you wish to learn more, please refer to [ADR-050](../../build/architecture/adr-050-sign-mode-textual.md). + +#### Custom Sign modes + +There is an opportunity to add your own custom sign mode to the Cosmos-SDK. While we can not accept the implementation of the sign mode to the repository, we can accept a pull request to add the custom signmode to the SignMode enum located [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/signing/v1beta1/signing.proto#L17) + +## Transaction Process + +The process of an end-user sending a transaction is: + +* decide on the messages to put into the transaction, +* generate the transaction using the Cosmos SDK's `TxBuilder`, +* broadcast the transaction using one of the available interfaces. + +The next paragraphs will describe each of these components, in this order. + +### Messages + +:::tip +Module `sdk.Msg`s are not to be confused with [ABCI Messages](https://docs.cometbft.com/v0.37/spec/abci/) which define interactions between the CometBFT and application layers. +::: + +**Messages** (or `sdk.Msg`s) are module-specific objects that trigger state transitions within the scope of the module they belong to. Module developers define the messages for their module by adding methods to the Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md), and also implement the corresponding `MsgServer`. + +Each `sdk.Msg`s is related to exactly one Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md) RPC, defined inside each module's `tx.proto` file. A SDK app router automatically maps every `sdk.Msg` to a corresponding RPC. Protobuf generates a `MsgServer` interface for each module `Msg` service, and the module developer needs to implement this interface. +This design puts more responsibility on module developers, allowing application developers to reuse common functionalities without having to implement state transition logic repetitively. + +To learn more about Protobuf `Msg` services and how to implement `MsgServer`, click [here](../../build/building-modules/03-msg-services.md). + +While messages contain the information for state transition logic, a transaction's other metadata and relevant information are stored in the `TxBuilder` and `Context`. + +### Transaction Generation + +The `TxBuilder` interface contains data closely related with the generation of transactions, which an end-user can set to generate the desired transaction: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/tx_config.go#L39-L57 +``` + +* `Msg`s, the array of [messages](#messages) included in the transaction. +* `GasLimit`, option chosen by the users for how to calculate how much gas they will need to pay. +* `Memo`, a note or comment to send with the transaction. +* `FeeAmount`, the maximum amount the user is willing to pay in fees. +* `TimeoutHeight`, block height until which the transaction is valid. +* `Unordered`, an option indicating this transaction may be executed in any order (requires Sequence to be unset.) +* `TimeoutTimestamp`, the timeout timestamp (unordered nonce) of the transaction (required to be used with Unordered). +* `Signatures`, the array of signatures from all signers of the transaction. + +As there are currently two sign modes for signing transactions, there are also two implementations of `TxBuilder`: + +* [wrapper](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/tx/builder.go#L27-L44) for creating transactions for `SIGN_MODE_DIRECT`, +* [StdTxBuilder](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/migrations/legacytx/stdtx_builder.go#L14-L17) for `SIGN_MODE_LEGACY_AMINO_JSON`. + +However, the two implementations of `TxBuilder` should be hidden away from end-users, as they should prefer using the overarching `TxConfig` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/tx_config.go#L27-L37 +``` + +`TxConfig` is an app-wide configuration for managing transactions. Most importantly, it holds the information about whether to sign each transaction with `SIGN_MODE_DIRECT` or `SIGN_MODE_LEGACY_AMINO_JSON`. By calling `txBuilder := txConfig.NewTxBuilder()`, a new `TxBuilder` will be created with the appropriate sign mode. + +Once `TxBuilder` is correctly populated with the setters exposed above, `TxConfig` will also take care of correctly encoding the bytes (again, either using `SIGN_MODE_DIRECT` or `SIGN_MODE_LEGACY_AMINO_JSON`). Here's a pseudo-code snippet of how to generate and encode a transaction, using the `TxEncoder()` method: + +```go +txBuilder := txConfig.NewTxBuilder() +txBuilder.SetMsgs(...) // and other setters on txBuilder + +bz, err := txConfig.TxEncoder()(txBuilder.GetTx()) +// bz are bytes to be broadcasted over the network +``` + +### Broadcasting the Transaction + +Once the transaction bytes are generated, there are currently three ways of broadcasting it. + +#### CLI + +Application developers create entry points to the application by creating a [command-line interface](./07-cli.md), [gRPC and/or REST interface](./06-grpc_rest.md), typically found in the application's `./cmd` folder. These interfaces allow users to interact with the application through command-line. + +For the [command-line interface](../../build/building-modules/09-module-interfaces.md#cli), module developers create subcommands to add as children to the application top-level transaction command `TxCmd`. CLI commands actually bundle all the steps of transaction processing into one simple command: creating messages, generating transactions and broadcasting. For concrete examples, see the [Interacting with a Node](../../user/run-node/02-interact-node.md) section. An example transaction made using CLI looks like: + +```bash +simd tx send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake +``` + +#### gRPC + +[gRPC](https://grpc.io) is the main component for the Cosmos SDK's RPC layer. Its principal usage is in the context of modules' [`Query` services](../../build/building-modules/04-query-services.md). However, the Cosmos SDK also exposes a few other module-agnostic gRPC services, one of them being the `Tx` service: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/v1beta1/service.proto +``` + +The `Tx` service exposes a handful of utility functions, such as simulating a transaction or querying a transaction, and also one method to broadcast transactions. + +Examples of broadcasting and simulating a transaction are shown [here](../../user/run-node/03-txs.md#programmatically-with-go). + +#### REST + +Each gRPC method has its corresponding REST endpoint, generated using [gRPC-gateway](https://github.com/grpc-ecosystem/grpc-gateway). Therefore, instead of using gRPC, you can also use HTTP to broadcast the same transaction, on the `POST /cosmos/tx/v1beta1/txs` endpoint. + +An example can be seen [here](../../user/run-node/03-txs.md#using-rest) + +#### CometBFT RPC + +The three methods presented above are actually higher abstractions over the CometBFT RPC `/broadcast_tx_{async,sync,commit}` endpoints, documented [here](https://docs.cometbft.com/v0.37/core/rpc). This means that you can use the CometBFT RPC endpoints directly to broadcast the transaction, if you wish so. + +### Unordered Transactions + +:::tip + +Looking to enable unordered transactions on your chain? +Check out the [v0.53.0 Upgrade Guide](https://docs.cosmos.network/v0.53/build/migrations/upgrade-guide#enable-unordered-transactions-optional) + +::: + +:::warning + +Unordered transactions MUST leave sequence values unset. When a transaction is both unordered and contains a non-zero sequence value, +the transaction will be rejected. Services that operate on prior assumptions about transaction sequence values should be updated to handle unordered transactions. +Services should be aware that when the transaction is unordered, the transaction sequence will always be zero. + +::: + +Beginning with Cosmos SDK v0.53.0, chains may enable unordered transaction support. +Unordered transactions work by using a timestamp as the transaction's nonce value. The sequence value must NOT be set in the signature(s) of the transaction. +The timestamp must be greater than the current block time and not exceed the chain's configured max unordered timeout timestamp duration. +Senders must use a unique timestamp for each distinct transaction. The difference may be as small as a nanosecond, however. + +These unique timestamps serve as a one-shot nonce, and their lifespan in state is short-lived. +Upon transaction inclusion, an entry consisting of timeout timestamp and account address will be recorded to state. +Once the block time is passed the timeout timestamp value, the entry will be removed. This ensures that unordered nonces do not indefinitely fill up the chain's storage. diff --git a/copy-of-sdk-docs/docs/learn/advanced/02-context.md b/copy-of-sdk-docs/docs/learn/advanced/02-context.md new file mode 100644 index 00000000..578bb1f1 --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/advanced/02-context.md @@ -0,0 +1,103 @@ +--- +sidebar_position: 1 +--- + +# Context + +:::note Synopsis +The `context` is a data structure intended to be passed from function to function that carries information about the current state of the application. It provides access to a branched storage (a safe branch of the entire state) as well as useful objects and information like `gasMeter`, `block height`, `consensus parameters` and more. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK Application](../beginner/00-app-anatomy.md) +* [Lifecycle of a Transaction](../beginner/01-tx-lifecycle.md) + +::: + +## Context Definition + +The Cosmos SDK `Context` is a custom data structure that contains Go's stdlib [`context`](https://pkg.go.dev/context) as its base, and has many additional types within its definition that are specific to the Cosmos SDK. The `Context` is integral to transaction processing in that it allows modules to easily access their respective [store](./04-store.md#base-layer-kvstores) in the [`multistore`](./04-store.md#multistore) and retrieve transactional context such as the block header and gas meter. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/types/context.go#L40-L67 +``` + +* **Base Context:** The base type is a Go [Context](https://pkg.go.dev/context), which is explained further in the [Go Context Package](#go-context-package) section below. +* **Multistore:** Every application's `BaseApp` contains a [`CommitMultiStore`](./04-store.md#multistore) which is provided when a `Context` is created. Calling the `KVStore()` and `TransientStore()` methods allows modules to fetch their respective [`KVStore`](./04-store.md#base-layer-kvstores) using their unique `StoreKey`. +* **Header:** The [header](https://docs.cometbft.com/v0.37/spec/core/data_structures#header) is a Blockchain type. It carries important information about the state of the blockchain, such as block height and proposer of the current block. +* **Header Hash:** The current block header hash, obtained during `abci.FinalizeBlock`. +* **Chain ID:** The unique identification number of the blockchain a block pertains to. +* **Transaction Bytes:** The `[]byte` representation of a transaction being processed using the context. Every transaction is processed by various parts of the Cosmos SDK and consensus engine (e.g. CometBFT) throughout its [lifecycle](../beginner/01-tx-lifecycle.md), some of which do not have any understanding of transaction types. Thus, transactions are marshaled into the generic `[]byte` type using some kind of [encoding format](./05-encoding.md) such as [Amino](./05-encoding.md). +* **Logger:** A `logger` from the CometBFT libraries. Learn more about logs [here](https://docs.cometbft.com/v0.37/core/configuration). Modules call this method to create their own unique module-specific logger. +* **VoteInfo:** A list of the ABCI type [`VoteInfo`](https://docs.cometbft.com/main/spec/abci/abci++_methods.html#voteinfo), which includes the name of a validator and a boolean indicating whether they have signed the block. +* **Gas Meters:** Specifically, a [`gasMeter`](../beginner/04-gas-fees.md#main-gas-meter) for the transaction currently being processed using the context and a [`blockGasMeter`](../beginner/04-gas-fees.md#block-gas-meter) for the entire block it belongs to. Users specify how much in fees they wish to pay for the execution of their transaction; these gas meters keep track of how much [gas](../beginner/04-gas-fees.md) has been used in the transaction or block so far. If the gas meter runs out, execution halts. +* **CheckTx Mode:** A boolean value indicating whether a transaction should be processed in `CheckTx` or `DeliverTx` mode. +* **Min Gas Price:** The minimum [gas](../beginner/04-gas-fees.md) price a node is willing to take in order to include a transaction in its block. This price is a local value configured by each node individually, and should therefore **not be used in any functions used in sequences leading to state-transitions**. +* **Consensus Params:** The ABCI type [Consensus Parameters](https://docs.cometbft.com/v0.37/spec/abci/abci++_app_requirements#consensus-parameters), which specify certain limits for the blockchain, such as maximum gas for a block. +* **Event Manager:** The event manager allows any caller with access to a `Context` to emit [`Events`](./08-events.md). Modules may define module specific + `Events` by defining various `Types` and `Attributes` or use the common definitions found in `types/`. Clients can subscribe or query for these `Events`. These `Events` are collected throughout `FinalizeBlock` and are returned to CometBFT for indexing. +* **Priority:** The transaction priority, only relevant in `CheckTx`. +* **KV `GasConfig`:** Enables applications to set a custom `GasConfig` for the `KVStore`. +* **Transient KV `GasConfig`:** Enables applications to set a custom `GasConfig` for the transient `KVStore`. +* **StreamingManager:** The streamingManager field provides access to the streaming manager, which allows modules to subscribe to state changes emitted by the blockchain. The streaming manager is used by the state listening API, which is described in [ADR 038](https://docs.cosmos.network/main/architecture/adr-038-state-listening). +* **CometInfo:** A lightweight field that contains information about the current block, such as the block height, time, and hash. This information can be used for validating evidence, providing historical data, and enhancing the user experience. For further details see [here](https://github.com/cosmos/cosmos-sdk/blob/main/core/comet/service.go#L14). +* **HeaderInfo:** The `headerInfo` field contains information about the current block header, such as the chain ID, gas limit, and timestamp. For further details see [here](https://github.com/cosmos/cosmos-sdk/blob/main/core/header/service.go#L14). + +## Go Context Package + +A basic `Context` is defined in the [Golang Context Package](https://pkg.go.dev/context). A `Context` +is an immutable data structure that carries request-scoped data across APIs and processes. Contexts +are also designed to enable concurrency and to be used in goroutines. + +Contexts are intended to be **immutable**; they should never be edited. Instead, the convention is +to create a child context from its parent using a `With` function. For example: + +```go +childCtx = parentCtx.WithBlockHeader(header) +``` + +The [Golang Context Package](https://pkg.go.dev/context) documentation instructs developers to +explicitly pass a context `ctx` as the first argument of a process. + +## Store branching + +The `Context` contains a `MultiStore`, which allows for branching and caching functionality using `CacheMultiStore` +(queries in `CacheMultiStore` are cached to avoid future round trips). +Each `KVStore` is branched in a safe and isolated ephemeral storage. Processes are free to write changes to +the `CacheMultiStore`. If a state-transition sequence is performed without issue, the store branch can +be committed to the underlying store at the end of the sequence or disregard them if something +goes wrong. The pattern of usage for a Context is as follows: + +1. A process receives a Context `ctx` from its parent process, which provides information needed to + perform the process. +2. The `ctx.ms` is a **branched store**, i.e. a branch of the [multistore](./04-store.md#multistore) is made so that the process can make changes to the state as it executes, without changing the original `ctx.ms`. This is useful to protect the underlying multistore in case the changes need to be reverted at some point in the execution. +3. The process may read and write from `ctx` as it is executing. It may call a subprocess and pass + `ctx` to it as needed. +4. When a subprocess returns, it checks if the result is a success or failure. If a failure, nothing + needs to be done - the branch `ctx` is simply discarded. If successful, the changes made to + the `CacheMultiStore` can be committed to the original `ctx.ms` via `Write()`. + +For example, here is a snippet from the [`runTx`](./00-baseapp.md#runtx-antehandler-runmsgs-posthandler) function in [`baseapp`](./00-baseapp.md): + +```go +runMsgCtx, msCache := app.cacheTxContext(ctx, txBytes) +result = app.runMsgs(runMsgCtx, msgs, mode) +result.GasWanted = gasWanted +if mode != runTxModeDeliver { + return result +} +if result.IsOK() { + msCache.Write() +} +``` + +Here is the process: + +1. Prior to calling `runMsgs` on the message(s) in the transaction, it uses `app.cacheTxContext()` + to branch and cache the context and multistore. +2. `runMsgCtx` - the context with branched store, is used in `runMsgs` to return a result. +3. If the process is running in [`checkTxMode`](./00-baseapp.md#checktx), there is no need to write the + changes - the result is returned immediately. +4. If the process is running in [`deliverTxMode`](./00-baseapp.md#delivertx) and the result indicates + a successful run over all the messages, the branched multistore is written back to the original. diff --git a/copy-of-sdk-docs/docs/learn/advanced/03-node.md b/copy-of-sdk-docs/docs/learn/advanced/03-node.md new file mode 100644 index 00000000..375dedb0 --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/advanced/03-node.md @@ -0,0 +1,96 @@ +--- +sidebar_position: 1 +--- + +# Node Client (Daemon) + +:::note Synopsis +The main endpoint of a Cosmos SDK application is the daemon client, otherwise known as the full-node client. The full-node runs the state-machine, starting from a genesis file. It connects to peers running the same client in order to receive and relay transactions, block proposals and signatures. The full-node is constituted of the application, defined with the Cosmos SDK, and of a consensus engine connected to the application via the ABCI. +::: + +:::note Pre-requisite Readings + +* [Anatomy of an SDK application](../beginner/00-app-anatomy.md) + +::: + +## `main` function + +The full-node client of any Cosmos SDK application is built by running a `main` function. The client is generally named by appending the `-d` suffix to the application name (e.g. `appd` for an application named `app`), and the `main` function is defined in a `./appd/cmd/main.go` file. Running this function creates an executable `appd` that comes with a set of commands. For an app named `app`, the main command is [`appd start`](#start-command), which starts the full-node. + +In general, developers will implement the `main.go` function with the following structure: + +* First, an [`encodingCodec`](./05-encoding.md) is instantiated for the application. +* Then, the `config` is retrieved and config parameters are set. This mainly involves setting the Bech32 prefixes for [addresses](../beginner/03-accounts.md#addresses). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/config.go#L14-L29 +``` + +* Using [cobra](https://github.com/spf13/cobra), the root command of the full-node client is created. After that, all the custom commands of the application are added using the `AddCommand()` method of `rootCmd`. +* Add default server commands to `rootCmd` using the `server.AddCommands()` method. These commands are separated from the ones added above since they are standard and defined at Cosmos SDK level. They should be shared by all Cosmos SDK-based applications. They include the most important command: the [`start` command](#start-command). +* Prepare and execute the `executor`. + +```go reference +https://github.com/cometbft/cometbft/blob/v0.37.0/libs/cli/setup.go#L74-L78 +``` + +See an example of `main` function from the `simapp` application, the Cosmos SDK's application for demo purposes: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/main.go +``` + +## `start` command + +The `start` command is defined in the `/server` folder of the Cosmos SDK. It is added to the root command of the full-node client in the [`main` function](#main-function) and called by the end-user to start their node: + +```bash +# For an example app named "app", the following command starts the full-node. +appd start + +# Using the Cosmos SDK's own simapp, the following commands start the simapp node. +simd start +``` + +As a reminder, the full-node is composed of three conceptual layers: the networking layer, the consensus layer and the application layer. The first two are generally bundled together in an entity called the consensus engine (CometBFT by default), while the third is the state-machine defined with the help of the Cosmos SDK. Currently, the Cosmos SDK uses CometBFT as the default consensus engine, meaning the start command is implemented to boot up a CometBFT node. + +The flow of the `start` command is pretty straightforward. First, it retrieves the `config` from the `context` in order to open the `db` (a [`leveldb`](https://github.com/syndtr/goleveldb) instance by default). This `db` contains the latest known state of the application (empty if the application is started from the first time. + +With the `db`, the `start` command creates a new instance of the application using an `appCreator` function: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server/start.go#L1007 +``` + +Note that an `appCreator` is a function that fulfills the `AppCreator` signature: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server/types/app.go#L69 +``` + +In practice, the [constructor of the application](../beginner/00-app-anatomy.md#constructor-function) is passed as the `appCreator`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L294-L308 +``` + +Then, the instance of `app` is used to instantiate a new CometBFT node: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server/start.go#L361-L400 +``` + +The CometBFT node can be created with `app` because the latter satisfies the [`abci.Application` interface](https://github.com/cometbft/cometbft/blob/v0.37.0/abci/types/application.go#L9-L35) (given that `app` extends [`baseapp`](./00-baseapp.md)). As part of the `node.New` method, CometBFT makes sure that the height of the application (i.e. number of blocks since genesis) is equal to the height of the CometBFT node. The difference between these two heights should always be negative or null. If it is strictly negative, `node.New` will replay blocks until the height of the application reaches the height of the CometBFT node. Finally, if the height of the application is `0`, the CometBFT node will call [`InitChain`](./00-baseapp.md#initchain) on the application to initialize the state from the genesis file. + +Once the CometBFT node is instantiated and in sync with the application, the node can be started: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server/start.go#L373-L374 +``` + +Upon starting, the node will bootstrap its RPC and P2P server and start dialing peers. During handshake with its peers, if the node realizes they are ahead, it will query all the blocks sequentially in order to catch up. Then, it will wait for new block proposals and block signatures from validators in order to make progress. + +## Other commands + +To discover how to concretely run a node and interact with it, please refer to our [Running a Node, API and CLI](../../user/run-node/01-run-node.md) guide. diff --git a/copy-of-sdk-docs/docs/learn/advanced/04-store.md b/copy-of-sdk-docs/docs/learn/advanced/04-store.md new file mode 100644 index 00000000..860bb3d0 --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/advanced/04-store.md @@ -0,0 +1,288 @@ +--- +sidebar_position: 1 +--- + +# Store + +:::note Synopsis +A store is a data structure that holds the state of the application. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK application](../beginner/00-app-anatomy.md) + +::: + +## Introduction to Cosmos SDK Stores + +The Cosmos SDK comes with a large set of stores to persist the state of applications. By default, the main store of Cosmos SDK applications is a `multistore`, i.e. a store of stores. Developers can add any number of key-value stores to the multistore, depending on their application needs. The multistore exists to support the modularity of the Cosmos SDK, as it lets each module declare and manage their own subset of the state. Key-value stores in the multistore can only be accessed with a specific capability `key`, which is typically held in the [`keeper`](../../build/building-modules/06-keeper.md) of the module that declared the store. + +```text ++-----------------------------------------------------+ +| | +| +--------------------------------------------+ | +| | | | +| | KVStore 1 - Manage by keeper of Module 1 | +| | | | +| +--------------------------------------------+ | +| | +| +--------------------------------------------+ | +| | | | +| | KVStore 2 - Manage by keeper of Module 2 | | +| | | | +| +--------------------------------------------+ | +| | +| +--------------------------------------------+ | +| | | | +| | KVStore 3 - Manage by keeper of Module 2 | | +| | | | +| +--------------------------------------------+ | +| | +| +--------------------------------------------+ | +| | | | +| | KVStore 4 - Manage by keeper of Module 3 | | +| | | | +| +--------------------------------------------+ | +| | +| +--------------------------------------------+ | +| | | | +| | KVStore 5 - Manage by keeper of Module 4 | | +| | | | +| +--------------------------------------------+ | +| | +| Main Multistore | +| | ++-----------------------------------------------------+ + + Application's State +``` + +### Store Interface + +At its very core, a Cosmos SDK `store` is an object that holds a `CacheWrapper` and has a `GetStoreType()` method: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L17-L20 +``` + +The `GetStoreType` is a simple method that returns the type of store, whereas a `CacheWrapper` is a simple interface that implements store read caching and write branching through `Write` method: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L285-L317 +``` + +Branching and cache is used ubiquitously in the Cosmos SDK and required to be implemented on every store type. A storage branch creates an isolated, ephemeral branch of a store that can be passed around and updated without affecting the main underlying store. This is used to trigger temporary state-transitions that may be reverted later should an error occur. Read more about it in [context](./02-context.md#Store-branching) + +### Commit Store + +A commit store is a store that has the ability to commit changes made to the underlying tree or db. The Cosmos SDK differentiates simple stores from commit stores by extending the basic store interfaces with a `Committer`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L34-L38 +``` + +The `Committer` is an interface that defines methods to persist changes to disk: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L22-L32 +``` + +The `CommitID` is a deterministic commit of the state tree. Its hash is returned to the underlying consensus engine and stored in the block header. Note that commit store interfaces exist for various purposes, one of which is to make sure not every object can commit the store. As part of the [object-capabilities model](./10-ocap.md) of the Cosmos SDK, only `baseapp` should have the ability to commit stores. For example, this is the reason why the `ctx.KVStore()` method by which modules typically access stores returns a `KVStore` and not a `CommitKVStore`. + +The Cosmos SDK comes with many types of stores, the most used being [`CommitMultiStore`](#multistore), [`KVStore`](#kvstore) and [`GasKv` store](#gaskv-store). [Other types of stores](#other-stores) include `Transient` and `TraceKV` stores. + +## Multistore + +### Multistore Interface + +Each Cosmos SDK application holds a multistore at its root to persist its state. The multistore is a store of `KVStores` that follows the `Multistore` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L115-L147 +``` + +If tracing is enabled, then branching the multistore will firstly wrap all the underlying `KVStore` in [`TraceKv.Store`](#tracekv-store). + +### CommitMultiStore + +The main type of `Multistore` used in the Cosmos SDK is `CommitMultiStore`, which is an extension of the `Multistore` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L155-L225 +``` + +As for concrete implementation, the [`rootMulti.Store`] is the go-to implementation of the `CommitMultiStore` interface. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/rootmulti/store.go#L56-L82 +``` + +The `rootMulti.Store` is a base-layer multistore built around a `db` on top of which multiple `KVStores` can be mounted, and is the default multistore store used in [`baseapp`](./00-baseapp.md). + +### CacheMultiStore + +Whenever the `rootMulti.Store` needs to be branched, a [`cachemulti.Store`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/cachemulti/store.go) is used. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/cachemulti/store.go#L20-L34 +``` + +`cachemulti.Store` branches all substores (creates a virtual store for each substore) in its constructor and hold them in `Store.stores`. Moreover caches all read queries. `Store.GetKVStore()` returns the store from `Store.stores`, and `Store.Write()` recursively calls `CacheWrap.Write()` on all the substores. + +## Base-layer KVStores + +### `KVStore` and `CommitKVStore` Interfaces + +A `KVStore` is a simple key-value store used to store and retrieve data. A `CommitKVStore` is a `KVStore` that also implements a `Committer`. By default, stores mounted in `baseapp`'s main `CommitMultiStore` are `CommitKVStore`s. The `KVStore` interface is primarily used to restrict modules from accessing the committer. + +Individual `KVStore`s are used by modules to manage a subset of the global state. `KVStores` can be accessed by objects that hold a specific key. This `key` should only be exposed to the [`keeper`](../../build/building-modules/06-keeper.md) of the module that defines the store. + +`CommitKVStore`s are declared by proxy of their respective `key` and mounted on the application's [multistore](#multistore) in the [main application file](../beginner/00-app-anatomy.md#core-application-file). In the same file, the `key` is also passed to the module's `keeper` that is responsible for managing the store. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L227-L264 +``` + +Apart from the traditional `Get` and `Set` methods, that a `KVStore` must implement via the `BasicKVStore` interface; a `KVStore` must provide an `Iterator(start, end)` method which returns an `Iterator` object. It is used to iterate over a range of keys, typically keys that share a common prefix. Below is an example from the bank's module keeper, used to iterate over all account balances: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/bank/keeper/view.go#L121-L137 +``` + +### `IAVL` Store + +The default implementation of `KVStore` and `CommitKVStore` used in `baseapp` is the `iavl.Store`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/iavl/store.go#L36-L41 +``` + +`iavl` stores are based around an [IAVL Tree](https://github.com/cosmos/iavl), a self-balancing binary tree which guarantees that: + +* `Get` and `Set` operations are O(log n), where n is the number of elements in the tree. +* Iteration efficiently returns the sorted elements within the range. +* Each tree version is immutable and can be retrieved even after a commit (depending on the pruning settings). + +The documentation on the IAVL Tree is located [here](https://github.com/cosmos/iavl/blob/master/docs/overview.md). + +### `DbAdapter` Store + +`dbadapter.Store` is an adapter for `dbm.DB` making it fulfilling the `KVStore` interface. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/dbadapter/store.go#L13-L16 +``` + +`dbadapter.Store` embeds `dbm.DB`, meaning most of the `KVStore` interface functions are implemented. The other functions (mostly miscellaneous) are manually implemented. This store is primarily used within [Transient Stores](#transient-store) + +### `Transient` Store + +`Transient.Store` is a base-layer `KVStore` which is automatically discarded at the end of the block. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/transient/store.go#L16-L19 +``` + +`Transient.Store` is a `dbadapter.Store` with a `dbm.NewMemDB()`. All `KVStore` methods are reused. When `Store.Commit()` is called, a new `dbadapter.Store` is assigned, discarding previous reference and making it garbage collected. + +This type of store is useful to persist information that is only relevant per-block. One example would be to store parameter changes (i.e. a bool set to `true` if a parameter changed in a block). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/params/types/subspace.go#L22-L32 +``` + +Transient stores are typically accessed via the [`context`](./02-context.md) via the `TransientStore()` method: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/context.go#L347-L350 +``` + +## KVStore Wrappers + +### CacheKVStore + +`cachekv.Store` is a wrapper `KVStore` which provides buffered writing / cached reading functionalities over the underlying `KVStore`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/cachekv/store.go#L26-L36 +``` + +This is the type used whenever an IAVL Store needs to be branched to create an isolated store (typically when we need to mutate a state that might be reverted later). + +#### `Get` + +`Store.Get()` firstly checks if `Store.cache` has an associated value with the key. If the value exists, the function returns it. If not, the function calls `Store.parent.Get()`, caches the result in `Store.cache`, and returns it. + +#### `Set` + +`Store.Set()` sets the key-value pair to the `Store.cache`. `cValue` has the field dirty bool which indicates whether the cached value is different from the underlying value. When `Store.Set()` caches a new pair, the `cValue.dirty` is set `true` so when `Store.Write()` is called it can be written to the underlying store. + +#### `Iterator` + +`Store.Iterator()` has to traverse on both cached items and the original items. In `Store.iterator()`, two iterators are generated for each of them, and merged. `memIterator` is essentially a slice of the `KVPairs`, used for cached items. `mergeIterator` is a combination of two iterators, where traverse happens ordered on both iterators. + +### `GasKv` Store + +Cosmos SDK applications use [`gas`](../beginner/04-gas-fees.md) to track resources usage and prevent spam. [`GasKv.Store`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/gaskv/store.go) is a `KVStore` wrapper that enables automatic gas consumption each time a read or write to the store is made. It is the solution of choice to track storage usage in Cosmos SDK applications. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/gaskv/store.go#L11-L17 +``` + +When methods of the parent `KVStore` are called, `GasKv.Store` automatically consumes appropriate amount of gas depending on the `Store.gasConfig`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/gas.go#L219-L228 +``` + +By default, all `KVStores` are wrapped in `GasKv.Stores` when retrieved. This is done in the `KVStore()` method of the [`context`](./02-context.md): + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/context.go#L342-L345 +``` + +In this case, the gas configuration set in the `context` is used. The gas configuration can be set using the `WithKVGasConfig` method of the `context`. +Otherwise it uses the following default: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/gas.go#L230-L241 +``` + +### `TraceKv` Store + +`tracekv.Store` is a wrapper `KVStore` which provides operation tracing functionalities over the underlying `KVStore`. It is applied automatically by the Cosmos SDK on all `KVStore` if tracing is enabled on the parent `MultiStore`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/tracekv/store.go#L20-L43 +``` + +When each `KVStore` methods are called, `tracekv.Store` automatically logs `traceOperation` to the `Store.writer`. `traceOperation.Metadata` is filled with `Store.context` when it is not nil. `TraceContext` is a `map[string]interface{}`. + +### `Prefix` Store + +`prefix.Store` is a wrapper `KVStore` which provides automatic key-prefixing functionalities over the underlying `KVStore`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/prefix/store.go#L15-L21 +``` + +When `Store.{Get, Set}()` is called, the store forwards the call to its parent, with the key prefixed with the `Store.prefix`. + +When `Store.Iterator()` is called, it does not simply prefix the `Store.prefix`, since it does not work as intended. In that case, some of the elements are traversed even if they are not starting with the prefix. + +### `ListenKv` Store + +`listenkv.Store` is a wrapper `KVStore` which provides state listening capabilities over the underlying `KVStore`. +It is applied automatically by the Cosmos SDK on any `KVStore` whose `StoreKey` is specified during state streaming configuration. +Additional information about state streaming configuration can be found in the [store/streaming/README.md](https://github.com/cosmos/cosmos-sdk/tree/v0.53.0/store/streaming). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/listenkv/store.go#L11-L18 +``` + +When `KVStore.Set` or `KVStore.Delete` methods are called, `listenkv.Store` automatically writes the operations to the set of `Store.listeners`. + +## `BasicKVStore` interface + +An interface providing only the basic CRUD functionality (`Get`, `Set`, `Has`, and `Delete` methods), without iteration or caching. This is used to partially expose components of a larger store. diff --git a/copy-of-sdk-docs/docs/learn/advanced/05-encoding.md b/copy-of-sdk-docs/docs/learn/advanced/05-encoding.md new file mode 100644 index 00000000..3c730741 --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/advanced/05-encoding.md @@ -0,0 +1,285 @@ +--- +sidebar_position: 1 +--- + +# Encoding + +:::note Synopsis +While encoding in the Cosmos SDK used to be mainly handled by `go-amino` codec, the Cosmos SDK is moving towards using `gogoprotobuf` for both state and client-side encoding. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK application](../beginner/00-app-anatomy.md) + +::: + +## Encoding + +The Cosmos SDK utilizes two binary wire encoding protocols, [Amino](https://github.com/tendermint/go-amino/) which is an object encoding specification and [Protocol Buffers](https://developers.google.com/protocol-buffers), a subset of Proto3 with an extension for +interface support. See the [Proto3 spec](https://developers.google.com/protocol-buffers/docs/proto3) +for more information on Proto3, which Amino is largely compatible with (but not with Proto2). + +Due to Amino having significant performance drawbacks, being reflection-based, and +not having any meaningful cross-language/client support, Protocol Buffers, specifically +[gogoprotobuf](https://github.com/cosmos/gogoproto/), is being used in place of Amino. +Note, this process of using Protocol Buffers over Amino is still an ongoing process. + +Binary wire encoding of types in the Cosmos SDK can be broken down into two main +categories, client encoding and store encoding. Client encoding mainly revolves +around transaction processing and signing, whereas store encoding revolves around +types used in state-machine transitions and what is ultimately stored in the Merkle +tree. + +For store encoding, protobuf definitions can exist for any type and will typically +have an Amino-based "intermediary" type. Specifically, the protobuf-based type +definition is used for serialization and persistence, whereas the Amino-based type +is used for business logic in the state-machine where they may convert back-n-forth. +Note, the Amino-based types may slowly be phased-out in the future, so developers +should take note to use the protobuf message definitions where possible. + +In the `codec` package, there exists two core interfaces, `BinaryCodec` and `JSONCodec`, +where the former encapsulates the current Amino interface except it operates on +types implementing the latter instead of generic `interface{}` types. + +The `ProtoCodec`, where both binary and JSON serialization is handled +via Protobuf. This means that modules may use Protobuf encoding, but the types must +implement `ProtoMarshaler`. If modules wish to avoid implementing this interface +for their types, this is autogenerated via [buf](https://buf.build/) + +If modules use [Collections](../../build/packages/02-collections.md), encoding and decoding are handled, marshal and unmarshal should not be handled manually unless for specific cases identified by the developer. + +### Gogoproto + +Modules are encouraged to utilize Protobuf encoding for their respective types. In the Cosmos SDK, we use the [Gogoproto](https://github.com/cosmos/gogoproto) specific implementation of the Protobuf spec that offers speed and DX improvements compared to the official [Google protobuf implementation](https://github.com/protocolbuffers/protobuf). + +### Guidelines for protobuf message definitions + +In addition to [following official Protocol Buffer guidelines](https://developers.google.com/protocol-buffers/docs/proto3#simple), we recommend using these annotations in .proto files when dealing with interfaces: + +* use `cosmos_proto.accepts_interface` to annotate `Any` fields that accept interfaces + * pass the same fully qualified name as `protoName` to `InterfaceRegistry.RegisterInterface` + * example: `(cosmos_proto.accepts_interface) = "cosmos.gov.v1beta1.Content"` (and not just `Content`) +* annotate interface implementations with `cosmos_proto.implements_interface` + * pass the same fully qualified name as `protoName` to `InterfaceRegistry.RegisterInterface` + * example: `(cosmos_proto.implements_interface) = "cosmos.authz.v1beta1.Authorization"` (and not just `Authorization`) + +Code generators can then match the `accepts_interface` and `implements_interface` annotations to know whether some Protobuf messages are allowed to be packed in a given `Any` field or not. + +### Transaction Encoding + +Another important use of Protobuf is the encoding and decoding of +[transactions](./01-transactions.md). Transactions are defined by the application or +the Cosmos SDK but are then passed to the underlying consensus engine to be relayed to +other peers. Since the underlying consensus engine is agnostic to the application, +the consensus engine accepts only transactions in the form of raw bytes. + +* The `TxEncoder` object performs the encoding. +* The `TxDecoder` object performs the decoding. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/types/tx_msg.go#L109-L113 +``` + +A standard implementation of both these objects can be found in the [`auth/tx` module](../../build/modules/auth/2-tx.md): + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/auth/tx/decoder.go +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/auth/tx/encoder.go +``` + +See [ADR-020](https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/docs/architecture/adr-020-protobuf-transaction-encoding.md) for details of how a transaction is encoded. + +### Interface Encoding and Usage of `Any` + +The Protobuf DSL is strongly typed, which can make inserting variable-typed fields difficult. Imagine we want to create a `Profile` protobuf message that serves as a wrapper over [an account](../beginner/03-accounts.md): + +```protobuf +message Profile { + // account is the account associated to a profile. + cosmos.auth.v1beta1.BaseAccount account = 1; + // bio is a short description of the account. + string bio = 4; +} +``` + +In this `Profile` example, we hardcoded `account` as a `BaseAccount`. However, there are several other types of [user accounts related to vesting](../../build/modules/auth/1-vesting.md), such as `BaseVestingAccount` or `ContinuousVestingAccount`. All of these accounts are different, but they all implement the `AccountI` interface. How would you create a `Profile` that allows all these types of accounts with an `account` field that accepts an `AccountI` interface? + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/types/account.go#L15-L32 +``` + +In [ADR-019](https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/docs/architecture/adr-019-protobuf-state-encoding.md), it has been decided to use [`Any`](https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/any.proto)s to encode interfaces in protobuf. An `Any` contains an arbitrary serialized message as bytes, along with a URL that acts as a globally unique identifier for and resolves to that message's type. This strategy allows us to pack arbitrary Go types inside protobuf messages. Our new `Profile` then looks like: + +```protobuf +message Profile { + // account is the account associated to a profile. + google.protobuf.Any account = 1 [ + (cosmos_proto.accepts_interface) = "cosmos.auth.v1beta1.AccountI"; // Asserts that this field only accepts Go types implementing `AccountI`. It is purely informational for now. + ]; + // bio is a short description of the account. + string bio = 4; +} +``` + +To add an account inside a profile, we need to "pack" it inside an `Any` first, using `codectypes.NewAnyWithValue`: + +```go +var myAccount AccountI +myAccount = ... // Can be a BaseAccount, a ContinuousVestingAccount or any struct implementing `AccountI` + +// Pack the account into an Any +accAny, err := codectypes.NewAnyWithValue(myAccount) +if err != nil { + return nil, err +} + +// Create a new Profile with the any. +profile := Profile { + Account: accAny, + Bio: "some bio", +} + +// We can then marshal the profile as usual. +bz, err := cdc.Marshal(profile) +jsonBz, err := cdc.MarshalJSON(profile) +``` + +To summarize, to encode an interface, you must 1/ pack the interface into an `Any` and 2/ marshal the `Any`. For convenience, the Cosmos SDK provides a `MarshalInterface` method to bundle these two steps. Have a look at [a real-life example in the x/auth module](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/auth/keeper/keeper.go#L239-L242). + +The reverse operation of retrieving the concrete Go type from inside an `Any`, called "unpacking", is done with the `GetCachedValue()` on `Any`. + +```go +profileBz := ... // The proto-encoded bytes of a Profile, e.g. retrieved through gRPC. +var myProfile Profile +// Unmarshal the bytes into the myProfile struct. +err := cdc.Unmarshal(profilebz, &myProfile) + +// Let's see the types of the Account field. +fmt.Printf("%T\n", myProfile.Account) // Prints "Any" +fmt.Printf("%T\n", myProfile.Account.GetCachedValue()) // Prints "BaseAccount", "ContinuousVestingAccount" or whatever was initially packed in the Any. + +// Get the address of the account. +accAddr := myProfile.Account.GetCachedValue().(AccountI).GetAddress() +``` + +It is important to note that for `GetCachedValue()` to work, `Profile` (and any other structs embedding `Profile`) must implement the `UnpackInterfaces` method: + +```go +func (p *Profile) UnpackInterfaces(unpacker codectypes.AnyUnpacker) error { + if p.Account != nil { + var account AccountI + return unpacker.UnpackAny(p.Account, &account) + } + + return nil +} +``` + +The `UnpackInterfaces` gets called recursively on all structs implementing this method, to allow all `Any`s to have their `GetCachedValue()` correctly populated. + +For more information about interface encoding, and especially on `UnpackInterfaces` and how the `Any`'s `type_url` gets resolved using the `InterfaceRegistry`, please refer to [ADR-019](https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/docs/architecture/adr-019-protobuf-state-encoding.md). + +#### `Any` Encoding in the Cosmos SDK + +The above `Profile` example is a fictive example used for educational purposes. In the Cosmos SDK, we use `Any` encoding in several places (non-exhaustive list): + +* the `cryptotypes.PubKey` interface for encoding different types of public keys, +* the `sdk.Msg` interface for encoding different `Msg`s in a transaction, +* the `AccountI` interface for encoding different types of accounts (similar to the above example) in the x/auth query responses, +* the `EvidenceI` interface for encoding different types of evidences in the x/evidence module, +* the `AuthorizationI` interface for encoding different types of x/authz authorizations, +* the [`Validator`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/staking/types/staking.pb.go#L340-L375) struct that contains information about a validator. + +A real-life example of encoding the pubkey as `Any` inside the Validator struct in x/staking is shown in the following example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/staking/types/validator.go#L43-L66 +``` + +#### `Any`'s TypeURL + +When packing a protobuf message inside an `Any`, the message's type is uniquely defined by its type URL, which is the message's fully qualified name prefixed by a `/` (slash) character. In some implementations of `Any`, like the gogoproto one, there's generally [a resolvable prefix, e.g. `type.googleapis.com`](https://github.com/gogo/protobuf/blob/b03c65ea87cdc3521ede29f62fe3ce239267c1bc/protobuf/google/protobuf/any.proto#L87-L91). However, in the Cosmos SDK, we made the decision to not include such prefix, to have shorter type URLs. The Cosmos SDK's own `Any` implementation can be found in `github.com/cosmos/cosmos-sdk/codec/types`. + +The Cosmos SDK is also switching away from gogoproto to the official `google.golang.org/protobuf` (known as the Protobuf API v2). Its default `Any` implementation also contains the [`type.googleapis.com`](https://github.com/protocolbuffers/protobuf-go/blob/v1.28.1/types/known/anypb/any.pb.go#L266) prefix. To maintain compatibility with the SDK, the following methods from `"google.golang.org/protobuf/types/known/anypb"` should not be used: + +* `anypb.New` +* `anypb.MarshalFrom` +* `anypb.Any#MarshalFrom` + +Instead, the Cosmos SDK provides helper functions in `"github.com/cosmos/cosmos-proto/anyutil"`, which create an official `anypb.Any` without inserting the prefixes: + +* `anyutil.New` +* `anyutil.MarshalFrom` + +For example, to pack a `sdk.Msg` called `internalMsg`, use: + +```diff +import ( +- "google.golang.org/protobuf/types/known/anypb" ++ "github.com/cosmos/cosmos-proto/anyutil" +) + +- anyMsg, err := anypb.New(internalMsg.Message().Interface()) ++ anyMsg, err := anyutil.New(internalMsg.Message().Interface()) + +- fmt.Println(anyMsg.TypeURL) // type.googleapis.com/cosmos.bank.v1beta1.MsgSend ++ fmt.Println(anyMsg.TypeURL) // /cosmos.bank.v1beta1.MsgSend +``` + +## FAQ + +### How to create modules using protobuf encoding + +#### Defining module types + +Protobuf types can be defined to encode: + +* state +* [`Msg`s](../../build/building-modules/02-messages-and-queries.md#messages) +* [Query services](../../build/building-modules/04-query-services.md) +* [genesis](../../build/building-modules/08-genesis.md) + +#### Naming and conventions + +We encourage developers to follow industry guidelines: [Protocol Buffers style guide](https://developers.google.com/protocol-buffers/docs/style) +and [Buf](https://buf.build/docs/style-guide), see more details in [ADR 023](https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/docs/architecture/adr-023-protobuf-naming.md) + +### How to update modules to protobuf encoding + +If modules do not contain any interfaces (e.g. `Account` or `Content`), then they +may simply migrate any existing types that +are encoded and persisted via their concrete Amino codec to Protobuf (see 1. for further guidelines) and accept a `Marshaler` as the codec which is implemented via the `ProtoCodec` +without any further customization. + +However, if a module type composes an interface, it must wrap it in the `sdk.Any` (from `/types` package) type. To do that, a module-level .proto file must use [`google.protobuf.Any`](https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/any.proto) for respective message type interface types. + +For example, in the `x/evidence` module defines an `Evidence` interface, which is used by the `MsgSubmitEvidence`. The structure definition must use `sdk.Any` to wrap the evidence file. In the proto file we define it as follows: + +```protobuf +// proto/cosmos/evidence/v1beta1/tx.proto + +message MsgSubmitEvidence { + string submitter = 1; + google.protobuf.Any evidence = 2 [(cosmos_proto.accepts_interface) = "cosmos.evidence.v1beta1.Evidence"]; +} +``` + +The Cosmos SDK `codec.Codec` interface provides support methods `MarshalInterface` and `UnmarshalInterface` for easy encoding of state to `Any`. + +Module should register interfaces using `InterfaceRegistry` which provides a mechanism for registering interfaces: `RegisterInterface(protoName string, iface interface{}, impls ...proto.Message)` and implementations: `RegisterImplementations(iface interface{}, impls ...proto.Message)` that can be safely unpacked from Any, similarly to type registration with Amino: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/codec/types/interface_registry.go#L40-L87 +``` + +In addition, an `UnpackInterfaces` phase should be introduced to deserialization to unpack interfaces before they're needed. Protobuf types that contain a protobuf `Any` either directly or via one of their members should implement the `UnpackInterfacesMessage` interface: + +```go +type UnpackInterfacesMessage interface { + UnpackInterfaces(InterfaceUnpacker) error +} +``` diff --git a/copy-of-sdk-docs/docs/learn/advanced/06-grpc_rest.md b/copy-of-sdk-docs/docs/learn/advanced/06-grpc_rest.md new file mode 100644 index 00000000..d3ab827a --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/advanced/06-grpc_rest.md @@ -0,0 +1,105 @@ +--- +sidebar_position: 1 +--- + +# gRPC, REST, and CometBFT Endpoints + +:::note Synopsis +This document presents an overview of all the endpoints a node exposes: gRPC, REST as well as some other endpoints. +::: + +## An Overview of All Endpoints + +Each node exposes the following endpoints for users to interact with a node, each endpoint is served on a different port. Details on how to configure each endpoint is provided in the endpoint's own section. + +* the gRPC server (default port: `9090`), +* the REST server (default port: `1317`), +* the CometBFT RPC endpoint (default port: `26657`). + +:::tip +The node also exposes some other endpoints, such as the CometBFT P2P endpoint, or the [Prometheus endpoint](https://docs.cometbft.com/v0.37/core/metrics), which are not directly related to the Cosmos SDK. Please refer to the [CometBFT documentation](https://docs.cometbft.com/v0.37/core/configuration) for more information about these endpoints. +::: + +:::note +All endpoints are defaulted to localhost and must be modified to be exposed to the public internet. +::: + +## gRPC Server + +In the Cosmos SDK, Protobuf is the main [encoding](./05-encoding.md) library. This brings a wide range of Protobuf-based tools that can be plugged into the Cosmos SDK. One such tool is [gRPC](https://grpc.io), a modern open-source high performance RPC framework that has decent client support in several languages. + +Each module exposes a [Protobuf `Query` service](../../build/building-modules/02-messages-and-queries.md#queries) that defines state queries. The `Query` services and a transaction service used to broadcast transactions are hooked up to the gRPC server via the following function inside the application: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/server/types/app.go#L46-L48 +``` + +Note: It is not possible to expose any [Protobuf `Msg` service](../../build/building-modules/02-messages-and-queries.md#messages) endpoints via gRPC. Transactions must be generated and signed using the CLI or programmatically before they can be broadcasted using gRPC. See [Generating, Signing, and Broadcasting Transactions](../../user/run-node/03-txs.md) for more information. + +The `grpc.Server` is a concrete gRPC server, which spawns and serves all gRPC query requests and a broadcast transaction request. This server can be configured inside `~/.simapp/config/app.toml`: + +* `grpc.enable = true|false` field defines if the gRPC server should be enabled. Defaults to `true`. +* `grpc.address = {string}` field defines the `ip:port` the server should bind to. Defaults to `localhost:9090`. + +:::tip +`~/.simapp` is the directory where the node's configuration and databases are stored. By default, it's set to `~/.{app_name}`. +::: + +Once the gRPC server is started, you can send requests to it using a gRPC client. Some examples are given in our [Interact with the Node](../../user/run-node/02-interact-node.md#using-grpc) tutorial. + +An overview of all available gRPC endpoints shipped with the Cosmos SDK is [Protobuf documentation](https://buf.build/cosmos/cosmos-sdk). + +## REST Server + +Cosmos SDK supports REST routes via gRPC-gateway. + +All routes are configured under the following fields in `~/.simapp/config/app.toml`: + +* `api.enable = true|false` field defines if the REST server should be enabled. Defaults to `false`. +* `api.address = {string}` field defines the `ip:port` the server should bind to. Defaults to `tcp://localhost:1317`. +* some additional API configuration options are defined in `~/.simapp/config/app.toml`, along with comments, please refer to that file directly. + +### gRPC-gateway REST Routes + +If, for various reasons, you cannot use gRPC (for example, you are building a web application, and browsers don't support HTTP2 on which gRPC is built), then the Cosmos SDK offers REST routes via gRPC-gateway. + +[gRPC-gateway](https://grpc-ecosystem.github.io/grpc-gateway/) is a tool to expose gRPC endpoints as REST endpoints. For each gRPC endpoint defined in a Protobuf `Query` service, the Cosmos SDK offers a REST equivalent. For instance, querying a balance could be done via the `/cosmos.bank.v1beta1.QueryAllBalances` gRPC endpoint, or alternatively via the gRPC-gateway `"/cosmos/bank/v1beta1/balances/{address}"` REST endpoint: both will return the same result. For each RPC method defined in a Protobuf `Query` service, the corresponding REST endpoint is defined as an option: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/proto/cosmos/bank/v1beta1/query.proto#L23-L30 +``` + +For application developers, gRPC-gateway REST routes needs to be wired up to the REST server, this is done by calling the `RegisterGRPCGatewayRoutes` function on the ModuleManager. + +### Swagger + +A [Swagger](https://swagger.io/) (or OpenAPIv2) specification file is exposed under the `/swagger` route on the API server. Swagger is an open specification describing the API endpoints a server serves, including description, input arguments, return types and much more about each endpoint. + +Enabling the `/swagger` endpoint is configurable inside `~/.simapp/config/app.toml` via the `api.swagger` field, which is set to false by default. + +For application developers, you may want to generate your own Swagger definitions based on your custom modules. +The Cosmos SDK's [Swagger generation script](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/scripts/protoc-swagger-gen.sh) is a good place to start. + +## CometBFT RPC + +Independently from the Cosmos SDK, CometBFT also exposes a RPC server. This RPC server can be configured by tuning parameters under the `rpc` table in the `~/.simapp/config/config.toml`, the default listening address is `tcp://localhost:26657`. An OpenAPI specification of all CometBFT RPC endpoints is available [here](https://docs.cometbft.com/main/rpc/). + +Some CometBFT RPC endpoints are directly related to the Cosmos SDK: + +* `/abci_query`: this endpoint will query the application for state. As the `path` parameter, you can send the following strings: + * any Protobuf fully-qualified service method, such as `/cosmos.bank.v1beta1.Query/AllBalances`. The `data` field should then include the method's request parameter(s) encoded as bytes using Protobuf. + * `/app/simulate`: this will simulate a transaction, and return some information such as gas used. + * `/app/version`: this will return the application's version. + * `/store/{storeName}/key`: this will directly query the named store for data associated with the key represented in the `data` parameter. + * `/store/{storeName}/subspace`: this will directly query the named store for key/value pairs in which the key has the value of the `data` parameter as a prefix. + * `/p2p/filter/addr/{port}`: this will return a filtered list of the node's P2P peers by address port. + * `/p2p/filter/id/{id}`: this will return a filtered list of the node's P2P peers by ID. +* `/broadcast_tx_{sync,async,commit}`: these 3 endpoints will broadcast a transaction to other peers. CLI, gRPC and REST expose [a way to broadcast transactions](./01-transactions.md#broadcasting-the-transaction), but they all use these 3 CometBFT RPCs under the hood. + +## Comparison Table + +| Name | Advantages | Disadvantages | +| -------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------- | +| gRPC | - can use code-generated stubs in various languages
    - supports streaming and bidirectional communication (HTTP2)
    - small wire binary sizes, faster transmission | - based on HTTP2, not available in browsers
    - learning curve (mostly due to Protobuf) | +| REST | - ubiquitous
    - client libraries in all languages, faster implementation
    | - only supports unary request-response communication (HTTP1.1)
    - bigger over-the-wire message sizes (JSON) | +| CometBFT RPC | - easy to use | - bigger over-the-wire message sizes (JSON) | diff --git a/copy-of-sdk-docs/docs/learn/advanced/07-cli.md b/copy-of-sdk-docs/docs/learn/advanced/07-cli.md new file mode 100644 index 00000000..cd9e34de --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/advanced/07-cli.md @@ -0,0 +1,211 @@ +--- +sidebar_position: 1 +--- + +# Command-Line Interface + +:::note Synopsis +This document describes how command-line interface (CLI) works on a high-level, for an [**application**](../beginner/00-app-anatomy.md). A separate document for implementing a CLI for a Cosmos SDK [**module**](../../build/building-modules/00-intro.md) can be found [here](../../build/building-modules/09-module-interfaces.md#cli). +::: + +## Command-Line Interface + +### Example Command + +There is no set way to create a CLI, but Cosmos SDK modules typically use the [Cobra Library](https://github.com/spf13/cobra). Building a CLI with Cobra entails defining commands, arguments, and flags. [**Commands**](#root-command) understand the actions users wish to take, such as `tx` for creating a transaction and `query` for querying the application. Each command can also have nested subcommands, necessary for naming the specific transaction type. Users also supply **Arguments**, such as account numbers to send coins to, and [**Flags**](#flags) to modify various aspects of the commands, such as gas prices or which node to broadcast to. + +Here is an example of a command a user might enter to interact with the simapp CLI `simd` in order to send some tokens: + +```bash +simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake --gas auto --gas-prices +``` + +The first four strings specify the command: + +* The root command for the entire application `simd`. +* The subcommand `tx`, which contains all commands that let users create transactions. +* The subcommand `bank` to indicate which module to route the command to ([`x/bank`](../../build/modules/bank/README.md) module in this case). +* The type of transaction `send`. + +The next two strings are arguments: the `from_address` the user wishes to send from, the `to_address` of the recipient, and the `amount` they want to send. Finally, the last few strings of the command are optional flags to indicate how much the user is willing to pay in fees (calculated using the amount of gas used to execute the transaction and the gas prices provided by the user). + +The CLI interacts with a [node](./03-node.md) to handle this command. The interface itself is defined in a `main.go` file. + +### Building the CLI + +The `main.go` file needs to have a `main()` function that creates a root command, to which all the application commands will be added as subcommands. The root command additionally handles: + +* **setting configurations** by reading in configuration files (e.g. the Cosmos SDK config file). +* **adding any flags** to it, such as `--chain-id`. +* **instantiating the `codec`** by injecting the application codecs. The [`codec`](./05-encoding.md) is used to encode and decode data structures for the application - stores can only persist `[]byte`s so the developer must define a serialization format for their data structures or use the default, Protobuf. +* **adding subcommand** for all the possible user interactions, including [transaction commands](#transaction-commands) and [query commands](#query-commands). + +The `main()` function finally creates an executor and [execute](https://pkg.go.dev/github.com/spf13/cobra#Command.Execute) the root command. See an example of `main()` function from the `simapp` application: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/main.go#L14-L24 +``` + +The rest of the document will detail what needs to be implemented for each step and include smaller portions of code from the `simapp` CLI files. + +## Adding Commands to the CLI + +Every application CLI first constructs a root command, then adds functionality by aggregating subcommands (often with further nested subcommands) using `rootCmd.AddCommand()`. The bulk of an application's unique capabilities lies in its transaction and query commands, called `TxCmd` and `QueryCmd` respectively. + +### Root Command + +The root command (called `rootCmd`) is what the user first types into the command line to indicate which application they wish to interact with. The string used to invoke the command (the "Use" field) is typically the name of the application suffixed with `-d`, e.g. `simd` or `gaiad`. The root command typically includes the following commands to support basic functionality in the application. + +* **Status** command from the Cosmos SDK rpc client tools, which prints information about the status of the connected [`Node`](./03-node.md). The Status of a node includes `NodeInfo`,`SyncInfo` and `ValidatorInfo`. +* **Keys** [commands](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/keys) from the Cosmos SDK client tools, which includes a collection of subcommands for using the key functions in the Cosmos SDK crypto tools, including adding a new key and saving it to the keyring, listing all public keys stored in the keyring, and deleting a key. For example, users can type `simd keys add ` to add a new key and save an encrypted copy to the keyring, using the flag `--recover` to recover a private key from a seed phrase or the flag `--multisig` to group multiple keys together to create a multisig key. For full details on the `add` key command, see the code [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/keys/add.go). For more details about usage of `--keyring-backend` for storage of key credentials look at the [keyring docs](../../user/run-node/00-keyring.md). +* **Server** commands from the Cosmos SDK server package. These commands are responsible for providing the mechanisms necessary to start an ABCI CometBFT application and provides the CLI framework (based on [cobra](https://github.com/spf13/cobra)) necessary to fully bootstrap an application. The package exposes two core functions: `StartCmd` and `ExportCmd` which creates commands to start the application and export state respectively. +Learn more [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server). +* [**Transaction**](#transaction-commands) commands. +* [**Query**](#query-commands) commands. + +Next is an example `rootCmd` function from the `simapp` application. It instantiates the root command, adds a [*persistent* flag](#flags) and `PreRun` function to be run before every execution, and adds all of the necessary subcommands. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L47-L130 +``` + +:::tip +Use the `EnhanceRootCommand()` from the AutoCLI options to automatically add auto-generated commands from the modules to the root command. +Additionally it adds all manually defined modules commands (`tx` and `query`) as well. +Read more about [AutoCLI](https://docs.cosmos.network/main/core/autocli) in its dedicated section. +::: + +`rootCmd` has a function called `initAppConfig()` which is useful for setting the application's custom configs. +By default app uses CometBFT app config template from Cosmos SDK, which can be over-written via `initAppConfig()`. +Here's an example code to override default `app.toml` template. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L144-L199 +``` + +The `initAppConfig()` also allows overriding the default Cosmos SDK's [server config](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server/config/config.go#L231). One example is the `min-gas-prices` config, which defines the minimum gas prices a validator is willing to accept for processing a transaction. By default, the Cosmos SDK sets this parameter to `""` (empty string), which forces all validators to tweak their own `app.toml` and set a non-empty value, or else the node will halt on startup. This might not be the best UX for validators, so the chain developer can set a default `app.toml` value for validators inside this `initAppConfig()` function. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L164-L180 +``` + +The root-level `status` and `keys` subcommands are common across most applications and do not interact with application state. The bulk of an application's functionality - what users can actually *do* with it - is enabled by its `tx` and `query` commands. + +### Transaction Commands + +[Transactions](./01-transactions.md) are objects wrapping [`Msg`s](../../build/building-modules/02-messages-and-queries.md#messages) that trigger state changes. To enable the creation of transactions using the CLI interface, a function `txCommand` is generally added to the `rootCmd`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L222-L229 +``` + +This `txCommand` function adds all the transaction available to end-users for the application. This typically includes: + +* **Sign command** from the [`auth`](../../build/modules/auth/README.md) module that signs messages in a transaction. To enable multisig, add the `auth` module's `MultiSign` command. Since every transaction requires some sort of signature in order to be valid, the signing command is necessary for every application. +* **Broadcast command** from the Cosmos SDK client tools, to broadcast transactions. +* **All [module transaction commands](../../build/building-modules/09-module-interfaces.md#transaction-commands)** the application is dependent on, retrieved by using the [basic module manager's](../../build/building-modules/01-module-manager.md#basic-manager) `AddTxCommands()` function, or enhanced by [AutoCLI](https://docs.cosmos.network/main/core/autocli). + +Here is an example of a `txCommand` aggregating these subcommands from the `simapp` application: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L270-L292 +``` + +:::tip +When using AutoCLI to generate module transaction commands, `EnhanceRootCommand()` automatically adds the module `tx` command to the root command. +Read more about [AutoCLI](https://docs.cosmos.network/main/core/autocli) in its dedicated section. +::: + +### Query Commands + +[**Queries**](../../build/building-modules/02-messages-and-queries.md#queries) are objects that allow users to retrieve information about the application's state. To enable the creation of queries using the CLI interface, a function `queryCommand` is generally added to the `rootCmd`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L222-L229 +``` + +This `queryCommand` function adds all the queries available to end-users for the application. This typically includes: + +* **QueryTx** and/or other transaction query commands from the `auth` module which allow the user to search for a transaction by inputting its hash, a list of tags, or a block height. These queries allow users to see if transactions have been included in a block. +* **Account command** from the `auth` module, which displays the state (e.g. account balance) of an account given an address. +* **Validator command** from the Cosmos SDK rpc client tools, which displays the validator set of a given height. +* **Block command** from the Cosmos SDK RPC client tools, which displays the block data for a given height. +* **All [module query commands](../../build/building-modules/09-module-interfaces.md#query-commands)** the application is dependent on, retrieved by using the [basic module manager's](../../build/building-modules/01-module-manager.md#basic-manager) `AddQueryCommands()` function, or enhanced by [AutoCLI](https://docs.cosmos.network/main/core/autocli). + +Here is an example of a `queryCommand` aggregating subcommands from the `simapp` application: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L249-L268 +``` + +:::tip +When using AutoCLI to generate module query commands, `EnhanceRootCommand()` automatically adds the module `query` command to the root command. +Read more about [AutoCLI](https://docs.cosmos.network/main/core/autocli) in its dedicated section. +::: + +## Flags + +Flags are used to modify commands; developers can include them in a `flags.go` file with their CLI. Users can explicitly include them in commands or pre-configure them by inside their [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml). Commonly pre-configured flags include the `--node` to connect to and `--chain-id` of the blockchain the user wishes to interact with. + +A *persistent* flag (as opposed to a *local* flag) added to a command transcends all of its children: subcommands will inherit the configured values for these flags. Additionally, all flags have default values when they are added to commands; some toggle an option off but others are empty values that the user needs to override to create valid commands. A flag can be explicitly marked as *required* so that an error is automatically thrown if the user does not provide a value, but it is also acceptable to handle unexpected missing flags differently. + +Flags are added to commands directly (generally in the [module's CLI file](../../build/building-modules/09-module-interfaces.md#flags) where module commands are defined) and no flag except for the `rootCmd` persistent flags has to be added at application level. It is common to add a *persistent* flag for `--chain-id`, the unique identifier of the blockchain the application pertains to, to the root command. Adding this flag can be done in the `main()` function. Adding this flag makes sense as the chain ID should not be changing across commands in this application CLI. + +## Environment variables + +Each flag is bound to its respective named environment variable. The name of the environment variable consist of two parts - capital case `basename` followed by flag name of the flag. `-` must be substituted with `_`. For example flag `--node` for application with basename `GAIA` is bound to `GAIA_NODE`. It allows reducing the amount of flags typed for routine operations. For example instead of: + +```shell +gaia --home=./ --node= --chain-id="testchain-1" --keyring-backend=test tx ... --from= +``` + +this will be more convenient: + +```shell +# define env variables in .env, .envrc etc +GAIA_HOME= +GAIA_NODE= +GAIA_CHAIN_ID="testchain-1" +GAIA_KEYRING_BACKEND="test" + +# and later just use +gaia tx ... --from= +``` + +## Configurations + +It is vital that the root command of an application uses `PersistentPreRun()` cobra command property for executing the command, so all child commands have access to the server and client contexts. These contexts are set as their default values initially and may be modified, scoped to the command, in their respective `PersistentPreRun()` functions. Note that the `client.Context` is typically pre-populated with "default" values that may be useful for all commands to inherit and override if necessary. + +Here is an example of an `PersistentPreRun()` function from `simapp`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L81-L120 +``` + +The `SetCmdClientContextHandler` call reads persistent flags via `ReadPersistentCommandFlags` which creates a `client.Context` and sets that on the root command's `Context`. + +The `InterceptConfigsPreRunHandler` call creates a viper literal, default `server.Context`, and a logger and sets that on the root command's `Context`. The `server.Context` will be modified and saved to disk. The internal `interceptConfigs` call reads or creates a CometBFT configuration based on the home path provided. In addition, `interceptConfigs` also reads and loads the application configuration, `app.toml`, and binds that to the `server.Context` viper literal. This is vital so the application can get access to not only the CLI flags, but also to the application configuration values provided by this file. + +:::tip +When willing to configure which logger is used, do not use `InterceptConfigsPreRunHandler`, which sets the default SDK logger, but instead use `InterceptConfigsAndCreateContext` and set the server context and the logger manually: + +```diff +-return server.InterceptConfigsPreRunHandler(cmd, customAppTemplate, customAppConfig, customCMTConfig) + ++serverCtx, err := server.InterceptConfigsAndCreateContext(cmd, customAppTemplate, customAppConfig, customCMTConfig) ++if err != nil { ++ return err ++} + ++// overwrite default server logger ++logger, err := server.CreateSDKLogger(serverCtx, cmd.OutOrStdout()) ++if err != nil { ++ return err ++} ++serverCtx.Logger = logger.With(log.ModuleKey, "server") + ++// set server context ++return server.SetCmdServerContext(cmd, serverCtx) +``` + +::: diff --git a/copy-of-sdk-docs/docs/learn/advanced/08-events.md b/copy-of-sdk-docs/docs/learn/advanced/08-events.md new file mode 100644 index 00000000..52d02641 --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/advanced/08-events.md @@ -0,0 +1,159 @@ +--- +sidebar_position: 1 +--- +# Events + +:::note Synopsis +`Event`s are objects that contain information about the execution of the application. They are mainly used by service providers like block explorers and wallet to track the execution of various messages and index transactions. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK application](../beginner/00-app-anatomy.md) +* [CometBFT Documentation on Events](https://docs.cometbft.com/v0.37/spec/abci/abci++_basic_concepts#events) + +::: + +## Events + +Events are implemented in the Cosmos SDK as an alias of the ABCI `Event` type and +take the form of: `{eventType}.{attributeKey}={attributeValue}`. + +```protobuf reference +https://github.com/cometbft/cometbft/blob/v0.37.0/proto/tendermint/abci/types.proto#L334-L343 +``` + +An Event contains: + +* A `type` to categorize the Event at a high-level; for example, the Cosmos SDK uses the `"message"` type to filter Events by `Msg`s. +* A list of `attributes` are key-value pairs that give more information about the categorized Event. For example, for the `"message"` type, we can filter Events by key-value pairs using `message.action={some_action}`, `message.module={some_module}` or `message.sender={some_sender}`. +* A `msg_index` to identify which messages relate to the same transaction + +:::tip +To parse the attribute values as strings, make sure to add `'` (single quotes) around each attribute value. +::: + +_Typed Events_ are Protobuf-defined [messages](../../../architecture/adr-032-typed-events.md) used by the Cosmos SDK +for emitting and querying Events. They are defined in a `event.proto` file, on a **per-module basis** and are read as `proto.Message`. +_Legacy Events_ are defined on a **per-module basis** in the module's `/types/events.go` file. +They are triggered from the module's Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md) +by using the [`EventManager`](#eventmanager). + +In addition, each module documents its events under in the `Events` sections of its specs (x/{moduleName}/`README.md`). + +Lastly, Events are returned to the underlying consensus engine in the response of the following ABCI messages: + +* [`BeginBlock`](./00-baseapp.md#beginblock) +* [`EndBlock`](./00-baseapp.md#endblock) +* [`CheckTx`](./00-baseapp.md#checktx) +* [`Transaction Execution`](./00-baseapp.md#transactionexecution) + +### Examples + +The following examples show how to query Events using the Cosmos SDK. + +| Event | Description | +| ------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `tx.height=23` | Query all transactions at height 23 | +| `message.action='/cosmos.bank.v1beta1.Msg/Send'` | Query all transactions containing a x/bank `Send` [Service `Msg`](../../build/building-modules/03-msg-services.md). Note the `'`s around the value. | +| `message.module='bank'` | Query all transactions containing messages from the x/bank module. Note the `'`s around the value. | +| `create_validator.validator='cosmosval1...'` | x/staking-specific Event, see [x/staking SPEC](../../../../x/staking/README.md). | + +## EventManager + +In Cosmos SDK applications, Events are managed by an abstraction called the `EventManager`. +Internally, the `EventManager` tracks a list of Events for the entire execution flow of `FinalizeBlock` +(i.e. transaction execution, `BeginBlock`, `EndBlock`). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/types/events.go#L18-L25 +``` + +The `EventManager` comes with a set of useful methods to manage Events. The method +that is used most by module and application developers is `EmitTypedEvent` or `EmitEvent` that tracks +an Event in the `EventManager`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/types/events.go#L51-L60 +``` + +Module developers should handle Event emission via the `EventManager#EmitTypedEvent` or `EventManager#EmitEvent` in each message +`Handler` and in each `BeginBlock`/`EndBlock` handler. The `EventManager` is accessed via +the [`Context`](./02-context.md), where Event should be already registered, and emitted like this: + + +**Typed events:** + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/group/keeper/msg_server.go#L95-L97 +``` + +**Legacy events:** + +```go +ctx.EventManager().EmitEvent( + sdk.NewEvent(eventType, sdk.NewAttribute(attributeKey, attributeValue)), +) +``` + +Where the `EventManager` is accessed via the [`Context`](./02-context.md). + +See the [`Msg` services](../../build/building-modules/03-msg-services.md) concept doc for a more detailed +view on how to typically implement Events and use the `EventManager` in modules. + +## Subscribing to Events + +You can use CometBFT's [Websocket](https://docs.cometbft.com/v0.37/core/subscription) to subscribe to Events by calling the `subscribe` RPC method: + +```json +{ + "jsonrpc": "2.0", + "method": "subscribe", + "id": "0", + "params": { + "query": "tm.event='eventCategory' AND eventType.eventAttribute='attributeValue'" + } +} +``` + +The main `eventCategory` you can subscribe to are: + +* `NewBlock`: Contains Events triggered during `BeginBlock` and `EndBlock`. +* `Tx`: Contains Events triggered during `DeliverTx` (i.e. transaction processing). +* `ValidatorSetUpdates`: Contains validator set updates for the block. + +These Events are triggered from the `state` package after a block is committed. You can get the +full list of Event categories [on the CometBFT Go documentation](https://pkg.go.dev/github.com/cometbft/cometbft/types#pkg-constants). + +The `type` and `attribute` value of the `query` allow you to filter the specific Event you are looking for. For example, a `Mint` transaction triggers an Event of type `EventMint` and has an `Id` and an `Owner` as `attributes` (as defined in the [`events.proto` file of the `NFT` module](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/proto/cosmos/nft/v1beta1/event.proto#L21-L31)). + +Subscribing to this Event would be done like so: + +```json +{ + "jsonrpc": "2.0", + "method": "subscribe", + "id": "0", + "params": { + "query": "tm.event='Tx' AND mint.owner='ownerAddress'" + } +} +``` + +where `ownerAddress` is an address following the [`AccAddress`](../beginner/03-accounts.md#addresses) format. + +The same way can be used to subscribe to [legacy events](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/bank/types/events.go). + +## Default Events + +There are a few events that are automatically emitted for all messages, directly from `baseapp`. + +* `message.action`: The name of the message type. +* `message.sender`: The address of the message signer. +* `message.module`: The name of the module that emitted the message. + +:::tip +The module name is assumed by `baseapp` to be the second element of the message route: `"cosmos.bank.v1beta1.MsgSend" -> "bank"`. +In case a module does not follow the standard message path, (e.g. IBC), it is advised to keep emitting the module name event. +`Baseapp` only emits that event if the module have not already done so. +::: diff --git a/copy-of-sdk-docs/docs/learn/advanced/09-telemetry.md b/copy-of-sdk-docs/docs/learn/advanced/09-telemetry.md new file mode 100644 index 00000000..14d1aa7c --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/advanced/09-telemetry.md @@ -0,0 +1,128 @@ +--- +sidebar_position: 1 +--- + +# Telemetry + +:::note Synopsis +Gather relevant insights about your application and modules with custom metrics and telemetry. +::: + +The Cosmos SDK enables operators and developers to gain insight into the performance and behavior of +their application through the use of the `telemetry` package. To enable telemetry, set `telemetry.enabled = true` in the app.toml config file. + +The Cosmos SDK currently supports enabling in-memory and prometheus as telemetry sinks. In-memory sink is always attached (when the telemetry is enabled) with 10 second interval and 1 minute retention. This means that metrics will be aggregated over 10 seconds, and metrics will be kept alive for 1 minute. + +To query active metrics (see retention note above) you have to enable API server (`api.enabled = true` in the app.toml). Single API endpoint is exposed: `http://localhost:1317/metrics?format={text|prometheus}`, the default being `text`. + +## Emitting metrics + +If telemetry is enabled via configuration, a single global metrics collector is registered via the +[go-metrics](https://github.com/hashicorp/go-metrics) library. This allows emitting and collecting +metrics through simple [API](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/telemetry/wrapper.go). Example: + +```go +func EndBlocker(ctx sdk.Context, k keeper.Keeper) { + defer telemetry.ModuleMeasureSince(types.ModuleName, time.Now(), telemetry.MetricKeyEndBlocker) + + // ... +} +``` + +Developers may use the `telemetry` package directly, which provides wrappers around metric APIs +that include adding useful labels, or they must use the `go-metrics` library directly. It is preferable +to add as much context and adequate dimensionality to metrics as possible, so the `telemetry` package +is advised. Regardless of the package or method used, the Cosmos SDK supports the following metrics +types: + +* gauges +* summaries +* counters + +## Labels + +Certain components of modules will have their name automatically added as a label (e.g. `BeginBlock`). +Operators may also supply the application with a global set of labels that will be applied to all +metrics emitted using the `telemetry` package (e.g. chain-id). Global labels are supplied as a list +of [name, value] tuples. + +Example: + +```toml +global-labels = [ + ["chain_id", "chain-OfXo4V"], +] +``` + +## Cardinality + +Cardinality is key, specifically label and key cardinality. Cardinality is how many unique values of +something there are. So there is naturally a tradeoff between granularity and how much stress is put +on the telemetry sink in terms of indexing, scrape, and query performance. + +Developers should take care to support metrics with enough dimensionality and granularity to be +useful, but not increase the cardinality beyond the sink's limits. A general rule of thumb is to not +exceed a cardinality of 10. + +Consider the following examples with enough granularity and adequate cardinality: + +* begin/end blocker time +* tx gas used +* block gas used +* amount of tokens minted +* amount of accounts created + +The following examples expose too much cardinality and may not even prove to be useful: + +* transfers between accounts with amount +* voting/deposit amount from unique addresses + +## Supported Metrics + +| Metric | Description | Unit | Type | +|:--------------------------------|:------------------------------------------------------------------------------------------|:----------------|:--------| +| `tx_count` | Total number of txs processed via `DeliverTx` | tx | counter | +| `tx_successful` | Total number of successful txs processed via `DeliverTx` | tx | counter | +| `tx_failed` | Total number of failed txs processed via `DeliverTx` | tx | counter | +| `tx_gas_used` | The total amount of gas used by a tx | gas | gauge | +| `tx_gas_wanted` | The total amount of gas requested by a tx | gas | gauge | +| `tx_msg_send` | The total amount of tokens sent in a `MsgSend` (per denom) | token | gauge | +| `tx_msg_withdraw_reward` | The total amount of tokens withdrawn in a `MsgWithdrawDelegatorReward` (per denom) | token | gauge | +| `tx_msg_withdraw_commission` | The total amount of tokens withdrawn in a `MsgWithdrawValidatorCommission` (per denom) | token | gauge | +| `tx_msg_delegate` | The total amount of tokens delegated in a `MsgDelegate` | token | gauge | +| `tx_msg_begin_unbonding` | The total amount of tokens undelegated in a `MsgUndelegate` | token | gauge | +| `tx_msg_begin_redelegate` | The total amount of tokens redelegated in a `MsgBeginRedelegate` | token | gauge | +| `tx_msg_ibc_transfer` | The total amount of tokens transferred via IBC in a `MsgTransfer` (source or sink chain) | token | gauge | +| `ibc_transfer_packet_receive` | The total amount of tokens received in a `FungibleTokenPacketData` (source or sink chain) | token | gauge | +| `new_account` | Total number of new accounts created | account | counter | +| `gov_proposal` | Total number of governance proposals | proposal | counter | +| `gov_vote` | Total number of governance votes for a proposal | vote | counter | +| `gov_deposit` | Total number of governance deposits for a proposal | deposit | counter | +| `staking_delegate` | Total number of delegations | delegation | counter | +| `staking_undelegate` | Total number of undelegations | undelegation | counter | +| `staking_redelegate` | Total number of redelegations | redelegation | counter | +| `ibc_transfer_send` | Total number of IBC transfers sent from a chain (source or sink) | transfer | counter | +| `ibc_transfer_receive` | Total number of IBC transfers received to a chain (source or sink) | transfer | counter | +| `ibc_client_create` | Total number of clients created | create | counter | +| `ibc_client_update` | Total number of client updates | update | counter | +| `ibc_client_upgrade` | Total number of client upgrades | upgrade | counter | +| `ibc_client_misbehaviour` | Total number of client misbehaviours | misbehaviour | counter | +| `ibc_connection_open-init` | Total number of connection `OpenInit` handshakes | handshake | counter | +| `ibc_connection_open-try` | Total number of connection `OpenTry` handshakes | handshake | counter | +| `ibc_connection_open-ack` | Total number of connection `OpenAck` handshakes | handshake | counter | +| `ibc_connection_open-confirm` | Total number of connection `OpenConfirm` handshakes | handshake | counter | +| `ibc_channel_open-init` | Total number of channel `OpenInit` handshakes | handshake | counter | +| `ibc_channel_open-try` | Total number of channel `OpenTry` handshakes | handshake | counter | +| `ibc_channel_open-ack` | Total number of channel `OpenAck` handshakes | handshake | counter | +| `ibc_channel_open-confirm` | Total number of channel `OpenConfirm` handshakes | handshake | counter | +| `ibc_channel_close-init` | Total number of channel `CloseInit` handshakes | handshake | counter | +| `ibc_channel_close-confirm` | Total number of channel `CloseConfirm` handshakes | handshake | counter | +| `tx_msg_ibc_recv_packet` | Total number of IBC packets received | packet | counter | +| `tx_msg_ibc_acknowledge_packet` | Total number of IBC packets acknowledged | acknowledgement | counter | +| `ibc_timeout_packet` | Total number of IBC timeout packets | timeout | counter | +| `store_iavl_get` | Duration of an IAVL `Store#Get` call | ms | summary | +| `store_iavl_set` | Duration of an IAVL `Store#Set` call | ms | summary | +| `store_iavl_has` | Duration of an IAVL `Store#Has` call | ms | summary | +| `store_iavl_delete` | Duration of an IAVL `Store#Delete` call | ms | summary | +| `store_iavl_commit` | Duration of an IAVL `Store#Commit` call | ms | summary | +| `store_iavl_query` | Duration of an IAVL `Store#Query` call | ms | summary | diff --git a/copy-of-sdk-docs/docs/learn/advanced/10-ocap.md b/copy-of-sdk-docs/docs/learn/advanced/10-ocap.md new file mode 100644 index 00000000..62076172 --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/advanced/10-ocap.md @@ -0,0 +1,76 @@ +--- +sidebar_position: 1 +--- + +# Object-Capability Model + +## Intro + +When thinking about security, it is good to start with a specific threat model. Our threat model is the following: + +> We assume that a thriving ecosystem of Cosmos SDK modules that are easy to compose into a blockchain application will contain faulty or malicious modules. + +The Cosmos SDK is designed to address this threat by being the +foundation of an object capability system. + +> The structural properties of object capability systems favor +> modularity in code design and ensure reliable encapsulation in +> code implementation. +> +> These structural properties facilitate the analysis of some +> security properties of an object-capability program or operating +> system. Some of these — in particular, information flow properties +> — can be analyzed at the level of object references and +> connectivity, independent of any knowledge or analysis of the code +> that determines the behavior of the objects. +> +> As a consequence, these security properties can be established +> and maintained in the presence of new objects that contain unknown +> and possibly malicious code. +> +> These structural properties stem from the two rules governing +> access to existing objects: +> +> 1. An object A can send a message to B only if object A holds a +> reference to B. +> 2. An object A can obtain a reference to C only +> if object A receives a message containing a reference to C. As a +> consequence of these two rules, an object can obtain a reference +> to another object only through a preexisting chain of references. +> In short, "Only connectivity begets connectivity." + +For an introduction to object-capabilities, see this [Wikipedia article](https://en.wikipedia.org/wiki/Object-capability_model). + +## Ocaps in practice + +The idea is to only reveal what is necessary to get the work done. + +For example, the following code snippet violates the object capabilities +principle: + +```go +type AppAccount struct {...} +account := &AppAccount{ + Address: pub.Address(), + Coins: sdk.Coins{sdk.NewInt64Coin("ATM", 100)}, +} +sumValue := externalModule.ComputeSumValue(account) +``` + +The method `ComputeSumValue` implies a pure function, yet the implied +capability of accepting a pointer value is the capability to modify that +value. The preferred method signature should take a copy instead. + +```go +sumValue := externalModule.ComputeSumValue(*account) +``` + +In the Cosmos SDK, you can see the application of this principle in simapp. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/simapp/app.go +``` + +The following diagram shows the current dependencies between keepers. + +![Keeper dependencies](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/keeper_dependencies.svg) diff --git a/copy-of-sdk-docs/docs/learn/advanced/11-runtx_middleware.md b/copy-of-sdk-docs/docs/learn/advanced/11-runtx_middleware.md new file mode 100644 index 00000000..bb8c04aa --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/advanced/11-runtx_middleware.md @@ -0,0 +1,67 @@ +--- +sidebar_position: 1 +--- + +# RunTx recovery middleware + +`BaseApp.runTx()` function handles Go panics that might occur during transactions execution, for example, keeper has faced an invalid state and panicked. +Depending on the panic type different handler is used, for instance the default one prints an error log message. +Recovery middleware is used to add custom panic recovery for Cosmos SDK application developers. + +More context can found in the corresponding [ADR-022](../../build/architecture/adr-022-custom-panic-handling.md) and the implementation in [recovery.go](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/baseapp/recovery.go). + +## Interface + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/baseapp/recovery.go#L14-L17 +``` + +`recoveryObj` is a return value for `recover()` function from the `building` Go package. + +**Contract:** + +* RecoveryHandler returns `nil` if `recoveryObj` wasn't handled and should be passed to the next recovery middleware; +* RecoveryHandler returns a non-nil `error` if `recoveryObj` was handled; + +## Custom RecoveryHandler register + +`BaseApp.AddRunTxRecoveryHandler(handlers ...RecoveryHandler)` + +BaseApp method adds recovery middleware to the default recovery chain. + +## Example + +Lets assume we want to emit the "Consensus failure" chain state if some particular error occurred. + +We have a module keeper that panics: + +```go +func (k FooKeeper) Do(obj interface{}) { + if obj == nil { + // that shouldn't happen, we need to crash the app + err := errorsmod.Wrap(fooTypes.InternalError, "obj is nil") + panic(err) + } +} +``` + +By default that panic would be recovered and an error message will be printed to log. To override that behavior we should register a custom RecoveryHandler: + +```go +// Cosmos SDK application constructor +customHandler := func(recoveryObj interface{}) error { + err, ok := recoveryObj.(error) + if !ok { + return nil + } + + if fooTypes.InternalError.Is(err) { + panic(fmt.Errorf("FooKeeper did panic with error: %w", err)) + } + + return nil +} + +baseApp := baseapp.NewBaseApp(...) +baseApp.AddRunTxRecoveryHandler(customHandler) +``` diff --git a/copy-of-sdk-docs/docs/learn/advanced/12-simulation.md b/copy-of-sdk-docs/docs/learn/advanced/12-simulation.md new file mode 100644 index 00000000..709ce176 --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/advanced/12-simulation.md @@ -0,0 +1,94 @@ +--- +sidebar_position: 1 +--- + +# Cosmos Blockchain Simulator + +The Cosmos SDK offers a full fledged simulation framework to fuzz test every +message defined by a module. + +On the Cosmos SDK, this functionality is provided by [`SimApp`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/simapp/app_di.go), which is a +`Baseapp` application that is used for running the [`simulation`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/simulation) module. +This module defines all the simulation logic as well as the operations for +randomized parameters like accounts, balances etc. + +## Goals + +The blockchain simulator tests how the blockchain application would behave under +real life circumstances by generating and sending randomized messages. +The goal of this is to detect and debug failures that could halt a live chain, +by providing logs and statistics about the operations run by the simulator as +well as exporting the latest application state when a failure was found. + +Its main difference with integration testing is that the simulator app allows +you to pass parameters to customize the chain that's being simulated. +This comes in handy when trying to reproduce bugs that were generated in the +provided operations (randomized or not). + +## Simulation commands + +The simulation app has different commands, each of which tests a different +failure type: + +* `AppImportExport`: The simulator exports the initial app state and then it + creates a new app with the exported `genesis.json` as an input, checking for + inconsistencies between the stores. +* `AppSimulationAfterImport`: Queues two simulations together. The first one provides the app state (_i.e_ genesis) to the second. Useful to test software upgrades or hard-forks from a live chain. +* `AppStateDeterminism`: Checks that all the nodes return the same values, in the same order. +* `FullAppSimulation`: General simulation mode. Runs the chain and the specified operations for a given number of blocks. Tests that there're no `panics` on the simulation. + +Each simulation must receive a set of inputs (_i.e_ flags) such as the number of +blocks that the simulation is run, seed, block size, etc. +Check the full list of flags [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/simulation/client/cli/flags.go#L43-L70). + +## Simulator Modes + +In addition to the various inputs and commands, the simulator runs in three modes: + +1. Completely random where the initial state, module parameters and simulation + parameters are **pseudo-randomly generated**. +2. From a `genesis.json` file where the initial state and the module parameters are defined. + This mode is helpful for running simulations on a known state such as a live network export where a new (mostly likely breaking) version of the application needs to be tested. +3. From a `params.json` file where the initial state is pseudo-randomly generated but the module and simulation parameters can be provided manually. + This allows for a more controlled and deterministic simulation setup while allowing the state space to still be pseudo-randomly simulated. + The list of available parameters are listed [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/simulation/client/cli/flags.go#L72-L90). + +:::tip +These modes are not mutually exclusive. So you can for example run a randomly +generated genesis state (`1`) with manually generated simulation params (`3`). +::: + +## Usage + +This is a general example of how simulations are run. For more specific examples +check the Cosmos SDK [Makefile](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/Makefile#L285-L320). + +```bash + $ go test -mod=readonly github.com/cosmos/cosmos-sdk/simapp \ + -run=TestApp \ + ... + -v -timeout 24h +``` + +## Debugging Tips + +Here are some suggestions when encountering a simulation failure: + +* Export the app state at the height where the failure was found. You can do this + by passing the `-ExportStatePath` flag to the simulator. +* Use `-Verbose` logs. They could give you a better hint on all the operations + involved. +* Try using another `-Seed`. If it can reproduce the same error and if it fails + sooner, you will spend less time running the simulations. +* Reduce the `-NumBlocks` . How's the app state at the height previous to the + failure? +* Try adding logs to operations that are not logged. You will have to define a + [Logger](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/staking/keeper/keeper.go#L77-L81) on your `Keeper`. + +## Use simulation in your Cosmos SDK-based application + +Learn how you can build the simulation into your Cosmos SDK-based application: + +* Application Simulation Manager +* [Building modules: Simulator](../../build/building-modules/14-simulator.md) +* Simulator tests diff --git a/copy-of-sdk-docs/docs/learn/advanced/13-proto-docs.md b/copy-of-sdk-docs/docs/learn/advanced/13-proto-docs.md new file mode 100644 index 00000000..6c857446 --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/advanced/13-proto-docs.md @@ -0,0 +1,7 @@ +--- +sidebar_position: 1 +--- + +# Protobuf Documentation + +See [Cosmos SDK Buf Proto-docs](https://buf.build/cosmos/cosmos-sdk/docs/main) diff --git a/copy-of-sdk-docs/docs/learn/advanced/15-upgrade.md b/copy-of-sdk-docs/docs/learn/advanced/15-upgrade.md new file mode 100644 index 00000000..e2332bd1 --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/advanced/15-upgrade.md @@ -0,0 +1,162 @@ +--- +sidebar_position: 1 +--- + +# In-Place Store Migrations + +:::warning +Read and understand all the in-place store migration documentation before you run a migration on a live chain. +::: + +:::note Synopsis +Upgrade your app modules smoothly with custom in-place store migration logic. +::: + +The Cosmos SDK uses two methods to perform upgrades: + +* Exporting the entire application state to a JSON file using the `export` CLI command, making changes, and then starting a new binary with the changed JSON file as the genesis file. + +* Perform upgrades in place, which significantly decrease the upgrade time for chains with a larger state. Use the [Module Upgrade Guide](../../build/building-modules/13-upgrade.md) to set up your application modules to take advantage of in-place upgrades. + +This document provides steps to use the In-Place Store Migrations upgrade method. + +## Tracking Module Versions + +Each module gets assigned a consensus version by the module developer. The consensus version serves as the breaking change version of the module. The Cosmos SDK keeps track of all module consensus versions in the x/upgrade `VersionMap` store. During an upgrade, the difference between the old `VersionMap` stored in state and the new `VersionMap` is calculated by the Cosmos SDK. For each identified difference, the module-specific migrations are run and the respective consensus version of each upgraded module is incremented. + +### Consensus Version + +The consensus version is defined on each app module by the module developer and serves as the breaking change version of the module. The consensus version informs the Cosmos SDK on which modules need to be upgraded. For example, if the bank module was version 2 and an upgrade introduces bank module 3, the Cosmos SDK upgrades the bank module and runs the "version 2 to 3" migration script. + +### Version Map + +The version map is a mapping of module names to consensus versions. The map is persisted to x/upgrade's state for use during in-place migrations. When migrations finish, the updated version map is persisted in the state. + +## Upgrade Handlers + +Upgrades use an `UpgradeHandler` to facilitate migrations. The `UpgradeHandler` functions implemented by the app developer must conform to the following function signature. These functions retrieve the `VersionMap` from x/upgrade's state and return the new `VersionMap` to be stored in x/upgrade after the upgrade. The diff between the two `VersionMap`s determines which modules need upgrading. + +```go +type UpgradeHandler func(ctx sdk.Context, plan Plan, fromVM VersionMap) (VersionMap, error) +``` + +Inside these functions, you must perform any upgrade logic to include in the provided `plan`. All upgrade handler functions must end with the following line of code: + +```go + return app.mm.RunMigrations(ctx, cfg, fromVM) +``` + +## Running Migrations + +Migrations are run inside of an `UpgradeHandler` using `app.mm.RunMigrations(ctx, cfg, vm)`. The `UpgradeHandler` functions describe the functionality to occur during an upgrade. The `RunMigration` function loops through the `VersionMap` argument and runs the migration scripts for all versions that are less than the versions of the new binary app module. After the migrations are finished, a new `VersionMap` is returned to persist the upgraded module versions to state. + +```go +cfg := module.NewConfigurator(...) +app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + + // ... + // additional upgrade logic + // ... + + // returns a VersionMap with the updated module ConsensusVersions + return app.mm.RunMigrations(ctx, fromVM) +}) +``` + +To learn more about configuring migration scripts for your modules, see the [Module Upgrade Guide](../../build/building-modules/13-upgrade.md). + +### Order Of Migrations + +By default, all migrations are run in module name alphabetical ascending order, except `x/auth` which is run last. The reason is state dependencies between x/auth and other modules (you can read more in [issue #10606](https://github.com/cosmos/cosmos-sdk/issues/10606)). + +If you want to change the order of migration, then you should call `app.mm.SetOrderMigrations(module1, module2, ...)` in your app.go file. The function will panic if you forget to include a module in the argument list. + +## Adding New Modules During Upgrades + +You can introduce entirely new modules to the application during an upgrade. New modules are recognized because they have not yet been registered in `x/upgrade`'s `VersionMap` store. In this case, `RunMigrations` calls the `InitGenesis` function from the corresponding module to set up its initial state. + +### Add StoreUpgrades for New Modules + +All chains preparing to run in-place store migrations will need to manually add store upgrades for new modules and then configure the store loader to apply those upgrades. This ensures that the new module's stores are added to the multistore before the migrations begin. + +```go +upgradeInfo, err := app.UpgradeKeeper.ReadUpgradeInfoFromDisk() +if err != nil { + panic(err) +} + +if upgradeInfo.Name == "my-plan" && !app.UpgradeKeeper.IsSkipHeight(upgradeInfo.Height) { + storeUpgrades := storetypes.StoreUpgrades{ + // add store upgrades for new modules + // Example: + // Added: []string{"foo", "bar"}, + // ... + } + + // configure store loader that checks if version == upgradeHeight and applies store upgrades + app.SetStoreLoader(upgradetypes.UpgradeStoreLoader(upgradeInfo.Height, &storeUpgrades)) +} +``` + +## Genesis State + +When starting a new chain, the consensus version of each module MUST be saved to state during the application's genesis. To save the consensus version, add the following line to the `InitChainer` method in `app.go`: + +```diff +func (app *MyApp) InitChainer(ctx sdk.Context, req abci.InitChainRequest) abci.InitChainResponse { + ... ++ app.UpgradeKeeper.SetModuleVersionMap(ctx, app.mm.GetVersionMap()) + ... +} +``` + +This information is used by the Cosmos SDK to detect when modules with newer versions are introduced to the app. + +For a new module `foo`, `InitGenesis` is called by `RunMigration` only when `foo` is registered in the module manager but it's not set in the `fromVM`. Therefore, if you want to skip `InitGenesis` when a new module is added to the app, then you should set its module version in `fromVM` to the module consensus version: + +```go +app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + // ... + + // Set foo's version to the latest ConsensusVersion in the VersionMap. + // This will skip running InitGenesis on Foo + fromVM[foo.ModuleName] = foo.AppModule{}.ConsensusVersion() + + return app.mm.RunMigrations(ctx, fromVM) +}) +``` + +### Overwriting Genesis Functions + +The Cosmos SDK offers modules that the application developer can import in their app. These modules often have an `InitGenesis` function already defined. + +You can write your own `InitGenesis` function for an imported module. To do this, manually trigger your custom genesis function in the upgrade handler. + +:::warning +You MUST manually set the consensus version in the version map passed to the `UpgradeHandler` function. Without this, the SDK will run the Module's existing `InitGenesis` code even if you triggered your custom function in the `UpgradeHandler`. +::: + +```go +import foo "github.com/my/module/foo" + +app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + + // Register the consensus version in the version map + // to avoid the SDK from triggering the default + // InitGenesis function. + fromVM["foo"] = foo.AppModule{}.ConsensusVersion() + + // Run custom InitGenesis for foo + app.mm["foo"].InitGenesis(ctx, app.appCodec, myCustomGenesisState) + + return app.mm.RunMigrations(ctx, cfg, fromVM) +}) +``` + +## Syncing a Full Node to an Upgraded Blockchain + +You can sync a full node to an existing blockchain which has been upgraded using Cosmovisor + +To successfully sync, you must start with the initial binary that the blockchain started with at genesis. If all Software Upgrade Plans contain binary instruction, then you can run Cosmovisor with auto-download option to automatically handle downloading and switching to the binaries associated with each sequential upgrade. Otherwise, you need to manually provide all binaries to Cosmovisor. + +To learn more about Cosmovisor, see the [Cosmovisor Quick Start](../../../../tools/cosmovisor/README.md). diff --git a/copy-of-sdk-docs/docs/learn/advanced/16-config.md b/copy-of-sdk-docs/docs/learn/advanced/16-config.md new file mode 100644 index 00000000..03aa55a2 --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/advanced/16-config.md @@ -0,0 +1,24 @@ +--- +sidebar_position: 1 +--- + +# Configuration + +This documentation refers to the app.toml, if you'd like to read about the config.toml please visit [CometBFT docs](https://docs.cometbft.com/v0.37/). + + +```python reference +https://github.com/cosmos/cosmos-sdk/blob/main/tools/confix/data/v0.47-app.toml +``` + +## inter-block-cache + +This feature will consume more ram than a normal node, if enabled. + +## iavl-cache-size + +Using this feature will increase ram consumption + +## iavl-lazy-loading + +This feature is to be used for archive nodes, allowing them to have a faster start up time. diff --git a/copy-of-sdk-docs/docs/learn/advanced/17-autocli.md b/copy-of-sdk-docs/docs/learn/advanced/17-autocli.md new file mode 100644 index 00000000..41688309 --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/advanced/17-autocli.md @@ -0,0 +1,258 @@ +--- +sidebar_position: 1 +--- + +# AutoCLI + +:::note Synopsis +This document details how to build CLI and REST interfaces for a module. Examples from various Cosmos SDK modules are included. +::: + +:::note Pre-requisite Readings + +* [CLI](https://docs.cosmos.network/main/core/cli) + +::: + +The `autocli` (also known as `client/v2`) package is a [Go library](https://pkg.go.dev/cosmossdk.io/client/v2/autocli) for generating CLI (command line interface) interfaces for Cosmos SDK-based applications. It provides a simple way to add CLI commands to your application by generating them automatically based on your gRPC service definitions. Autocli generates CLI commands and flags directly from your protobuf messages, including options, input parameters, and output parameters. This means that you can easily add a CLI interface to your application without having to manually create and manage commands. + +## Overview + +`autocli` generates CLI commands and flags for each method defined in your gRPC service. By default, it generates commands for each gRPC services. The commands are named based on the name of the service method. + +For example, given the following protobuf definition for a service: + +```protobuf +service MyService { + rpc MyMethod(MyRequest) returns (MyResponse) {} +} +``` + +For instance, `autocli` would generate a command named `my-method` for the `MyMethod` method. The command will have flags for each field in the `MyRequest` message. + +It is possible to customize the generation of transactions and queries by defining options for each service. + +## Application Wiring + +Here are the steps to use AutoCLI: + +1. Ensure your app's modules implements the `appmodule.AppModule` interface. +2. (optional) Configure how behave `autocli` command generation, by implementing the `func (am AppModule) AutoCLIOptions() *autocliv1.ModuleOptions` method on the module. +3. Use the `autocli.AppOptions` struct to specify the modules you defined. If you are using `depinject`, it can automatically create an instance of `autocli.AppOptions` based on your app's configuration. +4. Use the `EnhanceRootCommand()` method provided by `autocli` to add the CLI commands for the specified modules to your root command. + +:::tip +AutoCLI is additive only, meaning _enhancing_ the root command will only add subcommands that are not already registered. This means that you can use AutoCLI alongside other custom commands within your app. +::: + +Here's an example of how to use `autocli` in your app: + +``` go +// Define your app's modules +testModules := map[string]appmodule.AppModule{ + "testModule": &TestModule{}, +} + +// Define the autocli AppOptions +autoCliOpts := autocli.AppOptions{ + Modules: testModules, +} + +// Create the root command +rootCmd := &cobra.Command{ + Use: "app", +} + +if err := appOptions.EnhanceRootCommand(rootCmd); err != nil { + return err +} + +// Run the root command +if err := rootCmd.Execute(); err != nil { + return err +} +``` + +### Keyring + +`autocli` uses a keyring for key name resolving names and signing transactions. + +:::tip +AutoCLI provides a better UX than normal CLI as it allows to resolve key names directly from the keyring in all transactions and commands. + +```sh + q bank balances alice + tx bank send alice bob 1000denom +``` + +::: + +The keyring used for resolving names and signing transactions is provided via the `client.Context`. +The keyring is then converted to the `client/v2/autocli/keyring` interface. +If no keyring is provided, the `autocli` generated command will not be able to sign transactions, but will still be able to query the chain. + +:::tip +The Cosmos SDK keyring implements the `client/v2/autocli/keyring` interface, thanks to the following wrapper: + +```go +keyring.NewAutoCLIKeyring(kb) +``` + +::: + +## Signing + +`autocli` supports signing transactions with the keyring. +The [`cosmos.msg.v1.signer` protobuf annotation](https://docs.cosmos.network/main/build/building-modules/protobuf-annotations) defines the signer field of the message. +This field is automatically filled when using the `--from` flag or defining the signer as a positional argument. + +:::warning +AutoCLI currently supports only one signer per transaction. +::: + +## Module wiring & Customization + +The `AutoCLIOptions()` method on your module allows to specify custom commands, sub-commands or flags for each service, as it was a `cobra.Command` instance, within the `RpcCommandOptions` struct. Defining such options will customize the behavior of the `autocli` command generation, which by default generates a command for each method in your gRPC service. + +```go +*autocliv1.RpcCommandOptions{ + RpcMethod: "Params", // The name of the gRPC service + Use: "params", // Command usage that is displayed in the help + Short: "Query the parameters of the governance process", // Short description of the command + Long: "Query the parameters of the governance process. Specify specific param types (voting|tallying|deposit) to filter results.", // Long description of the command + PositionalArgs: []*autocliv1.PositionalArgDescriptor{ + {ProtoField: "params_type", Optional: true}, // Transform a flag into a positional argument + }, +} +``` + +:::tip +AutoCLI can create a gov proposal of any tx by simply setting the `GovProposal` field to `true` in the `autocli.RpcCommandOptions` struct. +Users can however use the `--no-proposal` flag to disable the proposal creation (which is useful if the authority isn't the gov module on a chain). +::: + +### Specifying Subcommands + +By default, `autocli` generates a command for each method in your gRPC service. However, you can specify subcommands to group related commands together. To specify subcommands, use the `autocliv1.ServiceCommandDescriptor` struct. + +This example shows how to use the `autocliv1.ServiceCommandDescriptor` struct to group related commands together and specify subcommands in your gRPC service by defining an instance of `autocliv1.ModuleOptions` in your `autocli.go`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-beta.0/x/gov/autocli.go#L94-L97 +``` + +### Positional Arguments + +By default `autocli` generates a flag for each field in your protobuf message. However, you can choose to use positional arguments instead of flags for certain fields. + +To add positional arguments to a command, use the `autocliv1.PositionalArgDescriptor` struct, as seen in the example below. Specify the `ProtoField` parameter, which is the name of the protobuf field that should be used as the positional argument. In addition, if the parameter is a variable-length argument, you can specify the `Varargs` parameter as `true`. This can only be applied to the last positional parameter, and the `ProtoField` must be a repeated field. + +Here's an example of how to define a positional argument for the `Account` method of the `auth` service: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-beta.0/x/auth/autocli.go#L25-L30 +``` + +Then the command can be used as follows, instead of having to specify the `--address` flag: + +```bash + query auth account cosmos1abcd...xyz +``` + +#### Flattened Fields in Positional Arguments + +AutoCLI also supports flattening nested message fields as positional arguments. This means you can access nested fields +using dot notation in the `ProtoField` parameter. This is particularly useful when you want to directly set nested +message fields as positional arguments. + +For example, if you have a nested message structure like this: + +```protobuf +message Permissions { + string level = 1; + repeated string limit_type_urls = 2; +} + +message MsgAuthorizeCircuitBreaker { + string grantee = 1; + Permissions permissions = 2; +} +``` + +You can flatten the fields in your AutoCLI configuration: + +```go +{ + RpcMethod: "AuthorizeCircuitBreaker", + Use: "authorize ", + PositionalArgs: []*autocliv1.PositionalArgDescriptor{ + {ProtoField: "grantee"}, + {ProtoField: "permissions.level"}, + {ProtoField: "permissions.limit_type_urls"}, + }, +} +``` + +This allows users to provide values for nested fields directly as positional arguments: + +```bash + tx circuit authorize cosmos1... super-admin "/cosmos.bank.v1beta1.MsgSend,/cosmos.bank.v1beta1.MsgMultiSend" +``` + +Instead of having to provide a complex JSON structure for nested fields, flattening makes the CLI more user-friendly by allowing direct access to nested fields. + +#### Customising Flag Names + +By default, `autocli` generates flag names based on the names of the fields in your protobuf message. However, you can customise the flag names by providing a `FlagOptions`. This parameter allows you to specify custom names for flags based on the names of the message fields. + +For example, if you have a message with the fields `test` and `test1`, you can use the following naming options to customise the flags: + +``` go +autocliv1.RpcCommandOptions{ + FlagOptions: map[string]*autocliv1.FlagOptions{ + "test": { Name: "custom_name", }, + "test1": { Name: "other_name", }, + }, +} +``` + +`FlagsOptions` is defined like sub commands in the `AutoCLIOptions()` method on your module. + +### Combining AutoCLI with Other Commands Within A Module + +AutoCLI can be used alongside other commands within a module. For example, the `gov` module uses AutoCLI to generate commands for the `query` subcommand, but also defines custom commands for the `proposer` subcommands. + +In order to enable this behavior, set in `AutoCLIOptions()` the `EnhanceCustomCommand` field to `true`, for the command type (queries and/or transactions) you want to enhance. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/fa4d87ef7e6d87aaccc94c337ffd2fe90fcb7a9d/x/gov/autocli.go#L98 +``` + +If not set to true, `AutoCLI` will not generate commands for the module if there are already commands registered for the module (when `GetTxCmd()` or `GetTxCmd()` are defined). + +### Skip a command + +AutoCLI automatically skips unsupported commands when [`cosmos_proto.method_added_in` protobuf annotation](https://docs.cosmos.network/main/build/building-modules/protobuf-annotations) is present. + +Additionally, a command can be manually skipped using the `autocliv1.RpcCommandOptions`: + +```go +*autocliv1.RpcCommandOptions{ + RpcMethod: "Params", // The name of the gRPC service + Skip: true, +} +``` + +### Use AutoCLI for non module commands + +It is possible to use `AutoCLI` for non module commands. The trick is still to implement the `appmodule.Module` interface and append it to the `appOptions.ModuleOptions` map. + +For example, here is how the SDK does it for `cometbft` gRPC commands: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/client/v2.0.0-beta.1/client/grpc/cmtservice/autocli.go#L52-L71 +``` + +## Summary + +`autocli` lets you generate CLI for your Cosmos SDK-based applications without any cobra boilerplate. It allows you to easily generate CLI commands and flags from your protobuf messages, and provides many options for customising the behavior of your CLI application. diff --git a/copy-of-sdk-docs/docs/learn/advanced/_category_.json b/copy-of-sdk-docs/docs/learn/advanced/_category_.json new file mode 100644 index 00000000..a49201e6 --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/advanced/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Advanced", + "position": 3, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/docs/learn/advanced/baseapp_state-begin_block.png b/copy-of-sdk-docs/docs/learn/advanced/baseapp_state-begin_block.png new file mode 100644 index 0000000000000000000000000000000000000000..745d4a5a971292bb0346c35893b42ebfbcdc206e GIT binary patch literal 20565 zcmd@6WmHw)_s5SOT1t>oKnbP0kwyXOls^@mAbnmtInrrSg=X%fAB3eUDo)C`;4+H`cDk{iofk5bB;P(%Y zuz|Kwc!>%Gq5~<)zR~tI+0VxLLe@?3iQ7OH`t2Lbw>%a+5;={2I?Zq>qb)4UzcMqTUgc(sw|^lU@i-m}r2F)d?D!dQ|5HQrK_9|8 z>_gzDV-qon_vBIbSY!wbf6Q+?*LdJo{Ibf;rcZ_+E`Xc-DzbBm@w#f!@xZ(i=%b!@ zpzty=NpF!JT}xKT)oXYEMs?t-D~8-0I9}I}e^;@EoEnQKnxTeY9Qv}qLGLuc1CRR5 z|4Bht02~cOMc@>}Ml1(B?i-6fM8e2?@FMB`;QzO;OWyEFkIRI3q3c2_QHz98?fDh1 zB#qntVH<M47WREX5ZenxMVdFUDUgRj&DsTh$mM_lddu3jm2Z!9%eH&|<=JDG|I;}qYaCW>J zNo{?U=LY35?_jChyd05IYzxk|?m4yAloVEadc3kS0|Ez}?{R(@7*xg5;6 zGiIBJqtz5b(GXtL>$W$YyPr&mZ=+O7zn*V=C2Z9dL-ew2dH%E7;j~W9K!&Q)tN))c>V zFpv{pYJFHJIA;FKQ^aT2=gp0LZlIE+QI*1Q&aG+*mKR@0jinQ+c&xT;!ft#rkR|)- zZu<9$xN|cOPI=mOPQL0zRK7xr;pdQxI{R3um>`_C#0wpJGVwl31)@hY=t>TgT+IAM z+{qKg;{!vP!q(FVMAkjOaI4quh!~vaaK6Kzcs;*9=I>9ENM%r5%W()R#wC^S+fc;+ zC0K6U!gjKyp1j^0@?~cnHV`>4GyrAv_|^7Zly$UXI6HF?+D-j^pWd5Uo33-JKsj}z zFX`1-z9OmpY;^%97FIVI#F*@fq|5A{kKN_FF2FZ}Z<#44;DvF^NIhqxHk;7sr@bc) zrb%F7=Yg*+V%F{>=QhbgXBY51=Qw63e!|OJK>*;)hBg-L{yGQb9@0=G~83pG( zlWz{%Oj|`Ri%-knYhI6-a&kZA;J~2L6Xu?__1O4){}nL z5mq}d2`Ju~H7dMW-HN9^K0hHET;mRg-MlY!FD)wS)%>~D?Xhv`BVV9+XukEGPITaN zVgX;FCI60~WigtYnbqJ}Lp5YgA-!=wFF%;Y_)BJ$#~I(x5~FhG_X#6+`!f&ua(~64 zw_#uSu0CKu&sXJ#8uaJqU;#scEAe=<^aj=2oA7qV?M)dimCT*S9jaFR=%ift)rp(eBB$fS?shskDT84gbnHK znp74|3wym)!d2s>)g6xD229JT@49||^_C+FQtta$7}y9Zfk5z7#p0{}|`5 zFDxl~LQXTxJL6JZZTHtTaa0l-2&ZKRK}Uf^8`XKmj1ZNIOyEl}e|4>pBYwrGesBwY z?M70paqpBa=2FrOZmKeB4OHCXPU9MpdiZv_H)&FtF_hM-o#S_HFk9`F%@GjN`YR0~ z;7NSGzsxA}>6|aG_v|ug?n}4(!2+d6b{TkjFqXTOwaBS8p4!>Y=2} z!9x3vOYjyWq^~3y!g;xsGr1@ZM#f5$ha%;+wzPJ66E2N!*3sI)L-QPvyq#81xkiizguFHSXS#0__Gj*($6O|vhXrtAl zs&~?{JHO&|wRz*RQHIT#@7-%MhJd`;5p`=7Pv#8xBQcn|QH|Saz0lKQWAU&%o?va1 z3UmLvU{Jg$sXs7f&sOie^eBQ8{-|lX0@{&MLK&+ad;fjtDXTTA`l`oWqt=};^=zTl z@BLQ%9pP|h z8n5k6DK8$Av|Gq7p9>Si6-G;5u8w~7OaJ*yl>wU&0kqmH16g+XyH{+pJ~ucq)>eIx zNdB?n(U%B553@?EK|N^`_V=UPsezz&*m6z+_xWC8zr=ih0LptXJPCuLliwf?L8dp- zhuSRZyL2wY)acJ(&ppklGvdk>WB2%UCNzRiyj*+usQ-3tkgwcPBW)eZp!iamIgV$F z9By~kbSAu_LOEI(rtPpGdirXmNhY`dhj;uhi7w={-Mp%6NLjjsVoor9Q}c9jLltI9 z`J{%fDy{87r>;zoa=(L@5n^6)-usBNZvr)EiU$j3Kg}^a4zBRP_iHi$TPlh+`=qKo za(0^g>)$Xi_M_L#GU)rBVg1{82q&xiMfkFUUyTjMY>j!!^E=N9zaCf|HCshW8N-_o zy-G1(idCBs6-FGEO|=4T^^`(C#i=O}KZ?d@436JjHQlrZ-^~W^=YNe)~G#?5A7Ymsf%!l^+j}<<}ReQ~f_rFJe{Nh(%H5fd)9R1U2 zqao`mU;C`F&^h$5{WB+tfE|2fz?)CHub~7kEHR9 zinelv0=Dja-Jwrf@R>|Lr#bzr^@LbaSwGjA!eC=gTm*#(+_Tk<_%P0&QYg_VumD4DrTQw2sXB9 zSLmwmHqSGV_4FiUzdGC1gJv}xD}M0jj0%PM#+@XKZ%ng+c5*v6L`M7T_0>x-OFcD1cs?LsQHB%jAw}7nL7)W7f zGLJ3HqIhy+?>B^I{C&(b%WH8u-rFtc@3$`Nqv_4TtpXvtQPGodCj-7*?H|iVfXz){ zpJ|<2&#!;^n@TPr4Pk1}oH?{qNTx(nx>qe8?q(9k>gF=}>`_HqjB^c2ZaYGLVd5F| z-w7Ob^pv#AUXfE{MdZX@<#@*t%yI>x^k5z2B~(w->z<*hb?G2Wagb;rFu^lUtffHZ zw>D~tDesp_+gas*zU^_hY5Nj#w}V4D{xni;hn4>p+d`iBb-kR3~5wd*A=# zTs7aK69yH$U^oBlF-_E(WgpOL;XqPmRo@c;alpzm3DlVIT(9|m(icr=JQNqXqyNQ3gv8* zpq(1PQ+ei_aTWXne`b*%N@xC-aOE4h=LfHH@R@>gz5>CK+Si}UmImmqIE=y! z2cP%>8_9eIaap(wWLc%?r4kDsm%KU|!%7`NjJJfWg)A$&4!LhFd2VY-UGys2YpnR~ z2zVEc+U)Q3yWgMEj{R++tPVk8Q;vN@5EvoVc)HAuDVu#;j9v%yEChIop1~F(l%7?h zgQ~iYM{9idG)~am?*W(oVZiC3HYYzuEnPw}Vc-onv4Ou2>;uUo1+T!Uuj@krX0n-| z`22^|PQ-#LA6i^a3^Bmjy~8jskD_OK7H3n&o0%gQ)b%!-g-!$;1a{g(AIX|^5!K>J zjHTk&vhPkHCZax5p>T=A%X-uF^U<~mB1tQb>+a=p&PhWr7;BJde-D<=&x5mLosClU zbL5`hR;oMI;PVUZPqsON)8>$XR`44p$P#z|d-0W>TFO;7%{nG*0tlMSh{VlXJB|Hm zQ(72vP9Mw3c6ky;?!I8TB!_A=DKkt;Ef=cgvX$)R=-rRR?abHiKi2x@Yw+sV^%=YM z);Gzz|n0`+8Bo za(B{+%gNA3kmr+isYj9ISfLY!L5oAtg3of$mLvTS9b;DG#+SJk)j_>B7@ra!gqNT5 zo>8zGX;BII%g0c#GU7 z;r^{16sGz>m`jqZfej{)NOHH)K4?N2RBc+1qms<3SJ*$Ns(%RQ?yG$fsS6F)hX@DQ-s&y7u?Go(Vu4jeKR=w^k)%wb!`#^^n)%caNtXg{Y>V z$H}b6y`RC2R(Ff2@W4nf1-$8}lS;tc<6Nt}tCa&MC@Ox<-E5vIb>z{}QlknQWt~H2 z^x04U%*}$Vtz|o@ANHyq4;VP-NPJs$YK@F4R8&>9;e~pNjnh!ec#FTi<%@2I2(Ps5 z@gC>9%gI!1q$#WBJ5gOWHhxJ_2q;?dy!~_8)_wJbVbhaj)i`LWZ6<1NEl_RoCk1cD za?n*n70Gg=n+zh7BW1r7))$K9Xr&U#gf49uO9+$PrN8Z72zcl+vv~1M3Ir}1=#I-I z^O3afzchD08<867C9f28{b_jewdW=xg7Zy*2{6rieLxT=gorGY|8hC~d369nVE;0; zggdsAma7P$6FU*iZqo*_WKs!18bAYNVz*Ey*#nhSxL@S+?CavG z+>Fb935!9Yfp5+ag?I#mcA>wy)q`>FVO+CT7WJ1cTHU+VUMNvYe*brNx09h^i*eL{ ze}5feFl`M#_D(T0&#*(SCWKn57}Wi;k}&(k0iKld4<~uq3O>Ai1iok_TIB?vV*9*= zl{o@m16TCUT@#hw3oJdkN!@H;F1UdlvqbIB)hkvNz!yi!T~0DS6M0dYwCAFrb=@xzYt-iM-e;ScF7Bo zWfq$SsJDATJZWP+%(i+HFiW}QLW=iVRjj>ux{*Xs1I`a?_JI)`Vp5~hECOSMB3IUZ zr~Xqn+!u2-ohl^@>*YC5q(j{h`1Dx^0#rXG9zz&g4qJb(b7f08nz0A|e9`7Q0kVwP z6LrhEqWrxbOxX4)oOi>rH=N+$)e5LI>BQufWWP?+xcI5-pUvnt$b&9@YL&qa0-oB- zC&8H@m13Z)5}@w;*{NTzIj-t6qT=Ws%X85i+006kIXc%I&Vz0fewgC4k5YtzMyH=X z$^n57TcNVH9*E5C&-&W3xj7v>@QO0$3-024-_a&G-*VFeUG`HXCtOzM!|tcxAF~0$ z({r0&LpMKiTJ*cVB4G=g-c2CwjaQ!jC<<9%*Y5?@jMY)4B|OJ(s~x|({Y5!9DE^_D z*@%;@`mUq;ljE4ZM6K()kSrQB^;`+PUfzT%9-LTzS(s9Qb9)B`A*M}^|1PEC#qZAQ z!0xx{qSi^cIc;7jSm4RN9`vpti)5lPrxtIQL&S90@w(Q$lg)s#dP53U_M?3&o?1BH ze`sv1{^F5{->xtQIGzf#KT7j%H&HDoKmI8<`1(z& zsDB@l?1SNSib##FQW4kC=H_$1f}p05yQx+JPwf$%nPUZBTa}n>*|*ES_ffNJKN-yU z4URXMq=OuC)!vHZ@jlL^7)iQ6d8-1M+y~ch^nN#0nlh^B+gT1y`nzaI?ejgN?1&eP z#Pwa}Gk6l1Dd;1~3hV=z$Nb_kCoxx1Q>5wzo#Xpm`7OZNZLVT#;&VV4NQk5{2r_k$yw z4OxCb_H~WT6>7(<@cOVWa!l&rc-Fg|xHd8Ltkz|in`xg3}q~LPHp{KmBb-HSB4hkW(ehgoTW9+fDCUm$1yLcOrD`njK07Z zrP#F>YvqA?ajYeXCutr7!8n3lCl$tc{4qF9#GF*shVa0CNnXeXe~_ZGTmI=t)npX! zdiJ>gpN~9Y8zHyXHMOia8CQ8%kX{N8lk~axe8)+xF*@J8s+aGB?++YzrjN2U24NAL z)HhotrpP$l5YWpqYxY~Qj_&AmGiKq{$Mp@A?z{o2mwKQgXts+6XPNk04 zJJHN`PY!T=hIaBSzh0lmNDCcmsv>dJ61)GC7wzDJ-+Mr(e8K0u2N4N4sBOMei~gNf zmQgqOsqqOAj}9b_zI>NgP5y{WGVr3|6}ui6Oov`sMSN--M~b)fN!6DWwrusDR^h>k zkd<~5`-R#@h*6s!kkAZCFW>r=ZdRRA=6lU!L&c`qwaSgildsLU;x0DlUD}{jbprz( zSg4I|h{!GPlxB&H`QWPteJ8JFsnRD8cktV7Z9pO@&5erqBjuCApq8P%75~Rp*W$07 zQ|o!Ev%p_4lF)`|hjCo$T1)NWI@TaZ5^|->Z*JyQJeD8doVcyi5PVnie5SR#nFWV? z*33jJ4TZb3c}Yf;&sW-7Zq#T;SE8DZ{!j(s4I{2xC~{_8pR0A|QQt*FxDFjbH{?_k z`Bu6Hzu>ZkL|5A!qh}qbayYh=TxiZkj%T*jkiea0r}NE^=t#xZ#UH2Umj)B3M#N%V zsC~sdlzjxoC1r9iWv|>Uc|lH9%VT;wYZ}yvsjzO?O%-;wf3kH3e9ZSwM$3gpMOvFrZ+UiRg z)M%-X(sdD^qHDbSvFj&h)hJM<^`V~`YM%S?GrN0VO9i`tOJd9)_RJaqS8IL-yneNA z-N$aofV+X;C%P&xUYYLAaY+<%!t(o}{q0PG1Ps+b&`^Ab@5~;*Gpnm94dxxL&6Xqc zKBK421U=&!M*jxvF9u3oba~cSIod^HaYM~J#In}06KQU)qrSjRrrX(^=So9N{`z9s zNw>pF#li5oS7teR-U9}vIf5hKrV!sLs_oKJ#Dr zlQf>MUo~d4VzB?(|CjU$`14)^;TPk^Kwg!cGR0*1{w+>N>#ORr4!ra~993wDxmx>I z1~oSE{h%wYm(|^i$V&{wrNg04(KlSKBH}2~y*tjWhio^FE&&2V zqJ{;sJH#^^B=!k=`S)jE-HRq2O_@~E2PV5{{|D+pE{CTE!Xg91+cT z<#SB(M0@xWpDXnB?#vkJO^2m|g1VYN8XF)WQueuG#zcqn`-m4RGb%iYcy-B49lSQ3 zA^leilk&s#bDO`WKh|NcoXCI9{kKsTr(MWBd3P#UI>@raZ^OrKSmlhyVC^96c@;-o z6A^)RL5g;OYy~~VoBBTD9ZbhME^fymy-~ULnuEFR_9#9K5BvzitySE3rC!9Ca`F0N zb&p=+A;`IqGl@Nw>!Y7;R_SkeLCg#j2e>@PDF@6HLIEcJZlw$6%A}>L>FIvdx-Ek> z$fH|AQ#U|aPgh_w@61H}+>GH*kS_|`-R#EZg!;Fv#%)eKz4Jgf|d zR+V-x2l&E-{^|;OhKv6Gx}HXPtY2u0iJv5qupLXpm02-TE*?au!SVFd6k# z{SCvz<;e(pcx(ca3w@InhbWlsqDbKhlTEDU?&O&`?dPKDZDiZSJ($b1fq^LBcSY*w zL09@;x`H@592M>I%@IpW42ay+vYmnhl{x7x8rTSw%5Pd_^D>0TI8Dc)ISmLITWCFCQ_&7Pe+bEBRd z&Q|Pb;#wrk6El7V={-XoZ*Rsz`Ml;HtU7)4a!;-i@gC)5?TrI8`JRVHS@wdnAN>Lr=;H=&Q5V# zj~u9G%#3f+9BlhnOAQvj#76|WL{EjHr~OsGJt~_(4O~aGvzHde^T%6UHAyKMec%kS zTXTGYteXGAY6q8b5q3HB@PBMN|9$&L9xaYWzg|hV!dB8qF~a=mYqR)U*Q>XzI^To8 zkfw}_b};pAdb>^wt?$;cI=^)EgGX|TUT&u5W~-X)F}DMiZ(`q>F{F z1k{v6sXhlxKLbkQbwFNiEK~L~0H`iEPpge+V_6si|DQ$^X4lvXl*Hcx<0=0-wbBCI zzvNhCTY}D820TM0L0Z7r6ex**1#08d8jeQ*5y5#_H_opUmZmFh&R!@_mr-5;l*E7k zGsO=NJPO@FJk}j0G1x~$GyD$by;H#?R<~F9wj-voDa7d2iY1C|A z`T&&vrOGeXeo-&KV9DBOXcjw^TQn^4!8^KTgZLF0!$p+M*{29ngtY%-GeTHg;Q zNOlt*_wg-2`JycS1nWicXL=MKoYQn zA{BrJr#n|wYv#Bp!!Y$fKIA_V1oSwmLl^WoMk+JEa#LNfj_W_T1pOa60($=PUqcom zq-Z{v>)>Gg9}t4s4A>a$wd}u!65O13V&Miu7Y6Te6OLu+*Cj{bWoUL}n(t;1Hd zneu?CeA8eF!^?hxS?{G9d`z?M!ME4FrM!>Z>3=i*Z-~ag5am+GG?8k7wZ4DipG8p1 z{%?My$)j}e{ycvg+F9^#Am3E~8}~nmM_fBEKZ@gNlF&;&Jy{OOBxzFBOD$Ddgs*-o zjduc>#!RDpheO@}fjA}70<5k&vd%Gm%P*m7vcpk*K`)`&vQWAA)Tew;Sn?_h>LdS~ zSm1i%Ch|W_FYoTd*yocSA8wr#_6`ge>{>c>7oN%QNBr+9>04b;Da8~AGeqP;EVz`k zvqf(vW)X}wp*b$1BPL47J=TwM+1Vjj zzs>C4|K|t)gOe(!INjMD;4q@M*EiaLE3lWG{b#2RsN+059aM`F&{ogl{B6* zC3oQC2)gn9b_fKlGTYoBZ`F>ExGsw~?7QSZbuviuO*m$+^HQ^)>-pYn8}hxZx$+_T z|8Y=lti)tw6JXgnMnx#Y=z4-wFsdNcMCs;Y*|)wHz@XH_Hu{qXlU~UWKb+6IL_04a z-Le;KNSW21KWi-l;2xK~I{E(wEZc+*l=(*z85E&JC)*>r<(@lZM7+56npkVe=z-dh z1?1mf_jfny#trTTU0EW4EPl@p=`Ip`b5ruqTiYcx^5hd})Q#JM@5Y%_GsM&AWj@JX ztdJNMun{|wy$-&;97^Z6%~8yH?RIb8`RPuj6TpOqj_hT0{vlnDRIoAx9le8QD$Rj$ zD3YWRPUse+kHXvQ9H$vxzrNi4!umcgTF;z414o+sKUz%MNGs0^HO0Qcd|99 zjp1f*R>v*LUK#Rm&rVNIPu&|&t*2@}Xe&~O{-3qhiqPY!1ldxhLhkbwgTuJ-^nFCxjKt?T|Nr{7 zPzlp5Gc?{C{Voq^iCW$I)TbRK(sb;uJ7bKLuU%KHBg&*{7@aczw@|^Q0gpM1qvU4_ z1^-Zek7Z#JcD_H4a_CB<#ddm=$DUZ&sd7#^{td4y4gKjmVZ6Qo4RiJ$XWSN74lQ8$ zqacI{32u=ojJr)`EBWOnG+_TpS+7H<$7xN%|4xOS|MaanyUB8fxoF7!tzU!3_U9EX zwXD}wcJ+P%bd zdm?BzU2d$^=xGm-QSuwf>XJ#3w81l|a}SHV>$7<5C25RGLFa|nv$gi`KUSs)yO^X4 zyX1(U{+8*W2_BI;q;(7`Qp=7zXm^SsV+AzjJFV70zput}u@vN?QOn00{iI*t<-2ISAX=71M8^|;yX#Cv+HG$c0jq@}+=NIaPz1M_es2HNA zD~KY(0i*Z#(uP2o27i9QQBGmgu>zJGsHm3%hE*&DC!a29o(=FAY}bybX6&Y|fn#}Z zKK#!0zc_FLnf=at<9>B)O(_|OjH8h-)GAbAJ#4winfRgE`Mk-p_p!$kZOARXn&Y#? z*PeegC=g;GeN_W3dylhQXc$T5d{yn_KnV z(E?!Ed6xjJXdgQ`U<`U0=Cjq65jv0CgKq!!s#1?;dM`Hnjn_VvFbTf0PCcu{Qq7eN z0`{sFh06elmO51irbd}0y_9=9-@lw2c&vDJe{-n%K-mT?5CiYkB{tnT{uG@cpPB}a zey_?E@hGg~vgwC*@9T?pf4_?ZR+_t^79QK-=ili=iVnMDp9)+4bD%*eqjLV+2t0Ji zC@n?!DQa5X=2x0|9!bkH_I62tfqT*_4&(_ZizQ`vJpa-Li1eC)#~L1FR&fv)jI;wi zW~u^upsMT`82=`R&;Jw6Y%rBuxV*<Rn9V<4j9=?S4r&lDa#6j{#D-rxt?nz<5J@8w)Cbf#{5AW3g8vZuUpzX$777 zvqWlcPsi1J{5$g@Wi$vWz>r^nHBVuGu5NQkcv*n-wNuBUJXD#pLc>|s=dn*Bt_Xw?^V zix)eqzVo_p(3**{<#yUH_W@E9zoN{XO?fCM;1LPu|}PKHFJiP}?M$v?i@Ev+Cxnib#t`JNCbhsRF35Z)^7DTp#tkQr;BpkxvF1rP>U-=scj5 zym|BH7?`6>B=g*dlqY=w>+!-y4(bxpxKs4_EupV|Kl-z(RnUAqz>fVkjCc+ol2_bR z1v1%l0~8iPuK>Pt5Z~Y6ov{Lb(Fj`Qo)HQTf9{r3XqaQ>$JDCZqfVlsJDJ?DH=yhr zI=ynEYTv&W7;)_s8raR|UUE36b1eb&(H~+tY}CyMr4HYgb@O8#_QslyZ`LyL7GCB1N|!7S?@p{AKcD>Px%Lj%Y_b4*uzThe*q+f%{5XV z$7Mjuln~g0MHOv#`D3l|LC~1J*KG4RUW3e$tCcX2T(em4?O%C}7poXe#y=^zUcwdh z9YRxqRDhEGY1Mm`&t0yXBS4N6*B#qf?yFPAvXWXM;B* ztu6yxPdcuSV^$v-CD6G`u~dx(Nm^_+`x%byZ7_K?Ynz*XzcrG(TyQ?@4|;wbX-$-f z_1NjFDiUp!7P)39P3Gh+NTD`kVYFZ@bvpx|>CoDA;K-(nMUkPlS34tRFm}tV9RZ5- zU1XnGYy?&@R>`q~ZKmFM_KB_dSpD=Nz!K0{3pLiiI0{2n7oV>VRhJbyXpzTPG1U9nr6PhqG z9YngI51Io)7$F1bJ&^Amqbk}m^4!6fhub*;!|jwX4!9xa5{9aNeAL~VFO!`aHai{# z-CDLQCyB6C*;`O-ydZ`ZsOgAQ^g!Dvp?wAjMXIz&ij`e8{_9md1d_|ypgn3vXdyb3 z)2nf8$$%&nla7Q#y_pOYRT#=;DfP<^BxOeex~BuLH~s=(Q8NqcBn9UqSt0e zOon4%6Y$tSezXGUu}xQ$&lGdS8`8DiaM9fL3m|BsZKXfMD~BWN)lz3hLRB1m_! zVOczVA*35>zh9T0_f1;iJF_skEx-`O0a)U5Z$qjuMJ&TZ6^84|Rmvj)Z(Ov;CYu!p z|Jj*%UQea_!pPFQn^BkUzYmN3DD-Xk>Hh0cZw_Dh<#!kF0{RS${PG_3JO*7NVXj`Z zgq%2u&`;$^{4iQQ%bjL!IQx@qmfDDiC*R3w5O5PvZ3}Z*3TY|(ewQFhQFG>4mQkX| z^q*d&tXS5|j#X}a2L@2@fjyRJ3(Zd`Bs$oHFe3`>kuJ4G%Q1pjzFXEF)n08yADQ;b z3`_3?1qm1swVkyXR=7OxCB6yquv$jE3Xbzm9_t7v(R~I7k4WCY`#r4JvpS~bOYpSR zU5BEsRqjrI;yNO@LhRldYZgaZhVh>IuY}=rc;W|9$|%WNu8MP&OmF-8Snfaw*k8Me zRHKhAK9d#b(Ps|xTOo73$Oq!fHz>_IH`YA{SX@8Q>o}slk9r?fKY%j!vE zc}wNcTbJH@=JlpJ*qhiXzwDiv;-B17f$aYWu_INteD3CSaLYAyTOW>3c#i961$FTB z;7r2hrpb@VV-Qd27EDGO{Q;?5Rh-(O~92-=3n)v8Mx z|DnlxzHE-7QScur=@MP%5)*TlfwL?zaJASHPQ`rB53L(Be^XPcBvA|;v>;76eHOw> zjEy+TC6)R4^!d+{F4d!#76k;R!NVkkm0p^%mwOg9%U@T;o`cO$T@S6v{VigB?O2Yl zjAQot^X>s`AJD*rj{}`A3Xe-e?pU)+$Wj}#Zxptkn!>>K&I460tO<(AH-WegAUe5H0rQ(7L-h<{G;oQB4U(d z(JVJcnGbC8?*Bh&Tn7%_?fciPC-SGME#N7oA;jY5Lh*9`UXyBEsnf-^&arMM?09o2 zVdJu1esk;0kX?I68fuYK;~u_a@nR>ws=%2`Cxl}}CZtIeSdLaU2L@~@R%_ouAs zQ}s1uAw`G{&g;VYdw9Bp0Zo6RCW0%I*$*!@@i`X0GQh;~dChPCn4icxwg)se*!f+OaZNpX>!`J6ulJ?oBlf;vyJx=06z^cn{fqHG6aeZM7rAC*sHDI z3UpGWigCW&xo2? z0MOG`0ClL<;-%OBK0m+eaSB{l9ypI-yYSIP(2iBzdWfmsW$_EQ_hBM{HV**DAsFRK zCcajt@C|(!tL+;cbLjKMkdEykfF3>$Vj>mVPgbvYg3)t247Nw0K1u`yOt5i(cv_Ll z-}b;ZJtJEWVO+-!tkd?xu#Fz=xbU9wAf~j*A)8 zpt7!i1v#Pb{YQ+Lz_4E_0y{KGhWj5>ryn0K0$>hUc{=*UN?&79gPmx*mh&RR?Pf8T zFNFZVgxPW`nBm_klWxn%k3BB?v&1jwWnfB0Rs03-H!ZMZXhu%sim6fL6!|}6rv^z4 za_}R{ESG6gWCFa?E;;d>2e!IT`a-Wtt!KNQ93MN%#p`^oeq~iGo+uiR#>t_*{qUNx zVTpz5tnr+`9doZ?cjQv_ChiP1%FK_uA~#!W2U}=%lNp$9$~=YMRGN1BBnpH#ZHx*R_FRMsCCt|zvRV4{Izd~pqFV_qxEHi67C-tgC8#>r|n|p#PpNJo~|#9BE>BZ zzVzo-qP0WU(*Ztxt%sJ1cFb{Rjlwx@CZ==IgCj%B0q&C zieW*V^k2*P59u>G4N`n5C*2<8pFO~C$Ka1$rhX|E95mDZtj&i?Oj&m%i$w&FjBko3 z#>w>L{<~G+G~JGn{e4LIp9_eQ6NdvChdq+Zo|#v_{F)!&hWTvmxc!*Gk6FP*(e{G? z{>BJi(i;ky=ldGq*nfJf{1rseM^pmH_1`TohHGZ0B#NW8u{VO&IunR-%sy4(WO^+m zi+0eiLvYwB3^o<~FXsx@k}^0R1Zp9?ElInAH#_`Dn`EQrx@h*_ za_Sy%fHlK7Jv&L>?P(tx94a@3a9HDbLy`dLN3kwX?VX{cA4=G#K!w1W-K*(Tkmuc% z#f7&bRG>IZ;;bp~sObb}(eZ^P)^-DXpQI4bEE(Uq_Jo3Q#4$+HqfK6jIJ zwfYXf?Rbw!p}!G1;)TrcB;$c%pG3=5AxOvj3j0(}^}W;f`h(=q)k&}_fJ|3UhRm$MpyKc z?g@lCLGzM{^xQMd3toK?v!_fuQruGP@%L$**^f|glGf65kAE`vW=w1Q-CB`)u8=*) zB{kh3LZ+QIVxyv+t`SNd?>Huj5AO2h`&^srE&BDdRpsjZ;4{~RB$v2asz1>Mu`?zD zSoeEu-sg53b7aHxqnz7KjZ#^e0n4ZxJ#&-^JN!)SU$hjTfQxS6$LtLTrvH`F-K{MC zQ6q~1siI246obDbh=9*L0(U{o>CqJsWkwu>%n5v49sBH02TOL=t!9qPple~;d<}X5 z4emSNaAjTekFZDw<#?_D>U+pdvkJ2M4!%@UgZ7+`D%B#_KV@_AbBl^fnsNLiBSMJb z`*-k5>6~BCN&QA4jx^_moKjoWFGNeGbgy)S?W8LWMzfeAx@Q5rX%l}t9xG-UcevNT zF5pfn^=?PfFAQ)G(jEu7>qi#T;n)fM+~>e4$aL~AWuM}bf#Y0{FN?G}!9I~uT?G(6 z!WFX}Gc9Y!=Nw`TFR@xf(V4u=!U*%yAy+Q29Wi4KhW%fF6jC`&GhdM?m(?wb?5h+< zd&9uDnJxPQghPxGn)DE}oW6nf3L1_c&M;+lYzwt*qIHZge`RSa2Erprf@-9Y&jM~H z7=%XbX4+ViOPKA1wg(cB)V&JP+D>#1KT+&bbk{^Ye<>zvu;kZU{Y2QWHB{+(MeXU* z;OPe;G=32KK4UBFzFIzSu^uY>qn)H(PB*}lE$lmqZ3E=nQ_Zu_ndp{PPuPKz;wv~M$Am92Ak4@t#T<2cO4?%T7 zWuYs!)adt0V1&Y1OjnWXxx{ZHd|{i1D|#p^D%Kr1!U~)<`yYG&-ehvhS1VeowzX9F zhQ?oTPZMa31Mf&LQF+*%OjPVyRJM$V8k=4tqM1lVsEF-ap}l!+0iR{!@~e zRwtsY>3cXM)(CC@e&%_R>h#k17R_ zkhg8FQ3s=$nH;#F+p7 zE`Tfd^`8+@a>PMNzZDVYlLb}tvEJ+OOgv#&4Nt?`fF(8E{ZmPs*pCDH1Fp8S=)Wsd zh%>dosZZJOvq*z{?beOp79fx=n-4YVyu_^?4iG?wO3DHrJCaqBw`#OuJ-W%Pkz|I< z-Vt3TZnpN;;Sy-MN~}rd6AhnaPvg_}skw>2iMdnqGn%)O@1Eu-!}b3eci$r~tu_M215>eJm!Bfj*o;i|GiM%Sv*RXiJZ7upGRN)Q4MWAWI{|8gd_y>AxlE!s zjDy3Zi+VQbI26YsT0DXiU*20v0UwN{?HBx061>)w)lE9{@*aQs`QOS@d!QhN{i$*Z zO{ScV%=agGZ)?&iQ5k2u!3?@dqxU|QLplc3b>5<(gRSqGKKm6P$;8O z{i?8=_q0h*3>LnAUnK;1`dn;X{N1xET`eR9ez_}7Q^MWFsZ&IE`YS^2L{#}hVl z`>vVX?1LjTnkuoA4_$i(H(P=L4dedv4Poq)u=R;vud3^n&t01U)@Pm$e0(ou1ND7p zI#M3ZAWI&A<0ec52*6C&fV>(v|9QnV6h9G@1x?wa*l5SX65(2WEQWSj+uQRmat&1* zTq*E~PDx9XDOgpF1E*dHw4ZFB0reQF?5O<`gPKB0VT&KGb;rUB(Zd=fKKoeJuO(m3 zbbRZh5aqyInF9$Qs9zHtH8e?eR3Mx64lyIj0t(<$C?&K*1=MoJf!8ih{dbCKphh;` z4&W51gG-)Oa4FUUA>HbdMaSMu)%SD=t3I#(o6FxaM3kjZ%lVlc?w#@9Y=u&@Z?Ry4 zE$t~q-1EbjG96=5Jdj*y6zC&pc)EXP!zVElD-SrN(M$C%*C04Nktx4AC}7kpM0uUZ z8zuKgXJ{_S12~uj+1`kG`xT>HfJ3E=*TDG4hZT>7zyr^!O6v-FQxFWO&}K}gA+n`O z>8$acdR1}BYSKW{<(h+HaZbui>h)UZITVgQOs zDSQWGRsq?u7P{`%v_cT6jkA_n)RMnZX5WV<*1_A=1c^o$cfxtYD-UW@M;u;KjvS5#7$AaFw)6}DB2;y6();e_MVpV0z{j@R* zcI2|RK2d&6E=2@=YEqt17@;AJB1>~(JQHQIjvG{Nm~QBVtEZn&(o^=8R)LSWTrVvS z3k}1%FUKzh$CP&qz58en6*PZ;Ss`4(+ZGN2Xzl`0_^jT%3O)^$M__h(Y#FS!Y8+iU z+wCzBgnlr;Pc*g=;T!X0_zLgf3p|`1(TrCik^?2S}a)k3ErJItJv!r8| zz`5bYUTfyuvT%|p1X2P8BY8F9XX<9msg#qh_EPB;Ppl2av^x%{eSIEU`mnfbYs_P( zYi01;zvMrziz@_najCBBX|IE}9I6KH!!yjKprCvdeBXihbsvGSDm z7uIezdm10ZlgNKXurYYWZ$kn9_DRf^=5pP#ha`pq4`Dkc6d9+-$Ktp!$`}_+d|c(^ z{-XFJrN5Xja8`FgzV5(Z{y2yd=}wNJDr5D~`nbJL+s9!!|H8k9d_OCfQ)}=I-kNmJ z%ZaxuX7yziMJ_5=9Jehx{isjgEInb48(mBeo9FMrFn*+#-x=k}5_6k1y7tM5xguwW zWBM0g!dO7JKnU+EgX^|fnpaoNV=i#+)w)t zmZbGayeWEx*LBK28FLuyj$<*_^$*m4)t}j8p)(r9Aq5*WqnnF^#K9sxA$@&+s$4uu zWXasdf>?n}3lP#`EAirpw}9Gt(gJ!LPJC=Av3{Oa03=2%pGa73!y zwIiX(dC8Yki$HYIhRrL{ADmSi>psqCx-+Uu=~acTcZHH@HzAo#$p4!<8jHb3)DHcd z?h#!PrqbpLq9QO8`oTO`CUMC@%bx6TobKutKU&*ykJ%mTSNA4gRl$T3Llfxb7^xmV zFUV|T-(KsIyu;AR(1)_On?tdfk?u=;Vr(k)-ym#x@I;|um7CTe>L+AXB5YPZynNjd zn_hKms?THg&Ur_NC){1S$DMfL|ip*0Q~SKZ?DjR32n0Gy<^TmZr@tF zDPt{wt%?=|bHF}S35*n@!R^e<;-I)remxP*>Q0&Y(!YZ+<;uC_q=&N7=tr!mOB=>d z2QTwVV+LwF9 zm16(ufJ;?wwBUM5E!mc#yj%~ous)b83f4JdpM(^Mc^TyqOPz1mCx^BS@2kw?Zq3|N zwD$XxB!OurWm&>xzKpRZ>I4L!$YtcI{y%KhV8~PVF_99rR4T5Y#K1^bR6~;?3IZY* z^lHzz->M^@Cs-E9yS&m<_Z}=cESk!kfj_RW7>l;&8NHfZM_V*qx1C~rE1=FjvkN2b znk_m}2s{LtOOJ%&-Pkhl(pH>5M35?2{q|RwJlB&QxV@V$dRP5smq>@R1*UE*QKowc z{cZumfU_I{XJW%5tv2niPhaNd=5~-;pr;#=_796<6YKX^H08m`XtOtO znhPf?{l%b|@`d8hWZek;4WuUcgWGkDIp`@~y!0cGhYj80&4+SNoW>|a1hAg<4+G$p z7O4ls*&g#t=z2xdRuK3L59P9y)t~KGGY+Tn*+%Nk#A^6WY)Wd%IEeYcp=I;J!*bD! z!YYpL8nn(NvsA5SLB)d!gC6 z5gUxd&m>7y_&}q#BDVlOm!&yiLP9WGTBDjGemxF)>)hF9Pm5B*J_3gl>)lzh6?j7= z!KdDlF{o1+7O6sycL}A7p^;?O@|ffp2&RX`jO*YIRw0@aBZIqBrA?ea6YAwASt*6- zivdpl39Sz_OIh0g5j+#9|K&uZjQaV^y}qD*DB+QAg~RHvI6>Ldx`G`Pf%e7@l$L8= znPo4_B(M_?Jz)zXxP7XMWj^fl>PP&?s(aec*=9b?Mrw`+`7l}+Iy?J>T-r8Lnr-=q zC8l0CB=AMD$yIC$SQ{xL;AnpICZ=T`FWd!&T;x1^s!NotjYJ&!Y|&lTeu7i~@AHv) zw4f9Igictmz;-d@F64kspTY;q*cppGu4VK5Q+u#apj2ZX35vUe2-}d*3{{5QMd7MJ znnZu{m8O&fDx!e6eOB$K<=^Fqa|I^6u$5{_bf&of%=!fDjb7)=$m4xkPpETA-eJkR z(>>CfikoYzJk`f%`PT`T+BIX$r|g1mJbGK51rrdOh{KFi69$lZi5OYhSCz`~$fmSV z3CsIc+gKPGL4*~NVis*%7pL*(jle7E)tvpd7bk1fe`{Csjy^S@+`KmQrTf^|LW!AX zh~-2^nMdGA@E7$jvd7>K6~7rIx9Q_oi;3rcP3vCzw{*hp`nd+S50162iFgeMJoqK- z^fkExq!a#1Q?0ro;F?^iQ3D>kJ#M0iy3E;-3FPge zn_K6h*diDQ-wUDCU%p#)WXE0XR!VasS|A&JJb zCi8c&VI*qmJ{v$0Z2&I~RT#zZ<9u0aXl)0d0r6lhzM%?8vdcTgWqJPQ>W$LA=4EJUVW_{IppNZ!w>h%8gvamqh=%Yz;$wI|Elm!3P61+XAZ zn;%fh(nwnukUoDN0q>Rs0H$gXwd+Oyyez1XGmio+$65TSyV+6CVL~oy@Sc4Xh634o z8MZ#ZHUf;A-2m8r!RY6W-Pk37j!{3qFM>@y{p}wB4Tej(b>2NPDfY4nB~ZXc&ECNz zYT4S?J~aU3L;{fI?esw6?m{3~$ZM>cwL+b8bUx@+x8K-m?` zhu0zPrBqRL2ctXulKRA%_ISBE;M-6#1&UUrkYHz7(=CHCVFPj>MPv!o1wzb?t&Auq HU84U7#M|-t literal 0 HcmV?d00001 diff --git a/copy-of-sdk-docs/docs/learn/advanced/baseapp_state-checktx.png b/copy-of-sdk-docs/docs/learn/advanced/baseapp_state-checktx.png new file mode 100644 index 0000000000000000000000000000000000000000..38b217acdd04fb2430a2332946864de04474ae5a GIT binary patch literal 82308 zcma&OWn5HI*FHRefP#Psh_rMGD9zAa0@7X5(%mg3-O?ir-45M?f}nJ_NVjyuyYYUW z`}cf!Km5PosE0HA>=k>h>$=v7c&jLlg+Yt~fk3ciWh7J}5ELi`f)xD_4gAaW(u21U z$P0+9gs7T_!A{nr%>MDK9*SOK^ee z3r7Q;Z~%j}(d%Su{pxi0N`Q`TO@$Xnt>@WuR29?$B3nsR=YXyLAjH-@u&T)vlF& z(`G@G=rG^z2d3Y7$n;9t*GIp<1{21T@ux8QULJ>48ni;+cYb(;=UXPlriuCo|LxFl zFASrB0kSd1sNP^WkB(W)?Wbn+z0lkAf_{-{<6POK9O^^haqyiGvEXym|5`HgSt~*; z1S8F9?H5s7@OZo=99cS+Jo(e7Pos-q39;ZW<-Gp4*Q2Yn;xJSKzI{95V?TeKg}m27I>Yhu1eE236GCB@j8Z`L#)%=TTXo3$$) zYV|%-QX^IGAVkG?@llqqjD83{Ae)$@W_4_om48S@R#sNdcV78XT@AiCt;^aJO053E z4>c5v#O?I_V40v$F{??nRt2?1T|~4;H~+XPTvq_?Cf8 zK7^B^hqi`vVjOaHbv3)s`QNDsJo<&Cq1wwvCL^%^;l}%|g2C`UF@A>OJ+Pu!G zDHV0K;xNrD^Yl#@P`M&vJTz(y&{hzoH&U?{H-?F*sf~?SoAiW!m2r7kA~HhYaj}|e z)*VH()kUY@S5+xWFFTc?g}xygs7jTfC~+D2!(pB4^8;vM%pI%6JEb44#i~D77Rca# zQOs7VFWG*4KU$|zO({#@y1MhsgizS)G0#qx#|@ZR^x22`r5Iq9^d>3f$Tl4lA+uWn zf2KlkKcxeq@*#rK^?7e@K#<~>AJ1`<88#$7q`Ah~;agHsB}#rcVyO7|1A-|Kh@7<; zd(E`HKA6&i8u{Z_prC07$^Ix&n(S1|avy$sLZ zrS)IRorIU}PE~1y*4oh^>ULAgOH=zoB`be^IHBmRHuR78Q`j=V`+8wCk1<{CSnfj1 zA+C~tc&8a06k}MJszGjkzv*eBuDr4!r08W2CCB=2&&;Xh6v=Eb7^}1;m}pgJ3E4Gl zn+p9#i>^?Rpjq!VldLk_WhZRvAO7aZwZ$W9_9~6o;Pt=Tm>>V*aQ%v?{S*a7RHXNc zc_G1IbS=Z0aZhA@YrK@b+FRGteiPZb{~K7^t~+7E&7u!2BJ4Cl)V|_l^WE>W#UE3O zcR?ELo14|dsAT@kWhY^YAV!x=70BdOK>Cp_35s`a4^mv2f@Vs~ZE3$-`(iDD9*t(Y z`-<8mD{Rl3_6ck>?-q~UY`M@}Fq(OTl&`@swBFXH!(w);es!h#PB!b=ZWI|(mg|v) zJ_^&GNSL+%e7n+&8YAtA!4`u;Q#Fn32ZhJnFSEV-Z))~;V%zDXf@0bUCN8^VkxX8_)%dFlU;jb0|87PgTGm3V_s<5$<%;;ff#~FM@zm0N;y8l%l{JM*IVmXU z*gtO07Ab1z&cPq~W2w_tQ>FLzlu}m5cjwme3tMp_gUA15B@q6B0tgkM| z3a1F)o>ME{QTUyUf+R=1-*Tj=cf2tFgH^wY#?bd9dCq;&x3d~$>i({&8Fo#*?v%(5 zVL^%z3G75Ve3#B|akxTJ-vY3kEAsCwCb>{}>)`ksRdj{64@!D^&E zv!xScsm9G3e8>Hxlq~&c!}zS}iM6WPUG_Y?#{$#E?vN5YY*W>|HD=yyH&J2R^rB3b z-Q)IsBKi7$E^OI8r1sW9<;4&z*g2C{{+ZQyN%HRpsu~q~jCk~lNg(Zh--hfjwi|9u zRm>jP=4v7-2$scLEiUA-0$hm z`|@FlMU2GpJd7I>@aZnQp$Md`5~{=f(iZ#&S(_Q|X_lD7sgt3tRLm9#qD+~CFpA{u zQ8*V2;k(PucQ8BbuR1wV$+>BZUi;Rb}I5Wb^6HcqW{gK@CO@7OzLv!+_uDp zFRZ|`uEY-tUA@5|V4^|CAy3K{^zJKBFMUJvAqP}X^tINL+=}kaZo7{e`ait}2Mp1> zwo<>#P5Lx$+w=?HpD8S2-h_eZY3-dutu!i)FjRl9=b;uju`E z))Qq`d!qEY&SN*<@RUC3&P@yI*4ZHWj)0wJa+l#LfZ>g-jSk%9iM$i($@2*OxZ$w{ z32^dF=S&dF^FR8o*)F6$kSV~3Ww=LMGhHNM;OX0Q<}}K}hs<96e~mTgdp6(AhbG_< zI$5F5d~4iokYo*+e?J`Nt$vUPFPm$ov~z_6q_iQWeEE681yZpggA= zIhitvCGv&{b}+=Vb;SJ{*o$JWX7rEnlpt_v~fNA{7v>dATU#EesnE-n_SEc#Qv$bK@^}4nwFl5!9s!=|Scu5(?V$brST{ zq(Wp=j2}FUJ|=dQodK$Ls)a(A8`OB8JFL(I&dGRReCcu>6V19Ffa1X(I&=)1>kqY_ zEm%|GLVg@9_k^f1=gJR=)r1$RR=@kcvNMesX>_(&PHI0MX`lV;EciC$X#dh(cM`a> zZ3m>PH;ytmq7KCbz8p`i(dOeh-RfO0>uKU6g7m~;Ypl4z5yd&xyB%5 zwV|Tb;8}lmC*j->_Hg*m_ecdeDg%+QU&|&Av199a@^m$%Rnh2Hv||Cc;X~eHlFV9od|ySpl+ShgggoA6g!{LhdsC z6K$ON@~NSLH4G$A;6LL;W5_Pl4+)!;MjGHA=Lj|o=&hROHZ~6`G8VK062rWyqFJH$ z8aER})${e#@PPt_j5iWrYvXPu@xMan%lNB>QJ?{$Ah5AEASfIb1Dx@Xg{bp)>KFYY zBWoZ~A4TYNnKt5$TCmty0q9xorgs8r*l!1X>!OG_)`Ue+7~-7Ph;egmb4BrC+vW8O zALS{iosgr{id9zA4}PB?@ra;9oW(NfeFNBXMI@4+kHSQQ-()C0tg*7bCL5wke(WHQ zGcx=fC7!y5MhvB+VU+YHf?V6f<#e)f7^3{L841auXOM))j`LNI1+9Dv=kBng&oaiC zb0G|mAz!>b%hVZL+z^9I^dU10H|q&!c97yjVuj|+cNie8Hb@C(4o8CHa1ySEMA>p+ zQOHX5LgINi!&FwA9+~Znh%ru;!WLArk!HnAUdl$NRd&qXMV}*u<%UG$wK-nY=SV-o zF>qU7WW`_+XyGlt3?Q&_JSJpt7Q=nj;|oa)K@kbAsRFr~7~&9=!Mri$i063#S4!u! zdi=Y}EuvNsUXF_uX&=U!E8Kxq?5(HtjgFgJ16)s6*>c#&7570(@ka1ul5ArtJjQvF zi+%%Qnccmrx4*KFE-Bixh!LiA1L`T0pEBeT;Hh*BMd=?z7w9X#Mh!x8(K76s!Otb^ zcx)}{u|1gb4T5Z~Art?HV`8YP?t>aT)$=kW<9UoKhpXNC49iEbuI>kJt>J~?*qHm; z=n`Zd*pp}5lYUapA)sBfzZ)~+v($VJ1rSls5|hn^#0mzI&YO4$O_Hrv052}MR0l)m+9 z50R4v)@d60s)wt+R)j^XaawR%F1GnPp1jhq7YSo2wk0NQ@<1l*7#VE{e}Gy7!e4H4 z$X;5M{@AvN`ib(;qp#Ya2Mv-MWi9-K9Ee7iOI;S}SYcvZ{&1VuVE_r@#%qE=#)y9e z`Ec?Y9 zd?etp%N0GIRi~JkQ7d{Y+T^zT-Y86eObeak-M5DvVSWl;9WAt~mNWRly zmF@Rt3tn;Ea-ETw<6{A&FF_q0Cj-R ze4bAUQnZ{^^1iDF1vMov9=?m%kmbxOzA7lDmUl&_L!$JjWpJJMnk1P>1`zWzX+N+7 zx>#)@Sm2eo%9N{2zFsk+SN0c2gTh!2aZTOGzElJUwX#|8g<=0mXmKPKS^#fd$Z0`C z%xt1i_LfuYVg~oTej-Tkldk-B?k88!if=JpqrMo>-g3+H2@q**bf1pi%% zmMH!A2g9M%I!K_u=5ALC)*L#JWo_k^xra_vy1q@apn`ZzcjNmGZ~)oYo3%?X)Ijn5 zF#0K6A46`a*s#$4?!~x#bMhOEmjvKl8IST$@C=Uz6r|Lc6}Rhf4}%n$=|kLA3D`M7)i)?*(5z5<%w?VF>+RxFP{@DR`iDoY&vo+qx3(EhI<=G}oP@ZmO0UlUbK`Co^x+S7_eHc(frS-HTaUX{hs46kNEv}5oWRjU$* zg?!<1RKeh{tac1^uIDk_b|&}R6kzV2^x8SG(e0&fM7HNEJu1>tOHo+AY%ms>X)d&tbux6(ZPr-OHT!N!gjaqCmAy4Ujqm3 z50IyR?d}M5^S!oV-0^BKcZx={$U(R|6!2N%g+UonhxmNXt6X-bUJs9J4H=iNtb|u_ z+RaS`WHK{2XfdHj=JF^Cp}V&I?Zh;{vZxzddqdvcsWEauU|)HphCVBc@FumGg9)!g zs$IFDrv2&THH+XlUV>;@e08(A>pz{472HWY@`ng$M(bVe?7BW80{M?JWSMyHzTw>xTj_zzRu#@n2Y9SHqj4-_by@EQpJ$L&W*{f#mve z%fEDRASNw7Vrc5PnPaMw5DiJ#x!ga79i!~LjFJx_wK+ufh%j0ynbi~lSh);DY4&LV;uW|KgLF7p;Z zq2{FKMjuh6B7Qg&6$zRq+%4-Zn>zR3mwni9AJ7CV@Jmn-bG@gD6~1kFOvL^T-X3q> zW1MT~a}aVtq8vtO=%b8HF2GPf=Omx`;PgrV7qg$~j&Cx!`=e}uTc|WTnJq`5$Vk)- znSlZxZG-nyV*7I3DEBaq(W6&?j1;;%YOmY8&+Jg%%{RFw0o(`rJEyjG-NIbyUb$$C=>>hUjgXcQtO=|m_7Lw zj?XQ{yheGtdyLCLS*NNSmqm-Z&S%~=_?YZ!o^tW#ic}2s-R1(1h3m(-k(|WCn zX{E}0)zZ4oatk*1*CnBlu=i=1bF z4B?)`3~+c(?;yVQES@COX2R<)(GxLzr1N+4*tjU9HkrN^(@n0Wo?U~Vvkm<&^2dr* zdpbh&nS-1MJ}1HdEUBT8g5I^!9P0H#(&Q=#i`q``JkDYr*L{}LjJ{+4r?!Y~j zV(t#Dn?ij;+lOq5#5MKU$m~|VSVa~pm2%=xmGzQ z1rlZ6PL%8RoZwnaJ%R>IAO?j27Gd6c@+6qR@Q{$0hLzW6c}oU>Cb@yMA3cgY@(KzfMZ-9h}krVX_Df#R@-`VOZNa=62gS5pohiKkIr z2J1FIPXllHY9s9Fno!7o=K@Z|QJL2pE5KTG9oX>E7S=V=M~O8C5oVKjevJiZxGXeg zL(iyW0%BTYYPgJgN9UYoM&~^UTzqbYK2DL~yHHIWGx9h9SG3A`-qUBFHT+RM@S$eM zoyixCu#9Gz%fnHm%wFWK&CHtI`jNc;OGN=@pL~vY_R1>K! zzo^B1ui7ULrO<&eOE66l?GEtob1vuUclXT@Q)yF6MLlt=M0qcBKz$Pvj*80+i>RIn ziWzIS7$i@eF%OJk_{hH-C@9in5GJ*Ei5};nIu{tTZH|#GLQmN`EtPT1Ma8x8%?J6t zHXhm(#0By=o_OM>Y9ZWJ(-OT1Dq3jtHAtn&#j4&pa_}kBe@G2ofI+*k{!fYfI zkFf+^$MpNiZGWdJ5;{k?(W zv*RNrf!;wm9>v8VLQL!|?66WIxT~7l8dH?meCvpH`XU79`4?RN$@O2lLzIFzyhyO2 zpd7rB3_kHoN?c~6u#-2C*Zh0n)c7Ux;wTszs1HjidiKI*{h9ANG&e}%$$UQxr()56 z(qsiJ&-ulDwRwXLAqzhfVHaLFb@mZDwh8xn zvh;hu16}b83-3WoGJR*Tv;2o3WY}M#X6xx_J>iLP9-D^j`pg zfPwP3ZisN?R{*N6!?kP%0=4H;4dbLMlUp!qMIQMU-HfT~7aIxmzequQZC7>(?uZ;l z2_;AZ05{VZo|@D$YD%~~#~f%B4C}5?{Y*BqvC!HaaXl5ZFoyLYp#n9a+U}vuAzbi< zMWu;gY~gLZQ#i}=EK}wfPseB@Q6S>(cr*s}N;gZ!@r{f`e`758;yowGED4B(7{KvWl~(zMo;ih#}3( zP`aqe46zxa^xO<8b3OJ-zg$IP~ zPo{APDu!iE@w{{&+|!z0yU!dqFrY#h1*!Dk9xp^AE-L8ALv@Xh1K`Hu# z2!m$(==pmX9ueJyazPR}PZ;xkHfl>@cwXF?7v#(v=lvi4b2X)woIF7bUTb5?b!#~L-Av(MC z019x;k`zpzc0g8FdVZ@ff-ToG#+Ah+FM1IL5m@XBtiR7nc$BmIBuIReHS)*D!M4Py z;r@iH#V%7{a=<`NeT@zl-@V}5qay+dy7twqVvoDNlhRw2ttn)$f33%4spg=~Ch1}* zdiJF;4t=ezw)d=I9jrjV?$??Cm2Lo=+rVtSea>_pC~kh)mDXekR-x#877O_$S_nt} zk`|<@Sx2yLL*1N6x?M2UnU3%u>RjlVminv)`r2L{#@Wf0+jmMS!()}RXYVV8SQ7GC z%W2O4g|R}yc=e$!n|Rebk@aZq6S1oG88dr)OLnugpco!8PfsjeQRipTN54oWbsfJ< zhkn}40+qwIS-)&^R5;o!4+^afW532|=JzhqR0)qMrs<6G=&aT%Sl2YW+Zoi}t2a&B zrWy+l3${IL-f!b*LZY$h*?EMV6$V4*B{lb2`GM;!QaFAB_}Dc8%DP0flJhLGeIR8p z9gsub+41FB@W|tt$4C4U4PZS^h*$a-itO}4|3zP9V z!S7LLG`i<_H}D(KprkuHGGz95rLlwdguUsI<5GKQiFo~U>8SuQCNz`YvhawcNlIQWuM8Qh?puYv`db$13RuGO*T&|`eSqKZPhNvvXM{6 z1gJWqZ~SgfG)KGd0a~{{l#Z&jW=GVmc%XAg8u`2!6QsB?`)WlB20D*K#*K4X9aJ*m zMn*Cy3XpNLB}FC4G6yrcn*1Jadyx{!4tz(1%cc% z25@;tVa3;BQchL$%E6!&l5=sXDPAnlA`|x0+iSn`LqP{>3hsd`z|^f~xi7qCGz$n2 z%uM1AKp$ABMujW|C_?f9gUIfAXzDz~h~0jqNA@D1X_?<)lw4%1qJ8IuW}S`ps6Y1J z3NfVAX|-?d<#VIpV4kbvO_Oc~M&;ZOff(3It1$JtaXP0Deh|rp7EfC5(;d1J)6wA} zr;Y%m0&JDJ=M?C!D$h~c@zOdq;GZ2sahjaYtpOhS7#{cZ6Qe2}iZQ9vOr@bPqiR8v zRV)K`2t(45kWJ5d`1ueIwg)Okpu!G{4^p9C@W5X8s>DMjw_>txh4A0SIR{IkRv_s zz$_$@&f#{balDR@b5O_@@T`#C%r)#FeAP`%cv%gKpgRbbZzi8}!KU!Ci>AN{;g4dC z@^tOd&L*O6P9T-QYehZ|5T#?Ep$Xu31k2wlec^VGXTQE;SU{Szz5q_ zVT4R}nUM5UZBYROD*M{(?;^=2Og!mH=ru3DUa*K?w2-fQr+yN^VVC-Cfmmx~YM;19r%oxMzfD9wH$dq}o&CcL| zeGsNyC@S%x{%Rordw|^)FO5=6f(EIFB-}~L(5qb* zK`bT4ml(H^BvG}+pCY-j)yL^OTIwtn9HSsMZy#o{W>BKx(! zg$ZOLpo-xJV6r^+cY=YyStV$T!myBK_)sKdraOCkE@D1@lzZY5z!DHX_G%*d8nj6& zz+DpQ)*g_N+CwmmDEp&NggbBGWn1Q#0w`B*rdq7Wul);Uj3-Yz#?Q|`*ggOK})0P|M#SP|q&O>x; zL~G8&hqg=CCrvU78-r9)xbZEA zb3>*B`xoj#pNR6&&7G&BCnaj~w5LMp4~NpSQvuoKkq-@O){Be7$ANYLxekc$ERO^} zgD3)90lzO3szg<6;lVLnD4SX$vHGLNcLOunnT{eov--8+$Z=i?L9nu7Omr>3QBFBR-XnajYwF1%+3P|#g^t=YnR*7J|KYTMp8)R zE{6|#1mmbuv9k)^P3AcH&bUx%R?2N{SDtwefqGlMfTswVu>{D)KK4!7$(X4NroggjFS z*+y2^_e7ixVfbtsa$6Ig6EE>w4!U0^u*|lj7kToP;Wxek#poAwu8o$P(^+$4j*z+I z7bsb(RASi*{~zK4#1ub$^~!iIcW|*MUye`J2YlgDJc_}tWGuUcZ(#QY1h2u zDyBclh00_-^UvYjx8^$>MIt&Jab|bCk&d{ma9Z#`==9uFYt9|BCSq|XWVUJ}wCzp2 zvuhMmAg*jWn`IMzZ*bYJrKE#HOznxez?{mapJc;lm;5-5y}2BHDEB5?bzOGP z2h~(=KgP*04MXMgnyNvqH5))e0jZ=#Ama$I5|z0Jl%oKWW_xo2So%JWL5<`XGOu2f zSdG}`E}Nd|%0y1v5uK5IB{tjH)))Qhb;*IjO_;;k#j0zvw?6J^+wQxU5|^j@G(c(` z$6ekm6Ks+3sXnGB=7x^iaF>mQry}`_8F_q#{-tb%o@YhGMwxcATAiJ@651&RUOfbF zsPU>o%uzWLlW;)39Z5fbgjzlS{dl_5=?)PQZ$tA~$w87@(cdD%yvK92_kA_ANVF#= zU9#$XBq0v>5G5&8TjGben6!pr50cV55sUp){?%Gz-<3ZX&WBnzgex0L=?|b2Q33HC_#uqm~D!(`lnD!br0HqEn`%tZE zy0FsV{-cE}slJQ7i3++I(3qRc$X`S=x^6aF)LbO(G=oy^sgH^5;~ojl$ZqzO$X^h< zV!0^n&5M$Iz(2ms;G^8TmCCx33EMKuKRXU_x|$EU<)~I7zv?%+n;6Vt@x*)ZU=z{vn{fA~ zsLR89l6VwoZtBH_)3_8Paq|@I8vYzBr{`#a7YvBa<1${>ORF=4ULi;9jcVf2C?KAoN z)Knd$I06@>qnf@e{?mfuA$8xLcaqp{dFo%q2Vdon=h4D<;|`o=^-=SsZ+ft7;s#vr z#iz9kc_SuU0=@B9ZbZWs)dHu#FjeYwY>8$W<(MYD70LY$iP9$O5wg>V_>I+8CLwY{ zG)k>wqC#5rD$f*1DOGuV>HKdTHFSh81Cq*)8w4glhqW|sxbht@3vJ$As$3ZDI(b@; z$ZSHFxOzRkg{)Nblg7NNlLgdj3tG4w;iPxF;g7TH<%H(1D;`_V%b45Fvgm5EC1XVz zqz*HitRzNn|Jg&g3ojCwu8GEPsQ*+I8ZU;w)}4V!tEoG`45KSYi%C&Q&Uy8!=hKYv zLEL7Bf+qjjI>pFMTF>fN>C#?2tPDAXQwY{nl4naw%gpD-q>}3f0hQ)9tI35$?{2Eb zn~ETVS!R5ZLLje32RduAPbTZF8j5Uyx0MP6Gza-}c2k+#BrAPgELxB#TB@Es8LgRC zeH5hFCBWV(VY^2pY}_ErY(3h9u-XM;^CYC;rry%L0{M(OwjW!` zx~rii?7f?#)$F#HS`qK3mD6iIbjU0IetPM7rJ()FzkJToyUp5b3)@AjY|dVU5JfvF zU!J=+%l#Hp+TbzQi_~irXz%pI6_pAfAM@kkrl;;=g*j;3n;mc2sG)va$%Es68rgo$ zcq-xEIHuKY8FXvKB867E%3Vf$qXo_XlKaCf&)T*CBz{8S1*pCu5zHtf4wZPcf8 zvuBP95i21v5>HQS&2iyyw{|hu5|+ad*5dwpt1#R06TUM22ixU5s@ko{U_ehJ{}yw^ z{D()PTaQQ1{;?b>zBX2N8fB@*@ zpUei|z4E(0Z&x)3<0=PWW?}jJ@%d_M4qUYBy*bN3KaW}S8g?#2{d~$~OSDg;DyH_~ z1X^Ok+K0U2(eA!Z$x40a#eN=()Vgy1jHH@s6LWn;Adtsea{@iW4PI=US21h zf9N&#*RK@$imh@Z$KNMLD4Pli^DwVz{lYgM_&xbLoh#*%U`{w0j$IqyDJ8Mq!UhwE zf3{2u%YPr-&hv2ku3wYR?D3EmuidAzH2$0P>>10!F(Ed2AX8Q#p816|Pb+__3-_C4 zoz#jdWrw ztWQ_IJKXq10B)Z~V@S58W`GO&%pr7o%SS&C;d05_=(DLp3cr`zAA41VB4MeF>@h0K zmGHbbZo?Vq&gQh1#}It0BPGcbjgqCrU7jf03jI-Y<|fzui>Es}s%g=%O=ikBnoH0v z^>r>$rJE%kEqU>~t&cb^bf=c~6FWA#H+3zDzpg~Q?jhRe{;P*((|5a?PD%&p{Zh!I zSMJFtN9Jk$knXamcs&!6eXbUlJonuHVfi5uR}WiK6<8V*;%j z%i$af|7*uoA`bI6SU1BP53kEb-uhKf{tr5OE$EiBRo`3@O)4bWms&|vsQ5j-mK)fU zbKA)8Y7sXUcC;7Db=W;;g%-|k*7q_PNcK4jm1J`?rDRrnK9azS-?n}El_C5S80M9I zIj2us=r4cg+Rf!eSMvB&9k&K^!5IFb={jG;@y4{`f=+|M8rvu8MgP0#U!U3-l+lwe zXkuasLG8})=`1zu!G?sibjIknV24Sr7#(^WTy)+DRI<$LC0m2IrO3s28$PGrfC8o7 zJHMOn0RyMCKTR)wJ!1c}8|@@sKoY_*Fg;rMYrr^eF_50zIHv0ns#MzZ)=8+ z!-k!f6{deR5g8R+tu&&U8~ALHZwi`x)^7je-Q(t&udIM5So;%#NiIr%dUn?fdv>C5 zMIS>RZ-8a}<8S>$hW-GAf&1;J#uMi0R+EgtP{-2x-mS@kzFWcO{+TRl;oaC~VUvPi zK*sh%)#v8unadO`fJ-r|TJHo(*U4$Qz=ZcY&mTufLxH^Fq~`TFn32hsZT*vAR={Z>ECyeKfF?Xk9NFb5u`fneo~pV8x5rjSB`(?4^xp}+ zv^nM(HCdOXH#@Qj*0m>d1z;kshsK6zI`tPxUp`4cKmjRYT-u8pB z+w}1nlt+^?F|&K1xMAuW1u2{B_5EPdZfSD-GvCl&UmW%DX8*A-XTQ2JvU&!Rd_ry) zX#2JQY*WBEe2*%u>tgC=CEZE6xa{Wp3uuo_m(Gm~D&dWvhnsjTel&2+h7?T(3L5^5 z6huom-&~hZj_fH{kh83q9u!A%*{}u*#MERkeP#zZzMo0-^Ioujq+2HkJ*-prE%YcB;gDg|iF@kPA@ zOR*Wes#>rXk$JbRg!l@H>pUG^NCHXpXR>_ipBYLomxDi&jg&{x24oUjUj9C|bOrtk zQGwP2*&maoXb<~Ha&|Z}h(QTmlF8@EZkLB{zx{|{$XEcVZ!ElyH{u!PQ(i7$D^;qZ zc8Uci(kt~9Dd#E1QV1K+`)g@&z6!n{a2%NVD1I;TQ2?}{u~HItgzCP`cw{fboi4^_!FRh&YIl! z_sGUCsXiE#Vmzou?h3;Z_WtuNLYht~yM;NtxmX{Q9RxwpuNUz{WZ+A+`HDp7Bk~>t z9MMoTtQv3J*qyV^#t-&R9Z?`9f5_ZXfFrzftLL=J{GuoJ_WcC$g^t)Gm*=zKIpipK z9gK7%pRtToEht1XJsH3N5ho2M51p$;0+G%5UAK<4d1KXkQm!!`By$*t5k_U;(zGAP z>*j%@#fIVypvXiEB))_BkED&lx-?!?F)WwoW?-O^-R##VM|mKI!boN_6cVq{^RHYS z%f3KuLQyPj-M$I)&Qv825pEdKvdqffu;7WfdL2GI-6LR)S^+N`hQ*FMXo{$m4(MB`mX{>Zhmsi+4=`L`iD! zI$@%(fA2y6@5UCW*oAV*?=Bc*gp|cS5N`2*_yZk)Xuba6CQbk@3^dgM8<2)NzV-C}gK_jz z&yXNRsu1}NZq%#~_!zr`Ks7q+H{-1?0xlN->mY5r3Eb3EAwbr$a z@PB!Y*1Y;N-g(4<1OPG5jgY2`^6e1;{;EIn;vu`Zmx z!E2(+6l!lcLr9Oz={w2uMl*h{{uX0JuFS0{gL9+zZN3y@(Ke_EU z^)hG1KW{2fH2!_h_5Je-XQ17L-#;&vtK!Z7<0W%S5@-^0MXnt{y#d20LN?9^D3?|m z2Paw{NV@!h!cx!y-15I&z25{e1;9JMMQA-g27)_#DK)U5dm-cful~Ekhjd`<&*s&y zHUJX07zH?89xLjKcMAHEyouWZfTtHBcqj~v*Ev`qDok~se`LUYMx^wi)llsH|I(?fkNv-1lHT;pk!}*H^nNu@{D7%G(RNDKy~Y=o=}l<|EG0e{ zAUfuoB`<0kwX!7#LfOfn$%QdBe9j9Lx0%H%`F)?5)JrlFOa02F|E=4QpaIZzvbY!G z5;1zMUMDg@^%*Gg7W<%vg=5JOh~rR(LXQU%g`!LP*~e+W>Y9fA^09fE_-v0uZW7V@8blBf{!;x ze}Zmxpu4-s7BF+}fvDfDS0q9Eq*@8ElLmpM}KeHWUWD0nyv|X%` zTv)!g79RV&XjjWa%F&vp^bAf8A<8@X+8sGf#5QaHx0eW2k}YluICB zQ)u$JIK({Jo>X!MNvZID)^%}q91Yl9gy3%~aw@BS0$cm_;UDl2Z2JB;C(dB#j(EP^ z|BiW~t`N3duHu!&^yC_N&x7`8vHURLR7@$Cg*kvBvhzRPnXU$UxhBAIpG`|C|_DX(0ExHY6%1(U52>wSSgz+H;c`GwCraY*%5Skh^ zFLrlasamLL2!<+`FTm-WLn+ZzHm~;2v3oIqTxYdXA%lCD3{>OQ=S-?YvR}q@0-2t0 zViY+Oa~3?jh_T$#dHAUc*x`zV+vXDwc$dJXz30Oz`Q{=J%)O-@KzGI3elnqZ1youZ zKUDiKS3k9+Tice1$T5Mr@`Nqx*%A>5!Tl(DzU%gcryUsCgVdEM{KtlR7^J)oBIW~` z7f0ar0Q(M;9H?2pzoec@5y*T5?jWnIw6BgTCJ_j@So;cqjZ6cp3BBL-1Ja-sJ==`@lpb#4Agd>-jHMl51QUC28c}!vT)J*Ln_&Z9rcmRm{(_I-?K&slc+^gl3%J1z z(2(4L9Vm~Sa}1kRJAScK?IwF4sev7g4u5}(rV068?tz(neD$G6nR_z{Oivh4$M~?4 zMwS+13Mx?3qJbcJ>wY#50p4-o>m28*(42RlPDO?o?q5!TcW>ax(LyCdg+k6;JkEmQ zm?C7^`}3;z>3h@?5eKFxWMsYobTDi?xx3xJ3ql0XF#q$VAdx`ustASdSc5n(>`>uHLN=j7(O@(lH2Itwihl|4LFxTl4TKTS>jP2} zuHc)?G)DZ2k=uX}X}Q_lE6f{})0HLMTq+EkECt9x>kU9W1Qlt{5d7!6RRe*_S?m6F z36>*p*+IsQ2Zhl!nk6FdK+ctodhZp>j|w(#xW#g`pnn?3_UGb2)V$bAb^|ZyFhFJ1 zYj^=XlZ&k7!d!piSxd^H(qPq1020aonCqiO1jYDsp4LwEQ+<(?K)ZIPwpYEnJL0&* z>1l7Lq7uL6HSnL@kJd*6bDb~`=hjL$_wpQWj{@Iv>B_rVsgkaCr~nmJvhNMm=ysxE zASh{4n|JGGHQaY+P72Q7gF0zHUn1hE9b2(MYZK6EOU%?-(}QW{7(MrSSJ|x%An2wB z9tV4=RVDI%vSL?VAB@=4t_)=9+BGpQ7|VdM#MS$$X`ttRU9kWrgk_mD${2t@%l-AU zhdS@g@i7{wl>}fPyWi_Q37++F9ESEKXwz?wh1zCr`6%v zqJO)RLZvoBYQbX}%M-{NeA2}?^nvFtvG5c7gO1H<(f6!(^=Inp=P>dFaJjJd&U}T)&us-^5B4mK>m_r$AlDgMk zgJa*p6R0FR`@GI?xld1?Y@Uv4YpMcvc@(OVN=Ts>oYd|%J1f2~e6}j~&&b)7+8L$2 zt5X6sv~->{dL3?A?pf0I2(L+gFx}XgXwwS7U@+3)3fa^x(W}{5re6Rm+WX+3{g|tn zF^9m_IZEXwT~O7}4=k?_n$Fe>hXGXt7eYeK^J(Kp%rC32 z(}2=dh^hd}UxFt|+uMkDj{?>ed?gK{4MQqTxc268<5pLixPrSqZ zijRGD;p*}{4?q-qYxx;xLeyAk;1xW%)r;8glUPWqNffqvA?COeo~xcZhFD|ziSUCF9)Rhn!jIkZ@*)+L;uMCEj6ooUBuYe(HTXr z1};ILz(Fu^9n^+N)VCsNj{$4n6zJPm>)2h^M-A4fo@7=4T2n80_??VOJBc5m#nc{I z{;O?XEb#{Mncy%adYnuB4JRv47R>v+4^WI3dVUzIrYE&Cc6d5gqECO!LG|hz;Cui! z&!ed-8!KeS^THRjXgCe4I0Yr;-OY6omvtSFr3lU$;=?W`Kb5uNJkmn&20(_le4R)>q|`o-_v(F33Zr(lks1&-M&0oj@kRo^&?3d zr+4CqX;1uk-!lo(f{!(}Bu6H;CS=TX=nOGgFMs@T!8wo_kqkW^o;y3*;sP0v;8YV} zkdODxd+jugHz#jM{xg+Xl{lO{9k{%67Q*p@OsLg0^5Z?~Oydle)zUf-zrVjJDW1Db zjnI~*NqJRC?scFZwq#OpVpqdK!OMZ7KU3h$}vW6D!pM)t4;Te+=uA(vt2int5sxBV~5xdcHND9@KYyJNEZQb|$IQ zT_7hi@QI+v(+BUE1hKe5Pabsv4oeoeUR9D*B?^e$f5?K}?FQI>Ck7-Gb2AY^rVMvB z4zR>?A1u}{?&7k7x4XteB1Z6r{^S8-Ia1he)%C2~ys%xnK1nnYN*YBP`>gnl@N&^J zd-jO<1tgfj4#cP|*4kr)hT^AhsjiYg!`Ol-f(1i!o`{n*Eljj^Q@Al))Bx45(#K3>~a#kAY*4`n+{zxT`&}gQVD}&sQRr!|l1Zv+z+X z;Hrx0N|p+^ZGgUd++*eF>dErcA^Efpl(wy;>5b)x8mpXe-=)NKo7{#!}V zq+@0l2(v|elO>Dod4q?1iA6+M1F*5L>SrqFz_B9BgI@DJThp@a@>5&{mTsf>>8;8k zkxZqA+(mwZ%%HPUY7G#pN?WZfc}e`RA6pZIp0<(6STokQ7!~zA!=h4@`xQ6n~^QLQ2aPd&lqt8{uOdM$DtMAOcbW zr{rraHERe)3WNfkEdgt6i~ZeQ(ia9+eHGx>~G_J1TeFtUB?mYxM@ z^)+e7&0MbKN6tPhZ`o8OVpYtRBt|pKUDm`paqJ)rws9e5HV@mCLvlYI$GsZp_>{~G(F_|t3%tFz!MLA+x zN!32s!QO+-5O9S?c##}%i)?IEEBy<&A6yY`1UG|g`x7y@47E9|Zt;Z77w<>q;6Y{q zhl+qs5*$_w7{G?%F0n+Kb;j%mvjuBEX2N2D%Nt>Fk}^AtOG5=r@NT(R*vwxnV79q=KyZ z*`Ox~T;$*1)_4#t>4Hs-$nl>AK2?!H(a>f>6Ff6}c84h$pyJ!sPdTBNX0Y<02f~wkVeGI>~EJN@9eoTf08C&Y-Y)i5(=W7BFqkxA_m#*ltAAh{qCE@9(PUu_sfr}> zN!}k@TosdlsU?@Z(`Q(6_{SGxhi=-az1L}dXvDMEw;PE?erM|K4A#ed56$1-f96}g z`Hp{Emay37j1ks~B%q2Y!YXvthno;|s)VUSoc)Pdt6ykxT5}vo{u99ETS_L7wFw@c zO56DcfSi;aoW>X|_DZ944{fZU4$GYk&u$j_+AycU>S`Qu`wj5R!sFVYVS5|^BEf56 z_uYkqda=VQAd-f^*l2&94;yTeGcT*GsBWx53uaR(YU`2M0{ay$bvI zYfaWa|H%C#pyqdpze7|ZY7t|K@2puuI>mEPAv0AznSr9Hv9({Rtw<}0F^By530N0ZY1t6s zb7H|FhehKq9hL@_r-~*{xLz+{*G4Avi}Ti%{GP2}l19E`C08W&=MiEn4~fFo&t`KS z!Im94G@o0gU}@vg+tDyLe@|)iX4geYnT9$J_`*40s9}9)0{I56JbW5RSN}iqp-%Ov z@X#MeIZdutbtTVoe9)n{DiwqVl(e_tt2^nd4I}9#^ie=*G&K{*>qO_@F5MhO!LtTZ zjs0Ywv50N#&KH85)}Ef}N$BPWyi7$8RrPUEX_;o)%xhr}EfyYPGHo)XeNcc;aLya% z_d}cTPt%#w<1O(R){bFuRQR(@z=Sndj-*)}d2FMZNs*DGaP|hI?ERh$a85XMyyGyp z&LM4f#UFy@vF}P6SSW~wI)6(D56M459=~FfNaKWiv9i<$bR~B>m|xzyk0@Cat||dq z(Z|Qzv&-33=^|_kQBraEV@@z2VivIb9DvY-B77<{+vwkq9l`#{Dr6J-=WV>TJzFbb zfY0qTp7TJtF=Vpl^YIh`ENMi_pVNBnXUzLk-krVAQP3lChuwAGu0by~kF`R?heRtE z&BwHNMbe`P21D)$XUj(>i(VCVlxqB{`)L@N@eSfHmwW5vZ821X3;$IwzytgiI+dJ} z8jYNT*uyFVxQ#T_u5vP<8hVV&UnJ5qirIDd-XvPPLzkxi?Qjo@F#c4r0^k-bZCx%#FZ=5&I6i(&0HuhlPuol@*AvO;1wvCfyOkg$ z9sWup$V7GJV>f;+zlPQy_Z&?feBH@@LKTPH7`+&_-{Q2LW*he6qlm_d^h%Lz#3ri} zJ8^!}Pw74e5~18e?AnPyVU;=m=vnbJXK|4`=_K5Vx!0Q|Rudl_upePb-}l`V z2s7(5Jiw`a&82t;s$SN_IcRKaOnrbq>{G^sWsH_NmdK$Ji5gbYnQ7o|=20w>?Dvu# zoEj1C5C+d^AMgbe!hyj*;dgs&(m}`UYj)wPfU6~ViZZgruIUrrewQA%-M#;)Aw8Y* zpv~6XjZYa#u4^6~y@NAWi|syy?A(SkPlA0KcZUifqC8?wG9ND zQUEZdvJ^+~p!PMwKTP~OL5)(*%_V${q3C_w!JT8%@24{o6N75mc z%-56lpTM=WRhE~E#Zl$?M;JD{4XLyo1w#j;N&b)WwRh~iRaIF%mkNA@%BiAhUNy$5oe0D$PiM>nV-0$ zyI+tF3%gmgLxOP6;WB?_PHyrtY=ObF?vyP-OM^|;&iRwb)`rL!u>f2WBYRRC>{kbA z^6ikWFX2!P?$no9@9#7xHr7eJ>?j$>;ZUh)Z!FqrVMHBpubWE|X$aV3>r6X2BhmC? zE+9$@Yq;0Uts!7{sy`4SPv+kn9kxM>8+V`Ce*jx4Gks}>sDEnct1&+Z(sk;t);l!s z!dl^F62+14>gR{DnSX-NWL-0}aIXeEO}#%+i5uWB8Y27B0R#PFfk9k=XYD%i2_F3E=paOPTxuI z9|u>oasBWm|Cu z9rT`BKHp*lttW1=WbJ#01F3)MtoY;zO+jiPTUt`UDq#M{{#N?;-PsVAWki{Ip} zL3IUNEuS4$TJUPrR;pEo&rd^dlOv^=lhuYosfMAELpmWj-UFAHgLh^lCTgfEu}Wur z+}wwW&YyCM92}&zp(lvwapV-6y_3U$Xd;=&Gv)!T{sy%CVN+@TT{im;gdM~FJ;*cR zKLDlN4S#i)MoD`-u!|~dh62F&Rq03il=eBGE~7#6U+5!XP-rYU?|131XPzni=`Pep zKU0y*&9x7=~CI=Qls z{i8QpGFaGOX4kG;{^Hf8MR(axe0^Bsgr;&`S-Qw<|J07@t(w{_5q|gk4yZP%>Qx|p z+Kw8nY5TV=Hs7xn*bm;VD=71#t25(=iaas0S_1f1N?P4ST$EGr#GgK@Dwi+#>>>0>+oySg_qU+lIE?^D5w{v z8yd9vzN-^=)4TJ<#wHSDwYYiLRnuvE8>7bXZ?akJrBA`gA*e9re#<}pj?;28o4b>W zUb)2VssW#{7*KOYy05B+qJozsWk>%kR-nsEeMEGhI6XwK+kYX^m3DfS{o^kG8P1F5 zo0P84bwuR%TQZt=$ECqYBQ))!X3}ZR3iTZTD;Z~ol`R;R2T^B~)ls7ObssH{I>K`I zr475bHV#oiZ`06)CvRdJe6KD}9Zz>J3q15T_%*72niXxP zbh=^`H~hCjeootc_>+%wVtdl%qn+KxqBnb0xfzM;OZsXF&E9FxwDJ2uKPcRw{C{Ka z%+H8VaKw=rZwE3KV~0RqN@BjckmRI3I_a@h3-DcGcfzk`;09}Fq?>l$eA zqP;1gOn*n6;kT<|-qpQC)i3DXhGwnYiUO&=p`b{W_*W?u*J2;T+}WN;nv)_HJ_@mT zL63@BZ1+4<)>l+liiTUBwWpdx->q!kI_qgktq<`9_7+ccvBIUSbB{zOI4MQhnq;pnO6hssvYFZ;x1d5+{qX zk_*$o;(%AFmZ2$tcnnT|fHrze97lUD;fimd+NQwf6?%)W?X?VikEqXqgM0{A7r@+> zP`118SL$P=jo4NRkK_pteja`QFBGH)xz@gjBESb}XHqkY%d5XDFOR`TLD1hM#=qgYQE!G?fQM+rn^Ebn@c#qtm z=6}7JSwDHdbC zKnX^RK`98Gm++Pb`3T_0z}tzQ5P1hKjoWOW>EP|)k4*`6Zl^WXgBL;k7c)mR*YT`X z{>f7eyZ`?3&`RT7*D0>)pfP}JSFsdz-It#*Eq(lyX~lfd@yvWPSO48W`Yb%fQhVF~ zG1NUbBQmCJ>6R8^cj(GCP1zb3FNZQEw$?O90?{DL)MRpF@Yc=%Bf%hcmc^0pvi1GV z0EA0gkCQp^5tpwkhRN>0cbU%J%vRz3Dr+VXc0*6S(8sE{uZB4IXdul-h&&HEP1 z4k8p@pC*5!af&(pC?#f*fDRLUhauY~`ebCj$~i#2H8rXVT~Z{RT77LgXE#$lq&SBp z3=tOwJQs&u&MK^X?giM@MxxM%>fbcd2LSUY8BKJu#K`K6#lwuYzE0^!1Y%+!kF60aCX zD4~#qshWIXfZfTDjpcqGQvrc2RFeO}{(i4M1mEc7A}`S(9zYz)O}NkM^SVwulULL| z0Vva_Yefvz0KS3!hj6W)X@hL+(WthdgdjmxLx(;4OjQY8e0kL}j zD-Ak6P&3tT>&s`76n#yvqiB!~&(;{c057?B`d;SB&xr1M%-%n89~ zU>=%+7H{oPIhPXc<8i{gvI)m2jGIFh3CadIGrZqAFK@{l!qO^^v1JvRR3zR;gLrL$ zkX`Vldm9-|W=_6G8y#G;qd*4AxBH&KlR2PfLyzfg2JSlhZ55VboW4>NVR%aofo(x* zvEF_j z+W+yT<{SSOL`Rd>)wy^m)xA$mS0*2&U-KU>OtkyOa9%i--m>H896L%1kp zW`*Ci@BY#3>>GHeVs69%EvwemXyUIUL>}T$5#K%~fboj$abQrC$rjYvUOwV2mVib> zn*H)ca^*dsHryw^#L_}O!J07m*w%N^V)+Xy$V|Ml>&J_@H5_-pNARu4-L;_le&uOF zO0zdZ^FJN%6LD;r4^Sm3DzWtT7Y{)bcbh}q-&nO@RM}%sOlPERq^ksd{Go9k8JkWB z(=H+nmj#%3|FRylz+WQgqy*Qfn0>LzOx#cVJ{|B?F}6nojTZk_nQ-wL>~x6xghAc< zKkI^@X8)@+ns@2uMMM_7b+y4SZ4rkfA4sEZ5K!&{zSrfZ{A&-~<~;Hj`u4x3|LR4U zD9X4y+05@s$aS@nlcWZ)!Jo)Rh>mmXODyXnknorxYb4ii>#6u8Pd5x~=&400+_`Ua65>URm{eH6ynHd zRAi#50Nz1Ps8kPG3c@L>vHDmXh$K$-=%dl-ds!4XHi}_)*g0Vn7QuBM6!T`##=vMF zX!y*co_6>IR+XZ&KPyRxs~`?ZUDd;3YSkzwQ9Bh*++m<_dp&8Y zCg)R?SmS;0fO;e3!tQZSO?X79dx#Vy3W>sfn`6+(ds^OWpSNYZPKW)k;@;31rYWBJ zTN;fwVi_A?`B`+3;AlDp>|n3nU6%7J$!h{%tlnvAhQW0ecxi;(h8 zY(f&{^g|kid+r4mF5-1brh+HE29XBwno%?4J|{v7;UMDE^9I5ht%9{1j2litI@5AF^@o>F|#TnK5*-q^^>{avPRM?M;$6Fin;fyd(uZs z7ykHQUg)#={M}jgAwN zt|XkHNr=M09?6pV-`W}s{7I?NfGyfgAra3Q+z>GqcLix*9DFOd&Y=!@n5+O~nx%tn zD5kmUgc5>LtuP8mk<*6l9PByso}4(X|0Z{1AoN(^m%~+rDLZJ(fc3727&&l8JEl70gB;o0$yUHbjz;Csvk0g_hD1Wxg3`&dMrm|fcY zHWP8wM5A)o9vT3mvP~H4tiYSlo!%F8!lf6>kt z+OO-|_b~2-pKe&2p&;GKGUnXMd$8~mXD$$0m$jIQEqVv;3HL_ZY9j=jiAmxda&HP^ zNXpa)1fLfAYSQ=R=}4i1eqEEzW#u8FKY*DRa{6CvYp_$~a^Q%nE<$ls*uESuNnp9d}qc!wZbc&FE(to;sd(HTWR1yNx$i9^U*45S;&Nsq_ktc*@? zkA*fW8f}^*dJ(xA#Q`vpFIbAmV{+Q|^rHN1BZ(_Ed4i*- zV!!V;9z(YJ#BmUrG@nQnb6dqui3TTM)zc5Rcwo zup=gXheaEku(Zc_2n>W^HLPdLy)OxQN2}_$IV_Tv_;^K|JgE$tR}I+vTH3)|pk36DWfWgA=m&p^ zv>^8Bc-`7!%7A_8;u~F|cI~j@Q0)+?H~wJP4FG19mv`~Q%dotOD1}x$D}P$O3Vd#8 zrM*cpkJ3RDq+3UuA&y2Dk!q2X9!xfigLNYv&$azf^y5|B-eTIj)uGaSe)W@Oy(9Ii z7A5QlVoniaA5C_?7jHBuLX)qzS9uP1FD3_G#hA;r6ZvhQEu)V5?8e1sXFu|I8&)eV zETxi+s^95$fsgL=yTRh*4Z5*n8}HyV7>@4k`~;Z5%XyUoee|>3S8uv#`H4?}%j>;J z^fde5x@8~tbIH)9xU8|F~0|h%ypD=#O~Y0Jlz3_)HmIy z=Rf|_`6Nf1m4?#jmxSw_$;Mhc6>uwfkbmq^2&UuLJQ)>TARf;`XB^P^nIq6JtqEz7x_(4?l=ahg5_jK7H9Y0v-(3+xb4w0aLX_ka;Fm z7$USE0Wp}UkD>^mM#9a0JxjZ)72!nOy4~6Up5A!ba{M{A8<d$dSk=)@}_7C zja+#;1;~%~a|r<~tdj7mo>Lwy*fF*g-0Zi91RUA3Q#lVD0R@5A^h$Z@*z$K-l>iN3 zO@tk=3)~O&+!m+Ftnwb}m__Ak_=sH)+`A3ziQK1nP9pO%DZE977z=RzyB)<^KNKI~ zWC5!7<-nEQ$%13|9|%FzfG5v8Pysh<=mQ1yel!UccP!v}(b6mldC?Co3TE@dWz}+5 zfhW8O;Tu4B(fXFrM9FKQH*q8ZEQQUi>=yuQL&Fg`&PD@RbC5+Vq8Qfpu4eFWSnq#_)P z-hA371H$$46(GmB;Iii?VvClb@5DK}f)Kwt=#AKhDPR)`_+Eg(p(NxUIbVmz zJqB@SKBjAsMRU;QW+ntCu=b@w#Rffc)EoFjRZmEN^n7{;3`7JA12q;Z$G+$U_}{eO zfhDtL$AQic$q+SAZ0d85_=d%ln|ufy`2j11%MGyIZV;Ut&Q3zr5inBk0U^42W!QgN zXzG$Nh?@>ib5{b7RZ>krm^1~hCh=lUW)xz8=<|c!u+dw`-0bU-SCvGGul-90PlvB6EE`DM5|k%0G;e(XJ(r zwvSc|kJWSJLhrb$gndh13xvDK4~OVHz7z6ESLbn!jyMo#{OS9o#qJh8<1*ujT+y&q zRZqFf*!e9uR=?GNp7lCPpY$52kj{`6_L_5Ru)0h?-1cocl-%(6S|=zyZC#=6!XMEu z*a1lb?!(Pv4dFy-kM;36oF7oydL^;Mdg497bpGSrR7==xAHAec}*3}-`aEf5X6 z9?!b<0%w^y&T5nkPg0_d~^Nm9)N_@_k|P%w2bPLR|>Q|rj=H@8H()xGn6u^78oC1IR*HQNz3udl+R%1gu}o`$TXuF zB$pBVyr63$-3UU1GkNoko0V2?`hN#&wp z9d6nx+xz=lv#Q$noWbpj1l6U)dqaA^b9KgsjTgzj8;5zvjMHBm4jB1gR842eeM1xS zW)ECnp=~Ukn_J4C7r${hCSSX{=Jrxu)l7Y$PjKt=hUb++=YZE-Ubs*eg=l?2ZA-Am z_t>AlqyZ1)!NXBv+rS{Yn#oku~a8i!}k@P$egC{#kOwE#=6?Ot(1(vwU+o< zlAJBke$%CL8Zt)a9+;@l<%d<%9SyI7j@hmVswAG3R6C_?HXb)Rb`7en#OA~#E<0(8 zf^pW~uLI-!o%u7GG~l}&7}}o&Tg{ts_9-)Sg`g@P#r(!x&8E3{>Px(NlQG**6!}PS zJ8>E?qcW~@=3!zv$5;i=^P`Kd&eUqWR$v~!S8%ZlyW*8VW6|Fk^xJDHm&w%7PlR2w z3-v-TXQdQUepzpAU$2i`_cYnkJm3Yk$~EYN_=+=9o@I|k&_3hJt!AU=T^_5+cGGrj z#tT2LG{Rdh%N{GJvh5wJVvU5x{Hu(a(-ncq;%Cdl&krv}4SO(ZwY`*X8g6gbIzmDm zM;__V?hG(_2CbxzXg?OQ{nW$8lh_t5p~^_-m*ai5=(T-D#rgBgG{JFPKDsZKBkWgf z;q_rS*MYFf(nFM!^9m7XuZMzCclx>LXHZR~&G0>FtZ+1Z;CC}HXL;gQoQFe?dEipZbQ`BJMQAw%+yOh^i#mmMX3zhk)OQBS?jsNC@_>#OsNufLkP zUGuk$^IdmxF@9M9;qt!bi*BEs5{E_e%8wehEFS2?FV_-xUz$Cse%*M!{!t*Ex`b(X zZB$_Ky`lGB*@3M~u-^U;<=kzN>26B%wAJ?hFgu;MC z(4gY5ekn_8;#2v4CI)~$h8{usl2iy*_}1Jdc#-qQ789@#PHZW}TB zU0?SLD(x=4=oJT=l=lAgl_g;^|39E4@iVrBZAH5ZZE zti+JpP}qBsr7N-Wf4@k#k$qjg^YI*EOn=iKedKV4y%9Z@8qg227prwir_hknwBT6& zkp7Tu@Ty|-9h$$!X{eA#r+E7FxY!R;o44LZ(`=IT!7){y5LfA;ul zu3A{BQ+~Fg>QvC!FKa8fE~nvKXhV;N%FSJ}wW;i~TWJ@uYC=zUe@K`vwjGOOw@gy2 z^KN-P?*8uj4qfFq64{j|YSObA_BWmWNBsSP`sbeaWa0-~3P&%igG^T{abBPA4+w0R z&uw$}LnW>|-syWCu00a4{@peVS`Q#&Ybt%z5;2)w!Z|C8L^&%_=84q~VUsCn&GF6fZyV#1;-Amnrw$hAR9BoCSA7|7 zujgZ95)1blV?QPI987LtPz|!gk9zyBA#F$+(fBUzTJTte~zf z+SHt0cfH8#fglFttLZJ%iKuhpj^ zu9>&u5LVQzbl9#j)UL^LqxLwS=k1;ysDB79mUOk)Oq=E;;2#72!?QMYC&~3|&+GF1 zj93t9FeDa7DG_fPa5C^Dq~x?9r5!{6=6@E>5M)R<#qRYtbW1hHet=dwQyj?kLdDxBVu4;LEq=sK{2c z^OL2Rlc0|Ij$ znbemSo$THxn62@5zZ#A|?=)WYr9FG_BUw3LGC2Osi$YvAWJFvL?>l3FDM{MW(%Zy$ z&V}rcSaqc2C;0<2{N~_ywJOZiCw40A?Kl7_rp)*E7v&cxAveOH$V!-ef0DT!IfgNj`b6JP* zmAloS@04y#W!o8`!`n^&14jT9bDAS1p9iq<9D4vp(*(cw3qssWaSCucLJa<+39%G)mL3-*>i^8QvAon;4f=7(E*_4}xVAgH(sPu->fP;u3=68#Jv~D0)N5YLZYT^>(o!qKfg3k?GeAPiP^mXPP**+7)g+UJC5tS_1v_m z%kbWdfO~D0m0M2=O!^$pCXjlBob5L`J+NW`+a|VWbCnP5T%sVY;Szqw6rp>CKFU>J z9@r5*4LEZpXDKAD)^7Tyv)j()Jm-OCK$BMk3B9|Ev4mKyXuP)Fsy};adEtqzzm$%8e zm1ODYxanHow(-;q?GRWLNhka}$_M1^+h~xk&gq|nKP5Iy+|mI0cC3K4{Bm}<(F=Ny zEY@>fgN^hT>4b{gD5*pBhw;l|Ww7TsfHE3yE8ah5UYRJ~nW?Eb zmr8oeB>5`Qz_Xz8{h!~)0nIo;BN`ILeeRQ6%18&MbT;emLqbOP%qK~FEkuRjx2NLl z#z>Y(yoRW&9c4@gLlbv_4{B_Ez2r?Nr#t|T>;a*QL~7|O4C$-T?gPfP2U?1BgXiUO z7lJJov8DU`dH%BI-xBu6v3a0W`$Z#@J@|`cnSF(9dIt2|L)CSO-(Uh2r0MBk&VK{9 zFW%*@7`Kh!L7p+;>#wt5f1s9CwZ4OnSAQn4&I3iAZrn+M1WM=ZU~O4i=JH@gNgpgU&-BN70mW=ARUdS1}fz+s1UBlu_k#CG*E^q9xu zW3Wl3OS9)f+M`&-GlR?lAgK_GwD>jWS?IhoH|sONd~&Lh#ZTqC%3x%(?uIhF+DjaE zX_ts1OmK^HgQsH7+vz&KNO>OE`!KIAkxv33Vn?R@{W<$h`tQk>|C!kBg-oCP_=EBK z+|g0V%MGa(!LL9#*by6EN*Yfn7M2V5-ffA#_tRpiHO?My5HLu1yWmcdY-o3RW`0;Z zTQowRrxwGiY{X*h?zMYQwib9kaD(QQ4l8*#7AXp+00(5769tU}$9I5Qn88Epe6wQK z1?Jbyp5+9=304ONHl~ZMA;a|^PGXC}6f+ZG%b{Jrv8cm(fdHglXcQ9vjpaQM-?=H$ z|7+zD$qpzj12#EB9wp44!B>%Rv0-wRyK#Ml0v+`d&X@)H3mU`9(Bn=&DC;f97+AoJ z{1_3hJkW}7*X*^D@FE1FCggP%ECXSz#BOt^F+~M1&UjQzqtt-j!wZVK@yinhV7Kb8b)H~D7f+&c$rO)#r6kJ zS#vLTMLQ#BVQ~&*VlBRD?RjMg*OdF3C#$hRvsr*ZFCME75Sho=kBiRUZQI(nL zg#$a_%`vD!9XJJNjYFCV6#UX5g(?H+HzIJ>e!|7D>UL?#mmM}9Sym66cVDpNmJ06B z?lhEe;aLm8bBb|A2(o>6OQT^S7g2nQNxO`Kc4LI8ghGA|%x8xZVQ%t2mM>cfyg6Bl zUi~P#kuTRq-9A&|+be;^Q^&mQ3)Yyp7Tc^1CI|OEpL4{Fg*+$u=qBUMbuM|A^bXDMK&I% z8^Rb0aO-i8=SM&u6V75=wrz4uA0L$;a6Z`)#;1U?tNBZ1Iq4{<0}%|TT1jItM9q{I zehd#RWhrIO^yDDO$}u;cC=TtD+V2xYS!HD?oK!QuRWwmf7E?%P*1hs>R_U=8nkHxc zD-$Lr8_1G(5uN4+;Z7F}mv9Q%RY-54WZ6BMwv$*|&0x|B{9VnOHtmm;Z=bHTTvoZO zF6A1|yDR^cWsin15Qg0n{VSSU?yG@t`j4zAi1FE9&w4u{$OXXt*3O2{gR<;kFT15$ z@$ImzNEch*EJ>#?ijIYUkQ$?!<8fVO`6YB1>yN)ob`;i-6UAh_8beVRBsE}CtPo2H z+^UXm3q&QE`S`OSn6+TL3V(`5|Az|zdWzcP;5nc?L`qwD!evU7b;xgrx|@|;F#aGn z&2Tv1k390;?2sh?D(6+I@y{Pq`k)n2}biL)-g-rTWesg9xOQOukA|^5W23 zo-^W_?e)tzu=v^qT>p#v{bqg|cg%|!$}*9k*u@l)aXIfkv7kwcj^ukNl{pYCgoif} zcAM09O#e7jYAq(s7^1~z8f9fN+oi!**Sq;%!Jhd~>RpT0%%KGWB;&Qgk}&XKD3%|5_!-EdfSNYb?m?%yFZ8F zKXCqJzph6f89aZ24r3mHWG%FKv_p=Jp$j+>iq*r+MKJGrr3)0bzc>^xd?^si*taEA z6es@s#O@PGmhd6w)vJbD+uhnlT3jnS17bzX-Pdyb%H2$hAAA)~n3-R3wp{HBJ))Ok zRYI$}GcYPk%DP*R&b>Eh2;+6$<>6<6+&9tBR-O1|AOxd1brSR!XA3I4^LLD8#;+{BydWJBxxu<7N= ztr!7%&c2@Ow5!w|t}AAa=Q{g(W02I_*8a=}$!f18FT~7{gKL9JvgdxnZLp-voxgi+ zN&9Wjjr&V$@)qs6TN9S_Llv}uzgMAw(w(uam-{lagv@CI+l zzG9h!-0gOFidhg2n6ZRVN-S;aIPtaz?ZV}sW)lUxIvygEXoUF)G|9bq{P?k61}M+C z)J;XwzU@Q_W;w>{9X=?l>!+pb=Dz$^I%qG}o$()uP`7MA>dTW4JJ0cOhS>zaAzuw4oeWWaO4zm= zC{O4R!Wk*}CY)=N2pat1(K?y2e^R)R?`qJXF|z1&yRehOldCN|KPU5e7+eS?R>tF< z6~t_uW?upsV9TW$>VHku`PG0^k}DimFNHLJ%Rp|{mC{)uckeT=^Q-fr^nto?*(f2V zc0Q3I7qxF}=>w(^hC^sa1vI;1zQ}m&j`{mt+o9cNX1GTT?Jrb7g=qc!1Lun!xTKVO z2JGwl&n(_Uj6KhHPolH{?H-kc&o*s@KhmFCU9YNDI6AWKwM}flwyG1Vc%7}t)&JGF zO%)f<`eBD%up&R(#+%vsijvR7NcRxvzilLwKm7cD9*dbfH6$#+^o)@Kf?%hMAFp+> z;^bhS@eHTe>JM;}R)FEtzr8o*v*}%-FtE*w_MNaXKSny?#J-WFMdk$@uzY3Kh*jQR zoOd^X5VBPg#SbJisgN7sc0X7llmBS{);w8kV_SOZ1B_cf7P7o_i)@Y%+U8^=e$Uz2 z7l|H>mGCQp#%g%fZwbrE*2ZVuIy40X*J_9*gJTUP?T~S;f{N7?8$w!s!9pzTY*BuI>A}sw z*#mW_GQgs%UbMuPz!ULtlA5C@)o*iZ_TDWj`$B_@&IE~p_SgWU*XE-AGUFJHJZ%}4 zK{#tW_eRX1aPTLT;M9H%$CP&xZtE8`t0HiO+V1Rn)0L_?CLpgKbm(wVWW}!f^hfs2 z&=6^$`xv%7`_y?<7d|hCNuJ#pj}w}knUPmoxw?GLBk|v+0QDuxxbGmw?K2*&`yfmN z;xs11s66&nCb8%k(|+xzp)?zZ@r$JuR;9Q8OAPjFG zp9l8IcP51~)vgZ2G$QPB2n$?FHn){Mqlp=UgVKlOCj8UV{|-tscZ5G||1b}egWxH~ zigfnVG~*3Wp`Bq0LjA!?GICit%L_$8(bPyWXR@m)p*or{G`U3VV>(qfgnu+Oz9wBY zfmNBsz1vnH`~r41;kO}$^Eyv39@G$trPn(q(vT+rRJn2nYI5_UMtw+HTS5UNfxUvY zBX3mAp0)jptRUrl;1Q5#700J3X$lc-=Wo~LR}OcSX=mb>TfRkv2JC)hTVVHwWR6q@ zDWRmHoEINcFz+Qx{3xS)p}QTzDuj?X-mU9LPLP}WxY6#+OLlmf69~L(WoeYo42))% zY>bOXN*Ok&u)|-*9uAyG*sn0KjrL!oShUkZD+_)_hz(DSE|4M4ot|Yaht+(3ZB6dm z{cZ5)9!J7rljea;_pOX7Qkfpeg!p5D%sErcPwsnMw-TqFgmGx?z*&;rlR| zBjRb^V<#q3vNuUrZ=+!(q1+h&S38I7_ z=^75DGg(O=XsYPvy1>SchDy{-8QMLYJi3yaGCJuZcgF&s!4enTqU{JJWe+IzC@7OF zh|)e}CeC<8>9A7|tWW7a4u9c-KeB2A3YM~u=bChg(-7#y!$gV?ZMM!2AZBAh<`hDB z!!S^1w6wTGAJ6g>8&6BV@&O-X-5=OD4M^_FrC^qJ+Lze=KcG$-e^Y`q&9?NR#d#hh z3;y&U&0eLa_>iPTG2cP$y{qKGhD`W4ZhqT3CH|Uu#N1OP z{;_=X*t5IX`lO5|R`-3`^6>;I#Q)K=>Tk=^fP6#?*be(J|9o%bDJ# zrhzq)MsG#L@u)fBdAH@cH$2wgg#+QLVcUg=!?y(QXq`L?IaosCT zX`+y?(4eF^LNtB2Nx-Vm!tY^a8w4|7ZO2i z2@fyEWL1kv-a@#-xu-6#A6bjE=|G5h%hjp*b(pprr^3gVivQhxZzp-qRU)&QTHYHm zjF9mCsP*zdvAGZxeLPSc!gcjI-zd=?9$NVGTdZ%+Cguw;W2%V-nv+QaqJA8_2-8e* zjpCZ2e5H_P@6Y5H?roo7wJtAcvxcA%(LWwbIBCq8*4sJsnlPMGG3<50R*Dg7VjhCCEbql{9ch7E=7i zew6YkaCe1etM9h$QKFg%NY4r!UJT_a%$?Av7vp&IFKj3M#pQ)Y*MVdicL|Rv5$+;p z@38$@z4fS`y|c_$O}|NCoF(I|9nFPAHi$jDSQV@?uHzq2!TwiR$o3@kKX?7)lw>h1 z)pBUz`~J8Y6fw+8ueycB}u+rbJp8y5VeOvk+t(%M8=BoR2(;uEnJ-Hw% zj7f+n2pFmEZM_Y#uOss|<`I1GA^pv8#}9PDBU}K-QxR$5CV(@R3+c8+=JSzWbv$ZF zmFNqEhDHE zgf)r~+3|OUgA|C^@sBp8?R?3;@&wHN_rXEHMadvK1d9=GqX>vSUb3d^_3kG%+|)D4sHA5Zfblv!`c*R+SJZ8+!~clKrod1A{f+&YK^ z0~3bee?ideo`A42WTA=l6Pfd=s36u^xp*Ma+Dv;nVXOJH@!U+ZNFsGw%6 z&~z?Qb@t}(CkgAR2e7GLLtmZL^dC6KgRIDDh&c^+0m-P_)jxzM=B05jjyNwm*(#Ua zAH=MZ!DirqNvmeu#@9ap`bcsWmvy=zBQ$lJ{U8mhWQ2G--#Zk8!uV_qcaSJ{D|$Y6 zaX>u1%9KU+6D%cK6*=(P(3tVgziV6hVmlDd9iF%z(RJJIg1ijzx3EEREBvu35+$Tk z1zOeQtFf`MU_oBqMg=9M8*HyBOU*az;A<$I}ruqjdc*etfu49cVSvC#E9Y+y;8 za^Eq~6ZzAEFMcx(VgOkIN9B8KDQoW-5RWCs$#yU-#Y&iYjf(}x(%hVZePcKrK8^L+ zY-H;}F<5Y9TlvO5vzeUp`8Du?mJq%ir5J%Ct{rNM6%X!-$gmn%3L3Q^O=oTD@hbr| zgRd=0J<)`sYWvm+(8K62P?3&0(SAxfYBh}wrc*dqyN1fzu`_g=?j=QMl%ABl6(}2c z-Tl{US79!nI+doj!DvI4qP75Hr_G|2-w&m3z!Vtg=MX&tnlq8rcs>DuY%%u~!Vgyb zXT|+`{{fp9_mT{UeUU*5N-=dPxUw0qQ&gRg+48^r&tz-iMqPKzamBzFq6{%>}6 z*1oYDt7G>juqx5d^ST`vPBc`h5|VSI!qx$Jk~AfL^S};`${V}`f9UQsvbLA>RNl|dwq6TCqY?@^$sYI|70anz$l+TU#VJ?EAt zuTT65A*-}Q-9T@5U6Jb;mrpXF5=x}h8?el(MM(-HB<>WhP*?Ab0(Gbme47JeCGN$P z2+2!B9(9MYrqa;J%7Q!VAnYk?vGzpE_h{~p40<`_Pg(YMcpl7Kztr&Zn>q?;A;+jg zTxUR1w{z&Clpabh9I{(#o?hW4jeJo=S?E4>VW|a^bLUYzbSV9Am@ilAdP3{ZK^)(8 zf)theYV<6^kR5hT88vngNSIvtEJ)Ca2`>s`>oS6wgveYbNbzO?q*&-bW5P(CeQkRf z{5wX;5w!5eS8(>T%1<*ukoCeX>DZ9H?EhTj4@IDf`@sGvDkbHcd2^pyb|k&g-@8Bi zh**uwt20QTmKmI)f_9@L9vu*rrwAv}#CF#_jh`$4n0JEmcMFq@O&UE)|cO7PJ~P__*OpjeHewP(cKPbsogv{C6O@kh5YKPrdUEBnsnn zTtUupo9yPh40*|PM9%I7;S znkPhRqx+A+0*1N-eI~FUjDAgD(%%W&V5|o1M-F z2Clw>Q7V^^M}r*D9s-g0V?U09u0*93wvTb^o~;B)$^N9$XkayZ`BrimObG5HXGK`L z*%BHTMew8)_MpctgesH!uMngAZ&b7Hhtuw~lM3M{)Ij;}&UeJS%qSHEV)irWZK99( zL61*jhbh+^*ro}G$X6PHNg<4-I9ctVuzlWobfx2j#DsD20kut3JEwSxVhyErJaUhu zFzZMuN6w}aN4o={QCh9BiL9~F(E?e+Nb))#C_5H*mv;TH-oLb|5cil6#cQ!<9n=KO(M^-kZ=@VG5CHI?93z0;}ZaM`#0 zjoHhscUl(r^?O?nJ}=n)ef6{?DCwcy`wuUk{k|vkvb7PcIR$Kd{01S(u0HQb+QP8N zDfkPB0%z(mt~$)h9hW_XXo7gTU;?J*PE{u1_QCI-_sPx|0>jRqxn!eRq990%I*!7p z8?nFyj#MWWrT^n84>n5zdT2N%TWkA!g=P6^m6>`7p9c1zLBG5C$D&GoJQPV(N-8ZR zD&bRg5#WO;tHXE=Z&&FSa3&Xrp8IgJWH*WD+XJcPJ2j{=VHw&`h;>gQvB0QVCbeW& zz?<+bAPC)^aPE|+?8Ch!++W9^5)>3IW%Os?eSEnz#}-I^pe46ioHl!Y7@4Tp z6;cV55k(+0aJ?`-Tv9-x;;g{jjHu=WB(TA~c7V0t8=wpx^_HLCdHf9`8&v3BLR+txa-UXlkIn^v zQ(PpB%FjyIgUbtpqOC9q*NN+p;39#U^-C7fZ}r#G4J;ih>@6Cq#vg|wR_t9dQDx0k z5Zv1^X+ z-W^PPQiK`bDmwB{tpDG4w`M(^ETEkD;o;$NzP7g3s+R}V-gp(Q_xE}ptMhke;`!@9 zLeLMk%NSv_=o&Qm*#M-E=2oAbRPs&&sm&^8cd7C2k1QV#55^5RxPSiWG%08}LQgHr z*fv3(2bBNVf;wgjyjv|0&;LHw_)Y-$7`5Hk+mB@dYWV@3Tv-=#Csk@$>y+=U+rU>> zY0G4HAe{#j(ch(Cx3cT*_R&OZ*e9f3aBKsA-SvN86C~gz5agWljlKLas`Sm9#jTc> zmJ}HonSQxSV1)`c)Na`TC4c6aP?T{>*TFa#@hj6ZLtnkK4zO}bt9hMnYYSrJOsTJ%#G zx4l(gvDyGlZPp3Eizf#c>p$1xP*~haoTtyHU1>HQRP=ZU(t}*22&l-d`qosr#7OU_&ZmoiHH9g*>T~-@*e+Eo z@V+UR2)|Q+DVit`8%{CJ2+t9>gy`i*;}?xEm50>-C6h2H+f;dHkEUVV;F*_k7>29U zoWYD$*fby9@fjy$`|s0y`V@KBLL^1sKh=XLu_>wVriWHlnQXgr^Ut&AugALC)BW4jDM+Eg)xm6PTZvIuQ!p?Pj4;SD>i; z%$#0BI;iGpf1;w%xT76OQ6e#s@Im|jOYPt9iJ*->Ki?S%n!5}asVLB#|88&AjV}`- z=qP;+$^+*OH9&}Ot;P4ehLO8&mjK{%PDhjlAumW1X{TfM!&S~`ccpPRMV-anTbqYP zvy1HOP?Jif1m+(M3)XUsPxoVgUKSQ!N-$cbG?Xc({#Gk<`9(!2R1zr7{QUKc<$g!W|Q5d5tzvHwv5jvo~^1Yio(;@DyaGsuVCyP@8E-w3d-uD z=irs`^_t*+IWscj@}!>tTy;}T^)8eJh?Y(@_nrIsLCCqQ`Ob6_hZoyG2*4tFw$ms3 z_7nJ|(7}qZay*K3MsDWPyT3o()BxvwzCyXD;6#*!*ki~`*Es3`)9iD85s!3}^V!*` zR%u6P5jQ-VqGcAg*e4*Kw{LkWpDjN3vgIJ^NF$tek6Ut0A?8GW=NlLCc z{z(v70M#b+CCT1R$+ke6@22Mmexj+H*X6&1L9wVQWxHGc{I37bYQS5YFC(TL)B#RB zss0V^FnsL>rbtomFCwgc0&JP})jtHArOm2|Cod=vUG?!4s6h;r1%%&1jdO`@UpBD` z3YWMFXZ^(XN5XgsifvcBGH--!1VIBX;996n=kv%=QMlb~is9duTUFxC^nq|IsX^tVKY2!4;2)dd?)Gu7vMdvrgax|0M#6kP=p_-;Eq9tQVewXT za;*nHC=1t%D&XV2>;n)f-$5`ml^uCFbveQeJ`OqZKiO)uBf?O_|0e5lo+P{Fb;z)S zJ|w2)x`QmIw&BBuIQ24phF35roC1nCr5!BRM$Asggnt)>8(xy}SF%aGIJQ685Dp=P z6UO_AJ?|64Cn}V6n&4MI1gaof;^^H}b_@o5iWEki#cLiI#Y3x;OAJlhV>P4*`y03IC0l@DKnlrEGZPpZ>1F6D+c{uVL4A+Y3+R7NQGkD%x)C% zndfeKRY5>oIU+CXUwMD@@@L{y{x)WEpQ+NMu7^Zwt@C2hG8&g89@4W;{})|RQ+`LV zKmF`T$Ma>ynXt|R*qKMz63c}zE=}1j!BP#VJEe!Tfn=K1Tl<%V$<@6i{!cj*Ur}hR7Ev>nc zfkACZaB%P>1~0}3XlC0XGB1OtuF|!$S3gsHH7K>17EZU5{~!y3X%N~yR*g$yo@e&4 zyoy-EGS`ezIFd!Z-eiRN7$M>=wTvOlpwym9=V}2U7~Jm(mv+{wkFO)s7B!75Mip+| zksI76+B_@nGj!!XBGpZta(CoOYWyjw$3sxAk`AH9)V5*9a5^dE#$<|>c_C-lRH{UXm5D_Y@TC9a_R(*q(O*fLCVUywD zxC|31{C=2Z2AAv6qi+$nHga%qT%~_oJ!Zhm954cqfew|!Me-D*3o))8GRfe!WSj2d z1!E~3-9)w${Z&pqgeK3bO98_SA+*v0#+Q{>`5-MCmx3sGTLwODpcIT-GoW zLhaL|P+{Ks(xD{{B-Bd3ueWtUdl}q*KRP-iN`S;%<&w)|4d^)ey~O;!ng;}Pl-th1 z2Bu`NRy%hW74j*Wm50eU)e!;=O^=O@r?`cL_Ws&23C0hbTwanLp4ukGoKGp~2Ak|Q zm)VL&(>}4hH7c~4oyF{U>eXeO23>z6ZQRN~6Ls%+Xi#(l>|IY0v4 zd8c%>t7M>VXmfos!lwmVj>GdQotBBtQE_(I38eTrok_8VStzQIs8qHc6 zk3XjKXAQ@2!3{UyOrV8M&pz3}#W3O=3W*)v{Pkb)LxCQ9O3a^n38G=6!QUv zD-PB|8aU{^H4?+=g^@Dmo_dumDo@4N&q#*POiATL6TogPbF=zOENj@L*~euZc!2!q z3KP%ZtB}SD-&Dow-9UbbN6H$j{1d|GAh#X{8rhmPYVD0hYjh~_9}P=DFhy@TO9+TJ z_b_&b-E8v*;4p3{;nZR4FP?cx350VycRZE6MDuPSS{vOFug#r6#Y*^&_r2iNJNyT~ zDa)6YY(aO>jzIRu{Rn=P{cTkWNY3gMjgq6GvT`uLR~16@@F(VhDQ5Fd4@LBTqSoVX zuAbalwE&aO*9>x*`44b3KHYkGQ)-~WZ87rXuS~UxLF8ag`R5-Jr}AuoNrXLp z&L?RnK;xL-FvU5}*x&W~9(QW1X}v+^Wv`=0@A8upojHHar=&lT8~d#Y!YS?FEyRo+ zQ!!Cxb&npjDDD-pJm;Q`gPHc->%NOWB*?eqI2&gi!{G%)LDet)K_Ei8SVO(2Wxoze zSupkxq(rw6DyU_7C+y)3zH-xJ6phb795GsZVl6p8D2?M~H%E~8&rmW5H;hW$H|a;$Dl8W!A%c|+tWFIPb# zoH$NJD+@C3p`c5)Tcfa6<^N~@u@mU$5;>9T;-T&&L6>ue#Rv(OQaMQACU>^!tkoS% zISL}~s5)2sK#4Bfu+kjzWAw7|6gl-mgA9no{bK0%NQD}wVmrckZeXLiu=Pc)S2Le3 zmfH@9C@sum#niHtY>yRS6`DOHIxSCI)ww4ErGHUtVyaz@S&?#wLG3*xAuB|WDA}DJ ze31)Ws1`gJt}g$k#%&=u0sjlUH73L``?=WU!!8PH%_lA>ZpRyMQ}rliQ+Vuwu!kz{9_Pxb?p zXGfYVq>LU*4*3vtEC(e0=BOq`kD*OY`x9pVUw?*`4L7t*&Yx%MRm(+L zum$Wc7+F&bSio^Y)I(q+6^V3r$!C!05HiQ5D8ufMO~ zTxkGiSLU;gT&ZV^Q{P14dl*KKUV@UmH@xgoePIHLuWfam(m$5y0o9Ea6ihfW3XvF~ zyE|=_7N#Z*ZLUeC_0c-95^q~ki0nQ?@NJER@i@&vz>+Ex4j6LyM~JHioxKzMlQ?P? z!i5P9uYUqR&Urs9%vKrw%JCm*Cvj>eMd7!pt2w80EXRR)#H30Z!^Sk@+;4CItQ*`B zEk&dolZV73=$xD?wvNZt(op)mhrR}0M>{I`P%+$tO8XrgS&QLfVy;(zvTSF0Usg$i z80uc7IvSyPqKIR+(Q~3iewu!!e*Eum0jqPn@keN^*WYRTbpLf@X2p(EOUav@`26_x z-Z9EQUDy5563B3(i5N*LYIy6_8nDA%4NKfiV_0R{3a>;g`()NtFmw&0)e0GlFhmj4 zJWAVfH;Eb`}iYvrUju+4F9;Kp;&-*ugi5#b-6MLdXTDz2i{e^vohR{-OglDLQE9D6{yH zR(2<&M(+DA|IL9)_&+JjjjTK)Xu@l6flM5*)ycp7d?TmRdUYLex*=Qdlunw5x1P`4 zyl`Y{04(}Ht(V7ba;SXY`N+eGxS_s?&lY>Af!3S9PL0(+Q$|~!ImtBNKurGaf2n=( zHCps?Uj6r(U){5w?(E!kJHV3n`v1o*OV;RW8Wvc;6;hehDy9AE{MQ~lTk=1Rfe)Wj zFJ3l2p7GigEcMxBIX!|t9imguNSzAzFCQK9 zW&;lzJ^IVfQUferPPcaG+?ss9W8CucmDC%+&{usS9w`%A-cZ^8Ts_f2Hs#c90I^9* z+A7ecrRe&zB2ra1FY3+~+OevGr_ z^%rwON>>}*UmFVTe@7A#iMsS_a3?}U-nX5jnqXswTuN7OooD}LQ_JQIO@A0+UE;kz z@At@`qD>VrwF?xiFLK5Fv! zdNKK~e!9r>AX4;Y;Lj zjHDoHrokdIft1s711)E1nDRt6k|j5m{QlM#fJTA;-une0m->0<78+q|M`r$z^{L&V z#^~dX#kr+BT*NpTY@c7QgMc}9a7|2hvJrBJRyrc!gdgTpJGik}vN^W}YIIz~2i_!W zwQIes#e0tG(Nwb3QODl)K6wIxXgYbXs`!SGMCVJF2r|wK%-Pe?)%~K?>>;Iu%=pFq zm8V~?E)S0K(w5e91r@3ojk0JdYK**YibYZDbxBI`vXxKhhJ@I?G|+l(d%4f#Wvx7e z_69|R=Z`c`HUj64s@%Vv2FF|;wjiuw8fV`?^>A>q`&gcr&;D_`Dbz>qOx4vFizw2x^=;y z=Xks#6LZ>MH@92+Q#5CCue-adt%CPt1~~mG1zyz0w*aAF{&p!9*N0?{wVqEK9eY-8 zZL<&42(|py1kQGU4B3+AKJU#*9zKFf0KrG8`gM89+MJvoCo+GYtph`pwD>n_30eBR zCtHumN;a;)>6C5GR{rs6y2TEZm`p%a>h|(@0PDVZLE1CR$3KH)bCecCzts05Lp|9q z+f+Yw#O5%6d&TJaDN6hMqF4XFTKvV*6q2>e4n15~=1rhn z)gc8TZdUp)Q4edegHb2j&zAqYTHTZpyGQs(r~ybHGw1(xT^@GaXx%a!{Om^5M!9Qv zqUyrvmay^3sk-P0BY)QC)p+$ixRP>k#Z2jo24K*4aBTQhTxt<#tiHagv(9lGm?u^k zzD>GLWYo z()g^%{w#e=BwU8K?OSkZLVP&ZTK%C7#3?vt`C$TE-a{s5(Ot(C7{UpmD*dfmy))4v zp|i+Nm7_Vk(rF^)2Aryv`*AkQC6NPv{F&_azZG+AM2Kb6w1_mz?LtEQe-=_V!3*HR zANJ(%7ZeShokj0Gdv98AwzUC(Aq3@2|HyjVf(e$50Irk4_G!FnTjg}iO2fdXUyTIU z2OrUSx;ILJrwQX9KG%-}bH=hHGP%mmfW24wZ8sLOlntYi``$8zDYF-&7qwl3Au;xR zB2^LvY2rL-6C<}azHW-ItO&DW2d+60Z!g80OHc0b)Df!9q|+EIZ}B|mdwLXc7!_BX zS+U620x%xlB?NCKWXje1bna$dtRSe3`Ld`EV*ABtR~|geAHjkdoAx-CVs<8v^SRvjF&9V89j*p)FQqO;=A-zWyUfj}|RqUen(GpNAm278u7w^H@ zVvbj7L{$w_z9fo|<&<+?$#m*0L>qo+vzwX5>WGe17+Y?l_3lejH#hS^HA=lds)~kJ zw;Mhwpr*@rZUtBA3{g{hX0E;-%-noCQ?UMA$f!1pB)3)rWpS&{BZZ@0_awr$TgWg< zW%p4o41C!tZ#4F_C|D{>JmhZv`hG-29;=FI#ge2NQSl$m;}SZG1m_^2x9ZFCsCuFmlG-0;Cu|vf zRzjVcr0_T6eZ30O-kD(fL!Ue^qWuUMBBf}reb4G_#YxDY$)}(5(>#dOSdoBp@Xz=c zUqhA#k2{RZ)gv^}*hLa_g`QN5znGbd0~`@PZr#D&Wm*IVJ0+`)81}SBL4SkG{!r17 z^0DoE>@@GSmb@*tppdpD>oH^e_ior4QeiIe>4UeQ;l}=aSldM2@|WR!sBFtv|CptE zh3!1@`o?9VB9mHToU{<(10kP{Q@FY)>x#6G^9836f?FtK0z){q<>vQ*u@ax2cEu3T z1dADH-+e%Q+XMrKjnT9zVYYBQWUl|oYBo@k1ZA-pY<+kz0jR<+!#D` zoWN=}%myc8Ee0_mC0^D<&MI?}gd`jX_VHaIYa0@ePlgmPoHN}_e3lLh9YWr?4I_yg zh2g^R9P;HKtRc}XRcg2MjR7Gy8?*7supPuynFFO`F>qfOSUG4e8SY1NWl{pdkAIjW zvF6?6r}D((%wwJDvMh>6U6Z6_Wab)F;m}UfC63vc_;ecM+sryx&+Gy~0$W#zn6-Ht z+zPmCXC)q{3wkdXu^pi~Mv1p${MbYvSDI~t&H)kTif{-3Y&Ub)BrOK=qvw}A0FZT$ zSrTZpBZ9d3Y2H7yR}40Rhgvf_`Vy%3LH8@tnM;?ExLoWKh3W5 z>ONO_4Y=Cn)G@eT^&REsa05O<2>Fg%8?fg;8yt313$3QtZ~%fKb1>oK)C-hLk#@B! zt$iTyaoiWV-fA^I46c#XJEiys$< zw(sTHy*(A6eQQ?YkD6>JbSKnY^W~d|C|K_wT&Q?$%t9R$=YfIF;13bN^hy7&8!U%~ z?cox8DPf)2J&hFIk$~jKHivUL82s8(@>Vhk4slNGLpoU5`m8kGMTXu{<>{8w-A5UY z>{lZcO>BY8IKF|8XSbHaFwmJ=Mz!ERNci+{!uEEWR^1WTZk$O#n0;MMnMXm$;uP<6 z2D@qlPAZ9*F{Ncnvl^*9aJ|yxe)F4Qq_I|}=+_Tq^0p~Vgl(ex&zv!j{Mx1+pgSMyR8`wa|@TQ;|~RVEu<)1AHP+dbb7&l{qlIq_kZ_rA|Ihwe>)s@=PLz*dIv0j|B}9bo$-M5>>jl&BJ6wT z53P+?67N{Ix?hT45{0<~k90bfl9F@J9%4gAAOHIaCT5B=ilep;j0l(KoesY<7MS|` zhFP?NP+;Qd;FIz-mQyN~KV--G&|yu0%B~kw-0v+mVk} zCJ3XtX>F{4M1yASrS-lC@Uo8^zi7Y zs>;;(Q(zNGu2-GL?}T3LAgl2TC)|+8597Fa&U2?UISaFBH-xOB3UJZxs_ zAacJ>1w3MXY95-i_)|5mE9Q8AFTqu z=iWJ>7)|hfBOiF%D`Q#d8dGzi$0q2Bbt7!8+d6g`0fgO3jyMIelD#EToaRg7hiRO7gG70un!N19J4=31H z*k%WwIbNFEp_ZXKxI6WnS8(MFDdH_CFQ%e_l9FIvsU;L=^dOz=z#ARV!=zox$cf<&%SU+o;m}sly}Q#VF#A-exHI z655W9{OTl{q4yy!9n9~zHDVpnMKAlmORf}ld&#pfA%Lh$+Q(;|6;zxs%*(?gt-#G) z>Iw{UkG;f`f$RS9!S8rLSIi2e7)@z%U&gD<7t25Y%s|!K2(jFNzkmxS^MDorHS~th zR=SYoE-L2oZU={WloO~Fu*N6cr_*XnHXpbwmfP<%R5iJ$>c&PYw{ay~1{IR}3S?MJ(h=L7Ib# z2y%!wF#W|i0!CDBLRe?Q(S3}cwDF)HoAbbx)q_527P=Omoqp=`$SV^2?q*ue4QwuV z2D|_M*3y3{h}&QUM08LVIRPbZ9p-(hKxNuzX8b5VjgY`!jrgh9%T(&cnyw!mjrS*{ zh&N1hr(XLZmq~`$w9*0~idd}(-{GPnlSz;#0k`n80qWOZ#bly;{42==Ww?v2y>Mh` z4yV*Jc%QV=TNco zC7#*7YCoRMd7mkatnl@YS4?mS$59AAFdaqL*#wnPAU{lr@9graz4<;l0x&|i0hj&e zB*63#mp&PP^yG;Mi$3d16t}rR+PQn?@EL*a;3H);B1ya(ADd_%LZL8n#C(}oCuw>b z3-izrmuu?isT3|Y6f;5w!p$L?xZ0@9O%tl?i6QX_8jkD(WV?)1=TxD>LR)?f;l<l!@mDQDJ2g&&y9gxEB9sA~x zbdFKecpVHr65+5T35$dy10kI_it3c8eBR*SAJj)ZE)uE*z}>`Mh1Hzl_b3VNdmwja z`Ye2b-l7~dDw+(XyCSw9I!-*s6>*>VNT#ls!mJ}5O&zSJl$XmFcp!Obad=wQcD>c& ziqY*bP}#$*?|<@8Ox%~Be?%xcS&ewJclY#c8-#q*HnvKtIKjbzv`cg7Zqx0WJm#k? zh`mIx7qsQAoLy_I-2nQ!)R^aA&)<23o7OD-nsW?S{;v|q=q^m;B=fa?2 zQNRlNthd!;kFtO03?!KUX}Mb*DhTi`?d}>dl`m~BF`@F8Kd@3wyn|Sv+#TfOlG%eE ztLC%rP!16nL&KSz6t6RE28s$-jxM6AJs!uZISlWWpUw@{^mOIyKd{zyN%mfg!IiMe z8<~>f77(%!?Q1bUr@W4Jv}qECA3~QLC>++l&7`WFc7BhIatUk`IRNznWh^$Wnc!Y3 zq)|ByVwb}ZL4;MhQh_FNR-HN2CX-fo2U`L#%f~^6ftM$}b^G^f*1o?d{;&U(z5f)D zsSEQM4N3qgAsK1=i%0LYHfZSRzzcv%uH)?N%-#;a?;DjY%+$HE*Gj15@)#XKmS&C#m-YGE|jG0 z(o*>UY5`zRp#Vh_p~s1`|CY-6^i~l4WNm#tsgFiF4dLY)>}~W`YqEz?dGTwI+HrcUR0p!t<7e-Rgsb!6#gWf7KQWAWXar~Y8v~OHyrr|UC&JcABSbD6`{tbDl z5@a!++Js4F483)12uL@})uaP&{!`QIqWo6buT04I3^tG}cRB?Kvu5+s(?36JDj~-k z!0JRX@M%XmqPS}jJZMerT;Oki{YZ0Sd5a%P|8}1-LHu(uKbWpbYqjF8W70Q=9%Nu! zwT)_z48TK5Z!%%NN@I-oYKf5y$%#4EAGz@3iaz-ER#olGcUKPfVOf#jw=%T}DWaKL zp7(O9D(K8E?)7lP#7xNQ^{a3+<1t)+%6R6luQ;;d6yn?MFHPZ7z2bCHRv%QIBPNOB zR_=ySsug#0)xj87G}1qu_!>OB{l8F>*TMHA-}ET)H?wy^%3gUJ8X9_8ySnb?GDc}< zE@cgWv)eYho_cSvas21kX=%1=ljE=N`QB%`#Rjs`?NE`Lng5mb=voa5zzNrf^dMt= z-kZ@RZOzOU&jcT5LIluHH~OFM!v6jhsAM++8jGw!$NEp|h!7exjxT7=B57BGLX`$F zd%w?P=XF^Duu9E)1(kOj)zi~dj84S?g(R@S_2h(vCi(wlxI+FoSsQK*1RFi~S6QrH>jXK|)^8*9g|9=*(8ZXq_r(*h+-1lRL9)igOYQ+ivYA&${9! z?ou$VzS!4mi}lSoP4_x1|M&|aF;5z5(q*E_^M0QiZGfkx zPt8qRK(|RVU$Nc77dfa(Z~oB-@PnO%tIALlo&67Mgnh9!PG5kMM@KgaK%k1z#|r?d zc#xoDP{OVlAm+ICX2Gm{Y&2Ki*PBc&mB3ek+;;O^n9mhrA~}E*0!T!E{^8oI>1FW% z!nm7exW|PHz~swpLPA5@#8j#j;H{!+>cKXE2cv!}C!qI$;xz!@YNTmHCV}O?gJ@$J zdi)b@N+kk5Mu8*Ym2WfufE8mkT@hz$_R1#V&#%uy z63}`Ku+}#UTxl3ia40#fEN`al&LuHP&% z7-IlolTXh#A;y^UeAoPgs3iKe*rM_D9@!J0Ym@iILW<`bMY+8K#>0=cdv8HGm4Z}G zOi-;q3=?cq0C0S2I{X0DU7oojl@~GfEb%x(c~Nn~m?P(`-|}LLo>^3K^rMrl0&1iD zX9Prn+15h63DzxLyUgYwe2-k>I1BE%q zxi{UBVxEZeRJHeQ&$~V;r}(4znv4MPiCuE% zab1x%LhoIHN-QE0@&I(N`O_u%04<_{hM=jIx+_IbWNsCw>R5OW1kGf$Ly~~}r~G=K zuI5paFZSJTlKdf#{R<60cKm=}$&6$Kn;c=R9+1ddcmy=pZlhoUF{9w%Bc%Q#LeN(@ zuMbYT;0^bc{zj?{TPVaoo-&YUu{_}{^igvBg^x;q7(qBzuOfwAy-APd8m@&=#Gnij z74ocyyGfpa$y7%gMRf{*!lZ&hvQyUT8ba7K(o+x`_aP)i_?YaXwiVt}fwx2dksv(A zrm%v{x%Z43&D5FfHPmk&qE;qK+0AkVk7XaYPge<&#>q&pgbnMpYoMYJZ0}>G8*F-? zSonSQ1Mk0sgX*O>0l_G2ccz`HF!7Dc%*S%-C8j}Iignkyrp9gWKa@cFJkN8cAD$6z z_$m{kh1EbVb|se{Ans&uwZtlI1%LoE+ZW&Q(})v|6axddp)83XUy5!C1>2T?zA`Q5 zT4{?sMsrgLkllW@J*EcNTKSlDgXuc45-T~UjRz-iPcAv1&<`i z#2@9G{)e(}55=njhKqjD`oF&vQm}RFeB6EK;l{KK{ub@5JbQ2tX$&t91aC&d9j9nl zDVHghu)}auc*PEf$^;^1=P#-gF`X=oLvZLt4g%@vk;1H%5nk>Baz`NY^F=KJj#QbI zrBDqvINVd5kivokXQsEI>H&Wl4l#hAi>K=iTc6EDJ?J$9pq7`W|NY~D4G z;ZV4I$rHhDDp`#EYkreuz^yThk@VDGDjka62&dqH7L=|Ohbwebdpvlg%QPi&*I7;F zQn|0AFTb=cv4N$+nEIIH?#NDi5Uw8ps%aV%S7ZYG@{to=rE{@{FvdyiAMi@qD&vN5 zvTkGdSS~g{K_}WF=+YC+&wU*P59Ir;9@i<>8@q4v$=M`xpKs^K7tEG}S#;Ugs4b#6 ztXQGpq@oR&xptRL0!Cd36H&E=Rex(=>i|$TtOr+}b#F23qD9k0H9zF~%p99si^W$| zX&C@ibn%}2$hL@pz(YHds{kw6Tg1brl`U#h#R!m~S;MfO3!D$at3loTc?NchWlJczZ-0M>*&X)FXIwGetSy4#)h>fhS@R49r2)69h8joxtgl zkQ&83wQnjS<${%8g2s5!5!;X-bQRrMLSK%IkF{UIpU2v}<;5aaIJ%REQEg|@-x2fi zu<#_|qO+spJ+fFav?hlfB&r^GNB##0sqM7dr(`e23^3AIJW-lj)-`3vcUcoscQG} zV9A_3_S69tt!R|7V!kXFnm|1vSK!*p5dW9u$*SC7Te^g}{a_CM(FOwr6`+CT@$bwl;+1~GpOAL~;~~e>Em$p*?Yb=!B@+-wU)E&*??;5^E~ny!dVT%Y>K) z_5*?{2#OmfiOS-=iw!u;Q)RZ4M@65+t4Hs+Vs#D`Lem*U`i5GEH6Oq3a#)DVDald_ zx&8?N{mzxtJ$7}OklKT873t)vaNg~*>S{MlV5_?TYLDlBQOkO})qv}UEX6#T3stI~ z#L~OdxSkhB48CVvRj8)lIiPdD!0MjYIynW}<>uJZWzO&8Ku30bQ@}e*80hBKQH(V&mgJo3Q)Q6*hgSLte8fj9u&ndx5r*y|5_<^C#i^}rwn6rQXt zNyb3Aj%_C%f_6q#YjytI2OZ9<2DC~4D#m!~iZ}1K9`d7!g4i-hRJwk=Jzdd^oNnX~O13F_&$3GUtPI8@3i%`xlJpU3{1t{45)s9yR;tIK+mSeCBkG+30J_r zsM*&2$7t^rj!)PTI)$1|HVf4<5trwNJoCvqkWUFCXH#d#665uNKZmHP`{Jf05>M`h zL^`ZVvIxcXxMpzQuR%eShBj0YBiJz4wYe*IHwaIR<~`*)nTq zm?%p94ezJqvp1%2t+O8~Ue2#vreO+Fo)N6IYa7PGaS~`FzG5dcJzi$|B1U6Jp@e+W zQ{l=#Wv1x1TSLzm{uS{PUbWEr4mKuxkYZiST^6~bKC1=RsJ6)1ggT@ zZ`%nTJGMfWiuTru2tA8()6}r@Tf_#^7^lfr*_2pc4fgB6uvQkjO=@dB3~%f|3ZY#A?FDCPHX3XT}q~0!ceXS6G!y0jX+L zi|m5)x7c@#DbcnWox54asaLK&&VFY8%&W?wl~m*dj6a<60VMLUp@(;L-Row2eubn` z-{D-2_0=C5g)H}7cG|O5I}i(~u{=@$H50Bee;L*BeW)R|;;g`ECkIL{HG`xuf5s1mFwIz#UxXqv2e$NZhX zyE0_{?Q9cv&Zt-?hfF5tkgsD}F>4PPS}eX0g@XO6RXn|h}4+`P!EC) z;K8Z|L9~g43O|l*1OnH}U=>99Pf$}KX5_2VID!{gT*=ZD5B4B$5#>nIMM}StgH0`S zZ$Dpc<91pDd{U-a7PZ%?{+{qP7Z$xiYOe?bxj{E`P?oCb>G`-Y0ZVKZMP;9t)IrO! zWRC>}GOpcLqnSN$xZ2JuoA>3D0D5T#LP(VYx~=}mOV5(KPxT-*wgsyB(%@g=3QDKx z&54bo`N-{=07oNsZin6S60kH}fz#2@s5wR~3rO9>!rD#pP(HIMwQYOe^|=9=;&S;v zB5HmG((T~dXg-E-1!m836>}PSE$6Gh&gQt-M}4>KxGfp3__<>2WF?ZWnV~2rXRQt@ z1x3L=jP#4~Fz7Ply)OPM`%C@3g0SdrqOzohMKZLjAO1HE1B&AHnB1Zq)$ z)uV2+_mnK(%{mozvb9iy^QPex0W4^LL=O@j@HSll_G630tY4+hRL`DmJHAv7SDY6M zXNR}qLMfgzQG@5mS*G{kDE{5t@iJ*p2(cXzo#4D#FOb;L6j)68)sm;%B9LKr*LJD?HB5u~_O9V=1WxT70fROlsyr!nR z3fMRXYgCvjPe~aAf?9w;<=bK)vvYB_HB_Vs_O+-~GRYs=`|rV*1$zpaUyKs@JnOAb z02@ej$3uqX4DgS(p2FD>0V<@FC5zZ+ECBggMb~pu&3J-mJwn)YqEKtD-{ilGcaqC# zYSLLX-fRW{_$YR~P|Ix;2)xhor}h9kA7a6{mRW{bZX3s*8_*P*&B)AL{|6Y?>Od(Y z0ql4`ChzBkU_&jNpWjmqAgNSmb1+-6#c4imJpk%7YuZ{6N$Ef|W{UowUcN+f2S=XM zLGGh&@VJdn`(;CwxjIdcC(2dBJmXef=A zyfREkecoS2EPcOJ>TKIwuLPB$dN~s)Rj1OB=S<}(|9dvlwyOjkJ_82ClpUZZk3eI2 zp!dHCu7nQ@5+;!V&?-;^Dd~VT&s*`I!NHQ?$BUMR#>E_*0n316d z^m2S%PtC&h105X?87Oq&wQ7BShNb^`h7eq6BXXU?UZovqvlF<)jPxhRfu5dRM)J+g z5(i7rzsf<)yWmV;0DO=-x5!UF+t{3J0jsSc&K?4gRx^C7R^mx#U!Z@jTvvyRg0dMb zmIgZa2~>V8fjPF?l@DEt6g0NaD@!mx{I3n>KHkX08aM$00dM70Rj-=>EPQS{S9##u zJUs9Rdo+&9UI^AG-Y8bItN+`7!|U)2aXXY%4{-i@ISqnsXpP<0;bNo5oh*eEz{kb* z5{HqIW3;{sbxl480X$gz5KwD=&Xfw!?LgvDM;t%|@ERHz(9#@)NN@X>rz59C2+SB! z*_)$-sR`bjmgg#X%r$&LX-w|SjrSm`Q~&Hv0&kxpcqh9)fdq-4fx}M6;Icn1j;nfe0qg+0bS#+%3|))FJg#wNLMVq{|`3d-&tvlsMV__^q{YoI-uVD&cdAa zIe7iAo!7+I*cK!l9Gv8G0Qlg7MdjQqd5kFo`xO&5w8W>iE-SS#BI4@>=#J9adJeAV z;(UEjRc}~gV_}*QC?F^(*p!@{d=D0(CTb>EKpqeT0!**o*YyLLy{K-<*fg)$uJ8V4!HtR$AN{ z!2{PZYD#A+dwn<{C1iBM94^z1+sDBAU(g(Q?(eS%B`ZpdFTmPZCJK&AbDJ9*3$gwQ zK#2wUHxL~XP-6jU#iYj%U&=+mv{6s$LWmzg0^5Yt_vBXxwR?qk99E0&!ml<> z!QFmP*@Hl%`Qeb|?0?IBo@3SRfAWLodK9@|pT8(G(AT$@+WzhNKH2}>XFJiwUZ_#R zG2y?)e+vbTFXsqHAH@2B3R?Dd1?av!cMuP>65+ov+O7NCp~WZW+y8ZFO9*&D$`sga zpF4;Be?I&F(>a@D#kwuN2pt_AI##pgJKkWu^N9H!`TQ99fHo)KQRZ6FuXUcOX+4>6 zi0ipMJDyNRSu`Pjx<%}S7G!y;_0`zEbSRsH0u1S25-`PcNgONHzA(cAg$EB?JG-O) zo*o+U6}jgCKIJc?mcHnE#LKlA;??a4Yy|$c_+{QjWUyRh?-?Ec9XTCKWIw&n58N2e zM)d#0dB*@ssXaI<@bN)^T?l}Vz9=pmDE*1`i`(f?2gveYDZk?dnh|2@(%a_9N_~S` z8#hKp;tvH?alkT8tf%vpTA5=3kzM=B>ACQj5P4Ece8O;#Ox^7Bx9_d9F_QA zUc$n|!-r4iDsHucLS8Q|apC8gYl02cfc>trEaUMTs-cZ5wunadbn*@gk z0!X9k{|!z67#ud%AL!KFSnsdBE(hVDdB20#I5SXxzW}EAHQRU z1@n}48Ymi&Km7gyJL8S=KAr6EGNP}9{LfLrpE$WaPM&^N9%_zbeU`RcL>My*SK0T* z95qc&NAt+YGkaTGQ;bYZ)}P74#004m^=Y@OaeGg9Rnzh~x58ebKu7NNcZ~A9Kcu5L zCjf6pZH~9I#7inef4lc-fGZ`fM)yCS#VZ-E-d)! zvJtQvb)NAzadKDj86F;Hfq{YHjxk*i|MMry|+AZfg92ral4Se>4<4l14CjZ+Z~`mkv>8G+u{``M zVIN1~&EEMMyR`#1oGw1v?N5r$*RUxa#DpScpBwr$a7?()6oCV80@^{~e@}v(FHnzf z;%tv&|H`?t+_gwiK(K2sn^K(^JZ_v+&nY>4iXm44^u4mcYdQG&XH!yC;nzR>Kp)y* zF(O+j4~q+(L|1=Tt9ndH!{o4N-_e^-LAFv zc6L;Q`UgwfDPeeG#s{HyLRC?$+s|=4rm4v*_xSiY@c!XpjM6uG)*rNwG6HsGWrY*` zNjBj7_lIY0A2;^j1VbH*dVK7}5VDz~*Tm_Bz+sigPsZ7KU$tv!=wAJ2)si#{^md|x zHX>PIt71yK?g?=C2$O&hEfko__B;TO5v{%?POCignbNEVkGo2ldT_7nVpwp9x>kC*(7N8!kLu{bhyJ}IWwcYfS{;gmt@>; zM~XxgO59;!(%aq~O)ZOI3LZ8uU#%>=7u3nKy&mp+9&g;&A0799CG)ynUV=SsD>#9$ zmg_WmQh3-91uYl@o8T{+bCO@cI{{3M|G}rgBCPGDk5${ODS-p~d@MMwl7nR;xT^6(ePJ4EX*7s{r zg-oP-e#>^FDyK!VeN&*miFqo0O4qFO6qdkkx+}l<(+(Ct%E#W_H>(n3iRT8ie@!|F{4nzEL-gQrW4J z@kQNRgq6LEOBj;3_TRFcS6~$i^tr^7z6dwJ2D3Hl9yc)DVY&0dY;|jk@!M#&bX4jc z%Qny+-CYD*ej>}s{292#cJXR)kWloNuZ)Q)=qNqj)IJb-!iPqr=yoI|I71yM>~Q z(rpsaaOxIwJ!4;OqmJ~d`?nEB!to?w)JZCuc($GbTYfsW$1s=IV|@rAr;O**gAt$L(S__5hp+LQH?%)_@lw69O-j#zzmVV7S=9);v(5+1h};9S08DM9TL8J~fxI z;vX+Xa5frq0Cb~k!7Z!*j6U;hPkQ|z(nJ59zWajxW9yRb+NN|*sTZ;7`qYb-RU?SBTpPPx~7-fbKms9$`%aZ||tv?5k#e=zGnqh1l@&gNDg z<5Bvfe2-N^CYjHynVODHDlCPEf~(A!UAwS^^-bToQ(Vtx?AgW&50`Yqoa25RiceAB zwctXgN}$U67`u*mV57nMa-}i~^rQk$Uj_4U&-qTKs}OatuJxb?3FymF#nP(8{r(&* z0gfJqC#xN$dTj_RK}rE=FIT2D1gOmta@KD{lUV-RiSCRQ9%$KKf7sTnbN#$%eqT?t zSSK3LL`wedgA#{N}FJC-5%pz)Tn8LdgebuS=kX$w$Ot zt{NP}y1O0DwirTgg{eizVpG_!Ua#rsb&-K>OP6qL5|Ugg=UAZgA%SI)Vz2R0X10l| z*O}q?Uds7j5)Q4B0MZQsk6s~;Gi7)()J^6#G?BqV$CAv-(UgXkZ;q@XP&U@~U2yMe zuCSEzOwX8c*3sV`g{SWyN_T^$OSdTkL-2<`6HFF<__OHQRd4x9NpUmefbq(>Q6=ts ze)JjcQ(U@w?8f)_x?b5PA|{W8>mH&TmnFfSaj$&C-d`;OYFEqgDV^edmVO%z8)p4` zqO;I1i`3^9!`CyXmp>MxpvoVpxA$*1yvujE<~3O}jf?F~X2hrl zJ(un=r^^r6g)T|&g*iN+Dv#^}0~LPM{meyXJa;iX8cm@tMV6rwrz`pLk*3`athgR@ zm|uJ7?mYR)`H%SDOB#p8G!5#+tVD11&7tzMFwJHuE9Pny=%1_DzS7DiAr5a9g`_+? zc7a_BIndVU&^-f|(qdsmT%c%&0>tS!q*!Ov?fNSHEPH&YrsWa_tC@#x4#rDwY8rv9 z{UC$WnJD;Ev5em=R;oJqwa(woRZEn#_qa8|x&{AB_2H1{>^7%Br!Uf@sk?x1YGdI< zI7>g}cGPBFNj!-m<=j%W&0A(c#V_kX!(ib0kq_`vJXgNeTuUxfE(+ zpPhv~YHb8XZ6rf37HTI-J=WBB*lbOId%AhNw4bfA(qRTGq8UJLTx5U$%nE(plgYkk z^1Q$P2hwY~9ANo7a{t{HG~I&(1LetWCyb(UFjZqQ@MlKiiH%LOia{uF6;BH*k`Nd$ z4n0A?h6sl9Mv128jg9&{HKg#M z7(#TgG6)IMi{4C_n%Bt!x+pBx_2r(qsr^Yz!^p4G21%(KM5S2C#y=JZgb+?ES03Fe zzwxY=Fy+zE-mHJh-M`tTShIo2wvBTaq{294;0=`FNQW~V849B(6wjGD!ox?zczheX zTNT-$!x)dYGsY#jHJ)Ji>UfvX)+#%M#mEFRSFX|@$EC0&7tu<#N)Q`7B4(CO{8W}+ zN}j@UWIaM}{^_2N@aW%zBoS=yaGT%p)aa5pE}FF%L{{Db93%PCXSWK4ga2%AdihyA z3`uA1A7sX;AmjOuXF=BvKU@^S-W4td;5^+Meev&}ZMII=#nnpmze}a^sDbm(y9Abn z8Pu<@tzd|6qxW_sY%lL!#wzT;jX`~K-2P2bUUBnNxo*#%v^7Zv?ix{^`ORcL6bD7^ zMRpn54mq;W7)EDG#7cxcHtKXbSr}A=gsaC2QV*Wz{3luqU-`9F=auYHY?^ z!Dsc|yW@&Wmb(J&)4ebY7Ml%(8kevobXnex6SH zhQGV|6Hdr0OT_mcPUA)IIb&lq8a_p#&o3|RKVE^1zF=|jxCGpjyA!uV`N5z^slC`d zfnIs)AR2~y+-YnylRPFKOVs@wOx5}vodRqbodND*>0PYAAk6STLij-l)w8<2brP|V!*^gTE3DutN7nkk1 zf4=HRK~L`UoSiawsQ=gn9&|<^Uip{>{a`{y+lt^l*t5k(Fmi~`EmCX@JH17qq8P(U zhr{?5KFoD_E|pr>?%xGth0l`7IS|shRzY`O_#if-F&X3(8}BoyLaxAmB0}mSc{n)2 zWxedpbJC8z+4=042)1X`;L5>rkqdU)^adqYe(Z~xmc(jW>7G&E7!fRY|426;5zCO5 zSt}JK6ZWrXd74X_7H_``$H@@WE2>yAH=H|P zW084o$8KoyPeh@~!FcB4fT|~swJIj}w*CdbickRE?YMu{gU2Idjl)?s)-A_x3&n)X znJ?n;e10zI?Q%;x)Zu;e86Jkmts7BSCqlNX-GbuL94UtNSA07Pb-wivGhb@97P)&A z3bk+N>P4US@BCl64#K3MVr#tn#7g)nQ{7#Kh=@p&50nk*Ts~{WyH6EdfN&*nDz6K& z87i`=JU8>nTy~YzY4RN&lr*sRNL>GB@}tM|HMMV@8tyQO5dTFUggi-3xT-BC@Th*^ z*P6{`AVGo{?u5KNRa%(JbhEajW`ZGLeM2A37(c)gfROH;VTG8Ivd0%e9lXeVIE|@z z+0#n39;)B;6k0_E6%6G4?6_Pku+_!582^>{HYuW{F-3}krj^Nf-G6w&ac6U6OVcikbquJ~8M_f0t3T-EvT|i{BBw`K0m@5>h zf0`Qxj#}TwGHcdGcIE|Zn;vV|)neF4QW~YTtzGpr1rZs0e#sOO9N%=7Xbz@vS@1C7 z2pA7U-LRNEvcN$fw%p06!-=8>%)Us>2^vUE6D+1&QK3Z#roE@D&?t`_T1;cK3pnSv z;@6@TNOU};@OrFNX;f3%wgKru+<<6?6CQqArnub+vzG7_JFa=5F77P%=>hih8RDM-KYm3J(5) zpnG_ITAlZU=(|FeNcd8~ zc%wJA)Otlot->_cu1E!tz_I{Ac(l@@J@j!A7V31l9m3>xM%V08rd4d$EM6jtSZo8I zB7dOc=xTv+fBuJ#h<(^U_%l4zYS3Ahq(5@ZSsCdYx5vKh4)eFdeuC+ReVDw(ZKE3J z!+f4!6!FRTYZ3W6jh`+buN&&;4buBP{{@yw*NJYm1llHig4w|oTw0AH+`U}>VKuDs%OVE!$g5ODd*?Ln z;~QBHH>>>9tE|3LbHB>3YrJ}T8@uIfcXsL=$V~CN<7G?!#cZ_p^vr@?un0U*??E5> zwB8z2FK$IX{#$Fy8;3Dl?A=S}4uqGN+ta+Vkk@Yw3f=4>#Jdk?*EG=%10=Pb+N45{ z-smc_(}=WuoEeUe!x>gQ7gXkh(E*d%l-&C;UX(m!JH8+?L!$nA%L!Xy7y-0|WP5+1 zP6Y**fet_eai<%7eITAnzo`TXM9C8U4sxYc`t;}uDVG|@hg!7VQTcsu1BXdMfk0la z6jR=J(O)d00!chS-E#h;ow40wUyS=J5GYsH^)r_3&bje{r`g-?^G#_8A?e1CAvkV1~MSrnO}C)vMom#k2Gmz8fWW-GSFaqO?CA^ejh875C9L2KU|H%E3x{&cle zTFh+@fzlr$(ZZ^K;El5V;=RrXGFJQ_L0MZ@)Y(S^XeBtCU+fj~+9b zeqXIZxrbZ0&pJ8_N=;66;Rr4PWs)Mh=Q`o2H}ma6mi)plI7rgZT&`K#Wy=C^Sjrah z&|PL?2!QEQ)}Xfp1|DbYieQb~6SbBmCfZ}6hzQli6Nk9zXrdH+Qm zUF+QXVrOit3Fi>tJMkFA(D_)Rb`1gJg-v>evZ$?oFL7k3UE{4hi(%~)&kq;la{;vq z-GGE23bFqrciFz7Z<}jBn+XJsPfQSSa0b16@76d+SB7{Mm79_DF7`mP*#GhHmSFpQZ|X=6 zumDJd=z?T~%(5@QxO!jFHlL7z=n3URaAjlFt2q*ldLMB7d$)Af^=6=B>`oXN)& z+pde2RyXO*>QkYtz7o5!o>1Rn&y=!MFN#ww#+m;u=+6s1V$iX8g>)R)O;Wqb5Q2Kt zp_uhk!aA565q&kc zRxqw@YMp_Lw|5n_*}c=U&eY^U|1Y}XmOUY%7nc|ov$eu`_0xmN1K6b|zj2(ieOS*! z4AI)ChT`SN-iWCBXL^w==J-Lh3_aaSMeJ_2W*xYsgnZd@c}>OMnLv(J?_!*XPOH^I z>nGXdzJ?y|P3W1OD+^M)rW-!Y|9xAKgpHy>uc>P1d z=WwB}?-|A&s0`2J)w$+bY(KsnX1_CBUa5B9$h(2-*T!}JCdn4yYG0GDjC%3jF@c@U7!UE~_~iHC_!rh|Xe7%4X94^0Ynzh=b1x6Wa|8Te zYS+3?j7t+X%Hi1SBS1$I6ya00|Hjx)6;o4JONi5`7y2q;n9>DzqD6u8fcT!zA8AKU z*$!w#`PZ>HD%81gKH`)+_g8joDA1tX%E~MNZU^Oh`wlLc=7#Z-l8yDnva1JF?|TMIdW zC%+PhfhUGf`J`?-DS4WD& z;z4DF24CP6p0Q&TD2+kZ-g|6m7;uefs5T*p)GAyac`We6X^9L6`2eqK7x?cEcyzc8 zO0R#YgAe{?KkcN&v9GuJ@+wCbH0)1VRIoYxf?&p@LHXznTkl*qGqaIF1SVUpcSGkKPJ34r1N-j@FVVBE{00Ih9Dw`ce% z27QT7PHv$253Ki{?}|JmOu&_1sjv9w>IhQn*Gx@{rJ#y+-xG+c4pJ~;EU#AJjra%zpyl4K_#v0Fgk!S?g>v+Boxm8_2& zkHKREG60~(B&6xAmUr??MD>^Iw=o0Q6tBVTp^Vo~4tZT|yYbVo{}(fU_;6KVb~?7* z@QuW$JQ3yt&QFHltgWpj;fa?XeNB!G3cY=0`q|F{xL4uq>-C6c1KZ`Brv!|b8a)(h z?Y~v60(mJ>KnI}#=yx1|Q|=4>v~}E1KJP5lRq+5v>XBER*;Atb6yk$D?+!RKmVg3s z1YqTJawt>o@&avxsQ-unxQq;7r3!MK0|<8{0PwqkbH{tY2(ekjoxAryQ;+t9T!6) zBuUw`fgwf{q0bZ0r^SkAm(+P}|H`d%HHQ}@NJf~m##hbK?JjneZvcw)4&3t;Fvfbo z`HTvj{v(f%t4{WK; znurT9;@JSq5?`2!CND3*26iJiAsO2Pq!hg`18{a7ST|rT9?g{HC>3ch zI43g|^WPr}Bcq|=^dT+OyOg2fF$sW@F3M*uk{!eVx{LbrQOTFL4%f$eJHQhQ9~Xh1 z-?%rX=U%hQQmX~~dt`|5KcF6vjS0Fs65uaAGiAoogrFWOUI~Qto@naO_`NY%{#Zca z=mvS0bwHP4P7ERDo-CJra*ZU*YWb?nYj5=i@-?c$JoH8WfH^AxcrY7aCb5$=fn;=2EqFyf z(5e*1fNEvYV=P!va7tpc6X2(oPNX#Iiwkw+-)XA5JCG|i9wMo+Uh!3ftp43fXDX)58$n zSK!dYA>h~2(Zp^x*)5F8O9>t)kNH|t*x#9vY6=bu? zt>mJ|mDbyP3^KBi;43Da6RP^tUfNeUIEEntv^?JcJ&|g?@59zm8fPax0zCp#grGCF zK}+34z8dRWx;>EZivyzKy`U+&Au15eblrL9di6^4Z)nPkUO?F-6XZz{2%7FsC0no< zl=EVc_gdiubR=Tl>uEm$orlgJ2p^t#PMtrfEyn-KXM5b10iOssrDm)m7>KU#DnV_4 zp7}(e3jFkMes9z>R9!h804^sJKuE{C?wn(X-GLJL*L;D(x<}1gdvR4C9Zj*V>#i5U zf7}d*@G-yPE#QS=KZ25|31?zwf^anS*9yv$}| z__j0~ST?-txDrd=ktd)=lBwO`+F9LY2lq+u*dXLIlca4DmRL7*$~o*9&mDxMPC^78 zh^0wjAi~kh2wzcTM&#npD+GLY@WkcCyLVukprykyZ3}%QUmndA$A&ZhB4`$3FZ2cm zQn+FV8CLX4bzVg_h++Lw-fY*(i+4~Cq;wUr54(p<9FLa;#}IenzR)wi_RvihKsZ=| zf04QKXK$M4BAVH?b_rHz7uMbz%O1{@UMt_#2SX(sBfZU)R;@Hskx_^VpVa}@DxbI! z+hmBqkQn0VP71O1j@yGs^BH5Dbe|9q)3|f0_Bn=QXp=eZgzrsdWdI%MO%R;?fd{13J*s>Q zBQi?VwlVF$!8wP89ViC+!n{}=(*c;ImJDSfI(NKynF6mF?FUQ?|60)hapUCInJ}x`c|lIBv!u~_$Rfo?ozRL+s5Fmmu=pbqc6}Gh5q9x zOhxQ8L?lk{^d-4;h$LDCTw5lAdEhk-7g896d;DvL^In5&r53SMi~mH%rFMyUd%Z7y z$hp&-WwYn>^0QMoM(P_LF>egr04Kzv2xUCR#Ij8Yt=VAy5w5p(jqL_f5W#RtO_d*p zS?tAO?Vw3~u~cEWba$e18rT?nDg5reAw95z!LfH=J*sdV%?5qitAX+Ck#z(De~#5) zDiiB{Z&s6HDlBw$`or;RCn*;lcj>Exrg-KZVa=hDlNZpqk)QJ081~22Sn41R$#Aw# zGK8vY_?=eGpjdz!I)$y@u6PcR2kvNMRgx62NDvGOE2Xz-Behl^ljt7Xk>2s|e{bOB z(ZfVXXO~^~p$Kv3A;MdOgjG}_7Qqzz2+H8$-^qK!0U?fBvHj+YI42}f%}6E?S

    z98ukZ65pmdPSP#u41UIl)r2MU&|Nn6T0AM@_ zgD7+}S)^lCFTd^ASV%&=IiSU_W|w;Cgb3YdbUPd1OgY0*W`R{nFZM!2Dr+n2y7o3* z{&u|Fg5b>SgRzGd9=3sQpb2?TBE`K8AwQhN*ERQv^p%nF6c+I)@Rb=S*m>Qf1mcV# zv?LOZmW}QF25dnrO-3`3znxV4g+0j?D1{}yw2qMZCC99bNP%fE4??_k z|JITsL?kjzbSv25<=wY7TO%!m-o^+9#H!8F5Y=f^xwc1SGXH&bf8vw!WI0}47$#k! z@?brQ_r!P1Vo}Xs&w$=X(!)n{TVubEL5Rl;!&HPrGyeol2ua>wnqrN9uR=X;jiA1P z$bA;WUNLp9>kKEgy41pI{p^g_?92JnngPwMlf|$b3l1x_weBxw5mFCi8&eyhQ&<6V zNwfjBiM|+Lei0dTm{8;N!Lm3#z`!0PZBoDyr%y;A!TcTeaw}0t#%Ab#B<9%uL)dJ* zB-ze;c#A*t;GC83sh(lh5Az^MAv8T4`S3Y4>gA_6hfwGV#)!(SJ}H4mw&f*N&Dr)x zB8)P=5}R}8 z{o0Mpn^?dvXAf^>zwPZ_61(OMr| zgHgK;3Vf-X?KufeMzQ%vp-&y=f|IV57zomqo|X96C`ObsgN^= zF;-$GJ;^4KwW&4-Bt!(fd~{{^`WJ5am>(Q6)9tGC0W(bNv#Uob*e^YAtux_lJ`ybj z1O_${;o#VB6+Ls!^l*+PhJ*Ix#7}}pf~et(q?O)*Xdxk@N<{JkZRyvW`d7{p^DeLU z9ZuL%*_xeAG|_EjEk?b5nl&+bBEJ*_$B5e~bmgR0tiVBAi>8 z&?_3#CVhZm@y3lJZ7=^cnYKL+zr8FE%OP%$m5_>ebsotv@&UTnorh_mZ`;Ja1rgUo zF^j28VBCx-b5$*pFQAZAnUpo0a#c6B*AOBpph7q{- z)!F&F46tzLetSe~|3zt+@i9b(mPC`U9FmuZ3{_@~y8I44@un+?RlI!hpJ!QRh* z$H-F<&v`z-4{D)kHrXf=E!|T#kw9qx)E-4G`Ucs((w`@S%OF{0H>eEP=*p@q)3rt@ z>cfQBjQVel6IsNtULD*bu?$g?sAM$?KKkEFbB?4@Rm=MtNrv)WV?|@cslHNB_7Kn+YN+f`bJ0>n4QlYP@s!E z+%`vZAoPzB@i;T(i$_yct!XDsrlWiUNQz9%tBwcQ`j7sQ60dHO#n)Gf6#?5Hyg9>| zL|#!>AEN%WBzDzmeGiCv>DYokZCyhW7Z}kS%OzzBt0z3RvbW`>7FU9H11e>1ViTqC zYvr%v-7iz@@y>jRY(k>wt~!X46EBl!`z8+}7K;3VI$DWVs2%+J)Nm?s^pM5I*YP5Rrm~Odh}L}54lQSc@g8esys3T?=}WdpyIintrf%s z1hb&Pe0lIKzPgf6JK!NwpOjC=J(J!-|HE-);0v{yXf|{RDX5=n->1p$eaJ%DU`<r4^V-Vk)5h0K8TVK64>`89%(Zr7@k^A4iI#i5h z;Y`QbZM5?X(Q{8Zby+(1A&rVBFbpj*QWBr zCld*0^HzavCn-Pb@$vAgnQua6MAtXKWd6h=xbH%?A|Q2X?0n;HcBKUKOuYn5z})8B zBhT2xl|yh)M2kQo^z=LY@Hh5-t%TXKTq$R-f_vLze>7x_7?=W6 z$z89uE+h*=HnUjw3Xe3lTzQd2=iFKx+K9RHoUv(4!=n|&(+NyBqdjh`L@ag`J(DbL z5 zx8A=zi>BiEWl~vF(?}N&sEvYoR>$Fwrphd+yKC_m3`e6bSgbm}0yX}%IZ3~~EVTFN zNloh6?#EdtFVL+>DTxVqsX<;c?oZBOUrd&cL}(5Q{_&l&Irkq$Lj&26B@zJ9W!SD( ztXO~i5*QeWiHw4B`}RbA0!*G9*b?}ZMDo(X=r9{zQEIBQwp7$XhLw;vQ^LdruH6uk zZM=khP0SzX<8iScew8`qpXun27F{<^UK9^q7cQynQv4&BSrZZxl0q^37ZE$SF!Qkl zA2%Za)LUFur{+WdxTQ2;8ZJ?=Cf32J8H}mOUQIXQQhF6n@*k5-T)pGFdzn&;V}JOC zrh|$?wc0fJJgGzo!yT%5*oVW6*rb(hkTWEi3iZgc31t~ATq!Gc**an|EEJ9lx1eVH z!bsor;G#}q#Uz$mB&P(%CXo*9<_n*8ldz`_SL=SzxBE>^#f1<~oha1!N9MPB&XTj^ zMU)Wboi`L49i~}XM$KcLZe@pcIvZO?ep%grYBC3oo!+Tb-faw@lzj~kd)+89tsd=Z zmt_~7$Ko-Au$IN;a5$>vU3wmTWHfnNWYo4#VtYJIJUnwbn1mqqhO07>IdpGUuJK_f z-9D|H&bKN@b3`7kD!#@=667*RrRIqE@FI+PX!Uu7og;M|sRTey|<>%p<9~v6MG*Arw z5P^fz{sw@fNVzp1BkV)Wy0EeBz3~)qqg~^rR1Q(J@i7i4J1p(5x+4Ny0Kt>$p(yq{ z9Sv2t=@=~WD8F$(-dXW!=DwSIrG*a$nSS8h^~dVbU21XEkE}fxaw=0cpRS;H9+~x< zMC7l?DGe1+?yh_t^Dn%Bn8&9ZkD#HOpE6p{AhHO|D0wA8<+S;^4p)ZX80(tlOBj|R zr_>Kk45X&@*qI{kw-+U&rIzs6l@nJ7vPL~yOWbW;h4*$^5^RK26wpc5q(_((i{M)V zymSa7KA>;V@DfUfhADc4V)f~Ji<1}#&bQRhr=z+k}#z!!$@yF=Ip))VO zTFhY_iu*v;Lb1f@ZF|{jWU4=$vp2r1mYWv}vIDKdKl$SNoKug>Roy(k zSS`}SSV@JGiT+FfIa;Bn>~b1ZpPdF?VH&N(FYL{iGjY5MIdgLeha?YEN#$UcWPZuX zMVKA-Y2>1Eit;v={B<`&_1|6;j6O6B434d)XRwOMwECG9N$Irg$5szP+VZiM=>})nhY@J-8~YZ9Ha`OZlZ(pqiPeREfR~N8 zpz4;-d}zlho6mLU003B4W30&9#CAkK1aublXy3UHK#PghnAAq*rCE%ZNnZoNgqgSS zS6pmzC=%{IcE>0UTQyw7v6)W~6TLuft|ml0kV)m4IftRozZkmVO0N4fmpQaqw`{2; zI=Oh%^kg~sZR2q92@QR*od3pyW8Qx>ea-c4(km6m{rWBb+R(tn%I#p7_@0&hZx!*Gc^S`5d!a-2rYwg?seQQlo5ucw-<*1WQqf{o%;l zgqG{8$=*Ut1g;87r9y!RAB1`q<6hl*@i+{VJEgvn$S__GwO##NNkKvC?4K@E7f**> z3B-7K*GoYGixZy@qELRM^~SL*nzjHcgn-Yz+I*>T;l2&8Q*K@JO^5}W%Rg&J zj6mj7zMU-Q-EdNV%UJ}pk4({iyeBLp{1|*$i~=Zu!KVbpYXpVH_szH>v% zhL}T`0)jurS381@fPP+QamV|v_Z!}#XnmUlNlA3p`}{&y7$uor5MpgaC#Y@b&$_Dw zR5o}dZ%hRfIKpy50s>PqMFE zdZX-HSJSMOPN9ZC!VCA(fphvOz)W0#y63>Gu#VH&3%0qUw(A_N&d&|=vN{l+f5oY) zQ|EzgA_-2N5Tz3jy#lNcJ2Ije?w`2@64){ST05Jpb%rj4`BfNrFnZo>;FdM2KIO|U zV_M-E6MU`!)vRlG%}xMpn| z@k_cZi7|DftU3R1G@KO&*Kf`4F625Gxfk{?znyOqaaEgUx|duSM^6kyiw0gA)78!W z!N%Vvx?U^ahgy$2o9-9tM&U2V!W`pO5!)Y|KG<%5dU5pY^{6o-ai4*q?2DCe`^Y;1 zm7C&%)EwE-PV;NlA7{aF>}dSq<03QZEb5=;XEGj1MfF>9NswmK=tQumqwoNhlT_$T z@PCd0hh(#d*NvPhlLjv`nPUk1FelA(*7*yQE3+jt3Ns!vA9E(NbzdwkH6R~XKuDeG znd+IPo^JOTqpiK$cn-cpA@r#~ngITp{Rq(ML`kM;W;qZJ>GwA>to(;+NGg%6VWc20 zf$n)1->cOAvn$_5-Aq{3gr~#n8SMa0BdJ6NPh}Rk)y5`-WGk~2fV*-j}AT196OO-j53CJkm3Aj zw)4Acfu=_fF`eefq?j&GXx({7fnl8fX))vn7a!1jUVv0wzj(vlYC{0IBN*^eGLvKIbqzZ1v8{ z=dziPucy!Em}wTxf1#NwssvP`+7n#3N4iO?F&uearojC0Df`lMdvw)1M2gO_h{8ks zPMd&gA!&+w;3n?n(oqF2rGx1c(pxOV9j#sOm#(>`AJ|XELFG5>r&Y3+OJ0L6a$qF3~rMgchd%U z@4|aL03;ya$6cre3eUrUFJ{VV*rExel8>`u^TZ$F4*%knks1<>;g;d9_f@#{L_8ap zS67^}hs>u;NX)|rN$1F20$1B)rp98qNVe2}IFR{XD*W0!kA z%C_y`J}J`u`o(G-#_WG01jBniqzxekm{c4nLGNtFJz#nBPb!g3oW*$1Txe8NcsbwZ z^qdEz(6TW>vWa~dLZ;Sn0d0m1&<(|H+%(T^SPJvVZu`JGLG_vH+|u~QoP^f$Ve=sY z&3Fhk@CFdPPIeLQ^fh%8Qtx9Wy5X5xhkwW(2HHq}$caLZX`F7=th-!`Q7!{=9K7S7 zWz#y(1gjJ3Twv|@r!r9A+FrueSG&&dKXln4SgTJhpMZtbOmC*t=qv9iBg$TY17beb z<7RCt>KnRk%`-^a|5MeM2SVAsVUJ<#Av;;i5-LjxV;iXuMu^DXC?rePv9Bdr%f5{f zA-nAR+91V5+1F&>WnaHD{oeQc-tX@@&ok$_pXZ!&FV}V56{m&i6tXj1TFZw(%+G!l zmBt_(67sHzlu6^epmOA@@y-kzS&h~?{4 z1^2F%nveQL_et;;y)<4y!U?`(sZq++Y*sTjJ{sPQk9^Kx5k+(4yEU+CdpLG{kYl+M zKi=a@FRbzl@~OrLUexd#y`d2E%xn97ujV^gpD{~Mx~^~~m*8yJTtd~zfF!TWSWx7N z(a)P~L(sZju_Hg$oH+6p--+Je{L7a(>pCXCZte#JBIVvBk?YBDL?)e{p6V_Q6xJ!8 zPwp20k-biHqe{q4qSWvDGo|C1&a+>bW=f}pmsg zdx+rIm8zDFS#}L+q}cG+JA1e^^C%i1jXocN4hL}rB+h3b3JuQ9Ws=I5qQP_*wj;S^fiU>|!#<>Jpr zI4Osf$fVo)aT5|n9aJPFMl+Q-6q(jTJW=@gB6*f4G!5Vs40=FWf6z1gTD?&LF_pc+ z87R+Kyu}Pi+O}{SfV$khNG|zjE_2SU!bxTiv0+`JfUB7pg!HcaCEvqB<%x7mO8jb- zT0E<+Zq0JxWOX+4yWI!1Z=dF_E+4Z&f?B83(0rZIl~0toJ?6SPG&s>(1zV>Z`ddz` zTc4hG+uKMz3*96&Od3DbIJ$i*=V2NjZp{y*>Lk!bZ5((TrcY(A&%NiLv&+F#EtKaZ zPNl!!?Hp8;Vc-saKEj`dyXx9VdOLZ$A!at>ejU3OQ@r}aVm5~u@WR*S7d5517E9RL zUUom!R4n|1R?QjrZuTx?=@R}?WxZjmQ}&p_gxboHi15zE^lo)TDBPGWsNyAsNe zB@Z=Mc!s&Fdp~Ayx^zx34-d`A)qKwd$s+cP9$oyvzw;0TOx(%@7qz+!%Ju}PrO8b6 zjZZ}~L>+l@l^{BiYApcdtWFj$aPN))HKFIYu8fW}#ZT5# zV)wy1Gi8-y4|XnX3YKT^r|}9Fdrt8r(+|QljcA6FULlp!>ZZ^d1;7Ie=QpDG7TX}f z*J4WaH^rEj$V%|7X_1h(b$gpgqGt#yuS|dS31x>RvpToJ;gr_Xi}m->UK_r2$k`&F z-DAjAL|@FqcDZ5rIAjTc=Bc#OIxya0NjFbQ#UQL49|r&S46>hW?Kcu<+h^xRDkco?^=wZ z;L4w0evMQEhbl(PM}hM{`fG9d3q|t&RPu?sh&LOuyS^Z~KUh2|Hi zpY+IJo#~K$=h$sB&V1T|fTVg~F=qj_^lO^IYi}?6<4eNX`jR4c7;pagGa{U7=e+Ee zNHOlzpeU>@ofUIa`gOml)q}m7qg3Cqde_nIet3R|uKb|GSgec9rO2PP@pKI{R@YuP zHKk`EAimL%P{K3SM{C zZbk$V&ttR5C;mn|(^rYGXl~-9X!!E=U8-T_w^yQQ%zxQOMLy|tO0!*H=hbJeL)Spq z%gZQv?~68UzY}*HUwkd~b^K_I7XS7|#AALco=aSKh~ua9SDP~?khu*@k7tux`qKw5 zG&fh^TqBuH;cVtGg^eB}A$<$`EAoYV8?_Mp+5nMln4{zXjSo@m*tdQF!C0=R5oOzW z_A|ttOq#b1(_jFkDMgZARd9!i$!Niy8Y;Lx_C9h)^AX7pzJS~ufFs;(Pl(IILrTx% z7Hv#M2b&t?%d<3Z@f5c1#r!5`ubn$wjXD9m?jhS8_rq$Crkwyqw~(2S&CSj04Rr}4 zvY_C=^qOkHKz?RX(aRnU=Zd+7W~Cs#9E=!_5Zy%>SpA|~YqK?PZZwqpR7tM#*o+)I zlZ@v1bhP0Fu?YX{%RR08LuG;egpaQWekr6^?9-yz^K+dG3wN6!BD>%k@m5 z9jy4w#fa^_Nk0cj2jO@Lpnj9Ho7unDS)`;W7g+vn;-c2)et1c7T<2VuFQ?so?w2w< z5Abw&CwB#g^qPM0ydCDWot2S?`F^E_g9SD&7T?;pWtZ~8UKNcu=m4bM;RVF{o*}^8 z)w?fo&~$7AqIq#pU|_t5gJ^|S9->u*jvE`Z(eQ(rUYV%1RJBbbm)+{z^f+((H;m9V z@xu%|bn)LL_Cy`L!YY&ieS5FYRY=N7(@_9!H4cgy?tRqHv|&0WV3-hkYn+<1n8qKr9r#qRkUm!A!uMHvFAn zshPZ|)hB`qfNb^+K0eD=>FJXd;B{gqzF%5>DLf@lxlg$ejY%%BE(&pebnnr}Fg4nf zHd@8Ra0|u>ZV=QGuuhi6P`A#FyTAO0n03y@RD`dXtVx6!?l@)lY|eC~Ssk`lHni9F zDipOpyDmP;d&Fkd?PyAG(>7j6tYhT-D$2D|%X?Q;XlFK+rw8>${h3YqeZ1Nnc4p{> z@h$h%*S)UAt{xwuL{FUVnI{>)SV{{-rv45~Na3VWaaL4p`U)f<&PTOGCX7_j>oxB& zZ7|_WkqKnz6{`h<>j+`U4NJECpob-j&%w zgnI=3hP92%gWEN10ABSiD3w5}`6K5(5xQD4KDn4cWMA*?6)(_R=+!omD{82G_A`$I zh%3o59VKrg^>{o)=q})gYn*dDmLeVoG0e+c?|=sdw{gpGzm)LUvW)p0#xOqK(5tq} z8b2T-%<;U_mPYS)Y8<#rlCuf{y+lARI_ifB;#<60Ei$rV1T^eG>MENyl~&m#HKZ*d zD)r7|MWc{Ep3*sUE5l`T2t24crMR>ftvZ_vzWk%R^fTWo+@j}_h4;A&HyL~Cr>VK> zNqBjAN$nSC7qM)#R^$z*hs$$3NX#3QWgXQA=RxkC8*||mT1@64vyJv}>)imbqkU2@KLdWWS$!j#XPXHt)3kVoI zC1iZdwK%`ZY`l(79c+~md&}hCdq~^$FBSmE3I=3f>lvMHzE8tf!J;Evw-gz25O?9KLsWh<&dd@r>yh$eNDfrH~Y zP8lahQ(Q3z)J-OCv9AC}m3)3RS4HsDFCD;RnzA3Epa2vc(+m}K+{wtuD7z>yP6ZH5r`18Ok5!=(G8mrFEElZ9>s=J6Fc# z2R!HHHm)95GUKlqz6OLP*on_aox`{BVgLxDndEY-YCGLLR-+r+whXm4XLM#23VHJ@ zU^-L*ClwO)I2V8%+vZMy#w+`!!3v+AgADU<6ge>z!fN%MuJzSsXa<#|MQWcGwK|TN zQAaT(%}Gbz@wHXx@+$1y_zoGlg?D&95V)G7(+)SH8Tj3--=o4N`7HK3=j9>L+Sa(y z+mL`=o1?%^iQON$tv)gj(S*1F&gWD#(gsT@^C7gQR8r^QKW)M0MlFK97~ zeXcFJ;bijM!ouQd;e!H$@69}TpeZIcT#5>jk?jy}_BV0Ik#W>s;GQ@?_eO!(^k@D< zsbthj-39I${^#fL0A~B9+-`KBhGxYgJh(_(bg*pqJ-Z;H^|=3<`PtX&y{rz=`S#lk z_)puj)B;*3B&3Gdca{gGb|4+~q!{Te#%g8fshCZ%y#loX_T}Vt4%9E62Xhez^HUGs z1R{^m#P8!n{WL3ZB>KRg41ghZg{Mjm4k6J>JDA+@p%$;_givoN5xJlvLSR8GL9u5-tg-%`fDE(_O#{Lm ztSAm*MS%RANOAz$v)^@H%>9A4^Lyq?i) z8M5MNrgSCpZstdHX2ha>@mylJFU*}YXtl0%DPMjg)y~dx_W-~)&ow(i=0X_+3E(qB4#=13;?ma3i$nTG4|ysGbzj=MYJJZ=AgpAJ}S`6X5U$ zQzUs4(~iGsXlZH5DJhd<5SrE%K*vOvM*ypwNUb#_K5&r!SPHq>Ztg!!o5*)eMm)ab zBRd2lL^6^fcKo!^4K4-|%de+doLa#Rbd`5hqZ+0fn!}W0?PM++xb5>WL;;+D8~4NFiTG!4irJ}vMvK4Kd+vrG=3 zvY!PGab5CuBOjr<-jx-l*EXP#3KB3MK&Pv&2m`(MQXip04+0YXY3MiGS@9*UMG&@K zL336Hogl%NV*Hd|j_8XK9ql_OE{lCh_b=C9(l?Ro68!y*bHThBN&{fGkz%^cs+;X8 zf=A7)rcApj8;r65*2bkohDzAr+LfAe@-xcEbMA%NT1 zZ5;KGS`4%vrm@2u66X?mHnYJ{F%6dnbUo$NgZ(WSXAF5(!sSK6ySDUST+Milu97DI z0lhwPiSG-0nB+Aqg98Kuuh&}n(=0+#F5wVN1g!}seJ^?Ry5O|NH%{yqMW#`cZ-WhY z+IM+jeCTs;vD-scxiXy zia|*;-ry3dIMKdw>R7w(bBWy4|yfw zI%VMqJ4b!5wT)c6%!=ev8#@<+*F76*=iTQJF+O;Smy16|xWz;VD@jrACBO&B=4xHs zAhC${+FCI8M?G*(&nIi)T%aTEFlBF@_vgG}(cfUp%H{a0NYVeiE8YPM&5Yj=k-LSi zCpUR4_m#-v0ot3DZ1BAuI5NM@uW+|8w90S8crFGg0aX!=ku^{mlkRwF6>-9owTx5l zz+eG!GZ8O|2<;UcQ9Jf0`ew>QFAn5(+E+?1YT$(z?xc*RT(?3p{Msk5Bk+odR$>1b zp9w={3@*eC0h{(fzuQc_{+O8V}<-51m>yhZ>z~c{4_8F1F_BY0^Be@+;N`K=V(kNy%9_ z{-qm*r1x|g@Ht8QQQ$3@mQ~kh-)Wr0;5~1n`aJBZNm!v%qicF#q{G*QwrN&YF0Rwp zYaN>r2S9}?2PzKZ#IU0bPzKs7N%>-)W*)OlC{-P?>gvc1argDIvw&}#1KBRrdb=M> z$Y4R7s3FRrOU7ix!y~sHK6dS}x>_axtd~uh3X!!1Lp@V1sp|QgI9o&pU^QfOQks(9 zbVX&=RXP->_((M~gwjGFa)$cvNV+#ZPtD5v2lyyjTU02UJYNzl|7t3R0B3M65&32- z9oJ`8AXJ1x1e}N?qV@dw5y2kNTV3T(BO*4$55IbO-<>u^5aD^d6C|&VKuZ>6VNvI2 zT1H_H9+}E2w4uq|)UH|ZGnA|kS{VOO-oNOY>5Q}>0^2owExWjOUN1KSwZV^GwO+milHa*);tZtz>kBh|_E+jASo%*P@6e8Te1)kT5<$x)GAILeT*0s?xO1|I-8&g` zNaw~WrPNz}V6Kw0VO?6Iw#MB_DWF>7JH8^pS#avf&h5irO8ipnYMs?9$pw3Fw{ymW z0d)t?Qa!nINxkxmb9oLfhiqxP{wxFUm*p~L@H2#RIdHNSNuL`2;0*JS(&=5O& z7p-k=wq&HFcgG?)L@R9hfl>xRp6y9bUF0LC*92sh8a4b*y6u%F4r#^=7C@GYf4YN7 zpr-u|C~e>JkO6x@UvDxiBsh5Ebx9*wEsZtbxehA9b&c|VBVKwu;!GeodyL=g)*BcO zDvwvm@iJ=3?0@n@7JzaN>^7z=LCoy1rC)4nQVHN+qYcGYBbW4=tH4#8s|WoP`G4tx zNcun;FBelU)axOl9J4`LvSe+SDCA>bChxkdFwXTvMF6470+Hwke}Dg=|3#wF#~|2M z^L5Up7|{n>a_Kfjn*$%DSV zyIw#T4hX8dyjvez>U?Y559)A*08j~1AB7TWimv>JDW7Wh`jii~R{ zikq6w%*Uf*%Ku;sbEv`9IykxI%X$I(_y1lUl0BR`V~72-oId|#wzBQrmq{)A3Cfry zt-1IdsuOp5M`PxRK`*2#rhsksd&pYY3rRn-242NeU;Q<;ghyZGxx~-p;y9&!wIeYN z7Z04rM52CIOMN+XKX$vz)ftQ2s$1-?Y{=p3IAKdoH>vehRyfdVpO|IF=+ z$cyXb2Nhh0zmvKACZpZKCCe|)FPxejx%rcyX_P|%fB%0Kp*lz7USqwatkuFXO?1`=+km}H~Xek^O|9N{yX^wAgZEbaAFj$;=@LV|s zNX?W8;Q_Br`Q&KNuYGdT%vJlZ^kXIz#8CjHlG_FvF7y;joa7Lc9OYb-K>}9Cu7TfW zbzoKOV_&ZY^-&!0Gqt4$XD37yw6qEFF;eWbq_0jCrR=FN=@cTq@A_Fz-%hbms;9rw z`ht>K56;vcERbwc9juv59&~8j&)ST&)JPxkN5(yt;ol2ld(!NsmgFqa#vH3JNtsM1E+?c_ex$k--z^wiYRAgP^YL_5kSl4RzwxH4hJ)GnW~%iQ zpPg(MD&eP7vxnbCv$Y&Zm||Kz%3j0Zi~U*eZaPfXxU2q==quJ%OIjMb^n}VXM)&INFWKJ%vbpl9O+Ss-7j0Tz^QbIttJj=VSTQk?c%ph~`PBWvNbfNY?YBWP zy(+Z3K|EKRl3vS-#af}n199|pKr7eQ@MTJFWK+c3^icGb67 zV(HkW-Oz1YW8r%a-O;peo%j#3zsJ|~eouJyv75ITm05YBW?)NydfX*W`%NT@)t@M7 z@Vs|MXcMc=dKJZ{)1=3cGI5DdJGLnvrc^sV3F-zFZf zr7<6eAG`f>__+P_b-3L@Y`ubO%qFI!2}fzLQL9W~ry9c^Ii>x`{r(rCi09ENV^nzjDuw_B@{_*SZND0xljoXGD4 zsLc9xgf-Ld4N3MgQ{RJ``hZ%cZ}+-u(>lW43wpz}?jdTtC63#;zj+1M#&w=yUDC?# zOwgPRm&=sc2rd4^2H#*i`p{82O4L2RE&@wqJTx*6DWuFozyJ)Uw(;@jH$O!l72c5PGImf+pT3vj?#u9uG`0)k?cP&n~hQkBJ=_u1urUZ*oO9hBYOeY1&-w-Jy+peDJB0tRatWzhq=w zG3R4y&3@E_6^4t7z1COmY(04~VB(BtFB6;}`8JBn{4@Kyc5C3>Dru)_zBYbwaaf@y zz$LN9@R7b>D}++)#s2n_nT)Nyz3XE7<^3JMDB;XsIb?j)^r>^7$SI;R@ByL6OEP{3 zwcCkJddxmGlR^}j+>CGCod7p?ul5FLzEjuM=XNONWPPgsP9U!7!AjY^JjP!B8B%OU70RaJV3{9?f z+F-w1p#;=b>>0?PDF8k!PBr2Zj3w%UgX{92k6B zj)F-o^V?*1kyXOy%gd`;Fg&(?bUW8^oj5K%P+nT#8!Ils zevbgap!6>ZqLVnl%zN^>%g3{jut=}KK!Yx?9ni}x4sbS`E zqV}m-F`<;?tTRQXHVNB?47_Cz(ob1=x{@w*cH0d#wCA@@hWhO=?)4=&Zqu3B2+hLu z$j$&mKT#IcGu@w{vB1uiRBw3w%W8?EuF5k%MVqY^l)wdcY?<>&SZibQEzbC^#$ip3 zivf3;xZ`$38RO|q6km8g9t)s>lLhc6-w7Q zoPPEUcQ{*w0@6eEkGB7G9n-=qKo}bDAj7&iG~CZvHnRYUS-ms*=W2W-*e=pgAD zQ!u=l^PKGhAI#~A81J$U=(ibodhln3$x1*{M5AXZMSeN?LsDjaUb@a5)>(R4}qW_0hD5sLdl>Vz(@gC zHUD7!H0ZcaJ}>!%&k~le=u}9dIV!VrCx-1xudTY}(WPbvg|hY(w3?MC;0oxh+0 zOKgLyNjGO;!X|PrCKQjy!j%=JE*y81d*8z>)%0CjkV}=1v2@tP+$h@4)v(c3x_08+ z4~oN5A)3dCFwXY^#m8!%SB3Okz#dH2L4pzaRSG>b5_Zz_+X;y*^BIRtQ)? zyga@z?u)V!adFmPH#^?XS-eh`JaS~i|1j~#q0Nj;?F$i&%2iqZs{;1XPvf{__~rAH zyiy{MbZ(K#JM_%)1`v69qD>^uf&}V|23zeu+1>IHG83!2ejaM4JCx1{K)&!MAkls5 z8*x&{Js$$R>>s|qz80Gg%LcN5B{x4dgDhb}+%=QK&!F63gIU~X)L+(tc^e0~E)R@P zGCZ5^2^!zKPL?$tXo0&|kJ72V{pt?J zMq(BBgE(npN!a`6B&xjNmKAjuP~f>i)44=%@b!n*%__LE!gaB`7K-1t z@#$$30&;MK%IG{*clLP4hkIxDV@RftD0Z@z{D1cN{+ednosN1sw%f;#&82qG?gZtOg~WaRX_nTS#}&)1;~$$hw|VF>r==mKsN{31=OvO8lVr~!!P=+e-?Ca zEEs&6vS@Zzx+@OBRixIrXo9HWIt5hPIm8l%_PWyBwmNFzw7GQ7xhH(tG%c5z%Qfxb zD0w(U`Q(Mr_Dr$*;5X?4M`^8{@AlQNYX(ee91m*Q7-qhCYdwmg88x+D);B;0AIYF& zp%7}vRFfOqfthl*sFjDKBJR^G}!|n%maYr&9DWk4?DdWd9RVtDhDqk z_X)<`;~rlN8NN(=>i9o&B2R?b!Nmzh)_;6ENd zmL0B^obC}9*3Ay5_Wc-6!W`~2<{3asP?Kqk$uW5d>_wuB1@wCUlamwm@kSrn1R!kQ z9uY?|kf&b&z9WhZgn_}(IZ)`F0m!N|kZ$WK3bww)|05|E%aDX!ef2etptq4#gX(zk zR$UO(uCw0nO#+eV6B#FI4qXs3O};+m^!)JGUHGf9o(t_FgoeMxqlBI@Qo^;h_JG*P zZYOYjX#iMN5j1LXxx6I1P5F24{HsrNANDQ*WB|Hs6?EIJ8C~9E=AxscEkF_5;f~J- z(+n`ne{Kxq6$#k}j~?4kTycSs^NT=jfA7zqKQpiSuKqiOp#Psmkh;;?-aeX}Vscr- zRDt?qRwGC4rvL)To-`q< zbLXxy(9uOZlIb3deZkWZl(PP>*|3?m%^^&xi&)fZ$N9JZ;DcB6MhjOg|7Qp#Um~=t zCzGLe=5}D{2PUtm|5vlVUsoe**%Lig{Zrhs=xds+6p$qRzNn$9+Iem~ih=XPHv9jx zwrUq;drAN^2L}fiOJ?af2p9#cHSS@kIK3{4Ood??xVYBV=jU1CJ9TWF|NHOzso+@^ zq@IjS@9Q)tAO!jNvNZ4C#~<&r*9~O;_Z>Ms1n;P(w(BHwdaT7EIq440BlkgTmr{OdMd2hkWWnGgvT zH)2hb@27x;yJ_>>VVmFvuQ##0Q8!y>y6~8Yfq{|Xqj6VyJ}h?X<(Ovt%2P$3r*nHp z$Jqz1G%^^38eUDvhl01>A$e|QQ}`1D5tM|SjtAl2j6~pH(2_Hf%SkR=VGd&%UEPg4 z>kw+LiiP}dNQnvH$~?Fn|ERSSKr-KbcSvo{uo-fmvfb1On+-yRGzKmx3I=Miu}KID@67{z;*0eYqzMD~YH7 zXDB6%B<&WWJLKwyJKnH(us1)i)~rxpG^c+t%A$J#^Uq&8J_1i&eu`YLX->z+I5%=d z+)X*~KCPI)DwO{35N2p#k72krLk|5AEUmW4;TE~OW`DiB9%m2#|7Jx_xBqY|SBdOe zKn6v4$BdPpo{2})_42Oeg#X=Qp|<&ZAad}69(TY^lA9^tK3hs04C5wt`To5eUE3@w Yq-4INjgJ_x8*%bR%63NVkLt2#lz-f`Bk|mvlGGs2~bRNh2U7-7PWF4T5yT(4}3kac^mC~!B34?rRj>y;p2bDs-pC4M8Gy~M8J-`x8(7ZC4)wd{ZvA?c6No< z2?2k$M%7uEBFjtGsZ-0F^nJ~tBkwsWxAnm$uf17`q4iNtk;CSp1HbvCQ@MGhhbyN0=UV%RI}=tzY0{cYt-)$>TrXL> zmfGI8Nmree5@h>f17Bg;o+y=V^w=KnSBPYmjsxB`2K>SF$a81X_J;Z!S>j%;A@JY z1Q=E$1Kk=-ct^X$K%zt~UFJCzL=%>3RPe6@L`h}}4L5jf_i0YV{`0mU zJVJnDL;yw>G`Cu#aW_F^3k4l6M%eS6Auxy$0?G2J!JqB)7JjlRCCs7W(YZN@S7Y z_Y*Ew1G_z6w-myVrlsQyGTUS?fG1KSs%)bD4+q3cxuGFSCcE1I z8emZs8!$^ljb8O@c9nR({DZ$cNY7p7xvQ5XW;d=Ej24{+G5zypRCpe|FP{IjqpK_3 z>*jpjx_xy!`4uWp-DIIT;9x{Wa90N}{NwJh(m(Tvx=$Gz7N$ZgY@yhRC@RsQ3N^!? zu5l>zfn<3HxxfC$fbFRe0@VH5oQ4ed0>BF-=N^8k`6p5~Ux96UOP7YLwCXF6RB+z$m$3f*x!dgQy(?4YwZ*PK_)rw>RJ2cP3x{ z_3y68y9t@k!aiPJ|2j&aZQ7G$5Ve8v>(_i9$x-3-(qA5WJ0`veX7yfj8} z$eZqe@FAQ|M1DT#HlQblU8Ul1w$3H%SCQ^0+%i}7CbAvZ_lp<0i`h?gd1XZt`n2c8 zbQgBZ%|#)jj6b5JVT&h8(xU*}O2Q-=dU z4-?4$cuYs-aBbj;jQwkm7mjiSs2=WYS)KpVNbBN@U(oO7i@4MLs5{+#vv=-$vs2;XUV8@TN26-1 zfd9lz82LSC_Fe?%YkvDgL@NZxA!X)U|KgQK#3ZTpdaQsQNM2%OufED*Z;pP8Oj?+6 zYT=LLc|~EoU3WaLKhSu(Gj*@tbu|Xq-pT$IV80Wt&JR=e-2|_N<$*Lg;N8FS^*uAe z>qlN+=RH0#OY1o{pIc#J_M0zD=t=<>!RZY;U!~a`FHZSMtioc~a<&{cG(1tge32sV zma)fQ*7p#T^mK@VUHR-vCjKSty|m@^kzI>Xy=zW6*Zyq1X7lBqROPq+u|R2uY0>k8 zKEWK@(cFUxG~eF% zx!oSD_F*TiUL0>*0$zl3!=aYOhfPTRxlgcV7EP|*`7%o$e_VktY`^jF#j;0&p=Z*p z`{?t7evu*Cx@F6-RfivMuw#ILf9mkSei8=cnRw20{}BWO>Z^`%z!-9AB~n%Z+0maQ zLW~w7frmV!umd(`o*M{5;X|{u{*>bv$)cO#9`^H%x-u6V_poHtq>n#?=VWir+K}9K ztCw)v#e;dj{iJFWmLl!qWRxXLIA_Jsdnq_@qQ}74XO#+T8a?u?S67pt)C7~1XX=RuaD=}rN8Eu8rHz*w8#`Y^-hu@Eu(=@h zkE9-%qe|M+Z}#p(_75>?*5jdTQk^4;Q+fX|mZ!cx+gNURqOR7^Cs6_s!8N}C?^toI}g?ywIr z+-3IeJO_2)5)F=KCdiq%21OsO|8pqhLC7^>WO(hxV@-aiqigTJQx`I=_rz2}&G@lS zkV^E9ZQs%Z^_;iO#(uoPvNyfo?qJU#_?*u(+_d!GZ)jn3t?BN8UO5P2f;YiQ*4;PN z3MNzh4Jxso*}%f9ayB!?KIK6sa;h<>ZYP8% zdL!#*W<4P9;G8fOw+Z5m25Mn60UlJZxVeOvHtLVK(}n5YPNW~{cGvXgwM@KhX~~J* z_?}+W&(Z5-QgWNs2Wx{5AKk0l;ivUGP4bJ;Q_#5JJbrXON;iB=wSnoA+zbdAqo6I9 z^^=VHH_kx>Y`7@IOXnf8q#qxjeJ=B`K5$)KWyXUp6RhYh66$OKC(i(#q|tQh3S_VB zXpyyJ6_>X8cPrtVH9Vuq@#1KcUlQ^ez+4ZhF|<0J1(W$2jx$UA!(FsQ%G!O_4- zOnbMx0{l$rF$~>du(G@yZW-a{gCjB2-E1BKC9p*hmp3%TqqE1OKi?=l&XE05ZhXBX3P&8?9b0y$ zAN}xq0Y}LoLUc9Y9g$_o1=V#*=m6eQqR*EGVpR|Kqg6>`c;%SR;Jy<6_1gF9><>p? zi1j;Cl1GvKNln(Wy>YzOX<)tqkQlWk4J20Yz3g@Ql`o4B*%y@I9>YWD44*yc?}sQX zt`{XTwQ?p;Z;v)j{)-^MW+1m7_5`-HoXU@;_2A?(vIEx6X;d8kHqGLi-e)8$A6pHW z5o+s9O$=h4d`BZ&BE6lqn)6~ou;r>k!rZF#UKEIzUR|MW8p3B%e(-=nA}lV#56QVr z!X)Eg2d2npUbBSzr^t~H&xJExHn#n}$ zjcMd4Q4diBT z$r^(7Gs&gg%-pA%IP}>qCK*UA1e-(u6&G>^a91+gf*;<|=1ohBEh&T8UIGF#tnl;G zg`iu9!GS+w^{0c9+k9@3eoStx@RiAO^G;!mJhtC@U)|Aa;gU8~d-H8b@b6T&K_%Co zoAIUj_Qs6~DZz30$2;Rtf9w$mU1VU4-Zv?di{%Gh1bvUnW597n0dsya$>Q;bi-{sW zj_My;_A8yjZN*5RV)+rfee|}yw+a16YLper;VrDGnz5+ zU$v2~hf;iOQovcjln1$A0$i8Foyr8%{@&tIHh(Y4)1FV)V_#CK-8kYHUwXel*)%;H!?wMNwKq*VlwsepnjrG;)-&tNjnSr@Jw5DcC8q4@D13;euYgHRUrWa0$p%;=a?(9MczF zC0+D3gWMHQW4_e9>r*a=&}MMxi<*efLTq5px_5b|e#RMYk-^(HDD>;OJ9~}Wod`r^ z$&dGtKAFoGxh)eSu^<1fCPcZ&@bTD)dmU=$tVUYB-Ae1}C$F4=5>w0vUkQ8pIfyCT zirSIuu|hhU@%*BDt}{qW;Ojej^9J&g`Eo@)rfv^7?0mU#Q~PS*OBKJ?In0T9({woO zH6P}{?T+dS#%w)UI z321nbWchtVp`G%aTe~r!RK}QWvWin|$x}p~06AnO-HC#5`={8M`eKgJ3KitI=kLDf zy@VN%DaPRx$zTTBTAx6S^`|3%`+4`h7UrIm^V$I_#hb_QH`7fZBG|jJPncg-PR-}? zWvU3FIc+n!ryj$uxP^MX6<|_HhV0qbq13V!!PPtlHa_~6B>m{@`=$T-2f{l zV%a_~(8_n6_CRNq{+TG&w=RfOO%(cpX1pHhrom?o2 z=n^do(hjOJEiIdMxjQZg8VY<~0zZi|2(x*zCzHWEA*inG>IhG`igX-&w#TiJ9UA4G z@^s`xrXZ+JTVriN1na5B%Mky!zgF4nMUb0zhV#Y`Vj{h^#|It-fp~^EaxQ@C&Ppav zh-0XvxNyfVvh5FH5g9GXtE?imU^LeZ*_Tf|Q9r2gaG_?l_s)f=SV0n?_wNP~(I2V# zUl*a!IzX-0ufia{^ah)-UxkhqWKtwWOCuc5nu4Skw*z1pV%YgM?gr=)il=kQ7xtb; z#`%5qHc$zO1MX9*uxz?W8pVYu%Q&a|jgz`WjZKSUT(d0AB1&xeQ=it$i1?Mah|*8E z@8#y<`0JXhlLvgu}4Z==~}5-^9wrdQ%zilIB1HJ0994F6*5 zWbIBxD5N}aQ1yYM3GME}ygR6L61RjzVPv7zr}uGAMH2ka50Zkgj@iEBaG<X4NI0C}>09`lfcnLn~nki)x1V_HGsml0$aX7e^Z}EwbFbvw4)kG4O(DDat zNRJGO`)J2a7lKWo2+p%_yRhopJAVt$n4U-lt;1EH3k0Ew(Aq;oKv-HywWWYwo*0+dz z9^NPmV>i~bH;JDXp};?Tw) zdi+7r0tp@d@rrQPh3S++f@sqDBs?8#e4 zC)QJ!A1lo{i^!lB?`OU76~D-zMXR9Wti*O zEV4xK4IVGl3i*7Ty#Vqv2Yt<2(Y^4w6^uF|VxVT6ZEaNj5QvRIX5!xUSEuIJvnbN3 z(<_(!(d5!7)b^uqTyjq6Uc_y zeXLFpTaX*;0P(3yO~fVMYm+%-mLOg`yDAx!+ZgZ4 zALl}%Xr%VUGd?6#5TZc%k8zNc18Q&olD1EeThK(>aQgcFvYkIcwfAKWI<@Zvb|T;ui8;oN{AFGIT0>O8G2KSPr19Ed z-E7+*P>^IchK^8P!7ozIXk&f9+Q2w!L;Agn=r2aq#hovbvIkaCCj@_ z+9>aWv-r~-jVn`(U*z@2>`&R-o5NqGin`2O?qD?TQ;V-H9ST|OWN26b9)7mc zu&S=$!73PqiNi_`Y}vsJ1lk0o|Lpn3uD_reVZ6y)HlCzj7kkBZXtE3-5I% zLn^gPVx`~G=Nu6kYY1lpkosrQS+dX^hn>lCvmvG!OhUokI9{Cx=lgk`kE`)x$YO&? z!idKt6*-=lGy+I59V}Y|*H#+Ik;40_iVt%U78WLw|0K^&#e?vIeS&eE`+)F3gyN;& zWAs|q$~s1jjYX{5rbp-f*n38oqjd+&@u8T&L^M{UtNUNn+C-^dJcfRB*41+3XPt|A zEIOHo4oO5Mf)F|1LZr-eSK~(Q%+`;xd2?{y_4$+hz=21L=CKYu#$vV~<&R=(=5S)( zW=j&Or%-y^`sj>K=}UQC4A1)`Q8p_Mah9I+o(OLMn!ijHPZm-;$$1t=eXtxRnC$9~ z31-`8zO6Zq?FkAUi?48HOE?iTE^WrpV|?k|GLs25eTIYCMt2C^Fn(J4UyGRWdzCsP z_Aug@w~!(1<200gOmOT3nGKsDj9Tu5?n{wX^T~6dmvY1U?T;@dmo8`WcWgGG- zpX6uC6-y%ki^sx3j{e1kp(gjUEeuf*?C?uk1Q;)G_VI|h{^NF;L;$Q5g2{W3>|syR zk_xrGfg*(!^kW9*6>O!9S7H{E?YLd!<;)7aLG*PL=i*V&aEM`lL_Nd?od66U(AfyKg7xhYmf<;L8n*S&_YVz$oP^@^J z5p@siv)c+Iw*vmzA_zKt;8V2FlwMjsG7?!DaQI5?VQSC}C8RCi@$*qJkftKk@xmL| zBs1kQE{RMcGIwZywZy$JDNzNuPSA;D<}^O;a8R+}i@ zt`1WP9iSzYQT9MV#W-rW=jK1LvvCxq9#inIjWU@@1N1k z@ju+3`>sPk&6j9{4*-hIprMm1PBNQIH^XCX@nHD13bQLVCFF^KZ3Pn#l!G_gh)f<^ zxPhI_7A(dml3Ll;6e>l&O;63q_ZY6O0l?n$Iwirxd?+|wzzd*I2N7wrp|Qf4%4~n! zSI5H?(KYP%lPUv+qKb+s4FYCHHxKPy?=U+;D%cLTBzAT)XHVh zo-&S$6xks1z3UGuI5R*KX%iajdP!vmAa$tl;tAFjlF*Q0eG9b@_UeYL?Pm$luJ?|Z`5Th40JIQAC|G{3O|0fNRo8e{+Rqy2>iw19K)@tspP zYb@}CHPT6nb~FB00K$r5JTbUeV(VgzgIFot>yr5} zIwr<@pDsd?(c(@`yF$s2 zbeW*mQZvRTwn=KP%U=M-DNH5BJ((gJO~)TCPWv}Cdlfx_rN_Lry$z%wvZRk_x8;K3 zRNnJd%liwKHpQT+O5|q0QFHCIoYUK^*g5IN!4+`S?SsOxvzMo_=VM;qbh5`0qj*zA z+FvO-hZ6^)2^1Hu_$VXFZRYFEen1v!C$`?O6VY-~k$}19{StY{pYr*6HhX>ovcX&e ze0;^JdESpd)Z9h2A768JhH^JG@UPYTL3z&+7vSV#D)@WsZ3!#$lIy6G6@1pq_V80a`ki@ zdinYyoEqMsSGpqUG)4GzN@h17FXSbf%Ll^;4}PmCe@-aPjYt2IPQyLfyZwDvP!xN0PS}0Et{@&|C5nfM5`6EbWYGKAl4KzS z4B4lNes;s$?3{*w<+e?|sowM^+^9-!@c7VlWAf*{krHJeTUm=#3+Zk9&4tWnqLf=7 z#aT)}uWR-;NznwS_^aBh_-h5F;I6I2(C-7=6N=4{;H$xb*VG#xOBdL8C$eHOkM{k2 zDhzc*pz1TtuYK~zDq?3fn`+MI_fvxIOMddcRjDsCS!&PEa5^N&iOBUoSZKDaq~!H5 ztk7Id)%Gt|z$D2$v7EOv$L#TlW&h&8&CbEI)Wo||dp?*SEf@t4Ga1?sc6IVU?l>2g zQFjseq$LvVNUNhLTFmc2si<;2iVYo1zb$bOXpRV{eW0YA(ERE}>O+D3=F|9a23fha z!E@CEgD7z`sng5-mY(P=h3rX79p%1p;v8E8hWgxJ$K(vMi6~)uC`GYVR$FKV!5!!x z75R(sShL)8FXK!wL|?|e(4AIBiGaGvpvE4-sWa!UA{049cM4MDRQvLIx>!=>Bvrz4 z&WktOZ;ofgt=GQ(=Hz>hPAq4(cHs-xRgYV?_s0{ECIPnClb=27gjPKaZ~gkZN#hw* z)*=`D*}vGya9Q#^;`?KsOJAqo?A)xnHS;Q@C4#zx)>4FQpzxuq3pidx*QXVkga)MN|5ycwfCphecgg9aqe@N8FkrIzRgl zELlt=f>NxGpodd|QkXnF8;?aDOATA%)Lx6n&DC!Ez%*WqjT>K7akIgBB8DruN)*#( zp7xbCQdATzUScACAc^qe4j_B?xPi_+8$7r>T`j`CX}?Mm^SqKHGkFfrj%~eQtIyE$HhP z(V_)|k2HeZvNv^llJ2hs^lKfX3tpuOO{@&(=q5D*9X0cKMo8o_cSuk z#zwMq6sDRko#@1tJ?fW2gu%wO2Pvx+K?_DxCznnK2N`KGoN6+3m%S;jt8qHdeD@*D zf?1C}%l1%vspV#Xrm)f{Fqb#;o_D-esoF7+Au5!2G0BcJMoh2Y*P~Qn6#@RhYQE$LQ?pMB#|kPR%@-B(B}y(;ZGVjCT6ObxN)F$b zz16C@I?7^{EK{4OpVp!G2vGVM*QhPuSu467WV%emt$U#@;cwE?C~?G|B(g~*k|0pp zXzK2kQhm@=;hkgPY#Qj}_cTcNaBTfxTTPZeqc2W8J$!pgcTn=u-lxK0V$|J6%BHC3 z!tBHBA4RdvQ&q!rhc?Ol*|K`k@cnyTk<8Jy_i%fq%tI76zwamDeDUjL?@;NDeuA6h z(IJ(6xWVnJ+haGNwQ;*8T-(D$s)K)aDiK8}A_;}yvT?0F8+zaRm*%jcKl06lE?ZSU zo6oVauv=e2l1hdx%Jbb33*tI7dDR;v0Z~eVWJlqISoD6*xyQ*YTlpabYwGf|fqCE0 zX!?*5E6=p2bl+;Cv!dt+A8_82pxl(LCsn@bJbr}=Ht_HGNF`Dm#Tn)Q>4DN2KpIqC zwoM+OQ+o4yaJT*(TeIN>di*~}rErX;iE@|I%K2as=8HF5wP|g8<^DYBc&{sPu4Jah zA^Kz7-e;Ny(x{5sS(Yq$(wMvB{(}4c2)=axi?8k*lLph(yBs=3x*Ex{huPrTgbSkB zg}}>Kooci!`-4}C&1bGk@Ckn13PsPIE6qLbTV%VJ9e>>200ZX0I%Tcz?|`hoOtN`>wC2@CO19HsL$2}c4MT>$U!`*vr?y;&>v`pTC0-ercL*C~thUeaEN#u~_|g4Pu`R?SOItbEJUZpxf2S zTPezJ+j+aP*%K4XBr((MMk&ucaKpBvpfz6voYG+?H{DY4`@{NLUk7fT`jD%}3n`zk zfnuBD*H0wY8xJkjXTIeqXIW>rKd(*o{L?&`1jBoAHgAcw3j$=QpDb{+SM@s8pLaN@> z(7(IpcP!Zmo0#`Za3R!ZQceg`mz?m28wKv0pF3_U2s>av<{nK~$qeDIj&^n=vP~0= zDweZIEvEBO5F6&%+KK*&>MPR-gJzrNDu%1q!-5LNq`LC&;UJLna*lF<(F_vjpav}6 zXkSiX#@$}=G!FmZIJzO2!kNu^Z??Wt$yN?xHG)$2B&o}O!OuUu9YREBwuf~=%K*dN zg6>lD=>Kf<7ors(L=*nN30G^NDEJa(*0JCZbmZ}y;<1G#4IJuCqnL&u7NO^z zpV~8S4xl(T_(aE)ksrGC>u1!8?(*On2>Ue@UAafQu#D8)9K^Oyl-R(W50Et2D#l-G z{;XLSwp{fiI&cPVw5D~qozU;xoUYT01)r=5#0knK-g6?}w;rsxZg7lnF^90<@%8vK zqqd$*s&tt4mSU)cN!C{@e$Y=r#@{Zc=+-fquC_hGGMq539%L}KqL(7#TK9-_XNo_; z*sY0C#v9&wyuqbo;FtAC<8*Vhgki2aV(5>8f0@DHV7#A12U9mspY9RA zdJn*`_#lNk`Vu$=<@aN+Ci9p2@d*!)jmz7AALMunAd&i?Dmy?#)ci5`uq@afbb54! z-QhLNn9%hSTJ5HPV9y1d)Z!Ts!~rpaEG}#GK@sbV6rcagN~%{(iHM4xRiNABoR+s#8y7x zh9bpz-bE25zrNRhCyXDzTz4B_oqC7Z{USuw%rYPe6~R78YB$`;yc<*gW`ieGcRC>l zSSYwbFI$wnTT$0eLUHQy+!NzVjXG!3N-I#DH50l`qesGnC#8%Np}foJAR)a*TU0HY zxbQ9SJ-o=Hdh5~7;m!g;%H#?rH0HU(@#(X$rDH-@!Nh%fMrq%tuVr;#`kv78wOrTe zmQhl4KgOC(^WCy_`!s~zKh%Pt81@i=0y#VUSK*A-5ESPSgY8M`IF5;t;LN6g#BR&x zC;9TD48rtjRTh7$KZYT-epm2jzm5%(i8d3%>PNy&tmiT1-v-G0CWn3cvit6krh!p@ zH`6S{PT!S{ZnrqkF>|%ViQp)-y6ZK_sp{I#v(KkqQ0TU^quytZo{nyzx9)v84~hMl zdcgx*+d-(Sk>j$8A$C}T!*gRs8`yBu;KJGbVnU9abuuhGdFVzTKhwk9{Mdp|hlbE9 zW#ZZ-#Noi-*eCCW`O35hgZ0tIVf-a?bX+>0Xa?}w0mK2valkx+8X&(#+vq;SrGcF8 z&d1?R&D7cplWjN*HH#WlSPlsgep8bnhRjJ^5+301=&T+UwwmA*Se31#&slK}8s%E@TttJ-o7_`qAXB7! z*p5>)7q|tw_pU1yY@!5>We!E8LRvh0*CSP!2doB?Ez`(h6l7M$JIrQ?gIYlhF-Btf z3I@aD(kKqD@Me4liki~ty>@YoIR;(ZEKB3u88Mbovj);9$Z*d0Rkn69jz-h8EV-ZP z;NhI+5>C?9G~c=FxomI~|AxyavQwdW^zrrto8DgC5VklC#ITO=ND}B3$t36Q+l0VR zRbg(}Hy3)(R-<(EXzPn+{b%ClPX%sv$#z*I$!i1xC^DG^i& zdz4zDV67t?kg;O@CGC={?n)X7)F1Ge$ElRuU0jbGV93!8PQe_PiYx9l(s0Oti~}F) z%rnm~AgXX`9RNlmi0|{Bc;QGC??}A)l<}_i&p9bCHb^;Pj1gXc zz|ylfV-$9lL!Dyb+v5yHZ?s*!Ztsls={C(U7g?ZB>bI!Ew@>p=h6n|0GlsS{2_XvZ zj@$wBshllN7gGq^_XEaO8tWFlsk#q}4f(MJ>ieNF{XV;KqcAe*OVPqR72OWsS?HJ` zF6jrY)nXRK0w8i^upQNQg8oQEf+(o_mRmu->_;$-k+-}$Ry-q&ke7Uza>FB4t=(he z4fPnSJvK3#k_>J5k(YiVw^)ks5ybUo4L~Brg@mlX4qQ$op-J^G!qe}k`5C*CB^m_H zr)O0br}w1}r-(#07V-~+A0fH6JsGsM4ayzKKF~mZe)Busli6R{XI%Ug2+&r9%WPE2 zunACg2`t?g6?0Y795Ow>HQs-b`#i{S-f#VmZk3JE zBy6}L{;q$9#?ygX?q{X${v1ND$P@>Zd(Yl+3%%Pgx%&JRm$TLQAG5-3 zx4a?zqZ2!g0RruxUKvq*xBdxz$LalXsZ&XVzUJ}A@GhGDp?Ejf)p&+IEIj>ff>>(OtP&9gJCk<5MP9{r3A|ARe!jdG(@30$A$GnYH$jUFpFS;54K zbcd~O2R95Wt2wo64C3AzWT76_ISiYim`0W+z z@{y3cbrvq92bU|sa0W~IZVzfmIh2Af{L*7I_j#v=#SEZ@iSVO@w@xbx5n69N)LD0G zMv(GD&8{J;2wrQZBoWZl#rKB1=HMr24r{Wc_p*Ppk};X$7Q*Qk_%q-%j$R-_!nA6>X%9WSqLx!`5Mf!2 zB(BbPX~=MuttQsNEGgH;42{86(STfrbS5%5+ARzU1s@l^JvOmrlbd|ws=RRc!zf(< z7DXKBG(Iy@sq?MfV?HS8+2%-o0{+3`dfhvPPxLl{d-6NYw?FKs>JQc2LL%21-p+}j z>fUPl&M|0qrQn$sMNhEDlH8jlCg=#Dqk_ba3dHqf-X)6;Du}qW`C0`%@NW?-N>^q0 zxe%_^tjB+DdT!0}=D4V`vZqj5s<*ZF_PnZhs?l*JH|ZDu12q_mWn80!aB27^V5G)X z!hCg^kBK-;7hnK{YTGrnYFII-KLcT#i1{ts+&PyrS!0#xWVz(LE0(a7D_~rm+n*-X zi&z~mF-Y?^EH5lQl(;#k!Q3xX^kpb|U*~vx-QgXg@JSQ;UPwhx+%Tc z*tD}OLUH-vRk~t0$)2=_k=fv5*1zh#7@O7Sdr8Dc>p*sLa2LwgaaLKbXrubzN5b{B ziUxcKP9|t);C4l1N9Vkuw+%r_4SvOT{Sr(AAw<%2HXMzpM2tm-YQk~s$hG+f`ONB9 ziWsanK?FgEO~4iZ4hz|Dh`)0XMK^j%YW8a#OY!!MjKWdm-WG6cQ!3Ytco1!%T;+=7`KTeIqiYm7qx}d+=)B{65n2hDP!=f!8 zG(=9mSz<}LXii$rc=+R;39UirqXhqli;sA$B_-N=aG`^l%gUUuAEoje!ZWCl%cJi} zn1s@60$veK)jCB^nZSfJmTtQ~F~wC5-F!oPS3L-ZFG$5I3)Rfqqm$7OIccoWrIS#f>nhhpE`h`wj#X!Gei6+$$q z?#uR>B>M_yt^9>dT~MjTV9YCIkMjc~w(QYzJDI?pL^_6qGKNXv(`p@y+r7C?VP)4X zPA49oQhwufT0^D+2`hKJrwT=)sa|ar)(jb7liz`5)B*;+q7d3M(!}3#uyI)iN@N(> zS^1vH1V!Sk2byY}IRm;)v1ih}wovnDc^yzn+>+muPef97!V0Je(@W1GKG0G`A*Z&= z8-)Em^-Ry*+fSNP`&bePn(~->GQ7_qV=1!R67xWQxhqZ6X7_%n=XL{Z|1b9*3r zH|{oqo}QpYPemjxPhv}8 zLI$kuzAXf(X0L}$k4=hXztNcnfSe7^8C2Q+#ORI=#1wW^6P%AwL2hF|a~Tui)j^x6 zo*=#W!@csK&&VP z8tH8~(p*BEExR8uixrM-_W3cE=!e__fsNOCUsPw-rSfoL5%&Q&3(9?Zs!w{H%waIhO|*69#CyD{mcXH9ob8`b`Q$dBt4xN z_oeNv=YfW33{38Yx$|RQvEgRcRJ}xYJJM@!DT)W96?xNeRyrO+aTJiZyH9|YSA7-% z%Jz50cGL%gr&3U$&+TgL?|hs3%@{WMsNJFc*2p-*5KP z0U^s%Z7{^@ukiH+i%>;_g1;!huTc>oKt)d&D5%Pk(bCZ9tR&l&_++`Pbbd>4{`veb zfjpF32;c{|0aCFQO#&2o>>~#pfCSmN_kWK~W;}k&3y4$CUxrchf81#Phr+}4S1xND z1n5xxs34>Ax1kXQWVHA5@8JG@c1_ak0tL64F4nL8lcSR0s9Is@08rn_bg==M<+Wy^ zcCl}@PN~rV735xFK)V94x;jiJlRL?ez-*Wq+9&Lz)L)6_h3(R4LB-go_0L4wo2TfRa6ldYfx0VwU z+hu*r^_NqV7lZ?BMZn?LC+}sp0Ts%=eJ7nose4iZoQ-N@s&f5jqtD^|bh&xgJ}{|# zfBJ|VvPAjT?J{86QALpJ%hOWd158gX04p=i9gD{relP;eT?+xIkuiYk`>yomPNkju z#;|G0mts9gmfwPgv=l&GQpp3<0tIkdD(}7e^{t(mTBp}h zt-N764|j8uqz33Km>B`%LuYu6;~WpKcG1HMhnbo&X}=S`6hJc#-G>5flNxqgktjKn z>5Y;sK+gd0rTQyqTG9OWqFUPf_u}dla3E;qsegS3C}6E*{m-0xrADOy0%$HAkoRJ` z?gl-o_$y-v(z28Xu#%e?VBp69|KkfrjUX6J8>9%#*#E7EPXRof=dWD4Rky;T{tqCK z@2IfoaeW*vpqY?E@JG6u+%pTyO^l@KJ5 z5pw*G3-FKB4^Vo)1Q=UF9~p=Zd7<)c0vn9~Xz~A2@HhTSFD_2lvPCrTi1JgXlm3-+ z0lp?ezy*S;_c{r{vI|48`%Qp#Y#DuT7#(ABLJn|sXuYkcSeE*A^60HCG z$EFKqk0V1)$}!?gc| z9*hn@irUiqPdmd}g4EMv6{shn%>Za_V1k?kAP)b^;PW6qxH8CS!(aQVu>mdA@OQnE zA^!~<@^?XPjsd>}4OoP>Y85&2{u588{p~~!eW#gm12p5i*JESenO(39{Oo`Rc_*Wz}stj1UO2eq@ z6*g-T+`wS=xz7QHt|935M&EU@~pZTXN*eN?K1TQ8uxC3Tvq z;U5KpTlfo*llpFf2z#*78F4v3(Mt&#Jq_$S*r9@$`*?Xc6rfuOj<&|^{>D1bSc##O z0>Bwy_dD4shybki4vqp~t3JTbF$3ZYk5Yjs(w%GYC|udqW)XtQ+0mH31Wd|T@%mc< z+?|Vzh9&{H;iWR{*RQ9A0f8(NK=Z7tW`oa63l&UA!@&ozh%U#A^##-Kn|GRiSH12C z`$-&$vgC$#qB*uGw7@|GRZa_m6O}_UDY)C|5B~nZL<GxBi-HI-H1ptDu@Eot$=iQ=g^%}(n^bjbaOZ7oZnq{t@|Hq9KYG$j(5ND zJkOf~#311tbI#^2x0i;X18VpY@00N$Ag zD>H7XEir1U%@#NPv+Gn`EKA3w{aStI8`gCZ;=78N(GFOK^x1N=PD++fU~;p+LW!6Z zUmSPhiSdB_*Ca9)9jgtaQ%%R$qU|Bxnl71-19nK%bHC-RXLjI~Kq2f>eFcz`V*uw` z5wNjLt`efHi|~`8UmMJ%&=GGfG#t&P@H!;0sbxxr=$3H+kppd1Fx|{x4h)O%NlQQl zNgZR-21XM43{}6*xuwWqrW6Q*YCHXo;+^y+D~}@ z9!22p`iK$mfYk(gb-zxwzeB&L-UqUx^!$F1cjuWSgfX<}+!3~I^4jR7kGARPN{`wN zPEU6?BMuoigNOp<*a9GCvq*e+AhJ3aaC0dKfMv+PJ6pDZ2~V&|^OhDpUqSBwBCuU7 z$gKP&>g78$Ilzx6YRWfmX-rlDEK&{O*X8__0`8Ik7bAG_yQplf`Di5e?q)yGeYa+2 zK+onYqmb8LTz&luJ&?aNKeOlwkIqZ;k>|D=U=X`Lct^~lDa%p6^49djnQyvKnd>pl zA?AmQPC&k~|CGe_yT~X{8Geio-(_afY`G|$EYaWBMt!SkIz8Z7X``Bze`}hqMvHF> zMxDyzG^ZKFJ@39b!XAvBC(K2T;dj{2Y;|$CjuvyxTWk+l^|30V7brUE#GJ;4x0gGd zc7OBi&HO_+y~jMM~ZKNOaYg6+h&@tvT~a6)4zZJzSSaC^*bJyu>vpb z4)~*e7Lg*>0op*TfHsigdU<1H=TFt>1Mj=-0tp~SQEfoxQo2nDH3`i1>6w3OhkfI>H z1oitIP`yA)OS_j#U|d})DiyquUneC?tq5F@c9NTR*LAd&kj4XMU~BHf}rQ^ zQ~EH^7`GtqjaO%jUJ9EdUm1akn*d4+_X-Mb6y)`O+c}9tB5>mmQ;Ane{1#c5cj)KF z0T)(JLA>;fvNwW)`ChaEmx3?pFK6S{<76SPQbUhn-hj=k4s1@0m(rjh9@`(wOd+C+ zmoSD-{RRej#q_`woY?ug9&f3c8Q<$X09y7yC;@$V_u+P4I-doQAGosFB4>=$>dX6v zPwFmL(}@r8)uiIjYKmrcz##@{X^bwG-a9w3i6FM1HGuQxJ@DwI@*>SZu5?`t0Foq? z09Ay{kR=nzr#hRjMsGpV`PKL4WG3~_3+Qnyy;;S*0H$rk6|e2)be`Momn1Ux7u4ga zjnQ;Ypjf~&vo@GGdffzOy+{8Ia8?I^5XIWP`U8Ll4gk}F6Se5I?B5fC%fpopE34XD zsd1Q*2Z?_xpfjTmN>NqDh(`!1?4YRxJQOGezq2D-`p|9|XREAxEAUCPa47f`S#(Mr zd-~Eun&4W~==jhsXFKs3s%D27j;tLCJQ0TagYi8;O2_Kkr4~^!ICy@qOe56t{2F)w zAtn}7bRqZGV%l)m;mH7N*_UVEfXc=YYzdf}wcJ$a7_e2ylaODx-kcgBjg<$Ov9JE2 zfxL65Gw=T7K4avC$rT*D2hgj$2VEk24YlA^bjtI`Bg?AZ1=#^RyB;k=9SxKak}uqD zAJku8AC0d6{6ND8`PBV@w8Ol2)GZb06tHEWqM*4imeeiTZ{VFLJk^j+;4rdZXxCk} z9!jDEHZiKK?RIYH-7~mu5N;7;&|B^P;l!%XL+FVDu)2U7pH=tXUF-!jM$493B=~D% z80}f9af?1j^MQD~IQD^$XG9t^YxVtWm!!=Z*xoBvX!v4?)|{o+{#pQsJYVQVH6Hx* zVLiCq;SMBwtQ8PK6nN^C4swv8&NF9O#Jfc9JzdzK6Xd~I&kq4MKR zB2*ofr{WX0m|+9BYMv*^Ei{2d)`^e_4+0lQ)d1u8w}|~@{`cxraoUHyfb={8s}eKn zylKwXx&sbKPV;AqP%v+%P#f{LcGurb5p>$&Biz zmbdve=ZaOCKFYzb}iXbwlwdARD_B ze+J$w@18CBv{XO{BYr+~4#GT^ri)O;QR)iz$PyAKH~?|LG$nhy zMUfK*A({KtZk+Zk-?$sRLla$U1hoA{1n+uJ@Ebs{R5Mt|af)XR}-DVzWFyX?Qh8-|pZKlPQjvu`Wc4h)Q z)3ICFhfn6VzZ2sTMYN=3pCP39#q>`XZezrN?t^;-)@}4dKuBGiam4 zD6{ESh!_aWB}2SD?C8=P-#zbO-P_}5D*#L6}XPVJ;azQ}tOI57Y|W(&-Q3t1w9 zka|wWaugoL{)X^}+=Hy^+**C^b5N85ug0#onisxtqLO@?it1G&BwXwIYZ1dPGot#6 zY+Mw?ax8TZa_<$!z)Rgc>^X+2SOBdxii+kD`W~@5b<{$f;{ja|;!4UgT5O7! ztE-OtzHW0VqQU?7!vzNi!y@xYltNf~TEEzW%8|@|^V6oy z7j)QpEgauvTG%YaZUM|~_)*2?-Druy+H7>E`r0SLiK2cY^&&0ihQr3xp>q@V6wbki zLoufkJ(x4yGd{Y~oW@UoRBndOUaJd%5O;uh?awS68GT5J&&FuLC-iI4$KrJf59t}Y z*ROfX;{n(-H`X|w4=bA#x@Z?e^GOq%=g=`agcb!~*F;kKqpUW8SpWlt;`{bvG`LvF zr8HWN9UCZPCdlmY#_N{|4UTtyupG%AzsDt6ZFvl@wUVp!OL&s^`>uuz0!W@*SS$V7 zZHnhGw#9gLKX;*n1HHriON(^?NmOBVj=ZY7$2A4yrMX{8#1pNfqkMR6%Mr=z#4c6V zC>?NN7LQ}Aw>;ydLWBIz@^#)s##_i++Eg)##V-Id1F@kRfB=0Hm`nc zA{*KMi8?gDMLZMsSY+TBq#FdrfAs&wsI!Efvl*wSo*}FDd~_r$FUj+J&&eM)ox}#E zy*KspbHX<-!^w;AWgnZ_ugBEBuV&J{{+O?%L`98fn1y5C`#JhpHW3b?NCKa#QIeQfrz@nkAAs3y89Tju9J9YHmvcX`gjSnQU$ z`e;;DWC(ijmX-Pde!1Dc&`xocdULJo!iq}SRinYaG`ul#p%IVRasX>4=hOB{v?lEn3702|j9@Gy zD0{>N4y})ol7ib`0yv0pf-y_Tb%l2pPmyaZyb*vM6WX0t*FMV>4tymkk^|7u;kF_k zA8lzb2iE(-HZ9)F(}&drG;E3Qu1@;~ODHJn_PznFEstUJoYB;ywUkOPCQ*8Wzzexw z4mxq;VcHChMlE<_>1{VGZtG?INA-KBP3yyS{wOb~F52Do09**iR?UR`^)^^i7Dmp= zGHXQ1Vw79u%}fNh#WAhNVqLmF<(Q{Q;Bo8q&F1Td^;;Rs{|6=Y=fdH`_I%AXQgisS z^FdJ_+=(F&NnKF8Se&+3KsH&u@s*v%$=g1aiH|7rvcnVEazytDLYyZ^+GQ=LDg84x zgC9`mz2x`l#i$9IQOX*2P-Od4(Gd+(VjwWGc~wp#y%6JOoKY@t93&=+f;<{mkR>+J z;fnJ1B(@Z7WzFGu-GvFW1n88dzDeiDRg#|}E8Mx+j-R{jAH^_SmAgD!jB-pA=GWE{ zR)NuOj>)+ZDORnFphGV+0}rKY?Wg3I{En0g)N?*vWQaGW0|B@sx;L-$Qx)w~vwurn zr2@Vgmr%}`q&z&R64un8dBKl5b0N`BbDk|qhI$!By<+}9R8P7wZPbxlJ**-iS}$-l z<*vVwGog?DOoVN>Xo-F`v6OG6*7Ed~-o^IgRVER)>-y?~SBceR=br=&&g>&UA9i#l ztFH|dtwoyfgLug%790Daa@?P@;Wk-->|w-&huJ8{Yo!O;U*=KGwW*|NJz;NIPNHwS zIgD-QEiMD-<%Xy6sIL-Q?g$!o#(TpDYb8#wa$Pon=ESmJqw4GZ1v;(NYA%1RNC)MEgoi*%=xdc0|!hK=(#A z!jOHQe3brW!6L7U^cK$>f$e=F3-55lC&Z2oBHfWq7xh;>!KqWr4A1Tc4nLn3w_|4^ z(W6H;1GPv>n$wVu@&{@i;XCk55LV3&nSn@l!#DhcRYZ(U;LS-QAn>Cwj_u?#;!HX( zHUIE?Q?t`G(R7#zA00K>=a`zkYG5F>_Me7rjqR)JIw z*zqa;v_E-hh|d>Mv-4r%g5=XZ=vbz+fa+lyU4?HXn;U^TIdj`IihX0?e=e4ig*S>i zin~wCk~Eg&qVD60i{F=qU%(+mP(Hrc`6 zLnSs8SKopku^(4zUhOIVI6LF;t`5);czqmN?YE`9&E*#(pu=Bk!>q^S|H)g_m3hYY z@0YcaD--Wrv4BMeC)UIx?^BnHjtljbiA-*fBc@DN$^T5tS~ z88Uyp`CuX^XN%7XH>d6`vLsphGe{(ejwxJ`jmw#$n{gKQU^0y!>9=I8}vf723{eO@-Ty8m6mFRYIE*iik{y$qu8x6&}H4`yagQ`1IJ zT17J301{jMclAvkH&W?5?%kF4r)AeF9NTeN$dHl!Z68E-+Gj)DbP0+Iv^ z^@scb29`^s!~A)8n4`WSYNG?d>Kgpb2)-W8vF5#`-8&Q={>{+g%0P2%+WScgLlT=d zGLa+$E`^0nga0o6LzTa-{P|J@|B|i!ZVV0aAhkAWP%sNs?T=6RaxYf^BVI90t=N`_ z%^@7Oe7sGlmEA>po7WV}wwiMXR*L+qybsBHPY})qNL{T#5|B7e9Uvr0uz~KUk5PSQ zfU)MlW?m|kG}k$~TjQ)?u#1dMG1k5;n<`8`NVU?ltnIs;z-|yeMY5IkfJ+Q{2;vch zm(=BhhM}LBQ=|AZr1jS)R>fpt+V6ZLJe8sdJO#?2cLr%kq4&H@3;%<5bZM6zLUeck zZ7H#ECkGBry~?iZVHue;>}nK3I1>)CFugPKb%ANe3t<(o zp{QD1EjDdd(r{qM*f%>v~UvMdwv?+1+@2kZ}rQ6_}<$D z(78%jTf(Z| zXnf(@@kH;S=LK1fYp`GIN=y063{Q6CQe8@49>1ZXUTNgOmN)Qb{($V`G(rCEKwXVP z%8tdK{- z(T%p9hJH9fEeaPB^+%>18ur)Y)USS$v152Io7M=du63~)3>CjKP*<>m94gmJJBBt= zkB?D5n}G@$xuwuyEjKUvh);(jY$lZo6i(r`zU)U`E&X54U1cp6k0YcK?$~takHVK) z5GT6CyqDU}e6JWisAl~L zdefANPnxgpW2FBCKLY<8((8QvF*=P6?iYhz&vdeDouKinhkIgos%{<8D#D%Vp+L0O zPGhvtj-p}uvnrt_;YJ!G0kOHG9lgv~{QNBTs_ZU2*gYVvxyR~yq5NadlznDso=UXZ z-@67D48eQ!k{i{L2UIxs!JgA)1woUPLY$zJW5EC5F1wV-EzYN1<4oeD4r@7#rF`S< zEqNmf!rw!4CTmo4yE$Reluz{Rc3{WQkG5W_OEJaZ(K ze-y?PU8Q?cPHO(KIzrU-1S)_hdY*yATb#%kV#jwf4^#hT!m8I^Jo(rCl2_(kjkGyP#_*R z%@>8?&BPVLf7QD>kSTxg1zf)=03z6A1|4BXAnhx*`-N+BF_fh?J|swv&6S6uB8+z| zHE+xly~zfOMC+9XH{2|Zt@5dt0QtRLkOkt^eqQ`)`d6PqI-dELyw2T^sByG}rS0;Y z8<=a&6tpOPP?u9hT5Xk;K_^`;xo;9$uRP)65@zw4BkUcvL~nINmG_Omlfh*rZJdP z@8Gbw&bc+#|u1f@z=$xvG59rP-a-Hy{*D>kZ%3)Q7NVa$8b}+U%ErZ#Dy=% z7(sc}4&JLf}qOfCu?6gvQ4RU-OHhQlR6~`*{48iv^z%zYpt%Ni#AmOei5n z7;YA)01CC-%^-J1c1sXyj|9?wKEAKq$8%vxvuhxW-3jQ#Q)fW0Jh1!7vZ(hUH{~s10u0s$t7*Re@^fm8a zQJDNX8#dJcHm5Siv9x7l(;X-+%HE3^ng;QA@Ta5^PGsSuIv)L%>Rgb0B*9aY`b3a? zqdOoL9lr!alTI*M){s8}`-s6GKc06%-EHZD=$SGxhXC~B7pBG+bL7zzntgPe8L3N5 zyhoZCiV;3OF7=?wjZ@b#7pVC3zd^f-XDFp8D2usV$hsrcqTjwE&!(Y!n{?SYKK(>Z zM)2X`k(2^5v_BqXI-~}hL)RF;Vk4wKOFT}M85{oKIiy9$#ru1^<)=2Sk+^9Mx6TKHN4q8@2L%XU*6D$?ml5JASKO28%&73% zr5$jiEB-Pr=DsJ*BjFdnVHoNzl!(xDZ;O_3zB=9Q>5!1)X0u)MI!a)!x>$2;6^nVO zK^-pt7~n}_3O)`FrfV|QBNwD9jKB)bR7=`Z196K;pUS*}PxNie)L?JO`4E_#fg1ZT z!xyF*+9Sp?8ttzS*>4MKl$1L`^@A*oI*O;Z0ET_zGTVF;_2s>5s0=@ORYwBGpe>)DHAGgrt+AtER3st2ul*|w zx%rbPw)liZmeB6-Fk141pch7HmgrAy-mHbve|uJrS`UFSSZ){xpp8BALc~dq!dOh6n{2!!w7oT|b2ieD zNtPU2J4M#bcSXXPn`=3hWB&16oBf#1?fDMc1Bhz1l_&%{CG7f4eJT7Ik`PdS$$~Ir zM#J5Yy%wV;_0bHIX%b#sW_F;K$4)i_aj=O=X6ryCaTwYGsyu1f2>_>hq9dP9`k-}< zPk3S?_X(T)DHB_i)yI{rk}mGMPPGZM!8^|^{B$OOA!*XIeBAA!WG8sJ(EvS{Gu+)! zRs4O1(2joTbxAAtVwAOwm4UgJU6}x-G^-N#p=yAREZ6R6BS@b=Tf*M*pF<{&@@)JmD;Vuf}--vc-CG_77n8(AaRetX5Ale0nDh)I;Q)X?{+t7vc;s{X=Ku~YPR_{mJ zekjjKWp83(hsNeqAZgF2L4r1mHrWD_s_KCkufCXq+9-}RZ;Q-*gNW;ww9agX@w!Kj z$PA87dJv?#FTk_Y>dZ9XLChiWO>Ce$Q$;pxw#P3`F*ubdo|rB=B9H*TM^~S1Yc}1C z3|a|MUw99BS95yNNOSJGv-9h9&mxB5xGNqv4J~9$xA{%Q!s~e_w0ySNABT>ROoPke z5{;c;lNqDI7m)m5SWm@VgFo^#q;zWDQ$io()y_ua%J$CHlD9<-RQN*l@<&z3b*g_i zA=Uz_4;7r!52G9=dk_i0@UP0;Jds6rN6W3D`lVO%P?oE;+U#S`GYX8Z%Rf#_S=e$n z)CchP>DZn^hsC=;PxnkSVm3SU^U1>8+^nvIWb*Mzy93!g?KAQ7@!%}@7XR!u?NPD2 z<_bQuaftGZEL2*E>BAKOyMH?YRM{O%NzO>p_u0(K#2=P(y4`#B76Q6s4eS;??H8;o4w< zv?0(v{Gj;f;~p$~1F%~j0%FsMojY38CdT505z_H2w!>nMiUa2HBQ=0EwFoq|a1;Pt zLTbM?QfeV+P!40d3W4yY+Nz;0z)eLkh9B7(gGui4W*#AM$JHjdT>0{Krt$6XAcmk5 z&~1YP8;?_k6Xh3S&#|ja(amP6pgc8YtOoD5bn*-ht=d)l_=0q z2o3o&zRe}qA5h9A1U_3`{ZfT|#cRXpQ$=gqqX#H^<-bwgsmP(4#)&Vk;?)&sPd5 zaV^CRVjBEn*7VJ|qg0e7e9Xwfi+{9h&=yy5_Dtx2Qcx=8FmP<7kM_0}?!}o8(BYCr zhcRoy4zfj%wqN+*^q{bh1P^gvgmEFRFOGR$iJ zW5;($0;;OC8DDTTT$aiu$->Qd(FmeBAG~c}rA|bc=rHhTb^T^-3M6SLX zQ}Y`h`FJ79{J{-uW7iXXmAdV4fR$*my_9jxlj5rJff5pJaklO6#`jLfvLh&$-y_@> z)6KM2-vv3@>H^T}_q2Cw$Lrp;SHlq~U(0EDHo}}?E%Py#B9QAp9-o5olpI%)iLdNR z#)V%0;SzfcO};A^yt2oFi&~AlNPh$#qgo|_Ag&gzCKf~dW3)$P1v)QgRSHRhFtAf7 zM7ABMbstnLoy*t#G#*t*4TyC(mXasfKyuBgM)eWfVT8R4Y5FnK?jK-nvi0Q#EBD*e z1n#%YNfgs9u<7pl%`YCGFE|TANTU2R1M6~LFSQr*j)^?Tb}@a(FN)YOO7#ttKdu>N zQQNys+kpk*ZG{O`CLY^RoZW#y###k(n+^2KX;t1D$7+K$&5b`4EM>uGLhVRq6I9fg zcGiL?-2*JG>-d-+=HinQ&F6=yqTT|eo@zRp7Ol@esFRkl}jJ>W5lHz6?tAu$$f zmGmZb(cO}rF}5jN_JkZCGEu+N6nKP&GRh}IPy;c)Ab+J1z?bvx5Oku4h4eX2q>st& zDe_d!11HWt4u~eB32KHkgJ3|y*|$-zTHLhp2g}!d7W^de|xTmPwtZ6VX zQ%;HSIWO4Cr>b?%nq<4lOXKB=5z=W0ekK-{WI%>zJIQf$%q}-Ol8^=^wr-_2zrUAY zYB-g3bW*5{mWd4E(+s3TjcAi6dpb^+P^NW{l2y8M0EOc_-+We8RAn$t2Vw&GlH(-? z{IQ%-hAHE8C@#U=4qpLoap}zQ) zKU-ln_%N3K!HdiVvOA`T5r9#4B$SQi2w|Ag9q-G+X#OGHDhL_e#lxl%K(63ZhX)e| zI_pyx2i^C9@y6`8>${WVQ8E@QT^A*!($EU-x%M9(^*43oB@T-G&0K4S%g9fig5(pY zv3gfqAzj!oYtMb@uw{T04D;s(8cx9o+a;>6sVw;K!PMo2p}mi;!;^(Vp594G;T8K$ zK43!PfnfNlaeqc>2dJr3$K}>VgarVkDsA%yMX*pIXiC-P7uDF`?-b-hxqgZp0|7a? za-~2BDP{y*n$V@m)2+XbABZ1z-S+XzM63ZGY-;wxebzo`J(#UH06@s%0PH-~{vpE% zlL;-XPcZ+rxE5hb+r>>=%X6f<0{hkTFv~P?2Du!3wa4)>k1c`+;-VC06gMh{xJNBH z7$msk)SpQ5;K{b~*e2-p4V_(Um&~{J3T&qRUGf<5pE){ywb*n?LGidb{(XAS51F#65uOutMTtqJj>GNyRLck|PVLb(u zx~C8^*n^CpmYBa5S+t97M-ta9F_l$*l0*8vPoEw1NGem(Ch#f`uLzDLuOC0awyU=Z zBYtYm7NkqmKbjUX_@f_|vQyzYa$Vl+_7*)aBr5b#w&LfZPJKI~J^hiV8~MBo?O!aR zFU-lRZG;TUL8)!zeQiGx${dk08w#}M^cdIl(ZL!D(Fot^D}8B5C;x`C8b){nM??V{ zK;de7*;{BLwF`QLfSi+Uf40wE`rNv2kD?#Med%h;p_s`uf zl8@X42)Z#}b@BQXrXO8fsNnZCwA9A~b|bO>*kF&ix)&`8?Q80sJY>#${I%fY$M+jd zc8{tAY_K5k$ww)A4t!Fmz3VVxuXe4Yp2s*~Jg>E*(;Q<%cgdQ*B!*2n1K?s0v{&A! z_|y7eBLBq&7M!mQaE(aA$lX3<6EQ2x0+=gj1q#$DC>`XP(xw#VU3HK%(|&(I9iJlH zA_uv=qkE}`1Z8t-Bf2qtsuB|Jpl>NGV73%V7Ab2YG%>>GO22<9g6@G3xLNbjLOBo! zu&&vmj}(3kV1RL;=NuWUcB|h7PBrM|G+ZBS#13eIA94Mz|MueQR_G^55!465<%?Z) zJNlYjmRl=5HkI4ux3E#5xqM;)r8;G4ZaPF|vO_dcpB$2(+dDxYASo>j@-Mxy$YeMF zqAe0Mp>b1AD@cc*$XyOqjX^i)z(=mP9wsO9veiM?V7i1%*H2#H9jq^7KV;(y(}o)5 zP!^3=iJKOmIyzQ^bO+z1n!z_L1^|_Rvu#>lst^=hFLGLkT-w1}|eICcX*IhCI^6D!7VX@FDjOnEAw*`La&D$QDf<49#rLbEw81}JPZHRiH_nkII73&VufZP7C4_ZbC(Cvo~M%t zp;XSw1Z{opd%V4W9j>iFf}sfq8jwz9fP*7v_$dXjDQMS;Y1dZ323Y)tpXBbJ!RQO1 zqpC8Y_rCD)-lFe_k=No>v-|qMvuSRp&n);xSj7f)pUdIEH5{LEDJZA~$hU&Jnvw!> zxORy??-RYswLkUs^=t*1?Q^nPwBjU502$T~>Tf)N>@)UY!v3Rp#sld6?FPEk4JI(F zqJ6?b-^afm}F*<$JIxwTZ5vr&FlAk8x>s$y@m5YFr zq)d^eG-+J`B`83El!==eI6kQ%cr?Zzv4EPeCBI#c)y?d}68xk%@yoNgdpbc*+>HBwv=Q}SVAcvU zQ?n|g!2?lfC)I4beC*@dyqvgMU zfRP-ifLrv6X zzFZOebuB=dX9P|{XUlH+@EQ^nUseDeRjhx)x+7?(EYQx8zu`4-~;ehi2o zS>VZL#5z?E?rAU?{}00k>EBK9Q4@@TzQ(57_&?guvv1%)E55Q&Hp&i6~DV*@Fy3?*8e^UNej^g zo-HW;_`bEI>@HbJ;(r_^#e4D+(IRQ=y}WF{^OW>|R3yny_hXqL(#O-eADiNTRIq%& zE&@*u|7Ab@^4^_}^Yf|t-zu#bfsH^#7kzK&vQNXO75||emV79Js-eRLnue$|7W1*PtD!PIwV@4eNmVsRfwY+2 zl7YqW4myqwH`+8T)~MCxmd%pN2e+c`-)#=eSKOhNN^nGj6HUY#i#@R7#2OhtCasXf z&cFemcG7nx#FAu0`7N2VD#%EJVa+Yu@58KBD{iWewY{uS1#K4w-z)H5lYBi7XoyXL z)vpQiVO+5PNZxX$?gCvx9tm6j8ZNfM1!P8JHHAxr#z z+-V!u7+;y4gb6H^qlFKz2o>$BfJ67AISO_)9#oSn!7|qux#_S8mycAgc0I6fSYdVjL}=aK7-}2>)_<^}e6mV8rm- zkl^DZLH|P+fp;T`CLCnXZR8RJ(**qG0fx?D0LKc;vKb5l)HEv3c*<14*(80;t3oZt z1ZWvbz*64{^wD%4~rIO?Et;#zs^kF?g%Pf%C+l z?;cl9e`mjitz39)uGQGBTDI4JbHDP(lkbhzV6aJJZJ7@74Y;;$BIeLm=TJyrTCHg{ zmO+!jqmF84-x(yiD2*}J*i@LSw!6__Kor%r9);kz%rpGl6V@?eA077ADs9=`2y*wk zi^y@`8f{U}v+_;fzdM>qXS{7ySI=3Bop7G*l5`66{7vfZJ!G1Euwk85mv`L$JHGN{ zcP3}BJ{kNsF_hgSBaf2it2tJ8*ZqC93)|ul{+#8>nJE%CWrg zRiu&-xlj-BmwVLI(%kD4oQaq8r%_B_FSqnYvT~zuTO(m}BrV>Cx>YBHLzhv&ee>@& zwFxJdHTOYHIG2%^rX*LQ+umQ-8SZO1f|I{2@lo0?Tj#@8#-fekC`z3*IYQH|*xpa; z@xdmyY{^wtXS0$fW%Td79=0-w`8R2#1vtOIzG}sceRXHmWY%p?Hd7NXEaXrTSD*FP zyLFl^ja4BxJYjp^pJ43Ge7*a}10W%NkW1X-K4Loy z_-WN}+4z|5>08mAt1gK{%b9=;s%-_VjRqZzV=1#1CPv}|3aH9gV5eBM<3QD0*3j_F z&{rXydo?AH%83GvvKj3qg78TzKeAB1z5V+=lDk@qKDpYbs6Rk`^!4FXLd1ku&*P_W zIwN|xpY1l39-jTR;9gswu{uf}ybfsaeTN{}P3f=aUs6GV`~7%bU?gYXTNCSRKOK$z zh_kPUM8WbhXz%dXv{8(R&R&#C>qsKcL*(DQ0aLl6n;E+VgqOX`(6|&vhSJ z$}cN#EPw4)O!T!EVTtvrc?2oka#~+&5Kvg3{r2u~B6M@DlecKCN8O4c0P&>Zo1|Ux zY?V>w&P1LHXBcxN_wDX_Er*`7<3L0vtK)h8 zOe&OPwB7#FY$!cv=WaD{un;J^mHfh%E}$m*#v!;mFd#-)x9#J+&$3QaKxTynQjy;1 zOLwmm8NzIImL4w``pBB!mTWHbbuJf z3wiB1XqsybUk6l9`8Bhryf8eEa^!b>`jlQ|hJD{{_TN<{4Dt`@2(-wI9rP zc6i?F1HL)H6l(4j>nm74_+wY>21!>E5}k9bmOcxJpi!=m6ns&V?dJcXUqWe>anUNV ze}}V`R>#;#cA6uZxo%lU%3k=#gj194ew--Pdal8s+!UIU($cA(Gyki%G@XlAIky2B z=>Hhx;(4AdeAX3ylzXn4dVxA4=nWeQZv{+Zc@S={0p?eXVFO`rHwp%vE;T=9VqnqI z%H%Q-=m1_^TD>*rwi~O+yWplCyMA_I1@N2M-V_DuZ3VB2-4dG*_H5KM4sbEMsg~~Y z!UJ-Hj|0r$eywgLy@^7xv3dQ&inJS!wz; zaGgv2h{G^y`=+VCQ>Esip~SZ@enut}iqgobVoZ@Wd*;SV^*!Kp4(Srengmu#F`e47 z%HUDO^?bdO9cKC)!(k-Y9^7jAn^cd_zq!J?nv6$!4D84%w6hrO%~6HF^MivuGl@*P zP?7ab!G6tx<*s^vS0ZE2T~9e&^z=LGADVxv-$Q?>VM_oKA~Ao$~X&30kCYjEh7+QV(x z{@v4!=YLoL7PBLiVl`l+pUOO-j*8w*m5X&Al}rAlg>!(Ei^uE0SoCNpA($wHVsQ1R zzps^T5%Z8pL+OwUq9mYcuhMLt&|-MC0Xp{v?ZW88&sfFlrTous+@~iI8~fGmw^yBB zOI-M~{vBbJ_Im)#;XL*&@6Y8m{c2h%#qzkHEUvSf35(e2d(C`3&@tdC%LUd$Zu;Xg z33Oc3`Ky4-<(b@oYR+DghGBG%^o1XdaE={_>ORqx^Ao%P1yV}br^O^F#o3UQ2 zUqd(rzjEv4Z`S@4-oKq>v?voJQHq*!m>YJLzZ6<`->u`o7WGc(^n~rQ-Mo&|j|v_2 zTGSt^P(NK{Zhg{rQ*N+ie6HRxIAi49wNUTduzKoUD(6%eJ6}M=yr68YOKtq7Gz=%D zZbDb#wg2h2aJ>dKZtDRyqn!oLz}w4M;U78a#BDdq{W|&OmczFyj*rKP2l^8e%a0hH z*a;OY>tkH;{OeX(pM!2oH`uEKyC)rkG5f#8d#sFdjEOv`o+;=`z4?JWq8O^H%Q+ym zt-I>n{>fEin;R^4pm~`qx<*3YwIOq|IRC@vu|CP4;@9E5X|nb&&acl*nUK@5FZMgm zB-d^sdq0H*+TRRP&J9XF{Q1tbG^{jkj=JHFjYc(gRZGjx8Ik>W z-*FvscIuPOJJHg}PTqcmd+4|f)O`FqQxxD?hA-RKS2r)3sP3f|cVsg9#HWES7^i*aRy@J5_MVitdknl3En?6;0;T8w8CbO>eI zcUq%CKQv#592c7m>;8IfGt9JGxI}kj;-}Oj{CxsOTk4gE4(FQU{LLC z!i<3EP-LB7T~;-elc*KbkE^;#v3FT6K_>RmX!k={@uPNU&vT!1Karzg#La;bF7D)Zp z`P!Q5hh`7r``vYSdNzWw@efIcu_rZPg7{l|>z@^h7T>KeC_DFlraXO-eB!JsvFBHw z;CN?S6>ii(_p^wU|F}_Sb8tXFV}0u-seU->^U{6QRb{O8HG{*?SRaii6j|!CY@8RY zA7;N;tUHo^z=e%g%-Y}BU*3FuKK!8J*MOh9R4df|7$Lg7SS}4UoR>>^{i1|(=`i(K zhHnRh#Z|!K1giUW-%p0ssTgwBk+wS_vU3jwu9?zD(dcjc5$nb?cx<=f_d=d_CbanV zzmFu@$y(Q(1S$j5k6pB9>Q7rQP2YK2k9-xOe~x|K(aH6NjWnJ#pfBJ=c^qOo1y*Y^9#@z34NFULG zi&1TARrOFw^mn;oQ<2xm!d+U&{;Uy7B4@yz7Ab`tjJWxv;`ekZ5{Xdh|G26xU&(+Dj}p zF+_|xXTQOuwE2=ed7&vQ+^|u)aoQgiWT1o5Rmj(Dq_L{zD!!7-pTHE9P6Yj^)kQUQ z^@U{oD&VHSej`FE;6%GU1%pdFFtg#}MYXE3|JSkWi36MU%Txt2-RiLC3pLmZ3>?-r zIOW08bI8{p9{)A=+xX@?jGoW=w+A3`RE>^8c~GxwQ5yLmq|HE0z!G%*JVYRW+$_Y` zhu);+`w@_P6*nc`&d|63RlylazlfvY%fF3NhljK6+-6hO$YFeDB?uCYJ^1g#^^LQI z)`fW-Y8%=y-iiU2`Gg2+=I26m8=RW6x=0nL$hyafm2aR zt&{s3fEDKcu|c_VT@*))#7>9oHZ@Xcma?s|Q zo*LyVCfF+)uMa*h*3n8iBYVs^u;?^*c2u|Ahp6u*VuOR$rH(mGuYX?l&fzWSE6_Fy ziP4JxHN>CkgVH?YuXrq2Kn#)>pym1G)V)m#kXZRd!fHA4MW7O7v)>18qv4Xvf*w|D z+j)1GICW297&!fs>tPvbOssD+-Hr|?L<9GVKPp_AZSp*d5t zs+H9h)S?s3C78CojGs6zJm+N7}SPBj#bfQ&P7Fsy8Zw4ak+xuID7<9>t(QeTK zuehB-M#!&UEPSSX>(h;&F4c8<^6zD+e=sZq?U9I^9jrHmL?PVae8b%B~JK7s-A=$w`|^C4cFyTn|-ir zl8BDZNL|S)^ZvszC(Qh=m)eg=FX9wdys{-wN_kht zv^_j3pJGEm2rCwg6*IxRn2kxf6FXb%DJ$(0BnLaFd^fgYE=SyD%NzQD$Cay|%eUmX zR>&vOyV9oiAgM^5r!Vr+yNA>L4V>HT$!gN}{>phyfz2peic95by@wXMnBuhrR05Wt zv|na+B@NToF^$ATV3Q9({shvCoZnEN+3z9pD14+T=sxct<+_0C<17yF*aGza6P;h6 zblTvEJ5^>IgGQi*Yw?;>fjXM;2Jk$7*kV^_a0+q#wfXy2_5k59d@qOFqipBFgRRzN%z zu^TXOnZLjyRqwS(zK(Aa@av|>yaP|oys)OGH)ExmyarD~0r*_sm90Wpk_k&d`X15# zZ0?8lJ8I8Q@R4?<;*LX*l8LC6*RL%PUSY2KYlO8q@7YC7SYnU`%i`ZNHZpHxCug4u zva@+ZK$^-pAeCZo$U5#~Y${nd77(#sc>i*5ng>%{h~JH4*v91Qk0A{qA}>)w*4Vo) z<&@fF%(0D8^lJ2@i~*&n6k*=;h%r$vefYEoEMSP@*@5)@C<#&ZGBMA2z*T{m8@R&kjh}JUC#Rf@_ ze48YggncXyx!lT#!YUwgR`5z*Uhog`U?lbaiRx7Lq$~DX+ zuVw2l@D5EeD0aO^YSn00`(3BFDsy%Y-^ljNym!4_abZP$Jsv)o5Bq7}C};CggQdp1gOGE(*rvgTb$^T@fmydx+fOFk$;d^fvjeFR7NZYB)^(+Nlb<&h~QnxXc zu(D7sKsT#9UOPn*zFte=X0$Uq$186#VRmL?eI|%~m)BS$GxEdO7$QX`)en6MNd(s;9B(`2VXHwnG8`V+z%fL53ijXtCh)3wp zQQmkTw-$SB2fdanuAF3@bSn4cWZU9OUy5)v|1CPD-V>7*n;WQ`<05y~>2@tCc#Y-9 zyr(>9{KTC%vYhe6g;{a-ih50rit%izqKn`{_QyJox;=Q!A|4B<^lGk4=7f?c;%LdW zE(MlMklfP+YPcjqZ`^9=F7*C%GEy1-M3#nBX|m{h8NiUei2bB_?%u16o`;$F2?NzL zaz+ZhuNBqIM~teS^ddHIIfAqd2AyVX8c!xvI&$y>v6L?!>}=ogq}rMby`1h(Ngl9` z(!{6-@sQy+()8F9L3^Q+4%VbCG!R~}dF=j8QBm2E*Qd_EFPV9S$7>^i(V}LY9;GNT6m1$=XUFL2CpTeJ)LO5FnoH8d*x12z zm8evzB5Aiz3$$vig|9pN^zuOu&WpUUdK^Kj6a6QOh7@a7oT3vAPX_XsR+`s~Mv@*^ z(OI|*J?nBR@W1T$E_@`ofAzfUZgt`Np=K_-hkDb~p8VGBh~zKPv#=1JBr0bClSy?w|L$N5#aaA6 zU*w~$SD@qol%yzwT}qC=y7by4m3WPwCD}gOw|Rs&c6DTL0Tn^R^F+g;R63Q{{+F#5 z(u52bT@5AF@u`(E#6N){ACc1z?iP@0N7jC=!1;j|X8Pa0=g0IZZ$e9hhksR!P*3JE zjF0L5ydJDQB#7FLhuCZ$|4bipR;(+X`saiaN(X1ub`+ z=xG%j=aa|fO=^pFqGf$v55QC-HfA0shhf3-axeLm-~89 zY@tiPM$b1+HVFMc06}^n&k;&LtbLFNw8VGX#yvo`L<_j|Wt<=F9%!Yh;duXvwDh6qTkzDdM~n@;GvJe&qt3rl zx;j=3xEWdZm^8pKgbpPSc>a}XThInL{(&(5aa^ExZ|K;6{;TVzqjg<&iLZxF;Jnp; z2L30~{y!$A!zpi5@|nOVfIY=94tQk@c#UfiGBPgjzf$&Skjazb8={=%;qmuv>Z)Jw zF2n$Iz?76pgFnI69q=RNc=uRK2p~Z@s#Q3D;GY!0y}i8?fG%=~0#TmHz&Mn`4nU|Q zz)E4f<)`ZT9$bS|G}EmQ0m1Jd8Gu#74{$PF7J;KHqdF&zBh$y|EHfoxViPrv}ngQ5w7V1YAmuq*b8FwIujx)6F@$l@H9!(lY2-Lxu*nydmHPN01G4Yh%#e77-|ym5FEu z4wX>A<@Bo3%GK$4KeEaUekvqHSULs9+-Qt1aO@DdKIl_tBk>^_bM0*vdmi%k+h+WG z4w6VHr{pv<5d38iylTNq6F}F4?pKSBPZ(uS9l=ivIY%~D=TnWQd%l#Z=X&Fqu}sp6 z*7bYs&#iAO0U~Jt7+N)qy7`6!JQX9)$b$5-u8ini)EW3*RP!x! z0*QU!DDMVg8T2UxX(Q&k_R0bPGshoKyY;An%XFcc3d}fiWYEiB$_1*D=;xQ3EjRm< z+d)v=&nG7*A;41_az}YMPbLvzm9=_W%D}P&Luf+SkM~Lwk6}HYX9* zap1|c!O?EAt(N|>H~%Hi3uO~7!rE2)0BMthqoff-GWmZWl+N6JbXeZVh7e%QI%e$) zw8bI1+up};<2{&$vN#Vi{&EH%Z~`9}dRo{e3g25kg&`?;UE;3URqizV;Ulku-WHhmM?i&024u*L*res!Ecj=4Gmm|SQ!0vw^%)alcH5Dd?@%Jjp` z0&VfoyZl=A6zl(ZA`R3@f)Y^RwhVrgC8z`peBP&;(~TYC4dHYWj0XzKdE-n#Zen(v z&&~q;YptR22`z1UdGvI4Tiua37y9VY9GVUZ@dY4D4M5LUe>8`d>os%lIh(ep)L(H; z)BWJm9Q9??d%5_^;7~AAO(ACDOFAg$y6ByCJ(oGR6qxTJW&$_=k^9a-0FH(9vC!Ul z+qK0ypV$t^^oJJ3J}cLM`O6` zC%$}AVBljO9xV=dItN0$(KOQinU0V5$`ST6WH=swFDU?3Fvj>fAq?0e^H?!M7=X$>1XL5#w_L^1Z!+w2@sUha`i zt%{wGd-P9VyT9fMk;S!}EdK%2-_ai?zzG*6WIxdksJqPl=BvJEe=?P7umHjBJD8Vb zfH#&RIsDeg)({FM0LQifDHtxl!-TQ5djUC-74YC9g=f7r2QyUGb&b*RY_F|KIb-i# z*~+D8gNHNK-lr~ll`h|vlf<+gY7cczSJNV(BU5E0dp--n*OI9KOT`GhteiTE%W5=@_b5R~1xz&yr0hWjxiaX-zJvP?!0?v?V|Pf0;MK1z0ylTF=} zj=aX&#irAJjf%7J4W&K}$wlUo?U4xl1=j%eZ-A@fg+*OyuXxS=sP|qw0H+cF&lX*1H z+&-OL-TOXd1QM${*RV>M9g%PLCL?CM62JN|$!*mLSYP2+9%Upv-(2umrqyT;uU*_7 zNm}}WRYGc{i?YV6SUNwuCFONiYUkngeabld#V7K1Ouq{j&K2d4>yA9kzpKlHTxrfa zIWT>JSjzo_1N6VgdeK@9nVh3RXSB^@btPSU?BsUlWBGMvY3O~5M1dL6MdS4&S<@#;=isx55&BT&MD>ZS&b*IbJ zXwqu`Cax@Ygv3#-4PYnEZaom6q_BSHTeq44ATg8&7?;01 z3A>{JHoJ@ElMdDCGZ@nJryCSE#W@q*8s=gXjaCvB{`7qFJ9EnfqH#sbAq|W07oK~4 z6*guQ;o>L960_8!P6ZUk(cZcgpKfj@D1Px&Np}lz!y}1h(6pqQ&VCzeTx5*>P+ND) z3ze*8Kc<}5MVZMMsi=)U9ikSn(6;xQMK;x79=p*SGm&Q#T_DZW;=8K0Fx zygA7UTrZXB+rO;Z*&e4juvJ(1@My0|*yOn*cBfSMJ`V%;iN?{@i@_{SUJt7QrM>mz z>KnKYp61zi&t4V`g>7e%to}@3=r{k(mAB(;#eF&QLH1%B;HyGq7Xf!#&|elx50LuY z09{&DM7j48q#lwEllw!N>aWgh0f4vUbP^Ej*#SDW_F~)bItn;XJKMsjzk}<|;>WTE zyy@-Qx<<@kbs)F|kidF{v^<6=b&z$W8iivrk)zEi>NMy75ODPeK}HG8mXth2j?QOD z`2@|W^^aoLWWlW3@WEd^S|9COG~d4fw;F_dvS&;I+b!NmF<9g%fJSgw$Oy0?JwMtQ z-y2loRREpPJ+&p4JpxXvV&%tM)3!5V2!>O2z=X^@rNTW(r<&t`xvad8lmJb8zi3~j z(thF86Fp=~B$IsTUE$*h#|2y`cAR0kM!svXV=`F!BW}^qqPOR2!+8==3zY%B--x-Q=YjBb%G%U7INSg(y zVIH{%T33VcdUH$y&dW{_XeoQMX0gvBqczYmoi%-h0O47yKSPvwRot*g)jyza#)jXH{U4Eh9=*Jdg z)gId~ktQZ2tfMkIRC7#{{j0e4;;7kS9JQyd_s}D~Xs7HBpW=O0NiGP4s!~Dbk(Q!v z*5`IHz`QO0HG3}YveR;IBXGgZmlLwkNKp8mnM5Uu>5%wPi4{4-vXi9y~8qbH^j zv&ioN1a5X5cLtKCYU14G+T)poejh~rR^7Qnw))pM7@~Xg@jVH`NEfWwwk<}buMPsH373oW|hx-Puewn>YvMn?rI)#QHDw&mbv4FdyK z3v9tNNieU#duQZBpcvE=p1Lolw&Z1Sv0(3?Eak2`V^r0E`dUy~g!m@QziRb0R-rfB z3ijB9{`W+JOdVp$#}_B?4%B(cOt$fh^^dm=c%(wCn0f@iz?O{xAiVhtVH;x>tZpXV z`rl$}FoHol7G(@8h}YEWSR~%50qv7b=h&3LeIAQ~O%=t$N8}wY1Ai!7u{c_0Pt@NErIBy~TA@5W;Ni(wATFp%oO zNBa>Zo)`-NV)W`g%5@g?3(&1WwSJGB502dqHI}f!Mi}72d?8wM)MMYLsRS(e{7XT5 zOyl4mcDg)2^7tP!h7n|>UC}E3B0BKY_+zn#kdfpwXjfWo_|f^qF~|?|;PTo!8^kj| z3NQsR0U3UOSk;#Jwok-`{9PKjvQOj)kS+dZyQP~)qo}VWtNXS}yrJq?w*ah(#sj${ zO{l4y`nG<>zVagpsmM!pUh^WeR*pY?&wM{^MQHPrhyVki#{UXi(}i`W9wq!pRV8}f z&jU#d!0-6nqWMEB+V#W!%A6l05OUDbljQ0FW0A$y&uV6?t?RlBv=x>sUPQXBuI_1@ zn?oD~1P~s2=8T$Ph9g$N)6jIP44^=?BzGfvOMS~ zig7K0-JcSN^cj$TQI-k2$?3H`f3CGu@dhZ&GA$nbOkj!EBIHezJY zYr+p9e~=n_R09z0c&?3A@4knMiBb3=a=!{jZ-bjDWMDr2_CBfsN!?kF=hVo7f3jox zyZdK?WkW0{toTC(;6S&z-mru6!{f`2Du2x^n^P1)N=g&XF)SKf2ENI%sGS8`Ji38< zJVem~n^;F!FWAmbdObY+F1R)Dj;KGPfdMp9yg$*H>rN?ZlxDcvXJ(14gFm*azI4V) z%axvEF2K2z{mdRYMbf@zauJqCr0Oq~tH%VNJ0cdQuGq{P9Z|Tl#qYY{4*)lY85=5G zU#T43m&kT6IvA8woUt99`rZkwe5W-YwZcKIXG#)Y()1RP=f!`f*5bNZ; z2~}&^oR`MB3kob&aC`!qT|LO%B2NU1a|nQbzk+aewq45CH88s_7{g)5j1C6${go3` z6oQcU+LmJ<(AkE!^Umw8Zt*k$neYRG^dNgC$#8{a$|ns?EaVL)jiuxoD@`Ph@n6$8 zVNhv+IWNX*Z1m}Zl1@NdJO;u2WQaVPzbezwTvG_8J2Rcf$|#KfChWA5&FjzLMH7EA zajXh(Z856!FWkc|6T)}eEVuLXj-UAY1JdnIWlPN675`5WDa9-n`Yfd z2oe=Ru1d)h!WzamoTpXsb>qY-N?E^Fd+=HEBTK?H23zvWl4W}}i)d}Ezxa-F8Xq)3dC zN#07=JPxc>!t^NLtkZB>0y!)FML>q+ zFoPk*TN~HHdXiOFsUG#}fTaG#K)6X3fUC4A22GMtIDkj@b70eN+p~yr-JO?)iM)PS z*l8+@sfCb1E_GMkLvpaV?|Ff{r9!3LgqYu|zxKuCK|R!Ky#V;BIEigBw+%L6tmCi8 zgg6U}SG;ZXAyjv91YKJ_j5uqG5{TE0hczWmqzmC~5}{pQV9$cLWjcX*0%1WcK#caD zyOxkbZHW72B~foH>j32*d$Gpm-Fd>8_^aYA6M9es;%>PI9kgz~mauW$$5?y)Gxg?S z!w(e$XEjYfuK3j;ZStPV@aw5VEc?bo`-0}fZQEH)WDBfV{io40&j7gECetEB?X#45 zfN#T|VXh9hU_Rsw)FCO?bJjcESJq703hXO>Ev$EmKjB8!Wu=dTKHQEQNaL~~7;Y(9 z%itFwBYkt9mns)wpf44=Y2vph>f%(NDCIT6^|0eJv+XxVWak0ZnD5iYgO2*8gKW(V z2W3wPb)ohAFXNx}m+VsgLQf`rZbFg9$G-@%p~2TLtE7;Uy11{lJbs!HQ4RA8zVe>n^)U%t2(v&YcC#wHL2@VHT#^Oi%spL(=`9 ztHsZs!L+QSNTHkggm6}8r;$5fv?Sg5@s87|zKRQdm5RJOag615JQTBRB zrEYoxda$9fnMzswiLaCAeX&t>Nq8I?+wY?wBuN}X@f@mkbU;Y{>fwI3V4Il7&fFtR z232^`=}S64)|;$NDcTg!Tx|mS5KL^6*eB(0s0CW>= zHuEn{(y`zk*z~E=={p|%0O5+<8U_jB&Tt;X5r0x27Un2+yj?f{1<6V$!8S zwN2AB(>AI(6G#~+rNfCnn)J#fs|NGI1$(FzOAwuB188(i!(Lj*ezazxFY%y43&2O+O?k#1F$sa1W|d zEVCH;sW^YW&^!8Mo_kwJ!IHUf-Lh^&>F0~dbfLu?KeJ5KB+9kEIwao;c`QO5N0y&= zV8P6l`zERW*e#vXAh+K^hkDYx#%SACyrV)U_?9I#sbk0JdZNe4w~&HE8CIb}%d!GN z4>7s%QE$D|o+7^^J8SpjN&_3!&`b&P$l=yJhYSZd*P?=@>iodtLrKR`cGx><*`CK_ zC!p#Ir@;q;Um!en^z#1W8_11&Kcm^~GB&29ZuFaXksh7DWD#1#(t@Nfs=}e1AplLX zTx7if9gm8%f9`vEsQWUUYci}5I&?KtIbLS_#Lh#yTC}nyX5DAFA=z*tCv*L>&UmG! zkHX0N2WyCJQ1;#X){#ilgTGLuaAfl_dMRRSH;4R9BUt=%^a@t@iKp83p#1Pok0{3rU;A1I-k4S@5=h^ z!mo~JEd|YlOxxmHl6{Zv6D8moyjJJ&8Y`-xvD$*VDop>pv}-5CEu@$Op>a2~oJM$} z`BL9$=&Y9@|nIljq3>*PYF*^xT}dXRva66G~mFM40<#YySnfg zxY$eut;pk?Bo43U0*FJOfPyvOS+OWTx%`BvSqtty-5gGLYEf=-a(Ws#%V=?WT>~=xaYo^&6A=C|P!nTda3KvpjNaWe2D; z6y+yh9mt`l;tB76ZTI@HSH5@Cz>$1022c2nEBd3Yl9lD0ZIJaLU2jj{rN@mN=6<@e z1AT3JJS=~-46BobZYDH2Wffm)k3~f~_}pG=JHbRA-NzSFw7eE!k>(P!Lv;Ik*x?f1 z#kgx%8pK$<_g~ouX<fw)*aC3hfNHYnw#2C~<4o?iWRwVC3v5OL)3dt=wM{fi4aOj9o z(LhP&`dH}1pK!OT5@EYBlLqR|Y+i$flWzpB+?pAol{lAKG3$E$<$nIprbgXbA8eU$ zrJ<}O4h7}*o;tQ+lUuF@ok#mNGZNTEvHG_ghgxG!VFVoD)&F)pumQ%t8z&k(uF~ec zD&-{YRPA$0HLYmp+r9c>vu6Tajv|fq{=m8Q4D_&dC8np~;_v zC)#rwST1gHG=tn$TISmHBv|30_BRK9_tW9R21PJ1yQs;j%H=Azs@A&$Lzr<#XY4Dc zE$6TRQS%mV3*^(H5|pVZ2l8sMH61WL9$^wEQobo8CUFA%UJ>OJgkNDzWi_!ACQKf2 zS%@&BTA&n$zbiM{W!QC8rEfg5;+91GyaTq)b8o#jwlQw!d7#82=%gIDG#hT3%muhMGv)`di6^s!xuGxB*|nZ8O?QVt~SO|u1a1u zyS@PvQ&Yt#{xpci#@Ktaf+L#OK#2ZHg5f!iuGr7tADx!W?3-0W$cBylFl0g~c!kIj zbDv?Tk5W!;sIRkJFahI!%oyI^?`*RvJYu-?1We6cIx|viN?dV3`D8pasba>H6Jvq$ zeFN=^nBdGtHq(J19dm;?>nI-!hSJ^~Zj;F;0R0CX!@oMVFXtRF$Zi>7WzpwCB6JHU z=10t-2_On9_{%;H6iLPMvYHQOOGqwCfXu()Qsyh#$BHe<1*@9*dGiJQ52yupr^L<` z!Su$QjZzngW(v8+%bnMP-?B}`!7(B&Nu!w^NrKkNtTXNsB#&^c<%z2Yx#E*FnpsnP z89NhY=x=MNtnQ_TnVFW78%*th&0;#ih{hULmNT)xVJaM>A{uUTr?A2~1;Irn=uftT zS6az(@OwEN+Ez8YLKU5+&5`;=D|jfB3p#j)b#sdJP5;X38|Z*=@3Aj zl-MVc$Q$0>#IZ*B`%m7HXLRc`k^~8i4*>N}!8=vr896uP@xod=aV}|oM{a&qr?u)i zQu>z8V=hBg+(mu0Q9WG4YPTN)5j9B5Jk$(*e-sad#gnqa&Wz2dDpvoyZxgG!xEki)S~O9$d5`P=30D!5B={ zsuISGE>%1@oOega7DeL3gH@BZ>bB;;#sXY<3_q}4JA&0AWFRtyYyk*3mp&pbkwl)5 z3}e3~u+o4g^pIfvZnWqg6M5uoVQR-VMb)YB&u_bWA8d7!LAj@xTb9wgD9sDxY5k#UWW6a{37gNNX`H;YazPz*isi~(i;`?mIqaU1gE#TR(5aFDCg z-FLT)xLiMrzTPp>bXVg?qO_fRp!2AA!Cx)9OYO!78?vgenq0c1X{MH}iIpc};RmH# zCXOWSu?%!`iN#2rxw}r7O-Oj#?RdWBAVCWxfsQmi85@o~QbLlaP<3y>+^D_f!zXL% zc<7RMy9x73?|$X`0ofJDMgPUET}^|nhk_SgvO^sngj7*`nFUfv~U9TLY`+U z(%1>ei3Toijk$C42mIjA2wv98zruLH8I?bKMs9yrj=(LMWg0L}~d+dDp- z0PG7Yimde~o&FRfd@QeYF3#eiwY=FE!5-IKFzkp=3s}4YHiFj&*oTPtjLOWUTba<-U(^u?}#amH92Jy0FsBC9F z^Z63~@Wyi7bqkQM+zq`!K4?Nl*a{6bStrXs2cF>XdCUJz8#?I4Bqfpq5__|+((Blv zWRD_-eQQyjg`5t<7omrT#RgJ**-9d^Y5<-gN4!+vpEAa z(2)&~2Y4^Ky8;&S`HNgyU1(c{64~l#!R-8fj?n+iLXn351f)I#@tFHn$&rzUOSYom z6X=`R`R~bvPZf}4r9JxhZqtw7ULDH*RRxqh?Q*%7%m$76k>FF9*cwhj=O&L~CP`Mn zU)BbAsr7Kqa6^uE?op0$?b%X?P8KSNzz_zGNnRA|j<7>wEeL0+7XqS`0jRWUO)zCOqoouxX>0SpjEGK)DtKuD|t;=N0v zxVx$@v7F!N3jz&!BoO73Wt;=wG^;B#pMs5N}UPVts2-)%R#_D N1zA-Y;BI{L{{e+~Yq9_U literal 0 HcmV?d00001 diff --git a/copy-of-sdk-docs/docs/learn/advanced/baseapp_state-deliver_tx.png b/copy-of-sdk-docs/docs/learn/advanced/baseapp_state-deliver_tx.png new file mode 100644 index 0000000000000000000000000000000000000000..f0a54b4ec34bbe282ed6eff81369428d02dec095 GIT binary patch literal 59007 zcmeFZbyU>f_b;sE00J|lbcujcN_P$2pfI!uf=Eg?0z)?_2oj1Qpma#rAP7vz}ltaaD(*S*Vs)R{T&eRiF_U;B055n39Gg!t6>*REY7R91rPT)T$J zdF|TuFbEF#ADwR_sn@PCUQ>q4Jn%H#$iRL1Kz=BcAi?fhJ7ktE`zCMpV?DKeI85rE zDl~$G3_BuGh721H<$Zfo=4B}(ek5dxQ{lmv@No8 z)FqYAmMHtPG?O?LqN)>bQw|M}kdC95xP7tTFXbj^H&%M)f3{iu?%9uztSYbWR8{;W z!B~Yqnyz!BX}UaJkCD1McZncjRVm~!sXHiqCl@BDzMN?&<^zM8cbQJA?h8Z0OMkoY z!x87L2KAQQ7~qHXzK3f+;;NnwWRFRnZRpySG#-63ev)hO7KW&G&b>I_?>D-wkzP}4 zT7AT3lGXKgQp>6W_{%iJ(Zmed&X8WEYQ_A$%68P?Y^#2IoXhAl zr*4DiZqEZ9!w{mt7#g7o^v+GIp8YsSiw4QSAQ3JF5@C(-lN9Ddq2{}|UNDLPrxEVd zkd|aFBb6I8f*ZYU#8T(4UHTm|9cLXM#y2R+GE;H|5dc!gKxQX*I~((a)pGbP_+0Iq<@J|1*v>GFuwr|-n%hY zW>MSoUCGdr0E0y__S|Q6FxPDhtQj(%U2&i$0mLr&`rvLT?RD_z8|D%3WN`~ZHH{8H{Cc3bS9$CLf@ z_=B|{wsR-TSplcJUm3Fg`uWcckC`$`Q_s0yGQl_*83HP*120(^QHjnpp?Uyg=@ks;=Bxf@F3Fc#2!anyYyBu9RPvDEj(nMT6de82eqKXdD{`I^r03vMTZkVe=Pmp0al05vJ@|dT9pj_IC@T7`fZJ zJ-nPQmV?tMpFNjImjdcPvB;s4ZINSqh|IO_&lG(8C4BQmF1OWKsk!@J7uz!4Z-#(# z^I6~h7&@1pdw~KyCC!)5M$G~w1W0S|6VZtdPkgqw72EC+`?#oRe#qUkpA~RfYvOnK z<7nxPX&55cC5tpSg4Y5r!{Q`7cDKhw3D$=>Vw4bQ#8uz?BKhb+9 z8?qS4{)Lp8Gvu0PoG2C?;R?NfJusz*lf2z`y>}yG&xGFY4l41|f(e!AA6+H4#29}E z6_ivDLf7bxp#2T&UnuJy~AJ{yh4Gu=Z8CUvd_0ycwRX8h0W@9J@SZef1;IjpN$ zHKZZd>wUas@3UEz!evnYg<8<=DKPhEjSNxp6=^cPZIpPNMwZ`EYKH5eGDU44*s#66 ziQB8j-3}VBiN|fBgnCWBUhiXbKuE`yHk__~YEsOABk)}h4z#c^TF;_b_920bFvg<0 z;}x`Y=H~i3ZQ-Sbq~^*qkS<9eJm=%ItX@b?V(D<9!BCpe)fM~wRoz#2^#vVVM9+8H zfMuVIH2QeFxn~g?rM5F`J6bGI{Gh|DX)ct8c8*HQzk!gNzq4`f>S)q&v*~QhMT!Se z+7f=P(71MRCg93X=y*s|s_Jlk)F?~RukiUoM=ax#bWN zo>JMGdCrAwB_P~qfi${%RY2!>(FTo5}UOs-TD_cJT@oX#NIdlo{!>IK{b0!+6yTcV@P8U`d6K8<*5<`#zXi?-*8!?*%^C3n$(~ zvHkRYyY{_bf+quEn|1DVg?23j>hcI3xAQ6uL3C83Cf%~}2P}4ew)PEt<=7f6$#Thl z{y>>k^!LwToAYJ*xfrRws+7co)Af@2@aug%SV39O_aZ8J;{*^%Sp{t`rlhYqy)Jko zve(ICVtI|Z?AebyEFlq3H5VDZ<;YgXEaIw~FHgJcTvzAQ*GGzs9EFITk)#Y4K8}OH zt2bzUAu6f&pBQUP=0x%f=@e^7UAP)Gc$TTM%1NdBq@M`bjx4Sb+C+sBFGhvqEC$M~ z8H0+%WD(WIb^lfD3VuJdELGgAJjz#^TOpQqb@4jOl26Tj9+H4XR_Cg(^gcC^Q3LCY zDmg<2PZDjPU$69yha;>zqNx^`xqWe%yjR|ZrC-diKFn2_<2fcV?+R_!S^c4nWNrNY z%q;+|;B-f;E3*VDR*UZ}oLgMxF)SNR%9@5Tq|XfB*p`&0v1P3(eH$!kstjFDcZiZa zpGtVmNDND6G*T?bCJcN4qe%Cr)f$W!be!2>z7r>PS>y6JqO|9YP=DiG9DUBiUA9mkNT4}+QMw~yV|Y9p&>VH2H#~dFd%Z}E z>@cagecP*#22=>6L|?GNvK|z#KnQ(EGt8wkGriXerYbp^sp2Cis%#zeh>66TgG;4z zn7a_-zKq)NC*gZ|CCsHp?SG4V_k_VE5iwe=OA^|rCNgWX8^f4>TM>a`2bZX7FHrFr`H;- zD=HBWM-CU3tX7tDu!9-+fFyZ^9d5~wE)+Zp)Z+1GT3jl~V0bgX_d{pvQ}0Zehi=60 z$*bsOBSR_+X8q54k7fe`^tB{y25&9DNHUba)j<=FA5N}KosE}M@cj8T0hR>JAb1_s zo@_C57hz8HGNWW>60tes^cpBgJz{-tU5~oWnK=WOouAXqhT|zd$lrW-6ynO8t?MxWJ;(`*0$5v({G zZJyY0m+oq)N~3fpsA&hVg4U^zhg zCd`vlWt{AF^SF%4jKU!V`b<8nPkxfbl}bYwR^=@}l*%DJmCdiJx)gyR>w5BrGd%NA6L<@fk^mNtlV%`T#)1XMrECD zUOnX;#lkgpDxcB0Sv|XTuxVq#clD+;xJM2~0+mSA z_ms?Y8WILrnRVgzj3GI%Wxh8^a&D-r6a1FbSQwWe4>LuwlCxVKQ!{gp+h3^-fPW&B z|7SHM=3`8ywR1hrF_oVok&nEoQRWc;!~+=rR7$$-a=CZaTlNVVwY2@t}vDTdEL4utpTVyU{^ zK^wKyFY4S|6}gJr$s9(S1lRGS5)F60@k7fc@L!ThfrQNE8f$W7)pm3*R&Vv{b@GqE{Gmu5Tns*4&y zkuf<+&PzwJm5Xs#BD_tf2`5jCe{^+!S@`w20m zwI5TBI*G(KN-e7+MY62oe-g|Q}QnS zzMTuIIYE~tH4hi+_s+k*xvv%E)!mJI?`XW>z4Bll6u*fUuYN=UdsUr8DV*>^le1+$ z{H!nbv#)z4d6*rh&##d^RgwDLSx>xi4$_3_#UhbY4)@$>#aJIkY1s;%8P0Ei-2X zLfK_cmNC9B=o#Yv*>{|bQY6{MOH*;E&W&52p`8dUd|AXw{quHmec?pZ8~1GP9QF+N z37e5>M>C(()x6DA>&)kbOwV;}^ukGFFx4>?>$>HrJ-apK;LKRUyTQ1`?u0j)c!XQd zHY(!KsEYe{8C;RP6n2bW>eRMLKWh0ze0d9%y56C88O3W*dP`;rS62nFW6oYgcHy{KF zJV&w=nGsK-0FGoQ6em)4@M!xybQH0NZUfcj_S5ua)ok8&(L$JAT5!cdb^R2SYu%Jr z=SP(0UBpa&nGEPom?@`U7le`OHzqe8;a<-8+2zWopX5WNlbPZ<&F6|l5->!E`6Pe; z#5{IXx|T7+#0Di{#uqLG;E{W*Sb;WN-KnoY-k|E)E8CWE7gc27FtbiXxVW@)IQwvs z(WqO%GF3Qc&aajCai29MPris;xz^>~m4IPp(+OX}&77irjy6_ly=gr^qy~7Y&zwNaN!XeN4q0|{LtLJPRvDud29n_iCCFspT(dWMjj3E z*BuquRbn#@a>NqDMRc|S;b#6U^ycQh_bfVu$4mK;iG9aoMB+*;mKy%Qm#dp0s{WAG z{c|WJC-^=1yA{FlGBc-5Sr$aq@X?QKS;m`?TdIg~Y!h3K{MgjmVoVqjYQxOSih*m!-6Jig3U@l^Jd zDz=W&yj4b#zLWe*2s?o`-C(0qNpQ=r>e#%mj?EWVJ{x6WlZmc;nZb}U91b^l@mLg@ zC`6Uhs5Dt9&b8F@j8r~o>X*PgjAAV~9HH$YVf>G`#dyP~y^J2*|g6 zVQ2s@2iqB-U@aekr|?3Ru+86vBA?>GFd;33LQ_ApxrP(9l4R+y<(I+!K1DTfn$!); zYbZ4{+eawjYlsW*2zN609VA4-e~#%G$x7fH!r(Giy=lK@hMPgl#l0DwuQXb0Lic(Y zK3t&tRUQ$~R9>1{oAVNu`XV0Mbpk+3<6iu;2GBmnO2a=0!g?7aFgOGloQR)mh^?kGhZOu!7WF#vL#|)l zDIVI`4zWR%&{u(sT0=oDnkpo>mO%`7#0nxU(V!m?xK7s1ac7??jCLME)OUY?Jo1Ez z9?p{=VlG)=3&mi*3un&1VpNZwAjfHLTRnc}$cP#LUI~Q~A8b%!3I1+3(=fi;VhZ;N zCy`+UP=U4WNa1tKhZ>u7lA~{ZDY1Q8dR$a%$sSzcQMAdt2 zZ%KB%uL@v+Wz!S230iH6!Kwyts>tvAMq#pkIA0=B0gjsfinj^^t}Zo%wsClQ z!-m_-v2&vR*>e`}5o1u;22ktB+J(1x+IS2se~l`Zr<|5cW@h0m+fl;0I&WhAE2r+G zfp;n7f!8-Q+ANaOC#5yuXXpfSMGFsBTH1J{)#v@s+b+#Y^NF11%J8RaDoSp9r_Rvc zop20+o5JTg_%OoV4q&!vx9S{!`Af-?i*RS?_}fgJJ?TcIqG0|2<2RimLxIubwohl_ zrg65fYxPnkB)lv(yG~c2)B4C--;Q1zFNrLOLswy&aX8F#6TnN8T*OVCZJpf|3Hv$) zip+K1E+p+zGil76U2ltO%K)%HP`mR7-j?P@B~l=&@}WEAfv>Feo=?WEGlzHY=oJ|j zvDvdnvy>FC=DdKJuq(NA@;*)|x*t_)`RSK#UNuB@t#nugj~QUhj9Ojl0Ei;u>7~F} zRrtxuH|ZVcFxTPD=ac>Llb(8;3Zf<a9B6r}xec4TgMWTXXoVDlYU#(76lbT$eGuRCIbe!lK&gjHZ2hY6 zku@BgXF<|7hQ?Sr7r3IVTAzqjRUX~gU`$|Y+M3gLo-eFXj^kI^Q)re~k zAH_8ki9y>u>=jdH;GlLJ^8&&3X7r?kV6|sj5y|RePlM=1M?0vZD_iQ^v|-8oK{PLN zF=Y`otkG-k4tU+HcT!al?C`ue0-MLIDlfx*@JTXK`YgT>S{^)z_#w>aJlpWhZIHw4 z<_Lv3Uhu0RE^v~RZYCuRf_lEa5Xctz5Xl--iet6<0-C(vyAk5~*3uC91mLd4ju3r3 zmtehygp~$Y`rFj%f&kt%c~0x~%K0GEn65|NI)dL>Ew4ew*a*oQu7{VR#>_cauCJhU z7if(y5+rLqATEmfHCo)gFD!+~5PwcmHVs!l-J1sv@61^)WHUYI@x*q&keUp20_zw6 z+};jAGw$cRU+d}b1MsGB-GoG>1R%e~VfchppoQ`s{W-9nM1sdCq5Jf=lAOHvS1<(X zA(A-IGAerFYThR~ZASTsb)Fy*8Asx{GPHtSM+Xq$UI6yYn(hLSQvFV;_)jG|| zzQ+{Trlb}Hfc56q;5GmLSN)woa#bnCj;CBQe8sze^zr*ghkX5&V%CHS%Z^j!r{}M| zu?{uI`}8Y_1-P7(U4lR&IFj0jWmq_Ks>rO!j!sY;jcpYwc&Z%ffktXbR=?YG6ui`W zvMMXT0!gK;`)Eh6a=rGKiUWU*TW8sWVn$H3UJlFD|K!Q&quptbSvMPt8S%QBq5MQs zPSTN|sMn>^C zyBuE=0LhM2SZj_tId>(p3i_QMOnJqL?}ejhOMgmA5{362KHH6>35;o)l83{(INCv$ z1214C9eh)XIM3hNEPzoCJ!u?YpD>I5W$zoINdTUalM+K7+zf-L-YlZvOa;x_leofo z1(0d2h^WoSodI+~uB2UOhg*dA0iqhHMwJ!@T-N#{0J9Z|KB&L30vKw|`ZeOY7mv^w zys6hO^1DW#3%Lv{J3&Du3@WhZt0vV}RBPUNwou&d=y-gH^sjHPOym?GIP0TDMnd{{ zN-`OuZnWdAt$7?QSYZMsb!&GNwZ6UNSjeV}p%!p%4)c}1Pr+llL2bm$mOy3sc9qp+ zeN~CL%nQIBwC@;AVpjUW$+p!w^pZoD*6W?jZQB@Hk--F_r62j)ZN04aoD}pc3xo%e zVYo5kZNhK_>S@)ZE>08)r;lX_KRSM0enJTPq-8oj)9y-N*prxZgtNBoM?+Lk?c_bY zbxJ|gXD|X4`z7xU0`V1KeXmS^mW|iA}SQ zl{29Zw#$?e^_1X{t87Plwi8ASuz`b&hefn@SQx*^JhfI07alRBp;XvVItVNaNuIwF z7?|WJIANAn0)eBYzr6F@o#%Fz<-&EGC^%!p57gB}g2~paVt31#1~2Y3SvYbc8GWMT zA4KFsR~el#$`~V^e+J^#<%bKIdatrlwlk8HgNli!+V^=dON&cnzE#XOA+=U;4fr2mura72)O zR`g2^v}2K*D-)oT6HI9Q1XoOd z#gnXnhH1n4?b?)>)HC;D`V)KpIv?COVqQ8uHf?#m)xmKeVIC3vGk$GWQl~FW+$=O{ z#@3u^MAjdsI4AXhN(iTDaoGV3KYs-BDosajJPC3!{rG_6cpP*nOW9oTha)9sj#J6< zfs!oF^jXjSc-?qsmdkRo{c*~rsUI$8o@dH>4}KfFn-EAu*2Z%8DyDFwzaL7SW|rum z+}TMG*SWlpVoC4|;s-~z(g-AvlbI85Y;$tEsVs{6$ArUDLEdorRy9%O)%o%Zas8j; zdPO|d)|vhTroOu(XHS0hkL=YE;ccWHzx2PTpQsqhj22lfQ*_w~U&D4$z~@3>5P(ML zn$Dgsh9*KOrRHEzHN)z?VjM`m@4AIeNk=(|V?t+nQ1{>ddgAW&)j@A_Wr4P=rfe?N z9p07hHk|*-XVB1iU?}^0J)yq6_i7xtpd8Rj#_JMRevzQCTsES@AOBq>4AWLAbITVldhdzz7= zs{J%$3#ov!7!xlG;=2YPEB*G4Yz05siW%)s-l<>fpw~N2(@Wmp5%zJ?B4!aC2pHr) zJKERW*o6h#AM88UKHzoqJzrw>aoOUuow0~7GN>B7eXwm+(wDiUq!Bi$IC(wnLA6=R z)zcw{hS86DQWNq|5iZ{sMD#vPagS7=upV8cWEr(B*-um74LF~nr=1#_@nrhCW;Qv& zy*}3a?IoA>dxyqW4bhU~4Abq$ikVxR<6W^O4<|EIdG8#be5yP6tl_3vmAQ~vdPTo? zC4iM#*j!=^({Ea)_h|w4LaMI>*gEiAErb$|)V5N&51Eh_K0ACrb)TW>bBmQmLqDjB zN;dV(iG3DA435@Zh6*p2&U*@7Iw(?evGqIHOWY6VnKThDYcklLRtKRLALK~y%GsotVawa(+gY8VY zLU@GEy-|a*$F=I2d*Kg1xz`ZZzb|2tuHV#~ncnsvC#RfW_QzPBkC;M>R7+wqk;po`ioH8%?8zy zGTn7!OOM&%Z+$ktAsOR4I`t)*lqvY+Jc;wU7IgloE_da1jia@V)uTm;>d7&$?Xl*7 zt0(sT5;GdYXBhR_Lq$jDNu--$CC!yhqwas(M^Y=<6EVcrmyyn6vrN{R-87^sT4h2$e)?|N9_iv#7ShB`YikI`?#} zA%o6$vFx*Xn|ByYJ7M~0Y$!MC7c0Z-%2lbUXPGYVSe~p5&!Lhs>`bZ0CIT)$JEWLC zV#_r8%H2?2TP0jn$HJax{Jmvs!!_fF_%g;PH*M1Dl4IZgUCoJrPjtzpjc^1>s0wL_ zbRaN32h`463CUW^2UQkj#G837=9nz8`$bOBe=2FD_(DMMqpMAQfs3Zm&NuNlPFL)2 zE;qW5j->*Y6%Z6$X^zc>#^zt?T^gocU2OLu(Dmr1VBkOsgcU@cD+w}_Vot=`jaP=nNQocX|0zt zb=gGPhxkF`!qq}ixT0 ztsbvdm8_c4H(P{sv$UNWo<#c8KP9l(T_>=2jU#gJPZzR#FnYv29d$~wCK?_;+_-f5 z8bf#c{?EGGf>twP+-cWlE)386`w9ah=-khhW0j(PR{bXZ`Xg}y*G3jGs;_1P3d>sU zi_2jm1e;YNd>aFEn05#0LdNPnj(3xd_H~J?cX&REM_`tZZSIi`w+e=xV=-S!Wm!*8rY z^f>yi4L^vAwE4{C99cN=`Zb;Aefh-LT5C@r@7oZv1KbOb z5HBtxfwHCE34>R6aP1Wl{w7s}3E`?dVzZ~mjor_N^H-Hrf^n`Y0M*dF>i+IX?cPUk zL6_6Jv6Y@I6y|dkJk94*o2@l91HVS<-4d;#&|SvUs98PJLr05j3VOq4UFoiNBoNEM-$EEFt61I+m)Ny z_h!V`%+`eLGj<}Bbdjuc7o@2-Z=+CGm|?^W4i{&~{SS)(-w4piARbA2<-s>XI~AfM zB(DI(PjePa#n*9Yw2N~qa_b22kaE}G%kKIW!o2D!M{f`9|H^+K>nwkKp!_b20Q+L< zmI5*5_7blH#(U*OFi4#{zrHPkzhB`721kFxD;Nl1+zM+cTTM;Bo`k?Cp7C9I!>pO= z$=$D64VdP&M`?P34(E_##qDo*4H1nvdA}4avZKymJl+|d?3&^zlndFC+{X_ZsmtLH zv=qQJRYtpr{TIj%w5JIIoLlP_R&oujNk!(Vq7FzH}>y+T+7c)eMi4-)fpAL7fM`>v&BrJ z^1XH)+UI+>GBOOuo>x7qui9hgJf50p{ZYx8ep1=%^*H-5z%uQw(`s z)5CkPl<^8{Hs3eNdG(5jnu!|Y+Ak%C{zv21n`@s++$9WG-po(WxBut_B$%bF-+~tsLR_LCUa(m zCCg&mJlp*aO^&4#n|K#SPhFYqCQIjAFCi$7~jVWsj^^t%r z-=i8(m1yegV{ojxZ?nX{pte<>L}%lpIjce|%D2 zzd@Z+3dQ@T+62cV2>CsH?cIWn8%=F^{|iOy8VJQ+hNmf=SVikd6E!FmE8fs#*$UmD zs*?M{R^pfeShi1HU+=NZ@0_lm^zCrfXp z$y)&>yJFh8o2z&h??NvW%vsZV21w>)jr;U^zbx@h|6;S|CNxb)VZVEK;j7p< z69<&U`y->2H_SdTeFG$R2R|hOBGJ+6p~XQTBCncEDv9sJga3tZ=tB#JgdyiCu&iv;`O z-?Z!Qs#5hogK&;k^BBfo>5oL9)F-J6^0_g44(HvK~2qV*p4v-=yXwOdroJi$h0wI*3f zTNVrzN&O|unSN)vB7!@o-7f7P;;&xruRBs=N2uYk7*;rJHjfm{tQNCpuJlA{N+sWA zOL!?0_iIcN1W6sgX!qsl=crFq1{G`i>srfXw&OnGbZ&c8wf(cZJyBa2f!rRNrI^IC z-kP=oc|`XXsiq43()M}02xYswYVnBQXV8--p`tTf)^C6O z>&V7PQGsIT_-Q(IZI#$bhQPK9n*Q-EfWA+hNRp6x;jnEtO?1yOn+U*jLZ+7A1)2ar z{%7`|wOzk0Y0(#iO|X&f(sxg^Z{d7svCLz8rmw*IJ2}1c_qQ^bqal}hS^mxm>8X6y zqK~z5Rmjm`O4OdGjcI(0|HWyofD&CWyW7^(cu^S9xmpecCF@Pus2A@toUaWA+Ib@7 zGAcLyj2U$SO{-|yebV0j8%JKvMfgYFaC~`5Ts%1`X5LOg%T6eOv<@OVlHq>&4G z*eJb|kZPxa;5v*t{T6Qc%*g!Cwsnr`}r1!mekRh#U_~1mUElb2@hU30PNh@PbY7S zks@fGz(70!cTLNWZ0Ow2LfISP&eEog^xF;lv8pG`Pog^e*s^@*J0aSXgH>oIuaGr> zf!zVGa3V)J$vDg>t`y1<_??%L^IYw#cU);aiC%@3`X5%LOLu2l8sJ5X>c|CfD3J#% z5idrNiEP(yH=Xt6#>fD)b=+H90T5J;B?uR>=7YE5DYEbF9t1%{?88fuy^mXy^pUI~ zf^#aGIxUQ3x!LKFmYh<0tPE*pd4#aphwkjOMn^WA6M-0R`H8 zzQiQKsNL-_@tFRl)2?&~D35ucS;R~UyQgYh?7=k^=YAhJ#-3b;$^oLr>76RM1y?vB z9Cr^Tm8+Wa831eJfRaI#RH~LKJ`T%LLg@e!pm8F`I7qEj6j1hU3VtOD7*pg91DbI6 zd8wB*k+g`xG7^CH#haJA&z><4jWfH+@pPJug+f%vI4Q)v05EQy6rBRP9j@C%wC1am z9_vLqU9tB4*lUiu;O1#IATXETOuc{Yhu;iyOkBBYR+Lkp;VXMgFfg_cOZKV;Ou_7BXcc@mK;fR{X4K%URg&8j@ z#gI~!hgsa5hMCj60xR8GjVc| zOGo9B14v-Fb$yy7ltt>vH!^+rq&k2lo0#BWuMNM8ufwiwS!H_|h2fLQ za$n}T_&@^SIMuoqAduK!vs~{f;bN_Vize0JT27rr!Ta68AvEm2Cd=LsCM;c;&$bKn zuoQ6eD`h&yYB;Y{XwNf&wv)_RN3M<9bQn27;jeJHUeY`RqZ?7Y-HDSxw=JU6_))KD z?ckG9bur65czR9#i^u0mD2&y}Jj(XpaL4>I<)x9zVFQtqS8zn)S2az$IKW2GK>o!> z*n10Ho890+6aWs$_bxZUSUQg|Aj_xgiyGX*04rK#B%;Vm4-NsEOPurLL2%_ zwV@wOMV6R(fHNmtXftw536C`S`5fP<;&EB(d470rctA@Z)yzZzw^3qXIhENYz`Fie z`oU6m6n8n``j1Lz21>ew`%AxMR5yodH8M)xxHC3D?%Mr+U4GM`dpC2C|79WMupt6_Yl41TE*dp`E zWep1EhuBu_jg((Td7w!X7`15T z445sj6b2fI-azJpP4NKAM?HlAIkhaK8sz(H7r?68$0ek8)p)&_T-XYJ%!)Yb#J52Y zVXe@bL61@pm=&%!A>Dv0=sWow+@?TZog(YJa>VU;O>)Z#q6SL+ZczPwUk3B7n>U5$ zZfQM*LKYb$r%5Q%_H`L$K&y&nBOGzQ&n(A5VKQylin* zhhaR20Rf-N18&rDWlyLSRM(?R1;7)FSUG%}ZWWpx~bi4mp4IJW1bL}Z0#Fj+#sd#T`XF)X`p&-iHp zKA7XPshTpSsJI&2Pm8eE_n&;L;{lgXj+o>^r;^Wyyk#N(CCZ#dUjGrMy>%s}Y691I z7nCWDPCfU&4u9Bv7Yc;5U;9xuUU7H z0Ha{EiG+5NVS$O2M73-PzI8RY*XRjwqxKAX+gGqwoWNGV^*LtQ=+e?sawAmNb6;4K4@Sg2}3fQ^+ezs+g8Y z^1B;gmik#a>9#%kqS2)L#@KUNg}a=;d=;gU?H-*~fQxI`2i7)x)H@;niiCoB=onn4 z8w8VDBY*>4O*aBcXFEtv&%lMz8wofh0@08{lll>G^U+EQESOyWq`R2o;m6?~aLdkw zM#1Ek%MM_D;5EhE*N_FC`uYLdC#*KJMKziD{lFy~l@xaEd0{@WI`p;EP%Z2TT5hal z%DZ|S@7>l%8l|4kf2o=yF&PXc1c|!TfD>~O1WFX_*P{>EBZVdpmN{(IdD=r>K%p3| zXqJhmV3%hEIw~IjZJmcIh>47|7(x&MCf!B_;G{`;}YDAoR?ZkZFsMP zx<6hwsE*bF^gj4p)`~X*aB>+LQQ7YkRIpq#bs|2D{E-6^D2t9T_TLAkP{<7oXI@N; z$Y>~hnS-T=o%PS-Qv-p9t;VzsA=gD-i((eQr8&$C;JUVWX#FCk-=UFNGGA{51Pce~ zy5+TO(0@b+Uq-UNdisouNy`;2Io;8O!C!^}ODnMe&D&t+u$5i0hW1W zS-}3sG6djr^RkzVWEfsxXW68Q|7S_gyYV|QHN)P@ueWekFhQy7r*)`*GYb)BPoaM3 zLa=|ZE4}Mw)JnQfKvdAKzK+gcT9+OH)FqM|LwC)@Z@NP&$h=wTt=5&@(Wd(2GmP9o zsiL&9jC{auT{py32>$aCK7e59@R;JM&}U^RU2e#~P6n3jp*My%SCT z{dss4@GoAXFdbBoc^I!M6N==&2n>!~Yp{keScA&pQ32aO`!Iq5f}Rlgyu5@qfgD1lEB4VJ$dyj^Ft6ai7+I`53JBBI~-y zo9jYakS{}2_<;$xz-aOBwd2JxKzPO(h-PZ3AVjr#iv{En<=r!bdJqngWV3&`0RNZ* z#9N}khvaN3G(S0%2C?>6%)Eeh>Vcpv|FJhHHiR|25MaUe8(jAP zsK$~ID9*s*8AsY2+68I?b2Ic(FY*4yJE_$F;!iO=@2 z6%Ur0RRpOWP*spUgYrL?mxho*fy3cLjPdD>Y^`W|H_Z5ax_bKVRSa6`4fd$yKJw#A zFhR?o(wJNHkNkz`f?`F@?^EjGq=J?>$B6yebbL0cs#qBMHc33S#^XPy&7UAaXB(YL zHslJv_A4b6$%)H=O5SuE64>x{A*;bZ%7O$U(agx3A1l?Oqs!Ur0I*bH1z2^3_o~SL zIe_BPa*#DPHnI~SD(@h+nD<@O#UQK|w2hLC8Gf7)jN znLC67zFyhxt-61o31tZUE}RHW?#C5K;gSn&F_&Pt52G-PzKxnE=$U~3yW$QFND0lb z{_+br!k4cG66L66%kqym$+l<$)11S_2*7Q}-CjW6Xp$+4`76z!k6$TtQYYQyoKi)$ z3xT8eH%^t{UuO>5Abk^+(qM8QgRva8yz&#+iXor842k;NWB5K7kzog7cYPR7@!BJCl0Zqvt2`_Wa z{A>vOMW!kIe%G?xGiN|w8`C2C@ZT;pSE~Co7raBF*VUQVFIe=hppFVc@3p~S(xcF| zi|_`SA%{G0qm2JuH*(Xn%XwK^$XoG}41FFTF+u8Z8sn(c0q=~k68&3$u9@Yi9&j9^ zYcF(dhBD9lt^(ds@n&`L(J2mkiT#)4R>_Iz!z$1T91$c$Vj+4e;MZzwxI;qu6^~hR zkxxQWb92y!Vx$Eb1lgwX?iF~agwPN$)c;--0aK{pb>s7?Dx+OQS{Mo;H^;-xNxV-T z_@m7Txs)C<<_+!y3YuP%9|aAY_N~M}QW(MFS*UJwcZ)#&Ju)f9$K5i6tVxw`p^e&U zh)&by-XgfIrE;%xzf<8?90sw~gG2p)@ePpCDh_Ye|LcrUN_6!>^xsthSR}Ob z26)E(wpf_~S?$@k2wCU93(W{{nnOGP77cya|9=v#Pj|BNm_ej6>s1Z!;wm%=mn%aK+ zQ7;@gJ}&U9#=*~id0xz5m4vm>df`-XCzaNy+CSKSs$qPlUc%?%kjGlWHfFgw?@Hfl zbW~;n#3z&&>p)TX5l(`z?AsUMA&Z#C8XA36pv$JJm@A%)Eex2=!9bxR|T<6v{`7hu9y1B(|`FxuK+mrZT-+4k+c@5Nbn+AZ-qhG(RGy9&y=Jj zmql=oZ`&TcUZlvnPtqX@qH0&_E_Nym_){iZVYw>Fl~R<=W;IDvdwDLP+i;MH-~lV$ zMmzV7yLVVQ|ELwLMVidFHd@jg&%w;O8yJZ`HOtA_V9C5!1}`^2Jb+j3fWoab=il0< zz0?%!XBWH^BS2`61(w_pS4;Us+Z7OOdIF%VXy-` z0X6liz^Hl)q>l&&`)tk&g_zHhbd%O@n~`C!!T)8^_5KOt90Cx=u1s&H>Hysuu>EIX z;NSMI?ZE3i^3v1O9fcfcj4uFUcFIS6M;@_vc?w>R)M|LVVR1~j;RqV)&eQEQi0TN# z_3P+}x`tNY3)rn7sM2+?n@Q<(@Y_Dx4(+Ykh0Uw0dYE1!uQHp{DkBH92zFNAP77dID?`j z@GIsa;8&Pf%&$3+5CRC;fFVX$wDWvI)~@S$$z`yW8wm9{Vd|)a!AUg4FxhmdUJgq` z25^0qWZ>CtR8-3j01>kupgToa97XQ+pPR=X*FFK?uKJR9QdtML{C1CMFTU4D(MF;Ifq< z2j*{yB0i?Fw+Wki^be^W7#lI@+4z76Y!@a3(Q}jT+#W z!2VKCu>vPlnZ_(&gR6iqaW)ZvJI377_C3|UBI2M&v7?g(uU)BrtUVMm&T2@G>h0}a zZ33>mN zJKnEt1Zvb^ZucJEm(@?cJ9xn*54y!z^t44#|D7lhWt4fXOBT@R_bmu8ClPUn?;Y#%tccnMwbxn z%WHSv>VfD#d!ql!jW&Uqrvq6!-1RBq+cCihDjt<$cd#rGNvjjjLfrpp~aqN{) zb%u06lUjmIq)iZ)Q~|7zV?dGpbn26LE!YLXFaN9w7yXcbdS^CM81=^IET+cgoOC@< zOKE-lAtA3?WC9h_+b1=`gPB>QGu6Mw!dsXtFS^SP#Fgs zvg==6LqI&!*j3S^r!!tk^RTx0Bf6UdK^f{um*(T8+kNR`N*^q1U0|Yb5KI<2;2B@x zmGs$}4OVa-zvHy>HP6)_1d9;2tN(BRtdmPlnf&5X5^xzhBWhk*cn)}ztDkHKMtLK0LJ}vxl$3Hi3Ht4He4^?} z4~P}AJ^Bh12Ts8KmI$yuVe`3k@rwPyk-`VouRYP=glN++=f4@1g}+4q?}5d#mhCxW zt`n9c|6fb?H?+k_qRAep?pr@jH~A|?X@D-{)=)5TKAcGnKX0T1>v()FT{3pdwdv12 zb}3sdHJ9?})hV!Io|2V^rO-z{Or}c*$LF(n{N&dWmuJ(H*KPuE^tnx+Bttqd&1Rdv zF)LzrY257^Ms+-p{;#J@(U=`n+CKB|jJ>*?$SSiWN0)A&WHe(1b_d#tXXc2n*oenQ zaZF+xAbGDA5VQ?`={|hI*hfy(U(_e+-0Z|nS4SG|z8`&yB455Q+K>I6Zt3D%4qm5{ z(jh~|p=|I5Y4RY5^{Fo-&fWpHm6A190I?x!2_e3ExoAH$pY%YdIo-A zE9d-hV(8kvvO3OU4PN-wM77?L_m+-LN*}BA^XJK58(>Myld|39aK+p2@aFfUYxg_rQ^Jz|y z#UxR>0roO|?B2UBItYDgmwdq~FVkX<56C4qlKx93 z(3XyDA#$mzw4$h0a5dY2hWPmJ-^J1A8`4o8|KUoDF)hIGvvC<$P<{zl8GZ#t zN-j(!MT6(DWp+{Buy#Ik-p@ zho9@%J`aGO6>@|sO#8G0<$k9*3@#E?qfSXWFa}Se_bb)ET!_FLG`x^Iu)qtw*X9mh zp1|**ins=Nb(0u3kaA}350c(CV}!EtARVB$eASG|>1QQK5bU}!cOYLZSne{_uw}6a zOvz(nwUf4&4mgcsuyeXbtkTL{=B)vHI>xi?&YKk8bviu`)W*bnYo*sRjwbK>Nl1vS z?RqH%!I@;;|7g2mUEB$T!kAfhO$fcw(Ui`xP<&smwpLmIbkkukEKp8^Ew7~PHu`0T zK1Ol*^^`M5?t=Y+eYsk4S&ho?L~H>timt%&Z3)l?g}sU+uq#MzKpjND`Ak9XFn%Gg zf;n`vT$@pNlQf?pB2e}f%G77a2wTdbGJb+<-`hcbRjW=Po%WHI2)s~mvr(?oHO z*dGKB>b}%Vf!MX$&N$|Y zOgX2Gx9{FdPuDRqMfqsk0>2XYug{k;VC7m-H1AuTzZV;GW)wL705O%RjEB>z;0=2F z;!B8;=$;vuf9N+*CjfHD%ZNhAReE{vGRckqPhqM_-w~YYajL9}2S`mrf+)=m;Mu6pIs_CB%v9CTix(Qbhic+9kWKO0Y<4h}`#!Q zyb>~}{TctQ`jWUip)$m=Mn)iJN(6K`zwFkQoi}UK z!>y{bjn+(?;PdLsAc)>b1`{l~<`*AuWmX>4fk~f0Wie%WGQjeFpu zD6Q>f5=tgTUmq^`u}ZD3-!lDkBpIiop4GTni3w+|f+Ap92O_ChE3FGJPxhEMzf_JU z7Y4OK4BzCL(stwb^Vbg^Lbs5At7xkkR(fVX=`C)8lnf8Aqo=(fnvhMyV-R-h~B zJc^YRb_eYiHS!SiKpXY+GVe`^d-O6s!fTXArh|GI_v^UJ1f&+qkIV-YY+t50Ietcd zc9du)8fBRH%DxF=l!mHBy%r}me}Koo)@%e$%!GG08w1S_yZidHvOYF--YCkoFapPR z03C$!vX&<0eLe(CT8hFpy@A<)0+N{}m@vUUdZ)3+2ZvH{IG^x9-HzwuBsjkDylvZ7 zZqw8zCL;?YLiui1|C$_!lHn|Rv_U*TQF-vZbeQD;g?NqG1^x^F!tFuQX*?w<5H%7lTHFd9cpj06&~7#zMD{(xua%!rk1l>KxWZP*)0qZrcjrG?IsJDR8N z4CL%=op>MCgMda(jRj2RM%OScY>B#O3bBl{18QaO)jLV;Kunb2GMDfd2hMkzBhmMD zFdP5N#DD=ZKHTz4o1n3BBQ~Cf**mEl$fIyMl#B~)Phd;16rg5X-fcv3*u0V-hr4))@ZPf0TSJPT9L=gdY`Jn7 z_cC?FIQcDJrk|Ba$Yp!czvT;sJ;6Vpla7g;K>XdeKrr++34V6nkX%$ba;#bNA><2) zT@e=nX>Y5b!BS?@E&$NOw`&)@fZgOku_D|HF{-{=HU+xW%N`3je{9k15|b`9C=&>1 z7`kjGKpj#UPOCbKSW!Gzw9-bQ--65-=e388bgb3Aadg+Hw(#1;>Rhb1;LrVJ&0Iz{!7Aag%58`7LsB@wMq%P6Per2uIT8+!G7();EG4u zR4vI0ONz@YHy8%BmBb4w600Ol#&}B^M;9<9S(Dupf z6QN}54~2RN{)m3VlGqY-DemA@1{tKa=d))J`@__&R)WZ(Nk5DHV%0=``F@1O$+UhdDR>IVDg-`BL)nIBVL`k&IJE;Sy;NVGeMirvPw z_Ap9tn0#oCIKd*Z5ehAe{!|>!u|+C+(kEAT1xGQY$5f7K!jQo~4?xJ}ln2g^Lvs4c z{>TJo3uZuL!u^s&n}#F6EHk<#$?UhacngQb9-WvgICF+x!p-M<*bC!ofBI4nnJ$+r z`030?YxPb1S*ZX%_hk>=5td{#CZo?Q(TuJOyaI(mq3kSBH_e+HWECBGgF{>aTp9G8 zL(>ypIK5}avI6efDfH1g2gkcXkykXz^h5VZ7q7C@k;DkX9}X;Q%RQF8!B148REbyn zj9H@7i+*)f#yl0>6(%bI;pP`;nB^X3Hb6$7smt<8{(9hFeyWgMq`ld>KbjfM8@^3! zA0>DB6u46~u!B`}BB&%TefzQ*Ev5?2RiEkEemd5;kD?#~gxkO4H0XDAFlxOYwh3#a z$NeK=uCHR{5au@^pc5XJNlQ)r?z6u%@LBfRDB6_Z_tB=*C6r6Es0)Kz4ruxr)w)d8 zV9t6vyE6nhOL(v(Q7l3)YiG21&{VuI?K?b@+KN2X+DbG)P_r2wqsLPk70oZbxVwN} z2%x*m`#aKuc_hYT1^w9P)6FJI6Om-#X!E3oQcA>zCiIZ*@;YC$nAR6ke1MJk!{fQK zpp!DsdAKrv0fb|_yhU&zztdrpcOG9fd!e5?@12Y#xnaA?95^6%qH$JA9>!?)A#A_z z3QMkwhX1BS{d3 zhRbR~WJLUviNjB5Irbm7rIa@1li%WBHCPPT&*Ixm%)A=S=pOd_GNWwGHb3}gpCEta zxab<1C$W$w#V^tt|4uI(_FZ-%@bmm;&i$v38W-IFPJ;dz-hXb^HXQCGUv6QKeYDh{ z5m@_d%-tUJDq7#Z0UP)0W+tVzYi*TR8TPi`@Xb0a(1Ibj})_hYF`HbzcKRAX9cu1$O4i=7e4%0>{>>108IQ_ugDl@qgVfjhFldqf> z;bzNFK{j}8U!OAn0XE+UtPXWeULnQ0f5$_?IBQ-59A6KU7eA~k7*j0%X+zqZ2~U>* zXEFQGZqcK4PT3K=EWD%V8cj*u`>A43=>v}8AZ$mMCK1|s-BFvE7O@D`^BGN)6Bk$&#Kj|2DKsV&@c_(p)|8Wfm(osU zlp0jH-hHBS9TRiK)NGs0ZOPP9+k%zs>BuI${y35P4_ zAM>V!hI4=U*45hmL4w7#g@9Ficn15J&5Z{ zc8qzbzE|p+M?+8q&10(~SIVG#GRuqZh!)SVbH=LJX4!hKAs z*ED$86f3ox(3wqX{Q7JndXv*q1j_IJPYa+!Od`akqmnRszO|x%cN_0P3yo1CxavFN5y>T_e ztV=an1OXV#Y)k$M=)$44}xe&Z5RL#r*ImxUO>JJX$mmf2TyF*~?pWWvL|E0c$k zQ|n`7-BOkM$|K`FSUY{cdzD#RF+J2>L}j1rtA*?HcrS)*sPnL{bjf_f=m*<54-#PjU}@vH z?Q>E^>j{U31L<4AACo&DdY1RvxT84hzs|7t(70(HKKAAFbPRgC@q3fgRmEfWx!r61 zvW0W5CjEB@OZ2EBCbAUb`b8y8Mv6w2wv?BuyN3pcR$Z?@q~Y)In*a4oqrc}vRTW4w z1Nj0}hKbWpO0pW{08aQ;G7LbNy6>)L^=FtMV`;|v$1@s8VGwN@S+lq+CbCcLpo5L? zlT0?>kJYl>_e`DFJ%~tCg;`9;Kh=o`RhOyd?7yR#tm8l_?h2W`9>1PDU<+C1mu6qLI8A!PI1xJ#96}W$^0`?J!^v$QsMxFmd56T9IEU~;d)U$knRxu#~bDYIY!ar-NZ?2 z0FPGaAO#FWQF(P28&yNoEcei`-%O}pV$qY5a7bJ*(n;t)AOsHJeh+c1I*4CqYLf&_eYYvmiQ@7_3{=_&tp3DZEBE6nI1 zBR?C&j{IQydZEeV2`R+k`$5Ze1Umho`(Vxk-`Ys|sn(jd*f>y9$1?rHZ)S^NBQ69E znxdO|<6eiL#S1=t@%P#TQM5mG51Gkdb27YmNg94YFt_%=uLtcZ5z+H)G1SR_RmN;o z<0ix5uHQ_DrNrfxV=%1usTXoF1$VELMeI%%x@As zB^eK|56i?*Fyb`7Gvkn^xgB{6H zyL9>pR0hb?j{$AGkLY)G5MwACSA0Jwmw}1nS!~McPC}I~ky7UJoT8bsQGu?X*w>ZB zX4nBTB=>7>B0@I%9oX2`xlAys`C?@TIW!G6-(zqWFlD25<$MC!SbcIgm`tqneKu3Q|T#B_SnE>G`1+G+q;^+iEvR}<%MCV4x)CVxer0?H} z_QId9T;?V@@}awS$+X^+BxFa?^pHjV=SeemrE}f6$JIX;6~v~^^_YnzhW-Ay?nLO| z@0BPTkA~%9;l+rSPz+opdXQH^J7i)Q|2c~N*Yci!!@KXL$(WAgwrN?%!r+@4henH* ziGg@adzo7&*zEWXFvQ1tGmRS|xQapE0fCCwj@&T+cYyn8YOE=*WvBix)lf!sVqFg=Q$8gZ;*QtREU_(8F6B|HmnTzT3V2hp{qQ7vOPKq^v>#t9~Q z_(iSQQ7$eRuGtUL*$dMtsW;kXY4ub(az6`KuGrA9$Wch#hDmVS_8N4b_7EUC90E%I zHt+4vcgAs&N5c04i;o5Tv=kSz)SA1Y$3DxG6H(jBj?l0U-(`OWTJAynG7RI;dq83z z+c@{(24+k74FYs|1RNiOl6F6iSz@{wz_K|f@XxLjmr@Q--Div*ZJHht!VuRrYLN2yR{NJ0GV8}?zr3(q(K@FQLsUO=|mns>-HUlDm!#f(DPgdMij*@gBGQ=bk^q#o{{58us!A~}@0mK4by1qY34Wj({9RPOBmZN2x zwKtMdQyKO-G$oZ!cdVlwX*2Kn?fbYv0g8wG&Mq5v(EKmpW-B|)4d4U~`isC{y!Nbf z=fN}Rw>a+$o~4RGgnhdHB=CJrvD$O@uy({T6YcKszP-B6(OLBlB(+_50~Pn|D6A}n zF%#eaN@~GQ#%TtRY9~RF@X~?wX?hI@WHfg0NP!f*I=zZsmI@E>o+o1?go!(d3A=fwX!c0I9oUCH^bt|cR-Fws=5d== z#yy+%(xaVD>8>Pyqn3ny{He2w2rH2J)pxm*5Bbe6w>FCC+cjE+MEopHFGnJ=qtdJL zRHJ2&y#hjc*v5nl*Z0@h;f43&_+ZGG(a<|p$mOI4ShLJ1nVw3v3O-ALcB130%3Pyf zPzlct)O(vmyYNB3(^zE@UknwkP!RX_S*Ox+Vc2dy5iC{}d_7oBz=wso_PA8!Oq7oo z$QR%KxQ^k4auHJ)Bf$&xKNyLn&mHksg+K|=E@qiSaUInv-pJdjj$Ut#YYk4w%A& zSXLTwdje}8JNAsh@b}+N{S#Q}C}3JEQK`D)jC4$9%|8Cd*BDJ`U6TzgWBJjA1XvBAa+&g`e}(Ol2U9f363RqIQ?&l=mE7D;y=^0KATf zN>*4)rpeKh2Z#_qDzvb(N-GE}kj@321|XE{F)umSlf&tb+Ze12n2QioZ6h1={LhgH z6KWTd#%#Rs%e$}YF+t0X%l?C|OXu0%n1yvW z4lxrbRq*lonQSqdwU| z8jI(lt(5FJ(J%fJMoT}XZ$qV51U?1^)tq)?-{rm-)) zN8D*wj|x<7r$#Ik$l7>~J?cs!K=C>dr-T@>EJnIzjr|;ULRDE6k3Qwt zQcV)JP5!H=9P3HDfRSvKqY6Wv=6#fA8i7Y&ak1;j%$3cb9AEOFYyh0vZ6tCdW4D^N zZtX7&3RRk<4lHjsK=Sx8DM;#|qIl9pZg=4%%5;Tipik#RA>$_70sIL(4q>AV!DH*g zT1cK{Xu|=HZ?N)pp!$;|PnrsMWUbg>$>*am8Qar2-IeXeg~P|}_E{L?NvPD*#_m~~ zP~M721=Jh|>i4eqg}(IMmlR0v5`9?k^DjEY{sY@QJ+CAJ6fqr@$Jg~PqD$%1`~Qhi z{(!8}GYRwadE-17m=e2XWUgIXJAL)))owEJYx;Ek@y-4ZavTs!!^XQedITdXP1NPK z?g+0;Z<&v@wUsLq9M&!63PTm+MakkP?xlGLOl7%<%CAh_r;4k}Il>`BZe^M}kk{yu zm*gon0j627hBW1hRLfn8INCs*#^OjDA+OsYt&|3;GX9yqu(mK#co2F2v2Z<9A}r2y z9&%Q+3#Z`glcQki6TmDuXi?D)JtV0dsF!C%I9k(&HEiyiyp%j7B>5%Z(+y-F1J_&Q zsca?>3+|-wJ|`vTb-6-scowx8^}-gs&ZK&5=>mAZg0w2SlCWxOThe5{uha9S20OL1 z9n49}AyQdPh(Sv2?qAoV-SCR)USckFHe*9EouOxAq+Ph$AK=a(1GiQ3#>k4qR%m$>QAn=M@4rvBOZ z$dJ$8oJ^+|3z=jwJDwMcITz>!%%Bi66+dh?*yzUj+`@JsPgno_+ifYwpC5&?@lN$Q zTp8u_humgi^efg?0!jO~ zM2S*bHl;*D>*;jOTiHT~6H*Lr)l77;)V0p(ZQt=jzijJ_iTv^$V~li6;;lZB7CtPr zrO~#7+heha+fY8f#W3H$Y|oHnGq)$OEL_=chgw{4-ZJ)I?5?)UX$sYHewv?o#uRLJ6M~#k-iX}smtgFC+pFThM zU`=jxBK2j3q405W0?{rf6zNpx z?~uoJFYrd$ZGz8Q*|;im>Uh5`<=h`?LNAOWFPSnkze=FPBLvIE3J7hzeJ^50w_}6^ z%#7PE$kFic=>oye`;h!A#$_V z{ddjW15GBuuzyWeZ1tS&V?zioIRPANqO^4OK5KBs_sImO^`g-q-v*a^a&_nl%_tUJ z7&ex&T1ENxOCo5;y7lquSG^~Mr43G2AIh7t-{!{pNr7WPR?Y1o=|2c_<;26MdxjVr2#8z(BnP?u^95%*PN|uHA__0DCtZ&ak+rf zUX8xTYr(g!W|cXE)Nv{8kOtWw+~oK8R*805fc8j1?g5Vk)Yt9L=h||BxTq9w>crvZ zgmI0ESzu~{AJ8Utt+hKQ$pmlT)SdQJZ~|{RY0>O~X&XHU4zmaEbrk01&8vy-kB*OT zx_<3i>`*lVtcUz=UKPk9aa$ODXj|uiSl>TTiasaQwlJk=+*L7T{$m7?lJz4@EOZip!3G7Fjx=4X)bk*2(t{&}gdM-60 zYf&U&76OGgHb=@|zu`)7kEo1;Gxpg{0&YO?=dLgwf(TIu2I)58=pS6XD)`sCEI4)t zm-*fV;+ol>Uu6^A(}lq*9xJ!p#pq8}s-%4w3 z#i;*p5)-3mc2RE8K0emtN-e@ zt(de)^NWkSJmiO8=W_yk7u^roQ3hHF&Y1WPNEJ;_ME)v(n_2K`FL6GIkxZLFqe4Su zs?M$8jq3I~rYEvWQ+_dOo0U6)olqLgyUOz^`krZ9&R)aqX?m;2O$F5YGbRhR-+@|V zfveqEDey8;nNdDXhA|+`=&9O{Tx~Oy)+Nl;!mT_{ILCQP#(enh?yjz> zp0Ae-m*FZftHZ%8HQAwDcsTPLtBSC{?XO{}!h1<#Z1(ZntVCz{kLao)YI$T8O=dMd zw?BU}tQ`bPxa_p*klW5bt4R`;He+FoNX^fEPHC>~lIDk2pX;2W@`f`y7|~38d}25G zf(LUsSMguLl?8bnI>V7K&BrNZn!jne5BqBXK*2&u@nSYB0+Hopuz9BGFs66NMUn+e zOR`FHxYnRGjAZ}$YwAEt#8GX9GPIK-%zem@H>fU3BVTcUWPmyXhaqOFOE@04IbkM^bTC;SCXi( zF)~SqAaPP3H9SXh{E#sYx}GiPbdRFVR?K92o7TRkdHqMs+_Pb3&0Y(HOkM4xLJ?Fi z13AlP12sWc-XrPI#b>BCln<9yg@HbIUC0>LbeakUtsS&ZI`9eY9#( ze{)OcmWRY-?s362F1oa0!iY`Ba1$7pWYdmgD&JwY#GHaN4dJ@gnpg#XDrO-YpMo3o z;p#szpJ*VIGX=ADzt!{XIBRN1Sn^iP+oVBuR6(?@d0sg%i$gEvzr8?U?4lapI5&cg z2s!5QA$BYHVP~#!OsZrx^p{ODx-vchdgUOrJ5gisF=`FHQRn(t-c zvz^XfMB?|o$l;-eCNcNHzeRz; zs5C-8$f?a%`Pp~hVJ=HuH5yEFYCe2s~qdFV54yRht1_|b(Y$z&^P+sIvKa$Pr&1_`7=I_&n^Pv}D>Wlz zP#V2+_tGuV7bRn_Q7)eKowbJLQ&-Z|(}K2#j=@x^d4G1QL>*qa&hG|DNMmj5?>8c4 zgY~b-W`d0(%l4wAX;Hf_pw*YEM7+i*!wn}V?WA(ei>P3~KVBJKZtB(|*N*A14Rv>w z>Kx)$;I;ADmw~I8M2wLB(?Yg%UaRPLvg6_rO~)gRQZd%TMZ&Q^-sk0U9WQfOb zXZ5n;+~0%2q<7VXP!;y{zhCbYq+doOR1j-C_!~t?qj5>H-E5n`vGs5W{*rjmyCvJ` zkeV=2iH$mioVPPJ@@KsFuqs)`oIfP5+`BEvE&{vp13ZMWr%%dxr?;a$ZEmbHe~@UK z-#!o3wrFef!;j9J>4p33HoHwr52xYniL1+eb*y&%G?v=LMF@^$zA5$vRVTv+}j<`s7St@Vi;|$ z?vB^Gx|Z=BbjOC?6?{h?r(jyy$E|QK>_V(*XP}OVdi+A%`b3T3Vo(a#SDK2S)g%&p z5+7wd0fu`lS~@x2La6OWDD-h;^x-JvW3Q{8r{fi?un2<;0l2WUaDN>hWvuz8bG~&z zsZTAwK1L$s{ADo9nHu7AWM+vc578V{!LesVlyhTh|Z!%WPKa93Ho(K8?4zXXk&4mK6& z2Jyx>ZpdO+z*w5d6*P@LI_cg%n5EjJX3`cW5E0m(67^2lk;GfdCZlsWB{WC$f9kPP zrJHEVO4z-LW2lAWue6ogykiW3}o%h~!`PnM_v_=tomBZ=X4E)*#&N6T5G#%FBDD+PPgmtdIXatlEe4>EW;x8*S3K9$}lWj%j$b zWjx{FfaHL~bX!WBvzo?I%@z?86XV_B96Mh869?byZPVf2zKFK?y*RVQDcpOzX>rs= zb`|R@{BYQ~4g>bvdnw74h26&1HwaGFzqI2JIr{Gd$13U0!ysy-IHrW&DG` z<2Ge{hy8n2Km|notu~$PRAxDQ4AUY&V$U+a7BJWlVcyRZaJFC_IeXpudhbYQ^LM;< z)k+e)q;@U{Q_zm~QFK0OpEpavfrv*qZW=ema zn=Ut0YJ?n_&E(TF*4Iah!?G6U=W7s5rP$8jF5rdxuQnj=ZPS!%5P_vEb32J_z)0MB zg;5m~(Us3DBcxaQX|O4s#-a*k!nrlarySml(pSbdbj*Ek=zrQs>z%Rc3Ac?`Q*$G^ zu*mJ^JEg;%!l<6iZGOm98q%P81`q#GJsP|7dV)Y75O^V`@}NX$Km%e5&L1AvAo#!QP<4Hc+kZl3=>AQ zzn9>f6TFOh7%3M|nD!)#vZOpV;UC0DQ+sS#7!R#XBtz zj|0mG^Pmu_S2ILf5f)8_86aQ9$==kt2tBV0ue+5yZ|^`J=TZXVfQ1R?VngWD(Nl;Q zN-#QoL&LsmkY6+pJUY``L{|jh;x{AyXK6o&rhDrw-e@Rp`N#kZ`!@&%^biu2Cgfj! zLKOIfuVXTv71MNLPNYX&WJ`ZsO_>;YW@+5G%`aRZCh zP!eU*N+;?(lcbCso+%QK-r6tio$dVYf6u< zj%4NMrJ9_heS2NL?{uLX=3_uEW-o1;T>bn`uYGX7e(^qL&1!K`H**!t6v<%IG?_G@ zdbkVeIFSK3z!}tPt3T)^U537gdaLm;B30vgnSCL<;6Tmm^l$qc4$mC99V4p`R9|OY z7$T*^A3V(QY{2fy1%G^e7A(kI6dlBcQUvy%GAj=c*<-{Mj_l-?qS;W)7mReSlOyZb zqSRFtkG(srCvbyI?Sp+0v-QZe%BRzlEf?vO-@k>~quvO?TuVqz3&FSh74gidh9-tR zMcqxgQZ%`10=^?YTgdd;fJKgVbI;A}}1F2b=Y$5}hatv!>Nt?Yv*>^Ef zeRYL`f>oTWud?ctc6SB^)9J?k`*ulg)NO>{cJ2@Hi`BDy0I)@5X_DY;3+0#AUgnu& zpEv4QRfeAQ{yxX7btUz&?Q!&jP4v~{b*tDAN@99?dKWbS{zZX5b^1le+mX2%Uq^gH z4E}_OB(%z2d~+J{NiPXvl*!|O#U~L~2miY$Zm|NQ@#lN()Z(24BIs^vaZf@0tXR=L zz-8K>{oO4Vp4ypfHx9fy4u&ZkbCS7Kn{u#*YkD*0b&RWv(YmxpQL(~+*Fxs%`;5yd zrQ#aWK2pQx+IN(FN5EsT2x9K!|L_Vc>N_*Q;ZNw8TngVvd;^1q`1t!3ig?LRm_0{n=k6QmRMi!=1%88cUD60oL z*Cn^KMqn;sv*P7AC|W7};2A=YPV%%&7EEbk^jKu=`pw;WR_dv-X1Vs_mQPCLSy>MI zzk|W$^1uH8%lEG}UL`MyFGBB)Liq3Su$aQmVp0f;jGB$oZIvqB!;l6JMr*7OcwbE% zhO(W_M5}~wa)WscH%EF#e+g((e5e&`I>jQf1H7dLb)f;T`JnvvYDgTlwO91UGY zv^E)+eUK}77q@BCufF$j>#dn{%4#^iHP(t>2fq=qPtCd`BG2B;X>sqc$UaU&6#SUY zOAQn^j^p}_ufqC`edeqj8nE1BajGQ{djdjoa`Hr79i7h3uC5D9l7Vw&uxZ#9{r8#< z@PP8Ov*DhbWg@-yU8l*iTNlC!(VEe)khZwC2zTPpyl9?2iB1Aj`8R6`w(ZVpKR><^ zA5;Y17Rf$FwSs1%SUHlTI@aRh6W}WOonj;|Wyq~frt^KQbS=RwVZQy9u#a%nqrNnQ zRQxT;l(4uY`e<4(v%v*o8g|1}jBEV{Se(>zVcK~Q^A7UT#)B9MwY_ZCB>;w6*#lg6 zQn6ewW-5FnxniAxIw2lLHqGc%c!g(#v#W$n#i>M+f00~sA8@qn^I?^VaW6l3-ipHx znNpea#Uh3@PyPk~TYy7TPiv4VHsyn5_0vZbn#JC#*NP@|t(ibYG}oo-_9=lrZa&Uz zp#I@GRC18oKCa1oVN7EgKR8IRS&aibu2EpYFW7CsxIE!JEk7+FX)k|8zOqyLFZ3Nt}y`Y?X;P>))nUrJQk9;{2^RdZzR6 zG6)tz$d$Nk7^~6M)#ddiSO4;)D*2zyxf{xqCIP2;t>7w8LArYd$;bnrd{*$IfH6=1 zc3vjCeHt5tJXWHQt&iPBNcfsW(?N=9iZ7SWZ(xs6K#on^XB6!E-Nm_16MKC~x~3|x zP~$Q1&zTi$@RAuKhKe7d3_y{-XWDuW^1GSfgisoYF3{mT0y~3l{cyyNa*>Cd`5LH8BGm9D8jk3(RdZzKgCW?nlQneSQN$Wu{kGW%C~p2`u}wz5Y1j4$_F&rr^1TWWaHuo$+OCZHl!P{F-pD za3Fvvq$uLzm+=do-QDb8C}S1lEv?F~Ph-@Pw;J5?D&i+B6tE=B@-BfD9N+5Xy2HXN zm#9L#8rr_n3b40nN`BsqqTg~ozt>x}XRebXS8!!0Q|^m!Ro$=I2OZasC*>!f-eSp; zMp#edCI4EG#a0TyJCHuXO;3MbD`2!NN;w|2(dV`&Z3~-^w_S5kMZ3ud*M+{2DTcI# zg{@DG>M@#6+nyrqT{4^O{IY~G(a2cW2Jkr}qaL;&9lzN?|uBcW7WguZYZbJv*Ap~+A zkxTk`1+XNm1T6Q+a@X3z&pobjWdF{Q44lT*VHTHWNbBF9C z5jlBf4^`%hIggmqj3yiFM7n=*4TtZw8NX9NwTe9f2DL8tuu2uzX=Tip_`6*WHI=bE zF4sG<9}@6-MZRJJ&p{`x!YAP`5hI(`2jJ#@$OvN;ur&haZ~HU>mv+<43Rwg>mfxM-Q<~_08bF96S<*uI@v^BkzQVBY?MEf z{fI+L*d)x=4-(f&^im*r-}1iJrLji}QOklyA&H}h#y;A? zH7F)r-MqSWfp|wNWZ0ct3!!P=rN$kR%tAh|Sa)8n&RP+SP;Qv5F*3*YzNmKsPGKLlT6~0jqXNMzKv$>SG7OC0MwEvXgyE+p zAH1`Xf}nIb{gAlL_5Vu;dICVME6K~(I15I(slEqi$1AWOks4aJxr?JfXF3;)t&F%! zDBT+0I0%!RIhh#kU5^+UO&O78qOx!@<+ypH03v&GX?3q_j52JoOjyV|856;Xo?4f> z+hKLkc5SBvg`GHF^JeX3xpWvJ+?Fezku@5rj~) z_*z;ZqamZoyggdM&RF&}EA`&IF>*MQ_Uswo^p#pMo4UD%PG9sES%vUH2`W!ZK04LA zy)9~;lRrw4*^0(AzZKfaMYz(z03+o^&EV?nR;zr_q!qKrnKQ@Al|G5CzZc+RyF53A z|904o24Wct7M0lV5%~}D$V`j-FuC@Gvjez=vf~w&TE4utb7G)=Sy}0J$bxR<&(y%Y zU6)GL_3JBv4-nlrIdRSn|HKHAlr8J1&gT7qEr+as2u5+WTmRAJ#Skn3AvnNYQvMIL zQnW-4e~JL~6nZwqH073`bNhhfOmpB8#>(JUalNyN=qc?`?peMvq8roK886YNDlQ=F z@_wozo`+f7P}Zsz_r^Da+5AaQXf??@3MYQc7caWUhGtHh+&okl&SlcHc0w6>6JP%+ ztf5)v%H^MsLo5qC3AuZHYNP)3@o?LKKNnnLwp+E>Q+%>#UVt2hg zH*eaTa-r&~St~7v-od|Gm$*VVg+VJ-h9cxF^OFp!X z?;P}+1RZR)R=#S&B&Ft1{Y2%q=*WPpUcd`1DC^dm3_$H3nHN5(B6#-WH(^240Kj)8 zu$}n!E1QZ<0c;hy$p9z0vu9l_mp$KDXcPcf<@Vsq?0A25JXLAxczoEtK33lD9AP)Q z3qm*V3p_thjeVS-wx(uXZoF2CD$#J;rV%;6QckeKYfkp&CFmi7hr+v&lJEh+!NF6< zn`29rKmyqEGj(+vv#~=&B@V%ocuYE%VyLi?v`XeJ|B!22i-)=Rl*)LsREwgslL0?H zB(L!+9xT5Mo>wcAI6f}L$cDx7wO1D(ONS~b44R24*q@9p!_KdO7(&|MiKaMXMyhQb zlZJd^S=ye>V$YS0m~L^XjY+{9hSzvHUy(zE z#i(?}STasZbS9aP47S{}$H!DwS6BA|K#C<~8Yp-L0!xE?#MCx5n+!gZi)GJK`?YyH zx~~zk$B(2hfMM8ZyQYOei6}f^*ol%rL#aojOi%E2cfv%&yjr4xV5?3E#F!ePY7X5Z z*P^&Xicc=pdXqkcyVin=pba@Sv0~cu1=IK=SzP`^u~Mm*HinCMOfFB+Q>Pz$DUl?t zD;m!~ICo|<69GZW=}pgsRNi?Qo6L@)N|JfAucgCabQubq4xp#Lwhy`H8I^f&gPi2{ zRNc>sD+SjcHRc>t_Y0gx<%S|pqRAE=zr3j%7R_0_0#lTbYrh=1Kv|o82rvZ#wzjrL zBoGzB{OJJm2WimCTzz+tIFlx%;zPBFX)ij6S7TO#m>ec#^A?dqD2rMpvE^AT^Rb+w zVvF%>RY2$;ogj~amSmHiH;RZrdULvM`aV-laSd2d^F&fxg&6vrX}v~|Hwl=qqsHL0 z(oTPdhSIb9?MiapYZfr|E$o^rIjKlp_*(FN6%lPpF}-Gs3_ET4Yo+7TKVeVsRhiBfjs{FGXT7*?B!(ZuR?%Jjf&u`*IQoIUNK;b{sfJ^p5S3szyy?Epd_5T(EsTZ;RPW&n`7oU%3W$~> z_@NbHSnoLdc4W!%%>KIBWnMN3j$zU1x+hzD_)Q}rbG!Ic>17sOoor@Yb&gEVRMvXA zGk!agihs=s)BDh-!!uo}T0pt!_Jl4HE+bRwMwr{o9N?&uw|1tnL&Qx?O#T2^8^%n- zJCG>s1n8WXYLkPXCzE*uq*0A$YOPb%zo~nxJFATsUB;NSfMR{V(lM{r99x`>ci9=cuQ;6{lnqd zw9%^(#|T&AR+56NUU(fqhvL)S5d(xto#|3IN@J^7ot%QE_W?@&w%*P*^3|vwB z>h6Z{iEkhw5Sr-iE4s50*7dXm(3MR} zqVOEnTmJgaIrW_A?Aw7fdSPJx0$#wxW4bv%F(IKXIx0%&wThtEC$OE{TV86e3crPh$eK$YnWWytnA5X|o$Pwl;6l7+rjBWi4AQ~w-HOeu}GP7?L3zMHAw z#r0nvdjQZ81qRMiRhf|mClmSew3vUUiwH0SB>9qb+XYt0 zy`>`X@F8R^#H7}61O&(>3moT|Avr$Ahtt-`garvAYgZv?gd|--jtYi;H}KmPyPKKR z7eH_%W{vp6ak6`OF%pdhMLNEd@^^)ZD8C*lCnob3(oM7n7QDOkv+);BkyLt1QcNEMXuO#svJkId{9?4vIQCJh564>3uIJMKOvO-0P7I zC7o;l8dqt)SUQUs=Mk+|Q)O9KWF|l8LoQzG-(QV<0NXKfs0yVf{3sQOabz^)1VPEm zhR+lv(bo|Hq>h~F9?NBmU+oJfDb3aKx=Y0S(R~6y79;NtiMo?LlF54uyw4kbWOO=c zx@?QJa!XCZ%!B6~=1MYfBk2ay>7P$lb=YzQBUuNMKU+`JeTQdvNNUGQI7s-agXIhh z!Op7{1#OTgGMC39n2SnmURz2o4gn{S`yDB}1XCdv3!Ww8OeGft8mtz1wYci95mVdI z><|?*glQ^aLj{V5_r?-|WRj?$wy3v2B?@Y=x|v$z)THOu^V8Ej83-5&AtoPr1MY$* zX4>K;56>!PqcKucgtHE8Mr%Eql`Ai>MC|5lr6M-GHaA@#9E9j*{1bBplO20aV=Jjv zzHC_MfU~nTy~k6p4Pip2xlC5eHE)ys&OZa9Yr+{tprCmofD+{vh&UNkg-M+&K~zFN zwAAP@7&qxrM@On*jEgA1wY*>+YpWEOwG=_U8R0645uX9B%hLJw}*6)N%D8V*JGoOz?`^;jGnBkD~4k&SMDu6rFmup zmY##n20h+nclRsY*H7~NZK$4&IjoIgaE*x*Y)J*7e<0mchEicMEk~~mUv^(WaiO%q zp|!a`O;9=jKyFM~V3N$5t&_zcA;4uBCv^SE`h+~RBF#uz+&BE$5%2tb5N(d}ey2#Z zASRgrl~Io;H3{Dk@vHE&=~{`c@XaG>XbT$zn$>_&&pj6ulYrW3ivD3k@R~EM)@FLn z!z5&D4KyErV5%uI;9wXdWim404Bm0Tld8>C8OjwN8_-ep)eafW`fsgj9QD_b9?E#} zfpuY=)J}m+)lnn|4k!i0q6lFDMEcv*kmZ<=9??T(A_4pR(HPvNno%AHNofBxlHUBg zN4qS+-Mwc7^omcif(LL2VBLc~9`pubXwOD_fZ_NEF&#npNu+dWsLOZ2ix~*+Df@lK zF@f%i&IIIQ1RQ@GSYY}2K!&lmINcfA^3x41CN6kAL`7L|^!tJ&LO|G;Hg*N5 z_aUMJJ%1?^tieqJQEdV+32pQgG9zEscQAdujlIF0Oa*dTq=C-_E4V<;WA(aw6Mo!D zD#|g6yN6BG>GP8n*HE}I_l7Uaz*KU6?=y7uJlG^O0~;POUF~}-sG@%lrind6q9;c9 zh}YgAkNskpjpyl3f50A-HIsM4d+gl~C%$E(Mh7pc=Z3)u=9q4eu01FrA8R=oxez8r zFjDDP8NzW*M3_ELx}Xdpr9dWSN}dn05j=ra!eeuXWG)X7X&W;V1RTcawF-<3?~HXpwJKrJ~FOocP842e&y5O2CIjUx4!tI)tA4A=vTelKo%U(P7%gzehd}qryssw}SEXlR;NE`USgCS6R12 zTR~kQRVONpqpM5sDJ}ow!DdgSQdl6h8N2JgxNIt$W7R!Sc*1sQXAb;P>eY z0oiA>-HI3Xi}Pl!lH0O*HSmKB*dGoc0Vhl=-3&9Eaw$*JYi9bl>`@An`+5)m^7!pK zj{a!#C!eW!mx+svJ<~yzy=+(6Z4%~aqrX_7}F*~&e8;`U~&TIHruTT`-DV{x!i+w=CTNK6IxLdbOpPTb^@ekbED~BHw zqT!Gw#C2qgUfntukp7DWz}`Gh?cHbZMjm<++2UsI+UqZn%QR!TXEVHB=O_|Mw#F0c zR_K)^F2t{mV%KXMgYO$!6^+w7HvhsdCqBbtTz50%h?;HQrg~!{Tek8Q_J!Rr#wgQ1 z)AvQ6%&|(*4HMPr>WNQtE&;r-9#YHsiVk9vEdoM&oxAQ zjo{xdoa~O)8z)A2#OhH9J7#T9QWCiYgcfhM?1k%hompeseL97XYfGjP1Ya z!pXiNU@A(kfJYse=<6H_*VQBCSlNr=4R9{ED-J`FHOZ33R)d$s2QxOWiHGG4lnUVB zA$8kgk}Ti@e9)36Kz%;MY-jC5^+zx4^oo{Jyau0mlGFx5+em+qY$yl;sfHS?@f=pT zqQ_hRtZ@k>hA~!;-DDY{C^EP)3{!$eY><9iWrcg(b-*R7b$Wzkav+yb5NUxUQBG|2 z0B_agL^jp|4;ugE?Q>5sRL^IX^cB>wsZ>Hu0$&`u$K|5pbR}ZnydsO|;dMZcBIWzc zY>bjosv#kT4O(7=O902oGk)(tsSeP%e^1k2fEs=R!z=8$01`GJCO38*E!*~l0fDPW zur*5C({ci}cOz~a)lGE#j|N>_o%6OvqQwl~2O3;05NvTnG%Sw3RM7Eie&DF#4QL6; z<3rgll%I&xu4ay?x1BrBDXXJ;|9+-|N%WBefm@;S)>=1+q15AS(~1^6o^3S9!YmVl zW+^~xo-1D71p-`xuNMI%qG(Uq(?A!-0X^Zy3=TQ%;1em&%5ZKsQ_BBoQ9(lIuVmVO ze_cHAR;I~NgYNZI@Qb0_%%qlyg}gR&1QDKb?x+i3^k@dOQNPGwS)~_IsScW&F}^0p z=#qZ>zCK1W7udU@tK){A_VJk#)aq7bU%of%$^VG4oiq@t4Sf7yp9JkTCw=d+!v(sI zZzylpYt0V_7k!YFu3L9mk`kMD<{^MkJaF!GyuVTExOa)tct3mm5O3aBCQ@ZS=h_Hc zMO)utReado%<(xZCA&ZQrZaZ6nU%Qnwn0$mVdeogdu;yj`(n$m5B8g*J${!(j~*D$ zGW=Ot5sU5DEfz~s7Q3ZGINnUOE@x-0pDJO$I?ifziGY0xmPUyJ80!Z_0f*bPSJLYV zEmy~d4=YcE^MdK0P=)@&n%EIfFZ@e)rdVNwb*hTszB8;QjKeKHLa^iaA@O5EB#jb@ zj&5}@38A-Yp2WO%Yl;6mK(LhYJ@7BY9sk!*tioH%4*=9@^M2Ifr1sy|LF zw@TA8*sjw9vo)J#eIwxmk?2A`vBbgo$`~tt|2h}SF7Z?r)`=sv>m=(mx+y z1V6oPeQo@^FUPxW6saKCC;uG{eD|b|gxx6mZZ2kRL8-_Ld^7;vap1wadFOpUlXbvdy#J)q6^%v%Ccu=3I z^GWq?wury2b8B}dePIxKaX@FTn3{x8-p-8aOiZ<2)}Ys>)5Lf{vM63OsDnDktO-+QOig?#A>jJFwD+~ z5u%Dkz8K^SdHBYq-t20dANTstJd9CqP7{pMg+QR$Xn9wVD$_^_lx-a{ zBt`L@kqv+la!gOy&Y7k}{mJF5dXksk4=Nu#V=@r?#|QZhk7Z)9vNY#U=TE#Qn~31| zBlO-!JM*N{1!4&aAUTre62yE1#{dl=B85Z9GtL4y(xO3TD zQ}2%Ck!+T|7vk2CcQR+X*?V)<;6NGeOs_x$?`K<@ka z`q-_|G)KMaEWc0zT6G4G@|0GG;37VtkY3Ofiu{VMmD%sbCGAKI5x?#wCm|#)VJj5X zm|5ctQP6j_0DWs*K6~ruy%<(7tFfT#Y51w#TSMR3(^~Yb9IE8^6WrFO?Y$zCGK+@i zq0SUX(G%A9Mu>F_542vcw=}AC@2FnC@nL9m+KjiWtXEjFIw^GDu6mlqSlS8py%4q0 zYr#lBKu0}fI@Y}IjSMso0hY>dUl&rWlW+%`1h1k=biOw(uADopd?F5IP|19EU$1pY z&B4^%peO;Mf@f+~!3l7T(ZwbR1JGI0D%0Xp9?^C}=9+CfNOy%d5G4HaUN~kcJuU~x z(vyA;)+LA(HIy=*)(uhTeCS2+o9jVwFR*V|`3ZzQ`IU#62ljjux zL6CgzZ_`QTJp6sL=ygck^80ae-L!y{^;n4)nV}SWXXY8GYmQ`6TgO!9R34O+!R1sh zLYImoh`PAlZy5V9a+rOy_X+ zen9_1jOF3RH7ed^#F__|aagag$tVk2gn-ewL*eIF6?pX1G{|gmb$#PTb;i+O8-A$J?ej zXIjn(b#AVQ@jOnEVls@|+SevYVUxZ4!zaJo=4r~6NaI;TPcvQuA^X3#PU|<6ekt~R z_Q|PVpQnnQQzqr%W+z&1LS7V9S!ZmFFQ4<&ljY4%bS3N@6aeGjyp@fZ3;|@+GGuth z)r;M`Az@AAp%(rWxv8(AgFs+r#N%+O(G+zxfjrp!uv}<;1fjZ6^9q&QT8`3VCxqYZ zjFe;OhfgR8J(5PnUJvoc&4W*aitqis?$u4VgNMW3YmI7S)9n}D39z9YLkfGxFlxvz z%wENtfc%l`=leHOP4g~^WVdSo$D3B#vETCQyI`$M6lS$j$tG>hv4a zIPVDqDp&i^<>GzjlD!I?@n-j1|3FcIt$?``+Y8zn!a82Y2oaAI$%z4Xf!;2E);aT3 z{S+n9y=uO2GJ4YDx+_v)m+$fTI7omH0%fC8cU2ztIT_)jm&pLWN_FLP=OLC}$;IT0CK($4?xyf3CbyEr9h5wn}4^xVMDE?QW0k67y6r`|ld#}QlF^2OQ6^ZcLh8YvX?I8hl3VidtD)BtFJ{0WNH;0mG{3`kd<)6Vh}No4f{%8 zyV|lTlT5}}6)KQ8n$NlE)(y1odyy(p*_Gh7+!{l-Ke4X=x;Mq(GFIWVo~o+Uw7<-~ z^?-4t3*Vx6JS1|AWMZWg#Ozug1X~{cR)A_C2p||&ZgZj-be9I|j-lW(5M4a8ck=j# zMWF4rtz6%~cy}`*d9pc_s-)Lc?*WYzd+_+F-{pFDn(thqt2NsCm&U`a-@UPB0-rn2 z63OGGaVZMk!qJ)q@y$EZlRH^^#=$gpO!Z7_Rzmct>-Tz zd@ixmMJrOh>sM%r+s$e-g&pRxG6S3plJmnb6>}`k%r6xqG|p#Pj-k%V!~!>3%my0@ zL7U}bw#oOH-GeZEO2tk|OOuVjUtP%+r~9A}fsD0+2ca=KqQ#1E7(ceSJj0~_C0ddS zo@0_Wp0f!@2^@yRN??zLXV+)AbCB7B|6uAumHl)Gt<3Otly(s=mB~c5V*F=+7cY<{ z&mkcAO4dMf1R3O-#4KTJkX`u#%fdh_kJ#FJhwJp?`rTy0k3&PflnRJZ>2g<48WA$` z(r-#Mv~3Udb800%(IAKL^^U^l$3Rr}Fl|YUfHfS4ix~q(kDO!#`xg2JJN(9FVV#HVH;!&|eHdI+>;>~| z%CN?xXXwnvx9>6DrdJw#;vN=`9r}Zm<4bQpOu@Q(D@|xcHIvvU- zAO`x!%(?UH{EVbN^;#x>lpWL1Am1oK7u-zR{lTW=VhAA$yoK{-m|37@mbyUZl3zm? zEr%)zb7G2*k?)dsg?B`WL6w@P@+Y=f-WDASzYPx$k8vieOL3vbwsZ1h%?z(XhdK7+ zKi9R6>XoY+wJJUl<@)l7V?GNFG32ukVYfcV1hL z!`?e6#4ju>lUk};Zm&NVrkfU2~i7>B^Rr;U%GcRL9J<&eS&~XV^nRA-SGU1iYOB;NtV)Q!fZwI zYMp@sAxGTH?i7WL(GG5%tQbvVs^Hwk+IXdv)-Gtt2`XR{C&FwWA0Vi9PEF7qVMKp~ z?~JJ<{`{OmGGsoEe783Q?yyE!;Fp9Bqw$kUZY(mhKFNS&lzI-m5hw==3YBUDFEtVu z@g%qDLT&|1C50SCrD%7kk@+&QUVdDq_ti1OIl>T}DNgYk5bwdUI0CNcbxS_fy`g87 z&yh)vai+Smxx}n*0ZsR|sceN{Lshio)#!kJ9NBA^QmM;WZErzt5G~y5I zG|wfatLYF;P@Z->hU}RS-tLYc-s8!-j)6+B6pP>JQE&+1^(aBs`siDJu(jS_#NzQ& zm~E~;u$&#FZZe`Lyyd^MZu>#=B;MU)kh78c+IX8{i97vLoaoE2KHVYYlSL8&o-dv& zqw$sFx}rv7S2`7BRT`YxXB!fJWsbR#3W%mxU^%VPJx{6dZZm1C*}5!n=-K(bZfq*} zUE_$w%Ei7$&p?Dh3M9WV$Ad{ToeXXw#r1qIt(v`$d-#t}hY`L|mRXIVd(E5a|Im-& z-5kwg)k05yh8{Qb*3X@Qzw*~z6AAjjD?Z~%#opDfG%ItFq0uRUZe&GQ$rbAZJOYBl z=U9aI0>@!-89bE1^i=H`-Y6;AUGXYtiU2Y)28A{`CmodPDn>NUm>O^Y-YYXJ4hO)+ z_gvpkfEYMakwe4Gk&k!BOhJscgL*5%QGKel8 zD7PAkkQZ=y8C5HwTI$|@a^@UAj6 zvrN0(Q+r^7&_J01qB6w_B!nhWdua^1i%NuYRDo_fVhK@qQ*@^Ao5f5q`Lb`nrlD>h zes|HVjdiWkX@JZ%1mfxgbdNvf#n>2^7lkV(!3!NRle;$DrvNi1d3y}xK2CjPb5 zU|c8-^;At~BqU(7C?RWzysL9+K6Ur}qO`lT(A_`Ldf_YBU|+5WJ=K`G8{*Tcbq}z) zzQt{9m-Pdu3)$mL6||v{RK53bJ12w?rgobdIv&I`?lN=UgUH0bjEUs!LmRoe3UMe! zRGV~fTOG?5LCVsqz4Ki$-BG;uxY^m}(<|L=PYp_PSzzK*2S}N%HlG%TqYK9(E1&;t zVXezw)-C2BOa}$27Yg5bPP9Fb*7zvup%B`|HKQ}CHM|E6YhWG13qxL?u?ms#U`Xb4 zplc)Pyu!k_L`SQd-m~v;47>7Fpd0OVdT(9GnX(BP z(x&m|o|E6dwrg!}Md9pQ`0n{5OzCz|YQ#i|Fv)3^>%&DAyKyHSMEj_(3(k1vxO2Da zupT5yO%{o$->Rj{CbS9nNg^7HX! z+jP(EnEGh6jKm5mQvRO}`By)F_U;JClhS?c@J&F2b_H6KKfP-B8&c&JheL1?j3BlG z?5bwx6IR}L#GvT>V0zihrpJVnLZfA$WZD-y-bq&hS_pv&wx&+9M+SFO0E~_H;Ehf+njY36Kra^9dofF=V^z7E(g>< zvjv|##q+WI+gRJjHqb=l!GW=h6ZwMOXyS9{Y*%SJJ*VK4$T(==NPlP{f{8*&;z%?B z4qRv@7O;^K@Y$QLYytt0+`4YDd<%1=oYBR8y(Zy&=F4+(^D2jx@gB?hb6lZ#&I_wV zTkG>7#loq$h-39ty&~v+#up@emlhcL0VpZ zNy+*fDaYGt)lrU2To3)s0ZQp&Yy(mM)@BK`m2e3Xx!vX)V7W@!-O(TI>)h6t)ha7W zydR!5o)A3D>{KOI47*=AF+(qHoQjTb`|qoq&xr{`SZa3^vRkgujXi)US(W|RfuDZY zq8^KNDtiJ2u7&)e*RK4O`WVTZlGsH9hSxW4JV*4K2GDN!&D2uo)``}yg-VnYuNQsS zLtrrsPk=CVoJb1AEIvLf>1S@!v((-y?p!U}nKtvpE1h_g9`n;;d(tkcLD*bI%?p$# z?+pEJ+ra&b4D@XrjVJKs?)D8hDPfep4dR`F2oGfZc6tYDcUj*Y5ip-Z+PgR77z9fp znhjAB8Wq0Fy|1Dp>pE!t5s(P$sz+ZA-R6r%f!y`aYRj?Tez!-mo#9lF4g?7aLB?mv zwoFG694egK;Z~Y1v3}kSEmf!cFwue?+r@9$&~e;{js<2DsDWO~F#KS?GkER18)c1^ z8}bwoBK&eAh$)96eC`M0Un_CGr1O6wylO{9kLPf^AA84;Pc+llUltOwc0YP&{v-0r z@ve3~akmZ{g-%y;O#VRN<5gpeR?VOYtq8=rRJ9qI#pLg|y>RBN)yLWRm|DfZl(jc5 zJsv;}GB4O;nFFPEq*h^JqQBIsRLxk5y=4`zcBdV#B06qbJZ??;PmG>8R5}QITd*0q z-iBrL4c5f_NY0X@>i~kqbyPoC>)L;Et*qTIm#1le!%C^~9kBqZ1;*bwNSJcjEgpp( zIz`RN1+@%@Vq)G#?U};9N~k$*ZLlFj@wBLpTT;7r#p8`JdlTsFqK105ZvC$Y*A*El zbp?`1d~5n1{rzoajY;+f;Xr9_m1%cNTwTM7#K2_?H1cAU7yrq}LD9l|Df9x0IR<+_4r z|XlUT^#nM*| z;T!{WhcThsO?4hVr(h|71@!G&wJ-!?5faQd*I3m!eseAwd7c`#mXv<-_LzzwB|%f}|- zx0^o#W;9dj0uHNT*s@T^)6t#PKtNR{poefczcgiwsd4=q+j`vNb=W^zDkisWUB*k? z-J*ZvZ5-%g0n%Y~egW0dH`55xL5JMfqrlifHkxRqNV7;oDeEP5a*y!1!BhQmPzW{S zg2RK}0Z);X^X=b#6Lg>w+2gc>E&AzGnT ztc~z2BlHsNn_M9B`yB9Q9CH$YynF)AeX9V0&g&nU?wtj8&*^SEdgw=R}$WCy*DDxF`IuSs@7e0WEK?~S>&CLMILobyX2K`6q`ztIs z_-Wvpc%TMUQQpUr3!N((D!M5`pGP8F;T^G3u8YLsq#(c4YML;6#IkQ1gVO9j1#%}6 z_^YrqUSO{uc|Nn5z=?Puq1Oo@gfnfpD^cRE{NGFuU6M zYa8dm^7krOV=#$U1t80>H}g^8$uxMS)2rjc2^*pWTga9RGT*M zE0z6)=6YxCk)kygIMAqN%m6fwmcL(t9gYk>yWVA(WC*Gcumt@Q0*W5@CLnvsxbQh; zl4He9nyz+7lkpX7{qpiMEUBU)MDJ!D@1O2h0otI!n>$)Nr!-g}gXvqXC+`1w+~AjR zfHpnfZbJzGiq=0KY5qsUSOj=t0Jv6x-9MZztxXT{oS{DX}V7{$^v?wS0Z1l{Nk-BtSEk?COj zhaP`J`ic$W+0lgou3o7#4M+rX1IrcB!SR6J)y2L`@+eU-f&D=ds-YhSh#gB7$z!D8 z(s(b1#jSCMBE4oXxY}wkrJ3N2{lR<1IZcPp_4jcu34h5G zT?I7cF+uPe+cOdlXMU>j+RRf+eY1{64u7C?A}F0$%ltS*U{S&aY?>+*_bfiIM?^&H zrDfki2$G#A{1#xddjK}OTuMhK zSs5%L|8$fZ{4IDhrB!8LJ*p;h*Db6am8dExG>HLKG+nb2=$oQ{KNKbm1{&5P@&~_B zTpT3|Ev~Bth%pMLCnY&s1F1||<2F2e!+$?E{2e^arwTGL2MyuFJJq(iI$cL;Y59oH zn~Hm-$*@2tH1lh<+op?Ln_J_r6Qu?Qj+>*&2S@ky=3%!Ef5VeFTq5vT9ql4F<8Sg~ z=IB%p^c;WJnvat`{LJwi*j##`;bl!tZt-yZN`xlJ|Ii|9*H~tAEHK=u#TFmjRHOOqKS#_uq z*H5wj2+iF6Yp+HftcQE5+Tg9&S>Wx_=PF=;1XPBWTbjk0Ts+ZE|)FY5XAp7|Z) zUdV4+)DJBAYQwXwU{GjU*88)Ps?SDhHsLuMj;Cr7f<(k{i7l!k9hG9+ZR{~ckx z03%wg_~7;FqeREGANgh%lt}BPmK4b>>l{1{rnc`UoW9>WEUR95u23;UsSHCeOpk;} z3r@CD&2_twr9#K&D9CRjg_}RrCNUelYV-8)#}h3UKgN3Ym9hWlW(slC&j$mFI0g_{ z4N)`}Ep|j{7>I`Q# z>}wnCY)f``T8Mpp3hjItbYo(6It|enX?2>5cY9t|uCiL&u7>(W(7FcVdeCWRzg4|p z3#$ABVPhA3Wri>2o4?PC4MRgA#+BNM*ja}utO|N&*QGOmTT2!yq!DYZnZyn*7qC)l zdAt-(+Qv}W4WX8k!&}U8{QYuElNhkng_~&ljo*Yf3bob>^lO2mBZ*hbSf_wb#;%|M`(r4_fjJ`+G*Y9)fTZD z-pIOf3KZ6z8?}5?fCdIQ{@nnu{UJa{L+tD6@gZr^abfu9i1E+*fQ$%-4Qyf|cjDJ7 z9#VBJqMD=3dOtZvh5Y6?=t<7wzqn~8KUcO(zG%NyM;trtU;RZ6%Wj$)!kqIhk5vp!PmBN3YWb=1>uHdQ4e&=H4)B_@C%Z}+CMj~fRIS^ewKjp4=n@?mja-i=v5)NZ!=#I2 z{+Nxm{dk}z;V8d+^@YuVvH0snT&d6)R!VI4p>24N-dLE0vMGfv&F(|JR+CsOQ^;AN zXNbmechFhE?4MM{h^R4D253W&geXPM=_hL8D4E`&7<@%W-C_&jEB`$q_gAyeeSSgT zS)6-yV6k$3=51*FthDn->0a1V_)jg;+A^y#3gTdA1}!r)GYj~`?9Q|EKby)wD>4=Y zp5|i(9X-8#1~o^T|2h5IO9ov9@2AhHiUgJVC%&%s8lxT-`p!= z)2a7jqurzE`_pnCP-wSA>a^*%U!LP%x&AUTZC!RUYphk!iJ%l+!is4{x=(UcM*LC{ zEuQ(Mtx0AveNtqmYtk1@- z#q(l%O?>61;Zqru-fS3@UXyV(+z(JUZQt9{iCy7=IF1kEd}G0*I8N5|C&HCdMWrG{ zVTLG*oNA-9g2EJI4S<+#pd%FZvFzW?g$ZsZM!XxF;0fhjmu}VGUHSTg)k0z^(rApo zJ8UeY@788+wDtJFG9y}XDuLIKBH3FRp8?n1rQ%I0i(KXk(X9#C<g$_^4{;B76|WcXw{+9%+)LvRZ>B=~%~SQL zv~)34KN?fN^V@5wUoTEYq%(~`dppy6hY|3y{)2?+LZyKJJ_crtlFL5v!1t6zLU|NL zPi(Z(`-kpgrP!DlAJH1R*H-_#4}%|6KLM1*xbldeX?c-3$X14JRpx^}%_PDFW8iSH zo|Z=Fh>jfu(jfdNk}}oC_GppF@Kpy+%A3&oL=xNHwA_bLW&1=^MwL%bEE;*A}xLd zXSd?Gk!uGL3e_8M^yc6-px>>WB>wlw0@TE*Xi$cx#P*V`bGuxi$89@ecwbrMCHb>$AI(_a+dhB5K!(4z-FKf9Y^PS_zg&~%q7{WPmT%B(3KItB^^qD-PP zh&3@O_>?}hzhaeBHW6zQ(sWq{O6U&<{H;)`uFj}?HCCcAj8zmreAxEfNOmji3w}fI zU_#hfWMY+A6qS|~{8dQargV@Qd8kcFwotOV^LVc92Lr?U`Of-lECQ3a;aNp4cgbJc zQ0??4w5?n%wLCoBoAJ0H-91Us2c~9rIuD3C=bgP~f({b2;@Nwq<*^>GA`RR>${z_k z9_TWpKiN($XV+JHUq?>Mug%2vY)+PR>P7a`KE}BhoWws&npL@uxJrH_-U{vZC_yV& z9#_UfpxKF@^o&2OZ!P^3h(jWN{rZ*hjQ{(`g8yFq6@T%!!Rz|iMTvjVB4T4xiI23Z zJwM^CnTB+jNBX;3>Izh~zG$xgbk#q}5y145X*E2=KiYtD*jLi7%sYhmnRTe`NmyO{ z4e317kk~X6xeSDJk~kw`FT&CwaliRuDA3pzcDhYR{NlGMD(|ceU!{uj*aTl^mm~%r zx2?pNG+N_@hlFRhxRbv0S$!>;w<5uxb#i!g20j=!uZ0$`|NUj!d%aduk?EuTbZtY1 z#A5Qp@>sr%itbp*i&3^45la&n8`GA?Ac_=3Ue-^sG9x~U*DAhJp)NLbce8vi;3Hu0 zb@727+m|05j}SKLOtsOCr9RbAZvg-dG+dfEAv30G! zX9HTm@;r!r%{#lrufsZdf>fX-WOW~CmJHqPjG5!a>`}2%!u!_0t99No_-D#23oOma z*e12BX7RDBFOGdhK-)$Z^yM}Yb2q)@MTKWcZb zYzb4YOiw+5(ap}(>c~zwN9au%%%cN4({VGBTbgO1M!alc#CufqQQ!r7ergD`EqXwy zs$FkQs|v|4OY7e=88QMqO?E|a7sEI7PFawQ_{*g_77cWLLctTN0^iAVt^b}d^O4@3 z*;wB6{l%l$dXsGT+L4lqg2G!uLc)3`=R(baf7cMOIzk^q8G`Ybs&bFvZ$TZc4iQj$ zU}I*sG6exhdX4++|G9YeQTy#kmWul+`1$DuM7_t>fckc6`%dAj#{b4t|C1a8pCzO= zC0I=kVz`+$1eM~!*2>DtC@EQ*=|IO*VQ1Oq{kZg=*I)@+Sd7!h z|M~N1%p<2i?x_pbf9J0Lcw`t;7fqO7@^rByOmzG6y#$p*wVVbx>92TGX_p)5=c;7A z>;sU!w>1F6?A7JL#?t&xjQP(pWG3<$EmD|fQTso38dcg1rzVL1NU^Utf%!+XO`5@1 z&HqM$^A#8-BD=SAQ6+%V@Ai1w%K@1 zuN~oma4|9>Dk>x1R&uNR|15$jkKa6G8>N?*ToF9AI46)S9YwGX)ZJ$y{w5d{{-0T( z1_DY&roF(yWfIWIWqE_=AHfa@n}Qh4wBfTnM!)}ajG9D-52+~8yQrMk*_CM*cOepf zZPEQ^1TU_DcM@Wp9>@uy01|)%b9BJM!4Eh%Fvq+>iM`Wc1_AqH&I~U=O@@joczxcn zcKtE}m%G6dY5Vut%EK}MrzgeAy&C|61~unDa$bPATG`aZ!~g@+N=xDYJij@7pd{1) zn#7cK{V@RunR=>Wr;kD#8;1Epd63mc;E?>N7q@(K& zmoo*u(AugV@$btKkm)b}6FKU4SHjp^Xj45Q1fnl14ERornO~?%Bv2Hw#8o!&hEmvy z3CPLsbY4>aKKO4?bCDY)K^OM)R*-@GFl;PG7170>!-vu~3zFMg(J;%pPe%h{?KL7G z*f#gBjo)6BARKuxMG^{@>k9aNE+4gScNyDc?HFFF#TE2joxP!fO0bA1CEu0JO?X zegNpXVvM^d?=2u@>HpjP;dGDR3(3usfws-H8K!ujCc;MX=@}nH*<4r&Q!@q$G5YVz zZ?4}ks~5y2HNrBTW8Jp4P_AzKS{=3Tg*EO5qm*QLE$6CsbN8mbUMUcY=qlig2#p-^ z-~MgZQxj-UI;S3z%{Z6)b%M(9u=n>D?(yWNklF8#&ornE?HbRI(O~BasS0f^jlVM) ziO7>G;Gda4IDw9$0n3e7^&8axnyLm*gAx!<4|$#9L#zMA&*;2K;!ncyM(F;=u0?%P zJYmxk1H$q8z+XWD$Grm0ohIl@-V!R2!?L6U2P(8TZhB_fH|8pe%pU41FfNrGm4vrG zIIy6@^Zo`t{zeipi+){=W)m)t7J2jZYRAMq5$9oVpVP}FjfU+L?!AEbLrYyzr_lLLiNOcT=metz$|?mjaQMX+T1)32{)<_1*X(e=W5``_~{%b&saTr$bK0| zA=tR>gW`c`{ly*Q$(0(LEcct%rDB0!+G8pTqz-)UJbU;NBp!T59#-X#c= zXh(!0wVl=%yE`y`B2q~Sf06KmrFt*-pPt!{l9%ll;oO6g&p`m6Jgi|XPDu);`UT#;oHGkab1}kD$l5G6urn(p z@P2D?&-U1&bJCn=k=2$!HD<&%sbYWyqkGwW_Q_#D(E(2p+ex@(NY-ZMe}X%YXpq zE0c_1nN3M?TzY0uKyrJ11>sswvLx<-dVLlueGa~lWf~ZmyZG|fb1E1B9}Cs|&g(xv z1Gk&}A`sIAz7wPuSjFwzr}X$kwrsTQ<9L?n=xCNxjMDte1rkF1_dzWpY+x{_??(vR zd970d+CQ@VFIo0#8EUH-!G*t5jg9(Cwl&I{=P#{{N+{=!X;n_r@Xotc>C^qHDuzNl z^4>I_Fr!NXR)}lt65sK)rL-GLywX%q{#qU6&E-dQAVz+mAv0UnHssQex21nistwJs zo?K`gXWEsW?ni~p4+P%a9v>D7{;|+pc}Bghxb0EJrItJ&nZ&~_PeJCQ+v8ul#6^}e zf<|g9AN1=3o8=uZ z+j5MLhG3m8^l^^zS#7hvcist*GO0JMpO>0P8~OKkwCBw>SuD#|mo#$syw~IK2sKgX zSR(3pKCIDHyRNYtn9St%L|WarK-$5}s^r82ReS9@IV??7S{7Yk+mxoLtnJOCY@5~L z;JqATR(5q}OS(OOu4|rlkv6ue5{3?Cg6`?-(9wh0U_eux3VY82bqF^+_*v>Vu-qTN ze|~aJ*Y-w}R@oOes+XY95oHjp#;uq}1B*qd#0(hBD01Vu4Gmn<})l zb0A~#!Q)~3vNc^LUT=$vpxl7}vc(3=egNv1F5fHnDB)e-hPM$46$<&*Rr4vTfi3Zw zXVzzIs!;7a!EtSes3$`ma<^yCxq7Ca!1ik%2uQ6ov7hF*iCwa|&owA+Lm9!P72+*%Xc%Hh}gKM3VlEZ{Gs z?ELwf|BTokV{XNOxmN7#lsP}m6xAAqRQU^4Uxo*~JZqwJHvbHDzwd$S%h9va zr)nq~lW5;%Dn!vCBb`JNSyLE#@NGxxcAaVll8=nK-pJvC?97$P@e=;m@ zVWPRA1?C}b+;Dv3pUK#DMnCRBDytCKvT=i7{Vr=e=Emn6@M9>V zT1$nsLtYcVifkgjGiO=coQa?E_7JrtP@ZjEPQHGb_6eRTIXAYo{E(p)e}PxxbScU@ z^qq!jq~nM-^TW~G1S1bhG*^k|&Qn$$Gh(eJH3293##F@y*!Nz+wtuq9FD{+%&+9Fd zY8m@@)tXXgwVzqyv4b|LeFb6B%K;I3aN`0fwPVBD@gDbgvz5!B1V?|8b@PzJ`NR;( zf##HindW@2_|(-Zd-qbxX43=T6ZyEHTK62%0P)8mzI&SStrunM+-x)Pc4|{dJI`n4 zgUzu}_kGh}qhVhWjQxDr6DGA(3b$rsj<{=sYj}+Q%nlXrXOlW!K&}Nsam-ZIZP*qDB>Ahx+c!@yABjxf}6y z)o-ljJ^Twj@0t*|%Td)^ZXRjM-S^geC>B(au+uQ=2WNFTHTV5%d4jBQUYFLh-o0N+ zkMkRj^ZCNO7to4}%zrpxah*opsMz>eEn+#Jvne82nc8TDeh{Je=~IA*XmeY_pkXa$ zsNgI5p!}2vdiy0pGk`opii&CbFqQBy$71?Gvh&JR4-bEM<=3)$&X(dUwahD5@w+e) z(xJ;zQWS&AXFf|dw9m?4lV2Qq4AL8JCf%5Sn3a;!-&Oe(>4%A7sTxd;v$luG#%Ia-wY%J$YFVCA_ zRl&cWa*E!dFc_1&d;Ihm*%0g&0lcE02$a{KZ6@v>XZ1BOBQ(XWJ+npYQNvAz&qm22 znP;MOxqzKj7Mp-4bxP=ChLiub#>me`M-MWl6N!>uKEq%BoYFh4)L}A07{OBRmTDg* zlO)j_MVS2XszsMC-}acfz3$#E{uX9k{8#!d!*#g@4th|GnaE@BV;56|0JsaV|#t?Sw7p1c6WlL^WsPCdK>GM=An3K*T3xW9w#ar}t;-2smt9RhA2q;rH?#?oQ( zrxOgky_YK@A|f31^17$IMhD-LauIZg9*9Saq`j z%X)>a0i%Hv_k;DbMG`v%j=Jz9KMbi%2Q|G;qQkfh@;bY@6-H|3M28fauNC6>j%mC? z4`R6#31hO{ZkX&Zd1}~1p!hJzhdkgq;y~;PEQJ|5wCmXlYY^7rV9e(eoal>W3ZPNV zcV+$VyWa6S#U~7`fssh9*U6_mol+Vpf{VZ5n)_X5!fvsNrOMdiaJX(=(q2kq`f|xX z&VNR>a4_CMM(O8?V_ozl%%W6}i_+$E{N+OEKYnPjgCCzo@HSQt5GdV7$Vu!`2f}(F zj8G#yNafin3_qC5-rUzdsN(5Hg;$uBY{m!CBgH+t2Pm%6?Ga5>kDn1k4j2uBw(@+Y z-AYEE_4S=T``ir{sh-x0RHsfpTZ@AcjOX| zrU9`2qXzaDMY(x1;^U1Cm9-8t-S?H$NNSDOY>$0?2KcI#rA~ElrLTu@HToWK#p$Oy zJ3B+A*0Vpb9Z~%1F^I$jz14-iylcmw7<6*JYhzz4ilihfDq3hB8cN;PD9jBzw%G$l zok1iignGxqK%l5!zBM9%MZ;&A!_#1jAI=^d?E!(Y66$rQN(CV7Owjl#=zHj56yPC2 zfMz&yY_02;hj=Y2UJg@v0-KSM5t?ZD^2!R_Xt>YU={FmU&*(71uw*^>zVQ8Q4B0mW z*rKg-V^HkJ=_9tseSqOvKlk_8E@B)8ikVWX*_0e4PzJ-*glZy>2-`7z)G%2qo};66 zM$8N8YrhR?t#k!6dG3j<0yXLwr3au=aoLwJ9001hy;eu82aYr;MIUL~exWgSGJLk-M+mxpwiVjz_i@vJwA zCGlrtgwHa^y@h%jEAcL;{w00i_(*=)EiBJ%kwt4aPqAU@zzcmvf*u|obw%)rJj@XX zmKm^WFgALTPfBpy5%Vjj0Bhc4Hhfs;xsQ5<4TU*mxO~(7E97qF5FKzC>6z-5Y9k;2 E2iU8KRR910 literal 0 HcmV?d00001 diff --git a/copy-of-sdk-docs/docs/learn/advanced/baseapp_state-initchain.png b/copy-of-sdk-docs/docs/learn/advanced/baseapp_state-initchain.png new file mode 100644 index 0000000000000000000000000000000000000000..167b4fad9ed05c2fc28884d7ab6bb1c9762eb87a GIT binary patch literal 243455 zcmYhj$IkOiwWJ)L|JQ%}U;m%K{>T6LKX0FC>#wruiogDWa(}=22LjdO zy8Q#?|A8RsH2w42q}7u4>pzEL1Bbxp{rGLlruhDS4gw+Qe}UltfxBO4)pD_CO zC)+(0e;@u9N0WmqzHLt6rq{m@WA73414j7Yh7x={q@ZhmhB!;t0u1xt-)jDCOgS@? z=iXMU%$AK~z!}Z^b2aosN{_VeE3xiT1Z&LC`B0`C&&7BY9^Wla0n6?|Vk{ZKI~<{~ zdCW%9*~79EA@N~b<)=k%OvO5m^A3X9@*Fg_ITIN~SPnX)jw zC&%2XO(^~${i%G1kHAk6-Sefa$g&)vuh$tzscrW#e?c=D_$w%hLfZUBA8FTXUeWgtXZ@`4S z4@PW+_;JM{Jg=S%sxIP*x zUmumWMYYCAa2gn5*1>58GQns?&R6(-(_;D9i63s3AJ~5Nvt(Bk`XYw;9gGf(YbJ9j zEtm+_C(QHSX(>Owb7V8})bqUhJ&;RL>ThM#JkMz)*@xEZf9daVY`Ds#1I#wN@$2?* z+h}Xg#e53>Wa0ueRNL6AWaQ$YF+djzqlzAQDDQYmu$TFl=p;1Et@9ifO~V-ErKirp~-(n zL;cXL^*RF+{#73Me|PnO%hp1nVksW69F*JTukVcPykn?c=T^yQH2VnwtDN14Z`WsH zAX@mdUV4uit%B0AiJIk%yV;GY3*Gav?mg2j##r^#KDBc#nO3%tLemX#`5VBNA5Tb*KfCKrM<`#m<@C*Vygldc?M_v;)n zl*`d89J$<^-aecBF-8W zE%!?oqpZ;*_XEhhDpiA&H1{kBXX1F^(C=q1+^RGYamBa~W(i;RgHjo)y-pH)S3l+W zNSwypAz5{|gqu+0-!;puS{9nsF8ww^)HUX(qnG$AVip<%Uc}28P@7dGdQbUv$^u{#v3Hw~*IN)Xn^o zjod8^J}|e*w~OxBrMjti`GB696moo}h24X^uNa88&DCwo;JZ^m?^agL&0*^)vY<_o|)sP%7||yfapGPoXdb{{z03&DeSlc6>4N zIY9B)MYgUvwvr6(A0v0fZ&mo#PO$|KoQ47CMFbmP&PCD4gn z4H{Op&-0C`{^=!L@a4Woc&yNlGCf_VCiS^Mf4xlBI{sAYeu9>Lue`pm2oK(#Q)J2s~xxDs+YKZ?qWOFt;cDr3f6IT3l54Ox{ieC55 zvTiauC+>$O?vGxCAdRC}CfKwt+*2cISowniPgY*uudq zu1wnfA|EL%9OgPnl$Hpf<8qeBI5-oIOD#xRK5f?!H`^|o#^pr803y=aL_;mjl0cXP zPPBT_fm2sQCxOFC-gU@d(Ia{~n;Y_+FPO;qF1Bjps;}I^@NXkZ-F7*gOb3MzOgHjZ~H|9_P?XwwOQ@48vj$I*gx6GERsNJSdNY!&U-!K=< z1R(TMvB>iI4-0*SiZz^!iWiBHS&+3<^;~zLw2-J|X`4gv16(rZ%@nc=JtZSM!j*oOr)o8|cy+ zEj6@0;X0%dkNYefn%y58o`oDhEj0H&FuRobWkmF z$GsNV8th+g7?=-Y@y7BQr5&vW0);EiO+Fs;`R&j5Sv^~D1Q2lsPC8J&!nnyR4xUoe z4-$VZ<8hk?5?$Ty1X7|(zGsTLMKz`Yj+xcq=yjU|V$9L%{nT7H^@GhhCCk9gu;@1Q ztRr~gN^YH8cx=yNM7!Qih$CN4dtLhmPV;N3>;1|N*G+B%hxE;8X9~-GKlkJxSURD1 zXqMDcx8>0tq-**(Vw!zCnUm`NAVa~HUHtCbl zhCK!$h;|rGTPor!1o~m0Wv3c(Z!FTbHO?1m*zu?KKxe6-`Dm%nPE`%MDW5 zi~0oS2~`X)#TkwecN4NA$K^*?xw-Z+zuAE(qnS0J6e<73lxF)&aD@TV#TI8e$6V|FUy4J2B;0~U!@a`R# z0l*Qs>S6+e%=pW*=PkQuTxlW=*Bl|jbt5O#Z*0bo3Zb;iR5fWgOG3B-(`tJ%@yW;j zQi_pps3-!9{Nh;Vs#K6QzuwFoZh-94u1^G!It`I)Du3)3u40%5vR*dIuU*RV9UU>YsY6pBELv7q}QmI|T7MK!A4e5B~-XLG0~1 zad5`6;CUu(ki3%X%f_Zng@mZhfU;muPWN`xKsQPi+$@xw-wjKEW@94ljIu+MYEQFf z{bBUaqN2Y>1>f-lXVPoO6U&r%z2vK=EFIx!e!qs@Hp?$@6L#uT+O8ZG8Z zGwKcH=IPcsrgg!StL40weMOKtmNY9E;Nu?$ATONhkoQ{DbNnp={aX&ViqV0#! zNe8UX5^z-CEl+HWc1iTXF*BZp;yH&hykO)aa;nh|Zlitia~vpEY+7}k=U1()CNO)p2pD_5 zKJTh*LP9#8bp3}Q?Y|%&O0Xx=Vd;% zgZ1m{1Fwtp_O92L@9{hrU>R2AvhMnPg1i-X9UJdZaTKs96y@(NgNDPY++9VKWr$+PAT9g`Q^RkUrTY1r0dkdNEOQ=p3Bd?A&#+Po*D@t z++*vI_v`6-HuVf5VbG2_$!#k-0Ljq1K7_zwHWyJ^3AhKLaZY* zl?JVSm#gPn<$UO37}(C|&CixK{iTONjBZ#WIs?JVZ%`udCZ@hCBkn^wQ24xN<2#o! zzz{npaLRFfPThjWVvTB~gVYQJDvrqZWvZ`RZi*Hwo?)asoaRL5O@>WNE>ITtomHPIh)BJVS75R3 zXFzmD!xmxBx*hP|jl6AwV2p_E(vX)Y6amD10bMOnv&=^w%5Xow>%?(VIP$Dblw|Ay zPhcU>#}wDoo`FKK%aY7~9+8Zzc@x|c$1 z^B$@cv?~G#^)*6lPLJjJlwxha=IKhmahbiA@eZ{KGjThmeATrc<7VAqoW)L&z$gpC zv?4RK<+EwB55JSgws%bw@T+9Dy54*$_2{Wpi|wDzQ%^O?Rmv4#TJNq0#wYnV>nTS@ zmfiMxGnAF(uV1k8WOE(R6v}Jl3a2k=mkA@b1^@`)z75pXSn~*`qzs# zG$@D|`GFMvBPPkju|{k9ETWR;Yl%`(tSAj*ssLrx5!3m&DD$WR_Oe<*N4Zc!g!@1>r23NnZv z*q!3^0VD)UK0loHYlwQnAvZxZq&~lO27ZFImmRyGUpFn)lK}_J?>{$th9{2j`$JYr zBZ0T=2VMlMy0UMwU3$XsOku`0REyJR5@0RN{e4Ro(1ZL;-1_`cEBi*>pBkewOVl+V ztBFxBMeBqchKgj2eZ{?W0sC4DfMR2*#5&ZIYM`wMs-o?q2nBdeKOKOwpw_&u92cIz zCt%_vNjwoBL1RW+0tb7P^dxddrw3R{1R;eGl;E)1DvGupOAP zljE?yoYU7|mT#Qo>kIM-;*bFCL(qIPc=Oh#{CvGdehfN(lN4(Q$-9QG9}w*#=6UTh z*TN@aU{enzsxvOqNc87Yd?IUgflr4LNjd!21;c{SqLMp4?IVMtAs(bQs>_MkG6U=Mqvmwrt5x0KBxY zdRvhXL}a|>7xHp&e7q-0ITnsei}h3=QAQnwqE%cPxx;vYHB_|kO<;H*GFQ@E(g_Yq z+&3^GRK!7IAS~zk!dS!C9c_dedm0+kKd6eS0rgMgUCQgaAF82mdHn=DJi(;m%yND4 z1Qo#-kN+`1a1yK=5DY@is=sd|7aL8X1Hva_y@W|Ja+V~n$nDS#?x>QchTj2-QFf-hUW_=uH`brf3!N4KGuW@$(;0O57&Gb4;IvEw0Wd@@snUp zs>*2{uZyPs*r&)q4NC~?P4Fo;&(Z$d$~MPMP(NL zs$0M)28;`B`&56JwOJnk%44QS0^}$RyNTZkL@(K0a%$Snq&()85O;c@EW`iuvviDT z4NmdbC)Q)~QOY=h6D_(W6|hPDz>JkdG-8H+v${?bmuqZj0zP9~YZawi0E2`T#LzEd z%iWk)wA6z2IhVtWf{njazYYd|7}w58j10qveFCW#9o$s?TL{2`G$T<2=-Tu?mBSiXZ>%Ef}n%_-wNCB|8Myh=WhelsmaJ z=vQQxm|i}X^CTQpy^flElVZhwRA88tg@v9*&)xyij4xsO_ySt#=ZHfG@@Lm#A1%LOwEi5%x#Hk_;%>c)C0 zGL~FF>t)1m5S!5k9vDvOuk4d?R$Mj~eIVxQdvG}r?#R==%`Numcv2NT@h$nfPzS;a zpu$u*br>BF7Va(o04$3Xic8b`WO|w>nK4=N=0i5j3mOzrPP<+8U6v&esEP8-dtfNP z;`6pZ#nqc=+`Of%BSUsi!-%WU_FDyA8becNn_^O@m|CHhOwzYuSb4>OS(X!nWVc=yk{LODlxMlmU;{X>p6pKI;ir z#o|ZtFkj07H39K*dofIlxbtCjIL1B9>HDBa_jR(m^VpF3NCC>LH??t5Xi<*?bMbbF zQVLB8KBr^TxF%Kpq{8}L7NgMhJ11aBpfGbUd31O<=@U%w3z&vJES`#{cTmlb4m+KHB z<>n40<9^mw8R%)#wNZ7J&zppK{Pz5cn$(|I@OYa}u`G%Ajm)&b$I-U2;Y8~xAXDF3#p@Z$^ z>?yiM_wp-ydQe0W`ju;ySjw_O@Qx(e_XIX~rYVD?Q(b+Y;VUyjy&Gh-O15 zvb_D0J%8NKS+YNL)gEQr9D1r7F+*pzU_; znF#vAATaap8XC;67uB@XJ}2j(B1c$AE{HG1(Mt)zg7IEnl)Mr&dOS=f&F`|_+KLT% zN;u`tJf0~3wmbnqde$ZiR9X@lA%=e(k3|;MC6+e`_rf|YtS+>OgboavwGd6|dIqmL zpCh2eqZot_04_@h)du|$zIaa1gOQf8P~&~+Uh946&ovI0Ym>Am&X!Tb)@~aHM_LN@-@h*5AaM&a}S`i>^<{ogV90dam zUMvGvK*Y${J^L64o3S|S zVm7qd;yhd#sgy6Wn^*?@y@5#>v4C<#N;x}WUnfxPt(pb-?xxPpSbFC4Gv+x6_-yV< z@}kyy)5xy&9dcH(0HHwPW6?9@g4Vb6GCF*wJfLVvg~mT@5!9B(9}_^nxwViYs0_q7A7%+rIc5{H`r8b1=wO{GO64I@^M83KnpDJfdx? z>}d{;H8fifAj)D>dbrhoITS!8%Qt!*&P%ochbZ)7R(sw3rTS7+<}RdX#Irw~5FSvb z4=-TO*i>q@q`ln}v+(QXjM^%=h17$ufjn3I&FfiS!%<*0SMbS>3;I#)OU=svX;)b+=qvbxA&!JFFjm<5>7*=;+@cL~O~KAmgnC%M4iUkoZmMk_oU3FSU(crHS8O#IdGgr)u1&T^J2-!@=- z_!8eJM{>!A`=~X@2k0Aeih(X!&s7;ZYa87(1?d!_q$94Gbg=%%u~5?}BK?a8)&jb- z1kdEZ;9wJf31bG$`+mMiQ`Cw~hd zkcBc)GVV*8!oJk`b(CQ{qCia%KN(8twDs}7hJgb|f5PgHy@p|wTBQI|Ju>Hx5!%5y z^16y%OIGXNzLM8k&A}VDejaGJbg870OG1Z^MD^uyBgL*aw|d#74Wz{~C}8cfr2N}?fgESAd6ZlRedTZZD3$CD0 zC%V+WzfoE>+^Q{nrTo>^2}~AKSM=JZ9!cgclsdovsjL%{_3CoI=m%Re8{}!;eY}zN#c3G=vXAhdE-bV?H0Iu*3^S9 zUXPdK(#-tCepr!K+!} z`(_YQyDazP1#kEAh5jWwup~CHdc24L7x#rKg?Z=gC>b8F_7j-8klmg2mQi4Y$6oG> zAdH3)Q46&`Gah1L6MnS1J!~LjH9f$12!Wi>nP1)sgh3VWrjpCO^Ev2EaJE!L`c0-_JTAUgr3Zr+V zF!2}-Xhvh3UTKuA}St*bF_{u1!sU~%tgX#JFRtcV zd|+(Ce7yiq;&I~)5!-&Sf=4O5Cr`YHJ;IljpKp&GWb7~Um+&6Y9Bye`V$^gA$avUv zLxBiTjHBdtdHn?w6uuD&$ap6EQRVg7=@;%5zBa8muY7JvT6$UEGIv@(0G9~>Tb(R_ zQ7->W!~Cv7K$n-5vise4(#TPzSWm7u~%H&8k6J zy>4uCh%$%L-J7)wi0N!E4%;Of=Hr_Mh3>=g+Rc0GIN&&?T0IXujj*|+-(1rjA!G98 zTTr9}2Oq$>K+4-Vc!VZHm5#w5;|Y|bBM`sO6WOMy<$}B(#6M_wJ&!saMaQadOebG+ ze(zCn4w*XpZQ0yRvxdrcKT)99&U=;sblkSxo{?L=013G1&GqnV$u1iA2uIz3_Nh0D zym*JvhDmkRqp!{S+;40id8}P|{N?O@?mLd08o)?Q{jydD+Cr?;8&p;^+nz_aGv-~>$JQkD%+&ahsjJ=!R9Fu~L56&%1 z@FK1Q?tFLa6==CWkglWF!Cr-KG?!MoEqy8)M3KW3>ozlF;!dJG8$X*hHKIms6*Iyk z^4e;MnmADG16HWgtr#YNm|`K9QdZrV-hhsBEP1g5Ol$CZR`zF@Q2NI8pD(B~qXUiC zpCTsiUjrKiOBKF1ma@w;FMy`Hg?Ak&A~tc?=v2J~0WNhssRN)1#l|V^hPG9Qo&r*X z-Z{=F(!&gVqa2`wOTF0waRxLC>b$9dPk&TQ_Vwe;hxjc*rpYM!*t>pnq(@bBIJdE- zU6U1~?k9=C@`yhA2iBQ=MRMY4)ImDG>dd?@d?Lu^h6Dkg_Y8kcN4Y;4^lJ&W11aXY ze2<#y$Hi5|w55HKU@HVcJH?Y4lj$`1Gl9B++&Rt<_f3Nh{Oo*$T@k7u#aXi$SFhW>C@ zd8(+NxB<5hzNLdYhr=xh2^mfe^xbI|fwm>PdSos=zy083jFE)fRfv2ub8%suKdqfm zPv@t27TiC8XYZ7VAutwD>0vU-2NO9mu>k4eX+|KbFCma5>`Yp|?C7d2O<5Iu11|n? zhw%Z)#66GX3RuHS2YR@}>zLaRC9t8R)3(R@*Fp^pfmMJWd|o*w+UTe_eGuZoK@&qj zO|6MCqeeYO8L~+A7G>!oIBL`9gWF=H*^`ZFpp>O`<8I)f1TFeeyyGb?eIdLu&vNYh z@M!3-+;b+U^4h_4p2Ro>M*T>{)>V-s!KI{LPV`xI`K5A|G8)pnb9b=+#ntn0k%h;8 zk+<@oWiOF9ftq^)5BEBquBO#~U3SU2eSkKo+6e}~cvPtnz$_?JRFo>aiz~>!$;t49 znGqiAwO&i6$^Z_9k9-1t1$5xa#odlk{fr^>!qKyp3iP_@Zx+Kfn5Kofe0xd+JscS% z;Iy~TUjb-Ibyob&vy>fjSQHuJm`6I1eXFd)1ZpJ00v*yN5k(4@OaddM`botC@_+(C zz2j7h_Zc&NRdS-bSY36P6&UUwc$;sae*r>i(8APpxHOn?*ZLd414PB^gF$L`8->@= zRdQsTu9`q})CI4LZCvX);Hd}mCzOqSfPdgCd#-(I%%VG?1_Mz0gCQRfe`o|;c*VGSV=>300q@O9^SLmgCXT1# zCA3cm>EjOW}9X}i5 zz~;fX`*4)^_0r#L1Kv;A3y4QEAn8cXm}{uf_)R%DoVl6816>X)37G#4q+bJnr(X!E zFxcZz)7tDk>*3RFs&#!~(@?D4=aoA102Jgupg*|xjL`~xpG9#V6@FM-xC1?+n~oRG z=*dAY{*HcBQxyfsb%*uhm1Xr-s(@9qIn2+C>pzyS4&*#9oUOBVXvgN4Tt%?grXc$P z@DnE3zSge4ZHsRTe8B<4Jlm{x|}$P(Xv%K?ryQ$J7P^ z2HWPY54HtB&q_+8i4O7af@pG{J|)m#wc=L=zJ?`CS|hZ2dr{<*%~xc_KrynOGKh@7 z&xgT2ax5qPnF;CVox{16_0D84_FIt(VAa<UC3 zp=rQSW7r?YS}0or?7y4n2eKoUXQfz@CPIsDYe9iir6hh z{LSH3lvX>#f|bVvt(bWZf(Y0pRY5=$7X%LN^)oLNT@^1X`^IV#16IstfdukE*oy#5 zn{^Mfl#U7<6cDE1tEmL6lwDdoda_O;*QBDFPJ)`{&jK-qcnHx9=Jn*mgmEv=LPJq>8`c)WLZJ-{f~+ z94N~<_{`Jes+8#-*enMvNDWH&{N43OJDv0w58;Ql)~dHZ#Zl_fC^ipjk`ujC6j zy(Cm9lzZX-MVoyN)|IgA-BefNABL?sy)K=sZ6`#LUMDa&EWkVX^hLwdx5h53N+wwN z1YglSUjS1BOT;-eo&K}X3OL|l-o6I)uD<2v@W4YyYVaI%)eh#3qYXG&f##$J5z_wU z6(9kG@j2|`Gtgu%nJ!+hoTMm_aWlh24Hg2KW;^VBq>4UXn7qYz z(0-yup#k#q`?)5H3C(o*ZATZps|$X30kqp?1zZ-p zx)g|f{s5(e1J2Tr)9;%}X1vK-l~kPLrf^_)rw?GD!eJbQ{q|7-Tsdz$tua8KKIZ9| z4=tBamccE}GK3x(>^5oEW!F%FlY)uXu5WW0e}y(=at?w}uF-Z1hJ>K71b*;-&^j)&P5EHG9yb%z~VG&(t&>m?KO z3?NIXVtIHgFd-dHvzj%VMtMLm&_bnDtBCy-xccbl$?YM6BdA8t zB9VmUQvZ1%Tm$PA=$>?O3%vL)z^w{9Ee1$RJ{p&RT^(0c89;`QP4$bq%;~v+`1qk$ z+srQF^ZW6c?7=nDTGRBU*H0T!oey!K_^UA^i!BgO*0|~89?LsY?L7HA?4UUX zAbKmiP7Z8ygy)RdANvd|NviD>T}AV?gDrTM45&wM0T7M48#p9_L1QuI#UyaWuQVT3 zAYrLdu#eCd;RY-NiZ|k90(-;Wl$d%v9Ia2L1%*XaN*K+TmR~QSApGJmiuq;5Z+Ty^ zY1r&zv1ZdCrXmvf4{m=Y4(!nYdpvK6ToT84LSDlt77ZV0dQ<-e&geM+m2z+$0RkoT z{VcN(yapw0>cM3Svjb7*zi08a9@rZYdC-_UUcnxW#QLo^Qhj%32Rj#;F;z|)iHchP z4hY->rJ_I!hWD7FqaS4Z> zj?jSg;3Eog8v#nI4NyPPnOE&#^Du}JLWp=cNCj2|$xnM);j zDfjj5>zUH!zKevhm4zI#g?j^m%q<)rp%tkFN|Ug()KZ}@qWFAA=GPcg9rr;h!iS$V zl5By>#GZHLEw`MjDhVzlgSCx<+CTVB94EXG*i)l_L@Q>N)*f?KK~eW zGz{*6k_NhP=K)xi1=7`*n#;i6P|so>#-tfN*8E=o_;1-W185SNPh+_FbL{xE`!X~K zwk3gYg2!#A;vS_qeQj^_Wg15Da`;q7Ibj|f`y#l4O|S&NU~q1OYwQ7K!Db~URtmd? zQ!qSWQL??)lCOIeP`Kf-8iY<(ut9tIQM?OpZE*R=LCxC`seHmOUrUYAudmyL6;ZIIQ zKqZ8cIoIfkof#l!21_i&YkG@10{%M&vn>3`s{8RbWQ?(BqTJ( z7nVQb!Bm#L(+~&1jewS8nKM7Fn}9YC0(+FnWPZoU2Rg*xPfPe9(JnAvEZ~q>=pwMY zd`>;4SoeIEMciUO17$@~ejM@l4)+F_coxB1pjH7BBfLw$iNP;s2%h2q%1Q_xD!1zT zMHoiSTZ-M?$y($mxDF;)-8HhaU?cg9@Z?X7Fa&5%5HuaM3SO`sRa`eAr7|9NeZW@! zf*Pom4@Do^C^M*Hx7sTFIz_-BLSR`&_)ETIA7efy$pHz-p5D%(1ZGhsSMp4I~Jx0WRXR!q~#f9L+{$cFuhps9bG9~%q z#E5oM`iod6Bq|O0UNLhTO8-<-OB5p4eI(i6=n;91N_(e;S$Wx?DL?CdOxtj zI%x~9AzZ3zr3;KVxZ&M_u?&O)AvJE#2&IeU&JT`5R)-aQ#jMRg*w^-LzKno4L)Ok@ z)oLgP;>fJ^e?%(|92@?r4}m@o#xYsNB)xH_%)kw^;?@TrN_ff|H@8*ol90nBn~UDa zJ^UWq5#jw1mn zn`(u=-{PeA-UJZ4L2YD&ED(ZXRBUNp{bfY0S{7C8;v#ehh4eU9=0WDSb0VbiFayc0 z)DZp2k!UXQB%79V8iQ)cm60?Le&b}~*6N#*18O*Z9w;+Ne}pM0(;U__T4A=wF^Byo z6+rXL;D-wmq4(qx?C$$qdWtD+1cd>wys1hh04yrxX?WcTUVpIWU5y*qPp)({5d1Oi zfu>%ERt4D2omcJPSJlwN_PFu4g%;DXXw%L^h&t-g!b6O`JZGPHW~mR~_%YVuyo>Nr zYSr_r5iDpH$bVmxI($@)IHG5?#2|D~QGL4t7O*g+$9aItkfBEqzT)3?JZM<$^@03= zjmNWG#J-prNs|0C(Twj4!b=r57O zBba0|Ci7-Y4km-)>qqpQ(>vSkfH72+RMHJV%oZH1v~4^7ks3aL!>>Ti@H-zJyO+Ar67p zEmwp>D(554xq)!@v|>@>R_Wcze!}y(!)^8ZE+O7$pFcGqfT9LYUEI^*Q#Wqm3g3^2 zCC@v&emvx3&*7q{w9VH~g8wmi$5L0K4Bp!OghGGg#e%Jhap8D{y*ZXl*JQ_`8CxM0 z(4)PPIOyL=Kn1nll{~pLV9@0nscv~m0QLcTnG1^3NT+n(Al=D+41AqW(fNIfPs(xC zz~}#&c(*vI{27zU$4>mSg8}{cM&PF3rJq8B4iNv|7x8Oe z4KI{q)K60RJ+J=Qd^}_X7SN$Yx_pixoBzQ!41afz-eQffY-mK?wti5A!*BgOS#K@Y zXnMa2&*#!w`z4$DZM)1mDz!ZF;Gqbn$3EUW%ICet;SXXs%m=VW0I$v;_|oAOe6pqF zTU3&(0?3tzR<*|vzerFU_=GPMdlVmDClx1I~nl0Q4;!^B3C~V z?%_eQE4{?uLUp`SEm85Ko;md?s_n&wU*9wJ8xt|{FlGNWHXUgMMkCw-{wy_(*>@YfU^OgPd4!=3;Zv2 z-m?PR=iP$dXWVe6a9;0wM@#vkG!+)x^@9ur-kU`aG60IyJ5b+&`#8JDM`qrqW#F#~ z2tIH$+AYai-l1VVw4y3PbzAAtwQ!HQ?ym-55wMWc3$tX0il zckosob5=1*_YA*;#je=JO?u=#qx45>ZplQFHf_tpHl%wo8O3V03{R4 zaIyie1;6ljPMsi}#QZho&^Y)#qS-gkCx$!Z*zX|GBX1@i#Kj9@zm$(eGV|)dGn^ET z?W1;$c|PQ@l6Dq2oyQz|cF~(syt8=JWOLbz5H^)H7TH{9;wpcu?c(ek~}B zMUHqY>PV5Rz@7&v4!DQa?7R(3(G_TQZQnaqz|8_RkJEAGRH|NoECar&xC(*`lq+UX zB*0il_1sYFiYtkQ{0OO%gpdAmI?h2z8EH$`bWjmOA>xC;5#2sI;$D%UhQk9)yj1$~ znLjFMQr(fC((YxJ{Z;Olegwf`c|%$h$vw>0OsmU}$6%o{F((vLY$e7+y2!$q*~N^u ze_|2zDU%8j3I~_+yck)wx+j1PYtATO3s!aTOD;s@|xQ(2`N0(8tF-Hda9&c64TC`-o7cAsJh1dOKwASkw>H=G*r8If@Nd&wL>#qY#d z8k&B@NjF@01~>WM6d7u9EsY(Jo^nxhA_y*`D zRQR2f-`AHtjr=adj_~_RKOWNd3by-8vG$8>?7P}2?StpSBV`Sx%!Fh=dFUM{&wn`M zluRg)+IN(T_H6s%?2Y=6;{C6-xeBH~{NF!I6maioc$6&-_L~bB_#H5IF0L&gWMbZ4ZE=8gB)U>)!~j4_w^!gbw6qSD&##K z3ee@L&^d~P-xIoGks>saZQhrKCRum6%+Hza12N7vJoI<;Tm!22eOdz}F!z;z{%PU? z*9d-xlWPw9nwjRfFUP>#Z=>w{j0eM>LJ!S`rUGd$cmPs~#~6!I{?bb^ywf)i1hKds z6n^}9{sKkr&1oFlDECW<@sJM=~5iO7a?g| z!asKN{Y`TJ1VC_=Eydih8G-Bh););qa+RRFFEku7=~qH}6BY2z4`&udK9N)ai{s_d zT=kZSmLEVSBI)cF^2xA+q z2G~-waylqP?m9eev<&>4F`rnLm2IsVq&8{6qU7O^xN%W$r7(&^%Pj0#fs-oU=lMN< zQm@og$UnS%F={AG-)q}f5|PXS?$T3Q?#uI_^t^*oGW#iPbtz|kiir{)hXKT6F(p6? zD7WX&v#=qvgfR#=8025->&|MSX;Q{#_k{*o&*HY+^Q&PU~f^W#8cC+RAd+W*Aeg=%r zy2ed=!LsKq;%Dc1U+}VQfn<)$>OmHLLEB~rmOoYjJ2;V(c2+yQ6L4{4;Xo35(hNoA zUgW5lHU3E}!RG3IhClYzSe}l8Lt`3+Ww_JGXPaed@ZdC4BCsueY=FV;U!Z@Pt&e+h zU#Em(S!XC(34H3h6q0t~@6oPu<+AX5yubJrcf!b8a9y8mz!GZAswScmQFfonDZ#lyLSQ?z{s}=686h-?){LujMO>@=8Or z!ii}&>n(;C{PL-A=HR&y+}vaEKFKvodKrVi@&&KAiqysSvHnKPp-xglMS)IX&Ei8K z(eoct)BN2cjVZ#;{4QnGMt41WlNq9{ycRz%qOPsJJjej>Xi-4uS?-1^0^Ih(;7HYs zVVkd}fdSaC6v}HH0}y{5J>e5zjp}shVDjf1nIjC=Et>B2WODpjr=*wZUhUp3<$D+^YoLhc4+i+ibpP#DuT=XiS|f>Yk=@6dprA^kpf=?A6)9E)Y9G zzETPA>wTw+NKq{*^y6ogDK%U&N$ObNcR}0>&UD1ajbZoFD+rF}ph5eCN-38>kK(w$ z*-pN=SEeRmkn(5)cY|{*8@6M2FaQAsK+nK01zETiXNR1*w|xIn>IG{z4w=2d3XOYC z)`2TwEs+HvDq~1HG)gA~KLzyQm_ec5hNaGQvFu(s&ghA!VxIwd_&!t1eaqh{zZYAd zeTn;0&P5?H00$PR8dOw4Qeh5F-4$SFwcAjnAfB0`bNG(N`W`50Qg+TmwRn|IV{sXg&0CBg_la0y~NM?Wy&n^q53ggP~fg=cGo|~ z^B8Yj=)FV=Ve*LfgpKt(V=I3{z26tr(p+@rKUZ1B{_D!7W-lU6a4~oXgB%%UR01?k z2MTSK2ZgVOduJg}coxr#qLS?=dfy}XkwK}I=#rFu3Qar#x=#9_lWRaJ^9eJJC*p=q zC?w*ear+q|@&4Ug;~#yGcsB4rp9SU}pMM(2j_6l7X#K0YH1p}#3+z^; z+50p|0?g&mAHNAZ?#gJwL7*Ml^IQVG-%X&zCukJV{n}@w=0geO@=SPz;nN>$GgRyO zB_Fqtv4n>=XGLle=i^+<06S}V*?KPNQs^L>VZXmUJ0AQ|G&#X)nTaJA8?7Hkr!VVC zEA&NVP{zfmY<3w(;I{hZ9^4@Sj2(`8e?P?!l{McExB;+aat{%RD0d&Q1Hp;{sn;__$8HH*T(WVur#Dht*xc$06SxAJ>c9pR(B$o+N0s{uFd%39vlokn3M!s=Z`3_yfy7U+Oj ztDIaz0%DS~9;U~=m(5IL*V=FGGSG?zWXBbU5dj=w!4oz84&41qFJ$^Sz55RhDw_4*3+qG-I3;XERBkU~`Q8AB~4a_)v(gENG+&k#D&-*^}d=KDa8?sA!=zt;+n!X0ugX+LPk4pAV z!0fVLK(na#odV|d1o{;^q!Mmb{cWWuZ)dTd2Z2I%si-> zhWg<%S!n*n;&fFlZbHPW7U_GjtU1-F`g3s^dc2}z^Xu8x;Lt!u$NkmQKTNKxDU&nz z^n+Rj(9I}2vyo$?1?2O1gF2)i&m^;6?`}r`Dnr25$|vj{Ck%V#t&@( zQKmzlWALOujlhkB56|6k{md@bDVq1Xs_6Ayo?+Svq9Lc2L<>;EHB-u;AUP>^07%Xt z4$eIa8GS7cW0a1KK5|d&4?bJ32~}AJtJB@tKmtt8tjA_a zXLOi44&^tO&Ju1o?+`Q`_7qoAlOI;5I0)Lh6(BroJ|lM{8!~%4XpMvIvn4%a@Sx@ZRlA@873 zsAiZzRrHT05*r|OTwGUS-HQ*S;=%Pv0?LvNh=mXOx8iu@uR%EgyPPOPb*)*tE}k6; zaGsAVxbgAH_^)6o8r5mA239a1Bz`sLd}ebGKyR+@FX3_D!vxZ131nw}R#nyjS%b&y zX;Y-nvTqGAkP{S?WtNIe?v!{5n8Gge(UGV1k==rF;xN-6Nj#+8%SK=;rAjuwKkvyQ zVN3n^NEJs2l5x4!p>m#*`Pf3rgPNM3`T{K{6p{)u1$Eh#(s$6PXOB^S|Du6{s-7A* z78Fa_nV>xK)!a!sD6Bzoaz)TC9PbF>)~is{`x6v00FnxMVLV|4+tTfi>mzC(owQdi zNDX&H?WC_>ATyAlTQ{4q1DX;ogf6F_f75!>{Y3!XRN6q!-+tqyB(~gZ`}*FSDzqaE zX0NO%6edVN`vTwH8QeTVTNE)CG+2cn+Y-26SF@Iss{Sy69}GKgX&aB@@+6*%z@p((>cp1O zDBSq)4?p8Qr6fy1QL30`MUeA4X-ejTxu|CJJ*PDc( z!IP+_gR&yZ%hi7GcdrAg8u0(j?^{_jeHxhEH@cP=bJh2ORB{4Ki_lH7$GW&L4(?-q z@8RPy_W=E5SC<~K$cq|bxqBkq_{K`{?|&!Xq;;CcqsJboTbLUn0uc_L`81Drn62 zJF>iqg^FlynTEXpbKUB2!i0GVDMn_OSr#Vz3j7MIB`8=rr5QB~Zo|UXcM)S9K_)>s zYC7R&U*&{(?c#wZv0TR!YIE5Q6+X+eugoN%ezoa5QZ>gb3wv<27i z9nJ94LfO2+x3>tYlI@+demm=VK^#6Mnt7lgi42cf6iN6%5(np<8r9DT!1~{?)R*G@zF6T) zc{uaM2Xo8g+`-ti`l;%x7fJR&hLvBfyS6mJ>1_L{yFxNNa-a|M3x5<>KZ%;xm>`0hqHUoz{P3un~6G9L-6QU$%YrCd92=3p!ehs$|ufr zNB}<3KlOV)_+a+)?KUkjT7le~~hQ-GWg?u-11Y%o{GkMA=D_I#T6z|-HK@C}l{ z0HpmWKt`m~d4PxKMWcEYv;rM$%6ma(w*xTkAhI$ait`aDQ+$f}49bnn$JnuMJ-g^$ zXngS#1#`L>@ytWHqDGL;ecp>Yoi$%J+s!8_2%XF3R@kOITJw$-s^)TI{DmssQL17)ZP~X zFkC$}Fp)sI$8Nozm8ys*P+IP^lL8s=ZSx#dDqOttS%bhHcj=_}uLnSpPDVxqQESdt zS4zJhLb)9+h33~2cmOlNPqMt2<`+`F*VFk?XP-I zGoAUd5I)uz39P+86vc6DQYOM*b! zln@6ca{O|2>;+2Hrv9ME)S~STV5<+0I8+z8%gTXs?1x=*n zR3Z1URSqaKD)bNdo($Y2a*5bIyk|#iqKK+p;#l;sSy8SJ((mWDPIeC_`7*Ua()*_} z1suD>tKoGCut^nwWj(Az#kPDhl=n_G@3MMaw6MOqv*FD*R7E7f^iMOp8|wmcKJW#T zdr*KhieQ6>M*gQA3oF|*^!K*JvP6wGMCFy}B(rF$FzrSm)j{#Dr-I6~}f-M{A z*INV72!SK{y3=J4xBgxy_$nHPk_Y};zUff3=!;(itRUTM8vFn zJ}SU~L_e1uw5T+SGVF~9(JtV$%}eK@lo}5<2ss+XRH|oeA!CbThZw-x=0U~X3z;(P zE}jbSXcJ>9<)=GhaR!j0oPkCVUEX!P+w3n~PM}YKlw#}rF22)=Fsiwn6k{EETahS6 zf6Y|DR(2^pl#tH+`XmhiZBUjJV~IH6C{W484-L4+cUCn>CT*ZT*akdnnv@|%dw>^M zEO4fR)`623O}~IL6$hpj3S&<{Vk#lE(a8EaJ%SA{8B667X!9aJcT!^wn_f}Wy%q91 zgR+-I?zHOJCl%g9413G&9p{6r=-iqKg9Cf0n_7@}7@o_r1|g}^F|O^S5U3f;q33dM zP%m!+fMO=77sn1;Rfh6c>bRQ%Kj z#j-wQH-Zo&RUyxyh@wXGUWssw`f~5Z{fo;h7ZD%PSU4{uZCsj;?0gmJ^t^4dz(%LS z`h0bM24&d}~>CK%E#m`1*^JHCSR1A2me7(uu6)HKdx*eY=f13DWL zaI*p59$086PLA~_6mCB$7x^IEQGB{Mu>4x88?uB&K#BpnP&E7S1LWzyn4o zpj30d`s1{Kvb*_{r~2i1FBXGLEg&pk`}0<{{+%L3~9Q_%*Ah;d*yL7;v){c2?QI4NsAIM|D)nhE7zr#e>-ltTQixdIo#tf!9-*J9J=T|9yvv3I-qGyRDugBpR`201UP9N8uJE6=wsxU|MuZ@|qTl`ud|JhD z1l0e^dyhC2KNJjK;5U-zj^*k=Hzmc-ip=jw`y8eD^3i*)3?E(i8f7Y8naj19F0rm7 z7)3IR>iU|4wk@lD>ySv74YWc|@mqKh1n&XfiIy{|MU{cBTgK}cfYneaW`2_pu|%cy zMriA2o4kENG`gVcJUO~ZoN2H5MxP~sR&rsDws0#>@s_%_+MSvkWw}=)zZH%(2#{~! z@0FmEYW{t;C9E?8!R$BF={*#8m8|Rcfe|1 zAM8hMl&%=#Pt6bw&n>AQ-iQ9e9trIVzio3Yx-$d1t2zUiim3%OUW~aTkNbq9lA`1T zFfQ_`DH>jZoH%@vVYe*jSfSdLSBJl1$`977-^6kY0!qN3TzpX$;k&kd?ckb;%K}T@EdVYy#?TPM#|={ z&Ra4;n9J2~l}R4i=M@|V>qd%ULXh4!J>uI@8B_p=0zSm_(kZvEBUXR$J%;#BEP&Ym z>M)(?!JW_UfX)g_(TasoaQYMTOAZM&8;i5CM?j>1^9WS7*&d{^!Tah2CGI=@1x4AG zOSsq?5=1-QbAGT{VlwyG^hX}t^aEPBX|w?7UPyb-sPh5;$vj!|;BwL|n-H29;gsD|jD+oxYfLFYm&r3IwR&+zYjrsY9%7pbs6w zhQj!*Z}8#kzkL)xlA+N}0ybM)%WL>YldSB6wlQg`Fag zh;ve|*#LN1InwwhGoqnhFi z0zMWWJoA%==5Vh`zX<#v z2r?e>3<@a<__Oh_@8>u7l&hz3;p-ue7;+-$tT7Dl@hUi_P65iuC2EIDI;iD;l|8S z5;De363?(_4s(rlv zkwO=<`iWJ{cwc&%k17Ot@yztcxARg@&|iDArphFrr#%b{Mm@8Rc@4@5>-rgVn4fzCy#OgP{vf2nbYqMjT4GbuW zthg@YPeTCp{&nVTSG!*gKU@cASVyj(n8O5gW^8+rm3IBb?qDsFWtalIA08e)CJ6YhHy@;lP zGA=wgbqEDbufT|$2pkIhB!zJd6}ORiW}m`J1?80eYyGHV4Fvf;zO-Wv)@tG381;ZfXg;qZi&|Y^Fl(Ro~f-V#!pG^ zAMontP~$nhvQ?d4bQ`g56UwVLqA#Uj&kSH3_SX$ms9P}GJc6LQG-D4blh3R7iQhT< z)M^c{Tl`VlG;n^i2lQAi%2(X!H7wdp`P)3fM#B5qjkGnXfLh@JaF+<&MQrHuf8T~j zI0>-EWU#Q!s^H$v1q^8lF{!@70x76Yy%#a9)W5;E2Z2n>l@7O7vhAgVNIVXsS@PIk zj|{WieJeq_cP{HO4xZGXtc(*kd-71tf$}a0U47CO=d+_Mh*R7Ur5_~Nn*bEFb1_8W z0DI1eXQCwj&^pk93th2ze}!DcI_JK}L5jvEh#8WJW!1Xxrc;KTZ`ta^*3QXUAuQm)~QfYr=qUz_{}GJn6*%;;a#7yr{C;Zu| zZdqBWp^)I+{t&N?)`-DaZ%z>SB25;ZF)0{`Z==abB3+1)_;`2_Bup%I?5E(QLlAca zmnB+(W6Ct+-O3?w$@~!_58`ES;v$NE0FH9>;E;B*+~*X4M6G#Q(1EzX0N5kK$py;g zL(DyjdM>sE{?1@}sR58E1c|`ce!c}@%fj_3cs4=jPA$JH1r*>joy|~uj#yjJ8`2N= z#4Wq$Y0V(jv`%aE)gU=s^%0(s7WCQGXmq{TSpk^Q1eUvPLz!<91vF1H#tF`QK=^td z%7aZV>V(Os~%Xp1Cj<$V(t|(!Ja@BEQlQFi)#)XiEd(n8!;q z*XpfEI?jWG^60*Y`6`?C1F9ZE@q!)nDlz9v3q1kk1pln_(4Es~2z|su@+Y8zB=xr@ z%{76&Dz8opS8G^yXm>jn;XuQk=PPfyWq?Am$~zknHZ<@h;X2htRuG^g4dSbbbZM2D z;O+{DjE2P;xipEF3!L!yS&*Bkd!Q;b3eC@dRMrIT8mL>NYY0ZEGasdL0sd$pAa1@f zV>Uo0KV=4#{kuuF1@_i(Uhr|~!|k=#lUU*R63G5mz=2+^>-BOO%K&tAD$q8*+>HU_ zo8GmIh9aVj!@5oyhwE3*(a@r*eCWKR8(*l$5M9Y&gzI>HOkV0>cNYl>q;LzMi4EA3|hrXQvP3Ylz@UpOMXe<;nI={5fF_^RCBlCI0Kpuv?)`b*Z>c}Hy1fB5mlEql zA9w|}4aY@jw+_66UeF+cubIBE=rQrt_N;2yV1Zx-OUb}CxXL93H|ijSN>|0ee#M%SD*t1Rt2Zq;H(4ET3!aE??eBU?-S%h(v)}S0cd*3 zF}ptyT{ypuqz)j}3Q|e7G_=zqmIUSb~gLpdYXa#$!1PTx}a>2xT61K;St^!bm_h2*T0Lt{W zqAi>oIQ{c15fSl)RY!xIc^rg`481d%|{fP(Uc)Bw%} z3Y`qx+C5l{U$-4+4^QxrK0w8aFCE;?0nJ0Pq4T%nOW%+a*Nbn9Nor1m4fc~u54FunBV77Nvw|;O)Xk6YlKP&VLg4@TH3d41fmA!I}Pt+~t6yUsBgt&e_;RKsP0z zQZv@oRMb1L$Kj3NbZn0VjO19M3>Tm?hKvD4bDuYI4faLA3aZ@;_L0{oZn_n-uARTP z*4ggphz1FSex~f)iGMO>_bBz-l_rwTq?qgj6fDj9VnD7HfoO>>{Hncl(5T{?l4X7h zYWgjy83Nl0_YlsQDBlI_+WpYHGNDc~?MDqGj4}>G0HUl1?=h`NX zDF9aZT^AlAu+Tdb$qUO_l6EVNXDv?O!8fo3g1L#sKboE2ujCsiUI5v^&x7FFQg1DK z*i+&^i;6x~xdO>s#7r|>k*x{yqitR!c6_}C8C=Jv6VBImdUBab@LE*Z^aV=4obxbxH`LHD+`*6W zMl^^FxU#YKt>wW3efZr{&d;X6?$Ezo4a+&4nYU#yCK-GLR7Aq>FE|{a1Q$hu#`4U}%@^#ByzE69X8SZi^rsk0QJ`RBQ)-tY$k7GCN;CIC~r^ro?Zafas&AG#pJd! zLe(^0u9|KTj=3vt^P>YA35GHX`LZ9Y+QDObzV>~zO|-ql75!TNWVpP^FeeN2)5xgM z+-FB|V+w`3}d|Fo*EO@(srRK>kWW@3>*uluJAYakMts zFmS^aQq%0-|}y_yj{K>(IwSpcFAM+?GJGr)D1#61ng@e=|X?=F1>{XIoJ zSyFrEe)|<9rhxh|Z?pJMk4QD?pm}w{Ba$W8^D_YG-rYG;WSIg*L5TcP3-V;R9NfWR z)(#iSj#Xp~=woQ`Usry&bpKX!{Me19Jl$3SLFIvj=Bo#Pzp;M+znv@gY9$yIn`S3A!ACS77y@8FG@^(!DJXs>3C4!b7 z*yuHJ;6qcEk8&;S-b?(eO6dXmkbR>_cU|#`6tGCL>Kni5UWC&Gn1`bHha(nO&X43GMHFbVqQUx{c>(M>NRi+_kS=e$f&#P(=*T)A|155IM3Ln9b zMKRadP*5&m@bjVoL$@4v+1i}sntH$D+;;Cp0)EUi7#26vqr9iZc5L(%xE}DzVn)iu znwjfPXNr3&fba+H0u5UToli!g7ml^~uhsv|+rH402nWmjTMNE3_gGNBYX^YVf;SQz z;Op=TMk_|fF|R4VOgwR}tkUWyTA~(W;LR}b?^uin_^dz5tf<-3{LZF0gZ304BOe8V zPcu~+yniohK&|zmXt#+t@rFP5vwo&^$^)ep@=oclsAPhF4VpBz0E<3w@{5x2VCh!f z*QvC{uNct+hj`3`qB4Nwq)zj@rD0AE>tD%hTKc4^Ujs-Qa(fImA{9}5TX$z#tUt?x zMZ)ZuK}0;kpXyvBEyg37Yy`w3443DOx)e)2|E%W0D{WjO2{d?amk~8?WbXjRKWQj*K1~{wL*P#` z7^u&7q+pvC3G?)RPsKa>A@Wyq_&k#i1>7p)7uZ|88970%+F zv>vn`fHAPhlMAKzQxSt3QBN44kT|_i^~*qWn*~+=^%p&hhb5+ip1Dsbi)C3By+t#} zjR%AIE0jWt5`z?;*DtLAMY|U%8HoT3A@7(Q`XSkE_J0_VC4Z#ErU~py_)7=WEkOcb z8d>)42aT)#M|~+FpeyHtet9d*X-N~okr%EQv~0+(OTnwb{wNpoG*Dvn12MP5U!%#! z#lp5`pKNI)8yqYr*GHJd_Yhdim?TnDP|~+tqHc(*pJN=4w-(5n+rdcUSDPf~Yv|y* z!2FaNv#h?v`Ir`S_}qos*V@1u#CN68H`ezw!MSZM0x;`fOQ`nWo&82AK7(12L!$a2 z(!ULYEaUDRE zB*kmle8&#H_;%+Mbo-ZYpDEfe2=K3LXRmXm0WD2yUeMKK0YI4$eeNgAQ>8(Swx7%Q zv`}N}86{rD)B5X9xqSA+ltLWRm^$F78JY~o`Stom1e(;Bisy%0P$HrXf`SDK1A@Hy z5B)|c(Rx7Y>@&vnLnidnU+@TQ6iAq^1z2sU;en>?>yow4T1k=tILx(%X@LffW|X9%dY{w$`LU3KkPM1{LjmZg#je>6Nq%Mr~nw| z-m-XB4^P7CH?n<5E2&qlLlkTO8oOIKPR~T3z<3f> zVj2FXDpk|0;GwAg6!z@ovB3?3F;<83KOeohHf&18loQRyRix)Okm5oDu>xc+JT2GE z34LA4nqsKnQ*n~G3_Ab{0yfx>1-cu~fM$l&e|ZBCuC#1?Ve7bh_VUUhRfjqt7@2-G zNv;?`j&JRrfw}6&&A3iJ`tWyXTg*SCwqX#EUT!!DhkM(s!C^m?P|DlwV(s3Bg%%Vl ztoT*bAcbbPpb=1QG8<&E$1_U195lEVL=wDB=gk`_C2`%oPvC?v|J*L<9>uZ4#DR04NLwL-@B+J!?Y%JjsvhK~&|b75$Jrc4 zQ_8)eJoY}fXi-Dc;3g?8cB!nEZ!}xn3iiVtTRFUk3Ke4WAT$)`M4(XnplXAuf4iU+ ziU$?~E{a)0=!}AOW3H9T2Yrd=3Ge{;G8hbopH&~8NXDZwdEOd~pwLjtnE447nC9>&;PpI$-rwg8$~AskaJm0w z`@*GpP-Q&sMSbd`YQ;cg_NAv0_PXIUs+71EDImWit881Hkg&a1t};GR#su>JujD#I z-8lLF{xjHxU5Q~ETR3xrC;?J3;lbn)4h`DH7W#qZzeBs#i9C>2bzw5{Jf!AI;{I(T zen8!B3kL&C!T}`i=Rj+7O76px9{70V zWDkNp_y`%N$bsVSDEC1Ey=M3z>0hP41OJWMIWMCSv{#+6J-m zR8!~tOV>FnS_WuxCO-FghM1fdgpv+&>)aUC!1qv_np=@ep|};?n)}? zL3vQ98^Kn?P4;(^#xMQF5Gu&>muV4F2q15a0lZK_^tzwWU5u}7DXp5!5x;$`m@*?oA0s)!ItcAztG#|bIDRc8fVUN@G!g_yGe*8Tog*-7l*LTmas4Q3aOk-T^fIQ1`dKWeRArvG3a3rg0J;mrJ=wR z7YLn&mvQbpVCttD}yo4-d0QpDBKhqJw(O6}cjnud- z?$`k;K$7t>K_DKEr{&;b?;|GO=kezUiW;%~A&9U4Ok(#Fx|?_kCX^JXQIE8_^`*Bi zo&kQOXJzPLV9v+3tp1Srp->-a=UZgd>c6$2P*c}3L?O%h{4Jq65-C($GwV#4@tvOY zeV1kEKaCSt9bZoNLONWU-Q`7g5<# z1T?&X$25XcZwzwTcOnKq)s4P(a|Zky&XXIS4$e5!8~cG>T8zAvPGtc>dQrKNz1)k4Qb5zldY*bI9M2UQah;j;9pXvgp1s=aE?%ZN!V z;LYcw_4zrEN_TNALAIG}8LKbgkNfTbn=hHmOO%Dk$UI41Y5sJ6yqfV%m)+bc53SyL z6ioB%b6;2`f#8a_^=y6(n>|vHo|0sKATEzuQn!n-VS1S3zNaTh^>XRxOGKZ&ZyPQ6 zUF&i|0GOqZ2Tn(Qg>f=jP2;}D#OK@HAq9$AM7WCr`3;Uld%|VRTR?6wo!z)2$dTFw z!2#D@^$D_R@yPM9+1G6TF;x6kn0?*;cBl?ky;L zb8F^}Ub`X_{5T{NlB^~mO0BLTdl>JEr}T5TRjd7yN5jpX?xLo*?ip+wiv2-pKZ! zaO@^tgFi~XAwcC2&!bM0e+Mb3buRI+4MO6 zP`>O(IP*gi2oY9zJ;;Il<^FiQdBtouS$o;L$5W{_!KebydA8q5rjg<&`!dwbAK;rtemu;yqF zS%O@{@L$>yB+?p(3S5k*{Q`qnCS=O_IDdp83LRlU(9iKIiJ7cR&(;9@uWG(z2vqSx z2=(Ao+J0V8trL#*?{zN94bJEEXklt##uj_8IcfYY$?eW)bQp~EUvv2>$s~o6Q0CT~ z7*4cNU48~09oM_pw~Zrl=u35=VuYD%w;A_eUZF970{PnzziD_-N9k@&`eN5)asg%I zvGm3MSxy&EdXd8#I#g9uA&20j{rwiyQ{1@h>+x6luOIF*K1~{+(Afbl3pW@y(@1XU zZ);*f=`*?xpZ5OF)+S8jV~ILT&fj-r4cWJA@<2L+v(T1vi0UJ*JF$KbAaKHM+^ZE( z`<8l=5OL$-et#FH!09I+9vQfGr`10U22K2UjI9I$XVhESMB5_1t7I2e)TYz~5z0@! z;ZPSu{gHl)(H%a|7Zd$LIc?tK(Ud5So|=Qvi{6*>m`0;l9b#T7x#!33Mx8Dk~@VJov zw@+W=#R4|&1M2T2B8m+Ya8#{St~{oR22~9hm6z8_Q3w+^-yF=nCXH#tH#PJ3J6ix8 zWaq8XTm2N6VD-X)o7)8swcNw=FYUb`o9j=n&-PvAG>*W`?H=CYeL%t}4YxPRe6aKg z&2ZV+G+TTwz9aH=zaV#FJ>=7)Jt$k55)pso$Ar#=9@`-Ld+4%J|EUs4H-zBo~8J zM6mq+rX)F?s)0nlJpRR+uTrnA_28Ueht3!rGTn~>-PS*?A@)T*Z7q{;fmS0dT46>f zfnzY`v@?zAmg%wQYD$7dLY*e#scVbu_Q&8$To4{E1#5i%wI6Ears%nBxkfvk}Z+@n{u!C zAa^Y0gv>Zp_z;4kHjbu4);y&Z2i{9O-_4G6AjgM_!&>S*GWG(hVy#;?U3F4kE{~-)TJoU$kH_ zi|d12)~|0aL6rkHsA&z~8?Aq5`bWQEDT>5xUSU|&t_qSfX#yBaqUE3SxKWkvjLsZ% zqJkN+YNt1qdsgiV3QmH+HT#$ySn$R^-~bp+O*g??d7eIEa8DBExTJ`W^at|;P;mXJ zj!18fuG6)Y;{EtvC#ySsNUx_LuP?0jhTW5Fv~-yS_yXo)MrmdG`=+y=>B6;RBq4i% zad-=7`7X4KWBV)v44jIUh2H$vl|vm>IK0r>q9@@5 z^*qFhQ*a!fGbWSgkKpEfEAeeHi@#U>^IpdX|3%FpceR*SkJk^D74z1UuTY9a?B3iv zb)FwDTg*(@0vQO@KEa!nNR8!E@Fbh%vcDF7-(?zWxQD#RF+YB@+H|VmxOvq8zIAgB zkNshO*1fhd?fb0;B5B$>bt3grb_dXD80k3V3b6OX2+j$zoVEI33mp?+BOoK20uFmE zj4tg(IRnWMe%iex9v>io9eji*!_u$VBf?EBC^#gH_3I|Zj69thsa1OE^@;q~*Ed9l z1xxCAkWi$_xP$F2VH)>~$j;gjz`1j9S>nZ=cm(uP+om&TFuQO&B|LW5mK19a`!nK~ z7$?G%Z-lLT_e;n`)4}*etTUU9d7>C^y!i(;;$vzvXLu|NB+g!>B-|_Up}A4YD_3+s z>UiL01z-e^x`YBoK0-TyTihBQ-MgDHBRV#Gn1Cio`{nWSmx=f?CwjZbFx=fSnAG35 zoIWr==fN9$wV{@m%T=S8(>O#7dqZ{Z;!rjsd zIZlXKjNJW%lc*zoC_c)7uQyPtO=@nwh8~*yPs5HzR0Mst`t#$}Ga=}3;>8 zW%!yq9B<)HqY&sL6n6ZqTb7w{YG{bpM)}zd^Tak-vMgfV!x){@`2joJCX79mj(P9=(wViFEcMB6)-_ z;Kj}mog#n_Ar6Y-J|<6siF|1vDH{B2O&I(~El)B7CQtAL?~uL?*tIhEssfnxbQ2W3 z2ZRyuG8KPFGBG3QlL*~^mLK(|8jF0jDCPnuJJh4>W8b~~rPo-5yJEO-J1;x0=3w4X z>>+#Y;vwP|)waS)iMi*A0h#FzDJdNcG~zFX!R{qhh=)vM?NPwol=3)jpKI65w-{3_ zTegc=Te;D{YfUOa?eatVYX<3FHD#qt}u3g#8 z1?>rIjs5-{&qiRLIW{#O#lBVk46h*?j*w^JW* zw%+2yW?mAFjPLhm?%s#FvW|F2X}%KW-pg4@Ppx?oMpHzPHEc(Vov=z#V^p zqI%!Us*hUA&Bo^~&BW&qcWa(nQBn_=drzbYB3-t3J>4n)-aU}nbTr7hbNn`}!|RZC zQtnMrNg#E=V4bIrEAfIk%o^e}l(~mrRUQeYQ~q_&z%+D% z<+CELYNT7>h`Z0((Kj1!gm!W55RBJoybw~kfTRZ^911lb+0uJEtP67mrF%lW zaIMNT@wf>yM+Tki`rfjTSJPU0-LDfhf7Ck*tEcl!ihy8M=5Vq#uO zINIwUZJ}|C0CK36u84TsAf9Qy{;?pamNHD&Anb$;2J<--FJ$PkL2Np^)>=q!9jC*I zbs3fFZ6Q|oTL}BcWduq2fnn=|^*X{K$g*K+d|T+>*DmM>v^`sCkiB>6saKQfk-)A( zk;I%>^tOM;X^z7tcv9&sAAg_g7p{TR@QYh+L5Jvx7S9}iI24e^Qy2)VBT#&N*sL)z zLpgYQ5k2>*Yg-y?r55CuxJtl#K?qWWXFO+F=m>}Mr{t2&wf-vRASxC;(82a;_huAp*?l-=egT>|K{kHh~qs*Y!VEfO#n9pk%ZPf_pw zEdH2Y)sIzmpvPQ7wE9@q6j%n!`QVcJ#4we4M1Cw7R5a(~ZWi_fG$fS5%%c%PV!N>> zJ`PbWdqT()M*ew`I8Bl5eu@HUbDJ2|QJ zN4&O!h2H=EzDSo*{N4obZoHSbZDy1oKe0Vrx^gthc%EP*EW@jI*lZRq=eRz#Z6wdD zbP2y|6lA6jz{Tf*XMoJ4AHf|IE}`~*Qr0V%5WI@(5%~{{q$CBgyoaLVe^uU)>kq$i z7s!YXZ4>}o1BEim+787Z za@yyiB$f7wk3$#^ce-(9dyk~CPHvOvYU8+fgpYf11wajT0IYvmUk9S-v%VfPV*KHV zu*w#}SrhA?HWctV;adCh+Fl|RFGY~RT&zwxAoYmCsGk;|j^o_risL9e;4R7n`HyX7pph$d%x@XFs8Mrk2276K&FS0}~D0(t|wiRrf@pq0SI(4Y+ zHXT}M{vONv2{P?x%G_tR?R`c03v)1otiRB#ecW3=@y}VWlMN;>@*g@^eS0xuNEc6E z;Ni#55d>$eM3lxwS7DtLx?p=Nj!+^>?MJ$1iW)YNm`YLiQ|=xemct8Jkv4}mwx|}u z|0UvYU$?zs45+L4rGJr)_5IY3qf}_6eZ46M@BqHME(clg!8n)7;Sm2_sK+cSCt#cQ z68}kkWAhD}wP&R(Xaqb=ex)`csfbFeUSlOKgc-AYU8Q(YqV7sAjgM&U+qHJQ>n&pM zFhKDhJZeyTz)-qSGy5eS(D1w4wXr%*@scm+ItKT+b-ckR`vUU<4&ft(C_G2archQB?~ouMPif9R`?~iuF8mbSAhl7wCR6kIa*mpKJ6i70 z8qTR-t~hq(fdx$W1(v*@@4wWQhqQqF4%$Nei@cnieyqT~L_qT|v+@@kdI#?LDjS;x zxHN3w{WnW$<=Xpkj7ps!RzjQbo6Gb5JLJ|>#%Cb>V+mc+;hD9M)nV^nlsXNuZVhyH zgnLX=k4C!Yli&mO9h6BC7&P_NV=Q|5=laL#JP)2N2HAcBj&GvA1g|q?TD9AC$>Voj zZ@+Ae*sfk7F`Uj+MQq~fe7osp55Rd)6Y(v}KNlAT5jdcGLlUE@GjThfEOFnJRi_Uv zJJ&it%up`^NA%_c3T4+#@)^y(|x+_h|nO?Z?F)pH5^jyoN;2KnX< z?5zZy>&qWQff%x85 z(IzfilHgl1CJER0C|~sjw{KnlJoX!A8uqPjK_k4q{Sw}kRae-CE%`MgY3B>x403TY76}rD2sxug^<3;#9 zM&_!h;1^`S`IB$QT<+sc=WfX+vHL1F`ZNB{ATyEQ=543pqGKeO;4JmS76JWK)9h$g1k{5sXa$M--{(X1}; zAJEkR=sIOfet59cWv%nCnO$ldkh2@8>qZ_$uo-E63$2O6%&ve8S@}+e@#9!nBp8ut zzi#I{(1@NjZ0?E=6L~IT*8$&px*}0r_a-gOi@{B zwi1fhig;CF@;D5_Y& zr6P}RtR(1_r7)8oyoH%|r0X-pr38NY?tu1&&T6my!h7&al~1kBLq{dWd1v*EPgvO+ zSw>PXx?Fs^TBGbWX)E`LE7@AK#u8M>Y4c>aeHoW7dP4qK0=!&Xl>^5v?(~_Ho?mVk zBntA=u<>{5`%E6xxB3P6439oAV5&QrR!m)bBMn!D?U!V4mSS>sFu&sLhUn$<`d_Y{ z_{du0@SPpAaNoA~c9bCzz5`f#xMaz&?Z~pUEdo;!R{e3$Fd-xDyYg=YR4n-6kXnv@ zzQ_Gh`}>ej&xnC+6>*&`h>S{Cj5-{w$EOvb?TeCc``O6-Os<9d;7QUbvq(S;WM+g- ztFpxjJXPRs{T{pb9|UCI&b_$QwLge!2%JPoe~(81YRow*a=UsRC57SN|mA-xy`1d=LB#>-=2{Zrj3!HQ=ZngR4m!KdKw+g#J;b2f_ zckDCjPy{FTZK%4TZG)|kJU)E|_uBy%`(>qRoZ9lXzcY!opWIjTwQYEp#tn9zkJdX6 zNx5-7{eirg9* z9slv4z42~O-rkBBJS1$K2Jh4&YRWtts{VWd?#vY~CW{W6vHbbD8C+}FbyL+kYju7a z>=(_fxzE?Iy8v*%*Qn&a9OB#KqXcyDN|^;KJQ2_1C(E%fkomt$f!#ni5sp|NaNnMz?e*wMtOB%KCoHsbPKs1U zYi^V^Eq3SJa-;r6r7XgCUP!a%zaWLeCR=g>)X?l9&rT`axq8cj4zH?7tr*JY}XkO#GNR8A<8@b*6Q$8 zB1gAA`-o4__D6B{$1XQaeDj(-&5@5QC;v*;{K>;rR+-K^>?R#y&!V*z@u^LAOEb}C=?CyKrwqFdIE7_YND@TlyGv2dDHXU(`-_nF=he{l?76%ZWD1zH^H^iw z!NxH_=d42P#_8-eZiyBTZEhcIN6DNGzOr&Cx5gP$fjB({41nEPs38b;1>^1pnoWK( zJW8Av1t;F#o@+_W@O&6BmJH^}3=h`^BP><%5bf0NXIHbOW>sg6Mb%HGMt<(SZ;%h7 zVC|5b$>NY|P1;CP?v~GTzc@!>-=KFfzo-&TKkxeyagD>1p^=aGk@a3TopS}@O1xyW ze_xDxc>0!33aG$v%YFBw31t;|`^hwxRG$vQ8)B{T56La)hZMvE1lkwV{{X&!hMLfI7co!w%1fa>Q5+tg7j`AP|^idTY%1!&6fU&F&>%O0GhRpfO?I z?)6~QF3J7H<)xR?{d-cTfw-$uLa%AodqGZkhK5uHM1?gX4k>{X^BG&PBgyvE2(nvr zsb0`cG$O*|_ZOpnh1r=8SDEmb^J71AuFd?DA?y3hS4;IC2Mk!gh<01}=l)Sq9b(`Q zm~s$9Bo($S&zyXEP;5&lelVe}kH;ia{frSljBwxDHi(8*jfc}ych9JLW&;i5^?nDRTv?jEhB-W@bBlNAM>HQq z`cC_6@ki|pSA8}VDH zEaeb=k(zn~sG2@`1V(69F%R*32J33xX9Bbl&q_>k_4%4HCPSUj!vA%$O$#=H=viS3 znsZ;cmSAs%8-7F3<3$C}$Sw^$F&Q(kG{bF^E@@-+eR$$$-~?8uG`$b1>>ie%e|bJ% z-NO%gA3tj$puxc*h~^zj4o|!zDjya5p-^+agzdXtGJqm>(4H`DAeEDeVI~E2fW&?6 z{duOs#2l$Yi>Dg)Dj-895>?oaW0zy(wQ-b1~S4@HY**JpbE_}s{h z-mLHQGdw24Nl{d_`?C4$kqQ@1C&uUO;(mT%upm_HvEF{!6$4Gy_Ae$*f3vLTW0PilEU7HcYtgHrH`) zr&-tES=6A=`#rlbJeR8mGy5EE>{rO*QE^|(7-7N0!zdAh)IInJIjf=01#a!gWaqD* zCIR1S|K2-;!IC*Y8ymImLHKf&ApW_x68hLiVm%!CV zFz{d9Kef*RDH^zFW4u40o00zFn#WkG-{1C=+0Q?LoXIF~vVDW_{+Q)BC>7NEB7z4B zOuW=JdmICv(yOQxF-g`2-a$y)2WI>M8;sHZT28IaTmL!a!m4i5*o+$A}^ zIwp6_x3!)aCYr;OxG(R7Ilo-suK)6<#|?-U~|T^7kO{xyG*bby`3-guPvW z(Jk1@_)0UjhDSbl=LrBU6?VD8VIDZjMkO;`1gPfo?~4lx!e%+*HPqk_I9u+FWG0Qt zEBsCsRV<&#lRs{9@O<9Lu8W;OEo}^+ySE%AQXM37vu}_7M>oiZ`ePTEpP-ZjG_$fevuw2Yc(=>^JE7D zV=qn3;n@y*?MxZUehs|H!Oe+BLml7r&Ae*fc|YQWm-dFeNxvs$Kv2VcEJZYEaWBu& z*sB2L@ueQbILrKtNeOpj4(a>V2U0Mx`>FdRJ2|veOS-m-mQ4(wOYaW9cF04gKPUJK zf8K6Wk^bmBQYO8;PG}GRMMKX*K(0f09Q%z@{6AW7UxO4p!Uk3cfOB?Q&R(H6{K~Oj z@GS*_Pn|u7^rA$zL*Q&Mf2X1my(C9N-D7EGzJUM+1g*shoG~9*p`rb{ZltrEn=wNW zZUQ2Zhr>~(FGf=U8$u(W>U?<3ASn~Y7br-lEW(^%-vygIh*i~r&QWlkkiR)N3ZQ6D z@Hq`|IXSkp(8U0s181BU5$~9w3>+~YfwX4sAG^)O@h!%_Vw_B8CrZkv$heVD^rsR8 z5RtR9Na@ErF$z)br{bZ1sSW$(f~5i6%teYadzvc~*7#GqI0#5MvyW}~sONAQCfQ5u z7x__O+o4yaIvKQ3ulz~7&feQztat&LVS?`h-R93dTt8kesn7F$enea3ZF^ZvoQmJ+ znl~KRjC^s93` znYkL4bRsX~>&#EWxL43u)L-B42aHCaHzT5Dp{@Stoz6gZW13s*E2i~fj&x!H=pt4} zUcEP@O2MW1?d#T{#s(5rY^hm+^~!v^Fr?4Hk!TxMz|ae|9x@mrNVSE;eJTOHIiufm zJT6GyRX=_7owp9KBsZ~f7>C;1y3V$9J7J&#&_C>Q2;YcJu4;(dO_m40bZv*63Z;D) zw(pxzU?nu!@E{<)Qq;Zs%f6QK*P?Hl)95(ZnM{~Z-?w8tC+X0VU=V!C=m2=`bm_m$ zk$=nyI=*-t$kJf2eff#!O1~}JUUguH;ds2fm`r@V2U>t{#SiMDo!`9wYp9QTe;})2 z|472}>|7o`q|4g6Zwq21l5h7#La-Qul+@%PU%p)K&FXvK!(OP+xg>JAoDmBjm>zLr zuD@ZwhP-^Ht@oM}v*_>T;M)=26XNdku4#pZ#|#^Tpvry6Iysn_o_1MLNCcc34`n zXEN71A&FWxN(cho7?xA>Jbi<0a~$Fh!AR{F*XyvKtv9tpf<@`SsPT-!{fJIhy0`DI z&wbBcM#F5Hyc4@h`%AEfe{!~qQ(7XdPwfh(Qk`@`YLO??#@HyB20}Xbb@m6DFhXQ- zSLp^ma96?CkLkwo^QM5^&kdJ7vEO zHgNQboAd#6?|=j{x^R1JcCS~D@+|-z{PvlGjLQG^=XL(Mr;t*}QC$-2m(s_OT}+g9 zvRAA(v?7{>#&blmeVL5(RosaHeo#EKeaW#ku|C95IlZogw0I(W9dQAYY4%7R^Tmy6 z(z`vNi)+d_^5MQ>f6;`WOU}@LhZ*kIVN&o}HdL$Q^bqK#{Ol!?P-}U-?jKJFs%Bd^c--mw?8G5282EG`M;lGQtVz8$FOGBb}~MbA?>_EU6byBj+{(eE}npOaB++ zLf=~MY6FnduvBK=oxT)GNv`79Ja!c30HAvQQmC-to%I@qN={ z5OeTvD05z49pe1o>QWQzA#>TxIe>vO{<0W z0x@9ZUAn}5ed|T*iwBJyREwe{0plG11gwu?;Mfxmn}dNJWfR=B2#9bZMqONBGp-k< zwx!;K|4oc-k*OcZ84A}{fW9)sc1iB&(`Fy*GAS)%I=h7szt7nhHM9&GSL#@um+hY0(j@FFw9i2P#SmzS^ zD%h}gkllPyVc{nGeZHfvC;f3 z=JItao~|@$vo~YP(+@^8`ZRpSu{r7vqzV>}Q~6g|hyGHjzCPf6zAXHF+^X9LRQ}-Y zm&1ApKoU|eX!z{6K2mujz#`9#a|^8chzem6&Qq^3D`2CZc@D+ZvFR6Qn_s-qXpk0W zgM8wzftlB$b@Ju#P8f3fOU!;1L+?iYA#E7M1H`90xH8%*7;uu7c&woJ7o?%RO9HR- zc=HYF=B+S{&pGFQj;sSpED*8NUW0XMtozK-->Qj}k^Mkd$3fG+G>td(1P z<@7P4?Ec(a2OxQWIG1%rl73PkEf!`aNa5=-ZcpA{AMYD~J@|a!nWu`6H9Z>`xO?lE=A|iJfS4qKO;66*%WZ!NM)2d*&W&oC|f2Qyq(`oY{ zz4K>M*weUrK~f%&yb~&f@C|(T;f?ndYqjhJ2Y0{NYws)Q;ulm&o}O(q)MU3{cxCZ1 zSk5b%JCt&7^|rbN1+Zv;2Di{{F%ou6=cGsIlWoQ5waJFeRozC*Hrq7q8z3>xJ(dNP zy3U1s3mLPa20k2AggY|E4~4#z)tKN{&TGS zI%^}rOY=>q+R&#ORAJPIYFBzM&G+rgYzm=2O$4lv5dy## zWad!7kM5H{i+Dy{3Ya-v94gZk$d;jMBv>!#j0SY+N1HoBnL;s8yT-V?v^)bxQL2r9 zA+b+=M2gP1RM&lFB9xg{vKS!?>QFxxP_3DGPBW0{_cYABE1bX;z~GIyU&P(uA#{jt z*>}m8DM{A{F~21t#(n#B%UG8Rq%V74-;Uy59v#f#q7mx(w6F~vM%yPV83K~hky6~O_KEuV-G~#of z0G|oh=e_wG$O9;o#pK>DkT%Bd*@{lYU2PAo2T-oxC%*z^M|HK}DQIm|!&d9fo4Up= zjD!fAN5vnnf!8%FL7jW@-VSNPLawtvzdP}k`iLaBYCn{%2)vq#Kc0p5z4=cO>ZK=A zwt9p5GZE3~_}BYyxxab)dJ*X6n2y%1NSo)AxV(2DhkQuLgF8rwhrt|oJBMo7KW^`EFxo2nFxI;ugX&vV%#lNw5F}iclvcj%-hhPF-w6ldG7KRTXy{i% zIvz8_R3vIIYWdU<@6C$nolmxuX18UN&KpbA(fecexpf|-nQ}p!?LQ7K`;mR(5Gi7N zi%6n#ybyKyo67gKSUhcfn1TLtzq6n4q6&Szy8?jlRIIM-*`G*I6#^ODz#ojWTY=~m z+34HLAcW!X*TFHP$tiwsMY(T!Cyr3MYdqVH#k-4AgWlg^^2da9*M=NPoGsHT92v^C zbVNln#}ZPPPnw_*_kb;#fm-ON(APRgIGJNoxI9U)3MBjuy z78g(8uBW#u5F|9+a4KA1?Pfc)YarT5Zq4!=bw% z@lc19-;;R&)O2^0ejIiNLX`~X#?>U)s?-Mzz7*0b&c}!3By$=l4_f_IS3*_V#ffAah!;BVoTz2aCN7Au~T%vqfcnP4DMfYF8WC_BcLp%Vm&0 z-{T{HJ80r4+AbI}Hg>tSvs=wc#n_Od>M!q8etSB7;h2OmX$x;mupxzrU*fCERY-gg z7qKqmkY>}g#JDQeqEC~7F9iw3mTia`4P|IZ71C&Rw$DuMk_IBQoRtK~zppG8Umapr ziY|_#Vjilw%Bh(-9|PlHDE1-#PU@*%?)(GCs6bYTh=we_{cYmBq^&x9aA5jYU}qEb zi)fs^wt84b-dXYVDU1`6%(0+j3xx0Iv~*Xkf(0EWa8P-F6;23+!}~hM^V4pINy|H_ z0L>(xuXpPnil2QXk4u(@&FbO&V}KAn7A0bAlex_;KnIFIe?6r4=rC+^2>)z&&@`cj16gdT7S2Wzg~mp`%WwU8N6UG#d6FO}RsCS9s6V6_VVBT6e{4akTHM2Y!!{F4 zrB~{l2l0f}dcqoxSkfZF4}?%H_rYRzPl60qDJGVc>sr&lnw!@3@p@(iu+QI9XIG1@ z-QKA=aj9Xu-@^rD;}^_RB!{w^OZPLE#!N^+TG&F6aHV5a6XxQ0O`~F8uKSC09nKCD zNVeu5uWDL{OR=kWPA`2yl+q1pV2M8=N-jJqt;4$eGPK2di!wq#Hn!r#oJ=1s=@S8| z$IBB-Dnyob9Y2vS-(akHK3&jzGLhAqeQ9|=2=`0jC-%g$pA3!WaryAh#1r_^p6K@D z+QlOTWIHni(gi(451fw0m1e)T_Jz`#t~4%nsrcN?j{_yL2ml*3ow9eP0?7R7Wc|AH-)I}Di8OsZbSA5i{8hKO(P*M{5*8`ZGy4Q6|IS-6!oob-5 zVF*t1z;V{=!Y{)mBV#-}f!2}q@D%Bv3Gx5Od>s6rK9zbpApw&|K+VjHR-wz9;7%@IszZ|LXL$UkY|C+gnb2|i6)q392`t79w)eAdm z`xkcV)`d_pp4I63+n?_ICh_-!Au*xn_N%g);BfCUg(ObvCGok-6xUCtIp9_U_9))& z0>p-J5atI|6$+Fnd#_M^p5FEf<+}X)rbJrFb+Eqc{n%BFS`Ld{)GnVtTDeXqKT*_Z z>$-PKe(N1BA%jE3!w`&?lm-Cw&$`A${H)$gucaevPM}b_?H# zZJy8}xs5~j2slv7c24HcC1E8@j$T@ewV7^wm*&z9m6L3ar&u4G@T%5b%AX!xj<)WM z8K#uX(q1m)&NOiQ*h7fy9)>Z13T)+@q{kowdlhU~A}-}37Jr$)+-?KIv2c?^>T^@b z?09|5@eAZJ$HL}baLZSJIH0SC=vGSSdlAkzR~!e*mZ?`C)AlQ?iu4%-^Nf-76PC{7 zzDM{Jdxt@|*;Q#|j#%X~u((N}>dx&$W8LS}5M6 znBn<9QMI$0PN^hAX8R?^?2;?{ z2cR+lb~26qnWZF@dxucaVX4;CewoSisJs}&1Y3!adFdY_RFYGuNQT&m?{Aj%f#xg- zbiSV;$GSdG;BFLu@QzpWC}40ZOi;oGI7;PTT6UR3J*Lx4e;88Qs+jc!cASwZI8!I~ zQ$^emU-NJ;F_1rRZaIxvoNEU=z6l4mkmephjgFH6k9ZM zHg@XSyrKiwc74Di=KgpN^ArK@4Y{AqvG*g|Iqmi%Q328h`yI6O|*!$*2^M(FN|N)IUfOperM?6Q1o^S1*#t|jJgiuW1t<$-c7K!b=dfQE@MqsG z6>r3-J69?+_K&O>h{W<|fxO-%{m$m5vkY-EX)lLHH%&2sfQe4S__5E`f%q1B5?qBA z!SwSLy>pc>N%&3>?X+Dj=Xd1cfLI%3TW0db{NTl08Ax-V zYu(~cF_=&x#M=~rV5S;;rnEw|k%Ssph_d3w6SE%lgQe=HSbB%ygm~L_JaiL0Vtgk9 zv77Ekc63hnlO%31@nwKm#l-=fvcIP&G%|z1O*$wm>h6z}47UUzv6Lb)_l=K3&9TIx z@JQ(WKV8d*;DqjnpGm}oQ7{Lc%}m%vhetWT-YtB~jnEB~6K+3_sGj}T1StsY!ikHMMx1t+(9kJ+Yr95v*alHy~}%#vAFp0JF;An<{=4@a$lzIS_5 zKd1Cd2;S^s6bi-z>tUV^k<{VI8P>dT!~8c?Oj5VPwrau$IxZ9GW=B5*Q^i!y#rP2J zw8a<^``VAQPy_(!MQ9R%mvu%)^gaDK@v}P&cW|UA=DqJcn#0)SXnjD^{b6ZxUo`aJ zs;cx^JqQP|6|bMLutCjdl#W+lPgEiBz|!~qgvrYMFQ!QmM8JZn z>%7JV1=4|FJti-?n0y`gjAD!ifO0v)Z?rZ$3xy(1|uG<|9 zDDX>e6#K)s`Pyfv>8e`hzWW!*Ti4Ny2=ir;I|`Cde{S#>65iD6(3WE3ZpW(Hn#7wg z&A=msmnqz4YwPd5X;w>Y3^;0W$EkmFThh3AbNBAO7yv-`0Au1kjeOMMUWXR zKsb$s3%l$UXX(Cw2mViq*rI?j=FwTL(neIc$eWGW5fn{|`$v->k!lF0RL5Yiu4(?f z3Mdrvdk}oA`!<&h|Cy@CnU;7~AuptV+LF_VjTPN_-~H^WE@BwyNTzLJWULC^LfqvV zng_=~8^gy9gct$eSSE!QY(~h(&h!KP!*`ev!xuz*f6npEBM#?h<1|w zmUxyguF&qASj2%=T3VMgvnmznQSWbD$BN{5bB{J>h>)~3<=rMb=~b`AQh9j zm%F3hmLH_Tbz`5)bAt@~T-dP4Jq0Z( z5n$Z@y;2r}^GTMFkAeZUOP$6lQq1~PZ%0k;T+V_7Ynw7ieju~Yq9-K(&b*+4{f-HR zfrKglY05tKZg#q%fmJCq{|rIo)J>NMG!&FE*gr>OWjS0QkIRY;8^r2MP=(7!+7|k` zr-Dy`ov8DbUj42`Oi*tSSpHoZlvK4N@wqCXH=Z)odiSmdS(k(U#HuHlmmeQtR+ix&G#EyP1rTLy03<$w;QW02sa_T!IG$iU zvqy_FU3{^AeyQ=Bu37i~!95$!3(X;KL3T|D^y8UL2E zsYy?d^EB_tqCcxROK#6S(Y;oO@h{oP*b?ra!C^G#nQ*U2Ay-GMqZiD5%-1e(RKCdz z9$o2Z^Lb>9A@`PUXDd>!MkU|Dw2C>SWmxk0Qv`X3Yl>G)l+Zr~*jp$dq%kQR-cEf_ z&ZPlvlEs5|Bk@w@_D8VQ_KSkQsf8LS%@eRfXBh6hz6m|Z*AXUR&GGxewpV2&rHT}YqS>{ z#P+4~5SYd*`m~DeFxBS>UalyqlF?g~^N#KfM?&f9O?XAI_Z=%|jYhMNP;4}88?k8_ zd_#ZlH;sn|?T07tbAX!V7hB>Kq`i6m;}AFu7o15m{L}!Vh41wOf9C%Bpw6O8?%kQxP4$)%u0Ly#MwanQ3QL zxRfv0eEIR=ECH}!A-3RO&EYV-<{w>jcXmn7vDG@981sio1f!T^bUi)eL%9Nej+e}~ zGq`|GB&U*(Z1t_w4}V#VZV$x62Uy6LlnDLL-5baEONi1MREFCYkiW3L!xr$BL92)A zPDmZk0ZJ}+Z$8hYCKg|qgyZ6gC&~bV_uk!tTBDFN9$GM%=b~LD`k=>fc+14WD6Brb z^roKVJH%Z)6Hg32Q8D+yKEva%sAR<_3$B)BE{i|6{Wd+zSC;7^>ks#P9Zy`64|_si zuDY!%4C%dD8;9Hvsp~5H`{82AulL~@YpK==x@o#N!i`!pngbWakOYatAe2`C2j zb~3&Yq>$AIz1m_|YFSrPyHE`Ou(&A}^Tz-9ci!WWwOf?&vEM}gXNV_3|H{`er!?FG z*o)P}_$kWPL`mhl?wh;c;r>uRqZ4k&h(V||C-~7QpMdv;;2V&1(^zQ%6|5eHlt@7digWuq>mImm2@f|&d!t$fZ6`sq zsTdIcQI~VC^Dz)oP#I4BEoy|B;VbQ{h10%lRVq9c z8?J|!mAkwWyiii(qp*=Y1?zNH9yY(Mw*tIPLe*x!*^K^br1>;cjBbC5-mgN57VcVq zLxJ6ff|3TY*TlMcsE-LXJ^@^bKk%%!Nap(c!IIv`OBmXi)wxw3XqD^iK`f5Za~p(I zM&_2L?zMc^-Rj#02(}bw`^KkZMLy9@NQ~!q&qx3l+9ww!tL^k|nb!aq+%wMTZgqso zxC)Pf+2i^$QwM5{BAsB=?OT4hgluldsJj&wPu)F@CJ(jwwb(&JkDwAC>g|5!Nx!J7fjLx|CuUAz9 zbQst932ilk0>Y!G#xut9eW}nq@Q~S0Qk}T%hcvW#r}`N+Z|x-Mmn6aCdt85~{RbSrnX5;SJ@h9WH?Sy(ABrglHttgzD_8ZUPg?{F`L<;L{`qS}-fic^488E2kb2y~q#I6A*DDxC z{bjm0dO>c)v-#U7BKwd+Um``50y{H<-}v&-89z(|=IHM?UxcplqyDY7*`eO;8syM3 zw@>rQgQZma%+=dh$Z@lM?cjkv(Ffr2HQ?cE*oUKE*j}F*_h$&V%h~qHt~`^1(^q2% z34Z|*w9%YzTb3nnboaD;bbQERK}9>p5;cw~xDAu1_jRtwm1c>+;b$cUrG-N47UVfWzt0Xg?0$Js^V# zdKX)75ykv2DeG5rw63%ad=HXB*S=7jewctVaaec6YdE>F2ZMCoz}W0y&Bhp9sV_Nr zBT|BQiS&~OgX&LZy4+g_$-cj=hvl?~08Phx$I7?aM674xdKb?yJq`1@b_}7#%proo zMiS`ahL%L8mtzh8xN^R-E+6bKdUES;^DS8Wl0NrXiG|bj$bTkbUss$UZS0^bgaqMtyGkAy?s2;A`4^KCjS4{L!&7|JKMU!f&NaX=`9S zF9OLl!RS9v8P^6(CL9exCG#KP6ZKjDF2(e*_IP8~FFAVCKRSAI#k=QbR8Tw} z{-QjuGJ&qXZ!&LR$l7vpgW~+Gl#04Utv0BL<^fsr97NRzjVWlIi*5oWSH*8(EV*r& z7WcMj7$hxffQ}wErZ}V$>1M@#&sRkdl$pb|NBCIp>G}003KXZX$s^2e$+JO=U^E>T93{d3n~kI@(RxxTOfB%4Jf4Q_@BRcuH*Nz5dXTfh)Av-}{ru z{82#9?qu#%b`x=0> z>jzb038oLv<&Y<+F0m6r(Q6vJ{_|*AgcG>dZI6V=;`w$EzAMN}K|`dAdxi<6R_8;C zGLzF8u5Y7E1K7y;40wXP~Ejgzg@BINzm_zwYs(t*-zVQ6*Qiqw|x} zT>%V*XTX<W^Ay>;*_jqdTCoZZZ?obuuq+g)vSoEF zfCr(PNaw`Jmy_|i-Xd!CVkiV3KLWJXC0X~_Ovl8gU>XrQVP&!G=q$UR7&a;B4B(d2 zar*9igKiOioZJLj&Qx138~LXs4ve^hAH1U_l>*AUGdx#LFX^<$zz>F`|9GzC0@82* z+t^-`;<!3}xuS)x1MBkkQKsYILjiH1es4~&j-Ttal`^^z`1ek-LdA!Mf!Lb>w?K;mvOT5Ia}gW%Th zp`Q}xS4MjdSadJaIwpSvn&>{P zST4&QwPBag{iQ1^uvsql{(?v;@c;@%%`4zP7Q`MtXEVFJvImF=B9u>hoJXN7A5AgC zcSUn7D+ACqb=3V%;swyU*ar1$(d`lUipK%Fg%jc!@k$=Q<^stKKRz0eRoBH7xaFCn z@kWIY>GIfDHo(NY>(R_VCpxwc)Sb9`vP0RYpN>gZbO17+`akFN0^V0Z9vb{NuJlJ2 zK=Qw|*6Gp;?#y0Lga^gtaKGYHtx6W4>_DCZ-Bq}K;XgTU%;UFaJo4)7 z=>{@t3d2qeP(T;(diwKq0Axwto~`(hUZ<0uTv1hmMWYv3$?1YvSII9_n6hMeJ&ci# z>Ji(RhBDbUdg;~M+C--o?@7Z z2gcrtY`Yfhr4CKelZ~D-6h<2VuOAkb~ z>SrNUQf++IUx`^0EZ?3c9AP%1p?rOg9HtHYtW;pnNfIZ9YO{Pg=i+?BvyJ&q3@WmI zW|XB1$~xajel|YXCL7iESpLQ>$y(2KpT_XqX&eu}7i}^#y?)RuC#Sh*iOyd7?}Lz1 zaOBGE)AyJI+PB!M-x>~={ZVu9IR=kLDFq)GZeb!8t&g^0=cY?i@?!fi8Dx*aJs?FQB720g{83q6-T!Xe>o& zXLN3bBIuJta>F1}`wISG)qaz~y(qGA+(KyHGLwyml+Ex`U9o2)muhyTfuv z4Zw`h=mvZcZb*d{_am~lM#oFRRIPLTW^j3UqR}CWueYZkUzb8eX))15{Q_5jJy_Pq zJRJ}^fOvV{z9}vt{E5&5=dK&vnI*Tn2NWm5?MV>Q>AIJ&6d|IX`v9X}2^|kcdlZiQ zfv`#_HF+GYE5R9PJWihdSrvbeESec;{Lc02c;gKw5G83jHS{kBnQoigho^ff)qC?o zYr6iWVVb2>57AaQU!`~z-BIL85%eFltUUKxA_o>l_lXj!MKN@N91Z#UL8tc~Z5+RU zorS}Gy+2RkrQsg?06?o;-my(TB4i+4neSe(NG-7TCet)r7E_D%>?c-H_}YsHR8?ID z%N<`iY?-EVgME@%`}Q=otPyefVm=%f+7mr0_pMhDis%P*rdd57&eK66MmIH1%L)Bw zp-E&SakMu; zHTOH9l`~O%)X{#S*_vec8xQq41NOPwOK#lCexW<8k6$3_n*%v{N+;J79IK4kL!38#3f%Ed)VgVFt^Io$~3F-l&Y3d?~MS-SA% zIY^P=WYoC}U&uDtd*m^ipXjSCeEnRb)A^7J=&G*MpheM#F%_ori)-F5JgFXebPnPV z;_h#fmc}23zQ}l|A?;o<*`F7ix88ex+~PCC`?b%mdLTXpIN%)h5VSt^3`Pj|&zYt6 ztmVz6r(}BGsQsdeuHg!gZ=RoHk=Pe%ZLGTv=H&am^S!~v($61EM+yJ zrz_seg!GxF8J)Qh1e4cIXs#nEp8DaBD}J5>0l>8NedK<*4AkIDOivGfxLHFd9sR#q z=TZ;6N;wsiz~dLMz2!IjiNv?SH`<=j69EGWWMnkS*^Y#^C}F-_tZ4A7t{b z+(pHw2$!1e0ONAu&GiLzc`@9^aIhIRJ`2o8roCZLH>IEd;}}xEeJl@(Cik)3pn(yN z%ffiZux7pV6jm)#n1jm$3anKh$La*MKOdaierk(H+~9S=#XT$6=PO@B;BoT6rT^U? zD4QfFS~je+1Rni^Ivh1vvgAF^Ehx!-S5t@hY!{0BUYp&31I29k4383Aecqn%g&Tt} zm-pk+1pL__9%yw4@TB99{i6m*z|`~Thjw4Ud6;Wvoz))Pku_$h;UiXw@a*-9tbk5F6E@Hr{o)V`x9vUO`QW5&^#=qe;%=cZj+ig9Qhbiegj z1N1Ww0iWs-EVXSR&CvbHw}J*u%?m8_*vVENB0XQF=d+?~!QV>p^2eZ&iF5e1N_AN+ z4iNERSNQ`(uz%RnvcYv!2~8dptxL2Cr_X3j9UJXWK@0r`oWp`Ha3ixWw*Q#YdpCs} zPlG4-1&B4BAdxgOlop_-`IR*H8QCa`G_rQ#6N_FiS$|EiJlJj>L!O{=n4xDRu`_$K z9-4I-k$S$oZ&UXWqZ?-YTvxM{SGCfqhjotZFKeoiu-x6;7M$pK4^+drI%_$d&=Nk- zRcXM82{CX-20F$)IPSlzX+N#l1&o_GJ zv+YAOG*nt{<7tVQMiu(fQoCH~D(%kB#t}@H**dIRo;t zRr=vfzK(_jbIa2eWMpNj3GE}l$J@hhuiQn^;EFyK?3!^LOO~~nMisu-PB%|h(ULqvvQXgui}D> z`=&jJJiwjdykNCoTBI{N8?;Y%vPzkda6IV?Ic10EttZe^D8wry(Kpk>E`3H+avy7wH?hC>_Oi_97=+%P_m*azk2;7-Z#wuy!y->Sn*yGk$TqNgt+A7HRI6M6HcjZoI zVkJY>Uh;N3zoR1~OSc#qdo;g2uFiX0C;DLf><=yCmK0UYM1`$HVi-KsD-yS-2mQO; z0^}`|q?;u74aXw*Ra0>d4+WYb_v;0_i{mB%a#G`miy+41!x>?8i0dfcf7wxTU*M0f z#rp+4Eh!KFS>EF|_2WMV;);Q)2n2QxT_Cw1FHurVUh1AxG5glU2W3zZYC zpcb<&STdAg+zm$+u5w>4P`dOCZ#e0qgv>Bdk#UnBck%V0j{718V>eJm;e__xw%{#k z_iLSr@=e<6RN4~uL9qP{YJaUSNq2}N4-!-m++~NPw5>e@@x*O|{KHa*AdbE{jQuu( zZhx=Ie)NLG^&_{@vH6Qf zjMhqjxwd?on`sS?$LmCf=y)W-`t!2r^?rfB%N*Z-tUs7q=_}8R$Bt)-**Mwj#@bY2 z%qx%cP-y^Hhrewn5knOA@lY7HxR@ioE$c~gPc1`h7Fbs|?~DQf-lOT8kZzr+stw-A z0lRGT=o0d$J%Qs+eU+pLFMg!WZ+f~(6xT_ZB<%6Mpg8+e?%CJUJbi%_@B29<%kc|t zaf~?avJJ$qVNQD>R;!G1+u4<(Rfh_D+x$nXb;@#`9@h6eV7mwv^K~Zi)EI=O8%rw% z3`$|L-kGmt8SwaUYd#l^QJBd{LOEX6=k+6gO`8g~k@#wGiBEm*2)mtgAA1ROHgXVL z&ssw>YjzGVQBA@wZ#(^tarKn!3{4@1ucjad;WdMIQ54otT|#8pJZnw%t7pC*Sc3K| z%IRHtiIg(#V?S$v|o`w+^c zd&ZNie~{#4(|urkuor$A-GZHcdmg_@q@DHUwQdA798Jp?p>`95iT!efS>~_J1}bGE)Z6W$wnu`fs#G?Afp6URm7&yi zXTIf%8&!uXo?sCZANiOM-R+IG%Paa0J0R36op~l_P>?h8`m_S{SHDNXNNV?n=HNR1 zZk0!qecV2Lqxteb{dzF8-)*BNNedFwsNd_48~2Ofo|5bEv#$|Lm!GiRta?VT%i&~K zS0;1>Z_g4Fd%hw1HM#ZXkB+fdJm>=l^&=j$@L7s)IFP-#MMfN!05hmOX{tF`RWuCF z*FNR<2NUGmpMB*tB5P*`P!hf0t~b>;bc6-#&x1wFuerVj7#4a+GNrk99$wBZ0Gii! z+aaPKe7HlsHk9U`iP7HTecrTT;v2(iX z!|?Br_I2<3o0wiJrD$xhhwEqQleIoLSm~gj$A=8vdNR(KR{FDcdE_vHoXJs!=0?f`&VBL@bqTEtkqIB?LIV85N<}5fF)y4(LGTAo0<6ISV+F>5Y z&ic8wM%#Bfa-_`7@3QqajizzV%X0NkXwkq(qd^AEX}T6=m}sGVc7G;hi=?i^>mCgY z-Qc?@&+Z6ZnwK)aK`{;Y=Z`rS2E7W z#D?)joAJSu;Q!!qZ+@U^+!7~io?u+$|H{`Gt>|&02x@%*$a-LYtl3~Q1Sw(Je*SXg z`Jk}vX$e|yynfrP-;Ea|I15!_si!3R8kw{O(|rt|@N8ZTNb$|EPl=CwwF9)t!AG}7 zgdhSH?sF7sIYQ+)htwe-TFmk($SptG57Sq@&w_YiI0zg!rqY_KV-kXs(X#sg0rpQ% zqGEK5{;+F9SKl(^>j^BxV;HaAw_K+oF^(L z*$U2a+3^ZI`}o+GiX=N6uF6@FjWhOVp2c3COI&+5q>C4j@AKayq@=_ozN=x^Amh82 zMYX>#ivvvlu_%{dA33E0&nThJ(8Sp$?7-iOQR`ghioR| ze!krI`FWn(YJdAzIGX+)$K8A=e7%G&&G`&ex>VBMwVv@9%V{r+$1H6Vl5J~ZZ>T1& z(S0jI!{b)-GVWKLf=6q>#@t7N7N25P`d}O-`4EbnF{)r<#H4?PZ^&sApob(6+LN>3 z+160WzW2ZBoE&ndl!jA_a_xbn{rY+W{orLkzK?Oe@QanjZD7tnG$n~=59lw$7M&Wc z+wb#bPxk1NeAzWx%5m+<3vsROkZz@I_vg;c&5geMTF3dtf=`(-0HaKg-jZc#uB{QTg|gJ_7T% z`r8FOh(~dnk7RqK7P7gn7UO^^R@r5G9+wb(0t{oS4EP&XLBwNFEw|)z{y^J$$@vp? zVlzoUt-qBE08SruFGi==3Rv-eJ}yDo#mcX?YewK8$*EBP_>3dbdrxGvmGJSHn&uiO zAhKXM;S&7dd5dN(>u1NRpgK6l*H0AU(ceq(neW_UoC8SGp~8aR0*`{^vqVu-7e)*0 zC_1#s4%tBgM*`FT);u42TdoysP5%n=-W^~t)amjQR&DzmBjQn9Cj3e&X<7sk5oVWH zA97}R$AwAUizfsr$eH!U^aAo&ZK@=hms^gUT`^x~NBDnzkUhsyPSE5&U%~<5i#fRP zOYZa>T@(&f4YxEV_(%P|W-#lD*;76t7DXlEeoTk{>COSP0{i){`<^G8-evc_hYN=^ zK%jUA4*8}|%;ESm6S^rY4suk%+_rO-tjD(jp43fIWsoYNSeXt$Ty(#| zUSWboYs@MBcOuL4M{oe|XJGoqsX}}q3FF2^$Mr=Kw@&R|@Lj}3J{tF`BTpI)$NiD&Iia1?zz z&*wO&r){`$XH@x~9T3{&(6^l)G%$+J=(i@jJSH3T9#@xo39!H`j1isDMdv@S_4+mW zlNA=u>7d`-FC@=U!I#fQq;=y73+!~CqxqgVqJ@$;kAEG2p$GHf_~sQe%G)>`o`L^Q zspFugN)keHPo3g;F7nISpMMt#QO!x;!=3EWk<10PYp{AKdtYF#JRKJO;ZNBI$2|(Z zvZwH)T^4{@hwph`3-EU%T*i-h*NPd{KHJfoLMB{52M3H={cM{3_lhuF#BR@jk-Wao zge>;PF~7XI;B?+zLv(-j5142?J@00KJWZarbP#}G^)F>#j>VZ$fuHvs=Xuy`m_!ZK z&JS4`yJ|atE2R06>&G8K*sNLf3*%5OAfUEnCYNbJ(w$X4k*BzLT`7p}utsT_?E~iR zB!%Yw#vh~CduPv#g`6!B-Y7{w5*_!ZiC%%-;6PaT)9CY@Q`r1@cYzytlwlMZTN?FB ze;%fABe?aZWLLlElc&Iv_2r8;cMkT;E*vCuxqDhsqI)?ibB~n0RWn3N+V|!bw>tqJ zoznEgSI1R82Y&_Qu=osoZ8oSD{d;gGhGCBS$#))5nq^AXd@uJFOnsceA1h>y_PIUy z&Jz{;uNtZfwBo1>i=ezte|h2>A1Rg9DzppK-|F{ ziOhttz}u_b%I_R;wrkzs-$#Bxv+%b(Y(1<7ZsqK8dL^sBl#MMOuN~?J=zd;P19-iU zWqrTLMz-PEjAmCPT%vhn^ zhfUyN60uzG@%x>XdpP*0n#rdpBe~2+DZ%*ZuHLia?BDb%4)48*%h_kfkHB!aK1y#f zEHXl;?LK9b$-k=CBFc82ku2+)QX3JC-aeA^=b|L$ud2@Dm3h7!5`Cq_(+^&b`(gCY zLW)!I$2WR@KI`V=w7!NhK`GBbejKis%)nZ+YM2p}eFviuj0^}x`&rN-16;DNee>{x zZc~TmO(NOU#~8AH{kq8Z zzLKTJ_PK=1&)Yud0>ENR?W4}V++S=}?g2;x1LY#p&pHOZ_$7^7Rw1=@uco~71`06L zU&B)Q{RgfV;+;4RdOp(RkkGrsxxE8c)uNuG52 z$w_*@Od}ED|5sHcXgcsM9m)IoxQ0P#1QAhP+Ei=~tiLW+daCx@63-5X*=y|IeVyx{@y=;Ybg)5`xy4!@m+aGHYvuagn+!=1#xJN z5b#O%J}F#FbQsrGvCaKezOvW`aZR*g27#CRlQ;&J#~|+*!$H&Md0S- zg!y|OSLgA-y(K=CNwx|)oXt*gVxSSZ?<)fbC3Lf`Sj{Elsx?7>#B^NT@stuhGK3E%5!M3fqMn z^j)Z+Ked8j0_)QLVEqi25Buwd7bJ+>^MGC`SPSE2?cp-jk5}S@b(xeo3Qt(KV<*M9 zRDx!>mHQ3@Fx>Z{^jotU9zP2?ND%@yP@@?{$79amF2zN4jvjRgki<{x7b<=e?ujm3 zs$Te(swHSP5+F;vv5@%1NPf=7r6s>L{r#gL&?-f0CkQ|&lbx>#USQxK`-sNoeG4xy zLK=dff5XMxFPemRErOA^mer;sy@*e@qR|LPUZF~&z8|IDPdc`l!w+=6C9z#t(^t19 zxr>U%kgP-9PChSRiVGW3Q}A&-d}7K2`NUW^(I)*>U|ycYANLlz9DifvJNn*_UB>=V zSh|QQ>8eHiMC24K&JX6Hvh0!Qxq}-(1mICI+@c&xTViC$iOfo-`E%{J!7%Js(oy+xUbq*t3mig7= zgr^>@CCeXUIxj%mE$AQg;m`UBTU>c{T&xb4(*+;iv%SB55R!c(eZTcvjC8SXR)3fM zpt4hN-X5Y#Pwje)G=f!cwxJzR?6Kht?i^mJVuHV)Jt1bJnS|SinZJit;P45^n0*=P+&bGgld{QaysV)o3Rgre%wE#1;sFHC_rTV@QS7cDy%!zA_F z`zipTxJk`k;xE6eoJA2kJi_>-qw?02>#&dAu1aS}7%HmV8^X7rE4UVXC2=C1)am<3 zML$3d17YUQnEDZ7mKXVL%@?4IYTA&LQ6=uL{J`<@Gn60y+U|2nIo{jiJ$yZdWB@2U zS_F>s6o^c<@r@%tneQD1h)F+D+I)W!reC}8%{aqFUCLEyw$Or&GV+tv*mEuMq@zD@ z)Mk%r!#9kyC;J!RNN8=yRgKGGT@2YpOj*yim z*KYS_#T=?=wS3OZh0NN^;KURV4GsHh`cp{x#J9SA3G>VTUfkwZ>56ra_wHVHY4#xd znH*{W>DqWeSFE0LoDoxGx{=9#2NoPK*V_HkW11lHpwG}(-oe7Hs+Lkfj3K zfQsb8qrA#Qmv-dGv=0hd1gy{XGV3;?Z~pTv=AQ@y@dXcke@y&%7rrR(!8CSMzYBgF z@OOPgAB`685jAtn*6ze23EWhgx6kwk8ZPXUH|e1$-yKrp04o@n?m_kbiTKVOojmJhqKj0TNEKn6BgtM;PtY%URwp z%Sbc_IPGJWACdjbLkC1wU-Yz#pvAp$|Mb`*Z!m?d{e#XOdLOw`%^mO}3bbb*G(BOV z!0tNL4n{mV>O9Z~GsYBj{OsYHA&C~uX%4q2B&1ejx^^zM(+To?pYP00J@B2|6#%Yo z516{+57cLp6n2NeO2lB+(wi3oF?^qmXZW(VI<%fUx}*~ZIk7$=~ z1~ZI8e&fsHq1wjl_ah&ad&IzhoMAd0lYI>U<)+=gUK2B&=KH)q9#+{ViR)|+y#>n! zNgFnx@X@*{*OGJ3S^YgPfo&L;rZisyBM7+_m)U%qIrDW-fXc+fh4npA>$`-9If)Am zBqw#6B#ES0?Q^k59jTyw78GobQnL|)l1V$>Mb1-TY1V!?PQ6V>nNMP<^Alr&cy6C@ zgY8u|a83Me67HzWzB7HD_%V7N&mUvEqprA5i59%VF`kv*rQlWaOaHL03MX?mJ^T7f z4Kb-%MW|o1XckVvj!69;H|VK<`<5Z?6My>>9yDZH{n!J2LL~C0DP;ZG5Q&%?Rd{Z-q25^aeRy)yvp)7Z2jMDwvNm3250cjrv`F<{FOWP;LAeR1@*y~s83nO zyY3~+{YW3&PxQ&z6f)e~*9Gf*pQFC{F?^2b_#XH5X1`*=(z`Cc?sM8z%?$R@8T0%L zm6U-`M2ZCP`{mKLPA5I7PHP^h0nct4>r9K>1BjqHv>)N9&E0M({eLBbjW(3|ViuJeKbor6{N>_I<@lsmNtH5T;?2NFWk7wwW(Sl*)PT8OefZ>2)0vvljWXA8Kg0) zpB9)r;zf@4;&6DC9LxLD(JWvrtN!*--ds3i5VS8^@ed5hO-sxc0XpnJs`$>@-0Wu5G+w7Ek1jPP{$6oG@WkB1uHvUP1D+=bf zNmt{&C-*Dj)P6SS!)C?ET^>$9+Bk3~49r2%Aoq7h@XcSEI+Dq+uxOax_Rk4TRQSK$ zSL1EOe>De0FVDgL5kK6K`3pUt+LsYhXbqegDGl?+8NWb2eXHVjv=n+^nf)*EkDo2n z5N9-Z-1k5ZwCXMI-R-CH`*5KQr3dcGDO~b4B}2Y9UXuA;n&Rf0iaOQ;=WPT$pWce81U^UPq?dm$|9-Gu>vVP zXp10cl0K#9=rFE@51L34d%7QpdViZEm!ABAi760FkXD$k_mP8tPWXUjeUHb1A3xO% z%vT~zAEUYsIruFA^Yf%2@>C5E4t_t$SX}Pqeo@X8XS@5>mcwkT_%uEsk!4TK{CE1l&%ZX)>5E`WN;nah&?&c?r%I_ z;~%{r)9-&FPf3n_lem0EvP7#;0Amh%2!} zwzSgk_;MQ!G=OolNtPL1<>&9q#0iUzzu#MqLrhF%l^syVxwm7v&=b=c@SA26cGrGN z#X%h5%jfs+?6SX6Iv9C@YlYjJD7^`9l%Lbj=I)QkBXiI)fYqdV;4Bw!3R7r$V&L0(GciKleNze>{N8zPauHMI}~}X1-DhmAeBqI#l!eaE=|oxd0}xk z{ci4=l5E;XDfll1k4ZcW`ROwm`>GoHl4R_w_TX{C;;gU)K@3*comnYl&OOzfkq>%~`NG_dn zA|^RvzqB^ZlgwEs#b-?-MT;{C#8^Fo)NPq0y{7GxgiSDT#9}eyV}oE$q>I=3fQ@%A zK=&>>c5f`0em&qi58SBYm=vXvMd7WKhr>OodWE&3m!G0nWApG4a{636%OQ+pUXs)i z&FR72Hp3*CP>JsQ&~gNWRLuw`sfKfR<^1Lg32>#t8#u?`d#$7$BQBo&_yv;x9&AA~ z2LvkP;=I1ER|emk`4%r5ld6%+-FQoj4Ji0PN*b9)F3_+Mj)01?1 zKX-^9AJV6k0Z!vH{OrCKcl>?pzIsbn6?RcswtQs!67d9Ktg?2~f^%yCnZOYOI_6$9 z55mREBr^iX7p;qA-@W3r9)8|}z(e`Dr@9#tCTW`~Bs?N3~?%}$|2?m*uc9sDnV;8(}zVRNO5R&640Fhf_UQkuL13@96L=t z=!a)Q>d(+jI9hUT$bp~uc;CiZb=w?4`IH6YugJrNrDY8Zd;hc(L!6TM4I3=`} zmR^@h>1%)4TH_ss@fi@ts!^YsbudoVtZnNZe+<@<@A=$a^ralj1A)fYeM0)cOX{08 zUjELJI8wpPEe=E=|I$710T=DkyyKVT&KA}_q%ai4N~8OpXBtr2za&O>QonzVsb`u{(){)n#AGM5oR@b$g!MuzOvCMiAvf^RX&P~%Fa_TD{U$OF z-SM@VEc`<-A~Qex$RR&kLvv)eFN?g!tBjW{0}XkCKkAiTCvvjj*XlwP&xK=t zY+yT#g8?uDUnqPd^{bry>{^>cHGi-#8T0k8XDeI!(a24fQiqw61|t&XAqNoJyNyIj zozTHX!QJ>lsHQXeJy%SxeqY2a>J`>YsDk*rd2+0M8mF&y5CY)^NKOGC8`{ApN_4I*T=nKt zm=(S>-=uSI!N`U90_zStgoL_2U*!Ipx_Vgc2US1qu7|knEgDgGLfWk1O!#Wv`|D4d z9%q8wSj+-Suir$UTPqamAcZ6>?63NS4PWQW5)yCJVelO1%cW?>v2M<7Q%Rc5oFmSs zA+f6`?1~Ag^njf5XE@det1YmJ-EQAQQunr`oF)DgxOXl&)tTetuhQaCSU2RIaa?ms z21<7J2uQdz%lCa9ClCYBiu1(8RFh%;oAyf=Ot;)deJ33_WH0r_;JjCU1ZW`5(UV@M z4PWhRcRaB}#NxV0-aWlOocE2jfoeC8p&w2coHD8%p|T8lRHr5q9^r+q*uxzFAtB?B z$@{ijb}$XQgo<;$j#wyuzaLq|czi5|r+@=wk3OqIAfNDZ%i%%_!1C_F!p3~Lo_#(z zmhtz%`+)@zpiPR#7j9VV{l&3N3F`Hh=GvNTTLN!0=M`u$Z>w+06^|zi9VPzZyS}7; z{EjN@3mo>{=YG4^cZougKghib9}C>fS|l#x8=T+E?x<>9@GU~{B^CxOOZHj3NCvMP z3Exu{bL*NYTeDC2FQjWs*L7oY*rTq9{9be+@Lw7J6cyvr1E;6(Q#9cww<*sO*84T; z7(PVR{4D)=J%ouZb)BsplFGQ8o%syL9f>o4_a&(3m5|{3ptI0qa1-8x8N<;Q2D>Ta7p8$H;b$gT_+piufXL^t8 z`RV>{hu4UvJ1eaAi1JO|^R}ZGWfxhAVkwnM_(@&qFV&Ve4s(4EGzWop&@}P=H?*Id zIfx!EJCdBd9>4|O=-YET!0^uV%n52O3@mh_5XMGGhc5f{Cql9!R3|A3)l4MxOwe9z zDz$rW`iM`5-FTcwk|#XH`Y3uYd(e%o6cx zo*w~iY}^@@)%Z}1=`_YvuUB{MEIvl@(!fd6a5MbQ4!yr^bVD?E-NUUZ#+V`s{*e|Z zW@JKjg|1g?-@g2nWdzd-g))#a#iCzGjdjS-)PbF=D7c>U(f2c&yjB#C#J*P8??zPd zsM5W~r!iIRKa#F%OHpl${*oktM~NaqGRm7MC`p3kukT6q9d%Dv84zKI6=ranX?n?k zl(o01@AZ2lckA$2yyHHtb(kPmYAIfhr+uy3^&HXq>}RfuFFmd%Iu)<))E!Q=@p9tj zYrf|XBTfg=0oCA3nRaZA?^Z4k25f!HV4p)D;`#G<-M*uieaTLTNN_`OUC6fx!MWSU z0D2psU$B3=J*b4ed5~sK^0k`C%j+Nk-qWWWDL=Gk<@%NnY5fe((uOauF-OAQIF%J8~SEi>|a^^m_b6DN^L_w@@E@si{wd$1_EpQpCXF~mv`PM1gq5JY?X!g_9$9aUKkTL8J9SV_ zD4&yhL82tUDII+>uxUU+3BPcfUO+=>NbF&q<_Tt#8v_an+!n zemVuM{YUHdC8>Fa)GWXn-4qgjOgD)-e6&?RqMVz%MS&d$REhIP0Tw9)sE|A##0rHP z>!kZ|i2NOI;e)JUh1e~MbroAMODr^>_?!GRuKNa$AMl+!Nq!jR_alpN09bnE51FA; z_Vz=qJPyM{F#8o30y-~L-RJS{LFqoZ>}z)p6TTFn51mA|2evbz@Mz22u|N5K_)fD_ z+1Of2+m&>^5=HNg`o8y-@;l$TM_%m9@qS5~oudzW3{6O+QpdP|xn=M;)!85x(UvA+2}|kew2=GrIgYjCxR5Ht$R<)$TtG1b-8woJ>yjw{SnrHxj_J!BmcN%(h z=hk5ewm66OBozM5az8#T56!`AshRgbsd4g8TgP9LF1RMkwU<{*#(yE6rJ zm7we|9im{&NZU1q40?7vg|omP(R=uvh*A%n!GXe3`aR$8Ei5tK=7HRY(|V%Hl8FS7 z+N2CaY|I@O+}rH{yPt1$XT#~E@a0Q*F!?F#3ZNyW08xmtMd}awm=y3rEo@J%4B*(& z?wgxm!!C4Lp=Ned}$JdXQ7+*7X4X-xfNn>W9tR21Yo6I&VnIHs@1d%#?7JmO%3Ur=?^>(>EeCOZm4O)usF4bX6#xqR zrR=j}GTGl*Io`Uui%*&p+aP^cP6x9CH1NsDD|j6!g=t&x+Sg-Sjja)mTm9ZsdK{{x z6A&}Mu+`4A0h87~GZ6dWb5#pN$sQHs{ZRL6nLyi)R4P9CgWC_D-Nr+dI^@hvDynA(o%TzF*gEhczgNn`$+L zl2|b->zhi7VtL*clg|dOb=u>5ksm}qzkvf`8hI@mmMF-DeOzb`q8E7o4-jg!%J|#n ze=Yu_W3yTaJ_(NV$CvwQ>yyFxl*)=sqMbSr5mW(h6Pyr)rg2=x_#u7!r9OsaN)(G| zlcEtGz1Exqq;Eo(WC`e_=2X-XnH`bwJm5D(Fe%(QbC^DPDLHBnXp#=eHQIhLH(e%} zj>h)zT?pzv64;u7U8GBb?Heq4xK{h+>TW+3agG3HCYwO|B+`s;Yuj!USMyQNoc!}N z^kO=HYS|BQ=~{=GfJZ z3lo%DnJ?w-cil%|YjprnY!^HJaJ}()9k>m!u|Fx^m>`MRT_#tl)&#}6{%FX1DCQ1K zCjRah!h%CNM<3sNssO;X(-N)ZY*!B}if~Vj^J>N8EI8EQ2$UXLSf z*q1$;eE9|Q$^`7gjC%M;d(*@7rjdye?OdlsgFYQLS@M?QQ<}WsiCwJgw9DGoJDLAuk;v{cQ&7#>9huRRIq(+Y^u!xcYDmGf?Em;;0b9)IaEH zHKuGyY!h7czP1H^o*f9lfA#T`L#HkJuesXJVZ;P`>Ms=5 zuft+LM2uGW{zq4q<%UemKj$lrw%d_>f~XFf$m~JOqExBs`v3{77Se;wSdW-$uKJ!w z%CT9?$5ra~73w67Z)k^8vEcr!_%%Km^4s*qkfMJ_+ZGWqscn9e-;o1i^F{>z??(VO zCcYpk1ttSuw9PPA2}M;i)PR}cex3ID16xhN^nXa=lsbHq=hx_S9P(+!qG*WliT+d^ zB2;Ddr*!3r$I8IV0&>(Cq>6;lMhL$729ACXtlS=+YL0!YnVB>aSJ;(B{nIwCr!8PYW zBnrthc+U*?_(K71LZzE-y*>wToU-$mYTN56$ZG_1dkxH;ceS5fG1zu6nrwBN^r zbMxcebKh}4#=BZs&NwRhDe!E#xW62n+fQP`L$`0+dqF^v&s7R3e+U_@=-t2Id)rRq zyLt3y*m*wrO-iW4E=#-5&7BKWAO%x4W-Y3hc7O2FJ_Glm!q?>?m*gTT@9)|&E?SBR z`J8USn_Inl@LuE3vpJ|A-Z$^G&(VzoYeN(hMc!Imc%hDuK~GM1w5t0{+1cFWfyEi( zna2ta&*8OSQ?413yw8`rwCwk!=C7d#37U`af~OQY$%>BEMDS%&Z8S6x(>+U(yy$NB z*fjS&QMrGUlW}F>SgPj|tWaHbQ}=y`^obt|R9M2{ny^1t;VmTCQkxR>c+jpT<$jLb$@l+8Ip$zw9r=n{r%urN6+6TRTuFZCB&ACt~k8=wAz#O$GY& z#PrRDh%QIzc0QFs=e&qpC0nVj0L)))C~etx_hKI`WpQ^`Sv~J|@a)7xUMf5(YaIbx zsM?D$aa|k`9S$nxj7h~`2ms47{#=JKk>4mi*0!B~cjTr3MO!>UphIzGXd-=;=>-E( zxV?@RkvzkFGk)=`WQ!@ht$6FZr!w4#&_(I#zd|Q|Lt$1(?-Vu64;S2&4$j;i=qhLM zQ?bzP=nUvxE5zS>N_?Df8*d(E?424zA#TPJ>?6!sjC~3eLU^#@r-I`0XJGv3Z_20> zuzfEAfOC$nrz^(^0l`0m-R407-)N~E9%Zg)BcV5gqu#@aMqc!gE4I-QfZE{-2^LQRlrnmoSQV9GBY`|;M-OGks+PzhQ`Z&k+4~tZ$bh!&{wpV z1UVmto3c67@{{)7VB*bi>Ul3*v&)-cGv)d5DJg%eT)qaTvnO4@`CXD#OwncO-7jW< zX-kg$Wb z-?@rKU+F(YB~4AiFS#XMjW95>I^l#)Ld2Xr%`wh9@=A(PC zt2&J3+CA~!S65bx_|T(#AK6#gXeSLFxhsbkell6-Dv91hqv37c@eq+}-hK}}LG&|y zi;q2Ls?&aY*Ww1PjCkJ<4k2|OsW2vQ7rs`Up72>gbwtWLH@;we51A&&>X5&;MG}j@ zVl#J3zEC;%;dRnYX_45+8}wY=mXlHA^j4l}Z;jY)WcJZySdosh z&LHJ+{rYv{5vc~;6sp;!KB1s_l~J#QodK*zARvPS{nwxC$AjyjtsPAy3>kD7(;VbBr5nJXjtG*4Q;yUy+3^VrfIoebABLQJ!t*LZCy^_=iu=#TAx!{{RV zA+3krx9oKlql#e%FVGx%ZGZhq&d91N0?LH`%?D3nt%qy#()$_?_xvF=``V+Vp0vQeM8z!iiXE7P!p6*h|YF9W|e^v>XUw}X( zLn#8f8OK6cS)ndFh3g|1=D6^=y^GNr5wC{4MsZnf=`?kb&qVvMJwW%+f4|S+_vpDa zHcgOxz>fV=)N?9s5wol~`aFI2x#W#N-WJE?-sX?nL5^Od)tKMg<9MJ-;`ou~6}TK} zuOr^?A<3xqwTGIc!HCz>VnJ2SzQ}XFABgokryH>OgNwr6pb>O>`5LTY@BkQe5A-c` zb&KW1X?8lWK<-mcgA9gw4M4-3P>a6Z89SwpNF9|sS$TID!i75ih@rMrQNIf`aKKb( zp1{%>_ak^;T{6-`3)mWJwjo%tZGVE`j+*_ky+VNih3k8P1dCmc@nuIUgS2H9ynwuESpavlqjAJ#RH_5rpKLh6 zhVJzEEcE59%8J>i)blIBQnIQZ-M4GrD%gYA&4slwR{I*@bLT(!V#=E)#pG>Nxpa(#LQn9T6i;4|KY1vLJOsYX=5b+!w4Enr*V%u=%ssc*)D4P7j2c*XO z>Nvl>s}J=)yyhTqqYPP+khwR~6-+1(IZ?I@t z?bjKF6Ofy58u&3Skz8JKncuPqiCXTe+FX3}T}DGOp-mkPi3NMoQ!aDP_v#0)lEt^- z*6*qUk@?xL36KAuei}Osz+-x>-XRPVp8o5qJ2l9ZFkViGM!nd8?A8NRR@RKQBp*gU z!9}!xZ2Mz3F1w2qAx>`2bf02wf{U)Y$cbatR9pQN*t%=_-0Nwm`zDo6XdXK9NmEQe zo8O21B&N?rLWCm_FEo1{SCj>%G7axEcLbb30ue0#R$?rE4U)&)Y$dPDkkXFmP*5$RvAJkjbM< zWM0Hl&|m-q8{mJ)fX(X|-IwFrmqae2O6 zUNPo_$aW|HJP&d@@wik3%(3ZE~-(FXAK#%Eu zU+tl8>WwI8GTTf3i}f>7F5*p5{BcSdgYp>t0hsZAGR`xs>G;0oQZ)~VGK7=0UWf3l zT+iR2S5%5uCNAFt?YgJ7w_KY5{MK8dZD3O;9w^!#z5ipsd)H(SW7PaLjvBxV)F zYVK_WFyZ8y*iqW);rBS9?6Ez&}j5#Xn;G>FjV+ zsUu=kg$ctdjDqS70qH6i zPoJWrZPc6NuIc7l(S7!nwUwFX6jn87sb*z?>@v9MR~H)~TRg z&w~l2#QsO&&7AxplH4~jRl(b?`{oE?K12ZuwC~)jpji+Z9ivs-2!x|xhN{MPc_^HD zIKl&iFkvfvyy&tHLwLOB{xNwveNwG%j2xZJshUlu*nPGh0W*jCvrkb+e^HCN+!%Ov z;`WLQlCaLQ{ghs|ZE9IE*ZR-=DRrpK_)xe%>lcW&J#J%skNi(4 z?+fg8^q`7{U&`_IW(jMR>TsMdanZio0GvHx(1p(){?gLE`wj00#JK!pb2%NQw_$M* zPl(JOAvsFe=ND*^Kj+7P=t$gY27>;mS&5JOKjY#UQi0ov^jj#fG5OfUe$gb(T>mT% z0)(k*!wv$R*b2IGNn?(I*WJpvbsy)ATo(S^!qCV@gt+S2g&5@`diLi_nb5#8b7+jh zcqU}N_5#}-k-_DIB#$dj=3$!KOaB)PL}SbgoI^EFPJt5z>yq;1pSs(VKfrW&(Zh(6 z9*>i&+D3ODphem=&3=1lV>_h!-;Q9>SKsWfbp`Yyomumir_plo#(gSZo8LtrPP=aC zq1v>YO}}e_C67vZ(5`Avob2$#7+?W=U%B#SuJRijI^L>qDblb0hE$%0DHjVx%9IiQ zcSBiQ3vTQN^ogQ-J*0ebGSV3hXa*sE``RbLP-cn(M-K4=ZWBg~utyQ-B1|%;QM9N= z@ZxGoN3Hl<^kSZG2l|`L!Tg~3ANI^4PABlv;jFn`pL*0b>@-K_=^<&vdvn(mer{Iq zG;P>-m~($^w5G%1RThfJh&(L4Rp{5DXB&eQ4>Q)5CGM4%_jvmS$OunTwyMV?vX6Hf zTJ(&o1G3Isqs_a^@3Xuoivy!LAuN6C$*ppb81=s+Q*{;?2j4r!%w!=Qb= zm^HfWaWBDr=HDxqzKXteCY#hd*I^QZC@@-%Lv0ZV|<-x#wBH^sfux`ePjp**nj3<7ESvF(Jl8@#`cHlsv~x%>TKtz}++(_2F(E zsa|^Dg0P+eb~-S_^~X5}=uUhl2tQ!G(Ph6_INMkWevtqf8v%8*edJgc01aNx>Id4` z*Y*~HhOI&5fAxsqy-J6xS^_Sjl>=zXD^(p&6;y3<=v;^*nv&05^j{J5aS2HEPN4YY ztFFpVtaF|RrE_(J)cke79Ss9*`7OO3GAL^f3|1Ae?9u1NW{g20Y_|e8N=Yh0*Y?ERgbX%`4mEMa7U<~2E z#r?-Ux|6V%Q;c&E1%ws$ABFb>WCZ|cf+=cu0$(XKw8;E^iEx(JvC}>Urb_Xa7}Z z!+wKoMT6BY8#5>WEPilGzwZ&~nI{wuUmYLNt=hZD;T;PBh-u|t-uc*s{axq+Ec^f?ZASzS6{$eSkF2$4b7{`w7ut&(^bkA9*kuz1$8E z{rN!j_An*HW5360bx>ZvY|XYPi=n0xM%klRr7-D;ShrT0NGZc*q}l^9g)=S4OgH0j zIW*V(q>>xqcg7g_9X8*~z|$H{DH_!ft-O36Z4@U%twzJ$d%pmez5T#Fp(<~4q2snd zDJgNE%yXhi7~o0#?0IDc1WsWMpb`$z zN9I-yrl78$75e#Kul&92hRa=8qJ}kN_p&3mg@j&(#XC(^FI~a=wOf3h`ikFi34rZ* z4(GEErh5yQ#x%%sWpThl!m0Rad0J0G2|awP=R~{N-o*Q70zDW!Zk-o^?=#~}3G;P& zqanzs1^$H1*Pnm2_5$*@BbM%((h0~Q-M#JxfXJW}L9g;j*>oelITD)s?e0`47#EWx zwXVA+q+9R#uxRDq89RjlXl>{xw_cd&2IRUkx|sOX$)jNd{-ao-e9@)Dt5s7%QN(5I zNPn9}8NEJGp;hf_aH>Ex6gO=3;{Yvr3QNK>c$}BvA~jodf58^&lB{(Kf{k}k?ys0R zlVI@Oz03NQKYS=SUNEakPo1M0}-$Y)14`{UKy;f%Bd&g;Ik4?$6+D@bE*W*#`S z`D+vz)eLA`r|T5bPadzl>B8aO(UE)BxdVv@?$8^Rwuf;}mkW(uq)lI4zE^)nB{^jK zecR(~xH)?_n&?#U&Vrhn@5|v^XI$c*rE9`=kiQ)Z9g=;Ik%PxmZm~SWz;&9pgB2dp zU(vaIQXA$7LCZieL3V=HB!Hs)VzemsRio2A1^d%mFsh+T$L82ads1;S9g@!GrIP@z zjH9{~dbNQJ>LY*(z`o{^wmCZW(d7>De$q_R$2l;FOz6e8sQ=UII}B}($V(wsv4Ja@ z_Vz`gond+hjk5P8oc$uNcM`vV>jMWpE+XRYdGvL3^}lP~Us4wi?06~{D$j5S9*TvY zAgNvfWoThJD$e7v>bLv%`kkYepXQOprM2somCm`NEqeT+_EW1RYGu8*_cM_We8WL_ zEN72zRP%f=7xc7b&4;)7#L>$73g7+(5KZzc=kGBJ>^$WTiU(oQ-!r_wQQ$5P>$L;9 zRCP|#iEAI z`4e=@LiJTyrsqfUIS%i%gfMrxRhQZMh`|k`RypTwbtv+L-sVSJwv^}t`V-=x#oa$qtID$HfRe9qkSoDd463+XUFSgg`n7Q)IIbS*hjQrGJ7*Ua>H0kL-ecCr(?KY=@{dy6AW(HzU43l! zO^BX%Fui4tL>Bd?DHq2r3nyGD{`hs?{Phcf{4Zdf^-hVoZvIpjXyNU2zn3PtN+KZ{ z?0&!YxI3=C@2vO=#34;-01-^6R9L*Suov&{<9WS92e;Fubp`m0_kRpkaYg)`+2CwT zx9l%&GMsA3OaBXxB?Dn3?P=QFz`9VAGAxC{wf?o0oFBfZ$!*I^(PFfG1nJUXT>VJW z9vtNjmy2BqqqnlVd5WfU2&pY~l~KLDML@SP@V|U8>=(K4a}CE6q}{6(+5B{vp()!*cnNe)^oy$CAP;dfYsMhO6FiOsK{M2Ql+NnpPBn-vtc*zgcpTkCRw8nEN z-J;sPc*3ujJ4t)Yd*6p`UhWb<%jfki5z0HU<|dZAngL(7<4wqGJ;k7mh&_NvfT3A` zPb2)Tx}OXBHRQ(1;v{>hOo$1PE0w1&Y$XC+>K=4xYW*GoP{_g~F1qtV$ZvHd>(FOeT-?yEV+aQXWK8_SUTk(B0PDk`sg$sp@}d^d$E^4neKA7 z_Jsuvq}QAo&(IMbeX&9{E+gv=o)*H)x+wE$jL!Fx$ zAiCaC`|i|ag#6qGAw)mYk6LT)U3h%C+X~$6_1K9|{((~2l-ccxHLCl6_hmeso-Kx? zo)EWkFUjKrEUC*p2i_d--w+wVNr)5p1*hcz-P;81UqvmYADm~9M-wM9CF805@ejBW z?Q6XzeP2vdtC{u`{P5zX17lb^%}{lFelUYNCL;#9639p-kD3J!!t8s*jk+opAX(e5 zy*%cFyO_o44}S3ct6hjFeAnn^9%`cgeBz9aZ8~`!mTI_bE)_u?>U!aS4V=$Vk`b+q zVgsmH<71p;0*Eb%PL(cb-Q|7GvJa{`if%={80)Kn>kl=Hz1}7`>K85-=?#8Ib?m_e z2{4`GLDgT}OEK>=X-~IPp|gPQgaqK&Fa}TecjM=XQH$@se;}ME>~_a_3MXYxVp}*x zo(ojvm19QFQ5W+sx!c$H{;d7>?b=FYxtqU^uBMNfDT!ypUQYF4n@$AX!w<%qVK3e* zcu{BH?(|h&g6y_JA@O=cadV9wK_hN;32Uj|7M~Ib4JYbP7Loq=J*!=_;GG0wOmNh` z{^JZ;siMoPLIw#K1oic>$8(U+Uby>rU-my110F`*-mFitGL9u1_@cq33WSTMsd3_p z&@@?!w3Nrk0b)J-ibXrn#l?FYI1s?L^mK*UwP{a@jN%U-K0Te}_p__#p+YCGMaO-d zo!s|I>6OdRgG?^=cY`nVXtrZbY23r|{9RHBMRNg^_DMIrXnv*a*M&2UH^FWK@p*cx z?otY~gPD_wQfP-%FFMok3IEs{V7k* zp!Sa4`?Ik42MMS`nJc7vw%q2zCVM~I^ZQd4(3Qk-wU?`0;-_Ww=7GMAIbxRBuF>L@ zbkTVBL?Xpo(mOZCaOpxF!p(|^v+1$Mt}-MPpkgyBELEbDF+7e}XLA5C(Nc7Wh4HM> zk5jzYNKJ-%^|BhS89X2&($YAOYaMrN@-%**L!e^8(|%8fkhb5 ztJv3*J>&0!C{K5Il|q)0;f{#-=Hg&mmm}auo5iPYb^GI*Sb`#Rk9sjb1+nZ`k`d(i zyVril^%;ft^Ghv=Gi>=3&HME4SLJ>^ULxSKPLt(c5Wpx$DFlKe*8m(f_>i;-J!Bul zPX?`y9?m5f7MQ){HPM0MwMQ&7-1F`O??SALI0UE2u#{v z;+D#VtM@F@;k^eTN*KWuN_}}vTCcOoJuZga<{l67+ZTopuVr6Fr_f|_sPKI=$8xXy z?Y-?6x93y!1iT>hZBPAScwiXeQR{OQAY^xGd4loZ*P@zZj97wWz!t*OyIiesJmKU1 z2u)oTI-Pq!un*v+iOt60lNbCGkFMtcQ5M6T-cD9lEJr}xBthV>LC(JVQy;t^y>(6uzdBHCJW~8bsArQf?cZ4k zC&Pwe`|We$a2CvT4a7a8)}LhyM0{$lnkK#?OQP8DooO9QeIGIO7RM)L_nL7IA=v`U zZc(o5gDgSD_qz`|-S1H{12%5zDRC38?DyxvHFJ|Gdvey?4M$cB5t9{8 z;gKDfqN<@(8x?-hmPGhexV=- z|E-TOgMU^|mzYxB6SE%1*XvD^k0vC!D?j1&H?Exfa&aGj3UUqKH_r0H^n?b4cdwQO z4xg78tKtj=cpYWI6WRnEvr_%u)#EhL^UI}~g|@Yn;n)y84C^!8E?g;aICUF2wgNM`n#_vmSxnj@K-S`@> zXS@F03p#EFcbVT%3#n&frcL2Q2CXdff(`U zG+N#!@XsV(A`0YRB+{>}Vn5W^HivTn*(ofxhb$!|TBDp-THmAwhxthHrG?*1*DTcs zl`$Whv8vF)*Q5Lek0!T`51Unq3M zeMOOA!p~a_jb)UN;8gv#`8yxY-f{D=Vj#O{md~p7nr>QLPh91r_)z=KUpsSsvMEw= z?Oj@Zd{CeTJ{C8h#Cg`_4dPo_j9ISm96nB|4b6Oue5LQE#{oV+nv~B>Y?C+fzts#- zq-PP5Ua)uzA@NNYhqbJnr-nw*Zj62(fSic-Jo&osWuOp0=A0@rjT+r2e{_@Zr=K5T z5TCi-B|(`)^L*NmwN>L$X+gv(*wo#=720L*39!k0B-SR2&()>to`Z6<(T8rD>T>=8 zsNTgrY~oXmHlkYA_$wgc0AYL~lqPuBK!#G?J^`!fBV=qS*AmgR9o<2`V=CS!=sly{ zc**Il%&wqk@)Q8h{>#BZ3Fr_08ID_z&3M!oPwlhQi|_+AiEj4!r0s~V`tkt& z&Ho|J!gu)iKXVN}hhh3@kmh!$4;OBf1%p80mZR1*RYSEV5R|Uea}s_$v+Jrmeo`MRqM`-b28&dWbO^ zX0H=6_5fI`KRbw~dRessc=QVf8(xWNtT3mS`q0{+z1=#jJ6a0n%--4Yt)Fd@LmETR3JZxI z*9=bdp9fW7eRXl>35;^p{GEU-4#Zz|-G|Wpis%@qg!eJ$739t4U3PohFVuCm9^%Ss zYk%_GZ}2;BA+?4_=6Ana_t%(x01iphGY^C0AxKRj-ml*+1awh@Dvb;6rByKG!ws~f z^5~4`RoNq70%}#EIUx2j^0ph{c*pvvc3s(IejGAma(BTOA&6ZvG43xD`5YQHhhGh$=!_j$Bc_oKikC7iu>vwugeVjskdwIB>ZC@rdkWMEfk8_F# zIjqcqFqReLw|;-cow1~yPYQ7mUwmZLO(ZpVqYQa@91J9cp%ix{4>{>$!ibxZr_*~Q z`W5|C%uq#>4UfqAh^Z<*O@jb#tr))#as!9s%EFxMvjTN%%MJl$lqbv*7YRTO?ka9E zQ+x=ug@8BFKq7Vzp0hBiMPfY@T$d@2W-#ox#$SjPPszeuAL~6urKh=TdVXIa=|pMl zARX_oNS$0y;7XozlgD1#x!?&gbu8vysBOng9sl)fZYPD!p?{&jC zq0gOuxFUwoZa@071?>t;kOK3CV8O<2)g_fmREq6dJIM5}reOMHdj3^w`0;dqtiXYrW4C`DjfdD*cjS`-EGfwIvje^#(rm=Ng;bMh|NYr*J>QaZ+~BM;3n`|yk4!r38XqlS;I zW%?zd~}W|yFT1=nl{Z^3wS`k?SHRs%nKC#rPja3)gu3#jMI zW+u-uVjpq@knO3n>l`F06x-moWKvdJRB=kxFo(7FrBpV|=}&O4(tlUqc*P`DLQr>o z|6Bv-EMPF0F`)aUNvRE>75@2+(#8}a!GJ?fm3%*@OPx|;fktIEtnk_q;a|TSN5iaz ztmAUfc0G1QYMT&n5B!#9#?{8t&tCY58@6J(bwk=e+wxBDE<{dWxDc;X;4lShICi>S zeo?rohu-e4d3j?*;tw;FLT|}AkNZX1*N?|ukF*!)r5#uM`%Sw$bTRPUEf2Yj@RQ)J zFU1#F#^Zja55G2dh>rq=^K7h%7fvU>MA=Nw?Dw&H z`gA%x)e0>^9BD50eSb7OF_{fcdv2u#|K&E0pWPXv>pUWkAo`}-*M=$Gs;MEXe&VY^ z#~!GWSV&M@yJ02UiD?Sha`y*BILq$|AgnWTTp_Jn!|<}|b~zoK?G}h5Y9h0hsrW4gJ}0QPK3R??I@ur;M)oZph11Uk>K4$Xz923LJ;QqoIaab%#eJ{ zTa%_Z;_a9MF!qA8PxCWp29LW8!v$PV*xK1ohy@9|iOPBXjU#aJ5nWXt3g3(ocJl>Pze9qE|8j$WL@RT2$?6<)J|O|$FIDhf^5 z<|C_H^s8fG0O82~L_*!tvn*ZbCs{6yM7rgi+w#6?2e zAw1dR?GM@ugKzon?vY0fyIG%Hoj4L-HXH|u$K&&{%ExiE=itu6o~tLnl~>5UvED)w zz&5hI7U%QB;&`3Sj3N&&+v<|AN}x`*-AJ!lakcb*jeJfj6^`AWPEB`{&Q?2gO_IuxkYg5V7;<-ZXZ5S^j~+$wGDd z72ZEh{HL9kb42K$#F#?0NZfu-guOPQIc{;&uMjZ1N`%s}7Q2SOuiBe&q6Lfl1YR`$ z(;tTz4qlM`v2ShJEJx=$vtiS|!tgXAcos0^Y#-Hl<%7oS`A@yq4mFPSRpERcqEyA6 zL`yeiSY`c6rgwPQ|C;?)QU#G(KhjLn`B@t?6F;1Y+B&bcq5U;o-A^(2_wdkU`V36R zbJRPUEWng#vQH~s^8it5A_WigWs+doM%3#Fp0oZ#g;B7OKhgp8i6^Jh5SBg9o#_xF;vhT^sR_?j7e%>C!W;2-6pOW0&^37Y`qksGf7ryhOlG@<<8m?zoJq&bja> zkRm=_98p67^hsl0=&&nlV`;h%ojelG;+gao-r?_Dz?tPC_9OkxTAoamYm{_GGk#C(#Y(Jlw>A;3bLEv& zm#kh>a5DtQ4z&S`SBK6D!o5T+42zN|wFG7zgoywGhJo4h9vWTdo;8Yg6;5`;^u7Sa zlgE2L)7MA|jdgw>`S49>85UH9E^HFi2dz$62D#t9{eq-d24Vy2aP8O%!-j^fA16IK z7-v*Oj%XFYVcE(&elkWcIi6j-N4+?0U5KoAH3Z{EQ%oCz9@0Ah^=jParQn-GkMeK7 z`xP8@DRVBHA%>Q!-!Ddu((cm$5Y0XU43RK<1>O&Q6#hQJD%;|KNy~T-@Z~|p^!NQ5 z#?4XdjLU0g&yP7sw zZ{*+O4+NOgZUFf@(u3#O<`%C{o8u({LvL(VBv5bRH(uK!jzq8hk>1Y=3>3cM15v>J z4{T8>K_$0ccSyu~59dxRyLZ5d(jFcS6J*^sU#|0I5>F@4t10Dg+NKxU!x?dQ) z5~BHgD`U|5_pzV>c-YREKZ476A06^%y=WVYOY@7Ov(JgZGxDuZGMiwi%&A!I{)YC| zWv=}GA&U?C>8Y(HG}AN7^WbSYpJ` z!oN5t_&slaG>R{1`=-1yN_O)?*pZxu{245dJt-%Xl-lKb6)OYQbCsFx;}?TC*DE-V zNA5gKJn!Vv_)`yxU#2&*l9?9`6h7=ztSBk>nj4XyyFh2saU@DKu-?xaWa6Ov8prS5 zSeVQ`O0eBI-25CfMWJfQoa1J))gIn_3H|BV?P@&us(WnvlBsHgH_tvqREQ0QU4~;< z52+8HiMfEBtHVZYB@D&<3rPKKr=2G0Qhi9abhsxCbKY}VF$fqFSfuXlCh$Z|>JBup zUIG)6os=sHx1)*XHNG%8h&ktUui7P z88gySyIy7zCO_a0{{^d%+dZ~Ty>5_I%u_4p$w-jKEL;Y5+L z=p;u}>!Rg&V>D|)N_@IJ>XeNg?=9 zF*=JHe!$X#P2ip&X|d=O0&Hlu^K9L>roG(#{zQ&9C7~~N57nh=KFIeb8=kOPZo;#h z1Qf|Vrt3}F!*Mt@cUcanTYSi~xdFmHvLzh|%qb28qx_MdHbG$P6N1~E8(89K{0oS_ zbIk|<{UF|S(!u{+&m@GYPZY#xgp!;c=djK=_)y+xct1hDgU4S_m0cVC1p|yqqYtXM z#{nL_$ho2p_XO(IH-w5*a%NJvo(WcQ0tgu3nfu&Zt^ZR{E?Bepo*w7|BUd>gZBU0N zt25R4T_$MgsGmC#Nxp8ZpNB(smw2hxY(A|F`MA|g-#)%q>J!l9Z5O&ni6oDiW^pB* zpwI7mqAO7ujVAGXxLX3^xSlD4tll5@z8weFRUP}%tl<~#K^csW)x0<>!R7QLoxr$d zx|6ToGCASx=Gw^hVY=h%oB;*pGrRJ4Y1cAJo)EA57Crom&UGajmsLBf_d!4KdmtHs zMOU4B=VyGPvp)CVhw<7k+P6M*>OgA7Blw`tzOU5XZBDjIg_*=~MjR^qao83S^HtEl zJp8Hx!nQN6)-*Z^lhHCGo9kayT37~&Anf#umOW0w4`PF#=)~{jyUd^k-E;AwJ^9mG zLhkO>sgig<%8?<>@HVDF;(RMxX)wSW26!*iqpM`ZTjcL|WBREQS_55SZ7PJhNYIp7@1#3FDbhMpEZLB}^Q2AgH-T@nJ#^&*j9qg!~cS z#jrK0Wi` zk?a$n(74+BG#pXP(;%+`EOoy7baR=1JD}&T+`WlPvIi7P5q=5g@haPPFwo@m!R0y* zunx!SEF_CQ+Fs4b@SH?uM*e2nbJj8{TDUjzmS+$Ues^oXB2zKR@=vKh8cC@+c6hyu zZJi|YrMk!vzQ5T$;uZ6QV|2y4t}KeNGSKXZvoN1A**ZU60tbyIm+Lr+XE-L!@7LtO z+JQ-;Zat&>1#i;a!QP_$|HzEILvmKBds|MLZ#q8@HI*P94-O z{dG$wbLhvidxh58gR{hmZGjT<)L9K?SOqO-1+!0x>gkaF`Gbg${d;9YfAK))@V|kk zaiUi-@*!;CEes8y{<=!j?WUG=%Xy?cqg_%6e++p{tkv`^&8sO(&@cGp@?#k?+Vvo6 z5%k!=3~<_zwA`ZrcOlDYO~LfJYjk;Mc%Tf6?L)-cz|)g#1SHz!#cc#@5Cr>4JxR-n zWk5ft;V&uF*Ew%FK8KMpSS)?}a7U;j?wwtNtOP^F#FAJ;n5x#P=X{)QA-)p+NKiv6 zc7WX6@wI$JFP+zwrFD3C?uiiI|_cdwW za*In&E#Y3F+(?)PrtVfzOGavn(wLV|Q)K&TIuHRO|g zi@#hVARM%&<-;sB!XEjz2fN&G{wd1utb#E5EX-I}+a@Z!Z8ZGTM+x0V*QDc1j;J|> zkZHW;KrxfGW1dziOshKfR%FlFPjh_lg=bUJgZy`yuAjv^4SNA|$h|i_m#~(6Z!?jO z5aYbpHY_zv9F1@EK7FjrVYsNe2;esT4ai!hPDF96Bq#z5c2nZp$0~p;*cAJ{?nww? zKYK8HAlu=y{wg#<7mx(QK%P{d&)33ZTO#AK5ni{K!d-#$pzJZnt{bBa!u023On*Z6 zIJDqO-Rl({oYWs*#tXAb-4}}pcw;!pH!qw!%xI4q>@B=>d*^YN6g3WtCo3QU&NknB61a1|}KWOH+#hgQM%WHC$8r6o)JK z6_V)BhEi=SRJPSRhfB3~MXJtFQto&yQ;q+$OG3Q*t6(S6u{Mh#kQ&J)@zortamB_V z4*Ky z@OZ-SgMPdHw)K>S-*~-08B8N1s1y_ILt{F3bM<>}r9MTn`M8OLz<^$D^8iB{c>_cY3pKw_1X?A8a;1G?o+gO%9enp zg60=#Fi?Cjrcom?05pL9`BA9~JM`a(jio%JG3oSdre2WDNMZ04{4uC`hzI+9C{+dx z=1D2~k)+u69!rjBFYU3L&cpUH@bPNU`BMZW@EYZhD3Z9N*d3gD@NU5bBj77~eXYW} z->kP_t_hmN(KGybA+*0DJ}IGt#vzH2ewnP#BZY-q$F=a(+q|gWx%(8Q)wHK?9G1%A zz0YWCFw1rvCZCv`euHZ-`G!-^|n~-+13Ui8z{d23NAK%>rQY1QneQJ-? z7c%Owz+djubk*CI`&{niT7!Qz>C!Lfi}*FyFF&sH6$)!k8R(YscwtYN7z#h zaDnch-F=uFVnLCoTV%MvP*(N=gGqf}Ps8K;8gjjH#7W*;FWDdKP*m_!ys|vflOskA zk=EZ5?s%XU8of$)NA!{a2J&j)IlWJLpts5AF{mciS>RHixpqlAseMZeW(fuG`Dv^sfIitAr-KK|uiUw@-ap#RdNi}Sl zci(+&_cY9~hmpH?m6q{qpD;G}Ya<^3=f>nJJ*l0PDZCEJ>qa%7_w={K?{8jcjnPd( zyKS!jqAz^;t)AH#Hk}#7303XY67!zoD`_jay4OfL(JalrwgjSbBwz1osT1 zefru_>c55gJm|f%=G_TS3Ar&;{EdKq7yKy@n8QZcd>AXPI&n93g7`iz2PPiX^L3~p zo?F~4%dU@`>bZKc1jGJ=P4ClpBXk$2ANvRbiuC>n`LE=eqnzBsubDhW*Kslw#c#cw z>@;P8ExbdrHsTwYl{&Y<^?Qu2o*GJR zJhMG+R~B)=aygTr<%wK(0mk_34&BB*&#}H0(-TR!6RWIrl~PaQt4Y@>IOy}^yP2zw zNeV~7?6}sek~eW0s_5Ko9_zC&y^Z)lG2rg1Q-DzJ$J_UHr-HF)=Aiy;t52uQnW}pF z_}#b58v$R_|TJzCqCynT+X1(8MUZj<=cp`RJiTzFK7M=`sYx^9p3r_BZvUW%&X zVLSj8%C&MB>45+c8mIkppXse?>~{ni*R=I_T@)Wp;#GdZ{kHz`yt{Y3LCu;CTfJPU z57Fq4UWHcPBqGE@lc zy`mYna?UW7v>29{n(y;@5n0KyyZNj6QE~G3MHR5k^3vwyL(4Ju3TwbNkB&UR{J!>Y z36Z+l=iSr+zn#v&eZ5mAvuxzf8)>5rJ|24-5tDpU$d{>)A2mJD*XP?fsZLFJqQXH9 z0W0{$qa4V_Bf7b;FYkpV8|3+W5b z;V2jclKEZx#-tJOI48mBOa7G+q>L$J)`AkbZD-}aO87Wi%((9yBMPuIbD1adk@sFy z@vS|e%;&zl=s;%c&4DQbg;PU!-3A(jd8m;J^RNf_~e{WC;-maKxSRJZaLSCxP zEO1Ru=q9^o4o5a!|x_1u<&`8 zKMPm2t_8#BeZaMTK1jCAeSX&2T7R>0@(Sl!Kl}{xYY)xGK1RpUiYV`)P#2H)4fxq5 zshS=B)J`I%H2DCbc|}X!yGlHwdh|)aVNU(P!=ViVfIMM=UK8BMg+0;{UnGW6$z$vf z+QPIw(>UAuJ`iY+sEI++9sUQ#5*VZXM~aqI)K-t8;vOZjE!7 z7QhVFFE+RZGsev!V+dUe&6)aH$$cj5d>Vw9$w4ne0P}x@5pi8+ojk%!p|qJ-el#v^#elD$4&aW&uzq_32H0M{9}F6 zh(`lI8wnN^=$QY-Cs-1nvjg#m6>FxI^M33FOO8AZ_z8WP@gD~IGx~c#xE8JdsjWvu zi^r>%D3o+b3@d*OXcf_jm><~(2hI^x%6m2+%G+cigpZ* zz+bJ;?e&`uG;#xH(fb`h)e_Ii#pm4pDr-=G^$xntvDAJ#P1tatC$A{pN2DJKoAByC zet;8Y`AB|i-#Pj-a5Vde596C2i3`kOyyMo##p60u$~#mJdikIRtvT0=aJr#3#As42 ziBJb2C2J377V{^Whi~-3T~1H;g}&=|Oeu#-)L%1XWw+no)TsC2iR2M^2#?L_-!B^V zgz?RvZd+M1;_)^7ZbWG3F%(?PhsV=SNIcz53i#(0TL085(k zXa6)yiU2s{-DHvT?16OM6Madrrq7R??%mi;UMf%t&D48f@n7FYAq6D_DI))S=&$eL z*HGQwDK7X;c7XiR2ck?=&S}UOXHPfhAwPk%LQGHJ0JO*9Ksu${*WzM7E=wrrk=)_~ zUbq*{gii3q+)nsJqnDUtNY{M8_!=OlJz)k*^o_J^_j<1$GqAGsORDsJseUrTp94Rd zLB}-q0$E42FYNoV$GEWcgSzPUk1cM4HW>q;e(LZwQgVdm_FTWNd8gO+l3utCO-wuy z9&W^z+1(zL6NlfBjE!43(*ga7i3=;0Wfvt0_9alN=7zUeD8(wIVj}I8+36+L53RZVw>+ethX646)vn;*Y9U^K^YN-qAJnV1e9~@d&b>lq+Ls6KD z@Pa_BT2oO_ZW4D;&cyH1!B)Qe%Pux?_xRY*SR83n`Eq*-8o4q9-_J6h9sgdS=g6;` z9`t)8&rTN`E1Ga@%;=6Nl1m-Itu6E{`iM9%Uo*y4^iRrY7r&_EzSF^wn$Ahcv)YMo5RTB_-#D zCzxqof5EVP!1V0GW>`Y%atVzn$y{*6G%J6pcgz+PS z=ZHHT#SgFF1_kn|s+Qtyx{ccHFvVxS%TjY7-5d``D_dZ*5R}Ws zs#J86+Uo~6YPbeN%Sqn-K?&64)A{b%t`Xe|CW1FT%yLeP&F zSQQZC7qK~Dzsj<1eEw`3Ro1{6wtJx!MHZgfFVW?`kNagMZz@BuW_^E)aEAF#UY{Wn z(2xx5S?U9eEiOBK&%(pfLAgm`A_wtWx+vCU&m(j+(2hNs$B}e!OyQZu{FRyRUfn* z9y&wU)|quVFnJL+gfLnijB&Ofh0iWioC?z4pIY5ZK&yaXx3R)*t9aE(_K7k&LS9aY zk5P-Mn18bDebT8PfYzVKjbcs|*|<*2d;15+(cC#WpH5MGC5V;7pjo*4@r^E`Se6^= zA(HuKc4stXBdfPRJ(MoAw7mSwHQkU>#E?N|apC1&=-vamXAD9_!AqeWI1qCph<|hY zdme71$j&$m@^N{f6V8yUq*M=SroL0UeZw~T#nYn08vBW)0L5w}_g$WAVVq937(H=~ z3h!xqK3a6q7W5%)4>f};73A>IhMVV^+mDTv0kW3hL?qgghKVSXaMW_Y{g5N^1(|uM zrsjLTT&&hzN2i@cuy+>H;9-{1J%{q`h88-N1?Ij|Ysgu3x69WjT7*CKj_Us`w!$Te z$s_#@FK0*qE0rvuDim~53)Q}h$D^n7K|>k*mVb5ngauMQ=MOC<{ZLNFOC7>WpU%+3 zIqKsJ-~^FWE@Ns0imKJe^{T5|tnZJ!$0yxw9IV}HI9}AL85g1@vv6bw)8Zh*zpj5Sp0FQ%($k8`ZmSP z0nUB_)hrC16m?STQ8N1`>vNPwPsJ7%I|$JmR|RIurp4TEBHjHanr4s-H0#^he0Fqx zaEIjUX5F0wdkvc;S$FD%r0%5ly|FEEZ8H()L@*a$T^=TVFYq-(LK*V8agpo0o>A~E z^gNmB6ht!S<-xoNxf~UK8P)PfF75kDDqr-#^}o0=bUY0!Y#Nde_T&vY zgeUaV_?}O_Kz;W2H^w^K7Yc3qagR*M6>m9((I>kTCxcqgd6gheIdZL@4|hyL61qbo z>mcptho$tw_Xt&1FJTs*Hz+x@7|>^!CE5_jQE@j1lo((91KfmPmOPwfSQPA)`0Mvx zImLrT_Y14{&~Cv#u$Yu@zPuk&AaP`Ue(tMfU4BCO2$1;|eOJ0vinZ+SyQ1s2xcK99 zz9+E!#Pg>6me37Y)gK*K!6i#B=z~ZP<^wf8D$K-Ye;u+8iUoZ`zwaYn>%F9QxNu; zgZ0wS@I1-UCa_RLb0;ce3ws#sTMzRF{2~D+F-=`8!R#^{z~1 zpz?6{V@%*_FPLy3b*IARs-a_BGft0*052FTkPyDj4KT#2q<%!Oddq8riD5t9Dvq~d z`|0U~d|@3q`bDz&V0+^ro}qT}xjjg4_e{YGim1^o^esezvNFPxQeAP0CO<{wxt2!Q zjUsbi?}MaXAsOIetP{jI9K4C_&2Bs7Oh_lUFAp~R)-)-Aa$|@d+Ddw06#- zB{}k?y3`vub~9^w`4JyL7Si7MB^Vv@Kj4dUwzqI?70!K$_mm9>L}g%XoFb4buDWQr zR`f!?fa0cRe27QV>r}Nwam5l~q3sLUy`fDpg<)X1hcMd1vwB)aw|@FChC@z;`)NRA zkD{!Fr@r^uiphrywrRg>S%lqf=*|Z2jN!b4+Tw2#-ExvR*n-lWaQ!}th4Pb&I=d4* zop_3XK8|2Lya0db%)Rgc@+yR!Nh$ORNWb zIAegmqwmr83XT}G@6R8X-?pR2wbq9C01u2wLP%2_V++vA`<4w|*U-26mrC8UEaY%h z$#mqAPeOa|hth(=xyXUlG?VNorMZVVb~3zbl@n+C`!zG=_l&>fHT^Pph>NuM^+?2@ z4{Sq{BZj? zwC|0{&qr*!KZf0OeEa8T|HN*X+Xukt1$F}Pz#XI=hCP7~*U-Y3YQaO%_QeTFz$+o4 z6Wh2j-w~k^jCyB6_tkU_apV+a#5ZLd!G%5ZYI#^RZki+CLS~RZdY5ovEq^CD%WY|2 zK7-)A20vi(-P70(U!Qrt%r-ZkBl#Q3yvGvz+MGfLhT$jP!&q*sk@)vjrMJID2?b)fR#SVqI$8Xcq7F12aqlza3-`m;SV@7AEN;jJ7` z)3N%9zz>|Ad)a&+V*9xKo`ikVv-{03C|X4uDs_03$EW}gBLNNEk66V6xAly%C#2T! zw@nQoHWpS%8Z|Qjz8xi~eU{5k$L#!xg2zn@1udMwN!8Fs*r4$m&kP@q$5;wC^$;x8ydIQJ6 zxXD}fdBNIPsRw+npy$o2kIpJ@&9f#MpzFOJB*XohLxYFE2B&k9h#pm26-S^l*x$jF zX+{czyyIVQQrdigaK{JZ)F*wqVQVJ%2PG{c`~pN<@b#}y*UM}0mgH{LwW0fZ7Jk&q zHR{-ZRzc{~AJs15(`;%pUwY41v7(v$R%WXGhF{i_;Xu<9mS`+|}t{@sSedi_y7ibZ)f!_`(|?qwIJGjX1?1DB+0rdP2L`Qx`wK{ewk` zrJ5c3=Ax}RKLwW0VH?_Y?TzQ&paNI1(5&_id88kdsQ|9M2IC6wWF`jiGQkG|kcK+; z`qPC9KY|YnTZIhUcBj~Y;S~8DIv;Tkynx*@E=^xlH8;&#>O;d0qqOJVF3v^RYoLcE z{6d{fdI=`w(B@2ETK9EH%+`@+DX;h6;?7PIA6}^FVS$k>%VQ}XRV2^DEx`7GBd_o3 zt1%1-QJa`uZ3<`8JPLuWI&~8 z&WueEY+OP_B!K=f?~m3SVMp$t1_+&fxfB==rO$mvlq1!VY$dQpX+cB&k=_DT!%!)NVE_16;MbTv12AO4(*I zY53kEtFQ_8RqhZB#IfcdEwdE4d8LBwmT}s}KGRJ^k{N<4$3-s89r!xs5pB0(2X^GI z<8+mKer~Pvw`zR%823g5I3WIk6r;AM+U{#K#@Q~N5-#`S;chAR3M*~PnXL+iZX&;j z5XGq-GzvZYT)N5xlb7)<;M2<*6frl}I_!Z~hfd_50q=H|qP+_cSGk z9W(F57pI`1e#@!$cu+lZSVStTRtBxyc#dC$7p3^ecUB9akbJn$FZdIl zGel&dCk5nST;R(W@7FBj(n7YP$bI$nJ4#ijcW(M*Y#w0G3%qK@1uq&_`}y;Y2~F## ziC3AuPcuNo9_8MPz|Z|2uD^w_bDA?!7stGh5we9PAxRflAD*4ucYH|%t;)^$_4R&f z?7DIbk-b@TYIZpxGJ0m?!^j^1Hc7oZM*>)<5Co+3R02K4*k^v(ZnjnFNwn;s*jI6`aVUt#{IPKXKimRUi3Ra=$hAnaeU9Wc$Uc zA?%U>ieNh>=Aoqil>R-FLWzY-^vS!vapjPo{X5y;mW^u<9WHs$4vqh~YT46xH+T0J zrq8^&D)SV&A`e>n=NQ0QXo;OSwaDcBiE};vK=j58Pqu04R{puiEI@6@?UQ9#!l- z7v83cmHQ39yj%`2vDsHK8G;_T#UGH@dWbAc{^o*3xlgds5^x|L>3+Fx`XnCNeFsqd zid#-?3S=rIBldS_0RjI!49%|zpe^AJ?i(Wc{N}j7eNQBV9Nx<=@s*RHI-+snzHH)t zb#L%KFn{b>uzSDHRFpyYJ6j;m)vULFK}k!G@_wX$HOgJbl~STJ_w{Z|`>an4Z>aI- z&UVeAD<;>x3BJ!>1@o33%I$`wLZI(48hl!ZekCw3?6-HvVCxxfJ-2oPtg)Yv1U;g; zn-G;`&9q;X_DARE{+OCk0^GS%tgTyRu$SGmEkDbCesrKR$n%iT(OiAX?wtGi%@9|K zpE6dyFF}x8vDwRLvUs)oRbQ{l!Ie@1dic2klIYme*iOp4f7_mBL<4?x(>}+G#2c`c z{jd)j4=N|u!CzLtpBDV%z|*7Ts)eNck?vhbG`qT|o2&=gxB00=W}FQlEND~G{Z3&)i|C^0^<5(bCE2TLTNXC-}$9N_M3Xf zT-zsCw`S|*6nMjFU_0gu|Lt;P6~6RbU=FWYJgYpe~vye-WbG@ ztUM9ezW#`mpr4t-)YXdW#ddoJO{6~`Fw zHB}oN6P|Ih%un21z~dF3OYBBgga{t{O?rM$3Ve4!>CIGm;*SXvIX$PoDyqLQ$7?XX zFDSh_S_OIf`twjjocHg55%~(;nAp<|qq|@*G4{ok>8W_x_n&jMIpQ0Ei6T4BBpnvE zRN-FE&Q~8c1H)JmYNEV4wHp$3#m8dU=}VoTM}+_I!>c}fPK;aj^NH>(g~f(leTPz2 zeaexB2%Ee-&ar>&i9EgBUhva9M6hq%oPE`5Qn(F0m#4P#Pc1=c7P^0CXEEIVI4`VaDF z{pJ`{030RW?Bh{Wo%dx?yh?%#-tr7@Gdu;EQ_I*ewNZOCfc1BFK@6Mxkw5VR5zy0w znesx;cxVku7gl6si`H*S|LU(d5m>}^c*zsqVWYE@yE*ggh5nHSh%rp}_3d~|yEp&H z`a27Ybi44eIv-0z9V?7T_+zM>L9JXh3XOXPOjvoRKuu>lwRFY))4s7x$CdR%XL zaSDr71m|xfgdTyl>yAw)Gfa2H5AN( ztd=imxri8D>(?%6#&?$>On-7Xm~AH?(gg%`!p|Z^JID)o7%?=M{$){5h!eWHdrPoW zM`Ga_jt}ry`>;34sGA~rFu^q`62qUrJ8DRNlvH3c2BBA@FYQSBTHsCqoX4k3f%ZPw(wZX3!kXNOzEtjAENkykA=r7@?sH4 z@A_a~ac71!S}G0Xp~2E9_>~NCYE+3=9$n@f&&d;Hp{pGdNWq#LPgAR@m$!+%M0p&iLC+3x94eE5N?l(%@D}|wK>g@+ z%_gtBKEdZ;zu*pC9UT8KvyO6pE!aC?9u;1Gu+;24ifv;E#-o}}{Dlw5%=Z` zYXIgJT)tn_J)s7x%jNe}t&_)Gt74C;Ph>4><+&%mVN?|mu>sWy(s+l$*ZDAoX5jK^ zip}(&50bXT#D4LP@@vIPjipG2_~CEDY|5SYY(N-9&niIavX148x+ zZj=5#B4TSQ_O(&IqSH`Ve)r=18Rzc%fTHHIZ>MG{QKO!^CDikR`d5#47=`SzHb|{I z!PV(rO55u%GO>hD{)cBQFDRegE;`jytoXL>b?P4XQJ~%R*HK$J_`HcKs9o!qfG9o zCx!j8Q(>A1=U0ZzBF#*Bkv3Mh5*YltHZ2Bt3^kD_upAVPm3+68zr@F(?j_rf zD^P7yCxR+}DQ?om+%KWiAY-F}E@^?_QSH`vngzcq4= zFRJBnmRMla&K`d-OPtW1z9{F^{sZwPQQ67_62*dM^02+Vv*IWcReHhtE7%Pmzrw`A_1&|s_+@i!T|GiUFwH@zIuoDcYN;w0p3Ec2dff#x4DN?l%^PRj%EL( zr`Z*x&Byzq8wvZhN8EyAT32%&AKKM=EI3Ez%|ZJXj{eezzn)9{a}Z&b0UsCi8yY7z z_m97AydK_$ZFbtB{sWvg?Awg@A2VdJTGRooNPpxac7yu@it_NgAO5YP&>7)?^#j3i zQ=X3n2Ol#=`)LtOl`*ynWXl8uu!HSRTL6C#XP<@VfN`P-R3@l4|9YQn&y$5YM zJJR2}Vcv^av={36T-kwFl^NNXSt$8aD;Pi8;$gHOPrn7VJlAt0gw;N%gl!dw{R@eE z9Orj>Vtf4FS0toN&*&FIGf|4GN(KuVclxXb7kyWU7X_>!aJ%G zBu+UxT3?3Dy2z#CvHHlX@;*Xt{9Cn!v(S~wvuwzWzhCiA=C%j7U$w zNBXIcUk6s9o5#1sv0Ab_?%ye+u`M>L@$UzJruPO?t5$@Jq&po7FY3Yf`0|wpKXWoe zcN|`FIPNHEx!J9A&Bw5^YF(JxKrIo+d z`&b~rK6U~a2Ifo^YEo$n7fw&|)59#&>EOZem*hHZno-rq;~pN)CihxdxjCZ8UL%d; z9m8A*WL{Se6HX#IJ`gffR)Nr)Bs*&VeEUZ&_cLK)O=azS#X=1b;Ai|RQ0#->eod2` z`FOSfHepcc!12Z^WZo!f!j4K<6gr%tnqW-%)2#@BUM=lGmN&-6>fX(Rgl!|3LiE!T zrGB}pozn_uuRFK<)(v4AU^B^!EO@%yL%;Eiw)P&WyR4zx^~D~a)67O?+_vYbb9^N= z;hsWW>aX=a^~%ds@7vJt@FSUz$15r;-tADn3LBkYFZ*gi zJrz#jgE&ozaO%B_Djkmdg=XCqROgS>e90A(KMw(axi1B9+YdE)VV8@tT6t~->iUhT zB!#hk`^)qR#zbV-|ISV12Py)9asMq02_FsJ*>M=Ly+}V6Ogwhyq}1XO_dOt^J;Xx& z$)c2F{JbUE7QFeGtl-N4!Iv-=v09Adz8pCWxND^ji7t3umsvLKmU+CzTNNvjKb+C@ zrMYIfBsUa)&ii#Vo7o)t`o0dp3Q?Sc%e?(5#pd7giK4cGN@zl>4JHlW()0&k^%Ot@YKK>~`i( z1bXKg{OdFMpM~^Pd|z-4xrKN=@K7d`|O{H^~{Iw{_F_ROTHb)>mL8!ns$W@ z(AUIN79-A9n>SH4%y2|}M*jl#EmPy~MK2q9jIs;ow3)r9MRt2^c|CqWQ&Zpq?0Kkt zeXIkLxwxN=e!9TbsfKFR^ixB)e_y+G`2iCmqquM5>mF~l%2(S@I@2ye|3HsCv6Uz5 z^1aQ1(Gy_giCGM@i|oeM1Aje;dYXkd6QI~V>zuq0WRs19K^yQHBB}H^Tq*rDChA$_ zn`?8vzF%+uhj(g)Dm|XXZta1A{PqYcdq|Ov@h8b`PWHwOQH&MB`Q5?0+_-M7-h@}Y z_qW!eQruTj0@Ze2byTI>?D*k`r4LKpEf7Eu?{aM3bQb$!jSu?W<8(ZBPGB6KK9`GKJGK1 zrup|xhw0nU?{zaN(WHC(MiIqC(6rm$3vCq(8&es!`j0q?X5Z=^sC- zs3I=52kO1JU3>^0$$cLPE9qS}kpWnaz;n4W>-dg61}8(TR#3~&P_ZSCRew}vPay#O zwbjK`URBcG69$gg8glX?k5O?sp6e$bmdpJQHj}-x9`nIv0vNl@yU0_JUkWlgsNZ zb;&g@CwQZXHq+~D1X>rM)ALpY6H1^88Mlc+0ng>0Y zeBw543T5S@l{1_tHtq43AA*Th%+kz_5GtKB7hZ4AUi!}V3M0)AJIdU9+m6B?9(q4R zlGUR_ZVV^c{O(!S>m__6xlTFNM{6&qjw`=8rDgVlyteGh^FiOiLm&}6y~sWH#sWra z@)LXx$08bFoleX!anPac69oJ7An*q2;=-21KGkEC2tb(z+552PT4W@adA+jojVY3-EYZ zatQ9~9->eceWRT8+rhdoOtK4V6nPfUY4zRiKxVdK$g(1yH@O0B`=acbe|p~2JUWw* zRVO5ya>P<&UtjHesMb&to=;GcU8#Y;)+QBj#1O3Tf@$80Qu6%Eck1iAn|T@AIys9> z+v~K-lk`#K&JgE!^fXyTB*Bm^?8D^LD!UF-uFQ0_!s$|FR#oU}6W_rC^-5dygMk7h zGU>NtEIU6SGd)KNJM1^Q59SI_)b0l_(H%7ZRR@g~PR^r#KdI*OHgCcA&BJAF3m@Gr zYq@fJPwa`12yF_eCtrB(%2tlx!9?DF!QC`v#ag)`heNzC_xcCxa1z$0ZBhq^LsC6Y zkp$Oe{8Zn{YY12**3rBk;4D7F=A#T$d@x!lZ1IL^3LF-{e?%e*vgR!u82P1Uj^PUg zLrvY4g{UIN3d`S})ehoS95L0{IlLjh&lolnqPVFks;kO>jd8sN7Cr?$f zA-`k(b?aBV2NA!&R5J_+Iq8sPhC8h|^eh*@EGy5NoZt85@9M*D3?0X3<-6G}yHSVS zM$^hS!!G~Mpo647pWBkSRM0L~PiF2;h7z8B}PA`K63Q+2_pR*J=HMt6I@0xMypYVM+<7!*$D| zv2LD&XC=O<`Qw+dfYQl>llr>1dfyWgn2h%2Rtdy!j^HNOzH)v4Y0I!w9VVC)@4YT( z_5>aFY>8O%_}(;N3Oo}fWe)Cg4R4)3lUZAZaQ*?Sfod!n1|Rz*?5taCj$|x+_=RZ_ zG^@doNO}4RfM-{-<_M&#xNxxPdt_0yseMN8K9cvw>nF+oB-`a0-we8fL3Kmi1HT0` zWxbpri@P9~Ap~5Dc}u7-kURBb zacPtTYaLocRR&=6ZZ9fJ@zmPEYYG*C2J&hmNN>{@X0229 zR@r`!h}>(;SCX7Kd&Fx%HKD_XayYd=DAM*ICF~iJwj*R{sg}^b&*A|i5`~%e{ZYNV zIO5b@w;i}E&nK@AVM=#?D2BFA$0zrP-FnsTi?{lHF<32NAN?1_+NWT6mY*xEZyJ)H za=1(nXKTgWFCe56YH{Qpzj$lSk^kJiRI$*ahxU!{vLR|Y@tU&?r^@jUZ28oZ7B;Sm z{u9%ty$BRnjEm$6_9SZBbA08n*ZT!&!|+}LX-FU<#C$V-^{(5p9vOHt@xgbaFCzWi z{8y=l*%!^G706h0QgeIch0ntuEjvP+b|H#<_nDf~@|_SSpfc@V-yt6-59cH9iC=0% zv+XTNeJ-!>lv1@&*lPhKTZvp^cg>|d%-S3CMe&K)=6#n) z{6iOu3b=r+|8ty+UcEjFS9hpK_p?P^GQ?F;`yQlkdW8p?OqSnImX-o|# z26^mmlXL%m6_FWvnHI) z`rD4g-8L0|_3%kJQDX37ndaUEJV-BStot6cW<2wxLQaF||JE$gDlm1n$5dWz(C==D zy7o0sUDRv5?7a!XX?%n4LcZKTgBg_KPIVz4Fpmkxw>kO9q2{yXHn4|TPJ3Pi4~+IZ zpJ-!m-AGkZoy=;PU#No5nTs(Rdln5w1-Zj^v(gUly)SC^3q zf%jbJV8cC*xH57i<~-p}c35%{nO}_Sl$r2dFiBs$&;na#Vw;?)TX(lQl+%Rmaq!}& zg@6rWUQOJ8#m{jxCafS5&z3Ovvzrw_gVBAL?7?GA11}8K2Sp)2pWF8QFHnIcj z=AwU70^nEdvD+AJ!&f4?&1qDJ=c@Gf8#`XVKGg0t)`j{vN8P-~sm@k<-RZJa`g-g; zItmbg`1nq#UST|+3JI8*{$B4JpIb|4TKDc1Ie=~el7%OS$YYi;3EVRYhP5j7O&ML` zL4SS56vId3P`03bqpGqc^GEiybTTu0@Csm`ZeUA6?>Idb-(y{v5sGXzWh&5KU@~qyyWj`JF_tn}9(rg( zk>JX3W4U5`fWA`6%I!yPeE?#b0Fk^xd;&t(qYgyaPB01IjOpJ0KEB5Q|2JT%HFZE^n?u(Cgo_(XMP$^RP zEA~~pO(|iIN!2F>xQr+7_u<|t)TWbjmMTKJt1litod1z@U0aGOQS_HY zqK}{?0g<36Z)BC6!`IKIXRW?Ln?@{(suOmI+K0VyAr}JY!Z;_O*?ia%KyvJ%ly6m& z;eaSxOgl*~z@&yBWg=XgW#%W`L=ImZdSdY->YUqzU2lKz1Gj!pu`|TCXy0RR6ujA@ zu#t-o1kBh9LOA3YT7U4<1^SD2oBItxb;*1`grPchuPyvC3ASWF1HSXC`c5|ST&i|b zzUIWBtgSxL$w52EKAJi68yvXJq1rIR3gHReAEWMcA}8Y`)O4O9MLhrf+qL#m6jZV= z<{95z;j{51nCAQz&c|8weV!q>{TX#pb8A%RoKhQ7iCN-JqR>UO=sgdEYx-b=NC=Oq)t6_M3ftsJPyNBvb7PNNr1OD& zhFLj2=aV@@2t{jryK%crD2WF#><_9B@t-4WM{N3B;Bk+Ki7+6p9|qHx8-B)p#b=jq zce%N7yB9V+O22^;aenp<2;OVqP&UjvJ7%yERZ9FV4);J;-&TpUOS!-oJ(+~5v^R18 z>sWpr0=Z$pT+(|*efZ@)0`lYykwOuk>G1#u2{q0``}LP8=F!bQ<=0xWwc@P&(4D8T zUZEl24jLJuP7K14hrR)VUJXF1LSr;`F_^GYw|Bjd+D6QbPxyz!3cI&9!Ks zV$pm)l2$kna9Ji=rur#;x!VKb)^rj5402oN{s?0&=Zk8iR4L4?zCTdYZL;G&s(E7H z64grD`qPSgvNwdvm!^!*q6CfO)#4(o!qOeizi;$;pEPiTPt3Qyze9*89?ft&jQr%j z6AzNXTUE>7RtaHQO#&9n-XNvwod$;Dtvh`dFYfIQ|1gi!$P@kejgZ?R z0i|Su%{vaMiA(TVcs$?(J4Z%K3DWGo<#0%r| z`FTW_VBg*y3356N;YNEPb$);1l>yQ{*|#eSQlvP#w(_K2wCutT1+?*W(Q(1I|4GNG zh0HZ1Aku)}j+evrOuahGVL<#&<4oJHxh5@LVPbo`oJW)@(t;^aQ!_So-@E3`P}XnX zQ}*`&Gi;;f%GdX7?2CmQlrg%Yyd$fDWPgX&0h+?igWsFy<4byvET)vLmfBuioXm@I z1_EI-P+|OCVP*0>HKEnQS0wy4RBK7`6D#y7g!Pa{)r~ZXt>D~!6k{_F^Wh6Wi73p8)4R`(vdbs9;F>Dx9yj~* zaN|=KQb*OE8%URk52HWy>zo!@Pd6*5e&7A? zd-{##P_bRd!dWcWpNrhj^YRg=cn|;oeuO<)IM~*{Q*fI7c^rB2rM4$z6<)UVrNbPY zC$=bQv8O0A09AT(bpE}swQ{;NNGbp!Co@pTm#%vq2XD~IWV&Tn9e*-V^q0MUpbDRU z$mXpMBRVeSX@3F^a&@+0YKEi6l>sL${$!`-LY~4voZ(A0lG>c{AT&!z1*2E+d)`*8 z^a6L5f2H|4bvV_%D%e%k?huK&z>&w$JY=mOM_~6*w=5pPuV<{x|2d7LdgmyZ>q~|F z!PDu0Ky1;(#naD;V;qfs44Fhnu zw8JMi3s_nlgTH=fwf=4ct737Iyg%LP*ZUbx4WPR0HHP+b49%Y)CJYf_KM4RiKIWI8&iOud$o&?a@DFTvCiH6m z76!cEWaN+#?@VI^>FM`mTPTML(r|SBf|Ant#p3bqG+%c=Si)cp^1;U*H7f^>eeJp7 zmc9*iS*D9VZavfSXK~%ExUm7wdVMdDaLZZwwo+-p-oWC=;`^C9OF6aV(En_;%`p~~}PiG)|UonB58 z0%A?w2JUnYd6KU8nXR%T$Vl>^Rn7bkwaZ<*f3G024Dv6t+$&d}nD9<LUIA z0c`Mtq#GJF8iPdcHEUdV=l$zG`mV`~em{K5Yc#`k@3u$~$to(c8egcu@zHgG6LJ@* z=Y@E659I|_{PAmcF$}z`X|i~m{)z%4TcYuS8Gw46`iZ(d&%q>5vb}o|08e>fYe*ne?f6s!>O8&Y?Et6T!fW*!Kyl`S?ppKs~kQs{3$_ukQrV z{Qhc#SajKjbACDJMq$?bNT^RoTlhLIE=O-Q!f#OEuKIMRQ+64lq~%+C`r%;)6)xRJ> zDq=mE=i{{pWQwGzNbelRsE{5B?miu*s{_Vn`cxu5uYX|Nw<9edy!lTZYM?_R_-5cj zKge0V!yXmBW=Z0HFv7rFhCJNj*iUmq1(ccr^sS}_BFR0Pe4ddZ&L>6Uh0nba&Q^B9 zdemVK3HHOi9swf@QnLbBt}}txs58 zA*`o|yrrV+vL5}|f=!}0KF1)uD-=Rl!Km(%+!k7ncDd|ME^@sE(Cv;=uFQgku(KaE zRKtx2;B`|n#yNrkp|fth_^eJA`{n@uCjm`>y8NBeB$N##(7dfb8uD~@vUB1;221>* zHJHFH?o~rNUY(BT$0_>(HmbeHR5T^_+xStPI?1p99m{vt%6<@Qv`b6fbIyr7E9>`Y zo)NSP;y!nT--#HjBc0{^fOte$(+2@~C?|l%dCzs(ldZFLt2Xh-gii(%SZ*rA+v37I zaqqv0#n_k3W$x~k_EAUoHhk%$6FDc7Vb?R+V7v3&GhT{peFco65x-7~Dmjzus2Df4|>|9)r$$z$B-BI=Ghy0472E(qyTJXJ5=`zruyWk6%_K8Mc(E z)2AP5#P@Az?!@y=>KXAZ<=Y*NKm{k3jCb6f#8TJlLlDV)bvq9W(MDy(1FgN`vn7*f z^M~1+keB#+MXj#C_@tb`FL-Py3j05S=>er>WD>{5au??#)8!%mE496XC#{AUPrvE` zzg>hM5O_O-KYI?d?ah}UBnqNQS=B)Lv1)ryq^ieyA#|dA*YLmr)E5Dq8j&ShY}qP%<0oPHs^$X&@@#BlKPXEj% z1pz&lD@d$}2&2Y}h~IwxD+>Cn;YTWm#iGt_HS|2#pSp#{4Tl*Fs;zYeanZAd;D1Nbg zPUWqdVPOevG8h!m*u`9ZD8-jzgId9+K)2PYtz6g$Vh1X4U(wTRNCoP*kg8IOH}egF z>2$m|#BlayKeiOQd7TY}UDDLlSs6J5wdp!&ym@nH4p%C^K$MGF-xp0h?0cJZYfjSA z@H|Iwsle2BL4e|OF3bD5^}_Pjkn;@%^oXNo=4gG8&kM`@P(uZG?0>$W4h|-)VBDaGMyr*;d%)`q6dN=en8?96+dIpYKG>SJF?2Kq+O zs!5+t#c&9=T77ANC!u z4#ym1@3w@7$4mp7+d;08 zMrdqlw12JZQy3FL2ku6jY3^^+QgrTc`%DH&z4I0dMq+)X16y=ocTjI5{Gkb5JqhuTr_D21>*5-4gPyE zLn<2gO<}Jo9FNfU%g)Zxxi-h(ijF&4v@bv}Gv)YwJf`pX(U_7qG&+h7Zz30$^zasc zS=urvbKVNjfu7G-8xEFmzKPeW*lWh#&j9;nB=^NmS<1+U=FuyQGuuNgkfA}Xs9HR9 z?d|b26*`vOla;YazTPDH!iyY4oWSkbD*=o9)}ZiGB%_*amAB9mL+tBbu3X}?(zT_( zeg{Cu!TuuJZ{=4M%n7+e8!S?$@^?iOl7j7Yrs)Gcbl#?OOoHxPIIXr9Wo#R^rmbuY z&G5v_z3zwYJJz*9TG-t zEqssjAm&OFfWe^cAQ5S}TVN4#rwMKt^2pyrn|XKLb=S<7dQbTLfQAT#UuAb{lV<>< zcVe%Gg1_Rl*8=~Reo;E5vK{Z6J8{vD@DFP2882XVeL}N3u9*31Yy^yE>U|)@5K`+u z)ZUM^036s+_fEv~bOm(}h8QgBG3Hh^1bJ9KLEWz2PN)f*^lrqH)qOZL+^8zuJ+I?eFp2ey6ucsOz9$bF z>sZRnGN6KFA(B0mKz1SA`s4oP;`6l`j=zlMiD`j#C8WdVM_4D$!t37?EZY#t!GMGW zKf6;@n6Y28R5(Me?Q(aSOJ+M!od-DcTO; zQjQaPd8x2tfLBpNwelm@hi-057-H``q8SiZ$TuM80kZSTz}h{AUAPfGOk>}&R&5Dx z{j)MZ;!6@D2j^aT6tH%*SlPpyz+=CD~SE zI4t#DhO=htWA}hAZx%&R0EDq-Qn_*D_R2_s_I>R4G}x9`KSuMDtNr08E0xjy zXiZweDNdX{!Y#_q()C3;zvJN3uWMC<1#~D?NGh^0e?ROa^u|BTNiW>h_FW z+;FP;9x_8!`rV3K%4*Oa4#cAd(Kf@K-`8RIX&3b%!tnRL#;oN!zs)buUt{|;8tWlF zg808L_I&|P(cO^%oI+$LjI6RmZ_2-X!Wmy|PaD~q zekSMwo*wY7JYOiN6TPJ>+4qH?ULVI43Z6HE=qgXEssQ3G$5Rz=JV9u;H%tBm6Ho5L z(jVAV#~HTD#yx`NNSl3IC;S2fYw(dv9Rp4Jsa948Z*&p1Ob*mhgy0mRSbe>LkW`nD z%;<}93wLgskY8RP0CMs#c%DjAC`(9zO9k{AIta%pjyr4*W3rcJNy$M^y?th0;NVaP zSa1N~F8{QW1enDg9$DkA#9#A-CqF6CqTYf6$>V)IeFYdvp6&cdgPF3yWDM=zv^J{s z3LhmNCc+^csf+iO64_7u%=H`wV}n|L(=|_=F`NcT2ir|NS6LWK7F6QN_Kqx{E z&MKLRG$rmg-xoB#os|zW`*EE6Al{sudk3GwfjH#kgzNddsQoLP5LL=DcY-E3LGfaY zv7jW^Em*k5t|Vc|aMivr75V|E;&mIj^L0U>chc?LQKE+JMTf5I;yU0n*F)B<6Y%=% zmA(ZZC;FCplf9*SAKh$}o>Cr7(bc!kF)%373f{UHM>VUIdAB0tLUZXJS0rD`ie}Q;sNuxUSMAZYmy6Xpq-t!k z&XHqM^B7Laes(CR=Lo-~>P_96*M&pS{Yt?^g%Jtf#n1D4j}PrwWY_8Vl`G0viSKRD z&QDcQa(b^52OdIJ4E~$oNH+kQ$CTLm91PnIT*T5?0@w9QtzNyXOG;`$w?u6#QUdujMlUbGN zi%L^7Jc0N(oM)3dI%S?RyR$OVXK8NR%b>E{ZSQ$98<{skF} zKP7eFsRNzt+G)dBI*1- zpEYIK9}PME`xkoKIrekqn@d;7Ej%6cB@PIaB)F4jPaJUNCi4jh8Fc5h>=eQ2nZxE- zuDUd>aG>iC{Ntjk{hUIX>}M&3eukMu#CF_)Jz`bkg0j`AEBZPbdkj__BqQ~bG$7AxR z&wzuraEc!4x-q|OBA)t%+o1D+#g3Tt%8W|~hrq_pg^V#{fLwhczlY=;Jz)%y3MTpE zsdMb^nh!#1UxgRSq4)3F^#u%RKdwbD_=UmcLI1Y4WVad-R8c`&1Jc%42X?lMv3%Zg zy7&nJeMR#!wF)!JFD~ORj6{ZcaeWrAqs+G8`Qb{u&vd$<2l(m~_V%EE7wmM>WSP=8 zPaY;)!u0he?F%7(WSc(-V=>Y#h@&T=|D-{1F=;9SKG=Db^8Q4GvD$PxmltobD*X2P z7Y5X%55ZQP_@r$pW5aRWX?#VBu!-#}+5Q^Db^2Bx~(=R8K-fVhxnK=Br$YF@k5h zWygvDJ>IfPfA*O^Pm#-ym%4VAR7#2QyamA!Luv&z)9Lr8P151gz`p9kvg4TSVt!jf zQU5R=Pp$Tz0+1P?7JNhRa3k{GK5+Z-Y)MASBtI?rm8w$HRM=q8PkjvM_^j5tNL`0I z=t`rzRJxzbg;`EtBR`^KA3XWbdJd2I`=RA`qZ9RVLUB%Ff<)v#f8LbG7dl#`KY&If zE~Fx&n2fp?$o$;NDGx&bSUjr%^AUE85rK;tY`>Fql_RH8q@X*9w;Cde+`G(0cDKCO zbD;%&ocHeyzcL^RWR%NltR}jrxln=C&59|VVpVwXDU1w{>%MZzI5t|lul3h7f5cGk zq&x7tY93u!vGF$smZmt43{HTWWvtsyK@1Jfe!Cr*pMSm@Hr8-NlBYobzoW2-^D*QSLMLh(N zQdCElNNcVwBdC1|4(*!OyhqdfgLCo06+|R$56NJ@KCM@^%QT3T(cGneg;||t&>x7y za`N5P{N~j%8}ooOhBQKX44}W`P-WA7%rqZasq_tL_ugGp6CClaj@Gn|M7tklTn4=2 zK1-DE6VPp`|I8?5)@8(&U4MrCRHLkb$M4sKg&P0H4`dx)z-S?7;L^`o&R(zjJf6YB z64O2FOuJ8KofdeROt9?(?lPch`s_2A-K9fI6K1_78S6v+d*rFiZvnWkQ2K5uQZ4D< zue!b1+w}q?PG6=Cm>=zHn23r$3qz_pJn7jdI0kZA9?7MR-sc`bxaON4;DCIvr&@}i zRw!a3(lcQ&hl3si@z>5rt+u=rkMHU#z0O6%ZB3xmJ@gyN+WK7Q5aYix1{s~hs7wgxvyBt49X z?fdi{hS@ z`O#D(`5x%3#6gE*TGn^2I`H^D;h6oo$Iq#Qs~~4fAjpeMULm`d+|M|L<1rlAJ(Byx zzlBWH`Q2ncj>dv0X~7!NZ!bFIGy-!=-ShWgchQ&rrZmhB1+#@5^(bztegv8#xCkl{h~Kl?^@0~z0#hst@b*7?s9m;0Ut zz1>p^m>fhnzbkYwIc7Ycqk2#O`WQ-E<#o=%2-&y9Riqz9 z2pRCLcyNXdxMnq#i@;Lp6K9nSn0POH=SPHGP250axou4+c8GpBjy@G2-vV*jLI1g#i1v-!}zdJ>mX!D-q!t z)MbvyE+aO$9Y4^!IzmbB2+TqDW+!7g!LGJB^@6g4d9mIJB@tg?>-66xfuNP z!#`ujiVvnZ=xH&emU<{PX$SzU7AuD90W9lJr;+6dr6JF7pv?; ztUIX=+@e1*I`b(kc#s|E@xmjQ|0EmFKsx~1X1L<&dWH&qvqkaE)L5O-`tzf@$ReMg z(%L3*eK~+Du|G2SF!{$A%^Xu=kbZY z)%ti}$Y=0sqHeCT@l$G_e0>ory`ZxmqO+4u$3FP-=964?@=SQAam0Cr=%UW*rz?nA zu$EM?fj2q0cvQiKNk3g`i?)Y4I4dN~a93AY`z=k0L4gm+t{5aFCy2AU9Vn8aJr3jx z&f-0k%JKI^<^Ni?p;VUqQz3OEhJ~4z)5-SA3%FhWAj0aN*+1*iWuDkGo~FD#=;DyM zOoOLnPIo20A?%BkiUKaa?O*rrnF_Bb)L`~IUl~xbxX5`1w|nY4aXRQx2l7rAMaLfY zqN21vd$;}v9k?(1Wlp!7KrYXkng*S00OY_CxiUA`Hk>$E|+7A>U$+LRvwwPF%FuD0>ESb5GMMI-|SCdgd@rn*;FvMayYTdF}jRL4G z9%t;>_dVpH(An8gaHJL(cE@Gx@>k|VO*v*m`yC6DNcpkq+NuBDn^*icVg~%WUkHr) zb<6sGGQ%LZU(?jw$MKJeh7Df$3G($}4)xu}rSrSLxg>U~J{WlgVdHsmCn%oWl7xH< z1%5|e1co~wwy}&%sBR@Lzbyyt9a16diWGYS!Tsp6>qnz6zbF>je(CSR9=MIq!$47J z4X$bFT*t;=i3r#&LGAd1lHP7~re_;`dLM^W|H+o>7!C&_3L~}EhjMPagFD=Fj-*Oa&sLRE-`>|3K1*UGY#D4_i!`^I zzo?3e1^55nK)fJd@5A>4;%QW$0~Fw7_r!i-i6B7JF@qtA$!Cdoem*AJZKDAnb_0B1 z-)6WYz=mzyzxAhVgy5{M?+7Y~$HZfwAmx9x>lH+OjDOz!j58S7_#63hA0uFC-xwI_ zejrXf2%+ZW^tZd84@WqNz!}EvDa6*=@pagjdnsJ(NBANVVQQ)$+qYdgEu~yJTQQ%G zHfTPOYN3iJt=^!|+pqF{Zf9)S*cb)o{t(!?frp6K(TB@R-q%q`Eheu0qPi|;pxHy> zE%gk!GJ*V+5fvDRbY4!6V<#D_FDduM6`)^%^99iXh{_~@pKXz;i{>LZ5pIV#KinHJ z<$=faSs}>9mVi2FQ9)7;j5$!ZChqUy_*K0=2T!J%U%_4q2)Q)nwz%kw#&GvW&%P`O zpem>*C;~Lk*GCRB*JT_ZhS=8+CQhfZzw}`35bS zg*{hfGB8yvQX_e-XSZ5S4$x!n#J=w!-XX>)=ARC`u8 zCwum20fZqG+AqI-V+C|6?uMUYSel{#_|D7zC`0@{0u6+!FRyTyLo|@G64m^vBc}Sq zme{!Y>S=*7ohLJfi6@lBthD)+-=_fD@PnTq8!yfj$7jzp+%6Y};vm=QoCydXD_{2W zZu(X|1W9@8Fr5hUN3Kv|o%rXGU)O>cq}$nkU4e>mm1nV`M`!`wLTWMmyl~OR%U!C1 zLMcJ;mGiwb_suw0xgU^g)7N6X2Vru3(L19rCVFcVV$w5obf1s`1cUBYa9xi510ZPW z8RD7`J!L;f!#cwG=)&!je62_}(?Y}m(rDVPRyO{mCR2mga{Zx@jvYFqZ?P6iE6D}p z7i76mICtM&s%?L;?lGjERSULhcx~p+;o4*>S+<+l+BSK*zBcaC7BFf4VCNpWhMurn zeM3F(-PG9=*A^$)+PW+U`yStzzlRmJeglmaPyAL%$S2IZfUE}h*U5eajpPI;c<`pp zP=3DB>rtd{NKnAfgO<59jm5n5!^bsxvXG}}!mqFhm;LeMtz;xsy|{k2=ItHzZ?S&O z<*vMd=cewZWU76--8V)yT`bH(D!2V}eT0|Wv)#hNe=++SG=b{Bwg)LW@@nzipY{+i z@BUThFDM^*OO2$749PQ9@cS4(l)?A&4|5EUcqy3Q>J-mwSRSODp}ijBrgeY)ftB!s zBt?-xD+@*eAj(J$BnS4j&I)ytoIyo=$D)!h5a)v-z&_M0IQwl|2>x$o$&Y|66mN?0 z0a9tyFL2#E$@Wu*w#|MleJ%AIXY-Y|o&qnczx)c$<@5Q5gBPAcY58^tfrXW876k&s z@Vr*aa=z&LZ~0j@TPAmuq_pa6KoX4E*Y&jDg!#>zNzRJN`Y!61(^nMuX>a>d{WQ1? zEk`Pk2`azrYYv&8_FM3Gzh@cV1Wy@dHX%{LIo}E~H^bzGJ`04pK&vOj5AVC`XpGum zru!F2%TD2BW*O~~-lQS(lm~NxyvUM>E8$YWv3>7Pix0-vQAd7C-SsZ!p$XKc`=`+K zDY`-)=A{H4G^P28?vmxQM)mz$#Mlo6n`g_(07HEEkg*Uj`fK0%>^DNleW-u*2tm3K zfLfE8xX{B$LTAN1TWU+co-aY?VX?Qz+x+1Hb|sX9Q?aE>^v%G7g=dVJ>dKK@i?(M; zjDU22G62L-oci9rLbN1j9fe&-wuJk#jY{ zAMr<6Y92xwY_$dP`9#mtNlGx7&LZDD9m|#=dgFP^%s#iz5G0MAY?~yWvz~_bOLM|E z0D~3(1^`HVh2XG{$M-4x>x7i2`{U^D`{eXdSaXh&;C13Tkml=!+joWihNeIcOdcG{ zzguER7hLAL&-b$;M^Da%fR+I__cklUZYj+EkEzEsGnTv3DaMWN0HC)1gz|nqOas`b z>`e^YiT79#Ppw!mO*nCP*hM~1k2GjBfN}Xd>ft=Z^R_X45{@n7HeeK8+$Nu zgH1b&VoAeda&+e7_tmjc%HDkR-%bmunWOYz#&GBM2;8p14TvxAlCe`?|((FNfgn=1{Zd(>u%?Fi2pE(pQLAKZ>fBKu1OCjiSc^|R(ufU)II%}@;z)%t%|Ta2-+zs zb)3E~%oi)cM7lR?|DGNo~)@>p*Q5z!)rx*!`1S9ecn}AKS8hUgq2?K z09Dqf+ylYmb1ys5ZG`^llcy6!EgMSlzc7{P!r0U4Tzbsuer=Mvt`6n;4RbRW(0mRQ z+-)-g=<##zy}&rrt?+rCGcBlrykX8rxpqOQp<$R7B!`YCH^XRu)jY{DFSX zl(}vnaeVp1PAzP((mO(CK4)AG+PFzKm(}<#Y3DpYe){7zolkS0_CNYEVW0(Crqd{{ z#_lvd0Km}h+kUFU6)Hg1ZYUJ&WBsM?!>wtAeVBt*qfLd6ZlBweZawpv#MjVJcpE!o zAMJ5%zklz{z!cbIBF?Jq`6I@-zj_)#fI2QR$TO};3=!*MG5 zk$ii-GxTL1O#EiE*i&AxzGd;-`B~C?c)&r}Ti4>pr1-!L+*X;>ndefTFRR*Bg#Nnd zp&;Ggj(S+j(1OL9#j2PkQubZm)t=f(sR^I1lr`b^ce%rta#hF@ftuu5yM%)L?rE+} zmVFYgS<|?u2j|$qW&F(V8#{hqj4{87!VBKWaFYuh>+R+mngs^}D;V0*?GTYvsg(Am z)0*=>KcC)^!tzL~QVxlYa59cR8$Fceu*9$Dz9ASChnY)z?x%ttgLTr+_HAYLWJBi& zzcxeYLU`r=)KeZ9HK*J8c7&wPzB0Z?RTgx(DjqJ1JWCi5_V*cS$3Bp+#8f-?z%uM${+QDTXbe9V zwSo9bd-WCFu<;63hJ8Qil)f?4hr8D>smhfCHe)}sJ`(8>HTW16n(Ho-EveEm8ON%) z5q+EA^i3t?<8AJg!qC>iv0O!Q;peGjBX{#d4mG z0(O^@nztHG!^Lc5?`=L=Lmhc4B1tC@-W74=YwmzQ#nqko`uYN(HU7-d71>xJr7D@R zuzGy_{SYy}(TSsxnoR7^S4OBXWgV_ty{BHxK4Sd_`>@(g@2khSC&}F_zVyCkzF$>@ zK2@ca9QZe6!rs$wvft?kauF+iv$KmTgqwwg4N&Q~N zeKnuobfU1u$Qj9Z#uW;R`~0-@c$=78BrIu1H=FzmV;I=Y{P9~CFiP()$%&~?C3>m# zJEgf^lFtH7o@s=$60bvweJ~~{0Z6(s9FIg0Zu^qPk=&P1{+v{V*DOl13}C}v_;;*x z_|OwtZ%0TV9V3USrP`Y18)SIvSF#SD%l3I|Wxc3D?*~ zqdG|{17|5~Fda^t7m)U!q6igSn>Tdr*e@V7n}qyAO)Rj1(NI zm>SxY@N)`g1!96YHuu1^PcZQXB}|6o_384`V*!DqlMpz#TO7NA?C#qr7G`qc3nTIP zpbx4Y(O$Y_YE-Epx?j0j|Fw_DZJqBfaLw%S@x$`u<#Ahot=jP~2l=ft*{YU*bSkLp zQ&-jMbEhp5`yfAoTn`nV7L{^e+4m(00Y){h!5tQH(vFP~j?=VXepe1p8v7C0ur^?o zL=kb0_BmU=ukTMn=h!UW^pLRILvFRp+`7%EHxL~QS}tAcNwAd1I;d7ebflevKyMY7qrW0X8e$l)DR$ zGm+APT&ONwSe0vr&>Oip&M+~uGw-x{2^5;Me&s4ZAT9)XCnEOne$<~N{*=`xdcB%A z?x2)sO66_)Y^HWO0wI_f`@Jtu?L2(nMpbjnb3ZOc{h+`KBy+5_oYEJ!r4_Gbd3qWu zW!)s-p&;Uk`ie)|01xd>t`cGpLG&sB*I8ztPi1lYb-{ikDL1>r;LGEprUJJ#{n#xo zL7JxLPMU#hOetTeFvt$j4;S6zVbZliME*zF!Fr5GHP33k;p`Ig;w7vi=fp zCcNsL=i%Mq!kjc9;HF2eujlJ?;^6(>T0b!{fA&7ZgC0m$8P4)=K5jRb?a-Ji(QCS+ zXmb$EZvUvca|qST`$>if4niWq=rM5oDg$d(pT-+1fJY!z_thIeoCRP7blIN45!%0f z6V1U7Tu=o{did?37Qa@Z_L}>$NVV?q)D=?gGNGP2dwpuVL`w*2G+kfe=Va zr}DXi$q6O!7sy#PLP*Hm6SGc$tkxCv=j6%&N%rB9Me;^k7i*P?bplNs&SwZpG6Grn zMJHBr~!vG#evNdfk?l%!WP0G==-Lwz!Y8c+oDF}UD+t-XsLYw|) zxoFdVbD-v#9tjZTT&o^`Zl{dg7`dRqM!=bVU!~z*4hydDPfwKIa|`?|aZL_~I7aK- zg4blTIRz|Y@rxR1l!UXU>jAG`&$`c7zvp<@P={lZgAk=$SLkvJ`}hd8aiYGi59o|< zI1hR?!}a!=p`!(lp}gy|Reya;!ms|YInb6UYpmgy`bvn0IkR34OMmW%ZTIi^V6%=YuB8>2c?4jkM;8SnZSf(hIG@K?&(uVMPg&Rl2pho(^b8HVIz7y3_b9sKlLdnswj%`=e%seQ}VO_eN)y?GCLR2clHv-<2&Zk zM1FtpKKeUj-r4gDF8OuuGYZKyx-d{0m-q|{=w4Wf`%_tU%U^jcAiIcnHED)%=%a!l zFi!pxT2_HNw^JRL0`9SY)>3F!T))i|{1K^ddCGXe+HdiMXX+U%<3mT)>|VUu(97c; z)p6HZ!5ImeFc2mzIL@u^E6NY8uI;+mRyUlUErj1Tnz)q`Neo?8(;}srv-2IieL7{* z=}VsBWgYm7`Wz-cM#DKcjeppfIXaMRo;DYls22Qz&3`XQBCNy`8jc(aO?rIf?ctp( z8<(lS<@h7b+GJn64!zwOIvIrm-|p}`z>wR0{@4)TA6fi4+c5|NlIMsD#;K(fA}w(KDWE;yQ+>Fj z3D(wokOq&9njX0N$DRfNr&a3hT&6B>TtHtIxCdJBQGAl!tE8!qtzU?gd9>+1a2HXs zu5EF--XQG{HgD-p?eQp!QN1|dma4tw#P-k6R9a6ea}x_fK>{T|EN?@K5SCAcafn$p ziK^9a$*~n<iP38C5Q{qLZ>Iy-yD`L|c4I zvO>=ZQp(pnIqLwj)?#*J-#HlqEd^jJ!Zm>dS$vEO%-({IZ=AHr!asq|D4e9UT>%$a6@~dc18vln7+=fby z{AY>1TJzV;sUna+I><)B-B+L`bZjL%eXsXOH|AlIEyG~<;H9xUFAm4nRS!)MHY7#B zXt8*km-p#+Ptc_RE%S-zRqmm4=H{GWHh5x2{N;BdZK=c~E%+4s8mm@ryYL-fz4T3KZp3d^`7g!Z5_AyDiPHPvs;tc}9M@)EnNfpvmh>z3{C`cnpGs$h)s}toToK+d{ANoymQC^$calzPEF@Qx-u13zoz8nHgv{( zFR!CuRs(kopRt_{Dab5vGDR5$d>q`mYT|}Yc&8Aov0^QMSdMbwet`6C?RY~d?X(V0 z2&aobxhN=05-gc<4v<5dVw&_oB&@Xot>rcADH3i9Q}-3btcdMAto!fjb9S{!ACA5Q z(9bk+>+|FjrnvB5pK1yx{)F0<<_fRYN+8r9x1#}!=aT?~aB|^q>y%6toyzq&7$>w1 z@X2qHDi+Fcp~0D>E(}~bg<_|9spL#o!V3Nk$JK1yRyvKAAH0kc|58RL--ki!5D5rW z+1`0$dYoE11`u9s`=Tj+e;yS~+e;reV_~jxJsd#fd+qbA%?&+MuRd@Y7ywpe)=Bt2 ziI@CE|JCeY&uX7ZrW_Io?1g)?9;?0>(BH$+1~v!brI`o*ZM$oG4(SQn_q;rImihVI zbAOLfg~_F;L)}Q{NAtc_UYfMOj8YRT4algdzwSHIg7=n0iZEYna{fF*m;vSgSUR&V zMUf~7|0R+AQA9u%5!rcT7etUvgkL{F^_ElzSeVmtBXO=-DA>E;dpXtus$V>D({wVC2`~+gJZh!Wn%dk#}9Q8iJ|AzPf zY$8!RX>n_ zpKY)&5aaoH?-LsNMnA#fY@ET%fGBK2(8#Kc#*4Lfr{gRX3;e0a#Q3USKsOYH)amIgJ zK3AL3qf=SRu9vb|UtKV*zlJBaA*G9UVB+E@qSXWVp4wBzI|*Sc_`Z3;ga>qV1NDs% zAJ>`|`cIg_plie*3@$&*?M8yTIl~m+d%wD7bj{~Z0Ta&EaU^WsW(bn(oiP=5s?hOf zWyg>tCpzcfAiCoKP4L|E9E~6|D=EKEqdZ$w`-xM{e7D0vk{7vg;J5R*^H;VfEfG?) z^$H^`DLnabO_1OLo1Nov;-!Lw^TvbBvr6$-3sS9=q{8y~!Jj!H&K?YwI~{`J`MdR2 zK8HhYhmgL!m-%bTl<-WD;K_Jrl;477&$xFa)AfX7?>yIJXxHDB z!A&SAC?1|(C;o)02`%-g%CPhDAS9!)mLMIOew1&@bZ__CN0ak{9r2NxFmP4eSI0DZ zjmm(f@jAzO%ELP{Oc#fa&iPyc)JAm3<`MD3=Bb*Ptq@dx>9;C&MT(Hs{ca86xdMN) zheHX}?naigwL8Nf5lHEALsU~{H@7G6o%7oeW3{a@R91?<-#v{PgQ)b<@9u5L=<;i1 zYOHmyHAl?v=kn8Sj_z)i^xzN}8qb@OaCt71#Amb(5|;MQ9_J2PsPifI&-HsU`~T>D z^cN3tcfP*N-lLljyjc4{qVx>&xQZ@z^~amoKQB+&`5?C@-(98x(q|@%6r007?+h0o zsn|W$B5Z7nu~#;cgm=EVQu%g=T-(n~kW@#OWF5m~a%XpL4Up$ARc>hHlK@l{?i%iN zJtjyL$VKQu-h}ZTZine2etntgkR8>;6^}VwH0DM#s{qmOr}OACS)85^`>jel;OU%) z?=h~LbP(!e)i-G@CGFn(aYC{)9}&<%Ci<+daXKm5KXS+k37MzOEb?typ8gm-L)YC z<-RC!OGu+t>r7o=Z#a~gQfYQihy*|?>;idOll`2!$wj$SuTi#CLPDa!<-R7ym6Z=(53OtevY1V!ZDRL#r1bFhFqlw<9R&+$zJ#hY=RnNT7 zO5BM}gEv{5P-08G&4CC-oW7ldjHA;^GsgP*}(NHl_~)b*Vg5%*gz&k!Y@2ME`txrFWwNki+`JHirfv}Y3m zU;7pJK8LpP!#~zr`>4)m^Ct)Sv9*Qtdn_^NC5QyN+uVksBXW!-LdOeR00fVir5`h@&4 zUr%kg6reC%tbDxIkHyG16Jp8p^PAd7BDjQV9D4h(-g@%ko{st^I4w_J3Rl0nePoke z`Bhuw+qKL-9pwiEa3EU4B55*~a_-)DhEbnuW7Yi8YkxMxb<)aSlWFU%JR zd!In1>wTi`Lt$I$KL~qazR4xERj(0j^k@Hm$er-TsJK3H21h<`ep|Zc0(bqTZ|M=m zEPE<(FeG+5Xb@dI?rchQj9)C8u3b7b9>)7;>GSfy9r37eYqVci+G|V1WnCt^cH>Gtdm%7P+_nN{kKnnKLAv!&+O_s-~np_ut7o`cy`ZBkr; zh(U&H2i3Oph*#>4!kM%`obZ4*R{X5^IdK~92_J>xcGL_La&`GY`I+w>c^-?<#TLWPg2)exwgn6~ zz!##+CYT0^b1Z-rdV9UT7;KdCduC)`5V^2Wq6JV=Qrx?6-^h;(+qxUgK!=dg$@P^y zt4^ADY~@ppvuNuF@~iJzSsztCu@j4z&D^!B0iIKy1=^tW>tg6#@tR^TTP~^TcDj(WB?(lCds@VHmQ|H!$?anq4Q& z@FaqTyk_42fF0Xb=x z68)Wg`-r@!4d&}TO3(xGP`MlgH+80rx^pG=v(8gk$V7ET5{H?D}wR!iZMyDxY%)HCwV?qkFfQyY-v9e3LgWdg1X zbXak$SpwTJ)`DKieSRIe*UTfPhpRn=eemfBq>R76=*OIk8@C`p8eg2Ry-lB`=kYV( zt9Arvnp`Z(Y-9%0gkR_Apz-QVu3lq;8}1PqtC|HrCTrPFUM zxX7fvKn84WE(WHpgz|dcGR~j?n9<)88ys6!FKZjyD{(0dx6@h8yLZ#=2ctt$&7zGh zai^43ygy$K5`PKyS%sf-fSMF+&1VIb&IJdIi|oR=7~k9H3JPnsMVW>>RKR{Qe>YAR zkL*M}RSwQW?A1GuHByaT3qR9;XWvn8=o>;Xa5(RG4a#a+uiF9{9j84)W^@sq8ywFy z#=b6-HtkTfHeb*$Ic{XCN^h<{WltFE4`m z`fv%YHiIs(FXGv#Wb56VI>6h)J-@~svLG1edTC4zgZup%s!qlxPxaaoMbV{JJmyy| zBJzxTlnLCSJWxIH!P~@rK0dwFvW2D}L|8Uq0yAcU3S^eNb0B;zubWWj<#K5JA2wd* zZ;QmyCn7%7A;h&Ui2Pm_(7g3D`Z%<$uWe}TzA6;yHforsxW@5~g@907BP>$tch=D{ z3Z0f!MQib}-=SFKvEZ|Vr9BPn>&MR@ThPY9hkaemIdhl`4PXwS?kR$By1!sOD|Cxj zd9*M7gpW{rrVuu4Mwr{faS6f~y1KjxLcfhsrHZO8ERq*5^z&PdweI41WUToDpA?~|B%QypkWEv#xkK2$ncZ8-0}HaLa(`9>kkBTq4#e3UzX zt1;5N?{P*vCE&+LeP4;jmz+@fRDF?C%Y;F@&wT!F79FZ8}QJzmDX^Aws8 zHulwDJ%Hqw$AdGS{c>Tc?{SiYZJcJ4v@8K&tp!Ct(iBVQH86Mtw&o9o7@m&b>AjLe zE8iYj!@M7{v>{Wkm<|XSdN*gy|K#GLvtSG>OS?#4!S8wVHyzGFaBitZJ6&L;h3#wp z?SV(qMQmOI@BFfT@)9HR0>==j{hLm7uZgpcI?(5q{X;|+QZp^YxH>D^wW(Gkl6dfP zW)4aU)@7F>cfE)7hrvRm)PDT%hhz)5C0UJ-oUO;#r3{@dvONKKwm&Sne*h=B#!mIf ztUJt?Cn|q6*Be5v&+MffQfV3-W4_)WMjrCndLe6m*F#HZ+PfoO+LJ&Im~aO&_4A5U z-kgX4pE2>OJfQuy2s+!Feq{iXo)M^O1+win`nCr z!C$KEnT>- z{O6MWe35?6vchUXMn~^15!A~`t6bFE19swG@M)Z?r8M14LV^IY%);Ig+#k$|k0xkU z0R1)?pd(*?_G-LI-afjQkJpe*Jt{?^!C@Etan4EfF*4*cilb6Q&UZYFCxUaRGq!^~ zB+rI;8oF=?R_i3a$US_y7kt_x_)A9p0wJ&;^*+)dI)H$quDh1l#yXAfw@L3YQ<91R zioJOI_BZ$}o^V+AVj$b>o6OwSw&A5`XMQ?Q|9i{s9aos!RbzB2iL7_8?+pln(uuXZ?^pOE?00>r6S+QGIAf&rXPk3 z;nK>GWE0eCzaM{tJ;Lyg^XCjD`Q3D=FO5fzc-)FpjsGES2#z1|fq;c(IPKPPsY0vt zbeCS_+7+thH-h*9)A1#i^U#$^P}*9EV&>6FaZ(x|sx$-*<%VGOi?HlsX34XC;kJP$Ek`Yu zs#0sX^`-1d8j75C)xyV_N#1hg8Jv4ECS-|=1@ZZP+CH?dryrm1EFL9N4-s{34H@=d zSer(J?>qSGRGqBEgQL~&^|MYh;&`6p7tK-aha)T9`=MI3;RR$vyZ3&!EBd=)Vkc9G zD}%P!#)FMeUfq{aIYH`~adP7#UE}x57V|!oQ}^kN7^6}RY`(cJ&XCjlEN6>K`mFV) zy4Otsd$ydU(RMd^gBy~uOI~PhmCiEcS5wQrtOX#70nkytuH6F`3#fsG2Xo&lNNPdi z{K6wmZIiJl{YlT0jM5o= zC*o^Z>P_y{q>H$ZTd!PMvlmd2N~!#ji08}ex7sl_nY&1-1b-k8lX@imy@ZA-HdWYp zh20IdqT@AtcONl1K?>^L>3(}&Uk2}3`ym*8?x?Nqb*vf zfN$6kLe+m=yv^GS1AJbge4jGuwr5-lTDcFgMC6lSU%6!IP9>4#*LwK$ZB>K;Fu^~e zB^NJ7o=$T4hEZ2aQJe4mI>8Je=S=4_9ltH1I%k9T_kjikJHpmJ&VVaClk)bse?R?n zW-!Z*LM)gWkXu^N`}+Cq8@4;lEBTA(wn{Id1NB zFa?A3f*s`9sogq9peRB@xq zfxKW)739tFAi;Ooe6d!=N?nLls>|rwOg5g|3xr>yJk%pMnEZaw5ypnbl zqo4~SIlFSNW!MMKR}$*<@eT=dQA-$8L2Y>#4J2&rQFBTC2{E+Rnzhf%=y6HioJGx* z#mM4a$@<4%)#^Ha&wR;l86U4H+;oe0WKy{ z!9XhQGa?TxDl_w*+V0X`>D)_MWamg4hw#QXI$9f}D{(=nX&4pVr(@6)V~8UtG=GtwYi`AG{G*T=2{|MVXF#dr=OPk=jc`e>hb&z5*> zOTvjqPho!ns^^p47wT@QOYt~~Kuw2nhld!TuHb)4$y5GYJC(Qc<>AG&DwJE`>n9dBWR-@1xm>R|KQ>v5!#Lk~C+}zJ+9F)>p4U0`Y-*#Lv#*%ukpocQ|BOlg8?~e!LF9 zA5z^xUR;t=d7nE#^6q?fK`9T}}v8 z{Z7XVxgro^Q`m#fW@80A+Bzzpdq5V+%QAyTn6#ETB{+Whe7lD;cv%P%{DijB4Gx)} zpSD8a9qfDGS0A&w)ZCvuz#C3Kl4An|ZC%;uI8f-eqVXn1P)gxnpf5b0ImuiWPvZQ% z71dI6HWb3=uQG4gF>fgPCimDRlB)Wp6(8N7d@} ztO(+5&6FmJljLC&=V5PUdo;uq!AfZamR>^W9?IA%TDndrbcD;s;S1Zx=8pyE z{G-=GdFYN5w*f9WpVS7l*YC<)hp(~^C|hCkV7X3j@?4X)8u+@~VsoA>k~obMw{T9U zgZ$7tfCU9NUs;DTn<5G}IBsBg*m_uet_Zg&YtU_QBp7nAUX9_!;=&_>7(uLl^et~! zo{qCqPggQPMF!A|+!IWfHXn8=lh}HU@l9#^l%M){kxIU^n97xM`36g$5afaGy*vj~ zuGShP6oBOv3EI-rLXccaza@JwB;GIMUM0?!-e^RE)%^Ooy8h;<;pey4Y^PTgDSBTa z6*$gJ{v6N4_8pqJqWlVh;KeIxXxq3|HrpTuGF2i zIgB;d(w5?=TS#ive(mT_L0xR?W{Q>0MW-7xg^HvW`E(V4I4fT&maV6m{DpOEr1M2w zCV6irmPd^z1R4T>=GomuLwx&DUnr04Oubg&z=Ioz{2%rYut*mB85^uCHg_EWd-iYI-!oo^jeX#q5z(EV<1PUFnAVEvZFIeB8 zo469SMhSyq1lLnIg+DdQZZbcOX(D0Bm5gMsT403@Y~%s@Ok4J@YIrMD8(HB^W&9$9 zJz_!#flAM>Zwik_pS@5oqgLXm+sWC0_Mk|rqBTkj(DLWIeS_o9XulSbgyLCpg3{rR>$f7Q4%xJw}$ zdLr3z(yhK7O-fqF0iYDjdTkp9CG=8d{B@46MZRi~CKP+@C@-!#X&t{K#W*5cTbJJy z-LDxSvn|KR)c2%7#HE4GlFV+q)$^Y=We;u=xOP3L--Us--^C$6>zSrNA8#wM^bJX>kS;wH}zx?VD z+;ZkFD^GIhz|tPtYL(bt?ecsM4LXvC=_&!<@reKL3?@Z+cK$AE_SzuRr7}JslWM1s z$ZzbIPs!Oa7pdN>gUI@f`XTjUoFkJV*-|7CW`!V$!DGY1l z0WbJ#J>{1ZdLHk61Z=2(E0 zLdoJp4MTMAmEgbu>)fv_vAr-7!tvT3p7+F<*A}ff7@nQE{9zSjVS1HX{8IJORx7zr zltzLr?&@n%i|&uesXWQ5gL$y;nhrQ}1$4d)>ubFWXk7yyA4gWgR&TSC1 zWZ$0psL}7;Kl2y{7(AK!ZZOSuTjWn-1ZT`Gd4%1`03YkN&u%8vOLyWr?x!fG`|p>R z7JXQ+0iiiL(?OB6-=Xl)*(tx*Rx1A6Yjow9S$o}q?!(BYCHY=7;F3g%hiDPJU-8Ex z2l#Ye4aomWCSAgw_;IJl8?OKGf&9V17`x>nmyrjkmv_8>K5Mo$22k>>!L^vHC73qW z;kh3&{f~u-I`zB!F(TOm+MimvY9cE4RTwXq;kaLCk5}@&v}cY+MsAo`gwb$6tX_?+ z{o?8~gBw!n38fD4lB>CB3Ug2It&#Z{4DN}{8GcagYs7^z{IASBzQBU}SB0f~y!Lt+ z4Ft|x#8Oqq_oN-Zppg0!{SBs=zOx_Lp6<>}uvKJ5mO?;@az^l&IlM7hj23=x&({;uD$wvl;N}y^TTHc6H>25kb zmG9)G>?44oRFRG!OrYpnzGGy<_Z-H!Yc54LT#|ylPZoWcuBX1=hv8!wROLNOA_SG| zP`^1Tr<36>NfX|$`Id!`{jvs>oc}1)C;asJn)FzPNhph@N<$ znHX=dIPUwvvyWl;6HlH97*KP;PUO##8of+u)HBj0Xb zeOpgur9}E@rk|=yZu{uWa4Id@M;;pC>M$rIe+M2O-!GQK{ANg~9^Uxg4H88Y_nHu- z%KQ191b)8U6sp)bXH~b&a5ivmZYPAh*DBUt((-&lOG=@45%-`9@yCGaf>4F^Y1Ya5 z`IZ{eYKC~fbALnm6RvNz#lPXWEmQ4WAWIhugoDsYCX8PA0eoH+`wl#7t@tytWt{!N zJTIX_ub&Ec$pY;p_43G7?{4A3L&M;!#Wz#!nIge$l`=;x%pbJ=G<8i&rrAI(d)I)v zuyj9TW*8*%UO!{m{LaHzTqvP{$6@8Lo5}}6f){S$lzHqE)TS}2*!9pw|D7Mle`Hy9 zg+7@qUKIctihFW>sgGa1n5q2Xcrv#|+}FD&vOjt7wno?Pa6!b@D|#fM>%1$ww)@Y+ zI-UlueI{aQ@hs*L!66vM-%VJ^J~d68RplJFEVnYOM*|?$Z0$*SZ`b4?N#BNOaD53p z3@7a3vS@bKc6TVP;~d%F7G4yCqFe<6sWgP;QNImEw>_KO^rIff3T>(muF#L zLJFLwDT_fHQ~S<6B*>z**~e%Ewe?JGAKW65RGapd<(UNz>06VT=wbf z7VW>XLT#nFS33y=j0DnUD&(oYz%n>|1s0fu7vm8I4T#ixxc1Vl@<^S13zi1uG0HCq zlmU*`$>r8}+c^`TwWNfG0YV)$t%``C_U7SLr_)CY|ScqVxYcP~5WXub3 zCbg>#dAvAPHTA=&BY@MO#t#~t`|8x`joiRZzxYqla=RgY=*D^Pj|Dz9WFqfw^|-@= z(V(f?!A*|0ZhGMIRA#Pgt_xBk4Q|Gu_~je;~K zWzzQ0cFBQJ<#cL}$(^vT7msIPD1^rL2bBx}srz6|d?hKoeR0Q1=T|a({x~#8{;CMC za+t-d+FOF5*{G?6K}w%MrJ4t)W-M%}HL`RFaPmR48Vu>oJlBO)9}I;ITPr?Z9&}L? zu)sF|SoR;yl|gC^eC4_Hp${%z z(7EO!X)!c{ATL(>a)#Shff^D5Swki;5tsvizW`yT-+%Ur&P2gvtyz6U;nV(6``iu1 z+88d?DkJC!fKFCUpdA@=f>pG>GIUn|xw>`92D(_t{f!GQ#f730N=f;B-{rW-f)kZ<{Y=3z=&w#yP0aAG>RS1C; zy@9`d9-HDOEm;ft;5GCfi$Y?4xK@G3m~pz1^O4A+Z$};=ciKyaBI;z#eewGZUmF+L zjEx6z9OW~1)e5EpPvC1Tu(TehyX#ixuf9(yV1c4GmvYST`tjW((;7If?KHoeQ*jMr zhIbEM{%tPfFNTn zOhn1Y=QFRrhNN>9;4)Xa+gsMZO%s%Auj$jl^p%LXXhCrx_9={#aTJ zKTihc5ZSA&0cs*w!MM}& z-(knGy3$pd8!bk2z*NwOyHm_NT`0djVRzzpjoOd-YJDuFnq%;K*VpTQjrr$hrOrp# z3(nxoKhQ#AQ+awrM1vH2BS=ZO9534=Jstug>rA4vIw_A*keuU}iXKSM4%;a2QaCg! zPPkTt3w&eZIJNe-wdH>#{su)-3 zfWwM4`C02OdV2qMC;H_k6YnLBt=PZ9MJ$MqUT=T$J7GLZ$M39zGNB5mom zq)FO%bq)E;YAD&XkG28w>AdP3XU<@Dc{f=n6J*bRv6oAv8;}Z ztf!(|mUGIul(r7VU0J@UTXFw21X>JLNG;Zjk@8`4nj=Z?MbGgOH2bLnBTYNRf{7ma z zg~VdpwVv0gk#BQgEM3|^7tVM6hw4CM3`tm&HSajYZ)qjCL5h(HgY)+n?Q6wU-l+zDd91k$Ybk|1$-!XbK1y`Mkr{{voLDJc&X6ds#pIJe?j}ft}t`nzD=R zyHwiK>*{3(2Y$HQC3^aj_xNGCK#NFX*&$bEcp%Q+EA|--6%AL@pPc#175{L*4A$?G z#>9cx!`c>!>9=r(XQ$ak*xiC4p6lEDXz@yNFEmv@a-gsgt*RQEHnA(2cBk?0%;{_X6N?LGVZ>{cdj3oCX&z}Vg`hp`YhC=H!eNY zRz*E~eSP;c6|nC!qNXotjC{pn>*3%wT>Dd#689WZFM5%NTLS+=&q#g9$e4NxWpS{4 z48q4wduI7HRKWY~vKxTD4>R~BhkAB}#rA~((HdFey}_5TFsb_}s)X1PX1koYMj0np zJN(|s5qKYvWbiZTSqa9&l~U}GP6r|z!I-AU&+TMB5M_YHJwn!q5`{3GI#`fwQHuAz3r1llMLHKU+b$?j? z1LXCGAVH>ZOt6s;W^(rm)b7O3IRa~p8%HrK#iit0&x5#|GMz}c=N0im(kik$k*#f9 zlmw;()ST`K7bD&h;R&BX*bB3c*pKdGpJ;Ec7PHIpDZG9DP@oS;ERwzF4?htSA>haN zNBgGy7$Q~x8zt$$O_RcR>2<$X#^~62*0_IgrP0oSk3uY+RU_8+&iUhPkas!aGsN-- z#BeRg4Qy@|DJAn&lpmgD7T^oon2(n4-dK??_1-g?fgHb+vQ$6Rh(CS*^cefc4N6k2 zgIPHtVphC^vT zW&L%}IjmoyHnD&Ec+pqx_!Q!2w2I?BNMxIb`HQ4!1c(fh*Uq1ts*#5;k7(8N z6BV`(aNwMfeYzo4{);w@!NfPJNc`@XR=~7Dcz1Bz<&gxUO#8I?n+sOn`)52o9b1Yy z2aj@-mREfVqw6`|UKnIYD0|~Ap+RqsLZQ}HhAXTSB~dEt`97j2)#QG7FsZ9x6MlVK z7gcm;m3U)cAXTnjClTK&1^jtqqgiNgQzE;MUV^tl`*^N~7-;m%0g;+)+I7@Knc?{g zE(2BDf85J;m@PLQ2fByhHSPIya5sTJ6UtJu9!RV6tazJ%XcWE*kLKCX?PR+A-Rco9 zx!_)3O04ft1dG(ucU8UcBG8mc>2*v=*Bv74hwMEIg~eZC$)O>g3m|l|(HJ0yF44lc znk8%_Y=!wmv<;TL=0S`vD!}=2T8qZ>4Y|5~awR-*SWg{dh)>6+GR})|$EJ?;9&Z;}RpQIRl7||CMhE69{E)oM zM16Ncq~Y4?ioH>!U~bpTphE#@yY-c3*yemNUnk}C2J~5-wy(kI_qZ`Gh!pbi3iPY{ zowx0|Qo^J@-^MNil7e;AnWj^r1_=EK8;R#*;&ZrMmv>BCwl;+Cta{ABw-=<}L)>Tg z^l=HEhUyiqYQjpFDF6o4)OmCJamy<6DTek<^5)kEDt{~2xMp+B=XV?56L7W$dYacL zbA|aOj12j@ix2PZ{O$o4mvK>~8M$s$}b#sSmG#2y-@8ESI`}Oq|-glgveREgxFz zoP)Z-?{0ds|Uw43>-Zvcql~M&;3NNtw6d#M?tA0X=XS>lqLF0h227nIei}n@ph2QJ1^DHDj z-#_=N%r50<(#BJ?$%DSv0J z;A8W`NLn)GUqOGRWvUF->>|A^`J>VmJ`?1p%o5@!H$QdPt}D^;^CD zSXX&(6T^aY!9f{u{ zBvaiyShh6LqmQu`e9 z`5g9@;y%o7$36*)F#!1KEe|O(!hV~Tu!1HtK{L|wY&SVVG|mveDBoYI&g zODx=yh;+!qi|jA#XELF8*%#bH;}QVGW%*B-E;e<#L}SATCboMWL}EUa2;%eI-@QLp zYi|}A)853#0lR_~g-xFN6UVX)1z7cdzHae8_J7LNKaPLVg%G@z1dK4R$}Ogkq3b&0 zre2}eMy!;(62Td-Uv!_Y@M9&`^IhI$03hNYJJE^jvU{+CG$z=^q!_`Z5HA4P?;dCP zrIHPr>;CKBU~32S90+J8jBXRL_YR8rJm~z>)zp09DITGk--Crf$0skb20?J@gSg;f zr-$;J2Ix`YV?Qb5eLBeROtkP5nS8LFv?`M6Gw-<-h5e@M#C*b}bMlo0UmXwjYcJH_ zj6Z5u_5I)moHarDeH6j&CeBmZqEzH!o2vLkrMo+0eRzP zRyibU!+yuIj(zA!>p2r(K4#$H#)I!t@u0ri`T1}tXX{SydxRUf{0h?H85pguZJIy8 zP)L7w1?%0TieDNqknD9UMb`5Dkr!^Tgowp#2)<#?aB!Y{o3K56w&Ts^Pf!0gf9}P~ z9rAqRMPQBC;};SX!A?~PFp6`3 zqucV#ddW~Z2bB;k6l|THLk! zyc~NUCsw84$5LhX3c^y5Zr=T_j}*C3d!5l%uYF~kt^i$JpNk{gXBAHpJnc2yA89he z*iU}wk#ddsyWh^I!*NZZ=}RY>;98}mxP3~!El{^Q@^9~Vl9(xl$eVw(9b8mwmd-!( zV?JKCy2P|hv?2W80)zNvao;so-FNh|{Sy5x)0jBvKAu(XtysxA9`ex6u==kfq8Lae4y+&W6x;TAQdCMi{u1pnO$qFjz@Z#K-7+aU1V0fefSx}#^e5bt zNf40h+mdBq)ZY&(!n&*OVEo|7jI~G|r<1$Ch_B#@WO z%04~psgH{&k_r?f+JM9PxZUPW4j~D9!>sE_CYcnPga_f zds)!wi(Zb@XSH7CltEd$a^fv9(E!zTLWTDjkJ0x#mtAm*rKG;DP7l;Sn{4TF3Epr1 zMOhd3FzgC6_>egKUArKj+|J{z{z7~muuI{cAMqZfEr0WsW>JEF11t4nJAHiS^S(MlID?T}I|bx+#5&WKa#GrT{Sff|D`hfXiO0jif_h}nGnBz z-`2jab~G#oHT4IO4I)F9#%h&u1F zUjoK<`4_JhbTAx+z3sDR1Qd6N>I?Ef_-GeBdRQBHar9e;?Jxim^7ytM8{kw@A6}gn) zpI4Q#&Ew@oT;OMz!+7Lrtc^+b;TeRC5c67fC|n95bE-qDBag2wEB{L&Y7e~V%zDC> z?)m(foKbMic~_hh@0W88H0CqGSoUqQd3X(W9aX-cFwd-2-z0Kh>8Nqw)8Z)9E3I-U ze;(TjBwwd&xD#X>#f}Jc$P&4D<&v54H*{6zmkV}d$a~sHc$Nc%Qo#inbt=_-jJdh9 zH;ts>{eG)2urHQN z_-(Es_RJXL|t66^u!$-Y&WOq#i zU}W%R%YPh*?7AKAR#u&jbt{lJ?(==B&f@9@+Fjg&+DhN<=tH4-NS_CF<<eKg1;{Gb40s|T*T(2(QhgmP2w$M$wNxT+4K|$0)Bk^#=2g$zQh{ce< zl1n$;e*qFI@hFo^sVRxnu!KKiHB-sfk+%Jv$}hApH-~E0{Ik;Cx0%W`Ks5_aL@=Yr z0lIotV66FOl=>>1s`Djhj+4vW{A=}a$M4V70@kYQ+$C`EAy6iq8?d9NKF-~KVaAxJ z9V>oF&9y&O$#Zg&BC}viJ;wEGI)Vr&x`oDa+n%Hv_308Xo(`K5h<_zIfS|gsy6 z8WaX2ruk6S75!e@8zWr>UECvZIF`ONsog>unF3G;W_D*_Q!_*E0rqB&J*~f~y zk2gHG7c)pDxEsUiygWHzGYILM%)$Jc=DzjTCzd(*!$V|!r~x#tg|+6u(L#RQI%?rG zAcN4gcP(}DV&}oO^1bbAo)tY0?2Y^7=`?Pt>Ln{0mCaa2*N5{IzOD^scRuPziR0j9 zSC#Kng{7piUTJh?dwyN{U{Z#cJ|!|?Mwp_8*`!-*qad{x2DO%Z?q^?j z^>b$(MP^(%w?rTH+PbB28b!SaKx1~;{4Aa+{e3zQ(9-gVIn&kDf~8|{K}IjaEdow+ zpOez6AuZ`ZIIn6XD{?viGg>MrVG- zK>=L4>ohJoUze;np z`Ch6R{e_anb}+fYs=Y;pj6F>TH_`uigyjp{6OlH&RFL38sS%gbN~bReo{M#dgN3CJ z>1>Lf!J@MGUywBh1rk{4{bSySBN0Vp`_`ITgl zCSbjSv?nS_#(1`jf`Y0Z>JoOucx36bu4}yw^sz}6Qk#EK3{q>t`*2IcW~6K z0``-(TKR=CkM_N2sU7$?1=Ks^x1S{^}=@sm__P0$^>3%?wr->ts2R8@@r z5ex^m_E1NFmMozlxmBxWKGL`RN?QCHJ}_Zm(m3mn=%Kyo`e+y0erv>i;kk90n=lBO z^3M;uSafJu8M;?IOwSXWe67nFZUvQbh4=uam&h<{QAwIMly%)NtB<*dr>Ux-$9!_$ zDrf`ToplJ;tEBZf=WF!4zkCH8(Kigy3r}{DTZ$*?AvWPauni2sKht`nAmbhD{k&%w zDD7>L4<=?t-)@&UJR@xM;L+P`Tq2!Y|5+c5>zMq8K@PoPD&X|Xp`}3Gz00}=jh`++ z4<^79>}PT`gFY($B8op%Eo~bZ75Pl{;P&H8Pe70LekeUwBdUvdh`tx<_8AQMZQs6t zMtminP3Mqa(jwX{*xR44!-*LTI)7JB5dM}W*2wcIZ4m8ZYf>*|N|45?!ZK2isgivV zp7~Do?3PJ(F@YTqi^vdubblhXckz1rI(dj#?D4v7UV=C19}T-WP;6+_^5;h;V3`Ld zRxF~GBpZ?6-JI!{EI?|&WND&@U=d_8++sfIMXi2jE2-u$caRME@)=LgD)#`BQnuZ8 zky@|M04lw(>2tn4U*$1$r6KL3o=cf)h%We+A6lQnYW7kuheQ^Sk^#v?HRFH{b~4%e z08D%6wMw#`Og0iRXgkIjISfFQl#72lrFzAN6o!VEHdkI@=ZV#B9^U^A=>~a&>XMKc5(^E?TWp*y7MZ1mTH7O8iTzRG z7{oB(DB^8Q=IJHjn+m=TtL-@=o>*c*fF)0Gi!PZkUwC**!;rFodSS23AKsDw4pYHA z-_^vRX>NW;)ydw${m>1H&F*XY@}9UO{UORXx)!ziU0tzJ*&lz}&+I|wGS5S)|5N14 zd37}4BYI%cxzvlySG#jCZ%;m&d7>uGe95klq7ctX$1|f+0#hm~FyA|3?w#&touv9( zW`D8l9+BvXiz)i;dhO)CIK|HC5bc8k#-yi*v0w1LDW^Zjq;bcSNbJukw6Ri+=LDWCi0 z3n%EJqOQf@>ZnbaXWg-Rpw4b7>7k5&2k5_e(mO*P+Rx*VvFiPPj!});^1Um;X}30h zn)3N*(;P!jP(2`;S2x&adG?6!Hk>UuzTBJV*SdCBAL_LUz7&LJCOVPGn=AYz#fF-_ zk-8t&s(|<7$l~kBuOP7A1Uk)oX@WP)bIr9S0LIx75coYJ6Ad!*=6S&V6;mBtXJHxk zL@C$NqnABs_*%9UGY$RxJeqU-h3!p_@SmjPIit$-q#YJMgoMWVOqwfk4vc5(7uLQb z(PQg@l+k~<@Ch1xf9{6LT@e};n@gO4o6=uDXa@PgunMPR3sk;%yC~tMK~5>=@*xgi zkMG#E(4xq=f&Vn0P0fBr0HdDOh6u9P(P(mFqr>o3Nzez+LdZ;y(}vyzH1GFKi$ByJ?V&1;zj*ipvdt>4n$g@O z-6uZWx7_EC@N2Jh#5={2UHCLxuM8lRh6ztFZst*sf;;p)7ikzM8EGW2tH`pNfW z&YQ1G!BfYuEeR=F9sw86gSZ!nqf7;T!DqjB?JQK#OC0v7@qeH$XUs!RtDK=2NoHTb%XlV5GcB`S#N6e1BfN^8r2?SI{zYCU8*|3tKS?PqThQX zqUSol-pETIflB)O8qpJwm^$tv!Bs?D;pXKw6aSmjrrD!<)t=b>ezDu|k}tQtUvW?2 z(u_27e*IKM(HHG=o3M=JZ_|5j=^l03+fHH?+5Nw;f>(N=hy7kI;|>~Mey2id1?vifp9-FWm<9VN~+%@6?*` z)(nKH`;%7zH^#u%QO$V3|BGtNy`R9tcM*RX09Zp_zMjfqrbyrnxD3q9_E$o^!%+5N zlrQ^KF`ljxyA06Ix)Vjls4{i@jQO^OFwKa8F7eP66p)$W*$uX zNAG8R}#UBhyIPz4= z+x|W(<`kXB=P~Yjyx5fF)17`z&2>-<73xjLeL2a?d)FkNKW-C8@x?xuA63 z&r`n%b27T-kzzr-3eMbMQYL@O@&r&!1}9rD#-F?69*I<>jE|{aHxJk*{IX@*Q#)ms zZ5X)a*6^@Y3R^;`qYhGj4^&V!sATu+Y>Sk0_%k&x3BmI#XimBS8lQjYO}vEz-l>`L ztg;+gyq#1yc@OX?iy8Nhj%Db6-R0&&%iv3)-rSCFmu8JQd-sQy{T&H3>C;ahi@LyK(OZ(BV5sX z*V==-KSJseN;O$m%S_L~b;k7K8-b_DXb4x(fqa2MMP9b9MAq#^p7rYiYLL_wP6YW? z$8doLt_BmCJ@Bu`YYNO*N?C4yAsw0d@dqWcjhEh(vuxS5t`KH>G&3^Cf&-#8{wE=9 z-j3emYXv!Gj`%%otbFhs@?pMvA02^vl5io+(jAk~bvAnD&Lp|f14G>gf?#!tbXLSK zE4(9mn3Fi(qanz;jAxfGP!$ji6gzF@N-tn0<;9IibFK`=ua)F?;|(#QrGHk_o}J)(|>~}G3;6JNK*pTr~3!o;lZ36Zu|V>UX1jk z4=+Fr6eFYV;pqY^T0U)vUKMZ<&+ifpJ4rXD#Xwf9`AKH*x5HaPcF&{rIOl+v zZZuz-7@?wbf4?XW-d&{I;nk_7^ZIR(K^;1%Ccl1g5}D^%?>?;t4;bA}ZIyz^H4cBS z4LzL>x!|v2@}0E`2w!yBs*a%_IZz4q$_W;;vv*Z~Si^=-``4Laq)RH_{d|syB+pV} zSm@WMkco=hSHr=$tH+52?lB;5F;W|K%uxKkbsT*$D!}cAmi{5@nwg&x_O3y9tMYqA z46C_U*u&&3*H$te*sua}iu?T>{K_YTtVN#3`}eLxTRuiaoqOYTQJ?)MA)*>h;wUtR zJIZ$A)5|`e!wp)8sCw347w@ zDh-;4KyOf*<&F`V*+1{YpN);%@AS6~U*3e1K$K~GE%i@_b@c#)NA|dX^VicmG?0Q? zz0X&d;AgJvlleGbG=_S|rc(XLeav9zFiMwc%GJ2~*F;t0flJQsxw}s+cG)~y z|Fop6E8QLHPhnfF`p%@I^*u?>{rvpS3*J+&y1AHuQ9@-kDVxxI=hMC_^mBY}=yG37Z&&W>#~hs5zS(+taf?gP0P}pk&o7HXUcW;c7%%jc`P|B! za?*vK%;7`N*O<`!caNoR?ILuohBpgZ{B+Rv#)RWWmVMp`M~2h zv2p?3$cIyrKLJ&{zbQj&SaSHP#fc)jFx!KS3tx6Q$?Q?Ua2%flqDbr|Q^#v?bGsdG zGwdTYvvJwCx)9UBCF8ilU=nG4K;?6+pQtrW*8_jhBKhY%&S`p|k0>)8_XZgslet}O zpXZGxlUkc46(PQju=Gzc=VX+hd_S@A^R*me7+rezHa7rq_GZ8il@$Jn$=CD|^sRp36N9=3gXua1xBIQWwmE6t@8lNywS969w z8Ub@Aq|QW0|Ke~6ejf5`pP26=+4iva<`;uEF+tmnLn(IYmuxg64?V8}@%S=Q;s9zg*aoz2WKSeaVl^Anqge5QAE#g9$`6 zpmbhJ-s&nynp{vEqNb@3$u{A0GTS!+vt(B|T$c=t)P|XTOc4Kkc8;Y*E_2vEWVP|f zo4Ak2LgTp`415?TKPu8`K4mk(t;f+%A}1c%UWOP^5f0LtfY7ej+D4r>amsw!FKjw)2{9UKgvfW7_42T zf}|CNY-{`WANY6~{vEP|8Xzg4TCivwRfWJ5*%CFn)WV=p%i=iH7L(wf5ZlUtNz(TbKrCSgPS?j2Ketn+u z8-HVQeb2Ri;2#V+#IMVji?PZK#bds&9s?Z!bkdW=iXmY%a2FH}Q!`XQ^_%n~U;qHN zC|6ymNC2vF_Qb6BkO2Vcc$j72=5G5k`<`5s6`$cgh}GkD>Ewtu&gukfgddbQ`?u5P z(*3)AY-c&_J8r4)B^Hx?)Zr(2eUdJKt<0M^xfxpyaCxYWgIRmyIR#TtR?pL0wRy!g zk`u?(>8nopeXt{BVN3`9)Q5X>cIUtGwxG+Kw&B+&E@bPXciO67iQZ!-{RU^q5GNGz z)S7ah^2)4lQyL`skabHd?_jRJjG+-BeHlVFbGJTeNBZiGd?mBY&O}#xZ1)&nb12f# zi*u_R$p3deIw0g01JdthPSTA%1TnMoj~syX%Uz(Q&f1-RlbZWFC<81`E?Kge@#KF& zVIzDIYHkBtWaz8jPsa&2FL&J>GA)(`wA#;#@4=(kw7%D^EIwUcnJvcIYny)rsPJKp zND4?<;SQIMGsF{33b+C>`;_<)nG&f_<>9Z5!kC?Lnx10~g(v<6;|9A)3!PTFbG{i* zF@t>22X6K+Uat79ew3#${)y!68n9xH0@X~&;AnVW&{nhxHRWOfj9Kx#ufmik=Nl{| z@C$JIwZn<_Irr<`Q$x_2k~mU}b}B~*`aKzOfC>GK>h!|jj&86*KI;q-yHjE9+te!S z7xf68G&ze@`vjd(=rKY7tZ!>=v7q{nC0Wg>=as7x$Z63PB{y})`vud~>!GC%PLJ(b zJiVlSJx?9{4}Z4jekwYND1&rgiHUc1K3?-i#+I)>$)W=q-+%uVLhZN#tHHJ-LJA5n z^|9`#`cWf-2e1%KSLzncuF%G+$rvouaF_%bN?9_TF72&BON%)THn zSIpiU1`4izF!D}y?k28W&QL$R`P>+=WE>U0@KVWFI+ekB%T}+}#q+s7W{%Yza?*xa}QCmaV z>puI31bgl%#zJhl?za)mZ?AlKQfTH$6j|nNGMC|p?n@mj9!qwD^JyEjp#-VDM%|1S z>%(LoD|B}0{P5|(e zi6xe#3oAs$0ANW)S}jWAQtX4F(~747uQN?+Zc<;-kz7mnOTz%ce>=$Em<5O^CO=M~e)5=HgaS zgh?M^hz5`4;sp~8Xud1w4$a6V3rT%L66&tO+E2hS0b?^oqZkQIT2Ya#zEBiZjTIkb zgZAMBO#F|x`TIfNG7F}RYsekXll2>}zT!ixvYuD1Fihq|ykN@W`0)|@wpyI6FaBBA zI>qL6`U&~^z9PmAGEkJ$0IZX@g(5C1YS=^wvq#H#5$uBuP0|V7wV+m8U zr074lx_Kd)B4ixv2UWdEe&rR$^D}Quyz^ASbhplfZ_PdiEf|nEuxKiqK&! z0G!l;zQYvca6bLM({%+2hb{U7jzln?_WSCr_8&*5?)KBxD5R{a7$*e&u?qEfg>NQ4 zw|pI%zb@EQ2EirV2U+y^QvSyA-NDeJJ+%gx3Q@zA@Gj zPTHKMDl`d96Z9|rxdRFs@8JM^HLISb{^z~J%=MLRr)Kp4!PRj z0omW~?X6hfh*Hq<>bwd3w$BLDNRj2zynOpd=k+*nPl;5{K%nJ4FhcN$?OxEs!8zWv z{;hSrGO|WdFxACFw$gFzs}r0C?b0H3x~`}F0?e3XD%%VGPdQ06ey>7EFT#BCM@I+z znZ{rCKtuAAN7ApNI2MMp|Ko)VY=&+?KRH+P^AqQ=Lht-A6)>?8D`CcBs5S-MNQhia zLh#Lo^%Q~J2_0!q{>X0H!?1kwcGeY`I_z~O56mtFhwVMTVobUpu*^jWM=mf*Y%Z(e zYUyL;wm1mx_2WwYnv>ELXEXT~=mtJ|M}-*&2%(yFijEpV^0(8k-=~ttUA`+l({>iJgpB-Z zm4ic0BkDj1L!0Tfdze>ZJ}zHT`6ITP&{)Py0bl1#vIwEpZH#)@!lc zEblyBAW4QZaP>FQAhyfUd?5v_RD|?QLigd+g;;FWClpihL5sMiXp$hafRfn*1U>N- ztP#m4`liiKMD`@Mh^~A}RF50Ce{%GW5@6ky9iJp>mtO|`k&K|Qecn?YB*~2X?3euU zc+f60Ac5O%!@h1J0}wl2Ck@)&W0f2Qe0MYX8^C({51x``=!05vyVfH`Ou~a%-jMUJ z3y>REBP`r8hZ&N(zU0ZW2WiPKyplOmj$*NX_N&uskORWSTb>-{@OFcGpL=-8N~33c zEJOgCCDeG=J5>6Q6=)avF%Ch*i&&VmXAMs@F`(68W3!=%g=;+fg07yHQIoe9T zC$&b^0xm@+7l=oE7D9>-6!SV{Qmv$)EA$9;co>Otvw~b1=$OaSr3+t}UZ8~F)SjO6m8K@8!# zdk3IQ+vm(T?kH?PX$r>mjgjUm_3vMk_U8KWJ6(8`LkNa7q^gHa9i82-{=VYCDPE29 zehc4St_+8T{An+X-EYs$froq~vJXr`l@DDXo!*ii$}9$pnPkTk+HerK$A}gC1dGEL z%y?#Qn5K!-(c86OBwSljANMxvbTTd!)eOsIw$od8)N0S|Mj&w2{977n6=fkET_vZ1 zDPpz>tcs~-8Q~6*7R#F|-XILp9AA%Tscyy59rZuIH`on}A4C1_p$2{LiI#^iK;#m9 zOdOcJxuxq5m_58jCI&)Ykh*gDWFQBkiFklVU7PXXq7l~~0xW6R&u*Cl>@H{Xh@cvM4!AA9yt1X00AngDY

    v$N=pCa=dvkBF_0HaHgVKN9U2`&ip=Ph6w{$%(hn3UqG~s?) z;^48L=db54`4$%-po)So4t?CJ)+}z;zVH3SvZ>k<@ z-rSGqr8aep>YJ!3TX0-%;}#XjjZb!?-hWb#=I-0n=;vVehUzzSN9{So${NjOZ-4Z} zU|W&({{0KR^^$+*D8ia_<-79qQIx4o`|sKHvulzKm)DWbJ$uHge{zwq!|?VIzrb^D zj2b2oD-v{kFOOi^Hp6MvgqK;`Mj!I0({EH+>&wAwyYFZ z-eYjCS^FJPZ0R}sgK>WMq3iP+p1*ze^x!+j@>i$P!DsB~ryq-U_nON$4i3-o6&Q|t zqTegmH6B&K&J(sjosr*ZMWaJg|Jj^A)Zf20eu*xtP5)`z?`%`-V20Rmu%p5+7@?*-Et^hn{YJa#)XA@X}_~rn@g1i z_Ubk-?yZ^Kkrbg{ST@ud{0TSl6`Aeo+-`J^_1@OWKj!YsW-M=;yg2F3-p*3*_EEdm za?nL{3T)TAEkZjp&n-KwDUMVvy*@YD*<e$eo8A+M&zL$2%^~ zMApa-+@_1>i_3EZFRny+us}Kw9pCTWqvESi8uwzwP460heOtbcB&eQ>-mvJ2%sx<5 z?`8jt^+nOIl<}+;^yNeLZ_s7dcdX*z92fnvRPKzA*)n4aF8<)1AP5Zdc1%X{Zs^1)u^q^zg?Y68L z@%`uSt;PWZq4ZoJYqAoC8tu>nDAG7b?WJzCp!`_ND6J^%x>cpe3 zIlsI0O&OeL9XIgoiJ>m`3U%L)184<=l%+{emh8?c3id61gh^+8$+%xxy?HIS>-oR3 z;tsVUjtv2T;1j_Y|Zx z=rmyWuTHwV1xDwsBX1`C8e4j4R6*qQtBb0X(chNzQx9MkeeH2*ebSnxq_Gs+_2k5! zS>@SJ&bHk+f5_O+v=%3Y-P7+Le%-U=#*N<}U+7!wSp&wOrXLL4-QVEHw_2#8(9fBT zI}-&*@-RwHJK~tFKi+e-KlkNF%kucs<(c8vgSPd4(5t`ZMqXySU1!#Dk8roDylbi7 zM|}(G{RLAS;aMLosI~sGr@qQ-s7}--KU$1DkTob05%%E4_jpOzIzJ<>Tje;M9q&`4 zwvXDj{>OOlz7yj|jsN!jwjB1;?i~*^*xCTj8G39R@`_+0UBZ=~FW9+eh!s zNbSv*vh5@1CNi7yZ~dM-l(lJEeEOHS$9A;y^c}u;t0Qal&21;+B?Hq9>9-Ep@>dY^ zte36`GoN)S+}`_qub-9j`LZFml0wH%PWt#Vzr*L3Wlc`wy5F8q3)T77-c{!Y`{+lo z+uS`HwC=O}+8Y$>cM~#w{?|)4J{4%Ic3)iYxVwIGL3)KPnpVAccjqDMBlmZYX|t(( z)0`h8_D`AV+@d2HzJ8sK)(=zW`qqwJGh#qgHbCC1JOA74`Az&A&Q9q+{YT{+$qVId z-sk~Q+UiqTeLo#cue><@$gjCGH&v8w#1%e1S>|cg zOum^BzhtI&%%>GZuc{as%sTpf@qY4}Gm?$NP@6^^*gI-(;MSmWRpXzNDSL?p5Z_Kx@RiB!(LNuxz#T!{LTF%%0(x-4FA>n(w_2zLH|J1 zy~AVowd$u59iP(R13i6a>%KkqxyrAYn^77s@2}Z?DR`>)w5|TWsO6-UOGXR`$_8Y8 z%3b)b<(Zv%!S3Rj^T+E3jjL`qBe!eLh2Zs%4b}-3jBoL-uoP|g2>Fv4sBYV&;pKCQ zGva?sPIf5*P{4}Ar%Mj=bgJAEM3;~T+Xj1eNG>rx9{;w(W)OM zm(8CWj@*@2@k9M$kazoy*FA5y?R=*4MMdwDs`u&k&-4B^=v`F}_V0=BGH5?@F@8rv z5hia_Ou}Q_U%$H^M z~StPvt3%C<#u~n^2_bz&fB=`E|RtL8BK=2{A*P7 z!@7CJjR>bto<5N@{t)fTI{(meL*r`Yj(fw}6Kp4Bwt?g4AHwCvZWS1>?9@`DU*E6e zcxSiA1(taqot%-ox^Nq+>i)_C#)J-^I?tXK4^S%uhX}n!?DMDwf*V5{tINARaYy&%?4J@xQa!X zo~55UD2)#$pl&yn>{x=`lAzq4#;HBMbWWFnT?7>mUlaawI*So!cjOsIRI=Nzdx4>{aK7zTV!6 zq-lJ5>5iT2an*|sON_W^<;OnfR4ayWqBDD!ZQQf{{<53f_DuQNanByvv ze|8^!O!uqXp_`?R;vS48Y`1lK9-i}p+gj`|Kmn@320XR9WhYT@aP+PeT9nlk>|#~Ix@3u(uvHQI1} zSY{&qn;>!BmmxR$ENQc~c=nHxtr~P0GAS+cd(^%3$d0mlvRa$(FE9G_{SC9cdE?&O z^Yy2$?m2z4Ya`tu_r*8wpPuiVd&~2%=$-Os#i?evKABBU@h&n;%Bt=aCN^l<{f0Nb zZjR~hc%Zw*T<<{jHW?-&QTdmd;bu zt$zJd+2_3W$k&e_>g7y1spG#}Q@AfFH0k8~>%Y64H>D`=P7jS96z%t}MbCMuzkf%K z&T%($+xNaF*Mx4wbS2;K7yY%db|HUg)FXVhj@K666=&9N z-!in3(dX0ZtKpCR#$459yvvZUDBzA*6|WnyMekNV&${{z(jDz%c;3J7sm|P^`r^p% zU&~tH9mIF=gJ zfPbZFsOyIa<0`UO6)QR-X-CWIt#kf1#S{J~|K|=@w9*$|e#fZS9C9c%x^4Lx9wUunYs^V?P;xyw$qs=EGhP~uasO|9_XJuJ#BANN;z;qO-Z>g7W}FaP%!kI1Q! zShAhicht3>%C;3n# z)`U+yXuq$pjEf3Yw+p=aCCw}!`|IY|f1kdG4jCuq($*=JEsJjs?%6>%qNL}#v7zOM zLt|@gnKLT;Sz_hEpG0Dfe?r!>1h_`a4!k|H9FEn0d%9!ri{+id`J<{|UscAcy}z%; z%wt|lh-)y5jZ6MHoX$v6cvZ`n$tPCF7oO$iuQ*12uw_Tl`;7B9Crxhhvim<7yNTJ| zhoPFXZ#!OMkW5&sdywFIb$-{y{C~2h`&&S6w(t3AZ9h-dy_!1jLc(`A)eqW#roU^= zvaWE1v!icskAf>5sw8>hR>gln{omd&6LQ-BoL~!2JNW7aiyFRpRloS=z-PEuI)~&*-=(SH7S|NF4<7z30w4JD=`XpT!p#D+ahb3^>KD zC4ebItVm;I1=aia3VJhAe=#p{j^p0WlES~vU!HrkZHq5^B34q`n2T+19KQp}{H;*% z*qhgCN24~iz?D9BhEqNTzLVc$X88{tjP$+v_#a=y?#8YA%pceKZSsPIw-<;0W<9^O z%30a0_-2n0hZfc;T3Dm_%dEJ9NhxrT{Av+9R8|gC2RHPsbbEuF-AW3>Z}J$k+n-*? zUGVs3zP=XeTwebrd-!#u<=;NNObS+Bn~Swx>AE9WQg{8&4roKh-NLZ2WOkzi{ImCt zq^F!+kg~w{e{I}pfXsEjsDI0zg1~|Ci^IKOAr*Kl80>jHW?vt- zE`IpznQiAzpw<^4+`#Iu;|}{HKD80|_phIy?w_8UG|zT@GyD8vobl31GFo@C{*1OM%Ngx< znJ*?!uGcINXTQOET$;1acs8$nZ(K^s=%V?_BM+8NYto@RBQyTWdVYsZ@-2CdJK%Yv z4#$#e|CM%|^yN|UtSg72e)R$0x~}hMj{W@R{*JiHA>+QW4hCL4KDP*iwq5IWdMRmF zzmW%JpR3AWmMx9`ZrXWJuML7_bL+=-vkZnT{{qNZJzv;maIDpspBo*oZsw!Yf2BpM ztCk_j=&uhkr&|oY`YsRl_0O;GY#7IQ9RI5F`j(z8d+;s|xPK_R=ELM7sXtZkks-tL^tCM+SzgN>5C0_URxjr(w6X}!F9DsRP*k%ARNw$+*} zyVHZec%y|}+4XMrGq_i_l#*vAY)k+3b;HarxA)kSl-o!AdRp5_xp}$Sh%$&T)cLxp zhsJ$Z)NS{E@@{>`gY6>=>%1tc+o+A~)-Ba+L1i+)zScirKKEG+Q03vTD@ zrxy()j{mX${oXyJA0D6jfja3~iu3mFZ}00mA57(*ncq9uI6m=dy_8{Z9go^)9+qwp z%K0g&v;J(kN$EWAvY~jzZ)U(G^YV0zd-z?T-^sUph*0fse6Gtje&DmkkO^1X_?ukLs z_Zc}ehZh*wx&2v<42{-7#NTIE^UiCA6@fk4+AY(P(D3%Gc+_e}(&fLpEzc&=1aYX6 z0TNcy>IJM-^u6^?Hn?ot-2hec&6+VUiW07yCUf83%}$|WTeoOBai8or7>F&CX1se^ znnOJ`2cM9i_oaAd>$5vLtlxBPf3y3wmG%2Htn4k@n0=vUw@ul`t&^vHArFfyuG^u0 z>bIJt>8ZLy8S5w2-ahrqBMog{!qSbkuQY2{as<`0q*1-nH%m!=q#7~)!*p5XT+1Tm zDoWi=s{GY^>&{@-4A&==jIkf#l_@6I>-Ib{YWbk(>Xf0)Kb=~-avbeP!tY+$rp!(L zXBQq-R3yT}%Xxlz&C5@bzxLHwr~exZ&<@q~w6N1&dab=sD8F+dGfaef`^|}|>RfJ| zXLsp`jhP1y%Q`;wBS)VZSsV);coECq+ z(dvsuMMdLBPm54f6CSZ@GbT1ChuS2M*q9@u#V2gZPN0z!hGkPeOtSPkxf6DXKHi$G z{itb{c1ySkbvqQy&e*>0+p!us*Xgs`Z0fGqF>2)07Gf{=NAsFE&M;lt^GgX|A5QP` zaqc3F**5>80JSC=wDf7~T3b zA~EX3$Bo`P2RA!Dv2w;n^kcmH-XTp-T9X$?*5{1adX+AV&mnIuq)(i0D$OQeU3@1B<%m8Vxc1;yyB4X5 zV|K(R2IJ$%G*6RTQ#OwI+2ck$bz}3^j6T~EN^Tan*G&#?Vx<>P<7ZTE*X-fcjel`T zHOsN~H6<&@*XS#y6YG0%HJ=OV9IPhud5_i8hW`GsYi9e$@sqMX9se?b*31c;ri|Xg zJ~zRy8r{fyLNkJ9sNGV3_1B^|9A^gVn|;&x-BW`{Fs5_aZ;HMPzSll|@>BfiVLx~m z%Zh<8_e{faKVcWc<=$?tcNnJ5_inud-?e#t;|h9>QN4yu>EEE&mxt?W;ZN1-`Ia*D zT|w=3O;faxSWFzg&vpIW#0e+kUtLb`S9e%?bM17jH1q3aR;}$w zSa|zG#k<36;>Z4IHTHFl+AY;vnJ50j-R%C?kq3$ATp(v9B=l;|+*(cRgSwHB*f6tx(v=18f@$eDwyOK2 zWXnpMG#sCtaHn~ftF=%k+bdX|8r~*%$`GuMx85sRtV(OrE$gFp&9J$*_d2)yoG?Po zS%-h!rQ5crar(8MM4NTfcv|oLU-8x2AI&AS;)H^{FN=m6Sk#h*`O7E2ChmeMi1z{wt#kelt-|4ez>2t8{-rxI@ct#ui#y7(JToH9jUk=n{ocg(%? zAMcpyAL>oL zO+H|px3RM`*L1z!A;r_&h%acm_3N>xq>>w=N4V|}h~QqI$~W*s5K7;vIeXv!x)YDm z+8pVq-yqeOcl|YsRWGYkzN}Y?3-$Wd+Pa7r5p8|*N5f4;C4ytkTWxjIWgnKfi}Fi5 zULH*I$Gw|!>0xL6yxwWeF3U3dXEmTSOvYy(|0d?vjpJ_JK<`wdsaV;g<3Ls7>KSXs z?R;6Vr+9bz#B%+n@mpun3oTaz`u^99{f9bc8aG{x)U0v21SNSe>2r2LXVtMmkBl{* zHmPn`x0*5}U)^TNvr9v-%|1YGkIg!9e6jwjZbq}!<;~?=_4x8(XP1v(bZ_#rdKc?| z%XmKE+Y~c;=d)(jiT)a8tA~E>_>hU(`?=?|vYZL}`Wxd1uJ3b$QtNY^s-R%UIKunn z79MS_i8K0LY5tB&k`To^hcrFXQD+{Gtf%Ai&Tp^Fe!x9REIkvg*&xyj?(yk@e$$^6 z)G7MbY{xOxzW`tzIY-;)(7V@sag9}easbgmq@qI4u{+Uik=Q+F#u&ognXn&iTR&^r zry4N#%@)#{POQT^`l)`Mq!QKiX=`}RaieyQnOJqQy{f_HA!Uh2JLeqz4gSMdZ1#lL z;N$JZRCMb8HVJ+kO_@_Y7eG=I>LQ1X*PdQJxUfn!Gb2BLVzc6fbLJsHl(CiPd?Svr zAq-d=P!k%Y2_QeR;SZQ*(!^n7AZaw*^Q%{AG_K*}_`)JhpUn7rC%WgKX%10bQ`EJI z_$lX0&xP;q-C(}?sa*%*qRt--!oi1ndf>Q+By?|H00)t9cFDG!8Vw>1kY&Tn8c~#X ztIG_;hF7g?rB8_tJLFi{N*}kBoVnsVxZ^i*--&tkneh*ACfXa}Kb`P$o}9_OI{eY8 zIVq}=iMuAh?tfF>iom>Mcw1K}T?k=1e2>WmN0*S(hz+<6ctZR$9D zxM!>Q{o~Vh2R^JIu1jgHr!DmcT6~-IVO9TJh*m1UUTS_TrPIF4e`T#Wjtcjdtlb&< z;!5vSeDn2&?AjhAGeTIB8d?CCY;b*|#?Wcxim@U?%HXLJ3TM7s!<@60yCAuJC;qYl zdp^Fn%Dl3U+Y^GN%e@@yIJtqDo@-z(?#N;U*WHcc^WfHUiqgKW1%E!4m7kD-xW;pn zxRvY2LSjB=pZh*%lVqI%cKQ~HjLaHurZ>;)KU{H9T(SoOD+Re^NL@?M^j|;Fo(D%S zUQm|o`TqI!)uI&5Zr1mE2mEIB;n<$eab>Hh^)@NCEzUZ&_#4D%N#N)&fa7}U`bMnX zKDcy1kTW$1G27h!!}0muOEMPL3ycHvzPk%}d-GcNRg^-cWPE*l&*JT~>jx*+s$1t- zpNg&304w1_sdpVr=b3gDM{&f@O^p!bv|m?pIEgbq8ywYHJ9g|C{;QWbv)p(4rj>vI zsVYwE%OKDnv0%a)`VF{5$)wNcS~l3fCcXlDc2eC&wzYeLFK-l#t#(bkc5lCz3c+EI zw#g&1bNebQ1LR@;Cufqt@6Oq6y~;V2)hWsU^c<2C=M$#wZm$~z5hr_Y_Zg!(A0V(w zvR+x+{`%}T{WTM+tDj${N_W1i*P`j=62a%2J8C%RbRY;u9U0%h1K#nr`pYW_uFfn- zNdb>C_wE6|ePBk{>dNcfsqMaZyn7^l^rd?C%7MPe8CC0>^`4gb?A#)$WF2SSlKNFQ z^QqtK#ZBG1gqeA2PM00LS_g|p9~lpcQk8KED&c1bv9&(2WMh8%miUn_lhDem*FWk}W{`uS!Ua$*aT z{^fWjH_GbtfmN%jS4qYs%CEQgp(4yt{wuVuv~LwZQA z++IN4CIFtV#0{v6K2O~ji(-`02j%&38bm&k*C+;lhfz{Dno){tA{gsfr|6k%-XMT9 z#+}Wgs*1rkpyv~Kcec#w=YyzkM^eMau1uexrz|`#S^*fjP+B#(jR6@4K6N$&kg=Wz zODVE6Z^KpZ)n=*^`70%Om>1M&yzyR1cvL}bvb_SURbMI;IUq;B>!88Lg40SnJhN3}IoIa?|n6i&>^K$7Mx>^^yRdqHZu#Y%lv#F-3Els8hD~ zVOqp4C{BfzXlzClIrVFb6e|TSy8fm?R=VQ8|2ah3E-Yc=G=Zmvb_m@Yk`r*HC(0wQ z@VYA&deuGwxjm)m23dF*@Ye;KbBCjl^VjxC@FTcKrye5b7Y1<4vWoEos?k?^|Ecs= zs^=%*F|6~^=Jxqe7X5Ie1&zO+NWL*_7ByOlM=X00!j(jHBBO_&b>BwTnCELDc=?Cl z+>C(GnZHHu!CEeI%~2J44Rczks$@^_pieOph;+!=dZJM@!fcZqK@QE9Txi`vJ2k&T zbJVD1X|1BIcyxxm0>f7$L}SskWKzS^tOs{1lxpaPOd9WfBYQ>~P&ya}rl+cT$`GaI zIWE!;Y23{<1G!JcjRo7GT-@iyQhU!sgPE~9F?!={PP>0_Vl^i>w^mp-54aH=z$!#3 z^X0bb9!KDDD*Of2H|;N>kh}X>#T|-+%;57`fhJ1{eo%XZ z;b>%k(<_qoZ|LXA+e!?)26c&`k}%p(N~AK+1m$y7k@+uJvz1R>WtBgTpJGPgSIvwF zP#eXRl?-a3qTHM3gZn>y`vAbAbmQnmYghO!x>7>oRi6VI7;S7=6jFluP`OyK1$FSs zt{t+_dFI$9KHNTZJO8z7RF#CkZRH><=^iF>4QBHG6F$jJDN{+_d?p3!4LxHj<#>5^ zcv*=5^&#T6McxVc^XTzzEhrLJ2YPf(P{Z$JZ~m$zY`Z-qG5|*xYLH4%cF}p{he7gm z8(KizYY;j4y3_o8w>``-;lA3iZ!CG#=sKv^Umqz$n`kzis`wz};1zU4@GuL+xUJp# zcOTov8~p1J3A_PxG3fLcfz?AtN$eFxA zYUTso1qc64N@jFDi9poR-}oDvQNn+8JyD42nJWIIDF&-3KMyMqtUR-&j7g9HtfLlea@Eln7xI)&4U)XlaTTt?S`?bX_oMSiXtUV zoKLx5ti8q`)sstN*4Zx>3E#i(A|d1W!LX7zy!XAO83Uz;|C4 z9doVT;(bf9S#|tkRteh}WKNq&BLlLSqp`u!+= z{14m*8DUoEES3JzefX`NR@LNQLbA2t+63--D<u3P#tS((=jRSOhMzcrsdMpjl_Ax7!^bZWo<(Nm}if0u2=I_=nHn z)_EM(9^RrH0q2OQ>V3j1@kbFe_Ck7_T;Mva00HDX_Im08trI1JUrzsUibZK@G|6u7 z&!L?`)vgcuUuA3!=11{&IOA1|OQk(NsAs$Zyv!n^O%@l-r!)V}mxmZ`$21)5nO}2= zoTv~x+3wNVIC5b(I>ao*K2Z$#+E6-;F$_q#zZB=ggkezCdz^9-j1g<1f~jEK>{t~bqd8h%TbbVi->;*f z$IvGCf?$BexYB&H?I+VQ(XB%|N&+wwd;+H5ZrA|yy)!D~CIMhHQq^yP#rX;h@@;Cpv5jtU@!67J>FL15 ztCD$Lp4BSEFdE6dCFTXX>evtJIVymWS_GQpJ;0Bwwy->kSk&};Y4s)sjOEEh^-J=< z9$;jg03@+rWKNRf zyZ>7Q)nwl$Zb*(Ni%q)V<8Isio27Gcxhw-HqjR7W4>Fjs##u<=<~Wam?#H4x{ZYh~ zz5+R$%84F3C%RnJX_E}x>st!`C|VZ%nK}mpBhS7+Mqn6bh3Dvb@k1zsG`MwoOD=Ec zYju;y_p?W`swHbRM?v8E=~fb~^YJ*djegvs<#Vy$m14RJ)eQ0#!p(=v)wlxyMe}uW zwCXuneA!RF3EB2pSFsPe%_9J;uruSj$Vy6&lim25E$d}}T>Bh*iqGMOW?1k|fsF$^ z>{yFAJ=evtG6@0ut{dTGEMd`+=9^?Ay|Tb`P)~=Y5LKlr?D2ki%G@(Us`DVld=nB~ z3M8WQ6hS@+v}!W_WPxpxiUQECnBoRKicIOLT43++L{mmoQ8jwuV|aZWLhvISqs1&B z(O;hWV+!3oOVUIc1w>EClfR)$T5-#O#^7&v<|g-y@|7tO zJE@M*@i_E=5ZlzvF6|cq3u@ZSd*mlrm+21UbRR#pL+m0qgi2u`*f~pafcdY-3IYSs zz4?U@JkI<&o6Pw2^q9w4EnLSPX}+mF;xJ;$i5B_&r-S(ZJP&+eu9$A5h(R)?bl@wV z^#k``x4=o$J))Cw=rPnVn2Zi-aMJU7@9#$7q^XwU40)g0#lSvY?fsp09QS*6Tp%4O zhM#2V!S(7g%Ft~+e>+llFt@5xWG75 za&CFD{M~7}Cb$YAW|;cb;OHIzxFnXj*ZXR*hn{HS=%gkdlV(F;oM8X`{q5(5 z=);Y1)%DS0OvUqJjzW_f)O|{Tvx9=2BpGZ1s(Ff0o687?9EMf|NbIUzSDvOxc$Rm( z+{%L4b^f+C2B35jApBHnZGYxFOxFom4bV@v1hnKoNfY?Nr-3TVf*UJ=-4yH|sU#tS zU=s)~REHC%lU3ZqQlj{K7cTAf_nlU`p&sBt9jM!Ynq3vt)k~nnA!mO||8b)$OX9QJ z>JQnak)J)FW-I`x9#<#KxG@$}_$Hfn&A=Hxvv}#UppOPpYF!ttjjaYUHpZVso6S*FWxxW9b+l*Xj5OQee&cS7w$sj3IPl?_tO`3{8Fw^uqRAs-T1~P>Nxk zs*}1D$kuaZ{Nl1iP|1)_nsK+1QTlbg;wB(EizMOKs~ezh#Lm2Jw?ZiQ;9pjC;O2z+ z!0-ok*#2^V0$2@z)K<$6xV~}$m~B)^@Nstn`=wXV2-xnIzyQ*Aqnp4NFiJXPfz`yt zNvJ8s(7hS= zh_N3omhdoExd><$CZ83u8+$TVZuD`eU%%ECIC4CN%V>r{Amf{?Gz$iaJYERl+*=N( z={hxHda--T1)%5|#-l0MDvoDvYniUG$QD5iIo$zo9%O9r4f*ML;P&f?ylGdx#azB-5-|v`c=2 znb_>jGYkuy?)cTT6+6lP!1r+dXZ(FNT8z%@VdXty^iX^2yag3E!S$DJs?RapbpF)BYp$*so;@!2gTeFmVz>=IFb}9_b$mL%K1lM@J2+7Ok>I~yX42)`y%DOo)|%Sq!>sF z9o7Z>Yru2I^app=vP2xxG4y=%)tTLw*QeD4oCVmF1KUZC|V*mtyQ$fClE-ru7-?PLlVE&3Rz;?VH& z?)X9sv8IEd z$X!4V3OyhsCN*CuAgreR`{pKnlodId5njVCGnRQHP@nt3gWsf(>$XH$jSmZ=e4j)@ z(NtVoKR9ICr2(KO>;D>T`3miXAVQ{)iW7?nlRe(xqt%n9Psc`?JepGvQlgbcpLg z!927x*EFJv_OLDaV^pT*dFdIV9JiQ(N9JI=-?~LNTr6jnR=1JZe>^oBdy}sa5}9Z_ z{1r&2SKJdThtFpAia>Gf)Y^@++Kv{{+Q=UeYe*w;HA92R5lG=&KP1EegUmpS zVxRA0?+RZxe1XVYKsz~NVO_HT&t05$YWZ0q`4ZPpcQXnSV~Zr!a8e?H&&Q&gPTpHS9CN`Zz@@Myo$o`4;bNk-L*g z^FzkjFKp^evm+1EiRf99*IWFSa-RT`REEOHgorgMeHNQ+pgI|?!~V~ zLj@imr2jmh*J-M-iqee#V1di2bvi<4p~DLZiv_X5O`DOP2($03j(w?Dh1~pbG^|b+ z@s>#2P!IKerLTBne`>r4`fGhGNtrCze{vz*e5OesU)<9x=Vcz{$H`|N<%T>)_xqDL z;O5un-#t0hm(#${ zUw-*0NLlU%+2k~k$Ed&+$aBL|UMgEE9#CyaKow&xk-87fXMmtG||k#HD5Wd#_2>tfs#yaggg}j5*MSq%2?+a!tUTA8gmqfC-4{4K9EQ4%8|lw zNTFfvPy&?CUq1y+&&`SVoIjOw6kigxL&!7~;>o0x^gcUgRr{U%H3NE2JdP_N>mLs* zIwSG&jaXdn!0QT36y3&6&3nFUO00gi2@?8K5IPi)uPvY5+B+;6LO|7{j=Grv%U8&V zglBWI*b>2sDej|8YNp~L3p7A(l<6@|ifA;%+oTa;Vi913!0XQQP@*6cpOE|Zvjal5 zP!_qOJgZ5?hRDW_7uX*pXCL|?M0*kQ74ZcdV^Gm7*RaDlVM|j5^zUXj7PJ8sKn##I zpZ)w;G&CF19gtX+mHs%6tG2)}PefD3lXkb;M1df&f{*({OcKWsq9pK-57K^!mPo6R zZdr|8b@12tfzpMXSitCwEfUQJnZ|4GZ)ebb-iQmH-2^`v#*Vo0Qtj@6W#5@PIny&Z zHNr61M3Rgxr~VMhLo1;R40N#IyAH9!%?XPKK}MRN{M5y(d^3)0PD9_4-?tY_o2`hv z!rok8i={-wxiCodlw?Uq@6(|eoZbV6S=lbhG9V5h;F zkytYQ#3hB}1M?kc#zu>T&FMt#w(M0 zTLM2VU5BGGm)lBhrGofEq>` z=TH28y21TpGly=SeVR)f;q81=`L5kRH;UVIKcm#zQFt67#N+Z4WZsIl@Ua8)J9S5d z?)rbsiW&I%c@?jRnEGy_GXM|g$H&uub2zRn4OU6O2SsSV-W< zNO&$w3vU+p?a!qNg13)XQw0}$K4>I?#;O|)b8BA*l}mAQ#sq&390d!liE84GgB!ko z^~?OPS5v@r^=Y;FIt1gWB`AY7BC(zHBn@ocH_KY`L4tE)dDq;wR3{8lks+wPOy9t2 z;&)lATN3c?qE-`T#g*oJP@)ihSDtaEnG<+rEA>$D^5#RXuB~3`#kF8xfwj+h^ROia4PZ4CY z#?tnw?J#|zE?1P15ekl8#U<$almc^aH2WT+A?s++)X;%f%^p$Z%_Z#r@~akCZkz$0 zb1yVUlNgFVb~H|aIR804AF>m4DQSNitJ~rA?Tvf<(aOx;_7+`nJYP_=*mRXkT)7%! zqgTSLr_VK?_v;;!F9913nNl@6VZeXda@ASeJKXr{MOxKyCJ#jTVRPhNqjmT5L~`+Z z8=_06f@KEm%h#b0^+{*BKlh1Wdrr)sZQ^bF80n#)_OW*r7M|U+iern7l(CMBKtp9 zw#IAt9Bmfs@h;8EXl_Gs52 z5wcJcE^}1W;NQIwp`o-1OQO>k05EdXK`1WK)x^nPFIh=S~U3p9$n^EOk zQpd?$3=_tky)@mWktjX(n{l>I_IU!KPBE{{%fCZ4=KI4n*Bp-%nG13tqP(e(wtv;H z?^ORKYe{M_I`3Uiqp;koL*)E4<3h(ixo8tN|4H0LZ2o#>oelK2YPg!#yd-r~c!@fT ztJVen-;5531El34b&1x9`d?`GcY~iJCLs%~PnZkVg(>U@f?d3(6={Bz$NjP^m0x%6 zgyp~##|Vp;XX+R(%;|Kiv{6R53aLNd7g%IVrpq}RH_D>m%d@q;J;i{NbFlqFo?Rt6 zH)kNhNZ7B@P|{g9#aws)be(H3KJWZ@53o}IDT3xJE1@77c`0L*3P`BM#Jin}mMcvg zp}B+`CceO@*B(K&@rmo^SEfm>30Yd)Aszam;MM%y+Q75hyJ4@Ho5ma8F_CKJubP|S zAbHP#M-$yte|sxeZRBcUpQ7{`^;n0wD{sCbT_=<5EGnu2)$olPg%Tb>kCSOA(bY2v zpqg>Dc@BFoq@Od6)dl;TH;LsBHC6=m2TSc!jfy#3HcJgw);c^xm9ceffFj_6?3E?F z+4nL+hgz0Sb|73noVSC-KzL5qxd2qlN*b~2wm!E_? ze;^2DRU6Cn-$Wm=8bLAC7E`R})T*A!U`|={KnLl;*^QR{> zKDy+r*BW_$3{v`bBT2ukBLUtSJ5{d$af^IBfT7=Kn0#gor5mi8;9 z3;yEr9um-uo=|>&R3nTwVt*1FbKQa#tE9AD@IGuu!p9C@^rq^{WW{wqUYEHx zZ;cz|xjh25bt>Kzk}sraWZKx5YCMhOOHh3Jiicd}NG=2i*W@iF`^A+~nrLp$Hu<#8 zh5c^#^~XYn=xMiS0> z>1AGO<{HjQpjxFENC)veuFYLYIjdGGnD#rW!H zZt95Llr0s9K3)%kj_8ldK?=6!rX4h$!p=JD*ZoLmMd#4_4wl~=*V3`xu%x0r?767b z88Jp%<(TyXY{^bYj-P|#6QXCRDnTLX9JHs+`>%_6rYUCw3oFX2m1dR}8MhjOrKDkh z%_~<9I^voAUU~x{4%6J@lf$!0iGYb$zYhe5(+72Qu3n$UH*26;LKs2Mr~lB2G6w8e zpVytKLkD6X0#!^8St5dk9P+*BIAfAM3hEAJ z<2T&ZQBkLDgGB{{T)xYr7mPd=-&XE=Y>M)p(E9+FrN6Q1DN^Gv&H4NoQTSbn^0`Qn z1wd~$Kgb;{fALl{9Da2jDqN-;K&Oejq3YaDd4=OCYk(C+B=LfdE*aO8iC$YqZ!R+@4*a$Ij+Mi!DF|Pz!#2p7g}{eH>9fhkbYg)oS_ zC^TPR`F?cjwfIQ@r6 zc(g`ac`q=)ct*^N>7)7w<%od=VPF8D^gr{;?0EqMpURynZtvin51Agh?#~e2h zh^VUlgvNxQnK0nQbQIKPoYVk6I|3-+|56baaG>dG!oa_AwN7)!0v28G;s$AjZMy*c za`41d!PNQb&i{}EQd7mii=EDYrKU{3c6i@a?O6QV)$Jm?={kog z;;U#pPEep4WVS}ih<&I78ZRGuiUFbRAMb-P+PMN}pq-E92|#+ zh5%&=0kCtqPqg5`O-2#>)Xm9H?B9^iK;dz~V|nle+^{CV4$J8NyiK`HYLXcv`D*@Q z_+8%gmd-m?>whFI6r6_Mo*(aQXgo!(7OLkM0|!oi=ff7o)xqiT)`AV+8>p5$}U6a1Ltuce+$6Yhd57tU0$jY=)(9l>>1$7CJ zO%Bo{z#VMlXccQd2Ee8T5ON7v_E3rgKTf8!pZ-*h4NI&;B2X5UK){R1I>dl}BA!Q2 zpjhuy;cTP_PdI!LREb)4NO}wU;-4~?2MH=nIIn=YYVYjO4#NnvRHYR%lh6n#(7cnW zr(OU^VRJK2AZxHZ;KM8~PIkF^y<|<1@Q{(=`WNMf#dGparqQQ2dc|Frl`$-l<)e+U zGGQOWFKF+6QmdNDdS}F?6X0l;0D2cxsA;e+V@wZO0xU!iML;s25f@U-z{l|~GmZet z2czS*nQi%jK7;HK07$!~gN`$zn&}pYJxm z^J2Mplr$5#H{_WWkne_m`5dm>Sdfz6CKDLL7Im1?vMdE84aOfB6(KhYgl>F9v_j8l zgm_~|>BU{FeF1AYj>pq{3qAmpegsSy@o9~kf&%x8(pC1E6UN++q}DZbi4ac!8oqx0 z8Z;%~CYSPY1NV!%*z1Me1vrW0!A%%8@TlYt*(mcf{{c$EpHUBnRsd7i11L7_mr>?? zXy4=Q!vw3pt%SEdrfcq=+=ik*p0QkNU9*uSLmi4DtRmw)8hpcqWB+?UjgmThA zze$DYqd5x}@H=zEO8EvH5T-ZRuYuU}qW^<8m;1v(BID$Fwj0?Djam=&fH*qh9FQ&y zmwB|NVAx1o`xKSGVFWQ!PEUW?D1c$JA~fGz-2?P&boub_L+5?ow=9;SBBXzT*yWeP z`j7YWnx&vAJC@?&SR>FGE57#g6BfR^kx1tJD3N-+Gn}GxZYfNX**tue2Zw0rITFs? zK*~Wmir=bOvIP{eOY^P4{)hAW3XX9v9JtWPy`$Bk?;vAUrW3)rLx+M2&uF$!c+mu+ zW0{G=!`kKU_Y-O+gT=XaZ0QPDG{P7RcUatMG#tCQS*H#0)W#t|N2=C|yY?sxB13Q$ zo#>*l5!YjHOe(GvLJuPgBW5U>Qk|hvm^E zDFUha1_xiL1EQf#smwA~#;i?K9q!&8`wK|&tRre|yaD4}&V<%CFFnr!8!+{76gL;I?(zU5OIeay~(^IHS6y{ z?szD}0ViJlA}gUt&=mI|s>Uw=FCxoZnKHsz`PoZ4*7+bnB{PZ@I|{J^QN(?q-VjSJ z4abo*LRGz>ic?YW@Asq@X`dja?}BTlLEU5Fr8#AQhA$@yyNCG2KWq^tWU{ap1YzkR zgobgvXHW=-)*%Pd8OJS<@byO#B4g6>E};Ka0l7DzOPgTeapEeC)m2Cx3Io#A+=%|B z*oLU{s%`3c+sCM?Tab-1=1_UZb%Bf5-T*!-0j8la1x1l&< zHI(&J`OOaIbXibcyko!9ccxG~i0@^?FkTx>$l zN3wHq`cX$uRG*onjB=_BgmcT02f6pwQ9jUX@O|BBdmBS!^_wU%wobxZc=y*sz0%9q z(7iYCIL1^LEZ>l|c3v=RI(>xDU5YXY8b{yrz46rxA@!+XWqGML|nVcCJdd-H*%0Qj59|i8Y{et+IQV5L5ao%Vxkknoy4EO@&Vw;*uYxwB#p)YaR<~< z5ZNngxMB?rXKTyV*+)mm4ms>{1u&E0~lbhI!cGQS>hnX7cx!h`$K-EZgEc7 zhyy_E%CTctMa-k?0`<~&-E&b&jH?9rh_6c8eRcpPyPnonuKQ|JE0loh;Pu)(ABfcV z`_6!w;UDcBP=&&oh`@y_VH{LSyFdr+gBFPPsy?=6qc5hE@qdkBS}X=K^#;|@r!5Q; z9*H0YR*j(K+}tqapRq*lg2;IYVWpoAaSe5r7B(i<_2qfN@78agM7jW^2&%wWAKauD z;ath`^5(zyPs)#x8r}Klq*Aa!zovZ~YKe~Dv7xze4W1gsu~L-WAuZLL6q z9rfVVOrpjeI9S}U9*hgw3W{-L0BMh{@MqBQpa=MP7C}1gaAb^$=H04HqCn*A?B!0$zUnkZE=S{hRpleCo-ZbhEXCQY2gjHzWl6Js;l91 zu=?IgZyfXkFyT5mJF}I#dFxIr@bItB@jBnJZ~j5Nd;@m(8OcBcF=#yjR{k!2>jTWJ zV?>i3;88Go{boXn{1pW@6pALT2I(tC0aXBu9>77U-Q@`UI|r}L@kYQc=D+&g7B6V^ zl#0EJ)4~bZXD~+bpv3-ExcsX^c)J&nWayKGNC30YFfhSS0_Qo<-8_nBlHmioDxIK5 zMqqYyG(tw-GvEmh$cL3W%rzTzTwGnAb9u*_8J+{ZkqQv&2$y{UIuC!r2uf=_CLDTm zqSFv-=CXRjFD_hjt1P)Kq`sp>r*C7^3mNFl8*P7bC7CLi4Sg1InCb%aw+Qy97p|D* z4}Iyvs-g6-+kb~|yv`7^VV0Jbj_20lW4L`5nL>>8$|JH{=^$MI?F=~N`#Qjeg|Ywi zcmoCK7210NO=L;f+Bx$M_OnF$IVYNs81I2Gt0^()A$cEUDSWD0z;=u}VR-KZXi~jpy&8vcp?mzGXIX_-VK7>ia;|Zwe3fl;WWZfvpOn|W_ zOnKzds0a{K(5eBqeWO2#CQ2rj3n@&Xzz>8{T)M!Itbe-o8FX(10-5|=N*2XCN%y-9 z+mU42fzYS*ch`DWNd^?d3_&)w!Xp39naP3ym&`<&DYvo^7yB1b`bW_o@64Hm(%N)z z0K54R9zSz6SnnFUUtj%xW0L=~s1w97AF`iert;BI)C6O%`0j6;T zPYNQ7+BH$wzCPcP@v91=rb=Z}rHB5;>Ze}5J7h5$1piIb+M5J={sLPp98;QOKC_r+ z*+ifE;PDUtQs8mI%MHI&&)wIKO$HMiAW{$HTD?H)CDd>NbU;bQhJ-^PhuI^*m#2~O zZ&aisbIyL?UZRq(@rtO~QGp9u!2t$VW7q#^Gfjn(6(R?GC0*7)RVUmK!I5th^eV%t z5|~bao@u1UCLbpcl3@$=A)1swk5$|^N5XUGA>1k;yJUTm%75mG>ehEGx(OpkNk3$6 zC8CFRAz2r8ARC~>zigkFI)lSV5u=2y;O(-&{d*aP0~cXnH-380#RR13O=zSTi#DS< zikeZ`Oi4C`G0wb^qpBVLqEr`afLe1L{<1NU-xzhT2S^jI28rwb6Cpq!AlX3ki2_cO z|7rm?$w$6DjSZZpcoha=!KG=d_rLU6dMjLnRA$Bwchg5wT!D)Zp%4hgvj>Jlt=wn# z26dlD6gdDLAWrdDU7ZL#3qWTJyAbS#u>SU^1U3F;J#jor=L>OJ@CrpiKO#Q~xM?x@05iEH2_Ov72qU#gfM3)*h z>a0q?YltIc0vvHe)>oij)*g)`3%qj!7##wHoNxRaFiaUhOmxrmq5?X~d7Mlr8hK#; z8PvASt+8xKB28bYFsZqM1es-fbQ`H^7nkM-ol@QR84hMdoSLasj#PFjRmN1Ed!`Ir z%=M(43hzKNSssc+Ab3j=iVXGCer@R{_RAr7tYhou<2DD~@eqXTM~stE3gbpU!nOH5 z(cWtaQQN??-Y@&sK0z*O{|1-L5YVL2G-OtI%(>r@ZxAeeT|T2l8ix<;6~dIc7e}>F zH$O5RP60;XZk`PAj|WB7&H`cU3-~RaF3I7>xTz@NLC~J^bJx)DYuROJpYn*vGS*PQ zXumM};sB$^$9!O*9o5mB$IGOT@8RHugg{uxBb6&`9teoMl%u4;-LM6@<*&@Dt9nqg zo(Usan8RZw@r1_k<*_v?yQ#`Uapd&Leus9+xx~FR0*D5covJws31jV7ZV6S8{ZVCe zcYtj6lT}Pzur*I^yt1)+M=2h->$~Dw%eWTz8&kK^zVJ3vIjq-w2fkGM|C` z!MexaTroFqkQ-VvbB)-M{FcepEaH!YwZ>4OgH^yWEK8}7uM=mS%%`lh))aX#n=*?l zixtPEnU6mV{*~btwB!ADXE}$cdt2@3{+DjQ6>qP=%_hN>ivj!i<7`1e-Q#r7Wq{ub z3v|9QNIC;ASK3NtMLsD_=$IpY27)&62rmxrwrnzGo0j_brxT$|gpg@*~X7;bU?xC#eip*bkZpPubkrv7L7e9l1y%ic& z_RKbFA$!7@J@8XF0)(99ObbC5IYowzXpP~hCoYvj1Pi9&te5{udhvh{AB}#CYMbyX z+|-c43cz0&eBhCkCivlT=0w#YT`xBXi}pBIet#dXi(2zIH7bxv0~g4@S-3j>GYDNw z#{V1~#?q;*oS+DL?s{CJ_f)|3(t#w9xCf=@%83$Z|L+Q6!r?$geRyhSFZukaC?~Kb zWH;aBMQ_tYRlalHt+S}5B(Q&oU_bvb80+P{pb2q(`rk9k;DIx$XZ_C^UB}BGcm0Ut z`7p-BW&9W%Rf2kuU)7f?9om+<|KHa)T*wB3L)O8q3R=dT;h(5NzPJ5W4TuMLj_Sr3 z?;%|u<~}VBCU$K-w~ibPoGu&mk>w>@mOjnr51&|4K(~$F@ya=WY%%U|&(9 zD=F-v_9?kIgzdCkJME2Cv6I>O16r9Uo2)9HkS0~Bh1j%Cx zH27Q7Reqjfc-IAvKpN-l~R@r?nHEvP_DRf@Xhpmhy0W^LKQSC+h zy&F5E^-_snWqscA__ARPN?^$umhqt~OeA5Q*Rw34y;=m++j9n@-NW5^7IVo_>kY>) z)UmJ@M|N)+ZqAd*N)I)Qu>lJ7ZH_Kqp-BE)%NJ!+kH5$IR3la##a)k3l3suLyVgde z$nkO>f+kt4MpJI_GA4|iMkV?Aj}y*n>3BFX3%u=%Ja!oQGo~;~beMpp6)Wi`X6?jO z{tVqMKWyn4_0O^#F7)I3E$w}vTwCC2k51W&cxg;S`Hjel7!X{oAL)zA1S)qL)q*`Q`XBK=&g#Lxa)ADcp3a3FyVmt z4ZeqTYrO`4xn#Pj4@!K+ZzgT^z$>#fIo{tXOdky^!Lsua3L)+7VJ_ zS*I}vd&}oIp;e-5)lTGprLhPQJA%u2ckh7(6m)Oo5jlSQ&X$uG^z1x&likwiY7L5X+zY zig#j_NUoBeF1#$R?X;urPX?)YbKQp9_qH9?0(2Rx!}76x8-%$*HENg~W@f%7Z5gBx zPODwDty>#nF{m@~;=$!klZ4C4nRa*TrTp_gvH%)cvrX6@eF_c=3dZw}(vi6{xY)Zn zH{5b?B=60un_(p6oWL2=LpumwK7z5|l;7?W(uDYuS}@I3`!3MZ{3|Py((C?Cm7hj(o}X0H1q9&C|zFjn0g&$Sn8~2y(KPoM;{f8 zZrP64IiM{MHP;PvDwL=99YMi#lZcG1Rc4fou2 zNz_j%9?>lkadMLA^g7#$ig+v--hT@H(fr*MRCtyNW^MfSxg(J!Nk9aykj z$^WMCJ5JRUgBLew6+THbzj@OcW0g;N*T;<75}m82ZcqRHf*L&^c=%n+A3ts8FRk>T zbItS831?QDo>9l^_<1}Ii-H^}KW5HhE6t6RvRMvPne@%ofOiz{_=$hu+0xlQnLYU2 znDwBH59Vmx#6v{bw6Zs~#J*F1G1=m|(-p$FWzpMXS!d_sr)j89!pI&z>#sC^5>5U4 z`@!*2WP$P**w2?t+jU*DJKJ8rjnvKTS=EjnVUOLLhnZ!vson*wofo7Fz)Mu6;vPTy z?xDO56NLR?*psRR3lF0i9oVtR2o`Q+;b!A4P!HzxX3>o&b$*Cpe6|s;STa#^FCB)i0W6dK~T{lOy;bYreG zy@?W3B2mdUXDjeHcZ}!Ib16=i`Z8)i^2pLTN6MS$r@njQACoanzpNAAm?uo5Mts?4 zO44Wf^+M|+&;HzhVzGa;*y=ajY_5@3yTKHm!x8S|hn~-NS=f8D#%~_+@D7Q?w6efb z7h9T47t1f(q@-Ot&&NG?cBan6JpUAxrcrabOB}_o4k5bY!@n<$d%w3;dp;Cl@;HlF zO529YqlQQCQxH#%$kWMi;U{b*;|Y$nJ>9Jg2CPP7_QRe>ED)sV}RC8@%A<*R;+SC^rjU-54JqwvOIpDwS{oiz%}l@NDdi_V550jI@x!jzH`kw6X+`Ye7QpKlc zwCCf8L1+QCjF16peyclK1fwn#<7c$#C=rX`WaZR+(OonP#brds4UY^@1cw z7Cx)$|0VpY#hejU=kc2-O~$8^e5{hXf`=p zc2X>ghl^0c?U&?l$^jy-ymQF_$ONr=7!Sc-GBy~Y6CX$e z3X*d%F4EAlTQNy(mRzAUG;DpYVTTD(y>}-(;!8*ClUSdmKk-i&*%sC)DT8O%|Asxz z776B(M^_QB1WYo60H!&K=oIle^mv?c`g7T!Jfvz27VY>Wyl`pQ`WaNbkcfz0mh1#^fYtX?%Z6mBxa?P;W^rUsShX9SiMy; z_@%2?)MG#E@|#E_M0WF{?qd+;EeJx1P^Mm_pQ9;XJC%!7f=fykecRwHS!OV5rY!#(cil zy0DweWm<@N-4CBSW4gYIyH55*8R0Kby{E94MPhM%iWI~*+gM|{UEuH~M!VZJ2-Y)+ zlx+ucOWpAQN7`G5Rkd~P!vb4jBSAd z^TsN5Hs5%Diuh||WZ(j29VD+xf27OAAdw8%a~(^+G`3oPBl@m~1M5a|b8=>c?Ip{J z5wBNbk$#Z@666G@kU;)Y{J+Uz8Nm#aAO_xZW@`xx_gcAE?0pv<9moT%`^=x}5G=yuM1?s%V{O{p=zRyMnq8}aGoRh;xU z{;`)ACk*J{g?d$Sk{t4Xb4p1jBsNtmPnpno^p$!*^=h_3LEhk+yx)OZ{Xa5a^Mu+n z%p!Y&HjKL7Nh>7ST~Y1o9=XEqxlhJk)Src(;RVfS+4bsYEu96or@o^N=AsiEY#%TW z=r9aFA5?w*KEqsl=~#15VoxJkTjl$)tW7Za_C!pEfO^7n-Nn4qDTPez&Y@Lj+q?Ah zQ%tKrb*EV#CxNAb#y45&FX1+`Dj8k%{Iq$NGYbn2{Wh)8{W*zC&t?1hUCCFmtkm98 z0k4HCGK4BJ8vGv((0yI}ot%14&bki0cf>Nh|9r%Sm1FPN$1+X2S>K=eNA4%){FP7k z-CV@9;!iLVEH9Q=xzLJi|2sb|mSD+;6S-<-yjH-E=BmN8r2UeV##Lpre-3Rz?jLK( z*%6C8tB&%^>CVx+jit};@N&-eKb12!7lDSDhvqo|AA;7Y4g@!ra9{6fW?e;(W}Q?h zxx087v;ET2WSJ{^vk{_Vy{B@Qnpi&F{)j2Z85}NpZ8x-MdDAcH)p7a2%J8+P4Vx)n zAzFU025-lar6pmnoZ54|F<0Pu9H}n|bhYFJQLQt6{l7VukR7!2Z6R zoX$ujH-rvY{beX}rk+w({H0_~M{4~v{yZ9BfJHH-@y^6cxJs)Fn-R^%g4`DK#JES4 z?ZlU2;$_1KHF{~j)J`$%vjsh2{U0Cz?8xl?wo}*EC^*q&iR)$0b*>hONn{6~sPbJ5 zZ;j5@r5_0uuNb!CwJtTvbol95#W+v-TrE@SXlcCz8kQ}z?O zeSVwGCbJZSBrW)I#F;T|53&`_AM%}-z-S(L-yU-&+q4b{xG;2YaULT3@%4_v!|VLw zgRW)qib4=$NXS3@4-Rq#lY4&;`Xqj;@zOjzwSnL@)Nnu|Xi5miW53z%S^_dv@htqv$nhB-al)o)|jl9EXH74*V2l zv-k>|x`|Bt-jo}Xo)}*9cyC^CDEC>qJ|0Q`pLNx%HP)csR7gEjXYGn-edope(F4-< z|6)z7O>vb8fyg=O#u4&`0ksp(b7_qVUK;`N^Hpr5W+?f^;bgmkrgQrDW^8a@X4NR! z5ZW+$%->Sd_&eIO?Mi#6ZS^X-u>3SWHCni*C^{!zK02tmUENeyDntH;GDzQ!S08hY z_xrEGYp4TuY~5_E$^LB7fPFO4@_HzIGv|O02{6U1ICafCkov7px1E0Q^VUnXC**!d z2h}2SP}Lc$RcA%>wm{4k3?Egt>o=NIR1ds6!CSi3J*t5B%%nK_H|CykZ_ux$-6IwBLaoLTq5v zz(bjcx)Q9Z)`1D*DY+3URI&1b6pwi6I~ZgekccwHM9)`BK&0C)5|2lZwgmC5wi7-7IPBv+z8U{3x=5`N1gU_MQ6KE@S zH`5%1hep)(KsCRAdNB(1)E>A!5w~$!uihAX8C&3YL~PoL9KY3+gN^$YfPr&Db-)|Z zcCs;OeQ89L8ybQkrGHRv&&f67I#l!s@kjuNcV6&7j58^-udZdx`v|@U=OT9y8wrr= zp}aSNqtnm7>{xcrh8QZOff3GWM-0Ca#|D^Ob}*huCXwG!wBx2=*I)w@^2*_qmu(tk z+OJ(I-C_>Sp>i8$>v`!%xBA`uQrdt<#34TsFee`WsokifOVKoWBEMo8$aBsodnd~^fztn2P=CIGMZs=f(U`e*kRkiFehmiL*#x-do5q3=Zmjn9)D_X}w0 zqv*88l;Zk5jhZ_vMP?r7@O>NH74|x$z%9X`0&aMSUC`kO8m+#cmF*7|p3C&BCCx@S zdJqr3JP198St6vM*x$uH7O<@61NVg3FHJz-FuK5O(FLO7A7TSTfAXztjrxyG(5ZdyAZKM-{@h@T9PEr$Ka>%cd zrd3(+=6QP^L*aU%NEE3&sRmax(k`rK``ev~@)1HMbiWxuUXBAV;t_5;dI+#E_IvT> zUqXM(X9oy?Y|<#0e72f&AB>C)iyeDQ6bMQ{FWBjj?U(^Gk#`-IiOLv2i!N7h8 zo;Sm%jLI~H%sp#0?PMg>Orh={;JGcf=t%RyOm!Dkj^BGfCmHHfYTLyIUMinT?KB++ z3)4Y^+Quy?bbIat=uOS~D6}w8!zz5acJ4#ApxUj*Enw$)Cz$U8&Tn1TTc1R84kuD@ z&JtW#&dIdWAC6XnJHJM2xY>CD_Bezo(VTp@z;xKe1Sp=G_a!QGBi zr-ne}Rp|K@$@(i>YPhbXRpz2DhM%IZ$<>RoSQkE+2GyrJ(5@}mT(k{AKM}P^XN}il z^SSm;Pp4)SE}1eo1HIIU;|Hr4^j8o%7(w%Z+))13k~$%8Z-qT>-6w(F&s4!T>cK67 zYnQBvTIe+kn4f_+`Rn`5cb1WHeDTB`{Q~Ea=*_y7MXi9D%btL^r+5!q0{d6x|si`5bDjnDXo6|T({~aZ}Hfx!K zOA@9tG&D3kUw-@--_;5mZ-&Ufqi_U3?bDD%u}i?v$baX zn|%k+UQjW#dAKBrrkQes$i%W0Z>_C`bia3!E^Li4;D8x?EUx-bTjLIz=UVR1@c^st zrQbX}lBFV!7go~YCOudi&(fOVE?GA8HF>nBKj-E@kg0m78n+IqU_Q9$u}`1AdlKyv z6!?y=15|&6%Vmp}WbE~+2xc&%`)~|X>e@|w& zPdxR-YQ7APufGUv2-uT2b930}SXSWVzk0o|L}}-Iy{q8c<)QXzi%6Fw4?(jkT|1-x z`rSENaFCr7ENvw1>x`LZc%x)brA&L+q9ZG%DD4A=KFLDiK8&LFSX0TH6H7ywvD2z% zvHoBQk}J^hA#NnRu4p-8SO=4PmCj@s zP|gD1enF8(rtQP&4P0MT9fd?%N$+;z<}$7Zc0%QO2v33P?k_lqAvxxj5$WQ}QQhC2 z&t?ai%)^k1-IO}3)(o42{#N=y4wW<(42bw9;{R#^e0oTdtXnLS)SRcy_W3=|wr{O@v185K)G6Bg=IFvoj<&@uc8^hohWWIS zK@M14VW+q0C<`R)^5=jl`3-!K5;bF-ZJ8xp$)&FNH(Y# z4QTbGDcWDqwYXp5a`yh3Y)aAo13$0j2mXjtp>tc!cd%UIwsxLa+V|+e%rFp0Cvk%j z)PzPY%likH3wUuJ-gdP8R$?Iq$n^q)ZE%S?C2VoA9Z=6MOeup!(g2NX5+&Fv8Qb?| zaf9sOD*G_$cTSzhNzhXReLa}yb;{k25JEGOrZYi=_K_56J}lVyFL&BbFJDxa+XQIY*@vXcw!2r2cP8z>}&PQlC>92hvs(c!huwHEQf{sRgvP2sbTgzef(dZ zd245oxG$Uh-_SM99HXM^G-A=qYrC|XVW<%;a_xXIyOQhV(f33h)S|r{SvzTvv5vE) z#3w^3g8#vd05*_JMFq(lTS`rL^?01~4WvSoE@{+EF679^ocyrub9T z=LxgT1LCI1(-!z1k#1i@dW1#VkX8{o3WrzGE`_m!QrA0f+WIsR^21L{!Ij6WSk#*6 zomIr(Tm6McGIulpULAN3yNA!=h>2pw>G5zj)DTgbc*wGS?EXaN&>{MQmAu_5W@l8= z$X%IRVNe{>kpPmJWH!=|s6r0x>p3??9c>y$W{4pP$g2Ht!b-+EeL{jzkS(*$(4fe? zudAxRsic*t3ib(6Y}HeivLKvoe}mJ(AuVBR#!UH$zS<^$zqD9t0bk~33zZRn?Ge)r zX5Eq^stF|~7ZBiK{u!>qpSgZ{>8McL1vmV*`>&G?Z>lMGoMcp0E<4kDjYJKDwZ~ZN zv#s+|)hsa-mIlBy?qVS2x(SV{E_|Rj;4mlfQAk z^HHNIzv|icx$MNZx(W~u9~SVGPtotfVgoM7Do6{JyQJJ1Hab+%t%Ul{j3^ zJa?#Dl%+89YmQlSPy+7u(98yjWn*XMI z=vqR_{{iT`V5Z=WN7;dQZ?b_hr9{2rg;(!v4o zd0ydyeXi}hHB#E0^-~8^;Hz`(bwFRLVD=FG+sc;iW*=bskh-2R;p?g)&xIs1UYy*s zNiW(BaVf_D`4XW0N%;^KY_sf>Z{E4EwLNx^*@fM*+Zzk)$pv9Thuh=y1zWv$2*Icub`~0qbMJ;zLe^87V+S)=W!w(fQSLaz~ zT*i?k!ye?NjDEl3&o@xbkAtF4AOX)rPl z)iW=T5%UyCT$rJWuC4>VPMVMsgRIXJiS^(gUVM+j7=d9ma3E@-{2Fz1%lpmXq(W)c z8wv-Er1Kyj5&jOgej8d?8H1~t?sDOBOu(pd)zJ8vNR?kvHqnhF5|^{2^xDWf*raEi z7|+seT&-|1*#YVN)0OnWc+X)?L zLxy(NX1P#q0s2v2iw!eP#2bb9}dq;p~`GQF6?M#WA1INr~bW6cIP*cfq4bq)tg0}Putqd`} z>-e~Y^J~h+Q|Aecvsjmg-?)B0Iv?4|WAIW9ip#$Ekm`VI(^VNAl~n`qP#lSDU>?5Z zFWky(3JEGwV$|(TH#-15(7p_jC>$`s{xG;+4|K4`ucrglTlpHv8jw6QlZN`xQyUSy zg~U}AeIIK*vFZ`YMR3b3HUhM(;t9|rZcJdT+T%IWz7(YF9AIN!{Y)!!upNhl5D}in zq&R`z7m9F{&_i;*Tb)3ad+p*27l{+d`N}Z0GEaV#WZ(!?S5u2DrK*scc{ubIik(=! z+J!NS7g{2qPKb-r=cC?pZTd}9$WP6-o=a+T`GNMfWPz4Wc;)GZ2TvKEB5Gpv6y#t$ zhH06QukJAwAGV^%QUUAjC3PqD(8)OxgSiZ=b+qQHQ9XG zoG?7PtTE)s2ZYqQxg)nrT8S*P^cn)c^+G zq|J=Dbzu{EZe{lYr-FI^0iP@b&66e_ z+e^ar4986WEN9wqi^F=NX4Krg{kpSY0GLiuHoG z?TqJa_c?ZKd`UEz+?G<{QU;{*8fhbq+d}1N=9n3pq3EEST|rjp77zgw^{-py4r<+J z!ZR|{PFscgTraW`c%meh4OOe>y%yLY4KeV*Cy~1)$8bZ)hE8pzh~v!{C%YOB#eXW$ z*m#JM@X%@D2%nPk#;JYhK%wK=VI()Y#*C@HZ|m)j1MkT#6CZqz+{^1bwQDaS=L-UE*u?0<`U_JvGaZM|Z~c?8-@% zARs3a6$s@;<@jw}#W)`|RY1&&?)EPazwK$;RNiyr!cmUc*LujK2xMe`D5^M$Fo--k zJABS)e@NWA7W!ed(XIu4$f&ELB;i@*EOif7Ys14KxFWVZb&BDJRSdJ{wfxJ}o1&3^ zvSNV>MLT{wQxV!>!VFifj-Dt$-B5Mhc`v6-p?c7(-wO;mH5I)iS30v(xn+gQ`vwEa z6O!27=k8_2sYDy|zxrTa@a-{6ZBr`}cafY4TjRCHCd>`0wDUINWq#35w|Jd&Z#}8(&&{>DX-i?o7Jb zFOvS~^7b1$lA%3NqHwi=wEPBXJ5Y3GXe%vDZW8s7V(3$5)`PVU#xaq^&I>GMk?SV+ zFDZ5jhw4JZzMFZUq5MwI`N34wpXrC3ODmZ;SB&lw4>M~_p^V7LWI;zmWT^09h;zD| z7KT-zsEXyvYjOU3uGk3kqEKNTLKa$10-Gca=d}Tm{m!?Q&=*sVPf?ZnCV+hl%)}xG zMLSBh=ig&&EM}C>FkqQjqwnI3Lq7XBl>;j*z<_I=j>AwtX^l6?C~D(Ue&@y>?XSOS z!bcseC>b@74Wgb1QJRQ5yyVM1Z@AZIQ6w?tWI1((`^xi@j^>>P2OS{nbiNf%=O4(P@;BCQVXfBiTfEBUI2 z0ng$qXvabmRc}o5Ic0)ia%F?qTdf%;NxcH#S~wC?&s0=WO-WNaL;7Wy=<<7l>8TUl z5$+@+ZN?$k=*Rimj~4WS(V%mFT@pT2FU^}b7%I$g-pXtk<-JO>7*lc=Bl7Fs0g`un zOZ}tq8f{~1Z|?p@f+d9HUYKyGjqMD|8tdOkN5Zb#ABnLV588*ynlG{!!l_2CCmGG$ zGddvEbZEwmcw8l)#5vRbvV?<{b*Mx4bJ;Qs? zUds5P%A&WX)t!~oCFgK-IBvt2p=dYbx5pUmSluxQExn3>SpU~`c zAXI&8y{h}uQ}YH-rSpE9VP9)+tJ^({r`Jwp&(yS*b(%FSPb?p#(<~@CEq?SQ^t@~H z1(Ah!bGJQL1gOjIW%6apnu1h-Z6f-NL1ng_x3Os|H=Dwt$FZDT~kGiOYA7O z%$bo^lgi)dOqrp(UPxBqMyhXGAfiz+<$UADjWpKGHzO1pZ{xk%R1LT2K2lwvlDHFm zb27Z}KC}Sx+K>3;xNq-2pi=MI}l!;+TRgt~8tBE1{;+!4G;U#{Bl4%<6g`dEJ|H zChBtDEO_Xg*wPz!XhNk>)Gi@HSeMVv5oBh|H={2H_}mI|5n#wr?0M=*OIzzmoY$X* z_d=)<@6^6e)q4^WC*As(+rCMv6VQZsleS;>(n-9ci&yS8KMY;@L|$p zxwpl@!d4``9=d9p(j&-fcpw0b=w=-=2ZpS9r|(TTgUP!6z>9U4jx(|U^#0}AE^Xht zO)(ff4g}@0eUBK5)kc)4U8LC8BV~N_j`qUbqBVy_`6r;|s zlGFTyE!HZj;GY`4Z#R@pZG&=v@^1a5#p2ninGSL}Q!%BIqB>-7KhGM5$bo*?+s%xX zx-5W6ve+!eWw)6@Va7M=K=Qh+NV}BB*Uz~h@AG31FTs9IJ~3Eiga2bSW<%uFat0)` z_OYbPtU&|>e_m$0ykwV=VTh*;Pf^TkTpu#dB6(nLZZ2Ls|I2lBpx8RC{(4x}yW4H{ zcqkFmx>7qk^>#v$vWq*5&kmhr@kyLO$Dl-Sah~csybwcV8$AVg(8gMrYrPYb*-e96 zA7Q`fHJV;-GUh~F!7m43wGBgU~QTzm=?YVYMX6W#r0`&1$Z&fDzkFL;+bk4em2 z=PoBp8i{xgW07O0s@k?@<>J$9;?Q+L6j@SlX6C&Xxs_|-A*oUie5d~ojZMwWK%SNu zU8Q`?eAcukeT-$3y_rO81QPtXZk&nf@4_Eta z|MM+@S>@CRnJ?~~eZKASa>I4k+*(>xToesUuD1=v*nJv{s4Oa*|52qP!4P`AMr2f)iRWZslwbzPbCXLsc>5O@5gpHS-{-%k?@1?4WzX6WlW<`uF#yj zR(^VoSnEkZG(J2(6~onBq5)PdhL;u|9sKuOZSN%lPT>l%xWw!kfhPzrR z6i&R85W2zSUeDFHf_<^;YqapM7%-y?>wbak`-eL9Mkja@9?582on9J^mEThXvyt3B zrH<;i{~`pUpWNB#Bz9Y6FeqR z^Hj0)GKQd$<$=b&34q6UBU#F=|2QU(`95aUA zZb1vyR!}UQBnM+)>LP5~~%EP~;qXnPwK9iIK!;;xYw8L8!u%FY`qM zr?eToXYb%br1Fn4EK5wM1>sC2!P@*dn-v5qO(@}rIy6%!Q>*v#C_9iYsnAY}M;Mhu z82`K46=_Gu{;88lg>LFzmILkF1sV01Y-pUoZCx}HK}^IPY+38W3=S%~mp>}F^d+!I-QVbyT)

    kV~nocoZJ@&Isg-y|s8A&T_; zLE7%t+MWJrd92cCWM9gCS`8AjSs*P_AOd=YPq2#TK-JO#K`gpHTRIB5W*t5c6`i{P zHHrf&#IjN*pz<~g>wYJu>0ct`PH z9>a>=`aX0TM-1ta?h=UOG-ByxDwtGGTNi%ABa6zT1#2GN zbgkD(G}GsXMo!xlE?#7WzJf+3riIDCq5xEF*gg%Sm)g1_>hryKx7(;_=ItXV8@AOU{dK-b}g3dH7(V`Y%$LEAfn}Wb% zfFlxsF@hnIUtvpPG$;o^=GbfXowP72wPX9s-P*E+fkNRsgMFOg7y-Sfp_BWVR{mBI z2A9d8pt2oin==y-UU*NpqQw=EPVx*7r8a0yZUu;e3PqRXiLeRa-c~062lqx>!+Y+C z?bf^eMUTdovc+gwaNnk%*r;^kY$!7O=Sn3g0(cP0lUifHyl`}}vz|CMnH}c*~X$#I!>aG9sDt9%Ye~`70SR|oYbJ1%{!+(e-&so@7GG{E)?kF0o z1U?0*M+3T8G3_if&RM>wv~KePe)1bpRqEC* z@rs|d$UiDEeT0Om2g3Z(3J%KI7E&!hCz9Yi)3w7bsh}dBK2xlusN9+3Ni||GCfAH% z?=&48)WfJeaSSG3ykBC88_Iow{lYzPwD=;mBe_&==@B)w940*2HBB#qeu=?1}w z&gPJJkSy0N>FSu|*DDSFes-dzZNRx3;xd|O-CPzL>=>0yI$7!TMFYJ4pGj=rX2&++ zRao#OYSpFer6?&&g8b=1L{6 zOjC;m#)itZ@NRgOR+>Hdu zY%wLdq867_IH*`irn}OG220;d$)DL)4zx~nPBOE3{TfgN5wj!%6*KGm1Wqm)VVf1C z&q%vW7oiY?JU@nb@vb#(D7(Z1<#5ViD<ng2rzYm&I;QytyLbeY;)z$hdL|P`*U& zNY|u?&WFrpnSh`Ygb9}}be7hv-6?3@w>>^b7||BWnmyPldv5NF7KY zlGg5MKNT-zZ`->6^yp6BpohgFGUAWtdd<9tUV=+7Je9kJDk*qaZ#a+}Gg`iCi)%ErQ(<`G=$m_<=1Ast{g!=%Xlr;Iw+k;l~`*NfwC}Ix4g=N|*M?XnjC0b6a)Q zmHZ9YZ(Z*mG0l5gLA|Ses{bv>i3{8YX@PGnzb{9SA}cAi_19b9F=)q6YPY|4GTdk3~Upt$5ZMr>AXe*H3jTz_jUrI02exaZA5wY9Jf3*O3h{)kYym_2r94Xv} z{GH{DP$K%S+Y3zTr#)LLQCF$G)NIm){Rlz9*zX}mE|e1ZCA8$rfw*_Y8_6<+8@zVm z1_^p6R?#+8xR9a#7iTr2T+Lh8Z=V9RZ`qO)DB|XJ#H3ca&uHvdyynK@3Hi&5rrXuX zt1Pc6{>}$Fu7pWu#KGBv4pB~2Yt%up@M5hc25IKGuj)DtzL?__l;T69D1&xSQ+E9$ z=WDk&@SyvaYyCOnwT*)Ev&`~sy-l8^lSKpPnbr~lp;C)ZDCcPo+oTt+D!~lxofY+t zkLd{#S5zH`U*Oy+*t$0$rTBzgarf7+kLkC!mhMuER5h@vCxkXj>4yB|eFws^iy1Re zGi4kPBRZF>ovq#|jl&A!d(rNfsW-oIoa;_aJh;1|wny}nJ3)GlPv^w-onHl?OKpZ+ zq2+LN60ebJvd);KJ(gcV%M9<0X}T+u_Q`fG(p=R{^~rOv75h+dzD5VeHyhVAymjIv zR$1tZdGv0!XGC;;vPq?x14onM|ElHn8`?vfhd*5j?ZZF+=VA1E^1*o24GJvMHjwt& znaw^O6}>31{FyujUm|I>rcW+J`zPvguGm%e#Ue$ed^%gIxIvd2X{l|X>gX}q+iyq# z^r4cRV!JIcnRs^p50g0!q&`yS8Y0*HOOO;c3chmEfi3IB$m~WB<5W}?uQ=x=A=mL5Pb8cEO$E1g=cwG4n1VrSREP zngzs=E%PBVJzS-&fs3z_f8Oiv%H9@MJ$m+`**rl#=*k+O$Hj zy3u>5P?{WF1&Y9)>Zybia0)0$7gDnNy9*s>Jq!DD!G96jM ziDw~PX-dEy!V6r=x|eQ?=ON7h`Hf zuWs-+;;C(f1cPK&H?&_y`_1Jc8MEl6FHXYKRQRk8B>T{i5pF@~G>(6LIy?E>mTtJ< zYq~>%`}3J%oDm}gw~U<1E{1OXxets|;6yd{NvFIT({1=1Ylq;AmAOn$-H6n_zlKxQ0a@JI)Ss^t@WgrELs^-<;jdJ2BurWz9;@+=ULuOcdo zS92%jXNJOkIA0p1(hz3;_d4Nh!-Vwu+1G}kuyFpni1jlq#JYj~Ll2XC7|46nnSMgM zNmwyO4DLZ+8;H)2;Ot*I#-t76)n66e{j68H#6aW(&-=QPe=q%Tt4 zaw^BHMTNwdMfm+$h_tX13KKo#=uvAsxS(N-KdOF1DY+5f2qA0 zvypnay?>q+Hd3hk5_UkLcR@PKNOuv@6$jw98q=Jhz=WRUl?JiMnZ>3RUcX8!Xe z@56-5$%~FF;i|&^kjS_}y4fN5lZntiuBsX2H*9g9z>^}&MTFx&KOM@1a||Eb3Lv`d zj5F~}ibuGDYP| z?%QE&)l>bT9qte26V|e27thJ1uG5eUWhox6X@)fq-zr>+L-DD@E=;g~{<%rH(Mcx_ z9^E%RW_y6e!AZ)U5j1}~%zd&AOPLsG0&|clF7h@Cj5FT+u75e7e?pKMrvVwIF9F|8 zn995soq6>}U6}gtX`-S&M5E;MAC1z-d&uKTA%>JkETlTlv ztV=7ktOdeKxSJJOf!;=5I2SQLLk<3*j+U?bocHLBQ4oMbQ!9&@J)L_iHq+&oA$G;-J9(-MyWXx5dU+5#xbfR(uU87t^f& zpt(phlt~3}VWPl32aYpLQH5dcxAhde8rP}y_ieue8q0iYeD1raA(!pHnTmP$o*SnUnSxU1= zRzF`mQD_U%{#352wo{q7ztyA9)cka|;F;l=>%wu#bbE5;^)~OHi_>c@-}^S5KRp}T zzCHWZ@u%_T>GWDh%c^Z3R9|l<7xo*f{XM)@%|HS?_x+Zf^tg|TpS2Y$P8kwF**`!n zGX))!0Tv|>RkfFYe%5ofY~Z-aYmj&)Vq3GN2oGfTNw=q0UnNQrItPWd}FyYM?VV{#_MHT4$e{lO459O&sKY>4Gx{sk`*dVhqmHf-1dZp>?_sJM&(c>)fQ^vO% z%nHpOtU<1ZC{$AS9_^`xZ+moOo8)HyI$dn0%e=kG+Lgqbx-{}uqUSKAzKHeiL%*E8 zJ1#%Q(*4|2qd4earNn(Ir|l}`wt2SrtU7_kT-D3>I3F7RjS_u&Gp4v1VEY1J>=irX z*}bcFF>dB{EGnj9YP}MV*d3a5p3Ox#+D--=blbmW@Z#y@oPEV(c{l=5lzO&JBGRf@ z=uD9h%>r?mNBFd@19F~`CLtjFSQ0-Ub(tU2uDl?tCTDDdjqjbVstIq6tR3{T|54Yw zH_{TYqQ3GmZ+!!cE@kly<~bei^H}nBT+is;X1n|T*MzR*lPqy;)-SRMOTUpQeXa98nS57Z^`dmYcZik4pW=O&OWO7%Z3)SD9O}M{tQ9iwFK56tUAW&OA%QIRjY}kk zxRlLR$6vGAF9orz|7dE^2dRv>|9=aC7d@UI)LSOxY2=EukS<$p)905Cl6G+!s5%ci zq@8_bW}cO-pDle)mz-mNBE!M9~nU7&4 zd-J9Ahwt(56I9t@ONc?)^A~*5-Tj9nwanN}0+TxV#dEdyia*N;6oZr3-|2ub6nF#( z1xt9vy9@e3y~G2Zy{;b5Eq-s@ootwhLeb~H@1Zm}Sg)^gA5q?w_N*ncTzf}zyt{Fn zL>ek&4h(x?miVstJJsTGfuX+aa`cRX|E^wmg(I8CR#r+CntZhAQrBk2uITrT;sv!t zo!e^frV`nY=j{eQ#IIeHmJoSC+D;*Pz~1%QURU8&ns5;Iz%Ghsb`W}IeCA7Hmyw7Z z)i0-c>DBOqb4`ZZMR`13$lE}JSooiw`n(Re1BF=n1Rk3dz%B%&N*y9RiwyNOuD;^s z$B)+ARz$fOpSKJb7_(Zm>8LRfdFpq?4eKSN1G+3!@Ixes4NL4Zj{cp2 zPHP6JGm#SPh}zWJ&FWK+<(2cO$B>J^{95mApiF45*Nl--UOBX>BTB1WPrh-qlAa~! ze_^~gU31HI+=`+d6qHF7v+{=QOz~0_@(#sT=ULe-f0c&nXCp4#BYNyQ$)kC?=er#SZwEb@1mXO^OS`NQ05ktR&$ap zB_i4`Pm{9u4-Ny=CsZv9J~BR$YYprK*vd)>+^JQjpC1 z8oRrxqaMdrFwmQ*hv*LBkw+|-J{7xrZI=BIzOME^YKV8e#y#x<{!`~`W#nW;ZDX{R z{CcRB-x`Zgtnk+Lg~p2x@0;Ok@YIkmH-PA2cO5qnFaaJX*0??%n_l@FBhLKe^% z?>=-7uF(?P3o08w`epHajLZV!$w??vw5g0YnLkypevNbRR}vEH$+Ckn3sI&XVYF8> z`06CYzBe>=_Tp~-oym#StYTyB}!V9T;- zsk#J`Gb>WS+n_rvvEzHD;JW5J>%?ce1rOH^D(;}{emIIYJU0uJTbbv7AtAZp;K7as zT_i73Y^M@&rVFw3ffk)LJp&ux=10q&$;ruCz?m~1%Jjp=iXR_+3>shblx~VbW(28v zBa?9c+A8Vj+?s9yUH_0odgls8r6*^pQt?6QLeCUP#Wizd%g}>^EEHJp?Lp$r^D!I` zDOtmN4GJ&$Lnt&_V&aS#dyPpJb&VB#s`r)n(g`{~7q&3`P2XiHQiMrSUO zAgbqto#pQpLoClY`J^Ivw2?Yl83lmB>;E=(BZ z4t(n@)K;y7xDqKh1IEQr$7msAwSHd~dMhC91AsOp$3mqWJ#-hA4=Zu4sf|PRAj$IA zwY67Xe4jUY{mnx}|0vdf472#DkO-ci8kC-YEwUE^}=TW{D%~wr(VR2ObD1#y6 zhHp8yg{j}!M~q?@M?ODaz}f^zYGIDI#@sYWS!E6;oA5GCs07SDKH`soLeCmcb(m<* zO1BAM>hDZS%R|)^yr-z1lxmW%p2M-<{EHk_vHaeFMdnhRGLnTU?;W%?!(F8FZsa*t zxCrOk^98BMR2I1Gt~K1zte>{Cc>j`CCZm3w39E4EP<^nsSPX*7L?KCb?JQ&YgVh$H zVrlz5`s3Kkw=Q&u(@Wh_ygk=bAY%jOkt4TmHj)JF&ZZJ{e7O{A1bLs222975+qJQ% z%Lt-^QhI`BvvNnIK9n79cek0b&#APTz{~g^|FtaW!Hgy*_S3p`o}zx#+4BC{#ZcTY z=GL{qr4roavaG)!I%6t7j8eq4K=N0+#-OiqNCqa?-gzMWH0(dH(A?Gs|L8SnqVBR7 zrKe3VXdw$2X#UlgSJf*i?lDNcktZ{W3rOYV6XxCPuR7VXjVzJSZNN&{z` zHeo6X$@jXNFzE`aZ{z-?vbP8@{JNW4&$nwDnbkGbnO2cB$)e}Jz3{{{zwiva{~|Gg zf&CMHzu=SSDVUz3*+}0a38=)|_&Zp)Pw@_&VD$d`iqPFS;@?mHpKHGN^a~%I0i)d5 z{x#JgckVyQvNe8q0keIJ~YAckKzKSVD!Y7y3eRLB5ruDtTX@mwv(ozc4lRS zW>jB=WS)w+IcrHGrsSoaj|!wZ&&6Mc|is zRZK1Ys@8cQ8_f?e^@ZwzB(krm@7%lT4~Uf=45#_;0Jnx!>eYR*F-ViwKdTWJ=n9|7 zqdh0chEohXc#CGVaRrLV8e^H|{@eomDTKgr8y%69r{FI$ld-~b$PGILO@OHGzt7B#4-|z_Wl;&Bg~}Scl>S0+@WtZ@ zkmuJ<7ldMgi_noVAN?`H3`7MZ>vjsDKh=-O`A`%0DFVAV+b53IwY`&lO&HTqci91GMyF57J4f5_vE(Z=KlwAo=se8HT^eAWSU*f<~T0 zSPdmWaHJwbXibLFOd|P|#&!OCgJb|1#iWrHGvT-);E{y&*1x~xU~a^J%z;MrGT|Vu zuUX`5lL7GmqgWjN-wO+?mrXjE>XvOa$ArXGN3J!|Sjm5PF^w#}NExYY$umx5CQiWW z_1=Xx*=&syS|06Th9*()pp;K9r&Qig{0kN_;e4i;#MAj45qZiq3GU8BY}Iq@D(o6K z_dKXuBpp54LI(eC$rET4Cm?f#eN~@cH6jaRytZCY-ov+ZRucbT4`U$GU{6M!dhD7B z89+%vvy#oHAS74zf45WJOh(u4%J;Z;FnBoR?l24|tbdrBRWSgYNJ^1$PjM0_`?mzHm@{UMp zE1J!G+lH%s2X}H-^WABU=R7CBN@Z&Z0Ks-`Yay zGw3RK8~2R-yRj*m8wDpQ(PH0-q+rNIRdM~3Ot5!dN}o(e$48?I)h0jXX-?J9_phkF zIi|Z6{H;TA`vZ~i!yk1ami4SGt=Wlz0R-^0DtwjZK@Y>ekr=tJ>xNDB&g|jIK)}~k z)rYd{P<9~{B6T#;9~|i)v&dQ#u0ZlW3u~D@fApA@taoNT`K1OJS9=`?TgV1z15}l} ze-FZQd-gXrWAz1WjFA6k~s4Yp*rN(rjGqQp=gwZ>X6_1p&J7a`d z?<)vhV#84&M?6lzLreGsT?Q&R36``A7sPs{fgkCzVNJHs_GidLVNZn!z3}8#hUq6` znLY_~%7FaxM24hWj?fl|`PNNC_!Z)VA|iuxC(J#&D>2XLbH4qZsI7R#|Dd3?$N@xq zm9?KU%$;p=Z7>ipXSz2zxl{felSM-QtU3&Lt26hFccfkDj0bvS!h^^39HJx9$=7$m&l&_je{ZR67kEWM0npf z58HYmf8gXu%fkV^MA1XXMu4v3#hPf)hbA@#3+Q343H|U)N8LwaNc^~O)WKi~ZCWc~ zjKmq5Y(FE4kxzphpqRCF?eE-;aKe^_HJbaqP|6l29ZHYdPJo8Tz6eF!fzgz`#RUz1|_dvog^ z{RPEnvE>ScLfJ)*WMY`2@h3D75cW(bak^Z)*z6tmkn2~d3!B#LzLQY5wZY1%{l3iMSUvw&L9*qPxLL&F zBlG?5Kd(q{eHal^@Lih@a~Z3%)XqB3S#YJEHEhG5NqFL+b=C~dR|?T~96DM0{8!uM zse)c+U7BCnVY_%&27vV@;&rS=rvE{Dapjx&2VhlFB#F%ENh>d$(n@27njq6bL zax!kUN9R_yO3N_1>A<^BaKJg>NJM2lAW6JzW>&6fRNuQf`#}z$%{8l-ozC@NEr9XMiT{tSuYiiW>-rT$ zC8Pxhq!Ey2=i%hcE68dq{KbJGG^WhmMyiDV`Te*%Eh) zP^F8OVj|ypCu{nJ*Ee?xT9pR=(anikgod@g3&um$j+$`QIZXkiNlq&Qw4n=%ZY{<; zk(~`b>r&jV-{ag?cb9%`=SOyadn9aDH;^dJm8Y6{k^p~S_e?Fj{iE#02M%@}E0S{Q zt7FaMgSb00>wM{T%2k~{`Ohy3xh*c)^lJm7^Hr0KhOCwXs8SO8~3is?Ar}Z2J~&(k(pyoh4HZ{O}h0=zHGh` zXWRCRd%MaL)}PsYGs}&z7ubDE%{ZtzmB^y|H0;QZNwsa8Gw(crRiC>sDUOx@-Ijp! z*B?tMPk~r>FsJj&0LF+e`>uoY_ z$Y1*U?KZD7MBSx?aUtv?*TPTU^Askn9hJ;F2+U~Xo8!HydY>mVH>d){7~HrxCA-Dk zD#gZ-fcT%P@gn$KtoE@P8-Wj<3Ls$34IvF z?B_n+WOz0`eN6Q)Io9tbTdXM@jE&XS8t<3uRPFjB#JA;G3$l3Xvf&xrrswz5%aEAG zCMIhf#^s@|A)BjrV4fpsLM7SC&nuM&j0%!IY=5&31sRy1Vm6jE4EW0mD-2J1)tEI} z-xw|2q>Fl=PBX%(MSUMrUc~6W|GDG%h&dgpTr7eQ$-@vqmg_Vo615-WlfIqV5%G^= z)4NVrAs^GR(`8|Z4m5eh(KXTd^&_`uqLtS9yeWIRFvAqB1pxsAy-cQCSE_{s7|H#r_{SmH>fXgJX_4OHQIZ@Qb?X zjWVA7O9}SV_yPaiocZ(Z42FD-Atj}j-0Zl6fG4GEa9xSYi4P%crU%VN^UVfH)&Rwn zO`?_%t<|xF({hJlYK(diQ=)5l<8Za(`aOmTgu2p6WXVwz*a~ z(-@*EQFsi~*b|6gdFG=|A)Z!i0+3zh0+f~(1gpa}Dc$PV-M?uNkDA zT4HE4^x9GUc_NYEdRwIUk9B!c$)wU1@r)IwxrI=3t?fq>`|qwFSj?{duKbUJ94y}O zeHFlWe%Aa{1|oAvHy(9YL$Ah-nIUa+n>Vu`5OXc#HZC?I0{Z_)j_Pq`Jv;xI#c{f`Svhndx62&UY`#PTw^o-N zHz2dsWwn;CM*{$mi2J`GXZ;&JRH@KoIwN9_Ax{5A9P~F;sK~$y7MD3Pjd_VFCfgaL z$oyN|n$y(T(+nO{{|W8kKw_0o^7l_Bf?7FBN)52*YY_%du)H zK8CTk(Bpb8`8EEanR6E9%aws6x2-*SA(z8!u1<(2U0xYwPUz9VlSWSkNKmR+&Cgev zMYYHZM7d5qEw}qVXC>B3(MXnD-!~12c}VrDJ%4{@UixFD#OIIv%Z=*ghBMk9FY$WU z%FmX8S|4Q~Ly;p{^HJBRKIaa$InX?uq(~tc(2>AM9U(FSNhS2a?2&vo449b5{^1W>HcqD4#S)Ntk znRcAS^_{zN`Wv=o@ANGkdpNB_l`h$PSRzloou0A$$&K1El_;q^+6>MadJs|!TIcYIm(xJel$59;Mq>MRnCe%67d-^ zsaD#o-6@8w4rJ+UenwJp$bfQLgz%boRio2WM{S8iK|4v#O?bK@T0u8A4C{>PJN)iI z1d)@?T6&@rVy&3DuPdGGuUNW#O&%+>QXTayxEAtwJ$RlIH{rBo%);kn>nUJs`WBe% zg=id6*uHT3O0&F&jb-``5FSSoeM|IVGS%3LFVqSMQmW0tbc`N&Hfrf+Y4&*QTt zM<&+FO40BDf+1mIRr$H&vy&y^YN-m7pjrednAK#P$ugE_Z2mGJol3@XyiTmL92$1Y zu322=uy9mANHzXkEknFAHvRP{x$%K^fh$3MN76#96-riXr8c7(hvsK11`alF%+nDg zdTdj8Wl8t&sTI#JNh~f#ayB6)mZbtpN%BjICBOO;1;d6!o)0CqP+KL;fsDiG;gHFS zaf6HYzNI%Sj_1bUl$g&p2CgT$CQb?zlt9@JDjH zQ@q>ag~~5}*XdwlVX3{N?MV&ys^WIG7xj-0cbOqCJ*OTdiynN>ZGcp4=c9cXNg0^{H3A>4(P`pOJ9nUOt*QmwqPR>j&(jQ#gCFkTZe#Bknf-joZ*M#sh?s)(&!R%e$A?NrVV zv{%e@y+W-TS1CJV5kzD@^oF_zc@tduq158O=sxc2vOiv*QDhb>R3GJeMXRO;7y1)S#>3^a zq3IGGR(|JB_y^CeVVgzk)UDTABVm#%9=y5cxr7i%A|u_6Q7ih|_IYh-Ulx;d+WDV} zp+!2x{>U@eyPVf^G{uZi&%2gKwCJ|T*7_rp#|BiGgzwZ`7!JjQHdN^nSpciB^8e@-v81o>Bhp<6|b%nu-d>%+Cn!7F-=P@(u5vF7Tdg zltb-F8ieUhLC~HMmIeBPARVG*sLjryq^Dds$7ktB1UzM1YiocrGEo-3ZhE#02bDl9hqv@$Y*5d|@%${=jx&tMh+*qAn>f(GTpApB zc~)s6cAr9!OG+vk(hQ{~AK(TTBrCo_-{(e;je-{SlhwKT zm;-7LLq3kShz;nJ$Hc9x_8hfW!jKpCszJofwQc2Y*F%38ymMhBHHpFnD|6?T3{9>l zuOi^^j$EuR)r`7=i3cleUKYx{6{|cM~f-k_7+T1arqn;q#n>*$p((-E2g#B|7m z^|;@05+fPi!86J&n~_NnWq9l6E1ge)3X(A7S|VtLMhNP>NI!c<019`;N`>5Apz9kZ zHOCH5!)$mhIk-WowxtV0@+NNfjbP@>!u9!vX9}4}EA=Ab`b4IU77U?@Q@yO(XgBSy zb5o`JR+YzkRl5|&+tYU4ry-_l?^nB<`2$0+j15vPM~{_@nfq9m(qik|m+V2OmR|(I zVmBCzXFqNQE*!TKuJmRHTqiTv?6Oqy3cxbb_KOa8g3E;5awj`R3zw=W)6;HhAFddK zN}}Xb0@NG`>)qj=W(f+(rr=vO67LU8K3_dE%CILL=`C^|QSoeSNOJ4f^Ou9CaGJ)F zuO5IvspnIWR4WtkrBB|p9+VQ}+8<}c-%C)!M@--|&M;TU8(%&(3i049=V5^pt=H{W z-ein{e;nsU>jG--Iv+cD&0X6tt$6u*wb39zWOUnL;z5h1IM4Bz8=VX zv_$4b68xLbFy`ff*q5KUyhlCv$?T@}Pv>!KcUwEC7Y7RTiaJ?fa~pz2jr-pXorR1A zA0up4s-4OzNXqN2XFVkp>&}-CNbwYx!w%%f|~VAG5fs` z^{?fOa0MsT2nY#Zz2~t;ta+`efMcZS09jN{te|hdP1%U(+8E!XTRs3>Y^wqdipQlE zHv)5yZCYr?dB^|LAb>m9L+ z*O1-0dVEj|ST0BU&HWs!p)^`iQ3_CKG^cy|&Ir8e0h$-lTS!s7r&0>7 zD(1p2ry6U1n;h6$4Ex@*3aYt{gSgLq;X1R^_x@39QCrMU%WNsPU8s|gi$@8f-Q$`f zjJGs~IQ%3Xs;uLWM!PYdck=m8eM>J8z^8VF3GLLfafOP%4+QJ-4WS(J83M{`@=Qxv!d|BMu5s!ZWn)%u#Yqeh;&rP@Z z@PK|&Oi(p;mjxztQd%0Qr#l@IAGCpi8A5*^vTq_WBvC?+L&IgV+G7}OuMe13gSoO06=jPA7%y$tHXC5BJL1|7%c z^~DPW8QsUi-Lx@s4?C8&siUwNb0@fNb0c%i;t10>-Ia`OIn(5QsBQ{q;NV3A6z3tV zr|IQ1mlp^2T7QDY$1Kv7g=Vjno`KDLN?Hm+P1U`g}T-x5tD${1)$wZK1jpT4Sz#KTcCwe0Ko>~mN{ql4_ zK`xqcE`_NF)iP_kJxF40BugMcdWVh%-Ifm6Uc};phs-aO z!T|M#CRZFi01~&T&u_iq{9g9fA7G_X8Xh4*Jaxsly|OcRvZ^RlE5fndrOn?)r!-k6 zWZ3k8VYbe8<6CWUV?=lfqwbG@-#Otfd&^%8n{aV)@0?IDeRsH5%SfWEXCSE{7gLO z^STEoCnrZ-6k@J;8#1r=m&NWlHQ)T2k#OA@kSM&F7pi8QySb)kieHI+_N(9L;<|1r zP$JT3rUr3DOi3A1-h8sMM{TX~BuFjMuMCshDk6X{rCuPis^0or>%PdvNxolR{jm*^ zx&6Ar=z>zm!)`%7p(IFASlSLD+6gg=uN!MpFn#kNoW@6#2FK}6Pe}(;h>M0zcum!R zpRhF5e|#_BDLJe;#8s_e?qR3N*Aq}acg|B%M{c$w(tc%ZfivWbJKv;M18UV*60^q3V$)@tkrHc66rNcoY5;tGkFt@G&wPuDkN~Y0 zumz>{YBFo9D*So*T&%A#;|J%t6s}KNVt~G=f{f1|IdkZ}**_3RjP;8>Yqu*CEUXh! zhA)vVk;K@G5kI_J+TK&@B@m<*0}Q66&ql<2 zm0yX!*yUB;X`lZ5sCG66@!Ldov`Ce*rSKq_6CHEz$;SV5Df@nTFmHV#r$-W**w|1tL%VSIAqjl7^}H1hqOc(S)zC{{>h zxZC6Qd%O-0cz0%{kd(kfsb77hQR?gWBcffA8F72p>*+3kkaG7owU@L3ly@wio0|vC z^)q)j_Lj{r7HnT^CCuVD!gL^6+3QPBy*w^jOJh+_>8KX)%W)m)|9ArvYSAvZ&%#Rv z#|bj-87VEI;i92&8XT>8{^3Oyg%z`B9294ed$))x2(qiXVHxWCCF*5rqXlkkrfA$d zx!sUO1io**@_+{PGNgk8+n1X7+0u^L6-ta+h z`_ojI_|8Mt7m!E6%BC+N!K*|1Dy!mgUp!;6*GR@}cyc;R+;hc#maK4iIRl%^VcH8-W|wqxu6IibZEhE!^5o2st~ zQa`84nHYHr%kcGV8o$CIA~rV!O#n<4YzkHS?-mwJ^wW)@Byceekid6%FAOuTu(H8& zwskQ*%eBI95y^Q(KIt#4_-;X=HKsaF%mU-B<9Y7nZ$8f)efi6a{TlDnHyo+L`MART zfuooHhh?jJpWSZb`SXoqGBNlL&B+XoIDD;-b4tC3&B)qBJ%S7;9}zPP6hB%R8MU4l zY4{XC=y~Zoed)hGpja3sVk@cq+51fB5}e^s`o0sHEuM|O!&Apz;HeE~F5FMioZE#K zK0ATb-olYEc-Xu8su|~la*dshaXYv4>kubHCF9@4-@VTx6;zJi$NU-Dtu1?wMSM}u z1skmM+UBjXSkT2)ci8a?WxR=to)Et#TA6rvFmjP`*rCQv-+6X6PiFN>eV zx2_*YmqF+RhEJ-tGM;(5O=O;ua|BMGg2^+{7Px5=t!TdZ}ebK+NtDAkiO!|o;cm)W3F&kWMrwb7jM>;fM3yWyUvYkgqOt(}cSJbdJpUeLop z)p&26)8tE8fqe{QPOVnFIuH-Eetl^uv5&v>({|W$^N0`D;=gTG!=&QL}qq+Kk$ z`IEoD0etuSAF^K}kxL1IVVwONh4SzobqrC(WzD>wwp5FgBrCl4Qls!5BZ`9y4P`s} zfu*2!H|_gQiz?h_c_OOT5bm%xk}2kNURT0Vn$DNaYN-}fXUd|QlQ*pa7r1VCn3Rs+ z6-5@HQ971Th)*TiQ?gsHEWdc%#OMcI)3n|Bx^OU)?n=~j^37E%erL3VKXBTeMh%X$ zHe|~(FG>-8;pKQT9SvP~KO2y6{aQD5vxoDfX#WJl#DK_5*Of{Bi96IkUbk6+dp{+S z)1>hSKQuO?#dgQc(%)g%YRye|hKIzjr=`$tVEMc2MY<6GqZC^vzLP<+@uDMFmBT+Wwc}zX1+FDYod{Z6fGLK4Tii>Y-NlV5MY{yVFC3e?sKd@Z&(%L6SSXx+weUx zsF8k!A$$1s|{ZKnV*ppbK+?P_4res!8*-fYW9W| zmR?^3G{Vz{OyE9tyy}I4_A1s7{Ps9LQ}PnGQ=HOEL9I;Fy>@yZ;)MMizHD?7@-LNZ zw_SUw$`e-06CQR4BfqPOy*>5XAv|h^Wz{exPC)1I`GrbPm}C3T8lR9oV6_d2I|O=n zWJ{PJ+vd8bb%)d(b}IZoGaxGROWWi+T!EJF)!$HB0ygk*rjZ>Z-3tbEq7`1Nt{G(v zV2?!ZUSzhvA6U&XFIutDXN7 z#4AI0Z{$nStC=h{z|*={FSSFVPfTLIL%SwEJGtf6O&Qwb$J|Oigp8&;A#GBHJMI!u zeXpgxd(~|H{+&RZv-_cqK2EQ?X~zM3So+kHDpv_E{DW$pn#PfO<#D^h>WdA5xo0=E z0)ye`3R5F|z&ahfwO}~WT~HddQaiPtu2tk1b6_Rs|1+3$ZI3NhW3ym!?e=S#r9o*I z7Xp(FVZymUj-E%z|H%aqhIqvVBrOCw%-vBO5{rrRd{?gwH&&cFIrlu?Ra~M^JSS6x zYmKOR`Emj?{bWroJ~}uF7;NLIl-9dg`|?mmX(|@i&3UDBV%r3SJ&=}I z2QCdL+x5qWo}D)cnvdnYm-rQ+=4XtigZw%CjzBx z??aeWWMN2*h|SI|RQQ0y5?c?WC^9#Z~Y!vwx_RoY5pf-tMVTTmFz5d1V zdnuImv+fWyqq8Mk0f8z{X^c&23{7>EAS`auhh?xhG${gKi464saXOTz^gnO?*FWr@ z0si4#I5FcpU1(svmNAoT4hPD&GRZuGK1STQj_>v-O2{Em)dQ9|wHZN!0&4a+~6WPl;x*7dN{U(#@so&^Z#J@)i(R}M1 zm;XpIAUG7t&}2Jk!HR`*ZP4Km?cIf{DOqSm@e1v$?yNIYs!v7#XIQ?71@U0zHV;pu zhtuYKEko#XHCx0N8oQ^9#ykb99Nzbd*Y1lHqPqmUS{%vJ(Wv0e@C7QEM5)}A-R&KyIQJ#KSI`Zx! zn5!|nng0=ZxNI@UwFzB_07WNA8sw+Upztdded(3J^U--`Jzg`x*>-Wl$+SAx^X2h#PwC<)&Sk_=&|dGWRvSK- z&*QzHl*0FWrWw1PIgF#yM@PMzWU*S(2myXtdl0W5^JW)e)|VtZF4V zU~eakkMB#Q4T=BB6ir&24^fblqotv_1*!)k)`rqYK}B}|tD~upMvc|o(=7O@KM7uG z696L)J&n~l9@6}-!uf<9pj(%|2guK|-(JonK$ZrM``WUr{MTef^>QEZmtEeXR8T`i z2|2^|T26-Ev~SOc>EKx9E)B|^y3I%%iTd4LSG#@%Ag!LO9;FX+-7^jJ3LMYiI1;B^ zZmXP_1JJqm60sk;+!`e=U~zXgw;G(GMuIS}}oLUW0D*)rY0u<5mldre6;SH&Ea5^#4iy`E>qm5K?E zT5?2Sy?F=i&x?`&i3*jfK6n5#WX<5D24!TEY&;I8{3Gie4Vrk*!I`OahHb@KusG(R zQ5+^NZqLb5P#mZ%$Ha_4@>H$$d2?ib5`KtA_>IcERO~j`Ov`S+pYaes^@>Y&&B&@P zZVqT$(smnlJxsEzCg$xtpy$sO zAWH5<9W1iT`C6#UH_x|*-+Q$-P#*rsb35*h`Ms5^Y;`*GH8#Do@AoOreTw2YtnJ$1 zMRpT%HJT@6uETB${A>^&%#le)_-wgINYd&>lz0>q>+`POgTkL3JJisF((Q)8Z5H`j z`%o$OrLHrrUR4MBhe1*Ir~)X;2P9rQ5nKHj{X?QsX4rmtU+co7+pqaXQu4)zEh;+v zBP0$?#RD90l1yM!B_Jb<1Wmk(4B$R1pUk>M6LE1_(di`7OCW|wAz&7=(V75#G#&kJ z)jG$Hxps?)1FEJ6U-xguIooY|DAIl*tO&hc4Ud6bTpNt{|BR$}`7wc|l~VvYdEZ8W z(|cbk&*^H&ZF7-REIeh_laB-zwNIQ>k~=is^UY}*L%U=OV~WF6T6P-OqA!swvs5&a zK_o7K$G?9Cg(j)H^w{^niYhG61S8|?kK#y0Ec20C}xzHkA{{VzWor!HWu+Ql9 zEVuF0;R{j_dc8Go>p>Zo%HAEs-GvxDU9Ws#VPr?8OpddwI zid2-WDV-a6;iCaRjkNtYk_182?pFe2;-he(|8;A;{*L|{t&w9GoG;wtCArug_2-q* za?UNWwaQEUuok~@VdUk`qrn1Y*+$Y1^FLiTUhB4-qcV@$uP$EMyZ-E|SG|HMU9%oRvSM&F=m&2!^*%^TYM{4v zLZLoQs;QB549e!?>(pjF$o{oSHFcdJtfk6p4EL#B{;&CdAa5bsT0Px+hePvz$Qrwh zO&t<4_BlEJ*TYBk+`pcTHw#pBbu{k!1m|ystEj;fqB^i)8Jg1PVyT+2CKHT#bznOO zt|`VoLD_aKPe6*wLx!&-(vuRH#wmN<-KP_02Oqz+iEZkXguY@oq~mo*w&`4~MZ+>6 z8_Exd$=ZC(qTj>iD~+-Mu(~01-X)h>B0=HVXj1E6~ovE8W7Dz zqR8r4@INKNpPFYNALb>NdI`*^D!|WSw&tD`8rtv0e5|`Y#1=uo-m+Xi&eAW~`6Epx zdis0C`*eS7Ewjf<>=4uBkpO)^7c4h#wDJp%&1g`*Pvw5|O1K&Fp8e2N+w@~ZTdK~G zB1TI(%Bnd__z%fj@Jy~l5#t@v%69v8R1~G~vacQl#Jr?hs~=hb6YJeuNr82Bs@`Mg zsh@*Yc@6b8u0WY~Xh$d5i)N;gSham;^4k$zOVVna1usd{9|CSZ%I|uaprvBnYdPYL!UuY>2ReKukDIZWfASL@iSZ8x`z^5W^0g?V~Uw>ye$ zehr?RN{m7~j%7wquN-)>*Hpr}@iFK^4(cm~E<=^zl=1~QVv;nqKYO1sj8$PNM}%}w z-^Q;A^T0*}NlQg46BWc27|)2&2tRS4d@VO~Iq3C^1J%#j#AZ)P`r`45ZlbPw#G70( zg`cYi+UmJQ;MBIh%E5g-x^tFzQfub?U=xlbAae;7px^29DE*eaK^=Bglnbra;4&#C zHDp#S5gXgSJNq0H9cnrFpz{vAsm zL9jfw1Wj#QV`K~>jl7dNp10HfGu41#m}sSuQhHD6?B-Y6JY=MnsxMh6v$(sim?E?$1@>tt<;i>sCuLYW z(Q9se1V_x8+eZ9X`n{nMji=NZc$`Uiyg$hvU{13j)aR*R{Ji||ysW!g^^%u}wNC!W zuO7&uA9G(f&syG7S-IOXo4vZOUC!t)5pT?%wh|<=65TTF5fmj#tvfGlEOgty)pB6q z`#FO!Hbv>)`)N}OvM`BC#EZF8IOb==FJfkvkFhP{jH4Eu6)|Enjm z-P@ZYB{;f2bc>-uzSBV9ndLo)F51k55t;1@E8pHj%E;e}_c!(ic`zVIFTR$!$adgj z95yiuNPZ{aK%ul)x-VJK>E7N&x#%74J>|MYE38xIF3&F>xsrU#U$Za$;8{s%aeSa= zKoZHcgWr7_Tb1r)IC5V=b8vO4tTXoFG0{*KZs#FCEig^)pPeb(j=4W__NS0=BjJGO z^_*)-3|<#!P&Xugjc66D-Ds000b?y@B(eFi$nRE6iuakLnB0cN;sW3HifP~mgk;a5 zPU7qo^N(8c4a+3mGcL<3(

    Ca5F$kg?&u`bYMrO4@tVd8s38KN3l9cMxc zR908fVi^Ka@S~-cln#TYQpmooU4n#48z^Y(F-t~JIyhwNz+g`?zS`pZmI=@whEhr? zQ}PWhhg~T@E#1(76$d_-j9;r}F&nzK>$1*|>!^vr<0~c%YlgS-5Doa4wjBCyJ;BGG zOysfq_U<@7v)a^~<*64YKKC?Q?mfk~4P6w>m3@BzeJ{@h&E_T8lM*m*sK6x#=3Mfk zlnJB*5J2G4p2Do??Hy!G@UX4diYFG^;YdNTRZpFTK5sj}jIV(2Xj?xMIa5_({I%qx zwFuTiLA-pF^Nyu(!B6|TYm8aWFbZChSmQIz7>{U?$=5cLHtt~6#@QR>)r%LLej5I< zahoyIV#y4dVfbeLr;mg8pu%?__l|!zU4RSmr2RSG*itpQefz{-1- zdcbqI5*p0r8c1n}V;e|f)8CfhV@@tcHT;Q#JgoNg1>JSTC^9LUgvt>M&9P6-kNdb{ zP4d4gp5JD46FW6iFa%Mn2+2LLy(^05o%)YO-OL86gJRAWf|wvOyCxl^^~6^^kFQEyd)~ZJNd}Ia|vTVnXmMB#rm{9 z5&CH>{LE!?8I>8X)Evu88QQ3sOU|BV+3`}_&`XBY0mUX{#CmeU#diC=o6KhnpJvZ+ zA#&Sg{pBa!FmzlNoiANpi*>)nH)ZO_@lE)_)Z&vc6J>#n9tkh$LFa zPPNCb+eWqAliZ4T3rScL9Kn5iJIk8^v@36ckF4pA>Q;c`~JYgUW=CER{ z7Sm&BPDaB8Blt(W04JV}W-FaCVhT#|Eia6F*Ey+Za`^Y(S02w?LU1jE*!=iua+b~@ z({k74EjCX=>*`_UX2>2{G_ImI2ND;VX27dN4vHh53pQ@Hh`yP#4@kalZXoZn9Z`^c zVj9^!^+5L?7cx5pml9GSZ+Qd!Px@c{51tYf$*2fVnblwds8s|8REhfx#)5(m`g2Jun&!fqM)k zJP{L6aTXV|v5Qzpt9FK*qfp>EMtqcVG z2^&M8McIl$0{|@`>~Ok!s8YRT*fGvw!nKol^9JPO`{y1!4wi zqG)kt!~b{N3Xt-g0;4{bPGg*dUtyV}rWmQ*T0VMheQ71t@Pjh>H6b|Lv zJ<$wNHVBO0={g=49btMvZ!i*MlKwR`bVV0n0cQlVHs^3rPP8#8X-+AIvn#MYd1hom z)%O^BKu+3kaTq?cDg{{I!a2-G@$NVPf?KIJf6U+L(^=9{h9Ey4uCX(@04W{G#W+av zw8(F6uB>a8;WEoV@(SS~=664!OQLYt8htB$3m_J*3oxT+furlPHi95SFg)L1CKpEN!5F>(vBvwJWNL!0SNT;yN9s&;6GsE#meuD$GJRoHw9eUW) zF#b89-sV@@>(W8NE2$9tp?hBEOGssgvG(Cr-0ob8iXREdm zZ(x<<`Z5eUHKnh(7mz1Ba*{+ zJ8?P5vX5`Ab8Nakj$*z!#F+3{OExM}uP|^t1WIx%aUAA`O+HwY+mqQC_+9=0IGqC^ z!d%I_^NqTfhBrw(hvC;$F=x{D=bO!u+$c_Z2+NQ}I-N9Ui|2PPrJ@I9lD0cdKud_-a`IKqzU@p0 zfzEdH)O*!8v1~f55LyRGWR>c*p-95W01~IK!AZfRRcjyVgT*Ta2^&o~gBC!@&X6Rf zHDGg|eD06u23R0%0k*@9l(y7vYXdwSNkzmKu2Y@#fD1i5IrKa`{}}NhPURreMxK1n&hB-MCi0y zgp`oOu$bSy^G>e&_=4>gMke*BKEM0+Q$mhqkD9%T+{1o4@?K)LMvArRU!8ikGC5eK zwi}9s*FRrfm@i4xR|Ej3-f?)ay_n_4Hgh3n0_udR?CserQyfRZOT~04%r0HPvO4LGrTv`7A)QI~OEUQvfVx@>-ZI zlvw6T*18ueSp;BE=P@EP$Mm%TSCq@? zdt0vW_wJfOCCT19Y5Ky#)bX??195vA;yk>aWS70gf|&M}S*Y6@v{=b!emiK!L@;Zk z@%B)uMFGN)3VGXrZE zBlw8f$FJtrCueigO=WyCH9J*KhFC`3d*-|^dOIqiY2p35x3HV@CF~sj^y3mcvfMP^ zvZ!#8o?RZ;OLXcU;<{P-Wcm(zYx*O4U%)%-Gj&(;f#ij#8m8S0fSHq?1$3ZfKPI5S zs|E|{9&m|Lt&80|BTz(6qt>sx|5f?b8W%4+<@&AM}j2RW(72f*$eN|DWf`W=FRYRZ)gu*w-EZ)jr+ zF9NQj?M$Q32lm5kkC62{+(aBl!kI`|ZTN{JV1d)%+REZ;>mx}Lg%91;C1WZS%exw65B zie~kW0IOP*@%^k;%DQKs8|RVMhP|aV52BUqaB$AEx9sep{jRJ~kv5Cmj7MV9c%x5} z$AUQf)gS3Yu_le|%NB=~VOLb?KbwEFv<%3f($ZCK&3iPR_DPKmnv;9H$1=6eKeq6I zzt2;6Cz#0bZa4MN*z0N}V^AoHNtSm=%hfO>cG#}#x!QB5FK>unPO1q}5Jd;c39{C` zpM3j;d&5vcad`KKwk?7%r*02hpfUHDgjaL5{)LiBO_@LwZ?CUjo0hW4`=rR>Du=d8tSe7=o9-PF8ZK zP`lE`zI8cnFUvY>NnkeWd^E@dJk`UcGFA2VkHDpxbz4>Tvz&xzz(qfjo|gVboDrzV z+3#xBYV?2Mg5ko(z+Kg3{j8oxJ!g@UWDGzo&mout9lwX=ETG2fKd=#xpCwqgwYIoA zmX)}r{TljqdA#K42sUJR;mb_M2gd~ZnRT-_YIg%MVJz!t0MOAVQSHzs!5-sU zKI^7OdpufGs<>8;iD5*xkZdwWC~@z-QKaaNvH{*+HDgC0{FGCFWnyvt5};oZkK1Ke z0nu$y5+v3pHC6aUzn--=>joh8S+_GS>yNm6gZKF6+n)0&&d3r z!(|k&RxV7Ek@&9*2(1Ey)DKt~1+1EWtI7Lo{&|;BX-OxrTP6<)zojKQmxgzw)g+A_1@uZy#e328WlSt_DT>m?>|zUZ zE}2=%_5xB4t?J*iIG{)Noq`0OfK?^47~*NaFpI&mN2pOO+o|2L?~kLU&nB)t+w8#e zrauN`sw^EH4yR9i99Ee2qgP*CPn9H`uz0~f4XM70B0OkmcsKQ>v}M)hg#c%hjEdjq z^z9!V@qe}S9Uexm)>@?I9)zN3+|V_O7sU*7vICfEIL&gWS;=$ml(KmAFsH`$>M z1#=P0<}$!iWz?7!h0fFJV-ny=1d->{G(&&}J18Hu6%DQqgr$cGHm;h&5RDzhwg90& zhBCuJ0s}g2mmfhKvKBW001zsKh&XvjQBdF$SW@~oCp2vFYtY9n1G))xhfijQVJsvA zlE&V9$q&pkXnGLuG1gyPG++B+Ipt9Va~qh2Ucac`MDK%{oTOQg8Y17s`KOYvaPEo~Xtodm|A#8K!;tEzBoXZiPb8T&k6M>*!Z zd7?ElSK0Op9LKcs<4P80+$25E%ggzG5^Ypw$FC zB*2&9b!;kJwlh3!4;BVy2hnI#nSI)~@%bJ@IQS}ULi|*IxU<|Mrw?6%xU#-TzK^*6 z4%gx!3N#pz&L#`QbVf*SC&ST()SIzh>L~cXeZ`>h5ZHosCiH(xSsBqp_fexE&cc);M%!q1xyVm^tTl$0`Yt{P^)c-`DCZ#2BAI@!`wYFUpS?C{^M zEN{94ySc1TAr)T8^Ses>(BgdQQ4cIVG-wt%CPWD4c0E{s(|jK(^z6L9WktZvqJlrb z{LqZUXHxcNMB)esuCZ4;Z4+w~C{x84*R>j}4jw~5S?k;X9zy^^`$QszP%-xkz+CSi zlH&XouqI#IyDcC8@ag4rvpbH_iL&!4da$W_rse6=PU$fCu-L~80K3fwnmD|sFI~?9 zWTq2n!((4f4YHbLg=u@!rxFYQ?u(pCN9P5v95@IA zQ71RIgqT&8&mS~LuGkdqGprI&y^e^b{5>NcZ(~RxR9MDD%!&3KcZK7En9ywXFy1Nl zqL3wSJt(p_-gh=XiH2H;o^IBDNnt$qyw^Aj0;095(f>2-CT;ej91 zD0cL2Y}211fBkUM;fI}izePj0_GmKN6|Rile)8OMP~YG=uHoT48UP#^>$@3wFAH8T zm>bj}q<}vc#V$0u-4K+s=~h#;T@MW~Y!8@@{P)r}_<^t-btpZD)a5wxLIrPqOg$$kk5|`5FZOBl4Yw6e9rAGpkHpsoz5M34gvjC0Uwk`ZAMk;8`|pt)WSaNHJ7nkSM2eK_UYRa~NGW$VNELafq1g^U74+^P#5pyU2~UE|+|pIfQu+r)un+ z6^OT_t0kT|4K~Xq-L#z*zch34XQRDuLcAQ(=1SF-xFi|reRvqyr<<}VCf8?%?<2Jp z`;oRZMf&B0W1$9rKp&%&qcF%B&FLLKz|>1MFX7PEDtrYj_U#TMI9NY9gVV#2bVyA% z$2bV|Y4f9FaXYpE@HiOoWE z<8)}|qLlF_hGP=+W||+WUL>f&{+--U)R%zVLt&iJrET#YT?G#H!~7yFHikrCyfb@S z)KC5$Kdn7peYN;GZ=?BC?b{oZ=y+j#nRcJqu$dVY6|!1ZQ|sTA;$b z$jtWc)uno`4SmQmhL8lb&wspuBSc-`5E`5S;*C!LgYeZdBcnXO?}nd_{@y-2Iy>TD zHUe&VA^6kHosiMUuRcxt2|vyLM$(4IzP(P1D!IW-R~mP(5E8hGA!FK14}f^{WTRPS zX718r$R0bV2$TD2%l$()L!arC{cF86DTw|j&D+JjwYRR**=R#sf{#*b2e?c{!aWqi z<3Sn%Fa>0JTUp#$`wN?fd+T8ov_q%{kBPu#W<>(O_{;_CZM!s>ls1W|5oelYc@azv zja2QNyQLAfFCiVhM*ZV?jJJJOwYeBBgRKg4th5mokfKB}*vseFk)axW;XM~`BT$jdecPGzA!~B0%OE3S7myVs|qZg}F-yNGtD$gng-6^pfdO^=Y zYoEe5R(LhAUif0sK(L;`+oo5HPflO^-zNGX|E+L*VgTHbZz?RZ@T$*m1}$U8`iUIe z2*t)|r;`#}`3H@BU$!kmHjjQv%09l2!lW`kF7`0-KwS#_Mb7*87!P@CC4t~0zgxzq zx_;`bIC7`Kc5H!5&oCxDp77G)jd3-fY!!u@Q26XcKu9l{xNydKXq24S{1R2; zlEe7XWd8FI&hX3gvZcztVViVD;vt46st1BKGOz1IZTK26|g>_`@dQMv_JHxK4RoFhF0Cx zKGPDaK=_A^_kiMal`8NksslLOfcGFB#Jtw?D0~id!LF0=_kMjE% zV%M|#Oww_w>wLe&x!SrCT7{`XZDAAYdvSa|+FC(ef__@6PZefOuhIT!cU$!`R8C89 z2yO73B9HJ7Pd7jKtr;G$?ArYF66cSAH&;}CyK+81SjzZQw)*mfbf|Qu?)pm76O2>y z`VR8;3)fXygji>At66lb?^Q6Edy+&xEJ)7bUA_n5BUE4EgjWUeSe=lF{o8MLANA;^ zXQ=~du-C`OKY%O!h~V0c+!be7S8r@J^%<&h1_7kZHTAxav0_}0B?et*ALnF{-&TGA z?y=_r=+1K_pW18<%F3}n%X=UB;ICz;0It-gUi@IK^Y`b)rHr%4=y4TNo9+Iu`E^r; zS-(WP&~(Paqi3meWgKZA*SVo1;i<>)HZeAD*ZUa)mNNoNE%#sk`+GC!?kTXM3bOu@ zjO{AfVt!klW!@4H6k>I7gIY{n5M20n@6{r6tBY^cgO@h12Tn{B=UAz{{m1F(ogU^$ z9Y1@&J-6@jXXT6EVPt-DjgRr|wM{3Qzot?nUF$8!XUkd@nLC2ZKOWSj5_Goy^;_d} z1S5v6i|fIYslGmimy#|_+->6mrE%OC_2;TK|3XX9IVF{Fy?uUW+%B5vKo4yJ8TS ztB@OjiZdy3r*k*4*D5XAm&4MB;UM(0sN3Hpi(ftYmM=(SR%LwlSt|^C*G*}Lw4i?lL6Up9o%N6UCKhB-A)9&23&|rcr0%nAW!G9hp}$^p_3pKM6Vvo< z-vF@oaCPI|VvkbY;x_thX$jC0oI4Q=08Jr@gnJVhe$G$C1Mu_Ji$5jaowOOlgd0N`e|<4;e){EGfV$=St%G+ii(R9|5r6U$auS3@(Z%dq z8mu$NG;|=;?`uJiymyrpI*x}3%Yd!E*)6JplkS{JlVXhKJ73M+q4&#q$h5E#d7Aa| z&9~=Z?vbCOPY6Cq`AH@`pOONT=Cnw}2mJQsH-to3y^^0YAIv?{$h@m#1ETqOA&{9@ z3Xmn$kz%{DMZM*<(Lz%)-d9Cdc6RDarDzGUCn)dGuD3&(&Q?>`I)3UAB!ryYN8d^B zyHnn9O?qNRl64;yv2M6$IqIs%8;8`jx4CRp^-IW%l}@rCUb-JBe|m6uH%UcTUGa)w znlA0ur7O}(fl02q59EkVtUA{jFr6U8^#{tb^>X`7dJN0YK=3N>)W(N+Wkf-jzQMJT z*RKJy3BXGx!2icw z)%|NYq7?YiwSbjIk)XJKgdlaaCaAy&YekStf|P{NO&T5i&`vF4eX4JeAKIaw#J6Tb z^x{~K==gKqBnZZc8LK+2M-#w>R&pN_n|e%O28z@AG)jI2MXl1;e~eVa`$XdMeR>yG zG?Xq~uU`5*LVA>3&$?%?d7`O(mn}x~*PRZ;zsX6sNTdBWcatrQ57&6E(eNY2`*g-# z6y23ovToc1n6bdWa-4Y#04y3fw05rK8~KducKY|^R{-FE(ivVi`Oj?@P5c5l(a!zF zvKpYSUz%Ki1Si%{_vb}=dPqxSyVeX+PrF*EC~gCyV-JF`I?JF(gkMoAHvrmFe|ii+ z-rWX%yc2Us{>U3^^jdsNg9WQABJW}@+c;HsI&0xufeyh&>S!?GTm*XUD@OE%JUkMG z`~-BSJ(!?jI1y4-2-iT1yrMQ(0~Pcu9%lI3hAd`FDrn;fclUf%(*`aay{K+}Uaan@ zX?34qP<6>w@g0yXD6|A`U%co{lP44+Fxi692GZN>PfLSK7c`%m+Oz-yK7AMI6gDsU zdt>^0r_&*qPu>A|kmR&Z>_w)h^7LURPm#zs+KHO4)AE{P%Banf0Jw3+U=Wh6Za~pz zp!xP~=zidYhG;uDK95fr+HocJu)1Y^rOJ502@Z#yJ%VMuKG||aX`p)U#p^_!^)0R6 zqPn7d?W>$yy|lx*Hc?-mgLfJ~cZ&jUhdd0+%*I8;s!p!LEgd`eon8rZ3nfb$MD^_y zH-(b(!N$4E(Y9)7$s6pv-9!HLSsnBh27-N}EF-WS#*&D3bB3X1Ak%L4sItj8SkhpV z%d0gGo^VW-l;*7YppEzVis;ifz>?OQ|DRPXL4)UZV;S8V=bYR#fbujc&mC2ZG*4>O@l(>j*kA2nItLR+_PWk2Me4IF-GHf% zX{phzmoxQpxf-&a0C6QLm-pQxVGc7i%*YI!JXE_kabx{iKjKgrW`%rVXliOv+IPw3 z3}aI>=Lk15qd|de5ICBX*!QNpk-gw;p=p{%yfoOaqY=}O={DHbmxd(q`OW_X0PZfk zo**1mFD(ajrChC-i8|Bt4YGHNssz>#O=)Znh*sF&p>ond(|Yvs8!80L3iLv$<9)L} z$2RT#E-z}{IIg+p+((qn)vEd}MM_@CKE81^XsP1$tNBs!zhMf#bJ`R4YoC2qJ4p-R zcV*fh+DS+Y9tTk|zHa1&-~}`X_)I&J!W2K!9L{ieeT)4PiyG(2~BnK6Pj+^`ObVG=!tkfgJ_CYHMgp0A6S*!lg^YKwIfH zEuW4cBJ)2TC}9FSQ4{)cl0uyC93JRrH)JEx>d+%@JnF3ZKIj(4VzBv-AsUTx&Ea#_ z2zQ;)J)FO87*Ee`oA4kB)URadiXp`{*CgGIROF0q&>WH(=A3$NYL7W?aEzYy?*(%& zPqypHBv$y^i5wP7>#eGDut3caxS7=J?GsWp`gGMHD=Tq-8LKLIS7{#$({o%IBorrU zfqO4!>cmkhxfs{@XWC{drBrRS#XB?Q>D)o~W8pAMxjO?saX4V}NDiy`o@Eo`gV1g- z=O4UYp+jwbNc!-`=g?oHMq_VEYfh7&(-pj}<3$I` zhDj5-Ih|frk^NEMz;7bp#mitoJc1JN4$Oh$e9wh1idk_hrogx9ACnaX$|terOxs6m z$muOwpd2JQb`|hHun;a2SO``K>ao5IReC-{R6l<}u?P{nqC|~Q`Se5~$W6o9E-^sI zfG%R^NZ~J074IpjBIf@ zddq5+`mY#@j-I`YE2vg~yM4O@EBsebXCEk_4xo;Lq?=weNEW~)g5b2`806OTq*!>$ zo9Rf`s__f9gD{SW_7qCrC=HbLra>RTY>GxL_07<+t^(#rX`*<{lg`VhwZ4)UoW|(~HK?u^6wOS@!kd0C1OK>uR|9TxBl}GLbxcXbGd!-P( zN3T3dbPQLZrU!q$pHtvE9+_dxBa}xNQGKFC*#pt%GV74M=B)bK5u*TYxJcTSJj;ilJ^qr0=vt#jb9p|jgp%= zqiMa0E&Mp*f7}b~5bmSB4RttkJcElN8`^GJT``OC8#rXBf~N_}(npK{Ul1EU;?gyQ zO5;#Ew_Gq0M-z{4Q8xzZP%JcZAOSn z?mmWCR^@$u{$7s7$2|tjB%tz@RedlkiiQT!dh?b2pc!SQl}hYR-z9|FBq+2%{b~}I zm5goe`^+6l?6)wnBFL@Y39?fseU*pd?)%KTTQ+2ox$5{;4mUHHWG~+wr&p^dJraev zF5D;Y38n;8l~(uusqurLsRWDQz^7Gjf9F5gl`8WhgX<~)gOuNeX#V?cT2^nw){e4z z8-X~Q82f|JP8j1E6l-+e^?@2ETcq<-_KSjSk3}7yX1ps+C%h?hcgti%eTnlXfQ?;xG1C0 z$}=4F2r$aTy=8*jaP3jz7_4%X(Lg6q&&ELefHS92gLoie*jgCh{;l2VzK>R(&iVkS z?Xb^{m?=O=j(w$=_Nf5}Y@W9z5P*|p9^;%4Pi5^?Ksm3!>~`gd!)4|=L%;e0+nW2M zf8+yn^?T}7=5h5xns+B;SK+mQUWzv|3(VCkwa-X&Q(Tu0if@`KnzEcu%_ou)#{7~5 zUWg{nbMsR3=gH*2!m&0m;V=QO)+)Md4i?>63n>gvxq#oD(J=7FbKv$4{Q1RyV8w(D zxONwKCM zQaiH4X1kqMu+g6l`J(aqY)d92S#zz0>=?cEud@Mp1Wm7nqNFZLUIhzCU=fPbW`r;< zf6^)Kj{>p}+-TZRL;2~Gs5mon2JEJ)hJXkHC&HYsr2(_!Lzeqg@Z5wGTwJ3m`=bNt zl~0lHu@846s(9N~5Qf1u$4>*st=H|<-SjZ?TfVW{U~f)m18SLf6$r+T=Q`Qpy`tg8 z{GZyjB*8wN{QdXU^{*bQNDQd<3Skr98q;0$FAV8D-cq23G2>LlEe1mAhq#wLcHh6v zNR+e0Dv=M|qj%v7`YCwzBo2T0x8T^Fcr_hhVKt=pd7S#V* z66rpdN|WLqg7iMJ7)rL(GI-_jM0FFsjkd5JyW5G8;wQ@;v zPly-galptj>!3v5*>N&3ka;oG`~3?QCP{^o{Z_B7{wpz zCL(R)#=5>m#WTKn?P&a1`tPKC<@vVpo==0#JfIQ zy!++9>)s}P&^LJf$$IrZ^juT8Jl1>joJFj)=cQ~qcQ;HCJYJ{wpTDi=le%#SVT6)A zZ5m;Lpy(x?pkZ~6n22>f_AdZbQqd%8a|N}D-zpz+R`OoD%sJkbrn7ne-T3ASLPDXA zKr$Nb^SZ=O60s2g>uN$ph0dS>&xENEz#1`}}F!&2G^VNF|%n+XwdEIdq+ zH4I|?vwWIVeipGH{ZpwcJ14VT&|SQ+&GlmgV1w5&Yx*%%kB8WE2!`)w8HLsV9lw>M zSc@nqcLmJEqs;*xoP+qTB66}eV#Kr%@W8%EH5~;K-S&w$t_B`}9_>23qI^ZH(B>>Zb#_GMxzZ9hTdE(m_COxn$9WCbm)38z6JS z401=*^{4!Az>gT(u76!yOLO*>dAYHL52*8di56`R89}6!^eg0kW-BKR9CUe=b+2P$CsY~^8tMbcH2TuYXwZc6MvkaaJ zE?vZQV{g$J@DKP2ti6FG?)~}RBD0v+TkX z_W)oRUP)eXiySpH1o`V7C~I1Fw1+M*qSh({Y1^c)$elT?7L!ON#&kdF6Lf)XPooLfRk{<$0 zZqD95I$SO?0(QszORk_(z#%$iTx4RH#A@QKbfjAqwjNy!_HP5w`RW#2{<$OXwvOnX z$mYd6K*mI!s47rtVwgMRx~f}QjBANYTUH5L+r@v@tSi_Fd&CeYPqT<$j`q<1+T9%M ztUt(H9Zjm6|75#t1J%=PAyyFM@a1qWRl4oLYw`gr7CCZpVekcErCHckD)*97EI7>y-GHixtZw~6Of3Uty*`zP|rbM4f}sagM9pnnFx`L zEm^f2)Rm-#bAEo?RX8II23_J0#(RijV}fNRuT}xtx=VV!y+xF5*tCwhzLxBL*b_&v zz?qWsDc&>dP=)&|?mC#MUuhctlp>B(^|5w3_gP3(t^=I&L zyP#Zu>-60&(Hs%wgDEesecgJWHJp5~Dy|vFXZzYS&nP8cRzJZa@Oo0^P-=`$9H)4y zBnxV5ZgS+#$b!>ys6D-tA(xq^rj$T%6_2=(xUTrK)(^qlqXN^PSs;Y1?K|S)5o_YI z97o;qU}g?=!o}LHZOU7KQI>ZCpiBPLuGLCgR@*i?`d+GJ=Q0hdtuZ(2FjklCAhvUz z(B#wL;|t?)By*g|`YIr3Zb_sm>dMkK3F}EU%|1?MyL4^Rv21g`IHGHo;?+hNMH7dW+LLjLa0oqg1F=SdfubAHg)TrT$Wed>+=Mw5h5{k@!*ps8Mz2 z^WOZl(O5C2A&B)-c5&6MH-j&;kv+DZ3G71%dd}&Zi=!-UWRvnAIjXuyd`{<8qov(6GotgzEy}j5OVM&B zrUxBvFG|AgF()>)uF0MGq{O(9c%<{l#c9Ae{?luPyj}w*#s`V?w`3IE5c1Ip>Gu1e zqVdcXAGw%)bBfF0N}n!dRjH`%=Mk{a^Ew=<#U{d?C2Z<_=s4l^ILJ>Lu#W6wEzb}= zP94Kt`=7k`P)<}Ct^BPnzlERVrcqJGQ3Bhm#M4m@{|mPZgIJ$9^v2528qn2hsSP{< zCQEja#D$ZUc`has@_fWDPtvs^5d3AHVCzuF3|-ceP2r6tUcUvUjvrvaWmd?h!mBbt zMa%pkj(WSJRc9aV=Ge9^zGLj_Ez+4jtZ%UNmUp{G4+TdwwveUCpxWncn-YoCsfz>hY+T7E{OEj4A>HJalJ9fRVXKAac)*2r$ zfJ%OIVMd$zSeLv*QnX^*b7`if25xcy#z^IxNZmBH)%Z*C@`@wB#KN$}R z^uZv3o#Ncmr6GDl<{|ng!fWfLzc$lcvbzwvb#F@f&`|7<=~{4G2*=m#JN|TC_#5Kq$n6xI+*6e_bxs4iTTGxlV;~M&N$9d_!fX6oAxjlLw=GqMimNW#@WZO zff6pafsx}FedZI_>uFm+euIB_r%mS_=G8^O^8XaVV32CX^2Y<7critCUANW6)CW$9 zZ15Z(tFrzaFLuXko=3Xu6icFxXVbYh8k}{Lv~_qwj0AK3bZcd4F9;nI>I_Zz%XxVC z7)YAHK6sxUz>Fx`=QI>wNRj8hozsxoafg>0C$G$iLJxX&lauv%Tm8QrQCNX*>T6-v zBSr=ZWNYoW`7Z@p-KqQrz72)VyiF4iKC6Z6EAI-X<>pKYiXdz=uUijcj(i{KKGP{+ z+TMyQ-Wr^!yXje7GQVl;rk2poHbsbvsnHdj?uXR%17wK`xiyNcLardkb`n2S({Nnm;J5dCs8)=OP5?&cFW*~^tUY`~ z3|tMw-Dtg3B)6DY#DH}SD?j@-^cu{vx*-Gixk$Wh-Qs3kisS*NfA z_(Kc{>g#6idLQXd#+7PUjDFPom`-i{QX+R!U6@to2;sO(pr7Wa|9rJYxm81m z-5y!9MB#1T3n@$Dlz9jDS^HHJwNo1pj&EW%i`R+sz}!_V)ry4Mg9Ye!m^j(P+qbz- z_mEU;gXlo_Oisy`5d>Vp@_I}z4| zxGD<@y0~9!KWvf&8LIFOlosfvesUA(j+Hf?EB(U82#e9o7}Zmr>fz~RR;RD54&RLp zbk2e>fr?2Yio)Ddk2Ce>8TO1`N+JPy+`Ug*zGVW_@frK&8G>cm`_C?qtOO=(r>g9( z5%*Yybf2{8h~UfOf>;|hzJ3+aKI}n-JVa__p1*RdH9Ul8LXl(PkSedP%%~c zF{ntZ8|Qvhsbg?M#EcUD0pI&nyR9`dR(l{PFY}T=gL98=VSm&r*h>qr_RZcs(ivgVc zT?L8B@kT>A8fvC{!Qew<7NgbZ%^63yLaU0Yv}L7hc^pkg5NFCoGXPy;czik^QJhG0 z&rvG{IqI}Gcew&7lc6FyIGv{0UZJj zD%upS_BAV(qVoPV*$+M6r5;LB=ZHgTdO2DYT0LuEhqOJ`u9Z2Qr4BG>@l7xX^xs{7 z3IuxS8CmYbI%}<|Uj@lzap+@H#VUb7&Rv~eYg@?!+h4_2z=p7igr{3(8d;8<+z#QV z3F0?aAOBx1fOP3`cHGp1AUVZXK=N!e-{XOkJ{V%a9e}hPF|`d-ZRKKjbAM|h*Jc=bYo-MSpdLs&Fnb}J<&+QH{S2GU2~>CYm!^8^>Cei32D z_(R=*F2}fS68o}N@Kua)h&nmC^IHrhAoFztU#ybFE{C+0ekmOn$iDiuCZZ-{e!Q=R z-bm$4Ywqh6mwAR9GT`aIU!`94X(nEik=sIu)x8zjoz=~`mV<|k+g3^5LlsZoLtS8T z_^p>bzO{-DI+_vNX?$1nTFy9$=HyOmFLi38gHQnq6NLWx1=)o*>p1Z=+lpYsi@x)Y zWWJpIWup@hu`S8_-ntV~Br}ocfZYT>=eQ?`omaWlp@xrxUH^U0=SxU6RCMr`Hz>Be z-{Sk&G6<4-i)SbK6HWJr(5!TQvZEaMg}@GU`}xM*Zr*w_dl0*vnVIdvTAQm7up*2Z zP1fw`7^uFcy!aF~tB|T7#Txh)3zlDl#{#Ph<-mjR%P6PBq^`sQCTNfVHn4R|=C+JZ zvNmQhJ}xHhJL|Hlb2fk`MAR|pg}3Y9FfjMD<2fVhm7J-8ja9W=w-2zN)pqx9dBSV;7W>T}KJn6=e)OCn z^6;<1@97;s_wREA3wez5U(r}XF_~;7T@;cLA`s#oavJb|+Cp(K#U9>A8ZAVE6}c@Xy;=4*2Kx-Un)hKZ zrighc-s6N z8pA6AfY4+U(p8X@gQ&JytF4>Yr{=ad#tI*##pCTR54>%cL*T@06HLP<|3-^wRC6h~ zrp-|FePH%$|2TE?*Q88oX6qGc}=eQUpQcdxk^zU2(i&nFC z49Q|ur7ojD6unN#r`p1&lS$M?ZsI0sAK(0}{3sZ{*mV(YF`)^)pju8Mr7u^AEO3PR zuI#jizv5lodh1+NM&CmDSj^li@KwFX*N^5AKQ73h2C(!s;2F&*MZuKx^qh%>@|Ph` zU;qwl2*lVsl~T+_3w`949CxAjkP{L571+`I-dn0a%i(};(T;&$ez`lh4y%e;Y9Qye z=Ya!yFmGg_4p5PCB>fQokci80gfnVbKG6dP_jD$YbRL96C`~{r1;km}V>)_5X;#&M z^-{(W#t>Cy4Hg(@7+3zOu*=zM8i#5m61hAmqVCS8Uu|=IcZHJEMX$2_#<&B0ZM@>e z(xS?aPX}=El$`r0r&wC?aL-_eXdta9ols8A0Aa08={Jwjc@iXd;<7GH8%sStgoqJZ z&nYew`KE~dC_l%us^DhX&eYN0VzI2SW4xTB%QAn``K+|?EnHti`f^3)r3KnaR3#1X z1HM5=c#d>1$6vlJ?=dBQl}Du|d2kF4`b~2JWlR{jy9(r%+lJP;E(Zf62wM@7RpX+C zp47ddjqbS@RXb=*X!iMiNXG$=zbon-F(EU+@juU3p0cI+?gFqx{Rb~bcEl^Mi1x5IY&!1H&0+#NC`EjutM-F zegF4EB^}JHDfq%avwWbhT94=6X1xCD6fc54&ee+ml#<531ylHU(m3Vgn68tzWg<_$ z9{zrOt3IT_bN?lFC^Ni>j~cIIi2uy%+cJ&xu5xmkay$uy%OI;7V~E)2%Fpd%%Xn`h zp^=0acjMK39!JI0a{q=&DNj`?jK#*Ry=nie^2TWeMXzx5zAgi=KW&{Dd-9AWtS1zO zC8jHQzJuvqrdoHp;cSbxJqdI-?-BGcChwS>s72JQ_tkH-7YRx`O<{i#y{3kProO{I zx0)+bJs%NHe!z~hL|@x-HU2EHt^b%tq^cF*fpz+;jS%O{lLuITt4#%EyHlh1oNUQ8 z+aAd)43SlgORWP~l6BZI?c<{dHIkR9oxr`)BoTqlNeL%CLkBK#>9r1k?6^+XBHr3a zkaowaNABacqG^?{H;Pj`MD=w`4jcsgVq&(@XtxP{mMwoKhRasc4t>l1E5mYf=nk$S zKG5fB>4{-csZt`eRQm5P`8=2cko2rC?qB^0=o|sbdh(ECU%44VDnA0YbbLC+hWHZl zvES76@P)5y9c4K)R}O6foV9LO&TS0^IPm2@{8BZzib@{C7Xb;%_aXc&B-7lQs|$GWQ~reKZA*a|datZGzvk z2|szMRrwwWqQ7j~aBUul*6LF~`;cmFJK>_*{wcW?f##$p=FY4nWFxu4MXGfTXPj*x zlbOL-jXtQ`L+tKhk^hypRCBrqG8_58rzsE`LIA%ZWB@h(-&}$JLU|wIuY+sVKE*|Kay+9d!TR~Q57<8@qwgxA{>{qQCl&gZG03e$hm-wn+M$N@Q&-n} zEZ^^+w@1~ko=2BLfM|}V4pu?`pYQ`X9-=?`I_O?j8j%%e^Tzv+t$JS*1f}gE`^`|7 zAB?1I1amXSKj}Pa7YTDc({*PS6=8gBl8f!2)9Vi|N^85L$**QVa>RCiOhc`36td)Z ztmJT4W#%yqY~UK5D%&0a%CVgymW0u{U-uCZiri8d=>TmQS?Db_F9{1%Fu0~%p^u9Z zCHOT1wC;HjEfh$k1rBsCZUF?4R<-81N+AUGB$w*L`j0Qr1SP1VUmosHzV`h%(Mu?S z6!|9Y-q80-GTWXwxfJQ;xC6u$|E**_tT@u$d2DQ<&OhZ&K!5W6r9 z;}N76?B^VhavWwsAQq;-0%kNjern3(K(0KWRoA6w#n&4=Cr7_~;8A zf-Xk*K6^-IlAi%6@DrNSx5~DumVw>mMQs|IgI^(xp+o&qT`Dpc z4Dwr-7FZH-6|y-Cvjr+(WHnw2lF}#$iKXnBMy4WfO{JP8+~VlxbHc{blZeSJj3UuQ172bH z%XQ=W9v_=8MR|g&&)XdVV$_ z3KDc*TAu)cs)w~TqtV6{Y;zQCI8+jd{>pruBg{y1#rejtZ?tf`Esn}dmIJb&Ns;H) zOVbLIPRnj~7gTzrkrx`y$9;=**r#%yL}?_#xOLlG?yR>=2X8L{C<0Lyf*%kZ)oE;a z9sP)-Ymuj66Y8};wO+$E7Zl)hBK{&~XZl3GWCBb}y;*eUK9D&O$V=VJ;KzcBeya5g z=AI@|2&GM~HvE5zygMivBLmr`tS?y?&KWZbIJA@jxEO0onxdPTdePch&dWJJ?4c5} zaW1SS#lxD{zS8I!#Ndh@(G;dI%VeRZ%YA#M_BCl5hNchu1O|;&Y4+I&zgdNKfz&cB z`ftn1Q2Qj7luC!q#U5u0?idjIsXozY@DkKZB8^V=gJkQSM{Yg&$0o;;&jqoL>>qB&CIJFS^m#&Kr9~y){2^T0^){`T1p4}WZUlQw zvjaldBC1r~*xZb+7CE17i%@%IX_r6F* zJHH4AUlQGk4Z9gv)HB-gHFo`0S35fcUwF(Wup$lq)r6|@e9Go5jy)Fo%QDBAK#&$B zTgeJ^_a9&CyFzpGjic_qv$&Y=G%%ri_pT*C0XG3aFw#HEwzP%-7XU>!#&+L-I5(%P zrz{6ykBQ?kg<&Wr19b9Sa+-kXTH{L1-}?;fC@e)7f@M00@E5QoHX32ZVTz3`XhWYS zwDs+rCw89nDbj|r>pE-TI)16@FF{S8BP#Jc?&!~! z9cd``r1-{EmT94HW(W|YQ1DmR&hyu55SYJH}8ce%O+kVp%YSYO`6X{<5Mj9aaStOb|z0(PyU2nTYkF{y7BL4kj=l4hmHG% zbwfX=8}^i@H|#w&ZjeN?R$;A|4GBK96NCd|+-j-M@IN>aY^Uy({yHlrk?EMApiS2S zN~;H}q6x4@0_g>kuK6Mnqr)G`;M}ocku(VOJ~y;WY4?+*D(!I|4dnvHy$!apcFFm} z0-KtOjDl)Y$=vjnUiF;laz&Uk@pz|kKEvOcGg5TBSQF`a!@$7jub1vZ#@%dhi{c1P zX!_W5@>ZwZNmA0rt)tLm{_m`l?o*95tLhQ78PHSXGewj5U)QY*91L!{GoK0{B*kZc2<(cbAeZfs~|eS$IOh6-GtfEIaAXC%n+N& z!*r8-2I?`4a$=umE5JdcUb(mR2pVy$Fj4?ut@TbqzOV?9tI7P5TbiKtCOqs`>k zKcG&^oHnN&fk-s(QI9@%UOac=hZ7}|>$T_{lkzY0Adt5)9mnk%oVt+318hQwSy;K$myT zZV{G>ZLvrt=NB)AXI#AN)~`bG>RoP3hw}ro`mpGZ=`j;9J!p%(#Wpnt^SnW~S_9tC zm*j>bR8lJ#M_v|l-S`p;$Fi`R662dC#qEY_9x_GGfu%8KGsHL+7ODGUO_{(Mo~obq zcbR@{xBp$;E7b-LR4ZnQ#wd=A@!h#&Ft6E&8`YwRh)i%Ig!M8WETlD1@g*2Oh=%g9 zBQ8IH731WE__S|a>4mOCY+TWO-X4U`3 z6yhQiDD+3)!c*iS|Ay&i1t4|Gf{GQ50Y;QFAgdosjw+OAs`7fTrY(PLA;#|Om~eNv z>jaRn24sPzBW7Yhv5MAb20#ujknGJrSP(Wtg;+rV-Qw&Ig!V|>~dxgxS<4 z_f=Yr2hUaAIo)s7Q$^E{=!hH<mzbSFuc zsFS4PbBU)k3lhiAD$4(A?7})p{Mieb3M=`bfL#mr2t?2)tVP9)! zL4--eQrds?TZs5DEj+zT$3TMr1K(*7j4Zkq@SKgyreiQ_$CRu4Dj8+ zuV(-79dU|G-yV6ue%NfHHbv+=BH=%A4_~IPR`9mZ%=g9|NuP;aBl7b5NbO5t$;J9d z#cJPQv6y8_qnK|7Ue_xA95lXmuuOn4lTk5A4~gHFGrP$ChS(vkeCJkwLvVR>C-*6u z)X%wH8PQdPy5Nxy_OSx8v4l*43irN?-|Ng%H4fkI=U9GzXW&(4^#q7J6G?kt6|!@C zq5M&q-M>A$b7U)z?#|w|d#iSZv8GO2Qt^bM3aTF!sU5^$cxbN_C2h=&4`q#-Pzrp% z4dXk)YyK`(g|!XwW7-}I=%#2_a@%30M|<;cb(GybWg&L<%N8In%CGo99r~MGuP+-W zC4if@SHIAIp`B|;_OQMmr?H@fiO{jDr<+}Qb1BJ%5V_5`uE*6S77?C2XZZF&@qqIt zgj>DqOBPe4n;$xe;$y-dmY1IM0vjUUBXq)_4MDR`F@BOJO!oV7`S;#eHpy+rE^se3 zW&T4z4`0!!iDdJtb9*Lu;m5;#=nXNT*@aaagE!c%o0$|ftbGp}kBiZpsg$`7jHe=7 zk)d}pXc>xr#tW)~u@5RNbi(?pw)Tq6;O`#~RdqS*T?3x~?ELxe46X-4Q^@$0^*Om{$$*7uCD^WS^l8)UfUr0Ut%(zGKgX|VjQ-)RsUNy zeD?mjqw;xnog;|Edm-?q^5%Q0#U$Yj{r%D^AomOoOz|Sr=BM_qM3G1@57m#V)JK^S zcFgKWT$Mm(^Sb;`8&BXnq7+NfQd{$#%Z<_+D5;2mZLmEqxR)N%CWNA0fui0%Z|^pQn=5 zk%>|g_pIofy zcYZcRpU|BNUdlYQ!98+!id6SJ5oD2kA z_ouLnod>ejM1Fa3lT*1;^~Hc|dU7mqh?GGr|1&PbwTd;sTt8lyU5NO$4O1dV8z zBax)R==I|Y5N!8U2N+U=`I7QX3K%>O-%F13`T}oY#JIi*uL}6@JpT#sc-$E*r6kfibnSD305pk*0C+O>uk`{CW0=8b@Q%_R$-wtg_ZjfEakIel z`|Pi^xBtzzhqo35TH8j`*5H6miv94ou0LbS4~^6T8o5%msXpRJ!dTco^bXKM4A_wY zp6@!{qigxlyAN-D{;%^;#{Ts`@Hj|ljs3&G4Zwg#S}Lccg#sN<5c4Jy8uuF;Kv<~o zPZ$T;+M7;ITOb*BLDT5}-h<^a@XHF1jP~XMVeE4|D-kXX(f|sv-^l{4>~Rlfh}nR7 z23`N%N3nZDCcQU>uw(L@cjCZ&dx+^LX!6ik#kzbt4bH#?KwX+mtAt(8wmd|$SoigV zBFv;sX>-E2?{$&NNu*(~vhHW$@>x_94JqT;MFzDhqS>NSUk9@2jee&+E59FU9vZzzVzH}PhS97 zSH1vviU*?%b=ehQ%mzaR)GC2N;7a5h25A!o943D4%^$Job)9zLa1v0*EfjTOPFpkkX}Be0ai5b@3^?80cc*yTeM5Lw;X%rr@e<7~r(= zzu|op)CPQ!`9WlDv{2c4LX>9N75&cW6?(^X-WTaCg{g~&! z$i@!{lwL@+%!+>y52&@tDlmwp zP)wZuNMQXiKyg4aaI+tuu>sv>qr0t5NZ*Ev=$yM3FWI$X)f2Flv1#}>1w;MAPzv>d zg)l<@ttk*tv%o?hAmr~Nwhb~)DdxDPO>Eq+XWpK&AOOro{^$6k5Yz^k7BB;cNrKtr zez?4K-0vVS<)oDWa50`oNL$-bsp9R2fog-Aqo3c#DE`+XRFJV&$%}b!4FG>xNeg*s zhU|aQUx|xKD3ejW;wDfk9a;1)h3~(<|F^4fHXQ^4zz&TE4;0wzG#2^C9Rj+s;R)1y z8GJ&V;Ek&dl+EGdbQ%D7F;=beUtsyS0fLvTMVyP&B&`pN-2H!x+#n@Jw{jY+wRBpX zlHWdq&yLMb>OpEvOZrE|WAof-el|N79iMw((KZ97ih7H;2OthF`KIvRWXUKREf zU<Ca6#t{2$gM_#IQ@=Q78qEMel=b zqhbn2^y_JWyH}?t(d~6N0m#k(?ih)HwGQW^1q}3XQ?gijknSwhuXoy+1B5n}0176< zY@=Jsh>Fm&ih=qM>p%I%_345C6x{#;TVe5=vQW4B+YO-5=QN`HqEACrgz>>92=H$= z%yM4}*A@Z(YS9N)g&6jDvEp;anF~^VxqH1@`)7a}idB4zM)mw1;5Ni~TLr+s3~Odx zr<2Chouwk`q2DqO?a^xieZgOoZh%gP+&B3PJm0%NQbfsC)Xb-4_pKMeEKUZLL%Cg_ zx|*DMoX@&(%Dbp1l%FjG5jBK|DRMTCiX?KoU9P6|OOqRrQW+Vem)PPp0y3H@1$OP} z4t^(6G(aoN6Cn}3Kt=memGgX4@`{=Rm)+RX3orgC6UWL9-W z`)t(eyO*13>jC6YSAbPE0U&!act4fgjd)rTH(6=f4~zomgYLvR3}#=yN(Kmhy5#{b zA;X^~f_ep^>RLuV)xrRu@CZ1}2$}*qhl)A?bdvt;WEJ>giY%=M{OV+L8F6)UdAtfN z@*e@wt^x4Z7jy3Pu0|cvs_h|c3Lr%UeXBU7^*ta8sf}cI0Zy6VfdvUGQ4Yp$FMqs{ zuI8D03sFD_+_(VND)Qf?FYwS%%XP^}(AmjafX>bY0iIDGNm_GdV_jiafO0AOkk@C1 zx6$Rijtk<?J@%^VtKL zjCmciA9(YX2Pw=4_*^`b9Bc5}gC$6cFEFQ^fR2tB5Cvp2C->5T86;iOe5UL6`)#ZU z6Bf0jKeg9RIR~0JM&K?@ve_T9tqI%8-!ry3Mxpo=u!jvf0{{>`2Tq4Cf{5b%FW&D0 zTD$8UbbuJp$SN)5EikbKTL<~_;V$j%tz-I{F z03(B2tT4jw4BQt(I3j{r0G(Ei3@Zt5u1Xx0tK$Sl#hHB%GKS<1SqgkB5}r_7J9!}x zL>Ckeh!`3aIe0$!U<9)eR~`UXO_dpdA<}S-o!)q9j#OBKCZ-%C-6kNTA9nWiR|)7< z7gpVf=&l&g$VJD497v~6OsY&11>kkYZilOIC*o{&IZV|$Z~_>(auO3`WtBQH z`u%am`-^KpdU&SUxDJ3|7p z{Sk+5fSh!ZlX6n_l7sMfz!J#b+myZ}Y=I=8lN>Z&HP4B#?-B!y$=rf*-o{zc#AmT; ze66eT=UfimSmd9!)j*cZL}+R^^5RN*0kLiKLZ;mbu&ODSC%(aMN82Qvas|Zxa_qX? zKCNg2betwY@-+tkt=rrSvAc`hPC7kqdlx{=b=o>VGs5_XdzW7s(S8>E=J}3DaGj|) z48n53R>NdYqE-PM;RTJx!|~zr6JE(146d@mM?`)yuMR~Q4OYoZ@Tleiy8f*oawk+( z<}~c8{R|MAbbgy@)ol_+vv$>28ye2kjj^u{n_vvD89I;(7$$=ULj@aTOAt z&{0u)$}a@oxOgSDIr%-swxW+o{sm|WTg?-QGV`Ub@D3$r9z=U=@YgS81L#YgvNZ3} za+akC>i_Agz7OUdFEyI~VtCLV41Yz3hHCnI-UD#1naO3fR7m>t%mS0AsK}skOe8YZ z02?OH4STBVc1r#+k07J4y9%r!=fdcJlzdcF!odGuW7&tv`T^JE_9(8;u z3NkwmL+;rtQeee!5nS|l#D%=bO4!U%Bo;v`{Gax@E|FxisP z1pmmnuX;QjThPe~i2;JE3|ed{uA%D*CK|QVlwcc+nj|0hhaAQ)qB`^1-%?z6)>%`T)aB zi12UcuS!27QR}q)s+zrLE9A7&Tjz`Gip|D_{&wyWz#GcZfTAppBlGlc1#OEq8v_m_ z#P9(Z36s3#7pdi#{1dPu1B8=zbdnrKqfFYTF8?Z?u}hj|+V+KMvKh#-iCtGI#rXx+ z>5-vHEtBJ-NSNxZV<$m*FLt3cqRv=>X*}?euM%CvvEm$&$pqKO1Dh@mNo*nREDys^ zEa9G|fjAvt(?NF=+vhQzu-YHd`(@|#VoYFKHCL$v>C-T`N6Y@@F+|5aONet`wD|Hb zi6|1N*}r7*+c9FIo<)QwnEmPRv;huqIcmj<0wHZt*=s*P^%?cP-knM=n0?zF6%W|% z4EhLvA_!S|;8zy=97IMCBZ9tq9=u;!4&0b{_r2J(^0i#QOZbdNRwl`OI; z3<79N54Krh~Zc+CtSXz&`>Owv~8Ujg0Xw&DJtgFN|@+mXN3X??!v2yFsuE3&$Ed zDoK>r6H9mt9{~3O0o0$BhyBK$AXqGg`3?0VmX75a-C+bm^FAnVSS1*?OV~+rO^*q( zxyZ%c{!DaC4HsBKONa3uXmpbVhKoY-JP6e&$uj7Pp-Tw+l1RW`Ifnp2$<@VtfVI=@ z-cA^0<2baGPbTvPXVC~@h{1I#J|NHBWd!o?i{eA_U07%~jt;uhah=tvXpmEQU7)oF zO^g^-+i6l25<%sYq%|AXH%O<_M%;m}j8oMKUB z1LKaynDSpQbACsZ;~otcg+M74TElsPbPbrGH#;4;e8)a3X08u!)64c|O5b_)ddoAI zekhB@#N_L5P7@yc_K?9AfBzev>s4}#!pn=}7g^}#4{m5QLkmH;@oQ3B`3fwlZvt1x zv2y&MaE)x{%QzAYnp#i}W7gwwa9JEa!%!vvCaDfah08k6BJSBOzJWEowdL3SK|I?E zTey-TzK6mHZzM9fig9YNXM&tDj?FP3t^$vEaH&%Sp#R7&fum-^K&CQrq$0QePYn^z zdpYRLMF)Jhbjpm3OX68GpRIfRdZW>XsRyHm7=!3<)3eV@kPNtDW9Y9^N^lOQC8*k< zbzi%B9=%63QNM;^hNoRz-XSpQVp%$rh1@O5xTF+Ult)@m_60wD-wpP*W-|h*j@>~J zuZ_Pc2ihn&cT=?c@ACmBk-ur_4cnZ6l>2~es)^QNQ3t9TS~*iP*H6{g7_8y=XM8We z>NH|p66pyA{*hV$ME6BL2IiicXifDu1GAu;7s>F=KsfPzbTq|N;hO|b zZpi2ei&`LEaI=<&1GpIy@hwnYI(j}E-d$^N2Ihm34rU_+!%nfl+xgv>{Fc9#t|`k2 zY}}CZoXvX=)%qblmq^c0ZA^7)dDV*5CRle2~Gd>o*(lQQ9^s2!zbJ9P>&xaFK<*I} zBq%zEO+4)I>6DQ%LJn^b#;B0{JWkf&L=Gd++pgCi7maZaB!$3Ri6A9}aSCHqU>-7t z;G%X!aaC>z2Tl5IEnRu-H;)(V0BeUANHz}AOWyG#Hc7lH333TW4JJ~<8GC01#mZWj z5WKl=BT~}T-&87)QP50c;l|xgY1K|iB9*I9RpL`e3uo+D-EUbPTr;J^mM8U1qy54! z;|-MyCyetXR!xH7)@7&q?qGsf+}bti587g#MF<(9QhjdFPz%SU*uZuR!QyMQM}OM! zIux&ntc~D;b+LZGjK8y>^6Zd?GW*8tR%aiQHIPh7AV8@SqcHup5I*4(=o1MI;^IJ| ztn6EqpqIz+&3n9fq$B?q?bUrIMR^#$ELf!GLFeIrQeIGAa;`v*E)ZNAO z&0qm>@Re%~U!EU4ds z-H)%t$kfl94WDYO=Nxnd?>L~ag*ThT6FU-ll^%(9(DCVFSiq^>=`L^OExcvJ6Ws5D zwF$S05(VMOh|kO0OsZbLx;8 z|0kPEtEYX~fyFRP32`CF>$nfIU_`9wO7QyO`?Yff^%UM_i01L46iS>YI!^FHXgG22 z$A25>iznS;rb96$g|Ne=jCJp1=zPiEJ3JCxcWLE0#;O>%w(c%^1{cu2x9TJ zaQ;8O!)a}(evnK8Dk#P!XFOXkDO%{Ym6(k#@*v16u_PE}@xDAK0+2z~gpHA3#uG8F z8p{dE_d^&TJ;$+^P(zddTD%b84{i7{MM(DTx^lBBGgYq(T{JpdyrDfyRN_;4p?&Q4 zLGw2$u1k2oPQn)ZYyt0=)b|)X7$5IKR{Nw54h+;U4tREof+;)57!?lQW2nFPjfhiM zQ}Sz1@%Ein(9$>=y=%B83&a$nKPdnHbqf5Y6YEf8I2tsVM>3?v1WTZ>G46AZc$boJ z30!&mL{vv)DRM7f!lXtePyBHpc28lx+CEjb%tx)8d$$W9( z?o`DEelgsjvn;1L&KZM6jdPBw3D3iD0x0+0mYsjIPiTWvEsLpxg@*#n%|O$b;&+lRoVk3>cO`KYPq3`VaCj4xIBOJ zo|H9$A9W}%=H@hNfxjShe+|gugFmk)adqP5_$NW_<(@5}t1hBr1u#bk%uD%d8yETo znen7=WovW{0v>*k2mOBsn2>$^eS>IbE1pm+d-snL%RL1;I~U~lmr8mo43NNvF--#A<|EOWH!V)-;U01$>1potT_ud=X3 zn>>`pZ&5Hnn9T1(#z9&JgB|k+%Ehq-G%JW2md#~K_@g0W*ArAr7!@|d6i#7uhXy&n z1{NC85XHxq+#wtULp(|s6O2Utw>D0e22u@Gj^kYB()vK3w2Sg~TvFkQnV_~a=5$Z0 zj{ObkVLQenSYVPQ?k*FoZ~wr{8E+&ir4dSZUR}T zmLI>jLo%SY9bFQWFkadkZ0m7A{?yOE9d7O+;2?mENUIvF{wVx|Kr4^yz9(@Lc)nS^ zpgtpi9)5yX1dbeiY$22-JN4;|fEXop%!Sk#bV@B!NISGK4SJ6=cZmDRNz64m>?xQ- z;eAc6XxWM&U9IswC<3T9aKe2V&i%)-Mcdv)LCh4~G`mlwl?6=QRRH zHi85X$I|cwVJ@T#)DpbV={b%kwc5a8;8a62b}%D}BGC~gvZ>zwsJ;F#iH%(g{i_-I z9XM(@41CLgl-1;8^Gx5@UiG|3n35Rqt0ioIWH-N7PD&ycZ=40OFrsOld;E!)0!pGf zkhUF8R{p%yxTUv1?ez_YoPlYmSRGaNyrKGroY<=Fuu2ek(snn!`a27nQc@hIC6J01 z0ZNqrQqju~wVyhiBGmu#>J)GwgO1rg_*FKYrH{!*TMriuEChWznS5vsm{23jt4UV* zaZ|HS-P{#+Gc5qrDvrc1vky{cjnI3MWaU%unHip-U#%Z84NRFI{<D07&y3Vq9IDWV`^w9Y=33bJfAgjwpNc7%0wJ7~gFNB*X;&QkU^b2fKkGO{>0 z*OiyedbY5Rh`4`}F)DtEUqSB2vATh*V@gHBSZwCYCzZVU;mpT7a38)QK^H8J?hnXi z#-Rp9Cj-Z@?u1dbVK1emB+`1}#zCNrL^0Zs_~D_=i%J---8flSG=t)YgeA+~1ZPL< z!DcGap&6BJkDY#npJ9KlV0*BAA%O{#1O!?wWZ>51uR8L>aRP&%@marM)}YVes9Qi| zW_gJv)&I1#X-Q5P3*SkbTJOn+SCG>WWN7QAjxA{Gs%6#edd@J!uz@?_6OvR@Ft<+t z##?%ovUO_o8vZeZk}45+Im7|G2(Ew}PwC1g_VAtH^IXF)d$F?P_QOQHwUCSN|?DGsb$*=Fd39pfrmY=9o zsftN31ZGrT@9Lxvlfu!j&tsVxQjkm}hGbv+Tiet=4+2|}KH94t)j`)X+v>hc3U81A zc~B+Y#Ve-)OoliL?*WiWzsx}G=L<2Z4uPVm`S+h`)&m{)dV#$4N>={5BUgH#goEvM z?>=OXx>t5+UGhZ0G4>cQ5NrI4I> z3sgU{G^rghM+UhB#-kk6OUv(S7znZfkA)e6sX{E~id|MX`?ps3bJsZ!OXjJUil|X- z$@jx=VAOzn!+0S%VTuH@O@G+U&5D0zsMaO1_kS2vdBI2V67erWV|up!x(x?Z?E zYg>Q59*|N=99B_zn!o{$Iiv zX+%%*^PZNEWuI1ASX@D6GD`4SgTjGlJ#>ztxZbNx5u~_BW z6`IA}u^+L`d7E4OV7s!Sb*-xBK?crW!WAWrBHMrlo?r<{Re)QK`#gxL149YGI@C*j zAKcF#oYM@`a9x)@55k0D)QVfG#sye1ri#Pc2l4~q3lw?%3t?4>EFk9kV|Jtfr=0P~FQyc%bEPhj@0oiq zDMrcrG7)3Dn(UfY1fApYxA8~G!yoTcb>rWE$;Ou5LZ@>i>GNVNDzu8Mfw=l(!Qo8Q*4BKLGlT)9;fD*V(_-G(=qNd3*rP8pDQc@nt zEcLf(xI7_6e_C1!c2WonbPF{gBuQfIQ(q9i^%XipNURW@y-Jrw=;Mw~oK6rGHW&?Ko;k8+1rZ+~X-}C{mKnoot0j4GV|0q!mP-CG7`(G(kx$ z7cdhav6LS#O;7^l8I=E)@}{BXSh%K58X~ztbTGXP8Nztk;78#lUyqDmOled4NkaZ` zct>b7zfO9Kz9S`69*c`&@wYvBp2S1EN~#LHEukiffrl3MdxM_gV{uc^Evjrck!Y0h ztBxq_;0Y5V1o!QawUbl=D$NovVSiuyn>omENH1ERgv`~0}JHH)aXS5taOSHd* z?Fdmci^m+AzY3Gc>q}V3cFQ2F7??OeF<~q({QuyKg{qM#VMtUDe&-D z$O1@yON#4NQk0aFT%Z3Rt`7tImz;&fC($~RaFi~(BI0^ND3Dtts=pHpemsme>97Bs zB=!~Thcq5f0!TL)+cd_eAQtV=Y%Dp|1skM>F|4bNG3dj7V)+}lE5KLglzbRN2i@(e z-zD$kWr!R;oPq6Bt~8pMvBl_eT->P*C0$bdb<(0AwgE;$w&+SEvBj|BvMM~(Ta8M; zZo8JGbySmK_o-<2leY69Bu2S{0#kr zf3Kp6?uX?UOozt$&Rc@x&}X&`C4KoryTSGi>C=0GyC-In=&c$sDpG*P4R;1OKpgO% zwLIU=C3{~P$018!@=z?bH;AW&N`f}~tqwP5TxU;STtLv0t=J3g)m{cL`Yd0vQI{)% zUcd$}_zMdWa*wTqr}xooqL1FTW@4Mn6~kQ*rVFmhc9rRf&P}K~gJ%SfA3rNtY@;5Y>SDbX>79k!gqmpinV_N#}rK8$L z$kfw5@r7)Z%VkWuTRde2VGlb&$Uu~j3E33tu#VOviH!glF#ya(h?jGqm`I6Tat=c6 zG6nu?#PwPYx&0o*2Jf;W zhY{WQ3{&ux0cpL{?_6qV9!yx-IvxmeWW+q{;mG=>Xn60BQiUzmmD%e;i$ge0OPFzp zxD%ZX+=@=E68QX^I5`ZM8mcXs4DlwpuM#Cb!zVfXe_(Po+#TRWuarm=5yaMhc@{(b zuJ@*Av`&gY2`i`JM;H0X;In0PwdF__D!+9@B-u%F1MgNLoOes0#g7Xd;4kAo;&+26 zm*&Mp(vGQ&r42DJ6S@AsSb%6WsO`a9pk;iSQP{*+T*3&lA=PM$Kdw7nf^nZ|5NI$s z$XGZioM_Gs81(oE7#zok00?PJpC77qS6Qfm z)0r;618$ha)!ZXaWH3C}S{68tt{AAL#RBlE;m;|Z=N!5faG59?&J=#3@zV}+Mpb+o zCd)A)wVG+qZR))ozFAQ3GmHv}B(6llMgNVXMf0!mIwr#*+VH-x%o7~!7iMV`4(e4M za2$q!Sav$atw0QJy*}CG6C6>0Yz*~A$h2?@g(Tu-UThL_LDKE96o^3dDlbZW5Al*^ zk@3iJuYSFO z%l^mWO|}cq%I0-Q65O@NbS92AsFmmY?=udkkAqJ^?r%2)ie=@F9c+q-axUQ@x4EO6t?gt`ayJSRX;s zEkUZHWC(nSfUUz(Lk%ezRxW22ZS~lvlOyiReg6lSTA+xPjiyfnmHq_BTgF2=CMS2l zV_K6BxJXrahKJEn3~*c4qlV?{3As%17J3bMsMo7AZqBX>*5}y}c`TJoe^K1`S{($O zE`v;hzKpfp>qRAxWL9@mp$Yhl>qHWZIw~L_@^JZ!0zbftbg%QYXvBR! zx>heR5@^ydga-4KNoT=$9jM`fuefb!qWsHTgFLM{8Mr35HI2phHnaUyaCZI8BrzZ?8`j8{; z+@3lQe%%&Z9&JP?8tMq=UC0%Vz4JGB+_t$ksOL=46ATSJrQRC)0r&ep>EyNf`7Q1*wu`(rGaQ%0QoDXmzT%8v3k+W%T#pNCZ+wx68OTdrki2U$LiGsP$m zL_F4lpvO^K_;#u|GY59;aCSXStsy&~arawa&iqM|T1^!9$C$1?Y0`XG@A<9yw#HQ7 z(ozN6#2eLo&fQeX@GA|VH%h^?7ks|*LhXD%9YBn~ev!<+4SRuG$Ok$uICd|{zPdRi z9TUaCV6>vz>zRw7X(_hsWC+Ca8Et?bsjUZgdBw~d`jG#@^t0`0%yz?Kq_~z{Z1)O0 zB(mn%yom86dUTzNZ9giF<3-N66?W&sSX|0*7u0&Zht@xwL9UVDi@DFOmVit8p^6a6 z*pulOaMOH~txd#cUz4ijz9hY*h0`bzh#oCQcq1-XdjJ|v}BZq6M4gKXkIprbo6dqaC{ zs=AO2lg0!#QaJ#aIPcXnhg+3LXhr76#aP=^&c)JfTfe^wR>k&}Z2tTzstp*Ey91Bn zzK`2)xi^fl9o7`}wl3JI?b!=O00>Pp6d<)lfig?0^A)@7Pby9N#B;vX4wcs#A&Ycd zh3APXKUB0EuEDLAZk(>JPdCvv%%;AMSCr%dPFnV|>|}Y@w`TcFHHLqs4}kUbTA%E` zvY-6cG@s8e2&<-S&Dp_K&Qwic{KCg9Ot?nZ!sPk%QUy;EEt7V_*|bQgI6nX>XTW(n zBVuhxtTp{*GFW_F@bAwifi+HZEDxrg^sTv67I{A88>1R%n@K7)DGsWtMG74pM~`ot zY;1~CggTao^JP$|!IzhA7#)KikUIhD&F;V;;?}z>8#feKWBTRo$>4X$Q~=1NCl?hR z^Ck631_2@K-@v#<2kI`_Rxp#TmJ%sqy^N7_J*KQCB;?%on!5T}tKr)IlnSj-637D* z%h{h_Fb@~RWX{H8nCZOV{GRx=ucM!c^SI_yYZAdqYK6l$FH0oDUxcoY8n)w0Doe+* z;^$axV4a0OA_K(Gqc%V26{$#3?EN`CD1%Y0*51JF+e>M`wFB`1#RZTI5;J2`lHu(G zS9KkFz!N5-PA;SkeN~qdgevetdN5(Z%o^|(d-Xz2)LN%q4hL&`$QOxYOHdrb(%BVG zGRp(Pqu%L}KeO$L6#uM}_1nakx}!%x5Ki$jHxON_FtO6%B}#0LSHx)*%WA-Cs&;R4iS#c2{QeeL%sB_&DXnOZ+P^ zd|CeuA1NC30k%MxGd&szFHTp5h&c_lZ@o>Z*XMk1mL{CB8gb8Tju;sZ%748*IEod% z)`WrJ#F~YwfF4m_^zb*_(8i;oE;f-)wdZ6i#DOuXKld&Mz_C3~HlPoJZ(dA=YPyi! zQ4&sA;O9?VCV@gbF}vOZIuD3Ja>9|k%)D1>oG?TX-X>Kb?vS`3*`V?X;2&&!aXVv~ z?K4ve_UH^FA}3st3NBABBO|<^hoSLLpbp8+m!odWZlGgbfe98tzu*1+);Ff-uxl@y zz_pb#4QBxuVumxGZM6qU_AK<@+9uHdX)Bl+Z0w; z7p>RMV#!D=SblRPUlpu|bOEudIjJa+2B&YJ4}mRi}Ek>yZpDdKWzJ$8K9ABy(V0gw#}Q*`k@p z<6wlSE!khdgN+6;SHOa^6uV*j=W_r7trUbFSbycwTBKkR`7G;4rh;V1n%64;@k)!~OM8UeSsCvW%z z@dGLz=rF_xsy-#OBK8Jejl91%Uu-iV8fVHb`@lX(srJ2;7a44YE$NRy$NQyo9Uuq2 zLMdc=-m(Ab*3yj~@j}fXK>7(hSMTVs$B=FHy`^4cf}wDiXq9FuWsA;Ab3m3s_DBKt z1(^eJO;^C;@RY1!drvR#Sv-dfZ$LF`6#;UfAsir#*CWujxyd*UchqY@4D1(Y^n!(? zj1S27QxYgx-%kpc3@s*PH}99)Sc$>*Ri7ZOn688_mHR%xmF9@(fO#PGXS{xK_tcSc zD!0D9#dDWA)uMj`S8(R`d2)x~9h-^ ziDSL~+Tg~dpdMZDmplX|IGdE&0J4|wu$e{-$Em!yQ6B6ura_O#L2$Fee>G_!VnEU+ zZp>pQz)=-M6=#Kfd_!>9#(od*8kW_6RF!?ceejcfR!}BqfEO6x!h*o8QIu%||As0Pb;$;j z)M93H+#FO^qOs27iLFl?Q6<0Ss+t*_IVJ`Z#z?w?Jli8q>3vPOn@rP`{FWE9Blz`b zLdBo|3#VuQKjHKrPh*AnVTUSv17kSOHutNaOe5&GV|o0dGy%R_@3C1S=IbWVn(lBo z59@Fyx9~Tc71XKpOtw|e*-%m&t>lr`B{?K-{T;F<)*4=ES0Bx<@H6_k z`FtK_YTFNh>x0tA0WiQGm@B<{4}?jRDR+kBc|Mz!)w}cl0Z2H=B zzX2r=Ku&t36#99nR_F6?xXOI*0;((WUe;e?WcW5CZaAb#D8{BNUEgi7M0@G8TjC0 zeZ{@WkNx~C*5R}QmOjjRwZ_^#*K}&989zKuOO;I6IG?B*t+yTW81*MsX>6Q?kEi_n zxLAVbNuRk=tTuU@;9>~-&`N)qB{z_|#yt9T*^@E&01i`wFo=Sc=uN=SgC|dhE9jTMYdvw~Vy}l&L2>r4b3&vMo>3?cZ=OzLBKd zZ@H2zYyo7n7dFDn*9S8B3`#^#9hqsbqHo#NHx6c8^J$>tVkb%TNaeH1H-5!`xO|P+L+ne$+ct>d$0H8 zzR%D2QeUpUX8z=xd7kJjw(q?8!al*a!aAg`_G?g8%k5B)(?Ig>%D}deeEQmYh^QD? zE#X;@!|vRLQm$5U>}AEpeSQaMzF zv+LA}W1elX(M5T@CKRp7()aAltT3pijJe46l9u&Y3=qkPOq_VJy9!4&FNlJ3~zYw)MNNN7oLKt2OJgeXTZc`cEyhSKxTC({+K$ zmDqW*zM|4rQuvPxlOV}kuV0@7)O{0`S8sAKozDQ#q~i1I|IXn=Ii6SMz+j zt~KRng9%}V_XXPJg)*usK8fypc`NE9jI04eZ2z}bsQp_j>R1vk_YgTp-I1z7OJvEe zXcUc?9o&?sQ#dTR3NYzR0vQMl~Al2((X8uzxrC%2W6b zN&RNuxxTiO(P<+*|L1#xbirfmycopWXpwVyE9bBMEjS{=A>_dI1^Vet^8c8O;sXz) zX`Dpqc%|OMPwQ9;rRy@?DwYIq`tc7c=2L#|@!1GG7hM<|sOUk(>Ib5E+aiz7%PT@} zy}jd*oUTbRt-8^$A=}7kYIbs5noXO;>33>R-RPHWzfZeek9eloaSe~QIi23m`m7$} z82v0N6-|kqqh=)FtXJ6EcCT-=xZ6o}T2FrVrN2|PU%8mF2i`XNH75(*512Ivx_r6i@qU8M9jYo;zGSW1#b$05C zTA)UPWHSG3F$Uw@&nv>V{IsV06xZYy7I@S}GaG4q(|O{sau;K_(h|SlZ4iWFEn+^U zD6cJesMw>D!2QohnP(}0|I^L_L&Yu7>~(Hw;$IO=GhN7rx--WT8!oA`E6xaaR- zH=gRxJe;?g6MHV!8qBs7c%-MX$J1^uzS(l}`99Ukr(3kF#e>SiU)bYau}Zns)QLxT zX#dNWcs~%ni9bdWGt#x5rr|e~YQ^(WYxbk9;n0Wv%wf)A`u^r-c{l-*qdPU@6suXJ zFFogHSLeKc?+up7wNcokJPOsE^h}??e{LfJ@&BccrI@WX|K8dluM=W8m93^_4`}*$ z->k8)wr+lPnvl;|%$H#fjYv3`XKTqAv+L#&;0yZQev=ib*@Vx&G8s``UCE72$nl|zqrvojQv{%u<|UrQ5!ZGO zH1;AdKbW82+SFrrr*n!vi}cNU`uM2>bO$tcGqpDm>jPC`GyLR7udrwBSI*l~;>j2fUtO89WT;$<&*|bs{RmC-YAtIv(`Z%#pbG&& zUM7A1+np}`A9kmrCyWXpoD@2@&%#_+w-cUN-)`-Xm^s)EE`*Hgdb?ZiOX4FN&YY&# z2|X_CWw*ZXme=Y<<_ra_`rWcF8+k~?I80~)QLbQn{>%?m5F^vMJZrFJ>*!|u?z;5X zo$I$9p97Pl%{uNF_Bnp5Bw@dKJC38H%j@OUugszK&$LR#8nZ}HHRh<+#|n9yw*55XG?Oss858Geo(9ov(b!ZE@`@w!Yc!*woENLCaIMQP1;dWoZ-JeUUyZ zBA#bElf})g-te1!Yi1Bb{7JFx5lz?Ey*Zg{m*}JtuSK_J%;+TaSYcNYwZPrZ8!8it zh&Q)yQiQxTcz5@5^kjxiYkEb4~1YEM86;X$gw3H2f2pj}uuTPr7Ta+VS@E%y6jptuq8B|J0Y)2+EB zy+x{D#$mDZ%Viep*;`kEoI{V{qd&6-F(Q!@vZ9lNUw+TLFb!1vGW0CKN3CKpbT!ZG z_{wQKZhSWCNT?I5U&C#V1${1^Epg75hd=1H)6J;A+LC5F7!7H;*p!{8IHK`3o|x>< z{PB_d<=Z~fTAuObS`i3yhL0h;&-bZ4uX;Y(yvbK#G72v>0;?ZY-B*zn&w9qB8mYK$ zT8Ly*LA~fSnO*6&r8xvm_a`U=OGUFb##qWY0!|=3bpn2WGF1MW&PLphTlk zi5@K0*?4d{2*PpTEbJ&Hr&?$6Z(!*~rWR%UjNMd`NJLg@6RLT*0_pbdKoQl;VAdGvV{4O!E;Mx2+ zQ|8jW`)BHw&wlO>#=365hHTMiZLPy_^P*e?&NWTSxg)puW()5x`s{0q^f&~kGo{;a zU)M}c*&TYRk9?FKV6D%!!>e^{o}Z8(&h@zcBzJXlTRVH}YyDxn*-7_!%wCqQ*^~CpoItToBrs><$w=8%Ub!$!1?SoMavQlE2>|zxF$eb@obR z{U()^9j4b{^G5jIVq74&hHPNpdj1+*Yl7zT>vGSgzQ9KH+;WVqTHw&Qb|MQFg!+ z&^6&GUD5Y`>u=F+LB@#y%V_83MwMHoLV8bg_N2`f2|HZyPWLL^R=Xr)+vb4sUi2#L z0^nN}XtQ!`soheZp5y}i)EAB^xUO!blxuvxSk|7!-g2^Y;#h$t^AhJ>bNz~tiBHUt z!&nlp^|YGnlpT@I>HS^l`FEP^OXsiCJ8iY^ky1RfXVr4@$d6_J35fvWAPEnddz_sF z##DJtyA&pW6xiO;GLe&w+smSOq#ot}!`@#;MHTho|FFU!LkKf8A}~Xjq)PW74T4BW zH!9NIF~A^5iy);qfG8k{BHb+=f^*R_KyMp(*IHt z0CeOU!9rFBsuvLb=aoq<8)*O%6BUrkSGD0QV+UbBUcNr}qW5*@5yUIL<9g!;Wn%$t zk3Wy*#1s}7wC#?EoH%6Y2(td?j0OJ`zx?lN0?zn9FFF(dQ!^X}USzYBwrc$HS5LC~ zQ+w$4--m3Y%=HO)fKnqw-@xs8rSjLvgswZ{lZOwq5)9792LJnggt*tM(ml(NmnOHJYb5b<)-}rM2~`!!B^9ARII;~@3~g( zzvVME0VJHqT=L(HDh4v1m+rLEz5Bud;y~N+AT+`+{}jZl%Xt)ag&i8w-40g!PjO*L zJ&EN%n#}+G6+~J|1^Oj&*Kh;xm7I4Lt%as_wML-b9uPjx@72HsuUnwkLA!s6FX+to z{_C?=m}AlMTF|!V?sLGXQ%SekoTzZ=elXHr+AGBkIvDb+K?kGD{2O7hoy5-XPP1}~ z{9kno-*>)vVnXe;zd30LQ|%i39~XeZXZfSH`8EI(bY6#p+Gcv&bdJ+}YveVqY{#QE zLV%8OnN%s^VbZgmHpU$5-^t$r_n`e6rf|&{IbgOpr~#0MoZYh$%eGF(x(l|YjH9~J z=7B$>6uMyE)F}Za`Cr9SW@6`C?!4l~tEcV&7oY-+Zq}gFTV3@cr!dL6)Aw+HQ1jjY zFbhA-wZ_WWeCnXn%9F$$3|@;?|3;s0y*=?xa79J!3Y`lbBl&I6SVkvON-@Dw$WL}n6jVm&LL z@q+9azzy276{7C;cP-*DU<5Hv*-OS@2cR+f|F-T6Zfr)=3f(OkbNPMm_kKlw0FB&D z)9S6-GovJd427(x+I4~87g_=Nlubo0+HJ2}SQW_PuhojNgUKC#x*^RVoO`pCGvqQm zinsIG&9`>bK&E+}1YTC+00(+d{n_=bo?0n${1}-4U>04G;WNZ67M}n(VHfoOR{j;q zM#f6)VyZ#o@BmhsykfhN$Qn!omr3`L4pQlJ1UT8E>lAGlP{ZlGh7{bsbKfbZ@!&c_ z?kl%``BfOTNgOaK4!{Q)Bz@XJ^EO-H)y1!uq=DlA1c0?{i*f1X%u{-tRDHVo)#d8q zsH#jB$_~&D5ez<`jRG$YzJq3Y3h%ptX~K?~JjRteph=k5bHX{o543S#qX#;{IP$(T za*0d_0D|3r?@TN0i18BSencDsb5HNZCcwPJTu8VrKmP07MsK~p-0uQv`r;BWccaka z=YzR#m;+_|lkDrfH-U`LE$Msc=8qQ$?Eq7M~*v`q)szS%Aqw=&NSrW(>;kS zJMyc~L}&c+YF8JH?$?GR;yd>_4uww*sytprh~vQh%6qOvS1V+z?S3O8?lN7=l-cf3 z!)Bh|^10XCM*FwccVf+(!bKSy^qQEsyDrHELVj$4n`dc&QT&53b+i)zeK-YZ z?5t^G86}9Mo4*x%?k#p(#uKkHk3n0Z`({_7#I$KOfE^4PIkH5YHPd_!R{x#Wqi+Nr z5nVi~vz40#sDLCu$7y^+etyu-9P9Q@adtL}tjK#N7=IyJsK+V$VP`Mks%$p@Io_G4 z&or*`a4$WWXj-@tpnL`JDSj2lb5Yg+WpZy|@$-(Fskf9Rm3g->T8h!NOJFm=k0A}f z7ykV9n<#hw7@tsFqLrgUnF?Z#>8PVq$u&e|0Yily4Dp*Lk@Xtf6?PT5topx3Iu#l(vd|S}*^@-|VnM{W> zs`nhh5MGn&Q3X{Fl-h9{;8-dIpOZZ>3nyu;S4>vIVf54fj41L80+C_1iYmwDdsh_b z8}7`42#o;qGHSVK85xdkAr>N>QxGg%<&!e}FCeqwltNk?aNp3Lt3%2$l85@Dr^}y= z3GYDoQXb)U1pNT)4(B4qAq6og3&l-WaQz54Ut;-X85$sSR{%XD9)drcEwj3Bi@EVi z=0gS`!{B(&+paQg+(zC~4mL~9orcM^^B%~)M-)nsX18?lUbRR8+DT;-oJkneg!(R# zW-u-opM5z0+H_srSHm!D+1qK&6#j;IjiQKh=F$4d!yti>w+Hg4LWd+xZx8WyvIF>U zF}4#d5SpI>^hqn`?pzFpur9CghjlXsu8_?w!H9D`C&VO*A6$kwYG#Q2#7w>%{z55) zcVz7G*E$9}_i`UDDC)Is#;!xY(x#%{ek`4) zo0V(4OHbl7AhaVfAa8iqr|GsZMP$fHHe|X{>IePq>)Y@MfQ*W64wV|1zD6+d*6eEw zJ1n!Kr8|4`ufTIBF@iB*bn-XLO{wOECIj1yf2S&yZ1Y5Q#JMjAdWv_d0f0yJ{0fkT zmZGo?vrnqIz3R4kWrt?>P!P_B4)XJR_VzQMMng-W4AoD(-faubGq2Z#DzVSCh|99e z+nr7MZqct~?Hfj&lFt!F*HZ=F-g|kDb`zNT`1>87=f%Q>qT8Lj@b?%G{{F1gZNQ)P zv6}}hi^c85t(Kar&c(I#^Cw^l4gNcsxX9}4zG+nXV)%u($FWnz4}-yp=WYr2HjMI~ zC3q%X?)n|P8(>a6y)*E9T8@mh>yPZMU=MjncmMRH9z-W7v?%^NdvM|Vyl}-tB;0mSm{b} zs36>61Au~8;d>G%B-F`MWr}e95p3Is4@E$NpacrGPoInT(__elCK}wRuWZ}ztZCfu z=3cjjQZ^UfzpybTd4%)~Z2lx7&7O^yNr4vbmti8sxU=2bCTb-vYYGoQCcqzNJ{QhLE90HV`aTyA zkn%mW7q0kV0dbkC^*=j65o~=eE(xxGltMoI$>cPm{-1v^4UzBGjPwiAv0ibU20sA* zQaEKV`;(mwk!_Sjd3-v5zf4*-IHcT6nMjI}I_>g(T~fsP{=6Wb?3`E@_wWZbag^^> z&LwyH`#aaLzP9wDoB}01jZmvMeEN{i7k);QOR~aWQ&;3(kTA(VNru5;+EOuo`#MQ7 zh|sV)B*i{+C;okszzrnpi@9&5 z+qNkuqwU5V%!_NBk#pN-+mQbx z7vMuzN3_O>C1#SjuN3L8FMd(EF9xj5T01D^A=d^<`20L21*_~;i2k6XAAW*LFjT(& z+<3AWF0=!4SMS#Tj!*l?EpH|q%9RV#=E^>hvibh$oOzV=AU^yy9Tj}+$4Hxi7vp8f zR@{3Ed(}QuO1cZlhp2K{?9YwLDTrLm=m9cI0qp)Ld^kD@2?f2k96kj}ij@dh5_CvyY~f^nAD+7wOUowU-$Y(OLR14UPuKXUpU<4Y?q@&1 zdL!kIYjUx1CgG#OJa`?|niPK8^NI+S0Y`fj-GeWo#V6oB#j5V&(6yf^Q1__(%(0u?n?#OL^It8*`jCSLcwWARt;a+UQ+$bx@5a8tCdX-GY?S5qCfLqDzhYc z?AA6>U7~R3(+`-j=_m1I{v$J*)t=XP6+P-wbF9FF3o@3A2i?2{ah$-0BtU4HS$|L8j;ICw^^^A$6?K(QZ!1Sc58i6WCwgNbE&KX0 z|FHZH(gpTM`p+jb)qz(qb}V&#j~up(niZo7eVFfmPXAqb(g=TQB5E>aC+z-?1b?g# zZ+QaSzxj_|C1p24)T>4x2e}Jiu`(k0X)WWh04h3WpB-V-q|bd%Le#k!HdyG1#ZNts zrkzw$3~W(>KVng&`OMb?zx|2$2W>nmDP%~%USZ(|&-{t1U^e;^mSNUv+D6*1p?$JV zZnFYEH}~T2(Qy(Y_<+MOOZRUHL)Vau2Yj>m}_4E$8E*HD^l z>4JL%zE?ZER(|B&oZXv#D^_@HDg%)YF+;|>SZ>9cVw*cS3NWRXWBngik#9L87d+u)gZcStA~eO!=3z>0 z&It2&w~yC1q^qLcs5k&yAYfu`rPfbd)hsZi$C=4OF~6{f9_+?4d3q(4~|CD zp*Tb%4iBqf2w;(AfU2ODo`(ui=!z^ z!_Rwh@Zvm^1D43#P||SxhniAh>bxaBjKOx_+-3=#mXWUYUidsg8 ze8$DUR5e{D4;vD2Y9-aL`gGYe4PT#-$Fi@p-38g3=z|`-&?2M zZFx6`>8r{kXrDrn3pZVw74g3}clqhhnqcm-x1aS|CBt_e zSFEGoPYwCJOLT!6>eGD19FM4*&Y_iLT@e=1(jJyZ-R5-PImK=)h@m;OZcFw;y1+8A z5!v{F!NyD@t^O}HJxnbiRvJn8iSQ7gx!KYw?^m%ecuByCG&{LmjE&^K;^;ZVl4;*p zC@No5J@s6dhmg|U@)t3X$UaZUP!aV-N(C8gi;mtIM^f@uonLfDGrP~BS*hBSVP0-JmDT@>a^%qM8kJiK z?+HGAB3tS5A?*)J{sRh%ec_kxZeZv=Uvrc*V3XFt_V4#Mc8%{^NlDP+diD2pJq6;Z z5Q+r1ESHSe9)|QS%rb<;Q9aBQH&LyQoLv0S;l(! z!|$4fTx;+Ha-mGQ!qxC;gGwH;1~>Ct4>(sA^j_H3{^`C*D&6kA@$Id&yT>>=dtr|Q z%f_ZJ2e-#G*Hd<82b<*BC$q}`W*Ldh3m2qtu-XD^1-5+)KC$}3^3M<}k5;52CEt}W z;YA+Yei-BW_x0bu9ss5M{GH&dw~+~gVdD(RmQdIW$G`cdYT%iy{mbt}nj3w<8o*h% z)B1gXuXkZA;`Co32j>GP-QfS0N~f+h&n})nQiC!Cxv-X_Jos2h#hP1}MLr#NurmIgw9u~9zhvy4S%zVIB@_po?^&dfUR_j|oB|po+Q?_^5UH<&jYk%Ix zKpqth`3Nl5A9~CuAO0V;(FuILfFg{XbrBLSa|%xpa?D(RR`_fo6g&>6ZyiGZD{=lu zV?7+p?RsXDjqUnShEEHQ)P?{5YOpY%S*953W1Ibe{|5)cqn&{FsF>}4r$v12tqzs) zWw4J=ST70tiFE=tG41lQUzyiQSm08Pz9-we36Dxjp$2I2>-rfFf5?M||FVHCq54>m zlxN!;dQUq+vaC3nf)^Z|aOCih>wooe@QtlaT{uS`wV}rwy?co|ev5*26@aFXe1T6ah{qE>%1^EB#vHx@W@(Awh z0tlr|@uUC!Zs^UZBrE8#y-$GxsNdiDlPq^FRa+!q0X#G?;<#&zW32@B|UxbzA{`b%)Uh0$9`kF#|K$N~I}wO&28UxWza>btZe9c2$y@=yeGxZYhU!|xt_5i$ z+p;G|(}DlyqWF>tDY@D~^2j}UagQV*e`&4`<&*0rr2`>F(58##I_!sIr+lMq{2C4K z(kpq?-hj`@1IVe``87e6fOsrd@h{mh9aaJ4#%rNil@5N8^$RGU6ypI<@$!wjt4m&$ zq#kgssVkPVqpW~zd~cTqO5cbD+gN8tM)$z#v?;Io+t+B^A0Xf>G68^h`y;cwvL9s7 z*iCY&+#?iyL?~FO7(sPS9@>uoxSpKo}$wFd$cHfbr{X#7G{Z&}-`*ptR-W$+d z>do3>6Uy{nOpQL%RX%%Pcm$yMy1$dmt3dUTxS>pu76%S)*GP}slw|Z`ZgD_YYva8Z zKdsL;e!XLkmC#md3t^D}O2M_T`I{1qAgT?3Us)Y%4wBb_sHqX8_Wr(dYYaU%hRmk# zni~7-_I20ay)=i)=kbpUp8ZrY@tVa8)_(=A%)lo_QqlF|rUfwU9u}c>0!>jOV%IFy z83J-vY&tU2>+oX)0~Z*88t^HSHFvMpXj%u4WP?$m9uavEA;5jjbR}kx&<7FP;wQ)R zv3PTnx$1PHTh)6;Izda5fJL|4ugEBxZ2)=!^!WNecuxE46;-Z&q2a_z^VJ?_r~7VJ zgox0HxqXg8z=N{`p>;roQUG(3ddx(7ati$a=mF|WeWnkft2(ojFnZ106kP@3V894o zq;Yz!h_;=o+@A*meR8gPTIEv2!CKBclLP?xW$_3+SRFR5%JP~ch!DQ`R}pZnS4OF6 z9gCNa&iFOpQMUt-@<#SU|I>Zvi>Ot_K19b@)>+`$hA?%;HBLCaaQv6!mc2UUP1%g< z=sS*>!{DryEkIM}Q-6Qo`C-dugB;@u(MXn4Bf&tCu{fZezghsgZX%!)iwAnGm$Xex z7gcSF{RO|la^nO{W+NSVR*P;e$H%OTvm?*BbPt$<{Np`|G2g?#w!h!%nQ;F5{m!#i zwmG6q8$U&;taxpEwkf0V>~LePmEM2h63~t-ub74+hw_zl0_{OyQBxOV9%gaIYYL!N zCS14gWrj`*YTS8fzuXE<@!Xs+xO3lb#$Li_-%fauGupV-?(v5&H6h3LKZkV%r19`i z)qf;A{{-mK6Ht5km+so*>@VllM(26huX-0ON0F9qf9Zj$l;PmBHWw)P!_FJL=b(%2 zEQa5l%@q_OJcMOsj#J_V@w`s~1=|vROR&GxR#R~R5ea5t6>}(z;x%EU_*V53z~3KX zdJ}||KSW9cGrK32-i4SmL|?u#na6+$!;0$G5a0Nb$q}qCn*i3c{|KyrDMk2<-=82m zvM)%dUmAK0rp?mnO>_Amq(0`*>2`C%;TPz8z%+}d6YlvLuXBIwmU#_eT3h(<4q9Jh z$gd+YnnIQb+vA!4LOY+H!Q-s~9M-yPRcg~c-r&7zm#+XEr| zv5gV7U$bh#K}gTl? zJTWT%LB_|~7ljUG0MS!!0aq5X5@9F!l~{I1AtcvPb_{U>R3MilCK?!`>-02i|9eLw zdsPxMA(|io|0LJ6ATg*~8?gkvx%xy4@S-Ud(W!;uk5_6gUC)2s#*jJ5Sjn;=J7K>* zA2OAfXQl?KzY9$XmTZiuLnN!_Rb{vP9NW(DTn)p0z<#Qc6dWMH3!6hBVJsN+ zy5r0CX}5I2-0kV&9kqS(Dkd2?awe$VcH($Nk8AzM#<6fb!xZVWA6e$dX40!xUF6OX z!%IdwfdKfzxkEz;UQ3MlStV->7|7<5&T($QSt)#8Xeo*Ye>iRp*_YwvjN_(~6C(0y zM@EQ{5k?YF*$jbKl7&$wODL5bvr;GG1RKhKwnk2c!IG)fIiTSE)a{YUW($p`Pa26O z7ve&0$UtQOBt2&K`W#!E4jz1)Vyv&@q@XmVjg?ZNhoEUXQyXY2DICEZ2`ae3><9P) zIVinx8VXjGN+ruDWCRVwFZqNPUgNo#c+k9slAWB6!a47RQwPdM6BI2(r>*|;^tvj`4vcQk`Q2$ig)rCk3&SL&S95*7?Ju=sb6(?GN>?b7&Sx%lan& z&pWnS5{fR^KqH$0hMT3cOw5KQvH0M<2E+512qBhzffPrnz*w;(GA|GZ&r;q-3?0Xl zslP++%IH95Z#0O`1mR8)b1?;nRdmrLj`v>6k60Rb3-P_?c-jD{tp zVQ_lNP*fG@2ak?y1i@ue-XKI$BRnH@g?+<*u`88V;rDd(4V*WmuJm4|WjCdn6hM67 z%qNhe7WI?;#YbN!&tinfs$)T(#a*T%jP`)3_P=Zt=t6qHg+kL92C#rn_bC>)jWo6j zrJP!fQD;jP6(E_oP69VF@ROb@{0WQAhG;dQMJ-VZE%#sFgtYN2r^pB}+puB?7kM5% zrl54~A$f#iNl{dw?J|&&RY2j%5?`HmUhPx7qpmVNBC2_LkE+k#aX8=DeQUC+NA#&g z7CJnbu9thSo9LtceoGs7D|;G8q^HO4!-==`OF8yxaU7g!AHPV-|KrS;w0~L(Yp1*! znXs=UONF=}C(vk#QMC=D{Vso3DssFaM9#`%!nv(@Kof&+70NO%LQKTeMJR-dm($k= zErjxR>eXK~U3leixA2;yiYd{g3pC&G88zjaV2|Qh5`2*h9VkyFewNhf(#|z=ZDlP% zhlz3+p?uNJg_J&8)F^mYwDzJ%SfKAEF`;yfEz3|EI7cODp7ac3_-kBLpsBq&R9&y@TVw_tal* zG36W7O~S&T8w5Y^KNulihU9%QbkTG1-L zDn8%%$ijkK?*8PS+OZCAHo8ynR8@n>o!Mg>(VE?y^-kxQMS&nwblT(&-<@OTW17$f z*ESqTg{4`h-!0b*hM|!)7M0btcEyWij(!#xPK%;UHp?E3%p!p}QfrKed(}&7)aLD5 zOQm?~YUF|u!tPi&8z-TiMAu8pZ#enb9phe2w&f1XRIsm!crM$C{2M0-CBU1z>1}0u zuUBu|Ri!v0j!w6N;K3fwa~n!=wlyyX7}t<&q-RmchqhV6<__i$Fx>#&*Gn}rVsK(u z;ljr_WliPkv9(M{BUUM0!!DgF>nKbtOQx~Ymdhl!c(1cmTDZYds z^JfI(A>~546cCu4fOi>jBgx0+Q6~L?1Jb+N2h5Rrwe!8l@yBXjnXyQJxq{}UB$i$x zWd6iXYbpMTdS-A#(G#;7SNO*_dQn;MKTrXW#%{ko`o-;Zfh$g^c=P)uYrE9i^+RlQU zm4zcJ`%zE2pHMb77o$^Wqb)h=Vc(KsPBJ`0=kpxAw z)w2MqEp5taMZ-8hH0hD=EJHg6^a?t>T_Gm)cxW+hvA*l8eURdV)WanBX}(t+o#{4z zmrL(4iWHU^G5v8l&RhIgG=!fvu?m z=z=AmM}%IM;wibM^oA*nU5?v%^hMo&^uCD?KWrMNrE?M4mfAiy7c$9N*wfAMNpxi! z+)G!zmfqFKU zCqn&^9t{o|tGnmI!E7Un->Weavzf5eXe?={qY=} zJek%8X((j_lCFEpJ{OB?nUkwwe@RXgnJ|X> zrM8;P!I>DGkV^SRrYL&>e0_16W9?rDP@~+QMWakXOv~(aUZ&3r*lkS2rx>wLAZ&?@ z1CQHRr}-u0O1Bb2$C_a(11tF1LZW5?@BxbY2LaQYgW-$(oJRaJAf*8>UL~cK1e->> z-8BPm61ck#PuISUrwCZCcM0_pU$o~$Gf0XVZCL|P+^?w`-|^kwd|5k(pkzCgY+yrc z2%?yp+ygI9@-o1FeRc}?&DzC0*6o0tyIf%RYCA(f!+(>w$V{ALpdI;=Jt`A?0-4_RM zYcFapfF#lg_8$e?8Wvhe-Zv+sCR`t=|I$5B)AKu32Ar+EtqLBeQ)xg{VB z{37Bluh%uOetRbtkI`tg^$-+>2N}RScc_dN6UP*X$F&CM0R*lHsqS>q!CRyZ_CSmZ zcx(3?AkcV7VQ2Wt$5#GLof(~hS}GJ+#UuIgtab(e4d+|Nt{QkY~{hF`JO<^*si?h(k_ zyBcMIT?yi`mxpRe^WklfCLI8_q~1ynul^DvAEnqAH{7C4lMyM#Jf5t0>u?UAjG*_> z*RKz*pT}F2bZe!xMSChg1c4o@l_zt($9*5=n|$MUW-p>Rt}TeS1zbmrJ-hdM_O>9> zd77zHi9m=b{8Po8TN6?Z_mAIvNSN-AfZ9MsURSjNPB6-G82744jw2=ifjc zXoI-ixU$wRumk;ls%LCH-}72Z0nImM$x`iXANLIWrv(uDVvNDP zbqH3DF}UJga}W*Ssc%pXjA1wp6}z3>O{)(M_CB_`qCS!qbe6pwaj2D&i_@R9e(Ddd z%WZ}TAoYz0UhXl1iQC)w`WR%%H`aKWPyt=>WL3$U8qG|vp|cHKTzG1B@1ANkH-a0Q zLf6|s!6qHyaLr^>2?mKfMBiZkbOIJASSU=W9XTHW?8&;_@4!W5!$jjvh9XYod>6!vJ?}B-x?yYP*DjiWv`;{l|dH;uVCZnnVt{Bj+TLD zO}0K~oUtj{;SY4rEZeEQo&!&>3DepK)mg_E!2UQwAM?ZS-1zwK$ONVq#~{^Q(6ytr z5K1iYaq>^0VMHuD3kG&yt}FmZ>)sNqermlSO>O2P_%oT{t&a^~6NzbEH3=9sFf8aB zjq5uzae5G33rirQ6UkZpn)E0IBDB=GJy4FzfPWkv%X5rqH#!E~4Nt$~`KPYXdsq_L zKR~4J6F%yaaVeopAi5cvgjh)Uy0@~v3UvNrVM>irrDgh!xyfK`2mw0&>^SYIm##XJ zxWlQ)OCjY&9nvA*LctN)l(q=ZRz8cIGZM%~th>l6eFmUM;tE=%v-5G9lsms{~bEf!#RR*$k7V)BCdgK#{t_j}n3H3I2PE*dnR+_Xi(YBT7u=!9Ra9I^>U2%89{7xlWAGWq` zd@`nn?}+S>H10t+CGvj!w!p=SJPFnh3lg;TqVkSOVKj^U{HV*k2|#G*(KH)D^!`f1 zb%^fjURXL*cFM8q-l8MeQF_LTc9zy>t9~J?8?<{@VjHtvL?a#GR~+xjW)W1jLOmZk z^5$gCJio$7k;eMVN#k8y+}0p(LaKdEDm}9f3G5(SMa{TguJzKr8;bc(MBR zo5=x*=7{N3mV`8qRZd#l@WmsQBpvDs!b;6-Y{;!A#+-(bT{vr;snlFSD>F_Hc!X~w zL%fOwZ#9HJeg&#*!RtGLx(p}vWIio~d=@wZa`Z40DH#T`#hvyzGpOK*?36_0-NyP} z1iSNH={fuaA5gb~XxDQ|F*-?|dr>0_;sP$a3HcdcVeIbK;;jVNZ###j_u&^cu%Y$8 z%V>j2$d1fHwT!*~EV}O=h;o!o*MiCW4XqGiUq93jYi0mgm=0yu133vvtH!l(8nUTb zECWw{jBkdTub%{@Rqw6k_xC-#W2c}kLwgQlZa#r@8Vc(k4Hm}TZSQmd!u4VYWn|l} zkgm?E@i&EDB}O0tedj~VUYL~7ue*7pLSc#+0kj(ur-GDN|H0yPL4tfAj1a0_6pFCi z0$M)B48*eaG&jwGkb4*e?Gf(1DX|Glt7TG2RirpooYJZc;D0yxM%V(U|Fyca29?~+ z-EhTVoLS3r#L!AnlL_kG5w3j)XXFy8`;Mzq7|r}!3x@gBj{AHi=#vZTS zlE_22X*8H_bH^d3JOdU+ele#ZcwWp>?V^@&_ErKqT70zQUEOxq_rKkFNU-nu%$mhp ziCla4pcl5A^z24Nq>Nh*650~dmjyY#n&128_A-~=+X_AjJZatTvVGrX_9TNzOPhX( zYn>r7fspR8dmazGT`}nxzn7f;BuHif!4GqRGT?*`+XXB#PUa8U#C#gxxH`)4{(VG zW>qG6RhFN8pOKVNs@j0<=#0qj5@eWHOEPj!inL|3Tzcm2*rp@A{d}4>U_)AYG_Y^_z zg;`7THYZdPC7H$%ybTk)p%tVg*9FzHu;ta&Kk1v#jwN`+<1iOX%Kh=jnt14}0^-&k zM|^H9Ol((4zng`EIU^53)*0aj_AMmlu!4bv4_RtKOY<7X5x#Qu8O0A)**594<@F!s zX=LC~{U8zz+HSE*qqHk}qgQD#do9cH_H`bFFDgof zzl%j>qBaHAHh0Il{+wBY;2Zm1@KWNDLbWo^7CDvZgyAFlP0rcBK-YrhdUe7wYnybd z_2Z&AW{q3D1i!(Ft0TO!g1svP_KXlk^YmBC)bpz4+{oyK+VW-3UW&T;8kqFfjyUVv z<)g_imkQoYzM(MK;w0f8uej}`AcN}1q54d*B*->#Iy%n3Q;F40{!{bA$|I)L6D1rS z_hY~A-Ch8<_$rg0?2&SkPM_HqZtEx+scf{y?#)LWGBX6UPP_H^vBT1hzY=B%1UiCe zyj_Hyr;JDq5S~FPE~_)2V)!HFmF(CjV-#x>V${(zuskXI(PG#wJX$2`*2kL$b4xJ2 zMxKN!M{f>NM&kq@P8yxLhQu*c8<1 zQymo6E)de>s&YPsg)z~-ed*Fiw}`1cpXz9@>bh8J7ruWxe_93KJ8xR%2ja&uIP?tMM!Vu$c;3G;ur`s*>BeXp6wHT{UH4DrQ_aYlCksKAjhi2Z#x;fp6p z$6ko!c`2c#?U(_@smRO`#R1X1C{LTa&(gr{KbqF-yQ(o_y52DU@8reGlx4N40Y7s8 z_LjPo_+RCuq9b_4VNKc(2!dCc;=Xar$~Q$2&dyX&)lwEaTCaRmD8S0sCy288 zjUE^8!r37B-)CC(1pTaG1GC(YuqV1&YDV zj}qIcwUV?Qi`vI9p=jnS#r=}X4N+Dp({kQc0zL>TY1qDq)ejO&WVt+5vXDwxA~_V% zj!bVkt3NmM#9}#QDcU@mkMq{>53qEOV+~(%l`TwyOM9u6sOF%=#i36S$sdIm}e+@m*IRo?bZP89We7J(bAVF^|F~FYkpqMb@FGc_vzfk{_+gNlXrAraAS+n% z+b=UEL64DQb58|#6}S6jMC_s{ht&w;je6bVzN(Fs3@ou%%5x-ey9Q_rSqbqvPb1~f z-?jygj@L!B?*G*+`WX8|Z*nke@b6m!b|^3jvK7^uo~J5#(!2MQHd-Gis(zGQ%>DH)Dx+d(ZDfdI1nZwV zmV1xC^L}hSe2eo!UCK9q)kc_m>UQltVdUFUG&|c!V^xIo5Bxu1J!!=^^q0`Ck^h`% zOL{g(kMH{PtJugtA%=>ftQE=B^rMsgUvYc-*(~qk3$|YZdD<^%xaPae2k;karwPMG zE+H25<8XU+{v~ZkPUHCsWI+eNO#HnyEB=-rQ62Nzd zcU9JG-OuEsMU-bjc1ic|LG8&yH`5FGpo~w@s3s!iWvU7>t^<6an4b#$dG5=lm930` zypEO0k4l(hW&yr&Af3v6NVpdF7y7$P9LZQkadLj6W$qzmyoOkhB+P2g4hwUrbPBIO zCj*5B4?GIm`!vdL5nOl7bs6aW!=G;aB3xW`+{HleTBj$xmBU4bGyG^~s6l=`I^aS+ zp+aR6F@xV*!u&{`Lyyrvj3YlLC;YZ zTJEo*ek6o+DJgkaWbVn}QTzH=QclJ~kMo1)X%OpH5$|I*_r=$G>SMibj>t1*@fMm9 zH-EEBSwYd1guM)^bOx2unP{|?7YZi{>vB=uE`p#O-r_fPBHGcdIL>_ZfK zBl38G`+M3)l(IShz2DDRR61Qot=z(pP7NELhQEL=2zqyG8+~-gCe7EhA&|h*xBQGK zYMk`D3|Y;Yh3s*rXafA5e};2H)^^fTzmZv$BA)Z$-HK=&ogmWX@WOulJ&%1BVZOW{ zWhqu%8ppilusXdkLEDZliCSnXE}`{wqb?t>w9^xbtna zYylp(#ud*z1_Jm$9tDfmmlywZ^V3je3bP1)W?Mo3M8uEU3fp(Ri4i!R*e59YlHMigkgsAprN;Z9b z!O~dzMb*5@N`j=I(lrPqfNxMY6X%7vF4KkSKi3U95w&G=GJ%Ah?&!k`X7ci@IA(+7 z$IQ|!G>YM&T6Sxw(Ym1vJ428?B9Q@J>^P2x{(Z|y_X_S-i$&!3eOVyvcN)EHO{l0)BJ5^<8TGa403Yx-AD<4E0nR};oQ=~~Q!j*=1x=wfz? zA&?Z;$Z6tqqKXyxpBLcWVM$Bd+dU5vqOd)mQO?*)*U$8}`Yc3r68ya>duDI!X71kg zFq{vP05qcXTRyZ_Q(tN1CucFbe* zO&|dtB=hw`9TFc%&$}DGMZ@dj^UjXoH>SInEoPc)5=J+@ml&yL2s@L4?ZVFU6eBH$Z zAAKi;_+%dK5YWmseJ%P1zl8Y(;GfLN6U{E(!O-IiGfACeUqDT@lVG)Y%Ax1-UnJDR zD*;zlh*1T`Ptv#mdDTq9=)Jjgf8$=+C{x^nGWW&$2d2*#c_2_^1jOYJ5tg2bK1()q z3D1!z1ZojcE@vjgBYKi4e@k?x2!K6XAH!$1?1ATyf%q zWn`9TI%I$B_@eL{@zo@C1gN!eGI8{^O2y{>!+w$bR-B^CR9x&T)O_ z%O~CN)`$wMwh<)75m2mQ*z|-sl1BoD?>IQwPG1;8&)?KeKfu|02_K^HXY0S*SAGw3X})z8(X6F!t+?(~DT#c# zAdJ8P>5tY*PqaZ}CUQu4!bu)6TJVfKJc)AzvPF!du!xNd!JMWFeo~Aj!NGA3fd%t0 znHAsc?FQlzgKqj?!oQkjZ5|kIf7E>^7(;nn>73||IQ3?#g}BQn(BYM_pI?mufums_ z0?(`AABiCSc3Kxjh9;iEg)*6t_8ut{639tF@tE{(&Z0~WI`aI-=3#2~N83mxfeSfQ zki4KDH+40ldjACIwgu1b2k8g}KoNXhc#C+Why)l}!RXP}v^4ZShR^UhvkA2KljA5= zRDzC(`{slwG}?Z{G9uB3n)O>{DU1FPml)m+?78L7S9eAZ50!5<-7|tk(bd}R&$&E>!rK^(2s^@O+>FkQlI7`AJe;~_9an^xRVZ}MKg_WL1xL&y>B1xB80f9@6Z$lE{_nMQ*7DWto{2qcm6aW2&epe@|QYBXjXOQJf7W(8M3 zY+g{A!Se_ic{@v{bTk*+Im;dSxsoioG?+CyB#KN)ATu763I&aT)$cL8reWR|OkaW( zrsg7`|0b7LHydt&5te()u{j((6Y@%}Y#!oA&06rDxf+oSGpUnKeS-76!7?;18x{k} zUm9{iDSw}-2u>2>HSzRQ=k+Q{i1j4aqM@!fj9X6m0BouAKf>DO+L4){Qc;7@nOCRW zuCyj&jUfj{BXFaXaF}P3C5O@UBvp|`&<;pXF9h>fc}>inBq}GxmB+Ai@GkHnor=RM z_JMsJ{W9exuSvO-o)($uyB|>}U3+BIr_CZEmS05YqVN^G4nB8WDVl+#>)DIYxVIen zZG&>zSO(JCN)v79{vEfP4A;#H^A_zK2e=Ze3e-DT|2vcTi=odlQ<68wI~a83w&5(G zXh*m}{k=m)1k&DA09CKYz1h!FfR`{1nhIo^3Fbq(@^+IDHxQ+9dX0h5-j1XRq7F8V zEdJyar#y02kg^7q3l%*AwJH4gVBz+fJ5q!T(Be)tDToQq|5MmkheiE-;nFN1urx?6 zAtj)qbS{kwf|L@{NQv|!A>aawpdcY2un1q2?(Qx{KjGM7H479tri}*jhTez1|u78JF6v*Ob$CGxfxl#Sh-TQzT0B338u9S+1cYEYECwSm^-40pk6i?NP&>xpPEec8^+BswIvfAAnGv- zRB~^!GNm#I{4h8r8U#MtCWE!L!{DyPb z5xnq!Rb5bJpB#6LCux{L2Fe!#I@H@7$`52mO%XHv>k@JO7XI3-bhbli={4BLgcf zbnCEtPbbHipj&8Ryt7X217D8uS;Wl58*OEMO;9Dg z%e8zk*dW5)yu(h zc-C+h=3BlcXjVd_0WiWU(-C3C~-31ZA@fGoGj3p4x$5?mw z%eSDjdloBbhWybXL1i0^X(Nldxnu*a>`2*3 zO-c&Q6$XyEwPlW`;5~`He;Vys{AJquh@LatYaxYtng5s`C7PCnP){^O zb!PJI9LHXp-K|YZHs3gAeg81`9T&m?`p)%2H+Mi#OkVv}jUTb_vH>zcVIz@sSGtN^{y;UQMR~f5x-4Avrqya(L}cvBYz?cZD^LLU`^H zx-Hl6kl-x|)q=IW2QEDa(o(dB?jm2-jlitaALpP@v)-_L(HKT`= zjDLr$j=r^J$(eKw-Opz($Ox-mIIzce4e9=7&0xl{5k)zAe^~Cojdk7`B_VPa`I2=a z{I%BU84M}>WVeMZMvFD6Q-;;doTfiPZxKzN^{G6~o~4CGn`w_$CUNq1z;SO-Z7u!I z2M3u3|Fl6FJ68>Hwe@c=Dnv!_Kp89bCg)L|8t~hFF#(1qHux@eZOdl|#`@dI!oS)J zCCi#TC+i-|Dl41P18}1GQu3nH1pDhJSq+E6jko`f;Xx>mp$N@|N37hc=>Nek`mjTZljcKfHq;F43SKH$*?dViHAQ{F*b=Vs#%a` zrY!2~xw&aAo8FGUK5@vuN8Eb2vB&E1Iu9ZgXDI zO4Yr=lJGvhR2c%ny#k)R#`oSQW%;8j31j38DG4j7wI<*M zKA}AKJ?HV}3`3_;(Tu-C8Pl-Pe}CQwHD6Kad(LTBWS(JN#b8!3`qj_SF7=TTIJ#S_ znScNNv4nThIsP1OszVQ{-`zSDv)C2)TD@c!(5F}Zu8ti%b{zcBxid6?{PZTMQ9pYs zq}}uDkfKcb{pyVYU=%(WK`nVhTciBTDC$!6uS2v!hrACf8D=lLDTdSE-V4z^B>UG2 zAE0y5?V!v&2EanGKk>q2ILV_w(cy)t0<_)$>Z7VZ;(=;Znt8(sUtHc@Rb_+!7_Sfl zEv*2OI^zb$Hc?B_d_8pfro052EFgtJ&Hnj%;^FX6j@Pj)r4cwNR0tZ9zZ@#SCMIxU zkHjIx-$wu|#R1gttKtow@@J{?Xu1V!FpvcO0_fSy{jTgA^reEM&cJz-f4XVu>#=Sf zA<~F=m^;|;Zxb8@r0;Qvxd3+{Hho5K^1{~PQAXxmTRLfof-4jN>L|86r`H{~8(pHB zj$)jrYAZH>=9CGQ55PU0gC}V4{%zzIB_6;F)sZuc^>#+FyI|2KoyY@^0gbrlx+FoQ zieMygqB~tL>M{E_1`9Mh67@gv z0Jp>yfE&%ch70vFGCvLcNEPk65M7W=-tXzEY{ny-(ETprlI*?lJmTK7j8FG2wkt*C z5wo`apKSg(O?-Xo>A!Q~d$6~^R=My=$hpTRAvKF);{xQXMm{Uz8~YB5&2K;WJsD23 znYA`p@LQGnhxd4Ulw9fTa&O5!@u}i<@AC7$u@bSB(I+E*N%WO1@)s6@`HiX-C+W$% zN&ucLUoSAf4p2VdXD*Itm@n5>4raCG%jiBD_lZqAi5gd1v_WTvLHvgC2Ksk`>2>RG z{>>`U;szy&+D!o5jJ2q3FXVN9s`O~*J7zm9#;pPz)y~GPV;?#=B`Is%<3MJodCmoh z{r)cET=93LO7-EVu`rhgCI_j@3u5QCf~p+Vg3CIa<`P+_UEZ`YI&Jx6{kxeCsMBZH z4_y9CEgDH@KD+c0PQt7Uj=Y}r&maGFf6`MV5_os<{^x&I)!0kI3R#~UQof$C^}B2! zmpycnUL9(zoXX7`_aXMK$f4n#`269Y;8aTT>(9MSy~6K3@z61L*%R6*U{DRMt$X$| zeG_QP9dvCsO|mkWK4-3Qc66TDHsS(8cxMpxxaS6bckE03FaC;)*_=d)SuHmP~FQFoa~_H8HZ|~ zT~v*iZ4SwLSFO$ZJKD|qR27u8%$fzWf7Pmph?3|HxNxmC6}8N~=U{Sv>uqx1y34FK z+9_+=FG8re8PDhG^UibanO6})RqMH4!)09g8s(a=`hVkZ1UVL#e);&UrI1OEGmp<_ zE!^T@pS5bz=TH{vwBGplqt~!#oAX}-<}nfZi|0-Ksg6Gqo^;wiNVW}gs!wP29{)Wu zABg{E+CAWW_=W7HiSO^VET=gXL;l)A#3aA8ce!aTE4A`l&HrF^(U_^(&|5(a?QXsg}6vD;o=3HTcsVQdwDtESx0b@IuWXMd`;<-9r`_amdf zM0GaUM9sWxXxJT!g|*ukZOP_uqJ77M$%GlVd>4u*v?h1%gQ%-VLbI`?zc8JB(eNZQ2yYx`RA*&46d z#TSOnUtMAPAwfS*j_v-`eAjAeTg*UW%5ii@w27U~%Chfih>53_FHCKC&AtpC zt~ssDxEGzDer0w(lJyRoP4yZacqHGtd;uoLLVT81=BDYZGzV$+DIsK<-{p@{v5n>A zg1?oM6YtLZi{(aV8DI7e9m<52We6wmb9xWPfss>rh%p(skCSJ!^*#fb>oixa#jrN zJ_tw&eCnF)O8z4TGkSOm#zWyEO5)VS*LQ=F`MCKUtfl_(^*>d2oT@9mMJBg1A3Oc7 z7%5He2X%C%DM2^qG&4oL2dPK#LgSX>xlmzv6%mVj`KH&Z#lezuRVb#w+l<9g96j!W zepD#>E~W9QYVSF%K1`=L8D2SoRUULE>-nU2D< zBkt^sq zFX8gRpa?N_PWkg?<6IfGoZO@3i2lu~H??EHQMBb=0xr3||KZg1#AaR5=Fo2r>4rTs zSp9mO;%LaL8~(c*n7h|r1;oj^kFp-Di}oXL<#Z&N+(Bq+Z4C6)rv99L>Rh7_iCy>H zG@tY;(n_~yP_Uc!sdBDWs++S<5_SCOJmbn+w*$1eH@kIO$Xfato>r$9G9`gIxUqfC-v`;J@;0yD^It%7tswMq4a`_F29(hDI(r;$-?iczw#9>_O)NuQxO zzBYee>60cb8Qf_WK3FE>dUNo672(REeIrJ#d?-5M`AC-*9xs0hTqz@O#r9MwX-RN!^KxC;Vf_sFPP zx4#Dbjeqz0m?wGvr`o{;#tuG4t1&CRab5&f_3Y(Ic=D%m(qLMPk6vR>qcnWxEx>jlB+?ru!G=OtFCIFu@ob5v#n^2+yJXL~>Q82p%=>XsyU-~b zcs!KGv3#PLjRo-#6X!J2s08uUTz*!~pQPN=IqA%f#I?|MQk1bfaKaur?wMug6abab zf=SylALSo(UF^)e#$w|yeCx`)bi|gv7&=d_>Ugy=WqqOJd7~{oYydKi$1*&iE#Af1 z5|J5S5ro15a-vB7^5$3s`OZ6M8r=j8Fqc(xilh4tkYZbFFPJH`GcXgv-Bsx`B=jojaq z-j=15>>{9Ur4m5UqH8xtd|ERswZkJ~j0T|ee+NE0I-T~Nj+N%+--+V$v1)hs`bqVA z+oR%7df1c0J(0V}_%J7*qmL`yb8C_XgJ|GD3++|HS1Q{V>^A_nKV1~DA5p0sL9d_P zSy?sf{rXQ?S0OHbJDJxt*+Uj)nO9C2sE*t#-;~tat{3|A#t6-r4DSE$L$C`o!7Qs)n2 zSxAWiTYd>w)mZO)=9eMPqd9{zUIEfOd2{pThDC!fYR5l`G(?`uoD=&V)jBG%8d9=b z2v(Q~F8#`{=($mO*(2*b(k~z4+r0CvD~-`>w-$p@0xo-$#Gm)4EIkjZ$jQH`^QA$r z5H$~-XxzHG5C`ytWS?_2uTDI;*a9L^B0^;T&^r+NZ>p27IG)~m1DstG7l`Y@phw(b7e7(RdQcv$40*Qb1Zlv#kwOevwbUHY;+LMsNg{a5r1iPUuUK z$$hPhjX|G!CJ~vlN05?}KmGDb>JvyqGYbFDePddc3XQwSMfg@E!-?lYyrFTj*JfK3 zl;7LT?Stp$;OK$uPG+>X+m<4+foVVgK^A4hFfd%XWathoDuC@lZKI);gy8Z=O?sZe z*B9eA{7+LKp04qpdLE>_WfJw|7AN?0*TMR}xTCFLg;D1xk;>;U#CZy1_;To-YBjD- zDRyAf7{YNtU5bbXT)Q_{@_ej%N2cNf@?wut-sm3{dJ%-}B5Z zC|`Ix;s%%^2OHxyx31qQiH6*LF*PQ4fl*49@hL5+J#+JV)OAp)zTlr+AR8Xz1X(-0 z3MLjf!D28u8?J@&G2+GF&}>ADO&2y^DoWR?Q5xIC>yw7Y3JACmG#)LG)wy;<{|wu_ zHhvMlEa|P9!EKlAk$$zC@&Uup5_;VeARvuW-~r;#jTfD4*H24Rf8`m@2kE|}3u>mr zCmIU^k&=Fbu~^mx*nA0Mg{iT}E?RQ1;bbTlg@yq3S2nlKufr4O&GNziVikr0vkL`_ z5BknuP*`z9>jcW`USYYD?v&nGz8;brrrZSB)WCJ%uT|cdk&^|raz5hESQ;NSt5OyE zSmj)KKHCCR$TTbTN%5@IqAKOT`rENqjooxi;MOdKXZ~A2S5X0Hx@=6IE9{X3fq+V! z$>ms+^PdA&r}Mv~A}kWQIh<73doUZs)(QXow2#U^2VIkX5WcFY(_(418LdT~Aqw-* zY+4<+&gk@!GH(~4p8jOMS?3{LcyknpunnL2gqV(AzA@@0f z)}P5yVfjY25usrazP!4g?G7xZhl4jv&0{PpJtB8Jzr82Elcd5F!&};&NPpQ5+{;$ms#!hs%^OQAmq8{0g^Xlk6U4%Ja1qQ>wZps;% zweD(%@mPK!j~K_DEG=-*{+D5iO^A#D#{x2Oe>J`mtrG!D4M_mKm;^6C|IRx54WQS~ z45l6*gsSI)B`K+S-==wvJn;g;A5Q_vz^yTgY^68JN{!W1ueu3v3A}(X^&}8Owg42d zA9?87M#MsUxEHAZOaR&2z1CdejX1s>vbf>UtJQe$Z^!3PzS6G~U^~7A>gAJPwNf3x z!M+^u6#B5L>C%8Q)z)$51jf|w=obK_Y?Q9pI6l)W8B5Vh6eaF`lDv=)fO#^5C2Cf6i8g~XPw=yhY4oDfW)d9I7;6y$a2b`ab0~U*gs9oPR%Qv$^rQMwAjj3J}{Mb#A zK%0E@@AmBMr@Qvl>+PXH-9x%OEjKey-e(igNSi^MPd11K&Lrj{Lc5AR)7E#QULf*={-Qwx=Xn6$kHle2IzNkj-iVf_)k~AG=kDl zZTFho)jnbmKg+MK;QiUuq5=uV}Rh&ELMm`z=g00dyD2KU>}uR zy_f9d_=^;30RMsIXiWkD07F1%meuM&y4PmK=meHg1aFo*!zk4)e{u{?^Z{$<&CB^2 zAga)!CAG#4Xe*OW9dw2%+HpW7XpBMz(>$4NUoi%XIM_7J2oS`ltFWZs0`4-*7Pdt9hWFbBfOub}G}_Daj8QMv(!z?+376w+h8S)2fP8K`-_NQv7R zqJdYmCceq9i7{aTv>UHh65cTYTz6>jJ;ZW22sq!X;TJUvMn{00Q}7w!taJ2gCN0S4IPne{`VMSRr-K?V0H*FSeOf)sP<`z=VlYDhHPrphNpXZ0 zScG}yteS?eZ)#@mfx2|>cR6L^1*a(4<>{x_x5?A((Nq1Gvh1O0vS%1@0j4J3&uhTrrZE5h?V0xsVO#boV|XPouefVlA_~j*95QD%X_JYPL zaAGf@SB2JoR?d(bfI^5ODk5YH!j`0$QZc@6T9|6E|4Se&fmUf8My@?iv5&}F?(uHj z_FR1Kg;5+wxs>--N`gN?@Z_EYi6(tB%3@f%GuZVg(abW6h)0$>@BoTLkM$w`DJ(;l zSesO0u3#so{}gtrez8p&9^*IgtKw=k{8IU>r9#4;lxU;w#J?f-_(cZ6ZDPe|0E4g@ z&Wna9I~-x=iCiy%zMM0lqLFilbL+!-Z-7jeU5cw}i|s79=z+b}nBxfg7t51C+=XnL z+epp^Cxju5y5&7*JV#Ao6se6^Kd7juH~`^Ef6YC*Y+Rg_67*1PoO{Li2|w=|V@t^Z zoGfJe6Xco2-^79I>P)W>*N49Y3Tbo#CCT?)oB9^A6K4P1ndL&9o zMHVTF#$D#yCRZk|;hhSz3$lI*FC1G)00k-{YbGisH`!52a3{l3WagxQMD5O3mY2=A zUVy_uwEY8I(?Ns&kT~FLWRQE}qlP#JhRSRG09jU&te_fKi$_n9(B znWRQ&X(F2Wjo})g4^wUv%E)_`JWf#7IPfVFyxLWN2Pzbxs12?io722`U@=VT*8Po( z-K>?GW7O~Y6XzwXsxixmkSIx#nEc(nphc^0wKQc-gWtykWdc2Kx$;KxwMqrLNZB;9 zu{HFjm5m@1&2*I>Al`@P14FZ%jw#v!>Y|v;H82gPtD;EWaLUnA6@Hk}esa9N+^*9z zQj)+&3NZkTZ%uu@#X$~^gS$Yuy9dPd2!s1cg+g96%N;0~GcdxdTi&sHFctwVHJ)f# z-^0%jF`53INVqJD#c~7OnZmqrMIwY7LYW}fWF&?<#&pHcS5_Khq5jHor2-r1YX+7~ zE|x#7v`LUu)N1Nvf<-&^Z(Z@(W8NM!d5QJ|<}~AktvGilQ3>vvH3Q6xNYh3{uyKnJ zhDNuW-Xb#Y{3ws&TIN~okl|KzJE-u$~QJ2*QwSuC^Yy(>B% zBOLG8f)G*EaB#;Uyd|XC$Kdr25evAR0@tehwiVIw4Fk4dMF`R1jwrQX$-9!dR{_NK zhjb=L`pVtcC)#Hca3t$1D0}|Fua9Brir=WTw)_>rI(UZ@Li<$!Rqjy@qexUUSCL@6 z?5YbUFAw2Uf>>}h@$L)6H|&$#>DW%n>NTyu8Lf}xdd-n^cC9pY;O&Zlg;^v%-YNU# zks601)DXq%de}=@FF%Jmvb;uR8N&CQLsPYJH+R!Vk8;vGA$7BKP`koLcj?;jS3Zp} z(QO!-q5VdO3W+;w6#lkwzmUd=VmCE#19Ak@WZR8LaxyGQ@I*)~r*dRXC`vJ!3yDDM z`h0XRXp%bc(K4)+%W9>fl=vdHt9nP49boJczS$I4LC_9WHl5BcAgG5uB8F2M*}sY2 z`(QJiG=-xM6C8GWMxwKPos=XN$+cqvbXQUy%Yh~MU3$^|T%<8QRTfeFd)K##p0+vG>Baz{st6`z};y-@Ok1ylEf z7`YUTm_i_RS;*P>FXsAm_54s@WmYtGp<2o#-c2s$v0t&l>WVm=(MO*}DG&-Kw~Bx8 ziamk`jzL^QSCudg9Hir%ajgO(OJ{jSjiedWa1{gt8-+S63>L}mY(?g5RRlm}ILflI ze7J3T)v#V@5QGxRjMuX#52b*J8D#M@z`^l~{0a@PC%@*HUXV8=n11{EHU%kOuxYu2pro{9A$MX~GD8IZO@&8@epo(L zi@+L){(o*<9nkcM@G3YpArV1CB@5a?9%Tak4rxUPW%}HLi_uS>5i0vBph*5f8UC2Y z|A1t1Re~^(e1zbV3J#`-K#PpNGUvi0s13TPG$DMNDb^3=Q$1pr-q|6CpNOP*2L=Xa z(wHrU&%P%y<5iA~pmvku*xkpq49OzFle6tjgjy0P+J&H8!dZM1Mg))Q3VbAXNKwsaks!389xn~QAYvmq zNhTF1pxq<12pk9}vugHh9#m4?|4G5dpsXR_TSJr{R)Erk2+jx-(AANYxIKJ9&Pg_9 zb(=2igU>WN0xuLLfDT)dSmMkmYjFFf5+`#o1(9CvEpwjOXIDyyS;!PtAz5HbM@7Gn zZ9kTrH;{3!slQ+P?qTKZp0H9o^~76m6&`PJnsMvWG`!Mi(PRpG3h1d8yL71duxiQi zWfx@0#ksJ%pt3SE})G_Rs=ya zdy7&NiEk^tj6UiCimryvv9QKgA}Wu=6 zo3?wLBQvrla2jIST80@yxCPwQH0jPPO*p`OJL zG*NUGCdkzwrum5c(5?(Rs*tSk;#9v@>t79zKCyYG6v!>t=myM!TfV2u**7Nb2bW7c z(}~EPI;CAE`0hVdY0B}WUgUE%JNFQGR%l`*|@=|Oy5nc{;`+WT>H zsT@O*1AH>%`y@XD83F@1CNPmuF%<~Oyc2-EpUOz`K*Zry9CcV70w@Q!E0-#i6>3g! z?eBsj?B;tvves3j8a0o(0tFlnS}J@rL-6Wn;nrS=d#f2d)A9phAxa)ez=pG7J%#ab zWtDcjjUIyoq#OT`O14qGmA*;Vc4Nq9B)>oWWic7mp}Cd7)YuLm`aU88Ab)7x06Y_U z5wjB0W7aNm%nh+ZMv&3=x9rFy1NP46+l5m~MleY(2#<^*>b{t-xhNjI4Z+4piB5pW zb)2TUSY4Fpz;bhkr5aC89RIx1bUC#d$sf>a3t^z(Jm_7Fs+dt@wcs_81aJTYwa=vj zprn?+qvrzRt?VYq&|AJ1<7Umfg5PK>^KHH`yQ%U~W_}pp{sbGR>Zir%W?Iu&TX*2I?bo zP0kB~>(sUvzupUq7soOvO1GPg;vy)u6V;ZoV6{-cYa0jD5!8n-k0jj5&w0zqQyBL= zs^{OeyjZ5_@MgU~!E(qTqAKN^gFheU{oZR$p3p*()phKtj3J4Rl0qHpPz!te_29P` zh;(g;v$73Lvj*w1>ApcCwsHJn5A{KA`f`Oe?>nXdK4%sywGjI=wr2yO`=s82S6bxe ze(^xFbnqF2d<1ezwExHA(@V*1nwg5TG;ak@(rr7LI0V=I67{&ah3xJdSDWF*m3glL zNHr%v9-YcK`J{+=*=;c^3;=q8_KqD!&~NyObTJK`*Df-1dQ0A!{LPnhV4R`3lko!WSHE5{OXv>9c6qFH;nSA+B>X7LZO`C}*LTQ;4rcG&A*FJm6a z8p-9~f=?iZF!looc=X~Uij1X2k;d|ehpYRCPuRQI9ZMKp0i*LmHCPBi@_PUA&&54G z8E$%5Kb#^sA+@&tD3o+#se==`S5ljSB){K{zj!TO_a;aHNC=c(C5@xy@hWa;?uvie z+U5hX$EdNJEC*9hnE_NN+6N*$NeHSC!?JG26{xBp))0v|LG9iz)vT%9RI;y|m5)uv zKimB6evjY-3*Rgxec)rl8@{BwHgBgdF#n8fS6lt^YPyj@@bi9litl2#3fHsnnowwa zn*xekI)loryOR-7+Pwy2iLr|)mV@K%$h@TVf#38hmZqOkZ)Ms!p$^qV2plVMcf<;Y z8n&&7vl+J@LtMG5zIRBNsms`HXofkfI`+%I@TGT5F6 zPlGN&=uWgzH{ihoKLCrGx)II zr)5x*K*-Vc>Y1W%%^3GgS~%FgemXF~kp zzq^MmCr#lPNDg;Y1UW~yuhQyb{M-~*E1Kgt+Nbi@jjkNysuvdSB=AEh0andtEa@Ev zF7skYMVOw96lw#u3K0qU9zs&|9c4mm^bfA$keCR*^oM8$v3JdX6pbOga4stLr8_@~ zy8^|05|%hMq3UCi2rd>XnCkPJ8Sh>%{VA3{cY90r?3cR4cJdT(<}eK01|4tmKm9d$BIG;(jcuwUr!mW=ay;IpytPc zft@4Z96KoJF7~1)>(&g80ptT}w{9&r6zvv_1=^4DoA{uzB_SdLIsfom}gED zfmh$63^QdN{K4D~a-)tBHjCf?P)sK{j1~r$BayT!*M5;2=A?MACUVK^L8cSJH*Z&i zqL#lIlOiuxpfE7c(^B__mzV`JHm7fi52+mbT75`_8zzD8c(V2Pr}*p)%Qcdw$hKb6 zonDPNT0E6u*j0*N?kXqNkrq<=nFHj+&d9keabP$lq1CZ8En0R?q7NX{$(+TXC|eH7 zG&p7u*X!rPJ#<=asiy7+e2jHAI3FJiPT?!UzukQB6P2iU%z!j2ITy9dKm>HPhtsqz zQ;sW>NJCHT_g-+-yh3nd?kspJuW~4_axue;t=M@0i`NsWdvb$yKh5+H=2NsuR2M{> z*9;A$qc|X3nojZ={cS&*NfcL^<*I*-h4_caM1Z_5M-ip|6}FF0>T2{VX~;XDZ(&FO zjw|ml+OAK-(i1I1rDe;zPx7m878}Iii4X~%BXq~CgC6lP@GRlzL`6_<@n{FnF3NI< zAcOf}%GVTw1388wSSZ~djA;zWiXmmGNL5>ygY0->`C#JsxFLxx5kcaRU)t)|ktt{7 z4EK>q03u!e?S5=t0-+coLV!XxY3=C=lVeB7UM?_ZU#WI!Cpt@&2`bjVE+1j)zDT9Dg$`%6C2P%U9f z>rc@_ltOP+NML$rDbATY84ATzw^5|6@4ES0q!k(o<#~NrKftMF(UdX0_B8!?%2PDG zB&M8cAttvbRG}qgtY-9;7?sT89ei}8M+S1b3M0(%V3lkV$2Z--@>!Qsu(_qTc+8Id z;Oou`gjDw*xIz#Kp{v65R!MUJLH}pPH*hmjIQh;z$X;K&%-V*~D>F%oauyQ!?kpQtB^mA;A*ybZd2JP|G+*Z zdnkAMV~$qtggWnkfPAvP8KDe05~esLsZQ&v04pcm#<9@JftPgu0XhWj5Y7&=1>Bgv zgQ>-?C`yYbW|&Ha6WAXVD*z+k&zLaF%LE^Yi=RqM7pPqW#X|=u_2MJiGn`2X=U!0t0l6$j;-Ieu;Q-b zVg&alwGt5wt)T^+7EV6VhsS*4%s#!suYL)-swdd@DnHS&0yF181nZef;Z+(N#i~^% z(xM?=@tokaw3AXMA~&7syiD5}ZsUB2uTyvRu1AgE$?DGb#Jb|98BX#bH|+ z9uK&)gVXftSA5v?ze>oncK}Emtvq+q6*@k$>3z-4JR1`90P+A_t!c(A`|Z_6g|ETq z|6>)BgCGWS?e#gioT%8%;27|73%nknm)4mkkT;#qyX4?O* zyr1{AvtU7aOhLm|t(fn@hRKWJdvr(zpbEFyb~sz50VDxG2^N?WdrtklF7A|QNXetQ z8+@PP3ZuM^1r^wi5=`q*^};K`lf z%ebAn9uKfK)(OEB|FujU*1#?lg>x(>Iv}d)l?eE-hQ*kjSaFm62Z0_6em4YFm=?ZT zQ8w7On8{op{3RBu-GK!*A6apbU42RdMU$UrS3V39^cMToLYNUNEm*w0z>V?m;l>^R zJD6xzFt!cGHPWl@Z)3l_Vklk}A+PG4QbAANU46>MPI*Q8;Jg1k2KJ?m`>x)jg?$V` z>|=N?4ZB>mBa0PcWh1Yw6#$R%1d9py*mmQee;7x?U-M_Q`Kxm^js3t_IV&^@(_nO;m#~&QhQ$Q^$2gC%v-9@z*44;| zgh4A65k(IFc@Ao9#fyMQ@y3;1?*ITz#@bbE1I42QbzhAR$`UC)V7Vl$F_!W9_Wolz zY}ht_``5o^GfU1}X?*-&Zv#5%RWnEhXV`$xQgVfU#X9g(SbJUPycNZlV_{kgMvr~C iD`WgSz-V#2OJd4~i?gpLjs7^`pN5K-av|J2_GJ=vMiNuj0Q3;ZRAQ=QC=P;5%vH=7M0wS3~lqAR?86+4; zA~_8L0>e0@Nv8*VzxO@+>_7H-p6}dy?!HpbFx}OwtGcUus%owEtCeJ+r%8R5{VV|i z0kyW4`fUONQb_^=;%;(MAcv%)*qwlY%H2&(%|KgCjoZN2%h}DtiGV;W>8Tl+xzPY~ zfz@qoS3;7Pv2!Gu?ALY3MIZd)og&xfF6w?pXS}su9PQ3xSiN4EXm3UM+QE#uXO4yP z?BKidWa_7~JcM@+p6=xDJP*U=$sr1TU3_;4uWu6TUmjL#Anea(>SyST$tn5zCFdp0 z0|LnxM1psFmOqwmH8;BwI4xj2_uy2*Doo#a>1^W9qW4Vpth9HXBKvYMve+S& zNKWxEx~jbm7T-j3vEk)g7?3UkDge@#Smfb?uZ2^3?(XV&bI@Ia*HsT#7|y(==(c;*_RO_GSxWbOZyf73v;V{9 z2hT}f^K?_j?tM~k7{2(eo1{Vft(b1FT@?}*QXdJ`v86rNGTFUF7pz@6S$RH9`}=2vZ}+^ogxTywO64gxWe6zp8D-!NAv;0ZUGmkE5;9+Uay3A25L33$UJ0Z;sa)+{q1 zVUjoloRdM-JNcMu?6*$rxt0aC?j!EAD<9?`Voe^YcwJh!G?s{4%qJt`>U~a@;ESE# zBzrqA?NOd&>dr*WnPW+u)oox;E)mVD;op%8Czzp4kDuheHsj5_EtSzH8`deMD!eGM zNLrNY?GoK=zOVMAE+__Z_5#B-@@h!XHf&^Sv+ z*jRej6wwwzAdN!OosP7-$OlOm`q=B7x5^o4w`qfw#C zh5lH>(mcSy+uPf_=KVAK2&Z7w>9`^<`7mYzd3J(4P`6qCSrd8d5S|V&g=p}Xlm~2e zMEh5`WEak$uhWsA$>e6{kCMK^sUaSXvL?M4^W!d!5TVoEOXg=LqEqiuP7wyiU|w*Z zClvf(;Z0#pDBGdb95($y_Y?J8lnsfB7WoA`ZjD4a`3%Uyo8jST6k0}IVeLJsqs&ujiXH8S=B&rt^eokAb9<^teNVt~ToY-8@oDdv6 zr4z2Y#gnO}!7um-bSbNw?_7qCmb+G~R-d++_Rp8Jj@0#X-%`(O=n3lf_pJEt>Fr7E zne6%bir;u{uLdvezD@F^;)%eMnkO2APC5#u*_CPyCC5gO%jL%8#?IaoMN%P^ku~x0 z@ul(U8g23B4viXdy*8-`_H=3GFaB<6(lnkTw^Xcde%Dh_X;ll;E&J;EL*f&yzIx-k>GP7| zuLTu%Dk8K{S%K*^YA&&Q)q3qCy!rX^EdKKT+V2|Q6}=;x4S8qfum3~Y?k<%uX~GAW zAtw)~JiE7>^vJDW&7pFkPNA(x%U|!10Z64^M!(9|%{I8ky`(y*JgA#VLr8V0_Bm#x z52d^P$-@%8`#X6W)M{x$ysnL1={ImSzt`Ni8^0*X_sX!`u=cZLNoWaKZ}aOCpEkJT zGIg&@N^ATEHIieH%TnGS_o?+_c~XgX^nmnZ(Tl?um0mf&T6}f;tIVsio2^4sL(xON zL#DYGq&B5po{>FE9yZJ6k_CSlbE(e>89KY>=G+vQbR#yd)Beqk zCe*E~H~pLySmYcpjQsXu@e&oX5jU(sCXX!Kf9%@Rb z1uw6y_Xbt@w{GhN(fSpx&Mjc4y9U(OUw>F`6zuYQ0t+9#I4W*4XCn!*gy?y>?@;Xo z%r%*ZR$rUooe1HI)~_2CDdbb;ig+JR8GeAm{(x;|Z#I2}IJ}(ITI{dkD?GG1MxbR; zO=qqUOA=i@^Y)A-$sSP^5f_=o8H(t}GfFNBb$(N=Q;_I8F-{-IV&?tA<)p3&s@7%f zW_-!WGMN3e@~NSSwo9a|zUyA+yDp`!vbe%TZguq=BFW7?GOK$n<1^b@JN;~#WhJhL zNrvtvoSF(6AB#COi%NJkYghw7y%#kYjJPQ6TV4y>b9H~~x%E)tynaf0G9(3@b%ob1 zw6jHBV=1;fKWXPt^y4i4S=~l`Q-0Y}*V2?*6?!3s?2q0lHhBKp{Vb(nt0SeySSIuG z@fV{nO{E7Z6c^syyNNO%eJ$YNmG*{1)@ddV-n)$G<;s5{6D7NNos@@9#=)i6#YP13 zaPslMuyyvgVc4!2!uD)5iSU_xRq&$kB0>aLy=rmc8}^%Uy~2&CVqe4TXM8rok@<|7 zZzNz5_dT}vXWHAw+LVq~&?#s&hCAA|E5Fp=BpF?7)X9G-@TF0^{juq-jjS63jRW*Y z*Fw~yIML-^rc=U^w-ql_2~~@rugE#=MO~6N;y21Ilh?a*4H;r+{#pF%t{d9z)>qM2 zqd8bt(y-pOoc^JqoLg_Iorj-~D=UQWrvV*Bi(jO0ps0-vdU9s0B^7ZKHe7J9Qnp)o zPe)qUQJ`rJH9X%;V9Rauss2;MVs4zR?wL}SkJcXtKPrnaiN8BUBo+!sZd>IwG&?0t zKBCr5(iPD45~H+kbZ8mbD_+$%O|dj=delcl8R6L25OA zKi8BgWzVEcv+5)-<{z^CzHErt|c_%2tr|vCH#dFKaJK~jI?pp4yN=zZ; z6`vvS1-tC7@9E~}D-p(A6IRN92{*fhR z=rU4Btq`_x9yJ3;U}5RjyYIc%c{lAb0ubGR;euf@FarJaZnBx~tkcd%YP0ZK>Bck< zr9he8jRAL_$q^fv4b-1+O=EL-<$04=>ih9PEAQ52y}A6!Aj+Nnx#tmu-q2rB`!Rb7 z7ip^^gAOC~pPPOEtjUv}%O$AXeh`aWSv5NPI{Fh)@VW3QNEU1}yEx(VQmPs;m@FYa zZL4FuANUkqgy?%`whxKKNUe{qZGWEq32}m;=0rl>e+8m!Il(f>Zlq#(Hm>#{;s;p? zt%7pBaslee@sE(5mC=`@=WNfnOGl<2heE}n5dFc&@MF-KE7v|%ixA9tkUc0MB_Q7S z9FwTDsk5as!A+-kfIBNAU)#13l*i5Q!0+sCt}zpYHFfS&?zw-kkx8Su{)qPa>?~P= z<%-4j{mWwPTSnxxsN=cLg4DM}55#p*$Dvin$L$_bA3EpYvFhV7m*dF8;%`aVN+P5_ zKGO$ffKtjk)a0b{S1U|}y z9RJ$ZAQU1XKFKE{AV_c{Ao(q$2YloIGJp^MoYQaONAUz?z#aqe34THJmo%y53*x`F ziMxSg1S&>q+SzRkZ2lt1ZaZ0>J< z>!!Sem#3JWqnEvtSg@xzz8nI@V0mEE)5+hCJJ{3XzMp)s67PwGJg|+=7U$(Y5%G6d z;x)fzz^&%x>%@Ik?26bGUgfjg+}w)3j?VJ8)ir*f4(uuMy88Qj%ZrN#1qF!(Nr`#+ zx`<22$;pXdkrbDd6a^$i{X*{h+Xai>_v1S)*MaS5?2;{PfeI8_m!D{tTy?Brpg?&b-!8Bm9^ z+*N7C6Z!w;$lo>o<4p6v&y$8~g5y`U{}{r0NhjH^$_Xk8nL0sq`B zDBUNQDFzAR^*fMhd?DP#GP+f8-AW7f z#rXiq?T$&l1JpGmA};k+vA10X0yCPaf4~K#!U>Zxx&36)Z)Q`jGhhwU3>tHWZK$SF z3+^3|8fz;@UfW9dw|8n788+9AwcySl`2*!0DQ$oX!w)ZCX7)miICn&FVh=ld1rZ## z+mWe7$++**9IspC6kBw!UjkaK6}xK>YwUAm+$gYk?oN>w9Q&x1_MU1d?27H<{x<0kn$?F&KHPSzS z9)mCL^gexXY}9Hf)qwl}C42lOT)|%g{x0Veun29Yjq>kDpBOlw96#h*(augY!ziwt zXWmIuZ2R5-DQdTeh*xNsTHU^E8tW&O5yxMtkg zC{LBn40skulabuhqpZktql7GH54O%dtU^J6Bpzf=R0vWAhhu*!8FKK|PK*3{V5pd2 zBUA`_%48FP-G9Vhx{TcflEU-y-1kM5kl?fygZT;Ub1%pB*85KrGs{C>IMrWvSeEC! zw!!>8=k|aMS?{W4TM48l=zSYDYxSnD&7P+KY#uooWHqkw^J>o=c&J0`_pQw0yZwZzDO*#T=%4=%!D`iMp^s&`tF=eos9?20Jd9;Zz z3+tac51ets@$sE}Q%NaYj$6-dg`7^`3k*2)GNKO#@pyP90(%Syqfimp2|>xmuD!>K zhxR4QVOC*S`Uak1xrFnJDl5f>V}{}6BXWVSsNF_t6>Tanb#A5$emLT?IMl-Aoog5$ z)9mG1RB6VZ{+3+NlnflAFIXHlaMqMvg`JO#odri=57DWqODIrd^yjNH;L)|Cj<*HV zd43)A&R_0;Z}w^DNF`AjCyC%KFyzN{T9B*UWIWX4Ymw1q(Rm-HP|XrTjqF8S>ua&D4IMRmF{z z_FWvoifyKvL)d=v#SB+gZ1lSeKQS?;{lySY(g5#bqlH2D7BGc988TnaI=vG7Esie& zX%^y*aguOMeXE-Dg933~{DY!o#3v<5#V zo3v$Co6r(|l2dTy?9kFwqEV;nuz5OJ{;`<cZmIXU~5Qvz)XKq&H>kF+npTv(I$%ae7pXQCB%Vj1a{9%*J;Bga@B2$ zeIk^|m&Nv%Od}C_m+zcLA|Ktf-Yr^wk?yzWuCoSG>YEi475yChb-h#drWIkVUDK|= zz~w(8f7<2G%kW?Nk$5Cd3QAt@w11T>I`C#UWou|JiQumIX7uI1_g+u+WUW{PYXmwU zsT0&?2dF&#d(V8!UUyGKkx$`GI4{A}$9FGu{#=9CdgQXm_AO_Xk+8#N;*81Pd-kvY+}?kur>D(Q3(X`v2a1u1U6xS3 zevTDNtkX*=Lj87>>)q1UnPV!4hGXkr)>08CNrYL`bvb|ckaO)92DUq_ZF)Tow^HW&RX76Shz#T9LOQ{iWAH) zqtOI<%jo-SHTO{2#-&xbqjMwCylYbd2aLlYK+~9SmSYn%R9N~!5ctE29x**2+1n%dKUbsq=QU65sdT|W%E45EOEVMe+ zl)9Hl_~l*gir7Jr>Tt)it#;Lhe?<5QgIL`i{b4mGP zUX%2W`$YK{(SYLB+vQK}&yrt0ZjWDDt{V2i3)n~zn*55Oe%nlFy`lcG)ZkJN6P+=T z(SybEoeMWp@?QJ-NU@X&a+BypEE0R*Q3}>Bxc$)VViZsisU-|NYI>Z#a;Y@fiJ`oB z$NfdXe=m_wyNqny+*ZtBp&LxGB)SFbNn9%3cimkN9;&^>8YBskQ}|zB5RB}ni>WD^ z6{ewwfUpMnj)@u98JQ20xFmmzb{_>{?||#o0O>B0$fX1-i7EE!_e*r}6YJUI3#wW# zI4Y2(PlX;~ttWpv2$jYy=r@26_O3H9fu8=fUXhZO~y7 zRZGlBnVXU*<%QAJF2DC*cRy~JxWraAH*Ba@>dhovX~X9{RU^7?GGiIQVZ(>q$@NhrGbAofU$_r6*LIx@0N(#UMdw@c=f8f`a6I7q*ay-Y;ddWD;Ow= zRribpPT;y2+8ch16stgp@3`rRo_kW&Z4J&$8A>=PMCnVLAK1z{_0A>6zRlALR>hCc z8|jTl=tXEnrc~n#Yk@U{?4!)1UBJdY3G)KE_s#7defI;b;Y!5qxIMgquGcem2NZ#m z1Dih$+luym`fLZv$Cd+_#lX*ZpsS2*-+$itF2eV!+oMItr}?czFU6YllHUv|O%j6* zC|&Uu#a9>_5%}PU2QYJ9=I5$@PJNz10N>XxWf|#4uPy_hK0};(O^eF5#cl9IWkWzDN!p1F6_ibbm~#E#Z0l1ZS5>! zb?5raV=B4K5Xu$<=y!2i=Gf-6zIRPF^4wFmHyU`^1us6ZNsL`h-wY1M40g4->yoj> z#Mys)s~HTc9vxY);@X#F%h0bvW+Yir~Qqi@7#)g<;NQM_R0 zwL1bl5w+04m`$&73OW(Vw;ng7^==Y0&{2Hkn*43atf^_6D%fZ zp=`Yzy2e~w5M0+cGXe#Sy_?^YpF3?!J<>#nAq+(~I%Ov;c-v5o#i)fwu}^ zq>A46RFP;owT0u4j@*8mN#0m1(r4Ubdgk-s8YZX6jF)b$aI9KrhRi&;6?cptnC+-h zd2mbe=ZI}Y#@E1QY|Jn22E4|LPnm>`q(st5Zb82nHn!4oU92JFfuEFcGH}a!R}&y^KXnSvi&|-kSjzym^wzClZTFM~#AB;Q)uKg2Efs+g^9VNcCQ& zYl*9KE!9S1FOC}3>DQyq`;h9zFP%|cLFR)e3$c$sHz=iQ~&ZUc9aPKY)TB zvXEy2SA$QZ|A{#IB5L$ly;tasNL{c4xxm4$7+dFYwA#5{(_ZhdX&=pb+tCAj)rg41 zp7+?HL;89=m*@97bv)%2_=I4gViYf!+Fr~&r_^YPg6YVe&hNvZNIrx9i+ck&H!NA}>+Y=ly9LJB9`=(F)D4Uxn3c+O& zfH_cVs$8yauMHO)NLf*r7eP zj5IgCNI=0gDTGFh)@)p>f(RGtO7h8N4rypDoM^T;sH-o0hR@j98_WHme44o;przFj zz_N^#VR>{2a|BUq*#MV60(KmSdCmJ($&YMo4#FM{Y3cF5p=UUCCL0pFYx*k&J^OtV zM~8U>3ADC7R%~#e`OiO=e7?rSnB@D)eef}ivnL0&g+u`Ub2HRpyIO&l`u)(YYQNs+ z(qy;M3^+ zDCOu{LWSVF=C1lxXL}6rtN=b4gPMcL=W$0^uY9?Z+XjMldr2wUr7Gs}8NB6#s9du& znop5jyzOt93>w-UZSeCxF;e7du^K>=u#3)re`nl9qki0`Xg2C#VHY&WGcI z$4!{Ys~nd#OWiyUZFfF=CIk!{ph>R%(HSrZe(hH!Zlwn%;P&OR}yQg@5l zY16&%ZpWXw4FzArn9cRCBRd4o|Jv`~oc|zFlR|KlW2ae@r#4>cVl2Vq!hHjhqBt0` zgxuw}u-PMtj<+Mw%~7CrHN!;MV|_1hJ>;GNPkz_|dd>9F`3<&l;g=2suYR*KfKT#0 z^m>dz?XnvE$qXneVg+wBJ<<61hyzUflL((p92BXVVOo;9afkF&Gym0U}{#-*&=Iea)l+$d_C8dZDz)BHokyUSsf4MEX zT`q{%b}amL;X`D(HozFwJGsi(WI34Drdob65G%cc|3y?0Hpj>gmhn|8-uj@6k9CiCYB@V zsB0Zsm;%a_fU;x}6~gZJ&J*Dr?+dM7Dp)u{Udr*vOB>$ntoBCb`?sL^X8LJ7)-ngq zj2apckkI*S_XIHz-m;~ zya6*@s|yZVS)84SP(_{#!whu@2#kOQ;>;%J_h~eZ(}3yuDAG1;i~2@H559>?(z|g1 z=}MIL&v-)ua7unFCk%|R60x_J(1viqG36@ONPBS{a9Ia|N={wnF>0DykuS<2Q!st! zg+~m9&=Y_LPoW4aU0v{6#PZGee+tU4q)!cS+4s}*wOV6|g*m;>*Uq$w_ipR(QBv$X zXqZF7k8`T~vk`>?Pi|yohbMV>zn{LGHH{K>fAdlmc3dUxX@v;G2Ayy5bYdG3*{WO`HUN+&_p{$Chd$;7k8-Q~0`02r| z+aD2|;K`Iry?oGtH73X;-xiY3Cnq-a(z;fL^G@3LjJ3RDK1Ff}=+OeYgh}Ju3kPa+ zre;;eS{`wF-O0~N@ajVpt)=27CW_bTOJ z5BP>&wql<>%)B}|Z=pzg^Q4TlE04F29WHB3TZ3KTidSl0<@(WF>%94HGrfY<%@32` zgXnmhd+)zg;E*6(P_j3na3!-Mul>o)OBs3fRS=1Udn~A%(qz-C&mrr3p@$098(I$A z#V&>$Ad>fyPTXIX0Z6P3_vwc-H1Soj$%o-iM#pvFDfD5Qo~oGkG#d*HhpJjg$gAvb zL*ISP5ZVC^>zGjbO0`Ax;f2ahg&Kx(KYuAIR^JBUWe&K8b)HiFn`L0n=fF#hY_>gb z1a@M3{2D>ODrOy^Y4g3ho?}xF*BU4$hyKP@A`8zAyEA5aSaYol9FpI|6E-%`y%(B> zx?@xcAuqBQ_{vj*u) z5qaQA+b4u!yDdgE&Yr?MP{eGI_N2~}493&Z@)*El@QONQ2Q;D(tLZ#zdNOz3l=`gs zp;}c=6}|lI6qYlh=w8U2RS@J@h(2q`^I{A3@XZcw{;#IyJc-j4?niU~_j zJShj2z79DUIz%HeWHj?-yznE`b7k;RRjDLW3c4rlLG7+Y*pe)M%#LRwB&9I zUXd{{+fSe6rfQ8V6E=+c6nHO`+m7c|4MAs}Rq#88bALqsw9B8D;lK1Fx!S!6_+RWK zzW(84{$N1=pP`&yQclkIKX_R9fwdFP%Jt%G$~>XK@|i5sX&CJtpM9c;_}7*ZVxhG; z?UQ)7;2iif*(c`sRLvdE-MhMPY}syI*LPfqzd(y;-pkJvf@jWNn|p0^udpLVH1Kc2 z2Cw)TQqBQK=fLA^pDw+d{PwU0&&Y@p?p)UJP{b3;#mqC{=5sUPN~vGlgtU#)sHdMv zeyNk*pMrY>rmrMRZ``7(H?Csjf!^o$Bc>jAfU3PH!f}i(&y-}}EMZZoPhil|t_fOl zN&o&C(S{4VwFH!{scc5+phxT_-?^qKymP%$~bz7oc9fcw!C&G=_AP*Gyi@ zV<9dd>qB(KcbP({A$>cJO}qR(+&iMVD|eZ*__y8OKK&5Jg+s$ov;|l2SuRX!6KZqv zGdo9)AN&Gbl2fIr(j7*jM4UKNy_mbjkqqL7A#cJQ!8CeoXOOv^%t zhx@Y%0YY#TCzhnOA@SkS+@Af)m4+c*Lnk(N6E_~_J zXEsnodw2M$kQjQhE}P!7hRrK)a(+(W9sg^?r|(q+9ws9|I2o;vMshV1&TT$`p~)62 z{8bljT~S#;4-hth@dS#Vbj=QRd+*%K0Xs1<_NB~SfT25a*Eq!1(Oh^e7VovS{jt?983*BULLOhfpZt&=iqSBnTTbM-ztyZ zA-y3guNpm8fhTBM06nw*1e009N=feC_vN=L=Hu7O4?Q*EY(u{>zLn6@ymWZqU<^3m zjZ30(1(u+kTKG=+8q42&%?Wse?<(6bVPMBeDYh=C$*hS~(F=};G|HzX6?0d;rN8$|0xd>Y|IDCAq87~0Id2oWl%n*qEPmqm07?*jry^8Z1BJiKY z3*xJE<-dK^n~}U zYP5jo{a-OLB&pPzc89by`YOQAHc~5Po{}vcWxgEEZngZcX*yBJwGb9?m z*L5dKR`J!#GhI1QRtByeeK~k}@5sOI-lNn4x6N{VMHH&1ltw?p zF>td)HV0!uv&W9I52Q=8&JLQ`*Fv>4*17a;3ndPgUcz;YDsCrN-P^Cp@ z=wKcX=hB(owTyt?=EXCA}O1Fm-5iHQ!6(m*0TQi%71d~gC@j$Ko7W<2Pkt{YoYaHQit|d@vJt=bVxsrJ=s!l*4@(euXUZXV0+Y0o%}Dyi3BbD`h8(e=`ZQNC_W0 zPM^Xx8q6Q^@Bo!$27u#S!-*2#q`N0ry#qCUC<)T~@^&^D$8$+eS@5q|080J2J5c;W z;g$Of6Wkpaa{^%y<$kwTADl{PhUKaM@}RJvz>1hKxBEZGbYzGD`;f0|1p!6uIP301 z(O6awjkG#Co5JVJavaQT(f`Z@XdnO7}!Emv6b))UQC)Tm#Uq;G5- zUZ?iKg=~q|8*$2PgGMa|@wg7)+kkO>1uJ(i=jU7SR5aBp5et6Re92Nw>thB2KZaeJ z68sjCc8yq24NkG91)0}-(%<0cJsPa;VDAzIg+4v3uf_WSuolqCX_$@+b zv}3@a?RsK37Ii|@fMw38{4@V_iTw=N)QIk_Z02m)FRDDM9?IDM6BlS7#^pZ|k9>@A ziQsj3V!>?QCK3B6EI6CWF5*Mc*DzF;&F|{>Q z&UV!B<;_XW=m3;g1U8x7T%mZmrK`K#_Y2EqKD_*cO|jlhcQJnW=s+ZU2AT1+muAOlwYw4H%yd*8?@@GQv=v^=VTPrg9m=I@&b45@T`HXU(56(=s0II9lOT`ut(nhC}& zwz=q#XEZ~cfT~Z(3fjg~GzWhN#iaJxb^PQ8*G_Spc~Bl!*vs)(=mH~6XxI{R=Wdp% z2EnV;pqUanvo20X)dvImVM5WLIuXZ)u~HRJg$G#gS_1GAuy6xgqQp$C+LA_lgKitT zxo~i@9?1)tvT^Q<1OX6J28c&)mJ#+UFs1WAxRI_zCA?$@x(fuP`B@uu7JZ-j+Am=ya<>QhDnKNdRQm6Mh~rJY z($&U1KHFO{Bwg~j9Kx5x6G#@f3g)1($G{>KuE^W2?@RMaY;s9Cr~*kBJ410d?Ave} z0q2n`Cnh2(4wzdS<_o`TU7Zv;%LGQ2VHvAXxm+%IYB2hCP2X=T`=Uxr9KOnJXeR5y zyy1nvV$+QDhU7Xxr774&@Tg7zF0~tN_iJ9ix3K@&Jf&{bsNa=kuPCsj?2|nveedq8 z_I`fGzS$3MpM>ow`u5`IR;$+xx##QDDeE0*|Mj(%N38z{FEiGjL2WFi>A`nZR`cQs z0)yvWe^WDVN>$lHElILLsV)C=;F;*gTz3yfulqFm|3GkH(+)2w+(ylZo&E}a0<)AzEFW<# z?&oZk;koK?z{!m_uJ3%~!$0=XP3Zo2T4Urn*eqFE?vIW`G#f{n1%4V*FUuwh3 z%7YQ9R1uRE1&MI=VL@pqZ=}T$)l!9xhs)a6wjsJSE7ay%l9se-+vWyR$|6%72BH*7 z77;({T3iTiFcE1$^!0W64nOH#b)T4Lu?;`kPll$-ibf)DOo=<}=as*rxVFC@R2*0m z>h~JH?7p;^w)&+zVCEV>eK1(C>m|0FD`IMzlPG*>2Kbal>;ABU2p~PF&ujY)q@k=eg z%)6uQN0wKzDH$75Yh%yH0E2AOwhTDlFnv|1ZIi>9W9&40F2LD!y6Y(2U!5Tw+fe^t z`J|7nQu5!TI+)+0RR$L`g=5n&8BO%=E{9lgKf{L1Fem4ib=FcoK1aZshjM*KN3qL1 zv3#`aHIE((Uh7TOq;b=Ohbnbi`_D0R5nYJr^VIUw!_afaN+-uUJcHt-LTGP(bi>Em zIpoN~iG$%i-}NK+9yi&plwGN$QBE>T1!1MTv>3c^2jrOS*^!J*vAcvDZmL4Z~>Sug*tv z3eYz~a6KAutb;JCXBP(MQ9yfhv*Ldmm)G6olk1f58!P3u)Ve-hV-fZ}*fdx>GIFVg?iqA6D;n~e}h`^ljkzTlp z1ACjRLVG%7*TfDZF&WP1sI@84-gvz$wpRI!LFWAU@q8-GAw2zQ_VLob^cCEZDDqen zONM$6pIJin$y(-AdPzdzkONG5loZgXVHr1_u*=Ekb#cnIxNltJ9ASrg>1eaT+Ii5P zE%ec?cAN#6FUVmb*kSjhEv7Heq0Qp32NH>F0G=xdh5iY678DD5GS}f9Qd0Y$?Zc?v z*=a7yO7({`Vd$7X!_lzGCA@2pE3kCCJdSJ+An)Cr3|8sQ4(4Ag06bp$T^|DV&~WUA zw!)^shQ>D?mXknCGvLBTb0_z;n?`0yRqngBpc-lZL1dYQ-RqT6(k_k=c3Qm8!j#nF z-12P&w{1ZWVGTj@IgDlyJHslr#G>M!%KdoR-QaKpO1~|O89I5f{S$f*8CJf-4WWH2 zG?##nj>P9{l#YkK==+@SU?*>QP6M#jBt+3w*dr--@vpc=^BrjLA;fl7@Ji$!3$D>d zKW(RMuH#SzJD3aqIow1b$rhXs(slg_e=3BDCx%gO^nc!UXbeTzEnK4c3gckZl(t>P z{sdx%3p{G4yEBhCoZj4An7rCPbHsXnCJOXXmgHg%@mZX5IBuC^@qpDfu)XbY{tC_p zx48-)+ss~0O|`{dp5N-XJl~V}j`A93SE}tq);?ks1V(*^f!N=!-!rfgUrzWH#aU## z`57O7=`g@l8gk3L-Y4ReQ3Iee{3@cM`)lO__u{+$4%C!~8;n8xUl#J|kb2U#Ei)7M z>Iee~)Y>~UoYBM50R(q@83fsU-uxaVpq6dWPw~DTfwQWFqM0<%?3d7Z{6ZJ5@3rL4S{gJT)KT!=M!e@S+b9}AH!UCM?;z#cbo^^{3P{wg_g z?xkD)+{8LnKa=P8{9wIxE_VVL4Im)?0AWK_y>&DSjT6nsiCmquo%O%MLv#vo?>TpZ zaLP>-KUia{YL2me2OuOuJX!6-WhN&|)JagOKA8TmlLaV~!ml^Wo6+|w*oL|s7QWZb z7|~|3O40}@)^@=vkT!Oqn4DvGq9a~~FEiB$=og<`w&U~SSPT@5S_WfBH{(Y7*UR8* zJ)^i$Xn})p67olq%!RqSayI5s-#f-H%+GWAv5vBm-6E)*%PGf)uzxU_{@gZ#2Eoq( zVnU9rpbx^0sUyNRcLc%6uhkia=wISr)AWsf+oKAaj(BoJuGU> zQe)Hycfq2(uOS?7St+@KkEoR-+1x~q2Lt=)eQVNyMOIMD%li2t?PCn9=)}af!<@${P3M-X+c7!!3^wQ5bP71Mh44mjTOU%K%IS26M0+Y~^AoBFm=3Dl|_;;k8bt zWJ7(yx`-G4I$F-`9xs+>uDgSS84;026@t-dU}CqHNjVB#56D!_@PCN6%W`5c>SD*jAyKJ}Tpf z1&jf|Lvp28p^hL-N`f1|!*}K5{^RjhtniJ|B>B@YUFNX=rSMvu&S$^kk<)No6Gz~o z>!s^*hQC8_p_<=qLT~@dEB_sKD*($SWpF7}Z|rxdE#=znV+a#cy#|{3pdZKToaN$;MZ@8J% zV773_n@#X0iTdfiGhajf><$4>(*~5u&$_!_T}@$)!UbcuW%%aJ{jP;uNgq<7L4Y6o zo;CR^=bNBwwQS1pLo7n#S4$nxv6t{#gKdLwnD2$yCn#LlJPP}Lbm=kMro_X0TMg3= z-OwUz%s0Q|nZBvX!?Q1TkDq29Szp76^oWdF6jg=3z0aIn867u>WMPA2Ikd04-Aq0U zsH?HfxD|_ad@R)_B1=;F8$TI?>#VH4y-OY~)JhyJ%#5uuFaUL>B>?Vmud(P+uKQ;^ z*tVWb3+~=co`s}bd?6_54IBl`6}DrYvf;Q0An+4>@bbeZorA#lKzOJ9Ok}aAXKbiS zV6R$Qo8tT@55Krpt`Lj6Q?5;}?XFu$&4N5!@P`8^cCv{J_nZrgSrNxc&ik`^0pVc8 z!MpoM(BtgP!kzA`tX>-GMLlNec|{txY+cPznx>$>=qR0ll6hwWf|OkZ3%vqt_((@5nMfi-SK+45!_W{F#VTN z`4EO*+X1VR_$z^pYGp!kLKi@|TAVAF{ssPnM3k3*^3$R$#?xgp?O}bNV;aIpvxR`= zYM-`!KTZs?A>s?RPK=#jWrthmrggVLuLEWPS1X!%8;4+IbLXnPmEh;jiF=Y*j5YBO zH=KImyK^go@Ipget}wva8CNDq$;eT^l}kXJGIRi3X9FGiHI#HwL-H?nZZ~}pmySc? z;QNn*KS*-8F>Szb8)RPK{TMDsx0UpiWy!)%(&);Kn&dBIf+8Ansc+7|14f_?Gj)?v zI3;xkmutGL3TbD_94p(rnPRVXS6cF9x?+m$`|6sXJgHdYhiXW~-Jm8C^F3*gqz4D-;Jl6!*fd34$U~$i6$BR3X-Ad_P!45p4)tzRSw(uDpA^qMkai`RRYK_uf%aMa{mTihvR&2MJ0} zl9g;DL6YPgBnU{(Ac8;(NX|J(&N)aHq$TH^gJftVH?g7VKGXVrbKiI0%$r$r=iW85 z-g>LoI)9uxy-%GwRr^%!s`~A2jO@MsE{jLzSyYclnCYjgDWD;mJOc@Id3;robJ=J( zi#jbMu=<0Gd+Sb~z`E|6s3`ct73Avj?79z9%hUHlf*xInSoivH@0=$vNu%xky)rbf z))VIcUB%;pi&Ca_3n@oo>b-#Q_UhdEeL0Srh}Sy&PX7)840*Vq2>dH-*eH-ydCoJS zsR$cnQj=Yslia^O{{QL{F#H@AZP^au@Rm&|5F&&i$QURqwUK?^WXyC9ZiD6A|_Y#ZQOnMFq%)bP6X(usyGAjkJsgHZ~g7q&c1CKz5*H6 z`Rq}vwtYyi`kjRs8~pqi{2mQ}?=CMDFvCqO0b>mPKVpVKahVw1hS~hzH>_7lc4fzt z<5{&o5J$~;x33MQrH}6m(B2=OCivcYU5yW(T~$S00H_y!6sRT7Jleibcwl<)V{=l2 zb|^2-%R6@b&hPob*hvQwd=AZw&`myux!V{RpH4`OiCB`!(nmK&teFaQ!iPR->juGc z0O8rtRYEGXrSY{VAODfnWgR4~)kj?Js?P(EUJSUPu>v0S8z(HXBo=*xrRv)24$}pG zM1z{WSlTtY`{QN2puJLJ^W$o1w2uS@e&3E1d`FjK{xR%7Ey0!apR0;@MWYeFy+!;| z1Oxv7Y)4bHIa-o6Z2hAN_-`%_9@qw~p@Cdj;fIZ;t*?H*;ydX2(fbD$Yz{i`7bc94 zW#yh2zKJeYQ}BoPmEXrFRi^)6AeB9)h3M=-5cDX8Td$+rjP9jufEV?mmk>-@-lII` zt@|`NMtw6Xczgx{-Xx)1eR!+Aj1fgrGvB6(6IZ3~q=8pN7s;IJ6e&}ZTvGDaC9S16 zN$5L9qrkzoQ=EVURiJ0N!^!DS1eM}zdT@S;!9Zp%-G@$<1g-wTQsW40{I7Vf|AoNz zKNDUZ3Vd0GFd8pJ4}=|8DA@s~+RypcTBh31rU&?3pMRM5 zsE`~ytNl!Ec!0@yigJ4Y;c__Z(=kTY{1uzk-qFG6=#iJ_RmR(GG9BDuJKQXmunqnt z>mU?e!X3V6|Ai-y;`^mur%FrdI1cu*drbw1rIAWnXC2614s;VxnlZQKJ&KMy>~h#> zKL8tZ#}4(x=N%ncOhrKMS`ilb2aftvvoh>O$VN)nq;}MDB+nm{=eKE-x&=YEI%k6L z)nyGN7z3wVzw(WQ2}aSh<4N6+5QpL=0*YPkGs%lvW3u0TFM=W;E}L%XTq<6Icq+Ex z(((Hgfa#9H4W0g!%&z%QbRpD?qPgz+Oja+6mk2?>DlWfH0bjX-Mz}gEJ z6F=0*9yFVPQafO@*7bH9K7@>s+ZRV|!LSJ#+Lr}ZB(9SVEv~N#twKSktDu+f-#uDz zQnJ+g0fjpGp?3ZrAZUuo^>KAC61m;p&n97>0Gid?p~@Zd(s^_A-8@l_$zpRiwd#vj z$;a1?Ja1Q8nZENNKm;KtW1j`aa{Pt24Bt~u$gx0jmK3j#%MS<@2wXm}55XP0-e%m9 zyCKKzu*$GB#R>l!Dne_*f{}2h%{;rKU@gh_(~G=RPxVZedX#Z#3-fVXJ{4Uoi~|y!9OUMK?(Y>gNHIO!-{?wlXo)i} zrNHL?^0k_!EP{GO+5&Vutjd3|w>$5oC?6DVwFP610o@9HyWpW0^ST|`tVX@y2&ScA z3lLoliSFY>j}Qa$x*gb5r30Uxv7(rw%&q>2=lJ;edY_#CoG|EoENE~Qz0F!ia*nJ) z@{)TDaMzL@uh)+vj)72#-h=VoVD!_HNgwFYq!l748&9Al>(n#pqgOZMyPJOy_9-@j z<6@1bBeAKE2Vf9>(B7O9q<8J~w=N~+DLje_74aBMHa&!;HH^WkB^CUIH?0DL2{(5r z0zaP6QGOuAuZ~(kI{I^uG;`>@hJ0W6g5M=LG?@kr`UE@<>}qd4o{)a+uOiH9PT4-V zHXD|i?9x&}5%@^Uru~fB=04{+o&ej%RuM5z%tsk6fAa@rf~(hqmotRz>%-<)%K4vz z2uHx`LJUQRlmQ$gp6y(|jVAB`-oQO}ux?n2oH#?#@jnRPfEhv&RJbtTaE@2WXAanD zs9bkFt+ZO<^{8$%=t4Rg!k~gDU`@x7qu3_CLB!|K_m_pFO;u#CSv?=d8~^I2_vwfEx)y*Nuih4^e5e?P`cq!XIn_+XXD%;; zjr7uXm!MA;48q+Kg76+36naW`|H{xIF;fcwU|>AiWSfN0_}>x4XMqe(B0b{2;)4Y? zeQG3#yX-*-(0%o2&>=r05jAHUMAlq4cyY5euv@jb&>$2@OEeR9#Sh_d7`~&amgY(0 zp3(m;G#Eo;N4GGF$`mJqXov)-1+{^9X5aHRp+Go0(e64NsZ`6i=QcvL+ zgx$GM8D7Y_|`5wI*0LA#RO%i#MB4*9qC6 zZAbLsMBWc2cs?{cwEWQ^yg(eq5Y4f?NqK#J)|CbN=$7##&3F{Tz&54cs-ZRzHi&tT zS%RyjH~anen?d*C(tn;Sv^Nn_Ezh$-YDP984NX?;MEkAH`F=*K0-xV*NE=>1-ykw8m$=RKKax`(Cut8_lWp)XmZ zZ2Zl&Hr)iiArHV|<-DXj@XhGUvkQpZs6-4FL2sJqZaQOdOpc0P|Jq9)-!uf+RU3yx zMByHD&bekJSewfVao~Rd(11^G@dF)O@)N~e(xPvY0u)uWxF4ZmfdF)5S!aDhoV*0; z1Ji*|SheZEN{oT=+adC4(P12zNf{+ZPt*p-vTtt(kUTM)mQ}$IGl%Hc$n$ua)xq-*RyxL9Y)g}dz4Q>*M_q5KISBBerlXHRtV=%-@7@Z z_qyJ91gU=)!A4(EVOt>Cj%>dLtqs@hW^@Ev+|6~$HlEihqi{ZYd3&eJ!scVNg1Bf_ zPcc(PS7ebp-X$G(0bdjKJE%iVdqz@jx@<hOPx^{gX=>G%+-Z){y$R~)7@-mK^}WN>N!D~O(R8A*^`dfbDd3V5nJyI~XlTRxZlsZ%PqR1uIK;ph>n%6?kUD|K zUX=7RoPbA9fA z7kqm$C?_MLmnwyF%PB)=hS|2{6w>-u_|2@E=TU zstpb03^7}Z4Cbo*a4Ffg9N&)rMzgI}ydpe(%D?NXpdan}pYW{z>o)%Z1^FKeE!t+r z)==p>?D14poPU|9nG7Sb8>jHVbgaJfxELaioNFAAbHT zq2AEhj~el-^_UBn%HFd(_UUx3IW`|x`&wmw=faW>x7S_r@0SaY&st8*a7gZx3s|UQ z9K^~uCP}?MEyN^E8pEYr(^nh~wB!aYptr)MfMV%}9~U@u_w{tDUxKg+Oa$n`Z-rLA z7=zE0!@B2;eeT8r(p)?6>IJ~CYFwvnnw{ICrmGv-oW#8@_J{if@{Gj=nt662ql}hOt|i)WOW)M`(sYH63*X0O&nvgB32O$ zeI^SS+HIOaNt=Xpk08QO89@fL@2Px!Jmx<9EH8igDz%ECvNJxh)3Y=5HPeocbD4oN zCM@0mZP10%x0s+v8@<7wTjX-oRkqvDvtCt0z2aZ>jM#l#CWQt2G-e|K#_rWoy?#oG z9lrYpw94KOq2|u+Lrce|d>l_p_}Fpr15Ra};I`7F?oyeAOgg^GLyUEJqfbBRc0Qe*BS@pUbdZhg@q$e^p4rIB3BUvNie?;C;t7q93pwF!Q8|k1NB7z*XAtXi;MJ`q7C4R%&&0xdRU66sMteIffzvTL9g|K-w%)@JwGB0SP_aiu+*%>-=EI~t z)zq)C`&``704*_K2n;}1K}q?td{Stq`*t9@@t;WM2!F|dCAn@rK>z{*M zU*I02j2~(Xs(Q1(u+g0(q0EsxchYRL108c(zus)`e-Op>Q>Yp0w)rUyvn#SIl{$3f zx2>%ct1a0j11E!kF`oxdvHgU*er4fp3nb`DX_LcKy(4HkOv2? z>%7@{M+m*z6edNUwyu7fsON#qvt)yGa>vF;a+6$P5bpg-)#J9Ss_xYX1k@vce9oKP+uNVP+*Nc2sIAqKGUBV zVp@Om>z(bB1z-WVq>OQ4zDt~65Zcrq-v6d2lf7?R@~?jb)7_(*eD#iJ06CWBIl)ZC z*Ed2MS?d2csPVe3JtFZA{yeXA3Qy>x@0LU%t;`+)Dvgc;3A~qFPyV_-b$i#F>I}f-ulEdye_+v&t%DH?m zah%kxBS>pyL2*`lO}gdO1~V~u7q%k^rEx3avzf~7ZJ$;itnhgD-LerdZvql|+6$7F zn&c$A*%H=bcd(s$$aHg(boKm`?WTg04gExHr);SV+-rLZ#>U>2rEqbb`Big)s< zqUET#y`7sd_AT^;a*loY7=%T6eN2zf`9bpt{KvtmCZH76X(sAY^Zy$s{>ZT;q{Mxc z&uRAO!ar{0sV9FYGYB0f3W2~L%hR=!QK`W=!(*#|U4&1La5~LvUAc~0Zc-6bLHHFm z%YiWd4vpgaPPP_b)4kGh9+~*BFHe;l}UV#T-m7wST7*3A22@>h^IlOgoJZ)kaQe-+R9*LS))*u({WEzR13Z7u*U z`@p9rU^_+Ay6}TtPUZ8L@u=Yno6x7x61~y~T+0s`Qp?17YpnjJPA{?j5 zyz>QCFsRL^17`IEfz=Zz=UET10{Q5uHe#5M*dDCgXxG(ych{C0)mU% z5}H^X{V;U~=A@Id2jZM)Zk+6I8|-JKcFb=!A|j=|X-T1&&)Yli1z{Sd^1YAec`O}{ ziGPHfdcN7zlxtBQc-rRQUfco-@*wikTC#T^Cb>ae>?vO@gTd3A3QR{Cc8yMQl?L?% zvqN0c`&B>48{RsK$P0Jr+pQkxi&RE}w2^g4QSY_5kl*QMjJunvFN;(`$Vg+q3$kdY zTh?b)4$+uVEDva+c@~D$3S{;xe!QUdm^UG!A9Ayvj)Wx5TFYs+-zvKL{(hJd$9LTJ zQ)E9|2sMHdGVxUg5No~$H>z#B{T_3imtfq)cjyMKLkBn9;BOHUsF&^Z?Xug zJ=E$~j3j0+4bqieLp#UW*+7&pYUn5B#&lm|kYhAtaWt*4qoa7lK--DkEi!V)*i#z??e3g$gbgD*l zw9x)0l>8;;r5FsXgobxN1l|psaHcR;&_s_2=!KNqf_Qd1Z1uw_rlF-a#CMC0Umr>A>aR zhxld;o1uTK2-E@R#HI3^kp>=ZgyPLIGnnfsmKe0)I1UmqgUw}8<&eF#flb@my|lxK zy0vQbot{4AZy7j#y;C?*#6R&2`OSVI4^!Af@VbZMN%C(){8tJAMqB=L8-(5!LsoCC zqwRa#f0p*?sJGSRNE9JX=%~N}o{I@Rh$Wqpf)Op~h+-aB3 zUhcz65XD3{Yqn$ylX%I)!8stdeH!r-Lw#`&Zr9QoZh*~{dOoS7;ebz7{y5^fH+T>( z1US`flb`RES5MqK8<87(lN#E*sh4OgNSWNV(V4?kv zXvi|)Q@w#Avi_~HSPdUdnX89@wDY{fTU(jBpIw2ViT6hSEN`B|H|5BV9(&!!5lIDW z(dt@KJ`+y>gF|_yg*M99hV}~ecGMH??5zVUgJep;|H~PN6^6B^I zm%cT@>T;Q4AM(f+8w)K{9AqPqE_~j{NW$HVfrRa67Z1hFMkt8C(bm;cuPj4M$4zb9 zg$cm#4dJU6c_3OuS)hf{6NO>R?e8we8B}|PuM3yUdIl>P*_qy&?~h%(^fnwEk1aX= z^30|bMQ$aOinXhxCZV#kklFbtRSATk!&0T#vWA@DhF#_v7J&>hLZ{(IwJUG#t>>z2 z2(259^0h6_ZAtvu7_H1#$ND&}kqsvUq@eAO4aJSVpsz3T!}94P4i{np@ZgP8!!LsK z<+Cw#lT22x_{pQ^(5`;)4*ap$2cu;JTlmTP-qi19qET0c6vfcNFJ$lDfAMF?%Xq_I z{>CIKVJq!X(jwW0wcr~iZ8ohP^&KX(@GIEgnxxixFZekEG{7!N3(%AMSuRvqvfp`P z?HQFT`t9fk2~&@tVyaA=ECF3CReTj<&4=n~IZ`y4S(`lH1AZlMR`Y+fb&gL(-|{}$ z#_l-{c!KPpkp`U9p&6Lat@Za^$`wQ55$GYd;pKQ))EP`g=z(7a35!bfnYd%N9_o^U zJw77zizFg;lFRN-KKC;H#Lmh7R@ypEiYp;&LLeDeb^5oA{Za$z|BeNaQECvaSVw1a zVvSESSoL(eJO0JeRTcp%KvP2ZmnDA@C3Ju8H&AHU7<=8Zu4`&ns$yqbpm3q)G@Qo> zkGKhW=%etNF88_Bu{CmpL>$3wqEMonmvx$19xFMEDJ2yFL3=xqm-C)Z>RUdew9W($ zEel1?dsjCj-x2vbX8t$ zC#4Jr=^~4*zy`>x`r&X+yG&=O9XvMI%#QaFXdIZTJ4TNAWzHO$450#JUMfml{nA|o zXO7xUj4ScTTG}mvk9sII>unYIj)ZP+*X`l)2XMNfYM=KmFEm(YF*={m+%E&9569GnS}j=9Tz%_# zCu9~-G#+l&>p5(Nao$=t*|;yoPF1)E-t2c@WIyYlDG!*e+pk{zp5AEK&*a}mG1Q+xhIz@f-2x7cU03|uUf%*c~%uc zU6zQ*juCXzIs&h7QuFUTM(a)a192Y9ut|SI@^AM{)}ZjStQT_I@H6AEj!qa01tP4P z2ArEurPj1o6-T-;(8-~QanJ7v{Bm+wy#?^9wysZgN`046y$n=rdL7qTB?eRMdzm~I zR;09iHruToSlLO{%=$ZRZK!upkF%HSHp!~JT;sTg-(xg%&9 zOFaQ;=^By-!_6^wyZ1T5a zVT>)MoJxOXg=o_x-krQ5z0`NonE`uWLb5L&XJGx<-FZ5k_qrVvLQTe=Z|wmC6nKlzm~=@FC(=UjGB?D! zwuig{XPlJFwPLv{(_Xk?Fr0JpP-x}Jw`>8_5DIjgYQDSp*pW0l+hwqH+9Bl7j~u8| zzkIrim4)EB?&AYpU(88+>CHEDp7SaX-#2*|Nt84wp>C08{Cu7zi~G%_K*wD5^h+L7 zpXZ0=ysu&gbGl9n1XOLuepxtH8vZ`o2RRPwWwv>4nxqa^-CXr)9Z67zSl$Lc%Mm0n zyyq8FotfH4{Nr<7tO8%jgR?gBeOu~f5s><Vvu4gr!^p!5KPub_SeZEeEKLLTviy z4{%2=hfvT8rn{@1Jud=cn%gvN*Zs#%C~Uz5oeZJcl-u>tYOZMBXEU9d`z$Jq-6u3B zNjE`ugA}V)5fL7pw$sW7`id-YobAT~AMnOSsU@&@*)I3zR6RN+6td;tN6Js89AG<@ zs1o-u98(`inThJfzg*IF()THY)&c8e5rC^OGfb0w^iF2M7_68M?F2B$}4yA?NMnC$3X=sfp-AJ2_lOzN+lz-;$1#V93*xP-?X`U`yr0uP38@)@A(94{q8$(qW5ql zVAcKdag=vWNrLk5#C~51@at+t4q@KPM=*-^AC#|txwQ7OznT38Ot8{VQD=%7mRjV# zDAUJ_;%26pFOt$ryuJsk8_M1tP{o(iY5PYD(Ixz#^^WQwKM&4*tBd;i+z%=R# z20AeT^4w~y`{(xc`q@OW)krHszwGX%KWNpzI6G4<&a-PSbJi-9vZu+b-h<>-7yFV> z=Vh@(XG%ixML{2_&YK?&s8ygn;hGb*)%%)_!)$MtU)pzyhB%ogz3R`T%ZUx^-qsq= zBRQ~c%(%QVGa-M4qg!LOuH(ZTe6#t44fa$lN_*o@UrCD|?R({1UYuu7i=l=1Tll`0 zp7w3TgRlJ}F0INpd5$M<>K^yT(1MgUASSEr{h1{o9$R660yY+%g(6EQ3HQ3)luuNv z+-dAoPntXcI5wRMzm~b+H0{8LU?~U_I&fJO@fsP1Y@yVjDBBQr1-4Ap+9Wkg`e&vC zG<#M&IIEE>hR!Q|^q7*xuAKDMx7MB6diq>)g#Pt{pR=zv_6ztj+4}J^U=Eu-P!Tih zxFbO8^Rm}DBSBqwq=){t0Q=WT;Opr?XzB(NrH>EE7yYtW>G2>sN@HcrwfpwA*lpp=k|fd+{aYntBPdvi*CT*@#onayHt`~x3gPtQj3BD-?szsBCgSn-lY?#T`Q-U{etzj(hwttg52OG> z3#K_FB1i9M2Vm2AKMJt`$?jLy5i~emK~0R1$8G!Eq7O)}ms!wjf#G!Dp^k~Q-;fT; z;fAqeL<JS{sWf3Xq zwO2ZK7cpff+-$_dZH`94gg4oFAM!-w&yctI-<(PH{_F_sk*$WHg45(phdI`~( zlBYE`uuq>7-#wkn5)snTp7isZWxC6l35f|`!R?bEUj#l-t*=@fl4cCr7$|6n zPU9F1N{j9lhV@n5@*!85xq>|prin}*N9EVTMY|5J4wqsEO{|^0DoUxUo0&>5QgDr3 zf~N0y-Ih4*;+G%+9ISE4WMYpz0pU<4D_w zT|@-Wex#B2x_{H;8 znCOWV*5&G)KGPeP^|?CK=N-J0F+XK&t-AH!m~WRK8Q8-TNnH~kQYv$N3m+{>(9L+R zY6NrAnAzkuROJL(B$Tgjl!)xVO<)PahwDnQN98ERP%boUzcN%r);}&fBk?&7K*$3D z_rCtt-y1{RQ!6n(O-M+k%}*+T3m>Z#*|g#p^4i=i#BAz4?t}rY*cAUzeLRIli}+MI zaK_UnpHJr#`||og)3(u6)4(Gs$>y-(`%jiR>^Zz?@M68qIosgL=@5`R2Kp*hUfGD# zPHe4uHX=0Uei(s&`IM!n@mH;w1aerQ7F8_{(2Tr5*y|9hZ;QGpxy;N1fbYJ8!KW_# z!W>*7J4JJPpV0T&B!*r!_W-v;-~g9rT=V4Y)A0{g2ZN@(XuA*2OV3BrFRRJHSCQYd zFU3llNG*vn!2D+C*6j2tYTU2Yz+SDC?KB^d7w+dSedY8|3}`|uV*E@=_l6wuF2D|x z7K_$rBbF0(Un?8)+(yMUEoKhtTIb13e9xZy-VU(NkJ`O7ux$rXn2yWsy^C-?O=_lqaftg;oL z=0sf^Gt|Wr%9RUv!rM=ovfmeOc&dPTqta|3+ zip`NjpWRqW8(#k@Xn1iWU$|6!^sq>}^H1hus zB>tZ;3;ZwU{$uke8-K({GbYp+JqVt7(Ke{l}u`_NYc zI{zU$7nM*nq<>xke6U%3zLjD;xfNd_KSV+x3i~p;#)5586#%}H9(1GiF*i+7(X6@0 ztMd~u%eup{ro_H? z4OkupF)f}edE6}5Wu%LV#2olTJH_{$hnDMM_HYol`T;O6NeJxAg^ zebCvnOVN`%X%_|`*WU{st%v+BuWrxtQde1dy){%_G;WuwWkqi+@b11uU=Mi}nD#}E z6+rki*&N)FM;?-{b*IfL>r-^&f|=a-MZMuw=I=xj)dwA2iqwQg01qTXs>_9?Z)Pq! zXRb!=2}4N@AhhVrxObTX8TWoWm%Fg7^mH^^TZ)bw1(MC6!!lV7lG6PCIj>JY z*>sD!+#>_9j_KESR0Ver+XcvJb?9fG>~yJTdKU08-5fR)DjBo6wFr5h`)sp}IC|{tZaAXvf+@MamH*T#YqHhy)#udk+l%!9 zCz`!(a>ST zLHikZJ?!;kbTwMRhAgIv$q*3xytH`snc;+Fn;GOZoKw32*qTzEa{P2Ct677Y01?(* zC=;KD90cInVAzASssLZOl<8_9{PVe5@;or}Qr9c$`D_l6balakRUZx>KigdP*f-(R z=FQ!kuTIgjY)jDFr6$9`;J1ADuZOuk!d}Xig<=Er&L>aZ=X|f^Nu0?Xsa&2_MpuiK zEkLKMA=g+QzbvM#!Aq4*MgH&r*`@o1uiAB^C{_BhKF04lx9Xk&oyrtNU->2=)7i=K zAIvQ;7KWR^4e(DE=ah@IhuR}A!Lq08A@m_dY`4`;H?!(vzdQ>`VqSjl1k8J5@-si3 z$9f-zw8gx0J};+K5jqMKPuPQ}bAdg6AIk;M|s>A=-h=nvch#U1{ z(OJTt^Mm+vlZuvpt484Z#;|=cxhDAgVZEFxHTEj3&``+>@lL~HP4V}aHGTtqbTX#r zSG|^mMvzoIVcpOLA=hWY26ZeEhi$UL0GUB{>X@e{5Ih9ND4je;?KsjtJj$hTk9sM&-||r}{X{_O^8*Lp2G~#&c(os~ zJH8S!2nR3f7f>TDxN*?_IApYXeMuqdKqw~S1PixYi>al z=sR$^;5k%p@S26##P9IA2gQ4geO^AV3o>1e6oPrIz`CBpRwqbY{m56I*N-cfw67m2 zrwgXN`1wI$uf#@h7hRtVG%n|LwqFDA1b`)B<2{i3>8NAwZX0DsaA;L43QKfDnCsr! zhNuvWnb3cg`B)9GMM0U~oAiRtgdWR$w}lCPxRu#!?>jPh zrp)zyr9D}X|KT^A`hnMvr>-%u$L;Gz==QpMXHZB&aY+Qt$47<*(#}=#t2Mkmm#cnP zZ$)puknHA$(2)a(n~+Z328dFVqdV~^OPcS8Xo)DG3576O#B#Y^@1qaV(?Wb~WP+;yd|}u-WE4vSW1vfFbSp3FA-ggcigZro z*-I$w&Fz?ZD37a26E^Z9R!K*&F4o0e~?YD^)D7Ofu3Z&u^ z`1L->Goi(X?sl{MPxUXBiB>ROFzm!*eSf4GEAxRh9dHWI&IaGyxqdnZI?{gbP05rF zk(%YI`frsP5~uJf_$s}4-VUs3j|3}gU@SX*g2)fNgSy&`0l}ljz(>tbqGV*6>4iR~ zu~>COV0gVUMUSZ1<3kyV;X(m`p$Q8u7}RE)5^TlFFJqT^9nQ2N zFT$prS`??YmuK3>p`msA>++M~z({<({?2D1-ELfbjq_>b`T=m-3F z4d0COG%fBWKl501k^7Urt@W5*st2(QW`j|fhtjs{;XTmDC$Hwps~f2+gD^y(>2}i=>aWxu++UvSty8j{f=Hn-*|Q17IT2R$!A-#RhA16uuFD$my(BiULe!&*-<9Vp z)%15zAkazYAQw6o#@3A*2NgKe!7XM2lTYo{AUno6#D(}o_hKNmJ~+$ z^!pV`z22$X_#LQbcb+jihpzQ7+#&IOF|eM2hbr49+v>8kU;5znozv&-}G`u6OX)Dpp!KHTl+8aDxu12bl} z>ZwB9w;zvM=5_4pxQu<;#qM_?7GIc+1kIEDGcqqGe<>wmA}Q(%%NE z&yX@O$`ZRUF~oD|=DwLappGp2FPjnmr)7yb-Heto{JB@ULT5Rf+{h zJva1yCL(x!Em+M2Jvyqs1V0xD_9ROIB_8D07potZeombceLPKPWf}q6Os9OWet87Y zTpx7dQt8R8VVMEh9;2qz?kLQF?2yA}FIL?*t-*K%va5wwgtd@UoIjc8<=A;>-kVI( zq{dZC3JFS@pv|tDV|p*v5wRPwQI%cwvlj~hy;-~; zA=jih;x&9K~J(S4T@RNAqpSc%SjpK_K`vd-d5LFFtk zc&Wz6*#Be>mi_5z%!D|KQQ*D`Nx?b{n6m|<4UY=UZ)lk>RvY@N+`D0Nw|jd4Z6l|6 z88C6)flaTbDPE^zV9C7q8Twn}Su(M=P6P1X&gu1W+gVn3C(@iQ=RMdSU0(-0>J^{` z${UPn`Krh0jk_tM1=8Q&PNF(*f_&#Zm8gPNFdZk@NwW6G3Jae1+pqehAqiD~J{+ja zCw;C^fvMj)1jA+}_pRG%=P2-w!3<&L!D!8d{2w7bXkuTs zIBMEEfZ5z3wDe0#->M0^1=YlY)co^{v~hIz%OIAe0|#}fL7b&*Sv=d*w=C#$vMLMh zy@?;$JTy0Ec)z54oRLpakYPM6KLye2w2<&v^b>B_Og|(k=?Wp35baNh+z-N)#CqNy z^qKgHl=k?;XKQc_DVA@-_~**1jbS)4{n~Fw6@)$gl-^d3i_K3KpLsw2tTl4jw2(Y1 zigYJqB-}A}y(V+t1EJW(8}wKW_c9_Bet@|8omQl^dQe|jStkiv4}xjJ?O;0*Q;V5m z8+HMWsr6-jOx+FVdj$g%sBc5{MF?ldyA;Piu2%A+-_A{S*VOKnm5+Pq5)_I+H-6N) z1l_3i=1%nihZgB>(Ji~pj4?Un&kXZKjo2zLk3JnL$82yC{t(_4G{83@u&+URpKABl zjs1|HTXFvp-qP93E$+$d@O?el7Ne~LnyG3vlN^~P2Z z-_a5j3EmuB~JM z{&8XR8-xs70RtG{@nD_UW^RbO72{7E`-IaeFtpcx`E1n{@zvK3Jb*hq;MAtF@AREr zo||XFA90|BIBq2zk$}>mYXh>;1@Jzh)zmA6wJ{)-s~BooC)Cx59$2NW`(4C@gy*v2 z*;tGMxLvKcJQ$zR*!>-l9oRM7wBXH2mWzTKe|$+E!TSnNqW#6H1qrp!Y?^D1r?n!P zWXA@;)cxC1Iz;gyMTh@Z4Csc^p}B{gSalh7HUi@L<=;bs^6o#~z5xqeJl^w!$DO0$ z-ZvtnB&;Q9c%3ewm5{2o9qL-k+R^S#<*yUgG^Y}CMsBYWycz%hR?y986afQivAnx<9)Eo@Dg*?4+Dxy zFeOkp(js8$+w^QS+qU(cp}~i1OPhrk4%TV2L*w*cdGLH6SaqV%)-HA29ub81(Qb?J zO5?1DBB2v_1dK)cvR5p3=f#6+kdN)a$8WE4!^~N`Zy-eN8VHFi%KId#s!uw;1@km0#k4{_YH3U|02qX6v zlnb<6Zv4`=jN^XMRD`vROrPf8o-R19`L|a?QtBSrVgQ-Nn>Bs97#t#Xn=VoHmc07-D#dqWryt`I%s3qM z`rIoqNdH`CG&aoQTeshq_rh5AOpcAy?YHiA63T;R^ z7x?>%Tgf6_nwl zUv*Q0bXUk1H@f;ZU31)sd{uGv$)h%NAyIr>))fG;o)PrvsMRFgjjOR>(X(1&23&Iu z|MF0n@jg`fOL<>a>qJ-|9fsmQ@TW|}Rv3={VqW$zO1yB) zAkB6{V-{1=@(Qmr~FzJH(xzz8MYfNwYHdnhz~&Vqzr zO^IJEyVXB$r#2H&rHbjKpxt+BY#H|vJ3EI=T`t)RXkLH-VxI|@7wx;IV(&Ha`}Jug zKCH+h`y5FzpETR{&<|Ch;;l^efVvx8vE_pBpOpY?R--Mp!{=+g`ONvGR`QD^Z4FC@ z+;XN%t{7ENpCbO)L|ZrwCTD-i-ha~_eIFb3VIu`y=2|PhQ4<%Jp{pJWNeRS3=|d6U zC{$l=S1lWb)g7hV=jq&{iM^oY^r|u(Bo#S9ALvE&|Hj^X2Q~G+f1e@(QUnoc(o__r zO9ufXAWeGjy(_)LhrpKBxm#ae1E^)eRgMOXP$Zf+Sz|H zllx9iCMUV>bD!&azh76DH$vCva#MRJO3rayhQYtsocqi!RH~KEV~$iG>quEK?Qh{$ zED3DnR~47{b1rJaCgLZfk*hqT;fR$0c)1%ULn24fa$Jvx(W6L~O#`r+kwZsROj(CK z;ndwqEQ$+y6F;q2&g=37_DzIG;^ir{rsEB#LnTM!+z)|eGjl!rOU>6q7YB}`rv8YN zu9$o=hP0En9J6lXL$PG*2yS>~4nlqnY=$Ir4wzVOIe5g7cXngk0O=egJ#g~~OQfvI zk-sFc?;zk|y8J%^g?2#KhEOY3b*xsDp8RF*c&K}>O9P4ajSVSO(>cr9yY(dhKSB1| zuGW7>zsFHCV_TP=OVl>y6U{XD(g9G@_^o1H6cdeWa$OqpRnfav0OZeWH}Y-oWEi3H zvqH=f6$Fvc1CE?Bp^;iqBd_tdNdmvjf6oDyj`)T>-dUTcoe7~Ob*6L^Luf8v`5o5b zbM_d@EIx&TNBb#9jw`@vMC3eibt7%2^hZWDFNG>SKZ>-!KbaI+HdFI&ZfOE|q&CBE z9<+Zs)g7|H<+uIBGV*G!O%ZhGa|fazYZY;a^HPo0yzzkXi;O?Cvo#<4>nF0R@df6S zll9>>eXJ6b!p-xYDvU_q(%O0w{^83~4L)e>ZA9+5;sK+-W+FV)wMqntMLtc~DKmd! z$gGtvpEyjpz`GI(9#tL$X`k*hOzi2g*I4flAlV{S5TnbCFssHz-PbQ(_MogZJ1SAjR8(+w^sf6cvg8*2_O zrX!ZOUL&#nXSG1p9hY2wV(ZGC2RT7eJ11z=hYoB0I}rK8uY(||ywe!vL^r>zZdWp< zPG(tbV6uBDalqn5pMI*@4g(_pkDk_OQngzMCFU~dB-s`Td$w^ zm;1hNFAx4evG~Y`G=!G+)>vxs57^R_u_AY z@&w$xcjA0Rlv(XEs9^L|JCvv!bRFf&`7Z3Y!z}slMb#!1*|CSn43*ZuyUroEWEkKYp5HsTMY`4jMLKryQ*a!JGw4aK3drT|uy#M|h825+y6Kmo(MzF&(XMX6 zJ%gY91>8whFHL!ZS!GL#i9Y&-ezd70PhwmrlT9nuk9P`S(i)3ONM&P8 z-^-@|W3XaqI?rA3c%S{$3M) zW0bU75{l|D9uBj$IU|un{^*q zipdHkSU|6ZnJgWG;Y1IW75Z@uUdmY|L{eMOLUCBVa!A)>CK$_=IrWoIV#HJLo`0_I zBB{0HDr=nlInDG-vyZB{1k*;b{xK@fTWlyiEN&~R4dSzq`N@QFU%t_iE&*j(}5A(0(^FZl=EdH9#iLC&T?bXEI(&~KpNan+nlNW)lw zWSDKQQ>l|CZ(qfbt@8Web1ly3?b#k8}mBVXjT!AGMBI-9ali&M^}^Ve|zv%zsGz2w%(_r!jUL z&+RT-tuP|hNBn)e>t3c~A@$I2(XKzk6_uhQoZCw0!es4=rGsiMe6C~+#DbJW&~D$M zlF>rnt`;4YH!ddT1c8wOgfi+#M6cG~w*-brx04k)sKXu}xncNoHePmdz&kRoPL?g< z+9`OTElP5F^mP)bGAAi8yxyq1DxCpe3Y1CYzxF?~+~~-p0RFijC`Fvl_!`dW$PBpL z@IeIW4B`>^enJS{8x=*T zCr~j(yI6cbPIw?X)%TBj`5#MniGYwvejkSTg}See!L@)>@|EM(oi)~xucjo3@G-_= z*or7xYo8W`zM+BkIf2DL$^CH9H6izJmNw?9jndjVelIhjW@K95-rBHg8~=v$-!X3d z$Nvilt*(UZoa-i(L{zO6>Y{s1r&E@5G2{zU66e|&aqR%jP>VIn!cX3N*u3<2Ozb~t zpZ@@TOJRd*U}-2%3}7pq@#{@#$Q7#cQ8R}v#{$8bgmfGlZ}j?tcZmF=su+pY zxfZrvKhlHOWMe5*l6bEqh5B~k^nc>R!%-mZhl9AHTJ^pMDfmxSax;TDzdR1&WDIW^|^t|G% zE`}OcM*9|ya(!i%B~dXu$_wr*@9n+|`XeV!h-`ygY6@q$qM)>3kM9&*Kfa;4jK4Zl zm&eCGeN#nU48+P;=3^CQvNXhq?%M3N?JK3>pZOdgdhTNMXgL(+da|SeL`aY{YDK(R zP#*&Q_^ZgF#Vs!n=(P^C*}p$3SUe%*XX$!-3mGNTnOqfm3taDlA0JM90hLrn0iPb1 zPy1-zXrq9QvXS;b9Sb27*7HDZDVpIA@WOu77F%~;4?OW`=ivOra*3!8AgPCrRQQg4 zJ0%;X6dA2&tYGt`cBN}E^fM>QBS*B@zUAZC>=7V3>~W}U8h@o~U`10tx?=w1d0|1T z9q1zG0PGc*O|DtNXOS!Me>(pdB-;$3vX>)%)^GM7gLarB`6}G+u1nO`;doog;g$C4 z{~!FHJ0VT-FA1qliAi+l7)Wf}mg`nIu~`B~Z`8TgYFXZPerlqsa2~um?NVNZpcueB zO*(3mOPRm4?xK2VwrXO>N(iH<1t~sX@=+5~^DvM~s0UkKXKY&(h@veg}^dn0X7(F)Kx>G9LfLXt5Z%Ht6q07Jk?v!1@y+$E}1+4_5UHJocBP z&>rjfn)^`sn5^*c&T5eb+^6W(rE3+s<>|~Uz}s|iVOtM@NLOxddsGjiq4%Cya>Hxr zTCX(J(sQ=d^USQ@87QlK`JU!m*|=R!AzvJc0_3xEfbHEsPUg(ukc@~E%aG|7rG~cO zYiVUYD|SGG$Z`IA6mgPZ9K?1mUi$0S*&vSbW%rdii5TL|Ui%UJ>4ekjEzhLY-1Kb2 zrnwI(YBR!VwpsC>fa7vTsF5Fjz3qgaf!G>8+C_S#dep_~$gi+(u}*k6NVnx&Z<4}T zh<&04XGj=H`yEB5EF2PQ5Os!&gc!SFl|zSrUrfyy_vc)4wcgyXnYHw~~J>*SENH7~M)!)+N;T&;eRw!T{WVcR>am5%E71gU zmHm*eS26bs%i*{ac~c07GCMEPTA$o|T*?4^~H%UjE*;u(-b!3H$Mj0b#@8e9;|j6%Jd zw+gfGndX-a9Rn$&@eUO7>>B{W%!?SZf`_&9=onSNI@>4IV};lrE8DU4mdUNx#LrTz z2M|?S^xXdAcE4eIoFlKUeE2vOdZT_ z(NKnQz!iYY4*Z8Wz)0dD*!w$9JB*5X5YCnH0^K*la2X6B zLEuG7>NeZ2%)vN=qKq1IwPr5c(Qjg8`+CQ?4e?7ju()b`HIagqc4Pum zaO{5=v`!yRqT4$r7#*5aBhQ8JnOED#+i~DfGn+Ej9~ifXF=iJyPBl2p{WyX~tQau= zCe#OLN4HH@Md>tU((UU=QG^NDwL|aIpLQ=$vZ;}>NTkSO(;pZM+fmVh$K~GOLE{G8 zH$Ojh*D|6jZ=9a5Lp&=p7q_(3t2GqSGeO_lb`1#@X)`HG+vkLQ6O3-xX1s|vvpUd6 z%`91{+lgF+&VmWZ(g-=4R6+nC%06G9=Ssz;gC62KlI1&I9marbm?-g#uHGTwF9{{p;TNFF)=%kn_2l^(U+9)X z4`Eum&Qb+qXvY_oiVgF6ZSAHBmdMSkm3rjxjZXn3$7cZ{=KS>V$`3vVwIqriS!WdB zX>>;AoU!|qrp*wjt-|NQf3pA@^QN?Qzt7h@D$nGIV&k4u^4|<#Oml_x4Cf= zG^OMSY5R$DKHdDW+OFfUGom1oPm`?h7DF%YJsw1l&l>%J@AYe+ScwWY)N|(*Tx~li zz(BeXKFH~Z2g{d2+G~mC7iF)G82vb!C$nv~>6dIH${S<3z~B0%N6}9JJ9)c%_f5xM zn~Jw1R`d*K3SBuxWhh?L)NnDWKBbnge`&_46%^4w<92|Fb4sH3*_>2fST&VJVB+`c z#84|&ybGbg-uD6mSHLn@j7p#ANV66lRS%d?0+`=4&&brd^jt4_=tc*ZE z`W`NlnUiOSeXM!3l1Z{8rD)X^PJRbqc5P}f@+w2}ECvpYs!njlv#dea1~8UDX?ICP z^sL-a(iaJDZ&*M0vH0N*Pyv+Nsi~1Bz9qw%BBoy{36JK>yB(arEZ)q}Z3{;AK>X() zxKCck2KN9c#N{JhUvp^XsWM&ceoSC^^>Z-X3(|eh&fu2H%5 zz8sbsOp!d}SCao19X!@ZAl5}xS_m!s5B}HlKltCdHbjS%i=F(ousT82NzN_To^*G- zQ0UK3=b2pcfa^R%L`dY3hylX!FV=yz zm8NrSwOKXFzUGLx?NQ7*7B8_A6yu-d%YKkozOQ~0-*A(cJQWE%XyBi(^km4;J$*s^ z`+Zo$tXo2A4VaEXoVd%ZPb-Cp!S8C$3_u=3i|nhM&KC)}!s*`H3fc|2us4LH`BpSH zO^&rCrxOxzZtWX^;qHhPB+!-o@qDyYC(-1J5I_r};0LukrnFSUjs$}nda|AMW_ow8 zsAu4<5$^v=6@0n-TUW&Y%!(dNO|+g5%V0{$IZ49CCm%Ckh)_{uGA6*fYuepb`o$QG zVIo`GD2YPH3F{yN{3tUVyB}g$NWK&ynf>J!eD@8uixDZJaoW~*mhENsn)fR@l-vPm z7_Z1XcSGZYFOoA8sXB|Z0WF6G-_*D`**R@DN6{s z9NfuO=svB7rxuOBm;-X()A+qn!)CEIyzUt6-m?BT@|^8pBogQW72KHTO#_fMjNWh( ze_=eT{mQ<2)PSY=7sc~`A=J)jA99~iYQCud3xFERkK{-;dX`k0C+|dm51je}Tyt_0 z{96w&Z(cR|6uCaELcxFkj{bDg97gYwBKW0VH|No#KUb`2)>+N52JUlU9`Q)O*=(1$ z?o>b`)9=mS>APO<`Dlphbz@vVU;PY_L1|_f54I&zdh;aStNjpGkXpSmi^%rveg1nR zNWKRRPmgFM@j6a%%q;HjBn0uUMp2-GU-JQo( z`W0U*wph)11$`LTM-E1QT&=h*Dei(Dq0FbAgQ!N6j)F}$_&-|(lTjSEHQ{abBBjg| zsosYkZ$3jma;Xxhfs;L+UI(<722@;a; z)Wzv1E(CZSiyNp!kQL;2lJZ%&Lu2i7q(pJtajU)qPv>p;Sy?bgt0I z;|bmoF=Z05vo}lL*Rnng38QMt`PGuyNo6{tMCYnHNoZF~g`A~*ifDoJ+I(}5};p<|T!p;!T4*n||t39c-@K{EJXke1hu z^&)VBYb))yL}}(@g%|19ufk8v+FK{d@G_2rYE6<2{O~p3^e}+OI*n)lY6;RDwoY74 z)=0_sm+Rdr-q_rlh6p3XY<0mp4f&L!T@PsMIut#6*f zEaUFu^2bGhIS*#>7%=Qm#p)ys3CmHy>_ykqhMucI+dJf{py5HC)d(H318Wk;i)qrA`l5RmI1UO^Rr zQ@$J!73Ip3*FrJ8*_c{-c3n8GcOUEcuz2*2iI1e;4O|EJvJ^;tm|;^YRJ#E*T%`IS1F2M4bCFGZh#k(=aAU;FCEQCp2RHoS{b5LlT`N}s_O_e zEFAv~27H7Der?8I&8*KyB(04Lz zDmEC+_B%}d{vTYr%(DAU={nioQX^Ls@wQ5pc>ntpIKJ0=m5g(B$ER0wdA^qiaxk+N zW+EjX+ZRTmpPjDRPeEKSGr3poGPs?E+1Cj!DfORkOHl*afA;THm1@mnd-!|waGD%H zBKN2^fd%0tS;=U`))21OdRG7Jd}$_yqmlOKnzJgxp3pDZ+ypF!kN_~)XTWc&bk6@IzO_% z6nl9LzbV3?GV~}R0bkoN4hZ~fH3fp?oCAQpK7Uf*n_Sm>liYHXTsvMtof%NckZag z8Q_`8iwF-cSSQ7C-`i{x19lx`(VcKtu_%6Ck@Ul3aH^f^LTFaJCBEo+UVxItS*PO_ zG(B|b%>rgQ@wnc3OY}tt>Uzl>1g})~CQC=*tq6TA9r)HNzRDz>ql}qTE1ABDJy2Ldujr}Wq!Fg7uGH>*E^lTO;i;C%p z(v&f|`D(U~I2ymppLE1TAuAM>9q^Ycph=>SaRgK#VmavOY{yPLel{b{sk^eQ%D2VHom#J9=}9 zO6yDV@4X-eW_Kl?G%VepSf0x~JO^jzkx=mTuA@wS?@scKp{#fJ3KWhHoD6IR^6m0MlH`PC32}^9C|1As6Igl;C$<0!Wx7KO{r#zYX zQoRNj!t~csVE&bO-{o5$hMEPOqq7eMCNSEMLCdQ`w{QgHNzHD%q3oOP2U`#BCA9pi zKk3OSZi|;7#1BdNXdmc;I{$<6uG9FU5SYZ@K}ss*QQ~u;LoMJ{mAGcZaz(riPDu?# zPFNox1(`oSElQXU5WYtwU@LA#=lGVfy-PNw3Lf{STamSdfQh{7l*LaAHHcX0#(1Th z23I30+b(eMvySiW!ERaHy}kL_zO_emaJ>ioY(oc=t));vH#aB5EXU+0$5Wx9Bi)bC zxl;0I&v)066PEY~8aambeyc#^!9NNOIZyV^lmMJr6&tYQvnWl_0-0i)eV%>($ZN=e zUWyR1aUN&{1wcRnfMl|c3%;&bP6$ws7>Pk2w;0+?VBj^61iCA0$I!GQq2@0nQGpVK z_mN6zD&Z`B`DbS%pvE1o?sqJ{`$Ex-=d+=LtB_NJKBuzpv@K3f8dOvU@;`l@1W;RyQ-Q{+q!^aR0AbCK;l zPJOm2Mq)#E6tGUOYn|y{SOQ$HfFTVW^L_C;3ib^%oI)?1Ty>o{H!U$pr)0}yV`+-c zVGbH*-4NS3s0M1K*Lr%tvXuq6#w1O;LN6^BY7PsQS=m||zBWtpS|0#^$&}?|qQz9c zmH5E=6Zn;r?0}M4AJ6MU&;Hw@OosP>mTq~L=-p!8Y^v!a6&WVKn>gC0Z7jXYKi4bz zoJX#5a;Pov;?UK(GIVwP+Oq0l+c!2rsn6bqJne4TFAsrX{o_7YWie(DaFW1Y+sRWi zx0NoRK$rIO{SBV((@hJ7Bve{`ta9~2^tUe#zqJND*e85oS77+%jO9kTXCL8+Xc%2A zR1T>`moHglt|`rpsz}s$peXeosOXSdX*DmX@x_Vu?&M5Sc>zfnY5I*XfPIUoHIl;K z@yBTXSZOIsuxzKH_{SnNA%@CnQ6!TT589adIygy>8tfx`tdH``_!Yv?8e{F*pYYZ~ zzDX#UC@?Be%~lqS*cX3)aEfpkqp}jWL+z>d*AesTm{B zBtFy|>|;%v`8rxp{e$OG4fCG_48W4w?@#_>O4;2OgRA;s1K}dl1Ci4S7vqZ znI=5GOe>@%^G~_3mk?6DjY)fmoAKxh*o84{UbP&>(cnFbAE~~PoFa0Nku@~P|MTNu zvaaMHa4?(35lZJFy_&+t^X*FNhjeD)<EQaWXl^6fk=3CcZj(UM>u`{%I6HIkb~LBCkM?WvknPdEk_s`ORN6EJo%q zJUq2h1DNPt!xjy8uG3hFXd*N(wQIYia2ceNjE#B48JQ0QR+tof$83!IJ&nP^@bG}i z%+E9q4cs2$97mJWxd7gxSnZo5COrZ;_2&8Mbs}`rg+2EqI!Z1fAPL^$(M=~nC%@Nt zy4{E&uEOyd1_A%edZSN&4qOHYTn4#f^6qQLh1`t=O{fDuqRG$xl8x-$Aa@93KK+@} z78g@#dU9EW7F_YupQj5%`mq;h{+Ww&)a=v2_DuQJg8to9WXe$z6EQbqS0%8Dc=zg^ zBzG;VI9W3Wr}1GLHk;}(MULA19+q`)Xklf4-YX$0UoaZ2SBBP0GaQ?Y`PmcLx1H^6 z^xI>HU{|M4$JE<97a=$6QN!8F{%s_>ziO#FhG{^g7)ICS2$?bVSKlA$9J8V{oR+^5 zb29Fep9c4DQHzNs$-;@HF=#5faZtL5j1iD z&2bGGYMiI7sjt)9u|wGc*UJIQN@b#o=xa2fb_|__c2$VTAG7)H54Wf|-&>43-GvG1 z5#(03VM>==~meGA*$=wjn~n+dn%pP%?kiqDBI4UftgZm0x8)^GBcM z9y^=E)?OZc@-)Wz_<8D$e8t0f<(2df_s;Sg&_Q_oZq+~nx8K0s+rJ?s!oo=l0ME(2FE2n-%p2B=?{q6-2x zku~nJR&Rgz`fZ>E8R5#yz$&jdF!9eUN*<}X3|tt#WB@r zwJtnA$2&%QAsdMyZXHCdX5sDO{#zdsES+Dyj{2cSN>x2VYg5A>ou99&%6gyiDivEX zxhF1>kM)z3N%wo#pZzsL@$u49B@ZKKt%><`DP+{fi{FrcCG}OU3P9nuD<}QnG~5^{ ztB_dKWNpbvxe>5v#(y4=XC1`F_|Quw%J*$~mm{tWE+s+R-e;?Ut*4>KMn7DA9)703 zS1Sn|gYR-Y#V{GE#+sY;i1pk(e#;PyM;b9ijM6g}Z9^UT-fq+?UpT}jY3r#TyX$z3 zNo9~?#98M;B{9ysHzUxy+-ref^;>Dbci?(Y9>E6QevG338olMcm5ixDeaSJkR;M>2aYR4(?=ODeJLWN}NzPp1%5pDJi>%5$4|+*qk18&QXQzIxAh7YXgg*f3%!_2a zn;*Yj?^tkF9vkoDkz$Tt@rK)bBZoXUk|0K7{f^|YQwGGGHnFXHRmRl*!F}Jjkqb}} zrHW^d1wzfm8(3CrI43RzI%|DR*V7@dT=~SgRjX<_-{})O_&-#UwOPx29t1|677@|$ zC{!GR`8j`P{X%r{^FFRZhtl-fH!b>%Nm1f>=7N$XMJ=n*usVA#u0KLb!r8vN-nv$) zmVQhR*>bas`xC$khJ$J3Qw$d>_(4(t$$$l)R*JPxN5j8T+ja2A9W2<yLqxi)*?$tu9 znv0sjzNN0?&gg`ea-r~qC(ft2QiIs}u-&CKuBJu$$*RX6kTRFdaUOhzSNqlG)v??G zL=-%~7n-O_(x_FEs-9~kQ^ZO)Pg1elXdvmRHH92lr)G^F2q*lkPb7$hD^{!LIeQd^ zvQ!K8r?9AXKmJOJ{QH$@a9#G(GxCC$Z_ToWM=f+|<>c~mH6BPG@ZzPhM=-M3Y9#*n zUlU~ipZc&4K^XoPW)ubPv0# zeSU?*Vs*w_$f{%|5bO6(ReT-jvRPh;B0*}wELmcx|1gYth_CwB; zAU>DCF-79Hf=;1nR7PCTw#2NSp zlkec$GWZyd#yzZ0Z@Kvyl@qv&iYUcj|03lM#ClT##R?D``Jl9nH%=u}TSbvk94RCA z>Jz2T)T`e?H4h%Dbdx)=wyefE?Tx85?T0fR8O&+EbKC!EIXOc?ry+dw`xNq^>-_ps z=!WHFUa9#7c9^X3avYYCy?`-45iCamvG1^9!NML3Axu#8bYRssUr+H__Qw1XQ3q7Q z`AZ!-Pj$2urSICy@CK&*5sY9u;ijP%E?Xhi0~qu@vvsCRLvk38IV#V%(gQ{+j(0dR zlG2|LkdW1cG@Y!?tHT6yfd;+tyx8@eyi!L{#}Bshrx)j4g*qq_j1s{c$h_8Ap7n(F z=MtKdrV3z(@??A8*&ZNnq=_A7)b^%(;#7&Ax1oB|dHnihy-7S@DrUSDXM%G^RneAW z7L<{9(@}_HKO&g+8t04o?gK{w==QMh#-jQ#H~A{1E^!3KqpEcH<|$X6=y#OzubuoB z?YhLrKQFiOIQDMUhU8uBTJmzDbRPUvgsug;c>5_d7+%e5azf8smd4E7wh9uhvjenP zF%9@$QH;DZJtbZ%b_61TUf8mo;b zBKX;Y=m>*eL^TTyeaNCuN+s+{%GD69dxE82)2>%h?1V-1p)bwE$`F-#BI|MwJ9huN zJXPmaBiJsYyZ;fZ1V@mXLyt`NJ>2Kl7&4(7pQ7l?V{kRcubJ1*n2*v}228N(x-FS(?#{=w@Ju4psSr^PSadJ|**k!HPR7$qe}|}mqCN$I)%`WsaL%{^`BN#7(=7-t`IY;HmQ=$v0pnb z8%&#i`m`w4|1_lvk)^Y~mG_mbp)Zy+q>Tu^rs46jRL86^i*Y#;cOU*<$Jn7#zcy=i zEQ#yeH%9$xalqE~?7A#)_9oN)-2Zx0@QxMQU${^5&FB8-D zzU(Z492DS_=_0e0I-0-@D))jXM*PJvGK$y$)+gq8U3k1UuOn zgy!n7nZLr!gVM;RCc!L6-%Oe>&lN6%v3nYx0N*oTf>0L;ewe;5XML!c0S>_>i73_? zdId3I1dDFTG64&+7X6zL>(Z6N;}Cq7Dpqj0W^ZA7ztR?*x1fp><#6)??C| z^02t4fto{9)-JyrC$r>Q!G{FOpc#m^-`mA5)I$-_N~o{CxBx+zn_*!PcXSVD(kcIJ z+!{=39=6MDT=LkpyXtgi8R)lcX6Fpy{T>O^h>3eP8+&LR4Bx%5DJ@2smnfzs!i^ps zrF`ciR?bf~ijd=;UH>LR*h9;0=LaaE6n)gx%v?|x+irb_*!d-HJ3M^S-y zcHJ%ehdQ?m5e;V3eTIfyLtBC7)1NmF<6=N_p7yl~JpySIz5mQ_-*Ka*MR@#P^Z#I@ zh3np?SoNl$g*I?ajHL~abd*;=UEpZkD>Sz4rgp*ZyM$F3(I%eK)52e(SnVaprbyM?HNXm3(D4m)gLuRhrY*=GSw-~yXQrY#!5#s&Xfmx zCSmVf`_9NK54JpP-Hugr{PO=Qq>Lf7XCgc3sO>Li;Ej(Mn9}VUxqoa9NbBYp@_nrf zU<_xfRLo%j|CA`4MjA95kIbu)bp%`ciOS#Q_RY6&t+il_ef!2_ zvKV1iX)H%{ zd`S3~qTuOsGZ-8qgc_#s%A>{oe83cva9=%*yLclv=05Rr7u0w7_EmNRFlF5GKE+E$ zT6-5pN8QAhcRzyq0wn0K@Hh*fp2mPKutbw8MF{Z%YxwYVrZf#wWzKgWai3|VHF)m< zp0_6M-O4)xOWQuoCGHyPJA`tq*atrnoPRJ8qV6su?N>J$bap$@$i<8(`~=F9JjRAW zSyC?ZXU=MjITx>XI(i;OhtR%U;+62~1R?KYVv>KmZ@iszTTs++pb}Son_N&4pD*DAoJlDAV@1R|5i^n+5%Oys`w!78AGm9Re+wwOqcfM9Fz#{ zw2}R0fRwPNj~R2nsSE?@#TO<4LS9BRJZ5FHPcnw!x}4Uj4{N+xhH|dVkEEW4TCnFR zHa&FZRm9p6!B7|;a;1n2)Jyl0vfr$UuWfsmdF{z1BENXiKmCw7+aH0S*kqQDx?c2D z-d#Gb`I$XAi%!F8+Bm1A;;l3} zyC%Wo+8Q+VuI;AmCW4n@;4mAx!cGh3Sx&l!M&e+i3I5{tCLsoNdqcMTT?lrCx%%+@ zVdF(?9D~jmZz8x9*m;c%mLTb)xz$AvEbc!&VSe?&3O7P*ES>_d%>evW%oWMZs5#JR zklSv=LceWtxnKE+JwP`KhsdyRXHn|6sVDBzu;P7hnU5CR5(^L+55mlVPMcjfZ=4tM zx~gQD&q zb}b9F<3Qp-26Ouh9Iys}Ky${BGKLO@Mpfze#`GWUJU?6KYG6CxD<{-3xPn(^pF_l( z@|zti*%HAxwAdG`wK07XtGX7>Mk)3vlKS9>NynjI$SZ$nK#&Tvrh_iGmk_x==Cc#m zn7+?tm4z-`U9SKYg8z);x zr*+H~Cz0YCqXRY=pvv*!iy`M-q0Z8>Jkb#`y*jiq=&CLQyoGZ{$2n$&Oh-ovF6k%< z??0vOs&|(|VQfta2X%+h#WaaF>b@x1!n;(y$!rnY|X z`{xs3>chfP^XpHJ)eZq3PG^Qu>%dkWF$z&7(DABJ1&yaj(-jowy-QCBqzt``;({z) z&vlVg-epGby)ic`o<0*WDEhjHn*GB`IcPW4KMQCLKK?4MOH_MPJNp;#TJEsx@W4iz=g@(C2yJxt2oxP3_S+yx~ z#uU*!v3yk0?gzaHoC@`rykGaCu6G$>^!U*#(&1BGoT|rud5BxW7w5i>A7rD%I}1gX z7l$)~aoecM)>Z>)csMJ+dj2=qk^PF7@9x+inQu|z>L$*I2sy=D=*w77fho{T_5$b{ z`qztx2A16lZ2qUPA^&G&1FnolCqRMIylR`iXo$O)l=PipaP#_%W2VYEZq%vnE>0cM z%Y?~;A8Zogs?7m>$__xcaZU90MD++2Zw$`bHr8?9j;|(oH+qT6VA82I;AT z(mW9s`nB^}p;VKJR$4HPfXz?%{)s80W!~W(7wSdiSx`W>2aaoJz2DQwQ*D^u8ycPy zip99Ea+VuL=H>hw9Yx$ZBdu>L%YJ~Ra-AORk&q3<<`IszIp7I`WHH(AumMjw=<>K9 z^p8d#m`ynub_7;%k_zK8rn7ampb;idIH;IRDaz)NYA^!tp9pgw9Xg+#b}Q#wo@1*< zzpHshA?Rg5?n!}Rf84DT3R_eLZ)mf7SR4Y`1<8qFRrjhf}Hu0}pXW`_hSFF~fP<>32KFZWpI&d4$w2IaIa@eT*NLtAuq{iE0V-PL9m% zYa#2Cua~_kFG`x^^O_G@_my0F<*Z+BF29zBzL!2W%-NMdX;P`ZzB}HTmgz6kNz4Hp z8+xqH5MLbIl`{~9Lmsi{nQKT0#d-`&xWe5EBwnXL7pWWrFklKtUJwFU_mS8*rKNfd zSIvM&CtaU4){>LdL+(#2P#amecJT@6w(4ixI5{SE(yubg)%pI_@{;`Ps$=C6M%~VO z3-Gp|pBL*@#jNVa`O?R$VkiY0Ip3?=)q((0DVuqQ3!NX(r zSR|MydF!7T!gT9-uM2nX==~HyXhZ#xsbub{_P57*|8?6lghFw-)@dw;%+0{vh>&Y} z4+qYKo@A}jWR2vReZA%iBc(9WGRcTG%`SU5V1b!wMsJk&MGiSa2?J3yPBOUjP~S#Q zoxb)lwak|F)2u$A{Y-MIQZ!jz;|QsN-$pfFyZNsD!|r6SnP4D1><%tz8Q6FM5$3 z<}G54=Hm~`%$O{`?=OBh5F7oC8I>CRk+xIk2_wEWPVX+&)$Na;3ZaZ^w_Lk3BK*%= z2BNcrSP_#??`nB3rn;=Y26)blX{3hdc?8_-%VaLr`;@+Rdt8{B8E|RO5mN>N?cIAZ z*&)&Uym|d4Ek}sCS+cPyjKTA!7B~AbYF}tnD{^b06qs&tRHqAT6s5hb zBEy0iilNpg(qza#Y=6TiD}a+S_h}pZm3Uv6w)L#%=5i1(8xJ?%(3a?XzR36Y_rnOf zJlQzNm}iXrtZ9!HS2>?rr?aFiI)1~!vhH~|jvQF7!Q-s5LM)3MCCQIKsUQZ*(>2_9 z98PvH^UWQy`7ra;LQ8F%{(fO@My1}%3KvyO;=Ko(QdVS$~hLN|G-j!E5 zjWyYl*)E%Lu@A80DL$+d-lP2A*n6v}IHGV}5JG?i2m}ZY!GgOxO(3`hNrF4U-L-)P z3+@C-2MZG1y>WMUcX#iu>6~-VS##H#nTMIX);!EScG0z|ZC(5S|4$Yn=B9Ib=j<0^ zCrd`KTOmiveYbAuUt;>;60)r^_%ugkoJxJ@H$1HrSwl}OqNZ7?>}ae;<5*4o1Ns_~ zPp--M^}3yhrxUGJk={3`!=276q9(Bqc)0Tq0PGgxYzIAbjGTKlpgM1n;gMF{e88+e zkLxjP`8KWvdrp@9$Pf9XdQCF6EC)}Ud$mmsw%U~~-Sln2%0FIJ{LqX9wq%LOvRYn) z6a>k8ojz>@IT|2QK7v+3LjaYYR5t2Iwg)egr@ORsbv5mELe_*xdW;IG5QZ&nf@cY3 zigM^wESxI6<)a^;^ZmVYQOm(-8m~SpkTgeKz$93gEMfE1yzZ{hZ1vKzqqu#dkSw+I z9Lc%%AdG%R-U+nATwv7_wwJ^s$7O_!CU{jpY1e<=Ld_yC>`fu&$x0i=@BeKta_Nr^ zuuQcMo`1=~BZ_w61<^D3<_}VjGvbj)sLt;&`HORoNMBDrG|}`PkbYm-7Yco;@}It^ zlg@O(5sZaptPACZL>!^x3{?p|4w}-ErK`%eB9jFbNIN%QdarhN?IeI z{4<6?lyRO0Yt{P@cS{Kjo-#aTcSK+a_3DT2f)Vi6u#7Ny;zn2KN=iR6o6gvIa|A*X zc>n712T&(|z*tD~m>o$huAa7*QqP|?Y(HqUY}izBI20WlB=#fjYiH<7JL9R6crkDItS*|N=?^*3ikB63~)?-x$rkJ?VWb?;fU8Pce)fDd;+P#=*4(s=B zo9g{7EgiJg*f+%W`F!o8pFwXQE^V$;0zI=jWmfdS+qaWNpwo|QcOu3c&+oU(47WJ$ z@xAoD?$TYR_qotC>d8v|jN7_Jr97+O5ONQ(^Eu4!(JeF{wsUiRmTGtqc|W!*Jpa@m?ehu7_cdBn$m<=#

    E;7eXkDYUi&=U#7yjr zi_(V<3QDKppyFXv#VFIiB0HZ`4$9#OSvA8VIzo^5!0*)(hW%djF#YvU6DaRY#J~M_ z_1G%rBZ+V2fe0&$fj6gzTQgrKh9y(L{cM?*%<(xo8e_QigZgSXGuH?C-`pw4*1yCL ziKF1cthRM%NvZ$tQtf>Q3pn)RtOE+8SkQRPl2a@t$*my}&IO<;Ru!MnXrxtA-=uZF zww8@$I2m7$yw?FT>4m!0n7_N(M2N9i^V>@-2R%d)YH{MsZ*3s!gJmRWVOBOF4&Ia) zLdQ-wd4nmjrkFt6n$CV#9?%il8Hh+H{q8&m|5sJf_fan=FCO!W?Dd9kVq#*g>82L~ za@thch}P64K~}ZUsja<(^ABu?2aJR3Kn&RV0qL{G#D^rBVgEm&CJ+KhuJwil0d6wt zOx^JV+^Lw~OXt@24bAF!5G|^8qQC4W5pzW*);zrt57==Gwh9-;#0OE0Frx`xggR3} zHYPBMji4LHf0A(+Y((+SNp=z;z0snzEEphIGJZk&|2v3tLGKxg+{JTE1)2Wmw<}`s zJY%)5--2H#1gdZGc2Xu20HPi+z$eB1Thxs(uvZPuos@jDI0`R0k4HX-_W?V5v)`Hb zPq!RCsFT3Z;IrzwyIlGzRVKb46(q6&Mt~B?^$e0=eEW`@ZESXb4$l98>`LkDW$m-U z$|EKtTmPt-*?+;?6GXjXQivuEHVtBI_{(@O=u2U4s*=}&{v_U>*sMvb;<8y5$L)=6 zML<8~7Hz7h+Oy0?b z?(-*nVr8_|yy=)tP@#~MtClrn$4&Z`7E)6fY3l#%k^E$fe}+XFYEOVbWvBoAe1|04 z2q3s4kp76jc(#8X36j6a8;8>1wUe(rgs`^uN}$|gr?VqQ_`0*2w)+rOPjL5wMs$lG zj0GD>9_=^#f4eRLDxg1%x4Oi7y!qVBiEoWo@ZgqOquY>Wp>DogvE{x5)Te4^KI+FQ z_4&u(k&HHP5n;&lXo6#*vJR(IsE5A(uZ-$)bQ@?=ex(+!Zem2t*$p(S+XR}5yV3lw z0+f=AWNIbI;o=Yz|1{EMY@91$K(fRdtA6lBuc8daUDfAF4@PB49YyLXg12&7gBXcH zupI1JA}5s$+UX>?xC1ljeb-1btqQE`zFr;Axu0xk+Nl`KDgp%YbJ_L!zdgAhQZmMh zV$tb2PjaXw)<+P$EXP0{Ohnck?N1|FmAFAJ+HzC=60ES@fZLy^rGNKplA|G>AUQk0 z@E(l3-n_V?9#`N(z#DTIS&s2gZ(Wz)@~Q85BUhTwV9s_Z!#HO8$IuE8PqZJH>(T`X z5NNU`a((Hvy5l5kU$AHhpeTmuFy`u2`OQL%M}baQyu=ouV}bkw#!AHvc0b=a(|VF0 z#oh5-Q(@HL$F4x2!`Lr(iYCUoMY32IXlef|{|Tms!$|>y4+&sH3Ua>G0N_4SWwgt% zdDx6-8nX2;O74_(n+YE|9)yj0@cK`>VLuDL`i_76n^- zB3c6-vCljwe}CamIKu=-9HXSOPoiH_my`|g%Jmt05C87P7WqosDLp*@jLAA%=ru=W z=Ub0dCHdC~NT)-qy#J&)=@{9HMSq}Lbh|3_Pm(g~HnbHshY-4k*cGH+4V9W?rIRR( z7k}HJ|12e7g9q}{o!G<)^(@++wcwe3%)8YWv0k?Yf~hsd5rxX6RO0;=w#^Nm^I(8D zsBh$>t1ussZvR*Rx`eV{$68coOv%iO!TOc{hkDo9sDd_qXqEd5u;QBtwM_xG5B*-A z+$>Pfrvv)wGQCKyjAknH9~zi<*%0)W1}lbg&ucOh$Q!wh@y@|ePgi&M{e=j)#HUL4FTHbQ72Q6vd+ z_u#3zN{c9V$$j1+hh$M%gc4xDgq(kOa#x1KkWt$a(3bbX=Tg15uek69cxOM0*BiZ_ zP@Yi6DRiqhiqvYDLlc=u7F7WBb^IH`?+Sg-o9E^iP3O3kBX5GcT3qb|5g+e2REu3C^`WhI9OyRw@BiibAg(4*G4Unf193t*Y_BFALfu2sg`>1&{UeyCqzKmZc z5w;GJX-Fp#f6Uw;UhWT$=(Oq%b)kJ9rQwz~Q`VmnH*m7I`8u7~fvNiq1gsq8N40$* zmc7>wl;2Wo9RR4dD|K>O{eq-+lA@59k0r&#?99m_cD}&T;?Lh}+GI zvWl6{fvjmv zLB8@fSEKu*TtE^A){$8su=Q74W68uh#%COH4Rf)%h-V+|_`59zi&z`rZRg>ZyS%G> zwqe~i2I0$fqPTM0O zpm2tz`a>RD+43pm1OXjfc+I<^_D$&WuqU!66P{yYX%a1Br0B>;`NOoC@?7b_R8VPr z5Sed#M_(dm`Ok@bdr3?A*4C5xFQ6w+{j*f*j&*&Fgch<94cPKh=7^+(-OBHl-xqC5 zTvNNNg(dqF{|)(SvTdtZK>%v9ep>Q^0sU0Ph>o;;WN==jz+v-Nw)#R$D6X?ejX4^+ zOOJjotvH!FQ0(6vbZfoxJ;|Q%@;;i)Ne_Ser3pv9(xkIEtI%KQq-ihy^G@=>seQbB zoxb83PLJZYojPX1FaJFK)?$6(1RuEj0Ov$alNH7-xA>9Sica@R;0f$H|;7CYhh zny|zC6{;w`MBS45kC*Ny51~vxP+$Pv3|%Pr=RJ(2H2GJ<79`{;4CTgSLl zrq#IBq(nvI%m3K`fofPRm?)rQW9oo?S0Fw_d#a0{*VBV|6rIufWMLJkP_JAnkInmz zR=?WB>-Mz$_Tt$u4chZcn8U4Rar6XG<$?jzvWrLBU(@rzeY~ARWeBZ z`*zb|rIBw%GQ6+UvruRI^Wb+1EH)M=%eP>}4~+Wb>B21BtN;#w+>7V`n$H5X zFQ6H;g#O8kxxq0M#u(SJqzI@WuFoYE@i##&-Uo%Vw<49Glr=SZ1byg?`|2L?!tkD zXqVD9(zKFmj1tWP?nwyK*$-xVSn}4TSWv<$ZD-Nn_mm2Zoz2Df=8Ud_%*N=}5umRm z&7q2ho^XWgYAIUGB^5R+l54-x&HUlu)x>}Vrw-+vsv$%y%1@weB-K`{6Jc)B;#NA7 z6zb?ewfuCm->^bGdO%gzSR~5Ukx+S`X?=8)zt9TZ=p#H6!(b*u6}1^1H>R@gRLN zbBj5~L@mm;=bxaDfwJ0H{U+uYJX%PAU-RSmWRU7ulSy7(;Zi&s9=AD}nc>1`c|p5} zZRc3JXej1T;d#W_dR1Ovm<_EKp+ThRIfYu4E)z!mZE*~9p1{^VumMG%Do`7{@!B3P zGz-G+zoS$L@#(veQh}dHAK2ulOPPTz81yt4Xfjr-GGN%2%_7NN9?j(G=>u;D@#G0R zA!9UCq_a85g_u{Cex`rNO=jO}bd0FKkv*J3jX8{tcVhCL6E>$b0mwkY%LtvokkqA3 zXtj+OX~cqu(|H|H8>7>^6A^ZTLR49xMS4>zfBX&?S_&)Znjd?=E4+pIQjlwjy1OZ? z3Lkm5>fhXPF5q*c3mLHbqaP19OsqWKc0Miw4@hZ6hFJdHM7G&w@8yIs^N*^edz~ z!O)gRp_1FX4DZt&?}*(QMyV)M)WL3vME(`RJfY8?{powRS4qm*kuH-q-;lH`j(4`$ zTt0r38ek{w&gjrQ(|}oNjx4O9f@_yF6we~evlpjOy{aOQ4k{q+PtyIOPSq__xijm| zaC2(>7{WhWYu-GYUhj5QE+CY};Ui?ko>O`7+q_umh4<{VKQDN9sv=QOO5TB#I;@|N zVx7k#IJf_uaC8)-x@fUnYct2A?*=JDey3(f7IaBd`fu(_S_tnnl=uz<4zkNzoqw{r zSN47xE+&~yt0~`BiWPrch{ED-dzd$yg5DYiK^-FuM8^z;1h4teV?-NbR~%Pz z^&+?%Pe$bOm0^>XivqCw*fT#?hx+q~1UMZY-%Z;5CXuR2z>0ygHVST$Q%bEg9=g#b z=UV>y&SURXmkZzh!Z+Fh{ac78MJ1QRf1I&rxb1}T={-KuupR}G-%0FVfV(9I5 z)5<}{nE3HCj0@(U%V}o;K>|%GUaBYVL0gn*M)Nk4<;>;$_+YQtKqIAgOeU5kqnjM3 z2lbQOvqczN(P#`|#9QLpd&eyoO77(##-gTIF}B=Pa?e8TJIdAizrS_cXL+1&N z0f$M|W+QGQ(3~Wy{Q(d2AF_w!JwyU|3K_Px5p_FQg+ne$;ZC{Mj(Bjboj!!Uv|qQA z7TV79pCGaJ3eq3NKKdtv00?O45#cr@(&kET1oWn%o$p^P0$0cm7UB`TRgeY}xg!*y zZd}&89sP3vRVjbrO-cX?tS&;`Qv2-a@Zx#@t>wnVhypA*VL8ue#$T-9hkybwa1i0U zU5dc}UE#fg|7}14L!EHaL$KxBEF$EAO&B@=0X#52K#+5kKC?6Hc$FdD{N*s=0>IS0 z0YcQ&>E%5+?0XiexbEt=zt_(&IKUaq$BimDAUFatWR#g)p&GO~zoIC8iiXKZ?l+kK zp;yoFuW75i5+5pUpA-|jorZ3^rUIb&`Up*e~p@FV^&K@Z}TrDDb z1)Xk;hWO@arH!% zzI*Y-=L-I%$tMUXJ_x?ZBLm7vXTz@UH2bE>vdB2RIG^7(LJ-56Tj(uUhpN>$fk$cA zhYN+Gs!y8SN{~n6p+a~RugDh9a!S z+@eNDe#&)-oNWGs!)t?nvfl<8K=R=FM!J2Dl5AULMdor>K6rx;VaPFlVJc&g@#3&+ z%uT1u7LGZZDQxC2kr{}Dd8Z6LSE=LNGZ zW~ITO*G8-JjQhls`CQu?YWIbdLr04p8jUPY+ToX4}Ab zl!_cfpJHm(M(|mKqz$&a7(@sqI^rbyE73n%_LoxhK3w)2N@ab-dVqBKQX(4gb-rKs z6egiu3Eg~goMkUiG z$aa)c$%NV@D_s8oDLiburAEtO8h%jNJ2ZL-BWbvk93w+Grw{#=|}Dv>!!8 zDuIy20H;(b5s}6MqiiudP6Cncp{PuJsYd7LU?U-dRyX?tZQS0SfDW`#=ax{ zPm>!?svl9IGe^ed47PgIo?fEZc0~6xh4zTzESC%pcZlT9==w2!9SYVxc>VdNV5@#! zkh8%AJud?NY1dqM44b`y;mu}^4v^FU$|PT|IB(VtOVDo3Cs8U0qa*@NzJIjad|#}T z_0;|jgvV--E&mP~pY?+?HVgU;po|bTh&htuTyzYSyn1*jDya{Qoh&DyfB`At&`(=- zhjQ6{UqN=8TKN<*S!@4KE`di z;M%&prb3yA4+)g9IGww_(L9xfR?6Rq4r~h~5Z4$JMN#d);pZdLvFa-4}OJR{XWEeARDS?Xhbx5m6PkNZta?RUU*K((0zAm zAO5kp0(-L;9mK;qb*&;ROcIM*WH*o}=k(U;atuY`SDYx_nSBC|>!JvV{tK(p^v7Z+1YxZQe4qqa4^?SD?lbzHSN@u>?9*TON(4|gZcId5~t&{ddb<<12n*)u{7V$c}xfW@x1oN?6tlfXT zsx85NJSTDnMn}SriKoI8Ix|FNN%XF|m96%5=Cp{7r+!xopM{?o z01-{xmOC6IA6ek?)B`$}*P%-g^EMh?owU#UX&>3@_MtC<^xN#EC{e>nOze8qzA=2b zW@jr3#nI7Hz4B(ZPKyuqxwmfL;Vj^QBv$0FL}KK(B>R&Q{0`)0&);^NkJp@_47|l} z2xPzuR-|s|W!#d)u;s$JKdvhwH(T zZ^*1)GWSm17?RAHIyE|Fv_p`DGH9}p)LQ}I?F-8fS*9qR}?9M;Dto!~=qvfUIcUwFkFj@xV>E|nw7sSLc z(6Cmz)DhN{Yee#C`U00~l!-UUI>xuS8C>?Y@>snd3g3402X# ziez0*Nn(CRQ5{E7P>JQxA&oT5u6I428#VKmhjMq59O#7cUGJ4BSYw>T9G-UyapC@6 z3{OFIF@~Gh1RPRW zr`3b>aolEaT<|CsH>Jvp7FvoWC?&oJ*f)2YMiN}z_vWQLGWm`9qN51#uahaOep>W< zX|;NMa6d=qBe%r|`71jR&zR3bb@s}zq_sBKzoplYm#fr|*{L^uz{q`4!EJ=64prEe z%J7>S#P~o<1mLoum$1h2@ z*>miu;R6+f3aNmkPk|I$V!wSZPnO%?XQwE+y>CP_9iZQ3h}~ks1%)Gbgio zBv)83WHME`0vMlI$|mg3_R0v(^E6`OY~AGAp+PpBobak!|B%u_VbV(W8cpu*@_4|`Zoq4dpMm9#J@ zaC2@Xtu_19aN>PJf_)=W28)f6R-*%)i8NL)sU>T;lTSt}D<2>$Rbh73W7cb6GhTgG z=@<@ew$P2u?FF5(B>>W|O!}=w(b3{@M|9@cx&3{t`Gn8#U25)3r+1SuG;-=-9N=Jh zcITmr9-Q|g+4h6A@0ou_pT@=8a=p?3d`YB^rT|M-0}Qy*!%d1*P2>LlVJXW%N2*co zHm1wv`z1ru=S{Po+}D_uYup-J7G&s(4W+QJp~MZ9(5Fd&w25H~m!OFuDpzSXA{!1(?frfAr^&cLxjJQqrOtUxKk`X+}ueqCPi>9!c3O6SM z;G^^v#)68LiyW~l+U*vr>-ERiQ>KY4mMYx62^%OKVG5#%2m87mi|o%9KM*2PM&iy1 z+bsS1@(pt|u&IOfhju$qf->w`Pt-@^s4&{13}|%SVM(|u`;3pxisoZU^);%y8X0TG zpSw}6ApkRuR1z=8lY=4d+(9<2b!ffXadLZP#ix5C7@5Dtv_Ot`5M!tZ2-G6q?<3{Q zj6T?h>JaT38??M|REfq?-zbu#=3X=VS`iRkO{xIGD@xzAM}N6bqWWOW=rdR|Q2qFC zD#u3gn##>4lL?EmmZ|%mDzCo|VO}Hox0B-eXaaT<2r?lEVF~iWK`W}}D0E1n% z$L`IN4IlkW+yd-~NZW@lCpQMk;9Ry2`%RKETw|JwYrigoP5_#K=ve?V}o;N84Sb#NHlr8wfQ&r zyAbP9!5&SUL70ck_E#PP&0o#W9<-hUZ!Xw(QDKoYO%{PR4qVr=dh*v#@FhSY%8LWw z74Cr_Xfmn&&Kth>QsauJC!;L=J`+3D4>qI^`Pc*#WG<0J^^8=*NfXYv|ey=(ezU~F4wmu^{2D{uTFGKkIekjUEtjNlCJ=o}|s3-`6 zUf^6gM+RoNv$)&^pacCC^2OE|6>YR$(momcsL!t11SY#A5%dHCOL<+51XKdY1j@t+ zWKgn8W=fqXm(OFei430Tx34t$KAocSPh_-B)&XiKYn?DkIbu3g@`X5&4^~kNsttlt z4_%RJ@1Xd=pis&EusYp7*=78)90lvTY+d~ERmB;uuQtiMWFsZAijy-`jRl3ScFpr0-~@i<)XNwgmhWIeW~tR}P7CE?+b#zH(%t<{|F!|nS8kH?Mg zZkbAKc)=z6#n_j2q^X&sIv@W=XzZN6ZVcP~yuOL7t9o$vBg*TAnk4m;)STQ3ox2n! zh)QlDk0!{4RfX-VltL4Io5xvaJCXPvErZ>isGW)VfGJzwkgWbwb8j!j*vfDtvci`n z9U_d5z44+VOdYX<-}4xfG#Tu7j2WCyj87iVI2qhmj2XO+RQ(l4jaP-W8J;AZH{^m3 zVS-fWK81HsDHkl%*(mH!n(uZaeu&FhXz6@zmY=Nh zmOMi};T%Sw|2=##vp4l(T-0sZT1ZoFRO74))zUa-9%5dk^?BsgoLAK$#4b*0bcgVM zK~17gR8&+bZGWG!HYn@v%_w%dvjc^i=)3Bz;Cb9%mduQUaL(R~hWWBPYUI0?X;*xf z$zc1cH=Aj=6ZBK6^ei}p(vW!X;H~9nFjXuBg=fcY8ueoSDwPBVMKTYDCtnCwrWx#h zk+?*hty_En8jSFe+n2is^!2{W?MO?sWLDp9=pqFb4klZ^-e{b6vAaLKp+V(9kyA{g z%E~@>j})@OIlCBl!EEBkQ^JuiJ5GB>HgZ?B^g4F);u5W1^HHe;u4<;-@IuF&c})9$pUAzeNLx*u@(CgbqX#|XiE5`+FwG*fqxeX z235_+C(SUtp3r@{W61(4;!fwVPe*#HmKBn>ee{+Nsdmx!P#8lk5XQ6LQHd;(JOLND zrHst0$1#7hSfaA{UHwM6Hp)!I}+*nSJJd^9eID#@!+-@ z7CyVu<%UYJnSCmoBe-_sy{!yex%rC3HUbEuQ8LS4yussXfIdW#rbjvrTlCQ(btsp8 z!tCURlcGsM`K)C;*TqW`vZ1EPVeLe*M=Iq_d5C>{$$jt@s+!mv$U)SS)k&4_ zwO4DPif=_o|I4lUL?-KYOna{`Ty}>i{q9c*8#Q{VjWqg3i#ev) z2J?hcyHJ0lt`4D}68_A`ZJwH@6iCYAFsl&NlSkp?UJoCT7jxwZd8ztV#S1uWqsAT%V^9AsCVVp6 znpxPpVqKO3i+^(=dQ}?EWq`2*G|J}Y!T9F7XnT(JYI~6Fj&2dhjjNeslx%d(Ouft7}`EgAAKvPzfqRx%{u5Yhdq^}77O(}ADC`}iZH_D_E zR*4Qb<+9%nWWR0ZPB%ebyq2LnA)2xEf+sl*53xTQ+x8S$kZIqy5snKYP- zDTSzC9af9V$7ZpTw#H&5Xqx6B9b-6?PGa5Oyy-Tw`zH7#G3WRxSfOhAs?-%er4PzKQN?6O+cUju_;FwboB z{>@*Tv-p!#6l)ly2083OunSMtDqJB8L2&@m&7;f_$RsXiIx8-x6)wKkQvoqCgw2jtEU~18GSkF5dAj#w;e{`Ub&Zzq=p-Eg$<6zmU zt0H8P2Po%y2eGYG#}Ywb<_CRisooOLdcOOGa*sKZg}$|yP>4gf$?MDE32MexVQA-> zdv--=;Ro7`P&=O8r73NTE>k`l@+cRpsXxX#R;GEY2@5UO|6o-8{nIv`TBm5dakA!w z;J(;e^laJ|(sUtA1LTrLr%}T09iGnA&Qc)e7lY zUv(VxdSx3fsn7+dTgz zPPt|>+Txc}c_LaPw^qDd_&2Pcpl88Jnf-~9NLpSsanM>d@<{A91#OYI9aP#w3x-iX zw6vzel!h}ZX%~Bc0YVdbq!<`n;YGKbwU zp3~ldL}Ua9XLyXI^l6auCZaU%3!Hbo$s6lAPd1t6txc9e7!>x(jD*=u3XY_y4JO3e zXiIk6rD}dyi;>Rlz+j1uN@twVogR=`l#rt#!-%pVTPd&owg8ZFa-}l6a}8@Wg@q;3 zNaJYZGkRr*{BTT25BhYHp=dbod>{?bBLrK4kd8*4^$NX~?IQcLdGxr8FOc5NK9OpY z{p7qJyX2{i&bi44?lAcA8-l39#}pRzY%-QWxOO zsrsbWeri84=&q5PGdZI}#2gF4hv-c~^zbMVo(|>%-cf};MP_??3*;HmN zm6s3U_>p4eYYtnKpw)VvRBY4^v#LfjKjXH&OI4Ke^P_3|z*U^9)e_A(>upUb{$$~^ z_JSfn7Z(fOv~)!IKGzGLB!zee>ecxO7Q3fiR|DHM7I!tTa+yZw*R=0e2@~u;UY=9~ zG$HQ1F(!ue_wH>`z3q5l=}ABHh?W!gND~IO^HF2a6SVM=RfJqubi#C52RF?WVAsMD z4t@8o^03eCPq*c9AKB@e65UrWA-KQ9<_X(pH76W^i3)#DBgBc%RkoB3ccw3H(q+!D z$Y$$3UKUhq_Oh21EkDCDTH2iv;e9di>Du9;0rc`}e5MM~-n3H14E3*hWafk9*l+WmUjioMYx z62yzs*5SFUG3oYS*J0^&yEBL>*yPdJt^y9^eb4t0gDnLv{5yjfdGo#=afYWZEVAuC z?j?iPw*{ZGPkm~Tg|HBP`OM^KBU0=3D0tqH%(!Kxx5Or&uxST>E6}<>f;gHzXHG0v zn=6sjN7d%cOqMxb5caxCPKP<;`2)gUao7wTMKG&+-{YFdNOck7%EOb({QZ?kEPM`= zOlYxkE2vquzTx|)kfLeT?XAu@Y*qTAlhy?yDt9}>vHm?&AoR*yI$+8!yo0^Cpbe2o zh3Rr4aC_(Z52OSG&j5uG7oPN2s??2^z!rD1W#^v|z?(X`wx{5l6__cU7f~AAx0x%leK1RM%p1doS|kBuI3nXig!zMY z!N3z??LvhD+fjo0svY?V3o|x?mZ{KwhM8wh8GQ=kwRI6HR5pp;`;(g!wh>7H&pqgW z5=1lrpa&e>Y}chan(hQ9xCp_jF+^;^d2rahcmESM62p=4s2)2I)}Bz>3TW@om|aSF zz(dThQVc|jU;%U-gplzHEZZQV0K^KDZ6L9P;+H%f`K_j2J~UTi>!D7Eg=k{l2~-C0 z_bgGwzJTE`bJ>l&6aEwgjsfeI=%*|-SlPr`-`NSkpHkDG@Becn^8i)=mo&&HlR%Ej z*X&(aHF=+b%wKG87XVg7ogEj9)^^wc&)_}1IjxV<0Ztd4w77;oW7;d` zOWP28JpQ`IxZkUP>Xdukl56RBkC(%vNUhz zy>tyzSZ_2Q(9wOf2QU#%JJYnl){WQQ!-L-F#<-$+Y48QH|9E%C(X`k-!(y^h+jM`? zlP}=;<TWtek;2v+gHUAvh? z#mJ+uL|koF3aJ^$I2_M~AObC>&G|Zeq#Q=&kRw%cThmGx@dbrnByEx zxqIWbPUp9vhTB1R4%cmx9WZkCTDuBVCfB)nqn&3XGv4|7BkcLhC!c{+g&wGf^;pe~qK5jQpSnbFtjmdcwhQlhZ|yGl$P6!BUftHlj2Q z1oux-(fO+-6%7D_1Z{e8*OTIS;QtrQWD;jj_A{pq!)m!9F`6Lh0o@;_^y<>Wk_isx zNnUK@AC}LXU?3MF)XpJWP6p z^p?;5`Ow@#zODh~^eH&n!6?+|flrD&92WOAWVBsC$@RBiL{tc@qS~oSF{b=4u1{=D zdvA>4adZ4E$loIum;X5{#kUoQc$^Xtipki02pwk6)`SV0ub>^#EPtlwOr&_C+oC;X z+4B5G(5zf67LaphZN5^5mjTosM&C zTD-40nNFK`Io3}T1XZ1p)9REW0>_|ePGRLe8~wm&?BceBe#(Uo#R zd3nW(nh|*OcyL!$z0oGFJZ=DhU_#LV!jP|QhYC(m|AwYhGJjxNUb_mT9Nv-n(=Z?s zWz6t&mnv;k(KTLz*4w?tHj>tIcEc=@LH4%hU_3tTD}}V{%Uv)>orRRP2XZz*E-cgz z?4hTz{veIIW-*%&D4l$a0VqIOprr)lt(Gs7Ql$o~ZR2G|m+LD#U-#g7w)1F)2 z8Gdf9C1JDosIIiX1h15>x5mcCuIhHSm{M(hAws2G3!(k;fQ9>LPyhYJMmElU3BZ(+ zlNci~ri~j#T$e|SU!NQ9$!WD;q~m^QwVor)x3Y!-u%0@%Q(~j<^#8{7w*;%A&fgS| zx$cVfV%IObJJ>@-$`hYEADl7qKWVrgnxq9jRqZ_BR^NvUCvc0ROciVE-U^yO9zm$S zHJ>i@&Mi2t^{UAPJil;GQU%VpVS%7snRX4=-A*n5PosFE-#3DZ3vB&Jo(FTT_;xgWwZL^+1R z2t^d`#fyY@+H*Y*d)@6V4C{tIF8>dvC!!i6;?!=q%pL!X+RtsjiBe;$lT|uZDoG4H zvSBXw{{!sf$`sm5P@Wp9rN_T^WjmWK`{D8Wknm`cOo_Zbrsmf{Gnv_pltb{tH-nbWMXM&wnAE|phkCAuXN3diD2$r=z_N7;W*VA5jByKZ0g$M_J@ z26;1^ZL(1*(nUn!Ey|k8WaKlFMY0f zvJXSXn%8|a`1tR3BHQMHlK7&CxAtsxpX%T36zeMS#eTW^n>5IpE3?}=4odJmTXXhKn?6yN+i+#~<=!qVVObHqmPnoL zN^bPN3YuZvlU>4B+EmdA@~A?9-kInNoe(mrQ|TU8Dw&6wG!@H7DWOsEM0_tHtyxoL zZMhZqh6xyONCUK8TOPKlv8L-dX*Hgd11MNpv(jlp88(z)qoR0arK%{br?LxCexz?S z*=#ACIc|KlE>V7md=~%{}Qaa+XqnV;NVb{F>%@6{?5Crg!`+Ns%XwYH=m(V9@5+pJEC>5xvlwbIS zvK0#?uC!Eej*fmewH&SLrkv|DS&Spv>&13!{R{O|>yG%A?vco%9v!wqabbLFl^a$) z08O4kG)Fu5?$5D;=KD>gN)1}c??>FHYF6l}iE89UN5fhK(rxF(K#(5e9m=}%=lQZP zURto;wT$eVs0$Pey?0ZVbz!}q`g1YS8`*YF22$+TE z!RSi)?_l&nxpIEcOAma7JeKp znCaah)s~{AV|;4TMPA4e{4a19GhfBAAr<~C*;(;XdgN3q>f z45H>hY|$ci?#{94a!bwz?~5;D-{t3lNh$NikaiZGsF6f9-Vk%wU45EYCo2~66HXuz zM@NZOf}tVPG+cK?zBxZn7HFI&*9$ z!w;pP*g15V@BTHqE$6o7tH`-t2TVAP0}2Mh_x!=f-oSM6Z*l3jBy2vWC^A`H3YDtYv80-CUx-8BOlk1CS*6lZVyT7Dtw zl?Yn!#F^r8xdpR+T7%8t@QF~9qITc-1Jwz%*?hlZvDlJAG5-%*&xRuo9y`)x-F+%$ zru1zWSQm_Lj|sTNx>(|@9s3PDhR=QHacws(@*sqG31{uup_ixbn>(Aw1EKAEbG-g% zbU~O`XS0h0qqDY;#1`@Q6X3h!+_d<isQ-x{tUZ`532q>DTD>yvO>*iiA9A~V+SD5+E#v)TV zq{1OMVw5TNM&{#cvW8#2_4&RJQ&ZwQbDh9x%d`Kxxjb2=Ui|lS=uhO~)!8m|l5A#) zK7VA5IvmM5TLG6GQPpiUP72wb`KG{sxyS02P(0F(|FK6H5hEA4{L?nSg*Fwdvg>TQ zf*tG;d{NYXI^?mHsWX;+cFWLBYq4|BEr85;((F#;%G}!&6CL3IFq0(a(;v*l4>2vN z*@1J{JKIh<_7=)Xn6LgeL~^6v12*=;^JKYRa8GwA#*9P-yfmak)|A%EMxB|*jn#FY zghBNPS~@6u8~XtXf0i67166(d+zlwypbDh>X7GAS;P@zguFQ*id|sffw!3B;$RMYm zDxUCLrc|D0nUvQ&oLOhWz^Hx`{!VfdDoP7@Vn`Ivos&p9K^t%r=Rx9e0 zix~J&$BP(svLY`o@|)j$tY%`vM3EEKb-#uviGpXD*hL-FHk~{%$AXArdMbVdM6eG^R{OMg*Aubv(SIj z4gx+e1R_H_=BdtjSa#o}ye4%Wcj3*8`%3eE3|$8~Lu=FX0>Z*6f++UC)tgmzD7J}n35FS>+yb|@-ZW;_Uq%oc9CX#5v(;F@n(d6N$!DM2SG@nBa2F|Q;KA#28%BG zi@(~7-|gxoEK!)^KaEcFZii}6}DY6LWZyABF%@&pd zU&dH{*;@K$_AUPr>+wWW&JU3SP|9?Zr9Q!bu(?26Do3|(#OlJ{byiE)9$tvt2FO0# zZ)s`=NgE%}mjU37gYf?poqminpP`n(4vsgZm z9#*Vm{0W_m@>#7j;@@5X4I=Ze*F$KU1Ix%~^$Qo3n4?}>O>wN{0eAf};0zfwME|h8 zz&FmotrCJ3uE$&jt9aTjCM3}9 z<+AMi@bL{4AHd?R9z3;OP`W@tXppz9gx%fCWln!6F$XGfsZ0!*|M~`Sw`2UyBj4+) zbSjHWktzN{9vp{eanuvnU>*S05dWBV6dVQXDWO2| zMsS;?W?kcv{G`E`m}?}r5c3ne9;(+*fo3zgpb`2FrqjP2bNlR2p%%O z;_4F|fKBAQR{H>~vkmBbf%z3!!Hx187F?*n`v5k?eC51%ANXo;88GKU$i?BL-Ua*cX^Am>*^V9xOJ&Tz;-eOPRRc-srQ2CD~`?ry_y_7pVmrl?Ef@mM`xZLaj z1-Kpt28M4LnP8AkqJDYfz+SXyP;n@rH1B#GoP3SzSqAW~*^m%8>;lzdFj2KO3?w8* zl{AAVsl(f-B6$^sB;r#cyNDp+!AhJA4(ELYOgb&Mg!i$4ESMBV_!jW%BPp^8h$p#D z8Erz~qEb(CF+v;6GiotVzup>@r0$InkZ4qHUS6Ib$tm1tK+-J6xIVkvK-~1>dn}Z( zI3X8rk*`}pK<|enFsyvjns^f_VrW9tKse}-mYkeC3YmrBvWo=1DbXk>yHtTPv47rW z^=cD(#MvR{UQeaN!9;-EQF*>ZVktZb9Z>RNCc4-Dy7d8AHKukoTfvx_SBD`mw)wc9 z<@@X&X^X{z71>EDZb3EZpsW6MC5EH~7UXTDotHCbr8CG2D9b&M8dN-<(ZpGM4hwTy zbqWXwjP&;OT>tXAJ7;m->2Nzj;ZxG!Y|)bh_TnvMHAuj*^q}m_!wYe!f;5O*O}!pTMeAy zJFRaU)<02f6!cR#Ds&fL{cA5a;+O9LQ2Et2#R!amQ3F3J{eYiaU0pqoBRMj;7&dXF zBJ!|6pSTFw6|9;|ANH{XbmQ1Fw?uVgjop=`q=rtjv$I(dp*zbh3g3K)>>(C%>b7E; zImb~MI+TV8k?@SKHMHcH;_QKI{wH2T`1vVoK^MqmaNGnTU>+CO7XSw+r5Op`Wv!YU zinSe!5ZS;~VR(vr@&HVV8#J6qQj*qhlnTPZdHhNuPHwDD2SP)0?EA0~5D+k4C>BeU zMKhQ*WO5}9WLYGN2gBO6cLC5zyEqcs_`3Kel9%BoL6em2WJ@`rr8HboHR2AC+4`RQC1SKYt zm;)-GyaSb12_z-Zpyu90j(7f6==~ER#n=ddPyM>o<~Oz+E%ka75Yi`$--`zH#G)K* zeeN&KRp?SonXuU32IUQ}aCzTXubs5M_^g;QZ3Fs!1vQU4$EG0DT82QHL1hC2gBAoh zxV;W^aT4)?cE=vH2`<^972g-`9!N8Wf?zlT)%i}prDQyV`L}NG;a_8UKS<7oLNEis zJnmcGfn#P7q`9`n>N<&pf?v>0N7CKXX9q^RJ{2ij)rt7~`rMxCr!bk1OOfT?uy1u} z)EI`&S#4jwl_~mpwF6rN#EqOGY#baeg}8kEN}5(Qz&nyd6rkU{si3d{^zB5OTR)`@ z*9Zy-?DtnT(K+u=eqhg9Fk^BEZ7GY!;~wz2+Mn_q@B%g^p`U8&it)6`2 zuK}($6RDA7BoK(DO$5@ZO!PfHJtoZW5zBc79Y^#&zQ+T8)^T48!jyUK0=@ z)RnyC0SD|oD`yzZ;`QBcbUn!gNH+-~t+@PqvUv06S}sV-IAXtICx_2o4?MuOd1vSh zq(NZheg|DO8+v(TYJMRyq^2PJRZomFZ$J<=>fQwi#uNXiwC|3m^8NpJ4sj$LBg#4= zG)PLax6G_$%Su)y+4~qpglv&LqRgzaE2Hc^Lq;e&BN4u@Tkp^J^Zx$#dpv$U&L8(f z_ciY8x?bz~8dtu?xS4E2ghkjjUTs-`^E*crMz#__Lt*P5kUabBYn``W5-Q_B-pU3;i=SdA3W@7DAM`)1}!@ zj;SUJEIozFzlKHGX`UR4J%8lGS(vpRra8>E>75Y}i0##>eWT00cZ`@Y?sKcjbsp<` zm!5m8ggtVaVBdB@RB=09rc>G8xV{+el-z{N(kibNX&gY=0oiL6E2*yDWeZWflt0gg zu7?W!`VA0J9SE~q$`NdhSE4@CMqRe-fKW&a*H>D(?#6E)Ohz~n4CacPv@6bTJWU@M z6#BKp4ngw4o&Bdf73^0 z3G&J%!_|FMmcuyrlCAKWiS|1s*kP+=4s5v3>9-!S73WK2RH~%O&HwVfKarB9UV}{(7ztz7g087`4wFpxQ zdE+$DWEMxszU-}?e7_)aqHP64oEfqIq`RY|V`2miQdu`q<*^6fqdYGyF{E~$R2s#aG<%hd-S{!<@?8#Zh z0bxJ5YNtp6+ z@3Lb!q+85JR2AfPBT zhk0Wj3=ihJ#JtCu$oZD8kLZ#eibDb-^fP=-Q8`Utiz@r6yd($V9+4N*-xkI}hutC= z08cu`3Y{}c)wSF>OMS|OhxD`1fRb>K7cWz)!`IwmwUvt}j!ovIPZ99roPFcBPI+=e zFgkV!Oi1CPy^t}XYj_FuCi;OE(`#DU3ZE|Cy1#S(;=@Iubqn4gYvZ2g5%@UNbxEpT zK|$KC`%SYiSf4387h?(4^w56nj1zTUSH||JiW-V99_3q-+16!1Ob*hb)Fz!$-xbTn zE;lrG!2bC#nRVCxp6frQA9SB?WGnW~$`q+Rm38?} zzrf=gf_a7ZVWmMT(}dA0p3Av0r?SQ5=+^&&6?jQDBEfJL9V^?FZuK7Nys3BSkcrHI z(#Y(zAe#j#>2BlS&v(zD8Qi)@)+-X|r2fU&@RFCns@+?lDyAO}?h3;_3gfMeQDXj6 zDU!>!FQ-&DAg!`6_-jZAVS;!(B?gK{7Vc8zZ=gK6Nzp8P=>~*isBCsjk+a6r=%HC zG(V-5Q#}~czET8c!WaJp86mv)89_rSaZ)-eDw;6pOvp==CFFLf`@$cOV)>3B6FV(O zV9nwxut<6aSM-*j1#&aUv6y23wD?ZSFaD#-QewW29+h}NtwMz2LJ~7bkB$9fbk^TQ z2ghIIpwuBXW5QU4L%&;|=#YQ3@o4Q~hcRD)9Ia+8{ ztb5ld_H-_~ZZ2e@dQH^zmr%V8>sNAUG@knO3e3Y%ksyZgi;Ku*5OvbA-^Rf1RC=yK z)f{|rcF;mEj6Ib@@y%vMZJoi%P6xMLLW-YRV?Hbw2{Bd?@GW#T=tSrP?T2S0vhPh= zScbCf!^e$JkG9i&mKY7WYe#n5(is8}kMV3AK^>feJ&~yO%R(qU^*q{H!5>yhGT&s!?M&S8Z2CpJT%GKe33nrJm{ z#9n(IRuub{Xi5ivP9(gqL1RW$;}?A=uc(wE$2!bQP+$Y4HQ>Q44z5g zKKZ;Zx>`dG0YtCoitVtgY`*&+i8tFeXBQq(E{b4VTD|M;$-f{wzt|efVG--q|F~fX zF0wrv^>Zgb@hX{zy+@_~xf`=>&CJ6O!crHx-cCG^vP_R!u=Bw`+ZASWjZ#i@O@8a0 zUC3U;k+;++vC@uvSQWKSKMs69NSVNlL5&C~q#2`?ui>-?P4zj;C2K3z$AS;sD;>Yz z^BX#u5gd1JS;b{zlh5~~1ap`5J-G<-Y9?V3X0?Q~6xi=!w;CR9l&sHbxnQ=Visr$u9W z^@7d&5(>2Mbs#!K68YlQFlVN&QFUQE#qDJzxrI{=4#v1&>CK4qzFBycs;X)@T8BHJ zj^D=rCdljww9}dS1=?G|jQBC4fQ%wiY!@E{c`=LN3`kIFPIKm%dlVYT|Okw-<2>6DQ;Rvs{ zT?8TqygeE-84*H}bc0YC`ydDp*T)dcxITQ>ZX=r;b?Myr`)l@YDt~HQ`sY3mfA4DQ zCIxa^MjVkej~$| zT=0i3g)s03I0sPg00j!Fq?)8jH*>bV&^=)`VtRXio(TMsK^H|($Bcl_iK@bRnGPxj z7!6yf6O7Ho0px$?>;^<4KL{cijK8KQ8mOKYMFxv# zgnxVrm;wv(hDLQf6VZm;*O911Q@FQwi|7NiAibiX~pl2;I`i)1ketK6te4&>>?FEPDD0 zV5{n(_<_cajKFX!-IP7D|+5Mk3p55}d8qLn%kgCz|t2AdEsdW-*PZo{Rcd=16+I9Bly#f_zdkdnQdbbBm z5KRCF(fwQIbMGCoT?{CmkncCRAgZgfJ@;Bt0ZSTjJT&Fv7$THYeKX9z@p@x zd0(o+&hL3r{oN(vQCl6eg06HuGONyxF~{j0@^i+;=qo!pd@<*A^f%r;*w=C2UZtwJ zInSdHrC4}g@TCZEF0-+X$F=kI)m+!PWOQkG)y6?4H@d&qj?{#dmflz*h&W$dxNI9BJ zHXC+rCoF%|T5`~PYR>U{?+v&sb$%!;cCuY>Udv)qQR)= zZYN8oTkmYoTnT;f;LfonE+S{hsynT_UijKaqlA)ytoT-?=SlZJ^L+MY!4zV`)W(g= z%M47`_eXQef*QhKY&^N=oh3FmpWT3XHlKw7dw;Lif^=tI1U3Wmlv|R0G!1E}p1swy(pP3+|YSAzXGjxb{*^Dhi zlF@7i-;x{ct)H`(tsML+u2rUeB~e$0Ze=WuYiXQH4(D=@SGE${(>_AFCT8|Q;m2rh zg@LVSjWz-6C)mtJMjH996f&OgIBqVl>{Pe$)eZRAW-GX>-I z1?{}7#)a4>s#r>#XyzL`xb@rRV0_PU>XSWRGgnlzdW1``dg#M`t2WE&9HsVG4PH7I z^rS9xs?vBJrRA11+I4zKZJ`t_aqw`9-bS+|t({mddY$aXoLa`il^Cw_!K5n#JjOES zf#GT2Q#vy*eQOOa8!DhYr$yhric?*BS!&(eQ}%k$YAgErM*j$}T#C|_b2nZlC!L+y zRCmHr9KYiquZ?2MMm8o1sON_Q-zm&|oaBM2zk7lH8_!_6#tq781<@*ywVQes)d zb=Mfk)alXWQnu@H9YFEkh zMSnT0F}yUCeHxzGudLJkGDU^9d(y6MT*;$uLZbht%seK;YvK9%&cY+(3tiQnvqLS!52Guk)~_Xa#M=|5 z&l;kEWPTwebATa$U=w-CR_3iZ4Q@qw16l9*J*l;z`t8dhB$@X7|F6-r_jd zI@OFyh&Lq{u0FW9G`dGv!+0xWG;>&;@FhC_k-CDR7o2<5%TxYn}=qeuEY zB(>s6&Ge51#e)!+ya~GCtEqkLg3z%KR2Ng%0eiiM&(&_YA{tDeR)X-nsi@-@gb;_wyXJJ z)q`sCYMDzDo?M#RKd#zJ_S@ckDW2rso9H%?NztjP{VLksIMZvUBQf#laUPYkn%P*} zl2sP|hebmbv5+(oTa7XR!5NR_gA;<@-;de$k1wC#)>-@N4i{E>n`?N@Z80lFafV{M z!uXZ%a-Y=9#J>B?F8yL%DyzLNh!p&>)W#Uim`s3gX6sS#h2kKw4bK%b7M`FfwzPmh0Bkj zlTX*1>4#*kiN3RJTM~mmkDG_aAi4-UXc{NDHX!o?DBN% z6$JGxR0K2Yi>E*sS=aZWOBmNkNd<*Z1!{AupS9A=bWPO?{NHUV5@fAy9BLw^Dlnne zao>BaUjv~g0?8wyN8az&ZI{O6mjXpi--w}v-sl#vQFXRdUIT|6l?iyG2+;aq#^xX4 zttZA}SV5Ds(4!D}xaLZ*bktxC8vIQ9(wM%j$qEim4?;Rn!~TF0!k|V7O2jK7T0Swi z@jj@ssD3=ZfU7m(hs9?=mHCA~+!dHUxL_nf4!qYYgkWE)Csx9Q9J4Kk`bO8_X*X9@ zw%8hT=EdSKmi`aKGoSKu-#mpp4C&xNI!`nstjvEkM6UX8YnLoKJeh8aY01C-NIH$N zmd$e7CNgPdO?85$)c=KDBt%J^PW5E&%+8oC#R;p6aLU(2Ras?%gZD*XxS{ouAaU&f znYTPB#%+t-K^(4=)ODnvd zyw?T}^RJ}PM{;Vg5Gbir*di9CW3AC2Jib9)0GdWcSt%`{^}s((V4vNr>uS`S%zhjK zHdH|qzj)I0s@k#_>)H&-QM%s9({k73 zd$9DUJjD1R5y`N(xXxSPZY)BuZ(&TeqZ-ea6)RXAJ z?i^wM zeEr3fPpr3E6V6>uZ%O!VfRcfJMF9jEq0!>w08sUOX%e5y_tV1@rt%zSonG zt(iM6OI|@HgKte~5784KREEw&AjS0=KErIppVP$VFNQ%0*7O#up~@lP0d!3avyx6zRzo_+V)u%G@3P!wZz9fr^7-5AX}ra{(5#E#5={o9w9o z9~HP-%zxMbL2>9=%}Jrb9#oxbuWEK0+VLVTazI*fLaU+u#$_1P6KHp&nWFwD!q~o= z!kJ+qe)=7{+W?zYe`3FR8J@u?gNUHr6C!|TuATx0f&0+hbJ*YrG`NL-$^kuXfT^xu zSKHiyG=>G%$9XqhK;|V2BglU(J`C~vuMQ3$f*=YnCyH&6IU?yv;f2LFkS|Aqu~3cx zgTWBDkZdZsAzjF)mh=H`w>jsqcmke{k>_uAivV)fx59JHF{W0;qkxZtHS{3K8ypIwhX=zE?TYvCkSS5kwFB^%>U1+ z5kjKaGzMHC$C;U#kNfP*G&sU7in?agq9&Z#f6?Jp0+Fq#_5LAWgLzGhglYxxAL4OH)fsln_ge760jmjb>XJ{>dzph(T;AbESt5CLGGtzdeWB1>gCSgO zNdKtE^JwIx?jtK@EP6x)UicG?fB5NQa(t})bei!yswM*1R>(;t{409+0-Pe>o0cvZ}Rq4u6OS>Jwaw8n?*R-iA49|YY`DY zdN3pg&m^R0%o5@xwMP6?`K};azm34dl#}Mxhb$vC(_K_KF-*3=(PWpQ3ZX7ugras> zL;%!TMf+}FWpy`ItTXnL2#}SR4>5G$M?R%X7+%Wvz-;+S5>ORgv-t>8_0J>%3+{d# zh$aju7-=D)983DxUp98K*}3ZSt*qjp`PW3$y$I6_gYoBv%gPsd?~q>O?^UxQF;8lji=-%=wQQ6{ zhQy?DD9`@I+O6HCUUMK*hp#UHQn z-f^z>dA)?~w-Lo4idj87Y@e9l@hI5Ki@vX}yt*Ln@KZ&ZPMO)=@w6oasX;Wo?}&`JjvKIsyx4^!8*T5o(1Rsvlh<`|ft0&eg>z!deel4#KEgmgwI&%4woGH?}nSoW=n zGrNyLKLa!Z6VM~7amk8TVD5{;~1>o>``<*`%Su4#1RV1kERP_=H2@gr0 zqEH81>P6~l<}`Oyxu1S2J=oO@5i#Kll?l?{ICd8eVh(7gaHZG*yNZDdwi%Iu@?B<{ zY<}@g<_P9~1*l(t9kYl+Nr2E?5+Q*b??`+^73_|?hxF9NkGni}eP98M_(NkKP}BwB z1B39ocD9Gb4`eBn1zU;N(kHERkS7i55>YvSsdY*mKd(qbeZ$In#qldeX*RI zfdk?tH}fAI=L@xAv7u@dg(b29F|F;-HVagaC0cB7q@{ZFTO{`XLVD3bKjDJsc%`}X zQiVrIy0dfI#mA=lB?@~c_X4e4C(=k4U0*tqx>tP~jpj1G<^FO*B%05GGiBse(-e)o z>SCGA=bvZ69O`OdLI#9A(GEF13nBs|$S3x;S#rmDU0~$Rib2a(-CY67a0XgM37nXe zZQYoO$C6UpaeaPU)Y9;~#QTPIQs2&Nr(VNd$=3X)#I<|d@XsdOx0a;y!`|KWyb*kT zC%Dvvn`mXOOIWGATc6GT(0H^r(k(=e)~g{P;&aEG9rHGE!)30{(t!A_tDWy}VKH~% zH2E$WFH#UyE7e=^hq0yyvD1f>$lk7$im8m|X+E%Onk%7xP`WxPVaxLK9}F&C4KicT zs_lz9E_P|G&4r1HXjI*2o_|@hd$yg-`pg_-;f<=MduJSCzFFAz-d4K-zv+x?gdG&-J`K45ER}1&$j|BK zJ^S=-R={EH?vI{VQQObiTLIuwPQ2=U9k9RdFW=T5xy}k$Z{21XcR2xQrrIC3xydt? zF264HAAPOZOV^$X8MbA^IyHBXwb{9lk-tdksUG5)n_fW zHzU_Ire>q8`dDn5?sTFehcbm|8 zhe1}PK<3lAu*!h3vt=_@+#Ps5vFd$8D{)AkX0OPWcXRtKW6g_i773Sp65bx;C>C(u zKA~UXNq%o{O~n1m=gd6GCnIQ=tkE z0#G&DGACBNRN=Ke8dORNy8ND8{Tm>!PVhj4k`RGzeFg2ynSJtD$ZfjTFGs~hzWxQr zeEuK6G5<40%|acXRuPSkty}r?lOF?1-M^pvF;ZA{rlMKnyY{9**COw14-_7wh6+E9 zCFM9OoZk$8ST0$1cQ2P(j^lo0U#*AykFE^%nDe@^V3MldnDx4|ek#PL*6_}*ZxUpa zcS=L@)aWar5qTOZm0gTzENJNvBz_sOUzpKK*42_vRL=Jm7}Z>R9aoT<5g69;Hq5{1f6lkq&?6>^&I{_HHay+NANJy!M0 zs_WDH2KtKXJIB&*`MZxYiQ0`YCF~9}jiv~_s`cKD+t6%^t6s;tJ~%!;T5au+@oaWd z>Qg)fl+;^8{+~$bF+vaxk!;u;vk~t)!$$ujMVewC_r<{aUoc7Fw+_IEO_-URpM5m8 zIblB=8d?@p?Ex1PWN1-OdaI>~9=|Ca-L&A)qOj3u^~$g$IOk~OSpplC^?latH9Ja> z+;ng-ZM)AGkrMrh#dy$3I{fK%qxi zQ-i)s=FX;(zbcYGm6}-uu^gf_a9s2u${?S^uAUByAwUAlAIDP=$lE+117~UW)^!Qa zAZv1A5>8)y7>v0v^m|AcM=sxZ!hDW3)dCUETNHN@ zR0U!-3O`@ae)ATmPZ?FFnyOpyAxOn`OtFZP$PvN5EGe3urRsZ$T4H%UtcT)*;KmiT zsDZgZ*xsED5odC=KG?VU7Ay4v*i{)&K#bdCd7?9Vtq{4$B&ij}ISUGndI&H;{nLEN zvH%hlO7i{&;7VTq@gBO_Ft;66pX`9M<@}g#2eiJ^%7>mn@XzR-aO?e?E=|Hk`XHF( zYLGS8`!vXa!6PP)2Q4or32F~Yd5-1CWqb(q5mr&y>`FNhD>KiEBr%>8&+Ih$Gx6zz4s%=g*TyuRV7pivFQN2 zM$GHKcp)nV6rLD-YY{bX+_@L*ALJ^ab!yc(xViWc-cq;FR5>(G&LP73FOVOkj0h|U zDVJ`viOEbHw9}HTBuU1)U{>=3U(EXEl#0;uAy)MbMBhasVelQKXZ+xc&KY8o$m{2=o2%tCZTV9T3G-5a|X@Mhs_*VlRa%hmC@e>{#~ z`W_fCEmGsP;9SaHb5QF%HlrZ1yzbFv5jgAUC@#PA4MTDC`m2fadL;o3KD_4HPt!cD zZd!9^zO(P}>eug&b==M|IxjyUheOPYRRPd&>}Z49naGzuEq( z+uOH9DXR9t_mm@NV)VgGUfCjseEvB~3#tyYDg<#lr*&-Qk$cZLYxotQw=YO+289^n z74H)D-DVpfB!<*84>^Ke_Y_?akbnz-X{XPd+$4^eUH|!Mff|`Ftf}&^90}G`dN{`J zYy4Y>*ac7t@=HZ*p#F$My&IYQ;jacZWFX{avD*Ls1s?ig4PS@R(jeyIe}40i;Go_T h4fXo>A9GZ{9ti1uRS*AgZG`~-DaxtJ7D$`;{SWBkPd)$u literal 0 HcmV?d00001 diff --git a/copy-of-sdk-docs/docs/learn/beginner/00-app-anatomy.md b/copy-of-sdk-docs/docs/learn/beginner/00-app-anatomy.md new file mode 100644 index 00000000..988c7242 --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/beginner/00-app-anatomy.md @@ -0,0 +1,279 @@ +--- +sidebar_position: 1 +--- + +# Anatomy of a Cosmos SDK Application + +:::note Synopsis +This document describes the core parts of a Cosmos SDK application, represented throughout the document as a placeholder application named `app`. +::: + +## Node Client + +The Daemon, or [Full-Node Client](../advanced/03-node.md), is the core process of a Cosmos SDK-based blockchain. Participants in the network run this process to initialize their state-machine, connect with other full-nodes, and update their state-machine as new blocks come in. + +```text + ^ +-------------------------------+ ^ + | | | | + | | State-machine = Application | | + | | | | Built with Cosmos SDK + | | ^ + | | + | +----------- | ABCI | ----------+ v + | | + v | ^ + | | | | +Blockchain Node | | Consensus | | + | | | | + | +-------------------------------+ | CometBFT + | | | | + | | Networking | | + | | | | + v +-------------------------------+ v +``` + +The blockchain full-node presents itself as a binary, generally suffixed by `-d` for "daemon" (e.g. `appd` for `app` or `gaiad` for `gaia`). This binary is built by running a simple [`main.go`](../advanced/03-node.md#main-function) function placed in `./cmd/appd/`. This operation usually happens through the [Makefile](#dependencies-and-makefile). + +Once the main binary is built, the node can be started by running the [`start` command](../advanced/03-node.md#start-command). This command function primarily does three things: + +1. Create an instance of the state-machine defined in [`app.go`](#core-application-file). +2. Initialize the state-machine with the latest known state, extracted from the `db` stored in the `~/.app/data` folder. At this point, the state-machine is at height `appBlockHeight`. +3. Create and start a new CometBFT instance. Among other things, the node performs a handshake with its peers. It gets the latest `blockHeight` from them and replays blocks to sync to this height if it is greater than the local `appBlockHeight`. The node starts from genesis and CometBFT sends an `InitChain` message via the ABCI to the `app`, which triggers the [`InitChainer`](#initchainer). + +:::note +When starting a CometBFT instance, the genesis file is the `0` height and the state within the genesis file is committed at block height `1`. When querying the state of the node, querying block height 0 will return an error. +::: + +## Core Application File + +In general, the core of the state-machine is defined in a file called `app.go`. This file mainly contains the **type definition of the application** and functions to **create and initialize it**. + +### Type Definition of the Application + +The first thing defined in `app.go` is the `type` of the application. It is generally comprised of the following parts: + +* **Embedding [runtime.App](../../build/building-apps/00-runtime.md)** The runtime package manages the application's core components and modules through dependency injection. It provides declarative configuration for module management, state storage, and ABCI handling. + * `Runtime` wraps `BaseApp`, meaning when a transaction is relayed by CometBFT to the application, `app` uses `runtime`'s methods to route them to the appropriate module. `BaseApp` implements all the [ABCI methods](https://docs.cometbft.com/v0.38/spec/abci/) and the [routing logic](../advanced/00-baseapp.md#service-routers). + * It automatically configures the **[module manager](../../build/building-modules/01-module-manager.md#manager)** based on the app wiring configuration. The module manager facilitates operations related to these modules, like registering their [`Msg` service](../../build/building-modules/03-msg-services.md) and [gRPC `Query` service](#grpc-query-services), or setting the order of execution between modules for various functions like [`InitChainer`](#initchainer), [`PreBlocker`](#preblocker) and [`BeginBlocker` and `EndBlocker`](#beginblocker-and-endblocker). +* [**An App Wiring configuration file**](../../build/building-apps/00-runtime.md) The app wiring configuration file contains the list of application's modules that `runtime` must instantiate. The instantiation of the modules is done using `depinject`. It also contains the order in which all modules' `InitGenesis` and `Pre/Begin/EndBlocker` methods should be executed. +* **A reference to an [`appCodec`](../advanced/05-encoding.md).** The application's `appCodec` is used to serialize and deserialize data structures in order to store them, as stores can only persist `[]bytes`. The default codec is [Protocol Buffers](../advanced/05-encoding.md). +* **A reference to a [`legacyAmino`](../advanced/05-encoding.md) codec.** Some parts of the Cosmos SDK have not been migrated to use the `appCodec` above, and are still hardcoded to use Amino. Other parts explicitly use Amino for backwards compatibility. For these reasons, the application still holds a reference to the legacy Amino codec. Please note that the Amino codec will be removed from the SDK in the upcoming releases. + +See an example of application type definition from `simapp`, the Cosmos SDK's own app used for demo and testing purposes: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/app_di.go#L57-L90 +``` + +### Constructor Function + +Also defined in `app.go` is the constructor function, which constructs a new application of the type defined in the preceding section. The function must fulfill the `AppCreator` signature in order to be used in the [`start` command](../advanced/03-node.md#start-command) of the application's daemon command. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server/types/app.go#L67-L69 +``` + +Here are the main actions performed by this function: + +* Instantiate a new [`codec`](../advanced/05-encoding.md) and initialize the `codec` of each of the application's modules using the [basic manager](../../build/building-modules/01-module-manager.md#basicmanager). +* Instantiate a new application with a reference to a `baseapp` instance, a codec, and all the appropriate store keys. +* Instantiate all the [`keeper`](#keeper) objects defined in the application's `type` using the `NewKeeper` function of each of the application's modules. Note that keepers must be instantiated in the correct order, as the `NewKeeper` of one module might require a reference to another module's `keeper`. +* Instantiate the application's [module manager](../../build/building-modules/01-module-manager.md#manager) with the [`AppModule`](#application-module-interface) object of each of the application's modules. +* With the module manager, initialize the application's [`Msg` services](../advanced/00-baseapp.md#msg-services), [gRPC `Query` services](../advanced/00-baseapp.md#grpc-query-services), [legacy `Msg` routes](../advanced/00-baseapp.md#routing), and [legacy query routes](../advanced/00-baseapp.md#query-routing). When a transaction is relayed to the application by CometBFT via the ABCI, it is routed to the appropriate module's [`Msg` service](#msg-services) using the routes defined here. Likewise, when a gRPC query request is received by the application, it is routed to the appropriate module's [`gRPC query service`](#grpc-query-services) using the gRPC routes defined here. The Cosmos SDK still supports legacy `Msg`s and legacy CometBFT queries, which are routed using the legacy `Msg` routes and the legacy query routes, respectively. +* With the module manager, register the [application's modules' invariants](../../build/building-modules/07-invariants.md). Invariants are variables (e.g. total supply of a token) that are evaluated at the end of each block. The process of checking invariants is done via a special module called the [`InvariantsRegistry`](../../build/building-modules/07-invariants.md#invariant-registry). The value of the invariant should be equal to a predicted value defined in the module. Should the value be different than the predicted one, special logic defined in the invariant registry is triggered (usually the chain is halted). This is useful to make sure that no critical bug goes unnoticed, producing long-lasting effects that are hard to fix. +* With the module manager, set the order of execution between the `InitGenesis`, `PreBlocker`, `BeginBlocker`, and `EndBlocker` functions of each of the [application's modules](#application-module-interface). Note that not all modules implement these functions. +* Set the remaining application parameters: + * [`InitChainer`](#initchainer): used to initialize the application when it is first started. + * [`PreBlocker`](#preblocker): called before BeginBlock. + * [`BeginBlocker`, `EndBlocker`](#beginblocker-and-endblocker): called at the beginning and at the end of every block. + * [`anteHandler`](../advanced/00-baseapp.md#antehandler): used to handle fees and signature verification. +* Mount the stores. +* Return the application. + +Note that the constructor function only creates an instance of the app, while the actual state is either carried over from the `~/.app/data` folder if the node is restarted, or generated from the genesis file if the node is started for the first time. + +See an example of application constructor from `simapp`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/app.go#L190-L708 +``` + +### InitChainer + +The `InitChainer` is a function that initializes the state of the application from a genesis file (i.e. token balances of genesis accounts). It is called when the application receives the `InitChain` message from the CometBFT engine, which happens when the node is started at `appBlockHeight == 0` (i.e. on genesis). The application must set the `InitChainer` in its [constructor](#constructor-function) via the [`SetInitChainer`](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/baseapp#BaseApp.SetInitChainer) method. + +In general, the `InitChainer` is mostly composed of the [`InitGenesis`](../../build/building-modules/08-genesis.md#initgenesis) function of each of the application's modules. This is done by calling the `InitGenesis` function of the module manager, which in turn calls the `InitGenesis` function of each of the modules it contains. Note that the order in which the modules' `InitGenesis` functions must be called has to be set in the module manager using the [module manager's](../../build/building-modules/01-module-manager.md) `SetOrderInitGenesis` method. This is done in the [application's constructor](#constructor-function), and the `SetOrderInitGenesis` has to be called before the `SetInitChainer`. + +See an example of an `InitChainer` from `simapp`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/app.go#L765-L773 +``` + +### PreBlocker + +There are two semantics around the new lifecycle method: + +* It runs before the `BeginBlocker` of all modules +* It can modify consensus parameters in storage, and signal the caller through the return value. + +When it returns `ConsensusParamsChanged=true`, the caller must refresh the consensus parameter in the finalize context: + +```go +app.finalizeBlockState.ctx = app.finalizeBlockState.ctx.WithConsensusParams(app.GetConsensusParams()) +``` + +The new ctx must be passed to all the other lifecycle methods. + +### BeginBlocker and EndBlocker + +The Cosmos SDK offers developers the possibility to implement automatic execution of code as part of their application. This is implemented through two functions called `BeginBlocker` and `EndBlocker`. They are called when the application receives the `FinalizeBlock` messages from the CometBFT consensus engine, which happens respectively at the beginning and at the end of each block. The application must set the `BeginBlocker` and `EndBlocker` in its [constructor](#constructor-function) via the [`SetBeginBlocker`](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/baseapp#BaseApp.SetBeginBlocker) and [`SetEndBlocker`](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/baseapp#BaseApp.SetEndBlocker) methods. + +In general, the `BeginBlocker` and `EndBlocker` functions are mostly composed of the [`BeginBlock` and `EndBlock`](../../build/building-modules/06-beginblock-endblock.md) functions of each of the application's modules. This is done by calling the `BeginBlock` and `EndBlock` functions of the module manager, which in turn calls the `BeginBlock` and `EndBlock` functions of each of the modules it contains. Note that the order in which the modules' `BeginBlock` and `EndBlock` functions must be called has to be set in the module manager using the `SetOrderBeginBlockers` and `SetOrderEndBlockers` methods, respectively. This is done via the [module manager](../../build/building-modules/01-module-manager.md) in the [application's constructor](#application-constructor), and the `SetOrderBeginBlockers` and `SetOrderEndBlockers` methods have to be called before the `SetBeginBlocker` and `SetEndBlocker` functions. + +As a sidenote, it is important to remember that application-specific blockchains are deterministic. Developers must be careful not to introduce non-determinism in `BeginBlocker` or `EndBlocker`, and must also be careful not to make them too computationally expensive, as [gas](./04-gas-fees.md) does not constrain the cost of `BeginBlocker` and `EndBlocker` execution. + +See an example of `BeginBlocker` and `EndBlocker` functions from `simapp`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/app.go#L752-L759 +``` + +### Register Codec + +The `EncodingConfig` structure is the last important part of the `app.go` file. The goal of this structure is to define the codecs that will be used throughout the app. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/params/encoding.go#L9-L16 +``` + +Here are descriptions of what each of the four fields means: + +* `InterfaceRegistry`: The `InterfaceRegistry` is used by the Protobuf codec to handle interfaces that are encoded and decoded (we also say "unpacked") using [`google.protobuf.Any`](https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/any.proto). `Any` could be thought as a struct that contains a `type_url` (name of a concrete type implementing the interface) and a `value` (its encoded bytes). `InterfaceRegistry` provides a mechanism for registering interfaces and implementations that can be safely unpacked from `Any`. Each application module implements the `RegisterInterfaces` method that can be used to register the module's own interfaces and implementations. + * You can read more about `Any` in [ADR-019](../../build/architecture/adr-019-protobuf-state-encoding.md). + * To go more into details, the Cosmos SDK uses an implementation of the Protobuf specification called [`gogoprotobuf`](https://github.com/cosmos/gogoproto). By default, the [gogo protobuf implementation of `Any`](https://pkg.go.dev/github.com/cosmos/gogoproto/types) uses [global type registration](https://github.com/cosmos/gogoproto/blob/master/proto/properties.go#L540) to decode values packed in `Any` into concrete Go types. This introduces a vulnerability where any malicious module in the dependency tree could register a type with the global protobuf registry and cause it to be loaded and unmarshaled by a transaction that referenced it in the `type_url` field. For more information, please refer to [ADR-019](../../build/architecture/adr-019-protobuf-state-encoding.md). +* `Codec`: The default codec used throughout the Cosmos SDK. It is composed of a `BinaryCodec` used to encode and decode state, and a `JSONCodec` used to output data to the users (for example, in the [CLI](#cli)). By default, the SDK uses Protobuf as `Codec`. +* `TxConfig`: `TxConfig` defines an interface a client can utilize to generate an application-defined concrete transaction type. Currently, the SDK handles two transaction types: `SIGN_MODE_DIRECT` (which uses Protobuf binary as over-the-wire encoding) and `SIGN_MODE_LEGACY_AMINO_JSON` (which depends on Amino). Read more about transactions [here](../advanced/01-transactions.md). +* `Amino`: Some legacy parts of the Cosmos SDK still use Amino for backwards-compatibility. Each module exposes a `RegisterLegacyAmino` method to register the module's specific types within Amino. This `Amino` codec should not be used by app developers anymore, and will be removed in future releases. + +An application should create its own encoding config. +See an example of a `simappparams.EncodingConfig` from `simapp`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/params/encoding.go#L11-L16 +``` + +## Modules + +[Modules](../../build/building-modules/00-intro.md) are the heart and soul of Cosmos SDK applications. They can be considered as state-machines nested within the state-machine. When a transaction is relayed from the underlying CometBFT engine via the ABCI to the application, it is routed by [`baseapp`](../advanced/00-baseapp.md) to the appropriate module in order to be processed. This paradigm enables developers to easily build complex state-machines, as most of the modules they need often already exist. **For developers, most of the work involved in building a Cosmos SDK application revolves around building custom modules required by their application that do not exist yet, and integrating them with modules that do already exist into one coherent application**. In the application directory, the standard practice is to store modules in the `x/` folder (not to be confused with the Cosmos SDK's `x/` folder, which contains already-built modules). + +### Application Module Interface + +Modules must implement [interfaces](../../build/building-modules/01-module-manager.md#application-module-interfaces) defined in the Cosmos SDK, [`AppModuleBasic`](../../build/building-modules/01-module-manager.md#appmodulebasic) and [`AppModule`](../../build/building-modules/01-module-manager.md#appmodule). The former implements basic non-dependent elements of the module, such as the `codec`, while the latter handles the bulk of the module methods (including methods that require references to other modules' `keeper`s). Both the `AppModule` and `AppModuleBasic` types are, by convention, defined in a file called `module.go`. + +`AppModule` exposes a collection of useful methods on the module that facilitates the composition of modules into a coherent application. These methods are called from the [`module manager`](../../build/building-modules/01-module-manager.md#manager), which manages the application's collection of modules. + +### `Msg` Services + +Each application module defines two [Protobuf services](https://developers.google.com/protocol-buffers/docs/proto#services): one `Msg` service to handle messages, and one gRPC `Query` service to handle queries. If we consider the module as a state-machine, then a `Msg` service is a set of state transition RPC methods. +Each Protobuf `Msg` service method is 1:1 related to a Protobuf request type, which must implement `sdk.Msg` interface. +Note that `sdk.Msg`s are bundled in [transactions](../advanced/01-transactions.md), and each transaction contains one or multiple messages. + +When a valid block of transactions is received by the full-node, CometBFT relays each one to the application via [`DeliverTx`](https://docs.cometbft.com/v0.37/spec/abci/abci++_app_requirements#specifics-of-responsedelivertx). Then, the application handles the transaction: + +1. Upon receiving the transaction, the application first unmarshals it from `[]byte`. +2. Then, it verifies a few things about the transaction like [fee payment and signatures](./04-gas-fees.md#antehandler) before extracting the `Msg`(s) contained in the transaction. +3. `sdk.Msg`s are encoded using Protobuf [`Any`s](#register-codec). By analyzing each `Any`'s `type_url`, baseapp's `msgServiceRouter` routes the `sdk.Msg` to the corresponding module's `Msg` service. +4. If the message is successfully processed, the state is updated. + +For more details, see [transaction lifecycle](./01-tx-lifecycle.md). + +Module developers create custom `Msg` services when they build their own module. The general practice is to define the `Msg` Protobuf service in a `tx.proto` file. For example, the `x/bank` module defines a service with two methods to transfer tokens: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/bank/v1beta1/tx.proto#L13-L36 +``` + +Service methods use `keeper` in order to update the module state. + +Each module should also implement the `RegisterServices` method as part of the [`AppModule` interface](#application-module-interface). This method should call the `RegisterMsgServer` function provided by the generated Protobuf code. + +### gRPC `Query` Services + +gRPC `Query` services allow users to query the state using [gRPC](https://grpc.io). They are enabled by default, and can be configured under the `grpc.enable` and `grpc.address` fields inside [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml). + +gRPC `Query` services are defined in the module's Protobuf definition files, specifically inside `query.proto`. The `query.proto` definition file exposes a single `Query` [Protobuf service](https://developers.google.com/protocol-buffers/docs/proto#services). Each gRPC query endpoint corresponds to a service method, starting with the `rpc` keyword, inside the `Query` service. + +Protobuf generates a `QueryServer` interface for each module, containing all the service methods. A module's [`keeper`](#keeper) then needs to implement this `QueryServer` interface, by providing the concrete implementation of each service method. This concrete implementation is the handler of the corresponding gRPC query endpoint. + +Finally, each module should also implement the `RegisterServices` method as part of the [`AppModule` interface](#application-module-interface). This method should call the `RegisterQueryServer` function provided by the generated Protobuf code. + +### Keeper + +[`Keepers`](../../build/building-modules/06-keeper.md) are the gatekeepers of their module's store(s). To read or write in a module's store, it is mandatory to go through one of its `keeper`'s methods. This is ensured by the [object-capabilities](../advanced/10-ocap.md) model of the Cosmos SDK. Only objects that hold the key to a store can access it, and only the module's `keeper` should hold the key(s) to the module's store(s). + +`Keepers` are generally defined in a file called `keeper.go`. It contains the `keeper`'s type definition and methods. + +The `keeper` type definition generally consists of the following: + +* **Key(s)** to the module's store(s) in the multistore. +* Reference to **other module's `keepers`**. Only needed if the `keeper` needs to access other module's store(s) (either to read or write from them). +* A reference to the application's **codec**. The `keeper` needs it to marshal structs before storing them, or to unmarshal them when it retrieves them, because stores only accept `[]bytes` as value. + +Along with the type definition, the next important component of the `keeper.go` file is the `keeper`'s constructor function, `NewKeeper`. This function instantiates a new `keeper` of the type defined above with a `codec`, stores `keys` and potentially references other modules' `keeper`s as parameters. The `NewKeeper` function is called from the [application's constructor](#constructor-function). The rest of the file defines the `keeper`'s methods, which are primarily getters and setters. + +### Command-Line, gRPC Services and REST Interfaces + +Each module defines command-line commands, gRPC services, and REST routes to be exposed to the end-user via the [application's interfaces](#application-interfaces). This enables end-users to create messages of the types defined in the module, or to query the subset of the state managed by the module. + +#### CLI + +Generally, the [commands related to a module](../../build/building-modules/09-module-interfaces.md#cli) are defined in a folder called `client/cli` in the module's folder. The CLI divides commands into two categories, transactions and queries, defined in `client/cli/tx.go` and `client/cli/query.go`, respectively. Both commands are built on top of the [Cobra Library](https://github.com/spf13/cobra): + +* Transactions commands let users generate new transactions so that they can be included in a block and eventually update the state. One command should be created for each [message type](#message-types) defined in the module. The command calls the constructor of the message with the parameters provided by the end-user, and wraps it into a transaction. The Cosmos SDK handles signing and the addition of other transaction metadata. +* Queries let users query the subset of the state defined by the module. Query commands forward queries to the [application's query router](../advanced/00-baseapp.md#query-routing), which routes them to the appropriate [querier](#querier) the `queryRoute` parameter supplied. + +#### gRPC + +[gRPC](https://grpc.io) is a modern open-source high performance RPC framework that has support in multiple languages. It is the recommended way for external clients (such as wallets, browsers and other backend services) to interact with a node. + +Each module can expose gRPC endpoints called [service methods](https://grpc.io/docs/what-is-grpc/core-concepts/#service-definition), which are defined in the [module's Protobuf `query.proto` file](#grpc-query-services). A service method is defined by its name, input arguments, and output response. The module then needs to perform the following actions: + +* Define a `RegisterGRPCGatewayRoutes` method on `AppModuleBasic` to wire the client gRPC requests to the correct handler inside the module. +* For each service method, define a corresponding handler. The handler implements the core logic necessary to serve the gRPC request, and is located in the `keeper/grpc_query.go` file. + +#### gRPC-gateway REST Endpoints + +Some external clients may not wish to use gRPC. In this case, the Cosmos SDK provides a gRPC gateway service, which exposes each gRPC service as a corresponding REST endpoint. Please refer to the [grpc-gateway](https://grpc-ecosystem.github.io/grpc-gateway/) documentation to learn more. + +The REST endpoints are defined in the Protobuf files, along with the gRPC services, using Protobuf annotations. Modules that want to expose REST queries should add `google.api.http` annotations to their `rpc` methods. By default, all REST endpoints defined in the SDK have a URL starting with the `/cosmos/` prefix. + +The Cosmos SDK also provides a development endpoint to generate [Swagger](https://swagger.io/) definition files for these REST endpoints. This endpoint can be enabled inside the [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml) config file, under the `api.swagger` key. + +## Application Interface + +[Interfaces](#command-line-grpc-services-and-rest-interfaces) let end-users interact with full-node clients. This means querying data from the full-node or creating and sending new transactions to be relayed by the full-node and eventually included in a block. + +The main interface is the [Command-Line Interface](../advanced/07-cli.md). The CLI of a Cosmos SDK application is built by aggregating [CLI commands](#cli) defined in each of the modules used by the application. The CLI of an application is the same as the daemon (e.g. `appd`), and is defined in a file called `appd/main.go`. The file contains the following: + +* **A `main()` function**, which is executed to build the `appd` interface client. This function prepares each command and adds them to the `rootCmd` before building them. At the root of `appd`, the function adds generic commands like `status`, `keys`, and `config`, query commands, tx commands, and `rest-server`. +* **Query commands**, which are added by calling the `queryCmd` function. This function returns a Cobra command that contains the query commands defined in each of the application's modules (passed as an array of `sdk.ModuleClients` from the `main()` function), as well as some other lower level query commands such as block or validator queries. Query command are called by using the command `appd query [query]` of the CLI. +* **Transaction commands**, which are added by calling the `txCmd` function. Similar to `queryCmd`, the function returns a Cobra command that contains the tx commands defined in each of the application's modules, as well as lower level tx commands like transaction signing or broadcasting. Tx commands are called by using the command `appd tx [tx]` of the CLI. + +See an example of an application's main command-line file from the [Cosmos Hub](https://github.com/cosmos/gaia). + +```go reference +https://github.com/cosmos/gaia/blob/26ae7c2/cmd/gaiad/cmd/root.go#L39-L80 +``` + +## Dependencies and Makefile + +This section is optional, as developers are free to choose their dependency manager and project building method. That said, the current most used framework for versioning control is [`go.mod`](https://github.com/golang/go/wiki/Modules). It ensures each of the libraries used throughout the application are imported with the correct version. + +The following is the `go.mod` of the [Cosmos Hub](https://github.com/cosmos/gaia), provided as an example. + +```go reference +https://github.com/cosmos/gaia/blob/26ae7c2/go.mod#L1-L28 +``` + +For building the application, a [Makefile](https://en.wikipedia.org/wiki/Makefile) is generally used. The Makefile primarily ensures that the `go.mod` is run before building the two entrypoints to the application, [`Node Client`](#node-client) and [`Application Interface`](#application-interface). + +Here is an example of the [Cosmos Hub Makefile](https://github.com/cosmos/gaia/blob/main/Makefile). diff --git a/copy-of-sdk-docs/docs/learn/beginner/01-tx-lifecycle.md b/copy-of-sdk-docs/docs/learn/beginner/01-tx-lifecycle.md new file mode 100644 index 00000000..b004b355 --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/beginner/01-tx-lifecycle.md @@ -0,0 +1,284 @@ +--- +sidebar_position: 1 +--- + +# Transaction Lifecycle + +:::note Synopsis +This document describes the lifecycle of a transaction from creation to committed state changes. Transaction definition is described in a [different doc](../advanced/01-transactions.md). The transaction is referred to as `Tx`. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK Application](./00-app-anatomy.md) +::: + +## Creation + +### Transaction Creation + +One of the main application interfaces is the command-line interface. The transaction `Tx` can be created by the user inputting a command in the following format from the [command-line](../advanced/07-cli.md), providing the type of transaction in `[command]`, arguments in `[args]`, and configurations such as gas prices in `[flags]`: + +```bash +[appname] tx [command] [args] [flags] +``` + +This command automatically **creates** the transaction, **signs** it using the account's private key, and **broadcasts** it to the specified peer node. + +There are several required and optional flags for transaction creation. The `--from` flag specifies which [account](./03-accounts.md) the transaction is originating from. For example, if the transaction is sending coins, the funds are drawn from the specified `from` address. + +#### Gas and Fees + +Additionally, there are several [flags](../advanced/07-cli.md) users can use to indicate how much they are willing to pay in [fees](./04-gas-fees.md): + +* `--gas` refers to how much [gas](./04-gas-fees.md), which represents computational resources, `Tx` consumes. Gas is dependent on the transaction and is not precisely calculated until execution, but can be estimated by providing `auto` as the value for `--gas`. +* `--gas-adjustment` (optional) can be used to scale `gas` up in order to avoid underestimating. For example, users can specify their gas adjustment as 1.5 to use 1.5 times the estimated gas. +* `--gas-prices` specifies how much the user is willing to pay per unit of gas, which can be one or multiple denominations of tokens. For example, `--gas-prices=0.025uatom, 0.025upho` means the user is willing to pay 0.025uatom AND 0.025upho per unit of gas. +* `--fees` specifies how much in fees the user is willing to pay in total. +* `--timeout-height` specifies a block timeout height to prevent the tx from being committed past a certain height. + +The ultimate value of the fees paid is equal to the gas multiplied by the gas prices. In other words, `fees = ceil(gas * gasPrices)`. Thus, since fees can be calculated using gas prices and vice versa, the users specify only one of the two. + +Later, validators decide whether to include the transaction in their block by comparing the given or calculated `gas-prices` to their local `min-gas-prices`. `Tx` is rejected if its `gas-prices` is not high enough, so users are incentivized to pay more. + +#### Unordered Transactions + +With Cosmos SDK v0.53.0, users may send unordered transactions to chains that have this feature enabled. +The following flags allow a user to build an unordered transaction from the CLI. + +* `--unordered` specifies that this transaction should be unordered. (transaction sequence must be unset) +* `--timeout-duration` specifies the amount of time the unordered transaction should be valid in the mempool. The transaction's unordered nonce will be set to the time of transaction creation + timeout duration. + +:::warning + +Unordered transactions MUST leave sequence values unset. When a transaction is both unordered and contains a non-zero sequence value, +the transaction will be rejected. External services that operate on prior assumptions about transaction sequence values should be updated to handle unordered transactions. +Services should be aware that when the transaction is unordered, the transaction sequence will always be zero. + +::: + +#### CLI Example + +Users of the application `app` can enter the following command into their CLI to generate a transaction to send 1000uatom from a `senderAddress` to a `recipientAddress`. The command specifies how much gas they are willing to pay: an automatic estimate scaled up by 1.5 times, with a gas price of 0.025uatom per unit gas. + +```bash +appd tx send 1000uatom --from --gas auto --gas-adjustment 1.5 --gas-prices 0.025uatom +``` + +#### Other Transaction Creation Methods + +The command-line is an easy way to interact with an application, but `Tx` can also be created using a [gRPC or REST interface](../advanced/06-grpc_rest.md) or some other entry point defined by the application developer. From the user's perspective, the interaction depends on the web interface or wallet they are using (e.g. creating `Tx` using [Lunie.io](https://lunie.io/#/) and signing it with a Ledger Nano S). + +## Addition to Mempool + +Each full-node (running CometBFT) that receives a `Tx` sends an [ABCI message](https://docs.cometbft.com/v0.37/spec/p2p/legacy-docs/messages/), +`CheckTx`, to the application layer to check for validity, and receives an `abci.CheckTxResponse`. If the `Tx` passes the checks, it is held in the node's +[**Mempool**](https://docs.cometbft.com/v0.37/spec/p2p/legacy-docs/messages/mempool), an in-memory pool of transactions unique to each node, pending inclusion in a block - honest nodes discard a `Tx` if it is found to be invalid. Prior to consensus, nodes continuously check incoming transactions and gossip them to their peers. + +### Types of Checks + +The full-nodes perform stateless, then stateful checks on `Tx` during `CheckTx`, with the goal to +identify and reject an invalid transaction as early on as possible to avoid wasted computation. + +**_Stateless_** checks do not require nodes to access state - light clients or offline nodes can do +them - and are thus less computationally expensive. Stateless checks include making sure addresses +are not empty, enforcing nonnegative numbers, and other logic specified in the definitions. + +**_Stateful_** checks validate transactions and messages based on a committed state. Examples +include checking that the relevant values exist and can be transacted with, the address +has sufficient funds, and the sender is authorized or has the correct ownership to transact. +At any given moment, full-nodes typically have [multiple versions](../advanced/00-baseapp.md#state-updates) +of the application's internal state for different purposes. For example, nodes execute state +changes while in the process of verifying transactions, but still need a copy of the last committed +state in order to answer queries - they should not respond using state with uncommitted changes. + +In order to verify a `Tx`, full-nodes call `CheckTx`, which includes both _stateless_ and _stateful_ +checks. Further validation happens later in the [`DeliverTx`](#delivertx) stage. `CheckTx` goes +through several steps, beginning with decoding `Tx`. + +### Decoding + +When `Tx` is received by the application from the underlying consensus engine (e.g. CometBFT), it is still in its [encoded](../advanced/05-encoding.md) `[]byte` form and needs to be unmarshaled in order to be processed. Then, the [`runTx`](../advanced/00-baseapp.md#runtx-antehandler-runmsgs-posthandler) function is called to run in `runTxModeCheck` mode, meaning the function runs all checks but exits before executing messages and writing state changes. + +### ValidateBasic (deprecated) + +Messages ([`sdk.Msg`](../advanced/01-transactions.md#messages)) are extracted from transactions (`Tx`). The `ValidateBasic` method of the `sdk.Msg` interface implemented by the module developer is run for each transaction. +To discard obviously invalid messages, the `BaseApp` type calls the `ValidateBasic` method very early in the processing of the message in the [`CheckTx`](../advanced/00-baseapp.md#checktx) and [`DeliverTx`](../advanced/00-baseapp.md#delivertx) transactions. +`ValidateBasic` can include only **stateless** checks (the checks that do not require access to the state). + +:::warning +The `ValidateBasic` method on messages has been deprecated in favor of validating messages directly in their respective [`Msg` services](../../build/building-modules/03-msg-services.md#Validation). + +Read [RFC 001](https://docs.cosmos.network/main/rfc/rfc-001-tx-validation) for more details. +::: + +:::note +`BaseApp` still calls `ValidateBasic` on messages that implement that method for backwards compatibility. +::: + +#### Guideline + +`ValidateBasic` should not be used anymore. Message validation should be performed in the `Msg` service when [handling a message](../../build/building-modules/msg-services#Validation) in a module Msg Server. + +### AnteHandler + +`AnteHandler`s even though optional, are in practice very often used to perform signature verification, gas calculation, fee deduction, and other core operations related to blockchain transactions. + +A copy of the cached context is provided to the `AnteHandler`, which performs limited checks specified for the transaction type. Using a copy allows the `AnteHandler` to do stateful checks for `Tx` without modifying the last committed state, and revert back to the original if the execution fails. + +For example, the [`auth`](https://github.com/cosmos/cosmos-sdk/blob/main/x/auth/README.md) module `AnteHandler` checks and increments sequence numbers, checks signatures and account numbers, and deducts fees from the first signer of the transaction - all state changes are made using the `checkState`. + +:::warning +Ante handlers only run on a transaction. If a transaction embeds multiple messages (like some x/authz, x/gov transactions for instance), the ante handlers only have awareness of the outer message. Inner messages are mostly directly routed to the [message router](https://docs.cosmos.network/main/learn/advanced/baseapp#msg-service-router) and will skip the chain of ante handlers. Keep that in mind when designing your own ante handler. +::: + +### Gas + +The [`Context`](../advanced/02-context.md), which keeps a `GasMeter` that tracks how much gas is used during the execution of `Tx`, is initialized. The user-provided amount of gas for `Tx` is known as `GasWanted`. If `GasConsumed`, the amount of gas consumed during execution, ever exceeds `GasWanted`, the execution stops and the changes made to the cached copy of the state are not committed. Otherwise, `CheckTx` sets `GasUsed` equal to `GasConsumed` and returns it in the result. After calculating the gas and fee values, validator-nodes check that the user-specified `gas-prices` is greater than their locally defined `min-gas-prices`. + +### Discard or Addition to Mempool + +If at any point during `CheckTx` the `Tx` fails, it is discarded and the transaction lifecycle ends +there. Otherwise, if it passes `CheckTx` successfully, the default protocol is to relay it to peer +nodes and add it to the Mempool so that the `Tx` becomes a candidate to be included in the next block. + +The **mempool** serves the purpose of keeping track of transactions seen by all full-nodes. +Full-nodes keep a **mempool cache** of the last `mempool.cache_size` transactions they have seen, as a first line of +defense to prevent replay attacks. Ideally, `mempool.cache_size` is large enough to encompass all +of the transactions in the full mempool. If the mempool cache is too small to keep track of all +the transactions, `CheckTx` is responsible for identifying and rejecting replayed transactions. + +Currently existing preventative measures include fees and a `sequence` (nonce) counter to distinguish +replayed transactions from identical but valid ones. If an attacker tries to spam nodes with many +copies of a `Tx`, full-nodes keeping a mempool cache reject all identical copies instead of running +`CheckTx` on them. Even if the copies have incremented `sequence` numbers, attackers are +disincentivized by the need to pay fees. + +Validator nodes keep a mempool to prevent replay attacks, just as full-nodes do, but also use it as +a pool of unconfirmed transactions in preparation of block inclusion. Note that even if a `Tx` +passes all checks at this stage, it is still possible to be found invalid later on, because +`CheckTx` does not fully validate the transaction (that is, it does not actually execute the messages). + +## Inclusion in a Block + +Consensus, the process through which validator nodes come to agreement on which transactions to +accept, happens in **rounds**. Each round begins with a proposer creating a block of the most +recent transactions and ends with **validators**, special full-nodes with voting power responsible +for consensus, agreeing to accept the block or go with a `nil` block instead. Validator nodes +execute the consensus algorithm, such as [CometBFT](https://docs.cometbft.com/v0.37/spec/consensus/), +confirming the transactions using ABCI requests to the application, in order to come to this agreement. + +The first step of consensus is the **block proposal**. One proposer amongst the validators is chosen +by the consensus algorithm to create and propose a block - in order for a `Tx` to be included, it +must be in this proposer's mempool. + +## State Changes + +The next step of consensus is to execute the transactions to fully validate them. All full-nodes +that receive a block proposal from the correct proposer execute the transactions by calling the ABCI function `FinalizeBlock`. +As mentioned throughout the documentation `BeginBlock`, `ExecuteTx` and `EndBlock` are called within FinalizeBlock. +Although every full-node operates individually and locally, the outcome is always consistent and unequivocal. This is because the state changes brought about by the messages are predictable, and the transactions are specifically sequenced in the proposed block. + +```text + -------------------------- + | Receive Block Proposal | + -------------------------- + | + v + ------------------------- + | FinalizeBlock | + ------------------------- + | + v + ------------------- + | BeginBlock | + ------------------- + | + v + -------------------- + | ExecuteTx(tx0) | + | ExecuteTx(tx1) | + | ExecuteTx(tx2) | + | ExecuteTx(tx3) | + | . | + | . | + | . | + ------------------- + | + v + -------------------- + | EndBlock | + -------------------- + | + v + ------------------------- + | Consensus | + ------------------------- + | + v + ------------------------- + | Commit | + ------------------------- +``` + +### Transaction Execution + +The `FinalizeBlock` ABCI function defined in [`BaseApp`](../advanced/00-baseapp.md) does the bulk of the +state transitions: it is run for each transaction in the block in sequential order as committed +to during consensus. Under the hood, transaction execution is almost identical to `CheckTx` but calls the +[`runTx`](../advanced/00-baseapp.md#runtx) function in deliver mode instead of check mode. +Instead of using their `checkState`, full-nodes use `finalizeblock`: + +* **Decoding:** Since `FinalizeBlock` is an ABCI call, `Tx` is received in the encoded `[]byte` form. + Nodes first unmarshal the transaction, using the [`TxConfig`](./00-app-anatomy.md#register-codec) defined in the app, then call `runTx` in `execModeFinalize`, which is very similar to `CheckTx` but also executes and writes state changes. + +* **Checks and `AnteHandler`:** Full-nodes call `validateBasicMsgs` and `AnteHandler` again. This second check + happens because they may not have seen the same transactions during the addition to Mempool stage + and a malicious proposer may have included invalid ones. One difference here is that the + `AnteHandler` does not compare `gas-prices` to the node's `min-gas-prices` since that value is local + to each node - differing values across nodes yield nondeterministic results. + +* **`MsgServiceRouter`:** After `CheckTx` exits, `FinalizeBlock` continues to run + [`runMsgs`](../advanced/00-baseapp.md#runtx-antehandler-runmsgs-posthandler) to fully execute each `Msg` within the transaction. + Since the transaction may have messages from different modules, `BaseApp` needs to know which module + to find the appropriate handler. This is achieved using `BaseApp`'s `MsgServiceRouter` so that it can be processed by the module's Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md). + For `LegacyMsg` routing, the `Route` function is called via the [module manager](../../build/building-modules/01-module-manager.md) to retrieve the route name and find the legacy [`Handler`](../../build/building-modules/03-msg-services.md#handler-type) within the module. + +* **`Msg` service:** Protobuf `Msg` service is responsible for executing each message in the `Tx` and causes state transitions to persist in `finalizeBlockState`. + +* **PostHandlers:** [`PostHandler`](../advanced/00-baseapp.md#posthandler)s run after the execution of the message. If they fail, the state change of `runMsgs`, as well of `PostHandlers`, are both reverted. + +* **Gas:** While a `Tx` is being delivered, a `GasMeter` is used to keep track of how much + gas is being used; if execution completes, `GasUsed` is set and returned in the + `abci.ExecTxResult`. If execution halts because `BlockGasMeter` or `GasMeter` has run out or something else goes + wrong, a deferred function at the end appropriately errors or panics. + +If there are any failed state changes resulting from a `Tx` being invalid or `GasMeter` running out, +the transaction processing terminates and any state changes are reverted. Invalid transactions in a +block proposal cause validator nodes to reject the block and vote for a `nil` block instead. + +### Commit + +The final step is for nodes to commit the block and state changes. Validator nodes +perform the previous step of executing state transitions in order to validate the transactions, +then sign the block to confirm it. Full nodes that are not validators do not +participate in consensus - i.e. they cannot vote - but listen for votes to understand whether or +not they should commit the state changes. + +When they receive enough validator votes (2/3+ _precommits_ weighted by voting power), full nodes commit to a new block to be added to the blockchain and +finalize the state transitions in the application layer. A new state root is generated to serve as +a merkle proof for the state transitions. Applications use the [`Commit`](../advanced/00-baseapp.md#commit) +ABCI method inherited from [Baseapp](../advanced/00-baseapp.md); it syncs all the state transitions by +writing the `deliverState` into the application's internal state. As soon as the state changes are +committed, `checkState` starts afresh from the most recently committed state and `deliverState` +resets to `nil` in order to be consistent and reflect the changes. + +Note that not all blocks have the same number of transactions and it is possible for consensus to +result in a `nil` block or one with none at all. In a public blockchain network, it is also possible +for validators to be **byzantine**, or malicious, which may prevent a `Tx` from being committed in +the blockchain. Possible malicious behaviors include the proposer deciding to censor a `Tx` by +excluding it from the block or a validator voting against the block. + +At this point, the transaction lifecycle of a `Tx` is over: nodes have verified its validity, +delivered it by executing its state changes, and committed those changes. The `Tx` itself, +in `[]byte` form, is stored in a block and appended to the blockchain. diff --git a/copy-of-sdk-docs/docs/learn/beginner/02-query-lifecycle.md b/copy-of-sdk-docs/docs/learn/beginner/02-query-lifecycle.md new file mode 100644 index 00000000..4b11bfed --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/beginner/02-query-lifecycle.md @@ -0,0 +1,147 @@ +--- +sidebar_position: 1 +--- + +# Query Lifecycle + +:::note Synopsis +This document describes the lifecycle of a query in a Cosmos SDK application, from the user interface to application stores and back. The query is referred to as `MyQuery`. +::: + +:::note Pre-requisite Readings + +* [Transaction Lifecycle](./01-tx-lifecycle.md) +::: + +## Query Creation + +A [**query**](../../build/building-modules/02-messages-and-queries.md#queries) is a request for information made by end-users of applications through an interface and processed by a full-node. Users can query information about the network, the application itself, and application state directly from the application's stores or modules. Note that queries are different from [transactions](../advanced/01-transactions.md) (view the lifecycle [here](./01-tx-lifecycle.md)), particularly in that they do not require consensus to be processed (as they do not trigger state-transitions); they can be fully handled by one full-node. + +For the purpose of explaining the query lifecycle, let's say the query, `MyQuery`, is requesting a list of delegations made by a certain delegator address in the application called `simapp`. As is to be expected, the [`staking`](../../../../x/staking/README.md) module handles this query. But first, there are a few ways `MyQuery` can be created by users. + +### CLI + +The main interface for an application is the command-line interface. Users connect to a full-node and run the CLI directly from their machines - the CLI interacts directly with the full-node. To create `MyQuery` from their terminal, users type the following command: + +```bash +simd query staking delegations +``` + +This query command was defined by the [`staking`](../../../../x/staking/README.md) module developer and added to the list of subcommands by the application developer when creating the CLI. + +Note that the general format is as follows: + +```bash +simd query [moduleName] [command] --flag +``` + +To provide values such as `--node` (the full-node the CLI connects to), the user can use the [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml) config file to set them or provide them as flags. + +The CLI understands a specific set of commands, defined in a hierarchical structure by the application developer: from the [root command](../advanced/07-cli.md#root-command) (`simd`), the type of command (`Myquery`), the module that contains the command (`staking`), and command itself (`delegations`). Thus, the CLI knows exactly which module handles this command and directly passes the call there. + +### gRPC + +Another interface through which users can make queries is [gRPC](https://grpc.io) requests to a [gRPC server](../advanced/06-grpc_rest.md#grpc-server). The endpoints are defined as [Protocol Buffers](https://developers.google.com/protocol-buffers) service methods inside `.proto` files, written in Protobuf's own language-agnostic interface definition language (IDL). The Protobuf ecosystem developed tools for code-generation from `*.proto` files into various languages. These tools allow to build gRPC clients easily. + +One such tool is [grpcurl](https://github.com/fullstorydev/grpcurl), and a gRPC request for `MyQuery` using this client looks like: + +```bash +grpcurl \ + -plaintext # We want results in plain text + -import-path ./proto \ # Import these .proto files + -proto ./proto/cosmos/staking/v1beta1/query.proto \ # Look into this .proto file for the Query protobuf service + -d '{"address":"$MY_DELEGATOR"}' \ # Query arguments + localhost:9090 \ # gRPC server endpoint + cosmos.staking.v1beta1.Query/Delegations # Fully-qualified service method name +``` + +### REST + +Another interface through which users can make queries is through HTTP Requests to a [REST server](../advanced/06-grpc_rest.md#rest-server). The REST server is fully auto-generated from Protobuf services, using [gRPC-gateway](https://github.com/grpc-ecosystem/grpc-gateway). + +An example HTTP request for `MyQuery` looks like: + +```bash +GET http://localhost:1317/cosmos/staking/v1beta1/delegators/{delegatorAddr}/delegations +``` + +## How Queries are Handled by the CLI + +The preceding examples show how an external user can interact with a node by querying its state. To understand in more detail the exact lifecycle of a query, let's dig into how the CLI prepares the query, and how the node handles it. The interactions from the users' perspective are a bit different, but the underlying functions are almost identical because they are implementations of the same command defined by the module developer. This step of processing happens within the CLI, gRPC, or REST server, and heavily involves a `client.Context`. + +### Context + +The first thing that is created in the execution of a CLI command is a `client.Context`. A `client.Context` is an object that stores all the data needed to process a request on the user side. In particular, a `client.Context` stores the following: + +* **Codec**: The [encoder/decoder](../advanced/05-encoding.md) used by the application, used to marshal the parameters and query before making the CometBFT RPC request and unmarshal the returned response into a JSON object. The default codec used by the CLI is Protobuf. +* **Account Decoder**: The account decoder from the [`auth`](../../../../x/auth/README.md) module, which translates `[]byte`s into accounts. +* **RPC Client**: The CometBFT RPC Client, or node, to which requests are relayed. +* **Keyring**: A [Key Manager](../beginner/03-accounts.md#keyring) used to sign transactions and handle other operations with keys. +* **Output Writer**: A [Writer](https://pkg.go.dev/io/#Writer) used to output the response. +* **Configurations**: The flags configured by the user for this command, including `--height`, specifying the height of the blockchain to query, and `--indent`, which indicates to add an indent to the JSON response. + +The `client.Context` also contains various functions such as `Query()`, which retrieves the RPC Client and makes an ABCI call to relay a query to a full-node. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/context.go#L27-70 +``` + +The `client.Context`'s primary role is to store data used during interactions with the end-user and provide methods to interact with this data - it is used before and after the query is processed by the full-node. Specifically, in handling `MyQuery`, the `client.Context` is utilized to encode the query parameters, retrieve the full-node, and write the output. Prior to being relayed to a full-node, the query needs to be encoded into a `[]byte` form, as full-nodes are application-agnostic and do not understand specific types. The full-node (RPC Client) itself is retrieved using the `client.Context`, which knows which node the user CLI is connected to. The query is relayed to this full-node to be processed. Finally, the `client.Context` contains a `Writer` to write output when the response is returned. These steps are further described in later sections. + +### Arguments and Route Creation + +At this point in the lifecycle, the user has created a CLI command with all of the data they wish to include in their query. A `client.Context` exists to assist in the rest of the `MyQuery`'s journey. Now, the next step is to parse the command or request, extract the arguments, and encode everything. These steps all happen on the user side within the interface they are interacting with. + +#### Encoding + +In our case (querying an address's delegations), `MyQuery` contains an [address](./03-accounts.md#addresses) `delegatorAddress` as its only argument. However, the request can only contain `[]byte`s, as it is ultimately relayed to a consensus engine (e.g. CometBFT) of a full-node that has no inherent knowledge of the application types. Thus, the `codec` of `client.Context` is used to marshal the address. + +Here is what the code looks like for the CLI command: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/staking/client/cli/query.go#L315-L318 +``` + +#### gRPC Query Client Creation + +The Cosmos SDK leverages code generated from Protobuf services to make queries. The `staking` module's `MyQuery` service generates a `queryClient`, which the CLI uses to make queries. Here is the relevant code: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/staking/client/cli/query.go#L308-L343 +``` + +Under the hood, the `client.Context` has a `Query()` function used to retrieve the pre-configured node and relay a query to it; the function takes the query fully-qualified service method name as path (in our case: `/cosmos.staking.v1beta1.Query/Delegations`), and arguments as parameters. It first retrieves the RPC Client (called the [**node**](../advanced/03-node.md)) configured by the user to relay this query to, and creates the `ABCIQueryOptions` (parameters formatted for the ABCI call). The node is then used to make the ABCI call, `ABCIQueryWithOptions()`. + +Here is what the code looks like: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/query.go#L79-L113 +``` + +## RPC + +With a call to `ABCIQueryWithOptions()`, `MyQuery` is received by a [full-node](../advanced/05-encoding.md) which then processes the request. Note that, while the RPC is made to the consensus engine (e.g. CometBFT) of a full-node, queries are not part of consensus and so are not broadcasted to the rest of the network, as they do not require anything the network needs to agree upon. + +Read more about ABCI Clients and CometBFT RPC in the [CometBFT documentation](https://docs.cometbft.com/v0.37/spec/rpc/). + +## Application Query Handling + +When a query is received by the full-node after it has been relayed from the underlying consensus engine, it is at that point being handled within an environment that understands application-specific types and has a copy of the state. [`baseapp`](../advanced/00-baseapp.md) implements the ABCI [`Query()`](../advanced/00-baseapp.md#query) function and handles gRPC queries. The query route is parsed, and it matches the fully-qualified service method name of an existing service method (most likely in one of the modules), then `baseapp` relays the request to the relevant module. + +Since `MyQuery` has a Protobuf fully-qualified service method name from the `staking` module (recall `/cosmos.staking.v1beta1.Query/Delegations`), `baseapp` first parses the path, then uses its own internal `GRPCQueryRouter` to retrieve the corresponding gRPC handler, and routes the query to the module. The gRPC handler is responsible for recognizing this query, retrieving the appropriate values from the application's stores, and returning a response. Read more about query services [here](../../build/building-modules/04-query-services.md). + +Once a result is received from the querier, `baseapp` begins the process of returning a response to the user. + +## Response + +Since `Query()` is an ABCI function, `baseapp` returns the response as an [`abci.QueryResponse`](https://docs.cometbft.com/main/spec/abci/abci++_methods#query) type. The `client.Context` `Query()` routine receives the response and processes it. + +### CLI Response + +The application [`codec`](../advanced/05-encoding.md) is used to unmarshal the response to a JSON and the `client.Context` prints the output to the command line, applying any configurations such as the output type (text, JSON or YAML). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/context.go#L350-L357 +``` + +And that's a wrap! The result of the query is outputted to the console by the CLI. diff --git a/copy-of-sdk-docs/docs/learn/beginner/03-accounts.md b/copy-of-sdk-docs/docs/learn/beginner/03-accounts.md new file mode 100644 index 00000000..150436b9 --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/beginner/03-accounts.md @@ -0,0 +1,281 @@ +--- +sidebar_position: 1 +--- + +# Accounts + +:::note Synopsis +This document describes the in-built account and public key system of the Cosmos SDK. +::: + +:::note Pre-requisite Readings + + +* [Anatomy of a Cosmos SDK Application](./00-app-anatomy.md) + +::: + +## Account Definition + +In the Cosmos SDK, an _account_ designates a pair of _public key_ `PubKey` and _private key_ `PrivKey`. The `PubKey` can be derived to generate various `Addresses`, which are used to identify users (among other parties) in the application. `Addresses` are also associated with [`message`s](../../build/building-modules/02-messages-and-queries.md#messages) to identify the sender of the `message`. The `PrivKey` is used to generate [digital signatures](#signatures) to prove that an `Address` associated with the `PrivKey` approved of a given `message`. + +For HD key derivation the Cosmos SDK uses a standard called [BIP32](https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki). The BIP32 allows users to create an HD wallet (as specified in [BIP44](https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki)) - a set of accounts derived from an initial secret seed. A seed is usually created from a 12- or 24-word mnemonic. A single seed can derive any number of `PrivKey`s using a one-way cryptographic function. Then, a `PubKey` can be derived from the `PrivKey`. Naturally, the mnemonic is the most sensitive information, as private keys can always be re-generated if the mnemonic is preserved. + +```text + Account 0 Account 1 Account 2 + ++------------------+ +------------------+ +------------------+ +| | | | | | +| Address 0 | | Address 1 | | Address 2 | +| ^ | | ^ | | ^ | +| | | | | | | | | +| | | | | | | | | +| | | | | | | | | +| + | | + | | + | +| Public key 0 | | Public key 1 | | Public key 2 | +| ^ | | ^ | | ^ | +| | | | | | | | | +| | | | | | | | | +| | | | | | | | | +| + | | + | | + | +| Private key 0 | | Private key 1 | | Private key 2 | +| ^ | | ^ | | ^ | ++------------------+ +------------------+ +------------------+ + | | | + | | | + | | | + +--------------------------------------------------------------------+ + | + | + +---------+---------+ + | | + | Master PrivKey | + | | + +-------------------+ + | + | + +---------+---------+ + | | + | Mnemonic (Seed) | + | | + +-------------------+ +``` + +In the Cosmos SDK, keys are stored and managed by using an object called a [`Keyring`](#keyring). + +## Keys, accounts, addresses, and signatures + +The principal way of authenticating a user is done using [digital signatures](https://en.wikipedia.org/wiki/Digital_signature). Users sign transactions using their own private key. Signature verification is done with the associated public key. For on-chain signature verification purposes, we store the public key in an `Account` object (alongside other data required for a proper transaction validation). + +In the node, all data is stored using Protocol Buffers serialization. + +The Cosmos SDK supports the following digital key schemes for creating digital signatures: + +* `secp256k1`, as implemented in the [Cosmos SDK's `crypto/keys/secp256k1` package](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keys/secp256k1/secp256k1.go). +* `secp256r1`, as implemented in the [Cosmos SDK's `crypto/keys/secp256r1` package](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keys/secp256r1/pubkey.go). +* `tm-ed25519`, as implemented in the [Cosmos SDK `crypto/keys/ed25519` package](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keys/ed25519/ed25519.go). This scheme is supported only for the consensus validation. + +| | Address length in bytes | Public key length in bytes | Used for transaction authentication | Used for consensus (cometbft) | +| :----------: | :---------------------: | :------------------------: | :---------------------------------: | :-----------------------------: | +| `secp256k1` | 20 | 33 | yes | no | +| `secp256r1` | 32 | 33 | yes | no | +| `tm-ed25519` | -- not used -- | 32 | no | yes | + +## Addresses + +`Addresses` and `PubKey`s are both public information that identifies actors in the application. `Account` is used to store authentication information. The basic account implementation is provided by a `BaseAccount` object. + +Each account is identified using `Address` which is a sequence of bytes derived from a public key. In the Cosmos SDK, we define 3 types of addresses that specify a context where an account is used: + +* `AccAddress` identifies users (the sender of a `message`). +* `ValAddress` identifies validator operators. +* `ConsAddress` identifies validator nodes that are participating in consensus. Validator nodes are derived using the **`ed25519`** curve. + +These types implement the `Address` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/address.go#L126-L134 +``` + +Address construction algorithm is defined in [ADR-28](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-028-public-key-addresses.md). +Here is the standard way to obtain an account address from a `pub` public key: + +```go +sdk.AccAddress(pub.Address().Bytes()) +``` + +Of note, the `Marshal()` and `Bytes()` method both return the same raw `[]byte` form of the address. `Marshal()` is required for Protobuf compatibility. + +For user interaction, addresses are formatted using [Bech32](https://en.bitcoin.it/wiki/Bech32) and implemented by the `String` method. The Bech32 method is the only supported format to use when interacting with a blockchain. The Bech32 human-readable part (Bech32 prefix) is used to denote an address type. Example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/address.go#L299-L316 +``` + +| | Address Bech32 Prefix | +| ------------------ | --------------------- | +| Accounts | cosmos | +| Validator Operator | cosmosvaloper | +| Consensus Nodes | cosmosvalcons | + +### Public Keys + +Public keys in Cosmos SDK are defined by `cryptotypes.PubKey` interface. Since public keys are saved in a store, `cryptotypes.PubKey` extends the `proto.Message` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/types/types.go#L8-L17 +``` + +A compressed format is used for `secp256k1` and `secp256r1` serialization. + +* The first byte is a `0x02` byte if the `y`-coordinate is the lexicographically largest of the two associated with the `x`-coordinate. +* Otherwise the first byte is a `0x03`. + +This prefix is followed by the `x`-coordinate. + +Public Keys are not used to reference accounts (or users) and in general are not used when composing transaction messages (with few exceptions: `MsgCreateValidator`, `Validator` and `Multisig` messages). +For user interactions, `PubKey` is formatted using Protobufs JSON ([ProtoMarshalJSON](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/codec/json.go#L14-L34) function). Example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/keys/output.go#L23-L39 +``` + +## Keyring + +A `Keyring` is an object that stores and manages accounts. In the Cosmos SDK, a `Keyring` implementation follows the `Keyring` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keyring/keyring.go#L58-L106 +``` + +The default implementation of `Keyring` comes from the third-party [`99designs/keyring`](https://github.com/99designs/keyring) library. + +A few notes on the `Keyring` methods: + +* `Sign(uid string, msg []byte) ([]byte, types.PubKey, error)` strictly deals with the signature of the `msg` bytes. You must prepare and encode the transaction into a canonical `[]byte` form. Because protobuf is not deterministic, it has been decided in [ADR-020](../../build/architecture/adr-020-protobuf-transaction-encoding.md) that the canonical `payload` to sign is the `SignDoc` struct, deterministically encoded using [ADR-027](../../build/architecture/adr-027-deterministic-protobuf-serialization.md). Note that signature verification is not implemented in the Cosmos SDK by default, it is deferred to the [`anteHandler`](../advanced/00-baseapp.md#antehandler). + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/v1beta1/tx.proto#L50-L67 +``` + +* `NewAccount(uid, mnemonic, bip39Passphrase, hdPath string, algo SignatureAlgo) (*Record, error)` creates a new account based on the [`bip44 path`](https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki) and persists it on disk. The `PrivKey` is **never stored unencrypted**, instead it is [encrypted with a passphrase](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/armor.go) before being persisted. In the context of this method, the key type and sequence number refer to the segment of the BIP44 derivation path (for example, `0`, `1`, `2`, ...) that is used to derive a private and a public key from the mnemonic. Using the same mnemonic and derivation path, the same `PrivKey`, `PubKey` and `Address` is generated. The following keys are supported by the keyring: + +* `secp256k1` +* `ed25519` + +* `ExportPrivKeyArmor(uid, encryptPassphrase string) (armor string, err error)` exports a private key in ASCII-armored encrypted format using the given passphrase. You can then either import the private key again into the keyring using the `ImportPrivKey(uid, armor, passphrase string)` function or decrypt it into a raw private key using the `UnarmorDecryptPrivKey(armorStr string, passphrase string)` function. + +### Create New Key Type + +To create a new key type for using in keyring, `keyring.SignatureAlgo` interface must be fulfilled. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keyring/signing_algorithms.go#L11-L16 +``` + +The interface consists of three methods where `Name()` returns the name of the algorithm as a `hd.PubKeyType` and `Derive()` and `Generate()` must return the following functions respectively: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/hd/algo.go#L28-L31 +``` + +Once the `keyring.SignatureAlgo` has been implemented it must be added to the [list of supported algos](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keyring/keyring.go#L209) of the keyring. + +For simplicity the implementation of a new key type should be done inside the `crypto/hd` package. +There is an example of a working `secp256k1` implementation in [algo.go](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/hd/algo.go#L38). + + +#### Implementing secp256r1 algo + +Here is an example of how secp256r1 could be implemented. + +First a new function to create a private key from a secret number is needed in the secp256r1 package. This function could look like this: + +```go +// cosmos-sdk/crypto/keys/secp256r1/privkey.go + +// NewPrivKeyFromSecret creates a private key derived for the secret number +// represented in big-endian. The `secret` must be a valid ECDSA field element. +func NewPrivKeyFromSecret(secret []byte) (*PrivKey, error) { + var d = new(big.Int).SetBytes(secret) + if d.Cmp(secp256r1.Params().N) >= 1 { + return nil, errorsmod.Wrap(errors.ErrInvalidRequest, "secret not in the curve base field") + } + sk := new(ecdsa.PrivKey) + return &PrivKey{&ecdsaSK{*sk}}, nil +} +``` + +After that `secp256r1Algo` can be implemented. + +```go +// cosmos-sdk/crypto/hd/secp256r1Algo.go + +package hd + +import ( + "github.com/cosmos/go-bip39" + + "github.com/cosmos/cosmos-sdk/crypto/keys/secp256r1" + "github.com/cosmos/cosmos-sdk/crypto/types" +) + +// Secp256r1Type uses the secp256r1 ECDSA parameters. +const Secp256r1Type = PubKeyType("secp256r1") + +var Secp256r1 = secp256r1Algo{} + +type secp256r1Algo struct{} + +func (s secp256r1Algo) Name() PubKeyType { + return Secp256r1Type +} + +// Derive derives and returns the secp256r1 private key for the given seed and HD path. +func (s secp256r1Algo) Derive() DeriveFn { + return func(mnemonic string, bip39Passphrase, hdPath string) ([]byte, error) { + seed, err := bip39.NewSeedWithErrorChecking(mnemonic, bip39Passphrase) + if err != nil { + return nil, err + } + + masterPriv, ch := ComputeMastersFromSeed(seed) + if len(hdPath) == 0 { + return masterPriv[:], nil + } + derivedKey, err := DerivePrivateKeyForPath(masterPriv, ch, hdPath) + + return derivedKey, err + } +} + +// Generate generates a secp256r1 private key from the given bytes. +func (s secp256r1Algo) Generate() GenerateFn { + return func(bz []byte) types.PrivKey { + key, err := secp256r1.NewPrivKeyFromSecret(bz) + if err != nil { + panic(err) + } + return key + } +} +``` + +Finally, the algo must be added to the list of [supported algos](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keyring/keyring.go#L209) by the keyring. + +```go +// cosmos-sdk/crypto/keyring/keyring.go + +func newKeystore(kr keyring.Keyring, cdc codec.Codec, backend string, opts ...Option) keystore { + // Default options for keybase, these can be overwritten using the + // Option function + options := Options{ + SupportedAlgos: SigningAlgoList{hd.Secp256k1, hd.Secp256r1}, // added here + SupportedAlgosLedger: SigningAlgoList{hd.Secp256k1}, + } +... +``` + +Hereafter to create new keys using your algo, you must specify it with the flag `--algo` : + +`simd keys add myKey --algo secp256r1` diff --git a/copy-of-sdk-docs/docs/learn/beginner/04-gas-fees.md b/copy-of-sdk-docs/docs/learn/beginner/04-gas-fees.md new file mode 100644 index 00000000..5aea1238 --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/beginner/04-gas-fees.md @@ -0,0 +1,101 @@ +--- +sidebar_position: 1 +--- + +# Gas and Fees + +:::note Synopsis +This document describes the default strategies to handle gas and fees within a Cosmos SDK application. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK Application](./00-app-anatomy.md) + +::: + +## Introduction to `Gas` and `Fees` + +In the Cosmos SDK, `gas` is a special unit that is used to track the consumption of resources during execution. `gas` is typically consumed whenever read and writes are made to the store, but it can also be consumed if expensive computation needs to be done. It serves two main purposes: + +* Make sure blocks are not consuming too many resources and are finalized. This is implemented by default in the Cosmos SDK via the [block gas meter](#block-gas-meter). +* Prevent spam and abuse from end-user. To this end, `gas` consumed during [`message`](../../build/building-modules/02-messages-and-queries.md#messages) execution is typically priced, resulting in a `fee` (`fees = gas * gas-prices`). `fees` generally have to be paid by the sender of the `message`. Note that the Cosmos SDK does not enforce `gas` pricing by default, as there may be other ways to prevent spam (e.g. bandwidth schemes). Still, most applications implement `fee` mechanisms to prevent spam by using the [`AnteHandler`](#antehandler). + +## Gas Meter + +In the Cosmos SDK, `gas` is a simple alias for `uint64`, and is managed by an object called a _gas meter_. Gas meters implement the `GasMeter` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/store/types/gas.go#L40-L51 +``` + +where: + +* `GasConsumed()` returns the amount of gas that was consumed by the gas meter instance. +* `GasConsumedToLimit()` returns the amount of gas that was consumed by the gas meter instance, or the limit if it is reached. +* `GasRemaining()` returns the gas left in the GasMeter. +* `Limit()` returns the limit of the gas meter instance. `0` if the gas meter is infinite. +* `ConsumeGas(amount Gas, descriptor string)` consumes the amount of `gas` provided. If the `gas` overflows, it panics with the `descriptor` message. If the gas meter is not infinite, it panics if `gas` consumed goes above the limit. +* `RefundGas()` deducts the given amount from the gas consumed. This functionality enables refunding gas to the transaction or block gas pools so that EVM-compatible chains can fully support the go-ethereum StateDB interface. +* `IsPastLimit()` returns `true` if the amount of gas consumed by the gas meter instance is strictly above the limit, `false` otherwise. +* `IsOutOfGas()` returns `true` if the amount of gas consumed by the gas meter instance is above or equal to the limit, `false` otherwise. + +The gas meter is generally held in [`ctx`](../advanced/02-context.md), and consuming gas is done with the following pattern: + +```go +ctx.GasMeter().ConsumeGas(amount, "description") +``` + +By default, the Cosmos SDK makes use of two different gas meters, the [main gas meter](#main-gas-meter) and the [block gas meter](#block-gas-meter). + +### Main Gas Meter + +`ctx.GasMeter()` is the main gas meter of the application. The main gas meter is initialized in `FinalizeBlock` via `setFinalizeBlockState`, and then tracks gas consumption during execution sequences that lead to state-transitions, i.e. those originally triggered by [`FinalizeBlock`](../advanced/00-baseapp.md#finalizeblock). At the beginning of each transaction execution, the main gas meter **must be set to 0** in the [`AnteHandler`](#antehandler), so that it can track gas consumption per-transaction. + +Gas consumption can be done manually, generally by the module developer in the [`BeginBlocker`, `EndBlocker`](../../build/building-modules/06-beginblock-endblock.md) or [`Msg` service](../../build/building-modules/03-msg-services.md), but most of the time it is done automatically whenever there is a read or write to the store. This automatic gas consumption logic is implemented in a special store called [`GasKv`](../advanced/04-store.md#gaskv-store). + +### Block Gas Meter + +`ctx.BlockGasMeter()` is the gas meter used to track gas consumption per block and make sure it does not go above a certain limit. + +During the genesis phase, gas consumption is unlimited to accommodate initialization transactions. + +```go +app.finalizeBlockState.SetContext(app.finalizeBlockState.Context().WithBlockGasMeter(storetypes.NewInfiniteGasMeter())) +``` + +Following the genesis block, the block gas meter is set to a finite value by the SDK. This transition is facilitated by the consensus engine (e.g., CometBFT) calling the `RequestFinalizeBlock` function, which in turn triggers the SDK's `FinalizeBlock` method. Within `FinalizeBlock`, `internalFinalizeBlock` is executed, performing necessary state updates and function executions. The block gas meter, initialized each with a finite limit, is then incorporated into the context for transaction execution, ensuring gas consumption does not exceed the block's gas limit and is reset at the end of each block. + +Modules within the Cosmos SDK can consume block gas at any point during their execution by utilizing the `ctx`. This gas consumption primarily occurs during state read/write operations and transaction processing. The block gas meter, accessible via `ctx.BlockGasMeter()`, monitors the total gas usage within a block, enforcing the gas limit to prevent excessive computation. This ensures that gas limits are adhered to on a per-block basis, starting from the first block post-genesis. + +```go +gasMeter := app.getBlockGasMeter(app.finalizeBlockState.Context()) +app.finalizeBlockState.SetContext(app.finalizeBlockState.Context().WithBlockGasMeter(gasMeter)) +``` + +The above shows the general mechanism for setting the block gas meter with a finite limit based on the block's consensus parameters. + +## AnteHandler + +The `AnteHandler` is run for every transaction during `CheckTx` and `FinalizeBlock`, before a Protobuf `Msg` service method for each `sdk.Msg` in the transaction. + +The anteHandler is not implemented in the core Cosmos SDK but in a module. That said, most applications today use the default implementation defined in the [`auth` module](https://github.com/cosmos/cosmos-sdk/tree/main/x/auth). Here is what the `anteHandler` is intended to do in a normal Cosmos SDK application: + +* Verify that the transactions are of the correct type. Transaction types are defined in the module that implements the `anteHandler`, and they follow the transaction interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/types/tx_msg.go#L53-L58 +``` + + This enables developers to play with various types for the transaction of their application. In the default `auth` module, the default transaction type is `Tx`: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/proto/cosmos/tx/v1beta1/tx.proto#L15-L28 +``` + +* Verify signatures for each [`message`](../../build/building-modules/02-messages-and-queries.md#messages) contained in the transaction. Each `message` should be signed by one or multiple sender(s), and these signatures must be verified in the `anteHandler`. +* During `CheckTx`, verify that the gas prices provided with the transaction are greater than the local `min-gas-prices` (as a reminder, gas-prices can be deducted from the following equation: `fees = gas * gas-prices`). `min-gas-prices` is a parameter local to each full-node and used during `CheckTx` to discard transactions that do not provide a minimum amount of fees. This ensures that the mempool cannot be spammed with garbage transactions. +* Verify that the sender of the transaction has enough funds to cover for the `fees`. When the end-user generates a transaction, they must indicate 2 of the 3 following parameters (the third one being implicit): `fees`, `gas` and `gas-prices`. This signals how much they are willing to pay for nodes to execute their transaction. The provided `gas` value is stored in a parameter called `GasWanted` for later use. +* Set `newCtx.GasMeter` to 0, with a limit of `GasWanted`. **This step is crucial**, as it not only makes sure the transaction cannot consume infinite gas, but also that `ctx.GasMeter` is reset in-between each transaction (`ctx` is set to `newCtx` after `anteHandler` is run, and the `anteHandler` is run each time a transaction executes). + +As explained above, the `anteHandler` returns a maximum limit of `gas` the transaction can consume during execution called `GasWanted`. The actual amount consumed in the end is denominated `GasUsed`, and we must therefore have `GasUsed =< GasWanted`. Both `GasWanted` and `GasUsed` are relayed to the underlying consensus engine when [`FinalizeBlock`](../advanced/00-baseapp.md#finalizeblock) returns. diff --git a/copy-of-sdk-docs/docs/learn/beginner/_category_.json b/copy-of-sdk-docs/docs/learn/beginner/_category_.json new file mode 100644 index 00000000..d09097fa --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/beginner/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Beginner", + "position": 2, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/docs/learn/intro/00-overview.md b/copy-of-sdk-docs/docs/learn/intro/00-overview.md new file mode 100644 index 00000000..f1e896f3 --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/intro/00-overview.md @@ -0,0 +1,43 @@ +--- +sidebar_position: 1 +--- + +# What is the Cosmos SDK + +The [Cosmos SDK](https://github.com/cosmos/cosmos-sdk) is an open-source toolkit for building multi-asset public Proof-of-Stake (PoS) blockchains, like the Cosmos Hub, as well as permissioned Proof-of-Authority (PoA) blockchains. Blockchains built with the Cosmos SDK are generally referred to as **application-specific blockchains**. + +The goal of the Cosmos SDK is to allow developers to easily create custom blockchains from scratch that can natively interoperate with other blockchains. +We further this modular approach by allowing developers to plug and play with different consensus engines this can range from the [CometBFT](https://github.com/cometbft/cometbft) or [Rollkit](https://rollkit.dev/). + +SDK-based blockchains have the choice to use the predefined modules or to build their own modules. What this means is that developers can build a blockchain that is tailored to their specific use case, without having to worry about the low-level details of building a blockchain from scratch. Predefined modules include staking, governance, and token issuance, among others. + +What's more, the Cosmos SDK is a capabilities-based system that allows developers to better reason about the security of interactions between modules. For a deeper look at capabilities, jump to [Object-Capability Model](../advanced/10-ocap.md). + +How you can look at this is if we imagine that the SDK is like a lego kit. You can choose to build the basic house from the instructions or you can choose to modify your house and add more floors, more doors, more windows. The choice is yours. + +## What are Application-Specific Blockchains + +One development paradigm in the blockchain world today is that of virtual-machine blockchains like Ethereum, where development generally revolves around building decentralized applications on top of an existing blockchain as a set of smart contracts. While smart contracts can be very good for some use cases like single-use applications (e.g. ICOs), they often fall short for building complex decentralized platforms. More generally, smart contracts can be limiting in terms of flexibility, sovereignty and performance. + +Application-specific blockchains offer a radically different development paradigm than virtual-machine blockchains. An application-specific blockchain is a blockchain customized to operate a single application: developers have all the freedom to make the design decisions required for the application to run optimally. They can also provide better sovereignty, security and performance. + +Learn more about [application-specific blockchains](./01-why-app-specific.md). + +## What is Modularity + +Today there is a lot of talk around modularity and discussions between monolithic and modular. Originally the Cosmos SDK was built with a vision of modularity in mind. Modularity is derived from splitting a blockchain into customizable layers of execution, consensus, settlement and data availability, which is what the Cosmos SDK enables. This means that developers can plug and play, making their blockchain customisable by using different software for different layers. For example you can choose to build a vanilla chain and use the Cosmos SDK with CometBFT. CometBFT will be your consensus layer and the chain itself would be the settlement and execution layer. Another route could be to use the SDK with Rollkit and Celestia as your consensus and data availability layer. The benefit of modularity is that you can customize your chain to your specific use case. + +## Why the Cosmos SDK + +The Cosmos SDK is the most advanced framework for building custom modular application-specific blockchains today. Here are a few reasons why you might want to consider building your decentralized application with the Cosmos SDK: + +* It allows you to plug and play and customize your consensus layer. As above you can use Rollkit and Celestia as your consensus and data availability layer. This offers a lot of flexibility and customisation. +* Previously the default consensus engine available within the Cosmos SDK is [CometBFT](https://github.com/cometbft/cometbft). CometBFT is the most mature BFT consensus engine in existence. It is widely used across the industry and is considered the gold standard consensus engine for building Proof-of-Stake systems. +* The Cosmos SDK is open-source and designed to make it easy to build blockchains out of composable [modules](../../build/modules). As the ecosystem of open-source Cosmos SDK modules grows, it will become increasingly easier to build complex decentralized platforms with it. +* The Cosmos SDK is inspired by capabilities-based security, and informed by years of wrestling with blockchain state-machines. This makes the Cosmos SDK a very secure environment to build blockchains. +* Most importantly, the Cosmos SDK has already been used to build many application-specific blockchains that are already in production. Among others, we can cite [Cosmos Hub](https://hub.cosmos.network), [IRIS Hub](https://irisnet.org), [Binance Chain](https://docs.binance.org/), [Terra](https://terra.money/) or [Kava](https://www.kava.io/). [Many more](https://cosmos.network/ecosystem) are building on the Cosmos SDK. + +## Getting started with the Cosmos SDK + +* Learn more about the [architecture of a Cosmos SDK application](./02-sdk-app-architecture.md) +* Learn how to build an application-specific blockchain from scratch with the [Cosmos SDK Tutorial](https://cosmos.network/docs/tutorial) diff --git a/copy-of-sdk-docs/docs/learn/intro/01-why-app-specific.md b/copy-of-sdk-docs/docs/learn/intro/01-why-app-specific.md new file mode 100644 index 00000000..df16c19a --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/intro/01-why-app-specific.md @@ -0,0 +1,79 @@ +--- +sidebar_position: 1 +--- + +# Application-Specific Blockchains + +:::note Synopsis +This document explains what application-specific blockchains are, and why developers would want to build one as opposed to writing Smart Contracts. +::: + +## What are application-specific blockchains + +Application-specific blockchains are blockchains customized to operate a single application. Instead of building a decentralized application on top of an underlying blockchain like Ethereum, developers build their own blockchain from the ground up. This means building a full-node client, a light-client, and all the necessary interfaces (CLI, REST, ...) to interact with the nodes. + +```text + ^ +-------------------------------+ ^ + | | | | Built with Cosmos SDK + | | State-machine = Application | | + | | | v + | +-------------------------------+ + | | | ^ +Blockchain node | | Consensus | | + | | | | + | +-------------------------------+ | CometBFT + | | | | + | | Networking | | + | | | | + v +-------------------------------+ v +``` + +## What are the shortcomings of Smart Contracts + +Virtual-machine blockchains like Ethereum addressed the demand for more programmability back in 2014. At the time, the options available for building decentralized applications were quite limited. Most developers would build on top of the complex and limited Bitcoin scripting language, or fork the Bitcoin codebase which was hard to work with and customize. + +Virtual-machine blockchains came in with a new value proposition. Their state-machine incorporates a virtual-machine that is able to interpret turing-complete programs called Smart Contracts. These Smart Contracts are very good for use cases like one-time events (e.g. ICOs), but they can fall short for building complex decentralized platforms. Here is why: + +* Smart Contracts are generally developed with specific programming languages that can be interpreted by the underlying virtual-machine. These programming languages are often immature and inherently limited by the constraints of the virtual-machine itself. For example, the Ethereum Virtual Machine does not allow developers to implement automatic execution of code. Developers are also limited to the account-based system of the EVM, and they can only choose from a limited set of functions for their cryptographic operations. These are examples, but they hint at the lack of **flexibility** that a smart contract environment often entails. +* Smart Contracts are all run by the same virtual machine. This means that they compete for resources, which can severely restrain **performance**. And even if the state-machine were to be split in multiple subsets (e.g. via sharding), Smart Contracts would still need to be interpreted by a virtual machine, which would limit performance compared to a native application implemented at state-machine level (our benchmarks show an improvement on the order of 10x in performance when the virtual-machine is removed). +* Another issue with the fact that Smart Contracts share the same underlying environment is the resulting limitation in **sovereignty**. A decentralized application is an ecosystem that involves multiple players. If the application is built on a general-purpose virtual-machine blockchain, stakeholders have very limited sovereignty over their application, and are ultimately superseded by the governance of the underlying blockchain. If there is a bug in the application, very little can be done about it. + +Application-Specific Blockchains are designed to address these shortcomings. + +## Application-Specific Blockchains Benefits + +### Flexibility + +Application-specific blockchains give maximum flexibility to developers: + +* In Cosmos blockchains, the state-machine is typically connected to the underlying consensus engine via an interface called the [ABCI](https://docs.cometbft.com/v0.37/spec/abci/). This interface can be wrapped in any programming language, meaning developers can build their state-machine in the programming language of their choice. + +* Developers can choose among multiple frameworks to build their state-machine. The most widely used today is the Cosmos SDK, but others exist (e.g. [Lotion](https://github.com/nomic-io/lotion), [Weave](https://github.com/iov-one/weave), ...). Typically the choice will be made based on the programming language they want to use (Cosmos SDK and Weave are in Golang, Lotion is in Javascript, ...). +* The ABCI also allows developers to swap the consensus engine of their application-specific blockchain. Today, only CometBFT is production-ready, but in the future other consensus engines are expected to emerge. +* Even when they settle for a framework and consensus engine, developers still have the freedom to tweak them if they don't perfectly match their requirements in their pristine forms. +* Developers are free to explore the full spectrum of tradeoffs (e.g. number of validators vs transaction throughput, safety vs availability in asynchrony, ...) and design choices (DB or IAVL tree for storage, UTXO or account model, ...). +* Developers can implement automatic execution of code. In the Cosmos SDK, logic can be automatically triggered at the beginning and the end of each block. They are also free to choose the cryptographic library used in their application, as opposed to being constrained by what is made available by the underlying environment in the case of virtual-machine blockchains. + +The list above contains a few examples that show how much flexibility application-specific blockchains give to developers. The goal of Cosmos and the Cosmos SDK is to make developer tooling as generic and composable as possible, so that each part of the stack can be forked, tweaked and improved without losing compatibility. As the community grows, more alternatives for each of the core building blocks will emerge, giving more options to developers. + +### Performance + +Decentralized applications built with Smart Contracts are inherently capped in performance by the underlying environment. For a decentralized application to optimise performance, it needs to be built as an application-specific blockchain. Next are some of the benefits an application-specific blockchain brings in terms of performance: + +* Developers of application-specific blockchains can choose to operate with a novel consensus engine such as CometBFT. Compared to Proof-of-Work (used by most virtual-machine blockchains today), it offers significant gains in throughput. +* An application-specific blockchain only operates a single application, so that the application does not compete with others for computation and storage. This is the opposite of most non-sharded virtual-machine blockchains today, where smart contracts all compete for computation and storage. +* Even if a virtual-machine blockchain offered application-based sharding coupled with an efficient consensus algorithm, performance would still be limited by the virtual-machine itself. The real throughput bottleneck is the state-machine, and requiring transactions to be interpreted by a virtual-machine significantly increases the computational complexity of processing them. + +### Security + +Security is hard to quantify, and greatly varies from platform to platform. That said here are some important benefits an application-specific blockchain can bring in terms of security: + +* Developers can choose proven programming languages like Go when building their application-specific blockchains, as opposed to smart contract programming languages that are often more immature. +* Developers are not constrained by the cryptographic functions made available by the underlying virtual-machines. They can use their own custom cryptography, and rely on well-audited crypto libraries. +* Developers do not have to worry about potential bugs or exploitable mechanisms in the underlying virtual-machine, making it easier to reason about the security of the application. + +### Sovereignty + +One of the major benefits of application-specific blockchains is sovereignty. A decentralized application is an ecosystem that involves many actors: users, developers, third-party services, and more. When developers build on a virtual-machine blockchain where many decentralized applications coexist, the community of the application is different than the community of the underlying blockchain, and the latter supersedes the former in the governance process. If there is a bug or if a new feature is needed, stakeholders of the application have very little leeway to upgrade the code. If the community of the underlying blockchain refuses to act, nothing can happen. + +The fundamental issue here is that the governance of the application and the governance of the network are not aligned. This issue is solved by application-specific blockchains. Because application-specific blockchains specialize to operate a single application, stakeholders of the application have full control over the entire chain. This ensures that the community will not be stuck if a bug is discovered, and that it has the freedom to choose how it is going to evolve. diff --git a/copy-of-sdk-docs/docs/learn/intro/02-sdk-app-architecture.md b/copy-of-sdk-docs/docs/learn/intro/02-sdk-app-architecture.md new file mode 100644 index 00000000..532c2743 --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/intro/02-sdk-app-architecture.md @@ -0,0 +1,93 @@ +--- +sidebar_position: 1 +--- + +# Blockchain Architecture + +## State machine + +At its core, a blockchain is a [replicated deterministic state machine](https://en.wikipedia.org/wiki/State_machine_replication). + +A state machine is a computer science concept whereby a machine can have multiple states, but only one at any given time. There is a `state`, which describes the current state of the system, and `transactions`, that trigger state transitions. + +Given a state S and a transaction T, the state machine will return a new state S'. + +```text ++--------+ +--------+ +| | | | +| S +---------------->+ S' | +| | apply(T) | | ++--------+ +--------+ +``` + +In practice, the transactions are bundled in blocks to make the process more efficient. Given a state S and a block of transactions B, the state machine will return a new state S'. + +```text ++--------+ +--------+ +| | | | +| S +----------------------------> | S' | +| | For each T in B: apply(T) | | ++--------+ +--------+ +``` + +In a blockchain context, the state machine is deterministic. This means that if a node is started at a given state and replays the same sequence of transactions, it will always end up with the same final state. + +The Cosmos SDK gives developers maximum flexibility to define the state of their application, transaction types and state transition functions. The process of building state-machines with the Cosmos SDK will be described more in depth in the following sections. But first, let us see how the state-machine is replicated using **CometBFT**. + +## CometBFT + +Thanks to the Cosmos SDK, developers just have to define the state machine, and [*CometBFT*](https://docs.cometbft.com/v0.37/introduction/what-is-cometbft) will handle replication over the network for them. + +```text + ^ +-------------------------------+ ^ + | | | | Built with Cosmos SDK + | | State-machine = Application | | + | | | v + | +-------------------------------+ + | | | ^ +Blockchain node | | Consensus | | + | | | | + | +-------------------------------+ | CometBFT + | | | | + | | Networking | | + | | | | + v +-------------------------------+ v +``` + +[CometBFT](https://docs.cometbft.com/v0.37/introduction/what-is-cometbft) is an application-agnostic engine that is responsible for handling the *networking* and *consensus* layers of a blockchain. In practice, this means that CometBFT is responsible for propagating and ordering transaction bytes. CometBFT relies on an eponymous Byzantine-Fault-Tolerant (BFT) algorithm to reach consensus on the order of transactions. + +The CometBFT [consensus algorithm](https://docs.cometbft.com/v0.37/introduction/what-is-cometbft#consensus-overview) works with a set of special nodes called *Validators*. Validators are responsible for adding blocks of transactions to the blockchain. At any given block, there is a validator set V. A validator in V is chosen by the algorithm to be the proposer of the next block. This block is considered valid if more than two thirds of V signed a `prevote` and a `precommit` on it, and if all the transactions that it contains are valid. The validator set can be changed by rules written in the state-machine. + +## ABCI + +CometBFT passes transactions to the application through an interface called the [ABCI](https://docs.cometbft.com/v0.37/spec/abci/), which the application must implement. + +```text + +---------------------+ + | | + | Application | + | | + +--------+---+--------+ + ^ | + | | ABCI + | v + +--------+---+--------+ + | | + | | + | CometBFT | + | | + | | + +---------------------+ +``` + +Note that **CometBFT only handles transaction bytes**. It has no knowledge of what these bytes mean. All CometBFT does is order these transaction bytes deterministically. CometBFT passes the bytes to the application via the ABCI, and expects a return code to inform it if the messages contained in the transactions were successfully processed or not. + +Here are the most important messages of the ABCI: + +* `CheckTx`: When a transaction is received by CometBFT, it is passed to the application to check if a few basic requirements are met. `CheckTx` is used to protect the mempool of full-nodes against spam transactions. A special handler called the [`AnteHandler`](../beginner/04-gas-fees.md#antehandler) is used to execute a series of validation steps such as checking for sufficient fees and validating the signatures. If the checks are valid, the transaction is added to the [mempool](https://docs.cometbft.com/v0.37/spec/p2p/legacy-docs/messages/mempool) and relayed to peer nodes. Note that transactions are not processed (i.e. no modification of the state occurs) with `CheckTx` since they have not been included in a block yet. +* `DeliverTx`: When a [valid block](https://docs.cometbft.com/v0.37/spec/core/data_structures#block) is received by CometBFT, each transaction in the block is passed to the application via `DeliverTx` in order to be processed. It is during this stage that the state transitions occur. The `AnteHandler` executes again, along with the actual [`Msg` service](../../build/building-modules/03-msg-services.md) RPC for each message in the transaction. +* `BeginBlock`/`EndBlock`: These messages are executed at the beginning and the end of each block, whether the block contains transactions or not. It is useful to trigger automatic execution of logic. Proceed with caution though, as computationally expensive loops could slow down your blockchain, or even freeze it if the loop is infinite. + +Find a more detailed view of the ABCI methods from the [CometBFT docs](https://docs.cometbft.com/v0.37/spec/abci/). + +Any application built on CometBFT needs to implement the ABCI interface in order to communicate with the underlying local CometBFT engine. Fortunately, you do not have to implement the ABCI interface. The Cosmos SDK provides a boilerplate implementation of it in the form of [baseapp](./03-sdk-design.md#baseapp). diff --git a/copy-of-sdk-docs/docs/learn/intro/03-sdk-design.md b/copy-of-sdk-docs/docs/learn/intro/03-sdk-design.md new file mode 100644 index 00000000..6ecffbe0 --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/intro/03-sdk-design.md @@ -0,0 +1,64 @@ +--- +sidebar_position: 1 +--- + +# Main Components of the Cosmos SDK + +The Cosmos SDK is a framework that facilitates the development of secure state-machines on top of CometBFT. At its core, the Cosmos SDK is a boilerplate implementation of the [ABCI](./02-sdk-app-architecture.md#abci) in Golang. It comes with a [`multistore`](../advanced/04-store.md#multistore) to persist data and a [`router`](../advanced/00-baseapp.md#routing) to handle transactions. + +Here is a simplified view of how transactions are handled by an application built on top of the Cosmos SDK when transferred from CometBFT via `DeliverTx`: + +1. Decode `transactions` received from the CometBFT consensus engine (remember that CometBFT only deals with `[]bytes`). +2. Extract `messages` from `transactions` and do basic sanity checks. +3. Route each message to the appropriate module so that it can be processed. +4. Commit state changes. + +## `baseapp` + +`baseapp` is the boilerplate implementation of a Cosmos SDK application. It comes with an implementation of the ABCI to handle the connection with the underlying consensus engine. Typically, a Cosmos SDK application extends `baseapp` by embedding it in [`app.go`](../beginner/00-app-anatomy.md#core-application-file). + +Here is an example of this from `simapp`, the Cosmos SDK demonstration app: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/app.go#L137-L180 +``` + +The goal of `baseapp` is to provide a secure interface between the store and the extensible state machine while defining as little about the state machine as possible (staying true to the ABCI). + +For more on `baseapp`, please click [here](../advanced/00-baseapp.md). + +## Multistore + +The Cosmos SDK provides a [`multistore`](../advanced/04-store.md#multistore) for persisting state. The multistore allows developers to declare any number of [`KVStores`](../advanced/04-store.md#base-layer-kvstores). These `KVStores` only accept the `[]byte` type as value and therefore any custom structure needs to be marshalled using [a codec](../advanced/05-encoding.md) before being stored. + +The multistore abstraction is used to divide the state in distinct compartments, each managed by its own module. For more on the multistore, click [here](../advanced/04-store.md#multistore) + +## Modules + +The power of the Cosmos SDK lies in its modularity. Cosmos SDK applications are built by aggregating a collection of interoperable modules. Each module defines a subset of the state and contains its own message/transaction processor, while the Cosmos SDK is responsible for routing each message to its respective module. + +Here is a simplified view of how a transaction is processed by the application of each full-node when it is received in a valid block: + +```mermaid + flowchart TD + A[Transaction relayed from the full-node's CometBFT engine to the node's application via DeliverTx] --> B[APPLICATION] + B -->|"Using baseapp's methods: Decode the Tx, extract and route the message(s)"| C[Message routed to the correct module to be processed] + C --> D1[AUTH MODULE] + C --> D2[BANK MODULE] + C --> D3[STAKING MODULE] + C --> D4[GOV MODULE] + D1 -->|Handle message, Update state| E["Return result to CometBFT (0=Ok, 1=Err)"] + D2 -->|Handle message, Update state| E["Return result to CometBFT (0=Ok, 1=Err)"] + D3 -->|Handle message, Update state| E["Return result to CometBFT (0=Ok, 1=Err)"] + D4 -->|Handle message, Update state| E["Return result to CometBFT (0=Ok, 1=Err)"] +``` + +Each module can be seen as a little state-machine. Developers need to define the subset of the state handled by the module, as well as custom message types that modify the state (*Note:* `messages` are extracted from `transactions` by `baseapp`). In general, each module declares its own `KVStore` in the `multistore` to persist the subset of the state it defines. Most developers will need to access other 3rd party modules when building their own modules. Given that the Cosmos SDK is an open framework, some of the modules may be malicious, which means there is a need for security principles to reason about inter-module interactions. These principles are based on [object-capabilities](../advanced/10-ocap.md). In practice, this means that instead of having each module keep an access control list for other modules, each module implements special objects called `keepers` that can be passed to other modules to grant a pre-defined set of capabilities. + +Cosmos SDK modules are defined in the `x/` folder of the Cosmos SDK. Some core modules include: + +* `x/auth`: Used to manage accounts and signatures. +* `x/bank`: Used to enable tokens and token transfers. +* `x/staking` + `x/slashing`: Used to build Proof-of-Stake blockchains. + +In addition to the already existing modules in `x/`, which anyone can use in their app, the Cosmos SDK lets you build your own custom modules. You can check an [example of that in the tutorial](https://tutorials.cosmos.network/). diff --git a/copy-of-sdk-docs/docs/learn/intro/Maincomps.excalidraw b/copy-of-sdk-docs/docs/learn/intro/Maincomps.excalidraw new file mode 100644 index 00000000..289d1010 --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/intro/Maincomps.excalidraw @@ -0,0 +1,603 @@ +{ + "type": "excalidraw", + "version": 2, + "source": "https://excalidraw.com", + "elements": [ + { + "id": "TT806C8wYC1giNDrB3j0H", + "type": "rectangle", + "x": 392.3992464191551, + "y": 377.59281643418194, + "width": 368.5810298094963, + "height": 300.3445584269905, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#ffec99", + "fillStyle": "hachure", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b20", + "roundness": { + "type": 3 + }, + "seed": 1095376796, + "version": 379, + "versionNonce": 395388196, + "isDeleted": false, + "boundElements": null, + "updated": 1717946215725, + "link": null, + "locked": false + }, + { + "id": "sTDd-IcaEk93yvorkOjjx", + "type": "rectangle", + "x": 425.6105707309967, + "y": 407.3907865247813, + "width": 291.7422935286128, + "height": 57.093323969660304, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#ebfbee", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b21", + "roundness": { + "type": 3 + }, + "seed": 534261156, + "version": 200, + "versionNonce": 320694564, + "isDeleted": false, + "boundElements": [ + { + "type": "text", + "id": "DfQ_v0mZK9I65EtQ6glTr" + } + ], + "updated": 1717946141898, + "link": null, + "locked": false + }, + { + "id": "DfQ_v0mZK9I65EtQ6glTr", + "type": "text", + "x": 540.1377462428617, + "y": 425.93744850961144, + "width": 62.68794250488281, + "height": 20, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#b2f2bb", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b22", + "roundness": null, + "seed": 1825368092, + "version": 129, + "versionNonce": 1358928420, + "isDeleted": false, + "boundElements": null, + "updated": 1717945861493, + "link": null, + "locked": false, + "text": "baseapp", + "fontSize": 16, + "fontFamily": 1, + "textAlign": "center", + "verticalAlign": "middle", + "containerId": "sTDd-IcaEk93yvorkOjjx", + "originalText": "baseapp", + "autoResize": true, + "lineHeight": 1.25 + }, + { + "id": "0eOjlptq2QPkgMZD4ilw_", + "type": "rectangle", + "x": 423.5441903728455, + "y": 483.4335837047473, + "width": 305.81281311550566, + "height": 100.72456256899451, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#e7f5ff", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b23", + "roundness": { + "type": 3 + }, + "seed": 774424100, + "version": 711, + "versionNonce": 1241388444, + "isDeleted": false, + "boundElements": [ + { + "type": "text", + "id": "To8Ifauc4u3pXYXE-BuBm" + }, + { + "id": "5U3m__cEk0384Je1xS8Lt", + "type": "arrow" + } + ], + "updated": 1717946136493, + "link": null, + "locked": false + }, + { + "id": "To8Ifauc4u3pXYXE-BuBm", + "type": "text", + "x": 537.3546267767897, + "y": 488.4335837047473, + "width": 78.19194030761719, + "height": 20, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#b2f2bb", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b24", + "roundness": null, + "seed": 268281380, + "version": 653, + "versionNonce": 240902940, + "isDeleted": false, + "boundElements": null, + "updated": 1717946115508, + "link": null, + "locked": false, + "text": "multistore", + "fontSize": 16, + "fontFamily": 1, + "textAlign": "center", + "verticalAlign": "top", + "containerId": "0eOjlptq2QPkgMZD4ilw_", + "originalText": "multistore", + "autoResize": true, + "lineHeight": 1.25 + }, + { + "id": "6ZMBBGC0e67HCiZuw1ZGQ", + "type": "rectangle", + "x": 433.0074470871197, + "y": 611.2583420078661, + "width": 296.0816922807304, + "height": 40.43217567449267, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#ebfbee", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b25", + "roundness": { + "type": 3 + }, + "seed": 73209500, + "version": 210, + "versionNonce": 506281508, + "isDeleted": false, + "boundElements": [ + { + "type": "text", + "id": "lDvSHg5T_n2nFJyxXar85" + }, + { + "id": "5U3m__cEk0384Je1xS8Lt", + "type": "arrow" + } + ], + "updated": 1717946145151, + "link": null, + "locked": false + }, + { + "id": "lDvSHg5T_n2nFJyxXar85", + "type": "text", + "x": 550.5683127587349, + "y": 621.4744298451124, + "width": 60.9599609375, + "height": 20, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#b2f2bb", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b26", + "roundness": null, + "seed": 169830436, + "version": 101, + "versionNonce": 99685404, + "isDeleted": false, + "boundElements": null, + "updated": 1717946143284, + "link": null, + "locked": false, + "text": "Modules", + "fontSize": 16, + "fontFamily": 1, + "textAlign": "center", + "verticalAlign": "middle", + "containerId": "6ZMBBGC0e67HCiZuw1ZGQ", + "originalText": "Modules", + "autoResize": true, + "lineHeight": 1.25 + }, + { + "id": "5U3m__cEk0384Je1xS8Lt", + "type": "arrow", + "x": 730.0891393678501, + "y": 627.8029150748303, + "width": 33.89886827099872, + "height": 77.8473208768944, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#b2f2bb", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b27", + "roundness": { + "type": 2 + }, + "seed": 2017356060, + "version": 847, + "versionNonce": 601341212, + "isDeleted": false, + "boundElements": null, + "updated": 1717946143287, + "link": null, + "locked": false, + "points": [ + [ + 0, + 0 + ], + [ + 33.89886827099872, + -59.624776904124815 + ], + [ + 0.2678641205010308, + -77.8473208768944 + ] + ], + "lastCommittedPoint": null, + "startBinding": { + "elementId": "6ZMBBGC0e67HCiZuw1ZGQ", + "focus": 0.9211394284163724, + "gap": 1 + }, + "endBinding": { + "elementId": "0eOjlptq2QPkgMZD4ilw_", + "focus": -0.504700685555249, + "gap": 1 + }, + "startArrowhead": null, + "endArrowhead": "arrow" + }, + { + "id": "ECiME4kCyLcElqpESHieN", + "type": "text", + "x": 779.3728577032684, + "y": 549.0028937731206, + "width": 230.17587280273438, + "height": 40, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#b2f2bb", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b28", + "roundness": null, + "seed": 1031090332, + "version": 173, + "versionNonce": 153810724, + "isDeleted": false, + "boundElements": null, + "updated": 1717946206425, + "link": null, + "locked": false, + "text": "Each KVstore \nmanaged by keeper of Module", + "fontSize": 16, + "fontFamily": 1, + "textAlign": "center", + "verticalAlign": "top", + "containerId": null, + "originalText": "Each KVstore \nmanaged by keeper of Module", + "autoResize": true, + "lineHeight": 1.25 + }, + { + "id": "9gSP2Ihxnhrj8VPzU3iMs", + "type": "rectangle", + "x": 440.01400715336973, + "y": 528.7255798511883, + "width": 82.2687246664696, + "height": 43.508786429962356, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#fff5f5", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b29", + "roundness": { + "type": 3 + }, + "seed": 862728356, + "version": 81, + "versionNonce": 2003221028, + "isDeleted": false, + "boundElements": [ + { + "type": "text", + "id": "bo-ZnZOJ2RMYEwiQDJwhQ" + } + ], + "updated": 1717946171042, + "link": null, + "locked": false + }, + { + "id": "bo-ZnZOJ2RMYEwiQDJwhQ", + "type": "text", + "x": 451.95639103201466, + "y": 540.4799730661695, + "width": 58.38395690917969, + "height": 20, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#fff5f5", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b29V", + "roundness": null, + "seed": 1054504484, + "version": 32, + "versionNonce": 374592932, + "isDeleted": false, + "boundElements": null, + "updated": 1717946171043, + "link": null, + "locked": false, + "text": "kvstore", + "fontSize": 16, + "fontFamily": 1, + "textAlign": "center", + "verticalAlign": "middle", + "containerId": "9gSP2Ihxnhrj8VPzU3iMs", + "originalText": "kvstore", + "autoResize": true, + "lineHeight": 1.25 + }, + { + "id": "sS09HXQCLT5o584RLcoh0", + "type": "rectangle", + "x": 535.7029587057802, + "y": 526.7472119897728, + "width": 85.49840063365426, + "height": 45.291996146440965, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#fff5f5", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b2A", + "roundness": { + "type": 3 + }, + "seed": 1969890340, + "version": 163, + "versionNonce": 795200668, + "isDeleted": false, + "boundElements": null, + "updated": 1717946178372, + "link": null, + "locked": false + }, + { + "type": "rectangle", + "version": 243, + "versionNonce": 1959742876, + "index": "b2B", + "isDeleted": false, + "id": "dOSADw14E7lwG6QVycTWj", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "angle": 0, + "x": 634.8832415027643, + "y": 525.0060952065161, + "strokeColor": "#1e1e1e", + "backgroundColor": "#fff5f5", + "width": 81.61054425609542, + "height": 44.80601409924611, + "seed": 964534684, + "groupIds": [], + "frameId": null, + "roundness": { + "type": 3 + }, + "boundElements": [], + "updated": 1717946186317, + "link": null, + "locked": false + }, + { + "id": "Jn2VZB4Laog2zIHreQ13v", + "type": "text", + "x": 550.053971904952, + "y": 541.2988719488441, + "width": 58.38395690917969, + "height": 20, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#fff5f5", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b2C", + "roundness": null, + "seed": 268605596, + "version": 81, + "versionNonce": 271008028, + "isDeleted": false, + "boundElements": null, + "updated": 1717946183225, + "link": null, + "locked": false, + "text": "kvstore", + "fontSize": 16, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "kvstore", + "autoResize": true, + "lineHeight": 1.25 + }, + { + "id": "bmEWq6ldGd19BN7P3CPgk", + "type": "text", + "x": 649.2096160538688, + "y": 540.0169508007317, + "width": 58.38395690917969, + "height": 20, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#fff5f5", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b2D", + "roundness": null, + "seed": 1351980700, + "version": 78, + "versionNonce": 1793931548, + "isDeleted": false, + "boundElements": null, + "updated": 1717946190092, + "link": null, + "locked": false, + "text": "kvstore", + "fontSize": 16, + "fontFamily": 1, + "textAlign": "left", + "verticalAlign": "top", + "containerId": null, + "originalText": "kvstore", + "autoResize": true, + "lineHeight": 1.25 + }, + { + "id": "W3LH6VESuV13qvhxI7mcM", + "type": "text", + "x": 458.21179209642423, + "y": 348.25404197872706, + "width": 219.0238800048828, + "height": 20, + "angle": 0, + "strokeColor": "#1e1e1e", + "backgroundColor": "#fff5f5", + "fillStyle": "solid", + "strokeWidth": 1, + "strokeStyle": "solid", + "roughness": 1, + "opacity": 100, + "groupIds": [], + "frameId": null, + "index": "b2E", + "roundness": null, + "seed": 100014108, + "version": 34, + "versionNonce": 554727332, + "isDeleted": false, + "boundElements": null, + "updated": 1717946232701, + "link": null, + "locked": false, + "text": "Main components of the sdk", + "fontSize": 16, + "fontFamily": 1, + "textAlign": "center", + "verticalAlign": "top", + "containerId": null, + "originalText": "Main components of the sdk", + "autoResize": true, + "lineHeight": 1.25 + } + ], + "appState": { + "gridSize": null, + "viewBackgroundColor": "#ffffff" + }, + "files": {} +} \ No newline at end of file diff --git a/copy-of-sdk-docs/docs/learn/intro/_category_.json b/copy-of-sdk-docs/docs/learn/intro/_category_.json new file mode 100644 index 00000000..bb0bcd14 --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/intro/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Introduction", + "position": 1, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/docs/learn/intro/main-components.png b/copy-of-sdk-docs/docs/learn/intro/main-components.png new file mode 100644 index 0000000000000000000000000000000000000000..fa82eb9bb07b7244f05b1016d19da7be97a111a3 GIT binary patch literal 61439 zcmbrlWmp{1)-(zPCwOpocL)+RxFMS9v1k-g&S-FTp%5PNPdN= znjk!cfFOmC786l+(>c+G%lssM=OfS#jXnuIxCUa)}e|afm}p*(keNd_ot~hm$?7$y&xrWq0#ha)S$A))SD#rP)El_0jOy+CsqhKD8Hm+<1D<$fo#yd?YyAvHxS4@ z(-@>g9{;B+8u&ZCR`x-p=z(X2ih>~TDU2Nw878e6{|t6IoXYF#QD^+@Nc6dlA3xd$ z34#E!#{gn!qOJmLSi6)2n=HhDA5A<{YdF-J<8?J0dtAdb7+Y0V);8XBD$6v=M~NNz zviJb&1^M5*3opR49**Mk`I&J(`a)csyYau0t{3O$8w^QNI=BtR5Rv?GU}J{!+auHo zXF(RuEh{^s1vlkD`3YXSdHrsKuxvkViu}yYJp}PL-;H0ewyw^h!5Fj%*&}-C_H32) zdOlq+L>(@+^#uYKFLr3iedW6<2-IqVFiBmro`Z7jF$T5ZhVUfI&+7DqmyV+ho(J zyS%)-FKf+XDt~d|WVA%V5UDhrALjPu1EzrI-Rf#xg-Rq2%WGbzU+J%3OU=%P7a_(V zNu)@_k+r8dYj86c7ne5i9WxddR)#ovye;Es`lrYN=2epn>x;MWBH0ul-S6LPwJ9 zxh*TBZ&2lrP60Ow6qlABhL~~k;Xph>_4on)-x&i_Y0l7^ z+^0tmQ&v^IYho-%gouIi()i1v5*v+M;u0|OiLVbk0$5@vY6zL~f5i?0qp@p;O4 zB?CRZorrF$)8UL_U2Ap=^$%c)G=Z@3Rqt@K=U2S{*e0K0Y9diEeQE{PDcbI>C@aIa z0pCGSB30K|KZ%dl?KNs-t{*N`g0GRV8Py~Al~q(u4Z(LJ5Ugm!N!H*+U{lsoP*+`+ z^g|WO)vBwS7>{{b4$FZJ{9RYEmXV(RDlWiqtAiAN{%Q$YAZW7go}Zby+L*}tl2WPN ze#ZcAQZ%=)@Zdb@bX_qoiB_%B0xdUME-J43zIluM>1B58;vS&CWu$?fZaTGQ8f`;^ zkZ?X-X-sr;5f>lGj+Zj3-rL(75_)^S)@{%UQZ)E4h)jL;lg`1Gdri!rKB$Md&^*lW zg@R}^28I-CP`jjXr2@99mv6qhx|-F{cFZ}kAMTzx#JS@?L<0ocPrfF(ucy3oJ zQ6S*r=H7-{Zw0;%J#M35U|?`j1??K)YszZxnI#+DV?P31|B(z(rPqV>mYf%J@w_^~QR78czQF#_$jX|qo`0*KnvSzlZQ`QxRc zY8cC5b7I+i>7fYkeEt_?Afh1>yBH-xjB4$q`~fJCX$JX6YVs3r{2=H5LW2Q2GZ7O;4jcgsFiyAS*WA0*&+?_4Ob{$>LikqVb|qZ*oQ`INmF{{JPy}_|9IJqGu@1;k$bu6MTx!^66e)4 zJv}`}E?y=oPi!Vo?1&fK^rZ;CcS-eLPn#2e02-NcE~U9m8r^b#7RU_~KyEIDB`8G!=j{DBJiUnx}p3+-1vPGyt)CTMh0+(1y~C7$N`(miVFVv`9^PD z#L);Bh9&rkyQ_fIcn`#TlQD><-=KD=V4AjV z*)A_@*}|F+eS-@>`pg2fAf&-$=n0%~<>aI!{Sbyh>{nO_6a`S_1@U6x$}uG|fN|OY z#?J?^HYUvNrbb8H#|&*tS_&e4c+P6dFKU>FYCvQQ8`>tIzzLHmFr(wc4wq33fCXN>{qx7j}FmrE_}_ zKd~<~L|l}Gx5lL>qw%RY9X928Wb>K}cpS*54-22OB9;o|knYN@!ML{fUm4cFfRY=z zHE@-xc7zW38I#a1KW`oL3SmS`XflrWK6wEn*PgkL3088zstyw)_XM)PuQ6z0n~uEO zP~FTQMRnS&q3O2OkgW?#ni%2)3WBGY1;F}s;QTvM&4gCBv~WT0Hrz6yd@o^nAp8$^ zLxcgS9O&k!)Dqh7t6qx)Dax20H_8TeggP=ND=8?Q{vj1r)h-(lwuS)fwQD&5T)FeG zOx}T3V2Q{{pK!5!h6E`77}a`}a@Es~QY9KKepF<{yP@mgMmPwQq3uhH?=KMAL9!{# z;v%bissaD#Ae?kNJ#H5ql4*{*At46aiLAh%+kVE|MWAXFPH8;ESc5ei6Kc4D%)E)Q z48o5cV$&y&myzQEpdh#Xx+vGQQG;{ZA{CpqiP3UVjJ&ql7!=FN%`N%G`KSRTD~qHt zu5}*&ILQW(pi+QY$uQ`^6<*+Lsj7Y^DEhv$)bt4?@-<}mL-XHvgl(QLSK}s!HOr!B zVd;hs_c~g?o_fTI9lCrG6#~9y$MCVm5I^clmDX(cxIF^%IUfZrj9D7i;%cn)57Ax z-?lC@2AMXSP~X=xj@qXcuXYm+bT3wbX3GtSVx;WuejjTVeVZa*Lc%$FN0HdG-)5W< z*kc(?qesTz&k0evrbHPL0%8GQesQfIhbw;s52aq{fj^s6totu;P}-LoMly}21FJ$Z z=!ry!27wDKxnyw+S(=3GUzO4~+m*7|`$}UFH*n0^FnC>BJ)1Xto|qP@v?CL~OgOjU zdjQ8V(F!aGAha^0cH3O-Yw@E>i#i*_(*!UMjVPt`-KLKMCHJdr*(G1OEH@b$x-}|&gp@NY`Vew zy&H$r5T|bt#DWK5O9gTU9=%N?Rxo{8i2$8i6sFqFOlLV~1yCd#=i|Il44mF>my@MS zMJ6UD0SyfeLE&L+t%n~wXyRT(I6x9PU88qo+h{u7Ffb6FDwizyK3CA^CLFadigQz5 ztNyXlOJRH#Nc&)G@F2|F>jKOJ6}ZW@7nk4Z6sl()2!=uBRophs>EN*a0;H>401lP| z=JE*IJ35|a<3IY@jH;eCrZriAv9Wa0h3df)nXI!WSj#k1@nk2CB}uVR!%Lu`G^^an zBY^lAEk>@%{rU4&y;qK^D|yrLF>r!xX&6)JJ~kz=m)0hTLv4ebmJA{dQ%Ip!vvi>E^R5N|>oj|-)p{FI| zzOYk9vDVsB)7~fjCo)NT!0c*@;Mz$Z2;NA8<(4ByvbTJl{a2$?mZ5| zZ9jp=aI4c2@Oy)Z8Z1n15&Fth-t3f*c{B_`*b$Pb@>G9Tm+%eUF{#r@4+pkeN|*Hl zk(;zz9gIaSw*4-Pn#0&~=0`8Z|DzsQp(ueQ_YqFQ*qDminy_YCfw788zh7LI z3s%#mN+nmSvP2r(ajSWr$Lqkzj#)!cv~{xhoITLPu`xOoviRh+>P?VM9I^q8@R>Va zN(-DP8Y(OFZzplSbg>^p$B|V5sWMEYItDKT;JJ>KpDaU53g$18fHbG}^8o@v&cu#A zMk!~x^hBEmk8GFy14JF5H60RqoYqiBIu4h?LF7b@fSlhgkk%> z8v&@MiEto==_7eyHyuBUk+aFi(8!|C%4^m~>WW|lOJl6Hy9&wwDgXP$;EP(NMxzQK zT5JI^h@st?&z3(?o~caH?yt1ZYajY>4$!1-!xN%A%r;R?!#AJaE@>)?XC;c{86fD| zCV;K@r(gi35o8U{UR_<~SCNWqz?ifIB=2~}rZxMgqEudcyqLjWBa!+ zGc=jTzztoP7FgsWcg9p1dVTxsfJ_G{$rPYeEd%4pjMpRBK?`?a+l`l5MIrIwIP6J^ z>HJ1V8R`KE+0FeN-x$hC&+L|pu|f^WSYiQ>28|gMGb%RkAN`J!088QI;>x2!`=+`b z$Gih4`sWuf*Ey__;f0cv{ zo&!OO+TR}TX`m7h1c(7UdW_@HV-z7TU|dYCu6D$6J#tFo=M28PAAXSU(ci<)i-ofb zfP58lVmE8+{-cLY#LXI$Df#}Bc04PyZkLxjc|4C!GGwjwlaR5ovFq-aV@zpzfG&;z zVU8IU`l*m|V_d`Z{&=~5Uk8ZS{l=qLKwk{ukC+XKP*f)SrlR6( zQ#J!_0dHZx!j}F&2Oqdhb-jm_Zb#&mdFthIo+w-eoTuu$_@^Zpj{YAlst1io2+${( zb^qtb|Mx$8;15W93Kij~1VjICZw*S)Pg>XCm9$&%zZCjCY+0fB-bW%5KB@nIS!B6A z=zwwdm*`J5uoVA|@Av&c0Vd}3ZOie0-MV)djn)n@xUk&du8ukW&krFeaswd}1&MyH z{LKVHe6HcQHCen=!>~7aOS|*Ffw7zqyuZ{WzyP*Hx@?o8oS9lbUt3yQI-9gQ|9o}* zU*F6GdI4!BMG?yAtA_(69*k_&!Xl(KNOhsGx9K!pt4ddw?RzIqliF*Qz{;7oNf+Cw zE5TJK`ky2-4)clou+1knV7zotr!tRmt7LSTMzW0LJjv{wN&w&!N!nK1TD0m513 zo^mkMI&Xu|>RHb(-$PHg)JsjeYG~)Sg7!Tom54Z6OYXIfvfUJ_Cb?U)d;4}g%H%&$ zyG@qpKKINU|2r@}=i$KfoO>`Ycl9vz8M|qo+;4`2GRV$<i;xG(di_8~l zI}9x2)LtQKc(ygTu@@t--8OSBNE`(r*QyA8!*D~c<*;R?0A;y!;>gD*{qOQ4?lzI_D%;M(!(5LI)?Yb+ww~t!}8V(jUr@|`rx!YAN(HTwF z24<|l8=?3(IuExF&rVNzdvRw%Hmas?Q{xPelawAmvFo^VhYhec5EOAtP}UNU(94e4 ze##wK2?7xi%xT=|lv+9t`)GorWle3!M86~-IK#)TN^j=`hW8236o@d&v`CZAf7~W7uf!dx})X1QKA^5AY4cW2N z@#@iTG^LeGA(3@YPhSoL!GKL&u#xyA`5V&yBba&(Ms<=LL#*XW5qBKhn~2;%0T*m} zV!WZamyraFWL~i>TAbN2=uBXIFs6#?-?O8SrqFe;IC)6oFiG{s`zmljxl?%qKEWDV zW4u&@Lj`eQBfoyy&CBZ7nli z%_C>8V|tRt0kG9n&8lPJ(|G`%A?sluSurU$O?h0kdf4<@zx`K0dY zU&yFtf+Tj9T<*mZhiI7@0NotBJNjwX&VblT{$sa}x$`{X7k9k&?5RLf*_ziuKk6TR zFIG0;C_~GHG~*kACPI}@pXIAs_2#-QrmsTRf2uR?Av)8o6-8;jgAyP7j@)C=7d4}7 zch@`_%S^1&60JrXgOt_yeVL#e>|cdXxF`L>YFm;hRSUU=m|5bBR{ocoEDqW?^WG_) z^Y!D{*47O1boz6RZAThuaycXlL1PFd)adzNQ912DH>V$U&3c5@Q&XFC?_bnlH9YH+ zXL1`!m~QRALrE?t`k%BL@q+IJ2sv^3@ie4-pKTqG)#E)@RAia#&I~6E@|ThTXNmzn zC+10=1%)Z~VmCz!y0yAq{@ZuVaJr^gTui+ARu(%%jEuw#?bC%(Ap~2b@@h!^IVbb| zbw$|oIh)Jo;`2gT9_O`ZlgUN!&ly9thTRSSt8c>hc(U4YRGnCulBshPOf zk1Fqs*|rwAGyQ-S78qX!Cg|cNrE&Xkyd51r`6x~+5XnUqMsQZnw#H^@CDL7yXzt%Aq2$5sy=0z8 znQ+L(u|}v{#9VV|JUtjm_+FNKK4U zM(y=;S0*dIqW%e0qrsW|Lo_x|sFc~DiiKv{M@I5=vB6*R)akJj8OWHuI6gL2);}=v zw7@?D=Np;eP3y9pmck}%`4?T;p9IRd+a8G{$FyjBtysfjg0o~DnD!+&pfuo(#2>{N z!>2Z`K@SavT5~&5O|T*D;^PStabcSR0$Y(&7)l21pa*Pr}J4we^Z^q~(u4 zG#*%Deok~{59d~vUJAlg;BYY1`#y}7__Xo*ef=a7|mahRg>1a}nI5qA1x1kqH zqv`1bPd3N6&5x9u9Hd`Yg1+l>&3pM$kQaJSx;VXAXyk)8UI<=2S)0+y7%=qzAg{-U z>q=McubN4aeu6Zdp&5wPb0-zZGooSmENb_2Ym{!typo)aE7AisZ*2rjqf9CR0j6Q;@trgIiFQuNM@>HwSnl z(MLiCk~WuJY4Jq|9HYDfEo^Eodv6DpGDiKOqg2pGaKgoKqzH8gD;yHhcN!j7bKKwz z0oiiXm8&B4F{dr8aVEvh9qQDJ;CpGb%~^Yf^hCQX*B{5)dpDjlly`fVA)A2bPr1kU z@{^%fEq3j0_!SGUlW;@L;h2{@6&+r@C+w!Q!b>EHZ6}z<%>Ux-r#ut6AUXQqv+3Fd zn0WO|Ml4VvBaB5aPM2qj=k)Q{kAupIoDX8&Sn0uqoRNHZqAci=Nq@i2sV`8I7oUHM zQDW7f?a-MWDbh5j{-ctHxjE}KN$OB6d4gpq1Xpfa^5c_JzYFLD%Twy=SBei~74{}SBt5K0NLsHnHqGztQI>B&gHQHWBrMNBk`pG&m4Bp#{HEcRCYA6F zT~JY?dL_S5gS2lu(5SiWOBb^_ot^0?2C2}{AcOYKWHH0u67%?P2Kk7;?$y_&dS&33 zBCe&7N&}=GaCo>jk!OiH$TF1!q*JLt=l@`LcllFO(G=DMhi^J{b5}PMMS?)4^#y2$ zHb_i@(sAN{ zXbkhM$v!#=l^autWkhQgNhA;iL9nn*{1W_5?5K6ihb)!fl8z}vhwQGuObN2YNw*&6kkp{fuQlnsYH%v~Ke4-i$^`-UO- zBCh1gmiMRej7{ZKi{^)c4{p$?fw3d1shuq?Yevim#F2N6on zL7ViTA2WEME zEJ~RF2G-hL`aGzlPZ!duF0%eB`Ifl(HLKC}t zcC|E5FjZ1S`3>=CCIK^r=!=5WU_r<7)U+38f-2i@u~G^=Vh=LA{K0VP&w@jY5`Rsoc_WpCUtir`0e8M}lcIp`kEQNvCrSjSDcLI_5u{jkh(Cdr8mi zxKyT5AsoOoFs!Z0s8!Ps``2Z*Lo3^c+}pzZImo$2>z20Fcw9lvl-*X zXI18`0bzNYFdlY8CP5GX;yPD4a=I9VaUK@PA_QG(%Vo7-QH~D@4oFobL5keD8`ZTE zAQJYV#5(ric9`*sY*@U36;P2i)%X@Qdm1!yuS)5!PapY6;IOO*Ch|HZ zivhZq)&{ykI>#6^Z!j|z?amPqJL59`%k?I|oIRWXarhJa2M$piWenWI;gqr%VX82* zHu@x+-+mR}x`PwK{0ljsl*1WE_}b546wF&^NudU3$g^GZ|Fo4U(lR6+dC)Ux#wooG z_MGowt6Fw*qFA?5XgBKMVX<$PR|#tI{)Qn_gYYF z*lEF^qWx5Qba8n%&K%K}c_$j1wABZu!c8_m|8Pc`(eEu2>NVwDhTiZozbRKQvt56* z@;PhA`B(jrX^u%KCu_L*2_5>=a{8yp_i*2ReZ#_>!!mPT4l;K98Rk}-k4{5@N3JCe zQ)w;zN!VZIG318F%}i#MC^fLM4eP#LyxSVz2;p(#y9WQMO(ujV)!4;3(5-NRZnc8- z?e%QTvGq4+ovi=;$WiWh!MzE61FGI(zK|3r6X(mhy&0d`zC%t9q)I8bm%14mAByYgd{BlvM!4E7q0f?@QABFMoWR>cs418%*9AxMZ3*5iQP8TmVj71ZFI3HbDrpQp z8QVUQnJsOLGL)oNDstdo0D~z{vdlA~^Ahv?!~GZzHt$f!TS~i%bCs9CAph3e{V7pp zT0Q9*Ib0c8!2Xu&)xWai0ef&$mgT}CstJO}MznN z{e4oHz| zb|XUd$3tHKLz~$FaQh zT$>pv}mYCT@ zOsj)YB&z`Px*qL6{FKfwyXxwFHrn){&63KI6VSliWcLwtD2cKwmB7=9meheJc#1m` zHLr3|!G6f`Zx@JVVSDm8qQhBclxlLXhMk~rKSqt~LB%X>CYEn4q#xTK_zya5H(>p4 z!Q>LCG~G!RqSuRDmZQyfpvl!CjCwvU-#v9awG`Wori3uVvh6g-#N?Q0->Pa|&4tdh zl!^BC?8fPlMN2iS8eO2J!g#)&%lIzB;vcRK%f#`zzS6#j;iajrR|5T>%w|BL1qneI zPN0hx)oy}X%c0VJzqr~>^I}nS)%G~|=?{wb)=50ULX+m~tg?3NA37Yz<2l-@%>1wG z3G>XBsYkeiN`h*u*Y&zh_P3YV-5Q$Lx3NSsLns1UXa;iPnQYjC#2ge~9M2x#G{v?; zefPTKpEV!n5K!TgcIDAqNzJjWQ(RCm_#%u@GJs>mytPXIUl5WU(WI?M?gSNy{P@Vn z<~9t|Etx}*2}8S!SSFs&eUpDJw=(`;+dEfG@93djeA3u8#w-#a4B8#G4q*)qSg2!*!#$h-3z zC6wr2#t}}oPnXFN#l5g*ix7Q$an!2Nu~DcA%SGt?M}b+b zx-N>e$W>ZJlPtIytI?Co(tY$i=uDg1yXcEc>u!{vuyDrBzmXbqRr@JaABBaOA`WLv zWDecOn!EL(Z7%P}d;5UO>B`an_DQZ_LW(>asg+i(n+?7kqidl2>e;HEt^mysP(bz- zRtrcX2t}f+`=bAexiL?H{!zZ3AyfZ8CzGXt{dw|D(XF9yg5&etEp9{T2rS5k8?sAG zRSxaW?;}VF{KYBJRg_WbTjO$%5zb-`?YNK}&{5JkXH}}aX?XO@hK_Nh26SYU-l^Z4 z|IRj#X$+hG$MKD$fsVV$gDp`?{((NbDmcUVn52<E;mQgx3c5#ULG>w$;2BpJLL#^PsR;LqY^#+%r3 z+^|sHW35A@PW)@ZTU_l2N7T(n0X#8EnxrwXsNS{{rngkv{M)pnmA=W9*i7ixF~;eH zlI(pj5H`Z9@bELPmoh_rI1&gI?$Jhmmh$*vBw^tGX?5sI3%}HpwGm4X^ z-5Af$d!bW&b9&!vb;e|7au#Yzq0PSGk4L=?&+J$P8h;ph(k?bzaiY@wxi~GC8a15^ z;|TiUKM_K8Hg6DYEGt#^l^3PVZ6!M2vj-{q#@x_2%2k#y1z8|bw7VkNgk2(WKv@R} zFBDF;mt(Db2Z(PHXJk6zNW1nXy+SzqBKx6bqJ0myF<``hfc^pMNHEEXxG?^cr4gy9 zT{Uy`d5lYvp)y=>+Uvd}vQUw_6jpv$2?+b#Ftk4rH|~kN${Jn`T;EQ7!n3L*>%_ZQ z7FN7>D|IbEWkq2UB;3L1wBMki4)q9df%-GnM$ zGNmYw(r&O0^tKmGps&LG*bbFU&$krry;4@bWFKdIlt!N+jqWnC^t|h=)z1Oi4byIR zYw!Q5zFVnSQ0jSxhfnnY3UHdK;%>^?_{`5Rb{&cSbgMTBfNPvKnMqN>xfYKS{{AkZ zH1;c3mI9_fbhc|0DPYl!=iA*D=iZv%^A07pn`O2DRfS#L9SJrlm{31b@5FQO37q|? zXoN^}?47X^yWEve$Lo%*LhI*E$8fQojw7RuR)-8N`hzTE@H<2RlPb~mTqIDgprwP3 z$M0?!-NE;Yv7-Bgi8FMw>;3Tp`5i9MASu0-h7`@?62W2)>6%?K0F7x_{f^z6yVCws zZec71TSeDy_amcrngTzY6?4wJQz{t5qW^B1d1lfTi2h!J*ocTXR!d~hk^7@(vc zYf#**Ho1`NK9{camQZ`uxj81(9ICL)RN77yvMjFe9pm|Li2xqb_vLnjgqai*HcaE> z^U=a;H`w)Sj-0@09BmlXm*exAW8!u!#l99QDt|xP0c=fHYHe@YZ`E^#MM_9q1ZaZg z70G2|n^}?K7(fGcRexf_0j&)sP}OQdW2N*?Lr_=^p4(D7RnA%xOe*Kb460Z;GAaF(qN zKLG%nii5v3FUk)Cl46F&^xR|>O^iK+hL*QQj9{Ivz)Vs06XifgxreqI0K_~J*A4B( zJ!{+4eaGjM{xMm6Sds-TSX6;PCd#hn2JWDe&ws;G`+(RjR2F52nNFDF~qdI#eB_9@srP|b5| z&~NU~Laa|&YDgVa&yPi6esYh=V+5z_546$z=@;nu#l&h%MgMSGri&~5>HNLWXNL-_ zKS|Ozr=i48CJ4^KA zRy~W}E5S7c&bBLd7qa*LFG{KU(k{#c7)uTaL?WoE0x!bxbfgCRT4N$UWR;*y_)Y ze-7;Pbq#XNzQ4YNBl)dDQRTOkfcyNqBVu=$I+_PGnjOyScbv0fY}n{kk`(#nPEbd@V-Pm{dkjL}P< zX|tcwx(c1+I2=#|fx_5@whc;1Y9XY&_UIzR%2p&G7pB9bTSWFq&xr6E$#Vky5FO5n zkhS(;Aqcn=cfVP9O3@AGH&{OBGwAly#xFNQxk6SQhtw0UECNsDTD;E=YKDq}FP~bT zR~TlYj~Y{SgOMij&oUjyF1rKuadJ>KZI2Z{n%mff$cE}bRZn=pG=cTMJls}&`Cb3! z1ABMW$^Cp<`;>J|Afyc?s=zx$=CxI?xS?YQUUTgk%&^K7#MWGe4@CJgajWy?tb<~e z&AH?Hq~whY^VKO0Jn{f8Kn-2VIL>srD!D*MD?H!Qhnv^_ytjGdC8aiv*5*BoY=sst zYmm~Php6xmim5$xd&m2~oAjmg23%-uG?)$$TzeR}xT*jjtYld{%`=~^j zU8KM*=G*!`zu|ZntF_w~$h@z0a*m%#xS>l>1wMRU()+OZLgIZva~appH0nhA*$i=WoD z(GNZg=$3C={P$+Os0Eo})fO&#g+j;!an`ZV%=2g*!Z#q&)EDXA0CMtc&*LbPfcZfZQ2?N}T_?%VlCdnMB^ zMu}_f?m(Rwf#O@uyDr{<#vvWgkB~&5^2+ucQ5AFI;5cMhs@?Oj7kPYjGGrnYIKTzk zIqmv#ssd?3dNm3n182>e(XS-cWA2f+`KWw(2Z~he=cKes*3Wg!}xr%RSL^a&k z@z@h@d3n^_ENAI7Ht3K@_53<8N_|7Nzeb5jmJT_1swV4U|Sz@b^YtTI4+) z!&C@;>--mUeZIfn0iEFrUj28kf};b;BKQJj)jFSiF?V8`>H0Q$!1u6dsMzCcB7jUo z^bc+yG?ew=*>ksft;n|pt={N>#s6~TI56!`wT>8ZGhMY(r@DOvq$wC?UdKcUMJ5FiBW#Y?0oJEV_QPxDaWTrD@$Lp14Ph&x(;YUwt5?&GujkBLB zG5iR`0sU!cf=&qap3OXigv|lyf8d}%@q$IvNoBY#N-pvai_F)ineKr(rQvb)uGiDM z$3p@^3M3fy{@uL&WF}^GeUsahLXasa?fudTJ?bs48$OFtZm&gsn{k34W>xzH?v`imj|Ew&@Njru*AeUhcrPOH z4<|K47yA*mzy9WnT17(CV;heN#eRsHz|={ACWflHGTC9fdv7IjD6zen3{Ls4$NWNk;Drk) zOxsSR*MIlEZSZq{rc?Nav20nq2$+RzjaCd?XGj$7>x?e1&otixuN8$RTT$wLg*@Iw zTWrR1vd-fuZQA~sT)en$@P^~#GCcG|h5kkDCfeyoTECxs(!V}in^C91Kv3_p;^nN? zMk-+Lm?3jD`~Bsvf1|IpFI0FRnXeC6Vz~V`ds?sO-$SfdN28hPw3^Ize z6}%qcrPy?o)fmPvWLJ3H8n`EX zXM4U3C6Ue#T4>oFO%@Svz+f$|-VF9=vAya%ghuQ@PZ-L>K?!{Qa2M!Ftq?fetmq{5 zH#ZUP_ud+JDC+u4k2Hjc8mq~I!5s@mhy3SdTykUMDp%=-hMt6hXa$2|5lK@2>IH-~S+$Y?(ixM}qIO&aPnpgr_4eXt=q&^*X z1Y&%=&LGqNG}#oz$`aYyR>Kd=Giv=s_EB6th~SKtu*J)|*hGx#u_6^VdzaL06wCV*u@%k9`(O4Gvb zG0++*1Uga2+WojaBhu}pAw%s@c=N9ZrK%o`t>I-L8tv=3zx1Vw#A<_WcehP7Tm6`+ z2*f8a$n>uKOns*OMX*f=`4aQmHIjB&gd-JCv^p_O9zmle3x=oKF6T!#xH*_X5E}bF z4`*;o9bgkdgI|G!32oYUOIWX7$Ie}|(-v;(-GQ4c8H2sGzIK-X4p%cK={^GD50g?x zEuBjA;i`O~r0V5MYjN3qG&y02w66X~79UxO+;KFZ{eW%_w@~$Gw_VG<$Nb9<5u@sk z`n%Bq@p0Zl#HWz8jBb{XfLnQT4hZ4)RI^H@Q>*^7E}u72Sj`%O(@jM&W%Ax+Ks*0$C#d+(NKt>rheFWK!iW)? z;bSWB5cR(VmgE=Jha7)d)ZXx@g*agzPjlvO5`_#UVq6lWbbOvvmTHbe(p`6F5fK2& zZh$0#svKOW=UFFx@h48SEr?159q3QE(7}Btx^WUX-3$~{F7QT@kIIn!%ALdf=v{L= z#`O~*FfwdcJu#Ge&i#o{CS+stGu|D*gwFH1_nCrL7^;H1-=0VmLRfqwQ2$3Nnq~Ul zGA69XQ_-$rFr&084QrXB4eB|hl0^ZgiS4s}B(A>|`V_VI1hgTz-T-Ov0V?qt&JNr5D>%c?!S+7PIFdXbSP3g!rs0J3*xi^3wA0KLo3l6=rem(!`I;!8=#*x8yF zGDH_D#kbsdKSDMHcwGGkbnFo&c0Jz;ZG@xKD!=Dn znM%4cueg16z2YjGK`M8f{LQ=4>V=x3>TjWV-P{!4wBX&ONf4>pW#tv{B2_|q763ZD zRXDt4&PO@O;K5?sHQfp5#Fjyl<`DEh*#0NdIdz|n>;^%sn-tU&%A>%zYWXPQVeC_H%410Xv=X_uIro10^!e!d?!6Q;1^-dtR?E$Cz1LrMFWQAu zRC}1vsDoJJHOvSl;sV{V)UZ`)tetanv;#A-D}dPI`6^0S=Uqytb{=EF&C{V(&D>$y zz`JjK^6+Kf?DOR~9JSoI9)DN+vd|v3-Q03*#^3tBhn^wUNf1}6996L}6VrWFvlBfQ z++!&!&Nl38d``VFULN+sqxcpCZx$~|sact^+!o)5Qbtwp%0&tLYwPc)&BWMYv5S4I z`XLm-rx*?X!C^vi9*kC?vj&pPuaE`s$y?^&rEDdE_K(r7`DJCAeR;mwlzLYrGrh}l zb|~v801^9KFOAQ?77kV`si+>WzfdQ#?GRa~uf_*Vgu`B}y3WTcF6KB)2*fZ1OY0KE zB6hvMwo8ky&T1-{>xoltAI2M9x5Dd~IWk{f`yB=RNy$e02-o!dO7FeR)?YZLFcwkR z#qzw=^5(IAs=xn`%FFE;u+V!?n$;GzjDUhDzaQY!=xLMv9bFYi$}v`X+RAiX*eckQ zYP89rPb-kj$*|z{bk&Z=_F<-|@ga-jI;5b2;w%E0F?AJk#gTi#<0+U;c3pKu7ouYF zF0C~CAXEAfNaQM`2`@5-wC660hOrz|HPPMNGB%r1nr{}|%5+{A@TA=27j`fZ&Z^N< zB!Y+Gg8*miun!?T+h|8l+e0$l-rcCqcUMkZ*WbY$uG8wY8Rby)9x=rb>0C=N5Rk4{ zk-{S*q590K5?&ysNJX-7^3dL}X0FjWWQ9GwnUoE-9#=zXM7(#8DyviWKzcfeMH*!| zN>6f?Gd?B*)O6SWm{*dm6j*2rn6|&CA}1J(PX4XE8-0FgXhEozUbQd<1U>ZSNib=N zs@%bxkzc()MFWy++)|M&^4Q@<7;^o64}E3p+zxn6Q24gbWl_SKq<~;*sCQKfQWPC! z;jnL;KbdZO7=`tmoAf!xp$WqmA_OmDiw2y(_o?bYLvPkImgm{O{^H}>4Aig{_z*n? z^S`|Smv;#!-v<;a4n;=`A2K}Oopc!-z!3>$4K_W8H9DeaUoc|GnYz9{bxKjJRdcPd zQm++x!)JqZw9-99(X!#Cn9_m&6U2fYiCieH6GPufg zj7OAaOZ8si1jGVDM~@_GT}p2&0W6k587bRObw{2Bk#?I5KNZP3%TbDtMVEiyZW1}w zjNB5Y9fW%t!{>ZuHvadC;N-#x#ql3~8+&NCLbWEfEVWm@7nKH(%Xazr9y}y+FVF#p zHr|2B2w6H9n?(A7HU-9*OfI`Q|JY}~e3W6PO6LTT()VH5#D9eQd+M76IHAz1+jbMx z*hYkmENiJUhIb>bcXyS4ryb+Xf1gAzm<~VsS+{wyqy%WM&O^gZ~|7 z*9G4Jd2+0@F4@c12W>q6CJ~^+CVsgcGOewv?Pofk?Fb`J$sF35-=uBNu)X-=2a9Ta zdzgyDZwM@c*HBAMr(P`QGXvfKTRe2Mc8eu(KbT+z+Ggux_^eVao;9^tURg+nd?U|0 z_g_8Q&$#|m7>qF_k9zjCUjr&1D!vbgS0Gn;&jI&lq)S^Gu`iI;K(La_Oh zP1W^z!lU0{_O1e^r0DIhHcZ<*PbNQjwz#M{s$PW{ zEw8touTn4WN^wc_x5c=8>=;irXfzlewe_es6a}eczw>8HQCf6#qw_QSV6Ja`@S!0o zm>96^?9Qn1+`3onet`Vtv+*F{6Y4wK?R(A!R8BV@Z_EQNpYF@b9HULgqstDuYv{$H z)KmsgDlG`o=LN;?s?f|$?yLAIuDbF3XTAcp9pL?7{}&IH1;re89s#^!9Q(5Vbje>J zXJ#rJ`Y^~W7#d5+8EJ|%Q};=#EkpsCM?CU)%H+f02+7EPOcC4*LJfuA<(daw zB}W36{|`@R85PGCZEIYD1$WmF9D=(9hY&0{1ec(}X`B!wxLe}{NN{&|hv4qsIE~-p zyn7#mKMWX6bywA{wb%UST!viOxp8`CU+G!OFCIQY5`41sOeYnCnZ9o86IOH#jN?EQ zY@!7MtL;fO;RWM;t-nwrm|)*jDG}Z-%7z>>I-@pC}?U znN#!(*EMFDhzW<_sDFlXx#()jtx|VTDB)?XZEx-|2pH;j5q!z9PNHsoc|}y;j>uM}>@b7xT}vf`OD$@z#1(RyuuY@s=ZD6DLg_`)-z@`-Yl&4VjCy~h{JZ61A~O&57o3Y3BAbF$Wz6Ef z;h!Xv-+D{}XX66UOsb^|szr?$eYo32E zv*N`%M|lQr|BG*1a*m-^9E9?bN2Dc3GMjD*hs^9Cj=zxk;PP<}H~7UzL`H?M`*3Q! zrHv?ITklt>wNeib>y#Li2zXg$CBtZ zpAU4OgiQ!b)>7hlyuQBO!9dY8T2f81o&!0LSo$W*AMyJxmnnNGy_{~vF2!QSL`?v?OQ_M5e%YE^=( zoP9Q5){i=}Vtr#ClehUpkf{P3NiG5r{EbT-wOh$7`HJj6sa5ofZnj}Esw#r9gg|c@ z+ez`6#r9T`>0Ul0Y_670?*mt*$3__01rau+tg2@yI70tQL`w@q6BD*E(#Ohdx^svY zC(Zbm&wlD-JgzgmWE{7cNdXEYJ_EL}TUg469V9l~pnZyHiX$#-RIKQKBX)2aW^3O} zlE>ZYtvq>d66lnKI;HV3H|lXpx-?qSZH7#-8y3#KJo9^NTfWW85 z=MQD!>-G)_nKGh{OJfC=K(O{lz>wnNWp@4Q9*bqxL;;crG_8Cp59dFL%<`@x>d zMpPpl*fd8(?DKq0TB-b2;*6TepFahz;*39R(8hglu{UJCT*3txIvUq6!1%r{-7x;Zu4oqj3lB+~N*fiu=~Ra&y+Bbd%DyPA|5yi%_c`@W9-HADFR z7Qh=;j}3-$C6pbj{>et1$)AR0&okR_zNy-Uayw{Byck*&B<{$LJ16RlEaR}%?DQEF zOE);I#NmDCtz6#lwGH^mo?x(J|CwOkJ*)SVd4XJAqQVq4&&}^IszzO*i`Q8R<4(A1 z%cx+m+%y5Fh;w{TLR`2SJy+sCFF#t}M5O#d%7&gWa}CO)lB)(rLNh;+jov%X)^L1=(Cw0|Y)|OC zxg&ceH3!13is|3{ys$|qRVL<63LEE)AXM)yoQ#NPo@QUTCO%=8VDnjUY73ES^>%0P zk-tq$oW*kJ4SrDqQ1Q*d`+NS#KD@*FjW1HdBZH z7_J!S&A!rx{V_J$3@{W!ZjG)l=idGl#Ts8ry#(AS85M)1{H;m`nl#EDoA4iIcRbq8 z)=Xp4v*HYMSLMgkc7IVO`9)l$5J0WXJ=5Qcj$6E2QHANqFXtg}v8M<8Xn^dl%D~cz zn?aM*i!02k`q}Wiipjmp$j{yy|UjA#g#j`6$U4&v zWiRV%$uvLI7-N~lk-1rV#09eQy`5=7$3742aljP>h%+4=P3FmBG`UtH6*xkeQ7P#m z5{-2lh(iXbNWL`rS?m9FoJvCG^;RS_7PATFD|+?uhox|`zH4GR)M73)rBbVi+GfKC zrkxdY=^5O6kPv5Fe5I)eSDhlUwXij2`lHK%c@(+cPp4<+(gZQr`+o7!_yqO0$$0q7 zQZ37gcXy)jm zEnj8RlXJ6)EqT7#nU1EBh30}vFPHbk0W7cN@8GdPQwH(hkB|k4`ceW)1N>kHC&P$v ziL-hdcx+Z0wur!K39lqlg|rX_LDae-kH7X_Xi7h*K0$20dSa+Lp6lwGm6FOBYliW0 z&0ah_C>~7O_i|JnFRM#Y&{nTcYvnqg8}n`4T1HKGZES2SunuoA@`Z2zNl+BIRIzWB z_k7MVRX|n3OSw1w5|ppQ!+CBmE_@O@Nb(M+tW_tsh4f7$k%G;SWnuNy={Gd{oe8)C zRbPnja6V?sy%J1A#|F_i31u?fB7;N31@^aUKjxu?#IDL;!q4vhnmPZ;SRyH$1-U53 zeA1*_PLf>^+^AnRv$=aCd?5v0*2!j8Bnp>(uqCt1>D?s{Hl0DX>i=zoN(K5jA$HOb<<|6>^9 zczJJ;^Fhg9cjv#l?F9OtTw&{N6KNvL5GUUY#mNLllo5d0;nU-Usad&d9&ndpe>IK?(k<#ou*b`7k2Se{^CweGF6Qd?VOD8xv3Ugk zwS&SqC2Q+m%xx94+-_JJU2oem{#myy1MO+2*Q(cd@n0G{t7t0GL=vexN6Yb0Jp8Oo zOO99@t3IAy<9^8|^M~c}fZ%alRq0;Ng1^kc7T}U9$%|BzSyGW(*FLZ9znjJ+>9VcS z;AJ|+^Fc0};9kLk^4+Kn^y$sZo{;+zk%?370sMaSrUC0&(fpv4-EVJC*kE6{FyQZfFWAE*sJ=T-*JZg657mM zd^0SuZ$GRYLjV?P*1n2%--tmq{}JrDQV`w~=6`J9If*{EiPjh5+&aadYJIM@71~E@ zO@Eo(nyY`ifZMkH@Vf@uLNqBad#~%`ON>)X0HzQ?c@(j=Jj6+F{ZrM0c%Y6gTFYA) zeHKd^vt3R<()7NMNVB-lc2E{uG^$w0Q*YJ3a2l_hTfuUsnCDZfQ`vc(>ZSmcH{|ESdqqaN&)Cntqz`XRUA!n$sw1 zx)M-6&(!vXS4reHogsA6rSpekHS}n*a7oHMCQhfoD}|vShPqr*GeC}YULz38{MQtX zPyT5-s!86Tu#zLq?WnPgB9tOwq~+Oj<4QAub7V+ByLnIlgAo2pKV*BYj6bR!bmt!3 z->Xj*NAdep(v<_Sq-;~=LJebx&dMydQzanRM4E94M*+75RT!~49 zw?0wAphDk3hj#MJeDBh@UBnBniT?&bkachuNC?J2-T%5<@2~kzoggBS4#pk<<~r6~ z;U_88R1_%zvYEKwGofR3Cpxm^b&A)oC^OysLnq`c1xoSqa&*!(=TqaM6Xc^Liu`gS zqPpDgoy9-*@CaDPso48ATYsCrq&V9=@vS`pKc6vwRW*p-^9mCY9rxC+MLn}82>gj6 zD%)1xa5MIfy(mZ9Wak7ez<}t+8T=W<8l}^assPe3m9=EqWc__gc(ZnIX4-(~V@^O|; zOjglv&`1R9eAKE7?T&ajkCv+tv}C*r!!-7K;to^UTd?%(Tbg!59mE_w9M02pKC}w{ z<7Lq|s9$m;FFk*`Rc;%WIcDMt=s#;^YjFPI;$T2S1wNv8VhAoz)Ne%j9d5VDji83V zm-1F!Si3DWTrMRBH-69iL3Cfh1d=*jD?!JC?oD^K>1C6#?%q8vHb|^W$@2V85a z%=Xu#-=l9cxgWX0d=EtF!5!D}Yx$&x3E6MT z7|tR^@?^v+*^B@*#IH98UzQcAhA-&EqE#m-t4$RKa9qXlC_bh7-i`Ico8 ztHc)vl5r}AR??dOhLd3X*T?%WW=F0c6e12AZ}>+sL^uTXDNwR?mOk+UgLK*p=qc7W5i-IIuFh!tm%qfcOS zZr|Vh zi_tmwn#yk+C4m4?)5~8Q#10<|rZ6^~1b%O;aBXvJU7T6m3GT@)fWIPppPnh&aO@(9 z$w8s&f+#Jb&9H35UP!|KIFOqh8Z{4iGW42OsU4q*83oc+=zL$56yBUwlHQA5J`u2d z;8w0$lOY~?aupSb-@%2r?%IC-42=`+Bnlv*Acx=4wY}nKK6Iiq;!B28ao-Kb=QrE4 z$Ut$zq(z#XoN~#zzS3m~J;u2qM^iS~V|%#H`fW^Ijs+fYzo3cKE%~mrp^LR{W53mE zj|e5#a9>CXEnqRqwdceRk{t~>G<}oG5*@-B-zwBl2B7aHjW_m#Sn5dGJ+C58+wqEj zoI)9lpRD3IdCMOLpH!0iK^HE`R^VZWE(eX-H&Mc9c2RUkXrDU6(RX`ZIP)9l6*t#Z zMMhbwGg&1q@3Qwk#vpY&Nh5Sz+|2Uy^nGtSW$AmU}le02A`5Q6vU+_JS5~oW<3MC-w$#h-{?VS51=|lSml1t z#6+&=o@Xm%P*d;|sT z#^EnkqAjyd+e9B)W*2^!ZRfycYY(j+i&Wrp^=)th;&^Fa+gyUpQ|n3wF07(-KJ$Wf zASfTMXkHszQ#=@aNB4Me5wYGY0O|PHzBq49$>2^l>&MRjoG`s{VSAYIVj3qq_sbU% z@&ftBzqh@$zFArppgvBP`%890L?A$#v@cEoTS_GcdJR!WoG!``xK4dhg zDM@iW)QxytnKS_ID`EaEYktr~Y#ZtILA%&-n>IW2daN1l*?UWwH)MC$0=nM%0+1AM zco)8Ne`$7OZD}>8XlZq%7y)0Bu)N&cHk{s|j?{{MM{)}=FoI?nVpwZJh^Lu8jKVxy*3hkNT9f`vw*Zmb z19+?zZ$7f82eA&YeZz+{SIfC}lsQ8uY^q5dFl*f+$+Pp3$Nnq`Ezg@R<3Ui#Z{IiN z;ofdfE0prmo8Rdyb;9L=JoClxViK8Sdq$$n(&Xk2{30ky9u4)27KXufXcqvDr5xD@ ztdaYD){_{!{bq_F{ki`?X9nnkU;COsV(bi3ks?;xPbYOMt=_U7SM9#k5Px?A_!eG! z*Z0>z_sFi#ZtlY>>bv-cSe8bHt&Lx5IknKZbJi+bsbej*;M91&H+I4DZP|tZtV^APtIxMv(;H&f4*WXJNr_}>p_KE(@)wQIH({a`1S6j0x;U&84(;$8 ze{lWwdhT2o9Hkmg>rf{gUSQdd(oRJfm%Z|&c+P|Ju~BJP3B}x%Kpjr+jX1xev^-8- zVul^nzXY6}BS)+USjQVL4gC)4Tw_>6RPS3mY#Hus7r=Rbc$~((v;A@=YByot-F0$> zQ*UYJyJ(dhT?A3~SSz(O;&iKTx{LQTW=o*)q@kB1x^Y7r9+b z_y5d7RJy0!0PTmr1(?ZaIQOR$2&T1ERmh&`{Y(Vgrzm287`tEby#x$P1k`3F&*DxK=zEKE%Kvuecb44Ki=VvhR%>OqS{Pmp$RXTpaW}j+zs8 zF;cPx_Jh5Nqh3xVD!NsgJEXWR1ZR~VSsw1+L!sR=6`u8{QSXUS*JxEmvC_Y-Vth0Z zMmO|sgr)GaPue=%Q8l5V`uebW?%`FY8Cos=*Fm&~=2~!yrKCp?04PSBx*bMQYVhFz zebG72$>vxxvpy=HO+dq1*MP(3<7;K>#A2lPE6}Z}oCABEqD!0iNW)Q=oO zLnKX+`sud4>@{?MNZS)qR+h+`C;PcXYX`Pv<{Q3cQPi@wD>x#bF^-0_i&BtP-ZA>n zxQCdWG~{K^uc1d@=+}6iN2KFt+y*6!e!9jUp5KLmYeBlvG2>hfj$OKCr0bR>ME*hy!%;l z_h+>2vNV%$eELE|)bW0eCv4DZb3#EbPOH`gvEQT(FQ-eL*zFG@06I-V;kix$y)R{7 z_YcDSaVcwf&=7v7-heW|X2^&dm0;01S|vorK>WtExrCA!RfHX^8_i~-vdsh_u|Voq z4I)r3MGviFyy59fc0**gm8;Gl{0aaJCAZg6Y?RGzOJ7lH)Q}+Z<$DgoD z0+txokVkFjy8K)HPUsE*2>5axOBOx2y#28&toq^Na-3?lVcw}T7ynFk?gc-J;ycZ< z>k)VVX1qrh@+0 zfbk2htn9qe27Xs+$P_2(DmF_SwZ7UusF(Y&Ybcu@2la%ASD0|cQs|^k$gXCx ze2R)1_2J0q8G#AjWj?mQ1E}(qhFjL*a&!l>^xqEg=3o57{WAeE9drQUt#IKc`zW?YIYv3M=WjNR@qE2J8!l_W-cQjq(&;@htikI$VE0Z&;c;Uq&=3yu zKm~f~He7i5(OY-ln-j)|31IP**&v@z&DQE}_qMQBLy4zfFt6E#x4uxE2b~@tO8IVm zL0_1fTNR0G-wSJKQ{s}nnPT~xcM<_hM`v7ts4C(m|8!QG1*2iGE*+7-uS(tgiXC-P33Ds61LZI z{TW#z+Q@hyB>_Ea11{0Ceyn;XoAo^D(3`4vfEG<7IzR#+S?FLH`msouIiMEoJ6 zCwAQa6)B4p_onfuU*IT&OqsyTv5JxpXL98w522_ee%(4=xj8oXC7`W%rZrZ&C)qO+ zK}(mhJ@-VV9Kx)b8B7!i94@Cg z5Nuj)xLY7BVgjH~k-GO>YGi^deaf+iPF$2=>8w~fo-!y2k?hP0d+D| ziJj>Tpc4sbh0O8lw?uYR;4L3&&cK}Dg9Nz{;>4AdR2dGW@QKKzj(xupW=eCrt=aQCY+P&o=cbJ@La3qv@xMF377cmO&hv?>pfh}Z=o5*z3%)lQ|I#8R4i128O&Krqhyvim0bVD^EFwuif-5zs zgit=Vd%Ln^b*`JbU8Lmxhf_S+d#e9EZ9E7A#|FS9nrExfBdQ*(+FcztxJs@$mp86l zn`Hj)11~Qx9*OT`+bi-!i6AKtc0^s@;_!CAPf%YGR8Nx}Hko3P)MnmF8=!Lr5-(LP zFAad}0T^bI9cPCcZ-L6zygMmFzx$OABqdSbW8^!FGIA(sd!tN(D z)?p`qo36dN3#lnS=Xr@*#%Q14uy*SWZGW26*k414Ttfg?mS3}pgEp~Z0RiBwQqJ+p zX6a4BtKU0bas7Ans1HzSQdIA!iiTGIttRT)ue6yhzxlfpy3ovR^o7TE47t*V0d%wm zv&jeKat1g8hUk;I<~L=+?xBL(Oc9?4JO1v-dTIqf%pLM7rD6k0*aoQE5|H$Q|DV6s zi}9UItDI_u)7uUB;gYuXlKudBqjwnc_U~yw`Jh0*-Urq|g{41@#EOE%`bmE4c>|bc zgo6e^8^gN1uByH__A$m*P)uH0l{c!)!x#y8gFrpvVHozG)<$e}k9l4WD&Fq`K3R+mIzN1-$uM9H4*+ zHsQ6$wX^B$=vE$;K3B@U6Mdo>-{$R5{!na6S$CBOrhA$i`M5w%k+&+&Xj%fi_)1d> zCE(shcs0XBa-yP9si=O;>e}e+?Rg4zTAo>`1^i}TS!$0If!!z4T}#O2{#Ij)etFx| z;IQ{~Ui99@A6M5CAs3^dV%+}DmPVJU@(IR&ZPEnn|C-l)b@X@Ir9)azM}zvh0~^bW z9B^U%L7yR!<0I~CZ>HSmsr#F`zttA#070KUyhe6Lax!#dtN+N~`B1!4EJX35BdgcV z=9>3v_Bp$DZnY@`COS#9Z1=t6bp|9Wp9TNoZ7Um^nM;O7)V1)d?+sh+MA!}7CV<%~ zwXs#%O|n(M^+CYgx4y*|h+-8N5wf-8Y z*~Bz4s#Slxgwl;Y8>q?Nj)lwk2%M}z}Ej@ zq6ARznTeUQ zxQs%{UZ}=(+vAG&SExo)Po(+1jP;YHIYSH03sEp_QP@l>uQ!jFx3=1I|AaX<9)wZO zXe*HOYzIkd@h?rNdrlDx@xm9n3-jK|N-M<1zQx7B{QE|#!4zIb`kGxsGaTU;9A5%`sRzX@ zTHHQgHFd-!w>LR;Lb?UqQi{LOY-RFTH9XN`4*7~c{j%GNcc>8GM>Gsw)1I|PVGKf1eSU0sy1!5NH$iE>t)0PmI~R|VEjNt& zFk1{N-wnwJxxOa9KaWSHZ2B%^L`Wlgay@2s*WLIPkS&CwdFXwMD~*6|G!h5zI3aGU zPxwjoZfq8I2wl=wwq2mUA)y9P-fWK7`#-i|UNSJ8TS(KdFU>|f-QkukPNasHy0J5w z%4dJ^jkA-Q{d?>ywy)`DzC>#?T43jp($b(kk4C)eUIIAtEf-6T8{^eINj94HZ z6>O*2f=_S=qy;;5g_5rAxFO$QyVOzw?&Ae&BOg2Y>cE0ks{()opX^U0#E=C>DAQ`J9y;5_12?x;?) z2PEACd0E6HL&_p%ex1>%QmN2XCT8GzVJIYmtm(zfcA|b_fv_BZ)=ff-jl?NO3JNui z^6wyLEs k`MKuX?7j0OfDC%iX^2`f1J*D*oUEESj^MSrt|row*I#(M=m!=4x`Cy z=hcngcr9Wyih>9K>T64FJt`#(3&yf}Vnh47`MDQHSIhNv6OLMyigth-QGlXlq-|FI z7WtPQzGT%s>vt|2BsLG^o1@|2ag+})gMm=$tbGbTSI$lH`aq+p)30tvY3?XEqK_iR zyl2uuP=$@vU;SHAzFE~_vsaNR8Al#UpM$Z=hs_{{BBj6{7KmQphPbo^Vly!ScNCzE z9z}DiAycI%eN{w1UbwaB@A_$WIgAmiWodgr>eLq&rH3THc7;sAR48hfT!*sh-gy=g zDZkd%tkL)<K!V$4&dHD zm;l)>&Rn4btC^xZGXa{d4u34ClBN1D3nIm_sep(HHZo`9QD|{Bd8=^a3X!QKGF7N$ z#w0HI=dGe4IJE|84zzTaviKqPZ*?Gf7_u+FI_G;RSuz2e+t0P+37H25A}N9GNOdCj zZ#{vkc;_JgEM2v_w%qw@ktt>E8HVZ-TwoHXJCj7woJF4EP#0x3qFyW{Fa8{uRaTirZAEl--Wcl zVg479FZS`gga6Ghj;M>jjpdw!6CYU~rN3Whx%9o`FoVkFnZZfipP?QvV)W~{eq_rZ zA6%seYRFpmcf(*B^||+Rf!m*>!hoa=5co1NQoNE1Fhy`H?mG70ymKu?>4MJWCC`XK z=L6IFEk^39ejVU`rncJ|{x+Xm3%Lo4H*N_C36eLmPf^#-OTW$MR^ej+d9c^Ky?{{F zi*_OuC4R!R#8A~bnz&mhtGVtI<56n5^Eh+xeb-g=)||K4^RyUn=cpDH0kd7Q8(zi! z10*W-O3-FXRF`m;_rr|#wEd2q{Ms3}N+9gheT6G+eWYSw}j`j_oOH2Cfmm=k5>X~ zK)MM5pvoHo7|Z)MGL7)jQu%_Z)Lg_&bEioMEgySJT)+y(F4m1tD1>Jt3WAz1@<~s* zzw|6^R3e|wwf#^jHa!E*{rb>T+m)7*Ra5v}xiQQpMMXLl>ZD}1 zG64Ft^)<9oi6K9_+TEo;v#A@^G6U6;RQLWG!~VJBd+03>=I!hA>^+QAmaC;QBR`Mh0A-h3<( zf+~+H4_q(!KkTEqi&ic-_V%DrZ6M&_$19&F_M2b$l&*1DS;eudD|z)!_mkegBQJ5a zNp|15ctjTrF<=}3ta?V&Ap8T7Rv_S|p#&zo4Kl<^eR;K7%rXKAuu);`#`iN~y!+o0 zo^o%$s^sVE_?P_bS!ix_<#}B$sb4qm`pflWJq6(>@i@|Pso%_Nt*&u*f~u%N4HKCz zeZ@zA`t0XZD!-8$g0?W`y`x34ZRg5Nipr-UetvyAeLL-rqVGyCT8dOM5g*>IKQLRUs4Z zEWuWfk**`|#lnk6U_;P&%eNNr-}?DVmXtF0YH5|$muf0myuj#e88Z>aM^a$*>?>u`Z*HUCYjscn5BS9$JBYHCm}dsXcfhVUlJ@78;p-^AJMW0@x@LWj^TlTz0DU~fj{p&Np4ZsZJ;BdJ3D zziGnBrjx0CXnN?S=DE^0lLRRRuCUui`o4U5>9Nom0g_4Bg$i zetCAhe^(^F@?j3n^>dqtm!=6VE>NX& z&X)&s%X*=Jhtl@q2XnhjfR@16D#nrWa~3ue>uXqK1|ox0K3ng{6Ae_5*l-DwkPF+6 z;KwPxy_bb%oHHhy8}LFBoG#wZ+Z-W1Ofl)FmZ1U^JcmwP2bpv6w{H>Eu+gOs^RAbTL*GT~{a#D(3S>=MP#nxiNQ}1Ljr{Ex z9^>epIkN>>jrrB7FPNvFmV5+%`_5!c`00XF*T&zky<5)u z=L@#FuX9+7iaMEqT@f%tX)>Ll5;hicKaq@Rhr*?Mo47RX)GbZOR$JzoF4b~l>ADeOHM8QLXItJf#dGTm zXjfN{itIU+SR%o-bHj=X6BiEcGDe_FjKwN*v@|YXVZnQ`7m1gXnRl3Ha)|xpF6f6b z$)W9GQ722@7w18h22DN!vv?H$3Nes=5fc*^*1={kH(2AAX=_BJFz@3c`#kQi0I2}a zppkC(yPC&F@Lx6};Y|Ys4NfkM^fPB>GzHX|FQ{}F_rk3D;S2TAiM~v*aJa<6KT`=) zwzbPMbXr)Clzf`5onyt}2E<_&8Db-lK&|X8Z(A?=NcVf^47*9E)c)$_p?P0Rsw$@i zkLuSiJ4&@E%n+zpD9kMI=bLDY)_D1<8U!L#Lg4*1^E#=-YW(F6I zXN0k}Z{u8T=S4530eHxS9;7W|)%Vt*=1)FCv9DOuW}M>02W`VJ5^`UDHnE4N+eway z!IK}Npb3!sO32~t--uDOt-fg4YC})NWQUpG*j^_0-@iXP^@sh0PhJSd?DEuWO>u{{ zdaSeK3`Dqoz_mIq`#o>Du7_Zi57%Zru}6=gCn&KtVm&=^EZ{ORLTDtd%M_f>V|rmW z<2Ug3yVvdM{@uZ}^5x+nse`l;t3h~{?7zPM5=) z+ztW>*bF20PU?+(Iy3T&*!6xGdK}Q#Y#)`MLz49!VFLxQ))@7(B_N>D4~6cXBpe4} zjGMkq)rKH^KSJqvD3mrj`#pQ>%yl|UoHMj8o)gk!&I9MdV%?EYNl1v^WXU_`FI{G6 zS$l-};%i|Ck#Q0ewJ_F4=fH9HM!nY$)g*|)`Hhbw_vR`LPBbQaEL^gh<+J`Z&rNeD=~sw}&BRZI8}>TB!)_0tp??_V(t@pDHAc#3~7&kLg+ky-t7!hJKyZ}kP8!}MKZJZpZf z>}bJqYb}XQ$;0FkdO5!T2$UgnWbKAba}vaj_~hID57J5Zt_d>w0(yCETZ-HlARu z&!&b)&J8-8iylXxFx1r0$i6l7BVU6*S+Tav3>nogZ$E>ZMG*cbO##GJdRonh+-C2N zrg2&lK>xyKSKG+JNN2cA%0P)ZKCFp4QXxh40#gkox__9AZkUFIe2GVD3tbPAWAkvk zJzd#aWGjGu>drJ=q?%>)?4 zqGW${TS-{6_^@1s_Q)QUM>9o8&52;u((COy+xe`QiEI~P&p?8fm^RD5u}K{J$)UzI zR;$9=xLgf(9ejJ5)5zIaY%t&YUeF}c-JdmaIsJps#20O4=2%+1I!e#IW98^xQv1E# zjauE_&)#EDUSC*YcgP;nTC8Tg11_3frK-cjmBwLy_mG4-ZBe2z2mkYSV9-GzT*&DB_IV^!>$zvwxOyQy=fNsvWLVu-SrePCPtaAaDeux zz}|YZ=rQwfqwpC_?r0%Qi+J}s;N2RxiM^+^ZAq<9=){qn>) zL%;v26Y#T3otYQYR=8CzpqP+mYT#ukbgW^OUYR1a5+VSdBYJ(^ zl)jo~Z#O=HOEI^`K%P)HGdItedy{^&5la4pf`}8&b!c36&H(fQ?k`GXhf~|_ zKW$UwE9~wcImncr!Sd`gMZ;jkWyt3?TIpiopIJ)|f~pFJ z!__Yi6p<(93D-%Le!zVEVl0@so<0J*9^Tw3b!w1%ph$2fLD^9N`@D8GAywIDcR#I~ zcZnX)RugfB>!Z9O4!iyaE_@aAblp(*tA;Z7`^LIt$6Pm-=+71Gf$RNv)!f`v?ycR~ zcQP{b!f3mOUq2$H#-jx)oPy3I&>0xTuJLB?1KR&48vY>LXKOr@oM}}gyjuRFvmZU0 zK6$Xxl;iyaqr32H{d>d-WN|DW(2A?UIK)+}c{7^ek;IR@kRtYe9I@*|npYLDO_NBKG+`9l#)#7pf5F9Y`W;8AbELO;t6ETRV>j*4mdx04#a?W_#J6!@jBH=^HD+sXG8uR?pVf-T8cn@X*U(SR}=f>>RO#FXTp!@Be8N?ZRk!2>vXW!-biMI zeftsH(r!j1)h+VABICsT(mE+7;#=zxIFbW|wZTA9xQ=*4Q2XQkdqGH?;u-Z`TQj5& zgotZfx~xy;pWr?v-(Wp1`XcPLeGW`<{sWCybu`A+=Rm5*po{{Us0!`i`Cu($89#Tm zAhD97vU%Nv5Kho;_2n#-w}nRm@4#o^yxuB+HdMkJ(-6G^7)rOBVe$kg3UtnVC6j zxy92ZQk_XzJA#1Knb&UqQ<8$KZ~F_4j2aTJ_0)D?TwI*UC+(%WZ=}b-(7zA!WnCMN z{jU>b6%`fhb=Kgi*tofIN5tE$(r)VXgx~_i*$w8zq)}?;cvvlFGqR{fV`HooO*FS}bZf4oyi7W_}&6x3t?i98*P{vI zRxgu1*Lh*sjyN>&{iF+LB{X>KHhb-=Y%DnILZwVP7VjqV0~nHrH$L#>SXfs1xIVad z9{;X7U9w%339dTz4<`PSVm=2@WkY*-p*2+j7VK$YsduTMFZi zH!DpW@MvUlFidbELvifw(nku4mAs@ii;fa!IAp&2XuBN3@EUUKmwdNCl_?f9&I}^} z<7F&)I^QY;_ieSuX-mnqLjsN`#LsRqxE&QvOP=~{G=x{jfMZ_)W&hIoZAc{98k?Rj z5xgU3+h-iJ$;**ECmuHG#lV-Wb2jw}5*R6cdwqycJ|huk_8)bQ(8yI+y#;9d!_)I_ zc&;&yri_}(jH^hUv3hdZ5#JBV9Ktxih$neXO+MOSFWWSNrG~hMNWnClG$iyFFME6Y zZb$yd%3P*QY)L(uSUDr`_^lH#d~CAi2I?rmrm6WLYntBywrVQ0hF>u(FJZR(4w04E z#7`@1U8*u4{urKnY*=rCnB!%WRA#)Q%d(^k_&%n2nS|?C#0qlv$tDcT96?~_@~LqRGbI62uWl2 zi7~ZP7U>0HgzHy?!B*%s+mlBHx8%Az;Q9wUH@iXlvaywHwW35|iVai*5QS>=*aa2N z(}vmmJFrGZjC?OKR(+_ah*tO9BuID%mfj>MkFw!UBx7b*mUqFR#}j6#uHGB1~#o-!Yzj;jcJYv zgfmngWtcCXz-3wfAg^O(^->n1<(?#Q+oo-7_4EeUVkM<`7Wz$X?Tm7SnT|}DW+Ax7TnOp>M-g9kNY~>BqH@yXPH5BnZSN_klHORO+9^wqNHJ3}?F_{>PDSV2a2))mzbX)Tq9Tob$ zhGy^Xtnr{6nc922kAJ2aOFuK5J$s<d9H=B%A6VIxEtk#jy37WBI5ajcsDRwtDyO zJ}~eKfe(>F1rlP{dpX^#9bf-R$930HUU(i@lz2he7!V~+l7(+YE1@E5RMF&8C@ZCIGiQgg@E z)5AU1`xBpWl-ZEBRa7o;+#Dvw73uG`cf%;~_*-PLgBF2pVgbgSI$2i6&+rasajfB< zgN3;@@f^)scPifyocQO$DFl^XIcChI8KST+Q8MmUw@LVVljjGn6EDp;&45|LL_79N ztzSmJn3p8J*CG@UM0Ohtcf+U4Wk06-y)4l*|1pDkta+0|uoG@cq*9v6r`t?z%*1UI zn}gA6OTuK@(i~oPG*mHOz|&xbc*#nQe{LMUhI5Re_jWff0ADpu3~drOJAGO-iRctQ z*0#bENT{Bq9?1VN*}+=;O%Ova0;li`vMdn>vwfey0Gd#3uaVH9D3t-O-RI-wT?943 zTvs~XZEd%j;)-BDy}LSrDaN&c-TK5|5CZ8 z3ZkoBtwiF#{b8Xe3P~oRiz0#K7h}s6m+$-AK@JNT4GfOta1d&@5Y1^67x5uNsm>GV z?=_5!jC2%V*3}QR-WyPC5-aLH*==8WKI;uiV+t)#E8N}x?644@ARhMjSjlXbrJQH* zt(pGwt3ZI?n=I4J`H^^OPW>VBVtz-S2W|A)!Oc-rsUxKeyMqa9I&v7{MxwsUm>rcaM%M3Zzcd zi-wouu3qHg{OEu!cdI9(W0vWq8GG%`FaA6PF=*iHnp>DcqSTA#9 zHo68JJmCqrB*|4}xj$l)c0Dt&1DJ&0;OZ#ZG3L#h z?r+cEgiDB!I7-ZZ$=h5I(;Xg{0q#xZKqJ-!wH!{`RGc}e-A*$|ElgGyft!(5psk}5 zP)HNneej8BPvYGtw*%OY=lbt&`{uXG>x}~DL<>}-Ob`>AW9oz_`@A9mW9s%RjHG)1 z>^itS4+1}z2ke~QDrt0h_%jCQ2r#?aHbuqShC=A)talJR97?z{|K-iVL3<5G_9i*9 z3}HxU0k{Ag28sdzZ7Nz?WA3u~uBAo5eNy4QzVOAeeSe1haS63q?Y-G*%OD;Tr-QE9oy!$wFf$*QN9J92zhtF2By4?2H;a5W1;%lZ$N(>BIBy zs9xk?YHJ2T59G7+x-lR(J3D6WlwU##TCJRlBGG+RYjRHaMowQ0&bZ|AFNMd4hITj3 zt}`CTi4cxt^;(h?nPq2IRwlDVFmp^9>mE!)xD~EP5UXAdfJ3;B4Gn=wFnUSVVVdDG zKa4z~pa#IGC^T9tE5j<9a!yz$pys6iB)GMbhQ`KfZifYX^q*XC;vM!bY3JBz7NiBE zk1ogcDX@x=YnY;w_SAk7=io-fdnSsJ`hto8SY<^(syI0|1d-8R6OMk1i7TsXa4{Db z7dMrVknl}ZR8$N=;m}cze{UU=%w4m5)@^NHjNzz(dw$SpBd>q|9lo`n&Eops`8$Gw?i8}OP*C9uK2rdm5@Q?p1=eR})v8$q1{GFtPKGQIovUhjSMGLh|%n~Qy4^Dcj}tR&6M)g$a`YQ_fO zL~lh^m2-AwC5XGX{J{F#$d7~O%F4Az*s>ny-d$x5g2qg7$kg!!rHirTqoJsZg%?`5 zK#m2_j7mCk(^|+kyuZ4!kz$)N!jgFH2pdjA09DpS{Y3-w>-Hu>00g|LG3l#XzzbTI^38uf+xd5uC+Q8HY$x8#h-RB{n;kgoBsUyqr40{UO_&> z_UNj?2MOc0Dj!kpihtF4TT(Nx962D0752{`(7(3Y&At=iF~L^&Z}}&!Vf4qgyUH1i z*V9ex7&q|!n?EzSC~B^MH>vbw^0U7w&wC}@214IPvbzfSJ!LvJ4qKzy7}mjNs8F9( zWhzJnE)s0u50g~Yow*v&H(&t0@_x%OIyfl#gq{e4X^sQ~&R{)J%s1)%uabL!>8jBi zB}AJ(vlsIk!7%C0^|u_|E*_m z@gjnxvnSZl&@fHR2@Mh>XeCmB=gc-bOveLPT(j^~p5q5n!~^*Nw=rD_rCU+6&p@FF zKCsbSD;*geys8D?K%?ag?RLhl{@s73RP_6h)xF#=e}5}wwIS8*WXbY3+5qmB3*On=viVBoEc+pnGtzHa2d}%f-aU0lu>L%HV#p;WJ zK&7ckY$g+>bAvB?sE5tI0s}~fT z7b@%`jP}O*29X|20DKpuAs8zefRW%dPJ1(;PM!dOwG{A_PxgaY=@QDewzl`G_V$0b z0zdJ12S9@0*eIXJKG+_7i31 zu*XH3{7mimN@9;yr8*1g-im$+m_EhuOXg>n4eF0FbsjCui{N(bW3&7Zh&!Si9rQFq zJ+&Nw)lF-1nuSEhewY?~Zt$}>5yzy;VR&?O^rtsN>+ZrM%M)(1S=S2Fmc!1E(!RDv zu_-LiaY{n)Bjqt;ga--?J{v|G>g&S_^ZJ z6IA}%Jc#*+Z!qZv&ef6T49rEOEi)|*Lw7`*Hx7dAd0F4kuv&*SN1Q6@rr$ggcMe@6 zB_Ck4zW7vGd6S?BWx&Baob_gaz(Yl#jTxXjEwncSYZ!uVyG)1sJg_?Jy~9ok*97*F zx`2OX8Z6hnvPr+>dCqb}z8q+zlV2H^x3d^FXFY1zzrFaYBBhS`zquAYkQ zLAK&ReShW?;Rgh6%WEH>ze)doDFc;?U<9{y#KdNL-S&RFtSALu7u%25MvtIBs*_d2 zWnJ5RM>*paWX-MBRIRZB`yIG#CVWj-c_+-mv4?idTINyL44~EDHXK<;LdFMV`cFO4 zPCIT9Lu;EK!Z1OBflba*$PEO2Rxm>XTb3`EW;S2(!qbH3^(L}0OF?h0GfyGxh_zFEiG)|1%^OhZt@FowE6EmD=Dy z{sc#yU%&p(ehI`erVOM1cqEBS)x{!p9nOexEPU0xIC&A?Yw@Jb$!!(5L($;h8?M0V~sA)ziJsw?74XS6?h{2NCRWrHTpHuiX5Y;ri07{i5}F02odaQK6Rx z4b%}0l>U<2&gO1QNO#q@@`va!7p=*K!ftASGi3pD?bRJuivms5*5K)(b`#heMQ=ls zb7iZ!jPAdR@iXz*%JwKQr2Jm``vzZYZ-Qr4ofF4jh?#PZKd3e%Cue|G4U{j(my_<0 z*_mp83z7tA8ycJ9r;Mg-@#HS#Dy+1k9R^`*v)Efc5O(k#BHv=0h~b4tq)~m9!n?Xk zH#Obcrod~7lbnK5-}c<#=h_r= zZQ1^49(=V9yo?u>=s$l>AYDqrdqB7JMsfEESa!#@q}3+c9sZ(Ch;|x}bS7ReUtX_V zBNe4>xusu3kZX$v3&cDwWeqr0dqE9)hO^UZcMM0MXAW5#%XZO=QC5lGkLg~1hJgdW zg@EqXkV1Va5a)cts2E;sdSFa8R>5&|Z%gqTX`kLzc@gT7Yo^RGC07cwX$<9^{%~=t zrffDBzum|48^cy~UyaTMPIl7@1haJ$o`rjkmg$EFzH?Op^<&+uKN4Daln7hkmI(of zhq1)6f?G+l*bNZBPW!?J?s>0zUy(2E7M}WJ@hNb3g9pJeLMkFxLl27)^Ga^i&0pJ~ zIOPxX#6pDi-dxV^2I%-7@y|ZY?ubDNgSP1)c2x3GxO*smW5{WoDrjrqszNwvO6bLe zDucEhm+wvjhQk!@RZOScy0Wst^Y<#0r+q>84sI6*9-{~bVO(~0jE8qTk^;)vbY{eU{l6R6CFMY3Dj_k1+tL{mkPDu<~ z*=o|o{E0syVURG^dIhmgB7QVMNO-VHiQ~I|&L>}H@>)Q)BZ{Q97HZjebDr`??Hp|0 z`Le0Snwi817jqa$+XeOY^=4YB$G87pLcqe-`8bjCypFXqf8UP(3x04`)D-}q+Jb_0 zEq+=J%E)g+S33AfK0hVFktyB3`50G}OG*HJM(r2(-cXq}Dh}} zfvBdz9yPl2hEN|OtXK~JfMems}8 z%S7#y*FGnYqhdSWE)JoD1YRBUlCAX?Iu(krxR429_(DLmfe_~z%g@D&|ndYXJ zHc<2Q0$_V+WQ3r~v_p*z+VB*jC4=b~Y^jBR38Ss7KtbD##(?3kNK z=qls>;Xg>&8T`+`z?-xkK*AN=YU`Fl?}+X35Gw5eHx&N$*Kq(qPB=w8cIV!>ynO~> z9~rY*LEK1ruMFx#J@!jaSfY8nSCVIH!8m=_Foy3FAUTZnVRt3DUkYE{aVIjdP-~XA z3IFU(A6Lg!0e(gtI)e4xR}pW{&QxcBsUCuUj#L7gRJ@?ER0zNbP1}$}w@5w0!8F-x zCt6_FFW36WhORNguRyoHgi#-a3;mVNuMKY3i=ZuV?W)GQe5$? z-vQ|(cupV^eibOIf_vHVI*MB4LP<2EN=)Os#PhWXIVhpSMernyaB8yDi*^k*Fc@-I zqhiB;BxLy3s3fC6LL%^)u^2AF{b=+;*qZWzn*1rz*&^uUS!TyD|8 zAaaC35a0?b0C@_gX2JSTz`dV8=H-15#|x@)SfH(}l#L?!3V$&Tn?3RImoqmv|9Euym6qS&Kcw5&I7F3fA%R}BJq{gWQT29&9b#zAP$D#n}W(P zFQlJYsUZG;`=o-4qqbJKIL@CZ9rB@YQytT-Re7(B>6kXhQicuNJlfj~>67?H-+=NC z<dGmwIN@rU>SWP4mj`=p73+n}Q*UEF9XB#;G z(RfmEMb3Qu{9=lxP0sVDF;4^j(pzQmWMAM7_6mEnxhysl`W!550%i`7q2P%mpd4nZ z_rKT+!CLsvXEnIRw7y6#{uAKaOeqz!`=@?L4=q-I%!B76{MSoHihAi~P?@dyl3>q& zSUd*>zhd|h`HMS0R!e~m|67g8`boL`O=1Fdx?sNan&;&x8v`Qdl{tt${u8aok^H&9 zggLEKYlEIE9vJ|gpSA-bHg{~@wrOiLM`CPbq!Xat%Gzr(XDjr!4LUuIh zeBjqJ@P_NB`SjH66Gs3|CKb;lsjaN4gT)q$iv63Aq7>vJTgu=7;Em6Yk@!3v=qh83 zgHQDt|Mf4|&#svj?)lbR1i$?{Rs=Bf75P0h36?*OJ(-q`&EPe$DD8VFW2T#a>17u3 zm;!HklatlJfSN60?}Rl72#kqwMRx$BDIFQwNX2imVQp=FSG4c1%1yENYeKLnJFL-P zaJQZ4l#W6yN~~Zs<^K?|-?_<17Jz33pVTS9i3aSftvj(qlyRPR0K#7B;o;$yX&2Eu zYB^Epk#bzoIX*O8^w+9x!>%{*AD_{!@%K9LvNgM_@E^bq^*mznqLtsFiJ0(E)GcEQ zJnj{IxIOC0d>nUL2`-5Xl3fMHdK{GlPli8~2=T{FDjlysQf@loe=<;8#623`yT)|f zp_hX*Ck6}HW{vOw{0SA}`VuI={AL<&p9|5*^kxlQDzT<$TXs*^BV28OZh+}8b7qp( zN8RAh&2y?NZ_mh*ll52%)F!>VK=QZMq!ue6CP4{y(_%YQX3Bu`BUH|~F;2Nd#R)mB zt+A3CT+Px|ow>t9@s~T7Ih1oIkoozcx6-0KFJU~_s*IM2TBn;HZOT%;H%Y!M#`!NV zw~9eXqx|Gj*Y(!U7t4%K@0Rmjaok$Y>O&Wx$#7Zg@FJ8LR#!eRd z>Qya!qu~E)0SpbHCUk)nl{YNu06!sMr4)H(oB^p{;hiK9H&rr5(6dLYx#b7x)h*SCxalPu$vZ47O$d7i!5xA$m>@s4-W35&vBks zIV@zdp1m?K5Nh#>Z6>zX!qDflAbYxxE~~7p3U(gr<1;|2o@nPn-|`UCY!!U?&>_0KJ}g)-snCXZr=jR&3H|8KoKML{S! z8yRUp6{3=hHQH|$SsYUBEkA+%7$;W-TJ*c5U)$PtSmXud1tdTdVi620eRpN14S^40 z$5AnV;Y#P(DAjT*v}g4AG#t!r*goy#ZWWYhtYbfsnFJy-FnH~mTgv@o7dnV>pydi! zORVTh1YqMxK&)c}SoMd3UJMug|HErPLy-8(Ps1ka*5Zp+nBiOD_WD~`07SY1AX0uY zr@Tf}_66qhIHNyd2X}C0x73<_P~HQ; zwG9A`5f?*>O$HDW_}EXMY)MdJI-fLfpy9r$&66f(dGtWQgM*@u17I(%JAt*(hCf#t z%^w2X=<=nZ;XQ#}ICouM*?#-8%0w(n9NT%xR&P4q=hN2#6eJH+1khwdgA1Px>}AnM%G>>t*X?U-ge|$PG`YCYH^=nWCf%>-U!Gg0eVeQ=vm{uBI3SvUPGyqDQN1T+ZZ25XXm2tgkV z(zSm+QE{RqitZ_2&~h3U(4pA0V^j0ZD07gY@y?_Di3#3`7}mvCMhFnxpl0S<-Pftr z)zrQMtbg)6zb?o>8`!*}Jtt%a_9jrJJ-G>#1^F}CBYg^oHxi}?XpUNe26+Yao%R9%?DLv2(0IXxhP$c6SoFV&wMU{yk1jE!Wv;BJw%mS=@Bo-9 zjs((9b(aT}M&BesAjEZ`*=!FciV82XEVdCB#0YCtP2;Q%P46&nuywm)Nm((4X-ZEW zT@r(YR8f5C*l}5a3tbeL)qMIi2nD&?hf9-FgAEK;eNtQOmB_{m1g{SM7}VTXR`KV?!Xzpc*hK^kv?hUMW6Yj<7qAMQ)R` zk0f}dy?WNU!RmjVK^Y)~Gx$-x@at=E&{}#jIsLbOTB7J}fOKOP?xsUMat>3_ z14z$U&hVIk7wK`oi7<@h(mAqDIRV{DC=Q7JxC)^}5IC8~e)o=qCX}RzjkyOP2cJ-m zpg<6iz7oS(05rTeIZ=~3jNvU-K1|44zFF>gQ*_~-Y^V&7uEU_oB3)*rE|;bV_?k8I zUF6@;T86BH!LmOvJ8r!9hCpXX+;hSfB6XyvTiJ6P+BnZl3Dsk|iU)skR=mAB*}J^` zS6y6>btw4`8c5a~LAdqTAZiJuQUk=5n40}Wl(Pe-ZfC~FkN>!@@&I;mfwYD`!Jj!+ z+vx9TaT7L<6As7R27 zE;C+tP{H!I1*PZGH^8NJk8k+(ynE;RG5Am|9^aw}ZJ;C=2RyPMoJL$C&ZmfcVG2A# zhsh$v;)DbOA-Qjt;B!GYoIS^@<}f9SoK~QFy2l%L8Yj$DaGh1e0Th$P`!`ZbYb4;C zSAOw-7s+?Rcg!UFrn1Fy?^LrWuryG1!p6rt<}{bPX{SsNd)FV62vLw%z%qkyGH32% zwXlt~{@Zk22tggTrQ=?!x=yX=!fQ2Raj|%u)`o2sJEtqjXp5-fgfF^#6G~UUNV!!H zv)O@gCFtEs5g4+)4cu&}$VxhB2(FQc4qrurwTMLS$}#|Q+=O1}%U9bgh5x^s(E)y? zudm<8YO7{ofC#SvL@OYX6)5?u^d+j1zRc&w-L-?Dv9Xz_vVJJ6J4NVMS-r~GK3W8q+!x^2g82j9_z(#pkwzo z;P0PZ-23PPT>@zMnw?#Tz5%~SYPhf~N|4kEpJfldefA$SowMO>7LB3;1*M5;Vq7oQ z0Lj3V!b=Nk@lA)DVwjib9To(^=52=k+W~Y}P#P6V54t6xf!xP`Wd02l3(tU;c1z*o zLBIT5`D9d*z_LO1vqNxCNMRATAF_;r5eF05+B76o`0{ZaWOwc65m+c$5g2Vw*C-?k z#K|ZdTiY6O_~{)tzdDK=yUatoK`d@ z$~cV|n$RVp$zTOre8*j#UjZeG*w$srs2Cb>T2~w~p+>oQubD{=UEt zIsE>~_^Nx_HtzGB$q0T1FP&zQud0rDWqmwywysT-jSb_jTwGCZB?gc!CYS@mn~BVI z47{CZByg{G8Ix=iL6#V6M4-75;477xCqOVaptWcQau`Lm3~itN15BKAfk5T-gCi3C zAFi^n^88%*FJN$@00G^2AP@@GERGtVxdzb`KN19CgJMCS?)2-vn*xllCl#gfTewl4%9@GjKZ(JOX!RTvF2g{Q5vD%(>Z17oZZn%IN4Avi=cAO zJyP?3m6hfsSOnuhP0WCwk{7k*9Y-nz)*Uhiy1q)DX6gPV@mNd$qcZ|p#TxS<|16I= zV0c0U(1SmA4d-5R(bbV!+QG*BwG=eS5*^qQbnC+mg9MpiIWRjaR-AEk z-{ueqHS6N&Sv=Ve4Ar1iY?B5u7cG4^zR>;(E=(2>oJqAZD~OH11Qm#XGB(#Wpd`ZKeO@?$ z(SL`{x{cq^(6HS$Bn`Bx`Q(4|Rqcj5)5H}~WMpLY>n{_<6Womv4XRjgua$dv`lxY! z-M|=|Yv zh=Orc3F=2w$<|O=LL^hiDv!m8u_oZKXYF9RP$n6 z890~i0^;+- zF)cpE@4>IhpEaPfWsMjN@*uu{JEb!uxLQUn{UO}HYCQGE_;RRgnRbr&rx$~}z2f~= z&py?+hll%BrRf00JufG&nUoNZ<*;?>OTLu@C)y+FrCMs^)sNo9!EBd>1pjT!v+)(}{nY5dDA~b7z`0L6To`E}*;c#9lQ%Z3q&+PVD?V ze@H8?ncUzYAg-)R`zf08gTt^Fo65S}f(>Ed@8%)0cW@$`#;v%`04M+CCgNt-Nh#{f zDc5i;i|PryUmfhLQ!ba?b~oK?u2+fP`HhixM60y_62Bdlto*0+?r}oR0 z>O6nPA)Bi5&ueS;nE(bvqdE1_(Lu1>Mm<1`pkoK6vc+kTe8-lYaKk8I*ufkA2lgb=pb8- z-4AdMO_pOGVXzaW*%)Qm57Zcp$Rh?d|6v}HDI5Fe(a1{kMs0h_rpAtsWOTBB9`sBv zhs&0%?AF0rFw8V7S85d5-PKfE+GI|a1*T;&%4UYYX$ZJHd}5fWVe;sg4(*9q@o4C7 zu!Q|CPzusT%Cq1kyxuCZ8DgnKM1;nYksgrd@}ity)tYxzljx)!$`0N*lc|`j)QtQg zxyD-3`rg?A=`Ht&$yUwwKmsHhs);%Cz05el|105fcGG9RXsdy@OaPGTC)Yq`&_~{WadS1k>`>jX$9=>c;Lq;#Fu_Bv$(?^%V*^ky0&{ z@H*{j%3&WZ7@|DJ4Goa3lPG_!Vb58;aD#cpdC=4xUoN(ZA$#JdhM_?>@{PU(V{y>r z`&4J?_ddJqVm_35ts=V_N7b^|;j$N|hyFIhL`CnR@;BtE;wCoL+Ua+@gvvYhrrVOInD8gh>@+V$JPW3f8=F?Y9lu=vB zuU~Ar9*a^Thl-`RYzWwMCEVNd1DWlA${IIu36EwPf9pp>Q)Jt&vE8YI^U6YhOTfYb zOU^}S)P=f3j8KxsAnAds?S3xX3{lf>j&yp^7*8ZID?BdaY4+^-!|sV4f}p6>BOo&k zop@bE2+X2{In_LI`c*xn`i1TtD$ZPc4gr;E;GB^XI@IcQ;c`m){dEjJj*v|7c^F_Exa_eN;w)nyiaSyiLM-QDl1BXf3m1T@!8g-gl@SIX06;+$622%ZAb zEq{MeP+i2mIOXz0le`{e^P^UGth>i=cVX&0ucQ*l%m0eNWNXARL$PU<3bOhK?0|xI zd8KE+=vT41cMGNd0mBh$2jq8UL~Cw=D#(0IH7UMMEQX z)#bpgwW#`nX6Xtl(KzQThO@2STaEBvpPs&Uu+KJ8c5Rb)nCQhSC*pj)cxFCg6SdV( zbTyI#e18mvY|`$m2dHph=x|~j%7ym(C39JAJ4w^3c5K%UQYU>dj>^s_y!vw=ymf5^ zdjeLdev>kR7Tr!dktffxatNaJ%p9DqJlIMRjGt(l@P1PB#{EoY@dEW$I5x-*(K%4( zLl=`E7qy$TQti``RVw$NY!_hj@D!ly*9F{w%tcOx(y+P)Xaz2*u-C8fbIjj6!W7of z6?)h&vX|`>$CfQzQjavvAV430p=;QrmF!VthhS#IUxdv9S&2L8#d=(hF2R zw*7H+XTzX@sTU!Nrk?AeiBS-eE@Z3j$P$ZW;kAA>13%?;X)gXg#Zo>M3e0gMovnz}jyyRO}g zr0ec^qwf2&%j!L}wt;k-^M)GK`VZwhK15g1F8QwBy4at?TYDyKGHVLhT) zRvEF7(aV1XCtYq-l)yNP8YQavf)uI#S0-2Y=>6{;At^a&dHrWHqFvNhrs7>#3?;p1 ziyqLxvDNTTobR!#a{Hz3bAHK(?yr>!!?InaEI+KPAy&UZ>cRaTqwIO+YLrO8d+0o*=gPO#-Y`kr(|h7 z49x4$t3SHk1e%Yd2|f~D8DVw@(xvEE7>^*}-}Q&b`ZTx4Y?%nG%3ke1c{6*=0c-f{ z=Qvw(wz3Hue=`^hlD#}a{{!{^5Y)PzIfeBHp4v+w8%4*c$ZH_aH^^1EwhU_hk`(mGadEL#12QZ~r=e5Jb zJJ19k=C04wYPJN*?k{Oc4}Qk=+ySGy&sdvhHQgK8YZ1+O>y0`7#w}&+iRi_G{dm-P zE%d;mp7%exm+`-&1S$W`Ot5OkHE7KJIGz|(nTTKnpW1LDs>#Lh15!2>b*C;BCCKwa z==ILF-UrMPT;<9&CdMb@CX6zVXG?3nk59&LrFj*ok$MziK_?|+gb0QlXa8%+mC#cv zqai<{I~W*<+1moKa|y^QlW^@cY!Y12(EIWc@(<6>kQ5n}2s~FGoGuX+`))PE=Y_(o zHNzdPddixGUU+g5UyhqJF2R=*(Y&ZO`Zej556Dh~@wwcpO_|Ta-9dN;@kmQ4NAdd$ z5Qkj;fSE2;CfTRn|1{lMlO4H{`3%OkW*bH((!t-E)0{JlyWBi?wsIEfM|dfYjIBIl zPUiaLaP*vpYDA${{4*j%p~+BpKG4Wi*~De)_V0$AeIth=qem>n=j@00lHUW0Y=7Ol zox(&Knb^jwR5SuPnOT5j39XAgA=&)x35+^9H{BrldcmfSy+%HH?6FnjO;i_X;J~b` z+;4KLz?AncrG9I>%k#u|8>E*r2(glJvo$Mz2Q$dG6IfLP++lg3emxg!E7&0zs`@$-9N>xhFeVw-)2mf2j&oifbgqE}GPbl~B=)ts4eWRQ zJE36CLCaJ@PmKowdf%kprxhM2xLJ+H(G1E{p4x{Le{lk&*VH4Ckt3#`etz7@4G|LV zh&GyK^e3tV=eO)wOcoHQG{L}_%bPAS

  • 0+?qgmu`03Qc_Xigf&PnG-&CV=7AyVBwY04DN*wkC$pu$ISHU@x~~5w4#@Ig#$6ET`0vKvku^uhL|_ zkBYNGiB|+iJH!I1GndoIj+qf9@KtkgAQ3)SK#K2pkK^)2Zrj!OaN>7TX4w@R$Ch=X znC#-_0gqwIZr{(c$wb)Z#a>x=1NgNAPhdXO9mM1>y|zkWE9>7G1@D0fPiax0lcV($al!cx_DJKQ4+s!Qw7g766pnGeV{4& zZC7(hrWA4+e0ox5>s8BnWA;B@5`Sg76g=gf^yx>-SyPboMV3?~uPz5GC(*zJKD z##&9c?@KMOjry}t{|Lz8|9wS+@=-ti+U}(%uA6a6Y(k_c6go1r;b+XglgRglG^^=l zti9srT{Pp>`-vA>yD)`OMZQG5WdZV5l8xVNrzTVD*wf<2J5NroE{xVDbUCZ^-vSZH7_MHV+1T?4+YQ(AM9NK%jrW(7i*g~cePucc9 z(l#A>&3&1bQ_0c{4kR+M01jDyCE{WFK=$c1nF`(c7jee!5bEdZeep9k!gu&?CzD*h z(@J0GyxQPjzXtSUIRmeBqVaKwFoS_o9Xsh*VveTOv)J}ELO?K`dJI7gkwQw{+l)wY zd{X7~{Hie|ugquaQ6HzYSFbUp0UA|}+(IDx97U+G(6Qf=0_ZxfWbCg0-~v}9!5`Pe zHg4QEIU+xTnT#Fg<#fJaX#7D9aj8)i+Oo)ThG84&0(mp+-DmCk>-Xy6?>_g1I-tFU z&(!m~>6)E}4^?nW{tH$4+-vKO)|g->u-#XOfvOY)m55D)Qh4E})m7{KV476yM%UZ^ zkwyo|Bfeq3eEd0X!k0_A{RPn~327X0?;X%@+|q^NLiiD$M}EJ4lP56RV#q!z=N&$J zJo$hb=PMF@?n#7~|EmQ!{|VcY zaFN$cLiX*=4%ZP_qK1b4sh84umD#!z)2!F%R=FC(-~1`@w#oKx!*fehDyn@&Gjq?jWgNCj=wP|Lw})tlB+n4J#X z!W0O>JmIV6bq%sks_5}(S#go4)=JVKH~$?i15EpdaH=P23n|FR(jm$cL!b~ABrW)j&5xGY-FP%m zZmT*H!Z^pZ^qv#dKk;5lc~1n=h`GdK&-~VW`VuOJzkWRAChRWrM+kKhAslp$s~BH+ zo#hcp&s-fbCxe$CE1E$uF+Q8xrRk#w1mjQ^@XHD8duEcRN3jZ2Q@J{~6vysBv9LgV zxH~&UTx;Tf5?h+OjzQI-6uB8PG|L?m4*d&V2es1L>VCFh!yo(-ijy56z9JpRBrHDL z^`hYzj34U%0>%%Nl}>?;qF@8bjE7Pyw%B37X*fn#3*-Vgzu!Mt*&B98VW8+?Re zkgf5}Ln8gZn^!*mPpm>k#OQr-NFk5;;eBda$hLTel)=`-jUFF2*tf$Jz;Qp3I-dVB z_|~P|*S17xAc4YHN20vT>WuvH@-oDlUak?oSAi*6%%(E`eVLDWfGx)xX%{=51r0QO zCPMtEGx9b;ooRz(lm596E-G`da6dL)+ftwb7JCxFm)MnN!B^UA)h56WX!z0SFY5NT zeup%+iS#eYM=vBaLi-h-NcIQTDGJ0hTGHd7vCu88oTzbEu2j8u-Tx84 zJ!a8_v&VeNNx`2qi+j0q^UUPf=}z17H@21G&87a~Zu{FSvms)~5S0SGXmR@s1!*Pjp0eYRRf$jV+4rrYZp_AL#=M?)0PX<(92%eT#K{T^A!o*VI9!qqHQrZ5kxJ^vn-daC zk2K3Qh`a1}iTcw=o6x%-$KrQS*rxdQ+Wu%)Zov{?VQJY|Ckz;Vcx+f>(j$F;kA86Q z{vG0>v%302r&EiY%U|22$oFXBK%w!omecf^_oee7u^qj>$)}%o=iciut7~ZayUUZqS{<_Hd9W*eZb+erL_weRlL~L!Y!omQa zWL$NMvjhg-F|DmxQZ0YlnR~zd{x8!o*%aEx!z#ElM7ZxTgA#Vk!0l<@e-AMKwYecX zDH2(Bkoj?WC*|K?QUvj5iRueNF|@GO#&_;exGg#_1xH`Dy121=w>C-qypIok*&?n# zup0Ynie=sUc3b>@2#r5px=;&nw2ds;ZR^0x4VSa(p&LXwH3wSa^YW5rbNV%NM)pGT z80(<)eITY`L5Zy-GD%u&bCdxMA8q8r>xQtpKozNMN9*&q?aC%-E)KUfwf_L0;t}3d z%y()j)5^z^z3mMv4Ph`NTU*GLm)0`1 zM(K|xs$ODW>*a%!$x{#r_i8`n7R9K!M^EL;@C*9Ug@1~RieE0m91BDCQAa2>UVav* zuF?^@ah~IrjpKbMW-2sjiMyRbMC+LCjEpo97vv!OZz|N))#-04bxYuj|A2L~N+_s@ zwpKR!^ochLm8^IaHrrS&N~OhTlIseRrQoAAu;=jp`;}NVC#lr0rFlehUYiH(i_4C6 zBLjTaY5EBe_~q!VCmUbn+%=p<|6Wg$?dg~~Y$I;xW8q-tsB>kXct8eUDT(A7Ax-B;zf!lSaElEch@5C@_EnqoL~OR z*<|--Z|*)b_nDbzq^bLEl5CddmDD_qL>*0FR;A`8gCA}z&8L4m&90MZ_ZaE^-VfkL ztNivv!w9@WUM4_l!L9b$qA)e;U%TwLf3$JWlHGmMc(U#^4G$KPBD)KoWLG9QpBV08 zY-D7N4hGnDsKdE~=jtovSsD%YRB{a4etw<2C?9Ar9U>?X*PI|u3QG5MD_0Cs)js8e zO>TPkvV#cP3WZK#G|0CkZ1J?DM7&ftc~~Y{08NrNEW z(9~xjD2=X=($J^sG6|i;_%V`sGdc;H@(K(&UOJzEVpl+_;LHbVj=M}yGBcV0e^M25 ziuGq6W+s5Y7;BoT&nc?wTJ&Cst7iC-=k{W&G#r##He-1x))hm>0!i035sA}&ui zwb9}=k3WyRcDOeXEcSZRTiii|(L^LrQn7uV-yt}EU7JihM-LPbF-G%muUTzcqOy12NUF>c3=J-HbmOC}+n;mw7= z$`gog;g5&xCNObdNz9d(5iLKOAlq0rn>TBk!YhqkKcSy;z&;N2tbXpX{$+bg+9r|_ z9z`}0oupkwH2W^(t{`oyTcuxaXq~a)}H68NE?y-5Y_*BbH zGIi=%V5QwZ6H&5P0QPa#Q31SAJdCH+2Z5=peT*O5C^=rrj{7tS|=VNEq zAot#E;9NA<687;MnmQsi_+(J!3^MXY2KksZzY|CW*e^jx-d*K^!B1R6z*3mjGAdt; zFmnzGmr3_?B0JOmx6G!{WfWaUhecA?CHgCfx4GK~^8nvII!G2cf%AqOe!pwXJ-B_W z5VA(q@3|-OBllL@>}S&t@AK6vuB@M38gf&M(zF32U^^NfGgV{=`8rDu`TUd1xlzeW_N%06X%RHAagATK7Mk;TnFzBt8)HkHKif9_1C2#E zC=>Cw@Kt0)6g%`Sxr~NCI^l8hK-;pn$AKHkIo##Ez23R*V*$9VdEMyz3|De((C21M z=T)U0YQufO-0{*7LXa?ho=3o*I(i!!-nqO|o1Kc*F=}0Jnr(q@3cE$M>0}$qZW=sT z2=80^m<_IUFHM@btn-~lM#{o16ACX2bJ?$GNvDs_h5f73Msx;{-reVEnscPNR`%&2 zQ~YNh^53pGT}pcg-{~bG0zOMhp|95!4BgZNQ`%oog%hIP^~fMaX)}p1e&F!R-u9ed z=^4_L|M__@R%Z+2*ZJEb)3Z5p*A36aY?37(R7&r=ih?U3^_Ld(MLk8ZVx<1AVgciklHz=2AD5fk zZe>WC#LO4J;e5Am_)Q2kv7gmOE!)Tto1YBxdU`0*+{V_q!ro+wY-Z_81#H}pp(+Vw zQj)M*f(uF~dZ&_(%(*`wNqUcOwDcAlLaX;mJ*%{f1xr`oC-_`od#xivM!ss1A>3yK z5_9o$kK|vka5s1lJDqp5F`iUHC}G^9`FkweCxx1mCDL(l9)>KE%|FmWP&G_dAB-uW z{({oH>o+ykLFyKGoj{uWdo?HNF(W7!Krp)hk9r_{Mi+2q*{!IJH3Hv8%) zxx1Y^JV@EdeT{r9bdbMu{TN5>CtAiB?9A14Pe=Y~Zect6Ye?4A7UD}L{Ew!e$xve^ zJZjuTfO7(J)IdFIl^v2v9t4`lZUS)F>7;ABn^&z?;XlH5+#_J8WG%&v*>HeI|?R+P`Q*BcC05fi9Zw_0;}UT3sA%_huw^NzDxh{93ZV=b7QP zK|P}6MHculOSv^-}V@Sfi zULY?o@392P{^!<)CHIY=Bf?+cv-|lAf+?KC#Xm1hhvCe=4x^9itxQ{61^rTE%o?(} z)PCqeQXn7j51GdDqa~7wa`Wa*91D)4WXb0F~a74NHYxBM$n{lgJ6)*ilQk za*r!}vLwCpjelSSy@#qm@%3@uPE{auWZM*LnmtWt-WwnZe2O-Zq;KzAd{9%Nb~&d- zh6LBPCyAsl1C&Yp$1{x|<@7I_C{T?y-X0kKtU2H@eRjQS|6obD>p5G0Qd!LqT7$=L zN8NM=^*TDkjh0;QGHOgMZ^AESzo8<@lz5adai3ai%t|PAsc5FEUxe*o^E;ed{#sf# z9&QnXNYCAyxMG20TK(UCx4oU?Kmx3-%=4w4J=uD3Gv{znMZ(K^kW>2Q0J!+2!n8;&d@ z5^MaZC{@eJl;!q3bx7+b!P#}O&^ouT437K_wvDLMqH*a|PrQ;(eVC4%y|1O5ZK$Uh zFyn?u`*%-6s5@?48Z(ol{IinfjxM2Rbk9wwR(>9L=r>evVFS{`Mh?Y z8|Ti1M8$d2NF3??R6ZCBqb?Bo65=0TV0ZEy&X$x+U(x+Vo#|Z-b=J($7hzUab@PGL zsWa#uc)`63PO9be`#QHSIsR~`$^x2xjOFEXnEFe7E_aw{%Pd@)F3CNr|HF6Rn-yz* zzr&xT1_K^$Ot;JFA_imbd%vY^CZd`xvLLM#z-9qw;d47pb%h;0nimL64S&Qh2@~7A zwya*bQXZR8a7J&8`rC&GJZHJ#lZQ%R~M4Y-)MCb_2r#c_E~~ zNK5j1qP0pt(+@S}>H>MZ?t^98iKX7i*)Le1-uPKg#&&0bQ1-GH_JX7xgO~M#H+r?( zR)!bx?%0tRzukKJcEC#Ru;S4`2bly-6~rfC(s}DL-KJ+NVuU`Is!dY55$B_;@a*N3 z`F7luWM`K1NiWxL>YOIq@8H#}a=$5$OIpS6611F%=@pW^bp=00Y4d?()k>lglL~x7Z;o{tpG$u5~@mYg^ zR(SYA;|MJ_?w^2P&9(R6CQHnMQUn~o8eJPFiGrIcXOFd3Gy*ZMhQDHKpQUY11Hlm0 z@~%h7A$-tOQ~L4Y9{1Lv!<{rZa1yV7xZ{i@XY1!cWSn|?pVZv6UpMG3vdK09Y?BGy zPNv@o$6JobwCT7gZM6`v;PX3bM7RSDVf$dQG)Pt)Gf3llzhUI|jkhPmX05don~o{?ryz}X}nI%BntKyS!Y07dHzO#^@%+FOTP$<`NScq@1Bl7zT7?qua%Ye5x9t;Q|uP?ZV z?-IGa`Z{*>ArWzRhZ04+-n+eED>n76Jr8V~4^}}K2HcvD;l`Jk&g3emw}%^k%qEm4 z%1l8eqLFBQ(>r<`<1T$(21uPa-}Y#zVk9xpfB{udN(nou+Q97l#w2w@6PfoTAZ%bu zXP7sCXSRy@^V2AND*%7b@A2Zwg!`md6>wGn@}@z_qBC#Drel;S`Xs*&7|NR)Wz69D z>(1L}_uO$@ac+c$p&0}GhUZ4C0zMP(1-m~hVeFeftxB5$KvN?~H3|vmB=B$eIfpek z^jN2!<(I#c4iWr(A2YM*@sl|~10Ds(Iwk_N0=FvQIUb1BD&9Lb{{eWMTH+b0Gyn*_ z^Ej8-)3WMgvor@)o{HC+E<;0+_hTGV$?B8&;aHl_5S#!?j$BrU+G)tXmZz zo&~7zNswY)()fSFJ}gmg7BTS^A4u0a=Uifd-L$x4w)IL|C=?%-NQJKIt~sMTg9XABsu8-4aD0n|m55Kxho|BA&M!BTw?5}R9@HoZZm$KA5njwU|MFTB);)NTHLcSrA{C(+!>2NOS-RcHiJ3H&0oG zOSi&b6HB6eFM9o0PxyOw1CyY6BMjH7ASSa)p&9JaOG^2YY%x!vCgbuz*2)aJepU`Y3`8spHNGU7 zwO??82a=X=gq8SL(o*VI9%*(pzNZv0NB&11O<+I07;7i`ue}%((PPc5(P?^p?|$$f zi$hux*Ppi0^eUd%Lh&Q`15NkmFP}6%D$kqcX)Z0Mysrc}H55f;nJnA}6euky3*A1# zgH`Y$kOAx30Kr9k#zQOgCnF2;6fSy_fTsousXw)y!97{R2_T*6r{l0;(a|G9IAka^ zfrw)(Un3)O+4MNoxOv;Tq0F-AS)KpcCz+8|nTCh|I+gehr8l#hX`E9Pp4GZ-bWCpT z3E0d#O&s}^HYlvNYRP>iubu(~_s2Xx#v9VNlCzDUBNH($ruNeG0 zrD_vIXt7pb+T!vqonfe|zj?piec$l72knXi<2E)Kr2vv7$82>Ms5yNBrl zTQCz?WY;~-0O?h3j3e+tE0zq`?>qUFBx829YaERk!3Hu-duO4zwVDE{>~`Kbm%YDM zFBOh@iW9q*9MR>Ocs4C3nvW2Z;^OA|7``aOkmH4;kFX4i??6-%f9 zDxze-_)>m9QPn!nP86$rt^ zLf1j~D_JDCLwtMd|183jci_m-uYR$h$hn{@n#TC?R=|ZzE;W?2pT*XMLGLiNGpM2#qMLrf;uO~`reA^;; zbuka<0^q(^mXm(P(<$zhQa6MOtJ6H>HzYV`tP<$82CPj1I9NJ!B{Mej!2)LyqfY7P znTn|GBKYo}LO{Rm&fiKMMbg}=XgRVx1`o|TVW5Q&Z>3<$62*)h>`lcSAsCq&VW{=7 z8wFPK;Ek-v{!IWS_*BpZAr_pZ(EH4*2?aWAgw0=1_M3mlus$gH!}@5J`kD=^oFGm) zFMc6kMg16l@ao^+Irgi_&;kW|;scwhS&hEhz!%8ZHo8^J_BmOdvlz$E`et%GoySGz z)UrzUal}PBs%xxtc@$OO^K6Y7xm2ma2YfQr=BpEOKu}IGg@1%hHnZwMQ+{XSgs3nx zoRqMd(Q)>Qlit}f9VPkJ!68Nhr~)7qdx-mkt`Wl3uP ztmF1w*hP#Z0vQ9b`Q_)gwP6+m609*>_r#rNGyYAg66D{M<#D) z55Z7k9yhNjz32Ri7+{DnE{j&!`Vi|S6?;%xXemClxZtb1P>r)!)yrE(qG(eWt9k$oi zQXZJ=eHZogv*n(2$Fq3p14)qF`T*kliyCnu3fbh&90qrTi^srJz6aozx4(glhA*lb}&>@ z3dDeeCj*_MA^Y^510O_kMh(+yoLZd8C_2>F<#R7ya1R^u=Brw8gx(Gm7wMmU&HW;` zQx>kF^L#TNH%i7vzrS_8=yj>#FVJ}G5@j}7Ny}fFR@%1Bj#tW5Q!rALH@7D>|1n`mQo1Q&mvKREuUv#l_o-^?+6Zj)>*ZN-(HdRP=)X4V zEiH~Kc#CS+Cp6TZDEnG7@yP7{eXEZ9pP{k)$bSzL%}cU_=RE3}nnw9$883bj@eU}x z;~h^tQW@IaFhU5wppybOq1P#!KRbEIB(E|XJSZ;qJhWABVeZQ{t8?zeirYyz&3P$_ z;1St3lgcbRz51AK)B&2tstwpOWLxJ^dP%UEF<59?_>q`DYYHbR`iOZYoG!mmkvpt& zoIe6R`Hk}UI|}x9r+Bol(iOr!c#&?-8Bg-slod6HsAC112 zF&7By&uCnH9WzH5z^KroeygKOU5FMpk2pd!3%FzPId;8%ZRA(1u|lr&z5=$TwxNo7 zuul6Xvn}+czFIrq@xEw*P*QVml`=c6l^{)i-KrNFd#^R9F#v0p;fV ztD6LmiOum)DG-v-PTWy!tr9J4)Z0y*%2CPXgf8Ydm}sO8!iJ08{f!TUKB<=Qwdb8k zG?MfC)w~&~T3KkOTLloE4K;ATq53T$6>SNaEy@8ko!H zCYsxm-tA@URQJBnez)37riZ1?5MU^2`EA~2l8)-j$Ipjb@pf@?FIJYyimd5)IogT} z%k(}YALz@bjRuHLGfeS}obmrF8tF(3gPx+??B4RA;&+2#fi|o#@!3@1zlh zE{wmeb{lJWwvJTW=xw<*2yrPpdGGv+S!M**yc$HJg%a{AOh&G|+WuEuBkgH18hxvU zLuz4DvPcpnA}+Fa(zI32^?95_agL{WX5vmgH9T1JsH61akg`-rVmCbaHC(Z@Nr~|y z=XGd&w{}hGteK{6Q+`gZ*@gLE5zIbYR&$XdgYsC7saGoS7`^2EwiOeMdJ%jBe6VO7 zqF|OedvR_~%;o!$4QK34^m#A{n{GVaL>_*fQ?w=Zj4`q>pZ{gL0CHC(fkNu>8%$S| z^zRwg#r7%Dxpo1NPZvv=wQ_P@eR*}Mk!DyEV0 zb~>z=+;5XM*?btIj>da(ji-DO-a)KO;U&vyO!!W8cyvAkIXD<+OfM3-S5O)auvWaM zBHBm?g!nHNi4Q!K=5>Wvez$zWKWiWmH@0Y;iN1C^jd2oaX6r*`3$YcD|5>JG8$3{Y z{Nc*XKW!#krvq~+`E5*b!TYvZY~AXdX*w7mLCQs`!-e`Kd7ftG`HoSXYpRR&_i|G} zu`EW%A?+iQ5HkQ#sCeix&{k&r<`a)5#slAV^|NBtpN`e1Rwfa?{k0mnLLZn4Qk+pQ zftE2a2i5Wk$Q2+XwJj~?j2f|X6XfoBBjZ2c-)q1-gr7~`#a&}^uj^6z>{n^61W zf&)F9?KJTn^n}yIS`)T4Fl*%U#jkH4h(`w+>`7Oy?|i#u+gJt^(3dj(?%7zE?iaV& ze*1n3m-7c!5PBT++x5l(+`gPe3r;F?!z(LR(UksDq+MpzjP5mank;MDbXwChON#)s zgSRRS=6tzBX$DvwV;st32 zOMnsA2h$S`Ic~U9v-f54NIhRyK1!F@!@gS?WIhcYFMv@oi)1vBI~K2fowla2F@XwN zKeN5BE~ap8Au#lwM3-4nTfn~VULbcBWpDt6M9F*P$N?cvF{r}xMP5$IIqWN5-`^&U zcWMN?&x&`a$WANQ7Ki&kMkycUlV>b??!o33(_z!x6&!65 zhaM1L`5+STmx@X8YgZcE-R#vL5{_G*P|qx5`M$2muI)*}w|Zf!HFv|8OV*0%J4?(sXu zVTVC-Q=d55B1i7MnP3+9$x+85GFwGk%bTdQ-pxxh$$WqPF3wLD=4t%GrdTz;0h3RK zM;d&d|7l}gGh7_;aQV|Zbs@|z@;-0L8E>aPtQ!8OT3Y(AofY>0hhkrz^ZE)2p^q> zTX?7MRdd>1&!bQV(tC}g;B+F`=-TJp5Vnnhn3HHT>H(Xc`9!Edw8-Q=)y!|U!?Nz}XhNCv!NZj4+&VNP63h>8^FPp0Re9(M- zmwPOcuoUGSl_BcsDwCIDDPtxW&Xu3yZ2eqO*&##R`*5Mr-MmLNSflOF2a}zdx-Gxn zqIp_Q4XQZw5*lQP%&l|UmGdJLH8a7FxP;AB+KASJgY+-rrZ;qnxRq>SZ0a@TmVzXd zH&8p2*fX_${a=SyGN{vH>N(<4X3@A1v;o5n4#GJEe~ zF3Ewd0D**ec9}Kt|G4EP#p^y9171?76n4ND8lOoT#(iGj;{gr~%1NfcS)x44$?rnr zOSrfHLQfG0qsdb}&FyPxi)`hkqBQVe96BD-(*;5J zG{~~_QlmorZQ@YiJpgw9eLxICibbFbV^ARfpMzf&{PP@bf<0mXI}`XeI|!M<2h)i_ z82o<@VtoTCFAbxgUH|WLz&HjVu+lB@GJ_NP|2arX4h)lxzj*?z%Kr`i8-#ubNp=XJ Udla_q1pzN*c@4QT8H>RG2e&-vMF0Q* literal 0 HcmV?d00001 diff --git a/copy-of-sdk-docs/docs/learn/learn.md b/copy-of-sdk-docs/docs/learn/learn.md new file mode 100644 index 00000000..ff14d726 --- /dev/null +++ b/copy-of-sdk-docs/docs/learn/learn.md @@ -0,0 +1,11 @@ +--- +sidebar_position: 0 +--- +# Learn + +* [Introduction](./intro/00-overview.md) - Dive into the fundamentals of Cosmos SDK with an insightful introduction, +laying the groundwork for understanding blockchain development. In this section we provide a High-Level Overview of the SDK, then dive deeper into Core concepts such as Application-Specific Blockchains, Blockchain Architecture, and finally we begin to explore the main components of the SDK. +* [Beginner](./beginner/00-app-anatomy.md) - Start your journey with beginner-friendly resources in the Cosmos SDK's "Learn" +section, providing a gentle entry point for newcomers to blockchain development. Here we focus on a little more detail, covering the Anatomy of a Cosmos SDK Application, Transaction Lifecycles, Accounts and lastly, Gas and Fees. +* [Advanced](./advanced/00-baseapp.md) - Level up your Cosmos SDK expertise with advanced topics, tailored for experienced +developers diving into intricate blockchain application development. We cover the Cosmos SDK on a lower level as we dive into the core of the SDK with BaseApp, Transactions, Context, Node Client (Daemon), Store, Encoding, gRPC, REST, and CometBFT Endpoints, CLI, Events, Telemetry, Object-Capability Model, RunTx recovery middleware, Cosmos Blockchain Simulator, Protobuf Documentation, In-Place Store Migrations, Configuration and AutoCLI. diff --git a/copy-of-sdk-docs/docs/tutorials/_category_.json b/copy-of-sdk-docs/docs/tutorials/_category_.json new file mode 100644 index 00000000..f27bca92 --- /dev/null +++ b/copy-of-sdk-docs/docs/tutorials/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Advanced Tutorials", + "position": 2, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/docs/tutorials/transactions/00-building-a-transaction.md b/copy-of-sdk-docs/docs/tutorials/transactions/00-building-a-transaction.md new file mode 100644 index 00000000..3751a2c2 --- /dev/null +++ b/copy-of-sdk-docs/docs/tutorials/transactions/00-building-a-transaction.md @@ -0,0 +1,190 @@ +# Building a Transaction + +These are the steps to build, sign and broadcast a transaction using v2 semantics. + +1. Correctly set up imports + +```go +import ( + "context" + "fmt" + "log" + + "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" + + apisigning "cosmossdk.io/api/cosmos/tx/signing/v1beta1" + "cosmossdk.io/client/v2/broadcast/comet" + "cosmossdk.io/client/v2/tx" + "cosmossdk.io/core/transaction" + "cosmossdk.io/math" + banktypes "cosmossdk.io/x/bank/types" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + cryptocodec "github.com/cosmos/cosmos-sdk/crypto/codec" + "github.com/cosmos/cosmos-sdk/crypto/keyring" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + + "github.com/cosmos/cosmos-sdk/codec" + addrcodec "github.com/cosmos/cosmos-sdk/codec/address" + sdk "github.com/cosmos/cosmos-sdk/types" +) + +``` + +2. Create a gRPC connection + +```go +clientConn, err := grpc.NewClient("127.0.0.1:9090", grpc.WithTransportCredentials(insecure.NewCredentials())) +if err != nil { + log.Fatal(err) +} +``` + +3. Setup codec and interface registry + +```go + // Setup interface registry and register necessary interfaces + interfaceRegistry := codectypes.NewInterfaceRegistry() + banktypes.RegisterInterfaces(interfaceRegistry) + authtypes.RegisterInterfaces(interfaceRegistry) + cryptocodec.RegisterInterfaces(interfaceRegistry) + + // Create a ProtoCodec for encoding/decoding + protoCodec := codec.NewProtoCodec(interfaceRegistry) + +``` + +4. Initialize keyring + +```go + + ckr, err := keyring.New("autoclikeyring", "test", home, nil, protoCodec) + if err != nil { + log.Fatal("error creating keyring", err) + } + kr, err := keyring.NewAutoCLIKeyring(ckr, addrcodec.NewBech32Codec("cosmos")) + if err != nil { + log.Fatal("error creating auto cli keyring", err) + } + + +``` + +5. Setup transaction parameters + +```go + + // Setup transaction parameters + txParams := tx.TxParameters{ + ChainID: "simapp-v2-chain", + SignMode: apisigning.SignMode_SIGN_MODE_DIRECT, + AccountConfig: tx.AccountConfig{ + FromAddress: "cosmos1t0fmn0lyp2v99ga55mm37mpnqrlnc4xcs2hhhy", + FromName: "alice", + }, + } + + // Configure gas settings + gasConfig, err := tx.NewGasConfig(100, 100, "0stake") + if err != nil { + log.Fatal("error creating gas config: ", err) + } + txParams.GasConfig = gasConfig + + // Create auth query client + authClient := authtypes.NewQueryClient(clientConn) + + // Retrieve account information for the sender + fromAccount, err := getAccount("cosmos1t0fmn0lyp2v99ga55mm37mpnqrlnc4xcs2hhhy", authClient, protoCodec) + if err != nil { + log.Fatal("error getting from account: ", err) + } + + // Update txParams with the correct account number and sequence + txParams.AccountConfig.AccountNumber = fromAccount.GetAccountNumber() + txParams.AccountConfig.Sequence = fromAccount.GetSequence() + + // Retrieve account information for the recipient + toAccount, err := getAccount("cosmos1e2wanzh89mlwct7cs7eumxf7mrh5m3ykpsh66m", authClient, protoCodec) + if err != nil { + log.Fatal("error getting to account: ", err) + } + + // Configure transaction settings + txConf, _ := tx.NewTxConfig(tx.ConfigOptions{ + AddressCodec: addrcodec.NewBech32Codec("cosmos"), + Cdc: protoCodec, + ValidatorAddressCodec: addrcodec.NewBech32Codec("cosmosval"), + EnabledSignModes: []apisigning.SignMode{apisigning.SignMode_SIGN_MODE_DIRECT}, + }) +``` + +6. Build the transaction + +```go +// Create a transaction factory + f, err := tx.NewFactory(kr, codec.NewProtoCodec(codectypes.NewInterfaceRegistry()), nil, txConf, addrcodec.NewBech32Codec("cosmos"), clientConn, txParams) + if err != nil { + log.Fatal("error creating factory", err) + } + + // Define the transaction message + msgs := []transaction.Msg{ + &banktypes.MsgSend{ + FromAddress: fromAccount.GetAddress().String(), + ToAddress: toAccount.GetAddress().String(), + Amount: sdk.Coins{ + sdk.NewCoin("stake", math.NewInt(1000000)), + }, + }, + } + + // Build and sign the transaction + tx, err := f.BuildsSignedTx(context.Background(), msgs...) + if err != nil { + log.Fatal("error building signed tx", err) + } + + +``` + +7. Broadcast the transaction + +```go +// Create a broadcaster for the transaction + c, err := comet.NewCometBFTBroadcaster("http://127.0.0.1:26657", comet.BroadcastSync, protoCodec) + if err != nil { + log.Fatal("error creating comet broadcaster", err) + } + + // Broadcast the transaction + res, err := c.Broadcast(context.Background(), tx.Bytes()) + if err != nil { + log.Fatal("error broadcasting tx", err) + } + +``` + +8. Helpers + +```go +// getAccount retrieves account information using the provided address +func getAccount(address string, authClient authtypes.QueryClient, codec codec.Codec) (sdk.AccountI, error) { + // Query account info + accountQuery, err := authClient.Account(context.Background(), &authtypes.QueryAccountRequest{ + Address: string(address), + }) + if err != nil { + return nil, fmt.Errorf("error getting account: %w", err) + } + + // Unpack the account information + var account sdk.AccountI + err = codec.InterfaceRegistry().UnpackAny(accountQuery.Account, &account) + if err != nil { + return nil, fmt.Errorf("error unpacking account: %w", err) + } + + return account, nil +} +``` \ No newline at end of file diff --git a/copy-of-sdk-docs/docs/tutorials/transactions/_category_.json b/copy-of-sdk-docs/docs/tutorials/transactions/_category_.json new file mode 100644 index 00000000..5b0cdfc1 --- /dev/null +++ b/copy-of-sdk-docs/docs/tutorials/transactions/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Transaction Tutorials", + "position": 2, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/docs/tutorials/tutorials.md b/copy-of-sdk-docs/docs/tutorials/tutorials.md new file mode 100644 index 00000000..e6828c9f --- /dev/null +++ b/copy-of-sdk-docs/docs/tutorials/tutorials.md @@ -0,0 +1,12 @@ +--- +sidebar_position: 0 +--- +# Tutorials + +## Advanced Tutorials + +This section provides a concise overview of tutorials focused on implementing vote extensions in the Cosmos SDK. Vote extensions are a powerful feature for enhancing the security and fairness of blockchain applications, particularly in scenarios like implementing oracles and mitigating auction front-running. + +* **Implementing Oracle with Vote Extensions** - This tutorial details how to use vote extensions for the implementation of a secure and reliable oracle within a blockchain application. It demonstrates the use of vote extensions to securely include oracle data submissions in blocks, ensuring the data's integrity and reliability for the blockchain. + +* **Mitigating Auction Front-Running with Vote Extensions** - Explore how to prevent auction front-running using vote extensions. This tutorial outlines the creation of a module aimed at mitigating front-running in nameservice auctions, emphasising the `ExtendVote`, `PrepareProposal`, and `ProcessProposal` functions to facilitate a fair auction process. \ No newline at end of file diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/_category_.json b/copy-of-sdk-docs/docs/tutorials/vote-extensions/_category_.json new file mode 100644 index 00000000..a2aecebd --- /dev/null +++ b/copy-of-sdk-docs/docs/tutorials/vote-extensions/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Vote Extensions Tutorials", + "position": 1, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/00-getting-started.md b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/00-getting-started.md new file mode 100644 index 00000000..a68a6e15 --- /dev/null +++ b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/00-getting-started.md @@ -0,0 +1,40 @@ +# Getting Started + +## Table of Contents + +- [Getting Started](#overview-of-the-project) +- [Understanding Front-Running](./01-understanding-frontrunning.md) +- [Mitigating Front-running with Vote Extensions](./02-mitigating-front-running-with-vote-extesions.md) +- [Demo of Mitigating Front-Running](./03-demo-of-mitigating-front-running.md) + +## Getting Started + +### Overview of the Project + +This tutorial outlines the development of a module designed to mitigate front-running in nameservice auctions. The following functions are central to this module: + +* `ExtendVote`: Gathers bids from the mempool and includes them in the vote extension to ensure a fair and transparent auction process. +* `PrepareProposal`: Processes the vote extensions from the previous block, creating a special transaction that encapsulates bids to be included in the current proposal. +* `ProcessProposal`: Validates that the first transaction in the proposal is the special transaction containing the vote extensions and ensures the integrity of the bids. + +In this advanced tutorial, we will be working with an example application that facilitates the auctioning of nameservices. To see what frontrunning and nameservices are [here](./01-understanding-frontrunning.md) This application provides a practical use case to explore the prevention of auction front-running, also known as "bid sniping", where a validator takes advantage of seeing a bid in the mempool to place their own higher bid before the original bid is processed. + +The tutorial will guide you through using the Cosmos SDK to mitigate front-running using vote extensions. The module will be built on top of the base blockchain provided in the `tutorials/base` directory and will use the `auction` module as a foundation. By the end of this tutorial, you will have a better understanding of how to prevent front-running in blockchain auctions, specifically in the context of nameservice auctioning. + +## What are Vote extensions? + +Vote extensions is arbitrary information which can be inserted into a block. This feature is part of ABCI 2.0, which is available for use in the SDK 0.50 release and part of the 0.38 CometBFT release. + +More information about vote extensions can be seen [here](https://docs.cosmos.network/main/build/abci/vote-extensions). + +## Requirements and Setup + +Before diving into the advanced tutorial on auction front-running simulation, ensure you meet the following requirements: + +* [Golang >1.21.5](https://golang.org/doc/install) installed +* Familiarity with the concepts of front-running and MEV, as detailed in [Understanding Front-Running](./01-understanding-frontrunning.md) +* Understanding of Vote Extensions as described [here](https://docs.cosmos.network/main/build/abci/vote-extensions) + +You will also need a foundational blockchain to build upon coupled with your own module. The `tutorials/base` directory has the necessary blockchain code to start your custom project with the Cosmos SDK. For the module, you can use the `auction` module provided in the `tutorials/auction/x/auction` directory as a reference but please be aware that all of the code needed to implement vote extensions is already implemented in this module. + +This will set up a strong base for your blockchain, enabling the integration of advanced features such as auction front-running simulation. diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/01-understanding-frontrunning.md b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/01-understanding-frontrunning.md new file mode 100644 index 00000000..31602b0e --- /dev/null +++ b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/01-understanding-frontrunning.md @@ -0,0 +1,41 @@ +# Understanding Front-Running and more + +## Introduction + +Blockchain technology is vulnerable to practices that can affect the fairness and security of the network. Two such practices are front-running and Maximal Extractable Value (MEV), which are important for blockchain participants to understand. + +## What is Front-Running? + +Front-running is when someone, such as a validator, uses their ability to see pending transactions to execute their own transactions first, benefiting from the knowledge of upcoming transactions. In nameservice auctions, a front-runner might place a higher bid before the original bid is confirmed, unfairly winning the auction. + +## Nameservices and Nameservice Auctions + +Nameservices are human-readable identifiers on a blockchain, akin to internet domain names, that correspond to specific addresses or resources. They simplify interactions with typically long and complex blockchain addresses, allowing users to have a memorable and unique identifier for their blockchain address or smart contract. + +Nameservice auctions are the process by which these identifiers are bid on and acquired. To combat front-running—where someone might use knowledge of pending bids to place a higher bid first—mechanisms such as commit-reveal schemes, auction extensions, and fair sequencing are implemented. These strategies ensure a transparent and fair bidding process, reducing the potential for Maximal Extractable Value (MEV) exploitation. + +## What is Maximal Extractable Value (MEV)? + +MEV is the highest value that can be extracted by manipulating the order of transactions within a block, beyond the standard block rewards and fees. This has become more prominent with the growth of decentralised finance (DeFi), where transaction order can greatly affect profits. + +## Implications of MEV + +MEV can lead to: + +- **Network Security**: Potential centralisation, as those with more computational power might dominate the process, increasing the risk of attacks. +- **Market Fairness**: An uneven playing field where only a few can gain at the expense of the majority. +- **User Experience**: Higher fees and network congestion due to the competition for MEV. + +## Mitigating MEV and Front-Running + +Some solutions being developed to mitigate MEV and front-running, including: + +- **Time-delayed Transactions**: Random delays to make transaction timing unpredictable. +- **Private Transaction Pools**: Concealing transactions until they are mined. +- **Fair Sequencing Services**: Processing transactions in the order they are received. + +For this tutorial, we will be exploring the last solution, fair sequencing services, in the context of nameservice auctions. + +## Conclusion + +MEV and front-running are challenges to blockchain integrity and fairness. Ongoing innovation and implementation of mitigation strategies are crucial for the ecosystem's health and success. diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md new file mode 100644 index 00000000..a3d7549e --- /dev/null +++ b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md @@ -0,0 +1,331 @@ +# Mitigating Front-running with Vote Extensions + +## Table of Contents + +* [Prerequisites](#prerequisites) +* [Implementing Structs for Vote Extensions](#implementing-structs-for-vote-extensions) +* [Implementing Handlers and Configuring Handlers](#implementing-handlers-and-configuring-handlers) + +## Prerequisites + +Before implementing vote extensions to mitigate front-running, ensure you have a module ready to implement the vote extensions with. If you need to create or reference a similar module, see `x/auction` for guidance. + +In this section, we will discuss the steps to mitigate front-running using vote extensions. We will introduce new types within the `abci/types.go` file. These types will be used to handle the process of preparing proposals, processing proposals, and handling vote extensions. + +### Implementing Structs for Vote Extensions + +First, copy the following structs into the `abci/types.go` and each of these structs serves a specific purpose in the process of mitigating front-running using vote extensions: + +```go +package abci + +import ( + //import the necessary files +) + +type PrepareProposalHandler struct { + logger log.Logger + txConfig client.TxConfig + cdc codec.Codec + mempool *mempool.ThresholdMempool + txProvider provider.TxProvider + keyname string + runProvider bool +} +``` + +The `PrepareProposalHandler` struct is used to handle the preparation of a proposal in the consensus process. It contains several fields: logger for logging information and errors, txConfig for transaction configuration, cdc (Codec) for encoding and decoding transactions, mempool for referencing the set of unconfirmed transactions, txProvider for building the proposal with transactions, keyname for the name of the key used for signing transactions, and runProvider, a boolean flag indicating whether the provider should be run to build the proposal. + +```go +type ProcessProposalHandler struct { + TxConfig client.TxConfig + Codec codec.Codec + Logger log.Logger +} +``` + +After the proposal has been prepared and vote extensions have been included, the `ProcessProposalHandler` is used to process the proposal. This includes validating the proposal and the included vote extensions. The `ProcessProposalHandler` allows you to access the transaction configuration and codec, which are necessary for processing the vote extensions. + +```go +type VoteExtHandler struct { + logger log.Logger + currentBlock int64 + mempool *mempool.ThresholdMempool + cdc codec.Codec +} +``` + +This struct is used to handle vote extensions. It contains a logger for logging events, the current block number, a mempool for storing transactions, and a codec for encoding and decoding. Vote extensions are a key part of the process to mitigate front-running, as they allow for additional information to be included with each vote. + +```go +type InjectedVoteExt struct { + VoteExtSigner []byte + Bids [][]byte +} + +type InjectedVotes struct { + Votes []InjectedVoteExt +} +``` + +These structs are used to handle injected vote extensions. They include the signer of the vote extension and the bids associated with the vote extension. Each byte array in Bids is a serialised form of a bid transaction. Injected vote extensions are used to add additional information to a vote after it has been created, which can be useful for adding context or additional data to a vote. The serialised bid transactions provide a way to include complex transaction data in a compact, efficient format. + +```go +type AppVoteExtension struct { + Height int64 + Bids [][]byte +} +``` + +This struct is used for application vote extensions. It includes the height of the block and the bids associated with the vote extension. Application vote extensions are used to add additional information to a vote at the application level, which can be useful for adding context or additional data to a vote that is specific to the application. + +```go +type SpecialTransaction struct { + Height int + Bids [][]byte +} +``` + +This struct is used for special transactions. It includes the height of the block and the bids associated with the transaction. Special transactions are used for transactions that need to be handled differently from regular transactions, such as transactions that are part of the process to mitigate front-running. + +### Implementing Handlers and Configuring Handlers + +To establish the `VoteExtensionHandler`, follow these steps: + +1. Navigate to the `abci/proposal.go` file. This is where we will implement the `VoteExtensionHandler``. + +2. Implement the `NewVoteExtensionHandler` function. This function is a constructor for the `VoteExtHandler` struct. It takes a logger, a mempool, and a codec as parameters and returns a new instance of `VoteExtHandler`. + +```go +func NewVoteExtensionHandler(lg log.Logger, mp *mempool.ThresholdMempool, cdc codec.Codec) *VoteExtHandler { + return &VoteExtHandler{ + logger: lg, + mempool: mp, + cdc: cdc, + } +} +``` + +3. Implement the `ExtendVoteHandler()` method. This method should handle the logic of extending votes, including inspecting the mempool and submitting a list of all pending bids. This will allow you to access the list of unconfirmed transactions in the abci.`RequestPrepareProposal` during the ensuing block. + +```go +func (h *VoteExtHandler) ExtendVoteHandler() sdk.ExtendVoteHandler { + return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + h.logger.Info(fmt.Sprintf("Extending votes at block height : %v", req.Height)) + + voteExtBids := [][]byte{} + + // Get mempool txs + itr := h.mempool.SelectPending(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + sdkMsgs := tmptx.GetMsgs() + + // Iterate through msgs, check for any bids + for _, msg := range sdkMsgs { + switch msg := msg.(type) { + case *nstypes.MsgBid: + // Marshal sdk bids to []byte + bz, err := h.cdc.Marshal(msg) + if err != nil { + h.logger.Error(fmt.Sprintf("Error marshalling VE Bid : %v", err)) + break + } + voteExtBids = append(voteExtBids, bz) + default: + } + } + + // Move tx to ready pool + err := h.mempool.Update(context.Background(), tmptx) + + // Remove tx from app side mempool + if err != nil { + h.logger.Info(fmt.Sprintf("Unable to update mempool tx: %v", err)) + } + + itr = itr.Next() + } + + // Create vote extension + voteExt := AppVoteExtension{ + Height: req.Height, + Bids: voteExtBids, + } + + // Encode Vote Extension + bz, err := json.Marshal(voteExt) + if err != nil { + return nil, fmt.Errorf("Error marshalling VE: %w", err) + } + + return &abci.ResponseExtendVote{VoteExtension: bz}, nil +} +``` + +4. Configure the handler in `app/app.go` as shown below + +```go +bApp := baseapp.NewBaseApp(AppName, logger, db, txConfig.TxDecoder(), baseAppOptions...) +voteExtHandler := abci2.NewVoteExtensionHandler(logger, mempool, appCodec) +bApp.SetExtendVoteHandler(voteExtHandler.ExtendVoteHandler()) +``` + +To give a bit of context on what is happening above, we first create a new instance of `VoteExtensionHandler` with the necessary dependencies (logger, mempool, and codec). Then, we set this handler as the `ExtendVoteHandler` for our application. This means that whenever a vote needs to be extended, our custom `ExtendVoteHandler()` method will be called. + +To test if vote extensions have been propagated, add the following to the `PrepareProposalHandler`: + +```go +if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf(" :: Get vote extensions: %v", voteExt)) +} +``` + +This is how the whole function should look: + +```go +func (h *PrepareProposalHandler) PrepareProposalHandler() sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + h.logger.Info(fmt.Sprintf(" :: Prepare Proposal")) + var proposalTxs [][]byte + + var txs []sdk.Tx + + // Get Vote Extensions + if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf(" :: Get vote extensions: %v", voteExt)) + } + + itr := h.mempool.Select(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + + txs = append(txs, tmptx) + itr = itr.Next() + } + h.logger.Info(fmt.Sprintf(" :: Number of Transactions available from mempool: %v", len(txs))) + + if h.runProvider { + tmpMsgs, err := h.txProvider.BuildProposal(ctx, txs) + if err != nil { + h.logger.Error(fmt.Sprintf(" :: Error Building Custom Proposal: %v", err)) + } + txs = tmpMsgs + } + + for _, sdkTxs := range txs { + txBytes, err := h.txConfig.TxEncoder()(sdkTxs) + if err != nil { + h.logger.Info(fmt.Sprintf("~Error encoding transaction: %v", err.Error())) + } + proposalTxs = append(proposalTxs, txBytes) + } + + h.logger.Info(fmt.Sprintf(" :: Number of Transactions in proposal: %v", len(proposalTxs))) + + return &abci.ResponsePrepareProposal{Txs: proposalTxs}, nil + } +} +``` + +As mentioned above, we check if vote extensions have been propagated, you can do this by checking the logs for any relevant messages such as ` :: Get vote extensions:`. If the logs do not provide enough information, you can also reinitialise your local testing environment by running the `./scripts/single_node/setup.sh` script again. + +5. Implement the `ProcessProposalHandler()`. This function is responsible for processing the proposal. It should handle the logic of processing vote extensions, including inspecting the proposal and validating the bids. + +```go +func (h *ProcessProposalHandler) ProcessProposalHandler() sdk.ProcessProposalHandler { + return func(ctx sdk.Context, req *abci.RequestProcessProposal) (resp *abci.ResponseProcessProposal, err error) { + h.Logger.Info(fmt.Sprintf(" :: Process Proposal")) + + // The first transaction will always be the Special Transaction + numTxs := len(req.Txs) + + h.Logger.Info(fmt.Sprintf(":: Number of transactions :: %v", numTxs)) + + if numTxs >= 1 { + var st SpecialTransaction + err = json.Unmarshal(req.Txs[0], &st) + if err != nil { + h.Logger.Error(fmt.Sprintf(":: Error unmarshalling special Tx in Process Proposal :: %v", err)) + } + if len(st.Bids) > 0 { + h.Logger.Info(fmt.Sprintf(":: There are bids in the Special Transaction")) + var bids []nstypes.MsgBid + for i, b := range st.Bids { + var bid nstypes.MsgBid + h.Codec.Unmarshal(b, &bid) + h.Logger.Info(fmt.Sprintf(":: Special Transaction Bid No %v :: %v", i, bid)) + bids = append(bids, bid) + } + // Validate Bids in Tx + txs := req.Txs[1:] + ok, err := ValidateBids(h.TxConfig, bids, txs, h.Logger) + if err != nil { + h.Logger.Error(fmt.Sprintf(":: Error validating bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + if !ok { + h.Logger.Error(fmt.Sprintf(":: Unable to validate bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + h.Logger.Info(":: Successfully validated bids in Process Proposal") + } + } + + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil + } +} +``` + +6. Implement the `ProcessVoteExtensions()` function. This function should handle the logic of processing vote extensions, including validating the bids. + +```go +func processVoteExtensions(req *abci.RequestPrepareProposal, log log.Logger) (SpecialTransaction, error) { + log.Info(fmt.Sprintf(" :: Process Vote Extensions")) + + // Create empty response + st := SpecialTransaction{ + 0, + [][]byte{}, + } + + // Get Vote Ext for H-1 from Req + voteExt := req.GetLocalLastCommit() + votes := voteExt.Votes + + // Iterate through votes + var ve AppVoteExtension + for _, vote := range votes { + // Unmarshal to AppExt + err := json.Unmarshal(vote.VoteExtension, &ve) + if err != nil { + log.Error(fmt.Sprintf(" :: Error unmarshalling Vote Extension")) + } + + st.Height = int(ve.Height) + + // If Bids in VE, append to Special Transaction + if len(ve.Bids) > 0 { + log.Info(" :: Bids in VE") + for _, b := range ve.Bids { + st.Bids = append(st.Bids, b) + } + } + } + + return st, nil +} +``` + +7. Configure the `ProcessProposalHandler()` in app/app.go: + +```go +processPropHandler := abci2.ProcessProposalHandler{app.txConfig, appCodec, logger} +bApp.SetProcessProposal(processPropHandler.ProcessProposalHandler()) +``` + +This sets the `ProcessProposalHandler()` for our application. This means that whenever a proposal needs to be processed, our custom `ProcessProposalHandler()` method will be called. + +To test if the proposal processing and vote extensions are working correctly, you can check the logs for any relevant messages. If the logs do not provide enough information, you can also reinitialize your local testing environment by running `./scripts/single_node/setup.sh` script. diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md.bak b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md.bak new file mode 100644 index 00000000..421b6ed8 --- /dev/null +++ b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md.bak @@ -0,0 +1,331 @@ +# Mitigating Front-running with Vote Extensions + +## Table of Contents + +* [Prerequisites](#prerequisites) +* [Implementing Structs for Vote Extensions](#implementing-structs-for-vote-extensions) +* [Implementing Handlers and Configuring Handlers](#implementing-handlers-and-configuring-handlers) + +## Prerequisites + +Before implementing vote extensions to mitigate front-running, ensure you have a module ready to implement the vote extensions with. If you need to create or reference a similar module, see `x/auction` for guidance. + +In this section, we will discuss the steps to mitigate front-running using vote extensions. We will introduce new types within the `abci/types.go` file. These types will be used to handle the process of preparing proposals, processing proposals, and handling vote extensions. + +### Implementing Structs for Vote Extensions + +First, copy the following structs into the `abci/types.go` and each of these structs serves a specific purpose in the process of mitigating front-running using vote extensions: + +```go +package abci + +import ( + //import the necessary files +) + +type PrepareProposalHandler struct { + logger log.Logger + txConfig client.TxConfig + cdc codec.Codec + mempool *mempool.ThresholdMempool + txProvider provider.TxProvider + keyname string + runProvider bool +} +``` + +The `PrepareProposalHandler` struct is used to handle the preparation of a proposal in the consensus process. It contains several fields: logger for logging information and errors, txConfig for transaction configuration, cdc (Codec) for encoding and decoding transactions, mempool for referencing the set of unconfirmed transactions, txProvider for building the proposal with transactions, keyname for the name of the key used for signing transactions, and runProvider, a boolean flag indicating whether the provider should be run to build the proposal. + +```go +type ProcessProposalHandler struct { + TxConfig client.TxConfig + Codec codec.Codec + Logger log.Logger +} +``` + +After the proposal has been prepared and vote extensions have been included, the `ProcessProposalHandler` is used to process the proposal. This includes validating the proposal and the included vote extensions. The `ProcessProposalHandler` allows you to access the transaction configuration and codec, which are necessary for processing the vote extensions. + +```go +type VoteExtHandler struct { + logger log.Logger + currentBlock int64 + mempool *mempool.ThresholdMempool + cdc codec.Codec +} +``` + +This struct is used to handle vote extensions. It contains a logger for logging events, the current block number, a mempool for storing transactions, and a codec for encoding and decoding. Vote extensions are a key part of the process to mitigate front-running, as they allow for additional information to be included with each vote. + +```go +type InjectedVoteExt struct { + VoteExtSigner []byte + Bids [][]byte +} + +type InjectedVotes struct { + Votes []InjectedVoteExt +} +``` + +These structs are used to handle injected vote extensions. They include the signer of the vote extension and the bids associated with the vote extension. Each byte array in Bids is a serialised form of a bid transaction. Injected vote extensions are used to add additional information to a vote after it has been created, which can be useful for adding context or additional data to a vote. The serialised bid transactions provide a way to include complex transaction data in a compact, efficient format. + +```go +type AppVoteExtension struct { + Height int64 + Bids [][]byte +} +``` + +This struct is used for application vote extensions. It includes the height of the block and the bids associated with the vote extension. Application vote extensions are used to add additional information to a vote at the application level, which can be useful for adding context or additional data to a vote that is specific to the application. + +```go +type SpecialTransaction struct { + Height int + Bids [][]byte +} +``` + +This struct is used for special transactions. It includes the height of the block and the bids associated with the transaction. Special transactions are used for transactions that need to be handled differently from regular transactions, such as transactions that are part of the process to mitigate front-running. + +### Implementing Handlers and Configuring Handlers + +To establish the `VoteExtensionHandler`, follow these steps: + +1. Navigate to the `abci/proposal.go` file. This is where we will implement the `VoteExtensionHandler``. + +2. Implement the `NewVoteExtensionHandler` function. This function is a constructor for the `VoteExtHandler` struct. It takes a logger, a mempool, and a codec as parameters and returns a new instance of `VoteExtHandler`. + +```go +func NewVoteExtensionHandler(lg log.Logger, mp *mempool.ThresholdMempool, cdc codec.Codec) *VoteExtHandler { + return &VoteExtHandler{ + logger: lg, + mempool: mp, + cdc: cdc, + } +} +``` + +3. Implement the `ExtendVoteHandler()` method. This method should handle the logic of extending votes, including inspecting the mempool and submitting a list of all pending bids. This will allow you to access the list of unconfirmed transactions in the abci.`RequestPrepareProposal` during the ensuing block. + +```go +func (h *VoteExtHandler) ExtendVoteHandler() sdk.ExtendVoteHandler { + return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + h.logger.Info(fmt.Sprintf("Extending votes at block height : %v", req.Height)) + + voteExtBids := [][]byte{} + + // Get mempool txs + itr := h.mempool.SelectPending(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + sdkMsgs := tmptx.GetMsgs() + + // Iterate through msgs, check for any bids + for _, msg := range sdkMsgs { + switch msg := msg.(type) { + case *nstypes.MsgBid: + // Marshal sdk bids to []byte + bz, err := h.cdc.Marshal(msg) + if err != nil { + h.logger.Error(fmt.Sprintf("Error marshalling VE Bid : %v", err)) + break + } + voteExtBids = append(voteExtBids, bz) + default: + } + } + + // Move tx to ready pool + err := h.mempool.Update(context.Background(), tmptx) + + // Remove tx from app side mempool + if err != nil { + h.logger.Info(fmt.Sprintf("Unable to update mempool tx: %v", err)) + } + + itr = itr.Next() + } + + // Create vote extension + voteExt := AppVoteExtension{ + Height: req.Height, + Bids: voteExtBids, + } + + // Encode Vote Extension + bz, err := json.Marshal(voteExt) + if err != nil { + return nil, fmt.Errorf("Error marshalling VE: %w", err) + } + + return &abci.ResponseExtendVote{VoteExtension: bz}, nil +} +``` + +4. Configure the handler in `app/app.go` as shown below + +```go +bApp := baseapp.NewBaseApp(AppName, logger, db, txConfig.TxDecoder(), baseAppOptions...) +voteExtHandler := abci2.NewVoteExtensionHandler(logger, mempool, appCodec) +bApp.SetExtendVoteHandler(voteExtHandler.ExtendVoteHandler()) +``` + +To give a bit of context on what is happening above, we first create a new instance of `VoteExtensionHandler` with the necessary dependencies (logger, mempool, and codec). Then, we set this handler as the `ExtendVoteHandler` for our application. This means that whenever a vote needs to be extended, our custom `ExtendVoteHandler()` method will be called. + +To test if vote extensions have been propagated, add the following to the `PrepareProposalHandler`: + +```go +if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf("🛠️ :: Get vote extensions: %v", voteExt)) +} +``` + +This is how the whole function should look: + +```go +func (h *PrepareProposalHandler) PrepareProposalHandler() sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + h.logger.Info(fmt.Sprintf("🛠️ :: Prepare Proposal")) + var proposalTxs [][]byte + + var txs []sdk.Tx + + // Get Vote Extensions + if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf("🛠️ :: Get vote extensions: %v", voteExt)) + } + + itr := h.mempool.Select(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + + txs = append(txs, tmptx) + itr = itr.Next() + } + h.logger.Info(fmt.Sprintf("🛠️ :: Number of Transactions available from mempool: %v", len(txs))) + + if h.runProvider { + tmpMsgs, err := h.txProvider.BuildProposal(ctx, txs) + if err != nil { + h.logger.Error(fmt.Sprintf("❌️ :: Error Building Custom Proposal: %v", err)) + } + txs = tmpMsgs + } + + for _, sdkTxs := range txs { + txBytes, err := h.txConfig.TxEncoder()(sdkTxs) + if err != nil { + h.logger.Info(fmt.Sprintf("❌~Error encoding transaction: %v", err.Error())) + } + proposalTxs = append(proposalTxs, txBytes) + } + + h.logger.Info(fmt.Sprintf("🛠️ :: Number of Transactions in proposal: %v", len(proposalTxs))) + + return &abci.ResponsePrepareProposal{Txs: proposalTxs}, nil + } +} +``` + +As mentioned above, we check if vote extensions have been propagated, you can do this by checking the logs for any relevant messages such as `🛠️ :: Get vote extensions:`. If the logs do not provide enough information, you can also reinitialise your local testing environment by running the `./scripts/single_node/setup.sh` script again. + +5. Implement the `ProcessProposalHandler()`. This function is responsible for processing the proposal. It should handle the logic of processing vote extensions, including inspecting the proposal and validating the bids. + +```go +func (h *ProcessProposalHandler) ProcessProposalHandler() sdk.ProcessProposalHandler { + return func(ctx sdk.Context, req *abci.RequestProcessProposal) (resp *abci.ResponseProcessProposal, err error) { + h.Logger.Info(fmt.Sprintf("⚙️ :: Process Proposal")) + + // The first transaction will always be the Special Transaction + numTxs := len(req.Txs) + + h.Logger.Info(fmt.Sprintf("⚙️:: Number of transactions :: %v", numTxs)) + + if numTxs >= 1 { + var st SpecialTransaction + err = json.Unmarshal(req.Txs[0], &st) + if err != nil { + h.Logger.Error(fmt.Sprintf("❌️:: Error unmarshalling special Tx in Process Proposal :: %v", err)) + } + if len(st.Bids) > 0 { + h.Logger.Info(fmt.Sprintf("⚙️:: There are bids in the Special Transaction")) + var bids []nstypes.MsgBid + for i, b := range st.Bids { + var bid nstypes.MsgBid + h.Codec.Unmarshal(b, &bid) + h.Logger.Info(fmt.Sprintf("⚙️:: Special Transaction Bid No %v :: %v", i, bid)) + bids = append(bids, bid) + } + // Validate Bids in Tx + txs := req.Txs[1:] + ok, err := ValidateBids(h.TxConfig, bids, txs, h.Logger) + if err != nil { + h.Logger.Error(fmt.Sprintf("❌️:: Error validating bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + if !ok { + h.Logger.Error(fmt.Sprintf("❌️:: Unable to validate bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + h.Logger.Info("⚙️:: Successfully validated bids in Process Proposal") + } + } + + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil + } +} +``` + +6. Implement the `ProcessVoteExtensions()` function. This function should handle the logic of processing vote extensions, including validating the bids. + +```go +func processVoteExtensions(req *abci.RequestPrepareProposal, log log.Logger) (SpecialTransaction, error) { + log.Info(fmt.Sprintf("🛠️ :: Process Vote Extensions")) + + // Create empty response + st := SpecialTransaction{ + 0, + [][]byte{}, + } + + // Get Vote Ext for H-1 from Req + voteExt := req.GetLocalLastCommit() + votes := voteExt.Votes + + // Iterate through votes + var ve AppVoteExtension + for _, vote := range votes { + // Unmarshal to AppExt + err := json.Unmarshal(vote.VoteExtension, &ve) + if err != nil { + log.Error(fmt.Sprintf("❌ :: Error unmarshalling Vote Extension")) + } + + st.Height = int(ve.Height) + + // If Bids in VE, append to Special Transaction + if len(ve.Bids) > 0 { + log.Info("🛠️ :: Bids in VE") + for _, b := range ve.Bids { + st.Bids = append(st.Bids, b) + } + } + } + + return st, nil +} +``` + +7. Configure the `ProcessProposalHandler()` in app/app.go: + +```go +processPropHandler := abci2.ProcessProposalHandler{app.txConfig, appCodec, logger} +bApp.SetProcessProposal(processPropHandler.ProcessProposalHandler()) +``` + +This sets the `ProcessProposalHandler()` for our application. This means that whenever a proposal needs to be processed, our custom `ProcessProposalHandler()` method will be called. + +To test if the proposal processing and vote extensions are working correctly, you can check the logs for any relevant messages. If the logs do not provide enough information, you can also reinitialize your local testing environment by running `./scripts/single_node/setup.sh` script. diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md new file mode 100644 index 00000000..55c84fa7 --- /dev/null +++ b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md @@ -0,0 +1,331 @@ +# Mitigating Front-running with Vote Extensions + +## Table of Contents + +- [Prerequisites](#prerequisites) +- [Implementing Structs for Vote Extensions](#implementing-structs-for-vote-extensions) +- [Implementing Handlers and Configuring Handlers](#implementing-handlers-and-configuring-handlers) + +## Prerequisites + +Before implementing vote extensions to mitigate front-running, ensure you have a module ready to implement the vote extensions with. If you need to create or reference a similar module, see `x/auction` for guidance. + +In this section, we will discuss the steps to mitigate front-running using vote extensions. We will introduce new types within the `abci/types.go` file. These types will be used to handle the process of preparing proposals, processing proposals, and handling vote extensions. + +### Implementing Structs for Vote Extensions + +First, copy the following structs into the `abci/types.go` and each of these structs serves a specific purpose in the process of mitigating front-running using vote extensions: + +```go +package abci + +import ( + //import the necessary files +) + +type PrepareProposalHandler struct { + logger log.Logger + txConfig client.TxConfig + cdc codec.Codec + mempool *mempool.ThresholdMempool + txProvider provider.TxProvider + keyname string + runProvider bool +} +``` + +The `PrepareProposalHandler` struct is used to handle the preparation of a proposal in the consensus process. It contains several fields: logger for logging information and errors, txConfig for transaction configuration, cdc (Codec) for encoding and decoding transactions, mempool for referencing the set of unconfirmed transactions, txProvider for building the proposal with transactions, keyname for the name of the key used for signing transactions, and runProvider, a boolean flag indicating whether the provider should be run to build the proposal. + +```go +type ProcessProposalHandler struct { + TxConfig client.TxConfig + Codec codec.Codec + Logger log.Logger +} +``` + +After the proposal has been prepared and vote extensions have been included, the `ProcessProposalHandler` is used to process the proposal. This includes validating the proposal and the included vote extensions. The `ProcessProposalHandler` allows you to access the transaction configuration and codec, which are necessary for processing the vote extensions. + +```go +type VoteExtHandler struct { + logger log.Logger + currentBlock int64 + mempool *mempool.ThresholdMempool + cdc codec.Codec +} +``` + +This struct is used to handle vote extensions. It contains a logger for logging events, the current block number, a mempool for storing transactions, and a codec for encoding and decoding. Vote extensions are a key part of the process to mitigate front-running, as they allow for additional information to be included with each vote. + +```go +type InjectedVoteExt struct { + VoteExtSigner []byte + Bids [][]byte +} + +type InjectedVotes struct { + Votes []InjectedVoteExt +} +``` + +These structs are used to handle injected vote extensions. They include the signer of the vote extension and the bids associated with the vote extension. Each byte array in Bids is a serialised form of a bid transaction. Injected vote extensions are used to add additional information to a vote after it has been created, which can be useful for adding context or additional data to a vote. The serialised bid transactions provide a way to include complex transaction data in a compact, efficient format. + +```go +type AppVoteExtension struct { + Height int64 + Bids [][]byte +} +``` + +This struct is used for application vote extensions. It includes the height of the block and the bids associated with the vote extension. Application vote extensions are used to add additional information to a vote at the application level, which can be useful for adding context or additional data to a vote that is specific to the application. + +```go +type SpecialTransaction struct { + Height int + Bids [][]byte +} +``` + +This struct is used for special transactions. It includes the height of the block and the bids associated with the transaction. Special transactions are used for transactions that need to be handled differently from regular transactions, such as transactions that are part of the process to mitigate front-running. + +### Implementing Handlers and Configuring Handlers + +To establish the `VoteExtensionHandler`, follow these steps: + +1. Navigate to the `abci/proposal.go` file. This is where we will implement the `VoteExtensionHandler``. + +2. Implement the `NewVoteExtensionHandler` function. This function is a constructor for the `VoteExtHandler` struct. It takes a logger, a mempool, and a codec as parameters and returns a new instance of `VoteExtHandler`. + +```go +func NewVoteExtensionHandler(lg log.Logger, mp *mempool.ThresholdMempool, cdc codec.Codec) *VoteExtHandler { + return &VoteExtHandler{ + logger: lg, + mempool: mp, + cdc: cdc, + } +} +``` + +3. Implement the `ExtendVoteHandler()` method. This method should handle the logic of extending votes, including inspecting the mempool and submitting a list of all pending bids. This will allow you to access the list of unconfirmed transactions in the abci.`RequestPrepareProposal` during the ensuing block. + +```go +func (h *VoteExtHandler) ExtendVoteHandler() sdk.ExtendVoteHandler { + return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + h.logger.Info(fmt.Sprintf("Extending votes at block height : %v", req.Height)) + + voteExtBids := [][]byte{} + + // Get mempool txs + itr := h.mempool.SelectPending(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + sdkMsgs := tmptx.GetMsgs() + + // Iterate through msgs, check for any bids + for _, msg := range sdkMsgs { + switch msg := msg.(type) { + case *nstypes.MsgBid: + // Marshal sdk bids to []byte + bz, err := h.cdc.Marshal(msg) + if err != nil { + h.logger.Error(fmt.Sprintf("Error marshalling VE Bid : %v", err)) + break + } + voteExtBids = append(voteExtBids, bz) + default: + } + } + + // Move tx to ready pool + err := h.mempool.Update(context.Background(), tmptx) + + // Remove tx from app side mempool + if err != nil { + h.logger.Info(fmt.Sprintf("Unable to update mempool tx: %v", err)) + } + + itr = itr.Next() + } + + // Create vote extension + voteExt := AppVoteExtension{ + Height: req.Height, + Bids: voteExtBids, + } + + // Encode Vote Extension + bz, err := json.Marshal(voteExt) + if err != nil { + return nil, fmt.Errorf("Error marshalling VE: %w", err) + } + + return &abci.ResponseExtendVote{VoteExtension: bz}, nil +} +``` + +4. Configure the handler in `app/app.go` as shown below + +```go +bApp := baseapp.NewBaseApp(AppName, logger, db, txConfig.TxDecoder(), baseAppOptions...) +voteExtHandler := abci2.NewVoteExtensionHandler(logger, mempool, appCodec) +bApp.SetExtendVoteHandler(voteExtHandler.ExtendVoteHandler()) +``` + +To give a bit of context on what is happening above, we first create a new instance of `VoteExtensionHandler` with the necessary dependencies (logger, mempool, and codec). Then, we set this handler as the `ExtendVoteHandler` for our application. This means that whenever a vote needs to be extended, our custom `ExtendVoteHandler()` method will be called. + +To test if vote extensions have been propagated, add the following to the `PrepareProposalHandler`: + +```go +if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf(" :: Get vote extensions: %v", voteExt)) +} +``` + +This is how the whole function should look: + +```go +func (h *PrepareProposalHandler) PrepareProposalHandler() sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + h.logger.Info(fmt.Sprintf(" :: Prepare Proposal")) + var proposalTxs [][]byte + + var txs []sdk.Tx + + // Get Vote Extensions + if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf(" :: Get vote extensions: %v", voteExt)) + } + + itr := h.mempool.Select(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + + txs = append(txs, tmptx) + itr = itr.Next() + } + h.logger.Info(fmt.Sprintf(" :: Number of Transactions available from mempool: %v", len(txs))) + + if h.runProvider { + tmpMsgs, err := h.txProvider.BuildProposal(ctx, txs) + if err != nil { + h.logger.Error(fmt.Sprintf(" :: Error Building Custom Proposal: %v", err)) + } + txs = tmpMsgs + } + + for _, sdkTxs := range txs { + txBytes, err := h.txConfig.TxEncoder()(sdkTxs) + if err != nil { + h.logger.Info(fmt.Sprintf("~Error encoding transaction: %v", err.Error())) + } + proposalTxs = append(proposalTxs, txBytes) + } + + h.logger.Info(fmt.Sprintf(" :: Number of Transactions in proposal: %v", len(proposalTxs))) + + return &abci.ResponsePrepareProposal{Txs: proposalTxs}, nil + } +} +``` + +As mentioned above, we check if vote extensions have been propagated, you can do this by checking the logs for any relevant messages such as ` :: Get vote extensions:`. If the logs do not provide enough information, you can also reinitialise your local testing environment by running the `./scripts/single_node/setup.sh` script again. + +5. Implement the `ProcessProposalHandler()`. This function is responsible for processing the proposal. It should handle the logic of processing vote extensions, including inspecting the proposal and validating the bids. + +```go +func (h *ProcessProposalHandler) ProcessProposalHandler() sdk.ProcessProposalHandler { + return func(ctx sdk.Context, req *abci.RequestProcessProposal) (resp *abci.ResponseProcessProposal, err error) { + h.Logger.Info(fmt.Sprintf(" :: Process Proposal")) + + // The first transaction will always be the Special Transaction + numTxs := len(req.Txs) + + h.Logger.Info(fmt.Sprintf(":: Number of transactions :: %v", numTxs)) + + if numTxs >= 1 { + var st SpecialTransaction + err = json.Unmarshal(req.Txs[0], &st) + if err != nil { + h.Logger.Error(fmt.Sprintf(":: Error unmarshalling special Tx in Process Proposal :: %v", err)) + } + if len(st.Bids) > 0 { + h.Logger.Info(fmt.Sprintf(":: There are bids in the Special Transaction")) + var bids []nstypes.MsgBid + for i, b := range st.Bids { + var bid nstypes.MsgBid + h.Codec.Unmarshal(b, &bid) + h.Logger.Info(fmt.Sprintf(":: Special Transaction Bid No %v :: %v", i, bid)) + bids = append(bids, bid) + } + // Validate Bids in Tx + txs := req.Txs[1:] + ok, err := ValidateBids(h.TxConfig, bids, txs, h.Logger) + if err != nil { + h.Logger.Error(fmt.Sprintf(":: Error validating bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + if !ok { + h.Logger.Error(fmt.Sprintf(":: Unable to validate bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + h.Logger.Info(":: Successfully validated bids in Process Proposal") + } + } + + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil + } +} +``` + +6. Implement the `ProcessVoteExtensions()` function. This function should handle the logic of processing vote extensions, including validating the bids. + +```go +func processVoteExtensions(req *abci.RequestPrepareProposal, log log.Logger) (SpecialTransaction, error) { + log.Info(fmt.Sprintf(" :: Process Vote Extensions")) + + // Create empty response + st := SpecialTransaction{ + 0, + [][]byte{}, + } + + // Get Vote Ext for H-1 from Req + voteExt := req.GetLocalLastCommit() + votes := voteExt.Votes + + // Iterate through votes + var ve AppVoteExtension + for _, vote := range votes { + // Unmarshal to AppExt + err := json.Unmarshal(vote.VoteExtension, &ve) + if err != nil { + log.Error(fmt.Sprintf(" :: Error unmarshalling Vote Extension")) + } + + st.Height = int(ve.Height) + + // If Bids in VE, append to Special Transaction + if len(ve.Bids) > 0 { + log.Info(" :: Bids in VE") + for _, b := range ve.Bids { + st.Bids = append(st.Bids, b) + } + } + } + + return st, nil +} +``` + +7. Configure the `ProcessProposalHandler()` in app/app.go: + +```go +processPropHandler := abci2.ProcessProposalHandler{app.txConfig, appCodec, logger} +bApp.SetProcessProposal(processPropHandler.ProcessProposalHandler()) +``` + +This sets the `ProcessProposalHandler()` for our application. This means that whenever a proposal needs to be processed, our custom `ProcessProposalHandler()` method will be called. + +To test if the proposal processing and vote extensions are working correctly, you can check the logs for any relevant messages. If the logs do not provide enough information, you can also reinitialize your local testing environment by running `./scripts/single_node/setup.sh` script. diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md.bak b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md.bak new file mode 100644 index 00000000..56c2d402 --- /dev/null +++ b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md.bak @@ -0,0 +1,331 @@ +# Mitigating Front-running with Vote Extensions + +## Table of Contents + +- [Prerequisites](#prerequisites) +- [Implementing Structs for Vote Extensions](#implementing-structs-for-vote-extensions) +- [Implementing Handlers and Configuring Handlers](#implementing-handlers-and-configuring-handlers) + +## Prerequisites + +Before implementing vote extensions to mitigate front-running, ensure you have a module ready to implement the vote extensions with. If you need to create or reference a similar module, see `x/auction` for guidance. + +In this section, we will discuss the steps to mitigate front-running using vote extensions. We will introduce new types within the `abci/types.go` file. These types will be used to handle the process of preparing proposals, processing proposals, and handling vote extensions. + +### Implementing Structs for Vote Extensions + +First, copy the following structs into the `abci/types.go` and each of these structs serves a specific purpose in the process of mitigating front-running using vote extensions: + +```go +package abci + +import ( + //import the necessary files +) + +type PrepareProposalHandler struct { + logger log.Logger + txConfig client.TxConfig + cdc codec.Codec + mempool *mempool.ThresholdMempool + txProvider provider.TxProvider + keyname string + runProvider bool +} +``` + +The `PrepareProposalHandler` struct is used to handle the preparation of a proposal in the consensus process. It contains several fields: logger for logging information and errors, txConfig for transaction configuration, cdc (Codec) for encoding and decoding transactions, mempool for referencing the set of unconfirmed transactions, txProvider for building the proposal with transactions, keyname for the name of the key used for signing transactions, and runProvider, a boolean flag indicating whether the provider should be run to build the proposal. + +```go +type ProcessProposalHandler struct { + TxConfig client.TxConfig + Codec codec.Codec + Logger log.Logger +} +``` + +After the proposal has been prepared and vote extensions have been included, the `ProcessProposalHandler` is used to process the proposal. This includes validating the proposal and the included vote extensions. The `ProcessProposalHandler` allows you to access the transaction configuration and codec, which are necessary for processing the vote extensions. + +```go +type VoteExtHandler struct { + logger log.Logger + currentBlock int64 + mempool *mempool.ThresholdMempool + cdc codec.Codec +} +``` + +This struct is used to handle vote extensions. It contains a logger for logging events, the current block number, a mempool for storing transactions, and a codec for encoding and decoding. Vote extensions are a key part of the process to mitigate front-running, as they allow for additional information to be included with each vote. + +```go +type InjectedVoteExt struct { + VoteExtSigner []byte + Bids [][]byte +} + +type InjectedVotes struct { + Votes []InjectedVoteExt +} +``` + +These structs are used to handle injected vote extensions. They include the signer of the vote extension and the bids associated with the vote extension. Each byte array in Bids is a serialised form of a bid transaction. Injected vote extensions are used to add additional information to a vote after it has been created, which can be useful for adding context or additional data to a vote. The serialised bid transactions provide a way to include complex transaction data in a compact, efficient format. + +```go +type AppVoteExtension struct { + Height int64 + Bids [][]byte +} +``` + +This struct is used for application vote extensions. It includes the height of the block and the bids associated with the vote extension. Application vote extensions are used to add additional information to a vote at the application level, which can be useful for adding context or additional data to a vote that is specific to the application. + +```go +type SpecialTransaction struct { + Height int + Bids [][]byte +} +``` + +This struct is used for special transactions. It includes the height of the block and the bids associated with the transaction. Special transactions are used for transactions that need to be handled differently from regular transactions, such as transactions that are part of the process to mitigate front-running. + +### Implementing Handlers and Configuring Handlers + +To establish the `VoteExtensionHandler`, follow these steps: + +1. Navigate to the `abci/proposal.go` file. This is where we will implement the `VoteExtensionHandler``. + +2. Implement the `NewVoteExtensionHandler` function. This function is a constructor for the `VoteExtHandler` struct. It takes a logger, a mempool, and a codec as parameters and returns a new instance of `VoteExtHandler`. + +```go +func NewVoteExtensionHandler(lg log.Logger, mp *mempool.ThresholdMempool, cdc codec.Codec) *VoteExtHandler { + return &VoteExtHandler{ + logger: lg, + mempool: mp, + cdc: cdc, + } +} +``` + +3. Implement the `ExtendVoteHandler()` method. This method should handle the logic of extending votes, including inspecting the mempool and submitting a list of all pending bids. This will allow you to access the list of unconfirmed transactions in the abci.`RequestPrepareProposal` during the ensuing block. + +```go +func (h *VoteExtHandler) ExtendVoteHandler() sdk.ExtendVoteHandler { + return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + h.logger.Info(fmt.Sprintf("Extending votes at block height : %v", req.Height)) + + voteExtBids := [][]byte{} + + // Get mempool txs + itr := h.mempool.SelectPending(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + sdkMsgs := tmptx.GetMsgs() + + // Iterate through msgs, check for any bids + for _, msg := range sdkMsgs { + switch msg := msg.(type) { + case *nstypes.MsgBid: + // Marshal sdk bids to []byte + bz, err := h.cdc.Marshal(msg) + if err != nil { + h.logger.Error(fmt.Sprintf("Error marshalling VE Bid : %v", err)) + break + } + voteExtBids = append(voteExtBids, bz) + default: + } + } + + // Move tx to ready pool + err := h.mempool.Update(context.Background(), tmptx) + + // Remove tx from app side mempool + if err != nil { + h.logger.Info(fmt.Sprintf("Unable to update mempool tx: %v", err)) + } + + itr = itr.Next() + } + + // Create vote extension + voteExt := AppVoteExtension{ + Height: req.Height, + Bids: voteExtBids, + } + + // Encode Vote Extension + bz, err := json.Marshal(voteExt) + if err != nil { + return nil, fmt.Errorf("Error marshalling VE: %w", err) + } + + return &abci.ResponseExtendVote{VoteExtension: bz}, nil +} +``` + +4. Configure the handler in `app/app.go` as shown below + +```go +bApp := baseapp.NewBaseApp(AppName, logger, db, txConfig.TxDecoder(), baseAppOptions...) +voteExtHandler := abci2.NewVoteExtensionHandler(logger, mempool, appCodec) +bApp.SetExtendVoteHandler(voteExtHandler.ExtendVoteHandler()) +``` + +To give a bit of context on what is happening above, we first create a new instance of `VoteExtensionHandler` with the necessary dependencies (logger, mempool, and codec). Then, we set this handler as the `ExtendVoteHandler` for our application. This means that whenever a vote needs to be extended, our custom `ExtendVoteHandler()` method will be called. + +To test if vote extensions have been propagated, add the following to the `PrepareProposalHandler`: + +```go +if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf("🛠️ :: Get vote extensions: %v", voteExt)) +} +``` + +This is how the whole function should look: + +```go +func (h *PrepareProposalHandler) PrepareProposalHandler() sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + h.logger.Info(fmt.Sprintf("🛠️ :: Prepare Proposal")) + var proposalTxs [][]byte + + var txs []sdk.Tx + + // Get Vote Extensions + if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + h.logger.Info(fmt.Sprintf("🛠️ :: Get vote extensions: %v", voteExt)) + } + + itr := h.mempool.Select(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + + txs = append(txs, tmptx) + itr = itr.Next() + } + h.logger.Info(fmt.Sprintf("🛠️ :: Number of Transactions available from mempool: %v", len(txs))) + + if h.runProvider { + tmpMsgs, err := h.txProvider.BuildProposal(ctx, txs) + if err != nil { + h.logger.Error(fmt.Sprintf("❌️ :: Error Building Custom Proposal: %v", err)) + } + txs = tmpMsgs + } + + for _, sdkTxs := range txs { + txBytes, err := h.txConfig.TxEncoder()(sdkTxs) + if err != nil { + h.logger.Info(fmt.Sprintf("❌~Error encoding transaction: %v", err.Error())) + } + proposalTxs = append(proposalTxs, txBytes) + } + + h.logger.Info(fmt.Sprintf("🛠️ :: Number of Transactions in proposal: %v", len(proposalTxs))) + + return &abci.ResponsePrepareProposal{Txs: proposalTxs}, nil + } +} +``` + +As mentioned above, we check if vote extensions have been propagated, you can do this by checking the logs for any relevant messages such as `🛠️ :: Get vote extensions:`. If the logs do not provide enough information, you can also reinitialise your local testing environment by running the `./scripts/single_node/setup.sh` script again. + +5. Implement the `ProcessProposalHandler()`. This function is responsible for processing the proposal. It should handle the logic of processing vote extensions, including inspecting the proposal and validating the bids. + +```go +func (h *ProcessProposalHandler) ProcessProposalHandler() sdk.ProcessProposalHandler { + return func(ctx sdk.Context, req *abci.RequestProcessProposal) (resp *abci.ResponseProcessProposal, err error) { + h.Logger.Info(fmt.Sprintf("⚙️ :: Process Proposal")) + + // The first transaction will always be the Special Transaction + numTxs := len(req.Txs) + + h.Logger.Info(fmt.Sprintf("⚙️:: Number of transactions :: %v", numTxs)) + + if numTxs >= 1 { + var st SpecialTransaction + err = json.Unmarshal(req.Txs[0], &st) + if err != nil { + h.Logger.Error(fmt.Sprintf("❌️:: Error unmarshalling special Tx in Process Proposal :: %v", err)) + } + if len(st.Bids) > 0 { + h.Logger.Info(fmt.Sprintf("⚙️:: There are bids in the Special Transaction")) + var bids []nstypes.MsgBid + for i, b := range st.Bids { + var bid nstypes.MsgBid + h.Codec.Unmarshal(b, &bid) + h.Logger.Info(fmt.Sprintf("⚙️:: Special Transaction Bid No %v :: %v", i, bid)) + bids = append(bids, bid) + } + // Validate Bids in Tx + txs := req.Txs[1:] + ok, err := ValidateBids(h.TxConfig, bids, txs, h.Logger) + if err != nil { + h.Logger.Error(fmt.Sprintf("❌️:: Error validating bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + if !ok { + h.Logger.Error(fmt.Sprintf("❌️:: Unable to validate bids in Process Proposal :: %v", err)) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + h.Logger.Info("⚙️:: Successfully validated bids in Process Proposal") + } + } + + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil + } +} +``` + +6. Implement the `ProcessVoteExtensions()` function. This function should handle the logic of processing vote extensions, including validating the bids. + +```go +func processVoteExtensions(req *abci.RequestPrepareProposal, log log.Logger) (SpecialTransaction, error) { + log.Info(fmt.Sprintf("🛠️ :: Process Vote Extensions")) + + // Create empty response + st := SpecialTransaction{ + 0, + [][]byte{}, + } + + // Get Vote Ext for H-1 from Req + voteExt := req.GetLocalLastCommit() + votes := voteExt.Votes + + // Iterate through votes + var ve AppVoteExtension + for _, vote := range votes { + // Unmarshal to AppExt + err := json.Unmarshal(vote.VoteExtension, &ve) + if err != nil { + log.Error(fmt.Sprintf("❌ :: Error unmarshalling Vote Extension")) + } + + st.Height = int(ve.Height) + + // If Bids in VE, append to Special Transaction + if len(ve.Bids) > 0 { + log.Info("🛠️ :: Bids in VE") + for _, b := range ve.Bids { + st.Bids = append(st.Bids, b) + } + } + } + + return st, nil +} +``` + +7. Configure the `ProcessProposalHandler()` in app/app.go: + +```go +processPropHandler := abci2.ProcessProposalHandler{app.txConfig, appCodec, logger} +bApp.SetProcessProposal(processPropHandler.ProcessProposalHandler()) +``` + +This sets the `ProcessProposalHandler()` for our application. This means that whenever a proposal needs to be processed, our custom `ProcessProposalHandler()` method will be called. + +To test if the proposal processing and vote extensions are working correctly, you can check the logs for any relevant messages. If the logs do not provide enough information, you can also reinitialize your local testing environment by running `./scripts/single_node/setup.sh` script. diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md new file mode 100644 index 00000000..24c688c9 --- /dev/null +++ b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md @@ -0,0 +1,106 @@ +# Demo of Mitigating Front-Running with Vote Extensions + +The purpose of this demo is to test the implementation of the `VoteExtensionHandler` and `PrepareProposalHandler` that we have just added to the codebase. These handlers are designed to mitigate front-running by ensuring that all validators have a consistent view of the mempool when preparing proposals. + +In this demo, we are using a 3 validator network. The Beacon validator is special because it has a custom transaction provider enabled. This means that it can potentially manipulate the order of transactions in a proposal to its advantage (i.e., front-running). + +1. Bootstrap the validator network: This sets up a network with 3 validators. The script `./scripts/configure.sh is used to configure the network and the validators. + +```shell +cd scripts +configure.sh +``` + +If this doesn't work please ensure you have run `make build` in the `tutorials/nameservice/base` directory. + + +2. Have alice attempt to reserve `bob.cosmos`: This is a normal transaction that alice wants to execute. The script ``./scripts/reserve.sh "bob.cosmos"` is used to send this transaction. + +```shell +reserve.sh "bob.cosmos" +``` + +3. Query to verify the name has been reserved: This is to check the result of the transaction. The script `./scripts/whois.sh "bob.cosmos"` is used to query the state of the blockchain. + +```shell +whois.sh "bob.cosmos" +``` + +It should return: + +```{ + "name": { + "name": "bob.cosmos", + "owner": "cosmos1nq9wuvuju4jdmpmzvxmg8zhhu2ma2y2l2pnu6w", + "resolve_address": "cosmos1h6zy2kn9efxtw5z22rc5k9qu7twl70z24kr3ht", + "amount": [ + { + "denom": "uatom", + "amount": "1000" + } + ] + } +} +``` + +To detect front-running attempts by the beacon, scrutinise the logs during the `ProcessProposal` stage. Open the logs for each validator, including the beacon, `val1`, and `val2`, to observe the following behavior. Open the log file of the validator node. The location of this file can vary depending on your setup, but it's typically located in a directory like `$HOME/cosmos/nodes/#{validator}/logs`. The directory in this case will be under the validator so, `beacon` `val1` or `val2`. Run the following to tail the logs of the validator or beacon: + +```shell +tail -f $HOME/cosmos/nodes/#{validator}/logs +``` + +```shell +2:47PM ERR :: Detected invalid proposal bid :: name:"bob.cosmos" resolveAddress:"cosmos1wmuwv38pdur63zw04t0c78r2a8dyt08hf9tpvd" owner:"cosmos1wmuwv38pdur63zw04t0c78r2a8dyt08hf9tpvd" amount: module=server +2:47PM ERR :: Unable to validate bids in Process Proposal :: module=server +2:47PM ERR prevote step: state machine rejected a proposed block; this should not happen:the proposer may be misbehaving; prevoting nil err=null height=142 module=consensus round=0 +``` + + +4. List the Beacon's keys: This is to verify the addresses of the validators. The script `./scripts/list-beacon-keys.sh` is used to list the keys. + +```shell +list-beacon-keys.sh +``` + +We should receive something similar to the following: + +```shell +[ + { + "name": "alice", + "type": "local", + "address": "cosmos1h6zy2kn9efxtw5z22rc5k9qu7twl70z24kr3ht", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"A32cvBUkNJz+h2vld4A5BxvU5Rd+HyqpR3aGtvEhlm4C\"}" + }, + { + "name": "barbara", + "type": "local", + "address": "cosmos1nq9wuvuju4jdmpmzvxmg8zhhu2ma2y2l2pnu6w", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"Ag9PFsNyTQPoJdbyCWia5rZH9CrvSrjMsk7Oz4L3rXQ5\"}" + }, + { + "name": "beacon-key", + "type": "local", + "address": "cosmos1ez9a6x7lz4gvn27zr368muw8jeyas7sv84lfup", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"AlzJZMWyN7lass710TnAhyuFKAFIaANJyw5ad5P2kpcH\"}" + }, + { + "name": "cindy", + "type": "local", + "address": "cosmos1m5j6za9w4qc2c5ljzxmm2v7a63mhjeag34pa3g", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"A6F1/3yot5OpyXoSkBbkyl+3rqBkxzRVSJfvSpm/AvW5\"}" + } +] +``` + +This allows us to match up the addresses and see that the bid was not front run by the beacon due as the resolve address is Alice's address and not the beacons address. + +By running this demo, we can verify that the `VoteExtensionHandler` and `PrepareProposalHandler` are working as expected and that they are able to prevent front-running. + +## Conclusion + +In this tutorial, we've tackled front-running and MEV, focusing on nameservice auctions' vulnerability to these issues. We've explored vote extensions, a key feature of ABCI 2.0, and integrated them into a Cosmos SDK application. + +Through practical exercises, you've implemented vote extensions, and tested their effectiveness in creating a fair auction system. You've gained practical insights by configuring a validator network and analysing blockchain logs. + +Keep experimenting with these concepts, engage with the community, and stay updated on new advancements. The knowledge you've acquired here is crucial for developing secure and fair blockchain applications. diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md.bak b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md.bak new file mode 100644 index 00000000..63f37b4a --- /dev/null +++ b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md.bak @@ -0,0 +1,106 @@ +# Demo of Mitigating Front-Running with Vote Extensions + +The purpose of this demo is to test the implementation of the `VoteExtensionHandler` and `PrepareProposalHandler` that we have just added to the codebase. These handlers are designed to mitigate front-running by ensuring that all validators have a consistent view of the mempool when preparing proposals. + +In this demo, we are using a 3 validator network. The Beacon validator is special because it has a custom transaction provider enabled. This means that it can potentially manipulate the order of transactions in a proposal to its advantage (i.e., front-running). + +1. Bootstrap the validator network: This sets up a network with 3 validators. The script `./scripts/configure.sh is used to configure the network and the validators. + +```shell +cd scripts +configure.sh +``` + +If this doesn't work please ensure you have run `make build` in the `tutorials/nameservice/base` directory. + + +2. Have alice attempt to reserve `bob.cosmos`: This is a normal transaction that alice wants to execute. The script ``./scripts/reserve.sh "bob.cosmos"` is used to send this transaction. + +```shell +reserve.sh "bob.cosmos" +``` + +3. Query to verify the name has been reserved: This is to check the result of the transaction. The script `./scripts/whois.sh "bob.cosmos"` is used to query the state of the blockchain. + +```shell +whois.sh "bob.cosmos" +``` + +It should return: + +```{ + "name": { + "name": "bob.cosmos", + "owner": "cosmos1nq9wuvuju4jdmpmzvxmg8zhhu2ma2y2l2pnu6w", + "resolve_address": "cosmos1h6zy2kn9efxtw5z22rc5k9qu7twl70z24kr3ht", + "amount": [ + { + "denom": "uatom", + "amount": "1000" + } + ] + } +} +``` + +To detect front-running attempts by the beacon, scrutinise the logs during the `ProcessProposal` stage. Open the logs for each validator, including the beacon, `val1`, and `val2`, to observe the following behavior. Open the log file of the validator node. The location of this file can vary depending on your setup, but it's typically located in a directory like `$HOME/cosmos/nodes/#{validator}/logs`. The directory in this case will be under the validator so, `beacon` `val1` or `val2`. Run the following to tail the logs of the validator or beacon: + +```shell +tail -f $HOME/cosmos/nodes/#{validator}/logs +``` + +```shell +2:47PM ERR ❌️:: Detected invalid proposal bid :: name:"bob.cosmos" resolveAddress:"cosmos1wmuwv38pdur63zw04t0c78r2a8dyt08hf9tpvd" owner:"cosmos1wmuwv38pdur63zw04t0c78r2a8dyt08hf9tpvd" amount: module=server +2:47PM ERR ❌️:: Unable to validate bids in Process Proposal :: module=server +2:47PM ERR prevote step: state machine rejected a proposed block; this should not happen:the proposer may be misbehaving; prevoting nil err=null height=142 module=consensus round=0 +``` + + +4. List the Beacon's keys: This is to verify the addresses of the validators. The script `./scripts/list-beacon-keys.sh` is used to list the keys. + +```shell +list-beacon-keys.sh +``` + +We should receive something similar to the following: + +```shell +[ + { + "name": "alice", + "type": "local", + "address": "cosmos1h6zy2kn9efxtw5z22rc5k9qu7twl70z24kr3ht", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"A32cvBUkNJz+h2vld4A5BxvU5Rd+HyqpR3aGtvEhlm4C\"}" + }, + { + "name": "barbara", + "type": "local", + "address": "cosmos1nq9wuvuju4jdmpmzvxmg8zhhu2ma2y2l2pnu6w", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"Ag9PFsNyTQPoJdbyCWia5rZH9CrvSrjMsk7Oz4L3rXQ5\"}" + }, + { + "name": "beacon-key", + "type": "local", + "address": "cosmos1ez9a6x7lz4gvn27zr368muw8jeyas7sv84lfup", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"AlzJZMWyN7lass710TnAhyuFKAFIaANJyw5ad5P2kpcH\"}" + }, + { + "name": "cindy", + "type": "local", + "address": "cosmos1m5j6za9w4qc2c5ljzxmm2v7a63mhjeag34pa3g", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"A6F1/3yot5OpyXoSkBbkyl+3rqBkxzRVSJfvSpm/AvW5\"}" + } +] +``` + +This allows us to match up the addresses and see that the bid was not front run by the beacon due as the resolve address is Alice's address and not the beacons address. + +By running this demo, we can verify that the `VoteExtensionHandler` and `PrepareProposalHandler` are working as expected and that they are able to prevent front-running. + +## Conclusion + +In this tutorial, we've tackled front-running and MEV, focusing on nameservice auctions' vulnerability to these issues. We've explored vote extensions, a key feature of ABCI 2.0, and integrated them into a Cosmos SDK application. + +Through practical exercises, you've implemented vote extensions, and tested their effectiveness in creating a fair auction system. You've gained practical insights by configuring a validator network and analysing blockchain logs. + +Keep experimenting with these concepts, engage with the community, and stay updated on new advancements. The knowledge you've acquired here is crucial for developing secure and fair blockchain applications. diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/_category_.json b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/_category_.json new file mode 100644 index 00000000..aab0cfdf --- /dev/null +++ b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/_category_.json @@ -0,0 +1,5 @@ +{ + "label": " Mitigating Auction Front-Running Tutorial", + "position": 0, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/00-getting-started.md b/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/00-getting-started.md new file mode 100644 index 00000000..59ea65be --- /dev/null +++ b/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/00-getting-started.md @@ -0,0 +1,36 @@ +# Getting Started + +## Table of Contents + +* [What is an Oracle?](./01-what-is-an-oracle.md) +* [Implementing Vote Extensions](./02-implementing-vote-extensions.md) +* [Testing the Oracle Module](./03-testing-oracle.md) + +## Prerequisites + +Before you start with this tutorial, make sure you have: + +* A working chain project. This tutorial won't cover the steps of creating a new chain/module. +* Familiarity with the Cosmos SDK. If you're not, we suggest you start with [Cosmos SDK Tutorials](https://tutorials.cosmos.network), as ABCI++ is considered an advanced topic. +* Read and understood [What is an Oracle?](01-what-is-an-oracle.md). This provides necessary background information for understanding the Oracle module. +* Basic understanding of Go programming language. + +## What are Vote extensions? + +Vote extensions is arbitrary information which can be inserted into a block. This feature is part of ABCI 2.0, which is available for use in the SDK 0.50 release and part of the 0.38 CometBFT release. + +More information about vote extensions can be seen [here](https://docs.cosmos.network/main/build/abci/vote-extensions). + +## Overview of the project + +We’ll go through the creation of a simple price oracle module focusing on the vote extensions implementation, ignoring the details inside the price oracle itself. + +We’ll go through the implementation of: + +* `ExtendVote` to get information from external price APIs. +* `VerifyVoteExtension` to check that the format of the provided votes is correct. +* `PrepareProposal` to process the vote extensions from the previous block and include them into the proposal as a transaction. +* `ProcessProposal` to check that the first transaction in the proposal is actually a “special tx” that contains the price information. +* `PreBlocker` to make price information available during FinalizeBlock. + +If you would like to see the complete working oracle module please see [here](https://github.com/cosmos/sdk-tutorials/blob/master/tutorials/oracle/base/x/oracle) diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/01-what-is-an-oracle.md b/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/01-what-is-an-oracle.md new file mode 100644 index 00000000..9d50ddb3 --- /dev/null +++ b/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/01-what-is-an-oracle.md @@ -0,0 +1,13 @@ +# What is an Oracle? + +An oracle in blockchain technology is a system that provides external data to a blockchain network. It acts as a source of information that is not natively accessible within the blockchain's closed environment. This can range from financial market prices to real-world event, making it crucial for decentralised applications. + +## Oracle in the Cosmos SDK + +In the Cosmos SDK, an oracle module can be implemented to provide external data to the blockchain. This module can use features like vote extensions to submit additional data during the consensus process, which can then be used by the blockchain to update its state with information from the outside world. + +For instance, a price oracle module in the Cosmos SDK could supply timely and accurate asset price information, which is vital for various financial operations within the blockchain ecosystem. + +## Conclusion + +Oracles are essential for blockchains to interact with external data, enabling them to respond to real-world information and events. Their implementation is key to the reliability and robustness of blockchain networks. diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/02-implementing-vote-extensions.md b/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/02-implementing-vote-extensions.md new file mode 100644 index 00000000..aa610b5d --- /dev/null +++ b/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/02-implementing-vote-extensions.md @@ -0,0 +1,219 @@ +# Implementing Vote Extensions + +## Implement ExtendVote + +First we’ll create the `OracleVoteExtension` struct, this is the object that will be marshaled as bytes and signed by the validator. + +In our example we’ll use JSON to marshal the vote extension for simplicity but we recommend to find an encoding that produces a smaller output, given that large vote extensions could impact CometBFT’s performance. Custom encodings and compressed bytes can be used out of the box. + +```go +// OracleVoteExtension defines the canonical vote extension structure. +type OracleVoteExtension struct { + Height int64 + Prices map[string]math.LegacyDec +} +``` + +Then we’ll create a `VoteExtensionsHandler` struct that contains everything we need to query for prices. + +```go +type VoteExtHandler struct { + logger log.Logger + currentBlock int64 // current block height + lastPriceSyncTS time.Time // last time we synced prices + providerTimeout time.Duration // timeout for fetching prices from providers + providers map[string]Provider // mapping of provider name to provider (e.g. Binance -> BinanceProvider) + providerPairs map[string][]keeper.CurrencyPair // mapping of provider name to supported pairs (e.g. Binance -> [ATOM/USD]) + + Keeper keeper.Keeper // keeper of our oracle module +} +``` + +Finally, a function that returns `sdk.ExtendVoteHandler` is needed too, and this is where our vote extension logic will live. + +```go +func (h *VoteExtHandler) ExtendVoteHandler() sdk.ExtendVoteHandler { + return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + // here we'd have a helper function that gets all the prices and does a weighted average using the volume of each market + prices := h.getAllVolumeWeightedPrices() + + voteExt := OracleVoteExtension{ + Height: req.Height, + Prices: prices, + } + + bz, err := json.Marshal(voteExt) + if err != nil { + return nil, fmt.Errorf("failed to marshal vote extension: %w", err) + } + + return &abci.ResponseExtendVote{VoteExtension: bz}, nil + } +} +``` + +As you can see above, the creation of a vote extension is pretty simple and we just have to return bytes. CometBFT will handle the signing of these bytes for us. We ignored the process of getting the prices but you can see a more complete example [here:](https://github.com/cosmos/sdk-tutorials/blob/master/tutorials/oracle/base/x/oracle/abci/vote_extensions.go) + +Here we’ll do some simple checks like: + +* Is the vote extension unmarshaled correctly? +* Is the vote extension for the right height? +* Some other validation, for example, are the prices from this extension too deviated from my own prices? Or maybe checks that can detect malicious behavior. + +```go +func (h *VoteExtHandler) VerifyVoteExtensionHandler() sdk.VerifyVoteExtensionHandler { + return func(ctx sdk.Context, req *abci.RequestVerifyVoteExtension) (*abci.ResponseVerifyVoteExtension, error) { + var voteExt OracleVoteExtension + err := json.Unmarshal(req.VoteExtension, &voteExt) + if err != nil { + return nil, fmt.Errorf("failed to unmarshal vote extension: %w", err) + } + + if voteExt.Height != req.Height { + return nil, fmt.Errorf("vote extension height does not match request height; expected: %d, got: %d", req.Height, voteExt.Height) + } + + // Verify incoming prices from a validator are valid. Note, verification during + // VerifyVoteExtensionHandler MUST be deterministic. For brevity and demo + // purposes, we omit implementation. + if err := h.verifyOraclePrices(ctx, voteExt.Prices); err != nil { + return nil, fmt.Errorf("failed to verify oracle prices from validator %X: %w", req.ValidatorAddress, err) + } + + return &abci.ResponseVerifyVoteExtension{Status: abci.ResponseVerifyVoteExtension_ACCEPT}, nil + } +} +``` + +## Implement PrepareProposal + +```go +type ProposalHandler struct { + logger log.Logger + keeper keeper.Keeper // our oracle module keeper + valStore baseapp.ValidatorStore // to get the current validators' pubkeys +} +``` + +And we create the struct for our “special tx”, that will contain the prices and the votes so validators can later re-check in ProcessPRoposal that they get the same result than the block’s proposer. With this we could also check if all the votes have been used by comparing the votes received in ProcessProposal. + +```go +type StakeWeightedPrices struct { + StakeWeightedPrices map[string]math.LegacyDec + ExtendedCommitInfo abci.ExtendedCommitInfo +} +``` + +Now we create the `PrepareProposalHandler`. In this step we’ll first check if the vote extensions’ signatures are correct using a helper function called ValidateVoteExtensions from the baseapp package. + +```go +func (h *ProposalHandler) PrepareProposal() sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + err := baseapp.ValidateVoteExtensions(ctx, h.valStore, req.Height, ctx.ChainID(), req.LocalLastCommit) + if err != nil { + return nil, err + } +... +``` + +Then we proceed to make the calculations only if the current height if higher than the height at which vote extensions have been enabled. Remember that vote extensions are made available to the block proposer on the next block at which they are produced/enabled. + +```go +... + proposalTxs := req.Txs + + if req.Height > ctx.ConsensusParams().Abci.VoteExtensionsEnableHeight { + stakeWeightedPrices, err := h.computeStakeWeightedOraclePrices(ctx, req.LocalLastCommit) + if err != nil { + return nil, errors.New("failed to compute stake-weighted oracle prices") + } + + injectedVoteExtTx := StakeWeightedPrices{ + StakeWeightedPrices: stakeWeightedPrices, + ExtendedCommitInfo: req.LocalLastCommit, + } +... +``` + +Finally we inject the result as a transaction at a specific location, usually at the beginning of the block: + +## Implement ProcessProposal + +Now we can implement the method that all validators will execute to ensure the proposer is doing his work correctly. + +Here, if vote extensions are enabled, we’ll check if the tx at index 0 is an injected vote extension + +```go +func (h *ProposalHandler) ProcessProposal() sdk.ProcessProposalHandler { + return func(ctx sdk.Context, req *abci.RequestProcessProposal) (*abci.ResponseProcessProposal, error) { + if req.Height > ctx.ConsensusParams().Abci.VoteExtensionsEnableHeight { + var injectedVoteExtTx StakeWeightedPrices + if err := json.Unmarshal(req.Txs[0], &injectedVoteExtTx); err != nil { + h.logger.Error("failed to decode injected vote extension tx", "err", err) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } +... +``` + +Then we re-validate the vote extensions signatures using +baseapp.ValidateVoteExtensions, re-calculate the results (just like in PrepareProposal) and compare them with the results we got from the injected tx. + +```go + err := baseapp.ValidateVoteExtensions(ctx, h.valStore, req.Height, ctx.ChainID(), injectedVoteExtTx.ExtendedCommitInfo) + if err != nil { + return nil, err + } + + // Verify the proposer's stake-weighted oracle prices by computing the same + // calculation and comparing the results. We omit verification for brevity + // and demo purposes. + stakeWeightedPrices, err := h.computeStakeWeightedOraclePrices(ctx, injectedVoteExtTx.ExtendedCommitInfo) + if err != nil { + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + + if err := compareOraclePrices(injectedVoteExtTx.StakeWeightedPrices, stakeWeightedPrices); err != nil { + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + } + + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil + } +} +``` + +Important: In this example we avoided using the mempool and other basics, please refer to the DefaultProposalHandler for a complete implementation: [https://github.com/cosmos/cosmos-sdk/blob/v0.50.1/baseapp/abci_utils.go](https://github.com/cosmos/cosmos-sdk/blob/v0.50.1/baseapp/abci_utils.go) + +## Implement PreBlocker + +Now validators are extending their vote, verifying other votes and including the result in the block. But how do we actually make use of this result? This is done in the PreBlocker which is code that is run before any other code during FinalizeBlock so we make sure we make this information available to the chain and its modules during the entire block execution (from BeginBlock). + +At this step we know that the injected tx is well-formatted and has been verified by the validators participating in consensus, so making use of it is straightforward. Just check if vote extensions are enabled, pick up the first transaction and use a method in your module’s keeper to set the result. + +```go +func (h *ProposalHandler) PreBlocker(ctx sdk.Context, req *abci.RequestFinalizeBlock) (*sdk.ResponsePreBlock, error) { + res := &sdk.ResponsePreBlock{} + if len(req.Txs) == 0 { + return res, nil + } + + if req.Height > ctx.ConsensusParams().Abci.VoteExtensionsEnableHeight { + var injectedVoteExtTx StakeWeightedPrices + if err := json.Unmarshal(req.Txs[0], &injectedVoteExtTx); err != nil { + h.logger.Error("failed to decode injected vote extension tx", "err", err) + return nil, err + } + + // set oracle prices using the passed in context, which will make these prices available in the current block + if err := h.keeper.SetOraclePrices(ctx, injectedVoteExtTx.StakeWeightedPrices); err != nil { + return nil, err + } + } + return res, nil +} + +``` + +## Conclusion + +In this tutorial, we've created a simple price oracle module that incorporates vote extensions. We've seen how to implement `ExtendVote`, `VerifyVoteExtension`, `PrepareProposal`, `ProcessProposal`, and `PreBlocker` to handle the voting and verification process of vote extensions, as well as how to make use of the results during the block execution. diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/03-testing-oracle.md b/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/03-testing-oracle.md new file mode 100644 index 00000000..905ca0d7 --- /dev/null +++ b/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/03-testing-oracle.md @@ -0,0 +1,57 @@ +# Testing the Oracle Module + +We will guide you through the process of testing the Oracle module in your application. The Oracle module uses vote extensions to provide current price data. If you would like to see the complete working oracle module please see [here](https://github.com/cosmos/sdk-tutorials/blob/master/tutorials/oracle/base/x/oracle). + +## Step 1: Compile and Install the Application + +First, we need to compile and install the application. Please ensure you are in the `tutorials/oracle/base` directory. Run the following command in your terminal: + +```shell +make install +``` + +This command compiles the application and moves the resulting binary to a location in your system's PATH. + +## Step 2: Initialise the Application + +Next, we need to initialise the application. Run the following command in your terminal: + +```shell +make init +``` + +This command runs the script `tutorials/oracle/base/scripts/init.sh`, which sets up the necessary configuration for your application to run. This includes creating the `app.toml` configuration file and initialising the blockchain with a genesis block. + +## Step 3: Start the Application + +Now, we can start the application. Run the following command in your terminal: + +```shell +exampled start +``` + +This command starts your application, begins the blockchain node, and starts processing transactions. + +## Step 4: Query the Oracle Prices + +Finally, we can query the current prices from the Oracle module. Run the following command in your terminal: + +```shell +exampled q oracle prices +``` + +This command queries the current prices from the Oracle module. The expected output shows that the vote extensions were successfully included in the block and the Oracle module was able to retrieve the price data. + +## Understanding Vote Extensions in Oracle + +In the Oracle module, the `ExtendVoteHandler` function is responsible for creating the vote extensions. This function fetches the current prices from the provider, creates a `OracleVoteExtension` struct with these prices, and then marshals this struct into bytes. These bytes are then set as the vote extension. + +In the context of testing, the Oracle module uses a mock provider to simulate the behavior of a real price provider. This mock provider is defined in the mockprovider package and is used to return predefined prices for specific currency pairs. + +## Conclusion + +In this tutorial, we've delved into the concept of Oracle's in blockchain technology, focusing on their role in providing external data to a blockchain network. We've explored vote extensions, a powerful feature of ABCI++, and integrated them into a Cosmos SDK application to create a price oracle module. + +Through hands-on exercises, you've implemented vote extensions, and tested their effectiveness in providing timely and accurate asset price information. You've gained practical insights by setting up a mock provider for testing and analysing the process of extending votes, verifying vote extensions, and preparing and processing proposals. + +Keep experimenting with these concepts, engage with the community, and stay updated on new advancements. The knowledge you've acquired here is crucial for developing robust and reliable blockchain applications that can interact with real-world data. diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/_category_.json b/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/_category_.json new file mode 100644 index 00000000..b63ffe2f --- /dev/null +++ b/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Oracle Tutorial", + "position": 1, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/docs/user/run-node/00-keyring.md b/copy-of-sdk-docs/docs/user/run-node/00-keyring.md new file mode 100644 index 00000000..95f754d9 --- /dev/null +++ b/copy-of-sdk-docs/docs/user/run-node/00-keyring.md @@ -0,0 +1,145 @@ +--- +sidebar_position: 1 +--- + +# Setting up the keyring + +:::note Synopsis +This document describes how to configure and use the keyring and its various backends for an [**application**](../../learn/beginner/00-app-anatomy.md). +::: + +The keyring holds the private/public key pairs used to interact with a node. For instance, a validator key needs to be set up before running the blockchain node, so that blocks can be correctly signed. The private key can be stored in different locations, called "backends," such as a file or the operating system's own key storage. + +## Available backends for the keyring + +Starting with the v0.38.0 release, Cosmos SDK comes with a new keyring implementation +that provides a set of commands to manage cryptographic keys in a secure fashion. The +new keyring supports multiple storage backends, some of which may not be available on +all operating systems. + +### The `os` backend + +The `os` backend relies on operating system-specific defaults to handle key storage +securely. Typically, an operating system's credential subsystem handles password prompts, +private keys storage, and user sessions according to the user's password policies. Here +is a list of the most popular operating systems and their respective password managers: + +* macOS: [Keychain](https://support.apple.com/en-gb/guide/keychain-access/welcome/mac) +* Windows: [Credentials Management API](https://docs.microsoft.com/en-us/windows/win32/secauthn/credentials-management) +* GNU/Linux: + * [libsecret](https://gitlab.gnome.org/GNOME/libsecret) + * [kwallet](https://api.kde.org/frameworks/kwallet/html/index.html) + * [keyctl](https://www.kernel.org/doc/html/latest/security/keys/core.html) + +GNU/Linux distributions that use GNOME as the default desktop environment typically come with +[Seahorse](https://wiki.gnome.org/Apps/Seahorse). Users of KDE based distributions are +commonly provided with [KDE Wallet Manager](https://userbase.kde.org/KDE_Wallet_Manager). +Whilst the former is in fact a `libsecret` convenient frontend, the latter is a `kwallet` +client. `keyctl` is a secure backend that leverages the Linux kernel security key management system +to store cryptographic keys securely in memory. + +`os` is the default option since operating system's default credentials managers are +designed to meet users' most common needs and provide them with a comfortable +experience without compromising on security. + +The recommended backends for headless environments are `file` and `pass`. + +### The `file` backend + +The `file` backend more closely resembles the keybase implementation used prior to +v0.38.1. It stores the keyring encrypted within the app's configuration directory. This +keyring will request a password each time it is accessed, which may occur multiple +times in a single command resulting in repeated password prompts. If using bash scripts +to execute commands using the `file` option you may want to utilize the following format +for multiple prompts: + +```shell +# assuming that KEYPASSWD is set in the environment +$ gaiacli config keyring-backend file # use file backend +$ (echo $KEYPASSWD; echo $KEYPASSWD) | gaiacli keys add me # multiple prompts +$ echo $KEYPASSWD | gaiacli keys show me # single prompt +``` + +:::tip +The first time you add a key to an empty keyring, you will be prompted to type the password twice. +::: + +### The `pass` backend + +The `pass` backend uses the [pass](https://www.passwordstore.org/) utility to manage on-disk +encryption of keys' sensitive data and metadata. Keys are stored inside `gpg` encrypted files +within app-specific directories. `pass` is available for the most popular UNIX +operating systems as well as GNU/Linux distributions. Please refer to its manual page for +information on how to download and install it. + +:::tip +**pass** uses [GnuPG](https://gnupg.org/) for encryption. `gpg` automatically invokes the `gpg-agent` +daemon upon execution, which handles the caching of GnuPG credentials. Please refer to `gpg-agent` +man page for more information on how to configure cache parameters such as credentials TTL and +passphrase expiration. +::: + +The password store must be set up prior to first use: + +```shell +pass init +``` + +Replace `` with your GPG key ID. You can use your personal GPG key or an alternative +one you may want to use specifically to encrypt the password store. + +### The `kwallet` backend + +The `kwallet` backend uses `KDE Wallet Manager`, which comes installed by default on the +GNU/Linux distributions that ship KDE as the default desktop environment. Please refer to +[KWallet API documentation](https://api.kde.org/frameworks/kwallet/html/index.html) for more +information. + +### The `keyctl` backend + +The *Kernel Key Retention Service* is a security facility that +has been added to the Linux kernel relatively recently. It allows sensitive +cryptographic data such as passwords, private key, authentication tokens, etc +to be stored securely in memory. + +The `keyctl` backend is available on Linux platforms only. + +### The `test` backend + +The `test` backend is a password-less variation of the `file` backend. Keys are stored +unencrypted on disk. + +**Provided for testing purposes only. The `test` backend is not recommended for use in production environments**. + +### The `memory` backend + +The `memory` backend stores keys in memory. The keys are immediately deleted after the program has exited. + +**Provided for testing purposes only. The `memory` backend is not recommended for use in production environments**. + +### Setting backend using an env variable + +You can set the keyring-backend using env variable: `BINNAME_KEYRING_BACKEND`. For example, if your binary name is `gaia-v5` then set: `export GAIA_V5_KEYRING_BACKEND=pass` + +## Adding keys to the keyring + +:::warning +Make sure you can build your own binary, and replace `simd` with the name of your binary in the snippets. +::: + +Applications developed using the Cosmos SDK come with the `keys` subcommand. For the purpose of this tutorial, we're running the `simd` CLI, which is an application built using the Cosmos SDK for testing and educational purposes. For more information, see [`simapp`](https://github.com/cosmos/cosmos-sdk/tree/main/simapp). + +You can use `simd keys` for help about the keys command and `simd keys [command] --help` for more information about a particular subcommand. + +To create a new key in the keyring, run the `add` subcommand with a `` argument. For the purpose of this tutorial, we will solely use the `test` backend, and call our new key `my_validator`. This key will be used in the next section. + +```bash +$ simd keys add my_validator --keyring-backend test + +# Put the generated address in a variable for later use. +MY_VALIDATOR_ADDRESS=$(simd keys show my_validator -a --keyring-backend test) +``` + +This command generates a new 24-word mnemonic phrase, persists it to the relevant backend, and outputs information about the keypair. If this keypair will be used to hold value-bearing tokens, be sure to write down the mnemonic phrase somewhere safe! + +By default, the keyring generates a `secp256k1` keypair. The keyring also supports `ed25519` keys, which may be created by passing the `--algo ed25519` flag. A keyring can of course hold both types of keys simultaneously, and the Cosmos SDK's `x/auth` module supports natively these two public key algorithms. diff --git a/copy-of-sdk-docs/docs/user/run-node/01-run-node.md b/copy-of-sdk-docs/docs/user/run-node/01-run-node.md new file mode 100644 index 00000000..88aa38f2 --- /dev/null +++ b/copy-of-sdk-docs/docs/user/run-node/01-run-node.md @@ -0,0 +1,218 @@ +--- +sidebar_position: 1 +--- + +# Running a Node + +:::note Synopsis +Now that the application is ready and the keyring populated, it's time to see how to run the blockchain node. In this section, the application we are running is called [`simapp`](https://github.com/cosmos/cosmos-sdk/tree/main/simapp), and its corresponding CLI binary `simd`. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK Application](../../learn/beginner/00-app-anatomy.md) +* [Setting up the keyring](./00-keyring.md) + +::: + +## Initialize the Chain + +:::warning +Make sure you can build your own binary, and replace `simd` with the name of your binary in the snippets. +::: + +Before actually running the node, we need to initialize the chain, and most importantly, its genesis file. This is done with the `init` subcommand: + +```bash +# The argument is the custom username of your node, it should be human-readable. +simd init --chain-id my-test-chain +``` + +The command above creates all the configuration files needed for your node to run, as well as a default genesis file, which defines the initial state of the network. + +:::tip +All these configuration files are in `~/.simapp` by default, but you can overwrite the location of this folder by passing the `--home` flag to each command, +or set an `$APPD_HOME` environment variable (where `APPD` is the name of the binary). +::: + +The `~/.simapp` folder has the following structure: + +```bash +. # ~/.simapp + |- data # Contains the databases used by the node. + |- config/ + |- app.toml # Application-related configuration file. + |- config.toml # CometBFT-related configuration file. + |- genesis.json # The genesis file. + |- node_key.json # Private key to use for node authentication in the p2p protocol. + |- priv_validator_key.json # Private key to use as a validator in the consensus protocol. +``` + +## Updating Some Default Settings + +If you want to change any field values in configuration files (for ex: genesis.json) you can use `jq` ([installation](https://stedolan.github.io/jq/download/) & [docs](https://stedolan.github.io/jq/manual/#Assignment)) & `sed` commands to do that. A few examples are listed here. + +```bash +# to change the chain-id +jq '.chain_id = "testing"' genesis.json > temp.json && mv temp.json genesis.json + +# to enable the api server +sed -i '/\[api\]/,+3 s/enable = false/enable = true/' app.toml + +# to change the voting_period +jq '.app_state.gov.voting_params.voting_period = "600s"' genesis.json > temp.json && mv temp.json genesis.json + +# to change the inflation +jq '.app_state.mint.minter.inflation = "0.300000000000000000"' genesis.json > temp.json && mv temp.json genesis.json +``` + +### Client Interaction + +When instantiating a node, GRPC and REST are defaulted to localhost to avoid unknown exposure of your node to the public. It is recommended not to expose these endpoints without a proxy that can handle load balancing or authentication set up between your node and the public. + +:::tip +A commonly used tool for this is [nginx](https://nginx.org). +::: + + +## Adding Genesis Accounts + +Before starting the chain, you need to populate the state with at least one account. To do so, first [create a new account in the keyring](./00-keyring.md#adding-keys-to-the-keyring) named `my_validator` under the `test` keyring backend (feel free to choose another name and another backend). + +Now that you have created a local account, go ahead and grant it some `stake` tokens in your chain's genesis file. Doing so will also make sure your chain is aware of this account's existence: + +```bash +simd genesis add-genesis-account $MY_VALIDATOR_ADDRESS 100000000000stake +``` + +Recall that `$MY_VALIDATOR_ADDRESS` is a variable that holds the address of the `my_validator` key in the [keyring](./00-keyring.md#adding-keys-to-the-keyring). Also note that the tokens in the Cosmos SDK have the `{amount}{denom}` format: `amount` is an 18-digit-precision decimal number, and `denom` is the unique token identifier with its denomination key (e.g. `atom` or `uatom`). Here, we are granting `stake` tokens, as `stake` is the token identifier used for staking in [`simapp`](https://github.com/cosmos/cosmos-sdk/tree/main/simapp). For your own chain with its own staking denom, that token identifier should be used instead. + +Now that your account has some tokens, you need to add a validator to your chain. Validators are special full-nodes that participate in the consensus process (implemented in the [underlying consensus engine](../../learn/intro/02-sdk-app-architecture.md#cometbft)) in order to add new blocks to the chain. Any account can declare its intention to become a validator operator, but only those with sufficient delegation get to enter the active set (for example, only the top 125 validator candidates with the most delegation get to be validators in the Cosmos Hub). For this guide, you will add your local node (created via the `init` command above) as a validator of your chain. Validators can be declared before a chain is first started via a special transaction included in the genesis file called a `gentx`: + +```bash +# Create a gentx. +simd genesis gentx my_validator 100000000stake --chain-id my-test-chain --keyring-backend test + +# Add the gentx to the genesis file. +simd genesis collect-gentxs +``` + +A `gentx` does three things: + +1. Registers the `validator` account you created as a validator operator account (i.e., the account that controls the validator). +2. Self-delegates the provided `amount` of staking tokens. +3. Link the operator account with a CometBFT node pubkey that will be used for signing blocks. If no `--pubkey` flag is provided, it defaults to the local node pubkey created via the `simd init` command above. + +For more information on `gentx`, use the following command: + +```bash +simd genesis gentx --help +``` + +## Configuring the Node Using `app.toml` and `config.toml` + +The Cosmos SDK automatically generates two configuration files inside `~/.simapp/config`: + +* `config.toml`: used to configure the CometBFT, learn more on [CometBFT's documentation](https://docs.cometbft.com/v0.37/core/configuration), +* `app.toml`: generated by the Cosmos SDK, and used to configure your app, such as state pruning strategies, telemetry, gRPC and REST servers configuration, state sync... + +Both files are heavily commented, please refer to them directly to tweak your node. + +One example config to tweak is the `minimum-gas-prices` field inside `app.toml`, which defines the minimum gas prices the validator node is willing to accept for processing a transaction. Depending on the chain, it might be an empty string or not. If it's empty, make sure to edit the field with some value, for example `10token`, or else the node will halt on startup. For the purpose of this tutorial, let's set the minimum gas price to 0: + +```toml + # The minimum gas prices a validator is willing to accept for processing a + # transaction. A transaction's fees must meet the minimum of any denomination + # specified in this config (e.g. 0.25token1;0.0001token2). + minimum-gas-prices = "0stake" +``` + +:::tip +When running a node (not a validator!) and not wanting to run the application mempool, set the `max-txs` field to `-1`. + +```toml +[mempool] +# Setting max-txs to 0 will allow for an unbounded amount of transactions in the mempool. +# Setting max_txs to negative 1 (-1) will disable transactions from being inserted into the mempool. +# Setting max_txs to a positive number (> 0) will limit the number of transactions in the mempool, by the specified amount. +# +# Note, this configuration only applies to SDK built-in app-side mempool +# implementations. +max-txs = "-1" +``` + +::: + +## Run a Localnet + +Now that everything is set up, you can finally start your node: + +```bash +simd start +``` + +You should see blocks come in. + +The previous command allows you to run a single node. This is enough for the next section on interacting with this node, but you may wish to run multiple nodes at the same time, and see how consensus happens between them. + +The naive way would be to run the same commands again in separate terminal windows. This is possible, however, in the Cosmos SDK, we leverage the power of [Docker Compose](https://docs.docker.com/compose/) to run a localnet. If you need inspiration on how to set up your own localnet with Docker Compose, you can have a look at the Cosmos SDK's [`docker-compose.yml`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/docker-compose.yml). + +### Standalone App/CometBFT + +By default, the Cosmos SDK runs CometBFT in-process with the application +If you want to run the application and CometBFT in separate processes, +start the application with the `--with-comet=false` flag +and set `rpc.laddr` in `config.toml` to the CometBFT node's RPC address. + +## Logging + +Logging provides a way to see what is going on with a node. The default logging level is info. This is a global level and all info logs will be outputted to the terminal. If you would like to filter specific logs to the terminal instead of all, then setting `module:log_level` is how this can work. + +Example: + +In config.toml: + +```toml +log_level: "state:info,p2p:info,consensus:info,x/staking:info,x/ibc:info,*error" +``` + +## State Sync + +State sync is the act in which a node syncs the latest or close to the latest state of a blockchain. This is useful for users who don't want to sync all the blocks in history. Read more in [CometBFT documentation](https://docs.cometbft.com/v0.37/core/state-sync). + +State sync works thanks to snapshots. Read how the SDK handles snapshots [here](https://github.com/cosmos/cosmos-sdk/blob/825245d/store/snapshots/README.md). + +### Local State Sync + +Local state sync works similar to normal state sync except that it works off a local snapshot of state instead of one provided via the p2p network. The steps to start local state sync are similar to normal state sync with a few different designs. + +1. As mentioned in https://docs.cometbft.com/v0.37/core/state-sync, one must set a height and hash in the config.toml along with a few rpc servers (the aforementioned link has instructions on how to do this). +2. Run ` ` to restore a local snapshot (note: first load it from a file with the *load* command). +3. Bootstrapping Comet state to start the node after the snapshot has been ingested. This can be done with the bootstrap command ` comet bootstrap-state` + +### Snapshots Commands + +The Cosmos SDK provides commands for managing snapshots. +These commands can be added in an app with the following snippet in `cmd//root.go`: + +```go +import ( + "github.com/cosmos/cosmos-sdk/client/snapshot" +) + +func initRootCmd(/* ... */) { + // ... + rootCmd.AddCommand( + snapshot.Cmd(appCreator), + ) +} +``` + +Then the following commands are available at ` snapshots [command]`: + +* **list**: list local snapshots +* **load**: Load a snapshot archive file into snapshot store +* **restore**: Restore app state from local snapshot +* **export**: Export app state to snapshot store +* **dump**: Dump the snapshot as portable archive format +* **delete**: Delete a local snapshot diff --git a/copy-of-sdk-docs/docs/user/run-node/02-interact-node.md b/copy-of-sdk-docs/docs/user/run-node/02-interact-node.md new file mode 100644 index 00000000..1a76f02f --- /dev/null +++ b/copy-of-sdk-docs/docs/user/run-node/02-interact-node.md @@ -0,0 +1,289 @@ +--- +sidebar_position: 1 +--- + +# Interacting with the Node + +:::note Synopsis +There are multiple ways to interact with a node: using the CLI, using gRPC or using the REST endpoints. +::: + +:::note Pre-requisite Readings + +* [gRPC, REST and CometBFT Endpoints](../../learn/advanced/06-grpc_rest.md) +* [Running a Node](./01-run-node.md) + +::: + +## Using the CLI + +Now that your chain is running, it is time to try sending tokens from the first account you created to a second account. In a new terminal window, start by running the following query command: + +```bash +simd query bank balances $MY_VALIDATOR_ADDRESS +``` + +You should see the current balance of the account you created, equal to the original balance of `stake` you granted it minus the amount you delegated via the `gentx`. Now, create a second account: + +```bash +simd keys add recipient --keyring-backend test + +# Put the generated address in a variable for later use. +RECIPIENT=$(simd keys show recipient -a --keyring-backend test) +``` + +The command above creates a local key-pair that is not yet registered on the chain. An account is created the first time it receives tokens from another account. Now, run the following command to send tokens to the `recipient` account: + +```bash +simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000000stake --chain-id my-test-chain --keyring-backend test + +# Check that the recipient account did receive the tokens. +simd query bank balances $RECIPIENT +``` + +Finally, delegate some of the stake tokens sent to the `recipient` account to the validator: + +```bash +simd tx staking delegate $(simd keys show my_validator --bech val -a --keyring-backend test) 500stake --from recipient --chain-id my-test-chain --keyring-backend test + +# Query the total delegations to `validator`. +simd query staking delegations-to $(simd keys show my_validator --bech val -a --keyring-backend test) +``` + +You should see two delegations, the first one made from the `gentx`, and the second one you just performed from the `recipient` account. + +## Using gRPC + +The Protobuf ecosystem developed tools for different use cases, including code-generation from `*.proto` files into various languages. These tools allow the building of clients easily. Often, the client connection (i.e. the transport) can be plugged and replaced very easily. Let's explore one of the most popular transports: [gRPC](../../learn/advanced/06-grpc_rest.md). + +Since the code generation library largely depends on your own tech stack, we will only present three alternatives: + +* `grpcurl` for generic debugging and testing, +* programmatically via Go, +* CosmJS for JavaScript/TypeScript developers. + +### grpcurl + +[grpcurl](https://github.com/fullstorydev/grpcurl) is like `curl` but for gRPC. It is also available as a Go library, but we will use it only as a CLI command for debugging and testing purposes. Follow the instructions in the previous link to install it. + +Assuming you have a local node running (either a localnet, or connected to a live network), you should be able to run the following command to list the Protobuf services available (you can replace `localhost:9000` by the gRPC server endpoint of another node, which is configured under the `grpc.address` field inside [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml)): + +```bash +grpcurl -plaintext localhost:9090 list +``` + +You should see a list of gRPC services, like `cosmos.bank.v1beta1.Query`. This is called reflection, which is a Protobuf endpoint returning a description of all available endpoints. Each of these represents a different Protobuf service, and each service exposes multiple RPC methods you can query against. + +In order to get a description of the service you can run the following command: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + describe cosmos.bank.v1beta1.Query # Service we want to inspect +``` + +It's also possible to execute an RPC call to query the node for information: + +```bash +grpcurl \ + -plaintext \ + -d "{\"address\":\"$MY_VALIDATOR_ADDRESS\"}" \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/AllBalances +``` + +The list of all available gRPC query endpoints is [coming soon](https://github.com/cosmos/cosmos-sdk/issues/7786). + +#### Query for historical state using grpcurl + +You may also query for historical data by passing some [gRPC metadata](https://github.com/grpc/grpc-go/blob/master/Documentation/grpc-metadata.md) to the query: the `x-cosmos-block-height` metadata should contain the block to query. Using grpcurl as above, the command looks like: + +```bash +grpcurl \ + -plaintext \ + -H "x-cosmos-block-height: 123" \ + -d "{\"address\":\"$MY_VALIDATOR_ADDRESS\"}" \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/AllBalances +``` + +Assuming the state at that block has not yet been pruned by the node, this query should return a non-empty response. + +### Programmatically via Go + +The following snippet shows how to query the state using gRPC inside a Go program. The idea is to create a gRPC connection, and use the Protobuf-generated client code to query the gRPC server. + +#### Install Cosmos SDK + + +```bash +go get github.com/cosmos/cosmos-sdk@main +``` + +```go +package main + +import ( + "context" + "fmt" + + "google.golang.org/grpc" + + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" +) + +func queryState() error { + myAddress, err := sdk.AccAddressFromBech32("cosmos1...") // the my_validator or recipient address. + if err != nil { + return err + } + + // Create a connection to the gRPC server. + grpcConn, err := grpc.Dial( + "127.0.0.1:9090", // your gRPC server address. + grpc.WithInsecure(), // The Cosmos SDK doesn't support any transport security mechanism. + // This instantiates a general gRPC codec which handles proto bytes. We pass in a nil interface registry + // if the request/response types contain interface instead of 'nil' you should pass the application specific codec. + grpc.WithDefaultCallOptions(grpc.ForceCodec(codec.NewProtoCodec(nil).GRPCCodec())), + ) + if err != nil { + return err + } + defer grpcConn.Close() + + // This creates a gRPC client to query the x/bank service. + bankClient := banktypes.NewQueryClient(grpcConn) + bankRes, err := bankClient.Balance( + context.Background(), + &banktypes.QueryBalanceRequest{Address: myAddress.String(), Denom: "stake"}, + ) + if err != nil { + return err + } + + fmt.Println(bankRes.GetBalance()) // Prints the account balance + + return nil +} + +func main() { + if err := queryState(); err != nil { + panic(err) + } +} +``` + +You can replace the query client (here we are using `x/bank`'s) with one generated from any other Protobuf service. The list of all available gRPC query endpoints is [coming soon](https://github.com/cosmos/cosmos-sdk/issues/7786). + +#### Query for historical state using Go + +Querying for historical blocks is done by adding the block height metadata in the gRPC request. + +```go +package main + +import ( + "context" + "fmt" + + "google.golang.org/grpc" + "google.golang.org/grpc/metadata" + + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + grpctypes "github.com/cosmos/cosmos-sdk/types/grpc" + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" +) + +func queryState() error { + myAddress, err := sdk.AccAddressFromBech32("cosmos1yerherx4d43gj5wa3zl5vflj9d4pln42n7kuzu") // the my_validator or recipient address. + if err != nil { + return err + } + + // Create a connection to the gRPC server. + grpcConn, err := grpc.Dial( + "127.0.0.1:9090", // your gRPC server address. + grpc.WithInsecure(), // The Cosmos SDK doesn't support any transport security mechanism. + // This instantiates a general gRPC codec which handles proto bytes. We pass in a nil interface registry + // if the request/response types contain interface instead of 'nil' you should pass the application specific codec. + grpc.WithDefaultCallOptions(grpc.ForceCodec(codec.NewProtoCodec(nil).GRPCCodec())), + ) + if err != nil { + return err + } + defer grpcConn.Close() + + // This creates a gRPC client to query the x/bank service. + bankClient := banktypes.NewQueryClient(grpcConn) + + var header metadata.MD + _, err = bankClient.Balance( + metadata.AppendToOutgoingContext(context.Background(), grpctypes.GRPCBlockHeightHeader, "12"), // Add metadata to request + &banktypes.QueryBalanceRequest{Address: myAddress.String(), Denom: "stake"}, + grpc.Header(&header), // Retrieve header from response + ) + if err != nil { + return err + } + blockHeight := header.Get(grpctypes.GRPCBlockHeightHeader) + + fmt.Println(blockHeight) // Prints the block height (12) + + return nil +} + +func main() { + if err := queryState(); err != nil { + panic(err) + } +} +``` + +### CosmJS + +CosmJS documentation can be found at [https://cosmos.github.io/cosmjs](https://cosmos.github.io/cosmjs). As of January 2021, CosmJS documentation is still a work in progress. + +## Using the REST Endpoints + +As described in the [gRPC guide](../../learn/advanced/06-grpc_rest.md), all gRPC services on the Cosmos SDK are made available for more convenient REST-based queries through gRPC-gateway. The format of the URL path is based on the Protobuf service method's full-qualified name, but may contain small customizations so that final URLs look more idiomatic. For example, the REST endpoint for the `cosmos.bank.v1beta1.Query/AllBalances` method is `GET /cosmos/bank/v1beta1/balances/{address}`. Request arguments are passed as query parameters. + +Note that the REST endpoints are not enabled by default. To enable them, edit the `api` section of your `~/.simapp/config/app.toml` file: + +```toml +# Enable defines if the API server should be enabled. +enable = true +``` + +As a concrete example, the `curl` command to make balances request is: + +```bash +curl \ + -X GET \ + -H "Content-Type: application/json" \ + http://localhost:1317/cosmos/bank/v1beta1/balances/$MY_VALIDATOR_ADDRESS +``` + +Make sure to replace `localhost:1317` with the REST endpoint of your node, configured under the `api.address` field. + +The list of all available REST endpoints is available as a Swagger specification file, it can be viewed at `localhost:1317/swagger`. Make sure that the `api.swagger` field is set to true in your [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml) file. + +### Query for historical state using REST + +Querying for historical state is done using the HTTP header `x-cosmos-block-height`. For example, a curl command would look like: + +```bash +curl \ + -X GET \ + -H "Content-Type: application/json" \ + -H "x-cosmos-block-height: 123" \ + http://localhost:1317/cosmos/bank/v1beta1/balances/$MY_VALIDATOR_ADDRESS +``` + +Assuming the state at that block has not yet been pruned by the node, this query should return a non-empty response. + +### Cross-Origin Resource Sharing (CORS) + +[CORS policies](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) are not enabled by default to help with security. If you would like to use the rest-server in a public environment we recommend you provide a reverse proxy, this can be done with [nginx](https://www.nginx.com/). For testing and development purposes there is an `enabled-unsafe-cors` field inside [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml). diff --git a/copy-of-sdk-docs/docs/user/run-node/03-txs.md b/copy-of-sdk-docs/docs/user/run-node/03-txs.md new file mode 100644 index 00000000..93f81055 --- /dev/null +++ b/copy-of-sdk-docs/docs/user/run-node/03-txs.md @@ -0,0 +1,429 @@ +--- +sidebar_position: 1 +--- + +# Generating, Signing and Broadcasting Transactions + +:::note Synopsis +This document describes how to generate an (unsigned) transaction, signing it (with one or multiple keys), and broadcasting it to the network. +::: + +## Using the CLI + +The easiest way to send transactions is using the CLI, as we have seen in the previous page when [interacting with a node](./02-interact-node.md#using-the-cli). For example, running the following command + +```bash +simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake --chain-id my-test-chain --keyring-backend test +``` + +will run the following steps: + +* generate a transaction with one `Msg` (`x/bank`'s `MsgSend`), and print the generated transaction to the console. +* ask the user for confirmation to send the transaction from the `$MY_VALIDATOR_ADDRESS` account. +* fetch `$MY_VALIDATOR_ADDRESS` from the keyring. This is possible because we have [set up the CLI's keyring](./00-keyring.md) in a previous step. +* sign the generated transaction with the keyring's account. +* broadcast the signed transaction to the network. This is possible because the CLI connects to the node's CometBFT RPC endpoint. + +The CLI bundles all the necessary steps into a simple-to-use user experience. However, it's possible to run all the steps individually too. + +### Generating a Transaction + +Generating a transaction can simply be done by appending the `--generate-only` flag on any `tx` command, e.g.: + +```bash +simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake --chain-id my-test-chain --generate-only +``` + +This will output the unsigned transaction as JSON in the console. We can also save the unsigned transaction to a file (to be passed around between signers more easily) by appending `> unsigned_tx.json` to the above command. + +### Signing a Transaction + +Signing a transaction using the CLI requires the unsigned transaction to be saved in a file. Let's assume the unsigned transaction is in a file called `unsigned_tx.json` in the current directory (see previous paragraph on how to do that). Then, simply run the following command: + +```bash +simd tx sign unsigned_tx.json --chain-id my-test-chain --keyring-backend test --from $MY_VALIDATOR_ADDRESS +``` + +This command will decode the unsigned transaction and sign it with `SIGN_MODE_DIRECT` with `$MY_VALIDATOR_ADDRESS`'s key, which we already set up in the keyring. The signed transaction will be output as JSON to the console, and, as above, we can save it to a file by appending `--output-document signed_tx.json`. + +Some useful flags to consider in the `tx sign` command: + +* `--sign-mode`: you may use `amino-json` to sign the transaction using `SIGN_MODE_LEGACY_AMINO_JSON`, +* `--offline`: sign in offline mode. This means that the `tx sign` command doesn't connect to the node to retrieve the signer's account number and sequence, both needed for signing. In this case, you must manually supply the `--account-number` and `--sequence` flags. This is useful for offline signing, i.e. signing in a secure environment which doesn't have access to the internet. + +#### Signing with Multiple Signers + +:::warning +Please note that signing a transaction with multiple signers or with a multisig account, where at least one signer uses `SIGN_MODE_DIRECT`, is not yet possible. You may follow [this Github issue](https://github.com/cosmos/cosmos-sdk/issues/8141) for more info. +::: + +Signing with multiple signers is done with the `tx multisign` command. This command assumes that all signers use `SIGN_MODE_LEGACY_AMINO_JSON`. The flow is similar to the `tx sign` command flow, but instead of signing an unsigned transaction file, each signer signs the file signed by previous signer(s). The `tx multisign` command will append signatures to the existing transactions. It is important that signers sign the transaction **in the same order** as given by the transaction, which is retrievable using the `GetSigners()` method. + +For example, starting with the `unsigned_tx.json`, and assuming the transaction has 4 signers, we would run: + +```bash +# Let signer1 sign the unsigned tx. +simd tx multisign unsigned_tx.json signer_key_1 --chain-id my-test-chain --keyring-backend test > partial_tx_1.json +# Now signer1 will send the partial_tx_1.json to the signer2. +# Signer2 appends their signature: +simd tx multisign partial_tx_1.json signer_key_2 --chain-id my-test-chain --keyring-backend test > partial_tx_2.json +# Signer2 sends the partial_tx_2.json file to signer3, and signer3 can append his signature: +simd tx multisign partial_tx_2.json signer_key_3 --chain-id my-test-chain --keyring-backend test > partial_tx_3.json +``` + +### Broadcasting a Transaction + +Broadcasting a transaction is done using the following command: + +```bash +simd tx broadcast tx_signed.json +``` + +You may optionally pass the `--broadcast-mode` flag to specify which response to receive from the node: + +* `sync`: the CLI waits for a CheckTx execution response only. +* `async`: the CLI returns immediately (transaction might fail). + +### Encoding a Transaction + +In order to broadcast a transaction using the gRPC or REST endpoints, the transaction will need to be encoded first. This can be done using the CLI. + +Encoding a transaction is done using the following command: + +```bash +simd tx encode tx_signed.json +``` + +This will read the transaction from the file, serialize it using Protobuf, and output the transaction bytes as base64 in the console. + +### Decoding a Transaction + +The CLI can also be used to decode transaction bytes. + +Decoding a transaction is done using the following command: + +```bash +simd tx decode [protobuf-byte-string] +``` + +This will decode the transaction bytes and output the transaction as JSON in the console. You can also save the transaction to a file by appending `> tx.json` to the above command. + +## Programmatically with Go + +It is possible to manipulate transactions programmatically via Go using the Cosmos SDK's `TxBuilder` interface. + +### Generating a Transaction + +Before generating a transaction, a new instance of a `TxBuilder` needs to be created. Since the Cosmos SDK supports both Amino and Protobuf transactions, the first step would be to decide which encoding scheme to use. All the subsequent steps remain unchanged, whether you're using Amino or Protobuf, as `TxBuilder` abstracts the encoding mechanisms. In the following snippet, we will use Protobuf. + +```go +import ( + "github.com/cosmos/cosmos-sdk/simapp" +) + +func sendTx() error { + // Choose your codec: Amino or Protobuf. Here, we use Protobuf, given by the following function. + app := simapp.NewSimApp(...) + + // Create a new TxBuilder. + txBuilder := app.TxConfig().NewTxBuilder() + + // --snip-- +} +``` + +We can also set up some keys and addresses that will send and receive the transactions. Here, for the purpose of the tutorial, we will be using some dummy data to create keys. + +```go +import ( + "github.com/cosmos/cosmos-sdk/testutil/testdata" +) + +priv1, _, addr1 := testdata.KeyTestPubAddr() +priv2, _, addr2 := testdata.KeyTestPubAddr() +priv3, _, addr3 := testdata.KeyTestPubAddr() +``` + +Populating the `TxBuilder` can be done via its methods: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/tx_config.go#L39-L57 +``` + +```go +import ( + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" +) + +func sendTx() error { + // --snip-- + + // Define two x/bank MsgSend messages: + // - from addr1 to addr3, + // - from addr2 to addr3. + // This means that the transaction needs two signers: addr1 and addr2. + msg1 := banktypes.NewMsgSend(addr1, addr3, types.NewCoins(types.NewInt64Coin("atom", 12))) + msg2 := banktypes.NewMsgSend(addr2, addr3, types.NewCoins(types.NewInt64Coin("atom", 34))) + + err := txBuilder.SetMsgs(msg1, msg2) + if err != nil { + return err + } + + txBuilder.SetGasLimit(...) + txBuilder.SetFeeAmount(...) + txBuilder.SetMemo(...) + txBuilder.SetTimeoutHeight(...) +} +``` + +At this point, `TxBuilder`'s underlying transaction is ready to be signed. + +#### Generating an Unordered Transaction + +Starting with Cosmos SDK v0.53.0, users may send unordered transactions to chains that have the feature enabled. + +:::warning + +Unordered transactions MUST leave sequence values unset. When a transaction is both unordered and contains a non-zero sequence value, +the transaction will be rejected. External services that operate on prior assumptions about transaction sequence values should be updated to handle unordered transactions. +Services should be aware that when the transaction is unordered, the transaction sequence will always be zero. + +::: + +Using the example above, we can set the required fields to mark a transaction as unordered. +By default, unordered transactions charge an extra 2240 units of gas to offset the additional storage overhead that supports their functionality. +The extra units of gas are customizable and therefore vary by chain, so be sure to check the chain's ante handler for the gas value set, if any. + +```go +func sendTx() error { + // --snip-- + expiration := 5 * time.Minute + txBuilder.SetUnordered(true) + txBuilder.SetTimeoutTimestamp(time.Now().Add(expiration + (1 * time.Nanosecond))) +} +``` + +Unordered transactions from the same account must use a unique timeout timestamp value. The difference between each timeout timestamp value may be as small as a nanosecond, however. + +```go +import ( + "github.com/cosmos/cosmos-sdk/client" +) + +func sendMessages(txBuilders []client.TxBuilder) error { + // --snip-- + expiration := 5 * time.Minute + for _, txb := range txBuilders { + txb.SetUnordered(true) + txb.SetTimeoutTimestamp(time.Now().Add(expiration + (1 * time.Nanosecond))) + } +} +``` + +### Signing a Transaction + +We set encoding config to use Protobuf, which will use `SIGN_MODE_DIRECT` by default. As per [ADR-020](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-020-protobuf-transaction-encoding.md), each signer needs to sign the `SignerInfo`s of all other signers. This means that we need to perform two steps sequentially: + +* for each signer, populate the signer's `SignerInfo` inside `TxBuilder`, +* once all `SignerInfo`s are populated, for each signer, sign the `SignDoc` (the payload to be signed). + +In the current `TxBuilder`'s API, both steps are done using the same method: `SetSignatures()`. The current API requires us to first perform a round of `SetSignatures()` _with empty signatures_, only to populate `SignerInfo`s, and a second round of `SetSignatures()` to actually sign the correct payload. + +```go +import ( + cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" + "github.com/cosmos/cosmos-sdk/types/tx/signing" + xauthsigning "github.com/cosmos/cosmos-sdk/x/auth/signing" +) + +func sendTx() error { + // --snip-- + + privs := []cryptotypes.PrivKey{priv1, priv2} + accNums:= []uint64{..., ...} // The accounts' account numbers + accSeqs:= []uint64{..., ...} // The accounts' sequence numbers + + // First round: we gather all the signer infos. We use the "set empty + // signature" hack to do that. + var sigsV2 []signing.SignatureV2 + for i, priv := range privs { + sigV2 := signing.SignatureV2{ + PubKey: priv.PubKey(), + Data: &signing.SingleSignatureData{ + SignMode: encCfg.TxConfig.SignModeHandler().DefaultMode(), + Signature: nil, + }, + Sequence: accSeqs[i], + } + + sigsV2 = append(sigsV2, sigV2) + } + err := txBuilder.SetSignatures(sigsV2...) + if err != nil { + return err + } + + // Second round: all signer infos are set, so each signer can sign. + sigsV2 = []signing.SignatureV2{} + for i, priv := range privs { + signerData := xauthsigning.SignerData{ + ChainID: chainID, + AccountNumber: accNums[i], + Sequence: accSeqs[i], + } + sigV2, err := tx.SignWithPrivKey( + encCfg.TxConfig.SignModeHandler().DefaultMode(), signerData, + txBuilder, priv, encCfg.TxConfig, accSeqs[i]) + if err != nil { + return nil, err + } + + sigsV2 = append(sigsV2, sigV2) + } + err = txBuilder.SetSignatures(sigsV2...) + if err != nil { + return err + } +} +``` + +The `TxBuilder` is now correctly populated. To print it, you can use the `TxConfig` interface from the initial encoding config `encCfg`: + +```go +func sendTx() error { + // --snip-- + + // Generated Protobuf-encoded bytes. + txBytes, err := encCfg.TxConfig.TxEncoder()(txBuilder.GetTx()) + if err != nil { + return err + } + + // Generate a JSON string. + txJSONBytes, err := encCfg.TxConfig.TxJSONEncoder()(txBuilder.GetTx()) + if err != nil { + return err + } + txJSON := string(txJSONBytes) +} +``` + +### Broadcasting a Transaction + +The preferred way to broadcast a transaction is to use gRPC, though using REST (via `gRPC-gateway`) or the CometBFT RPC is also possible. An overview of the differences between these methods is exposed [here](../../learn/advanced/06-grpc_rest.md). For this tutorial, we will only describe the gRPC method. + +```go +import ( + "context" + "fmt" + + "google.golang.org/grpc" + + "github.com/cosmos/cosmos-sdk/types/tx" +) + +func sendTx(ctx context.Context) error { + // --snip-- + + // Create a connection to the gRPC server. + grpcConn := grpc.Dial( + "127.0.0.1:9090", // Or your gRPC server address. + grpc.WithInsecure(), // The Cosmos SDK doesn't support any transport security mechanism. + ) + defer grpcConn.Close() + + // Broadcast the tx via gRPC. We create a new client for the Protobuf Tx + // service. + txClient := tx.NewServiceClient(grpcConn) + // We then call the BroadcastTx method on this client. + grpcRes, err := txClient.BroadcastTx( + ctx, + &tx.BroadcastTxRequest{ + Mode: tx.BroadcastMode_BROADCAST_MODE_SYNC, + TxBytes: txBytes, // Proto-binary of the signed transaction, see previous step. + }, + ) + if err != nil { + return err + } + + fmt.Println(grpcRes.TxResponse.Code) // Should be `0` if the tx is successful + + return nil +} +``` + +#### Simulating a Transaction + +Before broadcasting a transaction, we sometimes may want to dry-run the transaction, to estimate some information about the transaction without actually committing it. This is called simulating a transaction, and can be done as follows: + +```go +import ( + "context" + "fmt" + "testing" + + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/types/tx" + authtx "github.com/cosmos/cosmos-sdk/x/auth/tx" +) + +func simulateTx() error { + // --snip-- + + // Simulate the tx via gRPC. We create a new client for the Protobuf Tx + // service. + txClient := tx.NewServiceClient(grpcConn) + txBytes := /* Fill in with your signed transaction bytes. */ + + // We then call the Simulate method on this client. + grpcRes, err := txClient.Simulate( + context.Background(), + &tx.SimulateRequest{ + TxBytes: txBytes, + }, + ) + if err != nil { + return err + } + + fmt.Println(grpcRes.GasInfo) // Prints estimated gas used. + + return nil +} +``` + +## Using gRPC + +It is not possible to generate or sign a transaction using gRPC, only to broadcast one. In order to broadcast a transaction using gRPC, you will need to generate, sign, and encode the transaction using either the CLI or programmatically with Go. + +### Broadcasting a Transaction + +Broadcasting a transaction using the gRPC endpoint can be done by sending a `BroadcastTx` request as follows, where the `txBytes` are the protobuf-encoded bytes of a signed transaction: + +```bash +grpcurl -plaintext \ + -d '{"tx_bytes":"{{txBytes}}","mode":"BROADCAST_MODE_SYNC"}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/BroadcastTx +``` + +## Using REST + +It is not possible to generate or sign a transaction using REST, only to broadcast one. In order to broadcast a transaction using REST, you will need to generate, sign, and encode the transaction using either the CLI or programmatically with Go. + +### Broadcasting a Transaction + +Broadcasting a transaction using the REST endpoint (served by `gRPC-gateway`) can be done by sending a POST request as follows, where the `txBytes` are the protobuf-encoded bytes of a signed transaction: + +```bash +curl -X POST \ + -H "Content-Type: application/json" \ + -d' {"tx_bytes":"{{txBytes}}","mode":"BROADCAST_MODE_SYNC"}' \ + localhost:1317/cosmos/tx/v1beta1/txs +``` + +## Using CosmJS (JavaScript & TypeScript) + +CosmJS aims to build client libraries in JavaScript that can be embedded in web applications. Please see [https://cosmos.github.io/cosmjs](https://cosmos.github.io/cosmjs) for more information. As of January 2021, CosmJS documentation is still a work in progress. diff --git a/copy-of-sdk-docs/docs/user/run-node/04-rosetta.md b/copy-of-sdk-docs/docs/user/run-node/04-rosetta.md new file mode 100644 index 00000000..e4527abb --- /dev/null +++ b/copy-of-sdk-docs/docs/user/run-node/04-rosetta.md @@ -0,0 +1,144 @@ +# Rosetta + +The `rosetta` project implements Coinbase's [Rosetta API](https://www.rosetta-api.org). This document provides instructions on how to use the Rosetta API integration. For information about the motivation and design choices, refer to [ADR 035](https://docs.cosmos.network/main/architecture/adr-035-rosetta-api-support). + +## Installing Rosetta + +The Rosetta API server is a stand-alone server that connects to a node of a chain developed with Cosmos SDK. + +Rosetta can be added to any cosmos chain node. standalone or natively. + +### Standalone + +Rosetta can be executed as a standalone service, it connects to the node endpoints and expose the required endpoints. + +Install Rosetta standalone server with the following command: + +```bash +go install github.com/cosmos/rosetta +``` + +Alternatively, for building from source, simply run `make build`. The binary will be located in the root folder. + +### Native - As a node command + +To enable Native Rosetta API support, it's required to add the `RosettaCommand` to your application's root command file (e.g. `simd/cmd/root.go`). + +Import the `rosettaCmd` package: + +```go +import "github.com/cosmos/rosetta/cmd" +``` + +Find the following line: + +```go +initRootCmd(rootCmd, encodingConfig) +``` + +After that line, add the following: + +```go +rootCmd.AddCommand( + rosettaCmd.RosettaCommand(encodingConfig.InterfaceRegistry, encodingConfig.Codec) +) +``` + +The `RosettaCommand` function builds the `rosetta` root command and is defined in the `rosettaCmd` package (`github.com/cosmos/rosetta/cmd`). + +Since we’ve updated the Cosmos SDK to work with the Rosetta API, updating the application's root command file is all you need to do. + +An implementation example can be found in `simapp` package. + +## Use Rosetta Command + +To run Rosetta in your application CLI, use the following command: + +> **Note:** if using the native approach, add your node name before any rosetta command. + +```shell +rosetta --help +``` + +To test and run Rosetta API endpoints for applications that are running and exposed, use the following command: + +```shell +rosetta + --blockchain "your application name (ex: gaia)" + --network "your chain identifier (ex: testnet-1)" + --tendermint "tendermint endpoint (ex: localhost:26657)" + --grpc "gRPC endpoint (ex: localhost:9090)" + --addr "rosetta binding address (ex: :8080)" + --grpc-types-server (optional) "gRPC endpoint for message descriptor types" +``` + +## Plugins - Multi chain connections + +Rosetta will try to reflect the node types trough reflection over the node gRPC endpoints, there may be cases were this approach is not enough. It is possible to extend or implement the required types easily through plugins. + +To use Rosetta over any chain, it is required to set up prefixes and registering zone specific interfaces through plugins. + +Each plugin is a minimalist implementation of `InitZone` and `RegisterInterfaces` which allow Rosetta to parse chain specific data. There is an example for cosmos-hub chain under `plugins/cosmos-hun/` folder +- **InitZone**: An empty method that is executed first and defines prefixes, parameters and other settings. +- **RegisterInterfaces**: This method receives an interface registry which is were the zone specific types and interfaces will be loaded + +In order to add a new plugin: +1. Create a folder over `plugins` folder with the name of the desired zone +2. Add a `main.go` file with the mentioned methods above. +3. Build the code binary through `go build -buildmode=plugin -o main.so main.go` + +The plugin folder is selected through the cli `--plugin` flag and loaded into the Rosetta server. + +## Extensions + +There are two ways in which you can customize and extend the implementation with your custom settings. + +### Message extension + +In order to make an `sdk.Msg` understandable by rosetta the only thing which is required is adding the methods to your messages that satisfy the `rosetta.Msg` interface. Examples on how to do so can be found in the staking types such as `MsgDelegate`, or in bank types such as `MsgSend`. + +### Client interface override + +In case more customization is required, it's possible to embed the Client type and override the methods which require customizations. + +Example: + +```go +package custom_client +import ( + +"context" +"github.com/coinbase/rosetta-sdk-go/types" +"github.com/cosmos/rosetta/lib" +) + +// CustomClient embeds the standard cosmos client +// which means that it implements the cosmos-rosetta-gateway Client +// interface while at the same time allowing to customize certain methods +type CustomClient struct { + *rosetta.Client +} + +func (c *CustomClient) ConstructionPayload(_ context.Context, request *types.ConstructionPayloadsRequest) (resp *types.ConstructionPayloadsResponse, err error) { + // provide custom signature bytes + panic("implement me") +} +``` + +NOTE: when using a customized client, the command cannot be used as the constructors required **may** differ, so it's required to create a new one. We intend to provide a way to init a customized client without writing extra code in the future. + +### Error extension + +Since rosetta requires to provide 'returned' errors to network options. In order to declare a new rosetta error, we use the `errors` package in cosmos-rosetta-gateway. + +Example: + +```go +package custom_errors +import crgerrs "github.com/cosmos/rosetta/lib/errors" + +var customErrRetriable = true +var CustomError = crgerrs.RegisterError(100, "custom message", customErrRetriable, "description") +``` + +Note: errors must be registered before cosmos-rosetta-gateway's `Server`.`Start` method is called. Otherwise the registration will be ignored. Errors with same code will be ignored too. diff --git a/copy-of-sdk-docs/docs/user/run-node/05-run-testnet.md b/copy-of-sdk-docs/docs/user/run-node/05-run-testnet.md new file mode 100644 index 00000000..9200042e --- /dev/null +++ b/copy-of-sdk-docs/docs/user/run-node/05-run-testnet.md @@ -0,0 +1,101 @@ +--- +sidebar_position: 1 +--- + +# Running a Testnet + +:::note Synopsis +The `simd testnet` subcommand makes it easy to initialize and start a simulated test network for testing purposes. +::: + +In addition to the commands for [running a node](./01-run-node.md), the `simd` binary also includes a `testnet` command that allows you to start a simulated test network in-process or to initialize files for a simulated test network that runs in a separate process. + +## Initialize Files + +First, let's take a look at the `init-files` subcommand. + +This is similar to the `init` command when initializing a single node, but in this case we are initializing multiple nodes, generating the genesis transactions for each node, and then collecting those transactions. + +The `init-files` subcommand initializes the necessary files to run a test network in a separate process (i.e. using a Docker container). Running this command is not a prerequisite for the `start` subcommand ([see below](#start-testnet)). + +In order to initialize the files for a test network, run the following command: + +```bash +simd testnet init-files +``` + +You should see the following output in your terminal: + +```bash +Successfully initialized 4 node directories +``` + +The default output directory is a relative `.testnets` directory. Let's take a look at the files created within the `.testnets` directory. + +### gentxs + +The `gentxs` directory includes a genesis transaction for each validator node. Each file includes a JSON encoded genesis transaction used to register a validator node at the time of genesis. The genesis transactions are added to the `genesis.json` file within each node directory during the initialization process. + +### nodes + +A node directory is created for each validator node. Within each node directory is a `simd` directory. The `simd` directory is the home directory for each node, which includes the configuration and data files for that node (i.e. the same files included in the default `~/.simapp` directory when running a single node). + +## Start Testnet + +Now, let's take a look at the `start` subcommand. + +The `start` subcommand both initializes and starts an in-process test network. This is the fastest way to spin up a local test network for testing purposes. + +You can start the local test network by running the following command: + +```bash +simd testnet start +``` + +You should see something similar to the following: + +```bash +acquiring test network lock +preparing test network with chain-id "chain-mtoD9v" + + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++ THIS MNEMONIC IS FOR TESTING PURPOSES ONLY ++ +++ DO NOT USE IN PRODUCTION ++ +++ ++ +++ sustain know debris minute gate hybrid stereo custom ++ +++ divorce cross spoon machine latin vibrant term oblige ++ +++ moment beauty laundry repeat grab game bronze truly ++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + +starting test network... +started test network +press the Enter Key to terminate +``` + +The first validator node is now running in-process, which means the test network will terminate once you either close the terminal window or you press the Enter key. In the output, the mnemonic phrase for the first validator node is provided for testing purposes. The validator node is using the same default addresses being used when initializing and starting a single node (no need to provide a `--node` flag). + +Check the status of the first validator node: + +```shell +simd status +``` + +Import the key from the provided mnemonic: + +```shell +simd keys add test --recover --keyring-backend test +``` + +Check the balance of the account address: + +```shell +simd q bank balances [address] +``` + +Use this test account to manually test against the test network. + +## Testnet Options + +You can customize the configuration of the test network with flags. In order to see all flag options, append the `--help` flag to each command. diff --git a/copy-of-sdk-docs/docs/user/run-node/06-run-production.md b/copy-of-sdk-docs/docs/user/run-node/06-run-production.md new file mode 100644 index 00000000..6eee4808 --- /dev/null +++ b/copy-of-sdk-docs/docs/user/run-node/06-run-production.md @@ -0,0 +1,269 @@ +--- +sidebar_position: 1 +--- + +# Running in Production + +:::note Synopsis +This section describes how to securely run a node in a public setting and/or on a mainnet on one of the many Cosmos SDK public blockchains. +::: + +When operating a node, full node or validator, in production it is important to set your server up securely. + +:::note +There are many different ways to secure a server and your node, the described steps here is one way. To see another way of setting up a server see the [run in production tutorial](https://tutorials.cosmos.network/hands-on-exercise/4-run-in-prod). +::: + +:::note +This walkthrough assumes the underlying operating system is Ubuntu. +::: + +## Server Setup + +### User + +When creating a server most times it is created as user `root`. This user has heightened privileges on the server. When operating a node, it is recommended to not run your node as the root user. + +1. Create a new user + +```bash +sudo adduser change_me +``` + +2. We want to allow this user to perform sudo tasks + +```bash +sudo usermod -aG sudo change_me +``` + +Now when logging into the server, the non `root` user can be used. + +### Go + +1. Install the [Go](https://go.dev/doc/install) version preconized by the application. + +:::warning +In the past, validators [have had issues](https://github.com/cosmos/cosmos-sdk/issues/13976) when using different versions of Go. It is recommended that the whole validator set uses the version of Go that is preconized by the application. +::: + +### Firewall + +Nodes should not have all ports open to the public, this is a simple way to get DDOS'd. Secondly it is recommended by [CometBFT](https://github.com/cometbft/cometbft) to never expose ports that are not required to operate a node. + +When setting up a firewall there are a few ports that can be open when operating a Cosmos SDK node. There is the CometBFT json-RPC, prometheus, p2p, remote signer and Cosmos SDK GRPC and REST. If the node is being operated as a node that does not offer endpoints to be used for submission or querying then a max of three endpoints are needed. + +Most, if not all servers come equipped with [ufw](https://help.ubuntu.com/community/UFW). Ufw will be used in this tutorial. + +1. Reset UFW to disallow all incoming connections and allow outgoing + +```bash +sudo ufw default deny incoming +sudo ufw default allow outgoing +``` + +2. Lets make sure that port 22 (ssh) stays open. + +```bash +sudo ufw allow ssh +``` + +or + +```bash +sudo ufw allow 22 +``` + +Both of the above commands are the same. + +3. Allow Port 26656 (cometbft p2p port). If the node has a modified p2p port then that port must be used here. + +```bash +sudo ufw allow 26656/tcp +``` + +4. Allow port 26660 (cometbft [prometheus](https://prometheus.io)). This acts as the applications monitoring port as well. + +```bash +sudo ufw allow 26660/tcp +``` + +5. IF the node which is being setup would like to expose CometBFTs jsonRPC and Cosmos SDK GRPC and REST then follow this step. (Optional) + +##### CometBFT JsonRPC + +```bash +sudo ufw allow 26657/tcp +``` + +##### Cosmos SDK GRPC + +```bash +sudo ufw allow 9090/tcp +``` + +##### Cosmos SDK REST + +```bash +sudo ufw allow 1317/tcp +``` + +6. Lastly, enable ufw + +```bash +sudo ufw enable +``` + +### Signing + +If the node that is being started is a validator there are multiple ways a validator could sign blocks. + +#### File + +File based signing is the simplest and default approach. This approach works by storing the consensus key, generated on initialization, to sign blocks. This approach is only as safe as your server setup as if the server is compromised so is your key. This key is located in the `config/priv_val_key.json` directory generated on initialization. + +A second file exists that user must be aware of, the file is located in the data directory `data/priv_val_state.json`. This file protects your node from double signing. It keeps track of the consensus keys last sign height, round and latest signature. If the node crashes and needs to be recovered this file must be kept in order to ensure that the consensus key will not be used for signing a block that was previously signed. + +#### Remote Signer + +A remote signer is a secondary server that is separate from the running node that signs blocks with the consensus key. This means that the consensus key does not live on the node itself. This increases security because your full node which is connected to the remote signer can be swapped without missing blocks. + +The two most used remote signers are [tmkms](https://github.com/iqlusioninc/tmkms) from [Iqlusion](https://www.iqlusion.io) and [horcrux](https://github.com/strangelove-ventures/horcrux) from [Strangelove](https://strange.love). + +##### TMKMS + +###### Dependencies + +1. Update server dependencies and install extras needed. + +```sh +sudo apt update -y && sudo apt install build-essential curl jq -y +``` + +2. Install Rust: + +```sh +curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh +``` + +3. Install Libusb: + +```sh +sudo apt install libusb-1.0-0-dev +``` + +###### Setup + +There are two ways to install tmkms, from source or `cargo install`. In the examples we will cover downloading or building from source and using softsign. Softsign stands for software signing, but you could use a [yubihsm](https://www.yubico.com/products/hardware-security-module/) as your signing key if you wish. + +1. Build: + +From source: + +```bash +cd $HOME +git clone https://github.com/iqlusioninc/tmkms.git +cd $HOME/tmkms +cargo install tmkms --features=softsign +tmkms init config +tmkms softsign keygen ./config/secrets/secret_connection_key +``` + +or + +Cargo install: + +```bash +cargo install tmkms --features=softsign +tmkms init config +tmkms softsign keygen ./config/secrets/secret_connection_key +``` + +:::note +To use tmkms with a yubikey install the binary with `--features=yubihsm`. +::: + +2. Migrate the validator key from the full node to the new tmkms instance. + +```bash +scp user@123.456.32.123:~/.simd/config/priv_validator_key.json ~/tmkms/config/secrets +``` + +3. Import the validator key into tmkms. + +```bash +tmkms softsign import $HOME/tmkms/config/secrets/priv_validator_key.json $HOME/tmkms/config/secrets/priv_validator_key +``` + +At this point, it is necessary to delete the `priv_validator_key.json` from the validator node and the tmkms node. Since the key has been imported into tmkms (above) it is no longer necessary on the nodes. The key can be safely stored offline. + +4. Modify the `tmkms.toml`. + +```bash +vim $HOME/tmkms/config/tmkms.toml +``` + +This example shows a configuration that could be used for soft signing. The example has an IP of `123.456.12.345` with a port of `26659` a chain_id of `test-chain-waSDSe`. These are items that must be modified for the usecase of tmkms and the network. + +```toml +# CometBFT KMS configuration file + +## Chain Configuration + +[[chain]] +id = "osmosis-1" +key_format = { type = "bech32", account_key_prefix = "cosmospub", consensus_key_prefix = "cosmosvalconspub" } +state_file = "/root/tmkms/config/state/priv_validator_state.json" + +## Signing Provider Configuration + +### Software-based Signer Configuration + +[[providers.softsign]] +chain_ids = ["test-chain-waSDSe"] +key_type = "consensus" +path = "/root/tmkms/config/secrets/priv_validator_key" + +## Validator Configuration + +[[validator]] +chain_id = "test-chain-waSDSe" +addr = "tcp://123.456.12.345:26659" +secret_key = "/root/tmkms/config/secrets/secret_connection_key" +protocol_version = "v0.34" +reconnect = true +``` + +5. Set the address of the tmkms instance. + +```bash +vim $HOME/.simd/config/config.toml + +priv_validator_laddr = "tcp://0.0.0.0:26659" +``` + +:::tip +The above address it set to `0.0.0.0` but it is recommended to set the tmkms server to secure the startup +::: + +:::tip +It is recommended to comment or delete the lines that specify the path of the validator key and validator: + +```toml +# Path to the JSON file containing the private key to use as a validator in the consensus protocol +# priv_validator_key_file = "config/priv_validator_key.json" + +# Path to the JSON file containing the last sign state of a validator +# priv_validator_state_file = "data/priv_validator_state.json" +``` + +::: + +6. Start the two processes. + +```bash +tmkms start -c $HOME/tmkms/config/tmkms.toml +``` + +```bash +simd start +``` diff --git a/copy-of-sdk-docs/docs/user/run-node/_category_.json b/copy-of-sdk-docs/docs/user/run-node/_category_.json new file mode 100644 index 00000000..65e64b94 --- /dev/null +++ b/copy-of-sdk-docs/docs/user/run-node/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Running a Node, API and CLI", + "position": 0, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/docs/user/user.md b/copy-of-sdk-docs/docs/user/user.md new file mode 100644 index 00000000..5429e8ad --- /dev/null +++ b/copy-of-sdk-docs/docs/user/user.md @@ -0,0 +1,10 @@ +--- +sidebar_position: 0 +--- +# User Guides + +This section is designed for developers who are using the Cosmos SDK to build applications. It provides essential guides and references to effectively use the SDK's features. + +* [Setting up keys](./run-node/00-keyring.md) - Learn how to set up secure key management using the Cosmos SDK's keyring feature. This guide provides a streamlined approach to cryptographic key handling, which is crucial for securing your application. +* [Running a node](./run-node/01-run-node.md) - This guide provides step-by-step instructions to deploy and manage a node in the Cosmos network. It ensures a smooth and reliable operation of your blockchain application by covering all the necessary setup and maintenance steps. +* [CLI](./run-node/02-interact-node.md) - Discover how to navigate and interact with the Cosmos SDK using the Command Line Interface (CLI). This section covers efficient and powerful command-based operations that can help you manage your application effectively. From 4e299655fd00f55c482e27033bb11f972bb53425 Mon Sep 17 00:00:00 2001 From: Cordt Date: Wed, 15 Oct 2025 09:49:23 -0600 Subject: [PATCH 03/26] .. --- .../docs/learn/advanced/00-baseapp.md | 547 ---------------- .../docs/learn/advanced/01-transactions.md | 229 ------- .../docs/learn/advanced/02-context.md | 103 --- .../docs/learn/advanced/03-node.md | 96 --- .../docs/learn/advanced/04-store.md | 288 --------- .../docs/learn/advanced/05-encoding.md | 285 --------- .../docs/learn/advanced/06-grpc_rest.md | 105 --- .../docs/learn/advanced/07-cli.md | 211 ------ .../docs/learn/advanced/08-events.md | 159 ----- .../docs/learn/advanced/09-telemetry.md | 128 ---- .../docs/learn/advanced/10-ocap.md | 76 --- .../learn/advanced/11-runtx_middleware.md | 67 -- .../docs/learn/advanced/12-simulation.md | 94 --- .../docs/learn/advanced/13-proto-docs.md | 7 - .../docs/learn/advanced/15-upgrade.md | 162 ----- .../docs/learn/advanced/16-config.md | 24 - .../docs/learn/advanced/17-autocli.md | 258 -------- .../docs/learn/advanced/_category_.json | 5 - .../advanced/baseapp_state-begin_block.png | Bin 20565 -> 0 bytes .../learn/advanced/baseapp_state-checktx.png | Bin 82308 -> 0 bytes .../learn/advanced/baseapp_state-commit.png | Bin 47662 -> 0 bytes .../advanced/baseapp_state-deliver_tx.png | Bin 59007 -> 0 bytes .../advanced/baseapp_state-initchain.png | Bin 243455 -> 0 bytes .../baseapp_state-prepareproposal.png | Bin 274049 -> 0 bytes .../baseapp_state-processproposal.png | Bin 248588 -> 0 bytes .../docs/learn/advanced/baseapp_state.png | Bin 338941 -> 0 bytes .../docs/learn/advanced/blockprocessing-1.png | Bin 453261 -> 0 bytes .../learn/advanced/blockprocessing.excalidraw | Bin 46151 -> 0 bytes .../docs/learn/beginner/00-app-anatomy.md | 279 -------- .../docs/learn/beginner/01-tx-lifecycle.md | 284 --------- .../docs/learn/beginner/02-query-lifecycle.md | 147 ----- .../docs/learn/beginner/03-accounts.md | 281 -------- .../docs/learn/beginner/04-gas-fees.md | 101 --- .../docs/learn/beginner/_category_.json | 5 - .../docs/learn/intro/00-overview.md | 43 -- .../docs/learn/intro/01-why-app-specific.md | 79 --- .../learn/intro/02-sdk-app-architecture.md | 93 --- .../docs/learn/intro/03-sdk-design.md | 64 -- .../docs/learn/intro/Maincomps.excalidraw | 603 ------------------ .../docs/learn/intro/_category_.json | 5 - .../docs/learn/intro/main-components.png | Bin 61439 -> 0 bytes copy-of-sdk-docs/docs/learn/learn.md | 11 - .../docs/tutorials/_category_.json | 5 - .../transactions/00-building-a-transaction.md | 190 ------ .../tutorials/transactions/_category_.json | 5 - copy-of-sdk-docs/docs/tutorials/tutorials.md | 12 - .../tutorials/vote-extensions/_category_.json | 5 - .../00-getting-started.md | 40 -- .../01-understanding-frontrunning.md | 41 -- ...ting-front-running-with-vote-extensions.md | 331 ---------- ...-front-running-with-vote-extensions.md.bak | 331 ---------- ...ating-front-running-with-vote-extesions.md | 331 ---------- ...g-front-running-with-vote-extesions.md.bak | 331 ---------- .../03-demo-of-mitigating-front-running.md | 106 --- ...03-demo-of-mitigating-front-running.md.bak | 106 --- .../auction-frontrunning/_category_.json | 5 - .../oracle/00-getting-started.md | 36 -- .../oracle/01-what-is-an-oracle.md | 13 - .../oracle/02-implementing-vote-extensions.md | 219 ------- .../oracle/03-testing-oracle.md | 57 -- .../vote-extensions/oracle/_category_.json | 5 - .../docs/user/run-node/00-keyring.md | 145 ----- .../docs/user/run-node/01-run-node.md | 218 ------- .../docs/user/run-node/02-interact-node.md | 289 --------- copy-of-sdk-docs/docs/user/run-node/03-txs.md | 429 ------------- .../docs/user/run-node/04-rosetta.md | 144 ----- .../docs/user/run-node/05-run-testnet.md | 101 --- .../docs/user/run-node/06-run-production.md | 269 -------- .../docs/user/run-node/_category_.json | 5 - copy-of-sdk-docs/docs/user/user.md | 10 - 70 files changed, 8618 deletions(-) delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/00-baseapp.md delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/01-transactions.md delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/02-context.md delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/03-node.md delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/04-store.md delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/05-encoding.md delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/06-grpc_rest.md delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/07-cli.md delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/08-events.md delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/09-telemetry.md delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/10-ocap.md delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/11-runtx_middleware.md delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/12-simulation.md delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/13-proto-docs.md delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/15-upgrade.md delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/16-config.md delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/17-autocli.md delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/_category_.json delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/baseapp_state-begin_block.png delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/baseapp_state-checktx.png delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/baseapp_state-commit.png delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/baseapp_state-deliver_tx.png delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/baseapp_state-initchain.png delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/baseapp_state-prepareproposal.png delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/baseapp_state-processproposal.png delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/baseapp_state.png delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/blockprocessing-1.png delete mode 100644 copy-of-sdk-docs/docs/learn/advanced/blockprocessing.excalidraw delete mode 100644 copy-of-sdk-docs/docs/learn/beginner/00-app-anatomy.md delete mode 100644 copy-of-sdk-docs/docs/learn/beginner/01-tx-lifecycle.md delete mode 100644 copy-of-sdk-docs/docs/learn/beginner/02-query-lifecycle.md delete mode 100644 copy-of-sdk-docs/docs/learn/beginner/03-accounts.md delete mode 100644 copy-of-sdk-docs/docs/learn/beginner/04-gas-fees.md delete mode 100644 copy-of-sdk-docs/docs/learn/beginner/_category_.json delete mode 100644 copy-of-sdk-docs/docs/learn/intro/00-overview.md delete mode 100644 copy-of-sdk-docs/docs/learn/intro/01-why-app-specific.md delete mode 100644 copy-of-sdk-docs/docs/learn/intro/02-sdk-app-architecture.md delete mode 100644 copy-of-sdk-docs/docs/learn/intro/03-sdk-design.md delete mode 100644 copy-of-sdk-docs/docs/learn/intro/Maincomps.excalidraw delete mode 100644 copy-of-sdk-docs/docs/learn/intro/_category_.json delete mode 100644 copy-of-sdk-docs/docs/learn/intro/main-components.png delete mode 100644 copy-of-sdk-docs/docs/learn/learn.md delete mode 100644 copy-of-sdk-docs/docs/tutorials/_category_.json delete mode 100644 copy-of-sdk-docs/docs/tutorials/transactions/00-building-a-transaction.md delete mode 100644 copy-of-sdk-docs/docs/tutorials/transactions/_category_.json delete mode 100644 copy-of-sdk-docs/docs/tutorials/tutorials.md delete mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/_category_.json delete mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/00-getting-started.md delete mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/01-understanding-frontrunning.md delete mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md delete mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md.bak delete mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md delete mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md.bak delete mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md delete mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md.bak delete mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/_category_.json delete mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/00-getting-started.md delete mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/01-what-is-an-oracle.md delete mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/02-implementing-vote-extensions.md delete mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/03-testing-oracle.md delete mode 100644 copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/_category_.json delete mode 100644 copy-of-sdk-docs/docs/user/run-node/00-keyring.md delete mode 100644 copy-of-sdk-docs/docs/user/run-node/01-run-node.md delete mode 100644 copy-of-sdk-docs/docs/user/run-node/02-interact-node.md delete mode 100644 copy-of-sdk-docs/docs/user/run-node/03-txs.md delete mode 100644 copy-of-sdk-docs/docs/user/run-node/04-rosetta.md delete mode 100644 copy-of-sdk-docs/docs/user/run-node/05-run-testnet.md delete mode 100644 copy-of-sdk-docs/docs/user/run-node/06-run-production.md delete mode 100644 copy-of-sdk-docs/docs/user/run-node/_category_.json delete mode 100644 copy-of-sdk-docs/docs/user/user.md diff --git a/copy-of-sdk-docs/docs/learn/advanced/00-baseapp.md b/copy-of-sdk-docs/docs/learn/advanced/00-baseapp.md deleted file mode 100644 index b24a570d..00000000 --- a/copy-of-sdk-docs/docs/learn/advanced/00-baseapp.md +++ /dev/null @@ -1,547 +0,0 @@ ---- -sidebar_position: 1 ---- - -# BaseApp - -:::note Synopsis -This document describes `BaseApp`, the abstraction that implements the core functionalities of a Cosmos SDK application. -::: - -:::note Pre-requisite Readings - -* [Anatomy of a Cosmos SDK application](../beginner/00-app-anatomy.md) -* [Lifecycle of a Cosmos SDK transaction](../beginner/01-tx-lifecycle.md) - -::: - -## Introduction - -`BaseApp` is a base type that implements the core of a Cosmos SDK application, namely: - -* The [Application Blockchain Interface](#main-abci-messages), for the state-machine to communicate with the underlying consensus engine (e.g. CometBFT). -* [Service Routers](#service-routers), to route messages and queries to the appropriate module. -* Different [states](#state-updates), as the state-machine can have different volatile states updated based on the ABCI message received. - -The goal of `BaseApp` is to provide the fundamental layer of a Cosmos SDK application -that developers can easily extend to build their own custom application. Usually, -developers will create a custom type for their application, like so: - -```go -type App struct { - // reference to a BaseApp - *baseapp.BaseApp - - // list of application store keys - - // list of application keepers - - // module manager -} -``` - -Extending the application with `BaseApp` gives the former access to all of `BaseApp`'s methods. -This allows developers to compose their custom application with the modules they want, while not -having to concern themselves with the hard work of implementing the ABCI, the service routers and state -management logic. - -## Type Definition - -The `BaseApp` type holds many important parameters for any Cosmos SDK based application. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/baseapp.go#L64-L201 -``` - -Let us go through the most important components. - -> **Note**: Not all parameters are described, only the most important ones. Refer to the -> type definition for the full list. - -First, the important parameters that are initialized during the bootstrapping of the application: - -* [`CommitMultiStore`](./04-store.md#commitmultistore): This is the main store of the application, - which holds the canonical state that is committed at the [end of each block](#commit). This store - is **not** cached, meaning it is not used to update the application's volatile (un-committed) states. - The `CommitMultiStore` is a multi-store, meaning a store of stores. Each module of the application - uses one or multiple `KVStores` in the multi-store to persist their subset of the state. -* Database: The `db` is used by the `CommitMultiStore` to handle data persistence. -* [`Msg` Service Router](#msg-service-router): The `msgServiceRouter` facilitates the routing of `sdk.Msg` requests to the appropriate - module `Msg` service for processing. Here a `sdk.Msg` refers to the transaction component that needs to be - processed by a service in order to update the application state, and not to ABCI message which implements - the interface between the application and the underlying consensus engine. -* [gRPC Query Router](#grpc-query-router): The `grpcQueryRouter` facilitates the routing of gRPC queries to the - appropriate module for it to be processed. These queries are not ABCI messages themselves, but they - are relayed to the relevant module's gRPC `Query` service. -* [`TxDecoder`](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/types#TxDecoder): It is used to decode - raw transaction bytes relayed by the underlying CometBFT engine. -* [`AnteHandler`](#antehandler): This handler is used to handle signature verification, fee payment, - and other pre-message execution checks when a transaction is received. It's executed during - [`CheckTx/RecheckTx`](#checktx) and [`FinalizeBlock`](#finalizeblock). -* [`InitChainer`](../beginner/00-app-anatomy.md#initchainer), [`PreBlocker`](../beginner/00-app-anatomy.md#preblocker), [`BeginBlocker` and `EndBlocker`](../beginner/00-app-anatomy.md#beginblocker-and-endblocker): These are - the functions executed when the application receives the `InitChain` and `FinalizeBlock` - ABCI messages from the underlying CometBFT engine. - -Then, parameters used to define [volatile states](#state-updates) (i.e. cached states): - -* `checkState`: This state is updated during [`CheckTx`](#checktx), and reset on [`Commit`](#commit). -* `finalizeBlockState`: This state is updated during [`FinalizeBlock`](#finalizeblock), and set to `nil` on - [`Commit`](#commit) and gets re-initialized on `FinalizeBlock`. -* `processProposalState`: This state is updated during [`ProcessProposal`](#process-proposal). -* `prepareProposalState`: This state is updated during [`PrepareProposal`](#prepare-proposal). - -Finally, a few more important parameters: - -* `voteInfos`: This parameter carries the list of validators whose precommit is missing, either - because they did not vote or because the proposer did not include their vote. This information is - carried by the [Context](./02-context.md) and can be used by the application for various things like - punishing absent validators. -* `minGasPrices`: This parameter defines the minimum gas prices accepted by the node. This is a - **local** parameter, meaning each full-node can set a different `minGasPrices`. It is used in the - `AnteHandler` during [`CheckTx`](#checktx), mainly as a spam protection mechanism. The transaction - enters the [mempool](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#mempool-methods) - only if the gas prices of the transaction are greater than one of the minimum gas price in - `minGasPrices` (e.g. if `minGasPrices == 1uatom,1photon`, the `gas-price` of the transaction must be - greater than `1uatom` OR `1photon`). -* `appVersion`: Version of the application. It is set in the - [application's constructor function](../beginner/00-app-anatomy.md#constructor-function). - -## Constructor - -```go -func NewBaseApp( - name string, logger log.Logger, db dbm.DB, txDecoder sdk.TxDecoder, options ...func(*BaseApp), -) *BaseApp { - - // ... -} -``` - -The `BaseApp` constructor function is pretty straightforward. The only thing worth noting is the -possibility to provide additional [`options`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/options.go) -to the `BaseApp`, which will execute them in order. The `options` are generally `setter` functions -for important parameters, like `SetPruning()` to set pruning options or `SetMinGasPrices()` to set -the node's `min-gas-prices`. - -Naturally, developers can add additional `options` based on their application's needs. - -## State Updates - -The `BaseApp` maintains four primary volatile states and a root or main state. The main state -is the canonical state of the application and the volatile states, `checkState`, `prepareProposalState`, `processProposalState` and `finalizeBlockState` -are used to handle state transitions in-between the main state made during [`Commit`](#commit). - -Internally, there is only a single `CommitMultiStore` which we refer to as the main or root state. -From this root state, we derive four volatile states by using a mechanism called _store branching_ (performed by `CacheWrap` function). -The types can be illustrated as follows: - -![Types](./baseapp_state.png) - -### InitChain State Updates - -During `InitChain`, the four volatile states, `checkState`, `prepareProposalState`, `processProposalState` -and `finalizeBlockState` are set by branching the root `CommitMultiStore`. Any subsequent reads and writes happen -on branched versions of the `CommitMultiStore`. -To avoid unnecessary roundtrip to the main state, all reads to the branched store are cached. - -![InitChain](./baseapp_state-initchain.png) - -### CheckTx State Updates - -During `CheckTx`, the `checkState`, which is based off of the last committed state from the root -store, is used for any reads and writes. Here we only execute the `AnteHandler` and verify a service router -exists for every message in the transaction. Note, when we execute the `AnteHandler`, we branch -the already branched `checkState`. -This has the side effect that if the `AnteHandler` fails, the state transitions won't be reflected in the `checkState` --- i.e. `checkState` is only updated on success. - -![CheckTx](./baseapp_state-checktx.png) - -### PrepareProposal State Updates - -During `PrepareProposal`, the `prepareProposalState` is set by branching the root `CommitMultiStore`. -The `prepareProposalState` is used for any reads and writes that occur during the `PrepareProposal` phase. -The function uses the `Select()` method of the mempool to iterate over the transactions. `runTx` is then called, -which encodes and validates each transaction and from there the `AnteHandler` is executed. -If successful, valid transactions are returned inclusive of the events, tags, and data generated -during the execution of the proposal. -The described behavior is that of the default handler, applications have the flexibility to define their own -[custom mempool handlers](https://docs.cosmos.network/main/build/building-apps/app-mempool). - -![ProcessProposal](./baseapp_state-prepareproposal.png) - -### ProcessProposal State Updates - -During `ProcessProposal`, the `processProposalState` is set based off of the last committed state -from the root store and is used to process a signed proposal received from a validator. -In this state, `runTx` is called and the `AnteHandler` is executed and the context used in this state is built with information -from the header and the main state, including the minimum gas prices, which are also set. -Again we want to highlight that the described behavior is that of the default handler and applications have the flexibility to define their own -[custom mempool handlers](https://docs.cosmos.network/main/build/building-apps/app-mempool). - -![ProcessProposal](./baseapp_state-processproposal.png) - -### FinalizeBlock State Updates - -During `FinalizeBlock`, the `finalizeBlockState` is set for use during transaction execution and endblock. The -`finalizeBlockState` is based off of the last committed state from the root store and is branched. -Note, the `finalizeBlockState` is set to `nil` on [`Commit`](#commit). - -The state flow for transaction execution is nearly identical to `CheckTx` except state transitions occur on -the `finalizeBlockState` and messages in a transaction are executed. Similarly to `CheckTx`, state transitions -occur on a doubly branched state -- `finalizeBlockState`. Successful message execution results in -writes being committed to `finalizeBlockState`. Note, if message execution fails, state transitions from -the AnteHandler are persisted. - -### Commit State Updates - -During `Commit` all the state transitions that occurred in the `finalizeBlockState` are finally written to -the root `CommitMultiStore` which in turn is committed to disk and results in a new application -root hash. These state transitions are now considered final. Finally, the `checkState` is set to the -newly committed state and `finalizeBlockState` is set to `nil` to be reset on `FinalizeBlock`. - -![Commit](./baseapp_state-commit.png) - -## ParamStore - -During `InitChain`, the `RequestInitChain` provides `ConsensusParams` which contains parameters -related to block execution such as maximum gas and size in addition to evidence parameters. If these -parameters are non-nil, they are set in the BaseApp's `ParamStore`. Behind the scenes, the `ParamStore` -is managed by an `x/consensus_params` module. This allows the parameters to be tweaked via - on-chain governance. - -## Service Routers - -When messages and queries are received by the application, they must be routed to the appropriate module in order to be processed. Routing is done via `BaseApp`, which holds a `msgServiceRouter` for messages, and a `grpcQueryRouter` for queries. - -### `Msg` Service Router - -[`sdk.Msg`s](../../build/building-modules/02-messages-and-queries.md#messages) need to be routed after they are extracted from transactions, which are sent from the underlying CometBFT engine via the [`CheckTx`](#checktx) and [`FinalizeBlock`](#finalizeblock) ABCI messages. To do so, `BaseApp` holds a `msgServiceRouter` which maps fully-qualified service methods (`string`, defined in each module's Protobuf `Msg` service) to the appropriate module's `MsgServer` implementation. - -The [default `msgServiceRouter` included in `BaseApp`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/msg_service_router.go) is stateless. However, some applications may want to make use of more stateful routing mechanisms such as allowing governance to disable certain routes or point them to new modules for upgrade purposes. For this reason, the `sdk.Context` is also passed into each [route handler inside `msgServiceRouter`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/msg_service_router.go#L35-L36). For a stateless router that doesn't want to make use of this, you can just ignore the `ctx`. - -The application's `msgServiceRouter` is initialized with all the routes using the application's [module manager](../../build/building-modules/01-module-manager.md#manager) (via the `RegisterServices` method), which itself is initialized with all the application's modules in the application's [constructor](../beginner/00-app-anatomy.md#constructor-function). - -### gRPC Query Router - -Similar to `sdk.Msg`s, [`queries`](../../build/building-modules/02-messages-and-queries.md#queries) need to be routed to the appropriate module's [`Query` service](../../build/building-modules/04-query-services.md). To do so, `BaseApp` holds a `grpcQueryRouter`, which maps modules' fully-qualified service methods (`string`, defined in their Protobuf `Query` gRPC) to their `QueryServer` implementation. The `grpcQueryRouter` is called during the initial stages of query processing, which can be either by directly sending a gRPC query to the gRPC endpoint, or via the [`Query` ABCI message](#query) on the CometBFT RPC endpoint. - -Just like the `msgServiceRouter`, the `grpcQueryRouter` is initialized with all the query routes using the application's [module manager](../../build/building-modules/01-module-manager.md) (via the `RegisterServices` method), which itself is initialized with all the application's modules in the application's [constructor](../beginner/00-app-anatomy.md#app-constructor). - -## Main ABCI 2.0 Messages - -The [Application-Blockchain Interface](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md) (ABCI) is a generic interface that connects a state-machine with a consensus engine to form a functional full-node. It can be wrapped in any language, and needs to be implemented by each application-specific blockchain built on top of an ABCI-compatible consensus engine like CometBFT. - -The consensus engine handles two main tasks: - -* The networking logic, which mainly consists in gossiping block parts, transactions and consensus votes. -* The consensus logic, which results in the deterministic ordering of transactions in the form of blocks. - -It is **not** the role of the consensus engine to define the state or the validity of transactions. Generally, transactions are handled by the consensus engine in the form of `[]bytes`, and relayed to the application via the ABCI to be decoded and processed. At keys moments in the networking and consensus processes (e.g. beginning of a block, commit of a block, reception of an unconfirmed transaction, ...), the consensus engine emits ABCI messages for the state-machine to act on. - -Developers building on top of the Cosmos SDK need not implement the ABCI themselves, as `BaseApp` comes with a built-in implementation of the interface. Let us go through the main ABCI messages that `BaseApp` implements: - -* [`Prepare Proposal`](#prepare-proposal) -* [`Process Proposal`](#process-proposal) -* [`CheckTx`](#checktx) -* [`FinalizeBlock`](#finalizeblock) -* [`ExtendVote`](#extendvote) -* [`VerifyVoteExtension`](#verifyvoteextension) - - -### Prepare Proposal - -The `PrepareProposal` function is part of the new methods introduced in Application Blockchain Interface (ABCI++) in CometBFT and is an important part of the application's overall governance system. In the Cosmos SDK, it allows the application to have more fine-grained control over the transactions that are processed, and ensures that only valid transactions are committed to the blockchain. - -Here is how the `PrepareProposal` function can be implemented: - -1. Extract the `sdk.Msg`s from the transaction. -2. Perform _stateful_ checks by calling `Validate()` on each of the `sdk.Msg`'s. This is done after _stateless_ checks as _stateful_ checks are more computationally expensive. If `Validate()` fails, `PrepareProposal` returns before running further checks, which saves resources. -3. Perform any additional checks that are specific to the application, such as checking account balances, or ensuring that certain conditions are met before a transaction is proposed.hey are processed by the consensus engine, if necessary. -4. Return the updated transactions to be processed by the consensus engine - -Note that, unlike `CheckTx()`, `PrepareProposal` process `sdk.Msg`s, so it can directly update the state. However, unlike `FinalizeBlock()`, it does not commit the state updates. It's important to exercise caution when using `PrepareProposal` as incorrect coding could affect the overall liveness of the network. - -It's important to note that `PrepareProposal` complements the `ProcessProposal` method which is executed after this method. The combination of these two methods means that it is possible to guarantee that no invalid transactions are ever committed. Furthermore, such a setup can give rise to other interesting use cases such as Oracles, threshold decryption and more. - -`PrepareProposal` returns a response to the underlying consensus engine of type [`abci.CheckTxResponse`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#processproposal). The response contains: - -* `Code (uint32)`: Response Code. `0` if successful. -* `Data ([]byte)`: Result bytes, if any. -* `Log (string):` The output of the application's logger. May be non-deterministic. -* `Info (string):` Additional information. May be non-deterministic. - - -### Process Proposal - -The `ProcessProposal` function is called by the BaseApp as part of the ABCI message flow, and is executed during the `FinalizeBlock` phase of the consensus process. The purpose of this function is to give more control to the application for block validation, allowing it to check all transactions in a proposed block before the validator sends the prevote for the block. It allows a validator to perform application-dependent work in a proposed block, enabling features such as immediate block execution, and allows the Application to reject invalid blocks. - -The `ProcessProposal` function performs several key tasks, including: - -1. Validating the proposed block by checking all transactions in it. -2. Checking the proposed block against the current state of the application, to ensure that it is valid and that it can be executed. -3. Updating the application's state based on the proposal, if it is valid and passes all checks. -4. Returning a response to CometBFT indicating the result of the proposal processing. - -The `ProcessProposal` is an important part of the application's overall governance system. It is used to manage the network's parameters and other key aspects of its operation. It also ensures that the coherence property is adhered to i.e. all honest validators must accept a proposal by an honest proposer. - -It's important to note that `ProcessProposal` complements the `PrepareProposal` method which enables the application to have more fine-grained transaction control by allowing it to reorder, drop, delay, modify, and even add transactions as they see necessary. The combination of these two methods means that it is possible to guarantee that no invalid transactions are ever committed. Furthermore, such a setup can give rise to other interesting use cases such as Oracles, threshold decryption and more. - -CometBFT calls it when it receives a proposal and the CometBFT algorithm has not locked on a value. The Application cannot modify the proposal at this point but can reject it if it is invalid. If that is the case, CometBFT will prevote `nil` on the proposal, which has strong liveness implications for CometBFT. As a general rule, the Application SHOULD accept a prepared proposal passed via `ProcessProposal`, even if a part of the proposal is invalid (e.g., an invalid transaction); the Application can ignore the invalid part of the prepared proposal at block execution time. - -However, developers must exercise greater caution when using these methods. Incorrectly coding these methods could affect liveness as CometBFT is unable to receive 2/3 valid precommits to finalize a block. - -`ProcessProposal` returns a response to the underlying consensus engine of type [`abci.CheckTxResponse`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#processproposal). The response contains: - -* `Code (uint32)`: Response Code. `0` if successful. -* `Data ([]byte)`: Result bytes, if any. -* `Log (string):` The output of the application's logger. May be non-deterministic. -* `Info (string):` Additional information. May be non-deterministic. - - -### CheckTx - -`CheckTx` is sent by the underlying consensus engine when a new unconfirmed (i.e. not yet included in a valid block) -transaction is received by a full-node. The role of `CheckTx` is to guard the full-node's mempool -(where unconfirmed transactions are stored until they are included in a block) from spam transactions. -Unconfirmed transactions are relayed to peers only if they pass `CheckTx`. - -`CheckTx()` can perform both _stateful_ and _stateless_ checks, but developers should strive to -make the checks **lightweight** because gas fees are not charged for the resources (CPU, data load...) used during the `CheckTx`. - -In the Cosmos SDK, after [decoding transactions](./05-encoding.md), `CheckTx()` is implemented -to do the following checks: - -1. Extract the `sdk.Msg`s from the transaction. -2. **Optionally** perform _stateless_ checks by calling `ValidateBasic()` on each of the `sdk.Msg`s. This is done - first, as _stateless_ checks are less computationally expensive than _stateful_ checks. If - `ValidateBasic()` fail, `CheckTx` returns before running _stateful_ checks, which saves resources. - This check is still performed for messages that have not yet migrated to the new message validation mechanism defined in [RFC 001](https://docs.cosmos.network/main/rfc/rfc-001-tx-validation) and still have a `ValidateBasic()` method. -3. Perform non-module related _stateful_ checks on the [account](../beginner/03-accounts.md). This step is mainly about checking - that the `sdk.Msg` signatures are valid, that enough fees are provided and that the sending account - has enough funds to pay for said fees. Note that no precise [`gas`](../beginner/04-gas-fees.md) counting occurs here, - as `sdk.Msg`s are not processed. Usually, the [`AnteHandler`](../beginner/04-gas-fees.md#antehandler) will check that the `gas` provided - with the transaction is superior to a minimum reference gas amount based on the raw transaction size, - in order to avoid spam with transactions that provide 0 gas. - -`CheckTx` does **not** process `sdk.Msg`s - they only need to be processed when the canonical state needs to be updated, which happens during `FinalizeBlock`. - -Steps 2. and 3. are performed by the [`AnteHandler`](../beginner/04-gas-fees.md#antehandler) in the [`RunTx()`](#runtx-antehandler-and-runmsgs) -function, which `CheckTx()` calls with the `runTxModeCheck` mode. During each step of `CheckTx()`, a -special [volatile state](#state-updates) called `checkState` is updated. This state is used to keep -track of the temporary changes triggered by the `CheckTx()` calls of each transaction without modifying -the [main canonical state](#main-state). For example, when a transaction goes through `CheckTx()`, the -transaction's fees are deducted from the sender's account in `checkState`. If a second transaction is -received from the same account before the first is processed, and the account has consumed all its -funds in `checkState` during the first transaction, the second transaction will fail `CheckTx`() and -be rejected. In any case, the sender's account will not actually pay the fees until the transaction -is actually included in a block, because `checkState` never gets committed to the main state. The -`checkState` is reset to the latest state of the main state each time a blocks gets [committed](#commit). - -`CheckTx` returns a response to the underlying consensus engine of type [`abci.CheckTxResponse`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#checktx). -The response contains: - -* `Code (uint32)`: Response Code. `0` if successful. -* `Data ([]byte)`: Result bytes, if any. -* `Log (string):` The output of the application's logger. May be non-deterministic. -* `Info (string):` Additional information. May be non-deterministic. -* `GasWanted (int64)`: Amount of gas requested for transaction. It is provided by users when they generate the transaction. -* `GasUsed (int64)`: Amount of gas consumed by transaction. During `CheckTx`, this value is computed by multiplying the standard cost of a transaction byte by the size of the raw transaction. Next is an example: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/ante/basic.go#L104 -``` - -* `Events ([]cmn.KVPair)`: Key-Value tags for filtering and indexing transactions (eg. by account). See [`event`s](./08-events.md) for more. -* `Codespace (string)`: Namespace for the Code. - -#### RecheckTx - -After `Commit`, `CheckTx` is run again on all transactions that remain in the node's local mempool -excluding the transactions that are included in the block. To prevent the mempool from rechecking all transactions -every time a block is committed, the configuration option `mempool.recheck=false` can be set. As of -Tendermint v0.32.1, an additional `Type` parameter is made available to the `CheckTx` function that -indicates whether an incoming transaction is new (`CheckTxType_New`), or a recheck (`CheckTxType_Recheck`). -This allows certain checks like signature verification can be skipped during `CheckTxType_Recheck`. - -## RunTx, AnteHandler, RunMsgs, PostHandler - -### RunTx - -`RunTx` is called from `CheckTx`/`Finalizeblock` to handle the transaction, with `execModeCheck` or `execModeFinalize` as parameter to differentiate between the two modes of execution. Note that when `RunTx` receives a transaction, it has already been decoded. - -The first thing `RunTx` does upon being called is to retrieve the `context`'s `CacheMultiStore` by calling the `getContextForTx()` function with the appropriate mode (either `runTxModeCheck` or `execModeFinalize`). This `CacheMultiStore` is a branch of the main store, with cache functionality (for query requests), instantiated during `FinalizeBlock` for transaction execution and during the `Commit` of the previous block for `CheckTx`. After that, two `defer func()` are called for [`gas`](../beginner/04-gas-fees.md) management. They are executed when `runTx` returns and make sure `gas` is actually consumed, and will throw errors, if any. - -After that, `RunTx()` calls `ValidateBasic()`, when available and for backward compatibility, on each `sdk.Msg`in the `Tx`, which runs preliminary _stateless_ validity checks. If any `sdk.Msg` fails to pass `ValidateBasic()`, `RunTx()` returns with an error. - -Then, the [`anteHandler`](#antehandler) of the application is run (if it exists). In preparation of this step, both the `checkState`/`finalizeBlockState`'s `context` and `context`'s `CacheMultiStore` are branched using the `cacheTxContext()` function. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/baseapp.go#L706-L722 -``` - -This allows `RunTx` not to commit the changes made to the state during the execution of `anteHandler` if it ends up failing. It also prevents the module implementing the `anteHandler` from writing to state, which is an important part of the [object-capabilities](./10-ocap.md) of the Cosmos SDK. - -Finally, the [`RunMsgs()`](#runmsgs) function is called to process the `sdk.Msg`s in the `Tx`. In preparation of this step, just like with the `anteHandler`, both the `checkState`/`finalizeBlockState`'s `context` and `context`'s `CacheMultiStore` are branched using the `cacheTxContext()` function. - -### AnteHandler - -The `AnteHandler` is a special handler that implements the `AnteHandler` interface and is used to authenticate the transaction before the transaction's internal messages are processed. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/handler.go#L3-L5 -``` - -The `AnteHandler` is theoretically optional, but still a very important component of public blockchain networks. It serves 3 primary purposes: - -* Be a primary line of defense against spam and second line of defense (the first one being the mempool) against transaction replay with fees deduction and [`sequence`](./01-transactions.md#transaction-generation) checking. -* Perform preliminary _stateful_ validity checks like ensuring signatures are valid or that the sender has enough funds to pay for fees. -* Play a role in the incentivization of stakeholders via the collection of transaction fees. - -`BaseApp` holds an `anteHandler` as parameter that is initialized in the [application's constructor](../beginner/00-app-anatomy.md#application-constructor). The most widely used `anteHandler` is the [`auth` module](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/ante/ante.go). - -Click [here](../beginner/04-gas-fees.md#antehandler) for more on the `anteHandler`. - -### RunMsgs - -`RunMsgs` is called from `RunTx` with `runTxModeCheck` as parameter to check the existence of a route for each message the transaction, and with `execModeFinalize` to actually process the `sdk.Msg`s. - -First, it retrieves the `sdk.Msg`'s fully-qualified type name, by checking the `type_url` of the Protobuf `Any` representing the `sdk.Msg`. Then, using the application's [`msgServiceRouter`](#msg-service-router), it checks for the existence of `Msg` service method related to that `type_url`. At this point, if `mode == runTxModeCheck`, `RunMsgs` returns. Otherwise, if `mode == execModeFinalize`, the [`Msg` service](../../build/building-modules/03-msg-services.md) RPC is executed, before `RunMsgs` returns. - -### PostHandler - -`PostHandler` is similar to `AnteHandler`, but it, as the name suggests, executes custom post tx processing logic after [`RunMsgs`](#runmsgs) is called. `PostHandler` receives the `Result` of the `RunMsgs` in order to enable this customizable behavior. - -Like `AnteHandler`s, `PostHandler`s are theoretically optional. - -Other use cases like unused gas refund can also be enabled by `PostHandler`s. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/posthandler/post.go#L1-L15 -``` - -Note, when `PostHandler`s fail, the state from `runMsgs` is also reverted, effectively making the transaction fail. - -## Other ABCI Messages - -### InitChain - -The [`InitChain` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#method-overview) is sent from the underlying CometBFT engine when the chain is first started. It is mainly used to **initialize** parameters and state like: - -* [Consensus Parameters](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_app_requirements.md#consensus-parameters) via `setConsensusParams`. -* [`checkState` and `finalizeBlockState`](#state-updates) via `setState`. -* The [block gas meter](../beginner/04-gas-fees.md#block-gas-meter), with infinite gas to process genesis transactions. - -Finally, the `InitChain(req abci.InitChainRequest)` method of `BaseApp` calls the [`initChainer()`](../beginner/00-app-anatomy.md#initchainer) of the application in order to initialize the main state of the application from the `genesis file` and, if defined, call the [`InitGenesis`](../../build/building-modules/08-genesis.md#initgenesis) function of each of the application's modules. - - -### FinalizeBlock - -The [`FinalizeBlock` ABCI message](https://github.com/cometbft/cometbft/blob/v0.38.x/spec/abci/abci++_basic_concepts.md#method-overview) is sent from the underlying CometBFT engine when a block proposal created by the correct proposer is received. The previous `BeginBlock, DeliverTx and Endblock` calls are private methods on the BaseApp struct. - - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/abci.go#L869 -``` - -#### PreBlock - -* Run the application's [`preBlocker()`](../beginner/00-app-anatomy.md#preblocker), which mainly runs the [`PreBlocker()`](../../build/building-modules/17-preblock.md#preblock) method of each of the modules. - -#### BeginBlock - -* Initialize [`finalizeBlockState`](#state-updates) with the latest header using the `req abci.FinalizeBlockRequest` passed as parameter via the `setState` function. - - ```go reference - https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/baseapp.go#L746-L770 - ``` - - This function also resets the [main gas meter](../beginner/04-gas-fees.md#main-gas-meter). - -* Initialize the [block gas meter](../beginner/04-gas-fees.md#block-gas-meter) with the `maxGas` limit. The `gas` consumed within the block cannot go above `maxGas`. This parameter is defined in the application's consensus parameters. -* Run the application's [`beginBlocker()`](../beginner/00-app-anatomy.md#beginblocker-and-endblocker), which mainly runs the [`BeginBlocker()`](../../build/building-modules/06-beginblock-endblock.md#beginblock) method of each of the modules. -* Set the [`VoteInfos`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#voteinfo) of the application, i.e. the list of validators whose _precommit_ for the previous block was included by the proposer of the current block. This information is carried into the [`Context`](./02-context.md) so that it can be used during transaction execution and EndBlock. - -#### Transaction Execution - -When the underlying consensus engine receives a block proposal, each transaction in the block needs to be processed by the application. To that end, the underlying consensus engine sends the transactions in FinalizeBlock message to the application for each transaction in a sequential order. - -Before the first transaction of a given block is processed, a [volatile state](#state-updates) called `finalizeBlockState` is initialized during FinalizeBlock. This state is updated each time a transaction is processed via `FinalizeBlock`, and committed to the [main state](#main-state) when the block is [committed](#commit), after what it is set to `nil`. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/baseapp.go#L772-L807 -``` - -Transaction execution within `FinalizeBlock` performs the **exact same steps as `CheckTx`**, with a little caveat at step 3 and the addition of a fifth step: - -1. The `AnteHandler` does **not** check that the transaction's `gas-prices` is sufficient. That is because the `min-gas-prices` value `gas-prices` is checked against is local to the node, and therefore what is enough for one full-node might not be for another. This means that the proposer can potentially include transactions for free, although they are not incentivized to do so, as they earn a bonus on the total fee of the block they propose. -2. For each `sdk.Msg` in the transaction, route to the appropriate module's Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md). Additional _stateful_ checks are performed, and the branched multistore held in `finalizeBlockState`'s `context` is updated by the module's `keeper`. If the `Msg` service returns successfully, the branched multistore held in `context` is written to `finalizeBlockState` `CacheMultiStore`. - -During the additional fifth step outlined in (2), each read/write to the store increases the value of `GasConsumed`. You can find the default cost of each operation: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/gas.go#L230-L241 -``` - -At any point, if `GasConsumed > GasWanted`, the function returns with `Code != 0` and the execution fails. - -Each transactions returns a response to the underlying consensus engine of type [`abci.ExecTxResult`](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/spec/abci/abci%2B%2B_methods.md#exectxresult). The response contains: - -* `Code (uint32)`: Response Code. `0` if successful. -* `Data ([]byte)`: Result bytes, if any. -* `Log (string):` The output of the application's logger. May be non-deterministic. -* `Info (string):` Additional information. May be non-deterministic. -* `GasWanted (int64)`: Amount of gas requested for transaction. It is provided by users when they generate the transaction. -* `GasUsed (int64)`: Amount of gas consumed by transaction. During transaction execution, this value is computed by multiplying the standard cost of a transaction byte by the size of the raw transaction, and by adding gas each time a read/write to the store occurs. -* `Events ([]cmn.KVPair)`: Key-Value tags for filtering and indexing transactions (eg. by account). See [`event`s](./08-events.md) for more. -* `Codespace (string)`: Namespace for the Code. - -#### EndBlock - -EndBlock is run after transaction execution completes. It allows developers to have logic be executed at the end of each block. In the Cosmos SDK, the bulk EndBlock() method is to run the application's EndBlocker(), which mainly runs the EndBlocker() method of each of the application's modules. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/baseapp.go#L811-L833 -``` - -### Commit - -The [`Commit` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#method-overview) is sent from the underlying CometBFT engine after the full-node has received _precommits_ from 2/3+ of validators (weighted by voting power). On the `BaseApp` end, the `Commit(res abci.CommitResponse)` function is implemented to commit all the valid state transitions that occurred during `FinalizeBlock` and to reset state for the next block. - -To commit state-transitions, the `Commit` function calls the `Write()` function on `finalizeBlockState.ms`, where `finalizeBlockState.ms` is a branched multistore of the main store `app.cms`. Then, the `Commit` function sets `checkState` to the latest header (obtained from `finalizeBlockState.ctx.BlockHeader`) and `finalizeBlockState` to `nil`. - -Finally, `Commit` returns the hash of the commitment of `app.cms` back to the underlying consensus engine. This hash is used as a reference in the header of the next block. - -### Info - -The [`Info` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#info-methods) is a simple query from the underlying consensus engine, notably used to sync the latter with the application during a handshake that happens on startup. When called, the `Info(res abci.InfoResponse)` function from `BaseApp` will return the application's name, version and the hash of the last commit of `app.cms`. - -### Query - -The [`Query` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#info-methods) is used to serve queries received from the underlying consensus engine, including queries received via RPC like CometBFT RPC. It used to be the main entrypoint to build interfaces with the application, but with the introduction of [gRPC queries](../../build/building-modules/04-query-services.md) in Cosmos SDK v0.40, its usage is more limited. The application must respect a few rules when implementing the `Query` method, which are outlined [here](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_app_requirements.md#query). - -Each CometBFT `query` comes with a `path`, which is a `string` which denotes what to query. If the `path` matches a gRPC fully-qualified service method, then `BaseApp` will defer the query to the `grpcQueryRouter` and let it handle it like explained [above](#grpc-query-router). Otherwise, the `path` represents a query that is not (yet) handled by the gRPC router. `BaseApp` splits the `path` string with the `/` delimiter. By convention, the first element of the split string (`split[0]`) contains the category of `query` (`app`, `p2p`, `store` or `custom` ). The `BaseApp` implementation of the `Query(req abci.QueryRequest)` method is a simple dispatcher serving these 4 main categories of queries: - -* Application-related queries like querying the application's version, which are served via the `handleQueryApp` method. -* Direct queries to the multistore, which are served by the `handlerQueryStore` method. These direct queries are different from custom queries which go through `app.queryRouter`, and are mainly used by third-party service provider like block explorers. -* P2P queries, which are served via the `handleQueryP2P` method. These queries return either `app.addrPeerFilter` or `app.ipPeerFilter` that contain the list of peers filtered by address or IP respectively. These lists are first initialized via `options` in `BaseApp`'s [constructor](#constructor). - -### ExtendVote - -`ExtendVote` allows an application to extend a pre-commit vote with arbitrary data. This process does NOT have to be deterministic and the data returned can be unique to the validator process. - -In the Cosmos-SDK this is implemented as a NoOp: - -``` go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/abci_utils.go#L444-L450 -``` - -### VerifyVoteExtension - -`VerifyVoteExtension` allows an application to verify that the data returned by `ExtendVote` is valid. This process MUST be deterministic. Moreover, the value of ResponseVerifyVoteExtension.status MUST exclusively depend on the parameters passed in the call to RequestVerifyVoteExtension, and the last committed Application state. - -In the Cosmos-SDK this is implemented as a NoOp: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/abci_utils.go#L452-L458 -``` diff --git a/copy-of-sdk-docs/docs/learn/advanced/01-transactions.md b/copy-of-sdk-docs/docs/learn/advanced/01-transactions.md deleted file mode 100644 index 72575563..00000000 --- a/copy-of-sdk-docs/docs/learn/advanced/01-transactions.md +++ /dev/null @@ -1,229 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Transactions - -:::note Synopsis -`Transactions` are objects created by end-users to trigger state changes in the application. -::: - -:::note Pre-requisite Readings - -* [Anatomy of a Cosmos SDK Application](../beginner/00-app-anatomy.md) - -::: - -## Transactions - -Transactions are comprised of metadata held in [contexts](./02-context.md) and [`sdk.Msg`s](../../build/building-modules/02-messages-and-queries.md) that trigger state changes within a module through the module's Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md). - -When users want to interact with an application and make state changes (e.g. sending coins), they create transactions. Each of a transaction's `sdk.Msg` must be signed using the private key associated with the appropriate account(s), before the transaction is broadcasted to the network. A transaction must then be included in a block, validated, and approved by the network through the consensus process. To read more about the lifecycle of a transaction, click [here](../beginner/01-tx-lifecycle.md). - -## Type Definition - -Transaction objects are Cosmos SDK types that implement the `Tx` interface - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/tx_msg.go#L53-L58 -``` - -It contains the following methods: - -* **GetMsgs:** unwraps the transaction and returns a list of contained `sdk.Msg`s - one transaction may have one or multiple messages, which are defined by module developers. - -As a developer, you should rarely manipulate `Tx` directly, as `Tx` is an intermediate type used for transaction generation. Instead, developers should prefer the `TxBuilder` interface, which you can learn more about [below](#transaction-generation). - -### Signing Transactions - -Every message in a transaction must be signed by the addresses specified by its `GetSigners`. The Cosmos SDK currently allows signing transactions in two different ways. - -#### `SIGN_MODE_DIRECT` (preferred) - -The most used implementation of the `Tx` interface is the Protobuf `Tx` message, which is used in `SIGN_MODE_DIRECT`: - -```protobuf reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/v1beta1/tx.proto#L15-L28 -``` - -Because Protobuf serialization is not deterministic, the Cosmos SDK uses an additional `TxRaw` type to denote the pinned bytes over which a transaction is signed. Any user can generate a valid `body` and `auth_info` for a transaction, and serialize these two messages using Protobuf. `TxRaw` then pins the user's exact binary representation of `body` and `auth_info`, called respectively `body_bytes` and `auth_info_bytes`. The document that is signed by all signers of the transaction is `SignDoc` (deterministically serialized using [ADR-027](../../build/architecture/adr-027-deterministic-protobuf-serialization.md)): - -```protobuf reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/v1beta1/tx.proto#L50-L67 -``` - -Once signed by all signers, the `body_bytes`, `auth_info_bytes` and `signatures` are gathered into `TxRaw`, whose serialized bytes are broadcasted over the network. - -#### `SIGN_MODE_LEGACY_AMINO_JSON` - -The legacy implementation of the `Tx` interface is the `StdTx` struct from `x/auth`: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/migrations/legacytx/stdtx.go#L82-L89 -``` - -The document signed by all signers is `StdSignDoc`: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/migrations/legacytx/stdsign.go#L30-L43 -``` - -which is encoded into bytes using Amino JSON. Once all signatures are gathered into `StdTx`, `StdTx` is serialized using Amino JSON, and these bytes are broadcasted over the network. - -#### Other Sign Modes - -The Cosmos SDK also provides a couple of other sign modes for particular use cases. - -#### `SIGN_MODE_DIRECT_AUX` - -`SIGN_MODE_DIRECT_AUX` is a sign mode released in the Cosmos SDK v0.46 which targets transactions with multiple signers. Whereas `SIGN_MODE_DIRECT` expects each signer to sign over both `TxBody` and `AuthInfo` (which includes all other signers' signer infos, i.e. their account sequence, public key and mode info), `SIGN_MODE_DIRECT_AUX` allows N-1 signers to only sign over `TxBody` and _their own_ signer info. Moreover, each auxiliary signer (i.e. a signer using `SIGN_MODE_DIRECT_AUX`) doesn't -need to sign over the fees: - -```protobuf reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/v1beta1/tx.proto#L68-L93 -``` - -The use case is a multi-signer transaction, where one of the signers is appointed to gather all signatures, broadcast the signature and pay for fees, and the others only care about the transaction body. This generally allows for a better multi-signing UX. If Alice, Bob and Charlie are part of a 3-signer transaction, then Alice and Bob can both use `SIGN_MODE_DIRECT_AUX` to sign over the `TxBody` and their own signer info (no need an additional step to gather other signers' ones, like in `SIGN_MODE_DIRECT`), without specifying a fee in their SignDoc. Charlie can then gather both signatures from Alice and Bob, and -create the final transaction by appending a fee. Note that the fee payer of the transaction (in our case Charlie) must sign over the fees, so must use `SIGN_MODE_DIRECT` or `SIGN_MODE_LEGACY_AMINO_JSON`. - - -#### `SIGN_MODE_TEXTUAL` - -`SIGN_MODE_TEXTUAL` is a new sign mode for delivering a better signing experience on hardware wallets and it is included in the v0.50 release. In this mode, the signer signs over the human-readable string representation of the transaction (CBOR) and makes all data being displayed easier to read. The data is formatted as screens, and each screen is meant to be displayed in its entirety even on small devices like the Ledger Nano. - -There are also _expert_ screens, which will only be displayed if the user has chosen that option in its hardware device. These screens contain things like account number, account sequence and the sign data hash. - -Data is formatted using a set of `ValueRenderer` which the SDK provides defaults for all the known messages and value types. Chain developers can also opt to implement their own `ValueRenderer` for a type/message if they'd like to display information differently. - -If you wish to learn more, please refer to [ADR-050](../../build/architecture/adr-050-sign-mode-textual.md). - -#### Custom Sign modes - -There is an opportunity to add your own custom sign mode to the Cosmos-SDK. While we can not accept the implementation of the sign mode to the repository, we can accept a pull request to add the custom signmode to the SignMode enum located [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/signing/v1beta1/signing.proto#L17) - -## Transaction Process - -The process of an end-user sending a transaction is: - -* decide on the messages to put into the transaction, -* generate the transaction using the Cosmos SDK's `TxBuilder`, -* broadcast the transaction using one of the available interfaces. - -The next paragraphs will describe each of these components, in this order. - -### Messages - -:::tip -Module `sdk.Msg`s are not to be confused with [ABCI Messages](https://docs.cometbft.com/v0.37/spec/abci/) which define interactions between the CometBFT and application layers. -::: - -**Messages** (or `sdk.Msg`s) are module-specific objects that trigger state transitions within the scope of the module they belong to. Module developers define the messages for their module by adding methods to the Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md), and also implement the corresponding `MsgServer`. - -Each `sdk.Msg`s is related to exactly one Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md) RPC, defined inside each module's `tx.proto` file. A SDK app router automatically maps every `sdk.Msg` to a corresponding RPC. Protobuf generates a `MsgServer` interface for each module `Msg` service, and the module developer needs to implement this interface. -This design puts more responsibility on module developers, allowing application developers to reuse common functionalities without having to implement state transition logic repetitively. - -To learn more about Protobuf `Msg` services and how to implement `MsgServer`, click [here](../../build/building-modules/03-msg-services.md). - -While messages contain the information for state transition logic, a transaction's other metadata and relevant information are stored in the `TxBuilder` and `Context`. - -### Transaction Generation - -The `TxBuilder` interface contains data closely related with the generation of transactions, which an end-user can set to generate the desired transaction: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/tx_config.go#L39-L57 -``` - -* `Msg`s, the array of [messages](#messages) included in the transaction. -* `GasLimit`, option chosen by the users for how to calculate how much gas they will need to pay. -* `Memo`, a note or comment to send with the transaction. -* `FeeAmount`, the maximum amount the user is willing to pay in fees. -* `TimeoutHeight`, block height until which the transaction is valid. -* `Unordered`, an option indicating this transaction may be executed in any order (requires Sequence to be unset.) -* `TimeoutTimestamp`, the timeout timestamp (unordered nonce) of the transaction (required to be used with Unordered). -* `Signatures`, the array of signatures from all signers of the transaction. - -As there are currently two sign modes for signing transactions, there are also two implementations of `TxBuilder`: - -* [wrapper](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/tx/builder.go#L27-L44) for creating transactions for `SIGN_MODE_DIRECT`, -* [StdTxBuilder](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/migrations/legacytx/stdtx_builder.go#L14-L17) for `SIGN_MODE_LEGACY_AMINO_JSON`. - -However, the two implementations of `TxBuilder` should be hidden away from end-users, as they should prefer using the overarching `TxConfig` interface: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/tx_config.go#L27-L37 -``` - -`TxConfig` is an app-wide configuration for managing transactions. Most importantly, it holds the information about whether to sign each transaction with `SIGN_MODE_DIRECT` or `SIGN_MODE_LEGACY_AMINO_JSON`. By calling `txBuilder := txConfig.NewTxBuilder()`, a new `TxBuilder` will be created with the appropriate sign mode. - -Once `TxBuilder` is correctly populated with the setters exposed above, `TxConfig` will also take care of correctly encoding the bytes (again, either using `SIGN_MODE_DIRECT` or `SIGN_MODE_LEGACY_AMINO_JSON`). Here's a pseudo-code snippet of how to generate and encode a transaction, using the `TxEncoder()` method: - -```go -txBuilder := txConfig.NewTxBuilder() -txBuilder.SetMsgs(...) // and other setters on txBuilder - -bz, err := txConfig.TxEncoder()(txBuilder.GetTx()) -// bz are bytes to be broadcasted over the network -``` - -### Broadcasting the Transaction - -Once the transaction bytes are generated, there are currently three ways of broadcasting it. - -#### CLI - -Application developers create entry points to the application by creating a [command-line interface](./07-cli.md), [gRPC and/or REST interface](./06-grpc_rest.md), typically found in the application's `./cmd` folder. These interfaces allow users to interact with the application through command-line. - -For the [command-line interface](../../build/building-modules/09-module-interfaces.md#cli), module developers create subcommands to add as children to the application top-level transaction command `TxCmd`. CLI commands actually bundle all the steps of transaction processing into one simple command: creating messages, generating transactions and broadcasting. For concrete examples, see the [Interacting with a Node](../../user/run-node/02-interact-node.md) section. An example transaction made using CLI looks like: - -```bash -simd tx send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake -``` - -#### gRPC - -[gRPC](https://grpc.io) is the main component for the Cosmos SDK's RPC layer. Its principal usage is in the context of modules' [`Query` services](../../build/building-modules/04-query-services.md). However, the Cosmos SDK also exposes a few other module-agnostic gRPC services, one of them being the `Tx` service: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/v1beta1/service.proto -``` - -The `Tx` service exposes a handful of utility functions, such as simulating a transaction or querying a transaction, and also one method to broadcast transactions. - -Examples of broadcasting and simulating a transaction are shown [here](../../user/run-node/03-txs.md#programmatically-with-go). - -#### REST - -Each gRPC method has its corresponding REST endpoint, generated using [gRPC-gateway](https://github.com/grpc-ecosystem/grpc-gateway). Therefore, instead of using gRPC, you can also use HTTP to broadcast the same transaction, on the `POST /cosmos/tx/v1beta1/txs` endpoint. - -An example can be seen [here](../../user/run-node/03-txs.md#using-rest) - -#### CometBFT RPC - -The three methods presented above are actually higher abstractions over the CometBFT RPC `/broadcast_tx_{async,sync,commit}` endpoints, documented [here](https://docs.cometbft.com/v0.37/core/rpc). This means that you can use the CometBFT RPC endpoints directly to broadcast the transaction, if you wish so. - -### Unordered Transactions - -:::tip - -Looking to enable unordered transactions on your chain? -Check out the [v0.53.0 Upgrade Guide](https://docs.cosmos.network/v0.53/build/migrations/upgrade-guide#enable-unordered-transactions-optional) - -::: - -:::warning - -Unordered transactions MUST leave sequence values unset. When a transaction is both unordered and contains a non-zero sequence value, -the transaction will be rejected. Services that operate on prior assumptions about transaction sequence values should be updated to handle unordered transactions. -Services should be aware that when the transaction is unordered, the transaction sequence will always be zero. - -::: - -Beginning with Cosmos SDK v0.53.0, chains may enable unordered transaction support. -Unordered transactions work by using a timestamp as the transaction's nonce value. The sequence value must NOT be set in the signature(s) of the transaction. -The timestamp must be greater than the current block time and not exceed the chain's configured max unordered timeout timestamp duration. -Senders must use a unique timestamp for each distinct transaction. The difference may be as small as a nanosecond, however. - -These unique timestamps serve as a one-shot nonce, and their lifespan in state is short-lived. -Upon transaction inclusion, an entry consisting of timeout timestamp and account address will be recorded to state. -Once the block time is passed the timeout timestamp value, the entry will be removed. This ensures that unordered nonces do not indefinitely fill up the chain's storage. diff --git a/copy-of-sdk-docs/docs/learn/advanced/02-context.md b/copy-of-sdk-docs/docs/learn/advanced/02-context.md deleted file mode 100644 index 578bb1f1..00000000 --- a/copy-of-sdk-docs/docs/learn/advanced/02-context.md +++ /dev/null @@ -1,103 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Context - -:::note Synopsis -The `context` is a data structure intended to be passed from function to function that carries information about the current state of the application. It provides access to a branched storage (a safe branch of the entire state) as well as useful objects and information like `gasMeter`, `block height`, `consensus parameters` and more. -::: - -:::note Pre-requisite Readings - -* [Anatomy of a Cosmos SDK Application](../beginner/00-app-anatomy.md) -* [Lifecycle of a Transaction](../beginner/01-tx-lifecycle.md) - -::: - -## Context Definition - -The Cosmos SDK `Context` is a custom data structure that contains Go's stdlib [`context`](https://pkg.go.dev/context) as its base, and has many additional types within its definition that are specific to the Cosmos SDK. The `Context` is integral to transaction processing in that it allows modules to easily access their respective [store](./04-store.md#base-layer-kvstores) in the [`multistore`](./04-store.md#multistore) and retrieve transactional context such as the block header and gas meter. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/types/context.go#L40-L67 -``` - -* **Base Context:** The base type is a Go [Context](https://pkg.go.dev/context), which is explained further in the [Go Context Package](#go-context-package) section below. -* **Multistore:** Every application's `BaseApp` contains a [`CommitMultiStore`](./04-store.md#multistore) which is provided when a `Context` is created. Calling the `KVStore()` and `TransientStore()` methods allows modules to fetch their respective [`KVStore`](./04-store.md#base-layer-kvstores) using their unique `StoreKey`. -* **Header:** The [header](https://docs.cometbft.com/v0.37/spec/core/data_structures#header) is a Blockchain type. It carries important information about the state of the blockchain, such as block height and proposer of the current block. -* **Header Hash:** The current block header hash, obtained during `abci.FinalizeBlock`. -* **Chain ID:** The unique identification number of the blockchain a block pertains to. -* **Transaction Bytes:** The `[]byte` representation of a transaction being processed using the context. Every transaction is processed by various parts of the Cosmos SDK and consensus engine (e.g. CometBFT) throughout its [lifecycle](../beginner/01-tx-lifecycle.md), some of which do not have any understanding of transaction types. Thus, transactions are marshaled into the generic `[]byte` type using some kind of [encoding format](./05-encoding.md) such as [Amino](./05-encoding.md). -* **Logger:** A `logger` from the CometBFT libraries. Learn more about logs [here](https://docs.cometbft.com/v0.37/core/configuration). Modules call this method to create their own unique module-specific logger. -* **VoteInfo:** A list of the ABCI type [`VoteInfo`](https://docs.cometbft.com/main/spec/abci/abci++_methods.html#voteinfo), which includes the name of a validator and a boolean indicating whether they have signed the block. -* **Gas Meters:** Specifically, a [`gasMeter`](../beginner/04-gas-fees.md#main-gas-meter) for the transaction currently being processed using the context and a [`blockGasMeter`](../beginner/04-gas-fees.md#block-gas-meter) for the entire block it belongs to. Users specify how much in fees they wish to pay for the execution of their transaction; these gas meters keep track of how much [gas](../beginner/04-gas-fees.md) has been used in the transaction or block so far. If the gas meter runs out, execution halts. -* **CheckTx Mode:** A boolean value indicating whether a transaction should be processed in `CheckTx` or `DeliverTx` mode. -* **Min Gas Price:** The minimum [gas](../beginner/04-gas-fees.md) price a node is willing to take in order to include a transaction in its block. This price is a local value configured by each node individually, and should therefore **not be used in any functions used in sequences leading to state-transitions**. -* **Consensus Params:** The ABCI type [Consensus Parameters](https://docs.cometbft.com/v0.37/spec/abci/abci++_app_requirements#consensus-parameters), which specify certain limits for the blockchain, such as maximum gas for a block. -* **Event Manager:** The event manager allows any caller with access to a `Context` to emit [`Events`](./08-events.md). Modules may define module specific - `Events` by defining various `Types` and `Attributes` or use the common definitions found in `types/`. Clients can subscribe or query for these `Events`. These `Events` are collected throughout `FinalizeBlock` and are returned to CometBFT for indexing. -* **Priority:** The transaction priority, only relevant in `CheckTx`. -* **KV `GasConfig`:** Enables applications to set a custom `GasConfig` for the `KVStore`. -* **Transient KV `GasConfig`:** Enables applications to set a custom `GasConfig` for the transient `KVStore`. -* **StreamingManager:** The streamingManager field provides access to the streaming manager, which allows modules to subscribe to state changes emitted by the blockchain. The streaming manager is used by the state listening API, which is described in [ADR 038](https://docs.cosmos.network/main/architecture/adr-038-state-listening). -* **CometInfo:** A lightweight field that contains information about the current block, such as the block height, time, and hash. This information can be used for validating evidence, providing historical data, and enhancing the user experience. For further details see [here](https://github.com/cosmos/cosmos-sdk/blob/main/core/comet/service.go#L14). -* **HeaderInfo:** The `headerInfo` field contains information about the current block header, such as the chain ID, gas limit, and timestamp. For further details see [here](https://github.com/cosmos/cosmos-sdk/blob/main/core/header/service.go#L14). - -## Go Context Package - -A basic `Context` is defined in the [Golang Context Package](https://pkg.go.dev/context). A `Context` -is an immutable data structure that carries request-scoped data across APIs and processes. Contexts -are also designed to enable concurrency and to be used in goroutines. - -Contexts are intended to be **immutable**; they should never be edited. Instead, the convention is -to create a child context from its parent using a `With` function. For example: - -```go -childCtx = parentCtx.WithBlockHeader(header) -``` - -The [Golang Context Package](https://pkg.go.dev/context) documentation instructs developers to -explicitly pass a context `ctx` as the first argument of a process. - -## Store branching - -The `Context` contains a `MultiStore`, which allows for branching and caching functionality using `CacheMultiStore` -(queries in `CacheMultiStore` are cached to avoid future round trips). -Each `KVStore` is branched in a safe and isolated ephemeral storage. Processes are free to write changes to -the `CacheMultiStore`. If a state-transition sequence is performed without issue, the store branch can -be committed to the underlying store at the end of the sequence or disregard them if something -goes wrong. The pattern of usage for a Context is as follows: - -1. A process receives a Context `ctx` from its parent process, which provides information needed to - perform the process. -2. The `ctx.ms` is a **branched store**, i.e. a branch of the [multistore](./04-store.md#multistore) is made so that the process can make changes to the state as it executes, without changing the original `ctx.ms`. This is useful to protect the underlying multistore in case the changes need to be reverted at some point in the execution. -3. The process may read and write from `ctx` as it is executing. It may call a subprocess and pass - `ctx` to it as needed. -4. When a subprocess returns, it checks if the result is a success or failure. If a failure, nothing - needs to be done - the branch `ctx` is simply discarded. If successful, the changes made to - the `CacheMultiStore` can be committed to the original `ctx.ms` via `Write()`. - -For example, here is a snippet from the [`runTx`](./00-baseapp.md#runtx-antehandler-runmsgs-posthandler) function in [`baseapp`](./00-baseapp.md): - -```go -runMsgCtx, msCache := app.cacheTxContext(ctx, txBytes) -result = app.runMsgs(runMsgCtx, msgs, mode) -result.GasWanted = gasWanted -if mode != runTxModeDeliver { - return result -} -if result.IsOK() { - msCache.Write() -} -``` - -Here is the process: - -1. Prior to calling `runMsgs` on the message(s) in the transaction, it uses `app.cacheTxContext()` - to branch and cache the context and multistore. -2. `runMsgCtx` - the context with branched store, is used in `runMsgs` to return a result. -3. If the process is running in [`checkTxMode`](./00-baseapp.md#checktx), there is no need to write the - changes - the result is returned immediately. -4. If the process is running in [`deliverTxMode`](./00-baseapp.md#delivertx) and the result indicates - a successful run over all the messages, the branched multistore is written back to the original. diff --git a/copy-of-sdk-docs/docs/learn/advanced/03-node.md b/copy-of-sdk-docs/docs/learn/advanced/03-node.md deleted file mode 100644 index 375dedb0..00000000 --- a/copy-of-sdk-docs/docs/learn/advanced/03-node.md +++ /dev/null @@ -1,96 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Node Client (Daemon) - -:::note Synopsis -The main endpoint of a Cosmos SDK application is the daemon client, otherwise known as the full-node client. The full-node runs the state-machine, starting from a genesis file. It connects to peers running the same client in order to receive and relay transactions, block proposals and signatures. The full-node is constituted of the application, defined with the Cosmos SDK, and of a consensus engine connected to the application via the ABCI. -::: - -:::note Pre-requisite Readings - -* [Anatomy of an SDK application](../beginner/00-app-anatomy.md) - -::: - -## `main` function - -The full-node client of any Cosmos SDK application is built by running a `main` function. The client is generally named by appending the `-d` suffix to the application name (e.g. `appd` for an application named `app`), and the `main` function is defined in a `./appd/cmd/main.go` file. Running this function creates an executable `appd` that comes with a set of commands. For an app named `app`, the main command is [`appd start`](#start-command), which starts the full-node. - -In general, developers will implement the `main.go` function with the following structure: - -* First, an [`encodingCodec`](./05-encoding.md) is instantiated for the application. -* Then, the `config` is retrieved and config parameters are set. This mainly involves setting the Bech32 prefixes for [addresses](../beginner/03-accounts.md#addresses). - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/config.go#L14-L29 -``` - -* Using [cobra](https://github.com/spf13/cobra), the root command of the full-node client is created. After that, all the custom commands of the application are added using the `AddCommand()` method of `rootCmd`. -* Add default server commands to `rootCmd` using the `server.AddCommands()` method. These commands are separated from the ones added above since they are standard and defined at Cosmos SDK level. They should be shared by all Cosmos SDK-based applications. They include the most important command: the [`start` command](#start-command). -* Prepare and execute the `executor`. - -```go reference -https://github.com/cometbft/cometbft/blob/v0.37.0/libs/cli/setup.go#L74-L78 -``` - -See an example of `main` function from the `simapp` application, the Cosmos SDK's application for demo purposes: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/main.go -``` - -## `start` command - -The `start` command is defined in the `/server` folder of the Cosmos SDK. It is added to the root command of the full-node client in the [`main` function](#main-function) and called by the end-user to start their node: - -```bash -# For an example app named "app", the following command starts the full-node. -appd start - -# Using the Cosmos SDK's own simapp, the following commands start the simapp node. -simd start -``` - -As a reminder, the full-node is composed of three conceptual layers: the networking layer, the consensus layer and the application layer. The first two are generally bundled together in an entity called the consensus engine (CometBFT by default), while the third is the state-machine defined with the help of the Cosmos SDK. Currently, the Cosmos SDK uses CometBFT as the default consensus engine, meaning the start command is implemented to boot up a CometBFT node. - -The flow of the `start` command is pretty straightforward. First, it retrieves the `config` from the `context` in order to open the `db` (a [`leveldb`](https://github.com/syndtr/goleveldb) instance by default). This `db` contains the latest known state of the application (empty if the application is started from the first time. - -With the `db`, the `start` command creates a new instance of the application using an `appCreator` function: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server/start.go#L1007 -``` - -Note that an `appCreator` is a function that fulfills the `AppCreator` signature: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server/types/app.go#L69 -``` - -In practice, the [constructor of the application](../beginner/00-app-anatomy.md#constructor-function) is passed as the `appCreator`. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L294-L308 -``` - -Then, the instance of `app` is used to instantiate a new CometBFT node: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server/start.go#L361-L400 -``` - -The CometBFT node can be created with `app` because the latter satisfies the [`abci.Application` interface](https://github.com/cometbft/cometbft/blob/v0.37.0/abci/types/application.go#L9-L35) (given that `app` extends [`baseapp`](./00-baseapp.md)). As part of the `node.New` method, CometBFT makes sure that the height of the application (i.e. number of blocks since genesis) is equal to the height of the CometBFT node. The difference between these two heights should always be negative or null. If it is strictly negative, `node.New` will replay blocks until the height of the application reaches the height of the CometBFT node. Finally, if the height of the application is `0`, the CometBFT node will call [`InitChain`](./00-baseapp.md#initchain) on the application to initialize the state from the genesis file. - -Once the CometBFT node is instantiated and in sync with the application, the node can be started: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server/start.go#L373-L374 -``` - -Upon starting, the node will bootstrap its RPC and P2P server and start dialing peers. During handshake with its peers, if the node realizes they are ahead, it will query all the blocks sequentially in order to catch up. Then, it will wait for new block proposals and block signatures from validators in order to make progress. - -## Other commands - -To discover how to concretely run a node and interact with it, please refer to our [Running a Node, API and CLI](../../user/run-node/01-run-node.md) guide. diff --git a/copy-of-sdk-docs/docs/learn/advanced/04-store.md b/copy-of-sdk-docs/docs/learn/advanced/04-store.md deleted file mode 100644 index 860bb3d0..00000000 --- a/copy-of-sdk-docs/docs/learn/advanced/04-store.md +++ /dev/null @@ -1,288 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Store - -:::note Synopsis -A store is a data structure that holds the state of the application. -::: - -:::note Pre-requisite Readings - -* [Anatomy of a Cosmos SDK application](../beginner/00-app-anatomy.md) - -::: - -## Introduction to Cosmos SDK Stores - -The Cosmos SDK comes with a large set of stores to persist the state of applications. By default, the main store of Cosmos SDK applications is a `multistore`, i.e. a store of stores. Developers can add any number of key-value stores to the multistore, depending on their application needs. The multistore exists to support the modularity of the Cosmos SDK, as it lets each module declare and manage their own subset of the state. Key-value stores in the multistore can only be accessed with a specific capability `key`, which is typically held in the [`keeper`](../../build/building-modules/06-keeper.md) of the module that declared the store. - -```text -+-----------------------------------------------------+ -| | -| +--------------------------------------------+ | -| | | | -| | KVStore 1 - Manage by keeper of Module 1 | -| | | | -| +--------------------------------------------+ | -| | -| +--------------------------------------------+ | -| | | | -| | KVStore 2 - Manage by keeper of Module 2 | | -| | | | -| +--------------------------------------------+ | -| | -| +--------------------------------------------+ | -| | | | -| | KVStore 3 - Manage by keeper of Module 2 | | -| | | | -| +--------------------------------------------+ | -| | -| +--------------------------------------------+ | -| | | | -| | KVStore 4 - Manage by keeper of Module 3 | | -| | | | -| +--------------------------------------------+ | -| | -| +--------------------------------------------+ | -| | | | -| | KVStore 5 - Manage by keeper of Module 4 | | -| | | | -| +--------------------------------------------+ | -| | -| Main Multistore | -| | -+-----------------------------------------------------+ - - Application's State -``` - -### Store Interface - -At its very core, a Cosmos SDK `store` is an object that holds a `CacheWrapper` and has a `GetStoreType()` method: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L17-L20 -``` - -The `GetStoreType` is a simple method that returns the type of store, whereas a `CacheWrapper` is a simple interface that implements store read caching and write branching through `Write` method: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L285-L317 -``` - -Branching and cache is used ubiquitously in the Cosmos SDK and required to be implemented on every store type. A storage branch creates an isolated, ephemeral branch of a store that can be passed around and updated without affecting the main underlying store. This is used to trigger temporary state-transitions that may be reverted later should an error occur. Read more about it in [context](./02-context.md#Store-branching) - -### Commit Store - -A commit store is a store that has the ability to commit changes made to the underlying tree or db. The Cosmos SDK differentiates simple stores from commit stores by extending the basic store interfaces with a `Committer`: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L34-L38 -``` - -The `Committer` is an interface that defines methods to persist changes to disk: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L22-L32 -``` - -The `CommitID` is a deterministic commit of the state tree. Its hash is returned to the underlying consensus engine and stored in the block header. Note that commit store interfaces exist for various purposes, one of which is to make sure not every object can commit the store. As part of the [object-capabilities model](./10-ocap.md) of the Cosmos SDK, only `baseapp` should have the ability to commit stores. For example, this is the reason why the `ctx.KVStore()` method by which modules typically access stores returns a `KVStore` and not a `CommitKVStore`. - -The Cosmos SDK comes with many types of stores, the most used being [`CommitMultiStore`](#multistore), [`KVStore`](#kvstore) and [`GasKv` store](#gaskv-store). [Other types of stores](#other-stores) include `Transient` and `TraceKV` stores. - -## Multistore - -### Multistore Interface - -Each Cosmos SDK application holds a multistore at its root to persist its state. The multistore is a store of `KVStores` that follows the `Multistore` interface: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L115-L147 -``` - -If tracing is enabled, then branching the multistore will firstly wrap all the underlying `KVStore` in [`TraceKv.Store`](#tracekv-store). - -### CommitMultiStore - -The main type of `Multistore` used in the Cosmos SDK is `CommitMultiStore`, which is an extension of the `Multistore` interface: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L155-L225 -``` - -As for concrete implementation, the [`rootMulti.Store`] is the go-to implementation of the `CommitMultiStore` interface. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/rootmulti/store.go#L56-L82 -``` - -The `rootMulti.Store` is a base-layer multistore built around a `db` on top of which multiple `KVStores` can be mounted, and is the default multistore store used in [`baseapp`](./00-baseapp.md). - -### CacheMultiStore - -Whenever the `rootMulti.Store` needs to be branched, a [`cachemulti.Store`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/cachemulti/store.go) is used. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/cachemulti/store.go#L20-L34 -``` - -`cachemulti.Store` branches all substores (creates a virtual store for each substore) in its constructor and hold them in `Store.stores`. Moreover caches all read queries. `Store.GetKVStore()` returns the store from `Store.stores`, and `Store.Write()` recursively calls `CacheWrap.Write()` on all the substores. - -## Base-layer KVStores - -### `KVStore` and `CommitKVStore` Interfaces - -A `KVStore` is a simple key-value store used to store and retrieve data. A `CommitKVStore` is a `KVStore` that also implements a `Committer`. By default, stores mounted in `baseapp`'s main `CommitMultiStore` are `CommitKVStore`s. The `KVStore` interface is primarily used to restrict modules from accessing the committer. - -Individual `KVStore`s are used by modules to manage a subset of the global state. `KVStores` can be accessed by objects that hold a specific key. This `key` should only be exposed to the [`keeper`](../../build/building-modules/06-keeper.md) of the module that defines the store. - -`CommitKVStore`s are declared by proxy of their respective `key` and mounted on the application's [multistore](#multistore) in the [main application file](../beginner/00-app-anatomy.md#core-application-file). In the same file, the `key` is also passed to the module's `keeper` that is responsible for managing the store. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/store.go#L227-L264 -``` - -Apart from the traditional `Get` and `Set` methods, that a `KVStore` must implement via the `BasicKVStore` interface; a `KVStore` must provide an `Iterator(start, end)` method which returns an `Iterator` object. It is used to iterate over a range of keys, typically keys that share a common prefix. Below is an example from the bank's module keeper, used to iterate over all account balances: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/bank/keeper/view.go#L121-L137 -``` - -### `IAVL` Store - -The default implementation of `KVStore` and `CommitKVStore` used in `baseapp` is the `iavl.Store`. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/iavl/store.go#L36-L41 -``` - -`iavl` stores are based around an [IAVL Tree](https://github.com/cosmos/iavl), a self-balancing binary tree which guarantees that: - -* `Get` and `Set` operations are O(log n), where n is the number of elements in the tree. -* Iteration efficiently returns the sorted elements within the range. -* Each tree version is immutable and can be retrieved even after a commit (depending on the pruning settings). - -The documentation on the IAVL Tree is located [here](https://github.com/cosmos/iavl/blob/master/docs/overview.md). - -### `DbAdapter` Store - -`dbadapter.Store` is an adapter for `dbm.DB` making it fulfilling the `KVStore` interface. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/dbadapter/store.go#L13-L16 -``` - -`dbadapter.Store` embeds `dbm.DB`, meaning most of the `KVStore` interface functions are implemented. The other functions (mostly miscellaneous) are manually implemented. This store is primarily used within [Transient Stores](#transient-store) - -### `Transient` Store - -`Transient.Store` is a base-layer `KVStore` which is automatically discarded at the end of the block. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/transient/store.go#L16-L19 -``` - -`Transient.Store` is a `dbadapter.Store` with a `dbm.NewMemDB()`. All `KVStore` methods are reused. When `Store.Commit()` is called, a new `dbadapter.Store` is assigned, discarding previous reference and making it garbage collected. - -This type of store is useful to persist information that is only relevant per-block. One example would be to store parameter changes (i.e. a bool set to `true` if a parameter changed in a block). - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/params/types/subspace.go#L22-L32 -``` - -Transient stores are typically accessed via the [`context`](./02-context.md) via the `TransientStore()` method: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/context.go#L347-L350 -``` - -## KVStore Wrappers - -### CacheKVStore - -`cachekv.Store` is a wrapper `KVStore` which provides buffered writing / cached reading functionalities over the underlying `KVStore`. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/cachekv/store.go#L26-L36 -``` - -This is the type used whenever an IAVL Store needs to be branched to create an isolated store (typically when we need to mutate a state that might be reverted later). - -#### `Get` - -`Store.Get()` firstly checks if `Store.cache` has an associated value with the key. If the value exists, the function returns it. If not, the function calls `Store.parent.Get()`, caches the result in `Store.cache`, and returns it. - -#### `Set` - -`Store.Set()` sets the key-value pair to the `Store.cache`. `cValue` has the field dirty bool which indicates whether the cached value is different from the underlying value. When `Store.Set()` caches a new pair, the `cValue.dirty` is set `true` so when `Store.Write()` is called it can be written to the underlying store. - -#### `Iterator` - -`Store.Iterator()` has to traverse on both cached items and the original items. In `Store.iterator()`, two iterators are generated for each of them, and merged. `memIterator` is essentially a slice of the `KVPairs`, used for cached items. `mergeIterator` is a combination of two iterators, where traverse happens ordered on both iterators. - -### `GasKv` Store - -Cosmos SDK applications use [`gas`](../beginner/04-gas-fees.md) to track resources usage and prevent spam. [`GasKv.Store`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/gaskv/store.go) is a `KVStore` wrapper that enables automatic gas consumption each time a read or write to the store is made. It is the solution of choice to track storage usage in Cosmos SDK applications. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/gaskv/store.go#L11-L17 -``` - -When methods of the parent `KVStore` are called, `GasKv.Store` automatically consumes appropriate amount of gas depending on the `Store.gasConfig`: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/gas.go#L219-L228 -``` - -By default, all `KVStores` are wrapped in `GasKv.Stores` when retrieved. This is done in the `KVStore()` method of the [`context`](./02-context.md): - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/context.go#L342-L345 -``` - -In this case, the gas configuration set in the `context` is used. The gas configuration can be set using the `WithKVGasConfig` method of the `context`. -Otherwise it uses the following default: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/types/gas.go#L230-L241 -``` - -### `TraceKv` Store - -`tracekv.Store` is a wrapper `KVStore` which provides operation tracing functionalities over the underlying `KVStore`. It is applied automatically by the Cosmos SDK on all `KVStore` if tracing is enabled on the parent `MultiStore`. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/tracekv/store.go#L20-L43 -``` - -When each `KVStore` methods are called, `tracekv.Store` automatically logs `traceOperation` to the `Store.writer`. `traceOperation.Metadata` is filled with `Store.context` when it is not nil. `TraceContext` is a `map[string]interface{}`. - -### `Prefix` Store - -`prefix.Store` is a wrapper `KVStore` which provides automatic key-prefixing functionalities over the underlying `KVStore`. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/prefix/store.go#L15-L21 -``` - -When `Store.{Get, Set}()` is called, the store forwards the call to its parent, with the key prefixed with the `Store.prefix`. - -When `Store.Iterator()` is called, it does not simply prefix the `Store.prefix`, since it does not work as intended. In that case, some of the elements are traversed even if they are not starting with the prefix. - -### `ListenKv` Store - -`listenkv.Store` is a wrapper `KVStore` which provides state listening capabilities over the underlying `KVStore`. -It is applied automatically by the Cosmos SDK on any `KVStore` whose `StoreKey` is specified during state streaming configuration. -Additional information about state streaming configuration can be found in the [store/streaming/README.md](https://github.com/cosmos/cosmos-sdk/tree/v0.53.0/store/streaming). - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/listenkv/store.go#L11-L18 -``` - -When `KVStore.Set` or `KVStore.Delete` methods are called, `listenkv.Store` automatically writes the operations to the set of `Store.listeners`. - -## `BasicKVStore` interface - -An interface providing only the basic CRUD functionality (`Get`, `Set`, `Has`, and `Delete` methods), without iteration or caching. This is used to partially expose components of a larger store. diff --git a/copy-of-sdk-docs/docs/learn/advanced/05-encoding.md b/copy-of-sdk-docs/docs/learn/advanced/05-encoding.md deleted file mode 100644 index 3c730741..00000000 --- a/copy-of-sdk-docs/docs/learn/advanced/05-encoding.md +++ /dev/null @@ -1,285 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Encoding - -:::note Synopsis -While encoding in the Cosmos SDK used to be mainly handled by `go-amino` codec, the Cosmos SDK is moving towards using `gogoprotobuf` for both state and client-side encoding. -::: - -:::note Pre-requisite Readings - -* [Anatomy of a Cosmos SDK application](../beginner/00-app-anatomy.md) - -::: - -## Encoding - -The Cosmos SDK utilizes two binary wire encoding protocols, [Amino](https://github.com/tendermint/go-amino/) which is an object encoding specification and [Protocol Buffers](https://developers.google.com/protocol-buffers), a subset of Proto3 with an extension for -interface support. See the [Proto3 spec](https://developers.google.com/protocol-buffers/docs/proto3) -for more information on Proto3, which Amino is largely compatible with (but not with Proto2). - -Due to Amino having significant performance drawbacks, being reflection-based, and -not having any meaningful cross-language/client support, Protocol Buffers, specifically -[gogoprotobuf](https://github.com/cosmos/gogoproto/), is being used in place of Amino. -Note, this process of using Protocol Buffers over Amino is still an ongoing process. - -Binary wire encoding of types in the Cosmos SDK can be broken down into two main -categories, client encoding and store encoding. Client encoding mainly revolves -around transaction processing and signing, whereas store encoding revolves around -types used in state-machine transitions and what is ultimately stored in the Merkle -tree. - -For store encoding, protobuf definitions can exist for any type and will typically -have an Amino-based "intermediary" type. Specifically, the protobuf-based type -definition is used for serialization and persistence, whereas the Amino-based type -is used for business logic in the state-machine where they may convert back-n-forth. -Note, the Amino-based types may slowly be phased-out in the future, so developers -should take note to use the protobuf message definitions where possible. - -In the `codec` package, there exists two core interfaces, `BinaryCodec` and `JSONCodec`, -where the former encapsulates the current Amino interface except it operates on -types implementing the latter instead of generic `interface{}` types. - -The `ProtoCodec`, where both binary and JSON serialization is handled -via Protobuf. This means that modules may use Protobuf encoding, but the types must -implement `ProtoMarshaler`. If modules wish to avoid implementing this interface -for their types, this is autogenerated via [buf](https://buf.build/) - -If modules use [Collections](../../build/packages/02-collections.md), encoding and decoding are handled, marshal and unmarshal should not be handled manually unless for specific cases identified by the developer. - -### Gogoproto - -Modules are encouraged to utilize Protobuf encoding for their respective types. In the Cosmos SDK, we use the [Gogoproto](https://github.com/cosmos/gogoproto) specific implementation of the Protobuf spec that offers speed and DX improvements compared to the official [Google protobuf implementation](https://github.com/protocolbuffers/protobuf). - -### Guidelines for protobuf message definitions - -In addition to [following official Protocol Buffer guidelines](https://developers.google.com/protocol-buffers/docs/proto3#simple), we recommend using these annotations in .proto files when dealing with interfaces: - -* use `cosmos_proto.accepts_interface` to annotate `Any` fields that accept interfaces - * pass the same fully qualified name as `protoName` to `InterfaceRegistry.RegisterInterface` - * example: `(cosmos_proto.accepts_interface) = "cosmos.gov.v1beta1.Content"` (and not just `Content`) -* annotate interface implementations with `cosmos_proto.implements_interface` - * pass the same fully qualified name as `protoName` to `InterfaceRegistry.RegisterInterface` - * example: `(cosmos_proto.implements_interface) = "cosmos.authz.v1beta1.Authorization"` (and not just `Authorization`) - -Code generators can then match the `accepts_interface` and `implements_interface` annotations to know whether some Protobuf messages are allowed to be packed in a given `Any` field or not. - -### Transaction Encoding - -Another important use of Protobuf is the encoding and decoding of -[transactions](./01-transactions.md). Transactions are defined by the application or -the Cosmos SDK but are then passed to the underlying consensus engine to be relayed to -other peers. Since the underlying consensus engine is agnostic to the application, -the consensus engine accepts only transactions in the form of raw bytes. - -* The `TxEncoder` object performs the encoding. -* The `TxDecoder` object performs the decoding. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/types/tx_msg.go#L109-L113 -``` - -A standard implementation of both these objects can be found in the [`auth/tx` module](../../build/modules/auth/2-tx.md): - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/auth/tx/decoder.go -``` - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/auth/tx/encoder.go -``` - -See [ADR-020](https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/docs/architecture/adr-020-protobuf-transaction-encoding.md) for details of how a transaction is encoded. - -### Interface Encoding and Usage of `Any` - -The Protobuf DSL is strongly typed, which can make inserting variable-typed fields difficult. Imagine we want to create a `Profile` protobuf message that serves as a wrapper over [an account](../beginner/03-accounts.md): - -```protobuf -message Profile { - // account is the account associated to a profile. - cosmos.auth.v1beta1.BaseAccount account = 1; - // bio is a short description of the account. - string bio = 4; -} -``` - -In this `Profile` example, we hardcoded `account` as a `BaseAccount`. However, there are several other types of [user accounts related to vesting](../../build/modules/auth/1-vesting.md), such as `BaseVestingAccount` or `ContinuousVestingAccount`. All of these accounts are different, but they all implement the `AccountI` interface. How would you create a `Profile` that allows all these types of accounts with an `account` field that accepts an `AccountI` interface? - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/types/account.go#L15-L32 -``` - -In [ADR-019](https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/docs/architecture/adr-019-protobuf-state-encoding.md), it has been decided to use [`Any`](https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/any.proto)s to encode interfaces in protobuf. An `Any` contains an arbitrary serialized message as bytes, along with a URL that acts as a globally unique identifier for and resolves to that message's type. This strategy allows us to pack arbitrary Go types inside protobuf messages. Our new `Profile` then looks like: - -```protobuf -message Profile { - // account is the account associated to a profile. - google.protobuf.Any account = 1 [ - (cosmos_proto.accepts_interface) = "cosmos.auth.v1beta1.AccountI"; // Asserts that this field only accepts Go types implementing `AccountI`. It is purely informational for now. - ]; - // bio is a short description of the account. - string bio = 4; -} -``` - -To add an account inside a profile, we need to "pack" it inside an `Any` first, using `codectypes.NewAnyWithValue`: - -```go -var myAccount AccountI -myAccount = ... // Can be a BaseAccount, a ContinuousVestingAccount or any struct implementing `AccountI` - -// Pack the account into an Any -accAny, err := codectypes.NewAnyWithValue(myAccount) -if err != nil { - return nil, err -} - -// Create a new Profile with the any. -profile := Profile { - Account: accAny, - Bio: "some bio", -} - -// We can then marshal the profile as usual. -bz, err := cdc.Marshal(profile) -jsonBz, err := cdc.MarshalJSON(profile) -``` - -To summarize, to encode an interface, you must 1/ pack the interface into an `Any` and 2/ marshal the `Any`. For convenience, the Cosmos SDK provides a `MarshalInterface` method to bundle these two steps. Have a look at [a real-life example in the x/auth module](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/auth/keeper/keeper.go#L239-L242). - -The reverse operation of retrieving the concrete Go type from inside an `Any`, called "unpacking", is done with the `GetCachedValue()` on `Any`. - -```go -profileBz := ... // The proto-encoded bytes of a Profile, e.g. retrieved through gRPC. -var myProfile Profile -// Unmarshal the bytes into the myProfile struct. -err := cdc.Unmarshal(profilebz, &myProfile) - -// Let's see the types of the Account field. -fmt.Printf("%T\n", myProfile.Account) // Prints "Any" -fmt.Printf("%T\n", myProfile.Account.GetCachedValue()) // Prints "BaseAccount", "ContinuousVestingAccount" or whatever was initially packed in the Any. - -// Get the address of the account. -accAddr := myProfile.Account.GetCachedValue().(AccountI).GetAddress() -``` - -It is important to note that for `GetCachedValue()` to work, `Profile` (and any other structs embedding `Profile`) must implement the `UnpackInterfaces` method: - -```go -func (p *Profile) UnpackInterfaces(unpacker codectypes.AnyUnpacker) error { - if p.Account != nil { - var account AccountI - return unpacker.UnpackAny(p.Account, &account) - } - - return nil -} -``` - -The `UnpackInterfaces` gets called recursively on all structs implementing this method, to allow all `Any`s to have their `GetCachedValue()` correctly populated. - -For more information about interface encoding, and especially on `UnpackInterfaces` and how the `Any`'s `type_url` gets resolved using the `InterfaceRegistry`, please refer to [ADR-019](https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/docs/architecture/adr-019-protobuf-state-encoding.md). - -#### `Any` Encoding in the Cosmos SDK - -The above `Profile` example is a fictive example used for educational purposes. In the Cosmos SDK, we use `Any` encoding in several places (non-exhaustive list): - -* the `cryptotypes.PubKey` interface for encoding different types of public keys, -* the `sdk.Msg` interface for encoding different `Msg`s in a transaction, -* the `AccountI` interface for encoding different types of accounts (similar to the above example) in the x/auth query responses, -* the `EvidenceI` interface for encoding different types of evidences in the x/evidence module, -* the `AuthorizationI` interface for encoding different types of x/authz authorizations, -* the [`Validator`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/staking/types/staking.pb.go#L340-L375) struct that contains information about a validator. - -A real-life example of encoding the pubkey as `Any` inside the Validator struct in x/staking is shown in the following example: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/staking/types/validator.go#L43-L66 -``` - -#### `Any`'s TypeURL - -When packing a protobuf message inside an `Any`, the message's type is uniquely defined by its type URL, which is the message's fully qualified name prefixed by a `/` (slash) character. In some implementations of `Any`, like the gogoproto one, there's generally [a resolvable prefix, e.g. `type.googleapis.com`](https://github.com/gogo/protobuf/blob/b03c65ea87cdc3521ede29f62fe3ce239267c1bc/protobuf/google/protobuf/any.proto#L87-L91). However, in the Cosmos SDK, we made the decision to not include such prefix, to have shorter type URLs. The Cosmos SDK's own `Any` implementation can be found in `github.com/cosmos/cosmos-sdk/codec/types`. - -The Cosmos SDK is also switching away from gogoproto to the official `google.golang.org/protobuf` (known as the Protobuf API v2). Its default `Any` implementation also contains the [`type.googleapis.com`](https://github.com/protocolbuffers/protobuf-go/blob/v1.28.1/types/known/anypb/any.pb.go#L266) prefix. To maintain compatibility with the SDK, the following methods from `"google.golang.org/protobuf/types/known/anypb"` should not be used: - -* `anypb.New` -* `anypb.MarshalFrom` -* `anypb.Any#MarshalFrom` - -Instead, the Cosmos SDK provides helper functions in `"github.com/cosmos/cosmos-proto/anyutil"`, which create an official `anypb.Any` without inserting the prefixes: - -* `anyutil.New` -* `anyutil.MarshalFrom` - -For example, to pack a `sdk.Msg` called `internalMsg`, use: - -```diff -import ( -- "google.golang.org/protobuf/types/known/anypb" -+ "github.com/cosmos/cosmos-proto/anyutil" -) - -- anyMsg, err := anypb.New(internalMsg.Message().Interface()) -+ anyMsg, err := anyutil.New(internalMsg.Message().Interface()) - -- fmt.Println(anyMsg.TypeURL) // type.googleapis.com/cosmos.bank.v1beta1.MsgSend -+ fmt.Println(anyMsg.TypeURL) // /cosmos.bank.v1beta1.MsgSend -``` - -## FAQ - -### How to create modules using protobuf encoding - -#### Defining module types - -Protobuf types can be defined to encode: - -* state -* [`Msg`s](../../build/building-modules/02-messages-and-queries.md#messages) -* [Query services](../../build/building-modules/04-query-services.md) -* [genesis](../../build/building-modules/08-genesis.md) - -#### Naming and conventions - -We encourage developers to follow industry guidelines: [Protocol Buffers style guide](https://developers.google.com/protocol-buffers/docs/style) -and [Buf](https://buf.build/docs/style-guide), see more details in [ADR 023](https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/docs/architecture/adr-023-protobuf-naming.md) - -### How to update modules to protobuf encoding - -If modules do not contain any interfaces (e.g. `Account` or `Content`), then they -may simply migrate any existing types that -are encoded and persisted via their concrete Amino codec to Protobuf (see 1. for further guidelines) and accept a `Marshaler` as the codec which is implemented via the `ProtoCodec` -without any further customization. - -However, if a module type composes an interface, it must wrap it in the `sdk.Any` (from `/types` package) type. To do that, a module-level .proto file must use [`google.protobuf.Any`](https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/any.proto) for respective message type interface types. - -For example, in the `x/evidence` module defines an `Evidence` interface, which is used by the `MsgSubmitEvidence`. The structure definition must use `sdk.Any` to wrap the evidence file. In the proto file we define it as follows: - -```protobuf -// proto/cosmos/evidence/v1beta1/tx.proto - -message MsgSubmitEvidence { - string submitter = 1; - google.protobuf.Any evidence = 2 [(cosmos_proto.accepts_interface) = "cosmos.evidence.v1beta1.Evidence"]; -} -``` - -The Cosmos SDK `codec.Codec` interface provides support methods `MarshalInterface` and `UnmarshalInterface` for easy encoding of state to `Any`. - -Module should register interfaces using `InterfaceRegistry` which provides a mechanism for registering interfaces: `RegisterInterface(protoName string, iface interface{}, impls ...proto.Message)` and implementations: `RegisterImplementations(iface interface{}, impls ...proto.Message)` that can be safely unpacked from Any, similarly to type registration with Amino: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/codec/types/interface_registry.go#L40-L87 -``` - -In addition, an `UnpackInterfaces` phase should be introduced to deserialization to unpack interfaces before they're needed. Protobuf types that contain a protobuf `Any` either directly or via one of their members should implement the `UnpackInterfacesMessage` interface: - -```go -type UnpackInterfacesMessage interface { - UnpackInterfaces(InterfaceUnpacker) error -} -``` diff --git a/copy-of-sdk-docs/docs/learn/advanced/06-grpc_rest.md b/copy-of-sdk-docs/docs/learn/advanced/06-grpc_rest.md deleted file mode 100644 index d3ab827a..00000000 --- a/copy-of-sdk-docs/docs/learn/advanced/06-grpc_rest.md +++ /dev/null @@ -1,105 +0,0 @@ ---- -sidebar_position: 1 ---- - -# gRPC, REST, and CometBFT Endpoints - -:::note Synopsis -This document presents an overview of all the endpoints a node exposes: gRPC, REST as well as some other endpoints. -::: - -## An Overview of All Endpoints - -Each node exposes the following endpoints for users to interact with a node, each endpoint is served on a different port. Details on how to configure each endpoint is provided in the endpoint's own section. - -* the gRPC server (default port: `9090`), -* the REST server (default port: `1317`), -* the CometBFT RPC endpoint (default port: `26657`). - -:::tip -The node also exposes some other endpoints, such as the CometBFT P2P endpoint, or the [Prometheus endpoint](https://docs.cometbft.com/v0.37/core/metrics), which are not directly related to the Cosmos SDK. Please refer to the [CometBFT documentation](https://docs.cometbft.com/v0.37/core/configuration) for more information about these endpoints. -::: - -:::note -All endpoints are defaulted to localhost and must be modified to be exposed to the public internet. -::: - -## gRPC Server - -In the Cosmos SDK, Protobuf is the main [encoding](./05-encoding.md) library. This brings a wide range of Protobuf-based tools that can be plugged into the Cosmos SDK. One such tool is [gRPC](https://grpc.io), a modern open-source high performance RPC framework that has decent client support in several languages. - -Each module exposes a [Protobuf `Query` service](../../build/building-modules/02-messages-and-queries.md#queries) that defines state queries. The `Query` services and a transaction service used to broadcast transactions are hooked up to the gRPC server via the following function inside the application: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/server/types/app.go#L46-L48 -``` - -Note: It is not possible to expose any [Protobuf `Msg` service](../../build/building-modules/02-messages-and-queries.md#messages) endpoints via gRPC. Transactions must be generated and signed using the CLI or programmatically before they can be broadcasted using gRPC. See [Generating, Signing, and Broadcasting Transactions](../../user/run-node/03-txs.md) for more information. - -The `grpc.Server` is a concrete gRPC server, which spawns and serves all gRPC query requests and a broadcast transaction request. This server can be configured inside `~/.simapp/config/app.toml`: - -* `grpc.enable = true|false` field defines if the gRPC server should be enabled. Defaults to `true`. -* `grpc.address = {string}` field defines the `ip:port` the server should bind to. Defaults to `localhost:9090`. - -:::tip -`~/.simapp` is the directory where the node's configuration and databases are stored. By default, it's set to `~/.{app_name}`. -::: - -Once the gRPC server is started, you can send requests to it using a gRPC client. Some examples are given in our [Interact with the Node](../../user/run-node/02-interact-node.md#using-grpc) tutorial. - -An overview of all available gRPC endpoints shipped with the Cosmos SDK is [Protobuf documentation](https://buf.build/cosmos/cosmos-sdk). - -## REST Server - -Cosmos SDK supports REST routes via gRPC-gateway. - -All routes are configured under the following fields in `~/.simapp/config/app.toml`: - -* `api.enable = true|false` field defines if the REST server should be enabled. Defaults to `false`. -* `api.address = {string}` field defines the `ip:port` the server should bind to. Defaults to `tcp://localhost:1317`. -* some additional API configuration options are defined in `~/.simapp/config/app.toml`, along with comments, please refer to that file directly. - -### gRPC-gateway REST Routes - -If, for various reasons, you cannot use gRPC (for example, you are building a web application, and browsers don't support HTTP2 on which gRPC is built), then the Cosmos SDK offers REST routes via gRPC-gateway. - -[gRPC-gateway](https://grpc-ecosystem.github.io/grpc-gateway/) is a tool to expose gRPC endpoints as REST endpoints. For each gRPC endpoint defined in a Protobuf `Query` service, the Cosmos SDK offers a REST equivalent. For instance, querying a balance could be done via the `/cosmos.bank.v1beta1.QueryAllBalances` gRPC endpoint, or alternatively via the gRPC-gateway `"/cosmos/bank/v1beta1/balances/{address}"` REST endpoint: both will return the same result. For each RPC method defined in a Protobuf `Query` service, the corresponding REST endpoint is defined as an option: - -```protobuf reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/proto/cosmos/bank/v1beta1/query.proto#L23-L30 -``` - -For application developers, gRPC-gateway REST routes needs to be wired up to the REST server, this is done by calling the `RegisterGRPCGatewayRoutes` function on the ModuleManager. - -### Swagger - -A [Swagger](https://swagger.io/) (or OpenAPIv2) specification file is exposed under the `/swagger` route on the API server. Swagger is an open specification describing the API endpoints a server serves, including description, input arguments, return types and much more about each endpoint. - -Enabling the `/swagger` endpoint is configurable inside `~/.simapp/config/app.toml` via the `api.swagger` field, which is set to false by default. - -For application developers, you may want to generate your own Swagger definitions based on your custom modules. -The Cosmos SDK's [Swagger generation script](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/scripts/protoc-swagger-gen.sh) is a good place to start. - -## CometBFT RPC - -Independently from the Cosmos SDK, CometBFT also exposes a RPC server. This RPC server can be configured by tuning parameters under the `rpc` table in the `~/.simapp/config/config.toml`, the default listening address is `tcp://localhost:26657`. An OpenAPI specification of all CometBFT RPC endpoints is available [here](https://docs.cometbft.com/main/rpc/). - -Some CometBFT RPC endpoints are directly related to the Cosmos SDK: - -* `/abci_query`: this endpoint will query the application for state. As the `path` parameter, you can send the following strings: - * any Protobuf fully-qualified service method, such as `/cosmos.bank.v1beta1.Query/AllBalances`. The `data` field should then include the method's request parameter(s) encoded as bytes using Protobuf. - * `/app/simulate`: this will simulate a transaction, and return some information such as gas used. - * `/app/version`: this will return the application's version. - * `/store/{storeName}/key`: this will directly query the named store for data associated with the key represented in the `data` parameter. - * `/store/{storeName}/subspace`: this will directly query the named store for key/value pairs in which the key has the value of the `data` parameter as a prefix. - * `/p2p/filter/addr/{port}`: this will return a filtered list of the node's P2P peers by address port. - * `/p2p/filter/id/{id}`: this will return a filtered list of the node's P2P peers by ID. -* `/broadcast_tx_{sync,async,commit}`: these 3 endpoints will broadcast a transaction to other peers. CLI, gRPC and REST expose [a way to broadcast transactions](./01-transactions.md#broadcasting-the-transaction), but they all use these 3 CometBFT RPCs under the hood. - -## Comparison Table - -| Name | Advantages | Disadvantages | -| -------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------- | -| gRPC | - can use code-generated stubs in various languages
    - supports streaming and bidirectional communication (HTTP2)
    - small wire binary sizes, faster transmission | - based on HTTP2, not available in browsers
    - learning curve (mostly due to Protobuf) | -| REST | - ubiquitous
    - client libraries in all languages, faster implementation
    | - only supports unary request-response communication (HTTP1.1)
    - bigger over-the-wire message sizes (JSON) | -| CometBFT RPC | - easy to use | - bigger over-the-wire message sizes (JSON) | diff --git a/copy-of-sdk-docs/docs/learn/advanced/07-cli.md b/copy-of-sdk-docs/docs/learn/advanced/07-cli.md deleted file mode 100644 index cd9e34de..00000000 --- a/copy-of-sdk-docs/docs/learn/advanced/07-cli.md +++ /dev/null @@ -1,211 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Command-Line Interface - -:::note Synopsis -This document describes how command-line interface (CLI) works on a high-level, for an [**application**](../beginner/00-app-anatomy.md). A separate document for implementing a CLI for a Cosmos SDK [**module**](../../build/building-modules/00-intro.md) can be found [here](../../build/building-modules/09-module-interfaces.md#cli). -::: - -## Command-Line Interface - -### Example Command - -There is no set way to create a CLI, but Cosmos SDK modules typically use the [Cobra Library](https://github.com/spf13/cobra). Building a CLI with Cobra entails defining commands, arguments, and flags. [**Commands**](#root-command) understand the actions users wish to take, such as `tx` for creating a transaction and `query` for querying the application. Each command can also have nested subcommands, necessary for naming the specific transaction type. Users also supply **Arguments**, such as account numbers to send coins to, and [**Flags**](#flags) to modify various aspects of the commands, such as gas prices or which node to broadcast to. - -Here is an example of a command a user might enter to interact with the simapp CLI `simd` in order to send some tokens: - -```bash -simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake --gas auto --gas-prices -``` - -The first four strings specify the command: - -* The root command for the entire application `simd`. -* The subcommand `tx`, which contains all commands that let users create transactions. -* The subcommand `bank` to indicate which module to route the command to ([`x/bank`](../../build/modules/bank/README.md) module in this case). -* The type of transaction `send`. - -The next two strings are arguments: the `from_address` the user wishes to send from, the `to_address` of the recipient, and the `amount` they want to send. Finally, the last few strings of the command are optional flags to indicate how much the user is willing to pay in fees (calculated using the amount of gas used to execute the transaction and the gas prices provided by the user). - -The CLI interacts with a [node](./03-node.md) to handle this command. The interface itself is defined in a `main.go` file. - -### Building the CLI - -The `main.go` file needs to have a `main()` function that creates a root command, to which all the application commands will be added as subcommands. The root command additionally handles: - -* **setting configurations** by reading in configuration files (e.g. the Cosmos SDK config file). -* **adding any flags** to it, such as `--chain-id`. -* **instantiating the `codec`** by injecting the application codecs. The [`codec`](./05-encoding.md) is used to encode and decode data structures for the application - stores can only persist `[]byte`s so the developer must define a serialization format for their data structures or use the default, Protobuf. -* **adding subcommand** for all the possible user interactions, including [transaction commands](#transaction-commands) and [query commands](#query-commands). - -The `main()` function finally creates an executor and [execute](https://pkg.go.dev/github.com/spf13/cobra#Command.Execute) the root command. See an example of `main()` function from the `simapp` application: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/main.go#L14-L24 -``` - -The rest of the document will detail what needs to be implemented for each step and include smaller portions of code from the `simapp` CLI files. - -## Adding Commands to the CLI - -Every application CLI first constructs a root command, then adds functionality by aggregating subcommands (often with further nested subcommands) using `rootCmd.AddCommand()`. The bulk of an application's unique capabilities lies in its transaction and query commands, called `TxCmd` and `QueryCmd` respectively. - -### Root Command - -The root command (called `rootCmd`) is what the user first types into the command line to indicate which application they wish to interact with. The string used to invoke the command (the "Use" field) is typically the name of the application suffixed with `-d`, e.g. `simd` or `gaiad`. The root command typically includes the following commands to support basic functionality in the application. - -* **Status** command from the Cosmos SDK rpc client tools, which prints information about the status of the connected [`Node`](./03-node.md). The Status of a node includes `NodeInfo`,`SyncInfo` and `ValidatorInfo`. -* **Keys** [commands](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/keys) from the Cosmos SDK client tools, which includes a collection of subcommands for using the key functions in the Cosmos SDK crypto tools, including adding a new key and saving it to the keyring, listing all public keys stored in the keyring, and deleting a key. For example, users can type `simd keys add ` to add a new key and save an encrypted copy to the keyring, using the flag `--recover` to recover a private key from a seed phrase or the flag `--multisig` to group multiple keys together to create a multisig key. For full details on the `add` key command, see the code [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/keys/add.go). For more details about usage of `--keyring-backend` for storage of key credentials look at the [keyring docs](../../user/run-node/00-keyring.md). -* **Server** commands from the Cosmos SDK server package. These commands are responsible for providing the mechanisms necessary to start an ABCI CometBFT application and provides the CLI framework (based on [cobra](https://github.com/spf13/cobra)) necessary to fully bootstrap an application. The package exposes two core functions: `StartCmd` and `ExportCmd` which creates commands to start the application and export state respectively. -Learn more [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server). -* [**Transaction**](#transaction-commands) commands. -* [**Query**](#query-commands) commands. - -Next is an example `rootCmd` function from the `simapp` application. It instantiates the root command, adds a [*persistent* flag](#flags) and `PreRun` function to be run before every execution, and adds all of the necessary subcommands. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L47-L130 -``` - -:::tip -Use the `EnhanceRootCommand()` from the AutoCLI options to automatically add auto-generated commands from the modules to the root command. -Additionally it adds all manually defined modules commands (`tx` and `query`) as well. -Read more about [AutoCLI](https://docs.cosmos.network/main/core/autocli) in its dedicated section. -::: - -`rootCmd` has a function called `initAppConfig()` which is useful for setting the application's custom configs. -By default app uses CometBFT app config template from Cosmos SDK, which can be over-written via `initAppConfig()`. -Here's an example code to override default `app.toml` template. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L144-L199 -``` - -The `initAppConfig()` also allows overriding the default Cosmos SDK's [server config](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server/config/config.go#L231). One example is the `min-gas-prices` config, which defines the minimum gas prices a validator is willing to accept for processing a transaction. By default, the Cosmos SDK sets this parameter to `""` (empty string), which forces all validators to tweak their own `app.toml` and set a non-empty value, or else the node will halt on startup. This might not be the best UX for validators, so the chain developer can set a default `app.toml` value for validators inside this `initAppConfig()` function. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L164-L180 -``` - -The root-level `status` and `keys` subcommands are common across most applications and do not interact with application state. The bulk of an application's functionality - what users can actually *do* with it - is enabled by its `tx` and `query` commands. - -### Transaction Commands - -[Transactions](./01-transactions.md) are objects wrapping [`Msg`s](../../build/building-modules/02-messages-and-queries.md#messages) that trigger state changes. To enable the creation of transactions using the CLI interface, a function `txCommand` is generally added to the `rootCmd`: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L222-L229 -``` - -This `txCommand` function adds all the transaction available to end-users for the application. This typically includes: - -* **Sign command** from the [`auth`](../../build/modules/auth/README.md) module that signs messages in a transaction. To enable multisig, add the `auth` module's `MultiSign` command. Since every transaction requires some sort of signature in order to be valid, the signing command is necessary for every application. -* **Broadcast command** from the Cosmos SDK client tools, to broadcast transactions. -* **All [module transaction commands](../../build/building-modules/09-module-interfaces.md#transaction-commands)** the application is dependent on, retrieved by using the [basic module manager's](../../build/building-modules/01-module-manager.md#basic-manager) `AddTxCommands()` function, or enhanced by [AutoCLI](https://docs.cosmos.network/main/core/autocli). - -Here is an example of a `txCommand` aggregating these subcommands from the `simapp` application: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L270-L292 -``` - -:::tip -When using AutoCLI to generate module transaction commands, `EnhanceRootCommand()` automatically adds the module `tx` command to the root command. -Read more about [AutoCLI](https://docs.cosmos.network/main/core/autocli) in its dedicated section. -::: - -### Query Commands - -[**Queries**](../../build/building-modules/02-messages-and-queries.md#queries) are objects that allow users to retrieve information about the application's state. To enable the creation of queries using the CLI interface, a function `queryCommand` is generally added to the `rootCmd`: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L222-L229 -``` - -This `queryCommand` function adds all the queries available to end-users for the application. This typically includes: - -* **QueryTx** and/or other transaction query commands from the `auth` module which allow the user to search for a transaction by inputting its hash, a list of tags, or a block height. These queries allow users to see if transactions have been included in a block. -* **Account command** from the `auth` module, which displays the state (e.g. account balance) of an account given an address. -* **Validator command** from the Cosmos SDK rpc client tools, which displays the validator set of a given height. -* **Block command** from the Cosmos SDK RPC client tools, which displays the block data for a given height. -* **All [module query commands](../../build/building-modules/09-module-interfaces.md#query-commands)** the application is dependent on, retrieved by using the [basic module manager's](../../build/building-modules/01-module-manager.md#basic-manager) `AddQueryCommands()` function, or enhanced by [AutoCLI](https://docs.cosmos.network/main/core/autocli). - -Here is an example of a `queryCommand` aggregating subcommands from the `simapp` application: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L249-L268 -``` - -:::tip -When using AutoCLI to generate module query commands, `EnhanceRootCommand()` automatically adds the module `query` command to the root command. -Read more about [AutoCLI](https://docs.cosmos.network/main/core/autocli) in its dedicated section. -::: - -## Flags - -Flags are used to modify commands; developers can include them in a `flags.go` file with their CLI. Users can explicitly include them in commands or pre-configure them by inside their [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml). Commonly pre-configured flags include the `--node` to connect to and `--chain-id` of the blockchain the user wishes to interact with. - -A *persistent* flag (as opposed to a *local* flag) added to a command transcends all of its children: subcommands will inherit the configured values for these flags. Additionally, all flags have default values when they are added to commands; some toggle an option off but others are empty values that the user needs to override to create valid commands. A flag can be explicitly marked as *required* so that an error is automatically thrown if the user does not provide a value, but it is also acceptable to handle unexpected missing flags differently. - -Flags are added to commands directly (generally in the [module's CLI file](../../build/building-modules/09-module-interfaces.md#flags) where module commands are defined) and no flag except for the `rootCmd` persistent flags has to be added at application level. It is common to add a *persistent* flag for `--chain-id`, the unique identifier of the blockchain the application pertains to, to the root command. Adding this flag can be done in the `main()` function. Adding this flag makes sense as the chain ID should not be changing across commands in this application CLI. - -## Environment variables - -Each flag is bound to its respective named environment variable. The name of the environment variable consist of two parts - capital case `basename` followed by flag name of the flag. `-` must be substituted with `_`. For example flag `--node` for application with basename `GAIA` is bound to `GAIA_NODE`. It allows reducing the amount of flags typed for routine operations. For example instead of: - -```shell -gaia --home=./ --node= --chain-id="testchain-1" --keyring-backend=test tx ... --from= -``` - -this will be more convenient: - -```shell -# define env variables in .env, .envrc etc -GAIA_HOME= -GAIA_NODE= -GAIA_CHAIN_ID="testchain-1" -GAIA_KEYRING_BACKEND="test" - -# and later just use -gaia tx ... --from= -``` - -## Configurations - -It is vital that the root command of an application uses `PersistentPreRun()` cobra command property for executing the command, so all child commands have access to the server and client contexts. These contexts are set as their default values initially and may be modified, scoped to the command, in their respective `PersistentPreRun()` functions. Note that the `client.Context` is typically pre-populated with "default" values that may be useful for all commands to inherit and override if necessary. - -Here is an example of an `PersistentPreRun()` function from `simapp`: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L81-L120 -``` - -The `SetCmdClientContextHandler` call reads persistent flags via `ReadPersistentCommandFlags` which creates a `client.Context` and sets that on the root command's `Context`. - -The `InterceptConfigsPreRunHandler` call creates a viper literal, default `server.Context`, and a logger and sets that on the root command's `Context`. The `server.Context` will be modified and saved to disk. The internal `interceptConfigs` call reads or creates a CometBFT configuration based on the home path provided. In addition, `interceptConfigs` also reads and loads the application configuration, `app.toml`, and binds that to the `server.Context` viper literal. This is vital so the application can get access to not only the CLI flags, but also to the application configuration values provided by this file. - -:::tip -When willing to configure which logger is used, do not use `InterceptConfigsPreRunHandler`, which sets the default SDK logger, but instead use `InterceptConfigsAndCreateContext` and set the server context and the logger manually: - -```diff --return server.InterceptConfigsPreRunHandler(cmd, customAppTemplate, customAppConfig, customCMTConfig) - -+serverCtx, err := server.InterceptConfigsAndCreateContext(cmd, customAppTemplate, customAppConfig, customCMTConfig) -+if err != nil { -+ return err -+} - -+// overwrite default server logger -+logger, err := server.CreateSDKLogger(serverCtx, cmd.OutOrStdout()) -+if err != nil { -+ return err -+} -+serverCtx.Logger = logger.With(log.ModuleKey, "server") - -+// set server context -+return server.SetCmdServerContext(cmd, serverCtx) -``` - -::: diff --git a/copy-of-sdk-docs/docs/learn/advanced/08-events.md b/copy-of-sdk-docs/docs/learn/advanced/08-events.md deleted file mode 100644 index 52d02641..00000000 --- a/copy-of-sdk-docs/docs/learn/advanced/08-events.md +++ /dev/null @@ -1,159 +0,0 @@ ---- -sidebar_position: 1 ---- -# Events - -:::note Synopsis -`Event`s are objects that contain information about the execution of the application. They are mainly used by service providers like block explorers and wallet to track the execution of various messages and index transactions. -::: - -:::note Pre-requisite Readings - -* [Anatomy of a Cosmos SDK application](../beginner/00-app-anatomy.md) -* [CometBFT Documentation on Events](https://docs.cometbft.com/v0.37/spec/abci/abci++_basic_concepts#events) - -::: - -## Events - -Events are implemented in the Cosmos SDK as an alias of the ABCI `Event` type and -take the form of: `{eventType}.{attributeKey}={attributeValue}`. - -```protobuf reference -https://github.com/cometbft/cometbft/blob/v0.37.0/proto/tendermint/abci/types.proto#L334-L343 -``` - -An Event contains: - -* A `type` to categorize the Event at a high-level; for example, the Cosmos SDK uses the `"message"` type to filter Events by `Msg`s. -* A list of `attributes` are key-value pairs that give more information about the categorized Event. For example, for the `"message"` type, we can filter Events by key-value pairs using `message.action={some_action}`, `message.module={some_module}` or `message.sender={some_sender}`. -* A `msg_index` to identify which messages relate to the same transaction - -:::tip -To parse the attribute values as strings, make sure to add `'` (single quotes) around each attribute value. -::: - -_Typed Events_ are Protobuf-defined [messages](../../../architecture/adr-032-typed-events.md) used by the Cosmos SDK -for emitting and querying Events. They are defined in a `event.proto` file, on a **per-module basis** and are read as `proto.Message`. -_Legacy Events_ are defined on a **per-module basis** in the module's `/types/events.go` file. -They are triggered from the module's Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md) -by using the [`EventManager`](#eventmanager). - -In addition, each module documents its events under in the `Events` sections of its specs (x/{moduleName}/`README.md`). - -Lastly, Events are returned to the underlying consensus engine in the response of the following ABCI messages: - -* [`BeginBlock`](./00-baseapp.md#beginblock) -* [`EndBlock`](./00-baseapp.md#endblock) -* [`CheckTx`](./00-baseapp.md#checktx) -* [`Transaction Execution`](./00-baseapp.md#transactionexecution) - -### Examples - -The following examples show how to query Events using the Cosmos SDK. - -| Event | Description | -| ------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `tx.height=23` | Query all transactions at height 23 | -| `message.action='/cosmos.bank.v1beta1.Msg/Send'` | Query all transactions containing a x/bank `Send` [Service `Msg`](../../build/building-modules/03-msg-services.md). Note the `'`s around the value. | -| `message.module='bank'` | Query all transactions containing messages from the x/bank module. Note the `'`s around the value. | -| `create_validator.validator='cosmosval1...'` | x/staking-specific Event, see [x/staking SPEC](../../../../x/staking/README.md). | - -## EventManager - -In Cosmos SDK applications, Events are managed by an abstraction called the `EventManager`. -Internally, the `EventManager` tracks a list of Events for the entire execution flow of `FinalizeBlock` -(i.e. transaction execution, `BeginBlock`, `EndBlock`). - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/types/events.go#L18-L25 -``` - -The `EventManager` comes with a set of useful methods to manage Events. The method -that is used most by module and application developers is `EmitTypedEvent` or `EmitEvent` that tracks -an Event in the `EventManager`. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/types/events.go#L51-L60 -``` - -Module developers should handle Event emission via the `EventManager#EmitTypedEvent` or `EventManager#EmitEvent` in each message -`Handler` and in each `BeginBlock`/`EndBlock` handler. The `EventManager` is accessed via -the [`Context`](./02-context.md), where Event should be already registered, and emitted like this: - - -**Typed events:** - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/group/keeper/msg_server.go#L95-L97 -``` - -**Legacy events:** - -```go -ctx.EventManager().EmitEvent( - sdk.NewEvent(eventType, sdk.NewAttribute(attributeKey, attributeValue)), -) -``` - -Where the `EventManager` is accessed via the [`Context`](./02-context.md). - -See the [`Msg` services](../../build/building-modules/03-msg-services.md) concept doc for a more detailed -view on how to typically implement Events and use the `EventManager` in modules. - -## Subscribing to Events - -You can use CometBFT's [Websocket](https://docs.cometbft.com/v0.37/core/subscription) to subscribe to Events by calling the `subscribe` RPC method: - -```json -{ - "jsonrpc": "2.0", - "method": "subscribe", - "id": "0", - "params": { - "query": "tm.event='eventCategory' AND eventType.eventAttribute='attributeValue'" - } -} -``` - -The main `eventCategory` you can subscribe to are: - -* `NewBlock`: Contains Events triggered during `BeginBlock` and `EndBlock`. -* `Tx`: Contains Events triggered during `DeliverTx` (i.e. transaction processing). -* `ValidatorSetUpdates`: Contains validator set updates for the block. - -These Events are triggered from the `state` package after a block is committed. You can get the -full list of Event categories [on the CometBFT Go documentation](https://pkg.go.dev/github.com/cometbft/cometbft/types#pkg-constants). - -The `type` and `attribute` value of the `query` allow you to filter the specific Event you are looking for. For example, a `Mint` transaction triggers an Event of type `EventMint` and has an `Id` and an `Owner` as `attributes` (as defined in the [`events.proto` file of the `NFT` module](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/proto/cosmos/nft/v1beta1/event.proto#L21-L31)). - -Subscribing to this Event would be done like so: - -```json -{ - "jsonrpc": "2.0", - "method": "subscribe", - "id": "0", - "params": { - "query": "tm.event='Tx' AND mint.owner='ownerAddress'" - } -} -``` - -where `ownerAddress` is an address following the [`AccAddress`](../beginner/03-accounts.md#addresses) format. - -The same way can be used to subscribe to [legacy events](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/bank/types/events.go). - -## Default Events - -There are a few events that are automatically emitted for all messages, directly from `baseapp`. - -* `message.action`: The name of the message type. -* `message.sender`: The address of the message signer. -* `message.module`: The name of the module that emitted the message. - -:::tip -The module name is assumed by `baseapp` to be the second element of the message route: `"cosmos.bank.v1beta1.MsgSend" -> "bank"`. -In case a module does not follow the standard message path, (e.g. IBC), it is advised to keep emitting the module name event. -`Baseapp` only emits that event if the module have not already done so. -::: diff --git a/copy-of-sdk-docs/docs/learn/advanced/09-telemetry.md b/copy-of-sdk-docs/docs/learn/advanced/09-telemetry.md deleted file mode 100644 index 14d1aa7c..00000000 --- a/copy-of-sdk-docs/docs/learn/advanced/09-telemetry.md +++ /dev/null @@ -1,128 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Telemetry - -:::note Synopsis -Gather relevant insights about your application and modules with custom metrics and telemetry. -::: - -The Cosmos SDK enables operators and developers to gain insight into the performance and behavior of -their application through the use of the `telemetry` package. To enable telemetry, set `telemetry.enabled = true` in the app.toml config file. - -The Cosmos SDK currently supports enabling in-memory and prometheus as telemetry sinks. In-memory sink is always attached (when the telemetry is enabled) with 10 second interval and 1 minute retention. This means that metrics will be aggregated over 10 seconds, and metrics will be kept alive for 1 minute. - -To query active metrics (see retention note above) you have to enable API server (`api.enabled = true` in the app.toml). Single API endpoint is exposed: `http://localhost:1317/metrics?format={text|prometheus}`, the default being `text`. - -## Emitting metrics - -If telemetry is enabled via configuration, a single global metrics collector is registered via the -[go-metrics](https://github.com/hashicorp/go-metrics) library. This allows emitting and collecting -metrics through simple [API](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/telemetry/wrapper.go). Example: - -```go -func EndBlocker(ctx sdk.Context, k keeper.Keeper) { - defer telemetry.ModuleMeasureSince(types.ModuleName, time.Now(), telemetry.MetricKeyEndBlocker) - - // ... -} -``` - -Developers may use the `telemetry` package directly, which provides wrappers around metric APIs -that include adding useful labels, or they must use the `go-metrics` library directly. It is preferable -to add as much context and adequate dimensionality to metrics as possible, so the `telemetry` package -is advised. Regardless of the package or method used, the Cosmos SDK supports the following metrics -types: - -* gauges -* summaries -* counters - -## Labels - -Certain components of modules will have their name automatically added as a label (e.g. `BeginBlock`). -Operators may also supply the application with a global set of labels that will be applied to all -metrics emitted using the `telemetry` package (e.g. chain-id). Global labels are supplied as a list -of [name, value] tuples. - -Example: - -```toml -global-labels = [ - ["chain_id", "chain-OfXo4V"], -] -``` - -## Cardinality - -Cardinality is key, specifically label and key cardinality. Cardinality is how many unique values of -something there are. So there is naturally a tradeoff between granularity and how much stress is put -on the telemetry sink in terms of indexing, scrape, and query performance. - -Developers should take care to support metrics with enough dimensionality and granularity to be -useful, but not increase the cardinality beyond the sink's limits. A general rule of thumb is to not -exceed a cardinality of 10. - -Consider the following examples with enough granularity and adequate cardinality: - -* begin/end blocker time -* tx gas used -* block gas used -* amount of tokens minted -* amount of accounts created - -The following examples expose too much cardinality and may not even prove to be useful: - -* transfers between accounts with amount -* voting/deposit amount from unique addresses - -## Supported Metrics - -| Metric | Description | Unit | Type | -|:--------------------------------|:------------------------------------------------------------------------------------------|:----------------|:--------| -| `tx_count` | Total number of txs processed via `DeliverTx` | tx | counter | -| `tx_successful` | Total number of successful txs processed via `DeliverTx` | tx | counter | -| `tx_failed` | Total number of failed txs processed via `DeliverTx` | tx | counter | -| `tx_gas_used` | The total amount of gas used by a tx | gas | gauge | -| `tx_gas_wanted` | The total amount of gas requested by a tx | gas | gauge | -| `tx_msg_send` | The total amount of tokens sent in a `MsgSend` (per denom) | token | gauge | -| `tx_msg_withdraw_reward` | The total amount of tokens withdrawn in a `MsgWithdrawDelegatorReward` (per denom) | token | gauge | -| `tx_msg_withdraw_commission` | The total amount of tokens withdrawn in a `MsgWithdrawValidatorCommission` (per denom) | token | gauge | -| `tx_msg_delegate` | The total amount of tokens delegated in a `MsgDelegate` | token | gauge | -| `tx_msg_begin_unbonding` | The total amount of tokens undelegated in a `MsgUndelegate` | token | gauge | -| `tx_msg_begin_redelegate` | The total amount of tokens redelegated in a `MsgBeginRedelegate` | token | gauge | -| `tx_msg_ibc_transfer` | The total amount of tokens transferred via IBC in a `MsgTransfer` (source or sink chain) | token | gauge | -| `ibc_transfer_packet_receive` | The total amount of tokens received in a `FungibleTokenPacketData` (source or sink chain) | token | gauge | -| `new_account` | Total number of new accounts created | account | counter | -| `gov_proposal` | Total number of governance proposals | proposal | counter | -| `gov_vote` | Total number of governance votes for a proposal | vote | counter | -| `gov_deposit` | Total number of governance deposits for a proposal | deposit | counter | -| `staking_delegate` | Total number of delegations | delegation | counter | -| `staking_undelegate` | Total number of undelegations | undelegation | counter | -| `staking_redelegate` | Total number of redelegations | redelegation | counter | -| `ibc_transfer_send` | Total number of IBC transfers sent from a chain (source or sink) | transfer | counter | -| `ibc_transfer_receive` | Total number of IBC transfers received to a chain (source or sink) | transfer | counter | -| `ibc_client_create` | Total number of clients created | create | counter | -| `ibc_client_update` | Total number of client updates | update | counter | -| `ibc_client_upgrade` | Total number of client upgrades | upgrade | counter | -| `ibc_client_misbehaviour` | Total number of client misbehaviours | misbehaviour | counter | -| `ibc_connection_open-init` | Total number of connection `OpenInit` handshakes | handshake | counter | -| `ibc_connection_open-try` | Total number of connection `OpenTry` handshakes | handshake | counter | -| `ibc_connection_open-ack` | Total number of connection `OpenAck` handshakes | handshake | counter | -| `ibc_connection_open-confirm` | Total number of connection `OpenConfirm` handshakes | handshake | counter | -| `ibc_channel_open-init` | Total number of channel `OpenInit` handshakes | handshake | counter | -| `ibc_channel_open-try` | Total number of channel `OpenTry` handshakes | handshake | counter | -| `ibc_channel_open-ack` | Total number of channel `OpenAck` handshakes | handshake | counter | -| `ibc_channel_open-confirm` | Total number of channel `OpenConfirm` handshakes | handshake | counter | -| `ibc_channel_close-init` | Total number of channel `CloseInit` handshakes | handshake | counter | -| `ibc_channel_close-confirm` | Total number of channel `CloseConfirm` handshakes | handshake | counter | -| `tx_msg_ibc_recv_packet` | Total number of IBC packets received | packet | counter | -| `tx_msg_ibc_acknowledge_packet` | Total number of IBC packets acknowledged | acknowledgement | counter | -| `ibc_timeout_packet` | Total number of IBC timeout packets | timeout | counter | -| `store_iavl_get` | Duration of an IAVL `Store#Get` call | ms | summary | -| `store_iavl_set` | Duration of an IAVL `Store#Set` call | ms | summary | -| `store_iavl_has` | Duration of an IAVL `Store#Has` call | ms | summary | -| `store_iavl_delete` | Duration of an IAVL `Store#Delete` call | ms | summary | -| `store_iavl_commit` | Duration of an IAVL `Store#Commit` call | ms | summary | -| `store_iavl_query` | Duration of an IAVL `Store#Query` call | ms | summary | diff --git a/copy-of-sdk-docs/docs/learn/advanced/10-ocap.md b/copy-of-sdk-docs/docs/learn/advanced/10-ocap.md deleted file mode 100644 index 62076172..00000000 --- a/copy-of-sdk-docs/docs/learn/advanced/10-ocap.md +++ /dev/null @@ -1,76 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Object-Capability Model - -## Intro - -When thinking about security, it is good to start with a specific threat model. Our threat model is the following: - -> We assume that a thriving ecosystem of Cosmos SDK modules that are easy to compose into a blockchain application will contain faulty or malicious modules. - -The Cosmos SDK is designed to address this threat by being the -foundation of an object capability system. - -> The structural properties of object capability systems favor -> modularity in code design and ensure reliable encapsulation in -> code implementation. -> -> These structural properties facilitate the analysis of some -> security properties of an object-capability program or operating -> system. Some of these — in particular, information flow properties -> — can be analyzed at the level of object references and -> connectivity, independent of any knowledge or analysis of the code -> that determines the behavior of the objects. -> -> As a consequence, these security properties can be established -> and maintained in the presence of new objects that contain unknown -> and possibly malicious code. -> -> These structural properties stem from the two rules governing -> access to existing objects: -> -> 1. An object A can send a message to B only if object A holds a -> reference to B. -> 2. An object A can obtain a reference to C only -> if object A receives a message containing a reference to C. As a -> consequence of these two rules, an object can obtain a reference -> to another object only through a preexisting chain of references. -> In short, "Only connectivity begets connectivity." - -For an introduction to object-capabilities, see this [Wikipedia article](https://en.wikipedia.org/wiki/Object-capability_model). - -## Ocaps in practice - -The idea is to only reveal what is necessary to get the work done. - -For example, the following code snippet violates the object capabilities -principle: - -```go -type AppAccount struct {...} -account := &AppAccount{ - Address: pub.Address(), - Coins: sdk.Coins{sdk.NewInt64Coin("ATM", 100)}, -} -sumValue := externalModule.ComputeSumValue(account) -``` - -The method `ComputeSumValue` implies a pure function, yet the implied -capability of accepting a pointer value is the capability to modify that -value. The preferred method signature should take a copy instead. - -```go -sumValue := externalModule.ComputeSumValue(*account) -``` - -In the Cosmos SDK, you can see the application of this principle in simapp. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/simapp/app.go -``` - -The following diagram shows the current dependencies between keepers. - -![Keeper dependencies](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/keeper_dependencies.svg) diff --git a/copy-of-sdk-docs/docs/learn/advanced/11-runtx_middleware.md b/copy-of-sdk-docs/docs/learn/advanced/11-runtx_middleware.md deleted file mode 100644 index bb8c04aa..00000000 --- a/copy-of-sdk-docs/docs/learn/advanced/11-runtx_middleware.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -sidebar_position: 1 ---- - -# RunTx recovery middleware - -`BaseApp.runTx()` function handles Go panics that might occur during transactions execution, for example, keeper has faced an invalid state and panicked. -Depending on the panic type different handler is used, for instance the default one prints an error log message. -Recovery middleware is used to add custom panic recovery for Cosmos SDK application developers. - -More context can found in the corresponding [ADR-022](../../build/architecture/adr-022-custom-panic-handling.md) and the implementation in [recovery.go](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/baseapp/recovery.go). - -## Interface - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/baseapp/recovery.go#L14-L17 -``` - -`recoveryObj` is a return value for `recover()` function from the `building` Go package. - -**Contract:** - -* RecoveryHandler returns `nil` if `recoveryObj` wasn't handled and should be passed to the next recovery middleware; -* RecoveryHandler returns a non-nil `error` if `recoveryObj` was handled; - -## Custom RecoveryHandler register - -`BaseApp.AddRunTxRecoveryHandler(handlers ...RecoveryHandler)` - -BaseApp method adds recovery middleware to the default recovery chain. - -## Example - -Lets assume we want to emit the "Consensus failure" chain state if some particular error occurred. - -We have a module keeper that panics: - -```go -func (k FooKeeper) Do(obj interface{}) { - if obj == nil { - // that shouldn't happen, we need to crash the app - err := errorsmod.Wrap(fooTypes.InternalError, "obj is nil") - panic(err) - } -} -``` - -By default that panic would be recovered and an error message will be printed to log. To override that behavior we should register a custom RecoveryHandler: - -```go -// Cosmos SDK application constructor -customHandler := func(recoveryObj interface{}) error { - err, ok := recoveryObj.(error) - if !ok { - return nil - } - - if fooTypes.InternalError.Is(err) { - panic(fmt.Errorf("FooKeeper did panic with error: %w", err)) - } - - return nil -} - -baseApp := baseapp.NewBaseApp(...) -baseApp.AddRunTxRecoveryHandler(customHandler) -``` diff --git a/copy-of-sdk-docs/docs/learn/advanced/12-simulation.md b/copy-of-sdk-docs/docs/learn/advanced/12-simulation.md deleted file mode 100644 index 709ce176..00000000 --- a/copy-of-sdk-docs/docs/learn/advanced/12-simulation.md +++ /dev/null @@ -1,94 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Cosmos Blockchain Simulator - -The Cosmos SDK offers a full fledged simulation framework to fuzz test every -message defined by a module. - -On the Cosmos SDK, this functionality is provided by [`SimApp`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/simapp/app_di.go), which is a -`Baseapp` application that is used for running the [`simulation`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/simulation) module. -This module defines all the simulation logic as well as the operations for -randomized parameters like accounts, balances etc. - -## Goals - -The blockchain simulator tests how the blockchain application would behave under -real life circumstances by generating and sending randomized messages. -The goal of this is to detect and debug failures that could halt a live chain, -by providing logs and statistics about the operations run by the simulator as -well as exporting the latest application state when a failure was found. - -Its main difference with integration testing is that the simulator app allows -you to pass parameters to customize the chain that's being simulated. -This comes in handy when trying to reproduce bugs that were generated in the -provided operations (randomized or not). - -## Simulation commands - -The simulation app has different commands, each of which tests a different -failure type: - -* `AppImportExport`: The simulator exports the initial app state and then it - creates a new app with the exported `genesis.json` as an input, checking for - inconsistencies between the stores. -* `AppSimulationAfterImport`: Queues two simulations together. The first one provides the app state (_i.e_ genesis) to the second. Useful to test software upgrades or hard-forks from a live chain. -* `AppStateDeterminism`: Checks that all the nodes return the same values, in the same order. -* `FullAppSimulation`: General simulation mode. Runs the chain and the specified operations for a given number of blocks. Tests that there're no `panics` on the simulation. - -Each simulation must receive a set of inputs (_i.e_ flags) such as the number of -blocks that the simulation is run, seed, block size, etc. -Check the full list of flags [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/simulation/client/cli/flags.go#L43-L70). - -## Simulator Modes - -In addition to the various inputs and commands, the simulator runs in three modes: - -1. Completely random where the initial state, module parameters and simulation - parameters are **pseudo-randomly generated**. -2. From a `genesis.json` file where the initial state and the module parameters are defined. - This mode is helpful for running simulations on a known state such as a live network export where a new (mostly likely breaking) version of the application needs to be tested. -3. From a `params.json` file where the initial state is pseudo-randomly generated but the module and simulation parameters can be provided manually. - This allows for a more controlled and deterministic simulation setup while allowing the state space to still be pseudo-randomly simulated. - The list of available parameters are listed [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/simulation/client/cli/flags.go#L72-L90). - -:::tip -These modes are not mutually exclusive. So you can for example run a randomly -generated genesis state (`1`) with manually generated simulation params (`3`). -::: - -## Usage - -This is a general example of how simulations are run. For more specific examples -check the Cosmos SDK [Makefile](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/Makefile#L285-L320). - -```bash - $ go test -mod=readonly github.com/cosmos/cosmos-sdk/simapp \ - -run=TestApp \ - ... - -v -timeout 24h -``` - -## Debugging Tips - -Here are some suggestions when encountering a simulation failure: - -* Export the app state at the height where the failure was found. You can do this - by passing the `-ExportStatePath` flag to the simulator. -* Use `-Verbose` logs. They could give you a better hint on all the operations - involved. -* Try using another `-Seed`. If it can reproduce the same error and if it fails - sooner, you will spend less time running the simulations. -* Reduce the `-NumBlocks` . How's the app state at the height previous to the - failure? -* Try adding logs to operations that are not logged. You will have to define a - [Logger](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/staking/keeper/keeper.go#L77-L81) on your `Keeper`. - -## Use simulation in your Cosmos SDK-based application - -Learn how you can build the simulation into your Cosmos SDK-based application: - -* Application Simulation Manager -* [Building modules: Simulator](../../build/building-modules/14-simulator.md) -* Simulator tests diff --git a/copy-of-sdk-docs/docs/learn/advanced/13-proto-docs.md b/copy-of-sdk-docs/docs/learn/advanced/13-proto-docs.md deleted file mode 100644 index 6c857446..00000000 --- a/copy-of-sdk-docs/docs/learn/advanced/13-proto-docs.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Protobuf Documentation - -See [Cosmos SDK Buf Proto-docs](https://buf.build/cosmos/cosmos-sdk/docs/main) diff --git a/copy-of-sdk-docs/docs/learn/advanced/15-upgrade.md b/copy-of-sdk-docs/docs/learn/advanced/15-upgrade.md deleted file mode 100644 index e2332bd1..00000000 --- a/copy-of-sdk-docs/docs/learn/advanced/15-upgrade.md +++ /dev/null @@ -1,162 +0,0 @@ ---- -sidebar_position: 1 ---- - -# In-Place Store Migrations - -:::warning -Read and understand all the in-place store migration documentation before you run a migration on a live chain. -::: - -:::note Synopsis -Upgrade your app modules smoothly with custom in-place store migration logic. -::: - -The Cosmos SDK uses two methods to perform upgrades: - -* Exporting the entire application state to a JSON file using the `export` CLI command, making changes, and then starting a new binary with the changed JSON file as the genesis file. - -* Perform upgrades in place, which significantly decrease the upgrade time for chains with a larger state. Use the [Module Upgrade Guide](../../build/building-modules/13-upgrade.md) to set up your application modules to take advantage of in-place upgrades. - -This document provides steps to use the In-Place Store Migrations upgrade method. - -## Tracking Module Versions - -Each module gets assigned a consensus version by the module developer. The consensus version serves as the breaking change version of the module. The Cosmos SDK keeps track of all module consensus versions in the x/upgrade `VersionMap` store. During an upgrade, the difference between the old `VersionMap` stored in state and the new `VersionMap` is calculated by the Cosmos SDK. For each identified difference, the module-specific migrations are run and the respective consensus version of each upgraded module is incremented. - -### Consensus Version - -The consensus version is defined on each app module by the module developer and serves as the breaking change version of the module. The consensus version informs the Cosmos SDK on which modules need to be upgraded. For example, if the bank module was version 2 and an upgrade introduces bank module 3, the Cosmos SDK upgrades the bank module and runs the "version 2 to 3" migration script. - -### Version Map - -The version map is a mapping of module names to consensus versions. The map is persisted to x/upgrade's state for use during in-place migrations. When migrations finish, the updated version map is persisted in the state. - -## Upgrade Handlers - -Upgrades use an `UpgradeHandler` to facilitate migrations. The `UpgradeHandler` functions implemented by the app developer must conform to the following function signature. These functions retrieve the `VersionMap` from x/upgrade's state and return the new `VersionMap` to be stored in x/upgrade after the upgrade. The diff between the two `VersionMap`s determines which modules need upgrading. - -```go -type UpgradeHandler func(ctx sdk.Context, plan Plan, fromVM VersionMap) (VersionMap, error) -``` - -Inside these functions, you must perform any upgrade logic to include in the provided `plan`. All upgrade handler functions must end with the following line of code: - -```go - return app.mm.RunMigrations(ctx, cfg, fromVM) -``` - -## Running Migrations - -Migrations are run inside of an `UpgradeHandler` using `app.mm.RunMigrations(ctx, cfg, vm)`. The `UpgradeHandler` functions describe the functionality to occur during an upgrade. The `RunMigration` function loops through the `VersionMap` argument and runs the migration scripts for all versions that are less than the versions of the new binary app module. After the migrations are finished, a new `VersionMap` is returned to persist the upgraded module versions to state. - -```go -cfg := module.NewConfigurator(...) -app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { - - // ... - // additional upgrade logic - // ... - - // returns a VersionMap with the updated module ConsensusVersions - return app.mm.RunMigrations(ctx, fromVM) -}) -``` - -To learn more about configuring migration scripts for your modules, see the [Module Upgrade Guide](../../build/building-modules/13-upgrade.md). - -### Order Of Migrations - -By default, all migrations are run in module name alphabetical ascending order, except `x/auth` which is run last. The reason is state dependencies between x/auth and other modules (you can read more in [issue #10606](https://github.com/cosmos/cosmos-sdk/issues/10606)). - -If you want to change the order of migration, then you should call `app.mm.SetOrderMigrations(module1, module2, ...)` in your app.go file. The function will panic if you forget to include a module in the argument list. - -## Adding New Modules During Upgrades - -You can introduce entirely new modules to the application during an upgrade. New modules are recognized because they have not yet been registered in `x/upgrade`'s `VersionMap` store. In this case, `RunMigrations` calls the `InitGenesis` function from the corresponding module to set up its initial state. - -### Add StoreUpgrades for New Modules - -All chains preparing to run in-place store migrations will need to manually add store upgrades for new modules and then configure the store loader to apply those upgrades. This ensures that the new module's stores are added to the multistore before the migrations begin. - -```go -upgradeInfo, err := app.UpgradeKeeper.ReadUpgradeInfoFromDisk() -if err != nil { - panic(err) -} - -if upgradeInfo.Name == "my-plan" && !app.UpgradeKeeper.IsSkipHeight(upgradeInfo.Height) { - storeUpgrades := storetypes.StoreUpgrades{ - // add store upgrades for new modules - // Example: - // Added: []string{"foo", "bar"}, - // ... - } - - // configure store loader that checks if version == upgradeHeight and applies store upgrades - app.SetStoreLoader(upgradetypes.UpgradeStoreLoader(upgradeInfo.Height, &storeUpgrades)) -} -``` - -## Genesis State - -When starting a new chain, the consensus version of each module MUST be saved to state during the application's genesis. To save the consensus version, add the following line to the `InitChainer` method in `app.go`: - -```diff -func (app *MyApp) InitChainer(ctx sdk.Context, req abci.InitChainRequest) abci.InitChainResponse { - ... -+ app.UpgradeKeeper.SetModuleVersionMap(ctx, app.mm.GetVersionMap()) - ... -} -``` - -This information is used by the Cosmos SDK to detect when modules with newer versions are introduced to the app. - -For a new module `foo`, `InitGenesis` is called by `RunMigration` only when `foo` is registered in the module manager but it's not set in the `fromVM`. Therefore, if you want to skip `InitGenesis` when a new module is added to the app, then you should set its module version in `fromVM` to the module consensus version: - -```go -app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { - // ... - - // Set foo's version to the latest ConsensusVersion in the VersionMap. - // This will skip running InitGenesis on Foo - fromVM[foo.ModuleName] = foo.AppModule{}.ConsensusVersion() - - return app.mm.RunMigrations(ctx, fromVM) -}) -``` - -### Overwriting Genesis Functions - -The Cosmos SDK offers modules that the application developer can import in their app. These modules often have an `InitGenesis` function already defined. - -You can write your own `InitGenesis` function for an imported module. To do this, manually trigger your custom genesis function in the upgrade handler. - -:::warning -You MUST manually set the consensus version in the version map passed to the `UpgradeHandler` function. Without this, the SDK will run the Module's existing `InitGenesis` code even if you triggered your custom function in the `UpgradeHandler`. -::: - -```go -import foo "github.com/my/module/foo" - -app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { - - // Register the consensus version in the version map - // to avoid the SDK from triggering the default - // InitGenesis function. - fromVM["foo"] = foo.AppModule{}.ConsensusVersion() - - // Run custom InitGenesis for foo - app.mm["foo"].InitGenesis(ctx, app.appCodec, myCustomGenesisState) - - return app.mm.RunMigrations(ctx, cfg, fromVM) -}) -``` - -## Syncing a Full Node to an Upgraded Blockchain - -You can sync a full node to an existing blockchain which has been upgraded using Cosmovisor - -To successfully sync, you must start with the initial binary that the blockchain started with at genesis. If all Software Upgrade Plans contain binary instruction, then you can run Cosmovisor with auto-download option to automatically handle downloading and switching to the binaries associated with each sequential upgrade. Otherwise, you need to manually provide all binaries to Cosmovisor. - -To learn more about Cosmovisor, see the [Cosmovisor Quick Start](../../../../tools/cosmovisor/README.md). diff --git a/copy-of-sdk-docs/docs/learn/advanced/16-config.md b/copy-of-sdk-docs/docs/learn/advanced/16-config.md deleted file mode 100644 index 03aa55a2..00000000 --- a/copy-of-sdk-docs/docs/learn/advanced/16-config.md +++ /dev/null @@ -1,24 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Configuration - -This documentation refers to the app.toml, if you'd like to read about the config.toml please visit [CometBFT docs](https://docs.cometbft.com/v0.37/). - - -```python reference -https://github.com/cosmos/cosmos-sdk/blob/main/tools/confix/data/v0.47-app.toml -``` - -## inter-block-cache - -This feature will consume more ram than a normal node, if enabled. - -## iavl-cache-size - -Using this feature will increase ram consumption - -## iavl-lazy-loading - -This feature is to be used for archive nodes, allowing them to have a faster start up time. diff --git a/copy-of-sdk-docs/docs/learn/advanced/17-autocli.md b/copy-of-sdk-docs/docs/learn/advanced/17-autocli.md deleted file mode 100644 index 41688309..00000000 --- a/copy-of-sdk-docs/docs/learn/advanced/17-autocli.md +++ /dev/null @@ -1,258 +0,0 @@ ---- -sidebar_position: 1 ---- - -# AutoCLI - -:::note Synopsis -This document details how to build CLI and REST interfaces for a module. Examples from various Cosmos SDK modules are included. -::: - -:::note Pre-requisite Readings - -* [CLI](https://docs.cosmos.network/main/core/cli) - -::: - -The `autocli` (also known as `client/v2`) package is a [Go library](https://pkg.go.dev/cosmossdk.io/client/v2/autocli) for generating CLI (command line interface) interfaces for Cosmos SDK-based applications. It provides a simple way to add CLI commands to your application by generating them automatically based on your gRPC service definitions. Autocli generates CLI commands and flags directly from your protobuf messages, including options, input parameters, and output parameters. This means that you can easily add a CLI interface to your application without having to manually create and manage commands. - -## Overview - -`autocli` generates CLI commands and flags for each method defined in your gRPC service. By default, it generates commands for each gRPC services. The commands are named based on the name of the service method. - -For example, given the following protobuf definition for a service: - -```protobuf -service MyService { - rpc MyMethod(MyRequest) returns (MyResponse) {} -} -``` - -For instance, `autocli` would generate a command named `my-method` for the `MyMethod` method. The command will have flags for each field in the `MyRequest` message. - -It is possible to customize the generation of transactions and queries by defining options for each service. - -## Application Wiring - -Here are the steps to use AutoCLI: - -1. Ensure your app's modules implements the `appmodule.AppModule` interface. -2. (optional) Configure how behave `autocli` command generation, by implementing the `func (am AppModule) AutoCLIOptions() *autocliv1.ModuleOptions` method on the module. -3. Use the `autocli.AppOptions` struct to specify the modules you defined. If you are using `depinject`, it can automatically create an instance of `autocli.AppOptions` based on your app's configuration. -4. Use the `EnhanceRootCommand()` method provided by `autocli` to add the CLI commands for the specified modules to your root command. - -:::tip -AutoCLI is additive only, meaning _enhancing_ the root command will only add subcommands that are not already registered. This means that you can use AutoCLI alongside other custom commands within your app. -::: - -Here's an example of how to use `autocli` in your app: - -``` go -// Define your app's modules -testModules := map[string]appmodule.AppModule{ - "testModule": &TestModule{}, -} - -// Define the autocli AppOptions -autoCliOpts := autocli.AppOptions{ - Modules: testModules, -} - -// Create the root command -rootCmd := &cobra.Command{ - Use: "app", -} - -if err := appOptions.EnhanceRootCommand(rootCmd); err != nil { - return err -} - -// Run the root command -if err := rootCmd.Execute(); err != nil { - return err -} -``` - -### Keyring - -`autocli` uses a keyring for key name resolving names and signing transactions. - -:::tip -AutoCLI provides a better UX than normal CLI as it allows to resolve key names directly from the keyring in all transactions and commands. - -```sh - q bank balances alice - tx bank send alice bob 1000denom -``` - -::: - -The keyring used for resolving names and signing transactions is provided via the `client.Context`. -The keyring is then converted to the `client/v2/autocli/keyring` interface. -If no keyring is provided, the `autocli` generated command will not be able to sign transactions, but will still be able to query the chain. - -:::tip -The Cosmos SDK keyring implements the `client/v2/autocli/keyring` interface, thanks to the following wrapper: - -```go -keyring.NewAutoCLIKeyring(kb) -``` - -::: - -## Signing - -`autocli` supports signing transactions with the keyring. -The [`cosmos.msg.v1.signer` protobuf annotation](https://docs.cosmos.network/main/build/building-modules/protobuf-annotations) defines the signer field of the message. -This field is automatically filled when using the `--from` flag or defining the signer as a positional argument. - -:::warning -AutoCLI currently supports only one signer per transaction. -::: - -## Module wiring & Customization - -The `AutoCLIOptions()` method on your module allows to specify custom commands, sub-commands or flags for each service, as it was a `cobra.Command` instance, within the `RpcCommandOptions` struct. Defining such options will customize the behavior of the `autocli` command generation, which by default generates a command for each method in your gRPC service. - -```go -*autocliv1.RpcCommandOptions{ - RpcMethod: "Params", // The name of the gRPC service - Use: "params", // Command usage that is displayed in the help - Short: "Query the parameters of the governance process", // Short description of the command - Long: "Query the parameters of the governance process. Specify specific param types (voting|tallying|deposit) to filter results.", // Long description of the command - PositionalArgs: []*autocliv1.PositionalArgDescriptor{ - {ProtoField: "params_type", Optional: true}, // Transform a flag into a positional argument - }, -} -``` - -:::tip -AutoCLI can create a gov proposal of any tx by simply setting the `GovProposal` field to `true` in the `autocli.RpcCommandOptions` struct. -Users can however use the `--no-proposal` flag to disable the proposal creation (which is useful if the authority isn't the gov module on a chain). -::: - -### Specifying Subcommands - -By default, `autocli` generates a command for each method in your gRPC service. However, you can specify subcommands to group related commands together. To specify subcommands, use the `autocliv1.ServiceCommandDescriptor` struct. - -This example shows how to use the `autocliv1.ServiceCommandDescriptor` struct to group related commands together and specify subcommands in your gRPC service by defining an instance of `autocliv1.ModuleOptions` in your `autocli.go`. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-beta.0/x/gov/autocli.go#L94-L97 -``` - -### Positional Arguments - -By default `autocli` generates a flag for each field in your protobuf message. However, you can choose to use positional arguments instead of flags for certain fields. - -To add positional arguments to a command, use the `autocliv1.PositionalArgDescriptor` struct, as seen in the example below. Specify the `ProtoField` parameter, which is the name of the protobuf field that should be used as the positional argument. In addition, if the parameter is a variable-length argument, you can specify the `Varargs` parameter as `true`. This can only be applied to the last positional parameter, and the `ProtoField` must be a repeated field. - -Here's an example of how to define a positional argument for the `Account` method of the `auth` service: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-beta.0/x/auth/autocli.go#L25-L30 -``` - -Then the command can be used as follows, instead of having to specify the `--address` flag: - -```bash - query auth account cosmos1abcd...xyz -``` - -#### Flattened Fields in Positional Arguments - -AutoCLI also supports flattening nested message fields as positional arguments. This means you can access nested fields -using dot notation in the `ProtoField` parameter. This is particularly useful when you want to directly set nested -message fields as positional arguments. - -For example, if you have a nested message structure like this: - -```protobuf -message Permissions { - string level = 1; - repeated string limit_type_urls = 2; -} - -message MsgAuthorizeCircuitBreaker { - string grantee = 1; - Permissions permissions = 2; -} -``` - -You can flatten the fields in your AutoCLI configuration: - -```go -{ - RpcMethod: "AuthorizeCircuitBreaker", - Use: "authorize ", - PositionalArgs: []*autocliv1.PositionalArgDescriptor{ - {ProtoField: "grantee"}, - {ProtoField: "permissions.level"}, - {ProtoField: "permissions.limit_type_urls"}, - }, -} -``` - -This allows users to provide values for nested fields directly as positional arguments: - -```bash - tx circuit authorize cosmos1... super-admin "/cosmos.bank.v1beta1.MsgSend,/cosmos.bank.v1beta1.MsgMultiSend" -``` - -Instead of having to provide a complex JSON structure for nested fields, flattening makes the CLI more user-friendly by allowing direct access to nested fields. - -#### Customising Flag Names - -By default, `autocli` generates flag names based on the names of the fields in your protobuf message. However, you can customise the flag names by providing a `FlagOptions`. This parameter allows you to specify custom names for flags based on the names of the message fields. - -For example, if you have a message with the fields `test` and `test1`, you can use the following naming options to customise the flags: - -``` go -autocliv1.RpcCommandOptions{ - FlagOptions: map[string]*autocliv1.FlagOptions{ - "test": { Name: "custom_name", }, - "test1": { Name: "other_name", }, - }, -} -``` - -`FlagsOptions` is defined like sub commands in the `AutoCLIOptions()` method on your module. - -### Combining AutoCLI with Other Commands Within A Module - -AutoCLI can be used alongside other commands within a module. For example, the `gov` module uses AutoCLI to generate commands for the `query` subcommand, but also defines custom commands for the `proposer` subcommands. - -In order to enable this behavior, set in `AutoCLIOptions()` the `EnhanceCustomCommand` field to `true`, for the command type (queries and/or transactions) you want to enhance. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/fa4d87ef7e6d87aaccc94c337ffd2fe90fcb7a9d/x/gov/autocli.go#L98 -``` - -If not set to true, `AutoCLI` will not generate commands for the module if there are already commands registered for the module (when `GetTxCmd()` or `GetTxCmd()` are defined). - -### Skip a command - -AutoCLI automatically skips unsupported commands when [`cosmos_proto.method_added_in` protobuf annotation](https://docs.cosmos.network/main/build/building-modules/protobuf-annotations) is present. - -Additionally, a command can be manually skipped using the `autocliv1.RpcCommandOptions`: - -```go -*autocliv1.RpcCommandOptions{ - RpcMethod: "Params", // The name of the gRPC service - Skip: true, -} -``` - -### Use AutoCLI for non module commands - -It is possible to use `AutoCLI` for non module commands. The trick is still to implement the `appmodule.Module` interface and append it to the `appOptions.ModuleOptions` map. - -For example, here is how the SDK does it for `cometbft` gRPC commands: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/client/v2.0.0-beta.1/client/grpc/cmtservice/autocli.go#L52-L71 -``` - -## Summary - -`autocli` lets you generate CLI for your Cosmos SDK-based applications without any cobra boilerplate. It allows you to easily generate CLI commands and flags from your protobuf messages, and provides many options for customising the behavior of your CLI application. diff --git a/copy-of-sdk-docs/docs/learn/advanced/_category_.json b/copy-of-sdk-docs/docs/learn/advanced/_category_.json deleted file mode 100644 index a49201e6..00000000 --- a/copy-of-sdk-docs/docs/learn/advanced/_category_.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "label": "Advanced", - "position": 3, - "link": null -} \ No newline at end of file diff --git a/copy-of-sdk-docs/docs/learn/advanced/baseapp_state-begin_block.png b/copy-of-sdk-docs/docs/learn/advanced/baseapp_state-begin_block.png deleted file mode 100644 index 745d4a5a971292bb0346c35893b42ebfbcdc206e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 20565 zcmd@6WmHw)_s5SOT1t>oKnbP0kwyXOls^@mAbnmtInrrSg=X%fAB3eUDo)C`;4+H`cDk{iofk5bB;P(%Y zuz|Kwc!>%Gq5~<)zR~tI+0VxLLe@?3iQ7OH`t2Lbw>%a+5;={2I?Zq>qb)4UzcMqTUgc(sw|^lU@i-m}r2F)d?D!dQ|5HQrK_9|8 z>_gzDV-qon_vBIbSY!wbf6Q+?*LdJo{Ibf;rcZ_+E`Xc-DzbBm@w#f!@xZ(i=%b!@ zpzty=NpF!JT}xKT)oXYEMs?t-D~8-0I9}I}e^;@EoEnQKnxTeY9Qv}qLGLuc1CRR5 z|4Bht02~cOMc@>}Ml1(B?i-6fM8e2?@FMB`;QzO;OWyEFkIRI3q3c2_QHz98?fDh1 zB#qntVH<M47WREX5ZenxMVdFUDUgRj&DsTh$mM_lddu3jm2Z!9%eH&|<=JDG|I;}qYaCW>J zNo{?U=LY35?_jChyd05IYzxk|?m4yAloVEadc3kS0|Ez}?{R(@7*xg5;6 zGiIBJqtz5b(GXtL>$W$YyPr&mZ=+O7zn*V=C2Z9dL-ew2dH%E7;j~W9K!&Q)tN))c>V zFpv{pYJFHJIA;FKQ^aT2=gp0LZlIE+QI*1Q&aG+*mKR@0jinQ+c&xT;!ft#rkR|)- zZu<9$xN|cOPI=mOPQL0zRK7xr;pdQxI{R3um>`_C#0wpJGVwl31)@hY=t>TgT+IAM z+{qKg;{!vP!q(FVMAkjOaI4quh!~vaaK6Kzcs;*9=I>9ENM%r5%W()R#wC^S+fc;+ zC0K6U!gjKyp1j^0@?~cnHV`>4GyrAv_|^7Zly$UXI6HF?+D-j^pWd5Uo33-JKsj}z zFX`1-z9OmpY;^%97FIVI#F*@fq|5A{kKN_FF2FZ}Z<#44;DvF^NIhqxHk;7sr@bc) zrb%F7=Yg*+V%F{>=QhbgXBY51=Qw63e!|OJK>*;)hBg-L{yGQb9@0=G~83pG( zlWz{%Oj|`Ri%-knYhI6-a&kZA;J~2L6Xu?__1O4){}nL z5mq}d2`Ju~H7dMW-HN9^K0hHET;mRg-MlY!FD)wS)%>~D?Xhv`BVV9+XukEGPITaN zVgX;FCI60~WigtYnbqJ}Lp5YgA-!=wFF%;Y_)BJ$#~I(x5~FhG_X#6+`!f&ua(~64 zw_#uSu0CKu&sXJ#8uaJqU;#scEAe=<^aj=2oA7qV?M)dimCT*S9jaFR=%ift)rp(eBB$fS?shskDT84gbnHK znp74|3wym)!d2s>)g6xD229JT@49||^_C+FQtta$7}y9Zfk5z7#p0{}|`5 zFDxl~LQXTxJL6JZZTHtTaa0l-2&ZKRK}Uf^8`XKmj1ZNIOyEl}e|4>pBYwrGesBwY z?M70paqpBa=2FrOZmKeB4OHCXPU9MpdiZv_H)&FtF_hM-o#S_HFk9`F%@GjN`YR0~ z;7NSGzsxA}>6|aG_v|ug?n}4(!2+d6b{TkjFqXTOwaBS8p4!>Y=2} z!9x3vOYjyWq^~3y!g;xsGr1@ZM#f5$ha%;+wzPJ66E2N!*3sI)L-QPvyq#81xkiizguFHSXS#0__Gj*($6O|vhXrtAl zs&~?{JHO&|wRz*RQHIT#@7-%MhJd`;5p`=7Pv#8xBQcn|QH|Saz0lKQWAU&%o?va1 z3UmLvU{Jg$sXs7f&sOie^eBQ8{-|lX0@{&MLK&+ad;fjtDXTTA`l`oWqt=};^=zTl z@BLQ%9pP|h z8n5k6DK8$Av|Gq7p9>Si6-G;5u8w~7OaJ*yl>wU&0kqmH16g+XyH{+pJ~ucq)>eIx zNdB?n(U%B553@?EK|N^`_V=UPsezz&*m6z+_xWC8zr=ih0LptXJPCuLliwf?L8dp- zhuSRZyL2wY)acJ(&ppklGvdk>WB2%UCNzRiyj*+usQ-3tkgwcPBW)eZp!iamIgV$F z9By~kbSAu_LOEI(rtPpGdirXmNhY`dhj;uhi7w={-Mp%6NLjjsVoor9Q}c9jLltI9 z`J{%fDy{87r>;zoa=(L@5n^6)-usBNZvr)EiU$j3Kg}^a4zBRP_iHi$TPlh+`=qKo za(0^g>)$Xi_M_L#GU)rBVg1{82q&xiMfkFUUyTjMY>j!!^E=N9zaCf|HCshW8N-_o zy-G1(idCBs6-FGEO|=4T^^`(C#i=O}KZ?d@436JjHQlrZ-^~W^=YNe)~G#?5A7Ymsf%!l^+j}<<}ReQ~f_rFJe{Nh(%H5fd)9R1U2 zqao`mU;C`F&^h$5{WB+tfE|2fz?)CHub~7kEHR9 zinelv0=Dja-Jwrf@R>|Lr#bzr^@LbaSwGjA!eC=gTm*#(+_Tk<_%P0&QYg_VumD4DrTQw2sXB9 zSLmwmHqSGV_4FiUzdGC1gJv}xD}M0jj0%PM#+@XKZ%ng+c5*v6L`M7T_0>x-OFcD1cs?LsQHB%jAw}7nL7)W7f zGLJ3HqIhy+?>B^I{C&(b%WH8u-rFtc@3$`Nqv_4TtpXvtQPGodCj-7*?H|iVfXz){ zpJ|<2&#!;^n@TPr4Pk1}oH?{qNTx(nx>qe8?q(9k>gF=}>`_HqjB^c2ZaYGLVd5F| z-w7Ob^pv#AUXfE{MdZX@<#@*t%yI>x^k5z2B~(w->z<*hb?G2Wagb;rFu^lUtffHZ zw>D~tDesp_+gas*zU^_hY5Nj#w}V4D{xni;hn4>p+d`iBb-kR3~5wd*A=# zTs7aK69yH$U^oBlF-_E(WgpOL;XqPmRo@c;alpzm3DlVIT(9|m(icr=JQNqXqyNQ3gv8* zpq(1PQ+ei_aTWXne`b*%N@xC-aOE4h=LfHH@R@>gz5>CK+Si}UmImmqIE=y! z2cP%>8_9eIaap(wWLc%?r4kDsm%KU|!%7`NjJJfWg)A$&4!LhFd2VY-UGys2YpnR~ z2zVEc+U)Q3yWgMEj{R++tPVk8Q;vN@5EvoVc)HAuDVu#;j9v%yEChIop1~F(l%7?h zgQ~iYM{9idG)~am?*W(oVZiC3HYYzuEnPw}Vc-onv4Ou2>;uUo1+T!Uuj@krX0n-| z`22^|PQ-#LA6i^a3^Bmjy~8jskD_OK7H3n&o0%gQ)b%!-g-!$;1a{g(AIX|^5!K>J zjHTk&vhPkHCZax5p>T=A%X-uF^U<~mB1tQb>+a=p&PhWr7;BJde-D<=&x5mLosClU zbL5`hR;oMI;PVUZPqsON)8>$XR`44p$P#z|d-0W>TFO;7%{nG*0tlMSh{VlXJB|Hm zQ(72vP9Mw3c6ky;?!I8TB!_A=DKkt;Ef=cgvX$)R=-rRR?abHiKi2x@Yw+sV^%=YM z);Gzz|n0`+8Bo za(B{+%gNA3kmr+isYj9ISfLY!L5oAtg3of$mLvTS9b;DG#+SJk)j_>B7@ra!gqNT5 zo>8zGX;BII%g0c#GU7 z;r^{16sGz>m`jqZfej{)NOHH)K4?N2RBc+1qms<3SJ*$Ns(%RQ?yG$fsS6F)hX@DQ-s&y7u?Go(Vu4jeKR=w^k)%wb!`#^^n)%caNtXg{Y>V z$H}b6y`RC2R(Ff2@W4nf1-$8}lS;tc<6Nt}tCa&MC@Ox<-E5vIb>z{}QlknQWt~H2 z^x04U%*}$Vtz|o@ANHyq4;VP-NPJs$YK@F4R8&>9;e~pNjnh!ec#FTi<%@2I2(Ps5 z@gC>9%gI!1q$#WBJ5gOWHhxJ_2q;?dy!~_8)_wJbVbhaj)i`LWZ6<1NEl_RoCk1cD za?n*n70Gg=n+zh7BW1r7))$K9Xr&U#gf49uO9+$PrN8Z72zcl+vv~1M3Ir}1=#I-I z^O3afzchD08<867C9f28{b_jewdW=xg7Zy*2{6rieLxT=gorGY|8hC~d369nVE;0; zggdsAma7P$6FU*iZqo*_WKs!18bAYNVz*Ey*#nhSxL@S+?CavG z+>Fb935!9Yfp5+ag?I#mcA>wy)q`>FVO+CT7WJ1cTHU+VUMNvYe*brNx09h^i*eL{ ze}5feFl`M#_D(T0&#*(SCWKn57}Wi;k}&(k0iKld4<~uq3O>Ai1iok_TIB?vV*9*= zl{o@m16TCUT@#hw3oJdkN!@H;F1UdlvqbIB)hkvNz!yi!T~0DS6M0dYwCAFrb=@xzYt-iM-e;ScF7Bo zWfq$SsJDATJZWP+%(i+HFiW}QLW=iVRjj>ux{*Xs1I`a?_JI)`Vp5~hECOSMB3IUZ zr~Xqn+!u2-ohl^@>*YC5q(j{h`1Dx^0#rXG9zz&g4qJb(b7f08nz0A|e9`7Q0kVwP z6LrhEqWrxbOxX4)oOi>rH=N+$)e5LI>BQufWWP?+xcI5-pUvnt$b&9@YL&qa0-oB- zC&8H@m13Z)5}@w;*{NTzIj-t6qT=Ws%X85i+006kIXc%I&Vz0fewgC4k5YtzMyH=X z$^n57TcNVH9*E5C&-&W3xj7v>@QO0$3-024-_a&G-*VFeUG`HXCtOzM!|tcxAF~0$ z({r0&LpMKiTJ*cVB4G=g-c2CwjaQ!jC<<9%*Y5?@jMY)4B|OJ(s~x|({Y5!9DE^_D z*@%;@`mUq;ljE4ZM6K()kSrQB^;`+PUfzT%9-LTzS(s9Qb9)B`A*M}^|1PEC#qZAQ z!0xx{qSi^cIc;7jSm4RN9`vpti)5lPrxtIQL&S90@w(Q$lg)s#dP53U_M?3&o?1BH ze`sv1{^F5{->xtQIGzf#KT7j%H&HDoKmI8<`1(z& zsDB@l?1SNSib##FQW4kC=H_$1f}p05yQx+JPwf$%nPUZBTa}n>*|*ES_ffNJKN-yU z4URXMq=OuC)!vHZ@jlL^7)iQ6d8-1M+y~ch^nN#0nlh^B+gT1y`nzaI?ejgN?1&eP z#Pwa}Gk6l1Dd;1~3hV=z$Nb_kCoxx1Q>5wzo#Xpm`7OZNZLVT#;&VV4NQk5{2r_k$yw z4OxCb_H~WT6>7(<@cOVWa!l&rc-Fg|xHd8Ltkz|in`xg3}q~LPHp{KmBb-HSB4hkW(ehgoTW9+fDCUm$1yLcOrD`njK07Z zrP#F>YvqA?ajYeXCutr7!8n3lCl$tc{4qF9#GF*shVa0CNnXeXe~_ZGTmI=t)npX! zdiJ>gpN~9Y8zHyXHMOia8CQ8%kX{N8lk~axe8)+xF*@J8s+aGB?++YzrjN2U24NAL z)HhotrpP$l5YWpqYxY~Qj_&AmGiKq{$Mp@A?z{o2mwKQgXts+6XPNk04 zJJHN`PY!T=hIaBSzh0lmNDCcmsv>dJ61)GC7wzDJ-+Mr(e8K0u2N4N4sBOMei~gNf zmQgqOsqqOAj}9b_zI>NgP5y{WGVr3|6}ui6Oov`sMSN--M~b)fN!6DWwrusDR^h>k zkd<~5`-R#@h*6s!kkAZCFW>r=ZdRRA=6lU!L&c`qwaSgildsLU;x0DlUD}{jbprz( zSg4I|h{!GPlxB&H`QWPteJ8JFsnRD8cktV7Z9pO@&5erqBjuCApq8P%75~Rp*W$07 zQ|o!Ev%p_4lF)`|hjCo$T1)NWI@TaZ5^|->Z*JyQJeD8doVcyi5PVnie5SR#nFWV? z*33jJ4TZb3c}Yf;&sW-7Zq#T;SE8DZ{!j(s4I{2xC~{_8pR0A|QQt*FxDFjbH{?_k z`Bu6Hzu>ZkL|5A!qh}qbayYh=TxiZkj%T*jkiea0r}NE^=t#xZ#UH2Umj)B3M#N%V zsC~sdlzjxoC1r9iWv|>Uc|lH9%VT;wYZ}yvsjzO?O%-;wf3kH3e9ZSwM$3gpMOvFrZ+UiRg z)M%-X(sdD^qHDbSvFj&h)hJM<^`V~`YM%S?GrN0VO9i`tOJd9)_RJaqS8IL-yneNA z-N$aofV+X;C%P&xUYYLAaY+<%!t(o}{q0PG1Ps+b&`^Ab@5~;*Gpnm94dxxL&6Xqc zKBK421U=&!M*jxvF9u3oba~cSIod^HaYM~J#In}06KQU)qrSjRrrX(^=So9N{`z9s zNw>pF#li5oS7teR-U9}vIf5hKrV!sLs_oKJ#Dr zlQf>MUo~d4VzB?(|CjU$`14)^;TPk^Kwg!cGR0*1{w+>N>#ORr4!ra~993wDxmx>I z1~oSE{h%wYm(|^i$V&{wrNg04(KlSKBH}2~y*tjWhio^FE&&2V zqJ{;sJH#^^B=!k=`S)jE-HRq2O_@~E2PV5{{|D+pE{CTE!Xg91+cT z<#SB(M0@xWpDXnB?#vkJO^2m|g1VYN8XF)WQueuG#zcqn`-m4RGb%iYcy-B49lSQ3 zA^leilk&s#bDO`WKh|NcoXCI9{kKsTr(MWBd3P#UI>@raZ^OrKSmlhyVC^96c@;-o z6A^)RL5g;OYy~~VoBBTD9ZbhME^fymy-~ULnuEFR_9#9K5BvzitySE3rC!9Ca`F0N zb&p=+A;`IqGl@Nw>!Y7;R_SkeLCg#j2e>@PDF@6HLIEcJZlw$6%A}>L>FIvdx-Ek> z$fH|AQ#U|aPgh_w@61H}+>GH*kS_|`-R#EZg!;Fv#%)eKz4Jgf|d zR+V-x2l&E-{^|;OhKv6Gx}HXPtY2u0iJv5qupLXpm02-TE*?au!SVFd6k# z{SCvz<;e(pcx(ca3w@InhbWlsqDbKhlTEDU?&O&`?dPKDZDiZSJ($b1fq^LBcSY*w zL09@;x`H@592M>I%@IpW42ay+vYmnhl{x7x8rTSw%5Pd_^D>0TI8Dc)ISmLITWCFCQ_&7Pe+bEBRd z&Q|Pb;#wrk6El7V={-XoZ*Rsz`Ml;HtU7)4a!;-i@gC)5?TrI8`JRVHS@wdnAN>Lr=;H=&Q5V# zj~u9G%#3f+9BlhnOAQvj#76|WL{EjHr~OsGJt~_(4O~aGvzHde^T%6UHAyKMec%kS zTXTGYteXGAY6q8b5q3HB@PBMN|9$&L9xaYWzg|hV!dB8qF~a=mYqR)U*Q>XzI^To8 zkfw}_b};pAdb>^wt?$;cI=^)EgGX|TUT&u5W~-X)F}DMiZ(`q>F{F z1k{v6sXhlxKLbkQbwFNiEK~L~0H`iEPpge+V_6si|DQ$^X4lvXl*Hcx<0=0-wbBCI zzvNhCTY}D820TM0L0Z7r6ex**1#08d8jeQ*5y5#_H_opUmZmFh&R!@_mr-5;l*E7k zGsO=NJPO@FJk}j0G1x~$GyD$by;H#?R<~F9wj-voDa7d2iY1C|A z`T&&vrOGeXeo-&KV9DBOXcjw^TQn^4!8^KTgZLF0!$p+M*{29ngtY%-GeTHg;Q zNOlt*_wg-2`JycS1nWicXL=MKoYQn zA{BrJr#n|wYv#Bp!!Y$fKIA_V1oSwmLl^WoMk+JEa#LNfj_W_T1pOa60($=PUqcom zq-Z{v>)>Gg9}t4s4A>a$wd}u!65O13V&Miu7Y6Te6OLu+*Cj{bWoUL}n(t;1Hd zneu?CeA8eF!^?hxS?{G9d`z?M!ME4FrM!>Z>3=i*Z-~ag5am+GG?8k7wZ4DipG8p1 z{%?My$)j}e{ycvg+F9^#Am3E~8}~nmM_fBEKZ@gNlF&;&Jy{OOBxzFBOD$Ddgs*-o zjduc>#!RDpheO@}fjA}70<5k&vd%Gm%P*m7vcpk*K`)`&vQWAA)Tew;Sn?_h>LdS~ zSm1i%Ch|W_FYoTd*yocSA8wr#_6`ge>{>c>7oN%QNBr+9>04b;Da8~AGeqP;EVz`k zvqf(vW)X}wp*b$1BPL47J=TwM+1Vjj zzs>C4|K|t)gOe(!INjMD;4q@M*EiaLE3lWG{b#2RsN+059aM`F&{ogl{B6* zC3oQC2)gn9b_fKlGTYoBZ`F>ExGsw~?7QSZbuviuO*m$+^HQ^)>-pYn8}hxZx$+_T z|8Y=lti)tw6JXgnMnx#Y=z4-wFsdNcMCs;Y*|)wHz@XH_Hu{qXlU~UWKb+6IL_04a z-Le;KNSW21KWi-l;2xK~I{E(wEZc+*l=(*z85E&JC)*>r<(@lZM7+56npkVe=z-dh z1?1mf_jfny#trTTU0EW4EPl@p=`Ip`b5ruqTiYcx^5hd})Q#JM@5Y%_GsM&AWj@JX ztdJNMun{|wy$-&;97^Z6%~8yH?RIb8`RPuj6TpOqj_hT0{vlnDRIoAx9le8QD$Rj$ zD3YWRPUse+kHXvQ9H$vxzrNi4!umcgTF;z414o+sKUz%MNGs0^HO0Qcd|99 zjp1f*R>v*LUK#Rm&rVNIPu&|&t*2@}Xe&~O{-3qhiqPY!1ldxhLhkbwgTuJ-^nFCxjKt?T|Nr{7 zPzlp5Gc?{C{Voq^iCW$I)TbRK(sb;uJ7bKLuU%KHBg&*{7@aczw@|^Q0gpM1qvU4_ z1^-Zek7Z#JcD_H4a_CB<#ddm=$DUZ&sd7#^{td4y4gKjmVZ6Qo4RiJ$XWSN74lQ8$ zqacI{32u=ojJr)`EBWOnG+_TpS+7H<$7xN%|4xOS|MaanyUB8fxoF7!tzU!3_U9EX zwXD}wcJ+P%bd zdm?BzU2d$^=xGm-QSuwf>XJ#3w81l|a}SHV>$7<5C25RGLFa|nv$gi`KUSs)yO^X4 zyX1(U{+8*W2_BI;q;(7`Qp=7zXm^SsV+AzjJFV70zput}u@vN?QOn00{iI*t<-2ISAX=71M8^|;yX#Cv+HG$c0jq@}+=NIaPz1M_es2HNA zD~KY(0i*Z#(uP2o27i9QQBGmgu>zJGsHm3%hE*&DC!a29o(=FAY}bybX6&Y|fn#}Z zKK#!0zc_FLnf=at<9>B)O(_|OjH8h-)GAbAJ#4winfRgE`Mk-p_p!$kZOARXn&Y#? z*PeegC=g;GeN_W3dylhQXc$T5d{yn_KnV z(E?!Ed6xjJXdgQ`U<`U0=Cjq65jv0CgKq!!s#1?;dM`Hnjn_VvFbTf0PCcu{Qq7eN z0`{sFh06elmO51irbd}0y_9=9-@lw2c&vDJe{-n%K-mT?5CiYkB{tnT{uG@cpPB}a zey_?E@hGg~vgwC*@9T?pf4_?ZR+_t^79QK-=ili=iVnMDp9)+4bD%*eqjLV+2t0Ji zC@n?!DQa5X=2x0|9!bkH_I62tfqT*_4&(_ZizQ`vJpa-Li1eC)#~L1FR&fv)jI;wi zW~u^upsMT`82=`R&;Jw6Y%rBuxV*<Rn9V<4j9=?S4r&lDa#6j{#D-rxt?nz<5J@8w)Cbf#{5AW3g8vZuUpzX$777 zvqWlcPsi1J{5$g@Wi$vWz>r^nHBVuGu5NQkcv*n-wNuBUJXD#pLc>|s=dn*Bt_Xw?^V zix)eqzVo_p(3**{<#yUH_W@E9zoN{XO?fCM;1LPu|}PKHFJiP}?M$v?i@Ev+Cxnib#t`JNCbhsRF35Z)^7DTp#tkQr;BpkxvF1rP>U-=scj5 zym|BH7?`6>B=g*dlqY=w>+!-y4(bxpxKs4_EupV|Kl-z(RnUAqz>fVkjCc+ol2_bR z1v1%l0~8iPuK>Pt5Z~Y6ov{Lb(Fj`Qo)HQTf9{r3XqaQ>$JDCZqfVlsJDJ?DH=yhr zI=ynEYTv&W7;)_s8raR|UUE36b1eb&(H~+tY}CyMr4HYgb@O8#_QslyZ`LyL7GCB1N|!7S?@p{AKcD>Px%Lj%Y_b4*uzThe*q+f%{5XV z$7Mjuln~g0MHOv#`D3l|LC~1J*KG4RUW3e$tCcX2T(em4?O%C}7poXe#y=^zUcwdh z9YRxqRDhEGY1Mm`&t0yXBS4N6*B#qf?yFPAvXWXM;B* ztu6yxPdcuSV^$v-CD6G`u~dx(Nm^_+`x%byZ7_K?Ynz*XzcrG(TyQ?@4|;wbX-$-f z_1NjFDiUp!7P)39P3Gh+NTD`kVYFZ@bvpx|>CoDA;K-(nMUkPlS34tRFm}tV9RZ5- zU1XnGYy?&@R>`q~ZKmFM_KB_dSpD=Nz!K0{3pLiiI0{2n7oV>VRhJbyXpzTPG1U9nr6PhqG z9YngI51Io)7$F1bJ&^Amqbk}m^4!6fhub*;!|jwX4!9xa5{9aNeAL~VFO!`aHai{# z-CDLQCyB6C*;`O-ydZ`ZsOgAQ^g!Dvp?wAjMXIz&ij`e8{_9md1d_|ypgn3vXdyb3 z)2nf8$$%&nla7Q#y_pOYRT#=;DfP<^BxOeex~BuLH~s=(Q8NqcBn9UqSt0e zOon4%6Y$tSezXGUu}xQ$&lGdS8`8DiaM9fL3m|BsZKXfMD~BWN)lz3hLRB1m_! zVOczVA*35>zh9T0_f1;iJF_skEx-`O0a)U5Z$qjuMJ&TZ6^84|Rmvj)Z(Ov;CYu!p z|Jj*%UQea_!pPFQn^BkUzYmN3DD-Xk>Hh0cZw_Dh<#!kF0{RS${PG_3JO*7NVXj`Z zgq%2u&`;$^{4iQQ%bjL!IQx@qmfDDiC*R3w5O5PvZ3}Z*3TY|(ewQFhQFG>4mQkX| z^q*d&tXS5|j#X}a2L@2@fjyRJ3(Zd`Bs$oHFe3`>kuJ4G%Q1pjzFXEF)n08yADQ;b z3`_3?1qm1swVkyXR=7OxCB6yquv$jE3Xbzm9_t7v(R~I7k4WCY`#r4JvpS~bOYpSR zU5BEsRqjrI;yNO@LhRldYZgaZhVh>IuY}=rc;W|9$|%WNu8MP&OmF-8Snfaw*k8Me zRHKhAK9d#b(Ps|xTOo73$Oq!fHz>_IH`YA{SX@8Q>o}slk9r?fKY%j!vE zc}wNcTbJH@=JlpJ*qhiXzwDiv;-B17f$aYWu_INteD3CSaLYAyTOW>3c#i961$FTB z;7r2hrpb@VV-Qd27EDGO{Q;?5Rh-(O~92-=3n)v8Mx z|DnlxzHE-7QScur=@MP%5)*TlfwL?zaJASHPQ`rB53L(Be^XPcBvA|;v>;76eHOw> zjEy+TC6)R4^!d+{F4d!#76k;R!NVkkm0p^%mwOg9%U@T;o`cO$T@S6v{VigB?O2Yl zjAQot^X>s`AJD*rj{}`A3Xe-e?pU)+$Wj}#Zxptkn!>>K&I460tO<(AH-WegAUe5H0rQ(7L-h<{G;oQB4U(d z(JVJcnGbC8?*Bh&Tn7%_?fciPC-SGME#N7oA;jY5Lh*9`UXyBEsnf-^&arMM?09o2 zVdJu1esk;0kX?I68fuYK;~u_a@nR>ws=%2`Cxl}}CZtIeSdLaU2L@~@R%_ouAs zQ}s1uAw`G{&g;VYdw9Bp0Zo6RCW0%I*$*!@@i`X0GQh;~dChPCn4icxwg)se*!f+OaZNpX>!`J6ulJ?oBlf;vyJx=06z^cn{fqHG6aeZM7rAC*sHDI z3UpGWigCW&xo2? z0MOG`0ClL<;-%OBK0m+eaSB{l9ypI-yYSIP(2iBzdWfmsW$_EQ_hBM{HV**DAsFRK zCcajt@C|(!tL+;cbLjKMkdEykfF3>$Vj>mVPgbvYg3)t247Nw0K1u`yOt5i(cv_Ll z-}b;ZJtJEWVO+-!tkd?xu#Fz=xbU9wAf~j*A)8 zpt7!i1v#Pb{YQ+Lz_4E_0y{KGhWj5>ryn0K0$>hUc{=*UN?&79gPmx*mh&RR?Pf8T zFNFZVgxPW`nBm_klWxn%k3BB?v&1jwWnfB0Rs03-H!ZMZXhu%sim6fL6!|}6rv^z4 za_}R{ESG6gWCFa?E;;d>2e!IT`a-Wtt!KNQ93MN%#p`^oeq~iGo+uiR#>t_*{qUNx zVTpz5tnr+`9doZ?cjQv_ChiP1%FK_uA~#!W2U}=%lNp$9$~=YMRGN1BBnpH#ZHx*R_FRMsCCt|zvRV4{Izd~pqFV_qxEHi67C-tgC8#>r|n|p#PpNJo~|#9BE>BZ zzVzo-qP0WU(*Ztxt%sJ1cFb{Rjlwx@CZ==IgCj%B0q&C zieW*V^k2*P59u>G4N`n5C*2<8pFO~C$Ka1$rhX|E95mDZtj&i?Oj&m%i$w&FjBko3 z#>w>L{<~G+G~JGn{e4LIp9_eQ6NdvChdq+Zo|#v_{F)!&hWTvmxc!*Gk6FP*(e{G? z{>BJi(i;ky=ldGq*nfJf{1rseM^pmH_1`TohHGZ0B#NW8u{VO&IunR-%sy4(WO^+m zi+0eiLvYwB3^o<~FXsx@k}^0R1Zp9?ElInAH#_`Dn`EQrx@h*_ za_Sy%fHlK7Jv&L>?P(tx94a@3a9HDbLy`dLN3kwX?VX{cA4=G#K!w1W-K*(Tkmuc% z#f7&bRG>IZ;;bp~sObb}(eZ^P)^-DXpQI4bEE(Uq_Jo3Q#4$+HqfK6jIJ zwfYXf?Rbw!p}!G1;)TrcB;$c%pG3=5AxOvj3j0(}^}W;f`h(=q)k&}_fJ|3UhRm$MpyKc z?g@lCLGzM{^xQMd3toK?v!_fuQruGP@%L$**^f|glGf65kAE`vW=w1Q-CB`)u8=*) zB{kh3LZ+QIVxyv+t`SNd?>Huj5AO2h`&^srE&BDdRpsjZ;4{~RB$v2asz1>Mu`?zD zSoeEu-sg53b7aHxqnz7KjZ#^e0n4ZxJ#&-^JN!)SU$hjTfQxS6$LtLTrvH`F-K{MC zQ6q~1siI246obDbh=9*L0(U{o>CqJsWkwu>%n5v49sBH02TOL=t!9qPple~;d<}X5 z4emSNaAjTekFZDw<#?_D>U+pdvkJ2M4!%@UgZ7+`D%B#_KV@_AbBl^fnsNLiBSMJb z`*-k5>6~BCN&QA4jx^_moKjoWFGNeGbgy)S?W8LWMzfeAx@Q5rX%l}t9xG-UcevNT zF5pfn^=?PfFAQ)G(jEu7>qi#T;n)fM+~>e4$aL~AWuM}bf#Y0{FN?G}!9I~uT?G(6 z!WFX}Gc9Y!=Nw`TFR@xf(V4u=!U*%yAy+Q29Wi4KhW%fF6jC`&GhdM?m(?wb?5h+< zd&9uDnJxPQghPxGn)DE}oW6nf3L1_c&M;+lYzwt*qIHZge`RSa2Erprf@-9Y&jM~H z7=%XbX4+ViOPKA1wg(cB)V&JP+D>#1KT+&bbk{^Ye<>zvu;kZU{Y2QWHB{+(MeXU* z;OPe;G=32KK4UBFzFIzSu^uY>qn)H(PB*}lE$lmqZ3E=nQ_Zu_ndp{PPuPKz;wv~M$Am92Ak4@t#T<2cO4?%T7 zWuYs!)adt0V1&Y1OjnWXxx{ZHd|{i1D|#p^D%Kr1!U~)<`yYG&-ehvhS1VeowzX9F zhQ?oTPZMa31Mf&LQF+*%OjPVyRJM$V8k=4tqM1lVsEF-ap}l!+0iR{!@~e zRwtsY>3cXM)(CC@e&%_R>h#k17R_ zkhg8FQ3s=$nH;#F+p7 zE`Tfd^`8+@a>PMNzZDVYlLb}tvEJ+OOgv#&4Nt?`fF(8E{ZmPs*pCDH1Fp8S=)Wsd zh%>dosZZJOvq*z{?beOp79fx=n-4YVyu_^?4iG?wO3DHrJCaqBw`#OuJ-W%Pkz|I< z-Vt3TZnpN;;Sy-MN~}rd6AhnaPvg_}skw>2iMdnqGn%)O@1Eu-!}b3eci$r~tu_M215>eJm!Bfj*o;i|GiM%Sv*RXiJZ7upGRN)Q4MWAWI{|8gd_y>AxlE!s zjDy3Zi+VQbI26YsT0DXiU*20v0UwN{?HBx061>)w)lE9{@*aQs`QOS@d!QhN{i$*Z zO{ScV%=agGZ)?&iQ5k2u!3?@dqxU|QLplc3b>5<(gRSqGKKm6P$;8O z{i?8=_q0h*3>LnAUnK;1`dn;X{N1xET`eR9ez_}7Q^MWFsZ&IE`YS^2L{#}hVl z`>vVX?1LjTnkuoA4_$i(H(P=L4dedv4Poq)u=R;vud3^n&t01U)@Pm$e0(ou1ND7p zI#M3ZAWI&A<0ec52*6C&fV>(v|9QnV6h9G@1x?wa*l5SX65(2WEQWSj+uQRmat&1* zTq*E~PDx9XDOgpF1E*dHw4ZFB0reQF?5O<`gPKB0VT&KGb;rUB(Zd=fKKoeJuO(m3 zbbRZh5aqyInF9$Qs9zHtH8e?eR3Mx64lyIj0t(<$C?&K*1=MoJf!8ih{dbCKphh;` z4&W51gG-)Oa4FUUA>HbdMaSMu)%SD=t3I#(o6FxaM3kjZ%lVlc?w#@9Y=u&@Z?Ry4 zE$t~q-1EbjG96=5Jdj*y6zC&pc)EXP!zVElD-SrN(M$C%*C04Nktx4AC}7kpM0uUZ z8zuKgXJ{_S12~uj+1`kG`xT>HfJ3E=*TDG4hZT>7zyr^!O6v-FQxFWO&}K}gA+n`O z>8$acdR1}BYSKW{<(h+HaZbui>h)UZITVgQOs zDSQWGRsq?u7P{`%v_cT6jkA_n)RMnZX5WV<*1_A=1c^o$cfxtYD-UW@M;u;KjvS5#7$AaFw)6}DB2;y6();e_MVpV0z{j@R* zcI2|RK2d&6E=2@=YEqt17@;AJB1>~(JQHQIjvG{Nm~QBVtEZn&(o^=8R)LSWTrVvS z3k}1%FUKzh$CP&qz58en6*PZ;Ss`4(+ZGN2Xzl`0_^jT%3O)^$M__h(Y#FS!Y8+iU z+wCzBgnlr;Pc*g=;T!X0_zLgf3p|`1(TrCik^?2S}a)k3ErJItJv!r8| zz`5bYUTfyuvT%|p1X2P8BY8F9XX<9msg#qh_EPB;Ppl2av^x%{eSIEU`mnfbYs_P( zYi01;zvMrziz@_najCBBX|IE}9I6KH!!yjKprCvdeBXihbsvGSDm z7uIezdm10ZlgNKXurYYWZ$kn9_DRf^=5pP#ha`pq4`Dkc6d9+-$Ktp!$`}_+d|c(^ z{-XFJrN5Xja8`FgzV5(Z{y2yd=}wNJDr5D~`nbJL+s9!!|H8k9d_OCfQ)}=I-kNmJ z%ZaxuX7yziMJ_5=9Jehx{isjgEInb48(mBeo9FMrFn*+#-x=k}5_6k1y7tM5xguwW zWBM0g!dO7JKnU+EgX^|fnpaoNV=i#+)w)t zmZbGayeWEx*LBK28FLuyj$<*_^$*m4)t}j8p)(r9Aq5*WqnnF^#K9sxA$@&+s$4uu zWXasdf>?n}3lP#`EAirpw}9Gt(gJ!LPJC=Av3{Oa03=2%pGa73!y zwIiX(dC8Yki$HYIhRrL{ADmSi>psqCx-+Uu=~acTcZHH@HzAo#$p4!<8jHb3)DHcd z?h#!PrqbpLq9QO8`oTO`CUMC@%bx6TobKutKU&*ykJ%mTSNA4gRl$T3Llfxb7^xmV zFUV|T-(KsIyu;AR(1)_On?tdfk?u=;Vr(k)-ym#x@I;|um7CTe>L+AXB5YPZynNjd zn_hKms?THg&Ur_NC){1S$DMfL|ip*0Q~SKZ?DjR32n0Gy<^TmZr@tF zDPt{wt%?=|bHF}S35*n@!R^e<;-I)remxP*>Q0&Y(!YZ+<;uC_q=&N7=tr!mOB=>d z2QTwVV+LwF9 zm16(ufJ;?wwBUM5E!mc#yj%~ous)b83f4JdpM(^Mc^TyqOPz1mCx^BS@2kw?Zq3|N zwD$XxB!OurWm&>xzKpRZ>I4L!$YtcI{y%KhV8~PVF_99rR4T5Y#K1^bR6~;?3IZY* z^lHzz->M^@Cs-E9yS&m<_Z}=cESk!kfj_RW7>l;&8NHfZM_V*qx1C~rE1=FjvkN2b znk_m}2s{LtOOJ%&-Pkhl(pH>5M35?2{q|RwJlB&QxV@V$dRP5smq>@R1*UE*QKowc z{cZumfU_I{XJW%5tv2niPhaNd=5~-;pr;#=_796<6YKX^H08m`XtOtO znhPf?{l%b|@`d8hWZek;4WuUcgWGkDIp`@~y!0cGhYj80&4+SNoW>|a1hAg<4+G$p z7O4ls*&g#t=z2xdRuK3L59P9y)t~KGGY+Tn*+%Nk#A^6WY)Wd%IEeYcp=I;J!*bD! z!YYpL8nn(NvsA5SLB)d!gC6 z5gUxd&m>7y_&}q#BDVlOm!&yiLP9WGTBDjGemxF)>)hF9Pm5B*J_3gl>)lzh6?j7= z!KdDlF{o1+7O6sycL}A7p^;?O@|ffp2&RX`jO*YIRw0@aBZIqBrA?ea6YAwASt*6- zivdpl39Sz_OIh0g5j+#9|K&uZjQaV^y}qD*DB+QAg~RHvI6>Ldx`G`Pf%e7@l$L8= znPo4_B(M_?Jz)zXxP7XMWj^fl>PP&?s(aec*=9b?Mrw`+`7l}+Iy?J>T-r8Lnr-=q zC8l0CB=AMD$yIC$SQ{xL;AnpICZ=T`FWd!&T;x1^s!NotjYJ&!Y|&lTeu7i~@AHv) zw4f9Igictmz;-d@F64kspTY;q*cppGu4VK5Q+u#apj2ZX35vUe2-}d*3{{5QMd7MJ znnZu{m8O&fDx!e6eOB$K<=^Fqa|I^6u$5{_bf&of%=!fDjb7)=$m4xkPpETA-eJkR z(>>CfikoYzJk`f%`PT`T+BIX$r|g1mJbGK51rrdOh{KFi69$lZi5OYhSCz`~$fmSV z3CsIc+gKPGL4*~NVis*%7pL*(jle7E)tvpd7bk1fe`{Csjy^S@+`KmQrTf^|LW!AX zh~-2^nMdGA@E7$jvd7>K6~7rIx9Q_oi;3rcP3vCzw{*hp`nd+S50162iFgeMJoqK- z^fkExq!a#1Q?0ro;F?^iQ3D>kJ#M0iy3E;-3FPge zn_K6h*diDQ-wUDCU%p#)WXE0XR!VasS|A&JJb zCi8c&VI*qmJ{v$0Z2&I~RT#zZ<9u0aXl)0d0r6lhzM%?8vdcTgWqJPQ>W$LA=4EJUVW_{IppNZ!w>h%8gvamqh=%Yz;$wI|Elm!3P61+XAZ zn;%fh(nwnukUoDN0q>Rs0H$gXwd+Oyyez1XGmio+$65TSyV+6CVL~oy@Sc4Xh634o z8MZ#ZHUf;A-2m8r!RY6W-Pk37j!{3qFM>@y{p}wB4Tej(b>2NPDfY4nB~ZXc&ECNz zYT4S?J~aU3L;{fI?esw6?m{3~$ZM>cwL+b8bUx@+x8K-m?` zhu0zPrBqRL2ctXulKRA%_ISBE;M-6#1&UUrkYHz7(=CHCVFPj>MPv!o1wzb?t&Auq HU84U7#M|-t diff --git a/copy-of-sdk-docs/docs/learn/advanced/baseapp_state-checktx.png b/copy-of-sdk-docs/docs/learn/advanced/baseapp_state-checktx.png deleted file mode 100644 index 38b217acdd04fb2430a2332946864de04474ae5a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 82308 zcma&OWn5HI*FHRefP#Psh_rMGD9zAa0@7X5(%mg3-O?ir-45M?f}nJ_NVjyuyYYUW z`}cf!Km5PosE0HA>=k>h>$=v7c&jLlg+Yt~fk3ciWh7J}5ELi`f)xD_4gAaW(u21U z$P0+9gs7T_!A{nr%>MDK9*SOK^ee z3r7Q;Z~%j}(d%Su{pxi0N`Q`TO@$Xnt>@WuR29?$B3nsR=YXyLAjH-@u&T)vlF& z(`G@G=rG^z2d3Y7$n;9t*GIp<1{21T@ux8QULJ>48ni;+cYb(;=UXPlriuCo|LxFl zFASrB0kSd1sNP^WkB(W)?Wbn+z0lkAf_{-{<6POK9O^^haqyiGvEXym|5`HgSt~*; z1S8F9?H5s7@OZo=99cS+Jo(e7Pos-q39;ZW<-Gp4*Q2Yn;xJSKzI{95V?TeKg}m27I>Yhu1eE236GCB@j8Z`L#)%=TTXo3$$) zYV|%-QX^IGAVkG?@llqqjD83{Ae)$@W_4_om48S@R#sNdcV78XT@AiCt;^aJO053E z4>c5v#O?I_V40v$F{??nRt2?1T|~4;H~+XPTvq_?Cf8 zK7^B^hqi`vVjOaHbv3)s`QNDsJo<&Cq1wwvCL^%^;l}%|g2C`UF@A>OJ+Pu!G zDHV0K;xNrD^Yl#@P`M&vJTz(y&{hzoH&U?{H-?F*sf~?SoAiW!m2r7kA~HhYaj}|e z)*VH()kUY@S5+xWFFTc?g}xygs7jTfC~+D2!(pB4^8;vM%pI%6JEb44#i~D77Rca# zQOs7VFWG*4KU$|zO({#@y1MhsgizS)G0#qx#|@ZR^x22`r5Iq9^d>3f$Tl4lA+uWn zf2KlkKcxeq@*#rK^?7e@K#<~>AJ1`<88#$7q`Ah~;agHsB}#rcVyO7|1A-|Kh@7<; zd(E`HKA6&i8u{Z_prC07$^Ix&n(S1|avy$sLZ zrS)IRorIU}PE~1y*4oh^>ULAgOH=zoB`be^IHBmRHuR78Q`j=V`+8wCk1<{CSnfj1 zA+C~tc&8a06k}MJszGjkzv*eBuDr4!r08W2CCB=2&&;Xh6v=Eb7^}1;m}pgJ3E4Gl zn+p9#i>^?Rpjq!VldLk_WhZRvAO7aZwZ$W9_9~6o;Pt=Tm>>V*aQ%v?{S*a7RHXNc zc_G1IbS=Z0aZhA@YrK@b+FRGteiPZb{~K7^t~+7E&7u!2BJ4Cl)V|_l^WE>W#UE3O zcR?ELo14|dsAT@kWhY^YAV!x=70BdOK>Cp_35s`a4^mv2f@Vs~ZE3$-`(iDD9*t(Y z`-<8mD{Rl3_6ck>?-q~UY`M@}Fq(OTl&`@swBFXH!(w);es!h#PB!b=ZWI|(mg|v) zJ_^&GNSL+%e7n+&8YAtA!4`u;Q#Fn32ZhJnFSEV-Z))~;V%zDXf@0bUCN8^VkxX8_)%dFlU;jb0|87PgTGm3V_s<5$<%;;ff#~FM@zm0N;y8l%l{JM*IVmXU z*gtO07Ab1z&cPq~W2w_tQ>FLzlu}m5cjwme3tMp_gUA15B@q6B0tgkM| z3a1F)o>ME{QTUyUf+R=1-*Tj=cf2tFgH^wY#?bd9dCq;&x3d~$>i({&8Fo#*?v%(5 zVL^%z3G75Ve3#B|akxTJ-vY3kEAsCwCb>{}>)`ksRdj{64@!D^&E zv!xScsm9G3e8>Hxlq~&c!}zS}iM6WPUG_Y?#{$#E?vN5YY*W>|HD=yyH&J2R^rB3b z-Q)IsBKi7$E^OI8r1sW9<;4&z*g2C{{+ZQyN%HRpsu~q~jCk~lNg(Zh--hfjwi|9u zRm>jP=4v7-2$scLEiUA-0$hm z`|@FlMU2GpJd7I>@aZnQp$Md`5~{=f(iZ#&S(_Q|X_lD7sgt3tRLm9#qD+~CFpA{u zQ8*V2;k(PucQ8BbuR1wV$+>BZUi;Rb}I5Wb^6HcqW{gK@CO@7OzLv!+_uDp zFRZ|`uEY-tUA@5|V4^|CAy3K{^zJKBFMUJvAqP}X^tINL+=}kaZo7{e`ait}2Mp1> zwo<>#P5Lx$+w=?HpD8S2-h_eZY3-dutu!i)FjRl9=b;uju`E z))Qq`d!qEY&SN*<@RUC3&P@yI*4ZHWj)0wJa+l#LfZ>g-jSk%9iM$i($@2*OxZ$w{ z32^dF=S&dF^FR8o*)F6$kSV~3Ww=LMGhHNM;OX0Q<}}K}hs<96e~mTgdp6(AhbG_< zI$5F5d~4iokYo*+e?J`Nt$vUPFPm$ov~z_6q_iQWeEE681yZpggA= zIhitvCGv&{b}+=Vb;SJ{*o$JWX7rEnlpt_v~fNA{7v>dATU#EesnE-n_SEc#Qv$bK@^}4nwFl5!9s!=|Scu5(?V$brST{ zq(Wp=j2}FUJ|=dQodK$Ls)a(A8`OB8JFL(I&dGRReCcu>6V19Ffa1X(I&=)1>kqY_ zEm%|GLVg@9_k^f1=gJR=)r1$RR=@kcvNMesX>_(&PHI0MX`lV;EciC$X#dh(cM`a> zZ3m>PH;ytmq7KCbz8p`i(dOeh-RfO0>uKU6g7m~;Ypl4z5yd&xyB%5 zwV|Tb;8}lmC*j->_Hg*m_ecdeDg%+QU&|&Av199a@^m$%Rnh2Hv||Cc;X~eHlFV9od|ySpl+ShgggoA6g!{LhdsC z6K$ON@~NSLH4G$A;6LL;W5_Pl4+)!;MjGHA=Lj|o=&hROHZ~6`G8VK062rWyqFJH$ z8aER})${e#@PPt_j5iWrYvXPu@xMan%lNB>QJ?{$Ah5AEASfIb1Dx@Xg{bp)>KFYY zBWoZ~A4TYNnKt5$TCmty0q9xorgs8r*l!1X>!OG_)`Ue+7~-7Ph;egmb4BrC+vW8O zALS{iosgr{id9zA4}PB?@ra;9oW(NfeFNBXMI@4+kHSQQ-()C0tg*7bCL5wke(WHQ zGcx=fC7!y5MhvB+VU+YHf?V6f<#e)f7^3{L841auXOM))j`LNI1+9Dv=kBng&oaiC zb0G|mAz!>b%hVZL+z^9I^dU10H|q&!c97yjVuj|+cNie8Hb@C(4o8CHa1ySEMA>p+ zQOHX5LgINi!&FwA9+~Znh%ru;!WLArk!HnAUdl$NRd&qXMV}*u<%UG$wK-nY=SV-o zF>qU7WW`_+XyGlt3?Q&_JSJpt7Q=nj;|oa)K@kbAsRFr~7~&9=!Mri$i063#S4!u! zdi=Y}EuvNsUXF_uX&=U!E8Kxq?5(HtjgFgJ16)s6*>c#&7570(@ka1ul5ArtJjQvF zi+%%Qnccmrx4*KFE-Bixh!LiA1L`T0pEBeT;Hh*BMd=?z7w9X#Mh!x8(K76s!Otb^ zcx)}{u|1gb4T5Z~Art?HV`8YP?t>aT)$=kW<9UoKhpXNC49iEbuI>kJt>J~?*qHm; z=n`Zd*pp}5lYUapA)sBfzZ)~+v($VJ1rSls5|hn^#0mzI&YO4$O_Hrv052}MR0l)m+9 z50R4v)@d60s)wt+R)j^XaawR%F1GnPp1jhq7YSo2wk0NQ@<1l*7#VE{e}Gy7!e4H4 z$X;5M{@AvN`ib(;qp#Ya2Mv-MWi9-K9Ee7iOI;S}SYcvZ{&1VuVE_r@#%qE=#)y9e z`Ec?Y9 zd?etp%N0GIRi~JkQ7d{Y+T^zT-Y86eObeak-M5DvVSWl;9WAt~mNWRly zmF@Rt3tn;Ea-ETw<6{A&FF_q0Cj-R ze4bAUQnZ{^^1iDF1vMov9=?m%kmbxOzA7lDmUl&_L!$JjWpJJMnk1P>1`zWzX+N+7 zx>#)@Sm2eo%9N{2zFsk+SN0c2gTh!2aZTOGzElJUwX#|8g<=0mXmKPKS^#fd$Z0`C z%xt1i_LfuYVg~oTej-Tkldk-B?k88!if=JpqrMo>-g3+H2@q**bf1pi%% zmMH!A2g9M%I!K_u=5ALC)*L#JWo_k^xra_vy1q@apn`ZzcjNmGZ~)oYo3%?X)Ijn5 zF#0K6A46`a*s#$4?!~x#bMhOEmjvKl8IST$@C=Uz6r|Lc6}Rhf4}%n$=|kLA3D`M7)i)?*(5z5<%w?VF>+RxFP{@DR`iDoY&vo+qx3(EhI<=G}oP@ZmO0UlUbK`Co^x+S7_eHc(frS-HTaUX{hs46kNEv}5oWRjU$* zg?!<1RKeh{tac1^uIDk_b|&}R6kzV2^x8SG(e0&fM7HNEJu1>tOHo+AY%ms>X)d&tbux6(ZPr-OHT!N!gjaqCmAy4Ujqm3 z50IyR?d}M5^S!oV-0^BKcZx={$U(R|6!2N%g+UonhxmNXt6X-bUJs9J4H=iNtb|u_ z+RaS`WHK{2XfdHj=JF^Cp}V&I?Zh;{vZxzddqdvcsWEauU|)HphCVBc@FumGg9)!g zs$IFDrv2&THH+XlUV>;@e08(A>pz{472HWY@`ng$M(bVe?7BW80{M?JWSMyHzTw>xTj_zzRu#@n2Y9SHqj4-_by@EQpJ$L&W*{f#mve z%fEDRASNw7Vrc5PnPaMw5DiJ#x!ga79i!~LjFJx_wK+ufh%j0ynbi~lSh);DY4&LV;uW|KgLF7p;Z zq2{FKMjuh6B7Qg&6$zRq+%4-Zn>zR3mwni9AJ7CV@Jmn-bG@gD6~1kFOvL^T-X3q> zW1MT~a}aVtq8vtO=%b8HF2GPf=Omx`;PgrV7qg$~j&Cx!`=e}uTc|WTnJq`5$Vk)- znSlZxZG-nyV*7I3DEBaq(W6&?j1;;%YOmY8&+Jg%%{RFw0o(`rJEyjG-NIbyUb$$C=>>hUjgXcQtO=|m_7Lw zj?XQ{yheGtdyLCLS*NNSmqm-Z&S%~=_?YZ!o^tW#ic}2s-R1(1h3m(-k(|WCn zX{E}0)zZ4oatk*1*CnBlu=i=1bF z4B?)`3~+c(?;yVQES@COX2R<)(GxLzr1N+4*tjU9HkrN^(@n0Wo?U~Vvkm<&^2dr* zdpbh&nS-1MJ}1HdEUBT8g5I^!9P0H#(&Q=#i`q``JkDYr*L{}LjJ{+4r?!Y~j zV(t#Dn?ij;+lOq5#5MKU$m~|VSVa~pm2%=xmGzQ z1rlZ6PL%8RoZwnaJ%R>IAO?j27Gd6c@+6qR@Q{$0hLzW6c}oU>Cb@yMA3cgY@(KzfMZ-9h}krVX_Df#R@-`VOZNa=62gS5pohiKkIr z2J1FIPXllHY9s9Fno!7o=K@Z|QJL2pE5KTG9oX>E7S=V=M~O8C5oVKjevJiZxGXeg zL(iyW0%BTYYPgJgN9UYoM&~^UTzqbYK2DL~yHHIWGx9h9SG3A`-qUBFHT+RM@S$eM zoyixCu#9Gz%fnHm%wFWK&CHtI`jNc;OGN=@pL~vY_R1>K! zzo^B1ui7ULrO<&eOE66l?GEtob1vuUclXT@Q)yF6MLlt=M0qcBKz$Pvj*80+i>RIn ziWzIS7$i@eF%OJk_{hH-C@9in5GJ*Ei5};nIu{tTZH|#GLQmN`EtPT1Ma8x8%?J6t zHXhm(#0By=o_OM>Y9ZWJ(-OT1Dq3jtHAtn&#j4&pa_}kBe@G2ofI+*k{!fYfI zkFf+^$MpNiZGWdJ5;{k?(W zv*RNrf!;wm9>v8VLQL!|?66WIxT~7l8dH?meCvpH`XU79`4?RN$@O2lLzIFzyhyO2 zpd7rB3_kHoN?c~6u#-2C*Zh0n)c7Ux;wTszs1HjidiKI*{h9ANG&e}%$$UQxr()56 z(qsiJ&-ulDwRwXLAqzhfVHaLFb@mZDwh8xn zvh;hu16}b83-3WoGJR*Tv;2o3WY}M#X6xx_J>iLP9-D^j`pg zfPwP3ZisN?R{*N6!?kP%0=4H;4dbLMlUp!qMIQMU-HfT~7aIxmzequQZC7>(?uZ;l z2_;AZ05{VZo|@D$YD%~~#~f%B4C}5?{Y*BqvC!HaaXl5ZFoyLYp#n9a+U}vuAzbi< zMWu;gY~gLZQ#i}=EK}wfPseB@Q6S>(cr*s}N;gZ!@r{f`e`758;yowGED4B(7{KvWl~(zMo;ih#}3( zP`aqe46zxa^xO<8b3OJ-zg$IP~ zPo{APDu!iE@w{{&+|!z0yU!dqFrY#h1*!Dk9xp^AE-L8ALv@Xh1K`Hu# z2!m$(==pmX9ueJyazPR}PZ;xkHfl>@cwXF?7v#(v=lvi4b2X)woIF7bUTb5?b!#~L-Av(MC z019x;k`zpzc0g8FdVZ@ff-ToG#+Ah+FM1IL5m@XBtiR7nc$BmIBuIReHS)*D!M4Py z;r@iH#V%7{a=<`NeT@zl-@V}5qay+dy7twqVvoDNlhRw2ttn)$f33%4spg=~Ch1}* zdiJF;4t=ezw)d=I9jrjV?$??Cm2Lo=+rVtSea>_pC~kh)mDXekR-x#877O_$S_nt} zk`|<@Sx2yLL*1N6x?M2UnU3%u>RjlVminv)`r2L{#@Wf0+jmMS!()}RXYVV8SQ7GC z%W2O4g|R}yc=e$!n|Rebk@aZq6S1oG88dr)OLnugpco!8PfsjeQRipTN54oWbsfJ< zhkn}40+qwIS-)&^R5;o!4+^afW532|=JzhqR0)qMrs<6G=&aT%Sl2YW+Zoi}t2a&B zrWy+l3${IL-f!b*LZY$h*?EMV6$V4*B{lb2`GM;!QaFAB_}Dc8%DP0flJhLGeIR8p z9gsub+41FB@W|tt$4C4U4PZS^h*$a-itO}4|3zP9V z!S7LLG`i<_H}D(KprkuHGGz95rLlwdguUsI<5GKQiFo~U>8SuQCNz`YvhawcNlIQWuM8Qh?puYv`db$13RuGO*T&|`eSqKZPhNvvXM{6 z1gJWqZ~SgfG)KGd0a~{{l#Z&jW=GVmc%XAg8u`2!6QsB?`)WlB20D*K#*K4X9aJ*m zMn*Cy3XpNLB}FC4G6yrcn*1Jadyx{!4tz(1%cc% z25@;tVa3;BQchL$%E6!&l5=sXDPAnlA`|x0+iSn`LqP{>3hsd`z|^f~xi7qCGz$n2 z%uM1AKp$ABMujW|C_?f9gUIfAXzDz~h~0jqNA@D1X_?<)lw4%1qJ8IuW}S`ps6Y1J z3NfVAX|-?d<#VIpV4kbvO_Oc~M&;ZOff(3It1$JtaXP0Deh|rp7EfC5(;d1J)6wA} zr;Y%m0&JDJ=M?C!D$h~c@zOdq;GZ2sahjaYtpOhS7#{cZ6Qe2}iZQ9vOr@bPqiR8v zRV)K`2t(45kWJ5d`1ueIwg)Okpu!G{4^p9C@W5X8s>DMjw_>txh4A0SIR{IkRv_s zz$_$@&f#{balDR@b5O_@@T`#C%r)#FeAP`%cv%gKpgRbbZzi8}!KU!Ci>AN{;g4dC z@^tOd&L*O6P9T-QYehZ|5T#?Ep$Xu31k2wlec^VGXTQE;SU{Szz5q_ zVT4R}nUM5UZBYROD*M{(?;^=2Og!mH=ru3DUa*K?w2-fQr+yN^VVC-Cfmmx~YM;19r%oxMzfD9wH$dq}o&CcL| zeGsNyC@S%x{%Rordw|^)FO5=6f(EIFB-}~L(5qb* zK`bT4ml(H^BvG}+pCY-j)yL^OTIwtn9HSsMZy#o{W>BKx(! zg$ZOLpo-xJV6r^+cY=YyStV$T!myBK_)sKdraOCkE@D1@lzZY5z!DHX_G%*d8nj6& zz+DpQ)*g_N+CwmmDEp&NggbBGWn1Q#0w`B*rdq7Wul);Uj3-Yz#?Q|`*ggOK})0P|M#SP|q&O>x; zL~G8&hqg=CCrvU78-r9)xbZEA zb3>*B`xoj#pNR6&&7G&BCnaj~w5LMp4~NpSQvuoKkq-@O){Be7$ANYLxekc$ERO^} zgD3)90lzO3szg<6;lVLnD4SX$vHGLNcLOunnT{eov--8+$Z=i?L9nu7Omr>3QBFBR-XnajYwF1%+3P|#g^t=YnR*7J|KYTMp8)R zE{6|#1mmbuv9k)^P3AcH&bUx%R?2N{SDtwefqGlMfTswVu>{D)KK4!7$(X4NroggjFS z*+y2^_e7ixVfbtsa$6Ig6EE>w4!U0^u*|lj7kToP;Wxek#poAwu8o$P(^+$4j*z+I z7bsb(RASi*{~zK4#1ub$^~!iIcW|*MUye`J2YlgDJc_}tWGuUcZ(#QY1h2u zDyBclh00_-^UvYjx8^$>MIt&Jab|bCk&d{ma9Z#`==9uFYt9|BCSq|XWVUJ}wCzp2 zvuhMmAg*jWn`IMzZ*bYJrKE#HOznxez?{mapJc;lm;5-5y}2BHDEB5?bzOGP z2h~(=KgP*04MXMgnyNvqH5))e0jZ=#Ama$I5|z0Jl%oKWW_xo2So%JWL5<`XGOu2f zSdG}`E}Nd|%0y1v5uK5IB{tjH)))Qhb;*IjO_;;k#j0zvw?6J^+wQxU5|^j@G(c(` z$6ekm6Ks+3sXnGB=7x^iaF>mQry}`_8F_q#{-tb%o@YhGMwxcATAiJ@651&RUOfbF zsPU>o%uzWLlW;)39Z5fbgjzlS{dl_5=?)PQZ$tA~$w87@(cdD%yvK92_kA_ANVF#= zU9#$XBq0v>5G5&8TjGben6!pr50cV55sUp){?%Gz-<3ZX&WBnzgex0L=?|b2Q33HC_#uqm~D!(`lnD!br0HqEn`%tZE zy0FsV{-cE}slJQ7i3++I(3qRc$X`S=x^6aF)LbO(G=oy^sgH^5;~ojl$ZqzO$X^h< zV!0^n&5M$Iz(2ms;G^8TmCCx33EMKuKRXU_x|$EU<)~I7zv?%+n;6Vt@x*)ZU=z{vn{fA~ zsLR89l6VwoZtBH_)3_8Paq|@I8vYzBr{`#a7YvBa<1${>ORF=4ULi;9jcVf2C?KAoN z)Knd$I06@>qnf@e{?mfuA$8xLcaqp{dFo%q2Vdon=h4D<;|`o=^-=SsZ+ft7;s#vr z#iz9kc_SuU0=@B9ZbZWs)dHu#FjeYwY>8$W<(MYD70LY$iP9$O5wg>V_>I+8CLwY{ zG)k>wqC#5rD$f*1DOGuV>HKdTHFSh81Cq*)8w4glhqW|sxbht@3vJ$As$3ZDI(b@; z$ZSHFxOzRkg{)Nblg7NNlLgdj3tG4w;iPxF;g7TH<%H(1D;`_V%b45Fvgm5EC1XVz zqz*HitRzNn|Jg&g3ojCwu8GEPsQ*+I8ZU;w)}4V!tEoG`45KSYi%C&Q&Uy8!=hKYv zLEL7Bf+qjjI>pFMTF>fN>C#?2tPDAXQwY{nl4naw%gpD-q>}3f0hQ)9tI35$?{2Eb zn~ETVS!R5ZLLje32RduAPbTZF8j5Uyx0MP6Gza-}c2k+#BrAPgELxB#TB@Es8LgRC zeH5hFCBWV(VY^2pY}_ErY(3h9u-XM;^CYC;rry%L0{M(OwjW!` zx~rii?7f?#)$F#HS`qK3mD6iIbjU0IetPM7rJ()FzkJToyUp5b3)@AjY|dVU5JfvF zU!J=+%l#Hp+TbzQi_~irXz%pI6_pAfAM@kkrl;;=g*j;3n;mc2sG)va$%Es68rgo$ zcq-xEIHuKY8FXvKB867E%3Vf$qXo_XlKaCf&)T*CBz{8S1*pCu5zHtf4wZPcf8 zvuBP95i21v5>HQS&2iyyw{|hu5|+ad*5dwpt1#R06TUM22ixU5s@ko{U_ehJ{}yw^ z{D()PTaQQ1{;?b>zBX2N8fB@*@ zpUei|z4E(0Z&x)3<0=PWW?}jJ@%d_M4qUYBy*bN3KaW}S8g?#2{d~$~OSDg;DyH_~ z1X^Ok+K0U2(eA!Z$x40a#eN=()Vgy1jHH@s6LWn;Adtsea{@iW4PI=US21h zf9N&#*RK@$imh@Z$KNMLD4Pli^DwVz{lYgM_&xbLoh#*%U`{w0j$IqyDJ8Mq!UhwE zf3{2u%YPr-&hv2ku3wYR?D3EmuidAzH2$0P>>10!F(Ed2AX8Q#p816|Pb+__3-_C4 zoz#jdWrw ztWQ_IJKXq10B)Z~V@S58W`GO&%pr7o%SS&C;d05_=(DLp3cr`zAA41VB4MeF>@h0K zmGHbbZo?Vq&gQh1#}It0BPGcbjgqCrU7jf03jI-Y<|fzui>Es}s%g=%O=ikBnoH0v z^>r>$rJE%kEqU>~t&cb^bf=c~6FWA#H+3zDzpg~Q?jhRe{;P*((|5a?PD%&p{Zh!I zSMJFtN9Jk$knXamcs&!6eXbUlJonuHVfi5uR}WiK6<8V*;%j z%i$af|7*uoA`bI6SU1BP53kEb-uhKf{tr5OE$EiBRo`3@O)4bWms&|vsQ5j-mK)fU zbKA)8Y7sXUcC;7Db=W;;g%-|k*7q_PNcK4jm1J`?rDRrnK9azS-?n}El_C5S80M9I zIj2us=r4cg+Rf!eSMvB&9k&K^!5IFb={jG;@y4{`f=+|M8rvu8MgP0#U!U3-l+lwe zXkuasLG8})=`1zu!G?sibjIknV24Sr7#(^WTy)+DRI<$LC0m2IrO3s28$PGrfC8o7 zJHMOn0RyMCKTR)wJ!1c}8|@@sKoY_*Fg;rMYrr^eF_50zIHv0ns#MzZ)=8+ z!-k!f6{deR5g8R+tu&&U8~ALHZwi`x)^7je-Q(t&udIM5So;%#NiIr%dUn?fdv>C5 zMIS>RZ-8a}<8S>$hW-GAf&1;J#uMi0R+EgtP{-2x-mS@kzFWcO{+TRl;oaC~VUvPi zK*sh%)#v8unadO`fJ-r|TJHo(*U4$Qz=ZcY&mTufLxH^Fq~`TFn32hsZT*vAR={Z>ECyeKfF?Xk9NFb5u`fneo~pV8x5rjSB`(?4^xp}+ zv^nM(HCdOXH#@Qj*0m>d1z;kshsK6zI`tPxUp`4cKmjRYT-u8pB z+w}1nlt+^?F|&K1xMAuW1u2{B_5EPdZfSD-GvCl&UmW%DX8*A-XTQ2JvU&!Rd_ry) zX#2JQY*WBEe2*%u>tgC=CEZE6xa{Wp3uuo_m(Gm~D&dWvhnsjTel&2+h7?T(3L5^5 z6huom-&~hZj_fH{kh83q9u!A%*{}u*#MERkeP#zZzMo0-^Ioujq+2HkJ*-prE%YcB;gDg|iF@kPA@ zOR*Wes#>rXk$JbRg!l@H>pUG^NCHXpXR>_ipBYLomxDi&jg&{x24oUjUj9C|bOrtk zQGwP2*&maoXb<~Ha&|Z}h(QTmlF8@EZkLB{zx{|{$XEcVZ!ElyH{u!PQ(i7$D^;qZ zc8Uci(kt~9Dd#E1QV1K+`)g@&z6!n{a2%NVD1I;TQ2?}{u~HItgzCP`cw{fboi4^_!FRh&YIl! z_sGUCsXiE#Vmzou?h3;Z_WtuNLYht~yM;NtxmX{Q9RxwpuNUz{WZ+A+`HDp7Bk~>t z9MMoTtQv3J*qyV^#t-&R9Z?`9f5_ZXfFrzftLL=J{GuoJ_WcC$g^t)Gm*=zKIpipK z9gK7%pRtToEht1XJsH3N5ho2M51p$;0+G%5UAK<4d1KXkQm!!`By$*t5k_U;(zGAP z>*j%@#fIVypvXiEB))_BkED&lx-?!?F)WwoW?-O^-R##VM|mKI!boN_6cVq{^RHYS z%f3KuLQyPj-M$I)&Qv825pEdKvdqffu;7WfdL2GI-6LR)S^+N`hQ*FMXo{$m4(MB`mX{>Zhmsi+4=`L`iD! zI$@%(fA2y6@5UCW*oAV*?=Bc*gp|cS5N`2*_yZk)Xuba6CQbk@3^dgM8<2)NzV-C}gK_jz z&yXNRsu1}NZq%#~_!zr`Ks7q+H{-1?0xlN->mY5r3Eb3EAwbr$a z@PB!Y*1Y;N-g(4<1OPG5jgY2`^6e1;{;EIn;vu`Zmx z!E2(+6l!lcLr9Oz={w2uMl*h{{uX0JuFS0{gL9+zZN3y@(Ke_EU z^)hG1KW{2fH2!_h_5Je-XQ17L-#;&vtK!Z7<0W%S5@-^0MXnt{y#d20LN?9^D3?|m z2Paw{NV@!h!cx!y-15I&z25{e1;9JMMQA-g27)_#DK)U5dm-cful~Ekhjd`<&*s&y zHUJX07zH?89xLjKcMAHEyouWZfTtHBcqj~v*Ev`qDok~se`LUYMx^wi)llsH|I(?fkNv-1lHT;pk!}*H^nNu@{D7%G(RNDKy~Y=o=}l<|EG0e{ zAUfuoB`<0kwX!7#LfOfn$%QdBe9j9Lx0%H%`F)?5)JrlFOa02F|E=4QpaIZzvbY!G z5;1zMUMDg@^%*Gg7W<%vg=5JOh~rR(LXQU%g`!LP*~e+W>Y9fA^09fE_-v0uZW7V@8blBf{!;x ze}Zmxpu4-s7BF+}fvDfDS0q9Eq*@8ElLmpM}KeHWUWD0nyv|X%` zTv)!g79RV&XjjWa%F&vp^bAf8A<8@X+8sGf#5QaHx0eW2k}YluICB zQ)u$JIK({Jo>X!MNvZID)^%}q91Yl9gy3%~aw@BS0$cm_;UDl2Z2JB;C(dB#j(EP^ z|BiW~t`N3duHu!&^yC_N&x7`8vHURLR7@$Cg*kvBvhzRPnXU$UxhBAIpG`|C|_DX(0ExHY6%1(U52>wSSgz+H;c`GwCraY*%5Skh^ zFLrlasamLL2!<+`FTm-WLn+ZzHm~;2v3oIqTxYdXA%lCD3{>OQ=S-?YvR}q@0-2t0 zViY+Oa~3?jh_T$#dHAUc*x`zV+vXDwc$dJXz30Oz`Q{=J%)O-@KzGI3elnqZ1youZ zKUDiKS3k9+Tice1$T5Mr@`Nqx*%A>5!Tl(DzU%gcryUsCgVdEM{KtlR7^J)oBIW~` z7f0ar0Q(M;9H?2pzoec@5y*T5?jWnIw6BgTCJ_j@So;cqjZ6cp3BBL-1Ja-sJ==`@lpb#4Agd>-jHMl51QUC28c}!vT)J*Ln_&Z9rcmRm{(_I-?K&slc+^gl3%J1z z(2(4L9Vm~Sa}1kRJAScK?IwF4sev7g4u5}(rV068?tz(neD$G6nR_z{Oivh4$M~?4 zMwS+13Mx?3qJbcJ>wY#50p4-o>m28*(42RlPDO?o?q5!TcW>ax(LyCdg+k6;JkEmQ zm?C7^`}3;z>3h@?5eKFxWMsYobTDi?xx3xJ3ql0XF#q$VAdx`ustASdSc5n(>`>uHLN=j7(O@(lH2Itwihl|4LFxTl4TKTS>jP2} zuHc)?G)DZ2k=uX}X}Q_lE6f{})0HLMTq+EkECt9x>kU9W1Qlt{5d7!6RRe*_S?m6F z36>*p*+IsQ2Zhl!nk6FdK+ctodhZp>j|w(#xW#g`pnn?3_UGb2)V$bAb^|ZyFhFJ1 zYj^=XlZ&k7!d!piSxd^H(qPq1020aonCqiO1jYDsp4LwEQ+<(?K)ZIPwpYEnJL0&* z>1l7Lq7uL6HSnL@kJd*6bDb~`=hjL$_wpQWj{@Iv>B_rVsgkaCr~nmJvhNMm=ysxE zASh{4n|JGGHQaY+P72Q7gF0zHUn1hE9b2(MYZK6EOU%?-(}QW{7(MrSSJ|x%An2wB z9tV4=RVDI%vSL?VAB@=4t_)=9+BGpQ7|VdM#MS$$X`ttRU9kWrgk_mD${2t@%l-AU zhdS@g@i7{wl>}fPyWi_Q37++F9ESEKXwz?wh1zCr`6%v zqJO)RLZvoBYQbX}%M-{NeA2}?^nvFtvG5c7gO1H<(f6!(^=Inp=P>dFaJjJd&U}T)&us-^5B4mK>m_r$AlDgMk zgJa*p6R0FR`@GI?xld1?Y@Uv4YpMcvc@(OVN=Ts>oYd|%J1f2~e6}j~&&b)7+8L$2 zt5X6sv~->{dL3?A?pf0I2(L+gFx}XgXwwS7U@+3)3fa^x(W}{5re6Rm+WX+3{g|tn zF^9m_IZEXwT~O7}4=k?_n$Fe>hXGXt7eYeK^J(Kp%rC32 z(}2=dh^hd}UxFt|+uMkDj{?>ed?gK{4MQqTxc268<5pLixPrSqZ zijRGD;p*}{4?q-qYxx;xLeyAk;1xW%)r;8glUPWqNffqvA?COeo~xcZhFD|ziSUCF9)Rhn!jIkZ@*)+L;uMCEj6ooUBuYe(HTXr z1};ILz(Fu^9n^+N)VCsNj{$4n6zJPm>)2h^M-A4fo@7=4T2n80_??VOJBc5m#nc{I z{;O?XEb#{Mncy%adYnuB4JRv47R>v+4^WI3dVUzIrYE&Cc6d5gqECO!LG|hz;Cui! z&!ed-8!KeS^THRjXgCe4I0Yr;-OY6omvtSFr3lU$;=?W`Kb5uNJkmn&20(_le4R)>q|`o-_v(F33Zr(lks1&-M&0oj@kRo^&?3d zr+4CqX;1uk-!lo(f{!(}Bu6H;CS=TX=nOGgFMs@T!8wo_kqkW^o;y3*;sP0v;8YV} zkdODxd+jugHz#jM{xg+Xl{lO{9k{%67Q*p@OsLg0^5Z?~Oydle)zUf-zrVjJDW1Db zjnI~*NqJRC?scFZwq#OpVpqdK!OMZ7KU3h$}vW6D!pM)t4;Te+=uA(vt2int5sxBV~5xdcHND9@KYyJNEZQb|$IQ zT_7hi@QI+v(+BUE1hKe5Pabsv4oeoeUR9D*B?^e$f5?K}?FQI>Ck7-Gb2AY^rVMvB z4zR>?A1u}{?&7k7x4XteB1Z6r{^S8-Ia1he)%C2~ys%xnK1nnYN*YBP`>gnl@N&^J zd-jO<1tgfj4#cP|*4kr)hT^AhsjiYg!`Ol-f(1i!o`{n*Eljj^Q@Al))Bx45(#K3>~a#kAY*4`n+{zxT`&}gQVD}&sQRr!|l1Zv+z+X z;Hrx0N|p+^ZGgUd++*eF>dErcA^Efpl(wy;>5b)x8mpXe-=)NKo7{#!}V zq+@0l2(v|elO>Dod4q?1iA6+M1F*5L>SrqFz_B9BgI@DJThp@a@>5&{mTsf>>8;8k zkxZqA+(mwZ%%HPUY7G#pN?WZfc}e`RA6pZIp0<(6STokQ7!~zA!=h4@`xQ6n~^QLQ2aPd&lqt8{uOdM$DtMAOcbW zr{rraHERe)3WNfkEdgt6i~ZeQ(ia9+eHGx>~G_J1TeFtUB?mYxM@ z^)+e7&0MbKN6tPhZ`o8OVpYtRBt|pKUDm`paqJ)rws9e5HV@mCLvlYI$GsZp_>{~G(F_|t3%tFz!MLA+x zN!32s!QO+-5O9S?c##}%i)?IEEBy<&A6yY`1UG|g`x7y@47E9|Zt;Z77w<>q;6Y{q zhl+qs5*$_w7{G?%F0n+Kb;j%mvjuBEX2N2D%Nt>Fk}^AtOG5=r@NT(R*vwxnV79q=KyZ z*`Ox~T;$*1)_4#t>4Hs-$nl>AK2?!H(a>f>6Ff6}c84h$pyJ!sPdTBNX0Y<02f~wkVeGI>~EJN@9eoTf08C&Y-Y)i5(=W7BFqkxA_m#*ltAAh{qCE@9(PUu_sfr}> zN!}k@TosdlsU?@Z(`Q(6_{SGxhi=-az1L}dXvDMEw;PE?erM|K4A#ed56$1-f96}g z`Hp{Emay37j1ks~B%q2Y!YXvthno;|s)VUSoc)Pdt6ykxT5}vo{u99ETS_L7wFw@c zO56DcfSi;aoW>X|_DZ944{fZU4$GYk&u$j_+AycU>S`Qu`wj5R!sFVYVS5|^BEf56 z_uYkqda=VQAd-f^*l2&94;yTeGcT*GsBWx53uaR(YU`2M0{ay$bvI zYfaWa|H%C#pyqdpze7|ZY7t|K@2puuI>mEPAv0AznSr9Hv9({Rtw<}0F^By530N0ZY1t6s zb7H|FhehKq9hL@_r-~*{xLz+{*G4Avi}Ti%{GP2}l19E`C08W&=MiEn4~fFo&t`KS z!Im94G@o0gU}@vg+tDyLe@|)iX4geYnT9$J_`*40s9}9)0{I56JbW5RSN}iqp-%Ov z@X#MeIZdutbtTVoe9)n{DiwqVl(e_tt2^nd4I}9#^ie=*G&K{*>qO_@F5MhO!LtTZ zjs0Ywv50N#&KH85)}Ef}N$BPWyi7$8RrPUEX_;o)%xhr}EfyYPGHo)XeNcc;aLya% z_d}cTPt%#w<1O(R){bFuRQR(@z=Sndj-*)}d2FMZNs*DGaP|hI?ERh$a85XMyyGyp z&LM4f#UFy@vF}P6SSW~wI)6(D56M459=~FfNaKWiv9i<$bR~B>m|xzyk0@Cat||dq z(Z|Qzv&-33=^|_kQBraEV@@z2VivIb9DvY-B77<{+vwkq9l`#{Dr6J-=WV>TJzFbb zfY0qTp7TJtF=Vpl^YIh`ENMi_pVNBnXUzLk-krVAQP3lChuwAGu0by~kF`R?heRtE z&BwHNMbe`P21D)$XUj(>i(VCVlxqB{`)L@N@eSfHmwW5vZ821X3;$IwzytgiI+dJ} z8jYNT*uyFVxQ#T_u5vP<8hVV&UnJ5qirIDd-XvPPLzkxi?Qjo@F#c4r0^k-bZCx%#FZ=5&I6i(&0HuhlPuol@*AvO;1wvCfyOkg$ z9sWup$V7GJV>f;+zlPQy_Z&?feBH@@LKTPH7`+&_-{Q2LW*he6qlm_d^h%Lz#3ri} zJ8^!}Pw74e5~18e?AnPyVU;=m=vnbJXK|4`=_K5Vx!0Q|Rudl_upePb-}l`V z2s7(5Jiw`a&82t;s$SN_IcRKaOnrbq>{G^sWsH_NmdK$Ji5gbYnQ7o|=20w>?Dvu# zoEj1C5C+d^AMgbe!hyj*;dgs&(m}`UYj)wPfU6~ViZZgruIUrrewQA%-M#;)Aw8Y* zpv~6XjZYa#u4^6~y@NAWi|syy?A(SkPlA0KcZUifqC8?wG9ND zQUEZdvJ^+~p!PMwKTP~OL5)(*%_V${q3C_w!JT8%@24{o6N75mc z%-56lpTM=WRhE~E#Zl$?M;JD{4XLyo1w#j;N&b)WwRh~iRaIF%mkNA@%BiAhUNy$5oe0D$PiM>nV-0$ zyI+tF3%gmgLxOP6;WB?_PHyrtY=ObF?vyP-OM^|;&iRwb)`rL!u>f2WBYRRC>{kbA z^6ikWFX2!P?$no9@9#7xHr7eJ>?j$>;ZUh)Z!FqrVMHBpubWE|X$aV3>r6X2BhmC? zE+9$@Yq;0Uts!7{sy`4SPv+kn9kxM>8+V`Ce*jx4Gks}>sDEnct1&+Z(sk;t);l!s z!dl^F62+14>gR{DnSX-NWL-0}aIXeEO}#%+i5uWB8Y27B0R#PFfk9k=XYD%i2_F3E=paOPTxuI z9|u>oasBWm|Cu z9rT`BKHp*lttW1=WbJ#01F3)MtoY;zO+jiPTUt`UDq#M{{#N?;-PsVAWki{Ip} zL3IUNEuS4$TJUPrR;pEo&rd^dlOv^=lhuYosfMAELpmWj-UFAHgLh^lCTgfEu}Wur z+}wwW&YyCM92}&zp(lvwapV-6y_3U$Xd;=&Gv)!T{sy%CVN+@TT{im;gdM~FJ;*cR zKLDlN4S#i)MoD`-u!|~dh62F&Rq03il=eBGE~7#6U+5!XP-rYU?|131XPzni=`Pep zKU0y*&9x7=~CI=Qls z{i8QpGFaGOX4kG;{^Hf8MR(axe0^Bsgr;&`S-Qw<|J07@t(w{_5q|gk4yZP%>Qx|p z+Kw8nY5TV=Hs7xn*bm;VD=71#t25(=iaas0S_1f1N?P4ST$EGr#GgK@Dwi+#>>>0>+oySg_qU+lIE?^D5w{v z8yd9vzN-^=)4TJ<#wHSDwYYiLRnuvE8>7bXZ?akJrBA`gA*e9re#<}pj?;28o4b>W zUb)2VssW#{7*KOYy05B+qJozsWk>%kR-nsEeMEGhI6XwK+kYX^m3DfS{o^kG8P1F5 zo0P84bwuR%TQZt=$ECqYBQ))!X3}ZR3iTZTD;Z~ol`R;R2T^B~)ls7ObssH{I>K`I zr475bHV#oiZ`06)CvRdJe6KD}9Zz>J3q15T_%*72niXxP zbh=^`H~hCjeootc_>+%wVtdl%qn+KxqBnb0xfzM;OZsXF&E9FxwDJ2uKPcRw{C{Ka z%+H8VaKw=rZwE3KV~0RqN@BjckmRI3I_a@h3-DcGcfzk`;09}Fq?>l$eA zqP;1gOn*n6;kT<|-qpQC)i3DXhGwnYiUO&=p`b{W_*W?u*J2;T+}WN;nv)_HJ_@mT zL63@BZ1+4<)>l+liiTUBwWpdx->q!kI_qgktq<`9_7+ccvBIUSbB{zOI4MQhnq;pnO6hssvYFZ;x1d5+{qX zk_*$o;(%AFmZ2$tcnnT|fHrze97lUD;fimd+NQwf6?%)W?X?VikEqXqgM0{A7r@+> zP`118SL$P=jo4NRkK_pteja`QFBGH)xz@gjBESb}XHqkY%d5XDFOR`TLD1hM#=qgYQE!G?fQM+rn^Ebn@c#qtm z=6}7JSwDHdbC zKnX^RK`98Gm++Pb`3T_0z}tzQ5P1hKjoWOW>EP|)k4*`6Zl^WXgBL;k7c)mR*YT`X z{>f7eyZ`?3&`RT7*D0>)pfP}JSFsdz-It#*Eq(lyX~lfd@yvWPSO48W`Yb%fQhVF~ zG1NUbBQmCJ>6R8^cj(GCP1zb3FNZQEw$?O90?{DL)MRpF@Yc=%Bf%hcmc^0pvi1GV z0EA0gkCQp^5tpwkhRN>0cbU%J%vRz3Dr+VXc0*6S(8sE{uZB4IXdul-h&&HEP1 z4k8p@pC*5!af&(pC?#f*fDRLUhauY~`ebCj$~i#2H8rXVT~Z{RT77LgXE#$lq&SBp z3=tOwJQs&u&MK^X?giM@MxxM%>fbcd2LSUY8BKJu#K`K6#lwuYzE0^!1Y%+!kF60aCX zD4~#qshWIXfZfTDjpcqGQvrc2RFeO}{(i4M1mEc7A}`S(9zYz)O}NkM^SVwulULL| z0Vva_Yefvz0KS3!hj6W)X@hL+(WthdgdjmxLx(;4OjQY8e0kL}j zD-Ak6P&3tT>&s`76n#yvqiB!~&(;{c057?B`d;SB&xr1M%-%n89~ zU>=%+7H{oPIhPXc<8i{gvI)m2jGIFh3CadIGrZqAFK@{l!qO^^v1JvRR3zR;gLrL$ zkX`Vldm9-|W=_6G8y#G;qd*4AxBH&KlR2PfLyzfg2JSlhZ55VboW4>NVR%aofo(x* zvEF_j z+W+yT<{SSOL`Rd>)wy^m)xA$mS0*2&U-KU>OtkyOa9%i--m>H896L%1kp zW`*Ci@BY#3>>GHeVs69%EvwemXyUIUL>}T$5#K%~fboj$abQrC$rjYvUOwV2mVib> zn*H)ca^*dsHryw^#L_}O!J07m*w%N^V)+Xy$V|Ml>&J_@H5_-pNARu4-L;_le&uOF zO0zdZ^FJN%6LD;r4^Sm3DzWtT7Y{)bcbh}q-&nO@RM}%sOlPERq^ksd{Go9k8JkWB z(=H+nmj#%3|FRylz+WQgqy*Qfn0>LzOx#cVJ{|B?F}6nojTZk_nQ-wL>~x6xghAc< zKkI^@X8)@+ns@2uMMM_7b+y4SZ4rkfA4sEZ5K!&{zSrfZ{A&-~<~;Hj`u4x3|LR4U zD9X4y+05@s$aS@nlcWZ)!Jo)Rh>mmXODyXnknorxYb4ii>#6u8Pd5x~=&400+_`Ua65>URm{eH6ynHd zRAi#50Nz1Ps8kPG3c@L>vHDmXh$K$-=%dl-ds!4XHi}_)*g0Vn7QuBM6!T`##=vMF zX!y*co_6>IR+XZ&KPyRxs~`?ZUDd;3YSkzwQ9Bh*++m<_dp&8Y zCg)R?SmS;0fO;e3!tQZSO?X79dx#Vy3W>sfn`6+(ds^OWpSNYZPKW)k;@;31rYWBJ zTN;fwVi_A?`B`+3;AlDp>|n3nU6%7J$!h{%tlnvAhQW0ecxi;(h8 zY(f&{^g|kid+r4mF5-1brh+HE29XBwno%?4J|{v7;UMDE^9I5ht%9{1j2litI@5AF^@o>F|#TnK5*-q^^>{avPRM?M;$6Fin;fyd(uZs z7ykHQUg)#={M}jgAwN zt|XkHNr=M09?6pV-`W}s{7I?NfGyfgAra3Q+z>GqcLix*9DFOd&Y=!@n5+O~nx%tn zD5kmUgc5>LtuP8mk<*6l9PByso}4(X|0Z{1AoN(^m%~+rDLZJ(fc3727&&l8JEl70gB;o0$yUHbjz;Csvk0g_hD1Wxg3`&dMrm|fcY zHWP8wM5A)o9vT3mvP~H4tiYSlo!%F8!lf6>kt z+OO-|_b~2-pKe&2p&;GKGUnXMd$8~mXD$$0m$jIQEqVv;3HL_ZY9j=jiAmxda&HP^ zNXpa)1fLfAYSQ=R=}4i1eqEEzW#u8FKY*DRa{6CvYp_$~a^Q%nE<$ls*uESuNnp9d}qc!wZbc&FE(to;sd(HTWR1yNx$i9^U*45S;&Nsq_ktc*@? zkA*fW8f}^*dJ(xA#Q`vpFIbAmV{+Q|^rHN1BZ(_Ed4i*- zV!!V;9z(YJ#BmUrG@nQnb6dqui3TTM)zc5Rcwo zup=gXheaEku(Zc_2n>W^HLPdLy)OxQN2}_$IV_Tv_;^K|JgE$tR}I+vTH3)|pk36DWfWgA=m&p^ zv>^8Bc-`7!%7A_8;u~F|cI~j@Q0)+?H~wJP4FG19mv`~Q%dotOD1}x$D}P$O3Vd#8 zrM*cpkJ3RDq+3UuA&y2Dk!q2X9!xfigLNYv&$azf^y5|B-eTIj)uGaSe)W@Oy(9Ii z7A5QlVoniaA5C_?7jHBuLX)qzS9uP1FD3_G#hA;r6ZvhQEu)V5?8e1sXFu|I8&)eV zETxi+s^95$fsgL=yTRh*4Z5*n8}HyV7>@4k`~;Z5%XyUoee|>3S8uv#`H4?}%j>;J z^fde5x@8~tbIH)9xU8|F~0|h%ypD=#O~Y0Jlz3_)HmIy z=Rf|_`6Nf1m4?#jmxSw_$;Mhc6>uwfkbmq^2&UuLJQ)>TARf;`XB^P^nIq6JtqEz7x_(4?l=ahg5_jK7H9Y0v-(3+xb4w0aLX_ka;Fm z7$USE0Wp}UkD>^mM#9a0JxjZ)72!nOy4~6Up5A!ba{M{A8<d$dSk=)@}_7C zja+#;1;~%~a|r<~tdj7mo>Lwy*fF*g-0Zi91RUA3Q#lVD0R@5A^h$Z@*z$K-l>iN3 zO@tk=3)~O&+!m+Ftnwb}m__Ak_=sH)+`A3ziQK1nP9pO%DZE977z=RzyB)<^KNKI~ zWC5!7<-nEQ$%13|9|%FzfG5v8Pysh<=mQ1yel!UccP!v}(b6mldC?Co3TE@dWz}+5 zfhW8O;Tu4B(fXFrM9FKQH*q8ZEQQUi>=yuQL&Fg`&PD@RbC5+Vq8Qfpu4eFWSnq#_)P z-hA371H$$46(GmB;Iii?VvClb@5DK}f)Kwt=#AKhDPR)`_+Eg(p(NxUIbVmz zJqB@SKBjAsMRU;QW+ntCu=b@w#Rffc)EoFjRZmEN^n7{;3`7JA12q;Z$G+$U_}{eO zfhDtL$AQic$q+SAZ0d85_=d%ln|ufy`2j11%MGyIZV;Ut&Q3zr5inBk0U^42W!QgN zXzG$Nh?@>ib5{b7RZ>krm^1~hCh=lUW)xz8=<|c!u+dw`-0bU-SCvGGul-90PlvB6EE`DM5|k%0G;e(XJ(r zwvSc|kJWSJLhrb$gndh13xvDK4~OVHz7z6ESLbn!jyMo#{OS9o#qJh8<1*ujT+y&q zRZqFf*!e9uR=?GNp7lCPpY$52kj{`6_L_5Ru)0h?-1cocl-%(6S|=zyZC#=6!XMEu z*a1lb?!(Pv4dFy-kM;36oF7oydL^;Mdg497bpGSrR7==xAHAec}*3}-`aEf5X6 z9?!b<0%w^y&T5nkPg0_d~^Nm9)N_@_k|P%w2bPLR|>Q|rj=H@8H()xGn6u^78oC1IR*HQNz3udl+R%1gu}o`$TXuF zB$pBVyr63$-3UU1GkNoko0V2?`hN#&wp z9d6nx+xz=lv#Q$noWbpj1l6U)dqaA^b9KgsjTgzj8;5zvjMHBm4jB1gR842eeM1xS zW)ECnp=~Ukn_J4C7r${hCSSX{=Jrxu)l7Y$PjKt=hUb++=YZE-Ubs*eg=l?2ZA-Am z_t>AlqyZ1)!NXBv+rS{Yn#oku~a8i!}k@P$egC{#kOwE#=6?Ot(1(vwU+o< zlAJBke$%CL8Zt)a9+;@l<%d<%9SyI7j@hmVswAG3R6C_?HXb)Rb`7en#OA~#E<0(8 zf^pW~uLI-!o%u7GG~l}&7}}o&Tg{ts_9-)Sg`g@P#r(!x&8E3{>Px(NlQG**6!}PS zJ8>E?qcW~@=3!zv$5;i=^P`Kd&eUqWR$v~!S8%ZlyW*8VW6|Fk^xJDHm&w%7PlR2w z3-v-TXQdQUepzpAU$2i`_cYnkJm3Yk$~EYN_=+=9o@I|k&_3hJt!AU=T^_5+cGGrj z#tT2LG{Rdh%N{GJvh5wJVvU5x{Hu(a(-ncq;%Cdl&krv}4SO(ZwY`*X8g6gbIzmDm zM;__V?hG(_2CbxzXg?OQ{nW$8lh_t5p~^_-m*ai5=(T-D#rgBgG{JFPKDsZKBkWgf z;q_rS*MYFf(nFM!^9m7XuZMzCclx>LXHZR~&G0>FtZ+1Z;CC}HXL;gQoQFe?dEipZbQ`BJMQAw%+yOh^i#mmMX3zhk)OQBS?jsNC@_>#OsNufLkP zUGuk$^IdmxF@9M9;qt!bi*BEs5{E_e%8wehEFS2?FV_-xUz$Cse%*M!{!t*Ex`b(X zZB$_Ky`lGB*@3M~u-^U;<=kzN>26B%wAJ?hFgu;MC z(4gY5ekn_8;#2v4CI)~$h8{usl2iy*_}1Jdc#-qQ789@#PHZW}TB zU0?SLD(x=4=oJT=l=lAgl_g;^|39E4@iVrBZAH5ZZE zti+JpP}qBsr7N-Wf4@k#k$qjg^YI*EOn=iKedKV4y%9Z@8qg227prwir_hknwBT6& zkp7Tu@Ty|-9h$$!X{eA#r+E7FxY!R;o44LZ(`=IT!7){y5LfA;ul zu3A{BQ+~Fg>QvC!FKa8fE~nvKXhV;N%FSJ}wW;i~TWJ@uYC=zUe@K`vwjGOOw@gy2 z^KN-P?*8uj4qfFq64{j|YSObA_BWmWNBsSP`sbeaWa0-~3P&%igG^T{abBPA4+w0R z&uw$}LnW>|-syWCu00a4{@peVS`Q#&Ybt%z5;2)w!Z|C8L^&%_=84q~VUsCn&GF6fZyV#1;-Amnrw$hAR9BoCSA7|7 zujgZ95)1blV?QPI987LtPz|!gk9zyBA#F$+(fBUzTJTte~zf z+SHt0cfH8#fglFttLZJ%iKuhpj^ zu9>&u5LVQzbl9#j)UL^LqxLwS=k1;ysDB79mUOk)Oq=E;;2#72!?QMYC&~3|&+GF1 zj93t9FeDa7DG_fPa5C^Dq~x?9r5!{6=6@E>5M)R<#qRYtbW1hHet=dwQyj?kLdDxBVu4;LEq=sK{2c z^OL2Rlc0|Ij$ znbemSo$THxn62@5zZ#A|?=)WYr9FG_BUw3LGC2Osi$YvAWJFvL?>l3FDM{MW(%Zy$ z&V}rcSaqc2C;0<2{N~_ywJOZiCw40A?Kl7_rp)*E7v&cxAveOH$V!-ef0DT!IfgNj`b6JP* zmAloS@04y#W!o8`!`n^&14jT9bDAS1p9iq<9D4vp(*(cw3qssWaSCucLJa<+39%G)mL3-*>i^8QvAon;4f=7(E*_4}xVAgH(sPu->fP;u3=68#Jv~D0)N5YLZYT^>(o!qKfg3k?GeAPiP^mXPP**+7)g+UJC5tS_1v_m z%kbWdfO~D0m0M2=O!^$pCXjlBob5L`J+NW`+a|VWbCnP5T%sVY;Szqw6rp>CKFU>J z9@r5*4LEZpXDKAD)^7Tyv)j()Jm-OCK$BMk3B9|Ev4mKyXuP)Fsy};adEtqzzm$%8e zm1ODYxanHow(-;q?GRWLNhka}$_M1^+h~xk&gq|nKP5Iy+|mI0cC3K4{Bm}<(F=Ny zEY@>fgN^hT>4b{gD5*pBhw;l|Ww7TsfHE3yE8ah5UYRJ~nW?Eb zmr8oeB>5`Qz_Xz8{h!~)0nIo;BN`ILeeRQ6%18&MbT;emLqbOP%qK~FEkuRjx2NLl z#z>Y(yoRW&9c4@gLlbv_4{B_Ez2r?Nr#t|T>;a*QL~7|O4C$-T?gPfP2U?1BgXiUO z7lJJov8DU`dH%BI-xBu6v3a0W`$Z#@J@|`cnSF(9dIt2|L)CSO-(Uh2r0MBk&VK{9 zFW%*@7`Kh!L7p+;>#wt5f1s9CwZ4OnSAQn4&I3iAZrn+M1WM=ZU~O4i=JH@gNgpgU&-BN70mW=ARUdS1}fz+s1UBlu_k#CG*E^q9xu zW3Wl3OS9)f+M`&-GlR?lAgK_GwD>jWS?IhoH|sONd~&Lh#ZTqC%3x%(?uIhF+DjaE zX_ts1OmK^HgQsH7+vz&KNO>OE`!KIAkxv33Vn?R@{W<$h`tQk>|C!kBg-oCP_=EBK z+|g0V%MGa(!LL9#*by6EN*Yfn7M2V5-ffA#_tRpiHO?My5HLu1yWmcdY-o3RW`0;Z zTQowRrxwGiY{X*h?zMYQwib9kaD(QQ4l8*#7AXp+00(5769tU}$9I5Qn88Epe6wQK z1?Jbyp5+9=304ONHl~ZMA;a|^PGXC}6f+ZG%b{Jrv8cm(fdHglXcQ9vjpaQM-?=H$ z|7+zD$qpzj12#EB9wp44!B>%Rv0-wRyK#Ml0v+`d&X@)H3mU`9(Bn=&DC;f97+AoJ z{1_3hJkW}7*X*^D@FE1FCggP%ECXSz#BOt^F+~M1&UjQzqtt-j!wZVK@yinhV7Kb8b)H~D7f+&c$rO)#r6kJ zS#vLTMLQ#BVQ~&*VlBRD?RjMg*OdF3C#$hRvsr*ZFCME75Sho=kBiRUZQI(nL zg#$a_%`vD!9XJJNjYFCV6#UX5g(?H+HzIJ>e!|7D>UL?#mmM}9Sym66cVDpNmJ06B z?lhEe;aLm8bBb|A2(o>6OQT^S7g2nQNxO`Kc4LI8ghGA|%x8xZVQ%t2mM>cfyg6Bl zUi~P#kuTRq-9A&|+be;^Q^&mQ3)Yyp7Tc^1CI|OEpL4{Fg*+$u=qBUMbuM|A^bXDMK&I% z8^Rb0aO-i8=SM&u6V75=wrz4uA0L$;a6Z`)#;1U?tNBZ1Iq4{<0}%|TT1jItM9q{I zehd#RWhrIO^yDDO$}u;cC=TtD+V2xYS!HD?oK!QuRWwmf7E?%P*1hs>R_U=8nkHxc zD-$Lr8_1G(5uN4+;Z7F}mv9Q%RY-54WZ6BMwv$*|&0x|B{9VnOHtmm;Z=bHTTvoZO zF6A1|yDR^cWsin15Qg0n{VSSU?yG@t`j4zAi1FE9&w4u{$OXXt*3O2{gR<;kFT15$ z@$ImzNEch*EJ>#?ijIYUkQ$?!<8fVO`6YB1>yN)ob`;i-6UAh_8beVRBsE}CtPo2H z+^UXm3q&QE`S`OSn6+TL3V(`5|Az|zdWzcP;5nc?L`qwD!evU7b;xgrx|@|;F#aGn z&2Tv1k390;?2sh?D(6+I@y{Pq`k)n2}biL)-g-rTWesg9xOQOukA|^5W23 zo-^W_?e)tzu=v^qT>p#v{bqg|cg%|!$}*9k*u@l)aXIfkv7kwcj^ukNl{pYCgoif} zcAM09O#e7jYAq(s7^1~z8f9fN+oi!**Sq;%!Jhd~>RpT0%%KGWB;&Qgk}&XKD3%|5_!-EdfSNYb?m?%yFZ8F zKXCqJzph6f89aZ24r3mHWG%FKv_p=Jp$j+>iq*r+MKJGrr3)0bzc>^xd?^si*taEA z6es@s#O@PGmhd6w)vJbD+uhnlT3jnS17bzX-Pdyb%H2$hAAA)~n3-R3wp{HBJ))Ok zRYI$}GcYPk%DP*R&b>Eh2;+6$<>6<6+&9tBR-O1|AOxd1brSR!XA3I4^LLD8#;+{BydWJBxxu<7N= ztr!7%&c2@Ow5!w|t}AAa=Q{g(W02I_*8a=}$!f18FT~7{gKL9JvgdxnZLp-voxgi+ zN&9Wjjr&V$@)qs6TN9S_Llv}uzgMAw(w(uam-{lagv@CI+l zzG9h!-0gOFidhg2n6ZRVN-S;aIPtaz?ZV}sW)lUxIvygEXoUF)G|9bq{P?k61}M+C z)J;XwzU@Q_W;w>{9X=?l>!+pb=Dz$^I%qG}o$()uP`7MA>dTW4JJ0cOhS>zaAzuw4oeWWaO4zm= zC{O4R!Wk*}CY)=N2pat1(K?y2e^R)R?`qJXF|z1&yRehOldCN|KPU5e7+eS?R>tF< z6~t_uW?upsV9TW$>VHku`PG0^k}DimFNHLJ%Rp|{mC{)uckeT=^Q-fr^nto?*(f2V zc0Q3I7qxF}=>w(^hC^sa1vI;1zQ}m&j`{mt+o9cNX1GTT?Jrb7g=qc!1Lun!xTKVO z2JGwl&n(_Uj6KhHPolH{?H-kc&o*s@KhmFCU9YNDI6AWKwM}flwyG1Vc%7}t)&JGF zO%)f<`eBD%up&R(#+%vsijvR7NcRxvzilLwKm7cD9*dbfH6$#+^o)@Kf?%hMAFp+> z;^bhS@eHTe>JM;}R)FEtzr8o*v*}%-FtE*w_MNaXKSny?#J-WFMdk$@uzY3Kh*jQR zoOd^X5VBPg#SbJisgN7sc0X7llmBS{);w8kV_SOZ1B_cf7P7o_i)@Y%+U8^=e$Uz2 z7l|H>mGCQp#%g%fZwbrE*2ZVuIy40X*J_9*gJTUP?T~S;f{N7?8$w!s!9pzTY*BuI>A}sw z*#mW_GQgs%UbMuPz!ULtlA5C@)o*iZ_TDWj`$B_@&IE~p_SgWU*XE-AGUFJHJZ%}4 zK{#tW_eRX1aPTLT;M9H%$CP&xZtE8`t0HiO+V1Rn)0L_?CLpgKbm(wVWW}!f^hfs2 z&=6^$`xv%7`_y?<7d|hCNuJ#pj}w}knUPmoxw?GLBk|v+0QDuxxbGmw?K2*&`yfmN z;xs11s66&nCb8%k(|+xzp)?zZ@r$JuR;9Q8OAPjFG zp9l8IcP51~)vgZ2G$QPB2n$?FHn){Mqlp=UgVKlOCj8UV{|-tscZ5G||1b}egWxH~ zigfnVG~*3Wp`Bq0LjA!?GICit%L_$8(bPyWXR@m)p*or{G`U3VV>(qfgnu+Oz9wBY zfmNBsz1vnH`~r41;kO}$^Eyv39@G$trPn(q(vT+rRJn2nYI5_UMtw+HTS5UNfxUvY zBX3mAp0)jptRUrl;1Q5#700J3X$lc-=Wo~LR}OcSX=mb>TfRkv2JC)hTVVHwWR6q@ zDWRmHoEINcFz+Qx{3xS)p}QTzDuj?X-mU9LPLP}WxY6#+OLlmf69~L(WoeYo42))% zY>bOXN*Ok&u)|-*9uAyG*sn0KjrL!oShUkZD+_)_hz(DSE|4M4ot|Yaht+(3ZB6dm z{cZ5)9!J7rljea;_pOX7Qkfpeg!p5D%sErcPwsnMw-TqFgmGx?z*&;rlR| zBjRb^V<#q3vNuUrZ=+!(q1+h&S38I7_ z=^75DGg(O=XsYPvy1>SchDy{-8QMLYJi3yaGCJuZcgF&s!4enTqU{JJWe+IzC@7OF zh|)e}CeC<8>9A7|tWW7a4u9c-KeB2A3YM~u=bChg(-7#y!$gV?ZMM!2AZBAh<`hDB z!!S^1w6wTGAJ6g>8&6BV@&O-X-5=OD4M^_FrC^qJ+Lze=KcG$-e^Y`q&9?NR#d#hh z3;y&U&0eLa_>iPTG2cP$y{qKGhD`W4ZhqT3CH|Uu#N1OP z{;_=X*t5IX`lO5|R`-3`^6>;I#Q)K=>Tk=^fP6#?*be(J|9o%bDJ# zrhzq)MsG#L@u)fBdAH@cH$2wgg#+QLVcUg=!?y(QXq`L?IaosCT zX`+y?(4eF^LNtB2Nx-Vm!tY^a8w4|7ZO2i z2@fyEWL1kv-a@#-xu-6#A6bjE=|G5h%hjp*b(pprr^3gVivQhxZzp-qRU)&QTHYHm zjF9mCsP*zdvAGZxeLPSc!gcjI-zd=?9$NVGTdZ%+Cguw;W2%V-nv+QaqJA8_2-8e* zjpCZ2e5H_P@6Y5H?roo7wJtAcvxcA%(LWwbIBCq8*4sJsnlPMGG3<50R*Dg7VjhCCEbql{9ch7E=7i zew6YkaCe1etM9h$QKFg%NY4r!UJT_a%$?Av7vp&IFKj3M#pQ)Y*MVdicL|Rv5$+;p z@38$@z4fS`y|c_$O}|NCoF(I|9nFPAHi$jDSQV@?uHzq2!TwiR$o3@kKX?7)lw>h1 z)pBUz`~J8Y6fw+8ueycB}u+rbJp8y5VeOvk+t(%M8=BoR2(;uEnJ-Hw% zj7f+n2pFmEZM_Y#uOss|<`I1GA^pv8#}9PDBU}K-QxR$5CV(@R3+c8+=JSzWbv$ZF zmFNqEhDHE zgf)r~+3|OUgA|C^@sBp8?R?3;@&wHN_rXEHMadvK1d9=GqX>vSUb3d^_3kG%+|)D4sHA5Zfblv!`c*R+SJZ8+!~clKrod1A{f+&YK^ z0~3bee?ideo`A42WTA=l6Pfd=s36u^xp*Ma+Dv;nVXOJH@!U+ZNFsGw%6 z&~z?Qb@t}(CkgAR2e7GLLtmZL^dC6KgRIDDh&c^+0m-P_)jxzM=B05jjyNwm*(#Ua zAH=MZ!DirqNvmeu#@9ap`bcsWmvy=zBQ$lJ{U8mhWQ2G--#Zk8!uV_qcaSJ{D|$Y6 zaX>u1%9KU+6D%cK6*=(P(3tVgziV6hVmlDd9iF%z(RJJIg1ijzx3EEREBvu35+$Tk z1zOeQtFf`MU_oBqMg=9M8*HyBOU*az;A<$I}ruqjdc*etfu49cVSvC#E9Y+y;8 za^Eq~6ZzAEFMcx(VgOkIN9B8KDQoW-5RWCs$#yU-#Y&iYjf(}x(%hVZePcKrK8^L+ zY-H;}F<5Y9TlvO5vzeUp`8Du?mJq%ir5J%Ct{rNM6%X!-$gmn%3L3Q^O=oTD@hbr| zgRd=0J<)`sYWvm+(8K62P?3&0(SAxfYBh}wrc*dqyN1fzu`_g=?j=QMl%ABl6(}2c z-Tl{US79!nI+doj!DvI4qP75Hr_G|2-w&m3z!Vtg=MX&tnlq8rcs>DuY%%u~!Vgyb zXT|+`{{fp9_mT{UeUU*5N-=dPxUw0qQ&gRg+48^r&tz-iMqPKzamBzFq6{%>}6 z*1oYDt7G>juqx5d^ST`vPBc`h5|VSI!qx$Jk~AfL^S};`${V}`f9UQsvbLA>RNl|dwq6TCqY?@^$sYI|70anz$l+TU#VJ?EAt zuTT65A*-}Q-9T@5U6Jb;mrpXF5=x}h8?el(MM(-HB<>WhP*?Ab0(Gbme47JeCGN$P z2+2!B9(9MYrqa;J%7Q!VAnYk?vGzpE_h{~p40<`_Pg(YMcpl7Kztr&Zn>q?;A;+jg zTxUR1w{z&Clpabh9I{(#o?hW4jeJo=S?E4>VW|a^bLUYzbSV9Am@ilAdP3{ZK^)(8 zf)theYV<6^kR5hT88vngNSIvtEJ)Ca2`>s`>oS6wgveYbNbzO?q*&-bW5P(CeQkRf z{5wX;5w!5eS8(>T%1<*ukoCeX>DZ9H?EhTj4@IDf`@sGvDkbHcd2^pyb|k&g-@8Bi zh**uwt20QTmKmI)f_9@L9vu*rrwAv}#CF#_jh`$4n0JEmcMFq@O&UE)|cO7PJ~P__*OpjeHewP(cKPbsogv{C6O@kh5YKPrdUEBnsnn zTtUupo9yPh40*|PM9%I7;S znkPhRqx+A+0*1N-eI~FUjDAgD(%%W&V5|o1M-F z2Clw>Q7V^^M}r*D9s-g0V?U09u0*93wvTb^o~;B)$^N9$XkayZ`BrimObG5HXGK`L z*%BHTMew8)_MpctgesH!uMngAZ&b7Hhtuw~lM3M{)Ij;}&UeJS%qSHEV)irWZK99( zL61*jhbh+^*ro}G$X6PHNg<4-I9ctVuzlWobfx2j#DsD20kut3JEwSxVhyErJaUhu zFzZMuN6w}aN4o={QCh9BiL9~F(E?e+Nb))#C_5H*mv;TH-oLb|5cil6#cQ!<9n=KO(M^-kZ=@VG5CHI?93z0;}ZaM`#0 zjoHhscUl(r^?O?nJ}=n)ef6{?DCwcy`wuUk{k|vkvb7PcIR$Kd{01S(u0HQb+QP8N zDfkPB0%z(mt~$)h9hW_XXo7gTU;?J*PE{u1_QCI-_sPx|0>jRqxn!eRq990%I*!7p z8?nFyj#MWWrT^n84>n5zdT2N%TWkA!g=P6^m6>`7p9c1zLBG5C$D&GoJQPV(N-8ZR zD&bRg5#WO;tHXE=Z&&FSa3&Xrp8IgJWH*WD+XJcPJ2j{=VHw&`h;>gQvB0QVCbeW& zz?<+bAPC)^aPE|+?8Ch!++W9^5)>3IW%Os?eSEnz#}-I^pe46ioHl!Y7@4Tp z6;cV55k(+0aJ?`-Tv9-x;;g{jjHu=WB(TA~c7V0t8=wpx^_HLCdHf9`8&v3BLR+txa-UXlkIn^v zQ(PpB%FjyIgUbtpqOC9q*NN+p;39#U^-C7fZ}r#G4J;ih>@6Cq#vg|wR_t9dQDx0k z5Zv1^X+ z-W^PPQiK`bDmwB{tpDG4w`M(^ETEkD;o;$NzP7g3s+R}V-gp(Q_xE}ptMhke;`!@9 zLeLMk%NSv_=o&Qm*#M-E=2oAbRPs&&sm&^8cd7C2k1QV#55^5RxPSiWG%08}LQgHr z*fv3(2bBNVf;wgjyjv|0&;LHw_)Y-$7`5Hk+mB@dYWV@3Tv-=#Csk@$>y+=U+rU>> zY0G4HAe{#j(ch(Cx3cT*_R&OZ*e9f3aBKsA-SvN86C~gz5agWljlKLas`Sm9#jTc> zmJ}HonSQxSV1)`c)Na`TC4c6aP?T{>*TFa#@hj6ZLtnkK4zO}bt9hMnYYSrJOsTJ%#G zx4l(gvDyGlZPp3Eizf#c>p$1xP*~haoTtyHU1>HQRP=ZU(t}*22&l-d`qosr#7OU_&ZmoiHH9g*>T~-@*e+Eo z@V+UR2)|Q+DVit`8%{CJ2+t9>gy`i*;}?xEm50>-C6h2H+f;dHkEUVV;F*_k7>29U zoWYD$*fby9@fjy$`|s0y`V@KBLL^1sKh=XLu_>wVriWHlnQXgr^Ut&AugALC)BW4jDM+Eg)xm6PTZvIuQ!p?Pj4;SD>i; z%$#0BI;iGpf1;w%xT76OQ6e#s@Im|jOYPt9iJ*->Ki?S%n!5}asVLB#|88&AjV}`- z=qP;+$^+*OH9&}Ot;P4ehLO8&mjK{%PDhjlAumW1X{TfM!&S~`ccpPRMV-anTbqYP zvy1HOP?Jif1m+(M3)XUsPxoVgUKSQ!N-$cbG?Xc({#Gk<`9(!2R1zr7{QUKc<$g!W|Q5d5tzvHwv5jvo~^1Yio(;@DyaGsuVCyP@8E-w3d-uD z=irs`^_t*+IWscj@}!>tTy;}T^)8eJh?Y(@_nrIsLCCqQ`Ob6_hZoyG2*4tFw$ms3 z_7nJ|(7}qZay*K3MsDWPyT3o()BxvwzCyXD;6#*!*ki~`*Es3`)9iD85s!3}^V!*` zR%u6P5jQ-VqGcAg*e4*Kw{LkWpDjN3vgIJ^NF$tek6Ut0A?8GW=NlLCc z{z(v70M#b+CCT1R$+ke6@22Mmexj+H*X6&1L9wVQWxHGc{I37bYQS5YFC(TL)B#RB zss0V^FnsL>rbtomFCwgc0&JP})jtHArOm2|Cod=vUG?!4s6h;r1%%&1jdO`@UpBD` z3YWMFXZ^(XN5XgsifvcBGH--!1VIBX;996n=kv%=QMlb~is9duTUFxC^nq|IsX^tVKY2!4;2)dd?)Gu7vMdvrgax|0M#6kP=p_-;Eq9tQVewXT za;*nHC=1t%D&XV2>;n)f-$5`ml^uCFbveQeJ`OqZKiO)uBf?O_|0e5lo+P{Fb;z)S zJ|w2)x`QmIw&BBuIQ24phF35roC1nCr5!BRM$Asggnt)>8(xy}SF%aGIJQ685Dp=P z6UO_AJ?|64Cn}V6n&4MI1gaof;^^H}b_@o5iWEki#cLiI#Y3x;OAJlhV>P4*`y03IC0l@DKnlrEGZPpZ>1F6D+c{uVL4A+Y3+R7NQGkD%x)C% zndfeKRY5>oIU+CXUwMD@@@L{y{x)WEpQ+NMu7^Zwt@C2hG8&g89@4W;{})|RQ+`LV zKmF`T$Ma>ynXt|R*qKMz63c}zE=}1j!BP#VJEe!Tfn=K1Tl<%V$<@6i{!cj*Ur}hR7Ev>nc zfkACZaB%P>1~0}3XlC0XGB1OtuF|!$S3gsHH7K>17EZU5{~!y3X%N~yR*g$yo@e&4 zyoy-EGS`ezIFd!Z-eiRN7$M>=wTvOlpwym9=V}2U7~Jm(mv+{wkFO)s7B!75Mip+| zksI76+B_@nGj!!XBGpZta(CoOYWyjw$3sxAk`AH9)V5*9a5^dE#$<|>c_C-lRH{UXm5D_Y@TC9a_R(*q(O*fLCVUywD zxC|31{C=2Z2AAv6qi+$nHga%qT%~_oJ!Zhm954cqfew|!Me-D*3o))8GRfe!WSj2d z1!E~3-9)w${Z&pqgeK3bO98_SA+*v0#+Q{>`5-MCmx3sGTLwODpcIT-GoW zLhaL|P+{Ks(xD{{B-Bd3ueWtUdl}q*KRP-iN`S;%<&w)|4d^)ey~O;!ng;}Pl-th1 z2Bu`NRy%hW74j*Wm50eU)e!;=O^=O@r?`cL_Ws&23C0hbTwanLp4ukGoKGp~2Ak|Q zm)VL&(>}4hH7c~4oyF{U>eXeO23>z6ZQRN~6Ls%+Xi#(l>|IY0v4 zd8c%>t7M>VXmfos!lwmVj>GdQotBBtQE_(I38eTrok_8VStzQIs8qHc6 zk3XjKXAQ@2!3{UyOrV8M&pz3}#W3O=3W*)v{Pkb)LxCQ9O3a^n38G=6!QUv zD-PB|8aU{^H4?+=g^@Dmo_dumDo@4N&q#*POiATL6TogPbF=zOENj@L*~euZc!2!q z3KP%ZtB}SD-&Dow-9UbbN6H$j{1d|GAh#X{8rhmPYVD0hYjh~_9}P=DFhy@TO9+TJ z_b_&b-E8v*;4p3{;nZR4FP?cx350VycRZE6MDuPSS{vOFug#r6#Y*^&_r2iNJNyT~ zDa)6YY(aO>jzIRu{Rn=P{cTkWNY3gMjgq6GvT`uLR~16@@F(VhDQ5Fd4@LBTqSoVX zuAbalwE&aO*9>x*`44b3KHYkGQ)-~WZ87rXuS~UxLF8ag`R5-Jr}AuoNrXLp z&L?RnK;xL-FvU5}*x&W~9(QW1X}v+^Wv`=0@A8upojHHar=&lT8~d#Y!YS?FEyRo+ zQ!!Cxb&npjDDD-pJm;Q`gPHc->%NOWB*?eqI2&gi!{G%)LDet)K_Ei8SVO(2Wxoze zSupkxq(rw6DyU_7C+y)3zH-xJ6phb795GsZVl6p8D2?M~H%E~8&rmW5H;hW$H|a;$Dl8W!A%c|+tWFIPb# zoH$NJD+@C3p`c5)Tcfa6<^N~@u@mU$5;>9T;-T&&L6>ue#Rv(OQaMQACU>^!tkoS% zISL}~s5)2sK#4Bfu+kjzWAw7|6gl-mgA9no{bK0%NQD}wVmrckZeXLiu=Pc)S2Le3 zmfH@9C@sum#niHtY>yRS6`DOHIxSCI)ww4ErGHUtVyaz@S&?#wLG3*xAuB|WDA}DJ ze31)Ws1`gJt}g$k#%&=u0sjlUH73L``?=WU!!8PH%_lA>ZpRyMQ}rliQ+Vuwu!kz{9_Pxb?p zXGfYVq>LU*4*3vtEC(e0=BOq`kD*OY`x9pVUw?*`4L7t*&Yx%MRm(+L zum$Wc7+F&bSio^Y)I(q+6^V3r$!C!05HiQ5D8ufMO~ zTxkGiSLU;gT&ZV^Q{P14dl*KKUV@UmH@xgoePIHLuWfam(m$5y0o9Ea6ihfW3XvF~ zyE|=_7N#Z*ZLUeC_0c-95^q~ki0nQ?@NJER@i@&vz>+Ex4j6LyM~JHioxKzMlQ?P? z!i5P9uYUqR&Urs9%vKrw%JCm*Cvj>eMd7!pt2w80EXRR)#H30Z!^Sk@+;4CItQ*`B zEk&dolZV73=$xD?wvNZt(op)mhrR}0M>{I`P%+$tO8XrgS&QLfVy;(zvTSF0Usg$i z80uc7IvSyPqKIR+(Q~3iewu!!e*Eum0jqPn@keN^*WYRTbpLf@X2p(EOUav@`26_x z-Z9EQUDy5563B3(i5N*LYIy6_8nDA%4NKfiV_0R{3a>;g`()NtFmw&0)e0GlFhmj4 zJWAVfH;Eb`}iYvrUju+4F9;Kp;&-*ugi5#b-6MLdXTDz2i{e^vohR{-OglDLQE9D6{yH zR(2<&M(+DA|IL9)_&+JjjjTK)Xu@l6flM5*)ycp7d?TmRdUYLex*=Qdlunw5x1P`4 zyl`Y{04(}Ht(V7ba;SXY`N+eGxS_s?&lY>Af!3S9PL0(+Q$|~!ImtBNKurGaf2n=( zHCps?Uj6r(U){5w?(E!kJHV3n`v1o*OV;RW8Wvc;6;hehDy9AE{MQ~lTk=1Rfe)Wj zFJ3l2p7GigEcMxBIX!|t9imguNSzAzFCQK9 zW&;lzJ^IVfQUferPPcaG+?ss9W8CucmDC%+&{usS9w`%A-cZ^8Ts_f2Hs#c90I^9* z+A7ecrRe&zB2ra1FY3+~+OevGr_ z^%rwON>>}*UmFVTe@7A#iMsS_a3?}U-nX5jnqXswTuN7OooD}LQ_JQIO@A0+UE;kz z@At@`qD>VrwF?xiFLK5Fv! zdNKK~e!9r>AX4;Y;Lj zjHDoHrokdIft1s711)E1nDRt6k|j5m{QlM#fJTA;-une0m->0<78+q|M`r$z^{L&V z#^~dX#kr+BT*NpTY@c7QgMc}9a7|2hvJrBJRyrc!gdgTpJGik}vN^W}YIIz~2i_!W zwQIes#e0tG(Nwb3QODl)K6wIxXgYbXs`!SGMCVJF2r|wK%-Pe?)%~K?>>;Iu%=pFq zm8V~?E)S0K(w5e91r@3ojk0JdYK**YibYZDbxBI`vXxKhhJ@I?G|+l(d%4f#Wvx7e z_69|R=Z`c`HUj64s@%Vv2FF|;wjiuw8fV`?^>A>q`&gcr&;D_`Dbz>qOx4vFizw2x^=;y z=Xks#6LZ>MH@92+Q#5CCue-adt%CPt1~~mG1zyz0w*aAF{&p!9*N0?{wVqEK9eY-8 zZL<&42(|py1kQGU4B3+AKJU#*9zKFf0KrG8`gM89+MJvoCo+GYtph`pwD>n_30eBR zCtHumN;a;)>6C5GR{rs6y2TEZm`p%a>h|(@0PDVZLE1CR$3KH)bCecCzts05Lp|9q z+f+Yw#O5%6d&TJaDN6hMqF4XFTKvV*6q2>e4n15~=1rhn z)gc8TZdUp)Q4edegHb2j&zAqYTHTZpyGQs(r~ybHGw1(xT^@GaXx%a!{Om^5M!9Qv zqUyrvmay^3sk-P0BY)QC)p+$ixRP>k#Z2jo24K*4aBTQhTxt<#tiHagv(9lGm?u^k zzD>GLWYo z()g^%{w#e=BwU8K?OSkZLVP&ZTK%C7#3?vt`C$TE-a{s5(Ot(C7{UpmD*dfmy))4v zp|i+Nm7_Vk(rF^)2Aryv`*AkQC6NPv{F&_azZG+AM2Kb6w1_mz?LtEQe-=_V!3*HR zANJ(%7ZeShokj0Gdv98AwzUC(Aq3@2|HyjVf(e$50Irk4_G!FnTjg}iO2fdXUyTIU z2OrUSx;ILJrwQX9KG%-}bH=hHGP%mmfW24wZ8sLOlntYi``$8zDYF-&7qwl3Au;xR zB2^LvY2rL-6C<}azHW-ItO&DW2d+60Z!g80OHc0b)Df!9q|+EIZ}B|mdwLXc7!_BX zS+U620x%xlB?NCKWXje1bna$dtRSe3`Ld`EV*ABtR~|geAHjkdoAx-CVs<8v^SRvjF&9V89j*p)FQqO;=A-zWyUfj}|RqUen(GpNAm278u7w^H@ zVvbj7L{$w_z9fo|<&<+?$#m*0L>qo+vzwX5>WGe17+Y?l_3lejH#hS^HA=lds)~kJ zw;Mhwpr*@rZUtBA3{g{hX0E;-%-noCQ?UMA$f!1pB)3)rWpS&{BZZ@0_awr$TgWg< zW%p4o41C!tZ#4F_C|D{>JmhZv`hG-29;=FI#ge2NQSl$m;}SZG1m_^2x9ZFCsCuFmlG-0;Cu|vf zRzjVcr0_T6eZ30O-kD(fL!Ue^qWuUMBBf}reb4G_#YxDY$)}(5(>#dOSdoBp@Xz=c zUqhA#k2{RZ)gv^}*hLa_g`QN5znGbd0~`@PZr#D&Wm*IVJ0+`)81}SBL4SkG{!r17 z^0DoE>@@GSmb@*tppdpD>oH^e_ior4QeiIe>4UeQ;l}=aSldM2@|WR!sBFtv|CptE zh3!1@`o?9VB9mHToU{<(10kP{Q@FY)>x#6G^9836f?FtK0z){q<>vQ*u@ax2cEu3T z1dADH-+e%Q+XMrKjnT9zVYYBQWUl|oYBo@k1ZA-pY<+kz0jR<+!#D` zoWN=}%myc8Ee0_mC0^D<&MI?}gd`jX_VHaIYa0@ePlgmPoHN}_e3lLh9YWr?4I_yg zh2g^R9P;HKtRc}XRcg2MjR7Gy8?*7supPuynFFO`F>qfOSUG4e8SY1NWl{pdkAIjW zvF6?6r}D((%wwJDvMh>6U6Z6_Wab)F;m}UfC63vc_;ecM+sryx&+Gy~0$W#zn6-Ht z+zPmCXC)q{3wkdXu^pi~Mv1p${MbYvSDI~t&H)kTif{-3Y&Ub)BrOK=qvw}A0FZT$ zSrTZpBZ9d3Y2H7yR}40Rhgvf_`Vy%3LH8@tnM;?ExLoWKh3W5 z>ONO_4Y=Cn)G@eT^&REsa05O<2>Fg%8?fg;8yt313$3QtZ~%fKb1>oK)C-hLk#@B! zt$iTyaoiWV-fA^I46c#XJEiys$< zw(sTHy*(A6eQQ?YkD6>JbSKnY^W~d|C|K_wT&Q?$%t9R$=YfIF;13bN^hy7&8!U%~ z?cox8DPf)2J&hFIk$~jKHivUL82s8(@>Vhk4slNGLpoU5`m8kGMTXu{<>{8w-A5UY z>{lZcO>BY8IKF|8XSbHaFwmJ=Mz!ERNci+{!uEEWR^1WTZk$O#n0;MMnMXm$;uP<6 z2D@qlPAZ9*F{Ncnvl^*9aJ|yxe)F4Qq_I|}=+_Tq^0p~Vgl(ex&zv!j{Mx1+pgSMyR8`wa|@TQ;|~RVEu<)1AHP+dbb7&l{qlIq_kZ_rA|Ihwe>)s@=PLz*dIv0j|B}9bo$-M5>>jl&BJ6wT z53P+?67N{Ix?hT45{0<~k90bfl9F@J9%4gAAOHIaCT5B=ilep;j0l(KoesY<7MS|` zhFP?NP+;Qd;FIz-mQyN~KV--G&|yu0%B~kw-0v+mVk} zCJ3XtX>F{4M1yASrS-lC@Uo8^zi7Y zs>;;(Q(zNGu2-GL?}T3LAgl2TC)|+8597Fa&U2?UISaFBH-xOB3UJZxs_ zAacJ>1w3MXY95-i_)|5mE9Q8AFTqu z=iWJ>7)|hfBOiF%D`Q#d8dGzi$0q2Bbt7!8+d6g`0fgO3jyMIelD#EToaRg7hiRO7gG70un!N19J4=31H z*k%WwIbNFEp_ZXKxI6WnS8(MFDdH_CFQ%e_l9FIvsU;L=^dOz=z#ARV!=zox$cf<&%SU+o;m}sly}Q#VF#A-exHI z655W9{OTl{q4yy!9n9~zHDVpnMKAlmORf}ld&#pfA%Lh$+Q(;|6;zxs%*(?gt-#G) z>Iw{UkG;f`f$RS9!S8rLSIi2e7)@z%U&gD<7t25Y%s|!K2(jFNzkmxS^MDorHS~th zR=SYoE-L2oZU={WloO~Fu*N6cr_*XnHXpbwmfP<%R5iJ$>c&PYw{ay~1{IR}3S?MJ(h=L7Ib# z2y%!wF#W|i0!CDBLRe?Q(S3}cwDF)HoAbbx)q_527P=Omoqp=`$SV^2?q*ue4QwuV z2D|_M*3y3{h}&QUM08LVIRPbZ9p-(hKxNuzX8b5VjgY`!jrgh9%T(&cnyw!mjrS*{ zh&N1hr(XLZmq~`$w9*0~idd}(-{GPnlSz;#0k`n80qWOZ#bly;{42==Ww?v2y>Mh` z4yV*Jc%QV=TNco zC7#*7YCoRMd7mkatnl@YS4?mS$59AAFdaqL*#wnPAU{lr@9graz4<;l0x&|i0hj&e zB*63#mp&PP^yG;Mi$3d16t}rR+PQn?@EL*a;3H);B1ya(ADd_%LZL8n#C(}oCuw>b z3-izrmuu?isT3|Y6f;5w!p$L?xZ0@9O%tl?i6QX_8jkD(WV?)1=TxD>LR)?f;l<l!@mDQDJ2g&&y9gxEB9sA~x zbdFKecpVHr65+5T35$dy10kI_it3c8eBR*SAJj)ZE)uE*z}>`Mh1Hzl_b3VNdmwja z`Ye2b-l7~dDw+(XyCSw9I!-*s6>*>VNT#ls!mJ}5O&zSJl$XmFcp!Obad=wQcD>c& ziqY*bP}#$*?|<@8Ox%~Be?%xcS&ewJclY#c8-#q*HnvKtIKjbzv`cg7Zqx0WJm#k? zh`mIx7qsQAoLy_I-2nQ!)R^aA&)<23o7OD-nsW?S{;v|q=q^m;B=fa?2 zQNRlNthd!;kFtO03?!KUX}Mb*DhTi`?d}>dl`m~BF`@F8Kd@3wyn|Sv+#TfOlG%eE ztLC%rP!16nL&KSz6t6RE28s$-jxM6AJs!uZISlWWpUw@{^mOIyKd{zyN%mfg!IiMe z8<~>f77(%!?Q1bUr@W4Jv}qECA3~QLC>++l&7`WFc7BhIatUk`IRNznWh^$Wnc!Y3 zq)|ByVwb}ZL4;MhQh_FNR-HN2CX-fo2U`L#%f~^6ftM$}b^G^f*1o?d{;&U(z5f)D zsSEQM4N3qgAsK1=i%0LYHfZSRzzcv%uH)?N%-#;a?;DjY%+$HE*Gj15@)#XKmS&C#m-YGE|jG0 z(o*>UY5`zRp#Vh_p~s1`|CY-6^i~l4WNm#tsgFiF4dLY)>}~W`YqEz?dGTwI+HrcUR0p!t<7e-Rgsb!6#gWf7KQWAWXar~Y8v~OHyrr|UC&JcABSbD6`{tbDl z5@a!++Js4F483)12uL@})uaP&{!`QIqWo6buT04I3^tG}cRB?Kvu5+s(?36JDj~-k z!0JRX@M%XmqPS}jJZMerT;Oki{YZ0Sd5a%P|8}1-LHu(uKbWpbYqjF8W70Q=9%Nu! zwT)_z48TK5Z!%%NN@I-oYKf5y$%#4EAGz@3iaz-ER#olGcUKPfVOf#jw=%T}DWaKL zp7(O9D(K8E?)7lP#7xNQ^{a3+<1t)+%6R6luQ;;d6yn?MFHPZ7z2bCHRv%QIBPNOB zR_=ySsug#0)xj87G}1qu_!>OB{l8F>*TMHA-}ET)H?wy^%3gUJ8X9_8ySnb?GDc}< zE@cgWv)eYho_cSvas21kX=%1=ljE=N`QB%`#Rjs`?NE`Lng5mb=voa5zzNrf^dMt= z-kZ@RZOzOU&jcT5LIluHH~OFM!v6jhsAM++8jGw!$NEp|h!7exjxT7=B57BGLX`$F zd%w?P=XF^Duu9E)1(kOj)zi~dj84S?g(R@S_2h(vCi(wlxI+FoSsQK*1RFi~S6QrH>jXK|)^8*9g|9=*(8ZXq_r(*h+-1lRL9)igOYQ+ivYA&${9! z?ou$VzS!4mi}lSoP4_x1|M&|aF;5z5(q*E_^M0QiZGfkx zPt8qRK(|RVU$Nc77dfa(Z~oB-@PnO%tIALlo&67Mgnh9!PG5kMM@KgaK%k1z#|r?d zc#xoDP{OVlAm+ICX2Gm{Y&2Ki*PBc&mB3ek+;;O^n9mhrA~}E*0!T!E{^8oI>1FW% z!nm7exW|PHz~swpLPA5@#8j#j;H{!+>cKXE2cv!}C!qI$;xz!@YNTmHCV}O?gJ@$J zdi)b@N+kk5Mu8*Ym2WfufE8mkT@hz$_R1#V&#%uy z63}`Ku+}#UTxl3ia40#fEN`al&LuHP&% z7-IlolTXh#A;y^UeAoPgs3iKe*rM_D9@!J0Ym@iILW<`bMY+8K#>0=cdv8HGm4Z}G zOi-;q3=?cq0C0S2I{X0DU7oojl@~GfEb%x(c~Nn~m?P(`-|}LLo>^3K^rMrl0&1iD zX9Prn+15h63DzxLyUgYwe2-k>I1BE%q zxi{UBVxEZeRJHeQ&$~V;r}(4znv4MPiCuE% zab1x%LhoIHN-QE0@&I(N`O_u%04<_{hM=jIx+_IbWNsCw>R5OW1kGf$Ly~~}r~G=K zuI5paFZSJTlKdf#{R<60cKm=}$&6$Kn;c=R9+1ddcmy=pZlhoUF{9w%Bc%Q#LeN(@ zuMbYT;0^bc{zj?{TPVaoo-&YUu{_}{^igvBg^x;q7(qBzuOfwAy-APd8m@&=#Gnij z74ocyyGfpa$y7%gMRf{*!lZ&hvQyUT8ba7K(o+x`_aP)i_?YaXwiVt}fwx2dksv(A zrm%v{x%Z43&D5FfHPmk&qE;qK+0AkVk7XaYPge<&#>q&pgbnMpYoMYJZ0}>G8*F-? zSonSQ1Mk0sgX*O>0l_G2ccz`HF!7Dc%*S%-C8j}Iignkyrp9gWKa@cFJkN8cAD$6z z_$m{kh1EbVb|se{Ans&uwZtlI1%LoE+ZW&Q(})v|6axddp)83XUy5!C1>2T?zA`Q5 zT4{?sMsrgLkllW@J*EcNTKSlDgXuc45-T~UjRz-iPcAv1&<`i z#2@9G{)e(}55=njhKqjD`oF&vQm}RFeB6EK;l{KK{ub@5JbQ2tX$&t91aC&d9j9nl zDVHghu)}auc*PEf$^;^1=P#-gF`X=oLvZLt4g%@vk;1H%5nk>Baz`NY^F=KJj#QbI zrBDqvINVd5kivokXQsEI>H&Wl4l#hAi>K=iTc6EDJ?J$9pq7`W|NY~D4G z;ZV4I$rHhDDp`#EYkreuz^yThk@VDGDjka62&dqH7L=|Ohbwebdpvlg%QPi&*I7;F zQn|0AFTb=cv4N$+nEIIH?#NDi5Uw8ps%aV%S7ZYG@{to=rE{@{FvdyiAMi@qD&vN5 zvTkGdSS~g{K_}WF=+YC+&wU*P59Ir;9@i<>8@q4v$=M`xpKs^K7tEG}S#;Ugs4b#6 ztXQGpq@oR&xptRL0!Cd36H&E=Rex(=>i|$TtOr+}b#F23qD9k0H9zF~%p99si^W$| zX&C@ibn%}2$hL@pz(YHds{kw6Tg1brl`U#h#R!m~S;MfO3!D$at3loTc?NchWlJczZ-0M>*&X)FXIwGetSy4#)h>fhS@R49r2)69h8joxtgl zkQ&83wQnjS<${%8g2s5!5!;X-bQRrMLSK%IkF{UIpU2v}<;5aaIJ%REQEg|@-x2fi zu<#_|qO+spJ+fFav?hlfB&r^GNB##0sqM7dr(`e23^3AIJW-lj)-`3vcUcoscQG} zV9A_3_S69tt!R|7V!kXFnm|1vSK!*p5dW9u$*SC7Te^g}{a_CM(FOwr6`+CT@$bwl;+1~GpOAL~;~~e>Em$p*?Yb=!B@+-wU)E&*??;5^E~ny!dVT%Y>K) z_5*?{2#OmfiOS-=iw!u;Q)RZ4M@65+t4Hs+Vs#D`Lem*U`i5GEH6Oq3a#)DVDald_ zx&8?N{mzxtJ$7}OklKT873t)vaNg~*>S{MlV5_?TYLDlBQOkO})qv}UEX6#T3stI~ z#L~OdxSkhB48CVvRj8)lIiPdD!0MjYIynW}<>uJZWzO&8Ku30bQ@}e*80hBKQH(V&mgJo3Q)Q6*hgSLte8fj9u&ndx5r*y|5_<^C#i^}rwn6rQXt zNyb3Aj%_C%f_6q#YjytI2OZ9<2DC~4D#m!~iZ}1K9`d7!g4i-hRJwk=Jzdd^oNnX~O13F_&$3GUtPI8@3i%`xlJpU3{1t{45)s9yR;tIK+mSeCBkG+30J_r zsM*&2$7t^rj!)PTI)$1|HVf4<5trwNJoCvqkWUFCXH#d#665uNKZmHP`{Jf05>M`h zL^`ZVvIxcXxMpzQuR%eShBj0YBiJz4wYe*IHwaIR<~`*)nTq zm?%p94ezJqvp1%2t+O8~Ue2#vreO+Fo)N6IYa7PGaS~`FzG5dcJzi$|B1U6Jp@e+W zQ{l=#Wv1x1TSLzm{uS{PUbWEr4mKuxkYZiST^6~bKC1=RsJ6)1ggT@ zZ`%nTJGMfWiuTru2tA8()6}r@Tf_#^7^lfr*_2pc4fgB6uvQkjO=@dB3~%f|3ZY#A?FDCPHX3XT}q~0!ceXS6G!y0jX+L zi|m5)x7c@#DbcnWox54asaLK&&VFY8%&W?wl~m*dj6a<60VMLUp@(;L-Row2eubn` z-{D-2_0=C5g)H}7cG|O5I}i(~u{=@$H50Bee;L*BeW)R|;;g`ECkIL{HG`xuf5s1mFwIz#UxXqv2e$NZhX zyE0_{?Q9cv&Zt-?hfF5tkgsD}F>4PPS}eX0g@XO6RXn|h}4+`P!EC) z;K8Z|L9~g43O|l*1OnH}U=>99Pf$}KX5_2VID!{gT*=ZD5B4B$5#>nIMM}StgH0`S zZ$Dpc<91pDd{U-a7PZ%?{+{qP7Z$xiYOe?bxj{E`P?oCb>G`-Y0ZVKZMP;9t)IrO! zWRC>}GOpcLqnSN$xZ2JuoA>3D0D5T#LP(VYx~=}mOV5(KPxT-*wgsyB(%@g=3QDKx z&54bo`N-{=07oNsZin6S60kH}fz#2@s5wR~3rO9>!rD#pP(HIMwQYOe^|=9=;&S;v zB5HmG((T~dXg-E-1!m836>}PSE$6Gh&gQt-M}4>KxGfp3__<>2WF?ZWnV~2rXRQt@ z1x3L=jP#4~Fz7Ply)OPM`%C@3g0SdrqOzohMKZLjAO1HE1B&AHnB1Zq)$ z)uV2+_mnK(%{mozvb9iy^QPex0W4^LL=O@j@HSll_G630tY4+hRL`DmJHAv7SDY6M zXNR}qLMfgzQG@5mS*G{kDE{5t@iJ*p2(cXzo#4D#FOb;L6j)68)sm;%B9LKr*LJD?HB5u~_O9V=1WxT70fROlsyr!nR z3fMRXYgCvjPe~aAf?9w;<=bK)vvYB_HB_Vs_O+-~GRYs=`|rV*1$zpaUyKs@JnOAb z02@ej$3uqX4DgS(p2FD>0V<@FC5zZ+ECBggMb~pu&3J-mJwn)YqEKtD-{ilGcaqC# zYSLLX-fRW{_$YR~P|Ix;2)xhor}h9kA7a6{mRW{bZX3s*8_*P*&B)AL{|6Y?>Od(Y z0ql4`ChzBkU_&jNpWjmqAgNSmb1+-6#c4imJpk%7YuZ{6N$Ef|W{UowUcN+f2S=XM zLGGh&@VJdn`(;CwxjIdcC(2dBJmXef=A zyfREkecoS2EPcOJ>TKIwuLPB$dN~s)Rj1OB=S<}(|9dvlwyOjkJ_82ClpUZZk3eI2 zp!dHCu7nQ@5+;!V&?-;^Dd~VT&s*`I!NHQ?$BUMR#>E_*0n316d z^m2S%PtC&h105X?87Oq&wQ7BShNb^`h7eq6BXXU?UZovqvlF<)jPxhRfu5dRM)J+g z5(i7rzsf<)yWmV;0DO=-x5!UF+t{3J0jsSc&K?4gRx^C7R^mx#U!Z@jTvvyRg0dMb zmIgZa2~>V8fjPF?l@DEt6g0NaD@!mx{I3n>KHkX08aM$00dM70Rj-=>EPQS{S9##u zJUs9Rdo+&9UI^AG-Y8bItN+`7!|U)2aXXY%4{-i@ISqnsXpP<0;bNo5oh*eEz{kb* z5{HqIW3;{sbxl480X$gz5KwD=&Xfw!?LgvDM;t%|@ERHz(9#@)NN@X>rz59C2+SB! z*_)$-sR`bjmgg#X%r$&LX-w|SjrSm`Q~&Hv0&kxpcqh9)fdq-4fx}M6;Icn1j;nfe0qg+0bS#+%3|))FJg#wNLMVq{|`3d-&tvlsMV__^q{YoI-uVD&cdAa zIe7iAo!7+I*cK!l9Gv8G0Qlg7MdjQqd5kFo`xO&5w8W>iE-SS#BI4@>=#J9adJeAV z;(UEjRc}~gV_}*QC?F^(*p!@{d=D0(CTb>EKpqeT0!**o*YyLLy{K-<*fg)$uJ8V4!HtR$AN{ z!2{PZYD#A+dwn<{C1iBM94^z1+sDBAU(g(Q?(eS%B`ZpdFTmPZCJK&AbDJ9*3$gwQ zK#2wUHxL~XP-6jU#iYj%U&=+mv{6s$LWmzg0^5Yt_vBXxwR?qk99E0&!ml<> z!QFmP*@Hl%`Qeb|?0?IBo@3SRfAWLodK9@|pT8(G(AT$@+WzhNKH2}>XFJiwUZ_#R zG2y?)e+vbTFXsqHAH@2B3R?Dd1?av!cMuP>65+ov+O7NCp~WZW+y8ZFO9*&D$`sga zpF4;Be?I&F(>a@D#kwuN2pt_AI##pgJKkWu^N9H!`TQ99fHo)KQRZ6FuXUcOX+4>6 zi0ipMJDyNRSu`Pjx<%}S7G!y;_0`zEbSRsH0u1S25-`PcNgONHzA(cAg$EB?JG-O) zo*o+U6}jgCKIJc?mcHnE#LKlA;??a4Yy|$c_+{QjWUyRh?-?Ec9XTCKWIw&n58N2e zM)d#0dB*@ssXaI<@bN)^T?l}Vz9=pmDE*1`i`(f?2gveYDZk?dnh|2@(%a_9N_~S` z8#hKp;tvH?alkT8tf%vpTA5=3kzM=B>ACQj5P4Ece8O;#Ox^7Bx9_d9F_QA zUc$n|!-r4iDsHucLS8Q|apC8gYl02cfc>trEaUMTs-cZ5wunadbn*@gk z0!X9k{|!z67#ud%AL!KFSnsdBE(hVDdB20#I5SXxzW}EAHQRU z1@n}48Ymi&Km7gyJL8S=KAr6EGNP}9{LfLrpE$WaPM&^N9%_zbeU`RcL>My*SK0T* z95qc&NAt+YGkaTGQ;bYZ)}P74#004m^=Y@OaeGg9Rnzh~x58ebKu7NNcZ~A9Kcu5L zCjf6pZH~9I#7inef4lc-fGZ`fM)yCS#VZ-E-d)! zvJtQvb)NAzadKDj86F;Hfq{YHjxk*i|MMry|+AZfg92ral4Se>4<4l14CjZ+Z~`mkv>8G+u{``M zVIN1~&EEMMyR`#1oGw1v?N5r$*RUxa#DpScpBwr$a7?()6oCV80@^{~e@}v(FHnzf z;%tv&|H`?t+_gwiK(K2sn^K(^JZ_v+&nY>4iXm44^u4mcYdQG&XH!yC;nzR>Kp)y* zF(O+j4~q+(L|1=Tt9ndH!{o4N-_e^-LAFv zc6L;Q`UgwfDPeeG#s{HyLRC?$+s|=4rm4v*_xSiY@c!XpjM6uG)*rNwG6HsGWrY*` zNjBj7_lIY0A2;^j1VbH*dVK7}5VDz~*Tm_Bz+sigPsZ7KU$tv!=wAJ2)si#{^md|x zHX>PIt71yK?g?=C2$O&hEfko__B;TO5v{%?POCignbNEVkGo2ldT_7nVpwp9x>kC*(7N8!kLu{bhyJ}IWwcYfS{;gmt@>; zM~XxgO59;!(%aq~O)ZOI3LZ8uU#%>=7u3nKy&mp+9&g;&A0799CG)ynUV=SsD>#9$ zmg_WmQh3-91uYl@o8T{+bCO@cI{{3M|G}rgBCPGDk5${ODS-p~d@MMwl7nR;xT^6(ePJ4EX*7s{r zg-oP-e#>^FDyK!VeN&*miFqo0O4qFO6qdkkx+}l<(+(Ct%E#W_H>(n3iRT8ie@!|F{4nzEL-gQrW4J z@kQNRgq6LEOBj;3_TRFcS6~$i^tr^7z6dwJ2D3Hl9yc)DVY&0dY;|jk@!M#&bX4jc z%Qny+-CYD*ej>}s{292#cJXR)kWloNuZ)Q)=qNqj)IJb-!iPqr=yoI|I71yM>~Q z(rpsaaOxIwJ!4;OqmJ~d`?nEB!to?w)JZCuc($GbTYfsW$1s=IV|@rAr;O**gAt$L(S__5hp+LQH?%)_@lw69O-j#zzmVV7S=9);v(5+1h};9S08DM9TL8J~fxI z;vX+Xa5frq0Cb~k!7Z!*j6U;hPkQ|z(nJ59zWajxW9yRb+NN|*sTZ;7`qYb-RU?SBTpPPx~7-fbKms9$`%aZ||tv?5k#e=zGnqh1l@&gNDg z<5Bvfe2-N^CYjHynVODHDlCPEf~(A!UAwS^^-bToQ(Vtx?AgW&50`Yqoa25RiceAB zwctXgN}$U67`u*mV57nMa-}i~^rQk$Uj_4U&-qTKs}OatuJxb?3FymF#nP(8{r(&* z0gfJqC#xN$dTj_RK}rE=FIT2D1gOmta@KD{lUV-RiSCRQ9%$KKf7sTnbN#$%eqT?t zSSK3LL`wedgA#{N}FJC-5%pz)Tn8LdgebuS=kX$w$Ot zt{NP}y1O0DwirTgg{eizVpG_!Ua#rsb&-K>OP6qL5|Ugg=UAZgA%SI)Vz2R0X10l| z*O}q?Uds7j5)Q4B0MZQsk6s~;Gi7)()J^6#G?BqV$CAv-(UgXkZ;q@XP&U@~U2yMe zuCSEzOwX8c*3sV`g{SWyN_T^$OSdTkL-2<`6HFF<__OHQRd4x9NpUmefbq(>Q6=ts ze)JjcQ(U@w?8f)_x?b5PA|{W8>mH&TmnFfSaj$&C-d`;OYFEqgDV^edmVO%z8)p4` zqO;I1i`3^9!`CyXmp>MxpvoVpxA$*1yvujE<~3O}jf?F~X2hrl zJ(un=r^^r6g)T|&g*iN+Dv#^}0~LPM{meyXJa;iX8cm@tMV6rwrz`pLk*3`athgR@ zm|uJ7?mYR)`H%SDOB#p8G!5#+tVD11&7tzMFwJHuE9Pny=%1_DzS7DiAr5a9g`_+? zc7a_BIndVU&^-f|(qdsmT%c%&0>tS!q*!Ov?fNSHEPH&YrsWa_tC@#x4#rDwY8rv9 z{UC$WnJD;Ev5em=R;oJqwa(woRZEn#_qa8|x&{AB_2H1{>^7%Br!Uf@sk?x1YGdI< zI7>g}cGPBFNj!-m<=j%W&0A(c#V_kX!(ib0kq_`vJXgNeTuUxfE(+ zpPhv~YHb8XZ6rf37HTI-J=WBB*lbOId%AhNw4bfA(qRTGq8UJLTx5U$%nE(plgYkk z^1Q$P2hwY~9ANo7a{t{HG~I&(1LetWCyb(UFjZqQ@MlKiiH%LOia{uF6;BH*k`Nd$ z4n0A?h6sl9Mv128jg9&{HKg#M z7(#TgG6)IMi{4C_n%Bt!x+pBx_2r(qsr^Yz!^p4G21%(KM5S2C#y=JZgb+?ES03Fe zzwxY=Fy+zE-mHJh-M`tTShIo2wvBTaq{294;0=`FNQW~V849B(6wjGD!ox?zczheX zTNT-$!x)dYGsY#jHJ)Ji>UfvX)+#%M#mEFRSFX|@$EC0&7tu<#N)Q`7B4(CO{8W}+ zN}j@UWIaM}{^_2N@aW%zBoS=yaGT%p)aa5pE}FF%L{{Db93%PCXSWK4ga2%AdihyA z3`uA1A7sX;AmjOuXF=BvKU@^S-W4td;5^+Meev&}ZMII=#nnpmze}a^sDbm(y9Abn z8Pu<@tzd|6qxW_sY%lL!#wzT;jX`~K-2P2bUUBnNxo*#%v^7Zv?ix{^`ORcL6bD7^ zMRpn54mq;W7)EDG#7cxcHtKXbSr}A=gsaC2QV*Wz{3luqU-`9F=auYHY?^ z!Dsc|yW@&Wmb(J&)4ebY7Ml%(8kevobXnex6SH zhQGV|6Hdr0OT_mcPUA)IIb&lq8a_p#&o3|RKVE^1zF=|jxCGpjyA!uV`N5z^slC`d zfnIs)AR2~y+-YnylRPFKOVs@wOx5}vodRqbodND*>0PYAAk6STLij-l)w8<2brP|V!*^gTE3DutN7nkk1 zf4=HRK~L`UoSiawsQ=gn9&|<^Uip{>{a`{y+lt^l*t5k(Fmi~`EmCX@JH17qq8P(U zhr{?5KFoD_E|pr>?%xGth0l`7IS|shRzY`O_#if-F&X3(8}BoyLaxAmB0}mSc{n)2 zWxedpbJC8z+4=042)1X`;L5>rkqdU)^adqYe(Z~xmc(jW>7G&E7!fRY|426;5zCO5 zSt}JK6ZWrXd74X_7H_``$H@@WE2>yAH=H|P zW084o$8KoyPeh@~!FcB4fT|~swJIj}w*CdbickRE?YMu{gU2Idjl)?s)-A_x3&n)X znJ?n;e10zI?Q%;x)Zu;e86Jkmts7BSCqlNX-GbuL94UtNSA07Pb-wivGhb@97P)&A z3bk+N>P4US@BCl64#K3MVr#tn#7g)nQ{7#Kh=@p&50nk*Ts~{WyH6EdfN&*nDz6K& z87i`=JU8>nTy~YzY4RN&lr*sRNL>GB@}tM|HMMV@8tyQO5dTFUggi-3xT-BC@Th*^ z*P6{`AVGo{?u5KNRa%(JbhEajW`ZGLeM2A37(c)gfROH;VTG8Ivd0%e9lXeVIE|@z z+0#n39;)B;6k0_E6%6G4?6_Pku+_!582^>{HYuW{F-3}krj^Nf-G6w&ac6U6OVcikbquJ~8M_f0t3T-EvT|i{BBw`K0m@5>h zf0`Qxj#}TwGHcdGcIE|Zn;vV|)neF4QW~YTtzGpr1rZs0e#sOO9N%=7Xbz@vS@1C7 z2pA7U-LRNEvcN$fw%p06!-=8>%)Us>2^vUE6D+1&QK3Z#roE@D&?t`_T1;cK3pnSv z;@6@TNOU};@OrFNX;f3%wgKru+<<6?6CQqArnub+vzG7_JFa=5F77P%=>hih8RDM-KYm3J(5) zpnG_ITAlZU=(|FeNcd8~ zc%wJA)Otlot->_cu1E!tz_I{Ac(l@@J@j!A7V31l9m3>xM%V08rd4d$EM6jtSZo8I zB7dOc=xTv+fBuJ#h<(^U_%l4zYS3Ahq(5@ZSsCdYx5vKh4)eFdeuC+ReVDw(ZKE3J z!+f4!6!FRTYZ3W6jh`+buN&&;4buBP{{@yw*NJYm1llHig4w|oTw0AH+`U}>VKuDs%OVE!$g5ODd*?Ln z;~QBHH>>>9tE|3LbHB>3YrJ}T8@uIfcXsL=$V~CN<7G?!#cZ_p^vr@?un0U*??E5> zwB8z2FK$IX{#$Fy8;3Dl?A=S}4uqGN+ta+Vkk@Yw3f=4>#Jdk?*EG=%10=Pb+N45{ z-smc_(}=WuoEeUe!x>gQ7gXkh(E*d%l-&C;UX(m!JH8+?L!$nA%L!Xy7y-0|WP5+1 zP6Y**fet_eai<%7eITAnzo`TXM9C8U4sxYc`t;}uDVG|@hg!7VQTcsu1BXdMfk0la z6jR=J(O)d00!chS-E#h;ow40wUyS=J5GYsH^)r_3&bje{r`g-?^G#_8A?e1CAvkV1~MSrnO}C)vMom#k2Gmz8fWW-GSFaqO?CA^ejh875C9L2KU|H%E3x{&cle zTFh+@fzlr$(ZZ^K;El5V;=RrXGFJQ_L0MZ@)Y(S^XeBtCU+fj~+9b zeqXIZxrbZ0&pJ8_N=;66;Rr4PWs)Mh=Q`o2H}ma6mi)plI7rgZT&`K#Wy=C^Sjrah z&|PL?2!QEQ)}Xfp1|DbYieQb~6SbBmCfZ}6hzQli6Nk9zXrdH+Qm zUF+QXVrOit3Fi>tJMkFA(D_)Rb`1gJg-v>evZ$?oFL7k3UE{4hi(%~)&kq;la{;vq z-GGE23bFqrciFz7Z<}jBn+XJsPfQSSa0b16@76d+SB7{Mm79_DF7`mP*#GhHmSFpQZ|X=6 zumDJd=z?T~%(5@QxO!jFHlL7z=n3URaAjlFt2q*ldLMB7d$)Af^=6=B>`oXN)& z+pde2RyXO*>QkYtz7o5!o>1Rn&y=!MFN#ww#+m;u=+6s1V$iX8g>)R)O;Wqb5Q2Kt zp_uhk!aA565q&kc zRxqw@YMp_Lw|5n_*}c=U&eY^U|1Y}XmOUY%7nc|ov$eu`_0xmN1K6b|zj2(ieOS*! z4AI)ChT`SN-iWCBXL^w==J-Lh3_aaSMeJ_2W*xYsgnZd@c}>OMnLv(J?_!*XPOH^I z>nGXdzJ?y|P3W1OD+^M)rW-!Y|9xAKgpHy>uc>P1d z=WwB}?-|A&s0`2J)w$+bY(KsnX1_CBUa5B9$h(2-*T!}JCdn4yYG0GDjC%3jF@c@U7!UE~_~iHC_!rh|Xe7%4X94^0Ynzh=b1x6Wa|8Te zYS+3?j7t+X%Hi1SBS1$I6ya00|Hjx)6;o4JONi5`7y2q;n9>DzqD6u8fcT!zA8AKU z*$!w#`PZ>HD%81gKH`)+_g8joDA1tX%E~MNZU^Oh`wlLc=7#Z-l8yDnva1JF?|TMIdW zC%+PhfhUGf`J`?-DS4WD& z;z4DF24CP6p0Q&TD2+kZ-g|6m7;uefs5T*p)GAyac`We6X^9L6`2eqK7x?cEcyzc8 zO0R#YgAe{?KkcN&v9GuJ@+wCbH0)1VRIoYxf?&p@LHXznTkl*qGqaIF1SVUpcSGkKPJ34r1N-j@FVVBE{00Ih9Dw`ce% z27QT7PHv$253Ki{?}|JmOu&_1sjv9w>IhQn*Gx@{rJ#y+-xG+c4pJ~;EU#AJjra%zpyl4K_#v0Fgk!S?g>v+Boxm8_2& zkHKREG60~(B&6xAmUr??MD>^Iw=o0Q6tBVTp^Vo~4tZT|yYbVo{}(fU_;6KVb~?7* z@QuW$JQ3yt&QFHltgWpj;fa?XeNB!G3cY=0`q|F{xL4uq>-C6c1KZ`Brv!|b8a)(h z?Y~v60(mJ>KnI}#=yx1|Q|=4>v~}E1KJP5lRq+5v>XBER*;Atb6yk$D?+!RKmVg3s z1YqTJawt>o@&avxsQ-unxQq;7r3!MK0|<8{0PwqkbH{tY2(ekjoxAryQ;+t9T!6) zBuUw`fgwf{q0bZ0r^SkAm(+P}|H`d%HHQ}@NJf~m##hbK?JjneZvcw)4&3t;Fvfbo z`HTvj{v(f%t4{WK; znurT9;@JSq5?`2!CND3*26iJiAsO2Pq!hg`18{a7ST|rT9?g{HC>3ch zI43g|^WPr}Bcq|=^dT+OyOg2fF$sW@F3M*uk{!eVx{LbrQOTFL4%f$eJHQhQ9~Xh1 z-?%rX=U%hQQmX~~dt`|5KcF6vjS0Fs65uaAGiAoogrFWOUI~Qto@naO_`NY%{#Zca z=mvS0bwHP4P7ERDo-CJra*ZU*YWb?nYj5=i@-?c$JoH8WfH^AxcrY7aCb5$=fn;=2EqFyf z(5e*1fNEvYV=P!va7tpc6X2(oPNX#Iiwkw+-)XA5JCG|i9wMo+Uh!3ftp43fXDX)58$n zSK!dYA>h~2(Zp^x*)5F8O9>t)kNH|t*x#9vY6=bu? zt>mJ|mDbyP3^KBi;43Da6RP^tUfNeUIEEntv^?JcJ&|g?@59zm8fPax0zCp#grGCF zK}+34z8dRWx;>EZivyzKy`U+&Au15eblrL9di6^4Z)nPkUO?F-6XZz{2%7FsC0no< zl=EVc_gdiubR=Tl>uEm$orlgJ2p^t#PMtrfEyn-KXM5b10iOssrDm)m7>KU#DnV_4 zp7}(e3jFkMes9z>R9!h804^sJKuE{C?wn(X-GLJL*L;D(x<}1gdvR4C9Zj*V>#i5U zf7}d*@G-yPE#QS=KZ25|31?zwf^anS*9yv$}| z__j0~ST?-txDrd=ktd)=lBwO`+F9LY2lq+u*dXLIlca4DmRL7*$~o*9&mDxMPC^78 zh^0wjAi~kh2wzcTM&#npD+GLY@WkcCyLVukprykyZ3}%QUmndA$A&ZhB4`$3FZ2cm zQn+FV8CLX4bzVg_h++Lw-fY*(i+4~Cq;wUr54(p<9FLa;#}IenzR)wi_RvihKsZ=| zf04QKXK$M4BAVH?b_rHz7uMbz%O1{@UMt_#2SX(sBfZU)R;@Hskx_^VpVa}@DxbI! z+hmBqkQn0VP71O1j@yGs^BH5Dbe|9q)3|f0_Bn=QXp=eZgzrsdWdI%MO%R;?fd{13J*s>Q zBQi?VwlVF$!8wP89ViC+!n{}=(*c;ImJDSfI(NKynF6mF?FUQ?|60)hapUCInJ}x`c|lIBv!u~_$Rfo?ozRL+s5Fmmu=pbqc6}Gh5q9x zOhxQ8L?lk{^d-4;h$LDCTw5lAdEhk-7g896d;DvL^In5&r53SMi~mH%rFMyUd%Z7y z$hp&-WwYn>^0QMoM(P_LF>egr04Kzv2xUCR#Ij8Yt=VAy5w5p(jqL_f5W#RtO_d*p zS?tAO?Vw3~u~cEWba$e18rT?nDg5reAw95z!LfH=J*sdV%?5qitAX+Ck#z(De~#5) zDiiB{Z&s6HDlBw$`or;RCn*;lcj>Exrg-KZVa=hDlNZpqk)QJ081~22Sn41R$#Aw# zGK8vY_?=eGpjdz!I)$y@u6PcR2kvNMRgx62NDvGOE2Xz-Behl^ljt7Xk>2s|e{bOB z(ZfVXXO~^~p$Kv3A;MdOgjG}_7Qqzz2+H8$-^qK!0U?fBvHj+YI42}f%}6E?S

    z98ukZ65pmdPSP#u41UIl)r2MU&|Nn6T0AM@_ zgD7+}S)^lCFTd^ASV%&=IiSU_W|w;Cgb3YdbUPd1OgY0*W`R{nFZM!2Dr+n2y7o3* z{&u|Fg5b>SgRzGd9=3sQpb2?TBE`K8AwQhN*ERQv^p%nF6c+I)@Rb=S*m>Qf1mcV# zv?LOZmW}QF25dnrO-3`3znxV4g+0j?D1{}yw2qMZCC99bNP%fE4??_k z|JITsL?kjzbSv25<=wY7TO%!m-o^+9#H!8F5Y=f^xwc1SGXH&bf8vw!WI0}47$#k! z@?brQ_r!P1Vo}Xs&w$=X(!)n{TVubEL5Rl;!&HPrGyeol2ua>wnqrN9uR=X;jiA1P z$bA;WUNLp9>kKEgy41pI{p^g_?92JnngPwMlf|$b3l1x_weBxw5mFCi8&eyhQ&<6V zNwfjBiM|+Lei0dTm{8;N!Lm3#z`!0PZBoDyr%y;A!TcTeaw}0t#%Ab#B<9%uL)dJ* zB-ze;c#A*t;GC83sh(lh5Az^MAv8T4`S3Y4>gA_6hfwGV#)!(SJ}H4mw&f*N&Dr)x zB8)P=5}R}8 z{o0Mpn^?dvXAf^>zwPZ_61(OMr| zgHgK;3Vf-X?KufeMzQ%vp-&y=f|IV57zomqo|X96C`ObsgN^= zF;-$GJ;^4KwW&4-Bt!(fd~{{^`WJ5am>(Q6)9tGC0W(bNv#Uob*e^YAtux_lJ`ybj z1O_${;o#VB6+Ls!^l*+PhJ*Ix#7}}pf~et(q?O)*Xdxk@N<{JkZRyvW`d7{p^DeLU z9ZuL%*_xeAG|_EjEk?b5nl&+bBEJ*_$B5e~bmgR0tiVBAi>8 z&?_3#CVhZm@y3lJZ7=^cnYKL+zr8FE%OP%$m5_>ebsotv@&UTnorh_mZ`;Ja1rgUo zF^j28VBCx-b5$*pFQAZAnUpo0a#c6B*AOBpph7q{- z)!F&F46tzLetSe~|3zt+@i9b(mPC`U9FmuZ3{_@~y8I44@un+?RlI!hpJ!QRh* z$H-F<&v`z-4{D)kHrXf=E!|T#kw9qx)E-4G`Ucs((w`@S%OF{0H>eEP=*p@q)3rt@ z>cfQBjQVel6IsNtULD*bu?$g?sAM$?KKkEFbB?4@Rm=MtNrv)WV?|@cslHNB_7Kn+YN+f`bJ0>n4QlYP@s!E z+%`vZAoPzB@i;T(i$_yct!XDsrlWiUNQz9%tBwcQ`j7sQ60dHO#n)Gf6#?5Hyg9>| zL|#!>AEN%WBzDzmeGiCv>DYokZCyhW7Z}kS%OzzBt0z3RvbW`>7FU9H11e>1ViTqC zYvr%v-7iz@@y>jRY(k>wt~!X46EBl!`z8+}7K;3VI$DWVs2%+J)Nm?s^pM5I*YP5Rrm~Odh}L}54lQSc@g8esys3T?=}WdpyIintrf%s z1hb&Pe0lIKzPgf6JK!NwpOjC=J(J!-|HE-);0v{yXf|{RDX5=n->1p$eaJ%DU`<r4^V-Vk)5h0K8TVK64>`89%(Zr7@k^A4iI#i5h z;Y`QbZM5?X(Q{8Zby+(1A&rVBFbpj*QWBr zCld*0^HzavCn-Pb@$vAgnQua6MAtXKWd6h=xbH%?A|Q2X?0n;HcBKUKOuYn5z})8B zBhT2xl|yh)M2kQo^z=LY@Hh5-t%TXKTq$R-f_vLze>7x_7?=W6 z$z89uE+h*=HnUjw3Xe3lTzQd2=iFKx+K9RHoUv(4!=n|&(+NyBqdjh`L@ag`J(DbL z5 zx8A=zi>BiEWl~vF(?}N&sEvYoR>$Fwrphd+yKC_m3`e6bSgbm}0yX}%IZ3~~EVTFN zNloh6?#EdtFVL+>DTxVqsX<;c?oZBOUrd&cL}(5Q{_&l&Irkq$Lj&26B@zJ9W!SD( ztXO~i5*QeWiHw4B`}RbA0!*G9*b?}ZMDo(X=r9{zQEIBQwp7$XhLw;vQ^LdruH6uk zZM=khP0SzX<8iScew8`qpXun27F{<^UK9^q7cQynQv4&BSrZZxl0q^37ZE$SF!Qkl zA2%Za)LUFur{+WdxTQ2;8ZJ?=Cf32J8H}mOUQIXQQhF6n@*k5-T)pGFdzn&;V}JOC zrh|$?wc0fJJgGzo!yT%5*oVW6*rb(hkTWEi3iZgc31t~ATq!Gc**an|EEJ9lx1eVH z!bsor;G#}q#Uz$mB&P(%CXo*9<_n*8ldz`_SL=SzxBE>^#f1<~oha1!N9MPB&XTj^ zMU)Wboi`L49i~}XM$KcLZe@pcIvZO?ep%grYBC3oo!+Tb-faw@lzj~kd)+89tsd=Z zmt_~7$Ko-Au$IN;a5$>vU3wmTWHfnNWYo4#VtYJIJUnwbn1mqqhO07>IdpGUuJK_f z-9D|H&bKN@b3`7kD!#@=667*RrRIqE@FI+PX!Uu7og;M|sRTey|<>%p<9~v6MG*Arw z5P^fz{sw@fNVzp1BkV)Wy0EeBz3~)qqg~^rR1Q(J@i7i4J1p(5x+4Ny0Kt>$p(yq{ z9Sv2t=@=~WD8F$(-dXW!=DwSIrG*a$nSS8h^~dVbU21XEkE}fxaw=0cpRS;H9+~x< zMC7l?DGe1+?yh_t^Dn%Bn8&9ZkD#HOpE6p{AhHO|D0wA8<+S;^4p)ZX80(tlOBj|R zr_>Kk45X&@*qI{kw-+U&rIzs6l@nJ7vPL~yOWbW;h4*$^5^RK26wpc5q(_((i{M)V zymSa7KA>;V@DfUfhADc4V)f~Ji<1}#&bQRhr=z+k}#z!!$@yF=Ip))VO zTFhY_iu*v;Lb1f@ZF|{jWU4=$vp2r1mYWv}vIDKdKl$SNoKug>Roy(k zSS`}SSV@JGiT+FfIa;Bn>~b1ZpPdF?VH&N(FYL{iGjY5MIdgLeha?YEN#$UcWPZuX zMVKA-Y2>1Eit;v={B<`&_1|6;j6O6B434d)XRwOMwECG9N$Irg$5szP+VZiM=>})nhY@J-8~YZ9Ha`OZlZ(pqiPeREfR~N8 zpz4;-d}zlho6mLU003B4W30&9#CAkK1aublXy3UHK#PghnAAq*rCE%ZNnZoNgqgSS zS6pmzC=%{IcE>0UTQyw7v6)W~6TLuft|ml0kV)m4IftRozZkmVO0N4fmpQaqw`{2; zI=Oh%^kg~sZR2q92@QR*od3pyW8Qx>ea-c4(km6m{rWBb+R(tn%I#p7_@0&hZx!*Gc^S`5d!a-2rYwg?seQQlo5ucw-<*1WQqf{o%;l zgqG{8$=*Ut1g;87r9y!RAB1`q<6hl*@i+{VJEgvn$S__GwO##NNkKvC?4K@E7f**> z3B-7K*GoYGixZy@qELRM^~SL*nzjHcgn-Yz+I*>T;l2&8Q*K@JO^5}W%Rg&J zj6mj7zMU-Q-EdNV%UJ}pk4({iyeBLp{1|*$i~=Zu!KVbpYXpVH_szH>v% zhL}T`0)jurS381@fPP+QamV|v_Z!}#XnmUlNlA3p`}{&y7$uor5MpgaC#Y@b&$_Dw zR5o}dZ%hRfIKpy50s>PqMFE zdZX-HSJSMOPN9ZC!VCA(fphvOz)W0#y63>Gu#VH&3%0qUw(A_N&d&|=vN{l+f5oY) zQ|EzgA_-2N5Tz3jy#lNcJ2Ije?w`2@64){ST05Jpb%rj4`BfNrFnZo>;FdM2KIO|U zV_M-E6MU`!)vRlG%}xMpn| z@k_cZi7|DftU3R1G@KO&*Kf`4F625Gxfk{?znyOqaaEgUx|duSM^6kyiw0gA)78!W z!N%Vvx?U^ahgy$2o9-9tM&U2V!W`pO5!)Y|KG<%5dU5pY^{6o-ai4*q?2DCe`^Y;1 zm7C&%)EwE-PV;NlA7{aF>}dSq<03QZEb5=;XEGj1MfF>9NswmK=tQumqwoNhlT_$T z@PCd0hh(#d*NvPhlLjv`nPUk1FelA(*7*yQE3+jt3Ns!vA9E(NbzdwkH6R~XKuDeG znd+IPo^JOTqpiK$cn-cpA@r#~ngITp{Rq(ML`kM;W;qZJ>GwA>to(;+NGg%6VWc20 zf$n)1->cOAvn$_5-Aq{3gr~#n8SMa0BdJ6NPh}Rk)y5`-WGk~2fV*-j}AT196OO-j53CJkm3Aj zw)4Acfu=_fF`eefq?j&GXx({7fnl8fX))vn7a!1jUVv0wzj(vlYC{0IBN*^eGLvKIbqzZ1v8{ z=dziPucy!Em}wTxf1#NwssvP`+7n#3N4iO?F&uearojC0Df`lMdvw)1M2gO_h{8ks zPMd&gA!&+w;3n?n(oqF2rGx1c(pxOV9j#sOm#(>`AJ|XELFG5>r&Y3+OJ0L6a$qF3~rMgchd%U z@4|aL03;ya$6cre3eUrUFJ{VV*rExel8>`u^TZ$F4*%knks1<>;g;d9_f@#{L_8ap zS67^}hs>u;NX)|rN$1F20$1B)rp98qNVe2}IFR{XD*W0!kA z%C_y`J}J`u`o(G-#_WG01jBniqzxekm{c4nLGNtFJz#nBPb!g3oW*$1Txe8NcsbwZ z^qdEz(6TW>vWa~dLZ;Sn0d0m1&<(|H+%(T^SPJvVZu`JGLG_vH+|u~QoP^f$Ve=sY z&3Fhk@CFdPPIeLQ^fh%8Qtx9Wy5X5xhkwW(2HHq}$caLZX`F7=th-!`Q7!{=9K7S7 zWz#y(1gjJ3Twv|@r!r9A+FrueSG&&dKXln4SgTJhpMZtbOmC*t=qv9iBg$TY17beb z<7RCt>KnRk%`-^a|5MeM2SVAsVUJ<#Av;;i5-LjxV;iXuMu^DXC?rePv9Bdr%f5{f zA-nAR+91V5+1F&>WnaHD{oeQc-tX@@&ok$_pXZ!&FV}V56{m&i6tXj1TFZw(%+G!l zmBt_(67sHzlu6^epmOA@@y-kzS&h~?{4 z1^2F%nveQL_et;;y)<4y!U?`(sZq++Y*sTjJ{sPQk9^Kx5k+(4yEU+CdpLG{kYl+M zKi=a@FRbzl@~OrLUexd#y`d2E%xn97ujV^gpD{~Mx~^~~m*8yJTtd~zfF!TWSWx7N z(a)P~L(sZju_Hg$oH+6p--+Je{L7a(>pCXCZte#JBIVvBk?YBDL?)e{p6V_Q6xJ!8 zPwp20k-biHqe{q4qSWvDGo|C1&a+>bW=f}pmsg zdx+rIm8zDFS#}L+q}cG+JA1e^^C%i1jXocN4hL}rB+h3b3JuQ9Ws=I5qQP_*wj;S^fiU>|!#<>Jpr zI4Osf$fVo)aT5|n9aJPFMl+Q-6q(jTJW=@gB6*f4G!5Vs40=FWf6z1gTD?&LF_pc+ z87R+Kyu}Pi+O}{SfV$khNG|zjE_2SU!bxTiv0+`JfUB7pg!HcaCEvqB<%x7mO8jb- zT0E<+Zq0JxWOX+4yWI!1Z=dF_E+4Z&f?B83(0rZIl~0toJ?6SPG&s>(1zV>Z`ddz` zTc4hG+uKMz3*96&Od3DbIJ$i*=V2NjZp{y*>Lk!bZ5((TrcY(A&%NiLv&+F#EtKaZ zPNl!!?Hp8;Vc-saKEj`dyXx9VdOLZ$A!at>ejU3OQ@r}aVm5~u@WR*S7d5517E9RL zUUom!R4n|1R?QjrZuTx?=@R}?WxZjmQ}&p_gxboHi15zE^lo)TDBPGWsNyAsNe zB@Z=Mc!s&Fdp~Ayx^zx34-d`A)qKwd$s+cP9$oyvzw;0TOx(%@7qz+!%Ju}PrO8b6 zjZZ}~L>+l@l^{BiYApcdtWFj$aPN))HKFIYu8fW}#ZT5# zV)wy1Gi8-y4|XnX3YKT^r|}9Fdrt8r(+|QljcA6FULlp!>ZZ^d1;7Ie=QpDG7TX}f z*J4WaH^rEj$V%|7X_1h(b$gpgqGt#yuS|dS31x>RvpToJ;gr_Xi}m->UK_r2$k`&F z-DAjAL|@FqcDZ5rIAjTc=Bc#OIxya0NjFbQ#UQL49|r&S46>hW?Kcu<+h^xRDkco?^=wZ z;L4w0evMQEhbl(PM}hM{`fG9d3q|t&RPu?sh&LOuyS^Z~KUh2|Hi zpY+IJo#~K$=h$sB&V1T|fTVg~F=qj_^lO^IYi}?6<4eNX`jR4c7;pagGa{U7=e+Ee zNHOlzpeU>@ofUIa`gOml)q}m7qg3Cqde_nIet3R|uKb|GSgec9rO2PP@pKI{R@YuP zHKk`EAimL%P{K3SM{C zZbk$V&ttR5C;mn|(^rYGXl~-9X!!E=U8-T_w^yQQ%zxQOMLy|tO0!*H=hbJeL)Spq z%gZQv?~68UzY}*HUwkd~b^K_I7XS7|#AALco=aSKh~ua9SDP~?khu*@k7tux`qKw5 zG&fh^TqBuH;cVtGg^eB}A$<$`EAoYV8?_Mp+5nMln4{zXjSo@m*tdQF!C0=R5oOzW z_A|ttOq#b1(_jFkDMgZARd9!i$!Niy8Y;Lx_C9h)^AX7pzJS~ufFs;(Pl(IILrTx% z7Hv#M2b&t?%d<3Z@f5c1#r!5`ubn$wjXD9m?jhS8_rq$Crkwyqw~(2S&CSj04Rr}4 zvY_C=^qOkHKz?RX(aRnU=Zd+7W~Cs#9E=!_5Zy%>SpA|~YqK?PZZwqpR7tM#*o+)I zlZ@v1bhP0Fu?YX{%RR08LuG;egpaQWekr6^?9-yz^K+dG3wN6!BD>%k@m5 z9jy4w#fa^_Nk0cj2jO@Lpnj9Ho7unDS)`;W7g+vn;-c2)et1c7T<2VuFQ?so?w2w< z5Abw&CwB#g^qPM0ydCDWot2S?`F^E_g9SD&7T?;pWtZ~8UKNcu=m4bM;RVF{o*}^8 z)w?fo&~$7AqIq#pU|_t5gJ^|S9->u*jvE`Z(eQ(rUYV%1RJBbbm)+{z^f+((H;m9V z@xu%|bn)LL_Cy`L!YY&ieS5FYRY=N7(@_9!H4cgy?tRqHv|&0WV3-hkYn+<1n8qKr9r#qRkUm!A!uMHvFAn zshPZ|)hB`qfNb^+K0eD=>FJXd;B{gqzF%5>DLf@lxlg$ejY%%BE(&pebnnr}Fg4nf zHd@8Ra0|u>ZV=QGuuhi6P`A#FyTAO0n03y@RD`dXtVx6!?l@)lY|eC~Ssk`lHni9F zDipOpyDmP;d&Fkd?PyAG(>7j6tYhT-D$2D|%X?Q;XlFK+rw8>${h3YqeZ1Nnc4p{> z@h$h%*S)UAt{xwuL{FUVnI{>)SV{{-rv45~Na3VWaaL4p`U)f<&PTOGCX7_j>oxB& zZ7|_WkqKnz6{`h<>j+`U4NJECpob-j&%w zgnI=3hP92%gWEN10ABSiD3w5}`6K5(5xQD4KDn4cWMA*?6)(_R=+!omD{82G_A`$I zh%3o59VKrg^>{o)=q})gYn*dDmLeVoG0e+c?|=sdw{gpGzm)LUvW)p0#xOqK(5tq} z8b2T-%<;U_mPYS)Y8<#rlCuf{y+lARI_ifB;#<60Ei$rV1T^eG>MENyl~&m#HKZ*d zD)r7|MWc{Ep3*sUE5l`T2t24crMR>ftvZ_vzWk%R^fTWo+@j}_h4;A&HyL~Cr>VK> zNqBjAN$nSC7qM)#R^$z*hs$$3NX#3QWgXQA=RxkC8*||mT1@64vyJv}>)imbqkU2@KLdWWS$!j#XPXHt)3kVoI zC1iZdwK%`ZY`l(79c+~md&}hCdq~^$FBSmE3I=3f>lvMHzE8tf!J;Evw-gz25O?9KLsWh<&dd@r>yh$eNDfrH~Y zP8lahQ(Q3z)J-OCv9AC}m3)3RS4HsDFCD;RnzA3Epa2vc(+m}K+{wtuD7z>yP6ZH5r`18Ok5!=(G8mrFEElZ9>s=J6Fc# z2R!HHHm)95GUKlqz6OLP*on_aox`{BVgLxDndEY-YCGLLR-+r+whXm4XLM#23VHJ@ zU^-L*ClwO)I2V8%+vZMy#w+`!!3v+AgADU<6ge>z!fN%MuJzSsXa<#|MQWcGwK|TN zQAaT(%}Gbz@wHXx@+$1y_zoGlg?D&95V)G7(+)SH8Tj3--=o4N`7HK3=j9>L+Sa(y z+mL`=o1?%^iQON$tv)gj(S*1F&gWD#(gsT@^C7gQR8r^QKW)M0MlFK97~ zeXcFJ;bijM!ouQd;e!H$@69}TpeZIcT#5>jk?jy}_BV0Ik#W>s;GQ@?_eO!(^k@D< zsbthj-39I${^#fL0A~B9+-`KBhGxYgJh(_(bg*pqJ-Z;H^|=3<`PtX&y{rz=`S#lk z_)puj)B;*3B&3Gdca{gGb|4+~q!{Te#%g8fshCZ%y#loX_T}Vt4%9E62Xhez^HUGs z1R{^m#P8!n{WL3ZB>KRg41ghZg{Mjm4k6J>JDA+@p%$;_givoN5xJlvLSR8GL9u5-tg-%`fDE(_O#{Lm ztSAm*MS%RANOAz$v)^@H%>9A4^Lyq?i) z8M5MNrgSCpZstdHX2ha>@mylJFU*}YXtl0%DPMjg)y~dx_W-~)&ow(i=0X_+3E(qB4#=13;?ma3i$nTG4|ysGbzj=MYJJZ=AgpAJ}S`6X5U$ zQzUs4(~iGsXlZH5DJhd<5SrE%K*vOvM*ypwNUb#_K5&r!SPHq>Ztg!!o5*)eMm)ab zBRd2lL^6^fcKo!^4K4-|%de+doLa#Rbd`5hqZ+0fn!}W0?PM++xb5>WL;;+D8~4NFiTG!4irJ}vMvK4Kd+vrG=3 zvY!PGab5CuBOjr<-jx-l*EXP#3KB3MK&Pv&2m`(MQXip04+0YXY3MiGS@9*UMG&@K zL336Hogl%NV*Hd|j_8XK9ql_OE{lCh_b=C9(l?Ro68!y*bHThBN&{fGkz%^cs+;X8 zf=A7)rcApj8;r65*2bkohDzAr+LfAe@-xcEbMA%NT1 zZ5;KGS`4%vrm@2u66X?mHnYJ{F%6dnbUo$NgZ(WSXAF5(!sSK6ySDUST+Milu97DI z0lhwPiSG-0nB+Aqg98Kuuh&}n(=0+#F5wVN1g!}seJ^?Ry5O|NH%{yqMW#`cZ-WhY z+IM+jeCTs;vD-scxiXy zia|*;-ry3dIMKdw>R7w(bBWy4|yfw zI%VMqJ4b!5wT)c6%!=ev8#@<+*F76*=iTQJF+O;Smy16|xWz;VD@jrACBO&B=4xHs zAhC${+FCI8M?G*(&nIi)T%aTEFlBF@_vgG}(cfUp%H{a0NYVeiE8YPM&5Yj=k-LSi zCpUR4_m#-v0ot3DZ1BAuI5NM@uW+|8w90S8crFGg0aX!=ku^{mlkRwF6>-9owTx5l zz+eG!GZ8O|2<;UcQ9Jf0`ew>QFAn5(+E+?1YT$(z?xc*RT(?3p{Msk5Bk+odR$>1b zp9w={3@*eC0h{(fzuQc_{+O8V}<-51m>yhZ>z~c{4_8F1F_BY0^Be@+;N`K=V(kNy%9_ z{-qm*r1x|g@Ht8QQQ$3@mQ~kh-)Wr0;5~1n`aJBZNm!v%qicF#q{G*QwrN&YF0Rwp zYaN>r2S9}?2PzKZ#IU0bPzKs7N%>-)W*)OlC{-P?>gvc1argDIvw&}#1KBRrdb=M> z$Y4R7s3FRrOU7ix!y~sHK6dS}x>_axtd~uh3X!!1Lp@V1sp|QgI9o&pU^QfOQks(9 zbVX&=RXP->_((M~gwjGFa)$cvNV+#ZPtD5v2lyyjTU02UJYNzl|7t3R0B3M65&32- z9oJ`8AXJ1x1e}N?qV@dw5y2kNTV3T(BO*4$55IbO-<>u^5aD^d6C|&VKuZ>6VNvI2 zT1H_H9+}E2w4uq|)UH|ZGnA|kS{VOO-oNOY>5Q}>0^2owExWjOUN1KSwZV^GwO+milHa*);tZtz>kBh|_E+jASo%*P@6e8Te1)kT5<$x)GAILeT*0s?xO1|I-8&g` zNaw~WrPNz}V6Kw0VO?6Iw#MB_DWF>7JH8^pS#avf&h5irO8ipnYMs?9$pw3Fw{ymW z0d)t?Qa!nINxkxmb9oLfhiqxP{wxFUm*p~L@H2#RIdHNSNuL`2;0*JS(&=5O& z7p-k=wq&HFcgG?)L@R9hfl>xRp6y9bUF0LC*92sh8a4b*y6u%F4r#^=7C@GYf4YN7 zpr-u|C~e>JkO6x@UvDxiBsh5Ebx9*wEsZtbxehA9b&c|VBVKwu;!GeodyL=g)*BcO zDvwvm@iJ=3?0@n@7JzaN>^7z=LCoy1rC)4nQVHN+qYcGYBbW4=tH4#8s|WoP`G4tx zNcun;FBelU)axOl9J4`LvSe+SDCA>bChxkdFwXTvMF6470+Hwke}Dg=|3#wF#~|2M z^L5Up7|{n>a_Kfjn*$%DSV zyIw#T4hX8dyjvez>U?Y559)A*08j~1AB7TWimv>JDW7Wh`jii~R{ zikq6w%*Uf*%Ku;sbEv`9IykxI%X$I(_y1lUl0BR`V~72-oId|#wzBQrmq{)A3Cfry zt-1IdsuOp5M`PxRK`*2#rhsksd&pYY3rRn-242NeU;Q<;ghyZGxx~-p;y9&!wIeYN z7Z04rM52CIOMN+XKX$vz)ftQ2s$1-?Y{=p3IAKdoH>vehRyfdVpO|IF=+ z$cyXb2Nhh0zmvKACZpZKCCe|)FPxejx%rcyX_P|%fB%0Kp*lz7USqwatkuFXO?1`=+km}H~Xek^O|9N{yX^wAgZEbaAFj$;=@LV|s zNX?W8;Q_Br`Q&KNuYGdT%vJlZ^kXIz#8CjHlG_FvF7y;joa7Lc9OYb-K>}9Cu7TfW zbzoKOV_&ZY^-&!0Gqt4$XD37yw6qEFF;eWbq_0jCrR=FN=@cTq@A_Fz-%hbms;9rw z`ht>K56;vcERbwc9juv59&~8j&)ST&)JPxkN5(yt;ol2ld(!NsmgFqa#vH3JNtsM1E+?c_ex$k--z^wiYRAgP^YL_5kSl4RzwxH4hJ)GnW~%iQ zpPg(MD&eP7vxnbCv$Y&Zm||Kz%3j0Zi~U*eZaPfXxU2q==quJ%OIjMb^n}VXM)&INFWKJ%vbpl9O+Ss-7j0Tz^QbIttJj=VSTQk?c%ph~`PBWvNbfNY?YBWP zy(+Z3K|EKRl3vS-#af}n199|pKr7eQ@MTJFWK+c3^icGb67 zV(HkW-Oz1YW8r%a-O;peo%j#3zsJ|~eouJyv75ITm05YBW?)NydfX*W`%NT@)t@M7 z@Vs|MXcMc=dKJZ{)1=3cGI5DdJGLnvrc^sV3F-zFZf zr7<6eAG`f>__+P_b-3L@Y`ubO%qFI!2}fzLQL9W~ry9c^Ii>x`{r(rCi09ENV^nzjDuw_B@{_*SZND0xljoXGD4 zsLc9xgf-Ld4N3MgQ{RJ``hZ%cZ}+-u(>lW43wpz}?jdTtC63#;zj+1M#&w=yUDC?# zOwgPRm&=sc2rd4^2H#*i`p{82O4L2RE&@wqJTx*6DWuFozyJ)Uw(;@jH$O!l72c5PGImf+pT3vj?#u9uG`0)k?cP&n~hQkBJ=_u1urUZ*oO9hBYOeY1&-w-Jy+peDJB0tRatWzhq=w zG3R4y&3@E_6^4t7z1COmY(04~VB(BtFB6;}`8JBn{4@Kyc5C3>Dru)_zBYbwaaf@y zz$LN9@R7b>D}++)#s2n_nT)Nyz3XE7<^3JMDB;XsIb?j)^r>^7$SI;R@ByL6OEP{3 zwcCkJddxmGlR^}j+>CGCod7p?ul5FLzEjuM=XNONWPPgsP9U!7!AjY^JjP!B8B%OU70RaJV3{9?f z+F-w1p#;=b>>0?PDF8k!PBr2Zj3w%UgX{92k6B zj)F-o^V?*1kyXOy%gd`;Fg&(?bUW8^oj5K%P+nT#8!Ils zevbgap!6>ZqLVnl%zN^>%g3{jut=}KK!Yx?9ni}x4sbS`E zqV}m-F`<;?tTRQXHVNB?47_Cz(ob1=x{@w*cH0d#wCA@@hWhO=?)4=&Zqu3B2+hLu z$j$&mKT#IcGu@w{vB1uiRBw3w%W8?EuF5k%MVqY^l)wdcY?<>&SZibQEzbC^#$ip3 zivf3;xZ`$38RO|q6km8g9t)s>lLhc6-w7Q zoPPEUcQ{*w0@6eEkGB7G9n-=qKo}bDAj7&iG~CZvHnRYUS-ms*=W2W-*e=pgAD zQ!u=l^PKGhAI#~A81J$U=(ibodhln3$x1*{M5AXZMSeN?LsDjaUb@a5)>(R4}qW_0hD5sLdl>Vz(@gC zHUD7!H0ZcaJ}>!%&k~le=u}9dIV!VrCx-1xudTY}(WPbvg|hY(w3?MC;0oxh+0 zOKgLyNjGO;!X|PrCKQjy!j%=JE*y81d*8z>)%0CjkV}=1v2@tP+$h@4)v(c3x_08+ z4~oN5A)3dCFwXY^#m8!%SB3Okz#dH2L4pzaRSG>b5_Zz_+X;y*^BIRtQ)? zyga@z?u)V!adFmPH#^?XS-eh`JaS~i|1j~#q0Nj;?F$i&%2iqZs{;1XPvf{__~rAH zyiy{MbZ(K#JM_%)1`v69qD>^uf&}V|23zeu+1>IHG83!2ejaM4JCx1{K)&!MAkls5 z8*x&{Js$$R>>s|qz80Gg%LcN5B{x4dgDhb}+%=QK&!F63gIU~X)L+(tc^e0~E)R@P zGCZ5^2^!zKPL?$tXo0&|kJ72V{pt?J zMq(BBgE(npN!a`6B&xjNmKAjuP~f>i)44=%@b!n*%__LE!gaB`7K-1t z@#$$30&;MK%IG{*clLP4hkIxDV@RftD0Z@z{D1cN{+ednosN1sw%f;#&82qG?gZtOg~WaRX_nTS#}&)1;~$$hw|VF>r==mKsN{31=OvO8lVr~!!P=+e-?Ca zEEs&6vS@Zzx+@OBRixIrXo9HWIt5hPIm8l%_PWyBwmNFzw7GQ7xhH(tG%c5z%Qfxb zD0w(U`Q(Mr_Dr$*;5X?4M`^8{@AlQNYX(ee91m*Q7-qhCYdwmg88x+D);B;0AIYF& zp%7}vRFfOqfthl*sFjDKBJR^G}!|n%maYr&9DWk4?DdWd9RVtDhDqk z_X)<`;~rlN8NN(=>i9o&B2R?b!Nmzh)_;6ENd zmL0B^obC}9*3Ay5_Wc-6!W`~2<{3asP?Kqk$uW5d>_wuB1@wCUlamwm@kSrn1R!kQ z9uY?|kf&b&z9WhZgn_}(IZ)`F0m!N|kZ$WK3bww)|05|E%aDX!ef2etptq4#gX(zk zR$UO(uCw0nO#+eV6B#FI4qXs3O};+m^!)JGUHGf9o(t_FgoeMxqlBI@Qo^;h_JG*P zZYOYjX#iMN5j1LXxx6I1P5F24{HsrNANDQ*WB|Hs6?EIJ8C~9E=AxscEkF_5;f~J- z(+n`ne{Kxq6$#k}j~?4kTycSs^NT=jfA7zqKQpiSuKqiOp#Psmkh;;?-aeX}Vscr- zRDt?qRwGC4rvL)To-`q< zbLXxy(9uOZlIb3deZkWZl(PP>*|3?m%^^&xi&)fZ$N9JZ;DcB6MhjOg|7Qp#Um~=t zCzGLe=5}D{2PUtm|5vlVUsoe**%Lig{Zrhs=xds+6p$qRzNn$9+Iem~ih=XPHv9jx zwrUq;drAN^2L}fiOJ?af2p9#cHSS@kIK3{4Ood??xVYBV=jU1CJ9TWF|NHOzso+@^ zq@IjS@9Q)tAO!jNvNZ4C#~<&r*9~O;_Z>Ms1n;P(w(BHwdaT7EIq440BlkgTmr{OdMd2hkWWnGgvT zH)2hb@27x;yJ_>>VVmFvuQ##0Q8!y>y6~8Yfq{|Xqj6VyJ}h?X<(Ovt%2P$3r*nHp z$Jqz1G%^^38eUDvhl01>A$e|QQ}`1D5tM|SjtAl2j6~pH(2_Hf%SkR=VGd&%UEPg4 z>kw+LiiP}dNQnvH$~?Fn|ERSSKr-KbcSvo{uo-fmvfb1On+-yRGzKmx3I=Miu}KID@67{z;*0eYqzMD~YH7 zXDB6%B<&WWJLKwyJKnH(us1)i)~rxpG^c+t%A$J#^Uq&8J_1i&eu`YLX->z+I5%=d z+)X*~KCPI)DwO{35N2p#k72krLk|5AEUmW4;TE~OW`DiB9%m2#|7Jx_xBqY|SBdOe zKn6v4$BdPpo{2})_42Oeg#X=Qp|<&ZAad}69(TY^lA9^tK3hs04C5wt`To5eUE3@w Yq-4INjgJ_x8*%bR%63NVkLt2#lz-f`Bk|mvlGGs2~bRNh2U7-7PWF4T5yT(4}3kac^mC~!B34?rRj>y;p2bDs-pC4M8Gy~M8J-`x8(7ZC4)wd{ZvA?c6No< z2?2k$M%7uEBFjtGsZ-0F^nJ~tBkwsWxAnm$uf17`q4iNtk;CSp1HbvCQ@MGhhbyN0=UV%RI}=tzY0{cYt-)$>TrXL> zmfGI8Nmree5@h>f17Bg;o+y=V^w=KnSBPYmjsxB`2K>SF$a81X_J;Z!S>j%;A@JY z1Q=E$1Kk=-ct^X$K%zt~UFJCzL=%>3RPe6@L`h}}4L5jf_i0YV{`0mU zJVJnDL;yw>G`Cu#aW_F^3k4l6M%eS6Auxy$0?G2J!JqB)7JjlRCCs7W(YZN@S7Y z_Y*Ew1G_z6w-myVrlsQyGTUS?fG1KSs%)bD4+q3cxuGFSCcE1I z8emZs8!$^ljb8O@c9nR({DZ$cNY7p7xvQ5XW;d=Ej24{+G5zypRCpe|FP{IjqpK_3 z>*jpjx_xy!`4uWp-DIIT;9x{Wa90N}{NwJh(m(Tvx=$Gz7N$ZgY@yhRC@RsQ3N^!? zu5l>zfn<3HxxfC$fbFRe0@VH5oQ4ed0>BF-=N^8k`6p5~Ux96UOP7YLwCXF6RB+z$m$3f*x!dgQy(?4YwZ*PK_)rw>RJ2cP3x{ z_3y68y9t@k!aiPJ|2j&aZQ7G$5Ve8v>(_i9$x-3-(qA5WJ0`veX7yfj8} z$eZqe@FAQ|M1DT#HlQblU8Ul1w$3H%SCQ^0+%i}7CbAvZ_lp<0i`h?gd1XZt`n2c8 zbQgBZ%|#)jj6b5JVT&h8(xU*}O2Q-=dU z4-?4$cuYs-aBbj;jQwkm7mjiSs2=WYS)KpVNbBN@U(oO7i@4MLs5{+#vv=-$vs2;XUV8@TN26-1 zfd9lz82LSC_Fe?%YkvDgL@NZxA!X)U|KgQK#3ZTpdaQsQNM2%OufED*Z;pP8Oj?+6 zYT=LLc|~EoU3WaLKhSu(Gj*@tbu|Xq-pT$IV80Wt&JR=e-2|_N<$*Lg;N8FS^*uAe z>qlN+=RH0#OY1o{pIc#J_M0zD=t=<>!RZY;U!~a`FHZSMtioc~a<&{cG(1tge32sV zma)fQ*7p#T^mK@VUHR-vCjKSty|m@^kzI>Xy=zW6*Zyq1X7lBqROPq+u|R2uY0>k8 zKEWK@(cFUxG~eF% zx!oSD_F*TiUL0>*0$zl3!=aYOhfPTRxlgcV7EP|*`7%o$e_VktY`^jF#j;0&p=Z*p z`{?t7evu*Cx@F6-RfivMuw#ILf9mkSei8=cnRw20{}BWO>Z^`%z!-9AB~n%Z+0maQ zLW~w7frmV!umd(`o*M{5;X|{u{*>bv$)cO#9`^H%x-u6V_poHtq>n#?=VWir+K}9K ztCw)v#e;dj{iJFWmLl!qWRxXLIA_Jsdnq_@qQ}74XO#+T8a?u?S67pt)C7~1XX=RuaD=}rN8Eu8rHz*w8#`Y^-hu@Eu(=@h zkE9-%qe|M+Z}#p(_75>?*5jdTQk^4;Q+fX|mZ!cx+gNURqOR7^Cs6_s!8N}C?^toI}g?ywIr z+-3IeJO_2)5)F=KCdiq%21OsO|8pqhLC7^>WO(hxV@-aiqigTJQx`I=_rz2}&G@lS zkV^E9ZQs%Z^_;iO#(uoPvNyfo?qJU#_?*u(+_d!GZ)jn3t?BN8UO5P2f;YiQ*4;PN z3MNzh4Jxso*}%f9ayB!?KIK6sa;h<>ZYP8% zdL!#*W<4P9;G8fOw+Z5m25Mn60UlJZxVeOvHtLVK(}n5YPNW~{cGvXgwM@KhX~~J* z_?}+W&(Z5-QgWNs2Wx{5AKk0l;ivUGP4bJ;Q_#5JJbrXON;iB=wSnoA+zbdAqo6I9 z^^=VHH_kx>Y`7@IOXnf8q#qxjeJ=B`K5$)KWyXUp6RhYh66$OKC(i(#q|tQh3S_VB zXpyyJ6_>X8cPrtVH9Vuq@#1KcUlQ^ez+4ZhF|<0J1(W$2jx$UA!(FsQ%G!O_4- zOnbMx0{l$rF$~>du(G@yZW-a{gCjB2-E1BKC9p*hmp3%TqqE1OKi?=l&XE05ZhXBX3P&8?9b0y$ zAN}xq0Y}LoLUc9Y9g$_o1=V#*=m6eQqR*EGVpR|Kqg6>`c;%SR;Jy<6_1gF9><>p? zi1j;Cl1GvKNln(Wy>YzOX<)tqkQlWk4J20Yz3g@Ql`o4B*%y@I9>YWD44*yc?}sQX zt`{XTwQ?p;Z;v)j{)-^MW+1m7_5`-HoXU@;_2A?(vIEx6X;d8kHqGLi-e)8$A6pHW z5o+s9O$=h4d`BZ&BE6lqn)6~ou;r>k!rZF#UKEIzUR|MW8p3B%e(-=nA}lV#56QVr z!X)Eg2d2npUbBSzr^t~H&xJExHn#n}$ zjcMd4Q4diBT z$r^(7Gs&gg%-pA%IP}>qCK*UA1e-(u6&G>^a91+gf*;<|=1ohBEh&T8UIGF#tnl;G zg`iu9!GS+w^{0c9+k9@3eoStx@RiAO^G;!mJhtC@U)|Aa;gU8~d-H8b@b6T&K_%Co zoAIUj_Qs6~DZz30$2;Rtf9w$mU1VU4-Zv?di{%Gh1bvUnW597n0dsya$>Q;bi-{sW zj_My;_A8yjZN*5RV)+rfee|}yw+a16YLper;VrDGnz5+ zU$v2~hf;iOQovcjln1$A0$i8Foyr8%{@&tIHh(Y4)1FV)V_#CK-8kYHUwXel*)%;H!?wMNwKq*VlwsepnjrG;)-&tNjnSr@Jw5DcC8q4@D13;euYgHRUrWa0$p%;=a?(9MczF zC0+D3gWMHQW4_e9>r*a=&}MMxi<*efLTq5px_5b|e#RMYk-^(HDD>;OJ9~}Wod`r^ z$&dGtKAFoGxh)eSu^<1fCPcZ&@bTD)dmU=$tVUYB-Ae1}C$F4=5>w0vUkQ8pIfyCT zirSIuu|hhU@%*BDt}{qW;Ojej^9J&g`Eo@)rfv^7?0mU#Q~PS*OBKJ?In0T9({woO zH6P}{?T+dS#%w)UI z321nbWchtVp`G%aTe~r!RK}QWvWin|$x}p~06AnO-HC#5`={8M`eKgJ3KitI=kLDf zy@VN%DaPRx$zTTBTAx6S^`|3%`+4`h7UrIm^V$I_#hb_QH`7fZBG|jJPncg-PR-}? zWvU3FIc+n!ryj$uxP^MX6<|_HhV0qbq13V!!PPtlHa_~6B>m{@`=$T-2f{l zV%a_~(8_n6_CRNq{+TG&w=RfOO%(cpX1pHhrom?o2 z=n^do(hjOJEiIdMxjQZg8VY<~0zZi|2(x*zCzHWEA*inG>IhG`igX-&w#TiJ9UA4G z@^s`xrXZ+JTVriN1na5B%Mky!zgF4nMUb0zhV#Y`Vj{h^#|It-fp~^EaxQ@C&Ppav zh-0XvxNyfVvh5FH5g9GXtE?imU^LeZ*_Tf|Q9r2gaG_?l_s)f=SV0n?_wNP~(I2V# zUl*a!IzX-0ufia{^ah)-UxkhqWKtwWOCuc5nu4Skw*z1pV%YgM?gr=)il=kQ7xtb; z#`%5qHc$zO1MX9*uxz?W8pVYu%Q&a|jgz`WjZKSUT(d0AB1&xeQ=it$i1?Mah|*8E z@8#y<`0JXhlLvgu}4Z==~}5-^9wrdQ%zilIB1HJ0994F6*5 zWbIBxD5N}aQ1yYM3GME}ygR6L61RjzVPv7zr}uGAMH2ka50Zkgj@iEBaG<X4NI0C}>09`lfcnLn~nki)x1V_HGsml0$aX7e^Z}EwbFbvw4)kG4O(DDat zNRJGO`)J2a7lKWo2+p%_yRhopJAVt$n4U-lt;1EH3k0Ew(Aq;oKv-HywWWYwo*0+dz z9^NPmV>i~bH;JDXp};?Tw) zdi+7r0tp@d@rrQPh3S++f@sqDBs?8#e4 zC)QJ!A1lo{i^!lB?`OU76~D-zMXR9Wti*O zEV4xK4IVGl3i*7Ty#Vqv2Yt<2(Y^4w6^uF|VxVT6ZEaNj5QvRIX5!xUSEuIJvnbN3 z(<_(!(d5!7)b^uqTyjq6Uc_y zeXLFpTaX*;0P(3yO~fVMYm+%-mLOg`yDAx!+ZgZ4 zALl}%Xr%VUGd?6#5TZc%k8zNc18Q&olD1EeThK(>aQgcFvYkIcwfAKWI<@Zvb|T;ui8;oN{AFGIT0>O8G2KSPr19Ed z-E7+*P>^IchK^8P!7ozIXk&f9+Q2w!L;Agn=r2aq#hovbvIkaCCj@_ z+9>aWv-r~-jVn`(U*z@2>`&R-o5NqGin`2O?qD?TQ;V-H9ST|OWN26b9)7mc zu&S=$!73PqiNi_`Y}vsJ1lk0o|Lpn3uD_reVZ6y)HlCzj7kkBZXtE3-5I% zLn^gPVx`~G=Nu6kYY1lpkosrQS+dX^hn>lCvmvG!OhUokI9{Cx=lgk`kE`)x$YO&? z!idKt6*-=lGy+I59V}Y|*H#+Ik;40_iVt%U78WLw|0K^&#e?vIeS&eE`+)F3gyN;& zWAs|q$~s1jjYX{5rbp-f*n38oqjd+&@u8T&L^M{UtNUNn+C-^dJcfRB*41+3XPt|A zEIOHo4oO5Mf)F|1LZr-eSK~(Q%+`;xd2?{y_4$+hz=21L=CKYu#$vV~<&R=(=5S)( zW=j&Or%-y^`sj>K=}UQC4A1)`Q8p_Mah9I+o(OLMn!ijHPZm-;$$1t=eXtxRnC$9~ z31-`8zO6Zq?FkAUi?48HOE?iTE^WrpV|?k|GLs25eTIYCMt2C^Fn(J4UyGRWdzCsP z_Aug@w~!(1<200gOmOT3nGKsDj9Tu5?n{wX^T~6dmvY1U?T;@dmo8`WcWgGG- zpX6uC6-y%ki^sx3j{e1kp(gjUEeuf*?C?uk1Q;)G_VI|h{^NF;L;$Q5g2{W3>|syR zk_xrGfg*(!^kW9*6>O!9S7H{E?YLd!<;)7aLG*PL=i*V&aEM`lL_Nd?od66U(AfyKg7xhYmf<;L8n*S&_YVz$oP^@^J z5p@siv)c+Iw*vmzA_zKt;8V2FlwMjsG7?!DaQI5?VQSC}C8RCi@$*qJkftKk@xmL| zBs1kQE{RMcGIwZywZy$JDNzNuPSA;D<}^O;a8R+}i@ zt`1WP9iSzYQT9MV#W-rW=jK1LvvCxq9#inIjWU@@1N1k z@ju+3`>sPk&6j9{4*-hIprMm1PBNQIH^XCX@nHD13bQLVCFF^KZ3Pn#l!G_gh)f<^ zxPhI_7A(dml3Ll;6e>l&O;63q_ZY6O0l?n$Iwirxd?+|wzzd*I2N7wrp|Qf4%4~n! zSI5H?(KYP%lPUv+qKb+s4FYCHHxKPy?=U+;D%cLTBzAT)XHVh zo-&S$6xks1z3UGuI5R*KX%iajdP!vmAa$tl;tAFjlF*Q0eG9b@_UeYL?Pm$luJ?|Z`5Th40JIQAC|G{3O|0fNRo8e{+Rqy2>iw19K)@tspP zYb@}CHPT6nb~FB00K$r5JTbUeV(VgzgIFot>yr5} zIwr<@pDsd?(c(@`yF$s2 zbeW*mQZvRTwn=KP%U=M-DNH5BJ((gJO~)TCPWv}Cdlfx_rN_Lry$z%wvZRk_x8;K3 zRNnJd%liwKHpQT+O5|q0QFHCIoYUK^*g5IN!4+`S?SsOxvzMo_=VM;qbh5`0qj*zA z+FvO-hZ6^)2^1Hu_$VXFZRYFEen1v!C$`?O6VY-~k$}19{StY{pYr*6HhX>ovcX&e ze0;^JdESpd)Z9h2A768JhH^JG@UPYTL3z&+7vSV#D)@WsZ3!#$lIy6G6@1pq_V80a`ki@ zdinYyoEqMsSGpqUG)4GzN@h17FXSbf%Ll^;4}PmCe@-aPjYt2IPQyLfyZwDvP!xN0PS}0Et{@&|C5nfM5`6EbWYGKAl4KzS z4B4lNes;s$?3{*w<+e?|sowM^+^9-!@c7VlWAf*{krHJeTUm=#3+Zk9&4tWnqLf=7 z#aT)}uWR-;NznwS_^aBh_-h5F;I6I2(C-7=6N=4{;H$xb*VG#xOBdL8C$eHOkM{k2 zDhzc*pz1TtuYK~zDq?3fn`+MI_fvxIOMddcRjDsCS!&PEa5^N&iOBUoSZKDaq~!H5 ztk7Id)%Gt|z$D2$v7EOv$L#TlW&h&8&CbEI)Wo||dp?*SEf@t4Ga1?sc6IVU?l>2g zQFjseq$LvVNUNhLTFmc2si<;2iVYo1zb$bOXpRV{eW0YA(ERE}>O+D3=F|9a23fha z!E@CEgD7z`sng5-mY(P=h3rX79p%1p;v8E8hWgxJ$K(vMi6~)uC`GYVR$FKV!5!!x z75R(sShL)8FXK!wL|?|e(4AIBiGaGvpvE4-sWa!UA{049cM4MDRQvLIx>!=>Bvrz4 z&WktOZ;ofgt=GQ(=Hz>hPAq4(cHs-xRgYV?_s0{ECIPnClb=27gjPKaZ~gkZN#hw* z)*=`D*}vGya9Q#^;`?KsOJAqo?A)xnHS;Q@C4#zx)>4FQpzxuq3pidx*QXVkga)MN|5ycwfCphecgg9aqe@N8FkrIzRgl zELlt=f>NxGpodd|QkXnF8;?aDOATA%)Lx6n&DC!Ez%*WqjT>K7akIgBB8DruN)*#( zp7xbCQdATzUScACAc^qe4j_B?xPi_+8$7r>T`j`CX}?Mm^SqKHGkFfrj%~eQtIyE$HhP z(V_)|k2HeZvNv^llJ2hs^lKfX3tpuOO{@&(=q5D*9X0cKMo8o_cSuk z#zwMq6sDRko#@1tJ?fW2gu%wO2Pvx+K?_DxCznnK2N`KGoN6+3m%S;jt8qHdeD@*D zf?1C}%l1%vspV#Xrm)f{Fqb#;o_D-esoF7+Au5!2G0BcJMoh2Y*P~Qn6#@RhYQE$LQ?pMB#|kPR%@-B(B}y(;ZGVjCT6ObxN)F$b zz16C@I?7^{EK{4OpVp!G2vGVM*QhPuSu467WV%emt$U#@;cwE?C~?G|B(g~*k|0pp zXzK2kQhm@=;hkgPY#Qj}_cTcNaBTfxTTPZeqc2W8J$!pgcTn=u-lxK0V$|J6%BHC3 z!tBHBA4RdvQ&q!rhc?Ol*|K`k@cnyTk<8Jy_i%fq%tI76zwamDeDUjL?@;NDeuA6h z(IJ(6xWVnJ+haGNwQ;*8T-(D$s)K)aDiK8}A_;}yvT?0F8+zaRm*%jcKl06lE?ZSU zo6oVauv=e2l1hdx%Jbb33*tI7dDR;v0Z~eVWJlqISoD6*xyQ*YTlpabYwGf|fqCE0 zX!?*5E6=p2bl+;Cv!dt+A8_82pxl(LCsn@bJbr}=Ht_HGNF`Dm#Tn)Q>4DN2KpIqC zwoM+OQ+o4yaJT*(TeIN>di*~}rErX;iE@|I%K2as=8HF5wP|g8<^DYBc&{sPu4Jah zA^Kz7-e;Ny(x{5sS(Yq$(wMvB{(}4c2)=axi?8k*lLph(yBs=3x*Ex{huPrTgbSkB zg}}>Kooci!`-4}C&1bGk@Ckn13PsPIE6qLbTV%VJ9e>>200ZX0I%Tcz?|`hoOtN`>wC2@CO19HsL$2}c4MT>$U!`*vr?y;&>v`pTC0-ercL*C~thUeaEN#u~_|g4Pu`R?SOItbEJUZpxf2S zTPezJ+j+aP*%K4XBr((MMk&ucaKpBvpfz6voYG+?H{DY4`@{NLUk7fT`jD%}3n`zk zfnuBD*H0wY8xJkjXTIeqXIW>rKd(*o{L?&`1jBoAHgAcw3j$=QpDb{+SM@s8pLaN@> z(7(IpcP!Zmo0#`Za3R!ZQceg`mz?m28wKv0pF3_U2s>av<{nK~$qeDIj&^n=vP~0= zDweZIEvEBO5F6&%+KK*&>MPR-gJzrNDu%1q!-5LNq`LC&;UJLna*lF<(F_vjpav}6 zXkSiX#@$}=G!FmZIJzO2!kNu^Z??Wt$yN?xHG)$2B&o}O!OuUu9YREBwuf~=%K*dN zg6>lD=>Kf<7ors(L=*nN30G^NDEJa(*0JCZbmZ}y;<1G#4IJuCqnL&u7NO^z zpV~8S4xl(T_(aE)ksrGC>u1!8?(*On2>Ue@UAafQu#D8)9K^Oyl-R(W50Et2D#l-G z{;XLSwp{fiI&cPVw5D~qozU;xoUYT01)r=5#0knK-g6?}w;rsxZg7lnF^90<@%8vK zqqd$*s&tt4mSU)cN!C{@e$Y=r#@{Zc=+-fquC_hGGMq539%L}KqL(7#TK9-_XNo_; z*sY0C#v9&wyuqbo;FtAC<8*Vhgki2aV(5>8f0@DHV7#A12U9mspY9RA zdJn*`_#lNk`Vu$=<@aN+Ci9p2@d*!)jmz7AALMunAd&i?Dmy?#)ci5`uq@afbb54! z-QhLNn9%hSTJ5HPV9y1d)Z!Ts!~rpaEG}#GK@sbV6rcagN~%{(iHM4xRiNABoR+s#8y7x zh9bpz-bE25zrNRhCyXDzTz4B_oqC7Z{USuw%rYPe6~R78YB$`;yc<*gW`ieGcRC>l zSSYwbFI$wnTT$0eLUHQy+!NzVjXG!3N-I#DH50l`qesGnC#8%Np}foJAR)a*TU0HY zxbQ9SJ-o=Hdh5~7;m!g;%H#?rH0HU(@#(X$rDH-@!Nh%fMrq%tuVr;#`kv78wOrTe zmQhl4KgOC(^WCy_`!s~zKh%Pt81@i=0y#VUSK*A-5ESPSgY8M`IF5;t;LN6g#BR&x zC;9TD48rtjRTh7$KZYT-epm2jzm5%(i8d3%>PNy&tmiT1-v-G0CWn3cvit6krh!p@ zH`6S{PT!S{ZnrqkF>|%ViQp)-y6ZK_sp{I#v(KkqQ0TU^quytZo{nyzx9)v84~hMl zdcgx*+d-(Sk>j$8A$C}T!*gRs8`yBu;KJGbVnU9abuuhGdFVzTKhwk9{Mdp|hlbE9 zW#ZZ-#Noi-*eCCW`O35hgZ0tIVf-a?bX+>0Xa?}w0mK2valkx+8X&(#+vq;SrGcF8 z&d1?R&D7cplWjN*HH#WlSPlsgep8bnhRjJ^5+301=&T+UwwmA*Se31#&slK}8s%E@TttJ-o7_`qAXB7! z*p5>)7q|tw_pU1yY@!5>We!E8LRvh0*CSP!2doB?Ez`(h6l7M$JIrQ?gIYlhF-Btf z3I@aD(kKqD@Me4liki~ty>@YoIR;(ZEKB3u88Mbovj);9$Z*d0Rkn69jz-h8EV-ZP z;NhI+5>C?9G~c=FxomI~|AxyavQwdW^zrrto8DgC5VklC#ITO=ND}B3$t36Q+l0VR zRbg(}Hy3)(R-<(EXzPn+{b%ClPX%sv$#z*I$!i1xC^DG^i& zdz4zDV67t?kg;O@CGC={?n)X7)F1Ge$ElRuU0jbGV93!8PQe_PiYx9l(s0Oti~}F) z%rnm~AgXX`9RNlmi0|{Bc;QGC??}A)l<}_i&p9bCHb^;Pj1gXc zz|ylfV-$9lL!Dyb+v5yHZ?s*!Ztsls={C(U7g?ZB>bI!Ew@>p=h6n|0GlsS{2_XvZ zj@$wBshllN7gGq^_XEaO8tWFlsk#q}4f(MJ>ieNF{XV;KqcAe*OVPqR72OWsS?HJ` zF6jrY)nXRK0w8i^upQNQg8oQEf+(o_mRmu->_;$-k+-}$Ry-q&ke7Uza>FB4t=(he z4fPnSJvK3#k_>J5k(YiVw^)ks5ybUo4L~Brg@mlX4qQ$op-J^G!qe}k`5C*CB^m_H zr)O0br}w1}r-(#07V-~+A0fH6JsGsM4ayzKKF~mZe)Busli6R{XI%Ug2+&r9%WPE2 zunACg2`t?g6?0Y795Ow>HQs-b`#i{S-f#VmZk3JE zBy6}L{;q$9#?ygX?q{X${v1ND$P@>Zd(Yl+3%%Pgx%&JRm$TLQAG5-3 zx4a?zqZ2!g0RruxUKvq*xBdxz$LalXsZ&XVzUJ}A@GhGDp?Ejf)p&+IEIj>ff>>(OtP&9gJCk<5MP9{r3A|ARe!jdG(@30$A$GnYH$jUFpFS;54K zbcd~O2R95Wt2wo64C3AzWT76_ISiYim`0W+z z@{y3cbrvq92bU|sa0W~IZVzfmIh2Af{L*7I_j#v=#SEZ@iSVO@w@xbx5n69N)LD0G zMv(GD&8{J;2wrQZBoWZl#rKB1=HMr24r{Wc_p*Ppk};X$7Q*Qk_%q-%j$R-_!nA6>X%9WSqLx!`5Mf!2 zB(BbPX~=MuttQsNEGgH;42{86(STfrbS5%5+ARzU1s@l^JvOmrlbd|ws=RRc!zf(< z7DXKBG(Iy@sq?MfV?HS8+2%-o0{+3`dfhvPPxLl{d-6NYw?FKs>JQc2LL%21-p+}j z>fUPl&M|0qrQn$sMNhEDlH8jlCg=#Dqk_ba3dHqf-X)6;Du}qW`C0`%@NW?-N>^q0 zxe%_^tjB+DdT!0}=D4V`vZqj5s<*ZF_PnZhs?l*JH|ZDu12q_mWn80!aB27^V5G)X z!hCg^kBK-;7hnK{YTGrnYFII-KLcT#i1{ts+&PyrS!0#xWVz(LE0(a7D_~rm+n*-X zi&z~mF-Y?^EH5lQl(;#k!Q3xX^kpb|U*~vx-QgXg@JSQ;UPwhx+%Tc z*tD}OLUH-vRk~t0$)2=_k=fv5*1zh#7@O7Sdr8Dc>p*sLa2LwgaaLKbXrubzN5b{B ziUxcKP9|t);C4l1N9Vkuw+%r_4SvOT{Sr(AAw<%2HXMzpM2tm-YQk~s$hG+f`ONB9 ziWsanK?FgEO~4iZ4hz|Dh`)0XMK^j%YW8a#OY!!MjKWdm-WG6cQ!3Ytco1!%T;+=7`KTeIqiYm7qx}d+=)B{65n2hDP!=f!8 zG(=9mSz<}LXii$rc=+R;39UirqXhqli;sA$B_-N=aG`^l%gUUuAEoje!ZWCl%cJi} zn1s@60$veK)jCB^nZSfJmTtQ~F~wC5-F!oPS3L-ZFG$5I3)Rfqqm$7OIccoWrIS#f>nhhpE`h`wj#X!Gei6+$$q z?#uR>B>M_yt^9>dT~MjTV9YCIkMjc~w(QYzJDI?pL^_6qGKNXv(`p@y+r7C?VP)4X zPA49oQhwufT0^D+2`hKJrwT=)sa|ar)(jb7liz`5)B*;+q7d3M(!}3#uyI)iN@N(> zS^1vH1V!Sk2byY}IRm;)v1ih}wovnDc^yzn+>+muPef97!V0Je(@W1GKG0G`A*Z&= z8-)Em^-Ry*+fSNP`&bePn(~->GQ7_qV=1!R67xWQxhqZ6X7_%n=XL{Z|1b9*3r zH|{oqo}QpYPemjxPhv}8 zLI$kuzAXf(X0L}$k4=hXztNcnfSe7^8C2Q+#ORI=#1wW^6P%AwL2hF|a~Tui)j^x6 zo*=#W!@csK&&VP z8tH8~(p*BEExR8uixrM-_W3cE=!e__fsNOCUsPw-rSfoL5%&Q&3(9?Zs!w{H%waIhO|*69#CyD{mcXH9ob8`b`Q$dBt4xN z_oeNv=YfW33{38Yx$|RQvEgRcRJ}xYJJM@!DT)W96?xNeRyrO+aTJiZyH9|YSA7-% z%Jz50cGL%gr&3U$&+TgL?|hs3%@{WMsNJFc*2p-*5KP z0U^s%Z7{^@ukiH+i%>;_g1;!huTc>oKt)d&D5%Pk(bCZ9tR&l&_++`Pbbd>4{`veb zfjpF32;c{|0aCFQO#&2o>>~#pfCSmN_kWK~W;}k&3y4$CUxrchf81#Phr+}4S1xND z1n5xxs34>Ax1kXQWVHA5@8JG@c1_ak0tL64F4nL8lcSR0s9Is@08rn_bg==M<+Wy^ zcCl}@PN~rV735xFK)V94x;jiJlRL?ez-*Wq+9&Lz)L)6_h3(R4LB-go_0L4wo2TfRa6ldYfx0VwU z+hu*r^_NqV7lZ?BMZn?LC+}sp0Ts%=eJ7nose4iZoQ-N@s&f5jqtD^|bh&xgJ}{|# zfBJ|VvPAjT?J{86QALpJ%hOWd158gX04p=i9gD{relP;eT?+xIkuiYk`>yomPNkju z#;|G0mts9gmfwPgv=l&GQpp3<0tIkdD(}7e^{t(mTBp}h zt-N764|j8uqz33Km>B`%LuYu6;~WpKcG1HMhnbo&X}=S`6hJc#-G>5flNxqgktjKn z>5Y;sK+gd0rTQyqTG9OWqFUPf_u}dla3E;qsegS3C}6E*{m-0xrADOy0%$HAkoRJ` z?gl-o_$y-v(z28Xu#%e?VBp69|KkfrjUX6J8>9%#*#E7EPXRof=dWD4Rky;T{tqCK z@2IfoaeW*vpqY?E@JG6u+%pTyO^l@KJ5 z5pw*G3-FKB4^Vo)1Q=UF9~p=Zd7<)c0vn9~Xz~A2@HhTSFD_2lvPCrTi1JgXlm3-+ z0lp?ezy*S;_c{r{vI|48`%Qp#Y#DuT7#(ABLJn|sXuYkcSeE*A^60HCG z$EFKqk0V1)$}!?gc| z9*hn@irUiqPdmd}g4EMv6{shn%>Za_V1k?kAP)b^;PW6qxH8CS!(aQVu>mdA@OQnE zA^!~<@^?XPjsd>}4OoP>Y85&2{u588{p~~!eW#gm12p5i*JESenO(39{Oo`Rc_*Wz}stj1UO2eq@ z6*g-T+`wS=xz7QHt|935M&EU@~pZTXN*eN?K1TQ8uxC3Tvq z;U5KpTlfo*llpFf2z#*78F4v3(Mt&#Jq_$S*r9@$`*?Xc6rfuOj<&|^{>D1bSc##O z0>Bwy_dD4shybki4vqp~t3JTbF$3ZYk5Yjs(w%GYC|udqW)XtQ+0mH31Wd|T@%mc< z+?|Vzh9&{H;iWR{*RQ9A0f8(NK=Z7tW`oa63l&UA!@&ozh%U#A^##-Kn|GRiSH12C z`$-&$vgC$#qB*uGw7@|GRZa_m6O}_UDY)C|5B~nZL<GxBi-HI-H1ptDu@Eot$=iQ=g^%}(n^bjbaOZ7oZnq{t@|Hq9KYG$j(5ND zJkOf~#311tbI#^2x0i;X18VpY@00N$Ag zD>H7XEir1U%@#NPv+Gn`EKA3w{aStI8`gCZ;=78N(GFOK^x1N=PD++fU~;p+LW!6Z zUmSPhiSdB_*Ca9)9jgtaQ%%R$qU|Bxnl71-19nK%bHC-RXLjI~Kq2f>eFcz`V*uw` z5wNjLt`efHi|~`8UmMJ%&=GGfG#t&P@H!;0sbxxr=$3H+kppd1Fx|{x4h)O%NlQQl zNgZR-21XM43{}6*xuwWqrW6Q*YCHXo;+^y+D~}@ z9!22p`iK$mfYk(gb-zxwzeB&L-UqUx^!$F1cjuWSgfX<}+!3~I^4jR7kGARPN{`wN zPEU6?BMuoigNOp<*a9GCvq*e+AhJ3aaC0dKfMv+PJ6pDZ2~V&|^OhDpUqSBwBCuU7 z$gKP&>g78$Ilzx6YRWfmX-rlDEK&{O*X8__0`8Ik7bAG_yQplf`Di5e?q)yGeYa+2 zK+onYqmb8LTz&luJ&?aNKeOlwkIqZ;k>|D=U=X`Lct^~lDa%p6^49djnQyvKnd>pl zA?AmQPC&k~|CGe_yT~X{8Geio-(_afY`G|$EYaWBMt!SkIz8Z7X``Bze`}hqMvHF> zMxDyzG^ZKFJ@39b!XAvBC(K2T;dj{2Y;|$CjuvyxTWk+l^|30V7brUE#GJ;4x0gGd zc7OBi&HO_+y~jMM~ZKNOaYg6+h&@tvT~a6)4zZJzSSaC^*bJyu>vpb z4)~*e7Lg*>0op*TfHsigdU<1H=TFt>1Mj=-0tp~SQEfoxQo2nDH3`i1>6w3OhkfI>H z1oitIP`yA)OS_j#U|d})DiyquUneC?tq5F@c9NTR*LAd&kj4XMU~BHf}rQ^ zQ~EH^7`GtqjaO%jUJ9EdUm1akn*d4+_X-Mb6y)`O+c}9tB5>mmQ;Ane{1#c5cj)KF z0T)(JLA>;fvNwW)`ChaEmx3?pFK6S{<76SPQbUhn-hj=k4s1@0m(rjh9@`(wOd+C+ zmoSD-{RRej#q_`woY?ug9&f3c8Q<$X09y7yC;@$V_u+P4I-doQAGosFB4>=$>dX6v zPwFmL(}@r8)uiIjYKmrcz##@{X^bwG-a9w3i6FM1HGuQxJ@DwI@*>SZu5?`t0Foq? z09Ay{kR=nzr#hRjMsGpV`PKL4WG3~_3+Qnyy;;S*0H$rk6|e2)be`Momn1Ux7u4ga zjnQ;Ypjf~&vo@GGdffzOy+{8Ia8?I^5XIWP`U8Ll4gk}F6Se5I?B5fC%fpopE34XD zsd1Q*2Z?_xpfjTmN>NqDh(`!1?4YRxJQOGezq2D-`p|9|XREAxEAUCPa47f`S#(Mr zd-~Eun&4W~==jhsXFKs3s%D27j;tLCJQ0TagYi8;O2_Kkr4~^!ICy@qOe56t{2F)w zAtn}7bRqZGV%l)m;mH7N*_UVEfXc=YYzdf}wcJ$a7_e2ylaODx-kcgBjg<$Ov9JE2 zfxL65Gw=T7K4avC$rT*D2hgj$2VEk24YlA^bjtI`Bg?AZ1=#^RyB;k=9SxKak}uqD zAJku8AC0d6{6ND8`PBV@w8Ol2)GZb06tHEWqM*4imeeiTZ{VFLJk^j+;4rdZXxCk} z9!jDEHZiKK?RIYH-7~mu5N;7;&|B^P;l!%XL+FVDu)2U7pH=tXUF-!jM$493B=~D% z80}f9af?1j^MQD~IQD^$XG9t^YxVtWm!!=Z*xoBvX!v4?)|{o+{#pQsJYVQVH6Hx* zVLiCq;SMBwtQ8PK6nN^C4swv8&NF9O#Jfc9JzdzK6Xd~I&kq4MKR zB2*ofr{WX0m|+9BYMv*^Ei{2d)`^e_4+0lQ)d1u8w}|~@{`cxraoUHyfb={8s}eKn zylKwXx&sbKPV;AqP%v+%P#f{LcGurb5p>$&Biz zmbdve=ZaOCKFYzb}iXbwlwdARD_B ze+J$w@18CBv{XO{BYr+~4#GT^ri)O;QR)iz$PyAKH~?|LG$nhy zMUfK*A({KtZk+Zk-?$sRLla$U1hoA{1n+uJ@Ebs{R5Mt|af)XR}-DVzWFyX?Qh8-|pZKlPQjvu`Wc4h)Q z)3ICFhfn6VzZ2sTMYN=3pCP39#q>`XZezrN?t^;-)@}4dKuBGiam4 zD6{ESh!_aWB}2SD?C8=P-#zbO-P_}5D*#L6}XPVJ;azQ}tOI57Y|W(&-Q3t1w9 zka|wWaugoL{)X^}+=Hy^+**C^b5N85ug0#onisxtqLO@?it1G&BwXwIYZ1dPGot#6 zY+Mw?ax8TZa_<$!z)Rgc>^X+2SOBdxii+kD`W~@5b<{$f;{ja|;!4UgT5O7! ztE-OtzHW0VqQU?7!vzNi!y@xYltNf~TEEzW%8|@|^V6oy z7j)QpEgauvTG%YaZUM|~_)*2?-Druy+H7>E`r0SLiK2cY^&&0ihQr3xp>q@V6wbki zLoufkJ(x4yGd{Y~oW@UoRBndOUaJd%5O;uh?awS68GT5J&&FuLC-iI4$KrJf59t}Y z*ROfX;{n(-H`X|w4=bA#x@Z?e^GOq%=g=`agcb!~*F;kKqpUW8SpWlt;`{bvG`LvF zr8HWN9UCZPCdlmY#_N{|4UTtyupG%AzsDt6ZFvl@wUVp!OL&s^`>uuz0!W@*SS$V7 zZHnhGw#9gLKX;*n1HHriON(^?NmOBVj=ZY7$2A4yrMX{8#1pNfqkMR6%Mr=z#4c6V zC>?NN7LQ}Aw>;ydLWBIz@^#)s##_i++Eg)##V-Id1F@kRfB=0Hm`nc zA{*KMi8?gDMLZMsSY+TBq#FdrfAs&wsI!Efvl*wSo*}FDd~_r$FUj+J&&eM)ox}#E zy*KspbHX<-!^w;AWgnZ_ugBEBuV&J{{+O?%L`98fn1y5C`#JhpHW3b?NCKa#QIeQfrz@nkAAs3y89Tju9J9YHmvcX`gjSnQU$ z`e;;DWC(ijmX-Pde!1Dc&`xocdULJo!iq}SRinYaG`ul#p%IVRasX>4=hOB{v?lEn3702|j9@Gy zD0{>N4y})ol7ib`0yv0pf-y_Tb%l2pPmyaZyb*vM6WX0t*FMV>4tymkk^|7u;kF_k zA8lzb2iE(-HZ9)F(}&drG;E3Qu1@;~ODHJn_PznFEstUJoYB;ywUkOPCQ*8Wzzexw z4mxq;VcHChMlE<_>1{VGZtG?INA-KBP3yyS{wOb~F52Do09**iR?UR`^)^^i7Dmp= zGHXQ1Vw79u%}fNh#WAhNVqLmF<(Q{Q;Bo8q&F1Td^;;Rs{|6=Y=fdH`_I%AXQgisS z^FdJ_+=(F&NnKF8Se&+3KsH&u@s*v%$=g1aiH|7rvcnVEazytDLYyZ^+GQ=LDg84x zgC9`mz2x`l#i$9IQOX*2P-Od4(Gd+(VjwWGc~wp#y%6JOoKY@t93&=+f;<{mkR>+J z;fnJ1B(@Z7WzFGu-GvFW1n88dzDeiDRg#|}E8Mx+j-R{jAH^_SmAgD!jB-pA=GWE{ zR)NuOj>)+ZDORnFphGV+0}rKY?Wg3I{En0g)N?*vWQaGW0|B@sx;L-$Qx)w~vwurn zr2@Vgmr%}`q&z&R64un8dBKl5b0N`BbDk|qhI$!By<+}9R8P7wZPbxlJ**-iS}$-l z<*vVwGog?DOoVN>Xo-F`v6OG6*7Ed~-o^IgRVER)>-y?~SBceR=br=&&g>&UA9i#l ztFH|dtwoyfgLug%790Daa@?P@;Wk-->|w-&huJ8{Yo!O;U*=KGwW*|NJz;NIPNHwS zIgD-QEiMD-<%Xy6sIL-Q?g$!o#(TpDYb8#wa$Pon=ESmJqw4GZ1v;(NYA%1RNC)MEgoi*%=xdc0|!hK=(#A z!jOHQe3brW!6L7U^cK$>f$e=F3-55lC&Z2oBHfWq7xh;>!KqWr4A1Tc4nLn3w_|4^ z(W6H;1GPv>n$wVu@&{@i;XCk55LV3&nSn@l!#DhcRYZ(U;LS-QAn>Cwj_u?#;!HX( zHUIE?Q?t`G(R7#zA00K>=a`zkYG5F>_Me7rjqR)JIw z*zqa;v_E-hh|d>Mv-4r%g5=XZ=vbz+fa+lyU4?HXn;U^TIdj`IihX0?e=e4ig*S>i zin~wCk~Eg&qVD60i{F=qU%(+mP(Hrc`6 zLnSs8SKopku^(4zUhOIVI6LF;t`5);czqmN?YE`9&E*#(pu=Bk!>q^S|H)g_m3hYY z@0YcaD--Wrv4BMeC)UIx?^BnHjtljbiA-*fBc@DN$^T5tS~ z88Uyp`CuX^XN%7XH>d6`vLsphGe{(ejwxJ`jmw#$n{gKQU^0y!>9=I8}vf723{eO@-Ty8m6mFRYIE*iik{y$qu8x6&}H4`yagQ`1IJ zT17J301{jMclAvkH&W?5?%kF4r)AeF9NTeN$dHl!Z68E-+Gj)DbP0+Iv^ z^@scb29`^s!~A)8n4`WSYNG?d>Kgpb2)-W8vF5#`-8&Q={>{+g%0P2%+WScgLlT=d zGLa+$E`^0nga0o6LzTa-{P|J@|B|i!ZVV0aAhkAWP%sNs?T=6RaxYf^BVI90t=N`_ z%^@7Oe7sGlmEA>po7WV}wwiMXR*L+qybsBHPY})qNL{T#5|B7e9Uvr0uz~KUk5PSQ zfU)MlW?m|kG}k$~TjQ)?u#1dMG1k5;n<`8`NVU?ltnIs;z-|yeMY5IkfJ+Q{2;vch zm(=BhhM}LBQ=|AZr1jS)R>fpt+V6ZLJe8sdJO#?2cLr%kq4&H@3;%<5bZM6zLUeck zZ7H#ECkGBry~?iZVHue;>}nK3I1>)CFugPKb%ANe3t<(o zp{QD1EjDdd(r{qM*f%>v~UvMdwv?+1+@2kZ}rQ6_}<$D z(78%jTf(Z| zXnf(@@kH;S=LK1fYp`GIN=y063{Q6CQe8@49>1ZXUTNgOmN)Qb{($V`G(rCEKwXVP z%8tdK{- z(T%p9hJH9fEeaPB^+%>18ur)Y)USS$v152Io7M=du63~)3>CjKP*<>m94gmJJBBt= zkB?D5n}G@$xuwuyEjKUvh);(jY$lZo6i(r`zU)U`E&X54U1cp6k0YcK?$~takHVK) z5GT6CyqDU}e6JWisAl~L zdefANPnxgpW2FBCKLY<8((8QvF*=P6?iYhz&vdeDouKinhkIgos%{<8D#D%Vp+L0O zPGhvtj-p}uvnrt_;YJ!G0kOHG9lgv~{QNBTs_ZU2*gYVvxyR~yq5NadlznDso=UXZ z-@67D48eQ!k{i{L2UIxs!JgA)1woUPLY$zJW5EC5F1wV-EzYN1<4oeD4r@7#rF`S< zEqNmf!rw!4CTmo4yE$Reluz{Rc3{WQkG5W_OEJaZ(K ze-y?PU8Q?cPHO(KIzrU-1S)_hdY*yATb#%kV#jwf4^#hT!m8I^Jo(rCl2_(kjkGyP#_*R z%@>8?&BPVLf7QD>kSTxg1zf)=03z6A1|4BXAnhx*`-N+BF_fh?J|swv&6S6uB8+z| zHE+xly~zfOMC+9XH{2|Zt@5dt0QtRLkOkt^eqQ`)`d6PqI-dELyw2T^sByG}rS0;Y z8<=a&6tpOPP?u9hT5Xk;K_^`;xo;9$uRP)65@zw4BkUcvL~nINmG_Omlfh*rZJdP z@8Gbw&bc+#|u1f@z=$xvG59rP-a-Hy{*D>kZ%3)Q7NVa$8b}+U%ErZ#Dy=% z7(sc}4&JLf}qOfCu?6gvQ4RU-OHhQlR6~`*{48iv^z%zYpt%Ni#AmOei5n z7;YA)01CC-%^-J1c1sXyj|9?wKEAKq$8%vxvuhxW-3jQ#Q)fW0Jh1!7vZ(hUH{~s10u0s$t7*Re@^fm8a zQJDNX8#dJcHm5Siv9x7l(;X-+%HE3^ng;QA@Ta5^PGsSuIv)L%>Rgb0B*9aY`b3a? zqdOoL9lr!alTI*M){s8}`-s6GKc06%-EHZD=$SGxhXC~B7pBG+bL7zzntgPe8L3N5 zyhoZCiV;3OF7=?wjZ@b#7pVC3zd^f-XDFp8D2usV$hsrcqTjwE&!(Y!n{?SYKK(>Z zM)2X`k(2^5v_BqXI-~}hL)RF;Vk4wKOFT}M85{oKIiy9$#ru1^<)=2Sk+^9Mx6TKHN4q8@2L%XU*6D$?ml5JASKO28%&73% zr5$jiEB-Pr=DsJ*BjFdnVHoNzl!(xDZ;O_3zB=9Q>5!1)X0u)MI!a)!x>$2;6^nVO zK^-pt7~n}_3O)`FrfV|QBNwD9jKB)bR7=`Z196K;pUS*}PxNie)L?JO`4E_#fg1ZT z!xyF*+9Sp?8ttzS*>4MKl$1L`^@A*oI*O;Z0ET_zGTVF;_2s>5s0=@ORYwBGpe>)DHAGgrt+AtER3st2ul*|w zx%rbPw)liZmeB6-Fk141pch7HmgrAy-mHbve|uJrS`UFSSZ){xpp8BALc~dq!dOh6n{2!!w7oT|b2ieD zNtPU2J4M#bcSXXPn`=3hWB&16oBf#1?fDMc1Bhz1l_&%{CG7f4eJT7Ik`PdS$$~Ir zM#J5Yy%wV;_0bHIX%b#sW_F;K$4)i_aj=O=X6ryCaTwYGsyu1f2>_>hq9dP9`k-}< zPk3S?_X(T)DHB_i)yI{rk}mGMPPGZM!8^|^{B$OOA!*XIeBAA!WG8sJ(EvS{Gu+)! zRs4O1(2joTbxAAtVwAOwm4UgJU6}x-G^-N#p=yAREZ6R6BS@b=Tf*M*pF<{&@@)JmD;Vuf}--vc-CG_77n8(AaRetX5Ale0nDh)I;Q)X?{+t7vc;s{X=Ku~YPR_{mJ zekjjKWp83(hsNeqAZgF2L4r1mHrWD_s_KCkufCXq+9-}RZ;Q-*gNW;ww9agX@w!Kj z$PA87dJv?#FTk_Y>dZ9XLChiWO>Ce$Q$;pxw#P3`F*ubdo|rB=B9H*TM^~S1Yc}1C z3|a|MUw99BS95yNNOSJGv-9h9&mxB5xGNqv4J~9$xA{%Q!s~e_w0ySNABT>ROoPke z5{;c;lNqDI7m)m5SWm@VgFo^#q;zWDQ$io()y_ua%J$CHlD9<-RQN*l@<&z3b*g_i zA=Uz_4;7r!52G9=dk_i0@UP0;Jds6rN6W3D`lVO%P?oE;+U#S`GYX8Z%Rf#_S=e$n z)CchP>DZn^hsC=;PxnkSVm3SU^U1>8+^nvIWb*Mzy93!g?KAQ7@!%}@7XR!u?NPD2 z<_bQuaftGZEL2*E>BAKOyMH?YRM{O%NzO>p_u0(K#2=P(y4`#B76Q6s4eS;??H8;o4w< zv?0(v{Gj;f;~p$~1F%~j0%FsMojY38CdT505z_H2w!>nMiUa2HBQ=0EwFoq|a1;Pt zLTbM?QfeV+P!40d3W4yY+Nz;0z)eLkh9B7(gGui4W*#AM$JHjdT>0{Krt$6XAcmk5 z&~1YP8;?_k6Xh3S&#|ja(amP6pgc8YtOoD5bn*-ht=d)l_=0q z2o3o&zRe}qA5h9A1U_3`{ZfT|#cRXpQ$=gqqX#H^<-bwgsmP(4#)&Vk;?)&sPd5 zaV^CRVjBEn*7VJ|qg0e7e9Xwfi+{9h&=yy5_Dtx2Qcx=8FmP<7kM_0}?!}o8(BYCr zhcRoy4zfj%wqN+*^q{bh1P^gvgmEFRFOGR$iJ zW5;($0;;OC8DDTTT$aiu$->Qd(FmeBAG~c}rA|bc=rHhTb^T^-3M6SLX zQ}Y`h`FJ79{J{-uW7iXXmAdV4fR$*my_9jxlj5rJff5pJaklO6#`jLfvLh&$-y_@> z)6KM2-vv3@>H^T}_q2Cw$Lrp;SHlq~U(0EDHo}}?E%Py#B9QAp9-o5olpI%)iLdNR z#)V%0;SzfcO};A^yt2oFi&~AlNPh$#qgo|_Ag&gzCKf~dW3)$P1v)QgRSHRhFtAf7 zM7ABMbstnLoy*t#G#*t*4TyC(mXasfKyuBgM)eWfVT8R4Y5FnK?jK-nvi0Q#EBD*e z1n#%YNfgs9u<7pl%`YCGFE|TANTU2R1M6~LFSQr*j)^?Tb}@a(FN)YOO7#ttKdu>N zQQNys+kpk*ZG{O`CLY^RoZW#y###k(n+^2KX;t1D$7+K$&5b`4EM>uGLhVRq6I9fg zcGiL?-2*JG>-d-+=HinQ&F6=yqTT|eo@zRp7Ol@esFRkl}jJ>W5lHz6?tAu$$f zmGmZb(cO}rF}5jN_JkZCGEu+N6nKP&GRh}IPy;c)Ab+J1z?bvx5Oku4h4eX2q>st& zDe_d!11HWt4u~eB32KHkgJ3|y*|$-zTHLhp2g}!d7W^de|xTmPwtZ6VX zQ%;HSIWO4Cr>b?%nq<4lOXKB=5z=W0ekK-{WI%>zJIQf$%q}-Ol8^=^wr-_2zrUAY zYB-g3bW*5{mWd4E(+s3TjcAi6dpb^+P^NW{l2y8M0EOc_-+We8RAn$t2Vw&GlH(-? z{IQ%-hAHE8C@#U=4qpLoap}zQ) zKU-ln_%N3K!HdiVvOA`T5r9#4B$SQi2w|Ag9q-G+X#OGHDhL_e#lxl%K(63ZhX)e| zI_pyx2i^C9@y6`8>${WVQ8E@QT^A*!($EU-x%M9(^*43oB@T-G&0K4S%g9fig5(pY zv3gfqAzj!oYtMb@uw{T04D;s(8cx9o+a;>6sVw;K!PMo2p}mi;!;^(Vp594G;T8K$ zK43!PfnfNlaeqc>2dJr3$K}>VgarVkDsA%yMX*pIXiC-P7uDF`?-b-hxqgZp0|7a? za-~2BDP{y*n$V@m)2+XbABZ1z-S+XzM63ZGY-;wxebzo`J(#UH06@s%0PH-~{vpE% zlL;-XPcZ+rxE5hb+r>>=%X6f<0{hkTFv~P?2Du!3wa4)>k1c`+;-VC06gMh{xJNBH z7$msk)SpQ5;K{b~*e2-p4V_(Um&~{J3T&qRUGf<5pE){ywb*n?LGidb{(XAS51F#65uOutMTtqJj>GNyRLck|PVLb(u zx~C8^*n^CpmYBa5S+t97M-ta9F_l$*l0*8vPoEw1NGem(Ch#f`uLzDLuOC0awyU=Z zBYtYm7NkqmKbjUX_@f_|vQyzYa$Vl+_7*)aBr5b#w&LfZPJKI~J^hiV8~MBo?O!aR zFU-lRZG;TUL8)!zeQiGx${dk08w#}M^cdIl(ZL!D(Fot^D}8B5C;x`C8b){nM??V{ zK;de7*;{BLwF`QLfSi+Uf40wE`rNv2kD?#Med%h;p_s`uf zl8@X42)Z#}b@BQXrXO8fsNnZCwA9A~b|bO>*kF&ix)&`8?Q80sJY>#${I%fY$M+jd zc8{tAY_K5k$ww)A4t!Fmz3VVxuXe4Yp2s*~Jg>E*(;Q<%cgdQ*B!*2n1K?s0v{&A! z_|y7eBLBq&7M!mQaE(aA$lX3<6EQ2x0+=gj1q#$DC>`XP(xw#VU3HK%(|&(I9iJlH zA_uv=qkE}`1Z8t-Bf2qtsuB|Jpl>NGV73%V7Ab2YG%>>GO22<9g6@G3xLNbjLOBo! zu&&vmj}(3kV1RL;=NuWUcB|h7PBrM|G+ZBS#13eIA94Mz|MueQR_G^55!465<%?Z) zJNlYjmRl=5HkI4ux3E#5xqM;)r8;G4ZaPF|vO_dcpB$2(+dDxYASo>j@-Mxy$YeMF zqAe0Mp>b1AD@cc*$XyOqjX^i)z(=mP9wsO9veiM?V7i1%*H2#H9jq^7KV;(y(}o)5 zP!^3=iJKOmIyzQ^bO+z1n!z_L1^|_Rvu#>lst^=hFLGLkT-w1}|eICcX*IhCI^6D!7VX@FDjOnEAw*`La&D$QDf<49#rLbEw81}JPZHRiH_nkII73&VufZP7C4_ZbC(Cvo~M%t zp;XSw1Z{opd%V4W9j>iFf}sfq8jwz9fP*7v_$dXjDQMS;Y1dZ323Y)tpXBbJ!RQO1 zqpC8Y_rCD)-lFe_k=No>v-|qMvuSRp&n);xSj7f)pUdIEH5{LEDJZA~$hU&Jnvw!> zxORy??-RYswLkUs^=t*1?Q^nPwBjU502$T~>Tf)N>@)UY!v3Rp#sld6?FPEk4JI(F zqJ6?b-^afm}F*<$JIxwTZ5vr&FlAk8x>s$y@m5YFr zq)d^eG-+J`B`83El!==eI6kQ%cr?Zzv4EPeCBI#c)y?d}68xk%@yoNgdpbc*+>HBwv=Q}SVAcvU zQ?n|g!2?lfC)I4beC*@dyqvgMU zfRP-ifLrv6X zzFZOebuB=dX9P|{XUlH+@EQ^nUseDeRjhx)x+7?(EYQx8zu`4-~;ehi2o zS>VZL#5z?E?rAU?{}00k>EBK9Q4@@TzQ(57_&?guvv1%)E55Q&Hp&i6~DV*@Fy3?*8e^UNej^g zo-HW;_`bEI>@HbJ;(r_^#e4D+(IRQ=y}WF{^OW>|R3yny_hXqL(#O-eADiNTRIq%& zE&@*u|7Ab@^4^_}^Yf|t-zu#bfsH^#7kzK&vQNXO75||emV79Js-eRLnue$|7W1*PtD!PIwV@4eNmVsRfwY+2 zl7YqW4myqwH`+8T)~MCxmd%pN2e+c`-)#=eSKOhNN^nGj6HUY#i#@R7#2OhtCasXf z&cFemcG7nx#FAu0`7N2VD#%EJVa+Yu@58KBD{iWewY{uS1#K4w-z)H5lYBi7XoyXL z)vpQiVO+5PNZxX$?gCvx9tm6j8ZNfM1!P8JHHAxr#z z+-V!u7+;y4gb6H^qlFKz2o>$BfJ67AISO_)9#oSn!7|qux#_S8mycAgc0I6fSYdVjL}=aK7-}2>)_<^}e6mV8rm- zkl^DZLH|P+fp;T`CLCnXZR8RJ(**qG0fx?D0LKc;vKb5l)HEv3c*<14*(80;t3oZt z1ZWvbz*64{^wD%4~rIO?Et;#zs^kF?g%Pf%C+l z?;cl9e`mjitz39)uGQGBTDI4JbHDP(lkbhzV6aJJZJ7@74Y;;$BIeLm=TJyrTCHg{ zmO+!jqmF84-x(yiD2*}J*i@LSw!6__Kor%r9);kz%rpGl6V@?eA077ADs9=`2y*wk zi^y@`8f{U}v+_;fzdM>qXS{7ySI=3Bop7G*l5`66{7vfZJ!G1Euwk85mv`L$JHGN{ zcP3}BJ{kNsF_hgSBaf2it2tJ8*ZqC93)|ul{+#8>nJE%CWrg zRiu&-xlj-BmwVLI(%kD4oQaq8r%_B_FSqnYvT~zuTO(m}BrV>Cx>YBHLzhv&ee>@& zwFxJdHTOYHIG2%^rX*LQ+umQ-8SZO1f|I{2@lo0?Tj#@8#-fekC`z3*IYQH|*xpa; z@xdmyY{^wtXS0$fW%Td79=0-w`8R2#1vtOIzG}sceRXHmWY%p?Hd7NXEaXrTSD*FP zyLFl^ja4BxJYjp^pJ43Ge7*a}10W%NkW1X-K4Loy z_-WN}+4z|5>08mAt1gK{%b9=;s%-_VjRqZzV=1#1CPv}|3aH9gV5eBM<3QD0*3j_F z&{rXydo?AH%83GvvKj3qg78TzKeAB1z5V+=lDk@qKDpYbs6Rk`^!4FXLd1ku&*P_W zIwN|xpY1l39-jTR;9gswu{uf}ybfsaeTN{}P3f=aUs6GV`~7%bU?gYXTNCSRKOK$z zh_kPUM8WbhXz%dXv{8(R&R&#C>qsKcL*(DQ0aLl6n;E+VgqOX`(6|&vhSJ z$}cN#EPw4)O!T!EVTtvrc?2oka#~+&5Kvg3{r2u~B6M@DlecKCN8O4c0P&>Zo1|Ux zY?V>w&P1LHXBcxN_wDX_Er*`7<3L0vtK)h8 zOe&OPwB7#FY$!cv=WaD{un;J^mHfh%E}$m*#v!;mFd#-)x9#J+&$3QaKxTynQjy;1 zOLwmm8NzIImL4w``pBB!mTWHbbuJf z3wiB1XqsybUk6l9`8Bhryf8eEa^!b>`jlQ|hJD{{_TN<{4Dt`@2(-wI9rP zc6i?F1HL)H6l(4j>nm74_+wY>21!>E5}k9bmOcxJpi!=m6ns&V?dJcXUqWe>anUNV ze}}V`R>#;#cA6uZxo%lU%3k=#gj194ew--Pdal8s+!UIU($cA(Gyki%G@XlAIky2B z=>Hhx;(4AdeAX3ylzXn4dVxA4=nWeQZv{+Zc@S={0p?eXVFO`rHwp%vE;T=9VqnqI z%H%Q-=m1_^TD>*rwi~O+yWplCyMA_I1@N2M-V_DuZ3VB2-4dG*_H5KM4sbEMsg~~Y z!UJ-Hj|0r$eywgLy@^7xv3dQ&inJS!wz; zaGgv2h{G^y`=+VCQ>Esip~SZ@enut}iqgobVoZ@Wd*;SV^*!Kp4(Srengmu#F`e47 z%HUDO^?bdO9cKC)!(k-Y9^7jAn^cd_zq!J?nv6$!4D84%w6hrO%~6HF^MivuGl@*P zP?7ab!G6tx<*s^vS0ZE2T~9e&^z=LGADVxv-$Q?>VM_oKA~Ao$~X&30kCYjEh7+QV(x z{@v4!=YLoL7PBLiVl`l+pUOO-j*8w*m5X&Al}rAlg>!(Ei^uE0SoCNpA($wHVsQ1R zzps^T5%Z8pL+OwUq9mYcuhMLt&|-MC0Xp{v?ZW88&sfFlrTous+@~iI8~fGmw^yBB zOI-M~{vBbJ_Im)#;XL*&@6Y8m{c2h%#qzkHEUvSf35(e2d(C`3&@tdC%LUd$Zu;Xg z33Oc3`Ky4-<(b@oYR+DghGBG%^o1XdaE={_>ORqx^Ao%P1yV}br^O^F#o3UQ2 zUqd(rzjEv4Z`S@4-oKq>v?voJQHq*!m>YJLzZ6<`->u`o7WGc(^n~rQ-Mo&|j|v_2 zTGSt^P(NK{Zhg{rQ*N+ie6HRxIAi49wNUTduzKoUD(6%eJ6}M=yr68YOKtq7Gz=%D zZbDb#wg2h2aJ>dKZtDRyqn!oLz}w4M;U78a#BDdq{W|&OmczFyj*rKP2l^8e%a0hH z*a;OY>tkH;{OeX(pM!2oH`uEKyC)rkG5f#8d#sFdjEOv`o+;=`z4?JWq8O^H%Q+ym zt-I>n{>fEin;R^4pm~`qx<*3YwIOq|IRC@vu|CP4;@9E5X|nb&&acl*nUK@5FZMgm zB-d^sdq0H*+TRRP&J9XF{Q1tbG^{jkj=JHFjYc(gRZGjx8Ik>W z-*FvscIuPOJJHg}PTqcmd+4|f)O`FqQxxD?hA-RKS2r)3sP3f|cVsg9#HWES7^i*aRy@J5_MVitdknl3En?6;0;T8w8CbO>eI zcUq%CKQv#592c7m>;8IfGt9JGxI}kj;-}Oj{CxsOTk4gE4(FQU{LLC z!i<3EP-LB7T~;-elc*KbkE^;#v3FT6K_>RmX!k={@uPNU&vT!1Karzg#La;bF7D)Zp z`P!Q5hh`7r``vYSdNzWw@efIcu_rZPg7{l|>z@^h7T>KeC_DFlraXO-eB!JsvFBHw z;CN?S6>ii(_p^wU|F}_Sb8tXFV}0u-seU->^U{6QRb{O8HG{*?SRaii6j|!CY@8RY zA7;N;tUHo^z=e%g%-Y}BU*3FuKK!8J*MOh9R4df|7$Lg7SS}4UoR>>^{i1|(=`i(K zhHnRh#Z|!K1giUW-%p0ssTgwBk+wS_vU3jwu9?zD(dcjc5$nb?cx<=f_d=d_CbanV zzmFu@$y(Q(1S$j5k6pB9>Q7rQP2YK2k9-xOe~x|K(aH6NjWnJ#pfBJ=c^qOo1y*Y^9#@z34NFULG zi&1TARrOFw^mn;oQ<2xm!d+U&{;Uy7B4@yz7Ab`tjJWxv;`ekZ5{Xdh|G26xU&(+Dj}p zF+_|xXTQOuwE2=ed7&vQ+^|u)aoQgiWT1o5Rmj(Dq_L{zD!!7-pTHE9P6Yj^)kQUQ z^@U{oD&VHSej`FE;6%GU1%pdFFtg#}MYXE3|JSkWi36MU%Txt2-RiLC3pLmZ3>?-r zIOW08bI8{p9{)A=+xX@?jGoW=w+A3`RE>^8c~GxwQ5yLmq|HE0z!G%*JVYRW+$_Y` zhu);+`w@_P6*nc`&d|63RlylazlfvY%fF3NhljK6+-6hO$YFeDB?uCYJ^1g#^^LQI z)`fW-Y8%=y-iiU2`Gg2+=I26m8=RW6x=0nL$hyafm2aR zt&{s3fEDKcu|c_VT@*))#7>9oHZ@Xcma?s|Q zo*LyVCfF+)uMa*h*3n8iBYVs^u;?^*c2u|Ahp6u*VuOR$rH(mGuYX?l&fzWSE6_Fy ziP4JxHN>CkgVH?YuXrq2Kn#)>pym1G)V)m#kXZRd!fHA4MW7O7v)>18qv4Xvf*w|D z+j)1GICW297&!fs>tPvbOssD+-Hr|?L<9GVKPp_AZSp*d5t zs+H9h)S?s3C78CojGs6zJm+N7}SPBj#bfQ&P7Fsy8Zw4ak+xuID7<9>t(QeTK zuehB-M#!&UEPSSX>(h;&F4c8<^6zD+e=sZq?U9I^9jrHmL?PVae8b%B~JK7s-A=$w`|^C4cFyTn|-ir zl8BDZNL|S)^ZvszC(Qh=m)eg=FX9wdys{-wN_kht zv^_j3pJGEm2rCwg6*IxRn2kxf6FXb%DJ$(0BnLaFd^fgYE=SyD%NzQD$Cay|%eUmX zR>&vOyV9oiAgM^5r!Vr+yNA>L4V>HT$!gN}{>phyfz2peic95by@wXMnBuhrR05Wt zv|na+B@NToF^$ATV3Q9({shvCoZnEN+3z9pD14+T=sxct<+_0C<17yF*aGza6P;h6 zblTvEJ5^>IgGQi*Yw?;>fjXM;2Jk$7*kV^_a0+q#wfXy2_5k59d@qOFqipBFgRRzN%z zu^TXOnZLjyRqwS(zK(Aa@av|>yaP|oys)OGH)ExmyarD~0r*_sm90Wpk_k&d`X15# zZ0?8lJ8I8Q@R4?<;*LX*l8LC6*RL%PUSY2KYlO8q@7YC7SYnU`%i`ZNHZpHxCug4u zva@+ZK$^-pAeCZo$U5#~Y${nd77(#sc>i*5ng>%{h~JH4*v91Qk0A{qA}>)w*4Vo) z<&@fF%(0D8^lJ2@i~*&n6k*=;h%r$vefYEoEMSP@*@5)@C<#&ZGBMA2z*T{m8@R&kjh}JUC#Rf@_ ze48YggncXyx!lT#!YUwgR`5z*Uhog`U?lbaiRx7Lq$~DX+ zuVw2l@D5EeD0aO^YSn00`(3BFDsy%Y-^ljNym!4_abZP$Jsv)o5Bq7}C};CggQdp1gOGE(*rvgTb$^T@fmydx+fOFk$;d^fvjeFR7NZYB)^(+Nlb<&h~QnxXc zu(D7sKsT#9UOPn*zFte=X0$Uq$186#VRmL?eI|%~m)BS$GxEdO7$QX`)en6MNd(s;9B(`2VXHwnG8`V+z%fL53ijXtCh)3wp zQQmkTw-$SB2fdanuAF3@bSn4cWZU9OUy5)v|1CPD-V>7*n;WQ`<05y~>2@tCc#Y-9 zyr(>9{KTC%vYhe6g;{a-ih50rit%izqKn`{_QyJox;=Q!A|4B<^lGk4=7f?c;%LdW zE(MlMklfP+YPcjqZ`^9=F7*C%GEy1-M3#nBX|m{h8NiUei2bB_?%u16o`;$F2?NzL zaz+ZhuNBqIM~teS^ddHIIfAqd2AyVX8c!xvI&$y>v6L?!>}=ogq}rMby`1h(Ngl9` z(!{6-@sQy+()8F9L3^Q+4%VbCG!R~}dF=j8QBm2E*Qd_EFPV9S$7>^i(V}LY9;GNT6m1$=XUFL2CpTeJ)LO5FnoH8d*x12z zm8evzB5Aiz3$$vig|9pN^zuOu&WpUUdK^Kj6a6QOh7@a7oT3vAPX_XsR+`s~Mv@*^ z(OI|*J?nBR@W1T$E_@`ofAzfUZgt`Np=K_-hkDb~p8VGBh~zKPv#=1JBr0bClSy?w|L$N5#aaA6 zU*w~$SD@qol%yzwT}qC=y7by4m3WPwCD}gOw|Rs&c6DTL0Tn^R^F+g;R63Q{{+F#5 z(u52bT@5AF@u`(E#6N){ACc1z?iP@0N7jC=!1;j|X8Pa0=g0IZZ$e9hhksR!P*3JE zjF0L5ydJDQB#7FLhuCZ$|4bipR;(+X`saiaN(X1ub`+ z=xG%j=aa|fO=^pFqGf$v55QC-HfA0shhf3-axeLm-~89 zY@tiPM$b1+HVFMc06}^n&k;&LtbLFNw8VGX#yvo`L<_j|Wt<=F9%!Yh;duXvwDh6qTkzDdM~n@;GvJe&qt3rl zx;j=3xEWdZm^8pKgbpPSc>a}XThInL{(&(5aa^ExZ|K;6{;TVzqjg<&iLZxF;Jnp; z2L30~{y!$A!zpi5@|nOVfIY=94tQk@c#UfiGBPgjzf$&Skjazb8={=%;qmuv>Z)Jw zF2n$Iz?76pgFnI69q=RNc=uRK2p~Z@s#Q3D;GY!0y}i8?fG%=~0#TmHz&Mn`4nU|Q zz)E4f<)`ZT9$bS|G}EmQ0m1Jd8Gu#74{$PF7J;KHqdF&zBh$y|EHfoxViPrv}ngQ5w7V1YAmuq*b8FwIujx)6F@$l@H9!(lY2-Lxu*nydmHPN01G4Yh%#e77-|ym5FEu z4wX>A<@Bo3%GK$4KeEaUekvqHSULs9+-Qt1aO@DdKIl_tBk>^_bM0*vdmi%k+h+WG z4w6VHr{pv<5d38iylTNq6F}F4?pKSBPZ(uS9l=ivIY%~D=TnWQd%l#Z=X&Fqu}sp6 z*7bYs&#iAO0U~Jt7+N)qy7`6!JQX9)$b$5-u8ini)EW3*RP!x! z0*QU!DDMVg8T2UxX(Q&k_R0bPGshoKyY;An%XFcc3d}fiWYEiB$_1*D=;xQ3EjRm< z+d)v=&nG7*A;41_az}YMPbLvzm9=_W%D}P&Luf+SkM~Lwk6}HYX9* zap1|c!O?EAt(N|>H~%Hi3uO~7!rE2)0BMthqoff-GWmZWl+N6JbXeZVh7e%QI%e$) zw8bI1+up};<2{&$vN#Vi{&EH%Z~`9}dRo{e3g25kg&`?;UE;3URqizV;Ulku-WHhmM?i&024u*L*res!Ecj=4Gmm|SQ!0vw^%)alcH5Dd?@%Jjp` z0&VfoyZl=A6zl(ZA`R3@f)Y^RwhVrgC8z`peBP&;(~TYC4dHYWj0XzKdE-n#Zen(v z&&~q;YptR22`z1UdGvI4Tiua37y9VY9GVUZ@dY4D4M5LUe>8`d>os%lIh(ep)L(H; z)BWJm9Q9??d%5_^;7~AAO(ACDOFAg$y6ByCJ(oGR6qxTJW&$_=k^9a-0FH(9vC!Ul z+qK0ypV$t^^oJJ3J}cLM`O6` zC%$}AVBljO9xV=dItN0$(KOQinU0V5$`ST6WH=swFDU?3Fvj>fAq?0e^H?!M7=X$>1XL5#w_L^1Z!+w2@sUha`i zt%{wGd-P9VyT9fMk;S!}EdK%2-_ai?zzG*6WIxdksJqPl=BvJEe=?P7umHjBJD8Vb zfH#&RIsDeg)({FM0LQifDHtxl!-TQ5djUC-74YC9g=f7r2QyUGb&b*RY_F|KIb-i# z*~+D8gNHNK-lr~ll`h|vlf<+gY7cczSJNV(BU5E0dp--n*OI9KOT`GhteiTE%W5=@_b5R~1xz&yr0hWjxiaX-zJvP?!0?v?V|Pf0;MK1z0ylTF=} zj=aX&#irAJjf%7J4W&K}$wlUo?U4xl1=j%eZ-A@fg+*OyuXxS=sP|qw0H+cF&lX*1H z+&-OL-TOXd1QM${*RV>M9g%PLCL?CM62JN|$!*mLSYP2+9%Upv-(2umrqyT;uU*_7 zNm}}WRYGc{i?YV6SUNwuCFONiYUkngeabld#V7K1Ouq{j&K2d4>yA9kzpKlHTxrfa zIWT>JSjzo_1N6VgdeK@9nVh3RXSB^@btPSU?BsUlWBGMvY3O~5M1dL6MdS4&S<@#;=isx55&BT&MD>ZS&b*IbJ zXwqu`Cax@Ygv3#-4PYnEZaom6q_BSHTeq44ATg8&7?;01 z3A>{JHoJ@ElMdDCGZ@nJryCSE#W@q*8s=gXjaCvB{`7qFJ9EnfqH#sbAq|W07oK~4 z6*guQ;o>L960_8!P6ZUk(cZcgpKfj@D1Px&Np}lz!y}1h(6pqQ&VCzeTx5*>P+ND) z3ze*8Kc<}5MVZMMsi=)U9ikSn(6;xQMK;x79=p*SGm&Q#T_DZW;=8K0Fx zygA7UTrZXB+rO;Z*&e4juvJ(1@My0|*yOn*cBfSMJ`V%;iN?{@i@_{SUJt7QrM>mz z>KnKYp61zi&t4V`g>7e%to}@3=r{k(mAB(;#eF&QLH1%B;HyGq7Xf!#&|elx50LuY z09{&DM7j48q#lwEllw!N>aWgh0f4vUbP^Ej*#SDW_F~)bItn;XJKMsjzk}<|;>WTE zyy@-Qx<<@kbs)F|kidF{v^<6=b&z$W8iivrk)zEi>NMy75ODPeK}HG8mXth2j?QOD z`2@|W^^aoLWWlW3@WEd^S|9COG~d4fw;F_dvS&;I+b!NmF<9g%fJSgw$Oy0?JwMtQ z-y2loRREpPJ+&p4JpxXvV&%tM)3!5V2!>O2z=X^@rNTW(r<&t`xvad8lmJb8zi3~j z(thF86Fp=~B$IsTUE$*h#|2y`cAR0kM!svXV=`F!BW}^qqPOR2!+8==3zY%B--x-Q=YjBb%G%U7INSg(y zVIH{%T33VcdUH$y&dW{_XeoQMX0gvBqczYmoi%-h0O47yKSPvwRot*g)jyza#)jXH{U4Eh9=*Jdg z)gId~ktQZ2tfMkIRC7#{{j0e4;;7kS9JQyd_s}D~Xs7HBpW=O0NiGP4s!~Dbk(Q!v z*5`IHz`QO0HG3}YveR;IBXGgZmlLwkNKp8mnM5Uu>5%wPi4{4-vXi9y~8qbH^j zv&ioN1a5X5cLtKCYU14G+T)poejh~rR^7Qnw))pM7@~Xg@jVH`NEfWwwk<}buMPsH373oW|hx-Puewn>YvMn?rI)#QHDw&mbv4FdyK z3v9tNNieU#duQZBpcvE=p1Lolw&Z1Sv0(3?Eak2`V^r0E`dUy~g!m@QziRb0R-rfB z3ijB9{`W+JOdVp$#}_B?4%B(cOt$fh^^dm=c%(wCn0f@iz?O{xAiVhtVH;x>tZpXV z`rl$}FoHol7G(@8h}YEWSR~%50qv7b=h&3LeIAQ~O%=t$N8}wY1Ai!7u{c_0Pt@NErIBy~TA@5W;Ni(wATFp%oO zNBa>Zo)`-NV)W`g%5@g?3(&1WwSJGB502dqHI}f!Mi}72d?8wM)MMYLsRS(e{7XT5 zOyl4mcDg)2^7tP!h7n|>UC}E3B0BKY_+zn#kdfpwXjfWo_|f^qF~|?|;PTo!8^kj| z3NQsR0U3UOSk;#Jwok-`{9PKjvQOj)kS+dZyQP~)qo}VWtNXS}yrJq?w*ah(#sj${ zO{l4y`nG<>zVagpsmM!pUh^WeR*pY?&wM{^MQHPrhyVki#{UXi(}i`W9wq!pRV8}f z&jU#d!0-6nqWMEB+V#W!%A6l05OUDbljQ0FW0A$y&uV6?t?RlBv=x>sUPQXBuI_1@ zn?oD~1P~s2=8T$Ph9g$N)6jIP44^=?BzGfvOMS~ zig7K0-JcSN^cj$TQI-k2$?3H`f3CGu@dhZ&GA$nbOkj!EBIHezJY zYr+p9e~=n_R09z0c&?3A@4knMiBb3=a=!{jZ-bjDWMDr2_CBfsN!?kF=hVo7f3jox zyZdK?WkW0{toTC(;6S&z-mru6!{f`2Du2x^n^P1)N=g&XF)SKf2ENI%sGS8`Ji38< zJVem~n^;F!FWAmbdObY+F1R)Dj;KGPfdMp9yg$*H>rN?ZlxDcvXJ(14gFm*azI4V) z%axvEF2K2z{mdRYMbf@zauJqCr0Oq~tH%VNJ0cdQuGq{P9Z|Tl#qYY{4*)lY85=5G zU#T43m&kT6IvA8woUt99`rZkwe5W-YwZcKIXG#)Y()1RP=f!`f*5bNZ; z2~}&^oR`MB3kob&aC`!qT|LO%B2NU1a|nQbzk+aewq45CH88s_7{g)5j1C6${go3` z6oQcU+LmJ<(AkE!^Umw8Zt*k$neYRG^dNgC$#8{a$|ns?EaVL)jiuxoD@`Ph@n6$8 zVNhv+IWNX*Z1m}Zl1@NdJO;u2WQaVPzbezwTvG_8J2Rcf$|#KfChWA5&FjzLMH7EA zajXh(Z856!FWkc|6T)}eEVuLXj-UAY1JdnIWlPN675`5WDa9-n`Yfd z2oe=Ru1d)h!WzamoTpXsb>qY-N?E^Fd+=HEBTK?H23zvWl4W}}i)d}Ezxa-F8Xq)3dC zN#07=JPxc>!t^NLtkZB>0y!)FML>q+ zFoPk*TN~HHdXiOFsUG#}fTaG#K)6X3fUC4A22GMtIDkj@b70eN+p~yr-JO?)iM)PS z*l8+@sfCb1E_GMkLvpaV?|Ff{r9!3LgqYu|zxKuCK|R!Ky#V;BIEigBw+%L6tmCi8 zgg6U}SG;ZXAyjv91YKJ_j5uqG5{TE0hczWmqzmC~5}{pQV9$cLWjcX*0%1WcK#caD zyOxkbZHW72B~foH>j32*d$Gpm-Fd>8_^aYA6M9es;%>PI9kgz~mauW$$5?y)Gxg?S z!w(e$XEjYfuK3j;ZStPV@aw5VEc?bo`-0}fZQEH)WDBfV{io40&j7gECetEB?X#45 zfN#T|VXh9hU_Rsw)FCO?bJjcESJq703hXO>Ev$EmKjB8!Wu=dTKHQEQNaL~~7;Y(9 z%itFwBYkt9mns)wpf44=Y2vph>f%(NDCIT6^|0eJv+XxVWak0ZnD5iYgO2*8gKW(V z2W3wPb)ohAFXNx}m+VsgLQf`rZbFg9$G-@%p~2TLtE7;Uy11{lJbs!HQ4RA8zVe>n^)U%t2(v&YcC#wHL2@VHT#^Oi%spL(=`9 ztHsZs!L+QSNTHkggm6}8r;$5fv?Sg5@s87|zKRQdm5RJOag615JQTBRB zrEYoxda$9fnMzswiLaCAeX&t>Nq8I?+wY?wBuN}X@f@mkbU;Y{>fwI3V4Il7&fFtR z232^`=}S64)|;$NDcTg!Tx|mS5KL^6*eB(0s0CW>= zHuEn{(y`zk*z~E=={p|%0O5+<8U_jB&Tt;X5r0x27Un2+yj?f{1<6V$!8S zwN2AB(>AI(6G#~+rNfCnn)J#fs|NGI1$(FzOAwuB188(i!(Lj*ezazxFY%y43&2O+O?k#1F$sa1W|d zEVCH;sW^YW&^!8Mo_kwJ!IHUf-Lh^&>F0~dbfLu?KeJ5KB+9kEIwao;c`QO5N0y&= zV8P6l`zERW*e#vXAh+K^hkDYx#%SACyrV)U_?9I#sbk0JdZNe4w~&HE8CIb}%d!GN z4>7s%QE$D|o+7^^J8SpjN&_3!&`b&P$l=yJhYSZd*P?=@>iodtLrKR`cGx><*`CK_ zC!p#Ir@;q;Um!en^z#1W8_11&Kcm^~GB&29ZuFaXksh7DWD#1#(t@Nfs=}e1AplLX zTx7if9gm8%f9`vEsQWUUYci}5I&?KtIbLS_#Lh#yTC}nyX5DAFA=z*tCv*L>&UmG! zkHX0N2WyCJQ1;#X){#ilgTGLuaAfl_dMRRSH;4R9BUt=%^a@t@iKp83p#1Pok0{3rU;A1I-k4S@5=h^ z!mo~JEd|YlOxxmHl6{Zv6D8moyjJJ&8Y`-xvD$*VDop>pv}-5CEu@$Op>a2~oJM$} z`BL9$=&Y9@|nIljq3>*PYF*^xT}dXRva66G~mFM40<#YySnfg zxY$eut;pk?Bo43U0*FJOfPyvOS+OWTx%`BvSqtty-5gGLYEf=-a(Ws#%V=?WT>~=xaYo^&6A=C|P!nTda3KvpjNaWe2D; z6y+yh9mt`l;tB76ZTI@HSH5@Cz>$1022c2nEBd3Yl9lD0ZIJaLU2jj{rN@mN=6<@e z1AT3JJS=~-46BobZYDH2Wffm)k3~f~_}pG=JHbRA-NzSFw7eE!k>(P!Lv;Ik*x?f1 z#kgx%8pK$<_g~ouX<fw)*aC3hfNHYnw#2C~<4o?iWRwVC3v5OL)3dt=wM{fi4aOj9o z(LhP&`dH}1pK!OT5@EYBlLqR|Y+i$flWzpB+?pAol{lAKG3$E$<$nIprbgXbA8eU$ zrJ<}O4h7}*o;tQ+lUuF@ok#mNGZNTEvHG_ghgxG!VFVoD)&F)pumQ%t8z&k(uF~ec zD&-{YRPA$0HLYmp+r9c>vu6Tajv|fq{=m8Q4D_&dC8np~;_v zC)#rwST1gHG=tn$TISmHBv|30_BRK9_tW9R21PJ1yQs;j%H=Azs@A&$Lzr<#XY4Dc zE$6TRQS%mV3*^(H5|pVZ2l8sMH61WL9$^wEQobo8CUFA%UJ>OJgkNDzWi_!ACQKf2 zS%@&BTA&n$zbiM{W!QC8rEfg5;+91GyaTq)b8o#jwlQw!d7#82=%gIDG#hT3%muhMGv)`di6^s!xuGxB*|nZ8O?QVt~SO|u1a1u zyS@PvQ&Yt#{xpci#@Ktaf+L#OK#2ZHg5f!iuGr7tADx!W?3-0W$cBylFl0g~c!kIj zbDv?Tk5W!;sIRkJFahI!%oyI^?`*RvJYu-?1We6cIx|viN?dV3`D8pasba>H6Jvq$ zeFN=^nBdGtHq(J19dm;?>nI-!hSJ^~Zj;F;0R0CX!@oMVFXtRF$Zi>7WzpwCB6JHU z=10t-2_On9_{%;H6iLPMvYHQOOGqwCfXu()Qsyh#$BHe<1*@9*dGiJQ52yupr^L<` z!Su$QjZzngW(v8+%bnMP-?B}`!7(B&Nu!w^NrKkNtTXNsB#&^c<%z2Yx#E*FnpsnP z89NhY=x=MNtnQ_TnVFW78%*th&0;#ih{hULmNT)xVJaM>A{uUTr?A2~1;Irn=uftT zS6az(@OwEN+Ez8YLKU5+&5`;=D|jfB3p#j)b#sdJP5;X38|Z*=@3Aj zl-MVc$Q$0>#IZ*B`%m7HXLRc`k^~8i4*>N}!8=vr896uP@xod=aV}|oM{a&qr?u)i zQu>z8V=hBg+(mu0Q9WG4YPTN)5j9B5Jk$(*e-sad#gnqa&Wz2dDpvoyZxgG!xEki)S~O9$d5`P=30D!5B={ zsuISGE>%1@oOega7DeL3gH@BZ>bB;;#sXY<3_q}4JA&0AWFRtyYyk*3mp&pbkwl)5 z3}e3~u+o4g^pIfvZnWqg6M5uoVQR-VMb)YB&u_bWA8d7!LAj@xTb9wgD9sDxY5k#UWW6a{37gNNX`H;YazPz*isi~(i;`?mIqaU1gE#TR(5aFDCg z-FLT)xLiMrzTPp>bXVg?qO_fRp!2AA!Cx)9OYO!78?vgenq0c1X{MH}iIpc};RmH# zCXOWSu?%!`iN#2rxw}r7O-Oj#?RdWBAVCWxfsQmi85@o~QbLlaP<3y>+^D_f!zXL% zc<7RMy9x73?|$X`0ofJDMgPUET}^|nhk_SgvO^sngj7*`nFUfv~U9TLY`+U z(%1>ei3Toijk$C42mIjA2wv98zruLH8I?bKMs9yrj=(LMWg0L}~d+dDp- z0PG7Yimde~o&FRfd@QeYF3#eiwY=FE!5-IKFzkp=3s}4YHiFj&*oTPtjLOWUTba<-U(^u?}#amH92Jy0FsBC9F z^Z63~@Wyi7bqkQM+zq`!K4?Nl*a{6bStrXs2cF>XdCUJz8#?I4Bqfpq5__|+((Blv zWRD_-eQQyjg`5t<7omrT#RgJ**-9d^Y5<-gN4!+vpEAa z(2)&~2Y4^Ky8;&S`HNgyU1(c{64~l#!R-8fj?n+iLXn351f)I#@tFHn$&rzUOSYom z6X=`R`R~bvPZf}4r9JxhZqtw7ULDH*RRxqh?Q*%7%m$76k>FF9*cwhj=O&L~CP`Mn zU)BbAsr7Kqa6^uE?op0$?b%X?P8KSNzz_zGNnRA|j<7>wEeL0+7XqS`0jRWUO)zCOqoouxX>0SpjEGK)DtKuD|t;=N0v zxVx$@v7F!N3jz&!BoO73Wt;=wG^;B#pMs5N}UPVts2-)%R#_D N1zA-Y;BI{L{{e+~Yq9_U diff --git a/copy-of-sdk-docs/docs/learn/advanced/baseapp_state-deliver_tx.png b/copy-of-sdk-docs/docs/learn/advanced/baseapp_state-deliver_tx.png deleted file mode 100644 index f0a54b4ec34bbe282ed6eff81369428d02dec095..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 59007 zcmeFZbyU>f_b;sE00J|lbcujcN_P$2pfI!uf=Eg?0z)?_2oj1Qpma#rAP7vz}ltaaD(*S*Vs)R{T&eRiF_U;B055n39Gg!t6>*REY7R91rPT)T$J zdF|TuFbEF#ADwR_sn@PCUQ>q4Jn%H#$iRL1Kz=BcAi?fhJ7ktE`zCMpV?DKeI85rE zDl~$G3_BuGh721H<$Zfo=4B}(ek5dxQ{lmv@No8 z)FqYAmMHtPG?O?LqN)>bQw|M}kdC95xP7tTFXbj^H&%M)f3{iu?%9uztSYbWR8{;W z!B~Yqnyz!BX}UaJkCD1McZncjRVm~!sXHiqCl@BDzMN?&<^zM8cbQJA?h8Z0OMkoY z!x87L2KAQQ7~qHXzK3f+;;NnwWRFRnZRpySG#-63ev)hO7KW&G&b>I_?>D-wkzP}4 zT7AT3lGXKgQp>6W_{%iJ(Zmed&X8WEYQ_A$%68P?Y^#2IoXhAl zr*4DiZqEZ9!w{mt7#g7o^v+GIp8YsSiw4QSAQ3JF5@C(-lN9Ddq2{}|UNDLPrxEVd zkd|aFBb6I8f*ZYU#8T(4UHTm|9cLXM#y2R+GE;H|5dc!gKxQX*I~((a)pGbP_+0Iq<@J|1*v>GFuwr|-n%hY zW>MSoUCGdr0E0y__S|Q6FxPDhtQj(%U2&i$0mLr&`rvLT?RD_z8|D%3WN`~ZHH{8H{Cc3bS9$CLf@ z_=B|{wsR-TSplcJUm3Fg`uWcckC`$`Q_s0yGQl_*83HP*120(^QHjnpp?Uyg=@ks;=Bxf@F3Fc#2!anyYyBu9RPvDEj(nMT6de82eqKXdD{`I^r03vMTZkVe=Pmp0al05vJ@|dT9pj_IC@T7`fZJ zJ-nPQmV?tMpFNjImjdcPvB;s4ZINSqh|IO_&lG(8C4BQmF1OWKsk!@J7uz!4Z-#(# z^I6~h7&@1pdw~KyCC!)5M$G~w1W0S|6VZtdPkgqw72EC+`?#oRe#qUkpA~RfYvOnK z<7nxPX&55cC5tpSg4Y5r!{Q`7cDKhw3D$=>Vw4bQ#8uz?BKhb+9 z8?qS4{)Lp8Gvu0PoG2C?;R?NfJusz*lf2z`y>}yG&xGFY4l41|f(e!AA6+H4#29}E z6_ivDLf7bxp#2T&UnuJy~AJ{yh4Gu=Z8CUvd_0ycwRX8h0W@9J@SZef1;IjpN$ zHKZZd>wUas@3UEz!evnYg<8<=DKPhEjSNxp6=^cPZIpPNMwZ`EYKH5eGDU44*s#66 ziQB8j-3}VBiN|fBgnCWBUhiXbKuE`yHk__~YEsOABk)}h4z#c^TF;_b_920bFvg<0 z;}x`Y=H~i3ZQ-Sbq~^*qkS<9eJm=%ItX@b?V(D<9!BCpe)fM~wRoz#2^#vVVM9+8H zfMuVIH2QeFxn~g?rM5F`J6bGI{Gh|DX)ct8c8*HQzk!gNzq4`f>S)q&v*~QhMT!Se z+7f=P(71MRCg93X=y*s|s_Jlk)F?~RukiUoM=ax#bWN zo>JMGdCrAwB_P~qfi${%RY2!>(FTo5}UOs-TD_cJT@oX#NIdlo{!>IK{b0!+6yTcV@P8U`d6K8<*5<`#zXi?-*8!?*%^C3n$(~ zvHkRYyY{_bf+quEn|1DVg?23j>hcI3xAQ6uL3C83Cf%~}2P}4ew)PEt<=7f6$#Thl z{y>>k^!LwToAYJ*xfrRws+7co)Af@2@aug%SV39O_aZ8J;{*^%Sp{t`rlhYqy)Jko zve(ICVtI|Z?AebyEFlq3H5VDZ<;YgXEaIw~FHgJcTvzAQ*GGzs9EFITk)#Y4K8}OH zt2bzUAu6f&pBQUP=0x%f=@e^7UAP)Gc$TTM%1NdBq@M`bjx4Sb+C+sBFGhvqEC$M~ z8H0+%WD(WIb^lfD3VuJdELGgAJjz#^TOpQqb@4jOl26Tj9+H4XR_Cg(^gcC^Q3LCY zDmg<2PZDjPU$69yha;>zqNx^`xqWe%yjR|ZrC-diKFn2_<2fcV?+R_!S^c4nWNrNY z%q;+|;B-f;E3*VDR*UZ}oLgMxF)SNR%9@5Tq|XfB*p`&0v1P3(eH$!kstjFDcZiZa zpGtVmNDND6G*T?bCJcN4qe%Cr)f$W!be!2>z7r>PS>y6JqO|9YP=DiG9DUBiUA9mkNT4}+QMw~yV|Y9p&>VH2H#~dFd%Z}E z>@cagecP*#22=>6L|?GNvK|z#KnQ(EGt8wkGriXerYbp^sp2Cis%#zeh>66TgG;4z zn7a_-zKq)NC*gZ|CCsHp?SG4V_k_VE5iwe=OA^|rCNgWX8^f4>TM>a`2bZX7FHrFr`H;- zD=HBWM-CU3tX7tDu!9-+fFyZ^9d5~wE)+Zp)Z+1GT3jl~V0bgX_d{pvQ}0Zehi=60 z$*bsOBSR_+X8q54k7fe`^tB{y25&9DNHUba)j<=FA5N}KosE}M@cj8T0hR>JAb1_s zo@_C57hz8HGNWW>60tes^cpBgJz{-tU5~oWnK=WOouAXqhT|zd$lrW-6ynO8t?MxWJ;(`*0$5v({G zZJyY0m+oq)N~3fpsA&hVg4U^zhg zCd`vlWt{AF^SF%4jKU!V`b<8nPkxfbl}bYwR^=@}l*%DJmCdiJx)gyR>w5BrGd%NA6L<@fk^mNtlV%`T#)1XMrECD zUOnX;#lkgpDxcB0Sv|XTuxVq#clD+;xJM2~0+mSA z_ms?Y8WILrnRVgzj3GI%Wxh8^a&D-r6a1FbSQwWe4>LuwlCxVKQ!{gp+h3^-fPW&B z|7SHM=3`8ywR1hrF_oVok&nEoQRWc;!~+=rR7$$-a=CZaTlNVVwY2@t}vDTdEL4utpTVyU{^ zK^wKyFY4S|6}gJr$s9(S1lRGS5)F60@k7fc@L!ThfrQNE8f$W7)pm3*R&Vv{b@GqE{Gmu5Tns*4&y zkuf<+&PzwJm5Xs#BD_tf2`5jCe{^+!S@`w20m zwI5TBI*G(KN-e7+MY62oe-g|Q}QnS zzMTuIIYE~tH4hi+_s+k*xvv%E)!mJI?`XW>z4Bll6u*fUuYN=UdsUr8DV*>^le1+$ z{H!nbv#)z4d6*rh&##d^RgwDLSx>xi4$_3_#UhbY4)@$>#aJIkY1s;%8P0Ei-2X zLfK_cmNC9B=o#Yv*>{|bQY6{MOH*;E&W&52p`8dUd|AXw{quHmec?pZ8~1GP9QF+N z37e5>M>C(()x6DA>&)kbOwV;}^ukGFFx4>?>$>HrJ-apK;LKRUyTQ1`?u0j)c!XQd zHY(!KsEYe{8C;RP6n2bW>eRMLKWh0ze0d9%y56C88O3W*dP`;rS62nFW6oYgcHy{KF zJV&w=nGsK-0FGoQ6em)4@M!xybQH0NZUfcj_S5ua)ok8&(L$JAT5!cdb^R2SYu%Jr z=SP(0UBpa&nGEPom?@`U7le`OHzqe8;a<-8+2zWopX5WNlbPZ<&F6|l5->!E`6Pe; z#5{IXx|T7+#0Di{#uqLG;E{W*Sb;WN-KnoY-k|E)E8CWE7gc27FtbiXxVW@)IQwvs z(WqO%GF3Qc&aajCai29MPris;xz^>~m4IPp(+OX}&77irjy6_ly=gr^qy~7Y&zwNaN!XeN4q0|{LtLJPRvDud29n_iCCFspT(dWMjj3E z*BuquRbn#@a>NqDMRc|S;b#6U^ycQh_bfVu$4mK;iG9aoMB+*;mKy%Qm#dp0s{WAG z{c|WJC-^=1yA{FlGBc-5Sr$aq@X?QKS;m`?TdIg~Y!h3K{MgjmVoVqjYQxOSih*m!-6Jig3U@l^Jd zDz=W&yj4b#zLWe*2s?o`-C(0qNpQ=r>e#%mj?EWVJ{x6WlZmc;nZb}U91b^l@mLg@ zC`6Uhs5Dt9&b8F@j8r~o>X*PgjAAV~9HH$YVf>G`#dyP~y^J2*|g6 zVQ2s@2iqB-U@aekr|?3Ru+86vBA?>GFd;33LQ_ApxrP(9l4R+y<(I+!K1DTfn$!); zYbZ4{+eawjYlsW*2zN609VA4-e~#%G$x7fH!r(Giy=lK@hMPgl#l0DwuQXb0Lic(Y zK3t&tRUQ$~R9>1{oAVNu`XV0Mbpk+3<6iu;2GBmnO2a=0!g?7aFgOGloQR)mh^?kGhZOu!7WF#vL#|)l zDIVI`4zWR%&{u(sT0=oDnkpo>mO%`7#0nxU(V!m?xK7s1ac7??jCLME)OUY?Jo1Ez z9?p{=VlG)=3&mi*3un&1VpNZwAjfHLTRnc}$cP#LUI~Q~A8b%!3I1+3(=fi;VhZ;N zCy`+UP=U4WNa1tKhZ>u7lA~{ZDY1Q8dR$a%$sSzcQMAdt2 zZ%KB%uL@v+Wz!S230iH6!Kwyts>tvAMq#pkIA0=B0gjsfinj^^t}Zo%wsClQ z!-m_-v2&vR*>e`}5o1u;22ktB+J(1x+IS2se~l`Zr<|5cW@h0m+fl;0I&WhAE2r+G zfp;n7f!8-Q+ANaOC#5yuXXpfSMGFsBTH1J{)#v@s+b+#Y^NF11%J8RaDoSp9r_Rvc zop20+o5JTg_%OoV4q&!vx9S{!`Af-?i*RS?_}fgJJ?TcIqG0|2<2RimLxIubwohl_ zrg65fYxPnkB)lv(yG~c2)B4C--;Q1zFNrLOLswy&aX8F#6TnN8T*OVCZJpf|3Hv$) zip+K1E+p+zGil76U2ltO%K)%HP`mR7-j?P@B~l=&@}WEAfv>Feo=?WEGlzHY=oJ|j zvDvdnvy>FC=DdKJuq(NA@;*)|x*t_)`RSK#UNuB@t#nugj~QUhj9Ojl0Ei;u>7~F} zRrtxuH|ZVcFxTPD=ac>Llb(8;3Zf<a9B6r}xec4TgMWTXXoVDlYU#(76lbT$eGuRCIbe!lK&gjHZ2hY6 zku@BgXF<|7hQ?Sr7r3IVTAzqjRUX~gU`$|Y+M3gLo-eFXj^kI^Q)re~k zAH_8ki9y>u>=jdH;GlLJ^8&&3X7r?kV6|sj5y|RePlM=1M?0vZD_iQ^v|-8oK{PLN zF=Y`otkG-k4tU+HcT!al?C`ue0-MLIDlfx*@JTXK`YgT>S{^)z_#w>aJlpWhZIHw4 z<_Lv3Uhu0RE^v~RZYCuRf_lEa5Xctz5Xl--iet6<0-C(vyAk5~*3uC91mLd4ju3r3 zmtehygp~$Y`rFj%f&kt%c~0x~%K0GEn65|NI)dL>Ew4ew*a*oQu7{VR#>_cauCJhU z7if(y5+rLqATEmfHCo)gFD!+~5PwcmHVs!l-J1sv@61^)WHUYI@x*q&keUp20_zw6 z+};jAGw$cRU+d}b1MsGB-GoG>1R%e~VfchppoQ`s{W-9nM1sdCq5Jf=lAOHvS1<(X zA(A-IGAerFYThR~ZASTsb)Fy*8Asx{GPHtSM+Xq$UI6yYn(hLSQvFV;_)jG|| zzQ+{Trlb}Hfc56q;5GmLSN)woa#bnCj;CBQe8sze^zr*ghkX5&V%CHS%Z^j!r{}M| zu?{uI`}8Y_1-P7(U4lR&IFj0jWmq_Ks>rO!j!sY;jcpYwc&Z%ffktXbR=?YG6ui`W zvMMXT0!gK;`)Eh6a=rGKiUWU*TW8sWVn$H3UJlFD|K!Q&quptbSvMPt8S%QBq5MQs zPSTN|sMn>^C zyBuE=0LhM2SZj_tId>(p3i_QMOnJqL?}ejhOMgmA5{362KHH6>35;o)l83{(INCv$ z1214C9eh)XIM3hNEPzoCJ!u?YpD>I5W$zoINdTUalM+K7+zf-L-YlZvOa;x_leofo z1(0d2h^WoSodI+~uB2UOhg*dA0iqhHMwJ!@T-N#{0J9Z|KB&L30vKw|`ZeOY7mv^w zys6hO^1DW#3%Lv{J3&Du3@WhZt0vV}RBPUNwou&d=y-gH^sjHPOym?GIP0TDMnd{{ zN-`OuZnWdAt$7?QSYZMsb!&GNwZ6UNSjeV}p%!p%4)c}1Pr+llL2bm$mOy3sc9qp+ zeN~CL%nQIBwC@;AVpjUW$+p!w^pZoD*6W?jZQB@Hk--F_r62j)ZN04aoD}pc3xo%e zVYo5kZNhK_>S@)ZE>08)r;lX_KRSM0enJTPq-8oj)9y-N*prxZgtNBoM?+Lk?c_bY zbxJ|gXD|X4`z7xU0`V1KeXmS^mW|iA}SQ zl{29Zw#$?e^_1X{t87Plwi8ASuz`b&hefn@SQx*^JhfI07alRBp;XvVItVNaNuIwF z7?|WJIANAn0)eBYzr6F@o#%Fz<-&EGC^%!p57gB}g2~paVt31#1~2Y3SvYbc8GWMT zA4KFsR~el#$`~V^e+J^#<%bKIdatrlwlk8HgNli!+V^=dON&cnzE#XOA+=U;4fr2mura72)O zR`g2^v}2K*D-)oT6HI9Q1XoOd z#gnXnhH1n4?b?)>)HC;D`V)KpIv?COVqQ8uHf?#m)xmKeVIC3vGk$GWQl~FW+$=O{ z#@3u^MAjdsI4AXhN(iTDaoGV3KYs-BDosajJPC3!{rG_6cpP*nOW9oTha)9sj#J6< zfs!oF^jXjSc-?qsmdkRo{c*~rsUI$8o@dH>4}KfFn-EAu*2Z%8DyDFwzaL7SW|rum z+}TMG*SWlpVoC4|;s-~z(g-AvlbI85Y;$tEsVs{6$ArUDLEdorRy9%O)%o%Zas8j; zdPO|d)|vhTroOu(XHS0hkL=YE;ccWHzx2PTpQsqhj22lfQ*_w~U&D4$z~@3>5P(ML zn$Dgsh9*KOrRHEzHN)z?VjM`m@4AIeNk=(|V?t+nQ1{>ddgAW&)j@A_Wr4P=rfe?N z9p07hHk|*-XVB1iU?}^0J)yq6_i7xtpd8Rj#_JMRevzQCTsES@AOBq>4AWLAbITVldhdzz7= zs{J%$3#ov!7!xlG;=2YPEB*G4Yz05siW%)s-l<>fpw~N2(@Wmp5%zJ?B4!aC2pHr) zJKERW*o6h#AM88UKHzoqJzrw>aoOUuow0~7GN>B7eXwm+(wDiUq!Bi$IC(wnLA6=R z)zcw{hS86DQWNq|5iZ{sMD#vPagS7=upV8cWEr(B*-um74LF~nr=1#_@nrhCW;Qv& zy*}3a?IoA>dxyqW4bhU~4Abq$ikVxR<6W^O4<|EIdG8#be5yP6tl_3vmAQ~vdPTo? zC4iM#*j!=^({Ea)_h|w4LaMI>*gEiAErb$|)V5N&51Eh_K0ACrb)TW>bBmQmLqDjB zN;dV(iG3DA435@Zh6*p2&U*@7Iw(?evGqIHOWY6VnKThDYcklLRtKRLALK~y%GsotVawa(+gY8VY zLU@GEy-|a*$F=I2d*Kg1xz`ZZzb|2tuHV#~ncnsvC#RfW_QzPBkC;M>R7+wqk;po`ioH8%?8zy zGTn7!OOM&%Z+$ktAsOR4I`t)*lqvY+Jc;wU7IgloE_da1jia@V)uTm;>d7&$?Xl*7 zt0(sT5;GdYXBhR_Lq$jDNu--$CC!yhqwas(M^Y=<6EVcrmyyn6vrN{R-87^sT4h2$e)?|N9_iv#7ShB`YikI`?#} zA%o6$vFx*Xn|ByYJ7M~0Y$!MC7c0Z-%2lbUXPGYVSe~p5&!Lhs>`bZ0CIT)$JEWLC zV#_r8%H2?2TP0jn$HJax{Jmvs!!_fF_%g;PH*M1Dl4IZgUCoJrPjtzpjc^1>s0wL_ zbRaN32h`463CUW^2UQkj#G837=9nz8`$bOBe=2FD_(DMMqpMAQfs3Zm&NuNlPFL)2 zE;qW5j->*Y6%Z6$X^zc>#^zt?T^gocU2OLu(Dmr1VBkOsgcU@cD+w}_Vot=`jaP=nNQocX|0zt zb=gGPhxkF`!qq}ixT0 ztsbvdm8_c4H(P{sv$UNWo<#c8KP9l(T_>=2jU#gJPZzR#FnYv29d$~wCK?_;+_-f5 z8bf#c{?EGGf>twP+-cWlE)386`w9ah=-khhW0j(PR{bXZ`Xg}y*G3jGs;_1P3d>sU zi_2jm1e;YNd>aFEn05#0LdNPnj(3xd_H~J?cX&REM_`tZZSIi`w+e=xV=-S!Wm!*8rY z^f>yi4L^vAwE4{C99cN=`Zb;Aefh-LT5C@r@7oZv1KbOb z5HBtxfwHCE34>R6aP1Wl{w7s}3E`?dVzZ~mjor_N^H-Hrf^n`Y0M*dF>i+IX?cPUk zL6_6Jv6Y@I6y|dkJk94*o2@l91HVS<-4d;#&|SvUs98PJLr05j3VOq4UFoiNBoNEM-$EEFt61I+m)Ny z_h!V`%+`eLGj<}Bbdjuc7o@2-Z=+CGm|?^W4i{&~{SS)(-w4piARbA2<-s>XI~AfM zB(DI(PjePa#n*9Yw2N~qa_b22kaE}G%kKIW!o2D!M{f`9|H^+K>nwkKp!_b20Q+L< zmI5*5_7blH#(U*OFi4#{zrHPkzhB`721kFxD;Nl1+zM+cTTM;Bo`k?Cp7C9I!>pO= z$=$D64VdP&M`?P34(E_##qDo*4H1nvdA}4avZKymJl+|d?3&^zlndFC+{X_ZsmtLH zv=qQJRYtpr{TIj%w5JIIoLlP_R&oujNk!(Vq7FzH}>y+T+7c)eMi4-)fpAL7fM`>v&BrJ z^1XH)+UI+>GBOOuo>x7qui9hgJf50p{ZYx8ep1=%^*H-5z%uQw(`s z)5CkPl<^8{Hs3eNdG(5jnu!|Y+Ak%C{zv21n`@s++$9WG-po(WxBut_B$%bF-+~tsLR_LCUa(m zCCg&mJlp*aO^&4#n|K#SPhFYqCQIjAFCi$7~jVWsj^^t%r z-=i8(m1yegV{ojxZ?nX{pte<>L}%lpIjce|%D2 zzd@Z+3dQ@T+62cV2>CsH?cIWn8%=F^{|iOy8VJQ+hNmf=SVikd6E!FmE8fs#*$UmD zs*?M{R^pfeShi1HU+=NZ@0_lm^zCrfXp z$y)&>yJFh8o2z&h??NvW%vsZV21w>)jr;U^zbx@h|6;S|CNxb)VZVEK;j7p< z69<&U`y->2H_SdTeFG$R2R|hOBGJ+6p~XQTBCncEDv9sJga3tZ=tB#JgdyiCu&iv;`O z-?Z!Qs#5hogK&;k^BBfo>5oL9)F-J6^0_g44(HvK~2qV*p4v-=yXwOdroJi$h0wI*3f zTNVrzN&O|unSN)vB7!@o-7f7P;;&xruRBs=N2uYk7*;rJHjfm{tQNCpuJlA{N+sWA zOL!?0_iIcN1W6sgX!qsl=crFq1{G`i>srfXw&OnGbZ&c8wf(cZJyBa2f!rRNrI^IC z-kP=oc|`XXsiq43()M}02xYswYVnBQXV8--p`tTf)^C6O z>&V7PQGsIT_-Q(IZI#$bhQPK9n*Q-EfWA+hNRp6x;jnEtO?1yOn+U*jLZ+7A1)2ar z{%7`|wOzk0Y0(#iO|X&f(sxg^Z{d7svCLz8rmw*IJ2}1c_qQ^bqal}hS^mxm>8X6y zqK~z5Rmjm`O4OdGjcI(0|HWyofD&CWyW7^(cu^S9xmpecCF@Pus2A@toUaWA+Ib@7 zGAcLyj2U$SO{-|yebV0j8%JKvMfgYFaC~`5Ts%1`X5LOg%T6eOv<@OVlHq>&4G z*eJb|kZPxa;5v*t{T6Qc%*g!Cwsnr`}r1!mekRh#U_~1mUElb2@hU30PNh@PbY7S zks@fGz(70!cTLNWZ0Ow2LfISP&eEog^xF;lv8pG`Pog^e*s^@*J0aSXgH>oIuaGr> zf!zVGa3V)J$vDg>t`y1<_??%L^IYw#cU);aiC%@3`X5%LOLu2l8sJ5X>c|CfD3J#% z5idrNiEP(yH=Xt6#>fD)b=+H90T5J;B?uR>=7YE5DYEbF9t1%{?88fuy^mXy^pUI~ zf^#aGIxUQ3x!LKFmYh<0tPE*pd4#aphwkjOMn^WA6M-0R`H8 zzQiQKsNL-_@tFRl)2?&~D35ucS;R~UyQgYh?7=k^=YAhJ#-3b;$^oLr>76RM1y?vB z9Cr^Tm8+Wa831eJfRaI#RH~LKJ`T%LLg@e!pm8F`I7qEj6j1hU3VtOD7*pg91DbI6 zd8wB*k+g`xG7^CH#haJA&z><4jWfH+@pPJug+f%vI4Q)v05EQy6rBRP9j@C%wC1am z9_vLqU9tB4*lUiu;O1#IATXETOuc{Yhu;iyOkBBYR+Lkp;VXMgFfg_cOZKV;Ou_7BXcc@mK;fR{X4K%URg&8j@ z#gI~!hgsa5hMCj60xR8GjVc| zOGo9B14v-Fb$yy7ltt>vH!^+rq&k2lo0#BWuMNM8ufwiwS!H_|h2fLQ za$n}T_&@^SIMuoqAduK!vs~{f;bN_Vize0JT27rr!Ta68AvEm2Cd=LsCM;c;&$bKn zuoQ6eD`h&yYB;Y{XwNf&wv)_RN3M<9bQn27;jeJHUeY`RqZ?7Y-HDSxw=JU6_))KD z?ckG9bur65czR9#i^u0mD2&y}Jj(XpaL4>I<)x9zVFQtqS8zn)S2az$IKW2GK>o!> z*n10Ho890+6aWs$_bxZUSUQg|Aj_xgiyGX*04rK#B%;Vm4-NsEOPurLL2%_ zwV@wOMV6R(fHNmtXftw536C`S`5fP<;&EB(d470rctA@Z)yzZzw^3qXIhENYz`Fie z`oU6m6n8n``j1Lz21>ew`%AxMR5yodH8M)xxHC3D?%Mr+U4GM`dpC2C|79WMupt6_Yl41TE*dp`E zWep1EhuBu_jg((Td7w!X7`15T z445sj6b2fI-azJpP4NKAM?HlAIkhaK8sz(H7r?68$0ek8)p)&_T-XYJ%!)Yb#J52Y zVXe@bL61@pm=&%!A>Dv0=sWow+@?TZog(YJa>VU;O>)Z#q6SL+ZczPwUk3B7n>U5$ zZfQM*LKYb$r%5Q%_H`L$K&y&nBOGzQ&n(A5VKQylin* zhhaR20Rf-N18&rDWlyLSRM(?R1;7)FSUG%}ZWWpx~bi4mp4IJW1bL}Z0#Fj+#sd#T`XF)X`p&-iHp zKA7XPshTpSsJI&2Pm8eE_n&;L;{lgXj+o>^r;^Wyyk#N(CCZ#dUjGrMy>%s}Y691I z7nCWDPCfU&4u9Bv7Yc;5U;9xuUU7H z0Ha{EiG+5NVS$O2M73-PzI8RY*XRjwqxKAX+gGqwoWNGV^*LtQ=+e?sawAmNb6;4K4@Sg2}3fQ^+ezs+g8Y z^1B;gmik#a>9#%kqS2)L#@KUNg}a=;d=;gU?H-*~fQxI`2i7)x)H@;niiCoB=onn4 z8w8VDBY*>4O*aBcXFEtv&%lMz8wofh0@08{lll>G^U+EQESOyWq`R2o;m6?~aLdkw zM#1Ek%MM_D;5EhE*N_FC`uYLdC#*KJMKziD{lFy~l@xaEd0{@WI`p;EP%Z2TT5hal z%DZ|S@7>l%8l|4kf2o=yF&PXc1c|!TfD>~O1WFX_*P{>EBZVdpmN{(IdD=r>K%p3| zXqJhmV3%hEIw~IjZJmcIh>47|7(x&MCf!B_;G{`;}YDAoR?ZkZFsMP zx<6hwsE*bF^gj4p)`~X*aB>+LQQ7YkRIpq#bs|2D{E-6^D2t9T_TLAkP{<7oXI@N; z$Y>~hnS-T=o%PS-Qv-p9t;VzsA=gD-i((eQr8&$C;JUVWX#FCk-=UFNGGA{51Pce~ zy5+TO(0@b+Uq-UNdisouNy`;2Io;8O!C!^}ODnMe&D&t+u$5i0hW1W zS-}3sG6djr^RkzVWEfsxXW68Q|7S_gyYV|QHN)P@ueWekFhQy7r*)`*GYb)BPoaM3 zLa=|ZE4}Mw)JnQfKvdAKzK+gcT9+OH)FqM|LwC)@Z@NP&$h=wTt=5&@(Wd(2GmP9o zsiL&9jC{auT{py32>$aCK7e59@R;JM&}U^RU2e#~P6n3jp*My%SCT z{dss4@GoAXFdbBoc^I!M6N==&2n>!~Yp{keScA&pQ32aO`!Iq5f}Rlgyu5@qfgD1lEB4VJ$dyj^Ft6ai7+I`53JBBI~-y zo9jYakS{}2_<;$xz-aOBwd2JxKzPO(h-PZ3AVjr#iv{En<=r!bdJqngWV3&`0RNZ* z#9N}khvaN3G(S0%2C?>6%)Eeh>Vcpv|FJhHHiR|25MaUe8(jAP zsK$~ID9*s*8AsY2+68I?b2Ic(FY*4yJE_$F;!iO=@2 z6%Ur0RRpOWP*spUgYrL?mxho*fy3cLjPdD>Y^`W|H_Z5ax_bKVRSa6`4fd$yKJw#A zFhR?o(wJNHkNkz`f?`F@?^EjGq=J?>$B6yebbL0cs#qBMHc33S#^XPy&7UAaXB(YL zHslJv_A4b6$%)H=O5SuE64>x{A*;bZ%7O$U(agx3A1l?Oqs!Ur0I*bH1z2^3_o~SL zIe_BPa*#DPHnI~SD(@h+nD<@O#UQK|w2hLC8Gf7)jN znLC67zFyhxt-61o31tZUE}RHW?#C5K;gSn&F_&Pt52G-PzKxnE=$U~3yW$QFND0lb z{_+br!k4cG66L66%kqym$+l<$)11S_2*7Q}-CjW6Xp$+4`76z!k6$TtQYYQyoKi)$ z3xT8eH%^t{UuO>5Abk^+(qM8QgRva8yz&#+iXor842k;NWB5K7kzog7cYPR7@!BJCl0Zqvt2`_Wa z{A>vOMW!kIe%G?xGiN|w8`C2C@ZT;pSE~Co7raBF*VUQVFIe=hppFVc@3p~S(xcF| zi|_`SA%{G0qm2JuH*(Xn%XwK^$XoG}41FFTF+u8Z8sn(c0q=~k68&3$u9@Yi9&j9^ zYcF(dhBD9lt^(ds@n&`L(J2mkiT#)4R>_Iz!z$1T91$c$Vj+4e;MZzwxI;qu6^~hR zkxxQWb92y!Vx$Eb1lgwX?iF~agwPN$)c;--0aK{pb>s7?Dx+OQS{Mo;H^;-xNxV-T z_@m7Txs)C<<_+!y3YuP%9|aAY_N~M}QW(MFS*UJwcZ)#&Ju)f9$K5i6tVxw`p^e&U zh)&by-XgfIrE;%xzf<8?90sw~gG2p)@ePpCDh_Ye|LcrUN_6!>^xsthSR}Ob z26)E(wpf_~S?$@k2wCU93(W{{nnOGP77cya|9=v#Pj|BNm_ej6>s1Z!;wm%=mn%aK+ zQ7;@gJ}&U9#=*~id0xz5m4vm>df`-XCzaNy+CSKSs$qPlUc%?%kjGlWHfFgw?@Hfl zbW~;n#3z&&>p)TX5l(`z?AsUMA&Z#C8XA36pv$JJm@A%)Eex2=!9bxR|T<6v{`7hu9y1B(|`FxuK+mrZT-+4k+c@5Nbn+AZ-qhG(RGy9&y=Jj zmql=oZ`&TcUZlvnPtqX@qH0&_E_Nym_){iZVYw>Fl~R<=W;IDvdwDLP+i;MH-~lV$ zMmzV7yLVVQ|ELwLMVidFHd@jg&%w;O8yJZ`HOtA_V9C5!1}`^2Jb+j3fWoab=il0< zz0?%!XBWH^BS2`61(w_pS4;Us+Z7OOdIF%VXy-` z0X6liz^Hl)q>l&&`)tk&g_zHhbd%O@n~`C!!T)8^_5KOt90Cx=u1s&H>Hysuu>EIX z;NSMI?ZE3i^3v1O9fcfcj4uFUcFIS6M;@_vc?w>R)M|LVVR1~j;RqV)&eQEQi0TN# z_3P+}x`tNY3)rn7sM2+?n@Q<(@Y_Dx4(+Ykh0Uw0dYE1!uQHp{DkBH92zFNAP77dID?`j z@GIsa;8&Pf%&$3+5CRC;fFVX$wDWvI)~@S$$z`yW8wm9{Vd|)a!AUg4FxhmdUJgq` z25^0qWZ>CtR8-3j01>kupgToa97XQ+pPR=X*FFK?uKJR9QdtML{C1CMFTU4D(MF;Ifq< z2j*{yB0i?Fw+Wki^be^W7#lI@+4z76Y!@a3(Q}jT+#W z!2VKCu>vPlnZ_(&gR6iqaW)ZvJI377_C3|UBI2M&v7?g(uU)BrtUVMm&T2@G>h0}a zZ33>mN zJKnEt1Zvb^ZucJEm(@?cJ9xn*54y!z^t44#|D7lhWt4fXOBT@R_bmu8ClPUn?;Y#%tccnMwbxn z%WHSv>VfD#d!ql!jW&Uqrvq6!-1RBq+cCihDjt<$cd#rGNvjjjLfrpp~aqN{) zb%u06lUjmIq)iZ)Q~|7zV?dGpbn26LE!YLXFaN9w7yXcbdS^CM81=^IET+cgoOC@< zOKE-lAtA3?WC9h_+b1=`gPB>QGu6Mw!dsXtFS^SP#Fgs zvg==6LqI&!*j3S^r!!tk^RTx0Bf6UdK^f{um*(T8+kNR`N*^q1U0|Yb5KI<2;2B@x zmGs$}4OVa-zvHy>HP6)_1d9;2tN(BRtdmPlnf&5X5^xzhBWhk*cn)}ztDkHKMtLK0LJ}vxl$3Hi3Ht4He4^?} z4~P}AJ^Bh12Ts8KmI$yuVe`3k@rwPyk-`VouRYP=glN++=f4@1g}+4q?}5d#mhCxW zt`n9c|6fb?H?+k_qRAep?pr@jH~A|?X@D-{)=)5TKAcGnKX0T1>v()FT{3pdwdv12 zb}3sdHJ9?})hV!Io|2V^rO-z{Or}c*$LF(n{N&dWmuJ(H*KPuE^tnx+Bttqd&1Rdv zF)LzrY257^Ms+-p{;#J@(U=`n+CKB|jJ>*?$SSiWN0)A&WHe(1b_d#tXXc2n*oenQ zaZF+xAbGDA5VQ?`={|hI*hfy(U(_e+-0Z|nS4SG|z8`&yB455Q+K>I6Zt3D%4qm5{ z(jh~|p=|I5Y4RY5^{Fo-&fWpHm6A190I?x!2_e3ExoAH$pY%YdIo-A zE9d-hV(8kvvO3OU4PN-wM77?L_m+-LN*}BA^XJK58(>Myld|39aK+p2@aFfUYxg_rQ^Jz|y z#UxR>0roO|?B2UBItYDgmwdq~FVkX<56C4qlKx93 z(3XyDA#$mzw4$h0a5dY2hWPmJ-^J1A8`4o8|KUoDF)hIGvvC<$P<{zl8GZ#t zN-j(!MT6(DWp+{Buy#Ik-p@ zho9@%J`aGO6>@|sO#8G0<$k9*3@#E?qfSXWFa}Se_bb)ET!_FLG`x^Iu)qtw*X9mh zp1|**ins=Nb(0u3kaA}350c(CV}!EtARVB$eASG|>1QQK5bU}!cOYLZSne{_uw}6a zOvz(nwUf4&4mgcsuyeXbtkTL{=B)vHI>xi?&YKk8bviu`)W*bnYo*sRjwbK>Nl1vS z?RqH%!I@;;|7g2mUEB$T!kAfhO$fcw(Ui`xP<&smwpLmIbkkukEKp8^Ew7~PHu`0T zK1Ol*^^`M5?t=Y+eYsk4S&ho?L~H>timt%&Z3)l?g}sU+uq#MzKpjND`Ak9XFn%Gg zf;n`vT$@pNlQf?pB2e}f%G77a2wTdbGJb+<-`hcbRjW=Po%WHI2)s~mvr(?oHO z*dGKB>b}%Vf!MX$&N$|Y zOgX2Gx9{FdPuDRqMfqsk0>2XYug{k;VC7m-H1AuTzZV;GW)wL705O%RjEB>z;0=2F z;!B8;=$;vuf9N+*CjfHD%ZNhAReE{vGRckqPhqM_-w~YYajL9}2S`mrf+)=m;Mu6pIs_CB%v9CTix(Qbhic+9kWKO0Y<4h}`#!Q zyb>~}{TctQ`jWUip)$m=Mn)iJN(6K`zwFkQoi}UK z!>y{bjn+(?;PdLsAc)>b1`{l~<`*AuWmX>4fk~f0Wie%WGQjeFpu zD6Q>f5=tgTUmq^`u}ZD3-!lDkBpIiop4GTni3w+|f+Ap92O_ChE3FGJPxhEMzf_JU z7Y4OK4BzCL(stwb^Vbg^Lbs5At7xkkR(fVX=`C)8lnf8Aqo=(fnvhMyV-R-h~B zJc^YRb_eYiHS!SiKpXY+GVe`^d-O6s!fTXArh|GI_v^UJ1f&+qkIV-YY+t50Ietcd zc9du)8fBRH%DxF=l!mHBy%r}me}Koo)@%e$%!GG08w1S_yZidHvOYF--YCkoFapPR z03C$!vX&<0eLe(CT8hFpy@A<)0+N{}m@vUUdZ)3+2ZvH{IG^x9-HzwuBsjkDylvZ7 zZqw8zCL;?YLiui1|C$_!lHn|Rv_U*TQF-vZbeQD;g?NqG1^x^F!tFuQX*?w<5H%7lTHFd9cpj06&~7#zMD{(xua%!rk1l>KxWZP*)0qZrcjrG?IsJDR8N z4CL%=op>MCgMda(jRj2RM%OScY>B#O3bBl{18QaO)jLV;Kunb2GMDfd2hMkzBhmMD zFdP5N#DD=ZKHTz4o1n3BBQ~Cf**mEl$fIyMl#B~)Phd;16rg5X-fcv3*u0V-hr4))@ZPf0TSJPT9L=gdY`Jn7 z_cC?FIQcDJrk|Ba$Yp!czvT;sJ;6Vpla7g;K>XdeKrr++34V6nkX%$ba;#bNA><2) zT@e=nX>Y5b!BS?@E&$NOw`&)@fZgOku_D|HF{-{=HU+xW%N`3je{9k15|b`9C=&>1 z7`kjGKpj#UPOCbKSW!Gzw9-bQ--65-=e388bgb3Aadg+Hw(#1;>Rhb1;LrVJ&0Iz{!7Aag%58`7LsB@wMq%P6Per2uIT8+!G7();EG4u zR4vI0ONz@YHy8%BmBb4w600Ol#&}B^M;9<9S(Dupf z6QN}54~2RN{)m3VlGqY-DemA@1{tKa=d))J`@__&R)WZ(Nk5DHV%0=``F@1O$+UhdDR>IVDg-`BL)nIBVL`k&IJE;Sy;NVGeMirvPw z_Ap9tn0#oCIKd*Z5ehAe{!|>!u|+C+(kEAT1xGQY$5f7K!jQo~4?xJ}ln2g^Lvs4c z{>TJo3uZuL!u^s&n}#F6EHk<#$?UhacngQb9-WvgICF+x!p-M<*bC!ofBI4nnJ$+r z`030?YxPb1S*ZX%_hk>=5td{#CZo?Q(TuJOyaI(mq3kSBH_e+HWECBGgF{>aTp9G8 zL(>ypIK5}avI6efDfH1g2gkcXkykXz^h5VZ7q7C@k;DkX9}X;Q%RQF8!B148REbyn zj9H@7i+*)f#yl0>6(%bI;pP`;nB^X3Hb6$7smt<8{(9hFeyWgMq`ld>KbjfM8@^3! zA0>DB6u46~u!B`}BB&%TefzQ*Ev5?2RiEkEemd5;kD?#~gxkO4H0XDAFlxOYwh3#a z$NeK=uCHR{5au@^pc5XJNlQ)r?z6u%@LBfRDB6_Z_tB=*C6r6Es0)Kz4ruxr)w)d8 zV9t6vyE6nhOL(v(Q7l3)YiG21&{VuI?K?b@+KN2X+DbG)P_r2wqsLPk70oZbxVwN} z2%x*m`#aKuc_hYT1^w9P)6FJI6Om-#X!E3oQcA>zCiIZ*@;YC$nAR6ke1MJk!{fQK zpp!DsdAKrv0fb|_yhU&zztdrpcOG9fd!e5?@12Y#xnaA?95^6%qH$JA9>!?)A#A_z z3QMkwhX1BS{d3 zhRbR~WJLUviNjB5Irbm7rIa@1li%WBHCPPT&*Ixm%)A=S=pOd_GNWwGHb3}gpCEta zxab<1C$W$w#V^tt|4uI(_FZ-%@bmm;&i$v38W-IFPJ;dz-hXb^HXQCGUv6QKeYDh{ z5m@_d%-tUJDq7#Z0UP)0W+tVzYi*TR8TPi`@Xb0a(1Ibj})_hYF`HbzcKRAX9cu1$O4i=7e4%0>{>>108IQ_ugDl@qgVfjhFldqf> z;bzNFK{j}8U!OAn0XE+UtPXWeULnQ0f5$_?IBQ-59A6KU7eA~k7*j0%X+zqZ2~U>* zXEFQGZqcK4PT3K=EWD%V8cj*u`>A43=>v}8AZ$mMCK1|s-BFvE7O@D`^BGN)6Bk$&#Kj|2DKsV&@c_(p)|8Wfm(osU zlp0jH-hHBS9TRiK)NGs0ZOPP9+k%zs>BuI${y35P4_ zAM>V!hI4=U*45hmL4w7#g@9Ficn15J&5Z{ zc8qzbzE|p+M?+8q&10(~SIVG#GRuqZh!)SVbH=LJX4!hKAs z*ED$86f3ox(3wqX{Q7JndXv*q1j_IJPYa+!Od`akqmnRszO|x%cN_0P3yo1CxavFN5y>T_e ztV=an1OXV#Y)k$M=)$44}xe&Z5RL#r*ImxUO>JJX$mmf2TyF*~?pWWvL|E0c$k zQ|n`7-BOkM$|K`FSUY{cdzD#RF+J2>L}j1rtA*?HcrS)*sPnL{bjf_f=m*<54-#PjU}@vH z?Q>E^>j{U31L<4AACo&DdY1RvxT84hzs|7t(70(HKKAAFbPRgC@q3fgRmEfWx!r61 zvW0W5CjEB@OZ2EBCbAUb`b8y8Mv6w2wv?BuyN3pcR$Z?@q~Y)In*a4oqrc}vRTW4w z1Nj0}hKbWpO0pW{08aQ;G7LbNy6>)L^=FtMV`;|v$1@s8VGwN@S+lq+CbCcLpo5L? zlT0?>kJYl>_e`DFJ%~tCg;`9;Kh=o`RhOyd?7yR#tm8l_?h2W`9>1PDU<+C1mu6qLI8A!PI1xJ#96}W$^0`?J!^v$QsMxFmd56T9IEU~;d)U$knRxu#~bDYIY!ar-NZ?2 z0FPGaAO#FWQF(P28&yNoEcei`-%O}pV$qY5a7bJ*(n;t)AOsHJeh+c1I*4CqYLf&_eYYvmiQ@7_3{=_&tp3DZEBE6nI1 zBR?C&j{IQydZEeV2`R+k`$5Ze1Umho`(Vxk-`Ys|sn(jd*f>y9$1?rHZ)S^NBQ69E znxdO|<6eiL#S1=t@%P#TQM5mG51Gkdb27YmNg94YFt_%=uLtcZ5z+H)G1SR_RmN;o z<0ix5uHQ_DrNrfxV=%1usTXoF1$VELMeI%%x@As zB^eK|56i?*Fyb`7Gvkn^xgB{6H zyL9>pR0hb?j{$AGkLY)G5MwACSA0Jwmw}1nS!~McPC}I~ky7UJoT8bsQGu?X*w>ZB zX4nBTB=>7>B0@I%9oX2`xlAys`C?@TIW!G6-(zqWFlD25<$MC!SbcIgm`tqneKu3Q|T#B_SnE>G`1+G+q;^+iEvR}<%MCV4x)CVxer0?H} z_QId9T;?V@@}awS$+X^+BxFa?^pHjV=SeemrE}f6$JIX;6~v~^^_YnzhW-Ay?nLO| z@0BPTkA~%9;l+rSPz+opdXQH^J7i)Q|2c~N*Yci!!@KXL$(WAgwrN?%!r+@4henH* ziGg@adzo7&*zEWXFvQ1tGmRS|xQapE0fCCwj@&T+cYyn8YOE=*WvBix)lf!sVqFg=Q$8gZ;*QtREU_(8F6B|HmnTzT3V2hp{qQ7vOPKq^v>#t9~Q z_(iSQQ7$eRuGtUL*$dMtsW;kXY4ub(az6`KuGrA9$Wch#hDmVS_8N4b_7EUC90E%I zHt+4vcgAs&N5c04i;o5Tv=kSz)SA1Y$3DxG6H(jBj?l0U-(`OWTJAynG7RI;dq83z z+c@{(24+k74FYs|1RNiOl6F6iSz@{wz_K|f@XxLjmr@Q--Div*ZJHht!VuRrYLN2yR{NJ0GV8}?zr3(q(K@FQLsUO=|mns>-HUlDm!#f(DPgdMij*@gBGQ=bk^q#o{{58us!A~}@0mK4by1qY34Wj({9RPOBmZN2x zwKtMdQyKO-G$oZ!cdVlwX*2Kn?fbYv0g8wG&Mq5v(EKmpW-B|)4d4U~`isC{y!Nbf z=fN}Rw>a+$o~4RGgnhdHB=CJrvD$O@uy({T6YcKszP-B6(OLBlB(+_50~Pn|D6A}n zF%#eaN@~GQ#%TtRY9~RF@X~?wX?hI@WHfg0NP!f*I=zZsmI@E>o+o1?go!(d3A=fwX!c0I9oUCH^bt|cR-Fws=5d== z#yy+%(xaVD>8>Pyqn3ny{He2w2rH2J)pxm*5Bbe6w>FCC+cjE+MEopHFGnJ=qtdJL zRHJ2&y#hjc*v5nl*Z0@h;f43&_+ZGG(a<|p$mOI4ShLJ1nVw3v3O-ALcB130%3Pyf zPzlct)O(vmyYNB3(^zE@UknwkP!RX_S*Ox+Vc2dy5iC{}d_7oBz=wso_PA8!Oq7oo z$QR%KxQ^k4auHJ)Bf$&xKNyLn&mHksg+K|=E@qiSaUInv-pJdjj$Ut#YYk4w%A& zSXLTwdje}8JNAsh@b}+N{S#Q}C}3JEQK`D)jC4$9%|8Cd*BDJ`U6TzgWBJjA1XvBAa+&g`e}(Ol2U9f363RqIQ?&l=mE7D;y=^0KATf zN>*4)rpeKh2Z#_qDzvb(N-GE}kj@321|XE{F)umSlf&tb+Ze12n2QioZ6h1={LhgH z6KWTd#%#Rs%e$}YF+t0X%l?C|OXu0%n1yvW z4lxrbRq*lonQSqdwU| z8jI(lt(5FJ(J%fJMoT}XZ$qV51U?1^)tq)?-{rm-)) zN8D*wj|x<7r$#Ik$l7>~J?cs!K=C>dr-T@>EJnIzjr|;ULRDE6k3Qwt zQcV)JP5!H=9P3HDfRSvKqY6Wv=6#fA8i7Y&ak1;j%$3cb9AEOFYyh0vZ6tCdW4D^N zZtX7&3RRk<4lHjsK=Sx8DM;#|qIl9pZg=4%%5;Tipik#RA>$_70sIL(4q>AV!DH*g zT1cK{Xu|=HZ?N)pp!$;|PnrsMWUbg>$>*am8Qar2-IeXeg~P|}_E{L?NvPD*#_m~~ zP~M721=Jh|>i4eqg}(IMmlR0v5`9?k^DjEY{sY@QJ+CAJ6fqr@$Jg~PqD$%1`~Qhi z{(!8}GYRwadE-17m=e2XWUgIXJAL)))owEJYx;Ek@y-4ZavTs!!^XQedITdXP1NPK z?g+0;Z<&v@wUsLq9M&!63PTm+MakkP?xlGLOl7%<%CAh_r;4k}Il>`BZe^M}kk{yu zm*gon0j627hBW1hRLfn8INCs*#^OjDA+OsYt&|3;GX9yqu(mK#co2F2v2Z<9A}r2y z9&%Q+3#Z`glcQki6TmDuXi?D)JtV0dsF!C%I9k(&HEiyiyp%j7B>5%Z(+y-F1J_&Q zsca?>3+|-wJ|`vTb-6-scowx8^}-gs&ZK&5=>mAZg0w2SlCWxOThe5{uha9S20OL1 z9n49}AyQdPh(Sv2?qAoV-SCR)USckFHe*9EouOxAq+Ph$AK=a(1GiQ3#>k4qR%m$>QAn=M@4rvBOZ z$dJ$8oJ^+|3z=jwJDwMcITz>!%%Bi66+dh?*yzUj+`@JsPgno_+ifYwpC5&?@lN$Q zTp8u_humgi^efg?0!jO~ zM2S*bHl;*D>*;jOTiHT~6H*Lr)l77;)V0p(ZQt=jzijJ_iTv^$V~li6;;lZB7CtPr zrO~#7+heha+fY8f#W3H$Y|oHnGq)$OEL_=chgw{4-ZJ)I?5?)UX$sYHewv?o#uRLJ6M~#k-iX}smtgFC+pFThM zU`=jxBK2j3q405W0?{rf6zNpx z?~uoJFYrd$ZGz8Q*|;im>Uh5`<=h`?LNAOWFPSnkze=FPBLvIE3J7hzeJ^50w_}6^ z%#7PE$kFic=>oye`;h!A#$_V z{ddjW15GBuuzyWeZ1tS&V?zioIRPANqO^4OK5KBs_sImO^`g-q-v*a^a&_nl%_tUJ z7&ex&T1ENxOCo5;y7lquSG^~Mr43G2AIh7t-{!{pNr7WPR?Y1o=|2c_<;26MdxjVr2#8z(BnP?u^95%*PN|uHA__0DCtZ&ak+rf zUX8xTYr(g!W|cXE)Nv{8kOtWw+~oK8R*805fc8j1?g5Vk)Yt9L=h||BxTq9w>crvZ zgmI0ESzu~{AJ8Utt+hKQ$pmlT)SdQJZ~|{RY0>O~X&XHU4zmaEbrk01&8vy-kB*OT zx_<3i>`*lVtcUz=UKPk9aa$ODXj|uiSl>TTiasaQwlJk=+*L7T{$m7?lJz4@EOZip!3G7Fjx=4X)bk*2(t{&}gdM-60 zYf&U&76OGgHb=@|zu`)7kEo1;Gxpg{0&YO?=dLgwf(TIu2I)58=pS6XD)`sCEI4)t zm-*fV;+ol>Uu6^A(}lq*9xJ!p#pq8}s-%4w3 z#i;*p5)-3mc2RE8K0emtN-e@ zt(de)^NWkSJmiO8=W_yk7u^roQ3hHF&Y1WPNEJ;_ME)v(n_2K`FL6GIkxZLFqe4Su zs?M$8jq3I~rYEvWQ+_dOo0U6)olqLgyUOz^`krZ9&R)aqX?m;2O$F5YGbRhR-+@|V zfveqEDey8;nNdDXhA|+`=&9O{Tx~Oy)+Nl;!mT_{ILCQP#(enh?yjz> zp0Ae-m*FZftHZ%8HQAwDcsTPLtBSC{?XO{}!h1<#Z1(ZntVCz{kLao)YI$T8O=dMd zw?BU}tQ`bPxa_p*klW5bt4R`;He+FoNX^fEPHC>~lIDk2pX;2W@`f`y7|~38d}25G zf(LUsSMguLl?8bnI>V7K&BrNZn!jne5BqBXK*2&u@nSYB0+Hopuz9BGFs66NMUn+e zOR`FHxYnRGjAZ}$YwAEt#8GX9GPIK-%zem@H>fU3BVTcUWPmyXhaqOFOE@04IbkM^bTC;SCXi( zF)~SqAaPP3H9SXh{E#sYx}GiPbdRFVR?K92o7TRkdHqMs+_Pb3&0Y(HOkM4xLJ?Fi z13AlP12sWc-XrPI#b>BCln<9yg@HbIUC0>LbeakUtsS&ZI`9eY9#( ze{)OcmWRY-?s362F1oa0!iY`Ba1$7pWYdmgD&JwY#GHaN4dJ@gnpg#XDrO-YpMo3o z;p#szpJ*VIGX=ADzt!{XIBRN1Sn^iP+oVBuR6(?@d0sg%i$gEvzr8?U?4lapI5&cg z2s!5QA$BYHVP~#!OsZrx^p{ODx-vchdgUOrJ5gisF=`FHQRn(t-c zvz^XfMB?|o$l;-eCNcNHzeRz; zs5C-8$f?a%`Pp~hVJ=HuH5yEFYCe2s~qdFV54yRht1_|b(Y$z&^P+sIvKa$Pr&1_`7=I_&n^Pv}D>Wlz zP#V2+_tGuV7bRn_Q7)eKowbJLQ&-Z|(}K2#j=@x^d4G1QL>*qa&hG|DNMmj5?>8c4 zgY~b-W`d0(%l4wAX;Hf_pw*YEM7+i*!wn}V?WA(ei>P3~KVBJKZtB(|*N*A14Rv>w z>Kx)$;I;ADmw~I8M2wLB(?Yg%UaRPLvg6_rO~)gRQZd%TMZ&Q^-sk0U9WQfOb zXZ5n;+~0%2q<7VXP!;y{zhCbYq+doOR1j-C_!~t?qj5>H-E5n`vGs5W{*rjmyCvJ` zkeV=2iH$mioVPPJ@@KsFuqs)`oIfP5+`BEvE&{vp13ZMWr%%dxr?;a$ZEmbHe~@UK z-#!o3wrFef!;j9J>4p33HoHwr52xYniL1+eb*y&%G?v=LMF@^$zA5$vRVTv+}j<`s7St@Vi;|$ z?vB^Gx|Z=BbjOC?6?{h?r(jyy$E|QK>_V(*XP}OVdi+A%`b3T3Vo(a#SDK2S)g%&p z5+7wd0fu`lS~@x2La6OWDD-h;^x-JvW3Q{8r{fi?un2<;0l2WUaDN>hWvuz8bG~&z zsZTAwK1L$s{ADo9nHu7AWM+vc578V{!LesVlyhTh|Z!%WPKa93Ho(K8?4zXXk&4mK6& z2Jyx>ZpdO+z*w5d6*P@LI_cg%n5EjJX3`cW5E0m(67^2lk;GfdCZlsWB{WC$f9kPP zrJHEVO4z-LW2lAWue6ogykiW3}o%h~!`PnM_v_=tomBZ=X4E)*#&N6T5G#%FBDD+PPgmtdIXatlEe4>EW;x8*S3K9$}lWj%j$b zWjx{FfaHL~bX!WBvzo?I%@z?86XV_B96Mh869?byZPVf2zKFK?y*RVQDcpOzX>rs= zb`|R@{BYQ~4g>bvdnw74h26&1HwaGFzqI2JIr{Gd$13U0!ysy-IHrW&DG` z<2Ge{hy8n2Km|notu~$PRAxDQ4AUY&V$U+a7BJWlVcyRZaJFC_IeXpudhbYQ^LM;< z)k+e)q;@U{Q_zm~QFK0OpEpavfrv*qZW=ema zn=Ut0YJ?n_&E(TF*4Iah!?G6U=W7s5rP$8jF5rdxuQnj=ZPS!%5P_vEb32J_z)0MB zg;5m~(Us3DBcxaQX|O4s#-a*k!nrlarySml(pSbdbj*Ek=zrQs>z%Rc3Ac?`Q*$G^ zu*mJ^JEg;%!l<6iZGOm98q%P81`q#GJsP|7dV)Y75O^V`@}NX$Km%e5&L1AvAo#!QP<4Hc+kZl3=>AQ zzn9>f6TFOh7%3M|nD!)#vZOpV;UC0DQ+sS#7!R#XBtz zj|0mG^Pmu_S2ILf5f)8_86aQ9$==kt2tBV0ue+5yZ|^`J=TZXVfQ1R?VngWD(Nl;Q zN-#QoL&LsmkY6+pJUY``L{|jh;x{AyXK6o&rhDrw-e@Rp`N#kZ`!@&%^biu2Cgfj! zLKOIfuVXTv71MNLPNYX&WJ`ZsO_>;YW@+5G%`aRZCh zP!eU*N+;?(lcbCso+%QK-r6tio$dVYf6u< zj%4NMrJ9_heS2NL?{uLX=3_uEW-o1;T>bn`uYGX7e(^qL&1!K`H**!t6v<%IG?_G@ zdbkVeIFSK3z!}tPt3T)^U537gdaLm;B30vgnSCL<;6Tmm^l$qc4$mC99V4p`R9|OY z7$T*^A3V(QY{2fy1%G^e7A(kI6dlBcQUvy%GAj=c*<-{Mj_l-?qS;W)7mReSlOyZb zqSRFtkG(srCvbyI?Sp+0v-QZe%BRzlEf?vO-@k>~quvO?TuVqz3&FSh74gidh9-tR zMcqxgQZ%`10=^?YTgdd;fJKgVbI;A}}1F2b=Y$5}hatv!>Nt?Yv*>^Ef zeRYL`f>oTWud?ctc6SB^)9J?k`*ulg)NO>{cJ2@Hi`BDy0I)@5X_DY;3+0#AUgnu& zpEv4QRfeAQ{yxX7btUz&?Q!&jP4v~{b*tDAN@99?dKWbS{zZX5b^1le+mX2%Uq^gH z4E}_OB(%z2d~+J{NiPXvl*!|O#U~L~2miY$Zm|NQ@#lN()Z(24BIs^vaZf@0tXR=L zz-8K>{oO4Vp4ypfHx9fy4u&ZkbCS7Kn{u#*YkD*0b&RWv(YmxpQL(~+*Fxs%`;5yd zrQ#aWK2pQx+IN(FN5EsT2x9K!|L_Vc>N_*Q;ZNw8TngVvd;^1q`1t!3ig?LRm_0{n=k6QmRMi!=1%88cUD60oL z*Cn^KMqn;sv*P7AC|W7};2A=YPV%%&7EEbk^jKu=`pw;WR_dv-X1Vs_mQPCLSy>MI zzk|W$^1uH8%lEG}UL`MyFGBB)Liq3Su$aQmVp0f;jGB$oZIvqB!;l6JMr*7OcwbE% zhO(W_M5}~wa)WscH%EF#e+g((e5e&`I>jQf1H7dLb)f;T`JnvvYDgTlwO91UGY zv^E)+eUK}77q@BCufF$j>#dn{%4#^iHP(t>2fq=qPtCd`BG2B;X>sqc$UaU&6#SUY zOAQn^j^p}_ufqC`edeqj8nE1BajGQ{djdjoa`Hr79i7h3uC5D9l7Vw&uxZ#9{r8#< z@PP8Ov*DhbWg@-yU8l*iTNlC!(VEe)khZwC2zTPpyl9?2iB1Aj`8R6`w(ZVpKR><^ zA5;Y17Rf$FwSs1%SUHlTI@aRh6W}WOonj;|Wyq~frt^KQbS=RwVZQy9u#a%nqrNnQ zRQxT;l(4uY`e<4(v%v*o8g|1}jBEV{Se(>zVcK~Q^A7UT#)B9MwY_ZCB>;w6*#lg6 zQn6ewW-5FnxniAxIw2lLHqGc%c!g(#v#W$n#i>M+f00~sA8@qn^I?^VaW6l3-ipHx znNpea#Uh3@PyPk~TYy7TPiv4VHsyn5_0vZbn#JC#*NP@|t(ibYG}oo-_9=lrZa&Uz zp#I@GRC18oKCa1oVN7EgKR8IRS&aibu2EpYFW7CsxIE!JEk7+FX)k|8zOqyLFZ3Nt}y`Y?X;P>))nUrJQk9;{2^RdZzR6 zG6)tz$d$Nk7^~6M)#ddiSO4;)D*2zyxf{xqCIP2;t>7w8LArYd$;bnrd{*$IfH6=1 zc3vjCeHt5tJXWHQt&iPBNcfsW(?N=9iZ7SWZ(xs6K#on^XB6!E-Nm_16MKC~x~3|x zP~$Q1&zTi$@RAuKhKe7d3_y{-XWDuW^1GSfgisoYF3{mT0y~3l{cyyNa*>Cd`5LH8BGm9D8jk3(RdZzKgCW?nlQneSQN$Wu{kGW%C~p2`u}wz5Y1j4$_F&rr^1TWWaHuo$+OCZHl!P{F-pD za3Fvvq$uLzm+=do-QDb8C}S1lEv?F~Ph-@Pw;J5?D&i+B6tE=B@-BfD9N+5Xy2HXN zm#9L#8rr_n3b40nN`BsqqTg~ozt>x}XRebXS8!!0Q|^m!Ro$=I2OZasC*>!f-eSp; zMp#edCI4EG#a0TyJCHuXO;3MbD`2!NN;w|2(dV`&Z3~-^w_S5kMZ3ud*M+{2DTcI# zg{@DG>M@#6+nyrqT{4^O{IY~G(a2cW2Jkr}qaL;&9lzN?|uBcW7WguZYZbJv*Ap~+A zkxTk`1+XNm1T6Q+a@X3z&pobjWdF{Q44lT*VHTHWNbBF9C z5jlBf4^`%hIggmqj3yiFM7n=*4TtZw8NX9NwTe9f2DL8tuu2uzX=Tip_`6*WHI=bE zF4sG<9}@6-MZRJJ&p{`x!YAP`5hI(`2jJ#@$OvN;ur&haZ~HU>mv+<43Rwg>mfxM-Q<~_08bF96S<*uI@v^BkzQVBY?MEf z{fI+L*d)x=4-(f&^im*r-}1iJrLji}QOklyA&H}h#y;A? zH7F)r-MqSWfp|wNWZ0ct3!!P=rN$kR%tAh|Sa)8n&RP+SP;Qv5F*3*YzNmKsPGKLlT6~0jqXNMzKv$>SG7OC0MwEvXgyE+p zAH1`Xf}nIb{gAlL_5Vu;dICVME6K~(I15I(slEqi$1AWOks4aJxr?JfXF3;)t&F%! zDBT+0I0%!RIhh#kU5^+UO&O78qOx!@<+ypH03v&GX?3q_j52JoOjyV|856;Xo?4f> z+hKLkc5SBvg`GHF^JeX3xpWvJ+?Fezku@5rj~) z_*z;ZqamZoyggdM&RF&}EA`&IF>*MQ_Uswo^p#pMo4UD%PG9sES%vUH2`W!ZK04LA zy)9~;lRrw4*^0(AzZKfaMYz(z03+o^&EV?nR;zr_q!qKrnKQ@Al|G5CzZc+RyF53A z|904o24Wct7M0lV5%~}D$V`j-FuC@Gvjez=vf~w&TE4utb7G)=Sy}0J$bxR<&(y%Y zU6)GL_3JBv4-nlrIdRSn|HKHAlr8J1&gT7qEr+as2u5+WTmRAJ#Skn3AvnNYQvMIL zQnW-4e~JL~6nZwqH073`bNhhfOmpB8#>(JUalNyN=qc?`?peMvq8roK886YNDlQ=F z@_wozo`+f7P}Zsz_r^Da+5AaQXf??@3MYQc7caWUhGtHh+&okl&SlcHc0w6>6JP%+ ztf5)v%H^MsLo5qC3AuZHYNP)3@o?LKKNnnLwp+E>Q+%>#UVt2hg zH*eaTa-r&~St~7v-od|Gm$*VVg+VJ-h9cxF^OFp!X z?;P}+1RZR)R=#S&B&Ft1{Y2%q=*WPpUcd`1DC^dm3_$H3nHN5(B6#-WH(^240Kj)8 zu$}n!E1QZ<0c;hy$p9z0vu9l_mp$KDXcPcf<@Vsq?0A25JXLAxczoEtK33lD9AP)Q z3qm*V3p_thjeVS-wx(uXZoF2CD$#J;rV%;6QckeKYfkp&CFmi7hr+v&lJEh+!NF6< zn`29rKmyqEGj(+vv#~=&B@V%ocuYE%VyLi?v`XeJ|B!22i-)=Rl*)LsREwgslL0?H zB(L!+9xT5Mo>wcAI6f}L$cDx7wO1D(ONS~b44R24*q@9p!_KdO7(&|MiKaMXMyhQb zlZJd^S=ye>V$YS0m~L^XjY+{9hSzvHUy(zE z#i(?}STasZbS9aP47S{}$H!DwS6BA|K#C<~8Yp-L0!xE?#MCx5n+!gZi)GJK`?YyH zx~~zk$B(2hfMM8ZyQYOei6}f^*ol%rL#aojOi%E2cfv%&yjr4xV5?3E#F!ePY7X5Z z*P^&Xicc=pdXqkcyVin=pba@Sv0~cu1=IK=SzP`^u~Mm*HinCMOfFB+Q>Pz$DUl?t zD;m!~ICo|<69GZW=}pgsRNi?Qo6L@)N|JfAucgCabQubq4xp#Lwhy`H8I^f&gPi2{ zRNc>sD+SjcHRc>t_Y0gx<%S|pqRAE=zr3j%7R_0_0#lTbYrh=1Kv|o82rvZ#wzjrL zBoGzB{OJJm2WimCTzz+tIFlx%;zPBFX)ij6S7TO#m>ec#^A?dqD2rMpvE^AT^Rb+w zVvF%>RY2$;ogj~amSmHiH;RZrdULvM`aV-laSd2d^F&fxg&6vrX}v~|Hwl=qqsHL0 z(oTPdhSIb9?MiapYZfr|E$o^rIjKlp_*(FN6%lPpF}-Gs3_ET4Yo+7TKVeVsRhiBfjs{FGXT7*?B!(ZuR?%Jjf&u`*IQoIUNK;b{sfJ^p5S3szyy?Epd_5T(EsTZ;RPW&n`7oU%3W$~> z_@NbHSnoLdc4W!%%>KIBWnMN3j$zU1x+hzD_)Q}rbG!Ic>17sOoor@Yb&gEVRMvXA zGk!agihs=s)BDh-!!uo}T0pt!_Jl4HE+bRwMwr{o9N?&uw|1tnL&Qx?O#T2^8^%n- zJCG>s1n8WXYLkPXCzE*uq*0A$YOPb%zo~nxJFATsUB;NSfMR{V(lM{r99x`>ci9=cuQ;6{lnqd zw9%^(#|T&AR+56NUU(fqhvL)S5d(xto#|3IN@J^7ot%QE_W?@&w%*P*^3|vwB z>h6Z{iEkhw5Sr-iE4s50*7dXm(3MR} zqVOEnTmJgaIrW_A?Aw7fdSPJx0$#wxW4bv%F(IKXIx0%&wThtEC$OE{TV86e3crPh$eK$YnWWytnA5X|o$Pwl;6l7+rjBWi4AQ~w-HOeu}GP7?L3zMHAw z#r0nvdjQZ81qRMiRhf|mClmSew3vUUiwH0SB>9qb+XYt0 zy`>`X@F8R^#H7}61O&(>3moT|Avr$Ahtt-`garvAYgZv?gd|--jtYi;H}KmPyPKKR z7eH_%W{vp6ak6`OF%pdhMLNEd@^^)ZD8C*lCnob3(oM7n7QDOkv+);BkyLt1QcNEMXuO#svJkId{9?4vIQCJh564>3uIJMKOvO-0P7I zC7o;l8dqt)SUQUs=Mk+|Q)O9KWF|l8LoQzG-(QV<0NXKfs0yVf{3sQOabz^)1VPEm zhR+lv(bo|Hq>h~F9?NBmU+oJfDb3aKx=Y0S(R~6y79;NtiMo?LlF54uyw4kbWOO=c zx@?QJa!XCZ%!B6~=1MYfBk2ay>7P$lb=YzQBUuNMKU+`JeTQdvNNUGQI7s-agXIhh z!Op7{1#OTgGMC39n2SnmURz2o4gn{S`yDB}1XCdv3!Ww8OeGft8mtz1wYci95mVdI z><|?*glQ^aLj{V5_r?-|WRj?$wy3v2B?@Y=x|v$z)THOu^V8Ej83-5&AtoPr1MY$* zX4>K;56>!PqcKucgtHE8Mr%Eql`Ai>MC|5lr6M-GHaA@#9E9j*{1bBplO20aV=Jjv zzHC_MfU~nTy~k6p4Pip2xlC5eHE)ys&OZa9Yr+{tprCmofD+{vh&UNkg-M+&K~zFN zwAAP@7&qxrM@On*jEgA1wY*>+YpWEOwG=_U8R0645uX9B%hLJw}*6)N%D8V*JGoOz?`^;jGnBkD~4k&SMDu6rFmup zmY##n20h+nclRsY*H7~NZK$4&IjoIgaE*x*Y)J*7e<0mchEicMEk~~mUv^(WaiO%q zp|!a`O;9=jKyFM~V3N$5t&_zcA;4uBCv^SE`h+~RBF#uz+&BE$5%2tb5N(d}ey2#Z zASRgrl~Io;H3{Dk@vHE&=~{`c@XaG>XbT$zn$>_&&pj6ulYrW3ivD3k@R~EM)@FLn z!z5&D4KyErV5%uI;9wXdWim404Bm0Tld8>C8OjwN8_-ep)eafW`fsgj9QD_b9?E#} zfpuY=)J}m+)lnn|4k!i0q6lFDMEcv*kmZ<=9??T(A_4pR(HPvNno%AHNofBxlHUBg zN4qS+-Mwc7^omcif(LL2VBLc~9`pubXwOD_fZ_NEF&#npNu+dWsLOZ2ix~*+Df@lK zF@f%i&IIIQ1RQ@GSYY}2K!&lmINcfA^3x41CN6kAL`7L|^!tJ&LO|G;Hg*N5 z_aUMJJ%1?^tieqJQEdV+32pQgG9zEscQAdujlIF0Oa*dTq=C-_E4V<;WA(aw6Mo!D zD#|g6yN6BG>GP8n*HE}I_l7Uaz*KU6?=y7uJlG^O0~;POUF~}-sG@%lrind6q9;c9 zh}YgAkNskpjpyl3f50A-HIsM4d+gl~C%$E(Mh7pc=Z3)u=9q4eu01FrA8R=oxez8r zFjDDP8NzW*M3_ELx}Xdpr9dWSN}dn05j=ra!eeuXWG)X7X&W;V1RTcawF-<3?~HXpwJKrJ~FOocP842e&y5O2CIjUx4!tI)tA4A=vTelKo%U(P7%gzehd}qryssw}SEXlR;NE`USgCS6R12 zTR~kQRVONpqpM5sDJ}ow!DdgSQdl6h8N2JgxNIt$W7R!Sc*1sQXAb;P>eY z0oiA>-HI3Xi}Pl!lH0O*HSmKB*dGoc0Vhl=-3&9Eaw$*JYi9bl>`@An`+5)m^7!pK zj{a!#C!eW!mx+svJ<~yzy=+(6Z4%~aqrX_7}F*~&e8;`U~&TIHruTT`-DV{x!i+w=CTNK6IxLdbOpPTb^@ekbED~BHw zqT!Gw#C2qgUfntukp7DWz}`Gh?cHbZMjm<++2UsI+UqZn%QR!TXEVHB=O_|Mw#F0c zR_K)^F2t{mV%KXMgYO$!6^+w7HvhsdCqBbtTz50%h?;HQrg~!{Tek8Q_J!Rr#wgQ1 z)AvQ6%&|(*4HMPr>WNQtE&;r-9#YHsiVk9vEdoM&oxAQ zjo{xdoa~O)8z)A2#OhH9J7#T9QWCiYgcfhM?1k%hompeseL97XYfGjP1Ya z!pXiNU@A(kfJYse=<6H_*VQBCSlNr=4R9{ED-J`FHOZ33R)d$s2QxOWiHGG4lnUVB zA$8kgk}Ti@e9)36Kz%;MY-jC5^+zx4^oo{Jyau0mlGFx5+em+qY$yl;sfHS?@f=pT zqQ_hRtZ@k>hA~!;-DDY{C^EP)3{!$eY><9iWrcg(b-*R7b$Wzkav+yb5NUxUQBG|2 z0B_agL^jp|4;ugE?Q>5sRL^IX^cB>wsZ>Hu0$&`u$K|5pbR}ZnydsO|;dMZcBIWzc zY>bjosv#kT4O(7=O902oGk)(tsSeP%e^1k2fEs=R!z=8$01`GJCO38*E!*~l0fDPW zur*5C({ci}cOz~a)lGE#j|N>_o%6OvqQwl~2O3;05NvTnG%Sw3RM7Eie&DF#4QL6; z<3rgll%I&xu4ay?x1BrBDXXJ;|9+-|N%WBefm@;S)>=1+q15AS(~1^6o^3S9!YmVl zW+^~xo-1D71p-`xuNMI%qG(Uq(?A!-0X^Zy3=TQ%;1em&%5ZKsQ_BBoQ9(lIuVmVO ze_cHAR;I~NgYNZI@Qb0_%%qlyg}gR&1QDKb?x+i3^k@dOQNPGwS)~_IsScW&F}^0p z=#qZ>zCK1W7udU@tK){A_VJk#)aq7bU%of%$^VG4oiq@t4Sf7yp9JkTCw=d+!v(sI zZzylpYt0V_7k!YFu3L9mk`kMD<{^MkJaF!GyuVTExOa)tct3mm5O3aBCQ@ZS=h_Hc zMO)utReado%<(xZCA&ZQrZaZ6nU%Qnwn0$mVdeogdu;yj`(n$m5B8g*J${!(j~*D$ zGW=Ot5sU5DEfz~s7Q3ZGINnUOE@x-0pDJO$I?ifziGY0xmPUyJ80!Z_0f*bPSJLYV zEmy~d4=YcE^MdK0P=)@&n%EIfFZ@e)rdVNwb*hTszB8;QjKeKHLa^iaA@O5EB#jb@ zj&5}@38A-Yp2WO%Yl;6mK(LhYJ@7BY9sk!*tioH%4*=9@^M2Ifr1sy|LF zw@TA8*sjw9vo)J#eIwxmk?2A`vBbgo$`~tt|2h}SF7Z?r)`=sv>m=(mx+y z1V6oPeQo@^FUPxW6saKCC;uG{eD|b|gxx6mZZ2kRL8-_Ld^7;vap1wadFOpUlXbvdy#J)q6^%v%Ccu=3I z^GWq?wury2b8B}dePIxKaX@FTn3{x8-p-8aOiZ<2)}Ys>)5Lf{vM63OsDnDktO-+QOig?#A>jJFwD+~ z5u%Dkz8K^SdHBYq-t20dANTstJd9CqP7{pMg+QR$Xn9wVD$_^_lx-a{ zBt`L@kqv+la!gOy&Y7k}{mJF5dXksk4=Nu#V=@r?#|QZhk7Z)9vNY#U=TE#Qn~31| zBlO-!JM*N{1!4&aAUTre62yE1#{dl=B85Z9GtL4y(xO3TD zQ}2%Ck!+T|7vk2CcQR+X*?V)<;6NGeOs_x$?`K<@ka z`q-_|G)KMaEWc0zT6G4G@|0GG;37VtkY3Ofiu{VMmD%sbCGAKI5x?#wCm|#)VJj5X zm|5ctQP6j_0DWs*K6~ruy%<(7tFfT#Y51w#TSMR3(^~Yb9IE8^6WrFO?Y$zCGK+@i zq0SUX(G%A9Mu>F_542vcw=}AC@2FnC@nL9m+KjiWtXEjFIw^GDu6mlqSlS8py%4q0 zYr#lBKu0}fI@Y}IjSMso0hY>dUl&rWlW+%`1h1k=biOw(uADopd?F5IP|19EU$1pY z&B4^%peO;Mf@f+~!3l7T(ZwbR1JGI0D%0Xp9?^C}=9+CfNOy%d5G4HaUN~kcJuU~x z(vyA;)+LA(HIy=*)(uhTeCS2+o9jVwFR*V|`3ZzQ`IU#62ljjux zL6CgzZ_`QTJp6sL=ygck^80ae-L!y{^;n4)nV}SWXXY8GYmQ`6TgO!9R34O+!R1sh zLYImoh`PAlZy5V9a+rOy_X+ zen9_1jOF3RH7ed^#F__|aagag$tVk2gn-ewL*eIF6?pX1G{|gmb$#PTb;i+O8-A$J?ej zXIjn(b#AVQ@jOnEVls@|+SevYVUxZ4!zaJo=4r~6NaI;TPcvQuA^X3#PU|<6ekt~R z_Q|PVpQnnQQzqr%W+z&1LS7V9S!ZmFFQ4<&ljY4%bS3N@6aeGjyp@fZ3;|@+GGuth z)r;M`Az@AAp%(rWxv8(AgFs+r#N%+O(G+zxfjrp!uv}<;1fjZ6^9q&QT8`3VCxqYZ zjFe;OhfgR8J(5PnUJvoc&4W*aitqis?$u4VgNMW3YmI7S)9n}D39z9YLkfGxFlxvz z%wENtfc%l`=leHOP4g~^WVdSo$D3B#vETCQyI`$M6lS$j$tG>hv4a zIPVDqDp&i^<>GzjlD!I?@n-j1|3FcIt$?``+Y8zn!a82Y2oaAI$%z4Xf!;2E);aT3 z{S+n9y=uO2GJ4YDx+_v)m+$fTI7omH0%fC8cU2ztIT_)jm&pLWN_FLP=OLC}$;IT0CK($4?xyf3CbyEr9h5wn}4^xVMDE?QW0k67y6r`|ld#}QlF^2OQ6^ZcLh8YvX?I8hl3VidtD)BtFJ{0WNH;0mG{3`kd<)6Vh}No4f{%8 zyV|lTlT5}}6)KQ8n$NlE)(y1odyy(p*_Gh7+!{l-Ke4X=x;Mq(GFIWVo~o+Uw7<-~ z^?-4t3*Vx6JS1|AWMZWg#Ozug1X~{cR)A_C2p||&ZgZj-be9I|j-lW(5M4a8ck=j# zMWF4rtz6%~cy}`*d9pc_s-)Lc?*WYzd+_+F-{pFDn(thqt2NsCm&U`a-@UPB0-rn2 z63OGGaVZMk!qJ)q@y$EZlRH^^#=$gpO!Z7_Rzmct>-Tz zd@ixmMJrOh>sM%r+s$e-g&pRxG6S3plJmnb6>}`k%r6xqG|p#Pj-k%V!~!>3%my0@ zL7U}bw#oOH-GeZEO2tk|OOuVjUtP%+r~9A}fsD0+2ca=KqQ#1E7(ceSJj0~_C0ddS zo@0_Wp0f!@2^@yRN??zLXV+)AbCB7B|6uAumHl)Gt<3Otly(s=mB~c5V*F=+7cY<{ z&mkcAO4dMf1R3O-#4KTJkX`u#%fdh_kJ#FJhwJp?`rTy0k3&PflnRJZ>2g<48WA$` z(r-#Mv~3Udb800%(IAKL^^U^l$3Rr}Fl|YUfHfS4ix~q(kDO!#`xg2JJN(9FVV#HVH;!&|eHdI+>;>~| z%CN?xXXwnvx9>6DrdJw#;vN=`9r}Zm<4bQpOu@Q(D@|xcHIvvU- zAO`x!%(?UH{EVbN^;#x>lpWL1Am1oK7u-zR{lTW=VhAA$yoK{-m|37@mbyUZl3zm? zEr%)zb7G2*k?)dsg?B`WL6w@P@+Y=f-WDASzYPx$k8vieOL3vbwsZ1h%?z(XhdK7+ zKi9R6>XoY+wJJUl<@)l7V?GNFG32ukVYfcV1hL z!`?e6#4ju>lUk};Zm&NVrkfU2~i7>B^Rr;U%GcRL9J<&eS&~XV^nRA-SGU1iYOB;NtV)Q!fZwI zYMp@sAxGTH?i7WL(GG5%tQbvVs^Hwk+IXdv)-Gtt2`XR{C&FwWA0Vi9PEF7qVMKp~ z?~JJ<{`{OmGGsoEe783Q?yyE!;Fp9Bqw$kUZY(mhKFNS&lzI-m5hw==3YBUDFEtVu z@g%qDLT&|1C50SCrD%7kk@+&QUVdDq_ti1OIl>T}DNgYk5bwdUI0CNcbxS_fy`g87 z&yh)vai+Smxx}n*0ZsR|sceN{Lshio)#!kJ9NBA^QmM;WZErzt5G~y5I zG|wfatLYF;P@Z->hU}RS-tLYc-s8!-j)6+B6pP>JQE&+1^(aBs`siDJu(jS_#NzQ& zm~E~;u$&#FZZe`Lyyd^MZu>#=B;MU)kh78c+IX8{i97vLoaoE2KHVYYlSL8&o-dv& zqw$sFx}rv7S2`7BRT`YxXB!fJWsbR#3W%mxU^%VPJx{6dZZm1C*}5!n=-K(bZfq*} zUE_$w%Ei7$&p?Dh3M9WV$Ad{ToeXXw#r1qIt(v`$d-#t}hY`L|mRXIVd(E5a|Im-& z-5kwg)k05yh8{Qb*3X@Qzw*~z6AAjjD?Z~%#opDfG%ItFq0uRUZe&GQ$rbAZJOYBl z=U9aI0>@!-89bE1^i=H`-Y6;AUGXYtiU2Y)28A{`CmodPDn>NUm>O^Y-YYXJ4hO)+ z_gvpkfEYMakwe4Gk&k!BOhJscgL*5%QGKel8 zD7PAkkQZ=y8C5HwTI$|@a^@UAj6 zvrN0(Q+r^7&_J01qB6w_B!nhWdua^1i%NuYRDo_fVhK@qQ*@^Ao5f5q`Lb`nrlD>h zes|HVjdiWkX@JZ%1mfxgbdNvf#n>2^7lkV(!3!NRle;$DrvNi1d3y}xK2CjPb5 zU|c8-^;At~BqU(7C?RWzysL9+K6Ur}qO`lT(A_`Ldf_YBU|+5WJ=K`G8{*Tcbq}z) zzQt{9m-Pdu3)$mL6||v{RK53bJ12w?rgobdIv&I`?lN=UgUH0bjEUs!LmRoe3UMe! zRGV~fTOG?5LCVsqz4Ki$-BG;uxY^m}(<|L=PYp_PSzzK*2S}N%HlG%TqYK9(E1&;t zVXezw)-C2BOa}$27Yg5bPP9Fb*7zvup%B`|HKQ}CHM|E6YhWG13qxL?u?ms#U`Xb4 zplc)Pyu!k_L`SQd-m~v;47>7Fpd0OVdT(9GnX(BP z(x&m|o|E6dwrg!}Md9pQ`0n{5OzCz|YQ#i|Fv)3^>%&DAyKyHSMEj_(3(k1vxO2Da zupT5yO%{o$->Rj{CbS9nNg^7HX! z+jP(EnEGh6jKm5mQvRO}`By)F_U;JClhS?c@J&F2b_H6KKfP-B8&c&JheL1?j3BlG z?5bwx6IR}L#GvT>V0zihrpJVnLZfA$WZD-y-bq&hS_pv&wx&+9M+SFO0E~_H;Ehf+njY36Kra^9dofF=V^z7E(g>< zvjv|##q+WI+gRJjHqb=l!GW=h6ZwMOXyS9{Y*%SJJ*VK4$T(==NPlP{f{8*&;z%?B z4qRv@7O;^K@Y$QLYytt0+`4YDd<%1=oYBR8y(Zy&=F4+(^D2jx@gB?hb6lZ#&I_wV zTkG>7#loq$h-39ty&~v+#up@emlhcL0VpZ zNy+*fDaYGt)lrU2To3)s0ZQp&Yy(mM)@BK`m2e3Xx!vX)V7W@!-O(TI>)h6t)ha7W zydR!5o)A3D>{KOI47*=AF+(qHoQjTb`|qoq&xr{`SZa3^vRkgujXi)US(W|RfuDZY zq8^KNDtiJ2u7&)e*RK4O`WVTZlGsH9hSxW4JV*4K2GDN!&D2uo)``}yg-VnYuNQsS zLtrrsPk=CVoJb1AEIvLf>1S@!v((-y?p!U}nKtvpE1h_g9`n;;d(tkcLD*bI%?p$# z?+pEJ+ra&b4D@XrjVJKs?)D8hDPfep4dR`F2oGfZc6tYDcUj*Y5ip-Z+PgR77z9fp znhjAB8Wq0Fy|1Dp>pE!t5s(P$sz+ZA-R6r%f!y`aYRj?Tez!-mo#9lF4g?7aLB?mv zwoFG694egK;Z~Y1v3}kSEmf!cFwue?+r@9$&~e;{js<2DsDWO~F#KS?GkER18)c1^ z8}bwoBK&eAh$)96eC`M0Un_CGr1O6wylO{9kLPf^AA84;Pc+llUltOwc0YP&{v-0r z@ve3~akmZ{g-%y;O#VRN<5gpeR?VOYtq8=rRJ9qI#pLg|y>RBN)yLWRm|DfZl(jc5 zJsv;}GB4O;nFFPEq*h^JqQBIsRLxk5y=4`zcBdV#B06qbJZ??;PmG>8R5}QITd*0q z-iBrL4c5f_NY0X@>i~kqbyPoC>)L;Et*qTIm#1le!%C^~9kBqZ1;*bwNSJcjEgpp( zIz`RN1+@%@Vq)G#?U};9N~k$*ZLlFj@wBLpTT;7r#p8`JdlTsFqK105ZvC$Y*A*El zbp?`1d~5n1{rzoajY;+f;Xr9_m1%cNTwTM7#K2_?H1cAU7yrq}LD9l|Df9x0IR<+_4r z|XlUT^#nM*| z;T!{WhcThsO?4hVr(h|71@!G&wJ-!?5faQd*I3m!eseAwd7c`#mXv<-_LzzwB|%f}|- zx0^o#W;9dj0uHNT*s@T^)6t#PKtNR{poefczcgiwsd4=q+j`vNb=W^zDkisWUB*k? z-J*ZvZ5-%g0n%Y~egW0dH`55xL5JMfqrlifHkxRqNV7;oDeEP5a*y!1!BhQmPzW{S zg2RK}0Z);X^X=b#6Lg>w+2gc>E&AzGnT ztc~z2BlHsNn_M9B`yB9Q9CH$YynF)AeX9V0&g&nU?wtj8&*^SEdgw=R}$WCy*DDxF`IuSs@7e0WEK?~S>&CLMILobyX2K`6q`ztIs z_-Wvpc%TMUQQpUr3!N((D!M5`pGP8F;T^G3u8YLsq#(c4YML;6#IkQ1gVO9j1#%}6 z_^YrqUSO{uc|Nn5z=?Puq1Oo@gfnfpD^cRE{NGFuU6M zYa8dm^7krOV=#$U1t80>H}g^8$uxMS)2rjc2^*pWTga9RGT*M zE0z6)=6YxCk)kygIMAqN%m6fwmcL(t9gYk>yWVA(WC*Gcumt@Q0*W5@CLnvsxbQh; zl4He9nyz+7lkpX7{qpiMEUBU)MDJ!D@1O2h0otI!n>$)Nr!-g}gXvqXC+`1w+~AjR zfHpnfZbJzGiq=0KY5qsUSOj=t0Jv6x-9MZztxXT{oS{DX}V7{$^v?wS0Z1l{Nk-BtSEk?COj zhaP`J`ic$W+0lgou3o7#4M+rX1IrcB!SR6J)y2L`@+eU-f&D=ds-YhSh#gB7$z!D8 z(s(b1#jSCMBE4oXxY}wkrJ3N2{lR<1IZcPp_4jcu34h5G zT?I7cF+uPe+cOdlXMU>j+RRf+eY1{64u7C?A}F0$%ltS*U{S&aY?>+*_bfiIM?^&H zrDfki2$G#A{1#xddjK}OTuMhK zSs5%L|8$fZ{4IDhrB!8LJ*p;h*Db6am8dExG>HLKG+nb2=$oQ{KNKbm1{&5P@&~_B zTpT3|Ev~Bth%pMLCnY&s1F1||<2F2e!+$?E{2e^arwTGL2MyuFJJq(iI$cL;Y59oH zn~Hm-$*@2tH1lh<+op?Ln_J_r6Qu?Qj+>*&2S@ky=3%!Ef5VeFTq5vT9ql4F<8Sg~ z=IB%p^c;WJnvat`{LJwi*j##`;bl!tZt-yZN`xlJ|Ii|9*H~tAEHK=u#TFmjRHOOqKS#_uq z*H5wj2+iF6Yp+HftcQE5+Tg9&S>Wx_=PF=;1XPBWTbjk0Ts+ZE|)FY5XAp7|Z) zUdV4+)DJBAYQwXwU{GjU*88)Ps?SDhHsLuMj;Cr7f<(k{i7l!k9hG9+ZR{~ckx z03%wg_~7;FqeREGANgh%lt}BPmK4b>>l{1{rnc`UoW9>WEUR95u23;UsSHCeOpk;} z3r@CD&2_twr9#K&D9CRjg_}RrCNUelYV-8)#}h3UKgN3Ym9hWlW(slC&j$mFI0g_{ z4N)`}Ep|j{7>I`Q# z>}wnCY)f``T8Mpp3hjItbYo(6It|enX?2>5cY9t|uCiL&u7>(W(7FcVdeCWRzg4|p z3#$ABVPhA3Wri>2o4?PC4MRgA#+BNM*ja}utO|N&*QGOmTT2!yq!DYZnZyn*7qC)l zdAt-(+Qv}W4WX8k!&}U8{QYuElNhkng_~&ljo*Yf3bob>^lO2mBZ*hbSf_wb#;%|M`(r4_fjJ`+G*Y9)fTZD z-pIOf3KZ6z8?}5?fCdIQ{@nnu{UJa{L+tD6@gZr^abfu9i1E+*fQ$%-4Qyf|cjDJ7 z9#VBJqMD=3dOtZvh5Y6?=t<7wzqn~8KUcO(zG%NyM;trtU;RZ6%Wj$)!kqIhk5vp!PmBN3YWb=1>uHdQ4e&=H4)B_@C%Z}+CMj~fRIS^ewKjp4=n@?mja-i=v5)NZ!=#I2 z{+Nxm{dk}z;V8d+^@YuVvH0snT&d6)R!VI4p>24N-dLE0vMGfv&F(|JR+CsOQ^;AN zXNbmechFhE?4MM{h^R4D253W&geXPM=_hL8D4E`&7<@%W-C_&jEB`$q_gAyeeSSgT zS)6-yV6k$3=51*FthDn->0a1V_)jg;+A^y#3gTdA1}!r)GYj~`?9Q|EKby)wD>4=Y zp5|i(9X-8#1~o^T|2h5IO9ov9@2AhHiUgJVC%&%s8lxT-`p!= z)2a7jqurzE`_pnCP-wSA>a^*%U!LP%x&AUTZC!RUYphk!iJ%l+!is4{x=(UcM*LC{ zEuQ(Mtx0AveNtqmYtk1@- z#q(l%O?>61;Zqru-fS3@UXyV(+z(JUZQt9{iCy7=IF1kEd}G0*I8N5|C&HCdMWrG{ zVTLG*oNA-9g2EJI4S<+#pd%FZvFzW?g$ZsZM!XxF;0fhjmu}VGUHSTg)k0z^(rApo zJ8UeY@788+wDtJFG9y}XDuLIKBH3FRp8?n1rQ%I0i(KXk(X9#C<g$_^4{;B76|WcXw{+9%+)LvRZ>B=~%~SQL zv~)34KN?fN^V@5wUoTEYq%(~`dppy6hY|3y{)2?+LZyKJJ_crtlFL5v!1t6zLU|NL zPi(Z(`-kpgrP!DlAJH1R*H-_#4}%|6KLM1*xbldeX?c-3$X14JRpx^}%_PDFW8iSH zo|Z=Fh>jfu(jfdNk}}oC_GppF@Kpy+%A3&oL=xNHwA_bLW&1=^MwL%bEE;*A}xLd zXSd?Gk!uGL3e_8M^yc6-px>>WB>wlw0@TE*Xi$cx#P*V`bGuxi$89@ecwbrMCHb>$AI(_a+dhB5K!(4z-FKf9Y^PS_zg&~%q7{WPmT%B(3KItB^^qD-PP zh&3@O_>?}hzhaeBHW6zQ(sWq{O6U&<{H;)`uFj}?HCCcAj8zmreAxEfNOmji3w}fI zU_#hfWMY+A6qS|~{8dQargV@Qd8kcFwotOV^LVc92Lr?U`Of-lECQ3a;aNp4cgbJc zQ0??4w5?n%wLCoBoAJ0H-91Us2c~9rIuD3C=bgP~f({b2;@Nwq<*^>GA`RR>${z_k z9_TWpKiN($XV+JHUq?>Mug%2vY)+PR>P7a`KE}BhoWws&npL@uxJrH_-U{vZC_yV& z9#_UfpxKF@^o&2OZ!P^3h(jWN{rZ*hjQ{(`g8yFq6@T%!!Rz|iMTvjVB4T4xiI23Z zJwM^CnTB+jNBX;3>Izh~zG$xgbk#q}5y145X*E2=KiYtD*jLi7%sYhmnRTe`NmyO{ z4e317kk~X6xeSDJk~kw`FT&CwaliRuDA3pzcDhYR{NlGMD(|ceU!{uj*aTl^mm~%r zx2?pNG+N_@hlFRhxRbv0S$!>;w<5uxb#i!g20j=!uZ0$`|NUj!d%aduk?EuTbZtY1 z#A5Qp@>sr%itbp*i&3^45la&n8`GA?Ac_=3Ue-^sG9x~U*DAhJp)NLbce8vi;3Hu0 zb@727+m|05j}SKLOtsOCr9RbAZvg-dG+dfEAv30G! zX9HTm@;r!r%{#lrufsZdf>fX-WOW~CmJHqPjG5!a>`}2%!u!_0t99No_-D#23oOma z*e12BX7RDBFOGdhK-)$Z^yM}Yb2q)@MTKWcZb zYzb4YOiw+5(ap}(>c~zwN9au%%%cN4({VGBTbgO1M!alc#CufqQQ!r7ergD`EqXwy zs$FkQs|v|4OY7e=88QMqO?E|a7sEI7PFawQ_{*g_77cWLLctTN0^iAVt^b}d^O4@3 z*;wB6{l%l$dXsGT+L4lqg2G!uLc)3`=R(baf7cMOIzk^q8G`Ybs&bFvZ$TZc4iQj$ zU}I*sG6exhdX4++|G9YeQTy#kmWul+`1$DuM7_t>fckc6`%dAj#{b4t|C1a8pCzO= zC0I=kVz`+$1eM~!*2>DtC@EQ*=|IO*VQ1Oq{kZg=*I)@+Sd7!h z|M~N1%p<2i?x_pbf9J0Lcw`t;7fqO7@^rByOmzG6y#$p*wVVbx>92TGX_p)5=c;7A z>;sU!w>1F6?A7JL#?t&xjQP(pWG3<$EmD|fQTso38dcg1rzVL1NU^Utf%!+XO`5@1 z&HqM$^A#8-BD=SAQ6+%V@Ai1w%K@1 zuN~oma4|9>Dk>x1R&uNR|15$jkKa6G8>N?*ToF9AI46)S9YwGX)ZJ$y{w5d{{-0T( z1_DY&roF(yWfIWIWqE_=AHfa@n}Qh4wBfTnM!)}ajG9D-52+~8yQrMk*_CM*cOepf zZPEQ^1TU_DcM@Wp9>@uy01|)%b9BJM!4Eh%Fvq+>iM`Wc1_AqH&I~U=O@@joczxcn zcKtE}m%G6dY5Vut%EK}MrzgeAy&C|61~unDa$bPATG`aZ!~g@+N=xDYJij@7pd{1) zn#7cK{V@RunR=>Wr;kD#8;1Epd63mc;E?>N7q@(K& zmoo*u(AugV@$btKkm)b}6FKU4SHjp^Xj45Q1fnl14ERornO~?%Bv2Hw#8o!&hEmvy z3CPLsbY4>aKKO4?bCDY)K^OM)R*-@GFl;PG7170>!-vu~3zFMg(J;%pPe%h{?KL7G z*f#gBjo)6BARKuxMG^{@>k9aNE+4gScNyDc?HFFF#TE2joxP!fO0bA1CEu0JO?X zegNpXVvM^d?=2u@>HpjP;dGDR3(3usfws-H8K!ujCc;MX=@}nH*<4r&Q!@q$G5YVz zZ?4}ks~5y2HNrBTW8Jp4P_AzKS{=3Tg*EO5qm*QLE$6CsbN8mbUMUcY=qlig2#p-^ z-~MgZQxj-UI;S3z%{Z6)b%M(9u=n>D?(yWNklF8#&ornE?HbRI(O~BasS0f^jlVM) ziO7>G;Gda4IDw9$0n3e7^&8axnyLm*gAx!<4|$#9L#zMA&*;2K;!ncyM(F;=u0?%P zJYmxk1H$q8z+XWD$Grm0ohIl@-V!R2!?L6U2P(8TZhB_fH|8pe%pU41FfNrGm4vrG zIIy6@^Zo`t{zeipi+){=W)m)t7J2jZYRAMq5$9oVpVP}FjfU+L?!AEbLrYyzr_lLLiNOcT=metz$|?mjaQMX+T1)32{)<_1*X(e=W5``_~{%b&saTr$bK0| zA=tR>gW`c`{ly*Q$(0(LEcct%rDB0!+G8pTqz-)UJbU;NBp!T59#-X#c= zXh(!0wVl=%yE`y`B2q~Sf06KmrFt*-pPt!{l9%ll;oO6g&p`m6Jgi|XPDu);`UT#;oHGkab1}kD$l5G6urn(p z@P2D?&-U1&bJCn=k=2$!HD<&%sbYWyqkGwW_Q_#D(E(2p+ex@(NY-ZMe}X%YXpq zE0c_1nN3M?TzY0uKyrJ11>sswvLx<-dVLlueGa~lWf~ZmyZG|fb1E1B9}Cs|&g(xv z1Gk&}A`sIAz7wPuSjFwzr}X$kwrsTQ<9L?n=xCNxjMDte1rkF1_dzWpY+x{_??(vR zd970d+CQ@VFIo0#8EUH-!G*t5jg9(Cwl&I{=P#{{N+{=!X;n_r@Xotc>C^qHDuzNl z^4>I_Fr!NXR)}lt65sK)rL-GLywX%q{#qU6&E-dQAVz+mAv0UnHssQex21nistwJs zo?K`gXWEsW?ni~p4+P%a9v>D7{;|+pc}Bghxb0EJrItJ&nZ&~_PeJCQ+v8ul#6^}e zf<|g9AN1=3o8=uZ z+j5MLhG3m8^l^^zS#7hvcist*GO0JMpO>0P8~OKkwCBw>SuD#|mo#$syw~IK2sKgX zSR(3pKCIDHyRNYtn9St%L|WarK-$5}s^r82ReS9@IV??7S{7Yk+mxoLtnJOCY@5~L z;JqATR(5q}OS(OOu4|rlkv6ue5{3?Cg6`?-(9wh0U_eux3VY82bqF^+_*v>Vu-qTN ze|~aJ*Y-w}R@oOes+XY95oHjp#;uq}1B*qd#0(hBD01Vu4Gmn<})l zb0A~#!Q)~3vNc^LUT=$vpxl7}vc(3=egNv1F5fHnDB)e-hPM$46$<&*Rr4vTfi3Zw zXVzzIs!;7a!EtSes3$`ma<^yCxq7Ca!1ik%2uQ6ov7hF*iCwa|&owA+Lm9!P72+*%Xc%Hh}gKM3VlEZ{Gs z?ELwf|BTokV{XNOxmN7#lsP}m6xAAqRQU^4Uxo*~JZqwJHvbHDzwd$S%h9va zr)nq~lW5;%Dn!vCBb`JNSyLE#@NGxxcAaVll8=nK-pJvC?97$P@e=;m@ zVWPRA1?C}b+;Dv3pUK#DMnCRBDytCKvT=i7{Vr=e=Emn6@M9>V zT1$nsLtYcVifkgjGiO=coQa?E_7JrtP@ZjEPQHGb_6eRTIXAYo{E(p)e}PxxbScU@ z^qq!jq~nM-^TW~G1S1bhG*^k|&Qn$$Gh(eJH3293##F@y*!Nz+wtuq9FD{+%&+9Fd zY8m@@)tXXgwVzqyv4b|LeFb6B%K;I3aN`0fwPVBD@gDbgvz5!B1V?|8b@PzJ`NR;( zf##HindW@2_|(-Zd-qbxX43=T6ZyEHTK62%0P)8mzI&SStrunM+-x)Pc4|{dJI`n4 zgUzu}_kGh}qhVhWjQxDr6DGA(3b$rsj<{=sYj}+Q%nlXrXOlW!K&}Nsam-ZIZP*qDB>Ahx+c!@yABjxf}6y z)o-ljJ^Twj@0t*|%Td)^ZXRjM-S^geC>B(au+uQ=2WNFTHTV5%d4jBQUYFLh-o0N+ zkMkRj^ZCNO7to4}%zrpxah*opsMz>eEn+#Jvne82nc8TDeh{Je=~IA*XmeY_pkXa$ zsNgI5p!}2vdiy0pGk`opii&CbFqQBy$71?Gvh&JR4-bEM<=3)$&X(dUwahD5@w+e) z(xJ;zQWS&AXFf|dw9m?4lV2Qq4AL8JCf%5Sn3a;!-&Oe(>4%A7sTxd;v$luG#%Ia-wY%J$YFVCA_ zRl&cWa*E!dFc_1&d;Ihm*%0g&0lcE02$a{KZ6@v>XZ1BOBQ(XWJ+npYQNvAz&qm22 znP;MOxqzKj7Mp-4bxP=ChLiub#>me`M-MWl6N!>uKEq%BoYFh4)L}A07{OBRmTDg* zlO)j_MVS2XszsMC-}acfz3$#E{uX9k{8#!d!*#g@4th|GnaE@BV;56|0JsaV|#t?Sw7p1c6WlL^WsPCdK>GM=An3K*T3xW9w#ar}t;-2smt9RhA2q;rH?#?oQ( zrxOgky_YK@A|f31^17$IMhD-LauIZg9*9Saq`j z%X)>a0i%Hv_k;DbMG`v%j=Jz9KMbi%2Q|G;qQkfh@;bY@6-H|3M28fauNC6>j%mC? z4`R6#31hO{ZkX&Zd1}~1p!hJzhdkgq;y~;PEQJ|5wCmXlYY^7rV9e(eoal>W3ZPNV zcV+$VyWa6S#U~7`fssh9*U6_mol+Vpf{VZ5n)_X5!fvsNrOMdiaJX(=(q2kq`f|xX z&VNR>a4_CMM(O8?V_ozl%%W6}i_+$E{N+OEKYnPjgCCzo@HSQt5GdV7$Vu!`2f}(F zj8G#yNafin3_qC5-rUzdsN(5Hg;$uBY{m!CBgH+t2Pm%6?Ga5>kDn1k4j2uBw(@+Y z-AYEE_4S=T``ir{sh-x0RHsfpTZ@AcjOX| zrU9`2qXzaDMY(x1;^U1Cm9-8t-S?H$NNSDOY>$0?2KcI#rA~ElrLTu@HToWK#p$Oy zJ3B+A*0Vpb9Z~%1F^I$jz14-iylcmw7<6*JYhzz4ilihfDq3hB8cN;PD9jBzw%G$l zok1iignGxqK%l5!zBM9%MZ;&A!_#1jAI=^d?E!(Y66$rQN(CV7Owjl#=zHj56yPC2 zfMz&yY_02;hj=Y2UJg@v0-KSM5t?ZD^2!R_Xt>YU={FmU&*(71uw*^>zVQ8Q4B0mW z*rKg-V^HkJ=_9tseSqOvKlk_8E@B)8ikVWX*_0e4PzJ-*glZy>2-`7z)G%2qo};66 zM$8N8YrhR?t#k!6dG3j<0yXLwr3au=aoLwJ9001hy;eu82aYr;MIUL~exWgSGJLk-M+mxpwiVjz_i@vJwA zCGlrtgwHa^y@h%jEAcL;{w00i_(*=)EiBJ%kwt4aPqAU@zzcmvf*u|obw%)rJj@XX zmKm^WFgALTPfBpy5%Vjj0Bhc4Hhfs;xsQ5<4TU*mxO~(7E97qF5FKzC>6z-5Y9k;2 E2iU8KRR910 diff --git a/copy-of-sdk-docs/docs/learn/advanced/baseapp_state-initchain.png b/copy-of-sdk-docs/docs/learn/advanced/baseapp_state-initchain.png deleted file mode 100644 index 167b4fad9ed05c2fc28884d7ab6bb1c9762eb87a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 243455 zcmYhj$IkOiwWJ)L|JQ%}U;m%K{>T6LKX0FC>#wruiogDWa(}=22LjdO zy8Q#?|A8RsH2w42q}7u4>pzEL1Bbxp{rGLlruhDS4gw+Qe}UltfxBO4)pD_CO zC)+(0e;@u9N0WmqzHLt6rq{m@WA73414j7Yh7x={q@ZhmhB!;t0u1xt-)jDCOgS@? z=iXMU%$AK~z!}Z^b2aosN{_VeE3xiT1Z&LC`B0`C&&7BY9^Wla0n6?|Vk{ZKI~<{~ zdCW%9*~79EA@N~b<)=k%OvO5m^A3X9@*Fg_ITIN~SPnX)jw zC&%2XO(^~${i%G1kHAk6-Sefa$g&)vuh$tzscrW#e?c=D_$w%hLfZUBA8FTXUeWgtXZ@`4S z4@PW+_;JM{Jg=S%sxIP*x zUmumWMYYCAa2gn5*1>58GQns?&R6(-(_;D9i63s3AJ~5Nvt(Bk`XYw;9gGf(YbJ9j zEtm+_C(QHSX(>Owb7V8})bqUhJ&;RL>ThM#JkMz)*@xEZf9daVY`Ds#1I#wN@$2?* z+h}Xg#e53>Wa0ueRNL6AWaQ$YF+djzqlzAQDDQYmu$TFl=p;1Et@9ifO~V-ErKirp~-(n zL;cXL^*RF+{#73Me|PnO%hp1nVksW69F*JTukVcPykn?c=T^yQH2VnwtDN14Z`WsH zAX@mdUV4uit%B0AiJIk%yV;GY3*Gav?mg2j##r^#KDBc#nO3%tLemX#`5VBNA5Tb*KfCKrM<`#m<@C*Vygldc?M_v;)n zl*`d89J$<^-aecBF-8W zE%!?oqpZ;*_XEhhDpiA&H1{kBXX1F^(C=q1+^RGYamBa~W(i;RgHjo)y-pH)S3l+W zNSwypAz5{|gqu+0-!;puS{9nsF8ww^)HUX(qnG$AVip<%Uc}28P@7dGdQbUv$^u{#v3Hw~*IN)Xn^o zjod8^J}|e*w~OxBrMjti`GB696moo}h24X^uNa88&DCwo;JZ^m?^agL&0*^)vY<_o|)sP%7||yfapGPoXdb{{z03&DeSlc6>4N zIY9B)MYgUvwvr6(A0v0fZ&mo#PO$|KoQ47CMFbmP&PCD4gn z4H{Op&-0C`{^=!L@a4Woc&yNlGCf_VCiS^Mf4xlBI{sAYeu9>Lue`pm2oK(#Q)J2s~xxDs+YKZ?qWOFt;cDr3f6IT3l54Ox{ieC55 zvTiauC+>$O?vGxCAdRC}CfKwt+*2cISowniPgY*uudq zu1wnfA|EL%9OgPnl$Hpf<8qeBI5-oIOD#xRK5f?!H`^|o#^pr803y=aL_;mjl0cXP zPPBT_fm2sQCxOFC-gU@d(Ia{~n;Y_+FPO;qF1Bjps;}I^@NXkZ-F7*gOb3MzOgHjZ~H|9_P?XwwOQ@48vj$I*gx6GERsNJSdNY!&U-!K=< z1R(TMvB>iI4-0*SiZz^!iWiBHS&+3<^;~zLw2-J|X`4gv16(rZ%@nc=JtZSM!j*oOr)o8|cy+ zEj6@0;X0%dkNYefn%y58o`oDhEj0H&FuRobWkmF z$GsNV8th+g7?=-Y@y7BQr5&vW0);EiO+Fs;`R&j5Sv^~D1Q2lsPC8J&!nnyR4xUoe z4-$VZ<8hk?5?$Ty1X7|(zGsTLMKz`Yj+xcq=yjU|V$9L%{nT7H^@GhhCCk9gu;@1Q ztRr~gN^YH8cx=yNM7!Qih$CN4dtLhmPV;N3>;1|N*G+B%hxE;8X9~-GKlkJxSURD1 zXqMDcx8>0tq-**(Vw!zCnUm`NAVa~HUHtCbl zhCK!$h;|rGTPor!1o~m0Wv3c(Z!FTbHO?1m*zu?KKxe6-`Dm%nPE`%MDW5 zi~0oS2~`X)#TkwecN4NA$K^*?xw-Z+zuAE(qnS0J6e<73lxF)&aD@TV#TI8e$6V|FUy4J2B;0~U!@a`R# z0l*Qs>S6+e%=pW*=PkQuTxlW=*Bl|jbt5O#Z*0bo3Zb;iR5fWgOG3B-(`tJ%@yW;j zQi_pps3-!9{Nh;Vs#K6QzuwFoZh-94u1^G!It`I)Du3)3u40%5vR*dIuU*RV9UU>YsY6pBELv7q}QmI|T7MK!A4e5B~-XLG0~1 zad5`6;CUu(ki3%X%f_Zng@mZhfU;muPWN`xKsQPi+$@xw-wjKEW@94ljIu+MYEQFf z{bBUaqN2Y>1>f-lXVPoO6U&r%z2vK=EFIx!e!qs@Hp?$@6L#uT+O8ZG8Z zGwKcH=IPcsrgg!StL40weMOKtmNY9E;Nu?$ATONhkoQ{DbNnp={aX&ViqV0#! zNe8UX5^z-CEl+HWc1iTXF*BZp;yH&hykO)aa;nh|Zlitia~vpEY+7}k=U1()CNO)p2pD_5 zKJTh*LP9#8bp3}Q?Y|%&O0Xx=Vd;% zgZ1m{1Fwtp_O92L@9{hrU>R2AvhMnPg1i-X9UJdZaTKs96y@(NgNDPY++9VKWr$+PAT9g`Q^RkUrTY1r0dkdNEOQ=p3Bd?A&#+Po*D@t z++*vI_v`6-HuVf5VbG2_$!#k-0Ljq1K7_zwHWyJ^3AhKLaZY* zl?JVSm#gPn<$UO37}(C|&CixK{iTONjBZ#WIs?JVZ%`udCZ@hCBkn^wQ24xN<2#o! zzz{npaLRFfPThjWVvTB~gVYQJDvrqZWvZ`RZi*Hwo?)asoaRL5O@>WNE>ITtomHPIh)BJVS75R3 zXFzmD!xmxBx*hP|jl6AwV2p_E(vX)Y6amD10bMOnv&=^w%5Xow>%?(VIP$Dblw|Ay zPhcU>#}wDoo`FKK%aY7~9+8Zzc@x|c$1 z^B$@cv?~G#^)*6lPLJjJlwxha=IKhmahbiA@eZ{KGjThmeATrc<7VAqoW)L&z$gpC zv?4RK<+EwB55JSgws%bw@T+9Dy54*$_2{Wpi|wDzQ%^O?Rmv4#TJNq0#wYnV>nTS@ zmfiMxGnAF(uV1k8WOE(R6v}Jl3a2k=mkA@b1^@`)z75pXSn~*`qzs# zG$@D|`GFMvBPPkju|{k9ETWR;Yl%`(tSAj*ssLrx5!3m&DD$WR_Oe<*N4Zc!g!@1>r23NnZv z*q!3^0VD)UK0loHYlwQnAvZxZq&~lO27ZFImmRyGUpFn)lK}_J?>{$th9{2j`$JYr zBZ0T=2VMlMy0UMwU3$XsOku`0REyJR5@0RN{e4Ro(1ZL;-1_`cEBi*>pBkewOVl+V ztBFxBMeBqchKgj2eZ{?W0sC4DfMR2*#5&ZIYM`wMs-o?q2nBdeKOKOwpw_&u92cIz zCt%_vNjwoBL1RW+0tb7P^dxddrw3R{1R;eGl;E)1DvGupOAP zljE?yoYU7|mT#Qo>kIM-;*bFCL(qIPc=Oh#{CvGdehfN(lN4(Q$-9QG9}w*#=6UTh z*TN@aU{enzsxvOqNc87Yd?IUgflr4LNjd!21;c{SqLMp4?IVMtAs(bQs>_MkG6U=Mqvmwrt5x0KBxY zdRvhXL}a|>7xHp&e7q-0ITnsei}h3=QAQnwqE%cPxx;vYHB_|kO<;H*GFQ@E(g_Yq z+&3^GRK!7IAS~zk!dS!C9c_dedm0+kKd6eS0rgMgUCQgaAF82mdHn=DJi(;m%yND4 z1Qo#-kN+`1a1yK=5DY@is=sd|7aL8X1Hva_y@W|Ja+V~n$nDS#?x>QchTj2-QFf-hUW_=uH`brf3!N4KGuW@$(;0O57&Gb4;IvEw0Wd@@snUp zs>*2{uZyPs*r&)q4NC~?P4Fo;&(Z$d$~MPMP(NL zs$0M)28;`B`&56JwOJnk%44QS0^}$RyNTZkL@(K0a%$Snq&()85O;c@EW`iuvviDT z4NmdbC)Q)~QOY=h6D_(W6|hPDz>JkdG-8H+v${?bmuqZj0zP9~YZawi0E2`T#LzEd z%iWk)wA6z2IhVtWf{njazYYd|7}w58j10qveFCW#9o$s?TL{2`G$T<2=-Tu?mBSiXZ>%Ef}n%_-wNCB|8Myh=WhelsmaJ z=vQQxm|i}X^CTQpy^flElVZhwRA88tg@v9*&)xyij4xsO_ySt#=ZHfG@@Lm#A1%LOwEi5%x#Hk_;%>c)C0 zGL~FF>t)1m5S!5k9vDvOuk4d?R$Mj~eIVxQdvG}r?#R==%`Numcv2NT@h$nfPzS;a zpu$u*br>BF7Va(o04$3Xic8b`WO|w>nK4=N=0i5j3mOzrPP<+8U6v&esEP8-dtfNP z;`6pZ#nqc=+`Of%BSUsi!-%WU_FDyA8becNn_^O@m|CHhOwzYuSb4>OS(X!nWVc=yk{LODlxMlmU;{X>p6pKI;ir z#o|ZtFkj07H39K*dofIlxbtCjIL1B9>HDBa_jR(m^VpF3NCC>LH??t5Xi<*?bMbbF zQVLB8KBr^TxF%Kpq{8}L7NgMhJ11aBpfGbUd31O<=@U%w3z&vJES`#{cTmlb4m+KHB z<>n40<9^mw8R%)#wNZ7J&zppK{Pz5cn$(|I@OYa}u`G%Ajm)&b$I-U2;Y8~xAXDF3#p@Z$^ z>?yiM_wp-ydQe0W`ju;ySjw_O@Qx(e_XIX~rYVD?Q(b+Y;VUyjy&Gh-O15 zvb_D0J%8NKS+YNL)gEQr9D1r7F+*pzU_; znF#vAATaap8XC;67uB@XJ}2j(B1c$AE{HG1(Mt)zg7IEnl)Mr&dOS=f&F`|_+KLT% zN;u`tJf0~3wmbnqde$ZiR9X@lA%=e(k3|;MC6+e`_rf|YtS+>OgboavwGd6|dIqmL zpCh2eqZot_04_@h)du|$zIaa1gOQf8P~&~+Uh946&ovI0Ym>Am&X!Tb)@~aHM_LN@-@h*5AaM&a}S`i>^<{ogV90dam zUMvGvK*Y${J^L64o3S|S zVm7qd;yhd#sgy6Wn^*?@y@5#>v4C<#N;x}WUnfxPt(pb-?xxPpSbFC4Gv+x6_-yV< z@}kyy)5xy&9dcH(0HHwPW6?9@g4Vb6GCF*wJfLVvg~mT@5!9B(9}_^nxwViYs0_q7A7%+rIc5{H`r8b1=wO{GO64I@^M83KnpDJfdx? z>}d{;H8fifAj)D>dbrhoITS!8%Qt!*&P%ochbZ)7R(sw3rTS7+<}RdX#Irw~5FSvb z4=-TO*i>q@q`ln}v+(QXjM^%=h17$ufjn3I&FfiS!%<*0SMbS>3;I#)OU=svX;)b+=qvbxA&!JFFjm<5>7*=;+@cL~O~KAmgnC%M4iUkoZmMk_oU3FSU(crHS8O#IdGgr)u1&T^J2-!@=- z_!8eJM{>!A`=~X@2k0Aeih(X!&s7;ZYa87(1?d!_q$94Gbg=%%u~5?}BK?a8)&jb- z1kdEZ;9wJf31bG$`+mMiQ`Cw~hd zkcBc)GVV*8!oJk`b(CQ{qCia%KN(8twDs}7hJgb|f5PgHy@p|wTBQI|Ju>Hx5!%5y z^16y%OIGXNzLM8k&A}VDejaGJbg870OG1Z^MD^uyBgL*aw|d#74Wz{~C}8cfr2N}?fgESAd6ZlRedTZZD3$CD0 zC%V+WzfoE>+^Q{nrTo>^2}~AKSM=JZ9!cgclsdovsjL%{_3CoI=m%Re8{}!;eY}zN#c3G=vXAhdE-bV?H0Iu*3^S9 zUXPdK(#-tCepr!K+!} z`(_YQyDazP1#kEAh5jWwup~CHdc24L7x#rKg?Z=gC>b8F_7j-8klmg2mQi4Y$6oG> zAdH3)Q46&`Gah1L6MnS1J!~LjH9f$12!Wi>nP1)sgh3VWrjpCO^Ev2EaJE!L`c0-_JTAUgr3Zr+V zF!2}-Xhvh3UTKuA}St*bF_{u1!sU~%tgX#JFRtcV zd|+(Ce7yiq;&I~)5!-&Sf=4O5Cr`YHJ;IljpKp&GWb7~Um+&6Y9Bye`V$^gA$avUv zLxBiTjHBdtdHn?w6uuD&$ap6EQRVg7=@;%5zBa8muY7JvT6$UEGIv@(0G9~>Tb(R_ zQ7->W!~Cv7K$n-5vise4(#TPzSWm7u~%H&8k6J zy>4uCh%$%L-J7)wi0N!E4%;Of=Hr_Mh3>=g+Rc0GIN&&?T0IXujj*|+-(1rjA!G98 zTTr9}2Oq$>K+4-Vc!VZHm5#w5;|Y|bBM`sO6WOMy<$}B(#6M_wJ&!saMaQadOebG+ ze(zCn4w*XpZQ0yRvxdrcKT)99&U=;sblkSxo{?L=013G1&GqnV$u1iA2uIz3_Nh0D zym*JvhDmkRqp!{S+;40id8}P|{N?O@?mLd08o)?Q{jydD+Cr?;8&p;^+nz_aGv-~>$JQkD%+&ahsjJ=!R9Fu~L56&%1 z@FK1Q?tFLa6==CWkglWF!Cr-KG?!MoEqy8)M3KW3>ozlF;!dJG8$X*hHKIms6*Iyk z^4e;MnmADG16HWgtr#YNm|`K9QdZrV-hhsBEP1g5Ol$CZR`zF@Q2NI8pD(B~qXUiC zpCTsiUjrKiOBKF1ma@w;FMy`Hg?Ak&A~tc?=v2J~0WNhssRN)1#l|V^hPG9Qo&r*X z-Z{=F(!&gVqa2`wOTF0waRxLC>b$9dPk&TQ_Vwe;hxjc*rpYM!*t>pnq(@bBIJdE- zU6U1~?k9=C@`yhA2iBQ=MRMY4)ImDG>dd?@d?Lu^h6Dkg_Y8kcN4Y;4^lJ&W11aXY ze2<#y$Hi5|w55HKU@HVcJH?Y4lj$`1Gl9B++&Rt<_f3Nh{Oo*$T@k7u#aXi$SFhW>C@ zd8(+NxB<5hzNLdYhr=xh2^mfe^xbI|fwm>PdSos=zy083jFE)fRfv2ub8%suKdqfm zPv@t27TiC8XYZ7VAutwD>0vU-2NO9mu>k4eX+|KbFCma5>`Yp|?C7d2O<5Iu11|n? zhw%Z)#66GX3RuHS2YR@}>zLaRC9t8R)3(R@*Fp^pfmMJWd|o*w+UTe_eGuZoK@&qj zO|6MCqeeYO8L~+A7G>!oIBL`9gWF=H*^`ZFpp>O`<8I)f1TFeeyyGb?eIdLu&vNYh z@M!3-+;b+U^4h_4p2Ro>M*T>{)>V-s!KI{LPV`xI`K5A|G8)pnb9b=+#ntn0k%h;8 zk+<@oWiOF9ftq^)5BEBquBO#~U3SU2eSkKo+6e}~cvPtnz$_?JRFo>aiz~>!$;t49 znGqiAwO&i6$^Z_9k9-1t1$5xa#odlk{fr^>!qKyp3iP_@Zx+Kfn5Kofe0xd+JscS% z;Iy~TUjb-Ibyob&vy>fjSQHuJm`6I1eXFd)1ZpJ00v*yN5k(4@OaddM`botC@_+(C zz2j7h_Zc&NRdS-bSY36P6&UUwc$;sae*r>i(8APpxHOn?*ZLd414PB^gF$L`8->@= zRdQsTu9`q})CI4LZCvX);Hd}mCzOqSfPdgCd#-(I%%VG?1_Mz0gCQRfe`o|;c*VGSV=>300q@O9^SLmgCXT1# zCA3cm>EjOW}9X}i5 zz~;fX`*4)^_0r#L1Kv;A3y4QEAn8cXm}{uf_)R%DoVl6816>X)37G#4q+bJnr(X!E zFxcZz)7tDk>*3RFs&#!~(@?D4=aoA102Jgupg*|xjL`~xpG9#V6@FM-xC1?+n~oRG z=*dAY{*HcBQxyfsb%*uhm1Xr-s(@9qIn2+C>pzyS4&*#9oUOBVXvgN4Tt%?grXc$P z@DnE3zSge4ZHsRTe8B<4Jlm{x|}$P(Xv%K?ryQ$J7P^ z2HWPY54HtB&q_+8i4O7af@pG{J|)m#wc=L=zJ?`CS|hZ2dr{<*%~xc_KrynOGKh@7 z&xgT2ax5qPnF;CVox{16_0D84_FIt(VAa<UC3 zp=rQSW7r?YS}0or?7y4n2eKoUXQfz@CPIsDYe9iir6hh z{LSH3lvX>#f|bVvt(bWZf(Y0pRY5=$7X%LN^)oLNT@^1X`^IV#16IstfdukE*oy#5 zn{^Mfl#U7<6cDE1tEmL6lwDdoda_O;*QBDFPJ)`{&jK-qcnHx9=Jn*mgmEv=LPJq>8`c)WLZJ-{f~+ z94N~<_{`Jes+8#-*enMvNDWH&{N43OJDv0w58;Ql)~dHZ#Zl_fC^ipjk`ujC6j zy(Cm9lzZX-MVoyN)|IgA-BefNABL?sy)K=sZ6`#LUMDa&EWkVX^hLwdx5h53N+wwN z1YglSUjS1BOT;-eo&K}X3OL|l-o6I)uD<2v@W4YyYVaI%)eh#3qYXG&f##$J5z_wU z6(9kG@j2|`Gtgu%nJ!+hoTMm_aWlh24Hg2KW;^VBq>4UXn7qYz z(0-yup#k#q`?)5H3C(o*ZATZps|$X30kqp?1zZ-p zx)g|f{s5(e1J2Tr)9;%}X1vK-l~kPLrf^_)rw?GD!eJbQ{q|7-Tsdz$tua8KKIZ9| z4=tBamccE}GK3x(>^5oEW!F%FlY)uXu5WW0e}y(=at?w}uF-Z1hJ>K71b*;-&^j)&P5EHG9yb%z~VG&(t&>m?KO z3?NIXVtIHgFd-dHvzj%VMtMLm&_bnDtBCy-xccbl$?YM6BdA8t zB9VmUQvZ1%Tm$PA=$>?O3%vL)z^w{9Ee1$RJ{p&RT^(0c89;`QP4$bq%;~v+`1qk$ z+srQF^ZW6c?7=nDTGRBU*H0T!oey!K_^UA^i!BgO*0|~89?LsY?L7HA?4UUX zAbKmiP7Z8ygy)RdANvd|NviD>T}AV?gDrTM45&wM0T7M48#p9_L1QuI#UyaWuQVT3 zAYrLdu#eCd;RY-NiZ|k90(-;Wl$d%v9Ia2L1%*XaN*K+TmR~QSApGJmiuq;5Z+Ty^ zY1r&zv1ZdCrXmvf4{m=Y4(!nYdpvK6ToT84LSDlt77ZV0dQ<-e&geM+m2z+$0RkoT z{VcN(yapw0>cM3Svjb7*zi08a9@rZYdC-_UUcnxW#QLo^Qhj%32Rj#;F;z|)iHchP z4hY->rJ_I!hWD7FqaS4Z> zj?jSg;3Eog8v#nI4NyPPnOE&#^Du}JLWp=cNCj2|$xnM);j zDfjj5>zUH!zKevhm4zI#g?j^m%q<)rp%tkFN|Ug()KZ}@qWFAA=GPcg9rr;h!iS$V zl5By>#GZHLEw`MjDhVzlgSCx<+CTVB94EXG*i)l_L@Q>N)*f?KK~eW zGz{*6k_NhP=K)xi1=7`*n#;i6P|so>#-tfN*8E=o_;1-W185SNPh+_FbL{xE`!X~K zwk3gYg2!#A;vS_qeQj^_Wg15Da`;q7Ibj|f`y#l4O|S&NU~q1OYwQ7K!Db~URtmd? zQ!qSWQL??)lCOIeP`Kf-8iY<(ut9tIQM?OpZE*R=LCxC`seHmOUrUYAudmyL6;ZIIQ zKqZ8cIoIfkof#l!21_i&YkG@10{%M&vn>3`s{8RbWQ?(BqTJ( z7nVQb!Bm#L(+~&1jewS8nKM7Fn}9YC0(+FnWPZoU2Rg*xPfPe9(JnAvEZ~q>=pwMY zd`>;4SoeIEMciUO17$@~ejM@l4)+F_coxB1pjH7BBfLw$iNP;s2%h2q%1Q_xD!1zT zMHoiSTZ-M?$y($mxDF;)-8HhaU?cg9@Z?X7Fa&5%5HuaM3SO`sRa`eAr7|9NeZW@! zf*Pom4@Do^C^M*Hx7sTFIz_-BLSR`&_)ETIA7efy$pHz-p5D%(1ZGhsSMp4I~Jx0WRXR!q~#f9L+{$cFuhps9bG9~%q z#E5oM`iod6Bq|O0UNLhTO8-<-OB5p4eI(i6=n;91N_(e;S$Wx?DL?CdOxtj zI%x~9AzZ3zr3;KVxZ&M_u?&O)AvJE#2&IeU&JT`5R)-aQ#jMRg*w^-LzKno4L)Ok@ z)oLgP;>fJ^e?%(|92@?r4}m@o#xYsNB)xH_%)kw^;?@TrN_ff|H@8*ol90nBn~UDa zJ^UWq5#jw1mn zn`(u=-{PeA-UJZ4L2YD&ED(ZXRBUNp{bfY0S{7C8;v#ehh4eU9=0WDSb0VbiFayc0 z)DZp2k!UXQB%79V8iQ)cm60?Le&b}~*6N#*18O*Z9w;+Ne}pM0(;U__T4A=wF^Byo z6+rXL;D-wmq4(qx?C$$qdWtD+1cd>wys1hh04yrxX?WcTUVpIWU5y*qPp)({5d1Oi zfu>%ERt4D2omcJPSJlwN_PFu4g%;DXXw%L^h&t-g!b6O`JZGPHW~mR~_%YVuyo>Nr zYSr_r5iDpH$bVmxI($@)IHG5?#2|D~QGL4t7O*g+$9aItkfBEqzT)3?JZM<$^@03= zjmNWG#J-prNs|0C(Twj4!b=r57O zBba0|Ci7-Y4km-)>qqpQ(>vSkfH72+RMHJV%oZH1v~4^7ks3aL!>>Ti@H-zJyO+Ar67p zEmwp>D(554xq)!@v|>@>R_Wcze!}y(!)^8ZE+O7$pFcGqfT9LYUEI^*Q#Wqm3g3^2 zCC@v&emvx3&*7q{w9VH~g8wmi$5L0K4Bp!OghGGg#e%Jhap8D{y*ZXl*JQ_`8CxM0 z(4)PPIOyL=Kn1nll{~pLV9@0nscv~m0QLcTnG1^3NT+n(Al=D+41AqW(fNIfPs(xC zz~}#&c(*vI{27zU$4>mSg8}{cM&PF3rJq8B4iNv|7x8Oe z4KI{q)K60RJ+J=Qd^}_X7SN$Yx_pixoBzQ!41afz-eQffY-mK?wti5A!*BgOS#K@Y zXnMa2&*#!w`z4$DZM)1mDz!ZF;Gqbn$3EUW%ICet;SXXs%m=VW0I$v;_|oAOe6pqF zTU3&(0?3tzR<*|vzerFU_=GPMdlVmDClx1I~nl0Q4;!^B3C~V z?%_eQE4{?uLUp`SEm85Ko;md?s_n&wU*9wJ8xt|{FlGNWHXUgMMkCw-{wy_(*>@YfU^OgPd4!=3;Zv2 z-m?PR=iP$dXWVe6a9;0wM@#vkG!+)x^@9ur-kU`aG60IyJ5b+&`#8JDM`qrqW#F#~ z2tIH$+AYai-l1VVw4y3PbzAAtwQ!HQ?ym-55wMWc3$tX0il zckosob5=1*_YA*;#je=JO?u=#qx45>ZplQFHf_tpHl%wo8O3V03{R4 zaIyie1;6ljPMsi}#QZho&^Y)#qS-gkCx$!Z*zX|GBX1@i#Kj9@zm$(eGV|)dGn^ET z?W1;$c|PQ@l6Dq2oyQz|cF~(syt8=JWOLbz5H^)H7TH{9;wpcu?c(ek~}B zMUHqY>PV5Rz@7&v4!DQa?7R(3(G_TQZQnaqz|8_RkJEAGRH|NoECar&xC(*`lq+UX zB*0il_1sYFiYtkQ{0OO%gpdAmI?h2z8EH$`bWjmOA>xC;5#2sI;$D%UhQk9)yj1$~ znLjFMQr(fC((YxJ{Z;Olegwf`c|%$h$vw>0OsmU}$6%o{F((vLY$e7+y2!$q*~N^u ze_|2zDU%8j3I~_+yck)wx+j1PYtATO3s!aTOD;s@|xQ(2`N0(8tF-Hda9&c64TC`-o7cAsJh1dOKwASkw>H=G*r8If@Nd&wL>#qY#d z8k&B@NjF@01~>WM6d7u9EsY(Jo^nxhA_y*`D zRQR2f-`AHtjr=adj_~_RKOWNd3by-8vG$8>?7P}2?StpSBV`Sx%!Fh=dFUM{&wn`M zluRg)+IN(T_H6s%?2Y=6;{C6-xeBH~{NF!I6maioc$6&-_L~bB_#H5IF0L&gWMbZ4ZE=8gB)U>)!~j4_w^!gbw6qSD&##K z3ee@L&^d~P-xIoGks>saZQhrKCRum6%+Hza12N7vJoI<;Tm!22eOdz}F!z;z{%PU? z*9d-xlWPw9nwjRfFUP>#Z=>w{j0eM>LJ!S`rUGd$cmPs~#~6!I{?bb^ywf)i1hKds z6n^}9{sKkr&1oFlDECW<@sJM=~5iO7a?g| z!asKN{Y`TJ1VC_=Eydih8G-Bh););qa+RRFFEku7=~qH}6BY2z4`&udK9N)ai{s_d zT=kZSmLEVSBI)cF^2xA+q z2G~-waylqP?m9eev<&>4F`rnLm2IsVq&8{6qU7O^xN%W$r7(&^%Pj0#fs-oU=lMN< zQm@og$UnS%F={AG-)q}f5|PXS?$T3Q?#uI_^t^*oGW#iPbtz|kiir{)hXKT6F(p6? zD7WX&v#=qvgfR#=8025->&|MSX;Q{#_k{*o&*HY+^Q&PU~f^W#8cC+RAd+W*Aeg=%r zy2ed=!LsKq;%Dc1U+}VQfn<)$>OmHLLEB~rmOoYjJ2;V(c2+yQ6L4{4;Xo35(hNoA zUgW5lHU3E}!RG3IhClYzSe}l8Lt`3+Ww_JGXPaed@ZdC4BCsueY=FV;U!Z@Pt&e+h zU#Em(S!XC(34H3h6q0t~@6oPu<+AX5yubJrcf!b8a9y8mz!GZAswScmQFfonDZ#lyLSQ?z{s}=686h-?){LujMO>@=8Or z!ii}&>n(;C{PL-A=HR&y+}vaEKFKvodKrVi@&&KAiqysSvHnKPp-xglMS)IX&Ei8K z(eoct)BN2cjVZ#;{4QnGMt41WlNq9{ycRz%qOPsJJjej>Xi-4uS?-1^0^Ih(;7HYs zVVkd}fdSaC6v}HH0}y{5J>e5zjp}shVDjf1nIjC=Et>B2WODpjr=*wZUhUp3<$D+^YoLhc4+i+ibpP#DuT=XiS|f>Yk=@6dprA^kpf=?A6)9E)Y9G zzETPA>wTw+NKq{*^y6ogDK%U&N$ObNcR}0>&UD1ajbZoFD+rF}ph5eCN-38>kK(w$ z*-pN=SEeRmkn(5)cY|{*8@6M2FaQAsK+nK01zETiXNR1*w|xIn>IG{z4w=2d3XOYC z)`2TwEs+HvDq~1HG)gA~KLzyQm_ec5hNaGQvFu(s&ghA!VxIwd_&!t1eaqh{zZYAd zeTn;0&P5?H00$PR8dOw4Qeh5F-4$SFwcAjnAfB0`bNG(N`W`50Qg+TmwRn|IV{sXg&0CBg_la0y~NM?Wy&n^q53ggP~fg=cGo|~ z^B8Yj=)FV=Ve*LfgpKt(V=I3{z26tr(p+@rKUZ1B{_D!7W-lU6a4~oXgB%%UR01?k z2MTSK2ZgVOduJg}coxr#qLS?=dfy}XkwK}I=#rFu3Qar#x=#9_lWRaJ^9eJJC*p=q zC?w*ear+q|@&4Ug;~#yGcsB4rp9SU}pMM(2j_6l7X#K0YH1p}#3+z^; z+50p|0?g&mAHNAZ?#gJwL7*Ml^IQVG-%X&zCukJV{n}@w=0geO@=SPz;nN>$GgRyO zB_Fqtv4n>=XGLle=i^+<06S}V*?KPNQs^L>VZXmUJ0AQ|G&#X)nTaJA8?7Hkr!VVC zEA&NVP{zfmY<3w(;I{hZ9^4@Sj2(`8e?P?!l{McExB;+aat{%RD0d&Q1Hp;{sn;__$8HH*T(WVur#Dht*xc$06SxAJ>c9pR(B$o+N0s{uFd%39vlokn3M!s=Z`3_yfy7U+Oj ztDIaz0%DS~9;U~=m(5IL*V=FGGSG?zWXBbU5dj=w!4oz84&41qFJ$^Sz55RhDw_4*3+qG-I3;XERBkU~`Q8AB~4a_)v(gENG+&k#D&-*^}d=KDa8?sA!=zt;+n!X0ugX+LPk4pAV z!0fVLK(na#odV|d1o{;^q!Mmb{cWWuZ)dTd2Z2I%si-> zhWg<%S!n*n;&fFlZbHPW7U_GjtU1-F`g3s^dc2}z^Xu8x;Lt!u$NkmQKTNKxDU&nz z^n+Rj(9I}2vyo$?1?2O1gF2)i&m^;6?`}r`Dnr25$|vj{Ck%V#t&@( zQKmzlWALOujlhkB56|6k{md@bDVq1Xs_6Ayo?+Svq9Lc2L<>;EHB-u;AUP>^07%Xt z4$eIa8GS7cW0a1KK5|d&4?bJ32~}AJtJB@tKmtt8tjA_a zXLOi44&^tO&Ju1o?+`Q`_7qoAlOI;5I0)Lh6(BroJ|lM{8!~%4XpMvIvn4%a@Sx@ZRlA@873 zsAiZzRrHT05*r|OTwGUS-HQ*S;=%Pv0?LvNh=mXOx8iu@uR%EgyPPOPb*)*tE}k6; zaGsAVxbgAH_^)6o8r5mA239a1Bz`sLd}ebGKyR+@FX3_D!vxZ131nw}R#nyjS%b&y zX;Y-nvTqGAkP{S?WtNIe?v!{5n8Gge(UGV1k==rF;xN-6Nj#+8%SK=;rAjuwKkvyQ zVN3n^NEJs2l5x4!p>m#*`Pf3rgPNM3`T{K{6p{)u1$Eh#(s$6PXOB^S|Du6{s-7A* z78Fa_nV>xK)!a!sD6Bzoaz)TC9PbF>)~is{`x6v00FnxMVLV|4+tTfi>mzC(owQdi zNDX&H?WC_>ATyAlTQ{4q1DX;ogf6F_f75!>{Y3!XRN6q!-+tqyB(~gZ`}*FSDzqaE zX0NO%6edVN`vTwH8QeTVTNE)CG+2cn+Y-26SF@Iss{Sy69}GKgX&aB@@+6*%z@p((>cp1O zDBSq)4?p8Qr6fy1QL30`MUeA4X-ejTxu|CJJ*PDc( z!IP+_gR&yZ%hi7GcdrAg8u0(j?^{_jeHxhEH@cP=bJh2ORB{4Ki_lH7$GW&L4(?-q z@8RPy_W=E5SC<~K$cq|bxqBkq_{K`{?|&!Xq;;CcqsJboTbLUn0uc_L`81Drn62 zJF>iqg^FlynTEXpbKUB2!i0GVDMn_OSr#Vz3j7MIB`8=rr5QB~Zo|UXcM)S9K_)>s zYC7R&U*&{(?c#wZv0TR!YIE5Q6+X+eugoN%ezoa5QZ>gb3wv<27i z9nJ94LfO2+x3>tYlI@+demm=VK^#6Mnt7lgi42cf6iN6%5(np<8r9DT!1~{?)R*G@zF6T) zc{uaM2Xo8g+`-ti`l;%x7fJR&hLvBfyS6mJ>1_L{yFxNNa-a|M3x5<>KZ%;xm>`0hqHUoz{P3un~6G9L-6QU$%YrCd92=3p!ehs$|ufr zNB}<3KlOV)_+a+)?KUkjT7le~~hQ-GWg?u-11Y%o{GkMA=D_I#T6z|-HK@C}l{ z0HpmWKt`m~d4PxKMWcEYv;rM$%6ma(w*xTkAhI$ait`aDQ+$f}49bnn$JnuMJ-g^$ zXngS#1#`L>@ytWHqDGL;ecp>Yoi$%J+s!8_2%XF3R@kOITJw$-s^)TI{DmssQL17)ZP~X zFkC$}Fp)sI$8Nozm8ys*P+IP^lL8s=ZSx#dDqOttS%bhHcj=_}uLnSpPDVxqQESdt zS4zJhLb)9+h33~2cmOlNPqMt2<`+`F*VFk?XP-I zGoAUd5I)uz39P+86vc6DQYOM*b! zln@6ca{O|2>;+2Hrv9ME)S~STV5<+0I8+z8%gTXs?1x=*n zR3Z1URSqaKD)bNdo($Y2a*5bIyk|#iqKK+p;#l;sSy8SJ((mWDPIeC_`7*Ua()*_} z1suD>tKoGCut^nwWj(Az#kPDhl=n_G@3MMaw6MOqv*FD*R7E7f^iMOp8|wmcKJW#T zdr*KhieQ6>M*gQA3oF|*^!K*JvP6wGMCFy}B(rF$FzrSm)j{#Dr-I6~}f-M{A z*INV72!SK{y3=J4xBgxy_$nHPk_Y};zUff3=!;(itRUTM8vFn zJ}SU~L_e1uw5T+SGVF~9(JtV$%}eK@lo}5<2ss+XRH|oeA!CbThZw-x=0U~X3z;(P zE}jbSXcJ>9<)=GhaR!j0oPkCVUEX!P+w3n~PM}YKlw#}rF22)=Fsiwn6k{EETahS6 zf6Y|DR(2^pl#tH+`XmhiZBUjJV~IH6C{W484-L4+cUCn>CT*ZT*akdnnv@|%dw>^M zEO4fR)`623O}~IL6$hpj3S&<{Vk#lE(a8EaJ%SA{8B667X!9aJcT!^wn_f}Wy%q91 zgR+-I?zHOJCl%g9413G&9p{6r=-iqKg9Cf0n_7@}7@o_r1|g}^F|O^S5U3f;q33dM zP%m!+fMO=77sn1;Rfh6c>bRQ%Kj z#j-wQH-Zo&RUyxyh@wXGUWssw`f~5Z{fo;h7ZD%PSU4{uZCsj;?0gmJ^t^4dz(%LS z`h0bM24&d}~>CK%E#m`1*^JHCSR1A2me7(uu6)HKdx*eY=f13DWL zaI*p59$086PLA~_6mCB$7x^IEQGB{Mu>4x88?uB&K#BpnP&E7S1LWzyn4o zpj30d`s1{Kvb*_{r~2i1FBXGLEg&pk`}0<{{+%L3~9Q_%*Ah;d*yL7;v){c2?QI4NsAIM|D)nhE7zr#e>-ltTQixdIo#tf!9-*J9J=T|9yvv3I-qGyRDugBpR`201UP9N8uJE6=wsxU|MuZ@|qTl`ud|JhD z1l0e^dyhC2KNJjK;5U-zj^*k=Hzmc-ip=jw`y8eD^3i*)3?E(i8f7Y8naj19F0rm7 z7)3IR>iU|4wk@lD>ySv74YWc|@mqKh1n&XfiIy{|MU{cBTgK}cfYneaW`2_pu|%cy zMriA2o4kENG`gVcJUO~ZoN2H5MxP~sR&rsDws0#>@s_%_+MSvkWw}=)zZH%(2#{~! z@0FmEYW{t;C9E?8!R$BF={*#8m8|Rcfe|1 zAM8hMl&%=#Pt6bw&n>AQ-iQ9e9trIVzio3Yx-$d1t2zUiim3%OUW~aTkNbq9lA`1T zFfQ_`DH>jZoH%@vVYe*jSfSdLSBJl1$`977-^6kY0!qN3TzpX$;k&kd?ckb;%K}T@EdVYy#?TPM#|={ z&Ra4;n9J2~l}R4i=M@|V>qd%ULXh4!J>uI@8B_p=0zSm_(kZvEBUXR$J%;#BEP&Ym z>M)(?!JW_UfX)g_(TasoaQYMTOAZM&8;i5CM?j>1^9WS7*&d{^!Tah2CGI=@1x4AG zOSsq?5=1-QbAGT{VlwyG^hX}t^aEPBX|w?7UPyb-sPh5;$vj!|;BwL|n-H29;gsD|jD+oxYfLFYm&r3IwR&+zYjrsY9%7pbs6w zhQj!*Z}8#kzkL)xlA+N}0ybM)%WL>YldSB6wlQg`Fag zh;ve|*#LN1InwwhGoqnhFi z0zMWWJoA%==5Vh`zX<#v z2r?e>3<@a<__Oh_@8>u7l&hz3;p-ue7;+-$tT7Dl@hUi_P65iuC2EIDI;iD;l|8S z5;De363?(_4s(rlv zkwO=<`iWJ{cwc&%k17Ot@yztcxARg@&|iDArphFrr#%b{Mm@8Rc@4@5>-rgVn4fzCy#OgP{vf2nbYqMjT4GbuW zthg@YPeTCp{&nVTSG!*gKU@cASVyj(n8O5gW^8+rm3IBb?qDsFWtalIA08e)CJ6YhHy@;lP zGA=wgbqEDbufT|$2pkIhB!zJd6}ORiW}m`J1?80eYyGHV4Fvf;zO-Wv)@tG381;ZfXg;qZi&|Y^Fl(Ro~f-V#!pG^ zAMontP~$nhvQ?d4bQ`g56UwVLqA#Uj&kSH3_SX$ms9P}GJc6LQG-D4blh3R7iQhT< z)M^c{Tl`VlG;n^i2lQAi%2(X!H7wdp`P)3fM#B5qjkGnXfLh@JaF+<&MQrHuf8T~j zI0>-EWU#Q!s^H$v1q^8lF{!@70x76Yy%#a9)W5;E2Z2n>l@7O7vhAgVNIVXsS@PIk zj|{WieJeq_cP{HO4xZGXtc(*kd-71tf$}a0U47CO=d+_Mh*R7Ur5_~Nn*bEFb1_8W z0DI1eXQCwj&^pk93th2ze}!DcI_JK}L5jvEh#8WJW!1Xxrc;KTZ`ta^*3QXUAuQm)~QfYr=qUz_{}GJn6*%;;a#7yr{C;Zu| zZdqBWp^)I+{t&N?)`-DaZ%z>SB25;ZF)0{`Z==abB3+1)_;`2_Bup%I?5E(QLlAca zmnB+(W6Ct+-O3?w$@~!_58`ES;v$NE0FH9>;E;B*+~*X4M6G#Q(1EzX0N5kK$py;g zL(DyjdM>sE{?1@}sR58E1c|`ce!c}@%fj_3cs4=jPA$JH1r*>joy|~uj#yjJ8`2N= z#4Wq$Y0V(jv`%aE)gU=s^%0(s7WCQGXmq{TSpk^Q1eUvPLz!<91vF1H#tF`QK=^td z%7aZV>V(Os~%Xp1Cj<$V(t|(!Ja@BEQlQFi)#)XiEd(n8!;q z*XpfEI?jWG^60*Y`6`?C1F9ZE@q!)nDlz9v3q1kk1pln_(4Es~2z|su@+Y8zB=xr@ z%{76&Dz8opS8G^yXm>jn;XuQk=PPfyWq?Am$~zknHZ<@h;X2htRuG^g4dSbbbZM2D z;O+{DjE2P;xipEF3!L!yS&*Bkd!Q;b3eC@dRMrIT8mL>NYY0ZEGasdL0sd$pAa1@f zV>Uo0KV=4#{kuuF1@_i(Uhr|~!|k=#lUU*R63G5mz=2+^>-BOO%K&tAD$q8*+>HU_ zo8GmIh9aVj!@5oyhwE3*(a@r*eCWKR8(*l$5M9Y&gzI>HOkV0>cNYl>q;LzMi4EA3|hrXQvP3Ylz@UpOMXe<;nI={5fF_^RCBlCI0Kpuv?)`b*Z>c}Hy1fB5mlEql zA9w|}4aY@jw+_66UeF+cubIBE=rQrt_N;2yV1Zx-OUb}CxXL93H|ijSN>|0ee#M%SD*t1Rt2Zq;H(4ET3!aE??eBU?-S%h(v)}S0cd*3 zF}ptyT{ypuqz)j}3Q|e7G_=zqmIUSb~gLpdYXa#$!1PTx}a>2xT61K;St^!bm_h2*T0Lt{W zqAi>oIQ{c15fSl)RY!xIc^rg`481d%|{fP(Uc)Bw%} z3Y`qx+C5l{U$-4+4^QxrK0w8aFCE;?0nJ0Pq4T%nOW%+a*Nbn9Nor1m4fc~u54FunBV77Nvw|;O)Xk6YlKP&VLg4@TH3d41fmA!I}Pt+~t6yUsBgt&e_;RKsP0z zQZv@oRMb1L$Kj3NbZn0VjO19M3>Tm?hKvD4bDuYI4faLA3aZ@;_L0{oZn_n-uARTP z*4ggphz1FSex~f)iGMO>_bBz-l_rwTq?qgj6fDj9VnD7HfoO>>{Hncl(5T{?l4X7h zYWgjy83Nl0_YlsQDBlI_+WpYHGNDc~?MDqGj4}>G0HUl1?=h`NX zDF9aZT^AlAu+Tdb$qUO_l6EVNXDv?O!8fo3g1L#sKboE2ujCsiUI5v^&x7FFQg1DK z*i+&^i;6x~xdO>s#7r|>k*x{yqitR!c6_}C8C=Jv6VBImdUBab@LE*Z^aV=4obxbxH`LHD+`*6W zMl^^FxU#YKt>wW3efZr{&d;X6?$Ezo4a+&4nYU#yCK-GLR7Aq>FE|{a1Q$hu#`4U}%@^#ByzE69X8SZi^rsk0QJ`RBQ)-tY$k7GCN;CIC~r^ro?Zafas&AG#pJd! zLe(^0u9|KTj=3vt^P>YA35GHX`LZ9Y+QDObzV>~zO|-ql75!TNWVpP^FeeN2)5xgM z+-FB|V+w`3}d|Fo*EO@(srRK>kWW@3>*uluJAYakMts zFmS^aQq%0-|}y_yj{K>(IwSpcFAM+?GJGr)D1#61ng@e=|X?=F1>{XIoJ zSyFrEe)|<9rhxh|Z?pJMk4QD?pm}w{Ba$W8^D_YG-rYG;WSIg*L5TcP3-V;R9NfWR z)(#iSj#Xp~=woQ`Usry&bpKX!{Me19Jl$3SLFIvj=Bo#Pzp;M+znv@gY9$yIn`S3A!ACS77y@8FG@^(!DJXs>3C4!b7 z*yuHJ;6qcEk8&;S-b?(eO6dXmkbR>_cU|#`6tGCL>Kni5UWC&Gn1`bHha(nO&X43GMHFbVqQUx{c>(M>NRi+_kS=e$f&#P(=*T)A|155IM3Ln9b zMKRadP*5&m@bjVoL$@4v+1i}sntH$D+;;Cp0)EUi7#26vqr9iZc5L(%xE}DzVn)iu znwjfPXNr3&fba+H0u5UToli!g7ml^~uhsv|+rH402nWmjTMNE3_gGNBYX^YVf;SQz z;Op=TMk_|fF|R4VOgwR}tkUWyTA~(W;LR}b?^uin_^dz5tf<-3{LZF0gZ304BOe8V zPcu~+yniohK&|zmXt#+t@rFP5vwo&^$^)ep@=oclsAPhF4VpBz0E<3w@{5x2VCh!f z*QvC{uNct+hj`3`qB4Nwq)zj@rD0AE>tD%hTKc4^Ujs-Qa(fImA{9}5TX$z#tUt?x zMZ)ZuK}0;kpXyvBEyg37Yy`w3443DOx)e)2|E%W0D{WjO2{d?amk~8?WbXjRKWQj*K1~{wL*P#` z7^u&7q+pvC3G?)RPsKa>A@Wyq_&k#i1>7p)7uZ|88970%+F zv>vn`fHAPhlMAKzQxSt3QBN44kT|_i^~*qWn*~+=^%p&hhb5+ip1Dsbi)C3By+t#} zjR%AIE0jWt5`z?;*DtLAMY|U%8HoT3A@7(Q`XSkE_J0_VC4Z#ErU~py_)7=WEkOcb z8d>)42aT)#M|~+FpeyHtet9d*X-N~okr%EQv~0+(OTnwb{wNpoG*Dvn12MP5U!%#! z#lp5`pKNI)8yqYr*GHJd_Yhdim?TnDP|~+tqHc(*pJN=4w-(5n+rdcUSDPf~Yv|y* z!2FaNv#h?v`Ir`S_}qos*V@1u#CN68H`ezw!MSZM0x;`fOQ`nWo&82AK7(12L!$a2 z(!ULYEaUDRE zB*kmle8&#H_;%+Mbo-ZYpDEfe2=K3LXRmXm0WD2yUeMKK0YI4$eeNgAQ>8(Swx7%Q zv`}N}86{rD)B5X9xqSA+ltLWRm^$F78JY~o`Stom1e(;Bisy%0P$HrXf`SDK1A@Hy z5B)|c(Rx7Y>@&vnLnidnU+@TQ6iAq^1z2sU;en>?>yow4T1k=tILx(%X@LffW|X9%dY{w$`LU3KkPM1{LjmZg#je>6Nq%Mr~nw| z-m-XB4^P7CH?n<5E2&qlLlkTO8oOIKPR~T3z<3f> zVj2FXDpk|0;GwAg6!z@ovB3?3F;<83KOeohHf&18loQRyRix)Okm5oDu>xc+JT2GE z34LA4nqsKnQ*n~G3_Ab{0yfx>1-cu~fM$l&e|ZBCuC#1?Ve7bh_VUUhRfjqt7@2-G zNv;?`j&JRrfw}6&&A3iJ`tWyXTg*SCwqX#EUT!!DhkM(s!C^m?P|DlwV(s3Bg%%Vl ztoT*bAcbbPpb=1QG8<&E$1_U195lEVL=wDB=gk`_C2`%oPvC?v|J*L<9>uZ4#DR04NLwL-@B+J!?Y%JjsvhK~&|b75$Jrc4 zQ_8)eJoY}fXi-Dc;3g?8cB!nEZ!}xn3iiVtTRFUk3Ke4WAT$)`M4(XnplXAuf4iU+ ziU$?~E{a)0=!}AOW3H9T2Yrd=3Ge{;G8hbopH&~8NXDZwdEOd~pwLjtnE447nC9>&;PpI$-rwg8$~AskaJm0w z`@*GpP-Q&sMSbd`YQ;cg_NAv0_PXIUs+71EDImWit881Hkg&a1t};GR#su>JujD#I z-8lLF{xjHxU5Q~ETR3xrC;?J3;lbn)4h`DH7W#qZzeBs#i9C>2bzw5{Jf!AI;{I(T zen8!B3kL&C!T}`i=Rj+7O76px9{70V zWDkNp_y`%N$bsVSDEC1Ey=M3z>0hP41OJWMIWMCSv{#+6J-m zR8!~tOV>FnS_WuxCO-FghM1fdgpv+&>)aUC!1qv_np=@ep|};?n)}? zL3vQ98^Kn?P4;(^#xMQF5Gu&>muV4F2q15a0lZK_^tzwWU5u}7DXp5!5x;$`m@*?oA0s)!ItcAztG#|bIDRc8fVUN@G!g_yGe*8Tog*-7l*LTmas4Q3aOk-T^fIQ1`dKWeRArvG3a3rg0J;mrJ=wR z7YLn&mvQbpVCttD}yo4-d0QpDBKhqJw(O6}cjnud- z?$`k;K$7t>K_DKEr{&;b?;|GO=kezUiW;%~A&9U4Ok(#Fx|?_kCX^JXQIE8_^`*Bi zo&kQOXJzPLV9v+3tp1Srp->-a=UZgd>c6$2P*c}3L?O%h{4Jq65-C($GwV#4@tvOY zeV1kEKaCSt9bZoNLONWU-Q`7g5<# z1T?&X$25XcZwzwTcOnKq)s4P(a|Zky&XXIS4$e5!8~cG>T8zAvPGtc>dQrKNz1)k4Qb5zldY*bI9M2UQah;j;9pXvgp1s=aE?%ZN!V z;LYcw_4zrEN_TNALAIG}8LKbgkNfTbn=hHmOO%Dk$UI41Y5sJ6yqfV%m)+bc53SyL z6ioB%b6;2`f#8a_^=y6(n>|vHo|0sKATEzuQn!n-VS1S3zNaTh^>XRxOGKZ&ZyPQ6 zUF&i|0GOqZ2Tn(Qg>f=jP2;}D#OK@HAq9$AM7WCr`3;Uld%|VRTR?6wo!z)2$dTFw z!2#D@^$D_R@yPM9+1G6TF;x6kn0?*;cBl?ky;L zb8F^}Ub`X_{5T{NlB^~mO0BLTdl>JEr}T5TRjd7yN5jpX?xLo*?ip+wiv2-pKZ! zaO@^tgFi~XAwcC2&!bM0e+Mb3buRI+4MO6 zP`>O(IP*gi2oY9zJ;;Il<^FiQdBtouS$o;L$5W{_!KebydA8q5rjg<&`!dwbAK;rtemu;yqF zS%O@{@L$>yB+?p(3S5k*{Q`qnCS=O_IDdp83LRlU(9iKIiJ7cR&(;9@uWG(z2vqSx z2=(Ao+J0V8trL#*?{zN94bJEEXklt##uj_8IcfYY$?eW)bQp~EUvv2>$s~o6Q0CT~ z7*4cNU48~09oM_pw~Zrl=u35=VuYD%w;A_eUZF970{PnzziD_-N9k@&`eN5)asg%I zvGm3MSxy&EdXd8#I#g9uA&20j{rwiyQ{1@h>+x6luOIF*K1~{+(Afbl3pW@y(@1XU zZ);*f=`*?xpZ5OF)+S8jV~ILT&fj-r4cWJA@<2L+v(T1vi0UJ*JF$KbAaKHM+^ZE( z`<8l=5OL$-et#FH!09I+9vQfGr`10U22K2UjI9I$XVhESMB5_1t7I2e)TYz~5z0@! z;ZPSu{gHl)(H%a|7Zd$LIc?tK(Ud5So|=Qvi{6*>m`0;l9b#T7x#!33Mx8Dk~@VJov zw@+W=#R4|&1M2T2B8m+Ya8#{St~{oR22~9hm6z8_Q3w+^-yF=nCXH#tH#PJ3J6ix8 zWaq8XTm2N6VD-X)o7)8swcNw=FYUb`o9j=n&-PvAG>*W`?H=CYeL%t}4YxPRe6aKg z&2ZV+G+TTwz9aH=zaV#FJ>=7)Jt$k55)pso$Ar#=9@`-Ld+4%J|EUs4H-zBo~8J zM6mq+rX)F?s)0nlJpRR+uTrnA_28Ueht3!rGTn~>-PS*?A@)T*Z7q{;fmS0dT46>f zfnzY`v@?zAmg%wQYD$7dLY*e#scVbu_Q&8$To4{E1#5i%wI6Ears%nBxkfvk}Z+@n{u!C zAa^Y0gv>Zp_z;4kHjbu4);y&Z2i{9O-_4G6AjgM_!&>S*GWG(hVy#;?U3F4kE{~-)TJoU$kH_ zi|d12)~|0aL6rkHsA&z~8?Aq5`bWQEDT>5xUSU|&t_qSfX#yBaqUE3SxKWkvjLsZ% zqJkN+YNt1qdsgiV3QmH+HT#$ySn$R^-~bp+O*g??d7eIEa8DBExTJ`W^at|;P;mXJ zj!18fuG6)Y;{EtvC#ySsNUx_LuP?0jhTW5Fv~-yS_yXo)MrmdG`=+y=>B6;RBq4i% zad-=7`7X4KWBV)v44jIUh2H$vl|vm>IK0r>q9@@5 z^*qFhQ*a!fGbWSgkKpEfEAeeHi@#U>^IpdX|3%FpceR*SkJk^D74z1UuTY9a?B3iv zb)FwDTg*(@0vQO@KEa!nNR8!E@Fbh%vcDF7-(?zWxQD#RF+YB@+H|VmxOvq8zIAgB zkNshO*1fhd?fb0;B5B$>bt3grb_dXD80k3V3b6OX2+j$zoVEI33mp?+BOoK20uFmE zj4tg(IRnWMe%iex9v>io9eji*!_u$VBf?EBC^#gH_3I|Zj69thsa1OE^@;q~*Ed9l z1xxCAkWi$_xP$F2VH)>~$j;gjz`1j9S>nZ=cm(uP+om&TFuQO&B|LW5mK19a`!nK~ z7$?G%Z-lLT_e;n`)4}*etTUU9d7>C^y!i(;;$vzvXLu|NB+g!>B-|_Up}A4YD_3+s z>UiL01z-e^x`YBoK0-TyTihBQ-MgDHBRV#Gn1Cio`{nWSmx=f?CwjZbFx=fSnAG35 zoIWr==fN9$wV{@m%T=S8(>O#7dqZ{Z;!rjsd zIZlXKjNJW%lc*zoC_c)7uQyPtO=@nwh8~*yPs5HzR0Mst`t#$}Ga=}3;>8 zW%!yq9B<)HqY&sL6n6ZqTb7w{YG{bpM)}zd^Tak-vMgfV!x){@`2joJCX79mj(P9=(wViFEcMB6)-_ z;Kj}mog#n_Ar6Y-J|<6siF|1vDH{B2O&I(~El)B7CQtAL?~uL?*tIhEssfnxbQ2W3 z2ZRyuG8KPFGBG3QlL*~^mLK(|8jF0jDCPnuJJh4>W8b~~rPo-5yJEO-J1;x0=3w4X z>>+#Y;vwP|)waS)iMi*A0h#FzDJdNcG~zFX!R{qhh=)vM?NPwol=3)jpKI65w-{3_ zTegc=Te;D{YfUOa?eatVYX<3FHD#qt}u3g#8 z1?>rIjs5-{&qiRLIW{#O#lBVk46h*?j*w^JW* zw%+2yW?mAFjPLhm?%s#FvW|F2X}%KW-pg4@Ppx?oMpHzPHEc(Vov=z#V^p zqI%!Us*hUA&Bo^~&BW&qcWa(nQBn_=drzbYB3-t3J>4n)-aU}nbTr7hbNn`}!|RZC zQtnMrNg#E=V4bIrEAfIk%o^e}l(~mrRUQeYQ~q_&z%+D% z<+CELYNT7>h`Z0((Kj1!gm!W55RBJoybw~kfTRZ^911lb+0uJEtP67mrF%lW zaIMNT@wf>yM+Tki`rfjTSJPU0-LDfhf7Ck*tEcl!ihy8M=5Vq#uO zINIwUZJ}|C0CK36u84TsAf9Qy{;?pamNHD&Anb$;2J<--FJ$PkL2Np^)>=q!9jC*I zbs3fFZ6Q|oTL}BcWduq2fnn=|^*X{K$g*K+d|T+>*DmM>v^`sCkiB>6saKQfk-)A( zk;I%>^tOM;X^z7tcv9&sAAg_g7p{TR@QYh+L5Jvx7S9}iI24e^Qy2)VBT#&N*sL)z zLpgYQ5k2>*Yg-y?r55CuxJtl#K?qWWXFO+F=m>}Mr{t2&wf-vRASxC;(82a;_huAp*?l-=egT>|K{kHh~qs*Y!VEfO#n9pk%ZPf_pw zEdH2Y)sIzmpvPQ7wE9@q6j%n!`QVcJ#4we4M1Cw7R5a(~ZWi_fG$fS5%%c%PV!N>> zJ`PbWdqT()M*ew`I8Bl5eu@HUbDJ2|QJ zN4&O!h2H=EzDSo*{N4obZoHSbZDy1oKe0Vrx^gthc%EP*EW@jI*lZRq=eRz#Z6wdD zbP2y|6lA6jz{Tf*XMoJ4AHf|IE}`~*Qr0V%5WI@(5%~{{q$CBgyoaLVe^uU)>kq$i z7s!YXZ4>}o1BEim+787Z za@yyiB$f7wk3$#^ce-(9dyk~CPHvOvYU8+fgpYf11wajT0IYvmUk9S-v%VfPV*KHV zu*w#}SrhA?HWctV;adCh+Fl|RFGY~RT&zwxAoYmCsGk;|j^o_risL9e;4R7n`HyX7pph$d%x@XFs8Mrk2276K&FS0}~D0(t|wiRrf@pq0SI(4Y+ zHXT}M{vONv2{P?x%G_tR?R`c03v)1otiRB#ecW3=@y}VWlMN;>@*g@^eS0xuNEc6E z;Ni#55d>$eM3lxwS7DtLx?p=Nj!+^>?MJ$1iW)YNm`YLiQ|=xemct8Jkv4}mwx|}u z|0UvYU$?zs45+L4rGJr)_5IY3qf}_6eZ46M@BqHME(clg!8n)7;Sm2_sK+cSCt#cQ z68}kkWAhD}wP&R(Xaqb=ex)`csfbFeUSlOKgc-AYU8Q(YqV7sAjgM&U+qHJQ>n&pM zFhKDhJZeyTz)-qSGy5eS(D1w4wXr%*@scm+ItKT+b-ckR`vUU<4&ft(C_G2archQB?~ouMPif9R`?~iuF8mbSAhl7wCR6kIa*mpKJ6i70 z8qTR-t~hq(fdx$W1(v*@@4wWQhqQqF4%$Nei@cnieyqT~L_qT|v+@@kdI#?LDjS;x zxHN3w{WnW$<=Xpkj7ps!RzjQbo6Gb5JLJ|>#%Cb>V+mc+;hD9M)nV^nlsXNuZVhyH zgnLX=k4C!Yli&mO9h6BC7&P_NV=Q|5=laL#JP)2N2HAcBj&GvA1g|q?TD9AC$>Voj zZ@+Ae*sfk7F`Uj+MQq~fe7osp55Rd)6Y(v}KNlAT5jdcGLlUE@GjThfEOFnJRi_Uv zJJ&it%up`^NA%_c3T4+#@)^y(|x+_h|nO?Z?F)pH5^jyoN;2KnX< z?5zZy>&qWQff%x85 z(IzfilHgl1CJER0C|~sjw{KnlJoX!A8uqPjK_k4q{Sw}kRae-CE%`MgY3B>x403TY76}rD2sxug^<3;#9 zM&_!h;1^`S`IB$QT<+sc=WfX+vHL1F`ZNB{ATyEQ=543pqGKeO;4JmS76JWK)9h$g1k{5sXa$M--{(X1}; zAJEkR=sIOfet59cWv%nCnO$ldkh2@8>qZ_$uo-E63$2O6%&ve8S@}+e@#9!nBp8ut zzi#I{(1@NjZ0?E=6L~IT*8$&px*}0r_a-gOi@{B zwi1fhig;CF@;D5_Y& zr6P}RtR(1_r7)8oyoH%|r0X-pr38NY?tu1&&T6my!h7&al~1kBLq{dWd1v*EPgvO+ zSw>PXx?Fs^TBGbWX)E`LE7@AK#u8M>Y4c>aeHoW7dP4qK0=!&Xl>^5v?(~_Ho?mVk zBntA=u<>{5`%E6xxB3P6439oAV5&QrR!m)bBMn!D?U!V4mSS>sFu&sLhUn$<`d_Y{ z_{du0@SPpAaNoA~c9bCzz5`f#xMaz&?Z~pUEdo;!R{e3$Fd-xDyYg=YR4n-6kXnv@ zzQ_Gh`}>ej&xnC+6>*&`h>S{Cj5-{w$EOvb?TeCc``O6-Os<9d;7QUbvq(S;WM+g- ztFpxjJXPRs{T{pb9|UCI&b_$QwLge!2%JPoe~(81YRow*a=UsRC57SN|mA-xy`1d=LB#>-=2{Zrj3!HQ=ZngR4m!KdKw+g#J;b2f_ zckDCjPy{FTZK%4TZG)|kJU)E|_uBy%`(>qRoZ9lXzcY!opWIjTwQYEp#tn9zkJdX6 zNx5-7{eirg9* z9slv4z42~O-rkBBJS1$K2Jh4&YRWtts{VWd?#vY~CW{W6vHbbD8C+}FbyL+kYju7a z>=(_fxzE?Iy8v*%*Qn&a9OB#KqXcyDN|^;KJQ2_1C(E%fkomt$f!#ni5sp|NaNnMz?e*wMtOB%KCoHsbPKs1U zYi^V^Eq3SJa-;r6r7XgCUP!a%zaWLeCR=g>)X?l9&rT`axq8cj4zH?7tr*JY}XkO#GNR8A<8@b*6Q$8 zB1gAA`-o4__D6B{$1XQaeDj(-&5@5QC;v*;{K>;rR+-K^>?R#y&!V*z@u^LAOEb}C=?CyKrwqFdIE7_YND@TlyGv2dDHXU(`-_nF=he{l?76%ZWD1zH^H^iw z!NxH_=d42P#_8-eZiyBTZEhcIN6DNGzOr&Cx5gP$fjB({41nEPs38b;1>^1pnoWK( zJW8Av1t;F#o@+_W@O&6BmJH^}3=h`^BP><%5bf0NXIHbOW>sg6Mb%HGMt<(SZ;%h7 zVC|5b$>NY|P1;CP?v~GTzc@!>-=KFfzo-&TKkxeyagD>1p^=aGk@a3TopS}@O1xyW ze_xDxc>0!33aG$v%YFBw31t;|`^hwxRG$vQ8)B{T56La)hZMvE1lkwV{{X&!hMLfI7co!w%1fa>Q5+tg7j`AP|^idTY%1!&6fU&F&>%O0GhRpfO?I z?)6~QF3J7H<)xR?{d-cTfw-$uLa%AodqGZkhK5uHM1?gX4k>{X^BG&PBgyvE2(nvr zsb0`cG$O*|_ZOpnh1r=8SDEmb^J71AuFd?DA?y3hS4;IC2Mk!gh<01}=l)Sq9b(`Q zm~s$9Bo($S&zyXEP;5&lelVe}kH;ia{frSljBwxDHi(8*jfc}ych9JLW&;i5^?nDRTv?jEhB-W@bBlNAM>HQq z`cC_6@ki|pSA8}VDH zEaeb=k(zn~sG2@`1V(69F%R*32J33xX9Bbl&q_>k_4%4HCPSUj!vA%$O$#=H=viS3 znsZ;cmSAs%8-7F3<3$C}$Sw^$F&Q(kG{bF^E@@-+eR$$$-~?8uG`$b1>>ie%e|bJ% z-NO%gA3tj$puxc*h~^zj4o|!zDjya5p-^+agzdXtGJqm>(4H`DAeEDeVI~E2fW&?6 z{duOs#2l$Yi>Dg)Dj-895>?oaW0zy(wQ-b1~S4@HY**JpbE_}s{h z-mLHQGdw24Nl{d_`?C4$kqQ@1C&uUO;(mT%upm_HvEF{!6$4Gy_Ae$*f3vLTW0PilEU7HcYtgHrH`) zr&-tES=6A=`#rlbJeR8mGy5EE>{rO*QE^|(7-7N0!zdAh)IInJIjf=01#a!gWaqD* zCIR1S|K2-;!IC*Y8ymImLHKf&ApW_x68hLiVm%!CV zFz{d9Kef*RDH^zFW4u40o00zFn#WkG-{1C=+0Q?LoXIF~vVDW_{+Q)BC>7NEB7z4B zOuW=JdmICv(yOQxF-g`2-a$y)2WI>M8;sHZT28IaTmL!a!m4i5*o+$A}^ zIwp6_x3!)aCYr;OxG(R7Ilo-suK)6<#|?-U~|T^7kO{xyG*bby`3-guPvW z(Jk1@_)0UjhDSbl=LrBU6?VD8VIDZjMkO;`1gPfo?~4lx!e%+*HPqk_I9u+FWG0Qt zEBsCsRV<&#lRs{9@O<9Lu8W;OEo}^+ySE%AQXM37vu}_7M>oiZ`ePTEpP-ZjG_$fevuw2Yc(=>^JE7D zV=qn3;n@y*?MxZUehs|H!Oe+BLml7r&Ae*fc|YQWm-dFeNxvs$Kv2VcEJZYEaWBu& z*sB2L@ueQbILrKtNeOpj4(a>V2U0Mx`>FdRJ2|veOS-m-mQ4(wOYaW9cF04gKPUJK zf8K6Wk^bmBQYO8;PG}GRMMKX*K(0f09Q%z@{6AW7UxO4p!Uk3cfOB?Q&R(H6{K~Oj z@GS*_Pn|u7^rA$zL*Q&Mf2X1my(C9N-D7EGzJUM+1g*shoG~9*p`rb{ZltrEn=wNW zZUQ2Zhr>~(FGf=U8$u(W>U?<3ASn~Y7br-lEW(^%-vygIh*i~r&QWlkkiR)N3ZQ6D z@Hq`|IXSkp(8U0s181BU5$~9w3>+~YfwX4sAG^)O@h!%_Vw_B8CrZkv$heVD^rsR8 z5RtR9Na@ErF$z)br{bZ1sSW$(f~5i6%teYadzvc~*7#GqI0#5MvyW}~sONAQCfQ5u z7x__O+o4yaIvKQ3ulz~7&feQztat&LVS?`h-R93dTt8kesn7F$enea3ZF^ZvoQmJ+ znl~KRjC^s93` znYkL4bRsX~>&#EWxL43u)L-B42aHCaHzT5Dp{@Stoz6gZW13s*E2i~fj&x!H=pt4} zUcEP@O2MW1?d#T{#s(5rY^hm+^~!v^Fr?4Hk!TxMz|ae|9x@mrNVSE;eJTOHIiufm zJT6GyRX=_7owp9KBsZ~f7>C;1y3V$9J7J&#&_C>Q2;YcJu4;(dO_m40bZv*63Z;D) zw(pxzU?nu!@E{<)Qq;Zs%f6QK*P?Hl)95(ZnM{~Z-?w8tC+X0VU=V!C=m2=`bm_m$ zk$=nyI=*-t$kJf2eff#!O1~}JUUguH;ds2fm`r@V2U>t{#SiMDo!`9wYp9QTe;})2 z|472}>|7o`q|4g6Zwq21l5h7#La-Qul+@%PU%p)K&FXvK!(OP+xg>JAoDmBjm>zLr zuD@ZwhP-^Ht@oM}v*_>T;M)=26XNdku4#pZ#|#^Tpvry6Iysn_o_1MLNCcc34`n zXEN71A&FWxN(cho7?xA>Jbi<0a~$Fh!AR{F*XyvKtv9tpf<@`SsPT-!{fJIhy0`DI z&wbBcM#F5Hyc4@h`%AEfe{!~qQ(7XdPwfh(Qk`@`YLO??#@HyB20}Xbb@m6DFhXQ- zSLp^ma96?CkLkwo^QM5^&kdJ7vEO zHgNQboAd#6?|=j{x^R1JcCS~D@+|-z{PvlGjLQG^=XL(Mr;t*}QC$-2m(s_OT}+g9 zvRAA(v?7{>#&blmeVL5(RosaHeo#EKeaW#ku|C95IlZogw0I(W9dQAYY4%7R^Tmy6 z(z`vNi)+d_^5MQ>f6;`WOU}@LhZ*kIVN&o}HdL$Q^bqK#{Ol!?P-}U-?jKJFs%Bd^c--mw?8G5282EG`M;lGQtVz8$FOGBb}~MbA?>_EU6byBj+{(eE}npOaB++ zLf=~MY6FnduvBK=oxT)GNv`79Ja!c30HAvQQmC-to%I@qN={ z5OeTvD05z49pe1o>QWQzA#>TxIe>vO{<0W z0x@9ZUAn}5ed|T*iwBJyREwe{0plG11gwu?;Mfxmn}dNJWfR=B2#9bZMqONBGp-k< zwx!;K|4oc-k*OcZ84A}{fW9)sc1iB&(`Fy*GAS)%I=h7szt7nhHM9&GSL#@um+hY0(j@FFw9i2P#SmzS^ zD%h}gkllPyVc{nGeZHfvC;f3 z=JItao~|@$vo~YP(+@^8`ZRpSu{r7vqzV>}Q~6g|hyGHjzCPf6zAXHF+^X9LRQ}-Y zm&1ApKoU|eX!z{6K2mujz#`9#a|^8chzem6&Qq^3D`2CZc@D+ZvFR6Qn_s-qXpk0W zgM8wzftlB$b@Ju#P8f3fOU!;1L+?iYA#E7M1H`90xH8%*7;uu7c&woJ7o?%RO9HR- zc=HYF=B+S{&pGFQj;sSpED*8NUW0XMtozK-->Qj}k^Mkd$3fG+G>td(1P z<@7P4?Ec(a2OxQWIG1%rl73PkEf!`aNa5=-ZcpA{AMYD~J@|a!nWu`6H9Z>`xO?lE=A|iJfS4qKO;66*%WZ!NM)2d*&W&oC|f2Qyq(`oY{ zz4K>M*weUrK~f%&yb~&f@C|(T;f?ndYqjhJ2Y0{NYws)Q;ulm&o}O(q)MU3{cxCZ1 zSk5b%JCt&7^|rbN1+Zv;2Di{{F%ou6=cGsIlWoQ5waJFeRozC*Hrq7q8z3>xJ(dNP zy3U1s3mLPa20k2AggY|E4~4#z)tKN{&TGS zI%^}rOY=>q+R&#ORAJPIYFBzM&G+rgYzm=2O$4lv5dy## zWad!7kM5H{i+Dy{3Ya-v94gZk$d;jMBv>!#j0SY+N1HoBnL;s8yT-V?v^)bxQL2r9 zA+b+=M2gP1RM&lFB9xg{vKS!?>QFxxP_3DGPBW0{_cYABE1bX;z~GIyU&P(uA#{jt z*>}m8DM{A{F~21t#(n#B%UG8Rq%V74-;Uy59v#f#q7mx(w6F~vM%yPV83K~hky6~O_KEuV-G~#of z0G|oh=e_wG$O9;o#pK>DkT%Bd*@{lYU2PAo2T-oxC%*z^M|HK}DQIm|!&d9fo4Up= zjD!fAN5vnnf!8%FL7jW@-VSNPLawtvzdP}k`iLaBYCn{%2)vq#Kc0p5z4=cO>ZK=A zwt9p5GZE3~_}BYyxxab)dJ*X6n2y%1NSo)AxV(2DhkQuLgF8rwhrt|oJBMo7KW^`EFxo2nFxI;ugX&vV%#lNw5F}iclvcj%-hhPF-w6ldG7KRTXy{i% zIvz8_R3vIIYWdU<@6C$nolmxuX18UN&KpbA(fecexpf|-nQ}p!?LQ7K`;mR(5Gi7N zi%6n#ybyKyo67gKSUhcfn1TLtzq6n4q6&Szy8?jlRIIM-*`G*I6#^ODz#ojWTY=~m z+34HLAcW!X*TFHP$tiwsMY(T!Cyr3MYdqVH#k-4AgWlg^^2da9*M=NPoGsHT92v^C zbVNln#}ZPPPnw_*_kb;#fm-ON(APRgIGJNoxI9U)3MBjuy z78g(8uBW#u5F|9+a4KA1?Pfc)YarT5Zq4!=bw% z@lc19-;;R&)O2^0ejIiNLX`~X#?>U)s?-Mzz7*0b&c}!3By$=l4_f_IS3*_V#ffAah!;BVoTz2aCN7Au~T%vqfcnP4DMfYF8WC_BcLp%Vm&0 z-{T{HJ80r4+AbI}Hg>tSvs=wc#n_Od>M!q8etSB7;h2OmX$x;mupxzrU*fCERY-gg z7qKqmkY>}g#JDQeqEC~7F9iw3mTia`4P|IZ71C&Rw$DuMk_IBQoRtK~zppG8Umapr ziY|_#Vjilw%Bh(-9|PlHDE1-#PU@*%?)(GCs6bYTh=we_{cYmBq^&x9aA5jYU}qEb zi)fs^wt84b-dXYVDU1`6%(0+j3xx0Iv~*Xkf(0EWa8P-F6;23+!}~hM^V4pINy|H_ z0L>(xuXpPnil2QXk4u(@&FbO&V}KAn7A0bAlex_;KnIFIe?6r4=rC+^2>)z&&@`cj16gdT7S2Wzg~mp`%WwU8N6UG#d6FO}RsCS9s6V6_VVBT6e{4akTHM2Y!!{F4 zrB~{l2l0f}dcqoxSkfZF4}?%H_rYRzPl60qDJGVc>sr&lnw!@3@p@(iu+QI9XIG1@ z-QKA=aj9Xu-@^rD;}^_RB!{w^OZPLE#!N^+TG&F6aHV5a6XxQ0O`~F8uKSC09nKCD zNVeu5uWDL{OR=kWPA`2yl+q1pV2M8=N-jJqt;4$eGPK2di!wq#Hn!r#oJ=1s=@S8| z$IBB-Dnyob9Y2vS-(akHK3&jzGLhAqeQ9|=2=`0jC-%g$pA3!WaryAh#1r_^p6K@D z+QlOTWIHni(gi(451fw0m1e)T_Jz`#t~4%nsrcN?j{_yL2ml*3ow9eP0?7R7Wc|AH-)I}Di8OsZbSA5i{8hKO(P*M{5*8`ZGy4Q6|IS-6!oob-5 zVF*t1z;V{=!Y{)mBV#-}f!2}q@D%Bv3Gx5Od>s6rK9zbpApw&|K+VjHR-wz9;7%@IszZ|LXL$UkY|C+gnb2|i6)q392`t79w)eAdm z`xkcV)`d_pp4I63+n?_ICh_-!Au*xn_N%g);BfCUg(ObvCGok-6xUCtIp9_U_9))& z0>p-J5atI|6$+Fnd#_M^p5FEf<+}X)rbJrFb+Eqc{n%BFS`Ld{)GnVtTDeXqKT*_Z z>$-PKe(N1BA%jE3!w`&?lm-Cw&$`A${H)$gucaevPM}b_?H# zZJy8}xs5~j2slv7c24HcC1E8@j$T@ewV7^wm*&z9m6L3ar&u4G@T%5b%AX!xj<)WM z8K#uX(q1m)&NOiQ*h7fy9)>Z13T)+@q{kowdlhU~A}-}37Jr$)+-?KIv2c?^>T^@b z?09|5@eAZJ$HL}baLZSJIH0SC=vGSSdlAkzR~!e*mZ?`C)AlQ?iu4%-^Nf-76PC{7 zzDM{Jdxt@|*;Q#|j#%X~u((N}>dx&$W8LS}5M6 znBn<9QMI$0PN^hAX8R?^?2;?{ z2cR+lb~26qnWZF@dxucaVX4;CewoSisJs}&1Y3!adFdY_RFYGuNQT&m?{Aj%f#xg- zbiSV;$GSdG;BFLu@QzpWC}40ZOi;oGI7;PTT6UR3J*Lx4e;88Qs+jc!cASwZI8!I~ zQ$^emU-NJ;F_1rRZaIxvoNEU=z6l4mkmephjgFH6k9ZM zHg@XSyrKiwc74Di=KgpN^ArK@4Y{AqvG*g|Iqmi%Q328h`yI6O|*!$*2^M(FN|N)IUfOperM?6Q1o^S1*#t|jJgiuW1t<$-c7K!b=dfQE@MqsG z6>r3-J69?+_K&O>h{W<|fxO-%{m$m5vkY-EX)lLHH%&2sfQe4S__5E`f%q1B5?qBA z!SwSLy>pc>N%&3>?X+Dj=Xd1cfLI%3TW0db{NTl08Ax-V zYu(~cF_=&x#M=~rV5S;;rnEw|k%Ssph_d3w6SE%lgQe=HSbB%ygm~L_JaiL0Vtgk9 zv77Ekc63hnlO%31@nwKm#l-=fvcIP&G%|z1O*$wm>h6z}47UUzv6Lb)_l=K3&9TIx z@JQ(WKV8d*;DqjnpGm}oQ7{Lc%}m%vhetWT-YtB~jnEB~6K+3_sGj}T1StsY!ikHMMx1t+(9kJ+Yr95v*alHy~}%#vAFp0JF;An<{=4@a$lzIS_5 zKd1Cd2;S^s6bi-z>tUV^k<{VI8P>dT!~8c?Oj5VPwrau$IxZ9GW=B5*Q^i!y#rP2J zw8a<^``VAQPy_(!MQ9R%mvu%)^gaDK@v}P&cW|UA=DqJcn#0)SXnjD^{b6ZxUo`aJ zs;cx^JqQP|6|bMLutCjdl#W+lPgEiBz|!~qgvrYMFQ!QmM8JZn z>%7JV1=4|FJti-?n0y`gjAD!ifO0v)Z?rZ$3xy(1|uG<|9 zDDX>e6#K)s`Pyfv>8e`hzWW!*Ti4Ny2=ir;I|`Cde{S#>65iD6(3WE3ZpW(Hn#7wg z&A=msmnqz4YwPd5X;w>Y3^;0W$EkmFThh3AbNBAO7yv-`0Au1kjeOMMUWXR zKsb$s3%l$UXX(Cw2mViq*rI?j=FwTL(neIc$eWGW5fn{|`$v->k!lF0RL5Yiu4(?f z3Mdrvdk}oA`!<&h|Cy@CnU;7~AuptV+LF_VjTPN_-~H^WE@BwyNTzLJWULC^LfqvV zng_=~8^gy9gct$eSSE!QY(~h(&h!KP!*`ev!xuz*f6npEBM#?h<1|w zmUxyguF&qASj2%=T3VMgvnmznQSWbD$BN{5bB{J>h>)~3<=rMb=~b`AQh9j zm%F3hmLH_Tbz`5)bAt@~T-dP4Jq0Z( z5n$Z@y;2r}^GTMFkAeZUOP$6lQq1~PZ%0k;T+V_7Ynw7ieju~Yq9-K(&b*+4{f-HR zfrKglY05tKZg#q%fmJCq{|rIo)J>NMG!&FE*gr>OWjS0QkIRY;8^r2MP=(7!+7|k` zr-Dy`ov8DbUj42`Oi*tSSpHoZlvK4N@wqCXH=Z)odiSmdS(k(U#HuHlmmeQtR+ix&G#EyP1rTLy03<$w;QW02sa_T!IG$iU zvqy_FU3{^AeyQ=Bu37i~!95$!3(X;KL3T|D^y8UL2E zsYy?d^EB_tqCcxROK#6S(Y;oO@h{oP*b?ra!C^G#nQ*U2Ay-GMqZiD5%-1e(RKCdz z9$o2Z^Lb>9A@`PUXDd>!MkU|Dw2C>SWmxk0Qv`X3Yl>G)l+Zr~*jp$dq%kQR-cEf_ z&ZPlvlEs5|Bk@w@_D8VQ_KSkQsf8LS%@eRfXBh6hz6m|Z*AXUR&GGxewpV2&rHT}YqS>{ z#P+4~5SYd*`m~DeFxBS>UalyqlF?g~^N#KfM?&f9O?XAI_Z=%|jYhMNP;4}88?k8_ zd_#ZlH;sn|?T07tbAX!V7hB>Kq`i6m;}AFu7o15m{L}!Vh41wOf9C%Bpw6O8?%kQxP4$)%u0Ly#MwanQ3QL zxRfv0eEIR=ECH}!A-3RO&EYV-<{w>jcXmn7vDG@981sio1f!T^bUi)eL%9Nej+e}~ zGq`|GB&U*(Z1t_w4}V#VZV$x62Uy6LlnDLL-5baEONi1MREFCYkiW3L!xr$BL92)A zPDmZk0ZJ}+Z$8hYCKg|qgyZ6gC&~bV_uk!tTBDFN9$GM%=b~LD`k=>fc+14WD6Brb z^roKVJH%Z)6Hg32Q8D+yKEva%sAR<_3$B)BE{i|6{Wd+zSC;7^>ks#P9Zy`64|_si zuDY!%4C%dD8;9Hvsp~5H`{82AulL~@YpK==x@o#N!i`!pngbWakOYatAe2`C2j zb~3&Yq>$AIz1m_|YFSrPyHE`Ou(&A}^Tz-9ci!WWwOf?&vEM}gXNV_3|H{`er!?FG z*o)P}_$kWPL`mhl?wh;c;r>uRqZ4k&h(V||C-~7QpMdv;;2V&1(^zQ%6|5eHlt@7digWuq>mImm2@f|&d!t$fZ6`sq zsTdIcQI~VC^Dz)oP#I4BEoy|B;VbQ{h10%lRVq9c z8?J|!mAkwWyiii(qp*=Y1?zNH9yY(Mw*tIPLe*x!*^K^br1>;cjBbC5-mgN57VcVq zLxJ6ff|3TY*TlMcsE-LXJ^@^bKk%%!Nap(c!IIv`OBmXi)wxw3XqD^iK`f5Za~p(I zM&_2L?zMc^-Rj#02(}bw`^KkZMLy9@NQ~!q&qx3l+9ww!tL^k|nb!aq+%wMTZgqso zxC)Pf+2i^$QwM5{BAsB=?OT4hgluldsJj&wPu)F@CJ(jwwb(&JkDwAC>g|5!Nx!J7fjLx|CuUAz9 zbQst932ilk0>Y!G#xut9eW}nq@Q~S0Qk}T%hcvW#r}`N+Z|x-Mmn6aCdt85~{RbSrnX5;SJ@h9WH?Sy(ABrglHttgzD_8ZUPg?{F`L<;L{`qS}-fic^488E2kb2y~q#I6A*DDxC z{bjm0dO>c)v-#U7BKwd+Um``50y{H<-}v&-89z(|=IHM?UxcplqyDY7*`eO;8syM3 zw@>rQgQZma%+=dh$Z@lM?cjkv(Ffr2HQ?cE*oUKE*j}F*_h$&V%h~qHt~`^1(^q2% z34Z|*w9%YzTb3nnboaD;bbQERK}9>p5;cw~xDAu1_jRtwm1c>+;b$cUrG-N47UVfWzt0Xg?0$Js^V# zdKX)75ykv2DeG5rw63%ad=HXB*S=7jewctVaaec6YdE>F2ZMCoz}W0y&Bhp9sV_Nr zBT|BQiS&~OgX&LZy4+g_$-cj=hvl?~08Phx$I7?aM674xdKb?yJq`1@b_}7#%proo zMiS`ahL%L8mtzh8xN^R-E+6bKdUES;^DS8Wl0NrXiG|bj$bTkbUss$UZS0^bgaqMtyGkAy?s2;A`4^KCjS4{L!&7|JKMU!f&NaX=`9S zF9OLl!RS9v8P^6(CL9exCG#KP6ZKjDF2(e*_IP8~FFAVCKRSAI#k=QbR8Tw} z{-QjuGJ&qXZ!&LR$l7vpgW~+Gl#04Utv0BL<^fsr97NRzjVWlIi*5oWSH*8(EV*r& z7WcMj7$hxffQ}wErZ}V$>1M@#&sRkdl$pb|NBCIp>G}003KXZX$s^2e$+JO=U^E>T93{d3n~kI@(RxxTOfB%4Jf4Q_@BRcuH*Nz5dXTfh)Av-}{ru z{82#9?qu#%b`x=0> z>jzb038oLv<&Y<+F0m6r(Q6vJ{_|*AgcG>dZI6V=;`w$EzAMN}K|`dAdxi<6R_8;C zGLzF8u5Y7E1K7y;40wXP~Ejgzg@BINzm_zwYs(t*-zVQ6*Qiqw|x} zT>%V*XTX<W^Ay>;*_jqdTCoZZZ?obuuq+g)vSoEF zfCr(PNaw`Jmy_|i-Xd!CVkiV3KLWJXC0X~_Ovl8gU>XrQVP&!G=q$UR7&a;B4B(d2 zar*9igKiOioZJLj&Qx138~LXs4ve^hAH1U_l>*AUGdx#LFX^<$zz>F`|9GzC0@82* z+t^-`;<!3}xuS)x1MBkkQKsYILjiH1es4~&j-Ttal`^^z`1ek-LdA!Mf!Lb>w?K;mvOT5Ia}gW%Th zp`Q}xS4MjdSadJaIwpSvn&>{P zST4&QwPBag{iQ1^uvsql{(?v;@c;@%%`4zP7Q`MtXEVFJvImF=B9u>hoJXN7A5AgC zcSUn7D+ACqb=3V%;swyU*ar1$(d`lUipK%Fg%jc!@k$=Q<^stKKRz0eRoBH7xaFCn z@kWIY>GIfDHo(NY>(R_VCpxwc)Sb9`vP0RYpN>gZbO17+`akFN0^V0Z9vb{NuJlJ2 zK=Qw|*6Gp;?#y0Lga^gtaKGYHtx6W4>_DCZ-Bq}K;XgTU%;UFaJo4)7 z=>{@t3d2qeP(T;(diwKq0Axwto~`(hUZ<0uTv1hmMWYv3$?1YvSII9_n6hMeJ&ci# z>Ji(RhBDbUdg;~M+C--o?@7Z z2gcrtY`Yfhr4CKelZ~D-6h<2VuOAkb~ z>SrNUQf++IUx`^0EZ?3c9AP%1p?rOg9HtHYtW;pnNfIZ9YO{Pg=i+?BvyJ&q3@WmI zW|XB1$~xajel|YXCL7iESpLQ>$y(2KpT_XqX&eu}7i}^#y?)RuC#Sh*iOyd7?}Lz1 zaOBGE)AyJI+PB!M-x>~={ZVu9IR=kLDFq)GZeb!8t&g^0=cY?i@?!fi8Dx*aJs?FQB720g{83q6-T!Xe>o& zXLN3bBIuJta>F1}`wISG)qaz~y(qGA+(KyHGLwyml+Ex`U9o2)muhyTfuv z4Zw`h=mvZcZb*d{_am~lM#oFRRIPLTW^j3UqR}CWueYZkUzb8eX))15{Q_5jJy_Pq zJRJ}^fOvV{z9}vt{E5&5=dK&vnI*Tn2NWm5?MV>Q>AIJ&6d|IX`v9X}2^|kcdlZiQ zfv`#_HF+GYE5R9PJWihdSrvbeESec;{Lc02c;gKw5G83jHS{kBnQoigho^ff)qC?o zYr6iWVVb2>57AaQU!`~z-BIL85%eFltUUKxA_o>l_lXj!MKN@N91Z#UL8tc~Z5+RU zorS}Gy+2RkrQsg?06?o;-my(TB4i+4neSe(NG-7TCet)r7E_D%>?c-H_}YsHR8?ID z%N<`iY?-EVgME@%`}Q=otPyefVm=%f+7mr0_pMhDis%P*rdd57&eK66MmIH1%L)Bw zp-E&SakMu; zHTOH9l`~O%)X{#S*_vec8xQq41NOPwOK#lCexW<8k6$3_n*%v{N+;J79IK4kL!38#3f%Ed)VgVFt^Io$~3F-l&Y3d?~MS-SA% zIY^P=WYoC}U&uDtd*m^ipXjSCeEnRb)A^7J=&G*MpheM#F%_ori)-F5JgFXebPnPV z;_h#fmc}23zQ}l|A?;o<*`F7ix88ex+~PCC`?b%mdLTXpIN%)h5VSt^3`Pj|&zYt6 ztmVz6r(}BGsQsdeuHg!gZ=RoHk=Pe%ZLGTv=H&am^S!~v($61EM+yJ zrz_seg!GxF8J)Qh1e4cIXs#nEp8DaBD}J5>0l>8NedK<*4AkIDOivGfxLHFd9sR#q z=TZ;6N;wsiz~dLMz2!IjiNv?SH`<=j69EGWWMnkS*^Y#^C}F-_tZ4A7t{b z+(pHw2$!1e0ONAu&GiLzc`@9^aIhIRJ`2o8roCZLH>IEd;}}xEeJl@(Cik)3pn(yN z%ffiZux7pV6jm)#n1jm$3anKh$La*MKOdaierk(H+~9S=#XT$6=PO@B;BoT6rT^U? zD4QfFS~je+1Rni^Ivh1vvgAF^Ehx!-S5t@hY!{0BUYp&31I29k4383Aecqn%g&Tt} zm-pk+1pL__9%yw4@TB99{i6m*z|`~Thjw4Ud6;Wvoz))Pku_$h;UiXw@a*-9tbk5F6E@Hr{o)V`x9vUO`QW5&^#=qe;%=cZj+ig9Qhbiegj z1N1Ww0iWs-EVXSR&CvbHw}J*u%?m8_*vVENB0XQF=d+?~!QV>p^2eZ&iF5e1N_AN+ z4iNERSNQ`(uz%RnvcYv!2~8dptxL2Cr_X3j9UJXWK@0r`oWp`Ha3ixWw*Q#YdpCs} zPlG4-1&B4BAdxgOlop_-`IR*H8QCa`G_rQ#6N_FiS$|EiJlJj>L!O{=n4xDRu`_$K z9-4I-k$S$oZ&UXWqZ?-YTvxM{SGCfqhjotZFKeoiu-x6;7M$pK4^+drI%_$d&=Nk- zRcXM82{CX-20F$)IPSlzX+N#l1&o_GJ zv+YAOG*nt{<7tVQMiu(fQoCH~D(%kB#t}@H**dIRo;t zRr=vfzK(_jbIa2eWMpNj3GE}l$J@hhuiQn^;EFyK?3!^LOO~~nMisu-PB%|h(ULqvvQXgui}D> z`=&jJJiwjdykNCoTBI{N8?;Y%vPzkda6IV?Ic10EttZe^D8wry(Kpk>E`3H+avy7wH?hC>_Oi_97=+%P_m*azk2;7-Z#wuy!y->Sn*yGk$TqNgt+A7HRI6M6HcjZoI zVkJY>Uh;N3zoR1~OSc#qdo;g2uFiX0C;DLf><=yCmK0UYM1`$HVi-KsD-yS-2mQO; z0^}`|q?;u74aXw*Ra0>d4+WYb_v;0_i{mB%a#G`miy+41!x>?8i0dfcf7wxTU*M0f z#rp+4Eh!KFS>EF|_2WMV;);Q)2n2QxT_Cw1FHurVUh1AxG5glU2W3zZYC zpcb<&STdAg+zm$+u5w>4P`dOCZ#e0qgv>Bdk#UnBck%V0j{718V>eJm;e__xw%{#k z_iLSr@=e<6RN4~uL9qP{YJaUSNq2}N4-!-m++~NPw5>e@@x*O|{KHa*AdbE{jQuu( zZhx=Ie)NLG^&_{@vH6Qf zjMhqjxwd?on`sS?$LmCf=y)W-`t!2r^?rfB%N*Z-tUs7q=_}8R$Bt)-**Mwj#@bY2 z%qx%cP-y^Hhrewn5knOA@lY7HxR@ioE$c~gPc1`h7Fbs|?~DQf-lOT8kZzr+stw-A z0lRGT=o0d$J%Qs+eU+pLFMg!WZ+f~(6xT_ZB<%6Mpg8+e?%CJUJbi%_@B29<%kc|t zaf~?avJJ$qVNQD>R;!G1+u4<(Rfh_D+x$nXb;@#`9@h6eV7mwv^K~Zi)EI=O8%rw% z3`$|L-kGmt8SwaUYd#l^QJBd{LOEX6=k+6gO`8g~k@#wGiBEm*2)mtgAA1ROHgXVL z&ssw>YjzGVQBA@wZ#(^tarKn!3{4@1ucjad;WdMIQ54otT|#8pJZnw%t7pC*Sc3K| z%IRHtiIg(#V?S$v|o`w+^c zd&ZNie~{#4(|urkuor$A-GZHcdmg_@q@DHUwQdA798Jp?p>`95iT!efS>~_J1}bGE)Z6W$wnu`fs#G?Afp6URm7&yi zXTIf%8&!uXo?sCZANiOM-R+IG%Paa0J0R36op~l_P>?h8`m_S{SHDNXNNV?n=HNR1 zZk0!qecV2Lqxteb{dzF8-)*BNNedFwsNd_48~2Ofo|5bEv#$|Lm!GiRta?VT%i&~K zS0;1>Z_g4Fd%hw1HM#ZXkB+fdJm>=l^&=j$@L7s)IFP-#MMfN!05hmOX{tF`RWuCF z*FNR<2NUGmpMB*tB5P*`P!hf0t~b>;bc6-#&x1wFuerVj7#4a+GNrk99$wBZ0Gii! z+aaPKe7HlsHk9U`iP7HTecrTT;v2(iX z!|?Br_I2<3o0wiJrD$xhhwEqQleIoLSm~gj$A=8vdNR(KR{FDcdE_vHoXJs!=0?f`&VBL@bqTEtkqIB?LIV85N<}5fF)y4(LGTAo0<6ISV+F>5Y z&ic8wM%#Bfa-_`7@3QqajizzV%X0NkXwkq(qd^AEX}T6=m}sGVc7G;hi=?i^>mCgY z-Qc?@&+Z6ZnwK)aK`{;Y=Z`rS2E7W z#D?)joAJSu;Q!!qZ+@U^+!7~io?u+$|H{`Gt>|&02x@%*$a-LYtl3~Q1Sw(Je*SXg z`Jk}vX$e|yynfrP-;Ea|I15!_si!3R8kw{O(|rt|@N8ZTNb$|EPl=CwwF9)t!AG}7 zgdhSH?sF7sIYQ+)htwe-TFmk($SptG57Sq@&w_YiI0zg!rqY_KV-kXs(X#sg0rpQ% zqGEK5{;+F9SKl(^>j^BxV;HaAw_K+oF^(L z*$U2a+3^ZI`}o+GiX=N6uF6@FjWhOVp2c3COI&+5q>C4j@AKayq@=_ozN=x^Amh82 zMYX>#ivvvlu_%{dA33E0&nThJ(8Sp$?7-iOQR`ghioR| ze!krI`FWn(YJdAzIGX+)$K8A=e7%G&&G`&ex>VBMwVv@9%V{r+$1H6Vl5J~ZZ>T1& z(S0jI!{b)-GVWKLf=6q>#@t7N7N25P`d}O-`4EbnF{)r<#H4?PZ^&sApob(6+LN>3 z+160WzW2ZBoE&ndl!jA_a_xbn{rY+W{orLkzK?Oe@QanjZD7tnG$n~=59lw$7M&Wc z+wb#bPxk1NeAzWx%5m+<3vsROkZz@I_vg;c&5geMTF3dtf=`(-0HaKg-jZc#uB{QTg|gJ_7T% z`r8FOh(~dnk7RqK7P7gn7UO^^R@r5G9+wb(0t{oS4EP&XLBwNFEw|)z{y^J$$@vp? zVlzoUt-qBE08SruFGi==3Rv-eJ}yDo#mcX?YewK8$*EBP_>3dbdrxGvmGJSHn&uiO zAhKXM;S&7dd5dN(>u1NRpgK6l*H0AU(ceq(neW_UoC8SGp~8aR0*`{^vqVu-7e)*0 zC_1#s4%tBgM*`FT);u42TdoysP5%n=-W^~t)amjQR&DzmBjQn9Cj3e&X<7sk5oVWH zA97}R$AwAUizfsr$eH!U^aAo&ZK@=hms^gUT`^x~NBDnzkUhsyPSE5&U%~<5i#fRP zOYZa>T@(&f4YxEV_(%P|W-#lD*;76t7DXlEeoTk{>COSP0{i){`<^G8-evc_hYN=^ zK%jUA4*8}|%;ESm6S^rY4suk%+_rO-tjD(jp43fIWsoYNSeXt$Ty(#| zUSWboYs@MBcOuL4M{oe|XJGoqsX}}q3FF2^$Mr=Kw@&R|@Lj}3J{tF`BTpI)$NiD&Iia1?zz z&*wO&r){`$XH@x~9T3{&(6^l)G%$+J=(i@jJSH3T9#@xo39!H`j1isDMdv@S_4+mW zlNA=u>7d`-FC@=U!I#fQq;=y73+!~CqxqgVqJ@$;kAEG2p$GHf_~sQe%G)>`o`L^Q zspFugN)keHPo3g;F7nISpMMt#QO!x;!=3EWk<10PYp{AKdtYF#JRKJO;ZNBI$2|(Z zvZwH)T^4{@hwph`3-EU%T*i-h*NPd{KHJfoLMB{52M3H={cM{3_lhuF#BR@jk-Wao zge>;PF~7XI;B?+zLv(-j5142?J@00KJWZarbP#}G^)F>#j>VZ$fuHvs=Xuy`m_!ZK z&JS4`yJ|atE2R06>&G8K*sNLf3*%5OAfUEnCYNbJ(w$X4k*BzLT`7p}utsT_?E~iR zB!%Yw#vh~CduPv#g`6!B-Y7{w5*_!ZiC%%-;6PaT)9CY@Q`r1@cYzytlwlMZTN?FB ze;%fABe?aZWLLlElc&Iv_2r8;cMkT;E*vCuxqDhsqI)?ibB~n0RWn3N+V|!bw>tqJ zoznEgSI1R82Y&_Qu=osoZ8oSD{d;gGhGCBS$#))5nq^AXd@uJFOnsceA1h>y_PIUy z&Jz{;uNtZfwBo1>i=ezte|h2>A1Rg9DzppK-|F{ ziOhttz}u_b%I_R;wrkzs-$#Bxv+%b(Y(1<7ZsqK8dL^sBl#MMOuN~?J=zd;P19-iU zWqrTLMz-PEjAmCPT%vhn^ zhfUyN60uzG@%x>XdpP*0n#rdpBe~2+DZ%*ZuHLia?BDb%4)48*%h_kfkHB!aK1y#f zEHXl;?LK9b$-k=CBFc82ku2+)QX3JC-aeA^=b|L$ud2@Dm3h7!5`Cq_(+^&b`(gCY zLW)!I$2WR@KI`V=w7!NhK`GBbejKis%)nZ+YM2p}eFviuj0^}x`&rN-16;DNee>{x zZc~TmO(NOU#~8AH{kq8Z zzLKTJ_PK=1&)Yud0>ENR?W4}V++S=}?g2;x1LY#p&pHOZ_$7^7Rw1=@uco~71`06L zU&B)Q{RgfV;+;4RdOp(RkkGrsxxE8c)uNuG52 z$w_*@Od}ED|5sHcXgcsM9m)IoxQ0P#1QAhP+Ei=~tiLW+daCx@63-5X*=y|IeVyx{@y=;Ybg)5`xy4!@m+aGHYvuagn+!=1#xJN z5b#O%J}F#FbQsrGvCaKezOvW`aZR*g27#CRlQ;&J#~|+*!$H&Md0S- zg!y|OSLgA-y(K=CNwx|)oXt*gVxSSZ?<)fbC3Lf`Sj{Elsx?7>#B^NT@stuhGK3E%5!M3fqMn z^j)Z+Ked8j0_)QLVEqi25Buwd7bJ+>^MGC`SPSE2?cp-jk5}S@b(xeo3Qt(KV<*M9 zRDx!>mHQ3@Fx>Z{^jotU9zP2?ND%@yP@@?{$79amF2zN4jvjRgki<{x7b<=e?ujm3 zs$Te(swHSP5+F;vv5@%1NPf=7r6s>L{r#gL&?-f0CkQ|&lbx>#USQxK`-sNoeG4xy zLK=dff5XMxFPemRErOA^mer;sy@*e@qR|LPUZF~&z8|IDPdc`l!w+=6C9z#t(^t19 zxr>U%kgP-9PChSRiVGW3Q}A&-d}7K2`NUW^(I)*>U|ycYANLlz9DifvJNn*_UB>=V zSh|QQ>8eHiMC24K&JX6Hvh0!Qxq}-(1mICI+@c&xTViC$iOfo-`E%{J!7%Js(oy+xUbq*t3mig7= zgr^>@CCeXUIxj%mE$AQg;m`UBTU>c{T&xb4(*+;iv%SB55R!c(eZTcvjC8SXR)3fM zpt4hN-X5Y#Pwje)G=f!cwxJzR?6Kht?i^mJVuHV)Jt1bJnS|SinZJit;P45^n0*=P+&bGgld{QaysV)o3Rgre%wE#1;sFHC_rTV@QS7cDy%!zA_F z`zipTxJk`k;xE6eoJA2kJi_>-qw?02>#&dAu1aS}7%HmV8^X7rE4UVXC2=C1)am<3 zML$3d17YUQnEDZ7mKXVL%@?4IYTA&LQ6=uL{J`<@Gn60y+U|2nIo{jiJ$yZdWB@2U zS_F>s6o^c<@r@%tneQD1h)F+D+I)W!reC}8%{aqFUCLEyw$Or&GV+tv*mEuMq@zD@ z)Mk%r!#9kyC;J!RNN8=yRgKGGT@2YpOj*yim z*KYS_#T=?=wS3OZh0NN^;KURV4GsHh`cp{x#J9SA3G>VTUfkwZ>56ra_wHVHY4#xd znH*{W>DqWeSFE0LoDoxGx{=9#2NoPK*V_HkW11lHpwG}(-oe7Hs+Lkfj3K zfQsb8qrA#Qmv-dGv=0hd1gy{XGV3;?Z~pTv=AQ@y@dXcke@y&%7rrR(!8CSMzYBgF z@OOPgAB`685jAtn*6ze23EWhgx6kwk8ZPXUH|e1$-yKrp04o@n?m_kbiTKVOojmJhqKj0TNEKn6BgtM;PtY%URwp z%Sbc_IPGJWACdjbLkC1wU-Yz#pvAp$|Mb`*Z!m?d{e#XOdLOw`%^mO}3bbb*G(BOV z!0tNL4n{mV>O9Z~GsYBj{OsYHA&C~uX%4q2B&1ejx^^zM(+To?pYP00J@B2|6#%Yo z516{+57cLp6n2NeO2lB+(wi3oF?^qmXZW(VI<%fUx}*~ZIk7$=~ z1~ZI8e&fsHq1wjl_ah&ad&IzhoMAd0lYI>U<)+=gUK2B&=KH)q9#+{ViR)|+y#>n! zNgFnx@X@*{*OGJ3S^YgPfo&L;rZisyBM7+_m)U%qIrDW-fXc+fh4npA>$`-9If)Am zBqw#6B#ES0?Q^k59jTyw78GobQnL|)l1V$>Mb1-TY1V!?PQ6V>nNMP<^Alr&cy6C@ zgY8u|a83Me67HzWzB7HD_%V7N&mUvEqprA5i59%VF`kv*rQlWaOaHL03MX?mJ^T7f z4Kb-%MW|o1XckVvj!69;H|VK<`<5Z?6My>>9yDZH{n!J2LL~C0DP;ZG5Q&%?Rd{Z-q25^aeRy)yvp)7Z2jMDwvNm3250cjrv`F<{FOWP;LAeR1@*y~s83nO zyY3~+{YW3&PxQ&z6f)e~*9Gf*pQFC{F?^2b_#XH5X1`*=(z`Cc?sM8z%?$R@8T0%L zm6U-`M2ZCP`{mKLPA5I7PHP^h0nct4>r9K>1BjqHv>)N9&E0M({eLBbjW(3|ViuJeKbor6{N>_I<@lsmNtH5T;?2NFWk7wwW(Sl*)PT8OefZ>2)0vvljWXA8Kg0) zpB9)r;zf@4;&6DC9LxLD(JWvrtN!*--ds3i5VS8^@ed5hO-sxc0XpnJs`$>@-0Wu5G+w7Ek1jPP{$6oG@WkB1uHvUP1D+=bf zNmt{&C-*Dj)P6SS!)C?ET^>$9+Bk3~49r2%Aoq7h@XcSEI+Dq+uxOax_Rk4TRQSK$ zSL1EOe>De0FVDgL5kK6K`3pUt+LsYhXbqegDGl?+8NWb2eXHVjv=n+^nf)*EkDo2n z5N9-Z-1k5ZwCXMI-R-CH`*5KQr3dcGDO~b4B}2Y9UXuA;n&Rf0iaOQ;=WPT$pWce81U^UPq?dm$|9-Gu>vVP zXp10cl0K#9=rFE@51L34d%7QpdViZEm!ABAi760FkXD$k_mP8tPWXUjeUHb1A3xO% z%vT~zAEUYsIruFA^Yf%2@>C5E4t_t$SX}Pqeo@X8XS@5>mcwkT_%uEsk!4TK{CE1l&%ZX)>5E`WN;nah&?&c?r%I_ z;~%{r)9-&FPf3n_lem0EvP7#;0Amh%2!} zwzSgk_;MQ!G=OolNtPL1<>&9q#0iUzzu#MqLrhF%l^syVxwm7v&=b=c@SA26cGrGN z#X%h5%jfs+?6SX6Iv9C@YlYjJD7^`9l%Lbj=I)QkBXiI)fYqdV;4Bw!3R7r$V&L0(GciKleNze>{N8zPauHMI}~}X1-DhmAeBqI#l!eaE=|oxd0}xk z{ci4=l5E;XDfll1k4ZcW`ROwm`>GoHl4R_w_TX{C;;gU)K@3*comnYl&OOzfkq>%~`NG_dn zA|^RvzqB^ZlgwEs#b-?-MT;{C#8^Fo)NPq0y{7GxgiSDT#9}eyV}oE$q>I=3fQ@%A zK=&>>c5f`0em&qi58SBYm=vXvMd7WKhr>OodWE&3m!G0nWApG4a{636%OQ+pUXs)i z&FR72Hp3*CP>JsQ&~gNWRLuw`sfKfR<^1Lg32>#t8#u?`d#$7$BQBo&_yv;x9&AA~ z2LvkP;=I1ER|emk`4%r5ld6%+-FQoj4Ji0PN*b9)F3_+Mj)01?1 zKX-^9AJV6k0Z!vH{OrCKcl>?pzIsbn6?RcswtQs!67d9Ktg?2~f^%yCnZOYOI_6$9 z55mREBr^iX7p;qA-@W3r9)8|}z(e`Dr@9#tCTW`~Bs?N3~?%}$|2?m*uc9sDnV;8(}zVRNO5R&640Fhf_UQkuL13@96L=t z=!a)Q>d(+jI9hUT$bp~uc;CiZb=w?4`IH6YugJrNrDY8Zd;hc(L!6TM4I3=`} zmR^@h>1%)4TH_ss@fi@ts!^YsbudoVtZnNZe+<@<@A=$a^ralj1A)fYeM0)cOX{08 zUjELJI8wpPEe=E=|I$710T=DkyyKVT&KA}_q%ai4N~8OpXBtr2za&O>QonzVsb`u{(){)n#AGM5oR@b$g!MuzOvCMiAvf^RX&P~%Fa_TD{U$OF z-SM@VEc`<-A~Qex$RR&kLvv)eFN?g!tBjW{0}XkCKkAiTCvvjj*XlwP&xK=t zY+yT#g8?uDUnqPd^{bry>{^>cHGi-#8T0k8XDeI!(a24fQiqw61|t&XAqNoJyNyIj zozTHX!QJ>lsHQXeJy%SxeqY2a>J`>YsDk*rd2+0M8mF&y5CY)^NKOGC8`{ApN_4I*T=nKt zm=(S>-=uSI!N`U90_zStgoL_2U*!Ipx_Vgc2US1qu7|knEgDgGLfWk1O!#Wv`|D4d z9%q8wSj+-Suir$UTPqamAcZ6>?63NS4PWQW5)yCJVelO1%cW?>v2M<7Q%Rc5oFmSs zA+f6`?1~Ag^njf5XE@det1YmJ-EQAQQunr`oF)DgxOXl&)tTetuhQaCSU2RIaa?ms z21<7J2uQdz%lCa9ClCYBiu1(8RFh%;oAyf=Ot;)deJ33_WH0r_;JjCU1ZW`5(UV@M z4PWhRcRaB}#NxV0-aWlOocE2jfoeC8p&w2coHD8%p|T8lRHr5q9^r+q*uxzFAtB?B z$@{ijb}$XQgo<;$j#wyuzaLq|czi5|r+@=wk3OqIAfNDZ%i%%_!1C_F!p3~Lo_#(z zmhtz%`+)@zpiPR#7j9VV{l&3N3F`Hh=GvNTTLN!0=M`u$Z>w+06^|zi9VPzZyS}7; z{EjN@3mo>{=YG4^cZougKghib9}C>fS|l#x8=T+E?x<>9@GU~{B^CxOOZHj3NCvMP z3Exu{bL*NYTeDC2FQjWs*L7oY*rTq9{9be+@Lw7J6cyvr1E;6(Q#9cww<*sO*84T; z7(PVR{4D)=J%ouZb)BsplFGQ8o%syL9f>o4_a&(3m5|{3ptI0qa1-8x8N<;Q2D>Ta7p8$H;b$gT_+piufXL^t8 z`RV>{hu4UvJ1eaAi1JO|^R}ZGWfxhAVkwnM_(@&qFV&Ve4s(4EGzWop&@}P=H?*Id zIfx!EJCdBd9>4|O=-YET!0^uV%n52O3@mh_5XMGGhc5f{Cql9!R3|A3)l4MxOwe9z zDz$rW`iM`5-FTcwk|#XH`Y3uYd(e%o6cx zo*w~iY}^@@)%Z}1=`_YvuUB{MEIvl@(!fd6a5MbQ4!yr^bVD?E-NUUZ#+V`s{*e|Z zW@JKjg|1g?-@g2nWdzd-g))#a#iCzGjdjS-)PbF=D7c>U(f2c&yjB#C#J*P8??zPd zsM5W~r!iIRKa#F%OHpl${*oktM~NaqGRm7MC`p3kukT6q9d%Dv84zKI6=ranX?n?k zl(o01@AZ2lckA$2yyHHtb(kPmYAIfhr+uy3^&HXq>}RfuFFmd%Iu)<))E!Q=@p9tj zYrf|XBTfg=0oCA3nRaZA?^Z4k25f!HV4p)D;`#G<-M*uieaTLTNN_`OUC6fx!MWSU z0D2psU$B3=J*b4ed5~sK^0k`C%j+Nk-qWWWDL=Gk<@%NnY5fe((uOauF-OAQIF%J8~SEi>|a^^m_b6DN^L_w@@E@si{wd$1_EpQpCXF~mv`PM1gq5JY?X!g_9$9aUKkTL8J9SV_ zD4&yhL82tUDII+>uxUU+3BPcfUO+=>NbF&q<_Tt#8v_an+!n zemVuM{YUHdC8>Fa)GWXn-4qgjOgD)-e6&?RqMVz%MS&d$REhIP0Tw9)sE|A##0rHP z>!kZ|i2NOI;e)JUh1e~MbroAMODr^>_?!GRuKNa$AMl+!Nq!jR_alpN09bnE51FA; z_Vz=qJPyM{F#8o30y-~L-RJS{LFqoZ>}z)p6TTFn51mA|2evbz@Mz22u|N5K_)fD_ z+1Of2+m&>^5=HNg`o8y-@;l$TM_%m9@qS5~oudzW3{6O+QpdP|xn=M;)!85x(UvA+2}|kew2=GrIgYjCxR5Ht$R<)$TtG1b-8woJ>yjw{SnrHxj_J!BmcN%(h z=hk5ewm66OBozM5az8#T56!`AshRgbsd4g8TgP9LF1RMkwU<{*#(yE6rJ zm7we|9im{&NZU1q40?7vg|omP(R=uvh*A%n!GXe3`aR$8Ei5tK=7HRY(|V%Hl8FS7 z+N2CaY|I@O+}rH{yPt1$XT#~E@a0Q*F!?F#3ZNyW08xmtMd}awm=y3rEo@J%4B*(& z?wgxm!!C4Lp=Ned}$JdXQ7+*7X4X-xfNn>W9tR21Yo6I&VnIHs@1d%#?7JmO%3Ur=?^>(>EeCOZm4O)usF4bX6#xqR zrR=j}GTGl*Io`Uui%*&p+aP^cP6x9CH1NsDD|j6!g=t&x+Sg-Sjja)mTm9ZsdK{{x z6A&}Mu+`4A0h87~GZ6dWb5#pN$sQHs{ZRL6nLyi)R4P9CgWC_D-Nr+dI^@hvDynA(o%TzF*gEhczgNn`$+L zl2|b->zhi7VtL*clg|dOb=u>5ksm}qzkvf`8hI@mmMF-DeOzb`q8E7o4-jg!%J|#n ze=Yu_W3yTaJ_(NV$CvwQ>yyFxl*)=sqMbSr5mW(h6Pyr)rg2=x_#u7!r9OsaN)(G| zlcEtGz1Exqq;Eo(WC`e_=2X-XnH`bwJm5D(Fe%(QbC^DPDLHBnXp#=eHQIhLH(e%} zj>h)zT?pzv64;u7U8GBb?Heq4xK{h+>TW+3agG3HCYwO|B+`s;Yuj!USMyQNoc!}N z^kO=HYS|BQ=~{=GfJZ z3lo%DnJ?w-cil%|YjprnY!^HJaJ}()9k>m!u|Fx^m>`MRT_#tl)&#}6{%FX1DCQ1K zCjRah!h%CNM<3sNssO;X(-N)ZY*!B}if~Vj^J>N8EI8EQ2$UXLSf z*q1$;eE9|Q$^`7gjC%M;d(*@7rjdye?OdlsgFYQLS@M?QQ<}WsiCwJgw9DGoJDLAuk;v{cQ&7#>9huRRIq(+Y^u!xcYDmGf?Em;;0b9)IaEH zHKuGyY!h7czP1H^o*f9lfA#T`L#HkJuesXJVZ;P`>Ms=5 zuft+LM2uGW{zq4q<%UemKj$lrw%d_>f~XFf$m~JOqExBs`v3{77Se;wSdW-$uKJ!w z%CT9?$5ra~73w67Z)k^8vEcr!_%%Km^4s*qkfMJ_+ZGWqscn9e-;o1i^F{>z??(VO zCcYpk1ttSuw9PPA2}M;i)PR}cex3ID16xhN^nXa=lsbHq=hx_S9P(+!qG*WliT+d^ zB2;Ddr*!3r$I8IV0&>(Cq>6;lMhL$729ACXtlS=+YL0!YnVB>aSJ;(B{nIwCr!8PYW zBnrthc+U*?_(K71LZzE-y*>wToU-$mYTN56$ZG_1dkxH;ceS5fG1zu6nrwBN^r zbMxcebKh}4#=BZs&NwRhDe!E#xW62n+fQP`L$`0+dqF^v&s7R3e+U_@=-t2Id)rRq zyLt3y*m*wrO-iW4E=#-5&7BKWAO%x4W-Y3hc7O2FJ_Glm!q?>?m*gTT@9)|&E?SBR z`J8USn_Inl@LuE3vpJ|A-Z$^G&(VzoYeN(hMc!Imc%hDuK~GM1w5t0{+1cFWfyEi( zna2ta&*8OSQ?413yw8`rwCwk!=C7d#37U`af~OQY$%>BEMDS%&Z8S6x(>+U(yy$NB z*fjS&QMrGUlW}F>SgPj|tWaHbQ}=y`^obt|R9M2{ny^1t;VmTCQkxR>c+jpT<$jLb$@l+8Ip$zw9r=n{r%urN6+6TRTuFZCB&ACt~k8=wAz#O$GY& z#PrRDh%QIzc0QFs=e&qpC0nVj0L)))C~etx_hKI`WpQ^`Sv~J|@a)7xUMf5(YaIbx zsM?D$aa|k`9S$nxj7h~`2ms47{#=JKk>4mi*0!B~cjTr3MO!>UphIzGXd-=;=>-E( zxV?@RkvzkFGk)=`WQ!@ht$6FZr!w4#&_(I#zd|Q|Lt$1(?-Vu64;S2&4$j;i=qhLM zQ?bzP=nUvxE5zS>N_?Df8*d(E?424zA#TPJ>?6!sjC~3eLU^#@r-I`0XJGv3Z_20> zuzfEAfOC$nrz^(^0l`0m-R407-)N~E9%Zg)BcV5gqu#@aMqc!gE4I-QfZE{-2^LQRlrnmoSQV9GBY`|;M-OGks+PzhQ`Z&k+4~tZ$bh!&{wpV z1UVmto3c67@{{)7VB*bi>Ul3*v&)-cGv)d5DJg%eT)qaTvnO4@`CXD#OwncO-7jW< zX-kg$Wb z-?@rKU+F(YB~4AiFS#XMjW95>I^l#)Ld2Xr%`wh9@=A(PC zt2&J3+CA~!S65bx_|T(#AK6#gXeSLFxhsbkell6-Dv91hqv37c@eq+}-hK}}LG&|y zi;q2Ls?&aY*Ww1PjCkJ<4k2|OsW2vQ7rs`Up72>gbwtWLH@;we51A&&>X5&;MG}j@ zVl#J3zEC;%;dRnYX_45+8}wY=mXlHA^j4l}Z;jY)WcJZySdosh z&LHJ+{rYv{5vc~;6sp;!KB1s_l~J#QodK*zARvPS{nwxC$AjyjtsPAy3>kD7(;VbBr5nJXjtG*4Q;yUy+3^VrfIoebABLQJ!t*LZCy^_=iu=#TAx!{{RV zA+3krx9oKlql#e%FVGx%ZGZhq&d91N0?LH`%?D3nt%qy#()$_?_xvF=``V+Vp0vQeM8z!iiXE7P!p6*h|YF9W|e^v>XUw}X( zLn#8f8OK6cS)ndFh3g|1=D6^=y^GNr5wC{4MsZnf=`?kb&qVvMJwW%+f4|S+_vpDa zHcgOxz>fV=)N?9s5wol~`aFI2x#W#N-WJE?-sX?nL5^Od)tKMg<9MJ-;`ou~6}TK} zuOr^?A<3xqwTGIc!HCz>VnJ2SzQ}XFABgokryH>OgNwr6pb>O>`5LTY@BkQe5A-c` zb&KW1X?8lWK<-mcgA9gw4M4-3P>a6Z89SwpNF9|sS$TID!i75ih@rMrQNIf`aKKb( zp1{%>_ak^;T{6-`3)mWJwjo%tZGVE`j+*_ky+VNih3k8P1dCmc@nuIUgS2H9ynwuESpavlqjAJ#RH_5rpKLh6 zhVJzEEcE59%8J>i)blIBQnIQZ-M4GrD%gYA&4slwR{I*@bLT(!V#=E)#pG>Nxpa(#LQn9T6i;4|KY1vLJOsYX=5b+!w4Enr*V%u=%ssc*)D4P7j2c*XO z>Nvl>s}J=)yyhTqqYPP+khwR~6-+1(IZ?I@t z?bjKF6Ofy58u&3Skz8JKncuPqiCXTe+FX3}T}DGOp-mkPi3NMoQ!aDP_v#0)lEt^- z*6*qUk@?xL36KAuei}Osz+-x>-XRPVp8o5qJ2l9ZFkViGM!nd8?A8NRR@RKQBp*gU z!9}!xZ2Mz3F1w2qAx>`2bf02wf{U)Y$cbatR9pQN*t%=_-0Nwm`zDo6XdXK9NmEQe zo8O21B&N?rLWCm_FEo1{SCj>%G7axEcLbb30ue0#R$?rE4U)&)Y$dPDkkXFmP*5$RvAJkjbM< zWM0Hl&|m-q8{mJ)fX(X|-IwFrmqae2O6 zUNPo_$aW|HJP&d@@wik3%(3ZE~-(FXAK#%Eu zU+tl8>WwI8GTTf3i}f>7F5*p5{BcSdgYp>t0hsZAGR`xs>G;0oQZ)~VGK7=0UWf3l zT+iR2S5%5uCNAFt?YgJ7w_KY5{MK8dZD3O;9w^!#z5ipsd)H(SW7PaLjvBxV)F zYVK_WFyZ8y*iqW);rBS9?6Ez&}j5#Xn;G>FjV+ zsUu=kg$ctdjDqS70qH6i zPoJWrZPc6NuIc7l(S7!nwUwFX6jn87sb*z?>@v9MR~H)~TRg z&w~l2#QsO&&7AxplH4~jRl(b?`{oE?K12ZuwC~)jpji+Z9ivs-2!x|xhN{MPc_^HD zIKl&iFkvfvyy&tHLwLOB{xNwveNwG%j2xZJshUlu*nPGh0W*jCvrkb+e^HCN+!%Ov z;`WLQlCaLQ{ghs|ZE9IE*ZR-=DRrpK_)xe%>lcW&J#J%skNi(4 z?+fg8^q`7{U&`_IW(jMR>TsMdanZio0GvHx(1p(){?gLE`wj00#JK!pb2%NQw_$M* zPl(JOAvsFe=ND*^Kj+7P=t$gY27>;mS&5JOKjY#UQi0ov^jj#fG5OfUe$gb(T>mT% z0)(k*!wv$R*b2IGNn?(I*WJpvbsy)ATo(S^!qCV@gt+S2g&5@`diLi_nb5#8b7+jh zcqU}N_5#}-k-_DIB#$dj=3$!KOaB)PL}SbgoI^EFPJt5z>yq;1pSs(VKfrW&(Zh(6 z9*>i&+D3ODphem=&3=1lV>_h!-;Q9>SKsWfbp`Yyomumir_plo#(gSZo8LtrPP=aC zq1v>YO}}e_C67vZ(5`Avob2$#7+?W=U%B#SuJRijI^L>qDblb0hE$%0DHjVx%9IiQ zcSBiQ3vTQN^ogQ-J*0ebGSV3hXa*sE``RbLP-cn(M-K4=ZWBg~utyQ-B1|%;QM9N= z@ZxGoN3Hl<^kSZG2l|`L!Tg~3ANI^4PABlv;jFn`pL*0b>@-K_=^<&vdvn(mer{Iq zG;P>-m~($^w5G%1RThfJh&(L4Rp{5DXB&eQ4>Q)5CGM4%_jvmS$OunTwyMV?vX6Hf zTJ(&o1G3Isqs_a^@3Xuoivy!LAuN6C$*ppb81=s+Q*{;?2j4r!%w!=Qb= zm^HfWaWBDr=HDxqzKXteCY#hd*I^QZC@@-%Lv0ZV|<-x#wBH^sfux`ePjp**nj3<7ESvF(Jl8@#`cHlsv~x%>TKtz}++(_2F(E zsa|^Dg0P+eb~-S_^~X5}=uUhl2tQ!G(Ph6_INMkWevtqf8v%8*edJgc01aNx>Id4` z*Y*~HhOI&5fAxsqy-J6xS^_Sjl>=zXD^(p&6;y3<=v;^*nv&05^j{J5aS2HEPN4YY ztFFpVtaF|RrE_(J)cke79Ss9*`7OO3GAL^f3|1Ae?9u1NW{g20Y_|e8N=Yh0*Y?ERgbX%`4mEMa7U<~2E z#r?-Ux|6V%Q;c&E1%ws$ABFb>WCZ|cf+=cu0$(XKw8;E^iEx(JvC}>Urb_Xa7}Z z!+wKoMT6BY8#5>WEPilGzwZ&~nI{wuUmYLNt=hZD;T;PBh-u|t-uc*s{axq+Ec^f?ZASzS6{$eSkF2$4b7{`w7ut&(^bkA9*kuz1$8E z{rN!j_An*HW5360bx>ZvY|XYPi=n0xM%klRr7-D;ShrT0NGZc*q}l^9g)=S4OgH0j zIW*V(q>>xqcg7g_9X8*~z|$H{DH_!ft-O36Z4@U%twzJ$d%pmez5T#Fp(<~4q2snd zDJgNE%yXhi7~o0#?0IDc1WsWMpb`$z zN9I-yrl78$75e#Kul&92hRa=8qJ}kN_p&3mg@j&(#XC(^FI~a=wOf3h`ikFi34rZ* z4(GEErh5yQ#x%%sWpThl!m0Rad0J0G2|awP=R~{N-o*Q70zDW!Zk-o^?=#~}3G;P& zqanzs1^$H1*Pnm2_5$*@BbM%((h0~Q-M#JxfXJW}L9g;j*>oelITD)s?e0`47#EWx zwXVA+q+9R#uxRDq89RjlXl>{xw_cd&2IRUkx|sOX$)jNd{-ao-e9@)Dt5s7%QN(5I zNPn9}8NEJGp;hf_aH>Ex6gO=3;{Yvr3QNK>c$}BvA~jodf58^&lB{(Kf{k}k?ys0R zlVI@Oz03NQKYS=SUNEakPo1M0}-$Y)14`{UKy;f%Bd&g;Ik4?$6+D@bE*W*#`S z`D+vz)eLA`r|T5bPadzl>B8aO(UE)BxdVv@?$8^Rwuf;}mkW(uq)lI4zE^)nB{^jK zecR(~xH)?_n&?#U&Vrhn@5|v^XI$c*rE9`=kiQ)Z9g=;Ik%PxmZm~SWz;&9pgB2dp zU(vaIQXA$7LCZieL3V=HB!Hs)VzemsRio2A1^d%mFsh+T$L82ads1;S9g@!GrIP@z zjH9{~dbNQJ>LY*(z`o{^wmCZW(d7>De$q_R$2l;FOz6e8sQ=UII}B}($V(wsv4Ja@ z_Vz`gond+hjk5P8oc$uNcM`vV>jMWpE+XRYdGvL3^}lP~Us4wi?06~{D$j5S9*TvY zAgNvfWoThJD$e7v>bLv%`kkYepXQOprM2somCm`NEqeT+_EW1RYGu8*_cM_We8WL_ zEN72zRP%f=7xc7b&4;)7#L>$73g7+(5KZzc=kGBJ>^$WTiU(oQ-!r_wQQ$5P>$L;9 zRCP|#iEAI z`4e=@LiJTyrsqfUIS%i%gfMrxRhQZMh`|k`RypTwbtv+L-sVSJwv^}t`V-=x#oa$qtID$HfRe9qkSoDd463+XUFSgg`n7Q)IIbS*hjQrGJ7*Ua>H0kL-ecCr(?KY=@{dy6AW(HzU43l! zO^BX%Fui4tL>Bd?DHq2r3nyGD{`hs?{Phcf{4Zdf^-hVoZvIpjXyNU2zn3PtN+KZ{ z?0&!YxI3=C@2vO=#34;-01-^6R9L*Suov&{<9WS92e;Fubp`m0_kRpkaYg)`+2CwT zx9l%&GMsA3OaBXxB?Dn3?P=QFz`9VAGAxC{wf?o0oFBfZ$!*I^(PFfG1nJUXT>VJW z9vtNjmy2BqqqnlVd5WfU2&pY~l~KLDML@SP@V|U8>=(K4a}CE6q}{6(+5B{vp()!*cnNe)^oy$CAP;dfYsMhO6FiOsK{M2Ql+NnpPBn-vtc*zgcpTkCRw8nEN z-J;sPc*3ujJ4t)Yd*6p`UhWb<%jfki5z0HU<|dZAngL(7<4wqGJ;k7mh&_NvfT3A` zPb2)Tx}OXBHRQ(1;v{>hOo$1PE0w1&Y$XC+>K=4xYW*GoP{_g~F1qtV$ZvHd>(FOeT-?yEV+aQXWK8_SUTk(B0PDk`sg$sp@}d^d$E^4neKA7 z_Jsuvq}QAo&(IMbeX&9{E+gv=o)*H)x+wE$jL!Fx$ zAiCaC`|i|ag#6qGAw)mYk6LT)U3h%C+X~$6_1K9|{((~2l-ccxHLCl6_hmeso-Kx? zo)EWkFUjKrEUC*p2i_d--w+wVNr)5p1*hcz-P;81UqvmYADm~9M-wM9CF805@ejBW z?Q6XzeP2vdtC{u`{P5zX17lb^%}{lFelUYNCL;#9639p-kD3J!!t8s*jk+opAX(e5 zy*%cFyO_o44}S3ct6hjFeAnn^9%`cgeBz9aZ8~`!mTI_bE)_u?>U!aS4V=$Vk`b+q zVgsmH<71p;0*Eb%PL(cb-Q|7GvJa{`if%={80)Kn>kl=Hz1}7`>K85-=?#8Ib?m_e z2{4`GLDgT}OEK>=X-~IPp|gPQgaqK&Fa}TecjM=XQH$@se;}ME>~_a_3MXYxVp}*x zo(ojvm19QFQ5W+sx!c$H{;d7>?b=FYxtqU^uBMNfDT!ypUQYF4n@$AX!w<%qVK3e* zcu{BH?(|h&g6y_JA@O=cadV9wK_hN;32Uj|7M~Ib4JYbP7Loq=J*!=_;GG0wOmNh` z{^JZ;siMoPLIw#K1oic>$8(U+Uby>rU-my110F`*-mFitGL9u1_@cq33WSTMsd3_p z&@@?!w3Nrk0b)J-ibXrn#l?FYI1s?L^mK*UwP{a@jN%U-K0Te}_p__#p+YCGMaO-d zo!s|I>6OdRgG?^=cY`nVXtrZbY23r|{9RHBMRNg^_DMIrXnv*a*M&2UH^FWK@p*cx z?otY~gPD_wQfP-%FFMok3IEs{V7k* zp!Sa4`?Ik42MMS`nJc7vw%q2zCVM~I^ZQd4(3Qk-wU?`0;-_Ww=7GMAIbxRBuF>L@ zbkTVBL?Xpo(mOZCaOpxF!p(|^v+1$Mt}-MPpkgyBELEbDF+7e}XLA5C(Nc7Wh4HM> zk5jzYNKJ-%^|BhS89X2&($YAOYaMrN@-%**L!e^8(|%8fkhb5 ztJv3*J>&0!C{K5Il|q)0;f{#-=Hg&mmm}auo5iPYb^GI*Sb`#Rk9sjb1+nZ`k`d(i zyVril^%;ft^Ghv=Gi>=3&HME4SLJ>^ULxSKPLt(c5Wpx$DFlKe*8m(f_>i;-J!Bul zPX?`y9?m5f7MQ){HPM0MwMQ&7-1F`O??SALI0UE2u#{v z;+D#VtM@F@;k^eTN*KWuN_}}vTCcOoJuZga<{l67+ZTopuVr6Fr_f|_sPKI=$8xXy z?Y-?6x93y!1iT>hZBPAScwiXeQR{OQAY^xGd4loZ*P@zZj97wWz!t*OyIiesJmKU1 z2u)oTI-Pq!un*v+iOt60lNbCGkFMtcQ5M6T-cD9lEJr}xBthV>LC(JVQy;t^y>(6uzdBHCJW~8bsArQf?cZ4k zC&Pwe`|We$a2CvT4a7a8)}LhyM0{$lnkK#?OQP8DooO9QeIGIO7RM)L_nL7IA=v`U zZc(o5gDgSD_qz`|-S1H{12%5zDRC38?DyxvHFJ|Gdvey?4M$cB5t9{8 z;gKDfqN<@(8x?-hmPGhexV=- z|E-TOgMU^|mzYxB6SE%1*XvD^k0vC!D?j1&H?Exfa&aGj3UUqKH_r0H^n?b4cdwQO z4xg78tKtj=cpYWI6WRnEvr_%u)#EhL^UI}~g|@Yn;n)y84C^!8E?g;aICUF2wgNM`n#_vmSxnj@K-S`@> zXS@F03p#EFcbVT%3#n&frcL2Q2CXdff(`U zG+N#!@XsV(A`0YRB+{>}Vn5W^HivTn*(ofxhb$!|TBDp-THmAwhxthHrG?*1*DTcs zl`$Whv8vF)*Q5Lek0!T`51Unq3M zeMOOA!p~a_jb)UN;8gv#`8yxY-f{D=Vj#O{md~p7nr>QLPh91r_)z=KUpsSsvMEw= z?Oj@Zd{CeTJ{C8h#Cg`_4dPo_j9ISm96nB|4b6Oue5LQE#{oV+nv~B>Y?C+fzts#- zq-PP5Ua)uzA@NNYhqbJnr-nw*Zj62(fSic-Jo&osWuOp0=A0@rjT+r2e{_@Zr=K5T z5TCi-B|(`)^L*NmwN>L$X+gv(*wo#=720L*39!k0B-SR2&()>to`Z6<(T8rD>T>=8 zsNTgrY~oXmHlkYA_$wgc0AYL~lqPuBK!#G?J^`!fBV=qS*AmgR9o<2`V=CS!=sly{ zc**Il%&wqk@)Q8h{>#BZ3Fr_08ID_z&3M!oPwlhQi|_+AiEj4!r0s~V`tkt& z&Ho|J!gu)iKXVN}hhh3@kmh!$4;OBf1%p80mZR1*RYSEV5R|Uea}s_$v+Jrmeo`MRqM`-b28&dWbO^ zX0H=6_5fI`KRbw~dRessc=QVf8(xWNtT3mS`q0{+z1=#jJ6a0n%--4Yt)Fd@LmETR3JZxI z*9=bdp9fW7eRXl>35;^p{GEU-4#Zz|-G|Wpis%@qg!eJ$739t4U3PohFVuCm9^%Ss zYk%_GZ}2;BA+?4_=6Ana_t%(x01iphGY^C0AxKRj-ml*+1awh@Dvb;6rByKG!ws~f z^5~4`RoNq70%}#EIUx2j^0ph{c*pvvc3s(IejGAma(BTOA&6ZvG43xD`5YQHhhGh$=!_j$Bc_oKikC7iu>vwugeVjskdwIB>ZC@rdkWMEfk8_F# zIjqcqFqReLw|;-cow1~yPYQ7mUwmZLO(ZpVqYQa@91J9cp%ix{4>{>$!ibxZr_*~Q z`W5|C%uq#>4UfqAh^Z<*O@jb#tr))#as!9s%EFxMvjTN%%MJl$lqbv*7YRTO?ka9E zQ+x=ug@8BFKq7Vzp0hBiMPfY@T$d@2W-#ox#$SjPPszeuAL~6urKh=TdVXIa=|pMl zARX_oNS$0y;7XozlgD1#x!?&gbu8vysBOng9sl)fZYPD!p?{&jC zq0gOuxFUwoZa@071?>t;kOK3CV8O<2)g_fmREq6dJIM5}reOMHdj3^w`0;dqtiXYrW4C`DjfdD*cjS`-EGfwIvje^#(rm=Ng;bMh|NYr*J>QaZ+~BM;3n`|yk4!r38XqlS;I zW%?zd~}W|yFT1=nl{Z^3wS`k?SHRs%nKC#rPja3)gu3#jMI zW+u-uVjpq@knO3n>l`F06x-moWKvdJRB=kxFo(7FrBpV|=}&O4(tlUqc*P`DLQr>o z|6Bv-EMPF0F`)aUNvRE>75@2+(#8}a!GJ?fm3%*@OPx|;fktIEtnk_q;a|TSN5iaz ztmAUfc0G1QYMT&n5B!#9#?{8t&tCY58@6J(bwk=e+wxBDE<{dWxDc;X;4lShICi>S zeo?rohu-e4d3j?*;tw;FLT|}AkNZX1*N?|ukF*!)r5#uM`%Sw$bTRPUEf2Yj@RQ)J zFU1#F#^Zja55G2dh>rq=^K7h%7fvU>MA=Nw?Dw&H z`gA%x)e0>^9BD50eSb7OF_{fcdv2u#|K&E0pWPXv>pUWkAo`}-*M=$Gs;MEXe&VY^ z#~!GWSV&M@yJ02UiD?Sha`y*BILq$|AgnWTTp_Jn!|<}|b~zoK?G}h5Y9h0hsrW4gJ}0QPK3R??I@ur;M)oZph11Uk>K4$Xz923LJ;QqoIaab%#eJ{ zTa%_Z;_a9MF!qA8PxCWp29LW8!v$PV*xK1ohy@9|iOPBXjU#aJ5nWXt3g3(ocJl>Pze9qE|8j$WL@RT2$?6<)J|O|$FIDhf^5 z<|C_H^s8fG0O82~L_*!tvn*ZbCs{6yM7rgi+w#6?2e zAw1dR?GM@ugKzon?vY0fyIG%Hoj4L-HXH|u$K&&{%ExiE=itu6o~tLnl~>5UvED)w zz&5hI7U%QB;&`3Sj3N&&+v<|AN}x`*-AJ!lakcb*jeJfj6^`AWPEB`{&Q?2gO_IuxkYg5V7;<-ZXZ5S^j~+$wGDd z72ZEh{HL9kb42K$#F#?0NZfu-guOPQIc{;&uMjZ1N`%s}7Q2SOuiBe&q6Lfl1YR`$ z(;tTz4qlM`v2ShJEJx=$vtiS|!tgXAcos0^Y#-Hl<%7oS`A@yq4mFPSRpERcqEyA6 zL`yeiSY`c6rgwPQ|C;?)QU#G(KhjLn`B@t?6F;1Y+B&bcq5U;o-A^(2_wdkU`V36R zbJRPUEWng#vQH~s^8it5A_WigWs+doM%3#Fp0oZ#g;B7OKhgp8i6^Jh5SBg9o#_xF;vhT^sR_?j7e%>C!W;2-6pOW0&^37Y`qksGf7ryhOlG@<<8m?zoJq&bja> zkRm=_98p67^hsl0=&&nlV`;h%ojelG;+gao-r?_Dz?tPC_9OkxTAoamYm{_GGk#C(#Y(Jlw>A;3bLEv& zm#kh>a5DtQ4z&S`SBK6D!o5T+42zN|wFG7zgoywGhJo4h9vWTdo;8Yg6;5`;^u7Sa zlgE2L)7MA|jdgw>`S49>85UH9E^HFi2dz$62D#t9{eq-d24Vy2aP8O%!-j^fA16IK z7-v*Oj%XFYVcE(&elkWcIi6j-N4+?0U5KoAH3Z{EQ%oCz9@0Ah^=jParQn-GkMeK7 z`xP8@DRVBHA%>Q!-!Ddu((cm$5Y0XU43RK<1>O&Q6#hQJD%;|KNy~T-@Z~|p^!NQ5 z#?4XdjLU0g&yP7sw zZ{*+O4+NOgZUFf@(u3#O<`%C{o8u({LvL(VBv5bRH(uK!jzq8hk>1Y=3>3cM15v>J z4{T8>K_$0ccSyu~59dxRyLZ5d(jFcS6J*^sU#|0I5>F@4t10Dg+NKxU!x?dQ) z5~BHgD`U|5_pzV>c-YREKZ476A06^%y=WVYOY@7Ov(JgZGxDuZGMiwi%&A!I{)YC| zWv=}GA&U?C>8Y(HG}AN7^WbSYpJ` z!oN5t_&slaG>R{1`=-1yN_O)?*pZxu{245dJt-%Xl-lKb6)OYQbCsFx;}?TC*DE-V zNA5gKJn!Vv_)`yxU#2&*l9?9`6h7=ztSBk>nj4XyyFh2saU@DKu-?xaWa6Ov8prS5 zSeVQ`O0eBI-25CfMWJfQoa1J))gIn_3H|BV?P@&us(WnvlBsHgH_tvqREQ0QU4~;< z52+8HiMfEBtHVZYB@D&<3rPKKr=2G0Qhi9abhsxCbKY}VF$fqFSfuXlCh$Z|>JBup zUIG)6os=sHx1)*XHNG%8h&ktUui7P z88gySyIy7zCO_a0{{^d%+dZ~Ty>5_I%u_4p$w-jKEL;Y5+L z=p;u}>!Rg&V>D|)N_@IJ>XeNg?=9 zF*=JHe!$X#P2ip&X|d=O0&Hlu^K9L>roG(#{zQ&9C7~~N57nh=KFIeb8=kOPZo;#h z1Qf|Vrt3}F!*Mt@cUcanTYSi~xdFmHvLzh|%qb28qx_MdHbG$P6N1~E8(89K{0oS_ zbIk|<{UF|S(!u{+&m@GYPZY#xgp!;c=djK=_)y+xct1hDgU4S_m0cVC1p|yqqYtXM z#{nL_$ho2p_XO(IH-w5*a%NJvo(WcQ0tgu3nfu&Zt^ZR{E?Bepo*w7|BUd>gZBU0N zt25R4T_$MgsGmC#Nxp8ZpNB(smw2hxY(A|F`MA|g-#)%q>J!l9Z5O&ni6oDiW^pB* zpwI7mqAO7ujVAGXxLX3^xSlD4tll5@z8weFRUP}%tl<~#K^csW)x0<>!R7QLoxr$d zx|6ToGCASx=Gw^hVY=h%oB;*pGrRJ4Y1cAJo)EA57Crom&UGajmsLBf_d!4KdmtHs zMOU4B=VyGPvp)CVhw<7k+P6M*>OgA7Blw`tzOU5XZBDjIg_*=~MjR^qao83S^HtEl zJp8Hx!nQN6)-*Z^lhHCGo9kayT37~&Anf#umOW0w4`PF#=)~{jyUd^k-E;AwJ^9mG zLhkO>sgig<%8?<>@HVDF;(RMxX)wSW26!*iqpM`ZTjcL|WBREQS_55SZ7PJhNYIp7@1#3FDbhMpEZLB}^Q2AgH-T@nJ#^&*j9qg!~cS z#jrK0Wi` zk?a$n(74+BG#pXP(;%+`EOoy7baR=1JD}&T+`WlPvIi7P5q=5g@haPPFwo@m!R0y* zunx!SEF_CQ+Fs4b@SH?uM*e2nbJj8{TDUjzmS+$Ues^oXB2zKR@=vKh8cC@+c6hyu zZJi|YrMk!vzQ5T$;uZ6QV|2y4t}KeNGSKXZvoN1A**ZU60tbyIm+Lr+XE-L!@7LtO z+JQ-;Zat&>1#i;a!QP_$|HzEILvmKBds|MLZ#q8@HI*P94-O z{dG$wbLhvidxh58gR{hmZGjT<)L9K?SOqO-1+!0x>gkaF`Gbg${d;9YfAK))@V|kk zaiUi-@*!;CEes8y{<=!j?WUG=%Xy?cqg_%6e++p{tkv`^&8sO(&@cGp@?#k?+Vvo6 z5%k!=3~<_zwA`ZrcOlDYO~LfJYjk;Mc%Tf6?L)-cz|)g#1SHz!#cc#@5Cr>4JxR-n zWk5ft;V&uF*Ew%FK8KMpSS)?}a7U;j?wwtNtOP^F#FAJ;n5x#P=X{)QA-)p+NKiv6 zc7WX6@wI$JFP+zwrFD3C?uiiI|_cdwW za*In&E#Y3F+(?)PrtVfzOGavn(wLV|Q)K&TIuHRO|g zi@#hVARM%&<-;sB!XEjz2fN&G{wd1utb#E5EX-I}+a@Z!Z8ZGTM+x0V*QDc1j;J|> zkZHW;KrxfGW1dziOshKfR%FlFPjh_lg=bUJgZy`yuAjv^4SNA|$h|i_m#~(6Z!?jO z5aYbpHY_zv9F1@EK7FjrVYsNe2;esT4ai!hPDF96Bq#z5c2nZp$0~p;*cAJ{?nww? zKYK8HAlu=y{wg#<7mx(QK%P{d&)33ZTO#AK5ni{K!d-#$pzJZnt{bBa!u023On*Z6 zIJDqO-Rl({oYWs*#tXAb-4}}pcw;!pH!qw!%xI4q>@B=>d*^YN6g3WtCo3QU&NknB61a1|}KWOH+#hgQM%WHC$8r6o)JK z6_V)BhEi=SRJPSRhfB3~MXJtFQto&yQ;q+$OG3Q*t6(S6u{Mh#kQ&J)@zortamB_V z4*Ky z@OZ-SgMPdHw)K>S-*~-08B8N1s1y_ILt{F3bM<>}r9MTn`M8OLz<^$D^8iB{c>_cY3pKw_1X?A8a;1G?o+gO%9enp zg60=#Fi?Cjrcom?05pL9`BA9~JM`a(jio%JG3oSdre2WDNMZ04{4uC`hzI+9C{+dx z=1D2~k)+u69!rjBFYU3L&cpUH@bPNU`BMZW@EYZhD3Z9N*d3gD@NU5bBj77~eXYW} z->kP_t_hmN(KGybA+*0DJ}IGt#vzH2ewnP#BZY-q$F=a(+q|gWx%(8Q)wHK?9G1%A zz0YWCFw1rvCZCv`euHZ-`G!-^|n~-+13Ui8z{d23NAK%>rQY1QneQJ-? z7c%Owz+djubk*CI`&{niT7!Qz>C!Lfi}*FyFF&sH6$)!k8R(YscwtYN7z#h zaDnch-F=uFVnLCoTV%MvP*(N=gGqf}Ps8K;8gjjH#7W*;FWDdKP*m_!ys|vflOskA zk=EZ5?s%XU8of$)NA!{a2J&j)IlWJLpts5AF{mciS>RHixpqlAseMZeW(fuG`Dv^sfIitAr-KK|uiUw@-ap#RdNi}Sl zci(+&_cY9~hmpH?m6q{qpD;G}Ya<^3=f>nJJ*l0PDZCEJ>qa%7_w={K?{8jcjnPd( zyKS!jqAz^;t)AH#Hk}#7303XY67!zoD`_jay4OfL(JalrwgjSbBwz1osT1 zefru_>c55gJm|f%=G_TS3Ar&;{EdKq7yKy@n8QZcd>AXPI&n93g7`iz2PPiX^L3~p zo?F~4%dU@`>bZKc1jGJ=P4ClpBXk$2ANvRbiuC>n`LE=eqnzBsubDhW*Kslw#c#cw z>@;P8ExbdrHsTwYl{&Y<^?Qu2o*GJR zJhMG+R~B)=aygTr<%wK(0mk_34&BB*&#}H0(-TR!6RWIrl~PaQt4Y@>IOy}^yP2zw zNeV~7?6}sek~eW0s_5Ko9_zC&y^Z)lG2rg1Q-DzJ$J_UHr-HF)=Aiy;t52uQnW}pF z_}#b58v$R_|TJzCqCynT+X1(8MUZj<=cp`RJiTzFK7M=`sYx^9p3r_BZvUW%&X zVLSj8%C&MB>45+c8mIkppXse?>~{ni*R=I_T@)Wp;#GdZ{kHz`yt{Y3LCu;CTfJPU z57Fq4UWHcPBqGE@lc zy`mYna?UW7v>29{n(y;@5n0KyyZNj6QE~G3MHR5k^3vwyL(4Ju3TwbNkB&UR{J!>Y z36Z+l=iSr+zn#v&eZ5mAvuxzf8)>5rJ|24-5tDpU$d{>)A2mJD*XP?fsZLFJqQXH9 z0W0{$qa4V_Bf7b;FYkpV8|3+W5b z;V2jclKEZx#-tJOI48mBOa7G+q>L$J)`AkbZD-}aO87Wi%((9yBMPuIbD1adk@sFy z@vS|e%;&zl=s;%c&4DQbg;PU!-3A(jd8m;J^RNf_~e{WC;-maKxSRJZaLSCxP zEO1Ru=q9^o4o5a!|x_1u<&`8 zKMPm2t_8#BeZaMTK1jCAeSX&2T7R>0@(Sl!Kl}{xYY)xGK1RpUiYV`)P#2H)4fxq5 zshS=B)J`I%H2DCbc|}X!yGlHwdh|)aVNU(P!=ViVfIMM=UK8BMg+0;{UnGW6$z$vf z+QPIw(>UAuJ`iY+sEI++9sUQ#5*VZXM~aqI)K-t8;vOZjE!7 z7QhVFFE+RZGsev!V+dUe&6)aH$$cj5d>Vw9$w4ne0P}x@5pi8+ojk%!p|qJ-el#v^#elD$4&aW&uzq_32H0M{9}F6 zh(`lI8wnN^=$QY-Cs-1nvjg#m6>FxI^M33FOO8AZ_z8WP@gD~IGx~c#xE8JdsjWvu zi^r>%D3o+b3@d*OXcf_jm><~(2hI^x%6m2+%G+cigpZ* zz+bJ;?e&`uG;#xH(fb`h)e_Ii#pm4pDr-=G^$xntvDAJ#P1tatC$A{pN2DJKoAByC zet;8Y`AB|i-#Pj-a5Vde596C2i3`kOyyMo##p60u$~#mJdikIRtvT0=aJr#3#As42 ziBJb2C2J377V{^Whi~-3T~1H;g}&=|Oeu#-)L%1XWw+no)TsC2iR2M^2#?L_-!B^V zgz?RvZd+M1;_)^7ZbWG3F%(?PhsV=SNIcz53i#(0TL085(k zXa6)yiU2s{-DHvT?16OM6Madrrq7R??%mi;UMf%t&D48f@n7FYAq6D_DI))S=&$eL z*HGQwDK7X;c7XiR2ck?=&S}UOXHPfhAwPk%LQGHJ0JO*9Ksu${*WzM7E=wrrk=)_~ zUbq*{gii3q+)nsJqnDUtNY{M8_!=OlJz)k*^o_J^_j<1$GqAGsORDsJseUrTp94Rd zLB}-q0$E42FYNoV$GEWcgSzPUk1cM4HW>q;e(LZwQgVdm_FTWNd8gO+l3utCO-wuy z9&W^z+1(zL6NlfBjE!43(*ga7i3=;0Wfvt0_9alN=7zUeD8(wIVj}I8+36+L53RZVw>+ethX646)vn;*Y9U^K^YN-qAJnV1e9~@d&b>lq+Ls6KD z@Pa_BT2oO_ZW4D;&cyH1!B)Qe%Pux?_xRY*SR83n`Eq*-8o4q9-_J6h9sgdS=g6;` z9`t)8&rTN`E1Ga@%;=6Nl1m-Itu6E{`iM9%Uo*y4^iRrY7r&_EzSF^wn$Ahcv)YMo5RTB_-#D zCzxqof5EVP!1V0GW>`Y%atVzn$y{*6G%J6pcgz+PS z=ZHHT#SgFF1_kn|s+Qtyx{ccHFvVxS%TjY7-5d``D_dZ*5R}Ws zs#J86+Uo~6YPbeN%Sqn-K?&64)A{b%t`Xe|CW1FT%yLeP&F zSQQZC7qK~Dzsj<1eEw`3Ro1{6wtJx!MHZgfFVW?`kNagMZz@BuW_^E)aEAF#UY{Wn z(2xx5S?U9eEiOBK&%(pfLAgm`A_wtWx+vCU&m(j+(2hNs$B}e!OyQZu{FRyRUfn* z9y&wU)|quVFnJL+gfLnijB&Ofh0iWioC?z4pIY5ZK&yaXx3R)*t9aE(_K7k&LS9aY zk5P-Mn18bDebT8PfYzVKjbcs|*|<*2d;15+(cC#WpH5MGC5V;7pjo*4@r^E`Se6^= zA(HuKc4stXBdfPRJ(MoAw7mSwHQkU>#E?N|apC1&=-vamXAD9_!AqeWI1qCph<|hY zdme71$j&$m@^N{f6V8yUq*M=SroL0UeZw~T#nYn08vBW)0L5w}_g$WAVVq937(H=~ z3h!xqK3a6q7W5%)4>f};73A>IhMVV^+mDTv0kW3hL?qgghKVSXaMW_Y{g5N^1(|uM zrsjLTT&&hzN2i@cuy+>H;9-{1J%{q`h88-N1?Ij|Ysgu3x69WjT7*CKj_Us`w!$Te z$s_#@FK0*qE0rvuDim~53)Q}h$D^n7K|>k*mVb5ngauMQ=MOC<{ZLNFOC7>WpU%+3 zIqKsJ-~^FWE@Ns0imKJe^{T5|tnZJ!$0yxw9IV}HI9}AL85g1@vv6bw)8Zh*zpj5Sp0FQ%($k8`ZmSP z0nUB_)hrC16m?STQ8N1`>vNPwPsJ7%I|$JmR|RIurp4TEBHjHanr4s-H0#^he0Fqx zaEIjUX5F0wdkvc;S$FD%r0%5ly|FEEZ8H()L@*a$T^=TVFYq-(LK*V8agpo0o>A~E z^gNmB6ht!S<-xoNxf~UK8P)PfF75kDDqr-#^}o0=bUY0!Y#Nde_T&vY zgeUaV_?}O_Kz;W2H^w^K7Yc3qagR*M6>m9((I>kTCxcqgd6gheIdZL@4|hyL61qbo z>mcptho$tw_Xt&1FJTs*Hz+x@7|>^!CE5_jQE@j1lo((91KfmPmOPwfSQPA)`0Mvx zImLrT_Y14{&~Cv#u$Yu@zPuk&AaP`Ue(tMfU4BCO2$1;|eOJ0vinZ+SyQ1s2xcK99 zz9+E!#Pg>6me37Y)gK*K!6i#B=z~ZP<^wf8D$K-Ye;u+8iUoZ`zwaYn>%F9QxNu; zgZ0wS@I1-UCa_RLb0;ce3ws#sTMzRF{2~D+F-=`8!R#^{z~1 zpz?6{V@%*_FPLy3b*IARs-a_BGft0*052FTkPyDj4KT#2q<%!Oddq8riD5t9Dvq~d z`|0U~d|@3q`bDz&V0+^ro}qT}xjjg4_e{YGim1^o^esezvNFPxQeAP0CO<{wxt2!Q zjUsbi?}MaXAsOIetP{jI9K4C_&2Bs7Oh_lUFAp~R)-)-Aa$|@d+Ddw06#- zB{}k?y3`vub~9^w`4JyL7Si7MB^Vv@Kj4dUwzqI?70!K$_mm9>L}g%XoFb4buDWQr zR`f!?fa0cRe27QV>r}Nwam5l~q3sLUy`fDpg<)X1hcMd1vwB)aw|@FChC@z;`)NRA zkD{!Fr@r^uiphrywrRg>S%lqf=*|Z2jN!b4+Tw2#-ExvR*n-lWaQ!}th4Pb&I=d4* zop_3XK8|2Lya0db%)Rgc@+yR!Nh$ORNWb zIAegmqwmr83XT}G@6R8X-?pR2wbq9C01u2wLP%2_V++vA`<4w|*U-26mrC8UEaY%h z$#mqAPeOa|hth(=xyXUlG?VNorMZVVb~3zbl@n+C`!zG=_l&>fHT^Pph>NuM^+?2@ z4{Sq{BZj? zwC|0{&qr*!KZf0OeEa8T|HN*X+Xukt1$F}Pz#XI=hCP7~*U-Y3YQaO%_QeTFz$+o4 z6Wh2j-w~k^jCyB6_tkU_apV+a#5ZLd!G%5ZYI#^RZki+CLS~RZdY5ovEq^CD%WY|2 zK7-)A20vi(-P70(U!Qrt%r-ZkBl#Q3yvGvz+MGfLhT$jP!&q*sk@)vjrMJID2?b)fR#SVqI$8Xcq7F12aqlza3-`m;SV@7AEN;jJ7` z)3N%9zz>|Ad)a&+V*9xKo`ikVv-{03C|X4uDs_03$EW}gBLNNEk66V6xAly%C#2T! zw@nQoHWpS%8Z|Qjz8xi~eU{5k$L#!xg2zn@1udMwN!8Fs*r4$m&kP@q$5;wC^$;x8ydIQJ6 zxXD}fdBNIPsRw+npy$o2kIpJ@&9f#MpzFOJB*XohLxYFE2B&k9h#pm26-S^l*x$jF zX+{czyyIVQQrdigaK{JZ)F*wqVQVJ%2PG{c`~pN<@b#}y*UM}0mgH{LwW0fZ7Jk&q zHR{-ZRzc{~AJs15(`;%pUwY41v7(v$R%WXGhF{i_;Xu<9mS`+|}t{@sSedi_y7ibZ)f!_`(|?qwIJGjX1?1DB+0rdP2L`Qx`wK{ewk` zrJ5c3=Ax}RKLwW0VH?_Y?TzQ&paNI1(5&_id88kdsQ|9M2IC6wWF`jiGQkG|kcK+; z`qPC9KY|YnTZIhUcBj~Y;S~8DIv;Tkynx*@E=^xlH8;&#>O;d0qqOJVF3v^RYoLcE z{6d{fdI=`w(B@2ETK9EH%+`@+DX;h6;?7PIA6}^FVS$k>%VQ}XRV2^DEx`7GBd_o3 zt1%1-QJa`uZ3<`8JPLuWI&~8 z&WueEY+OP_B!K=f?~m3SVMp$t1_+&fxfB==rO$mvlq1!VY$dQpX+cB&k=_DT!%!)NVE_16;MbTv12AO4(*I zY53kEtFQ_8RqhZB#IfcdEwdE4d8LBwmT}s}KGRJ^k{N<4$3-s89r!xs5pB0(2X^GI z<8+mKer~Pvw`zR%823g5I3WIk6r;AM+U{#K#@Q~N5-#`S;chAR3M*~PnXL+iZX&;j z5XGq-GzvZYT)N5xlb7)<;M2<*6frl}I_!Z~hfd_50q=H|qP+_cSGk z9W(F57pI`1e#@!$cu+lZSVStTRtBxyc#dC$7p3^ecUB9akbJn$FZdIl zGel&dCk5nST;R(W@7FBj(n7YP$bI$nJ4#ijcW(M*Y#w0G3%qK@1uq&_`}y;Y2~F## ziC3AuPcuNo9_8MPz|Z|2uD^w_bDA?!7stGh5we9PAxRflAD*4ucYH|%t;)^$_4R&f z?7DIbk-b@TYIZpxGJ0m?!^j^1Hc7oZM*>)<5Co+3R02K4*k^v(ZnjnFNwn;s*jI6`aVUt#{IPKXKimRUi3Ra=$hAnaeU9Wc$Uc zA?%U>ieNh>=Aoqil>R-FLWzY-^vS!vapjPo{X5y;mW^u<9WHs$4vqh~YT46xH+T0J zrq8^&D)SV&A`e>n=NQ0QXo;OSwaDcBiE};vK=j58Pqu04R{puiEI@6@?UQ9#!l- z7v83cmHQ39yj%`2vDsHK8G;_T#UGH@dWbAc{^o*3xlgds5^x|L>3+Fx`XnCNeFsqd zid#-?3S=rIBldS_0RjI!49%|zpe^AJ?i(Wc{N}j7eNQBV9Nx<=@s*RHI-+snzHH)t zb#L%KFn{b>uzSDHRFpyYJ6j;m)vULFK}k!G@_wX$HOgJbl~STJ_w{Z|`>an4Z>aI- z&UVeAD<;>x3BJ!>1@o33%I$`wLZI(48hl!ZekCw3?6-HvVCxxfJ-2oPtg)Yv1U;g; zn-G;`&9q;X_DARE{+OCk0^GS%tgTyRu$SGmEkDbCesrKR$n%iT(OiAX?wtGi%@9|K zpE6dyFF}x8vDwRLvUs)oRbQ{l!Ie@1dic2klIYme*iOp4f7_mBL<4?x(>}+G#2c`c z{jd)j4=N|u!CzLtpBDV%z|*7Ts)eNck?vhbG`qT|o2&=gxB00=W}FQlEND~G{Z3&)i|C^0^<5(bCE2TLTNXC-}$9N_M3Xf zT-zsCw`S|*6nMjFU_0gu|Lt;P6~6RbU=FWYJgYpe~vye-WbG@ ztUM9ezW#`mpr4t-)YXdW#ddoJO{6~`Fw zHB}oN6P|Ih%un21z~dF3OYBBgga{t{O?rM$3Ve4!>CIGm;*SXvIX$PoDyqLQ$7?XX zFDSh_S_OIf`twjjocHg55%~(;nAp<|qq|@*G4{ok>8W_x_n&jMIpQ0Ei6T4BBpnvE zRN-FE&Q~8c1H)JmYNEV4wHp$3#m8dU=}VoTM}+_I!>c}fPK;aj^NH>(g~f(leTPz2 zeaexB2%Ee-&ar>&i9EgBUhva9M6hq%oPE`5Qn(F0m#4P#Pc1=c7P^0CXEEIVI4`VaDF z{pJ`{030RW?Bh{Wo%dx?yh?%#-tr7@Gdu;EQ_I*ewNZOCfc1BFK@6Mxkw5VR5zy0w znesx;cxVku7gl6si`H*S|LU(d5m>}^c*zsqVWYE@yE*ggh5nHSh%rp}_3d~|yEp&H z`a27Ybi44eIv-0z9V?7T_+zM>L9JXh3XOXPOjvoRKuu>lwRFY))4s7x$CdR%XL zaSDr71m|xfgdTyl>yAw)Gfa2H5AN( ztd=imxri8D>(?%6#&?$>On-7Xm~AH?(gg%`!p|Z^JID)o7%?=M{$){5h!eWHdrPoW zM`Ga_jt}ry`>;34sGA~rFu^q`62qUrJ8DRNlvH3c2BBA@FYQSBTHsCqoX4k3f%ZPw(wZX3!kXNOzEtjAENkykA=r7@?sH4 z@A_a~ac71!S}G0Xp~2E9_>~NCYE+3=9$n@f&&d;Hp{pGdNWq#LPgAR@m$!+%M0p&iLC+3x94eE5N?l(%@D}|wK>g@+ z%_gtBKEdZ;zu*pC9UT8KvyO6pE!aC?9u;1Gu+;24ifv;E#-o}}{Dlw5%=Z` zYXIgJT)tn_J)s7x%jNe}t&_)Gt74C;Ph>4><+&%mVN?|mu>sWy(s+l$*ZDAoX5jK^ zip}(&50bXT#D4LP@@vIPjipG2_~CEDY|5SYY(N-9&niIavX148x+ zZj=5#B4TSQ_O(&IqSH`Ve)r=18Rzc%fTHHIZ>MG{QKO!^CDikR`d5#47=`SzHb|{I z!PV(rO55u%GO>hD{)cBQFDRegE;`jytoXL>b?P4XQJ~%R*HK$J_`HcKs9o!qfG9o zCx!j8Q(>A1=U0ZzBF#*Bkv3Mh5*YltHZ2Bt3^kD_upAVPm3+68zr@F(?j_rf zD^P7yCxR+}DQ?om+%KWiAY-F}E@^?_QSH`vngzcq4= zFRJBnmRMla&K`d-OPtW1z9{F^{sZwPQQ67_62*dM^02+Vv*IWcReHhtE7%Pmzrw`A_1&|s_+@i!T|GiUFwH@zIuoDcYN;w0p3Ec2dff#x4DN?l%^PRj%EL( zr`Z*x&Byzq8wvZhN8EyAT32%&AKKM=EI3Ez%|ZJXj{eezzn)9{a}Z&b0UsCi8yY7z z_m97AydK_$ZFbtB{sWvg?Awg@A2VdJTGRooNPpxac7yu@it_NgAO5YP&>7)?^#j3i zQ=X3n2Ol#=`)LtOl`*ynWXl8uu!HSRTL6C#XP<@VfN`P-R3@l4|9YQn&y$5YM zJJR2}Vcv^av={36T-kwFl^NNXSt$8aD;Pi8;$gHOPrn7VJlAt0gw;N%gl!dw{R@eE z9Orj>Vtf4FS0toN&*&FIGf|4GN(KuVclxXb7kyWU7X_>!aJ%G zBu+UxT3?3Dy2z#CvHHlX@;*Xt{9Cn!v(S~wvuwzWzhCiA=C%j7U$w zNBXIcUk6s9o5#1sv0Ab_?%ye+u`M>L@$UzJruPO?t5$@Jq&po7FY3Yf`0|wpKXWoe zcN|`FIPNHEx!J9A&Bw5^YF(JxKrIo+d z`&b~rK6U~a2Ifo^YEo$n7fw&|)59#&>EOZem*hHZno-rq;~pN)CihxdxjCZ8UL%d; z9m8A*WL{Se6HX#IJ`gffR)Nr)Bs*&VeEUZ&_cLK)O=azS#X=1b;Ai|RQ0#->eod2` z`FOSfHepcc!12Z^WZo!f!j4K<6gr%tnqW-%)2#@BUM=lGmN&-6>fX(Rgl!|3LiE!T zrGB}pozn_uuRFK<)(v4AU^B^!EO@%yL%;Eiw)P&WyR4zx^~D~a)67O?+_vYbb9^N= z;hsWW>aX=a^~%ds@7vJt@FSUz$15r;-tADn3LBkYFZ*gi zJrz#jgE&ozaO%B_Djkmdg=XCqROgS>e90A(KMw(axi1B9+YdE)VV8@tT6t~->iUhT zB!#hk`^)qR#zbV-|ISV12Py)9asMq02_FsJ*>M=Ly+}V6Ogwhyq}1XO_dOt^J;Xx& z$)c2F{JbUE7QFeGtl-N4!Iv-=v09Adz8pCWxND^ji7t3umsvLKmU+CzTNNvjKb+C@ zrMYIfBsUa)&ii#Vo7o)t`o0dp3Q?Sc%e?(5#pd7giK4cGN@zl>4JHlW()0&k^%Ot@YKK>~`i( z1bXKg{OdFMpM~^Pd|z-4xrKN=@K7d`|O{H^~{Iw{_F_ROTHb)>mL8!ns$W@ z(AUIN79-A9n>SH4%y2|}M*jl#EmPy~MK2q9jIs;ow3)r9MRt2^c|CqWQ&Zpq?0Kkt zeXIkLxwxN=e!9TbsfKFR^ixB)e_y+G`2iCmqquM5>mF~l%2(S@I@2ye|3HsCv6Uz5 z^1aQ1(Gy_giCGM@i|oeM1Aje;dYXkd6QI~V>zuq0WRs19K^yQHBB}H^Tq*rDChA$_ zn`?8vzF%+uhj(g)Dm|XXZta1A{PqYcdq|Ov@h8b`PWHwOQH&MB`Q5?0+_-M7-h@}Y z_qW!eQruTj0@Ze2byTI>?D*k`r4LKpEf7Eu?{aM3bQb$!jSu?W<8(ZBPGB6KK9`GKJGK1 zrup|xhw0nU?{zaN(WHC(MiIqC(6rm$3vCq(8&es!`j0q?X5Z=^sC- zs3I=52kO1JU3>^0$$cLPE9qS}kpWnaz;n4W>-dg61}8(TR#3~&P_ZSCRew}vPay#O zwbjK`URBcG69$gg8glX?k5O?sp6e$bmdpJQHj}-x9`nIv0vNl@yU0_JUkWlgsNZ zb;&g@CwQZXHq+~D1X>rM)ALpY6H1^88Mlc+0ng>0Y zeBw543T5S@l{1_tHtq43AA*Th%+kz_5GtKB7hZ4AUi!}V3M0)AJIdU9+m6B?9(q4R zlGUR_ZVV^c{O(!S>m__6xlTFNM{6&qjw`=8rDgVlyteGh^FiOiLm&}6y~sWH#sWra z@)LXx$08bFoleX!anPac69oJ7An*q2;=-21KGkEC2tb(z+552PT4W@adA+jojVY3-EYZ zatQ9~9->eceWRT8+rhdoOtK4V6nPfUY4zRiKxVdK$g(1yH@O0B`=acbe|p~2JUWw* zRVO5ya>P<&UtjHesMb&to=;GcU8#Y;)+QBj#1O3Tf@$80Qu6%Eck1iAn|T@AIys9> z+v~K-lk`#K&JgE!^fXyTB*Bm^?8D^LD!UF-uFQ0_!s$|FR#oU}6W_rC^-5dygMk7h zGU>NtEIU6SGd)KNJM1^Q59SI_)b0l_(H%7ZRR@g~PR^r#KdI*OHgCcA&BJAF3m@Gr zYq@fJPwa`12yF_eCtrB(%2tlx!9?DF!QC`v#ag)`heNzC_xcCxa1z$0ZBhq^LsC6Y zkp$Oe{8Zn{YY12**3rBk;4D7F=A#T$d@x!lZ1IL^3LF-{e?%e*vgR!u82P1Uj^PUg zLrvY4g{UIN3d`S})ehoS95L0{IlLjh&lolnqPVFks;kO>jd8sN7Cr?$f zA-`k(b?aBV2NA!&R5J_+Iq8sPhC8h|^eh*@EGy5NoZt85@9M*D3?0X3<-6G}yHSVS zM$^hS!!G~Mpo647pWBkSRM0L~PiF2;h7z8B}PA`K63Q+2_pR*J=HMt6I@0xMypYVM+<7!*$D| zv2LD&XC=O<`Qw+dfYQl>llr>1dfyWgn2h%2Rtdy!j^HNOzH)v4Y0I!w9VVC)@4YT( z_5>aFY>8O%_}(;N3Oo}fWe)Cg4R4)3lUZAZaQ*?Sfod!n1|Rz*?5taCj$|x+_=RZ_ zG^@doNO}4RfM-{-<_M&#xNxxPdt_0yseMN8K9cvw>nF+oB-`a0-we8fL3Kmi1HT0` zWxbpri@P9~Ap~5Dc}u7-kURBb zacPtTYaLocRR&=6ZZ9fJ@zmPEYYG*C2J&hmNN>{@X0229 zR@r`!h}>(;SCX7Kd&Fx%HKD_XayYd=DAM*ICF~iJwj*R{sg}^b&*A|i5`~%e{ZYNV zIO5b@w;i}E&nK@AVM=#?D2BFA$0zrP-FnsTi?{lHF<32NAN?1_+NWT6mY*xEZyJ)H za=1(nXKTgWFCe56YH{Qpzj$lSk^kJiRI$*ahxU!{vLR|Y@tU&?r^@jUZ28oZ7B;Sm z{u9%ty$BRnjEm$6_9SZBbA08n*ZT!&!|+}LX-FU<#C$V-^{(5p9vOHt@xgbaFCzWi z{8y=l*%!^G706h0QgeIch0ntuEjvP+b|H#<_nDf~@|_SSpfc@V-yt6-59cH9iC=0% zv+XTNeJ-!>lv1@&*lPhKTZvp^cg>|d%-S3CMe&K)=6#n) z{6iOu3b=r+|8ty+UcEjFS9hpK_p?P^GQ?F;`yQlkdW8p?OqSnImX-o|# z26^mmlXL%m6_FWvnHI) z`rD4g-8L0|_3%kJQDX37ndaUEJV-BStot6cW<2wxLQaF||JE$gDlm1n$5dWz(C==D zy7o0sUDRv5?7a!XX?%n4LcZKTgBg_KPIVz4Fpmkxw>kO9q2{yXHn4|TPJ3Pi4~+IZ zpJ-!m-AGkZoy=;PU#No5nTs(Rdln5w1-Zj^v(gUly)SC^3q zf%jbJV8cC*xH57i<~-p}c35%{nO}_Sl$r2dFiBs$&;na#Vw;?)TX(lQl+%Rmaq!}& zg@6rWUQOJ8#m{jxCafS5&z3Ovvzrw_gVBAL?7?GA11}8K2Sp)2pWF8QFHnIcj z=AwU70^nEdvD+AJ!&f4?&1qDJ=c@Gf8#`XVKGg0t)`j{vN8P-~sm@k<-RZJa`g-g; zItmbg`1nq#UST|+3JI8*{$B4JpIb|4TKDc1Ie=~el7%OS$YYi;3EVRYhP5j7O&ML` zL4SS56vId3P`03bqpGqc^GEiybTTu0@Csm`ZeUA6?>Idb-(y{v5sGXzWh&5KU@~qyyWj`JF_tn}9(rg( zk>JX3W4U5`fWA`6%I!yPeE?#b0Fk^xd;&t(qYgyaPB01IjOpJ0KEB5Q|2JT%HFZE^n?u(Cgo_(XMP$^RP zEA~~pO(|iIN!2F>xQr+7_u<|t)TWbjmMTKJt1litod1z@U0aGOQS_HY zqK}{?0g<36Z)BC6!`IKIXRW?Ln?@{(suOmI+K0VyAr}JY!Z;_O*?ia%KyvJ%ly6m& z;eaSxOgl*~z@&yBWg=XgW#%W`L=ImZdSdY->YUqzU2lKz1Gj!pu`|TCXy0RR6ujA@ zu#t-o1kBh9LOA3YT7U4<1^SD2oBItxb;*1`grPchuPyvC3ASWF1HSXC`c5|ST&i|b zzUIWBtgSxL$w52EKAJi68yvXJq1rIR3gHReAEWMcA}8Y`)O4O9MLhrf+qL#m6jZV= z<{95z;j{51nCAQz&c|8weV!q>{TX#pb8A%RoKhQ7iCN-JqR>UO=sgdEYx-b=NC=Oq)t6_M3ftsJPyNBvb7PNNr1OD& zhFLj2=aV@@2t{jryK%crD2WF#><_9B@t-4WM{N3B;Bk+Ki7+6p9|qHx8-B)p#b=jq zce%N7yB9V+O22^;aenp<2;OVqP&UjvJ7%yERZ9FV4);J;-&TpUOS!-oJ(+~5v^R18 z>sWpr0=Z$pT+(|*efZ@)0`lYykwOuk>G1#u2{q0``}LP8=F!bQ<=0xWwc@P&(4D8T zUZEl24jLJuP7K14hrR)VUJXF1LSr;`F_^GYw|Bjd+D6QbPxyz!3cI&9!Ks zV$pm)l2$kna9Ji=rur#;x!VKb)^rj5402oN{s?0&=Zk8iR4L4?zCTdYZL;G&s(E7H z64grD`qPSgvNwdvm!^!*q6CfO)#4(o!qOeizi;$;pEPiTPt3Qyze9*89?ft&jQr%j z6AzNXTUE>7RtaHQO#&9n-XNvwod$;Dtvh`dFYfIQ|1gi!$P@kejgZ?R z0i|Su%{vaMiA(TVcs$?(J4Z%K3DWGo<#0%r| z`FTW_VBg*y3356N;YNEPb$);1l>yQ{*|#eSQlvP#w(_K2wCutT1+?*W(Q(1I|4GNG zh0HZ1Aku)}j+evrOuahGVL<#&<4oJHxh5@LVPbo`oJW)@(t;^aQ!_So-@E3`P}XnX zQ}*`&Gi;;f%GdX7?2CmQlrg%Yyd$fDWPgX&0h+?igWsFy<4byvET)vLmfBuioXm@I z1_EI-P+|OCVP*0>HKEnQS0wy4RBK7`6D#y7g!Pa{)r~ZXt>D~!6k{_F^Wh6Wi73p8)4R`(vdbs9;F>Dx9yj~* zaN|=KQb*OE8%URk52HWy>zo!@Pd6*5e&7A? zd-{##P_bRd!dWcWpNrhj^YRg=cn|;oeuO<)IM~*{Q*fI7c^rB2rM4$z6<)UVrNbPY zC$=bQv8O0A09AT(bpE}swQ{;NNGbp!Co@pTm#%vq2XD~IWV&Tn9e*-V^q0MUpbDRU z$mXpMBRVeSX@3F^a&@+0YKEi6l>sL${$!`-LY~4voZ(A0lG>c{AT&!z1*2E+d)`*8 z^a6L5f2H|4bvV_%D%e%k?huK&z>&w$JY=mOM_~6*w=5pPuV<{x|2d7LdgmyZ>q~|F z!PDu0Ky1;(#naD;V;qfs44Fhnu zw8JMi3s_nlgTH=fwf=4ct737Iyg%LP*ZUbx4WPR0HHP+b49%Y)CJYf_KM4RiKIWI8&iOud$o&?a@DFTvCiH6m z76!cEWaN+#?@VI^>FM`mTPTML(r|SBf|Ant#p3bqG+%c=Si)cp^1;U*H7f^>eeJp7 zmc9*iS*D9VZavfSXK~%ExUm7wdVMdDaLZZwwo+-p-oWC=;`^C9OF6aV(En_;%`p~~}PiG)|UonB58 z0%A?w2JUnYd6KU8nXR%T$Vl>^Rn7bkwaZ<*f3G024Dv6t+$&d}nD9<LUIA z0c`Mtq#GJF8iPdcHEUdV=l$zG`mV`~em{K5Yc#`k@3u$~$to(c8egcu@zHgG6LJ@* z=Y@E659I|_{PAmcF$}z`X|i~m{)z%4TcYuS8Gw46`iZ(d&%q>5vb}o|08e>fYe*ne?f6s!>O8&Y?Et6T!fW*!Kyl`S?ppKs~kQs{3$_ukQrV z{Qhc#SajKjbACDJMq$?bNT^RoTlhLIE=O-Q!f#OEuKIMRQ+64lq~%+C`r%;)6)xRJ> zDq=mE=i{{pWQwGzNbelRsE{5B?miu*s{_Vn`cxu5uYX|Nw<9edy!lTZYM?_R_-5cj zKge0V!yXmBW=Z0HFv7rFhCJNj*iUmq1(ccr^sS}_BFR0Pe4ddZ&L>6Uh0nba&Q^B9 zdemVK3HHOi9swf@QnLbBt}}txs58 zA*`o|yrrV+vL5}|f=!}0KF1)uD-=Rl!Km(%+!k7ncDd|ME^@sE(Cv;=uFQgku(KaE zRKtx2;B`|n#yNrkp|fth_^eJA`{n@uCjm`>y8NBeB$N##(7dfb8uD~@vUB1;221>* zHJHFH?o~rNUY(BT$0_>(HmbeHR5T^_+xStPI?1p99m{vt%6<@Qv`b6fbIyr7E9>`Y zo)NSP;y!nT--#HjBc0{^fOte$(+2@~C?|l%dCzs(ldZFLt2Xh-gii(%SZ*rA+v37I zaqqv0#n_k3W$x~k_EAUoHhk%$6FDc7Vb?R+V7v3&GhT{peFco65x-7~Dmjzus2Df4|>|9)r$$z$B-BI=Ghy0472E(qyTJXJ5=`zruyWk6%_K8Mc(E z)2AP5#P@Az?!@y=>KXAZ<=Y*NKm{k3jCb6f#8TJlLlDV)bvq9W(MDy(1FgN`vn7*f z^M~1+keB#+MXj#C_@tb`FL-Py3j05S=>er>WD>{5au??#)8!%mE496XC#{AUPrvE` zzg>hM5O_O-KYI?d?ah}UBnqNQS=B)Lv1)ryq^ieyA#|dA*YLmr)E5Dq8j&ShY}qP%<0oPHs^$X&@@#BlKPXEj% z1pz&lD@d$}2&2Y}h~IwxD+>Cn;YTWm#iGt_HS|2#pSp#{4Tl*Fs;zYeanZAd;D1Nbg zPUWqdVPOevG8h!m*u`9ZD8-jzgId9+K)2PYtz6g$Vh1X4U(wTRNCoP*kg8IOH}egF z>2$m|#BlayKeiOQd7TY}UDDLlSs6J5wdp!&ym@nH4p%C^K$MGF-xp0h?0cJZYfjSA z@H|Iwsle2BL4e|OF3bD5^}_Pjkn;@%^oXNo=4gG8&kM`@P(uZG?0>$W4h|-)VBDaGMyr*;d%)`q6dN=en8?96+dIpYKG>SJF?2Kq+O zs!5+t#c&9=T77ANC!u z4#ym1@3w@7$4mp7+d;08 zMrdqlw12JZQy3FL2ku6jY3^^+QgrTc`%DH&z4I0dMq+)X16y=ocTjI5{Gkb5JqhuTr_D21>*5-4gPyE zLn<2gO<}Jo9FNfU%g)Zxxi-h(ijF&4v@bv}Gv)YwJf`pX(U_7qG&+h7Zz30$^zasc zS=urvbKVNjfu7G-8xEFmzKPeW*lWh#&j9;nB=^NmS<1+U=FuyQGuuNgkfA}Xs9HR9 z?d|b26*`vOla;YazTPDH!iyY4oWSkbD*=o9)}ZiGB%_*amAB9mL+tBbu3X}?(zT_( zeg{Cu!TuuJZ{=4M%n7+e8!S?$@^?iOl7j7Yrs)Gcbl#?OOoHxPIIXr9Wo#R^rmbuY z&G5v_z3zwYJJz*9TG-t zEqssjAm&OFfWe^cAQ5S}TVN4#rwMKt^2pyrn|XKLb=S<7dQbTLfQAT#UuAb{lV<>< zcVe%Gg1_Rl*8=~Reo;E5vK{Z6J8{vD@DFP2882XVeL}N3u9*31Yy^yE>U|)@5K`+u z)ZUM^036s+_fEv~bOm(}h8QgBG3Hh^1bJ9KLEWz2PN)f*^lrqH)qOZL+^8zuJ+I?eFp2ey6ucsOz9$bF z>sZRnGN6KFA(B0mKz1SA`s4oP;`6l`j=zlMiD`j#C8WdVM_4D$!t37?EZY#t!GMGW zKf6;@n6Y28R5(Me?Q(aSOJ+M!od-DcTO; zQjQaPd8x2tfLBpNwelm@hi-057-H``q8SiZ$TuM80kZSTz}h{AUAPfGOk>}&R&5Dx z{j)MZ;!6@D2j^aT6tH%*SlPpyz+=CD~SE zI4t#DhO=htWA}hAZx%&R0EDq-Qn_*D_R2_s_I>R4G}x9`KSuMDtNr08E0xjy zXiZweDNdX{!Y#_q()C3;zvJN3uWMC<1#~D?NGh^0e?ROa^u|BTNiW>h_FW z+;FP;9x_8!`rV3K%4*Oa4#cAd(Kf@K-`8RIX&3b%!tnRL#;oN!zs)buUt{|;8tWlF zg808L_I&|P(cO^%oI+$LjI6RmZ_2-X!Wmy|PaD~q zekSMwo*wY7JYOiN6TPJ>+4qH?ULVI43Z6HE=qgXEssQ3G$5Rz=JV9u;H%tBm6Ho5L z(jVAV#~HTD#yx`NNSl3IC;S2fYw(dv9Rp4Jsa948Z*&p1Ob*mhgy0mRSbe>LkW`nD z%;<}93wLgskY8RP0CMs#c%DjAC`(9zO9k{AIta%pjyr4*W3rcJNy$M^y?th0;NVaP zSa1N~F8{QW1enDg9$DkA#9#A-CqF6CqTYf6$>V)IeFYdvp6&cdgPF3yWDM=zv^J{s z3LhmNCc+^csf+iO64_7u%=H`wV}n|L(=|_=F`NcT2ir|NS6LWK7F6QN_Kqx{E z&MKLRG$rmg-xoB#os|zW`*EE6Al{sudk3GwfjH#kgzNddsQoLP5LL=DcY-E3LGfaY zv7jW^Em*k5t|Vc|aMivr75V|E;&mIj^L0U>chc?LQKE+JMTf5I;yU0n*F)B<6Y%=% zmA(ZZC;FCplf9*SAKh$}o>Cr7(bc!kF)%373f{UHM>VUIdAB0tLUZXJS0rD`ie}Q;sNuxUSMAZYmy6Xpq-t!k z&XHqM^B7Laes(CR=Lo-~>P_96*M&pS{Yt?^g%Jtf#n1D4j}PrwWY_8Vl`G0viSKRD z&QDcQa(b^52OdIJ4E~$oNH+kQ$CTLm91PnIT*T5?0@w9QtzNyXOG;`$w?u6#QUdujMlUbGN zi%L^7Jc0N(oM)3dI%S?RyR$OVXK8NR%b>E{ZSQ$98<{skF} zKP7eFsRNzt+G)dBI*1- zpEYIK9}PME`xkoKIrekqn@d;7Ej%6cB@PIaB)F4jPaJUNCi4jh8Fc5h>=eQ2nZxE- zuDUd>aG>iC{Ntjk{hUIX>}M&3eukMu#CF_)Jz`bkg0j`AEBZPbdkj__BqQ~bG$7AxR z&wzuraEc!4x-q|OBA)t%+o1D+#g3Tt%8W|~hrq_pg^V#{fLwhczlY=;Jz)%y3MTpE zsdMb^nh!#1UxgRSq4)3F^#u%RKdwbD_=UmcLI1Y4WVad-R8c`&1Jc%42X?lMv3%Zg zy7&nJeMR#!wF)!JFD~ORj6{ZcaeWrAqs+G8`Qb{u&vd$<2l(m~_V%EE7wmM>WSP=8 zPaY;)!u0he?F%7(WSc(-V=>Y#h@&T=|D-{1F=;9SKG=Db^8Q4GvD$PxmltobD*X2P z7Y5X%55ZQP_@r$pW5aRWX?#VBu!-#}+5Q^Db^2Bx~(=R8K-fVhxnK=Br$YF@k5h zWygvDJ>IfPfA*O^Pm#-ym%4VAR7#2QyamA!Luv&z)9Lr8P151gz`p9kvg4TSVt!jf zQU5R=Pp$Tz0+1P?7JNhRa3k{GK5+Z-Y)MASBtI?rm8w$HRM=q8PkjvM_^j5tNL`0I z=t`rzRJxzbg;`EtBR`^KA3XWbdJd2I`=RA`qZ9RVLUB%Ff<)v#f8LbG7dl#`KY&If zE~Fx&n2fp?$o$;NDGx&bSUjr%^AUE85rK;tY`>Fql_RH8q@X*9w;Cde+`G(0cDKCO zbD;%&ocHeyzcL^RWR%NltR}jrxln=C&59|VVpVwXDU1w{>%MZzI5t|lul3h7f5cGk zq&x7tY93u!vGF$smZmt43{HTWWvtsyK@1Jfe!Cr*pMSm@Hr8-NlBYobzoW2-^D*QSLMLh(N zQdCElNNcVwBdC1|4(*!OyhqdfgLCo06+|R$56NJ@KCM@^%QT3T(cGneg;||t&>x7y za`N5P{N~j%8}ooOhBQKX44}W`P-WA7%rqZasq_tL_ugGp6CClaj@Gn|M7tklTn4=2 zK1-DE6VPp`|I8?5)@8(&U4MrCRHLkb$M4sKg&P0H4`dx)z-S?7;L^`o&R(zjJf6YB z64O2FOuJ8KofdeROt9?(?lPch`s_2A-K9fI6K1_78S6v+d*rFiZvnWkQ2K5uQZ4D< zue!b1+w}q?PG6=Cm>=zHn23r$3qz_pJn7jdI0kZA9?7MR-sc`bxaON4;DCIvr&@}i zRw!a3(lcQ&hl3si@z>5rt+u=rkMHU#z0O6%ZB3xmJ@gyN+WK7Q5aYix1{s~hs7wgxvyBt49X z?fdi{hS@ z`O#D(`5x%3#6gE*TGn^2I`H^D;h6oo$Iq#Qs~~4fAjpeMULm`d+|M|L<1rlAJ(Byx zzlBWH`Q2ncj>dv0X~7!NZ!bFIGy-!=-ShWgchQ&rrZmhB1+#@5^(bztegv8#xCkl{h~Kl?^@0~z0#hst@b*7?s9m;0Ut zz1>p^m>fhnzbkYwIc7Ycqk2#O`WQ-E<#o=%2-&y9Riqz9 z2pRCLcyNXdxMnq#i@;Lp6K9nSn0POH=SPHGP250axou4+c8GpBjy@G2-vV*jLI1g#i1v-!}zdJ>mX!D-q!t z)MbvyE+aO$9Y4^!IzmbB2+TqDW+!7g!LGJB^@6g4d9mIJB@tg?>-66xfuNP z!#`ujiVvnZ=xH&emU<{PX$SzU7AuD90W9lJr;+6dr6JF7pv?; ztUIX=+@e1*I`b(kc#s|E@xmjQ|0EmFKsx~1X1L<&dWH&qvqkaE)L5O-`tzf@$ReMg z(%L3*eK~+Du|G2SF!{$A%^Xu=kbZY z)%ti}$Y=0sqHeCT@l$G_e0>ory`ZxmqO+4u$3FP-=964?@=SQAam0Cr=%UW*rz?nA zu$EM?fj2q0cvQiKNk3g`i?)Y4I4dN~a93AY`z=k0L4gm+t{5aFCy2AU9Vn8aJr3jx z&f-0k%JKI^<^Ni?p;VUqQz3OEhJ~4z)5-SA3%FhWAj0aN*+1*iWuDkGo~FD#=;DyM zOoOLnPIo20A?%BkiUKaa?O*rrnF_Bb)L`~IUl~xbxX5`1w|nY4aXRQx2l7rAMaLfY zqN21vd$;}v9k?(1Wlp!7KrYXkng*S00OY_CxiUA`Hk>$E|+7A>U$+LRvwwPF%FuD0>ESb5GMMI-|SCdgd@rn*;FvMayYTdF}jRL4G z9%t;>_dVpH(An8gaHJL(cE@Gx@>k|VO*v*m`yC6DNcpkq+NuBDn^*icVg~%WUkHr) zb<6sGGQ%LZU(?jw$MKJeh7Df$3G($}4)xu}rSrSLxg>U~J{WlgVdHsmCn%oWl7xH< z1%5|e1co~wwy}&%sBR@Lzbyyt9a16diWGYS!Tsp6>qnz6zbF>je(CSR9=MIq!$47J z4X$bFT*t;=i3r#&LGAd1lHP7~re_;`dLM^W|H+o>7!C&_3L~}EhjMPagFD=Fj-*Oa&sLRE-`>|3K1*UGY#D4_i!`^I zzo?3e1^55nK)fJd@5A>4;%QW$0~Fw7_r!i-i6B7JF@qtA$!Cdoem*AJZKDAnb_0B1 z-)6WYz=mzyzxAhVgy5{M?+7Y~$HZfwAmx9x>lH+OjDOz!j58S7_#63hA0uFC-xwI_ zejrXf2%+ZW^tZd84@WqNz!}EvDa6*=@pagjdnsJ(NBANVVQQ)$+qYdgEu~yJTQQ%G zHfTPOYN3iJt=^!|+pqF{Zf9)S*cb)o{t(!?frp6K(TB@R-q%q`Eheu0qPi|;pxHy> zE%gk!GJ*V+5fvDRbY4!6V<#D_FDduM6`)^%^99iXh{_~@pKXz;i{>LZ5pIV#KinHJ z<$=faSs}>9mVi2FQ9)7;j5$!ZChqUy_*K0=2T!J%U%_4q2)Q)nwz%kw#&GvW&%P`O zpem>*C;~Lk*GCRB*JT_ZhS=8+CQhfZzw}`35bS zg*{hfGB8yvQX_e-XSZ5S4$x!n#J=w!-XX>)=ARC`u8 zCwum20fZqG+AqI-V+C|6?uMUYSel{#_|D7zC`0@{0u6+!FRyTyLo|@G64m^vBc}Sq zme{!Y>S=*7ohLJfi6@lBthD)+-=_fD@PnTq8!yfj$7jzp+%6Y};vm=QoCydXD_{2W zZu(X|1W9@8Fr5hUN3Kv|o%rXGU)O>cq}$nkU4e>mm1nV`M`!`wLTWMmyl~OR%U!C1 zLMcJ;mGiwb_suw0xgU^g)7N6X2Vru3(L19rCVFcVV$w5obf1s`1cUBYa9xi510ZPW z8RD7`J!L;f!#cwG=)&!je62_}(?Y}m(rDVPRyO{mCR2mga{Zx@jvYFqZ?P6iE6D}p z7i76mICtM&s%?L;?lGjERSULhcx~p+;o4*>S+<+l+BSK*zBcaC7BFf4VCNpWhMurn zeM3F(-PG9=*A^$)+PW+U`yStzzlRmJeglmaPyAL%$S2IZfUE}h*U5eajpPI;c<`pp zP=3DB>rtd{NKnAfgO<59jm5n5!^bsxvXG}}!mqFhm;LeMtz;xsy|{k2=ItHzZ?S&O z<*vMd=cewZWU76--8V)yT`bH(D!2V}eT0|Wv)#hNe=++SG=b{Bwg)LW@@nzipY{+i z@BUThFDM^*OO2$749PQ9@cS4(l)?A&4|5EUcqy3Q>J-mwSRSODp}ijBrgeY)ftB!s zBt?-xD+@*eAj(J$BnS4j&I)ytoIyo=$D)!h5a)v-z&_M0IQwl|2>x$o$&Y|66mN?0 z0a9tyFL2#E$@Wu*w#|MleJ%AIXY-Y|o&qnczx)c$<@5Q5gBPAcY58^tfrXW876k&s z@Vr*aa=z&LZ~0j@TPAmuq_pa6KoX4E*Y&jDg!#>zNzRJN`Y!61(^nMuX>a>d{WQ1? zEk`Pk2`azrYYv&8_FM3Gzh@cV1Wy@dHX%{LIo}E~H^bzGJ`04pK&vOj5AVC`XpGum zru!F2%TD2BW*O~~-lQS(lm~NxyvUM>E8$YWv3>7Pix0-vQAd7C-SsZ!p$XKc`=`+K zDY`-)=A{H4G^P28?vmxQM)mz$#Mlo6n`g_(07HEEkg*Uj`fK0%>^DNleW-u*2tm3K zfLfE8xX{B$LTAN1TWU+co-aY?VX?Qz+x+1Hb|sX9Q?aE>^v%G7g=dVJ>dKK@i?(M; zjDU22G62L-oci9rLbN1j9fe&-wuJk#jY{ zAMr<6Y92xwY_$dP`9#mtNlGx7&LZDD9m|#=dgFP^%s#iz5G0MAY?~yWvz~_bOLM|E z0D~3(1^`HVh2XG{$M-4x>x7i2`{U^D`{eXdSaXh&;C13Tkml=!+joWihNeIcOdcG{ zzguER7hLAL&-b$;M^Da%fR+I__cklUZYj+EkEzEsGnTv3DaMWN0HC)1gz|nqOas`b z>`e^YiT79#Ppw!mO*nCP*hM~1k2GjBfN}Xd>ft=Z^R_X45{@n7HeeK8+$Nu zgH1b&VoAeda&+e7_tmjc%HDkR-%bmunWOYz#&GBM2;8p14TvxAlCe`?|((FNfgn=1{Zd(>u%?Fi2pE(pQLAKZ>fBKu1OCjiSc^|R(ufU)II%}@;z)%t%|Ta2-+zs zb)3E~%oi)cM7lR?|DGNo~)@>p*Q5z!)rx*!`1S9ecn}AKS8hUgq2?K z09Dqf+ylYmb1ys5ZG`^llcy6!EgMSlzc7{P!r0U4Tzbsuer=Mvt`6n;4RbRW(0mRQ z+-)-g=<##zy}&rrt?+rCGcBlrykX8rxpqOQp<$R7B!`YCH^XRu)jY{DFSX zl(}vnaeVp1PAzP((mO(CK4)AG+PFzKm(}<#Y3DpYe){7zolkS0_CNYEVW0(Crqd{{ z#_lvd0Km}h+kUFU6)Hg1ZYUJ&WBsM?!>wtAeVBt*qfLd6ZlBweZawpv#MjVJcpE!o zAMJ5%zklz{z!cbIBF?Jq`6I@-zj_)#fI2QR$TO};3=!*MG5 zk$ii-GxTL1O#EiE*i&AxzGd;-`B~C?c)&r}Ti4>pr1-!L+*X;>ndefTFRR*Bg#Nnd zp&;Ggj(S+j(1OL9#j2PkQubZm)t=f(sR^I1lr`b^ce%rta#hF@ftuu5yM%)L?rE+} zmVFYgS<|?u2j|$qW&F(V8#{hqj4{87!VBKWaFYuh>+R+mngs^}D;V0*?GTYvsg(Am z)0*=>KcC)^!tzL~QVxlYa59cR8$Fceu*9$Dz9ASChnY)z?x%ttgLTr+_HAYLWJBi& zzcxeYLU`r=)KeZ9HK*J8c7&wPzB0Z?RTgx(DjqJ1JWCi5_V*cS$3Bp+#8f-?z%uM${+QDTXbe9V zwSo9bd-WCFu<;63hJ8Qil)f?4hr8D>smhfCHe)}sJ`(8>HTW16n(Ho-EveEm8ON%) z5q+EA^i3t?<8AJg!qC>iv0O!Q;peGjBX{#d4mG z0(O^@nztHG!^Lc5?`=L=Lmhc4B1tC@-W74=YwmzQ#nqko`uYN(HU7-d71>xJr7D@R zuzGy_{SYy}(TSsxnoR7^S4OBXWgV_ty{BHxK4Sd_`>@(g@2khSC&}F_zVyCkzF$>@ zK2@ca9QZe6!rs$wvft?kauF+iv$KmTgqwwg4N&Q~N zeKnuobfU1u$Qj9Z#uW;R`~0-@c$=78BrIu1H=FzmV;I=Y{P9~CFiP()$%&~?C3>m# zJEgf^lFtH7o@s=$60bvweJ~~{0Z6(s9FIg0Zu^qPk=&P1{+v{V*DOl13}C}v_;;*x z_|OwtZ%0TV9V3USrP`Y18)SIvSF#SD%l3I|Wxc3D?*~ zqdG|{17|5~Fda^t7m)U!q6igSn>Tdr*e@V7n}qyAO)Rj1(NI zm>SxY@N)`g1!96YHuu1^PcZQXB}|6o_384`V*!DqlMpz#TO7NA?C#qr7G`qc3nTIP zpbx4Y(O$Y_YE-Epx?j0j|Fw_DZJqBfaLw%S@x$`u<#Ahot=jP~2l=ft*{YU*bSkLp zQ&-jMbEhp5`yfAoTn`nV7L{^e+4m(00Y){h!5tQH(vFP~j?=VXepe1p8v7C0ur^?o zL=kb0_BmU=ukTMn=h!UW^pLRILvFRp+`7%EHxL~QS}tAcNwAd1I;d7ebflevKyMY7qrW0X8e$l)DR$ zGm+APT&ONwSe0vr&>Oip&M+~uGw-x{2^5;Me&s4ZAT9)XCnEOne$<~N{*=`xdcB%A z?x2)sO66_)Y^HWO0wI_f`@Jtu?L2(nMpbjnb3ZOc{h+`KBy+5_oYEJ!r4_Gbd3qWu zW!)s-p&;Uk`ie)|01xd>t`cGpLG&sB*I8ztPi1lYb-{ikDL1>r;LGEprUJJ#{n#xo zL7JxLPMU#hOetTeFvt$j4;S6zVbZliME*zF!Fr5GHP33k;p`Ig;w7vi=fp zCcNsL=i%Mq!kjc9;HF2eujlJ?;^6(>T0b!{fA&7ZgC0m$8P4)=K5jRb?a-Ji(QCS+ zXmb$EZvUvca|qST`$>if4niWq=rM5oDg$d(pT-+1fJY!z_thIeoCRP7blIN45!%0f z6V1U7Tu=o{did?37Qa@Z_L}>$NVV?q)D=?gGNGP2dwpuVL`w*2G+kfe=Va zr}DXi$q6O!7sy#PLP*Hm6SGc$tkxCv=j6%&N%rB9Me;^k7i*P?bplNs&SwZpG6Grn zMJHBr~!vG#evNdfk?l%!WP0G==-Lwz!Y8c+oDF}UD+t-XsLYw|) zxoFdVbD-v#9tjZTT&o^`Zl{dg7`dRqM!=bVU!~z*4hydDPfwKIa|`?|aZL_~I7aK- zg4blTIRz|Y@rxR1l!UXU>jAG`&$`c7zvp<@P={lZgAk=$SLkvJ`}hd8aiYGi59o|< zI1hR?!}a!=p`!(lp}gy|Reya;!ms|YInb6UYpmgy`bvn0IkR34OMmW%ZTIi^V6%=YuB8>2c?4jkM;8SnZSf(hIG@K?&(uVMPg&Rl2pho(^b8HVIz7y3_b9sKlLdnswj%`=e%seQ}VO_eN)y?GCLR2clHv-<2&Zk zM1FtpKKeUj-r4gDF8OuuGYZKyx-d{0m-q|{=w4Wf`%_tU%U^jcAiIcnHED)%=%a!l zFi!pxT2_HNw^JRL0`9SY)>3F!T))i|{1K^ddCGXe+HdiMXX+U%<3mT)>|VUu(97c; z)p6HZ!5ImeFc2mzIL@u^E6NY8uI;+mRyUlUErj1Tnz)q`Neo?8(;}srv-2IieL7{* z=}VsBWgYm7`Wz-cM#DKcjeppfIXaMRo;DYls22Qz&3`XQBCNy`8jc(aO?rIf?ctp( z8<(lS<@h7b+GJn64!zwOIvIrm-|p}`z>wR0{@4)TA6fi4+c5|NlIMsD#;K(fA}w(KDWE;yQ+>Fj z3D(wokOq&9njX0N$DRfNr&a3hT&6B>TtHtIxCdJBQGAl!tE8!qtzU?gd9>+1a2HXs zu5EF--XQG{HgD-p?eQp!QN1|dma4tw#P-k6R9a6ea}x_fK>{T|EN?@K5SCAcafn$p ziK^9a$*~n<iP38C5Q{qLZ>Iy-yD`L|c4I zvO>=ZQp(pnIqLwj)?#*J-#HlqEd^jJ!Zm>dS$vEO%-({IZ=AHr!asq|D4e9UT>%$a6@~dc18vln7+=fby z{AY>1TJzV;sUna+I><)B-B+L`bZjL%eXsXOH|AlIEyG~<;H9xUFAm4nRS!)MHY7#B zXt8*km-p#+Ptc_RE%S-zRqmm4=H{GWHh5x2{N;BdZK=c~E%+4s8mm@ryYL-fz4T3KZp3d^`7g!Z5_AyDiPHPvs;tc}9M@)EnNfpvmh>z3{C`cnpGs$h)s}toToK+d{ANoymQC^$calzPEF@Qx-u13zoz8nHgv{( zFR!CuRs(kopRt_{Dab5vGDR5$d>q`mYT|}Yc&8Aov0^QMSdMbwet`6C?RY~d?X(V0 z2&aobxhN=05-gc<4v<5dVw&_oB&@Xot>rcADH3i9Q}-3btcdMAto!fjb9S{!ACA5Q z(9bk+>+|FjrnvB5pK1yx{)F0<<_fRYN+8r9x1#}!=aT?~aB|^q>y%6toyzq&7$>w1 z@X2qHDi+Fcp~0D>E(}~bg<_|9spL#o!V3Nk$JK1yRyvKAAH0kc|58RL--ki!5D5rW z+1`0$dYoE11`u9s`=Tj+e;yS~+e;reV_~jxJsd#fd+qbA%?&+MuRd@Y7ywpe)=Bt2 ziI@CE|JCeY&uX7ZrW_Io?1g)?9;?0>(BH$+1~v!brI`o*ZM$oG4(SQn_q;rImihVI zbAOLfg~_F;L)}Q{NAtc_UYfMOj8YRT4algdzwSHIg7=n0iZEYna{fF*m;vSgSUR&V zMUf~7|0R+AQA9u%5!rcT7etUvgkL{F^_ElzSeVmtBXO=-DA>E;dpXtus$V>D({wVC2`~+gJZh!Wn%dk#}9Q8iJ|AzPf zY$8!RX>n_ zpKY)&5aaoH?-LsNMnA#fY@ET%fGBK2(8#Kc#*4Lfr{gRX3;e0a#Q3USKsOYH)amIgJ zK3AL3qf=SRu9vb|UtKV*zlJBaA*G9UVB+E@qSXWVp4wBzI|*Sc_`Z3;ga>qV1NDs% zAJ>`|`cIg_plie*3@$&*?M8yTIl~m+d%wD7bj{~Z0Ta&EaU^WsW(bn(oiP=5s?hOf zWyg>tCpzcfAiCoKP4L|E9E~6|D=EKEqdZ$w`-xM{e7D0vk{7vg;J5R*^H;VfEfG?) z^$H^`DLnabO_1OLo1Nov;-!Lw^TvbBvr6$-3sS9=q{8y~!Jj!H&K?YwI~{`J`MdR2 zK8HhYhmgL!m-%bTl<-WD;K_Jrl;477&$xFa)AfX7?>yIJXxHDB z!A&SAC?1|(C;o)02`%-g%CPhDAS9!)mLMIOew1&@bZ__CN0ak{9r2NxFmP4eSI0DZ zjmm(f@jAzO%ELP{Oc#fa&iPyc)JAm3<`MD3=Bb*Ptq@dx>9;C&MT(Hs{ca86xdMN) zheHX}?naigwL8Nf5lHEALsU~{H@7G6o%7oeW3{a@R91?<-#v{PgQ)b<@9u5L=<;i1 zYOHmyHAl?v=kn8Sj_z)i^xzN}8qb@OaCt71#Amb(5|;MQ9_J2PsPifI&-HsU`~T>D z^cN3tcfP*N-lLljyjc4{qVx>&xQZ@z^~amoKQB+&`5?C@-(98x(q|@%6r007?+h0o zsn|W$B5Z7nu~#;cgm=EVQu%g=T-(n~kW@#OWF5m~a%XpL4Up$ARc>hHlK@l{?i%iN zJtjyL$VKQu-h}ZTZine2etntgkR8>;6^}VwH0DM#s{qmOr}OACS)85^`>jel;OU%) z?=h~LbP(!e)i-G@CGFn(aYC{)9}&<%Ci<+daXKm5KXS+k37MzOEb?typ8gm-L)YC z<-RC!OGu+t>r7o=Z#a~gQfYQihy*|?>;idOll`2!$wj$SuTi#CLPDa!<-R7ym6Z=(53OtevY1V!ZDRL#r1bFhFqlw<9R&+$zJ#hY=RnNT7 zO5BM}gEv{5P-08G&4CC-oW7ldjHA;^GsgP*}(NHl_~)b*Vg5%*gz&k!Y@2ME`txrFWwNki+`JHirfv}Y3m zU;7pJK8LpP!#~zr`>4)m^Ct)Sv9*Qtdn_^NC5QyN+uVksBXW!-LdOeR00fVir5`h@&4 zUr%kg6reC%tbDxIkHyG16Jp8p^PAd7BDjQV9D4h(-g@%ko{st^I4w_J3Rl0nePoke z`Bhuw+qKL-9pwiEa3EU4B55*~a_-)DhEbnuW7Yi8YkxMxb<)aSlWFU%JR zd!In1>wTi`Lt$I$KL~qazR4xERj(0j^k@Hm$er-TsJK3H21h<`ep|Zc0(bqTZ|M=m zEPE<(FeG+5Xb@dI?rchQj9)C8u3b7b9>)7;>GSfy9r37eYqVci+G|V1WnCt^cH>Gtdm%7P+_nN{kKnnKLAv!&+O_s-~np_ut7o`cy`ZBkr; zh(U&H2i3Oph*#>4!kM%`obZ4*R{X5^IdK~92_J>xcGL_La&`GY`I+w>c^-?<#TLWPg2)exwgn6~ zz!##+CYT0^b1Z-rdV9UT7;KdCduC)`5V^2Wq6JV=Qrx?6-^h;(+qxUgK!=dg$@P^y zt4^ADY~@ppvuNuF@~iJzSsztCu@j4z&D^!B0iIKy1=^tW>tg6#@tR^TTP~^TcDj(WB?(lCds@VHmQ|H!$?anq4Q& z@FaqTyk_42fF0Xb=x z68)Wg`-r@!4d&}TO3(xGP`MlgH+80rx^pG=v(8gk$V7ET5{H?D}wR!iZMyDxY%)HCwV?qkFfQyY-v9e3LgWdg1X zbXak$SpwTJ)`DKieSRIe*UTfPhpRn=eemfBq>R76=*OIk8@C`p8eg2Ry-lB`=kYV( zt9Arvnp`Z(Y-9%0gkR_Apz-QVu3lq;8}1PqtC|HrCTrPFUM zxX7fvKn84WE(WHpgz|dcGR~j?n9<)88ys6!FKZjyD{(0dx6@h8yLZ#=2ctt$&7zGh zai^43ygy$K5`PKyS%sf-fSMF+&1VIb&IJdIi|oR=7~k9H3JPnsMVW>>RKR{Qe>YAR zkL*M}RSwQW?A1GuHByaT3qR9;XWvn8=o>;Xa5(RG4a#a+uiF9{9j84)W^@sq8ywFy z#=b6-HtkTfHeb*$Ic{XCN^h<{WltFE4`m z`fv%YHiIs(FXGv#Wb56VI>6h)J-@~svLG1edTC4zgZup%s!qlxPxaaoMbV{JJmyy| zBJzxTlnLCSJWxIH!P~@rK0dwFvW2D}L|8Uq0yAcU3S^eNb0B;zubWWj<#K5JA2wd* zZ;QmyCn7%7A;h&Ui2Pm_(7g3D`Z%<$uWe}TzA6;yHforsxW@5~g@907BP>$tch=D{ z3Z0f!MQib}-=SFKvEZ|Vr9BPn>&MR@ThPY9hkaemIdhl`4PXwS?kR$By1!sOD|Cxj zd9*M7gpW{rrVuu4Mwr{faS6f~y1KjxLcfhsrHZO8ERq*5^z&PdweI41WUToDpA?~|B%QypkWEv#xkK2$ncZ8-0}HaLa(`9>kkBTq4#e3UzX zt1;5N?{P*vCE&+LeP4;jmz+@fRDF?C%Y;F@&wT!F79FZ8}QJzmDX^Aws8 zHulwDJ%Hqw$AdGS{c>Tc?{SiYZJcJ4v@8K&tp!Ct(iBVQH86Mtw&o9o7@m&b>AjLe zE8iYj!@M7{v>{Wkm<|XSdN*gy|K#GLvtSG>OS?#4!S8wVHyzGFaBitZJ6&L;h3#wp z?SV(qMQmOI@BFfT@)9HR0>==j{hLm7uZgpcI?(5q{X;|+QZp^YxH>D^wW(Gkl6dfP zW)4aU)@7F>cfE)7hrvRm)PDT%hhz)5C0UJ-oUO;#r3{@dvONKKwm&Sne*h=B#!mIf ztUJt?Cn|q6*Be5v&+MffQfV3-W4_)WMjrCndLe6m*F#HZ+PfoO+LJ&Im~aO&_4A5U z-kgX4pE2>OJfQuy2s+!Feq{iXo)M^O1+win`nCr z!C$KEnT>- z{O6MWe35?6vchUXMn~^15!A~`t6bFE19swG@M)Z?r8M14LV^IY%);Ig+#k$|k0xkU z0R1)?pd(*?_G-LI-afjQkJpe*Jt{?^!C@Etan4EfF*4*cilb6Q&UZYFCxUaRGq!^~ zB+rI;8oF=?R_i3a$US_y7kt_x_)A9p0wJ&;^*+)dI)H$quDh1l#yXAfw@L3YQ<91R zioJOI_BZ$}o^V+AVj$b>o6OwSw&A5`XMQ?Q|9i{s9aos!RbzB2iL7_8?+pln(uuXZ?^pOE?00>r6S+QGIAf&rXPk3 z;nK>GWE0eCzaM{tJ;Lyg^XCjD`Q3D=FO5fzc-)FpjsGES2#z1|fq;c(IPKPPsY0vt zbeCS_+7+thH-h*9)A1#i^U#$^P}*9EV&>6FaZ(x|sx$-*<%VGOi?HlsX34XC;kJP$Ek`Yu zs#0sX^`-1d8j75C)xyV_N#1hg8Jv4ECS-|=1@ZZP+CH?dryrm1EFL9N4-s{34H@=d zSer(J?>qSGRGqBEgQL~&^|MYh;&`6p7tK-aha)T9`=MI3;RR$vyZ3&!EBd=)Vkc9G zD}%P!#)FMeUfq{aIYH`~adP7#UE}x57V|!oQ}^kN7^6}RY`(cJ&XCjlEN6>K`mFV) zy4Otsd$ydU(RMd^gBy~uOI~PhmCiEcS5wQrtOX#70nkytuH6F`3#fsG2Xo&lNNPdi z{K6wmZIiJl{YlT0jM5o= zC*o^Z>P_y{q>H$ZTd!PMvlmd2N~!#ji08}ex7sl_nY&1-1b-k8lX@imy@ZA-HdWYp zh20IdqT@AtcONl1K?>^L>3(}&Uk2}3`ym*8?x?Nqb*vf zfN$6kLe+m=yv^GS1AJbge4jGuwr5-lTDcFgMC6lSU%6!IP9>4#*LwK$ZB>K;Fu^~e zB^NJ7o=$T4hEZ2aQJe4mI>8Je=S=4_9ltH1I%k9T_kjikJHpmJ&VVaClk)bse?R?n zW-!Z*LM)gWkXu^N`}+Cq8@4;lEBTA(wn{Id1NB zFa?A3f*s`9sogq9peRB@xq zfxKW)739tFAi;Ooe6d!=N?nLls>|rwOg5g|3xr>yJk%pMnEZaw5ypnbl zqo4~SIlFSNW!MMKR}$*<@eT=dQA-$8L2Y>#4J2&rQFBTC2{E+Rnzhf%=y6HioJGx* z#mM4a$@<4%)#^Ha&wR;l86U4H+;oe0WKy{ z!9XhQGa?TxDl_w*+V0X`>D)_MWamg4hw#QXI$9f}D{(=nX&4pVr(@6)V~8UtG=GtwYi`AG{G*T=2{|MVXF#dr=OPk=jc`e>hb&z5*> zOTvjqPho!ns^^p47wT@QOYt~~Kuw2nhld!TuHb)4$y5GYJC(Qc<>AG&DwJE`>n9dBWR-@1xm>R|KQ>v5!#Lk~C+}zJ+9F)>p4U0`Y-*#Lv#*%ukpocQ|BOlg8?~e!LF9 zA5z^xUR;t=d7nE#^6q?fK`9T}}v8 z{Z7XVxgro^Q`m#fW@80A+Bzzpdq5V+%QAyTn6#ETB{+Whe7lD;cv%P%{DijB4Gx)} zpSD8a9qfDGS0A&w)ZCvuz#C3Kl4An|ZC%;uI8f-eqVXn1P)gxnpf5b0ImuiWPvZQ% z71dI6HWb3=uQG4gF>fgPCimDRlB)Wp6(8N7d@} ztO(+5&6FmJljLC&=V5PUdo;uq!AfZamR>^W9?IA%TDndrbcD;s;S1Zx=8pyE z{G-=GdFYN5w*f9WpVS7l*YC<)hp(~^C|hCkV7X3j@?4X)8u+@~VsoA>k~obMw{T9U zgZ$7tfCU9NUs;DTn<5G}IBsBg*m_uet_Zg&YtU_QBp7nAUX9_!;=&_>7(uLl^et~! zo{qCqPggQPMF!A|+!IWfHXn8=lh}HU@l9#^l%M){kxIU^n97xM`36g$5afaGy*vj~ zuGShP6oBOv3EI-rLXccaza@JwB;GIMUM0?!-e^RE)%^Ooy8h;<;pey4Y^PTgDSBTa z6*$gJ{v6N4_8pqJqWlVh;KeIxXxq3|HrpTuGF2i zIgB;d(w5?=TS#ive(mT_L0xR?W{Q>0MW-7xg^HvW`E(V4I4fT&maV6m{DpOEr1M2w zCV6irmPd^z1R4T>=GomuLwx&DUnr04Oubg&z=Ioz{2%rYut*mB85^uCHg_EWd-iYI-!oo^jeX#q5z(EV<1PUFnAVEvZFIeB8 zo469SMhSyq1lLnIg+DdQZZbcOX(D0Bm5gMsT403@Y~%s@Ok4J@YIrMD8(HB^W&9$9 zJz_!#flAM>Zwik_pS@5oqgLXm+sWC0_Mk|rqBTkj(DLWIeS_o9XulSbgyLCpg3{rR>$f7Q4%xJw}$ zdLr3z(yhK7O-fqF0iYDjdTkp9CG=8d{B@46MZRi~CKP+@C@-!#X&t{K#W*5cTbJJy z-LDxSvn|KR)c2%7#HE4GlFV+q)$^Y=We;u=xOP3L--Us--^C$6>zSrNA8#wM^bJX>kS;wH}zx?VD z+;ZkFD^GIhz|tPtYL(bt?ecsM4LXvC=_&!<@reKL3?@Z+cK$AE_SzuRr7}JslWM1s z$ZzbIPs!Oa7pdN>gUI@f`XTjUoFkJV*-|7CW`!V$!DGY1l z0WbJ#J>{1ZdLHk61Z=2(E0 zLdoJp4MTMAmEgbu>)fv_vAr-7!tvT3p7+F<*A}ff7@nQE{9zSjVS1HX{8IJORx7zr zltzLr?&@n%i|&uesXWQ5gL$y;nhrQ}1$4d)>ubFWXk7yyA4gWgR&TSC1 zWZ$0psL}7;Kl2y{7(AK!ZZOSuTjWn-1ZT`Gd4%1`03YkN&u%8vOLyWr?x!fG`|p>R z7JXQ+0iiiL(?OB6-=Xl)*(tx*Rx1A6Yjow9S$o}q?!(BYCHY=7;F3g%hiDPJU-8Ex z2l#Ye4aomWCSAgw_;IJl8?OKGf&9V17`x>nmyrjkmv_8>K5Mo$22k>>!L^vHC73qW z;kh3&{f~u-I`zB!F(TOm+MimvY9cE4RTwXq;kaLCk5}@&v}cY+MsAo`gwb$6tX_?+ z{o?8~gBw!n38fD4lB>CB3Ug2It&#Z{4DN}{8GcagYs7^z{IASBzQBU}SB0f~y!Lt+ z4Ft|x#8Oqq_oN-Zppg0!{SBs=zOx_Lp6<>}uvKJ5mO?;@az^l&IlM7hj23=x&({;uD$wvl;N}y^TTHc6H>25kb zmG9)G>?44oRFRG!OrYpnzGGy<_Z-H!Yc54LT#|ylPZoWcuBX1=hv8!wROLNOA_SG| zP`^1Tr<36>NfX|$`Id!`{jvs>oc}1)C;asJn)FzPNhph@N<$ znHX=dIPUwvvyWl;6HlH97*KP;PUO##8of+u)HBj0Xb zeOpgur9}E@rk|=yZu{uWa4Id@M;;pC>M$rIe+M2O-!GQK{ANg~9^Uxg4H88Y_nHu- z%KQ191b)8U6sp)bXH~b&a5ivmZYPAh*DBUt((-&lOG=@45%-`9@yCGaf>4F^Y1Ya5 z`IZ{eYKC~fbALnm6RvNz#lPXWEmQ4WAWIhugoDsYCX8PA0eoH+`wl#7t@tytWt{!N zJTIX_ub&Ec$pY;p_43G7?{4A3L&M;!#Wz#!nIge$l`=;x%pbJ=G<8i&rrAI(d)I)v zuyj9TW*8*%UO!{m{LaHzTqvP{$6@8Lo5}}6f){S$lzHqE)TS}2*!9pw|D7Mle`Hy9 zg+7@qUKIctihFW>sgGa1n5q2Xcrv#|+}FD&vOjt7wno?Pa6!b@D|#fM>%1$ww)@Y+ zI-UlueI{aQ@hs*L!66vM-%VJ^J~d68RplJFEVnYOM*|?$Z0$*SZ`b4?N#BNOaD53p z3@7a3vS@bKc6TVP;~d%F7G4yCqFe<6sWgP;QNImEw>_KO^rIff3T>(muF#L zLJFLwDT_fHQ~S<6B*>z**~e%Ewe?JGAKW65RGapd<(UNz>06VT=wbf z7VW>XLT#nFS33y=j0DnUD&(oYz%n>|1s0fu7vm8I4T#ixxc1Vl@<^S13zi1uG0HCq zlmU*`$>r8}+c^`TwWNfG0YV)$t%``C_U7SLr_)CY|ScqVxYcP~5WXub3 zCbg>#dAvAPHTA=&BY@MO#t#~t`|8x`joiRZzxYqla=RgY=*D^Pj|Dz9WFqfw^|-@= z(V(f?!A*|0ZhGMIRA#Pgt_xBk4Q|Gu_~je;~K zWzzQ0cFBQJ<#cL}$(^vT7msIPD1^rL2bBx}srz6|d?hKoeR0Q1=T|a({x~#8{;CMC za+t-d+FOF5*{G?6K}w%MrJ4t)W-M%}HL`RFaPmR48Vu>oJlBO)9}I;ITPr?Z9&}L? zu)sF|SoR;yl|gC^eC4_Hp${%z z(7EO!X)!c{ATL(>a)#Shff^D5Swki;5tsvizW`yT-+%Ur&P2gvtyz6U;nV(6``iu1 z+88d?DkJC!fKFCUpdA@=f>pG>GIUn|xw>`92D(_t{f!GQ#f730N=f;B-{rW-f)kZ<{Y=3z=&w#yP0aAG>RS1C; zy@9`d9-HDOEm;ft;5GCfi$Y?4xK@G3m~pz1^O4A+Z$};=ciKyaBI;z#eewGZUmF+L zjEx6z9OW~1)e5EpPvC1Tu(TehyX#ixuf9(yV1c4GmvYST`tjW((;7If?KHoeQ*jMr zhIbEM{%tPfFNTn zOhn1Y=QFRrhNN>9;4)Xa+gsMZO%s%Auj$jl^p%LXXhCrx_9={#aTJ zKTihc5ZSA&0cs*w!MM}& z-(knGy3$pd8!bk2z*NwOyHm_NT`0djVRzzpjoOd-YJDuFnq%;K*VpTQjrr$hrOrp# z3(nxoKhQ#AQ+awrM1vH2BS=ZO9534=Jstug>rA4vIw_A*keuU}iXKSM4%;a2QaCg! zPPkTt3w&eZIJNe-wdH>#{su)-3 zfWwM4`C02OdV2qMC;H_k6YnLBt=PZ9MJ$MqUT=T$J7GLZ$M39zGNB5mom zq)FO%bq)E;YAD&XkG28w>AdP3XU<@Dc{f=n6J*bRv6oAv8;}Z ztf!(|mUGIul(r7VU0J@UTXFw21X>JLNG;Zjk@8`4nj=Z?MbGgOH2bLnBTYNRf{7ma z zg~VdpwVv0gk#BQgEM3|^7tVM6hw4CM3`tm&HSajYZ)qjCL5h(HgY)+n?Q6wU-l+zDd91k$Ybk|1$-!XbK1y`Mkr{{voLDJc&X6ds#pIJe?j}ft}t`nzD=R zyHwiK>*{3(2Y$HQC3^aj_xNGCK#NFX*&$bEcp%Q+EA|--6%AL@pPc#175{L*4A$?G z#>9cx!`c>!>9=r(XQ$ak*xiC4p6lEDXz@yNFEmv@a-gsgt*RQEHnA(2cBk?0%;{_X6N?LGVZ>{cdj3oCX&z}Vg`hp`YhC=H!eNY zRz*E~eSP;c6|nC!qNXotjC{pn>*3%wT>Dd#689WZFM5%NTLS+=&q#g9$e4NxWpS{4 z48q4wduI7HRKWY~vKxTD4>R~BhkAB}#rA~((HdFey}_5TFsb_}s)X1PX1koYMj0np zJN(|s5qKYvWbiZTSqa9&l~U}GP6r|z!I-AU&+TMB5M_YHJwn!q5`{3GI#`fwQHuAz3r1llMLHKU+b$?j? z1LXCGAVH>ZOt6s;W^(rm)b7O3IRa~p8%HrK#iit0&x5#|GMz}c=N0im(kik$k*#f9 zlmw;()ST`K7bD&h;R&BX*bB3c*pKdGpJ;Ec7PHIpDZG9DP@oS;ERwzF4?htSA>haN zNBgGy7$Q~x8zt$$O_RcR>2<$X#^~62*0_IgrP0oSk3uY+RU_8+&iUhPkas!aGsN-- z#BeRg4Qy@|DJAn&lpmgD7T^oon2(n4-dK??_1-g?fgHb+vQ$6Rh(CS*^cefc4N6k2 zgIPHtVphC^vT zW&L%}IjmoyHnD&Ec+pqx_!Q!2w2I?BNMxIb`HQ4!1c(fh*Uq1ts*#5;k7(8N z6BV`(aNwMfeYzo4{);w@!NfPJNc`@XR=~7Dcz1Bz<&gxUO#8I?n+sOn`)52o9b1Yy z2aj@-mREfVqw6`|UKnIYD0|~Ap+RqsLZQ}HhAXTSB~dEt`97j2)#QG7FsZ9x6MlVK z7gcm;m3U)cAXTnjClTK&1^jtqqgiNgQzE;MUV^tl`*^N~7-;m%0g;+)+I7@Knc?{g zE(2BDf85J;m@PLQ2fByhHSPIya5sTJ6UtJu9!RV6tazJ%XcWE*kLKCX?PR+A-Rco9 zx!_)3O04ft1dG(ucU8UcBG8mc>2*v=*Bv74hwMEIg~eZC$)O>g3m|l|(HJ0yF44lc znk8%_Y=!wmv<;TL=0S`vD!}=2T8qZ>4Y|5~awR-*SWg{dh)>6+GR})|$EJ?;9&Z;}RpQIRl7||CMhE69{E)oM zM16Ncq~Y4?ioH>!U~bpTphE#@yY-c3*yemNUnk}C2J~5-wy(kI_qZ`Gh!pbi3iPY{ zowx0|Qo^J@-^MNil7e;AnWj^r1_=EK8;R#*;&ZrMmv>BCwl;+Cta{ABw-=<}L)>Tg z^l=HEhUyiqYQjpFDF6o4)OmCJamy<6DTek<^5)kEDt{~2xMp+B=XV?56L7W$dYacL zbA|aOj12j@ix2PZ{O$o4mvK>~8M$s$}b#sSmG#2y-@8ESI`}Oq|-glgveREgxFz zoP)Z-?{0ds|Uw43>-Zvcql~M&;3NNtw6d#M?tA0X=XS>lqLF0h227nIei}n@ph2QJ1^DHDj z-#_=N%r50<(#BJ?$%DSv0J z;A8W`NLn)GUqOGRWvUF->>|A^`J>VmJ`?1p%o5@!H$QdPt}D^;^CD zSXX&(6T^aY!9f{u{ zBvaiyShh6LqmQu`e9 z`5g9@;y%o7$36*)F#!1KEe|O(!hV~Tu!1HtK{L|wY&SVVG|mveDBoYI&g zODx=yh;+!qi|jA#XELF8*%#bH;}QVGW%*B-E;e<#L}SATCboMWL}EUa2;%eI-@QLp zYi|}A)853#0lR_~g-xFN6UVX)1z7cdzHae8_J7LNKaPLVg%G@z1dK4R$}Ogkq3b&0 zre2}eMy!;(62Td-Uv!_Y@M9&`^IhI$03hNYJJE^jvU{+CG$z=^q!_`Z5HA4P?;dCP zrIHPr>;CKBU~32S90+J8jBXRL_YR8rJm~z>)zp09DITGk--Crf$0skb20?J@gSg;f zr-$;J2Ix`YV?Qb5eLBeROtkP5nS8LFv?`M6Gw-<-h5e@M#C*b}bMlo0UmXwjYcJH_ zj6Z5u_5I)moHarDeH6j&CeBmZqEzH!o2vLkrMo+0eRzP zRyibU!+yuIj(zA!>p2r(K4#$H#)I!t@u0ri`T1}tXX{SydxRUf{0h?H85pguZJIy8 zP)L7w1?%0TieDNqknD9UMb`5Dkr!^Tgowp#2)<#?aB!Y{o3K56w&Ts^Pf!0gf9}P~ z9rAqRMPQBC;};SX!A?~PFp6`3 zqucV#ddW~Z2bB;k6l|THLk! zyc~NUCsw84$5LhX3c^y5Zr=T_j}*C3d!5l%uYF~kt^i$JpNk{gXBAHpJnc2yA89he z*iU}wk#ddsyWh^I!*NZZ=}RY>;98}mxP3~!El{^Q@^9~Vl9(xl$eVw(9b8mwmd-!( zV?JKCy2P|hv?2W80)zNvao;so-FNh|{Sy5x)0jBvKAu(XtysxA9`ex6u==kfq8Lae4y+&W6x;TAQdCMi{u1pnO$qFjz@Z#K-7+aU1V0fefSx}#^e5bt zNf40h+mdBq)ZY&(!n&*OVEo|7jI~G|r<1$Ch_B#@WO z%04~psgH{&k_r?f+JM9PxZUPW4j~D9!>sE_CYcnPga_f zds)!wi(Zb@XSH7CltEd$a^fv9(E!zTLWTDjkJ0x#mtAm*rKG;DP7l;Sn{4TF3Epr1 zMOhd3FzgC6_>egKUArKj+|J{z{z7~muuI{cAMqZfEr0WsW>JEF11t4nJAHiS^S(MlID?T}I|bx+#5&WKa#GrT{Sff|D`hfXiO0jif_h}nGnBz z-`2jab~G#oHT4IO4I)F9#%h&u1F zUjoK<`4_JhbTAx+z3sDR1Qd6N>I?Ef_-GeBdRQBHar9e;?Jxim^7ytM8{kw@A6}gn) zpI4Q#&Ew@oT;OMz!+7Lrtc^+b;TeRC5c67fC|n95bE-qDBag2wEB{L&Y7e~V%zDC> z?)m(foKbMic~_hh@0W88H0CqGSoUqQd3X(W9aX-cFwd-2-z0Kh>8Nqw)8Z)9E3I-U ze;(TjBwwd&xD#X>#f}Jc$P&4D<&v54H*{6zmkV}d$a~sHc$Nc%Qo#inbt=_-jJdh9 zH;ts>{eG)2urHQN z_-(Es_RJXL|t66^u!$-Y&WOq#i zU}W%R%YPh*?7AKAR#u&jbt{lJ?(==B&f@9@+Fjg&+DhN<=tH4-NS_CF<<eKg1;{Gb40s|T*T(2(QhgmP2w$M$wNxT+4K|$0)Bk^#=2g$zQh{ce< zl1n$;e*qFI@hFo^sVRxnu!KKiHB-sfk+%Jv$}hApH-~E0{Ik;Cx0%W`Ks5_aL@=Yr z0lIotV66FOl=>>1s`Djhj+4vW{A=}a$M4V70@kYQ+$C`EAy6iq8?d9NKF-~KVaAxJ z9V>oF&9y&O$#Zg&BC}viJ;wEGI)Vr&x`oDa+n%Hv_308Xo(`K5h<_zIfS|gsy6 z8WaX2ruk6S75!e@8zWr>UECvZIF`ONsog>unF3G;W_D*_Q!_*E0rqB&J*~f~y zk2gHG7c)pDxEsUiygWHzGYILM%)$Jc=DzjTCzd(*!$V|!r~x#tg|+6u(L#RQI%?rG zAcN4gcP(}DV&}oO^1bbAo)tY0?2Y^7=`?Pt>Ln{0mCaa2*N5{IzOD^scRuPziR0j9 zSC#Kng{7piUTJh?dwyN{U{Z#cJ|!|?Mwp_8*`!-*qad{x2DO%Z?q^?j z^>b$(MP^(%w?rTH+PbB28b!SaKx1~;{4Aa+{e3zQ(9-gVIn&kDf~8|{K}IjaEdow+ zpOez6AuZ`ZIIn6XD{?viGg>MrVG- zK>=L4>ohJoUze;np z`Ch6R{e_anb}+fYs=Y;pj6F>TH_`uigyjp{6OlH&RFL38sS%gbN~bReo{M#dgN3CJ z>1>Lf!J@MGUywBh1rk{4{bSySBN0Vp`_`ITgl zCSbjSv?nS_#(1`jf`Y0Z>JoOucx36bu4}yw^sz}6Qk#EK3{q>t`*2IcW~6K z0``-(TKR=CkM_N2sU7$?1=Ks^x1S{^}=@sm__P0$^>3%?wr->ts2R8@@r z5ex^m_E1NFmMozlxmBxWKGL`RN?QCHJ}_Zm(m3mn=%Kyo`e+y0erv>i;kk90n=lBO z^3M;uSafJu8M;?IOwSXWe67nFZUvQbh4=uam&h<{QAwIMly%)NtB<*dr>Ux-$9!_$ zDrf`ToplJ;tEBZf=WF!4zkCH8(Kigy3r}{DTZ$*?AvWPauni2sKht`nAmbhD{k&%w zDD7>L4<=?t-)@&UJR@xM;L+P`Tq2!Y|5+c5>zMq8K@PoPD&X|Xp`}3Gz00}=jh`++ z4<^79>}PT`gFY($B8op%Eo~bZ75Pl{;P&H8Pe70LekeUwBdUvdh`tx<_8AQMZQs6t zMtminP3Mqa(jwX{*xR44!-*LTI)7JB5dM}W*2wcIZ4m8ZYf>*|N|45?!ZK2isgivV zp7~Do?3PJ(F@YTqi^vdubblhXckz1rI(dj#?D4v7UV=C19}T-WP;6+_^5;h;V3`Ld zRxF~GBpZ?6-JI!{EI?|&WND&@U=d_8++sfIMXi2jE2-u$caRME@)=LgD)#`BQnuZ8 zky@|M04lw(>2tn4U*$1$r6KL3o=cf)h%We+A6lQnYW7kuheQ^Sk^#v?HRFH{b~4%e z08D%6wMw#`Og0iRXgkIjISfFQl#72lrFzAN6o!VEHdkI@=ZV#B9^U^A=>~a&>XMKc5(^E?TWp*y7MZ1mTH7O8iTzRG z7{oB(DB^8Q=IJHjn+m=TtL-@=o>*c*fF)0Gi!PZkUwC**!;rFodSS23AKsDw4pYHA z-_^vRX>NW;)ydw${m>1H&F*XY@}9UO{UORXx)!ziU0tzJ*&lz}&+I|wGS5S)|5N14 zd37}4BYI%cxzvlySG#jCZ%;m&d7>uGe95klq7ctX$1|f+0#hm~FyA|3?w#&touv9( zW`D8l9+BvXiz)i;dhO)CIK|HC5bc8k#-yi*v0w1LDW^Zjq;bcSNbJukw6Ri+=LDWCi0 z3n%EJqOQf@>ZnbaXWg-Rpw4b7>7k5&2k5_e(mO*P+Rx*VvFiPPj!});^1Um;X}30h zn)3N*(;P!jP(2`;S2x&adG?6!Hk>UuzTBJV*SdCBAL_LUz7&LJCOVPGn=AYz#fF-_ zk-8t&s(|<7$l~kBuOP7A1Uk)oX@WP)bIr9S0LIx75coYJ6Ad!*=6S&V6;mBtXJHxk zL@C$NqnABs_*%9UGY$RxJeqU-h3!p_@SmjPIit$-q#YJMgoMWVOqwfk4vc5(7uLQb z(PQg@l+k~<@Ch1xf9{6LT@e};n@gO4o6=uDXa@PgunMPR3sk;%yC~tMK~5>=@*xgi zkMG#E(4xq=f&Vn0P0fBr0HdDOh6u9P(P(mFqr>o3Nzez+LdZ;y(}vyzH1GFKi$ByJ?V&1;zj*ipvdt>4n$g@O z-6uZWx7_EC@N2Jh#5={2UHCLxuM8lRh6ztFZst*sf;;p)7ikzM8EGW2tH`pNfW z&YQ1G!BfYuEeR=F9sw86gSZ!nqf7;T!DqjB?JQK#OC0v7@qeH$XUs!RtDK=2NoHTb%XlV5GcB`S#N6e1BfN^8r2?SI{zYCU8*|3tKS?PqThQX zqUSol-pETIflB)O8qpJwm^$tv!Bs?D;pXKw6aSmjrrD!<)t=b>ezDu|k}tQtUvW?2 z(u_27e*IKM(HHG=o3M=JZ_|5j=^l03+fHH?+5Nw;f>(N=hy7kI;|>~Mey2id1?vifp9-FWm<9VN~+%@6?*` z)(nKH`;%7zH^#u%QO$V3|BGtNy`R9tcM*RX09Zp_zMjfqrbyrnxD3q9_E$o^!%+5N zlrQ^KF`ljxyA06Ix)Vjls4{i@jQO^OFwKa8F7eP66p)$W*$uX zNAG8R}#UBhyIPz4= z+x|W(<`kXB=P~Yjyx5fF)17`z&2>-<73xjLeL2a?d)FkNKW-C8@x?xuA63 z&r`n%b27T-kzzr-3eMbMQYL@O@&r&!1}9rD#-F?69*I<>jE|{aHxJk*{IX@*Q#)ms zZ5X)a*6^@Y3R^;`qYhGj4^&V!sATu+Y>Sk0_%k&x3BmI#XimBS8lQjYO}vEz-l>`L ztg;+gyq#1yc@OX?iy8Nhj%Db6-R0&&%iv3)-rSCFmu8JQd-sQy{T&H3>C;ahi@LyK(OZ(BV5sX z*V==-KSJseN;O$m%S_L~b;k7K8-b_DXb4x(fqa2MMP9b9MAq#^p7rYiYLL_wP6YW? z$8doLt_BmCJ@Bu`YYNO*N?C4yAsw0d@dqWcjhEh(vuxS5t`KH>G&3^Cf&-#8{wE=9 z-j3emYXv!Gj`%%otbFhs@?pMvA02^vl5io+(jAk~bvAnD&Lp|f14G>gf?#!tbXLSK zE4(9mn3Fi(qanz;jAxfGP!$ji6gzF@N-tn0<;9IibFK`=ua)F?;|(#QrGHk_o}J)(|>~}G3;6JNK*pTr~3!o;lZ36Zu|V>UX1jk z4=+Fr6eFYV;pqY^T0U)vUKMZ<&+ifpJ4rXD#Xwf9`AKH*x5HaPcF&{rIOl+v zZZuz-7@?wbf4?XW-d&{I;nk_7^ZIR(K^;1%Ccl1g5}D^%?>?;t4;bA}ZIyz^H4cBS z4LzL>x!|v2@}0E`2w!yBs*a%_IZz4q$_W;;vv*Z~Si^=-``4Laq)RH_{d|syB+pV} zSm@WMkco=hSHr=$tH+52?lB;5F;W|K%uxKkbsT*$D!}cAmi{5@nwg&x_O3y9tMYqA z46C_U*u&&3*H$te*sua}iu?T>{K_YTtVN#3`}eLxTRuiaoqOYTQJ?)MA)*>h;wUtR zJIZ$A)5|`e!wp)8sCw347w@ zDh-;4KyOf*<&F`V*+1{YpN);%@AS6~U*3e1K$K~GE%i@_b@c#)NA|dX^VicmG?0Q? zz0X&d;AgJvlleGbG=_S|rc(XLeav9zFiMwc%GJ2~*F;t0flJQsxw}s+cG)~y z|Fop6E8QLHPhnfF`p%@I^*u?>{rvpS3*J+&y1AHuQ9@-kDVxxI=hMC_^mBY}=yG37Z&&W>#~hs5zS(+taf?gP0P}pk&o7HXUcW;c7%%jc`P|B! za?*vK%;7`N*O<`!caNoR?ILuohBpgZ{B+Rv#)RWWmVMp`M~2h zv2p?3$cIyrKLJ&{zbQj&SaSHP#fc)jFx!KS3tx6Q$?Q?Ua2%flqDbr|Q^#v?bGsdG zGwdTYvvJwCx)9UBCF8ilU=nG4K;?6+pQtrW*8_jhBKhY%&S`p|k0>)8_XZgslet}O zpXZGxlUkc46(PQju=Gzc=VX+hd_S@A^R*me7+rezHa7rq_GZ8il@$Jn$=CD|^sRp36N9=3gXua1xBIQWwmE6t@8lNywS969w z8Ub@Aq|QW0|Ke~6ejf5`pP26=+4iva<`;uEF+tmnLn(IYmuxg64?V8}@%S=Q;s9zg*aoz2WKSeaVl^Anqge5QAE#g9$`6 zpmbhJ-s&nynp{vEqNb@3$u{A0GTS!+vt(B|T$c=t)P|XTOc4Kkc8;Y*E_2vEWVP|f zo4Ak2LgTp`415?TKPu8`K4mk(t;f+%A}1c%UWOP^5f0LtfY7ej+D4r>amsw!FKjw)2{9UKgvfW7_42T zf}|CNY-{`WANY6~{vEP|8Xzg4TCivwRfWJ5*%CFn)WV=p%i=iH7L(wf5ZlUtNz(TbKrCSgPS?j2Ketn+u z8-HVQeb2Ri;2#V+#IMVji?PZK#bds&9s?Z!bkdW=iXmY%a2FH}Q!`XQ^_%n~U;qHN zC|6ymNC2vF_Qb6BkO2Vcc$j72=5G5k`<`5s6`$cgh}GkD>Ewtu&gukfgddbQ`?u5P z(*3)AY-c&_J8r4)B^Hx?)Zr(2eUdJKt<0M^xfxpyaCxYWgIRmyIR#TtR?pL0wRy!g zk`u?(>8nopeXt{BVN3`9)Q5X>cIUtGwxG+Kw&B+&E@bPXciO67iQZ!-{RU^q5GNGz z)S7ah^2)4lQyL`skabHd?_jRJjG+-BeHlVFbGJTeNBZiGd?mBY&O}#xZ1)&nb12f# zi*u_R$p3deIw0g01JdthPSTA%1TnMoj~syX%Uz(Q&f1-RlbZWFC<81`E?Kge@#KF& zVIzDIYHkBtWaz8jPsa&2FL&J>GA)(`wA#;#@4=(kw7%D^EIwUcnJvcIYny)rsPJKp zND4?<;SQIMGsF{33b+C>`;_<)nG&f_<>9Z5!kC?Lnx10~g(v<6;|9A)3!PTFbG{i* zF@t>22X6K+Uat79ew3#${)y!68n9xH0@X~&;AnVW&{nhxHRWOfj9Kx#ufmik=Nl{| z@C$JIwZn<_Irr<`Q$x_2k~mU}b}B~*`aKzOfC>GK>h!|jj&86*KI;q-yHjE9+te!S z7xf68G&ze@`vjd(=rKY7tZ!>=v7q{nC0Wg>=as7x$Z63PB{y})`vud~>!GC%PLJ(b zJiVlSJx?9{4}Z4jekwYND1&rgiHUc1K3?-i#+I)>$)W=q-+%uVLhZN#tHHJ-LJA5n z^|9`#`cWf-2e1%KSLzncuF%G+$rvouaF_%bN?9_TF72&BON%)THn zSIpiU1`4izF!D}y?k28W&QL$R`P>+=WE>U0@KVWFI+ekB%T}+}#q+s7W{%Yza?*xa}QCmaV z>puI31bgl%#zJhl?za)mZ?AlKQfTH$6j|nNGMC|p?n@mj9!qwD^JyEjp#-VDM%|1S z>%(LoD|B}0{P5|(e zi6xe#3oAs$0ANW)S}jWAQtX4F(~747uQN?+Zc<;-kz7mnOTz%ce>=$Em<5O^CO=M~e)5=HgaS zgh?M^hz5`4;sp~8Xud1w4$a6V3rT%L66&tO+E2hS0b?^oqZkQIT2Ya#zEBiZjTIkb zgZAMBO#F|x`TIfNG7F}RYsekXll2>}zT!ixvYuD1Fihq|ykN@W`0)|@wpyI6FaBBA zI>qL6`U&~^z9PmAGEkJ$0IZX@g(5C1YS=^wvq#H#5$uBuP0|V7wV+m8U zr074lx_Kd)B4ixv2UWdEe&rR$^D}Quyz^ASbhplfZ_PdiEf|nEuxKiqK&! z0G!l;zQYvca6bLM({%+2hb{U7jzln?_WSCr_8&*5?)KBxD5R{a7$*e&u?qEfg>NQ4 zw|pI%zb@EQ2EirV2U+y^QvSyA-NDeJJ+%gx3Q@zA@Gj zPTHKMDl`d96Z9|rxdRFs@8JM^HLISb{^z~J%=MLRr)Kp4!PRj z0omW~?X6hfh*Hq<>bwd3w$BLDNRj2zynOpd=k+*nPl;5{K%nJ4FhcN$?OxEs!8zWv z{;hSrGO|WdFxACFw$gFzs}r0C?b0H3x~`}F0?e3XD%%VGPdQ06ey>7EFT#BCM@I+z znZ{rCKtuAAN7ApNI2MMp|Ko)VY=&+?KRH+P^AqQ=Lht-A6)>?8D`CcBs5S-MNQhia zLh#Lo^%Q~J2_0!q{>X0H!?1kwcGeY`I_z~O56mtFhwVMTVobUpu*^jWM=mf*Y%Z(e zYUyL;wm1mx_2WwYnv>ELXEXT~=mtJ|M}-*&2%(yFijEpV^0(8k-=~ttUA`+l({>iJgpB-Z zm4ic0BkDj1L!0Tfdze>ZJ}zHT`6ITP&{)Py0bl1#vIwEpZH#)@!lc zEblyBAW4QZaP>FQAhyfUd?5v_RD|?QLigd+g;;FWClpihL5sMiXp$hafRfn*1U>N- ztP#m4`liiKMD`@Mh^~A}RF50Ce{%GW5@6ky9iJp>mtO|`k&K|Qecn?YB*~2X?3euU zc+f60Ac5O%!@h1J0}wl2Ck@)&W0f2Qe0MYX8^C({51x``=!05vyVfH`Ou~a%-jMUJ z3y>REBP`r8hZ&N(zU0ZW2WiPKyplOmj$*NX_N&uskORWSTb>-{@OFcGpL=-8N~33c zEJOgCCDeG=J5>6Q6=)avF%Ch*i&&VmXAMs@F`(68W3!=%g=;+fg07yHQIoe9T zC$&b^0xm@+7l=oE7D9>-6!SV{Qmv$)EA$9;co>Otvw~b1=$OaSr3+t}UZ8~F)SjO6m8K@8!# zdk3IQ+vm(T?kH?PX$r>mjgjUm_3vMk_U8KWJ6(8`LkNa7q^gHa9i82-{=VYCDPE29 zehc4St_+8T{An+X-EYs$froq~vJXr`l@DDXo!*ii$}9$pnPkTk+HerK$A}gC1dGEL z%y?#Qn5K!-(c86OBwSljANMxvbTTd!)eOsIw$od8)N0S|Mj&w2{977n6=fkET_vZ1 zDPpz>tcs~-8Q~6*7R#F|-XILp9AA%Tscyy59rZuIH`on}A4C1_p$2{LiI#^iK;#m9 zOdOcJxuxq5m_58jCI&)Ykh*gDWFQBkiFklVU7PXXq7l~~0xW6R&u*Cl>@H{Xh@cvM4!AA9yt1X00AngDY

    v$N=pCa=dvkBF_0HaHgVKN9U2`&ip=Ph6w{$%(hn3UqG~s?) z;^48L=db54`4$%-po)So4t?CJ)+}z;zVH3SvZ>k<@ z-rSGqr8aep>YJ!3TX0-%;}#XjjZb!?-hWb#=I-0n=;vVehUzzSN9{So${NjOZ-4Z} zU|W&({{0KR^^$+*D8ia_<-79qQIx4o`|sKHvulzKm)DWbJ$uHge{zwq!|?VIzrb^D zj2b2oD-v{kFOOi^Hp6MvgqK;`Mj!I0({EH+>&wAwyYFZ z-eYjCS^FJPZ0R}sgK>WMq3iP+p1*ze^x!+j@>i$P!DsB~ryq-U_nON$4i3-o6&Q|t zqTegmH6B&K&J(sjosr*ZMWaJg|Jj^A)Zf20eu*xtP5)`z?`%`-V20Rmu%p5+7@?*-Et^hn{YJa#)XA@X}_~rn@g1i z_Ubk-?yZ^Kkrbg{ST@ud{0TSl6`Aeo+-`J^_1@OWKj!YsW-M=;yg2F3-p*3*_EEdm za?nL{3T)TAEkZjp&n-KwDUMVvy*@YD*<e$eo8A+M&zL$2%^~ zMApa-+@_1>i_3EZFRny+us}Kw9pCTWqvESi8uwzwP460heOtbcB&eQ>-mvJ2%sx<5 z?`8jt^+nOIl<}+;^yNeLZ_s7dcdX*z92fnvRPKzA*)n4aF8<)1AP5Zdc1%X{Zs^1)u^q^zg?Y68L z@%`uSt;PWZq4ZoJYqAoC8tu>nDAG7b?WJzCp!`_ND6J^%x>cpe3 zIlsI0O&OeL9XIgoiJ>m`3U%L)184<=l%+{emh8?c3id61gh^+8$+%xxy?HIS>-oR3 z;tsVUjtv2T;1j_Y|Zx z=rmyWuTHwV1xDwsBX1`C8e4j4R6*qQtBb0X(chNzQx9MkeeH2*ebSnxq_Gs+_2k5! zS>@SJ&bHk+f5_O+v=%3Y-P7+Le%-U=#*N<}U+7!wSp&wOrXLL4-QVEHw_2#8(9fBT zI}-&*@-RwHJK~tFKi+e-KlkNF%kucs<(c8vgSPd4(5t`ZMqXySU1!#Dk8roDylbi7 zM|}(G{RLAS;aMLosI~sGr@qQ-s7}--KU$1DkTob05%%E4_jpOzIzJ<>Tje;M9q&`4 zwvXDj{>OOlz7yj|jsN!jwjB1;?i~*^*xCTj8G39R@`_+0UBZ=~FW9+eh!s zNbSv*vh5@1CNi7yZ~dM-l(lJEeEOHS$9A;y^c}u;t0Qal&21;+B?Hq9>9-Ep@>dY^ zte36`GoN)S+}`_qub-9j`LZFml0wH%PWt#Vzr*L3Wlc`wy5F8q3)T77-c{!Y`{+lo z+uS`HwC=O}+8Y$>cM~#w{?|)4J{4%Ic3)iYxVwIGL3)KPnpVAccjqDMBlmZYX|t(( z)0`h8_D`AV+@d2HzJ8sK)(=zW`qqwJGh#qgHbCC1JOA74`Az&A&Q9q+{YT{+$qVId z-sk~Q+UiqTeLo#cue><@$gjCGH&v8w#1%e1S>|cg zOum^BzhtI&%%>GZuc{as%sTpf@qY4}Gm?$NP@6^^*gI-(;MSmWRpXzNDSL?p5Z_Kx@RiB!(LNuxz#T!{LTF%%0(x-4FA>n(w_2zLH|J1 zy~AVowd$u59iP(R13i6a>%KkqxyrAYn^77s@2}Z?DR`>)w5|TWsO6-UOGXR`$_8Y8 z%3b)b<(Zv%!S3Rj^T+E3jjL`qBe!eLh2Zs%4b}-3jBoL-uoP|g2>Fv4sBYV&;pKCQ zGva?sPIf5*P{4}Ar%Mj=bgJAEM3;~T+Xj1eNG>rx9{;w(W)OM zm(8CWj@*@2@k9M$kazoy*FA5y?R=*4MMdwDs`u&k&-4B^=v`F}_V0=BGH5?@F@8rv z5hia_Ou}Q_U%$H^M z~StPvt3%C<#u~n^2_bz&fB=`E|RtL8BK=2{A*P7 z!@7CJjR>bto<5N@{t)fTI{(meL*r`Yj(fw}6Kp4Bwt?g4AHwCvZWS1>?9@`DU*E6e zcxSiA1(taqot%-ox^Nq+>i)_C#)J-^I?tXK4^S%uhX}n!?DMDwf*V5{tINARaYy&%?4J@xQa!X zo~55UD2)#$pl&yn>{x=`lAzq4#;HBMbWWFnT?7>mUlaawI*So!cjOsIRI=Nzdx4>{aK7zTV!6 zq-lJ5>5iT2an*|sON_W^<;OnfR4ayWqBDD!ZQQf{{<53f_DuQNanByvv ze|8^!O!uqXp_`?R;vS48Y`1lK9-i}p+gj`|Kmn@320XR9WhYT@aP+PeT9nlk>|#~Ix@3u(uvHQI1} zSY{&qn;>!BmmxR$ENQc~c=nHxtr~P0GAS+cd(^%3$d0mlvRa$(FE9G_{SC9cdE?&O z^Yy2$?m2z4Ya`tu_r*8wpPuiVd&~2%=$-Os#i?evKABBU@h&n;%Bt=aCN^l<{f0Nb zZjR~hc%Zw*T<<{jHW?-&QTdmd;bu zt$zJd+2_3W$k&e_>g7y1spG#}Q@AfFH0k8~>%Y64H>D`=P7jS96z%t}MbCMuzkf%K z&T%($+xNaF*Mx4wbS2;K7yY%db|HUg)FXVhj@K666=&9N z-!in3(dX0ZtKpCR#$459yvvZUDBzA*6|WnyMekNV&${{z(jDz%c;3J7sm|P^`r^p% zU&~tH9mIF=gJ zfPbZFsOyIa<0`UO6)QR-X-CWIt#kf1#S{J~|K|=@w9*$|e#fZS9C9c%x^4Lx9wUunYs^V?P;xyw$qs=EGhP~uasO|9_XJuJ#BANN;z;qO-Z>g7W}FaP%!kI1Q! zShAhicht3>%C;3n# z)`U+yXuq$pjEf3Yw+p=aCCw}!`|IY|f1kdG4jCuq($*=JEsJjs?%6>%qNL}#v7zOM zLt|@gnKLT;Sz_hEpG0Dfe?r!>1h_`a4!k|H9FEn0d%9!ri{+id`J<{|UscAcy}z%; z%wt|lh-)y5jZ6MHoX$v6cvZ`n$tPCF7oO$iuQ*12uw_Tl`;7B9Crxhhvim<7yNTJ| zhoPFXZ#!OMkW5&sdywFIb$-{y{C~2h`&&S6w(t3AZ9h-dy_!1jLc(`A)eqW#roU^= zvaWE1v!icskAf>5sw8>hR>gln{omd&6LQ-BoL~!2JNW7aiyFRpRloS=z-PEuI)~&*-=(SH7S|NF4<7z30w4JD=`XpT!p#D+ahb3^>KD zC4ebItVm;I1=aia3VJhAe=#p{j^p0WlES~vU!HrkZHq5^B34q`n2T+19KQp}{H;*% z*qhgCN24~iz?D9BhEqNTzLVc$X88{tjP$+v_#a=y?#8YA%pceKZSsPIw-<;0W<9^O z%30a0_-2n0hZfc;T3Dm_%dEJ9NhxrT{Av+9R8|gC2RHPsbbEuF-AW3>Z}J$k+n-*? zUGVs3zP=XeTwebrd-!#u<=;NNObS+Bn~Swx>AE9WQg{8&4roKh-NLZ2WOkzi{ImCt zq^F!+kg~w{e{I}pfXsEjsDI0zg1~|Ci^IKOAr*Kl80>jHW?vt- zE`IpznQiAzpw<^4+`#Iu;|}{HKD80|_phIy?w_8UG|zT@GyD8vobl31GFo@C{*1OM%Ngx< znJ*?!uGcINXTQOET$;1acs8$nZ(K^s=%V?_BM+8NYto@RBQyTWdVYsZ@-2CdJK%Yv z4#$#e|CM%|^yN|UtSg72e)R$0x~}hMj{W@R{*JiHA>+QW4hCL4KDP*iwq5IWdMRmF zzmW%JpR3AWmMx9`ZrXWJuML7_bL+=-vkZnT{{qNZJzv;maIDpspBo*oZsw!Yf2BpM ztCk_j=&uhkr&|oY`YsRl_0O;GY#7IQ9RI5F`j(z8d+;s|xPK_R=ELM7sXtZkks-tL^tCM+SzgN>5C0_URxjr(w6X}!F9DsRP*k%ARNw$+*} zyVHZec%y|}+4XMrGq_i_l#*vAY)k+3b;HarxA)kSl-o!AdRp5_xp}$Sh%$&T)cLxp zhsJ$Z)NS{E@@{>`gY6>=>%1tc+o+A~)-Ba+L1i+)zScirKKEG+Q03vTD@ zrxy()j{mX${oXyJA0D6jfja3~iu3mFZ}00mA57(*ncq9uI6m=dy_8{Z9go^)9+qwp z%K0g&v;J(kN$EWAvY~jzZ)U(G^YV0zd-z?T-^sUph*0fse6Gtje&DmkkO^1X_?ukLs z_Zc}ehZh*wx&2v<42{-7#NTIE^UiCA6@fk4+AY(P(D3%Gc+_e}(&fLpEzc&=1aYX6 z0TNcy>IJM-^u6^?Hn?ot-2hec&6+VUiW07yCUf83%}$|WTeoOBai8or7>F&CX1se^ znnOJ`2cM9i_oaAd>$5vLtlxBPf3y3wmG%2Htn4k@n0=vUw@ul`t&^vHArFfyuG^u0 z>bIJt>8ZLy8S5w2-ahrqBMog{!qSbkuQY2{as<`0q*1-nH%m!=q#7~)!*p5XT+1Tm zDoWi=s{GY^>&{@-4A&==jIkf#l_@6I>-Ib{YWbk(>Xf0)Kb=~-avbeP!tY+$rp!(L zXBQq-R3yT}%Xxlz&C5@bzxLHwr~exZ&<@q~w6N1&dab=sD8F+dGfaef`^|}|>RfJ| zXLsp`jhP1y%Q`;wBS)VZSsV);coECq+ z(dvsuMMdLBPm54f6CSZ@GbT1ChuS2M*q9@u#V2gZPN0z!hGkPeOtSPkxf6DXKHi$G z{itb{c1ySkbvqQy&e*>0+p!us*Xgs`Z0fGqF>2)07Gf{=NAsFE&M;lt^GgX|A5QP` zaqc3F**5>80JSC=wDf7~T3b zA~EX3$Bo`P2RA!Dv2w;n^kcmH-XTp-T9X$?*5{1adX+AV&mnIuq)(i0D$OQeU3@1B<%m8Vxc1;yyB4X5 zV|K(R2IJ$%G*6RTQ#OwI+2ck$bz}3^j6T~EN^Tan*G&#?Vx<>P<7ZTE*X-fcjel`T zHOsN~H6<&@*XS#y6YG0%HJ=OV9IPhud5_i8hW`GsYi9e$@sqMX9se?b*31c;ri|Xg zJ~zRy8r{fyLNkJ9sNGV3_1B^|9A^gVn|;&x-BW`{Fs5_aZ;HMPzSll|@>BfiVLx~m z%Zh<8_e{faKVcWc<=$?tcNnJ5_inud-?e#t;|h9>QN4yu>EEE&mxt?W;ZN1-`Ia*D zT|w=3O;faxSWFzg&vpIW#0e+kUtLb`S9e%?bM17jH1q3aR;}$w zSa|zG#k<36;>Z4IHTHFl+AY;vnJ50j-R%C?kq3$ATp(v9B=l;|+*(cRgSwHB*f6tx(v=18f@$eDwyOK2 zWXnpMG#sCtaHn~ftF=%k+bdX|8r~*%$`GuMx85sRtV(OrE$gFp&9J$*_d2)yoG?Po zS%-h!rQ5crar(8MM4NTfcv|oLU-8x2AI&AS;)H^{FN=m6Sk#h*`O7E2ChmeMi1z{wt#kelt-|4ez>2t8{-rxI@ct#ui#y7(JToH9jUk=n{ocg(%? zAMcpyAL>oL zO+H|px3RM`*L1z!A;r_&h%acm_3N>xq>>w=N4V|}h~QqI$~W*s5K7;vIeXv!x)YDm z+8pVq-yqeOcl|YsRWGYkzN}Y?3-$Wd+Pa7r5p8|*N5f4;C4ytkTWxjIWgnKfi}Fi5 zULH*I$Gw|!>0xL6yxwWeF3U3dXEmTSOvYy(|0d?vjpJ_JK<`wdsaV;g<3Ls7>KSXs z?R;6Vr+9bz#B%+n@mpun3oTaz`u^99{f9bc8aG{x)U0v21SNSe>2r2LXVtMmkBl{* zHmPn`x0*5}U)^TNvr9v-%|1YGkIg!9e6jwjZbq}!<;~?=_4x8(XP1v(bZ_#rdKc?| z%XmKE+Y~c;=d)(jiT)a8tA~E>_>hU(`?=?|vYZL}`Wxd1uJ3b$QtNY^s-R%UIKunn z79MS_i8K0LY5tB&k`To^hcrFXQD+{Gtf%Ai&Tp^Fe!x9REIkvg*&xyj?(yk@e$$^6 z)G7MbY{xOxzW`tzIY-;)(7V@sag9}easbgmq@qI4u{+Uik=Q+F#u&ognXn&iTR&^r zry4N#%@)#{POQT^`l)`Mq!QKiX=`}RaieyQnOJqQy{f_HA!Uh2JLeqz4gSMdZ1#lL z;N$JZRCMb8HVJ+kO_@_Y7eG=I>LQ1X*PdQJxUfn!Gb2BLVzc6fbLJsHl(CiPd?Svr zAq-d=P!k%Y2_QeR;SZQ*(!^n7AZaw*^Q%{AG_K*}_`)JhpUn7rC%WgKX%10bQ`EJI z_$lX0&xP;q-C(}?sa*%*qRt--!oi1ndf>Q+By?|H00)t9cFDG!8Vw>1kY&Tn8c~#X ztIG_;hF7g?rB8_tJLFi{N*}kBoVnsVxZ^i*--&tkneh*ACfXa}Kb`P$o}9_OI{eY8 zIVq}=iMuAh?tfF>iom>Mcw1K}T?k=1e2>WmN0*S(hz+<6ctZR$9D zxM!>Q{o~Vh2R^JIu1jgHr!DmcT6~-IVO9TJh*m1UUTS_TrPIF4e`T#Wjtcjdtlb&< z;!5vSeDn2&?AjhAGeTIB8d?CCY;b*|#?Wcxim@U?%HXLJ3TM7s!<@60yCAuJC;qYl zdp^Fn%Dl3U+Y^GN%e@@yIJtqDo@-z(?#N;U*WHcc^WfHUiqgKW1%E!4m7kD-xW;pn zxRvY2LSjB=pZh*%lVqI%cKQ~HjLaHurZ>;)KU{H9T(SoOD+Re^NL@?M^j|;Fo(D%S zUQm|o`TqI!)uI&5Zr1mE2mEIB;n<$eab>Hh^)@NCEzUZ&_#4D%N#N)&fa7}U`bMnX zKDcy1kTW$1G27h!!}0muOEMPL3ycHvzPk%}d-GcNRg^-cWPE*l&*JT~>jx*+s$1t- zpNg&304w1_sdpVr=b3gDM{&f@O^p!bv|m?pIEgbq8ywYHJ9g|C{;QWbv)p(4rj>vI zsVYwE%OKDnv0%a)`VF{5$)wNcS~l3fCcXlDc2eC&wzYeLFK-l#t#(bkc5lCz3c+EI zw#g&1bNebQ1LR@;Cufqt@6Oq6y~;V2)hWsU^c<2C=M$#wZm$~z5hr_Y_Zg!(A0V(w zvR+x+{`%}T{WTM+tDj${N_W1i*P`j=62a%2J8C%RbRY;u9U0%h1K#nr`pYW_uFfn- zNdb>C_wE6|ePBk{>dNcfsqMaZyn7^l^rd?C%7MPe8CC0>^`4gb?A#)$WF2SSlKNFQ z^QqtK#ZBG1gqeA2PM00LS_g|p9~lpcQk8KED&c1bv9&(2WMh8%miUn_lhDem*FWk}W{`uS!Ua$*aT z{^fWjH_GbtfmN%jS4qYs%CEQgp(4yt{wuVuv~LwZQA z++IN4CIFtV#0{v6K2O~ji(-`02j%&38bm&k*C+;lhfz{Dno){tA{gsfr|6k%-XMT9 z#+}Wgs*1rkpyv~Kcec#w=YyzkM^eMau1uexrz|`#S^*fjP+B#(jR6@4K6N$&kg=Wz zODVE6Z^KpZ)n=*^`70%Om>1M&yzyR1cvL}bvb_SURbMI;IUq;B>!88Lg40SnJhN3}IoIa?|n6i&>^K$7Mx>^^yRdqHZu#Y%lv#F-3Els8hD~ zVOqp4C{BfzXlzClIrVFb6e|TSy8fm?R=VQ8|2ah3E-Yc=G=Zmvb_m@Yk`r*HC(0wQ z@VYA&deuGwxjm)m23dF*@Ye;KbBCjl^VjxC@FTcKrye5b7Y1<4vWoEos?k?^|Ecs= zs^=%*F|6~^=Jxqe7X5Ie1&zO+NWL*_7ByOlM=X00!j(jHBBO_&b>BwTnCELDc=?Cl z+>C(GnZHHu!CEeI%~2J44Rczks$@^_pieOph;+!=dZJM@!fcZqK@QE9Txi`vJ2k&T zbJVD1X|1BIcyxxm0>f7$L}SskWKzS^tOs{1lxpaPOd9WfBYQ>~P&ya}rl+cT$`GaI zIWE!;Y23{<1G!JcjRo7GT-@iyQhU!sgPE~9F?!={PP>0_Vl^i>w^mp-54aH=z$!#3 z^X0bb9!KDDD*Of2H|;N>kh}X>#T|-+%;57`fhJ1{eo%XZ z;b>%k(<_qoZ|LXA+e!?)26c&`k}%p(N~AK+1m$y7k@+uJvz1R>WtBgTpJGPgSIvwF zP#eXRl?-a3qTHM3gZn>y`vAbAbmQnmYghO!x>7>oRi6VI7;S7=6jFluP`OyK1$FSs zt{t+_dFI$9KHNTZJO8z7RF#CkZRH><=^iF>4QBHG6F$jJDN{+_d?p3!4LxHj<#>5^ zcv*=5^&#T6McxVc^XTzzEhrLJ2YPf(P{Z$JZ~m$zY`Z-qG5|*xYLH4%cF}p{he7gm z8(KizYY;j4y3_o8w>``-;lA3iZ!CG#=sKv^Umqz$n`kzis`wz};1zU4@GuL+xUJp# zcOTov8~p1J3A_PxG3fLcfz?AtN$eFxA zYUTso1qc64N@jFDi9poR-}oDvQNn+8JyD42nJWIIDF&-3KMyMqtUR-&j7g9HtfLlea@Eln7xI)&4U)XlaTTt?S`?bX_oMSiXtUV zoKLx5ti8q`)sstN*4Zx>3E#i(A|d1W!LX7zy!XAO83Uz;|C4 z9doVT;(bf9S#|tkRteh}WKNq&BLlLSqp`u!+= z{14m*8DUoEES3JzefX`NR@LNQLbA2t+63--D<u3P#tS((=jRSOhMzcrsdMpjl_Ax7!^bZWo<(Nm}if0u2=I_=nHn z)_EM(9^RrH0q2OQ>V3j1@kbFe_Ck7_T;Mva00HDX_Im08trI1JUrzsUibZK@G|6u7 z&!L?`)vgcuUuA3!=11{&IOA1|OQk(NsAs$Zyv!n^O%@l-r!)V}mxmZ`$21)5nO}2= zoTv~x+3wNVIC5b(I>ao*K2Z$#+E6-;F$_q#zZB=ggkezCdz^9-j1g<1f~jEK>{t~bqd8h%TbbVi->;*f z$IvGCf?$BexYB&H?I+VQ(XB%|N&+wwd;+H5ZrA|yy)!D~CIMhHQq^yP#rX;h@@;Cpv5jtU@!67J>FL15 ztCD$Lp4BSEFdE6dCFTXX>evtJIVymWS_GQpJ;0Bwwy->kSk&};Y4s)sjOEEh^-J=< z9$;jg03@+rWKNRf zyZ>7Q)nwl$Zb*(Ni%q)V<8Isio27Gcxhw-HqjR7W4>Fjs##u<=<~Wam?#H4x{ZYh~ zz5+R$%84F3C%RnJX_E}x>st!`C|VZ%nK}mpBhS7+Mqn6bh3Dvb@k1zsG`MwoOD=Ec zYju;y_p?W`swHbRM?v8E=~fb~^YJ*djegvs<#Vy$m14RJ)eQ0#!p(=v)wlxyMe}uW zwCXuneA!RF3EB2pSFsPe%_9J;uruSj$Vy6&lim25E$d}}T>Bh*iqGMOW?1k|fsF$^ z>{yFAJ=evtG6@0ut{dTGEMd`+=9^?Ay|Tb`P)~=Y5LKlr?D2ki%G@(Us`DVld=nB~ z3M8WQ6hS@+v}!W_WPxpxiUQECnBoRKicIOLT43++L{mmoQ8jwuV|aZWLhvISqs1&B z(O;hWV+!3oOVUIc1w>EClfR)$T5-#O#^7&v<|g-y@|7tO zJE@M*@i_E=5ZlzvF6|cq3u@ZSd*mlrm+21UbRR#pL+m0qgi2u`*f~pafcdY-3IYSs zz4?U@JkI<&o6Pw2^q9w4EnLSPX}+mF;xJ;$i5B_&r-S(ZJP&+eu9$A5h(R)?bl@wV z^#k``x4=o$J))Cw=rPnVn2Zi-aMJU7@9#$7q^XwU40)g0#lSvY?fsp09QS*6Tp%4O zhM#2V!S(7g%Ft~+e>+llFt@5xWG75 za&CFD{M~7}Cb$YAW|;cb;OHIzxFnXj*ZXR*hn{HS=%gkdlV(F;oM8X`{q5(5 z=);Y1)%DS0OvUqJjzW_f)O|{Tvx9=2BpGZ1s(Ff0o687?9EMf|NbIUzSDvOxc$Rm( z+{%L4b^f+C2B35jApBHnZGYxFOxFom4bV@v1hnKoNfY?Nr-3TVf*UJ=-4yH|sU#tS zU=s)~REHC%lU3ZqQlj{K7cTAf_nlU`p&sBt9jM!Ynq3vt)k~nnA!mO||8b)$OX9QJ z>JQnak)J)FW-I`x9#<#KxG@$}_$Hfn&A=Hxvv}#UppOPpYF!ttjjaYUHpZVso6S*FWxxW9b+l*Xj5OQee&cS7w$sj3IPl?_tO`3{8Fw^uqRAs-T1~P>Nxk zs*}1D$kuaZ{Nl1iP|1)_nsK+1QTlbg;wB(EizMOKs~ezh#Lm2Jw?ZiQ;9pjC;O2z+ z!0-ok*#2^V0$2@z)K<$6xV~}$m~B)^@Nstn`=wXV2-xnIzyQ*Aqnp4NFiJXPfz`yt zNvJ8s(7hS= zh_N3omhdoExd><$CZ83u8+$TVZuD`eU%%ECIC4CN%V>r{Amf{?Gz$iaJYERl+*=N( z={hxHda--T1)%5|#-l0MDvoDvYniUG$QD5iIo$zo9%O9r4f*ML;P&f?ylGdx#azB-5-|v`c=2 znb_>jGYkuy?)cTT6+6lP!1r+dXZ(FNT8z%@VdXty^iX^2yag3E!S$DJs?RapbpF)BYp$*so;@!2gTeFmVz>=IFb}9_b$mL%K1lM@J2+7Ok>I~yX42)`y%DOo)|%Sq!>sF z9o7Z>Yru2I^app=vP2xxG4y=%)tTLw*QeD4oCVmF1KUZC|V*mtyQ$fClE-ru7-?PLlVE&3Rz;?VH& z?)X9sv8IEd z$X!4V3OyhsCN*CuAgreR`{pKnlodId5njVCGnRQHP@nt3gWsf(>$XH$jSmZ=e4j)@ z(NtVoKR9ICr2(KO>;D>T`3miXAVQ{)iW7?nlRe(xqt%n9Psc`?JepGvQlgbcpLg z!927x*EFJv_OLDaV^pT*dFdIV9JiQ(N9JI=-?~LNTr6jnR=1JZe>^oBdy}sa5}9Z_ z{1r&2SKJdThtFpAia>Gf)Y^@++Kv{{+Q=UeYe*w;HA92R5lG=&KP1EegUmpS zVxRA0?+RZxe1XVYKsz~NVO_HT&t05$YWZ0q`4ZPpcQXnSV~Zr!a8e?H&&Q&gPTpHS9CN`Zz@@Myo$o`4;bNk-L*g z^FzkjFKp^evm+1EiRf99*IWFSa-RT`REEOHgorgMeHNQ+pgI|?!~V~ zLj@imr2jmh*J-M-iqee#V1di2bvi<4p~DLZiv_X5O`DOP2($03j(w?Dh1~pbG^|b+ z@s>#2P!IKerLTBne`>r4`fGhGNtrCze{vz*e5OesU)<9x=Vcz{$H`|N<%T>)_xqDL z;O5un-#t0hm(#${ zUw-*0NLlU%+2k~k$Ed&+$aBL|UMgEE9#CyaKow&xk-87fXMmtG||k#HD5Wd#_2>tfs#yaggg}j5*MSq%2?+a!tUTA8gmqfC-4{4K9EQ4%8|lw zNTFfvPy&?CUq1y+&&`SVoIjOw6kigxL&!7~;>o0x^gcUgRr{U%H3NE2JdP_N>mLs* zIwSG&jaXdn!0QT36y3&6&3nFUO00gi2@?8K5IPi)uPvY5+B+;6LO|7{j=Grv%U8&V zglBWI*b>2sDej|8YNp~L3p7A(l<6@|ifA;%+oTa;Vi913!0XQQP@*6cpOE|Zvjal5 zP!_qOJgZ5?hRDW_7uX*pXCL|?M0*kQ74ZcdV^Gm7*RaDlVM|j5^zUXj7PJ8sKn##I zpZ)w;G&CF19gtX+mHs%6tG2)}PefD3lXkb;M1df&f{*({OcKWsq9pK-57K^!mPo6R zZdr|8b@12tfzpMXSitCwEfUQJnZ|4GZ)ebb-iQmH-2^`v#*Vo0Qtj@6W#5@PIny&Z zHNr61M3Rgxr~VMhLo1;R40N#IyAH9!%?XPKK}MRN{M5y(d^3)0PD9_4-?tY_o2`hv z!rok8i={-wxiCodlw?Uq@6(|eoZbV6S=lbhG9V5h;F zkytYQ#3hB}1M?kc#zu>T&FMt#w(M0 zTLM2VU5BGGm)lBhrGofEq>` z=TH28y21TpGly=SeVR)f;q81=`L5kRH;UVIKcm#zQFt67#N+Z4WZsIl@Ua8)J9S5d z?)rbsiW&I%c@?jRnEGy_GXM|g$H&uub2zRn4OU6O2SsSV-W< zNO&$w3vU+p?a!qNg13)XQw0}$K4>I?#;O|)b8BA*l}mAQ#sq&390d!liE84GgB!ko z^~?OPS5v@r^=Y;FIt1gWB`AY7BC(zHBn@ocH_KY`L4tE)dDq;wR3{8lks+wPOy9t2 z;&)lATN3c?qE-`T#g*oJP@)ihSDtaEnG<+rEA>$D^5#RXuB~3`#kF8xfwj+h^ROia4PZ4CY z#?tnw?J#|zE?1P15ekl8#U<$almc^aH2WT+A?s++)X;%f%^p$Z%_Z#r@~akCZkz$0 zb1yVUlNgFVb~H|aIR804AF>m4DQSNitJ~rA?Tvf<(aOx;_7+`nJYP_=*mRXkT)7%! zqgTSLr_VK?_v;;!F9913nNl@6VZeXda@ASeJKXr{MOxKyCJ#jTVRPhNqjmT5L~`+Z z8=_06f@KEm%h#b0^+{*BKlh1Wdrr)sZQ^bF80n#)_OW*r7M|U+iern7l(CMBKtp9 zw#IAt9Bmfs@h;8EXl_Gs52 z5wcJcE^}1W;NQIwp`o-1OQO>k05EdXK`1WK)x^nPFIh=S~U3p9$n^EOk zQpd?$3=_tky)@mWktjX(n{l>I_IU!KPBE{{%fCZ4=KI4n*Bp-%nG13tqP(e(wtv;H z?^ORKYe{M_I`3Uiqp;koL*)E4<3h(ixo8tN|4H0LZ2o#>oelK2YPg!#yd-r~c!@fT ztJVen-;5531El34b&1x9`d?`GcY~iJCLs%~PnZkVg(>U@f?d3(6={Bz$NjP^m0x%6 zgyp~##|Vp;XX+R(%;|Kiv{6R53aLNd7g%IVrpq}RH_D>m%d@q;J;i{NbFlqFo?Rt6 zH)kNhNZ7B@P|{g9#aws)be(H3KJWZ@53o}IDT3xJE1@77c`0L*3P`BM#Jin}mMcvg zp}B+`CceO@*B(K&@rmo^SEfm>30Yd)Aszam;MM%y+Q75hyJ4@Ho5ma8F_CKJubP|S zAbHP#M-$yte|sxeZRBcUpQ7{`^;n0wD{sCbT_=<5EGnu2)$olPg%Tb>kCSOA(bY2v zpqg>Dc@BFoq@Od6)dl;TH;LsBHC6=m2TSc!jfy#3HcJgw);c^xm9ceffFj_6?3E?F z+4nL+hgz0Sb|73noVSC-KzL5qxd2qlN*b~2wm!E_? ze;^2DRU6Cn-$Wm=8bLAC7E`R})T*A!U`|={KnLl;*^QR{> zKDy+r*BW_$3{v`bBT2ukBLUtSJ5{d$af^IBfT7=Kn0#gor5mi8;9 z3;yEr9um-uo=|>&R3nTwVt*1FbKQa#tE9AD@IGuu!p9C@^rq^{WW{wqUYEHx zZ;cz|xjh25bt>Kzk}sraWZKx5YCMhOOHh3Jiicd}NG=2i*W@iF`^A+~nrLp$Hu<#8 zh5c^#^~XYn=xMiS0> z>1AGO<{HjQpjxFENC)veuFYLYIjdGGnD#rW!H zZt95Llr0s9K3)%kj_8ldK?=6!rX4h$!p=JD*ZoLmMd#4_4wl~=*V3`xu%x0r?767b z88Jp%<(TyXY{^bYj-P|#6QXCRDnTLX9JHs+`>%_6rYUCw3oFX2m1dR}8MhjOrKDkh z%_~<9I^voAUU~x{4%6J@lf$!0iGYb$zYhe5(+72Qu3n$UH*26;LKs2Mr~lB2G6w8e zpVytKLkD6X0#!^8St5dk9P+*BIAfAM3hEAJ z<2T&ZQBkLDgGB{{T)xYr7mPd=-&XE=Y>M)p(E9+FrN6Q1DN^Gv&H4NoQTSbn^0`Qn z1wd~$Kgb;{fALl{9Da2jDqN-;K&Oejq3YaDd4=OCYk(C+B=LfdE*aO8iC$YqZ!R+@4*a$Ij+Mi!DF|Pz!#2p7g}{eH>9fhkbYg)oS_ zC^TPR`F?cjwfIQ@r6 zc(g`ac`q=)ct*^N>7)7w<%od=VPF8D^gr{;?0EqMpURynZtvin51Agh?#~e2h zh^VUlgvNxQnK0nQbQIKPoYVk6I|3-+|56baaG>dG!oa_AwN7)!0v28G;s$AjZMy*c za`41d!PNQb&i{}EQd7mii=EDYrKU{3c6i@a?O6QV)$Jm?={kog z;;U#pPEep4WVS}ih<&I78ZRGuiUFbRAMb-P+PMN}pq-E92|#+ zh5%&=0kCtqPqg5`O-2#>)Xm9H?B9^iK;dz~V|nle+^{CV4$J8NyiK`HYLXcv`D*@Q z_+8%gmd-m?>whFI6r6_Mo*(aQXgo!(7OLkM0|!oi=ff7o)xqiT)`AV+8>p5$}U6a1Ltuce+$6Yhd57tU0$jY=)(9l>>1$7CJ zO%Bo{z#VMlXccQd2Ee8T5ON7v_E3rgKTf8!pZ-*h4NI&;B2X5UK){R1I>dl}BA!Q2 zpjhuy;cTP_PdI!LREb)4NO}wU;-4~?2MH=nIIn=YYVYjO4#NnvRHYR%lh6n#(7cnW zr(OU^VRJK2AZxHZ;KM8~PIkF^y<|<1@Q{(=`WNMf#dGparqQQ2dc|Frl`$-l<)e+U zGGQOWFKF+6QmdNDdS}F?6X0l;0D2cxsA;e+V@wZO0xU!iML;s25f@U-z{l|~GmZet z2czS*nQi%jK7;HK07$!~gN`$zn&}pYJxm z^J2Mplr$5#H{_WWkne_m`5dm>Sdfz6CKDLL7Im1?vMdE84aOfB6(KhYgl>F9v_j8l zgm_~|>BU{FeF1AYj>pq{3qAmpegsSy@o9~kf&%x8(pC1E6UN++q}DZbi4ac!8oqx0 z8Z;%~CYSPY1NV!%*z1Me1vrW0!A%%8@TlYt*(mcf{{c$EpHUBnRsd7i11L7_mr>?? zXy4=Q!vw3pt%SEdrfcq=+=ik*p0QkNU9*uSLmi4DtRmw)8hpcqWB+?UjgmThA zze$DYqd5x}@H=zEO8EvH5T-ZRuYuU}qW^<8m;1v(BID$Fwj0?Djam=&fH*qh9FQ&y zmwB|NVAx1o`xKSGVFWQ!PEUW?D1c$JA~fGz-2?P&boub_L+5?ow=9;SBBXzT*yWeP z`j7YWnx&vAJC@?&SR>FGE57#g6BfR^kx1tJD3N-+Gn}GxZYfNX**tue2Zw0rITFs? zK*~Wmir=bOvIP{eOY^P4{)hAW3XX9v9JtWPy`$Bk?;vAUrW3)rLx+M2&uF$!c+mu+ zW0{G=!`kKU_Y-O+gT=XaZ0QPDG{P7RcUatMG#tCQS*H#0)W#t|N2=C|yY?sxB13Q$ zo#>*l5!YjHOe(GvLJuPgBW5U>Qk|hvm^E zDFUha1_xiL1EQf#smwA~#;i?K9q!&8`wK|&tRre|yaD4}&V<%CFFnr!8!+{76gL;I?(zU5OIeay~(^IHS6y{ z?szD}0ViJlA}gUt&=mI|s>Uw=FCxoZnKHsz`PoZ4*7+bnB{PZ@I|{J^QN(?q-VjSJ z4abo*LRGz>ic?YW@Asq@X`dja?}BTlLEU5Fr8#AQhA$@yyNCG2KWq^tWU{ap1YzkR zgobgvXHW=-)*%Pd8OJS<@byO#B4g6>E};Ka0l7DzOPgTeapEeC)m2Cx3Io#A+=%|B z*oLU{s%`3c+sCM?Tab-1=1_UZb%Bf5-T*!-0j8la1x1l&< zHI(&J`OOaIbXibcyko!9ccxG~i0@^?FkTx>$l zN3wHq`cX$uRG*onjB=_BgmcT02f6pwQ9jUX@O|BBdmBS!^_wU%wobxZc=y*sz0%9q z(7iYCIL1^LEZ>l|c3v=RI(>xDU5YXY8b{yrz46rxA@!+XWqGML|nVcCJdd-H*%0Qj59|i8Y{et+IQV5L5ao%Vxkknoy4EO@&Vw;*uYxwB#p)YaR<~< z5ZNngxMB?rXKTyV*+)mm4ms>{1u&E0~lbhI!cGQS>hnX7cx!h`$K-EZgEc7 zhyy_E%CTctMa-k?0`<~&-E&b&jH?9rh_6c8eRcpPyPnonuKQ|JE0loh;Pu)(ABfcV z`_6!w;UDcBP=&&oh`@y_VH{LSyFdr+gBFPPsy?=6qc5hE@qdkBS}X=K^#;|@r!5Q; z9*H0YR*j(K+}tqapRq*lg2;IYVWpoAaSe5r7B(i<_2qfN@78agM7jW^2&%wWAKauD z;ath`^5(zyPs)#x8r}Klq*Aa!zovZ~YKe~Dv7xze4W1gsu~L-WAuZLL6q z9rfVVOrpjeI9S}U9*hgw3W{-L0BMh{@MqBQpa=MP7C}1gaAb^$=H04HqCn*A?B!0$zUnkZE=S{hRpleCo-ZbhEXCQY2gjHzWl6Js;l91 zu=?IgZyfXkFyT5mJF}I#dFxIr@bItB@jBnJZ~j5Nd;@m(8OcBcF=#yjR{k!2>jTWJ zV?>i3;88Go{boXn{1pW@6pALT2I(tC0aXBu9>77U-Q@`UI|r}L@kYQc=D+&g7B6V^ zl#0EJ)4~bZXD~+bpv3-ExcsX^c)J&nWayKGNC30YFfhSS0_Qo<-8_nBlHmioDxIK5 zMqqYyG(tw-GvEmh$cL3W%rzTzTwGnAb9u*_8J+{ZkqQv&2$y{UIuC!r2uf=_CLDTm zqSFv-=CXRjFD_hjt1P)Kq`sp>r*C7^3mNFl8*P7bC7CLi4Sg1InCb%aw+Qy97p|D* z4}Iyvs-g6-+kb~|yv`7^VV0Jbj_20lW4L`5nL>>8$|JH{=^$MI?F=~N`#Qjeg|Ywi zcmoCK7210NO=L;f+Bx$M_OnF$IVYNs81I2Gt0^()A$cEUDSWD0z;=u}VR-KZXi~jpy&8vcp?mzGXIX_-VK7>ia;|Zwe3fl;WWZfvpOn|W_ zOnKzds0a{K(5eBqeWO2#CQ2rj3n@&Xzz>8{T)M!Itbe-o8FX(10-5|=N*2XCN%y-9 z+mU42fzYS*ch`DWNd^?d3_&)w!Xp39naP3ym&`<&DYvo^7yB1b`bW_o@64Hm(%N)z z0K54R9zSz6SnnFUUtj%xW0L=~s1w97AF`iert;BI)C6O%`0j6;T zPYNQ7+BH$wzCPcP@v91=rb=Z}rHB5;>Ze}5J7h5$1piIb+M5J={sLPp98;QOKC_r+ z*+ifE;PDUtQs8mI%MHI&&)wIKO$HMiAW{$HTD?H)CDd>NbU;bQhJ-^PhuI^*m#2~O zZ&aisbIyL?UZRq(@rtO~QGp9u!2t$VW7q#^Gfjn(6(R?GC0*7)RVUmK!I5th^eV%t z5|~bao@u1UCLbpcl3@$=A)1swk5$|^N5XUGA>1k;yJUTm%75mG>ehEGx(OpkNk3$6 zC8CFRAz2r8ARC~>zigkFI)lSV5u=2y;O(-&{d*aP0~cXnH-380#RR13O=zSTi#DS< zikeZ`Oi4C`G0wb^qpBVLqEr`afLe1L{<1NU-xzhT2S^jI28rwb6Cpq!AlX3ki2_cO z|7rm?$w$6DjSZZpcoha=!KG=d_rLU6dMjLnRA$Bwchg5wT!D)Zp%4hgvj>Jlt=wn# z26dlD6gdDLAWrdDU7ZL#3qWTJyAbS#u>SU^1U3F;J#jor=L>OJ@CrpiKO#Q~xM?x@05iEH2_Ov72qU#gfM3)*h z>a0q?YltIc0vvHe)>oij)*g)`3%qj!7##wHoNxRaFiaUhOmxrmq5?X~d7Mlr8hK#; z8PvASt+8xKB28bYFsZqM1es-fbQ`H^7nkM-ol@QR84hMdoSLasj#PFjRmN1Ed!`Ir z%=M(43hzKNSssc+Ab3j=iVXGCer@R{_RAr7tYhou<2DD~@eqXTM~stE3gbpU!nOH5 z(cWtaQQN??-Y@&sK0z*O{|1-L5YVL2G-OtI%(>r@ZxAeeT|T2l8ix<;6~dIc7e}>F zH$O5RP60;XZk`PAj|WB7&H`cU3-~RaF3I7>xTz@NLC~J^bJx)DYuROJpYn*vGS*PQ zXumM};sB$^$9!O*9o5mB$IGOT@8RHugg{uxBb6&`9teoMl%u4;-LM6@<*&@Dt9nqg zo(Usan8RZw@r1_k<*_v?yQ#`Uapd&Leus9+xx~FR0*D5covJws31jV7ZV6S8{ZVCe zcYtj6lT}Pzur*I^yt1)+M=2h->$~Dw%eWTz8&kK^zVJ3vIjq-w2fkGM|C` z!MexaTroFqkQ-VvbB)-M{FcepEaH!YwZ>4OgH^yWEK8}7uM=mS%%`lh))aX#n=*?l zixtPEnU6mV{*~btwB!ADXE}$cdt2@3{+DjQ6>qP=%_hN>ivj!i<7`1e-Q#r7Wq{ub z3v|9QNIC;ASK3NtMLsD_=$IpY27)&62rmxrwrnzGo0j_brxT$|gpg@*~X7;bU?xC#eip*bkZpPubkrv7L7e9l1y%ic& z_RKbFA$!7@J@8XF0)(99ObbC5IYowzXpP~hCoYvj1Pi9&te5{udhvh{AB}#CYMbyX z+|-c43cz0&eBhCkCivlT=0w#YT`xBXi}pBIet#dXi(2zIH7bxv0~g4@S-3j>GYDNw z#{V1~#?q;*oS+DL?s{CJ_f)|3(t#w9xCf=@%83$Z|L+Q6!r?$geRyhSFZukaC?~Kb zWH;aBMQ_tYRlalHt+S}5B(Q&oU_bvb80+P{pb2q(`rk9k;DIx$XZ_C^UB}BGcm0Ut z`7p-BW&9W%Rf2kuU)7f?9om+<|KHa)T*wB3L)O8q3R=dT;h(5NzPJ5W4TuMLj_Sr3 z?;%|u<~}VBCU$K-w~ibPoGu&mk>w>@mOjnr51&|4K(~$F@ya=WY%%U|&(9 zD=F-v_9?kIgzdCkJME2Cv6I>O16r9Uo2)9HkS0~Bh1j%Cx zH27Q7Reqjfc-IAvKpN-l~R@r?nHEvP_DRf@Xhpmhy0W^LKQSC+h zy&F5E^-_snWqscA__ARPN?^$umhqt~OeA5Q*Rw34y;=m++j9n@-NW5^7IVo_>kY>) z)UmJ@M|N)+ZqAd*N)I)Qu>lJ7ZH_Kqp-BE)%NJ!+kH5$IR3la##a)k3l3suLyVgde z$nkO>f+kt4MpJI_GA4|iMkV?Aj}y*n>3BFX3%u=%Ja!oQGo~;~beMpp6)Wi`X6?jO z{tVqMKWyn4_0O^#F7)I3E$w}vTwCC2k51W&cxg;S`Hjel7!X{oAL)zA1S)qL)q*`Q`XBK=&g#Lxa)ADcp3a3FyVmt z4ZeqTYrO`4xn#Pj4@!K+ZzgT^z$>#fIo{tXOdky^!Lsua3L)+7VJ_ zS*I}vd&}oIp;e-5)lTGprLhPQJA%u2ckh7(6m)Oo5jlSQ&X$uG^z1x&likwiY7L5X+zY zig#j_NUoBeF1#$R?X;urPX?)YbKQp9_qH9?0(2Rx!}76x8-%$*HENg~W@f%7Z5gBx zPODwDty>#nF{m@~;=$!klZ4C4nRa*TrTp_gvH%)cvrX6@eF_c=3dZw}(vi6{xY)Zn zH{5b?B=60un_(p6oWL2=LpumwK7z5|l;7?W(uDYuS}@I3`!3MZ{3|Py((C?Cm7hj(o}X0H1q9&C|zFjn0g&$Sn8~2y(KPoM;{f8 zZrP64IiM{MHP;PvDwL=99YMi#lZcG1Rc4fou2 zNz_j%9?>lkadMLA^g7#$ig+v--hT@H(fr*MRCtyNW^MfSxg(J!Nk9aykj z$^WMCJ5JRUgBLew6+THbzj@OcW0g;N*T;<75}m82ZcqRHf*L&^c=%n+A3ts8FRk>T zbItS831?QDo>9l^_<1}Ii-H^}KW5HhE6t6RvRMvPne@%ofOiz{_=$hu+0xlQnLYU2 znDwBH59Vmx#6v{bw6Zs~#J*F1G1=m|(-p$FWzpMXS!d_sr)j89!pI&z>#sC^5>5U4 z`@!*2WP$P**w2?t+jU*DJKJ8rjnvKTS=EjnVUOLLhnZ!vson*wofo7Fz)Mu6;vPTy z?xDO56NLR?*psRR3lF0i9oVtR2o`Q+;b!A4P!HzxX3>o&b$*Cpe6|s;STa#^FCB)i0W6dK~T{lOy;bYreG zy@?W3B2mdUXDjeHcZ}!Ib16=i`Z8)i^2pLTN6MS$r@njQACoanzpNAAm?uo5Mts?4 zO44Wf^+M|+&;HzhVzGa;*y=ajY_5@3yTKHm!x8S|hn~-NS=f8D#%~_+@D7Q?w6efb z7h9T47t1f(q@-Ot&&NG?cBan6JpUAxrcrabOB}_o4k5bY!@n<$d%w3;dp;Cl@;HlF zO529YqlQQCQxH#%$kWMi;U{b*;|Y$nJ>9Jg2CPP7_QRe>ED)sV}RC8@%A<*R;+SC^rjU-54JqwvOIpDwS{oiz%}l@NDdi_V550jI@x!jzH`kw6X+`Ye7QpKlc zwCCf8L1+QCjF16peyclK1fwn#<7c$#C=rX`WaZR+(OonP#brds4UY^@1cw z7Cx)$|0VpY#hejU=kc2-O~$8^e5{hXf`=p zc2X>ghl^0c?U&?l$^jy-ymQF_$ONr=7!Sc-GBy~Y6CX$e z3X*d%F4EAlTQNy(mRzAUG;DpYVTTD(y>}-(;!8*ClUSdmKk-i&*%sC)DT8O%|Asxz z776B(M^_QB1WYo60H!&K=oIle^mv?c`g7T!Jfvz27VY>Wyl`pQ`WaNbkcfz0mh1#^fYtX?%Z6mBxa?P;W^rUsShX9SiMy; z_@%2?)MG#E@|#E_M0WF{?qd+;EeJx1P^Mm_pQ9;XJC%!7f=fykecRwHS!OV5rY!#(cil zy0DweWm<@N-4CBSW4gYIyH55*8R0Kby{E94MPhM%iWI~*+gM|{UEuH~M!VZJ2-Y)+ zlx+ucOWpAQN7`G5Rkd~P!vb4jBSAd z^TsN5Hs5%Diuh||WZ(j29VD+xf27OAAdw8%a~(^+G`3oPBl@m~1M5a|b8=>c?Ip{J z5wBNbk$#Z@666G@kU;)Y{J+Uz8Nm#aAO_xZW@`xx_gcAE?0pv<9moT%`^=x}5G=yuM1?s%V{O{p=zRyMnq8}aGoRh;xU z{;`)ACk*J{g?d$Sk{t4Xb4p1jBsNtmPnpno^p$!*^=h_3LEhk+yx)OZ{Xa5a^Mu+n z%p!Y&HjKL7Nh>7ST~Y1o9=XEqxlhJk)Src(;RVfS+4bsYEu96or@o^N=AsiEY#%TW z=r9aFA5?w*KEqsl=~#15VoxJkTjl$)tW7Za_C!pEfO^7n-Nn4qDTPez&Y@Lj+q?Ah zQ%tKrb*EV#CxNAb#y45&FX1+`Dj8k%{Iq$NGYbn2{Wh)8{W*zC&t?1hUCCFmtkm98 z0k4HCGK4BJ8vGv((0yI}ot%14&bki0cf>Nh|9r%Sm1FPN$1+X2S>K=eNA4%){FP7k z-CV@9;!iLVEH9Q=xzLJi|2sb|mSD+;6S-<-yjH-E=BmN8r2UeV##Lpre-3Rz?jLK( z*%6C8tB&%^>CVx+jit};@N&-eKb12!7lDSDhvqo|AA;7Y4g@!ra9{6fW?e;(W}Q?h zxx087v;ET2WSJ{^vk{_Vy{B@Qnpi&F{)j2Z85}NpZ8x-MdDAcH)p7a2%J8+P4Vx)n zAzFU025-lar6pmnoZ54|F<0Pu9H}n|bhYFJQLQt6{l7VukR7!2Z6R zoX$ujH-rvY{beX}rk+w({H0_~M{4~v{yZ9BfJHH-@y^6cxJs)Fn-R^%g4`DK#JES4 z?ZlU2;$_1KHF{~j)J`$%vjsh2{U0Cz?8xl?wo}*EC^*q&iR)$0b*>hONn{6~sPbJ5 zZ;j5@r5_0uuNb!CwJtTvbol95#W+v-TrE@SXlcCz8kQ}z?O zeSVwGCbJZSBrW)I#F;T|53&`_AM%}-z-S(L-yU-&+q4b{xG;2YaULT3@%4_v!|VLw zgRW)qib4=$NXS3@4-Rq#lY4&;`Xqj;@zOjzwSnL@)Nnu|Xi5miW53z%S^_dv@htqv$nhB-al)o)|jl9EXH74*V2l zv-k>|x`|Bt-jo}Xo)}*9cyC^CDEC>qJ|0Q`pLNx%HP)csR7gEjXYGn-edope(F4-< z|6)z7O>vb8fyg=O#u4&`0ksp(b7_qVUK;`N^Hpr5W+?f^;bgmkrgQrDW^8a@X4NR! z5ZW+$%->Sd_&eIO?Mi#6ZS^X-u>3SWHCni*C^{!zK02tmUENeyDntH;GDzQ!S08hY z_xrEGYp4TuY~5_E$^LB7fPFO4@_HzIGv|O02{6U1ICafCkov7px1E0Q^VUnXC**!d z2h}2SP}Lc$RcA%>wm{4k3?Egt>o=NIR1ds6!CSi3J*t5B%%nK_H|CykZ_ux$-6IwBLaoLTq5v zz(bjcx)Q9Z)`1D*DY+3URI&1b6pwi6I~ZgekccwHM9)`BK&0C)5|2lZwgmC5wi7-7IPBv+z8U{3x=5`N1gU_MQ6KE@S zH`5%1hep)(KsCRAdNB(1)E>A!5w~$!uihAX8C&3YL~PoL9KY3+gN^$YfPr&Db-)|Z zcCs;OeQ89L8ybQkrGHRv&&f67I#l!s@kjuNcV6&7j58^-udZdx`v|@U=OT9y8wrr= zp}aSNqtnm7>{xcrh8QZOff3GWM-0Ca#|D^Ob}*huCXwG!wBx2=*I)w@^2*_qmu(tk z+OJ(I-C_>Sp>i8$>v`!%xBA`uQrdt<#34TsFee`WsokifOVKoWBEMo8$aBsodnd~^fztn2P=CIGMZs=f(U`e*kRkiFehmiL*#x-do5q3=Zmjn9)D_X}w0 zqv*88l;Zk5jhZ_vMP?r7@O>NH74|x$z%9X`0&aMSUC`kO8m+#cmF*7|p3C&BCCx@S zdJqr3JP198St6vM*x$uH7O<@61NVg3FHJz-FuK5O(FLO7A7TSTfAXztjrxyG(5ZdyAZKM-{@h@T9PEr$Ka>%cd zrd3(+=6QP^L*aU%NEE3&sRmax(k`rK``ev~@)1HMbiWxuUXBAV;t_5;dI+#E_IvT> zUqXM(X9oy?Y|<#0e72f&AB>C)iyeDQ6bMQ{FWBjj?U(^Gk#`-IiOLv2i!N7h8 zo;Sm%jLI~H%sp#0?PMg>Orh={;JGcf=t%RyOm!Dkj^BGfCmHHfYTLyIUMinT?KB++ z3)4Y^+Quy?bbIat=uOS~D6}w8!zz5acJ4#ApxUj*Enw$)Cz$U8&Tn1TTc1R84kuD@ z&JtW#&dIdWAC6XnJHJM2xY>CD_Bezo(VTp@z;xKe1Sp=G_a!QGBi zr-ne}Rp|K@$@(i>YPhbXRpz2DhM%IZ$<>RoSQkE+2GyrJ(5@}mT(k{AKM}P^XN}il z^SSm;Pp4)SE}1eo1HIIU;|Hr4^j8o%7(w%Z+))13k~$%8Z-qT>-6w(F&s4!T>cK67 zYnQBvTIe+kn4f_+`Rn`5cb1WHeDTB`{Q~Ea=*_y7MXi9D%btL^r+5!q0{d6x|si`5bDjnDXo6|T({~aZ}Hfx!K zOA@9tG&D3kUw-@--_;5mZ-&Ufqi_U3?bDD%u}i?v$baX zn|%k+UQjW#dAKBrrkQes$i%W0Z>_C`bia3!E^Li4;D8x?EUx-bTjLIz=UVR1@c^st zrQbX}lBFV!7go~YCOudi&(fOVE?GA8HF>nBKj-E@kg0m78n+IqU_Q9$u}`1AdlKyv z6!?y=15|&6%Vmp}WbE~+2xc&%`)~|X>e@|w& zPdxR-YQ7APufGUv2-uT2b930}SXSWVzk0o|L}}-Iy{q8c<)QXzi%6Fw4?(jkT|1-x z`rSENaFCr7ENvw1>x`LZc%x)brA&L+q9ZG%DD4A=KFLDiK8&LFSX0TH6H7ywvD2z% zvHoBQk}J^hA#NnRu4p-8SO=4PmCj@s zP|gD1enF8(rtQP&4P0MT9fd?%N$+;z<}$7Zc0%QO2v33P?k_lqAvxxj5$WQ}QQhC2 z&t?ai%)^k1-IO}3)(o42{#N=y4wW<(42bw9;{R#^e0oTdtXnLS)SRcy_W3=|wr{O@v185K)G6Bg=IFvoj<&@uc8^hohWWIS zK@M14VW+q0C<`R)^5=jl`3-!K5;bF-ZJ8xp$)&FNH(Y# z4QTbGDcWDqwYXp5a`yh3Y)aAo13$0j2mXjtp>tc!cd%UIwsxLa+V|+e%rFp0Cvk%j z)PzPY%likH3wUuJ-gdP8R$?Iq$n^q)ZE%S?C2VoA9Z=6MOeup!(g2NX5+&Fv8Qb?| zaf9sOD*G_$cTSzhNzhXReLa}yb;{k25JEGOrZYi=_K_56J}lVyFL&BbFJDxa+XQIY*@vXcw!2r2cP8z>}&PQlC>92hvs(c!huwHEQf{sRgvP2sbTgzef(dZ zd245oxG$Uh-_SM99HXM^G-A=qYrC|XVW<%;a_xXIyOQhV(f33h)S|r{SvzTvv5vE) z#3w^3g8#vd05*_JMFq(lTS`rL^?01~4WvSoE@{+EF679^ocyrub9T z=LxgT1LCI1(-!z1k#1i@dW1#VkX8{o3WrzGE`_m!QrA0f+WIsR^21L{!Ij6WSk#*6 zomIr(Tm6McGIulpULAN3yNA!=h>2pw>G5zj)DTgbc*wGS?EXaN&>{MQmAu_5W@l8= z$X%IRVNe{>kpPmJWH!=|s6r0x>p3??9c>y$W{4pP$g2Ht!b-+EeL{jzkS(*$(4fe? zudAxRsic*t3ib(6Y}HeivLKvoe}mJ(AuVBR#!UH$zS<^$zqD9t0bk~33zZRn?Ge)r zX5Eq^stF|~7ZBiK{u!>qpSgZ{>8McL1vmV*`>&G?Z>lMGoMcp0E<4kDjYJKDwZ~ZN zv#s+|)hsa-mIlBy?qVS2x(SV{E_|Rj;4mlfQAk z^HHNIzv|icx$MNZx(W~u9~SVGPtotfVgoM7Do6{JyQJJ1Hab+%t%Ul{j3^ zJa?#Dl%+89YmQlSPy+7u(98yjWn*XMI z=vqR_{{iT`V5Z=WN7;dQZ?b_hr9{2rg;(!v4o zd0ydyeXi}hHB#E0^-~8^;Hz`(bwFRLVD=FG+sc;iW*=bskh-2R;p?g)&xIs1UYy*s zNiW(BaVf_D`4XW0N%;^KY_sf>Z{E4EwLNx^*@fM*+Zzk)$pv9Thuh=y1zWv$2*Icub`~0qbMJ;zLe^87V+S)=W!w(fQSLaz~ zT*i?k!ye?NjDEl3&o@xbkAtF4AOX)rPl z)iW=T5%UyCT$rJWuC4>VPMVMsgRIXJiS^(gUVM+j7=d9ma3E@-{2Fz1%lpmXq(W)c z8wv-Er1Kyj5&jOgej8d?8H1~t?sDOBOu(pd)zJ8vNR?kvHqnhF5|^{2^xDWf*raEi z7|+seT&-|1*#YVN)0OnWc+X)?L zLxy(NX1P#q0s2v2iw!eP#2bb9}dq;p~`GQF6?M#WA1INr~bW6cIP*cfq4bq)tg0}Putqd`} z>-e~Y^J~h+Q|Aecvsjmg-?)B0Iv?4|WAIW9ip#$Ekm`VI(^VNAl~n`qP#lSDU>?5Z zFWky(3JEGwV$|(TH#-15(7p_jC>$`s{xG;+4|K4`ucrglTlpHv8jw6QlZN`xQyUSy zg~U}AeIIK*vFZ`YMR3b3HUhM(;t9|rZcJdT+T%IWz7(YF9AIN!{Y)!!upNhl5D}in zq&R`z7m9F{&_i;*Tb)3ad+p*27l{+d`N}Z0GEaV#WZ(!?S5u2DrK*scc{ubIik(=! z+J!NS7g{2qPKb-r=cC?pZTd}9$WP6-o=a+T`GNMfWPz4Wc;)GZ2TvKEB5Gpv6y#t$ zhH06QukJAwAGV^%QUUAjC3PqD(8)OxgSiZ=b+qQHQ9XG zoG?7PtTE)s2ZYqQxg)nrT8S*P^cn)c^+G zq|J=Dbzu{EZe{lYr-FI^0iP@b&66e_ z+e^ar4986WEN9wqi^F=NX4Krg{kpSY0GLiuHoG z?TqJa_c?ZKd`UEz+?G<{QU;{*8fhbq+d}1N=9n3pq3EEST|rjp77zgw^{-py4r<+J z!ZR|{PFscgTraW`c%meh4OOe>y%yLY4KeV*Cy~1)$8bZ)hE8pzh~v!{C%YOB#eXW$ z*m#JM@X%@D2%nPk#;JYhK%wK=VI()Y#*C@HZ|m)j1MkT#6CZqz+{^1bwQDaS=L-UE*u?0<`U_JvGaZM|Z~c?8-@% zARs3a6$s@;<@jw}#W)`|RY1&&?)EPazwK$;RNiyr!cmUc*LujK2xMe`D5^M$Fo--k zJABS)e@NWA7W!ed(XIu4$f&ELB;i@*EOif7Ys14KxFWVZb&BDJRSdJ{wfxJ}o1&3^ zvSNV>MLT{wQxV!>!VFifj-Dt$-B5Mhc`v6-p?c7(-wO;mH5I)iS30v(xn+gQ`vwEa z6O!27=k8_2sYDy|zxrTa@a-{6ZBr`}cafY4TjRCHCd>`0wDUINWq#35w|Jd&Z#}8(&&{>DX-i?o7Jb zFOvS~^7b1$lA%3NqHwi=wEPBXJ5Y3GXe%vDZW8s7V(3$5)`PVU#xaq^&I>GMk?SV+ zFDZ5jhw4JZzMFZUq5MwI`N34wpXrC3ODmZ;SB&lw4>M~_p^V7LWI;zmWT^09h;zD| z7KT-zsEXyvYjOU3uGk3kqEKNTLKa$10-Gca=d}Tm{m!?Q&=*sVPf?ZnCV+hl%)}xG zMLSBh=ig&&EM}C>FkqQjqwnI3Lq7XBl>;j*z<_I=j>AwtX^l6?C~D(Ue&@y>?XSOS z!bcseC>b@74Wgb1QJRQ5yyVM1Z@AZIQ6w?tWI1((`^xi@j^>>P2OS{nbiNf%=O4(P@;BCQVXfBiTfEBUI2 z0ng$qXvabmRc}o5Ic0)ia%F?qTdf%;NxcH#S~wC?&s0=WO-WNaL;7Wy=<<7l>8TUl z5$+@+ZN?$k=*Rimj~4WS(V%mFT@pT2FU^}b7%I$g-pXtk<-JO>7*lc=Bl7Fs0g`un zOZ}tq8f{~1Z|?p@f+d9HUYKyGjqMD|8tdOkN5Zb#ABnLV588*ynlG{!!l_2CCmGG$ zGddvEbZEwmcw8l)#5vRbvV?<{b*Mx4bJ;Qs? zUds5P%A&WX)t!~oCFgK-IBvt2p=dYbx5pUmSluxQExn3>SpU~`c zAXI&8y{h}uQ}YH-rSpE9VP9)+tJ^({r`Jwp&(yS*b(%FSPb?p#(<~@CEq?SQ^t@~H z1(Ah!bGJQL1gOjIW%6apnu1h-Z6f-NL1ng_x3Os|H=Dwt$FZDT~kGiOYA7O z%$bo^lgi)dOqrp(UPxBqMyhXGAfiz+<$UADjWpKGHzO1pZ{xk%R1LT2K2lwvlDHFm zb27Z}KC}Sx+K>3;xNq-2pi=MI}l!;+TRgt~8tBE1{;+!4G;U#{Bl4%<6g`dEJ|H zChBtDEO_Xg*wPz!XhNk>)Gi@HSeMVv5oBh|H={2H_}mI|5n#wr?0M=*OIzzmoY$X* z_d=)<@6^6e)q4^WC*As(+rCMv6VQZsleS;>(n-9ci&yS8KMY;@L|$p zxwpl@!d4``9=d9p(j&-fcpw0b=w=-=2ZpS9r|(TTgUP!6z>9U4jx(|U^#0}AE^Xht zO)(ff4g}@0eUBK5)kc)4U8LC8BV~N_j`qUbqBVy_`6r;|s zlGFTyE!HZj;GY`4Z#R@pZG&=v@^1a5#p2ninGSL}Q!%BIqB>-7KhGM5$bo*?+s%xX zx-5W6ve+!eWw)6@Va7M=K=Qh+NV}BB*Uz~h@AG31FTs9IJ~3Eiga2bSW<%uFat0)` z_OYbPtU&|>e_m$0ykwV=VTh*;Pf^TkTpu#dB6(nLZZ2Ls|I2lBpx8RC{(4x}yW4H{ zcqkFmx>7qk^>#v$vWq*5&kmhr@kyLO$Dl-Sah~csybwcV8$AVg(8gMrYrPYb*-e96 zA7Q`fHJV;-GUh~F!7m43wGBgU~QTzm=?YVYMX6W#r0`&1$Z&fDzkFL;+bk4em2 z=PoBp8i{xgW07O0s@k?@<>J$9;?Q+L6j@SlX6C&Xxs_|-A*oUie5d~ojZMwWK%SNu zU8Q`?eAcukeT-$3y_rO81QPtXZk&nf@4_Eta z|MM+@S>@CRnJ?~~eZKASa>I4k+*(>xToesUuD1=v*nJv{s4Oa*|52qP!4P`AMr2f)iRWZslwbzPbCXLsc>5O@5gpHS-{-%k?@1?4WzX6WlW<`uF#yj zR(^VoSnEkZG(J2(6~onBq5)PdhL;u|9sKuOZSN%lPT>l%xWw!kfhPzrR z6i&R85W2zSUeDFHf_<^;YqapM7%-y?>wbak`-eL9Mkja@9?582on9J^mEThXvyt3B zrH<;i{~`pUpWNB#Bz9Y6FeqR z^Hj0)GKQd$<$=b&34q6UBU#F=|2QU(`95aUA zZb1vyR!}UQBnM+)>LP5~~%EP~;qXnPwK9iIK!;;xYw8L8!u%FY`qM zr?eToXYb%br1Fn4EK5wM1>sC2!P@*dn-v5qO(@}rIy6%!Q>*v#C_9iYsnAY}M;Mhu z82`K46=_Gu{;88lg>LFzmILkF1sV01Y-pUoZCx}HK}^IPY+38W3=S%~mp>}F^d+!I-QVbyT)

    kV~nocoZJ@&Isg-y|s8A&T_; zLE7%t+MWJrd92cCWM9gCS`8AjSs*P_AOd=YPq2#TK-JO#K`gpHTRIB5W*t5c6`i{P zHHrf&#IjN*pz<~g>wYJu>0ct`PH z9>a>=`aX0TM-1ta?h=UOG-ByxDwtGGTNi%ABa6zT1#2GN zbgkD(G}GsXMo!xlE?#7WzJf+3riIDCq5xEF*gg%Sm)g1_>hryKx7(;_=ItXV8@AOU{dK-b}g3dH7(V`Y%$LEAfn}Wb% zfFlxsF@hnIUtvpPG$;o^=GbfXowP72wPX9s-P*E+fkNRsgMFOg7y-Sfp_BWVR{mBI z2A9d8pt2oin==y-UU*NpqQw=EPVx*7r8a0yZUu;e3PqRXiLeRa-c~062lqx>!+Y+C z?bf^eMUTdovc+gwaNnk%*r;^kY$!7O=Sn3g0(cP0lUifHyl`}}vz|CMnH}c*~X$#I!>aG9sDt9%Ye~`70SR|oYbJ1%{!+(e-&so@7GG{E)?kF0o z1U?0*M+3T8G3_if&RM>wv~KePe)1bpRqEC* z@rs|d$UiDEeT0Om2g3Z(3J%KI7E&!hCz9Yi)3w7bsh}dBK2xlusN9+3Ni||GCfAH% z?=&48)WfJeaSSG3ykBC88_Iow{lYzPwD=;mBe_&==@B)w940*2HBB#qeu=?1}w z&gPJJkSy0N>FSu|*DDSFes-dzZNRx3;xd|O-CPzL>=>0yI$7!TMFYJ4pGj=rX2&++ zRao#OYSpFer6?&&g8b=1L{6 zOjC;m#)itZ@NRgOR+>Hdu zY%wLdq867_IH*`irn}OG220;d$)DL)4zx~nPBOE3{TfgN5wj!%6*KGm1Wqm)VVf1C z&q%vW7oiY?JU@nb@vb#(D7(Z1<#5ViD<ng2rzYm&I;QytyLbeY;)z$hdL|P`*U& zNY|u?&WFrpnSh`Ygb9}}be7hv-6?3@w>>^b7||BWnmyPldv5NF7KY zlGg5MKNT-zZ`->6^yp6BpohgFGUAWtdd<9tUV=+7Je9kJDk*qaZ#a+}Gg`iCi)%ErQ(<`G=$m_<=1Ast{g!=%Xlr;Iw+k;l~`*NfwC}Ix4g=N|*M?XnjC0b6a)Q zmHZ9YZ(Z*mG0l5gLA|Ses{bv>i3{8YX@PGnzb{9SA}cAi_19b9F=)q6YPY|4GTdk3~Upt$5ZMr>AXe*H3jTz_jUrI02exaZA5wY9Jf3*O3h{)kYym_2r94Xv} z{GH{DP$K%S+Y3zTr#)LLQCF$G)NIm){Rlz9*zX}mE|e1ZCA8$rfw*_Y8_6<+8@zVm z1_^p6R?#+8xR9a#7iTr2T+Lh8Z=V9RZ`qO)DB|XJ#H3ca&uHvdyynK@3Hi&5rrXuX zt1Pc6{>}$Fu7pWu#KGBv4pB~2Yt%up@M5hc25IKGuj)DtzL?__l;T69D1&xSQ+E9$ z=WDk&@SyvaYyCOnwT*)Ev&`~sy-l8^lSKpPnbr~lp;C)ZDCcPo+oTt+D!~lxofY+t zkLd{#S5zH`U*Oy+*t$0$rTBzgarf7+kLkC!mhMuER5h@vCxkXj>4yB|eFws^iy1Re zGi4kPBRZF>ovq#|jl&A!d(rNfsW-oIoa;_aJh;1|wny}nJ3)GlPv^w-onHl?OKpZ+ zq2+LN60ebJvd);KJ(gcV%M9<0X}T+u_Q`fG(p=R{^~rOv75h+dzD5VeHyhVAymjIv zR$1tZdGv0!XGC;;vPq?x14onM|ElHn8`?vfhd*5j?ZZF+=VA1E^1*o24GJvMHjwt& znaw^O6}>31{FyujUm|I>rcW+J`zPvguGm%e#Ue$ed^%gIxIvd2X{l|X>gX}q+iyq# z^r4cRV!JIcnRs^p50g0!q&`yS8Y0*HOOO;c3chmEfi3IB$m~WB<5W}?uQ=x=A=mL5Pb8cEO$E1g=cwG4n1VrSREP zngzs=E%PBVJzS-&fs3z_f8Oiv%H9@MJ$m+`**rl#=*k+O$Hj zy3u>5P?{WF1&Y9)>Zybia0)0$7gDnNy9*s>Jq!DD!G96jM ziDw~PX-dEy!V6r=x|eQ?=ON7h`Hf zuWs-+;;C(f1cPK&H?&_y`_1Jc8MEl6FHXYKRQRk8B>T{i5pF@~G>(6LIy?E>mTtJ< zYq~>%`}3J%oDm}gw~U<1E{1OXxets|;6yd{NvFIT({1=1Ylq;AmAOn$-H6n_zlKxQ0a@JI)Ss^t@WgrELs^-<;jdJ2BurWz9;@+=ULuOcdo zS92%jXNJOkIA0p1(hz3;_d4Nh!-Vwu+1G}kuyFpni1jlq#JYj~Ll2XC7|46nnSMgM zNmwyO4DLZ+8;H)2;Ot*I#-t76)n66e{j68H#6aW(&-=QPe=q%Tt4 zaw^BHMTNwdMfm+$h_tX13KKo#=uvAsxS(N-KdOF1DY+5f2qA0 zvypnay?>q+Hd3hk5_UkLcR@PKNOuv@6$jw98q=Jhz=WRUl?JiMnZ>3RUcX8!Xe z@56-5$%~FF;i|&^kjS_}y4fN5lZntiuBsX2H*9g9z>^}&MTFx&KOM@1a||Eb3Lv`d zj5F~}ibuGDYP| z?%QE&)l>bT9qte26V|e27thJ1uG5eUWhox6X@)fq-zr>+L-DD@E=;g~{<%rH(Mcx_ z9^E%RW_y6e!AZ)U5j1}~%zd&AOPLsG0&|clF7h@Cj5FT+u75e7e?pKMrvVwIF9F|8 zn995soq6>}U6}gtX`-S&M5E;MAC1z-d&uKTA%>JkETlTlv ztV=7ktOdeKxSJJOf!;=5I2SQLLk<3*j+U?bocHLBQ4oMbQ!9&@J)L_iHq+&oA$G;-J9(-MyWXx5dU+5#xbfR(uU87t^f& zpt(phlt~3}VWPl32aYpLQH5dcxAhde8rP}y_ieue8q0iYeD1raA(!pHnTmP$o*SnUnSxU1= zRzF`mQD_U%{#352wo{q7ztyA9)cka|;F;l=>%wu#bbE5;^)~OHi_>c@-}^S5KRp}T zzCHWZ@u%_T>GWDh%c^Z3R9|l<7xo*f{XM)@%|HS?_x+Zf^tg|TpS2Y$P8kwF**`!n zGX))!0Tv|>RkfFYe%5ofY~Z-aYmj&)Vq3GN2oGfTNw=q0UnNQrItPWd}FyYM?VV{#_MHT4$e{lO459O&sKY>4Gx{sk`*dVhqmHf-1dZp>?_sJM&(c>)fQ^vO% z%nHpOtU<1ZC{$AS9_^`xZ+moOo8)HyI$dn0%e=kG+Lgqbx-{}uqUSKAzKHeiL%*E8 zJ1#%Q(*4|2qd4earNn(Ir|l}`wt2SrtU7_kT-D3>I3F7RjS_u&Gp4v1VEY1J>=irX z*}bcFF>dB{EGnj9YP}MV*d3a5p3Ox#+D--=blbmW@Z#y@oPEV(c{l=5lzO&JBGRf@ z=uD9h%>r?mNBFd@19F~`CLtjFSQ0-Ub(tU2uDl?tCTDDdjqjbVstIq6tR3{T|54Yw zH_{TYqQ3GmZ+!!cE@kly<~bei^H}nBT+is;X1n|T*MzR*lPqy;)-SRMOTUpQeXa98nS57Z^`dmYcZik4pW=O&OWO7%Z3)SD9O}M{tQ9iwFK56tUAW&OA%QIRjY}kk zxRlLR$6vGAF9orz|7dE^2dRv>|9=aC7d@UI)LSOxY2=EukS<$p)905Cl6G+!s5%ci zq@8_bW}cO-pDle)mz-mNBE!M9~nU7&4 zd-J9Ahwt(56I9t@ONc?)^A~*5-Tj9nwanN}0+TxV#dEdyia*N;6oZr3-|2ub6nF#( z1xt9vy9@e3y~G2Zy{;b5Eq-s@ootwhLeb~H@1Zm}Sg)^gA5q?w_N*ncTzf}zyt{Fn zL>ek&4h(x?miVstJJsTGfuX+aa`cRX|E^wmg(I8CR#r+CntZhAQrBk2uITrT;sv!t zo!e^frV`nY=j{eQ#IIeHmJoSC+D;*Pz~1%QURU8&ns5;Iz%Ghsb`W}IeCA7Hmyw7Z z)i0-c>DBOqb4`ZZMR`13$lE}JSooiw`n(Re1BF=n1Rk3dz%B%&N*y9RiwyNOuD;^s z$B)+ARz$fOpSKJb7_(Zm>8LRfdFpq?4eKSN1G+3!@Ixes4NL4Zj{cp2 zPHP6JGm#SPh}zWJ&FWK+<(2cO$B>J^{95mApiF45*Nl--UOBX>BTB1WPrh-qlAa~! ze_^~gU31HI+=`+d6qHF7v+{=QOz~0_@(#sT=ULe-f0c&nXCp4#BYNyQ$)kC?=er#SZwEb@1mXO^OS`NQ05ktR&$ap zB_i4`Pm{9u4-Ny=CsZv9J~BR$YYprK*vd)>+^JQjpC1 z8oRrxqaMdrFwmQ*hv*LBkw+|-J{7xrZI=BIzOME^YKV8e#y#x<{!`~`W#nW;ZDX{R z{CcRB-x`Zgtnk+Lg~p2x@0;Ok@YIkmH-PA2cO5qnFaaJX*0??%n_l@FBhLKe^% z?>=-7uF(?P3o08w`epHajLZV!$w??vw5g0YnLkypevNbRR}vEH$+Ckn3sI&XVYF8> z`06CYzBe>=_Tp~-oym#StYTyB}!V9T;- zsk#J`Gb>WS+n_rvvEzHD;JW5J>%?ce1rOH^D(;}{emIIYJU0uJTbbv7AtAZp;K7as zT_i73Y^M@&rVFw3ffk)LJp&ux=10q&$;ruCz?m~1%Jjp=iXR_+3>shblx~VbW(28v zBa?9c+A8Vj+?s9yUH_0odgls8r6*^pQt?6QLeCUP#Wizd%g}>^EEHJp?Lp$r^D!I` zDOtmN4GJ&$Lnt&_V&aS#dyPpJb&VB#s`r)n(g`{~7q&3`P2XiHQiMrSUO zAgbqto#pQpLoClY`J^Ivw2?Yl83lmB>;E=(BZ z4t(n@)K;y7xDqKh1IEQr$7msAwSHd~dMhC91AsOp$3mqWJ#-hA4=Zu4sf|PRAj$IA zwY67Xe4jUY{mnx}|0vdf472#DkO-ci8kC-YEwUE^}=TW{D%~wr(VR2ObD1#y6 zhHp8yg{j}!M~q?@M?ODaz}f^zYGIDI#@sYWS!E6;oA5GCs07SDKH`soLeCmcb(m<* zO1BAM>hDZS%R|)^yr-z1lxmW%p2M-<{EHk_vHaeFMdnhRGLnTU?;W%?!(F8FZsa*t zxCrOk^98BMR2I1Gt~K1zte>{Cc>j`CCZm3w39E4EP<^nsSPX*7L?KCb?JQ&YgVh$H zVrlz5`s3Kkw=Q&u(@Wh_ygk=bAY%jOkt4TmHj)JF&ZZJ{e7O{A1bLs222975+qJQ% z%Lt-^QhI`BvvNnIK9n79cek0b&#APTz{~g^|FtaW!Hgy*_S3p`o}zx#+4BC{#ZcTY z=GL{qr4roavaG)!I%6t7j8eq4K=N0+#-OiqNCqa?-gzMWH0(dH(A?Gs|L8SnqVBR7 zrKe3VXdw$2X#UlgSJf*i?lDNcktZ{W3rOYV6XxCPuR7VXjVzJSZNN&{z` zHeo6X$@jXNFzE`aZ{z-?vbP8@{JNW4&$nwDnbkGbnO2cB$)e}Jz3{{{zwiva{~|Gg zf&CMHzu=SSDVUz3*+}0a38=)|_&Zp)Pw@_&VD$d`iqPFS;@?mHpKHGN^a~%I0i)d5 z{x#JgckVyQvNe8q0keIJ~YAckKzKSVD!Y7y3eRLB5ruDtTX@mwv(ozc4lRS zW>jB=WS)w+IcrHGrsSoaj|!wZ&&6Mc|is zRZK1Ys@8cQ8_f?e^@ZwzB(krm@7%lT4~Uf=45#_;0Jnx!>eYR*F-ViwKdTWJ=n9|7 zqdh0chEohXc#CGVaRrLV8e^H|{@eomDTKgr8y%69r{FI$ld-~b$PGILO@OHGzt7B#4-|z_Wl;&Bg~}Scl>S0+@WtZ@ zkmuJ<7ldMgi_noVAN?`H3`7MZ>vjsDKh=-O`A`%0DFVAV+b53IwY`&lO&HTqci91GMyF57J4f5_vE(Z=KlwAo=se8HT^eAWSU*f<~T0 zSPdmWaHJwbXibLFOd|P|#&!OCgJb|1#iWrHGvT-);E{y&*1x~xU~a^J%z;MrGT|Vu zuUX`5lL7GmqgWjN-wO+?mrXjE>XvOa$ArXGN3J!|Sjm5PF^w#}NExYY$umx5CQiWW z_1=Xx*=&syS|06Th9*()pp;K9r&Qig{0kN_;e4i;#MAj45qZiq3GU8BY}Iq@D(o6K z_dKXuBpp54LI(eC$rET4Cm?f#eN~@cH6jaRytZCY-ov+ZRucbT4`U$GU{6M!dhD7B z89+%vvy#oHAS74zf45WJOh(u4%J;Z;FnBoR?l24|tbdrBRWSgYNJ^1$PjM0_`?mzHm@{UMp zE1J!G+lH%s2X}H-^WABU=R7CBN@Z&Z0Ks-`Yay zGw3RK8~2R-yRj*m8wDpQ(PH0-q+rNIRdM~3Ot5!dN}o(e$48?I)h0jXX-?J9_phkF zIi|Z6{H;TA`vZ~i!yk1ami4SGt=Wlz0R-^0DtwjZK@Y>ekr=tJ>xNDB&g|jIK)}~k z)rYd{P<9~{B6T#;9~|i)v&dQ#u0ZlW3u~D@fApA@taoNT`K1OJS9=`?TgV1z15}l} ze-FZQd-gXrWAz1WjFA6k~s4Yp*rN(rjGqQp=gwZ>X6_1p&J7a`d z?<)vhV#84&M?6lzLreGsT?Q&R36``A7sPs{fgkCzVNJHs_GidLVNZn!z3}8#hUq6` znLY_~%7FaxM24hWj?fl|`PNNC_!Z)VA|iuxC(J#&D>2XLbH4qZsI7R#|Dd3?$N@xq zm9?KU%$;p=Z7>ipXSz2zxl{felSM-QtU3&Lt26hFccfkDj0bvS!h^^39HJx9$=7$m&l&_je{ZR67kEWM0npf z58HYmf8gXu%fkV^MA1XXMu4v3#hPf)hbA@#3+Q343H|U)N8LwaNc^~O)WKi~ZCWc~ zjKmq5Y(FE4kxzphpqRCF?eE-;aKe^_HJbaqP|6l29ZHYdPJo8Tz6eF!fzgz`#RUz1|_dvog^ z{RPEnvE>ScLfJ)*WMY`2@h3D75cW(bak^Z)*z6tmkn2~d3!B#LzLQY5wZY1%{l3iMSUvw&L9*qPxLL&F zBlG?5Kd(q{eHal^@Lih@a~Z3%)XqB3S#YJEHEhG5NqFL+b=C~dR|?T~96DM0{8!uM zse)c+U7BCnVY_%&27vV@;&rS=rvE{Dapjx&2VhlFB#F%ENh>d$(n@27njq6bL zax!kUN9R_yO3N_1>A<^BaKJg>NJM2lAW6JzW>&6fRNuQf`#}z$%{8l-ozC@NEr9XMiT{tSuYiiW>-rT$ zC8Pxhq!Ey2=i%hcE68dq{KbJGG^WhmMyiDV`Te*%Eh) zP^F8OVj|ypCu{nJ*Ee?xT9pR=(anikgod@g3&um$j+$`QIZXkiNlq&Qw4n=%ZY{<; zk(~`b>r&jV-{ag?cb9%`=SOyadn9aDH;^dJm8Y6{k^p~S_e?Fj{iE#02M%@}E0S{Q zt7FaMgSb00>wM{T%2k~{`Ohy3xh*c)^lJm7^Hr0KhOCwXs8SO8~3is?Ar}Z2J~&(k(pyoh4HZ{O}h0=zHGh` zXWRCRd%MaL)}PsYGs}&z7ubDE%{ZtzmB^y|H0;QZNwsa8Gw(crRiC>sDUOx@-Ijp! z*B?tMPk~r>FsJj&0LF+e`>uoY_ z$Y1*U?KZD7MBSx?aUtv?*TPTU^Askn9hJ;F2+U~Xo8!HydY>mVH>d){7~HrxCA-Dk zD#gZ-fcT%P@gn$KtoE@P8-Wj<3Ls$34IvF z?B_n+WOz0`eN6Q)Io9tbTdXM@jE&XS8t<3uRPFjB#JA;G3$l3Xvf&xrrswz5%aEAG zCMIhf#^s@|A)BjrV4fpsLM7SC&nuM&j0%!IY=5&31sRy1Vm6jE4EW0mD-2J1)tEI} z-xw|2q>Fl=PBX%(MSUMrUc~6W|GDG%h&dgpTr7eQ$-@vqmg_Vo615-WlfIqV5%G^= z)4NVrAs^GR(`8|Z4m5eh(KXTd^&_`uqLtS9yeWIRFvAqB1pxsAy-cQCSE_{s7|H#r_{SmH>fXgJX_4OHQIZ@Qb?X zjWVA7O9}SV_yPaiocZ(Z42FD-Atj}j-0Zl6fG4GEa9xSYi4P%crU%VN^UVfH)&Rwn zO`?_%t<|xF({hJlYK(diQ=)5l<8Za(`aOmTgu2p6WXVwz*a~ z(-@*EQFsi~*b|6gdFG=|A)Z!i0+3zh0+f~(1gpa}Dc$PV-M?uNkDA zT4HE4^x9GUc_NYEdRwIUk9B!c$)wU1@r)IwxrI=3t?fq>`|qwFSj?{duKbUJ94y}O zeHFlWe%Aa{1|oAvHy(9YL$Ah-nIUa+n>Vu`5OXc#HZC?I0{Z_)j_Pq`Jv;xI#c{f`Svhndx62&UY`#PTw^o-N zHz2dsWwn;CM*{$mi2J`GXZ;&JRH@KoIwN9_Ax{5A9P~F;sK~$y7MD3Pjd_VFCfgaL z$oyN|n$y(T(+nO{{|W8kKw_0o^7l_Bf?7FBN)52*YY_%du)H zK8CTk(Bpb8`8EEanR6E9%aws6x2-*SA(z8!u1<(2U0xYwPUz9VlSWSkNKmR+&Cgev zMYYHZM7d5qEw}qVXC>B3(MXnD-!~12c}VrDJ%4{@UixFD#OIIv%Z=*ghBMk9FY$WU z%FmX8S|4Q~Ly;p{^HJBRKIaa$InX?uq(~tc(2>AM9U(FSNhS2a?2&vo449b5{^1W>HcqD4#S)Ntk znRcAS^_{zN`Wv=o@ANGkdpNB_l`h$PSRzloou0A$$&K1El_;q^+6>MadJs|!TIcYIm(xJel$59;Mq>MRnCe%67d-^ zsaD#o-6@8w4rJ+UenwJp$bfQLgz%boRio2WM{S8iK|4v#O?bK@T0u8A4C{>PJN)iI z1d)@?T6&@rVy&3DuPdGGuUNW#O&%+>QXTayxEAtwJ$RlIH{rBo%);kn>nUJs`WBe% zg=id6*uHT3O0&F&jb-``5FSSoeM|IVGS%3LFVqSMQmW0tbc`N&Hfrf+Y4&*QTt zM<&+FO40BDf+1mIRr$H&vy&y^YN-m7pjrednAK#P$ugE_Z2mGJol3@XyiTmL92$1Y zu322=uy9mANHzXkEknFAHvRP{x$%K^fh$3MN76#96-riXr8c7(hvsK11`alF%+nDg zdTdj8Wl8t&sTI#JNh~f#ayB6)mZbtpN%BjICBOO;1;d6!o)0CqP+KL;fsDiG;gHFS zaf6HYzNI%Sj_1bUl$g&p2CgT$CQb?zlt9@JDjH zQ@q>ag~~5}*XdwlVX3{N?MV&ys^WIG7xj-0cbOqCJ*OTdiynN>ZGcp4=c9cXNg0^{H3A>4(P`pOJ9nUOt*QmwqPR>j&(jQ#gCFkTZe#Bknf-joZ*M#sh?s)(&!R%e$A?NrVV zv{%e@y+W-TS1CJV5kzD@^oF_zc@tduq158O=sxc2vOiv*QDhb>R3GJeMXRO;7y1)S#>3^a zq3IGGR(|JB_y^CeVVgzk)UDTABVm#%9=y5cxr7i%A|u_6Q7ih|_IYh-Ulx;d+WDV} zp+!2x{>U@eyPVf^G{uZi&%2gKwCJ|T*7_rp#|BiGgzwZ`7!JjQHdN^nSpciB^8e@-v81o>Bhp<6|b%nu-d>%+Cn!7F-=P@(u5vF7Tdg zltb-F8ieUhLC~HMmIeBPARVG*sLjryq^Dds$7ktB1UzM1YiocrGEo-3ZhE#02bDl9hqv@$Y*5d|@%${=jx&tMh+*qAn>f(GTpApB zc~)s6cAr9!OG+vk(hQ{~AK(TTBrCo_-{(e;je-{SlhwKT zm;-7LLq3kShz;nJ$Hc9x_8hfW!jKpCszJofwQc2Y*F%38ymMhBHHpFnD|6?T3{9>l zuOi^^j$EuR)r`7=i3cleUKYx{6{|cM~f-k_7+T1arqn;q#n>*$p((-E2g#B|7m z^|;@05+fPi!86J&n~_NnWq9l6E1ge)3X(A7S|VtLMhNP>NI!c<019`;N`>5Apz9kZ zHOCH5!)$mhIk-WowxtV0@+NNfjbP@>!u9!vX9}4}EA=Ab`b4IU77U?@Q@yO(XgBSy zb5o`JR+YzkRl5|&+tYU4ry-_l?^nB<`2$0+j15vPM~{_@nfq9m(qik|m+V2OmR|(I zVmBCzXFqNQE*!TKuJmRHTqiTv?6Oqy3cxbb_KOa8g3E;5awj`R3zw=W)6;HhAFddK zN}}Xb0@NG`>)qj=W(f+(rr=vO67LU8K3_dE%CILL=`C^|QSoeSNOJ4f^Ou9CaGJ)F zuO5IvspnIWR4WtkrBB|p9+VQ}+8<}c-%C)!M@--|&M;TU8(%&(3i049=V5^pt=H{W z-ein{e;nsU>jG--Iv+cD&0X6tt$6u*wb39zWOUnL;z5h1IM4Bz8=VX zv_$4b68xLbFy`ff*q5KUyhlCv$?T@}Pv>!KcUwEC7Y7RTiaJ?fa~pz2jr-pXorR1A zA0up4s-4OzNXqN2XFVkp>&}-CNbwYx!w%%f|~VAG5fs` z^{?fOa0MsT2nY#Zz2~t;ta+`efMcZS09jN{te|hdP1%U(+8E!XTRs3>Y^wqdipQlE zHv)5yZCYr?dB^|LAb>m9L+ z*O1-0dVEj|ST0BU&HWs!p)^`iQ3_CKG^cy|&Ir8e0h$-lTS!s7r&0>7 zD(1p2ry6U1n;h6$4Ex@*3aYt{gSgLq;X1R^_x@39QCrMU%WNsPU8s|gi$@8f-Q$`f zjJGs~IQ%3Xs;uLWM!PYdck=m8eM>J8z^8VF3GLLfafOP%4+QJ-4WS(J83M{`@=Qxv!d|BMu5s!ZWn)%u#Yqeh;&rP@Z z@PK|&Oi(p;mjxztQd%0Qr#l@IAGCpi8A5*^vTq_WBvC?+L&IgV+G7}OuMe13gSoO06=jPA7%y$tHXC5BJL1|7%c z^~DPW8QsUi-Lx@s4?C8&siUwNb0@fNb0c%i;t10>-Ia`OIn(5QsBQ{q;NV3A6z3tV zr|IQ1mlp^2T7QDY$1Kv7g=Vjno`KDLN?Hm+P1U`g}T-x5tD${1)$wZK1jpT4Sz#KTcCwe0Ko>~mN{ql4_ zK`xqcE`_NF)iP_kJxF40BugMcdWVh%-Ifm6Uc};phs-aO z!T|M#CRZFi01~&T&u_iq{9g9fA7G_X8Xh4*Jaxsly|OcRvZ^RlE5fndrOn?)r!-k6 zWZ3k8VYbe8<6CWUV?=lfqwbG@-#Otfd&^%8n{aV)@0?IDeRsH5%SfWEXCSE{7gLO z^STEoCnrZ-6k@J;8#1r=m&NWlHQ)T2k#OA@kSM&F7pi8QySb)kieHI+_N(9L;<|1r zP$JT3rUr3DOi3A1-h8sMM{TX~BuFjMuMCshDk6X{rCuPis^0or>%PdvNxolR{jm*^ zx&6Ar=z>zm!)`%7p(IFASlSLD+6gg=uN!MpFn#kNoW@6#2FK}6Pe}(;h>M0zcum!R zpRhF5e|#_BDLJe;#8s_e?qR3N*Aq}acg|B%M{c$w(tc%ZfivWbJKv;M18UV*60^q3V$)@tkrHc66rNcoY5;tGkFt@G&wPuDkN~Y0 zumz>{YBFo9D*So*T&%A#;|J%t6s}KNVt~G=f{f1|IdkZ}**_3RjP;8>Yqu*CEUXh! zhA)vVk;K@G5kI_J+TK&@B@m<*0}Q66&ql<2 zm0yX!*yUB;X`lZ5sCG66@!Ldov`Ce*rSKq_6CHEz$;SV5Df@nTFmHV#r$-W**w|1tL%VSIAqjl7^}H1hqOc(S)zC{{>h zxZC6Qd%O-0cz0%{kd(kfsb77hQR?gWBcffA8F72p>*+3kkaG7owU@L3ly@wio0|vC z^)q)j_Lj{r7HnT^CCuVD!gL^6+3QPBy*w^jOJh+_>8KX)%W)m)|9ArvYSAvZ&%#Rv z#|bj-87VEI;i92&8XT>8{^3Oyg%z`B9294ed$))x2(qiXVHxWCCF*5rqXlkkrfA$d zx!sUO1io**@_+{PGNgk8+n1X7+0u^L6-ta+h z`_ojI_|8Mt7m!E6%BC+N!K*|1Dy!mgUp!;6*GR@}cyc;R+;hc#maK4iIRl%^VcH8-W|wqxu6IibZEhE!^5o2st~ zQa`84nHYHr%kcGV8o$CIA~rV!O#n<4YzkHS?-mwJ^wW)@Byceekid6%FAOuTu(H8& zwskQ*%eBI95y^Q(KIt#4_-;X=HKsaF%mU-B<9Y7nZ$8f)efi6a{TlDnHyo+L`MART zfuooHhh?jJpWSZb`SXoqGBNlL&B+XoIDD;-b4tC3&B)qBJ%S7;9}zPP6hB%R8MU4l zY4{XC=y~Zoed)hGpja3sVk@cq+51fB5}e^s`o0sHEuM|O!&Apz;HeE~F5FMioZE#K zK0ATb-olYEc-Xu8su|~la*dshaXYv4>kubHCF9@4-@VTx6;zJi$NU-Dtu1?wMSM}u z1skmM+UBjXSkT2)ci8a?WxR=to)Et#TA6rvFmjP`*rCQv-+6X6PiFN>eV zx2_*YmqF+RhEJ-tGM;(5O=O;ua|BMGg2^+{7Px5=t!TdZ}ebK+NtDAkiO!|o;cm)W3F&kWMrwb7jM>;fM3yWyUvYkgqOt(}cSJbdJpUeLop z)p&26)8tE8fqe{QPOVnFIuH-Eetl^uv5&v>({|W$^N0`D;=gTG!=&QL}qq+Kk$ z`IEoD0etuSAF^K}kxL1IVVwONh4SzobqrC(WzD>wwp5FgBrCl4Qls!5BZ`9y4P`s} zfu*2!H|_gQiz?h_c_OOT5bm%xk}2kNURT0Vn$DNaYN-}fXUd|QlQ*pa7r1VCn3Rs+ z6-5@HQ971Th)*TiQ?gsHEWdc%#OMcI)3n|Bx^OU)?n=~j^37E%erL3VKXBTeMh%X$ zHe|~(FG>-8;pKQT9SvP~KO2y6{aQD5vxoDfX#WJl#DK_5*Of{Bi96IkUbk6+dp{+S z)1>hSKQuO?#dgQc(%)g%YRye|hKIzjr=`$tVEMc2MY<6GqZC^vzLP<+@uDMFmBT+Wwc}zX1+FDYod{Z6fGLK4Tii>Y-NlV5MY{yVFC3e?sKd@Z&(%L6SSXx+weUx zsF8k!A$$1s|{ZKnV*ppbK+?P_4res!8*-fYW9W| zmR?^3G{Vz{OyE9tyy}I4_A1s7{Ps9LQ}PnGQ=HOEL9I;Fy>@yZ;)MMizHD?7@-LNZ zw_SUw$`e-06CQR4BfqPOy*>5XAv|h^Wz{exPC)1I`GrbPm}C3T8lR9oV6_d2I|O=n zWJ{PJ+vd8bb%)d(b}IZoGaxGROWWi+T!EJF)!$HB0ygk*rjZ>Z-3tbEq7`1Nt{G(v zV2?!ZUSzhvA6U&XFIutDXN7 z#4AI0Z{$nStC=h{z|*={FSSFVPfTLIL%SwEJGtf6O&Qwb$J|Oigp8&;A#GBHJMI!u zeXpgxd(~|H{+&RZv-_cqK2EQ?X~zM3So+kHDpv_E{DW$pn#PfO<#D^h>WdA5xo0=E z0)ye`3R5F|z&ahfwO}~WT~HddQaiPtu2tk1b6_Rs|1+3$ZI3NhW3ym!?e=S#r9o*I z7Xp(FVZymUj-E%z|H%aqhIqvVBrOCw%-vBO5{rrRd{?gwH&&cFIrlu?Ra~M^JSS6x zYmKOR`Emj?{bWroJ~}uF7;NLIl-9dg`|?mmX(|@i&3UDBV%r3SJ&=}I z2QCdL+x5qWo}D)cnvdnYm-rQ+=4XtigZw%CjzBx z??aeWWMN2*h|SI|RQQ0y5?c?WC^9#Z~Y!vwx_RoY5pf-tMVTTmFz5d1V zdnuImv+fWyqq8Mk0f8z{X^c&23{7>EAS`auhh?xhG${gKi464saXOTz^gnO?*FWr@ z0si4#I5FcpU1(svmNAoT4hPD&GRZuGK1STQj_>v-O2{Em)dQ9|wHZN!0&4a+~6WPl;x*7dN{U(#@so&^Z#J@)i(R}M1 zm;XpIAUG7t&}2Jk!HR`*ZP4Km?cIf{DOqSm@e1v$?yNIYs!v7#XIQ?71@U0zHV;pu zhtuYKEko#XHCx0N8oQ^9#ykb99Nzbd*Y1lHqPqmUS{%vJ(Wv0e@C7QEM5)}A-R&KyIQJ#KSI`Zx! zn5!|nng0=ZxNI@UwFzB_07WNA8sw+Upztdded(3J^U--`Jzg`x*>-Wl$+SAx^X2h#PwC<)&Sk_=&|dGWRvSK- z&*QzHl*0FWrWw1PIgF#yM@PMzWU*S(2myXtdl0W5^JW)e)|VtZF4V zU~eakkMB#Q4T=BB6ir&24^fblqotv_1*!)k)`rqYK}B}|tD~upMvc|o(=7O@KM7uG z696L)J&n~l9@6}-!uf<9pj(%|2guK|-(JonK$ZrM``WUr{MTef^>QEZmtEeXR8T`i z2|2^|T26-Ev~SOc>EKx9E)B|^y3I%%iTd4LSG#@%Ag!LO9;FX+-7^jJ3LMYiI1;B^ zZmXP_1JJqm60sk;+!`e=U~zXgw;G(GMuIS}}oLUW0D*)rY0u<5mldre6;SH&Ea5^#4iy`E>qm5K?E zT5?2Sy?F=i&x?`&i3*jfK6n5#WX<5D24!TEY&;I8{3Gie4Vrk*!I`OahHb@KusG(R zQ5+^NZqLb5P#mZ%$Ha_4@>H$$d2?ib5`KtA_>IcERO~j`Ov`S+pYaes^@>Y&&B&@P zZVqT$(smnlJxsEzCg$xtpy$sO zAWH5<9W1iT`C6#UH_x|*-+Q$-P#*rsb35*h`Ms5^Y;`*GH8#Do@AoOreTw2YtnJ$1 zMRpT%HJT@6uETB${A>^&%#le)_-wgINYd&>lz0>q>+`POgTkL3JJisF((Q)8Z5H`j z`%o$OrLHrrUR4MBhe1*Ir~)X;2P9rQ5nKHj{X?QsX4rmtU+co7+pqaXQu4)zEh;+v zBP0$?#RD90l1yM!B_Jb<1Wmk(4B$R1pUk>M6LE1_(di`7OCW|wAz&7=(V75#G#&kJ z)jG$Hxps?)1FEJ6U-xguIooY|DAIl*tO&hc4Ud6bTpNt{|BR$}`7wc|l~VvYdEZ8W z(|cbk&*^H&ZF7-REIeh_laB-zwNIQ>k~=is^UY}*L%U=OV~WF6T6P-OqA!swvs5&a zK_o7K$G?9Cg(j)H^w{^niYhG61S8|?kK#y0Ec20C}xzHkA{{VzWor!HWu+Ql9 zEVuF0;R{j_dc8Go>p>Zo%HAEs-GvxDU9Ws#VPr?8OpddwI zid2-WDV-a6;iCaRjkNtYk_182?pFe2;-he(|8;A;{*L|{t&w9GoG;wtCArug_2-q* za?UNWwaQEUuok~@VdUk`qrn1Y*+$Y1^FLiTUhB4-qcV@$uP$EMyZ-E|SG|HMU9%oRvSM&F=m&2!^*%^TYM{4v zLZLoQs;QB549e!?>(pjF$o{oSHFcdJtfk6p4EL#B{;&CdAa5bsT0Px+hePvz$Qrwh zO&t<4_BlEJ*TYBk+`pcTHw#pBbu{k!1m|ystEj;fqB^i)8Jg1PVyT+2CKHT#bznOO zt|`VoLD_aKPe6*wLx!&-(vuRH#wmN<-KP_02Oqz+iEZkXguY@oq~mo*w&`4~MZ+>6 z8_Exd$=ZC(qTj>iD~+-Mu(~01-X)h>B0=HVXj1E6~ovE8W7Dz zqR8r4@INKNpPFYNALb>NdI`*^D!|WSw&tD`8rtv0e5|`Y#1=uo-m+Xi&eAW~`6Epx zdis0C`*eS7Ewjf<>=4uBkpO)^7c4h#wDJp%&1g`*Pvw5|O1K&Fp8e2N+w@~ZTdK~G zB1TI(%Bnd__z%fj@Jy~l5#t@v%69v8R1~G~vacQl#Jr?hs~=hb6YJeuNr82Bs@`Mg zsh@*Yc@6b8u0WY~Xh$d5i)N;gSham;^4k$zOVVna1usd{9|CSZ%I|uaprvBnYdPYL!UuY>2ReKukDIZWfASL@iSZ8x`z^5W^0g?V~Uw>ye$ zehr?RN{m7~j%7wquN-)>*Hpr}@iFK^4(cm~E<=^zl=1~QVv;nqKYO1sj8$PNM}%}w z-^Q;A^T0*}NlQg46BWc27|)2&2tRS4d@VO~Iq3C^1J%#j#AZ)P`r`45ZlbPw#G70( zg`cYi+UmJQ;MBIh%E5g-x^tFzQfub?U=xlbAae;7px^29DE*eaK^=Bglnbra;4&#C zHDp#S5gXgSJNq0H9cnrFpz{vAsm zL9jfw1Wj#QV`K~>jl7dNp10HfGu41#m}sSuQhHD6?B-Y6JY=MnsxMh6v$(sim?E?$1@>tt<;i>sCuLYW z(Q9se1V_x8+eZ9X`n{nMji=NZc$`Uiyg$hvU{13j)aR*R{Ji||ysW!g^^%u}wNC!W zuO7&uA9G(f&syG7S-IOXo4vZOUC!t)5pT?%wh|<=65TTF5fmj#tvfGlEOgty)pB6q z`#FO!Hbv>)`)N}OvM`BC#EZF8IOb==FJfkvkFhP{jH4Eu6)|Enjm z-P@ZYB{;f2bc>-uzSBV9ndLo)F51k55t;1@E8pHj%E;e}_c!(ic`zVIFTR$!$adgj z95yiuNPZ{aK%ul)x-VJK>E7N&x#%74J>|MYE38xIF3&F>xsrU#U$Za$;8{s%aeSa= zKoZHcgWr7_Tb1r)IC5V=b8vO4tTXoFG0{*KZs#FCEig^)pPeb(j=4W__NS0=BjJGO z^_*)-3|<#!P&Xugjc66D-Ds000b?y@B(eFi$nRE6iuakLnB0cN;sW3HifP~mgk;a5 zPU7qo^N(8c4a+3mGcL<3(

    Ca5F$kg?&u`bYMrO4@tVd8s38KN3l9cMxc zR908fVi^Ka@S~-cln#TYQpmooU4n#48z^Y(F-t~JIyhwNz+g`?zS`pZmI=@whEhr? zQ}PWhhg~T@E#1(76$d_-j9;r}F&nzK>$1*|>!^vr<0~c%YlgS-5Doa4wjBCyJ;BGG zOysfq_U<@7v)a^~<*64YKKC?Q?mfk~4P6w>m3@BzeJ{@h&E_T8lM*m*sK6x#=3Mfk zlnJB*5J2G4p2Do??Hy!G@UX4diYFG^;YdNTRZpFTK5sj}jIV(2Xj?xMIa5_({I%qx zwFuTiLA-pF^Nyu(!B6|TYm8aWFbZChSmQIz7>{U?$=5cLHtt~6#@QR>)r%LLej5I< zahoyIV#y4dVfbeLr;mg8pu%?__l|!zU4RSmr2RSG*itpQefz{-1- zdcbqI5*p0r8c1n}V;e|f)8CfhV@@tcHT;Q#JgoNg1>JSTC^9LUgvt>M&9P6-kNdb{ zP4d4gp5JD46FW6iFa%Mn2+2LLy(^05o%)YO-OL86gJRAWf|wvOyCxl^^~6^^kFQEyd)~ZJNd}Ia|vTVnXmMB#rm{9 z5&CH>{LE!?8I>8X)Evu88QQ3sOU|BV+3`}_&`XBY0mUX{#CmeU#diC=o6KhnpJvZ+ zA#&Sg{pBa!FmzlNoiANpi*>)nH)ZO_@lE)_)Z&vc6J>#n9tkh$LFa zPPNCb+eWqAliZ4T3rScL9Kn5iJIk8^v@36ckF4pA>Q;c`~JYgUW=CER{ z7Sm&BPDaB8Blt(W04JV}W-FaCVhT#|Eia6F*Ey+Za`^Y(S02w?LU1jE*!=iua+b~@ z({k74EjCX=>*`_UX2>2{G_ImI2ND;VX27dN4vHh53pQ@Hh`yP#4@kalZXoZn9Z`^c zVj9^!^+5L?7cx5pml9GSZ+Qd!Px@c{51tYf$*2fVnblwds8s|8REhfx#)5(m`g2Jun&!fqM)k zJP{L6aTXV|v5Qzpt9FK*qfp>EMtqcVG z2^&M8McIl$0{|@`>~Ok!s8YRT*fGvw!nKol^9JPO`{y1!4wi zqG)kt!~b{N3Xt-g0;4{bPGg*dUtyV}rWmQ*T0VMheQ71t@Pjh>H6b|Lv zJ<$wNHVBO0={g=49btMvZ!i*MlKwR`bVV0n0cQlVHs^3rPP8#8X-+AIvn#MYd1hom z)%O^BKu+3kaTq?cDg{{I!a2-G@$NVPf?KIJf6U+L(^=9{h9Ey4uCX(@04W{G#W+av zw8(F6uB>a8;WEoV@(SS~=664!OQLYt8htB$3m_J*3oxT+furlPHi95SFg)L1CKpEN!5F>(vBvwJWNL!0SNT;yN9s&;6GsE#meuD$GJRoHw9eUW) zF#b89-sV@@>(W8NE2$9tp?hBEOGssgvG(Cr-0ob8iXREdm zZ(x<<`Z5eUHKnh(7mz1Ba*{+ zJ8?P5vX5`Ab8Nakj$*z!#F+3{OExM}uP|^t1WIx%aUAA`O+HwY+mqQC_+9=0IGqC^ z!d%I_^NqTfhBrw(hvC;$F=x{D=bO!u+$c_Z2+NQ}I-N9Ui|2PPrJ@I9lD0cdKud_-a`IKqzU@p0 zfzEdH)O*!8v1~f55LyRGWR>c*p-95W01~IK!AZfRRcjyVgT*Ta2^&o~gBC!@&X6Rf zHDGg|eD06u23R0%0k*@9l(y7vYXdwSNkzmKu2Y@#fD1i5IrKa`{}}NhPURreMxK1n&hB-MCi0y zgp`oOu$bSy^G>e&_=4>gMke*BKEM0+Q$mhqkD9%T+{1o4@?K)LMvArRU!8ikGC5eK zwi}9s*FRrfm@i4xR|Ej3-f?)ay_n_4Hgh3n0_udR?CserQyfRZOT~04%r0HPvO4LGrTv`7A)QI~OEUQvfVx@>-ZI zlvw6T*18ueSp;BE=P@EP$Mm%TSCq@? zdt0vW_wJfOCCT19Y5Ky#)bX??195vA;yk>aWS70gf|&M}S*Y6@v{=b!emiK!L@;Zk z@%B)uMFGN)3VGXrZE zBlw8f$FJtrCueigO=WyCH9J*KhFC`3d*-|^dOIqiY2p35x3HV@CF~sj^y3mcvfMP^ zvZ!#8o?RZ;OLXcU;<{P-Wcm(zYx*O4U%)%-Gj&(;f#ij#8m8S0fSHq?1$3ZfKPI5S zs|E|{9&m|Lt&80|BTz(6qt>sx|5f?b8W%4+<@&AM}j2RW(72f*$eN|DWf`W=FRYRZ)gu*w-EZ)jr+ zF9NQj?M$Q32lm5kkC62{+(aBl!kI`|ZTN{JV1d)%+REZ;>mx}Lg%91;C1WZS%exw65B zie~kW0IOP*@%^k;%DQKs8|RVMhP|aV52BUqaB$AEx9sep{jRJ~kv5Cmj7MV9c%x5} z$AUQf)gS3Yu_le|%NB=~VOLb?KbwEFv<%3f($ZCK&3iPR_DPKmnv;9H$1=6eKeq6I zzt2;6Cz#0bZa4MN*z0N}V^AoHNtSm=%hfO>cG#}#x!QB5FK>unPO1q}5Jd;c39{C` zpM3j;d&5vcad`KKwk?7%r*02hpfUHDgjaL5{)LiBO_@LwZ?CUjo0hW4`=rR>Du=d8tSe7=o9-PF8ZK zP`lE`zI8cnFUvY>NnkeWd^E@dJk`UcGFA2VkHDpxbz4>Tvz&xzz(qfjo|gVboDrzV z+3#xBYV?2Mg5ko(z+Kg3{j8oxJ!g@UWDGzo&mout9lwX=ETG2fKd=#xpCwqgwYIoA zmX)}r{TljqdA#K42sUJR;mb_M2gd~ZnRT-_YIg%MVJz!t0MOAVQSHzs!5-sU zKI^7OdpufGs<>8;iD5*xkZdwWC~@z-QKaaNvH{*+HDgC0{FGCFWnyvt5};oZkK1Ke z0nu$y5+v3pHC6aUzn--=>joh8S+_GS>yNm6gZKF6+n)0&&d3r z!(|k&RxV7Ek@&9*2(1Ey)DKt~1+1EWtI7Lo{&|;BX-OxrTP6<)zojKQmxgzw)g+A_1@uZy#e328WlSt_DT>m?>|zUZ zE}2=%_5xB4t?J*iIG{)Noq`0OfK?^47~*NaFpI&mN2pOO+o|2L?~kLU&nB)t+w8#e zrauN`sw^EH4yR9i99Ee2qgP*CPn9H`uz0~f4XM70B0OkmcsKQ>v}M)hg#c%hjEdjq z^z9!V@qe}S9Uexm)>@?I9)zN3+|V_O7sU*7vICfEIL&gWS;=$ml(KmAFsH`$>M z1#=P0<}$!iWz?7!h0fFJV-ny=1d->{G(&&}J18Hu6%DQqgr$cGHm;h&5RDzhwg90& zhBCuJ0s}g2mmfhKvKBW001zsKh&XvjQBdF$SW@~oCp2vFYtY9n1G))xhfijQVJsvA zlE&V9$q&pkXnGLuG1gyPG++B+Ipt9Va~qh2Ucac`MDK%{oTOQg8Y17s`KOYvaPEo~Xtodm|A#8K!;tEzBoXZiPb8T&k6M>*!Z zd7?ElSK0Op9LKcs<4P80+$25E%ggzG5^Ypw$FC zB*2&9b!;kJwlh3!4;BVy2hnI#nSI)~@%bJ@IQS}ULi|*IxU<|Mrw?6%xU#-TzK^*6 z4%gx!3N#pz&L#`QbVf*SC&ST()SIzh>L~cXeZ`>h5ZHosCiH(xSsBqp_fexE&cc);M%!q1xyVm^tTl$0`Yt{P^)c-`DCZ#2BAI@!`wYFUpS?C{^M zEN{94ySc1TAr)T8^Ses>(BgdQQ4cIVG-wt%CPWD4c0E{s(|jK(^z6L9WktZvqJlrb z{LqZUXHxcNMB)esuCZ4;Z4+w~C{x84*R>j}4jw~5S?k;X9zy^^`$QszP%-xkz+CSi zlH&XouqI#IyDcC8@ag4rvpbH_iL&!4da$W_rse6=PU$fCu-L~80K3fwnmD|sFI~?9 zWTq2n!((4f4YHbLg=u@!rxFYQ?u(pCN9P5v95@IA zQ71RIgqT&8&mS~LuGkdqGprI&y^e^b{5>NcZ(~RxR9MDD%!&3KcZK7En9ywXFy1Nl zqL3wSJt(p_-gh=XiH2H;o^IBDNnt$qyw^Aj0;095(f>2-CT;ej91 zD0cL2Y}211fBkUM;fI}izePj0_GmKN6|Rile)8OMP~YG=uHoT48UP#^>$@3wFAH8T zm>bj}q<}vc#V$0u-4K+s=~h#;T@MW~Y!8@@{P)r}_<^t-btpZD)a5wxLIrPqOg$$kk5|`5FZOBl4Yw6e9rAGpkHpsoz5M34gvjC0Uwk`ZAMk;8`|pt)WSaNHJ7nkSM2eK_UYRa~NGW$VNELafq1g^U74+^P#5pyU2~UE|+|pIfQu+r)un+ z6^OT_t0kT|4K~Xq-L#z*zch34XQRDuLcAQ(=1SF-xFi|reRvqyr<<}VCf8?%?<2Jp z`;oRZMf&B0W1$9rKp&%&qcF%B&FLLKz|>1MFX7PEDtrYj_U#TMI9NY9gVV#2bVyA% z$2bV|Y4f9FaXYpE@HiOoWE z<8)}|qLlF_hGP=+W||+WUL>f&{+--U)R%zVLt&iJrET#YT?G#H!~7yFHikrCyfb@S z)KC5$Kdn7peYN;GZ=?BC?b{oZ=y+j#nRcJqu$dVY6|!1ZQ|sTA;$b z$jtWc)uno`4SmQmhL8lb&wspuBSc-`5E`5S;*C!LgYeZdBcnXO?}nd_{@y-2Iy>TD zHUe&VA^6kHosiMUuRcxt2|vyLM$(4IzP(P1D!IW-R~mP(5E8hGA!FK14}f^{WTRPS zX718r$R0bV2$TD2%l$()L!arC{cF86DTw|j&D+JjwYRR**=R#sf{#*b2e?c{!aWqi z<3Sn%Fa>0JTUp#$`wN?fd+T8ov_q%{kBPu#W<>(O_{;_CZM!s>ls1W|5oelYc@azv zja2QNyQLAfFCiVhM*ZV?jJJJOwYeBBgRKg4th5mokfKB}*vseFk)axW;XM~`BT$jdecPGzA!~B0%OE3S7myVs|qZg}F-yNGtD$gng-6^pfdO^=Y zYoEe5R(LhAUif0sK(L;`+oo5HPflO^-zNGX|E+L*VgTHbZz?RZ@T$*m1}$U8`iUIe z2*t)|r;`#}`3H@BU$!kmHjjQv%09l2!lW`kF7`0-KwS#_Mb7*87!P@CC4t~0zgxzq zx_;`bIC7`Kc5H!5&oCxDp77G)jd3-fY!!u@Q26XcKu9l{xNydKXq24S{1R2; zlEe7XWd8FI&hX3gvZcztVViVD;vt46st1BKGOz1IZTK26|g>_`@dQMv_JHxK4RoFhF0Cx zKGPDaK=_A^_kiMal`8NksslLOfcGFB#Jtw?D0~id!LF0=_kMjE% zV%M|#Oww_w>wLe&x!SrCT7{`XZDAAYdvSa|+FC(ef__@6PZefOuhIT!cU$!`R8C89 z2yO73B9HJ7Pd7jKtr;G$?ArYF66cSAH&;}CyK+81SjzZQw)*mfbf|Qu?)pm76O2>y z`VR8;3)fXygji>At66lb?^Q6Edy+&xEJ)7bUA_n5BUE4EgjWUeSe=lF{o8MLANA;^ zXQ=~du-C`OKY%O!h~V0c+!be7S8r@J^%<&h1_7kZHTAxav0_}0B?et*ALnF{-&TGA z?y=_r=+1K_pW18<%F3}n%X=UB;ICz;0It-gUi@IK^Y`b)rHr%4=y4TNo9+Iu`E^r; zS-(WP&~(Paqi3meWgKZA*SVo1;i<>)HZeAD*ZUa)mNNoNE%#sk`+GC!?kTXM3bOu@ zjO{AfVt!klW!@4H6k>I7gIY{n5M20n@6{r6tBY^cgO@h12Tn{B=UAz{{m1F(ogU^$ z9Y1@&J-6@jXXT6EVPt-DjgRr|wM{3Qzot?nUF$8!XUkd@nLC2ZKOWSj5_Goy^;_d} z1S5v6i|fIYslGmimy#|_+->6mrE%OC_2;TK|3XX9IVF{Fy?uUW+%B5vKo4yJ8TS ztB@OjiZdy3r*k*4*D5XAm&4MB;UM(0sN3Hpi(ftYmM=(SR%LwlSt|^C*G*}Lw4i?lL6Up9o%N6UCKhB-A)9&23&|rcr0%nAW!G9hp}$^p_3pKM6Vvo< z-vF@oaCPI|VvkbY;x_thX$jC0oI4Q=08Jr@gnJVhe$G$C1Mu_Ji$5jaowOOlgd0N`e|<4;e){EGfV$=St%G+ii(R9|5r6U$auS3@(Z%dq z8mu$NG;|=;?`uJiymyrpI*x}3%Yd!E*)6JplkS{JlVXhKJ73M+q4&#q$h5E#d7Aa| z&9~=Z?vbCOPY6Cq`AH@`pOONT=Cnw}2mJQsH-to3y^^0YAIv?{$h@m#1ETqOA&{9@ z3Xmn$kz%{DMZM*<(Lz%)-d9Cdc6RDarDzGUCn)dGuD3&(&Q?>`I)3UAB!ryYN8d^B zyHnn9O?qNRl64;yv2M6$IqIs%8;8`jx4CRp^-IW%l}@rCUb-JBe|m6uH%UcTUGa)w znlA0ur7O}(fl02q59EkVtUA{jFr6U8^#{tb^>X`7dJN0YK=3N>)W(N+Wkf-jzQMJT z*RKJy3BXGx!2icw z)%|NYq7?YiwSbjIk)XJKgdlaaCaAy&YekStf|P{NO&T5i&`vF4eX4JeAKIaw#J6Tb z^x{~K==gKqBnZZc8LK+2M-#w>R&pN_n|e%O28z@AG)jI2MXl1;e~eVa`$XdMeR>yG zG?Xq~uU`5*LVA>3&$?%?d7`O(mn}x~*PRZ;zsX6sNTdBWcatrQ57&6E(eNY2`*g-# z6y23ovToc1n6bdWa-4Y#04y3fw05rK8~KducKY|^R{-FE(ivVi`Oj?@P5c5l(a!zF zvKpYSUz%Ki1Si%{_vb}=dPqxSyVeX+PrF*EC~gCyV-JF`I?JF(gkMoAHvrmFe|ii+ z-rWX%yc2Us{>U3^^jdsNg9WQABJW}@+c;HsI&0xufeyh&>S!?GTm*XUD@OE%JUkMG z`~-BSJ(!?jI1y4-2-iT1yrMQ(0~Pcu9%lI3hAd`FDrn;fclUf%(*`aay{K+}Uaan@ zX?34qP<6>w@g0yXD6|A`U%co{lP44+Fxi692GZN>PfLSK7c`%m+Oz-yK7AMI6gDsU zdt>^0r_&*qPu>A|kmR&Z>_w)h^7LURPm#zs+KHO4)AE{P%Banf0Jw3+U=Wh6Za~pz zp!xP~=zidYhG;uDK95fr+HocJu)1Y^rOJ502@Z#yJ%VMuKG||aX`p)U#p^_!^)0R6 zqPn7d?W>$yy|lx*Hc?-mgLfJ~cZ&jUhdd0+%*I8;s!p!LEgd`eon8rZ3nfb$MD^_y zH-(b(!N$4E(Y9)7$s6pv-9!HLSsnBh27-N}EF-WS#*&D3bB3X1Ak%L4sItj8SkhpV z%d0gGo^VW-l;*7YppEzVis;ifz>?OQ|DRPXL4)UZV;S8V=bYR#fbujc&mC2ZG*4>O@l(>j*kA2nItLR+_PWk2Me4IF-GHf% zX{phzmoxQpxf-&a0C6QLm-pQxVGc7i%*YI!JXE_kabx{iKjKgrW`%rVXliOv+IPw3 z3}aI>=Lk15qd|de5ICBX*!QNpk-gw;p=p{%yfoOaqY=}O={DHbmxd(q`OW_X0PZfk zo**1mFD(ajrChC-i8|Bt4YGHNssz>#O=)Znh*sF&p>ond(|Yvs8!80L3iLv$<9)L} z$2RT#E-z}{IIg+p+((qn)vEd}MM_@CKE81^XsP1$tNBs!zhMf#bJ`R4YoC2qJ4p-R zcV*fh+DS+Y9tTk|zHa1&-~}`X_)I&J!W2K!9L{ieeT)4PiyG(2~BnK6Pj+^`ObVG=!tkfgJ_CYHMgp0A6S*!lg^YKwIfH zEuW4cBJ)2TC}9FSQ4{)cl0uyC93JRrH)JEx>d+%@JnF3ZKIj(4VzBv-AsUTx&Ea#_ z2zQ;)J)FO87*Ee`oA4kB)URadiXp`{*CgGIROF0q&>WH(=A3$NYL7W?aEzYy?*(%& zPqypHBv$y^i5wP7>#eGDut3caxS7=J?GsWp`gGMHD=Tq-8LKLIS7{#$({o%IBorrU zfqO4!>cmkhxfs{@XWC{drBrRS#XB?Q>D)o~W8pAMxjO?saX4V}NDiy`o@Eo`gV1g- z=O4UYp+jwbNc!-`=g?oHMq_VEYfh7&(-pj}<3$I` zhDj5-Ih|frk^NEMz;7bp#mitoJc1JN4$Oh$e9wh1idk_hrogx9ACnaX$|terOxs6m z$muOwpd2JQb`|hHun;a2SO``K>ao5IReC-{R6l<}u?P{nqC|~Q`Se5~$W6o9E-^sI zfG%R^NZ~J074IpjBIf@ zddq5+`mY#@j-I`YE2vg~yM4O@EBsebXCEk_4xo;Lq?=weNEW~)g5b2`806OTq*!>$ zo9Rf`s__f9gD{SW_7qCrC=HbLra>RTY>GxL_07<+t^(#rX`*<{lg`VhwZ4)UoW|(~HK?u^6wOS@!kd0C1OK>uR|9TxBl}GLbxcXbGd!-P( zN3T3dbPQLZrU!q$pHtvE9+_dxBa}xNQGKFC*#pt%GV74M=B)bK5u*TYxJcTSJj;ilJ^qr0=vt#jb9p|jgp%= zqiMa0E&Mp*f7}b~5bmSB4RttkJcElN8`^GJT``OC8#rXBf~N_}(npK{Ul1EU;?gyQ zO5;#Ew_Gq0M-z{4Q8xzZP%JcZAOSn z?mmWCR^@$u{$7s7$2|tjB%tz@RedlkiiQT!dh?b2pc!SQl}hYR-z9|FBq+2%{b~}I zm5goe`^+6l?6)wnBFL@Y39?fseU*pd?)%KTTQ+2ox$5{;4mUHHWG~+wr&p^dJraev zF5D;Y38n;8l~(uusqurLsRWDQz^7Gjf9F5gl`8WhgX<~)gOuNeX#V?cT2^nw){e4z z8-X~Q82f|JP8j1E6l-+e^?@2ETcq<-_KSjSk3}7yX1ps+C%h?hcgti%eTnlXfQ?;xG1C0 z$}=4F2r$aTy=8*jaP3jz7_4%X(Lg6q&&ELefHS92gLoie*jgCh{;l2VzK>R(&iVkS z?Xb^{m?=O=j(w$=_Nf5}Y@W9z5P*|p9^;%4Pi5^?Ksm3!>~`gd!)4|=L%;e0+nW2M zf8+yn^?T}7=5h5xns+B;SK+mQUWzv|3(VCkwa-X&Q(Tu0if@`KnzEcu%_ou)#{7~5 zUWg{nbMsR3=gH*2!m&0m;V=QO)+)Md4i?>63n>gvxq#oD(J=7FbKv$4{Q1RyV8w(D zxONwKCM zQaiH4X1kqMu+g6l`J(aqY)d92S#zz0>=?cEud@Mp1Wm7nqNFZLUIhzCU=fPbW`r;< zf6^)Kj{>p}+-TZRL;2~Gs5mon2JEJ)hJXkHC&HYsr2(_!Lzeqg@Z5wGTwJ3m`=bNt zl~0lHu@846s(9N~5Qf1u$4>*st=H|<-SjZ?TfVW{U~f)m18SLf6$r+T=Q`Qpy`tg8 z{GZyjB*8wN{QdXU^{*bQNDQd<3Skr98q;0$FAV8D-cq23G2>LlEe1mAhq#wLcHh6v zNR+e0Dv=M|qj%v7`YCwzBo2T0x8T^Fcr_hhVKt=pd7S#V* z66rpdN|WLqg7iMJ7)rL(GI-_jM0FFsjkd5JyW5G8;wQ@;v zPly-galptj>!3v5*>N&3ka;oG`~3?QCP{^o{Z_B7{wpz zCL(R)#=5>m#WTKn?P&a1`tPKC<@vVpo==0#JfIQ zy!++9>)s}P&^LJf$$IrZ^juT8Jl1>joJFj)=cQ~qcQ;HCJYJ{wpTDi=le%#SVT6)A zZ5m;Lpy(x?pkZ~6n22>f_AdZbQqd%8a|N}D-zpz+R`OoD%sJkbrn7ne-T3ASLPDXA zKr$Nb^SZ=O60s2g>uN$ph0dS>&xENEz#1`}}F!&2G^VNF|%n+XwdEIdq+ zH4I|?vwWIVeipGH{ZpwcJ14VT&|SQ+&GlmgV1w5&Yx*%%kB8WE2!`)w8HLsV9lw>M zSc@nqcLmJEqs;*xoP+qTB66}eV#Kr%@W8%EH5~;K-S&w$t_B`}9_>23qI^ZH(B>>Zb#_GMxzZ9hTdE(m_COxn$9WCbm)38z6JS z401=*^{4!Az>gT(u76!yOLO*>dAYHL52*8di56`R89}6!^eg0kW-BKR9CUe=b+2P$CsY~^8tMbcH2TuYXwZc6MvkaaJ zE?vZQV{g$J@DKP2ti6FG?)~}RBD0v+TkX z_W)oRUP)eXiySpH1o`V7C~I1Fw1+M*qSh({Y1^c)$elT?7L!ON#&kdF6Lf)XPooLfRk{<$0 zZqD95I$SO?0(QszORk_(z#%$iTx4RH#A@QKbfjAqwjNy!_HP5w`RW#2{<$OXwvOnX z$mYd6K*mI!s47rtVwgMRx~f}QjBANYTUH5L+r@v@tSi_Fd&CeYPqT<$j`q<1+T9%M ztUt(H9Zjm6|75#t1J%=PAyyFM@a1qWRl4oLYw`gr7CCZpVekcErCHckD)*97EI7>y-GHixtZw~6Of3Uty*`zP|rbM4f}sagM9pnnFx`L zEm^f2)Rm-#bAEo?RX8II23_J0#(RijV}fNRuT}xtx=VV!y+xF5*tCwhzLxBL*b_&v zz?qWsDc&>dP=)&|?mC#MUuhctlp>B(^|5w3_gP3(t^=I&L zyP#Zu>-60&(Hs%wgDEesecgJWHJp5~Dy|vFXZzYS&nP8cRzJZa@Oo0^P-=`$9H)4y zBnxV5ZgS+#$b!>ys6D-tA(xq^rj$T%6_2=(xUTrK)(^qlqXN^PSs;Y1?K|S)5o_YI z97o;qU}g?=!o}LHZOU7KQI>ZCpiBPLuGLCgR@*i?`d+GJ=Q0hdtuZ(2FjklCAhvUz z(B#wL;|t?)By*g|`YIr3Zb_sm>dMkK3F}EU%|1?MyL4^Rv21g`IHGHo;?+hNMH7dW+LLjLa0oqg1F=SdfubAHg)TrT$Wed>+=Mw5h5{k@!*ps8Mz2 z^WOZl(O5C2A&B)-c5&6MH-j&;kv+DZ3G71%dd}&Zi=!-UWRvnAIjXuyd`{<8qov(6GotgzEy}j5OVM&B zrUxBvFG|AgF()>)uF0MGq{O(9c%<{l#c9Ae{?luPyj}w*#s`V?w`3IE5c1Ip>Gu1e zqVdcXAGw%)bBfF0N}n!dRjH`%=Mk{a^Ew=<#U{d?C2Z<_=s4l^ILJ>Lu#W6wEzb}= zP94Kt`=7k`P)<}Ct^BPnzlERVrcqJGQ3Bhm#M4m@{|mPZgIJ$9^v2528qn2hsSP{< zCQEja#D$ZUc`has@_fWDPtvs^5d3AHVCzuF3|-ceP2r6tUcUvUjvrvaWmd?h!mBbt zMa%pkj(WSJRc9aV=Ge9^zGLj_Ez+4jtZ%UNmUp{G4+TdwwveUCpxWncn-YoCsfz>hY+T7E{OEj4A>HJalJ9fRVXKAac)*2r$ zfJ%OIVMd$zSeLv*QnX^*b7`if25xcy#z^IxNZmBH)%Z*C@`@wB#KN$}R z^uZv3o#Ncmr6GDl<{|ng!fWfLzc$lcvbzwvb#F@f&`|7<=~{4G2*=m#JN|TC_#5Kq$n6xI+*6e_bxs4iTTGxlV;~M&N$9d_!fX6oAxjlLw=GqMimNW#@WZO zff6pafsx}FedZI_>uFm+euIB_r%mS_=G8^O^8XaVV32CX^2Y<7critCUANW6)CW$9 zZ15Z(tFrzaFLuXko=3Xu6icFxXVbYh8k}{Lv~_qwj0AK3bZcd4F9;nI>I_Zz%XxVC z7)YAHK6sxUz>Fx`=QI>wNRj8hozsxoafg>0C$G$iLJxX&lauv%Tm8QrQCNX*>T6-v zBSr=ZWNYoW`7Z@p-KqQrz72)VyiF4iKC6Z6EAI-X<>pKYiXdz=uUijcj(i{KKGP{+ z+TMyQ-Wr^!yXje7GQVl;rk2poHbsbvsnHdj?uXR%17wK`xiyNcLardkb`n2S({Nnm;J5dCs8)=OP5?&cFW*~^tUY`~ z3|tMw-Dtg3B)6DY#DH}SD?j@-^cu{vx*-Gixk$Wh-Qs3kisS*NfA z_(Kc{>g#6idLQXd#+7PUjDFPom`-i{QX+R!U6@to2;sO(pr7Wa|9rJYxm81m z-5y!9MB#1T3n@$Dlz9jDS^HHJwNo1pj&EW%i`R+sz}!_V)ry4Mg9Ye!m^j(P+qbz- z_mEU;gXlo_Oisy`5d>Vp@_I}z4| zxGD<@y0~9!KWvf&8LIFOlosfvesUA(j+Hf?EB(U82#e9o7}Zmr>fz~RR;RD54&RLp zbk2e>fr?2Yio)Ddk2Ce>8TO1`N+JPy+`Ug*zGVW_@frK&8G>cm`_C?qtOO=(r>g9( z5%*Yybf2{8h~UfOf>;|hzJ3+aKI}n-JVa__p1*RdH9Ul8LXl(PkSedP%%~c zF{ntZ8|Qvhsbg?M#EcUD0pI&nyR9`dR(l{PFY}T=gL98=VSm&r*h>qr_RZcs(ivgVc zT?L8B@kT>A8fvC{!Qew<7NgbZ%^63yLaU0Yv}L7hc^pkg5NFCoGXPy;czik^QJhG0 z&rvG{IqI}Gcew&7lc6FyIGv{0UZJj zD%upS_BAV(qVoPV*$+M6r5;LB=ZHgTdO2DYT0LuEhqOJ`u9Z2Qr4BG>@l7xX^xs{7 z3IuxS8CmYbI%}<|Uj@lzap+@H#VUb7&Rv~eYg@?!+h4_2z=p7igr{3(8d;8<+z#QV z3F0?aAOBx1fOP3`cHGp1AUVZXK=N!e-{XOkJ{V%a9e}hPF|`d-ZRKKjbAM|h*Jc=bYo-MSpdLs&Fnb}J<&+QH{S2GU2~>CYm!^8^>Cei32D z_(R=*F2}fS68o}N@Kua)h&nmC^IHrhAoFztU#ybFE{C+0ekmOn$iDiuCZZ-{e!Q=R z-bm$4Ywqh6mwAR9GT`aIU!`94X(nEik=sIu)x8zjoz=~`mV<|k+g3^5LlsZoLtS8T z_^p>bzO{-DI+_vNX?$1nTFy9$=HyOmFLi38gHQnq6NLWx1=)o*>p1Z=+lpYsi@x)Y zWWJpIWup@hu`S8_-ntV~Br}ocfZYT>=eQ?`omaWlp@xrxUH^U0=SxU6RCMr`Hz>Be z-{Sk&G6<4-i)SbK6HWJr(5!TQvZEaMg}@GU`}xM*Zr*w_dl0*vnVIdvTAQm7up*2Z zP1fw`7^uFcy!aF~tB|T7#Txh)3zlDl#{#Ph<-mjR%P6PBq^`sQCTNfVHn4R|=C+JZ zvNmQhJ}xHhJL|Hlb2fk`MAR|pg}3Y9FfjMD<2fVhm7J-8ja9W=w-2zN)pqx9dBSV;7W>T}KJn6=e)OCn z^6;<1@97;s_wREA3wez5U(r}XF_~;7T@;cLA`s#oavJb|+Cp(K#U9>A8ZAVE6}c@Xy;=4*2Kx-Un)hKZ zrighc-s6N z8pA6AfY4+U(p8X@gQ&JytF4>Yr{=ad#tI*##pCTR54>%cL*T@06HLP<|3-^wRC6h~ zrp-|FePH%$|2TE?*Q88oX6qGc}=eQUpQcdxk^zU2(i&nFC z49Q|ur7ojD6unN#r`p1&lS$M?ZsI0sAK(0}{3sZ{*mV(YF`)^)pju8Mr7u^AEO3PR zuI#jizv5lodh1+NM&CmDSj^li@KwFX*N^5AKQ73h2C(!s;2F&*MZuKx^qh%>@|Ph` zU;qwl2*lVsl~T+_3w`949CxAjkP{L571+`I-dn0a%i(};(T;&$ez`lh4y%e;Y9Qye z=Ya!yFmGg_4p5PCB>fQokci80gfnVbKG6dP_jD$YbRL96C`~{r1;km}V>)_5X;#&M z^-{(W#t>Cy4Hg(@7+3zOu*=zM8i#5m61hAmqVCS8Uu|=IcZHJEMX$2_#<&B0ZM@>e z(xS?aPX}=El$`r0r&wC?aL-_eXdta9ols8A0Aa08={Jwjc@iXd;<7GH8%sStgoqJZ z&nYew`KE~dC_l%us^DhX&eYN0VzI2SW4xTB%QAn``K+|?EnHti`f^3)r3KnaR3#1X z1HM5=c#d>1$6vlJ?=dBQl}Du|d2kF4`b~2JWlR{jy9(r%+lJP;E(Zf62wM@7RpX+C zp47ddjqbS@RXb=*X!iMiNXG$=zbon-F(EU+@juU3p0cI+?gFqx{Rb~bcEl^Mi1x5IY&!1H&0+#NC`EjutM-F zegF4EB^}JHDfq%avwWbhT94=6X1xCD6fc54&ee+ml#<531ylHU(m3Vgn68tzWg<_$ z9{zrOt3IT_bN?lFC^Ni>j~cIIi2uy%+cJ&xu5xmkay$uy%OI;7V~E)2%Fpd%%Xn`h zp^=0acjMK39!JI0a{q=&DNj`?jK#*Ry=nie^2TWeMXzx5zAgi=KW&{Dd-9AWtS1zO zC8jHQzJuvqrdoHp;cSbxJqdI-?-BGcChwS>s72JQ_tkH-7YRx`O<{i#y{3kProO{I zx0)+bJs%NHe!z~hL|@x-HU2EHt^b%tq^cF*fpz+;jS%O{lLuITt4#%EyHlh1oNUQ8 z+aAd)43SlgORWP~l6BZI?c<{dHIkR9oxr`)BoTqlNeL%CLkBK#>9r1k?6^+XBHr3a zkaowaNABacqG^?{H;Pj`MD=w`4jcsgVq&(@XtxP{mMwoKhRasc4t>l1E5mYf=nk$S zKG5fB>4{-csZt`eRQm5P`8=2cko2rC?qB^0=o|sbdh(ECU%44VDnA0YbbLC+hWHZl zvES76@P)5y9c4K)R}O6foV9LO&TS0^IPm2@{8BZzib@{C7Xb;%_aXc&B-7lQs|$GWQ~reKZA*a|datZGzvk z2|szMRrwwWqQ7j~aBUul*6LF~`;cmFJK>_*{wcW?f##$p=FY4nWFxu4MXGfTXPj*x zlbOL-jXtQ`L+tKhk^hypRCBrqG8_58rzsE`LIA%ZWB@h(-&}$JLU|wIuY+sVKE*|Kay+9d!TR~Q57<8@qwgxA{>{qQCl&gZG03e$hm-wn+M$N@Q&-n} zEZ^^+w@1~ko=2BLfM|}V4pu?`pYQ`X9-=?`I_O?j8j%%e^Tzv+t$JS*1f}gE`^`|7 zAB?1I1amXSKj}Pa7YTDc({*PS6=8gBl8f!2)9Vi|N^85L$**QVa>RCiOhc`36td)Z ztmJT4W#%yqY~UK5D%&0a%CVgymW0u{U-uCZiri8d=>TmQS?Db_F9{1%Fu0~%p^u9Z zCHOT1wC;HjEfh$k1rBsCZUF?4R<-81N+AUGB$w*L`j0Qr1SP1VUmosHzV`h%(Mu?S z6!|9Y-q80-GTWXwxfJQ;xC6u$|E**_tT@u$d2DQ<&OhZ&K!5W6r9 z;}N76?B^VhavWwsAQq;-0%kNjern3(K(0KWRoA6w#n&4=Cr7_~;8A zf-Xk*K6^-IlAi%6@DrNSx5~DumVw>mMQs|IgI^(xp+o&qT`Dpc z4Dwr-7FZH-6|y-Cvjr+(WHnw2lF}#$iKXnBMy4WfO{JP8+~VlxbHc{blZeSJj3UuQ172bH z%XQ=W9v_=8MR|g&&)XdVV$_ z3KDc*TAu)cs)w~TqtV6{Y;zQCI8+jd{>pruBg{y1#rejtZ?tf`Esn}dmIJb&Ns;H) zOVbLIPRnj~7gTzrkrx`y$9;=**r#%yL}?_#xOLlG?yR>=2X8L{C<0Lyf*%kZ)oE;a z9sP)-Ymuj66Y8};wO+$E7Zl)hBK{&~XZl3GWCBb}y;*eUK9D&O$V=VJ;KzcBeya5g z=AI@|2&GM~HvE5zygMivBLmr`tS?y?&KWZbIJA@jxEO0onxdPTdePch&dWJJ?4c5} zaW1SS#lxD{zS8I!#Ndh@(G;dI%VeRZ%YA#M_BCl5hNchu1O|;&Y4+I&zgdNKfz&cB z`ftn1Q2Qj7luC!q#U5u0?idjIsXozY@DkKZB8^V=gJkQSM{Yg&$0o;;&jqoL>>qB&CIJFS^m#&Kr9~y){2^T0^){`T1p4}WZUlQw zvjaldBC1r~*xZb+7CE17i%@%IX_r6F* zJHH4AUlQGk4Z9gv)HB-gHFo`0S35fcUwF(Wup$lq)r6|@e9Go5jy)Fo%QDBAK#&$B zTgeJ^_a9&CyFzpGjic_qv$&Y=G%%ri_pT*C0XG3aFw#HEwzP%-7XU>!#&+L-I5(%P zrz{6ykBQ?kg<&Wr19b9Sa+-kXTH{L1-}?;fC@e)7f@M00@E5QoHX32ZVTz3`XhWYS zwDs+rCw89nDbj|r>pE-TI)16@FF{S8BP#Jc?&!~! z9cd``r1-{EmT94HW(W|YQ1DmR&hyu55SYJH}8ce%O+kVp%YSYO`6X{<5Mj9aaStOb|z0(PyU2nTYkF{y7BL4kj=l4hmHG% zbwfX=8}^i@H|#w&ZjeN?R$;A|4GBK96NCd|+-j-M@IN>aY^Uy({yHlrk?EMApiS2S zN~;H}q6x4@0_g>kuK6Mnqr)G`;M}ocku(VOJ~y;WY4?+*D(!I|4dnvHy$!apcFFm} z0-KtOjDl)Y$=vjnUiF;laz&Uk@pz|kKEvOcGg5TBSQF`a!@$7jub1vZ#@%dhi{c1P zX!_W5@>ZwZNmA0rt)tLm{_m`l?o*95tLhQ78PHSXGewj5U)QY*91L!{GoK0{B*kZc2<(cbAeZfs~|eS$IOh6-GtfEIaAXC%n+N& z!*r8-2I?`4a$=umE5JdcUb(mR2pVy$Fj4?ut@TbqzOV?9tI7P5TbiKtCOqs`>k zKcG&^oHnN&fk-s(QI9@%UOac=hZ7}|>$T_{lkzY0Adt5)9mnk%oVt+318hQwSy;K$myT zZV{G>ZLvrt=NB)AXI#AN)~`bG>RoP3hw}ro`mpGZ=`j;9J!p%(#Wpnt^SnW~S_9tC zm*j>bR8lJ#M_v|l-S`p;$Fi`R662dC#qEY_9x_GGfu%8KGsHL+7ODGUO_{(Mo~obq zcbR@{xBp$;E7b-LR4ZnQ#wd=A@!h#&Ft6E&8`YwRh)i%Ig!M8WETlD1@g*2Oh=%g9 zBQ8IH731WE__S|a>4mOCY+TWO-X4U`3 z6yhQiDD+3)!c*iS|Ay&i1t4|Gf{GQ50Y;QFAgdosjw+OAs`7fTrY(PLA;#|Om~eNv z>jaRn24sPzBW7Yhv5MAb20#ujknGJrSP(Wtg;+rV-Qw&Ig!V|>~dxgxS<4 z_f=Yr2hUaAIo)s7Q$^E{=!hH<mzbSFuc zsFS4PbBU)k3lhiAD$4(A?7})p{Mieb3M=`bfL#mr2t?2)tVP9)! zL4--eQrds?TZs5DEj+zT$3TMr1K(*7j4Zkq@SKgyreiQ_$CRu4Dj8+ zuV(-79dU|G-yV6ue%NfHHbv+=BH=%A4_~IPR`9mZ%=g9|NuP;aBl7b5NbO5t$;J9d z#cJPQv6y8_qnK|7Ue_xA95lXmuuOn4lTk5A4~gHFGrP$ChS(vkeCJkwLvVR>C-*6u z)X%wH8PQdPy5Nxy_OSx8v4l*43irN?-|Ng%H4fkI=U9GzXW&(4^#q7J6G?kt6|!@C zq5M&q-M>A$b7U)z?#|w|d#iSZv8GO2Qt^bM3aTF!sU5^$cxbN_C2h=&4`q#-Pzrp% z4dXk)YyK`(g|!XwW7-}I=%#2_a@%30M|<;cb(GybWg&L<%N8In%CGo99r~MGuP+-W zC4if@SHIAIp`B|;_OQMmr?H@fiO{jDr<+}Qb1BJ%5V_5`uE*6S77?C2XZZF&@qqIt zgj>DqOBPe4n;$xe;$y-dmY1IM0vjUUBXq)_4MDR`F@BOJO!oV7`S;#eHpy+rE^se3 zW&T4z4`0!!iDdJtb9*Lu;m5;#=nXNT*@aaagE!c%o0$|ftbGp}kBiZpsg$`7jHe=7 zk)d}pXc>xr#tW)~u@5RNbi(?pw)Tq6;O`#~RdqS*T?3x~?ELxe46X-4Q^@$0^*Om{$$*7uCD^WS^l8)UfUr0Ut%(zGKgX|VjQ-)RsUNy zeD?mjqw;xnog;|Edm-?q^5%Q0#U$Yj{r%D^AomOoOz|Sr=BM_qM3G1@57m#V)JK^S zcFgKWT$Mm(^Sb;`8&BXnq7+NfQd{$#%Z<_+D5;2mZLmEqxR)N%CWNA0fui0%Z|^pQn=5 zk%>|g_pIofy zcYZcRpU|BNUdlYQ!98+!id6SJ5oD2kA z_ouLnod>ejM1Fa3lT*1;^~Hc|dU7mqh?GGr|1&PbwTd;sTt8lyU5NO$4O1dV8z zBax)R==I|Y5N!8U2N+U=`I7QX3K%>O-%F13`T}oY#JIi*uL}6@JpT#sc-$E*r6kfibnSD305pk*0C+O>uk`{CW0=8b@Q%_R$-wtg_ZjfEakIel z`|Pi^xBtzzhqo35TH8j`*5H6miv94ou0LbS4~^6T8o5%msXpRJ!dTco^bXKM4A_wY zp6@!{qigxlyAN-D{;%^;#{Ts`@Hj|ljs3&G4Zwg#S}Lccg#sN<5c4Jy8uuF;Kv<~o zPZ$T;+M7;ITOb*BLDT5}-h<^a@XHF1jP~XMVeE4|D-kXX(f|sv-^l{4>~Rlfh}nR7 z23`N%N3nZDCcQU>uw(L@cjCZ&dx+^LX!6ik#kzbt4bH#?KwX+mtAt(8wmd|$SoigV zBFv;sX>-E2?{$&NNu*(~vhHW$@>x_94JqT;MFzDhqS>NSUk9@2jee&+E59FU9vZzzVzH}PhS97 zSH1vviU*?%b=ehQ%mzaR)GC2N;7a5h25A!o943D4%^$Job)9zLa1v0*EfjTOPFpkkX}Be0ai5b@3^?80cc*yTeM5Lw;X%rr@e<7~r(= zzu|op)CPQ!`9WlDv{2c4LX>9N75&cW6?(^X-WTaCg{g~&! z$i@!{lwL@+%!+>y52&@tDlmwp zP)wZuNMQXiKyg4aaI+tuu>sv>qr0t5NZ*Ev=$yM3FWI$X)f2Flv1#}>1w;MAPzv>d zg)l<@ttk*tv%o?hAmr~Nwhb~)DdxDPO>Eq+XWpK&AOOro{^$6k5Yz^k7BB;cNrKtr zez?4K-0vVS<)oDWa50`oNL$-bsp9R2fog-Aqo3c#DE`+XRFJV&$%}b!4FG>xNeg*s zhU|aQUx|xKD3ejW;wDfk9a;1)h3~(<|F^4fHXQ^4zz&TE4;0wzG#2^C9Rj+s;R)1y z8GJ&V;Ek&dl+EGdbQ%D7F;=beUtsyS0fLvTMVyP&B&`pN-2H!x+#n@Jw{jY+wRBpX zlHWdq&yLMb>OpEvOZrE|WAof-el|N79iMw((KZ97ih7H;2OthF`KIvRWXUKREf zU<Ca6#t{2$gM_#IQ@=Q78qEMel=b zqhbn2^y_JWyH}?t(d~6N0m#k(?ih)HwGQW^1q}3XQ?gijknSwhuXoy+1B5n}0176< zY@=Jsh>Fm&ih=qM>p%I%_345C6x{#;TVe5=vQW4B+YO-5=QN`HqEACrgz>>92=H$= z%yM4}*A@Z(YS9N)g&6jDvEp;anF~^VxqH1@`)7a}idB4zM)mw1;5Ni~TLr+s3~Odx zr<2Chouwk`q2DqO?a^xieZgOoZh%gP+&B3PJm0%NQbfsC)Xb-4_pKMeEKUZLL%Cg_ zx|*DMoX@&(%Dbp1l%FjG5jBK|DRMTCiX?KoU9P6|OOqRrQW+Vem)PPp0y3H@1$OP} z4t^(6G(aoN6Cn}3Kt=memGgX4@`{=Rm)+RX3orgC6UWL9-W z`)t(eyO*13>jC6YSAbPE0U&!act4fgjd)rTH(6=f4~zomgYLvR3}#=yN(Kmhy5#{b zA;X^~f_ep^>RLuV)xrRu@CZ1}2$}*qhl)A?bdvt;WEJ>giY%=M{OV+L8F6)UdAtfN z@*e@wt^x4Z7jy3Pu0|cvs_h|c3Lr%UeXBU7^*ta8sf}cI0Zy6VfdvUGQ4Yp$FMqs{ zuI8D03sFD_+_(VND)Qf?FYwS%%XP^}(AmjafX>bY0iIDGNm_GdV_jiafO0AOkk@C1 zx6$Rijtk<?J@%^VtKL zjCmciA9(YX2Pw=4_*^`b9Bc5}gC$6cFEFQ^fR2tB5Cvp2C->5T86;iOe5UL6`)#ZU z6Bf0jKeg9RIR~0JM&K?@ve_T9tqI%8-!ry3Mxpo=u!jvf0{{>`2Tq4Cf{5b%FW&D0 zTD$8UbbuJp$SN)5EikbKTL<~_;V$j%tz-I{F z03(B2tT4jw4BQt(I3j{r0G(Ei3@Zt5u1Xx0tK$Sl#hHB%GKS<1SqgkB5}r_7J9!}x zL>Ckeh!`3aIe0$!U<9)eR~`UXO_dpdA<}S-o!)q9j#OBKCZ-%C-6kNTA9nWiR|)7< z7gpVf=&l&g$VJD497v~6OsY&11>kkYZilOIC*o{&IZV|$Z~_>(auO3`WtBQH z`u%am`-^KpdU&SUxDJ3|7p z{Sk+5fSh!ZlX6n_l7sMfz!J#b+myZ}Y=I=8lN>Z&HP4B#?-B!y$=rf*-o{zc#AmT; ze66eT=UfimSmd9!)j*cZL}+R^^5RN*0kLiKLZ;mbu&ODSC%(aMN82Qvas|Zxa_qX? zKCNg2betwY@-+tkt=rrSvAc`hPC7kqdlx{=b=o>VGs5_XdzW7s(S8>E=J}3DaGj|) z48n53R>NdYqE-PM;RTJx!|~zr6JE(146d@mM?`)yuMR~Q4OYoZ@Tleiy8f*oawk+( z<}~c8{R|MAbbgy@)ol_+vv$>28ye2kjj^u{n_vvD89I;(7$$=ULj@aTOAt z&{0u)$}a@oxOgSDIr%-swxW+o{sm|WTg?-QGV`Ub@D3$r9z=U=@YgS81L#YgvNZ3} za+akC>i_Agz7OUdFEyI~VtCLV41Yz3hHCnI-UD#1naO3fR7m>t%mS0AsK}skOe8YZ z02?OH4STBVc1r#+k07J4y9%r!=fdcJlzdcF!odGuW7&tv`T^JE_9(8;u z3NkwmL+;rtQeee!5nS|l#D%=bO4!U%Bo;v`{Gax@E|FxisP z1pmmnuX;QjThPe~i2;JE3|ed{uA%D*CK|QVlwcc+nj|0hhaAQ)qB`^1-%?z6)>%`T)aB zi12UcuS!27QR}q)s+zrLE9A7&Tjz`Gip|D_{&wyWz#GcZfTAppBlGlc1#OEq8v_m_ z#P9(Z36s3#7pdi#{1dPu1B8=zbdnrKqfFYTF8?Z?u}hj|+V+KMvKh#-iCtGI#rXx+ z>5-vHEtBJ-NSNxZV<$m*FLt3cqRv=>X*}?euM%CvvEm$&$pqKO1Dh@mNo*nREDys^ zEa9G|fjAvt(?NF=+vhQzu-YHd`(@|#VoYFKHCL$v>C-T`N6Y@@F+|5aONet`wD|Hb zi6|1N*}r7*+c9FIo<)QwnEmPRv;huqIcmj<0wHZt*=s*P^%?cP-knM=n0?zF6%W|% z4EhLvA_!S|;8zy=97IMCBZ9tq9=u;!4&0b{_r2J(^0i#QOZbdNRwl`OI; z3<79N54Krh~Zc+CtSXz&`>Owv~8Ujg0Xw&DJtgFN|@+mXN3X??!v2yFsuE3&$Ed zDoK>r6H9mt9{~3O0o0$BhyBK$AXqGg`3?0VmX75a-C+bm^FAnVSS1*?OV~+rO^*q( zxyZ%c{!DaC4HsBKONa3uXmpbVhKoY-JP6e&$uj7Pp-Tw+l1RW`Ifnp2$<@VtfVI=@ z-cA^0<2baGPbTvPXVC~@h{1I#J|NHBWd!o?i{eA_U07%~jt;uhah=tvXpmEQU7)oF zO^g^-+i6l25<%sYq%|AXH%O<_M%;m}j8oMKUB z1LKaynDSpQbACsZ;~otcg+M74TElsPbPbrGH#;4;e8)a3X08u!)64c|O5b_)ddoAI zekhB@#N_L5P7@yc_K?9AfBzev>s4}#!pn=}7g^}#4{m5QLkmH;@oQ3B`3fwlZvt1x zv2y&MaE)x{%QzAYnp#i}W7gwwa9JEa!%!vvCaDfah08k6BJSBOzJWEowdL3SK|I?E zTey-TzK6mHZzM9fig9YNXM&tDj?FP3t^$vEaH&%Sp#R7&fum-^K&CQrq$0QePYn^z zdpYRLMF)Jhbjpm3OX68GpRIfRdZW>XsRyHm7=!3<)3eV@kPNtDW9Y9^N^lOQC8*k< zbzi%B9=%63QNM;^hNoRz-XSpQVp%$rh1@O5xTF+Ult)@m_60wD-wpP*W-|h*j@>~J zuZ_Pc2ihn&cT=?c@ACmBk-ur_4cnZ6l>2~es)^QNQ3t9TS~*iP*H6{g7_8y=XM8We z>NH|p66pyA{*hV$ME6BL2IiicXifDu1GAu;7s>F=KsfPzbTq|N;hO|b zZpi2ei&`LEaI=<&1GpIy@hwnYI(j}E-d$^N2Ihm34rU_+!%nfl+xgv>{Fc9#t|`k2 zY}}CZoXvX=)%qblmq^c0ZA^7)dDV*5CRle2~Gd>o*(lQQ9^s2!zbJ9P>&xaFK<*I} zBq%zEO+4)I>6DQ%LJn^b#;B0{JWkf&L=Gd++pgCi7maZaB!$3Ri6A9}aSCHqU>-7t z;G%X!aaC>z2Tl5IEnRu-H;)(V0BeUANHz}AOWyG#Hc7lH333TW4JJ~<8GC01#mZWj z5WKl=BT~}T-&87)QP50c;l|xgY1K|iB9*I9RpL`e3uo+D-EUbPTr;J^mM8U1qy54! z;|-MyCyetXR!xH7)@7&q?qGsf+}bti587g#MF<(9QhjdFPz%SU*uZuR!QyMQM}OM! zIux&ntc~D;b+LZGjK8y>^6Zd?GW*8tR%aiQHIPh7AV8@SqcHup5I*4(=o1MI;^IJ| ztn6EqpqIz+&3n9fq$B?q?bUrIMR^#$ELf!GLFeIrQeIGAa;`v*E)ZNAO z&0qm>@Re%~U!EU4ds z-H)%t$kfl94WDYO=Nxnd?>L~ag*ThT6FU-ll^%(9(DCVFSiq^>=`L^OExcvJ6Ws5D zwF$S05(VMOh|kO0OsZbLx;8 z|0kPEtEYX~fyFRP32`CF>$nfIU_`9wO7QyO`?Yff^%UM_i01L46iS>YI!^FHXgG22 z$A25>iznS;rb96$g|Ne=jCJp1=zPiEJ3JCxcWLE0#;O>%w(c%^1{cu2x9TJ zaQ;8O!)a}(evnK8Dk#P!XFOXkDO%{Ym6(k#@*v16u_PE}@xDAK0+2z~gpHA3#uG8F z8p{dE_d^&TJ;$+^P(zddTD%b84{i7{MM(DTx^lBBGgYq(T{JpdyrDfyRN_;4p?&Q4 zLGw2$u1k2oPQn)ZYyt0=)b|)X7$5IKR{Nw54h+;U4tREof+;)57!?lQW2nFPjfhiM zQ}Sz1@%Ein(9$>=y=%B83&a$nKPdnHbqf5Y6YEf8I2tsVM>3?v1WTZ>G46AZc$boJ z30!&mL{vv)DRM7f!lXtePyBHpc28lx+CEjb%tx)8d$$W9( z?o`DEelgsjvn;1L&KZM6jdPBw3D3iD0x0+0mYsjIPiTWvEsLpxg@*#n%|O$b;&+lRoVk3>cO`KYPq3`VaCj4xIBOJ zo|H9$A9W}%=H@hNfxjShe+|gugFmk)adqP5_$NW_<(@5}t1hBr1u#bk%uD%d8yETo znen7=WovW{0v>*k2mOBsn2>$^eS>IbE1pm+d-snL%RL1;I~U~lmr8mo43NNvF--#A<|EOWH!V)-;U01$>1potT_ud=X3 zn>>`pZ&5Hnn9T1(#z9&JgB|k+%Ehq-G%JW2md#~K_@g0W*ArAr7!@|d6i#7uhXy&n z1{NC85XHxq+#wtULp(|s6O2Utw>D0e22u@Gj^kYB()vK3w2Sg~TvFkQnV_~a=5$Z0 zj{ObkVLQenSYVPQ?k*FoZ~wr{8E+&ir4dSZUR}T zmLI>jLo%SY9bFQWFkadkZ0m7A{?yOE9d7O+;2?mENUIvF{wVx|Kr4^yz9(@Lc)nS^ zpgtpi9)5yX1dbeiY$22-JN4;|fEXop%!Sk#bV@B!NISGK4SJ6=cZmDRNz64m>?xQ- z;eAc6XxWM&U9IswC<3T9aKe2V&i%)-Mcdv)LCh4~G`mlwl?6=QRRH zHi85X$I|cwVJ@T#)DpbV={b%kwc5a8;8a62b}%D}BGC~gvZ>zwsJ;F#iH%(g{i_-I z9XM(@41CLgl-1;8^Gx5@UiG|3n35Rqt0ioIWH-N7PD&ycZ=40OFrsOld;E!)0!pGf zkhUF8R{p%yxTUv1?ez_YoPlYmSRGaNyrKGroY<=Fuu2ek(snn!`a27nQc@hIC6J01 z0ZNqrQqju~wVyhiBGmu#>J)GwgO1rg_*FKYrH{!*TMriuEChWznS5vsm{23jt4UV* zaZ|HS-P{#+Gc5qrDvrc1vky{cjnI3MWaU%unHip-U#%Z84NRFI{<D07&y3Vq9IDWV`^w9Y=33bJfAgjwpNc7%0wJ7~gFNB*X;&QkU^b2fKkGO{>0 z*OiyedbY5Rh`4`}F)DtEUqSB2vATh*V@gHBSZwCYCzZVU;mpT7a38)QK^H8J?hnXi z#-Rp9Cj-Z@?u1dbVK1emB+`1}#zCNrL^0Zs_~D_=i%J---8flSG=t)YgeA+~1ZPL< z!DcGap&6BJkDY#npJ9KlV0*BAA%O{#1O!?wWZ>51uR8L>aRP&%@marM)}YVes9Qi| zW_gJv)&I1#X-Q5P3*SkbTJOn+SCG>WWN7QAjxA{Gs%6#edd@J!uz@?_6OvR@Ft<+t z##?%ovUO_o8vZeZk}45+Im7|G2(Ew}PwC1g_VAtH^IXF)d$F?P_QOQHwUCSN|?DGsb$*=Fd39pfrmY=9o zsftN31ZGrT@9Lxvlfu!j&tsVxQjkm}hGbv+Tiet=4+2|}KH94t)j`)X+v>hc3U81A zc~B+Y#Ve-)OoliL?*WiWzsx}G=L<2Z4uPVm`S+h`)&m{)dV#$4N>={5BUgH#goEvM z?>=OXx>t5+UGhZ0G4>cQ5NrI4I> z3sgU{G^rghM+UhB#-kk6OUv(S7znZfkA)e6sX{E~id|MX`?ps3bJsZ!OXjJUil|X- z$@jx=VAOzn!+0S%VTuH@O@G+U&5D0zsMaO1_kS2vdBI2V67erWV|up!x(x?Z?E zYg>Q59*|N=99B_zn!o{$Iiv zX+%%*^PZNEWuI1ASX@D6GD`4SgTjGlJ#>ztxZbNx5u~_BW z6`IA}u^+L`d7E4OV7s!Sb*-xBK?crW!WAWrBHMrlo?r<{Re)QK`#gxL149YGI@C*j zAKcF#oYM@`a9x)@55k0D)QVfG#sye1ri#Pc2l4~q3lw?%3t?4>EFk9kV|Jtfr=0P~FQyc%bEPhj@0oiq zDMrcrG7)3Dn(UfY1fApYxA8~G!yoTcb>rWE$;Ou5LZ@>i>GNVNDzu8Mfw=l(!Qo8Q*4BKLGlT)9;fD*V(_-G(=qNd3*rP8pDQc@nt zEcLf(xI7_6e_C1!c2WonbPF{gBuQfIQ(q9i^%XipNURW@y-Jrw=;Mw~oK6rGHW&?Ko;k8+1rZ+~X-}C{mKnoot0j4GV|0q!mP-CG7`(G(kx$ z7cdhav6LS#O;7^l8I=E)@}{BXSh%K58X~ztbTGXP8Nztk;78#lUyqDmOled4NkaZ` zct>b7zfO9Kz9S`69*c`&@wYvBp2S1EN~#LHEukiffrl3MdxM_gV{uc^Evjrck!Y0h ztBxq_;0Y5V1o!QawUbl=D$NovVSiuyn>omENH1ERgv`~0}JHH)aXS5taOSHd* z?Fdmci^m+AzY3Gc>q}V3cFQ2F7??OeF<~q({QuyKg{qM#VMtUDe&-D z$O1@yON#4NQk0aFT%Z3Rt`7tImz;&fC($~RaFi~(BI0^ND3Dtts=pHpemsme>97Bs zB=!~Thcq5f0!TL)+cd_eAQtV=Y%Dp|1skM>F|4bNG3dj7V)+}lE5KLglzbRN2i@(e z-zD$kWr!R;oPq6Bt~8pMvBl_eT->P*C0$bdb<(0AwgE;$w&+SEvBj|BvMM~(Ta8M; zZo8JGbySmK_o-<2leY69Bu2S{0#kr zf3Kp6?uX?UOozt$&Rc@x&}X&`C4KoryTSGi>C=0GyC-In=&c$sDpG*P4R;1OKpgO% zwLIU=C3{~P$018!@=z?bH;AW&N`f}~tqwP5TxU;STtLv0t=J3g)m{cL`Yd0vQI{)% zUcd$}_zMdWa*wTqr}xooqL1FTW@4Mn6~kQ*rVFmhc9rRf&P}K~gJ%SfA3rNtY@;5Y>SDbX>79k!gqmpinV_N#}rK8$L z$kfw5@r7)Z%VkWuTRde2VGlb&$Uu~j3E33tu#VOviH!glF#ya(h?jGqm`I6Tat=c6 zG6nu?#PwPYx&0o*2Jf;W zhY{WQ3{&ux0cpL{?_6qV9!yx-IvxmeWW+q{;mG=>Xn60BQiUzmmD%e;i$ge0OPFzp zxD%ZX+=@=E68QX^I5`ZM8mcXs4DlwpuM#Cb!zVfXe_(Po+#TRWuarm=5yaMhc@{(b zuJ@*Av`&gY2`i`JM;H0X;In0PwdF__D!+9@B-u%F1MgNLoOes0#g7Xd;4kAo;&+26 zm*&Mp(vGQ&r42DJ6S@AsSb%6WsO`a9pk;iSQP{*+T*3&lA=PM$Kdw7nf^nZ|5NI$s z$XGZioM_Gs81(oE7#zok00?PJpC77qS6Qfm z)0r;618$ha)!ZXaWH3C}S{68tt{AAL#RBlE;m;|Z=N!5faG59?&J=#3@zV}+Mpb+o zCd)A)wVG+qZR))ozFAQ3GmHv}B(6llMgNVXMf0!mIwr#*+VH-x%o7~!7iMV`4(e4M za2$q!Sav$atw0QJy*}CG6C6>0Yz*~A$h2?@g(Tu-UThL_LDKE96o^3dDlbZW5Al*^ zk@3iJuYSFO z%l^mWO|}cq%I0-Q65O@NbS92AsFmmY?=udkkAqJ^?r%2)ie=@F9c+q-axUQ@x4EO6t?gt`ayJSRX;s zEkUZHWC(nSfUUz(Lk%ezRxW22ZS~lvlOyiReg6lSTA+xPjiyfnmHq_BTgF2=CMS2l zV_K6BxJXrahKJEn3~*c4qlV?{3As%17J3bMsMo7AZqBX>*5}y}c`TJoe^K1`S{($O zE`v;hzKpfp>qRAxWL9@mp$Yhl>qHWZIw~L_@^JZ!0zbftbg%QYXvBR! zx>heR5@^ydga-4KNoT=$9jM`fuefb!qWsHTgFLM{8Mr35HI2phHnaUyaCZI8BrzZ?8`j8{; z+@3lQe%%&Z9&JP?8tMq=UC0%Vz4JGB+_t$ksOL=46ATSJrQRC)0r&ep>EyNf`7Q1*wu`(rGaQ%0QoDXmzT%8v3k+W%T#pNCZ+wx68OTdrki2U$LiGsP$m zL_F4lpvO^K_;#u|GY59;aCSXStsy&~arawa&iqM|T1^!9$C$1?Y0`XG@A<9yw#HQ7 z(ozN6#2eLo&fQeX@GA|VH%h^?7ks|*LhXD%9YBn~ev!<+4SRuG$Ok$uICd|{zPdRi z9TUaCV6>vz>zRw7X(_hsWC+Ca8Et?bsjUZgdBw~d`jG#@^t0`0%yz?Kq_~z{Z1)O0 zB(mn%yom86dUTzNZ9giF<3-N66?W&sSX|0*7u0&Zht@xwL9UVDi@DFOmVit8p^6a6 z*pulOaMOH~txd#cUz4ijz9hY*h0`bzh#oCQcq1-XdjJ|v}BZq6M4gKXkIprbo6dqaC{ zs=AO2lg0!#QaJ#aIPcXnhg+3LXhr76#aP=^&c)JfTfe^wR>k&}Z2tTzstp*Ey91Bn zzK`2)xi^fl9o7`}wl3JI?b!=O00>Pp6d<)lfig?0^A)@7Pby9N#B;vX4wcs#A&Ycd zh3APXKUB0EuEDLAZk(>JPdCvv%%;AMSCr%dPFnV|>|}Y@w`TcFHHLqs4}kUbTA%E` zvY-6cG@s8e2&<-S&Dp_K&Qwic{KCg9Ot?nZ!sPk%QUy;EEt7V_*|bQgI6nX>XTW(n zBVuhxtTp{*GFW_F@bAwifi+HZEDxrg^sTv67I{A88>1R%n@K7)DGsWtMG74pM~`ot zY;1~CggTao^JP$|!IzhA7#)KikUIhD&F;V;;?}z>8#feKWBTRo$>4X$Q~=1NCl?hR z^Ck631_2@K-@v#<2kI`_Rxp#TmJ%sqy^N7_J*KQCB;?%on!5T}tKr)IlnSj-637D* z%h{h_Fb@~RWX{H8nCZOV{GRx=ucM!c^SI_yYZAdqYK6l$FH0oDUxcoY8n)w0Doe+* z;^$axV4a0OA_K(Gqc%V26{$#3?EN`CD1%Y0*51JF+e>M`wFB`1#RZTI5;J2`lHu(G zS9KkFz!N5-PA;SkeN~qdgevetdN5(Z%o^|(d-Xz2)LN%q4hL&`$QOxYOHdrb(%BVG zGRp(Pqu%L}KeO$L6#uM}_1nakx}!%x5Ki$jHxON_FtO6%B}#0LSHx)*%WA-Cs&;R4iS#c2{QeeL%sB_&DXnOZ+P^ zd|CeuA1NC30k%MxGd&szFHTp5h&c_lZ@o>Z*XMk1mL{CB8gb8Tju;sZ%748*IEod% z)`WrJ#F~YwfF4m_^zb*_(8i;oE;f-)wdZ6i#DOuXKld&Mz_C3~HlPoJZ(dA=YPyi! zQ4&sA;O9?VCV@gbF}vOZIuD3Ja>9|k%)D1>oG?TX-X>Kb?vS`3*`V?X;2&&!aXVv~ z?K4ve_UH^FA}3st3NBABBO|<^hoSLLpbp8+m!odWZlGgbfe98tzu*1+);Ff-uxl@y zz_pb#4QBxuVumxGZM6qU_AK<@+9uHdX)Bl+Z0w; z7p>RMV#!D=SblRPUlpu|bOEudIjJa+2B&YJ4}mRi}Ek>yZpDdKWzJ$8K9ABy(V0gw#}Q*`k@p z<6wlSE!khdgN+6;SHOa^6uV*j=W_r7trUbFSbycwTBKkR`7G;4rh;V1n%64;@k)!~OM8UeSsCvW%z z@dGLz=rF_xsy-#OBK8Jejl91%Uu-iV8fVHb`@lX(srJ2;7a44YE$NRy$NQyo9Uuq2 zLMdc=-m(Ab*3yj~@j}fXK>7(hSMTVs$B=FHy`^4cf}wDiXq9FuWsA;Ab3m3s_DBKt z1(^eJO;^C;@RY1!drvR#Sv-dfZ$LF`6#;UfAsir#*CWujxyd*UchqY@4D1(Y^n!(? zj1S27QxYgx-%kpc3@s*PH}99)Sc$>*Ri7ZOn688_mHR%xmF9@(fO#PGXS{xK_tcSc zD!0D9#dDWA)uMj`S8(R`d2)x~9h-^ ziDSL~+Tg~dpdMZDmplX|IGdE&0J4|wu$e{-$Em!yQ6B6ura_O#L2$Fee>G_!VnEU+ zZp>pQz)=-M6=#Kfd_!>9#(od*8kW_6RF!?ceejcfR!}BqfEO6x!h*o8QIu%||As0Pb;$;j z)M93H+#FO^qOs27iLFl?Q6<0Ss+t*_IVJ`Z#z?w?Jli8q>3vPOn@rP`{FWE9Blz`b zLdBo|3#VuQKjHKrPh*AnVTUSv17kSOHutNaOe5&GV|o0dGy%R_@3C1S=IbWVn(lBo z59@Fyx9~Tc71XKpOtw|e*-%m&t>lr`B{?K-{T;F<)*4=ES0Bx<@H6_k z`FtK_YTFNh>x0tA0WiQGm@B<{4}?jRDR+kBc|Mz!)w}cl0Z2H=B zzX2r=Ku&t36#99nR_F6?xXOI*0;((WUe;e?WcW5CZaAb#D8{BNUEgi7M0@G8TjC0 zeZ{@WkNx~C*5R}QmOjjRwZ_^#*K}&989zKuOO;I6IG?B*t+yTW81*MsX>6Q?kEi_n zxLAVbNuRk=tTuU@;9>~-&`N)qB{z_|#yt9T*^@E&01i`wFo=Sc=uN=SgC|dhE9jTMYdvw~Vy}l&L2>r4b3&vMo>3?cZ=OzLBKd zZ@H2zYyo7n7dFDn*9S8B3`#^#9hqsbqHo#NHx6c8^J$>tVkb%TNaeH1H-5!`xO|P+L+ne$+ct>d$0H8 zzR%D2QeUpUX8z=xd7kJjw(q?8!al*a!aAg`_G?g8%k5B)(?Ig>%D}deeEQmYh^QD? zE#X;@!|vRLQm$5U>}AEpeSQaMzF zv+LA}W1elX(M5T@CKRp7()aAltT3pijJe46l9u&Y3=qkPOq_VJy9!4&FNlJ3~zYw)MNNN7oLKt2OJgeXTZc`cEyhSKxTC({+K$ zmDqW*zM|4rQuvPxlOV}kuV0@7)O{0`S8sAKozDQ#q~i1I|IXn=Ii6SMz+j zt~KRng9%}V_XXPJg)*usK8fypc`NE9jI04eZ2z}bsQp_j>R1vk_YgTp-I1z7OJvEe zXcUc?9o&?sQ#dTR3NYzR0vQMl~Al2((X8uzxrC%2W6b zN&RNuxxTiO(P<+*|L1#xbirfmycopWXpwVyE9bBMEjS{=A>_dI1^Vet^8c8O;sXz) zX`Dpqc%|OMPwQ9;rRy@?DwYIq`tc7c=2L#|@!1GG7hM<|sOUk(>Ib5E+aiz7%PT@} zy}jd*oUTbRt-8^$A=}7kYIbs5noXO;>33>R-RPHWzfZeek9eloaSe~QIi23m`m7$} z82v0N6-|kqqh=)FtXJ6EcCT-=xZ6o}T2FrVrN2|PU%8mF2i`XNH75(*512Ivx_r6i@qU8M9jYo;zGSW1#b$05C zTA)UPWHSG3F$Uw@&nv>V{IsV06xZYy7I@S}GaG4q(|O{sau;K_(h|SlZ4iWFEn+^U zD6cJesMw>D!2QohnP(}0|I^L_L&Yu7>~(Hw;$IO=GhN7rx--WT8!oA`E6xaaR- zH=gRxJe;?g6MHV!8qBs7c%-MX$J1^uzS(l}`99Ukr(3kF#e>SiU)bYau}Zns)QLxT zX#dNWcs~%ni9bdWGt#x5rr|e~YQ^(WYxbk9;n0Wv%wf)A`u^r-c{l-*qdPU@6suXJ zFFogHSLeKc?+up7wNcokJPOsE^h}??e{LfJ@&BccrI@WX|K8dluM=W8m93^_4`}*$ z->k8)wr+lPnvl;|%$H#fjYv3`XKTqAv+L#&;0yZQev=ib*@Vx&G8s``UCE72$nl|zqrvojQv{%u<|UrQ5!ZGO zH1;AdKbW82+SFrrr*n!vi}cNU`uM2>bO$tcGqpDm>jPC`GyLR7udrwBSI*l~;>j2fUtO89WT;$<&*|bs{RmC-YAtIv(`Z%#pbG&& zUM7A1+np}`A9kmrCyWXpoD@2@&%#_+w-cUN-)`-Xm^s)EE`*Hgdb?ZiOX4FN&YY&# z2|X_CWw*ZXme=Y<<_ra_`rWcF8+k~?I80~)QLbQn{>%?m5F^vMJZrFJ>*!|u?z;5X zo$I$9p97Pl%{uNF_Bnp5Bw@dKJC38H%j@OUugszK&$LR#8nZ}HHRh<+#|n9yw*55XG?Oss858Geo(9ov(b!ZE@`@w!Yc!*woENLCaIMQP1;dWoZ-JeUUyZ zBA#bElf})g-te1!Yi1Bb{7JFx5lz?Ey*Zg{m*}JtuSK_J%;+TaSYcNYwZPrZ8!8it zh&Q)yQiQxTcz5@5^kjxiYkEb4~1YEM86;X$gw3H2f2pj}uuTPr7Ta+VS@E%y6jptuq8B|J0Y)2+EB zy+x{D#$mDZ%Viep*;`kEoI{V{qd&6-F(Q!@vZ9lNUw+TLFb!1vGW0CKN3CKpbT!ZG z_{wQKZhSWCNT?I5U&C#V1${1^Epg75hd=1H)6J;A+LC5F7!7H;*p!{8IHK`3o|x>< z{PB_d<=Z~fTAuObS`i3yhL0h;&-bZ4uX;Y(yvbK#G72v>0;?ZY-B*zn&w9qB8mYK$ zT8Ly*LA~fSnO*6&r8xvm_a`U=OGUFb##qWY0!|=3bpn2WGF1MW&PLphTlk zi5@K0*?4d{2*PpTEbJ&Hr&?$6Z(!*~rWR%UjNMd`NJLg@6RLT*0_pbdKoQl;VAdGvV{4O!E;Mx2+ zQ|8jW`)BHw&wlO>#=365hHTMiZLPy_^P*e?&NWTSxg)puW()5x`s{0q^f&~kGo{;a zU)M}c*&TYRk9?FKV6D%!!>e^{o}Z8(&h@zcBzJXlTRVH}YyDxn*-7_!%wCqQ*^~CpoItToBrs><$w=8%Ub!$!1?SoMavQlE2>|zxF$eb@obR z{U()^9j4b{^G5jIVq74&hHPNpdj1+*Yl7zT>vGSgzQ9KH+;WVqTHw&Qb|MQFg!+ z&^6&GUD5Y`>u=F+LB@#y%V_83MwMHoLV8bg_N2`f2|HZyPWLL^R=Xr)+vb4sUi2#L z0^nN}XtQ!`soheZp5y}i)EAB^xUO!blxuvxSk|7!-g2^Y;#h$t^AhJ>bNz~tiBHUt z!&nlp^|YGnlpT@I>HS^l`FEP^OXsiCJ8iY^ky1RfXVr4@$d6_J35fvWAPEnddz_sF z##DJtyA&pW6xiO;GLe&w+smSOq#ot}!`@#;MHTho|FFU!LkKf8A}~Xjq)PW74T4BW zH!9NIF~A^5iy);qfG8k{BHb+=f^*R_KyMp(*IHt z0CeOU!9rFBsuvLb=aoq<8)*O%6BUrkSGD0QV+UbBUcNr}qW5*@5yUIL<9g!;Wn%$t zk3Wy*#1s}7wC#?EoH%6Y2(td?j0OJ`zx?lN0?zn9FFF(dQ!^X}USzYBwrc$HS5LC~ zQ+w$4--m3Y%=HO)fKnqw-@xs8rSjLvgswZ{lZOwq5)9792LJnggt*tM(ml(NmnOHJYb5b<)-}rM2~`!!B^9ARII;~@3~g( zzvVME0VJHqT=L(HDh4v1m+rLEz5Bud;y~N+AT+`+{}jZl%Xt)ag&i8w-40g!PjO*L zJ&EN%n#}+G6+~J|1^Oj&*Kh;xm7I4Lt%as_wML-b9uPjx@72HsuUnwkLA!s6FX+to z{_C?=m}AlMTF|!V?sLGXQ%SekoTzZ=elXHr+AGBkIvDb+K?kGD{2O7hoy5-XPP1}~ z{9kno-*>)vVnXe;zd30LQ|%i39~XeZXZfSH`8EI(bY6#p+Gcv&bdJ+}YveVqY{#QE zLV%8OnN%s^VbZgmHpU$5-^t$r_n`e6rf|&{IbgOpr~#0MoZYh$%eGF(x(l|YjH9~J z=7B$>6uMyE)F}Za`Cr9SW@6`C?!4l~tEcV&7oY-+Zq}gFTV3@cr!dL6)Aw+HQ1jjY zFbhA-wZ_WWeCnXn%9F$$3|@;?|3;s0y*=?xa79J!3Y`lbBl&I6SVkvON-@Dw$WL}n6jVm&LL z@q+9azzy276{7C;cP-*DU<5Hv*-OS@2cR+f|F-T6Zfr)=3f(OkbNPMm_kKlw0FB&D z)9S6-GovJd427(x+I4~87g_=Nlubo0+HJ2}SQW_PuhojNgUKC#x*^RVoO`pCGvqQm zinsIG&9`>bK&E+}1YTC+00(+d{n_=bo?0n${1}-4U>04G;WNZ67M}n(VHfoOR{j;q zM#f6)VyZ#o@BmhsykfhN$Qn!omr3`L4pQlJ1UT8E>lAGlP{ZlGh7{bsbKfbZ@!&c_ z?kl%``BfOTNgOaK4!{Q)Bz@XJ^EO-H)y1!uq=DlA1c0?{i*f1X%u{-tRDHVo)#d8q zsH#jB$_~&D5ez<`jRG$YzJq3Y3h%ptX~K?~JjRteph=k5bHX{o543S#qX#;{IP$(T za*0d_0D|3r?@TN0i18BSencDsb5HNZCcwPJTu8VrKmP07MsK~p-0uQv`r;BWccaka z=YzR#m;+_|lkDrfH-U`LE$Msc=8qQ$?Eq7M~*v`q)szS%Aqw=&NSrW(>;kS zJMyc~L}&c+YF8JH?$?GR;yd>_4uww*sytprh~vQh%6qOvS1V+z?S3O8?lN7=l-cf3 z!)Bh|^10XCM*FwccVf+(!bKSy^qQEsyDrHELVj$4n`dc&QT&53b+i)zeK-YZ z?5t^G86}9Mo4*x%?k#p(#uKkHk3n0Z`({_7#I$KOfE^4PIkH5YHPd_!R{x#Wqi+Nr z5nVi~vz40#sDLCu$7y^+etyu-9P9Q@adtL}tjK#N7=IyJsK+V$VP`Mks%$p@Io_G4 z&or*`a4$WWXj-@tpnL`JDSj2lb5Yg+WpZy|@$-(Fskf9Rm3g->T8h!NOJFm=k0A}f z7ykV9n<#hw7@tsFqLrgUnF?Z#>8PVq$u&e|0Yily4Dp*Lk@Xtf6?PT5topx3Iu#l(vd|S}*^@-|VnM{W> zs`nhh5MGn&Q3X{Fl-h9{;8-dIpOZZ>3nyu;S4>vIVf54fj41L80+C_1iYmwDdsh_b z8}7`42#o;qGHSVK85xdkAr>N>QxGg%<&!e}FCeqwltNk?aNp3Lt3%2$l85@Dr^}y= z3GYDoQXb)U1pNT)4(B4qAq6og3&l-WaQz54Ut;-X85$sSR{%XD9)drcEwj3Bi@EVi z=0gS`!{B(&+paQg+(zC~4mL~9orcM^^B%~)M-)nsX18?lUbRR8+DT;-oJkneg!(R# zW-u-opM5z0+H_srSHm!D+1qK&6#j;IjiQKh=F$4d!yti>w+Hg4LWd+xZx8WyvIF>U zF}4#d5SpI>^hqn`?pzFpur9CghjlXsu8_?w!H9D`C&VO*A6$kwYG#Q2#7w>%{z55) zcVz7G*E$9}_i`UDDC)Is#;!xY(x#%{ek`4) zo0V(4OHbl7AhaVfAa8iqr|GsZMP$fHHe|X{>IePq>)Y@MfQ*W64wV|1zD6+d*6eEw zJ1n!Kr8|4`ufTIBF@iB*bn-XLO{wOECIj1yf2S&yZ1Y5Q#JMjAdWv_d0f0yJ{0fkT zmZGo?vrnqIz3R4kWrt?>P!P_B4)XJR_VzQMMng-W4AoD(-faubGq2Z#DzVSCh|99e z+nr7MZqct~?Hfj&lFt!F*HZ=F-g|kDb`zNT`1>87=f%Q>qT8Lj@b?%G{{F1gZNQ)P zv6}}hi^c85t(Kar&c(I#^Cw^l4gNcsxX9}4zG+nXV)%u($FWnz4}-yp=WYr2HjMI~ zC3q%X?)n|P8(>a6y)*E9T8@mh>yPZMU=MjncmMRH9z-W7v?%^NdvM|Vyl}-tB;0mSm{b} zs36>61Au~8;d>G%B-F`MWr}e95p3Is4@E$NpacrGPoInT(__elCK}wRuWZ}ztZCfu z=3cjjQZ^UfzpybTd4%)~Z2lx7&7O^yNr4vbmti8sxU=2bCTb-vYYGoQCcqzNJ{QhLE90HV`aTyA zkn%mW7q0kV0dbkC^*=j65o~=eE(xxGltMoI$>cPm{-1v^4UzBGjPwiAv0ibU20sA* zQaEKV`;(mwk!_Sjd3-v5zf4*-IHcT6nMjI}I_>g(T~fsP{=6Wb?3`E@_wWZbag^^> z&LwyH`#aaLzP9wDoB}01jZmvMeEN{i7k);QOR~aWQ&;3(kTA(VNru5;+EOuo`#MQ7 zh|sV)B*i{+C;okszzrnpi@9&5 z+qNkuqwU5V%!_NBk#pN-+mQbx z7vMuzN3_O>C1#SjuN3L8FMd(EF9xj5T01D^A=d^<`20L21*_~;i2k6XAAW*LFjT(& z+<3AWF0=!4SMS#Tj!*l?EpH|q%9RV#=E^>hvibh$oOzV=AU^yy9Tj}+$4Hxi7vp8f zR@{3Ed(}QuO1cZlhp2K{?9YwLDTrLm=m9cI0qp)Ld^kD@2?f2k96kj}ij@dh5_CvyY~f^nAD+7wOUowU-$Y(OLR14UPuKXUpU<4Y?q@&1 zdL!kIYjUx1CgG#OJa`?|niPK8^NI+S0Y`fj-GeWo#V6oB#j5V&(6yf^Q1__(%(0u?n?#OL^It8*`jCSLcwWARt;a+UQ+$bx@5a8tCdX-GY?S5qCfLqDzhYc z?AA6>U7~R3(+`-j=_m1I{v$J*)t=XP6+P-wbF9FF3o@3A2i?2{ah$-0BtU4HS$|L8j;ICw^^^A$6?K(QZ!1Sc58i6WCwgNbE&KX0 z|FHZH(gpTM`p+jb)qz(qb}V&#j~up(niZo7eVFfmPXAqb(g=TQB5E>aC+z-?1b?g# zZ+QaSzxj_|C1p24)T>4x2e}Jiu`(k0X)WWh04h3WpB-V-q|bd%Le#k!HdyG1#ZNts zrkzw$3~W(>KVng&`OMb?zx|2$2W>nmDP%~%USZ(|&-{t1U^e;^mSNUv+D6*1p?$JV zZnFYEH}~T2(Qy(Y_<+MOOZRUHL)Vau2Yj>m}_4E$8E*HD^l z>4JL%zE?ZER(|B&oZXv#D^_@HDg%)YF+;|>SZ>9cVw*cS3NWRXWBngik#9L87d+u)gZcStA~eO!=3z>0 z&It2&w~yC1q^qLcs5k&yAYfu`rPfbd)hsZi$C=4OF~6{f9_+?4d3q(4~|CD zp*Tb%4iBqf2w;(AfU2ODo`(ui=!z^ z!_Rwh@Zvm^1D43#P||SxhniAh>bxaBjKOx_+-3=#mXWUYUidsg8 ze8$DUR5e{D4;vD2Y9-aL`gGYe4PT#-$Fi@p-38g3=z|`-&?2M zZFx6`>8r{kXrDrn3pZVw74g3}clqhhnqcm-x1aS|CBt_e zSFEGoPYwCJOLT!6>eGD19FM4*&Y_iLT@e=1(jJyZ-R5-PImK=)h@m;OZcFw;y1+8A z5!v{F!NyD@t^O}HJxnbiRvJn8iSQ7gx!KYw?^m%ecuByCG&{LmjE&^K;^;ZVl4;*p zC@No5J@s6dhmg|U@)t3X$UaZUP!aV-N(C8gi;mtIM^f@uonLfDGrP~BS*hBSVP0-JmDT@>a^%qM8kJiK z?+HGAB3tS5A?*)J{sRh%ec_kxZeZv=Uvrc*V3XFt_V4#Mc8%{^NlDP+diD2pJq6;Z z5Q+r1ESHSe9)|QS%rb<;Q9aBQH&LyQoLv0S;l(! z!|$4fTx;+Ha-mGQ!qxC;gGwH;1~>Ct4>(sA^j_H3{^`C*D&6kA@$Id&yT>>=dtr|Q z%f_ZJ2e-#G*Hd<82b<*BC$q}`W*Ldh3m2qtu-XD^1-5+)KC$}3^3M<}k5;52CEt}W z;YA+Yei-BW_x0bu9ss5M{GH&dw~+~gVdD(RmQdIW$G`cdYT%iy{mbt}nj3w<8o*h% z)B1gXuXkZA;`Co32j>GP-QfS0N~f+h&n})nQiC!Cxv-X_Jos2h#hP1}MLr#NurmIgw9u~9zhvy4S%zVIB@_po?^&dfUR_j|oB|po+Q?_^5UH<&jYk%Ix zKpqth`3Nl5A9~CuAO0V;(FuILfFg{XbrBLSa|%xpa?D(RR`_fo6g&>6ZyiGZD{=lu zV?7+p?RsXDjqUnShEEHQ)P?{5YOpY%S*953W1Ibe{|5)cqn&{FsF>}4r$v12tqzs) zWw4J=ST70tiFE=tG41lQUzyiQSm08Pz9-we36Dxjp$2I2>-rfFf5?M||FVHCq54>m zlxN!;dQUq+vaC3nf)^Z|aOCih>wooe@QtlaT{uS`wV}rwy?co|ev5*26@aFXe1T6ah{qE>%1^EB#vHx@W@(Awh z0tlr|@uUC!Zs^UZBrE8#y-$GxsNdiDlPq^FRa+!q0X#G?;<#&zW32@B|UxbzA{`b%)Uh0$9`kF#|K$N~I}wO&28UxWza>btZe9c2$y@=yeGxZYhU!|xt_5i$ z+p;G|(}DlyqWF>tDY@D~^2j}UagQV*e`&4`<&*0rr2`>F(58##I_!sIr+lMq{2C4K z(kpq?-hj`@1IVe``87e6fOsrd@h{mh9aaJ4#%rNil@5N8^$RGU6ypI<@$!wjt4m&$ zq#kgssVkPVqpW~zd~cTqO5cbD+gN8tM)$z#v?;Io+t+B^A0Xf>G68^h`y;cwvL9s7 z*iCY&+#?iyL?~FO7(sPS9@>uoxSpKo}$wFd$cHfbr{X#7G{Z&}-`*ptR-W$+d z>do3>6Uy{nOpQL%RX%%Pcm$yMy1$dmt3dUTxS>pu76%S)*GP}slw|Z`ZgD_YYva8Z zKdsL;e!XLkmC#md3t^D}O2M_T`I{1qAgT?3Us)Y%4wBb_sHqX8_Wr(dYYaU%hRmk# zni~7-_I20ay)=i)=kbpUp8ZrY@tVa8)_(=A%)lo_QqlF|rUfwU9u}c>0!>jOV%IFy z83J-vY&tU2>+oX)0~Z*88t^HSHFvMpXj%u4WP?$m9uavEA;5jjbR}kx&<7FP;wQ)R zv3PTnx$1PHTh)6;Izda5fJL|4ugEBxZ2)=!^!WNecuxE46;-Z&q2a_z^VJ?_r~7VJ zgox0HxqXg8z=N{`p>;roQUG(3ddx(7ati$a=mF|WeWnkft2(ojFnZ106kP@3V894o zq;Yz!h_;=o+@A*meR8gPTIEv2!CKBclLP?xW$_3+SRFR5%JP~ch!DQ`R}pZnS4OF6 z9gCNa&iFOpQMUt-@<#SU|I>Zvi>Ot_K19b@)>+`$hA?%;HBLCaaQv6!mc2UUP1%g< z=sS*>!{DryEkIM}Q-6Qo`C-dugB;@u(MXn4Bf&tCu{fZezghsgZX%!)iwAnGm$Xex z7gcSF{RO|la^nO{W+NSVR*P;e$H%OTvm?*BbPt$<{Np`|G2g?#w!h!%nQ;F5{m!#i zwmG6q8$U&;taxpEwkf0V>~LePmEM2h63~t-ub74+hw_zl0_{OyQBxOV9%gaIYYL!N zCS14gWrj`*YTS8fzuXE<@!Xs+xO3lb#$Li_-%fauGupV-?(v5&H6h3LKZkV%r19`i z)qf;A{{-mK6Ht5km+so*>@VllM(26huX-0ON0F9qf9Zj$l;PmBHWw)P!_FJL=b(%2 zEQa5l%@q_OJcMOsj#J_V@w`s~1=|vROR&GxR#R~R5ea5t6>}(z;x%EU_*V53z~3KX zdJ}||KSW9cGrK32-i4SmL|?u#na6+$!;0$G5a0Nb$q}qCn*i3c{|KyrDMk2<-=82m zvM)%dUmAK0rp?mnO>_Amq(0`*>2`C%;TPz8z%+}d6YlvLuXBIwmU#_eT3h(<4q9Jh z$gd+YnnIQb+vA!4LOY+H!Q-s~9M-yPRcg~c-r&7zm#+XEr| zv5gV7U$bh#K}gTl? zJTWT%LB_|~7ljUG0MS!!0aq5X5@9F!l~{I1AtcvPb_{U>R3MilCK?!`>-02i|9eLw zdsPxMA(|io|0LJ6ATg*~8?gkvx%xy4@S-Ud(W!;uk5_6gUC)2s#*jJ5Sjn;=J7K>* zA2OAfXQl?KzY9$XmTZiuLnN!_Rb{vP9NW(DTn)p0z<#Qc6dWMH3!6hBVJsN+ zy5r0CX}5I2-0kV&9kqS(Dkd2?awe$VcH($Nk8AzM#<6fb!xZVWA6e$dX40!xUF6OX z!%IdwfdKfzxkEz;UQ3MlStV->7|7<5&T($QSt)#8Xeo*Ye>iRp*_YwvjN_(~6C(0y zM@EQ{5k?YF*$jbKl7&$wODL5bvr;GG1RKhKwnk2c!IG)fIiTSE)a{YUW($p`Pa26O z7ve&0$UtQOBt2&K`W#!E4jz1)Vyv&@q@XmVjg?ZNhoEUXQyXY2DICEZ2`ae3><9P) zIVinx8VXjGN+ruDWCRVwFZqNPUgNo#c+k9slAWB6!a47RQwPdM6BI2(r>*|;^tvj`4vcQk`Q2$ig)rCk3&SL&S95*7?Ju=sb6(?GN>?b7&Sx%lan& z&pWnS5{fR^KqH$0hMT3cOw5KQvH0M<2E+512qBhzffPrnz*w;(GA|GZ&r;q-3?0Xl zslP++%IH95Z#0O`1mR8)b1?;nRdmrLj`v>6k60Rb3-P_?c-jD{tp zVQ_lNP*fG@2ak?y1i@ue-XKI$BRnH@g?+<*u`88V;rDd(4V*WmuJm4|WjCdn6hM67 z%qNhe7WI?;#YbN!&tinfs$)T(#a*T%jP`)3_P=Zt=t6qHg+kL92C#rn_bC>)jWo6j zrJP!fQD;jP6(E_oP69VF@ROb@{0WQAhG;dQMJ-VZE%#sFgtYN2r^pB}+puB?7kM5% zrl54~A$f#iNl{dw?J|&&RY2j%5?`HmUhPx7qpmVNBC2_LkE+k#aX8=DeQUC+NA#&g z7CJnbu9thSo9LtceoGs7D|;G8q^HO4!-==`OF8yxaU7g!AHPV-|KrS;w0~L(Yp1*! znXs=UONF=}C(vk#QMC=D{Vso3DssFaM9#`%!nv(@Kof&+70NO%LQKTeMJR-dm($k= zErjxR>eXK~U3leixA2;yiYd{g3pC&G88zjaV2|Qh5`2*h9VkyFewNhf(#|z=ZDlP% zhlz3+p?uNJg_J&8)F^mYwDzJ%SfKAEF`;yfEz3|EI7cODp7ac3_-kBLpsBq&R9&y@TVw_tal* zG36W7O~S&T8w5Y^KNulihU9%QbkTG1-L zDn8%%$ijkK?*8PS+OZCAHo8ynR8@n>o!Mg>(VE?y^-kxQMS&nwblT(&-<@OTW17$f z*ESqTg{4`h-!0b*hM|!)7M0btcEyWij(!#xPK%;UHp?E3%p!p}QfrKed(}&7)aLD5 zOQm?~YUF|u!tPi&8z-TiMAu8pZ#enb9phe2w&f1XRIsm!crM$C{2M0-CBU1z>1}0u zuUBu|Ri!v0j!w6N;K3fwa~n!=wlyyX7}t<&q-RmchqhV6<__i$Fx>#&*Gn}rVsK(u z;ljr_WliPkv9(M{BUUM0!!DgF>nKbtOQx~Ymdhl!c(1cmTDZYds z^JfI(A>~546cCu4fOi>jBgx0+Q6~L?1Jb+N2h5Rrwe!8l@yBXjnXyQJxq{}UB$i$x zWd6iXYbpMTdS-A#(G#;7SNO*_dQn;MKTrXW#%{ko`o-;Zfh$g^c=P)uYrE9i^+RlQU zm4zcJ`%zE2pHMb77o$^Wqb)h=Vc(KsPBJ`0=kpxAw z)w2MqEp5taMZ-8hH0hD=EJHg6^a?t>T_Gm)cxW+hvA*l8eURdV)WanBX}(t+o#{4z zmrL(4iWHU^G5v8l&RhIgG=!fvu?m z=z=AmM}%IM;wibM^oA*nU5?v%^hMo&^uCD?KWrMNrE?M4mfAiy7c$9N*wfAMNpxi! z+)G!zmfqFKU zCqn&^9t{o|tGnmI!E7Un->Weavzf5eXe?={qY=} zJek%8X((j_lCFEpJ{OB?nUkwwe@RXgnJ|X> zrM8;P!I>DGkV^SRrYL&>e0_16W9?rDP@~+QMWakXOv~(aUZ&3r*lkS2rx>wLAZ&?@ z1CQHRr}-u0O1Bb2$C_a(11tF1LZW5?@BxbY2LaQYgW-$(oJRaJAf*8>UL~cK1e->> z-8BPm61ck#PuISUrwCZCcM0_pU$o~$Gf0XVZCL|P+^?w`-|^kwd|5k(pkzCgY+yrc z2%?yp+ygI9@-o1FeRc}?&DzC0*6o0tyIf%RYCA(f!+(>w$V{ALpdI;=Jt`A?0-4_RM zYcFapfF#lg_8$e?8Wvhe-Zv+sCR`t=|I$5B)AKu32Ar+EtqLBeQ)xg{VB z{37Bluh%uOetRbtkI`tg^$-+>2N}RScc_dN6UP*X$F&CM0R*lHsqS>q!CRyZ_CSmZ zcx(3?AkcV7VQ2Wt$5#GLof(~hS}GJ+#UuIgtab(e4d+|Nt{QkY~{hF`JO<^*si?h(k_ zyBcMIT?yi`mxpRe^WklfCLI8_q~1ynul^DvAEnqAH{7C4lMyM#Jf5t0>u?UAjG*_> z*RKz*pT}F2bZe!xMSChg1c4o@l_zt($9*5=n|$MUW-p>Rt}TeS1zbmrJ-hdM_O>9> zd77zHi9m=b{8Po8TN6?Z_mAIvNSN-AfZ9MsURSjNPB6-G82744jw2=ifjc zXoI-ixU$wRumk;ls%LCH-}72Z0nImM$x`iXANLIWrv(uDVvNDP zbqH3DF}UJga}W*Ssc%pXjA1wp6}z3>O{)(M_CB_`qCS!qbe6pwaj2D&i_@R9e(Ddd z%WZ}TAoYz0UhXl1iQC)w`WR%%H`aKWPyt=>WL3$U8qG|vp|cHKTzG1B@1ANkH-a0Q zLf6|s!6qHyaLr^>2?mKfMBiZkbOIJASSU=W9XTHW?8&;_@4!W5!$jjvh9XYod>6!vJ?}B-x?yYP*DjiWv`;{l|dH;uVCZnnVt{Bj+TLD zO}0K~oUtj{;SY4rEZeEQo&!&>3DepK)mg_E!2UQwAM?ZS-1zwK$ONVq#~{^Q(6ytr z5K1iYaq>^0VMHuD3kG&yt}FmZ>)sNqermlSO>O2P_%oT{t&a^~6NzbEH3=9sFf8aB zjq5uzae5G33rirQ6UkZpn)E0IBDB=GJy4FzfPWkv%X5rqH#!E~4Nt$~`KPYXdsq_L zKR~4J6F%yaaVeopAi5cvgjh)Uy0@~v3UvNrVM>irrDgh!xyfK`2mw0&>^SYIm##XJ zxWlQ)OCjY&9nvA*LctN)l(q=ZRz8cIGZM%~th>l6eFmUM;tE=%v-5G9lsms{~bEf!#RR*$k7V)BCdgK#{t_j}n3H3I2PE*dnR+_Xi(YBT7u=!9Ra9I^>U2%89{7xlWAGWq` zd@`nn?}+S>H10t+CGvj!w!p=SJPFnh3lg;TqVkSOVKj^U{HV*k2|#G*(KH)D^!`f1 zb%^fjURXL*cFM8q-l8MeQF_LTc9zy>t9~J?8?<{@VjHtvL?a#GR~+xjW)W1jLOmZk z^5$gCJio$7k;eMVN#k8y+}0p(LaKdEDm}9f3G5(SMa{TguJzKr8;bc(MBR zo5=x*=7{N3mV`8qRZd#l@WmsQBpvDs!b;6-Y{;!A#+-(bT{vr;snlFSD>F_Hc!X~w zL%fOwZ#9HJeg&#*!RtGLx(p}vWIio~d=@wZa`Z40DH#T`#hvyzGpOK*?36_0-NyP} z1iSNH={fuaA5gb~XxDQ|F*-?|dr>0_;sP$a3HcdcVeIbK;;jVNZ###j_u&^cu%Y$8 z%V>j2$d1fHwT!*~EV}O=h;o!o*MiCW4XqGiUq93jYi0mgm=0yu133vvtH!l(8nUTb zECWw{jBkdTub%{@Rqw6k_xC-#W2c}kLwgQlZa#r@8Vc(k4Hm}TZSQmd!u4VYWn|l} zkgm?E@i&EDB}O0tedj~VUYL~7ue*7pLSc#+0kj(ur-GDN|H0yPL4tfAj1a0_6pFCi z0$M)B48*eaG&jwGkb4*e?Gf(1DX|Glt7TG2RirpooYJZc;D0yxM%V(U|Fyca29?~+ z-EhTVoLS3r#L!AnlL_kG5w3j)XXFy8`;Mzq7|r}!3x@gBj{AHi=#vZTS zlE_22X*8H_bH^d3JOdU+ele#ZcwWp>?V^@&_ErKqT70zQUEOxq_rKkFNU-nu%$mhp ziCla4pcl5A^z24Nq>Nh*650~dmjyY#n&128_A-~=+X_AjJZatTvVGrX_9TNzOPhX( zYn>r7fspR8dmazGT`}nxzn7f;BuHif!4GqRGT?*`+XXB#PUa8U#C#gxxH`)4{(VG zW>qG6RhFN8pOKVNs@j0<=#0qj5@eWHOEPj!inL|3Tzcm2*rp@A{d}4>U_)AYG_Y^_z zg;`7THYZdPC7H$%ybTk)p%tVg*9FzHu;ta&Kk1v#jwN`+<1iOX%Kh=jnt14}0^-&k zM|^H9Ol((4zng`EIU^53)*0aj_AMmlu!4bv4_RtKOY<7X5x#Qu8O0A)**594<@F!s zX=LC~{U8zz+HSE*qqHk}qgQD#do9cH_H`bFFDgof zzl%j>qBaHAHh0Il{+wBY;2Zm1@KWNDLbWo^7CDvZgyAFlP0rcBK-YrhdUe7wYnybd z_2Z&AW{q3D1i!(Ft0TO!g1svP_KXlk^YmBC)bpz4+{oyK+VW-3UW&T;8kqFfjyUVv z<)g_imkQoYzM(MK;w0f8uej}`AcN}1q54d*B*->#Iy%n3Q;F40{!{bA$|I)L6D1rS z_hY~A-Ch8<_$rg0?2&SkPM_HqZtEx+scf{y?#)LWGBX6UPP_H^vBT1hzY=B%1UiCe zyj_Hyr;JDq5S~FPE~_)2V)!HFmF(CjV-#x>V${(zuskXI(PG#wJX$2`*2kL$b4xJ2 zMxKN!M{f>NM&kq@P8yxLhQu*c8<1 zQymo6E)de>s&YPsg)z~-ed*Fiw}`1cpXz9@>bh8J7ruWxe_93KJ8xR%2ja&uIP?tMM!Vu$c;3G;ur`s*>BeXp6wHT{UH4DrQ_aYlCksKAjhi2Z#x;fp6p z$6ko!c`2c#?U(_@smRO`#R1X1C{LTa&(gr{KbqF-yQ(o_y52DU@8reGlx4N40Y7s8 z_LjPo_+RCuq9b_4VNKc(2!dCc;=Xar$~Q$2&dyX&)lwEaTCaRmD8S0sCy288 zjUE^8!r37B-)CC(1pTaG1GC(YuqV1&YDV zj}qIcwUV?Qi`vI9p=jnS#r=}X4N+Dp({kQc0zL>TY1qDq)ejO&WVt+5vXDwxA~_V% zj!bVkt3NmM#9}#QDcU@mkMq{>53qEOV+~(%l`TwyOM9u6sOF%=#i36S$sdIm}e+@m*IRo?bZP89We7J(bAVF^|F~FYkpqMb@FGc_vzfk{_+gNlXrAraAS+n% z+b=UEL64DQb58|#6}S6jMC_s{ht&w;je6bVzN(Fs3@ou%%5x-ey9Q_rSqbqvPb1~f z-?jygj@L!B?*G*+`WX8|Z*nke@b6m!b|^3jvK7^uo~J5#(!2MQHd-Gis(zGQ%>DH)Dx+d(ZDfdI1nZwV zmV1xC^L}hSe2eo!UCK9q)kc_m>UQltVdUFUG&|c!V^xIo5Bxu1J!!=^^q0`Ck^h`% zOL{g(kMH{PtJugtA%=>ftQE=B^rMsgUvYc-*(~qk3$|YZdD<^%xaPae2k;karwPMG zE+H25<8XU+{v~ZkPUHCsWI+eNO#HnyEB=-rQ62Nzd zcU9JG-OuEsMU-bjc1ic|LG8&yH`5FGpo~w@s3s!iWvU7>t^<6an4b#$dG5=lm930` zypEO0k4l(hW&yr&Af3v6NVpdF7y7$P9LZQkadLj6W$qzmyoOkhB+P2g4hwUrbPBIO zCj*5B4?GIm`!vdL5nOl7bs6aW!=G;aB3xW`+{HleTBj$xmBU4bGyG^~s6l=`I^aS+ zp+aR6F@xV*!u&{`Lyyrvj3YlLC;YZ zTJEo*ek6o+DJgkaWbVn}QTzH=QclJ~kMo1)X%OpH5$|I*_r=$G>SMibj>t1*@fMm9 zH-EEBSwYd1guM)^bOx2unP{|?7YZi{>vB=uE`p#O-r_fPBHGcdIL>_ZfK zBl38G`+M3)l(IShz2DDRR61Qot=z(pP7NELhQEL=2zqyG8+~-gCe7EhA&|h*xBQGK zYMk`D3|Y;Yh3s*rXafA5e};2H)^^fTzmZv$BA)Z$-HK=&ogmWX@WOulJ&%1BVZOW{ zWhqu%8ppilusXdkLEDZliCSnXE}`{wqb?t>w9^xbtna zYylp(#ud*z1_Jm$9tDfmmlywZ^V3je3bP1)W?Mo3M8uEU3fp(Ri4i!R*e59YlHMigkgsAprN;Z9b z!O~dzMb*5@N`j=I(lrPqfNxMY6X%7vF4KkSKi3U95w&G=GJ%Ah?&!k`X7ci@IA(+7 z$IQ|!G>YM&T6Sxw(Ym1vJ428?B9Q@J>^P2x{(Z|y_X_S-i$&!3eOVyvcN)EHO{l0)BJ5^<8TGa403Yx-AD<4E0nR};oQ=~~Q!j*=1x=wfz? zA&?Z;$Z6tqqKXyxpBLcWVM$Bd+dU5vqOd)mQO?*)*U$8}`Yc3r68ya>duDI!X71kg zFq{vP05qcXTRyZ_Q(tN1CucFbe* zO&|dtB=hw`9TFc%&$}DGMZ@dj^UjXoH>SInEoPc)5=J+@ml&yL2s@L4?ZVFU6eBH$Z zAAKi;_+%dK5YWmseJ%P1zl8Y(;GfLN6U{E(!O-IiGfACeUqDT@lVG)Y%Ax1-UnJDR zD*;zlh*1T`Ptv#mdDTq9=)Jjgf8$=+C{x^nGWW&$2d2*#c_2_^1jOYJ5tg2bK1()q z3D1!z1ZojcE@vjgBYKi4e@k?x2!K6XAH!$1?1ATyf%q zWn`9TI%I$B_@eL{@zo@C1gN!eGI8{^O2y{>!+w$bR-B^CR9x&T)O_ z%O~CN)`$wMwh<)75m2mQ*z|-sl1BoD?>IQwPG1;8&)?KeKfu|02_K^HXY0S*SAGw3X})z8(X6F!t+?(~DT#c# zAdJ8P>5tY*PqaZ}CUQu4!bu)6TJVfKJc)AzvPF!du!xNd!JMWFeo~Aj!NGA3fd%t0 znHAsc?FQlzgKqj?!oQkjZ5|kIf7E>^7(;nn>73||IQ3?#g}BQn(BYM_pI?mufums_ z0?(`AABiCSc3Kxjh9;iEg)*6t_8ut{639tF@tE{(&Z0~WI`aI-=3#2~N83mxfeSfQ zki4KDH+40ldjACIwgu1b2k8g}KoNXhc#C+Why)l}!RXP}v^4ZShR^UhvkA2KljA5= zRDzC(`{slwG}?Z{G9uB3n)O>{DU1FPml)m+?78L7S9eAZ50!5<-7|tk(bd}R&$&E>!rK^(2s^@O+>FkQlI7`AJe;~_9an^xRVZ}MKg_WL1xL&y>B1xB80f9@6Z$lE{_nMQ*7DWto{2qcm6aW2&epe@|QYBXjXOQJf7W(8M3 zY+g{A!Se_ic{@v{bTk*+Im;dSxsoioG?+CyB#KN)ATu763I&aT)$cL8reWR|OkaW( zrsg7`|0b7LHydt&5te()u{j((6Y@%}Y#!oA&06rDxf+oSGpUnKeS-76!7?;18x{k} zUm9{iDSw}-2u>2>HSzRQ=k+Q{i1j4aqM@!fj9X6m0BouAKf>DO+L4){Qc;7@nOCRW zuCyj&jUfj{BXFaXaF}P3C5O@UBvp|`&<;pXF9h>fc}>inBq}GxmB+Ai@GkHnor=RM z_JMsJ{W9exuSvO-o)($uyB|>}U3+BIr_CZEmS05YqVN^G4nB8WDVl+#>)DIYxVIen zZG&>zSO(JCN)v79{vEfP4A;#H^A_zK2e=Ze3e-DT|2vcTi=odlQ<68wI~a83w&5(G zXh*m}{k=m)1k&DA09CKYz1h!FfR`{1nhIo^3Fbq(@^+IDHxQ+9dX0h5-j1XRq7F8V zEdJyar#y02kg^7q3l%*AwJH4gVBz+fJ5q!T(Be)tDToQq|5MmkheiE-;nFN1urx?6 zAtj)qbS{kwf|L@{NQv|!A>aawpdcY2un1q2?(Qx{KjGM7H479tri}*jhTez1|u78JF6v*Ob$CGxfxl#Sh-TQzT0B338u9S+1cYEYECwSm^-40pk6i?NP&>xpPEec8^+BswIvfAAnGv- zRB~^!GNm#I{4h8r8U#MtCWE!L!{DyPb z5xnq!Rb5bJpB#6LCux{L2Fe!#I@H@7$`52mO%XHv>k@JO7XI3-bhbli={4BLgcf zbnCEtPbbHipj&8Ryt7X217D8uS;Wl58*OEMO;9Dg z%e8zk*dW5)yu(h zc-C+h=3BlcXjVd_0WiWU(-C3C~-31ZA@fGoGj3p4x$5?mw z%eSDjdloBbhWybXL1i0^X(Nldxnu*a>`2*3 zO-c&Q6$XyEwPlW`;5~`He;Vys{AJquh@LatYaxYtng5s`C7PCnP){^O zb!PJI9LHXp-K|YZHs3gAeg81`9T&m?`p)%2H+Mi#OkVv}jUTb_vH>zcVIz@sSGtN^{y;UQMR~f5x-4Avrqya(L}cvBYz?cZD^LLU`^H zx-Hl6kl-x|)q=IW2QEDa(o(dB?jm2-jlitaALpP@v)-_L(HKT`= zjDLr$j=r^J$(eKw-Opz($Ox-mIIzce4e9=7&0xl{5k)zAe^~Cojdk7`B_VPa`I2=a z{I%BU84M}>WVeMZMvFD6Q-;;doTfiPZxKzN^{G6~o~4CGn`w_$CUNq1z;SO-Z7u!I z2M3u3|Fl6FJ68>Hwe@c=Dnv!_Kp89bCg)L|8t~hFF#(1qHux@eZOdl|#`@dI!oS)J zCCi#TC+i-|Dl41P18}1GQu3nH1pDhJSq+E6jko`f;Xx>mp$N@|N37hc=>Nek`mjTZljcKfHq;F43SKH$*?dViHAQ{F*b=Vs#%a` zrY!2~xw&aAo8FGUK5@vuN8Eb2vB&E1Iu9ZgXDI zO4Yr=lJGvhR2c%ny#k)R#`oSQW%;8j31j38DG4j7wI<*M zKA}AKJ?HV}3`3_;(Tu-C8Pl-Pe}CQwHD6Kad(LTBWS(JN#b8!3`qj_SF7=TTIJ#S_ znScNNv4nThIsP1OszVQ{-`zSDv)C2)TD@c!(5F}Zu8ti%b{zcBxid6?{PZTMQ9pYs zq}}uDkfKcb{pyVYU=%(WK`nVhTciBTDC$!6uS2v!hrACf8D=lLDTdSE-V4z^B>UG2 zAE0y5?V!v&2EanGKk>q2ILV_w(cy)t0<_)$>Z7VZ;(=;Znt8(sUtHc@Rb_+!7_Sfl zEv*2OI^zb$Hc?B_d_8pfro052EFgtJ&Hnj%;^FX6j@Pj)r4cwNR0tZ9zZ@#SCMIxU zkHjIx-$wu|#R1gttKtow@@J{?Xu1V!FpvcO0_fSy{jTgA^reEM&cJz-f4XVu>#=Sf zA<~F=m^;|;Zxb8@r0;Qvxd3+{Hho5K^1{~PQAXxmTRLfof-4jN>L|86r`H{~8(pHB zj$)jrYAZH>=9CGQ55PU0gC}V4{%zzIB_6;F)sZuc^>#+FyI|2KoyY@^0gbrlx+FoQ zieMygqB~tL>M{E_1`9Mh67@gv z0Jp>yfE&%ch70vFGCvLcNEPk65M7W=-tXzEY{ny-(ETprlI*?lJmTK7j8FG2wkt*C z5wo`apKSg(O?-Xo>A!Q~d$6~^R=My=$hpTRAvKF);{xQXMm{Uz8~YB5&2K;WJsD23 znYA`p@LQGnhxd4Ulw9fTa&O5!@u}i<@AC7$u@bSB(I+E*N%WO1@)s6@`HiX-C+W$% zN&ucLUoSAf4p2VdXD*Itm@n5>4raCG%jiBD_lZqAi5gd1v_WTvLHvgC2Ksk`>2>RG z{>>`U;szy&+D!o5jJ2q3FXVN9s`O~*J7zm9#;pPz)y~GPV;?#=B`Is%<3MJodCmoh z{r)cET=93LO7-EVu`rhgCI_j@3u5QCf~p+Vg3CIa<`P+_UEZ`YI&Jx6{kxeCsMBZH z4_y9CEgDH@KD+c0PQt7Uj=Y}r&maGFf6`MV5_os<{^x&I)!0kI3R#~UQof$C^}B2! zmpycnUL9(zoXX7`_aXMK$f4n#`269Y;8aTT>(9MSy~6K3@z61L*%R6*U{DRMt$X$| zeG_QP9dvCsO|mkWK4-3Qc66TDHsS(8cxMpxxaS6bckE03FaC;)*_=d)SuHmP~FQFoa~_H8HZ|~ zT~v*iZ4SwLSFO$ZJKD|qR27u8%$fzWf7Pmph?3|HxNxmC6}8N~=U{Sv>uqx1y34FK z+9_+=FG8re8PDhG^UibanO6})RqMH4!)09g8s(a=`hVkZ1UVL#e);&UrI1OEGmp<_ zE!^T@pS5bz=TH{vwBGplqt~!#oAX}-<}nfZi|0-Ksg6Gqo^;wiNVW}gs!wP29{)Wu zABg{E+CAWW_=W7HiSO^VET=gXL;l)A#3aA8ce!aTE4A`l&HrF^(U_^(&|5(a?QXsg}6vD;o=3HTcsVQdwDtESx0b@IuWXMd`;<-9r`_amdf zM0GaUM9sWxXxJT!g|*ukZOP_uqJ77M$%GlVd>4u*v?h1%gQ%-VLbI`?zc8JB(eNZQ2yYx`RA*&46d z#TSOnUtMAPAwfS*j_v-`eAjAeTg*UW%5ii@w27U~%Chfih>53_FHCKC&AtpC zt~ssDxEGzDer0w(lJyRoP4yZacqHGtd;uoLLVT81=BDYZGzV$+DIsK<-{p@{v5n>A zg1?oM6YtLZi{(aV8DI7e9m<52We6wmb9xWPfss>rh%p(skCSJ!^*#fb>oixa#jrN zJ_tw&eCnF)O8z4TGkSOm#zWyEO5)VS*LQ=F`MCKUtfl_(^*>d2oT@9mMJBg1A3Oc7 z7%5He2X%C%DM2^qG&4oL2dPK#LgSX>xlmzv6%mVj`KH&Z#lezuRVb#w+l<9g96j!W zepD#>E~W9QYVSF%K1`=L8D2SoRUULE>-nU2D< zBkt^sq zFX8gRpa?N_PWkg?<6IfGoZO@3i2lu~H??EHQMBb=0xr3||KZg1#AaR5=Fo2r>4rTs zSp9mO;%LaL8~(c*n7h|r1;oj^kFp-Di}oXL<#Z&N+(Bq+Z4C6)rv99L>Rh7_iCy>H zG@tY;(n_~yP_Uc!sdBDWs++S<5_SCOJmbn+w*$1eH@kIO$Xfato>r$9G9`gIxUqfC-v`;J@;0yD^It%7tswMq4a`_F29(hDI(r;$-?iczw#9>_O)NuQxO zzBYee>60cb8Qf_WK3FE>dUNo672(REeIrJ#d?-5M`AC-*9xs0hTqz@O#r9MwX-RN!^KxC;Vf_sFPP zx4#Dbjeqz0m?wGvr`o{;#tuG4t1&CRab5&f_3Y(Ic=D%m(qLMPk6vR>qcnWxEx>jlB+?ru!G=OtFCIFu@ob5v#n^2+yJXL~>Q82p%=>XsyU-~b zcs!KGv3#PLjRo-#6X!J2s08uUTz*!~pQPN=IqA%f#I?|MQk1bfaKaur?wMug6abab zf=SylALSo(UF^)e#$w|yeCx`)bi|gv7&=d_>Ugy=WqqOJd7~{oYydKi$1*&iE#Af1 z5|J5S5ro15a-vB7^5$3s`OZ6M8r=j8Fqc(xilh4tkYZbFFPJH`GcXgv-Bsx`B=jojaq z-j=15>>{9Ur4m5UqH8xtd|ERswZkJ~j0T|ee+NE0I-T~Nj+N%+--+V$v1)hs`bqVA z+oR%7df1c0J(0V}_%J7*qmL`yb8C_XgJ|GD3++|HS1Q{V>^A_nKV1~DA5p0sL9d_P zSy?sf{rXQ?S0OHbJDJxt*+Uj)nO9C2sE*t#-;~tat{3|A#t6-r4DSE$L$C`o!7Qs)n2 zSxAWiTYd>w)mZO)=9eMPqd9{zUIEfOd2{pThDC!fYR5l`G(?`uoD=&V)jBG%8d9=b z2v(Q~F8#`{=($mO*(2*b(k~z4+r0CvD~-`>w-$p@0xo-$#Gm)4EIkjZ$jQH`^QA$r z5H$~-XxzHG5C`ytWS?_2uTDI;*a9L^B0^;T&^r+NZ>p27IG)~m1DstG7l`Y@phw(b7e7(RdQcv$40*Qb1Zlv#kwOevwbUHY;+LMsNg{a5r1iPUuUK z$$hPhjX|G!CJ~vlN05?}KmGDb>JvyqGYbFDePddc3XQwSMfg@E!-?lYyrFTj*JfK3 zl;7LT?Stp$;OK$uPG+>X+m<4+foVVgK^A4hFfd%XWathoDuC@lZKI);gy8Z=O?sZe z*B9eA{7+LKp04qpdLE>_WfJw|7AN?0*TMR}xTCFLg;D1xk;>;U#CZy1_;To-YBjD- zDRyAf7{YNtU5bbXT)Q_{@_ej%N2cNf@?wut-sm3{dJ%-}B5Z zC|`Ix;s%%^2OHxyx31qQiH6*LF*PQ4fl*49@hL5+J#+JV)OAp)zTlr+AR8Xz1X(-0 z3MLjf!D28u8?J@&G2+GF&}>ADO&2y^DoWR?Q5xIC>yw7Y3JACmG#)LG)wy;<{|wu_ zHhvMlEa|P9!EKlAk$$zC@&Uup5_;VeARvuW-~r;#jTfD4*H24Rf8`m@2kE|}3u>mr zCmIU^k&=Fbu~^mx*nA0Mg{iT}E?RQ1;bbTlg@yq3S2nlKufr4O&GNziVikr0vkL`_ z5BknuP*`z9>jcW`USYYD?v&nGz8;brrrZSB)WCJ%uT|cdk&^|raz5hESQ;NSt5OyE zSmj)KKHCCR$TTbTN%5@IqAKOT`rENqjooxi;MOdKXZ~A2S5X0Hx@=6IE9{X3fq+V! z$>ms+^PdA&r}Mv~A}kWQIh<73doUZs)(QXow2#U^2VIkX5WcFY(_(418LdT~Aqw-* zY+4<+&gk@!GH(~4p8jOMS?3{LcyknpunnL2gqV(AzA@@0f z)}P5yVfjY25usrazP!4g?G7xZhl4jv&0{PpJtB8Jzr82Elcd5F!&};&NPpQ5+{;$ms#!hs%^OQAmq8{0g^Xlk6U4%Ja1qQ>wZps;% zweD(%@mPK!j~K_DEG=-*{+D5iO^A#D#{x2Oe>J`mtrG!D4M_mKm;^6C|IRx54WQS~ z45l6*gsSI)B`K+S-==wvJn;g;A5Q_vz^yTgY^68JN{!W1ueu3v3A}(X^&}8Owg42d zA9?87M#MsUxEHAZOaR&2z1CdejX1s>vbf>UtJQe$Z^!3PzS6G~U^~7A>gAJPwNf3x z!M+^u6#B5L>C%8Q)z)$51jf|w=obK_Y?Q9pI6l)W8B5Vh6eaF`lDv=)fO#^5C2Cf6i8g~XPw=yhY4oDfW)d9I7;6y$a2b`ab0~U*gs9oPR%Qv$^rQMwAjj3J}{Mb#A zK%0E@@AmBMr@Qvl>+PXH-9x%OEjKey-e(igNSi^MPd11K&Lrj{Lc5AR)7E#QULf*={-Qwx=Xn6$kHle2IzNkj-iVf_)k~AG=kDl zZTFho)jnbmKg+MK;QiUuq5=uV}Rh&ELMm`z=g00dyD2KU>}uR zy_f9d_=^;30RMsIXiWkD07F1%meuM&y4PmK=meHg1aFo*!zk4)e{u{?^Z{$<&CB^2 zAga)!CAG#4Xe*OW9dw2%+HpW7XpBMz(>$4NUoi%XIM_7J2oS`ltFWZs0`4-*7Pdt9hWFbBfOub}G}_Daj8QMv(!z?+376w+h8S)2fP8K`-_NQv7R zqJdYmCceq9i7{aTv>UHh65cTYTz6>jJ;ZW22sq!X;TJUvMn{00Q}7w!taJ2gCN0S4IPne{`VMSRr-K?V0H*FSeOf)sP<`z=VlYDhHPrphNpXZ0 zScG}yteS?eZ)#@mfx2|>cR6L^1*a(4<>{x_x5?A((Nq1Gvh1O0vS%1@0j4J3&uhTrrZE5h?V0xsVO#boV|XPouefVlA_~j*95QD%X_JYPL zaAGf@SB2JoR?d(bfI^5ODk5YH!j`0$QZc@6T9|6E|4Se&fmUf8My@?iv5&}F?(uHj z_FR1Kg;5+wxs>--N`gN?@Z_EYi6(tB%3@f%GuZVg(abW6h)0$>@BoTLkM$w`DJ(;l zSesO0u3#so{}gtrez8p&9^*IgtKw=k{8IU>r9#4;lxU;w#J?f-_(cZ6ZDPe|0E4g@ z&Wna9I~-x=iCiy%zMM0lqLFilbL+!-Z-7jeU5cw}i|s79=z+b}nBxfg7t51C+=XnL z+epp^Cxju5y5&7*JV#Ao6se6^Kd7juH~`^Ef6YC*Y+Rg_67*1PoO{Li2|w=|V@t^Z zoGfJe6Xco2-^79I>P)W>*N49Y3Tbo#CCT?)oB9^A6K4P1ndL&9o zMHVTF#$D#yCRZk|;hhSz3$lI*FC1G)00k-{YbGisH`!52a3{l3WagxQMD5O3mY2=A zUVy_uwEY8I(?Ns&kT~FLWRQE}qlP#JhRSRG09jU&te_fKi$_n9(B znWRQ&X(F2Wjo})g4^wUv%E)_`JWf#7IPfVFyxLWN2Pzbxs12?io722`U@=VT*8Po( z-K>?GW7O~Y6XzwXsxixmkSIx#nEc(nphc^0wKQc-gWtykWdc2Kx$;KxwMqrLNZB;9 zu{HFjm5m@1&2*I>Al`@P14FZ%jw#v!>Y|v;H82gPtD;EWaLUnA6@Hk}esa9N+^*9z zQj)+&3NZkTZ%uu@#X$~^gS$Yuy9dPd2!s1cg+g96%N;0~GcdxdTi&sHFctwVHJ)f# z-^0%jF`53INVqJD#c~7OnZmqrMIwY7LYW}fWF&?<#&pHcS5_Khq5jHor2-r1YX+7~ zE|x#7v`LUu)N1Nvf<-&^Z(Z@(W8NM!d5QJ|<}~AktvGilQ3>vvH3Q6xNYh3{uyKnJ zhDNuW-Xb#Y{3ws&TIN~okl|KzJE-u$~QJ2*QwSuC^Yy(>B% zBOLG8f)G*EaB#;Uyd|XC$Kdr25evAR0@tehwiVIw4Fk4dMF`R1jwrQX$-9!dR{_NK zhjb=L`pVtcC)#Hca3t$1D0}|Fua9Brir=WTw)_>rI(UZ@Li<$!Rqjy@qexUUSCL@6 z?5YbUFAw2Uf>>}h@$L)6H|&$#>DW%n>NTyu8Lf}xdd-n^cC9pY;O&Zlg;^v%-YNU# zks601)DXq%de}=@FF%Jmvb;uR8N&CQLsPYJH+R!Vk8;vGA$7BKP`koLcj?;jS3Zp} z(QO!-q5VdO3W+;w6#lkwzmUd=VmCE#19Ak@WZR8LaxyGQ@I*)~r*dRXC`vJ!3yDDM z`h0XRXp%bc(K4)+%W9>fl=vdHt9nP49boJczS$I4LC_9WHl5BcAgG5uB8F2M*}sY2 z`(QJiG=-xM6C8GWMxwKPos=XN$+cqvbXQUy%Yh~MU3$^|T%<8QRTfeFd)K##p0+vG>Baz{st6`z};y-@Ok1ylEf z7`YUTm_i_RS;*P>FXsAm_54s@WmYtGp<2o#-c2s$v0t&l>WVm=(MO*}DG&-Kw~Bx8 ziamk`jzL^QSCudg9Hir%ajgO(OJ{jSjiedWa1{gt8-+S63>L}mY(?g5RRlm}ILflI ze7J3T)v#V@5QGxRjMuX#52b*J8D#M@z`^l~{0a@PC%@*HUXV8=n11{EHU%kOuxYu2pro{9A$MX~GD8IZO@&8@epo(L zi@+L){(o*<9nkcM@G3YpArV1CB@5a?9%Tak4rxUPW%}HLi_uS>5i0vBph*5f8UC2Y z|A1t1Re~^(e1zbV3J#`-K#PpNGUvi0s13TPG$DMNDb^3=Q$1pr-q|6CpNOP*2L=Xa z(wHrU&%P%y<5iA~pmvku*xkpq49OzFle6tjgjy0P+J&H8!dZM1Mg))Q3VbAXNKwsaks!389xn~QAYvmq zNhTF1pxq<12pk9}vugHh9#m4?|4G5dpsXR_TSJr{R)Erk2+jx-(AANYxIKJ9&Pg_9 zb(=2igU>WN0xuLLfDT)dSmMkmYjFFf5+`#o1(9CvEpwjOXIDyyS;!PtAz5HbM@7Gn zZ9kTrH;{3!slQ+P?qTKZp0H9o^~76m6&`PJnsMvWG`!Mi(PRpG3h1d8yL71duxiQi zWfx@0#ksJ%pt3SE})G_Rs=ya zdy7&NiEk^tj6UiCimryvv9QKgA}Wu=6 zo3?wLBQvrla2jIST80@yxCPwQH0jPPO*p`OJL zG*NUGCdkzwrum5c(5?(Rs*tSk;#9v@>t79zKCyYG6v!>t=myM!TfV2u**7Nb2bW7c z(}~EPI;CAE`0hVdY0B}WUgUE%JNFQGR%l`*|@=|Oy5nc{;`+WT>H zsT@O*1AH>%`y@XD83F@1CNPmuF%<~Oyc2-EpUOz`K*Zry9CcV70w@Q!E0-#i6>3g! z?eBsj?B;tvves3j8a0o(0tFlnS}J@rL-6Wn;nrS=d#f2d)A9phAxa)ez=pG7J%#ab zWtDcjjUIyoq#OT`O14qGmA*;Vc4Nq9B)>oWWic7mp}Cd7)YuLm`aU88Ab)7x06Y_U z5wjB0W7aNm%nh+ZMv&3=x9rFy1NP46+l5m~MleY(2#<^*>b{t-xhNjI4Z+4piB5pW zb)2TUSY4Fpz;bhkr5aC89RIx1bUC#d$sf>a3t^z(Jm_7Fs+dt@wcs_81aJTYwa=vj zprn?+qvrzRt?VYq&|AJ1<7Umfg5PK>^KHH`yQ%U~W_}pp{sbGR>Zir%W?Iu&TX*2I?bo zP0kB~>(sUvzupUq7soOvO1GPg;vy)u6V;ZoV6{-cYa0jD5!8n-k0jj5&w0zqQyBL= zs^{OeyjZ5_@MgU~!E(qTqAKN^gFheU{oZR$p3p*()phKtj3J4Rl0qHpPz!te_29P` zh;(g;v$73Lvj*w1>ApcCwsHJn5A{KA`f`Oe?>nXdK4%sywGjI=wr2yO`=s82S6bxe ze(^xFbnqF2d<1ezwExHA(@V*1nwg5TG;ak@(rr7LI0V=I67{&ah3xJdSDWF*m3glL zNHr%v9-YcK`J{+=*=;c^3;=q8_KqD!&~NyObTJK`*Df-1dQ0A!{LPnhV4R`3lko!WSHE5{OXv>9c6qFH;nSA+B>X7LZO`C}*LTQ;4rcG&A*FJm6a z8p-9~f=?iZF!looc=X~Uij1X2k;d|ehpYRCPuRQI9ZMKp0i*LmHCPBi@_PUA&&54G z8E$%5Kb#^sA+@&tD3o+#se==`S5ljSB){K{zj!TO_a;aHNC=c(C5@xy@hWa;?uvie z+U5hX$EdNJEC*9hnE_NN+6N*$NeHSC!?JG26{xBp))0v|LG9iz)vT%9RI;y|m5)uv zKimB6evjY-3*Rgxec)rl8@{BwHgBgdF#n8fS6lt^YPyj@@bi9litl2#3fHsnnowwa zn*xekI)loryOR-7+Pwy2iLr|)mV@K%$h@TVf#38hmZqOkZ)Ms!p$^qV2plVMcf<;Y z8n&&7vl+J@LtMG5zIRBNsms`HXofkfI`+%I@TGT5F6 zPlGN&=uWgzH{ihoKLCrGx)II zr)5x*K*-Vc>Y1W%%^3GgS~%FgemXF~kp zzq^MmCr#lPNDg;Y1UW~yuhQyb{M-~*E1Kgt+Nbi@jjkNysuvdSB=AEh0andtEa@Ev zF7skYMVOw96lw#u3K0qU9zs&|9c4mm^bfA$keCR*^oM8$v3JdX6pbOga4stLr8_@~ zy8^|05|%hMq3UCi2rd>XnCkPJ8Sh>%{VA3{cY90r?3cR4cJdT(<}eK01|4tmKm9d$BIG;(jcuwUr!mW=ay;IpytPc zft@4Z96KoJF7~1)>(&g80ptT}w{9&r6zvv_1=^4DoA{uzB_SdLIsfom}gED zfmh$63^QdN{K4D~a-)tBHjCf?P)sK{j1~r$BayT!*M5;2=A?MACUVK^L8cSJH*Z&i zqL#lIlOiuxpfE7c(^B__mzV`JHm7fi52+mbT75`_8zzD8c(V2Pr}*p)%Qcdw$hKb6 zonDPNT0E6u*j0*N?kXqNkrq<=nFHj+&d9keabP$lq1CZ8En0R?q7NX{$(+TXC|eH7 zG&p7u*X!rPJ#<=asiy7+e2jHAI3FJiPT?!UzukQB6P2iU%z!j2ITy9dKm>HPhtsqz zQ;sW>NJCHT_g-+-yh3nd?kspJuW~4_axue;t=M@0i`NsWdvb$yKh5+H=2NsuR2M{> z*9;A$qc|X3nojZ={cS&*NfcL^<*I*-h4_caM1Z_5M-ip|6}FF0>T2{VX~;XDZ(&FO zjw|ml+OAK-(i1I1rDe;zPx7m878}Iii4X~%BXq~CgC6lP@GRlzL`6_<@n{FnF3NI< zAcOf}%GVTw1388wSSZ~djA;zWiXmmGNL5>ygY0->`C#JsxFLxx5kcaRU)t)|ktt{7 z4EK>q03u!e?S5=t0-+coLV!XxY3=C=lVeB7UM?_ZU#WI!Cpt@&2`bjVE+1j)zDT9Dg$`%6C2P%U9f z>rc@_ltOP+NML$rDbATY84ATzw^5|6@4ES0q!k(o<#~NrKftMF(UdX0_B8!?%2PDG zB&M8cAttvbRG}qgtY-9;7?sT89ei}8M+S1b3M0(%V3lkV$2Z--@>!Qsu(_qTc+8Id z;Oou`gjDw*xIz#Kp{v65R!MUJLH}pPH*hmjIQh;z$X;K&%-V*~D>F%oauyQ!?kpQtB^mA;A*ybZd2JP|G+*Z zdnkAMV~$qtggWnkfPAvP8KDe05~esLsZQ&v04pcm#<9@JftPgu0XhWj5Y7&=1>Bgv zgQ>-?C`yYbW|&Ha6WAXVD*z+k&zLaF%LE^Yi=RqM7pPqW#X|=u_2MJiGn`2X=U!0t0l6$j;-Ieu;Q-b zVg&alwGt5wt)T^+7EV6VhsS*4%s#!suYL)-swdd@DnHS&0yF181nZef;Z+(N#i~^% z(xM?=@tokaw3AXMA~&7syiD5}ZsUB2uTyvRu1AgE$?DGb#Jb|98BX#bH|+ z9uK&)gVXftSA5v?ze>oncK}Emtvq+q6*@k$>3z-4JR1`90P+A_t!c(A`|Z_6g|ETq z|6>)BgCGWS?e#gioT%8%;27|73%nknm)4mkkT;#qyX4?O* zyr1{AvtU7aOhLm|t(fn@hRKWJdvr(zpbEFyb~sz50VDxG2^N?WdrtklF7A|QNXetQ z8+@PP3ZuM^1r^wi5=`q*^};K`lf z%ebAn9uKfK)(OEB|FujU*1#?lg>x(>Iv}d)l?eE-hQ*kjSaFm62Z0_6em4YFm=?ZT zQ8w7On8{op{3RBu-GK!*A6apbU42RdMU$UrS3V39^cMToLYNUNEm*w0z>V?m;l>^R zJD6xzFt!cGHPWl@Z)3l_Vklk}A+PG4QbAANU46>MPI*Q8;Jg1k2KJ?m`>x)jg?$V` z>|=N?4ZB>mBa0PcWh1Yw6#$R%1d9py*mmQee;7x?U-M_Q`Kxm^js3t_IV&^@(_nO;m#~&QhQ$Q^$2gC%v-9@z*44;| zgh4A65k(IFc@Ao9#fyMQ@y3;1?*ITz#@bbE1I42QbzhAR$`UC)V7Vl$F_!W9_Wolz zY}ht_``5o^GfU1}X?*-&Zv#5%RWnEhXV`$xQgVfU#X9g(SbJUPycNZlV_{kgMvr~C iD`WgSz-V#2OJd4~i?gpLjs7^`pN5K-av|J2_GJ=vMiNuj0Q3;ZRAQ=QC=P;5%vH=7M0wS3~lqAR?86+4; zA~_8L0>e0@Nv8*VzxO@+>_7H-p6}dy?!HpbFx}OwtGcUus%owEtCeJ+r%8R5{VV|i z0kyW4`fUONQb_^=;%;(MAcv%)*qwlY%H2&(%|KgCjoZN2%h}DtiGV;W>8Tl+xzPY~ zfz@qoS3;7Pv2!Gu?ALY3MIZd)og&xfF6w?pXS}su9PQ3xSiN4EXm3UM+QE#uXO4yP z?BKidWa_7~JcM@+p6=xDJP*U=$sr1TU3_;4uWu6TUmjL#Anea(>SyST$tn5zCFdp0 z0|LnxM1psFmOqwmH8;BwI4xj2_uy2*Doo#a>1^W9qW4Vpth9HXBKvYMve+S& zNKWxEx~jbm7T-j3vEk)g7?3UkDge@#Smfb?uZ2^3?(XV&bI@Ia*HsT#7|y(==(c;*_RO_GSxWbOZyf73v;V{9 z2hT}f^K?_j?tM~k7{2(eo1{Vft(b1FT@?}*QXdJ`v86rNGTFUF7pz@6S$RH9`}=2vZ}+^ogxTywO64gxWe6zp8D-!NAv;0ZUGmkE5;9+Uay3A25L33$UJ0Z;sa)+{q1 zVUjoloRdM-JNcMu?6*$rxt0aC?j!EAD<9?`Voe^YcwJh!G?s{4%qJt`>U~a@;ESE# zBzrqA?NOd&>dr*WnPW+u)oox;E)mVD;op%8Czzp4kDuheHsj5_EtSzH8`deMD!eGM zNLrNY?GoK=zOVMAE+__Z_5#B-@@h!XHf&^Sv+ z*jRej6wwwzAdN!OosP7-$OlOm`q=B7x5^o4w`qfw#C zh5lH>(mcSy+uPf_=KVAK2&Z7w>9`^<`7mYzd3J(4P`6qCSrd8d5S|V&g=p}Xlm~2e zMEh5`WEak$uhWsA$>e6{kCMK^sUaSXvL?M4^W!d!5TVoEOXg=LqEqiuP7wyiU|w*Z zClvf(;Z0#pDBGdb95($y_Y?J8lnsfB7WoA`ZjD4a`3%Uyo8jST6k0}IVeLJsqs&ujiXH8S=B&rt^eokAb9<^teNVt~ToY-8@oDdv6 zr4z2Y#gnO}!7um-bSbNw?_7qCmb+G~R-d++_Rp8Jj@0#X-%`(O=n3lf_pJEt>Fr7E zne6%bir;u{uLdvezD@F^;)%eMnkO2APC5#u*_CPyCC5gO%jL%8#?IaoMN%P^ku~x0 z@ul(U8g23B4viXdy*8-`_H=3GFaB<6(lnkTw^Xcde%Dh_X;ll;E&J;EL*f&yzIx-k>GP7| zuLTu%Dk8K{S%K*^YA&&Q)q3qCy!rX^EdKKT+V2|Q6}=;x4S8qfum3~Y?k<%uX~GAW zAtw)~JiE7>^vJDW&7pFkPNA(x%U|!10Z64^M!(9|%{I8ky`(y*JgA#VLr8V0_Bm#x z52d^P$-@%8`#X6W)M{x$ysnL1={ImSzt`Ni8^0*X_sX!`u=cZLNoWaKZ}aOCpEkJT zGIg&@N^ATEHIieH%TnGS_o?+_c~XgX^nmnZ(Tl?um0mf&T6}f;tIVsio2^4sL(xON zL#DYGq&B5po{>FE9yZJ6k_CSlbE(e>89KY>=G+vQbR#yd)Beqk zCe*E~H~pLySmYcpjQsXu@e&oX5jU(sCXX!Kf9%@Rb z1uw6y_Xbt@w{GhN(fSpx&Mjc4y9U(OUw>F`6zuYQ0t+9#I4W*4XCn!*gy?y>?@;Xo z%r%*ZR$rUooe1HI)~_2CDdbb;ig+JR8GeAm{(x;|Z#I2}IJ}(ITI{dkD?GG1MxbR; zO=qqUOA=i@^Y)A-$sSP^5f_=o8H(t}GfFNBb$(N=Q;_I8F-{-IV&?tA<)p3&s@7%f zW_-!WGMN3e@~NSSwo9a|zUyA+yDp`!vbe%TZguq=BFW7?GOK$n<1^b@JN;~#WhJhL zNrvtvoSF(6AB#COi%NJkYghw7y%#kYjJPQ6TV4y>b9H~~x%E)tynaf0G9(3@b%ob1 zw6jHBV=1;fKWXPt^y4i4S=~l`Q-0Y}*V2?*6?!3s?2q0lHhBKp{Vb(nt0SeySSIuG z@fV{nO{E7Z6c^syyNNO%eJ$YNmG*{1)@ddV-n)$G<;s5{6D7NNos@@9#=)i6#YP13 zaPslMuyyvgVc4!2!uD)5iSU_xRq&$kB0>aLy=rmc8}^%Uy~2&CVqe4TXM8rok@<|7 zZzNz5_dT}vXWHAw+LVq~&?#s&hCAA|E5Fp=BpF?7)X9G-@TF0^{juq-jjS63jRW*Y z*Fw~yIML-^rc=U^w-ql_2~~@rugE#=MO~6N;y21Ilh?a*4H;r+{#pF%t{d9z)>qM2 zqd8bt(y-pOoc^JqoLg_Iorj-~D=UQWrvV*Bi(jO0ps0-vdU9s0B^7ZKHe7J9Qnp)o zPe)qUQJ`rJH9X%;V9Rauss2;MVs4zR?wL}SkJcXtKPrnaiN8BUBo+!sZd>IwG&?0t zKBCr5(iPD45~H+kbZ8mbD_+$%O|dj=delcl8R6L25OA zKi8BgWzVEcv+5)-<{z^CzHErt|c_%2tr|vCH#dFKaJK~jI?pp4yN=zZ; z6`vvS1-tC7@9E~}D-p(A6IRN92{*fhR z=rU4Btq`_x9yJ3;U}5RjyYIc%c{lAb0ubGR;euf@FarJaZnBx~tkcd%YP0ZK>Bck< zr9he8jRAL_$q^fv4b-1+O=EL-<$04=>ih9PEAQ52y}A6!Aj+Nnx#tmu-q2rB`!Rb7 z7ip^^gAOC~pPPOEtjUv}%O$AXeh`aWSv5NPI{Fh)@VW3QNEU1}yEx(VQmPs;m@FYa zZL4FuANUkqgy?%`whxKKNUe{qZGWEq32}m;=0rl>e+8m!Il(f>Zlq#(Hm>#{;s;p? zt%7pBaslee@sE(5mC=`@=WNfnOGl<2heE}n5dFc&@MF-KE7v|%ixA9tkUc0MB_Q7S z9FwTDsk5as!A+-kfIBNAU)#13l*i5Q!0+sCt}zpYHFfS&?zw-kkx8Su{)qPa>?~P= z<%-4j{mWwPTSnxxsN=cLg4DM}55#p*$Dvin$L$_bA3EpYvFhV7m*dF8;%`aVN+P5_ zKGO$ffKtjk)a0b{S1U|}y z9RJ$ZAQU1XKFKE{AV_c{Ao(q$2YloIGJp^MoYQaONAUz?z#aqe34THJmo%y53*x`F ziMxSg1S&>q+SzRkZ2lt1ZaZ0>J< z>!!Sem#3JWqnEvtSg@xzz8nI@V0mEE)5+hCJJ{3XzMp)s67PwGJg|+=7U$(Y5%G6d z;x)fzz^&%x>%@Ik?26bGUgfjg+}w)3j?VJ8)ir*f4(uuMy88Qj%ZrN#1qF!(Nr`#+ zx`<22$;pXdkrbDd6a^$i{X*{h+Xai>_v1S)*MaS5?2;{PfeI8_m!D{tTy?Brpg?&b-!8Bm9^ z+*N7C6Z!w;$lo>o<4p6v&y$8~g5y`U{}{r0NhjH^$_Xk8nL0sq`B zDBUNQDFzAR^*fMhd?DP#GP+f8-AW7f z#rXiq?T$&l1JpGmA};k+vA10X0yCPaf4~K#!U>Zxx&36)Z)Q`jGhhwU3>tHWZK$SF z3+^3|8fz;@UfW9dw|8n788+9AwcySl`2*!0DQ$oX!w)ZCX7)miICn&FVh=ld1rZ## z+mWe7$++**9IspC6kBw!UjkaK6}xK>YwUAm+$gYk?oN>w9Q&x1_MU1d?27H<{x<0kn$?F&KHPSzS z9)mCL^gexXY}9Hf)qwl}C42lOT)|%g{x0Veun29Yjq>kDpBOlw96#h*(augY!ziwt zXWmIuZ2R5-DQdTeh*xNsTHU^E8tW&O5yxMtkg zC{LBn40skulabuhqpZktql7GH54O%dtU^J6Bpzf=R0vWAhhu*!8FKK|PK*3{V5pd2 zBUA`_%48FP-G9Vhx{TcflEU-y-1kM5kl?fygZT;Ub1%pB*85KrGs{C>IMrWvSeEC! zw!!>8=k|aMS?{W4TM48l=zSYDYxSnD&7P+KY#uooWHqkw^J>o=c&J0`_pQw0yZwZzDO*#T=%4=%!D`iMp^s&`tF=eos9?20Jd9;Zz z3+tac51ets@$sE}Q%NaYj$6-dg`7^`3k*2)GNKO#@pyP90(%Syqfimp2|>xmuD!>K zhxR4QVOC*S`Uak1xrFnJDl5f>V}{}6BXWVSsNF_t6>Tanb#A5$emLT?IMl-Aoog5$ z)9mG1RB6VZ{+3+NlnflAFIXHlaMqMvg`JO#odri=57DWqODIrd^yjNH;L)|Cj<*HV zd43)A&R_0;Z}w^DNF`AjCyC%KFyzN{T9B*UWIWX4Ymw1q(Rm-HP|XrTjqF8S>ua&D4IMRmF{z z_FWvoifyKvL)d=v#SB+gZ1lSeKQS?;{lySY(g5#bqlH2D7BGc988TnaI=vG7Esie& zX%^y*aguOMeXE-Dg933~{DY!o#3v<5#V zo3v$Co6r(|l2dTy?9kFwqEV;nuz5OJ{;`<cZmIXU~5Qvz)XKq&H>kF+npTv(I$%ae7pXQCB%Vj1a{9%*J;Bga@B2$ zeIk^|m&Nv%Od}C_m+zcLA|Ktf-Yr^wk?yzWuCoSG>YEi475yChb-h#drWIkVUDK|= zz~w(8f7<2G%kW?Nk$5Cd3QAt@w11T>I`C#UWou|JiQumIX7uI1_g+u+WUW{PYXmwU zsT0&?2dF&#d(V8!UUyGKkx$`GI4{A}$9FGu{#=9CdgQXm_AO_Xk+8#N;*81Pd-kvY+}?kur>D(Q3(X`v2a1u1U6xS3 zevTDNtkX*=Lj87>>)q1UnPV!4hGXkr)>08CNrYL`bvb|ckaO)92DUq_ZF)Tow^HW&RX76Shz#T9LOQ{iWAH) zqtOI<%jo-SHTO{2#-&xbqjMwCylYbd2aLlYK+~9SmSYn%R9N~!5ctE29x**2+1n%dKUbsq=QU65sdT|W%E45EOEVMe+ zl)9Hl_~l*gir7Jr>Tt)it#;Lhe?<5QgIL`i{b4mGP zUX%2W`$YK{(SYLB+vQK}&yrt0ZjWDDt{V2i3)n~zn*55Oe%nlFy`lcG)ZkJN6P+=T z(SybEoeMWp@?QJ-NU@X&a+BypEE0R*Q3}>Bxc$)VViZsisU-|NYI>Z#a;Y@fiJ`oB z$NfdXe=m_wyNqny+*ZtBp&LxGB)SFbNn9%3cimkN9;&^>8YBskQ}|zB5RB}ni>WD^ z6{ewwfUpMnj)@u98JQ20xFmmzb{_>{?||#o0O>B0$fX1-i7EE!_e*r}6YJUI3#wW# zI4Y2(PlX;~ttWpv2$jYy=r@26_O3H9fu8=fUXhZO~y7 zRZGlBnVXU*<%QAJF2DC*cRy~JxWraAH*Ba@>dhovX~X9{RU^7?GGiIQVZ(>q$@NhrGbAofU$_r6*LIx@0N(#UMdw@c=f8f`a6I7q*ay-Y;ddWD;Ow= zRribpPT;y2+8ch16stgp@3`rRo_kW&Z4J&$8A>=PMCnVLAK1z{_0A>6zRlALR>hCc z8|jTl=tXEnrc~n#Yk@U{?4!)1UBJdY3G)KE_s#7defI;b;Y!5qxIMgquGcem2NZ#m z1Dih$+luym`fLZv$Cd+_#lX*ZpsS2*-+$itF2eV!+oMItr}?czFU6YllHUv|O%j6* zC|&Uu#a9>_5%}PU2QYJ9=I5$@PJNz10N>XxWf|#4uPy_hK0};(O^eF5#cl9IWkWzDN!p1F6_ibbm~#E#Z0l1ZS5>! zb?5raV=B4K5Xu$<=y!2i=Gf-6zIRPF^4wFmHyU`^1us6ZNsL`h-wY1M40g4->yoj> z#Mys)s~HTc9vxY);@X#F%h0bvW+Yir~Qqi@7#)g<;NQM_R0 zwL1bl5w+04m`$&73OW(Vw;ng7^==Y0&{2Hkn*43atf^_6D%fZ zp=`Yzy2e~w5M0+cGXe#Sy_?^YpF3?!J<>#nAq+(~I%Ov;c-v5o#i)fwu}^ zq>A46RFP;owT0u4j@*8mN#0m1(r4Ubdgk-s8YZX6jF)b$aI9KrhRi&;6?cptnC+-h zd2mbe=ZI}Y#@E1QY|Jn22E4|LPnm>`q(st5Zb82nHn!4oU92JFfuEFcGH}a!R}&y^KXnSvi&|-kSjzym^wzClZTFM~#AB;Q)uKg2Efs+g^9VNcCQ& zYl*9KE!9S1FOC}3>DQyq`;h9zFP%|cLFR)e3$c$sHz=iQ~&ZUc9aPKY)TB zvXEy2SA$QZ|A{#IB5L$ly;tasNL{c4xxm4$7+dFYwA#5{(_ZhdX&=pb+tCAj)rg41 zp7+?HL;89=m*@97bv)%2_=I4gViYf!+Fr~&r_^YPg6YVe&hNvZNIrx9i+ck&H!NA}>+Y=ly9LJB9`=(F)D4Uxn3c+O& zfH_cVs$8yauMHO)NLf*r7eP zj5IgCNI=0gDTGFh)@)p>f(RGtO7h8N4rypDoM^T;sH-o0hR@j98_WHme44o;przFj zz_N^#VR>{2a|BUq*#MV60(KmSdCmJ($&YMo4#FM{Y3cF5p=UUCCL0pFYx*k&J^OtV zM~8U>3ADC7R%~#e`OiO=e7?rSnB@D)eef}ivnL0&g+u`Ub2HRpyIO&l`u)(YYQNs+ z(qy;M3^+ zDCOu{LWSVF=C1lxXL}6rtN=b4gPMcL=W$0^uY9?Z+XjMldr2wUr7Gs}8NB6#s9du& znop5jyzOt93>w-UZSeCxF;e7du^K>=u#3)re`nl9qki0`Xg2C#VHY&WGcI z$4!{Ys~nd#OWiyUZFfF=CIk!{ph>R%(HSrZe(hH!Zlwn%;P&OR}yQg@5l zY16&%ZpWXw4FzArn9cRCBRd4o|Jv`~oc|zFlR|KlW2ae@r#4>cVl2Vq!hHjhqBt0` zgxuw}u-PMtj<+Mw%~7CrHN!;MV|_1hJ>;GNPkz_|dd>9F`3<&l;g=2suYR*KfKT#0 z^m>dz?XnvE$qXneVg+wBJ<<61hyzUflL((p92BXVVOo;9afkF&Gym0U}{#-*&=Iea)l+$d_C8dZDz)BHokyUSsf4MEX zT`q{%b}amL;X`D(HozFwJGsi(WI34Drdob65G%cc|3y?0Hpj>gmhn|8-uj@6k9CiCYB@V zsB0Zsm;%a_fU;x}6~gZJ&J*Dr?+dM7Dp)u{Udr*vOB>$ntoBCb`?sL^X8LJ7)-ngq zj2apckkI*S_XIHz-m;~ zya6*@s|yZVS)84SP(_{#!whu@2#kOQ;>;%J_h~eZ(}3yuDAG1;i~2@H559>?(z|g1 z=}MIL&v-)ua7unFCk%|R60x_J(1viqG36@ONPBS{a9Ia|N={wnF>0DykuS<2Q!st! zg+~m9&=Y_LPoW4aU0v{6#PZGee+tU4q)!cS+4s}*wOV6|g*m;>*Uq$w_ipR(QBv$X zXqZF7k8`T~vk`>?Pi|yohbMV>zn{LGHH{K>fAdlmc3dUxX@v;G2Ayy5bYdG3*{WO`HUN+&_p{$Chd$;7k8-Q~0`02r| z+aD2|;K`Iry?oGtH73X;-xiY3Cnq-a(z;fL^G@3LjJ3RDK1Ff}=+OeYgh}Ju3kPa+ zre;;eS{`wF-O0~N@ajVpt)=27CW_bTOJ z5BP>&wql<>%)B}|Z=pzg^Q4TlE04F29WHB3TZ3KTidSl0<@(WF>%94HGrfY<%@32` zgXnmhd+)zg;E*6(P_j3na3!-Mul>o)OBs3fRS=1Udn~A%(qz-C&mrr3p@$098(I$A z#V&>$Ad>fyPTXIX0Z6P3_vwc-H1Soj$%o-iM#pvFDfD5Qo~oGkG#d*HhpJjg$gAvb zL*ISP5ZVC^>zGjbO0`Ax;f2ahg&Kx(KYuAIR^JBUWe&K8b)HiFn`L0n=fF#hY_>gb z1a@M3{2D>ODrOy^Y4g3ho?}xF*BU4$hyKP@A`8zAyEA5aSaYol9FpI|6E-%`y%(B> zx?@xcAuqBQ_{vj*u) z5qaQA+b4u!yDdgE&Yr?MP{eGI_N2~}493&Z@)*El@QONQ2Q;D(tLZ#zdNOz3l=`gs zp;}c=6}|lI6qYlh=w8U2RS@J@h(2q`^I{A3@XZcw{;#IyJc-j4?niU~_j zJShj2z79DUIz%HeWHj?-yznE`b7k;RRjDLW3c4rlLG7+Y*pe)M%#LRwB&9I zUXd{{+fSe6rfQ8V6E=+c6nHO`+m7c|4MAs}Rq#88bALqsw9B8D;lK1Fx!S!6_+RWK zzW(84{$N1=pP`&yQclkIKX_R9fwdFP%Jt%G$~>XK@|i5sX&CJtpM9c;_}7*ZVxhG; z?UQ)7;2iif*(c`sRLvdE-MhMPY}syI*LPfqzd(y;-pkJvf@jWNn|p0^udpLVH1Kc2 z2Cw)TQqBQK=fLA^pDw+d{PwU0&&Y@p?p)UJP{b3;#mqC{=5sUPN~vGlgtU#)sHdMv zeyNk*pMrY>rmrMRZ``7(H?Csjf!^o$Bc>jAfU3PH!f}i(&y-}}EMZZoPhil|t_fOl zN&o&C(S{4VwFH!{scc5+phxT_-?^qKymP%$~bz7oc9fcw!C&G=_AP*Gyi@ zV<9dd>qB(KcbP({A$>cJO}qR(+&iMVD|eZ*__y8OKK&5Jg+s$ov;|l2SuRX!6KZqv zGdo9)AN&Gbl2fIr(j7*jM4UKNy_mbjkqqL7A#cJQ!8CeoXOOv^%t zhx@Y%0YY#TCzhnOA@SkS+@Af)m4+c*Lnk(N6E_~_J zXEsnodw2M$kQjQhE}P!7hRrK)a(+(W9sg^?r|(q+9ws9|I2o;vMshV1&TT$`p~)62 z{8bljT~S#;4-hth@dS#Vbj=QRd+*%K0Xs1<_NB~SfT25a*Eq!1(Oh^e7VovS{jt?983*BULLOhfpZt&=iqSBnTTbM-ztyZ zA-y3guNpm8fhTBM06nw*1e009N=feC_vN=L=Hu7O4?Q*EY(u{>zLn6@ymWZqU<^3m zjZ30(1(u+kTKG=+8q42&%?Wse?<(6bVPMBeDYh=C$*hS~(F=};G|HzX6?0d;rN8$|0xd>Y|IDCAq87~0Id2oWl%n*qEPmqm07?*jry^8Z1BJiKY z3*xJE<-dK^n~}U zYP5jo{a-OLB&pPzc89by`YOQAHc~5Po{}vcWxgEEZngZcX*yBJwGb9?m z*L5dKR`J!#GhI1QRtByeeK~k}@5sOI-lNn4x6N{VMHH&1ltw?p zF>td)HV0!uv&W9I52Q=8&JLQ`*Fv>4*17a;3ndPgUcz;YDsCrN-P^Cp@ z=wKcX=hB(owTyt?=EXCA}O1Fm-5iHQ!6(m*0TQi%71d~gC@j$Ko7W<2Pkt{YoYaHQit|d@vJt=bVxsrJ=s!l*4@(euXUZXV0+Y0o%}Dyi3BbD`h8(e=`ZQNC_W0 zPM^Xx8q6Q^@Bo!$27u#S!-*2#q`N0ry#qCUC<)T~@^&^D$8$+eS@5q|080J2J5c;W z;g$Of6Wkpaa{^%y<$kwTADl{PhUKaM@}RJvz>1hKxBEZGbYzGD`;f0|1p!6uIP301 z(O6awjkG#Co5JVJavaQT(f`Z@XdnO7}!Emv6b))UQC)Tm#Uq;G5- zUZ?iKg=~q|8*$2PgGMa|@wg7)+kkO>1uJ(i=jU7SR5aBp5et6Re92Nw>thB2KZaeJ z68sjCc8yq24NkG91)0}-(%<0cJsPa;VDAzIg+4v3uf_WSuolqCX_$@+b zv}3@a?RsK37Ii|@fMw38{4@V_iTw=N)QIk_Z02m)FRDDM9?IDM6BlS7#^pZ|k9>@A ziQsj3V!>?QCK3B6EI6CWF5*Mc*DzF;&F|{>Q z&UV!B<;_XW=m3;g1U8x7T%mZmrK`K#_Y2EqKD_*cO|jlhcQJnW=s+ZU2AT1+muAOlwYw4H%yd*8?@@GQv=v^=VTPrg9m=I@&b45@T`HXU(56(=s0II9lOT`ut(nhC}& zwz=q#XEZ~cfT~Z(3fjg~GzWhN#iaJxb^PQ8*G_Spc~Bl!*vs)(=mH~6XxI{R=Wdp% z2EnV;pqUanvo20X)dvImVM5WLIuXZ)u~HRJg$G#gS_1GAuy6xgqQp$C+LA_lgKitT zxo~i@9?1)tvT^Q<1OX6J28c&)mJ#+UFs1WAxRI_zCA?$@x(fuP`B@uu7JZ-j+Am=ya<>QhDnKNdRQm6Mh~rJY z($&U1KHFO{Bwg~j9Kx5x6G#@f3g)1($G{>KuE^W2?@RMaY;s9Cr~*kBJ410d?Ave} z0q2n`Cnh2(4wzdS<_o`TU7Zv;%LGQ2VHvAXxm+%IYB2hCP2X=T`=Uxr9KOnJXeR5y zyy1nvV$+QDhU7Xxr774&@Tg7zF0~tN_iJ9ix3K@&Jf&{bsNa=kuPCsj?2|nveedq8 z_I`fGzS$3MpM>ow`u5`IR;$+xx##QDDeE0*|Mj(%N38z{FEiGjL2WFi>A`nZR`cQs z0)yvWe^WDVN>$lHElILLsV)C=;F;*gTz3yfulqFm|3GkH(+)2w+(ylZo&E}a0<)AzEFW<# z?&oZk;koK?z{!m_uJ3%~!$0=XP3Zo2T4Urn*eqFE?vIW`G#f{n1%4V*FUuwh3 z%7YQ9R1uRE1&MI=VL@pqZ=}T$)l!9xhs)a6wjsJSE7ay%l9se-+vWyR$|6%72BH*7 z77;({T3iTiFcE1$^!0W64nOH#b)T4Lu?;`kPll$-ibf)DOo=<}=as*rxVFC@R2*0m z>h~JH?7p;^w)&+zVCEV>eK1(C>m|0FD`IMzlPG*>2Kbal>;ABU2p~PF&ujY)q@k=eg z%)6uQN0wKzDH$75Yh%yH0E2AOwhTDlFnv|1ZIi>9W9&40F2LD!y6Y(2U!5Tw+fe^t z`J|7nQu5!TI+)+0RR$L`g=5n&8BO%=E{9lgKf{L1Fem4ib=FcoK1aZshjM*KN3qL1 zv3#`aHIE((Uh7TOq;b=Ohbnbi`_D0R5nYJr^VIUw!_afaN+-uUJcHt-LTGP(bi>Em zIpoN~iG$%i-}NK+9yi&plwGN$QBE>T1!1MTv>3c^2jrOS*^!J*vAcvDZmL4Z~>Sug*tv z3eYz~a6KAutb;JCXBP(MQ9yfhv*Ldmm)G6olk1f58!P3u)Ve-hV-fZ}*fdx>GIFVg?iqA6D;n~e}h`^ljkzTlp z1ACjRLVG%7*TfDZF&WP1sI@84-gvz$wpRI!LFWAU@q8-GAw2zQ_VLob^cCEZDDqen zONM$6pIJin$y(-AdPzdzkONG5loZgXVHr1_u*=Ekb#cnIxNltJ9ASrg>1eaT+Ii5P zE%ec?cAN#6FUVmb*kSjhEv7Heq0Qp32NH>F0G=xdh5iY678DD5GS}f9Qd0Y$?Zc?v z*=a7yO7({`Vd$7X!_lzGCA@2pE3kCCJdSJ+An)Cr3|8sQ4(4Ag06bp$T^|DV&~WUA zw!)^shQ>D?mXknCGvLBTb0_z;n?`0yRqngBpc-lZL1dYQ-RqT6(k_k=c3Qm8!j#nF z-12P&w{1ZWVGTj@IgDlyJHslr#G>M!%KdoR-QaKpO1~|O89I5f{S$f*8CJf-4WWH2 zG?##nj>P9{l#YkK==+@SU?*>QP6M#jBt+3w*dr--@vpc=^BrjLA;fl7@Ji$!3$D>d zKW(RMuH#SzJD3aqIow1b$rhXs(slg_e=3BDCx%gO^nc!UXbeTzEnK4c3gckZl(t>P z{sdx%3p{G4yEBhCoZj4An7rCPbHsXnCJOXXmgHg%@mZX5IBuC^@qpDfu)XbY{tC_p zx48-)+ss~0O|`{dp5N-XJl~V}j`A93SE}tq);?ks1V(*^f!N=!-!rfgUrzWH#aU## z`57O7=`g@l8gk3L-Y4ReQ3Iee{3@cM`)lO__u{+$4%C!~8;n8xUl#J|kb2U#Ei)7M z>Iee~)Y>~UoYBM50R(q@83fsU-uxaVpq6dWPw~DTfwQWFqM0<%?3d7Z{6ZJ5@3rL4S{gJT)KT!=M!e@S+b9}AH!UCM?;z#cbo^^{3P{wg_g z?xkD)+{8LnKa=P8{9wIxE_VVL4Im)?0AWK_y>&DSjT6nsiCmquo%O%MLv#vo?>TpZ zaLP>-KUia{YL2me2OuOuJX!6-WhN&|)JagOKA8TmlLaV~!ml^Wo6+|w*oL|s7QWZb z7|~|3O40}@)^@=vkT!Oqn4DvGq9a~~FEiB$=og<`w&U~SSPT@5S_WfBH{(Y7*UR8* zJ)^i$Xn})p67olq%!RqSayI5s-#f-H%+GWAv5vBm-6E)*%PGf)uzxU_{@gZ#2Eoq( zVnU9rpbx^0sUyNRcLc%6uhkia=wISr)AWsf+oKAaj(BoJuGU> zQe)Hycfq2(uOS?7St+@KkEoR-+1x~q2Lt=)eQVNyMOIMD%li2t?PCn9=)}af!<@${P3M-X+c7!!3^wQ5bP71Mh44mjTOU%K%IS26M0+Y~^AoBFm=3Dl|_;;k8bt zWJ7(yx`-G4I$F-`9xs+>uDgSS84;026@t-dU}CqHNjVB#56D!_@PCN6%W`5c>SD*jAyKJ}Tpf z1&jf|Lvp28p^hL-N`f1|!*}K5{^RjhtniJ|B>B@YUFNX=rSMvu&S$^kk<)No6Gz~o z>!s^*hQC8_p_<=qLT~@dEB_sKD*($SWpF7}Z|rxdE#=znV+a#cy#|{3pdZKToaN$;MZ@8J% zV773_n@#X0iTdfiGhajf><$4>(*~5u&$_!_T}@$)!UbcuW%%aJ{jP;uNgq<7L4Y6o zo;CR^=bNBwwQS1pLo7n#S4$nxv6t{#gKdLwnD2$yCn#LlJPP}Lbm=kMro_X0TMg3= z-OwUz%s0Q|nZBvX!?Q1TkDq29Szp76^oWdF6jg=3z0aIn867u>WMPA2Ikd04-Aq0U zsH?HfxD|_ad@R)_B1=;F8$TI?>#VH4y-OY~)JhyJ%#5uuFaUL>B>?Vmud(P+uKQ;^ z*tVWb3+~=co`s}bd?6_54IBl`6}DrYvf;Q0An+4>@bbeZorA#lKzOJ9Ok}aAXKbiS zV6R$Qo8tT@55Krpt`Lj6Q?5;}?XFu$&4N5!@P`8^cCv{J_nZrgSrNxc&ik`^0pVc8 z!MpoM(BtgP!kzA`tX>-GMLlNec|{txY+cPznx>$>=qR0ll6hwWf|OkZ3%vqt_((@5nMfi-SK+45!_W{F#VTN z`4EO*+X1VR_$z^pYGp!kLKi@|TAVAF{ssPnM3k3*^3$R$#?xgp?O}bNV;aIpvxR`= zYM-`!KTZs?A>s?RPK=#jWrthmrggVLuLEWPS1X!%8;4+IbLXnPmEh;jiF=Y*j5YBO zH=KImyK^go@Ipget}wva8CNDq$;eT^l}kXJGIRi3X9FGiHI#HwL-H?nZZ~}pmySc? z;QNn*KS*-8F>Szb8)RPK{TMDsx0UpiWy!)%(&);Kn&dBIf+8Ansc+7|14f_?Gj)?v zI3;xkmutGL3TbD_94p(rnPRVXS6cF9x?+m$`|6sXJgHdYhiXW~-Jm8C^F3*gqz4D-;Jl6!*fd34$U~$i6$BR3X-Ad_P!45p4)tzRSw(uDpA^qMkai`RRYK_uf%aMa{mTihvR&2MJ0} zl9g;DL6YPgBnU{(Ac8;(NX|J(&N)aHq$TH^gJftVH?g7VKGXVrbKiI0%$r$r=iW85 z-g>LoI)9uxy-%GwRr^%!s`~A2jO@MsE{jLzSyYclnCYjgDWD;mJOc@Id3;robJ=J( zi#jbMu=<0Gd+Sb~z`E|6s3`ct73Avj?79z9%hUHlf*xInSoivH@0=$vNu%xky)rbf z))VIcUB%;pi&Ca_3n@oo>b-#Q_UhdEeL0Srh}Sy&PX7)840*Vq2>dH-*eH-ydCoJS zsR$cnQj=Yslia^O{{QL{F#H@AZP^au@Rm&|5F&&i$QURqwUK?^WXyC9ZiD6A|_Y#ZQOnMFq%)bP6X(usyGAjkJsgHZ~g7q&c1CKz5*H6 z`Rq}vwtYyi`kjRs8~pqi{2mQ}?=CMDFvCqO0b>mPKVpVKahVw1hS~hzH>_7lc4fzt z<5{&o5J$~;x33MQrH}6m(B2=OCivcYU5yW(T~$S00H_y!6sRT7Jleibcwl<)V{=l2 zb|^2-%R6@b&hPob*hvQwd=AZw&`myux!V{RpH4`OiCB`!(nmK&teFaQ!iPR->juGc z0O8rtRYEGXrSY{VAODfnWgR4~)kj?Js?P(EUJSUPu>v0S8z(HXBo=*xrRv)24$}pG zM1z{WSlTtY`{QN2puJLJ^W$o1w2uS@e&3E1d`FjK{xR%7Ey0!apR0;@MWYeFy+!;| z1Oxv7Y)4bHIa-o6Z2hAN_-`%_9@qw~p@Cdj;fIZ;t*?H*;ydX2(fbD$Yz{i`7bc94 zW#yh2zKJeYQ}BoPmEXrFRi^)6AeB9)h3M=-5cDX8Td$+rjP9jufEV?mmk>-@-lII` zt@|`NMtw6Xczgx{-Xx)1eR!+Aj1fgrGvB6(6IZ3~q=8pN7s;IJ6e&}ZTvGDaC9S16 zN$5L9qrkzoQ=EVURiJ0N!^!DS1eM}zdT@S;!9Zp%-G@$<1g-wTQsW40{I7Vf|AoNz zKNDUZ3Vd0GFd8pJ4}=|8DA@s~+RypcTBh31rU&?3pMRM5 zsE`~ytNl!Ec!0@yigJ4Y;c__Z(=kTY{1uzk-qFG6=#iJ_RmR(GG9BDuJKQXmunqnt z>mU?e!X3V6|Ai-y;`^mur%FrdI1cu*drbw1rIAWnXC2614s;VxnlZQKJ&KMy>~h#> zKL8tZ#}4(x=N%ncOhrKMS`ilb2aftvvoh>O$VN)nq;}MDB+nm{=eKE-x&=YEI%k6L z)nyGN7z3wVzw(WQ2}aSh<4N6+5QpL=0*YPkGs%lvW3u0TFM=W;E}L%XTq<6Icq+Ex z(((Hgfa#9H4W0g!%&z%QbRpD?qPgz+Oja+6mk2?>DlWfH0bjX-Mz}gEJ z6F=0*9yFVPQafO@*7bH9K7@>s+ZRV|!LSJ#+Lr}ZB(9SVEv~N#twKSktDu+f-#uDz zQnJ+g0fjpGp?3ZrAZUuo^>KAC61m;p&n97>0Gid?p~@Zd(s^_A-8@l_$zpRiwd#vj z$;a1?Ja1Q8nZENNKm;KtW1j`aa{Pt24Bt~u$gx0jmK3j#%MS<@2wXm}55XP0-e%m9 zyCKKzu*$GB#R>l!Dne_*f{}2h%{;rKU@gh_(~G=RPxVZedX#Z#3-fVXJ{4Uoi~|y!9OUMK?(Y>gNHIO!-{?wlXo)i} zrNHL?^0k_!EP{GO+5&Vutjd3|w>$5oC?6DVwFP610o@9HyWpW0^ST|`tVX@y2&ScA z3lLoliSFY>j}Qa$x*gb5r30Uxv7(rw%&q>2=lJ;edY_#CoG|EoENE~Qz0F!ia*nJ) z@{)TDaMzL@uh)+vj)72#-h=VoVD!_HNgwFYq!l748&9Al>(n#pqgOZMyPJOy_9-@j z<6@1bBeAKE2Vf9>(B7O9q<8J~w=N~+DLje_74aBMHa&!;HH^WkB^CUIH?0DL2{(5r z0zaP6QGOuAuZ~(kI{I^uG;`>@hJ0W6g5M=LG?@kr`UE@<>}qd4o{)a+uOiH9PT4-V zHXD|i?9x&}5%@^Uru~fB=04{+o&ej%RuM5z%tsk6fAa@rf~(hqmotRz>%-<)%K4vz z2uHx`LJUQRlmQ$gp6y(|jVAB`-oQO}ux?n2oH#?#@jnRPfEhv&RJbtTaE@2WXAanD zs9bkFt+ZO<^{8$%=t4Rg!k~gDU`@x7qu3_CLB!|K_m_pFO;u#CSv?=d8~^I2_vwfEx)y*Nuih4^e5e?P`cq!XIn_+XXD%;; zjr7uXm!MA;48q+Kg76+36naW`|H{xIF;fcwU|>AiWSfN0_}>x4XMqe(B0b{2;)4Y? zeQG3#yX-*-(0%o2&>=r05jAHUMAlq4cyY5euv@jb&>$2@OEeR9#Sh_d7`~&amgY(0 zp3(m;G#Eo;N4GGF$`mJqXov)-1+{^9X5aHRp+Go0(e64NsZ`6i=QcvL+ zgx$GM8D7Y_|`5wI*0LA#RO%i#MB4*9qC6 zZAbLsMBWc2cs?{cwEWQ^yg(eq5Y4f?NqK#J)|CbN=$7##&3F{Tz&54cs-ZRzHi&tT zS%RyjH~anen?d*C(tn;Sv^Nn_Ezh$-YDP984NX?;MEkAH`F=*K0-xV*NE=>1-ykw8m$=RKKax`(Cut8_lWp)XmZ zZ2Zl&Hr)iiArHV|<-DXj@XhGUvkQpZs6-4FL2sJqZaQOdOpc0P|Jq9)-!uf+RU3yx zMByHD&bekJSewfVao~Rd(11^G@dF)O@)N~e(xPvY0u)uWxF4ZmfdF)5S!aDhoV*0; z1Ji*|SheZEN{oT=+adC4(P12zNf{+ZPt*p-vTtt(kUTM)mQ}$IGl%Hc$n$ua)xq-*RyxL9Y)g}dz4Q>*M_q5KISBBerlXHRtV=%-@7@Z z_qyJ91gU=)!A4(EVOt>Cj%>dLtqs@hW^@Ev+|6~$HlEihqi{ZYd3&eJ!scVNg1Bf_ zPcc(PS7ebp-X$G(0bdjKJE%iVdqz@jx@<hOPx^{gX=>G%+-Z){y$R~)7@-mK^}WN>N!D~O(R8A*^`dfbDd3V5nJyI~XlTRxZlsZ%PqR1uIK;ph>n%6?kUD|K zUX=7RoPbA9fA z7kqm$C?_MLmnwyF%PB)=hS|2{6w>-u_|2@E=TU zstpb03^7}Z4Cbo*a4Ffg9N&)rMzgI}ydpe(%D?NXpdan}pYW{z>o)%Z1^FKeE!t+r z)==p>?D14poPU|9nG7Sb8>jHVbgaJfxELaioNFAAbHT zq2AEhj~el-^_UBn%HFd(_UUx3IW`|x`&wmw=faW>x7S_r@0SaY&st8*a7gZx3s|UQ z9K^~uCP}?MEyN^E8pEYr(^nh~wB!aYptr)MfMV%}9~U@u_w{tDUxKg+Oa$n`Z-rLA z7=zE0!@B2;eeT8r(p)?6>IJ~CYFwvnnw{ICrmGv-oW#8@_J{if@{Gj=nt662ql}hOt|i)WOW)M`(sYH63*X0O&nvgB32O$ zeI^SS+HIOaNt=Xpk08QO89@fL@2Px!Jmx<9EH8igDz%ECvNJxh)3Y=5HPeocbD4oN zCM@0mZP10%x0s+v8@<7wTjX-oRkqvDvtCt0z2aZ>jM#l#CWQt2G-e|K#_rWoy?#oG z9lrYpw94KOq2|u+Lrce|d>l_p_}Fpr15Ra};I`7F?oyeAOgg^GLyUEJqfbBRc0Qe*BS@pUbdZhg@q$e^p4rIB3BUvNie?;C;t7q93pwF!Q8|k1NB7z*XAtXi;MJ`q7C4R%&&0xdRU66sMteIffzvTL9g|K-w%)@JwGB0SP_aiu+*%>-=EI~t z)zq)C`&``704*_K2n;}1K}q?td{Stq`*t9@@t;WM2!F|dCAn@rK>z{*M zU*I02j2~(Xs(Q1(u+g0(q0EsxchYRL108c(zus)`e-Op>Q>Yp0w)rUyvn#SIl{$3f zx2>%ct1a0j11E!kF`oxdvHgU*er4fp3nb`DX_LcKy(4HkOv2? z>%7@{M+m*z6edNUwyu7fsON#qvt)yGa>vF;a+6$P5bpg-)#J9Ss_xYX1k@vce9oKP+uNVP+*Nc2sIAqKGUBV zVp@Om>z(bB1z-WVq>OQ4zDt~65Zcrq-v6d2lf7?R@~?jb)7_(*eD#iJ06CWBIl)ZC z*Ed2MS?d2csPVe3JtFZA{yeXA3Qy>x@0LU%t;`+)Dvgc;3A~qFPyV_-b$i#F>I}f-ulEdye_+v&t%DH?m zah%kxBS>pyL2*`lO}gdO1~V~u7q%k^rEx3avzf~7ZJ$;itnhgD-LerdZvql|+6$7F zn&c$A*%H=bcd(s$$aHg(boKm`?WTg04gExHr);SV+-rLZ#>U>2rEqbb`Big)s< zqUET#y`7sd_AT^;a*loY7=%T6eN2zf`9bpt{KvtmCZH76X(sAY^Zy$s{>ZT;q{Mxc z&uRAO!ar{0sV9FYGYB0f3W2~L%hR=!QK`W=!(*#|U4&1La5~LvUAc~0Zc-6bLHHFm z%YiWd4vpgaPPP_b)4kGh9+~*BFHe;l}UV#T-m7wST7*3A22@>h^IlOgoJZ)kaQe-+R9*LS))*u({WEzR13Z7u*U z`@p9rU^_+Ay6}TtPUZ8L@u=Yno6x7x61~y~T+0s`Qp?17YpnjJPA{?j5 zyz>QCFsRL^17`IEfz=Zz=UET10{Q5uHe#5M*dDCgXxG(ych{C0)mU% z5}H^X{V;U~=A@Id2jZM)Zk+6I8|-JKcFb=!A|j=|X-T1&&)Yli1z{Sd^1YAec`O}{ ziGPHfdcN7zlxtBQc-rRQUfco-@*wikTC#T^Cb>ae>?vO@gTd3A3QR{Cc8yMQl?L?% zvqN0c`&B>48{RsK$P0Jr+pQkxi&RE}w2^g4QSY_5kl*QMjJunvFN;(`$Vg+q3$kdY zTh?b)4$+uVEDva+c@~D$3S{;xe!QUdm^UG!A9Ayvj)Wx5TFYs+-zvKL{(hJd$9LTJ zQ)E9|2sMHdGVxUg5No~$H>z#B{T_3imtfq)cjyMKLkBn9;BOHUsF&^Z?Xug zJ=E$~j3j0+4bqieLp#UW*+7&pYUn5B#&lm|kYhAtaWt*4qoa7lK--DkEi!V)*i#z??e3g$gbgD*l zw9x)0l>8;;r5FsXgobxN1l|psaHcR;&_s_2=!KNqf_Qd1Z1uw_rlF-a#CMC0Umr>A>aR zhxld;o1uTK2-E@R#HI3^kp>=ZgyPLIGnnfsmKe0)I1UmqgUw}8<&eF#flb@my|lxK zy0vQbot{4AZy7j#y;C?*#6R&2`OSVI4^!Af@VbZMN%C(){8tJAMqB=L8-(5!LsoCC zqwRa#f0p*?sJGSRNE9JX=%~N}o{I@Rh$Wqpf)Op~h+-aB3 zUhcz65XD3{Yqn$ylX%I)!8stdeH!r-Lw#`&Zr9QoZh*~{dOoS7;ebz7{y5^fH+T>( z1US`flb`RES5MqK8<87(lN#E*sh4OgNSWNV(V4?kv zXvi|)Q@w#Avi_~HSPdUdnX89@wDY{fTU(jBpIw2ViT6hSEN`B|H|5BV9(&!!5lIDW z(dt@KJ`+y>gF|_yg*M99hV}~ecGMH??5zVUgJep;|H~PN6^6B^I zm%cT@>T;Q4AM(f+8w)K{9AqPqE_~j{NW$HVfrRa67Z1hFMkt8C(bm;cuPj4M$4zb9 zg$cm#4dJU6c_3OuS)hf{6NO>R?e8we8B}|PuM3yUdIl>P*_qy&?~h%(^fnwEk1aX= z^30|bMQ$aOinXhxCZV#kklFbtRSATk!&0T#vWA@DhF#_v7J&>hLZ{(IwJUG#t>>z2 z2(259^0h6_ZAtvu7_H1#$ND&}kqsvUq@eAO4aJSVpsz3T!}94P4i{np@ZgP8!!LsK z<+Cw#lT22x_{pQ^(5`;)4*ap$2cu;JTlmTP-qi19qET0c6vfcNFJ$lDfAMF?%Xq_I z{>CIKVJq!X(jwW0wcr~iZ8ohP^&KX(@GIEgnxxixFZekEG{7!N3(%AMSuRvqvfp`P z?HQFT`t9fk2~&@tVyaA=ECF3CReTj<&4=n~IZ`y4S(`lH1AZlMR`Y+fb&gL(-|{}$ z#_l-{c!KPpkp`U9p&6Lat@Za^$`wQ55$GYd;pKQ))EP`g=z(7a35!bfnYd%N9_o^U zJw77zizFg;lFRN-KKC;H#Lmh7R@ypEiYp;&LLeDeb^5oA{Za$z|BeNaQECvaSVw1a zVvSESSoL(eJO0JeRTcp%KvP2ZmnDA@C3Ju8H&AHU7<=8Zu4`&ns$yqbpm3q)G@Qo> zkGKhW=%etNF88_Bu{CmpL>$3wqEMonmvx$19xFMEDJ2yFL3=xqm-C)Z>RUdew9W($ zEel1?dsjCj-x2vbX8t$ zC#4Jr=^~4*zy`>x`r&X+yG&=O9XvMI%#QaFXdIZTJ4TNAWzHO$450#JUMfml{nA|o zXO7xUj4ScTTG}mvk9sII>unYIj)ZP+*X`l)2XMNfYM=KmFEm(YF*={m+%E&9569GnS}j=9Tz%_# zCu9~-G#+l&>p5(Nao$=t*|;yoPF1)E-t2c@WIyYlDG!*e+pk{zp5AEK&*a}mG1Q+xhIz@f-2x7cU03|uUf%*c~%uc zU6zQ*juCXzIs&h7QuFUTM(a)a192Y9ut|SI@^AM{)}ZjStQT_I@H6AEj!qa01tP4P z2ArEurPj1o6-T-;(8-~QanJ7v{Bm+wy#?^9wysZgN`046y$n=rdL7qTB?eRMdzm~I zR;09iHruToSlLO{%=$ZRZK!upkF%HSHp!~JT;sTg-(xg%&9 zOFaQ;=^By-!_6^wyZ1T5a zVT>)MoJxOXg=o_x-krQ5z0`NonE`uWLb5L&XJGx<-FZ5k_qrVvLQTe=Z|wmC6nKlzm~=@FC(=UjGB?D! zwuig{XPlJFwPLv{(_Xk?Fr0JpP-x}Jw`>8_5DIjgYQDSp*pW0l+hwqH+9Bl7j~u8| zzkIrim4)EB?&AYpU(88+>CHEDp7SaX-#2*|Nt84wp>C08{Cu7zi~G%_K*wD5^h+L7 zpXZ0=ysu&gbGl9n1XOLuepxtH8vZ`o2RRPwWwv>4nxqa^-CXr)9Z67zSl$Lc%Mm0n zyyq8FotfH4{Nr<7tO8%jgR?gBeOu~f5s><Vvu4gr!^p!5KPub_SeZEeEKLLTviy z4{%2=hfvT8rn{@1Jud=cn%gvN*Zs#%C~Uz5oeZJcl-u>tYOZMBXEU9d`z$Jq-6u3B zNjE`ugA}V)5fL7pw$sW7`id-YobAT~AMnOSsU@&@*)I3zR6RN+6td;tN6Js89AG<@ zs1o-u98(`inThJfzg*IF()THY)&c8e5rC^OGfb0w^iF2M7_68M?F2B$}4yA?NMnC$3X=sfp-AJ2_lOzN+lz-;$1#V93*xP-?X`U`yr0uP38@)@A(94{q8$(qW5ql zVAcKdag=vWNrLk5#C~51@at+t4q@KPM=*-^AC#|txwQ7OznT38Ot8{VQD=%7mRjV# zDAUJ_;%26pFOt$ryuJsk8_M1tP{o(iY5PYD(Ixz#^^WQwKM&4*tBd;i+z%=R# z20AeT^4w~y`{(xc`q@OW)krHszwGX%KWNpzI6G4<&a-PSbJi-9vZu+b-h<>-7yFV> z=Vh@(XG%ixML{2_&YK?&s8ygn;hGb*)%%)_!)$MtU)pzyhB%ogz3R`T%ZUx^-qsq= zBRQ~c%(%QVGa-M4qg!LOuH(ZTe6#t44fa$lN_*o@UrCD|?R({1UYuu7i=l=1Tll`0 zp7w3TgRlJ}F0INpd5$M<>K^yT(1MgUASSEr{h1{o9$R660yY+%g(6EQ3HQ3)luuNv z+-dAoPntXcI5wRMzm~b+H0{8LU?~U_I&fJO@fsP1Y@yVjDBBQr1-4Ap+9Wkg`e&vC zG<#M&IIEE>hR!Q|^q7*xuAKDMx7MB6diq>)g#Pt{pR=zv_6ztj+4}J^U=Eu-P!Tih zxFbO8^Rm}DBSBqwq=){t0Q=WT;Opr?XzB(NrH>EE7yYtW>G2>sN@HcrwfpwA*lpp=k|fd+{aYntBPdvi*CT*@#onayHt`~x3gPtQj3BD-?szsBCgSn-lY?#T`Q-U{etzj(hwttg52OG> z3#K_FB1i9M2Vm2AKMJt`$?jLy5i~emK~0R1$8G!Eq7O)}ms!wjf#G!Dp^k~Q-;fT; z;fAqeL<JS{sWf3Xq zwO2ZK7cpff+-$_dZH`94gg4oFAM!-w&yctI-<(PH{_F_sk*$WHg45(phdI`~( zlBYE`uuq>7-#wkn5)snTp7isZWxC6l35f|`!R?bEUj#l-t*=@fl4cCr7$|6n zPU9F1N{j9lhV@n5@*!85xq>|prin}*N9EVTMY|5J4wqsEO{|^0DoUxUo0&>5QgDr3 zf~N0y-Ih4*;+G%+9ISE4WMYpz0pU<4D_w zT|@-Wex#B2x_{H;8 znCOWV*5&G)KGPeP^|?CK=N-J0F+XK&t-AH!m~WRK8Q8-TNnH~kQYv$N3m+{>(9L+R zY6NrAnAzkuROJL(B$Tgjl!)xVO<)PahwDnQN98ERP%boUzcN%r);}&fBk?&7K*$3D z_rCtt-y1{RQ!6n(O-M+k%}*+T3m>Z#*|g#p^4i=i#BAz4?t}rY*cAUzeLRIli}+MI zaK_UnpHJr#`||og)3(u6)4(Gs$>y-(`%jiR>^Zz?@M68qIosgL=@5`R2Kp*hUfGD# zPHe4uHX=0Uei(s&`IM!n@mH;w1aerQ7F8_{(2Tr5*y|9hZ;QGpxy;N1fbYJ8!KW_# z!W>*7J4JJPpV0T&B!*r!_W-v;-~g9rT=V4Y)A0{g2ZN@(XuA*2OV3BrFRRJHSCQYd zFU3llNG*vn!2D+C*6j2tYTU2Yz+SDC?KB^d7w+dSedY8|3}`|uV*E@=_l6wuF2D|x z7K_$rBbF0(Un?8)+(yMUEoKhtTIb13e9xZy-VU(NkJ`O7ux$rXn2yWsy^C-?O=_lqaftg;oL z=0sf^Gt|Wr%9RUv!rM=ovfmeOc&dPTqta|3+ zip`NjpWRqW8(#k@Xn1iWU$|6!^sq>}^H1hus zB>tZ;3;ZwU{$uke8-K({GbYp+JqVt7(Ke{l}u`_NYc zI{zU$7nM*nq<>xke6U%3zLjD;xfNd_KSV+x3i~p;#)5586#%}H9(1GiF*i+7(X6@0 ztMd~u%eup{ro_H? z4OkupF)f}edE6}5Wu%LV#2olTJH_{$hnDMM_HYol`T;O6NeJxAg^ zebCvnOVN`%X%_|`*WU{st%v+BuWrxtQde1dy){%_G;WuwWkqi+@b11uU=Mi}nD#}E z6+rki*&N)FM;?-{b*IfL>r-^&f|=a-MZMuw=I=xj)dwA2iqwQg01qTXs>_9?Z)Pq! zXRb!=2}4N@AhhVrxObTX8TWoWm%Fg7^mH^^TZ)bw1(MC6!!lV7lG6PCIj>JY z*>sD!+#>_9j_KESR0Ver+XcvJb?9fG>~yJTdKU08-5fR)DjBo6wFr5h`)sp}IC|{tZaAXvf+@MamH*T#YqHhy)#udk+l%!9 zCz`!(a>ST zLHikZJ?!;kbTwMRhAgIv$q*3xytH`snc;+Fn;GOZoKw32*qTzEa{P2Ct677Y01?(* zC=;KD90cInVAzASssLZOl<8_9{PVe5@;or}Qr9c$`D_l6balakRUZx>KigdP*f-(R z=FQ!kuTIgjY)jDFr6$9`;J1ADuZOuk!d}Xig<=Er&L>aZ=X|f^Nu0?Xsa&2_MpuiK zEkLKMA=g+QzbvM#!Aq4*MgH&r*`@o1uiAB^C{_BhKF04lx9Xk&oyrtNU->2=)7i=K zAIvQ;7KWR^4e(DE=ah@IhuR}A!Lq08A@m_dY`4`;H?!(vzdQ>`VqSjl1k8J5@-si3 z$9f-zw8gx0J};+K5jqMKPuPQ}bAdg6AIk;M|s>A=-h=nvch#U1{ z(OJTt^Mm+vlZuvpt484Z#;|=cxhDAgVZEFxHTEj3&``+>@lL~HP4V}aHGTtqbTX#r zSG|^mMvzoIVcpOLA=hWY26ZeEhi$UL0GUB{>X@e{5Ih9ND4je;?KsjtJj$hTk9sM&-||r}{X{_O^8*Lp2G~#&c(os~ zJH8S!2nR3f7f>TDxN*?_IApYXeMuqdKqw~S1PixYi>al z=sR$^;5k%p@S26##P9IA2gQ4geO^AV3o>1e6oPrIz`CBpRwqbY{m56I*N-cfw67m2 zrwgXN`1wI$uf#@h7hRtVG%n|LwqFDA1b`)B<2{i3>8NAwZX0DsaA;L43QKfDnCsr! zhNuvWnb3cg`B)9GMM0U~oAiRtgdWR$w}lCPxRu#!?>jPh zrp)zyr9D}X|KT^A`hnMvr>-%u$L;Gz==QpMXHZB&aY+Qt$47<*(#}=#t2Mkmm#cnP zZ$)puknHA$(2)a(n~+Z328dFVqdV~^OPcS8Xo)DG3576O#B#Y^@1qaV(?Wb~WP+;yd|}u-WE4vSW1vfFbSp3FA-ggcigZro z*-I$w&Fz?ZD37a26E^Z9R!K*&F4o0e~?YD^)D7Ofu3Z&u^ z`1L->Goi(X?sl{MPxUXBiB>ROFzm!*eSf4GEAxRh9dHWI&IaGyxqdnZI?{gbP05rF zk(%YI`frsP5~uJf_$s}4-VUs3j|3}gU@SX*g2)fNgSy&`0l}ljz(>tbqGV*6>4iR~ zu~>COV0gVUMUSZ1<3kyV;X(m`p$Q8u7}RE)5^TlFFJqT^9nQ2N zFT$prS`??YmuK3>p`msA>++M~z({<({?2D1-ELfbjq_>b`T=m-3F z4d0COG%fBWKl501k^7Urt@W5*st2(QW`j|fhtjs{;XTmDC$Hwps~f2+gD^y(>2}i=>aWxu++UvSty8j{f=Hn-*|Q17IT2R$!A-#RhA16uuFD$my(BiULe!&*-<9Vp z)%15zAkazYAQw6o#@3A*2NgKe!7XM2lTYo{AUno6#D(}o_hKNmJ~+$ z^!pV`z22$X_#LQbcb+jihpzQ7+#&IOF|eM2hbr49+v>8kU;5znozv&-}G`u6OX)Dpp!KHTl+8aDxu12bl} z>ZwB9w;zvM=5_4pxQu<;#qM_?7GIc+1kIEDGcqqGe<>wmA}Q(%%NE z&yX@O$`ZRUF~oD|=DwLappGp2FPjnmr)7yb-Heto{JB@ULT5Rf+{h zJva1yCL(x!Em+M2Jvyqs1V0xD_9ROIB_8D07potZeombceLPKPWf}q6Os9OWet87Y zTpx7dQt8R8VVMEh9;2qz?kLQF?2yA}FIL?*t-*K%va5wwgtd@UoIjc8<=A;>-kVI( zq{dZC3JFS@pv|tDV|p*v5wRPwQI%cwvlj~hy;-~; zA=jih;x&9K~J(S4T@RNAqpSc%SjpK_K`vd-d5LFFtk zc&Wz6*#Be>mi_5z%!D|KQQ*D`Nx?b{n6m|<4UY=UZ)lk>RvY@N+`D0Nw|jd4Z6l|6 z88C6)flaTbDPE^zV9C7q8Twn}Su(M=P6P1X&gu1W+gVn3C(@iQ=RMdSU0(-0>J^{` z${UPn`Krh0jk_tM1=8Q&PNF(*f_&#Zm8gPNFdZk@NwW6G3Jae1+pqehAqiD~J{+ja zCw;C^fvMj)1jA+}_pRG%=P2-w!3<&L!D!8d{2w7bXkuTs zIBMEEfZ5z3wDe0#->M0^1=YlY)co^{v~hIz%OIAe0|#}fL7b&*Sv=d*w=C#$vMLMh zy@?;$JTy0Ec)z54oRLpakYPM6KLye2w2<&v^b>B_Og|(k=?Wp35baNh+z-N)#CqNy z^qKgHl=k?;XKQc_DVA@-_~**1jbS)4{n~Fw6@)$gl-^d3i_K3KpLsw2tTl4jw2(Y1 zigYJqB-}A}y(V+t1EJW(8}wKW_c9_Bet@|8omQl^dQe|jStkiv4}xjJ?O;0*Q;V5m z8+HMWsr6-jOx+FVdj$g%sBc5{MF?ldyA;Piu2%A+-_A{S*VOKnm5+Pq5)_I+H-6N) z1l_3i=1%nihZgB>(Ji~pj4?Un&kXZKjo2zLk3JnL$82yC{t(_4G{83@u&+URpKABl zjs1|HTXFvp-qP93E$+$d@O?el7Ne~LnyG3vlN^~P2Z z-_a5j3EmuB~JM z{&8XR8-xs70RtG{@nD_UW^RbO72{7E`-IaeFtpcx`E1n{@zvK3Jb*hq;MAtF@AREr zo||XFA90|BIBq2zk$}>mYXh>;1@Jzh)zmA6wJ{)-s~BooC)Cx59$2NW`(4C@gy*v2 z*;tGMxLvKcJQ$zR*!>-l9oRM7wBXH2mWzTKe|$+E!TSnNqW#6H1qrp!Y?^D1r?n!P zWXA@;)cxC1Iz;gyMTh@Z4Csc^p}B{gSalh7HUi@L<=;bs^6o#~z5xqeJl^w!$DO0$ z-ZvtnB&;Q9c%3ewm5{2o9qL-k+R^S#<*yUgG^Y}CMsBYWycz%hR?y986afQivAnx<9)Eo@Dg*?4+Dxy zFeOkp(js8$+w^QS+qU(cp}~i1OPhrk4%TV2L*w*cdGLH6SaqV%)-HA29ub81(Qb?J zO5?1DBB2v_1dK)cvR5p3=f#6+kdN)a$8WE4!^~N`Zy-eN8VHFi%KId#s!uw;1@km0#k4{_YH3U|02qX6v zlnb<6Zv4`=jN^XMRD`vROrPf8o-R19`L|a?QtBSrVgQ-Nn>Bs97#t#Xn=VoHmc07-D#dqWryt`I%s3qM z`rIoqNdH`CG&aoQTeshq_rh5AOpcAy?YHiA63T;R^ z7x?>%Tgf6_nwl zUv*Q0bXUk1H@f;ZU31)sd{uGv$)h%NAyIr>))fG;o)PrvsMRFgjjOR>(X(1&23&Iu z|MF0n@jg`fOL<>a>qJ-|9fsmQ@TW|}Rv3={VqW$zO1yB) zAkB6{V-{1=@(Qmr~FzJH(xzz8MYfNwYHdnhz~&Vqzr zO^IJEyVXB$r#2H&rHbjKpxt+BY#H|vJ3EI=T`t)RXkLH-VxI|@7wx;IV(&Ha`}Jug zKCH+h`y5FzpETR{&<|Ch;;l^efVvx8vE_pBpOpY?R--Mp!{=+g`ONvGR`QD^Z4FC@ z+;XN%t{7ENpCbO)L|ZrwCTD-i-ha~_eIFb3VIu`y=2|PhQ4<%Jp{pJWNeRS3=|d6U zC{$l=S1lWb)g7hV=jq&{iM^oY^r|u(Bo#S9ALvE&|Hj^X2Q~G+f1e@(QUnoc(o__r zO9ufXAWeGjy(_)LhrpKBxm#ae1E^)eRgMOXP$Zf+Sz|H zllx9iCMUV>bD!&azh76DH$vCva#MRJO3rayhQYtsocqi!RH~KEV~$iG>quEK?Qh{$ zED3DnR~47{b1rJaCgLZfk*hqT;fR$0c)1%ULn24fa$Jvx(W6L~O#`r+kwZsROj(CK z;ndwqEQ$+y6F;q2&g=37_DzIG;^ir{rsEB#LnTM!+z)|eGjl!rOU>6q7YB}`rv8YN zu9$o=hP0En9J6lXL$PG*2yS>~4nlqnY=$Ir4wzVOIe5g7cXngk0O=egJ#g~~OQfvI zk-sFc?;zk|y8J%^g?2#KhEOY3b*xsDp8RF*c&K}>O9P4ajSVSO(>cr9yY(dhKSB1| zuGW7>zsFHCV_TP=OVl>y6U{XD(g9G@_^o1H6cdeWa$OqpRnfav0OZeWH}Y-oWEi3H zvqH=f6$Fvc1CE?Bp^;iqBd_tdNdmvjf6oDyj`)T>-dUTcoe7~Ob*6L^Luf8v`5o5b zbM_d@EIx&TNBb#9jw`@vMC3eibt7%2^hZWDFNG>SKZ>-!KbaI+HdFI&ZfOE|q&CBE z9<+Zs)g7|H<+uIBGV*G!O%ZhGa|fazYZY;a^HPo0yzzkXi;O?Cvo#<4>nF0R@df6S zll9>>eXJ6b!p-xYDvU_q(%O0w{^83~4L)e>ZA9+5;sK+-W+FV)wMqntMLtc~DKmd! z$gGtvpEyjpz`GI(9#tL$X`k*hOzi2g*I4flAlV{S5TnbCFssHz-PbQ(_MogZJ1SAjR8(+w^sf6cvg8*2_O zrX!ZOUL&#nXSG1p9hY2wV(ZGC2RT7eJ11z=hYoB0I}rK8uY(||ywe!vL^r>zZdWp< zPG(tbV6uBDalqn5pMI*@4g(_pkDk_OQngzMCFU~dB-s`Td$w^ zm;1hNFAx4evG~Y`G=!G+)>vxs57^R_u_AY z@&w$xcjA0Rlv(XEs9^L|JCvv!bRFf&`7Z3Y!z}slMb#!1*|CSn43*ZuyUroEWEkKYp5HsTMY`4jMLKryQ*a!JGw4aK3drT|uy#M|h825+y6Kmo(MzF&(XMX6 zJ%gY91>8whFHL!ZS!GL#i9Y&-ezd70PhwmrlT9nuk9P`S(i)3ONM&P8 z-^-@|W3XaqI?rA3c%S{$3M) zW0bU75{l|D9uBj$IU|un{^*q zipdHkSU|6ZnJgWG;Y1IW75Z@uUdmY|L{eMOLUCBVa!A)>CK$_=IrWoIV#HJLo`0_I zBB{0HDr=nlInDG-vyZB{1k*;b{xK@fTWlyiEN&~R4dSzq`N@QFU%t_iE&*j(}5A(0(^FZl=EdH9#iLC&T?bXEI(&~KpNan+nlNW)lw zWSDKQQ>l|CZ(qfbt@8Web1ly3?b#k8}mBVXjT!AGMBI-9ali&M^}^Ve|zv%zsGz2w%(_r!jUL z&+RT-tuP|hNBn)e>t3c~A@$I2(XKzk6_uhQoZCw0!es4=rGsiMe6C~+#DbJW&~D$M zlF>rnt`;4YH!ddT1c8wOgfi+#M6cG~w*-brx04k)sKXu}xncNoHePmdz&kRoPL?g< z+9`OTElP5F^mP)bGAAi8yxyq1DxCpe3Y1CYzxF?~+~~-p0RFijC`Fvl_!`dW$PBpL z@IeIW4B`>^enJS{8x=*T zCr~j(yI6cbPIw?X)%TBj`5#MniGYwvejkSTg}See!L@)>@|EM(oi)~xucjo3@G-_= z*or7xYo8W`zM+BkIf2DL$^CH9H6izJmNw?9jndjVelIhjW@K95-rBHg8~=v$-!X3d z$Nvilt*(UZoa-i(L{zO6>Y{s1r&E@5G2{zU66e|&aqR%jP>VIn!cX3N*u3<2Ozb~t zpZ@@TOJRd*U}-2%3}7pq@#{@#$Q7#cQ8R}v#{$8bgmfGlZ}j?tcZmF=su+pY zxfZrvKhlHOWMe5*l6bEqh5B~k^nc>R!%-mZhl9AHTJ^pMDfmxSax;TDzdR1&WDIW^|^t|G% zE`}OcM*9|ya(!i%B~dXu$_wr*@9n+|`XeV!h-`ygY6@q$qM)>3kM9&*Kfa;4jK4Zl zm&eCGeN#nU48+P;=3^CQvNXhq?%M3N?JK3>pZOdgdhTNMXgL(+da|SeL`aY{YDK(R zP#*&Q_^ZgF#Vs!n=(P^C*}p$3SUe%*XX$!-3mGNTnOqfm3taDlA0JM90hLrn0iPb1 zPy1-zXrq9QvXS;b9Sb27*7HDZDVpIA@WOu77F%~;4?OW`=ivOra*3!8AgPCrRQQg4 zJ0%;X6dA2&tYGt`cBN}E^fM>QBS*B@zUAZC>=7V3>~W}U8h@o~U`10tx?=w1d0|1T z9q1zG0PGc*O|DtNXOS!Me>(pdB-;$3vX>)%)^GM7gLarB`6}G+u1nO`;doog;g$C4 z{~!FHJ0VT-FA1qliAi+l7)Wf}mg`nIu~`B~Z`8TgYFXZPerlqsa2~um?NVNZpcueB zO*(3mOPRm4?xK2VwrXO>N(iH<1t~sX@=+5~^DvM~s0UkKXKY&(h@veg}^dn0X7(F)Kx>G9LfLXt5Z%Ht6q07Jk?v!1@y+$E}1+4_5UHJocBP z&>rjfn)^`sn5^*c&T5eb+^6W(rE3+s<>|~Uz}s|iVOtM@NLOxddsGjiq4%Cya>Hxr zTCX(J(sQ=d^USQ@87QlK`JU!m*|=R!AzvJc0_3xEfbHEsPUg(ukc@~E%aG|7rG~cO zYiVUYD|SGG$Z`IA6mgPZ9K?1mUi$0S*&vSbW%rdii5TL|Ui%UJ>4ekjEzhLY-1Kb2 zrnwI(YBR!VwpsC>fa7vTsF5Fjz3qgaf!G>8+C_S#dep_~$gi+(u}*k6NVnx&Z<4}T zh<&04XGj=H`yEB5EF2PQ5Os!&gc!SFl|zSrUrfyy_vc)4wcgyXnYHw~~J>*SENH7~M)!)+N;T&;eRw!T{WVcR>am5%E71gU zmHm*eS26bs%i*{ac~c07GCMEPTA$o|T*?4^~H%UjE*;u(-b!3H$Mj0b#@8e9;|j6%Jd zw+gfGndX-a9Rn$&@eUO7>>B{W%!?SZf`_&9=onSNI@>4IV};lrE8DU4mdUNx#LrTz z2M|?S^xXdAcE4eIoFlKUeE2vOdZT_ z(NKnQz!iYY4*Z8Wz)0dD*!w$9JB*5X5YCnH0^K*la2X6B zLEuG7>NeZ2%)vN=qKq1IwPr5c(Qjg8`+CQ?4e?7ju()b`HIagqc4Pum zaO{5=v`!yRqT4$r7#*5aBhQ8JnOED#+i~DfGn+Ej9~ifXF=iJyPBl2p{WyX~tQau= zCe#OLN4HH@Md>tU((UU=QG^NDwL|aIpLQ=$vZ;}>NTkSO(;pZM+fmVh$K~GOLE{G8 zH$Ojh*D|6jZ=9a5Lp&=p7q_(3t2GqSGeO_lb`1#@X)`HG+vkLQ6O3-xX1s|vvpUd6 z%`91{+lgF+&VmWZ(g-=4R6+nC%06G9=Ssz;gC62KlI1&I9marbm?-g#uHGTwF9{{p;TNFF)=%kn_2l^(U+9)X z4`Eum&Qb+qXvY_oiVgF6ZSAHBmdMSkm3rjxjZXn3$7cZ{=KS>V$`3vVwIqriS!WdB zX>>;AoU!|qrp*wjt-|NQf3pA@^QN?Qzt7h@D$nGIV&k4u^4|<#Oml_x4Cf= zG^OMSY5R$DKHdDW+OFfUGom1oPm`?h7DF%YJsw1l&l>%J@AYe+ScwWY)N|(*Tx~li zz(BeXKFH~Z2g{d2+G~mC7iF)G82vb!C$nv~>6dIH${S<3z~B0%N6}9JJ9)c%_f5xM zn~Jw1R`d*K3SBuxWhh?L)NnDWKBbnge`&_46%^4w<92|Fb4sH3*_>2fST&VJVB+`c z#84|&ybGbg-uD6mSHLn@j7p#ANV66lRS%d?0+`=4&&brd^jt4_=tc*ZE z`W`NlnUiOSeXM!3l1Z{8rD)X^PJRbqc5P}f@+w2}ECvpYs!njlv#dea1~8UDX?ICP z^sL-a(iaJDZ&*M0vH0N*Pyv+Nsi~1Bz9qw%BBoy{36JK>yB(arEZ)q}Z3{;AK>X() zxKCck2KN9c#N{JhUvp^XsWM&ceoSC^^>Z-X3(|eh&fu2H%5 zz8sbsOp!d}SCao19X!@ZAl5}xS_m!s5B}HlKltCdHbjS%i=F(ousT82NzN_To^*G- zQ0UK3=b2pcfa^R%L`dY3hylX!FV=yz zm8NrSwOKXFzUGLx?NQ7*7B8_A6yu-d%YKkozOQ~0-*A(cJQWE%XyBi(^km4;J$*s^ z`+Zo$tXo2A4VaEXoVd%ZPb-Cp!S8C$3_u=3i|nhM&KC)}!s*`H3fc|2us4LH`BpSH zO^&rCrxOxzZtWX^;qHhPB+!-o@qDyYC(-1J5I_r};0LukrnFSUjs$}nda|AMW_ow8 zsAu4<5$^v=6@0n-TUW&Y%!(dNO|+g5%V0{$IZ49CCm%Ckh)_{uGA6*fYuepb`o$QG zVIo`GD2YPH3F{yN{3tUVyB}g$NWK&ynf>J!eD@8uixDZJaoW~*mhENsn)fR@l-vPm z7_Z1XcSGZYFOoA8sXB|Z0WF6G-_*D`**R@DN6{s z9NfuO=svB7rxuOBm;-X()A+qn!)CEIyzUt6-m?BT@|^8pBogQW72KHTO#_fMjNWh( ze_=eT{mQ<2)PSY=7sc~`A=J)jA99~iYQCud3xFERkK{-;dX`k0C+|dm51je}Tyt_0 z{96w&Z(cR|6uCaELcxFkj{bDg97gYwBKW0VH|No#KUb`2)>+N52JUlU9`Q)O*=(1$ z?o>b`)9=mS>APO<`Dlphbz@vVU;PY_L1|_f54I&zdh;aStNjpGkXpSmi^%rveg1nR zNWKRRPmgFM@j6a%%q;HjBn0uUMp2-GU-JQo( z`W0U*wph)11$`LTM-E1QT&=h*Dei(Dq0FbAgQ!N6j)F}$_&-|(lTjSEHQ{abBBjg| zsosYkZ$3jma;Xxhfs;L+UI(<722@;a; z)Wzv1E(CZSiyNp!kQL;2lJZ%&Lu2i7q(pJtajU)qPv>p;Sy?bgt0I z;|bmoF=Z05vo}lL*Rnng38QMt`PGuyNo6{tMCYnHNoZF~g`A~*ifDoJ+I(}5};p<|T!p;!T4*n||t39c-@K{EJXke1hu z^&)VBYb))yL}}(@g%|19ufk8v+FK{d@G_2rYE6<2{O~p3^e}+OI*n)lY6;RDwoY74 z)=0_sm+Rdr-q_rlh6p3XY<0mp4f&L!T@PsMIut#6*f zEaUFu^2bGhIS*#>7%=Qm#p)ys3CmHy>_ykqhMucI+dJf{py5HC)d(H318Wk;i)qrA`l5RmI1UO^Rr zQ@$J!73Ip3*FrJ8*_c{-c3n8GcOUEcuz2*2iI1e;4O|EJvJ^;tm|;^YRJ#E*T%`IS1F2M4bCFGZh#k(=aAU;FCEQCp2RHoS{b5LlT`N}s_O_e zEFAv~27H7Der?8I&8*KyB(04Lz zDmEC+_B%}d{vTYr%(DAU={nioQX^Ls@wQ5pc>ntpIKJ0=m5g(B$ER0wdA^qiaxk+N zW+EjX+ZRTmpPjDRPeEKSGr3poGPs?E+1Cj!DfORkOHl*afA;THm1@mnd-!|waGD%H zBKN2^fd%0tS;=U`))21OdRG7Jd}$_yqmlOKnzJgxp3pDZ+ypF!kN_~)XTWc&bk6@IzO_% z6nl9LzbV3?GV~}R0bkoN4hZ~fH3fp?oCAQpK7Uf*n_Sm>liYHXTsvMtof%NckZag z8Q_`8iwF-cSSQ7C-`i{x19lx`(VcKtu_%6Ck@Ul3aH^f^LTFaJCBEo+UVxItS*PO_ zG(B|b%>rgQ@wnc3OY}tt>Uzl>1g})~CQC=*tq6TA9r)HNzRDz>ql}qTE1ABDJy2Ldujr}Wq!Fg7uGH>*E^lTO;i;C%p z(v&f|`D(U~I2ymppLE1TAuAM>9q^Ycph=>SaRgK#VmavOY{yPLel{b{sk^eQ%D2VHom#J9=}9 zO6yDV@4X-eW_Kl?G%VepSf0x~JO^jzkx=mTuA@wS?@scKp{#fJ3KWhHoD6IR^6m0MlH`PC32}^9C|1As6Igl;C$<0!Wx7KO{r#zYX zQoRNj!t~csVE&bO-{o5$hMEPOqq7eMCNSEMLCdQ`w{QgHNzHD%q3oOP2U`#BCA9pi zKk3OSZi|;7#1BdNXdmc;I{$<6uG9FU5SYZ@K}ss*QQ~u;LoMJ{mAGcZaz(riPDu?# zPFNox1(`oSElQXU5WYtwU@LA#=lGVfy-PNw3Lf{STamSdfQh{7l*LaAHHcX0#(1Th z23I30+b(eMvySiW!ERaHy}kL_zO_emaJ>ioY(oc=t));vH#aB5EXU+0$5Wx9Bi)bC zxl;0I&v)066PEY~8aambeyc#^!9NNOIZyV^lmMJr6&tYQvnWl_0-0i)eV%>($ZN=e zUWyR1aUN&{1wcRnfMl|c3%;&bP6$ws7>Pk2w;0+?VBj^61iCA0$I!GQq2@0nQGpVK z_mN6zD&Z`B`DbS%pvE1o?sqJ{`$Ex-=d+=LtB_NJKBuzpv@K3f8dOvU@;`l@1W;RyQ-Q{+q!^aR0AbCK;l zPJOm2Mq)#E6tGUOYn|y{SOQ$HfFTVW^L_C;3ib^%oI)?1Ty>o{H!U$pr)0}yV`+-c zVGbH*-4NS3s0M1K*Lr%tvXuq6#w1O;LN6^BY7PsQS=m||zBWtpS|0#^$&}?|qQz9c zmH5E=6Zn;r?0}M4AJ6MU&;Hw@OosP>mTq~L=-p!8Y^v!a6&WVKn>gC0Z7jXYKi4bz zoJX#5a;Pov;?UK(GIVwP+Oq0l+c!2rsn6bqJne4TFAsrX{o_7YWie(DaFW1Y+sRWi zx0NoRK$rIO{SBV((@hJ7Bve{`ta9~2^tUe#zqJND*e85oS77+%jO9kTXCL8+Xc%2A zR1T>`moHglt|`rpsz}s$peXeosOXSdX*DmX@x_Vu?&M5Sc>zfnY5I*XfPIUoHIl;K z@yBTXSZOIsuxzKH_{SnNA%@CnQ6!TT589adIygy>8tfx`tdH``_!Yv?8e{F*pYYZ~ zzDX#UC@?Be%~lqS*cX3)aEfpkqp}jWL+z>d*AesTm{B zBtFy|>|;%v`8rxp{e$OG4fCG_48W4w?@#_>O4;2OgRA;s1K}dl1Ci4S7vqZ znI=5GOe>@%^G~_3mk?6DjY)fmoAKxh*o84{UbP&>(cnFbAE~~PoFa0Nku@~P|MTNu zvaaMHa4?(35lZJFy_&+t^X*FNhjeD)<EQaWXl^6fk=3CcZj(UM>u`{%I6HIkb~LBCkM?WvknPdEk_s`ORN6EJo%q zJUq2h1DNPt!xjy8uG3hFXd*N(wQIYia2ceNjE#B48JQ0QR+tof$83!IJ&nP^@bG}i z%+E9q4cs2$97mJWxd7gxSnZo5COrZ;_2&8Mbs}`rg+2EqI!Z1fAPL^$(M=~nC%@Nt zy4{E&uEOyd1_A%edZSN&4qOHYTn4#f^6qQLh1`t=O{fDuqRG$xl8x-$Aa@93KK+@} z78g@#dU9EW7F_YupQj5%`mq;h{+Ww&)a=v2_DuQJg8to9WXe$z6EQbqS0%8Dc=zg^ zBzG;VI9W3Wr}1GLHk;}(MULA19+q`)Xklf4-YX$0UoaZ2SBBP0GaQ?Y`PmcLx1H^6 z^xI>HU{|M4$JE<97a=$6QN!8F{%s_>ziO#FhG{^g7)ICS2$?bVSKlA$9J8V{oR+^5 zb29Fep9c4DQHzNs$-;@HF=#5faZtL5j1iD z&2bGGYMiI7sjt)9u|wGc*UJIQN@b#o=xa2fb_|__c2$VTAG7)H54Wf|-&>43-GvG1 z5#(03VM>==~meGA*$=wjn~n+dn%pP%?kiqDBI4UftgZm0x8)^GBcM z9y^=E)?OZc@-)Wz_<8D$e8t0f<(2df_s;Sg&_Q_oZq+~nx8K0s+rJ?s!oo=l0ME(2FE2n-%p2B=?{q6-2x zku~nJR&Rgz`fZ>E8R5#yz$&jdF!9eUN*<}X3|tt#WB@r zwJtnA$2&%QAsdMyZXHCdX5sDO{#zdsES+Dyj{2cSN>x2VYg5A>ou99&%6gyiDivEX zxhF1>kM)z3N%wo#pZzsL@$u49B@ZKKt%><`DP+{fi{FrcCG}OU3P9nuD<}QnG~5^{ ztB_dKWNpbvxe>5v#(y4=XC1`F_|Quw%J*$~mm{tWE+s+R-e;?Ut*4>KMn7DA9)703 zS1Sn|gYR-Y#V{GE#+sY;i1pk(e#;PyM;b9ijM6g}Z9^UT-fq+?UpT}jY3r#TyX$z3 zNo9~?#98M;B{9ysHzUxy+-ref^;>Dbci?(Y9>E6QevG338olMcm5ixDeaSJkR;M>2aYR4(?=ODeJLWN}NzPp1%5pDJi>%5$4|+*qk18&QXQzIxAh7YXgg*f3%!_2a zn;*Yj?^tkF9vkoDkz$Tt@rK)bBZoXUk|0K7{f^|YQwGGGHnFXHRmRl*!F}Jjkqb}} zrHW^d1wzfm8(3CrI43RzI%|DR*V7@dT=~SgRjX<_-{})O_&-#UwOPx29t1|677@|$ zC{!GR`8j`P{X%r{^FFRZhtl-fH!b>%Nm1f>=7N$XMJ=n*usVA#u0KLb!r8vN-nv$) zmVQhR*>bas`xC$khJ$J3Qw$d>_(4(t$$$l)R*JPxN5j8T+ja2A9W2<yLqxi)*?$tu9 znv0sjzNN0?&gg`ea-r~qC(ft2QiIs}u-&CKuBJu$$*RX6kTRFdaUOhzSNqlG)v??G zL=-%~7n-O_(x_FEs-9~kQ^ZO)Pg1elXdvmRHH92lr)G^F2q*lkPb7$hD^{!LIeQd^ zvQ!K8r?9AXKmJOJ{QH$@a9#G(GxCC$Z_ToWM=f+|<>c~mH6BPG@ZzPhM=-M3Y9#*n zUlU~ipZc&4K^XoPW)ubPv0# zeSU?*Vs*w_$f{%|5bO6(ReT-jvRPh;B0*}wELmcx|1gYth_CwB; zAU>DCF-79Hf=;1nR7PCTw#2NSp zlkec$GWZyd#yzZ0Z@Kvyl@qv&iYUcj|03lM#ClT##R?D``Jl9nH%=u}TSbvk94RCA z>Jz2T)T`e?H4h%Dbdx)=wyefE?Tx85?T0fR8O&+EbKC!EIXOc?ry+dw`xNq^>-_ps z=!WHFUa9#7c9^X3avYYCy?`-45iCamvG1^9!NML3Axu#8bYRssUr+H__Qw1XQ3q7Q z`AZ!-Pj$2urSICy@CK&*5sY9u;ijP%E?Xhi0~qu@vvsCRLvk38IV#V%(gQ{+j(0dR zlG2|LkdW1cG@Y!?tHT6yfd;+tyx8@eyi!L{#}Bshrx)j4g*qq_j1s{c$h_8Ap7n(F z=MtKdrV3z(@??A8*&ZNnq=_A7)b^%(;#7&Ax1oB|dHnihy-7S@DrUSDXM%G^RneAW z7L<{9(@}_HKO&g+8t04o?gK{w==QMh#-jQ#H~A{1E^!3KqpEcH<|$X6=y#OzubuoB z?YhLrKQFiOIQDMUhU8uBTJmzDbRPUvgsug;c>5_d7+%e5azf8smd4E7wh9uhvjenP zF%9@$QH;DZJtbZ%b_61TUf8mo;b zBKX;Y=m>*eL^TTyeaNCuN+s+{%GD69dxE82)2>%h?1V-1p)bwE$`F-#BI|MwJ9huN zJXPmaBiJsYyZ;fZ1V@mXLyt`NJ>2Kl7&4(7pQ7l?V{kRcubJ1*n2*v}228N(x-FS(?#{=w@Ju4psSr^PSadJ|**k!HPR7$qe}|}mqCN$I)%`WsaL%{^`BN#7(=7-t`IY;HmQ=$v0pnb z8%&#i`m`w4|1_lvk)^Y~mG_mbp)Zy+q>Tu^rs46jRL86^i*Y#;cOU*<$Jn7#zcy=i zEQ#yeH%9$xalqE~?7A#)_9oN)-2Zx0@QxMQU${^5&FB8-D zzU(Z492DS_=_0e0I-0-@D))jXM*PJvGK$y$)+gq8U3k1UuOn zgy!n7nZLr!gVM;RCc!L6-%Oe>&lN6%v3nYx0N*oTf>0L;ewe;5XML!c0S>_>i73_? zdId3I1dDFTG64&+7X6zL>(Z6N;}Cq7Dpqj0W^ZA7ztR?*x1fp><#6)??C| z^02t4fto{9)-JyrC$r>Q!G{FOpc#m^-`mA5)I$-_N~o{CxBx+zn_*!PcXSVD(kcIJ z+!{=39=6MDT=LkpyXtgi8R)lcX6Fpy{T>O^h>3eP8+&LR4Bx%5DJ@2smnfzs!i^ps zrF`ciR?bf~ijd=;UH>LR*h9;0=LaaE6n)gx%v?|x+irb_*!d-HJ3M^S-y zcHJ%ehdQ?m5e;V3eTIfyLtBC7)1NmF<6=N_p7yl~JpySIz5mQ_-*Ka*MR@#P^Z#I@ zh3np?SoNl$g*I?ajHL~abd*;=UEpZkD>Sz4rgp*ZyM$F3(I%eK)52e(SnVaprbyM?HNXm3(D4m)gLuRhrY*=GSw-~yXQrY#!5#s&Xfmx zCSmVf`_9NK54JpP-Hugr{PO=Qq>Lf7XCgc3sO>Li;Ej(Mn9}VUxqoa9NbBYp@_nrf zU<_xfRLo%j|CA`4MjA95kIbu)bp%`ciOS#Q_RY6&t+il_ef!2_ zvKV1iX)H%{ zd`S3~qTuOsGZ-8qgc_#s%A>{oe83cva9=%*yLclv=05Rr7u0w7_EmNRFlF5GKE+E$ zT6-5pN8QAhcRzyq0wn0K@Hh*fp2mPKutbw8MF{Z%YxwYVrZf#wWzKgWai3|VHF)m< zp0_6M-O4)xOWQuoCGHyPJA`tq*atrnoPRJ8qV6su?N>J$bap$@$i<8(`~=F9JjRAW zSyC?ZXU=MjITx>XI(i;OhtR%U;+62~1R?KYVv>KmZ@iszTTs++pb}Son_N&4pD*DAoJlDAV@1R|5i^n+5%Oys`w!78AGm9Re+wwOqcfM9Fz#{ zw2}R0fRwPNj~R2nsSE?@#TO<4LS9BRJZ5FHPcnw!x}4Uj4{N+xhH|dVkEEW4TCnFR zHa&FZRm9p6!B7|;a;1n2)Jyl0vfr$UuWfsmdF{z1BENXiKmCw7+aH0S*kqQDx?c2D z-d#Gb`I$XAi%!F8+Bm1A;;l3} zyC%Wo+8Q+VuI;AmCW4n@;4mAx!cGh3Sx&l!M&e+i3I5{tCLsoNdqcMTT?lrCx%%+@ zVdF(?9D~jmZz8x9*m;c%mLTb)xz$AvEbc!&VSe?&3O7P*ES>_d%>evW%oWMZs5#JR zklSv=LceWtxnKE+JwP`KhsdyRXHn|6sVDBzu;P7hnU5CR5(^L+55mlVPMcjfZ=4tM zx~gQD&q zb}b9F<3Qp-26Ouh9Iys}Ky${BGKLO@Mpfze#`GWUJU?6KYG6CxD<{-3xPn(^pF_l( z@|zti*%HAxwAdG`wK07XtGX7>Mk)3vlKS9>NynjI$SZ$nK#&Tvrh_iGmk_x==Cc#m zn7+?tm4z-`U9SKYg8z);x zr*+H~Cz0YCqXRY=pvv*!iy`M-q0Z8>Jkb#`y*jiq=&CLQyoGZ{$2n$&Oh-ovF6k%< z??0vOs&|(|VQfta2X%+h#WaaF>b@x1!n;(y$!rnY|X z`{xs3>chfP^XpHJ)eZq3PG^Qu>%dkWF$z&7(DABJ1&yaj(-jowy-QCBqzt``;({z) z&vlVg-epGby)ic`o<0*WDEhjHn*GB`IcPW4KMQCLKK?4MOH_MPJNp;#TJEsx@W4iz=g@(C2yJxt2oxP3_S+yx~ z#uU*!v3yk0?gzaHoC@`rykGaCu6G$>^!U*#(&1BGoT|rud5BxW7w5i>A7rD%I}1gX z7l$)~aoecM)>Z>)csMJ+dj2=qk^PF7@9x+inQu|z>L$*I2sy=D=*w77fho{T_5$b{ z`qztx2A16lZ2qUPA^&G&1FnolCqRMIylR`iXo$O)l=PipaP#_%W2VYEZq%vnE>0cM z%Y?~;A8Zogs?7m>$__xcaZU90MD++2Zw$`bHr8?9j;|(oH+qT6VA82I;AT z(mW9s`nB^}p;VKJR$4HPfXz?%{)s80W!~W(7wSdiSx`W>2aaoJz2DQwQ*D^u8ycPy zip99Ea+VuL=H>hw9Yx$ZBdu>L%YJ~Ra-AORk&q3<<`IszIp7I`WHH(AumMjw=<>K9 z^p8d#m`ynub_7;%k_zK8rn7ampb;idIH;IRDaz)NYA^!tp9pgw9Xg+#b}Q#wo@1*< zzpHshA?Rg5?n!}Rf84DT3R_eLZ)mf7SR4Y`1<8qFRrjhf}Hu0}pXW`_hSFF~fP<>32KFZWpI&d4$w2IaIa@eT*NLtAuq{iE0V-PL9m% zYa#2Cua~_kFG`x^^O_G@_my0F<*Z+BF29zBzL!2W%-NMdX;P`ZzB}HTmgz6kNz4Hp z8+xqH5MLbIl`{~9Lmsi{nQKT0#d-`&xWe5EBwnXL7pWWrFklKtUJwFU_mS8*rKNfd zSIvM&CtaU4){>LdL+(#2P#amecJT@6w(4ixI5{SE(yubg)%pI_@{;`Ps$=C6M%~VO z3-Gp|pBL*@#jNVa`O?R$VkiY0Ip3?=)q((0DVuqQ3!NX(r zSR|MydF!7T!gT9-uM2nX==~HyXhZ#xsbub{_P57*|8?6lghFw-)@dw;%+0{vh>&Y} z4+qYKo@A}jWR2vReZA%iBc(9WGRcTG%`SU5V1b!wMsJk&MGiSa2?J3yPBOUjP~S#Q zoxb)lwak|F)2u$A{Y-MIQZ!jz;|QsN-$pfFyZNsD!|r6SnP4D1><%tz8Q6FM5$3 z<}G54=Hm~`%$O{`?=OBh5F7oC8I>CRk+xIk2_wEWPVX+&)$Na;3ZaZ^w_Lk3BK*%= z2BNcrSP_#??`nB3rn;=Y26)blX{3hdc?8_-%VaLr`;@+Rdt8{B8E|RO5mN>N?cIAZ z*&)&Uym|d4Ek}sCS+cPyjKTA!7B~AbYF}tnD{^b06qs&tRHqAT6s5hb zBEy0iilNpg(qza#Y=6TiD}a+S_h}pZm3Uv6w)L#%=5i1(8xJ?%(3a?XzR36Y_rnOf zJlQzNm}iXrtZ9!HS2>?rr?aFiI)1~!vhH~|jvQF7!Q-s5LM)3MCCQIKsUQZ*(>2_9 z98PvH^UWQy`7ra;LQ8F%{(fO@My1}%3KvyO;=Ko(QdVS$~hLN|G-j!E5 zjWyYl*)E%Lu@A80DL$+d-lP2A*n6v}IHGV}5JG?i2m}ZY!GgOxO(3`hNrF4U-L-)P z3+@C-2MZG1y>WMUcX#iu>6~-VS##H#nTMIX);!EScG0z|ZC(5S|4$Yn=B9Ib=j<0^ zCrd`KTOmiveYbAuUt;>;60)r^_%ugkoJxJ@H$1HrSwl}OqNZ7?>}ae;<5*4o1Ns_~ zPp--M^}3yhrxUGJk={3`!=276q9(Bqc)0Tq0PGgxYzIAbjGTKlpgM1n;gMF{e88+e zkLxjP`8KWvdrp@9$Pf9XdQCF6EC)}Ud$mmsw%U~~-Sln2%0FIJ{LqX9wq%LOvRYn) z6a>k8ojz>@IT|2QK7v+3LjaYYR5t2Iwg)egr@ORsbv5mELe_*xdW;IG5QZ&nf@cY3 zigM^wESxI6<)a^;^ZmVYQOm(-8m~SpkTgeKz$93gEMfE1yzZ{hZ1vKzqqu#dkSw+I z9Lc%%AdG%R-U+nATwv7_wwJ^s$7O_!CU{jpY1e<=Ld_yC>`fu&$x0i=@BeKta_Nr^ zuuQcMo`1=~BZ_w61<^D3<_}VjGvbj)sLt;&`HORoNMBDrG|}`PkbYm-7Yco;@}It^ zlg@O(5sZaptPACZL>!^x3{?p|4w}-ErK`%eB9jFbNIN%QdarhN?IeI z{4<6?lyRO0Yt{P@cS{Kjo-#aTcSK+a_3DT2f)Vi6u#7Ny;zn2KN=iR6o6gvIa|A*X zc>n712T&(|z*tD~m>o$huAa7*QqP|?Y(HqUY}izBI20WlB=#fjYiH<7JL9R6crkDItS*|N=?^*3ikB63~)?-x$rkJ?VWb?;fU8Pce)fDd;+P#=*4(s=B zo9g{7EgiJg*f+%W`F!o8pFwXQE^V$;0zI=jWmfdS+qaWNpwo|QcOu3c&+oU(47WJ$ z@xAoD?$TYR_qotC>d8v|jN7_Jr97+O5ONQ(^Eu4!(JeF{wsUiRmTGtqc|W!*Jpa@m?ehu7_cdBn$m<=#

    E;7eXkDYUi&=U#7yjr zi_(V<3QDKppyFXv#VFIiB0HZ`4$9#OSvA8VIzo^5!0*)(hW%djF#YvU6DaRY#J~M_ z_1G%rBZ+V2fe0&$fj6gzTQgrKh9y(L{cM?*%<(xo8e_QigZgSXGuH?C-`pw4*1yCL ziKF1cthRM%NvZ$tQtf>Q3pn)RtOE+8SkQRPl2a@t$*my}&IO<;Ru!MnXrxtA-=uZF zww8@$I2m7$yw?FT>4m!0n7_N(M2N9i^V>@-2R%d)YH{MsZ*3s!gJmRWVOBOF4&Ia) zLdQ-wd4nmjrkFt6n$CV#9?%il8Hh+H{q8&m|5sJf_fan=FCO!W?Dd9kVq#*g>82L~ za@thch}P64K~}ZUsja<(^ABu?2aJR3Kn&RV0qL{G#D^rBVgEm&CJ+KhuJwil0d6wt zOx^JV+^Lw~OXt@24bAF!5G|^8qQC4W5pzW*);zrt57==Gwh9-;#0OE0Frx`xggR3} zHYPBMji4LHf0A(+Y((+SNp=z;z0snzEEphIGJZk&|2v3tLGKxg+{JTE1)2Wmw<}`s zJY%)5--2H#1gdZGc2Xu20HPi+z$eB1Thxs(uvZPuos@jDI0`R0k4HX-_W?V5v)`Hb zPq!RCsFT3Z;IrzwyIlGzRVKb46(q6&Mt~B?^$e0=eEW`@ZESXb4$l98>`LkDW$m-U z$|EKtTmPt-*?+;?6GXjXQivuEHVtBI_{(@O=u2U4s*=}&{v_U>*sMvb;<8y5$L)=6 zML<8~7Hz7h+Oy0?b z?(-*nVr8_|yy=)tP@#~MtClrn$4&Z`7E)6fY3l#%k^E$fe}+XFYEOVbWvBoAe1|04 z2q3s4kp76jc(#8X36j6a8;8>1wUe(rgs`^uN}$|gr?VqQ_`0*2w)+rOPjL5wMs$lG zj0GD>9_=^#f4eRLDxg1%x4Oi7y!qVBiEoWo@ZgqOquY>Wp>DogvE{x5)Te4^KI+FQ z_4&u(k&HHP5n;&lXo6#*vJR(IsE5A(uZ-$)bQ@?=ex(+!Zem2t*$p(S+XR}5yV3lw z0+f=AWNIbI;o=Yz|1{EMY@91$K(fRdtA6lBuc8daUDfAF4@PB49YyLXg12&7gBXcH zupI1JA}5s$+UX>?xC1ljeb-1btqQE`zFr;Axu0xk+Nl`KDgp%YbJ_L!zdgAhQZmMh zV$tb2PjaXw)<+P$EXP0{Ohnck?N1|FmAFAJ+HzC=60ES@fZLy^rGNKplA|G>AUQk0 z@E(l3-n_V?9#`N(z#DTIS&s2gZ(Wz)@~Q85BUhTwV9s_Z!#HO8$IuE8PqZJH>(T`X z5NNU`a((Hvy5l5kU$AHhpeTmuFy`u2`OQL%M}baQyu=ouV}bkw#!AHvc0b=a(|VF0 z#oh5-Q(@HL$F4x2!`Lr(iYCUoMY32IXlef|{|Tms!$|>y4+&sH3Ua>G0N_4SWwgt% zdDx6-8nX2;O74_(n+YE|9)yj0@cK`>VLuDL`i_76n^- zB3c6-vCljwe}CamIKu=-9HXSOPoiH_my`|g%Jmt05C87P7WqosDLp*@jLAA%=ru=W z=Ub0dCHdC~NT)-qy#J&)=@{9HMSq}Lbh|3_Pm(g~HnbHshY-4k*cGH+4V9W?rIRR( z7k}HJ|12e7g9q}{o!G<)^(@++wcwe3%)8YWv0k?Yf~hsd5rxX6RO0;=w#^Nm^I(8D zsBh$>t1ussZvR*Rx`eV{$68coOv%iO!TOc{hkDo9sDd_qXqEd5u;QBtwM_xG5B*-A z+$>Pfrvv)wGQCKyjAknH9~zi<*%0)W1}lbg&ucOh$Q!wh@y@|ePgi&M{e=j)#HUL4FTHbQ72Q6vd+ z_u#3zN{c9V$$j1+hh$M%gc4xDgq(kOa#x1KkWt$a(3bbX=Tg15uek69cxOM0*BiZ_ zP@Yi6DRiqhiqvYDLlc=u7F7WBb^IH`?+Sg-o9E^iP3O3kBX5GcT3qb|5g+e2REu3C^`WhI9OyRw@BiibAg(4*G4Unf193t*Y_BFALfu2sg`>1&{UeyCqzKmZc z5w;GJX-Fp#f6Uw;UhWT$=(Oq%b)kJ9rQwz~Q`VmnH*m7I`8u7~fvNiq1gsq8N40$* zmc7>wl;2Wo9RR4dD|K>O{eq-+lA@59k0r&#?99m_cD}&T;?Lh}+GI zvWl6{fvjmv zLB8@fSEKu*TtE^A){$8su=Q74W68uh#%COH4Rf)%h-V+|_`59zi&z`rZRg>ZyS%G> zwqe~i2I0$fqPTM0O zpm2tz`a>RD+43pm1OXjfc+I<^_D$&WuqU!66P{yYX%a1Br0B>;`NOoC@?7b_R8VPr z5Sed#M_(dm`Ok@bdr3?A*4C5xFQ6w+{j*f*j&*&Fgch<94cPKh=7^+(-OBHl-xqC5 zTvNNNg(dqF{|)(SvTdtZK>%v9ep>Q^0sU0Ph>o;;WN==jz+v-Nw)#R$D6X?ejX4^+ zOOJjotvH!FQ0(6vbZfoxJ;|Q%@;;i)Ne_Ser3pv9(xkIEtI%KQq-ihy^G@=>seQbB zoxb83PLJZYojPX1FaJFK)?$6(1RuEj0Ov$alNH7-xA>9Sica@R;0f$H|;7CYhh zny|zC6{;w`MBS45kC*Ny51~vxP+$Pv3|%Pr=RJ(2H2GJ<79`{;4CTgSLl zrq#IBq(nvI%m3K`fofPRm?)rQW9oo?S0Fw_d#a0{*VBV|6rIufWMLJkP_JAnkInmz zR=?WB>-Mz$_Tt$u4chZcn8U4Rar6XG<$?jzvWrLBU(@rzeY~ARWeBZ z`*zb|rIBw%GQ6+UvruRI^Wb+1EH)M=%eP>}4~+Wb>B21BtN;#w+>7V`n$H5X zFQ6H;g#O8kxxq0M#u(SJqzI@WuFoYE@i##&-Uo%Vw<49Glr=SZ1byg?`|2L?!tkD zXqVD9(zKFmj1tWP?nwyK*$-xVSn}4TSWv<$ZD-Nn_mm2Zoz2Df=8Ud_%*N=}5umRm z&7q2ho^XWgYAIUGB^5R+l54-x&HUlu)x>}Vrw-+vsv$%y%1@weB-K`{6Jc)B;#NA7 z6zb?ewfuCm->^bGdO%gzSR~5Ukx+S`X?=8)zt9TZ=p#H6!(b*u6}1^1H>R@gRLN zbBj5~L@mm;=bxaDfwJ0H{U+uYJX%PAU-RSmWRU7ulSy7(;Zi&s9=AD}nc>1`c|p5} zZRc3JXej1T;d#W_dR1Ovm<_EKp+ThRIfYu4E)z!mZE*~9p1{^VumMG%Do`7{@!B3P zGz-G+zoS$L@#(veQh}dHAK2ulOPPTz81yt4Xfjr-GGN%2%_7NN9?j(G=>u;D@#G0R zA!9UCq_a85g_u{Cex`rNO=jO}bd0FKkv*J3jX8{tcVhCL6E>$b0mwkY%LtvokkqA3 zXtj+OX~cqu(|H|H8>7>^6A^ZTLR49xMS4>zfBX&?S_&)Znjd?=E4+pIQjlwjy1OZ? z3Lkm5>fhXPF5q*c3mLHbqaP19OsqWKc0Miw4@hZ6hFJdHM7G&w@8yIs^N*^edz~ z!O)gRp_1FX4DZt&?}*(QMyV)M)WL3vME(`RJfY8?{powRS4qm*kuH-q-;lH`j(4`$ zTt0r38ek{w&gjrQ(|}oNjx4O9f@_yF6we~evlpjOy{aOQ4k{q+PtyIOPSq__xijm| zaC2(>7{WhWYu-GYUhj5QE+CY};Ui?ko>O`7+q_umh4<{VKQDN9sv=QOO5TB#I;@|N zVx7k#IJf_uaC8)-x@fUnYct2A?*=JDey3(f7IaBd`fu(_S_tnnl=uz<4zkNzoqw{r zSN47xE+&~yt0~`BiWPrch{ED-dzd$yg5DYiK^-FuM8^z;1h4teV?-NbR~%Pz z^&+?%Pe$bOm0^>XivqCw*fT#?hx+q~1UMZY-%Z;5CXuR2z>0ygHVST$Q%bEg9=g#b z=UV>y&SURXmkZzh!Z+Fh{ac78MJ1QRf1I&rxb1}T={-KuupR}G-%0FVfV(9I5 z)5<}{nE3HCj0@(U%V}o;K>|%GUaBYVL0gn*M)Nk4<;>;$_+YQtKqIAgOeU5kqnjM3 z2lbQOvqczN(P#`|#9QLpd&eyoO77(##-gTIF}B=Pa?e8TJIdAizrS_cXL+1&N z0f$M|W+QGQ(3~Wy{Q(d2AF_w!JwyU|3K_Px5p_FQg+ne$;ZC{Mj(Bjboj!!Uv|qQA z7TV79pCGaJ3eq3NKKdtv00?O45#cr@(&kET1oWn%o$p^P0$0cm7UB`TRgeY}xg!*y zZd}&89sP3vRVjbrO-cX?tS&;`Qv2-a@Zx#@t>wnVhypA*VL8ue#$T-9hkybwa1i0U zU5dc}UE#fg|7}14L!EHaL$KxBEF$EAO&B@=0X#52K#+5kKC?6Hc$FdD{N*s=0>IS0 z0YcQ&>E%5+?0XiexbEt=zt_(&IKUaq$BimDAUFatWR#g)p&GO~zoIC8iiXKZ?l+kK zp;yoFuW75i5+5pUpA-|jorZ3^rUIb&`Up*e~p@FV^&K@Z}TrDDb z1)Xk;hWO@arH!% zzI*Y-=L-I%$tMUXJ_x?ZBLm7vXTz@UH2bE>vdB2RIG^7(LJ-56Tj(uUhpN>$fk$cA zhYN+Gs!y8SN{~n6p+a~RugDh9a!S z+@eNDe#&)-oNWGs!)t?nvfl<8K=R=FM!J2Dl5AULMdor>K6rx;VaPFlVJc&g@#3&+ z%uT1u7LGZZDQxC2kr{}Dd8Z6LSE=LNGZ zW~ITO*G8-JjQhls`CQu?YWIbdLr04p8jUPY+ToX4}Ab zl!_cfpJHm(M(|mKqz$&a7(@sqI^rbyE73n%_LoxhK3w)2N@ab-dVqBKQX(4gb-rKs z6egiu3Eg~goMkUiG z$aa)c$%NV@D_s8oDLiburAEtO8h%jNJ2ZL-BWbvk93w+Grw{#=|}Dv>!!8 zDuIy20H;(b5s}6MqiiudP6Cncp{PuJsYd7LU?U-dRyX?tZQS0SfDW`#=ax{ zPm>!?svl9IGe^ed47PgIo?fEZc0~6xh4zTzESC%pcZlT9==w2!9SYVxc>VdNV5@#! zkh8%AJud?NY1dqM44b`y;mu}^4v^FU$|PT|IB(VtOVDo3Cs8U0qa*@NzJIjad|#}T z_0;|jgvV--E&mP~pY?+?HVgU;po|bTh&htuTyzYSyn1*jDya{Qoh&DyfB`At&`(=- zhjQ6{UqN=8TKN<*S!@4KE`di z;M%&prb3yA4+)g9IGww_(L9xfR?6Rq4r~h~5Z4$JMN#d);pZdLvFa-4}OJR{XWEeARDS?Xhbx5m6PkNZta?RUU*K((0zAm zAO5kp0(-L;9mK;qb*&;ROcIM*WH*o}=k(U;atuY`SDYx_nSBC|>!JvV{tK(p^v7Z+1YxZQe4qqa4^?SD?lbzHSN@u>?9*TON(4|gZcId5~t&{ddb<<12n*)u{7V$c}xfW@x1oN?6tlfXT zsx85NJSTDnMn}SriKoI8Ix|FNN%XF|m96%5=Cp{7r+!xopM{?o z01-{xmOC6IA6ek?)B`$}*P%-g^EMh?owU#UX&>3@_MtC<^xN#EC{e>nOze8qzA=2b zW@jr3#nI7Hz4B(ZPKyuqxwmfL;Vj^QBv$0FL}KK(B>R&Q{0`)0&);^NkJp@_47|l} z2xPzuR-|s|W!#d)u;s$JKdvhwH(T zZ^*1)GWSm17?RAHIyE|Fv_p`DGH9}p)LQ}I?F-8fS*9qR}?9M;Dto!~=qvfUIcUwFkFj@xV>E|nw7sSLc z(6Cmz)DhN{Yee#C`U00~l!-UUI>xuS8C>?Y@>snd3g3402X# ziez0*Nn(CRQ5{E7P>JQxA&oT5u6I428#VKmhjMq59O#7cUGJ4BSYw>T9G-UyapC@6 z3{OFIF@~Gh1RPRW zr`3b>aolEaT<|CsH>Jvp7FvoWC?&oJ*f)2YMiN}z_vWQLGWm`9qN51#uahaOep>W< zX|;NMa6d=qBe%r|`71jR&zR3bb@s}zq_sBKzoplYm#fr|*{L^uz{q`4!EJ=64prEe z%J7>S#P~o<1mLoum$1h2@ z*>miu;R6+f3aNmkPk|I$V!wSZPnO%?XQwE+y>CP_9iZQ3h}~ks1%)Gbgio zBv)83WHME`0vMlI$|mg3_R0v(^E6`OY~AGAp+PpBobak!|B%u_VbV(W8cpu*@_4|`Zoq4dpMm9#J@ zaC2@Xtu_19aN>PJf_)=W28)f6R-*%)i8NL)sU>T;lTSt}D<2>$Rbh73W7cb6GhTgG z=@<@ew$P2u?FF5(B>>W|O!}=w(b3{@M|9@cx&3{t`Gn8#U25)3r+1SuG;-=-9N=Jh zcITmr9-Q|g+4h6A@0ou_pT@=8a=p?3d`YB^rT|M-0}Qy*!%d1*P2>LlVJXW%N2*co zHm1wv`z1ru=S{Po+}D_uYup-J7G&s(4W+QJp~MZ9(5Fd&w25H~m!OFuDpzSXA{!1(?frfAr^&cLxjJQqrOtUxKk`X+}ueqCPi>9!c3O6SM z;G^^v#)68LiyW~l+U*vr>-ERiQ>KY4mMYx62^%OKVG5#%2m87mi|o%9KM*2PM&iy1 z+bsS1@(pt|u&IOfhju$qf->w`Pt-@^s4&{13}|%SVM(|u`;3pxisoZU^);%y8X0TG zpSw}6ApkRuR1z=8lY=4d+(9<2b!ffXadLZP#ix5C7@5Dtv_Ot`5M!tZ2-G6q?<3{Q zj6T?h>JaT38??M|REfq?-zbu#=3X=VS`iRkO{xIGD@xzAM}N6bqWWOW=rdR|Q2qFC zD#u3gn##>4lL?EmmZ|%mDzCo|VO}Hox0B-eXaaT<2r?lEVF~iWK`W}}D0E1n% z$L`IN4IlkW+yd-~NZW@lCpQMk;9Ry2`%RKETw|JwYrigoP5_#K=ve?V}o;N84Sb#NHlr8wfQ&r zyAbP9!5&SUL70ck_E#PP&0o#W9<-hUZ!Xw(QDKoYO%{PR4qVr=dh*v#@FhSY%8LWw z74Cr_Xfmn&&Kth>QsauJC!;L=J`+3D4>qI^`Pc*#WG<0J^^8=*NfXYv|ey=(ezU~F4wmu^{2D{uTFGKkIekjUEtjNlCJ=o}|s3-`6 zUf^6gM+RoNv$)&^pacCC^2OE|6>YR$(momcsL!t11SY#A5%dHCOL<+51XKdY1j@t+ zWKgn8W=fqXm(OFei430Tx34t$KAocSPh_-B)&XiKYn?DkIbu3g@`X5&4^~kNsttlt z4_%RJ@1Xd=pis&EusYp7*=78)90lvTY+d~ERmB;uuQtiMWFsZAijy-`jRl3ScFpr0-~@i<)XNwgmhWIeW~tR}P7CE?+b#zH(%t<{|F!|nS8kH?Mg zZkbAKc)=z6#n_j2q^X&sIv@W=XzZN6ZVcP~yuOL7t9o$vBg*TAnk4m;)STQ3ox2n! zh)QlDk0!{4RfX-VltL4Io5xvaJCXPvErZ>isGW)VfGJzwkgWbwb8j!j*vfDtvci`n z9U_d5z44+VOdYX<-}4xfG#Tu7j2WCyj87iVI2qhmj2XO+RQ(l4jaP-W8J;AZH{^m3 zVS-fWK81HsDHkl%*(mH!n(uZaeu&FhXz6@zmY=Nh zmOMi};T%Sw|2=##vp4l(T-0sZT1ZoFRO74))zUa-9%5dk^?BsgoLAK$#4b*0bcgVM zK~17gR8&+bZGWG!HYn@v%_w%dvjc^i=)3Bz;Cb9%mduQUaL(R~hWWBPYUI0?X;*xf z$zc1cH=Aj=6ZBK6^ei}p(vW!X;H~9nFjXuBg=fcY8ueoSDwPBVMKTYDCtnCwrWx#h zk+?*hty_En8jSFe+n2is^!2{W?MO?sWLDp9=pqFb4klZ^-e{b6vAaLKp+V(9kyA{g z%E~@>j})@OIlCBl!EEBkQ^JuiJ5GB>HgZ?B^g4F);u5W1^HHe;u4<;-@IuF&c})9$pUAzeNLx*u@(CgbqX#|XiE5`+FwG*fqxeX z235_+C(SUtp3r@{W61(4;!fwVPe*#HmKBn>ee{+Nsdmx!P#8lk5XQ6LQHd;(JOLND zrHst0$1#7hSfaA{UHwM6Hp)!I}+*nSJJd^9eID#@!+-@ z7CyVu<%UYJnSCmoBe-_sy{!yex%rC3HUbEuQ8LS4yussXfIdW#rbjvrTlCQ(btsp8 z!tCURlcGsM`K)C;*TqW`vZ1EPVeLe*M=Iq_d5C>{$$jt@s+!mv$U)SS)k&4_ zwO4DPif=_o|I4lUL?-KYOna{`Ty}>i{q9c*8#Q{VjWqg3i#ev) z2J?hcyHJ0lt`4D}68_A`ZJwH@6iCYAFsl&NlSkp?UJoCT7jxwZd8ztV#S1uWqsAT%V^9AsCVVp6 znpxPpVqKO3i+^(=dQ}?EWq`2*G|J}Y!T9F7XnT(JYI~6Fj&2dhjjNeslx%d(Ouft7}`EgAAKvPzfqRx%{u5Yhdq^}77O(}ADC`}iZH_D_E zR*4Qb<+9%nWWR0ZPB%ebyq2LnA)2xEf+sl*53xTQ+x8S$kZIqy5snKYP- zDTSzC9af9V$7ZpTw#H&5Xqx6B9b-6?PGa5Oyy-Tw`zH7#G3WRxSfOhAs?-%er4PzKQN?6O+cUju_;FwboB z{>@*Tv-p!#6l)ly2083OunSMtDqJB8L2&@m&7;f_$RsXiIx8-x6)wKkQvoqCgw2jtEU~18GSkF5dAj#w;e{`Ub&Zzq=p-Eg$<6zmU zt0H8P2Po%y2eGYG#}Ywb<_CRisooOLdcOOGa*sKZg}$|yP>4gf$?MDE32MexVQA-> zdv--=;Ro7`P&=O8r73NTE>k`l@+cRpsXxX#R;GEY2@5UO|6o-8{nIv`TBm5dakA!w z;J(;e^laJ|(sUtA1LTrLr%}T09iGnA&Qc)e7lY zUv(VxdSx3fsn7+dTgz zPPt|>+Txc}c_LaPw^qDd_&2Pcpl88Jnf-~9NLpSsanM>d@<{A91#OYI9aP#w3x-iX zw6vzel!h}ZX%~Bc0YVdbq!<`n;YGKbwU zp3~ldL}Ua9XLyXI^l6auCZaU%3!Hbo$s6lAPd1t6txc9e7!>x(jD*=u3XY_y4JO3e zXiIk6rD}dyi;>Rlz+j1uN@twVogR=`l#rt#!-%pVTPd&owg8ZFa-}l6a}8@Wg@q;3 zNaJYZGkRr*{BTT25BhYHp=dbod>{?bBLrK4kd8*4^$NX~?IQcLdGxr8FOc5NK9OpY z{p7qJyX2{i&bi44?lAcA8-l39#}pRzY%-QWxOO zsrsbWeri84=&q5PGdZI}#2gF4hv-c~^zbMVo(|>%-cf};MP_??3*;HmN zm6s3U_>p4eYYtnKpw)VvRBY4^v#LfjKjXH&OI4Ke^P_3|z*U^9)e_A(>upUb{$$~^ z_JSfn7Z(fOv~)!IKGzGLB!zee>ecxO7Q3fiR|DHM7I!tTa+yZw*R=0e2@~u;UY=9~ zG$HQ1F(!ue_wH>`z3q5l=}ABHh?W!gND~IO^HF2a6SVM=RfJqubi#C52RF?WVAsMD z4t@8o^03eCPq*c9AKB@e65UrWA-KQ9<_X(pH76W^i3)#DBgBc%RkoB3ccw3H(q+!D z$Y$$3UKUhq_Oh21EkDCDTH2iv;e9di>Du9;0rc`}e5MM~-n3H14E3*hWafk9*l+WmUjioMYx z62yzs*5SFUG3oYS*J0^&yEBL>*yPdJt^y9^eb4t0gDnLv{5yjfdGo#=afYWZEVAuC z?j?iPw*{ZGPkm~Tg|HBP`OM^KBU0=3D0tqH%(!Kxx5Or&uxST>E6}<>f;gHzXHG0v zn=6sjN7d%cOqMxb5caxCPKP<;`2)gUao7wTMKG&+-{YFdNOck7%EOb({QZ?kEPM`= zOlYxkE2vquzTx|)kfLeT?XAu@Y*qTAlhy?yDt9}>vHm?&AoR*yI$+8!yo0^Cpbe2o zh3Rr4aC_(Z52OSG&j5uG7oPN2s??2^z!rD1W#^v|z?(X`wx{5l6__cU7f~AAx0x%leK1RM%p1doS|kBuI3nXig!zMY z!N3z??LvhD+fjo0svY?V3o|x?mZ{KwhM8wh8GQ=kwRI6HR5pp;`;(g!wh>7H&pqgW z5=1lrpa&e>Y}chan(hQ9xCp_jF+^;^d2rahcmESM62p=4s2)2I)}Bz>3TW@om|aSF zz(dThQVc|jU;%U-gplzHEZZQV0K^KDZ6L9P;+H%f`K_j2J~UTi>!D7Eg=k{l2~-C0 z_bgGwzJTE`bJ>l&6aEwgjsfeI=%*|-SlPr`-`NSkpHkDG@Becn^8i)=mo&&HlR%Ej z*X&(aHF=+b%wKG87XVg7ogEj9)^^wc&)_}1IjxV<0Ztd4w77;oW7;d` zOWP28JpQ`IxZkUP>Xdukl56RBkC(%vNUhz zy>tyzSZ_2Q(9wOf2QU#%JJYnl){WQQ!-L-F#<-$+Y48QH|9E%C(X`k-!(y^h+jM`? zlP}=;<TWtek;2v+gHUAvh? z#mJ+uL|koF3aJ^$I2_M~AObC>&G|Zeq#Q=&kRw%cThmGx@dbrnByEx zxqIWbPUp9vhTB1R4%cmx9WZkCTDuBVCfB)nqn&3XGv4|7BkcLhC!c{+g&wGf^;pe~qK5jQpSnbFtjmdcwhQlhZ|yGl$P6!BUftHlj2Q z1oux-(fO+-6%7D_1Z{e8*OTIS;QtrQWD;jj_A{pq!)m!9F`6Lh0o@;_^y<>Wk_isx zNnUK@AC}LXU?3MF)XpJWP6p z^p?;5`Ow@#zODh~^eH&n!6?+|flrD&92WOAWVBsC$@RBiL{tc@qS~oSF{b=4u1{=D zdvA>4adZ4E$loIum;X5{#kUoQc$^Xtipki02pwk6)`SV0ub>^#EPtlwOr&_C+oC;X z+4B5G(5zf67LaphZN5^5mjTosM&C zTD-40nNFK`Io3}T1XZ1p)9REW0>_|ePGRLe8~wm&?BceBe#(Uo#R zd3nW(nh|*OcyL!$z0oGFJZ=DhU_#LV!jP|QhYC(m|AwYhGJjxNUb_mT9Nv-n(=Z?s zWz6t&mnv;k(KTLz*4w?tHj>tIcEc=@LH4%hU_3tTD}}V{%Uv)>orRRP2XZz*E-cgz z?4hTz{veIIW-*%&D4l$a0VqIOprr)lt(Gs7Ql$o~ZR2G|m+LD#U-#g7w)1F)2 z8Gdf9C1JDosIIiX1h15>x5mcCuIhHSm{M(hAws2G3!(k;fQ9>LPyhYJMmElU3BZ(+ zlNci~ri~j#T$e|SU!NQ9$!WD;q~m^QwVor)x3Y!-u%0@%Q(~j<^#8{7w*;%A&fgS| zx$cVfV%IObJJ>@-$`hYEADl7qKWVrgnxq9jRqZ_BR^NvUCvc0ROciVE-U^yO9zm$S zHJ>i@&Mi2t^{UAPJil;GQU%VpVS%7snRX4=-A*n5PosFE-#3DZ3vB&Jo(FTT_;xgWwZL^+1R z2t^d`#fyY@+H*Y*d)@6V4C{tIF8>dvC!!i6;?!=q%pL!X+RtsjiBe;$lT|uZDoG4H zvSBXw{{!sf$`sm5P@Wp9rN_T^WjmWK`{D8Wknm`cOo_Zbrsmf{Gnv_pltb{tH-nbWMXM&wnAE|phkCAuXN3diD2$r=z_N7;W*VA5jByKZ0g$M_J@ z26;1^ZL(1*(nUn!Ey|k8WaKlFMY0f zvJXSXn%8|a`1tR3BHQMHlK7&CxAtsxpX%T36zeMS#eTW^n>5IpE3?}=4odJmTXXhKn?6yN+i+#~<=!qVVObHqmPnoL zN^bPN3YuZvlU>4B+EmdA@~A?9-kInNoe(mrQ|TU8Dw&6wG!@H7DWOsEM0_tHtyxoL zZMhZqh6xyONCUK8TOPKlv8L-dX*Hgd11MNpv(jlp88(z)qoR0arK%{br?LxCexz?S z*=#ACIc|KlE>V7md=~%{}Qaa+XqnV;NVb{F>%@6{?5Crg!`+Ns%XwYH=m(V9@5+pJEC>5xvlwbIS zvK0#?uC!Eej*fmewH&SLrkv|DS&Spv>&13!{R{O|>yG%A?vco%9v!wqabbLFl^a$) z08O4kG)Fu5?$5D;=KD>gN)1}c??>FHYF6l}iE89UN5fhK(rxF(K#(5e9m=}%=lQZP zURto;wT$eVs0$Pey?0ZVbz!}q`g1YS8`*YF22$+TE z!RSi)?_l&nxpIEcOAma7JeKp znCaah)s~{AV|;4TMPA4e{4a19GhfBAAr<~C*;(;XdgN3q>f z45H>hY|$ci?#{94a!bwz?~5;D-{t3lNh$NikaiZGsF6f9-Vk%wU45EYCo2~66HXuz zM@NZOf}tVPG+cK?zBxZn7HFI&*9$ z!w;pP*g15V@BTHqE$6o7tH`-t2TVAP0}2Mh_x!=f-oSM6Z*l3jBy2vWC^A`H3YDtYv80-CUx-8BOlk1CS*6lZVyT7Dtw zl?Yn!#F^r8xdpR+T7%8t@QF~9qITc-1Jwz%*?hlZvDlJAG5-%*&xRuo9y`)x-F+%$ zru1zWSQm_Lj|sTNx>(|@9s3PDhR=QHacws(@*sqG31{uup_ixbn>(Aw1EKAEbG-g% zbU~O`XS0h0qqDY;#1`@Q6X3h!+_d<isQ-x{tUZ`532q>DTD>yvO>*iiA9A~V+SD5+E#v)TV zq{1OMVw5TNM&{#cvW8#2_4&RJQ&ZwQbDh9x%d`Kxxjb2=Ui|lS=uhO~)!8m|l5A#) zK7VA5IvmM5TLG6GQPpiUP72wb`KG{sxyS02P(0F(|FK6H5hEA4{L?nSg*Fwdvg>TQ zf*tG;d{NYXI^?mHsWX;+cFWLBYq4|BEr85;((F#;%G}!&6CL3IFq0(a(;v*l4>2vN z*@1J{JKIh<_7=)Xn6LgeL~^6v12*=;^JKYRa8GwA#*9P-yfmak)|A%EMxB|*jn#FY zghBNPS~@6u8~XtXf0i67166(d+zlwypbDh>X7GAS;P@zguFQ*id|sffw!3B;$RMYm zDxUCLrc|D0nUvQ&oLOhWz^Hx`{!VfdDoP7@Vn`Ivos&p9K^t%r=Rx9e0 zix~J&$BP(svLY`o@|)j$tY%`vM3EEKb-#uviGpXD*hL-FHk~{%$AXArdMbVdM6eG^R{OMg*Aubv(SIj z4gx+e1R_H_=BdtjSa#o}ye4%Wcj3*8`%3eE3|$8~Lu=FX0>Z*6f++UC)tgmzD7J}n35FS>+yb|@-ZW;_Uq%oc9CX#5v(;F@n(d6N$!DM2SG@nBa2F|Q;KA#28%BG zi@(~7-|gxoEK!)^KaEcFZii}6}DY6LWZyABF%@&pd zU&dH{*;@K$_AUPr>+wWW&JU3SP|9?Zr9Q!bu(?26Do3|(#OlJ{byiE)9$tvt2FO0# zZ)s`=NgE%}mjU37gYf?poqminpP`n(4vsgZm z9#*Vm{0W_m@>#7j;@@5X4I=Ze*F$KU1Ix%~^$Qo3n4?}>O>wN{0eAf};0zfwME|h8 zz&FmotrCJ3uE$&jt9aTjCM3}9 z<+AMi@bL{4AHd?R9z3;OP`W@tXppz9gx%fCWln!6F$XGfsZ0!*|M~`Sw`2UyBj4+) zbSjHWktzN{9vp{eanuvnU>*S05dWBV6dVQXDWO2| zMsS;?W?kcv{G`E`m}?}r5c3ne9;(+*fo3zgpb`2FrqjP2bNlR2p%%O z;_4F|fKBAQR{H>~vkmBbf%z3!!Hx187F?*n`v5k?eC51%ANXo;88GKU$i?BL-Ua*cX^Am>*^V9xOJ&Tz;-eOPRRc-srQ2CD~`?ry_y_7pVmrl?Ef@mM`xZLaj z1-Kpt28M4LnP8AkqJDYfz+SXyP;n@rH1B#GoP3SzSqAW~*^m%8>;lzdFj2KO3?w8* zl{AAVsl(f-B6$^sB;r#cyNDp+!AhJA4(ELYOgb&Mg!i$4ESMBV_!jW%BPp^8h$p#D z8Erz~qEb(CF+v;6GiotVzup>@r0$InkZ4qHUS6Ib$tm1tK+-J6xIVkvK-~1>dn}Z( zI3X8rk*`}pK<|enFsyvjns^f_VrW9tKse}-mYkeC3YmrBvWo=1DbXk>yHtTPv47rW z^=cD(#MvR{UQeaN!9;-EQF*>ZVktZb9Z>RNCc4-Dy7d8AHKukoTfvx_SBD`mw)wc9 z<@@X&X^X{z71>EDZb3EZpsW6MC5EH~7UXTDotHCbr8CG2D9b&M8dN-<(ZpGM4hwTy zbqWXwjP&;OT>tXAJ7;m->2Nzj;ZxG!Y|)bh_TnvMHAuj*^q}m_!wYe!f;5O*O}!pTMeAy zJFRaU)<02f6!cR#Ds&fL{cA5a;+O9LQ2Et2#R!amQ3F3J{eYiaU0pqoBRMj;7&dXF zBJ!|6pSTFw6|9;|ANH{XbmQ1Fw?uVgjop=`q=rtjv$I(dp*zbh3g3K)>>(C%>b7E; zImb~MI+TV8k?@SKHMHcH;_QKI{wH2T`1vVoK^MqmaNGnTU>+CO7XSw+r5Op`Wv!YU zinSe!5ZS;~VR(vr@&HVV8#J6qQj*qhlnTPZdHhNuPHwDD2SP)0?EA0~5D+k4C>BeU zMKhQ*WO5}9WLYGN2gBO6cLC5zyEqcs_`3Kel9%BoL6em2WJ@`rr8HboHR2AC+4`RQC1SKYt zm;)-GyaSb12_z-Zpyu90j(7f6==~ER#n=ddPyM>o<~Oz+E%ka75Yi`$--`zH#G)K* zeeN&KRp?SonXuU32IUQ}aCzTXubs5M_^g;QZ3Fs!1vQU4$EG0DT82QHL1hC2gBAoh zxV;W^aT4)?cE=vH2`<^972g-`9!N8Wf?zlT)%i}prDQyV`L}NG;a_8UKS<7oLNEis zJnmcGfn#P7q`9`n>N<&pf?v>0N7CKXX9q^RJ{2ij)rt7~`rMxCr!bk1OOfT?uy1u} z)EI`&S#4jwl_~mpwF6rN#EqOGY#baeg}8kEN}5(Qz&nyd6rkU{si3d{^zB5OTR)`@ z*9Zy-?DtnT(K+u=eqhg9Fk^BEZ7GY!;~wz2+Mn_q@B%g^p`U8&it)6`2 zuK}($6RDA7BoK(DO$5@ZO!PfHJtoZW5zBc79Y^#&zQ+T8)^T48!jyUK0=@ z)RnyC0SD|oD`yzZ;`QBcbUn!gNH+-~t+@PqvUv06S}sV-IAXtICx_2o4?MuOd1vSh zq(NZheg|DO8+v(TYJMRyq^2PJRZomFZ$J<=>fQwi#uNXiwC|3m^8NpJ4sj$LBg#4= zG)PLax6G_$%Su)y+4~qpglv&LqRgzaE2Hc^Lq;e&BN4u@Tkp^J^Zx$#dpv$U&L8(f z_ciY8x?bz~8dtu?xS4E2ghkjjUTs-`^E*crMz#__Lt*P5kUabBYn``W5-Q_B-pU3;i=SdA3W@7DAM`)1}!@ zj;SUJEIozFzlKHGX`UR4J%8lGS(vpRra8>E>75Y}i0##>eWT00cZ`@Y?sKcjbsp<` zm!5m8ggtVaVBdB@RB=09rc>G8xV{+el-z{N(kibNX&gY=0oiL6E2*yDWeZWflt0gg zu7?W!`VA0J9SE~q$`NdhSE4@CMqRe-fKW&a*H>D(?#6E)Ohz~n4CacPv@6bTJWU@M z6#BKp4ngw4o&Bdf73^0 z3G&J%!_|FMmcuyrlCAKWiS|1s*kP+=4s5v3>9-!S73WK2RH~%O&HwVfKarB9UV}{(7ztz7g087`4wFpxQ zdE+$DWEMxszU-}?e7_)aqHP64oEfqIq`RY|V`2miQdu`q<*^6fqdYGyF{E~$R2s#aG<%hd-S{!<@?8#Zh z0bxJ5YNtp6+ z@3Lb!q+85JR2AfPBT zhk0Wj3=ihJ#JtCu$oZD8kLZ#eibDb-^fP=-Q8`Utiz@r6yd($V9+4N*-xkI}hutC= z08cu`3Y{}c)wSF>OMS|OhxD`1fRb>K7cWz)!`IwmwUvt}j!ovIPZ99roPFcBPI+=e zFgkV!Oi1CPy^t}XYj_FuCi;OE(`#DU3ZE|Cy1#S(;=@Iubqn4gYvZ2g5%@UNbxEpT zK|$KC`%SYiSf4387h?(4^w56nj1zTUSH||JiW-V99_3q-+16!1Ob*hb)Fz!$-xbTn zE;lrG!2bC#nRVCxp6frQA9SB?WGnW~$`q+Rm38?} zzrf=gf_a7ZVWmMT(}dA0p3Av0r?SQ5=+^&&6?jQDBEfJL9V^?FZuK7Nys3BSkcrHI z(#Y(zAe#j#>2BlS&v(zD8Qi)@)+-X|r2fU&@RFCns@+?lDyAO}?h3;_3gfMeQDXj6 zDU!>!FQ-&DAg!`6_-jZAVS;!(B?gK{7Vc8zZ=gK6Nzp8P=>~*isBCsjk+a6r=%HC zG(V-5Q#}~czET8c!WaJp86mv)89_rSaZ)-eDw;6pOvp==CFFLf`@$cOV)>3B6FV(O zV9nwxut<6aSM-*j1#&aUv6y23wD?ZSFaD#-QewW29+h}NtwMz2LJ~7bkB$9fbk^TQ z2ghIIpwuBXW5QU4L%&;|=#YQ3@o4Q~hcRD)9Ia+8{ ztb5ld_H-_~ZZ2e@dQH^zmr%V8>sNAUG@knO3e3Y%ksyZgi;Ku*5OvbA-^Rf1RC=yK z)f{|rcF;mEj6Ib@@y%vMZJoi%P6xMLLW-YRV?Hbw2{Bd?@GW#T=tSrP?T2S0vhPh= zScbCf!^e$JkG9i&mKY7WYe#n5(is8}kMV3AK^>feJ&~yO%R(qU^*q{H!5>yhGT&s!?M&S8Z2CpJT%GKe33nrJm{ z#9n(IRuub{Xi5ivP9(gqL1RW$;}?A=uc(wE$2!bQP+$Y4HQ>Q44z5g zKKZ;Zx>`dG0YtCoitVtgY`*&+i8tFeXBQq(E{b4VTD|M;$-f{wzt|efVG--q|F~fX zF0wrv^>Zgb@hX{zy+@_~xf`=>&CJ6O!crHx-cCG^vP_R!u=Bw`+ZASWjZ#i@O@8a0 zUC3U;k+;++vC@uvSQWKSKMs69NSVNlL5&C~q#2`?ui>-?P4zj;C2K3z$AS;sD;>Yz z^BX#u5gd1JS;b{zlh5~~1ap`5J-G<-Y9?V3X0?Q~6xi=!w;CR9l&sHbxnQ=Visr$u9W z^@7d&5(>2Mbs#!K68YlQFlVN&QFUQE#qDJzxrI{=4#v1&>CK4qzFBycs;X)@T8BHJ zj^D=rCdljww9}dS1=?G|jQBC4fQ%wiY!@E{c`=LN3`kIFPIKm%dlVYT|Okw-<2>6DQ;Rvs{ zT?8TqygeE-84*H}bc0YC`ydDp*T)dcxITQ>ZX=r;b?Myr`)l@YDt~HQ`sY3mfA4DQ zCIxa^MjVkej~$| zT=0i3g)s03I0sPg00j!Fq?)8jH*>bV&^=)`VtRXio(TMsK^H|($Bcl_iK@bRnGPxj z7!6yf6O7Ho0px$?>;^<4KL{cijK8KQ8mOKYMFxv# zgnxVrm;wv(hDLQf6VZm;*O911Q@FQwi|7NiAibiX~pl2;I`i)1ketK6te4&>>?FEPDD0 zV5{n(_<_cajKFX!-IP7D|+5Mk3p55}d8qLn%kgCz|t2AdEsdW-*PZo{Rcd=16+I9Bly#f_zdkdnQdbbBm z5KRCF(fwQIbMGCoT?{CmkncCRAgZgfJ@;Bt0ZSTjJT&Fv7$THYeKX9z@p@x zd0(o+&hL3r{oN(vQCl6eg06HuGONyxF~{j0@^i+;=qo!pd@<*A^f%r;*w=C2UZtwJ zInSdHrC4}g@TCZEF0-+X$F=kI)m+!PWOQkG)y6?4H@d&qj?{#dmflz*h&W$dxNI9BJ zHXC+rCoF%|T5`~PYR>U{?+v&sb$%!;cCuY>Udv)qQR)= zZYN8oTkmYoTnT;f;LfonE+S{hsynT_UijKaqlA)ytoT-?=SlZJ^L+MY!4zV`)W(g= z%M47`_eXQef*QhKY&^N=oh3FmpWT3XHlKw7dw;Lif^=tI1U3Wmlv|R0G!1E}p1swy(pP3+|YSAzXGjxb{*^Dhi zlF@7i-;x{ct)H`(tsML+u2rUeB~e$0Ze=WuYiXQH4(D=@SGE${(>_AFCT8|Q;m2rh zg@LVSjWz-6C)mtJMjH996f&OgIBqVl>{Pe$)eZRAW-GX>-I z1?{}7#)a4>s#r>#XyzL`xb@rRV0_PU>XSWRGgnlzdW1``dg#M`t2WE&9HsVG4PH7I z^rS9xs?vBJrRA11+I4zKZJ`t_aqw`9-bS+|t({mddY$aXoLa`il^Cw_!K5n#JjOES zf#GT2Q#vy*eQOOa8!DhYr$yhric?*BS!&(eQ}%k$YAgErM*j$}T#C|_b2nZlC!L+y zRCmHr9KYiquZ?2MMm8o1sON_Q-zm&|oaBM2zk7lH8_!_6#tq781<@*ywVQes)d zb=Mfk)alXWQnu@H9YFEkh zMSnT0F}yUCeHxzGudLJkGDU^9d(y6MT*;$uLZbht%seK;YvK9%&cY+(3tiQnvqLS!52Guk)~_Xa#M=|5 z&l;kEWPTwebATa$U=w-CR_3iZ4Q@qw16l9*J*l;z`t8dhB$@X7|F6-r_jd zI@OFyh&Lq{u0FW9G`dGv!+0xWG;>&;@FhC_k-CDR7o2<5%TxYn}=qeuEY zB(>s6&Ge51#e)!+ya~GCtEqkLg3z%KR2Ng%0eiiM&(&_YA{tDeR)X-nsi@-@gb;_wyXJJ z)q`sCYMDzDo?M#RKd#zJ_S@ckDW2rso9H%?NztjP{VLksIMZvUBQf#laUPYkn%P*} zl2sP|hebmbv5+(oTa7XR!5NR_gA;<@-;de$k1wC#)>-@N4i{E>n`?N@Z80lFafV{M z!uXZ%a-Y=9#J>B?F8yL%DyzLNh!p&>)W#Uim`s3gX6sS#h2kKw4bK%b7M`FfwzPmh0Bkj zlTX*1>4#*kiN3RJTM~mmkDG_aAi4-UXc{NDHX!o?DBN% z6$JGxR0K2Yi>E*sS=aZWOBmNkNd<*Z1!{AupS9A=bWPO?{NHUV5@fAy9BLw^Dlnne zao>BaUjv~g0?8wyN8az&ZI{O6mjXpi--w}v-sl#vQFXRdUIT|6l?iyG2+;aq#^xX4 zttZA}SV5Ds(4!D}xaLZ*bktxC8vIQ9(wM%j$qEim4?;Rn!~TF0!k|V7O2jK7T0Swi z@jj@ssD3=ZfU7m(hs9?=mHCA~+!dHUxL_nf4!qYYgkWE)Csx9Q9J4Kk`bO8_X*X9@ zw%8hT=EdSKmi`aKGoSKu-#mpp4C&xNI!`nstjvEkM6UX8YnLoKJeh8aY01C-NIH$N zmd$e7CNgPdO?85$)c=KDBt%J^PW5E&%+8oC#R;p6aLU(2Ras?%gZD*XxS{ouAaU&f znYTPB#%+t-K^(4=)ODnvd zyw?T}^RJ}PM{;Vg5Gbir*di9CW3AC2Jib9)0GdWcSt%`{^}s((V4vNr>uS`S%zhjK zHdH|qzj)I0s@k#_>)H&-QM%s9({k73 zd$9DUJjD1R5y`N(xXxSPZY)BuZ(&TeqZ-ea6)RXAJ z?i^wM zeEr3fPpr3E6V6>uZ%O!VfRcfJMF9jEq0!>w08sUOX%e5y_tV1@rt%zSonG zt(iM6OI|@HgKte~5784KREEw&AjS0=KErIppVP$VFNQ%0*7O#up~@lP0d!3avyx6zRzo_+V)u%G@3P!wZz9fr^7-5AX}ra{(5#E#5={o9w9o z9~HP-%zxMbL2>9=%}Jrb9#oxbuWEK0+VLVTazI*fLaU+u#$_1P6KHp&nWFwD!q~o= z!kJ+qe)=7{+W?zYe`3FR8J@u?gNUHr6C!|TuATx0f&0+hbJ*YrG`NL-$^kuXfT^xu zSKHiyG=>G%$9XqhK;|V2BglU(J`C~vuMQ3$f*=YnCyH&6IU?yv;f2LFkS|Aqu~3cx zgTWBDkZdZsAzjF)mh=H`w>jsqcmke{k>_uAivV)fx59JHF{W0;qkxZtHS{3K8ypIwhX=zE?TYvCkSS5kwFB^%>U1+ z5kjKaGzMHC$C;U#kNfP*G&sU7in?agq9&Z#f6?Jp0+Fq#_5LAWgLzGhglYxxAL4OH)fsln_ge760jmjb>XJ{>dzph(T;AbESt5CLGGtzdeWB1>gCSgO zNdKtE^JwIx?jtK@EP6x)UicG?fB5NQa(t})bei!yswM*1R>(;t{409+0-Pe>o0cvZ}Rq4u6OS>Jwaw8n?*R-iA49|YY`DY zdN3pg&m^R0%o5@xwMP6?`K};azm34dl#}Mxhb$vC(_K_KF-*3=(PWpQ3ZX7ugras> zL;%!TMf+}FWpy`ItTXnL2#}SR4>5G$M?R%X7+%Wvz-;+S5>ORgv-t>8_0J>%3+{d# zh$aju7-=D)983DxUp98K*}3ZSt*qjp`PW3$y$I6_gYoBv%gPsd?~q>O?^UxQF;8lji=-%=wQQ6{ zhQy?DD9`@I+O6HCUUMK*hp#UHQn z-f^z>dA)?~w-Lo4idj87Y@e9l@hI5Ki@vX}yt*Ln@KZ&ZPMO)=@w6oasX;Wo?}&`JjvKIsyx4^!8*T5o(1Rsvlh<`|ft0&eg>z!deel4#KEgmgwI&%4woGH?}nSoW=n zGrNyLKLa!Z6VM~7amk8TVD5{;~1>o>``<*`%Su4#1RV1kERP_=H2@gr0 zqEH81>P6~l<}`Oyxu1S2J=oO@5i#Kll?l?{ICd8eVh(7gaHZG*yNZDdwi%Iu@?B<{ zY<}@g<_P9~1*l(t9kYl+Nr2E?5+Q*b??`+^73_|?hxF9NkGni}eP98M_(NkKP}BwB z1B39ocD9Gb4`eBn1zU;N(kHERkS7i55>YvSsdY*mKd(qbeZ$In#qldeX*RI zfdk?tH}fAI=L@xAv7u@dg(b29F|F;-HVagaC0cB7q@{ZFTO{`XLVD3bKjDJsc%`}X zQiVrIy0dfI#mA=lB?@~c_X4e4C(=k4U0*tqx>tP~jpj1G<^FO*B%05GGiBse(-e)o z>SCGA=bvZ69O`OdLI#9A(GEF13nBs|$S3x;S#rmDU0~$Rib2a(-CY67a0XgM37nXe zZQYoO$C6UpaeaPU)Y9;~#QTPIQs2&Nr(VNd$=3X)#I<|d@XsdOx0a;y!`|KWyb*kT zC%Dvvn`mXOOIWGATc6GT(0H^r(k(=e)~g{P;&aEG9rHGE!)30{(t!A_tDWy}VKH~% zH2E$WFH#UyE7e=^hq0yyvD1f>$lk7$im8m|X+E%Onk%7xP`WxPVaxLK9}F&C4KicT zs_lz9E_P|G&4r1HXjI*2o_|@hd$yg-`pg_-;f<=MduJSCzFFAz-d4K-zv+x?gdG&-J`K45ER}1&$j|BK zJ^S=-R={EH?vI{VQQObiTLIuwPQ2=U9k9RdFW=T5xy}k$Z{21XcR2xQrrIC3xydt? zF264HAAPOZOV^$X8MbA^IyHBXwb{9lk-tdksUG5)n_fW zHzU_Ire>q8`dDn5?sTFehcbm|8 zhe1}PK<3lAu*!h3vt=_@+#Ps5vFd$8D{)AkX0OPWcXRtKW6g_i773Sp65bx;C>C(u zKA~UXNq%o{O~n1m=gd6GCnIQ=tkE z0#G&DGACBNRN=Ke8dORNy8ND8{Tm>!PVhj4k`RGzeFg2ynSJtD$ZfjTFGs~hzWxQr zeEuK6G5<40%|acXRuPSkty}r?lOF?1-M^pvF;ZA{rlMKnyY{9**COw14-_7wh6+E9 zCFM9OoZk$8ST0$1cQ2P(j^lo0U#*AykFE^%nDe@^V3MldnDx4|ek#PL*6_}*ZxUpa zcS=L@)aWar5qTOZm0gTzENJNvBz_sOUzpKK*42_vRL=Jm7}Z>R9aoT<5g69;Hq5{1f6lkq&?6>^&I{_HHay+NANJy!M0 zs_WDH2KtKXJIB&*`MZxYiQ0`YCF~9}jiv~_s`cKD+t6%^t6s;tJ~%!;T5au+@oaWd z>Qg)fl+;^8{+~$bF+vaxk!;u;vk~t)!$$ujMVewC_r<{aUoc7Fw+_IEO_-URpM5m8 zIblB=8d?@p?Ex1PWN1-OdaI>~9=|Ca-L&A)qOj3u^~$g$IOk~OSpplC^?latH9Ja> z+;ng-ZM)AGkrMrh#dy$3I{fK%qxi zQ-i)s=FX;(zbcYGm6}-uu^gf_a9s2u${?S^uAUByAwUAlAIDP=$lE+117~UW)^!Qa zAZv1A5>8)y7>v0v^m|AcM=sxZ!hDW3)dCUETNHN@ zR0U!-3O`@ae)ATmPZ?FFnyOpyAxOn`OtFZP$PvN5EGe3urRsZ$T4H%UtcT)*;KmiT zsDZgZ*xsED5odC=KG?VU7Ay4v*i{)&K#bdCd7?9Vtq{4$B&ij}ISUGndI&H;{nLEN zvH%hlO7i{&;7VTq@gBO_Ft;66pX`9M<@}g#2eiJ^%7>mn@XzR-aO?e?E=|Hk`XHF( zYLGS8`!vXa!6PP)2Q4or32F~Yd5-1CWqb(q5mr&y>`FNhD>KiEBr%>8&+Ih$Gx6zz4s%=g*TyuRV7pivFQN2 zM$GHKcp)nV6rLD-YY{bX+_@L*ALJ^ab!yc(xViWc-cq;FR5>(G&LP73FOVOkj0h|U zDVJ`viOEbHw9}HTBuU1)U{>=3U(EXEl#0;uAy)MbMBhasVelQKXZ+xc&KY8o$m{2=o2%tCZTV9T3G-5a|X@Mhs_*VlRa%hmC@e>{#~ z`W_fCEmGsP;9SaHb5QF%HlrZ1yzbFv5jgAUC@#PA4MTDC`m2fadL;o3KD_4HPt!cD zZd!9^zO(P}>eug&b==M|IxjyUheOPYRRPd&>}Z49naGzuEq( z+uOH9DXR9t_mm@NV)VgGUfCjseEvB~3#tyYDg<#lr*&-Qk$cZLYxotQw=YO+289^n z74H)D-DVpfB!<*84>^Ke_Y_?akbnz-X{XPd+$4^eUH|!Mff|`Ftf}&^90}G`dN{`J zYy4Y>*ac7t@=HZ*p#F$My&IYQ;jacZWFX{avD*Ls1s?ig4PS@R(jeyIe}40i;Go_T h4fXo>A9GZ{9ti1uRS*AgZG`~-DaxtJ7D$`;{SWBkPd)$u diff --git a/copy-of-sdk-docs/docs/learn/beginner/00-app-anatomy.md b/copy-of-sdk-docs/docs/learn/beginner/00-app-anatomy.md deleted file mode 100644 index 988c7242..00000000 --- a/copy-of-sdk-docs/docs/learn/beginner/00-app-anatomy.md +++ /dev/null @@ -1,279 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Anatomy of a Cosmos SDK Application - -:::note Synopsis -This document describes the core parts of a Cosmos SDK application, represented throughout the document as a placeholder application named `app`. -::: - -## Node Client - -The Daemon, or [Full-Node Client](../advanced/03-node.md), is the core process of a Cosmos SDK-based blockchain. Participants in the network run this process to initialize their state-machine, connect with other full-nodes, and update their state-machine as new blocks come in. - -```text - ^ +-------------------------------+ ^ - | | | | - | | State-machine = Application | | - | | | | Built with Cosmos SDK - | | ^ + | | - | +----------- | ABCI | ----------+ v - | | + v | ^ - | | | | -Blockchain Node | | Consensus | | - | | | | - | +-------------------------------+ | CometBFT - | | | | - | | Networking | | - | | | | - v +-------------------------------+ v -``` - -The blockchain full-node presents itself as a binary, generally suffixed by `-d` for "daemon" (e.g. `appd` for `app` or `gaiad` for `gaia`). This binary is built by running a simple [`main.go`](../advanced/03-node.md#main-function) function placed in `./cmd/appd/`. This operation usually happens through the [Makefile](#dependencies-and-makefile). - -Once the main binary is built, the node can be started by running the [`start` command](../advanced/03-node.md#start-command). This command function primarily does three things: - -1. Create an instance of the state-machine defined in [`app.go`](#core-application-file). -2. Initialize the state-machine with the latest known state, extracted from the `db` stored in the `~/.app/data` folder. At this point, the state-machine is at height `appBlockHeight`. -3. Create and start a new CometBFT instance. Among other things, the node performs a handshake with its peers. It gets the latest `blockHeight` from them and replays blocks to sync to this height if it is greater than the local `appBlockHeight`. The node starts from genesis and CometBFT sends an `InitChain` message via the ABCI to the `app`, which triggers the [`InitChainer`](#initchainer). - -:::note -When starting a CometBFT instance, the genesis file is the `0` height and the state within the genesis file is committed at block height `1`. When querying the state of the node, querying block height 0 will return an error. -::: - -## Core Application File - -In general, the core of the state-machine is defined in a file called `app.go`. This file mainly contains the **type definition of the application** and functions to **create and initialize it**. - -### Type Definition of the Application - -The first thing defined in `app.go` is the `type` of the application. It is generally comprised of the following parts: - -* **Embedding [runtime.App](../../build/building-apps/00-runtime.md)** The runtime package manages the application's core components and modules through dependency injection. It provides declarative configuration for module management, state storage, and ABCI handling. - * `Runtime` wraps `BaseApp`, meaning when a transaction is relayed by CometBFT to the application, `app` uses `runtime`'s methods to route them to the appropriate module. `BaseApp` implements all the [ABCI methods](https://docs.cometbft.com/v0.38/spec/abci/) and the [routing logic](../advanced/00-baseapp.md#service-routers). - * It automatically configures the **[module manager](../../build/building-modules/01-module-manager.md#manager)** based on the app wiring configuration. The module manager facilitates operations related to these modules, like registering their [`Msg` service](../../build/building-modules/03-msg-services.md) and [gRPC `Query` service](#grpc-query-services), or setting the order of execution between modules for various functions like [`InitChainer`](#initchainer), [`PreBlocker`](#preblocker) and [`BeginBlocker` and `EndBlocker`](#beginblocker-and-endblocker). -* [**An App Wiring configuration file**](../../build/building-apps/00-runtime.md) The app wiring configuration file contains the list of application's modules that `runtime` must instantiate. The instantiation of the modules is done using `depinject`. It also contains the order in which all modules' `InitGenesis` and `Pre/Begin/EndBlocker` methods should be executed. -* **A reference to an [`appCodec`](../advanced/05-encoding.md).** The application's `appCodec` is used to serialize and deserialize data structures in order to store them, as stores can only persist `[]bytes`. The default codec is [Protocol Buffers](../advanced/05-encoding.md). -* **A reference to a [`legacyAmino`](../advanced/05-encoding.md) codec.** Some parts of the Cosmos SDK have not been migrated to use the `appCodec` above, and are still hardcoded to use Amino. Other parts explicitly use Amino for backwards compatibility. For these reasons, the application still holds a reference to the legacy Amino codec. Please note that the Amino codec will be removed from the SDK in the upcoming releases. - -See an example of application type definition from `simapp`, the Cosmos SDK's own app used for demo and testing purposes: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/app_di.go#L57-L90 -``` - -### Constructor Function - -Also defined in `app.go` is the constructor function, which constructs a new application of the type defined in the preceding section. The function must fulfill the `AppCreator` signature in order to be used in the [`start` command](../advanced/03-node.md#start-command) of the application's daemon command. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server/types/app.go#L67-L69 -``` - -Here are the main actions performed by this function: - -* Instantiate a new [`codec`](../advanced/05-encoding.md) and initialize the `codec` of each of the application's modules using the [basic manager](../../build/building-modules/01-module-manager.md#basicmanager). -* Instantiate a new application with a reference to a `baseapp` instance, a codec, and all the appropriate store keys. -* Instantiate all the [`keeper`](#keeper) objects defined in the application's `type` using the `NewKeeper` function of each of the application's modules. Note that keepers must be instantiated in the correct order, as the `NewKeeper` of one module might require a reference to another module's `keeper`. -* Instantiate the application's [module manager](../../build/building-modules/01-module-manager.md#manager) with the [`AppModule`](#application-module-interface) object of each of the application's modules. -* With the module manager, initialize the application's [`Msg` services](../advanced/00-baseapp.md#msg-services), [gRPC `Query` services](../advanced/00-baseapp.md#grpc-query-services), [legacy `Msg` routes](../advanced/00-baseapp.md#routing), and [legacy query routes](../advanced/00-baseapp.md#query-routing). When a transaction is relayed to the application by CometBFT via the ABCI, it is routed to the appropriate module's [`Msg` service](#msg-services) using the routes defined here. Likewise, when a gRPC query request is received by the application, it is routed to the appropriate module's [`gRPC query service`](#grpc-query-services) using the gRPC routes defined here. The Cosmos SDK still supports legacy `Msg`s and legacy CometBFT queries, which are routed using the legacy `Msg` routes and the legacy query routes, respectively. -* With the module manager, register the [application's modules' invariants](../../build/building-modules/07-invariants.md). Invariants are variables (e.g. total supply of a token) that are evaluated at the end of each block. The process of checking invariants is done via a special module called the [`InvariantsRegistry`](../../build/building-modules/07-invariants.md#invariant-registry). The value of the invariant should be equal to a predicted value defined in the module. Should the value be different than the predicted one, special logic defined in the invariant registry is triggered (usually the chain is halted). This is useful to make sure that no critical bug goes unnoticed, producing long-lasting effects that are hard to fix. -* With the module manager, set the order of execution between the `InitGenesis`, `PreBlocker`, `BeginBlocker`, and `EndBlocker` functions of each of the [application's modules](#application-module-interface). Note that not all modules implement these functions. -* Set the remaining application parameters: - * [`InitChainer`](#initchainer): used to initialize the application when it is first started. - * [`PreBlocker`](#preblocker): called before BeginBlock. - * [`BeginBlocker`, `EndBlocker`](#beginblocker-and-endblocker): called at the beginning and at the end of every block. - * [`anteHandler`](../advanced/00-baseapp.md#antehandler): used to handle fees and signature verification. -* Mount the stores. -* Return the application. - -Note that the constructor function only creates an instance of the app, while the actual state is either carried over from the `~/.app/data` folder if the node is restarted, or generated from the genesis file if the node is started for the first time. - -See an example of application constructor from `simapp`: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/app.go#L190-L708 -``` - -### InitChainer - -The `InitChainer` is a function that initializes the state of the application from a genesis file (i.e. token balances of genesis accounts). It is called when the application receives the `InitChain` message from the CometBFT engine, which happens when the node is started at `appBlockHeight == 0` (i.e. on genesis). The application must set the `InitChainer` in its [constructor](#constructor-function) via the [`SetInitChainer`](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/baseapp#BaseApp.SetInitChainer) method. - -In general, the `InitChainer` is mostly composed of the [`InitGenesis`](../../build/building-modules/08-genesis.md#initgenesis) function of each of the application's modules. This is done by calling the `InitGenesis` function of the module manager, which in turn calls the `InitGenesis` function of each of the modules it contains. Note that the order in which the modules' `InitGenesis` functions must be called has to be set in the module manager using the [module manager's](../../build/building-modules/01-module-manager.md) `SetOrderInitGenesis` method. This is done in the [application's constructor](#constructor-function), and the `SetOrderInitGenesis` has to be called before the `SetInitChainer`. - -See an example of an `InitChainer` from `simapp`: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/app.go#L765-L773 -``` - -### PreBlocker - -There are two semantics around the new lifecycle method: - -* It runs before the `BeginBlocker` of all modules -* It can modify consensus parameters in storage, and signal the caller through the return value. - -When it returns `ConsensusParamsChanged=true`, the caller must refresh the consensus parameter in the finalize context: - -```go -app.finalizeBlockState.ctx = app.finalizeBlockState.ctx.WithConsensusParams(app.GetConsensusParams()) -``` - -The new ctx must be passed to all the other lifecycle methods. - -### BeginBlocker and EndBlocker - -The Cosmos SDK offers developers the possibility to implement automatic execution of code as part of their application. This is implemented through two functions called `BeginBlocker` and `EndBlocker`. They are called when the application receives the `FinalizeBlock` messages from the CometBFT consensus engine, which happens respectively at the beginning and at the end of each block. The application must set the `BeginBlocker` and `EndBlocker` in its [constructor](#constructor-function) via the [`SetBeginBlocker`](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/baseapp#BaseApp.SetBeginBlocker) and [`SetEndBlocker`](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/baseapp#BaseApp.SetEndBlocker) methods. - -In general, the `BeginBlocker` and `EndBlocker` functions are mostly composed of the [`BeginBlock` and `EndBlock`](../../build/building-modules/06-beginblock-endblock.md) functions of each of the application's modules. This is done by calling the `BeginBlock` and `EndBlock` functions of the module manager, which in turn calls the `BeginBlock` and `EndBlock` functions of each of the modules it contains. Note that the order in which the modules' `BeginBlock` and `EndBlock` functions must be called has to be set in the module manager using the `SetOrderBeginBlockers` and `SetOrderEndBlockers` methods, respectively. This is done via the [module manager](../../build/building-modules/01-module-manager.md) in the [application's constructor](#application-constructor), and the `SetOrderBeginBlockers` and `SetOrderEndBlockers` methods have to be called before the `SetBeginBlocker` and `SetEndBlocker` functions. - -As a sidenote, it is important to remember that application-specific blockchains are deterministic. Developers must be careful not to introduce non-determinism in `BeginBlocker` or `EndBlocker`, and must also be careful not to make them too computationally expensive, as [gas](./04-gas-fees.md) does not constrain the cost of `BeginBlocker` and `EndBlocker` execution. - -See an example of `BeginBlocker` and `EndBlocker` functions from `simapp`: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/app.go#L752-L759 -``` - -### Register Codec - -The `EncodingConfig` structure is the last important part of the `app.go` file. The goal of this structure is to define the codecs that will be used throughout the app. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/params/encoding.go#L9-L16 -``` - -Here are descriptions of what each of the four fields means: - -* `InterfaceRegistry`: The `InterfaceRegistry` is used by the Protobuf codec to handle interfaces that are encoded and decoded (we also say "unpacked") using [`google.protobuf.Any`](https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/any.proto). `Any` could be thought as a struct that contains a `type_url` (name of a concrete type implementing the interface) and a `value` (its encoded bytes). `InterfaceRegistry` provides a mechanism for registering interfaces and implementations that can be safely unpacked from `Any`. Each application module implements the `RegisterInterfaces` method that can be used to register the module's own interfaces and implementations. - * You can read more about `Any` in [ADR-019](../../build/architecture/adr-019-protobuf-state-encoding.md). - * To go more into details, the Cosmos SDK uses an implementation of the Protobuf specification called [`gogoprotobuf`](https://github.com/cosmos/gogoproto). By default, the [gogo protobuf implementation of `Any`](https://pkg.go.dev/github.com/cosmos/gogoproto/types) uses [global type registration](https://github.com/cosmos/gogoproto/blob/master/proto/properties.go#L540) to decode values packed in `Any` into concrete Go types. This introduces a vulnerability where any malicious module in the dependency tree could register a type with the global protobuf registry and cause it to be loaded and unmarshaled by a transaction that referenced it in the `type_url` field. For more information, please refer to [ADR-019](../../build/architecture/adr-019-protobuf-state-encoding.md). -* `Codec`: The default codec used throughout the Cosmos SDK. It is composed of a `BinaryCodec` used to encode and decode state, and a `JSONCodec` used to output data to the users (for example, in the [CLI](#cli)). By default, the SDK uses Protobuf as `Codec`. -* `TxConfig`: `TxConfig` defines an interface a client can utilize to generate an application-defined concrete transaction type. Currently, the SDK handles two transaction types: `SIGN_MODE_DIRECT` (which uses Protobuf binary as over-the-wire encoding) and `SIGN_MODE_LEGACY_AMINO_JSON` (which depends on Amino). Read more about transactions [here](../advanced/01-transactions.md). -* `Amino`: Some legacy parts of the Cosmos SDK still use Amino for backwards-compatibility. Each module exposes a `RegisterLegacyAmino` method to register the module's specific types within Amino. This `Amino` codec should not be used by app developers anymore, and will be removed in future releases. - -An application should create its own encoding config. -See an example of a `simappparams.EncodingConfig` from `simapp`: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/params/encoding.go#L11-L16 -``` - -## Modules - -[Modules](../../build/building-modules/00-intro.md) are the heart and soul of Cosmos SDK applications. They can be considered as state-machines nested within the state-machine. When a transaction is relayed from the underlying CometBFT engine via the ABCI to the application, it is routed by [`baseapp`](../advanced/00-baseapp.md) to the appropriate module in order to be processed. This paradigm enables developers to easily build complex state-machines, as most of the modules they need often already exist. **For developers, most of the work involved in building a Cosmos SDK application revolves around building custom modules required by their application that do not exist yet, and integrating them with modules that do already exist into one coherent application**. In the application directory, the standard practice is to store modules in the `x/` folder (not to be confused with the Cosmos SDK's `x/` folder, which contains already-built modules). - -### Application Module Interface - -Modules must implement [interfaces](../../build/building-modules/01-module-manager.md#application-module-interfaces) defined in the Cosmos SDK, [`AppModuleBasic`](../../build/building-modules/01-module-manager.md#appmodulebasic) and [`AppModule`](../../build/building-modules/01-module-manager.md#appmodule). The former implements basic non-dependent elements of the module, such as the `codec`, while the latter handles the bulk of the module methods (including methods that require references to other modules' `keeper`s). Both the `AppModule` and `AppModuleBasic` types are, by convention, defined in a file called `module.go`. - -`AppModule` exposes a collection of useful methods on the module that facilitates the composition of modules into a coherent application. These methods are called from the [`module manager`](../../build/building-modules/01-module-manager.md#manager), which manages the application's collection of modules. - -### `Msg` Services - -Each application module defines two [Protobuf services](https://developers.google.com/protocol-buffers/docs/proto#services): one `Msg` service to handle messages, and one gRPC `Query` service to handle queries. If we consider the module as a state-machine, then a `Msg` service is a set of state transition RPC methods. -Each Protobuf `Msg` service method is 1:1 related to a Protobuf request type, which must implement `sdk.Msg` interface. -Note that `sdk.Msg`s are bundled in [transactions](../advanced/01-transactions.md), and each transaction contains one or multiple messages. - -When a valid block of transactions is received by the full-node, CometBFT relays each one to the application via [`DeliverTx`](https://docs.cometbft.com/v0.37/spec/abci/abci++_app_requirements#specifics-of-responsedelivertx). Then, the application handles the transaction: - -1. Upon receiving the transaction, the application first unmarshals it from `[]byte`. -2. Then, it verifies a few things about the transaction like [fee payment and signatures](./04-gas-fees.md#antehandler) before extracting the `Msg`(s) contained in the transaction. -3. `sdk.Msg`s are encoded using Protobuf [`Any`s](#register-codec). By analyzing each `Any`'s `type_url`, baseapp's `msgServiceRouter` routes the `sdk.Msg` to the corresponding module's `Msg` service. -4. If the message is successfully processed, the state is updated. - -For more details, see [transaction lifecycle](./01-tx-lifecycle.md). - -Module developers create custom `Msg` services when they build their own module. The general practice is to define the `Msg` Protobuf service in a `tx.proto` file. For example, the `x/bank` module defines a service with two methods to transfer tokens: - -```protobuf reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/bank/v1beta1/tx.proto#L13-L36 -``` - -Service methods use `keeper` in order to update the module state. - -Each module should also implement the `RegisterServices` method as part of the [`AppModule` interface](#application-module-interface). This method should call the `RegisterMsgServer` function provided by the generated Protobuf code. - -### gRPC `Query` Services - -gRPC `Query` services allow users to query the state using [gRPC](https://grpc.io). They are enabled by default, and can be configured under the `grpc.enable` and `grpc.address` fields inside [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml). - -gRPC `Query` services are defined in the module's Protobuf definition files, specifically inside `query.proto`. The `query.proto` definition file exposes a single `Query` [Protobuf service](https://developers.google.com/protocol-buffers/docs/proto#services). Each gRPC query endpoint corresponds to a service method, starting with the `rpc` keyword, inside the `Query` service. - -Protobuf generates a `QueryServer` interface for each module, containing all the service methods. A module's [`keeper`](#keeper) then needs to implement this `QueryServer` interface, by providing the concrete implementation of each service method. This concrete implementation is the handler of the corresponding gRPC query endpoint. - -Finally, each module should also implement the `RegisterServices` method as part of the [`AppModule` interface](#application-module-interface). This method should call the `RegisterQueryServer` function provided by the generated Protobuf code. - -### Keeper - -[`Keepers`](../../build/building-modules/06-keeper.md) are the gatekeepers of their module's store(s). To read or write in a module's store, it is mandatory to go through one of its `keeper`'s methods. This is ensured by the [object-capabilities](../advanced/10-ocap.md) model of the Cosmos SDK. Only objects that hold the key to a store can access it, and only the module's `keeper` should hold the key(s) to the module's store(s). - -`Keepers` are generally defined in a file called `keeper.go`. It contains the `keeper`'s type definition and methods. - -The `keeper` type definition generally consists of the following: - -* **Key(s)** to the module's store(s) in the multistore. -* Reference to **other module's `keepers`**. Only needed if the `keeper` needs to access other module's store(s) (either to read or write from them). -* A reference to the application's **codec**. The `keeper` needs it to marshal structs before storing them, or to unmarshal them when it retrieves them, because stores only accept `[]bytes` as value. - -Along with the type definition, the next important component of the `keeper.go` file is the `keeper`'s constructor function, `NewKeeper`. This function instantiates a new `keeper` of the type defined above with a `codec`, stores `keys` and potentially references other modules' `keeper`s as parameters. The `NewKeeper` function is called from the [application's constructor](#constructor-function). The rest of the file defines the `keeper`'s methods, which are primarily getters and setters. - -### Command-Line, gRPC Services and REST Interfaces - -Each module defines command-line commands, gRPC services, and REST routes to be exposed to the end-user via the [application's interfaces](#application-interfaces). This enables end-users to create messages of the types defined in the module, or to query the subset of the state managed by the module. - -#### CLI - -Generally, the [commands related to a module](../../build/building-modules/09-module-interfaces.md#cli) are defined in a folder called `client/cli` in the module's folder. The CLI divides commands into two categories, transactions and queries, defined in `client/cli/tx.go` and `client/cli/query.go`, respectively. Both commands are built on top of the [Cobra Library](https://github.com/spf13/cobra): - -* Transactions commands let users generate new transactions so that they can be included in a block and eventually update the state. One command should be created for each [message type](#message-types) defined in the module. The command calls the constructor of the message with the parameters provided by the end-user, and wraps it into a transaction. The Cosmos SDK handles signing and the addition of other transaction metadata. -* Queries let users query the subset of the state defined by the module. Query commands forward queries to the [application's query router](../advanced/00-baseapp.md#query-routing), which routes them to the appropriate [querier](#querier) the `queryRoute` parameter supplied. - -#### gRPC - -[gRPC](https://grpc.io) is a modern open-source high performance RPC framework that has support in multiple languages. It is the recommended way for external clients (such as wallets, browsers and other backend services) to interact with a node. - -Each module can expose gRPC endpoints called [service methods](https://grpc.io/docs/what-is-grpc/core-concepts/#service-definition), which are defined in the [module's Protobuf `query.proto` file](#grpc-query-services). A service method is defined by its name, input arguments, and output response. The module then needs to perform the following actions: - -* Define a `RegisterGRPCGatewayRoutes` method on `AppModuleBasic` to wire the client gRPC requests to the correct handler inside the module. -* For each service method, define a corresponding handler. The handler implements the core logic necessary to serve the gRPC request, and is located in the `keeper/grpc_query.go` file. - -#### gRPC-gateway REST Endpoints - -Some external clients may not wish to use gRPC. In this case, the Cosmos SDK provides a gRPC gateway service, which exposes each gRPC service as a corresponding REST endpoint. Please refer to the [grpc-gateway](https://grpc-ecosystem.github.io/grpc-gateway/) documentation to learn more. - -The REST endpoints are defined in the Protobuf files, along with the gRPC services, using Protobuf annotations. Modules that want to expose REST queries should add `google.api.http` annotations to their `rpc` methods. By default, all REST endpoints defined in the SDK have a URL starting with the `/cosmos/` prefix. - -The Cosmos SDK also provides a development endpoint to generate [Swagger](https://swagger.io/) definition files for these REST endpoints. This endpoint can be enabled inside the [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml) config file, under the `api.swagger` key. - -## Application Interface - -[Interfaces](#command-line-grpc-services-and-rest-interfaces) let end-users interact with full-node clients. This means querying data from the full-node or creating and sending new transactions to be relayed by the full-node and eventually included in a block. - -The main interface is the [Command-Line Interface](../advanced/07-cli.md). The CLI of a Cosmos SDK application is built by aggregating [CLI commands](#cli) defined in each of the modules used by the application. The CLI of an application is the same as the daemon (e.g. `appd`), and is defined in a file called `appd/main.go`. The file contains the following: - -* **A `main()` function**, which is executed to build the `appd` interface client. This function prepares each command and adds them to the `rootCmd` before building them. At the root of `appd`, the function adds generic commands like `status`, `keys`, and `config`, query commands, tx commands, and `rest-server`. -* **Query commands**, which are added by calling the `queryCmd` function. This function returns a Cobra command that contains the query commands defined in each of the application's modules (passed as an array of `sdk.ModuleClients` from the `main()` function), as well as some other lower level query commands such as block or validator queries. Query command are called by using the command `appd query [query]` of the CLI. -* **Transaction commands**, which are added by calling the `txCmd` function. Similar to `queryCmd`, the function returns a Cobra command that contains the tx commands defined in each of the application's modules, as well as lower level tx commands like transaction signing or broadcasting. Tx commands are called by using the command `appd tx [tx]` of the CLI. - -See an example of an application's main command-line file from the [Cosmos Hub](https://github.com/cosmos/gaia). - -```go reference -https://github.com/cosmos/gaia/blob/26ae7c2/cmd/gaiad/cmd/root.go#L39-L80 -``` - -## Dependencies and Makefile - -This section is optional, as developers are free to choose their dependency manager and project building method. That said, the current most used framework for versioning control is [`go.mod`](https://github.com/golang/go/wiki/Modules). It ensures each of the libraries used throughout the application are imported with the correct version. - -The following is the `go.mod` of the [Cosmos Hub](https://github.com/cosmos/gaia), provided as an example. - -```go reference -https://github.com/cosmos/gaia/blob/26ae7c2/go.mod#L1-L28 -``` - -For building the application, a [Makefile](https://en.wikipedia.org/wiki/Makefile) is generally used. The Makefile primarily ensures that the `go.mod` is run before building the two entrypoints to the application, [`Node Client`](#node-client) and [`Application Interface`](#application-interface). - -Here is an example of the [Cosmos Hub Makefile](https://github.com/cosmos/gaia/blob/main/Makefile). diff --git a/copy-of-sdk-docs/docs/learn/beginner/01-tx-lifecycle.md b/copy-of-sdk-docs/docs/learn/beginner/01-tx-lifecycle.md deleted file mode 100644 index b004b355..00000000 --- a/copy-of-sdk-docs/docs/learn/beginner/01-tx-lifecycle.md +++ /dev/null @@ -1,284 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Transaction Lifecycle - -:::note Synopsis -This document describes the lifecycle of a transaction from creation to committed state changes. Transaction definition is described in a [different doc](../advanced/01-transactions.md). The transaction is referred to as `Tx`. -::: - -:::note Pre-requisite Readings - -* [Anatomy of a Cosmos SDK Application](./00-app-anatomy.md) -::: - -## Creation - -### Transaction Creation - -One of the main application interfaces is the command-line interface. The transaction `Tx` can be created by the user inputting a command in the following format from the [command-line](../advanced/07-cli.md), providing the type of transaction in `[command]`, arguments in `[args]`, and configurations such as gas prices in `[flags]`: - -```bash -[appname] tx [command] [args] [flags] -``` - -This command automatically **creates** the transaction, **signs** it using the account's private key, and **broadcasts** it to the specified peer node. - -There are several required and optional flags for transaction creation. The `--from` flag specifies which [account](./03-accounts.md) the transaction is originating from. For example, if the transaction is sending coins, the funds are drawn from the specified `from` address. - -#### Gas and Fees - -Additionally, there are several [flags](../advanced/07-cli.md) users can use to indicate how much they are willing to pay in [fees](./04-gas-fees.md): - -* `--gas` refers to how much [gas](./04-gas-fees.md), which represents computational resources, `Tx` consumes. Gas is dependent on the transaction and is not precisely calculated until execution, but can be estimated by providing `auto` as the value for `--gas`. -* `--gas-adjustment` (optional) can be used to scale `gas` up in order to avoid underestimating. For example, users can specify their gas adjustment as 1.5 to use 1.5 times the estimated gas. -* `--gas-prices` specifies how much the user is willing to pay per unit of gas, which can be one or multiple denominations of tokens. For example, `--gas-prices=0.025uatom, 0.025upho` means the user is willing to pay 0.025uatom AND 0.025upho per unit of gas. -* `--fees` specifies how much in fees the user is willing to pay in total. -* `--timeout-height` specifies a block timeout height to prevent the tx from being committed past a certain height. - -The ultimate value of the fees paid is equal to the gas multiplied by the gas prices. In other words, `fees = ceil(gas * gasPrices)`. Thus, since fees can be calculated using gas prices and vice versa, the users specify only one of the two. - -Later, validators decide whether to include the transaction in their block by comparing the given or calculated `gas-prices` to their local `min-gas-prices`. `Tx` is rejected if its `gas-prices` is not high enough, so users are incentivized to pay more. - -#### Unordered Transactions - -With Cosmos SDK v0.53.0, users may send unordered transactions to chains that have this feature enabled. -The following flags allow a user to build an unordered transaction from the CLI. - -* `--unordered` specifies that this transaction should be unordered. (transaction sequence must be unset) -* `--timeout-duration` specifies the amount of time the unordered transaction should be valid in the mempool. The transaction's unordered nonce will be set to the time of transaction creation + timeout duration. - -:::warning - -Unordered transactions MUST leave sequence values unset. When a transaction is both unordered and contains a non-zero sequence value, -the transaction will be rejected. External services that operate on prior assumptions about transaction sequence values should be updated to handle unordered transactions. -Services should be aware that when the transaction is unordered, the transaction sequence will always be zero. - -::: - -#### CLI Example - -Users of the application `app` can enter the following command into their CLI to generate a transaction to send 1000uatom from a `senderAddress` to a `recipientAddress`. The command specifies how much gas they are willing to pay: an automatic estimate scaled up by 1.5 times, with a gas price of 0.025uatom per unit gas. - -```bash -appd tx send 1000uatom --from --gas auto --gas-adjustment 1.5 --gas-prices 0.025uatom -``` - -#### Other Transaction Creation Methods - -The command-line is an easy way to interact with an application, but `Tx` can also be created using a [gRPC or REST interface](../advanced/06-grpc_rest.md) or some other entry point defined by the application developer. From the user's perspective, the interaction depends on the web interface or wallet they are using (e.g. creating `Tx` using [Lunie.io](https://lunie.io/#/) and signing it with a Ledger Nano S). - -## Addition to Mempool - -Each full-node (running CometBFT) that receives a `Tx` sends an [ABCI message](https://docs.cometbft.com/v0.37/spec/p2p/legacy-docs/messages/), -`CheckTx`, to the application layer to check for validity, and receives an `abci.CheckTxResponse`. If the `Tx` passes the checks, it is held in the node's -[**Mempool**](https://docs.cometbft.com/v0.37/spec/p2p/legacy-docs/messages/mempool), an in-memory pool of transactions unique to each node, pending inclusion in a block - honest nodes discard a `Tx` if it is found to be invalid. Prior to consensus, nodes continuously check incoming transactions and gossip them to their peers. - -### Types of Checks - -The full-nodes perform stateless, then stateful checks on `Tx` during `CheckTx`, with the goal to -identify and reject an invalid transaction as early on as possible to avoid wasted computation. - -**_Stateless_** checks do not require nodes to access state - light clients or offline nodes can do -them - and are thus less computationally expensive. Stateless checks include making sure addresses -are not empty, enforcing nonnegative numbers, and other logic specified in the definitions. - -**_Stateful_** checks validate transactions and messages based on a committed state. Examples -include checking that the relevant values exist and can be transacted with, the address -has sufficient funds, and the sender is authorized or has the correct ownership to transact. -At any given moment, full-nodes typically have [multiple versions](../advanced/00-baseapp.md#state-updates) -of the application's internal state for different purposes. For example, nodes execute state -changes while in the process of verifying transactions, but still need a copy of the last committed -state in order to answer queries - they should not respond using state with uncommitted changes. - -In order to verify a `Tx`, full-nodes call `CheckTx`, which includes both _stateless_ and _stateful_ -checks. Further validation happens later in the [`DeliverTx`](#delivertx) stage. `CheckTx` goes -through several steps, beginning with decoding `Tx`. - -### Decoding - -When `Tx` is received by the application from the underlying consensus engine (e.g. CometBFT), it is still in its [encoded](../advanced/05-encoding.md) `[]byte` form and needs to be unmarshaled in order to be processed. Then, the [`runTx`](../advanced/00-baseapp.md#runtx-antehandler-runmsgs-posthandler) function is called to run in `runTxModeCheck` mode, meaning the function runs all checks but exits before executing messages and writing state changes. - -### ValidateBasic (deprecated) - -Messages ([`sdk.Msg`](../advanced/01-transactions.md#messages)) are extracted from transactions (`Tx`). The `ValidateBasic` method of the `sdk.Msg` interface implemented by the module developer is run for each transaction. -To discard obviously invalid messages, the `BaseApp` type calls the `ValidateBasic` method very early in the processing of the message in the [`CheckTx`](../advanced/00-baseapp.md#checktx) and [`DeliverTx`](../advanced/00-baseapp.md#delivertx) transactions. -`ValidateBasic` can include only **stateless** checks (the checks that do not require access to the state). - -:::warning -The `ValidateBasic` method on messages has been deprecated in favor of validating messages directly in their respective [`Msg` services](../../build/building-modules/03-msg-services.md#Validation). - -Read [RFC 001](https://docs.cosmos.network/main/rfc/rfc-001-tx-validation) for more details. -::: - -:::note -`BaseApp` still calls `ValidateBasic` on messages that implement that method for backwards compatibility. -::: - -#### Guideline - -`ValidateBasic` should not be used anymore. Message validation should be performed in the `Msg` service when [handling a message](../../build/building-modules/msg-services#Validation) in a module Msg Server. - -### AnteHandler - -`AnteHandler`s even though optional, are in practice very often used to perform signature verification, gas calculation, fee deduction, and other core operations related to blockchain transactions. - -A copy of the cached context is provided to the `AnteHandler`, which performs limited checks specified for the transaction type. Using a copy allows the `AnteHandler` to do stateful checks for `Tx` without modifying the last committed state, and revert back to the original if the execution fails. - -For example, the [`auth`](https://github.com/cosmos/cosmos-sdk/blob/main/x/auth/README.md) module `AnteHandler` checks and increments sequence numbers, checks signatures and account numbers, and deducts fees from the first signer of the transaction - all state changes are made using the `checkState`. - -:::warning -Ante handlers only run on a transaction. If a transaction embeds multiple messages (like some x/authz, x/gov transactions for instance), the ante handlers only have awareness of the outer message. Inner messages are mostly directly routed to the [message router](https://docs.cosmos.network/main/learn/advanced/baseapp#msg-service-router) and will skip the chain of ante handlers. Keep that in mind when designing your own ante handler. -::: - -### Gas - -The [`Context`](../advanced/02-context.md), which keeps a `GasMeter` that tracks how much gas is used during the execution of `Tx`, is initialized. The user-provided amount of gas for `Tx` is known as `GasWanted`. If `GasConsumed`, the amount of gas consumed during execution, ever exceeds `GasWanted`, the execution stops and the changes made to the cached copy of the state are not committed. Otherwise, `CheckTx` sets `GasUsed` equal to `GasConsumed` and returns it in the result. After calculating the gas and fee values, validator-nodes check that the user-specified `gas-prices` is greater than their locally defined `min-gas-prices`. - -### Discard or Addition to Mempool - -If at any point during `CheckTx` the `Tx` fails, it is discarded and the transaction lifecycle ends -there. Otherwise, if it passes `CheckTx` successfully, the default protocol is to relay it to peer -nodes and add it to the Mempool so that the `Tx` becomes a candidate to be included in the next block. - -The **mempool** serves the purpose of keeping track of transactions seen by all full-nodes. -Full-nodes keep a **mempool cache** of the last `mempool.cache_size` transactions they have seen, as a first line of -defense to prevent replay attacks. Ideally, `mempool.cache_size` is large enough to encompass all -of the transactions in the full mempool. If the mempool cache is too small to keep track of all -the transactions, `CheckTx` is responsible for identifying and rejecting replayed transactions. - -Currently existing preventative measures include fees and a `sequence` (nonce) counter to distinguish -replayed transactions from identical but valid ones. If an attacker tries to spam nodes with many -copies of a `Tx`, full-nodes keeping a mempool cache reject all identical copies instead of running -`CheckTx` on them. Even if the copies have incremented `sequence` numbers, attackers are -disincentivized by the need to pay fees. - -Validator nodes keep a mempool to prevent replay attacks, just as full-nodes do, but also use it as -a pool of unconfirmed transactions in preparation of block inclusion. Note that even if a `Tx` -passes all checks at this stage, it is still possible to be found invalid later on, because -`CheckTx` does not fully validate the transaction (that is, it does not actually execute the messages). - -## Inclusion in a Block - -Consensus, the process through which validator nodes come to agreement on which transactions to -accept, happens in **rounds**. Each round begins with a proposer creating a block of the most -recent transactions and ends with **validators**, special full-nodes with voting power responsible -for consensus, agreeing to accept the block or go with a `nil` block instead. Validator nodes -execute the consensus algorithm, such as [CometBFT](https://docs.cometbft.com/v0.37/spec/consensus/), -confirming the transactions using ABCI requests to the application, in order to come to this agreement. - -The first step of consensus is the **block proposal**. One proposer amongst the validators is chosen -by the consensus algorithm to create and propose a block - in order for a `Tx` to be included, it -must be in this proposer's mempool. - -## State Changes - -The next step of consensus is to execute the transactions to fully validate them. All full-nodes -that receive a block proposal from the correct proposer execute the transactions by calling the ABCI function `FinalizeBlock`. -As mentioned throughout the documentation `BeginBlock`, `ExecuteTx` and `EndBlock` are called within FinalizeBlock. -Although every full-node operates individually and locally, the outcome is always consistent and unequivocal. This is because the state changes brought about by the messages are predictable, and the transactions are specifically sequenced in the proposed block. - -```text - -------------------------- - | Receive Block Proposal | - -------------------------- - | - v - ------------------------- - | FinalizeBlock | - ------------------------- - | - v - ------------------- - | BeginBlock | - ------------------- - | - v - -------------------- - | ExecuteTx(tx0) | - | ExecuteTx(tx1) | - | ExecuteTx(tx2) | - | ExecuteTx(tx3) | - | . | - | . | - | . | - ------------------- - | - v - -------------------- - | EndBlock | - -------------------- - | - v - ------------------------- - | Consensus | - ------------------------- - | - v - ------------------------- - | Commit | - ------------------------- -``` - -### Transaction Execution - -The `FinalizeBlock` ABCI function defined in [`BaseApp`](../advanced/00-baseapp.md) does the bulk of the -state transitions: it is run for each transaction in the block in sequential order as committed -to during consensus. Under the hood, transaction execution is almost identical to `CheckTx` but calls the -[`runTx`](../advanced/00-baseapp.md#runtx) function in deliver mode instead of check mode. -Instead of using their `checkState`, full-nodes use `finalizeblock`: - -* **Decoding:** Since `FinalizeBlock` is an ABCI call, `Tx` is received in the encoded `[]byte` form. - Nodes first unmarshal the transaction, using the [`TxConfig`](./00-app-anatomy.md#register-codec) defined in the app, then call `runTx` in `execModeFinalize`, which is very similar to `CheckTx` but also executes and writes state changes. - -* **Checks and `AnteHandler`:** Full-nodes call `validateBasicMsgs` and `AnteHandler` again. This second check - happens because they may not have seen the same transactions during the addition to Mempool stage - and a malicious proposer may have included invalid ones. One difference here is that the - `AnteHandler` does not compare `gas-prices` to the node's `min-gas-prices` since that value is local - to each node - differing values across nodes yield nondeterministic results. - -* **`MsgServiceRouter`:** After `CheckTx` exits, `FinalizeBlock` continues to run - [`runMsgs`](../advanced/00-baseapp.md#runtx-antehandler-runmsgs-posthandler) to fully execute each `Msg` within the transaction. - Since the transaction may have messages from different modules, `BaseApp` needs to know which module - to find the appropriate handler. This is achieved using `BaseApp`'s `MsgServiceRouter` so that it can be processed by the module's Protobuf [`Msg` service](../../build/building-modules/03-msg-services.md). - For `LegacyMsg` routing, the `Route` function is called via the [module manager](../../build/building-modules/01-module-manager.md) to retrieve the route name and find the legacy [`Handler`](../../build/building-modules/03-msg-services.md#handler-type) within the module. - -* **`Msg` service:** Protobuf `Msg` service is responsible for executing each message in the `Tx` and causes state transitions to persist in `finalizeBlockState`. - -* **PostHandlers:** [`PostHandler`](../advanced/00-baseapp.md#posthandler)s run after the execution of the message. If they fail, the state change of `runMsgs`, as well of `PostHandlers`, are both reverted. - -* **Gas:** While a `Tx` is being delivered, a `GasMeter` is used to keep track of how much - gas is being used; if execution completes, `GasUsed` is set and returned in the - `abci.ExecTxResult`. If execution halts because `BlockGasMeter` or `GasMeter` has run out or something else goes - wrong, a deferred function at the end appropriately errors or panics. - -If there are any failed state changes resulting from a `Tx` being invalid or `GasMeter` running out, -the transaction processing terminates and any state changes are reverted. Invalid transactions in a -block proposal cause validator nodes to reject the block and vote for a `nil` block instead. - -### Commit - -The final step is for nodes to commit the block and state changes. Validator nodes -perform the previous step of executing state transitions in order to validate the transactions, -then sign the block to confirm it. Full nodes that are not validators do not -participate in consensus - i.e. they cannot vote - but listen for votes to understand whether or -not they should commit the state changes. - -When they receive enough validator votes (2/3+ _precommits_ weighted by voting power), full nodes commit to a new block to be added to the blockchain and -finalize the state transitions in the application layer. A new state root is generated to serve as -a merkle proof for the state transitions. Applications use the [`Commit`](../advanced/00-baseapp.md#commit) -ABCI method inherited from [Baseapp](../advanced/00-baseapp.md); it syncs all the state transitions by -writing the `deliverState` into the application's internal state. As soon as the state changes are -committed, `checkState` starts afresh from the most recently committed state and `deliverState` -resets to `nil` in order to be consistent and reflect the changes. - -Note that not all blocks have the same number of transactions and it is possible for consensus to -result in a `nil` block or one with none at all. In a public blockchain network, it is also possible -for validators to be **byzantine**, or malicious, which may prevent a `Tx` from being committed in -the blockchain. Possible malicious behaviors include the proposer deciding to censor a `Tx` by -excluding it from the block or a validator voting against the block. - -At this point, the transaction lifecycle of a `Tx` is over: nodes have verified its validity, -delivered it by executing its state changes, and committed those changes. The `Tx` itself, -in `[]byte` form, is stored in a block and appended to the blockchain. diff --git a/copy-of-sdk-docs/docs/learn/beginner/02-query-lifecycle.md b/copy-of-sdk-docs/docs/learn/beginner/02-query-lifecycle.md deleted file mode 100644 index 4b11bfed..00000000 --- a/copy-of-sdk-docs/docs/learn/beginner/02-query-lifecycle.md +++ /dev/null @@ -1,147 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Query Lifecycle - -:::note Synopsis -This document describes the lifecycle of a query in a Cosmos SDK application, from the user interface to application stores and back. The query is referred to as `MyQuery`. -::: - -:::note Pre-requisite Readings - -* [Transaction Lifecycle](./01-tx-lifecycle.md) -::: - -## Query Creation - -A [**query**](../../build/building-modules/02-messages-and-queries.md#queries) is a request for information made by end-users of applications through an interface and processed by a full-node. Users can query information about the network, the application itself, and application state directly from the application's stores or modules. Note that queries are different from [transactions](../advanced/01-transactions.md) (view the lifecycle [here](./01-tx-lifecycle.md)), particularly in that they do not require consensus to be processed (as they do not trigger state-transitions); they can be fully handled by one full-node. - -For the purpose of explaining the query lifecycle, let's say the query, `MyQuery`, is requesting a list of delegations made by a certain delegator address in the application called `simapp`. As is to be expected, the [`staking`](../../../../x/staking/README.md) module handles this query. But first, there are a few ways `MyQuery` can be created by users. - -### CLI - -The main interface for an application is the command-line interface. Users connect to a full-node and run the CLI directly from their machines - the CLI interacts directly with the full-node. To create `MyQuery` from their terminal, users type the following command: - -```bash -simd query staking delegations -``` - -This query command was defined by the [`staking`](../../../../x/staking/README.md) module developer and added to the list of subcommands by the application developer when creating the CLI. - -Note that the general format is as follows: - -```bash -simd query [moduleName] [command] --flag -``` - -To provide values such as `--node` (the full-node the CLI connects to), the user can use the [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml) config file to set them or provide them as flags. - -The CLI understands a specific set of commands, defined in a hierarchical structure by the application developer: from the [root command](../advanced/07-cli.md#root-command) (`simd`), the type of command (`Myquery`), the module that contains the command (`staking`), and command itself (`delegations`). Thus, the CLI knows exactly which module handles this command and directly passes the call there. - -### gRPC - -Another interface through which users can make queries is [gRPC](https://grpc.io) requests to a [gRPC server](../advanced/06-grpc_rest.md#grpc-server). The endpoints are defined as [Protocol Buffers](https://developers.google.com/protocol-buffers) service methods inside `.proto` files, written in Protobuf's own language-agnostic interface definition language (IDL). The Protobuf ecosystem developed tools for code-generation from `*.proto` files into various languages. These tools allow to build gRPC clients easily. - -One such tool is [grpcurl](https://github.com/fullstorydev/grpcurl), and a gRPC request for `MyQuery` using this client looks like: - -```bash -grpcurl \ - -plaintext # We want results in plain text - -import-path ./proto \ # Import these .proto files - -proto ./proto/cosmos/staking/v1beta1/query.proto \ # Look into this .proto file for the Query protobuf service - -d '{"address":"$MY_DELEGATOR"}' \ # Query arguments - localhost:9090 \ # gRPC server endpoint - cosmos.staking.v1beta1.Query/Delegations # Fully-qualified service method name -``` - -### REST - -Another interface through which users can make queries is through HTTP Requests to a [REST server](../advanced/06-grpc_rest.md#rest-server). The REST server is fully auto-generated from Protobuf services, using [gRPC-gateway](https://github.com/grpc-ecosystem/grpc-gateway). - -An example HTTP request for `MyQuery` looks like: - -```bash -GET http://localhost:1317/cosmos/staking/v1beta1/delegators/{delegatorAddr}/delegations -``` - -## How Queries are Handled by the CLI - -The preceding examples show how an external user can interact with a node by querying its state. To understand in more detail the exact lifecycle of a query, let's dig into how the CLI prepares the query, and how the node handles it. The interactions from the users' perspective are a bit different, but the underlying functions are almost identical because they are implementations of the same command defined by the module developer. This step of processing happens within the CLI, gRPC, or REST server, and heavily involves a `client.Context`. - -### Context - -The first thing that is created in the execution of a CLI command is a `client.Context`. A `client.Context` is an object that stores all the data needed to process a request on the user side. In particular, a `client.Context` stores the following: - -* **Codec**: The [encoder/decoder](../advanced/05-encoding.md) used by the application, used to marshal the parameters and query before making the CometBFT RPC request and unmarshal the returned response into a JSON object. The default codec used by the CLI is Protobuf. -* **Account Decoder**: The account decoder from the [`auth`](../../../../x/auth/README.md) module, which translates `[]byte`s into accounts. -* **RPC Client**: The CometBFT RPC Client, or node, to which requests are relayed. -* **Keyring**: A [Key Manager](../beginner/03-accounts.md#keyring) used to sign transactions and handle other operations with keys. -* **Output Writer**: A [Writer](https://pkg.go.dev/io/#Writer) used to output the response. -* **Configurations**: The flags configured by the user for this command, including `--height`, specifying the height of the blockchain to query, and `--indent`, which indicates to add an indent to the JSON response. - -The `client.Context` also contains various functions such as `Query()`, which retrieves the RPC Client and makes an ABCI call to relay a query to a full-node. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/context.go#L27-70 -``` - -The `client.Context`'s primary role is to store data used during interactions with the end-user and provide methods to interact with this data - it is used before and after the query is processed by the full-node. Specifically, in handling `MyQuery`, the `client.Context` is utilized to encode the query parameters, retrieve the full-node, and write the output. Prior to being relayed to a full-node, the query needs to be encoded into a `[]byte` form, as full-nodes are application-agnostic and do not understand specific types. The full-node (RPC Client) itself is retrieved using the `client.Context`, which knows which node the user CLI is connected to. The query is relayed to this full-node to be processed. Finally, the `client.Context` contains a `Writer` to write output when the response is returned. These steps are further described in later sections. - -### Arguments and Route Creation - -At this point in the lifecycle, the user has created a CLI command with all of the data they wish to include in their query. A `client.Context` exists to assist in the rest of the `MyQuery`'s journey. Now, the next step is to parse the command or request, extract the arguments, and encode everything. These steps all happen on the user side within the interface they are interacting with. - -#### Encoding - -In our case (querying an address's delegations), `MyQuery` contains an [address](./03-accounts.md#addresses) `delegatorAddress` as its only argument. However, the request can only contain `[]byte`s, as it is ultimately relayed to a consensus engine (e.g. CometBFT) of a full-node that has no inherent knowledge of the application types. Thus, the `codec` of `client.Context` is used to marshal the address. - -Here is what the code looks like for the CLI command: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/staking/client/cli/query.go#L315-L318 -``` - -#### gRPC Query Client Creation - -The Cosmos SDK leverages code generated from Protobuf services to make queries. The `staking` module's `MyQuery` service generates a `queryClient`, which the CLI uses to make queries. Here is the relevant code: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/staking/client/cli/query.go#L308-L343 -``` - -Under the hood, the `client.Context` has a `Query()` function used to retrieve the pre-configured node and relay a query to it; the function takes the query fully-qualified service method name as path (in our case: `/cosmos.staking.v1beta1.Query/Delegations`), and arguments as parameters. It first retrieves the RPC Client (called the [**node**](../advanced/03-node.md)) configured by the user to relay this query to, and creates the `ABCIQueryOptions` (parameters formatted for the ABCI call). The node is then used to make the ABCI call, `ABCIQueryWithOptions()`. - -Here is what the code looks like: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/query.go#L79-L113 -``` - -## RPC - -With a call to `ABCIQueryWithOptions()`, `MyQuery` is received by a [full-node](../advanced/05-encoding.md) which then processes the request. Note that, while the RPC is made to the consensus engine (e.g. CometBFT) of a full-node, queries are not part of consensus and so are not broadcasted to the rest of the network, as they do not require anything the network needs to agree upon. - -Read more about ABCI Clients and CometBFT RPC in the [CometBFT documentation](https://docs.cometbft.com/v0.37/spec/rpc/). - -## Application Query Handling - -When a query is received by the full-node after it has been relayed from the underlying consensus engine, it is at that point being handled within an environment that understands application-specific types and has a copy of the state. [`baseapp`](../advanced/00-baseapp.md) implements the ABCI [`Query()`](../advanced/00-baseapp.md#query) function and handles gRPC queries. The query route is parsed, and it matches the fully-qualified service method name of an existing service method (most likely in one of the modules), then `baseapp` relays the request to the relevant module. - -Since `MyQuery` has a Protobuf fully-qualified service method name from the `staking` module (recall `/cosmos.staking.v1beta1.Query/Delegations`), `baseapp` first parses the path, then uses its own internal `GRPCQueryRouter` to retrieve the corresponding gRPC handler, and routes the query to the module. The gRPC handler is responsible for recognizing this query, retrieving the appropriate values from the application's stores, and returning a response. Read more about query services [here](../../build/building-modules/04-query-services.md). - -Once a result is received from the querier, `baseapp` begins the process of returning a response to the user. - -## Response - -Since `Query()` is an ABCI function, `baseapp` returns the response as an [`abci.QueryResponse`](https://docs.cometbft.com/main/spec/abci/abci++_methods#query) type. The `client.Context` `Query()` routine receives the response and processes it. - -### CLI Response - -The application [`codec`](../advanced/05-encoding.md) is used to unmarshal the response to a JSON and the `client.Context` prints the output to the command line, applying any configurations such as the output type (text, JSON or YAML). - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/context.go#L350-L357 -``` - -And that's a wrap! The result of the query is outputted to the console by the CLI. diff --git a/copy-of-sdk-docs/docs/learn/beginner/03-accounts.md b/copy-of-sdk-docs/docs/learn/beginner/03-accounts.md deleted file mode 100644 index 150436b9..00000000 --- a/copy-of-sdk-docs/docs/learn/beginner/03-accounts.md +++ /dev/null @@ -1,281 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Accounts - -:::note Synopsis -This document describes the in-built account and public key system of the Cosmos SDK. -::: - -:::note Pre-requisite Readings - - -* [Anatomy of a Cosmos SDK Application](./00-app-anatomy.md) - -::: - -## Account Definition - -In the Cosmos SDK, an _account_ designates a pair of _public key_ `PubKey` and _private key_ `PrivKey`. The `PubKey` can be derived to generate various `Addresses`, which are used to identify users (among other parties) in the application. `Addresses` are also associated with [`message`s](../../build/building-modules/02-messages-and-queries.md#messages) to identify the sender of the `message`. The `PrivKey` is used to generate [digital signatures](#signatures) to prove that an `Address` associated with the `PrivKey` approved of a given `message`. - -For HD key derivation the Cosmos SDK uses a standard called [BIP32](https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki). The BIP32 allows users to create an HD wallet (as specified in [BIP44](https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki)) - a set of accounts derived from an initial secret seed. A seed is usually created from a 12- or 24-word mnemonic. A single seed can derive any number of `PrivKey`s using a one-way cryptographic function. Then, a `PubKey` can be derived from the `PrivKey`. Naturally, the mnemonic is the most sensitive information, as private keys can always be re-generated if the mnemonic is preserved. - -```text - Account 0 Account 1 Account 2 - -+------------------+ +------------------+ +------------------+ -| | | | | | -| Address 0 | | Address 1 | | Address 2 | -| ^ | | ^ | | ^ | -| | | | | | | | | -| | | | | | | | | -| | | | | | | | | -| + | | + | | + | -| Public key 0 | | Public key 1 | | Public key 2 | -| ^ | | ^ | | ^ | -| | | | | | | | | -| | | | | | | | | -| | | | | | | | | -| + | | + | | + | -| Private key 0 | | Private key 1 | | Private key 2 | -| ^ | | ^ | | ^ | -+------------------+ +------------------+ +------------------+ - | | | - | | | - | | | - +--------------------------------------------------------------------+ - | - | - +---------+---------+ - | | - | Master PrivKey | - | | - +-------------------+ - | - | - +---------+---------+ - | | - | Mnemonic (Seed) | - | | - +-------------------+ -``` - -In the Cosmos SDK, keys are stored and managed by using an object called a [`Keyring`](#keyring). - -## Keys, accounts, addresses, and signatures - -The principal way of authenticating a user is done using [digital signatures](https://en.wikipedia.org/wiki/Digital_signature). Users sign transactions using their own private key. Signature verification is done with the associated public key. For on-chain signature verification purposes, we store the public key in an `Account` object (alongside other data required for a proper transaction validation). - -In the node, all data is stored using Protocol Buffers serialization. - -The Cosmos SDK supports the following digital key schemes for creating digital signatures: - -* `secp256k1`, as implemented in the [Cosmos SDK's `crypto/keys/secp256k1` package](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keys/secp256k1/secp256k1.go). -* `secp256r1`, as implemented in the [Cosmos SDK's `crypto/keys/secp256r1` package](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keys/secp256r1/pubkey.go). -* `tm-ed25519`, as implemented in the [Cosmos SDK `crypto/keys/ed25519` package](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keys/ed25519/ed25519.go). This scheme is supported only for the consensus validation. - -| | Address length in bytes | Public key length in bytes | Used for transaction authentication | Used for consensus (cometbft) | -| :----------: | :---------------------: | :------------------------: | :---------------------------------: | :-----------------------------: | -| `secp256k1` | 20 | 33 | yes | no | -| `secp256r1` | 32 | 33 | yes | no | -| `tm-ed25519` | -- not used -- | 32 | no | yes | - -## Addresses - -`Addresses` and `PubKey`s are both public information that identifies actors in the application. `Account` is used to store authentication information. The basic account implementation is provided by a `BaseAccount` object. - -Each account is identified using `Address` which is a sequence of bytes derived from a public key. In the Cosmos SDK, we define 3 types of addresses that specify a context where an account is used: - -* `AccAddress` identifies users (the sender of a `message`). -* `ValAddress` identifies validator operators. -* `ConsAddress` identifies validator nodes that are participating in consensus. Validator nodes are derived using the **`ed25519`** curve. - -These types implement the `Address` interface: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/address.go#L126-L134 -``` - -Address construction algorithm is defined in [ADR-28](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-028-public-key-addresses.md). -Here is the standard way to obtain an account address from a `pub` public key: - -```go -sdk.AccAddress(pub.Address().Bytes()) -``` - -Of note, the `Marshal()` and `Bytes()` method both return the same raw `[]byte` form of the address. `Marshal()` is required for Protobuf compatibility. - -For user interaction, addresses are formatted using [Bech32](https://en.bitcoin.it/wiki/Bech32) and implemented by the `String` method. The Bech32 method is the only supported format to use when interacting with a blockchain. The Bech32 human-readable part (Bech32 prefix) is used to denote an address type. Example: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/address.go#L299-L316 -``` - -| | Address Bech32 Prefix | -| ------------------ | --------------------- | -| Accounts | cosmos | -| Validator Operator | cosmosvaloper | -| Consensus Nodes | cosmosvalcons | - -### Public Keys - -Public keys in Cosmos SDK are defined by `cryptotypes.PubKey` interface. Since public keys are saved in a store, `cryptotypes.PubKey` extends the `proto.Message` interface: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/types/types.go#L8-L17 -``` - -A compressed format is used for `secp256k1` and `secp256r1` serialization. - -* The first byte is a `0x02` byte if the `y`-coordinate is the lexicographically largest of the two associated with the `x`-coordinate. -* Otherwise the first byte is a `0x03`. - -This prefix is followed by the `x`-coordinate. - -Public Keys are not used to reference accounts (or users) and in general are not used when composing transaction messages (with few exceptions: `MsgCreateValidator`, `Validator` and `Multisig` messages). -For user interactions, `PubKey` is formatted using Protobufs JSON ([ProtoMarshalJSON](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/codec/json.go#L14-L34) function). Example: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/keys/output.go#L23-L39 -``` - -## Keyring - -A `Keyring` is an object that stores and manages accounts. In the Cosmos SDK, a `Keyring` implementation follows the `Keyring` interface: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keyring/keyring.go#L58-L106 -``` - -The default implementation of `Keyring` comes from the third-party [`99designs/keyring`](https://github.com/99designs/keyring) library. - -A few notes on the `Keyring` methods: - -* `Sign(uid string, msg []byte) ([]byte, types.PubKey, error)` strictly deals with the signature of the `msg` bytes. You must prepare and encode the transaction into a canonical `[]byte` form. Because protobuf is not deterministic, it has been decided in [ADR-020](../../build/architecture/adr-020-protobuf-transaction-encoding.md) that the canonical `payload` to sign is the `SignDoc` struct, deterministically encoded using [ADR-027](../../build/architecture/adr-027-deterministic-protobuf-serialization.md). Note that signature verification is not implemented in the Cosmos SDK by default, it is deferred to the [`anteHandler`](../advanced/00-baseapp.md#antehandler). - -```protobuf reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/v1beta1/tx.proto#L50-L67 -``` - -* `NewAccount(uid, mnemonic, bip39Passphrase, hdPath string, algo SignatureAlgo) (*Record, error)` creates a new account based on the [`bip44 path`](https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki) and persists it on disk. The `PrivKey` is **never stored unencrypted**, instead it is [encrypted with a passphrase](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/armor.go) before being persisted. In the context of this method, the key type and sequence number refer to the segment of the BIP44 derivation path (for example, `0`, `1`, `2`, ...) that is used to derive a private and a public key from the mnemonic. Using the same mnemonic and derivation path, the same `PrivKey`, `PubKey` and `Address` is generated. The following keys are supported by the keyring: - -* `secp256k1` -* `ed25519` - -* `ExportPrivKeyArmor(uid, encryptPassphrase string) (armor string, err error)` exports a private key in ASCII-armored encrypted format using the given passphrase. You can then either import the private key again into the keyring using the `ImportPrivKey(uid, armor, passphrase string)` function or decrypt it into a raw private key using the `UnarmorDecryptPrivKey(armorStr string, passphrase string)` function. - -### Create New Key Type - -To create a new key type for using in keyring, `keyring.SignatureAlgo` interface must be fulfilled. - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keyring/signing_algorithms.go#L11-L16 -``` - -The interface consists of three methods where `Name()` returns the name of the algorithm as a `hd.PubKeyType` and `Derive()` and `Generate()` must return the following functions respectively: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/hd/algo.go#L28-L31 -``` - -Once the `keyring.SignatureAlgo` has been implemented it must be added to the [list of supported algos](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keyring/keyring.go#L209) of the keyring. - -For simplicity the implementation of a new key type should be done inside the `crypto/hd` package. -There is an example of a working `secp256k1` implementation in [algo.go](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/hd/algo.go#L38). - - -#### Implementing secp256r1 algo - -Here is an example of how secp256r1 could be implemented. - -First a new function to create a private key from a secret number is needed in the secp256r1 package. This function could look like this: - -```go -// cosmos-sdk/crypto/keys/secp256r1/privkey.go - -// NewPrivKeyFromSecret creates a private key derived for the secret number -// represented in big-endian. The `secret` must be a valid ECDSA field element. -func NewPrivKeyFromSecret(secret []byte) (*PrivKey, error) { - var d = new(big.Int).SetBytes(secret) - if d.Cmp(secp256r1.Params().N) >= 1 { - return nil, errorsmod.Wrap(errors.ErrInvalidRequest, "secret not in the curve base field") - } - sk := new(ecdsa.PrivKey) - return &PrivKey{&ecdsaSK{*sk}}, nil -} -``` - -After that `secp256r1Algo` can be implemented. - -```go -// cosmos-sdk/crypto/hd/secp256r1Algo.go - -package hd - -import ( - "github.com/cosmos/go-bip39" - - "github.com/cosmos/cosmos-sdk/crypto/keys/secp256r1" - "github.com/cosmos/cosmos-sdk/crypto/types" -) - -// Secp256r1Type uses the secp256r1 ECDSA parameters. -const Secp256r1Type = PubKeyType("secp256r1") - -var Secp256r1 = secp256r1Algo{} - -type secp256r1Algo struct{} - -func (s secp256r1Algo) Name() PubKeyType { - return Secp256r1Type -} - -// Derive derives and returns the secp256r1 private key for the given seed and HD path. -func (s secp256r1Algo) Derive() DeriveFn { - return func(mnemonic string, bip39Passphrase, hdPath string) ([]byte, error) { - seed, err := bip39.NewSeedWithErrorChecking(mnemonic, bip39Passphrase) - if err != nil { - return nil, err - } - - masterPriv, ch := ComputeMastersFromSeed(seed) - if len(hdPath) == 0 { - return masterPriv[:], nil - } - derivedKey, err := DerivePrivateKeyForPath(masterPriv, ch, hdPath) - - return derivedKey, err - } -} - -// Generate generates a secp256r1 private key from the given bytes. -func (s secp256r1Algo) Generate() GenerateFn { - return func(bz []byte) types.PrivKey { - key, err := secp256r1.NewPrivKeyFromSecret(bz) - if err != nil { - panic(err) - } - return key - } -} -``` - -Finally, the algo must be added to the list of [supported algos](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keyring/keyring.go#L209) by the keyring. - -```go -// cosmos-sdk/crypto/keyring/keyring.go - -func newKeystore(kr keyring.Keyring, cdc codec.Codec, backend string, opts ...Option) keystore { - // Default options for keybase, these can be overwritten using the - // Option function - options := Options{ - SupportedAlgos: SigningAlgoList{hd.Secp256k1, hd.Secp256r1}, // added here - SupportedAlgosLedger: SigningAlgoList{hd.Secp256k1}, - } -... -``` - -Hereafter to create new keys using your algo, you must specify it with the flag `--algo` : - -`simd keys add myKey --algo secp256r1` diff --git a/copy-of-sdk-docs/docs/learn/beginner/04-gas-fees.md b/copy-of-sdk-docs/docs/learn/beginner/04-gas-fees.md deleted file mode 100644 index 5aea1238..00000000 --- a/copy-of-sdk-docs/docs/learn/beginner/04-gas-fees.md +++ /dev/null @@ -1,101 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Gas and Fees - -:::note Synopsis -This document describes the default strategies to handle gas and fees within a Cosmos SDK application. -::: - -:::note Pre-requisite Readings - -* [Anatomy of a Cosmos SDK Application](./00-app-anatomy.md) - -::: - -## Introduction to `Gas` and `Fees` - -In the Cosmos SDK, `gas` is a special unit that is used to track the consumption of resources during execution. `gas` is typically consumed whenever read and writes are made to the store, but it can also be consumed if expensive computation needs to be done. It serves two main purposes: - -* Make sure blocks are not consuming too many resources and are finalized. This is implemented by default in the Cosmos SDK via the [block gas meter](#block-gas-meter). -* Prevent spam and abuse from end-user. To this end, `gas` consumed during [`message`](../../build/building-modules/02-messages-and-queries.md#messages) execution is typically priced, resulting in a `fee` (`fees = gas * gas-prices`). `fees` generally have to be paid by the sender of the `message`. Note that the Cosmos SDK does not enforce `gas` pricing by default, as there may be other ways to prevent spam (e.g. bandwidth schemes). Still, most applications implement `fee` mechanisms to prevent spam by using the [`AnteHandler`](#antehandler). - -## Gas Meter - -In the Cosmos SDK, `gas` is a simple alias for `uint64`, and is managed by an object called a _gas meter_. Gas meters implement the `GasMeter` interface: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/store/types/gas.go#L40-L51 -``` - -where: - -* `GasConsumed()` returns the amount of gas that was consumed by the gas meter instance. -* `GasConsumedToLimit()` returns the amount of gas that was consumed by the gas meter instance, or the limit if it is reached. -* `GasRemaining()` returns the gas left in the GasMeter. -* `Limit()` returns the limit of the gas meter instance. `0` if the gas meter is infinite. -* `ConsumeGas(amount Gas, descriptor string)` consumes the amount of `gas` provided. If the `gas` overflows, it panics with the `descriptor` message. If the gas meter is not infinite, it panics if `gas` consumed goes above the limit. -* `RefundGas()` deducts the given amount from the gas consumed. This functionality enables refunding gas to the transaction or block gas pools so that EVM-compatible chains can fully support the go-ethereum StateDB interface. -* `IsPastLimit()` returns `true` if the amount of gas consumed by the gas meter instance is strictly above the limit, `false` otherwise. -* `IsOutOfGas()` returns `true` if the amount of gas consumed by the gas meter instance is above or equal to the limit, `false` otherwise. - -The gas meter is generally held in [`ctx`](../advanced/02-context.md), and consuming gas is done with the following pattern: - -```go -ctx.GasMeter().ConsumeGas(amount, "description") -``` - -By default, the Cosmos SDK makes use of two different gas meters, the [main gas meter](#main-gas-meter) and the [block gas meter](#block-gas-meter). - -### Main Gas Meter - -`ctx.GasMeter()` is the main gas meter of the application. The main gas meter is initialized in `FinalizeBlock` via `setFinalizeBlockState`, and then tracks gas consumption during execution sequences that lead to state-transitions, i.e. those originally triggered by [`FinalizeBlock`](../advanced/00-baseapp.md#finalizeblock). At the beginning of each transaction execution, the main gas meter **must be set to 0** in the [`AnteHandler`](#antehandler), so that it can track gas consumption per-transaction. - -Gas consumption can be done manually, generally by the module developer in the [`BeginBlocker`, `EndBlocker`](../../build/building-modules/06-beginblock-endblock.md) or [`Msg` service](../../build/building-modules/03-msg-services.md), but most of the time it is done automatically whenever there is a read or write to the store. This automatic gas consumption logic is implemented in a special store called [`GasKv`](../advanced/04-store.md#gaskv-store). - -### Block Gas Meter - -`ctx.BlockGasMeter()` is the gas meter used to track gas consumption per block and make sure it does not go above a certain limit. - -During the genesis phase, gas consumption is unlimited to accommodate initialization transactions. - -```go -app.finalizeBlockState.SetContext(app.finalizeBlockState.Context().WithBlockGasMeter(storetypes.NewInfiniteGasMeter())) -``` - -Following the genesis block, the block gas meter is set to a finite value by the SDK. This transition is facilitated by the consensus engine (e.g., CometBFT) calling the `RequestFinalizeBlock` function, which in turn triggers the SDK's `FinalizeBlock` method. Within `FinalizeBlock`, `internalFinalizeBlock` is executed, performing necessary state updates and function executions. The block gas meter, initialized each with a finite limit, is then incorporated into the context for transaction execution, ensuring gas consumption does not exceed the block's gas limit and is reset at the end of each block. - -Modules within the Cosmos SDK can consume block gas at any point during their execution by utilizing the `ctx`. This gas consumption primarily occurs during state read/write operations and transaction processing. The block gas meter, accessible via `ctx.BlockGasMeter()`, monitors the total gas usage within a block, enforcing the gas limit to prevent excessive computation. This ensures that gas limits are adhered to on a per-block basis, starting from the first block post-genesis. - -```go -gasMeter := app.getBlockGasMeter(app.finalizeBlockState.Context()) -app.finalizeBlockState.SetContext(app.finalizeBlockState.Context().WithBlockGasMeter(gasMeter)) -``` - -The above shows the general mechanism for setting the block gas meter with a finite limit based on the block's consensus parameters. - -## AnteHandler - -The `AnteHandler` is run for every transaction during `CheckTx` and `FinalizeBlock`, before a Protobuf `Msg` service method for each `sdk.Msg` in the transaction. - -The anteHandler is not implemented in the core Cosmos SDK but in a module. That said, most applications today use the default implementation defined in the [`auth` module](https://github.com/cosmos/cosmos-sdk/tree/main/x/auth). Here is what the `anteHandler` is intended to do in a normal Cosmos SDK application: - -* Verify that the transactions are of the correct type. Transaction types are defined in the module that implements the `anteHandler`, and they follow the transaction interface: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/types/tx_msg.go#L53-L58 -``` - - This enables developers to play with various types for the transaction of their application. In the default `auth` module, the default transaction type is `Tx`: - -```protobuf reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/proto/cosmos/tx/v1beta1/tx.proto#L15-L28 -``` - -* Verify signatures for each [`message`](../../build/building-modules/02-messages-and-queries.md#messages) contained in the transaction. Each `message` should be signed by one or multiple sender(s), and these signatures must be verified in the `anteHandler`. -* During `CheckTx`, verify that the gas prices provided with the transaction are greater than the local `min-gas-prices` (as a reminder, gas-prices can be deducted from the following equation: `fees = gas * gas-prices`). `min-gas-prices` is a parameter local to each full-node and used during `CheckTx` to discard transactions that do not provide a minimum amount of fees. This ensures that the mempool cannot be spammed with garbage transactions. -* Verify that the sender of the transaction has enough funds to cover for the `fees`. When the end-user generates a transaction, they must indicate 2 of the 3 following parameters (the third one being implicit): `fees`, `gas` and `gas-prices`. This signals how much they are willing to pay for nodes to execute their transaction. The provided `gas` value is stored in a parameter called `GasWanted` for later use. -* Set `newCtx.GasMeter` to 0, with a limit of `GasWanted`. **This step is crucial**, as it not only makes sure the transaction cannot consume infinite gas, but also that `ctx.GasMeter` is reset in-between each transaction (`ctx` is set to `newCtx` after `anteHandler` is run, and the `anteHandler` is run each time a transaction executes). - -As explained above, the `anteHandler` returns a maximum limit of `gas` the transaction can consume during execution called `GasWanted`. The actual amount consumed in the end is denominated `GasUsed`, and we must therefore have `GasUsed =< GasWanted`. Both `GasWanted` and `GasUsed` are relayed to the underlying consensus engine when [`FinalizeBlock`](../advanced/00-baseapp.md#finalizeblock) returns. diff --git a/copy-of-sdk-docs/docs/learn/beginner/_category_.json b/copy-of-sdk-docs/docs/learn/beginner/_category_.json deleted file mode 100644 index d09097fa..00000000 --- a/copy-of-sdk-docs/docs/learn/beginner/_category_.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "label": "Beginner", - "position": 2, - "link": null -} \ No newline at end of file diff --git a/copy-of-sdk-docs/docs/learn/intro/00-overview.md b/copy-of-sdk-docs/docs/learn/intro/00-overview.md deleted file mode 100644 index f1e896f3..00000000 --- a/copy-of-sdk-docs/docs/learn/intro/00-overview.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -sidebar_position: 1 ---- - -# What is the Cosmos SDK - -The [Cosmos SDK](https://github.com/cosmos/cosmos-sdk) is an open-source toolkit for building multi-asset public Proof-of-Stake (PoS) blockchains, like the Cosmos Hub, as well as permissioned Proof-of-Authority (PoA) blockchains. Blockchains built with the Cosmos SDK are generally referred to as **application-specific blockchains**. - -The goal of the Cosmos SDK is to allow developers to easily create custom blockchains from scratch that can natively interoperate with other blockchains. -We further this modular approach by allowing developers to plug and play with different consensus engines this can range from the [CometBFT](https://github.com/cometbft/cometbft) or [Rollkit](https://rollkit.dev/). - -SDK-based blockchains have the choice to use the predefined modules or to build their own modules. What this means is that developers can build a blockchain that is tailored to their specific use case, without having to worry about the low-level details of building a blockchain from scratch. Predefined modules include staking, governance, and token issuance, among others. - -What's more, the Cosmos SDK is a capabilities-based system that allows developers to better reason about the security of interactions between modules. For a deeper look at capabilities, jump to [Object-Capability Model](../advanced/10-ocap.md). - -How you can look at this is if we imagine that the SDK is like a lego kit. You can choose to build the basic house from the instructions or you can choose to modify your house and add more floors, more doors, more windows. The choice is yours. - -## What are Application-Specific Blockchains - -One development paradigm in the blockchain world today is that of virtual-machine blockchains like Ethereum, where development generally revolves around building decentralized applications on top of an existing blockchain as a set of smart contracts. While smart contracts can be very good for some use cases like single-use applications (e.g. ICOs), they often fall short for building complex decentralized platforms. More generally, smart contracts can be limiting in terms of flexibility, sovereignty and performance. - -Application-specific blockchains offer a radically different development paradigm than virtual-machine blockchains. An application-specific blockchain is a blockchain customized to operate a single application: developers have all the freedom to make the design decisions required for the application to run optimally. They can also provide better sovereignty, security and performance. - -Learn more about [application-specific blockchains](./01-why-app-specific.md). - -## What is Modularity - -Today there is a lot of talk around modularity and discussions between monolithic and modular. Originally the Cosmos SDK was built with a vision of modularity in mind. Modularity is derived from splitting a blockchain into customizable layers of execution, consensus, settlement and data availability, which is what the Cosmos SDK enables. This means that developers can plug and play, making their blockchain customisable by using different software for different layers. For example you can choose to build a vanilla chain and use the Cosmos SDK with CometBFT. CometBFT will be your consensus layer and the chain itself would be the settlement and execution layer. Another route could be to use the SDK with Rollkit and Celestia as your consensus and data availability layer. The benefit of modularity is that you can customize your chain to your specific use case. - -## Why the Cosmos SDK - -The Cosmos SDK is the most advanced framework for building custom modular application-specific blockchains today. Here are a few reasons why you might want to consider building your decentralized application with the Cosmos SDK: - -* It allows you to plug and play and customize your consensus layer. As above you can use Rollkit and Celestia as your consensus and data availability layer. This offers a lot of flexibility and customisation. -* Previously the default consensus engine available within the Cosmos SDK is [CometBFT](https://github.com/cometbft/cometbft). CometBFT is the most mature BFT consensus engine in existence. It is widely used across the industry and is considered the gold standard consensus engine for building Proof-of-Stake systems. -* The Cosmos SDK is open-source and designed to make it easy to build blockchains out of composable [modules](../../build/modules). As the ecosystem of open-source Cosmos SDK modules grows, it will become increasingly easier to build complex decentralized platforms with it. -* The Cosmos SDK is inspired by capabilities-based security, and informed by years of wrestling with blockchain state-machines. This makes the Cosmos SDK a very secure environment to build blockchains. -* Most importantly, the Cosmos SDK has already been used to build many application-specific blockchains that are already in production. Among others, we can cite [Cosmos Hub](https://hub.cosmos.network), [IRIS Hub](https://irisnet.org), [Binance Chain](https://docs.binance.org/), [Terra](https://terra.money/) or [Kava](https://www.kava.io/). [Many more](https://cosmos.network/ecosystem) are building on the Cosmos SDK. - -## Getting started with the Cosmos SDK - -* Learn more about the [architecture of a Cosmos SDK application](./02-sdk-app-architecture.md) -* Learn how to build an application-specific blockchain from scratch with the [Cosmos SDK Tutorial](https://cosmos.network/docs/tutorial) diff --git a/copy-of-sdk-docs/docs/learn/intro/01-why-app-specific.md b/copy-of-sdk-docs/docs/learn/intro/01-why-app-specific.md deleted file mode 100644 index df16c19a..00000000 --- a/copy-of-sdk-docs/docs/learn/intro/01-why-app-specific.md +++ /dev/null @@ -1,79 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Application-Specific Blockchains - -:::note Synopsis -This document explains what application-specific blockchains are, and why developers would want to build one as opposed to writing Smart Contracts. -::: - -## What are application-specific blockchains - -Application-specific blockchains are blockchains customized to operate a single application. Instead of building a decentralized application on top of an underlying blockchain like Ethereum, developers build their own blockchain from the ground up. This means building a full-node client, a light-client, and all the necessary interfaces (CLI, REST, ...) to interact with the nodes. - -```text - ^ +-------------------------------+ ^ - | | | | Built with Cosmos SDK - | | State-machine = Application | | - | | | v - | +-------------------------------+ - | | | ^ -Blockchain node | | Consensus | | - | | | | - | +-------------------------------+ | CometBFT - | | | | - | | Networking | | - | | | | - v +-------------------------------+ v -``` - -## What are the shortcomings of Smart Contracts - -Virtual-machine blockchains like Ethereum addressed the demand for more programmability back in 2014. At the time, the options available for building decentralized applications were quite limited. Most developers would build on top of the complex and limited Bitcoin scripting language, or fork the Bitcoin codebase which was hard to work with and customize. - -Virtual-machine blockchains came in with a new value proposition. Their state-machine incorporates a virtual-machine that is able to interpret turing-complete programs called Smart Contracts. These Smart Contracts are very good for use cases like one-time events (e.g. ICOs), but they can fall short for building complex decentralized platforms. Here is why: - -* Smart Contracts are generally developed with specific programming languages that can be interpreted by the underlying virtual-machine. These programming languages are often immature and inherently limited by the constraints of the virtual-machine itself. For example, the Ethereum Virtual Machine does not allow developers to implement automatic execution of code. Developers are also limited to the account-based system of the EVM, and they can only choose from a limited set of functions for their cryptographic operations. These are examples, but they hint at the lack of **flexibility** that a smart contract environment often entails. -* Smart Contracts are all run by the same virtual machine. This means that they compete for resources, which can severely restrain **performance**. And even if the state-machine were to be split in multiple subsets (e.g. via sharding), Smart Contracts would still need to be interpreted by a virtual machine, which would limit performance compared to a native application implemented at state-machine level (our benchmarks show an improvement on the order of 10x in performance when the virtual-machine is removed). -* Another issue with the fact that Smart Contracts share the same underlying environment is the resulting limitation in **sovereignty**. A decentralized application is an ecosystem that involves multiple players. If the application is built on a general-purpose virtual-machine blockchain, stakeholders have very limited sovereignty over their application, and are ultimately superseded by the governance of the underlying blockchain. If there is a bug in the application, very little can be done about it. - -Application-Specific Blockchains are designed to address these shortcomings. - -## Application-Specific Blockchains Benefits - -### Flexibility - -Application-specific blockchains give maximum flexibility to developers: - -* In Cosmos blockchains, the state-machine is typically connected to the underlying consensus engine via an interface called the [ABCI](https://docs.cometbft.com/v0.37/spec/abci/). This interface can be wrapped in any programming language, meaning developers can build their state-machine in the programming language of their choice. - -* Developers can choose among multiple frameworks to build their state-machine. The most widely used today is the Cosmos SDK, but others exist (e.g. [Lotion](https://github.com/nomic-io/lotion), [Weave](https://github.com/iov-one/weave), ...). Typically the choice will be made based on the programming language they want to use (Cosmos SDK and Weave are in Golang, Lotion is in Javascript, ...). -* The ABCI also allows developers to swap the consensus engine of their application-specific blockchain. Today, only CometBFT is production-ready, but in the future other consensus engines are expected to emerge. -* Even when they settle for a framework and consensus engine, developers still have the freedom to tweak them if they don't perfectly match their requirements in their pristine forms. -* Developers are free to explore the full spectrum of tradeoffs (e.g. number of validators vs transaction throughput, safety vs availability in asynchrony, ...) and design choices (DB or IAVL tree for storage, UTXO or account model, ...). -* Developers can implement automatic execution of code. In the Cosmos SDK, logic can be automatically triggered at the beginning and the end of each block. They are also free to choose the cryptographic library used in their application, as opposed to being constrained by what is made available by the underlying environment in the case of virtual-machine blockchains. - -The list above contains a few examples that show how much flexibility application-specific blockchains give to developers. The goal of Cosmos and the Cosmos SDK is to make developer tooling as generic and composable as possible, so that each part of the stack can be forked, tweaked and improved without losing compatibility. As the community grows, more alternatives for each of the core building blocks will emerge, giving more options to developers. - -### Performance - -Decentralized applications built with Smart Contracts are inherently capped in performance by the underlying environment. For a decentralized application to optimise performance, it needs to be built as an application-specific blockchain. Next are some of the benefits an application-specific blockchain brings in terms of performance: - -* Developers of application-specific blockchains can choose to operate with a novel consensus engine such as CometBFT. Compared to Proof-of-Work (used by most virtual-machine blockchains today), it offers significant gains in throughput. -* An application-specific blockchain only operates a single application, so that the application does not compete with others for computation and storage. This is the opposite of most non-sharded virtual-machine blockchains today, where smart contracts all compete for computation and storage. -* Even if a virtual-machine blockchain offered application-based sharding coupled with an efficient consensus algorithm, performance would still be limited by the virtual-machine itself. The real throughput bottleneck is the state-machine, and requiring transactions to be interpreted by a virtual-machine significantly increases the computational complexity of processing them. - -### Security - -Security is hard to quantify, and greatly varies from platform to platform. That said here are some important benefits an application-specific blockchain can bring in terms of security: - -* Developers can choose proven programming languages like Go when building their application-specific blockchains, as opposed to smart contract programming languages that are often more immature. -* Developers are not constrained by the cryptographic functions made available by the underlying virtual-machines. They can use their own custom cryptography, and rely on well-audited crypto libraries. -* Developers do not have to worry about potential bugs or exploitable mechanisms in the underlying virtual-machine, making it easier to reason about the security of the application. - -### Sovereignty - -One of the major benefits of application-specific blockchains is sovereignty. A decentralized application is an ecosystem that involves many actors: users, developers, third-party services, and more. When developers build on a virtual-machine blockchain where many decentralized applications coexist, the community of the application is different than the community of the underlying blockchain, and the latter supersedes the former in the governance process. If there is a bug or if a new feature is needed, stakeholders of the application have very little leeway to upgrade the code. If the community of the underlying blockchain refuses to act, nothing can happen. - -The fundamental issue here is that the governance of the application and the governance of the network are not aligned. This issue is solved by application-specific blockchains. Because application-specific blockchains specialize to operate a single application, stakeholders of the application have full control over the entire chain. This ensures that the community will not be stuck if a bug is discovered, and that it has the freedom to choose how it is going to evolve. diff --git a/copy-of-sdk-docs/docs/learn/intro/02-sdk-app-architecture.md b/copy-of-sdk-docs/docs/learn/intro/02-sdk-app-architecture.md deleted file mode 100644 index 532c2743..00000000 --- a/copy-of-sdk-docs/docs/learn/intro/02-sdk-app-architecture.md +++ /dev/null @@ -1,93 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Blockchain Architecture - -## State machine - -At its core, a blockchain is a [replicated deterministic state machine](https://en.wikipedia.org/wiki/State_machine_replication). - -A state machine is a computer science concept whereby a machine can have multiple states, but only one at any given time. There is a `state`, which describes the current state of the system, and `transactions`, that trigger state transitions. - -Given a state S and a transaction T, the state machine will return a new state S'. - -```text -+--------+ +--------+ -| | | | -| S +---------------->+ S' | -| | apply(T) | | -+--------+ +--------+ -``` - -In practice, the transactions are bundled in blocks to make the process more efficient. Given a state S and a block of transactions B, the state machine will return a new state S'. - -```text -+--------+ +--------+ -| | | | -| S +----------------------------> | S' | -| | For each T in B: apply(T) | | -+--------+ +--------+ -``` - -In a blockchain context, the state machine is deterministic. This means that if a node is started at a given state and replays the same sequence of transactions, it will always end up with the same final state. - -The Cosmos SDK gives developers maximum flexibility to define the state of their application, transaction types and state transition functions. The process of building state-machines with the Cosmos SDK will be described more in depth in the following sections. But first, let us see how the state-machine is replicated using **CometBFT**. - -## CometBFT - -Thanks to the Cosmos SDK, developers just have to define the state machine, and [*CometBFT*](https://docs.cometbft.com/v0.37/introduction/what-is-cometbft) will handle replication over the network for them. - -```text - ^ +-------------------------------+ ^ - | | | | Built with Cosmos SDK - | | State-machine = Application | | - | | | v - | +-------------------------------+ - | | | ^ -Blockchain node | | Consensus | | - | | | | - | +-------------------------------+ | CometBFT - | | | | - | | Networking | | - | | | | - v +-------------------------------+ v -``` - -[CometBFT](https://docs.cometbft.com/v0.37/introduction/what-is-cometbft) is an application-agnostic engine that is responsible for handling the *networking* and *consensus* layers of a blockchain. In practice, this means that CometBFT is responsible for propagating and ordering transaction bytes. CometBFT relies on an eponymous Byzantine-Fault-Tolerant (BFT) algorithm to reach consensus on the order of transactions. - -The CometBFT [consensus algorithm](https://docs.cometbft.com/v0.37/introduction/what-is-cometbft#consensus-overview) works with a set of special nodes called *Validators*. Validators are responsible for adding blocks of transactions to the blockchain. At any given block, there is a validator set V. A validator in V is chosen by the algorithm to be the proposer of the next block. This block is considered valid if more than two thirds of V signed a `prevote` and a `precommit` on it, and if all the transactions that it contains are valid. The validator set can be changed by rules written in the state-machine. - -## ABCI - -CometBFT passes transactions to the application through an interface called the [ABCI](https://docs.cometbft.com/v0.37/spec/abci/), which the application must implement. - -```text - +---------------------+ - | | - | Application | - | | - +--------+---+--------+ - ^ | - | | ABCI - | v - +--------+---+--------+ - | | - | | - | CometBFT | - | | - | | - +---------------------+ -``` - -Note that **CometBFT only handles transaction bytes**. It has no knowledge of what these bytes mean. All CometBFT does is order these transaction bytes deterministically. CometBFT passes the bytes to the application via the ABCI, and expects a return code to inform it if the messages contained in the transactions were successfully processed or not. - -Here are the most important messages of the ABCI: - -* `CheckTx`: When a transaction is received by CometBFT, it is passed to the application to check if a few basic requirements are met. `CheckTx` is used to protect the mempool of full-nodes against spam transactions. A special handler called the [`AnteHandler`](../beginner/04-gas-fees.md#antehandler) is used to execute a series of validation steps such as checking for sufficient fees and validating the signatures. If the checks are valid, the transaction is added to the [mempool](https://docs.cometbft.com/v0.37/spec/p2p/legacy-docs/messages/mempool) and relayed to peer nodes. Note that transactions are not processed (i.e. no modification of the state occurs) with `CheckTx` since they have not been included in a block yet. -* `DeliverTx`: When a [valid block](https://docs.cometbft.com/v0.37/spec/core/data_structures#block) is received by CometBFT, each transaction in the block is passed to the application via `DeliverTx` in order to be processed. It is during this stage that the state transitions occur. The `AnteHandler` executes again, along with the actual [`Msg` service](../../build/building-modules/03-msg-services.md) RPC for each message in the transaction. -* `BeginBlock`/`EndBlock`: These messages are executed at the beginning and the end of each block, whether the block contains transactions or not. It is useful to trigger automatic execution of logic. Proceed with caution though, as computationally expensive loops could slow down your blockchain, or even freeze it if the loop is infinite. - -Find a more detailed view of the ABCI methods from the [CometBFT docs](https://docs.cometbft.com/v0.37/spec/abci/). - -Any application built on CometBFT needs to implement the ABCI interface in order to communicate with the underlying local CometBFT engine. Fortunately, you do not have to implement the ABCI interface. The Cosmos SDK provides a boilerplate implementation of it in the form of [baseapp](./03-sdk-design.md#baseapp). diff --git a/copy-of-sdk-docs/docs/learn/intro/03-sdk-design.md b/copy-of-sdk-docs/docs/learn/intro/03-sdk-design.md deleted file mode 100644 index 6ecffbe0..00000000 --- a/copy-of-sdk-docs/docs/learn/intro/03-sdk-design.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Main Components of the Cosmos SDK - -The Cosmos SDK is a framework that facilitates the development of secure state-machines on top of CometBFT. At its core, the Cosmos SDK is a boilerplate implementation of the [ABCI](./02-sdk-app-architecture.md#abci) in Golang. It comes with a [`multistore`](../advanced/04-store.md#multistore) to persist data and a [`router`](../advanced/00-baseapp.md#routing) to handle transactions. - -Here is a simplified view of how transactions are handled by an application built on top of the Cosmos SDK when transferred from CometBFT via `DeliverTx`: - -1. Decode `transactions` received from the CometBFT consensus engine (remember that CometBFT only deals with `[]bytes`). -2. Extract `messages` from `transactions` and do basic sanity checks. -3. Route each message to the appropriate module so that it can be processed. -4. Commit state changes. - -## `baseapp` - -`baseapp` is the boilerplate implementation of a Cosmos SDK application. It comes with an implementation of the ABCI to handle the connection with the underlying consensus engine. Typically, a Cosmos SDK application extends `baseapp` by embedding it in [`app.go`](../beginner/00-app-anatomy.md#core-application-file). - -Here is an example of this from `simapp`, the Cosmos SDK demonstration app: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/app.go#L137-L180 -``` - -The goal of `baseapp` is to provide a secure interface between the store and the extensible state machine while defining as little about the state machine as possible (staying true to the ABCI). - -For more on `baseapp`, please click [here](../advanced/00-baseapp.md). - -## Multistore - -The Cosmos SDK provides a [`multistore`](../advanced/04-store.md#multistore) for persisting state. The multistore allows developers to declare any number of [`KVStores`](../advanced/04-store.md#base-layer-kvstores). These `KVStores` only accept the `[]byte` type as value and therefore any custom structure needs to be marshalled using [a codec](../advanced/05-encoding.md) before being stored. - -The multistore abstraction is used to divide the state in distinct compartments, each managed by its own module. For more on the multistore, click [here](../advanced/04-store.md#multistore) - -## Modules - -The power of the Cosmos SDK lies in its modularity. Cosmos SDK applications are built by aggregating a collection of interoperable modules. Each module defines a subset of the state and contains its own message/transaction processor, while the Cosmos SDK is responsible for routing each message to its respective module. - -Here is a simplified view of how a transaction is processed by the application of each full-node when it is received in a valid block: - -```mermaid - flowchart TD - A[Transaction relayed from the full-node's CometBFT engine to the node's application via DeliverTx] --> B[APPLICATION] - B -->|"Using baseapp's methods: Decode the Tx, extract and route the message(s)"| C[Message routed to the correct module to be processed] - C --> D1[AUTH MODULE] - C --> D2[BANK MODULE] - C --> D3[STAKING MODULE] - C --> D4[GOV MODULE] - D1 -->|Handle message, Update state| E["Return result to CometBFT (0=Ok, 1=Err)"] - D2 -->|Handle message, Update state| E["Return result to CometBFT (0=Ok, 1=Err)"] - D3 -->|Handle message, Update state| E["Return result to CometBFT (0=Ok, 1=Err)"] - D4 -->|Handle message, Update state| E["Return result to CometBFT (0=Ok, 1=Err)"] -``` - -Each module can be seen as a little state-machine. Developers need to define the subset of the state handled by the module, as well as custom message types that modify the state (*Note:* `messages` are extracted from `transactions` by `baseapp`). In general, each module declares its own `KVStore` in the `multistore` to persist the subset of the state it defines. Most developers will need to access other 3rd party modules when building their own modules. Given that the Cosmos SDK is an open framework, some of the modules may be malicious, which means there is a need for security principles to reason about inter-module interactions. These principles are based on [object-capabilities](../advanced/10-ocap.md). In practice, this means that instead of having each module keep an access control list for other modules, each module implements special objects called `keepers` that can be passed to other modules to grant a pre-defined set of capabilities. - -Cosmos SDK modules are defined in the `x/` folder of the Cosmos SDK. Some core modules include: - -* `x/auth`: Used to manage accounts and signatures. -* `x/bank`: Used to enable tokens and token transfers. -* `x/staking` + `x/slashing`: Used to build Proof-of-Stake blockchains. - -In addition to the already existing modules in `x/`, which anyone can use in their app, the Cosmos SDK lets you build your own custom modules. You can check an [example of that in the tutorial](https://tutorials.cosmos.network/). diff --git a/copy-of-sdk-docs/docs/learn/intro/Maincomps.excalidraw b/copy-of-sdk-docs/docs/learn/intro/Maincomps.excalidraw deleted file mode 100644 index 289d1010..00000000 --- a/copy-of-sdk-docs/docs/learn/intro/Maincomps.excalidraw +++ /dev/null @@ -1,603 +0,0 @@ -{ - "type": "excalidraw", - "version": 2, - "source": "https://excalidraw.com", - "elements": [ - { - "id": "TT806C8wYC1giNDrB3j0H", - "type": "rectangle", - "x": 392.3992464191551, - "y": 377.59281643418194, - "width": 368.5810298094963, - "height": 300.3445584269905, - "angle": 0, - "strokeColor": "#1e1e1e", - "backgroundColor": "#ffec99", - "fillStyle": "hachure", - "strokeWidth": 1, - "strokeStyle": "solid", - "roughness": 1, - "opacity": 100, - "groupIds": [], - "frameId": null, - "index": "b20", - "roundness": { - "type": 3 - }, - "seed": 1095376796, - "version": 379, - "versionNonce": 395388196, - "isDeleted": false, - "boundElements": null, - "updated": 1717946215725, - "link": null, - "locked": false - }, - { - "id": "sTDd-IcaEk93yvorkOjjx", - "type": "rectangle", - "x": 425.6105707309967, - "y": 407.3907865247813, - "width": 291.7422935286128, - "height": 57.093323969660304, - "angle": 0, - "strokeColor": "#1e1e1e", - "backgroundColor": "#ebfbee", - "fillStyle": "solid", - "strokeWidth": 1, - "strokeStyle": "solid", - "roughness": 1, - "opacity": 100, - "groupIds": [], - "frameId": null, - "index": "b21", - "roundness": { - "type": 3 - }, - "seed": 534261156, - "version": 200, - "versionNonce": 320694564, - "isDeleted": false, - "boundElements": [ - { - "type": "text", - "id": "DfQ_v0mZK9I65EtQ6glTr" - } - ], - "updated": 1717946141898, - "link": null, - "locked": false - }, - { - "id": "DfQ_v0mZK9I65EtQ6glTr", - "type": "text", - "x": 540.1377462428617, - "y": 425.93744850961144, - "width": 62.68794250488281, - "height": 20, - "angle": 0, - "strokeColor": "#1e1e1e", - "backgroundColor": "#b2f2bb", - "fillStyle": "solid", - "strokeWidth": 1, - "strokeStyle": "solid", - "roughness": 1, - "opacity": 100, - "groupIds": [], - "frameId": null, - "index": "b22", - "roundness": null, - "seed": 1825368092, - "version": 129, - "versionNonce": 1358928420, - "isDeleted": false, - "boundElements": null, - "updated": 1717945861493, - "link": null, - "locked": false, - "text": "baseapp", - "fontSize": 16, - "fontFamily": 1, - "textAlign": "center", - "verticalAlign": "middle", - "containerId": "sTDd-IcaEk93yvorkOjjx", - "originalText": "baseapp", - "autoResize": true, - "lineHeight": 1.25 - }, - { - "id": "0eOjlptq2QPkgMZD4ilw_", - "type": "rectangle", - "x": 423.5441903728455, - "y": 483.4335837047473, - "width": 305.81281311550566, - "height": 100.72456256899451, - "angle": 0, - "strokeColor": "#1e1e1e", - "backgroundColor": "#e7f5ff", - "fillStyle": "solid", - "strokeWidth": 1, - "strokeStyle": "solid", - "roughness": 1, - "opacity": 100, - "groupIds": [], - "frameId": null, - "index": "b23", - "roundness": { - "type": 3 - }, - "seed": 774424100, - "version": 711, - "versionNonce": 1241388444, - "isDeleted": false, - "boundElements": [ - { - "type": "text", - "id": "To8Ifauc4u3pXYXE-BuBm" - }, - { - "id": "5U3m__cEk0384Je1xS8Lt", - "type": "arrow" - } - ], - "updated": 1717946136493, - "link": null, - "locked": false - }, - { - "id": "To8Ifauc4u3pXYXE-BuBm", - "type": "text", - "x": 537.3546267767897, - "y": 488.4335837047473, - "width": 78.19194030761719, - "height": 20, - "angle": 0, - "strokeColor": "#1e1e1e", - "backgroundColor": "#b2f2bb", - "fillStyle": "solid", - "strokeWidth": 1, - "strokeStyle": "solid", - "roughness": 1, - "opacity": 100, - "groupIds": [], - "frameId": null, - "index": "b24", - "roundness": null, - "seed": 268281380, - "version": 653, - "versionNonce": 240902940, - "isDeleted": false, - "boundElements": null, - "updated": 1717946115508, - "link": null, - "locked": false, - "text": "multistore", - "fontSize": 16, - "fontFamily": 1, - "textAlign": "center", - "verticalAlign": "top", - "containerId": "0eOjlptq2QPkgMZD4ilw_", - "originalText": "multistore", - "autoResize": true, - "lineHeight": 1.25 - }, - { - "id": "6ZMBBGC0e67HCiZuw1ZGQ", - "type": "rectangle", - "x": 433.0074470871197, - "y": 611.2583420078661, - "width": 296.0816922807304, - "height": 40.43217567449267, - "angle": 0, - "strokeColor": "#1e1e1e", - "backgroundColor": "#ebfbee", - "fillStyle": "solid", - "strokeWidth": 1, - "strokeStyle": "solid", - "roughness": 1, - "opacity": 100, - "groupIds": [], - "frameId": null, - "index": "b25", - "roundness": { - "type": 3 - }, - "seed": 73209500, - "version": 210, - "versionNonce": 506281508, - "isDeleted": false, - "boundElements": [ - { - "type": "text", - "id": "lDvSHg5T_n2nFJyxXar85" - }, - { - "id": "5U3m__cEk0384Je1xS8Lt", - "type": "arrow" - } - ], - "updated": 1717946145151, - "link": null, - "locked": false - }, - { - "id": "lDvSHg5T_n2nFJyxXar85", - "type": "text", - "x": 550.5683127587349, - "y": 621.4744298451124, - "width": 60.9599609375, - "height": 20, - "angle": 0, - "strokeColor": "#1e1e1e", - "backgroundColor": "#b2f2bb", - "fillStyle": "solid", - "strokeWidth": 1, - "strokeStyle": "solid", - "roughness": 1, - "opacity": 100, - "groupIds": [], - "frameId": null, - "index": "b26", - "roundness": null, - "seed": 169830436, - "version": 101, - "versionNonce": 99685404, - "isDeleted": false, - "boundElements": null, - "updated": 1717946143284, - "link": null, - "locked": false, - "text": "Modules", - "fontSize": 16, - "fontFamily": 1, - "textAlign": "center", - "verticalAlign": "middle", - "containerId": "6ZMBBGC0e67HCiZuw1ZGQ", - "originalText": "Modules", - "autoResize": true, - "lineHeight": 1.25 - }, - { - "id": "5U3m__cEk0384Je1xS8Lt", - "type": "arrow", - "x": 730.0891393678501, - "y": 627.8029150748303, - "width": 33.89886827099872, - "height": 77.8473208768944, - "angle": 0, - "strokeColor": "#1e1e1e", - "backgroundColor": "#b2f2bb", - "fillStyle": "solid", - "strokeWidth": 1, - "strokeStyle": "solid", - "roughness": 1, - "opacity": 100, - "groupIds": [], - "frameId": null, - "index": "b27", - "roundness": { - "type": 2 - }, - "seed": 2017356060, - "version": 847, - "versionNonce": 601341212, - "isDeleted": false, - "boundElements": null, - "updated": 1717946143287, - "link": null, - "locked": false, - "points": [ - [ - 0, - 0 - ], - [ - 33.89886827099872, - -59.624776904124815 - ], - [ - 0.2678641205010308, - -77.8473208768944 - ] - ], - "lastCommittedPoint": null, - "startBinding": { - "elementId": "6ZMBBGC0e67HCiZuw1ZGQ", - "focus": 0.9211394284163724, - "gap": 1 - }, - "endBinding": { - "elementId": "0eOjlptq2QPkgMZD4ilw_", - "focus": -0.504700685555249, - "gap": 1 - }, - "startArrowhead": null, - "endArrowhead": "arrow" - }, - { - "id": "ECiME4kCyLcElqpESHieN", - "type": "text", - "x": 779.3728577032684, - "y": 549.0028937731206, - "width": 230.17587280273438, - "height": 40, - "angle": 0, - "strokeColor": "#1e1e1e", - "backgroundColor": "#b2f2bb", - "fillStyle": "solid", - "strokeWidth": 1, - "strokeStyle": "solid", - "roughness": 1, - "opacity": 100, - "groupIds": [], - "frameId": null, - "index": "b28", - "roundness": null, - "seed": 1031090332, - "version": 173, - "versionNonce": 153810724, - "isDeleted": false, - "boundElements": null, - "updated": 1717946206425, - "link": null, - "locked": false, - "text": "Each KVstore \nmanaged by keeper of Module", - "fontSize": 16, - "fontFamily": 1, - "textAlign": "center", - "verticalAlign": "top", - "containerId": null, - "originalText": "Each KVstore \nmanaged by keeper of Module", - "autoResize": true, - "lineHeight": 1.25 - }, - { - "id": "9gSP2Ihxnhrj8VPzU3iMs", - "type": "rectangle", - "x": 440.01400715336973, - "y": 528.7255798511883, - "width": 82.2687246664696, - "height": 43.508786429962356, - "angle": 0, - "strokeColor": "#1e1e1e", - "backgroundColor": "#fff5f5", - "fillStyle": "solid", - "strokeWidth": 1, - "strokeStyle": "solid", - "roughness": 1, - "opacity": 100, - "groupIds": [], - "frameId": null, - "index": "b29", - "roundness": { - "type": 3 - }, - "seed": 862728356, - "version": 81, - "versionNonce": 2003221028, - "isDeleted": false, - "boundElements": [ - { - "type": "text", - "id": "bo-ZnZOJ2RMYEwiQDJwhQ" - } - ], - "updated": 1717946171042, - "link": null, - "locked": false - }, - { - "id": "bo-ZnZOJ2RMYEwiQDJwhQ", - "type": "text", - "x": 451.95639103201466, - "y": 540.4799730661695, - "width": 58.38395690917969, - "height": 20, - "angle": 0, - "strokeColor": "#1e1e1e", - "backgroundColor": "#fff5f5", - "fillStyle": "solid", - "strokeWidth": 1, - "strokeStyle": "solid", - "roughness": 1, - "opacity": 100, - "groupIds": [], - "frameId": null, - "index": "b29V", - "roundness": null, - "seed": 1054504484, - "version": 32, - "versionNonce": 374592932, - "isDeleted": false, - "boundElements": null, - "updated": 1717946171043, - "link": null, - "locked": false, - "text": "kvstore", - "fontSize": 16, - "fontFamily": 1, - "textAlign": "center", - "verticalAlign": "middle", - "containerId": "9gSP2Ihxnhrj8VPzU3iMs", - "originalText": "kvstore", - "autoResize": true, - "lineHeight": 1.25 - }, - { - "id": "sS09HXQCLT5o584RLcoh0", - "type": "rectangle", - "x": 535.7029587057802, - "y": 526.7472119897728, - "width": 85.49840063365426, - "height": 45.291996146440965, - "angle": 0, - "strokeColor": "#1e1e1e", - "backgroundColor": "#fff5f5", - "fillStyle": "solid", - "strokeWidth": 1, - "strokeStyle": "solid", - "roughness": 1, - "opacity": 100, - "groupIds": [], - "frameId": null, - "index": "b2A", - "roundness": { - "type": 3 - }, - "seed": 1969890340, - "version": 163, - "versionNonce": 795200668, - "isDeleted": false, - "boundElements": null, - "updated": 1717946178372, - "link": null, - "locked": false - }, - { - "type": "rectangle", - "version": 243, - "versionNonce": 1959742876, - "index": "b2B", - "isDeleted": false, - "id": "dOSADw14E7lwG6QVycTWj", - "fillStyle": "solid", - "strokeWidth": 1, - "strokeStyle": "solid", - "roughness": 1, - "opacity": 100, - "angle": 0, - "x": 634.8832415027643, - "y": 525.0060952065161, - "strokeColor": "#1e1e1e", - "backgroundColor": "#fff5f5", - "width": 81.61054425609542, - "height": 44.80601409924611, - "seed": 964534684, - "groupIds": [], - "frameId": null, - "roundness": { - "type": 3 - }, - "boundElements": [], - "updated": 1717946186317, - "link": null, - "locked": false - }, - { - "id": "Jn2VZB4Laog2zIHreQ13v", - "type": "text", - "x": 550.053971904952, - "y": 541.2988719488441, - "width": 58.38395690917969, - "height": 20, - "angle": 0, - "strokeColor": "#1e1e1e", - "backgroundColor": "#fff5f5", - "fillStyle": "solid", - "strokeWidth": 1, - "strokeStyle": "solid", - "roughness": 1, - "opacity": 100, - "groupIds": [], - "frameId": null, - "index": "b2C", - "roundness": null, - "seed": 268605596, - "version": 81, - "versionNonce": 271008028, - "isDeleted": false, - "boundElements": null, - "updated": 1717946183225, - "link": null, - "locked": false, - "text": "kvstore", - "fontSize": 16, - "fontFamily": 1, - "textAlign": "left", - "verticalAlign": "top", - "containerId": null, - "originalText": "kvstore", - "autoResize": true, - "lineHeight": 1.25 - }, - { - "id": "bmEWq6ldGd19BN7P3CPgk", - "type": "text", - "x": 649.2096160538688, - "y": 540.0169508007317, - "width": 58.38395690917969, - "height": 20, - "angle": 0, - "strokeColor": "#1e1e1e", - "backgroundColor": "#fff5f5", - "fillStyle": "solid", - "strokeWidth": 1, - "strokeStyle": "solid", - "roughness": 1, - "opacity": 100, - "groupIds": [], - "frameId": null, - "index": "b2D", - "roundness": null, - "seed": 1351980700, - "version": 78, - "versionNonce": 1793931548, - "isDeleted": false, - "boundElements": null, - "updated": 1717946190092, - "link": null, - "locked": false, - "text": "kvstore", - "fontSize": 16, - "fontFamily": 1, - "textAlign": "left", - "verticalAlign": "top", - "containerId": null, - "originalText": "kvstore", - "autoResize": true, - "lineHeight": 1.25 - }, - { - "id": "W3LH6VESuV13qvhxI7mcM", - "type": "text", - "x": 458.21179209642423, - "y": 348.25404197872706, - "width": 219.0238800048828, - "height": 20, - "angle": 0, - "strokeColor": "#1e1e1e", - "backgroundColor": "#fff5f5", - "fillStyle": "solid", - "strokeWidth": 1, - "strokeStyle": "solid", - "roughness": 1, - "opacity": 100, - "groupIds": [], - "frameId": null, - "index": "b2E", - "roundness": null, - "seed": 100014108, - "version": 34, - "versionNonce": 554727332, - "isDeleted": false, - "boundElements": null, - "updated": 1717946232701, - "link": null, - "locked": false, - "text": "Main components of the sdk", - "fontSize": 16, - "fontFamily": 1, - "textAlign": "center", - "verticalAlign": "top", - "containerId": null, - "originalText": "Main components of the sdk", - "autoResize": true, - "lineHeight": 1.25 - } - ], - "appState": { - "gridSize": null, - "viewBackgroundColor": "#ffffff" - }, - "files": {} -} \ No newline at end of file diff --git a/copy-of-sdk-docs/docs/learn/intro/_category_.json b/copy-of-sdk-docs/docs/learn/intro/_category_.json deleted file mode 100644 index bb0bcd14..00000000 --- a/copy-of-sdk-docs/docs/learn/intro/_category_.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "label": "Introduction", - "position": 1, - "link": null -} \ No newline at end of file diff --git a/copy-of-sdk-docs/docs/learn/intro/main-components.png b/copy-of-sdk-docs/docs/learn/intro/main-components.png deleted file mode 100644 index fa82eb9bb07b7244f05b1016d19da7be97a111a3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 61439 zcmbrlWmp{1)-(zPCwOpocL)+RxFMS9v1k-g&S-FTp%5PNPdN= znjk!cfFOmC786l+(>c+G%lssM=OfS#jXnuIxCUa)}e|afm}p*(keNd_ot~hm$?7$y&xrWq0#ha)S$A))SD#rP)El_0jOy+CsqhKD8Hm+<1D<$fo#yd?YyAvHxS4@ z(-@>g9{;B+8u&ZCR`x-p=z(X2ih>~TDU2Nw878e6{|t6IoXYF#QD^+@Nc6dlA3xd$ z34#E!#{gn!qOJmLSi6)2n=HhDA5A<{YdF-J<8?J0dtAdb7+Y0V);8XBD$6v=M~NNz zviJb&1^M5*3opR49**Mk`I&J(`a)csyYau0t{3O$8w^QNI=BtR5Rv?GU}J{!+auHo zXF(RuEh{^s1vlkD`3YXSdHrsKuxvkViu}yYJp}PL-;H0ewyw^h!5Fj%*&}-C_H32) zdOlq+L>(@+^#uYKFLr3iedW6<2-IqVFiBmro`Z7jF$T5ZhVUfI&+7DqmyV+ho(J zyS%)-FKf+XDt~d|WVA%V5UDhrALjPu1EzrI-Rf#xg-Rq2%WGbzU+J%3OU=%P7a_(V zNu)@_k+r8dYj86c7ne5i9WxddR)#ovye;Es`lrYN=2epn>x;MWBH0ul-S6LPwJ9 zxh*TBZ&2lrP60Ow6qlABhL~~k;Xph>_4on)-x&i_Y0l7^ z+^0tmQ&v^IYho-%gouIi()i1v5*v+M;u0|OiLVbk0$5@vY6zL~f5i?0qp@p;O4 zB?CRZorrF$)8UL_U2Ap=^$%c)G=Z@3Rqt@K=U2S{*e0K0Y9diEeQE{PDcbI>C@aIa z0pCGSB30K|KZ%dl?KNs-t{*N`g0GRV8Py~Al~q(u4Z(LJ5Ugm!N!H*+U{lsoP*+`+ z^g|WO)vBwS7>{{b4$FZJ{9RYEmXV(RDlWiqtAiAN{%Q$YAZW7go}Zby+L*}tl2WPN ze#ZcAQZ%=)@Zdb@bX_qoiB_%B0xdUME-J43zIluM>1B58;vS&CWu$?fZaTGQ8f`;^ zkZ?X-X-sr;5f>lGj+Zj3-rL(75_)^S)@{%UQZ)E4h)jL;lg`1Gdri!rKB$Md&^*lW zg@R}^28I-CP`jjXr2@99mv6qhx|-F{cFZ}kAMTzx#JS@?L<0ocPrfF(ucy3oJ zQ6S*r=H7-{Zw0;%J#M35U|?`j1??K)YszZxnI#+DV?P31|B(z(rPqV>mYf%J@w_^~QR78czQF#_$jX|qo`0*KnvSzlZQ`QxRc zY8cC5b7I+i>7fYkeEt_?Afh1>yBH-xjB4$q`~fJCX$JX6YVs3r{2=H5LW2Q2GZ7O;4jcgsFiyAS*WA0*&+?_4Ob{$>LikqVb|qZ*oQ`INmF{{JPy}_|9IJqGu@1;k$bu6MTx!^66e)4 zJv}`}E?y=oPi!Vo?1&fK^rZ;CcS-eLPn#2e02-NcE~U9m8r^b#7RU_~KyEIDB`8G!=j{DBJiUnx}p3+-1vPGyt)CTMh0+(1y~C7$N`(miVFVv`9^PD z#L);Bh9&rkyQ_fIcn`#TlQD><-=KD=V4AjV z*)A_@*}|F+eS-@>`pg2fAf&-$=n0%~<>aI!{Sbyh>{nO_6a`S_1@U6x$}uG|fN|OY z#?J?^HYUvNrbb8H#|&*tS_&e4c+P6dFKU>FYCvQQ8`>tIzzLHmFr(wc4wq33fCXN>{qx7j}FmrE_}_ zKd~<~L|l}Gx5lL>qw%RY9X928Wb>K}cpS*54-22OB9;o|knYN@!ML{fUm4cFfRY=z zHE@-xc7zW38I#a1KW`oL3SmS`XflrWK6wEn*PgkL3088zstyw)_XM)PuQ6z0n~uEO zP~FTQMRnS&q3O2OkgW?#ni%2)3WBGY1;F}s;QTvM&4gCBv~WT0Hrz6yd@o^nAp8$^ zLxcgS9O&k!)Dqh7t6qx)Dax20H_8TeggP=ND=8?Q{vj1r)h-(lwuS)fwQD&5T)FeG zOx}T3V2Q{{pK!5!h6E`77}a`}a@Es~QY9KKepF<{yP@mgMmPwQq3uhH?=KMAL9!{# z;v%bissaD#Ae?kNJ#H5ql4*{*At46aiLAh%+kVE|MWAXFPH8;ESc5ei6Kc4D%)E)Q z48o5cV$&y&myzQEpdh#Xx+vGQQG;{ZA{CpqiP3UVjJ&ql7!=FN%`N%G`KSRTD~qHt zu5}*&ILQW(pi+QY$uQ`^6<*+Lsj7Y^DEhv$)bt4?@-<}mL-XHvgl(QLSK}s!HOr!B zVd;hs_c~g?o_fTI9lCrG6#~9y$MCVm5I^clmDX(cxIF^%IUfZrj9D7i;%cn)57Ax z-?lC@2AMXSP~X=xj@qXcuXYm+bT3wbX3GtSVx;WuejjTVeVZa*Lc%$FN0HdG-)5W< z*kc(?qesTz&k0evrbHPL0%8GQesQfIhbw;s52aq{fj^s6totu;P}-LoMly}21FJ$Z z=!ry!27wDKxnyw+S(=3GUzO4~+m*7|`$}UFH*n0^FnC>BJ)1Xto|qP@v?CL~OgOjU zdjQ8V(F!aGAha^0cH3O-Yw@E>i#i*_(*!UMjVPt`-KLKMCHJdr*(G1OEH@b$x-}|&gp@NY`Vew zy&H$r5T|bt#DWK5O9gTU9=%N?Rxo{8i2$8i6sFqFOlLV~1yCd#=i|Il44mF>my@MS zMJ6UD0SyfeLE&L+t%n~wXyRT(I6x9PU88qo+h{u7Ffb6FDwizyK3CA^CLFadigQz5 ztNyXlOJRH#Nc&)G@F2|F>jKOJ6}ZW@7nk4Z6sl()2!=uBRophs>EN*a0;H>401lP| z=JE*IJ35|a<3IY@jH;eCrZriAv9Wa0h3df)nXI!WSj#k1@nk2CB}uVR!%Lu`G^^an zBY^lAEk>@%{rU4&y;qK^D|yrLF>r!xX&6)JJ~kz=m)0hTLv4ebmJA{dQ%Ip!vvi>E^R5N|>oj|-)p{FI| zzOYk9vDVsB)7~fjCo)NT!0c*@;Mz$Z2;NA8<(4ByvbTJl{a2$?mZ5| zZ9jp=aI4c2@Oy)Z8Z1n15&Fth-t3f*c{B_`*b$Pb@>G9Tm+%eUF{#r@4+pkeN|*Hl zk(;zz9gIaSw*4-Pn#0&~=0`8Z|DzsQp(ueQ_YqFQ*qDminy_YCfw788zh7LI z3s%#mN+nmSvP2r(ajSWr$Lqkzj#)!cv~{xhoITLPu`xOoviRh+>P?VM9I^q8@R>Va zN(-DP8Y(OFZzplSbg>^p$B|V5sWMEYItDKT;JJ>KpDaU53g$18fHbG}^8o@v&cu#A zMk!~x^hBEmk8GFy14JF5H60RqoYqiBIu4h?LF7b@fSlhgkk%> z8v&@MiEto==_7eyHyuBUk+aFi(8!|C%4^m~>WW|lOJl6Hy9&wwDgXP$;EP(NMxzQK zT5JI^h@st?&z3(?o~caH?yt1ZYajY>4$!1-!xN%A%r;R?!#AJaE@>)?XC;c{86fD| zCV;K@r(gi35o8U{UR_<~SCNWqz?ifIB=2~}rZxMgqEudcyqLjWBa!+ zGc=jTzztoP7FgsWcg9p1dVTxsfJ_G{$rPYeEd%4pjMpRBK?`?a+l`l5MIrIwIP6J^ z>HJ1V8R`KE+0FeN-x$hC&+L|pu|f^WSYiQ>28|gMGb%RkAN`J!088QI;>x2!`=+`b z$Gih4`sWuf*Ey__;f0cv{ zo&!OO+TR}TX`m7h1c(7UdW_@HV-z7TU|dYCu6D$6J#tFo=M28PAAXSU(ci<)i-ofb zfP58lVmE8+{-cLY#LXI$Df#}Bc04PyZkLxjc|4C!GGwjwlaR5ovFq-aV@zpzfG&;z zVU8IU`l*m|V_d`Z{&=~5Uk8ZS{l=qLKwk{ukC+XKP*f)SrlR6( zQ#J!_0dHZx!j}F&2Oqdhb-jm_Zb#&mdFthIo+w-eoTuu$_@^Zpj{YAlst1io2+${( zb^qtb|Mx$8;15W93Kij~1VjICZw*S)Pg>XCm9$&%zZCjCY+0fB-bW%5KB@nIS!B6A z=zwwdm*`J5uoVA|@Av&c0Vd}3ZOie0-MV)djn)n@xUk&du8ukW&krFeaswd}1&MyH z{LKVHe6HcQHCen=!>~7aOS|*Ffw7zqyuZ{WzyP*Hx@?o8oS9lbUt3yQI-9gQ|9o}* zU*F6GdI4!BMG?yAtA_(69*k_&!Xl(KNOhsGx9K!pt4ddw?RzIqliF*Qz{;7oNf+Cw zE5TJK`ky2-4)clou+1knV7zotr!tRmt7LSTMzW0LJjv{wN&w&!N!nK1TD0m513 zo^mkMI&Xu|>RHb(-$PHg)JsjeYG~)Sg7!Tom54Z6OYXIfvfUJ_Cb?U)d;4}g%H%&$ zyG@qpKKINU|2r@}=i$KfoO>`Ycl9vz8M|qo+;4`2GRV$<i;xG(di_8~l zI}9x2)LtQKc(ygTu@@t--8OSBNE`(r*QyA8!*D~c<*;R?0A;y!;>gD*{qOQ4?lzI_D%;M(!(5LI)?Yb+ww~t!}8V(jUr@|`rx!YAN(HTwF z24<|l8=?3(IuExF&rVNzdvRw%Hmas?Q{xPelawAmvFo^VhYhec5EOAtP}UNU(94e4 ze##wK2?7xi%xT=|lv+9t`)GorWle3!M86~-IK#)TN^j=`hW8236o@d&v`CZAf7~W7uf!dx})X1QKA^5AY4cW2N z@#@iTG^LeGA(3@YPhSoL!GKL&u#xyA`5V&yBba&(Ms<=LL#*XW5qBKhn~2;%0T*m} zV!WZamyraFWL~i>TAbN2=uBXIFs6#?-?O8SrqFe;IC)6oFiG{s`zmljxl?%qKEWDV zW4u&@Lj`eQBfoyy&CBZ7nli z%_C>8V|tRt0kG9n&8lPJ(|G`%A?sluSurU$O?h0kdf4<@zx`K0dY zU&yFtf+Tj9T<*mZhiI7@0NotBJNjwX&VblT{$sa}x$`{X7k9k&?5RLf*_ziuKk6TR zFIG0;C_~GHG~*kACPI}@pXIAs_2#-QrmsTRf2uR?Av)8o6-8;jgAyP7j@)C=7d4}7 zch@`_%S^1&60JrXgOt_yeVL#e>|cdXxF`L>YFm;hRSUU=m|5bBR{ocoEDqW?^WG_) z^Y!D{*47O1boz6RZAThuaycXlL1PFd)adzNQ912DH>V$U&3c5@Q&XFC?_bnlH9YH+ zXL1`!m~QRALrE?t`k%BL@q+IJ2sv^3@ie4-pKTqG)#E)@RAia#&I~6E@|ThTXNmzn zC+10=1%)Z~VmCz!y0yAq{@ZuVaJr^gTui+ARu(%%jEuw#?bC%(Ap~2b@@h!^IVbb| zbw$|oIh)Jo;`2gT9_O`ZlgUN!&ly9thTRSSt8c>hc(U4YRGnCulBshPOf zk1Fqs*|rwAGyQ-S78qX!Cg|cNrE&Xkyd51r`6x~+5XnUqMsQZnw#H^@CDL7yXzt%Aq2$5sy=0z8 znQ+L(u|}v{#9VV|JUtjm_+FNKK4U zM(y=;S0*dIqW%e0qrsW|Lo_x|sFc~DiiKv{M@I5=vB6*R)akJj8OWHuI6gL2);}=v zw7@?D=Np;eP3y9pmck}%`4?T;p9IRd+a8G{$FyjBtysfjg0o~DnD!+&pfuo(#2>{N z!>2Z`K@SavT5~&5O|T*D;^PStabcSR0$Y(&7)l21pa*Pr}J4we^Z^q~(u4 zG#*%Deok~{59d~vUJAlg;BYY1`#y}7__Xo*ef=a7|mahRg>1a}nI5qA1x1kqH zqv`1bPd3N6&5x9u9Hd`Yg1+l>&3pM$kQaJSx;VXAXyk)8UI<=2S)0+y7%=qzAg{-U z>q=McubN4aeu6Zdp&5wPb0-zZGooSmENb_2Ym{!typo)aE7AisZ*2rjqf9CR0j6Q;@trgIiFQuNM@>HwSnl z(MLiCk~WuJY4Jq|9HYDfEo^Eodv6DpGDiKOqg2pGaKgoKqzH8gD;yHhcN!j7bKKwz z0oiiXm8&B4F{dr8aVEvh9qQDJ;CpGb%~^Yf^hCQX*B{5)dpDjlly`fVA)A2bPr1kU z@{^%fEq3j0_!SGUlW;@L;h2{@6&+r@C+w!Q!b>EHZ6}z<%>Ux-r#ut6AUXQqv+3Fd zn0WO|Ml4VvBaB5aPM2qj=k)Q{kAupIoDX8&Sn0uqoRNHZqAci=Nq@i2sV`8I7oUHM zQDW7f?a-MWDbh5j{-ctHxjE}KN$OB6d4gpq1Xpfa^5c_JzYFLD%Twy=SBei~74{}SBt5K0NLsHnHqGztQI>B&gHQHWBrMNBk`pG&m4Bp#{HEcRCYA6F zT~JY?dL_S5gS2lu(5SiWOBb^_ot^0?2C2}{AcOYKWHH0u67%?P2Kk7;?$y_&dS&33 zBCe&7N&}=GaCo>jk!OiH$TF1!q*JLt=l@`LcllFO(G=DMhi^J{b5}PMMS?)4^#y2$ zHb_i@(sAN{ zXbkhM$v!#=l^autWkhQgNhA;iL9nn*{1W_5?5K6ihb)!fl8z}vhwQGuObN2YNw*&6kkp{fuQlnsYH%v~Ke4-i$^`-UO- zBCh1gmiMRej7{ZKi{^)c4{p$?fw3d1shuq?Yevim#F2N6on zL7ViTA2WEME zEJ~RF2G-hL`aGzlPZ!duF0%eB`Ifl(HLKC}t zcC|E5FjZ1S`3>=CCIK^r=!=5WU_r<7)U+38f-2i@u~G^=Vh=LA{K0VP&w@jY5`Rsoc_WpCUtir`0e8M}lcIp`kEQNvCrSjSDcLI_5u{jkh(Cdr8mi zxKyT5AsoOoFs!Z0s8!Ps``2Z*Lo3^c+}pzZImo$2>z20Fcw9lvl-*X zXI18`0bzNYFdlY8CP5GX;yPD4a=I9VaUK@PA_QG(%Vo7-QH~D@4oFobL5keD8`ZTE zAQJYV#5(ric9`*sY*@U36;P2i)%X@Qdm1!yuS)5!PapY6;IOO*Ch|HZ zivhZq)&{ykI>#6^Z!j|z?amPqJL59`%k?I|oIRWXarhJa2M$piWenWI;gqr%VX82* zHu@x+-+mR}x`PwK{0ljsl*1WE_}b546wF&^NudU3$g^GZ|Fo4U(lR6+dC)Ux#wooG z_MGowt6Fw*qFA?5XgBKMVX<$PR|#tI{)Qn_gYYF z*lEF^qWx5Qba8n%&K%K}c_$j1wABZu!c8_m|8Pc`(eEu2>NVwDhTiZozbRKQvt56* z@;PhA`B(jrX^u%KCu_L*2_5>=a{8yp_i*2ReZ#_>!!mPT4l;K98Rk}-k4{5@N3JCe zQ)w;zN!VZIG318F%}i#MC^fLM4eP#LyxSVz2;p(#y9WQMO(ujV)!4;3(5-NRZnc8- z?e%QTvGq4+ovi=;$WiWh!MzE61FGI(zK|3r6X(mhy&0d`zC%t9q)I8bm%14mAByYgd{BlvM!4E7q0f?@QABFMoWR>cs418%*9AxMZ3*5iQP8TmVj71ZFI3HbDrpQp z8QVUQnJsOLGL)oNDstdo0D~z{vdlA~^Ahv?!~GZzHt$f!TS~i%bCs9CAph3e{V7pp zT0Q9*Ib0c8!2Xu&)xWai0ef&$mgT}CstJO}MznN z{e4oHz| zb|XUd$3tHKLz~$FaQh zT$>pv}mYCT@ zOsj)YB&z`Px*qL6{FKfwyXxwFHrn){&63KI6VSliWcLwtD2cKwmB7=9meheJc#1m` zHLr3|!G6f`Zx@JVVSDm8qQhBclxlLXhMk~rKSqt~LB%X>CYEn4q#xTK_zya5H(>p4 z!Q>LCG~G!RqSuRDmZQyfpvl!CjCwvU-#v9awG`Wori3uVvh6g-#N?Q0->Pa|&4tdh zl!^BC?8fPlMN2iS8eO2J!g#)&%lIzB;vcRK%f#`zzS6#j;iajrR|5T>%w|BL1qneI zPN0hx)oy}X%c0VJzqr~>^I}nS)%G~|=?{wb)=50ULX+m~tg?3NA37Yz<2l-@%>1wG z3G>XBsYkeiN`h*u*Y&zh_P3YV-5Q$Lx3NSsLns1UXa;iPnQYjC#2ge~9M2x#G{v?; zefPTKpEV!n5K!TgcIDAqNzJjWQ(RCm_#%u@GJs>mytPXIUl5WU(WI?M?gSNy{P@Vn z<~9t|Etx}*2}8S!SSFs&eUpDJw=(`;+dEfG@93djeA3u8#w-#a4B8#G4q*)qSg2!*!#$h-3z zC6wr2#t}}oPnXFN#l5g*ix7Q$an!2Nu~DcA%SGt?M}b+b zx-N>e$W>ZJlPtIytI?Co(tY$i=uDg1yXcEc>u!{vuyDrBzmXbqRr@JaABBaOA`WLv zWDecOn!EL(Z7%P}d;5UO>B`an_DQZ_LW(>asg+i(n+?7kqidl2>e;HEt^mysP(bz- zRtrcX2t}f+`=bAexiL?H{!zZ3AyfZ8CzGXt{dw|D(XF9yg5&etEp9{T2rS5k8?sAG zRSxaW?;}VF{KYBJRg_WbTjO$%5zb-`?YNK}&{5JkXH}}aX?XO@hK_Nh26SYU-l^Z4 z|IRj#X$+hG$MKD$fsVV$gDp`?{((NbDmcUVn52<E;mQgx3c5#ULG>w$;2BpJLL#^PsR;LqY^#+%r3 z+^|sHW35A@PW)@ZTU_l2N7T(n0X#8EnxrwXsNS{{rngkv{M)pnmA=W9*i7ixF~;eH zlI(pj5H`Z9@bELPmoh_rI1&gI?$Jhmmh$*vBw^tGX?5sI3%}HpwGm4X^ z-5Af$d!bW&b9&!vb;e|7au#Yzq0PSGk4L=?&+J$P8h;ph(k?bzaiY@wxi~GC8a15^ z;|TiUKM_K8Hg6DYEGt#^l^3PVZ6!M2vj-{q#@x_2%2k#y1z8|bw7VkNgk2(WKv@R} zFBDF;mt(Db2Z(PHXJk6zNW1nXy+SzqBKx6bqJ0myF<``hfc^pMNHEEXxG?^cr4gy9 zT{Uy`d5lYvp)y=>+Uvd}vQUw_6jpv$2?+b#Ftk4rH|~kN${Jn`T;EQ7!n3L*>%_ZQ z7FN7>D|IbEWkq2UB;3L1wBMki4)q9df%-GnM$ zGNmYw(r&O0^tKmGps&LG*bbFU&$krry;4@bWFKdIlt!N+jqWnC^t|h=)z1Oi4byIR zYw!Q5zFVnSQ0jSxhfnnY3UHdK;%>^?_{`5Rb{&cSbgMTBfNPvKnMqN>xfYKS{{AkZ zH1;c3mI9_fbhc|0DPYl!=iA*D=iZv%^A07pn`O2DRfS#L9SJrlm{31b@5FQO37q|? zXoN^}?47X^yWEve$Lo%*LhI*E$8fQojw7RuR)-8N`hzTE@H<2RlPb~mTqIDgprwP3 z$M0?!-NE;Yv7-Bgi8FMw>;3Tp`5i9MASu0-h7`@?62W2)>6%?K0F7x_{f^z6yVCws zZec71TSeDy_amcrngTzY6?4wJQz{t5qW^B1d1lfTi2h!J*ocTXR!d~hk^7@(vc zYf#**Ho1`NK9{camQZ`uxj81(9ICL)RN77yvMjFe9pm|Li2xqb_vLnjgqai*HcaE> z^U=a;H`w)Sj-0@09BmlXm*exAW8!u!#l99QDt|xP0c=fHYHe@YZ`E^#MM_9q1ZaZg z70G2|n^}?K7(fGcRexf_0j&)sP}OQdW2N*?Lr_=^p4(D7RnA%xOe*Kb460Z;GAaF(qN zKLG%nii5v3FUk)Cl46F&^xR|>O^iK+hL*QQj9{Ivz)Vs06XifgxreqI0K_~J*A4B( zJ!{+4eaGjM{xMm6Sds-TSX6;PCd#hn2JWDe&ws;G`+(RjR2F52nNFDF~qdI#eB_9@srP|b5| z&~NU~Laa|&YDgVa&yPi6esYh=V+5z_546$z=@;nu#l&h%MgMSGri&~5>HNLWXNL-_ zKS|Ozr=i48CJ4^KA zRy~W}E5S7c&bBLd7qa*LFG{KU(k{#c7)uTaL?WoE0x!bxbfgCRT4N$UWR;*y_)Y ze-7;Pbq#XNzQ4YNBl)dDQRTOkfcyNqBVu=$I+_PGnjOyScbv0fY}n{kk`(#nPEbd@V-Pm{dkjL}P< zX|tcwx(c1+I2=#|fx_5@whc;1Y9XY&_UIzR%2p&G7pB9bTSWFq&xr6E$#Vky5FO5n zkhS(;Aqcn=cfVP9O3@AGH&{OBGwAly#xFNQxk6SQhtw0UECNsDTD;E=YKDq}FP~bT zR~TlYj~Y{SgOMij&oUjyF1rKuadJ>KZI2Z{n%mff$cE}bRZn=pG=cTMJls}&`Cb3! z1ABMW$^Cp<`;>J|Afyc?s=zx$=CxI?xS?YQUUTgk%&^K7#MWGe4@CJgajWy?tb<~e z&AH?Hq~whY^VKO0Jn{f8Kn-2VIL>srD!D*MD?H!Qhnv^_ytjGdC8aiv*5*BoY=sst zYmm~Php6xmim5$xd&m2~oAjmg23%-uG?)$$TzeR}xT*jjtYld{%`=~^j zU8KM*=G*!`zu|ZntF_w~$h@z0a*m%#xS>l>1wMRU()+OZLgIZva~appH0nhA*$i=WoD z(GNZg=$3C={P$+Os0Eo})fO&#g+j;!an`ZV%=2g*!Z#q&)EDXA0CMtc&*LbPfcZfZQ2?N}T_?%VlCdnMB^ zMu}_f?m(Rwf#O@uyDr{<#vvWgkB~&5^2+ucQ5AFI;5cMhs@?Oj7kPYjGGrnYIKTzk zIqmv#ssd?3dNm3n182>e(XS-cWA2f+`KWw(2Z~he=cKes*3Wg!}xr%RSL^a&k z@z@h@d3n^_ENAI7Ht3K@_53<8N_|7Nzeb5jmJT_1swV4U|Sz@b^YtTI4+) z!&C@;>--mUeZIfn0iEFrUj28kf};b;BKQJj)jFSiF?V8`>H0Q$!1u6dsMzCcB7jUo z^bc+yG?ew=*>ksft;n|pt={N>#s6~TI56!`wT>8ZGhMY(r@DOvq$wC?UdKcUMJ5FiBW#Y?0oJEV_QPxDaWTrD@$Lp14Ph&x(;YUwt5?&GujkBLB zG5iR`0sU!cf=&qap3OXigv|lyf8d}%@q$IvNoBY#N-pvai_F)ineKr(rQvb)uGiDM z$3p@^3M3fy{@uL&WF}^GeUsahLXasa?fudTJ?bs48$OFtZm&gsn{k34W>xzH?v`imj|Ew&@Njru*AeUhcrPOH z4<|K47yA*mzy9WnT17(CV;heN#eRsHz|={ACWflHGTC9fdv7IjD6zen3{Ls4$NWNk;Drk) zOxsSR*MIlEZSZq{rc?Nav20nq2$+RzjaCd?XGj$7>x?e1&otixuN8$RTT$wLg*@Iw zTWrR1vd-fuZQA~sT)en$@P^~#GCcG|h5kkDCfeyoTECxs(!V}in^C91Kv3_p;^nN? zMk-+Lm?3jD`~Bsvf1|IpFI0FRnXeC6Vz~V`ds?sO-$SfdN28hPw3^Ize z6}%qcrPy?o)fmPvWLJ3H8n`EX zXM4U3C6Ue#T4>oFO%@Svz+f$|-VF9=vAya%ghuQ@PZ-L>K?!{Qa2M!Ftq?fetmq{5 zH#ZUP_ud+JDC+u4k2Hjc8mq~I!5s@mhy3SdTykUMDp%=-hMt6hXa$2|5lK@2>IH-~S+$Y?(ixM}qIO&aPnpgr_4eXt=q&^*X z1Y&%=&LGqNG}#oz$`aYyR>Kd=Giv=s_EB6th~SKtu*J)|*hGx#u_6^VdzaL06wCV*u@%k9`(O4Gvb zG0++*1Uga2+WojaBhu}pAw%s@c=N9ZrK%o`t>I-L8tv=3zx1Vw#A<_WcehP7Tm6`+ z2*f8a$n>uKOns*OMX*f=`4aQmHIjB&gd-JCv^p_O9zmle3x=oKF6T!#xH*_X5E}bF z4`*;o9bgkdgI|G!32oYUOIWX7$Ie}|(-v;(-GQ4c8H2sGzIK-X4p%cK={^GD50g?x zEuBjA;i`O~r0V5MYjN3qG&y02w66X~79UxO+;KFZ{eW%_w@~$Gw_VG<$Nb9<5u@sk z`n%Bq@p0Zl#HWz8jBb{XfLnQT4hZ4)RI^H@Q>*^7E}u72Sj`%O(@jM&W%Ax+Ks*0$C#d+(NKt>rheFWK!iW)? z;bSWB5cR(VmgE=Jha7)d)ZXx@g*agzPjlvO5`_#UVq6lWbbOvvmTHbe(p`6F5fK2& zZh$0#svKOW=UFFx@h48SEr?159q3QE(7}Btx^WUX-3$~{F7QT@kIIn!%ALdf=v{L= z#`O~*FfwdcJu#Ge&i#o{CS+stGu|D*gwFH1_nCrL7^;H1-=0VmLRfqwQ2$3Nnq~Ul zGA69XQ_-$rFr&084QrXB4eB|hl0^ZgiS4s}B(A>|`V_VI1hgTz-T-Ov0V?qt&JNr5D>%c?!S+7PIFdXbSP3g!rs0J3*xi^3wA0KLo3l6=rem(!`I;!8=#*x8yF zGDH_D#kbsdKSDMHcwGGkbnFo&c0Jz;ZG@xKD!=Dn znM%4cueg16z2YjGK`M8f{LQ=4>V=x3>TjWV-P{!4wBX&ONf4>pW#tv{B2_|q763ZD zRXDt4&PO@O;K5?sHQfp5#Fjyl<`DEh*#0NdIdz|n>;^%sn-tU&%A>%zYWXPQVeC_H%410Xv=X_uIro10^!e!d?!6Q;1^-dtR?E$Cz1LrMFWQAu zRC}1vsDoJJHOvSl;sV{V)UZ`)tetanv;#A-D}dPI`6^0S=Uqytb{=EF&C{V(&D>$y zz`JjK^6+Kf?DOR~9JSoI9)DN+vd|v3-Q03*#^3tBhn^wUNf1}6996L}6VrWFvlBfQ z++!&!&Nl38d``VFULN+sqxcpCZx$~|sact^+!o)5Qbtwp%0&tLYwPc)&BWMYv5S4I z`XLm-rx*?X!C^vi9*kC?vj&pPuaE`s$y?^&rEDdE_K(r7`DJCAeR;mwlzLYrGrh}l zb|~v801^9KFOAQ?77kV`si+>WzfdQ#?GRa~uf_*Vgu`B}y3WTcF6KB)2*fZ1OY0KE zB6hvMwo8ky&T1-{>xoltAI2M9x5Dd~IWk{f`yB=RNy$e02-o!dO7FeR)?YZLFcwkR z#qzw=^5(IAs=xn`%FFE;u+V!?n$;GzjDUhDzaQY!=xLMv9bFYi$}v`X+RAiX*eckQ zYP89rPb-kj$*|z{bk&Z=_F<-|@ga-jI;5b2;w%E0F?AJk#gTi#<0+U;c3pKu7ouYF zF0C~CAXEAfNaQM`2`@5-wC660hOrz|HPPMNGB%r1nr{}|%5+{A@TA=27j`fZ&Z^N< zB!Y+Gg8*miun!?T+h|8l+e0$l-rcCqcUMkZ*WbY$uG8wY8Rby)9x=rb>0C=N5Rk4{ zk-{S*q590K5?&ysNJX-7^3dL}X0FjWWQ9GwnUoE-9#=zXM7(#8DyviWKzcfeMH*!| zN>6f?Gd?B*)O6SWm{*dm6j*2rn6|&CA}1J(PX4XE8-0FgXhEozUbQd<1U>ZSNib=N zs@%bxkzc()MFWy++)|M&^4Q@<7;^o64}E3p+zxn6Q24gbWl_SKq<~;*sCQKfQWPC! z;jnL;KbdZO7=`tmoAf!xp$WqmA_OmDiw2y(_o?bYLvPkImgm{O{^H}>4Aig{_z*n? z^S`|Smv;#!-v<;a4n;=`A2K}Oopc!-z!3>$4K_W8H9DeaUoc|GnYz9{bxKjJRdcPd zQm++x!)JqZw9-99(X!#Cn9_m&6U2fYiCieH6GPufg zj7OAaOZ8si1jGVDM~@_GT}p2&0W6k587bRObw{2Bk#?I5KNZP3%TbDtMVEiyZW1}w zjNB5Y9fW%t!{>ZuHvadC;N-#x#ql3~8+&NCLbWEfEVWm@7nKH(%Xazr9y}y+FVF#p zHr|2B2w6H9n?(A7HU-9*OfI`Q|JY}~e3W6PO6LTT()VH5#D9eQd+M76IHAz1+jbMx z*hYkmENiJUhIb>bcXyS4ryb+Xf1gAzm<~VsS+{wyqy%WM&O^gZ~|7 z*9G4Jd2+0@F4@c12W>q6CJ~^+CVsgcGOewv?Pofk?Fb`J$sF35-=uBNu)X-=2a9Ta zdzgyDZwM@c*HBAMr(P`QGXvfKTRe2Mc8eu(KbT+z+Ggux_^eVao;9^tURg+nd?U|0 z_g_8Q&$#|m7>qF_k9zjCUjr&1D!vbgS0Gn;&jI&lq)S^Gu`iI;K(La_Oh zP1W^z!lU0{_O1e^r0DIhHcZ<*PbNQjwz#M{s$PW{ zEw8touTn4WN^wc_x5c=8>=;irXfzlewe_es6a}eczw>8HQCf6#qw_QSV6Ja`@S!0o zm>96^?9Qn1+`3onet`Vtv+*F{6Y4wK?R(A!R8BV@Z_EQNpYF@b9HULgqstDuYv{$H z)KmsgDlG`o=LN;?s?f|$?yLAIuDbF3XTAcp9pL?7{}&IH1;re89s#^!9Q(5Vbje>J zXJ#rJ`Y^~W7#d5+8EJ|%Q};=#EkpsCM?CU)%H+f02+7EPOcC4*LJfuA<(daw zB}W36{|`@R85PGCZEIYD1$WmF9D=(9hY&0{1ec(}X`B!wxLe}{NN{&|hv4qsIE~-p zyn7#mKMWX6bywA{wb%UST!viOxp8`CU+G!OFCIQY5`41sOeYnCnZ9o86IOH#jN?EQ zY@!7MtL;fO;RWM;t-nwrm|)*jDG}Z-%7z>>I-@pC}?U znN#!(*EMFDhzW<_sDFlXx#()jtx|VTDB)?XZEx-|2pH;j5q!z9PNHsoc|}y;j>uM}>@b7xT}vf`OD$@z#1(RyuuY@s=ZD6DLg_`)-z@`-Yl&4VjCy~h{JZ61A~O&57o3Y3BAbF$Wz6Ef z;h!Xv-+D{}XX66UOsb^|szr?$eYo32E zv*N`%M|lQr|BG*1a*m-^9E9?bN2Dc3GMjD*hs^9Cj=zxk;PP<}H~7UzL`H?M`*3Q! zrHv?ITklt>wNeib>y#Li2zXg$CBtZ zpAU4OgiQ!b)>7hlyuQBO!9dY8T2f81o&!0LSo$W*AMyJxmnnNGy_{~vF2!QSL`?v?OQ_M5e%YE^=( zoP9Q5){i=}Vtr#ClehUpkf{P3NiG5r{EbT-wOh$7`HJj6sa5ofZnj}Esw#r9gg|c@ z+ez`6#r9T`>0Ul0Y_670?*mt*$3__01rau+tg2@yI70tQL`w@q6BD*E(#Ohdx^svY zC(Zbm&wlD-JgzgmWE{7cNdXEYJ_EL}TUg469V9l~pnZyHiX$#-RIKQKBX)2aW^3O} zlE>ZYtvq>d66lnKI;HV3H|lXpx-?qSZH7#-8y3#KJo9^NTfWW85 z=MQD!>-G)_nKGh{OJfC=K(O{lz>wnNWp@4Q9*bqxL;;crG_8Cp59dFL%<`@x>d zMpPpl*fd8(?DKq0TB-b2;*6TepFahz;*39R(8hglu{UJCT*3txIvUq6!1%r{-7x;Zu4oqj3lB+~N*fiu=~Ra&y+Bbd%DyPA|5yi%_c`@W9-HADFR z7Qh=;j}3-$C6pbj{>et1$)AR0&okR_zNy-Uayw{Byck*&B<{$LJ16RlEaR}%?DQEF zOE);I#NmDCtz6#lwGH^mo?x(J|CwOkJ*)SVd4XJAqQVq4&&}^IszzO*i`Q8R<4(A1 z%cx+m+%y5Fh;w{TLR`2SJy+sCFF#t}M5O#d%7&gWa}CO)lB)(rLNh;+jov%X)^L1=(Cw0|Y)|OC zxg&ceH3!13is|3{ys$|qRVL<63LEE)AXM)yoQ#NPo@QUTCO%=8VDnjUY73ES^>%0P zk-tq$oW*kJ4SrDqQ1Q*d`+NS#KD@*FjW1HdBZH z7_J!S&A!rx{V_J$3@{W!ZjG)l=idGl#Ts8ry#(AS85M)1{H;m`nl#EDoA4iIcRbq8 z)=Xp4v*HYMSLMgkc7IVO`9)l$5J0WXJ=5Qcj$6E2QHANqFXtg}v8M<8Xn^dl%D~cz zn?aM*i!02k`q}Wiipjmp$j{yy|UjA#g#j`6$U4&v zWiRV%$uvLI7-N~lk-1rV#09eQy`5=7$3742aljP>h%+4=P3FmBG`UtH6*xkeQ7P#m z5{-2lh(iXbNWL`rS?m9FoJvCG^;RS_7PATFD|+?uhox|`zH4GR)M73)rBbVi+GfKC zrkxdY=^5O6kPv5Fe5I)eSDhlUwXij2`lHK%c@(+cPp4<+(gZQr`+o7!_yqO0$$0q7 zQZ37gcXy)jm zEnj8RlXJ6)EqT7#nU1EBh30}vFPHbk0W7cN@8GdPQwH(hkB|k4`ceW)1N>kHC&P$v ziL-hdcx+Z0wur!K39lqlg|rX_LDae-kH7X_Xi7h*K0$20dSa+Lp6lwGm6FOBYliW0 z&0ah_C>~7O_i|JnFRM#Y&{nTcYvnqg8}n`4T1HKGZES2SunuoA@`Z2zNl+BIRIzWB z_k7MVRX|n3OSw1w5|ppQ!+CBmE_@O@Nb(M+tW_tsh4f7$k%G;SWnuNy={Gd{oe8)C zRbPnja6V?sy%J1A#|F_i31u?fB7;N31@^aUKjxu?#IDL;!q4vhnmPZ;SRyH$1-U53 zeA1*_PLf>^+^AnRv$=aCd?5v0*2!j8Bnp>(uqCt1>D?s{Hl0DX>i=zoN(K5jA$HOb<<|6>^9 zczJJ;^Fhg9cjv#l?F9OtTw&{N6KNvL5GUUY#mNLllo5d0;nU-Usad&d9&ndpe>IK?(k<#ou*b`7k2Se{^CweGF6Qd?VOD8xv3Ugk zwS&SqC2Q+m%xx94+-_JJU2oem{#myy1MO+2*Q(cd@n0G{t7t0GL=vexN6Yb0Jp8Oo zOO99@t3IAy<9^8|^M~c}fZ%alRq0;Ng1^kc7T}U9$%|BzSyGW(*FLZ9znjJ+>9VcS z;AJ|+^Fc0};9kLk^4+Kn^y$sZo{;+zk%?370sMaSrUC0&(fpv4-EVJC*kE6{FyQZfFWAE*sJ=T-*JZg657mM zd^0SuZ$GRYLjV?P*1n2%--tmq{}JrDQV`w~=6`J9If*{EiPjh5+&aadYJIM@71~E@ zO@Eo(nyY`ifZMkH@Vf@uLNqBad#~%`ON>)X0HzQ?c@(j=Jj6+F{ZrM0c%Y6gTFYA) zeHKd^vt3R<()7NMNVB-lc2E{uG^$w0Q*YJ3a2l_hTfuUsnCDZfQ`vc(>ZSmcH{|ESdqqaN&)Cntqz`XRUA!n$sw1 zx)M-6&(!vXS4reHogsA6rSpekHS}n*a7oHMCQhfoD}|vShPqr*GeC}YULz38{MQtX zPyT5-s!86Tu#zLq?WnPgB9tOwq~+Oj<4QAub7V+ByLnIlgAo2pKV*BYj6bR!bmt!3 z->Xj*NAdep(v<_Sq-;~=LJebx&dMydQzanRM4E94M*+75RT!~49 zw?0wAphDk3hj#MJeDBh@UBnBniT?&bkachuNC?J2-T%5<@2~kzoggBS4#pk<<~r6~ z;U_88R1_%zvYEKwGofR3Cpxm^b&A)oC^OysLnq`c1xoSqa&*!(=TqaM6Xc^Liu`gS zqPpDgoy9-*@CaDPso48ATYsCrq&V9=@vS`pKc6vwRW*p-^9mCY9rxC+MLn}82>gj6 zD%)1xa5MIfy(mZ9Wak7ez<}t+8T=W<8l}^assPe3m9=EqWc__gc(ZnIX4-(~V@^O|; zOjglv&`1R9eAKE7?T&ajkCv+tv}C*r!!-7K;to^UTd?%(Tbg!59mE_w9M02pKC}w{ z<7Lq|s9$m;FFk*`Rc;%WIcDMt=s#;^YjFPI;$T2S1wNv8VhAoz)Ne%j9d5VDji83V zm-1F!Si3DWTrMRBH-69iL3Cfh1d=*jD?!JC?oD^K>1C6#?%q8vHb|^W$@2V85a z%=Xu#-=l9cxgWX0d=EtF!5!D}Yx$&x3E6MT z7|tR^@?^v+*^B@*#IH98UzQcAhA-&EqE#m-t4$RKa9qXlC_bh7-i`Ico8 ztHc)vl5r}AR??dOhLd3X*T?%WW=F0c6e12AZ}>+sL^uTXDNwR?mOk+UgLK*p=qc7W5i-IIuFh!tm%qfcOS zZr|Vh zi_tmwn#yk+C4m4?)5~8Q#10<|rZ6^~1b%O;aBXvJU7T6m3GT@)fWIPppPnh&aO@(9 z$w8s&f+#Jb&9H35UP!|KIFOqh8Z{4iGW42OsU4q*83oc+=zL$56yBUwlHQA5J`u2d z;8w0$lOY~?aupSb-@%2r?%IC-42=`+Bnlv*Acx=4wY}nKK6Iiq;!B28ao-Kb=QrE4 z$Ut$zq(z#XoN~#zzS3m~J;u2qM^iS~V|%#H`fW^Ijs+fYzo3cKE%~mrp^LR{W53mE zj|e5#a9>CXEnqRqwdceRk{t~>G<}oG5*@-B-zwBl2B7aHjW_m#Sn5dGJ+C58+wqEj zoI)9lpRD3IdCMOLpH!0iK^HE`R^VZWE(eX-H&Mc9c2RUkXrDU6(RX`ZIP)9l6*t#Z zMMhbwGg&1q@3Qwk#vpY&Nh5Sz+|2Uy^nGtSW$AmU}le02A`5Q6vU+_JS5~oW<3MC-w$#h-{?VS51=|lSml1t z#6+&=o@Xm%P*d;|sT z#^EnkqAjyd+e9B)W*2^!ZRfycYY(j+i&Wrp^=)th;&^Fa+gyUpQ|n3wF07(-KJ$Wf zASfTMXkHszQ#=@aNB4Me5wYGY0O|PHzBq49$>2^l>&MRjoG`s{VSAYIVj3qq_sbU% z@&ftBzqh@$zFArppgvBP`%890L?A$#v@cEoTS_GcdJR!WoG!``xK4dhg zDM@iW)QxytnKS_ID`EaEYktr~Y#ZtILA%&-n>IW2daN1l*?UWwH)MC$0=nM%0+1AM zco)8Ne`$7OZD}>8XlZq%7y)0Bu)N&cHk{s|j?{{MM{)}=FoI?nVpwZJh^Lu8jKVxy*3hkNT9f`vw*Zmb z19+?zZ$7f82eA&YeZz+{SIfC}lsQ8uY^q5dFl*f+$+Pp3$Nnq`Ezg@R<3Ui#Z{IiN z;ofdfE0prmo8Rdyb;9L=JoClxViK8Sdq$$n(&Xk2{30ky9u4)27KXufXcqvDr5xD@ ztdaYD){_{!{bq_F{ki`?X9nnkU;COsV(bi3ks?;xPbYOMt=_U7SM9#k5Px?A_!eG! z*Z0>z_sFi#ZtlY>>bv-cSe8bHt&Lx5IknKZbJi+bsbej*;M91&H+I4DZP|tZtV^APtIxMv(;H&f4*WXJNr_}>p_KE(@)wQIH({a`1S6j0x;U&84(;$8 ze{lWwdhT2o9Hkmg>rf{gUSQdd(oRJfm%Z|&c+P|Ju~BJP3B}x%Kpjr+jX1xev^-8- zVul^nzXY6}BS)+USjQVL4gC)4Tw_>6RPS3mY#Hus7r=Rbc$~((v;A@=YByot-F0$> zQ*UYJyJ(dhT?A3~SSz(O;&iKTx{LQTW=o*)q@kB1x^Y7r9+b z_y5d7RJy0!0PTmr1(?ZaIQOR$2&T1ERmh&`{Y(Vgrzm287`tEby#x$P1k`3F&*DxK=zEKE%Kvuecb44Ki=VvhR%>OqS{Pmp$RXTpaW}j+zs8 zF;cPx_Jh5Nqh3xVD!NsgJEXWR1ZR~VSsw1+L!sR=6`u8{QSXUS*JxEmvC_Y-Vth0Z zMmO|sgr)GaPue=%Q8l5V`uebW?%`FY8Cos=*Fm&~=2~!yrKCp?04PSBx*bMQYVhFz zebG72$>vxxvpy=HO+dq1*MP(3<7;K>#A2lPE6}Z}oCABEqD!0iNW)Q=oO zLnKX+`sud4>@{?MNZS)qR+h+`C;PcXYX`Pv<{Q3cQPi@wD>x#bF^-0_i&BtP-ZA>n zxQCdWG~{K^uc1d@=+}6iN2KFt+y*6!e!9jUp5KLmYeBlvG2>hfj$OKCr0bR>ME*hy!%;l z_h+>2vNV%$eELE|)bW0eCv4DZb3#EbPOH`gvEQT(FQ-eL*zFG@06I-V;kix$y)R{7 z_YcDSaVcwf&=7v7-heW|X2^&dm0;01S|vorK>WtExrCA!RfHX^8_i~-vdsh_u|Voq z4I)r3MGviFyy59fc0**gm8;Gl{0aaJCAZg6Y?RGzOJ7lH)Q}+Z<$DgoD z0+txokVkFjy8K)HPUsE*2>5axOBOx2y#28&toq^Na-3?lVcw}T7ynFk?gc-J;ycZ< z>k)VVX1qrh@+0 zfbk2htn9qe27Xs+$P_2(DmF_SwZ7UusF(Y&Ybcu@2la%ASD0|cQs|^k$gXCx ze2R)1_2J0q8G#AjWj?mQ1E}(qhFjL*a&!l>^xqEg=3o57{WAeE9drQUt#IKc`zW?YIYv3M=WjNR@qE2J8!l_W-cQjq(&;@htikI$VE0Z&;c;Uq&=3yu zKm~f~He7i5(OY-ln-j)|31IP**&v@z&DQE}_qMQBLy4zfFt6E#x4uxE2b~@tO8IVm zL0_1fTNR0G-wSJKQ{s}nnPT~xcM<_hM`v7ts4C(m|8!QG1*2iGE*+7-uS(tgiXC-P33Ds61LZI z{TW#z+Q@hyB>_Ea11{0Ceyn;XoAo^D(3`4vfEG<7IzR#+S?FLH`msouIiMEoJ6 zCwAQa6)B4p_onfuU*IT&OqsyTv5JxpXL98w522_ee%(4=xj8oXC7`W%rZrZ&C)qO+ zK}(mhJ@-VV9Kx)b8B7!i94@Cg z5Nuj)xLY7BVgjH~k-GO>YGi^deaf+iPF$2=>8w~fo-!y2k?hP0d+D| ziJj>Tpc4sbh0O8lw?uYR;4L3&&cK}Dg9Nz{;>4AdR2dGW@QKKzj(xupW=eCrt=aQCY+P&o=cbJ@La3qv@xMF377cmO&hv?>pfh}Z=o5*z3%)lQ|I#8R4i128O&Krqhyvim0bVD^EFwuif-5zs zgit=Vd%Ln^b*`JbU8Lmxhf_S+d#e9EZ9E7A#|FS9nrExfBdQ*(+FcztxJs@$mp86l zn`Hj)11~Qx9*OT`+bi-!i6AKtc0^s@;_!CAPf%YGR8Nx}Hko3P)MnmF8=!Lr5-(LP zFAad}0T^bI9cPCcZ-L6zygMmFzx$OABqdSbW8^!FGIA(sd!tN(D z)?p`qo36dN3#lnS=Xr@*#%Q14uy*SWZGW26*k414Ttfg?mS3}pgEp~Z0RiBwQqJ+p zX6a4BtKU0bas7Ans1HzSQdIA!iiTGIttRT)ue6yhzxlfpy3ovR^o7TE47t*V0d%wm zv&jeKat1g8hUk;I<~L=+?xBL(Oc9?4JO1v-dTIqf%pLM7rD6k0*aoQE5|H$Q|DV6s zi}9UItDI_u)7uUB;gYuXlKudBqjwnc_U~yw`Jh0*-Urq|g{41@#EOE%`bmE4c>|bc zgo6e^8^gN1uByH__A$m*P)uH0l{c!)!x#y8gFrpvVHozG)<$e}k9l4WD&Fq`K3R+mIzN1-$uM9H4*+ zHsQ6$wX^B$=vE$;K3B@U6Mdo>-{$R5{!na6S$CBOrhA$i`M5w%k+&+&Xj%fi_)1d> zCE(shcs0XBa-yP9si=O;>e}e+?Rg4zTAo>`1^i}TS!$0If!!z4T}#O2{#Ij)etFx| z;IQ{~Ui99@A6M5CAs3^dV%+}DmPVJU@(IR&ZPEnn|C-l)b@X@Ir9)azM}zvh0~^bW z9B^U%L7yR!<0I~CZ>HSmsr#F`zttA#070KUyhe6Lax!#dtN+N~`B1!4EJX35BdgcV z=9>3v_Bp$DZnY@`COS#9Z1=t6bp|9Wp9TNoZ7Um^nM;O7)V1)d?+sh+MA!}7CV<%~ zwXs#%O|n(M^+CYgx4y*|h+-8N5wf-8Y z*~Bz4s#Slxgwl;Y8>q?Nj)lwk2%M}z}Ej@ zq6ARznTeUQ zxQs%{UZ}=(+vAG&SExo)Po(+1jP;YHIYSH03sEp_QP@l>uQ!jFx3=1I|AaX<9)wZO zXe*HOYzIkd@h?rNdrlDx@xm9n3-jK|N-M<1zQx7B{QE|#!4zIb`kGxsGaTU;9A5%`sRzX@ zTHHQgHFd-!w>LR;Lb?UqQi{LOY-RFTH9XN`4*7~c{j%GNcc>8GM>Gsw)1I|PVGKf1eSU0sy1!5NH$iE>t)0PmI~R|VEjNt& zFk1{N-wnwJxxOa9KaWSHZ2B%^L`Wlgay@2s*WLIPkS&CwdFXwMD~*6|G!h5zI3aGU zPxwjoZfq8I2wl=wwq2mUA)y9P-fWK7`#-i|UNSJ8TS(KdFU>|f-QkukPNasHy0J5w z%4dJ^jkA-Q{d?>ywy)`DzC>#?T43jp($b(kk4C)eUIIAtEf-6T8{^eINj94HZ z6>O*2f=_S=qy;;5g_5rAxFO$QyVOzw?&Ae&BOg2Y>cE0ks{()opX^U0#E=C>DAQ`J9y;5_12?x;?) z2PEACd0E6HL&_p%ex1>%QmN2XCT8GzVJIYmtm(zfcA|b_fv_BZ)=ff-jl?NO3JNui z^6wyLEs k`MKuX?7j0OfDC%iX^2`f1J*D*oUEESj^MSrt|row*I#(M=m!=4x`Cy z=hcngcr9Wyih>9K>T64FJt`#(3&yf}Vnh47`MDQHSIhNv6OLMyigth-QGlXlq-|FI z7WtPQzGT%s>vt|2BsLG^o1@|2ag+})gMm=$tbGbTSI$lH`aq+p)30tvY3?XEqK_iR zyl2uuP=$@vU;SHAzFE~_vsaNR8Al#UpM$Z=hs_{{BBj6{7KmQphPbo^Vly!ScNCzE z9z}DiAycI%eN{w1UbwaB@A_$WIgAmiWodgr>eLq&rH3THc7;sAR48hfT!*sh-gy=g zDZkd%tkL)<K!V$4&dHD zm;l)>&Rn4btC^xZGXa{d4u34ClBN1D3nIm_sep(HHZo`9QD|{Bd8=^a3X!QKGF7N$ z#w0HI=dGe4IJE|84zzTaviKqPZ*?Gf7_u+FI_G;RSuz2e+t0P+37H25A}N9GNOdCj zZ#{vkc;_JgEM2v_w%qw@ktt>E8HVZ-TwoHXJCj7woJF4EP#0x3qFyW{Fa8{uRaTirZAEl--Wcl zVg479FZS`gga6Ghj;M>jjpdw!6CYU~rN3Whx%9o`FoVkFnZZfipP?QvV)W~{eq_rZ zA6%seYRFpmcf(*B^||+Rf!m*>!hoa=5co1NQoNE1Fhy`H?mG70ymKu?>4MJWCC`XK z=L6IFEk^39ejVU`rncJ|{x+Xm3%Lo4H*N_C36eLmPf^#-OTW$MR^ej+d9c^Ky?{{F zi*_OuC4R!R#8A~bnz&mhtGVtI<56n5^Eh+xeb-g=)||K4^RyUn=cpDH0kd7Q8(zi! z10*W-O3-FXRF`m;_rr|#wEd2q{Ms3}N+9gheT6G+eWYSw}j`j_oOH2Cfmm=k5>X~ zK)MM5pvoHo7|Z)MGL7)jQu%_Z)Lg_&bEioMEgySJT)+y(F4m1tD1>Jt3WAz1@<~s* zzw|6^R3e|wwf#^jHa!E*{rb>T+m)7*Ra5v}xiQQpMMXLl>ZD}1 zG64Ft^)<9oi6K9_+TEo;v#A@^G6U6;RQLWG!~VJBd+03>=I!hA>^+QAmaC;QBR`Mh0A-h3<( zf+~+H4_q(!KkTEqi&ic-_V%DrZ6M&_$19&F_M2b$l&*1DS;eudD|z)!_mkegBQJ5a zNp|15ctjTrF<=}3ta?V&Ap8T7Rv_S|p#&zo4Kl<^eR;K7%rXKAuu);`#`iN~y!+o0 zo^o%$s^sVE_?P_bS!ix_<#}B$sb4qm`pflWJq6(>@i@|Pso%_Nt*&u*f~u%N4HKCz zeZ@zA`t0XZD!-8$g0?W`y`x34ZRg5Nipr-UetvyAeLL-rqVGyCT8dOM5g*>IKQLRUs4Z zEWuWfk**`|#lnk6U_;P&%eNNr-}?DVmXtF0YH5|$muf0myuj#e88Z>aM^a$*>?>u`Z*HUCYjscn5BS9$JBYHCm}dsXcfhVUlJ@78;p-^AJMW0@x@LWj^TlTz0DU~fj{p&Np4ZsZJ;BdJ3D zziGnBrjx0CXnN?S=DE^0lLRRRuCUui`o4U5>9Nom0g_4Bg$i zetCAhe^(^F@?j3n^>dqtm!=6VE>NX& z&X)&s%X*=Jhtl@q2XnhjfR@16D#nrWa~3ue>uXqK1|ox0K3ng{6Ae_5*l-DwkPF+6 z;KwPxy_bb%oHHhy8}LFBoG#wZ+Z-W1Ofl)FmZ1U^JcmwP2bpv6w{H>Eu+gOs^RAbTL*GT~{a#D(3S>=MP#nxiNQ}1Ljr{Ex z9^>epIkN>>jrrB7FPNvFmV5+%`_5!c`00XF*T&zky<5)u z=L@#FuX9+7iaMEqT@f%tX)>Ll5;hicKaq@Rhr*?Mo47RX)GbZOR$JzoF4b~l>ADeOHM8QLXItJf#dGTm zXjfN{itIU+SR%o-bHj=X6BiEcGDe_FjKwN*v@|YXVZnQ`7m1gXnRl3Ha)|xpF6f6b z$)W9GQ722@7w18h22DN!vv?H$3Nes=5fc*^*1={kH(2AAX=_BJFz@3c`#kQi0I2}a zppkC(yPC&F@Lx6};Y|Ys4NfkM^fPB>GzHX|FQ{}F_rk3D;S2TAiM~v*aJa<6KT`=) zwzbPMbXr)Clzf`5onyt}2E<_&8Db-lK&|X8Z(A?=NcVf^47*9E)c)$_p?P0Rsw$@i zkLuSiJ4&@E%n+zpD9kMI=bLDY)_D1<8U!L#Lg4*1^E#=-YW(F6I zXN0k}Z{u8T=S4530eHxS9;7W|)%Vt*=1)FCv9DOuW}M>02W`VJ5^`UDHnE4N+eway z!IK}Npb3!sO32~t--uDOt-fg4YC})NWQUpG*j^_0-@iXP^@sh0PhJSd?DEuWO>u{{ zdaSeK3`Dqoz_mIq`#o>Du7_Zi57%Zru}6=gCn&KtVm&=^EZ{ORLTDtd%M_f>V|rmW z<2Ug3yVvdM{@uZ}^5x+nse`l;t3h~{?7zPM5=) z+ztW>*bF20PU?+(Iy3T&*!6xGdK}Q#Y#)`MLz49!VFLxQ))@7(B_N>D4~6cXBpe4} zjGMkq)rKH^KSJqvD3mrj`#pQ>%yl|UoHMj8o)gk!&I9MdV%?EYNl1v^WXU_`FI{G6 zS$l-};%i|Ck#Q0ewJ_F4=fH9HM!nY$)g*|)`Hhbw_vR`LPBbQaEL^gh<+J`Z&rNeD=~sw}&BRZI8}>TB!)_0tp??_V(t@pDHAc#3~7&kLg+ky-t7!hJKyZ}kP8!}MKZJZpZf z>}bJqYb}XQ$;0FkdO5!T2$UgnWbKAba}vaj_~hID57J5Zt_d>w0(yCETZ-HlARu z&!&b)&J8-8iylXxFx1r0$i6l7BVU6*S+Tav3>nogZ$E>ZMG*cbO##GJdRonh+-C2N zrg2&lK>xyKSKG+JNN2cA%0P)ZKCFp4QXxh40#gkox__9AZkUFIe2GVD3tbPAWAkvk zJzd#aWGjGu>drJ=q?%>)?4 zqGW${TS-{6_^@1s_Q)QUM>9o8&52;u((COy+xe`QiEI~P&p?8fm^RD5u}K{J$)UzI zR;$9=xLgf(9ejJ5)5zIaY%t&YUeF}c-JdmaIsJps#20O4=2%+1I!e#IW98^xQv1E# zjauE_&)#EDUSC*YcgP;nTC8Tg11_3frK-cjmBwLy_mG4-ZBe2z2mkYSV9-GzT*&DB_IV^!>$zvwxOyQy=fNsvWLVu-SrePCPtaAaDeux zz}|YZ=rQwfqwpC_?r0%Qi+J}s;N2RxiM^+^ZAq<9=){qn>) zL%;v26Y#T3otYQYR=8CzpqP+mYT#ukbgW^OUYR1a5+VSdBYJ(^ zl)jo~Z#O=HOEI^`K%P)HGdItedy{^&5la4pf`}8&b!c36&H(fQ?k`GXhf~|_ zKW$UwE9~wcImncr!Sd`gMZ;jkWyt3?TIpiopIJ)|f~pFJ z!__Yi6p<(93D-%Le!zVEVl0@so<0J*9^Tw3b!w1%ph$2fLD^9N`@D8GAywIDcR#I~ zcZnX)RugfB>!Z9O4!iyaE_@aAblp(*tA;Z7`^LIt$6Pm-=+71Gf$RNv)!f`v?ycR~ zcQP{b!f3mOUq2$H#-jx)oPy3I&>0xTuJLB?1KR&48vY>LXKOr@oM}}gyjuRFvmZU0 zK6$Xxl;iyaqr32H{d>d-WN|DW(2A?UIK)+}c{7^ek;IR@kRtYe9I@*|npYLDO_NBKG+`9l#)#7pf5F9Y`W;8AbELO;t6ETRV>j*4mdx04#a?W_#J6!@jBH=^HD+sXG8uR?pVf-T8cn@X*U(SR}=f>>RO#FXTp!@Be8N?ZRk!2>vXW!-biMI zeftsH(r!j1)h+VABICsT(mE+7;#=zxIFbW|wZTA9xQ=*4Q2XQkdqGH?;u-Z`TQj5& zgotZfx~xy;pWr?v-(Wp1`XcPLeGW`<{sWCybu`A+=Rm5*po{{Us0!`i`Cu($89#Tm zAhD97vU%Nv5Kho;_2n#-w}nRm@4#o^yxuB+HdMkJ(-6G^7)rOBVe$kg3UtnVC6j zxy92ZQk_XzJA#1Knb&UqQ<8$KZ~F_4j2aTJ_0)D?TwI*UC+(%WZ=}b-(7zA!WnCMN z{jU>b6%`fhb=Kgi*tofIN5tE$(r)VXgx~_i*$w8zq)}?;cvvlFGqR{fV`HooO*FS}bZf4oyi7W_}&6x3t?i98*P{vI zRxgu1*Lh*sjyN>&{iF+LB{X>KHhb-=Y%DnILZwVP7VjqV0~nHrH$L#>SXfs1xIVad z9{;X7U9w%339dTz4<`PSVm=2@WkY*-p*2+j7VK$YsduTMFZi zH!DpW@MvUlFidbELvifw(nku4mAs@ii;fa!IAp&2XuBN3@EUUKmwdNCl_?f9&I}^} z<7F&)I^QY;_ieSuX-mnqLjsN`#LsRqxE&QvOP=~{G=x{jfMZ_)W&hIoZAc{98k?Rj z5xgU3+h-iJ$;**ECmuHG#lV-Wb2jw}5*R6cdwqycJ|huk_8)bQ(8yI+y#;9d!_)I_ zc&;&yri_}(jH^hUv3hdZ5#JBV9Ktxih$neXO+MOSFWWSNrG~hMNWnClG$iyFFME6Y zZb$yd%3P*QY)L(uSUDr`_^lH#d~CAi2I?rmrm6WLYntBywrVQ0hF>u(FJZR(4w04E z#7`@1U8*u4{urKnY*=rCnB!%WRA#)Q%d(^k_&%n2nS|?C#0qlv$tDcT96?~_@~LqRGbI62uWl2 zi7~ZP7U>0HgzHy?!B*%s+mlBHx8%Az;Q9wUH@iXlvaywHwW35|iVai*5QS>=*aa2N z(}vmmJFrGZjC?OKR(+_ah*tO9BuID%mfj>MkFw!UBx7b*mUqFR#}j6#uHGB1~#o-!Yzj;jcJYv zgfmngWtcCXz-3wfAg^O(^->n1<(?#Q+oo-7_4EeUVkM<`7Wz$X?Tm7SnT|}DW+Ax7TnOp>M-g9kNY~>BqH@yXPH5BnZSN_klHORO+9^wqNHJ3}?F_{>PDSV2a2))mzbX)Tq9Tob$ zhGy^Xtnr{6nc922kAJ2aOFuK5J$s<d9H=B%A6VIxEtk#jy37WBI5ajcsDRwtDyO zJ}~eKfe(>F1rlP{dpX^#9bf-R$930HUU(i@lz2he7!V~+l7(+YE1@E5RMF&8C@ZCIGiQgg@E z)5AU1`xBpWl-ZEBRa7o;+#Dvw73uG`cf%;~_*-PLgBF2pVgbgSI$2i6&+rasajfB< zgN3;@@f^)scPifyocQO$DFl^XIcChI8KST+Q8MmUw@LVVljjGn6EDp;&45|LL_79N ztzSmJn3p8J*CG@UM0Ohtcf+U4Wk06-y)4l*|1pDkta+0|uoG@cq*9v6r`t?z%*1UI zn}gA6OTuK@(i~oPG*mHOz|&xbc*#nQe{LMUhI5Re_jWff0ADpu3~drOJAGO-iRctQ z*0#bENT{Bq9?1VN*}+=;O%Ova0;li`vMdn>vwfey0Gd#3uaVH9D3t-O-RI-wT?943 zTvs~XZEd%j;)-BDy}LSrDaN&c-TK5|5CZ8 z3ZkoBtwiF#{b8Xe3P~oRiz0#K7h}s6m+$-AK@JNT4GfOta1d&@5Y1^67x5uNsm>GV z?=_5!jC2%V*3}QR-WyPC5-aLH*==8WKI;uiV+t)#E8N}x?644@ARhMjSjlXbrJQH* zt(pGwt3ZI?n=I4J`H^^OPW>VBVtz-S2W|A)!Oc-rsUxKeyMqa9I&v7{MxwsUm>rcaM%M3Zzcd zi-wouu3qHg{OEu!cdI9(W0vWq8GG%`FaA6PF=*iHnp>DcqSTA#9 zHo68JJmCqrB*|4}xj$l)c0Dt&1DJ&0;OZ#ZG3L#h z?r+cEgiDB!I7-ZZ$=h5I(;Xg{0q#xZKqJ-!wH!{`RGc}e-A*$|ElgGyft!(5psk}5 zP)HNneej8BPvYGtw*%OY=lbt&`{uXG>x}~DL<>}-Ob`>AW9oz_`@A9mW9s%RjHG)1 z>^itS4+1}z2ke~QDrt0h_%jCQ2r#?aHbuqShC=A)talJR97?z{|K-iVL3<5G_9i*9 z3}HxU0k{Ag28sdzZ7Nz?WA3u~uBAo5eNy4QzVOAeeSe1haS63q?Y-G*%OD;Tr-QE9oy!$wFf$*QN9J92zhtF2By4?2H;a5W1;%lZ$N(>BIBy zs9xk?YHJ2T59G7+x-lR(J3D6WlwU##TCJRlBGG+RYjRHaMowQ0&bZ|AFNMd4hITj3 zt}`CTi4cxt^;(h?nPq2IRwlDVFmp^9>mE!)xD~EP5UXAdfJ3;B4Gn=wFnUSVVVdDG zKa4z~pa#IGC^T9tE5j<9a!yz$pys6iB)GMbhQ`KfZifYX^q*XC;vM!bY3JBz7NiBE zk1ogcDX@x=YnY;w_SAk7=io-fdnSsJ`hto8SY<^(syI0|1d-8R6OMk1i7TsXa4{Db z7dMrVknl}ZR8$N=;m}cze{UU=%w4m5)@^NHjNzz(dw$SpBd>q|9lo`n&Eops`8$Gw?i8}OP*C9uK2rdm5@Q?p1=eR})v8$q1{GFtPKGQIovUhjSMGLh|%n~Qy4^Dcj}tR&6M)g$a`YQ_fO zL~lh^m2-AwC5XGX{J{F#$d7~O%F4Az*s>ny-d$x5g2qg7$kg!!rHirTqoJsZg%?`5 zK#m2_j7mCk(^|+kyuZ4!kz$)N!jgFH2pdjA09DpS{Y3-w>-Hu>00g|LG3l#XzzbTI^38uf+xd5uC+Q8HY$x8#h-RB{n;kgoBsUyqr40{UO_&> z_UNj?2MOc0Dj!kpihtF4TT(Nx962D0752{`(7(3Y&At=iF~L^&Z}}&!Vf4qgyUH1i z*V9ex7&q|!n?EzSC~B^MH>vbw^0U7w&wC}@214IPvbzfSJ!LvJ4qKzy7}mjNs8F9( zWhzJnE)s0u50g~Yow*v&H(&t0@_x%OIyfl#gq{e4X^sQ~&R{)J%s1)%uabL!>8jBi zB}AJ(vlsIk!7%C0^|u_|E*_m z@gjnxvnSZl&@fHR2@Mh>XeCmB=gc-bOveLPT(j^~p5q5n!~^*Nw=rD_rCU+6&p@FF zKCsbSD;*geys8D?K%?ag?RLhl{@s73RP_6h)xF#=e}5}wwIS8*WXbY3+5qmB3*On=viVBoEc+pnGtzHa2d}%f-aU0lu>L%HV#p;WJ zK&7ckY$g+>bAvB?sE5tI0s}~fT z7b@%`jP}O*29X|20DKpuAs8zefRW%dPJ1(;PM!dOwG{A_PxgaY=@QDewzl`G_V$0b z0zdJ12S9@0*eIXJKG+_7i31 zu*XH3{7mimN@9;yr8*1g-im$+m_EhuOXg>n4eF0FbsjCui{N(bW3&7Zh&!Si9rQFq zJ+&Nw)lF-1nuSEhewY?~Zt$}>5yzy;VR&?O^rtsN>+ZrM%M)(1S=S2Fmc!1E(!RDv zu_-LiaY{n)Bjqt;ga--?J{v|G>g&S_^ZJ z6IA}%Jc#*+Z!qZv&ef6T49rEOEi)|*Lw7`*Hx7dAd0F4kuv&*SN1Q6@rr$ggcMe@6 zB_Ck4zW7vGd6S?BWx&Baob_gaz(Yl#jTxXjEwncSYZ!uVyG)1sJg_?Jy~9ok*97*F zx`2OX8Z6hnvPr+>dCqb}z8q+zlV2H^x3d^FXFY1zzrFaYBBhS`zquAYkQ zLAK&ReShW?;Rgh6%WEH>ze)doDFc;?U<9{y#KdNL-S&RFtSALu7u%25MvtIBs*_d2 zWnJ5RM>*paWX-MBRIRZB`yIG#CVWj-c_+-mv4?idTINyL44~EDHXK<;LdFMV`cFO4 zPCIT9Lu;EK!Z1OBflba*$PEO2Rxm>XTb3`EW;S2(!qbH3^(L}0OF?h0GfyGxh_zFEiG)|1%^OhZt@FowE6EmD=Dy z{sc#yU%&p(ehI`erVOM1cqEBS)x{!p9nOexEPU0xIC&A?Yw@Jb$!!(5L($;h8?M0V~sA)ziJsw?74XS6?h{2NCRWrHTpHuiX5Y;ri07{i5}F02odaQK6Rx z4b%}0l>U<2&gO1QNO#q@@`va!7p=*K!ftASGi3pD?bRJuivms5*5K)(b`#heMQ=ls zb7iZ!jPAdR@iXz*%JwKQr2Jm``vzZYZ-Qr4ofF4jh?#PZKd3e%Cue|G4U{j(my_<0 z*_mp83z7tA8ycJ9r;Mg-@#HS#Dy+1k9R^`*v)Efc5O(k#BHv=0h~b4tq)~m9!n?Xk zH#Obcrod~7lbnK5-}c<#=h_r= zZQ1^49(=V9yo?u>=s$l>AYDqrdqB7JMsfEESa!#@q}3+c9sZ(Ch;|x}bS7ReUtX_V zBNe4>xusu3kZX$v3&cDwWeqr0dqE9)hO^UZcMM0MXAW5#%XZO=QC5lGkLg~1hJgdW zg@EqXkV1Va5a)cts2E;sdSFa8R>5&|Z%gqTX`kLzc@gT7Yo^RGC07cwX$<9^{%~=t zrffDBzum|48^cy~UyaTMPIl7@1haJ$o`rjkmg$EFzH?Op^<&+uKN4Daln7hkmI(of zhq1)6f?G+l*bNZBPW!?J?s>0zUy(2E7M}WJ@hNb3g9pJeLMkFxLl27)^Ga^i&0pJ~ zIOPxX#6pDi-dxV^2I%-7@y|ZY?ubDNgSP1)c2x3GxO*smW5{WoDrjrqszNwvO6bLe zDucEhm+wvjhQk!@RZOScy0Wst^Y<#0r+q>84sI6*9-{~bVO(~0jE8qTk^;)vbY{eU{l6R6CFMY3Dj_k1+tL{mkPDu<~ z*=o|o{E0syVURG^dIhmgB7QVMNO-VHiQ~I|&L>}H@>)Q)BZ{Q97HZjebDr`??Hp|0 z`Le0Snwi817jqa$+XeOY^=4YB$G87pLcqe-`8bjCypFXqf8UP(3x04`)D-}q+Jb_0 zEq+=J%E)g+S33AfK0hVFktyB3`50G}OG*HJM(r2(-cXq}Dh}} zfvBdz9yPl2hEN|OtXK~JfMems}8 z%S7#y*FGnYqhdSWE)JoD1YRBUlCAX?Iu(krxR429_(DLmfe_~z%g@D&|ndYXJ zHc<2Q0$_V+WQ3r~v_p*z+VB*jC4=b~Y^jBR38Ss7KtbD##(?3kNK z=qls>;Xg>&8T`+`z?-xkK*AN=YU`Fl?}+X35Gw5eHx&N$*Kq(qPB=w8cIV!>ynO~> z9~rY*LEK1ruMFx#J@!jaSfY8nSCVIH!8m=_Foy3FAUTZnVRt3DUkYE{aVIjdP-~XA z3IFU(A6Lg!0e(gtI)e4xR}pW{&QxcBsUCuUj#L7gRJ@?ER0zNbP1}$}w@5w0!8F-x zCt6_FFW36WhORNguRyoHgi#-a3;mVNuMKY3i=ZuV?W)GQe5$? z-vQ|(cupV^eibOIf_vHVI*MB4LP<2EN=)Os#PhWXIVhpSMernyaB8yDi*^k*Fc@-I zqhiB;BxLy3s3fC6LL%^)u^2AF{b=+;*qZWzn*1rz*&^uUS!TyD|8 zAaaC35a0?b0C@_gX2JSTz`dV8=H-15#|x@)SfH(}l#L?!3V$&Tn?3RImoqmv|9Euym6qS&Kcw5&I7F3fA%R}BJq{gWQT29&9b#zAP$D#n}W(P zFQlJYsUZG;`=o-4qqbJKIL@CZ9rB@YQytT-Re7(B>6kXhQicuNJlfj~>67?H-+=NC z<dGmwIN@rU>SWP4mj`=p73+n}Q*UEF9XB#;G z(RfmEMb3Qu{9=lxP0sVDF;4^j(pzQmWMAM7_6mEnxhysl`W!550%i`7q2P%mpd4nZ z_rKT+!CLsvXEnIRw7y6#{uAKaOeqz!`=@?L4=q-I%!B76{MSoHihAi~P?@dyl3>q& zSUd*>zhd|h`HMS0R!e~m|67g8`boL`O=1Fdx?sNan&;&x8v`Qdl{tt${u8aok^H&9 zggLEKYlEIE9vJ|gpSA-bHg{~@wrOiLM`CPbq!Xat%Gzr(XDjr!4LUuIh zeBjqJ@P_NB`SjH66Gs3|CKb;lsjaN4gT)q$iv63Aq7>vJTgu=7;Em6Yk@!3v=qh83 zgHQDt|Mf4|&#svj?)lbR1i$?{Rs=Bf75P0h36?*OJ(-q`&EPe$DD8VFW2T#a>17u3 zm;!HklatlJfSN60?}Rl72#kqwMRx$BDIFQwNX2imVQp=FSG4c1%1yENYeKLnJFL-P zaJQZ4l#W6yN~~Zs<^K?|-?_<17Jz33pVTS9i3aSftvj(qlyRPR0K#7B;o;$yX&2Eu zYB^Epk#bzoIX*O8^w+9x!>%{*AD_{!@%K9LvNgM_@E^bq^*mznqLtsFiJ0(E)GcEQ zJnj{IxIOC0d>nUL2`-5Xl3fMHdK{GlPli8~2=T{FDjlysQf@loe=<;8#623`yT)|f zp_hX*Ck6}HW{vOw{0SA}`VuI={AL<&p9|5*^kxlQDzT<$TXs*^BV28OZh+}8b7qp( zN8RAh&2y?NZ_mh*ll52%)F!>VK=QZMq!ue6CP4{y(_%YQX3Bu`BUH|~F;2Nd#R)mB zt+A3CT+Px|ow>t9@s~T7Ih1oIkoozcx6-0KFJU~_s*IM2TBn;HZOT%;H%Y!M#`!NV zw~9eXqx|Gj*Y(!U7t4%K@0Rmjaok$Y>O&Wx$#7Zg@FJ8LR#!eRd z>Qya!qu~E)0SpbHCUk)nl{YNu06!sMr4)H(oB^p{;hiK9H&rr5(6dLYx#b7x)h*SCxalPu$vZ47O$d7i!5xA$m>@s4-W35&vBks zIV@zdp1m?K5Nh#>Z6>zX!qDflAbYxxE~~7p3U(gr<1;|2o@nPn-|`UCY!!U?&>_0KJ}g)-snCXZr=jR&3H|8KoKML{S! z8yRUp6{3=hHQH|$SsYUBEkA+%7$;W-TJ*c5U)$PtSmXud1tdTdVi620eRpN14S^40 z$5AnV;Y#P(DAjT*v}g4AG#t!r*goy#ZWWYhtYbfsnFJy-FnH~mTgv@o7dnV>pydi! zORVTh1YqMxK&)c}SoMd3UJMug|HErPLy-8(Ps1ka*5Zp+nBiOD_WD~`07SY1AX0uY zr@Tf}_66qhIHNyd2X}C0x73<_P~HQ; zwG9A`5f?*>O$HDW_}EXMY)MdJI-fLfpy9r$&66f(dGtWQgM*@u17I(%JAt*(hCf#t z%^w2X=<=nZ;XQ#}ICouM*?#-8%0w(n9NT%xR&P4q=hN2#6eJH+1khwdgA1Px>}AnM%G>>t*X?U-ge|$PG`YCYH^=nWCf%>-U!Gg0eVeQ=vm{uBI3SvUPGyqDQN1T+ZZ25XXm2tgkV z(zSm+QE{RqitZ_2&~h3U(4pA0V^j0ZD07gY@y?_Di3#3`7}mvCMhFnxpl0S<-Pftr z)zrQMtbg)6zb?o>8`!*}Jtt%a_9jrJJ-G>#1^F}CBYg^oHxi}?XpUNe26+Yao%R9%?DLv2(0IXxhP$c6SoFV&wMU{yk1jE!Wv;BJw%mS=@Bo-9 zjs((9b(aT}M&BesAjEZ`*=!FciV82XEVdCB#0YCtP2;Q%P46&nuywm)Nm((4X-ZEW zT@r(YR8f5C*l}5a3tbeL)qMIi2nD&?hf9-FgAEK;eNtQOmB_{m1g{SM7}VTXR`KV?!Xzpc*hK^kv?hUMW6Yj<7qAMQ)R` zk0f}dy?WNU!RmjVK^Y)~Gx$-x@at=E&{}#jIsLbOTB7J}fOKOP?xsUMat>3_ z14z$U&hVIk7wK`oi7<@h(mAqDIRV{DC=Q7JxC)^}5IC8~e)o=qCX}RzjkyOP2cJ-m zpg<6iz7oS(05rTeIZ=~3jNvU-K1|44zFF>gQ*_~-Y^V&7uEU_oB3)*rE|;bV_?k8I zUF6@;T86BH!LmOvJ8r!9hCpXX+;hSfB6XyvTiJ6P+BnZl3Dsk|iU)skR=mAB*}J^` zS6y6>btw4`8c5a~LAdqTAZiJuQUk=5n40}Wl(Pe-ZfC~FkN>!@@&I;mfwYD`!Jj!+ z+vx9TaT7L<6As7R27 zE;C+tP{H!I1*PZGH^8NJk8k+(ynE;RG5Am|9^aw}ZJ;C=2RyPMoJL$C&ZmfcVG2A# zhsh$v;)DbOA-Qjt;B!GYoIS^@<}f9SoK~QFy2l%L8Yj$DaGh1e0Th$P`!`ZbYb4;C zSAOw-7s+?Rcg!UFrn1Fy?^LrWuryG1!p6rt<}{bPX{SsNd)FV62vLw%z%qkyGH32% zwXlt~{@Zk22tggTrQ=?!x=yX=!fQ2Raj|%u)`o2sJEtqjXp5-fgfF^#6G~UUNV!!H zv)O@gCFtEs5g4+)4cu&}$VxhB2(FQc4qrurwTMLS$}#|Q+=O1}%U9bgh5x^s(E)y? zudm<8YO7{ofC#SvL@OYX6)5?u^d+j1zRc&w-L-?Dv9Xz_vVJJ6J4NVMS-r~GK3W8q+!x^2g82j9_z(#pkwzo z;P0PZ-23PPT>@zMnw?#Tz5%~SYPhf~N|4kEpJfldefA$SowMO>7LB3;1*M5;Vq7oQ z0Lj3V!b=Nk@lA)DVwjib9To(^=52=k+W~Y}P#P6V54t6xf!xP`Wd02l3(tU;c1z*o zLBIT5`D9d*z_LO1vqNxCNMRATAF_;r5eF05+B76o`0{ZaWOwc65m+c$5g2Vw*C-?k z#K|ZdTiY6O_~{)tzdDK=yUatoK`d@ z$~cV|n$RVp$zTOre8*j#UjZeG*w$srs2Cb>T2~w~p+>oQubD{=UEt zIsE>~_^Nx_HtzGB$q0T1FP&zQud0rDWqmwywysT-jSb_jTwGCZB?gc!CYS@mn~BVI z47{CZByg{G8Ix=iL6#V6M4-75;477xCqOVaptWcQau`Lm3~itN15BKAfk5T-gCi3C zAFi^n^88%*FJN$@00G^2AP@@GERGtVxdzb`KN19CgJMCS?)2-vn*xllCl#gfTewl4%9@GjKZ(JOX!RTvF2g{Q5vD%(>Z17oZZn%IN4Avi=cAO zJyP?3m6hfsSOnuhP0WCwk{7k*9Y-nz)*Uhiy1q)DX6gPV@mNd$qcZ|p#TxS<|16I= zV0c0U(1SmA4d-5R(bbV!+QG*BwG=eS5*^qQbnC+mg9MpiIWRjaR-AEk z-{ueqHS6N&Sv=Ve4Ar1iY?B5u7cG4^zR>;(E=(2>oJqAZD~OH11Qm#XGB(#Wpd`ZKeO@?$ z(SL`{x{cq^(6HS$Bn`Bx`Q(4|Rqcj5)5H}~WMpLY>n{_<6Womv4XRjgua$dv`lxY! z-M|=|Yv zh=Orc3F=2w$<|O=LL^hiDv!m8u_oZKXYF9RP$n6 z890~i0^;+- zF)cpE@4>IhpEaPfWsMjN@*uu{JEb!uxLQUn{UO}HYCQGE_;RRgnRbr&rx$~}z2f~= z&py?+hll%BrRf00JufG&nUoNZ<*;?>OTLu@C)y+FrCMs^)sNo9!EBd>1pjT!v+)(}{nY5dDA~b7z`0L6To`E}*;c#9lQ%Z3q&+PVD?V ze@H8?ncUzYAg-)R`zf08gTt^Fo65S}f(>Ed@8%)0cW@$`#;v%`04M+CCgNt-Nh#{f zDc5i;i|PryUmfhLQ!ba?b~oK?u2+fP`HhixM60y_62Bdlto*0+?r}oR0 z>O6nPA)Bi5&ueS;nE(bvqdE1_(Lu1>Mm<1`pkoK6vc+kTe8-lYaKk8I*ufkA2lgb=pb8- z-4AdMO_pOGVXzaW*%)Qm57Zcp$Rh?d|6v}HDI5Fe(a1{kMs0h_rpAtsWOTBB9`sBv zhs&0%?AF0rFw8V7S85d5-PKfE+GI|a1*T;&%4UYYX$ZJHd}5fWVe;sg4(*9q@o4C7 zu!Q|CPzusT%Cq1kyxuCZ8DgnKM1;nYksgrd@}ity)tYxzljx)!$`0N*lc|`j)QtQg zxyD-3`rg?A=`Ht&$yUwwKmsHhs);%Cz05el|105fcGG9RXsdy@OaPGTC)Yq`&_~{WadS1k>`>jX$9=>c;Lq;#Fu_Bv$(?^%V*^ky0&{ z@H*{j%3&WZ7@|DJ4Goa3lPG_!Vb58;aD#cpdC=4xUoN(ZA$#JdhM_?>@{PU(V{y>r z`&4J?_ddJqVm_35ts=V_N7b^|;j$N|hyFIhL`CnR@;BtE;wCoL+Ua+@gvvYhrrVOInD8gh>@+V$JPW3f8=F?Y9lu=vB zuU~Ar9*a^Thl-`RYzWwMCEVNd1DWlA${IIu36EwPf9pp>Q)Jt&vE8YI^U6YhOTfYb zOU^}S)P=f3j8KxsAnAds?S3xX3{lf>j&yp^7*8ZID?BdaY4+^-!|sV4f}p6>BOo&k zop@bE2+X2{In_LI`c*xn`i1TtD$ZPc4gr;E;GB^XI@IcQ;c`m){dEjJj*v|7c^F_Exa_eN;w)nyiaSyiLM-QDl1BXf3m1T@!8g-gl@SIX06;+$622%ZAb zEq{MeP+i2mIOXz0le`{e^P^UGth>i=cVX&0ucQ*l%m0eNWNXARL$PU<3bOhK?0|xI zd8KE+=vT41cMGNd0mBh$2jq8UL~Cw=D#(0IH7UMMEQX z)#bpgwW#`nX6Xtl(KzQThO@2STaEBvpPs&Uu+KJ8c5Rb)nCQhSC*pj)cxFCg6SdV( zbTyI#e18mvY|`$m2dHph=x|~j%7ym(C39JAJ4w^3c5K%UQYU>dj>^s_y!vw=ymf5^ zdjeLdev>kR7Tr!dktffxatNaJ%p9DqJlIMRjGt(l@P1PB#{EoY@dEW$I5x-*(K%4( zLl=`E7qy$TQti``RVw$NY!_hj@D!ly*9F{w%tcOx(y+P)Xaz2*u-C8fbIjj6!W7of z6?)h&vX|`>$CfQzQjavvAV430p=;QrmF!VthhS#IUxdv9S&2L8#d=(hF2R zw*7H+XTzX@sTU!Nrk?AeiBS-eE@Z3j$P$ZW;kAA>13%?;X)gXg#Zo>M3e0gMovnz}jyyRO}g zr0ec^qwf2&%j!L}wt;k-^M)GK`VZwhK15g1F8QwBy4at?TYDyKGHVLhT) zRvEF7(aV1XCtYq-l)yNP8YQavf)uI#S0-2Y=>6{;At^a&dHrWHqFvNhrs7>#3?;p1 ziyqLxvDNTTobR!#a{Hz3bAHK(?yr>!!?InaEI+KPAy&UZ>cRaTqwIO+YLrO8d+0o*=gPO#-Y`kr(|h7 z49x4$t3SHk1e%Yd2|f~D8DVw@(xvEE7>^*}-}Q&b`ZTx4Y?%nG%3ke1c{6*=0c-f{ z=Qvw(wz3Hue=`^hlD#}a{{!{^5Y)PzIfeBHp4v+w8%4*c$ZH_aH^^1EwhU_hk`(mGadEL#12QZ~r=e5Jb zJJ19k=C04wYPJN*?k{Oc4}Qk=+ySGy&sdvhHQgK8YZ1+O>y0`7#w}&+iRi_G{dm-P zE%d;mp7%exm+`-&1S$W`Ot5OkHE7KJIGz|(nTTKnpW1LDs>#Lh15!2>b*C;BCCKwa z==ILF-UrMPT;<9&CdMb@CX6zVXG?3nk59&LrFj*ok$MziK_?|+gb0QlXa8%+mC#cv zqai<{I~W*<+1moKa|y^QlW^@cY!Y12(EIWc@(<6>kQ5n}2s~FGoGuX+`))PE=Y_(o zHNzdPddixGUU+g5UyhqJF2R=*(Y&ZO`Zej556Dh~@wwcpO_|Ta-9dN;@kmQ4NAdd$ z5Qkj;fSE2;CfTRn|1{lMlO4H{`3%OkW*bH((!t-E)0{JlyWBi?wsIEfM|dfYjIBIl zPUiaLaP*vpYDA${{4*j%p~+BpKG4Wi*~De)_V0$AeIth=qem>n=j@00lHUW0Y=7Ol zox(&Knb^jwR5SuPnOT5j39XAgA=&)x35+^9H{BrldcmfSy+%HH?6FnjO;i_X;J~b` z+;4KLz?AncrG9I>%k#u|8>E*r2(glJvo$Mz2Q$dG6IfLP++lg3emxg!E7&0zs`@$-9N>xhFeVw-)2mf2j&oifbgqE}GPbl~B=)ts4eWRQ zJE36CLCaJ@PmKowdf%kprxhM2xLJ+H(G1E{p4x{Le{lk&*VH4Ckt3#`etz7@4G|LV zh&GyK^e3tV=eO)wOcoHQG{L}_%bPAS

  • 0+?qgmu`03Qc_Xigf&PnG-&CV=7AyVBwY04DN*wkC$pu$ISHU@x~~5w4#@Ig#$6ET`0vKvku^uhL|_ zkBYNGiB|+iJH!I1GndoIj+qf9@KtkgAQ3)SK#K2pkK^)2Zrj!OaN>7TX4w@R$Ch=X znC#-_0gqwIZr{(c$wb)Z#a>x=1NgNAPhdXO9mM1>y|zkWE9>7G1@D0fPiax0lcV($al!cx_DJKQ4+s!Qw7g766pnGeV{4& zZC7(hrWA4+e0ox5>s8BnWA;B@5`Sg76g=gf^yx>-SyPboMV3?~uPz5GC(*zJKD z##&9c?@KMOjry}t{|Lz8|9wS+@=-ti+U}(%uA6a6Y(k_c6go1r;b+XglgRglG^^=l zti9srT{Pp>`-vA>yD)`OMZQG5WdZV5l8xVNrzTVD*wf<2J5NroE{xVDbUCZ^-vSZH7_MHV+1T?4+YQ(AM9NK%jrW(7i*g~cePucc9 z(l#A>&3&1bQ_0c{4kR+M01jDyCE{WFK=$c1nF`(c7jee!5bEdZeep9k!gu&?CzD*h z(@J0GyxQPjzXtSUIRmeBqVaKwFoS_o9Xsh*VveTOv)J}ELO?K`dJI7gkwQw{+l)wY zd{X7~{Hie|ugquaQ6HzYSFbUp0UA|}+(IDx97U+G(6Qf=0_ZxfWbCg0-~v}9!5`Pe zHg4QEIU+xTnT#Fg<#fJaX#7D9aj8)i+Oo)ThG84&0(mp+-DmCk>-Xy6?>_g1I-tFU z&(!m~>6)E}4^?nW{tH$4+-vKO)|g->u-#XOfvOY)m55D)Qh4E})m7{KV476yM%UZ^ zkwyo|Bfeq3eEd0X!k0_A{RPn~327X0?;X%@+|q^NLiiD$M}EJ4lP56RV#q!z=N&$J zJo$hb=PMF@?n#7~|EmQ!{|VcY zaFN$cLiX*=4%ZP_qK1b4sh84umD#!z)2!F%R=FC(-~1`@w#oKx!*fehDyn@&Gjq?jWgNCj=wP|Lw})tlB+n4J#X z!W0O>JmIV6bq%sks_5}(S#go4)=JVKH~$?i15EpdaH=P23n|FR(jm$cL!b~ABrW)j&5xGY-FP%m zZmT*H!Z^pZ^qv#dKk;5lc~1n=h`GdK&-~VW`VuOJzkWRAChRWrM+kKhAslp$s~BH+ zo#hcp&s-fbCxe$CE1E$uF+Q8xrRk#w1mjQ^@XHD8duEcRN3jZ2Q@J{~6vysBv9LgV zxH~&UTx;Tf5?h+OjzQI-6uB8PG|L?m4*d&V2es1L>VCFh!yo(-ijy56z9JpRBrHDL z^`hYzj34U%0>%%Nl}>?;qF@8bjE7Pyw%B37X*fn#3*-Vgzu!Mt*&B98VW8+?Re zkgf5}Ln8gZn^!*mPpm>k#OQr-NFk5;;eBda$hLTel)=`-jUFF2*tf$Jz;Qp3I-dVB z_|~P|*S17xAc4YHN20vT>WuvH@-oDlUak?oSAi*6%%(E`eVLDWfGx)xX%{=51r0QO zCPMtEGx9b;ooRz(lm596E-G`da6dL)+ftwb7JCxFm)MnN!B^UA)h56WX!z0SFY5NT zeup%+iS#eYM=vBaLi-h-NcIQTDGJ0hTGHd7vCu88oTzbEu2j8u-Tx84 zJ!a8_v&VeNNx`2qi+j0q^UUPf=}z17H@21G&87a~Zu{FSvms)~5S0SGXmR@s1!*Pjp0eYRRf$jV+4rrYZp_AL#=M?)0PX<(92%eT#K{T^A!o*VI9!qqHQrZ5kxJ^vn-daC zk2K3Qh`a1}iTcw=o6x%-$KrQS*rxdQ+Wu%)Zov{?VQJY|Ckz;Vcx+f>(j$F;kA86Q z{vG0>v%302r&EiY%U|22$oFXBK%w!omecf^_oee7u^qj>$)}%o=iciut7~ZayUUZqS{<_Hd9W*eZb+erL_weRlL~L!Y!omQa zWL$NMvjhg-F|DmxQZ0YlnR~zd{x8!o*%aEx!z#ElM7ZxTgA#Vk!0l<@e-AMKwYecX zDH2(Bkoj?WC*|K?QUvj5iRueNF|@GO#&_;exGg#_1xH`Dy121=w>C-qypIok*&?n# zup0Ynie=sUc3b>@2#r5px=;&nw2ds;ZR^0x4VSa(p&LXwH3wSa^YW5rbNV%NM)pGT z80(<)eITY`L5Zy-GD%u&bCdxMA8q8r>xQtpKozNMN9*&q?aC%-E)KUfwf_L0;t}3d z%y()j)5^z^z3mMv4Ph`NTU*GLm)0`1 zM(K|xs$ODW>*a%!$x{#r_i8`n7R9K!M^EL;@C*9Ug@1~RieE0m91BDCQAa2>UVav* zuF?^@ah~IrjpKbMW-2sjiMyRbMC+LCjEpo97vv!OZz|N))#-04bxYuj|A2L~N+_s@ zwpKR!^ochLm8^IaHrrS&N~OhTlIseRrQoAAu;=jp`;}NVC#lr0rFlehUYiH(i_4C6 zBLjTaY5EBe_~q!VCmUbn+%=p<|6Wg$?dg~~Y$I;xW8q-tsB>kXct8eUDT(A7Ax-B;zf!lSaElEch@5C@_EnqoL~OR z*<|--Z|*)b_nDbzq^bLEl5CddmDD_qL>*0FR;A`8gCA}z&8L4m&90MZ_ZaE^-VfkL ztNivv!w9@WUM4_l!L9b$qA)e;U%TwLf3$JWlHGmMc(U#^4G$KPBD)KoWLG9QpBV08 zY-D7N4hGnDsKdE~=jtovSsD%YRB{a4etw<2C?9Ar9U>?X*PI|u3QG5MD_0Cs)js8e zO>TPkvV#cP3WZK#G|0CkZ1J?DM7&ftc~~Y{08NrNEW z(9~xjD2=X=($J^sG6|i;_%V`sGdc;H@(K(&UOJzEVpl+_;LHbVj=M}yGBcV0e^M25 ziuGq6W+s5Y7;BoT&nc?wTJ&Cst7iC-=k{W&G#r##He-1x))hm>0!i035sA}&ui zwb9}=k3WyRcDOeXEcSZRTiii|(L^LrQn7uV-yt}EU7JihM-LPbF-G%muUTzcqOy12NUF>c3=J-HbmOC}+n;mw7= z$`gog;g5&xCNObdNz9d(5iLKOAlq0rn>TBk!YhqkKcSy;z&;N2tbXpX{$+bg+9r|_ z9z`}0oupkwH2W^(t{`oyTcuxaXq~a)}H68NE?y-5Y_*BbH zGIi=%V5QwZ6H&5P0QPa#Q31SAJdCH+2Z5=peT*O5C^=rrj{7tS|=VNEq zAot#E;9NA<687;MnmQsi_+(J!3^MXY2KksZzY|CW*e^jx-d*K^!B1R6z*3mjGAdt; zFmnzGmr3_?B0JOmx6G!{WfWaUhecA?CHgCfx4GK~^8nvII!G2cf%AqOe!pwXJ-B_W z5VA(q@3|-OBllL@>}S&t@AK6vuB@M38gf&M(zF32U^^NfGgV{=`8rDu`TUd1xlzeW_N%06X%RHAagATK7Mk;TnFzBt8)HkHKif9_1C2#E zC=>Cw@Kt0)6g%`Sxr~NCI^l8hK-;pn$AKHkIo##Ez23R*V*$9VdEMyz3|De((C21M z=T)U0YQufO-0{*7LXa?ho=3o*I(i!!-nqO|o1Kc*F=}0Jnr(q@3cE$M>0}$qZW=sT z2=80^m<_IUFHM@btn-~lM#{o16ACX2bJ?$GNvDs_h5f73Msx;{-reVEnscPNR`%&2 zQ~YNh^53pGT}pcg-{~bG0zOMhp|95!4BgZNQ`%oog%hIP^~fMaX)}p1e&F!R-u9ed z=^4_L|M__@R%Z+2*ZJEb)3Z5p*A36aY?37(R7&r=ih?U3^_Ld(MLk8ZVx<1AVgciklHz=2AD5fk zZe>WC#LO4J;e5Am_)Q2kv7gmOE!)Tto1YBxdU`0*+{V_q!ro+wY-Z_81#H}pp(+Vw zQj)M*f(uF~dZ&_(%(*`wNqUcOwDcAlLaX;mJ*%{f1xr`oC-_`od#xivM!ss1A>3yK z5_9o$kK|vka5s1lJDqp5F`iUHC}G^9`FkweCxx1mCDL(l9)>KE%|FmWP&G_dAB-uW z{({oH>o+ykLFyKGoj{uWdo?HNF(W7!Krp)hk9r_{Mi+2q*{!IJH3Hv8%) zxx1Y^JV@EdeT{r9bdbMu{TN5>CtAiB?9A14Pe=Y~Zect6Ye?4A7UD}L{Ew!e$xve^ zJZjuTfO7(J)IdFIl^v2v9t4`lZUS)F>7;ABn^&z?;XlH5+#_J8WG%&v*>HeI|?R+P`Q*BcC05fi9Zw_0;}UT3sA%_huw^NzDxh{93ZV=b7QP zK|P}6MHculOSv^-}V@Sfi zULY?o@392P{^!<)CHIY=Bf?+cv-|lAf+?KC#Xm1hhvCe=4x^9itxQ{61^rTE%o?(} z)PCqeQXn7j51GdDqa~7wa`Wa*91D)4WXb0F~a74NHYxBM$n{lgJ6)*ilQk za*r!}vLwCpjelSSy@#qm@%3@uPE{auWZM*LnmtWt-WwnZe2O-Zq;KzAd{9%Nb~&d- zh6LBPCyAsl1C&Yp$1{x|<@7I_C{T?y-X0kKtU2H@eRjQS|6obD>p5G0Qd!LqT7$=L zN8NM=^*TDkjh0;QGHOgMZ^AESzo8<@lz5adai3ai%t|PAsc5FEUxe*o^E;ed{#sf# z9&QnXNYCAyxMG20TK(UCx4oU?Kmx3-%=4w4J=uD3Gv{znMZ(K^kW>2Q0J!+2!n8;&d@ z5^MaZC{@eJl;!q3bx7+b!P#}O&^ouT437K_wvDLMqH*a|PrQ;(eVC4%y|1O5ZK$Uh zFyn?u`*%-6s5@?48Z(ol{IinfjxM2Rbk9wwR(>9L=r>evVFS{`Mh?Y z8|Ti1M8$d2NF3??R6ZCBqb?Bo65=0TV0ZEy&X$x+U(x+Vo#|Z-b=J($7hzUab@PGL zsWa#uc)`63PO9be`#QHSIsR~`$^x2xjOFEXnEFe7E_aw{%Pd@)F3CNr|HF6Rn-yz* zzr&xT1_K^$Ot;JFA_imbd%vY^CZd`xvLLM#z-9qw;d47pb%h;0nimL64S&Qh2@~7A zwya*bQXZR8a7J&8`rC&GJZHJ#lZQ%R~M4Y-)MCb_2r#c_E~~ zNK5j1qP0pt(+@S}>H>MZ?t^98iKX7i*)Le1-uPKg#&&0bQ1-GH_JX7xgO~M#H+r?( zR)!bx?%0tRzukKJcEC#Ru;S4`2bly-6~rfC(s}DL-KJ+NVuU`Is!dY55$B_;@a*N3 z`F7luWM`K1NiWxL>YOIq@8H#}a=$5$OIpS6611F%=@pW^bp=00Y4d?()k>lglL~x7Z;o{tpG$u5~@mYg^ zR(SYA;|MJ_?w^2P&9(R6CQHnMQUn~o8eJPFiGrIcXOFd3Gy*ZMhQDHKpQUY11Hlm0 z@~%h7A$-tOQ~L4Y9{1Lv!<{rZa1yV7xZ{i@XY1!cWSn|?pVZv6UpMG3vdK09Y?BGy zPNv@o$6JobwCT7gZM6`v;PX3bM7RSDVf$dQG)Pt)Gf3llzhUI|jkhPmX05don~o{?ryz}X}nI%BntKyS!Y07dHzO#^@%+FOTP$<`NScq@1Bl7zT7?qua%Ye5x9t;Q|uP?ZV z?-IGa`Z{*>ArWzRhZ04+-n+eED>n76Jr8V~4^}}K2HcvD;l`Jk&g3emw}%^k%qEm4 z%1l8eqLFBQ(>r<`<1T$(21uPa-}Y#zVk9xpfB{udN(nou+Q97l#w2w@6PfoTAZ%bu zXP7sCXSRy@^V2AND*%7b@A2Zwg!`md6>wGn@}@z_qBC#Drel;S`Xs*&7|NR)Wz69D z>(1L}_uO$@ac+c$p&0}GhUZ4C0zMP(1-m~hVeFeftxB5$KvN?~H3|vmB=B$eIfpek z^jN2!<(I#c4iWr(A2YM*@sl|~10Ds(Iwk_N0=FvQIUb1BD&9Lb{{eWMTH+b0Gyn*_ z^Ej8-)3WMgvor@)o{HC+E<;0+_hTGV$?B8&;aHl_5S#!?j$BrU+G)tXmZz zo&~7zNswY)()fSFJ}gmg7BTS^A4u0a=Uifd-L$x4w)IL|C=?%-NQJKIt~sMTg9XABsu8-4aD0n|m55Kxho|BA&M!BTw?5}R9@HoZZm$KA5njwU|MFTB);)NTHLcSrA{C(+!>2NOS-RcHiJ3H&0oG zOSi&b6HB6eFM9o0PxyOw1CyY6BMjH7ASSa)p&9JaOG^2YY%x!vCgbuz*2)aJepU`Y3`8spHNGU7 zwO??82a=X=gq8SL(o*VI9%*(pzNZv0NB&11O<+I07;7i`ue}%((PPc5(P?^p?|$$f zi$hux*Ppi0^eUd%Lh&Q`15NkmFP}6%D$kqcX)Z0Mysrc}H55f;nJnA}6euky3*A1# zgH`Y$kOAx30Kr9k#zQOgCnF2;6fSy_fTsousXw)y!97{R2_T*6r{l0;(a|G9IAka^ zfrw)(Un3)O+4MNoxOv;Tq0F-AS)KpcCz+8|nTCh|I+gehr8l#hX`E9Pp4GZ-bWCpT z3E0d#O&s}^HYlvNYRP>iubu(~_s2Xx#v9VNlCzDUBNH($ruNeG0 zrD_vIXt7pb+T!vqonfe|zj?piec$l72knXi<2E)Kr2vv7$82>Ms5yNBrl zTQCz?WY;~-0O?h3j3e+tE0zq`?>qUFBx829YaERk!3Hu-duO4zwVDE{>~`Kbm%YDM zFBOh@iW9q*9MR>Ocs4C3nvW2Z;^OA|7``aOkmH4;kFX4i??6-%f9 zDxze-_)>m9QPn!nP86$rt^ zLf1j~D_JDCLwtMd|183jci_m-uYR$h$hn{@n#TC?R=|ZzE;W?2pT*XMLGLiNGpM2#qMLrf;uO~`reA^;; zbuka<0^q(^mXm(P(<$zhQa6MOtJ6H>HzYV`tP<$82CPj1I9NJ!B{Mej!2)LyqfY7P znTn|GBKYo}LO{Rm&fiKMMbg}=XgRVx1`o|TVW5Q&Z>3<$62*)h>`lcSAsCq&VW{=7 z8wFPK;Ek-v{!IWS_*BpZAr_pZ(EH4*2?aWAgw0=1_M3mlus$gH!}@5J`kD=^oFGm) zFMc6kMg16l@ao^+Irgi_&;kW|;scwhS&hEhz!%8ZHo8^J_BmOdvlz$E`et%GoySGz z)UrzUal}PBs%xxtc@$OO^K6Y7xm2ma2YfQr=BpEOKu}IGg@1%hHnZwMQ+{XSgs3nx zoRqMd(Q)>Qlit}f9VPkJ!68Nhr~)7qdx-mkt`Wl3uP ztmF1w*hP#Z0vQ9b`Q_)gwP6+m609*>_r#rNGyYAg66D{M<#D) z55Z7k9yhNjz32Ri7+{DnE{j&!`Vi|S6?;%xXemClxZtb1P>r)!)yrE(qG(eWt9k$oi zQXZJ=eHZogv*n(2$Fq3p14)qF`T*kliyCnu3fbh&90qrTi^srJz6aozx4(glhA*lb}&>@ z3dDeeCj*_MA^Y^510O_kMh(+yoLZd8C_2>F<#R7ya1R^u=Brw8gx(Gm7wMmU&HW;` zQx>kF^L#TNH%i7vzrS_8=yj>#FVJ}G5@j}7Ny}fFR@%1Bj#tW5Q!rALH@7D>|1n`mQo1Q&mvKREuUv#l_o-^?+6Zj)>*ZN-(HdRP=)X4V zEiH~Kc#CS+Cp6TZDEnG7@yP7{eXEZ9pP{k)$bSzL%}cU_=RE3}nnw9$883bj@eU}x z;~h^tQW@IaFhU5wppybOq1P#!KRbEIB(E|XJSZ;qJhWABVeZQ{t8?zeirYyz&3P$_ z;1St3lgcbRz51AK)B&2tstwpOWLxJ^dP%UEF<59?_>q`DYYHbR`iOZYoG!mmkvpt& zoIe6R`Hk}UI|}x9r+Bol(iOr!c#&?-8Bg-slod6HsAC112 zF&7By&uCnH9WzH5z^KroeygKOU5FMpk2pd!3%FzPId;8%ZRA(1u|lr&z5=$TwxNo7 zuul6Xvn}+czFIrq@xEw*P*QVml`=c6l^{)i-KrNFd#^R9F#v0p;fV ztD6LmiOum)DG-v-PTWy!tr9J4)Z0y*%2CPXgf8Ydm}sO8!iJ08{f!TUKB<=Qwdb8k zG?MfC)w~&~T3KkOTLloE4K;ATq53T$6>SNaEy@8ko!H zCYsxm-tA@URQJBnez)37riZ1?5MU^2`EA~2l8)-j$Ipjb@pf@?FIJYyimd5)IogT} z%k(}YALz@bjRuHLGfeS}obmrF8tF(3gPx+??B4RA;&+2#fi|o#@!3@1zlh zE{wmeb{lJWwvJTW=xw<*2yrPpdGGv+S!M**yc$HJg%a{AOh&G|+WuEuBkgH18hxvU zLuz4DvPcpnA}+Fa(zI32^?95_agL{WX5vmgH9T1JsH61akg`-rVmCbaHC(Z@Nr~|y z=XGd&w{}hGteK{6Q+`gZ*@gLE5zIbYR&$XdgYsC7saGoS7`^2EwiOeMdJ%jBe6VO7 zqF|OedvR_~%;o!$4QK34^m#A{n{GVaL>_*fQ?w=Zj4`q>pZ{gL0CHC(fkNu>8%$S| z^zRwg#r7%Dxpo1NPZvv=wQ_P@eR*}Mk!DyEV0 zb~>z=+;5XM*?btIj>da(ji-DO-a)KO;U&vyO!!W8cyvAkIXD<+OfM3-S5O)auvWaM zBHBm?g!nHNi4Q!K=5>Wvez$zWKWiWmH@0Y;iN1C^jd2oaX6r*`3$YcD|5>JG8$3{Y z{Nc*XKW!#krvq~+`E5*b!TYvZY~AXdX*w7mLCQs`!-e`Kd7ftG`HoSXYpRR&_i|G} zu`EW%A?+iQ5HkQ#sCeix&{k&r<`a)5#slAV^|NBtpN`e1Rwfa?{k0mnLLZn4Qk+pQ zftE2a2i5Wk$Q2+XwJj~?j2f|X6XfoBBjZ2c-)q1-gr7~`#a&}^uj^6z>{n^61W zf&)F9?KJTn^n}yIS`)T4Fl*%U#jkH4h(`w+>`7Oy?|i#u+gJt^(3dj(?%7zE?iaV& ze*1n3m-7c!5PBT++x5l(+`gPe3r;F?!z(LR(UksDq+MpzjP5mank;MDbXwChON#)s zgSRRS=6tzBX$DvwV;st32 zOMnsA2h$S`Ic~U9v-f54NIhRyK1!F@!@gS?WIhcYFMv@oi)1vBI~K2fowla2F@XwN zKeN5BE~ap8Au#lwM3-4nTfn~VULbcBWpDt6M9F*P$N?cvF{r}xMP5$IIqWN5-`^&U zcWMN?&x&`a$WANQ7Ki&kMkycUlV>b??!o33(_z!x6&!65 zhaM1L`5+STmx@X8YgZcE-R#vL5{_G*P|qx5`M$2muI)*}w|Zf!HFv|8OV*0%J4?(sXu zVTVC-Q=d55B1i7MnP3+9$x+85GFwGk%bTdQ-pxxh$$WqPF3wLD=4t%GrdTz;0h3RK zM;d&d|7l}gGh7_;aQV|Zbs@|z@;-0L8E>aPtQ!8OT3Y(AofY>0hhkrz^ZE)2p^q> zTX?7MRdd>1&!bQV(tC}g;B+F`=-TJp5Vnnhn3HHT>H(Xc`9!Edw8-Q=)y!|U!?Nz}XhNCv!NZj4+&VNP63h>8^FPp0Re9(M- zmwPOcuoUGSl_BcsDwCIDDPtxW&Xu3yZ2eqO*&##R`*5Mr-MmLNSflOF2a}zdx-Gxn zqIp_Q4XQZw5*lQP%&l|UmGdJLH8a7FxP;AB+KASJgY+-rrZ;qnxRq>SZ0a@TmVzXd zH&8p2*fX_${a=SyGN{vH>N(<4X3@A1v;o5n4#GJEe~ zF3Ewd0D**ec9}Kt|G4EP#p^y9171?76n4ND8lOoT#(iGj;{gr~%1NfcS)x44$?rnr zOSrfHLQfG0qsdb}&FyPxi)`hkqBQVe96BD-(*;5J zG{~~_QlmorZQ@YiJpgw9eLxICibbFbV^ARfpMzf&{PP@bf<0mXI}`XeI|!M<2h)i_ z82o<@VtoTCFAbxgUH|WLz&HjVu+lB@GJ_NP|2arX4h)lxzj*?z%Kr`i8-#ubNp=XJ Udla_q1pzN*c@4QT8H>RG2e&-vMF0Q* diff --git a/copy-of-sdk-docs/docs/learn/learn.md b/copy-of-sdk-docs/docs/learn/learn.md deleted file mode 100644 index ff14d726..00000000 --- a/copy-of-sdk-docs/docs/learn/learn.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -sidebar_position: 0 ---- -# Learn - -* [Introduction](./intro/00-overview.md) - Dive into the fundamentals of Cosmos SDK with an insightful introduction, -laying the groundwork for understanding blockchain development. In this section we provide a High-Level Overview of the SDK, then dive deeper into Core concepts such as Application-Specific Blockchains, Blockchain Architecture, and finally we begin to explore the main components of the SDK. -* [Beginner](./beginner/00-app-anatomy.md) - Start your journey with beginner-friendly resources in the Cosmos SDK's "Learn" -section, providing a gentle entry point for newcomers to blockchain development. Here we focus on a little more detail, covering the Anatomy of a Cosmos SDK Application, Transaction Lifecycles, Accounts and lastly, Gas and Fees. -* [Advanced](./advanced/00-baseapp.md) - Level up your Cosmos SDK expertise with advanced topics, tailored for experienced -developers diving into intricate blockchain application development. We cover the Cosmos SDK on a lower level as we dive into the core of the SDK with BaseApp, Transactions, Context, Node Client (Daemon), Store, Encoding, gRPC, REST, and CometBFT Endpoints, CLI, Events, Telemetry, Object-Capability Model, RunTx recovery middleware, Cosmos Blockchain Simulator, Protobuf Documentation, In-Place Store Migrations, Configuration and AutoCLI. diff --git a/copy-of-sdk-docs/docs/tutorials/_category_.json b/copy-of-sdk-docs/docs/tutorials/_category_.json deleted file mode 100644 index f27bca92..00000000 --- a/copy-of-sdk-docs/docs/tutorials/_category_.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "label": "Advanced Tutorials", - "position": 2, - "link": null -} \ No newline at end of file diff --git a/copy-of-sdk-docs/docs/tutorials/transactions/00-building-a-transaction.md b/copy-of-sdk-docs/docs/tutorials/transactions/00-building-a-transaction.md deleted file mode 100644 index 3751a2c2..00000000 --- a/copy-of-sdk-docs/docs/tutorials/transactions/00-building-a-transaction.md +++ /dev/null @@ -1,190 +0,0 @@ -# Building a Transaction - -These are the steps to build, sign and broadcast a transaction using v2 semantics. - -1. Correctly set up imports - -```go -import ( - "context" - "fmt" - "log" - - "google.golang.org/grpc" - "google.golang.org/grpc/credentials/insecure" - - apisigning "cosmossdk.io/api/cosmos/tx/signing/v1beta1" - "cosmossdk.io/client/v2/broadcast/comet" - "cosmossdk.io/client/v2/tx" - "cosmossdk.io/core/transaction" - "cosmossdk.io/math" - banktypes "cosmossdk.io/x/bank/types" - codectypes "github.com/cosmos/cosmos-sdk/codec/types" - cryptocodec "github.com/cosmos/cosmos-sdk/crypto/codec" - "github.com/cosmos/cosmos-sdk/crypto/keyring" - authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" - - "github.com/cosmos/cosmos-sdk/codec" - addrcodec "github.com/cosmos/cosmos-sdk/codec/address" - sdk "github.com/cosmos/cosmos-sdk/types" -) - -``` - -2. Create a gRPC connection - -```go -clientConn, err := grpc.NewClient("127.0.0.1:9090", grpc.WithTransportCredentials(insecure.NewCredentials())) -if err != nil { - log.Fatal(err) -} -``` - -3. Setup codec and interface registry - -```go - // Setup interface registry and register necessary interfaces - interfaceRegistry := codectypes.NewInterfaceRegistry() - banktypes.RegisterInterfaces(interfaceRegistry) - authtypes.RegisterInterfaces(interfaceRegistry) - cryptocodec.RegisterInterfaces(interfaceRegistry) - - // Create a ProtoCodec for encoding/decoding - protoCodec := codec.NewProtoCodec(interfaceRegistry) - -``` - -4. Initialize keyring - -```go - - ckr, err := keyring.New("autoclikeyring", "test", home, nil, protoCodec) - if err != nil { - log.Fatal("error creating keyring", err) - } - kr, err := keyring.NewAutoCLIKeyring(ckr, addrcodec.NewBech32Codec("cosmos")) - if err != nil { - log.Fatal("error creating auto cli keyring", err) - } - - -``` - -5. Setup transaction parameters - -```go - - // Setup transaction parameters - txParams := tx.TxParameters{ - ChainID: "simapp-v2-chain", - SignMode: apisigning.SignMode_SIGN_MODE_DIRECT, - AccountConfig: tx.AccountConfig{ - FromAddress: "cosmos1t0fmn0lyp2v99ga55mm37mpnqrlnc4xcs2hhhy", - FromName: "alice", - }, - } - - // Configure gas settings - gasConfig, err := tx.NewGasConfig(100, 100, "0stake") - if err != nil { - log.Fatal("error creating gas config: ", err) - } - txParams.GasConfig = gasConfig - - // Create auth query client - authClient := authtypes.NewQueryClient(clientConn) - - // Retrieve account information for the sender - fromAccount, err := getAccount("cosmos1t0fmn0lyp2v99ga55mm37mpnqrlnc4xcs2hhhy", authClient, protoCodec) - if err != nil { - log.Fatal("error getting from account: ", err) - } - - // Update txParams with the correct account number and sequence - txParams.AccountConfig.AccountNumber = fromAccount.GetAccountNumber() - txParams.AccountConfig.Sequence = fromAccount.GetSequence() - - // Retrieve account information for the recipient - toAccount, err := getAccount("cosmos1e2wanzh89mlwct7cs7eumxf7mrh5m3ykpsh66m", authClient, protoCodec) - if err != nil { - log.Fatal("error getting to account: ", err) - } - - // Configure transaction settings - txConf, _ := tx.NewTxConfig(tx.ConfigOptions{ - AddressCodec: addrcodec.NewBech32Codec("cosmos"), - Cdc: protoCodec, - ValidatorAddressCodec: addrcodec.NewBech32Codec("cosmosval"), - EnabledSignModes: []apisigning.SignMode{apisigning.SignMode_SIGN_MODE_DIRECT}, - }) -``` - -6. Build the transaction - -```go -// Create a transaction factory - f, err := tx.NewFactory(kr, codec.NewProtoCodec(codectypes.NewInterfaceRegistry()), nil, txConf, addrcodec.NewBech32Codec("cosmos"), clientConn, txParams) - if err != nil { - log.Fatal("error creating factory", err) - } - - // Define the transaction message - msgs := []transaction.Msg{ - &banktypes.MsgSend{ - FromAddress: fromAccount.GetAddress().String(), - ToAddress: toAccount.GetAddress().String(), - Amount: sdk.Coins{ - sdk.NewCoin("stake", math.NewInt(1000000)), - }, - }, - } - - // Build and sign the transaction - tx, err := f.BuildsSignedTx(context.Background(), msgs...) - if err != nil { - log.Fatal("error building signed tx", err) - } - - -``` - -7. Broadcast the transaction - -```go -// Create a broadcaster for the transaction - c, err := comet.NewCometBFTBroadcaster("http://127.0.0.1:26657", comet.BroadcastSync, protoCodec) - if err != nil { - log.Fatal("error creating comet broadcaster", err) - } - - // Broadcast the transaction - res, err := c.Broadcast(context.Background(), tx.Bytes()) - if err != nil { - log.Fatal("error broadcasting tx", err) - } - -``` - -8. Helpers - -```go -// getAccount retrieves account information using the provided address -func getAccount(address string, authClient authtypes.QueryClient, codec codec.Codec) (sdk.AccountI, error) { - // Query account info - accountQuery, err := authClient.Account(context.Background(), &authtypes.QueryAccountRequest{ - Address: string(address), - }) - if err != nil { - return nil, fmt.Errorf("error getting account: %w", err) - } - - // Unpack the account information - var account sdk.AccountI - err = codec.InterfaceRegistry().UnpackAny(accountQuery.Account, &account) - if err != nil { - return nil, fmt.Errorf("error unpacking account: %w", err) - } - - return account, nil -} -``` \ No newline at end of file diff --git a/copy-of-sdk-docs/docs/tutorials/transactions/_category_.json b/copy-of-sdk-docs/docs/tutorials/transactions/_category_.json deleted file mode 100644 index 5b0cdfc1..00000000 --- a/copy-of-sdk-docs/docs/tutorials/transactions/_category_.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "label": "Transaction Tutorials", - "position": 2, - "link": null -} \ No newline at end of file diff --git a/copy-of-sdk-docs/docs/tutorials/tutorials.md b/copy-of-sdk-docs/docs/tutorials/tutorials.md deleted file mode 100644 index e6828c9f..00000000 --- a/copy-of-sdk-docs/docs/tutorials/tutorials.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -sidebar_position: 0 ---- -# Tutorials - -## Advanced Tutorials - -This section provides a concise overview of tutorials focused on implementing vote extensions in the Cosmos SDK. Vote extensions are a powerful feature for enhancing the security and fairness of blockchain applications, particularly in scenarios like implementing oracles and mitigating auction front-running. - -* **Implementing Oracle with Vote Extensions** - This tutorial details how to use vote extensions for the implementation of a secure and reliable oracle within a blockchain application. It demonstrates the use of vote extensions to securely include oracle data submissions in blocks, ensuring the data's integrity and reliability for the blockchain. - -* **Mitigating Auction Front-Running with Vote Extensions** - Explore how to prevent auction front-running using vote extensions. This tutorial outlines the creation of a module aimed at mitigating front-running in nameservice auctions, emphasising the `ExtendVote`, `PrepareProposal`, and `ProcessProposal` functions to facilitate a fair auction process. \ No newline at end of file diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/_category_.json b/copy-of-sdk-docs/docs/tutorials/vote-extensions/_category_.json deleted file mode 100644 index a2aecebd..00000000 --- a/copy-of-sdk-docs/docs/tutorials/vote-extensions/_category_.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "label": "Vote Extensions Tutorials", - "position": 1, - "link": null -} \ No newline at end of file diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/00-getting-started.md b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/00-getting-started.md deleted file mode 100644 index a68a6e15..00000000 --- a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/00-getting-started.md +++ /dev/null @@ -1,40 +0,0 @@ -# Getting Started - -## Table of Contents - -- [Getting Started](#overview-of-the-project) -- [Understanding Front-Running](./01-understanding-frontrunning.md) -- [Mitigating Front-running with Vote Extensions](./02-mitigating-front-running-with-vote-extesions.md) -- [Demo of Mitigating Front-Running](./03-demo-of-mitigating-front-running.md) - -## Getting Started - -### Overview of the Project - -This tutorial outlines the development of a module designed to mitigate front-running in nameservice auctions. The following functions are central to this module: - -* `ExtendVote`: Gathers bids from the mempool and includes them in the vote extension to ensure a fair and transparent auction process. -* `PrepareProposal`: Processes the vote extensions from the previous block, creating a special transaction that encapsulates bids to be included in the current proposal. -* `ProcessProposal`: Validates that the first transaction in the proposal is the special transaction containing the vote extensions and ensures the integrity of the bids. - -In this advanced tutorial, we will be working with an example application that facilitates the auctioning of nameservices. To see what frontrunning and nameservices are [here](./01-understanding-frontrunning.md) This application provides a practical use case to explore the prevention of auction front-running, also known as "bid sniping", where a validator takes advantage of seeing a bid in the mempool to place their own higher bid before the original bid is processed. - -The tutorial will guide you through using the Cosmos SDK to mitigate front-running using vote extensions. The module will be built on top of the base blockchain provided in the `tutorials/base` directory and will use the `auction` module as a foundation. By the end of this tutorial, you will have a better understanding of how to prevent front-running in blockchain auctions, specifically in the context of nameservice auctioning. - -## What are Vote extensions? - -Vote extensions is arbitrary information which can be inserted into a block. This feature is part of ABCI 2.0, which is available for use in the SDK 0.50 release and part of the 0.38 CometBFT release. - -More information about vote extensions can be seen [here](https://docs.cosmos.network/main/build/abci/vote-extensions). - -## Requirements and Setup - -Before diving into the advanced tutorial on auction front-running simulation, ensure you meet the following requirements: - -* [Golang >1.21.5](https://golang.org/doc/install) installed -* Familiarity with the concepts of front-running and MEV, as detailed in [Understanding Front-Running](./01-understanding-frontrunning.md) -* Understanding of Vote Extensions as described [here](https://docs.cosmos.network/main/build/abci/vote-extensions) - -You will also need a foundational blockchain to build upon coupled with your own module. The `tutorials/base` directory has the necessary blockchain code to start your custom project with the Cosmos SDK. For the module, you can use the `auction` module provided in the `tutorials/auction/x/auction` directory as a reference but please be aware that all of the code needed to implement vote extensions is already implemented in this module. - -This will set up a strong base for your blockchain, enabling the integration of advanced features such as auction front-running simulation. diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/01-understanding-frontrunning.md b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/01-understanding-frontrunning.md deleted file mode 100644 index 31602b0e..00000000 --- a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/01-understanding-frontrunning.md +++ /dev/null @@ -1,41 +0,0 @@ -# Understanding Front-Running and more - -## Introduction - -Blockchain technology is vulnerable to practices that can affect the fairness and security of the network. Two such practices are front-running and Maximal Extractable Value (MEV), which are important for blockchain participants to understand. - -## What is Front-Running? - -Front-running is when someone, such as a validator, uses their ability to see pending transactions to execute their own transactions first, benefiting from the knowledge of upcoming transactions. In nameservice auctions, a front-runner might place a higher bid before the original bid is confirmed, unfairly winning the auction. - -## Nameservices and Nameservice Auctions - -Nameservices are human-readable identifiers on a blockchain, akin to internet domain names, that correspond to specific addresses or resources. They simplify interactions with typically long and complex blockchain addresses, allowing users to have a memorable and unique identifier for their blockchain address or smart contract. - -Nameservice auctions are the process by which these identifiers are bid on and acquired. To combat front-running—where someone might use knowledge of pending bids to place a higher bid first—mechanisms such as commit-reveal schemes, auction extensions, and fair sequencing are implemented. These strategies ensure a transparent and fair bidding process, reducing the potential for Maximal Extractable Value (MEV) exploitation. - -## What is Maximal Extractable Value (MEV)? - -MEV is the highest value that can be extracted by manipulating the order of transactions within a block, beyond the standard block rewards and fees. This has become more prominent with the growth of decentralised finance (DeFi), where transaction order can greatly affect profits. - -## Implications of MEV - -MEV can lead to: - -- **Network Security**: Potential centralisation, as those with more computational power might dominate the process, increasing the risk of attacks. -- **Market Fairness**: An uneven playing field where only a few can gain at the expense of the majority. -- **User Experience**: Higher fees and network congestion due to the competition for MEV. - -## Mitigating MEV and Front-Running - -Some solutions being developed to mitigate MEV and front-running, including: - -- **Time-delayed Transactions**: Random delays to make transaction timing unpredictable. -- **Private Transaction Pools**: Concealing transactions until they are mined. -- **Fair Sequencing Services**: Processing transactions in the order they are received. - -For this tutorial, we will be exploring the last solution, fair sequencing services, in the context of nameservice auctions. - -## Conclusion - -MEV and front-running are challenges to blockchain integrity and fairness. Ongoing innovation and implementation of mitigation strategies are crucial for the ecosystem's health and success. diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md deleted file mode 100644 index a3d7549e..00000000 --- a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md +++ /dev/null @@ -1,331 +0,0 @@ -# Mitigating Front-running with Vote Extensions - -## Table of Contents - -* [Prerequisites](#prerequisites) -* [Implementing Structs for Vote Extensions](#implementing-structs-for-vote-extensions) -* [Implementing Handlers and Configuring Handlers](#implementing-handlers-and-configuring-handlers) - -## Prerequisites - -Before implementing vote extensions to mitigate front-running, ensure you have a module ready to implement the vote extensions with. If you need to create or reference a similar module, see `x/auction` for guidance. - -In this section, we will discuss the steps to mitigate front-running using vote extensions. We will introduce new types within the `abci/types.go` file. These types will be used to handle the process of preparing proposals, processing proposals, and handling vote extensions. - -### Implementing Structs for Vote Extensions - -First, copy the following structs into the `abci/types.go` and each of these structs serves a specific purpose in the process of mitigating front-running using vote extensions: - -```go -package abci - -import ( - //import the necessary files -) - -type PrepareProposalHandler struct { - logger log.Logger - txConfig client.TxConfig - cdc codec.Codec - mempool *mempool.ThresholdMempool - txProvider provider.TxProvider - keyname string - runProvider bool -} -``` - -The `PrepareProposalHandler` struct is used to handle the preparation of a proposal in the consensus process. It contains several fields: logger for logging information and errors, txConfig for transaction configuration, cdc (Codec) for encoding and decoding transactions, mempool for referencing the set of unconfirmed transactions, txProvider for building the proposal with transactions, keyname for the name of the key used for signing transactions, and runProvider, a boolean flag indicating whether the provider should be run to build the proposal. - -```go -type ProcessProposalHandler struct { - TxConfig client.TxConfig - Codec codec.Codec - Logger log.Logger -} -``` - -After the proposal has been prepared and vote extensions have been included, the `ProcessProposalHandler` is used to process the proposal. This includes validating the proposal and the included vote extensions. The `ProcessProposalHandler` allows you to access the transaction configuration and codec, which are necessary for processing the vote extensions. - -```go -type VoteExtHandler struct { - logger log.Logger - currentBlock int64 - mempool *mempool.ThresholdMempool - cdc codec.Codec -} -``` - -This struct is used to handle vote extensions. It contains a logger for logging events, the current block number, a mempool for storing transactions, and a codec for encoding and decoding. Vote extensions are a key part of the process to mitigate front-running, as they allow for additional information to be included with each vote. - -```go -type InjectedVoteExt struct { - VoteExtSigner []byte - Bids [][]byte -} - -type InjectedVotes struct { - Votes []InjectedVoteExt -} -``` - -These structs are used to handle injected vote extensions. They include the signer of the vote extension and the bids associated with the vote extension. Each byte array in Bids is a serialised form of a bid transaction. Injected vote extensions are used to add additional information to a vote after it has been created, which can be useful for adding context or additional data to a vote. The serialised bid transactions provide a way to include complex transaction data in a compact, efficient format. - -```go -type AppVoteExtension struct { - Height int64 - Bids [][]byte -} -``` - -This struct is used for application vote extensions. It includes the height of the block and the bids associated with the vote extension. Application vote extensions are used to add additional information to a vote at the application level, which can be useful for adding context or additional data to a vote that is specific to the application. - -```go -type SpecialTransaction struct { - Height int - Bids [][]byte -} -``` - -This struct is used for special transactions. It includes the height of the block and the bids associated with the transaction. Special transactions are used for transactions that need to be handled differently from regular transactions, such as transactions that are part of the process to mitigate front-running. - -### Implementing Handlers and Configuring Handlers - -To establish the `VoteExtensionHandler`, follow these steps: - -1. Navigate to the `abci/proposal.go` file. This is where we will implement the `VoteExtensionHandler``. - -2. Implement the `NewVoteExtensionHandler` function. This function is a constructor for the `VoteExtHandler` struct. It takes a logger, a mempool, and a codec as parameters and returns a new instance of `VoteExtHandler`. - -```go -func NewVoteExtensionHandler(lg log.Logger, mp *mempool.ThresholdMempool, cdc codec.Codec) *VoteExtHandler { - return &VoteExtHandler{ - logger: lg, - mempool: mp, - cdc: cdc, - } -} -``` - -3. Implement the `ExtendVoteHandler()` method. This method should handle the logic of extending votes, including inspecting the mempool and submitting a list of all pending bids. This will allow you to access the list of unconfirmed transactions in the abci.`RequestPrepareProposal` during the ensuing block. - -```go -func (h *VoteExtHandler) ExtendVoteHandler() sdk.ExtendVoteHandler { - return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { - h.logger.Info(fmt.Sprintf("Extending votes at block height : %v", req.Height)) - - voteExtBids := [][]byte{} - - // Get mempool txs - itr := h.mempool.SelectPending(context.Background(), nil) - for itr != nil { - tmptx := itr.Tx() - sdkMsgs := tmptx.GetMsgs() - - // Iterate through msgs, check for any bids - for _, msg := range sdkMsgs { - switch msg := msg.(type) { - case *nstypes.MsgBid: - // Marshal sdk bids to []byte - bz, err := h.cdc.Marshal(msg) - if err != nil { - h.logger.Error(fmt.Sprintf("Error marshalling VE Bid : %v", err)) - break - } - voteExtBids = append(voteExtBids, bz) - default: - } - } - - // Move tx to ready pool - err := h.mempool.Update(context.Background(), tmptx) - - // Remove tx from app side mempool - if err != nil { - h.logger.Info(fmt.Sprintf("Unable to update mempool tx: %v", err)) - } - - itr = itr.Next() - } - - // Create vote extension - voteExt := AppVoteExtension{ - Height: req.Height, - Bids: voteExtBids, - } - - // Encode Vote Extension - bz, err := json.Marshal(voteExt) - if err != nil { - return nil, fmt.Errorf("Error marshalling VE: %w", err) - } - - return &abci.ResponseExtendVote{VoteExtension: bz}, nil -} -``` - -4. Configure the handler in `app/app.go` as shown below - -```go -bApp := baseapp.NewBaseApp(AppName, logger, db, txConfig.TxDecoder(), baseAppOptions...) -voteExtHandler := abci2.NewVoteExtensionHandler(logger, mempool, appCodec) -bApp.SetExtendVoteHandler(voteExtHandler.ExtendVoteHandler()) -``` - -To give a bit of context on what is happening above, we first create a new instance of `VoteExtensionHandler` with the necessary dependencies (logger, mempool, and codec). Then, we set this handler as the `ExtendVoteHandler` for our application. This means that whenever a vote needs to be extended, our custom `ExtendVoteHandler()` method will be called. - -To test if vote extensions have been propagated, add the following to the `PrepareProposalHandler`: - -```go -if req.Height > 2 { - voteExt := req.GetLocalLastCommit() - h.logger.Info(fmt.Sprintf(" :: Get vote extensions: %v", voteExt)) -} -``` - -This is how the whole function should look: - -```go -func (h *PrepareProposalHandler) PrepareProposalHandler() sdk.PrepareProposalHandler { - return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { - h.logger.Info(fmt.Sprintf(" :: Prepare Proposal")) - var proposalTxs [][]byte - - var txs []sdk.Tx - - // Get Vote Extensions - if req.Height > 2 { - voteExt := req.GetLocalLastCommit() - h.logger.Info(fmt.Sprintf(" :: Get vote extensions: %v", voteExt)) - } - - itr := h.mempool.Select(context.Background(), nil) - for itr != nil { - tmptx := itr.Tx() - - txs = append(txs, tmptx) - itr = itr.Next() - } - h.logger.Info(fmt.Sprintf(" :: Number of Transactions available from mempool: %v", len(txs))) - - if h.runProvider { - tmpMsgs, err := h.txProvider.BuildProposal(ctx, txs) - if err != nil { - h.logger.Error(fmt.Sprintf(" :: Error Building Custom Proposal: %v", err)) - } - txs = tmpMsgs - } - - for _, sdkTxs := range txs { - txBytes, err := h.txConfig.TxEncoder()(sdkTxs) - if err != nil { - h.logger.Info(fmt.Sprintf("~Error encoding transaction: %v", err.Error())) - } - proposalTxs = append(proposalTxs, txBytes) - } - - h.logger.Info(fmt.Sprintf(" :: Number of Transactions in proposal: %v", len(proposalTxs))) - - return &abci.ResponsePrepareProposal{Txs: proposalTxs}, nil - } -} -``` - -As mentioned above, we check if vote extensions have been propagated, you can do this by checking the logs for any relevant messages such as ` :: Get vote extensions:`. If the logs do not provide enough information, you can also reinitialise your local testing environment by running the `./scripts/single_node/setup.sh` script again. - -5. Implement the `ProcessProposalHandler()`. This function is responsible for processing the proposal. It should handle the logic of processing vote extensions, including inspecting the proposal and validating the bids. - -```go -func (h *ProcessProposalHandler) ProcessProposalHandler() sdk.ProcessProposalHandler { - return func(ctx sdk.Context, req *abci.RequestProcessProposal) (resp *abci.ResponseProcessProposal, err error) { - h.Logger.Info(fmt.Sprintf(" :: Process Proposal")) - - // The first transaction will always be the Special Transaction - numTxs := len(req.Txs) - - h.Logger.Info(fmt.Sprintf(":: Number of transactions :: %v", numTxs)) - - if numTxs >= 1 { - var st SpecialTransaction - err = json.Unmarshal(req.Txs[0], &st) - if err != nil { - h.Logger.Error(fmt.Sprintf(":: Error unmarshalling special Tx in Process Proposal :: %v", err)) - } - if len(st.Bids) > 0 { - h.Logger.Info(fmt.Sprintf(":: There are bids in the Special Transaction")) - var bids []nstypes.MsgBid - for i, b := range st.Bids { - var bid nstypes.MsgBid - h.Codec.Unmarshal(b, &bid) - h.Logger.Info(fmt.Sprintf(":: Special Transaction Bid No %v :: %v", i, bid)) - bids = append(bids, bid) - } - // Validate Bids in Tx - txs := req.Txs[1:] - ok, err := ValidateBids(h.TxConfig, bids, txs, h.Logger) - if err != nil { - h.Logger.Error(fmt.Sprintf(":: Error validating bids in Process Proposal :: %v", err)) - return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil - } - if !ok { - h.Logger.Error(fmt.Sprintf(":: Unable to validate bids in Process Proposal :: %v", err)) - return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil - } - h.Logger.Info(":: Successfully validated bids in Process Proposal") - } - } - - return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil - } -} -``` - -6. Implement the `ProcessVoteExtensions()` function. This function should handle the logic of processing vote extensions, including validating the bids. - -```go -func processVoteExtensions(req *abci.RequestPrepareProposal, log log.Logger) (SpecialTransaction, error) { - log.Info(fmt.Sprintf(" :: Process Vote Extensions")) - - // Create empty response - st := SpecialTransaction{ - 0, - [][]byte{}, - } - - // Get Vote Ext for H-1 from Req - voteExt := req.GetLocalLastCommit() - votes := voteExt.Votes - - // Iterate through votes - var ve AppVoteExtension - for _, vote := range votes { - // Unmarshal to AppExt - err := json.Unmarshal(vote.VoteExtension, &ve) - if err != nil { - log.Error(fmt.Sprintf(" :: Error unmarshalling Vote Extension")) - } - - st.Height = int(ve.Height) - - // If Bids in VE, append to Special Transaction - if len(ve.Bids) > 0 { - log.Info(" :: Bids in VE") - for _, b := range ve.Bids { - st.Bids = append(st.Bids, b) - } - } - } - - return st, nil -} -``` - -7. Configure the `ProcessProposalHandler()` in app/app.go: - -```go -processPropHandler := abci2.ProcessProposalHandler{app.txConfig, appCodec, logger} -bApp.SetProcessProposal(processPropHandler.ProcessProposalHandler()) -``` - -This sets the `ProcessProposalHandler()` for our application. This means that whenever a proposal needs to be processed, our custom `ProcessProposalHandler()` method will be called. - -To test if the proposal processing and vote extensions are working correctly, you can check the logs for any relevant messages. If the logs do not provide enough information, you can also reinitialize your local testing environment by running `./scripts/single_node/setup.sh` script. diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md.bak b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md.bak deleted file mode 100644 index 421b6ed8..00000000 --- a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extensions.md.bak +++ /dev/null @@ -1,331 +0,0 @@ -# Mitigating Front-running with Vote Extensions - -## Table of Contents - -* [Prerequisites](#prerequisites) -* [Implementing Structs for Vote Extensions](#implementing-structs-for-vote-extensions) -* [Implementing Handlers and Configuring Handlers](#implementing-handlers-and-configuring-handlers) - -## Prerequisites - -Before implementing vote extensions to mitigate front-running, ensure you have a module ready to implement the vote extensions with. If you need to create or reference a similar module, see `x/auction` for guidance. - -In this section, we will discuss the steps to mitigate front-running using vote extensions. We will introduce new types within the `abci/types.go` file. These types will be used to handle the process of preparing proposals, processing proposals, and handling vote extensions. - -### Implementing Structs for Vote Extensions - -First, copy the following structs into the `abci/types.go` and each of these structs serves a specific purpose in the process of mitigating front-running using vote extensions: - -```go -package abci - -import ( - //import the necessary files -) - -type PrepareProposalHandler struct { - logger log.Logger - txConfig client.TxConfig - cdc codec.Codec - mempool *mempool.ThresholdMempool - txProvider provider.TxProvider - keyname string - runProvider bool -} -``` - -The `PrepareProposalHandler` struct is used to handle the preparation of a proposal in the consensus process. It contains several fields: logger for logging information and errors, txConfig for transaction configuration, cdc (Codec) for encoding and decoding transactions, mempool for referencing the set of unconfirmed transactions, txProvider for building the proposal with transactions, keyname for the name of the key used for signing transactions, and runProvider, a boolean flag indicating whether the provider should be run to build the proposal. - -```go -type ProcessProposalHandler struct { - TxConfig client.TxConfig - Codec codec.Codec - Logger log.Logger -} -``` - -After the proposal has been prepared and vote extensions have been included, the `ProcessProposalHandler` is used to process the proposal. This includes validating the proposal and the included vote extensions. The `ProcessProposalHandler` allows you to access the transaction configuration and codec, which are necessary for processing the vote extensions. - -```go -type VoteExtHandler struct { - logger log.Logger - currentBlock int64 - mempool *mempool.ThresholdMempool - cdc codec.Codec -} -``` - -This struct is used to handle vote extensions. It contains a logger for logging events, the current block number, a mempool for storing transactions, and a codec for encoding and decoding. Vote extensions are a key part of the process to mitigate front-running, as they allow for additional information to be included with each vote. - -```go -type InjectedVoteExt struct { - VoteExtSigner []byte - Bids [][]byte -} - -type InjectedVotes struct { - Votes []InjectedVoteExt -} -``` - -These structs are used to handle injected vote extensions. They include the signer of the vote extension and the bids associated with the vote extension. Each byte array in Bids is a serialised form of a bid transaction. Injected vote extensions are used to add additional information to a vote after it has been created, which can be useful for adding context or additional data to a vote. The serialised bid transactions provide a way to include complex transaction data in a compact, efficient format. - -```go -type AppVoteExtension struct { - Height int64 - Bids [][]byte -} -``` - -This struct is used for application vote extensions. It includes the height of the block and the bids associated with the vote extension. Application vote extensions are used to add additional information to a vote at the application level, which can be useful for adding context or additional data to a vote that is specific to the application. - -```go -type SpecialTransaction struct { - Height int - Bids [][]byte -} -``` - -This struct is used for special transactions. It includes the height of the block and the bids associated with the transaction. Special transactions are used for transactions that need to be handled differently from regular transactions, such as transactions that are part of the process to mitigate front-running. - -### Implementing Handlers and Configuring Handlers - -To establish the `VoteExtensionHandler`, follow these steps: - -1. Navigate to the `abci/proposal.go` file. This is where we will implement the `VoteExtensionHandler``. - -2. Implement the `NewVoteExtensionHandler` function. This function is a constructor for the `VoteExtHandler` struct. It takes a logger, a mempool, and a codec as parameters and returns a new instance of `VoteExtHandler`. - -```go -func NewVoteExtensionHandler(lg log.Logger, mp *mempool.ThresholdMempool, cdc codec.Codec) *VoteExtHandler { - return &VoteExtHandler{ - logger: lg, - mempool: mp, - cdc: cdc, - } -} -``` - -3. Implement the `ExtendVoteHandler()` method. This method should handle the logic of extending votes, including inspecting the mempool and submitting a list of all pending bids. This will allow you to access the list of unconfirmed transactions in the abci.`RequestPrepareProposal` during the ensuing block. - -```go -func (h *VoteExtHandler) ExtendVoteHandler() sdk.ExtendVoteHandler { - return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { - h.logger.Info(fmt.Sprintf("Extending votes at block height : %v", req.Height)) - - voteExtBids := [][]byte{} - - // Get mempool txs - itr := h.mempool.SelectPending(context.Background(), nil) - for itr != nil { - tmptx := itr.Tx() - sdkMsgs := tmptx.GetMsgs() - - // Iterate through msgs, check for any bids - for _, msg := range sdkMsgs { - switch msg := msg.(type) { - case *nstypes.MsgBid: - // Marshal sdk bids to []byte - bz, err := h.cdc.Marshal(msg) - if err != nil { - h.logger.Error(fmt.Sprintf("Error marshalling VE Bid : %v", err)) - break - } - voteExtBids = append(voteExtBids, bz) - default: - } - } - - // Move tx to ready pool - err := h.mempool.Update(context.Background(), tmptx) - - // Remove tx from app side mempool - if err != nil { - h.logger.Info(fmt.Sprintf("Unable to update mempool tx: %v", err)) - } - - itr = itr.Next() - } - - // Create vote extension - voteExt := AppVoteExtension{ - Height: req.Height, - Bids: voteExtBids, - } - - // Encode Vote Extension - bz, err := json.Marshal(voteExt) - if err != nil { - return nil, fmt.Errorf("Error marshalling VE: %w", err) - } - - return &abci.ResponseExtendVote{VoteExtension: bz}, nil -} -``` - -4. Configure the handler in `app/app.go` as shown below - -```go -bApp := baseapp.NewBaseApp(AppName, logger, db, txConfig.TxDecoder(), baseAppOptions...) -voteExtHandler := abci2.NewVoteExtensionHandler(logger, mempool, appCodec) -bApp.SetExtendVoteHandler(voteExtHandler.ExtendVoteHandler()) -``` - -To give a bit of context on what is happening above, we first create a new instance of `VoteExtensionHandler` with the necessary dependencies (logger, mempool, and codec). Then, we set this handler as the `ExtendVoteHandler` for our application. This means that whenever a vote needs to be extended, our custom `ExtendVoteHandler()` method will be called. - -To test if vote extensions have been propagated, add the following to the `PrepareProposalHandler`: - -```go -if req.Height > 2 { - voteExt := req.GetLocalLastCommit() - h.logger.Info(fmt.Sprintf("🛠️ :: Get vote extensions: %v", voteExt)) -} -``` - -This is how the whole function should look: - -```go -func (h *PrepareProposalHandler) PrepareProposalHandler() sdk.PrepareProposalHandler { - return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { - h.logger.Info(fmt.Sprintf("🛠️ :: Prepare Proposal")) - var proposalTxs [][]byte - - var txs []sdk.Tx - - // Get Vote Extensions - if req.Height > 2 { - voteExt := req.GetLocalLastCommit() - h.logger.Info(fmt.Sprintf("🛠️ :: Get vote extensions: %v", voteExt)) - } - - itr := h.mempool.Select(context.Background(), nil) - for itr != nil { - tmptx := itr.Tx() - - txs = append(txs, tmptx) - itr = itr.Next() - } - h.logger.Info(fmt.Sprintf("🛠️ :: Number of Transactions available from mempool: %v", len(txs))) - - if h.runProvider { - tmpMsgs, err := h.txProvider.BuildProposal(ctx, txs) - if err != nil { - h.logger.Error(fmt.Sprintf("❌️ :: Error Building Custom Proposal: %v", err)) - } - txs = tmpMsgs - } - - for _, sdkTxs := range txs { - txBytes, err := h.txConfig.TxEncoder()(sdkTxs) - if err != nil { - h.logger.Info(fmt.Sprintf("❌~Error encoding transaction: %v", err.Error())) - } - proposalTxs = append(proposalTxs, txBytes) - } - - h.logger.Info(fmt.Sprintf("🛠️ :: Number of Transactions in proposal: %v", len(proposalTxs))) - - return &abci.ResponsePrepareProposal{Txs: proposalTxs}, nil - } -} -``` - -As mentioned above, we check if vote extensions have been propagated, you can do this by checking the logs for any relevant messages such as `🛠️ :: Get vote extensions:`. If the logs do not provide enough information, you can also reinitialise your local testing environment by running the `./scripts/single_node/setup.sh` script again. - -5. Implement the `ProcessProposalHandler()`. This function is responsible for processing the proposal. It should handle the logic of processing vote extensions, including inspecting the proposal and validating the bids. - -```go -func (h *ProcessProposalHandler) ProcessProposalHandler() sdk.ProcessProposalHandler { - return func(ctx sdk.Context, req *abci.RequestProcessProposal) (resp *abci.ResponseProcessProposal, err error) { - h.Logger.Info(fmt.Sprintf("⚙️ :: Process Proposal")) - - // The first transaction will always be the Special Transaction - numTxs := len(req.Txs) - - h.Logger.Info(fmt.Sprintf("⚙️:: Number of transactions :: %v", numTxs)) - - if numTxs >= 1 { - var st SpecialTransaction - err = json.Unmarshal(req.Txs[0], &st) - if err != nil { - h.Logger.Error(fmt.Sprintf("❌️:: Error unmarshalling special Tx in Process Proposal :: %v", err)) - } - if len(st.Bids) > 0 { - h.Logger.Info(fmt.Sprintf("⚙️:: There are bids in the Special Transaction")) - var bids []nstypes.MsgBid - for i, b := range st.Bids { - var bid nstypes.MsgBid - h.Codec.Unmarshal(b, &bid) - h.Logger.Info(fmt.Sprintf("⚙️:: Special Transaction Bid No %v :: %v", i, bid)) - bids = append(bids, bid) - } - // Validate Bids in Tx - txs := req.Txs[1:] - ok, err := ValidateBids(h.TxConfig, bids, txs, h.Logger) - if err != nil { - h.Logger.Error(fmt.Sprintf("❌️:: Error validating bids in Process Proposal :: %v", err)) - return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil - } - if !ok { - h.Logger.Error(fmt.Sprintf("❌️:: Unable to validate bids in Process Proposal :: %v", err)) - return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil - } - h.Logger.Info("⚙️:: Successfully validated bids in Process Proposal") - } - } - - return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil - } -} -``` - -6. Implement the `ProcessVoteExtensions()` function. This function should handle the logic of processing vote extensions, including validating the bids. - -```go -func processVoteExtensions(req *abci.RequestPrepareProposal, log log.Logger) (SpecialTransaction, error) { - log.Info(fmt.Sprintf("🛠️ :: Process Vote Extensions")) - - // Create empty response - st := SpecialTransaction{ - 0, - [][]byte{}, - } - - // Get Vote Ext for H-1 from Req - voteExt := req.GetLocalLastCommit() - votes := voteExt.Votes - - // Iterate through votes - var ve AppVoteExtension - for _, vote := range votes { - // Unmarshal to AppExt - err := json.Unmarshal(vote.VoteExtension, &ve) - if err != nil { - log.Error(fmt.Sprintf("❌ :: Error unmarshalling Vote Extension")) - } - - st.Height = int(ve.Height) - - // If Bids in VE, append to Special Transaction - if len(ve.Bids) > 0 { - log.Info("🛠️ :: Bids in VE") - for _, b := range ve.Bids { - st.Bids = append(st.Bids, b) - } - } - } - - return st, nil -} -``` - -7. Configure the `ProcessProposalHandler()` in app/app.go: - -```go -processPropHandler := abci2.ProcessProposalHandler{app.txConfig, appCodec, logger} -bApp.SetProcessProposal(processPropHandler.ProcessProposalHandler()) -``` - -This sets the `ProcessProposalHandler()` for our application. This means that whenever a proposal needs to be processed, our custom `ProcessProposalHandler()` method will be called. - -To test if the proposal processing and vote extensions are working correctly, you can check the logs for any relevant messages. If the logs do not provide enough information, you can also reinitialize your local testing environment by running `./scripts/single_node/setup.sh` script. diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md deleted file mode 100644 index 55c84fa7..00000000 --- a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md +++ /dev/null @@ -1,331 +0,0 @@ -# Mitigating Front-running with Vote Extensions - -## Table of Contents - -- [Prerequisites](#prerequisites) -- [Implementing Structs for Vote Extensions](#implementing-structs-for-vote-extensions) -- [Implementing Handlers and Configuring Handlers](#implementing-handlers-and-configuring-handlers) - -## Prerequisites - -Before implementing vote extensions to mitigate front-running, ensure you have a module ready to implement the vote extensions with. If you need to create or reference a similar module, see `x/auction` for guidance. - -In this section, we will discuss the steps to mitigate front-running using vote extensions. We will introduce new types within the `abci/types.go` file. These types will be used to handle the process of preparing proposals, processing proposals, and handling vote extensions. - -### Implementing Structs for Vote Extensions - -First, copy the following structs into the `abci/types.go` and each of these structs serves a specific purpose in the process of mitigating front-running using vote extensions: - -```go -package abci - -import ( - //import the necessary files -) - -type PrepareProposalHandler struct { - logger log.Logger - txConfig client.TxConfig - cdc codec.Codec - mempool *mempool.ThresholdMempool - txProvider provider.TxProvider - keyname string - runProvider bool -} -``` - -The `PrepareProposalHandler` struct is used to handle the preparation of a proposal in the consensus process. It contains several fields: logger for logging information and errors, txConfig for transaction configuration, cdc (Codec) for encoding and decoding transactions, mempool for referencing the set of unconfirmed transactions, txProvider for building the proposal with transactions, keyname for the name of the key used for signing transactions, and runProvider, a boolean flag indicating whether the provider should be run to build the proposal. - -```go -type ProcessProposalHandler struct { - TxConfig client.TxConfig - Codec codec.Codec - Logger log.Logger -} -``` - -After the proposal has been prepared and vote extensions have been included, the `ProcessProposalHandler` is used to process the proposal. This includes validating the proposal and the included vote extensions. The `ProcessProposalHandler` allows you to access the transaction configuration and codec, which are necessary for processing the vote extensions. - -```go -type VoteExtHandler struct { - logger log.Logger - currentBlock int64 - mempool *mempool.ThresholdMempool - cdc codec.Codec -} -``` - -This struct is used to handle vote extensions. It contains a logger for logging events, the current block number, a mempool for storing transactions, and a codec for encoding and decoding. Vote extensions are a key part of the process to mitigate front-running, as they allow for additional information to be included with each vote. - -```go -type InjectedVoteExt struct { - VoteExtSigner []byte - Bids [][]byte -} - -type InjectedVotes struct { - Votes []InjectedVoteExt -} -``` - -These structs are used to handle injected vote extensions. They include the signer of the vote extension and the bids associated with the vote extension. Each byte array in Bids is a serialised form of a bid transaction. Injected vote extensions are used to add additional information to a vote after it has been created, which can be useful for adding context or additional data to a vote. The serialised bid transactions provide a way to include complex transaction data in a compact, efficient format. - -```go -type AppVoteExtension struct { - Height int64 - Bids [][]byte -} -``` - -This struct is used for application vote extensions. It includes the height of the block and the bids associated with the vote extension. Application vote extensions are used to add additional information to a vote at the application level, which can be useful for adding context or additional data to a vote that is specific to the application. - -```go -type SpecialTransaction struct { - Height int - Bids [][]byte -} -``` - -This struct is used for special transactions. It includes the height of the block and the bids associated with the transaction. Special transactions are used for transactions that need to be handled differently from regular transactions, such as transactions that are part of the process to mitigate front-running. - -### Implementing Handlers and Configuring Handlers - -To establish the `VoteExtensionHandler`, follow these steps: - -1. Navigate to the `abci/proposal.go` file. This is where we will implement the `VoteExtensionHandler``. - -2. Implement the `NewVoteExtensionHandler` function. This function is a constructor for the `VoteExtHandler` struct. It takes a logger, a mempool, and a codec as parameters and returns a new instance of `VoteExtHandler`. - -```go -func NewVoteExtensionHandler(lg log.Logger, mp *mempool.ThresholdMempool, cdc codec.Codec) *VoteExtHandler { - return &VoteExtHandler{ - logger: lg, - mempool: mp, - cdc: cdc, - } -} -``` - -3. Implement the `ExtendVoteHandler()` method. This method should handle the logic of extending votes, including inspecting the mempool and submitting a list of all pending bids. This will allow you to access the list of unconfirmed transactions in the abci.`RequestPrepareProposal` during the ensuing block. - -```go -func (h *VoteExtHandler) ExtendVoteHandler() sdk.ExtendVoteHandler { - return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { - h.logger.Info(fmt.Sprintf("Extending votes at block height : %v", req.Height)) - - voteExtBids := [][]byte{} - - // Get mempool txs - itr := h.mempool.SelectPending(context.Background(), nil) - for itr != nil { - tmptx := itr.Tx() - sdkMsgs := tmptx.GetMsgs() - - // Iterate through msgs, check for any bids - for _, msg := range sdkMsgs { - switch msg := msg.(type) { - case *nstypes.MsgBid: - // Marshal sdk bids to []byte - bz, err := h.cdc.Marshal(msg) - if err != nil { - h.logger.Error(fmt.Sprintf("Error marshalling VE Bid : %v", err)) - break - } - voteExtBids = append(voteExtBids, bz) - default: - } - } - - // Move tx to ready pool - err := h.mempool.Update(context.Background(), tmptx) - - // Remove tx from app side mempool - if err != nil { - h.logger.Info(fmt.Sprintf("Unable to update mempool tx: %v", err)) - } - - itr = itr.Next() - } - - // Create vote extension - voteExt := AppVoteExtension{ - Height: req.Height, - Bids: voteExtBids, - } - - // Encode Vote Extension - bz, err := json.Marshal(voteExt) - if err != nil { - return nil, fmt.Errorf("Error marshalling VE: %w", err) - } - - return &abci.ResponseExtendVote{VoteExtension: bz}, nil -} -``` - -4. Configure the handler in `app/app.go` as shown below - -```go -bApp := baseapp.NewBaseApp(AppName, logger, db, txConfig.TxDecoder(), baseAppOptions...) -voteExtHandler := abci2.NewVoteExtensionHandler(logger, mempool, appCodec) -bApp.SetExtendVoteHandler(voteExtHandler.ExtendVoteHandler()) -``` - -To give a bit of context on what is happening above, we first create a new instance of `VoteExtensionHandler` with the necessary dependencies (logger, mempool, and codec). Then, we set this handler as the `ExtendVoteHandler` for our application. This means that whenever a vote needs to be extended, our custom `ExtendVoteHandler()` method will be called. - -To test if vote extensions have been propagated, add the following to the `PrepareProposalHandler`: - -```go -if req.Height > 2 { - voteExt := req.GetLocalLastCommit() - h.logger.Info(fmt.Sprintf(" :: Get vote extensions: %v", voteExt)) -} -``` - -This is how the whole function should look: - -```go -func (h *PrepareProposalHandler) PrepareProposalHandler() sdk.PrepareProposalHandler { - return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { - h.logger.Info(fmt.Sprintf(" :: Prepare Proposal")) - var proposalTxs [][]byte - - var txs []sdk.Tx - - // Get Vote Extensions - if req.Height > 2 { - voteExt := req.GetLocalLastCommit() - h.logger.Info(fmt.Sprintf(" :: Get vote extensions: %v", voteExt)) - } - - itr := h.mempool.Select(context.Background(), nil) - for itr != nil { - tmptx := itr.Tx() - - txs = append(txs, tmptx) - itr = itr.Next() - } - h.logger.Info(fmt.Sprintf(" :: Number of Transactions available from mempool: %v", len(txs))) - - if h.runProvider { - tmpMsgs, err := h.txProvider.BuildProposal(ctx, txs) - if err != nil { - h.logger.Error(fmt.Sprintf(" :: Error Building Custom Proposal: %v", err)) - } - txs = tmpMsgs - } - - for _, sdkTxs := range txs { - txBytes, err := h.txConfig.TxEncoder()(sdkTxs) - if err != nil { - h.logger.Info(fmt.Sprintf("~Error encoding transaction: %v", err.Error())) - } - proposalTxs = append(proposalTxs, txBytes) - } - - h.logger.Info(fmt.Sprintf(" :: Number of Transactions in proposal: %v", len(proposalTxs))) - - return &abci.ResponsePrepareProposal{Txs: proposalTxs}, nil - } -} -``` - -As mentioned above, we check if vote extensions have been propagated, you can do this by checking the logs for any relevant messages such as ` :: Get vote extensions:`. If the logs do not provide enough information, you can also reinitialise your local testing environment by running the `./scripts/single_node/setup.sh` script again. - -5. Implement the `ProcessProposalHandler()`. This function is responsible for processing the proposal. It should handle the logic of processing vote extensions, including inspecting the proposal and validating the bids. - -```go -func (h *ProcessProposalHandler) ProcessProposalHandler() sdk.ProcessProposalHandler { - return func(ctx sdk.Context, req *abci.RequestProcessProposal) (resp *abci.ResponseProcessProposal, err error) { - h.Logger.Info(fmt.Sprintf(" :: Process Proposal")) - - // The first transaction will always be the Special Transaction - numTxs := len(req.Txs) - - h.Logger.Info(fmt.Sprintf(":: Number of transactions :: %v", numTxs)) - - if numTxs >= 1 { - var st SpecialTransaction - err = json.Unmarshal(req.Txs[0], &st) - if err != nil { - h.Logger.Error(fmt.Sprintf(":: Error unmarshalling special Tx in Process Proposal :: %v", err)) - } - if len(st.Bids) > 0 { - h.Logger.Info(fmt.Sprintf(":: There are bids in the Special Transaction")) - var bids []nstypes.MsgBid - for i, b := range st.Bids { - var bid nstypes.MsgBid - h.Codec.Unmarshal(b, &bid) - h.Logger.Info(fmt.Sprintf(":: Special Transaction Bid No %v :: %v", i, bid)) - bids = append(bids, bid) - } - // Validate Bids in Tx - txs := req.Txs[1:] - ok, err := ValidateBids(h.TxConfig, bids, txs, h.Logger) - if err != nil { - h.Logger.Error(fmt.Sprintf(":: Error validating bids in Process Proposal :: %v", err)) - return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil - } - if !ok { - h.Logger.Error(fmt.Sprintf(":: Unable to validate bids in Process Proposal :: %v", err)) - return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil - } - h.Logger.Info(":: Successfully validated bids in Process Proposal") - } - } - - return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil - } -} -``` - -6. Implement the `ProcessVoteExtensions()` function. This function should handle the logic of processing vote extensions, including validating the bids. - -```go -func processVoteExtensions(req *abci.RequestPrepareProposal, log log.Logger) (SpecialTransaction, error) { - log.Info(fmt.Sprintf(" :: Process Vote Extensions")) - - // Create empty response - st := SpecialTransaction{ - 0, - [][]byte{}, - } - - // Get Vote Ext for H-1 from Req - voteExt := req.GetLocalLastCommit() - votes := voteExt.Votes - - // Iterate through votes - var ve AppVoteExtension - for _, vote := range votes { - // Unmarshal to AppExt - err := json.Unmarshal(vote.VoteExtension, &ve) - if err != nil { - log.Error(fmt.Sprintf(" :: Error unmarshalling Vote Extension")) - } - - st.Height = int(ve.Height) - - // If Bids in VE, append to Special Transaction - if len(ve.Bids) > 0 { - log.Info(" :: Bids in VE") - for _, b := range ve.Bids { - st.Bids = append(st.Bids, b) - } - } - } - - return st, nil -} -``` - -7. Configure the `ProcessProposalHandler()` in app/app.go: - -```go -processPropHandler := abci2.ProcessProposalHandler{app.txConfig, appCodec, logger} -bApp.SetProcessProposal(processPropHandler.ProcessProposalHandler()) -``` - -This sets the `ProcessProposalHandler()` for our application. This means that whenever a proposal needs to be processed, our custom `ProcessProposalHandler()` method will be called. - -To test if the proposal processing and vote extensions are working correctly, you can check the logs for any relevant messages. If the logs do not provide enough information, you can also reinitialize your local testing environment by running `./scripts/single_node/setup.sh` script. diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md.bak b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md.bak deleted file mode 100644 index 56c2d402..00000000 --- a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/02-mitigating-front-running-with-vote-extesions.md.bak +++ /dev/null @@ -1,331 +0,0 @@ -# Mitigating Front-running with Vote Extensions - -## Table of Contents - -- [Prerequisites](#prerequisites) -- [Implementing Structs for Vote Extensions](#implementing-structs-for-vote-extensions) -- [Implementing Handlers and Configuring Handlers](#implementing-handlers-and-configuring-handlers) - -## Prerequisites - -Before implementing vote extensions to mitigate front-running, ensure you have a module ready to implement the vote extensions with. If you need to create or reference a similar module, see `x/auction` for guidance. - -In this section, we will discuss the steps to mitigate front-running using vote extensions. We will introduce new types within the `abci/types.go` file. These types will be used to handle the process of preparing proposals, processing proposals, and handling vote extensions. - -### Implementing Structs for Vote Extensions - -First, copy the following structs into the `abci/types.go` and each of these structs serves a specific purpose in the process of mitigating front-running using vote extensions: - -```go -package abci - -import ( - //import the necessary files -) - -type PrepareProposalHandler struct { - logger log.Logger - txConfig client.TxConfig - cdc codec.Codec - mempool *mempool.ThresholdMempool - txProvider provider.TxProvider - keyname string - runProvider bool -} -``` - -The `PrepareProposalHandler` struct is used to handle the preparation of a proposal in the consensus process. It contains several fields: logger for logging information and errors, txConfig for transaction configuration, cdc (Codec) for encoding and decoding transactions, mempool for referencing the set of unconfirmed transactions, txProvider for building the proposal with transactions, keyname for the name of the key used for signing transactions, and runProvider, a boolean flag indicating whether the provider should be run to build the proposal. - -```go -type ProcessProposalHandler struct { - TxConfig client.TxConfig - Codec codec.Codec - Logger log.Logger -} -``` - -After the proposal has been prepared and vote extensions have been included, the `ProcessProposalHandler` is used to process the proposal. This includes validating the proposal and the included vote extensions. The `ProcessProposalHandler` allows you to access the transaction configuration and codec, which are necessary for processing the vote extensions. - -```go -type VoteExtHandler struct { - logger log.Logger - currentBlock int64 - mempool *mempool.ThresholdMempool - cdc codec.Codec -} -``` - -This struct is used to handle vote extensions. It contains a logger for logging events, the current block number, a mempool for storing transactions, and a codec for encoding and decoding. Vote extensions are a key part of the process to mitigate front-running, as they allow for additional information to be included with each vote. - -```go -type InjectedVoteExt struct { - VoteExtSigner []byte - Bids [][]byte -} - -type InjectedVotes struct { - Votes []InjectedVoteExt -} -``` - -These structs are used to handle injected vote extensions. They include the signer of the vote extension and the bids associated with the vote extension. Each byte array in Bids is a serialised form of a bid transaction. Injected vote extensions are used to add additional information to a vote after it has been created, which can be useful for adding context or additional data to a vote. The serialised bid transactions provide a way to include complex transaction data in a compact, efficient format. - -```go -type AppVoteExtension struct { - Height int64 - Bids [][]byte -} -``` - -This struct is used for application vote extensions. It includes the height of the block and the bids associated with the vote extension. Application vote extensions are used to add additional information to a vote at the application level, which can be useful for adding context or additional data to a vote that is specific to the application. - -```go -type SpecialTransaction struct { - Height int - Bids [][]byte -} -``` - -This struct is used for special transactions. It includes the height of the block and the bids associated with the transaction. Special transactions are used for transactions that need to be handled differently from regular transactions, such as transactions that are part of the process to mitigate front-running. - -### Implementing Handlers and Configuring Handlers - -To establish the `VoteExtensionHandler`, follow these steps: - -1. Navigate to the `abci/proposal.go` file. This is where we will implement the `VoteExtensionHandler``. - -2. Implement the `NewVoteExtensionHandler` function. This function is a constructor for the `VoteExtHandler` struct. It takes a logger, a mempool, and a codec as parameters and returns a new instance of `VoteExtHandler`. - -```go -func NewVoteExtensionHandler(lg log.Logger, mp *mempool.ThresholdMempool, cdc codec.Codec) *VoteExtHandler { - return &VoteExtHandler{ - logger: lg, - mempool: mp, - cdc: cdc, - } -} -``` - -3. Implement the `ExtendVoteHandler()` method. This method should handle the logic of extending votes, including inspecting the mempool and submitting a list of all pending bids. This will allow you to access the list of unconfirmed transactions in the abci.`RequestPrepareProposal` during the ensuing block. - -```go -func (h *VoteExtHandler) ExtendVoteHandler() sdk.ExtendVoteHandler { - return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { - h.logger.Info(fmt.Sprintf("Extending votes at block height : %v", req.Height)) - - voteExtBids := [][]byte{} - - // Get mempool txs - itr := h.mempool.SelectPending(context.Background(), nil) - for itr != nil { - tmptx := itr.Tx() - sdkMsgs := tmptx.GetMsgs() - - // Iterate through msgs, check for any bids - for _, msg := range sdkMsgs { - switch msg := msg.(type) { - case *nstypes.MsgBid: - // Marshal sdk bids to []byte - bz, err := h.cdc.Marshal(msg) - if err != nil { - h.logger.Error(fmt.Sprintf("Error marshalling VE Bid : %v", err)) - break - } - voteExtBids = append(voteExtBids, bz) - default: - } - } - - // Move tx to ready pool - err := h.mempool.Update(context.Background(), tmptx) - - // Remove tx from app side mempool - if err != nil { - h.logger.Info(fmt.Sprintf("Unable to update mempool tx: %v", err)) - } - - itr = itr.Next() - } - - // Create vote extension - voteExt := AppVoteExtension{ - Height: req.Height, - Bids: voteExtBids, - } - - // Encode Vote Extension - bz, err := json.Marshal(voteExt) - if err != nil { - return nil, fmt.Errorf("Error marshalling VE: %w", err) - } - - return &abci.ResponseExtendVote{VoteExtension: bz}, nil -} -``` - -4. Configure the handler in `app/app.go` as shown below - -```go -bApp := baseapp.NewBaseApp(AppName, logger, db, txConfig.TxDecoder(), baseAppOptions...) -voteExtHandler := abci2.NewVoteExtensionHandler(logger, mempool, appCodec) -bApp.SetExtendVoteHandler(voteExtHandler.ExtendVoteHandler()) -``` - -To give a bit of context on what is happening above, we first create a new instance of `VoteExtensionHandler` with the necessary dependencies (logger, mempool, and codec). Then, we set this handler as the `ExtendVoteHandler` for our application. This means that whenever a vote needs to be extended, our custom `ExtendVoteHandler()` method will be called. - -To test if vote extensions have been propagated, add the following to the `PrepareProposalHandler`: - -```go -if req.Height > 2 { - voteExt := req.GetLocalLastCommit() - h.logger.Info(fmt.Sprintf("🛠️ :: Get vote extensions: %v", voteExt)) -} -``` - -This is how the whole function should look: - -```go -func (h *PrepareProposalHandler) PrepareProposalHandler() sdk.PrepareProposalHandler { - return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { - h.logger.Info(fmt.Sprintf("🛠️ :: Prepare Proposal")) - var proposalTxs [][]byte - - var txs []sdk.Tx - - // Get Vote Extensions - if req.Height > 2 { - voteExt := req.GetLocalLastCommit() - h.logger.Info(fmt.Sprintf("🛠️ :: Get vote extensions: %v", voteExt)) - } - - itr := h.mempool.Select(context.Background(), nil) - for itr != nil { - tmptx := itr.Tx() - - txs = append(txs, tmptx) - itr = itr.Next() - } - h.logger.Info(fmt.Sprintf("🛠️ :: Number of Transactions available from mempool: %v", len(txs))) - - if h.runProvider { - tmpMsgs, err := h.txProvider.BuildProposal(ctx, txs) - if err != nil { - h.logger.Error(fmt.Sprintf("❌️ :: Error Building Custom Proposal: %v", err)) - } - txs = tmpMsgs - } - - for _, sdkTxs := range txs { - txBytes, err := h.txConfig.TxEncoder()(sdkTxs) - if err != nil { - h.logger.Info(fmt.Sprintf("❌~Error encoding transaction: %v", err.Error())) - } - proposalTxs = append(proposalTxs, txBytes) - } - - h.logger.Info(fmt.Sprintf("🛠️ :: Number of Transactions in proposal: %v", len(proposalTxs))) - - return &abci.ResponsePrepareProposal{Txs: proposalTxs}, nil - } -} -``` - -As mentioned above, we check if vote extensions have been propagated, you can do this by checking the logs for any relevant messages such as `🛠️ :: Get vote extensions:`. If the logs do not provide enough information, you can also reinitialise your local testing environment by running the `./scripts/single_node/setup.sh` script again. - -5. Implement the `ProcessProposalHandler()`. This function is responsible for processing the proposal. It should handle the logic of processing vote extensions, including inspecting the proposal and validating the bids. - -```go -func (h *ProcessProposalHandler) ProcessProposalHandler() sdk.ProcessProposalHandler { - return func(ctx sdk.Context, req *abci.RequestProcessProposal) (resp *abci.ResponseProcessProposal, err error) { - h.Logger.Info(fmt.Sprintf("⚙️ :: Process Proposal")) - - // The first transaction will always be the Special Transaction - numTxs := len(req.Txs) - - h.Logger.Info(fmt.Sprintf("⚙️:: Number of transactions :: %v", numTxs)) - - if numTxs >= 1 { - var st SpecialTransaction - err = json.Unmarshal(req.Txs[0], &st) - if err != nil { - h.Logger.Error(fmt.Sprintf("❌️:: Error unmarshalling special Tx in Process Proposal :: %v", err)) - } - if len(st.Bids) > 0 { - h.Logger.Info(fmt.Sprintf("⚙️:: There are bids in the Special Transaction")) - var bids []nstypes.MsgBid - for i, b := range st.Bids { - var bid nstypes.MsgBid - h.Codec.Unmarshal(b, &bid) - h.Logger.Info(fmt.Sprintf("⚙️:: Special Transaction Bid No %v :: %v", i, bid)) - bids = append(bids, bid) - } - // Validate Bids in Tx - txs := req.Txs[1:] - ok, err := ValidateBids(h.TxConfig, bids, txs, h.Logger) - if err != nil { - h.Logger.Error(fmt.Sprintf("❌️:: Error validating bids in Process Proposal :: %v", err)) - return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil - } - if !ok { - h.Logger.Error(fmt.Sprintf("❌️:: Unable to validate bids in Process Proposal :: %v", err)) - return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil - } - h.Logger.Info("⚙️:: Successfully validated bids in Process Proposal") - } - } - - return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil - } -} -``` - -6. Implement the `ProcessVoteExtensions()` function. This function should handle the logic of processing vote extensions, including validating the bids. - -```go -func processVoteExtensions(req *abci.RequestPrepareProposal, log log.Logger) (SpecialTransaction, error) { - log.Info(fmt.Sprintf("🛠️ :: Process Vote Extensions")) - - // Create empty response - st := SpecialTransaction{ - 0, - [][]byte{}, - } - - // Get Vote Ext for H-1 from Req - voteExt := req.GetLocalLastCommit() - votes := voteExt.Votes - - // Iterate through votes - var ve AppVoteExtension - for _, vote := range votes { - // Unmarshal to AppExt - err := json.Unmarshal(vote.VoteExtension, &ve) - if err != nil { - log.Error(fmt.Sprintf("❌ :: Error unmarshalling Vote Extension")) - } - - st.Height = int(ve.Height) - - // If Bids in VE, append to Special Transaction - if len(ve.Bids) > 0 { - log.Info("🛠️ :: Bids in VE") - for _, b := range ve.Bids { - st.Bids = append(st.Bids, b) - } - } - } - - return st, nil -} -``` - -7. Configure the `ProcessProposalHandler()` in app/app.go: - -```go -processPropHandler := abci2.ProcessProposalHandler{app.txConfig, appCodec, logger} -bApp.SetProcessProposal(processPropHandler.ProcessProposalHandler()) -``` - -This sets the `ProcessProposalHandler()` for our application. This means that whenever a proposal needs to be processed, our custom `ProcessProposalHandler()` method will be called. - -To test if the proposal processing and vote extensions are working correctly, you can check the logs for any relevant messages. If the logs do not provide enough information, you can also reinitialize your local testing environment by running `./scripts/single_node/setup.sh` script. diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md deleted file mode 100644 index 24c688c9..00000000 --- a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md +++ /dev/null @@ -1,106 +0,0 @@ -# Demo of Mitigating Front-Running with Vote Extensions - -The purpose of this demo is to test the implementation of the `VoteExtensionHandler` and `PrepareProposalHandler` that we have just added to the codebase. These handlers are designed to mitigate front-running by ensuring that all validators have a consistent view of the mempool when preparing proposals. - -In this demo, we are using a 3 validator network. The Beacon validator is special because it has a custom transaction provider enabled. This means that it can potentially manipulate the order of transactions in a proposal to its advantage (i.e., front-running). - -1. Bootstrap the validator network: This sets up a network with 3 validators. The script `./scripts/configure.sh is used to configure the network and the validators. - -```shell -cd scripts -configure.sh -``` - -If this doesn't work please ensure you have run `make build` in the `tutorials/nameservice/base` directory. - - -2. Have alice attempt to reserve `bob.cosmos`: This is a normal transaction that alice wants to execute. The script ``./scripts/reserve.sh "bob.cosmos"` is used to send this transaction. - -```shell -reserve.sh "bob.cosmos" -``` - -3. Query to verify the name has been reserved: This is to check the result of the transaction. The script `./scripts/whois.sh "bob.cosmos"` is used to query the state of the blockchain. - -```shell -whois.sh "bob.cosmos" -``` - -It should return: - -```{ - "name": { - "name": "bob.cosmos", - "owner": "cosmos1nq9wuvuju4jdmpmzvxmg8zhhu2ma2y2l2pnu6w", - "resolve_address": "cosmos1h6zy2kn9efxtw5z22rc5k9qu7twl70z24kr3ht", - "amount": [ - { - "denom": "uatom", - "amount": "1000" - } - ] - } -} -``` - -To detect front-running attempts by the beacon, scrutinise the logs during the `ProcessProposal` stage. Open the logs for each validator, including the beacon, `val1`, and `val2`, to observe the following behavior. Open the log file of the validator node. The location of this file can vary depending on your setup, but it's typically located in a directory like `$HOME/cosmos/nodes/#{validator}/logs`. The directory in this case will be under the validator so, `beacon` `val1` or `val2`. Run the following to tail the logs of the validator or beacon: - -```shell -tail -f $HOME/cosmos/nodes/#{validator}/logs -``` - -```shell -2:47PM ERR :: Detected invalid proposal bid :: name:"bob.cosmos" resolveAddress:"cosmos1wmuwv38pdur63zw04t0c78r2a8dyt08hf9tpvd" owner:"cosmos1wmuwv38pdur63zw04t0c78r2a8dyt08hf9tpvd" amount: module=server -2:47PM ERR :: Unable to validate bids in Process Proposal :: module=server -2:47PM ERR prevote step: state machine rejected a proposed block; this should not happen:the proposer may be misbehaving; prevoting nil err=null height=142 module=consensus round=0 -``` - - -4. List the Beacon's keys: This is to verify the addresses of the validators. The script `./scripts/list-beacon-keys.sh` is used to list the keys. - -```shell -list-beacon-keys.sh -``` - -We should receive something similar to the following: - -```shell -[ - { - "name": "alice", - "type": "local", - "address": "cosmos1h6zy2kn9efxtw5z22rc5k9qu7twl70z24kr3ht", - "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"A32cvBUkNJz+h2vld4A5BxvU5Rd+HyqpR3aGtvEhlm4C\"}" - }, - { - "name": "barbara", - "type": "local", - "address": "cosmos1nq9wuvuju4jdmpmzvxmg8zhhu2ma2y2l2pnu6w", - "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"Ag9PFsNyTQPoJdbyCWia5rZH9CrvSrjMsk7Oz4L3rXQ5\"}" - }, - { - "name": "beacon-key", - "type": "local", - "address": "cosmos1ez9a6x7lz4gvn27zr368muw8jeyas7sv84lfup", - "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"AlzJZMWyN7lass710TnAhyuFKAFIaANJyw5ad5P2kpcH\"}" - }, - { - "name": "cindy", - "type": "local", - "address": "cosmos1m5j6za9w4qc2c5ljzxmm2v7a63mhjeag34pa3g", - "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"A6F1/3yot5OpyXoSkBbkyl+3rqBkxzRVSJfvSpm/AvW5\"}" - } -] -``` - -This allows us to match up the addresses and see that the bid was not front run by the beacon due as the resolve address is Alice's address and not the beacons address. - -By running this demo, we can verify that the `VoteExtensionHandler` and `PrepareProposalHandler` are working as expected and that they are able to prevent front-running. - -## Conclusion - -In this tutorial, we've tackled front-running and MEV, focusing on nameservice auctions' vulnerability to these issues. We've explored vote extensions, a key feature of ABCI 2.0, and integrated them into a Cosmos SDK application. - -Through practical exercises, you've implemented vote extensions, and tested their effectiveness in creating a fair auction system. You've gained practical insights by configuring a validator network and analysing blockchain logs. - -Keep experimenting with these concepts, engage with the community, and stay updated on new advancements. The knowledge you've acquired here is crucial for developing secure and fair blockchain applications. diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md.bak b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md.bak deleted file mode 100644 index 63f37b4a..00000000 --- a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/03-demo-of-mitigating-front-running.md.bak +++ /dev/null @@ -1,106 +0,0 @@ -# Demo of Mitigating Front-Running with Vote Extensions - -The purpose of this demo is to test the implementation of the `VoteExtensionHandler` and `PrepareProposalHandler` that we have just added to the codebase. These handlers are designed to mitigate front-running by ensuring that all validators have a consistent view of the mempool when preparing proposals. - -In this demo, we are using a 3 validator network. The Beacon validator is special because it has a custom transaction provider enabled. This means that it can potentially manipulate the order of transactions in a proposal to its advantage (i.e., front-running). - -1. Bootstrap the validator network: This sets up a network with 3 validators. The script `./scripts/configure.sh is used to configure the network and the validators. - -```shell -cd scripts -configure.sh -``` - -If this doesn't work please ensure you have run `make build` in the `tutorials/nameservice/base` directory. - - -2. Have alice attempt to reserve `bob.cosmos`: This is a normal transaction that alice wants to execute. The script ``./scripts/reserve.sh "bob.cosmos"` is used to send this transaction. - -```shell -reserve.sh "bob.cosmos" -``` - -3. Query to verify the name has been reserved: This is to check the result of the transaction. The script `./scripts/whois.sh "bob.cosmos"` is used to query the state of the blockchain. - -```shell -whois.sh "bob.cosmos" -``` - -It should return: - -```{ - "name": { - "name": "bob.cosmos", - "owner": "cosmos1nq9wuvuju4jdmpmzvxmg8zhhu2ma2y2l2pnu6w", - "resolve_address": "cosmos1h6zy2kn9efxtw5z22rc5k9qu7twl70z24kr3ht", - "amount": [ - { - "denom": "uatom", - "amount": "1000" - } - ] - } -} -``` - -To detect front-running attempts by the beacon, scrutinise the logs during the `ProcessProposal` stage. Open the logs for each validator, including the beacon, `val1`, and `val2`, to observe the following behavior. Open the log file of the validator node. The location of this file can vary depending on your setup, but it's typically located in a directory like `$HOME/cosmos/nodes/#{validator}/logs`. The directory in this case will be under the validator so, `beacon` `val1` or `val2`. Run the following to tail the logs of the validator or beacon: - -```shell -tail -f $HOME/cosmos/nodes/#{validator}/logs -``` - -```shell -2:47PM ERR ❌️:: Detected invalid proposal bid :: name:"bob.cosmos" resolveAddress:"cosmos1wmuwv38pdur63zw04t0c78r2a8dyt08hf9tpvd" owner:"cosmos1wmuwv38pdur63zw04t0c78r2a8dyt08hf9tpvd" amount: module=server -2:47PM ERR ❌️:: Unable to validate bids in Process Proposal :: module=server -2:47PM ERR prevote step: state machine rejected a proposed block; this should not happen:the proposer may be misbehaving; prevoting nil err=null height=142 module=consensus round=0 -``` - - -4. List the Beacon's keys: This is to verify the addresses of the validators. The script `./scripts/list-beacon-keys.sh` is used to list the keys. - -```shell -list-beacon-keys.sh -``` - -We should receive something similar to the following: - -```shell -[ - { - "name": "alice", - "type": "local", - "address": "cosmos1h6zy2kn9efxtw5z22rc5k9qu7twl70z24kr3ht", - "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"A32cvBUkNJz+h2vld4A5BxvU5Rd+HyqpR3aGtvEhlm4C\"}" - }, - { - "name": "barbara", - "type": "local", - "address": "cosmos1nq9wuvuju4jdmpmzvxmg8zhhu2ma2y2l2pnu6w", - "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"Ag9PFsNyTQPoJdbyCWia5rZH9CrvSrjMsk7Oz4L3rXQ5\"}" - }, - { - "name": "beacon-key", - "type": "local", - "address": "cosmos1ez9a6x7lz4gvn27zr368muw8jeyas7sv84lfup", - "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"AlzJZMWyN7lass710TnAhyuFKAFIaANJyw5ad5P2kpcH\"}" - }, - { - "name": "cindy", - "type": "local", - "address": "cosmos1m5j6za9w4qc2c5ljzxmm2v7a63mhjeag34pa3g", - "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"A6F1/3yot5OpyXoSkBbkyl+3rqBkxzRVSJfvSpm/AvW5\"}" - } -] -``` - -This allows us to match up the addresses and see that the bid was not front run by the beacon due as the resolve address is Alice's address and not the beacons address. - -By running this demo, we can verify that the `VoteExtensionHandler` and `PrepareProposalHandler` are working as expected and that they are able to prevent front-running. - -## Conclusion - -In this tutorial, we've tackled front-running and MEV, focusing on nameservice auctions' vulnerability to these issues. We've explored vote extensions, a key feature of ABCI 2.0, and integrated them into a Cosmos SDK application. - -Through practical exercises, you've implemented vote extensions, and tested their effectiveness in creating a fair auction system. You've gained practical insights by configuring a validator network and analysing blockchain logs. - -Keep experimenting with these concepts, engage with the community, and stay updated on new advancements. The knowledge you've acquired here is crucial for developing secure and fair blockchain applications. diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/_category_.json b/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/_category_.json deleted file mode 100644 index aab0cfdf..00000000 --- a/copy-of-sdk-docs/docs/tutorials/vote-extensions/auction-frontrunning/_category_.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "label": " Mitigating Auction Front-Running Tutorial", - "position": 0, - "link": null -} \ No newline at end of file diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/00-getting-started.md b/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/00-getting-started.md deleted file mode 100644 index 59ea65be..00000000 --- a/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/00-getting-started.md +++ /dev/null @@ -1,36 +0,0 @@ -# Getting Started - -## Table of Contents - -* [What is an Oracle?](./01-what-is-an-oracle.md) -* [Implementing Vote Extensions](./02-implementing-vote-extensions.md) -* [Testing the Oracle Module](./03-testing-oracle.md) - -## Prerequisites - -Before you start with this tutorial, make sure you have: - -* A working chain project. This tutorial won't cover the steps of creating a new chain/module. -* Familiarity with the Cosmos SDK. If you're not, we suggest you start with [Cosmos SDK Tutorials](https://tutorials.cosmos.network), as ABCI++ is considered an advanced topic. -* Read and understood [What is an Oracle?](01-what-is-an-oracle.md). This provides necessary background information for understanding the Oracle module. -* Basic understanding of Go programming language. - -## What are Vote extensions? - -Vote extensions is arbitrary information which can be inserted into a block. This feature is part of ABCI 2.0, which is available for use in the SDK 0.50 release and part of the 0.38 CometBFT release. - -More information about vote extensions can be seen [here](https://docs.cosmos.network/main/build/abci/vote-extensions). - -## Overview of the project - -We’ll go through the creation of a simple price oracle module focusing on the vote extensions implementation, ignoring the details inside the price oracle itself. - -We’ll go through the implementation of: - -* `ExtendVote` to get information from external price APIs. -* `VerifyVoteExtension` to check that the format of the provided votes is correct. -* `PrepareProposal` to process the vote extensions from the previous block and include them into the proposal as a transaction. -* `ProcessProposal` to check that the first transaction in the proposal is actually a “special tx” that contains the price information. -* `PreBlocker` to make price information available during FinalizeBlock. - -If you would like to see the complete working oracle module please see [here](https://github.com/cosmos/sdk-tutorials/blob/master/tutorials/oracle/base/x/oracle) diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/01-what-is-an-oracle.md b/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/01-what-is-an-oracle.md deleted file mode 100644 index 9d50ddb3..00000000 --- a/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/01-what-is-an-oracle.md +++ /dev/null @@ -1,13 +0,0 @@ -# What is an Oracle? - -An oracle in blockchain technology is a system that provides external data to a blockchain network. It acts as a source of information that is not natively accessible within the blockchain's closed environment. This can range from financial market prices to real-world event, making it crucial for decentralised applications. - -## Oracle in the Cosmos SDK - -In the Cosmos SDK, an oracle module can be implemented to provide external data to the blockchain. This module can use features like vote extensions to submit additional data during the consensus process, which can then be used by the blockchain to update its state with information from the outside world. - -For instance, a price oracle module in the Cosmos SDK could supply timely and accurate asset price information, which is vital for various financial operations within the blockchain ecosystem. - -## Conclusion - -Oracles are essential for blockchains to interact with external data, enabling them to respond to real-world information and events. Their implementation is key to the reliability and robustness of blockchain networks. diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/02-implementing-vote-extensions.md b/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/02-implementing-vote-extensions.md deleted file mode 100644 index aa610b5d..00000000 --- a/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/02-implementing-vote-extensions.md +++ /dev/null @@ -1,219 +0,0 @@ -# Implementing Vote Extensions - -## Implement ExtendVote - -First we’ll create the `OracleVoteExtension` struct, this is the object that will be marshaled as bytes and signed by the validator. - -In our example we’ll use JSON to marshal the vote extension for simplicity but we recommend to find an encoding that produces a smaller output, given that large vote extensions could impact CometBFT’s performance. Custom encodings and compressed bytes can be used out of the box. - -```go -// OracleVoteExtension defines the canonical vote extension structure. -type OracleVoteExtension struct { - Height int64 - Prices map[string]math.LegacyDec -} -``` - -Then we’ll create a `VoteExtensionsHandler` struct that contains everything we need to query for prices. - -```go -type VoteExtHandler struct { - logger log.Logger - currentBlock int64 // current block height - lastPriceSyncTS time.Time // last time we synced prices - providerTimeout time.Duration // timeout for fetching prices from providers - providers map[string]Provider // mapping of provider name to provider (e.g. Binance -> BinanceProvider) - providerPairs map[string][]keeper.CurrencyPair // mapping of provider name to supported pairs (e.g. Binance -> [ATOM/USD]) - - Keeper keeper.Keeper // keeper of our oracle module -} -``` - -Finally, a function that returns `sdk.ExtendVoteHandler` is needed too, and this is where our vote extension logic will live. - -```go -func (h *VoteExtHandler) ExtendVoteHandler() sdk.ExtendVoteHandler { - return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { - // here we'd have a helper function that gets all the prices and does a weighted average using the volume of each market - prices := h.getAllVolumeWeightedPrices() - - voteExt := OracleVoteExtension{ - Height: req.Height, - Prices: prices, - } - - bz, err := json.Marshal(voteExt) - if err != nil { - return nil, fmt.Errorf("failed to marshal vote extension: %w", err) - } - - return &abci.ResponseExtendVote{VoteExtension: bz}, nil - } -} -``` - -As you can see above, the creation of a vote extension is pretty simple and we just have to return bytes. CometBFT will handle the signing of these bytes for us. We ignored the process of getting the prices but you can see a more complete example [here:](https://github.com/cosmos/sdk-tutorials/blob/master/tutorials/oracle/base/x/oracle/abci/vote_extensions.go) - -Here we’ll do some simple checks like: - -* Is the vote extension unmarshaled correctly? -* Is the vote extension for the right height? -* Some other validation, for example, are the prices from this extension too deviated from my own prices? Or maybe checks that can detect malicious behavior. - -```go -func (h *VoteExtHandler) VerifyVoteExtensionHandler() sdk.VerifyVoteExtensionHandler { - return func(ctx sdk.Context, req *abci.RequestVerifyVoteExtension) (*abci.ResponseVerifyVoteExtension, error) { - var voteExt OracleVoteExtension - err := json.Unmarshal(req.VoteExtension, &voteExt) - if err != nil { - return nil, fmt.Errorf("failed to unmarshal vote extension: %w", err) - } - - if voteExt.Height != req.Height { - return nil, fmt.Errorf("vote extension height does not match request height; expected: %d, got: %d", req.Height, voteExt.Height) - } - - // Verify incoming prices from a validator are valid. Note, verification during - // VerifyVoteExtensionHandler MUST be deterministic. For brevity and demo - // purposes, we omit implementation. - if err := h.verifyOraclePrices(ctx, voteExt.Prices); err != nil { - return nil, fmt.Errorf("failed to verify oracle prices from validator %X: %w", req.ValidatorAddress, err) - } - - return &abci.ResponseVerifyVoteExtension{Status: abci.ResponseVerifyVoteExtension_ACCEPT}, nil - } -} -``` - -## Implement PrepareProposal - -```go -type ProposalHandler struct { - logger log.Logger - keeper keeper.Keeper // our oracle module keeper - valStore baseapp.ValidatorStore // to get the current validators' pubkeys -} -``` - -And we create the struct for our “special tx”, that will contain the prices and the votes so validators can later re-check in ProcessPRoposal that they get the same result than the block’s proposer. With this we could also check if all the votes have been used by comparing the votes received in ProcessProposal. - -```go -type StakeWeightedPrices struct { - StakeWeightedPrices map[string]math.LegacyDec - ExtendedCommitInfo abci.ExtendedCommitInfo -} -``` - -Now we create the `PrepareProposalHandler`. In this step we’ll first check if the vote extensions’ signatures are correct using a helper function called ValidateVoteExtensions from the baseapp package. - -```go -func (h *ProposalHandler) PrepareProposal() sdk.PrepareProposalHandler { - return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { - err := baseapp.ValidateVoteExtensions(ctx, h.valStore, req.Height, ctx.ChainID(), req.LocalLastCommit) - if err != nil { - return nil, err - } -... -``` - -Then we proceed to make the calculations only if the current height if higher than the height at which vote extensions have been enabled. Remember that vote extensions are made available to the block proposer on the next block at which they are produced/enabled. - -```go -... - proposalTxs := req.Txs - - if req.Height > ctx.ConsensusParams().Abci.VoteExtensionsEnableHeight { - stakeWeightedPrices, err := h.computeStakeWeightedOraclePrices(ctx, req.LocalLastCommit) - if err != nil { - return nil, errors.New("failed to compute stake-weighted oracle prices") - } - - injectedVoteExtTx := StakeWeightedPrices{ - StakeWeightedPrices: stakeWeightedPrices, - ExtendedCommitInfo: req.LocalLastCommit, - } -... -``` - -Finally we inject the result as a transaction at a specific location, usually at the beginning of the block: - -## Implement ProcessProposal - -Now we can implement the method that all validators will execute to ensure the proposer is doing his work correctly. - -Here, if vote extensions are enabled, we’ll check if the tx at index 0 is an injected vote extension - -```go -func (h *ProposalHandler) ProcessProposal() sdk.ProcessProposalHandler { - return func(ctx sdk.Context, req *abci.RequestProcessProposal) (*abci.ResponseProcessProposal, error) { - if req.Height > ctx.ConsensusParams().Abci.VoteExtensionsEnableHeight { - var injectedVoteExtTx StakeWeightedPrices - if err := json.Unmarshal(req.Txs[0], &injectedVoteExtTx); err != nil { - h.logger.Error("failed to decode injected vote extension tx", "err", err) - return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil - } -... -``` - -Then we re-validate the vote extensions signatures using -baseapp.ValidateVoteExtensions, re-calculate the results (just like in PrepareProposal) and compare them with the results we got from the injected tx. - -```go - err := baseapp.ValidateVoteExtensions(ctx, h.valStore, req.Height, ctx.ChainID(), injectedVoteExtTx.ExtendedCommitInfo) - if err != nil { - return nil, err - } - - // Verify the proposer's stake-weighted oracle prices by computing the same - // calculation and comparing the results. We omit verification for brevity - // and demo purposes. - stakeWeightedPrices, err := h.computeStakeWeightedOraclePrices(ctx, injectedVoteExtTx.ExtendedCommitInfo) - if err != nil { - return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil - } - - if err := compareOraclePrices(injectedVoteExtTx.StakeWeightedPrices, stakeWeightedPrices); err != nil { - return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil - } - } - - return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil - } -} -``` - -Important: In this example we avoided using the mempool and other basics, please refer to the DefaultProposalHandler for a complete implementation: [https://github.com/cosmos/cosmos-sdk/blob/v0.50.1/baseapp/abci_utils.go](https://github.com/cosmos/cosmos-sdk/blob/v0.50.1/baseapp/abci_utils.go) - -## Implement PreBlocker - -Now validators are extending their vote, verifying other votes and including the result in the block. But how do we actually make use of this result? This is done in the PreBlocker which is code that is run before any other code during FinalizeBlock so we make sure we make this information available to the chain and its modules during the entire block execution (from BeginBlock). - -At this step we know that the injected tx is well-formatted and has been verified by the validators participating in consensus, so making use of it is straightforward. Just check if vote extensions are enabled, pick up the first transaction and use a method in your module’s keeper to set the result. - -```go -func (h *ProposalHandler) PreBlocker(ctx sdk.Context, req *abci.RequestFinalizeBlock) (*sdk.ResponsePreBlock, error) { - res := &sdk.ResponsePreBlock{} - if len(req.Txs) == 0 { - return res, nil - } - - if req.Height > ctx.ConsensusParams().Abci.VoteExtensionsEnableHeight { - var injectedVoteExtTx StakeWeightedPrices - if err := json.Unmarshal(req.Txs[0], &injectedVoteExtTx); err != nil { - h.logger.Error("failed to decode injected vote extension tx", "err", err) - return nil, err - } - - // set oracle prices using the passed in context, which will make these prices available in the current block - if err := h.keeper.SetOraclePrices(ctx, injectedVoteExtTx.StakeWeightedPrices); err != nil { - return nil, err - } - } - return res, nil -} - -``` - -## Conclusion - -In this tutorial, we've created a simple price oracle module that incorporates vote extensions. We've seen how to implement `ExtendVote`, `VerifyVoteExtension`, `PrepareProposal`, `ProcessProposal`, and `PreBlocker` to handle the voting and verification process of vote extensions, as well as how to make use of the results during the block execution. diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/03-testing-oracle.md b/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/03-testing-oracle.md deleted file mode 100644 index 905ca0d7..00000000 --- a/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/03-testing-oracle.md +++ /dev/null @@ -1,57 +0,0 @@ -# Testing the Oracle Module - -We will guide you through the process of testing the Oracle module in your application. The Oracle module uses vote extensions to provide current price data. If you would like to see the complete working oracle module please see [here](https://github.com/cosmos/sdk-tutorials/blob/master/tutorials/oracle/base/x/oracle). - -## Step 1: Compile and Install the Application - -First, we need to compile and install the application. Please ensure you are in the `tutorials/oracle/base` directory. Run the following command in your terminal: - -```shell -make install -``` - -This command compiles the application and moves the resulting binary to a location in your system's PATH. - -## Step 2: Initialise the Application - -Next, we need to initialise the application. Run the following command in your terminal: - -```shell -make init -``` - -This command runs the script `tutorials/oracle/base/scripts/init.sh`, which sets up the necessary configuration for your application to run. This includes creating the `app.toml` configuration file and initialising the blockchain with a genesis block. - -## Step 3: Start the Application - -Now, we can start the application. Run the following command in your terminal: - -```shell -exampled start -``` - -This command starts your application, begins the blockchain node, and starts processing transactions. - -## Step 4: Query the Oracle Prices - -Finally, we can query the current prices from the Oracle module. Run the following command in your terminal: - -```shell -exampled q oracle prices -``` - -This command queries the current prices from the Oracle module. The expected output shows that the vote extensions were successfully included in the block and the Oracle module was able to retrieve the price data. - -## Understanding Vote Extensions in Oracle - -In the Oracle module, the `ExtendVoteHandler` function is responsible for creating the vote extensions. This function fetches the current prices from the provider, creates a `OracleVoteExtension` struct with these prices, and then marshals this struct into bytes. These bytes are then set as the vote extension. - -In the context of testing, the Oracle module uses a mock provider to simulate the behavior of a real price provider. This mock provider is defined in the mockprovider package and is used to return predefined prices for specific currency pairs. - -## Conclusion - -In this tutorial, we've delved into the concept of Oracle's in blockchain technology, focusing on their role in providing external data to a blockchain network. We've explored vote extensions, a powerful feature of ABCI++, and integrated them into a Cosmos SDK application to create a price oracle module. - -Through hands-on exercises, you've implemented vote extensions, and tested their effectiveness in providing timely and accurate asset price information. You've gained practical insights by setting up a mock provider for testing and analysing the process of extending votes, verifying vote extensions, and preparing and processing proposals. - -Keep experimenting with these concepts, engage with the community, and stay updated on new advancements. The knowledge you've acquired here is crucial for developing robust and reliable blockchain applications that can interact with real-world data. diff --git a/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/_category_.json b/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/_category_.json deleted file mode 100644 index b63ffe2f..00000000 --- a/copy-of-sdk-docs/docs/tutorials/vote-extensions/oracle/_category_.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "label": "Oracle Tutorial", - "position": 1, - "link": null -} \ No newline at end of file diff --git a/copy-of-sdk-docs/docs/user/run-node/00-keyring.md b/copy-of-sdk-docs/docs/user/run-node/00-keyring.md deleted file mode 100644 index 95f754d9..00000000 --- a/copy-of-sdk-docs/docs/user/run-node/00-keyring.md +++ /dev/null @@ -1,145 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Setting up the keyring - -:::note Synopsis -This document describes how to configure and use the keyring and its various backends for an [**application**](../../learn/beginner/00-app-anatomy.md). -::: - -The keyring holds the private/public key pairs used to interact with a node. For instance, a validator key needs to be set up before running the blockchain node, so that blocks can be correctly signed. The private key can be stored in different locations, called "backends," such as a file or the operating system's own key storage. - -## Available backends for the keyring - -Starting with the v0.38.0 release, Cosmos SDK comes with a new keyring implementation -that provides a set of commands to manage cryptographic keys in a secure fashion. The -new keyring supports multiple storage backends, some of which may not be available on -all operating systems. - -### The `os` backend - -The `os` backend relies on operating system-specific defaults to handle key storage -securely. Typically, an operating system's credential subsystem handles password prompts, -private keys storage, and user sessions according to the user's password policies. Here -is a list of the most popular operating systems and their respective password managers: - -* macOS: [Keychain](https://support.apple.com/en-gb/guide/keychain-access/welcome/mac) -* Windows: [Credentials Management API](https://docs.microsoft.com/en-us/windows/win32/secauthn/credentials-management) -* GNU/Linux: - * [libsecret](https://gitlab.gnome.org/GNOME/libsecret) - * [kwallet](https://api.kde.org/frameworks/kwallet/html/index.html) - * [keyctl](https://www.kernel.org/doc/html/latest/security/keys/core.html) - -GNU/Linux distributions that use GNOME as the default desktop environment typically come with -[Seahorse](https://wiki.gnome.org/Apps/Seahorse). Users of KDE based distributions are -commonly provided with [KDE Wallet Manager](https://userbase.kde.org/KDE_Wallet_Manager). -Whilst the former is in fact a `libsecret` convenient frontend, the latter is a `kwallet` -client. `keyctl` is a secure backend that leverages the Linux kernel security key management system -to store cryptographic keys securely in memory. - -`os` is the default option since operating system's default credentials managers are -designed to meet users' most common needs and provide them with a comfortable -experience without compromising on security. - -The recommended backends for headless environments are `file` and `pass`. - -### The `file` backend - -The `file` backend more closely resembles the keybase implementation used prior to -v0.38.1. It stores the keyring encrypted within the app's configuration directory. This -keyring will request a password each time it is accessed, which may occur multiple -times in a single command resulting in repeated password prompts. If using bash scripts -to execute commands using the `file` option you may want to utilize the following format -for multiple prompts: - -```shell -# assuming that KEYPASSWD is set in the environment -$ gaiacli config keyring-backend file # use file backend -$ (echo $KEYPASSWD; echo $KEYPASSWD) | gaiacli keys add me # multiple prompts -$ echo $KEYPASSWD | gaiacli keys show me # single prompt -``` - -:::tip -The first time you add a key to an empty keyring, you will be prompted to type the password twice. -::: - -### The `pass` backend - -The `pass` backend uses the [pass](https://www.passwordstore.org/) utility to manage on-disk -encryption of keys' sensitive data and metadata. Keys are stored inside `gpg` encrypted files -within app-specific directories. `pass` is available for the most popular UNIX -operating systems as well as GNU/Linux distributions. Please refer to its manual page for -information on how to download and install it. - -:::tip -**pass** uses [GnuPG](https://gnupg.org/) for encryption. `gpg` automatically invokes the `gpg-agent` -daemon upon execution, which handles the caching of GnuPG credentials. Please refer to `gpg-agent` -man page for more information on how to configure cache parameters such as credentials TTL and -passphrase expiration. -::: - -The password store must be set up prior to first use: - -```shell -pass init -``` - -Replace `` with your GPG key ID. You can use your personal GPG key or an alternative -one you may want to use specifically to encrypt the password store. - -### The `kwallet` backend - -The `kwallet` backend uses `KDE Wallet Manager`, which comes installed by default on the -GNU/Linux distributions that ship KDE as the default desktop environment. Please refer to -[KWallet API documentation](https://api.kde.org/frameworks/kwallet/html/index.html) for more -information. - -### The `keyctl` backend - -The *Kernel Key Retention Service* is a security facility that -has been added to the Linux kernel relatively recently. It allows sensitive -cryptographic data such as passwords, private key, authentication tokens, etc -to be stored securely in memory. - -The `keyctl` backend is available on Linux platforms only. - -### The `test` backend - -The `test` backend is a password-less variation of the `file` backend. Keys are stored -unencrypted on disk. - -**Provided for testing purposes only. The `test` backend is not recommended for use in production environments**. - -### The `memory` backend - -The `memory` backend stores keys in memory. The keys are immediately deleted after the program has exited. - -**Provided for testing purposes only. The `memory` backend is not recommended for use in production environments**. - -### Setting backend using an env variable - -You can set the keyring-backend using env variable: `BINNAME_KEYRING_BACKEND`. For example, if your binary name is `gaia-v5` then set: `export GAIA_V5_KEYRING_BACKEND=pass` - -## Adding keys to the keyring - -:::warning -Make sure you can build your own binary, and replace `simd` with the name of your binary in the snippets. -::: - -Applications developed using the Cosmos SDK come with the `keys` subcommand. For the purpose of this tutorial, we're running the `simd` CLI, which is an application built using the Cosmos SDK for testing and educational purposes. For more information, see [`simapp`](https://github.com/cosmos/cosmos-sdk/tree/main/simapp). - -You can use `simd keys` for help about the keys command and `simd keys [command] --help` for more information about a particular subcommand. - -To create a new key in the keyring, run the `add` subcommand with a `` argument. For the purpose of this tutorial, we will solely use the `test` backend, and call our new key `my_validator`. This key will be used in the next section. - -```bash -$ simd keys add my_validator --keyring-backend test - -# Put the generated address in a variable for later use. -MY_VALIDATOR_ADDRESS=$(simd keys show my_validator -a --keyring-backend test) -``` - -This command generates a new 24-word mnemonic phrase, persists it to the relevant backend, and outputs information about the keypair. If this keypair will be used to hold value-bearing tokens, be sure to write down the mnemonic phrase somewhere safe! - -By default, the keyring generates a `secp256k1` keypair. The keyring also supports `ed25519` keys, which may be created by passing the `--algo ed25519` flag. A keyring can of course hold both types of keys simultaneously, and the Cosmos SDK's `x/auth` module supports natively these two public key algorithms. diff --git a/copy-of-sdk-docs/docs/user/run-node/01-run-node.md b/copy-of-sdk-docs/docs/user/run-node/01-run-node.md deleted file mode 100644 index 88aa38f2..00000000 --- a/copy-of-sdk-docs/docs/user/run-node/01-run-node.md +++ /dev/null @@ -1,218 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Running a Node - -:::note Synopsis -Now that the application is ready and the keyring populated, it's time to see how to run the blockchain node. In this section, the application we are running is called [`simapp`](https://github.com/cosmos/cosmos-sdk/tree/main/simapp), and its corresponding CLI binary `simd`. -::: - -:::note Pre-requisite Readings - -* [Anatomy of a Cosmos SDK Application](../../learn/beginner/00-app-anatomy.md) -* [Setting up the keyring](./00-keyring.md) - -::: - -## Initialize the Chain - -:::warning -Make sure you can build your own binary, and replace `simd` with the name of your binary in the snippets. -::: - -Before actually running the node, we need to initialize the chain, and most importantly, its genesis file. This is done with the `init` subcommand: - -```bash -# The argument is the custom username of your node, it should be human-readable. -simd init --chain-id my-test-chain -``` - -The command above creates all the configuration files needed for your node to run, as well as a default genesis file, which defines the initial state of the network. - -:::tip -All these configuration files are in `~/.simapp` by default, but you can overwrite the location of this folder by passing the `--home` flag to each command, -or set an `$APPD_HOME` environment variable (where `APPD` is the name of the binary). -::: - -The `~/.simapp` folder has the following structure: - -```bash -. # ~/.simapp - |- data # Contains the databases used by the node. - |- config/ - |- app.toml # Application-related configuration file. - |- config.toml # CometBFT-related configuration file. - |- genesis.json # The genesis file. - |- node_key.json # Private key to use for node authentication in the p2p protocol. - |- priv_validator_key.json # Private key to use as a validator in the consensus protocol. -``` - -## Updating Some Default Settings - -If you want to change any field values in configuration files (for ex: genesis.json) you can use `jq` ([installation](https://stedolan.github.io/jq/download/) & [docs](https://stedolan.github.io/jq/manual/#Assignment)) & `sed` commands to do that. A few examples are listed here. - -```bash -# to change the chain-id -jq '.chain_id = "testing"' genesis.json > temp.json && mv temp.json genesis.json - -# to enable the api server -sed -i '/\[api\]/,+3 s/enable = false/enable = true/' app.toml - -# to change the voting_period -jq '.app_state.gov.voting_params.voting_period = "600s"' genesis.json > temp.json && mv temp.json genesis.json - -# to change the inflation -jq '.app_state.mint.minter.inflation = "0.300000000000000000"' genesis.json > temp.json && mv temp.json genesis.json -``` - -### Client Interaction - -When instantiating a node, GRPC and REST are defaulted to localhost to avoid unknown exposure of your node to the public. It is recommended not to expose these endpoints without a proxy that can handle load balancing or authentication set up between your node and the public. - -:::tip -A commonly used tool for this is [nginx](https://nginx.org). -::: - - -## Adding Genesis Accounts - -Before starting the chain, you need to populate the state with at least one account. To do so, first [create a new account in the keyring](./00-keyring.md#adding-keys-to-the-keyring) named `my_validator` under the `test` keyring backend (feel free to choose another name and another backend). - -Now that you have created a local account, go ahead and grant it some `stake` tokens in your chain's genesis file. Doing so will also make sure your chain is aware of this account's existence: - -```bash -simd genesis add-genesis-account $MY_VALIDATOR_ADDRESS 100000000000stake -``` - -Recall that `$MY_VALIDATOR_ADDRESS` is a variable that holds the address of the `my_validator` key in the [keyring](./00-keyring.md#adding-keys-to-the-keyring). Also note that the tokens in the Cosmos SDK have the `{amount}{denom}` format: `amount` is an 18-digit-precision decimal number, and `denom` is the unique token identifier with its denomination key (e.g. `atom` or `uatom`). Here, we are granting `stake` tokens, as `stake` is the token identifier used for staking in [`simapp`](https://github.com/cosmos/cosmos-sdk/tree/main/simapp). For your own chain with its own staking denom, that token identifier should be used instead. - -Now that your account has some tokens, you need to add a validator to your chain. Validators are special full-nodes that participate in the consensus process (implemented in the [underlying consensus engine](../../learn/intro/02-sdk-app-architecture.md#cometbft)) in order to add new blocks to the chain. Any account can declare its intention to become a validator operator, but only those with sufficient delegation get to enter the active set (for example, only the top 125 validator candidates with the most delegation get to be validators in the Cosmos Hub). For this guide, you will add your local node (created via the `init` command above) as a validator of your chain. Validators can be declared before a chain is first started via a special transaction included in the genesis file called a `gentx`: - -```bash -# Create a gentx. -simd genesis gentx my_validator 100000000stake --chain-id my-test-chain --keyring-backend test - -# Add the gentx to the genesis file. -simd genesis collect-gentxs -``` - -A `gentx` does three things: - -1. Registers the `validator` account you created as a validator operator account (i.e., the account that controls the validator). -2. Self-delegates the provided `amount` of staking tokens. -3. Link the operator account with a CometBFT node pubkey that will be used for signing blocks. If no `--pubkey` flag is provided, it defaults to the local node pubkey created via the `simd init` command above. - -For more information on `gentx`, use the following command: - -```bash -simd genesis gentx --help -``` - -## Configuring the Node Using `app.toml` and `config.toml` - -The Cosmos SDK automatically generates two configuration files inside `~/.simapp/config`: - -* `config.toml`: used to configure the CometBFT, learn more on [CometBFT's documentation](https://docs.cometbft.com/v0.37/core/configuration), -* `app.toml`: generated by the Cosmos SDK, and used to configure your app, such as state pruning strategies, telemetry, gRPC and REST servers configuration, state sync... - -Both files are heavily commented, please refer to them directly to tweak your node. - -One example config to tweak is the `minimum-gas-prices` field inside `app.toml`, which defines the minimum gas prices the validator node is willing to accept for processing a transaction. Depending on the chain, it might be an empty string or not. If it's empty, make sure to edit the field with some value, for example `10token`, or else the node will halt on startup. For the purpose of this tutorial, let's set the minimum gas price to 0: - -```toml - # The minimum gas prices a validator is willing to accept for processing a - # transaction. A transaction's fees must meet the minimum of any denomination - # specified in this config (e.g. 0.25token1;0.0001token2). - minimum-gas-prices = "0stake" -``` - -:::tip -When running a node (not a validator!) and not wanting to run the application mempool, set the `max-txs` field to `-1`. - -```toml -[mempool] -# Setting max-txs to 0 will allow for an unbounded amount of transactions in the mempool. -# Setting max_txs to negative 1 (-1) will disable transactions from being inserted into the mempool. -# Setting max_txs to a positive number (> 0) will limit the number of transactions in the mempool, by the specified amount. -# -# Note, this configuration only applies to SDK built-in app-side mempool -# implementations. -max-txs = "-1" -``` - -::: - -## Run a Localnet - -Now that everything is set up, you can finally start your node: - -```bash -simd start -``` - -You should see blocks come in. - -The previous command allows you to run a single node. This is enough for the next section on interacting with this node, but you may wish to run multiple nodes at the same time, and see how consensus happens between them. - -The naive way would be to run the same commands again in separate terminal windows. This is possible, however, in the Cosmos SDK, we leverage the power of [Docker Compose](https://docs.docker.com/compose/) to run a localnet. If you need inspiration on how to set up your own localnet with Docker Compose, you can have a look at the Cosmos SDK's [`docker-compose.yml`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/docker-compose.yml). - -### Standalone App/CometBFT - -By default, the Cosmos SDK runs CometBFT in-process with the application -If you want to run the application and CometBFT in separate processes, -start the application with the `--with-comet=false` flag -and set `rpc.laddr` in `config.toml` to the CometBFT node's RPC address. - -## Logging - -Logging provides a way to see what is going on with a node. The default logging level is info. This is a global level and all info logs will be outputted to the terminal. If you would like to filter specific logs to the terminal instead of all, then setting `module:log_level` is how this can work. - -Example: - -In config.toml: - -```toml -log_level: "state:info,p2p:info,consensus:info,x/staking:info,x/ibc:info,*error" -``` - -## State Sync - -State sync is the act in which a node syncs the latest or close to the latest state of a blockchain. This is useful for users who don't want to sync all the blocks in history. Read more in [CometBFT documentation](https://docs.cometbft.com/v0.37/core/state-sync). - -State sync works thanks to snapshots. Read how the SDK handles snapshots [here](https://github.com/cosmos/cosmos-sdk/blob/825245d/store/snapshots/README.md). - -### Local State Sync - -Local state sync works similar to normal state sync except that it works off a local snapshot of state instead of one provided via the p2p network. The steps to start local state sync are similar to normal state sync with a few different designs. - -1. As mentioned in https://docs.cometbft.com/v0.37/core/state-sync, one must set a height and hash in the config.toml along with a few rpc servers (the aforementioned link has instructions on how to do this). -2. Run ` ` to restore a local snapshot (note: first load it from a file with the *load* command). -3. Bootstrapping Comet state to start the node after the snapshot has been ingested. This can be done with the bootstrap command ` comet bootstrap-state` - -### Snapshots Commands - -The Cosmos SDK provides commands for managing snapshots. -These commands can be added in an app with the following snippet in `cmd//root.go`: - -```go -import ( - "github.com/cosmos/cosmos-sdk/client/snapshot" -) - -func initRootCmd(/* ... */) { - // ... - rootCmd.AddCommand( - snapshot.Cmd(appCreator), - ) -} -``` - -Then the following commands are available at ` snapshots [command]`: - -* **list**: list local snapshots -* **load**: Load a snapshot archive file into snapshot store -* **restore**: Restore app state from local snapshot -* **export**: Export app state to snapshot store -* **dump**: Dump the snapshot as portable archive format -* **delete**: Delete a local snapshot diff --git a/copy-of-sdk-docs/docs/user/run-node/02-interact-node.md b/copy-of-sdk-docs/docs/user/run-node/02-interact-node.md deleted file mode 100644 index 1a76f02f..00000000 --- a/copy-of-sdk-docs/docs/user/run-node/02-interact-node.md +++ /dev/null @@ -1,289 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Interacting with the Node - -:::note Synopsis -There are multiple ways to interact with a node: using the CLI, using gRPC or using the REST endpoints. -::: - -:::note Pre-requisite Readings - -* [gRPC, REST and CometBFT Endpoints](../../learn/advanced/06-grpc_rest.md) -* [Running a Node](./01-run-node.md) - -::: - -## Using the CLI - -Now that your chain is running, it is time to try sending tokens from the first account you created to a second account. In a new terminal window, start by running the following query command: - -```bash -simd query bank balances $MY_VALIDATOR_ADDRESS -``` - -You should see the current balance of the account you created, equal to the original balance of `stake` you granted it minus the amount you delegated via the `gentx`. Now, create a second account: - -```bash -simd keys add recipient --keyring-backend test - -# Put the generated address in a variable for later use. -RECIPIENT=$(simd keys show recipient -a --keyring-backend test) -``` - -The command above creates a local key-pair that is not yet registered on the chain. An account is created the first time it receives tokens from another account. Now, run the following command to send tokens to the `recipient` account: - -```bash -simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000000stake --chain-id my-test-chain --keyring-backend test - -# Check that the recipient account did receive the tokens. -simd query bank balances $RECIPIENT -``` - -Finally, delegate some of the stake tokens sent to the `recipient` account to the validator: - -```bash -simd tx staking delegate $(simd keys show my_validator --bech val -a --keyring-backend test) 500stake --from recipient --chain-id my-test-chain --keyring-backend test - -# Query the total delegations to `validator`. -simd query staking delegations-to $(simd keys show my_validator --bech val -a --keyring-backend test) -``` - -You should see two delegations, the first one made from the `gentx`, and the second one you just performed from the `recipient` account. - -## Using gRPC - -The Protobuf ecosystem developed tools for different use cases, including code-generation from `*.proto` files into various languages. These tools allow the building of clients easily. Often, the client connection (i.e. the transport) can be plugged and replaced very easily. Let's explore one of the most popular transports: [gRPC](../../learn/advanced/06-grpc_rest.md). - -Since the code generation library largely depends on your own tech stack, we will only present three alternatives: - -* `grpcurl` for generic debugging and testing, -* programmatically via Go, -* CosmJS for JavaScript/TypeScript developers. - -### grpcurl - -[grpcurl](https://github.com/fullstorydev/grpcurl) is like `curl` but for gRPC. It is also available as a Go library, but we will use it only as a CLI command for debugging and testing purposes. Follow the instructions in the previous link to install it. - -Assuming you have a local node running (either a localnet, or connected to a live network), you should be able to run the following command to list the Protobuf services available (you can replace `localhost:9000` by the gRPC server endpoint of another node, which is configured under the `grpc.address` field inside [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml)): - -```bash -grpcurl -plaintext localhost:9090 list -``` - -You should see a list of gRPC services, like `cosmos.bank.v1beta1.Query`. This is called reflection, which is a Protobuf endpoint returning a description of all available endpoints. Each of these represents a different Protobuf service, and each service exposes multiple RPC methods you can query against. - -In order to get a description of the service you can run the following command: - -```bash -grpcurl -plaintext \ - localhost:9090 \ - describe cosmos.bank.v1beta1.Query # Service we want to inspect -``` - -It's also possible to execute an RPC call to query the node for information: - -```bash -grpcurl \ - -plaintext \ - -d "{\"address\":\"$MY_VALIDATOR_ADDRESS\"}" \ - localhost:9090 \ - cosmos.bank.v1beta1.Query/AllBalances -``` - -The list of all available gRPC query endpoints is [coming soon](https://github.com/cosmos/cosmos-sdk/issues/7786). - -#### Query for historical state using grpcurl - -You may also query for historical data by passing some [gRPC metadata](https://github.com/grpc/grpc-go/blob/master/Documentation/grpc-metadata.md) to the query: the `x-cosmos-block-height` metadata should contain the block to query. Using grpcurl as above, the command looks like: - -```bash -grpcurl \ - -plaintext \ - -H "x-cosmos-block-height: 123" \ - -d "{\"address\":\"$MY_VALIDATOR_ADDRESS\"}" \ - localhost:9090 \ - cosmos.bank.v1beta1.Query/AllBalances -``` - -Assuming the state at that block has not yet been pruned by the node, this query should return a non-empty response. - -### Programmatically via Go - -The following snippet shows how to query the state using gRPC inside a Go program. The idea is to create a gRPC connection, and use the Protobuf-generated client code to query the gRPC server. - -#### Install Cosmos SDK - - -```bash -go get github.com/cosmos/cosmos-sdk@main -``` - -```go -package main - -import ( - "context" - "fmt" - - "google.golang.org/grpc" - - "github.com/cosmos/cosmos-sdk/codec" - sdk "github.com/cosmos/cosmos-sdk/types" - banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" -) - -func queryState() error { - myAddress, err := sdk.AccAddressFromBech32("cosmos1...") // the my_validator or recipient address. - if err != nil { - return err - } - - // Create a connection to the gRPC server. - grpcConn, err := grpc.Dial( - "127.0.0.1:9090", // your gRPC server address. - grpc.WithInsecure(), // The Cosmos SDK doesn't support any transport security mechanism. - // This instantiates a general gRPC codec which handles proto bytes. We pass in a nil interface registry - // if the request/response types contain interface instead of 'nil' you should pass the application specific codec. - grpc.WithDefaultCallOptions(grpc.ForceCodec(codec.NewProtoCodec(nil).GRPCCodec())), - ) - if err != nil { - return err - } - defer grpcConn.Close() - - // This creates a gRPC client to query the x/bank service. - bankClient := banktypes.NewQueryClient(grpcConn) - bankRes, err := bankClient.Balance( - context.Background(), - &banktypes.QueryBalanceRequest{Address: myAddress.String(), Denom: "stake"}, - ) - if err != nil { - return err - } - - fmt.Println(bankRes.GetBalance()) // Prints the account balance - - return nil -} - -func main() { - if err := queryState(); err != nil { - panic(err) - } -} -``` - -You can replace the query client (here we are using `x/bank`'s) with one generated from any other Protobuf service. The list of all available gRPC query endpoints is [coming soon](https://github.com/cosmos/cosmos-sdk/issues/7786). - -#### Query for historical state using Go - -Querying for historical blocks is done by adding the block height metadata in the gRPC request. - -```go -package main - -import ( - "context" - "fmt" - - "google.golang.org/grpc" - "google.golang.org/grpc/metadata" - - "github.com/cosmos/cosmos-sdk/codec" - sdk "github.com/cosmos/cosmos-sdk/types" - grpctypes "github.com/cosmos/cosmos-sdk/types/grpc" - banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" -) - -func queryState() error { - myAddress, err := sdk.AccAddressFromBech32("cosmos1yerherx4d43gj5wa3zl5vflj9d4pln42n7kuzu") // the my_validator or recipient address. - if err != nil { - return err - } - - // Create a connection to the gRPC server. - grpcConn, err := grpc.Dial( - "127.0.0.1:9090", // your gRPC server address. - grpc.WithInsecure(), // The Cosmos SDK doesn't support any transport security mechanism. - // This instantiates a general gRPC codec which handles proto bytes. We pass in a nil interface registry - // if the request/response types contain interface instead of 'nil' you should pass the application specific codec. - grpc.WithDefaultCallOptions(grpc.ForceCodec(codec.NewProtoCodec(nil).GRPCCodec())), - ) - if err != nil { - return err - } - defer grpcConn.Close() - - // This creates a gRPC client to query the x/bank service. - bankClient := banktypes.NewQueryClient(grpcConn) - - var header metadata.MD - _, err = bankClient.Balance( - metadata.AppendToOutgoingContext(context.Background(), grpctypes.GRPCBlockHeightHeader, "12"), // Add metadata to request - &banktypes.QueryBalanceRequest{Address: myAddress.String(), Denom: "stake"}, - grpc.Header(&header), // Retrieve header from response - ) - if err != nil { - return err - } - blockHeight := header.Get(grpctypes.GRPCBlockHeightHeader) - - fmt.Println(blockHeight) // Prints the block height (12) - - return nil -} - -func main() { - if err := queryState(); err != nil { - panic(err) - } -} -``` - -### CosmJS - -CosmJS documentation can be found at [https://cosmos.github.io/cosmjs](https://cosmos.github.io/cosmjs). As of January 2021, CosmJS documentation is still a work in progress. - -## Using the REST Endpoints - -As described in the [gRPC guide](../../learn/advanced/06-grpc_rest.md), all gRPC services on the Cosmos SDK are made available for more convenient REST-based queries through gRPC-gateway. The format of the URL path is based on the Protobuf service method's full-qualified name, but may contain small customizations so that final URLs look more idiomatic. For example, the REST endpoint for the `cosmos.bank.v1beta1.Query/AllBalances` method is `GET /cosmos/bank/v1beta1/balances/{address}`. Request arguments are passed as query parameters. - -Note that the REST endpoints are not enabled by default. To enable them, edit the `api` section of your `~/.simapp/config/app.toml` file: - -```toml -# Enable defines if the API server should be enabled. -enable = true -``` - -As a concrete example, the `curl` command to make balances request is: - -```bash -curl \ - -X GET \ - -H "Content-Type: application/json" \ - http://localhost:1317/cosmos/bank/v1beta1/balances/$MY_VALIDATOR_ADDRESS -``` - -Make sure to replace `localhost:1317` with the REST endpoint of your node, configured under the `api.address` field. - -The list of all available REST endpoints is available as a Swagger specification file, it can be viewed at `localhost:1317/swagger`. Make sure that the `api.swagger` field is set to true in your [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml) file. - -### Query for historical state using REST - -Querying for historical state is done using the HTTP header `x-cosmos-block-height`. For example, a curl command would look like: - -```bash -curl \ - -X GET \ - -H "Content-Type: application/json" \ - -H "x-cosmos-block-height: 123" \ - http://localhost:1317/cosmos/bank/v1beta1/balances/$MY_VALIDATOR_ADDRESS -``` - -Assuming the state at that block has not yet been pruned by the node, this query should return a non-empty response. - -### Cross-Origin Resource Sharing (CORS) - -[CORS policies](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) are not enabled by default to help with security. If you would like to use the rest-server in a public environment we recommend you provide a reverse proxy, this can be done with [nginx](https://www.nginx.com/). For testing and development purposes there is an `enabled-unsafe-cors` field inside [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml). diff --git a/copy-of-sdk-docs/docs/user/run-node/03-txs.md b/copy-of-sdk-docs/docs/user/run-node/03-txs.md deleted file mode 100644 index 93f81055..00000000 --- a/copy-of-sdk-docs/docs/user/run-node/03-txs.md +++ /dev/null @@ -1,429 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Generating, Signing and Broadcasting Transactions - -:::note Synopsis -This document describes how to generate an (unsigned) transaction, signing it (with one or multiple keys), and broadcasting it to the network. -::: - -## Using the CLI - -The easiest way to send transactions is using the CLI, as we have seen in the previous page when [interacting with a node](./02-interact-node.md#using-the-cli). For example, running the following command - -```bash -simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake --chain-id my-test-chain --keyring-backend test -``` - -will run the following steps: - -* generate a transaction with one `Msg` (`x/bank`'s `MsgSend`), and print the generated transaction to the console. -* ask the user for confirmation to send the transaction from the `$MY_VALIDATOR_ADDRESS` account. -* fetch `$MY_VALIDATOR_ADDRESS` from the keyring. This is possible because we have [set up the CLI's keyring](./00-keyring.md) in a previous step. -* sign the generated transaction with the keyring's account. -* broadcast the signed transaction to the network. This is possible because the CLI connects to the node's CometBFT RPC endpoint. - -The CLI bundles all the necessary steps into a simple-to-use user experience. However, it's possible to run all the steps individually too. - -### Generating a Transaction - -Generating a transaction can simply be done by appending the `--generate-only` flag on any `tx` command, e.g.: - -```bash -simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake --chain-id my-test-chain --generate-only -``` - -This will output the unsigned transaction as JSON in the console. We can also save the unsigned transaction to a file (to be passed around between signers more easily) by appending `> unsigned_tx.json` to the above command. - -### Signing a Transaction - -Signing a transaction using the CLI requires the unsigned transaction to be saved in a file. Let's assume the unsigned transaction is in a file called `unsigned_tx.json` in the current directory (see previous paragraph on how to do that). Then, simply run the following command: - -```bash -simd tx sign unsigned_tx.json --chain-id my-test-chain --keyring-backend test --from $MY_VALIDATOR_ADDRESS -``` - -This command will decode the unsigned transaction and sign it with `SIGN_MODE_DIRECT` with `$MY_VALIDATOR_ADDRESS`'s key, which we already set up in the keyring. The signed transaction will be output as JSON to the console, and, as above, we can save it to a file by appending `--output-document signed_tx.json`. - -Some useful flags to consider in the `tx sign` command: - -* `--sign-mode`: you may use `amino-json` to sign the transaction using `SIGN_MODE_LEGACY_AMINO_JSON`, -* `--offline`: sign in offline mode. This means that the `tx sign` command doesn't connect to the node to retrieve the signer's account number and sequence, both needed for signing. In this case, you must manually supply the `--account-number` and `--sequence` flags. This is useful for offline signing, i.e. signing in a secure environment which doesn't have access to the internet. - -#### Signing with Multiple Signers - -:::warning -Please note that signing a transaction with multiple signers or with a multisig account, where at least one signer uses `SIGN_MODE_DIRECT`, is not yet possible. You may follow [this Github issue](https://github.com/cosmos/cosmos-sdk/issues/8141) for more info. -::: - -Signing with multiple signers is done with the `tx multisign` command. This command assumes that all signers use `SIGN_MODE_LEGACY_AMINO_JSON`. The flow is similar to the `tx sign` command flow, but instead of signing an unsigned transaction file, each signer signs the file signed by previous signer(s). The `tx multisign` command will append signatures to the existing transactions. It is important that signers sign the transaction **in the same order** as given by the transaction, which is retrievable using the `GetSigners()` method. - -For example, starting with the `unsigned_tx.json`, and assuming the transaction has 4 signers, we would run: - -```bash -# Let signer1 sign the unsigned tx. -simd tx multisign unsigned_tx.json signer_key_1 --chain-id my-test-chain --keyring-backend test > partial_tx_1.json -# Now signer1 will send the partial_tx_1.json to the signer2. -# Signer2 appends their signature: -simd tx multisign partial_tx_1.json signer_key_2 --chain-id my-test-chain --keyring-backend test > partial_tx_2.json -# Signer2 sends the partial_tx_2.json file to signer3, and signer3 can append his signature: -simd tx multisign partial_tx_2.json signer_key_3 --chain-id my-test-chain --keyring-backend test > partial_tx_3.json -``` - -### Broadcasting a Transaction - -Broadcasting a transaction is done using the following command: - -```bash -simd tx broadcast tx_signed.json -``` - -You may optionally pass the `--broadcast-mode` flag to specify which response to receive from the node: - -* `sync`: the CLI waits for a CheckTx execution response only. -* `async`: the CLI returns immediately (transaction might fail). - -### Encoding a Transaction - -In order to broadcast a transaction using the gRPC or REST endpoints, the transaction will need to be encoded first. This can be done using the CLI. - -Encoding a transaction is done using the following command: - -```bash -simd tx encode tx_signed.json -``` - -This will read the transaction from the file, serialize it using Protobuf, and output the transaction bytes as base64 in the console. - -### Decoding a Transaction - -The CLI can also be used to decode transaction bytes. - -Decoding a transaction is done using the following command: - -```bash -simd tx decode [protobuf-byte-string] -``` - -This will decode the transaction bytes and output the transaction as JSON in the console. You can also save the transaction to a file by appending `> tx.json` to the above command. - -## Programmatically with Go - -It is possible to manipulate transactions programmatically via Go using the Cosmos SDK's `TxBuilder` interface. - -### Generating a Transaction - -Before generating a transaction, a new instance of a `TxBuilder` needs to be created. Since the Cosmos SDK supports both Amino and Protobuf transactions, the first step would be to decide which encoding scheme to use. All the subsequent steps remain unchanged, whether you're using Amino or Protobuf, as `TxBuilder` abstracts the encoding mechanisms. In the following snippet, we will use Protobuf. - -```go -import ( - "github.com/cosmos/cosmos-sdk/simapp" -) - -func sendTx() error { - // Choose your codec: Amino or Protobuf. Here, we use Protobuf, given by the following function. - app := simapp.NewSimApp(...) - - // Create a new TxBuilder. - txBuilder := app.TxConfig().NewTxBuilder() - - // --snip-- -} -``` - -We can also set up some keys and addresses that will send and receive the transactions. Here, for the purpose of the tutorial, we will be using some dummy data to create keys. - -```go -import ( - "github.com/cosmos/cosmos-sdk/testutil/testdata" -) - -priv1, _, addr1 := testdata.KeyTestPubAddr() -priv2, _, addr2 := testdata.KeyTestPubAddr() -priv3, _, addr3 := testdata.KeyTestPubAddr() -``` - -Populating the `TxBuilder` can be done via its methods: - -```go reference -https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/tx_config.go#L39-L57 -``` - -```go -import ( - banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" -) - -func sendTx() error { - // --snip-- - - // Define two x/bank MsgSend messages: - // - from addr1 to addr3, - // - from addr2 to addr3. - // This means that the transaction needs two signers: addr1 and addr2. - msg1 := banktypes.NewMsgSend(addr1, addr3, types.NewCoins(types.NewInt64Coin("atom", 12))) - msg2 := banktypes.NewMsgSend(addr2, addr3, types.NewCoins(types.NewInt64Coin("atom", 34))) - - err := txBuilder.SetMsgs(msg1, msg2) - if err != nil { - return err - } - - txBuilder.SetGasLimit(...) - txBuilder.SetFeeAmount(...) - txBuilder.SetMemo(...) - txBuilder.SetTimeoutHeight(...) -} -``` - -At this point, `TxBuilder`'s underlying transaction is ready to be signed. - -#### Generating an Unordered Transaction - -Starting with Cosmos SDK v0.53.0, users may send unordered transactions to chains that have the feature enabled. - -:::warning - -Unordered transactions MUST leave sequence values unset. When a transaction is both unordered and contains a non-zero sequence value, -the transaction will be rejected. External services that operate on prior assumptions about transaction sequence values should be updated to handle unordered transactions. -Services should be aware that when the transaction is unordered, the transaction sequence will always be zero. - -::: - -Using the example above, we can set the required fields to mark a transaction as unordered. -By default, unordered transactions charge an extra 2240 units of gas to offset the additional storage overhead that supports their functionality. -The extra units of gas are customizable and therefore vary by chain, so be sure to check the chain's ante handler for the gas value set, if any. - -```go -func sendTx() error { - // --snip-- - expiration := 5 * time.Minute - txBuilder.SetUnordered(true) - txBuilder.SetTimeoutTimestamp(time.Now().Add(expiration + (1 * time.Nanosecond))) -} -``` - -Unordered transactions from the same account must use a unique timeout timestamp value. The difference between each timeout timestamp value may be as small as a nanosecond, however. - -```go -import ( - "github.com/cosmos/cosmos-sdk/client" -) - -func sendMessages(txBuilders []client.TxBuilder) error { - // --snip-- - expiration := 5 * time.Minute - for _, txb := range txBuilders { - txb.SetUnordered(true) - txb.SetTimeoutTimestamp(time.Now().Add(expiration + (1 * time.Nanosecond))) - } -} -``` - -### Signing a Transaction - -We set encoding config to use Protobuf, which will use `SIGN_MODE_DIRECT` by default. As per [ADR-020](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-020-protobuf-transaction-encoding.md), each signer needs to sign the `SignerInfo`s of all other signers. This means that we need to perform two steps sequentially: - -* for each signer, populate the signer's `SignerInfo` inside `TxBuilder`, -* once all `SignerInfo`s are populated, for each signer, sign the `SignDoc` (the payload to be signed). - -In the current `TxBuilder`'s API, both steps are done using the same method: `SetSignatures()`. The current API requires us to first perform a round of `SetSignatures()` _with empty signatures_, only to populate `SignerInfo`s, and a second round of `SetSignatures()` to actually sign the correct payload. - -```go -import ( - cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" - "github.com/cosmos/cosmos-sdk/types/tx/signing" - xauthsigning "github.com/cosmos/cosmos-sdk/x/auth/signing" -) - -func sendTx() error { - // --snip-- - - privs := []cryptotypes.PrivKey{priv1, priv2} - accNums:= []uint64{..., ...} // The accounts' account numbers - accSeqs:= []uint64{..., ...} // The accounts' sequence numbers - - // First round: we gather all the signer infos. We use the "set empty - // signature" hack to do that. - var sigsV2 []signing.SignatureV2 - for i, priv := range privs { - sigV2 := signing.SignatureV2{ - PubKey: priv.PubKey(), - Data: &signing.SingleSignatureData{ - SignMode: encCfg.TxConfig.SignModeHandler().DefaultMode(), - Signature: nil, - }, - Sequence: accSeqs[i], - } - - sigsV2 = append(sigsV2, sigV2) - } - err := txBuilder.SetSignatures(sigsV2...) - if err != nil { - return err - } - - // Second round: all signer infos are set, so each signer can sign. - sigsV2 = []signing.SignatureV2{} - for i, priv := range privs { - signerData := xauthsigning.SignerData{ - ChainID: chainID, - AccountNumber: accNums[i], - Sequence: accSeqs[i], - } - sigV2, err := tx.SignWithPrivKey( - encCfg.TxConfig.SignModeHandler().DefaultMode(), signerData, - txBuilder, priv, encCfg.TxConfig, accSeqs[i]) - if err != nil { - return nil, err - } - - sigsV2 = append(sigsV2, sigV2) - } - err = txBuilder.SetSignatures(sigsV2...) - if err != nil { - return err - } -} -``` - -The `TxBuilder` is now correctly populated. To print it, you can use the `TxConfig` interface from the initial encoding config `encCfg`: - -```go -func sendTx() error { - // --snip-- - - // Generated Protobuf-encoded bytes. - txBytes, err := encCfg.TxConfig.TxEncoder()(txBuilder.GetTx()) - if err != nil { - return err - } - - // Generate a JSON string. - txJSONBytes, err := encCfg.TxConfig.TxJSONEncoder()(txBuilder.GetTx()) - if err != nil { - return err - } - txJSON := string(txJSONBytes) -} -``` - -### Broadcasting a Transaction - -The preferred way to broadcast a transaction is to use gRPC, though using REST (via `gRPC-gateway`) or the CometBFT RPC is also possible. An overview of the differences between these methods is exposed [here](../../learn/advanced/06-grpc_rest.md). For this tutorial, we will only describe the gRPC method. - -```go -import ( - "context" - "fmt" - - "google.golang.org/grpc" - - "github.com/cosmos/cosmos-sdk/types/tx" -) - -func sendTx(ctx context.Context) error { - // --snip-- - - // Create a connection to the gRPC server. - grpcConn := grpc.Dial( - "127.0.0.1:9090", // Or your gRPC server address. - grpc.WithInsecure(), // The Cosmos SDK doesn't support any transport security mechanism. - ) - defer grpcConn.Close() - - // Broadcast the tx via gRPC. We create a new client for the Protobuf Tx - // service. - txClient := tx.NewServiceClient(grpcConn) - // We then call the BroadcastTx method on this client. - grpcRes, err := txClient.BroadcastTx( - ctx, - &tx.BroadcastTxRequest{ - Mode: tx.BroadcastMode_BROADCAST_MODE_SYNC, - TxBytes: txBytes, // Proto-binary of the signed transaction, see previous step. - }, - ) - if err != nil { - return err - } - - fmt.Println(grpcRes.TxResponse.Code) // Should be `0` if the tx is successful - - return nil -} -``` - -#### Simulating a Transaction - -Before broadcasting a transaction, we sometimes may want to dry-run the transaction, to estimate some information about the transaction without actually committing it. This is called simulating a transaction, and can be done as follows: - -```go -import ( - "context" - "fmt" - "testing" - - "github.com/cosmos/cosmos-sdk/client" - "github.com/cosmos/cosmos-sdk/types/tx" - authtx "github.com/cosmos/cosmos-sdk/x/auth/tx" -) - -func simulateTx() error { - // --snip-- - - // Simulate the tx via gRPC. We create a new client for the Protobuf Tx - // service. - txClient := tx.NewServiceClient(grpcConn) - txBytes := /* Fill in with your signed transaction bytes. */ - - // We then call the Simulate method on this client. - grpcRes, err := txClient.Simulate( - context.Background(), - &tx.SimulateRequest{ - TxBytes: txBytes, - }, - ) - if err != nil { - return err - } - - fmt.Println(grpcRes.GasInfo) // Prints estimated gas used. - - return nil -} -``` - -## Using gRPC - -It is not possible to generate or sign a transaction using gRPC, only to broadcast one. In order to broadcast a transaction using gRPC, you will need to generate, sign, and encode the transaction using either the CLI or programmatically with Go. - -### Broadcasting a Transaction - -Broadcasting a transaction using the gRPC endpoint can be done by sending a `BroadcastTx` request as follows, where the `txBytes` are the protobuf-encoded bytes of a signed transaction: - -```bash -grpcurl -plaintext \ - -d '{"tx_bytes":"{{txBytes}}","mode":"BROADCAST_MODE_SYNC"}' \ - localhost:9090 \ - cosmos.tx.v1beta1.Service/BroadcastTx -``` - -## Using REST - -It is not possible to generate or sign a transaction using REST, only to broadcast one. In order to broadcast a transaction using REST, you will need to generate, sign, and encode the transaction using either the CLI or programmatically with Go. - -### Broadcasting a Transaction - -Broadcasting a transaction using the REST endpoint (served by `gRPC-gateway`) can be done by sending a POST request as follows, where the `txBytes` are the protobuf-encoded bytes of a signed transaction: - -```bash -curl -X POST \ - -H "Content-Type: application/json" \ - -d' {"tx_bytes":"{{txBytes}}","mode":"BROADCAST_MODE_SYNC"}' \ - localhost:1317/cosmos/tx/v1beta1/txs -``` - -## Using CosmJS (JavaScript & TypeScript) - -CosmJS aims to build client libraries in JavaScript that can be embedded in web applications. Please see [https://cosmos.github.io/cosmjs](https://cosmos.github.io/cosmjs) for more information. As of January 2021, CosmJS documentation is still a work in progress. diff --git a/copy-of-sdk-docs/docs/user/run-node/04-rosetta.md b/copy-of-sdk-docs/docs/user/run-node/04-rosetta.md deleted file mode 100644 index e4527abb..00000000 --- a/copy-of-sdk-docs/docs/user/run-node/04-rosetta.md +++ /dev/null @@ -1,144 +0,0 @@ -# Rosetta - -The `rosetta` project implements Coinbase's [Rosetta API](https://www.rosetta-api.org). This document provides instructions on how to use the Rosetta API integration. For information about the motivation and design choices, refer to [ADR 035](https://docs.cosmos.network/main/architecture/adr-035-rosetta-api-support). - -## Installing Rosetta - -The Rosetta API server is a stand-alone server that connects to a node of a chain developed with Cosmos SDK. - -Rosetta can be added to any cosmos chain node. standalone or natively. - -### Standalone - -Rosetta can be executed as a standalone service, it connects to the node endpoints and expose the required endpoints. - -Install Rosetta standalone server with the following command: - -```bash -go install github.com/cosmos/rosetta -``` - -Alternatively, for building from source, simply run `make build`. The binary will be located in the root folder. - -### Native - As a node command - -To enable Native Rosetta API support, it's required to add the `RosettaCommand` to your application's root command file (e.g. `simd/cmd/root.go`). - -Import the `rosettaCmd` package: - -```go -import "github.com/cosmos/rosetta/cmd" -``` - -Find the following line: - -```go -initRootCmd(rootCmd, encodingConfig) -``` - -After that line, add the following: - -```go -rootCmd.AddCommand( - rosettaCmd.RosettaCommand(encodingConfig.InterfaceRegistry, encodingConfig.Codec) -) -``` - -The `RosettaCommand` function builds the `rosetta` root command and is defined in the `rosettaCmd` package (`github.com/cosmos/rosetta/cmd`). - -Since we’ve updated the Cosmos SDK to work with the Rosetta API, updating the application's root command file is all you need to do. - -An implementation example can be found in `simapp` package. - -## Use Rosetta Command - -To run Rosetta in your application CLI, use the following command: - -> **Note:** if using the native approach, add your node name before any rosetta command. - -```shell -rosetta --help -``` - -To test and run Rosetta API endpoints for applications that are running and exposed, use the following command: - -```shell -rosetta - --blockchain "your application name (ex: gaia)" - --network "your chain identifier (ex: testnet-1)" - --tendermint "tendermint endpoint (ex: localhost:26657)" - --grpc "gRPC endpoint (ex: localhost:9090)" - --addr "rosetta binding address (ex: :8080)" - --grpc-types-server (optional) "gRPC endpoint for message descriptor types" -``` - -## Plugins - Multi chain connections - -Rosetta will try to reflect the node types trough reflection over the node gRPC endpoints, there may be cases were this approach is not enough. It is possible to extend or implement the required types easily through plugins. - -To use Rosetta over any chain, it is required to set up prefixes and registering zone specific interfaces through plugins. - -Each plugin is a minimalist implementation of `InitZone` and `RegisterInterfaces` which allow Rosetta to parse chain specific data. There is an example for cosmos-hub chain under `plugins/cosmos-hun/` folder -- **InitZone**: An empty method that is executed first and defines prefixes, parameters and other settings. -- **RegisterInterfaces**: This method receives an interface registry which is were the zone specific types and interfaces will be loaded - -In order to add a new plugin: -1. Create a folder over `plugins` folder with the name of the desired zone -2. Add a `main.go` file with the mentioned methods above. -3. Build the code binary through `go build -buildmode=plugin -o main.so main.go` - -The plugin folder is selected through the cli `--plugin` flag and loaded into the Rosetta server. - -## Extensions - -There are two ways in which you can customize and extend the implementation with your custom settings. - -### Message extension - -In order to make an `sdk.Msg` understandable by rosetta the only thing which is required is adding the methods to your messages that satisfy the `rosetta.Msg` interface. Examples on how to do so can be found in the staking types such as `MsgDelegate`, or in bank types such as `MsgSend`. - -### Client interface override - -In case more customization is required, it's possible to embed the Client type and override the methods which require customizations. - -Example: - -```go -package custom_client -import ( - -"context" -"github.com/coinbase/rosetta-sdk-go/types" -"github.com/cosmos/rosetta/lib" -) - -// CustomClient embeds the standard cosmos client -// which means that it implements the cosmos-rosetta-gateway Client -// interface while at the same time allowing to customize certain methods -type CustomClient struct { - *rosetta.Client -} - -func (c *CustomClient) ConstructionPayload(_ context.Context, request *types.ConstructionPayloadsRequest) (resp *types.ConstructionPayloadsResponse, err error) { - // provide custom signature bytes - panic("implement me") -} -``` - -NOTE: when using a customized client, the command cannot be used as the constructors required **may** differ, so it's required to create a new one. We intend to provide a way to init a customized client without writing extra code in the future. - -### Error extension - -Since rosetta requires to provide 'returned' errors to network options. In order to declare a new rosetta error, we use the `errors` package in cosmos-rosetta-gateway. - -Example: - -```go -package custom_errors -import crgerrs "github.com/cosmos/rosetta/lib/errors" - -var customErrRetriable = true -var CustomError = crgerrs.RegisterError(100, "custom message", customErrRetriable, "description") -``` - -Note: errors must be registered before cosmos-rosetta-gateway's `Server`.`Start` method is called. Otherwise the registration will be ignored. Errors with same code will be ignored too. diff --git a/copy-of-sdk-docs/docs/user/run-node/05-run-testnet.md b/copy-of-sdk-docs/docs/user/run-node/05-run-testnet.md deleted file mode 100644 index 9200042e..00000000 --- a/copy-of-sdk-docs/docs/user/run-node/05-run-testnet.md +++ /dev/null @@ -1,101 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Running a Testnet - -:::note Synopsis -The `simd testnet` subcommand makes it easy to initialize and start a simulated test network for testing purposes. -::: - -In addition to the commands for [running a node](./01-run-node.md), the `simd` binary also includes a `testnet` command that allows you to start a simulated test network in-process or to initialize files for a simulated test network that runs in a separate process. - -## Initialize Files - -First, let's take a look at the `init-files` subcommand. - -This is similar to the `init` command when initializing a single node, but in this case we are initializing multiple nodes, generating the genesis transactions for each node, and then collecting those transactions. - -The `init-files` subcommand initializes the necessary files to run a test network in a separate process (i.e. using a Docker container). Running this command is not a prerequisite for the `start` subcommand ([see below](#start-testnet)). - -In order to initialize the files for a test network, run the following command: - -```bash -simd testnet init-files -``` - -You should see the following output in your terminal: - -```bash -Successfully initialized 4 node directories -``` - -The default output directory is a relative `.testnets` directory. Let's take a look at the files created within the `.testnets` directory. - -### gentxs - -The `gentxs` directory includes a genesis transaction for each validator node. Each file includes a JSON encoded genesis transaction used to register a validator node at the time of genesis. The genesis transactions are added to the `genesis.json` file within each node directory during the initialization process. - -### nodes - -A node directory is created for each validator node. Within each node directory is a `simd` directory. The `simd` directory is the home directory for each node, which includes the configuration and data files for that node (i.e. the same files included in the default `~/.simapp` directory when running a single node). - -## Start Testnet - -Now, let's take a look at the `start` subcommand. - -The `start` subcommand both initializes and starts an in-process test network. This is the fastest way to spin up a local test network for testing purposes. - -You can start the local test network by running the following command: - -```bash -simd testnet start -``` - -You should see something similar to the following: - -```bash -acquiring test network lock -preparing test network with chain-id "chain-mtoD9v" - - -+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -++ THIS MNEMONIC IS FOR TESTING PURPOSES ONLY ++ -++ DO NOT USE IN PRODUCTION ++ -++ ++ -++ sustain know debris minute gate hybrid stereo custom ++ -++ divorce cross spoon machine latin vibrant term oblige ++ -++ moment beauty laundry repeat grab game bronze truly ++ -+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - - -starting test network... -started test network -press the Enter Key to terminate -``` - -The first validator node is now running in-process, which means the test network will terminate once you either close the terminal window or you press the Enter key. In the output, the mnemonic phrase for the first validator node is provided for testing purposes. The validator node is using the same default addresses being used when initializing and starting a single node (no need to provide a `--node` flag). - -Check the status of the first validator node: - -```shell -simd status -``` - -Import the key from the provided mnemonic: - -```shell -simd keys add test --recover --keyring-backend test -``` - -Check the balance of the account address: - -```shell -simd q bank balances [address] -``` - -Use this test account to manually test against the test network. - -## Testnet Options - -You can customize the configuration of the test network with flags. In order to see all flag options, append the `--help` flag to each command. diff --git a/copy-of-sdk-docs/docs/user/run-node/06-run-production.md b/copy-of-sdk-docs/docs/user/run-node/06-run-production.md deleted file mode 100644 index 6eee4808..00000000 --- a/copy-of-sdk-docs/docs/user/run-node/06-run-production.md +++ /dev/null @@ -1,269 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Running in Production - -:::note Synopsis -This section describes how to securely run a node in a public setting and/or on a mainnet on one of the many Cosmos SDK public blockchains. -::: - -When operating a node, full node or validator, in production it is important to set your server up securely. - -:::note -There are many different ways to secure a server and your node, the described steps here is one way. To see another way of setting up a server see the [run in production tutorial](https://tutorials.cosmos.network/hands-on-exercise/4-run-in-prod). -::: - -:::note -This walkthrough assumes the underlying operating system is Ubuntu. -::: - -## Server Setup - -### User - -When creating a server most times it is created as user `root`. This user has heightened privileges on the server. When operating a node, it is recommended to not run your node as the root user. - -1. Create a new user - -```bash -sudo adduser change_me -``` - -2. We want to allow this user to perform sudo tasks - -```bash -sudo usermod -aG sudo change_me -``` - -Now when logging into the server, the non `root` user can be used. - -### Go - -1. Install the [Go](https://go.dev/doc/install) version preconized by the application. - -:::warning -In the past, validators [have had issues](https://github.com/cosmos/cosmos-sdk/issues/13976) when using different versions of Go. It is recommended that the whole validator set uses the version of Go that is preconized by the application. -::: - -### Firewall - -Nodes should not have all ports open to the public, this is a simple way to get DDOS'd. Secondly it is recommended by [CometBFT](https://github.com/cometbft/cometbft) to never expose ports that are not required to operate a node. - -When setting up a firewall there are a few ports that can be open when operating a Cosmos SDK node. There is the CometBFT json-RPC, prometheus, p2p, remote signer and Cosmos SDK GRPC and REST. If the node is being operated as a node that does not offer endpoints to be used for submission or querying then a max of three endpoints are needed. - -Most, if not all servers come equipped with [ufw](https://help.ubuntu.com/community/UFW). Ufw will be used in this tutorial. - -1. Reset UFW to disallow all incoming connections and allow outgoing - -```bash -sudo ufw default deny incoming -sudo ufw default allow outgoing -``` - -2. Lets make sure that port 22 (ssh) stays open. - -```bash -sudo ufw allow ssh -``` - -or - -```bash -sudo ufw allow 22 -``` - -Both of the above commands are the same. - -3. Allow Port 26656 (cometbft p2p port). If the node has a modified p2p port then that port must be used here. - -```bash -sudo ufw allow 26656/tcp -``` - -4. Allow port 26660 (cometbft [prometheus](https://prometheus.io)). This acts as the applications monitoring port as well. - -```bash -sudo ufw allow 26660/tcp -``` - -5. IF the node which is being setup would like to expose CometBFTs jsonRPC and Cosmos SDK GRPC and REST then follow this step. (Optional) - -##### CometBFT JsonRPC - -```bash -sudo ufw allow 26657/tcp -``` - -##### Cosmos SDK GRPC - -```bash -sudo ufw allow 9090/tcp -``` - -##### Cosmos SDK REST - -```bash -sudo ufw allow 1317/tcp -``` - -6. Lastly, enable ufw - -```bash -sudo ufw enable -``` - -### Signing - -If the node that is being started is a validator there are multiple ways a validator could sign blocks. - -#### File - -File based signing is the simplest and default approach. This approach works by storing the consensus key, generated on initialization, to sign blocks. This approach is only as safe as your server setup as if the server is compromised so is your key. This key is located in the `config/priv_val_key.json` directory generated on initialization. - -A second file exists that user must be aware of, the file is located in the data directory `data/priv_val_state.json`. This file protects your node from double signing. It keeps track of the consensus keys last sign height, round and latest signature. If the node crashes and needs to be recovered this file must be kept in order to ensure that the consensus key will not be used for signing a block that was previously signed. - -#### Remote Signer - -A remote signer is a secondary server that is separate from the running node that signs blocks with the consensus key. This means that the consensus key does not live on the node itself. This increases security because your full node which is connected to the remote signer can be swapped without missing blocks. - -The two most used remote signers are [tmkms](https://github.com/iqlusioninc/tmkms) from [Iqlusion](https://www.iqlusion.io) and [horcrux](https://github.com/strangelove-ventures/horcrux) from [Strangelove](https://strange.love). - -##### TMKMS - -###### Dependencies - -1. Update server dependencies and install extras needed. - -```sh -sudo apt update -y && sudo apt install build-essential curl jq -y -``` - -2. Install Rust: - -```sh -curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -``` - -3. Install Libusb: - -```sh -sudo apt install libusb-1.0-0-dev -``` - -###### Setup - -There are two ways to install tmkms, from source or `cargo install`. In the examples we will cover downloading or building from source and using softsign. Softsign stands for software signing, but you could use a [yubihsm](https://www.yubico.com/products/hardware-security-module/) as your signing key if you wish. - -1. Build: - -From source: - -```bash -cd $HOME -git clone https://github.com/iqlusioninc/tmkms.git -cd $HOME/tmkms -cargo install tmkms --features=softsign -tmkms init config -tmkms softsign keygen ./config/secrets/secret_connection_key -``` - -or - -Cargo install: - -```bash -cargo install tmkms --features=softsign -tmkms init config -tmkms softsign keygen ./config/secrets/secret_connection_key -``` - -:::note -To use tmkms with a yubikey install the binary with `--features=yubihsm`. -::: - -2. Migrate the validator key from the full node to the new tmkms instance. - -```bash -scp user@123.456.32.123:~/.simd/config/priv_validator_key.json ~/tmkms/config/secrets -``` - -3. Import the validator key into tmkms. - -```bash -tmkms softsign import $HOME/tmkms/config/secrets/priv_validator_key.json $HOME/tmkms/config/secrets/priv_validator_key -``` - -At this point, it is necessary to delete the `priv_validator_key.json` from the validator node and the tmkms node. Since the key has been imported into tmkms (above) it is no longer necessary on the nodes. The key can be safely stored offline. - -4. Modify the `tmkms.toml`. - -```bash -vim $HOME/tmkms/config/tmkms.toml -``` - -This example shows a configuration that could be used for soft signing. The example has an IP of `123.456.12.345` with a port of `26659` a chain_id of `test-chain-waSDSe`. These are items that must be modified for the usecase of tmkms and the network. - -```toml -# CometBFT KMS configuration file - -## Chain Configuration - -[[chain]] -id = "osmosis-1" -key_format = { type = "bech32", account_key_prefix = "cosmospub", consensus_key_prefix = "cosmosvalconspub" } -state_file = "/root/tmkms/config/state/priv_validator_state.json" - -## Signing Provider Configuration - -### Software-based Signer Configuration - -[[providers.softsign]] -chain_ids = ["test-chain-waSDSe"] -key_type = "consensus" -path = "/root/tmkms/config/secrets/priv_validator_key" - -## Validator Configuration - -[[validator]] -chain_id = "test-chain-waSDSe" -addr = "tcp://123.456.12.345:26659" -secret_key = "/root/tmkms/config/secrets/secret_connection_key" -protocol_version = "v0.34" -reconnect = true -``` - -5. Set the address of the tmkms instance. - -```bash -vim $HOME/.simd/config/config.toml - -priv_validator_laddr = "tcp://0.0.0.0:26659" -``` - -:::tip -The above address it set to `0.0.0.0` but it is recommended to set the tmkms server to secure the startup -::: - -:::tip -It is recommended to comment or delete the lines that specify the path of the validator key and validator: - -```toml -# Path to the JSON file containing the private key to use as a validator in the consensus protocol -# priv_validator_key_file = "config/priv_validator_key.json" - -# Path to the JSON file containing the last sign state of a validator -# priv_validator_state_file = "data/priv_validator_state.json" -``` - -::: - -6. Start the two processes. - -```bash -tmkms start -c $HOME/tmkms/config/tmkms.toml -``` - -```bash -simd start -``` diff --git a/copy-of-sdk-docs/docs/user/run-node/_category_.json b/copy-of-sdk-docs/docs/user/run-node/_category_.json deleted file mode 100644 index 65e64b94..00000000 --- a/copy-of-sdk-docs/docs/user/run-node/_category_.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "label": "Running a Node, API and CLI", - "position": 0, - "link": null -} \ No newline at end of file diff --git a/copy-of-sdk-docs/docs/user/user.md b/copy-of-sdk-docs/docs/user/user.md deleted file mode 100644 index 5429e8ad..00000000 --- a/copy-of-sdk-docs/docs/user/user.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -sidebar_position: 0 ---- -# User Guides - -This section is designed for developers who are using the Cosmos SDK to build applications. It provides essential guides and references to effectively use the SDK's features. - -* [Setting up keys](./run-node/00-keyring.md) - Learn how to set up secure key management using the Cosmos SDK's keyring feature. This guide provides a streamlined approach to cryptographic key handling, which is crucial for securing your application. -* [Running a node](./run-node/01-run-node.md) - This guide provides step-by-step instructions to deploy and manage a node in the Cosmos network. It ensures a smooth and reliable operation of your blockchain application by covering all the necessary setup and maintenance steps. -* [CLI](./run-node/02-interact-node.md) - Discover how to navigate and interact with the Cosmos SDK using the Command Line Interface (CLI). This section covers efficient and powerful command-based operations that can help you manage your application effectively. From a02037f001eba0e53adb2e2e98b3302e12d9d2bb Mon Sep 17 00:00:00 2001 From: Cordt Date: Wed, 15 Oct 2025 09:51:01 -0600 Subject: [PATCH 04/26] unignore ./build --- .gitignore | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/.gitignore b/.gitignore index 7fd11c11..0d8e7b86 100644 --- a/.gitignore +++ b/.gitignore @@ -63,16 +63,6 @@ schema.json docs/logs/ logs/ dist/ -build/ - -# --- allow SDK docs build/ dirs (override rule above) --- -!docs/sdk/v0.53/build/ -!docs/sdk/v0.53/build/** -!docs/sdk/v0.50/build/ -!docs/sdk/v0.50/build/** -!docs/sdk/v0.47/build/ -!docs/sdk/v0.47/build/** -# -------------------------------------------------------- .yarn/ # Keep most scripts ignored, but include versioning tools From b668cef86e8afd3b98eee0f41eb0fc1d49db379d Mon Sep 17 00:00:00 2001 From: Cordt Date: Wed, 15 Oct 2025 09:51:13 -0600 Subject: [PATCH 05/26] add build dirs --- copy-of-sdk-docs/build/_category_.json | 5 + .../build/abci/00-introduction.md | 51 + .../build/abci/01-prepare-proposal.md | 45 + .../build/abci/02-process-proposal.md | 32 + .../build/abci/03-vote-extensions.md | 122 + copy-of-sdk-docs/build/abci/04-checktx.md | 50 + copy-of-sdk-docs/build/abci/_category_.json | 5 + .../build/architecture/PROCESS.md | 58 + copy-of-sdk-docs/build/architecture/README.md | 96 + .../build/architecture/_category_.json | 5 + .../architecture/adr-002-docs-structure.md | 86 + .../adr-003-dynamic-capability-store.md | 344 ++ .../adr-004-split-denomination-keys.md | 120 + .../adr-006-secret-store-replacement.md | 54 + .../adr-007-specialization-groups.md | 177 + .../build/architecture/adr-008-dCERT-group.md | 171 + .../architecture/adr-009-evidence-module.md | 182 + .../adr-010-modular-antehandler.md | 290 ++ .../adr-011-generalize-genesis-accounts.md | 170 + .../architecture/adr-012-state-accessors.md | 155 + .../build/architecture/adr-013-metrics.md | 157 + .../adr-014-proportional-slashing.md | 85 + ...dr-016-validator-consensus-key-rotation.md | 125 + .../adr-017-historical-header-module.md | 61 + .../adr-018-extendable-voting-period.md | 66 + .../adr-019-protobuf-state-encoding.md | 379 ++ .../adr-020-protobuf-transaction-encoding.md | 464 +++ .../adr-021-protobuf-query-encoding.md | 256 ++ .../adr-022-custom-panic-handling.md | 218 ++ .../architecture/adr-023-protobuf-naming.md | 263 ++ .../architecture/adr-024-coin-metadata.md | 140 + ...27-deterministic-protobuf-serialization.md | 314 ++ .../adr-028-public-key-addresses.md | 342 ++ .../architecture/adr-029-fee-grant-module.md | 153 + .../architecture/adr-030-authz-module.md | 258 ++ .../build/architecture/adr-031-msg-service.md | 202 ++ .../architecture/adr-032-typed-events.md | 319 ++ .../adr-033-protobuf-inter-module-comm.md | 400 +++ .../architecture/adr-034-account-rekeying.md | 76 + .../adr-035-rosetta-api-support.md | 211 ++ .../adr-036-arbitrary-signature.md | 132 + .../architecture/adr-037-gov-split-vote.md | 111 + .../architecture/adr-038-state-listening.md | 724 ++++ .../architecture/adr-039-epoched-staking.md | 122 + ...r-040-storage-and-smt-state-commitments.md | 289 ++ .../adr-041-in-place-store-migrations.md | 167 + .../architecture/adr-042-group-module.md | 279 ++ .../build/architecture/adr-043-nft-module.md | 349 ++ .../adr-044-protobuf-updates-guidelines.md | 129 + .../adr-045-check-delivertx-middlewares.md | 312 ++ .../architecture/adr-046-module-params.md | 184 + .../adr-047-extend-upgrade-plan.md | 254 ++ .../architecture/adr-048-consensus-fees.md | 204 ++ .../architecture/adr-049-state-sync-hooks.md | 174 + .../adr-050-sign-mode-textual-annex1.md | 361 ++ .../adr-050-sign-mode-textual-annex2.md | 122 + .../architecture/adr-050-sign-mode-textual.md | 370 ++ .../adr-053-go-module-refactoring.md | 110 + .../adr-054-semver-compatible-modules.md | 731 ++++ .../build/architecture/adr-055-orm.md | 114 + .../build/architecture/adr-057-app-wiring.md | 369 ++ .../adr-058-auto-generated-cli.md | 98 + .../build/architecture/adr-059-test-scopes.md | 254 ++ .../build/architecture/adr-060-abci-1.0.md | 238 ++ .../architecture/adr-061-liquid-staking.md | 82 + .../adr-062-collections-state-layer.md | 120 + .../architecture/adr-063-core-module-api.md | 562 +++ .../build/architecture/adr-064-abci-2.0.md | 473 +++ .../build/architecture/adr-065-store-v2.md | 290 ++ .../build/architecture/adr-068-preblock.md | 63 + .../architecture/adr-070-unordered-account.md | 327 ++ .../architecture/adr-076-tx-malleability.md | 172 + .../build/architecture/adr-template.md | 83 + .../build/architecture/bankv2.png | Bin 0 -> 280587 bytes copy-of-sdk-docs/build/build.md | 13 + .../build/building-apps/00-app-go.md | 14 + .../build/building-apps/00-runtime.md | 152 + .../build/building-apps/01-app-go-di.md | 164 + .../build/building-apps/02-app-mempool.md | 94 + .../build/building-apps/03-app-upgrade.md | 218 ++ .../build/building-apps/04-vote-extensions.md | 121 + .../build/building-apps/05-app-testnet.md | 235 ++ .../build/building-apps/_category_.json | 5 + .../building-apps/upgrades/_category_.json | 5 + .../build/building-modules/00-intro.md | 73 + .../building-modules/01-module-manager.md | 328 ++ .../02-messages-and-queries.md | 137 + .../build/building-modules/03-msg-services.md | 119 + .../building-modules/04-query-services.md | 57 + .../05-protobuf-annotations.md | 131 + .../06-beginblock-endblock.md | 47 + .../build/building-modules/06-keeper.md | 92 + .../build/building-modules/07-invariants.md | 90 + .../build/building-modules/08-genesis.md | 78 + .../building-modules/09-module-interfaces.md | 165 + .../build/building-modules/11-structure.md | 95 + .../build/building-modules/12-errors.md | 56 + .../build/building-modules/13-upgrade.md | 63 + .../build/building-modules/14-simulator.md | 177 + .../build/building-modules/15-depinject.md | 124 + .../build/building-modules/16-testing.md | 124 + .../build/building-modules/17-preblock.md | 32 + .../build/building-modules/_category_.json | 5 + .../building-modules/transaction_flow.svg | 48 + copy-of-sdk-docs/build/migrations/01-intro.md | 15 + .../build/migrations/02-upgrade-reference.md | 26 + .../build/migrations/02-upgrading.md | 522 +++ .../build/migrations/03-upgrade-guide.md | 503 +++ .../build/migrations/_category_.json | 5 + copy-of-sdk-docs/build/modules/README.md | 63 + .../build/modules/_category_.json | 5 + .../build/modules/auth/1-vesting.md | 618 ++++ copy-of-sdk-docs/build/modules/auth/2-tx.md | 264 ++ copy-of-sdk-docs/build/modules/auth/README.md | 710 ++++ .../build/modules/authz/README.md | 377 ++ copy-of-sdk-docs/build/modules/bank/README.md | 1039 ++++++ .../build/modules/circuit/README.md | 259 ++ .../build/modules/consensus/README.md | 7 + .../build/modules/crisis/README.md | 112 + .../build/modules/distribution/README.md | 1128 ++++++ .../build/modules/epochs/README.md | 177 + .../build/modules/evidence/README.md | 440 +++ .../build/modules/feegrant/README.md | 396 +++ .../build/modules/genutil/README.md | 89 + copy-of-sdk-docs/build/modules/gov/README.md | 2588 ++++++++++++++ .../build/modules/group/README.md | 2168 ++++++++++++ copy-of-sdk-docs/build/modules/mint/README.md | 460 +++ copy-of-sdk-docs/build/modules/nft/README.md | 91 + .../build/modules/params/README.md | 79 + .../build/modules/protocolpool/README.md | 162 + .../build/modules/slashing/README.md | 813 +++++ .../build/modules/staking/README.md | 3058 +++++++++++++++++ .../build/modules/upgrade/README.md | 609 ++++ .../build/packages/01-depinject.md | 205 ++ .../build/packages/02-collections.md | 1210 +++++++ copy-of-sdk-docs/build/packages/README.md | 38 + .../build/packages/_category_.json | 5 + copy-of-sdk-docs/build/rfc/PROCESS.md | 62 + copy-of-sdk-docs/build/rfc/README.md | 38 + copy-of-sdk-docs/build/rfc/_category_.json | 5 + .../build/rfc/rfc-001-tx-validation.md | 25 + copy-of-sdk-docs/build/rfc/rfc-template.md | 83 + copy-of-sdk-docs/build/rfc/rfc/PROCESS.md | 62 + copy-of-sdk-docs/build/rfc/rfc/README.md | 38 + .../build/rfc/rfc/_category_.json | 5 + .../build/rfc/rfc/rfc-001-tx-validation.md | 25 + .../build/rfc/rfc/rfc-template.md | 83 + copy-of-sdk-docs/build/spec/README.md | 25 + copy-of-sdk-docs/build/spec/SPEC_MODULE.md | 60 + copy-of-sdk-docs/build/spec/SPEC_STANDARD.md | 121 + copy-of-sdk-docs/build/spec/_category_.json | 5 + copy-of-sdk-docs/build/spec/_ics/README.md | 3 + .../spec/_ics/ics-030-signed-messages.md | 192 ++ .../build/spec/addresses/README.md | 3 + .../build/spec/addresses/bech32.md | 21 + .../spec/fee_distribution/f1_fee_distr.pdf | Bin 0 -> 185175 bytes .../spec/fee_distribution/f1_fee_distr.tex | 245 ++ copy-of-sdk-docs/build/spec/store/README.md | 235 ++ .../build/spec/store/interblock-cache.md | 289 ++ copy-of-sdk-docs/build/tooling/00-protobuf.md | 113 + .../build/tooling/01-cosmovisor.md | 411 +++ copy-of-sdk-docs/build/tooling/02-confix.md | 156 + copy-of-sdk-docs/build/tooling/03-hubl.md | 73 + copy-of-sdk-docs/build/tooling/README.md | 17 + .../build/tooling/_category_.json | 5 + .../version-0.47/build/_category_.json | 5 + .../build/architecture/PROCESS.md | 58 + .../version-0.47/build/architecture/README.md | 94 + .../build/architecture/_category_.json | 5 + .../architecture/adr-002-docs-structure.md | 86 + .../adr-003-dynamic-capability-store.md | 344 ++ .../adr-004-split-denomination-keys.md | 120 + .../adr-006-secret-store-replacement.md | 54 + .../adr-007-specialization-groups.md | 177 + .../build/architecture/adr-008-dCERT-group.md | 171 + .../architecture/adr-009-evidence-module.md | 182 + .../adr-010-modular-antehandler.md | 290 ++ .../adr-011-generalize-genesis-accounts.md | 170 + .../architecture/adr-012-state-accessors.md | 155 + .../build/architecture/adr-013-metrics.md | 157 + .../adr-014-proportional-slashing.md | 85 + ...dr-016-validator-consensus-key-rotation.md | 125 + .../adr-017-historical-header-module.md | 61 + .../adr-018-extendable-voting-period.md | 66 + .../adr-019-protobuf-state-encoding.md | 379 ++ .../adr-020-protobuf-transaction-encoding.md | 464 +++ .../adr-021-protobuf-query-encoding.md | 256 ++ .../adr-022-custom-panic-handling.md | 218 ++ .../architecture/adr-023-protobuf-naming.md | 263 ++ .../architecture/adr-024-coin-metadata.md | 140 + ...27-deterministic-protobuf-serialization.md | 314 ++ .../adr-028-public-key-addresses.md | 342 ++ .../architecture/adr-029-fee-grant-module.md | 153 + .../architecture/adr-030-authz-module.md | 258 ++ .../build/architecture/adr-031-msg-service.md | 202 ++ .../architecture/adr-032-typed-events.md | 319 ++ .../adr-033-protobuf-inter-module-comm.md | 400 +++ .../architecture/adr-034-account-rekeying.md | 76 + .../adr-035-rosetta-api-support.md | 211 ++ .../adr-036-arbitrary-signature.md | 132 + .../architecture/adr-037-gov-split-vote.md | 111 + .../architecture/adr-038-state-listening.md | 822 +++++ .../architecture/adr-039-epoched-staking.md | 122 + ...r-040-storage-and-smt-state-commitments.md | 289 ++ .../adr-041-in-place-store-migrations.md | 167 + .../architecture/adr-042-group-module.md | 279 ++ .../build/architecture/adr-043-nft-module.md | 349 ++ .../adr-044-protobuf-updates-guidelines.md | 129 + .../adr-045-check-delivertx-middlewares.md | 312 ++ .../architecture/adr-046-module-params.md | 184 + .../adr-047-extend-upgrade-plan.md | 250 ++ .../architecture/adr-048-consensus-fees.md | 204 ++ .../architecture/adr-049-state-sync-hooks.md | 174 + .../adr-050-sign-mode-textual-annex1.md | 358 ++ .../adr-050-sign-mode-textual-annex2.md | 122 + .../architecture/adr-050-sign-mode-textual.md | 369 ++ .../adr-053-go-module-refactoring.md | 110 + .../adr-054-semver-compatible-modules.md | 728 ++++ .../build/architecture/adr-055-orm.md | 113 + .../build/architecture/adr-057-app-wiring.md | 340 ++ .../adr-058-auto-generated-cli.md | 98 + .../build/architecture/adr-059-test-scopes.md | 254 ++ .../build/architecture/adr-060-abci-1.0.md | 238 ++ .../architecture/adr-061-liquid-staking.md | 82 + .../adr-062-collections-state-layer.md | 117 + .../architecture/adr-063-core-module-api.md | 505 +++ .../build/architecture/adr-064-abci-2.0.md | 461 +++ .../build/architecture/adr-065-store-v2.md | 290 ++ .../build/architecture/adr-template.md | 83 + .../version-0.47/build/build.md | 15 + .../build/building-apps/00-app-go.md | 15 + .../build/building-apps/01-app-go-v2.md | 132 + .../build/building-apps/02-app-mempool.md | 165 + .../build/building-apps/03-app-upgrade.md | 70 + .../build/building-apps/_category_.json | 5 + .../build/building-modules/00-intro.md | 94 + .../building-modules/01-module-manager.md | 273 ++ .../02-messages-and-queries.md | 126 + .../build/building-modules/03-msg-services.md | 121 + .../building-modules/04-query-services.md | 59 + .../05-beginblock-endblock.md | 47 + .../build/building-modules/06-keeper.md | 93 + .../build/building-modules/07-invariants.md | 92 + .../build/building-modules/08-genesis.md | 80 + .../building-modules/09-module-interfaces.md | 161 + .../build/building-modules/11-structure.md | 95 + .../build/building-modules/12-errors.md | 56 + .../build/building-modules/13-upgrade.md | 65 + .../build/building-modules/14-simulator.md | 135 + .../build/building-modules/15-depinject.md | 126 + .../build/building-modules/16-testing.md | 124 + .../build/building-modules/_category_.json | 5 + .../building-modules/transaction_flow.svg | 48 + .../version-0.47/build/migrations/01-intro.md | 15 + .../build/migrations/02-upgrading.md | 612 ++++ .../build/migrations/_category_.json | 5 + .../version-0.47/build/modules/README.md | 41 + .../build/modules/_category_.json | 5 + .../build/modules/accounts/accounts.md | 3 + .../build/modules/auth/1-vesting.md | 618 ++++ .../version-0.47/build/modules/auth/2-tx.md | 266 ++ .../version-0.47/build/modules/auth/README.md | 705 ++++ .../build/modules/authz/README.md | 355 ++ .../version-0.47/build/modules/bank/README.md | 950 +++++ .../build/modules/circuit/README.md | 151 + .../build/modules/consensus/README.md | 7 + .../build/modules/crisis/README.md | 110 + .../build/modules/distribution/README.md | 1042 ++++++ .../build/modules/evidence/README.md | 440 +++ .../build/modules/feegrant/README.md | 388 +++ .../build/modules/genutil/README.md | 69 + .../version-0.47/build/modules/gov/README.md | 2658 ++++++++++++++ .../build/modules/group/README.md | 2156 ++++++++++++ .../version-0.47/build/modules/mint/README.md | 383 +++ .../version-0.47/build/modules/nft/README.md | 89 + .../build/modules/params/README.md | 79 + .../build/modules/slashing/README.md | 813 +++++ .../build/modules/staking/README.md | 3058 +++++++++++++++++ .../build/modules/upgrade/README.md | 619 ++++ .../build/packages/01-depinject.md | 187 + .../build/packages/02-collections.md | 1119 ++++++ .../version-0.47/build/packages/03-orm.md | 329 ++ .../version-0.47/build/packages/README.md | 39 + .../build/packages/_category_.json | 5 + .../version-0.47/build/rfc/PROCESS.md | 62 + .../version-0.47/build/rfc/README.md | 34 + .../version-0.47/build/rfc/_category_.json | 5 + .../build/rfc/rfc-001-tx-validation.md | 25 + .../version-0.47/build/rfc/rfc-template.md | 83 + .../version-0.47/build/spec/SPEC_MODULE.md | 60 + .../version-0.47/build/spec/SPEC_STANDARD.md | 121 + .../version-0.47/build/spec/_category_.json | 5 + .../build/spec/addresses/README.md | 3 + .../build/spec/addresses/bech32.md | 21 + .../spec/fee_distribution/f1_fee_distr.pdf | Bin 0 -> 185175 bytes .../spec/fee_distribution/f1_fee_distr.tex | 245 ++ .../version-0.47/build/spec/ics/README.md | 3 + .../build/spec/ics/ics-030-signed-messages.md | 192 ++ .../version-0.47/build/tooling/00-protobuf.md | 113 + .../build/tooling/01-cosmovisor.md | 366 ++ .../version-0.47/build/tooling/02-confix.md | 130 + .../version-0.47/build/tooling/03-autocli.md | 157 + .../version-0.47/build/tooling/04-hubl.md | 73 + .../build/tooling/05-depinject.md | 169 + .../version-0.47/build/tooling/README.md | 11 + .../build/tooling/_category_.json | 5 + .../version-0.50/build/_category_.json | 5 + .../build/abci/00-introduction.md | 51 + .../build/abci/01-prepare-proposal.md | 45 + .../build/abci/02-process-proposal.md | 32 + .../build/abci/03-vote-extensions.md | 123 + .../version-0.50/build/abci/_category_.json | 5 + .../build/architecture/PROCESS.md | 58 + .../version-0.50/build/architecture/README.md | 95 + .../build/architecture/_category_.json | 5 + .../architecture/adr-002-docs-structure.md | 86 + .../adr-003-dynamic-capability-store.md | 344 ++ .../adr-004-split-denomination-keys.md | 120 + .../adr-006-secret-store-replacement.md | 54 + .../adr-007-specialization-groups.md | 177 + .../build/architecture/adr-008-dCERT-group.md | 171 + .../architecture/adr-009-evidence-module.md | 182 + .../adr-010-modular-antehandler.md | 290 ++ .../adr-011-generalize-genesis-accounts.md | 170 + .../architecture/adr-012-state-accessors.md | 155 + .../build/architecture/adr-013-metrics.md | 157 + .../adr-014-proportional-slashing.md | 85 + ...dr-016-validator-consensus-key-rotation.md | 125 + .../adr-017-historical-header-module.md | 61 + .../adr-018-extendable-voting-period.md | 66 + .../adr-019-protobuf-state-encoding.md | 379 ++ .../adr-020-protobuf-transaction-encoding.md | 464 +++ .../adr-021-protobuf-query-encoding.md | 256 ++ .../adr-022-custom-panic-handling.md | 218 ++ .../architecture/adr-023-protobuf-naming.md | 263 ++ .../architecture/adr-024-coin-metadata.md | 140 + ...27-deterministic-protobuf-serialization.md | 314 ++ .../adr-028-public-key-addresses.md | 342 ++ .../architecture/adr-029-fee-grant-module.md | 153 + .../architecture/adr-030-authz-module.md | 258 ++ .../build/architecture/adr-031-msg-service.md | 202 ++ .../architecture/adr-032-typed-events.md | 319 ++ .../adr-033-protobuf-inter-module-comm.md | 400 +++ .../architecture/adr-034-account-rekeying.md | 76 + .../adr-035-rosetta-api-support.md | 211 ++ .../adr-036-arbitrary-signature.md | 132 + .../architecture/adr-037-gov-split-vote.md | 111 + .../architecture/adr-038-state-listening.md | 724 ++++ .../architecture/adr-039-epoched-staking.md | 122 + ...r-040-storage-and-smt-state-commitments.md | 289 ++ .../adr-041-in-place-store-migrations.md | 167 + .../architecture/adr-042-group-module.md | 279 ++ .../build/architecture/adr-043-nft-module.md | 349 ++ .../adr-044-protobuf-updates-guidelines.md | 129 + .../adr-045-check-delivertx-middlewares.md | 312 ++ .../architecture/adr-046-module-params.md | 184 + .../adr-047-extend-upgrade-plan.md | 253 ++ .../architecture/adr-048-consensus-fees.md | 204 ++ .../architecture/adr-049-state-sync-hooks.md | 174 + .../adr-050-sign-mode-textual-annex1.md | 358 ++ .../adr-050-sign-mode-textual-annex2.md | 122 + .../architecture/adr-050-sign-mode-textual.md | 370 ++ .../adr-053-go-module-refactoring.md | 110 + .../adr-054-semver-compatible-modules.md | 728 ++++ .../build/architecture/adr-055-orm.md | 113 + .../build/architecture/adr-057-app-wiring.md | 369 ++ .../adr-058-auto-generated-cli.md | 98 + .../build/architecture/adr-059-test-scopes.md | 254 ++ .../build/architecture/adr-060-abci-1.0.md | 238 ++ .../architecture/adr-061-liquid-staking.md | 82 + .../adr-062-collections-state-layer.md | 117 + .../architecture/adr-063-core-module-api.md | 561 +++ .../build/architecture/adr-064-abci-2.0.md | 473 +++ .../build/architecture/adr-065-store-v2.md | 290 ++ .../build/architecture/adr-068-preblock.md | 61 + .../architecture/adr-070-unordered-account.md | 327 ++ .../architecture/adr-076-tx-malleability.md | 165 + .../build/architecture/adr-template.md | 83 + .../version-0.50/build/build.md | 13 + .../build/building-apps/00-app-go.md | 14 + .../build/building-apps/01-app-go-v2.md | 154 + .../build/building-apps/02-app-mempool.md | 172 + .../build/building-apps/03-app-upgrade.md | 218 ++ .../build/building-apps/04-vote-extensions.md | 121 + .../build/building-apps/05-app-testnet.md | 235 ++ .../build/building-apps/_category_.json | 5 + .../build/building-modules/00-intro.md | 101 + .../building-modules/01-module-manager.md | 330 ++ .../02-messages-and-queries.md | 124 + .../build/building-modules/03-msg-services.md | 119 + .../building-modules/04-query-services.md | 57 + .../05-protobuf-annotations.md | 133 + .../06-beginblock-endblock.md | 47 + .../build/building-modules/06-keeper.md | 92 + .../build/building-modules/07-invariants.md | 90 + .../build/building-modules/08-genesis.md | 78 + .../building-modules/09-module-interfaces.md | 164 + .../build/building-modules/11-structure.md | 95 + .../build/building-modules/12-errors.md | 56 + .../build/building-modules/13-upgrade.md | 63 + .../build/building-modules/14-simulator.md | 132 + .../build/building-modules/15-depinject.md | 124 + .../build/building-modules/16-testing.md | 124 + .../build/building-modules/17-preblock.md | 31 + .../build/building-modules/_category_.json | 5 + .../version-0.50/build/migrations/01-intro.md | 15 + .../build/migrations/02-upgrade-reference.md | 227 ++ .../build/migrations/02-upgrading.md | 522 +++ .../build/migrations/03-upgrade-guide.md | 503 +++ .../build/migrations/_category_.json | 5 + .../version-0.50/build/modules/README.md | 63 + .../build/modules/_category_.json | 5 + .../build/modules/auth/1-vesting.md | 618 ++++ .../version-0.50/build/modules/auth/2-tx.md | 264 ++ .../version-0.50/build/modules/auth/README.md | 710 ++++ .../build/modules/authz/README.md | 372 ++ .../version-0.50/build/modules/bank/README.md | 1039 ++++++ .../build/modules/circuit/README.md | 170 + .../build/modules/consensus/README.md | 7 + .../build/modules/crisis/README.md | 110 + .../build/modules/distribution/README.md | 1049 ++++++ .../build/modules/epochs/README.md | 177 + .../build/modules/evidence/README.md | 440 +++ .../build/modules/feegrant/README.md | 396 +++ .../build/modules/genutil/README.md | 89 + .../version-0.50/build/modules/gov/README.md | 2547 ++++++++++++++ .../build/modules/group/README.md | 2166 ++++++++++++ .../version-0.50/build/modules/mint/README.md | 383 +++ .../version-0.50/build/modules/nft/README.md | 89 + .../build/modules/params/README.md | 79 + .../build/modules/protocolpool/README.md | 162 + .../build/modules/slashing/README.md | 813 +++++ .../build/modules/staking/README.md | 3058 +++++++++++++++++ .../build/modules/upgrade/README.md | 619 ++++ .../build/packages/01-depinject.md | 187 + .../build/packages/02-collections.md | 1119 ++++++ .../version-0.50/build/packages/README.md | 39 + .../build/packages/_category_.json | 5 + .../version-0.50/build/rfc/PROCESS.md | 62 + .../version-0.50/build/rfc/README.md | 38 + .../version-0.50/build/rfc/_category_.json | 5 + .../build/rfc/rfc-001-tx-validation.md | 25 + .../version-0.50/build/rfc/rfc-template.md | 83 + .../version-0.50/build/rfc/rfc/PROCESS.md | 62 + .../version-0.50/build/rfc/rfc/README.md | 38 + .../build/rfc/rfc/_category_.json | 5 + .../build/rfc/rfc/rfc-001-tx-validation.md | 25 + .../build/rfc/rfc/rfc-template.md | 83 + .../version-0.50/build/spec/README.md | 25 + .../version-0.50/build/spec/SPEC_MODULE.md | 60 + .../version-0.50/build/spec/SPEC_STANDARD.md | 121 + .../version-0.50/build/spec/_category_.json | 5 + .../version-0.50/build/spec/_ics/README.md | 3 + .../spec/_ics/ics-030-signed-messages.md | 192 ++ .../build/spec/addresses/README.md | 3 + .../build/spec/addresses/bech32.md | 21 + .../spec/fee_distribution/f1_fee_distr.pdf | Bin 0 -> 185175 bytes .../spec/fee_distribution/f1_fee_distr.tex | 245 ++ .../version-0.50/build/spec/store/README.md | 235 ++ .../build/spec/store/interblock-cache.md | 289 ++ .../version-0.50/build/tooling/00-protobuf.md | 113 + .../build/tooling/01-cosmovisor.md | 382 ++ .../version-0.50/build/tooling/02-confix.md | 137 + .../version-0.50/build/tooling/03-hubl.md | 73 + .../version-0.50/build/tooling/README.md | 19 + .../build/tooling/_category_.json | 5 + .../version-0.53/build/_category_.json | 5 + .../build/abci/00-introduction.md | 51 + .../build/abci/01-prepare-proposal.md | 45 + .../build/abci/02-process-proposal.md | 32 + .../build/abci/03-vote-extensions.md | 122 + .../version-0.53/build/abci/04-checktx.md | 50 + .../version-0.53/build/abci/_category_.json | 5 + .../build/architecture/PROCESS.md | 58 + .../version-0.53/build/architecture/README.md | 96 + .../build/architecture/_category_.json | 5 + .../architecture/adr-002-docs-structure.md | 86 + .../adr-003-dynamic-capability-store.md | 344 ++ .../adr-004-split-denomination-keys.md | 120 + .../adr-006-secret-store-replacement.md | 54 + .../adr-007-specialization-groups.md | 177 + .../build/architecture/adr-008-dCERT-group.md | 171 + .../architecture/adr-009-evidence-module.md | 182 + .../adr-010-modular-antehandler.md | 290 ++ .../adr-011-generalize-genesis-accounts.md | 170 + .../architecture/adr-012-state-accessors.md | 155 + .../build/architecture/adr-013-metrics.md | 157 + .../adr-014-proportional-slashing.md | 85 + ...dr-016-validator-consensus-key-rotation.md | 125 + .../adr-017-historical-header-module.md | 61 + .../adr-018-extendable-voting-period.md | 66 + .../adr-019-protobuf-state-encoding.md | 379 ++ .../adr-020-protobuf-transaction-encoding.md | 464 +++ .../adr-021-protobuf-query-encoding.md | 256 ++ .../adr-022-custom-panic-handling.md | 218 ++ .../architecture/adr-023-protobuf-naming.md | 263 ++ .../architecture/adr-024-coin-metadata.md | 140 + ...27-deterministic-protobuf-serialization.md | 314 ++ .../adr-028-public-key-addresses.md | 342 ++ .../architecture/adr-029-fee-grant-module.md | 153 + .../architecture/adr-030-authz-module.md | 258 ++ .../build/architecture/adr-031-msg-service.md | 202 ++ .../architecture/adr-032-typed-events.md | 319 ++ .../adr-033-protobuf-inter-module-comm.md | 400 +++ .../architecture/adr-034-account-rekeying.md | 76 + .../adr-035-rosetta-api-support.md | 211 ++ .../adr-036-arbitrary-signature.md | 132 + .../architecture/adr-037-gov-split-vote.md | 111 + .../architecture/adr-038-state-listening.md | 724 ++++ .../architecture/adr-039-epoched-staking.md | 122 + ...r-040-storage-and-smt-state-commitments.md | 289 ++ .../adr-041-in-place-store-migrations.md | 167 + .../architecture/adr-042-group-module.md | 279 ++ .../build/architecture/adr-043-nft-module.md | 349 ++ .../adr-044-protobuf-updates-guidelines.md | 129 + .../adr-045-check-delivertx-middlewares.md | 312 ++ .../architecture/adr-046-module-params.md | 184 + .../adr-047-extend-upgrade-plan.md | 253 ++ .../architecture/adr-048-consensus-fees.md | 204 ++ .../architecture/adr-049-state-sync-hooks.md | 174 + .../adr-050-sign-mode-textual-annex1.md | 358 ++ .../adr-050-sign-mode-textual-annex2.md | 122 + .../architecture/adr-050-sign-mode-textual.md | 370 ++ .../adr-053-go-module-refactoring.md | 110 + .../adr-054-semver-compatible-modules.md | 728 ++++ .../build/architecture/adr-055-orm.md | 113 + .../build/architecture/adr-057-app-wiring.md | 369 ++ .../adr-058-auto-generated-cli.md | 98 + .../build/architecture/adr-059-test-scopes.md | 254 ++ .../build/architecture/adr-060-abci-1.0.md | 238 ++ .../architecture/adr-061-liquid-staking.md | 82 + .../adr-062-collections-state-layer.md | 117 + .../architecture/adr-063-core-module-api.md | 558 +++ .../build/architecture/adr-064-abci-2.0.md | 473 +++ .../build/architecture/adr-065-store-v2.md | 290 ++ .../build/architecture/adr-068-preblock.md | 61 + .../architecture/adr-070-unordered-account.md | 327 ++ .../architecture/adr-076-tx-malleability.md | 165 + .../build/architecture/adr-template.md | 83 + .../version-0.53/build/build.md | 13 + .../build/building-apps/00-app-go.md | 14 + .../build/building-apps/00-runtime.md | 152 + .../build/building-apps/01-app-go-di.md | 164 + .../build/building-apps/02-app-mempool.md | 94 + .../build/building-apps/03-app-upgrade.md | 218 ++ .../build/building-apps/04-vote-extensions.md | 121 + .../build/building-apps/05-app-testnet.md | 235 ++ .../build/building-apps/_category_.json | 5 + .../build/building-modules/00-intro.md | 73 + .../building-modules/01-module-manager.md | 328 ++ .../02-messages-and-queries.md | 137 + .../build/building-modules/03-msg-services.md | 119 + .../building-modules/04-query-services.md | 57 + .../05-protobuf-annotations.md | 133 + .../06-beginblock-endblock.md | 47 + .../build/building-modules/06-keeper.md | 92 + .../build/building-modules/07-invariants.md | 90 + .../build/building-modules/08-genesis.md | 78 + .../building-modules/09-module-interfaces.md | 164 + .../build/building-modules/11-structure.md | 95 + .../build/building-modules/12-errors.md | 56 + .../build/building-modules/13-upgrade.md | 63 + .../build/building-modules/14-simulator.md | 176 + .../build/building-modules/15-depinject.md | 124 + .../build/building-modules/16-testing.md | 124 + .../build/building-modules/17-preblock.md | 31 + .../build/building-modules/_category_.json | 5 + .../version-0.53/build/migrations/01-intro.md | 15 + .../build/migrations/02-upgrade-reference.md | 227 ++ .../build/migrations/03-upgrade-guide.md | 503 +++ .../build/migrations/_category_.json | 5 + .../version-0.53/build/modules/README.md | 63 + .../build/modules/_category_.json | 5 + .../build/modules/auth/1-vesting.md | 618 ++++ .../version-0.53/build/modules/auth/2-tx.md | 264 ++ .../version-0.53/build/modules/auth/README.md | 710 ++++ .../build/modules/authz/README.md | 372 ++ .../version-0.53/build/modules/bank/README.md | 1039 ++++++ .../build/modules/circuit/README.md | 257 ++ .../build/modules/consensus/README.md | 7 + .../build/modules/crisis/README.md | 112 + .../build/modules/distribution/README.md | 1128 ++++++ .../build/modules/epochs/README.md | 177 + .../build/modules/evidence/README.md | 440 +++ .../build/modules/feegrant/README.md | 396 +++ .../build/modules/genutil/README.md | 89 + .../version-0.53/build/modules/gov/README.md | 2588 ++++++++++++++ .../build/modules/group/README.md | 2166 ++++++++++++ .../version-0.53/build/modules/mint/README.md | 460 +++ .../version-0.53/build/modules/nft/README.md | 89 + .../build/modules/params/README.md | 79 + .../build/modules/protocolpool/README.md | 162 + .../build/modules/slashing/README.md | 813 +++++ .../build/modules/staking/README.md | 3058 +++++++++++++++++ .../build/modules/upgrade/README.md | 609 ++++ .../build/packages/01-depinject.md | 205 ++ .../build/packages/02-collections.md | 1210 +++++++ .../version-0.53/build/packages/README.md | 38 + .../build/packages/_category_.json | 5 + .../version-0.53/build/rfc/PROCESS.md | 62 + .../version-0.53/build/rfc/README.md | 38 + .../version-0.53/build/rfc/_category_.json | 5 + .../build/rfc/rfc-001-tx-validation.md | 25 + .../version-0.53/build/rfc/rfc-template.md | 83 + .../version-0.53/build/spec/README.md | 25 + .../version-0.53/build/spec/SPEC_MODULE.md | 60 + .../version-0.53/build/spec/SPEC_STANDARD.md | 121 + .../version-0.53/build/spec/_category_.json | 5 + .../version-0.53/build/spec/_ics/README.md | 3 + .../spec/_ics/ics-030-signed-messages.md | 192 ++ .../build/spec/addresses/README.md | 3 + .../build/spec/addresses/bech32.md | 21 + .../spec/fee_distribution/f1_fee_distr.pdf | Bin 0 -> 185175 bytes .../spec/fee_distribution/f1_fee_distr.tex | 245 ++ .../version-0.53/build/spec/store/README.md | 235 ++ .../build/spec/store/interblock-cache.md | 289 ++ .../version-0.53/build/tooling/00-protobuf.md | 113 + .../build/tooling/01-cosmovisor.md | 411 +++ .../version-0.53/build/tooling/02-confix.md | 156 + .../version-0.53/build/tooling/README.md | 17 + .../build/tooling/_category_.json | 5 + 621 files changed, 150758 insertions(+) create mode 100644 copy-of-sdk-docs/build/_category_.json create mode 100644 copy-of-sdk-docs/build/abci/00-introduction.md create mode 100644 copy-of-sdk-docs/build/abci/01-prepare-proposal.md create mode 100644 copy-of-sdk-docs/build/abci/02-process-proposal.md create mode 100644 copy-of-sdk-docs/build/abci/03-vote-extensions.md create mode 100644 copy-of-sdk-docs/build/abci/04-checktx.md create mode 100644 copy-of-sdk-docs/build/abci/_category_.json create mode 100644 copy-of-sdk-docs/build/architecture/PROCESS.md create mode 100644 copy-of-sdk-docs/build/architecture/README.md create mode 100644 copy-of-sdk-docs/build/architecture/_category_.json create mode 100644 copy-of-sdk-docs/build/architecture/adr-002-docs-structure.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-003-dynamic-capability-store.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-004-split-denomination-keys.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-006-secret-store-replacement.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-007-specialization-groups.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-008-dCERT-group.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-009-evidence-module.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-010-modular-antehandler.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-011-generalize-genesis-accounts.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-012-state-accessors.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-013-metrics.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-014-proportional-slashing.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-016-validator-consensus-key-rotation.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-017-historical-header-module.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-018-extendable-voting-period.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-019-protobuf-state-encoding.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-020-protobuf-transaction-encoding.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-021-protobuf-query-encoding.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-022-custom-panic-handling.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-023-protobuf-naming.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-024-coin-metadata.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-027-deterministic-protobuf-serialization.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-028-public-key-addresses.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-029-fee-grant-module.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-030-authz-module.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-031-msg-service.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-032-typed-events.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-033-protobuf-inter-module-comm.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-034-account-rekeying.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-035-rosetta-api-support.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-036-arbitrary-signature.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-037-gov-split-vote.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-038-state-listening.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-039-epoched-staking.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-040-storage-and-smt-state-commitments.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-041-in-place-store-migrations.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-042-group-module.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-043-nft-module.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-044-protobuf-updates-guidelines.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-045-check-delivertx-middlewares.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-046-module-params.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-047-extend-upgrade-plan.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-048-consensus-fees.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-049-state-sync-hooks.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-050-sign-mode-textual-annex1.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-050-sign-mode-textual-annex2.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-050-sign-mode-textual.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-053-go-module-refactoring.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-054-semver-compatible-modules.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-055-orm.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-057-app-wiring.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-058-auto-generated-cli.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-059-test-scopes.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-060-abci-1.0.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-061-liquid-staking.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-062-collections-state-layer.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-063-core-module-api.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-064-abci-2.0.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-065-store-v2.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-068-preblock.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-070-unordered-account.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-076-tx-malleability.md create mode 100644 copy-of-sdk-docs/build/architecture/adr-template.md create mode 100644 copy-of-sdk-docs/build/architecture/bankv2.png create mode 100644 copy-of-sdk-docs/build/build.md create mode 100644 copy-of-sdk-docs/build/building-apps/00-app-go.md create mode 100644 copy-of-sdk-docs/build/building-apps/00-runtime.md create mode 100644 copy-of-sdk-docs/build/building-apps/01-app-go-di.md create mode 100644 copy-of-sdk-docs/build/building-apps/02-app-mempool.md create mode 100644 copy-of-sdk-docs/build/building-apps/03-app-upgrade.md create mode 100644 copy-of-sdk-docs/build/building-apps/04-vote-extensions.md create mode 100644 copy-of-sdk-docs/build/building-apps/05-app-testnet.md create mode 100644 copy-of-sdk-docs/build/building-apps/_category_.json create mode 100644 copy-of-sdk-docs/build/building-apps/upgrades/_category_.json create mode 100644 copy-of-sdk-docs/build/building-modules/00-intro.md create mode 100644 copy-of-sdk-docs/build/building-modules/01-module-manager.md create mode 100644 copy-of-sdk-docs/build/building-modules/02-messages-and-queries.md create mode 100644 copy-of-sdk-docs/build/building-modules/03-msg-services.md create mode 100644 copy-of-sdk-docs/build/building-modules/04-query-services.md create mode 100644 copy-of-sdk-docs/build/building-modules/05-protobuf-annotations.md create mode 100644 copy-of-sdk-docs/build/building-modules/06-beginblock-endblock.md create mode 100644 copy-of-sdk-docs/build/building-modules/06-keeper.md create mode 100644 copy-of-sdk-docs/build/building-modules/07-invariants.md create mode 100644 copy-of-sdk-docs/build/building-modules/08-genesis.md create mode 100644 copy-of-sdk-docs/build/building-modules/09-module-interfaces.md create mode 100644 copy-of-sdk-docs/build/building-modules/11-structure.md create mode 100644 copy-of-sdk-docs/build/building-modules/12-errors.md create mode 100644 copy-of-sdk-docs/build/building-modules/13-upgrade.md create mode 100644 copy-of-sdk-docs/build/building-modules/14-simulator.md create mode 100644 copy-of-sdk-docs/build/building-modules/15-depinject.md create mode 100644 copy-of-sdk-docs/build/building-modules/16-testing.md create mode 100644 copy-of-sdk-docs/build/building-modules/17-preblock.md create mode 100644 copy-of-sdk-docs/build/building-modules/_category_.json create mode 100644 copy-of-sdk-docs/build/building-modules/transaction_flow.svg create mode 100644 copy-of-sdk-docs/build/migrations/01-intro.md create mode 100644 copy-of-sdk-docs/build/migrations/02-upgrade-reference.md create mode 100644 copy-of-sdk-docs/build/migrations/02-upgrading.md create mode 100644 copy-of-sdk-docs/build/migrations/03-upgrade-guide.md create mode 100644 copy-of-sdk-docs/build/migrations/_category_.json create mode 100644 copy-of-sdk-docs/build/modules/README.md create mode 100644 copy-of-sdk-docs/build/modules/_category_.json create mode 100644 copy-of-sdk-docs/build/modules/auth/1-vesting.md create mode 100644 copy-of-sdk-docs/build/modules/auth/2-tx.md create mode 100644 copy-of-sdk-docs/build/modules/auth/README.md create mode 100644 copy-of-sdk-docs/build/modules/authz/README.md create mode 100644 copy-of-sdk-docs/build/modules/bank/README.md create mode 100644 copy-of-sdk-docs/build/modules/circuit/README.md create mode 100644 copy-of-sdk-docs/build/modules/consensus/README.md create mode 100644 copy-of-sdk-docs/build/modules/crisis/README.md create mode 100644 copy-of-sdk-docs/build/modules/distribution/README.md create mode 100644 copy-of-sdk-docs/build/modules/epochs/README.md create mode 100644 copy-of-sdk-docs/build/modules/evidence/README.md create mode 100644 copy-of-sdk-docs/build/modules/feegrant/README.md create mode 100644 copy-of-sdk-docs/build/modules/genutil/README.md create mode 100644 copy-of-sdk-docs/build/modules/gov/README.md create mode 100644 copy-of-sdk-docs/build/modules/group/README.md create mode 100644 copy-of-sdk-docs/build/modules/mint/README.md create mode 100644 copy-of-sdk-docs/build/modules/nft/README.md create mode 100644 copy-of-sdk-docs/build/modules/params/README.md create mode 100644 copy-of-sdk-docs/build/modules/protocolpool/README.md create mode 100644 copy-of-sdk-docs/build/modules/slashing/README.md create mode 100644 copy-of-sdk-docs/build/modules/staking/README.md create mode 100644 copy-of-sdk-docs/build/modules/upgrade/README.md create mode 100644 copy-of-sdk-docs/build/packages/01-depinject.md create mode 100644 copy-of-sdk-docs/build/packages/02-collections.md create mode 100644 copy-of-sdk-docs/build/packages/README.md create mode 100644 copy-of-sdk-docs/build/packages/_category_.json create mode 100644 copy-of-sdk-docs/build/rfc/PROCESS.md create mode 100644 copy-of-sdk-docs/build/rfc/README.md create mode 100644 copy-of-sdk-docs/build/rfc/_category_.json create mode 100644 copy-of-sdk-docs/build/rfc/rfc-001-tx-validation.md create mode 100644 copy-of-sdk-docs/build/rfc/rfc-template.md create mode 100644 copy-of-sdk-docs/build/rfc/rfc/PROCESS.md create mode 100644 copy-of-sdk-docs/build/rfc/rfc/README.md create mode 100644 copy-of-sdk-docs/build/rfc/rfc/_category_.json create mode 100644 copy-of-sdk-docs/build/rfc/rfc/rfc-001-tx-validation.md create mode 100644 copy-of-sdk-docs/build/rfc/rfc/rfc-template.md create mode 100644 copy-of-sdk-docs/build/spec/README.md create mode 100644 copy-of-sdk-docs/build/spec/SPEC_MODULE.md create mode 100644 copy-of-sdk-docs/build/spec/SPEC_STANDARD.md create mode 100644 copy-of-sdk-docs/build/spec/_category_.json create mode 100644 copy-of-sdk-docs/build/spec/_ics/README.md create mode 100644 copy-of-sdk-docs/build/spec/_ics/ics-030-signed-messages.md create mode 100644 copy-of-sdk-docs/build/spec/addresses/README.md create mode 100644 copy-of-sdk-docs/build/spec/addresses/bech32.md create mode 100644 copy-of-sdk-docs/build/spec/fee_distribution/f1_fee_distr.pdf create mode 100644 copy-of-sdk-docs/build/spec/fee_distribution/f1_fee_distr.tex create mode 100644 copy-of-sdk-docs/build/spec/store/README.md create mode 100644 copy-of-sdk-docs/build/spec/store/interblock-cache.md create mode 100644 copy-of-sdk-docs/build/tooling/00-protobuf.md create mode 100644 copy-of-sdk-docs/build/tooling/01-cosmovisor.md create mode 100644 copy-of-sdk-docs/build/tooling/02-confix.md create mode 100644 copy-of-sdk-docs/build/tooling/03-hubl.md create mode 100644 copy-of-sdk-docs/build/tooling/README.md create mode 100644 copy-of-sdk-docs/build/tooling/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/PROCESS.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-002-docs-structure.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-003-dynamic-capability-store.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-004-split-denomination-keys.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-006-secret-store-replacement.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-007-specialization-groups.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-008-dCERT-group.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-009-evidence-module.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-010-modular-antehandler.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-011-generalize-genesis-accounts.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-012-state-accessors.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-013-metrics.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-014-proportional-slashing.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-016-validator-consensus-key-rotation.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-017-historical-header-module.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-018-extendable-voting-period.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-019-protobuf-state-encoding.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-020-protobuf-transaction-encoding.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-021-protobuf-query-encoding.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-022-custom-panic-handling.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-023-protobuf-naming.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-024-coin-metadata.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-027-deterministic-protobuf-serialization.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-028-public-key-addresses.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-029-fee-grant-module.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-030-authz-module.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-031-msg-service.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-032-typed-events.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-033-protobuf-inter-module-comm.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-034-account-rekeying.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-035-rosetta-api-support.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-036-arbitrary-signature.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-037-gov-split-vote.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-038-state-listening.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-039-epoched-staking.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-040-storage-and-smt-state-commitments.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-041-in-place-store-migrations.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-042-group-module.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-043-nft-module.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-044-protobuf-updates-guidelines.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-045-check-delivertx-middlewares.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-046-module-params.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-047-extend-upgrade-plan.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-048-consensus-fees.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-049-state-sync-hooks.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-050-sign-mode-textual-annex1.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-050-sign-mode-textual-annex2.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-050-sign-mode-textual.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-053-go-module-refactoring.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-054-semver-compatible-modules.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-055-orm.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-057-app-wiring.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-058-auto-generated-cli.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-059-test-scopes.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-060-abci-1.0.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-061-liquid-staking.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-062-collections-state-layer.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-063-core-module-api.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-064-abci-2.0.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-065-store-v2.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-template.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/build.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/building-apps/00-app-go.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/building-apps/01-app-go-v2.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/building-apps/02-app-mempool.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/building-apps/03-app-upgrade.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/building-apps/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/building-modules/00-intro.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/building-modules/01-module-manager.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/building-modules/02-messages-and-queries.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/building-modules/03-msg-services.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/building-modules/04-query-services.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/building-modules/05-beginblock-endblock.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/building-modules/06-keeper.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/building-modules/07-invariants.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/building-modules/08-genesis.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/building-modules/09-module-interfaces.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/building-modules/11-structure.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/building-modules/12-errors.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/building-modules/13-upgrade.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/building-modules/14-simulator.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/building-modules/15-depinject.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/building-modules/16-testing.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/building-modules/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/building-modules/transaction_flow.svg create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/migrations/01-intro.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/migrations/02-upgrading.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/migrations/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/modules/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/modules/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/modules/accounts/accounts.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/modules/auth/1-vesting.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/modules/auth/2-tx.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/modules/auth/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/modules/authz/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/modules/bank/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/modules/circuit/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/modules/consensus/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/modules/crisis/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/modules/distribution/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/modules/evidence/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/modules/feegrant/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/modules/genutil/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/modules/gov/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/modules/group/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/modules/mint/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/modules/nft/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/modules/params/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/modules/slashing/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/modules/staking/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/modules/upgrade/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/packages/01-depinject.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/packages/02-collections.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/packages/03-orm.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/packages/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/packages/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/rfc/PROCESS.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/rfc/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/rfc/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/rfc/rfc-001-tx-validation.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/rfc/rfc-template.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/spec/SPEC_MODULE.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/spec/SPEC_STANDARD.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/spec/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/spec/addresses/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/spec/addresses/bech32.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/spec/fee_distribution/f1_fee_distr.pdf create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/spec/fee_distribution/f1_fee_distr.tex create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/spec/ics/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/spec/ics/ics-030-signed-messages.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/tooling/00-protobuf.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/tooling/01-cosmovisor.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/tooling/02-confix.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/tooling/03-autocli.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/tooling/04-hubl.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/tooling/05-depinject.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/tooling/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.47/build/tooling/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/abci/00-introduction.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/abci/01-prepare-proposal.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/abci/02-process-proposal.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/abci/03-vote-extensions.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/abci/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/PROCESS.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-002-docs-structure.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-003-dynamic-capability-store.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-004-split-denomination-keys.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-006-secret-store-replacement.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-007-specialization-groups.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-008-dCERT-group.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-009-evidence-module.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-010-modular-antehandler.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-011-generalize-genesis-accounts.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-012-state-accessors.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-013-metrics.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-014-proportional-slashing.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-016-validator-consensus-key-rotation.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-017-historical-header-module.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-018-extendable-voting-period.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-019-protobuf-state-encoding.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-020-protobuf-transaction-encoding.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-021-protobuf-query-encoding.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-022-custom-panic-handling.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-023-protobuf-naming.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-024-coin-metadata.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-027-deterministic-protobuf-serialization.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-028-public-key-addresses.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-029-fee-grant-module.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-030-authz-module.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-031-msg-service.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-032-typed-events.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-033-protobuf-inter-module-comm.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-034-account-rekeying.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-035-rosetta-api-support.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-036-arbitrary-signature.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-037-gov-split-vote.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-038-state-listening.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-039-epoched-staking.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-040-storage-and-smt-state-commitments.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-041-in-place-store-migrations.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-042-group-module.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-043-nft-module.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-044-protobuf-updates-guidelines.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-045-check-delivertx-middlewares.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-046-module-params.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-047-extend-upgrade-plan.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-048-consensus-fees.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-049-state-sync-hooks.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-050-sign-mode-textual-annex1.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-050-sign-mode-textual-annex2.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-050-sign-mode-textual.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-053-go-module-refactoring.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-054-semver-compatible-modules.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-055-orm.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-057-app-wiring.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-058-auto-generated-cli.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-059-test-scopes.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-060-abci-1.0.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-061-liquid-staking.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-062-collections-state-layer.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-063-core-module-api.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-064-abci-2.0.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-065-store-v2.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-068-preblock.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-070-unordered-account.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-076-tx-malleability.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-template.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/build.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-apps/00-app-go.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-apps/01-app-go-v2.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-apps/02-app-mempool.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-apps/03-app-upgrade.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-apps/04-vote-extensions.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-apps/05-app-testnet.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-apps/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-modules/00-intro.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-modules/01-module-manager.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-modules/02-messages-and-queries.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-modules/03-msg-services.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-modules/04-query-services.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-modules/05-protobuf-annotations.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-modules/06-beginblock-endblock.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-modules/06-keeper.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-modules/07-invariants.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-modules/08-genesis.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-modules/09-module-interfaces.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-modules/11-structure.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-modules/12-errors.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-modules/13-upgrade.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-modules/14-simulator.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-modules/15-depinject.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-modules/16-testing.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-modules/17-preblock.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/building-modules/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/migrations/01-intro.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/migrations/02-upgrade-reference.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/migrations/02-upgrading.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/migrations/03-upgrade-guide.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/migrations/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/modules/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/modules/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/modules/auth/1-vesting.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/modules/auth/2-tx.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/modules/auth/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/modules/authz/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/modules/bank/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/modules/circuit/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/modules/consensus/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/modules/crisis/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/modules/distribution/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/modules/epochs/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/modules/evidence/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/modules/feegrant/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/modules/genutil/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/modules/gov/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/modules/group/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/modules/mint/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/modules/nft/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/modules/params/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/modules/protocolpool/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/modules/slashing/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/modules/staking/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/modules/upgrade/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/packages/01-depinject.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/packages/02-collections.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/packages/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/packages/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/rfc/PROCESS.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/rfc/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/rfc/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc-001-tx-validation.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc-template.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc/PROCESS.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc/rfc-001-tx-validation.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc/rfc-template.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/spec/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/spec/SPEC_MODULE.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/spec/SPEC_STANDARD.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/spec/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/spec/_ics/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/spec/_ics/ics-030-signed-messages.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/spec/addresses/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/spec/addresses/bech32.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/spec/fee_distribution/f1_fee_distr.pdf create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/spec/fee_distribution/f1_fee_distr.tex create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/spec/store/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/spec/store/interblock-cache.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/tooling/00-protobuf.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/tooling/01-cosmovisor.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/tooling/02-confix.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/tooling/03-hubl.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/tooling/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.50/build/tooling/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/abci/00-introduction.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/abci/01-prepare-proposal.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/abci/02-process-proposal.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/abci/03-vote-extensions.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/abci/04-checktx.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/abci/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/PROCESS.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-002-docs-structure.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-003-dynamic-capability-store.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-004-split-denomination-keys.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-006-secret-store-replacement.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-007-specialization-groups.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-008-dCERT-group.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-009-evidence-module.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-010-modular-antehandler.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-011-generalize-genesis-accounts.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-012-state-accessors.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-013-metrics.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-014-proportional-slashing.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-016-validator-consensus-key-rotation.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-017-historical-header-module.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-018-extendable-voting-period.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-019-protobuf-state-encoding.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-020-protobuf-transaction-encoding.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-021-protobuf-query-encoding.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-022-custom-panic-handling.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-023-protobuf-naming.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-024-coin-metadata.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-027-deterministic-protobuf-serialization.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-028-public-key-addresses.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-029-fee-grant-module.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-030-authz-module.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-031-msg-service.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-032-typed-events.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-033-protobuf-inter-module-comm.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-034-account-rekeying.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-035-rosetta-api-support.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-036-arbitrary-signature.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-037-gov-split-vote.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-038-state-listening.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-039-epoched-staking.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-040-storage-and-smt-state-commitments.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-041-in-place-store-migrations.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-042-group-module.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-043-nft-module.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-044-protobuf-updates-guidelines.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-045-check-delivertx-middlewares.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-046-module-params.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-047-extend-upgrade-plan.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-048-consensus-fees.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-049-state-sync-hooks.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-050-sign-mode-textual-annex1.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-050-sign-mode-textual-annex2.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-050-sign-mode-textual.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-053-go-module-refactoring.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-054-semver-compatible-modules.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-055-orm.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-057-app-wiring.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-058-auto-generated-cli.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-059-test-scopes.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-060-abci-1.0.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-061-liquid-staking.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-062-collections-state-layer.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-063-core-module-api.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-064-abci-2.0.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-065-store-v2.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-068-preblock.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-070-unordered-account.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-076-tx-malleability.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-template.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/build.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-apps/00-app-go.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-apps/00-runtime.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-apps/01-app-go-di.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-apps/02-app-mempool.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-apps/03-app-upgrade.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-apps/04-vote-extensions.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-apps/05-app-testnet.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-apps/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-modules/00-intro.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-modules/01-module-manager.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-modules/02-messages-and-queries.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-modules/03-msg-services.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-modules/04-query-services.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-modules/05-protobuf-annotations.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-modules/06-beginblock-endblock.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-modules/06-keeper.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-modules/07-invariants.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-modules/08-genesis.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-modules/09-module-interfaces.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-modules/11-structure.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-modules/12-errors.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-modules/13-upgrade.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-modules/14-simulator.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-modules/15-depinject.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-modules/16-testing.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-modules/17-preblock.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/building-modules/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/migrations/01-intro.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/migrations/02-upgrade-reference.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/migrations/03-upgrade-guide.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/migrations/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/modules/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/modules/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/modules/auth/1-vesting.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/modules/auth/2-tx.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/modules/auth/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/modules/authz/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/modules/bank/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/modules/circuit/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/modules/consensus/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/modules/crisis/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/modules/distribution/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/modules/epochs/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/modules/evidence/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/modules/feegrant/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/modules/genutil/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/modules/gov/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/modules/group/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/modules/mint/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/modules/nft/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/modules/params/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/modules/protocolpool/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/modules/slashing/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/modules/staking/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/modules/upgrade/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/packages/01-depinject.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/packages/02-collections.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/packages/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/packages/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/rfc/PROCESS.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/rfc/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/rfc/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/rfc/rfc-001-tx-validation.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/rfc/rfc-template.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/spec/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/spec/SPEC_MODULE.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/spec/SPEC_STANDARD.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/spec/_category_.json create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/spec/_ics/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/spec/_ics/ics-030-signed-messages.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/spec/addresses/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/spec/addresses/bech32.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/spec/fee_distribution/f1_fee_distr.pdf create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/spec/fee_distribution/f1_fee_distr.tex create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/spec/store/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/spec/store/interblock-cache.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/tooling/00-protobuf.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/tooling/01-cosmovisor.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/tooling/02-confix.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/tooling/README.md create mode 100644 copy-of-sdk-versioned_docs/version-0.53/build/tooling/_category_.json diff --git a/copy-of-sdk-docs/build/_category_.json b/copy-of-sdk-docs/build/_category_.json new file mode 100644 index 00000000..9f308823 --- /dev/null +++ b/copy-of-sdk-docs/build/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Build", + "position": 0, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/build/abci/00-introduction.md b/copy-of-sdk-docs/build/abci/00-introduction.md new file mode 100644 index 00000000..fa648be0 --- /dev/null +++ b/copy-of-sdk-docs/build/abci/00-introduction.md @@ -0,0 +1,51 @@ +# Introduction + +## What is ABCI? + +ABCI, Application Blockchain Interface is the interface between CometBFT and the application. More information about ABCI can be found [here](https://docs.cometbft.com/v0.38/spec/abci/). CometBFT version 0.38 included a new version of ABCI (called ABCI 2.0) which added several new methods. + +The 5 methods introduced in ABCI 2.0 are: + +* `PrepareProposal` +* `ProcessProposal` +* `ExtendVote` +* `VerifyVoteExtension` +* `FinalizeBlock` + + +## The Flow + +## PrepareProposal + +Based on validator voting power, CometBFT chooses a block proposer and calls `PrepareProposal` on the block proposer's application (Cosmos SDK). The selected block proposer is responsible for collecting outstanding transactions from the mempool, adhering to the application's specifications. The application can enforce custom transaction ordering and incorporate additional transactions, potentially generated from vote extensions in the previous block. + +To perform this manipulation on the application side, a custom handler must be implemented. By default, the Cosmos SDK provides `PrepareProposalHandler`, used in conjunction with an application specific mempool. A custom handler can be written by an application developer, if a noop handler is provided, all transactions are considered valid. + +Please note that vote extensions will only be available on the following height in which vote extensions are enabled. More information about vote extensions can be found [here](https://docs.cosmos.network/main/build/abci/vote-extensions). + +After creating the proposal, the proposer returns it to CometBFT. + +PrepareProposal CAN be non-deterministic. + +## ProcessProposal + +This method allows validators to perform application-specific checks on the block proposal and is called on all validators. This is an important step in the consensus process, as it ensures that the block is valid and meets the requirements of the application. For example, validators could check that the block contains all the required transactions or that the block does not create any invalid state transitions. + +The implementation of `ProcessProposal` MUST be deterministic. + +## ExtendVote and VerifyVoteExtensions + +These methods allow applications to extend the voting process by requiring validators to perform additional actions beyond simply validating blocks. + +If vote extensions are enabled, `ExtendVote` will be called on every validator and each one will return its vote extension which is in practice a bunch of bytes. As mentioned above this data (vote extension) can only be retrieved in the next block height during `PrepareProposal`. Additionally, this data can be arbitrary, but in the provided tutorials, it serves as an oracle or proof of transactions in the mempool. Essentially, vote extensions are processed and injected as transactions. Examples of use-cases for vote extensions include prices for a price oracle or encryption shares for an encrypted transaction mempool. `ExtendVote` CAN be non-deterministic. + +`VerifyVoteExtensions` is performed on every validator multiple times in order to verify other validators' vote extensions. This check is performed to validate the integrity and validity of the vote extensions preventing malicious or invalid vote extensions. + +Additionally, applications must keep the vote extension data concise as it can degrade the performance of their chain, see testing results [here](https://docs.cometbft.com/v0.38/qa/cometbft-qa-38#vote-extensions-testbed). + +`VerifyVoteExtensions` MUST be deterministic. + + +## FinalizeBlock + +`FinalizeBlock` is then called and is responsible for updating the state of the blockchain and making the block available to users. diff --git a/copy-of-sdk-docs/build/abci/01-prepare-proposal.md b/copy-of-sdk-docs/build/abci/01-prepare-proposal.md new file mode 100644 index 00000000..b1c6eb8a --- /dev/null +++ b/copy-of-sdk-docs/build/abci/01-prepare-proposal.md @@ -0,0 +1,45 @@ +# Prepare Proposal + +`PrepareProposal` handles construction of the block, meaning that when a proposer +is preparing to propose a block, it requests the application to evaluate a +`RequestPrepareProposal`, which contains a series of transactions from CometBFT's +mempool. At this point, the application has complete control over the proposal. +It can modify, delete, and inject transactions from its own app-side mempool into +the proposal or even ignore all the transactions altogether. What the application +does with the transactions provided to it by `RequestPrepareProposal` has no +effect on CometBFT's mempool. + +Note, that the application defines the semantics of the `PrepareProposal` and it +MAY be non-deterministic and is only executed by the current block proposer. + +Now, reading mempool twice in the previous sentence is confusing, lets break it down. +CometBFT has a mempool that handles gossiping transactions to other nodes +in the network. The order of these transactions is determined by CometBFT's mempool, +using FIFO as the sole ordering mechanism. It's worth noting that the priority mempool +in Comet was removed or deprecated. +However, since the application is able to fully inspect +all transactions, it can provide greater control over transaction ordering. +Allowing the application to handle ordering enables the application to define how +it would like the block constructed. + +The Cosmos SDK defines the `DefaultProposalHandler` type, which provides applications with +`PrepareProposal` and `ProcessProposal` handlers. If you decide to implement your +own `PrepareProposal` handler, you must ensure that the transactions +selected DO NOT exceed the maximum block gas (if set) and the maximum bytes provided +by `req.MaxBytes`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/abci_utils.go +``` + +This default implementation can be overridden by the application developer in +favor of a custom implementation in [`app_di.go`](../building-apps/01-app-go-di.md): + +```go +prepareOpt := func(app *baseapp.BaseApp) { + abciPropHandler := baseapp.NewDefaultProposalHandler(mempool, app) + app.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) +} + +baseAppOptions = append(baseAppOptions, prepareOpt) +``` diff --git a/copy-of-sdk-docs/build/abci/02-process-proposal.md b/copy-of-sdk-docs/build/abci/02-process-proposal.md new file mode 100644 index 00000000..221aa66d --- /dev/null +++ b/copy-of-sdk-docs/build/abci/02-process-proposal.md @@ -0,0 +1,32 @@ +# Process Proposal + +`ProcessProposal` handles the validation of a proposal from `PrepareProposal`, +which also includes a block header. After a block has been proposed, +the other validators have the right to accept or reject that block. The validator in the +default implementation of `PrepareProposal` runs basic validity checks on each +transaction. + +Note, `ProcessProposal` MUST be deterministic. Non-deterministic behaviors will cause apphash mismatches. +This means that if `ProcessProposal` panics or fails and we reject, all honest validator +processes should reject (i.e., prevote nil). If so, CometBFT will start a new round with a new block proposal and the same cycle will happen with `PrepareProposal` +and `ProcessProposal` for the new proposal. + +Here is the implementation of the default implementation: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/abci_utils.go#L219-L226 +``` + +Like `PrepareProposal`, this implementation is the default and can be modified by +the application developer in [`app_di.go`](../building-apps/01-app-go-di.md). If you decide to implement +your own `ProcessProposal` handler, you must ensure that the transactions +provided in the proposal DO NOT exceed the maximum block gas and `maxtxbytes` (if set). + +```go +processOpt := func(app *baseapp.BaseApp) { + abciPropHandler := baseapp.NewDefaultProposalHandler(mempool, app) + app.SetProcessProposal(abciPropHandler.ProcessProposalHandler()) +} + +baseAppOptions = append(baseAppOptions, processOpt) +``` diff --git a/copy-of-sdk-docs/build/abci/03-vote-extensions.md b/copy-of-sdk-docs/build/abci/03-vote-extensions.md new file mode 100644 index 00000000..a57395e3 --- /dev/null +++ b/copy-of-sdk-docs/build/abci/03-vote-extensions.md @@ -0,0 +1,122 @@ +# Vote Extensions + +:::note Synopsis +This section describes how the application can define and use vote extensions +defined in ABCI++. +::: + +## Extend Vote + +ABCI 2.0 (colloquially called ABCI++) allows an application to extend a pre-commit vote with arbitrary data. This process does NOT have to be deterministic, and the data returned can be unique to the +validator process. The Cosmos SDK defines [`baseapp.ExtendVoteHandler`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/abci.go#L32): + +```go +type ExtendVoteHandler func(Context, *abci.ExtendVoteRequest) (*abci.ExtendVoteResponse, error) +``` + +An application can set this handler in `app.go` via the `baseapp.SetExtendVoteHandler` +`BaseApp` option function. The `sdk.ExtendVoteHandler`, if defined, is called during +the `ExtendVote` ABCI method. Note, if an application decides to implement +`baseapp.ExtendVoteHandler`, it MUST return a non-nil `VoteExtension`. However, the vote +extension can be empty. See [here](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/spec/abci/abci++_methods.md#extendvote) +for more details. + +There are many decentralized censorship-resistant use cases for vote extensions. +For example, a validator may want to submit prices for a price oracle or encryption +shares for an encrypted transaction mempool. Note, an application should be careful +to consider the size of the vote extensions as they could increase latency in block +production. See [here](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/docs/qa/CometBFT-QA-38.md#vote-extensions-testbed) +for more details. + +Click [here](https://docs.cosmos.network/main/build/abci/vote-extensions) if you would like a walkthrough of how to implement vote extensions. + + +## Verify Vote Extension + +Similar to extending a vote, an application can also verify vote extensions from +other validators when validating their pre-commits. For a given vote extension, +this process MUST be deterministic. The Cosmos SDK defines [`sdk.VerifyVoteExtensionHandler`](https://github.com/cosmos/cosmos-sdk/blob/v0.50.1/types/abci.go#L29-L31): + +```go +type VerifyVoteExtensionHandler func(Context, *abci.VerifyVoteExtensionRequest) (*abci.VerifyVoteExtensionResponse, error) +``` + +An application can set this handler in `app.go` via the `baseapp.SetVerifyVoteExtensionHandler` +`BaseApp` option function. The `sdk.VerifyVoteExtensionHandler`, if defined, is called +during the `VerifyVoteExtension` ABCI method. If an application defines a vote +extension handler, it should also define a verification handler. Note, not all +validators will share the same view of what vote extensions they verify depending +on how votes are propagated. See [here](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/spec/abci/abci++_methods.md#verifyvoteextension) +for more details. + +Additionally, please keep in mind that performance can be degraded if vote extensions are too big (https://docs.cometbft.com/v0.38/qa/cometbft-qa-38#vote-extensions-testbed), so we highly recommend a size validation in `VerifyVoteExtensions`. + + +## Vote Extension Propagation + +The agreed upon vote extensions at height `H` are provided to the proposing validator +at height `H+1` during `PrepareProposal`. As a result, the vote extensions are +not natively provided or exposed to the remaining validators during `ProcessProposal`. +As a result, if an application requires that the agreed upon vote extensions from +height `H` are available to all validators at `H+1`, the application must propagate +these vote extensions manually in the block proposal itself. This can be done by +"injecting" them into the block proposal, since the `Txs` field in `PrepareProposal` +is just a slice of byte slices. + +`FinalizeBlock` will ignore any byte slice that doesn't implement an `sdk.Tx`, so +any injected vote extensions will safely be ignored in `FinalizeBlock`. For more +details on propagation, see the [ABCI++ 2.0 ADR](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-064-abci-2.0.md#vote-extension-propagation--verification). + +### Recovery of injected Vote Extensions + +As stated before, vote extensions can be injected into a block proposal (along with +other transactions in the `Txs` field). The Cosmos SDK provides a pre-FinalizeBlock +hook to allow applications to recover vote extensions, perform any necessary +computation on them, and then store the results in the cached store. These results +will be available to the application during the subsequent `FinalizeBlock` call. + +An example of how a pre-FinalizeBlock hook could look like is shown below: + +```go +app.SetPreBlocker(func(ctx sdk.Context, req *abci.FinalizeBlockRequest) error { + allVEs := []VE{} // store all parsed vote extensions here + for _, tx := range req.Txs { + // define a custom function that tries to parse the tx as a vote extension + ve, ok := parseVoteExtension(tx) + if !ok { + continue + } + + allVEs = append(allVEs, ve) + } + + // perform any necessary computation on the vote extensions and store the result + // in the cached store + result := compute(allVEs) + err := storeVEResult(ctx, result) + if err != nil { + return err + } + + return nil +}) + +``` + +Then, in an app's module, the application can retrieve the result of the computation +of vote extensions from the cached store: + +```go +func (k Keeper) BeginBlocker(ctx context.Context) error { + // retrieve the result of the computation of vote extensions from the cached store + result, err := k.GetVEResult(ctx) + if err != nil { + return err + } + + // use the result of the computation of vote extensions + k.setSomething(result) + + return nil +} +``` diff --git a/copy-of-sdk-docs/build/abci/04-checktx.md b/copy-of-sdk-docs/build/abci/04-checktx.md new file mode 100644 index 00000000..081d6fd2 --- /dev/null +++ b/copy-of-sdk-docs/build/abci/04-checktx.md @@ -0,0 +1,50 @@ +# CheckTx + +CheckTx is called by the `BaseApp` when comet receives a transaction from a client, over the p2p network or RPC. The CheckTx method is responsible for validating the transaction and returning an error if the transaction is invalid. + +```mermaid +graph TD + subgraph SDK[Cosmos SDK] + B[Baseapp] + A[AnteHandlers] + B <-->|Validate TX| A + end + C[CometBFT] <-->|CheckTx|SDK + U((User)) -->|Submit TX| C + N[P2P] -->|Receive TX| C +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/31c604762a434c7b676b6a89897ecbd7c4653a23/baseapp/abci.go#L350-L390 +``` + +## CheckTx Handler + +`CheckTxHandler` allows users to extend the logic of `CheckTx`. `CheckTxHandler` is called by passing context and the transaction bytes received through ABCI. It is required that the handler returns deterministic results given the same transaction bytes. + +:::note +we return the raw decoded transaction here to avoid decoding it twice. +::: + +```go +type CheckTxHandler func(ctx sdk.Context, tx []byte) (Tx, error) +``` + +Setting a custom `CheckTxHandler` is optional. It can be done from your app.go file: + +```go +func NewSimApp( + logger log.Logger, + db corestore.KVStoreWithBatch, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), +) *SimApp { + ... + // Create ChecktxHandler + checktxHandler := abci.NewCustomCheckTxHandler(...) + app.SetCheckTxHandler(checktxHandler) + ... +} +``` diff --git a/copy-of-sdk-docs/build/abci/_category_.json b/copy-of-sdk-docs/build/abci/_category_.json new file mode 100644 index 00000000..d4ebb80c --- /dev/null +++ b/copy-of-sdk-docs/build/abci/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "ABCI", + "position": 2, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/build/architecture/PROCESS.md b/copy-of-sdk-docs/build/architecture/PROCESS.md new file mode 100644 index 00000000..5ba1b86c --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/PROCESS.md @@ -0,0 +1,58 @@ +# ADR Creation Process + +1. Copy the `adr-template.md` file. Use the following filename pattern: `adr-next_number-title.md` +2. Create a draft Pull Request if you want to get early feedback. +3. Make sure the context and solution are clear and well documented. +4. Add an entry to the list in the [README](./README.md) file. +5. Create a Pull Request to propose a new ADR. + +## What is an ADR? + +An ADR is a document that documents an implementation and design that may or may not have been discussed in an RFC. While an RFC is meant to replace synchronous communication in a distributed environment, an ADR is meant to document an already made decision. An ADR won't come with much of a communication overhead because the discussion was recorded in an RFC or a synchronous discussion. If the consensus came from a synchronous discussion, then a short excerpt should be added to the ADR to explain the goals. + +## ADR life cycle + +ADR creation is an **iterative** process. Instead of having a high amount of communication overhead, an ADR is used when there is already a decision made and implementation details need to be added. The ADR should document what the collective consensus for the specific issue is and how to solve it. + +1. Every ADR should start with either an RFC or a discussion where consensus has been met. + +2. Once consensus is met, a GitHub Pull Request (PR) is created with a new document based on the `adr-template.md`. + +3. If a _proposed_ ADR is merged, then it should clearly document outstanding issues either in ADR document notes or in a GitHub Issue. + +4. The PR SHOULD always be merged. In the case of a faulty ADR, we still prefer to merge it with a _rejected_ status. The only time the ADR SHOULD NOT be merged is if the author abandons it. + +5. Merged ADRs SHOULD NOT be pruned. + +### ADR status + +Status has two components: + +```text +{CONSENSUS STATUS} {IMPLEMENTATION STATUS} +``` + +IMPLEMENTATION STATUS is either `Implemented` or `Not Implemented`. + +#### Consensus Status + +```text +DRAFT -> PROPOSED -> LAST CALL yyyy-mm-dd -> ACCEPTED | REJECTED -> SUPERSEDED by ADR-xxx + \ | + \ | + v v + ABANDONED +``` + +* `DRAFT`: [optional] an ADR which is a work in progress, not ready for a general review. This is to present an early work and get early feedback in a Draft Pull Request form. +* `PROPOSED`: an ADR covering a full solution architecture and still in the review - project stakeholders haven't reached an agreement yet. +* `LAST CALL `: [optional] Notify that we are close to accepting updates. Changing a status to `LAST CALL` means that social consensus (of Cosmos SDK maintainers) has been reached, and we still want to give it a time to let the community react or analyze. +* `ACCEPTED`: an ADR that represents a currently implemented or to be implemented architecture design. +* `REJECTED`: ADR can go from PROPOSED or ACCEPTED to rejected if the consensus among project stakeholders will decide so. +* `SUPERSEDED by ADR-xxx`: an ADR that has been superseded by a new ADR. +* `ABANDONED`: the ADR is no longer pursued by the original authors. + +## Language used in ADR + +* The context/background should be written in the present tense. +* Avoid using the first person. diff --git a/copy-of-sdk-docs/build/architecture/README.md b/copy-of-sdk-docs/build/architecture/README.md new file mode 100644 index 00000000..e75d9e25 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/README.md @@ -0,0 +1,96 @@ +--- +sidebar_position: 1 +--- + +# Architecture Decision Records (ADR) + +This is a location to record all high-level architecture decisions in the Cosmos-SDK. + +An Architectural Decision (**AD**) is a software design choice that addresses a functional or non-functional requirement that is architecturally significant. +An Architecturally Significant Requirement (**ASR**) is a requirement that has a measurable effect on a software system’s architecture and quality. +An Architectural Decision Record (**ADR**) captures a single AD, such as is often done when writing personal notes or meeting minutes; the collection of ADRs created and maintained in a project constitute its decision log. All these are within the topic of Architectural Knowledge Management (AKM). + +You can read more about the ADR concept in this [blog post](https://product.reverb.com/documenting-architecture-decisions-the-reverb-way-a3563bb24bd0#.78xhdix6t). + +## Rationale + +ADRs are intended to be the primary mechanism for proposing new feature designs and new processes, for collecting community input on an issue, and for documenting the design decisions. +An ADR should provide: + +* Context on the relevant goals and the current state +* Proposed changes to achieve the goals +* Summary of pros and cons +* References +* Changelog + +Note the distinction between an ADR and a spec. The ADR provides the context, intuition, reasoning, and +justification for a change in architecture, or for the architecture of something +new. The spec is a much more compressed and streamlined summary of everything as +it stands today. + +If recorded decisions turned out to be lacking, convene a discussion, record the new decisions here, and then modify the code to match. + +## Creating a new ADR + +Read about the [PROCESS](./PROCESS.md). + +### Use RFC 2119 Keywords + +When writing ADRs, follow the same best practices for writing RFCs. When writing RFCs, key words are used to signify the requirements in the specification. These words are often capitalized: "MUST," "MUST NOT," "REQUIRED," "SHALL," "SHALL NOT," "SHOULD," "SHOULD NOT," "RECOMMENDED," "MAY," and "OPTIONAL." They are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119). + +## ADR Table of Contents + +### Accepted + +* [ADR 002: SDK Documentation Structure](./adr-002-docs-structure.md) +* [ADR 004: Split Denomination Keys](./adr-004-split-denomination-keys.md) +* [ADR 006: Secret Store Replacement](./adr-006-secret-store-replacement.md) +* [ADR 009: Evidence Module](./adr-009-evidence-module.md) +* [ADR 010: Modular AnteHandler](./adr-010-modular-antehandler.md) +* [ADR 019: Protocol Buffer State Encoding](./adr-019-protobuf-state-encoding.md) +* [ADR 020: Protocol Buffer Transaction Encoding](./adr-020-protobuf-transaction-encoding.md) +* [ADR 021: Protocol Buffer Query Encoding](./adr-021-protobuf-query-encoding.md) +* [ADR 023: Protocol Buffer Naming and Versioning](./adr-023-protobuf-naming.md) +* [ADR 029: Fee Grant Module](./adr-029-fee-grant-module.md) +* [ADR 030: Message Authorization Module](./adr-030-authz-module.md) +* [ADR 031: Protobuf Msg Services](./adr-031-msg-service.md) +* [ADR 055: ORM](./adr-055-orm.md) +* [ADR 058: Auto-Generated CLI](./adr-058-auto-generated-cli.md) +* [ADR 060: ABCI 1.0 (Phase I)](adr-060-abci-1.0.md) +* [ADR 061: Liquid Staking](./adr-061-liquid-staking.md) + +### Proposed + +* [ADR 003: Dynamic Capability Store](./adr-003-dynamic-capability-store.md) +* [ADR 011: Generalize Genesis Accounts](./adr-011-generalize-genesis-accounts.md) +* [ADR 012: State Accessors](./adr-012-state-accessors.md) +* [ADR 013: Metrics](./adr-013-metrics.md) +* [ADR 016: Validator Consensus Key Rotation](./adr-016-validator-consensus-key-rotation.md) +* [ADR 017: Historical Header Module](./adr-017-historical-header-module.md) +* [ADR 018: Extendable Voting Periods](./adr-018-extendable-voting-period.md) +* [ADR 022: Custom baseapp panic handling](./adr-022-custom-panic-handling.md) +* [ADR 024: Coin Metadata](./adr-024-coin-metadata.md) +* [ADR 027: Deterministic Protobuf Serialization](./adr-027-deterministic-protobuf-serialization.md) +* [ADR 028: Public Key Addresses](./adr-028-public-key-addresses.md) +* [ADR 032: Typed Events](./adr-032-typed-events.md) +* [ADR 033: Inter-module RPC](./adr-033-protobuf-inter-module-comm.md) +* [ADR 035: Rosetta API Support](./adr-035-rosetta-api-support.md) +* [ADR 037: Governance Split Votes](./adr-037-gov-split-vote.md) +* [ADR 038: State Listening](./adr-038-state-listening.md) +* [ADR 039: Epoched Staking](./adr-039-epoched-staking.md) +* [ADR 040: Storage and SMT State Commitments](./adr-040-storage-and-smt-state-commitments.md) +* [ADR 046: Module Params](./adr-046-module-params.md) +* [ADR 054: Semver Compatible SDK Modules](./adr-054-semver-compatible-modules.md) +* [ADR 057: App Wiring](./adr-057-app-wiring.md) +* [ADR 059: Test Scopes](./adr-059-test-scopes.md) +* [ADR 062: Collections State Layer](./adr-062-collections-state-layer.md) +* [ADR 063: Core Module API](./adr-063-core-module-api.md) +* [ADR 065: Store V2](./adr-065-store-v2.md) +* [ADR 076: Transaction Malleability Risk Review and Recommendations](./adr-076-tx-malleability.md) + +### Draft + +* [ADR 044: Guidelines for Updating Protobuf Definitions](./adr-044-protobuf-updates-guidelines.md) +* [ADR 047: Extend Upgrade Plan](./adr-047-extend-upgrade-plan.md) +* [ADR 053: Go Module Refactoring](./adr-053-go-module-refactoring.md) +* [ADR 068: Preblock](./adr-068-preblock.md) diff --git a/copy-of-sdk-docs/build/architecture/_category_.json b/copy-of-sdk-docs/build/architecture/_category_.json new file mode 100644 index 00000000..e0b1907a --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "ADRs", + "position": 6, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/build/architecture/adr-002-docs-structure.md b/copy-of-sdk-docs/build/architecture/adr-002-docs-structure.md new file mode 100644 index 00000000..5819151f --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-002-docs-structure.md @@ -0,0 +1,86 @@ +# ADR 002: SDK Documentation Structure + +## Context + +There is a need for a scalable structure of the Cosmos SDK documentation. Current documentation includes a lot of non-related Cosmos SDK material, is difficult to maintain and hard to follow as a user. + +Ideally, we would have: + +* All docs related to dev frameworks or tools live in their respective github repos (sdk repo would contain sdk docs, hub repo would contain hub docs, lotion repo would contain lotion docs, etc.) +* All other docs (faqs, whitepaper, high-level material about Cosmos) would live on the website. + +## Decision + +Re-structure the `/docs` folder of the Cosmos SDK github repo as follows: + +```text +docs/ +├── README +├── intro/ +├── concepts/ +│ ├── baseapp +│ ├── types +│ ├── store +│ ├── server +│ ├── modules/ +│ │ ├── keeper +│ │ ├── handler +│ │ ├── cli +│ ├── gas +│ └── commands +├── clients/ +│ ├── lite/ +│ ├── service-providers +├── modules/ +├── spec/ +├── translations/ +└── architecture/ +``` + +The files in each sub-folders do not matter and will likely change. What matters is the sectioning: + +* `README`: Landing page of the docs. +* `intro`: Introductory material. Goal is to have a short explainer of the Cosmos SDK and then channel people to the resource they need. The [Cosmos SDK tutorial](https://github.com/cosmos/sdk-application-tutorial/) will be highlighted, as well as the `godocs`. +* `concepts`: Contains high-level explanations of the abstractions of the Cosmos SDK. It does not contain specific code implementation and does not need to be updated often. **It is not an API specification of the interfaces**. API spec is the `godoc`. +* `clients`: Contains specs and info about the various Cosmos SDK clients. +* `spec`: Contains specs of modules, and others. +* `modules`: Contains links to `godocs` and the spec of the modules. +* `architecture`: Contains architecture-related docs like the present one. +* `translations`: Contains different translations of the documentation. + +Website docs sidebar will only include the following sections: + +* `README` +* `intro` +* `concepts` +* `clients` + +`architecture` need not be displayed on the website. + +## Status + +Accepted + +## Consequences + +### Positive + +* Much clearer organisation of the Cosmos SDK docs. +* The `/docs` folder now only contains Cosmos SDK and gaia related material. Later, it will only contain Cosmos SDK related material. +* Developers only have to update `/docs` folder when they open a PR (and not `/examples` for example). +* Easier for developers to find what they need to update in the docs thanks to reworked architecture. +* Cleaner vuepress build for website docs. +* Will help build an executable doc (cf https://github.com/cosmos/cosmos-sdk/issues/2611) + +### Neutral + +* We need to move a bunch of deprecated stuff to `/_attic` folder. +* We need to integrate content in `docs/sdk/docs/core` in `concepts`. +* We need to move all the content that currently lives in `docs` and does not fit in new structure (like `lotion`, intro material, whitepaper) to the website repository. +* Update `DOCS_README.md` + +## References + +* https://github.com/cosmos/cosmos-sdk/issues/1460 +* https://github.com/cosmos/cosmos-sdk/pull/2695 +* https://github.com/cosmos/cosmos-sdk/issues/2611 diff --git a/copy-of-sdk-docs/build/architecture/adr-003-dynamic-capability-store.md b/copy-of-sdk-docs/build/architecture/adr-003-dynamic-capability-store.md new file mode 100644 index 00000000..f9ddd364 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-003-dynamic-capability-store.md @@ -0,0 +1,344 @@ +# ADR 3: Dynamic Capability Store + +## Changelog + +* 12 December 2019: Initial version +* 02 April 2020: Memory Store Revisions + +## Context + +Full implementation of the [IBC specification](https://github.com/cosmos/ibc) requires the ability to create and authenticate object-capability keys at runtime (i.e., during transaction execution), +as described in [ICS 5](https://github.com/cosmos/ibc/tree/master/spec/core/ics-005-port-allocation#technical-specification). In the IBC specification, capability keys are created for each newly initialised +port & channel, and are used to authenticate future usage of the port or channel. Since channels and potentially ports can be initialised during transaction execution, the state machine must be able to create +object-capability keys at this time. + +At present, the Cosmos SDK does not have the ability to do this. Object-capability keys are currently pointers (memory addresses) of `StoreKey` structs created at application initialisation in `app.go` ([example](https://github.com/cosmos/gaia/blob/dcbddd9f04b3086c0ad07ee65de16e7adedc7da4/app/app.go#L132)) +and passed to Keepers as fixed arguments ([example](https://github.com/cosmos/gaia/blob/dcbddd9f04b3086c0ad07ee65de16e7adedc7da4/app/app.go#L160)). Keepers cannot create or store capability keys during transaction execution — although they could call `NewKVStoreKey` and take the memory address +of the returned struct, storing this in the Merklised store would result in a consensus fault, since the memory address will be different on each machine (this is intentional — were this not the case, the keys would be predictable and couldn't serve as object capabilities). + +Keepers need a way to keep a private map of store keys which can be altered during transaction execution, along with a suitable mechanism for regenerating the unique memory addresses (capability keys) in this map whenever the application is started or restarted, along with a mechanism to revert capability creation on tx failure. +This ADR proposes such an interface & mechanism. + +## Decision + +The Cosmos SDK will include a new `CapabilityKeeper` abstraction, which is responsible for provisioning, +tracking, and authenticating capabilities at runtime. During application initialisation in `app.go`, +the `CapabilityKeeper` will be hooked up to modules through unique function references +(by calling `ScopeToModule`, defined below) so that it can identify the calling module when later +invoked. + +When the initial state is loaded from disk, the `CapabilityKeeper`'s `Initialise` function will create +new capability keys for all previously allocated capability identifiers (allocated during execution of +past transactions and assigned to particular modes), and keep them in a memory-only store while the +chain is running. + +The `CapabilityKeeper` will include a persistent `KVStore`, a `MemoryStore`, and an in-memory map. +The persistent `KVStore` tracks which capability is owned by which modules. +The `MemoryStore` stores a forward mapping that map from module name, capability tuples to capability names and +a reverse mapping that map from module name, capability name to the capability index. +Since we cannot marshal the capability into a `KVStore` and unmarshal without changing the memory location of the capability, +the reverse mapping in the KVStore will simply map to an index. This index can then be used as a key in the ephemeral +go-map to retrieve the capability at the original memory location. + +The `CapabilityKeeper` will define the following types & functions: + +The `Capability` is similar to `StoreKey`, but has a globally unique `Index()` instead of +a name. A `String()` method is provided for debugging. + +A `Capability` is simply a struct, the address of which is taken for the actual capability. + +```go +type Capability struct { + index uint64 +} +``` + +A `CapabilityKeeper` contains a persistent store key, memory store key, and mapping of allocated module names. + +```go +type CapabilityKeeper struct { + persistentKey StoreKey + memKey StoreKey + capMap map[uint64]*Capability + moduleNames map[string]interface{} + sealed bool +} +``` + +The `CapabilityKeeper` provides the ability to create *scoped* sub-keepers which are tied to a +particular module name. These `ScopedCapabilityKeeper`s must be created at application initialisation +and passed to modules, which can then use them to claim capabilities they receive and retrieve +capabilities which they own by name, in addition to creating new capabilities & authenticating capabilities +passed by other modules. + +```go +type ScopedCapabilityKeeper struct { + persistentKey StoreKey + memKey StoreKey + capMap map[uint64]*Capability + moduleName string +} +``` + +`ScopeToModule` is used to create a scoped sub-keeper with a particular name, which must be unique. +It MUST be called before `InitialiseAndSeal`. + +```go +func (ck CapabilityKeeper) ScopeToModule(moduleName string) ScopedCapabilityKeeper { + if k.sealed { + panic("cannot scope to module via a sealed capability keeper") + } + + if _, ok := k.scopedModules[moduleName]; ok { + panic(fmt.Sprintf("cannot create multiple scoped keepers for the same module name: %s", moduleName)) + } + + k.scopedModules[moduleName] = struct{}{} + + return ScopedKeeper{ + cdc: k.cdc, + storeKey: k.storeKey, + memKey: k.memKey, + capMap: k.capMap, + module: moduleName, + } +} +``` + +`InitialiseAndSeal` MUST be called exactly once, after loading the initial state and creating all +necessary `ScopedCapabilityKeeper`s, in order to populate the memory store with newly-created +capability keys in accordance with the keys previously claimed by particular modules and prevent the +creation of any new `ScopedCapabilityKeeper`s. + +```go +func (ck CapabilityKeeper) InitialiseAndSeal(ctx Context) { + if ck.sealed { + panic("capability keeper is sealed") + } + + persistentStore := ctx.KVStore(ck.persistentKey) + map := ctx.KVStore(ck.memKey) + + // initialise memory store for all names in persistent store + for index, value := range persistentStore.Iter() { + capability = &CapabilityKey{index: index} + + for moduleAndCapability := range value { + moduleName, capabilityName := moduleAndCapability.Split("/") + memStore.Set(moduleName + "/fwd/" + capability, capabilityName) + memStore.Set(moduleName + "/rev/" + capabilityName, index) + + ck.capMap[index] = capability + } + } + + ck.sealed = true +} +``` + +`NewCapability` can be called by any module to create a new unique, unforgeable object-capability +reference. The newly created capability is automatically persisted; the calling module need not +call `ClaimCapability`. + +```go +func (sck ScopedCapabilityKeeper) NewCapability(ctx Context, name string) (Capability, error) { + // check name not taken in memory store + if capStore.Get("rev/" + name) != nil { + return nil, errors.New("name already taken") + } + + // fetch the current index + index := persistentStore.Get("index") + + // create a new capability + capability := &CapabilityKey{index: index} + + // set persistent store + persistentStore.Set(index, Set.singleton(sck.moduleName + "/" + name)) + + // update the index + index++ + persistentStore.Set("index", index) + + // set forward mapping in memory store from capability to name + memStore.Set(sck.moduleName + "/fwd/" + capability, name) + + // set reverse mapping in memory store from name to index + memStore.Set(sck.moduleName + "/rev/" + name, index) + + // set the in-memory mapping from index to capability pointer + capMap[index] = capability + + // return the newly created capability + return capability +} +``` + +`AuthenticateCapability` can be called by any module to check that a capability +does in fact correspond to a particular name (the name can be untrusted user input) +with which the calling module previously associated it. + +```go +func (sck ScopedCapabilityKeeper) AuthenticateCapability(name string, capability Capability) bool { + // return whether forward mapping in memory store matches name + return memStore.Get(sck.moduleName + "/fwd/" + capability) === name +} +``` + +`ClaimCapability` allows a module to claim a capability key which it has received from another module +so that future `GetCapability` calls will succeed. + +`ClaimCapability` MUST be called if a module which receives a capability wishes to access it by name +in the future. Capabilities are multi-owner, so if multiple modules have a single `Capability` reference, +they will all own it. + +```go +func (sck ScopedCapabilityKeeper) ClaimCapability(ctx Context, capability Capability, name string) error { + persistentStore := ctx.KVStore(sck.persistentKey) + + // set forward mapping in memory store from capability to name + memStore.Set(sck.moduleName + "/fwd/" + capability, name) + + // set reverse mapping in memory store from name to capability + memStore.Set(sck.moduleName + "/rev/" + name, capability) + + // update owner set in persistent store + owners := persistentStore.Get(capability.Index()) + owners.add(sck.moduleName + "/" + name) + persistentStore.Set(capability.Index(), owners) +} +``` + +`GetCapability` allows a module to fetch a capability which it has previously claimed by name. +The module is not allowed to retrieve capabilities which it does not own. + +```go +func (sck ScopedCapabilityKeeper) GetCapability(ctx Context, name string) (Capability, error) { + // fetch the index of capability using reverse mapping in memstore + index := memStore.Get(sck.moduleName + "/rev/" + name) + + // fetch capability from go-map using index + capability := capMap[index] + + // return the capability + return capability +} +``` + +`ReleaseCapability` allows a module to release a capability which it had previously claimed. If no +more owners exist, the capability will be deleted globally. + +```go +func (sck ScopedCapabilityKeeper) ReleaseCapability(ctx Context, capability Capability) err { + persistentStore := ctx.KVStore(sck.persistentKey) + + name := capStore.Get(sck.moduleName + "/fwd/" + capability) + if name == nil { + return error("capability not owned by module") + } + + // delete forward mapping in memory store + memoryStore.Delete(sck.moduleName + "/fwd/" + capability, name) + + // delete reverse mapping in memory store + memoryStore.Delete(sck.moduleName + "/rev/" + name, capability) + + // update owner set in persistent store + owners := persistentStore.Get(capability.Index()) + owners.remove(sck.moduleName + "/" + name) + if owners.size() > 0 { + // there are still other owners, keep the capability around + persistentStore.Set(capability.Index(), owners) + } else { + // no more owners, delete the capability + persistentStore.Delete(capability.Index()) + delete(capMap[capability.Index()]) + } +} +``` + +### Usage patterns + +#### Initialisation + +Any modules which use dynamic capabilities must be provided a `ScopedCapabilityKeeper` in `app.go`: + +```go +ck := NewCapabilityKeeper(persistentKey, memoryKey) +mod1Keeper := NewMod1Keeper(ck.ScopeToModule("mod1"), ....) +mod2Keeper := NewMod2Keeper(ck.ScopeToModule("mod2"), ....) + +// other initialisation logic ... + +// load initial state... + +ck.InitialiseAndSeal(initialContext) +``` + +#### Creating, passing, claiming and using capabilities + +Consider the case where `mod1` wants to create a capability, associate it with a resource (e.g. an IBC channel) by name, then pass it to `mod2` which will use it later: + +Module 1 would have the following code: + +```go +capability := scopedCapabilityKeeper.NewCapability(ctx, "resourceABC") +mod2Keeper.SomeFunction(ctx, capability, args...) +``` + +`SomeFunction`, running in module 2, could then claim the capability: + +```go +func (k Mod2Keeper) SomeFunction(ctx Context, capability Capability) { + k.sck.ClaimCapability(ctx, capability, "resourceABC") + // other logic... +} +``` + +Later on, module 2 can retrieve that capability by name and pass it to module 1, which will authenticate it against the resource: + +```go +func (k Mod2Keeper) SomeOtherFunction(ctx Context, name string) { + capability := k.sck.GetCapability(ctx, name) + mod1.UseResource(ctx, capability, "resourceABC") +} +``` + +Module 1 will then check that this capability key is authenticated to use the resource before allowing module 2 to use it: + +```go +func (k Mod1Keeper) UseResource(ctx Context, capability Capability, resource string) { + if !k.sck.AuthenticateCapability(name, capability) { + return errors.New("unauthenticated") + } + // do something with the resource +} +``` + +If module 2 passed the capability key to module 3, module 3 could then claim it and call module 1 just like module 2 did +(in which case module 1, module 2, and module 3 would all be able to use this capability). + +## Status + +Proposed. + +## Consequences + +### Positive + +* Dynamic capability support. +* Allows CapabilityKeeper to return same capability pointer from go-map while reverting any writes to the persistent `KVStore` and in-memory `MemoryStore` on tx failure. + +### Negative + +* Requires an additional keeper. +* Some overlap with existing `StoreKey` system (in the future they could be combined, since this is a superset functionality-wise). +* Requires an extra level of indirection in the reverse mapping, since MemoryStore must map to index which must then be used as key in a go map to retrieve the actual capability + +### Neutral + +(none known) + +## References + +* [Original discussion](https://github.com/cosmos/cosmos-sdk/pull/5230#discussion_r343978513) diff --git a/copy-of-sdk-docs/build/architecture/adr-004-split-denomination-keys.md b/copy-of-sdk-docs/build/architecture/adr-004-split-denomination-keys.md new file mode 100644 index 00000000..53c7b097 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-004-split-denomination-keys.md @@ -0,0 +1,120 @@ +# ADR 004: Split Denomination Keys + +## Changelog + +* 2020-01-08: Initial version +* 2020-01-09: Alterations to handle vesting accounts +* 2020-01-14: Updates from review feedback +* 2020-01-30: Updates from implementation + +### Glossary + +* denom / denomination key -- unique token identifier. + +## Context + +With permissionless IBC, anyone will be able to send arbitrary denominations to any other account. Currently, all non-zero balances are stored along with the account in an `sdk.Coins` struct, which creates a potential denial-of-service concern, as too many denominations will become expensive to load & store each time the account is modified. See issues [5467](https://github.com/cosmos/cosmos-sdk/issues/5467) and [4982](https://github.com/cosmos/cosmos-sdk/issues/4982) for additional context. + +Simply rejecting incoming deposits after a denomination count limit doesn't work, since it opens up a griefing vector: someone could send a user lots of nonsensical coins over IBC, and then prevent the user from receiving real denominations (such as staking rewards). + +## Decision + +Balances shall be stored per-account & per-denomination under a denomination- and account-unique key, thus enabling O(1) read & write access to the balance of a particular account in a particular denomination. + +### Account interface (x/auth) + +`GetCoins()` and `SetCoins()` will be removed from the account interface, since coin balances will +now be stored in & managed by the bank module. + +The vesting account interface will replace `SpendableCoins` in favor of `LockedCoins` which does +not require the account balance anymore. In addition, `TrackDelegation()` will now accept the +account balance of all tokens denominated in the vesting balance instead of loading the entire +account balance. + +Vesting accounts will continue to store original vesting, delegated free, and delegated +vesting coins (which is safe since these cannot contain arbitrary denominations). + +### Bank keeper (x/bank) + +The following APIs will be added to the `x/bank` keeper: + +* `GetAllBalances(ctx Context, addr AccAddress) Coins` +* `GetBalance(ctx Context, addr AccAddress, denom string) Coin` +* `SetBalance(ctx Context, addr AccAddress, coin Coin)` +* `LockedCoins(ctx Context, addr AccAddress) Coins` +* `SpendableCoins(ctx Context, addr AccAddress) Coins` + +Additional APIs may be added to facilitate iteration and auxiliary functionality not essential to +core functionality or persistence. + +Balances will be stored first by the address, then by the denomination (the reverse is also possible, +but retrieval of all balances for a single account is presumed to be more frequent): + +```go +var BalancesPrefix = []byte("balances") + +func (k Keeper) SetBalance(ctx Context, addr AccAddress, balance Coin) error { + if !balance.IsValid() { + return err + } + + store := ctx.KVStore(k.storeKey) + balancesStore := prefix.NewStore(store, BalancesPrefix) + accountStore := prefix.NewStore(balancesStore, addr.Bytes()) + + bz := Marshal(balance) + accountStore.Set([]byte(balance.Denom), bz) + + return nil +} +``` + +This will result in the balances being indexed by the byte representation of +`balances/{address}/{denom}`. + +`DelegateCoins()` and `UndelegateCoins()` will be altered to only load each individual +account balance by denomination found in the (un)delegation amount. As a result, +any mutations to the account balance will be made by denomination. + +`SubtractCoins()` and `AddCoins()` will be altered to read & write the balances +directly instead of calling `GetCoins()` / `SetCoins()` (which no longer exist). + +`trackDelegation()` and `trackUndelegation()` will be altered to no longer update +account balances. + +External APIs will need to scan all balances under an account to retain backwards-compatibility. It +is advised that these APIs use `GetBalance` and `SetBalance` instead of `GetAllBalances` when +possible as to not load the entire account balance. + +### Supply module + +The supply module, in order to implement the total supply invariant, will now need +to scan all accounts & call `GetAllBalances` using the `x/bank` Keeper, then sum +the balances and check that they match the expected total supply. + +## Status + +Accepted. + +## Consequences + +### Positive + +* O(1) reads & writes of balances (with respect to the number of denominations for +which an account has non-zero balances). Note, this does not relate to the actual +I/O cost, rather the total number of direct reads needed. + +### Negative + +* Slightly less efficient reads/writes when reading & writing all balances of a +single account in a transaction. + +### Neutral + +None in particular. + +## References + +* Ref: https://github.com/cosmos/cosmos-sdk/issues/4982 +* Ref: https://github.com/cosmos/cosmos-sdk/issues/5467 +* Ref: https://github.com/cosmos/cosmos-sdk/issues/5492 diff --git a/copy-of-sdk-docs/build/architecture/adr-006-secret-store-replacement.md b/copy-of-sdk-docs/build/architecture/adr-006-secret-store-replacement.md new file mode 100644 index 00000000..500ba40c --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-006-secret-store-replacement.md @@ -0,0 +1,54 @@ +# ADR 006: Secret Store Replacement + +## Changelog + +* July 29th, 2019: Initial draft +* September 11th, 2019: Work has started +* November 4th: Cosmos SDK changes merged in +* November 18th: Gaia changes merged in + +## Context + +Currently, a Cosmos SDK application's CLI directory stores key material and metadata in a plain text database in the user’s home directory. Key material is encrypted by a passphrase, protected by bcrypt hashing algorithm. Metadata (e.g. addresses, public keys, key storage details) is available in plain text. + +This is not desirable for a number of reasons. Perhaps the biggest reason is insufficient security protection of key material and metadata. Leaking the plain text allows an attacker to surveil what keys a given computer controls via a number of techniques, like compromised dependencies without any privilege execution. This could be followed by a more targeted attack on a particular user/computer. + +All modern desktop computers OS (Ubuntu, Debian, MacOS, Windows) provide a built-in secret store that is designed to allow applications to store information that is isolated from all other applications and requires passphrase entry to access the data. + +We are seeking solution that provides a common abstraction layer to the many different backends and reasonable fallback for minimal platforms that don’t provide a native secret store. + +## Decision + +We recommend replacing the current Keybase backend based on LevelDB with [Keyring](https://github.com/99designs/keyring) by 99 designs. This application is designed to provide a common abstraction and uniform interface between many secret stores and is used by AWS Vault application by 99-designs application. + +This appears to fulfill the requirement of protecting both key material and metadata from rogue software on a user’s machine. + +## Status + +Accepted + +## Consequences + +### Positive + +Increased safety for users. + +### Negative + +Users must manually migrate. + +Testing against all supported backends is difficult. + +Running tests locally on a Mac require numerous repetitive password entries. + +### Neutral + +{neutral consequences} + +## References + +* #4754 Switch secret store to the keyring secret store (original PR by @poldsam) [__CLOSED__] +* #5029 Add support for github.com/99designs/keyring-backed keybases [__MERGED__] +* #5097 Add keys migrate command [__MERGED__] +* #5180 Drop on-disk keybase in favor of keyring [_PENDING_REVIEW_] +* cosmos/gaia#164 Drop on-disk keybase in favor of keyring (gaia's changes) [_PENDING_REVIEW_] diff --git a/copy-of-sdk-docs/build/architecture/adr-007-specialization-groups.md b/copy-of-sdk-docs/build/architecture/adr-007-specialization-groups.md new file mode 100644 index 00000000..bafcc697 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-007-specialization-groups.md @@ -0,0 +1,177 @@ +# ADR 007: Specialization Groups + +## Changelog + +* 2019 Jul 31: Initial Draft + +## Context + +This idea was first conceived of in order to fulfill the use case of the +creation of a decentralized Computer Emergency Response Team (dCERT), whose +members would be elected by a governing community and would fulfill the role of +coordinating the community under emergency situations. This thinking +can be further abstracted into the conception of "blockchain specialization +groups". + +The creation of these groups are the beginning of specialization capabilities +within a wider blockchain community which could be used to enable a certain +level of delegated responsibilities. Examples of specialization which could be +beneficial to a blockchain community include: code auditing, emergency response, +code development etc. This type of community organization paves the way for +individual stakeholders to delegate votes by issue type, if in the future +governance proposals include a field for issue type. + +## Decision + +A specialization group can be broadly broken down into the following functions +(herein containing examples): + +* Membership Admittance +* Membership Acceptance +* Membership Revocation + * (probably) Without Penalty + * member steps down (self-Revocation) + * replaced by new member from governance + * (probably) With Penalty + * due to breach of soft-agreement (determined through governance) + * due to breach of hard-agreement (determined by code) +* Execution of Duties + * Special transactions which only execute for members of a specialization + group (for example, dCERT members voting to turn off transaction routes in + an emergency scenario) +* Compensation + * Group compensation (further distribution decided by the specialization group) + * Individual compensation for all constituents of a group from the + greater community + +Membership admittance to a specialization group could take place over a wide +variety of mechanisms. The most obvious example is through a general vote among +the entire community, however in certain systems a community may want to allow +the members already in a specialization group to internally elect new members, +or maybe the community may assign a permission to a particular specialization +group to appoint members to other 3rd party groups. The sky is really the limit +as to how membership admittance can be structured. We attempt to capture +some of these possibilities in a common interface dubbed the `Electionator`. For +its initial implementation as a part of this ADR we recommend that the general +election abstraction (`Electionator`) is provided as well as a basic +implementation of that abstraction which allows for a continuous election of +members of a specialization group. + +``` golang +// The Electionator abstraction covers the concept space for +// a wide variety of election kinds. +type Electionator interface { + + // is the election object accepting votes. + Active() bool + + // functionality to execute for when a vote is cast in this election, here + // the vote field is anticipated to be marshalled into a vote type used + // by an election. + // + // NOTE There are no explicit ids here. Just votes which pertain specifically + // to one electionator. Anyone can create and send a vote to the electionator item + // which will presumably attempt to marshal those bytes into a particular struct + // and apply the vote information in some arbitrary way. There can be multiple + // Electionators within the Cosmos-Hub for multiple specialization groups, votes + // would need to be routed to the Electionator upstream of here. + Vote(addr sdk.AccAddress, vote []byte) + + // here lies all functionality to authenticate and execute changes for + // when a member accepts being elected + AcceptElection(sdk.AccAddress) + + // Register a revoker object + RegisterRevoker(Revoker) + + // No more revokers may be registered after this function is called + SealRevokers() + + // register hooks to call when an election actions occur + RegisterHooks(ElectionatorHooks) + + // query for the current winner(s) of this election based on arbitrary + // election ruleset + QueryElected() []sdk.AccAddress + + // query metadata for an address in the election this + // could include for example position that an address + // is being elected for within a group + // + // this metadata may be directly related to + // voting information and/or privileges enabled + // to members within a group. + QueryMetadata(sdk.AccAddress) []byte +} + +// ElectionatorHooks, once registered with an Electionator, +// trigger execution of relevant interface functions when +// Electionator events occur. +type ElectionatorHooks interface { + AfterVoteCast(addr sdk.AccAddress, vote []byte) + AfterMemberAccepted(addr sdk.AccAddress) + AfterMemberRevoked(addr sdk.AccAddress, cause []byte) +} + +// Revoker defines the function required for a membership revocation rule-set +// used by a specialization group. This could be used to create self revoking, +// and evidence based revoking, etc. Revokers types may be created and +// reused for different election types. +// +// When revoking the "cause" bytes may be arbitrarily marshalled into evidence, +// memos, etc. +type Revoker interface { + RevokeName() string // identifier for this revoker type + RevokeMember(addr sdk.AccAddress, cause []byte) error +} +``` + +Certain level of commonality likely exists between the existing code within +`x/governance` and required functionality of elections. This common +functionality should be abstracted during implementation. Similarly for each +vote implementation client CLI/REST functionality should be abstracted +to be reused for multiple elections. + +The specialization group abstraction firstly extends the `Electionator` +but also further defines traits of the group. + +``` golang +type SpecializationGroup interface { + Electionator + GetName() string + GetDescription() string + + // general soft contract the group is expected + // to fulfill with the greater community + GetContract() string + + // messages which can be executed by the members of the group + Handler(ctx sdk.Context, msg sdk.Msg) sdk.Result + + // logic to be executed at endblock, this may for instance + // include payment of a stipend to the group members + // for participation in the security group. + EndBlocker(ctx sdk.Context) +} +``` + +## Status + +> Proposed + +## Consequences + +### Positive + +* increases specialization capabilities of a blockchain +* improve abstractions in `x/gov/` such that they can be used with specialization groups + +### Negative + +* could be used to increase centralization within a community + +### Neutral + +## References + +* [dCERT ADR](./adr-008-dCERT-group.md) diff --git a/copy-of-sdk-docs/build/architecture/adr-008-dCERT-group.md b/copy-of-sdk-docs/build/architecture/adr-008-dCERT-group.md new file mode 100644 index 00000000..5ee5670b --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-008-dCERT-group.md @@ -0,0 +1,171 @@ +# ADR 008: Decentralized Computer Emergency Response Team (dCERT) Group + +## Changelog + +* 2019 Jul 31: Initial Draft + +## Context + +In order to reduce the number of parties involved with handling sensitive +information in an emergency scenario, we propose the creation of a +specialization group named The Decentralized Computer Emergency Response Team +(dCERT). Initially this group's role is intended to serve as coordinators +between various actors within a blockchain community such as validators, +bug-hunters, and developers. During a time of crisis, the dCERT group would +aggregate and relay input from a variety of stakeholders to the developers who +are actively devising a patch to the software, this way sensitive information +does not need to be publicly disclosed while some input from the community can +still be gained. + +Additionally, a special privilege is proposed for the dCERT group: the capacity +to "circuit-break" (aka. temporarily disable) a particular message path. Note +that this privilege should be enabled/disabled globally with a governance +parameter such that this privilege could start disabled and later be enabled +through a parameter change proposal, once a dCERT group has been established. + +In the future it is foreseeable that the community may wish to expand the roles +of dCERT with further responsibilities such as the capacity to "pre-approve" a +security update on behalf of the community prior to a full community +wide vote whereby the sensitive information would be revealed prior to a +vulnerability being patched on the live network. + +## Decision + +The dCERT group is proposed to include an implementation of a `SpecializationGroup` +as defined in [ADR 007](./adr-007-specialization-groups.md). This will include the +implementation of: + +* continuous voting +* slashing due to breach of soft contract +* revoking a member due to breach of soft contract +* emergency disband of the entire dCERT group (ex. for colluding maliciously) +* compensation stipend from the community pool or other means decided by + governance + +This system necessitates the following new parameters: + +* blockly stipend allowance per dCERT member +* maximum number of dCERT members +* required staked slashable tokens for each dCERT member +* quorum for suspending a particular member +* proposal wager for disbanding the dCERT group +* stabilization period for dCERT member transition +* circuit break dCERT privileges enabled + +These parameters are expected to be implemented through the param keeper such +that governance may change them at any given point. + +### Continuous Voting Electionator + +An `Electionator` object is to be implemented as continuous voting and with the +following specifications: + +* All delegation addresses may submit votes at any point which updates their + preferred representation on the dCERT group. +* Preferred representation may be arbitrarily split between addresses (ex. 50% + to John, 25% to Sally, 25% to Carol) +* In order for a new member to be added to the dCERT group they must + send a transaction accepting their admission at which point the validity of + their admission is to be confirmed. + * A sequence number is assigned when a member is added to dCERT group. + If a member leaves the dCERT group and then enters back, a new sequence number + is assigned. +* Addresses which control the greatest amount of preferred-representation are + eligible to join the dCERT group (up the _maximum number of dCERT members_). + If the dCERT group is already full and new member is admitted, the existing + dCERT member with the lowest amount of votes is kicked from the dCERT group. + * In the split situation where the dCERT group is full but a vying candidate + has the same amount of vote as an existing dCERT member, the existing + member should maintain its position. + * In the split situation where somebody must be kicked out but the two + addresses with the smallest number of votes have the same number of votes, + the address with the smallest sequence number maintains its position. +* A stabilization period can be optionally included to reduce the + "flip-flopping" of the dCERT membership tail members. If a stabilization + period is provided which is greater than 0, when members are kicked due to + insufficient support, a queue entry is created which documents which member is + to replace which other member. While this entry is in the queue, no new entries + to kick that same dCERT member can be made. When the entry matures at the + duration of the stabilization period, the new member is instantiated, and old + member kicked. + +### Staking/Slashing + +All members of the dCERT group must stake tokens _specifically_ to maintain +eligibility as a dCERT member. These tokens can be staked directly by the vying +dCERT member or out of the good will of a 3rd party (who shall gain no on-chain +benefits for doing so). This staking mechanism should use the existing global +unbonding time of tokens staked for network validator security. A dCERT member +can _only be_ a member if it has the required tokens staked under this +mechanism. If those tokens are unbonded then the dCERT member must be +automatically kicked from the group. + +Slashing of a particular dCERT member due to soft-contract breach should be +performed by governance on a per member basis based on the magnitude of the +breach. The process flow is anticipated to be that a dCERT member is suspended +by the dCERT group prior to being slashed by governance. + +Membership suspension by the dCERT group takes place through a voting procedure +by the dCERT group members. After this suspension has taken place, a governance +proposal to slash the dCERT member must be submitted, if the proposal is not +approved by the time the rescinding member has completed unbonding their +tokens, then the tokens are no longer staked and unable to be slashed. + +Additionally in the case of an emergency situation of a colluding and malicious +dCERT group, the community needs the capability to disband the entire dCERT +group and likely fully slash them. This could be achieved though a special new +proposal type (implemented as a general governance proposal) which would halt +the functionality of the dCERT group until the proposal was concluded. This +special proposal type would likely need to also have a fairly large wager which +could be slashed if the proposal creator was malicious. The reason a large +wager should be required is because as soon as the proposal is made, the +capability of the dCERT group to halt message routes is put on temporarily +suspended, meaning that a malicious actor who created such a proposal could +then potentially exploit a bug during this period of time, with no dCERT group +capable of shutting down the exploitable message routes. + +### dCERT membership transactions + +Active dCERT members + +* change of the description of the dCERT group +* circuit break a message route +* vote to suspend a dCERT member. + +Here circuit-breaking refers to the capability to disable a groups of messages, +This could for instance mean: "disable all staking-delegation messages", or +"disable all distribution messages". This could be accomplished by verifying +that the message route has not been "circuit-broken" at CheckTx time (in +`baseapp/baseapp.go`). + +"unbreaking" a circuit is anticipated only to occur during a hard fork upgrade +meaning that no capability to unbreak a message route on a live chain is +required. + +Note also, that if there was a problem with governance voting (for instance a +capability to vote many times) then governance would be broken and should be +halted with this mechanism, it would be then up to the validator set to +coordinate and hard-fork upgrade to a patched version of the software where +governance is re-enabled (and fixed). If the dCERT group abuses this privilege +they should all be severely slashed. + +## Status + +Proposed + +## Consequences + +### Positive + +* Potential to reduces the number of parties to coordinate with during an emergency +* Reduction in possibility of disclosing sensitive information to malicious parties + +### Negative + +* Centralization risks + +### Neutral + +## References + + [Specialization Groups ADR](./adr-007-specialization-groups.md) diff --git a/copy-of-sdk-docs/build/architecture/adr-009-evidence-module.md b/copy-of-sdk-docs/build/architecture/adr-009-evidence-module.md new file mode 100644 index 00000000..ded04a14 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-009-evidence-module.md @@ -0,0 +1,182 @@ +# ADR 009: Evidence Module + +## Changelog + +* 2019 July 31: Initial draft +* 2019 October 24: Initial implementation + +## Status + +Accepted + +## Context + +In order to support building highly secure, robust and interoperable blockchain +applications, it is vital for the Cosmos SDK to expose a mechanism in which arbitrary +evidence can be submitted, evaluated and verified resulting in some agreed upon +penalty for any misbehavior committed by a validator, such as equivocation (double-voting), +signing when unbonded, signing an incorrect state transition (in the future), etc. +Furthermore, such a mechanism is paramount for any +[IBC](https://github.com/cosmos/ics/blob/master/ibc/2_IBC_ARCHITECTURE.md) or +cross-chain validation protocol implementation in order to support the ability +for any misbehavior to be relayed back from a collateralized chain to a primary +chain so that the equivocating validator(s) can be slashed. + +## Decision + +We will implement an evidence module in the Cosmos SDK supporting the following +functionality: + +* Provide developers with the abstractions and interfaces necessary to define + custom evidence messages, message handlers, and methods to slash and penalize + accordingly for misbehavior. +* Support the ability to route evidence messages to handlers in any module to + determine the validity of submitted misbehavior. +* Support the ability, through governance, to modify slashing penalties of any + evidence type. +* Querier implementation to support querying params, evidence types, params, and + all submitted valid misbehavior. + +### Types + +First, we define the `Evidence` interface type. The `x/evidence` module may implement +its own types that can be used by many chains (e.g. `CounterFactualEvidence`). +In addition, other modules may implement their own `Evidence` types in a similar +manner in which governance is extensible. It is important to note any concrete +type implementing the `Evidence` interface may include arbitrary fields such as +an infraction time. We want the `Evidence` type to remain as flexible as possible. + +When submitting evidence to the `x/evidence` module, the concrete type must provide +the validator's consensus address, which should be known by the `x/slashing` +module (assuming the infraction is valid), the height at which the infraction +occurred and the validator's power at same height in which the infraction occurred. + +```go +type Evidence interface { + Route() string + Type() string + String() string + Hash() HexBytes + ValidateBasic() error + + // The consensus address of the malicious validator at time of infraction + GetConsensusAddress() ConsAddress + + // Height at which the infraction occurred + GetHeight() int64 + + // The total power of the malicious validator at time of infraction + GetValidatorPower() int64 + + // The total validator set power at time of infraction + GetTotalPower() int64 +} +``` + +### Routing & Handling + +Each `Evidence` type must map to a specific unique route and be registered with +the `x/evidence` module. It accomplishes this through the `Router` implementation. + +```go +type Router interface { + AddRoute(r string, h Handler) Router + HasRoute(r string) bool + GetRoute(path string) Handler + Seal() +} +``` + +Upon successful routing through the `x/evidence` module, the `Evidence` type +is passed through a `Handler`. This `Handler` is responsible for executing all +corresponding business logic necessary for verifying the evidence as valid. In +addition, the `Handler` may execute any necessary slashing and potential jailing. +Since slashing fractions will typically result from some form of static functions, +allow the `Handler` to do this provides the greatest flexibility. An example could +be `k * evidence.GetValidatorPower()` where `k` is an on-chain parameter controlled +by governance. The `Evidence` type should provide all the external information +necessary in order for the `Handler` to make the necessary state transitions. +If no error is returned, the `Evidence` is considered valid. + +```go +type Handler func(Context, Evidence) error +``` + +### Submission + +`Evidence` is submitted through a `MsgSubmitEvidence` message type which is internally +handled by the `x/evidence` module's `SubmitEvidence`. + +```go +type MsgSubmitEvidence struct { + Evidence +} + +func handleMsgSubmitEvidence(ctx Context, keeper Keeper, msg MsgSubmitEvidence) Result { + if err := keeper.SubmitEvidence(ctx, msg.Evidence); err != nil { + return err.Result() + } + + // emit events... + + return Result{ + // ... + } +} +``` + +The `x/evidence` module's keeper is responsible for matching the `Evidence` against +the module's router and invoking the corresponding `Handler` which may include +slashing and jailing the validator. Upon success, the submitted evidence is persisted. + +```go +func (k Keeper) SubmitEvidence(ctx Context, evidence Evidence) error { + handler := keeper.router.GetRoute(evidence.Route()) + if err := handler(ctx, evidence); err != nil { + return ErrInvalidEvidence(keeper.codespace, err) + } + + keeper.setEvidence(ctx, evidence) + return nil +} +``` + +### Genesis + +Finally, we need to represent the genesis state of the `x/evidence` module. The +module only needs a list of all submitted valid infractions and any necessary params +for which the module needs in order to handle submitted evidence. The `x/evidence` +module will naturally define and route native evidence types for which it'll most +likely need slashing penalty constants for. + +```go +type GenesisState struct { + Params Params + Infractions []Evidence +} +``` + +## Consequences + +### Positive + +* Allows the state machine to process misbehavior submitted on-chain and penalize + validators based on agreed upon slashing parameters. +* Allows evidence types to be defined and handled by any module. This further allows + slashing and jailing to be defined by more complex mechanisms. +* Does not solely rely on Tendermint to submit evidence. + +### Negative + +* No easy way to introduce new evidence types through governance on a live chain + due to the inability to introduce the new evidence type's corresponding handler + +### Neutral + +* Should we persist infractions indefinitely? Or should we rather rely on events? + +## References + +* [ICS](https://github.com/cosmos/ics) +* [IBC Architecture](https://github.com/cosmos/ics/blob/master/ibc/1_IBC_ARCHITECTURE.md) +* [Tendermint Fork Accountability](https://github.com/tendermint/spec/blob/7b3138e69490f410768d9b1ffc7a17abc23ea397/spec/consensus/fork-accountability.md) diff --git a/copy-of-sdk-docs/build/architecture/adr-010-modular-antehandler.md b/copy-of-sdk-docs/build/architecture/adr-010-modular-antehandler.md new file mode 100644 index 00000000..4eb5b885 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-010-modular-antehandler.md @@ -0,0 +1,290 @@ +# ADR 010: Modular AnteHandler + +## Changelog + +* 2019 Aug 31: Initial draft +* 2021 Sep 14: Superseded by ADR-045 + +## Status + +SUPERSEDED by ADR-045 + +## Context + +The current AnteHandler design allows users to either use the default AnteHandler provided in `x/auth` or to build their own AnteHandler from scratch. Ideally AnteHandler functionality is split into multiple, modular functions that can be chained together along with custom ante-functions so that users do not have to rewrite common antehandler logic when they want to implement custom behavior. + +For example, let's say a user wants to implement some custom signature verification logic. In the current codebase, the user would have to write their own Antehandler from scratch largely reimplementing much of the same code and then set their own custom, monolithic antehandler in the baseapp. Instead, we would like to allow users to specify custom behavior when necessary and combine them with default ante-handler functionality in a way that is as modular and flexible as possible. + +## Proposals + +### Per-Module AnteHandler + +One approach is to use the [ModuleManager](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/types/module) and have each module implement its own antehandler if it requires custom antehandler logic. The ModuleManager can then be passed in an AnteHandler order in the same way it has an order for BeginBlockers and EndBlockers. The ModuleManager returns a single AnteHandler function that will take in a tx and run each module's `AnteHandle` in the specified order. The module manager's AnteHandler is set as the baseapp's AnteHandler. + +Pros: + +1. Simple to implement +2. Utilizes the existing ModuleManager architecture + +Cons: + +1. Improves granularity but still cannot get more granular than a per-module basis. e.g. If auth's `AnteHandle` function is in charge of validating memo and signatures, users cannot swap the signature-checking functionality while keeping the rest of auth's `AnteHandle` functionality. +2. Module AnteHandler are run one after the other. There is no way for one AnteHandler to wrap or "decorate" another. + +### Decorator Pattern + +The [weave project](https://github.com/iov-one/weave) achieves AnteHandler modularity through the use of a decorator pattern. The interface is designed as follows: + +```go +// Decorator wraps a Handler to provide common functionality +// like authentication, or fee-handling, to many Handlers +type Decorator interface { + Check(ctx Context, store KVStore, tx Tx, next Checker) (*CheckResult, error) + Deliver(ctx Context, store KVStore, tx Tx, next Deliverer) (*DeliverResult, error) +} +``` + +Each decorator works like a modularized Cosmos SDK antehandler function, but it can take in a `next` argument that may be another decorator or a Handler (which does not take in a next argument). These decorators can be chained together, one decorator being passed in as the `next` argument of the previous decorator in the chain. The chain ends in a Router which can take a tx and route to the appropriate msg handler. + +A key benefit of this approach is that one Decorator can wrap its internal logic around the next Checker/Deliverer. A weave Decorator may do the following: + +```go +// Example Decorator's Deliver function +func (example Decorator) Deliver(ctx Context, store KVStore, tx Tx, next Deliverer) { + // Do some pre-processing logic + + res, err := next.Deliver(ctx, store, tx) + + // Do some post-processing logic given the result and error +} +``` + +Pros: + +1. Weave Decorators can wrap over the next decorator/handler in the chain. The ability to both pre-process and post-process may be useful in certain settings. +2. Provides a nested modular structure that isn't possible in the solution above, while also allowing for a linear one-after-the-other structure like the solution above. + +Cons: + +1. It is hard to understand at first glance the state updates that would occur after a Decorator runs given the `ctx`, `store`, and `tx`. A Decorator can have an arbitrary number of nested Decorators being called within its function body, each possibly doing some pre- and post-processing before calling the next decorator on the chain. Thus to understand what a Decorator is doing, one must also understand what every other decorator further along the chain is also doing. This can get quite complicated to understand. A linear, one-after-the-other approach while less powerful, may be much easier to reason about. + +### Chained Micro-Functions + +The benefit of Weave's approach is that the Decorators can be very concise, which when chained together allows for maximum customizability. However, the nested structure can get quite complex and thus hard to reason about. + +Another approach is to split the AnteHandler functionality into tightly scoped "micro-functions", while preserving the one-after-the-other ordering that would come from the ModuleManager approach. + +We can then have a way to chain these micro-functions so that they run one after the other. Modules may define multiple ante micro-functions and then also provide a default per-module AnteHandler that implements a default, suggested order for these micro-functions. + +Users can order the AnteHandlers easily by simply using the ModuleManager. The ModuleManager will take in a list of AnteHandlers and return a single AnteHandler that runs each AnteHandler in the order of the list provided. If the user is comfortable with the default ordering of each module, this is as simple as providing a list with each module's antehandler (exactly the same as BeginBlocker and EndBlocker). + +If however, users wish to change the order or add, modify, or delete ante micro-functions in anyway; they can always define their own ante micro-functions and add them explicitly to the list that gets passed into module manager. + +#### Default Workflow + +This is an example of a user's AnteHandler if they choose not to make any custom micro-functions. + +##### Cosmos SDK code + +```go +// Chains together a list of AnteHandler micro-functions that get run one after the other. +// Returned AnteHandler will abort on first error. +func Chainer(order []AnteHandler) AnteHandler { + return func(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + for _, ante := range order { + ctx, err := ante(ctx, tx, simulate) + if err != nil { + return ctx, err + } + } + return ctx, err + } +} +``` + +```go +// AnteHandler micro-function to verify signatures +func VerifySignatures(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + // verify signatures + // Returns InvalidSignature Result and abort=true if sigs invalid + // Return OK result and abort=false if sigs are valid +} + +// AnteHandler micro-function to validate memo +func ValidateMemo(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + // validate memo +} + +// Auth defines its own default ante-handler by chaining its micro-functions in a recommended order +AuthModuleAnteHandler := Chainer([]AnteHandler{VerifySignatures, ValidateMemo}) +``` + +```go +// Distribution micro-function to deduct fees from tx +func DeductFees(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + // Deduct fees from tx + // Abort if insufficient funds in account to pay for fees +} + +// Distribution micro-function to check if fees > mempool parameter +func CheckMempoolFees(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + // If CheckTx: Abort if the fees are less than the mempool's minFee parameter +} + +// Distribution defines its own default ante-handler by chaining its micro-functions in a recommended order +DistrModuleAnteHandler := Chainer([]AnteHandler{CheckMempoolFees, DeductFees}) +``` + +```go +type ModuleManager struct { + // other fields + AnteHandlerOrder []AnteHandler +} + +func (mm ModuleManager) GetAnteHandler() AnteHandler { + return Chainer(mm.AnteHandlerOrder) +} +``` + +##### User Code + +```go +// Note: Since user is not making any custom modifications, we can just SetAnteHandlerOrder with the default AnteHandlers provided by each module in our preferred order +moduleManager.SetAnteHandlerOrder([]AnteHandler(AuthModuleAnteHandler, DistrModuleAnteHandler)) + +app.SetAnteHandler(mm.GetAnteHandler()) +``` + +#### Custom Workflow + +This is an example workflow for a user that wants to implement custom antehandler logic. In this example, the user wants to implement custom signature verification and change the order of antehandler so that validate memo runs before signature verification. + +##### User Code + +```go +// User can implement their own custom signature verification antehandler micro-function +func CustomSigVerify(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + // do some custom signature verification logic +} +``` + +```go +// Micro-functions allow users to change order of when they get executed, and swap out default ante-functionality with their own custom logic. +// Note that users can still chain the default distribution module handler, and auth micro-function along with their custom ante function +moduleManager.SetAnteHandlerOrder([]AnteHandler(ValidateMemo, CustomSigVerify, DistrModuleAnteHandler)) +``` + +Pros: + +1. Allows for ante functionality to be as modular as possible. +2. For users that do not need custom ante-functionality, there is little difference between how antehandlers work and how BeginBlock and EndBlock work in ModuleManager. +3. Still easy to understand + +Cons: + +1. Cannot wrap antehandlers with decorators like you can with Weave. + +### Simple Decorators + +This approach takes inspiration from Weave's decorator design while trying to minimize the number of breaking changes to the Cosmos SDK and maximizing simplicity. Like Weave decorators, this approach allows one `AnteDecorator` to wrap the next AnteHandler to do pre- and post-processing on the result. This is useful since decorators can do defer/cleanups after an AnteHandler returns as well as perform some setup beforehand. Unlike Weave decorators, these `AnteDecorator` functions can only wrap over the AnteHandler rather than the entire handler execution path. This is deliberate as we want decorators from different modules to perform authentication/validation on a `tx`. However, we do not want decorators being capable of wrapping and modifying the results of a `MsgHandler`. + +In addition, this approach will not break any core Cosmos SDK API's. Since we preserve the notion of an AnteHandler and still set a single AnteHandler in baseapp, the decorator is simply an additional approach available for users that desire more customization. The API of modules (namely `x/auth`) may break with this approach, but the core API remains untouched. + +Allow Decorator interface that can be chained together to create a Cosmos SDK AnteHandler. + +This allows users to choose between implementing an AnteHandler by themselves and setting it in the baseapp, or use the decorator pattern to chain their custom decorators with the Cosmos SDK provided decorators in the order they wish. + +```go +// An AnteDecorator wraps an AnteHandler, and can do pre- and post-processing on the next AnteHandler +type AnteDecorator interface { + AnteHandle(ctx Context, tx Tx, simulate bool, next AnteHandler) (newCtx Context, err error) +} +``` + +```go +// ChainAnteDecorators will recursively link all of the AnteDecorators in the chain and return a final AnteHandler function +// This is done to preserve the ability to set a single AnteHandler function in the baseapp. +func ChainAnteDecorators(chain ...AnteDecorator) AnteHandler { + if len(chain) == 1 { + return func(ctx Context, tx Tx, simulate bool) { + chain[0].AnteHandle(ctx, tx, simulate, nil) + } + } + return func(ctx Context, tx Tx, simulate bool) { + chain[0].AnteHandle(ctx, tx, simulate, ChainAnteDecorators(chain[1:])) + } +} +``` + +#### Example Code + +Define AnteDecorator functions + +```go +// Setup GasMeter, catch OutOfGasPanic and handle appropriately +type SetUpContextDecorator struct{} + +func (sud SetUpContextDecorator) AnteHandle(ctx Context, tx Tx, simulate bool, next AnteHandler) (newCtx Context, err error) { + ctx.GasMeter = NewGasMeter(tx.Gas) + + defer func() { + // recover from OutOfGas panic and handle appropriately + } + + return next(ctx, tx, simulate) +} + +// Signature Verification decorator. Verify Signatures and move on +type SigVerifyDecorator struct{} + +func (svd SigVerifyDecorator) AnteHandle(ctx Context, tx Tx, simulate bool, next AnteHandler) (newCtx Context, err error) { + // verify sigs. Return error if invalid + + // call next antehandler if sigs ok + return next(ctx, tx, simulate) +} + +// User-defined Decorator. Can choose to pre- and post-process on AnteHandler +type UserDefinedDecorator struct{ + // custom fields +} + +func (udd UserDefinedDecorator) AnteHandle(ctx Context, tx Tx, simulate bool, next AnteHandler) (newCtx Context, err error) { + // pre-processing logic + + ctx, err = next(ctx, tx, simulate) + + // post-processing logic +} +``` + +Link AnteDecorators to create a final AnteHandler. Set this AnteHandler in baseapp. + +```go +// Create final antehandler by chaining the decorators together +antehandler := ChainAnteDecorators(NewSetUpContextDecorator(), NewSigVerifyDecorator(), NewUserDefinedDecorator()) + +// Set chained Antehandler in the baseapp +bapp.SetAnteHandler(antehandler) +``` + +Pros: + +1. Allows one decorator to pre- and post-process the next AnteHandler, similar to the Weave design. +2. Do not need to break baseapp API. Users can still set a single AnteHandler if they choose. + +Cons: + +1. Decorator pattern may have a deeply nested structure that is hard to understand, this is mitigated by having the decorator order explicitly listed in the `ChainAnteDecorators` function. +2. Does not make use of the ModuleManager design. Since this is already being used for BeginBlocker/EndBlocker, this proposal seems unaligned with that design pattern. + +## Consequences + +Since pros and cons are written for each approach, it is omitted from this section + +## References + +* [#4572](https://github.com/cosmos/cosmos-sdk/issues/4572): Modular AnteHandler Issue +* [#4582](https://github.com/cosmos/cosmos-sdk/pull/4583): Initial Implementation of Per-Module AnteHandler Approach +* [Weave Decorator Code](https://github.com/iov-one/weave/blob/master/handler.go#L35) +* [Weave Design Videos](https://vimeo.com/showcase/6189877) diff --git a/copy-of-sdk-docs/build/architecture/adr-011-generalize-genesis-accounts.md b/copy-of-sdk-docs/build/architecture/adr-011-generalize-genesis-accounts.md new file mode 100644 index 00000000..92a704ba --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-011-generalize-genesis-accounts.md @@ -0,0 +1,170 @@ +# ADR 011: Generalize Genesis Accounts + +## Changelog + +* 2019-08-30: initial draft + +## Context + +Currently, the Cosmos SDK allows for custom account types; the `auth` keeper stores any type fulfilling its `Account` interface. However `auth` does not handle exporting or loading accounts to/from a genesis file, this is done by `genaccounts`, which only handles one of 4 concrete account types (`BaseAccount`, `ContinuousVestingAccount`, `DelayedVestingAccount` and `ModuleAccount`). + +Projects desiring to use custom accounts (say custom vesting accounts) need to fork and modify `genaccounts`. + +## Decision + +In summary, we will (un)marshal all accounts (interface types) directly using amino, rather than converting to `genaccounts`’s `GenesisAccount` type. Since doing this removes the majority of `genaccounts`'s code, we will merge `genaccounts` into `auth`. Marshalled accounts will be stored in `auth`'s genesis state. + +Detailed changes: + +### 1) (Un)Marshal accounts directly using amino + +The `auth` module's `GenesisState` gains a new field `Accounts`. Note these aren't of type `exported.Account` for reasons outlined in section 3. + +```go +// GenesisState - all auth state that must be provided at genesis +type GenesisState struct { + Params Params `json:"params" yaml:"params"` + Accounts []GenesisAccount `json:"accounts" yaml:"accounts"` +} +``` + +Now `auth`'s `InitGenesis` and `ExportGenesis` (un)marshal accounts as well as the defined params. + +```go +// InitGenesis - Init store state from genesis data +func InitGenesis(ctx sdk.Context, ak AccountKeeper, data GenesisState) { + ak.SetParams(ctx, data.Params) + // load the accounts + for _, a := range data.Accounts { + acc := ak.NewAccount(ctx, a) // set account number + ak.SetAccount(ctx, acc) + } +} + +// ExportGenesis returns a GenesisState for a given context and keeper +func ExportGenesis(ctx sdk.Context, ak AccountKeeper) GenesisState { + params := ak.GetParams(ctx) + + var genAccounts []exported.GenesisAccount + ak.IterateAccounts(ctx, func(account exported.Account) bool { + genAccount := account.(exported.GenesisAccount) + genAccounts = append(genAccounts, genAccount) + return false + }) + + return NewGenesisState(params, genAccounts) +} +``` + +### 2) Register custom account types on the `auth` codec + +The `auth` codec must have all custom account types registered to marshal them. We will follow the pattern established in `gov` for proposals. + +An example custom account definition: + +```go +import authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + +// Register the module account type with the auth module codec so it can decode module accounts stored in a genesis file +func init() { + authtypes.RegisterAccountTypeCodec(ModuleAccount{}, "cosmos-sdk/ModuleAccount") +} + +type ModuleAccount struct { + ... +``` + +The `auth` codec definition: + +```go +var ModuleCdc *codec.LegacyAmino + +func init() { + ModuleCdc = codec.NewLegacyAmino() + // register module msg's and Account interface + ... + // leave the codec unsealed +} + +// RegisterAccountTypeCodec registers an external account type defined in another module for the internal ModuleCdc. +func RegisterAccountTypeCodec(o interface{}, name string) { + ModuleCdc.RegisterConcrete(o, name, nil) +} +``` + +### 3) Genesis validation for custom account types + +Modules implement a `ValidateGenesis` method. As `auth` does not know of account implementations, accounts will need to validate themselves. + +We will unmarshal accounts into a `GenesisAccount` interface that includes a `Validate` method. + +```go +type GenesisAccount interface { + exported.Account + Validate() error +} +``` + +Then the `auth` `ValidateGenesis` function becomes: + +```go +// ValidateGenesis performs basic validation of auth genesis data returning an +// error for any failed validation criteria. +func ValidateGenesis(data GenesisState) error { + // Validate params + ... + + // Validate accounts + addrMap := make(map[string]bool, len(data.Accounts)) + for _, acc := range data.Accounts { + + // check for duplicated accounts + addrStr := acc.GetAddress().String() + if _, ok := addrMap[addrStr]; ok { + return fmt.Errorf("duplicate account found in genesis state; address: %s", addrStr) + } + addrMap[addrStr] = true + + // check account specific validation + if err := acc.Validate(); err != nil { + return fmt.Errorf("invalid account found in genesis state; address: %s, error: %s", addrStr, err.Error()) + } + + } + return nil +} +``` + +### 4) Move add-genesis-account cli to `auth` + +The `genaccounts` module contains a cli command to add base or vesting accounts to a genesis file. + +This will be moved to `auth`. We will leave it to projects to write their own commands to add custom accounts. An extensible cli handler, similar to `gov`, could be created but it is not worth the complexity for this minor use case. + +### 5) Update module and vesting accounts + +Under the new scheme, module and vesting account types need some minor updates: + +* Type registration on `auth`'s codec (shown above) +* A `Validate` method for each `Account` concrete type + +## Status + +Proposed + +## Consequences + +### Positive + +* custom accounts can be used without needing to fork `genaccounts` +* reduction in lines of code + +### Negative + +### Neutral + +* `genaccounts` module no longer exists +* accounts in genesis files are stored under `accounts` in `auth` rather than in the `genaccounts` module. +-`add-genesis-account` cli command now in `auth` + +## References diff --git a/copy-of-sdk-docs/build/architecture/adr-012-state-accessors.md b/copy-of-sdk-docs/build/architecture/adr-012-state-accessors.md new file mode 100644 index 00000000..009e3492 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-012-state-accessors.md @@ -0,0 +1,155 @@ +# ADR 012: State Accessors + +## Changelog + +* 2019 Sep 04: Initial draft + +## Context + +Cosmos SDK modules currently use the `KVStore` interface and `Codec` to access their respective state. While +this provides a large degree of freedom to module developers, it is hard to modularize and the UX is +mediocre. + +First, each time a module tries to access the state, it has to marshal the value and set or get the +value and finally unmarshal. Usually this is done by declaring `Keeper.GetXXX` and `Keeper.SetXXX` functions, +which are repetitive and hard to maintain. + +Second, this makes it harder to align with the object capability theorem: the right to access the +state is defined as a `StoreKey`, which gives full access on the entire Merkle tree, so a module cannot +send the access right to a specific key-value pair (or a set of key-value pairs) to another module safely. + +Finally, because the getter/setter functions are defined as methods of a module's `Keeper`, the reviewers +have to consider the whole Merkle tree space when they reviewing a function accessing any part of the state. +There is no static way to know which part of the state that the function is accessing (and which is not). + +## Decision + +We will define a type named `Value`: + +```go +type Value struct { + m Mapping + key []byte +} +``` + +The `Value` works as a reference for a key-value pair in the state, where `Value.m` defines the key-value +space it will access and `Value.key` defines the exact key for the reference. + +We will define a type named `Mapping`: + +```go +type Mapping struct { + storeKey sdk.StoreKey + cdc *codec.LegacyAmino + prefix []byte +} +``` + +The `Mapping` works as a reference for a key-value space in the state, where `Mapping.storeKey` defines +the IAVL (sub-)tree and `Mapping.prefix` defines the optional subspace prefix. + +We will define the following core methods for the `Value` type: + +```go +// Get and unmarshal stored data, noop if not exists, panic if cannot unmarshal +func (Value) Get(ctx Context, ptr interface{}) {} + +// Get and unmarshal stored data, return error if not exists or cannot unmarshal +func (Value) GetSafe(ctx Context, ptr interface{}) {} + +// Get stored data as raw byte slice +func (Value) GetRaw(ctx Context) []byte {} + +// Marshal and set a raw value +func (Value) Set(ctx Context, o interface{}) {} + +// Check if a raw value exists +func (Value) Exists(ctx Context) bool {} + +// Delete a raw value +func (Value) Delete(ctx Context) {} +``` + +We will define the following core methods for the `Mapping` type: + +```go +// Constructs key-value pair reference corresponding to the key argument in the Mapping space +func (Mapping) Value(key []byte) Value {} + +// Get and unmarshal stored data, noop if not exists, panic if cannot unmarshal +func (Mapping) Get(ctx Context, key []byte, ptr interface{}) {} + +// Get and unmarshal stored data, return error if not exists or cannot unmarshal +func (Mapping) GetSafe(ctx Context, key []byte, ptr interface{}) + +// Get stored data as raw byte slice +func (Mapping) GetRaw(ctx Context, key []byte) []byte {} + +// Marshal and set a raw value +func (Mapping) Set(ctx Context, key []byte, o interface{}) {} + +// Check if a raw value exists +func (Mapping) Has(ctx Context, key []byte) bool {} + +// Delete a raw value +func (Mapping) Delete(ctx Context, key []byte) {} +``` + +Each method of the `Mapping` type that is passed the arguments `ctx`, `key`, and `args...` will proxy +the call to `Mapping.Value(key)` with arguments `ctx` and `args...`. + +In addition, we will define and provide a common set of types derived from the `Value` type: + +```go +type Boolean struct { Value } +type Enum struct { Value } +type Integer struct { Value; enc IntEncoding } +type String struct { Value } +// ... +``` + +Where the encoding schemes can be different, `o` arguments in core methods are typed, and `ptr` arguments +in core methods are replaced by explicit return types. + +Finally, we will define a family of types derived from the `Mapping` type: + +```go +type Indexer struct { + m Mapping + enc IntEncoding +} +``` + +Where the `key` argument in core method is typed. + +Some of the properties of the accessor types are: + +* State access happens only when a function which takes a `Context` as an argument is invoked +* Accessor type structs give rights to access the state only that the struct is referring, no other +* Marshalling/Unmarshalling happens implicitly within the core methods + +## Status + +Proposed + +## Consequences + +### Positive + +* Serialization will be done automatically +* Shorter code size, less boilerplate, better UX +* References to the state can be transferred safely +* Explicit scope of accessing + +### Negative + +* Serialization format will be hidden +* Different architecture from the current, but the use of accessor types can be opt-in +* Type-specific types (e.g. `Boolean` and `Integer`) have to be defined manually + +### Neutral + +## References + +* [#4554](https://github.com/cosmos/cosmos-sdk/issues/4554) diff --git a/copy-of-sdk-docs/build/architecture/adr-013-metrics.md b/copy-of-sdk-docs/build/architecture/adr-013-metrics.md new file mode 100644 index 00000000..b0808d46 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-013-metrics.md @@ -0,0 +1,157 @@ +# ADR 013: Observability + +## Changelog + +* 20-01-2020: Initial Draft + +## Status + +Proposed + +## Context + +Telemetry is paramount into debugging and understanding what the application is doing and how it is +performing. We aim to expose metrics from modules and other core parts of the Cosmos SDK. + +In addition, we should aim to support multiple configurable sinks that an operator may choose from. +By default, when telemetry is enabled, the application should track and expose metrics that are +stored in-memory. The operator may choose to enable additional sinks, where we support only +[Prometheus](https://prometheus.io/) for now, as it's battle-tested, simple to setup, open source, +and is rich with ecosystem tooling. + +We must also aim to integrate metrics into the Cosmos SDK in the most seamless way possible such that +metrics may be added or removed at will and without much friction. To do this, we will use the +[go-metrics](https://github.com/hashicorp/go-metrics) library. + +Finally, operators may enable telemetry along with specific configuration options. If enabled, metrics +will be exposed via `/metrics?format={text|prometheus}` via the API server. + +## Decision + +We will add an additional configuration block to `app.toml` that defines telemetry settings: + +```toml +############################################################################### +### Telemetry Configuration ### +############################################################################### + +[telemetry] + +# Prefixed with keys to separate services +service-name = {{ .Telemetry.ServiceName }} + +# Enabled enables the application telemetry functionality. When enabled, +# an in-memory sink is also enabled by default. Operators may also enabled +# other sinks such as Prometheus. +enabled = {{ .Telemetry.Enabled }} + +# Enable prefixing gauge values with hostname +enable-hostname = {{ .Telemetry.EnableHostname }} + +# Enable adding hostname to labels +enable-hostname-label = {{ .Telemetry.EnableHostnameLabel }} + +# Enable adding service to labels +enable-service-label = {{ .Telemetry.EnableServiceLabel }} + +# PrometheusRetentionTime, when positive, enables a Prometheus metrics sink. +prometheus-retention-time = {{ .Telemetry.PrometheusRetentionTime }} +``` + +The given configuration allows for two sinks -- in-memory and Prometheus. We create a `Metrics` +type that performs all the bootstrapping for the operator, so capturing metrics becomes seamless. + +```go +// Metrics defines a wrapper around application telemetry functionality. It allows +// metrics to be gathered at any point in time. When creating a Metrics object, +// internally, a global metrics is registered with a set of sinks as configured +// by the operator. In addition to the sinks, when a process gets a SIGUSR1, a +// dump of formatted recent metrics will be sent to STDERR. +type Metrics struct { + memSink *metrics.InmemSink + prometheusEnabled bool +} + +// Gather collects all registered metrics and returns a GatherResponse where the +// metrics are encoded depending on the type. Metrics are either encoded via +// Prometheus or JSON if in-memory. +func (m *Metrics) Gather(format string) (GatherResponse, error) { + switch format { + case FormatPrometheus: + return m.gatherPrometheus() + + case FormatText: + return m.gatherGeneric() + + case FormatDefault: + return m.gatherGeneric() + + default: + return GatherResponse{}, fmt.Errorf("unsupported metrics format: %s", format) + } +} +``` + +In addition, `Metrics` allows us to gather the current set of metrics at any given point in time. An +operator may also choose to send a signal, SIGUSR1, to dump and print formatted metrics to STDERR. + +During an application's bootstrapping and construction phase, if `Telemetry.Enabled` is `true`, the +API server will create an instance of a reference to `Metrics` object and will register a metrics +handler accordingly. + +```go +func (s *Server) Start(cfg config.Config) error { + // ... + + if cfg.Telemetry.Enabled { + m, err := telemetry.New(cfg.Telemetry) + if err != nil { + return err + } + + s.metrics = m + s.registerMetrics() + } + + // ... +} + +func (s *Server) registerMetrics() { + metricsHandler := func(w http.ResponseWriter, r *http.Request) { + format := strings.TrimSpace(r.FormValue("format")) + + gr, err := s.metrics.Gather(format) + if err != nil { + rest.WriteErrorResponse(w, http.StatusBadRequest, fmt.Sprintf("failed to gather metrics: %s", err)) + return + } + + w.Header().Set("Content-Type", gr.ContentType) + _, _ = w.Write(gr.Metrics) + } + + s.Router.HandleFunc("/metrics", metricsHandler).Methods("GET") +} +``` + +Application developers may track counters, gauges, summaries, and key/value metrics. There is no +additional lifting required by modules to leverage profiling metrics. To do so, it's as simple as: + +```go +func (k BaseKeeper) MintCoins(ctx sdk.Context, moduleName string, amt sdk.Coins) error { + defer metrics.MeasureSince(time.Now(), "MintCoins") + // ... +} +``` + +## Consequences + +### Positive + +* Exposure into the performance and behavior of an application + +### Negative + +### Neutral + +## References diff --git a/copy-of-sdk-docs/build/architecture/adr-014-proportional-slashing.md b/copy-of-sdk-docs/build/architecture/adr-014-proportional-slashing.md new file mode 100644 index 00000000..976136a9 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-014-proportional-slashing.md @@ -0,0 +1,85 @@ +# ADR 14: Proportional Slashing + +## Changelog + +* 2019-10-15: Initial draft +* 2020-05-25: Removed correlation root slashing +* 2020-07-01: Updated to include S-curve function instead of linear + +## Context + +In Proof of Stake-based chains, centralization of consensus power amongst a small set of validators can cause harm to the network due to increased risk of censorship, liveness failure, fork attacks, etc. However, while this centralization causes a negative externality to the network, it is not directly felt by the delegators contributing towards delegating towards already large validators. We would like a way to pass on the negative externality cost of centralization onto those large validators and their delegators. + +## Decision + +### Design + +To solve this problem, we will implement a procedure called Proportional Slashing. The desire is that the larger a validator is, the more they should be slashed. The first naive attempt is to make a validator's slash percent proportional to their share of consensus voting power. + +```text +slash_amount = k * power // power is the faulting validator's voting power and k is some on-chain constant +``` + +However, this will incentivize validators with large amounts of stake to split up their voting power amongst accounts (sybil attack), so that if they fault, they all get slashed at a lower percent. The solution to this is to take into account not just a validator's own voting percentage, but also the voting percentage of all the other validators who get slashed in a specified time frame. + +```text +slash_amount = k * (power_1 + power_2 + ... + power_n) // where power_i is the voting power of the ith validator faulting in the specified time frame and k is some on-chain constant +``` + +Now, if someone splits a validator of 10% into two validators of 5% each which both fault, then they both fault in the same time frame, they both will get slashed at the sum 10% amount. + +However in practice, we likely don't want a linear relation between amount of stake at fault, and the percentage of stake to slash. In particular, solely 5% of stake double signing effectively did nothing to majorly threaten security, whereas 30% of stake being at fault clearly merits a large slashing factor, due to being very close to the point at which Tendermint security is threatened. A linear relation would require a factor of 6 gap between these two, whereas the difference in risk posed to the network is much larger. We propose using S-curves (formally [logistic functions](https://en.wikipedia.org/wiki/Logistic_function) to solve this). S-Curves capture the desired criterion quite well. They allow the slashing factor to be minimal for small values, and then grow very rapidly near some threshold point where the risk posed becomes notable. + +#### Parameterization + +This requires parameterizing a logistic function. It is very well understood how to parameterize this. It has four parameters: + +1) A minimum slashing factor +2) A maximum slashing factor +3) The inflection point of the S-curve (essentially where do you want to center the S) +4) The rate of growth of the S-curve (How elongated is the S) + +#### Correlation across non-sybil validators + +One will note, that this model doesn't differentiate between multiple validators run by the same operators vs validators run by different operators. This can be seen as an additional benefit in fact. It incentivizes validators to differentiate their setups from other validators, to avoid having correlated faults with them or else they risk a higher slash. So for example, operators should avoid using the same popular cloud hosting platforms or using the same Staking as a Service providers. This will lead to a more resilient and decentralized network. + +#### Griefing + +Griefing, the act of intentionally getting oneself slashed in order to make another's slash worse, could be a concern here. However, using the protocol described here, the attacker also gets equally impacted by the grief as the victim, so it would not provide much benefit to the griefer. + +### Implementation + +In the slashing module, we will add two queues that will track all of the recent slash events. For double sign faults, we will define "recent slashes" as ones that have occurred within the last `unbonding period`. For liveness faults, we will define "recent slashes" as ones that have occurred within the last `jail period`. + +```go +type SlashEvent struct { + Address sdk.ValAddress + ValidatorVotingPercent sdk.Dec + SlashedSoFar sdk.Dec +} +``` + +These slash events will be pruned from the queue once they are older than their respective "recent slash period". + +Whenever a new slash occurs, a `SlashEvent` struct is created with the faulting validator's voting percent and a `SlashedSoFar` of 0. Because recent slash events are pruned before the unbonding period and unjail period expires, it should not be possible for the same validator to have multiple SlashEvents in the same Queue at the same time. + +We then will iterate over all the SlashEvents in the queue, adding their `ValidatorVotingPercent` to calculate the new percent to slash all the validators in the queue at, using the "Square of Sum of Roots" formula introduced above. + +Once we have the `NewSlashPercent`, we then iterate over all the `SlashEvent`s in the queue once again, and if `NewSlashPercent > SlashedSoFar` for that SlashEvent, we call the `staking.Slash(slashEvent.Address, slashEvent.Power, Math.Min(Math.Max(minSlashPercent, NewSlashPercent - SlashedSoFar), maxSlashPercent)` (we pass in the power of the validator before any slashes occurred, so that we slash the right amount of tokens). We then set `SlashEvent.SlashedSoFar` amount to `NewSlashPercent`. + +## Status + +Proposed + +## Consequences + +### Positive + +* Increases decentralization by disincentivizing delegating to large validators +* Incentivizes Decorrelation of Validators +* More severely punishes attacks than accidental faults +* More flexibility in slashing rates parameterization + +### Negative + +* More computationally expensive than current implementation. Will require more data about "recent slashing events" to be stored on chain. diff --git a/copy-of-sdk-docs/build/architecture/adr-016-validator-consensus-key-rotation.md b/copy-of-sdk-docs/build/architecture/adr-016-validator-consensus-key-rotation.md new file mode 100644 index 00000000..37ba3e52 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-016-validator-consensus-key-rotation.md @@ -0,0 +1,125 @@ +# ADR 016: Validator Consensus Key Rotation + +## Changelog + +* 2019 Oct 23: Initial draft +* 2019 Nov 28: Add key rotation fee + +## Context + +Validator consensus key rotation feature has been discussed and requested for a long time, for the sake of safer validator key management policy (e.g. https://github.com/tendermint/tendermint/issues/1136). So, we suggest one of the simplest form of validator consensus key rotation implementation mostly onto Cosmos SDK. + +We don't need to make any update on consensus logic in Tendermint because Tendermint does not have any mapping information of consensus key and validator operator key, meaning that from Tendermint's point of view, a consensus key rotation of a validator is simply a replacement of a consensus key to another. + +Also, it should be noted that this ADR includes only the simplest form of consensus key rotation without considering the multiple consensus keys concept. Such multiple consensus keys concept shall remain a long term goal of Tendermint and Cosmos SDK. + +## Decision + +### Pseudo procedure for consensus key rotation + +* create new random consensus key. +* create and broadcast a transaction with a `MsgRotateConsPubKey` that states the new consensus key is now coupled with the validator operator with a signature from the validator's operator key. +* old consensus key becomes unable to participate on consensus immediately after the update of key mapping state on-chain. +* start validating with new consensus key. +* validators using HSM and KMS should update the consensus key in HSM to use the new rotated key after the height `h` when `MsgRotateConsPubKey` is committed to the blockchain. + +### Considerations + +* consensus key mapping information management strategy + * store history of each key mapping changes in the kvstore. + * the state machine can search corresponding consensus key paired with the given validator operator for any arbitrary height in a recent unbonding period. + * the state machine does not need any historical mapping information which is past more than unbonding period. +* key rotation costs related to LCD and IBC + * LCD and IBC will have a traffic/computation burden when there exists frequent power changes + * In current Tendermint design, consensus key rotations are seen as power changes from LCD or IBC perspective + * Therefore, to minimize unnecessary frequent key rotation behavior, we limited the maximum number of rotation in recent unbonding period and also applied exponentially increasing rotation fee +* limits + * a validator cannot rotate its consensus key more than `MaxConsPubKeyRotations` time for any unbonding period, to prevent spam. + * parameters can be decided by governance and stored in genesis file. +* key rotation fee + * a validator should pay `KeyRotationFee` to rotate the consensus key which is calculated as below + * `KeyRotationFee` = (max(`VotingPowerPercentage` *100, 1)* `InitialKeyRotationFee`) * 2^(number of rotations in `ConsPubKeyRotationHistory` in recent unbonding period) +* evidence module + * evidence module can search corresponding consensus key for any height from slashing keeper so that it can decide which consensus key is supposed to be used for the given height. +* abci.ValidatorUpdate + * tendermint already has ability to change a consensus key by ABCI communication(`ValidatorUpdate`). + * validator consensus key update can be done via creating new + delete old by change the power to zero. + * therefore, we expect we do not even need to change Tendermint codebase at all to implement this feature. +* new genesis parameters in `staking` module + * `MaxConsPubKeyRotations` : maximum number of rotation can be executed by a validator in recent unbonding period. default value 10 is suggested(11th key rotation will be rejected) + * `InitialKeyRotationFee` : the initial key rotation fee when no key rotation has happened in recent unbonding period. default value 1atom is suggested(1atom fee for the first key rotation in recent unbonding period) + +### Workflow + +1. The validator generates a new consensus keypair. +2. The validator generates and signs a `MsgRotateConsPubKey` tx with their operator key and new ConsPubKey + + ```go + type MsgRotateConsPubKey struct { + ValidatorAddress sdk.ValAddress + NewPubKey crypto.PubKey + } + ``` + +3. `handleMsgRotateConsPubKey` gets `MsgRotateConsPubKey`, calls `RotateConsPubKey` with emits event +4. `RotateConsPubKey` + * checks if `NewPubKey` is not duplicated on `ValidatorsByConsAddr` + * checks if the validator is does not exceed parameter `MaxConsPubKeyRotations` by iterating `ConsPubKeyRotationHistory` + * checks if the signing account has enough balance to pay `KeyRotationFee` + * pays `KeyRotationFee` to community fund + * overwrites `NewPubKey` in `validator.ConsPubKey` + * deletes old `ValidatorByConsAddr` + * `SetValidatorByConsAddr` for `NewPubKey` + * Add `ConsPubKeyRotationHistory` for tracking rotation + + ```go + type ConsPubKeyRotationHistory struct { + OperatorAddress sdk.ValAddress + OldConsPubKey crypto.PubKey + NewConsPubKey crypto.PubKey + RotatedHeight int64 + } + ``` + +5. `ApplyAndReturnValidatorSetUpdates` checks if there is `ConsPubKeyRotationHistory` with `ConsPubKeyRotationHistory.RotatedHeight == ctx.BlockHeight()` and if so, generates 2 `ValidatorUpdate` , one for a remove validator and one for create new validator + + ```go + abci.ValidatorUpdate{ + PubKey: cmttypes.TM2PB.PubKey(OldConsPubKey), + Power: 0, + } + + abci.ValidatorUpdate{ + PubKey: cmttypes.TM2PB.PubKey(NewConsPubKey), + Power: v.ConsensusPower(), + } + ``` + +6. at `previousVotes` Iteration logic of `AllocateTokens`, `previousVote` using `OldConsPubKey` match up with `ConsPubKeyRotationHistory`, and replace validator for token allocation +7. Migrate `ValidatorSigningInfo` and `ValidatorMissedBlockBitArray` from `OldConsPubKey` to `NewConsPubKey` + +* Note : All above features shall be implemented in `staking` module. + +## Status + +Proposed + +## Consequences + +### Positive + +* Validators can immediately or periodically rotate their consensus key to have a better security policy +* improved security against Long-Range attacks (https://nearprotocol.com/blog/long-range-attacks-and-a-new-fork-choice-rule) given a validator throws away the old consensus key(s) + +### Negative + +* Slash module needs more computation because it needs to look up the corresponding consensus key of validators for each height +* frequent key rotations will make light client bisection less efficient + +### Neutral + +## References + +* on tendermint repo : https://github.com/tendermint/tendermint/issues/1136 +* on cosmos-sdk repo : https://github.com/cosmos/cosmos-sdk/issues/5231 +* about multiple consensus keys : https://github.com/tendermint/tendermint/issues/1758#issuecomment-545291698 diff --git a/copy-of-sdk-docs/build/architecture/adr-017-historical-header-module.md b/copy-of-sdk-docs/build/architecture/adr-017-historical-header-module.md new file mode 100644 index 00000000..573c632c --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-017-historical-header-module.md @@ -0,0 +1,61 @@ +# ADR 17: Historical Header Module + +## Changelog + +* 26 November 2019: Start of first version +* 2 December 2019: Final draft of first version + +## Context + +In order for the Cosmos SDK to implement the [IBC specification](https://github.com/cosmos/ics), modules within the Cosmos SDK must have the ability to introspect recent consensus states (validator sets & commitment roots) as proofs of these values on other chains must be checked during the handshakes. + +## Decision + +The application MUST store the most recent `n` headers in a persistent store. At first, this store MAY be the current Merklised store. A non-Merklised store MAY be used later as no proofs are necessary. + +The application MUST store this information by storing new headers immediately when handling `abci.RequestBeginBlock`: + +```go +func BeginBlock(ctx sdk.Context, keeper HistoricalHeaderKeeper, req abci.RequestBeginBlock) abci.ResponseBeginBlock { + info := HistoricalInfo{ + Header: ctx.BlockHeader(), + ValSet: keeper.StakingKeeper.GetAllValidators(ctx), // note that this must be stored in a canonical order + } + keeper.SetHistoricalInfo(ctx, ctx.BlockHeight(), info) + n := keeper.GetParamRecentHeadersToStore() + keeper.PruneHistoricalInfo(ctx, ctx.BlockHeight() - n) + // continue handling request +} +``` + +Alternatively, the application MAY store only the hash of the validator set. + +The application MUST make these past `n` committed headers available for querying by Cosmos SDK modules through the `Keeper`'s `GetHistoricalInfo` function. This MAY be implemented in a new module, or it MAY also be integrated into an existing one (likely `x/staking` or `x/ibc`). + +`n` MAY be configured as a parameter store parameter, in which case it could be changed by `ParameterChangeProposal`s, although it will take some blocks for the stored information to catch up if `n` is increased. + +## Status + +Proposed. + +## Consequences + +Implementation of this ADR will require changes to the Cosmos SDK. It will not require changes to Tendermint. + +### Positive + +* Easy retrieval of headers & state roots for recent past heights by modules anywhere in the Cosmos SDK. +* No RPC calls to Tendermint required. +* No ABCI alterations required. + +### Negative + +* Duplicates `n` headers data in Tendermint & the application (additional disk usage) - in the long term, an approach such as [this](https://github.com/tendermint/tendermint/issues/4210) might be preferable. + +### Neutral + +(none known) + +## References + +* [ICS 2: "Consensus state introspection"](https://github.com/cosmos/ibc/tree/master/spec/core/ics-002-client-semantics#consensus-state-introspection) diff --git a/copy-of-sdk-docs/build/architecture/adr-018-extendable-voting-period.md b/copy-of-sdk-docs/build/architecture/adr-018-extendable-voting-period.md new file mode 100644 index 00000000..2624e21e --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-018-extendable-voting-period.md @@ -0,0 +1,66 @@ +# ADR 18: Extendable Voting Periods + +## Changelog + +* 1 January 2020: Start of first version + +## Context + +Currently the voting period for all governance proposals is the same. However, this is suboptimal as all governance proposals do not require the same time period. For more non-contentious proposals, they can be dealt with more efficiently with a faster period, while more contentious or complex proposals may need a longer period for extended discussion/consideration. + +## Decision + +We would like to design a mechanism for making the voting period of a governance proposal variable based on the demand of voters. We would like it to be based on the view of the governance participants, rather than just the proposer of a governance proposal (thus, allowing the proposer to select the voting period length is not sufficient). + +However, we would like to avoid the creation of an entire second voting process to determine the length of the voting period, as it just pushed the problem to determining the length of that first voting period. + +Thus, we propose the following mechanism: + +### Params + +* The current gov param `VotingPeriod` is to be replaced by a `MinVotingPeriod` param. This is the default voting period that all governance proposal voting periods start with. +* There is a new gov param called `MaxVotingPeriodExtension`. + +### Mechanism + +There is a new `Msg` type called `MsgExtendVotingPeriod`, which can be sent by any staked account during a proposal's voting period. It allows the sender to unilaterally extend the length of the voting period by `MaxVotingPeriodExtension * sender's share of voting power`. Every address can only call `MsgExtendVotingPeriod` once per proposal. + +So for example, if the `MaxVotingPeriodExtension` is set to 100 Days, then anyone with 1% of voting power can extend the voting power by 1 day. If 33% of voting power has sent the message, the voting period will be extended by 33 days. Thus, if absolutely everyone chooses to extend the voting period, the absolute maximum voting period will be `MinVotingPeriod + MaxVotingPeriodExtension`. + +This system acts as a sort of distributed coordination, where individual stakers choosing to extend or not, allows the system the gauge the contentiousness/complexity of the proposal. It is extremely unlikely that many stakers will choose to extend at the exact same time, it allows stakers to view how long others have already extended thus far, to decide whether or not to extend further. + +### Dealing with Unbonding/Redelegation + +There is one thing that needs to be addressed. How to deal with redelegation/unbonding during the voting period. If a staker of 5% calls `MsgExtendVotingPeriod` and then unbonds, does the voting period then decrease by 5 days again? This is not good as it can give people a false sense of how long they have to make their decision. For this reason, we want to design it such that the voting period length can only be extended, not shortened. To do this, the current extension amount is based on the highest percent that voted extension at any time. This is best explained by example: + +1. Let's say 2 stakers of voting power 4% and 3% respectively vote to extend. The voting period will be extended by 7 days. +2. Now the staker of 3% decides to unbond before the end of the voting period. The voting period extension remains 7 days. +3. Now, let's say another staker of 2% voting power decides to extend voting period. There is now 6% of active voting power choosing the extend. The voting power remains 7 days. +4. If a fourth staker of 10% chooses to extend now, there is a total of 16% of active voting power wishing to extend. The voting period will be extended to 16 days. + +### Delegators + +Just like votes in the actual voting period, delegators automatically inherit the extension of their validators. If their validator chooses to extend, their voting power will be used in the validator's extension. However, the delegator is unable to override their validator and "unextend" as that would contradict the "voting power length can only be ratcheted up" principle described in the previous section. However, a delegator may choose the extend using their personal voting power, if their validator has not done so. + +## Status + +Proposed + +## Consequences + +### Positive + +* More complex/contentious governance proposals will have more time to properly digest and deliberate + +### Negative + +* Governance process becomes more complex and requires more understanding to interact with effectively +* Can no longer predict when a governance proposal will end. Can't assume order in which governance proposals will end. + +### Neutral + +* The minimum voting period can be made shorter + +## References + +* [Cosmos Forum post where idea first originated](https://forum.cosmos.network/t/proposal-draft-reduce-governance-voting-period-to-7-days/3032/9) diff --git a/copy-of-sdk-docs/build/architecture/adr-019-protobuf-state-encoding.md b/copy-of-sdk-docs/build/architecture/adr-019-protobuf-state-encoding.md new file mode 100644 index 00000000..d0fc506e --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-019-protobuf-state-encoding.md @@ -0,0 +1,379 @@ +# ADR 019: Protocol Buffer State Encoding + +## Changelog + +* 2020 Feb 15: Initial Draft +* 2020 Feb 24: Updates to handle messages with interface fields +* 2020 Apr 27: Convert usages of `oneof` for interfaces to `Any` +* 2020 May 15: Describe `cosmos_proto` extensions and amino compatibility +* 2020 Dec 4: Move and rename `MarshalAny` and `UnmarshalAny` into the `codec.Codec` interface. +* 2021 Feb 24: Remove mentions of `HybridCodec`, which has been abandoned in [#6843](https://github.com/cosmos/cosmos-sdk/pull/6843). + +## Status + +Accepted + +## Context + +Currently, the Cosmos SDK utilizes [go-amino](https://github.com/tendermint/go-amino/) for binary +and JSON object encoding over the wire bringing parity between logical objects and persistence objects. + +From the Amino docs: + +> Amino is an object encoding specification. It is a subset of Proto3 with an extension for interface +> support. See the [Proto3 spec](https://developers.google.com/protocol-buffers/docs/proto3) for more +> information on Proto3, which Amino is largely compatible with (but not with Proto2). +> +> The goal of the Amino encoding protocol is to bring parity into logic objects and persistence objects. + +Amino also aims to have the following goals (not a complete list): + +* Binary bytes must be decodable with a schema. +* Schema must be upgradeable. +* The encoder and decoder logic must be reasonably simple. + +However, we believe that Amino does not fulfill these goals completely and does not fully meet the +needs of a truly flexible cross-language and multi-client compatible encoding protocol in the Cosmos SDK. +Namely, Amino has proven to be a big pain-point in regards to supporting object serialization across +clients written in various languages while providing virtually little in the way of true backwards +compatibility and upgradeability. Furthermore, through profiling and various benchmarks, Amino has +been shown to be an extremely large performance bottleneck in the Cosmos SDK 1. This is +largely reflected in the performance of simulations and application transaction throughput. + +Thus, we need to adopt an encoding protocol that meets the following criteria for state serialization: + +* Language agnostic +* Platform agnostic +* Rich client support and thriving ecosystem +* High performance +* Minimal encoded message size +* Codegen-based over reflection-based +* Supports backward and forward compatibility + +Note, migrating away from Amino should be viewed as a two-pronged approach, state and client encoding. +This ADR focuses on state serialization in the Cosmos SDK state machine. A corresponding ADR will be +made to address client-side encoding. + +## Decision + +We will adopt [Protocol Buffers](https://developers.google.com/protocol-buffers) for serializing +persisted structured data in the Cosmos SDK while providing a clean mechanism and developer UX for +applications wishing to continue to use Amino. We will provide this mechanism by updating modules to +accept a codec interface, `Marshaler`, instead of a concrete Amino codec. Furthermore, the Cosmos SDK +will provide two concrete implementations of the `Marshaler` interface: `AminoCodec` and `ProtoCodec`. + +* `AminoCodec`: Uses Amino for both binary and JSON encoding. +* `ProtoCodec`: Uses Protobuf for both binary and JSON encoding. + +Modules will use whichever codec is instantiated in the app. By default, the Cosmos SDK's `simapp` +instantiates a `ProtoCodec` as the concrete implementation of `Marshaler`, inside the `MakeTestEncodingConfig` +function. This can be easily overwritten by app developers if they so desire. + +The ultimate goal will be to replace Amino JSON encoding with Protobuf encoding and thus have +modules accept and/or extend `ProtoCodec`. Until then, Amino JSON is still provided for legacy use-cases. +A handful of places in the Cosmos SDK still have Amino JSON hardcoded, such as the Legacy API REST endpoints +and the `x/params` store. They are planned to be converted to Protobuf in a gradual manner. + +### Module Codecs + +Modules that do not require the ability to work with and serialize interfaces, the path to Protobuf +migration is pretty straightforward. These modules are to simply migrate any existing types that +are encoded and persisted via their concrete Amino codec to Protobuf and have their keeper accept a +`Marshaler` that will be a `ProtoCodec`. This migration is simple as things will just work as-is. + +Note, any business logic that needs to encode primitive types like `bool` or `int64` should use +[gogoprotobuf](https://github.com/cosmos/gogoproto) Value types. + +Example: + +```go + ts, err := gogotypes.TimestampProto(completionTime) + if err != nil { + // ... + } + + bz := cdc.MustMarshal(ts) +``` + +However, modules can vary greatly in purpose and design and so we must support the ability for modules +to be able to encode and work with interfaces (e.g. `Account` or `Content`). For these modules, they +must define their own codec interface that extends `Marshaler`. These specific interfaces are unique +to the module and will contain method contracts that know how to serialize the needed interfaces. + +Example: + +```go +// x/auth/types/codec.go + +type Codec interface { + codec.Codec + + MarshalAccount(acc exported.Account) ([]byte, error) + UnmarshalAccount(bz []byte) (exported.Account, error) + + MarshalAccountJSON(acc exported.Account) ([]byte, error) + UnmarshalAccountJSON(bz []byte) (exported.Account, error) +} +``` + +### Usage of `Any` to encode interfaces + +In general, module-level .proto files should define messages which encode interfaces +using [`google.protobuf.Any`](https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/any.proto). +After [extension discussion](https://github.com/cosmos/cosmos-sdk/issues/6030), +this was chosen as the preferred alternative to application-level `oneof`s +as in our original protobuf design. The arguments in favor of `Any` can be +summarized as follows: + +* `Any` provides a simpler, more consistent client UX for dealing with +interfaces than app-level `oneof`s that will need to be coordinated more +carefully across applications. Creating a generic transaction +signing library using `oneof`s may be cumbersome and critical logic may need +to be reimplemented for each chain +* `Any` provides more resistance against human error than `oneof` +* `Any` is generally simpler to implement for both modules and apps + +The main counter-argument to using `Any` centers around its additional space +and possibly performance overhead. The space overhead could be dealt with using +compression at the persistence layer in the future and the performance impact +is likely to be small. Thus, not using `Any` is seen as a pre-mature optimization, +with user experience as the higher order concern. + +Note, that given the Cosmos SDK's decision to adopt the `Codec` interfaces described +above, apps can still choose to use `oneof` to encode state and transactions +but it is not the recommended approach. If apps do choose to use `oneof`s +instead of `Any` they will likely lose compatibility with client apps that +support multiple chains. Thus developers should think carefully about whether +they care more about what is possibly a premature optimization or end-user +and client developer UX. + +### Safe usage of `Any` + +By default, the [gogo protobuf implementation of `Any`](https://pkg.go.dev/github.com/cosmos/gogoproto/types) +uses [global type registration]( https://github.com/cosmos/gogoproto/blob/master/proto/properties.go#L540) +to decode values packed in `Any` into concrete +go types. This introduces a vulnerability where any malicious module +in the dependency tree could register a type with the global protobuf registry +and cause it to be loaded and unmarshaled by a transaction that referenced +it in the `type_url` field. + +To prevent this, we introduce a type registration mechanism for decoding `Any` +values into concrete types through the `InterfaceRegistry` interface which +bears some similarity to type registration with Amino: + +```go +type InterfaceRegistry interface { + // RegisterInterface associates protoName as the public name for the + // interface passed in as iface + // Ex: + // registry.RegisterInterface("cosmos_sdk.Msg", (*sdk.Msg)(nil)) + RegisterInterface(protoName string, iface interface{}) + + // RegisterImplementations registers impls as concrete implementations of + // the interface iface + // Ex: + // registry.RegisterImplementations((*sdk.Msg)(nil), &MsgSend{}, &MsgMultiSend{}) + RegisterImplementations(iface interface{}, impls ...proto.Message) + +} +``` + +In addition to serving as a whitelist, `InterfaceRegistry` can also serve +to communicate the list of concrete types that satisfy an interface to clients. + +In .proto files: + +* fields which accept interfaces should be annotated with `cosmos_proto.accepts_interface` +using the same full-qualified name passed as `protoName` to `InterfaceRegistry.RegisterInterface` +* interface implementations should be annotated with `cosmos_proto.implements_interface` +using the same full-qualified name passed as `protoName` to `InterfaceRegistry.RegisterInterface` + +In the future, `protoName`, `cosmos_proto.accepts_interface`, `cosmos_proto.implements_interface` +may be used via code generation, reflection &/or static linting. + +The same struct that implements `InterfaceRegistry` will also implement an +interface `InterfaceUnpacker` to be used for unpacking `Any`s: + +```go +type InterfaceUnpacker interface { + // UnpackAny unpacks the value in any to the interface pointer passed in as + // iface. Note that the type in any must have been registered with + // RegisterImplementations as a concrete type for that interface + // Ex: + // var msg sdk.Msg + // err := ctx.UnpackAny(any, &msg) + // ... + UnpackAny(any *Any, iface interface{}) error +} +``` + +Note that `InterfaceRegistry` usage does not deviate from standard protobuf +usage of `Any`, it just introduces a security and introspection layer for +golang usage. + +`InterfaceRegistry` will be a member of `ProtoCodec` +described above. In order for modules to register interface types, app modules +can optionally implement the following interface: + +```go +type InterfaceModule interface { + RegisterInterfaceTypes(InterfaceRegistry) +} +``` + +The module manager will include a method to call `RegisterInterfaceTypes` on +every module that implements it in order to populate the `InterfaceRegistry`. + +### Using `Any` to encode state + +The Cosmos SDK will provide support methods `MarshalInterface` and `UnmarshalInterface` to hide the complexity of wrapping interface types into `Any` and allow easy serialization. + +```go +import "github.com/cosmos/cosmos-sdk/codec" + +// note: eviexported.Evidence is an interface type +func MarshalEvidence(cdc codec.BinaryCodec, e eviexported.Evidence) ([]byte, error) { + return cdc.MarshalInterface(e) +} + +func UnmarshalEvidence(cdc codec.BinaryCodec, bz []byte) (eviexported.Evidence, error) { + var evi eviexported.Evidence + err := cdc.UnmarshalInterface(&evi, bz) + return err, nil +} +``` + +### Using `Any` in `sdk.Msg`s + +A similar concept is to be applied for messages that contain interface fields. +For example, we can define `MsgSubmitEvidence` as follows where `Evidence` is +an interface: + +```protobuf +// x/evidence/types/types.proto + +message MsgSubmitEvidence { + bytes submitter = 1 + [ + (gogoproto.casttype) = "github.com/cosmos/cosmos-sdk/types.AccAddress" + ]; + google.protobuf.Any evidence = 2; +} +``` + +Note that in order to unpack the evidence from `Any` we do need a reference to +`InterfaceRegistry`. In order to reference evidence in methods like +`ValidateBasic` which shouldn't have to know about the `InterfaceRegistry`, we +introduce an `UnpackInterfaces` phase to deserialization which unpacks +interfaces before they're needed. + +### Unpacking Interfaces + +To implement the `UnpackInterfaces` phase of deserialization which unpacks +interfaces wrapped in `Any` before they're needed, we create an interface +that `sdk.Msg`s and other types can implement: + +```go +type UnpackInterfacesMessage interface { + UnpackInterfaces(InterfaceUnpacker) error +} +``` + +We also introduce a private `cachedValue interface{}` field onto the `Any` +struct itself with a public getter `GetCachedValue() interface{}`. + +The `UnpackInterfaces` method is to be invoked during message deserialization right +after `Unmarshal` and any interface values packed in `Any`s will be decoded +and stored in `cachedValue` for reference later. + +Then unpacked interface values can safely be used in any code afterwards +without knowledge of the `InterfaceRegistry` +and messages can introduce a simple getter to cast the cached value to the +correct interface type. + +This has the added benefit that unmarshaling of `Any` values only happens once +during initial deserialization rather than every time the value is read. Also, +when `Any` values are first packed (for instance in a call to +`NewMsgSubmitEvidence`), the original interface value is cached so that +unmarshaling isn't needed to read it again. + +`MsgSubmitEvidence` could implement `UnpackInterfaces`, plus a convenience getter +`GetEvidence` as follows: + +```go +func (msg MsgSubmitEvidence) UnpackInterfaces(ctx sdk.InterfaceRegistry) error { + var evi eviexported.Evidence + return ctx.UnpackAny(msg.Evidence, *evi) +} + +func (msg MsgSubmitEvidence) GetEvidence() eviexported.Evidence { + return msg.Evidence.GetCachedValue().(eviexported.Evidence) +} +``` + +### Amino Compatibility + +Our custom implementation of `Any` can be used transparently with Amino if used +with the proper codec instance. What this means is that interfaces packed within +`Any`s will be amino marshaled like regular Amino interfaces (assuming they +have been registered properly with Amino). + +In order for this functionality to work: + +* **all legacy code must use `*codec.LegacyAmino` instead of `*amino.Codec` which is + now a wrapper which properly handles `Any`** +* **all new code should use `Marshaler` which is compatible with both amino and + protobuf** +* Also, before v0.39, `codec.LegacyAmino` will be renamed to `codec.LegacyAmino`. + +### Why Wasn't X Chosen Instead + +For a more complete comparison to alternative protocols, see [here](https://codeburst.io/json-vs-protocol-buffers-vs-flatbuffers-a4247f8bda6f). + +### Cap'n Proto + +While [Cap’n Proto](https://capnproto.org/) does seem like an advantageous alternative to Protobuf +due to its native support for interfaces/generics and built-in canonicalization, it does lack the +rich client ecosystem compared to Protobuf and is a bit less mature. + +### FlatBuffers + +[FlatBuffers](https://google.github.io/flatbuffers/) is also a potentially viable alternative, with the +primary difference being that FlatBuffers does not need a parsing/unpacking step to a secondary +representation before you can access data, often coupled with per-object memory allocation. + +However, it would require great efforts into research and a full understanding the scope of the migration +and path forward -- which isn't immediately clear. In addition, FlatBuffers aren't designed for +untrusted inputs. + +## Future Improvements & Roadmap + +In the future we may consider a compression layer right above the persistence +layer which doesn't change tx or merkle tree hashes, but reduces the storage +overhead of `Any`. In addition, we may adopt protobuf naming conventions which +make type URLs a bit more concise while remaining descriptive. + +Additional code generation support around the usage of `Any` is something that +could also be explored in the future to make the UX for go developers more +seamless. + +## Consequences + +### Positive + +* Significant performance gains. +* Supports backward and forward type compatibility. +* Better support for cross-language clients. + +### Negative + +* Learning curve required to understand and implement Protobuf messages. +* Slightly larger message size due to use of `Any`, although this could be offset + by a compression layer in the future + +### Neutral + +## References + +1. https://github.com/cosmos/cosmos-sdk/issues/4977 +2. https://github.com/cosmos/cosmos-sdk/issues/5444 diff --git a/copy-of-sdk-docs/build/architecture/adr-020-protobuf-transaction-encoding.md b/copy-of-sdk-docs/build/architecture/adr-020-protobuf-transaction-encoding.md new file mode 100644 index 00000000..9633fb20 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-020-protobuf-transaction-encoding.md @@ -0,0 +1,464 @@ +# ADR 020: Protocol Buffer Transaction Encoding + +## Changelog + +* 2020 March 06: Initial Draft +* 2020 March 12: API Updates +* 2020 April 13: Added details on interface `oneof` handling +* 2020 April 30: Switch to `Any` +* 2020 May 14: Describe public key encoding +* 2020 June 08: Store `TxBody` and `AuthInfo` as bytes in `SignDoc`; Document `TxRaw` as broadcast and storage type. +* 2020 August 07: Use ADR 027 for serializing `SignDoc`. +* 2020 August 19: Move sequence field from `SignDoc` to `SignerInfo`, as discussed in [#6966](https://github.com/cosmos/cosmos-sdk/issues/6966). +* 2020 September 25: Remove `PublicKey` type in favor of `secp256k1.PubKey`, `ed25519.PubKey` and `multisig.LegacyAminoPubKey`. +* 2020 October 15: Add `GetAccount` and `GetAccountWithHeight` methods to the `AccountRetriever` interface. +* 2021 Feb 24: The Cosmos SDK does not use Tendermint's `PubKey` interface anymore, but its own `cryptotypes.PubKey`. Updates to reflect this. +* 2021 May 3: Rename `clientCtx.JSONMarshaler` to `clientCtx.JSONCodec`. +* 2021 June 10: Add `clientCtx.Codec: codec.Codec`. + +## Status + +Accepted + +## Context + +This ADR is a continuation of the motivation, design, and context established in +[ADR 019](./adr-019-protobuf-state-encoding.md), namely, we aim to design the +Protocol Buffer migration path for the client-side of the Cosmos SDK. + +Specifically, the client-side migration path primarily includes tx generation and +signing, message construction and routing, in addition to CLI & REST handlers and +business logic (i.e. queriers). + +With this in mind, we will tackle the migration path via two main areas, txs and +querying. However, this ADR solely focuses on transactions. Querying should be +addressed in a future ADR, but it should build off of these proposals. + +Based on detailed discussions ([\#6030](https://github.com/cosmos/cosmos-sdk/issues/6030) +and [\#6078](https://github.com/cosmos/cosmos-sdk/issues/6078)), the original +design for transactions was changed substantially from an `oneof` /JSON-signing +approach to the approach described below. + +## Decision + +### Transactions + +Since interface values are encoded with `google.protobuf.Any` in state (see [ADR 019](adr-019-protobuf-state-encoding.md)), +`sdk.Msg`s are encoded with `Any` in transactions. + +One of the main goals of using `Any` to encode interface values is to have a +core set of types which is reused by apps so that +clients can safely be compatible with as many chains as possible. + +It is one of the goals of this specification to provide a flexible cross-chain transaction +format that can serve a wide variety of use cases without breaking the client +compatibility. + +In order to facilitate signing, transactions are separated into `TxBody`, +which will be reused by `SignDoc` below, and `signatures`: + +```protobuf +// types/types.proto +package cosmos_sdk.v1; + +message Tx { + TxBody body = 1; + AuthInfo auth_info = 2; + // A list of signatures that matches the length and order of AuthInfo's signer_infos to + // allow connecting signature meta information like public key and signing mode by position. + repeated bytes signatures = 3; +} + +// A variant of Tx that pins the signer's exact binary representation of body and +// auth_info. This is used for signing, broadcasting and verification. The binary +// `serialize(tx: TxRaw)` is stored in Tendermint and the hash `sha256(serialize(tx: TxRaw))` +// becomes the "txhash", commonly used as the transaction ID. +message TxRaw { + // A protobuf serialization of a TxBody that matches the representation in SignDoc. + bytes body = 1; + // A protobuf serialization of an AuthInfo that matches the representation in SignDoc. + bytes auth_info = 2; + // A list of signatures that matches the length and order of AuthInfo's signer_infos to + // allow connecting signature meta information like public key and signing mode by position. + repeated bytes signatures = 3; +} + +message TxBody { + // A list of messages to be executed. The required signers of those messages define + // the number and order of elements in AuthInfo's signer_infos and Tx's signatures. + // Each required signer address is added to the list only the first time it occurs. + // + // By convention, the first required signer (usually from the first message) is referred + // to as the primary signer and pays the fee for the whole transaction. + repeated google.protobuf.Any messages = 1; + string memo = 2; + int64 timeout_height = 3; + repeated google.protobuf.Any extension_options = 1023; +} + +message AuthInfo { + // This list defines the signing modes for the required signers. The number + // and order of elements must match the required signers from TxBody's messages. + // The first element is the primary signer and the one which pays the fee. + repeated SignerInfo signer_infos = 1; + // The fee can be calculated based on the cost of evaluating the body and doing signature verification of the signers. This can be estimated via simulation. + Fee fee = 2; +} + +message SignerInfo { + // The public key is optional for accounts that already exist in state. If unset, the + // verifier can use the required signer address for this position and lookup the public key. + google.protobuf.Any public_key = 1; + // ModeInfo describes the signing mode of the signer and is a nested + // structure to support nested multisig pubkey's + ModeInfo mode_info = 2; + // sequence is the sequence of the account, which describes the + // number of committed transactions signed by a given address. It is used to prevent + // replay attacks. + uint64 sequence = 3; +} + +message ModeInfo { + oneof sum { + Single single = 1; + Multi multi = 2; + } + + // Single is the mode info for a single signer. It is structured as a message + // to allow for additional fields such as locale for SIGN_MODE_TEXTUAL in the future + message Single { + SignMode mode = 1; + } + + // Multi is the mode info for a multisig public key + message Multi { + // bitarray specifies which keys within the multisig are signing + CompactBitArray bitarray = 1; + // mode_infos is the corresponding modes of the signers of the multisig + // which could include nested multisig public keys + repeated ModeInfo mode_infos = 2; + } +} + +enum SignMode { + SIGN_MODE_UNSPECIFIED = 0; + + SIGN_MODE_DIRECT = 1; + + SIGN_MODE_TEXTUAL = 2; + + SIGN_MODE_LEGACY_AMINO_JSON = 127; +} +``` + +As will be discussed below, in order to include as much of the `Tx` as possible +in the `SignDoc`, `SignerInfo` is separated from signatures so that only the +raw signatures themselves live outside of what is signed over. + +Because we are aiming for a flexible, extensible cross-chain transaction +format, new transaction processing options should be added to `TxBody` as soon +those use cases are discovered, even if they can't be implemented yet. + +Because there is coordination overhead in this, `TxBody` includes an +`extension_options` field which can be used for any transaction processing +options that are not already covered. App developers should, nevertheless, +attempt to upstream important improvements to `Tx`. + +### Signing + +All of the signing modes below aim to provide the following guarantees: + +* **No Malleability**: `TxBody` and `AuthInfo` cannot change once the transaction + is signed +* **Predictable Gas**: if I am signing a transaction where I am paying a fee, + the final gas is fully dependent on what I am signing + +These guarantees give the maximum amount of confidence to message signers that +manipulation of `Tx`s by intermediaries can't result in any meaningful changes. + +#### `SIGN_MODE_DIRECT` + +The "direct" signing behavior is to sign the raw `TxBody` bytes as broadcast over +the wire. This has the advantages of: + +* requiring the minimum additional client capabilities beyond a standard protocol + buffers implementation +* leaving effectively zero holes for transaction malleability (i.e. there are no + subtle differences between the signing and encoding formats which could + potentially be exploited by an attacker) + +Signatures are structured using the `SignDoc` below which reuses the serialization of +`TxBody` and `AuthInfo` and only adds the fields which are needed for signatures: + +```protobuf +// types/types.proto +message SignDoc { + // A protobuf serialization of a TxBody that matches the representation in TxRaw. + bytes body = 1; + // A protobuf serialization of an AuthInfo that matches the representation in TxRaw. + bytes auth_info = 2; + string chain_id = 3; + uint64 account_number = 4; +} +``` + +In order to sign in the default mode, clients take the following steps: + +1. Serialize `TxBody` and `AuthInfo` using any valid protobuf implementation. +2. Create a `SignDoc` and serialize it using [ADR 027](./adr-027-deterministic-protobuf-serialization.md). +3. Sign the encoded `SignDoc` bytes. +4. Build a `TxRaw` and serialize it for broadcasting. + +Signature verification is based on comparing the raw `TxBody` and `AuthInfo` +bytes encoded in `TxRaw` not based on any ["canonicalization"](https://github.com/regen-network/canonical-proto3) +algorithm which creates added complexity for clients in addition to preventing +some forms of upgradeability (to be addressed later in this document). + +Signature verifiers do: + +1. Deserialize a `TxRaw` and pull out `body` and `auth_info`. +2. Create a list of required signer addresses from the messages. +3. For each required signer: + * Pull account number and sequence from the state. + * Obtain the public key either from state or `AuthInfo`'s `signer_infos`. + * Create a `SignDoc` and serialize it using [ADR 027](./adr-027-deterministic-protobuf-serialization.md). + * Verify the signature at the same list position against the serialized `SignDoc`. + +#### `SIGN_MODE_LEGACY_AMINO` + +In order to support legacy wallets and exchanges, Amino JSON will be temporarily +supported transaction signing. Once wallets and exchanges have had a +chance to upgrade to protobuf-based signing, this option will be disabled. In +the meantime, it is foreseen that disabling the current Amino signing would cause +too much breakage to be feasible. Note that this is mainly a requirement of the +Cosmos Hub and other chains may choose to disable Amino signing immediately. + +Legacy clients will be able to sign a transaction using the current Amino +JSON format and have it encoded to protobuf using the REST `/tx/encode` +endpoint before broadcasting. + +#### `SIGN_MODE_TEXTUAL` + +As was discussed extensively in [\#6078](https://github.com/cosmos/cosmos-sdk/issues/6078), +there is a desire for a human-readable signing encoding, especially for hardware +wallets like the [Ledger](https://www.ledger.com) which display +transaction contents to users before signing. JSON was an attempt at this but +falls short of the ideal. + +`SIGN_MODE_TEXTUAL` is intended as a placeholder for a human-readable +encoding which will replace Amino JSON. This new encoding should be even more +focused on readability than JSON, possibly based on formatting strings like +[MessageFormat](http://userguide.icu-project.org/formatparse/messages). + +In order to ensure that the new human-readable format does not suffer from +transaction malleability issues, `SIGN_MODE_TEXTUAL` +requires that the _human-readable bytes are concatenated with the raw `SignDoc`_ +to generate sign bytes. + +Multiple human-readable formats (maybe even localized messages) may be supported +by `SIGN_MODE_TEXTUAL` when it is implemented. + +### Unknown Field Filtering + +Unknown fields in protobuf messages should generally be rejected by the transaction +processors because: + +* important data may be present in the unknown fields, that if ignored, will + cause unexpected behavior for clients +* they present a malleability vulnerability where attackers can bloat tx size + by adding random uninterpreted data to unsigned content (i.e. the master `Tx`, + not `TxBody`) + +There are also scenarios where we may choose to safely ignore unknown fields +(https://github.com/cosmos/cosmos-sdk/issues/6078#issuecomment-624400188) to +provide graceful forwards compatibility with newer clients. + +We propose that field numbers with bit 11 set (for most use cases this is +the range of 1024-2047) be considered non-critical fields that can safely be +ignored if unknown. + +To handle this we will need an unknown field filter that: + +* always rejects unknown fields in unsigned content (i.e. top-level `Tx` and + unsigned parts of `AuthInfo` if present based on the signing mode) +* rejects unknown fields in all messages (including nested `Any`s) other than + fields with bit 11 set + +This will likely need to be a custom protobuf parser pass that takes message bytes +and `FileDescriptor`s and returns a boolean result. + +### Public Key Encoding + +Public keys in the Cosmos SDK implement the `cryptotypes.PubKey` interface. +We propose to use `Any` for protobuf encoding as we are doing with other interfaces (for example, in `BaseAccount.PubKey` and `SignerInfo.PublicKey`). +The following public keys are implemented: secp256k1, secp256r1, ed25519 and legacy-multisignature. + +Ex: + +```protobuf +message PubKey { + bytes key = 1; +} +``` + +`multisig.LegacyAminoPubKey` has an array of `Any`'s member to support any +protobuf public key type. + +Apps should only attempt to handle a registered set of public keys that they +have tested. The provided signature verification ante handler decorators will +enforce this. + +### CLI & REST + +Currently, the REST and CLI handlers encode and decode types and txs via Amino +JSON encoding using a concrete Amino codec. Being that some of the types dealt with +in the client can be interfaces, similar to how we described in [ADR 019](./adr-019-protobuf-state-encoding.md), +the client logic will now need to take a codec interface that knows not only how +to handle all the types, but also knows how to generate transactions, signatures, +and messages. + +```go +type AccountRetriever interface { + GetAccount(clientCtx Context, addr sdk.AccAddress) (client.Account, error) + GetAccountWithHeight(clientCtx Context, addr sdk.AccAddress) (client.Account, int64, error) + EnsureExists(clientCtx client.Context, addr sdk.AccAddress) error + GetAccountNumberSequence(clientCtx client.Context, addr sdk.AccAddress) (uint64, uint64, error) +} + +type Generator interface { + NewTx() TxBuilder + NewFee() ClientFee + NewSignature() ClientSignature + MarshalTx(tx types.Tx) ([]byte, error) +} + +type TxBuilder interface { + GetTx() sdk.Tx + + SetMsgs(...sdk.Msg) error + GetSignatures() []sdk.Signature + SetSignatures(...sdk.Signature) + GetFee() sdk.Fee + SetFee(sdk.Fee) + GetMemo() string + SetMemo(string) +} +``` + +We then update `Context` to have new fields: `Codec`, `TxGenerator`, +and `AccountRetriever`, and we update `AppModuleBasic.GetTxCmd` to take +a `Context` which should have all of these fields pre-populated. + +Each client method should then use one of the `Init` methods to re-initialize +the pre-populated `Context`. `tx.GenerateOrBroadcastTx` can be used to +generate or broadcast a transaction. For example: + +```go +import "github.com/spf13/cobra" +import "github.com/cosmos/cosmos-sdk/client" +import "github.com/cosmos/cosmos-sdk/client/tx" + +func NewCmdDoSomething(clientCtx client.Context) *cobra.Command { + return &cobra.Command{ + RunE: func(cmd *cobra.Command, args []string) error { + clientCtx := ctx.InitWithInput(cmd.InOrStdin()) + msg := NewSomeMsg{...} + tx.GenerateOrBroadcastTx(clientCtx, msg) + }, + } +} +``` + +## Future Improvements + +### `SIGN_MODE_TEXTUAL` specification + +A concrete specification and implementation of `SIGN_MODE_TEXTUAL` is intended +as a near-term future improvement so that the ledger app and other wallets +can gracefully transition away from Amino JSON. + +### `SIGN_MODE_DIRECT_AUX` + +(\*Documented as option (3) in https://github.com/cosmos/cosmos-sdk/issues/6078#issuecomment-628026933) + +We could add a mode `SIGN_MODE_DIRECT_AUX` +to support scenarios where multiple signatures +are being gathered into a single transaction but the message composer does not +yet know which signatures will be included in the final transaction. For instance, +I may have a 3/5 multisig wallet and want to send a `TxBody` to all 5 +signers to see who signs first. As soon as I have 3 signatures then I will go +ahead and build the full transaction. + +With `SIGN_MODE_DIRECT`, each signer needs +to sign the full `AuthInfo` which includes the full list of all signers and +their signing modes, making the above scenario very hard. + +`SIGN_MODE_DIRECT_AUX` would allow "auxiliary" signers to create their signature +using only `TxBody` and their own `PublicKey`. This allows the full list of +signers in `AuthInfo` to be delayed until signatures have been collected. + +An "auxiliary" signer is any signer besides the primary signer who is paying +the fee. For the primary signer, the full `AuthInfo` is actually needed to calculate gas and fees +because that is dependent on how many signers and which key types and signing +modes they are using. Auxiliary signers, however, do not need to worry about +fees or gas and thus can just sign `TxBody`. + +To generate a signature in `SIGN_MODE_DIRECT_AUX` these steps would be followed: + +1. Encode `SignDocAux` (with the same requirement that fields must be serialized + in order): + + ```protobuf + // types/types.proto + message SignDocAux { + bytes body_bytes = 1; + // PublicKey is included in SignDocAux : + // 1. as a special case for multisig public keys. For multisig public keys, + // the signer should use the top-level multisig public key they are signing + // against, not their own public key. This is to prevent a form + // of malleability where a signature could be taken out of context of the + // multisig key that was intended to be signed for + // 2. to guard against scenario where configuration information is encoded + // in public keys (it has been proposed) such that two keys can generate + // the same signature but have different security properties + // + // By including it here, the composer of AuthInfo cannot reference the + // a public key variant the signer did not intend to use + PublicKey public_key = 2; + string chain_id = 3; + uint64 account_number = 4; + } + ``` + +2. Sign the encoded `SignDocAux` bytes +3. Send their signature and `SignerInfo` to the primary signer who will then + sign and broadcast the final transaction (with `SIGN_MODE_DIRECT` and `AuthInfo` + added) once enough signatures have been collected + +### `SIGN_MODE_DIRECT_RELAXED` + +(_Documented as option (1)(a) in https://github.com/cosmos/cosmos-sdk/issues/6078#issuecomment-628026933_) + +This is a variation of `SIGN_MODE_DIRECT` where multiple signers wouldn't need to +coordinate public keys and signing modes in advance. It would involve an alternate +`SignDoc` similar to `SignDocAux` above with fee. This could be added in the future +if client developers found the burden of collecting public keys and modes in advance +too burdensome. + +## Consequences + +### Positive + +* Significant performance gains. +* Supports backward and forward type compatibility. +* Better support for cross-language clients. +* Multiple signing modes allow for greater protocol evolution + +### Negative + +* `google.protobuf.Any` type URLs increase transaction size although the effect + may be negligible or compression may be able to mitigate it. + +### Neutral + +## References diff --git a/copy-of-sdk-docs/build/architecture/adr-021-protobuf-query-encoding.md b/copy-of-sdk-docs/build/architecture/adr-021-protobuf-query-encoding.md new file mode 100644 index 00000000..ba155cba --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-021-protobuf-query-encoding.md @@ -0,0 +1,256 @@ +# ADR 021: Protocol Buffer Query Encoding + +## Changelog + +* 2020 March 27: Initial Draft + +## Status + +Accepted + +## Context + +This ADR is a continuation of the motivation, design, and context established in +[ADR 019](./adr-019-protobuf-state-encoding.md) and +[ADR 020](./adr-020-protobuf-transaction-encoding.md), namely, we aim to design the +Protocol Buffer migration path for the client-side of the Cosmos SDK. + +This ADR continues from [ADR 020](./adr-020-protobuf-transaction-encoding.md) +to specify the encoding of queries. + +## Decision + +### Custom Query Definition + +Modules define custom queries through a protocol buffers `service` definition. +These `service` definitions are generally associated with and used by the +GRPC protocol. However, the protocol buffers specification indicates that +they can be used more generically by any request/response protocol that uses +protocol buffer encoding. Thus, we can use `service` definitions for specifying +custom ABCI queries and even reuse a substantial amount of the GRPC infrastructure. + +Each module with custom queries should define a service canonically named `Query`: + +```protobuf +// x/bank/types/types.proto + +service Query { + rpc QueryBalance(QueryBalanceParams) returns (cosmos_sdk.v1.Coin) { } + rpc QueryAllBalances(QueryAllBalancesParams) returns (QueryAllBalancesResponse) { } +} +``` + +#### Handling of Interface Types + +Modules that use interface types and need true polymorphism generally force a +`oneof` up to the app-level that provides the set of concrete implementations of +that interface that the app supports. While app's are welcome to do the same for +queries and implement an app-level query service, it is recommended that modules +provide query methods that expose these interfaces via `google.protobuf.Any`. +There is a concern on the transaction level that the overhead of `Any` is too +high to justify its usage. However for queries this is not a concern, and +providing generic module-level queries that use `Any` does not preclude apps +from also providing app-level queries that return using the app-level `oneof`s. + +A hypothetical example for the `gov` module would look something like: + +```protobuf +// x/gov/types/types.proto + +import "google/protobuf/any.proto"; + +service Query { + rpc GetProposal(GetProposalParams) returns (AnyProposal) { } +} + +message AnyProposal { + ProposalBase base = 1; + google.protobuf.Any content = 2; +} +``` + +### Custom Query Implementation + +In order to implement the query service, we can reuse the existing [gogo protobuf](https://github.com/cosmos/gogoproto) +grpc plugin, which for a service named `Query` generates an interface named +`QueryServer` as below: + +```go +type QueryServer interface { + QueryBalance(context.Context, *QueryBalanceParams) (*types.Coin, error) + QueryAllBalances(context.Context, *QueryAllBalancesParams) (*QueryAllBalancesResponse, error) +} +``` + +The custom queries for our module are implemented by implementing this interface. + +The first parameter in this generated interface is a generic `context.Context`, +whereas querier methods generally need an instance of `sdk.Context` to read +from the store. Since arbitrary values can be attached to `context.Context` +using the `WithValue` and `Value` methods, the Cosmos SDK should provide a function +`sdk.UnwrapSDKContext` to retrieve the `sdk.Context` from the provided +`context.Context`. + +An example implementation of `QueryBalance` for the bank module as above would +look something like: + +```go +type Querier struct { + Keeper +} + +func (q Querier) QueryBalance(ctx context.Context, params *types.QueryBalanceParams) (*sdk.Coin, error) { + balance := q.GetBalance(sdk.UnwrapSDKContext(ctx), params.Address, params.Denom) + return &balance, nil +} +``` + +### Custom Query Registration and Routing + +Query server implementations as above would be registered with `AppModule`s using +a new method `RegisterQueryService(grpc.Server)` which could be implemented simply +as below: + +```go +// x/bank/module.go +func (am AppModule) RegisterQueryService(server grpc.Server) { + types.RegisterQueryServer(server, keeper.Querier{am.keeper}) +} +``` + +Underneath the hood, a new method `RegisterService(sd *grpc.ServiceDesc, handler interface{})` +will be added to the existing `baseapp.QueryRouter` to add the queries to the custom +query routing table (with the routing method being described below). +The signature for this method matches the existing +`RegisterServer` method on the GRPC `Server` type where `handler` is the custom +query server implementation described above. + +GRPC-like requests are routed by the service name (ex. `cosmos_sdk.x.bank.v1.Query`) +and method name (ex. `QueryBalance`) combined with `/`s to form a full +method name (ex. `/cosmos_sdk.x.bank.v1.Query/QueryBalance`). This gets translated +into an ABCI query as `custom/cosmos_sdk.x.bank.v1.Query/QueryBalance`. Service handlers +registered with `QueryRouter.RegisterService` will be routed this way. + +Beyond the method name, GRPC requests carry a protobuf encoded payload, which maps naturally +to `RequestQuery.Data`, and receive a protobuf encoded response or error. Thus +there is a quite natural mapping of GRPC-like rpc methods to the existing +`sdk.Query` and `QueryRouter` infrastructure. + +This basic specification allows us to reuse protocol buffer `service` definitions +for ABCI custom queries substantially reducing the need for manual decoding and +encoding in query methods. + +### GRPC Protocol Support + +In addition to providing an ABCI query pathway, we can easily provide a GRPC +proxy server that routes requests in the GRPC protocol to ABCI query requests +under the hood. In this way, clients could use their host languages' existing +GRPC implementations to make direct queries against Cosmos SDK app's using +these `service` definitions. In order for this server to work, the `QueryRouter` +on `BaseApp` will need to expose the service handlers registered with +`QueryRouter.RegisterService` to the proxy server implementation. Nodes could +launch the proxy server on a separate port in the same process as the ABCI app +with a command-line flag. + +### REST Queries and Swagger Generation + +[grpc-gateway](https://github.com/grpc-ecosystem/grpc-gateway) is a project that +translates REST calls into GRPC calls using special annotations on service +methods. Modules that want to expose REST queries should add `google.api.http` +annotations to their `rpc` methods as in this example below. + +```protobuf +// x/bank/types/types.proto + +service Query { + rpc QueryBalance(QueryBalanceParams) returns (cosmos_sdk.v1.Coin) { + option (google.api.http) = { + get: "/x/bank/v1/balance/{address}/{denom}" + }; + } + rpc QueryAllBalances(QueryAllBalancesParams) returns (QueryAllBalancesResponse) { + option (google.api.http) = { + get: "/x/bank/v1/balances/{address}" + }; + } +} +``` + +grpc-gateway will work directly against the GRPC proxy described above which will +translate requests to ABCI queries under the hood. grpc-gateway can also +generate Swagger definitions automatically. + +In the current implementation of REST queries, each module needs to implement +REST queries manually in addition to ABCI querier methods. Using the grpc-gateway +approach, there will be no need to generate separate REST query handlers, just +query servers as described above as grpc-gateway handles the translation of protobuf +to REST as well as Swagger definitions. + +The Cosmos SDK should provide CLI commands for apps to start GRPC gateway either in +a separate process or the same process as the ABCI app, as well as provide a +command for generating grpc-gateway proxy `.proto` files and the `swagger.json` +file. + +### Client Usage + +The gogo protobuf grpc plugin generates client interfaces in addition to server +interfaces. For the `Query` service defined above we would get a `QueryClient` +interface like: + +```go +type QueryClient interface { + QueryBalance(ctx context.Context, in *QueryBalanceParams, opts ...grpc.CallOption) (*types.Coin, error) + QueryAllBalances(ctx context.Context, in *QueryAllBalancesParams, opts ...grpc.CallOption) (*QueryAllBalancesResponse, error) +} +``` + +Via a small patch to gogo protobuf ([gogo/protobuf#675](https://github.com/gogo/protobuf/pull/675)) +we have tweaked the grpc codegen to use an interface rather than a concrete type +for the generated client struct. This allows us to also reuse the GRPC infrastructure +for ABCI client queries. + +1Context`will receive a new method`QueryConn`that returns a`ClientConn` +that routes calls to ABCI queries + +Clients (such as CLI methods) will then be able to call query methods like this: + +```go +clientCtx := client.NewContext() +queryClient := types.NewQueryClient(clientCtx.QueryConn()) +params := &types.QueryBalanceParams{addr, denom} +result, err := queryClient.QueryBalance(gocontext.Background(), params) +``` + +### Testing + +Tests would be able to create a query client directly from keeper and `sdk.Context` +references using a `QueryServerTestHelper` as below: + +```go +queryHelper := baseapp.NewQueryServerTestHelper(ctx) +types.RegisterQueryServer(queryHelper, keeper.Querier{app.BankKeeper}) +queryClient := types.NewQueryClient(queryHelper) +``` + +## Future Improvements + +## Consequences + +### Positive + +* greatly simplified querier implementation (no manual encoding/decoding) +* easy query client generation (can use existing grpc and swagger tools) +* no need for REST query implementations +* type safe query methods (generated via grpc plugin) +* going forward, there will be less breakage of query methods because of the +backwards compatibility guarantees provided by buf + +### Negative + +* all clients using the existing ABCI/REST queries will need to be refactored +for both the new GRPC/REST query paths as well as protobuf/proto-json encoded +data, but this is more or less unavoidable in the protobuf refactoring + +### Neutral + +## References diff --git a/copy-of-sdk-docs/build/architecture/adr-022-custom-panic-handling.md b/copy-of-sdk-docs/build/architecture/adr-022-custom-panic-handling.md new file mode 100644 index 00000000..a99868b2 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-022-custom-panic-handling.md @@ -0,0 +1,218 @@ +# ADR 022: Custom BaseApp panic handling + +## Changelog + +* 2020 Apr 24: Initial Draft +* 2021 Sep 14: Superseded by ADR-045 + +## Status + +SUPERSEDED by ADR-045 + +## Context + +The current implementation of BaseApp does not allow developers to write custom error handlers during panic recovery +[runTx()](https://github.com/cosmos/cosmos-sdk/blob/bad4ca75f58b182f600396ca350ad844c18fc80b/baseapp/baseapp.go#L539) +method. We think that this method can be more flexible and can give Cosmos SDK users more options for customizations without +the need to rewrite whole BaseApp. Also there's one special case for `sdk.ErrorOutOfGas` error handling, that case +might be handled in a "standard" way (middleware) alongside the others. + +We propose middleware-solution, which could help developers implement the following cases: + +* add external logging (let's say sending reports to external services like [Sentry](https://sentry.io)); +* call panic for specific error cases; + +It will also make `OutOfGas` case and `default` case one of the middlewares. +`Default` case wraps recovery object to an error and logs it ([example middleware implementation](#recovery-middleware)). + +Our project has a sidecar service running alongside the blockchain node (smart contracts virtual machine). It is +essential that node <-> sidecar connectivity stays stable for TXs processing. So when the communication breaks we need +to crash the node and reboot it once the problem is solved. That behaviour makes the node's state machine execution +deterministic. As all keeper panics are caught by runTx's `defer()` handler, we have to adjust the BaseApp code +in order to customize it. + +## Decision + +### Design + +#### Overview + +Instead of hardcoding custom error handling into BaseApp we suggest using a set of middlewares which can be customized +externally and will allow developers to use as many custom error handlers as they want. Implementation with tests +can be found [here](https://github.com/cosmos/cosmos-sdk/pull/6053). + +#### Implementation details + +##### Recovery handler + +New `RecoveryHandler` type added. `recoveryObj` input argument is an object returned by the standard Go function +`recover()` from the `builtin` package. + +```go +type RecoveryHandler func(recoveryObj interface{}) error +``` + +Handler should type assert (or other methods) an object to define if the object should be handled. +`nil` should be returned if the input object can't be handled by that `RecoveryHandler` (not a handler's target type). +Not `nil` error should be returned if the input object was handled and the middleware chain execution should be stopped. + +An example: + +```go +func exampleErrHandler(recoveryObj interface{}) error { + err, ok := recoveryObj.(error) + if !ok { return nil } + + if someSpecificError.Is(err) { + panic(customPanicMsg) + } else { + return nil + } +} +``` + +This example breaks the application execution, but it also might enrich the error's context like the `OutOfGas` handler. + +##### Recovery middleware + +We also add a middleware type (decorator). That function type wraps `RecoveryHandler` and returns the next middleware in +execution chain and handler's `error`. Type is used to separate actual `recovery()` object handling from middleware +chain processing. + +```go +type recoveryMiddleware func(recoveryObj interface{}) (recoveryMiddleware, error) + +func newRecoveryMiddleware(handler RecoveryHandler, next recoveryMiddleware) recoveryMiddleware { + return func(recoveryObj interface{}) (recoveryMiddleware, error) { + if err := handler(recoveryObj); err != nil { + return nil, err + } + return next, nil + } +} +``` + +Function receives a `recoveryObj` object and returns: + +* (next `recoveryMiddleware`, `nil`) if object wasn't handled (not a target type) by `RecoveryHandler`; +* (`nil`, not nil `error`) if input object was handled and other middlewares in the chain should not be executed; +* (`nil`, `nil`) in case of invalid behavior. Panic recovery might not have been properly handled; +this can be avoided by always using a `default` as a rightmost middleware in the chain (always returns an `error`'); + +`OutOfGas` middleware example: + +```go +func newOutOfGasRecoveryMiddleware(gasWanted uint64, ctx sdk.Context, next recoveryMiddleware) recoveryMiddleware { + handler := func(recoveryObj interface{}) error { + err, ok := recoveryObj.(sdk.ErrorOutOfGas) + if !ok { return nil } + + return errorsmod.Wrap( + sdkerrors.ErrOutOfGas, fmt.Sprintf( + "out of gas in location: %v; gasWanted: %d, gasUsed: %d", err.Descriptor, gasWanted, ctx.GasMeter().GasConsumed(), + ), + ) + } + + return newRecoveryMiddleware(handler, next) +} +``` + +`Default` middleware example: + +```go +func newDefaultRecoveryMiddleware() recoveryMiddleware { + handler := func(recoveryObj interface{}) error { + return errorsmod.Wrap( + sdkerrors.ErrPanic, fmt.Sprintf("recovered: %v\nstack:\n%v", recoveryObj, string(debug.Stack())), + ) + } + + return newRecoveryMiddleware(handler, nil) +} +``` + +##### Recovery processing + +Basic chain of middlewares processing would look like: + +```go +func processRecovery(recoveryObj interface{}, middleware recoveryMiddleware) error { + if middleware == nil { return nil } + + next, err := middleware(recoveryObj) + if err != nil { return err } + if next == nil { return nil } + + return processRecovery(recoveryObj, next) +} +``` + +That way we can create a middleware chain which is executed from left to right, the rightmost middleware is a +`default` handler which must return an `error`. + +##### BaseApp changes + +The `default` middleware chain must exist in a `BaseApp` object. `Baseapp` modifications: + +```go +type BaseApp struct { + // ... + runTxRecoveryMiddleware recoveryMiddleware +} + +func NewBaseApp(...) { + // ... + app.runTxRecoveryMiddleware = newDefaultRecoveryMiddleware() +} + +func (app *BaseApp) runTx(...) { + // ... + defer func() { + if r := recover(); r != nil { + recoveryMW := newOutOfGasRecoveryMiddleware(gasWanted, ctx, app.runTxRecoveryMiddleware) + err, result = processRecovery(r, recoveryMW), nil + } + + gInfo = sdk.GasInfo{GasWanted: gasWanted, GasUsed: ctx.GasMeter().GasConsumed()} + }() + // ... +} +``` + +Developers can add their custom `RecoveryHandler`s by providing `AddRunTxRecoveryHandler` as a BaseApp option parameter to the `NewBaseapp` constructor: + +```go +func (app *BaseApp) AddRunTxRecoveryHandler(handlers ...RecoveryHandler) { + for _, h := range handlers { + app.runTxRecoveryMiddleware = newRecoveryMiddleware(h, app.runTxRecoveryMiddleware) + } +} +``` + +This method would prepend handlers to an existing chain. + +## Consequences + +### Positive + +* Developers of Cosmos SDK-based projects can add custom panic handlers to: + * add error context for custom panic sources (panic inside of custom keepers); + * emit `panic()`: passthrough recovery object to the Tendermint core; + * other necessary handling; +* Developers can use standard Cosmos SDK `BaseApp` implementation, rather than rewriting it in their projects; +* Proposed solution doesn't break the current "standard" `runTx()` flow; + +### Negative + +* Introduces changes to the execution model design. + +### Neutral + +* `OutOfGas` error handler becomes one of the middlewares; +* Default panic handler becomes one of the middlewares; + +## References + +* [PR-6053 with proposed solution](https://github.com/cosmos/cosmos-sdk/pull/6053) +* [Similar solution. ADR-010 Modular AnteHandler](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-010-modular-antehandler.md) diff --git a/copy-of-sdk-docs/build/architecture/adr-023-protobuf-naming.md b/copy-of-sdk-docs/build/architecture/adr-023-protobuf-naming.md new file mode 100644 index 00000000..46620760 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-023-protobuf-naming.md @@ -0,0 +1,263 @@ +# ADR 023: Protocol Buffer Naming and Versioning Conventions + +## Changelog + +* 2020 April 27: Initial Draft +* 2020 August 5: Update guidelines + +## Status + +Accepted + +## Context + +Protocol Buffers provide a basic [style guide](https://developers.google.com/protocol-buffers/docs/style) +and [Buf](https://buf.build/docs/style-guide) builds upon that. To the +extent possible, we want to follow industry accepted guidelines and wisdom for +the effective usage of protobuf, deviating from those only when there is clear +rationale for our use case. + +### Adoption of `Any` + +The adoption of `google.protobuf.Any` as the recommended approach for encoding +interface types (as opposed to `oneof`) makes package naming a central part +of the encoding as fully-qualified message names now appear in encoded +messages. + +### Current Directory Organization + +Thus far we have mostly followed [Buf's](https://buf.build) [DEFAULT](https://buf.build/docs/lint-checkers#default) +recommendations, with the minor deviation of disabling [`PACKAGE_DIRECTORY_MATCH`](https://buf.build/docs/lint-checkers#file_layout) +which although being convenient for developing code comes with the warning +from Buf that: + +> you will have a very bad time with many Protobuf plugins across various languages if you do not do this + +### Adoption of gRPC Queries + +In [ADR 021](adr-021-protobuf-query-encoding.md), gRPC was adopted for Protobuf +native queries. The full gRPC service path thus becomes a key part of ABCI query +path. In the future, gRPC queries may be allowed from within persistent scripts +by technologies such as CosmWasm and these query routes would be stored within +script binaries. + +## Decision + +The goal of this ADR is to provide thoughtful naming conventions that: + +* encourage a good user experience for when users interact directly with +.proto files and fully-qualified protobuf names +* balance conciseness against the possibility of either over-optimizing (making +names too short and cryptic) or under-optimizing (just accepting bloated names +with lots of redundant information) + +These guidelines are meant to act as a style guide for both the Cosmos SDK and +third-party modules. + +As a starting point, we should adopt all of the [DEFAULT](https://buf.build/docs/lint-checkers#default) +checkers in [Buf's](https://buf.build) including [`PACKAGE_DIRECTORY_MATCH`](https://buf.build/docs/lint-checkers#file_layout), +except: + +* [PACKAGE_VERSION_SUFFIX](https://buf.build/docs/lint-checkers#package_version_suffix) +* [SERVICE_SUFFIX](https://buf.build/docs/lint-checkers#service_suffix) + +Further guidelines to be described below. + +### Principles + +#### Concise and Descriptive Names + +Names should be descriptive enough to convey their meaning and distinguish +them from other names. + +Given that we are using fully-qualified names within +`google.protobuf.Any` as well as within gRPC query routes, we should aim to +keep names concise, without going overboard. The general rule of thumb should +be if a shorter name would convey more or else the same thing, pick the shorter +name. + +For instance, `cosmos.bank.MsgSend` (19 bytes) conveys roughly the same information +as `cosmos_sdk.x.bank.v1.MsgSend` (28 bytes) but is more concise. + +Such conciseness makes names both more pleasant to work with and take up less +space within transactions and on the wire. + +We should also resist the temptation to over-optimize, by making names +cryptically short with abbreviations. For instance, we shouldn't try to +reduce `cosmos.bank.MsgSend` to `csm.bk.MSnd` just to save a few bytes. + +The goal is to make names **_concise but not cryptic_**. + +#### Names are for Clients First + +Package and type names should be chosen for the benefit of users, not +necessarily because of legacy concerns related to the go code-base. + +#### Plan for Longevity + +In the interests of long-term support, we should plan on the names we do +choose to be in usage for a long time, so now is the opportunity to make +the best choices for the future. + +### Versioning + +#### Guidelines on Stable Package Versions + +In general, schema evolution is the way to update protobuf schemas. That means that new fields, +messages, and RPC methods are _added_ to existing schemas and old fields, messages and RPC methods +are maintained as long as possible. + +Breaking things is often unacceptable in a blockchain scenario. For instance, immutable smart contracts +may depend on certain data schemas on the host chain. If the host chain breaks those schemas, the smart +contract may be irreparably broken. Even when things can be fixed (for instance in client software), +this often comes at a high cost. + +Instead of breaking things, we should make every effort to evolve schemas rather than just breaking them. +[Buf](https://buf.build) breaking change detection should be used on all stable (non-alpha or beta) packages +to prevent such breakage. + +With that in mind, different stable versions (i.e. `v1` or `v2`) of a package should more or less be considered +different packages and this should be a last resort approach for upgrading protobuf schemas. Scenarios where creating +a `v2` may make sense are: + +* we want to create a new module with similar functionality to an existing module and adding `v2` is the most natural +way to do this. In that case, there are really just two different, but similar modules with different APIs. +* we want to add a new revamped API for an existing module and it's just too cumbersome to add it to the existing package, +so putting it in `v2` is cleaner for users. In this case, care should be made to not deprecate support for +`v1` if it is actively used in immutable smart contracts. + +#### Guidelines on unstable (alpha and beta) package versions + +The following guidelines are recommended for marking packages as alpha or beta: + +* marking something as `alpha` or `beta` should be a last resort and just putting something in the +stable package (i.e. `v1` or `v2`) should be preferred +* a package _should_ be marked as `alpha` _if and only if_ there are active discussions to remove +or significantly alter the package in the near future +* a package _should_ be marked as `beta` _if and only if_ there is an active discussion to +significantly refactor/rework the functionality in the near future but do not remove it +* modules _can and should_ have types in both stable (i.e. `v1` or `v2`) and unstable (`alpha` or `beta`) packages. + +_`alpha` and `beta` should not be used to avoid responsibility for maintaining compatibility._ +Whenever code is released into the wild, especially on a blockchain, there is a high cost to changing things. In some +cases, for instance with immutable smart contracts, a breaking change may be impossible to fix. + +When marking something as `alpha` or `beta`, maintainers should ask the following questions: + +* what is the cost of asking others to change their code vs the benefit of us maintaining the optionality to change it? +* what is the plan for moving this to `v1` and how will that affect users? + +`alpha` or `beta` should really be used to communicate "changes are planned". + +As a case study, gRPC reflection is in the package `grpc.reflection.v1alpha`. It hasn't been changed since +2017 and it is now used in other widely used software like gRPCurl. Some folks probably use it in production services +and so if they actually went and changed the package to `grpc.reflection.v1`, some software would break and +they probably don't want to do that... So now the `v1alpha` package is more or less the de-facto `v1`. Let's not do that. + +The following are guidelines for working with non-stable packages: + +* [Buf's recommended version suffix](https://buf.build/docs/lint-checkers#package_version_suffix) +(ex. `v1alpha1`) _should_ be used for non-stable packages +* non-stable packages should generally be excluded from breaking change detection +* immutable smart contract modules (i.e. CosmWasm) _should_ block smart contracts/persistent +scripts from interacting with `alpha`/`beta` packages + +#### Omit v1 suffix + +Instead of using [Buf's recommended version suffix](https://buf.build/docs/lint-checkers#package_version_suffix), +we can omit `v1` for packages that don't actually have a second version. This +allows for more concise names for common use cases like `cosmos.bank.Send`. +Packages that do have a second or third version can indicate that with `.v2` +or `.v3`. + +### Package Naming + +#### Adopt a short, unique top-level package name + +Top-level packages should adopt a short name that is known not to collide with +other names in common usage within the Cosmos ecosystem. In the near future, a +registry should be created to reserve and index top-level package names used +within the Cosmos ecosystem. Because the Cosmos SDK is intended to provide +the top-level types for the Cosmos project, the top-level package name `cosmos` +is recommended for usage within the Cosmos SDK instead of the longer `cosmos_sdk`. +[ICS](https://github.com/cosmos/ics) specifications could consider a +short top-level package like `ics23` based upon the standard number. + +#### Limit sub-package depth + +Sub-package depth should be increased with caution. Generally a single +sub-package is needed for a module or a library. Even though `x` or `modules` +is used in source code to denote modules, this is often unnecessary for .proto +files as modules are the primary thing sub-packages are used for. Only items which +are known to be used infrequently should have deep sub-package depths. + +For the Cosmos SDK, it is recommended that we simply write `cosmos.bank`, +`cosmos.gov`, etc. rather than `cosmos.x.bank`. In practice, most non-module +types can go straight in the `cosmos` package or we can introduce a +`cosmos.base` package if needed. Note that this naming _will not_ change +go package names, i.e. the `cosmos.bank` protobuf package will still live in +`x/bank`. + +### Message Naming + +Message type names should be as concise as possible without losing clarity. `sdk.Msg` +types which are used in transactions will retain the `Msg` prefix as that provides +helpful context. + +### Service and RPC Naming + +[ADR 021](adr-021-protobuf-query-encoding.md) specifies that modules should +implement a gRPC query service. We should consider the principle of conciseness +for query service and RPC names as these may be called from persistent script +modules such as CosmWasm. Also, users may use these query paths from tools like +[gRPCurl](https://github.com/fullstorydev/grpcurl). As an example, we can shorten +`/cosmos_sdk.x.bank.v1.QueryService/QueryBalance` to +`/cosmos.bank.Query/Balance` without losing much useful information. + +RPC request and response types _should_ follow the `ServiceNameMethodNameRequest`/ +`ServiceNameMethodNameResponse` naming convention. i.e. for an RPC method named `Balance` +on the `Query` service, the request and response types would be `QueryBalanceRequest` +and `QueryBalanceResponse`. This will be more self-explanatory than `BalanceRequest` +and `BalanceResponse`. + +#### Use just `Query` for the query service + +Instead of [Buf's default service suffix recommendation](https://github.com/cosmos/cosmos-sdk/pull/6033), +we should simply use the shorter `Query` for query services. + +For other types of gRPC services, we should consider sticking with Buf's +default recommendation. + +#### Omit `Get` and `Query` from query service RPC names + +`Get` and `Query` should be omitted from `Query` service names because they are +redundant in the fully-qualified name. For instance, `/cosmos.bank.Query/QueryBalance` +just says `Query` twice without any new information. + +## Future Improvements + +A registry of top-level package names should be created to coordinate naming +across the ecosystem, prevent collisions, and also help developers discover +useful schemas. A simple starting point would be a git repository with +community-based governance. + +## Consequences + +### Positive + +* names will be more concise and easier to read and type +* all transactions using `Any` will be at shorter (`_sdk.x` and `.v1` will be removed) +* `.proto` file imports will be more standard (without `"third_party/proto"` in +the path) +* code generation will be easier for clients because .proto files will be +in a single `proto/` directory which can be copied rather than scattered +throughout the Cosmos SDK + +### Negative + +### Neutral + +* `.proto` files will need to be reorganized and refactored +* some modules may need to be marked as alpha or beta + +## References diff --git a/copy-of-sdk-docs/build/architecture/adr-024-coin-metadata.md b/copy-of-sdk-docs/build/architecture/adr-024-coin-metadata.md new file mode 100644 index 00000000..71bedac5 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-024-coin-metadata.md @@ -0,0 +1,140 @@ +# ADR 024: Coin Metadata + +## Changelog + +* 05/19/2020: Initial draft + +## Status + +Proposed + +## Context + +Assets in the Cosmos SDK are represented via a `Coins` type that consists of an `amount` and a `denom`, +where the `amount` can be any arbitrarily large or small value. In addition, the Cosmos SDK uses an +account-based model where there are two types of primary accounts -- basic accounts and module accounts. +All account types have a set of balances that are composed of `Coins`. The `x/bank` module keeps +track of all balances for all accounts and also keeps track of the total supply of balances in an +application. + +With regards to a balance `amount`, the Cosmos SDK assumes a static and fixed unit of denomination, +regardless of the denomination itself. In other words, clients and apps built atop a Cosmos-SDK-based +chain may choose to define and use arbitrary units of denomination to provide a richer UX, however, by +the time a tx or operation reaches the Cosmos SDK state machine, the `amount` is treated as a single +unit. For example, for the Cosmos Hub (Gaia), clients assume 1 ATOM = 10^6 uatom, and so all txs and +operations in the Cosmos SDK work off of units of 10^6. + +This clearly provides a poor and limited UX especially as interoperability of networks increases and +as a result the total amount of asset types increases. We propose to have `x/bank` additionally keep +track of metadata per `denom` in order to help clients, wallet providers, and explorers improve their +UX and remove the requirement for making any assumptions on the unit of denomination. + +## Decision + +The `x/bank` module will be updated to store and index metadata by `denom`, specifically the "base" or +smallest unit -- the unit the Cosmos SDK state-machine works with. + +Metadata may also include a non-zero length list of denominations. Each entry contains the name of +the denomination `denom`, the exponent to the base and a list of aliases. An entry is to be +interpreted as `1 denom = 10^exponent base_denom` (e.g. `1 ETH = 10^18 wei` and `1 uatom = 10^0 uatom`). + +There are two denominations that are of high importance for clients: the `base`, which is the smallest +possible unit and the `display`, which is the unit that is commonly referred to in human communication +and on exchanges. The values in those fields link to an entry in the list of denominations. + +The list in `denom_units` and the `display` entry may be changed via governance. + +As a result, we can define the type as follows: + +```protobuf +message DenomUnit { + string denom = 1; + uint32 exponent = 2; + repeated string aliases = 3; +} + +message Metadata { + string description = 1; + repeated DenomUnit denom_units = 2; + string base = 3; + string display = 4; +} +``` + +As an example, the ATOM's metadata can be defined as follows: + +```json +{ + "name": "atom", + "description": "The native staking token of the Cosmos Hub.", + "denom_units": [ + { + "denom": "uatom", + "exponent": 0, + "aliases": [ + "microatom" + ], + }, + { + "denom": "matom", + "exponent": 3, + "aliases": [ + "milliatom" + ] + }, + { + "denom": "atom", + "exponent": 6, + } + ], + "base": "uatom", + "display": "atom", +} +``` + +Given the above metadata, a client may infer the following things: + +* 4.3atom = 4.3 * (10^6) = 4,300,000uatom +* The string "atom" can be used as a display name in a list of tokens. +* The balance 4300000 can be displayed as 4,300,000uatom or 4,300matom or 4.3atom. + The `display` denomination 4.3atom is a good default if the authors of the client don't make + an explicit decision to choose a different representation. + +A client should be able to query for metadata by denom both via the CLI and REST interfaces. In +addition, we will add handlers to these interfaces to convert from any unit to another given unit, +as the base framework for this already exists in the Cosmos SDK. + +Finally, we need to ensure metadata exists in the `GenesisState` of the `x/bank` module which is also +indexed by the base `denom`. + +```go +type GenesisState struct { + SendEnabled bool `json:"send_enabled" yaml:"send_enabled"` + Balances []Balance `json:"balances" yaml:"balances"` + Supply sdk.Coins `json:"supply" yaml:"supply"` + DenomMetadata []Metadata `json:"denom_metadata" yaml:"denom_metadata"` +} +``` + +## Future Work + +In order for clients to avoid having to convert assets to the base denomination -- either manually or +via an endpoint, we may consider supporting automatic conversion of a given unit input. + +## Consequences + +### Positive + +* Provides clients, wallet providers and block explorers with additional data on + asset denomination to improve UX and remove any need to make assumptions on + denomination units. + +### Negative + +* A small amount of required additional storage in the `x/bank` module. The amount + of additional storage should be minimal as the amount of total assets should not + be large. + +### Neutral + +## References diff --git a/copy-of-sdk-docs/build/architecture/adr-027-deterministic-protobuf-serialization.md b/copy-of-sdk-docs/build/architecture/adr-027-deterministic-protobuf-serialization.md new file mode 100644 index 00000000..0b0b4c9f --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-027-deterministic-protobuf-serialization.md @@ -0,0 +1,314 @@ +# ADR 027: Deterministic Protobuf Serialization + +## Changelog + +* 2020-08-07: Initial Draft +* 2020-09-01: Further clarify rules + +## Status + +Proposed + +## Abstract + +Fully deterministic structure serialization, which works across many languages and clients, +is needed when signing messages. We need to be sure that whenever we serialize +a data structure, no matter in which supported language, the raw bytes +will stay the same. +[Protobuf](https://developers.google.com/protocol-buffers/docs/proto3) +serialization is not bijective (i.e. there exists a practically unlimited number of +valid binary representations for a given protobuf document)1. + +This document describes a deterministic serialization scheme for +a subset of protobuf documents, that covers this use case but can be reused in +other cases as well. + +### Context + +For signature verification in Cosmos SDK, the signer and verifier need to agree on +the same serialization of a `SignDoc` as defined in +[ADR-020](./adr-020-protobuf-transaction-encoding.md) without transmitting the +serialization. + +Currently, for block signatures we are using a workaround: we create a new [TxRaw](https://github.com/cosmos/cosmos-sdk/blob/9e85e81e0e8140067dd893421290c191529c148c/proto/cosmos/tx/v1beta1/tx.proto#L30) +instance (as defined in [adr-020-protobuf-transaction-encoding](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-020-protobuf-transaction-encoding.md#transactions)) +by converting all [Tx](https://github.com/cosmos/cosmos-sdk/blob/9e85e81e0e8140067dd893421290c191529c148c/proto/cosmos/tx/v1beta1/tx.proto#L13) +fields to bytes on the client side. This adds an additional manual +step when sending and signing transactions. + +### Decision + +The following encoding scheme is to be used by other ADRs, +and in particular for `SignDoc` serialization. + +## Specification + +### Scope + +This ADR defines a protobuf3 serializer. The output is a valid protobuf +serialization, such that every protobuf parser can parse it. + +No maps are supported in version 1 due to the complexity of defining a +deterministic serialization. This might change in future. Implementations must +reject documents containing maps as invalid input. + +### Background - Protobuf3 Encoding + +Most numeric types in protobuf3 are encoded as +[varints](https://developers.google.com/protocol-buffers/docs/encoding#varints). +Varints are at most 10 bytes, and since each varint byte has 7 bits of data, +varints are a representation of `uint70` (70-bit unsigned integer). When +encoding, numeric values are casted from their base type to `uint70`, and when +decoding, the parsed `uint70` is casted to the appropriate numeric type. + +The maximum valid value for a varint that complies with protobuf3 is +`FF FF FF FF FF FF FF FF FF 7F` (i.e. `2**70 -1`). If the field type is +`{,u,s}int64`, the highest 6 bits of the 70 are dropped during decoding, +introducing 6 bits of malleability. If the field type is `{,u,s}int32`, the +highest 38 bits of the 70 are dropped during decoding, introducing 38 bits of +malleability. + +Among other sources of non-determinism, this ADR eliminates the possibility of +encoding malleability. + +### Serialization rules + +The serialization is based on the +[protobuf3 encoding](https://developers.google.com/protocol-buffers/docs/encoding) +with the following additions: + +1. Fields must be serialized only once in ascending order +2. Extra fields or any extra data must not be added +3. [Default values](https://developers.google.com/protocol-buffers/docs/proto3#default) + must be omitted +4. `repeated` fields of scalar numeric types must use + [packed encoding](https://developers.google.com/protocol-buffers/docs/encoding#packed) +5. Varint encoding must not be longer than needed: + * No trailing zero bytes (in little endian, i.e. no leading zeroes in big + endian). Per rule 3 above, the default value of `0` must be omitted, so + this rule does not apply in such cases. + * The maximum value for a varint must be `FF FF FF FF FF FF FF FF FF 01`. + In other words, when decoded, the highest 6 bits of the 70-bit unsigned + integer must be `0`. (10-byte varints are 10 groups of 7 bits, i.e. + 70 bits, of which only the lowest 70-6=64 are useful.) + * The maximum value for 32-bit values in varint encoding must be `FF FF FF FF 0F` + with one exception (below). In other words, when decoded, the highest 38 + bits of the 70-bit unsigned integer must be `0`. + * The one exception to the above is _negative_ `int32`, which must be + encoded using the full 10 bytes for sign extension2. + * The maximum value for Boolean values in varint encoding must be `01` (i.e. + it must be `0` or `1`). Per rule 3 above, the default value of `0` must + be omitted, so if a Boolean is included it must have a value of `1`. + +While rules number 1. and 2. should be pretty straightforward and describe the +default behavior of all protobuf encoders the author is aware of, the 3rd rule +is more interesting. After a protobuf3 deserialization you cannot differentiate +between unset fields and fields set to the default value3. At +serialization level however, it is possible to set the fields with an empty +value or omit them entirely. This is a significant difference to e.g. JSON +where a property can be empty (`""`, `0`), `null` or undefined, leading to 3 +different documents. + +Omitting fields set to default values is valid because the parser must assign +the default value to fields missing in the serialization4. For scalar +types, omitting defaults is required by the spec5. For `repeated` +fields, not serializing them is the only way to express empty lists. Enums must +have a first element of numeric value 0, which is the default6. And +message fields default to unset7. + +Omitting defaults allows for some amount of forward compatibility: users of +newer versions of a protobuf schema produce the same serialization as users of +older versions as long as newly added fields are not used (i.e. set to their +default value). + +### Implementation + +There are three main implementation strategies, ordered from the least to the +most custom development: + +* **Use a protobuf serializer that follows the above rules by default.** E.g. + [gogoproto](https://pkg.go.dev/github.com/cosmos/gogoproto/gogoproto) is known to + be compliant in most cases, but not when certain annotations such as + `nullable = false` are used. It might also be an option to configure an + existing serializer accordingly. +* **Normalize default values before encoding them.** If your serializer follows + rules 1. and 2. and allows you to explicitly unset fields for serialization, + you can normalize default values to unset. This can be done when working with + [protobuf.js](https://www.npmjs.com/package/protobufjs): + + ```js + const bytes = SignDoc.encode({ + bodyBytes: body.length > 0 ? body : null, // normalize empty bytes to unset + authInfoBytes: authInfo.length > 0 ? authInfo : null, // normalize empty bytes to unset + chainId: chainId || null, // normalize "" to unset + accountNumber: accountNumber || null, // normalize 0 to unset + accountSequence: accountSequence || null, // normalize 0 to unset + }).finish(); + ``` + +* **Use a hand-written serializer for the types you need.** If none of the above + ways works for you, you can write a serializer yourself. For SignDoc this + would look something like this in Go, building on existing protobuf utilities: + + ```go + if !signDoc.body_bytes.empty() { + buf.WriteUVarInt64(0xA) // wire type and field number for body_bytes + buf.WriteUVarInt64(signDoc.body_bytes.length()) + buf.WriteBytes(signDoc.body_bytes) + } + + if !signDoc.auth_info.empty() { + buf.WriteUVarInt64(0x12) // wire type and field number for auth_info + buf.WriteUVarInt64(signDoc.auth_info.length()) + buf.WriteBytes(signDoc.auth_info) + } + + if !signDoc.chain_id.empty() { + buf.WriteUVarInt64(0x1a) // wire type and field number for chain_id + buf.WriteUVarInt64(signDoc.chain_id.length()) + buf.WriteBytes(signDoc.chain_id) + } + + if signDoc.account_number != 0 { + buf.WriteUVarInt64(0x20) // wire type and field number for account_number + buf.WriteUVarInt(signDoc.account_number) + } + + if signDoc.account_sequence != 0 { + buf.WriteUVarInt64(0x28) // wire type and field number for account_sequence + buf.WriteUVarInt(signDoc.account_sequence) + } + ``` + +### Test vectors + +Given the protobuf definition `Article.proto` + +```protobuf +package blog; +syntax = "proto3"; + +enum Type { + UNSPECIFIED = 0; + IMAGES = 1; + NEWS = 2; +}; + +enum Review { + UNSPECIFIED = 0; + ACCEPTED = 1; + REJECTED = 2; +}; + +message Article { + string title = 1; + string description = 2; + uint64 created = 3; + uint64 updated = 4; + bool public = 5; + bool promoted = 6; + Type type = 7; + Review review = 8; + repeated string comments = 9; + repeated string backlinks = 10; +}; +``` + +serializing the values + +```yaml +title: "The world needs change 🌳" +description: "" +created: 1596806111080 +updated: 0 +public: true +promoted: false +type: Type.NEWS +review: Review.UNSPECIFIED +comments: ["Nice one", "Thank you"] +backlinks: [] +``` + +must result in the serialization + +```text +0a1b54686520776f726c64206e65656473206368616e676520f09f8cb318e8bebec8bc2e280138024a084e696365206f6e654a095468616e6b20796f75 +``` + +When inspecting the serialized document, you see that every second field is +omitted: + +```shell +$ echo 0a1b54686520776f726c64206e65656473206368616e676520f09f8cb318e8bebec8bc2e280138024a084e696365206f6e654a095468616e6b20796f75 | xxd -r -p | protoc --decode_raw +1: "The world needs change \360\237\214\263" +3: 1596806111080 +5: 1 +7: 2 +9: "Nice one" +9: "Thank you" +``` + +## Consequences + +Having such an encoding available allows us to get deterministic serialization +for all protobuf documents we need in the context of Cosmos SDK signing. + +### Positive + +* Well defined rules that can be verified independently of a reference + implementation +* Simple enough to keep the barrier to implementing transaction signing low +* It allows us to continue to use 0 and other empty values in SignDoc, avoiding + the need to work around 0 sequences. This does not imply the change from + https://github.com/cosmos/cosmos-sdk/pull/6949 should not be merged, but not + too important anymore. + +### Negative + +* When implementing transaction signing, the encoding rules above must be + understood and implemented. +* The need for rule number 3. adds some complexity to implementations. +* Some data structures may require custom code for serialization. Thus + the code is not very portable - it will require additional work for each + client implementing serialization to properly handle custom data structures. + +### Neutral + +### Usage in Cosmos SDK + +For the reasons mentioned above ("Negative" section) we prefer to keep workarounds +for shared data structure. Example: the aforementioned `TxRaw` is using raw bytes +as a workaround. This allows them to use any valid Protobuf library without +the need to implement a custom serializer that adheres to this standard (and related risks of bugs). + +## References + +* 1 _When a message is serialized, there is no guaranteed order for + how its known or unknown fields should be written. Serialization order is an + implementation detail and the details of any particular implementation may + change in the future. Therefore, protocol buffer parsers must be able to parse + fields in any order._ from + https://developers.google.com/protocol-buffers/docs/encoding#order +* 2 https://developers.google.com/protocol-buffers/docs/encoding#signed_integers +* 3 _Note that for scalar message fields, once a message is parsed + there's no way of telling whether a field was explicitly set to the default + value (for example whether a boolean was set to false) or just not set at all: + you should bear this in mind when defining your message types. For example, + don't have a boolean that switches on some behavior when set to false if you + don't want that behavior to also happen by default._ from + https://developers.google.com/protocol-buffers/docs/proto3#default +* 4 _When a message is parsed, if the encoded message does not + contain a particular singular element, the corresponding field in the parsed + object is set to the default value for that field._ from + https://developers.google.com/protocol-buffers/docs/proto3#default +* 5 _Also note that if a scalar message field is set to its default, + the value will not be serialized on the wire._ from + https://developers.google.com/protocol-buffers/docs/proto3#default +* 6 _For enums, the default value is the first defined enum value, + which must be 0._ from + https://developers.google.com/protocol-buffers/docs/proto3#default +* 7 _For message fields, the field is not set. Its exact value is + language-dependent._ from + https://developers.google.com/protocol-buffers/docs/proto3#default +* Encoding rules and parts of the reasoning taken from + [canonical-proto3 Aaron Craelius](https://github.com/regen-network/canonical-proto3) diff --git a/copy-of-sdk-docs/build/architecture/adr-028-public-key-addresses.md b/copy-of-sdk-docs/build/architecture/adr-028-public-key-addresses.md new file mode 100644 index 00000000..f24d24ae --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-028-public-key-addresses.md @@ -0,0 +1,342 @@ +# ADR 028: Public Key Addresses + +## Changelog + +* 2020/08/18: Initial version +* 2021/01/15: Analysis and algorithm update + +## Status + +Proposed + +## Abstract + +This ADR defines an address format for all addressable Cosmos SDK accounts. That includes: new public key algorithms, multisig public keys, and module accounts. + +## Context + +Issue [\#3685](https://github.com/cosmos/cosmos-sdk/issues/3685) identified that public key +address spaces are currently overlapping. We confirmed that it significantly decreases security of Cosmos SDK. + +### Problem + +An attacker can control an input for an address generation function. This leads to a birthday attack, which significantly decreases the security space. +To overcome this, we need to separate the inputs for different kinds of account types: +a security break of one account type shouldn't impact the security of other account types. + +### Initial proposals + +One initial proposal was to extend the address length and +adding prefixes for different types of addresses. + +@ethanfrey explained an alternate approach originally used in https://github.com/iov-one/weave: + +> I spent quite a bit of time thinking about this issue while building weave... The other cosmos Sdk. +> Basically I define a condition to be a type and format as human readable string with some binary data appended. This condition is hashed into an Address (again at 20 bytes). The use of this prefix makes it impossible to find a preimage for a given address with a different condition (eg ed25519 vs secp256k1). +> This is explained in depth here https://weave.readthedocs.io/en/latest/design/permissions.html +> And the code is here, look mainly at the top where we process conditions. https://github.com/iov-one/weave/blob/master/conditions.go + +And explained how this approach should be sufficiently collision resistant: + +> Yeah, AFAIK, 20 bytes should be collision resistance when the preimages are unique and not malleable. A space of 2^160 would expect some collision to be likely around 2^80 elements (birthday paradox). And if you want to find a collision for some existing element in the database, it is still 2^160. 2^80 only if all these elements are written to state. +> The good example you brought up was eg. a public key bytes being a valid public key on two algorithms supported by the codec. Meaning if either was broken, you would break accounts even if they were secured with the safer variant. This is only as the issue when no differentiating type info is present in the preimage (before hashing into an address). +> I would like to hear an argument if the 20 bytes space is an actual issue for security, as I would be happy to increase my address sizes in weave. I just figured cosmos and ethereum and bitcoin all use 20 bytes, it should be good enough. And the arguments above which made me feel it was secure. But I have not done a deeper analysis. + +This led to the first proposal (which we proved to be not good enough): +we concatenate a key type with a public key, hash it and take the first 20 bytes of that hash, summarized as `sha256(keyTypePrefix || keybytes)[:20]`. + +### Review and Discussions + +In [\#5694](https://github.com/cosmos/cosmos-sdk/issues/5694) we discussed various solutions. +We agreed that 20 bytes it's not future proof, and extending the address length is the only way to allow addresses of different types, various signature types, etc. +This disqualifies the initial proposal. + +In the issue we discussed various modifications: + +* Choice of the hash function. +* Move the prefix out of the hash function: `keyTypePrefix + sha256(keybytes)[:20]` [post-hash-prefix-proposal]. +* Use double hashing: `sha256(keyTypePrefix + sha256(keybytes)[:20])`. +* Increase to keybytes hash slice from 20 bytes to 32 or 40 bytes. We concluded that 32 bytes, produced by a good hash functions is future secure. + +### Requirements + +* Support currently used tools - we don't want to break an ecosystem, or add a long adaptation period. Ref: https://github.com/cosmos/cosmos-sdk/issues/8041 +* Try to keep the address length small - addresses are widely used in state, both as part of a key and object value. + +### Scope + +This ADR only defines a process for the generation of address bytes. For end-user interactions with addresses (through the API, or CLI, etc.), we still use bech32 to format these addresses as strings. This ADR doesn't change that. +Using Bech32 for string encoding gives us support for checksum error codes and handling of user typos. + +## Decision + +We define the following account types, for which we define the address function: + +1. simple accounts: represented by a regular public key (ie: secp256k1, sr25519) +2. naive multisig: accounts composed by other addressable objects (ie: naive multisig) +3. composed accounts with a native address key (ie: bls, group module accounts) +4. module accounts: basically any accounts which cannot sign transactions and which are managed internally by modules + +### Legacy Public Key Addresses Don't Change + +Currently (Jan 2021), the only officially supported Cosmos SDK user accounts are `secp256k1` basic accounts and legacy amino multisig. +They are used in existing Cosmos SDK zones. They use the following address formats: + +* secp256k1: `ripemd160(sha256(pk_bytes))[:20]` +* legacy amino multisig: `sha256(aminoCdc.Marshal(pk))[:20]` + +We don't want to change existing addresses. So the addresses for these two key types will remain the same. + +The current multisig public keys use amino serialization to generate the address. We will retain +those public keys and their address formatting, and call them "legacy amino" multisig public keys +in protobuf. We will also create multisig public keys without amino addresses to be described below. + +### Hash Function Choice + +As in other parts of the Cosmos SDK, we will use `sha256`. + +### Basic Address + +We start by defining a base algorithm for generating addresses which we will call `Hash`. Notably, it's used for accounts represented by a single key pair. For each public key schema we have to have an associated `typ` string, explained in the next section. `hash` is the cryptographic hash function defined in the previous section. + +```go +const A_LEN = 32 + +func Hash(typ string, key []byte) []byte { + return hash(hash(typ) + key)[:A_LEN] +} +``` + +The `+` is bytes concatenation, which doesn't use any separator. + +This algorithm is the outcome of a consultation session with a professional cryptographer. +Motivation: this algorithm keeps the address relatively small (length of the `typ` doesn't impact the length of the final address) +and it's more secure than [post-hash-prefix-proposal] (which uses the first 20 bytes of a pubkey hash, significantly reducing the address space). +Moreover the cryptographer motivated the choice of adding `typ` in the hash to protect against a switch table attack. + +`address.Hash` is a low level function to generate _base_ addresses for new key types. Example: + +* BLS: `address.Hash("bls", pubkey)` + +### Composed Addresses + +For simple composed accounts (like a new naive multisig) we generalize the `address.Hash`. The address is constructed by recursively creating addresses for the sub accounts, sorting the addresses and composing them into a single address. It ensures that the ordering of keys doesn't impact the resulting address. + +```go +// We don't need a PubKey interface - we need anything which is addressable. +type Addressable interface { + Address() []byte +} + +func Composed(typ string, subaccounts []Addressable) []byte { + addresses = map(subaccounts, \a -> LengthPrefix(a.Address())) + addresses = sort(addresses) + return address.Hash(typ, addresses[0] + ... + addresses[n]) +} +``` + +The `typ` parameter should be a schema descriptor, containing all significant attributes with deterministic serialization (eg: utf8 string). +`LengthPrefix` is a function which prepends 1 byte to the address. The value of that byte is the length of the address bits before prepending. The address must be at most 255 bits long. +We are using `LengthPrefix` to eliminate conflicts - it assures, that for 2 lists of addresses: `as = {a1, a2, ..., an}` and `bs = {b1, b2, ..., bm}` such that every `bi` and `ai` is at most 255 long, `concatenate(map(as, (a) => LengthPrefix(a))) = map(bs, (b) => LengthPrefix(b))` if `as = bs`. + +Implementation Tip: account implementations should cache addresses. + +#### Multisig Addresses + +For a new multisig public keys, we define the `typ` parameter not based on any encoding scheme (amino or protobuf). This avoids issues with non-determinism in the encoding scheme. + +Example: + +```protobuf +package cosmos.crypto.multisig; + +message PubKey { + uint32 threshold = 1; + repeated google.protobuf.Any pubkeys = 2; +} +``` + +```go +func (multisig PubKey) Address() { + // first gather all nested pub keys + var keys []address.Addressable // cryptotypes.PubKey implements Addressable + for _, _key := range multisig.Pubkeys { + keys = append(keys, key.GetCachedValue().(cryptotypes.PubKey)) + } + + // form the type from the message name (cosmos.crypto.multisig.PubKey) and the threshold joined together + prefix := fmt.Sprintf("%s/%d", proto.MessageName(multisig), multisig.Threshold) + + // use the Composed function defined above + return address.Composed(prefix, keys) +} +``` + + +### Derived Addresses + +We must be able to cryptographically derive one address from another one. The derivation process must guarantee hash properties, hence we use the already defined `Hash` function: + +```go +func Derive(address, derivationKey []byte) []byte { + return Hash(address, derivationKey) +} +``` + +### Module Account Addresses + +A module account will have `"module"` type. Module accounts can have sub accounts. The submodule account will be created based on module name, and sequence of derivation keys. Typically, the first derivation key should be a class of the derived accounts. The derivation process has a defined order: module name, submodule key, subsubmodule key... An example module account is created using: + +```go +address.Module(moduleName, key) +``` + +An example sub-module account is created using: + +```go +groupPolicyAddresses := []byte{1} +address.Module(moduleName, groupPolicyAddresses, policyID) +``` + +The `address.Module` function is using `address.Hash` with `"module"` as the type argument, and byte representation of the module name concatenated with submodule key. The last two components must be uniquely separated to avoid potential clashes (example: modulename="ab" & submodulekey="bc" will have the same derivation key as modulename="a" & submodulekey="bbc"). +We use a null byte (`'\x00'`) to separate module name from the submodule key. This works, because null byte is not a part of a valid module name. Finally, the sub-submodule accounts are created by applying the `Derive` function recursively. +We could use `Derive` function also in the first step (rather than concatenating the module name with a zero byte and the submodule key). We decided to do concatenation to avoid one level of derivation and speed up computation. + +For backward compatibility with the existing `authtypes.NewModuleAddress`, we add a special case in `Module` function: when no derivation key is provided, we fallback to the "legacy" implementation. + +```go +func Module(moduleName string, derivationKeys ...[]byte) []byte{ + if len(derivationKeys) == 0 { + return authtypes.NewModuleAddress(moduleName) // legacy case + } + submoduleAddress := Hash("module", []byte(moduleName) + 0 + key) + return fold((a, k) => Derive(a, k), subsubKeys, submoduleAddress) +} +``` + +**Example 1** A lending BTC pool address would be: + +```go +btcPool := address.Module("lending", btc.Address()}) +``` + +If we want to create an address for a module account depending on more than one key, we can concatenate them: + +```go +btcAtomAMM := address.Module("amm", btc.Address() + atom.Address()}) +``` + +**Example 2** a smart-contract address could be constructed by: + +```go +smartContractAddr = Module("mySmartContractVM", smartContractsNamespace, smartContractKey}) + +// which equals to: +smartContractAddr = Derived( + Module("mySmartContractVM", smartContractsNamespace), + []{smartContractKey}) +``` + +### Schema Types + +A `typ` parameter used in `Hash` function SHOULD be unique for each account type. +Since all Cosmos SDK account types are serialized in the state, we propose to use the protobuf message name string. + +Example: all public key types have a unique protobuf message type similar to: + +```protobuf +package cosmos.crypto.sr25519; + +message PubKey { + bytes key = 1; +} +``` + +All protobuf messages have unique fully qualified names, in this example `cosmos.crypto.sr25519.PubKey`. +These names are derived directly from .proto files in a standardized way and used +in other places such as the type URL in `Any`s. We can easily obtain the name using +`proto.MessageName(msg)`. + +## Consequences + +### Backwards Compatibility + +This ADR is compatible with what was committed and directly supported in the Cosmos SDK repository. + +### Positive + +* a simple algorithm for generating addresses for new public keys, complex accounts and modules +* the algorithm generalizes _native composed keys_ +* increased security and collision resistance of addresses +* the approach is extensible for future use-cases - one can use other address types, as long as they don't conflict with the address length specified here (20 or 32 bytes). +* support new account types. + +### Negative + +* addresses do not communicate key type, a prefixed approach would have done this +* addresses are 60% longer and will consume more storage space +* requires a refactor of KVStore store keys to handle variable length addresses + +### Neutral + +* protobuf message names are used as key type prefixes + +## Further Discussions + +Some accounts can have a fixed name or may be constructed in another way (eg: modules). We were discussing an idea of an account with a predefined name (eg: `me.regen`), which could be used by institutions. +Without going into details, these kinds of addresses are compatible with the hash based addresses described here as long as they don't have the same length. +More specifically, any special account address must not have a length equal to 20 or 32 bytes. + +## Appendix: Consulting session + +End of Dec 2020 we had a session with [Alan Szepieniec](https://scholar.google.be/citations?user=4LyZn8oAAAAJ&hl=en) to consult the approach presented above. + +Alan general observations: + +* we don’t need 2-preimage resistance +* we need 32bytes address space for collision resistance +* when an attacker can control an input for an object with an address then we have a problem with a birthday attack +* there is an issue with smart-contracts for hashing +* sha2 mining can be used to break the address pre-image + +Hashing algorithm + +* any attack breaking blake3 will break blake2 +* Alan is pretty confident about the current security analysis of the blake hash algorithm. It was a finalist, and the author is well known in security analysis. + +Algorithm: + +* Alan recommends to hash the prefix: `address(pub_key) = hash(hash(key_type) + pub_key)[:32]`, main benefits: + * we are free to user arbitrary long prefix names + * we still don’t risk collisions + * switch tables +* discussion about penalization -> about adding prefix post hash +* Aaron asked about post hash prefixes (`address(pub_key) = key_type + hash(pub_key)`) and differences. Alan noted that this approach has longer address space and it’s stronger. + +Algorithm for complex / composed keys: + +* merging tree-like addresses with same algorithm are fine + +Module addresses: Should module addresses have a different size to differentiate it? + +* we will need to set a pre-image prefix for module addresses to keep them in 32-byte space: `hash(hash('module') + module_key)` +* Aaron observation: we already need to deal with variable length (to not break secp256k1 keys). + +Discussion about an arithmetic hash function for ZKP + +* Poseidon / Rescue +* Problem: much bigger risk because we don’t know much techniques and the history of crypto-analysis of arithmetic constructions. It’s still a new ground and area of active research. + +Post quantum signature size + +* Alan suggestion: Falcon: speed / size ratio - very good. +* Aaron - should we think about it? + Alan: based on early extrapolation this thing will get able to break EC cryptography in 2050. But that’s a lot of uncertainty. But there is magic happening with recursions / linking / simulation and that can speedup the progress. + +Other ideas + +* Let’s say we use the same key and two different address algorithms for 2 different use cases. Is it still safe to use it? Alan: if we want to hide the public key (which is not our use case), then it’s less secure but there are fixes. + +### References + +* [Notes](https://hackmd.io/_NGWI4xZSbKzj1BkCqyZMw) diff --git a/copy-of-sdk-docs/build/architecture/adr-029-fee-grant-module.md b/copy-of-sdk-docs/build/architecture/adr-029-fee-grant-module.md new file mode 100644 index 00000000..597ea5f7 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-029-fee-grant-module.md @@ -0,0 +1,153 @@ +# ADR 029: Fee Grant Module + +## Changelog + +* 2020/08/18: Initial Draft +* 2021/05/05: Removed height based expiration support and simplified naming. + +## Status + +Accepted + +## Context + +In order to make blockchain transactions, the signing account must possess a sufficient balance of the right denomination +in order to pay fees. There are classes of transactions where needing to maintain a wallet with sufficient fees is a +barrier to adoption. + +For instance, when proper permissions are set up, someone may temporarily delegate the ability to vote on proposals to +a "burner" account that is stored on a mobile phone with only minimal security. + +Other use cases include workers tracking items in a supply chain or farmers submitting field data for analytics +or compliance purposes. + +For all of these use cases, UX would be significantly enhanced by obviating the need for these accounts to always +maintain the appropriate fee balance. This is especially true if we want to achieve enterprise adoption for something +like supply chain tracking. + +While one solution would be to have a service that fills up these accounts automatically with the appropriate fees, a better UX +would be provided by allowing these accounts to pull from a common fee pool account with proper spending limits. +A single pool would reduce the churn of making lots of small "fill up" transactions and also more effectively leverage +the resources of the organization setting up the pool. + +## Decision + +As a solution we propose a module, `x/feegrant` which allows one account, the "granter" to grant another account, the "grantee" +an allowance to spend the granter's account balance for fees within certain well-defined limits. + +Fee allowances are defined by the extensible `FeeAllowanceI` interface: + +```go +type FeeAllowanceI { + // Accept can use fee payment requested as well as timestamp of the current block + // to determine whether or not to process this. This is checked in + // Keeper.UseGrantedFees and the return values should match how it is handled there. + // + // If it returns an error, the fee payment is rejected, otherwise it is accepted. + // The FeeAllowance implementation is expected to update it's internal state + // and will be saved again after an acceptance. + // + // If remove is true (regardless of the error), the FeeAllowance will be deleted from storage + // (eg. when it is used up). (See call to RevokeFeeAllowance in Keeper.UseGrantedFees) + Accept(ctx sdk.Context, fee sdk.Coins, msgs []sdk.Msg) (remove bool, err error) + + // ValidateBasic should evaluate this FeeAllowance for internal consistency. + // Don't allow negative amounts, or negative periods for example. + ValidateBasic() error +} +``` + +Two basic fee allowance types, `BasicAllowance` and `PeriodicAllowance` are defined to support known use cases: + +```protobuf +// BasicAllowance implements FeeAllowanceI with a one-time grant of tokens +// that optionally expires. The delegatee can use up to SpendLimit to cover fees. +message BasicAllowance { + // spend_limit specifies the maximum amount of tokens that can be spent + // by this allowance and will be updated as tokens are spent. If it is + // empty, there is no spend limit and any amount of coins can be spent. + repeated cosmos_sdk.v1.Coin spend_limit = 1; + + // expiration specifies an optional time when this allowance expires + google.protobuf.Timestamp expiration = 2; +} + +// PeriodicAllowance extends FeeAllowanceI to allow for both a maximum cap, +// as well as a limit per time period. +message PeriodicAllowance { + BasicAllowance basic = 1; + + // period specifies the time duration in which period_spend_limit coins can + // be spent before that allowance is reset + google.protobuf.Duration period = 2; + + // period_spend_limit specifies the maximum number of coins that can be spent + // in the period + repeated cosmos_sdk.v1.Coin period_spend_limit = 3; + + // period_can_spend is the number of coins left to be spent before the period_reset time + repeated cosmos_sdk.v1.Coin period_can_spend = 4; + + // period_reset is the time at which this period resets and a new one begins, + // it is calculated from the start time of the first transaction after the + // last period ended + google.protobuf.Timestamp period_reset = 5; +} + +``` + +Allowances can be granted and revoked using `MsgGrantAllowance` and `MsgRevokeAllowance`: + +```protobuf +// MsgGrantAllowance adds permission for Grantee to spend up to Allowance +// of fees from the account of Granter. +message MsgGrantAllowance { + string granter = 1; + string grantee = 2; + google.protobuf.Any allowance = 3; + } + + // MsgRevokeAllowance removes any existing FeeAllowance from Granter to Grantee. + message MsgRevokeAllowance { + string granter = 1; + string grantee = 2; + } +``` + +In order to use allowances in transactions, we add a new field `granter` to the transaction `Fee` type: + +```protobuf +package cosmos.tx.v1beta1; + +message Fee { + repeated cosmos.base.v1beta1.Coin amount = 1; + uint64 gas_limit = 2; + string payer = 3; + string granter = 4; +} +``` + +`granter` must either be left empty or must correspond to an account which has granted +a fee allowance to the fee payer (either the first signer or the value of the `payer` field). + +A new `AnteDecorator` named `DeductGrantedFeeDecorator` will be created in order to process transactions with `fee_payer` +set and correctly deduct fees based on fee allowances. + +## Consequences + +### Positive + +* improved UX for use cases where it is cumbersome to maintain an account balance just for fees + +### Negative + +### Neutral + +* a new field must be added to the transaction `Fee` message and a new `AnteDecorator` must be +created to use it + +## References + +* Blog article describing initial work: https://medium.com/regen-network/hacking-the-cosmos-cosmwasm-and-key-management-a08b9f561d1b +* Initial public specification: https://gist.github.com/aaronc/b60628017352df5983791cad30babe56 +* Original subkeys proposal from B-harvest which influenced this design: https://github.com/cosmos/cosmos-sdk/issues/4480 diff --git a/copy-of-sdk-docs/build/architecture/adr-030-authz-module.md b/copy-of-sdk-docs/build/architecture/adr-030-authz-module.md new file mode 100644 index 00000000..e8b64f18 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-030-authz-module.md @@ -0,0 +1,258 @@ +# ADR 030: Authorization Module + +## Changelog + +* 2019-11-06: Initial Draft +* 2020-10-12: Updated Draft +* 2020-11-13: Accepted +* 2020-05-06: proto API updates, use `sdk.Msg` instead of `sdk.ServiceMsg` (the latter concept was removed from Cosmos SDK) +* 2022-04-20: Updated the `SendAuthorization` proto docs to clarify the `SpendLimit` is a required field. (Generic authorization can be used with bank msg type url to create limit less bank authorization) + +## Status + +Accepted + +## Abstract + +This ADR defines the `x/authz` module which allows accounts to grant authorizations to perform actions +on behalf of that account to other accounts. + +## Context + +The concrete use cases which motivated this module include: + +* the desire to delegate the ability to vote on proposals to other accounts besides the account which one has +delegated stake +* "sub-keys" functionality, as originally proposed in [\#4480](https://github.com/cosmos/cosmos-sdk/issues/4480) which +is a term used to describe the functionality provided by this module together with +the `fee_grant` module from [ADR 029](./adr-029-fee-grant-module.md) and the [group module](https://github.com/cosmos/cosmos-sdk/tree/main/x/group). + +The "sub-keys" functionality roughly refers to the ability for one account to grant some subset of its capabilities to +other accounts with possibly less robust, but easier to use security measures. For instance, a master account representing +an organization could grant the ability to spend small amounts of the organization's funds to individual employee accounts. +Or an individual (or group) with a multisig wallet could grant the ability to vote on proposals to any one of the member +keys. + +The current implementation is based on work done by the [Gaian's team at Hackatom Berlin 2019](https://github.com/cosmos-gaians/cosmos-sdk/tree/hackatom/x/delegation). + +## Decision + +We will create a module named `authz` which provides functionality for +granting arbitrary privileges from one account (the _granter_) to another account (the _grantee_). Authorizations +must be granted for a particular `Msg` service methods one by one using an implementation +of `Authorization` interface. + +### Types + +Authorizations determine exactly what privileges are granted. They are extensible +and can be defined for any `Msg` service method even outside of the module where +the `Msg` method is defined. `Authorization`s reference `Msg`s using their TypeURL. + +#### Authorization + +```go +type Authorization interface { + proto.Message + + // MsgTypeURL returns the fully-qualified Msg TypeURL (as described in ADR 020), + // which will process and accept or reject a request. + MsgTypeURL() string + + // Accept determines whether this grant permits the provided sdk.Msg to be performed, and if + // so provides an upgraded authorization instance. + Accept(ctx sdk.Context, msg sdk.Msg) (AcceptResponse, error) + + // ValidateBasic does a simple validation check that + // doesn't require access to any other information. + ValidateBasic() error +} + +// AcceptResponse instruments the controller of an authz message if the request is accepted +// and if it should be updated or deleted. +type AcceptResponse struct { + // If Accept=true, the controller can accept and authorization and handle the update. + Accept bool + // If Delete=true, the controller must delete the authorization object and release + // storage resources. + Delete bool + // Controller, who is calling Authorization.Accept must check if `Updated != nil`. If yes, + // it must use the updated version and handle the update on the storage level. + Updated Authorization +} +``` + +For example a `SendAuthorization` like this is defined for `MsgSend` that takes +a `SpendLimit` and updates it down to zero: + +```go +type SendAuthorization struct { + // SpendLimit specifies the maximum amount of tokens that can be spent + // by this authorization and will be updated as tokens are spent. This field is required. (Generic authorization + // can be used with bank msg type url to create limit less bank authorization). + SpendLimit sdk.Coins +} + +func (a SendAuthorization) MsgTypeURL() string { + return sdk.MsgTypeURL(&MsgSend{}) +} + +func (a SendAuthorization) Accept(ctx sdk.Context, msg sdk.Msg) (authz.AcceptResponse, error) { + mSend, ok := msg.(*MsgSend) + if !ok { + return authz.AcceptResponse{}, sdkerrors.ErrInvalidType.Wrap("type mismatch") + } + limitLeft, isNegative := a.SpendLimit.SafeSub(mSend.Amount) + if isNegative { + return authz.AcceptResponse{}, sdkerrors.ErrInsufficientFunds.Wrapf("requested amount is more than spend limit") + } + if limitLeft.IsZero() { + return authz.AcceptResponse{Accept: true, Delete: true}, nil + } + + return authz.AcceptResponse{Accept: true, Delete: false, Updated: &SendAuthorization{SpendLimit: limitLeft}}, nil +} +``` + +A different type of capability for `MsgSend` could be implemented +using the `Authorization` interface with no need to change the underlying +`bank` module. + +##### Small notes on `AcceptResponse` + +* The `AcceptResponse.Accept` field will be set to `true` if the authorization is accepted. +However, if it is rejected, the function `Accept` will raise an error (without setting `AcceptResponse.Accept` to `false`). + +* The `AcceptResponse.Updated` field will be set to a non-nil value only if there is a real change to the authorization. +If authorization remains the same (as is, for instance, always the case for a [`GenericAuthorization`](#genericauthorization)), +the field will be `nil`. + +### `Msg` Service + +```protobuf +service Msg { + // Grant grants the provided authorization to the grantee on the granter's + // account with the provided expiration time. + rpc Grant(MsgGrant) returns (MsgGrantResponse); + + // Exec attempts to execute the provided messages using + // authorizations granted to the grantee. Each message should have only + // one signer corresponding to the granter of the authorization. + rpc Exec(MsgExec) returns (MsgExecResponse); + + // Revoke revokes any authorization corresponding to the provided method name on the + // granter's account that has been granted to the grantee. + rpc Revoke(MsgRevoke) returns (MsgRevokeResponse); +} + +// Grant gives permissions to execute +// the provided method with expiration time. +message Grant { + google.protobuf.Any authorization = 1 [(cosmos_proto.accepts_interface) = "cosmos.authz.v1beta1.Authorization"]; + google.protobuf.Timestamp expiration = 2 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false]; +} + +message MsgGrant { + string granter = 1; + string grantee = 2; + + Grant grant = 3 [(gogoproto.nullable) = false]; +} + +message MsgExecResponse { + cosmos.base.abci.v1beta1.Result result = 1; +} + +message MsgExec { + string grantee = 1; + // Authorization Msg requests to execute. Each msg must implement Authorization interface + repeated google.protobuf.Any msgs = 2 [(cosmos_proto.accepts_interface) = "cosmos.base.v1beta1.Msg"]; +} +``` + +### Router Middleware + +The `authz` `Keeper` will expose a `DispatchActions` method which allows other modules to send `Msg`s +to the router based on `Authorization` grants: + +```go +type Keeper interface { + // DispatchActions routes the provided msgs to their respective handlers if the grantee was granted an authorization + // to send those messages by the first (and only) signer of each msg. + DispatchActions(ctx sdk.Context, grantee sdk.AccAddress, msgs []sdk.Msg) sdk.Result` +} +``` + +### CLI + +#### `tx exec` Method + +When a CLI user wants to run a transaction on behalf of another account using `MsgExec`, they +can use the `exec` method. For instance `gaiacli tx gov vote 1 yes --from --generate-only | gaiacli tx authz exec --send-as --from ` +would send a transaction like this: + +```go +MsgExec { + Grantee: mykey, + Msgs: []sdk.Msg{ + MsgVote { + ProposalID: 1, + Voter: cosmos3thsdgh983egh823 + Option: Yes + } + } +} +``` + +#### `tx grant --from ` + +This CLI command will send a `MsgGrant` transaction. `authorization` should be encoded as +JSON on the CLI. + +#### `tx revoke --from ` + +This CLI command will send a `MsgRevoke` transaction. + +### Built-in Authorizations + +#### `SendAuthorization` + +```protobuf +// SendAuthorization allows the grantee to spend up to spend_limit coins from +// the granter's account. +message SendAuthorization { + repeated cosmos.base.v1beta1.Coin spend_limit = 1; +} +``` + +#### `GenericAuthorization` + +```protobuf +// GenericAuthorization gives the grantee unrestricted permissions to execute +// the provided method on behalf of the granter's account. +message GenericAuthorization { + option (cosmos_proto.implements_interface) = "Authorization"; + + // Msg, identified by it's type URL, to grant unrestricted permissions to execute + string msg = 1; +} +``` + +## Consequences + +### Positive + +* Users will be able to authorize arbitrary actions on behalf of their accounts to other +users, improving key management for many use cases +* The solution is more generic than previously considered approaches and the +`Authorization` interface approach can be extended to cover other use cases by +SDK users + +### Negative + +### Neutral + +## References + +* Initial Hackatom implementation: https://github.com/cosmos-gaians/cosmos-sdk/tree/hackatom/x/delegation +* Post-Hackatom spec: https://gist.github.com/aaronc/b60628017352df5983791cad30babe56#delegation-module +* B-Harvest subkeys spec: https://github.com/cosmos/cosmos-sdk/issues/4480 diff --git a/copy-of-sdk-docs/build/architecture/adr-031-msg-service.md b/copy-of-sdk-docs/build/architecture/adr-031-msg-service.md new file mode 100644 index 00000000..65d3bc5c --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-031-msg-service.md @@ -0,0 +1,202 @@ +# ADR 031: Protobuf Msg Services + +## Changelog + +* 2020-10-05: Initial Draft +* 2021-04-21: Remove `ServiceMsg`s to follow Protobuf `Any`'s spec, see [#9063](https://github.com/cosmos/cosmos-sdk/issues/9063). + +## Status + +Accepted + +## Abstract + +We want to leverage protobuf `service` definitions for defining `Msg`s, which will give us significant developer UX +improvements in terms of the code that is generated and the fact that return types will now be well defined. + +## Context + +Currently `Msg` handlers in the Cosmos SDK have return values that are placed in the `data` field of the response. +These return values, however, are not specified anywhere except in the golang handler code. + +In early conversations [it was proposed](https://docs.google.com/document/d/1eEgYgvgZqLE45vETjhwIw4VOqK-5hwQtZtjVbiXnIGc/edit) +that `Msg` return types be captured using a protobuf extension field, ex: + +```protobuf +package cosmos.gov; + +message MsgSubmitProposal + option (cosmos_proto.msg_return) = “uint64”; + string delegator_address = 1; + string validator_address = 2; + repeated sdk.Coin amount = 3; +} +``` + +This was never adopted, however. + +Having a well-specified return value for `Msg`s would improve client UX. For instance, +in `x/gov`, `MsgSubmitProposal` returns the proposal ID as a big-endian `uint64`. +This isn’t really documented anywhere and clients would need to know the internals +of the Cosmos SDK to parse that value and return it to users. + +Also, there may be cases where we want to use these return values programmatically. +For instance, https://github.com/cosmos/cosmos-sdk/issues/7093 proposes a method for +doing inter-module Ocaps using the `Msg` router. A well-defined return type would +improve the developer UX for this approach. + +In addition, handler registration of `Msg` types tends to add a bit of +boilerplate on top of keepers and is usually done through manual type switches. +This isn't necessarily bad, but it does add overhead to creating modules. + +## Decision + +We decide to use protobuf `service` definitions for defining `Msg`s as well as +the code generated by them as a replacement for `Msg` handlers. + +Below we define how this will look for the `SubmitProposal` message from `x/gov` module. +We start with a `Msg` `service` definition: + +```protobuf +package cosmos.gov; + +service Msg { + rpc SubmitProposal(MsgSubmitProposal) returns (MsgSubmitProposalResponse); +} + +// Note that for backwards compatibility this uses MsgSubmitProposal as the request +// type instead of the more canonical MsgSubmitProposalRequest +message MsgSubmitProposal { + google.protobuf.Any content = 1; + string proposer = 2; +} + +message MsgSubmitProposalResponse { + uint64 proposal_id; +} +``` + +While this is most commonly used for gRPC, overloading protobuf `service` definitions like this does not violate +the intent of the [protobuf spec](https://developers.google.com/protocol-buffers/docs/proto3#services) which says: +> If you don’t want to use gRPC, it’s also possible to use protocol buffers with your own RPC implementation. +With this approach, we would get an auto-generated `MsgServer` interface: + +In addition to clearly specifying return types, this has the benefit of generating client and server code. On the server +side, this is almost like an automatically generated keeper method and could maybe be used instead of keepers eventually +(see [\#7093](https://github.com/cosmos/cosmos-sdk/issues/7093)): + +```go +package gov + +type MsgServer interface { + SubmitProposal(context.Context, *MsgSubmitProposal) (*MsgSubmitProposalResponse, error) +} +``` + +On the client side, developers could take advantage of this by creating RPC implementations that encapsulate transaction +logic. Protobuf libraries that use asynchronous callbacks, like [protobuf.js](https://github.com/protobufjs/protobuf.js#using-services) +could use this to register callbacks for specific messages even for transactions that include multiple `Msg`s. + +Each `Msg` service method should have exactly one request parameter: its corresponding `Msg` type. For example, the `Msg` service method `/cosmos.gov.v1beta1.Msg/SubmitProposal` above has exactly one request parameter, namely the `Msg` type `/cosmos.gov.v1beta1.MsgSubmitProposal`. It is important the reader understands clearly the nomenclature difference between a `Msg` service (a Protobuf service) and a `Msg` type (a Protobuf message), and the differences in their fully-qualified name. + +This convention has been decided over the more canonical `Msg...Request` names mainly for backwards compatibility, but also for better readability in `TxBody.messages` (see [Encoding section](#encoding) below): transactions containing `/cosmos.gov.MsgSubmitProposal` read better than those containing `/cosmos.gov.v1beta1.MsgSubmitProposalRequest`. + +One consequence of this convention is that each `Msg` type can be the request parameter of only one `Msg` service method. However, we consider this limitation a good practice in explicitness. + +### Encoding + +Encoding of transactions generated with `Msg` services does not differ from current Protobuf transaction encoding as defined in [ADR-020](./adr-020-protobuf-transaction-encoding.md). We are encoding `Msg` types (which are exactly `Msg` service methods' request parameters) as `Any` in `Tx`s which involves packing the +binary-encoded `Msg` with its type URL. + +### Decoding + +Since `Msg` types are packed into `Any`, decoding transaction messages is done by unpacking `Any`s into `Msg` types. For more information, please refer to [ADR-020](./adr-020-protobuf-transaction-encoding.md#transactions). + +### Routing + +We propose to add a `msg_service_router` in BaseApp. This router is a key/value map which maps `Msg` types' `type_url`s to their corresponding `Msg` service method handler. Since there is a 1-to-1 mapping between `Msg` types and `Msg` service method, the `msg_service_router` has exactly one entry per `Msg` service method. + +When a transaction is processed by BaseApp (in CheckTx or in DeliverTx), its `TxBody.messages` are decoded as `Msg`s. Each `Msg`'s `type_url` is matched against an entry in the `msg_service_router`, and the respective `Msg` service method handler is called. + +For backward compatibility, the old handlers are not removed yet. If BaseApp receives a legacy `Msg` with no corresponding entry in the `msg_service_router`, it will be routed via its legacy `Route()` method into the legacy handler. + +### Module Configuration + +In [ADR 021](./adr-021-protobuf-query-encoding.md), we introduced a method `RegisterQueryService` +to `AppModule` which allows for modules to register gRPC queriers. + +To register `Msg` services, we attempt a more extensible approach by converting `RegisterQueryService` +to a more generic `RegisterServices` method: + +```go +type AppModule interface { + RegisterServices(Configurator) + ... +} + +type Configurator interface { + QueryServer() grpc.Server + MsgServer() grpc.Server +} + +// example module: +func (am AppModule) RegisterServices(cfg Configurator) { + types.RegisterQueryServer(cfg.QueryServer(), keeper) + types.RegisterMsgServer(cfg.MsgServer(), keeper) +} +``` + +The `RegisterServices` method and the `Configurator` interface are intended to +evolve to satisfy the use cases discussed in [\#7093](https://github.com/cosmos/cosmos-sdk/issues/7093) +and [\#7122](https://github.com/cosmos/cosmos-sdk/issues/7421). + +When `Msg` services are registered, the framework _should_ verify that all `Msg` types +implement the `sdk.Msg` interface and throw an error during initialization rather +than later when transactions are processed. + +### `Msg` Service Implementation + +Just like query services, `Msg` service methods can retrieve the `sdk.Context` +from the `context.Context` parameter using the `sdk.UnwrapSDKContext` +method: + +```go +package gov + +func (k Keeper) SubmitProposal(goCtx context.Context, params *types.MsgSubmitProposal) (*MsgSubmitProposalResponse, error) { + ctx := sdk.UnwrapSDKContext(goCtx) + ... +} +``` + +The `sdk.Context` should have an `EventManager` already attached by BaseApp's `msg_service_router`. + +Separate handler definition is no longer needed with this approach. + +## Consequences + +This design changes how a module functionality is exposed and accessed. It deprecates the existing `Handler` interface and `AppModule.Route` in favor of [Protocol Buffer Services](https://developers.google.com/protocol-buffers/docs/proto3#services) and Service Routing described above. This dramatically simplifies the code. We don't need to create handlers and keepers any more. Use of Protocol Buffer auto-generated clients clearly separates the communication interfaces between the module and a modules user. The control logic (aka handlers and keepers) is not exposed any more. A module interface can be seen as a black box accessible through a client API. It's worth to note that the client interfaces are also generated by Protocol Buffers. + +This also allows us to change how we perform functional tests. Instead of mocking AppModules and Router, we will mock a client (server will stay hidden). More specifically: we will never mock `moduleA.MsgServer` in `moduleB`, but rather `moduleA.MsgClient`. One can think about it as working with external services (eg DBs, or online servers...). We assume that the transmission between clients and servers is correctly handled by generated Protocol Buffers. + +Finally, closing a module to client API opens desirable OCAP patterns discussed in ADR-033. Since server implementation and interface is hidden, nobody can hold "keepers"/servers and will be forced to relay on the client interface, which will drive developers for correct encapsulation and software engineering patterns. + +### Pros + +* communicates return type clearly +* manual handler registration and return type marshaling is no longer needed, just implement the interface and register it +* communication interface is automatically generated, the developer can now focus only on the state transition methods - this would improve the UX of [\#7093](https://github.com/cosmos/cosmos-sdk/issues/7093) approach (1) if we chose to adopt that +* generated client code could be useful for clients and tests +* dramatically reduces and simplifies the code + +### Cons + +* using `service` definitions outside the context of gRPC could be confusing (but doesn’t violate the proto3 spec) + +## References + +* [Initial Github Issue \#7122](https://github.com/cosmos/cosmos-sdk/issues/7122) +* [proto 3 Language Guide: Defining Services](https://developers.google.com/protocol-buffers/docs/proto3#services) +* [Initial pre-`Any` `Msg` designs](https://docs.google.com/document/d/1eEgYgvgZqLE45vETjhwIw4VOqK-5hwQtZtjVbiXnIGc) +* [ADR 020](./adr-020-protobuf-transaction-encoding.md) +* [ADR 021](./adr-021-protobuf-query-encoding.md) diff --git a/copy-of-sdk-docs/build/architecture/adr-032-typed-events.md b/copy-of-sdk-docs/build/architecture/adr-032-typed-events.md new file mode 100644 index 00000000..0a5122da --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-032-typed-events.md @@ -0,0 +1,319 @@ +# ADR 032: Typed Events + +## Changelog + +* 28-Sept-2020: Initial Draft + +## Authors + +* Anil Kumar (@anilcse) +* Jack Zampolin (@jackzampolin) +* Adam Bozanich (@boz) + +## Status + +Proposed + +## Abstract + +Currently in the Cosmos SDK, events are defined in the handlers for each message as well as `BeginBlock` and `EndBlock`. Each module doesn't have types defined for each event, they are implemented as `map[string]string`. Above all else this makes these events difficult to consume as it requires a great deal of raw string matching and parsing. This proposal focuses on updating the events to use **typed events** defined in each module such that emitting and subscribing to events will be much easier. This workflow comes from the experience of the Akash Network team. + +## Context + +Currently in the Cosmos SDK, events are defined in the handlers for each message, meaning each module doesn't have a canonical set of types for each event. Above all else this makes these events difficult to consume as it requires a great deal of raw string matching and parsing. This proposal focuses on updating the events to use **typed events** defined in each module such that emitting and subscribing to events will be much easier. This workflow comes from the experience of the Akash Network team. + +[Our platform](http://github.com/ovrclk/akash) requires a number of programmatic on chain interactions both on the provider (datacenter - to bid on new orders and listen for leases created) and user (application developer - to send the app manifest to the provider) side. In addition the Akash team is now maintaining the IBC [`relayer`](https://github.com/ovrclk/relayer), another very event driven process. In working on these core pieces of infrastructure, and integrating lessons learned from Kubernetes development, our team has developed a standard method for defining and consuming typed events in Cosmos SDK modules. We have found that it is extremely useful in building this type of event driven application. + +As the Cosmos SDK gets used more extensively for apps like `peggy`, other peg zones, IBC, DeFi, etc... there will be an exploding demand for event driven applications to support new features desired by users. We propose upstreaming our findings into the Cosmos SDK to enable all Cosmos SDK applications to quickly and easily build event driven apps to aid their core application. Wallets, exchanges, explorers, and defi protocols all stand to benefit from this work. + +If this proposal is accepted, users will be able to build event driven Cosmos SDK apps in go by just writing `EventHandler`s for their specific event types and passing them to `EventEmitters` that are defined in the Cosmos SDK. + +The end of this proposal contains a detailed example of how to consume events after this refactor. + +This proposal is specifically about how to consume these events as a client of the blockchain, not for intermodule communication. + +## Decision + +**Step-1**: Implement additional functionality in the `types` package: `EmitTypedEvent` and `ParseTypedEvent` functions + +```go +// types/events.go + +// EmitTypedEvent takes typed event and emits converting it into sdk.Event +func (em *EventManager) EmitTypedEvent(event proto.Message) error { + evtType := proto.MessageName(event) + evtJSON, err := codec.ProtoMarshalJSON(event) + if err != nil { + return err + } + + var attrMap map[string]json.RawMessage + err = json.Unmarshal(evtJSON, &attrMap) + if err != nil { + return err + } + + var attrs []abci.EventAttribute + for k, v := range attrMap { + attrs = append(attrs, abci.EventAttribute{ + Key: []byte(k), + Value: v, + }) + } + + em.EmitEvent(Event{ + Type: evtType, + Attributes: attrs, + }) + + return nil +} + +// ParseTypedEvent converts abci.Event back to typed event +func ParseTypedEvent(event abci.Event) (proto.Message, error) { + concreteGoType := proto.MessageType(event.Type) + if concreteGoType == nil { + return nil, fmt.Errorf("failed to retrieve the message of type %q", event.Type) + } + + var value reflect.Value + if concreteGoType.Kind() == reflect.Ptr { + value = reflect.New(concreteGoType.Elem()) + } else { + value = reflect.Zero(concreteGoType) + } + + protoMsg, ok := value.Interface().(proto.Message) + if !ok { + return nil, fmt.Errorf("%q does not implement proto.Message", event.Type) + } + + attrMap := make(map[string]json.RawMessage) + for _, attr := range event.Attributes { + attrMap[string(attr.Key)] = attr.Value + } + + attrBytes, err := json.Marshal(attrMap) + if err != nil { + return nil, err + } + + err = jsonpb.Unmarshal(strings.NewReader(string(attrBytes)), protoMsg) + if err != nil { + return nil, err + } + + return protoMsg, nil +} +``` + +Here, the `EmitTypedEvent` is a method on `EventManager` which takes typed event as input and apply json serialization on it. Then it maps the JSON key/value pairs to `event.Attributes` and emits it in form of `sdk.Event`. `Event.Type` will be the type URL of the proto message. + +When we subscribe to emitted events on the CometBFT websocket, they are emitted in the form of an `abci.Event`. `ParseTypedEvent` parses the event back to it's original proto message. + +**Step-2**: Add proto definitions for typed events for msgs in each module: + +For example, let's take `MsgSubmitProposal` of `gov` module and implement this event's type. + +```protobuf +// proto/cosmos/gov/v1beta1/gov.proto +// Add typed event definition + +package cosmos.gov.v1beta1; + +message EventSubmitProposal { + string from_address = 1; + uint64 proposal_id = 2; + TextProposal proposal = 3; +} +``` + +**Step-3**: Refactor event emission to use the typed event created and emit using `sdk.EmitTypedEvent`: + +```go +// x/gov/handler.go +func handleMsgSubmitProposal(ctx sdk.Context, keeper keeper.Keeper, msg types.MsgSubmitProposalI) (*sdk.Result, error) { + ... + types.Context.EventManager().EmitTypedEvent( + &EventSubmitProposal{ + FromAddress: fromAddress, + ProposalId: id, + Proposal: proposal, + }, + ) + ... +} +``` + +### How to subscribe to these typed events in `Client` + +> NOTE: Full code example below + +Users will be able to subscribe using `client.Context.Client.Subscribe` and consume events which are emitted using `EventHandler`s. + +Akash Network has built a simple [`pubsub`](https://github.com/ovrclk/akash/blob/90d258caeb933b611d575355b8df281208a214f8/pubsub/bus.go#L20). This can be used to subscribe to `abci.Events` and [publish](https://github.com/ovrclk/akash/blob/90d258caeb933b611d575355b8df281208a214f8/events/publish.go#L21) them as typed events. + +Please see the below code sample for more detail on how this flow looks for clients. + +## Consequences + +### Positive + +* Improves consistency of implementation for the events currently in the Cosmos SDK +* Provides a much more ergonomic way to handle events and facilitates writing event driven applications +* This implementation will support a middleware ecosystem of `EventHandler`s + +### Negative + +## Detailed code example of publishing events + +This ADR also proposes adding affordances to emit and consume these events. This way developers will only need to write +`EventHandler`s which define the actions they desire to take. + +```go +// EventEmitter is a type that describes event emitter functions +// This should be defined in `types/events.go` +type EventEmitter func(context.Context, client.Context, ...EventHandler) error + +// EventHandler is a type of function that handles events coming out of the event bus +// This should be defined in `types/events.go` +type EventHandler func(proto.Message) error + +// Sample use of the functions below +func main() { + ctx, cancel := context.WithCancel(context.Background()) + + if err := TxEmitter(ctx, client.Context{}.WithNodeURI("tcp://localhost:26657"), SubmitProposalEventHandler); err != nil { + cancel() + panic(err) + } + + return +} + +// SubmitProposalEventHandler is an example of an event handler that prints proposal details +// when any EventSubmitProposal is emitted. +func SubmitProposalEventHandler(ev proto.Message) (err error) { + switch event := ev.(type) { + // Handle governance proposal events creation events + case govtypes.EventSubmitProposal: + // Users define business logic here e.g. + fmt.Println(ev.FromAddress, ev.ProposalId, ev.Proposal) + return nil + default: + return nil + } +} + +// TxEmitter is an example of an event emitter that emits just transaction events. This can and +// should be implemented somewhere in the Cosmos SDK. The Cosmos SDK can include an EventEmitters for tm.event='Tx' +// and/or tm.event='NewBlock' (the new block events may contain typed events) +func TxEmitter(ctx context.Context, cliCtx client.Context, ehs ...EventHandler) (err error) { + // Instantiate and start CometBFT RPC client + client, err := cliCtx.GetNode() + if err != nil { + return err + } + + if err = client.Start(); err != nil { + return err + } + + // Start the pubsub bus + bus := pubsub.NewBus() + defer bus.Close() + + // Initialize a new error group + eg, ctx := errgroup.WithContext(ctx) + + // Publish chain events to the pubsub bus + eg.Go(func() error { + return PublishChainTxEvents(ctx, client, bus, simapp.ModuleBasics) + }) + + // Subscribe to the bus events + subscriber, err := bus.Subscribe() + if err != nil { + return err + } + + // Handle all the events coming out of the bus + eg.Go(func() error { + var err error + for { + select { + case <-ctx.Done(): + return nil + case <-subscriber.Done(): + return nil + case ev := <-subscriber.Events(): + for _, eh := range ehs { + if err = eh(ev); err != nil { + break + } + } + } + } + return nil + }) + + return group.Wait() +} + +// PublishChainTxEvents events using cmtclient. Waits on context shutdown signals to exit. +func PublishChainTxEvents(ctx context.Context, client cmtclient.EventsClient, bus pubsub.Bus, mb module.BasicManager) (err error) { + // Subscribe to transaction events + txch, err := client.Subscribe(ctx, "txevents", "tm.event='Tx'", 100) + if err != nil { + return err + } + + // Unsubscribe from transaction events on function exit + defer func() { + err = client.UnsubscribeAll(ctx, "txevents") + }() + + // Use errgroup to manage concurrency + g, ctx := errgroup.WithContext(ctx) + + // Publish transaction events in a goroutine + g.Go(func() error { + var err error + for { + select { + case <-ctx.Done(): + break + case ed := <-ch: + switch evt := ed.Data.(type) { + case cmttypes.EventDataTx: + if !evt.Result.IsOK() { + continue + } + // range over events, parse them using the basic manager and + // send them to the pubsub bus + for _, abciEv := range events { + typedEvent, err := sdk.ParseTypedEvent(abciEv) + if err != nil { + return err + } + if err := bus.Publish(typedEvent); err != nil { + bus.Close() + return + } + continue + } + } + } + } + return err + }) + + // Exit on error or context cancellation + return g.Wait() +} +``` + +## References + +* [Publish Custom Events via a bus](https://github.com/ovrclk/akash/blob/90d258caeb933b611d575355b8df281208a214f8/events/publish.go#L19-L58) +* [Consuming the events in `Client`](https://github.com/ovrclk/deploy/blob/bf6c633ab6c68f3026df59efd9982d6ca1bf0561/cmd/event-handlers.go#L57) diff --git a/copy-of-sdk-docs/build/architecture/adr-033-protobuf-inter-module-comm.md b/copy-of-sdk-docs/build/architecture/adr-033-protobuf-inter-module-comm.md new file mode 100644 index 00000000..acbc98e1 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-033-protobuf-inter-module-comm.md @@ -0,0 +1,400 @@ +# ADR 033: Protobuf-based Inter-Module Communication + +## Changelog + +* 2020-10-05: Initial Draft + +## Status + +Proposed + +## Abstract + +This ADR introduces a system for permissioned inter-module communication leveraging the protobuf `Query` and `Msg` +service definitions defined in [ADR 021](./adr-021-protobuf-query-encoding.md) and +[ADR 031](./adr-031-msg-service.md) which provides: + +* stable protobuf based module interfaces to potentially later replace the keeper paradigm +* stronger inter-module object capabilities (OCAPs) guarantees +* module accounts and sub-account authorization + +## Context + +In the current Cosmos SDK documentation on the [Object-Capability Model](../docs/learn/advanced/10-ocap.md), it is stated that: + +> We assume that a thriving ecosystem of Cosmos SDK modules that are easy to compose into a blockchain application will contain faulty or malicious modules. + +There is currently not a thriving ecosystem of Cosmos SDK modules. We hypothesize that this is in part due to: + +1. lack of a stable v1.0 Cosmos SDK to build modules off of. Module interfaces are changing, sometimes dramatically, from +point release to point release, often for good reasons, but this does not create a stable foundation to build on. +2. lack of a properly implemented object capability or even object-oriented encapsulation system which makes refactors +of module keeper interfaces inevitable because the current interfaces are poorly constrained. + +### `x/bank` Case Study + +Currently the `x/bank` keeper gives pretty much unrestricted access to any module which references it. For instance, the +`SetBalance` method allows the caller to set the balance of any account to anything, bypassing even proper tracking of supply. + +There appears to have been some later attempts to implement some semblance of OCAPs using module-level minting, staking +and burning permissions. These permissions allow a module to mint, burn or delegate tokens with reference to the module’s +own account. These permissions are actually stored as a `[]string` array on the `ModuleAccount` type in state. + +However, these permissions don’t really do much. They control what modules can be referenced in the `MintCoins`, +`BurnCoins` and `DelegateCoins***` methods, but for one there is no unique object capability token that controls access — +just a simple string. So the `x/upgrade` module could mint tokens for the `x/staking` module simply by calling +`MintCoins(“staking”)`. Furthermore, all modules which have access to these keeper methods, also have access to +`SetBalance` negating any other attempt at OCAPs and breaking even basic object-oriented encapsulation. + +## Decision + +Based on [ADR-021](./adr-021-protobuf-query-encoding.md) and [ADR-031](./adr-031-msg-service.md), we introduce the +Inter-Module Communication framework for secure module authorization and OCAPs. +When implemented, this could also serve as an alternative to the existing paradigm of passing keepers between +modules. The approach outlined here-in is intended to form the basis of a Cosmos SDK v1.0 that provides the necessary +stability and encapsulation guarantees that allow a thriving module ecosystem to emerge. + +Of particular note — the decision is to _enable_ this functionality for modules to adopt at their own discretion. +Proposals to migrate existing modules to this new paradigm will have to be a separate conversation, potentially +addressed as amendments to this ADR. + +### New "Keeper" Paradigm + +In [ADR 021](./adr-021-protobuf-query-encoding.md), a mechanism for using protobuf service definitions to define queriers +was introduced and in [ADR 31](./adr-031-msg-service.md), a mechanism for using protobuf service to define `Msg`s was added. +Protobuf service definitions generate two golang interfaces representing the client and server sides of a service plus +some helper code. Here is a minimal example for the bank `cosmos.bank.Msg/Send` message type: + +```go +package bank + +type MsgClient interface { + Send(context.Context, *MsgSend, opts ...grpc.CallOption) (*MsgSendResponse, error) +} + +type MsgServer interface { + Send(context.Context, *MsgSend) (*MsgSendResponse, error) +} +``` + +[ADR 021](./adr-021-protobuf-query-encoding.md) and [ADR 31](./adr-031-msg-service.md) specifies how modules can implement the generated `QueryServer` +and `MsgServer` interfaces as replacements for the legacy queriers and `Msg` handlers respectively. + +In this ADR we explain how modules can make queries and send `Msg`s to other modules using the generated `QueryClient` +and `MsgClient` interfaces and propose this mechanism as a replacement for the existing `Keeper` paradigm. To be clear, +this ADR does not necessitate the creation of new protobuf definitions or services. Rather, it leverages the same proto +based service interfaces already used by clients for inter-module communication. + +Using this `QueryClient`/`MsgClient` approach has the following key benefits over exposing keepers to external modules: + +1. Protobuf types are checked for breaking changes using [buf](https://buf.build/docs/breaking-overview) and because of +the way protobuf is designed this will give us strong backwards compatibility guarantees while allowing for forward +evolution. +2. The separation between the client and server interfaces will allow us to insert permission checking code in between +the two which checks if one module is authorized to send the specified `Msg` to the other module providing a proper +object capability system (see below). +3. The router for inter-module communication gives us a convenient place to handle rollback of transactions, +enabling atomicity of operations ([currently a problem](https://github.com/cosmos/cosmos-sdk/issues/8030)). Any failure within a module-to-module call would result in a failure of the entire +transaction + +This mechanism has the added benefits of: + +* reducing boilerplate through code generation, and +* allowing for modules in other languages either via a VM like CosmWasm or sub-processes using gRPC + +### Inter-module Communication + +To use the `Client` generated by the protobuf compiler we need a `grpc.ClientConn` [interface](https://github.com/grpc/grpc-go/blob/v1.49.x/clientconn.go#L441-L450) +implementation. For this we introduce +a new type, `ModuleKey`, which implements the `grpc.ClientConn` interface. `ModuleKey` can be thought of as the "private +key" corresponding to a module account, where authentication is provided through use of a special `Invoker()` function, +described in more detail below. + +Blockchain users (external clients) use their account's private key to sign transactions containing `Msg`s where they are listed as signers (each +message specifies required signers with `Msg.GetSigner`). The authentication check is performed by `AnteHandler`. + +Here, we extend this process, by allowing modules to be identified in `Msg.GetSigners`. When a module wants to trigger the execution a `Msg` in another module, +its `ModuleKey` acts as the sender (through the `ClientConn` interface we describe below) and is set as a sole "signer". It's worth to note +that we don't use any cryptographic signature in this case. +For example, module `A` could use its `A.ModuleKey` to create `MsgSend` object for `/cosmos.bank.Msg/Send` transaction. `MsgSend` validation +will assure that the `from` account (`A.ModuleKey` in this case) is the signer. + +Here's an example of a hypothetical module `foo` interacting with `x/bank`: + +```go +package foo + + +type FooMsgServer { + // ... + + bankQuery bank.QueryClient + bankMsg bank.MsgClient +} + +func NewFooMsgServer(moduleKey RootModuleKey, ...) FooMsgServer { + // ... + + return FooMsgServer { + // ... + modouleKey: moduleKey, + bankQuery: bank.NewQueryClient(moduleKey), + bankMsg: bank.NewMsgClient(moduleKey), + } +} + +func (foo *FooMsgServer) Bar(ctx context.Context, req *MsgBarRequest) (*MsgBarResponse, error) { + balance, err := foo.bankQuery.Balance(&bank.QueryBalanceRequest{Address: foo.moduleKey.Address(), Denom: "foo"}) + + ... + + res, err := foo.bankMsg.Send(ctx, &bank.MsgSendRequest{FromAddress: fooMsgServer.moduleKey.Address(), ...}) + + ... +} +``` + +This design is also intended to be extensible to cover use cases of more fine grained permissioning like minting by +denom prefix being restricted to certain modules (as discussed in +[#7459](https://github.com/cosmos/cosmos-sdk/pull/7459#discussion_r529545528)). + +### `ModuleKey`s and `ModuleID`s + +A `ModuleKey` can be thought of as a "private key" for a module account and a `ModuleID` can be thought of as the +corresponding "public key". From the [ADR 028](./adr-028-public-key-addresses.md), modules can have both a root module account and any number of sub-accounts +or derived accounts that can be used for different pools (ex. staking pools) or managed accounts (ex. group +accounts). We can also think of module sub-accounts as similar to derived keys - there is a root key and then some +derivation path. `ModuleID` is a simple struct which contains the module name and optional "derivation" path, +and forms its address based on the `AddressHash` method from [the ADR-028](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-028-public-key-addresses.md): + +```go +type ModuleID struct { + ModuleName string + Path []byte +} + +func (key ModuleID) Address() []byte { + return AddressHash(key.ModuleName, key.Path) +} +``` + +In addition to being able to generate a `ModuleID` and address, a `ModuleKey` contains a special function called +`Invoker` which is the key to safe inter-module access. The `Invoker` creates an `InvokeFn` closure which is used as an `Invoke` method in +the `grpc.ClientConn` interface and under the hood is able to route messages to the appropriate `Msg` and `Query` handlers +performing appropriate security checks on `Msg`s. This allows for even safer inter-module access than keeper's whose +private member variables could be manipulated through reflection. Golang does not support reflection on a function +closure's captured variables and direct manipulation of memory would be needed for a truly malicious module to bypass +the `ModuleKey` security. + +The two `ModuleKey` types are `RootModuleKey` and `DerivedModuleKey`: + +```go +type Invoker func(callInfo CallInfo) func(ctx context.Context, request, response interface{}, opts ...interface{}) error + +type CallInfo { + Method string + Caller ModuleID +} + +type RootModuleKey struct { + moduleName string + invoker Invoker +} + +func (rm RootModuleKey) Derive(path []byte) DerivedModuleKey { /* ... */} + +type DerivedModuleKey struct { + moduleName string + path []byte + invoker Invoker +} +``` + +A module can get access to a `DerivedModuleKey`, using the `Derive(path []byte)` method on `RootModuleKey` and then +would use this key to authenticate `Msg`s from a sub-account. Ex: + +```go +package foo + +func (fooMsgServer *MsgServer) Bar(ctx context.Context, req *MsgBar) (*MsgBarResponse, error) { + derivedKey := fooMsgServer.moduleKey.Derive(req.SomePath) + bankMsgClient := bank.NewMsgClient(derivedKey) + res, err := bankMsgClient.Balance(ctx, &bank.MsgSend{FromAddress: derivedKey.Address(), ...}) + ... +} +``` + +In this way, a module can gain permissioned access to a root account and any number of sub-accounts and send +authenticated `Msg`s from these accounts. The `Invoker` `callInfo.Caller` parameter is used under the hood to +distinguish between different module accounts, but either way the function returned by `Invoker` only allows `Msg`s +from either the root or a derived module account to pass through. + +Note that `Invoker` itself returns a function closure based on the `CallInfo` passed in. This will allow client implementations +in the future that cache the invoke function for each method type avoiding the overhead of hash table lookup. +This would reduce the performance overhead of this inter-module communication method to the bare minimum required for +checking permissions. + +To re-iterate, the closure only allows access to authorized calls. There is no access to anything else regardless of any +name impersonation. + +Below is a rough sketch of the implementation of `grpc.ClientConn.Invoke` for `RootModuleKey`: + +```go +func (key RootModuleKey) Invoke(ctx context.Context, method string, args, reply interface{}, opts ...grpc.CallOption) error { + f := key.invoker(CallInfo {Method: method, Caller: ModuleID {ModuleName: key.moduleName}}) + return f(ctx, args, reply) +} +``` + +### `AppModule` Wiring and Requirements + +In [ADR 031](./adr-031-msg-service.md), the `AppModule.RegisterService(Configurator)` method was introduced. To support +inter-module communication, we extend the `Configurator` interface to pass in the `ModuleKey` and to allow modules to +specify their dependencies on other modules using `RequireServer()`: + +```go +type Configurator interface { + MsgServer() grpc.Server + QueryServer() grpc.Server + + ModuleKey() ModuleKey + RequireServer(msgServer interface{}) +} +``` + +The `ModuleKey` is passed to modules in the `RegisterService` method itself so that `RegisterServices` serves as a single +entry point for configuring module services. This is intended to also have the side-effect of greatly reducing boilerplate in +`app.go`. For now, `ModuleKey`s will be created based on `AppModuleBasic.Name()`, but a more flexible system may be +introduced in the future. The `ModuleManager` will handle creation of module accounts behind the scenes. + +Because modules do not get direct access to each other anymore, modules may have unfulfilled dependencies. To make sure +that module dependencies are resolved at startup, the `Configurator.RequireServer` method should be added. The `ModuleManager` +will make sure that all dependencies declared with `RequireServer` can be resolved before the app starts. An example +module `foo` could declare its dependency on `x/bank` like this: + +```go +package foo + +func (am AppModule) RegisterServices(cfg Configurator) { + cfg.RequireServer((*bank.QueryServer)(nil)) + cfg.RequireServer((*bank.MsgServer)(nil)) +} +``` + +### Security Considerations + +In addition to checking for `ModuleKey` permissions, a few additional security precautions will need to be taken by +the underlying router infrastructure. + +#### Recursion and Re-entry + +Recursive or re-entrant method invocations pose a potential security threat. This can be a problem if Module A +calls Module B and Module B calls module A again in the same call. + +One basic way for the router system to deal with this is to maintain a call stack which prevents a module from +being referenced more than once in the call stack so that there is no re-entry. A `map[string]interface{}` table +in the router could be used to perform this security check. + +#### Queries + +Queries in Cosmos SDK are generally un-permissioned so allowing one module to query another module should not pose +any major security threats assuming basic precautions are taken. The basic precaution that the router system will +need to take is making sure that the `sdk.Context` passed to query methods does not allow writing to the store. This +can be done for now with a `CacheMultiStore` as is currently done for `BaseApp` queries. + +### Internal Methods + +In many cases, we may wish for modules to call methods on other modules which are not exposed to clients at all. For this +purpose, we add the `InternalServer` method to `Configurator`: + +```go +type Configurator interface { + MsgServer() grpc.Server + QueryServer() grpc.Server + InternalServer() grpc.Server +} +``` + +As an example, x/slashing's Slash must call x/staking's Slash, but we don't want to expose x/staking's Slash to end users +and clients. + +Internal protobuf services will be defined in a corresponding `internal.proto` file in the given module's +proto package. + +Services registered against `InternalServer` will be callable from other modules but not by external clients. + +An alternative solution to internal-only methods could involve hooks / plugins as discussed [here](https://github.com/cosmos/cosmos-sdk/pull/7459#issuecomment-733807753). +A more detailed evaluation of a hooks / plugin system will be addressed later in follow-ups to this ADR or as a separate +ADR. + +### Authorization + +By default, the inter-module router requires that messages are sent by the first signer returned by `GetSigners`. The +inter-module router should also accept authorization middleware such as that provided by [ADR 030](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-030-authz-module.md). +This middleware will allow accounts to authorize specific module accounts to perform actions on their behalf. +Authorization middleware should take into account the need to grant certain modules effectively "admin" privileges to +other modules. This will be addressed in separate ADRs or updates to this ADR. + +### Future Work + +Other future improvements may include: + +* custom code generation that: + * simplifies interfaces (ex. generates code with `sdk.Context` instead of `context.Context`) + * optimizes inter-module calls - for instance caching resolved methods after first invocation +* combining `StoreKey`s and `ModuleKey`s into a single interface so that modules have a single OCAPs handle +* code generation which makes inter-module communication more performant +* decoupling `ModuleKey` creation from `AppModuleBasic.Name()` so that app's can override root module account names +* inter-module hooks and plugins + +## Alternatives + +### MsgServices vs `x/capability` + +The `x/capability` module does provide a proper object-capability implementation that can be used by any module in the +Cosmos SDK and could even be used for inter-module OCAPs as described in [\#5931](https://github.com/cosmos/cosmos-sdk/issues/5931). + +The advantages of the approach described in this ADR are mostly around how it integrates with other parts of the Cosmos SDK, +specifically: + +* protobuf so that: + * code generation of interfaces can be leveraged for a better dev UX + * module interfaces are versioned and checked for breakage using [buf](https://docs.buf.build/breaking-overview) +* sub-module accounts as per ADR 028 +* the general `Msg` passing paradigm and the way signers are specified by `GetSigners` + +Also, this is a complete replacement for keepers and could be applied to _all_ inter-module communication whereas the +`x/capability` approach in #5931 would need to be applied method by method. + +## Consequences + +### Backwards Compatibility + +This ADR is intended to provide a pathway to a scenario where there is greater long term compatibility between modules. +In the short-term, this will likely result in breaking certain `Keeper` interfaces which are too permissive and/or +replacing `Keeper` interfaces altogether. + +### Positive + +* an alternative to keepers which can more easily lead to stable inter-module interfaces +* proper inter-module OCAPs +* improved module developer DevX, as commented on by several participants on + [Architecture Review Call, Dec 3](https://hackmd.io/E0wxxOvRQ5qVmTf6N_k84Q) +* lays the groundwork for what can be a greatly simplified `app.go` +* router can be setup to enforce atomic transactions for module-to-module calls + +### Negative + +* modules which adopt this will need significant refactoring + +### Neutral + +## Test Cases [optional] + +## References + +* [ADR 021](./adr-021-protobuf-query-encoding.md) +* [ADR 031](./adr-031-msg-service.md) +* [ADR 028](./adr-028-public-key-addresses.md) +* [ADR 030 draft](https://github.com/cosmos/cosmos-sdk/pull/7105) +* [Object-Capability Model](https://docs.network.com/main/core/ocap) diff --git a/copy-of-sdk-docs/build/architecture/adr-034-account-rekeying.md b/copy-of-sdk-docs/build/architecture/adr-034-account-rekeying.md new file mode 100644 index 00000000..06825c5d --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-034-account-rekeying.md @@ -0,0 +1,76 @@ +# ADR 034: Account Rekeying + +## Changelog + +* 30-09-2020: Initial Draft + +## Status + +PROPOSED + +## Abstract + +Account rekeying is a process that allows an account to replace its authentication pubkey with a new one. + +## Context + +Currently, in the Cosmos SDK, the address of an auth `BaseAccount` is based on the hash of the public key. Once an account is created, the public key for the account is set in stone, and cannot be changed. This can be a problem for users, as key rotation is a useful security practice, but is not possible currently. Furthermore, as multisigs are a type of pubkey, once a multisig for an account is set, it cannot be updated. This is problematic, as multisigs are often used by organizations or companies, who may need to change their set of multisig signers for internal reasons. + +Transferring all the assets of an account to a new account with the updated pubkey is not sufficient, because some "engagements" of an account are not easily transferable. For example, in staking, to transfer bonded Atoms, an account would have to unbond all delegations and wait the three-week unbonding period. Even more significantly, for validator operators, ownership over a validator is not transferable at all, meaning that the operator key for a validator can never be updated, leading to poor operational security for validators. + +## Decision + +We propose the addition of a new feature to `x/auth` that allows accounts to update the public key associated with their account, while keeping the address the same. + +This is possible because the Cosmos SDK `BaseAccount` stores the public key for an account in state, instead of making the assumption that the public key is included in the transaction (whether explicitly or implicitly through the signature) as in other blockchains such as Bitcoin and Ethereum. Because the public key is stored on chain, it is okay for the public key to not hash to the address of an account, as the address is not pertinent to the signature checking process. + +To build this system, we design a new Msg type as follows: + +```protobuf +service Msg { + rpc ChangePubKey(MsgChangePubKey) returns (MsgChangePubKeyResponse); +} + +message MsgChangePubKey { + string address = 1; + google.protobuf.Any pub_key = 2; +} + +message MsgChangePubKeyResponse {} +``` + +The MsgChangePubKey transaction needs to be signed by the existing pubkey in state. + +Once approved, the handler for this message type, which takes in the AccountKeeper, will update the in-state pubkey for the account and replace it with the pubkey from the Msg. + +An account that has had its pubkey changed cannot be automatically pruned from state. This is because if pruned, the original pubkey of the account would be needed to recreate the same address, but the owner of the address may not have the original pubkey anymore. Currently, we do not automatically prune any accounts anyways, but we would like to keep this option open down the road (this is the purpose of account numbers). To resolve this, we charge an additional gas fee for this operation to compensate for this externality (this bound gas amount is configured as a parameter `PubKeyChangeCost`). The bonus gas is charged inside the handler, using the `ConsumeGas` function. Furthermore, in the future, we can allow accounts that have rekeyed manually prune themselves using a new Msg type such as `MsgDeleteAccount`. Manually pruning accounts can give a gas refund as an incentive for performing the action. + +```go + amount := ak.GetParams(ctx).PubKeyChangeCost + ctx.GasMeter().ConsumeGas(amount, "pubkey change fee") +``` + +Every time a key for an address is changed, we will store a log of this change in the state of the chain, thus creating a stack of all previous keys for an address and the time intervals for which they were active. This allows dapps and clients to easily query past keys for an account which may be useful for features such as verifying timestamped off-chain signed messages. + +## Consequences + +### Positive + +* Will allow users and validator operators to employ better operational security practices with key rotation. +* Will allow organizations or groups to easily change and add/remove multisig signers. + +### Negative + +Breaks the current assumed relationship between address and pubkey as H(pubkey) = address. This has a couple of consequences. + +* This makes wallets that support this feature more complicated. For example, if an address on-chain was updated, the corresponding key in the CLI wallet also needs to be updated. +* Cannot automatically prune accounts with 0 balance that have had their pubkey changed. + +### Neutral + +* While the purpose of this is intended to allow the owner of an account to update to a new pubkey they own, this could technically also be used to transfer ownership of an account to a new owner. For example, this could be used to sell a staked position without unbonding or an account that has vesting tokens. However, the friction of this is very high as this would essentially have to be done as a very specific OTC trade. Furthermore, additional constraints could be added to prevent accounts with Vesting tokens to use this feature. +* Will require that PubKeys for an account are included in the genesis exports. + +## References + +* https://www.algorand.com/resources/blog/announcing-rekeying diff --git a/copy-of-sdk-docs/build/architecture/adr-035-rosetta-api-support.md b/copy-of-sdk-docs/build/architecture/adr-035-rosetta-api-support.md new file mode 100644 index 00000000..5b910262 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-035-rosetta-api-support.md @@ -0,0 +1,211 @@ +# ADR 035: Rosetta API Support + +## Authors + +* Jonathan Gimeno (@jgimeno) +* David Grierson (@senormonito) +* Alessio Treglia (@alessio) +* Frojdy Dymylja (@fdymylja) + +## Changelog + +* 2021-05-12: the external library [cosmos-rosetta-gateway](https://github.com/tendermint/cosmos-rosetta-gateway) has been moved within the Cosmos SDK. + +## Context + +[Rosetta API](https://www.rosetta-api.org/) is an open-source specification and set of tools developed by Coinbase to +standardise blockchain interactions. + +Through the use of a standard API for integrating blockchain applications it will + +* Be easier for a user to interact with a given blockchain +* Allow exchanges to integrate new blockchains quickly and easily +* Enable application developers to build cross-blockchain applications such as block explorers, wallets and dApps at + considerably lower cost and effort. + +## Decision + +It is clear that adding Rosetta API support to the Cosmos SDK will bring value to all the developers and +Cosmos SDK based chains in the ecosystem. How it is implemented is key. + +The driving principles of the proposed design are: + +1. **Extensibility:** it must be as riskless and painless as possible for application developers to set-up network + configurations to expose Rosetta API-compliant services. +2. **Long term support:** This proposal aims to provide support for all the Cosmos SDK release series. +3. **Cost-efficiency:** Backporting changes to Rosetta API specifications from `master` to the various stable + branches of Cosmos SDK is a cost that needs to be reduced. + +We will achieve these by delivering on these principles by the following: + +1. There will be a package `rosetta/lib` + for the implementation of the core Rosetta API features, particularly: + a. The types and interfaces (`Client`, `OfflineClient`...), this separates design from implementation detail. + b. The `Server` functionality as this is independent of the Cosmos SDK version. + c. The `Online/OfflineNetwork`, which is not exported, and implements the rosetta API using the `Client` interface to query the node, build tx and so on. + d. The `errors` package to extend rosetta errors. +2. Due to differences between the Cosmos release series, each series will have its own specific implementation of `Client` interface. +3. There will be two options for starting an API service in applications: + a. API shares the application process + b. API-specific process. + +## Architecture + +### The External Repo + +This section will describe the proposed external library, including the service implementation, plus the defined types and interfaces. + +#### Server + +`Server` is a simple `struct` that is started and listens to the port specified in the settings. This is meant to be used across all the Cosmos SDK versions that are actively supported. + +The constructor follows: + +`func NewServer(settings Settings) (Server, error)` + +`Settings`, which are used to construct a new server, are the following: + +```go +// Settings define the rosetta server settings +type Settings struct { + // Network contains the information regarding the network + Network *types.NetworkIdentifier + // Client is the online API handler + Client crgtypes.Client + // Listen is the address the handler will listen at + Listen string + // Offline defines if the rosetta service should be exposed in offline mode + Offline bool + // Retries is the number of readiness checks that will be attempted when instantiating the handler + // valid only for online API + Retries int + // RetryWait is the time that will be waited between retries + RetryWait time.Duration +} +``` + +#### Types + +Package types uses a mixture of rosetta types and custom defined type wrappers, that the client must parse and return while executing operations. + +##### Interfaces + +Every SDK version uses a different format to connect (rpc, gRPC, etc), query and build transactions, we have abstracted this in what is the `Client` interface. +The client uses rosetta types, whilst the `Online/OfflineNetwork` takes care of returning correctly parsed rosetta responses and errors. + +Each Cosmos SDK release series will have their own `Client` implementations. +Developers can implement their own custom `Client`s as required. + +```go +// Client defines the API the client implementation should provide. +type Client interface { + // Needed if the client needs to perform some action before connecting. + Bootstrap() error + // Ready checks if the servicer constraints for queries are satisfied + // for example the node might still not be ready, it's useful in process + // when the rosetta instance might come up before the node itself + // the servicer must return nil if the node is ready + Ready() error + + // Data API + + // Balances fetches the balance of the given address + // if height is not nil, then the balance will be displayed + // at the provided height, otherwise last block balance will be returned + Balances(ctx context.Context, addr string, height *int64) ([]*types.Amount, error) + // BlockByHashAlt gets a block and its transaction at the provided height + BlockByHash(ctx context.Context, hash string) (BlockResponse, error) + // BlockByHeightAlt gets a block given its height, if height is nil then last block is returned + BlockByHeight(ctx context.Context, height *int64) (BlockResponse, error) + // BlockTransactionsByHash gets the block, parent block and transactions + // given the block hash. + BlockTransactionsByHash(ctx context.Context, hash string) (BlockTransactionsResponse, error) + // BlockTransactionsByHeight gets the block, parent block and transactions + // given the block height. + BlockTransactionsByHeight(ctx context.Context, height *int64) (BlockTransactionsResponse, error) + // GetTx gets a transaction given its hash + GetTx(ctx context.Context, hash string) (*types.Transaction, error) + // GetUnconfirmedTx gets an unconfirmed Tx given its hash + // NOTE(fdymylja): NOT IMPLEMENTED YET! + GetUnconfirmedTx(ctx context.Context, hash string) (*types.Transaction, error) + // Mempool returns the list of the current non confirmed transactions + Mempool(ctx context.Context) ([]*types.TransactionIdentifier, error) + // Peers gets the peers currently connected to the node + Peers(ctx context.Context) ([]*types.Peer, error) + // Status returns the node status, such as sync data, version etc + Status(ctx context.Context) (*types.SyncStatus, error) + + // Construction API + + // PostTx posts txBytes to the node and returns the transaction identifier plus metadata related + // to the transaction itself. + PostTx(txBytes []byte) (res *types.TransactionIdentifier, meta map[string]interface{}, err error) + // ConstructionMetadataFromOptions + ConstructionMetadataFromOptions(ctx context.Context, options map[string]interface{}) (meta map[string]interface{}, err error) + OfflineClient +} + +// OfflineClient defines the functionalities supported without having access to the node +type OfflineClient interface { + NetworkInformationProvider + // SignedTx returns the signed transaction given the tx bytes (msgs) plus the signatures + SignedTx(ctx context.Context, txBytes []byte, sigs []*types.Signature) (signedTxBytes []byte, err error) + // TxOperationsAndSignersAccountIdentifiers returns the operations related to a transaction and the account + // identifiers if the transaction is signed + TxOperationsAndSignersAccountIdentifiers(signed bool, hexBytes []byte) (ops []*types.Operation, signers []*types.AccountIdentifier, err error) + // ConstructionPayload returns the construction payload given the request + ConstructionPayload(ctx context.Context, req *types.ConstructionPayloadsRequest) (resp *types.ConstructionPayloadsResponse, err error) + // PreprocessOperationsToOptions returns the options given the preprocess operations + PreprocessOperationsToOptions(ctx context.Context, req *types.ConstructionPreprocessRequest) (options map[string]interface{}, err error) + // AccountIdentifierFromPublicKey returns the account identifier given the public key + AccountIdentifierFromPublicKey(pubKey *types.PublicKey) (*types.AccountIdentifier, error) +} +``` + +### 2. Cosmos SDK Implementation + +The Cosmos SDK implementation, based on version, takes care of satisfying the `Client` interface. +In Stargate, Launchpad and 0.37, we have introduced the concept of rosetta.Msg, this message is not in the shared repository as the sdk.Msg type differs between Cosmos SDK versions. + +The rosetta.Msg interface follows: + +```go +// Msg represents a cosmos-sdk message that can be converted from and to a rosetta operation. +type Msg interface { + sdk.Msg + ToOperations(withStatus, hasError bool) []*types.Operation + FromOperations(ops []*types.Operation) (sdk.Msg, error) +} +``` + +Hence developers who want to extend the rosetta set of supported operations just need to extend their module's sdk.Msgs with the `ToOperations` and `FromOperations` methods. + +### 3. API service invocation + +As stated at the start, application developers will have two methods for invocation of the Rosetta API service: + +1. Shared process for both application and API +2. Standalone API service + +#### Shared Process (Only Stargate) + +Rosetta API service could run within the same execution process as the application. This would be enabled via app.toml settings, and if gRPC is not enabled the rosetta instance would be spun in offline mode (tx building capabilities only). + +#### Separate API service + +Client application developers can write a new command to launch a Rosetta API server as a separate process too, using the rosetta command contained in the `/server/rosetta` package. Construction of the command depends on Cosmos SDK version. Examples can be found inside `simd` for stargate, and `contrib/rosetta/simapp` for other release series. + +## Status + +Proposed + +## Consequences + +### Positive + +* Out-of-the-box Rosetta API support within Cosmos SDK. +* Blockchain interface standardisation + +## References + +* https://www.rosetta-api.org/ diff --git a/copy-of-sdk-docs/build/architecture/adr-036-arbitrary-signature.md b/copy-of-sdk-docs/build/architecture/adr-036-arbitrary-signature.md new file mode 100644 index 00000000..187a34e5 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-036-arbitrary-signature.md @@ -0,0 +1,132 @@ +# ADR 036: Arbitrary Message Signature Specification + +## Changelog + +* 28/10/2020 - Initial draft + +## Authors + +* Antoine Herzog (@antoineherzog) +* Zaki Manian (@zmanian) +* Aleksandr Bezobchuk (alexanderbez) [1] +* Frojdi Dymylja (@fdymylja) + +## Status + +Draft + +## Abstract + +Currently, in the Cosmos SDK, there is no convention to sign arbitrary messages like in Ethereum. We propose with this specification, for Cosmos SDK ecosystem, a way to sign and validate off-chain arbitrary messages. + +This specification serves the purpose of covering every use case; this means that Cosmos SDK application developers decide how to serialize and represent `Data` to users. + +## Context + +Having the ability to sign messages off-chain has proven to be a fundamental aspect of nearly any blockchain. The notion of signing messages off-chain has many added benefits such as saving on computational costs and reducing transaction throughput and overhead. Within the context of the Cosmos, some of the major applications of signing such data include, but is not limited to, providing a cryptographic secure and verifiable means of proving validator identity and possibly associating it with some other framework or organization. In addition, having the ability to sign Cosmos messages with a Ledger or similar HSM device. + +Further context and use cases can be found in the reference links. + +## Decision + +The aim is being able to sign arbitrary messages, even using Ledger or similar HSM devices. + +As a result, signed messages should look roughly like Cosmos SDK messages but **must not** be a valid on-chain transaction. `chain-id`, `account_number` and `sequence` can all be assigned invalid values. + +Cosmos SDK 0.40 also introduces a concept of “auth_info” this can specify SIGN_MODES. + +A spec should include an `auth_info` that supports SIGN_MODE_DIRECT and SIGN_MODE_LEGACY_AMINO. + +To create the `offchain` proto definitions, we extend the auth module with `offchain` package to offer functionalities to verify and sign offline messages. + +An offchain transaction follows these rules: + +* the memo must be empty +* nonce, sequence number must be equal to 0 +* chain-id must be equal to “” +* fee gas must be equal to 0 +* fee amount must be an empty array + +Verification of an offchain transaction follows the same rules as an onchain one, except for the spec differences highlighted above. + +The first message added to the `offchain` package is `MsgSignData`. + +`MsgSignData` allows developers to sign arbitrary bytes validatable offchain only. `Signer` is the account address of the signer. `Data` is arbitrary bytes which can represent `text`, `files`, `object`s. It's applications developers decision how `Data` should be deserialized, serialized and the object it can represent in their context. + +It's applications developers decision how `Data` should be treated, by treated we mean the serialization and deserialization process and the Object `Data` should represent. + +Proto definition: + +```protobuf +// MsgSignData defines an arbitrary, general-purpose, off-chain message +message MsgSignData { + // Signer is the sdk.AccAddress of the message signer + bytes Signer = 1 [(gogoproto.jsontag) = "signer", (gogoproto.casttype) = "github.com/cosmos/cosmos-sdk/types.AccAddress"]; + // Data represents the raw bytes of the content that is signed (text, json, etc) + bytes Data = 2 [(gogoproto.jsontag) = "data"]; +} +``` + +Signed MsgSignData json example: + +```json +{ + "type": "cosmos-sdk/StdTx", + "value": { + "msg": [ + { + "type": "sign/MsgSignData", + "value": { + "signer": "cosmos1hftz5ugqmpg9243xeegsqqav62f8hnywsjr4xr", + "data": "cmFuZG9t" + } + } + ], + "fee": { + "amount": [], + "gas": "0" + }, + "signatures": [ + { + "pub_key": { + "type": "tendermint/PubKeySecp256k1", + "value": "AqnDSiRoFmTPfq97xxEb2VkQ/Hm28cPsqsZm9jEVsYK9" + }, + "signature": "8y8i34qJakkjse9pOD2De+dnlc4KvFgh0wQpes4eydN66D9kv7cmCEouRrkka9tlW9cAkIL52ErB+6ye7X5aEg==" + } + ], + "memo": "" + } +} +``` + +## Consequences + +There is a specification on how messages, that are not meant to be broadcast to a live chain, should be formed. + +### Backwards Compatibility + +Backwards compatibility is maintained as this is a new message spec definition. + +### Positive + +* A common format that can be used by multiple applications to sign and verify off-chain messages. +* The specification is primitive which means it can cover every use case without limiting what is possible to fit inside it. +* It gives room for other off-chain messages specifications that aim to target more specific and common use cases such as off-chain-based authN/authZ layers [2]. + +### Negative + +* The current proposal requires a fixed relationship between an account address and a public key. +* Doesn't work with multisig accounts. + +## Further discussion + +* Regarding security in `MsgSignData`, the developer using `MsgSignData` is in charge of making the content contained in `Data` non-replayable when, and if, needed. +* The offchain package will be further extended with extra messages that target specific use cases such as, but not limited to, authentication in applications, payment channels, L2 solutions in general. + +## References + +1. https://github.com/cosmos/ics/pull/33 +2. https://github.com/cosmos/cosmos-sdk/pull/7727#discussion_r515668204 +3. https://github.com/cosmos/cosmos-sdk/pull/7727#issuecomment-722478477 +4. https://github.com/cosmos/cosmos-sdk/pull/7727#issuecomment-721062923 diff --git a/copy-of-sdk-docs/build/architecture/adr-037-gov-split-vote.md b/copy-of-sdk-docs/build/architecture/adr-037-gov-split-vote.md new file mode 100644 index 00000000..e7d6e693 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-037-gov-split-vote.md @@ -0,0 +1,111 @@ +# ADR 037: Governance split votes + +## Changelog + +* 2020/10/28: Initial draft + +## Status + +Accepted + +## Abstract + +This ADR defines a modification to the governance module that would allow a staker to split their votes into several voting options. For example, it could use 70% of its voting power to vote Yes and 30% of its voting power to vote No. + +## Context + +Currently, an address can cast a vote with only one option (Yes/No/Abstain/NoWithVeto) and use their full voting power behind that choice. + +However, oftentimes the entity owning that address might not be a single individual. For example, a company might have different stakeholders who want to vote differently, and so it makes sense to allow them to split their voting power. Another example use case is exchanges. Many centralized exchanges often stake a portion of their users' tokens in their custody. Currently, it is not possible for them to do "passthrough voting" and giving their users voting rights over their tokens. However, with this system, exchanges can poll their users for voting preferences, and then vote on-chain proportionally to the results of the poll. + +## Decision + +We modify the vote structs to be + +```go +type WeightedVoteOption struct { + Option string + Weight sdk.Dec +} + +type Vote struct { + ProposalID int64 + Voter sdk.Address + Options []WeightedVoteOption +} +``` + +And for backwards compatibility, we introduce `MsgVoteWeighted` while keeping `MsgVote`. + +```go +type MsgVote struct { + ProposalID int64 + Voter sdk.Address + Option Option +} + +type MsgVoteWeighted struct { + ProposalID int64 + Voter sdk.Address + Options []WeightedVoteOption +} +``` + +The `ValidateBasic` of a `MsgVoteWeighted` struct would require that + +1. The sum of all the rates is equal to 1.0 +2. No Option is repeated + +The governance tally function will iterate over all the options in a vote and add to the tally the result of the voter's voting power * the rate for that option. + +```go +tally() { + results := map[types.VoteOption]sdk.Dec + + for _, vote := range votes { + for i, weightedOption := range vote.Options { + results[weightedOption.Option] += getVotingPower(vote.voter) * weightedOption.Weight + } + } +} +``` + +The CLI command for creating a multi-option vote would be as such: + +```shell +simd tx gov vote 1 "yes=0.6,no=0.3,abstain=0.05,no_with_veto=0.05" --from mykey +``` + +To create a single-option vote a user can do either + +```shell +simd tx gov vote 1 "yes=1" --from mykey +``` + +or + +```shell +simd tx gov vote 1 yes --from mykey +``` + +to maintain backwards compatibility. + +## Consequences + +### Backwards Compatibility + +* Previous VoteMsg types will remain the same and so clients will not have to update their procedure unless they want to support the WeightedVoteMsg feature. +* When querying a Vote struct from state, its structure will be different, and so clients wanting to display all voters and their respective votes will have to handle the new format and the fact that a single voter can have split votes. +* The result of querying the tally function should have the same API for clients. + +### Positive + +* Can make the voting process more accurate for addresses representing multiple stakeholders, often some of the largest addresses. + +### Negative + +* Is more complex than simple voting, and so may be harder to explain to users. However, this is mostly mitigated because the feature is opt-in. + +### Neutral + +* Relatively minor change to governance tally function. diff --git a/copy-of-sdk-docs/build/architecture/adr-038-state-listening.md b/copy-of-sdk-docs/build/architecture/adr-038-state-listening.md new file mode 100644 index 00000000..63f2ec16 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-038-state-listening.md @@ -0,0 +1,724 @@ +# ADR 038: KVStore state listening + +## Changelog + +* 11/23/2020: Initial draft +* 10/06/2022: Introduce plugin system based on hashicorp/go-plugin +* 10/14/2022: + * Add `ListenCommit`, flatten the state writes in a block to a single batch. + * Remove listeners from cache stores, should only listen to `rootmulti.Store`. + * Remove `HaltAppOnDeliveryError()`, the errors are propagated by default, the implementations should return nil if they don't want to propagate errors. +* 26/05/2023: Update with ABCI 2.0 + +## Status + +Proposed + +## Abstract + +This ADR defines a set of changes to enable listening to state changes of individual KVStores and exposing these data to consumers. + +## Context + +Currently, KVStore data can be remotely accessed through [Queries](https://docs.cosmos.network/main/build/building-modules/messages-and-queries#queries) +which proceed either through Tendermint and the ABCI, or through the gRPC server. +In addition to these request/response queries, it would be beneficial to have a means of listening to state changes as they occur in real time. + +## Decision + +We will modify the `CommitMultiStore` interface and its concrete (`rootmulti`) implementations and introduce a new `listenkv.Store` to allow listening to state changes in underlying KVStores. We don't need to listen to cache stores, because we can't be sure that the writes will be committed eventually, and the writes are duplicated in `rootmulti.Store` eventually, so we should only listen to `rootmulti.Store`. +We will introduce a plugin system for configuring and running streaming services that write these state changes and their surrounding ABCI message context to different destinations. + +### Listening + +In a new file, `store/types/listening.go`, we will create a `MemoryListener` struct for streaming out protobuf encoded KV pairs state changes from a KVStore. +The `MemoryListener` will be used internally by the concrete `rootmulti` implementation to collect state changes from KVStores. + +```go +// MemoryListener listens to the state writes and accumulate the records in memory. +type MemoryListener struct { + stateCache []StoreKVPair +} + +// NewMemoryListener creates a listener that accumulates the state writes in memory. +func NewMemoryListener() *MemoryListener { + return &MemoryListener{} +} + +// OnWrite writes state change events to the internal cache +func (fl *MemoryListener) OnWrite(storeKey StoreKey, key []byte, value []byte, delete bool) { + fl.stateCache = append(fl.stateCache, StoreKVPair{ + StoreKey: storeKey.Name(), + Delete: delete, + Key: key, + Value: value, + }) +} + +// PopStateCache returns the current state caches and set to nil +func (fl *MemoryListener) PopStateCache() []StoreKVPair { + res := fl.stateCache + fl.stateCache = nil + return res +} +``` + +We will also define a protobuf type for the KV pairs. In addition to the key and value fields this message +will include the StoreKey for the originating KVStore so that we can collect information from separate KVStores and determine the source of each KV pair. + +```protobuf +message StoreKVPair { + optional string store_key = 1; // the store key for the KVStore this pair originates from + required bool set = 2; // true indicates a set operation, false indicates a delete operation + required bytes key = 3; + required bytes value = 4; +} +``` + +### ListenKVStore + +We will create a new `Store` type `listenkv.Store` that the `rootmulti` store will use to wrap a `KVStore` to enable state listening. +We will configure the `Store` with a `MemoryListener` which will collect state changes for output to specific destinations. + +```go +// Store implements the KVStore interface with listening enabled. +// Operations are traced on each core KVStore call and written to any of the +// underlying listeners with the proper key and operation permissions +type Store struct { + parent types.KVStore + listener *types.MemoryListener + parentStoreKey types.StoreKey +} + +// NewStore returns a reference to a new traceKVStore given a parent +// KVStore implementation and a buffered writer. +func NewStore(parent types.KVStore, psk types.StoreKey, listener *types.MemoryListener) *Store { + return &Store{parent: parent, listener: listener, parentStoreKey: psk} +} + +// Set implements the KVStore interface. It traces a write operation and +// delegates the Set call to the parent KVStore. +func (s *Store) Set(key []byte, value []byte) { + types.AssertValidKey(key) + s.parent.Set(key, value) + s.listener.OnWrite(s.parentStoreKey, key, value, false) +} + +// Delete implements the KVStore interface. It traces a write operation and +// delegates the Delete call to the parent KVStore. +func (s *Store) Delete(key []byte) { + s.parent.Delete(key) + s.listener.OnWrite(s.parentStoreKey, key, nil, true) +} +``` + +### MultiStore interface updates + +We will update the `CommitMultiStore` interface to allow us to wrap a `MemoryListener` to a specific `KVStore`. +Note that the `MemoryListener` will be attached internally by the concrete `rootmulti` implementation. + +```go +type CommitMultiStore interface { + ... + + // AddListeners adds a listener for the KVStore belonging to the provided StoreKey + AddListeners(keys []StoreKey) + + // PopStateCache returns the accumulated state change messages from MemoryListener + PopStateCache() []StoreKVPair +} +``` + + +### MultiStore implementation updates + +We will adjust the `rootmulti` `GetKVStore` method to wrap the returned `KVStore` with a `listenkv.Store` if listening is turned on for that `Store`. + +```go +func (rs *Store) GetKVStore(key types.StoreKey) types.KVStore { + store := rs.stores[key].(types.KVStore) + + if rs.TracingEnabled() { + store = tracekv.NewStore(store, rs.traceWriter, rs.traceContext) + } + if rs.ListeningEnabled(key) { + store = listenkv.NewStore(store, key, rs.listeners[key]) + } + + return store +} +``` + +We will implement `AddListeners` to manage KVStore listeners internally and implement `PopStateCache` +for a means of retrieving the current state. + +```go +// AddListeners adds state change listener for a specific KVStore +func (rs *Store) AddListeners(keys []types.StoreKey) { + listener := types.NewMemoryListener() + for i := range keys { + rs.listeners[keys[i]] = listener + } +} +``` + +```go +func (rs *Store) PopStateCache() []types.StoreKVPair { + var cache []types.StoreKVPair + for _, ls := range rs.listeners { + cache = append(cache, ls.PopStateCache()...) + } + sort.SliceStable(cache, func(i, j int) bool { + return cache[i].StoreKey < cache[j].StoreKey + }) + return cache +} +``` + +We will also adjust the `rootmulti` `CacheMultiStore` and `CacheMultiStoreWithVersion` methods to enable listening in +the cache layer. + +```go +func (rs *Store) CacheMultiStore() types.CacheMultiStore { + stores := make(map[types.StoreKey]types.CacheWrapper) + for k, v := range rs.stores { + store := v.(types.KVStore) + // Wire the listenkv.Store to allow listeners to observe the writes from the cache store, + // set same listeners on cache store will observe duplicated writes. + if rs.ListeningEnabled(k) { + store = listenkv.NewStore(store, k, rs.listeners[k]) + } + stores[k] = store + } + return cachemulti.NewStore(rs.db, stores, rs.keysByName, rs.traceWriter, rs.getTracingContext()) +} +``` + +```go +func (rs *Store) CacheMultiStoreWithVersion(version int64) (types.CacheMultiStore, error) { + // ... + + // Wire the listenkv.Store to allow listeners to observe the writes from the cache store, + // set same listeners on cache store will observe duplicated writes. + if rs.ListeningEnabled(key) { + cacheStore = listenkv.NewStore(cacheStore, key, rs.listeners[key]) + } + + cachedStores[key] = cacheStore + } + + return cachemulti.NewStore(rs.db, cachedStores, rs.keysByName, rs.traceWriter, rs.getTracingContext()), nil +} +``` + +### Exposing the data + +#### Streaming Service + +We will introduce a new `ABCIListener` interface that plugs into the BaseApp and relays ABCI requests and responses +so that the service can group the state changes with the ABCI requests. + +```go +// baseapp/streaming.go + +// ABCIListener is the interface that we're exposing as a streaming service. +type ABCIListener interface { + // ListenFinalizeBlock updates the streaming service with the latest FinalizeBlock messages + ListenFinalizeBlock(ctx context.Context, req abci.FinalizeBlockRequest, res abci.FinalizeBlockResponse) error + // ListenCommit updates the streaming service with the latest Commit messages and state changes + ListenCommit(ctx context.Context, res abci.CommitResponse, changeSet []*StoreKVPair) error +} +``` + +#### BaseApp Registration + +We will add a new method to the `BaseApp` to enable the registration of `StreamingService`s: + + ```go + // SetStreamingService is used to set a streaming service into the BaseApp hooks and load the listeners into the multistore +func (app *BaseApp) SetStreamingService(s ABCIListener) { + // register the StreamingService within the BaseApp + // BaseApp will pass BeginBlock, DeliverTx, and EndBlock requests and responses to the streaming services to update their ABCI context + app.abciListeners = append(app.abciListeners, s) +} +``` + +We will add two new fields to the `BaseApp` struct: + +```go +type BaseApp struct { + + ... + + // abciListenersAsync for determining if abciListeners will run asynchronously. + // When abciListenersAsync=false and stopNodeOnABCIListenerErr=false listeners will run synchronized but will not stop the node. + // When abciListenersAsync=true stopNodeOnABCIListenerErr will be ignored. + abciListenersAsync bool + + // stopNodeOnABCIListenerErr halts the node when ABCI streaming service listening results in an error. + // stopNodeOnABCIListenerErr=true must be paired with abciListenersAsync=false. + stopNodeOnABCIListenerErr bool +} +``` + +#### ABCI Event Hooks + +We will modify the `FinalizeBlock` and `Commit` methods to pass ABCI requests and responses +to any streaming service hooks registered with the `BaseApp`. + +```go +func (app *BaseApp) FinalizeBlock(req abci.FinalizeBlockRequest) abci.FinalizeBlockResponse { + + var abciRes abci.FinalizeBlockResponse + defer func() { + // call the streaming service hook with the FinalizeBlock messages + for _, abciListener := range app.abciListeners { + ctx := app.finalizeState.ctx + blockHeight := ctx.BlockHeight() + if app.abciListenersAsync { + go func(req abci.FinalizeBlockRequest, res abci.FinalizeBlockResponse) { + if err := app.abciListener.FinalizeBlock(blockHeight, req, res); err != nil { + app.logger.Error("FinalizeBlock listening hook failed", "height", blockHeight, "err", err) + } + }(req, abciRes) + } else { + if err := app.abciListener.ListenFinalizeBlock(blockHeight, req, res); err != nil { + app.logger.Error("FinalizeBlock listening hook failed", "height", blockHeight, "err", err) + if app.stopNodeOnABCIListenerErr { + os.Exit(1) + } + } + } + } + }() + + ... + + return abciRes +} +``` + +```go +func (app *BaseApp) Commit() abci.CommitResponse { + + ... + + res := abci.CommitResponse{ + Data: commitID.Hash, + RetainHeight: retainHeight, + } + + // call the streaming service hook with the Commit messages + for _, abciListener := range app.abciListeners { + ctx := app.deliverState.ctx + blockHeight := ctx.BlockHeight() + changeSet := app.cms.PopStateCache() + if app.abciListenersAsync { + go func(res abci.CommitResponse, changeSet []store.StoreKVPair) { + if err := app.abciListener.ListenCommit(ctx, res, changeSet); err != nil { + app.logger.Error("ListenCommit listening hook failed", "height", blockHeight, "err", err) + } + }(res, changeSet) + } else { + if err := app.abciListener.ListenCommit(ctx, res, changeSet); err != nil { + app.logger.Error("ListenCommit listening hook failed", "height", blockHeight, "err", err) + if app.stopNodeOnABCIListenerErr { + os.Exit(1) + } + } + } + } + + ... + + return res +} +``` + +#### Go Plugin System + +We propose a plugin architecture to load and run `Streaming` plugins and other types of implementations. We will introduce a plugin +system over gRPC that is used to load and run Cosmos-SDK plugins. The plugin system uses [hashicorp/go-plugin](https://github.com/hashicorp/go-plugin). +Each plugin must have a struct that implements the `plugin.Plugin` interface and an `Impl` interface for processing messages over gRPC. +Each plugin must also have a message protocol defined for the gRPC service: + +```go +// streaming/plugins/abci/{plugin_version}/interface.go + +// Handshake is a common handshake that is shared by streaming and host. +// This prevents users from executing bad plugins or executing a plugin +// directory. It is a UX feature, not a security feature. +var Handshake = plugin.HandshakeConfig{ + ProtocolVersion: 1, + MagicCookieKey: "ABCI_LISTENER_PLUGIN", + MagicCookieValue: "ef78114d-7bdf-411c-868f-347c99a78345", +} + +// ListenerPlugin is the base struct for all kinds of go-plugin implementations +// It will be included in interfaces of different Plugins +type ABCIListenerPlugin struct { + // GRPCPlugin must still implement the Plugin interface + plugin.Plugin + // Concrete implementation, written in Go. This is only used for plugins + // that are written in Go. + Impl baseapp.ABCIListener +} + +func (p *ListenerGRPCPlugin) GRPCServer(_ *plugin.GRPCBroker, s *grpc.Server) error { + RegisterABCIListenerServiceServer(s, &GRPCServer{Impl: p.Impl}) + return nil +} + +func (p *ListenerGRPCPlugin) GRPCClient( + _ context.Context, + _ *plugin.GRPCBroker, + c *grpc.ClientConn, +) (interface{}, error) { + return &GRPCClient{client: NewABCIListenerServiceClient(c)}, nil +} +``` + +The `plugin.Plugin` interface has two methods `Client` and `Server`. For our GRPC service these are `GRPCClient` and `GRPCServer` +The `Impl` field holds the concrete implementation of our `baseapp.ABCIListener` interface written in Go. +Note: this is only used for plugin implementations written in Go. + +The advantage of having such a plugin system is that within each plugin authors can define the message protocol in a way that fits their use case. +For example, when state change listening is desired, the `ABCIListener` message protocol can be defined as below (*for illustrative purposes only*). +When state change listening is not desired than `ListenCommit` can be omitted from the protocol. + +```protobuf +syntax = "proto3"; + +... + +message Empty {} + +message ListenFinalizeBlockRequest { + RequestFinalizeBlock req = 1; + ResponseFinalizeBlock res = 2; +} +message ListenCommitRequest { + int64 block_height = 1; + ResponseCommit res = 2; + repeated StoreKVPair changeSet = 3; +} + +// plugin that listens to state changes +service ABCIListenerService { + rpc ListenFinalizeBlock(ListenFinalizeBlockRequest) returns (Empty); + rpc ListenCommit(ListenCommitRequest) returns (Empty); +} +``` + +```protobuf +... +// plugin that doesn't listen to state changes +service ABCIListenerService { + rpc ListenFinalizeBlock(ListenFinalizeBlockRequest) returns (Empty); + rpc ListenCommit(ListenCommitRequest) returns (Empty); +} +``` + +Implementing the service above: + +```go +// streaming/plugins/abci/{plugin_version}/grpc.go + +var ( + _ baseapp.ABCIListener = (*GRPCClient)(nil) +) + +// GRPCClient is an implementation of the ABCIListener and ABCIListenerPlugin interfaces that talks over RPC. +type GRPCClient struct { + client ABCIListenerServiceClient +} + +func (m *GRPCClient) ListenFinalizeBlock(goCtx context.Context, req abci.FinalizeBlockRequest, res abci.FinalizeBlockResponse) error { + ctx := sdk.UnwrapSDKContext(goCtx) + _, err := m.client.ListenDeliverTx(ctx, &ListenDeliverTxRequest{BlockHeight: ctx.BlockHeight(), Req: req, Res: res}) + return err +} + +func (m *GRPCClient) ListenCommit(goCtx context.Context, res abci.CommitResponse, changeSet []store.StoreKVPair) error { + ctx := sdk.UnwrapSDKContext(goCtx) + _, err := m.client.ListenCommit(ctx, &ListenCommitRequest{BlockHeight: ctx.BlockHeight(), Res: res, ChangeSet: changeSet}) + return err +} + +// GRPCServer is the gRPC server that GRPCClient talks to. +type GRPCServer struct { + // This is the real implementation + Impl baseapp.ABCIListener +} + +func (m *GRPCServer) ListenFinalizeBlock(ctx context.Context, req *ListenFinalizeBlockRequest) (*Empty, error) { + return &Empty{}, m.Impl.ListenFinalizeBlock(ctx, req.Req, req.Res) +} + +func (m *GRPCServer) ListenCommit(ctx context.Context, req *ListenCommitRequest) (*Empty, error) { + return &Empty{}, m.Impl.ListenCommit(ctx, req.Res, req.ChangeSet) +} + +``` + +And the pre-compiled Go plugin `Impl`(*this is only used for plugins that are written in Go*): + +```go +// streaming/plugins/abci/{plugin_version}/impl/plugin.go + +// Plugins are pre-compiled and loaded by the plugin system + +// ABCIListener is the implementation of the baseapp.ABCIListener interface +type ABCIListener struct{} + +func (m *ABCIListenerPlugin) ListenFinalizeBlock(ctx context.Context, req abci.FinalizeBlockRequest, res abci.FinalizeBlockResponse) error { + // send data to external system +} + +func (m *ABCIListenerPlugin) ListenCommit(ctx context.Context, res abci.CommitResponse, changeSet []store.StoreKVPair) error { + // send data to external system +} + +func main() { + plugin.Serve(&plugin.ServeConfig{ + HandshakeConfig: grpc_abci_v1.Handshake, + Plugins: map[string]plugin.Plugin{ + "grpc_plugin_v1": &grpc_abci_v1.ABCIListenerGRPCPlugin{Impl: &ABCIListenerPlugin{}}, + }, + + // A non-nil value here enables gRPC serving for this streaming... + GRPCServer: plugin.DefaultGRPCServer, + }) +} +``` + +We will introduce a plugin loading system that will return `(interface{}, error)`. +This provides the advantage of using versioned plugins where the plugin interface and gRPC protocol change over time. +In addition, it allows for building independent plugin that can expose different parts of the system over gRPC. + +```go +func NewStreamingPlugin(name string, logLevel string) (interface{}, error) { + logger := hclog.New(&hclog.LoggerOptions{ + Output: hclog.DefaultOutput, + Level: toHclogLevel(logLevel), + Name: fmt.Sprintf("plugin.%s", name), + }) + + // We're a host. Start by launching the streaming process. + env := os.Getenv(GetPluginEnvKey(name)) + client := plugin.NewClient(&plugin.ClientConfig{ + HandshakeConfig: HandshakeMap[name], + Plugins: PluginMap, + Cmd: exec.Command("sh", "-c", env), + Logger: logger, + AllowedProtocols: []plugin.Protocol{ + plugin.ProtocolNetRPC, plugin.ProtocolGRPC}, + }) + + // Connect via RPC + rpcClient, err := client.Client() + if err != nil { + return nil, err + } + + // Request streaming plugin + return rpcClient.Dispense(name) +} + +``` + +We propose a `RegisterStreamingPlugin` function for the App to register `NewStreamingPlugin`s with the App's BaseApp. +Streaming plugins can be of `Any` type; therefore, the function takes in an interface vs a concrete type. +For example, we could have plugins of `ABCIListener`, `WasmListener` or `IBCListener`. Note that `RegisterStreamingPlugin` function +is helper function and not a requirement. Plugin registration can easily be moved from the App to the BaseApp directly. + +```go +// baseapp/streaming.go + +// RegisterStreamingPlugin registers streaming plugins with the App. +// This method returns an error if a plugin is not supported. +func RegisterStreamingPlugin( + bApp *BaseApp, + appOpts servertypes.AppOptions, + keys map[string]*types.KVStoreKey, + streamingPlugin interface{}, +) error { + switch t := streamingPlugin.(type) { + case ABCIListener: + registerABCIListenerPlugin(bApp, appOpts, keys, t) + default: + return fmt.Errorf("unexpected plugin type %T", t) + } + return nil +} +``` + +```go +func registerABCIListenerPlugin( + bApp *BaseApp, + appOpts servertypes.AppOptions, + keys map[string]*store.KVStoreKey, + abciListener ABCIListener, +) { + asyncKey := fmt.Sprintf("%s.%s.%s", StreamingTomlKey, StreamingABCITomlKey, StreamingABCIAsync) + async := cast.ToBool(appOpts.Get(asyncKey)) + stopNodeOnErrKey := fmt.Sprintf("%s.%s.%s", StreamingTomlKey, StreamingABCITomlKey, StreamingABCIStopNodeOnErrTomlKey) + stopNodeOnErr := cast.ToBool(appOpts.Get(stopNodeOnErrKey)) + keysKey := fmt.Sprintf("%s.%s.%s", StreamingTomlKey, StreamingABCITomlKey, StreamingABCIKeysTomlKey) + exposeKeysStr := cast.ToStringSlice(appOpts.Get(keysKey)) + exposedKeys := exposeStoreKeysSorted(exposeKeysStr, keys) + bApp.cms.AddListeners(exposedKeys) + app.SetStreamingManager( + storetypes.StreamingManager{ + ABCIListeners: []storetypes.ABCIListener{abciListener}, + StopNodeOnErr: stopNodeOnErr, + }, + ) +} +``` + +```go +func exposeAll(list []string) bool { + for _, ele := range list { + if ele == "*" { + return true + } + } + return false +} + +func exposeStoreKeys(keysStr []string, keys map[string]*types.KVStoreKey) []types.StoreKey { + var exposeStoreKeys []types.StoreKey + if exposeAll(keysStr) { + exposeStoreKeys = make([]types.StoreKey, 0, len(keys)) + for _, storeKey := range keys { + exposeStoreKeys = append(exposeStoreKeys, storeKey) + } + } else { + exposeStoreKeys = make([]types.StoreKey, 0, len(keysStr)) + for _, keyStr := range keysStr { + if storeKey, ok := keys[keyStr]; ok { + exposeStoreKeys = append(exposeStoreKeys, storeKey) + } + } + } + // sort storeKeys for deterministic output + sort.SliceStable(exposeStoreKeys, func(i, j int) bool { + return exposeStoreKeys[i].Name() < exposeStoreKeys[j].Name() + }) + + return exposeStoreKeys +} +``` + +The `NewStreamingPlugin` and `RegisterStreamingPlugin` functions are used to register a plugin with the App's BaseApp. + +e.g. in `NewSimApp`: + +```go +func NewSimApp( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), +) *SimApp { + + ... + + keys := sdk.NewKVStoreKeys( + authtypes.StoreKey, banktypes.StoreKey, stakingtypes.StoreKey, + minttypes.StoreKey, distrtypes.StoreKey, slashingtypes.StoreKey, + govtypes.StoreKey, paramstypes.StoreKey, ibchost.StoreKey, upgradetypes.StoreKey, + evidencetypes.StoreKey, ibctransfertypes.StoreKey, capabilitytypes.StoreKey, + ) + + ... + + // register streaming services + streamingCfg := cast.ToStringMap(appOpts.Get(baseapp.StreamingTomlKey)) + for service := range streamingCfg { + pluginKey := fmt.Sprintf("%s.%s.%s", baseapp.StreamingTomlKey, service, baseapp.StreamingPluginTomlKey) + pluginName := strings.TrimSpace(cast.ToString(appOpts.Get(pluginKey))) + if len(pluginName) > 0 { + logLevel := cast.ToString(appOpts.Get(flags.FlagLogLevel)) + plugin, err := streaming.NewStreamingPlugin(pluginName, logLevel) + if err != nil { + tmos.Exit(err.Error()) + } + if err := baseapp.RegisterStreamingPlugin(bApp, appOpts, keys, plugin); err != nil { + tmos.Exit(err.Error()) + } + } + } + + return app +``` + +#### Configuration + +The plugin system will be configured within an App's TOML configuration files. + +```toml +# gRPC streaming +[streaming] + +# ABCI streaming service +[streaming.abci] + +# The plugin version to use for ABCI listening +plugin = "abci_v1" + +# List of kv store keys to listen to for state changes. +# Set to ["*"] to expose all keys. +keys = ["*"] + +# Enable abciListeners to run asynchronously. +# When abciListenersAsync=false and stopNodeOnABCIListenerErr=false listeners will run synchronized but will not stop the node. +# When abciListenersAsync=true stopNodeOnABCIListenerErr will be ignored. +async = false + +# Whether to stop the node on message deliver error. +stop-node-on-err = true +``` + +There will be four parameters for configuring `ABCIListener` plugin: `streaming.abci.plugin`, `streaming.abci.keys`, `streaming.abci.async` and `streaming.abci.stop-node-on-err`. +`streaming.abci.plugin` is the name of the plugin we want to use for streaming, `streaming.abci.keys` is a set of store keys for stores it listens to, +`streaming.abci.async` is bool enabling asynchronous listening and `streaming.abci.stop-node-on-err` is a bool that stops the node when true and when operating +on synchronized mode `streaming.abci.async=false`. Note that `streaming.abci.stop-node-on-err=true` will be ignored if `streaming.abci.async=true`. + +The configuration above support additional streaming plugins by adding the plugin to the `[streaming]` configuration section +and registering the plugin with `RegisterStreamingPlugin` helper function. + +Note the that each plugin must include `streaming.{service}.plugin` property as it is a requirement for doing the lookup and registration of the plugin +with the App. All other properties are unique to the individual services. + +#### Encoding and decoding streams + +ADR-038 introduces the interfaces and types for streaming state changes out from KVStores, associating this +data with their related ABCI requests and responses, and registering a service for consuming this data and streaming it to some destination in a final format. +Instead of prescribing a final data format in this ADR, it is left to a specific plugin implementation to define and document this format. +We take this approach because flexibility in the final format is necessary to support a wide range of streaming service plugins. For example, +the data format for a streaming service that writes the data out to a set of files will differ from the data format that is written to a Kafka topic. + +## Consequences + +These changes will provide a means of subscribing to KVStore state changes in real time. + +### Backwards Compatibility + +* This ADR changes the `CommitMultiStore` interface, implementations supporting the previous version of this interface will not support the new one + +### Positive + +* Ability to listen to KVStore state changes in real time and expose these events to external consumers + +### Negative + +* Changes `CommitMultiStore` interface and its implementations + +### Neutral + +* Introduces additional—but optional—complexity to configuring and running a cosmos application +* If an application developer opts to use these features to expose data, they need to be aware of the ramifications/risks of that data exposure as it pertains to the specifics of their application diff --git a/copy-of-sdk-docs/build/architecture/adr-039-epoched-staking.md b/copy-of-sdk-docs/build/architecture/adr-039-epoched-staking.md new file mode 100644 index 00000000..bc74b6ab --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-039-epoched-staking.md @@ -0,0 +1,122 @@ +# ADR 039: Epoched Staking + +## Changelog + +* 10-Feb-2021: Initial Draft + +## Authors + +* Dev Ojha (@valardragon) +* Sunny Aggarwal (@sunnya97) + +## Status + +Proposed + +## Abstract + +This ADR updates the proof of stake module to buffer the staking weight updates for a number of blocks before updating the consensus' staking weights. The length of the buffer is dubbed an epoch. The prior functionality of the staking module is then a special case of the abstracted module, with the epoch being set to 1 block. + +## Context + +The current proof of stake module takes the design decision to apply staking weight changes to the consensus engine immediately. This means that delegations and unbonds get applied immediately to the validator set. This decision was primarily done as it was the simplest from an implementation perspective, and because we at the time believed that this would lead to better UX for clients. + +An alternative design choice is to allow buffering staking updates (delegations, unbonds, validators joining) for a number of blocks. This epoched proof of stake consensus provides the guarantee that the consensus weights for validators will not change mid-epoch, except in the event of a slash condition. + +Additionally, the UX hurdle may not be as significant as was previously thought. This is because it is possible to provide users immediate acknowledgement that their bond was recorded and will be executed. + +Furthermore, it has become clearer over time that immediate execution of staking events comes with limitations, such as: + +* Threshold based cryptography. One of the main limitations is that because the validator set can change so regularly, it makes the running of multiparty computation by a fixed validator set difficult. Many threshold-based cryptographic features for blockchains such as randomness beacons and threshold decryption require a computationally-expensive DKG process (will take much longer than 1 block to create). To productively use these, we need to guarantee that the result of the DKG will be used for a reasonably long time. It wouldn't be feasible to rerun the DKG every block. By epoching staking, it guarantees we'll only need to run a new DKG once every epoch. + +* Light client efficiency. This would lessen the overhead for IBC when there is high churn in the validator set. In the Tendermint light client bisection algorithm, the number of headers you need to verify is related to bounding the difference in validator sets between a trusted header and the latest header. If the difference is too great, you verify more headers in between the two. By limiting the frequency of validator set changes, we can reduce the worst case size of IBC lite client proofs, which occurs when a validator set has high churn. + +* Fairness of deterministic leader election. Currently we have no ways of reasoning about fairness of deterministic leader election in the presence of staking changes without epochs (tendermint/spec#217). Breaking fairness of leader election is profitable for validators, as they earn additional rewards from being the proposer. Adding epochs at least makes it easier for our deterministic leader election to match something we can prove secure. (Albeit, we still haven’t proven if our current algorithm is fair with > 2 validators in the presence of stake changes) + +* Staking derivative design. Currently, reward distribution is done lazily using the F1 fee distribution. While saving computational complexity, lazy accounting requires a more stateful staking implementation. Right now, each delegation entry has to track the time of last withdrawal. Handling this can be a challenge for some staking derivatives designs that seek to provide fungibility for all tokens staked to a single validator. Force-withdrawing rewards to users can help solve this, however it is infeasible to force-withdraw rewards to users on a per block basis. With epochs, a chain could more easily alter the design to have rewards be forcefully withdrawn (iterating over delegator accounts only once per-epoch), and can thus remove delegation timing from state. This may be useful for certain staking derivative designs. + +## Design considerations + +### Slashing + +There is a design consideration for whether to apply a slash immediately or at the end of an epoch. A slash event should apply to only members who are actually staked during the time of the infraction, namely during the epoch the slash event occurred. + +Applying it immediately can be viewed as offering greater consensus layer security, at potential costs to the aforementioned use cases. The benefits of immediate slashing for consensus layer security can be all be obtained by executing the validator jailing immediately (thus removing it from the validator set), and delaying the actual slash change to the validator's weight until the epoch boundary. For the use cases mentioned above, workarounds can be integrated to avoid problems, as follows: + +* For threshold based cryptography, this setting will have the threshold cryptography use the original epoch weights, while consensus has an update that lets it more rapidly benefit from additional security. If the threshold based cryptography blocks liveness of the chain, then we have effectively raised the liveness threshold of the remaining validators for the rest of the epoch. (Alternatively, jailed nodes could still contribute shares) This plan will fail in the extreme case that more than 1/3rd of the validators have been jailed within a single epoch. For such an extreme scenario, the chain already have its own custom incident response plan, and defining how to handle the threshold cryptography should be a part of that. +* For light client efficiency, there can be a bit included in the header indicating an intra-epoch slash (ala https://github.com/tendermint/spec/issues/199). +* For fairness of deterministic leader election, applying a slash or jailing within an epoch would break the guarantee we were seeking to provide. This then re-introduces a new (but significantly simpler) problem for trying to provide fairness guarantees. Namely, that validators can adversarially elect to remove themselves from the set of proposers. From a security perspective, this could potentially be handled by two different mechanisms (or prove to still be too difficult to achieve). One is making a security statement acknowledging the ability for an adversary to force an ahead-of-time fixed threshold of users to drop out of the proposer set within an epoch. The second method would be to parameterize such that the cost of a slash within the epoch far outweighs benefits due to being a proposer. However, this latter criterion is quite dubious, since being a proposer can have many advantageous side-effects in chains with complex state machines. (Namely, DeFi games such as Fomo3D) +* For staking derivative design, there is no issue introduced. This does not increase the state size of staking records, since whether a slash has occurred is fully queryable given the validator address. + +### Token lockup + +When someone makes a transaction to delegate, even though they are not immediately staked, their tokens should be moved into a pool managed by the staking module which will then be used at the end of an epoch. This prevents concerns where they stake, and then spend those tokens not realizing they were already allocated for staking, and thus having their staking tx fail. + +### Pipelining the epochs + +For threshold based cryptography in particular, we need a pipeline for epoch changes. This is because when we are in epoch N, we want the epoch N+1 weights to be fixed so that the validator set can do the DKG accordingly. So if we are currently in epoch N, the stake weights for epoch N+1 should already be fixed, and new stake changes should be getting applied to epoch N + 2. + +This can be handled by making a parameter for the epoch pipeline length. This parameter should not be alterable except during hard forks, to mitigate implementation complexity of switching the pipeline length. + +With pipeline length 1, if I redelegate during epoch N, then my redelegation is applied prior to the beginning of epoch N+1. +With pipeline length 2, if I redelegate during epoch N, then my redelegation is applied prior to the beginning of epoch N+2. + +### Rewards + +Even though all staking updates are applied at epoch boundaries, rewards can still be distributed immediately when they are claimed. This is because they do not affect the current stake weights, as we do not implement auto-bonding of rewards. If such a feature were to be implemented, it would have to be setup so that rewards are auto-bonded at the epoch boundary. + +### Parameterizing the epoch length + +When choosing the epoch length, there is a trade-off between queued state/computation buildup, and countering the previously discussed limitations of immediate execution if they apply to a given chain. + +Until an ABCI mechanism for variable block times is introduced, it is ill-advised to be using high epoch lengths due to the computation buildup. This is because when a block's execution time is greater than the expected block time from Tendermint, rounds may increment. + +## Decision + +**Step-1**: Implement buffering of all staking and slashing messages. + +First we create a pool for storing tokens that are being bonded, but should be applied at the epoch boundary called the `EpochDelegationPool`. Then, we have two separate queues, one for staking, one for slashing. We describe what happens on each message being delivered below: + +### Staking messages + +* **MsgCreateValidator**: Move user's self-bond to `EpochDelegationPool` immediately. Queue a message for the epoch boundary to handle the self-bond, taking the funds from the `EpochDelegationPool`. If Epoch execution fails, return back funds from `EpochDelegationPool` to user's account. +* **MsgEditValidator**: Validate message and if valid queue the message for execution at the end of the Epoch. +* **MsgDelegate**: Move user's funds to `EpochDelegationPool` immediately. Queue a message for the epoch boundary to handle the delegation, taking the funds from the `EpochDelegationPool`. If Epoch execution fails, return back funds from `EpochDelegationPool` to user's account. +* **MsgBeginRedelegate**: Validate message and if valid queue the message for execution at the end of the Epoch. +* **MsgUndelegate**: Validate message and if valid queue the message for execution at the end of the Epoch. + +### Slashing messages + +* **MsgUnjail**: Validate message and if valid queue the message for execution at the end of the Epoch. +* **Slash Event**: Whenever a slash event is created, it gets queued in the slashing module to apply at the end of the epoch. The queues should be set up such that this slash applies immediately. + +### Evidence Messages + +* **MsgSubmitEvidence**: This gets executed immediately, and the validator gets jailed immediately. However in slashing, the actual slash event gets queued. + +Then we add methods to the end blockers, to ensure that at the epoch boundary the queues are cleared and delegation updates are applied. + +**Step-2**: Implement querying of queued staking txs. + +When querying the staking activity of a given address, the status should return not only the amount of tokens staked, but also if there are any queued stake events for that address. This will require more work to be done in the querying logic, to trace the queued upcoming staking events. + +As an initial implementation, this can be implemented as a linear search over all queued staking events. However, for chains that need long epochs, they should eventually build additional support for nodes that support querying to be able to produce results in constant time. (This is doable by maintaining an auxiliary hashmap for indexing upcoming staking events by address) + +**Step-3**: Adjust gas + +Currently gas represents the cost of executing a transaction when its done immediately. (Merging together costs of p2p overhead, state access overhead, and computational overhead) However, now a transaction can cause computation in a future block, namely at the epoch boundary. + +To handle this, we should initially include parameters for estimating the amount of future computation (denominated in gas), and add that as a flat charge needed for the message. +We leave it out of scope for how to weight future computation versus current computation in gas pricing, and have it set such that they are weighted equally for now. + +## Consequences + +### Positive + +* Abstracts the proof of stake module that allows retaining the existing functionality +* Enables new features such as validator-set based threshold cryptography + +### Negative + +* Increases complexity of integrating more complex gas pricing mechanisms, as they now have to consider future execution costs as well. +* When epoch > 1, validators can no longer leave the network immediately, and must wait until an epoch boundary. diff --git a/copy-of-sdk-docs/build/architecture/adr-040-storage-and-smt-state-commitments.md b/copy-of-sdk-docs/build/architecture/adr-040-storage-and-smt-state-commitments.md new file mode 100644 index 00000000..6259e588 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-040-storage-and-smt-state-commitments.md @@ -0,0 +1,289 @@ +# ADR 040: Storage and SMT State Commitments + +## Changelog + +* 2020-01-15: Draft + +## Status + +DRAFT Not Implemented + +## Abstract + +Sparse Merkle Tree ([SMT](https://osf.io/8mcnh/)) is a version of a Merkle Tree with various storage and performance optimizations. This ADR defines a separation of state commitments from data storage and the Cosmos SDK transition from IAVL to SMT. + +## Context + +Currently, Cosmos SDK uses IAVL for both state [commitments](https://cryptography.fandom.com/wiki/Commitment_scheme) and data storage. + +IAVL has effectively become an orphaned project within the Cosmos ecosystem and it's proven to be an inefficient state commitment data structure. +In the current design, IAVL is used for both data storage and as a Merkle Tree for state commitments. IAVL is meant to be a standalone Merkleized key/value database, however it's using a KV DB engine to store all tree nodes. So, each node is stored in a separate record in the KV DB. This causes many inefficiencies and problems: + +* Each object query requires a tree traversal from the root. Subsequent queries for the same object are cached on the Cosmos SDK level. +* Each edge traversal requires a DB query. +* Creating snapshots is [expensive](https://github.com/cosmos/cosmos-sdk/issues/7215#issuecomment-684804950). It takes about 30 seconds to export less than 100 MB of state (as of March 2020). +* Updates in IAVL may trigger tree reorganization and possible O(log(n)) hashes re-computation, which can become a CPU bottleneck. +* The node structure is pretty expensive - it contains a standard tree node elements (key, value, left and right element) and additional metadata such as height, version (which is not required by the Cosmos SDK). The entire node is hashed, and that hash is used as the key in the underlying database, [ref](https://github.com/cosmos/iavl/blob/master/docs/node/node.md +). + +Moreover, the IAVL project lacks support and a maintainer and we already see better and well-established alternatives. Instead of optimizing the IAVL, we are looking into other solutions for both storage and state commitments. + +## Decision + +We propose to separate the concerns of state commitment (**SC**), needed for consensus, and state storage (**SS**), needed for state machine. Finally we replace IAVL with [Celestia's SMT](https://github.com/lazyledger/smt). Celestia SMT is based on Diem (called jellyfish) design [*] - it uses a compute-optimized SMT by replacing subtrees with only default values with a single node (same approach is used by Ethereum2) and implements compact proofs. + +The storage model presented here doesn't deal with data structure nor serialization. It's a Key-Value database, where both key and value are binaries. The storage user is responsible for data serialization. + +### Decouple state commitment from storage + +Separation of storage and commitment (by the SMT) will allow the optimization of different components according to their usage and access patterns. + +`SC` (SMT) is used to commit to a data and compute Merkle proofs. `SS` is used to directly access data. To avoid collisions, both `SS` and `SC` will use a separate storage namespace (they could use the same database underneath). `SS` will store each record directly (mapping `(key, value)` as `key → value`). + +SMT is a merkle tree structure: we don't store keys directly. For every `(key, value)` pair, `hash(key)` is used as leaf path (we hash a key to uniformly distribute leaves in the tree) and `hash(value)` as the leaf contents. The tree structure is specified in more depth [below](#smt-for-state-commitment). + +For data access we propose 2 additional KV buckets (implemented as namespaces for the key-value pairs, sometimes called [column family](https://github.com/facebook/rocksdb/wiki/Terminology)): + +1. B1: `key → value`: the principal object storage, used by a state machine, behind the Cosmos SDK `KVStore` interface: provides direct access by key and allows prefix iteration (KV DB backend must support it). +2. B2: `hash(key) → key`: a reverse index to get a key from an SMT path. Internally the SMT will store `(key, value)` as `prefix || hash(key) || hash(value)`. So, we can get an object value by composing `hash(key) → B2 → B1`. +3. We could use more buckets to optimize the app usage if needed. + +We propose to use a KV database for both `SS` and `SC`. The store interface will allow to use the same physical DB backend for both `SS` and `SC` as well two separate DBs. The latter option allows for the separation of `SS` and `SC` into different hardware units, providing support for more complex setup scenarios and improving overall performance: one can use different backends (eg RocksDB and Badger) as well as independently tuning the underlying DB configuration. + +### Requirements + +State Storage requirements: + +* range queries +* quick (key, value) access +* creating a snapshot +* historical versioning +* pruning (garbage collection) + +State Commitment requirements: + +* fast updates +* tree path should be short +* query historical commitment proofs using ICS-23 standard +* pruning (garbage collection) + +### SMT for State Commitment + +A Sparse Merkle tree is based on the idea of a complete Merkle tree of an intractable size. The assumption here is that as the size of the tree is intractable, there would only be a few leaf nodes with valid data blocks relative to the tree size, rendering a sparse tree. + +The full specification can be found at [Celestia](https://github.com/celestiaorg/celestia-specs/blob/ec98170398dfc6394423ee79b00b71038879e211/src/specs/data_structures.md#sparse-merkle-tree). In summary: + +* The SMT consists of a binary Merkle tree, constructed in the same fashion as described in [Certificate Transparency (RFC-6962)](https://tools.ietf.org/html/rfc6962), but using as the hashing function SHA-2-256 as defined in [FIPS 180-4](https://doi.org/10.6028/NIST.FIPS.180-4). +* Leaves and internal nodes are hashed differently: the one-byte `0x00` is prepended for leaf nodes while `0x01` is prepended for internal nodes. +* Default values are given to leaf nodes with empty leaves. +* While the above rule is sufficient to pre-compute the values of intermediate nodes that are roots of empty subtrees, a further simplification is to extend this default value to all nodes that are roots of empty subtrees. The 32-byte zero is used as the default value. This rule takes precedence over the above one. +* An internal node that is the root of a subtree that contains exactly one non-empty leaf is replaced by that leaf's leaf node. + +### Snapshots for storage sync and state versioning + +Below, with simple _snapshot_ we refer to a database snapshot mechanism, not to a _ABCI snapshot sync_. The latter will be referred as _snapshot sync_ (which will directly use DB snapshot as described below). + +Database snapshot is a view of DB state at a certain time or transaction. It's not a full copy of a database (it would be too big). Usually a snapshot mechanism is based on a _copy on write_ and it allows DB state to be efficiently delivered at a certain stage. +Some DB engines support snapshotting. Hence, we propose to reuse that functionality for the state sync and versioning (described below). We limit the supported DB engines to ones which efficiently implement snapshots. In a final section we discuss the evaluated DBs. + +One of the Stargate core features is a _snapshot sync_ delivered in the `/snapshot` package. It provides a way to trustlessly sync a blockchain without repeating all transactions from the genesis. This feature is implemented in Cosmos SDK and requires storage support. Currently IAVL is the only supported backend. It works by streaming to a client a snapshot of a `SS` at a certain version together with a header chain. + +A new database snapshot will be created in every `EndBlocker` and identified by a block height. The `root` store keeps track of the available snapshots to offer `SS` at a certain version. The `root` store implements the `RootStore` interface described below. In essence, `RootStore` encapsulates a `Committer` interface. `Committer` has a `Commit`, `SetPruning`, `GetPruning` functions which will be used for creating and removing snapshots. The `rootStore.Commit` function creates a new snapshot and increments the version on each call, and checks if it needs to remove old versions. We will need to update the SMT interface to implement the `Committer` interface. +NOTE: `Commit` must be called exactly once per block. Otherwise we risk going out of sync for the version number and block height. +NOTE: For the Cosmos SDK storage, we may consider splitting that interface into `Committer` and `PruningCommitter` - only the multiroot should implement `PruningCommitter` (cache and prefix store don't need pruning). + +Number of historical versions for `abci.QueryRequest` and state sync snapshots is part of a node configuration, not a chain configuration (configuration implied by the blockchain consensus). A configuration should allow to specify number of past blocks and number of past blocks modulo some number (eg: 100 past blocks and one snapshot every 100 blocks for past 2000 blocks). Archival nodes can keep all past versions. + +Pruning old snapshots is effectively done by a database. Whenever we update a record in `SC`, SMT won't update nodes - instead it creates new nodes on the update path, without removing the old one. Since we are snapshotting each block, we need to change that mechanism to immediately remove orphaned nodes from the database. This is a safe operation - snapshots will keep track of the records and make it available when accessing past versions. + +To manage the active snapshots we will either use a DB _max number of snapshots_ option (if available), or we will remove DB snapshots in the `EndBlocker`. The latter option can be done efficiently by identifying snapshots with block height and calling a store function to remove past versions. + +#### Accessing old state versions + +One of the functional requirements is to access old state. This is done through `abci.QueryRequest` structure. The version is specified by a block height (so we query for an object by a key `K` at block height `H`). The number of old versions supported for `abci.QueryRequest` is configurable. Accessing an old state is done by using available snapshots. +`abci.QueryRequest` doesn't need old state of `SC` unless the `prove=true` parameter is set. The SMT merkle proof must be included in the `abci.QueryResponse` only if both `SC` and `SS` have a snapshot for requested version. + +Moreover, Cosmos SDK could provide a way to directly access a historical state. However, a state machine shouldn't do that - since the number of snapshots is configurable, it would lead to nondeterministic execution. + +We positively [validated](https://github.com/cosmos/cosmos-sdk/discussions/8297) a versioning and snapshot mechanism for querying old state with regards to the database we evaluated. + +### State Proofs + +For any object stored in State Store (SS), we have corresponding object in `SC`. A proof for object `V` identified by a key `K` is a branch of `SC`, where the path corresponds to the key `hash(K)`, and the leaf is `hash(K, V)`. + +### Rollbacks + +We need to be able to process transactions and roll-back state updates if a transaction fails. This can be done in the following way: during transaction processing, we keep all state change requests (writes) in a `CacheWrapper` abstraction (as it's done today). Once we finish the block processing, in the `Endblocker`, we commit a root store - at that time, all changes are written to the SMT and to the `SS` and a snapshot is created. + +### Committing to an object without saving it + +We identified use-cases, where modules will need to save an object commitment without storing an object itself. Sometimes clients are receiving complex objects, and they have no way to prove a correctness of that object without knowing the storage layout. For those use cases it would be easier to commit to the object without storing it directly. + +### Refactor MultiStore + +The Stargate `/store` implementation (store/v1) adds an additional layer in the SDK store construction - the `MultiStore` structure. The multistore exists to support the modularity of the Cosmos SDK - each module is using its own instance of IAVL, but in the current implementation, all instances share the same database. The latter indicates, however, that the implementation doesn't provide true modularity. Instead it causes problems related to race condition and atomic DB commits (see: [\#6370](https://github.com/cosmos/cosmos-sdk/issues/6370) and [discussion](https://github.com/cosmos/cosmos-sdk/discussions/8297#discussioncomment-757043)). + +We propose to reduce the multistore concept from the SDK, and to use a single instance of `SC` and `SS` in a `RootStore` object. To avoid confusion, we should rename the `MultiStore` interface to `RootStore`. The `RootStore` will have the following interface; the methods for configuring tracing and listeners are omitted for brevity. + +```go +// Used where read-only access to versions is needed. +type BasicRootStore interface { + Store + GetKVStore(StoreKey) KVStore + CacheRootStore() CacheRootStore +} + +// Used as the main app state, replacing CommitMultiStore. +type CommitRootStore interface { + BasicRootStore + Committer + Snapshotter + + GetVersion(uint64) (BasicRootStore, error) + SetInitialVersion(uint64) error + + ... // Trace and Listen methods +} + +// Replaces CacheMultiStore for branched state. +type CacheRootStore interface { + BasicRootStore + Write() + + ... // Trace and Listen methods +} + +// Example of constructor parameters for the concrete type. +type RootStoreConfig struct { + Upgrades *StoreUpgrades + InitialVersion uint64 + + ReservePrefix(StoreKey, StoreType) +} +``` + + + + +In contrast to `MultiStore`, `RootStore` doesn't allow to dynamically mount sub-stores or provide an arbitrary backing DB for individual sub-stores. + +NOTE: modules will be able to use a special commitment and their own DBs. For example: a module which will use ZK proofs for state can store and commit this proof in the `RootStore` (usually as a single record) and manage the specialized store privately or using the `SC` low level interface. + +#### Compatibility support + +To ease the transition to this new interface for users, we can create a shim which wraps a `CommitMultiStore` but provides a `CommitRootStore` interface, and expose functions to safely create and access the underlying `CommitMultiStore`. + +The new `RootStore` and supporting types can be implemented in a `store/v2alpha1` package to avoid breaking existing code. + +#### Merkle Proofs and IBC + +Currently, an IBC (v1.0) Merkle proof path consists of two elements (`["", ""]`), with each key corresponding to a separate proof. These are each verified according to individual [ICS-23 specs](https://github.com/cosmos/ibc-go/blob/f7051429e1cf833a6f65d51e6c3df1609290a549/modules/core/23-commitment/types/merkle.go#L17), and the result hash of each step is used as the committed value of the next step, until a root commitment hash is obtained. +The root hash of the proof for `""` is hashed with the `""` to validate against the App Hash. + +This is not compatible with the `RootStore`, which stores all records in a single Merkle tree structure, and won't produce separate proofs for the store- and record-key. Ideally, the store-key component of the proof could just be omitted, and updated to use a "no-op" spec, so only the record-key is used. However, because the IBC verification code hardcodes the `"ibc"` prefix and applies it to the SDK proof as a separate element of the proof path, this isn't possible without a breaking change. Breaking this behavior would severely impact the Cosmos ecosystem which already widely adopts the IBC module. Requesting an update of the IBC module across the chains is a time consuming effort and not easily feasible. + +As a workaround, the `RootStore` will have to use two separate SMTs (they could use the same underlying DB): one for IBC state and one for everything else. A simple Merkle map that reference these SMTs will act as a Merkle Tree to create a final App hash. The Merkle map is not stored in a DBs - it's constructed in the runtime. The IBC substore key must be `"ibc"`. + +The workaround can still guarantee atomic syncs: the [proposed DB backends](#evaluated-kv-databases) support atomic transactions and efficient rollbacks, which will be used in the commit phase. + +The presented workaround can be used until the IBC module is fully upgraded to supports single-element commitment proofs. + +### Optimization: compress module key prefixes + +We consider a compression of prefix keys by creating a mapping from module key to an integer, and serializing the integer using varint coding. Varint coding assures that different values don't have common byte prefix. For Merkle Proofs we can't use prefix compression - so it should only apply for the `SS` keys. Moreover, the prefix compression should be only applied for the module namespace. More precisely: + +* each module has it's own namespace; +* when accessing a module namespace we create a KVStore with embedded prefix; +* that prefix will be compressed only when accessing and managing `SS`. + +We need to assure that the codes won't change. We can fix the mapping in a static variable (provided by an app) or SS state under a special key. + +TODO: need to make decision about the key compression. + +## Optimization: SS key compression + +Some objects may be saved with key, which contains a Protobuf message type. Such keys are long. We could save a lot of space if we can map Protobuf message types in varints. + +TODO: finalize this or move to another ADR. + +## Migration + +Using the new store will require a migration. 2 Migrations are proposed: + +1. Genesis export -- it will reset the blockchain history. +2. In place migration: we can reuse `UpgradeKeeper.SetUpgradeHandler` to provide the migration logic: + +```go +app.UpgradeKeeper.SetUpgradeHandler("adr-40", func(ctx sdk.Context, plan upgradetypes.Plan, vm module.VersionMap) (module.VersionMap, error) { + + storev2.Migrate(iavlstore, v2.store) + + // RunMigrations returns the VersionMap + // with the updated module ConsensusVersions + return app.mm.RunMigrations(ctx, vm) +}) +``` + +The `Migrate` function will read all entries from a store/v1 DB and save them to the AD-40 combined KV store. +Cache layer should not be used and the operation must finish with a single Commit call. + +Inserting records to the `SC` (SMT) component is the bottleneck. Unfortunately SMT doesn't support batch transactions. +Adding batch transactions to `SC` layer is considered as a feature after the main release. + +## Consequences + +### Backwards Compatibility + +This ADR doesn't introduce any Cosmos SDK level API changes. + +We change the storage layout of the state machine, a storage hard fork and network upgrade is required to incorporate these changes. SMT provides a merkle proof functionality, however it is not compatible with ICS23. Updating the proofs for ICS23 compatibility is required. + +### Positive + +* Decoupling state from state commitment introduce better engineering opportunities for further optimizations and better storage patterns. +* Performance improvements. +* Joining SMT based camp which has wider and proven adoption than IAVL. Example projects which decided on SMT: Ethereum2, Diem (Libra), Trillan, Tezos, Celestia. +* Multistore removal fixes a longstanding issue with the current MultiStore design. +* Simplifies merkle proofs - all modules, except IBC, have only one pass for merkle proof. + +### Negative + +* Storage migration +* LL SMT doesn't support pruning - we will need to add and test that functionality. +* `SS` keys will have an overhead of a key prefix. This doesn't impact `SC` because all keys in `SC` have same size (they are hashed). + +### Neutral + +* Deprecating IAVL, which is one of the core proposals of Cosmos Whitepaper. + +## Alternative designs + +Most of the alternative designs were evaluated in [state commitments and storage report](https://paper.dropbox.com/published/State-commitments-and-storage-review--BDvA1MLwRtOx55KRihJ5xxLbBw-KeEB7eOd11pNrZvVtqUgL3h). + +Ethereum research published [Verkle Trie](https://dankradfeist.de/ethereum/2021/06/18/verkle-trie-for-eth1.html) - an idea of combining polynomial commitments with merkle tree in order to reduce the tree height. This concept has a very good potential, but we think it's too early to implement it. The current, SMT based design could be easily updated to the Verkle Trie once other research implement all necessary libraries. The main advantage of the design described in this ADR is the separation of state commitments from the data storage and designing a more powerful interface. + +## Further Discussions + +### Evaluated KV Databases + +We verified existing databases KV databases for evaluating snapshot support. The following databases provide efficient snapshot mechanism: Badger, RocksDB, [Pebble](https://github.com/cockroachdb/pebble). Databases which don't provide such support or are not production ready: boltdb, leveldb, goleveldb, membdb, lmdb. + +### RDBMS + +Use of RDBMS instead of simple KV store for state. Use of RDBMS will require a Cosmos SDK API breaking change (`KVStore` interface) and will allow better data extraction and indexing solutions. Instead of saving an object as a single blob of bytes, we could save it as record in a table in the state storage layer, and as a `hash(key, protobuf(object))` in the SMT as outlined above. To verify that an object registered in RDBMS is same as the one committed to SMT, one will need to load it from RDBMS, marshal using protobuf, hash and do SMT search. + +### Off Chain Store + +We were discussing use case where modules can use a support database, which is not automatically committed. Module will responsible for having a sound storage model and can optionally use the feature discussed in __Committing to an object without saving it_ section. + +## References + +* [IAVL What's Next?](https://github.com/cosmos/cosmos-sdk/issues/7100) +* [IAVL overview](https://docs.google.com/document/d/16Z_hW2rSAmoyMENO-RlAhQjAG3mSNKsQueMnKpmcBv0/edit#heading=h.yd2th7x3o1iv) of it's state v0.15 +* [State commitments and storage report](https://paper.dropbox.com/published/State-commitments-and-storage-review--BDvA1MLwRtOx55KRihJ5xxLbBw-KeEB7eOd11pNrZvVtqUgL3h) +* [Celestia (LazyLedger) SMT](https://github.com/lazyledger/smt) +* Facebook Diem (Libra) SMT [design](https://developers.diem.com/papers/jellyfish-merkle-tree/2021-01-14.pdf) +* [Trillian Revocation Transparency](https://github.com/google/trillian/blob/master/docs/papers/RevocationTransparency.pdf), [Trillian Verifiable Data Structures](https://github.com/google/trillian/blob/master/docs/papers/VerifiableDataStructures.pdf). +* Design and implementation [discussion](https://github.com/cosmos/cosmos-sdk/discussions/8297). +* [How to Upgrade IBC Chains and their Clients](https://ibc.cosmos.network/main/ibc/upgrades/quick-guide/) +* [ADR-40 Effect on IBC](https://github.com/cosmos/ibc-go/discussions/256) diff --git a/copy-of-sdk-docs/build/architecture/adr-041-in-place-store-migrations.md b/copy-of-sdk-docs/build/architecture/adr-041-in-place-store-migrations.md new file mode 100644 index 00000000..15c79589 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-041-in-place-store-migrations.md @@ -0,0 +1,167 @@ +# ADR 041: In-Place Store Migrations + +## Changelog + +* 17.02.2021: Initial Draft + +## Status + +Accepted + +## Abstract + +This ADR introduces a mechanism to perform in-place state store migrations during chain software upgrades. + +## Context + +When a chain upgrade introduces state-breaking changes inside modules, the current procedure consists of exporting the whole state into a JSON file (via the `simd export` command), running migration scripts on the JSON file (`simd genesis migrate` command), clearing the stores (`simd unsafe-reset-all` command), and starting a new chain with the migrated JSON file as new genesis (optionally with a custom initial block height). An example of such a procedure can be seen [in the Cosmos Hub 3->4 migration guide](https://github.com/cosmos/gaia/blob/v4.0.3/docs/migration/cosmoshub-3.md#upgrade-procedure). + +This procedure is cumbersome for multiple reasons: + +* The procedure takes time. It can take hours to run the `export` command, plus some additional hours to run `InitChain` on the fresh chain using the migrated JSON. +* The exported JSON file can be heavy (~100MB-1GB), making it difficult to view, edit and transfer, which in turn introduces additional work to solve these problems (such as [streaming genesis](https://github.com/cosmos/cosmos-sdk/issues/6936)). + +## Decision + +We propose a migration procedure based on modifying the KV store in-place without involving the JSON export-process-import flow described above. + +### Module `ConsensusVersion` + +We introduce a new method on the `AppModule` interface: + +```go +type AppModule interface { + // --snip-- + ConsensusVersion() uint64 +} +``` + +This methods returns an `uint64` which serves as state-breaking version of the module. It MUST be incremented on each consensus-breaking change introduced by the module. To avoid potential errors with default values, the initial version of a module MUST be set to 1. In the Cosmos SDK, version 1 corresponds to the modules in the v0.41 series. + +### Module-Specific Migration Functions + +For each consensus-breaking change introduced by the module, a migration script from ConsensusVersion `N` to version `N+1` MUST be registered in the `Configurator` using its newly-added `RegisterMigration` method. All modules receive a reference to the configurator in their `RegisterServices` method on `AppModule`, and this is where the migration functions should be registered. The migration functions should be registered in increasing order. + +```go +func (am AppModule) RegisterServices(cfg module.Configurator) { + // --snip-- + cfg.RegisterMigration(types.ModuleName, 1, func(ctx sdk.Context) error { + // Perform in-place store migrations from ConsensusVersion 1 to 2. + }) + cfg.RegisterMigration(types.ModuleName, 2, func(ctx sdk.Context) error { + // Perform in-place store migrations from ConsensusVersion 2 to 3. + }) + // etc. +} +``` + +For example, if the new ConsensusVersion of a module is `N` , then `N-1` migration functions MUST be registered in the configurator. + +In the Cosmos SDK, the migration functions are handled by each module's keeper, because the keeper holds the `sdk.StoreKey` used to perform in-place store migrations. To not overload the keeper, a `Migrator` wrapper is used by each module to handle the migration functions: + +```go +// Migrator is a struct for handling in-place store migrations. +type Migrator struct { + BaseKeeper +} +``` + +Migration functions should live inside the `migrations/` folder of each module, and be called by the Migrator's methods. We propose the format `Migrate{M}to{N}` for method names. + +```go +// Migrate1to2 migrates from version 1 to 2. +func (m Migrator) Migrate1to2(ctx sdk.Context) error { + return v2bank.MigrateStore(ctx, m.keeper.storeKey) // v043bank is package `x/bank/migrations/v2`. +} +``` + +Each module's migration functions are specific to the module's store evolutions, and are not described in this ADR. An example of x/bank store key migrations after the introduction of ADR-028 length-prefixed addresses can be seen in this [store.go code](https://github.com/cosmos/cosmos-sdk/blob/36f68eb9e041e20a5bb47e216ac5eb8b91f95471/x/bank/legacy/v043/store.go#L41-L62). + +### Tracking Module Versions in `x/upgrade` + +We introduce a new prefix store in `x/upgrade`'s store. This store will track each module's current version, it can be modelized as a `map[string]uint64` of module name to module ConsensusVersion, and will be used when running the migrations (see next section for details). The key prefix used is `0x1`, and the key/value format is: + +```text +0x2 | {bytes(module_name)} => BigEndian(module_consensus_version) +``` + +The initial state of the store is set from `app.go`'s `InitChainer` method. + +The UpgradeHandler signature needs to be updated to take a `VersionMap`, as well as return an upgraded `VersionMap` and an error: + +```diff +- type UpgradeHandler func(ctx sdk.Context, plan Plan) ++ type UpgradeHandler func(ctx sdk.Context, plan Plan, versionMap VersionMap) (VersionMap, error) +``` + +To apply an upgrade, we query the `VersionMap` from the `x/upgrade` store and pass it into the handler. The handler runs the actual migration functions (see next section), and if successful, returns an updated `VersionMap` to be stored in state. + +```diff +func (k UpgradeKeeper) ApplyUpgrade(ctx sdk.Context, plan types.Plan) { + // --snip-- +- handler(ctx, plan) ++ updatedVM, err := handler(ctx, plan, k.GetModuleVersionMap(ctx)) // k.GetModuleVersionMap() fetches the VersionMap stored in state. ++ if err != nil { ++ return err ++ } ++ ++ // Set the updated consensus versions to state ++ k.SetModuleVersionMap(ctx, updatedVM) +} +``` + +A gRPC query endpoint to query the `VersionMap` stored in `x/upgrade`'s state will also be added, so that app developers can double-check the `VersionMap` before the upgrade handler runs. + +### Running Migrations + +Once all the migration handlers are registered inside the configurator (which happens at startup), running migrations can happen by calling the `RunMigrations` method on `module.Manager`. This function will loop through all modules, and for each module: + +* Get the old ConsensusVersion of the module from its `VersionMap` argument (let's call it `M`). +* Fetch the new ConsensusVersion of the module from the `ConsensusVersion()` method on `AppModule` (call it `N`). +* If `N>M`, run all registered migrations for the module sequentially `M -> M+1 -> M+2...` until `N`. + * There is a special case where there is no ConsensusVersion for the module, as this means that the module has been newly added during the upgrade. In this case, no migration function is run, and the module's current ConsensusVersion is saved to `x/upgrade`'s store. + +If a required migration is missing (e.g. if it has not been registered in the `Configurator`), then the `RunMigrations` function will error. + +In practice, the `RunMigrations` method should be called from inside an `UpgradeHandler`. + +```go +app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, vm module.VersionMap) (module.VersionMap, error) { + return app.mm.RunMigrations(ctx, vm) +}) +``` + +Assuming a chain upgrades at block `n`, the procedure should run as follows: + +* the old binary will halt in `BeginBlock` when starting block `N`. In its store, the ConsensusVersions of the old binary's modules are stored. +* the new binary will start at block `N`. The UpgradeHandler is set in the new binary, so will run at `BeginBlock` of the new binary. Inside `x/upgrade`'s `ApplyUpgrade`, the `VersionMap` will be retrieved from the (old binary's) store, and passed into the `RunMigrations` function, migrating all module stores in-place before the modules' own `BeginBlock`s. + +## Consequences + +### Backwards Compatibility + +This ADR introduces a new method `ConsensusVersion()` on `AppModule`, which all modules need to implement. It also alters the UpgradeHandler function signature. As such, it is not backwards-compatible. + +While modules MUST register their migration functions when bumping ConsensusVersions, running those scripts using an upgrade handler is optional. An application may perfectly well decide to not call the `RunMigrations` inside its upgrade handler, and continue using the legacy JSON migration path. + +### Positive + +* Perform chain upgrades without manipulating JSON files. +* While no benchmark has been made yet, it is probable that in-place store migrations will take less time than JSON migrations. The main reason supporting this claim is that both the `simd export` command on the old binary and the `InitChain` function on the new binary will be skipped. + +### Negative + +* Module developers MUST correctly track consensus-breaking changes in their modules. If a consensus-breaking change is introduced in a module without its corresponding `ConsensusVersion()` bump, then the `RunMigrations` function won't detect the migration, and the chain upgrade might be unsuccessful. Documentation should clearly reflect this. + +### Neutral + +* The Cosmos SDK will continue to support JSON migrations via the existing `simd export` and `simd genesis migrate` commands. +* The current ADR does not allow creating, renaming or deleting stores, only modifying existing store keys and values. The Cosmos SDK already has the `StoreLoader` for those operations. + +## Further Discussions + +## References + +* Initial discussion: https://github.com/cosmos/cosmos-sdk/discussions/8429 +* Implementation of `ConsensusVersion` and `RunMigrations`: https://github.com/cosmos/cosmos-sdk/pull/8485 +* Issue discussing `x/upgrade` design: https://github.com/cosmos/cosmos-sdk/issues/8514 diff --git a/copy-of-sdk-docs/build/architecture/adr-042-group-module.md b/copy-of-sdk-docs/build/architecture/adr-042-group-module.md new file mode 100644 index 00000000..03fbe34b --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-042-group-module.md @@ -0,0 +1,279 @@ +# ADR 042: Group Module + +## Changelog + +* 2020/04/09: Initial Draft + +## Status + +Draft + +## Abstract + +This ADR defines the `x/group` module which allows the creation and management of on-chain multi-signature accounts and enables voting for message execution based on configurable decision policies. + +## Context + +The legacy amino multi-signature mechanism of the Cosmos SDK has certain limitations: + +* Key rotation is not possible, although this can be solved with [account rekeying](adr-034-account-rekeying.md). +* Thresholds can't be changed. +* UX is cumbersome for non-technical users ([#5661](https://github.com/cosmos/cosmos-sdk/issues/5661)). +* It requires `legacy_amino` sign mode ([#8141](https://github.com/cosmos/cosmos-sdk/issues/8141)). + +While the group module is not meant to be a total replacement for the current multi-signature accounts, it provides a solution to the limitations described above, with a more flexible key management system where keys can be added, updated or removed, as well as configurable thresholds. +It's meant to be used with other access control modules such as [`x/feegrant`](./adr-029-fee-grant-module.md) and [`x/authz`](adr-030-authz-module.md) to simplify key management for individuals and organizations. + +The proof of concept of the group module can be found in https://github.com/cosmos/cosmos-sdk/tree/main/proto/cosmos/group/v1 and https://github.com/cosmos/cosmos-sdk/tree/main/x/group. + +## Decision + +We propose merging the `x/group` module with its supporting [ORM/Table Store package](https://github.com/cosmos/cosmos-sdk/tree/main/x/group/internal/orm) ([#7098](https://github.com/cosmos/cosmos-sdk/issues/7098)) into the Cosmos SDK and continuing development here. There will be a dedicated ADR for the ORM package. + +### Group + +A group is a composition of accounts with associated weights. It is not +an account and doesn't have a balance. It doesn't in and of itself have any +sort of voting or decision weight. +Group members can create proposals and vote on them through group accounts using different decision policies. + +It has an `admin` account which can manage members in the group, update the group +metadata and set a new admin. + +```protobuf +message GroupInfo { + + // group_id is the unique ID of this group. + uint64 group_id = 1; + + // admin is the account address of the group's admin. + string admin = 2; + + // metadata is any arbitrary metadata to attached to the group. + bytes metadata = 3; + + // version is used to track changes to a group's membership structure that + // would break existing proposals. Whenever a member weight has changed, + // or any member is added or removed, the version is incremented and will + // invalidate all proposals from older versions. + uint64 version = 4; + + // total_weight is the sum of the group members' weights. + string total_weight = 5; +} +``` + +```protobuf +message GroupMember { + + // group_id is the unique ID of the group. + uint64 group_id = 1; + + // member is the member data. + Member member = 2; +} + +// Member represents a group member with an account address, +// non-zero weight and metadata. +message Member { + + // address is the member's account address. + string address = 1; + + // weight is the member's voting weight that should be greater than 0. + string weight = 2; + + // metadata is any arbitrary metadata to attached to the member. + bytes metadata = 3; +} +``` + +### Group Account + +A group account is an account associated with a group and a decision policy. +A group account does have a balance. + +Group accounts are abstracted from groups because a single group may have +multiple decision policies for different types of actions. Managing group +membership separately from decision policies results in the least overhead +and keeps membership consistent across different policies. The pattern that +is recommended is to have a single master group account for a given group, +and then to create separate group accounts with different decision policies +and delegate the desired permissions from the master account to +those "sub-accounts" using the [`x/authz` module](adr-030-authz-module.md). + +```protobuf +message GroupAccountInfo { + + // address is the group account address. + string address = 1; + + // group_id is the ID of the Group the GroupAccount belongs to. + uint64 group_id = 2; + + // admin is the account address of the group admin. + string admin = 3; + + // metadata is any arbitrary metadata of this group account. + bytes metadata = 4; + + // version is used to track changes to a group's GroupAccountInfo structure that + // invalidates active proposal from old versions. + uint64 version = 5; + + // decision_policy specifies the group account's decision policy. + google.protobuf.Any decision_policy = 6 [(cosmos_proto.accepts_interface) = "cosmos.group.v1.DecisionPolicy"]; +} +``` + +Similarly to a group admin, a group account admin can update its metadata, decision policy or set a new group account admin. + +A group account can also be an admin or a member of a group. +For instance, a group admin could be another group account which could "elects" the members or it could be the same group that elects itself. + +### Decision Policy + +A decision policy is the mechanism by which members of a group can vote on +proposals. + +All decision policies should have a minimum and maximum voting window. +The minimum voting window is the minimum duration that must pass in order +for a proposal to potentially pass, and it may be set to 0. The maximum voting +window is the maximum time that a proposal may be voted on and executed if +it reached enough support before it is closed. +Both of these values must be less than a chain-wide max voting window parameter. + +We define the `DecisionPolicy` interface that all decision policies must implement: + +```go +type DecisionPolicy interface { + codec.ProtoMarshaler + + ValidateBasic() error + GetTimeout() types.Duration + Allow(tally Tally, totalPower string, votingDuration time.Duration) (DecisionPolicyResult, error) + Validate(g GroupInfo) error +} + +type DecisionPolicyResult struct { + Allow bool + Final bool +} +``` + +#### Threshold decision policy + +A threshold decision policy defines a minimum support votes (_yes_), based on a tally +of voter weights, for a proposal to pass. For +this decision policy, abstain and veto are treated as no support (_no_). + +```protobuf +message ThresholdDecisionPolicy { + + // threshold is the minimum weighted sum of support votes for a proposal to succeed. + string threshold = 1; + + // voting_period is the duration from submission of a proposal to the end of voting period + // Within this period, votes and exec messages can be submitted. + google.protobuf.Duration voting_period = 2 [(gogoproto.nullable) = false]; +} +``` + +### Proposal + +Any member of a group can submit a proposal for a group account to decide upon. +A proposal consists of a set of `sdk.Msg`s that will be executed if the proposal +passes as well as any metadata associated with the proposal. These `sdk.Msg`s get validated as part of the `Msg/CreateProposal` request validation. They should also have their signer set as the group account. + +Internally, a proposal also tracks: + +* its current `Status`: submitted, closed or aborted +* its `Result`: unfinalized, accepted or rejected +* its `VoteState` in the form of a `Tally`, which is calculated on new votes and when executing the proposal. + +```protobuf +// Tally represents the sum of weighted votes. +message Tally { + option (gogoproto.goproto_getters) = false; + + // yes_count is the weighted sum of yes votes. + string yes_count = 1; + + // no_count is the weighted sum of no votes. + string no_count = 2; + + // abstain_count is the weighted sum of abstainers. + string abstain_count = 3; + + // veto_count is the weighted sum of vetoes. + string veto_count = 4; +} +``` + +### Voting + +Members of a group can vote on proposals. There are four choices to choose while voting - yes, no, abstain and veto. Not +all decision policies will support them. Votes can contain some optional metadata. +In the current implementation, the voting window begins as soon as a proposal +is submitted. + +Voting internally updates the proposal `VoteState` as well as `Status` and `Result` if needed. + +### Executing Proposals + +Proposals will not be automatically executed by the chain in this current design, +but rather a user must submit a `Msg/Exec` transaction to attempt to execute the +proposal based on the current votes and decision policy. A future upgrade could +automate this and have the group account (or a fee granter) pay. + +#### Changing Group Membership + +In the current implementation, updating a group or a group account after submitting a proposal will make it invalid. It will simply fail if someone calls `Msg/Exec` and will eventually be garbage collected. + +### Notes on current implementation + +This section outlines the current implementation used in the proof of concept of the group module but this could be subject to changes and iterated on. + +#### ORM + +The [ORM package](https://github.com/cosmos/cosmos-sdk/discussions/9156) defines tables, sequences and secondary indexes which are used in the group module. + +Groups are stored in state as part of a `groupTable`, the `group_id` being an auto-increment integer. Group members are stored in a `groupMemberTable`. + +Group accounts are stored in a `groupAccountTable`. The group account address is generated based on an auto-increment integer which is used to derive the group module `RootModuleKey` into a `DerivedModuleKey`, as stated in [ADR-033](adr-033-protobuf-inter-module-comm.md#modulekeys-and-moduleids). The group account is added as a new `ModuleAccount` through `x/auth`. + +Proposals are stored as part of the `proposalTable` using the `Proposal` type. The `proposal_id` is an auto-increment integer. + +Votes are stored in the `voteTable`. The primary key is based on the vote's `proposal_id` and `voter` account address. + +#### ADR-033 to route proposal messages + +Inter-module communication introduced by [ADR-033](adr-033-protobuf-inter-module-comm.md) can be used to route a proposal's messages using the `DerivedModuleKey` corresponding to the proposal's group account. + +## Consequences + +### Positive + +* Improved UX for multi-signature accounts allowing key rotation and custom decision policies. + +### Negative + +### Neutral + +* It uses ADR 033 so it will need to be implemented within the Cosmos SDK, but this doesn't imply necessarily any large refactoring of existing Cosmos SDK modules. +* The current implementation of the group module uses the ORM package. + +## Further Discussions + +* Convergence of `/group` and `x/gov` as both support proposals and voting: https://github.com/cosmos/cosmos-sdk/discussions/9066 +* `x/group` possible future improvements: + * Execute proposals on submission (https://github.com/regen-network/regen-ledger/issues/288) + * Withdraw a proposal (https://github.com/regen-network/cosmos-modules/issues/41) + * Make `Tally` more flexible and support non-binary choices + +## References + +* Initial specification: + * https://gist.github.com/aaronc/b60628017352df5983791cad30babe56#group-module + * [#5236](https://github.com/cosmos/cosmos-sdk/pull/5236) +* Proposal to add `x/group` into the Cosmos SDK: [#7633](https://github.com/cosmos/cosmos-sdk/issues/7633) diff --git a/copy-of-sdk-docs/build/architecture/adr-043-nft-module.md b/copy-of-sdk-docs/build/architecture/adr-043-nft-module.md new file mode 100644 index 00000000..7c8dfcd1 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-043-nft-module.md @@ -0,0 +1,349 @@ +# ADR 43: NFT Module + +## Changelog + +* 2021-05-01: Initial Draft +* 2021-07-02: Review updates +* 2022-06-15: Add batch operation +* 2022-11-11: Remove strict validation of classID and tokenID + +## Status + +PROPOSED + +## Abstract + +This ADR defines the `x/nft` module which is a generic implementation of NFTs, roughly "compatible" with ERC721. **Applications using the `x/nft` module must implement the following functions**: + +* `MsgNewClass` - Receive the user's request to create a class, and call the `NewClass` of the `x/nft` module. +* `MsgUpdateClass` - Receive the user's request to update a class, and call the `UpdateClass` of the `x/nft` module. +* `MsgMintNFT` - Receive the user's request to mint a nft, and call the `MintNFT` of the `x/nft` module. +* `BurnNFT` - Receive the user's request to burn a nft, and call the `BurnNFT` of the `x/nft` module. +* `UpdateNFT` - Receive the user's request to update a nft, and call the `UpdateNFT` of the `x/nft` module. + +## Context + +NFTs are more than just crypto art, which is very helpful for accruing value to the Cosmos ecosystem. As a result, Cosmos Hub should implement NFT functions and enable a unified mechanism for storing and sending the ownership representative of NFTs as discussed in https://github.com/cosmos/cosmos-sdk/discussions/9065. + +As discussed in [#9065](https://github.com/cosmos/cosmos-sdk/discussions/9065), several potential solutions can be considered: + +* irismod/nft and modules/incubator/nft +* CW721 +* DID NFTs +* interNFT + +Since functions/use cases of NFTs are tightly connected with their logic, it is almost impossible to support all the NFTs' use cases in one Cosmos SDK module by defining and implementing different transaction types. + +Considering generic usage and compatibility of interchain protocols including IBC and Gravity Bridge, it is preferred to have a generic NFT module design which handles the generic NFTs logic. +This design idea can enable composability that application-specific functions should be managed by other modules on Cosmos Hub or on other Zones by importing the NFT module. + +The current design is based on the work done by [IRISnet team](https://github.com/irisnet/irismod/tree/master/modules/nft) and an older implementation in the [Cosmos repository](https://github.com/cosmos/modules/tree/master/incubator/nft). + +## Decision + +We create a `x/nft` module, which contains the following functionality: + +* Store NFTs and track their ownership. +* Expose `Keeper` interface for composing modules to transfer, mint and burn NFTs. +* Expose external `Message` interface for users to transfer ownership of their NFTs. +* Query NFTs and their supply information. + +The proposed module is a base module for NFT app logic. It's goal it to provide a common layer for storage, basic transfer functionality and IBC. The module should not be used as a standalone. +Instead an app should create a specialized module to handle app specific logic (eg: NFT ID construction, royalty), user level minting and burning. Moreover an app specialized module should handle auxiliary data to support the app logic (eg indexes, ORM, business data). + +All data carried over IBC must be part of the `NFT` or `Class` type described below. The app specific NFT data should be encoded in `NFT.data` for cross-chain integrity. Other objects related to NFT, which are not important for integrity can be part of the app specific module. + +### Types + +We propose two main types: + +* `Class` -- describes NFT class. We can think about it as a smart contract address. +* `NFT` -- object representing unique, non fungible asset. Each NFT is associated with a Class. + +#### Class + +NFT **Class** is comparable to an ERC-721 smart contract (provides description of a smart contract), under which a collection of NFTs can be created and managed. + +```protobuf +message Class { + string id = 1; + string name = 2; + string symbol = 3; + string description = 4; + string uri = 5; + string uri_hash = 6; + google.protobuf.Any data = 7; +} +``` + +* `id` is used as the primary index for storing the class; _required_ +* `name` is a descriptive name of the NFT class; _optional_ +* `symbol` is the symbol usually shown on exchanges for the NFT class; _optional_ +* `description` is a detailed description of the NFT class; _optional_ +* `uri` is a URI for the class metadata stored off chain. It should be a JSON file that contains metadata about the NFT class and NFT data schema ([OpenSea example](https://docs.opensea.io/docs/contract-level-metadata)); _optional_ +* `uri_hash` is a hash of the document pointed by uri; _optional_ +* `data` is app specific metadata of the class; _optional_ + +#### NFT + +We define a general model for `NFT` as follows. + +```protobuf +message NFT { + string class_id = 1; + string id = 2; + string uri = 3; + string uri_hash = 4; + google.protobuf.Any data = 10; +} +``` + +* `class_id` is the identifier of the NFT class where the NFT belongs; _required_ +* `id` is an identifier of the NFT, unique within the scope of its class. It is specified by the creator of the NFT and may be expanded to use DID in the future. `class_id` combined with `id` uniquely identifies an NFT and is used as the primary index for storing the NFT; _required_ + + ```text + {class_id}/{id} --> NFT (bytes) + ``` + +* `uri` is a URI for the NFT metadata stored off chain. Should point to a JSON file that contains metadata about this NFT (Ref: [ERC721 standard and OpenSea extension](https://docs.opensea.io/docs/metadata-standards)); _required_ +* `uri_hash` is a hash of the document pointed by uri; _optional_ +* `data` is an app specific data of the NFT. CAN be used by composing modules to specify additional properties of the NFT; _optional_ + +This ADR doesn't specify values that `data` can take; however, best practices recommend upper-level NFT modules clearly specify their contents. Although the value of this field doesn't provide the additional context required to manage NFT records, which means that the field can technically be removed from the specification, the field's existence allows basic informational/UI functionality. + +### `Keeper` Interface + +```go +type Keeper interface { + NewClass(ctx sdk.Context,class Class) + UpdateClass(ctx sdk.Context,class Class) + + Mint(ctx sdk.Context,nft NFT,receiver sdk.AccAddress) // updates totalSupply + BatchMint(ctx sdk.Context, tokens []NFT,receiver sdk.AccAddress) error + + Burn(ctx sdk.Context, classId string, nftId string) // updates totalSupply + BatchBurn(ctx sdk.Context, classID string, nftIDs []string) error + + Update(ctx sdk.Context, nft NFT) + BatchUpdate(ctx sdk.Context, tokens []NFT) error + + Transfer(ctx sdk.Context, classId string, nftId string, receiver sdk.AccAddress) + BatchTransfer(ctx sdk.Context, classID string, nftIDs []string, receiver sdk.AccAddress) error + + GetClass(ctx sdk.Context, classId string) Class + GetClasses(ctx sdk.Context) []Class + + GetNFT(ctx sdk.Context, classId string, nftId string) NFT + GetNFTsOfClassByOwner(ctx sdk.Context, classId string, owner sdk.AccAddress) []NFT + GetNFTsOfClass(ctx sdk.Context, classId string) []NFT + + GetOwner(ctx sdk.Context, classId string, nftId string) sdk.AccAddress + GetBalance(ctx sdk.Context, classId string, owner sdk.AccAddress) uint64 + GetTotalSupply(ctx sdk.Context, classId string) uint64 +} +``` + +Other business logic implementations should be defined in composing modules that import `x/nft` and use its `Keeper`. + +### `Msg` Service + +```protobuf +service Msg { + rpc Send(MsgSend) returns (MsgSendResponse); +} + +message MsgSend { + string class_id = 1; + string id = 2; + string sender = 3; + string receiver = 4; +} +message MsgSendResponse {} +``` + +`MsgSend` can be used to transfer the ownership of an NFT to another address. + +The implementation outline of the server is as follows: + +```go +type msgServer struct{ + k Keeper +} + +func (m msgServer) Send(ctx context.Context, msg *types.MsgSend) (*types.MsgSendResponse, error) { + // check current ownership + assertEqual(msg.Sender, m.k.GetOwner(msg.ClassId, msg.Id)) + + // transfer ownership + m.k.Transfer(msg.ClassId, msg.Id, msg.Receiver) + + return &types.MsgSendResponse{}, nil +} +``` + +The query service methods for the `x/nft` module are: + +```protobuf +service Query { + // Balance queries the number of NFTs of a given class owned by the owner, same as balanceOf in ERC721 + rpc Balance(QueryBalanceRequest) returns (QueryBalanceResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/balance/{owner}/{class_id}"; + } + + // Owner queries the owner of the NFT based on its class and id, same as ownerOf in ERC721 + rpc Owner(QueryOwnerRequest) returns (QueryOwnerResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/owner/{class_id}/{id}"; + } + + // Supply queries the number of NFTs from the given class, same as totalSupply of ERC721. + rpc Supply(QuerySupplyRequest) returns (QuerySupplyResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/supply/{class_id}"; + } + + // NFTs queries all NFTs of a given class or owner,choose at least one of the two, similar to tokenByIndex in ERC721Enumerable + rpc NFTs(QueryNFTsRequest) returns (QueryNFTsResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/nfts"; + } + + // NFT queries an NFT based on its class and id. + rpc NFT(QueryNFTRequest) returns (QueryNFTResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/nfts/{class_id}/{id}"; + } + + // Class queries an NFT class based on its id + rpc Class(QueryClassRequest) returns (QueryClassResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/classes/{class_id}"; + } + + // Classes queries all NFT classes + rpc Classes(QueryClassesRequest) returns (QueryClassesResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/classes"; + } +} + +// QueryBalanceRequest is the request type for the Query/Balance RPC method +message QueryBalanceRequest { + string class_id = 1; + string owner = 2; +} + +// QueryBalanceResponse is the response type for the Query/Balance RPC method +message QueryBalanceResponse { + uint64 amount = 1; +} + +// QueryOwnerRequest is the request type for the Query/Owner RPC method +message QueryOwnerRequest { + string class_id = 1; + string id = 2; +} + +// QueryOwnerResponse is the response type for the Query/Owner RPC method +message QueryOwnerResponse { + string owner = 1; +} + +// QuerySupplyRequest is the request type for the Query/Supply RPC method +message QuerySupplyRequest { + string class_id = 1; +} + +// QuerySupplyResponse is the response type for the Query/Supply RPC method +message QuerySupplyResponse { + uint64 amount = 1; +} + +// QueryNFTsRequest is the request type for the Query/NFTs RPC method +message QueryNFTsRequest { + string class_id = 1; + string owner = 2; + cosmos.base.query.v1beta1.PageRequest pagination = 3; +} + +// QueryNFTsResponse is the response type for the Query/NFTs RPC methods +message QueryNFTsResponse { + repeated cosmos.nft.v1beta1.NFT nfts = 1; + cosmos.base.query.v1beta1.PageResponse pagination = 2; +} + +// QueryNFTRequest is the request type for the Query/NFT RPC method +message QueryNFTRequest { + string class_id = 1; + string id = 2; +} + +// QueryNFTResponse is the response type for the Query/NFT RPC method +message QueryNFTResponse { + cosmos.nft.v1beta1.NFT nft = 1; +} + +// QueryClassRequest is the request type for the Query/Class RPC method +message QueryClassRequest { + string class_id = 1; +} + +// QueryClassResponse is the response type for the Query/Class RPC method +message QueryClassResponse { + cosmos.nft.v1beta1.Class class = 1; +} + +// QueryClassesRequest is the request type for the Query/Classes RPC method +message QueryClassesRequest { + // pagination defines an optional pagination for the request. + cosmos.base.query.v1beta1.PageRequest pagination = 1; +} + +// QueryClassesResponse is the response type for the Query/Classes RPC method +message QueryClassesResponse { + repeated cosmos.nft.v1beta1.Class classes = 1; + cosmos.base.query.v1beta1.PageResponse pagination = 2; +} +``` + +### Interoperability + +Interoperability is all about reusing assets between modules and chains. The former one is achieved by ADR-33: Protobuf client - server communication. At the time of writing ADR-33 is not finalized. The latter is achieved by IBC. Here we will focus on the IBC side. +IBC is implemented per module. Here, we aligned that NFTs will be recorded and managed in the x/nft. This requires creation of a new IBC standard and implementation of it. + +For IBC interoperability, NFT custom modules MUST use the NFT object type understood by the IBC client. So, for x/nft interoperability, custom NFT implementations (example: x/cryptokitty) should use the canonical x/nft module and proxy all NFT balance keeping functionality to x/nft or else re-implement all functionality using the NFT object type understood by the IBC client. In other words: x/nft becomes the standard NFT registry for all Cosmos NFTs (example: x/cryptokitty will register a kitty NFT in x/nft and use x/nft for book keeping). This was [discussed](https://github.com/cosmos/cosmos-sdk/discussions/9065#discussioncomment-873206) in the context of using x/bank as a general asset balance book. Not using x/nft will require implementing another module for IBC. + +## Consequences + +### Backward Compatibility + +No backward incompatibilities. + +### Forward Compatibility + +This specification conforms to the ERC-721 smart contract specification for NFT identifiers. Note that ERC-721 defines uniqueness based on (contract address, uint256 tokenId), and we conform to this implicitly because a single module is currently aimed to track NFT identifiers. Note: use of the (mutable) data field to determine uniqueness is not safe. + +### Positive + +* NFT identifiers available on Cosmos Hub. +* Ability to build different NFT modules for the Cosmos Hub, e.g., ERC-721. +* NFT module which supports interoperability with IBC and other cross-chain infrastructures like Gravity Bridge + +### Negative + +* New IBC app is required for x/nft +* CW721 adapter is required + +### Neutral + +* Other functions need more modules. For example, a custody module is needed for NFT trading function, a collectible module is needed for defining NFT properties. + +## Further Discussions + +For other kinds of applications on the Hub, more app-specific modules can be developed in the future: + +* `x/nft/custody`: custody of NFTs to support trading functionality. +* `x/nft/marketplace`: selling and buying NFTs using sdk.Coins. +* `x/fractional`: a module to split an ownership of an asset (NFT or other assets) for multiple stakeholder. `x/group` should work for most of the cases. + +Other networks in the Cosmos ecosystem could design and implement their own NFT modules for specific NFT applications and use cases. + +## References + +* Initial discussion: https://github.com/cosmos/cosmos-sdk/discussions/9065 +* x/nft: initialize module: https://github.com/cosmos/cosmos-sdk/pull/9174 +* [ADR 033](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-033-protobuf-inter-module-comm.md) diff --git a/copy-of-sdk-docs/build/architecture/adr-044-protobuf-updates-guidelines.md b/copy-of-sdk-docs/build/architecture/adr-044-protobuf-updates-guidelines.md new file mode 100644 index 00000000..595b16de --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-044-protobuf-updates-guidelines.md @@ -0,0 +1,129 @@ +# ADR 044: Guidelines for Updating Protobuf Definitions + +## Changelog + +* 28.06.2021: Initial Draft +* 02.12.2021: Add `Since:` comment for new fields +* 21.07.2022: Remove the rule of no new `Msg` in the same proto version. + +## Status + +Draft + +## Abstract + +This ADR provides guidelines and recommended practices when updating Protobuf definitions. These guidelines are targeting module developers. + +## Context + +The Cosmos SDK maintains a set of [Protobuf definitions](https://github.com/cosmos/cosmos-sdk/tree/main/proto/cosmos). It is important to correctly design Protobuf definitions to avoid any breaking changes within the same version. The reasons are to not break tooling (including indexers and explorers), wallets and other third-party integrations. + +When making changes to these Protobuf definitions, the Cosmos SDK currently only follows [Buf's](https://docs.buf.build/) recommendations. We noticed however that Buf's recommendations might still result in breaking changes in the SDK in some cases. For example: + +* Adding fields to `Msg`s. Adding fields is not a Protobuf spec-breaking operation. However, when adding new fields to `Msg`s, the unknown field rejection will throw an error when sending the new `Msg` to an older node. +* Marking fields as `reserved`. Protobuf proposes the `reserved` keyword for removing fields without the need to bump the package version. However, by doing so, client backwards compatibility is broken as Protobuf doesn't generate anything for `reserved` fields. See [#9446](https://github.com/cosmos/cosmos-sdk/issues/9446) for more details on this issue. + +Moreover, module developers often face other questions around Protobuf definitions such as "Can I rename a field?" or "Can I deprecate a field?" This ADR aims to answer all these questions by providing clear guidelines about allowed updates for Protobuf definitions. + +## Decision + +We decide to keep [Buf's](https://docs.buf.build/) recommendations with the following exceptions: + +* `UNARY_RPC`: the Cosmos SDK currently does not support streaming RPCs. +* `COMMENT_FIELD`: the Cosmos SDK allows fields with no comments. +* `SERVICE_SUFFIX`: we use the `Query` and `Msg` service naming convention, which doesn't use the `-Service` suffix. +* `PACKAGE_VERSION_SUFFIX`: some packages, such as `cosmos.crypto.ed25519`, don't use a version suffix. +* `RPC_REQUEST_STANDARD_NAME`: Requests for the `Msg` service don't have the `-Request` suffix to keep backwards compatibility. + +On top of Buf's recommendations we add the following guidelines that are specific to the Cosmos SDK. + +### Updating Protobuf Definition Without Bumping Version + +#### 1. Module developers MAY add new Protobuf definitions + +Module developers MAY add new `message`s, new `Service`s, new `rpc` endpoints, and new fields to existing messages. This recommendation follows the Protobuf specification, but is added in this document for clarity, as the SDK requires one additional change. + +The SDK requires the Protobuf comment of the new addition to contain one line with the following format: + +```protobuf +// Since: cosmos-sdk {, ...} +``` + +Where each `version` denotes a minor ("0.45") or patch ("0.44.5") version from which the field is available. This will greatly help client libraries, who can optionally use reflection or custom code generation to show/hide these fields depending on the targeted node version. + +As examples, the following comments are valid: + +```protobuf +// Since: cosmos-sdk 0.44 + +// Since: cosmos-sdk 0.42.11, 0.44.5 +``` + +and the following ones are NOT valid: + +```protobuf +// Since cosmos-sdk v0.44 + +// since: cosmos-sdk 0.44 + +// Since: cosmos-sdk 0.42.11 0.44.5 + +// Since: Cosmos SDK 0.42.11, 0.44.5 +``` + +#### 2. Fields MAY be marked as `deprecated`, and nodes MAY implement a protocol-breaking change for handling these fields + +Protobuf supports the [`deprecated` field option](https://developers.google.com/protocol-buffers/docs/proto#options), and this option MAY be used on any field, including `Msg` fields. If a node handles a Protobuf message with a non-empty deprecated field, the node MAY change its behavior upon processing it, even in a protocol-breaking way. When possible, the node MUST handle backwards compatibility without breaking the consensus (unless we increment the proto version). + +As an example, the Cosmos SDK v0.42 to v0.43 update contained two Protobuf-breaking changes, listed below. Instead of bumping the package versions from `v1beta1` to `v1`, the SDK team decided to follow this guideline, by reverting the breaking changes, marking those changes as deprecated, and modifying the node implementation when processing messages with deprecated fields. More specifically: + +* The Cosmos SDK recently removed support for [time-based software upgrades](https://github.com/cosmos/cosmos-sdk/pull/8849). As such, the `time` field has been marked as deprecated in `cosmos.upgrade.v1beta1.Plan`. Moreover, the node will reject any proposal containing an upgrade Plan whose `time` field is non-empty. +* The Cosmos SDK now supports [governance split votes](./adr-037-gov-split-vote.md). When querying for votes, the returned `cosmos.gov.v1beta1.Vote` message has its `option` field (used for 1 vote option) deprecated in favor of its `options` field (allowing multiple vote options). Whenever possible, the SDK still populates the deprecated `option` field, that is, if and only if the `len(options) == 1` and `options[0].Weight == 1.0`. + +#### 3. Fields MUST NOT be renamed + +Whereas the official Protobuf recommendations do not prohibit renaming fields, as it does not break the Protobuf binary representation, the SDK explicitly forbids renaming fields in Protobuf structs. The main reason for this choice is to avoid introducing breaking changes for clients, which often rely on hard-coded fields from generated types. Moreover, renaming fields will lead to client-breaking JSON representations of Protobuf definitions, used in REST endpoints and in the CLI. + +### Incrementing Protobuf Package Version + +TODO, needs architecture review. Some topics: + +* Bumping versions frequency +* When bumping versions, should the Cosmos SDK support both versions? + * i.e. v1beta1 -> v1, should we have two folders in the Cosmos SDK, and handlers for both versions? +* mention ADR-023 Protobuf naming + +## Consequences + +> This section describes the resulting context, after applying the decision. All consequences should be listed here, not just the "positive" ones. A particular decision may have positive, negative, and neutral consequences, but all of them affect the team and project in the future. + +### Backwards Compatibility + +> All ADRs that introduce backwards incompatibilities must include a section describing these incompatibilities and their severity. The ADR must explain how the author proposes to deal with these incompatibilities. ADR submissions without a sufficient backwards compatibility treatise may be rejected outright. + +### Positive + +* less pain to tool developers +* more compatibility in the ecosystem +* ... + +### Negative + +{negative consequences} + +### Neutral + +* more rigor in Protobuf review + +## Further Discussions + +This ADR is still in the DRAFT stage, and the "Incrementing Protobuf Package Version" will be filled in once we make a decision on how to correctly do it. + +## Test Cases [optional] + +Test cases for an implementation are mandatory for ADRs that are affecting consensus changes. Other ADRs can choose to include links to test cases if applicable. + +## References + +* [#9445](https://github.com/cosmos/cosmos-sdk/issues/9445) Release proto definitions v1 +* [#9446](https://github.com/cosmos/cosmos-sdk/issues/9446) Address v1beta1 proto breaking changes diff --git a/copy-of-sdk-docs/build/architecture/adr-045-check-delivertx-middlewares.md b/copy-of-sdk-docs/build/architecture/adr-045-check-delivertx-middlewares.md new file mode 100644 index 00000000..f55c2159 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-045-check-delivertx-middlewares.md @@ -0,0 +1,312 @@ +# ADR 045: BaseApp `{Check,Deliver}Tx` as Middlewares + +## Changelog + +* 20.08.2021: Initial draft. +* 07.12.2021: Update `tx.Handler` interface ([\#10693](https://github.com/cosmos/cosmos-sdk/pull/10693)). +* 17.05.2022: ADR is abandoned, as middlewares are deemed too hard to reason about. + +## Status + +ABANDONED. Replacement is being discussed in [#11955](https://github.com/cosmos/cosmos-sdk/issues/11955). + +## Abstract + +This ADR replaces the current BaseApp `runTx` and antehandlers design with a middleware-based design. + +## Context + +BaseApp's implementation of ABCI `{Check,Deliver}Tx()` and its own `Simulate()` method call the `runTx` method under the hood, which first runs antehandlers, then executes `Msg`s. However, the [transaction Tips](https://github.com/cosmos/cosmos-sdk/issues/9406) and [refunding unused gas](https://github.com/cosmos/cosmos-sdk/issues/2150) use cases require custom logic to be run after the `Msg`s execution. There is currently no way to achieve this. + +A naive solution would be to add post-`Msg` hooks to BaseApp. However, the Cosmos SDK team thinks in parallel about the bigger picture of making app wiring simpler ([#9181](https://github.com/cosmos/cosmos-sdk/discussions/9182)), which includes making BaseApp more lightweight and modular. + +## Decision + +We decide to transform Baseapp's implementation of ABCI `{Check,Deliver}Tx` and its own `Simulate` methods to use a middleware-based design. + +The two following interfaces are the base of the middleware design, and are defined in `types/tx`: + +```go +type Handler interface { + CheckTx(ctx context.Context, req Request, checkReq RequestCheckTx) (Response, ResponseCheckTx, error) + DeliverTx(ctx context.Context, req Request) (Response, error) + SimulateTx(ctx context.Context, req Request (Response, error) +} + +type Middleware func(Handler) Handler +``` + +where we define the following arguments and return types: + +```go +type Request struct { + Tx sdk.Tx + TxBytes []byte +} + +type Response struct { + GasWanted uint64 + GasUsed uint64 + // MsgResponses is an array containing each Msg service handler's response + // type, packed in an Any. This will get proto-serialized into the `Data` field + // in the ABCI Check/DeliverTx responses. + MsgResponses []*codectypes.Any + Log string + Events []abci.Event +} + +type RequestCheckTx struct { + Type abci.CheckTxType +} + +type ResponseCheckTx struct { + Priority int64 +} +``` + +Please note that because CheckTx handles separate logic related to mempool prioritization, its signature is different than DeliverTx and SimulateTx. + +BaseApp holds a reference to a `tx.Handler`: + +```go +type BaseApp struct { + // other fields + txHandler tx.Handler +} +``` + +Baseapp's ABCI `{Check,Deliver}Tx()` and `Simulate()` methods simply call `app.txHandler.{Check,Deliver,Simulate}Tx()` with the relevant arguments. For example, for `DeliverTx`: + +```go +func (app *BaseApp) DeliverTx(req abci.RequestDeliverTx) abci.ResponseDeliverTx { + var abciRes abci.ResponseDeliverTx + ctx := app.getContextForTx(runTxModeDeliver, req.Tx) + res, err := app.txHandler.DeliverTx(ctx, tx.Request{TxBytes: req.Tx}) + if err != nil { + abciRes = sdkerrors.ResponseDeliverTx(err, uint64(res.GasUsed), uint64(res.GasWanted), app.trace) + return abciRes + } + + abciRes, err = convertTxResponseToDeliverTx(res) + if err != nil { + return sdkerrors.ResponseDeliverTx(err, uint64(res.GasUsed), uint64(res.GasWanted), app.trace) + } + + return abciRes +} + +// convertTxResponseToDeliverTx converts a tx.Response into a abci.ResponseDeliverTx. +func convertTxResponseToDeliverTx(txRes tx.Response) (abci.ResponseDeliverTx, error) { + data, err := makeABCIData(txRes) + if err != nil { + return abci.ResponseDeliverTx{}, nil + } + + return abci.ResponseDeliverTx{ + Data: data, + Log: txRes.Log, + Events: txRes.Events, + }, nil +} + +// makeABCIData generates the Data field to be sent to ABCI Check/DeliverTx. +func makeABCIData(txRes tx.Response) ([]byte, error) { + return proto.Marshal(&sdk.TxMsgData{MsgResponses: txRes.MsgResponses}) +} +``` + +The implementations are similar for `BaseApp.CheckTx` and `BaseApp.Simulate`. + +`baseapp.txHandler`'s three methods' implementations can obviously be monolithic functions, but for modularity we propose a middleware composition design, where a middleware is simply a function that takes a `tx.Handler`, and returns another `tx.Handler` wrapped around the previous one. + +### Implementing a Middleware + +In practice, middlewares are created by Go function that takes as arguments some parameters needed for the middleware, and returns a `tx.Middleware`. + +For example, for creating an arbitrary `MyMiddleware`, we can implement: + +```go +// myTxHandler is the tx.Handler of this middleware. Note that it holds a +// reference to the next tx.Handler in the stack. +type myTxHandler struct { + // next is the next tx.Handler in the middleware stack. + next tx.Handler + // some other fields that are relevant to the middleware can be added here +} + +// NewMyMiddleware returns a middleware that does this and that. +func NewMyMiddleware(arg1, arg2) tx.Middleware { + return func (txh tx.Handler) tx.Handler { + return myTxHandler{ + next: txh, + // optionally, set arg1, arg2... if they are needed in the middleware + } + } +} + +// Assert myTxHandler is a tx.Handler. +var _ tx.Handler = myTxHandler{} + +func (h myTxHandler) CheckTx(ctx context.Context, req Request, checkReq RequestcheckTx) (Response, ResponseCheckTx, error) { + // CheckTx specific pre-processing logic + + // run the next middleware + res, checkRes, err := txh.next.CheckTx(ctx, req, checkReq) + + // CheckTx specific post-processing logic + + return res, checkRes, err +} + +func (h myTxHandler) DeliverTx(ctx context.Context, req Request) (Response, error) { + // DeliverTx specific pre-processing logic + + // run the next middleware + res, err := txh.next.DeliverTx(ctx, tx, req) + + // DeliverTx specific post-processing logic + + return res, err +} + +func (h myTxHandler) SimulateTx(ctx context.Context, req Request) (Response, error) { + // SimulateTx specific pre-processing logic + + // run the next middleware + res, err := txh.next.SimulateTx(ctx, tx, req) + + // SimulateTx specific post-processing logic + + return res, err +} +``` + +### Composing Middlewares + +While BaseApp simply holds a reference to a `tx.Handler`, this `tx.Handler` itself is defined using a middleware stack. The Cosmos SDK exposes a base (i.e. innermost) `tx.Handler` called `RunMsgsTxHandler`, which executes messages. + +Then, the app developer can compose multiple middlewares on top of the base `tx.Handler`. Each middleware can run pre-and-post-processing logic around its next middleware, as described in the section above. Conceptually, as an example, given the middlewares `A`, `B`, and `C` and the base `tx.Handler` `H` the stack looks like: + +```text +A.pre + B.pre + C.pre + H # The base tx.handler, for example `RunMsgsTxHandler` + C.post + B.post +A.post +``` + +We define a `ComposeMiddlewares` function for composing middlewares. It takes the base handler as first argument, and middlewares in the "outer to inner" order. For the above stack, the final `tx.Handler` is: + +```go +txHandler := middleware.ComposeMiddlewares(H, A, B, C) +``` + +The middleware is set in BaseApp via its `SetTxHandler` setter: + +```go +// simapp/app.go + +txHandler := middleware.ComposeMiddlewares(...) +app.SetTxHandler(txHandler) +``` + +The app developer can define their own middlewares, or use the Cosmos SDK's pre-defined middlewares from `middleware.NewDefaultTxHandler()`. + +### Middlewares Maintained by the Cosmos SDK + +While the app developer can define and compose the middlewares of their choice, the Cosmos SDK provides a set of middlewares that caters for the ecosystem's most common use cases. These middlewares are: + +| Middleware | Description | +| ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| RunMsgsTxHandler | This is the base `tx.Handler`. It replaces the old baseapp's `runMsgs`, and executes a transaction's `Msg`s. | +| TxDecoderMiddleware | This middleware takes in transaction raw bytes, and decodes them into a `sdk.Tx`. It replaces the `baseapp.txDecoder` field, so that BaseApp stays as thin as possible. Since most middlewares read the contents of the `sdk.Tx`, the TxDecoderMiddleware should be run first in the middleware stack. | +| {Antehandlers} | Each antehandler is converted to its own middleware. These middlewares perform signature verification, fee deductions and other validations on the incoming transaction. | +| IndexEventsTxMiddleware | This is a simple middleware that chooses which events to index in Tendermint. Replaces `baseapp.indexEvents` (which unfortunately still exists in baseapp too, because it's used to index Begin/EndBlock events) | +| RecoveryTxMiddleware | This index recovers from panics. It replaces baseapp.runTx's panic recovery described in [ADR-022](./adr-022-custom-panic-handling.md). | +| GasTxMiddleware | This replaces the [`Setup`](https://github.com/cosmos/cosmos-sdk/blob/v0.43.0/x/auth/ante/setup.go) Antehandler. It sets a GasMeter on sdk.Context. Note that before, GasMeter was set on sdk.Context inside the antehandlers, and there was some mess around the fact that antehandlers had their own panic recovery system so that the GasMeter could be read by baseapp's recovery system. Now, this mess is all removed: one middleware sets GasMeter, another one handles recovery. | + +### Similarities and Differences between Antehandlers and Middlewares + +The middleware-based design builds upon the existing antehandlers design described in [ADR-010](./adr-010-modular-antehandler.md). Even though the final decision of ADR-010 was to go with the "Simple Decorators" approach, the middleware design is actually very similar to the other [Decorator Pattern](./adr-010-modular-antehandler.md#decorator-pattern) proposal, also used in [weave](https://github.com/iov-one/weave). + +#### Similarities with Antehandlers + +* Designed as chaining/composing small modular pieces. +* Allow code reuse for `{Check,Deliver}Tx` and for `Simulate`. +* Set up in `app.go`, and easily customizable by app developers. +* Order is important. + +#### Differences with Antehandlers + +* The Antehandlers are run before `Msg` execution, whereas middlewares can run before and after. +* The middleware approach uses separate methods for `{Check,Deliver,Simulate}Tx`, whereas the antehandlers pass a `simulate bool` flag and uses the `sdkCtx.Is{Check,Recheck}Tx()` flags to determine in which transaction mode we are. +* The middleware design lets each middleware hold a reference to the next middleware, whereas the antehandlers pass a `next` argument in the `AnteHandle` method. +* The middleware design use Go's standard `context.Context`, whereas the antehandlers use `sdk.Context`. + +## Consequences + +### Backwards Compatibility + +Since this refactor removes some logic away from BaseApp and into middlewares, it introduces API-breaking changes for app developers. Most notably, instead of creating an antehandler chain in `app.go`, app developers need to create a middleware stack: + +```diff +- anteHandler, err := ante.NewAnteHandler( +- ante.HandlerOptions{ +- AccountKeeper: app.AccountKeeper, +- BankKeeper: app.BankKeeper, +- SignModeHandler: encodingConfig.TxConfig.SignModeHandler(), +- FeegrantKeeper: app.FeeGrantKeeper, +- SigGasConsumer: ante.DefaultSigVerificationGasConsumer, +- }, +-) ++txHandler, err := authmiddleware.NewDefaultTxHandler(authmiddleware.TxHandlerOptions{ ++ Debug: app.Trace(), ++ IndexEvents: indexEvents, ++ LegacyRouter: app.legacyRouter, ++ MsgServiceRouter: app.msgSvcRouter, ++ LegacyAnteHandler: anteHandler, ++ TxDecoder: encodingConfig.TxConfig.TxDecoder, ++}) +if err != nil { + panic(err) +} +- app.SetAnteHandler(anteHandler) ++ app.SetTxHandler(txHandler) +``` + +Other more minor API breaking changes will also be provided in the CHANGELOG. As usual, the Cosmos SDK will provide a release migration document for app developers. + +This ADR does not introduce any state-machine-, client- or CLI-breaking changes. + +### Positive + +* Allow custom logic to be run before an after `Msg` execution. This enables the [tips](https://github.com/cosmos/cosmos-sdk/issues/9406) and [gas refund](https://github.com/cosmos/cosmos-sdk/issues/2150) uses cases, and possibly other ones. +* Make BaseApp more lightweight, and defer complex logic to small modular components. +* Separate paths for `{Check,Deliver,Simulate}Tx` with different returns types. This allows for improved readability (replace `if sdkCtx.IsRecheckTx() && !simulate {...}` with separate methods) and more flexibility (e.g. returning a `priority` in `ResponseCheckTx`). + +### Negative + +* It is hard to understand at first glance the state updates that would occur after a middleware runs given the `sdk.Context` and `tx`. A middleware can have an arbitrary number of nested middleware being called within its function body, each possibly doing some pre- and post-processing before calling the next middleware on the chain. Thus to understand what a middleware is doing, one must also understand what every other middleware further along the chain is also doing, and the order of middlewares matters. This can get quite complicated to understand. +* API-breaking changes for app developers. + +### Neutral + +No neutral consequences. + +## Further Discussions + +* [#9934](https://github.com/cosmos/cosmos-sdk/discussions/9934) Decomposing BaseApp's other ABCI methods into middlewares. +* Replace `sdk.Tx` interface with the concrete protobuf Tx type in the `tx.Handler` methods signature. + +## Test Cases + +We update the existing baseapp and antehandlers tests to use the new middleware API, but keep the same test cases and logic, to avoid introducing regressions. Existing CLI tests will also be left untouched. + +For new middlewares, we introduce unit tests. Since middlewares are purposefully small, unit tests suit well. + +## References + +* Initial discussion: https://github.com/cosmos/cosmos-sdk/issues/9585 +* Implementation: [#9920 BaseApp refactor](https://github.com/cosmos/cosmos-sdk/pull/9920) and [#10028 Antehandlers migration](https://github.com/cosmos/cosmos-sdk/pull/10028) diff --git a/copy-of-sdk-docs/build/architecture/adr-046-module-params.md b/copy-of-sdk-docs/build/architecture/adr-046-module-params.md new file mode 100644 index 00000000..10bb65cd --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-046-module-params.md @@ -0,0 +1,184 @@ +# ADR 046: Module Params + +## Changelog + +* Sep 22, 2021: Initial Draft + +## Status + +Proposed + +## Abstract + +This ADR describes an alternative approach to how Cosmos SDK modules use, interact, +and store their respective parameters. + +## Context + +Currently, in the Cosmos SDK, modules that require the use of parameters use the +`x/params` module. The `x/params` works by having modules define parameters, +typically via a simple `Params` structure, and registering that structure in +the `x/params` module via a unique `Subspace` that belongs to the respective +registering module. The registering module then has unique access to its respective +`Subspace`. Through this `Subspace`, the module can get and set its `Params` +structure. + +In addition, the Cosmos SDK's `x/gov` module has direct support for changing +parameters on-chain via a `ParamChangeProposal` governance proposal type, where +stakeholders can vote on suggested parameter changes. + +There are various tradeoffs to using the `x/params` module to manage individual +module parameters. Namely, managing parameters essentially comes for "free" in +that developers only need to define the `Params` struct, the `Subspace`, and the +various auxiliary functions, e.g. `ParamSetPairs`, on the `Params` type. However, +there are some notable drawbacks. These drawbacks include the fact that parameters +are serialized in state via JSON which is extremely slow. In addition, parameter +changes via `ParamChangeProposal` governance proposals have no way of reading from +or writing to state. In other words, it is currently not possible to have any +state transitions in the application during an attempt to change param(s). + +## Decision + +We will build off of the alignment of `x/gov` and `x/authz` work per +[#9810](https://github.com/cosmos/cosmos-sdk/pull/9810). Namely, module developers +will create one or more unique parameter data structures that must be serialized +to state. The Param data structures must implement `sdk.Msg` interface with respective +Protobuf Msg service method which will validate and update the parameters with all +necessary changes. The `x/gov` module via the work done in +[#9810](https://github.com/cosmos/cosmos-sdk/pull/9810), will dispatch Param +messages, which will be handled by Protobuf Msg services. + +Note, it is up to developers to decide how to structure their parameters and +the respective `sdk.Msg` messages. Consider the parameters currently defined in +`x/auth` using the `x/params` module for parameter management: + +```protobuf +message Params { + uint64 max_memo_characters = 1; + uint64 tx_sig_limit = 2; + uint64 tx_size_cost_per_byte = 3; + uint64 sig_verify_cost_ed25519 = 4; + uint64 sig_verify_cost_secp256k1 = 5; +} +``` + +Developers can choose to either create a unique data structure for every field in +`Params` or they can create a single `Params` structure as outlined above in the +case of `x/auth`. + +In the former, `x/params`, approach, a `sdk.Msg` would need to be created for every single +field along with a handler. This can become burdensome if there are a lot of +parameter fields. In the latter case, there is only a single data structure and +thus only a single message handler, however, the message handler might have to be +more sophisticated in that it might need to understand what parameters are being +changed vs what parameters are untouched. + +Params change proposals are made using the `x/gov` module. Execution is done through +`x/authz` authorization to the root `x/gov` module's account. + +Continuing to use `x/auth`, we demonstrate a more complete example: + +```go +type Params struct { + MaxMemoCharacters uint64 + TxSigLimit uint64 + TxSizeCostPerByte uint64 + SigVerifyCostED25519 uint64 + SigVerifyCostSecp256k1 uint64 +} + +type MsgUpdateParams struct { + MaxMemoCharacters uint64 + TxSigLimit uint64 + TxSizeCostPerByte uint64 + SigVerifyCostED25519 uint64 + SigVerifyCostSecp256k1 uint64 +} + +type MsgUpdateParamsResponse struct {} + +func (ms msgServer) UpdateParams(goCtx context.Context, msg *types.MsgUpdateParams) (*types.MsgUpdateParamsResponse, error) { + ctx := sdk.UnwrapSDKContext(goCtx) + + // verification logic... + + // persist params + params := ParamsFromMsg(msg) + ms.SaveParams(ctx, params) + + return &types.MsgUpdateParamsResponse{}, nil +} + +func ParamsFromMsg(msg *types.MsgUpdateParams) Params { + // ... +} +``` + +A gRPC `Service` query should also be provided, for example: + +```protobuf +service Query { + // ... + + rpc Params(QueryParamsRequest) returns (QueryParamsResponse) { + option (google.api.http).get = "/cosmos//v1beta1/params"; + } +} + +message QueryParamsResponse { + Params params = 1 [(gogoproto.nullable) = false]; +} +``` + +## Consequences + +As a result of implementing the module parameter methodology, we gain the ability +for module parameter changes to be stateful and extensible to fit nearly every +application's use case. We will be able to emit events (and trigger hooks registered +to that events using the work proposed in [event hooks](https://github.com/cosmos/cosmos-sdk/discussions/9656)), +call other Msg service methods or perform migration. +In addition, there will be significant gains in performance when it comes to reading +and writing parameters from and to state, especially if a specific set of parameters +are read on a consistent basis. + +However, this methodology will require developers to implement more types and +Msg service methods which can become burdensome if many parameters exist. In addition, +developers are required to implement persistence logics of module parameters. +However, this should be trivial. + +### Backwards Compatibility + +The new method for working with module parameters is naturally not backwards +compatible with the existing `x/params` module. However, the `x/params` will +remain in the Cosmos SDK and will be marked as deprecated with no additional +functionality being added apart from potential bug fixes. Note, the `x/params` +module may be removed entirely in a future release. + +### Positive + +* Module parameters are serialized more efficiently +* Modules are able to react on parameters changes and perform additional actions. +* Special events can be emitted, allowing hooks to be triggered. + +### Negative + +* Module parameters become slightly more burdensome for module developers: + * Modules are now responsible for persisting and retrieving parameter state + * Modules are now required to have unique message handlers to handle parameter + changes per unique parameter data structure. + +### Neutral + +* Requires [#9810](https://github.com/cosmos/cosmos-sdk/pull/9810) to be reviewed + and merged. + + + +## References + +* https://github.com/cosmos/cosmos-sdk/pull/9810 +* https://github.com/cosmos/cosmos-sdk/issues/9438 +* https://github.com/cosmos/cosmos-sdk/discussions/9913 diff --git a/copy-of-sdk-docs/build/architecture/adr-047-extend-upgrade-plan.md b/copy-of-sdk-docs/build/architecture/adr-047-extend-upgrade-plan.md new file mode 100644 index 00000000..610feccc --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-047-extend-upgrade-plan.md @@ -0,0 +1,254 @@ +# ADR 047: Extend Upgrade Plan + +## Changelog + +* Nov, 23, 2021: Initial Draft +* May, 16, 2023: Proposal ABANDONED. `pre_run` and `post_run` are not necessary anymore and adding the `artifacts` brings minor benefits. + +## Status + +ABANDONED + +## Abstract + +This ADR expands the existing x/upgrade `Plan` proto message to include new fields for defining pre-run and post-run processes within upgrade tooling. +It also defines a structure for providing downloadable artifacts involved in an upgrade. + +## Context + +The `upgrade` module in conjunction with Cosmovisor are designed to facilitate and automate a blockchain's transition from one version to another. + +Users submit a software upgrade governance proposal containing an upgrade `Plan`. +The [Plan](https://github.com/cosmos/cosmos-sdk/blob/v0.44.5/proto/cosmos/upgrade/v1beta1/upgrade.proto#L12) currently contains the following fields: + +* `name`: A short string identifying the new version. +* `height`: The chain height at which the upgrade is to be performed. +* `info`: A string containing information about the upgrade. + +The `info` string can be anything. +However, Cosmovisor will try to use the `info` field to automatically download a new version of the blockchain executable. +For the auto-download to work, Cosmovisor expects it to be either a stringified JSON object (with a specific structure defined through documentation), or a URL that will return such JSON. +The JSON object identifies URLs used to download the new blockchain executable for different platforms (OS and Architecture, e.g. "linux/amd64"). +Such a URL can either return the executable file directly or can return an archive containing the executable and possibly other assets. + +If the URL returns an archive, it is decompressed into `{DAEMON_HOME}/cosmovisor/{upgrade name}`. +Then, if `{DAEMON_HOME}/cosmovisor/{upgrade name}/bin/{DAEMON_NAME}` does not exist, but `{DAEMON_HOME}/cosmovisor/{upgrade name}/{DAEMON_NAME}` does, the latter is copied to the former. +If the URL returns something other than an archive, it is downloaded to `{DAEMON_HOME}/cosmovisor/{upgrade name}/bin/{DAEMON_NAME}`. + +If an upgrade height is reached and the new version of the executable version isn't available, Cosmovisor will stop running. + +Both `DAEMON_HOME` and `DAEMON_NAME` are [environment variables used to configure Cosmovisor](https://github.com/cosmos/cosmos-sdk/blob/cosmovisor/v1.0.0/cosmovisor/README.md#command-line-arguments-and-environment-variables). + +Currently, there is no mechanism that makes Cosmovisor run a command after the upgraded chain has been restarted. + +The current upgrade process has this timeline: + +1. An upgrade governance proposal is submitted and approved. +1. The upgrade height is reached. +1. The `x/upgrade` module writes the `upgrade_info.json` file. +1. The chain halts. +1. Cosmovisor backs up the data directory (if set up to do so). +1. Cosmovisor downloads the new executable (if not already in place). +1. Cosmovisor executes the `${DAEMON_NAME} pre-upgrade`. +1. Cosmovisor restarts the app using the new version and same args originally provided. + +## Decision + +### Protobuf Updates + +We will update the `x/upgrade.Plan` message for providing upgrade instructions. +The upgrade instructions will contain a list of artifacts available for each platform. +It allows for the definition of a pre-run and post-run commands. +These commands are not consensus guaranteed; they will be executed by Cosmovisor (or other) during its upgrade handling. + +```protobuf +message Plan { + // ... (existing fields) + + UpgradeInstructions instructions = 6; +} +``` + +The new `UpgradeInstructions instructions` field MUST be optional. + +```protobuf +message UpgradeInstructions { + string pre_run = 1; + string post_run = 2; + repeated Artifact artifacts = 3; + string description = 4; +} +``` + +All fields in the `UpgradeInstructions` are optional. + +* `pre_run` is a command to run prior to the upgraded chain restarting. + If defined, it will be executed after halting and downloading the new artifact but before restarting the upgraded chain. + The working directory this command runs from MUST be `{DAEMON_HOME}/cosmovisor/{upgrade name}`. + This command MUST behave the same as the current [pre-upgrade](https://github.com/cosmos/cosmos-sdk/blob/v0.44.5/docs/migrations/pre-upgrade.md) command. + It does not take in any command-line arguments and is expected to terminate with the following exit codes: + + | Exit status code | How it is handled in Cosmovisor | + |------------------|---------------------------------------------------------------------------------------------------------------------| + | `0` | Assumes `pre-upgrade` command executed successfully and continues the upgrade. | + | `1` | Default exit code when `pre-upgrade` command has not been implemented. | + | `30` | `pre-upgrade` command was executed but failed. This fails the entire upgrade. | + | `31` | `pre-upgrade` command was executed but failed. But the command is retried until exit code `1` or `30` are returned. | + If defined, then the app supervisors (e.g. Cosmovisor) MUST NOT run `app pre-run`. + +* `post_run` is a command to run after the upgraded chain has been started. If defined, this command MUST be only executed at most once by an upgrading node. + The output and exit code SHOULD be logged but SHOULD NOT affect the running of the upgraded chain. + The working directory this command runs from MUST be `{DAEMON_HOME}/cosmovisor/{upgrade name}`. +* `artifacts` define items to be downloaded. + It SHOULD have only one entry per platform. +* `description` contains human-readable information about the upgrade and might contain references to external resources. + It SHOULD NOT be used for structured processing information. + +```protobuf +message Artifact { + string platform = 1; + string url = 2; + string checksum = 3; + string checksum_algo = 4; +} +``` + +* `platform` is a required string that SHOULD be in the format `{OS}/{CPU}`, e.g. `"linux/amd64"`. + The string `"any"` SHOULD also be allowed. + An `Artifact` with a `platform` of `"any"` SHOULD be used as a fallback when a specific `{OS}/{CPU}` entry is not found. + That is, if an `Artifact` exists with a `platform` that matches the system's OS and CPU, that should be used; + otherwise, if an `Artifact` exists with a `platform` of `any`, that should be used; + otherwise no artifact should be downloaded. +* `url` is a required URL string that MUST conform to [RFC 1738: Uniform Resource Locators](https://www.ietf.org/rfc/rfc1738.txt). + A request to this `url` MUST return either an executable file or an archive containing either `bin/{DAEMON_NAME}` or `{DAEMON_NAME}`. + The URL should not contain checksum - it should be specified by the `checksum` attribute. +* `checksum` is a checksum of the expected result of a request to the `url`. + It is not required, but is recommended. + If provided, it MUST be a hex encoded checksum string. + Tools utilizing these `UpgradeInstructions` MUST fail if a `checksum` is provided but is different from the checksum of the result returned by the `url`. +* `checksum_algo` is a string identifying the algorithm used to generate the `checksum`. + Recommended algorithms: `sha256`, `sha512`. + Algorithms also supported (but not recommended): `sha1`, `md5`. + If a `checksum` is provided, a `checksum_algo` MUST also be provided. + +A `url` is not required to contain a `checksum` query parameter. +If the `url` does contain a `checksum` query parameter, the `checksum` and `checksum_algo` fields MUST also be populated, and their values MUST match the value of the query parameter. +For example, if the `url` is `"https://example.com?checksum=md5:d41d8cd98f00b204e9800998ecf8427e"`, then the `checksum` field must be `"d41d8cd98f00b204e9800998ecf8427e"` and the `checksum_algo` field must be `"md5"`. + +### Upgrade Module Updates + +If an upgrade `Plan` does not use the new `UpgradeInstructions` field, existing functionality will be maintained. +The parsing of the `info` field as either a URL or `binaries` JSON will be deprecated. +During validation, if the `info` field is used as such, a warning will be issued, but not an error. + +We will update the creation of the `upgrade-info.json` file to include the `UpgradeInstructions`. + +We will update the optional validation available via CLI to account for the new `Plan` structure. +We will add the following validation: + +1. If `UpgradeInstructions` are provided: + 1. There MUST be at least one entry in `artifacts`. + 1. All of the `artifacts` MUST have a unique `platform`. + 1. For each `Artifact`, if the `url` contains a `checksum` query parameter: + 1. The `checksum` query parameter value MUST be in the format of `{checksum_algo}:{checksum}`. + 1. The `{checksum}` from the query parameter MUST equal the `checksum` provided in the `Artifact`. + 1. The `{checksum_algo}` from the query parameter MUST equal the `checksum_algo` provided in the `Artifact`. +1. The following validation is currently done using the `info` field. We will apply similar validation to the `UpgradeInstructions`. + For each `Artifact`: + 1. The `platform` MUST have the format `{OS}/{CPU}` or be `"any"`. + 1. The `url` field MUST NOT be empty. + 1. The `url` field MUST be a proper URL. + 1. A `checksum` MUST be provided either in the `checksum` field or as a query parameter in the `url`. + 1. If the `checksum` field has a value and the `url` also has a `checksum` query parameter, the two values MUST be equal. + 1. The `url` MUST return either a file or an archive containing either `bin/{DAEMON_NAME}` or `{DAEMON_NAME}`. + 1. If a `checksum` is provided (in the field or as a query param), the checksum of the result of the `url` MUST equal the provided checksum. + +Downloading of an `Artifact` will happen the same way that URLs from `info` are currently downloaded. + +### Cosmovisor Updates + +If the `upgrade-info.json` file does not contain any `UpgradeInstructions`, existing functionality will be maintained. + +We will update Cosmovisor to look for and handle the new `UpgradeInstructions` in `upgrade-info.json`. +If the `UpgradeInstructions` are provided, we will do the following: + +1. The `info` field will be ignored. +1. The `artifacts` field will be used to identify the artifact to download based on the `platform` that Cosmovisor is running in. +1. If a `checksum` is provided (either in the field or as a query param in the `url`), and the downloaded artifact has a different checksum, the upgrade process will be interrupted and Cosmovisor will exit with an error. +1. If a `pre_run` command is defined, it will be executed at the same point in the process where the `app pre-upgrade` command would have been executed. + It will be executed using the same environment as other commands run by Cosmovisor. +1. If a `post_run` command is defined, it will be executed after executing the command that restarts the chain. + It will be executed in a background process using the same environment as the other commands. + Any output generated by the command will be logged. + Once complete, the exit code will be logged. + +We will deprecate the use of the `info` field for anything other than human readable information. +A warning will be logged if the `info` field is used to define the assets (either by URL or JSON). + +The new upgrade timeline is very similar to the current one. Changes are in bold: + +1. An upgrade governance proposal is submitted and approved. +1. The upgrade height is reached. +1. The `x/upgrade` module writes the `upgrade_info.json` file **(now possibly with `UpgradeInstructions`)**. +1. The chain halts. +1. Cosmovisor backs up the data directory (if set up to do so). +1. Cosmovisor downloads the new executable (if not already in place). +1. Cosmovisor executes **the `pre_run` command if provided**, or else the `${DAEMON_NAME} pre-upgrade` command. +1. Cosmovisor restarts the app using the new version and same args originally provided. +1. **Cosmovisor immediately runs the `post_run` command in a detached process.** + +## Consequences + +### Backwards Compatibility + +Since the only change to existing definitions is the addition of the `instructions` field to the `Plan` message, and that field is optional, there are no backwards incompatibilities with respects to the proto messages. +Additionally, current behavior will be maintained when no `UpgradeInstructions` are provided, so there are no backwards incompatibilities with respects to either the upgrade module or Cosmovisor. + +### Forwards Compatibility + +In order to utilize the `UpgradeInstructions` as part of a software upgrade, both of the following must be true: + +1. The chain must already be using a sufficiently advanced version of the Cosmos SDK. +1. The chain's nodes must be using a sufficiently advanced version of Cosmovisor. + +### Positive + +1. The structure for defining artifacts is clearer since it is now defined in the proto instead of in documentation. +1. Availability of a pre-run command becomes more obvious. +1. A post-run command becomes possible. + +### Negative + +1. The `Plan` message becomes larger. This is negligible because A) the `x/upgrades` module only stores at most one upgrade plan, and B) upgrades are rare enough that the increased gas cost isn't a concern. +1. There is no option for providing a URL that will return the `UpgradeInstructions`. +1. The only way to provide multiple assets (executables and other files) for a platform is to use an archive as the platform's artifact. + +### Neutral + +1. Existing functionality of the `info` field is maintained when the `UpgradeInstructions` aren't provided. + +## Further Discussions + +1. [Draft PR #10032 Comment](https://github.com/cosmos/cosmos-sdk/pull/10032/files?authenticity_token=pLtzpnXJJB%2Fif2UWiTp9Td3MvRrBF04DvjSuEjf1azoWdLF%2BSNymVYw9Ic7VkqHgNLhNj6iq9bHQYnVLzMXd4g%3D%3D&file-filters%5B%5D=.go&file-filters%5B%5D=.proto#r698708349): + Consider different names for `UpgradeInstructions instructions` (either the message type or field name). +1. [Draft PR #10032 Comment](https://github.com/cosmos/cosmos-sdk/pull/10032/files?authenticity_token=pLtzpnXJJB%2Fif2UWiTp9Td3MvRrBF04DvjSuEjf1azoWdLF%2BSNymVYw9Ic7VkqHgNLhNj6iq9bHQYnVLzMXd4g%3D%3D&file-filters%5B%5D=.go&file-filters%5B%5D=.proto#r754655072): + 1. Consider putting the `string platform` field inside `UpgradeInstructions` and make `UpgradeInstructions` a repeated field in `Plan`. + 1. Consider using a `oneof` field in the `Plan` which could either be `UpgradeInstructions` or else a URL that should return the `UpgradeInstructions`. + 1. Consider allowing `info` to either be a JSON serialized version of `UpgradeInstructions` or else a URL that returns that. +1. [Draft PR #10032 Comment](https://github.com/cosmos/cosmos-sdk/pull/10032/files?authenticity_token=pLtzpnXJJB%2Fif2UWiTp9Td3MvRrBF04DvjSuEjf1azoWdLF%2BSNymVYw9Ic7VkqHgNLhNj6iq9bHQYnVLzMXd4g%3D%3D&file-filters%5B%5D=.go&file-filters%5B%5D=.proto#r755462876): + Consider not including the `UpgradeInstructions.description` field, using the `info` field for that purpose instead. +1. [Draft PR #10032 Comment](https://github.com/cosmos/cosmos-sdk/pull/10032/files?authenticity_token=pLtzpnXJJB%2Fif2UWiTp9Td3MvRrBF04DvjSuEjf1azoWdLF%2BSNymVYw9Ic7VkqHgNLhNj6iq9bHQYnVLzMXd4g%3D%3D&file-filters%5B%5D=.go&file-filters%5B%5D=.proto#r754643691): + Consider allowing multiple artifacts to be downloaded for any given `platform` by adding a `name` field to the `Artifact` message. +1. [PR #10502 Comment](https://github.com/cosmos/cosmos-sdk/pull/10602#discussion_r781438288) + Allow the new `UpgradeInstructions` to be provided via URL. +1. [PR #10502 Comment](https://github.com/cosmos/cosmos-sdk/pull/10602#discussion_r781438288) + Allow definition of a `signer` for assets (as an alternative to using a `checksum`). + +## References + +* [Current upgrade.proto](https://github.com/cosmos/cosmos-sdk/blob/v0.44.5/proto/cosmos/upgrade/v1beta1/upgrade.proto) +* [Upgrade Module README](https://github.com/cosmos/cosmos-sdk/blob/v0.44.5/x/upgrade/spec/README.md) +* [Cosmovisor README](https://github.com/cosmos/cosmos-sdk/blob/cosmovisor/v1.0.0/cosmovisor/README.md) +* [Pre-upgrade README](https://github.com/cosmos/cosmos-sdk/blob/v0.44.5/docs/migrations/pre-upgrade.md) +* [Draft/POC PR #10032](https://github.com/cosmos/cosmos-sdk/pull/10032) +* [RFC 1738: Uniform Resource Locators](https://www.ietf.org/rfc/rfc1738.txt) diff --git a/copy-of-sdk-docs/build/architecture/adr-048-consensus-fees.md b/copy-of-sdk-docs/build/architecture/adr-048-consensus-fees.md new file mode 100644 index 00000000..6fbaeef6 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-048-consensus-fees.md @@ -0,0 +1,204 @@ +# ADR 048: Multi Tier Gas Price System + +## Changelog + +* Dec 1, 2021: Initial Draft + +## Status + +Rejected + +## Abstract + +This ADR describes a flexible mechanism to maintain a consensus level gas prices, in which one can choose a multi-tier gas price system or EIP-1559 like one through configuration. + +## Context + +Currently, each validator configures it's own `minimal-gas-prices` in `app.yaml`. But setting a proper minimal gas price is critical to protect network from dos attack, and it's hard for all the validators to pick a sensible value, so we propose to maintain a gas price in consensus level. + +Since tendermint 0.34.20 has supported mempool prioritization, we can take advantage of that to implement more sophisticated gas fee system. + +## Multi-Tier Price System + +We propose a multi-tier price system on consensus to provide maximum flexibility: + +* Tier 1: a constant gas price, which could only be modified occasionally through governance proposal. +* Tier 2: a dynamic gas price which is adjusted according to previous block load. +* Tier 3: a dynamic gas price which is adjusted according to previous block load at a higher speed. + +The gas price of higher tier should be bigger than the lower tier. + +The transaction fees are charged with the exact gas price calculated on consensus. + +The parameter schema is like this: + +```protobuf +message TierParams { + uint32 priority = 1 // priority in tendermint mempool + Coin initial_gas_price = 2 // + uint32 parent_gas_target = 3 // the target saturation of block + uint32 change_denominator = 4 // decides the change speed + Coin min_gas_price = 5 // optional lower bound of the price adjustment + Coin max_gas_price = 6 // optional upper bound of the price adjustment +} + +message Params { + repeated TierParams tiers = 1; +} +``` + +### Extension Options + +We need to allow user to specify the tier of service for the transaction, to support it in an extensible way, we add an extension option in `AuthInfo`: + +```protobuf +message ExtensionOptionsTieredTx { + uint32 fee_tier = 1 +} +``` + +The value of `fee_tier` is just the index to the `tiers` parameter list. + +We also change the semantic of existing `fee` field of `Tx`, instead of charging user the exact `fee` amount, we treat it as a fee cap, while the actual amount of fee charged is decided dynamically. If the `fee` is smaller than dynamic one, the transaction won't be included in current block and ideally should stay in the mempool until the consensus gas price drop. The mempool can eventually prune old transactions. + +### Tx Prioritization + +Transactions are prioritized based on the tier, the higher the tier, the higher the priority. + +Within the same tier, follow the default Tendermint order (currently FIFO). Be aware of that the mempool tx ordering logic is not part of consensus and can be modified by malicious validator. + +This mechanism can be easily composed with prioritization mechanisms: + +* we can add extra tiers out of a user control: + * Example 1: user can set tier 0, 10 or 20, but the protocol will create tiers 0, 1, 2 ... 29. For example IBC transactions will go to tier `user_tier + 5`: if user selected tier 1, then the transaction will go to tier 15. + * Example 2: we can reserve tier 4, 5, ... only for special transaction types. For example, tier 5 is reserved for evidence tx. So if submits a bank.Send transaction and set tier 5, it will be delegated to tier 3 (the max tier level available for any transaction). + * Example 3: we can enforce that all transactions of a specific type will go to specific tier. For example, tier 100 will be reserved for evidence transactions and all evidence transactions will always go to that tier. + +### `min-gas-prices` + +Deprecate the current per-validator `min-gas-prices` configuration, since it would confusing for it to work together with the consensus gas price. + +### Adjust For Block Load + +For tier 2 and tier 3 transactions, the gas price is adjusted according to previous block load, the logic could be similar to EIP-1559: + +```python +def adjust_gas_price(gas_price, parent_gas_used, tier): + if parent_gas_used == tier.parent_gas_target: + return gas_price + elif parent_gas_used > tier.parent_gas_target: + gas_used_delta = parent_gas_used - tier.parent_gas_target + gas_price_delta = max(gas_price * gas_used_delta // tier.parent_gas_target // tier.change_speed, 1) + return gas_price + gas_price_delta + else: + gas_used_delta = parent_gas_target - parent_gas_used + gas_price_delta = gas_price * gas_used_delta // parent_gas_target // tier.change_speed + return gas_price - gas_price_delta +``` + +### Block Segment Reservation + +Ideally we should reserve block segments for each tier, so the lower tiered transactions won't be completely squeezed out by higher tier transactions, which will force user to use higher tier, and the system degraded to a single tier. + +We need help from tendermint to implement this. + +## Implementation + +We can make each tier's gas price strategy fully configurable in protocol parameters, while providing a sensible default one. + +Pseudocode in python-like syntax: + +```python +interface TieredTx: + def tier(self) -> int: + pass + +def tx_tier(tx): + if isinstance(tx, TieredTx): + return tx.tier() + else: + # default tier for custom transactions + return 0 + # NOTE: we can add more rules here per "Tx Prioritization" section + +class TierParams: + 'gas price strategy parameters of one tier' + priority: int # priority in tendermint mempool + initial_gas_price: Coin + parent_gas_target: int + change_speed: Decimal # 0 means don't adjust for block load. + +class Params: + 'protocol parameters' + tiers: List[TierParams] + +class State: + 'consensus state' + # total gas used in last block, None when it's the first block + parent_gas_used: Optional[int] + # gas prices of last block for all tiers + gas_prices: List[Coin] + +def begin_block(): + 'Adjust gas prices' + for i, tier in enumerate(Params.tiers): + if State.parent_gas_used is None: + # initialized gas price for the first block + State.gas_prices[i] = tier.initial_gas_price + else: + # adjust gas price according to gas used in previous block + State.gas_prices[i] = adjust_gas_price(State.gas_prices[i], State.parent_gas_used, tier) + +def mempoolFeeTxHandler_checkTx(ctx, tx): + # the minimal-gas-price configured by validator, zero in deliver_tx context + validator_price = ctx.MinGasPrice() + consensus_price = State.gas_prices[tx_tier(tx)] + min_price = max(validator_price, consensus_price) + + # zero means infinity for gas price cap + if tx.gas_price() > 0 and tx.gas_price() < min_price: + return 'insufficient fees' + return next_CheckTx(ctx, tx) + +def txPriorityHandler_checkTx(ctx, tx): + res, err := next_CheckTx(ctx, tx) + # pass priority to tendermint + res.Priority = Params.tiers[tx_tier(tx)].priority + return res, err + +def end_block(): + 'Update block gas used' + State.parent_gas_used = block_gas_meter.consumed() +``` + +### Dos attack protection + +To fully saturate the blocks and prevent other transactions from executing, attacker need to use transactions of highest tier, the cost would be significantly higher than the default tier. + +If attacker spam with lower tier transactions, user can mitigate by sending higher tier transactions. + +## Consequences + +### Backwards Compatibility + +* New protocol parameters. +* New consensus states. +* New/changed fields in transaction body. + +### Positive + +* The default tier keeps the same predictable gas price experience for client. +* The higher tier's gas price can adapt to block load. +* No priority conflict with custom priority based on transaction types, since this proposal only occupy three priority levels. +* Possibility to compose different priority rules with tiers + +### Negative + +* Wallets & tools need to update to support the new `tier` parameter, and semantic of `fee` field is changed. + +### Neutral + +## References + +* https://eips.ethereum.org/EIPS/eip-1559 +* https://iohk.io/en/blog/posts/2021/11/26/network-traffic-and-tiered-pricing/ diff --git a/copy-of-sdk-docs/build/architecture/adr-049-state-sync-hooks.md b/copy-of-sdk-docs/build/architecture/adr-049-state-sync-hooks.md new file mode 100644 index 00000000..8b039d66 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-049-state-sync-hooks.md @@ -0,0 +1,174 @@ +# ADR 049: State Sync Hooks + +## Changelog + +* Jan 19, 2022: Initial Draft +* Apr 29, 2022: Safer extension snapshotter interface + +## Status + +Implemented + +## Abstract + +This ADR outlines a hooks-based mechanism for application modules to provide additional state (outside of the IAVL tree) to be used +during state sync. + +## Context + +New clients use state-sync to download snapshots of module state from peers. Currently, the snapshot consists of a +stream of `SnapshotStoreItem` and `SnapshotIAVLItem`, which means that application modules that define their state outside of the IAVL +tree cannot include their state as part of the state-sync process. + +Note, Even though the module state data is outside of the tree, for determinism we require that the hash of the external data should +be posted in the IAVL tree. + +## Decision + +A simple proposal based on our existing implementation is that, we can add two new message types: `SnapshotExtensionMeta` +and `SnapshotExtensionPayload`, and they are appended to the existing multi-store stream with `SnapshotExtensionMeta` +acting as a delimiter between extensions. As the chunk hashes should be able to ensure data integrity, we don't need +a delimiter to mark the end of the snapshot stream. + +Besides, we provide `Snapshotter` and `ExtensionSnapshotter` interface for modules to implement snapshotters, which will handle both taking +snapshot and the restoration. Each module could have multiple snapshotters, and for modules with additional state, they should +implement `ExtensionSnapshotter` as extension snapshotters. When setting up the application, the snapshot `Manager` should call +`RegisterExtensions([]ExtensionSnapshotter…)` to register all the extension snapshotters. + +```protobuf +// SnapshotItem is an item contained in a rootmulti.Store snapshot. +// On top of the existing SnapshotStoreItem and SnapshotIAVLItem, we add two new options for the item. +message SnapshotItem { + // item is the specific type of snapshot item. + oneof item { + SnapshotStoreItem store = 1; + SnapshotIAVLItem iavl = 2 [(gogoproto.customname) = "IAVL"]; + SnapshotExtensionMeta extension = 3; + SnapshotExtensionPayload extension_payload = 4; + } +} + +// SnapshotExtensionMeta contains metadata about an external snapshotter. +// One module may need multiple snapshotters, so each module may have multiple SnapshotExtensionMeta. +message SnapshotExtensionMeta { + // the name of the ExtensionSnapshotter, and it is registered to snapshotter manager when setting up the application + // name should be unique for each ExtensionSnapshotter as we need to alphabetically order their snapshots to get + // deterministic snapshot stream. + string name = 1; + // this is used by each ExtensionSnapshotter to decide the format of payloads included in SnapshotExtensionPayload message + // it is used within the snapshotter/namespace, not global one for all modules + uint32 format = 2; +} + +// SnapshotExtensionPayload contains payloads of an external snapshotter. +message SnapshotExtensionPayload { + bytes payload = 1; +} +``` + +When we create a snapshot stream, the `multistore` snapshot is always placed at the beginning of the binary stream, and other extension snapshots are alphabetically ordered by the name of the corresponding `ExtensionSnapshotter`. + +The snapshot stream would look like as follows: + +```go +// multi-store snapshot +{SnapshotStoreItem | SnapshotIAVLItem, ...} +// extension1 snapshot +SnapshotExtensionMeta +{SnapshotExtensionPayload, ...} +// extension2 snapshot +SnapshotExtensionMeta +{SnapshotExtensionPayload, ...} +``` + +We add an `extensions` field to snapshot `Manager` for extension snapshotters. The `multistore` snapshotter is a special one and it doesn't need a name because it is always placed at the beginning of the binary stream. + +```go +type Manager struct { + store *Store + multistore types.Snapshotter + extensions map[string]types.ExtensionSnapshotter + mtx sync.Mutex + operation operation + chRestore chan<- io.ReadCloser + chRestoreDone <-chan restoreDone + restoreChunkHashes [][]byte + restoreChunkIndex uint32 +} +``` + +For extension snapshotters that implement the `ExtensionSnapshotter` interface, their names should be registered to the snapshot `Manager` by +calling `RegisterExtensions` when setting up the application. The snapshotters will handle both taking snapshot and restoration. + +```go +// RegisterExtensions register extension snapshotters to manager +func (m *Manager) RegisterExtensions(extensions ...types.ExtensionSnapshotter) error +``` + +On top of the existing `Snapshotter` interface for the `multistore`, we add `ExtensionSnapshotter` interface for the extension snapshotters. Three more function signatures: `SnapshotFormat()`, `SupportedFormats()` and `SnapshotName()` are added to `ExtensionSnapshotter`. + +```go +// ExtensionPayloadReader read extension payloads, +// it returns io.EOF when reached either end of stream or the extension boundaries. +type ExtensionPayloadReader = func() ([]byte, error) + +// ExtensionPayloadWriter is a helper to write extension payloads to underlying stream. +type ExtensionPayloadWriter = func([]byte) error + +// ExtensionSnapshotter is an extension Snapshotter that is appended to the snapshot stream. +// ExtensionSnapshotter has an unique name and manages it's own internal formats. +type ExtensionSnapshotter interface { + // SnapshotName returns the name of snapshotter, it should be unique in the manager. + SnapshotName() string + + // SnapshotFormat returns the default format used to take a snapshot. + SnapshotFormat() uint32 + + // SupportedFormats returns a list of formats it can restore from. + SupportedFormats() []uint32 + + // SnapshotExtension writes extension payloads into the underlying protobuf stream. + SnapshotExtension(height uint64, payloadWriter ExtensionPayloadWriter) error + + // RestoreExtension restores an extension state snapshot, + // the payload reader returns `io.EOF` when reached the extension boundaries. + RestoreExtension(height uint64, format uint32, payloadReader ExtensionPayloadReader) error + +} +``` + +## Consequences + +As a result of this implementation, we are able to create snapshots of binary chunk stream for the state that we maintain outside of the IAVL Tree, CosmWasm blobs for example. And new clients are able to fetch snapshots of state for all modules that have implemented the corresponding interface from peer nodes. + + +### Backwards Compatibility + +This ADR introduces new proto message types, adds an `extensions` field in snapshot `Manager`, and add new `ExtensionSnapshotter` interface, so this is not backwards compatible if we have extensions. + +But for applications that do not have the state data outside of the IAVL tree for any module, the snapshot stream is backwards-compatible. + +### Positive + +* State maintained outside of IAVL tree like CosmWasm blobs can create snapshots by implementing extension snapshotters, and being fetched by new clients via state-sync. + +### Negative + +### Neutral + +* All modules that maintain state outside of IAVL tree need to implement `ExtensionSnapshotter` and the snapshot `Manager` need to call `RegisterExtensions` when setting up the application. + +## Further Discussions + +While an ADR is in the DRAFT or PROPOSED stage, this section should contain a summary of issues to be solved in future iterations (usually referencing comments from a pull-request discussion). +Later, this section can optionally list ideas or improvements the author or reviewers found during the analysis of this ADR. + +## Test Cases [optional] + +Test cases for an implementation are mandatory for ADRs that are affecting consensus changes. Other ADRs can choose to include links to test cases if applicable. + +## References + +* https://github.com/cosmos/cosmos-sdk/pull/10961 +* https://github.com/cosmos/cosmos-sdk/issues/7340 +* https://hackmd.io/gJoyev6DSmqqkO667WQlGw diff --git a/copy-of-sdk-docs/build/architecture/adr-050-sign-mode-textual-annex1.md b/copy-of-sdk-docs/build/architecture/adr-050-sign-mode-textual-annex1.md new file mode 100644 index 00000000..96e0d094 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-050-sign-mode-textual-annex1.md @@ -0,0 +1,361 @@ +# ADR 050: SIGN_MODE_TEXTUAL: Annex 1 Value Renderers + +## Changelog + +* Dec 06, 2021: Initial Draft +* Feb 07, 2022: Draft read and concept-ACKed by the Ledger team. +* Dec 01, 2022: Remove `Object: ` prefix on Any header screen. +* Dec 13, 2022: Sign over bytes hash when bytes length > 32. +* Mar 27, 2023: Update `Any` value renderer to omit message header screen. + +## Status + +Accepted. Implementation started. Small value renderers details still need to be polished. + +## Abstract + +This Annex describes value renderers, which are used for displaying Protobuf values in a human-friendly way using a string array. + +## Value Renderers + +Value Renderers describe how values of different Protobuf types should be encoded as a string array. Value renderers can be formalized as a set of bijective functions `func renderT(value T) []string`, where `T` is one of the below Protobuf types for which this spec is defined. + +### Protobuf `number` + +* Applies to: + * protobuf numeric integer types (`int{32,64}`, `uint{32,64}`, `sint{32,64}`, `fixed{32,64}`, `sfixed{32,64}`) + * strings whose `customtype` is `github.com/cosmos/cosmos-sdk/types.Int` or `github.com/cosmos/cosmos-sdk/types.Dec` + * bytes whose `customtype` is `github.com/cosmos/cosmos-sdk/types.Int` or `github.com/cosmos/cosmos-sdk/types.Dec` +* Trailing decimal zeroes are always removed +* Formatting with `'`s for every three integral digits. +* Usage of `.` to denote the decimal delimiter. + +#### Examples + +* `1000` (uint64) -> `1'000` +* `"1000000.00"` (string representing a Dec) -> `1'000'000` +* `"1000000.10"` (string representing a Dec) -> `1'000'000.1` + +### `coin` + +* Applies to `cosmos.base.v1beta1.Coin`. +* Denoms are converted to `display` denoms using `Metadata` (if available). **This requires a state query**. The definition of `Metadata` can be found in the [bank protobuf definition](https://buf.build/cosmos/cosmos-sdk/docs/main:cosmos.bank.v1beta1#cosmos.bank.v1beta1.Metadata). If the `display` field is empty or nil, then we do not perform any denom conversion. +* Amounts are converted to `display` denom amounts and rendered as `number`s above + * We do not change the capitalization of the denom. In practice, `display` denoms are stored in lowercase in state (e.g. `10 atom`), however they are often showed in UPPERCASE in everyday life (e.g. `10 ATOM`). Value renderers keep the case used in state, but we may recommend chains changing the denom metadata to be uppercase for better user display. +* One space between the denom and amount (e.g. `10 atom`). +* In the future, IBC denoms could maybe be converted to DID/IIDs, if we can find a robust way for doing this (ex. `cosmos:cosmos:hub:bank:denom:atom`) + +#### Examples + +* `1000000000uatom` -> `["1'000 atom"]`, because atom is the metadata's display denom. + +### `coins` + +* an array of `coin` is display as the concatenation of each `coin` encoded as the specification above, then joined together with the delimiter `", "` (a comma and a space, no quotes around). +* the list of coins is ordered by unicode code point of the display denom: `A-Z` < `a-z`. For example, the string `aAbBcC` would be sorted `ABCabc`. + * if the coins list had 0 items in it then it'll be rendered as `zero` + +### Example + +* `["3cosm", "2000000uatom"]` -> `2 atom, 3 COSM` (assuming the display denoms are `atom` and `COSM`) +* `["10atom", "20Acoin"]` -> `20 Acoin, 10 atom` (assuming the display denoms are `atom` and `Acoin`) +* `[]` -> `zero` + +### `repeated` + +* Applies to all `repeated` fields, except `cosmos.tx.v1beta1.TxBody#Messages`, which has a particular encoding (see [ADR-050](./adr-050-sign-mode-textual.md)). +* A repeated type has the following template: + +``` +: + (/): + + (/): + +End of . +``` + +where: + +* `field_name` is the Protobuf field name of the repeated field +* `field_kind`: + * if the type of the repeated field is a message, `field_kind` is the message name + * if the type of the repeated field is an enum, `field_kind` is the enum name + * in any other case, `field_kind` is the protobuf primitive type (e.g. "string" or "bytes") +* `int` is the length of the array +* `index` is one based index of the repeated field + +#### Examples + +Given the proto definition: + +```protobuf +message AllowedMsgAllowance { + repeated string allowed_messages = 1; +} +``` + +and initializing with: + +```go +x := []AllowedMsgAllowance{"cosmos.bank.v1beta1.MsgSend", "cosmos.gov.v1.MsgVote"} +``` + +we have the following value-rendered encoding: + +``` +Allowed messages: 2 strings +Allowed messages (1/2): cosmos.bank.v1beta1.MsgSend +Allowed messages (2/2): cosmos.gov.v1.MsgVote +End of Allowed messages +``` + +### `message` + +* Applies to all Protobuf messages that do not have a custom encoding. +* Field names follow [sentence case](https://en.wiktionary.org/wiki/sentence_case) + * replace each `_` with a space + * capitalize first letter of the sentence +* Field names are ordered by their Protobuf field number +* Screen title is the field name, and screen content is the value. +* Nesting: + * if a field contains a nested message, we value-render the underlying message using the template: + + ``` + : <1st line of value-rendered message> + > // Notice the `>` prefix. + ``` + + * `>` character is used to denote nesting. For each additional level of nesting, add `>`. + +#### Examples + +Given the following Protobuf messages: + +```protobuf +enum VoteOption { + VOTE_OPTION_UNSPECIFIED = 0; + VOTE_OPTION_YES = 1; + VOTE_OPTION_ABSTAIN = 2; + VOTE_OPTION_NO = 3; + VOTE_OPTION_NO_WITH_VETO = 4; +} + +message WeightedVoteOption { + VoteOption option = 1; + string weight = 2 [(cosmos_proto.scalar) = "cosmos.Dec"]; +} + +message Vote { + uint64 proposal_id = 1; + string voter = 2 [(cosmos_proto.scalar) = "cosmos.AddressString"]; + reserved 3; + repeated WeightedVoteOption options = 4; +} +``` + +we get the following encoding for the `Vote` message: + +``` +Vote object +> Proposal id: 4 +> Voter: cosmos1abc...def +> Options: 2 WeightedVoteOptions +> Options (1/2): WeightedVoteOption object +>> Option: VOTE_OPTION_YES +>> Weight: 0.7 +> Options (2/2): WeightedVoteOption object +>> Option: VOTE_OPTION_NO +>> Weight: 0.3 +> End of Options +``` + +### Enums + +* Show the enum variant name as string. + +#### Examples + +See example above with `message Vote{}`. + +### `google.protobuf.Any` + +* Applies to `google.protobuf.Any` +* Rendered as: + +``` + +> +``` + +There is however one exception: when the underlying message is a Protobuf message that does not have a custom encoding, then the message header screen is omitted, and one level of indentation is removed. + +Messages that have a custom encoding, including `google.protobuf.Timestamp`, `google.protobuf.Duration`, `google.protobuf.Any`, `cosmos.base.v1beta1.Coin`, and messages that have an app-defined custom encoding, will preserve their header and indentation level. + +#### Examples + +Message header screen is stripped, one-level of indentation removed: + +``` +/cosmos.gov.v1.Vote +> Proposal id: 4 +> Vote: cosmos1abc...def +> Options: 2 WeightedVoteOptions +> Options (1/2): WeightedVoteOption object +>> Option: Yes +>> Weight: 0.7 +> Options (2/2): WeightedVoteOption object +>> Option: No +>> Weight: 0.3 +> End of Options +``` + +Message with custom encoding: + +``` +/cosmos.base.v1beta1.Coin +> 10uatom +``` + +### `google.protobuf.Timestamp` + +Rendered using [RFC 3339](https://www.rfc-editor.org/rfc/rfc3339) (a +simplification of ISO 8601), which is the current recommendation for portable +time values. The rendering always uses "Z" (UTC) as the timezone. It uses only +the necessary fractional digits of a second, omitting the fractional part +entirely if the timestamp has no fractional seconds. (The resulting timestamps +are not automatically sortable by standard lexicographic order, but we favor +the legibility of the shorter string.) + +#### Examples + +The timestamp with 1136214245 seconds and 700000000 nanoseconds is rendered +as `2006-01-02T15:04:05.7Z`. +The timestamp with 1136214245 seconds and zero nanoseconds is rendered +as `2006-01-02T15:04:05Z`. + +### `google.protobuf.Duration` + +The duration proto expresses a raw number of seconds and nanoseconds. +This will be rendered as longer time units of days, hours, and minutes, +plus any remaining seconds, in that order. +Leading and trailing zero-quantity units will be omitted, but all +units in between nonzero units will be shown, e.g. ` 3 days, 0 hours, 0 minutes, 5 seconds`. + +Even longer time units such as months or years are imprecise. +Weeks are precise, but not commonly used - `91 days` is more immediately +legible than `13 weeks`. Although `days` can be problematic, +e.g. noon to noon on subsequent days can be 23 or 25 hours depending on +daylight savings transitions, there is significant advantage in using +strict 24-hour days over using only hours (e.g. `91 days` vs `2184 hours`). + +When nanoseconds are nonzero, they will be shown as fractional seconds, +with only the minimum number of digits, e.g `0.5 seconds`. + +A duration of exactly zero is shown as `0 seconds`. + +Units will be given as singular (no trailing `s`) when the quantity is exactly one, +and will be shown in plural otherwise. + +Negative durations will be indicated with a leading minus sign (`-`). + +Examples: + +* `1 day` +* `30 days` +* `-1 day, 12 hours` +* `3 hours, 0 minutes, 53.025 seconds` + +### bytes + +* Bytes of length shorter or equal to 35 are rendered in hexadecimal, all capital letters, without the `0x` prefix. +* Bytes of length greater than 35 are hashed using SHA256. The rendered text is `SHA-256=`, followed by the 32-byte hash, in hexadecimal, all capital letters, without the `0x` prefix. +* The hexadecimal string is finally separated into groups of 4 digits, with a space `' '` as separator. If the bytes length is odd, the 2 remaining hexadecimal characters are at the end. + +The number 35 was chosen because it is the longest length where the hashed-and-prefixed representation is longer than the original data directly formatted, using the 3 rules above. More specifically: + +* a 35-byte array will have 70 hex characters, plus 17 space characters, resulting in 87 characters. +* byte arrays starting from length 36 will be hashed to 32 bytes, which is 64 hex characters plus 15 spaces, and with the `SHA-256=` prefix, it takes 87 characters. +Also, secp256k1 public keys have length 33, so their Textual representation is not their hashed value, which we would like to avoid. + +Note: Data longer than 35 bytes are not rendered in a way that can be inverted. See ADR-050's [section about invertibility](./adr-050-sign-mode-textual.md#invertible-rendering) for a discussion. + +#### Examples + +Inputs are displayed as byte arrays. + +* `[0]`: `00` +* `[0,1,2]`: `0001 02` +* `[0,1,2,..,34]`: `0001 0203 0405 0607 0809 0A0B 0C0D 0E0F 1011 1213 1415 1617 1819 1A1B 1C1D 1E1F 2021 22` +* `[0,1,2,..,35]`: `SHA-256=5D7E 2D9B 1DCB C85E 7C89 0036 A2CF 2F9F E7B6 6554 F2DF 08CE C6AA 9C0A 25C9 9C21` + +### address bytes + +We currently use `string` types in protobuf for addresses so this may not be needed, but if any address bytes are used in sign mode textual they should be rendered with bech32 formatting + +### strings + +Strings are rendered as-is. + +### Default Values + +* Default Protobuf values for each field are skipped. + +#### Example + +```protobuf +message TestData { + string signer = 1; + string metadata = 2; +} +``` + +```go +myTestData := TestData{ + Signer: "cosmos1abc" +} +``` + +We get the following encoding for the `TestData` message: + +``` +TestData object +> Signer: cosmos1abc +``` + +### bool + +Boolean values are rendered as `True` or `False`. + +### [ABANDONED] Custom `msg_title` instead of Msg `type_url` + +_This paragraph is in the Annex for informational purposes only, and will be removed in a next update of the ADR._ + +
    + Click to see abandoned idea. + +* all protobuf messages to be used with `SIGN_MODE_TEXTUAL` CAN have a short title associated with them that can be used in format strings whenever the type URL is explicitly referenced via the `cosmos.msg.v1.textual.msg_title` Protobuf message option. +* if this option is not specified for a Msg, then the Protobuf fully qualified name will be used. + +```protobuf +message MsgSend { + option (cosmos.msg.v1.textual.msg_title) = "bank send coins"; +} +``` + +* they MUST be unique per message, per chain + +#### Examples + +* `cosmos.gov.v1.MsgVote` -> `governance v1 vote` + +#### Best Practices + +We recommend to use this option only for `Msg`s whose Protobuf fully qualified name can be hard to understand. As such, the two examples above (`MsgSend` and `MsgVote`) are not good examples to be used with `msg_title`. We still allow `msg_title` for chains who might have `Msg`s with complex or non-obvious names. + +In those cases, we recommend to drop the version (e.g. `v1`) in the string if there's only one version of the module on chain. This way, the bijective mapping can figure out which message each string corresponds to. If multiple Protobuf versions of the same module exist on the same chain, we recommend keeping the first `msg_title` with version, and the second `msg_title` with version (e.g. `v2`): + +* `mychain.mymodule.v1.MsgDo` -> `mymodule do something` +* `mychain.mymodule.v2.MsgDo` -> `mymodule v2 do something` + +
    diff --git a/copy-of-sdk-docs/build/architecture/adr-050-sign-mode-textual-annex2.md b/copy-of-sdk-docs/build/architecture/adr-050-sign-mode-textual-annex2.md new file mode 100644 index 00000000..3a44001f --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-050-sign-mode-textual-annex2.md @@ -0,0 +1,122 @@ +# ADR 050: SIGN_MODE_TEXTUAL: Annex 2 XXX + +## Changelog + +* Oct 3, 2022: Initial Draft + +## Status + +DRAFT + +## Abstract + +This annex provides normative guidance on how devices should render a +`SIGN_MODE_TEXTUAL` document. + +## Context + +`SIGN_MODE_TEXTUAL` allows a legible version of a transaction to be signed +on a hardware security device, such as a Ledger. Early versions of the +design rendered transactions directly to lines of ASCII text, but this +proved awkward from its in-band signaling, and for the need to display +Unicode text within the transaction. + +## Decision + +`SIGN_MODE_TEXTUAL` renders to an abstract representation, leaving it +up to device-specific software how to present this representation given the +capabilities, limitations, and conventions of the device. + +We offer the following normative guidance: + +1. The presentation should be as legible as possible to the user, given +the capabilities of the device. If legibility could be sacrificed for other +properties, we would recommend just using some other signing mode. +Legibility should focus on the common case - it is okay for unusual cases +to be less legible. + +2. The presentation should be invertible if possible without substantial +sacrifice of legibility. Any change to the rendered data should result +in a visible change to the presentation. This extends the integrity of the +signing to user-visible presentation. + +3. The presentation should follow normal conventions of the device, +without sacrificing legibility or invertibility. + +As an illustration of these principles, here is an example algorithm +for presentation on a device which can display a single 80-character +line of printable ASCII characters: + +* The presentation is broken into lines, and each line is presented in +sequence, with user controls for going forward or backward a line. + +* Expert mode screens are only presented if the device is in expert mode. + +* Each line of the screen starts with a number of `>` characters equal +to the screen's indentation level, followed by a `+` character if this +isn't the first line of the screen, followed by a space if either a +`>` or a `+` has been emitted, +or if this header is followed by a `>`, `+`, or space. + +* If the line ends with whitespace or an `@` character, an additional `@` +character is appended to the line. + +* The following ASCII control characters or backslash (`\`) are converted +to a backslash followed by a letter code, in the manner of string literals +in many languages: + + * a: U+0007 alert or bell + * b: U+0008 backspace + * f: U+000C form feed + * n: U+000A line feed + * r: U+000D carriage return + * t: U+0009 horizontal tab + * v: U+000B vertical tab + * `\`: U+005C backslash + +* All other ASCII control characters, plus non-ASCII Unicode code points, +are shown as either: + + * `\u` followed by 4 uppercase hex characters for code points + in the basic multilingual plane (BMP). + + * `\U` followed by 8 uppercase hex characters for other code points. + +* The screen will be broken into multiple lines to fit the 80-character +limit, considering the above transformations in a way that attempts to +minimize the number of lines generated. Expanded control or Unicode characters +are never split across lines. + +Example output: + +``` +An introductory line. +key1: 123456 +key2: a string that ends in whitespace @ +key3: a string that ends in a single ampersand - @@ + >tricky key4<: note the leading space in the presentation +introducing an aggregate +> key5: false +> key6: a very long line of text, please co\u00F6perate and break into +>+ multiple lines. +> Can we do further nesting? +>> You bet we can! +``` + +The inverse mapping gives us the only input which could have +generated this output (JSON notation for string data): + +``` +Indent Text +------ ---- +0 "An introductory line." +0 "key1: 123456" +0 "key2: a string that ends in whitespace " +0 "key3: a string that ends in a single ampersand - @" +0 ">tricky key4<: note the leading space in the presentation" +0 "introducing an aggregate" +1 "key5: false" +1 "key6: a very long line of text, please coöperate and break into multiple lines." +1 "Can we do further nesting?" +2 "You bet we can!" +``` diff --git a/copy-of-sdk-docs/build/architecture/adr-050-sign-mode-textual.md b/copy-of-sdk-docs/build/architecture/adr-050-sign-mode-textual.md new file mode 100644 index 00000000..53185968 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-050-sign-mode-textual.md @@ -0,0 +1,370 @@ +# ADR 050: SIGN_MODE_TEXTUAL + +## Changelog + +* Dec 06, 2021: Initial Draft. +* Feb 07, 2022: Draft read and concept-ACKed by the Ledger team. +* May 16, 2022: Change status to Accepted. +* Aug 11, 2022: Require signing over tx raw bytes. +* Sep 07, 2022: Add custom `Msg`-renderers. +* Sep 18, 2022: Structured format instead of lines of text +* Nov 23, 2022: Specify CBOR encoding. +* Dec 01, 2022: Link to examples in separate JSON file. +* Dec 06, 2022: Re-ordering of envelope screens. +* Dec 14, 2022: Mention exceptions for invertibility. +* Jan 23, 2023: Switch Screen.Text to Title+Content. +* Mar 07, 2023: Change SignDoc from array to struct containing array. +* Mar 20, 2023: Introduce a spec version initialized to 0. + +## Status + +Accepted. Implementation started. Small value renderers details still need to be polished. + +Spec version: 0. + +## Abstract + +This ADR specifies SIGN_MODE_TEXTUAL, a new string-based sign mode that is targeted at signing with hardware devices. + +## Context + +Protobuf-based SIGN_MODE_DIRECT was introduced in [ADR-020](./adr-020-protobuf-transaction-encoding.md) and is intended to replace SIGN_MODE_LEGACY_AMINO_JSON in most situations, such as mobile wallets and CLI keyrings. However, the [Ledger](https://www.ledger.com/) hardware wallet is still using SIGN_MODE_LEGACY_AMINO_JSON for displaying the sign bytes to the user. Hardware wallets cannot transition to SIGN_MODE_DIRECT as: + +* SIGN_MODE_DIRECT is binary-based and thus not suitable for display to end-users. Technically, hardware wallets could simply display the sign bytes to the user. But this would be considered as blind signing, and is a security concern. +* hardware cannot decode the protobuf sign bytes due to memory constraints, as the Protobuf definitions would need to be embedded on the hardware device. + +In an effort to remove Amino from the SDK, a new sign mode needs to be created for hardware devices. [Initial discussions](https://github.com/cosmos/cosmos-sdk/issues/6513) propose a text-based sign mode, which this ADR formally specifies. + +## Decision + +In SIGN_MODE_TEXTUAL, a transaction is rendered into a textual representation, +which is then sent to a secure device or subsystem for the user to review and sign. +Unlike `SIGN_MODE_DIRECT`, the transmitted data can be simply decoded into legible text +even on devices with limited processing and display. + +The textual representation is a sequence of _screens_. +Each screen is meant to be displayed in its entirety (if possible) even on a small device like a Ledger. +A screen is roughly equivalent to a short line of text. +Large screens can be displayed in several pieces, +much as long lines of text are wrapped, +so no hard guidance is given, though 40 characters is a good target. +A screen is used to display a single key/value pair for scalar values +(or composite values with a compact notation, such as `Coins`) +or to introduce or conclude a larger grouping. + +The text can contain the full range of Unicode code points, including control characters and nul. +The device is responsible for deciding how to display characters it cannot render natively. +See [annex 2](./adr-050-sign-mode-textual-annex2.md) for guidance. + +Screens have a non-negative indentation level to signal composite or nested structures. +Indentation level zero is the top level. +Indentation is displayed via some device-specific mechanism. +Message quotation notation is an appropriate model, such as +leading `>` characters or vertical bars on more capable displays. + +Some screens are marked as _expert_ screens, +meant to be displayed only if the viewer chooses to opt in for the extra detail. +Expert screens are meant for information that is rarely useful, +or needs to be present only for signature integrity (see below). + +### Invertible Rendering + +We require that the rendering of the transaction be invertible: +there must be a parsing function such that for every transaction, +when rendered to the textual representation, +parsing that representation yields a proto message equivalent +to the original under proto equality. + +Note that this inverse function does not need to perform correct +parsing or error signaling for the whole domain of textual data. +Merely that the range of valid transactions be invertible under +the composition of rendering and parsing. + +Note that the existence of an inverse function ensures that the +rendered text contains the full information of the original transaction, +not a hash or subset. + +We make an exception for invertibility for data which are too large to +meaningfully display, such as byte strings longer than 32 bytes. We may then +selectively render them with a cryptographically-strong hash. In these cases, +it is still computationally infeasible to find a different transaction which +has the same rendering. However, we must ensure that the hash computation is +simple enough to be reliably executed independently, so at least the hash is +itself reasonably verifiable when the raw byte string is not. + +### Chain State + +The rendering function (and parsing function) may depend on the current chain state. +This is useful for reading parameters, such as coin display metadata, +or for reading user-specific preferences such as language or address aliases. +Note that if the observed state changes between signature generation +and the transaction's inclusion in a block, the delivery-time rendering +might differ. If so, the signature will be invalid and the transaction +will be rejected. + +### Signature and Security + +For security, transaction signatures should have three properties: + +1. Given the transaction, signatures, and chain state, it must be possible to validate that the signatures matches the transaction, +to verify that the signers must have known their respective secret keys. + +2. It must be computationally infeasible to find a substantially different transaction for which the given signatures are valid, given the same chain state. + +3. The user should be able to give informed consent to the signed data via a simple, secure device with limited display capabilities. + +The correctness and security of `SIGN_MODE_TEXTUAL` is guaranteed by demonstrating an inverse function from the rendering to transaction protos. +This means that it is impossible for a different protocol buffer message to render to the same text. + +### Transaction Hash Malleability + +When client software forms a transaction, the "raw" transaction (`TxRaw`) is serialized as a proto +and a hash of the resulting byte sequence is computed. +This is the `TxHash`, and is used by various services to track the submitted transaction through its lifecycle. +Various misbehavior is possible if one can generate a modified transaction with a different TxHash +but for which the signature still checks out. + +SIGN_MODE_TEXTUAL prevents this transaction malleability by including the TxHash as an expert screen +in the rendering. + +### SignDoc + +The SignDoc for `SIGN_MODE_TEXTUAL` is formed from a data structure like: + +```go +type Screen struct { + Title string // possibly size limited to, advised to 64 characters + Content string // possibly size limited to, advised to 255 characters + Indent uint8 // size limited to something small like 16 or 32 + Expert bool +} + +type SignDocTextual struct { + Screens []Screen +} +``` + +We do not plan to use protobuf serialization to form the sequence of bytes +that will be transmitted and signed, in order to keep the decoder simple. +We will use [CBOR](https://cbor.io) ([RFC 8949](https://www.rfc-editor.org/rfc/rfc8949.html)) instead. +The encoding is defined by the following CDDL ([RFC 8610](https://www.rfc-editor.org/rfc/rfc8610)): + +``` +;;; CDDL (RFC 8610) Specification of SignDoc for SIGN_MODE_TEXTUAL. +;;; Must be encoded using CBOR deterministic encoding (RFC 8949, section 4.2.1). + +;; A Textual document is a struct containing one field: an array of screens. +sign_doc = { + screens_key: [* screen], +} + +;; The key is an integer to keep the encoding small. +screens_key = 1 + +;; A screen consists of a text string, an indentation, and the expert flag, +;; represented as an integer-keyed map. All entries are optional +;; and MUST be omitted from the encoding if empty, zero, or false. +;; Text defaults to the empty string, indent defaults to zero, +;; and expert defaults to false. +screen = { + ? title_key: tstr, + ? content_key: tstr, + ? indent_key: uint, + ? expert_key: bool, +} + +;; Keys are small integers to keep the encoding small. +title_key = 1 +content_key = 2 +indent_key = 3 +expert_key = 4 +``` + +Defining the sign_doc as directly an array of screens has also been considered. However, given the possibility of future iterations of this specification, using a single-keyed struct has been chosen over the former proposal, as structs allow for easier backwards-compatibility. + +## Details + +In the examples that follow, screens will be shown as lines of text, +indentation is indicated with a leading '>', +and expert screens are marked with a leading `*`. + +### Encoding of the Transaction Envelope + +We define "transaction envelope" as all data in a transaction that is not in the `TxBody.Messages` field. Transaction envelope includes fee, signer infos and memo, but don't include `Msg`s. `//` denotes comments and are not shown on the Ledger device. + +``` +Chain ID: +Account number: +Sequence: +Address: +*Public Key: +This transaction has Message(s) // Pluralize "Message" only when int>1 +> Message (/): // See value renderers for Any rendering. +End of Message +Memo: // Skipped if no memo set. +Fee: // See value renderers for coins rendering. +*Fee payer: // Skipped if no fee_payer set. +*Fee granter: // Skipped if no fee_granter set. +Tip: // Skipped if no tip. +Tipper: +*Gas Limit: +*Timeout Height: // Skipped if no timeout_height set. +*Other signer: SignerInfo // Skipped if the transaction only has 1 signer. +*> Other signer (/): +*End of other signers +*Extension options: Any: // Skipped if no body extension options +*> Extension options (/): +*End of extension options +*Non critical extension options: Any: // Skipped if no body non critical extension options +*> Non critical extension options (/): +*End of Non critical extension options +*Hash of raw bytes: // Hex encoding of bytes defined, to prevent tx hash malleability. +``` + +### Encoding of the Transaction Body + +Transaction Body is the `Tx.TxBody.Messages` field, which is an array of `Any`s, where each `Any` packs a `sdk.Msg`. Since `sdk.Msg`s are widely used, they have a slightly different encoding than usual array of `Any`s (Protobuf: `repeated google.protobuf.Any`) described in Annex 1. + +``` +This transaction has message: // Optional 's' for "message" if there's >1 sdk.Msgs. +// For each Msg, print the following 2 lines: +Msg (/): // E.g. Msg (1/2): bank v1beta1 send coins + +End of transaction messages +``` + +#### Example + +Given the following Protobuf message: + +```protobuf +message Grant { + google.protobuf.Any authorization = 1 [(cosmos_proto.accepts_interface) = "cosmos.authz.v1beta1.Authorization"]; + google.protobuf.Timestamp expiration = 2 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false]; +} + +message MsgGrant { + option (cosmos.msg.v1.signer) = "granter"; + + string granter = 1 [(cosmos_proto.scalar) = "cosmos.AddressString"]; + string grantee = 2 [(cosmos_proto.scalar) = "cosmos.AddressString"]; +} +``` + +and a transaction containing 1 such `sdk.Msg`, we get the following encoding: + +``` +This transaction has 1 message: +Msg (1/1): authz v1beta1 grant +Granter: cosmos1abc...def +Grantee: cosmos1ghi...jkl +End of transaction messages +``` + +### Custom `Msg` Renderers + +Application developers may choose to not follow default renderer value output for their own `Msg`s. In this case, they can implement their own custom `Msg` renderer. This is similar to [EIP4430](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-4430.md), where the smart contract developer chooses the description string to be shown to the end user. + +This is done by setting the `cosmos.msg.textual.v1.expert_custom_renderer` Protobuf option to a non-empty string. This option CAN ONLY be set on a Protobuf message representing transaction message object (implementing `sdk.Msg` interface). + +```protobuf +message MsgFooBar { + // Optional comments to describe in human-readable language the formatting + // rules of the custom renderer. + option (cosmos.msg.textual.v1.expert_custom_renderer) = ""; + + // proto fields +} +``` + +When this option is set on a `Msg`, a registered function will transform the `Msg` into an array of one or more strings, which MAY use the key/value format (described in point #3) with the expert field prefix (described in point #5) and arbitrary indentation (point #6). These strings MAY be rendered from a `Msg` field using a default value renderer, or they may be generated from several fields using custom logic. + +The `` is a string convention chosen by the application developer and is used to identify the custom `Msg` renderer. For example, the documentation or specification of this custom algorithm can reference this identifier. This identifier CAN have a versioned suffix (e.g. `_v1`) to adapt for future changes (which would be consensus-breaking). We also recommend adding Protobuf comments to describe in human language the custom logic used. + +Moreover, the renderer must provide 2 functions: one for formatting from Protobuf to string, and one for parsing string to Protobuf. These 2 functions are provided by the application developer. To satisfy point #1, the parse function MUST be the inverse of the formatting function. This property will not be checked by the SDK at runtime. However, we strongly recommend the application developer to include a comprehensive suite in their app repo to test invertibility, as to not introduce security bugs. + +### Require signing over the `TxBody` and `AuthInfo` raw bytes + +Recall that the transaction bytes merkleized on chain are the Protobuf binary serialization of [TxRaw](https://buf.build/cosmos/cosmos-sdk/docs/main:cosmos.tx.v1beta1#cosmos.tx.v1beta1.TxRaw), which contains the `body_bytes` and `auth_info_bytes`. Moreover, the transaction hash is defined as the SHA256 hash of the `TxRaw` bytes. We require that the user signs over these bytes in SIGN_MODE_TEXTUAL, more specifically over the following string: + +``` +*Hash of raw bytes: +``` + +where: + +* `++` denotes concatenation, +* `HEX` is the hexadecimal representation of the bytes, all in capital letters, no `0x` prefix, +* and `len()` is encoded as a Big-Endian uint64. + +This is to prevent transaction hash malleability. The point #1 about invertibility assures that transaction `body` and `auth_info` values are not malleable, but the transaction hash still might be malleable with point #1 only, because the SIGN_MODE_TEXTUAL strings don't follow the byte ordering defined in `body_bytes` and `auth_info_bytes`. Without this hash, a malicious validator or exchange could intercept a transaction, modify its transaction hash _after_ the user signed it using SIGN_MODE_TEXTUAL (by tweaking the byte ordering inside `body_bytes` or `auth_info_bytes`), and then submit it to Tendermint. + +By including this hash in the SIGN_MODE_TEXTUAL signing payload, we keep the same level of guarantees as [SIGN_MODE_DIRECT](./adr-020-protobuf-transaction-encoding.md). + +These bytes are only shown in expert mode, hence the leading `*`. + +## Updates to the current specification + +The current specification is not set in stone, and future iterations are to be expected. We distinguish two categories of updates to this specification: + +1. Updates that require changes of the hardware device embedded application. +2. Updates that only modify the envelope and the value renderers. + +Updates in the 1st category include changes of the `Screen` struct or its corresponding CBOR encoding. This type of updates require a modification of the hardware signer application, to be able to decode and parse the new types. Backwards-compatibility must also be guaranteed, so that the new hardware application works with existing versions of the SDK. These updates require the coordination of multiple parties: SDK developers, hardware application developers (currently: Zondax), and client-side developers (e.g. CosmJS). Furthermore, a new submission of the hardware device application may be necessary, which, depending on the vendor, can take some time. As such, we recommend to avoid this type of updates as much as possible. + +Updates in the 2nd category include changes to any of the value renderers or to the transaction envelope. For example, the ordering of fields in the envelope can be swapped, or the timestamp formatting can be modified. Since SIGN_MODE_TEXTUAL sends `Screen`s to the hardware device, this type of change does not need a hardware wallet application update. They are however state-machine-breaking, and must be documented as such. They require the coordination of SDK developers with client-side developers (e.g. CosmJS), so that the updates are released on both sides close to each other in time. + +We define a spec version, which is an integer that must be incremented on each update of either category. This spec version will be exposed by the SDK's implementation, and can be communicated to clients. For example, SDK v0.50 might use the spec version 1, and SDK v0.51 might use 2; thanks to this versioning, clients can know how to craft SIGN_MODE_TEXTUAL transactions based on the target SDK version. + +The current spec version is defined in the "Status" section, on the top of this document. It is initialized to `0` to allow flexibility in choosing how to define future versions, as it would allow adding a field either in the SignDoc Go struct or in Protobuf in a backwards-compatible way. + +## Additional Formatting by the Hardware Device + +See [annex 2](./adr-050-sign-mode-textual-annex2.md). + +## Examples + +1. A minimal MsgSend: [see transaction](https://github.com/cosmos/cosmos-sdk/blob/094abcd393379acbbd043996024d66cd65246fb1/tx/textual/internal/testdata/e2e.json#L2-L70). +2. A transaction with a bit of everything: [see transaction](https://github.com/cosmos/cosmos-sdk/blob/094abcd393379acbbd043996024d66cd65246fb1/tx/textual/internal/testdata/e2e.json#L71-L270). + +The examples below are stored in a JSON file with the following fields: + +* `proto`: the representation of the transaction in ProtoJSON, +* `screens`: the transaction rendered into SIGN_MODE_TEXTUAL screens, +* `cbor`: the sign bytes of the transaction, which is the CBOR encoding of the screens. + +## Consequences + +### Backwards Compatibility + +SIGN_MODE_TEXTUAL is purely additive, and doesn't break any backwards compatibility with other sign modes. + +### Positive + +* Human-friendly way of signing in hardware devices. +* Once SIGN_MODE_TEXTUAL is shipped, SIGN_MODE_LEGACY_AMINO_JSON can be deprecated and removed. On the longer term, once the ecosystem has totally migrated, Amino can be totally removed. + +### Negative + +* Some fields are still encoded in non-human-readable ways, such as public keys in hexadecimal. +* New ledger app needs to be released, still unclear + +### Neutral + +* If the transaction is complex, the string array can be arbitrarily long, and some users might just skip some screens and blind sign. + +## Further Discussions + +* Some details on value renderers need to be polished, see [Annex 1](./adr-050-sign-mode-textual-annex1.md). +* Are ledger apps able to support both SIGN_MODE_LEGACY_AMINO_JSON and SIGN_MODE_TEXTUAL at the same time? +* Open question: should we add a Protobuf field option to allow app developers to overwrite the textual representation of certain Protobuf fields and message? This would be similar to Ethereum's [EIP4430](https://github.com/ethereum/EIPs/pull/4430), where the contract developer decides on the textual representation. +* Internationalization. + +## References + +* [Annex 1](./adr-050-sign-mode-textual-annex1.md) + +* Initial discussion: https://github.com/cosmos/cosmos-sdk/issues/6513 +* Living document used in the working group: https://hackmd.io/fsZAO-TfT0CKmLDtfMcKeA?both +* Working group meeting notes: https://hackmd.io/7RkGfv_rQAaZzEigUYhcXw +* Ethereum's "Described Transactions" https://github.com/ethereum/EIPs/pull/4430 diff --git a/copy-of-sdk-docs/build/architecture/adr-053-go-module-refactoring.md b/copy-of-sdk-docs/build/architecture/adr-053-go-module-refactoring.md new file mode 100644 index 00000000..a6a87ab2 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-053-go-module-refactoring.md @@ -0,0 +1,110 @@ +# ADR 053: Go Module Refactoring + +## Changelog + +* 2022-04-27: First Draft + +## Status + +PROPOSED + +## Abstract + +The current SDK is built as a single monolithic go module. This ADR describes +how we refactor the SDK into smaller independently versioned go modules +for ease of maintenance. + +## Context + +Go modules impose certain requirements on software projects with respect to +stable version numbers (anything above 0.x) in that [any API breaking changes +necessitate a major version](https://go.dev/doc/modules/release-workflow#breaking) +increase which technically creates a new go module +(with a v2, v3, etc. suffix). + +[Keeping modules API compatible](https://go.dev/blog/module-compatibility) in +this way requires a fair amount of thought and discipline. + +The Cosmos SDK is a fairly large project which originated before go modules +came into existence and has always been under a v0.x release even though +it has been used in production for years now, not because it isn't production +quality software, but rather because the API compatibility guarantees required +by go modules are fairly complex to adhere to with such a large project. +Up to now, it has generally been deemed more important to be able to break the +API if needed rather than require all users update all package import paths +to accommodate breaking changes causing v2, v3, etc. releases. This is in +addition to the other complexities related to protobuf generated code that will +be addressed in a separate ADR. + +Nevertheless, the desire for semantic versioning has been [strong in the +community](https://github.com/cosmos/cosmos-sdk/discussions/10162) and the +single go module release process has made it very hard to +release small changes to isolated features in a timely manner. Release cycles +often exceed six months which means small improvements done in a day or +two get bottle-necked by everything else in the monolithic release cycle. + +## Decision + +To improve the current situation, the SDK is being refactored into multiple +go modules within the current repository. There has been a [fair amount of +debate](https://github.com/cosmos/cosmos-sdk/discussions/10582#discussioncomment-1813377) +as to how to do this, with some developers arguing for larger vs smaller +module scopes. There are pros and cons to both approaches (which will be +discussed below in the [Consequences](#consequences) section), but the +approach being adopted is the following: + +* a go module should generally be scoped to a specific coherent set of +functionality (such as math, errors, store, etc.) +* when code is removed from the core SDK and moved to a new module path, every +effort should be made to avoid API breaking changes in the existing code using +aliases and wrapper types (as done in https://github.com/cosmos/cosmos-sdk/pull/10779 +and https://github.com/cosmos/cosmos-sdk/pull/11788) +* new go modules should be moved to a standalone domain (`cosmossdk.io`) before +being tagged as `v1.0.0` to accommodate the possibility that they may be +better served by a standalone repository in the future +* all go modules should follow the guidelines in https://go.dev/blog/module-compatibility +before `v1.0.0` is tagged and should make use of `internal` packages to limit +the exposed API surface +* the new go module's API may deviate from the existing code where there are +clear improvements to be made or to remove legacy dependencies (for instance on +amino or gogo proto), as long the old package attempts +to avoid API breakage with aliases and wrappers +* care should be taken when simply trying to turn an existing package into a +new go module: https://github.com/golang/go/wiki/Modules#is-it-possible-to-add-a-module-to-a-multi-module-repository. +In general, it seems safer to just create a new module path (appending v2, v3, etc. +if necessary), rather than trying to make an old package a new module. + +## Consequences + +### Backwards Compatibility + +If the above guidelines are followed to use aliases or wrapper types pointing +in existing APIs that point back to the new go modules, there should be no or +very limited breaking changes to existing APIs. + +### Positive + +* standalone pieces of software will reach `v1.0.0` sooner +* new features to specific functionality will be released sooner + +### Negative + +* there will be more go module versions to update in the SDK itself and +per-project, although most of these will hopefully be indirect + +### Neutral + +## Further Discussions + +Further discussions are occurring primarily in +https://github.com/cosmos/cosmos-sdk/discussions/10582 and within +the Cosmos SDK Framework Working Group. + +## References + +* https://go.dev/doc/modules/release-workflow +* https://go.dev/blog/module-compatibility +* https://github.com/cosmos/cosmos-sdk/discussions/10162 +* https://github.com/cosmos/cosmos-sdk/discussions/10582 +* https://github.com/cosmos/cosmos-sdk/pull/10779 +* https://github.com/cosmos/cosmos-sdk/pull/11788 diff --git a/copy-of-sdk-docs/build/architecture/adr-054-semver-compatible-modules.md b/copy-of-sdk-docs/build/architecture/adr-054-semver-compatible-modules.md new file mode 100644 index 00000000..2152e1a9 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-054-semver-compatible-modules.md @@ -0,0 +1,731 @@ +# ADR 054: Semver Compatible SDK Modules + +## Changelog + +* 2022-04-27: First draft + +## Status + +DRAFT + +## Abstract + +In order to move the Cosmos SDK to a system of decoupled semantically versioned +modules which can be composed in different combinations (ex. staking v3 with +bank v1 and distribution v2), we need to reassess how we organize the API surface +of modules to avoid problems with go semantic import versioning and +circular dependencies. This ADR explores various approaches we can take to +addressing these issues. + +## Context + +There has been [a fair amount of desire](https://github.com/cosmos/cosmos-sdk/discussions/10162) +in the community for semantic versioning in the SDK and there has been significant +movement to splitting SDK modules into [standalone go modules](https://github.com/cosmos/cosmos-sdk/issues/11899). +Both of these will ideally allow the ecosystem to move faster because we won't +be waiting for all dependencies to update synchronously. For instance, we could +have 3 versions of the core SDK compatible with the latest 2 releases of +CosmWasm as well as 4 different versions of staking . This sort of setup would +allow early adopters to aggressively integrate new versions, while allowing +more conservative users to be selective about which versions they're ready for. + +In order to achieve this, we need to solve the following problems: + +1. because of the way [go semantic import versioning](https://research.swtch.com/vgo-import) (SIV) + works, moving to SIV naively will actually make it harder to achieve these goals +2. circular dependencies between modules need to be broken to actually release + many modules in the SDK independently +3. pernicious minor version incompatibilities introduced through correctly + [evolving protobuf schemas](https://developers.google.com/protocol-buffers/docs/proto3#updating) + without correct [unknown field filtering](./adr-020-protobuf-transaction-encoding.md#unknown-field-filtering) + +Note that all the following discussion assumes that the proto file versioning and state machine versioning of a module +are distinct in that: + +* proto files are maintained in a non-breaking way (using something + like [buf breaking](https://docs.buf.build/breaking/overview) + to ensure all changes are backwards compatible) +* proto file versions get bumped much less frequently, i.e. we might maintain `cosmos.bank.v1` through many versions + of the bank module state machine +* state machine breaking changes are more common and ideally this is what we'd want to semantically version with + go modules, ex. `x/bank/v2`, `x/bank/v3`, etc. + +### Problem 1: Semantic Import Versioning Compatibility + +Consider we have a module `foo` which defines the following `MsgDoSomething` and that we've released its state +machine in go module `example.com/foo`: + +```protobuf +package foo.v1; + +message MsgDoSomething { + string sender = 1; + uint64 amount = 2; +} + +service Msg { + DoSomething(MsgDoSomething) returns (MsgDoSomethingResponse); +} +``` + +Now consider that we make a revision to this module and add a new `condition` field to `MsgDoSomething` and also +add a new validation rule on `amount` requiring it to be non-zero, and that following go semantic versioning we +release the next state machine version of `foo` as `example.com/foo/v2`. + +```protobuf +// Revision 1 +package foo.v1; + +message MsgDoSomething { + string sender = 1; + + // amount must be a non-zero integer. + uint64 amount = 2; + + // condition is an optional condition on doing the thing. + // + // Since: Revision 1 + Condition condition = 3; +} +``` + +Approaching this naively, we would generate the protobuf types for the initial +version of `foo` in `example.com/foo/types` and we would generate the protobuf +types for the second version in `example.com/foo/v2/types`. + +Now let's say we have a module `bar` which talks to `foo` using this keeper +interface which `foo` provides: + +```go +type FooKeeper interface { + DoSomething(MsgDoSomething) error +} +``` + +#### Scenario A: Backward Compatibility: Newer Foo, Older Bar + +Imagine we have a chain which uses both `foo` and `bar` and wants to upgrade to +`foo/v2`, but the `bar` module has not upgraded to `foo/v2`. + +In this case, the chain will not be able to upgrade to `foo/v2` until `bar` +has upgraded its references to `example.com/foo/types.MsgDoSomething` to +`example.com/foo/v2/types.MsgDoSomething`. + +Even if `bar`'s usage of `MsgDoSomething` has not changed at all, the upgrade +will be impossible without this change because `example.com/foo/types.MsgDoSomething` +and `example.com/foo/v2/types.MsgDoSomething` are fundamentally different +incompatible structs in the go type system. + +#### Scenario B: Forward Compatibility: Older Foo, Newer Bar + +Now let's consider the reverse scenario, where `bar` upgrades to `foo/v2` +by changing the `MsgDoSomething` reference to `example.com/foo/v2/types.MsgDoSomething` +and releases that as `bar/v2` with some other changes that a chain wants. +The chain, however, has decided that it thinks the changes in `foo/v2` are too +risky and that it'd prefer to stay on the initial version of `foo`. + +In this scenario, it is impossible to upgrade to `bar/v2` without upgrading +to `foo/v2` even if `bar/v2` would have worked 100% fine with `foo` other +than changing the import path to `MsgDoSomething` (meaning that `bar/v2` +doesn't actually use any new features of `foo/v2`). + +Now because of the way go semantic import versioning works, we are locked +into either using `foo` and `bar` OR `foo/v2` and `bar/v2`. We cannot have +`foo` + `bar/v2` OR `foo/v2` + `bar`. The go type system doesn't allow this +even if both versions of these modules are otherwise compatible with each +other. + +#### Naive Mitigation + +A naive approach to fixing this would be to not regenerate the protobuf types +in `example.com/foo/v2/types` but instead just update `example.com/foo/types` +to reflect the changes needed for `v2` (adding `condition` and requiring +`amount` to be non-zero). Then we could release a patch of `example.com/foo/types` +with this update and use that for `foo/v2`. But this change is state machine +breaking for `v1`. It requires changing the `ValidateBasic` method to reject +the case where `amount` is zero, and it adds the `condition` field which +should be rejected based +on [ADR 020 unknown field filtering](./adr-020-protobuf-transaction-encoding.md#unknown-field-filtering). +So adding these changes as a patch on `v1` is actually incorrect based on semantic +versioning. Chains that want to stay on `v1` of `foo` should not +be importing these changes because they are incorrect for `v1.` + +### Problem 2: Circular dependencies + +None of the above approaches allow `foo` and `bar` to be separate modules +if for some reason `foo` and `bar` depend on each other in different ways. +For instance, we can't have `foo` import `bar/types` while `bar` imports +`foo/types`. + +We have several cases of circular module dependencies in the SDK +(ex. staking, distribution and slashing) that are legitimate from a state machine +perspective. Without separating the API types out somehow, there would be +no way to independently semantically version these modules without some other +mitigation. + +### Problem 3: Handling Minor Version Incompatibilities + +Imagine that we solve the first two problems but now have a scenario where +`bar/v2` wants the option to use `MsgDoSomething.condition` which only `foo/v2` +supports. If `bar/v2` works with `foo` `v1` and sets `condition` to some non-nil +value, then `foo` will silently ignore this field resulting in a silent logic +possibly dangerous logic error. If `bar/v2` were able to check whether `foo` was +on `v1` or `v2` and dynamically, it could choose to only use `condition` when +`foo/v2` is available. Even if `bar/v2` were able to perform this check, however, +how do we know that it is always performing the check properly. Without +some sort of +framework-level [unknown field filtering](./adr-020-protobuf-transaction-encoding.md#unknown-field-filtering), +it is hard to know whether these pernicious hard to detect bugs are getting into +our app and a client-server layer such as [ADR 033: Inter-Module Communication](./adr-033-protobuf-inter-module-comm.md) +may be needed to do this. + +## Solutions + +### Approach A) Separate API and State Machine Modules + +One solution (first proposed in https://github.com/cosmos/cosmos-sdk/discussions/10582) is to isolate all protobuf +generated code into a separate module +from the state machine module. This would mean that we could have state machine +go modules `foo` and `foo/v2` which could use a types or API go module say +`foo/api`. This `foo/api` go module would be perpetually on `v1.x` and only +accept non-breaking changes. This would then allow other modules to be +compatible with either `foo` or `foo/v2` as long as the inter-module API only +depends on the types in `foo/api`. It would also allow modules `foo` and `bar` +to depend on each other in that both of them could depend on `foo/api` and +`bar/api` without `foo` directly depending on `bar` and vice versa. + +This is similar to the naive mitigation described above except that it separates +the types into separate go modules which in and of itself could be used to +break circular module dependencies. It has the same problems as the naive solution, +otherwise, which we could rectify by: + +1. removing all state machine breaking code from the API module (ex. `ValidateBasic` and any other interface methods) +2. embedding the correct file descriptors for unknown field filtering in the binary + +#### Migrate all interface methods on API types to handlers + +To solve 1), we need to remove all interface implementations from generated +types and instead use a handler approach which essentially means that given +a type `X`, we have some sort of resolver which allows us to resolve interface +implementations for that type (ex. `sdk.Msg` or `authz.Authorization`). For +example: + +```go +func (k Keeper) DoSomething(msg MsgDoSomething) error { + var validateBasicHandler ValidateBasicHandler + err := k.resolver.Resolve(&validateBasic, msg) + if err != nil { + return err + } + + err = validateBasicHandler.ValidateBasic() + ... +} +``` + +In the case of some methods on `sdk.Msg`, we could replace them with declarative +annotations. For instance, `GetSigners` can already be replaced by the protobuf +annotation `cosmos.msg.v1.signer`. In the future, we may consider some sort +of protobuf validation framework (like https://github.com/bufbuild/protoc-gen-validate +but more Cosmos-specific) to replace `ValidateBasic`. + +#### Pinned FileDescriptor's + +To solve 2), state machine modules must be able to specify what the version of +the protobuf files was that they were built against. For instance if the API +module for `foo` upgrades to `foo/v2`, the original `foo` module still needs +a copy of the original protobuf files it was built with so that ADR 020 +unknown field filtering will reject `MsgDoSomething` when `condition` is +set. + +The simplest way to do this may be to embed the protobuf `FileDescriptor`s into +the module itself so that these `FileDescriptor`s are used at runtime rather +than the ones that are built into the `foo/api` which may be different. Using +[buf build](https://docs.buf.build/build/usage#output-format), [go embed](https://pkg.go.dev/embed), +and a build script we can probably come up with a solution for embedding +`FileDescriptor`s into modules that is fairly straightforward. + +#### Potential limitations to generated code + +One challenge with this approach is that it places heavy restrictions on what +can go in API modules and requires that most of this is state machine breaking. +All or most of the code in the API module would be generated from protobuf +files, so we can probably control this with how code generation is done, but +it is a risk to be aware of. + +For instance, we do code generation for the ORM that in the future could +contain optimizations that are state machine breaking. We +would either need to ensure very carefully that the optimizations aren't +actually state machine breaking in generated code or separate this generated code +out from the API module into the state machine module. Both of these mitigations +are potentially viable but the API module approach does require an extra level +of care to avoid these sorts of issues. + +#### Minor Version Incompatibilities + +This approach in and of itself does little to address any potential minor +version incompatibilities and the +requisite [unknown field filtering](./adr-020-protobuf-transaction-encoding.md#unknown-field-filtering). +Likely some sort of client-server routing layer which does this check such as +[ADR 033: Inter-Module communication](./adr-033-protobuf-inter-module-comm.md) +is required to make sure that this is done properly. We could then allow +modules to perform a runtime check given a `MsgClient`, ex: + +```go +func (k Keeper) CallFoo() error { + if k.interModuleClient.MinorRevision(k.fooMsgClient) >= 2 { + k.fooMsgClient.DoSomething(&MsgDoSomething{Condition: ...}) + } else { + ... + } +} +``` + +To do the unknown field filtering itself, the ADR 033 router would need to use +the [protoreflect API](https://pkg.go.dev/google.golang.org/protobuf/reflect/protoreflect) +to ensure that no fields unknown to the receiving module are set. This could +result in an undesirable performance hit depending on how complex this logic is. + +### Approach B) Changes to Generated Code + +An alternate approach to solving the versioning problem is to change how protobuf code is generated and move modules +mostly or completely in the direction of inter-module communication as described +in [ADR 033](./adr-033-protobuf-inter-module-comm.md). +In this paradigm, a module could generate all the types it needs internally - including the API types of other modules - +and talk to other modules via a client-server boundary. For instance, if `bar` needs to talk to `foo`, it could +generate its own version of `MsgDoSomething` as `bar/internal/foo/v1.MsgDoSomething` and just pass this to the +inter-module router which would somehow convert it to the version which foo needs (ex. `foo/internal.MsgDoSomething`). + +Currently, two generated structs for the same protobuf type cannot exist in the same go binary without special +build flags (see https://developers.google.com/protocol-buffers/docs/reference/go/faq#fix-namespace-conflict). +A relatively simple mitigation to this issue would be to set up the protobuf code to not register protobuf types +globally if they are generated in an `internal/` package. This will require modules to register their types manually +with the app-level level protobuf registry, this is similar to what modules already do with the `InterfaceRegistry` +and amino codec. + +If modules _only_ do ADR 033 message passing then a naive and non-performant solution for +converting `bar/internal/foo/v1.MsgDoSomething` +to `foo/internal.MsgDoSomething` would be marshaling and unmarshaling in the ADR 033 router. This would break down if +we needed to expose protobuf types in `Keeper` interfaces because the whole point is to try to keep these types +`internal/` so that we don't end up with all the import version incompatibilities we've described above. However, +because of the issue with minor version incompatibilities and the need +for [unknown field filtering](./adr-020-protobuf-transaction-encoding.md#unknown-field-filtering), +sticking with the `Keeper` paradigm instead of ADR 033 may be unviable to begin with. + +A more performant solution (that could maybe be adapted to work with `Keeper` interfaces) would be to only expose +getters and setters for generated types and internally store data in memory buffers which could be passed from +one implementation to another in a zero-copy way. + +For example, imagine this protobuf API with only getters and setters is exposed for `MsgSend`: + +```go +type MsgSend interface { + proto.Message + GetFromAddress() string + GetToAddress() string + GetAmount() []v1beta1.Coin + SetFromAddress(string) + SetToAddress(string) + SetAmount([]v1beta1.Coin) +} + +func NewMsgSend() MsgSend { return &msgSendImpl{memoryBuffers: ...} } +``` + +Under the hood, `MsgSend` could be implemented based on some raw memory buffer in the same way +that [Cap'n Proto](https://capnproto.org) +and [FlatBuffers](https://google.github.io/flatbuffers/) so that we could convert between one version of `MsgSend` +and another without serialization (i.e. zero-copy). This approach would have the added benefits of allowing zero-copy +message passing to modules written in other languages such as Rust and accessed through a VM or FFI. It could also make +unknown field filtering in inter-module communication simpler if we require that all new fields are added in sequential +order, ex. just checking that no field `> 5` is set. + +Also, we wouldn't have any issues with state machine breaking code on generated types because all the generated +code used in the state machine would actually live in the state machine module itself. Depending on how interface +types and protobuf `Any`s are used in other languages, however, it may still be desirable to take the handler +approach described in approach A. Either way, types implementing interfaces would still need to be registered +with an `InterfaceRegistry` as they are now because there would be no way to retrieve them via the global registry. + +In order to simplify access to other modules using ADR 033, a public API module (maybe even one +[remotely generated by Buf](https://buf.build/docs/bsr/generated-sdks/go/)) could be used by client modules instead +of requiring to generate all client types internally. + +The big downsides of this approach are that it requires big changes to how people use protobuf types and would be a +substantial rewrite of the protobuf code generator. This new generated code, however, could still be made compatible +with +the [`google.golang.org/protobuf/reflect/protoreflect`](https://pkg.go.dev/google.golang.org/protobuf/reflect/protoreflect) +API in order to work with all standard golang protobuf tooling. + +It is possible that the naive approach of marshaling/unmarshaling in the ADR 033 router is an acceptable intermediate +solution if the changes to the code generator are seen as too complex. However, since all modules would likely need +to migrate to ADR 033 anyway with this approach, it might be better to do this all at once. + +### Approach C) Don't address these issues + +If the above solutions are seen as too complex, we can also decide not to do anything explicit to enable better module +version compatibility, and break circular dependencies. + +In this case, when developers are confronted with the issues described above they can require dependencies to update in +sync (what we do now) or attempt some ad-hoc potentially hacky solution. + +One approach is to ditch go semantic import versioning (SIV) altogether. Some people have commented that go's SIV +(i.e. changing the import path to `foo/v2`, `foo/v3`, etc.) is too restrictive and that it should be optional. The +golang maintainers disagree and only officially support semantic import versioning. We could, however, take the +contrarian perspective and get more flexibility by using 0.x-based versioning basically forever. + +Module version compatibility could then be achieved using go.mod replace directives to pin dependencies to specific +compatible 0.x versions. For instance if we knew `foo` 0.2 and 0.3 were both compatible with `bar` 0.3 and 0.4, we +could use replace directives in our go.mod to stick to the versions of `foo` and `bar` we want. This would work as +long as the authors of `foo` and `bar` avoid incompatible breaking changes between these modules. + +Or, if developers choose to use semantic import versioning, they can attempt the naive solution described above +and would also need to use special tags and replace directives to make sure that modules are pinned to the correct +versions. + +Note, however, that all of these ad-hoc approaches, would be vulnerable to the minor version compatibility issues +described above unless [unknown field filtering](./adr-020-protobuf-transaction-encoding.md#unknown-field-filtering) +is properly addressed. + +### Approach D) Avoid protobuf generated code in public APIs + +An alternative approach would be to avoid protobuf generated code in public module APIs. This would help avoid the +discrepancy between state machine versions and client API versions at the module to module boundaries. It would mean +that we wouldn't do inter-module message passing based on ADR 033, but rather stick to the existing keeper approach +and take it one step further by avoiding any protobuf generated code in the keeper interface methods. + +Using this approach, our `foo.Keeper.DoSomething` method wouldn't have the generated `MsgDoSomething` struct (which +comes from the protobuf API), but instead positional parameters. Then in order for `foo/v2` to support the `foo/v1` +keeper it would simply need to implement both the v1 and v2 keeper APIs. The `DoSomething` method in v2 could have the +additional `condition` parameter, but this wouldn't be present in v1 at all so there would be no danger of a client +accidentally setting this when it isn't available. + +So this approach would avoid the challenge around minor version incompatibilities because the existing module keeper +API would not get new fields when they are added to protobuf files. + +Taking this approach, however, would likely require making all protobuf generated code internal in order to prevent +it from leaking into the keeper API. This means we would still need to modify the protobuf code generator to not +register `internal/` code with the global registry, and we would still need to manually register protobuf +`FileDescriptor`s (this is probably true in all scenarios). It may, however, be possible to avoid needing to refactor +interface methods on generated types to handlers. + +Also, this approach doesn't address what would be done in scenarios where modules still want to use the message router. +Either way, we probably still want a way to pass messages from one module to another router safely even if it's just for +use cases like `x/gov`, `x/authz`, CosmWasm, etc. That would still require most of the things outlined in approach (B), +although we could advise modules to prefer keepers for communicating with other modules. + +The biggest downside of this approach is probably that it requires a strict refactoring of keeper interfaces to avoid +generated code leaking into the API. This may result in cases where we need to duplicate types that are already defined +in proto files and then write methods for converting between the golang and protobuf version. This may end up in a lot +of unnecessary boilerplate and that may discourage modules from actually adopting it and achieving effective version +compatibility. Approaches (A) and (B), although heavy handed initially, aim to provide a system which once adopted +more or less gives the developer version compatibility for free with minimal boilerplate. Approach (D) may not be able +to provide such a straightforward system since it requires a golang API to be defined alongside a protobuf API in a +way that requires duplication and differing sets of design principles (protobuf APIs encourage additive changes +while golang APIs would forbid it). + +Other downsides to this approach are: + +* no clear roadmap to supporting modules in other languages like Rust +* doesn't get us any closer to proper object capability security (one of the goals of ADR 033) +* ADR 033 needs to be done properly anyway for the set of use cases which do need it + +## Decision + +The latest **DRAFT** proposal is: + +1. we are alignment on adopting [ADR 033](./adr-033-protobuf-inter-module-comm.md) not just as an addition to the + framework, but as a core replacement to the keeper paradigm entirely. +2. the ADR 033 inter-module router will accommodate any variation of approach (A) or (B) given the following rules: + a. if the client type is the same as the server type then pass it directly through, + b. if both client and server use the zero-copy generated code wrappers (which still need to be defined), then pass + the memory buffers from one wrapper to the other, or + c. marshal/unmarshal types between client and server. + +This approach will allow for both maximal correctness and enable a clear path to enabling modules within in other +languages, possibly executed within a WASM VM. + +### Minor API Revisions + +To declare minor API revisions of proto files, we propose the following guidelines (which were already documented +in [cosmos.app.v1alpha module options](../proto/cosmos/app/v1alpha1/module.proto)): + +* proto packages which are revised from their initial version (considered revision `0`) should include a `package` +* comment in some .proto file containing the test `Revision N` at the start of a comment line where `N` is the current +revision number. +* all fields, messages, etc. added in a version beyond the initial revision should add a comment at the start of a +comment line of the form `Since: Revision N` where `N` is the non-zero revision it was added. + +It is advised that there is a 1:1 correspondence between a state machine module and versioned set of proto files +which are versioned either as a buf module a go API module or both. If the buf schema registry is used, the version of +this buf module should always be `1.N` where `N` corresponds to the package revision. Patch releases should be used when +only documentation comments are updated. It is okay to include proto packages named `v2`, `v3`, etc. in this same +`1.N` versioned buf module (ex. `cosmos.bank.v2`) as long as all these proto packages consist of a single API intended +to be served by a single SDK module. + +### Introspecting Minor API Revisions + +In order for modules to introspect the minor API revision of peer modules, we propose adding the following method +to `cosmossdk.io/core/intermodule.Client`: + +```go +ServiceRevision(ctx context.Context, serviceName string) uint64 +``` + +Modules could call this using the service name statically generated by the go grpc code generator: + +```go +intermoduleClient.ServiceRevision(ctx, bankv1beta1.Msg_ServiceDesc.ServiceName) +``` + +In the future, we may decide to extend the code generator used for protobuf services to add a field +to client types which does this check more concisely, ex: + +```go +package bankv1beta1 + +type MsgClient interface { + Send(context.Context, MsgSend) (MsgSendResponse, error) + ServiceRevision(context.Context) uint64 +} +``` + +### Unknown Field Filtering + +To correctly perform [unknown field filtering](./adr-020-protobuf-transaction-encoding.md#unknown-field-filtering), +the inter-module router can do one of the following: + +* use the `protoreflect` API for messages which support that +* for gogo proto messages, marshal and use the existing `codec/unknownproto` code +* for zero-copy messages, do a simple check on the highest set field number (assuming we can require that fields are + adding consecutively in increasing order) + +### `FileDescriptor` Registration + +Because a single go binary may contain different versions of the same generated protobuf code, we cannot rely on the +global protobuf registry to contain the correct `FileDescriptor`s. Because `appconfig` module configuration is itself +written in protobuf, we would like to load the `FileDescriptor`s for a module before loading a module itself. So we +will provide ways to register `FileDescriptor`s at module registration time before instantiation. We propose the +following `cosmossdk.io/core/appmodule.Option` constructors for the various cases of how `FileDescriptor`s may be +packaged: + +```go +package appmodule + +// this can be used when we are using google.golang.org/protobuf compatible generated code +// Ex: +// ProtoFiles(bankv1beta1.File_cosmos_bank_v1beta1_module_proto) +func ProtoFiles(file []protoreflect.FileDescriptor) Option {} + +// this can be used when we are using gogo proto generated code. +func GzippedProtoFiles(file [][]byte) Option {} + +// this can be used when we are using buf build to generated a pinned file descriptor +func ProtoImage(protoImage []byte) Option {} +``` + +This approach allows us to support several ways protobuf files might be generated: + +* proto files generated internally to a module (use `ProtoFiles`) +* the API module approach with pinned file descriptors (use `ProtoImage`) +* gogo proto (use `GzippedProtoFiles`) + +### Module Dependency Declaration + +One risk of ADR 033 is that dependencies are called at runtime which are not present in the loaded set of SDK modules. +Also we want modules to have a way to define a minimum dependency API revision that they require. Therefore, all +modules should declare their set of dependencies upfront. These dependencies could be defined when a module is +instantiated, but ideally we know what the dependencies are before instantiation and can statically look at an app +config and determine whether the set of modules. For example, if `bar` requires `foo` revision `>= 1`, then we +should be able to know this when creating an app config with two versions of `bar` and `foo`. + +We propose defining these dependencies in the proto options of the module config object itself. + +### Interface Registration + +We will also need to define how interface methods are defined on types that are serialized as `google.protobuf.Any`'s. +In light of the desire to support modules in other languages, we may want to think of solutions that will accommodate +other languages such as plugins described briefly in [ADR 033](./adr-033-protobuf-inter-module-comm.md#internal-methods). + +### Testing + +In order to ensure that modules are indeed with multiple versions of their dependencies, we plan to provide specialized +unit and integration testing infrastructure that automatically tests multiple versions of dependencies. + +#### Unit Testing + +Unit tests should be conducted inside SDK modules by mocking their dependencies. In a full ADR 033 scenario, +this means that all interaction with other modules is done via the inter-module router, so mocking of dependencies +means mocking their msg and query server implementations. We will provide both a test runner and fixture to make this +streamlined. The key thing that the test runner should do to test compatibility is to test all combinations of +dependency API revisions. This can be done by taking the file descriptors for the dependencies, parsing their comments +to determine the revisions various elements were added, and then created synthetic file descriptors for each revision +by subtracting elements that were added later. + +Here is a proposed API for the unit test runner and fixture: + +```go +package moduletesting + +import ( + "context" + "testing" + + "cosmossdk.io/core/intermodule" + "cosmossdk.io/depinject" + "google.golang.org/grpc" + "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/reflect/protodesc" +) + +type TestFixture interface { + context.Context + intermodule.Client // for making calls to the module we're testing + BeginBlock() + EndBlock() +} + +type UnitTestFixture interface { + TestFixture + grpc.ServiceRegistrar // for registering mock service implementations +} + +type UnitTestConfig struct { + ModuleConfig proto.Message // the module's config object + DepinjectConfig depinject.Config // optional additional depinject config options + DependencyFileDescriptors []protodesc.FileDescriptorProto // optional dependency file descriptors to use instead of the global registry +} + +// Run runs the test function for all combinations of dependency API revisions. +func (cfg UnitTestConfig) Run(t *testing.T, f func(t *testing.T, f UnitTestFixture)) { + // ... +} +``` + +Here is an example for testing bar calling foo which takes advantage of conditional service revisions in the expected +mock arguments: + +```go +func TestBar(t *testing.T) { + UnitTestConfig{ModuleConfig: &foomodulev1.Module{}}.Run(t, func (t *testing.T, f moduletesting.UnitTestFixture) { + ctrl := gomock.NewController(t) + mockFooMsgServer := footestutil.NewMockMsgServer() + foov1.RegisterMsgServer(f, mockFooMsgServer) + barMsgClient := barv1.NewMsgClient(f) + if f.ServiceRevision(foov1.Msg_ServiceDesc.ServiceName) >= 1 { + mockFooMsgServer.EXPECT().DoSomething(gomock.Any(), &foov1.MsgDoSomething{ + ..., + Condition: ..., // condition is expected in revision >= 1 + }).Return(&foov1.MsgDoSomethingResponse{}, nil) + } else { + mockFooMsgServer.EXPECT().DoSomething(gomock.Any(), &foov1.MsgDoSomething{...}).Return(&foov1.MsgDoSomethingResponse{}, nil) + } + res, err := barMsgClient.CallFoo(f, &MsgCallFoo{}) + ... + }) +} +``` + +The unit test runner would make sure that no dependency mocks return arguments which are invalid for the service +revision being tested to ensure that modules don't incorrectly depend on functionality not present in a given revision. + +#### Integration Testing + +An integration test runner and fixture would also be provided which instead of using mocks would test actual module +dependencies in various combinations. Here is the proposed API: + +```go +type IntegrationTestFixture interface { + TestFixture +} + +type IntegrationTestConfig struct { + ModuleConfig proto.Message // the module's config object + DependencyMatrix map[string][]proto.Message // all the dependent module configs +} + +// Run runs the test function for all combinations of dependency modules. +func (cfg IntegrationTestConfig) Run(t *testing.T, f func (t *testing.T, f IntegrationTestFixture)) { + // ... +} +``` + +And here is an example with foo and bar: + +```go +func TestBarIntegration(t *testing.T) { + IntegrationTestConfig{ + ModuleConfig: &barmodulev1.Module{}, + DependencyMatrix: map[string][]proto.Message{ + "runtime": []proto.Message{ // test against two versions of runtime + &runtimev1.Module{}, + &runtimev2.Module{}, + }, + "foo": []proto.Message{ // test against three versions of foo + &foomodulev1.Module{}, + &foomodulev2.Module{}, + &foomodulev3.Module{}, + } + } + }.Run(t, func (t *testing.T, f moduletesting.IntegrationTestFixture) { + barMsgClient := barv1.NewMsgClient(f) + res, err := barMsgClient.CallFoo(f, &MsgCallFoo{}) + ... + }) +} +``` + +Unlike unit tests, integration tests actually pull in other module dependencies. So that modules can be written +without direct dependencies on other modules and because golang has no concept of development dependencies, integration +tests should be written in separate go modules, ex. `example.com/bar/v2/test`. Because this paradigm uses go semantic +versioning, it is possible to build a single go module which imports 3 versions of bar and 2 versions of runtime and +can test these all together in the six various combinations of dependencies. + +## Consequences + +### Backwards Compatibility + +Modules which migrate fully to ADR 033 will not be compatible with existing modules which use the keeper paradigm. +As a temporary workaround we may create some wrapper types that emulate the current keeper interface to minimize +the migration overhead. + +### Positive + +* we will be able to deliver interoperable semantically versioned modules which should dramatically increase the + ability of the Cosmos SDK ecosystem to iterate on new features +* it will be possible to write Cosmos SDK modules in other languages in the near future + +### Negative + +* all modules will need to be refactored somewhat dramatically + +### Neutral + +* the `cosmossdk.io/core/appconfig` framework will play a more central role in terms of how modules are defined, this + is likely generally a good thing but does mean additional changes for users wanting to stick to the pre-depinject way + of wiring up modules +* `depinject` is somewhat less needed or maybe even obviated because of the full ADR 033 approach. If we adopt the + core API proposed in https://github.com/cosmos/cosmos-sdk/pull/12239, then a module would probably always instantiate + itself with a method `ProvideModule(appmodule.Service) (appmodule.AppModule, error)`. There is no complex wiring of + keeper dependencies in this scenario and dependency injection may not have as much of (or any) use case. + +## Further Discussions + +The decision described above is considered in draft mode and is pending final buy-in from the team and key stakeholders. +Key outstanding discussions if we do adopt that direction are: + +* how do module clients introspect dependency module API revisions +* how do modules determine a minor dependency module API revision requirement +* how do modules appropriately test compatibility with different dependency versions +* how to register and resolve interface implementations +* how do modules register their protobuf file descriptors depending on the approach they take to generated code (the + API module approach may still be viable as a supported strategy and would need pinned file descriptors) + +## References + +* https://github.com/cosmos/cosmos-sdk/discussions/10162 +* https://github.com/cosmos/cosmos-sdk/discussions/10582 +* https://github.com/cosmos/cosmos-sdk/discussions/10368 +* https://github.com/cosmos/cosmos-sdk/pull/11340 +* https://github.com/cosmos/cosmos-sdk/issues/11899 +* [ADR 020](./adr-020-protobuf-transaction-encoding.md) +* [ADR 033](./adr-033-protobuf-inter-module-comm.md) diff --git a/copy-of-sdk-docs/build/architecture/adr-055-orm.md b/copy-of-sdk-docs/build/architecture/adr-055-orm.md new file mode 100644 index 00000000..6d5974e5 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-055-orm.md @@ -0,0 +1,114 @@ +# ADR 055: ORM + +## Changelog + +* 2022-04-27: First draft + +## Status + +ACCEPTED Implemented + +## Abstract + +In order to make it easier for developers to build Cosmos SDK modules and for clients to query, index and verify proofs +against state data, we have implemented an ORM (object-relational mapping) layer for the Cosmos SDK. + +## Context + +Historically modules in the Cosmos SDK have always used the key-value store directly and created various handwritten +functions for managing key format as well as constructing secondary indexes. This consumes a significant amount of +time when building a module and is error-prone. Because key formats are non-standard, sometimes poorly documented, +and subject to change, it is hard for clients to generically index, query and verify merkle proofs against state data. + +The known first instance of an "ORM" in the Cosmos ecosystem was in [weave](https://github.com/iov-one/weave/tree/master/orm). +A later version was built for [regen-ledger](https://github.com/regen-network/regen-ledger/tree/157181f955823149e1825263a317ad8e16096da4/orm) for +use in the group module and later [ported to the SDK](https://github.com/cosmos/cosmos-sdk/tree/35d3312c3be306591fcba39892223f1244c8d108/x/group/internal/orm) +just for that purpose. + +While these earlier designs made it significantly easier to write state machines, they still required a lot of manual +configuration, didn't expose state format directly to clients, and were limited in their support of different types +of index keys, composite keys, and range queries. + +Discussions about the design continued in https://github.com/cosmos/cosmos-sdk/discussions/9156 and more +sophisticated proofs of concept were created in https://github.com/allinbits/cosmos-sdk-poc/tree/master/runtime/orm +and https://github.com/cosmos/cosmos-sdk/pull/10454. + +## Decision + +These prior efforts culminated in the creation of the Cosmos SDK `orm` go module which uses protobuf annotations +for specifying ORM table definitions. This ORM is based on the new `google.golang.org/protobuf/reflect/protoreflect` +API and supports: + +* sorted indexes for all simple protobuf types (except `bytes`, `enum`, `float`, `double`) as well as `Timestamp` and `Duration` +* unsorted `bytes` and `enum` indexes +* composite primary and secondary keys +* unique indexes +* auto-incrementing `uint64` primary keys +* complex prefix and range queries +* paginated queries +* complete logical decoding of KV-store data + +Almost all the information needed to decode state directly is specified in .proto files. Each table definition specifies +an ID which is unique per .proto file and each index within a table is unique within that table. Clients then only need +to know the name of a module and the prefix ORM data for a specific .proto file within that module in order to decode +state data directly. This additional information will be exposed directly through app configs which will be explained +in a future ADR related to app wiring. + +The ORM makes optimizations around storage space by not repeating values in the primary key in the key value +when storing primary key records. For example, if the object `{"a":0,"b":1}` has the primary key `a`, it will +be stored in the key value store as `Key: '0', Value: {"b":1}` (with more efficient protobuf binary encoding). +Also, the generated code from https://github.com/cosmos/cosmos-proto does optimizations around the +`google.golang.org/protobuf/reflect/protoreflect` API to improve performance. + +A code generator is included with the ORM which creates type safe wrappers around the ORM's dynamic `Table` +implementation and is the recommended way for modules to use the ORM. + +The ORM tests provide a simplified bank module demonstration which illustrates: + +* [ORM proto options](https://github.com/cosmos/cosmos-sdk/blob/0d846ae2f0424b2eb640f6679a703b52d407813d/orm/internal/testpb/bank.proto) +* [Generated Code](https://github.com/cosmos/cosmos-sdk/blob/0d846ae2f0424b2eb640f6679a703b52d407813d/orm/internal/testpb/bank.cosmos_orm.go) +* [Example Usage in a Module Keeper](https://github.com/cosmos/cosmos-sdk/blob/0d846ae2f0424b2eb640f6679a703b52d407813d/orm/model/ormdb/module_test.go) + +## Consequences + +### Backwards Compatibility + +State machine code that adopts the ORM will need migrations as the state layout is generally backwards incompatible. +These state machines will also need to migrate to https://github.com/cosmos/cosmos-proto at least for state data. + +### Positive + +* easier to build modules +* easier to add secondary indexes to state +* possible to write a generic indexer for ORM state +* easier to write clients that do state proofs +* possible to automatically write query layers rather than needing to manually implement gRPC queries + +### Negative + +* worse performance than handwritten keys (for now). See [Further Discussions](#further-discussions) +for potential improvements + +### Neutral + +## Further Discussions + +Further discussions will happen within the Cosmos SDK Framework Working Group. Current planned and ongoing work includes: + +* automatically generate client-facing query layer +* client-side query libraries that transparently verify light client proofs +* index ORM data to SQL databases +* improve performance by: + * optimizing existing reflection based code to avoid unnecessary gets when doing deletes & updates of simple tables + * more sophisticated code generation such as making fast path reflection even faster (avoiding `switch` statements), + or even fully generating code that equals handwritten performance + + +## References + +* https://github.com/iov-one/weave/tree/master/orm). +* https://github.com/regen-network/regen-ledger/tree/157181f955823149e1825263a317ad8e16096da4/orm +* https://github.com/cosmos/cosmos-sdk/tree/35d3312c3be306591fcba39892223f1244c8d108/x/group/internal/orm +* https://github.com/cosmos/cosmos-sdk/discussions/9156 +* https://github.com/allinbits/cosmos-sdk-poc/tree/master/runtime/orm +* https://github.com/cosmos/cosmos-sdk/pull/10454 diff --git a/copy-of-sdk-docs/build/architecture/adr-057-app-wiring.md b/copy-of-sdk-docs/build/architecture/adr-057-app-wiring.md new file mode 100644 index 00000000..824403fb --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-057-app-wiring.md @@ -0,0 +1,369 @@ +# ADR 057: App Wiring + +## Changelog + +* 2022-05-04: Initial Draft +* 2022-08-19: Updates + +## Status + +PROPOSED Implemented + +## Abstract + +In order to make it easier to build Cosmos SDK modules and apps, we propose a new app wiring system based on +dependency injection and declarative app configurations to replace the current `app.go` code. + +## Context + +A number of factors have made the SDK and SDK apps in their current state hard to maintain. A symptom of the current +state of complexity is [`simapp/app.go`](https://github.com/cosmos/cosmos-sdk/blob/c3edbb22cab8678c35e21fe0253919996b780c01/simapp/app.go) +which contains almost 100 lines of imports and is otherwise over 600 lines of mostly boilerplate code that is +generally copied to each new project. (Not to mention the additional boilerplate which gets copied in `simapp/simd`.) + +The large amount of boilerplate needed to bootstrap an app has made it hard to release independently versioned go +modules for Cosmos SDK modules as described in [ADR 053: Go Module Refactoring](./adr-053-go-module-refactoring.md). + +In addition to being very verbose and repetitive, `app.go` also exposes a large surface area for breaking changes +as most modules instantiate themselves with positional parameters which forces breaking changes anytime a new parameter +(even an optional one) is needed. + +Several attempts were made to improve the current situation including [ADR 033: Internal-Module Communication](./adr-033-protobuf-inter-module-comm.md) +and [a proof-of-concept of a new SDK](https://github.com/allinbits/cosmos-sdk-poc). The discussions around these +designs led to the current solution described here. + +## Decision + +In order to improve the current situation, a new "app wiring" paradigm has been designed to replace `app.go` which +involves: + +* declaration configuration of the modules in an app which can be serialized to JSON or YAML +* a dependency-injection (DI) framework for instantiating apps from the configuration + +### Dependency Injection + +When examining the code in `app.go` most of the code simply instantiates modules with dependencies provided either +by the framework (such as store keys) or by other modules (such as keepers). It is generally pretty obvious given +the context what the correct dependencies actually should be, so dependency-injection is an obvious solution. Rather +than making developers manually resolve dependencies, a module will tell the DI container what dependency it needs +and the container will figure out how to provide it. + +We explored several existing DI solutions in golang and felt that the reflection-based approach in [uber/dig](https://github.com/uber-go/dig) +was closest to what we needed but not quite there. Assessing what we needed for the SDK, we designed and built +the Cosmos SDK [depinject module](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/depinject), which has the following +features: + +* dependency resolution and provision through functional constructors, ex: `func(need SomeDep) (AnotherDep, error)` +* dependency injection `In` and `Out` structs which support `optional` dependencies +* grouped-dependencies (many-per-container) through the `ManyPerContainerType` tag interface +* module-scoped dependencies via `ModuleKey`s (where each module gets a unique dependency) +* one-per-module dependencies through the `OnePerModuleType` tag interface +* sophisticated debugging information and container visualization via GraphViz + +Here are some examples of how these would be used in an SDK module: + +* `StoreKey` could be a module-scoped dependency which is unique per module +* a module's `AppModule` instance (or the equivalent) could be a `OnePerModuleType` +* CLI commands could be provided with `ManyPerContainerType`s + +Note that even though dependency resolution is dynamic and based on reflection, which could be considered a pitfall +of this approach, the entire dependency graph should be resolved immediately on app startup and only gets resolved +once (except in the case of dynamic config reloading which is a separate topic). This means that if there are any +errors in the dependency graph, they will get reported immediately on startup so this approach is only slightly worse +than fully static resolution in terms of error reporting and much better in terms of code complexity. + +### Declarative App Config + +In order to compose modules into an app, a declarative app configuration will be used. This configuration is based off +of protobuf and its basic structure is very simple: + +```protobuf +package cosmos.app.v1; + +message Config { + repeated ModuleConfig modules = 1; +} + +message ModuleConfig { + string name = 1; + google.protobuf.Any config = 2; +} +``` + +(See also https://github.com/cosmos/cosmos-sdk/blob/6e18f582bf69e3926a1e22a6de3c35ea327aadce/proto/cosmos/app/v1alpha1/config.proto) + +The configuration for every module is itself a protobuf message and modules will be identified and loaded based +on the protobuf type URL of their config object (ex. `cosmos.bank.module.v1.Module`). Modules are given a unique short `name` +to share resources across different versions of the same module which might have a different protobuf package +versions (ex. `cosmos.bank.module.v2.Module`). All module config objects should define the `cosmos.app.v1alpha1.module` +descriptor option which will provide additional useful metadata for the framework and which can also be indexed +in module registries. + +An example app config in YAML might look like this: + +```yaml +modules: + - name: baseapp + config: + "@type": cosmos.baseapp.module.v1.Module + begin_blockers: [staking, auth, bank] + end_blockers: [bank, auth, staking] + init_genesis: [bank, auth, staking] + - name: auth + config: + "@type": cosmos.auth.module.v1.Module + bech32_prefix: "foo" + - name: bank + config: + "@type": cosmos.bank.module.v1.Module + - name: staking + config: + "@type": cosmos.staking.module.v1.Module +``` + +In the above example, there is a hypothetical `baseapp` module which contains the information around ordering of +begin blockers, end blockers, and init genesis. Rather than lifting these concerns up to the module config layer, +they are themselves handled by a module which could allow a convenient way of swapping out different versions of +baseapp (for instance to target different versions of tendermint), without needing to change the rest of the config. +The `baseapp` module would then provide to the server framework (which sort of sits outside the ABCI app) an instance +of `abci.Application`. + +In this model, an app is *modules all the way down* and the dependency injection/app config layer is very much +protocol-agnostic and can adapt to even major breaking changes at the protocol layer. + +### Module & Protobuf Registration + +In order for the two components of dependency injection and declarative configuration to work together as described, +we need a way for modules to actually register themselves and provide dependencies to the container. + +One additional complexity that needs to be handled at this layer is protobuf registry initialization. Recall that +in both the current SDK `codec` and the proposed [ADR 054: Protobuf Semver Compatible Codegen](https://github.com/cosmos/cosmos-sdk/pull/11802), +protobuf types need to be explicitly registered. Given that the app config itself is based on protobuf and +uses protobuf `Any` types, protobuf registration needs to happen before the app config itself can be decoded. Because +we don't know which protobuf `Any` types will be needed a priori and modules themselves define those types, we need +to decode the app config in separate phases: + +1. parse app config JSON/YAML as raw JSON and collect required module type URLs (without doing proto JSON decoding) +2. build a [protobuf type registry](https://pkg.go.dev/google.golang.org/protobuf@v1.28.0/reflect/protoregistry) based + on file descriptors and types provided by each required module +3. decode the app config as proto JSON using the protobuf type registry + +Because in [ADR 054: Protobuf Semver Compatible Codegen](https://github.com/cosmos/cosmos-sdk/pull/11802), each module +might use `internal` generated code which is not registered with the global protobuf registry, this code should provide +an alternate way to register protobuf types with a type registry. In the same way that `.pb.go` files currently have a +`var File_foo_proto protoreflect.FileDescriptor` for the file `foo.proto`, generated code should have a new member +`var Types_foo_proto TypeInfo` where `TypeInfo` is an interface or struct with all the necessary info to register both +the protobuf generated types and file descriptor. + +So a module must provide dependency injection providers and protobuf types, and takes as input its module +config object which uniquely identifies the module based on its type URL. + +With this in mind, we define a global module register which allows module implementations to register themselves +with the following API: + +```go +// Register registers a module with the provided type name (ex. cosmos.bank.module.v1.Module) +// and the provided options. +func Register(configTypeName protoreflect.FullName, option ...Option) { ... } + +type Option { /* private methods */ } + +// Provide registers dependency injection provider functions which work with the +// cosmos-sdk container module. These functions can also accept an additional +// parameter for the module's config object. +func Provide(providers ...interface{}) Option { ... } + +// Types registers protobuf TypeInfo's with the protobuf registry. +func Types(types ...TypeInfo) Option { ... } +``` + +Ex: + +```go +func init() { + appmodule.Register("cosmos.bank.module.v1.Module", + appmodule.Types( + types.Types_tx_proto, + types.Types_query_proto, + types.Types_types_proto, + ), + appmodule.Provide( + provideBankModule, + ) + ) +} + +type Inputs struct { + container.In + + AuthKeeper auth.Keeper + DB ormdb.ModuleDB +} + +type Outputs struct { + Keeper bank.Keeper + AppModule appmodule.AppModule +} + +func ProvideBankModule(config *bankmodulev1.Module, Inputs) (Outputs, error) { ... } +``` + +Note that in this module, a module configuration object *cannot* register different dependency providers at runtime +based on the configuration. This is intentional because it allows us to know globally which modules provide which +dependencies, and it will also allow us to do code generation of the whole app initialization. This +can help us figure out issues with missing dependencies in an app config if the needed modules are loaded at runtime. +In cases where required modules are not loaded at runtime, it may be possible to guide users to the correct module if +through a global Cosmos SDK module registry. + +The `*appmodule.Handler` type referenced above is a replacement for the legacy `AppModule` framework, and +described in [ADR 063: Core Module API](./adr-063-core-module-api.md). + +### New `app.go` + +With this setup, `app.go` might now look something like this: + +```go +package main + +import ( + // Each go package which registers a module must be imported just for side-effects + // so that module implementations are registered. + _ "github.com/cosmos/cosmos-sdk/x/auth/module" + _ "github.com/cosmos/cosmos-sdk/x/bank/module" + _ "github.com/cosmos/cosmos-sdk/x/staking/module" + "github.com/cosmos/cosmos-sdk/core/app" +) + +// go:embed app.yaml +var appConfigYAML []byte + +func main() { + app.Run(app.LoadYAML(appConfigYAML)) +} +``` + +### Application to existing SDK modules + +So far we have described a system which is largely agnostic to the specifics of the SDK such as store keys, `AppModule`, +`BaseApp`, etc. Improvements to these parts of the framework that integrate with the general app wiring framework +defined here are described in [ADR 063: Core Module API](./adr-063-core-module-api.md). + +### Registration of Inter-Module Hooks + +Some modules define a hooks interface (ex. `StakingHooks`) which allows one module to call back into another module +when certain events happen. + +With the app wiring framework, these hooks interfaces can be defined as a `OnePerModuleType`s and then the module +which consumes these hooks can collect these hooks as a map of module name to hook type (ex. `map[string]FooHooks`). Ex: + +```go +func init() { + appmodule.Register( + &foomodulev1.Module{}, + appmodule.Invoke(InvokeSetFooHooks), + ... + ) +} +func InvokeSetFooHooks( + keeper *keeper.Keeper, + fooHooks map[string]FooHooks, +) error { + for k in sort.Strings(maps.Keys(fooHooks)) { + keeper.AddFooHooks(fooHooks[k]) + } +} +``` + +Optionally, the module consuming hooks can allow app's to define an order for calling these hooks based on module name +in its config object. + +An alternative way for registering hooks via reflection was considered where all keeper types are inspected to see if +they implement the hook interface by the modules exposing hooks. This has the downsides of: + +* needing to expose all the keepers of all modules to the module providing hooks, +* not allowing for encapsulating hooks on a different type which doesn't expose all keeper methods, +* harder to know statically which module expose hooks or are checking for them. + +With the approach proposed here, hooks registration will be obviously observable in `app.go` if `depinject` codegen +(described below) is used. + +### Code Generation + +The `depinject` framework will optionally allow the app configuration and dependency injection wiring to be code +generated. This will allow: + +* dependency injection wiring to be inspected as regular go code just like the existing `app.go`, +* dependency injection to be opt-in with manual wiring 100% still possible. + +Code generation requires that all providers and invokers and their parameters are exported and in non-internal packages. + +### Module Semantic Versioning + +When we start creating semantically versioned SDK modules that are in standalone go modules, a state machine breaking +change to a module should be handled as follows: + +* the semantic major version should be incremented, and +* a new semantically versioned module config protobuf type should be created. + +For instance, if we have the SDK module for bank in the go module `github.com/cosmos/cosmos-sdk/x/bank` with the module config type +`cosmos.bank.module.v1.Module`, and we want to make a state machine breaking change to the module, we would: + +* create a new go module `github.com/cosmos/cosmos-sdk/x/bank/v2`, +* with the module config protobuf type `cosmos.bank.module.v2.Module`. + +This *does not* mean that we need to increment the protobuf API version for bank. Both modules can support +`cosmos.bank.v1`, but `github.com/cosmos/cosmos-sdk/x/bank/v2` will be a separate go module with a separate module config type. + +This practice will eventually allow us to use appconfig to load new versions of a module via a configuration change. + +Effectively, there should be a 1:1 correspondence between a semantically versioned go module and a +versioned module config protobuf type, and major versioning bumps should occur whenever state machine breaking changes +are made to a module. + +NOTE: SDK modules that are standalone go modules *should not* adopt semantic versioning until the concerns described in +[ADR 054: Module Semantic Versioning](./adr-054-semver-compatible-modules.md) are +addressed. The short-term solution for this issue was left somewhat unresolved. However, the easiest tactic is +likely to use a standalone API go module and follow the guidelines described in this comment: https://github.com/cosmos/cosmos-sdk/pull/11802#issuecomment-1406815181. For the time-being, it is recommended that +Cosmos SDK modules continue to follow tried and true [0-based versioning](https://0ver.org) until an officially +recommended solution is provided. This section of the ADR will be updated when that happens and for now, this section +should be considered as a design recommendation for future adoption of semantic versioning. + +## Consequences + +### Backwards Compatibility + +Modules which work with the new app wiring system do not need to drop their existing `AppModule` and `NewKeeper` +registration paradigms. These two methods can live side-by-side for as long as is needed. + +### Positive + +* wiring up new apps will be simpler, more succinct and less error-prone +* it will be easier to develop and test standalone SDK modules without needing to replicate all of simapp +* it may be possible to dynamically load modules and upgrade chains without needing to do a coordinated stop and binary + upgrade using this mechanism +* easier plugin integration +* dependency injection framework provides more automated reasoning about dependencies in the project, with a graph visualization. + +### Negative + +* it may be confusing when a dependency is missing although error messages, the GraphViz visualization, and global + module registration may help with that + +### Neutral + +* it will require work and education + +## Further Discussions + +The protobuf type registration system described in this ADR has not been implemented and may need to be reconsidered in +light of code generation. It may be better to do this type registration with a DI provider. + +## References + +* https://github.com/cosmos/cosmos-sdk/blob/c3edbb22cab8678c35e21fe0253919996b780c01/simapp/app.go +* https://github.com/allinbits/cosmos-sdk-poc +* https://github.com/uber-go/dig +* https://github.com/google/wire +* https://pkg.go.dev/github.com/cosmos/cosmos-sdk/container +* https://github.com/cosmos/cosmos-sdk/pull/11802 +* [ADR 063: Core Module API](./adr-063-core-module-api.md) diff --git a/copy-of-sdk-docs/build/architecture/adr-058-auto-generated-cli.md b/copy-of-sdk-docs/build/architecture/adr-058-auto-generated-cli.md new file mode 100644 index 00000000..8dc78920 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-058-auto-generated-cli.md @@ -0,0 +1,98 @@ +# ADR 058: Auto-Generated CLI + +## Changelog + +* 2022-05-04: Initial Draft + +## Status + +ACCEPTED Partially Implemented + +## Abstract + +In order to make it easier for developers to write Cosmos SDK modules, we provide infrastructure which automatically +generates CLI commands based on protobuf definitions. + +## Context + +Current Cosmos SDK modules generally implement a CLI command for every transaction and every query supported by the +module. These are handwritten for each command and essentially amount to providing some CLI flags or positional +arguments for specific fields in protobuf messages. + +In order to make sure CLI commands are correctly implemented as well as to make sure that the application works +in end-to-end scenarios, we do integration tests using CLI commands. While these tests are valuable on some-level, +they can be hard to write and maintain, and run slowly. [Some teams have contemplated](https://github.com/regen-network/regen-ledger/issues/1041) +moving away from CLI-style integration tests (which are really end-to-end tests) towards narrower integration tests +which exercise `MsgClient` and `QueryClient` directly. This might involve replacing the current end-to-end CLI +tests with unit tests as there still needs to be some way to test these CLI commands for full quality assurance. + +## Decision + +To make module development simpler, we provide infrastructure - in the new [`client/v2`](https://github.com/cosmos/cosmos-sdk/tree/main/client/v2) +go module - for automatically generating CLI commands based on protobuf definitions to either replace or complement +handwritten CLI commands. This will mean that when developing a module, it will be possible to skip both writing and +testing CLI commands as that can all be taken care of by the framework. + +The basic design for automatically generating CLI commands is to: + +* create one CLI command for each `rpc` method in a protobuf `Query` or `Msg` service +* create a CLI flag for each field in the `rpc` request type +* for `query` commands call gRPC and print the response as protobuf JSON or YAML (via the `-o`/`--output` flag) +* for `tx` commands, create a transaction and apply common transaction flags + +In order to make the auto-generated CLI as easy to use (or easier) than handwritten CLI, we need to do custom handling +of specific protobuf field types so that the input format is easy for humans: + +* `Coin`, `Coins`, `DecCoin`, and `DecCoins` should be input using the existing format (i.e. `1000uatom`) +* it should be possible to specify an address using either the bech32 address string or a named key in the keyring +* `Timestamp` and `Duration` should accept strings like `2001-01-01T00:00:00Z` and `1h3m` respectively +* pagination should be handled with flags like `--page-limit`, `--page-offset`, etc. +* it should be possible to customize any other protobuf type either via its message name or a `cosmos_proto.scalar` annotation + +At a basic level it should be possible to generate a command for a single `rpc` method as well as all the commands for +a whole protobuf `service` definition. It should be possible to mix and match auto-generated and handwritten commands. + +## Consequences + +### Backwards Compatibility + +Existing modules can mix and match auto-generated and handwritten CLI commands so it is up to them as to whether they +make breaking changes by replacing handwritten commands with slightly different auto-generated ones. + +For now the SDK will maintain the existing set of CLI commands for backwards compatibility but new commands will use +this functionality. + +### Positive + +* module developers will not need to write CLI commands +* module developers will not need to test CLI commands +* [lens](https://github.com/strangelove-ventures/lens) may benefit from this + +### Negative + +### Neutral + +## Further Discussions + +We would like to be able to customize: + +* short and long usage strings for commands +* aliases for flags (ex. `-a` for `--amount`) +* which fields are positional parameters rather than flags + +It is an [open discussion](https://github.com/cosmos/cosmos-sdk/pull/11725#issuecomment-1108676129) +as to whether these customizations options should lie in: + +* the .proto files themselves, +* separate config files (ex. YAML), or +* directly in code + +Providing the options in .proto files would allow a dynamic client to automatically generate +CLI commands on the fly. However, that may pollute the .proto files themselves with information that is only relevant +for a small subset of users. + +## References + +* https://github.com/regen-network/regen-ledger/issues/1041 +* https://github.com/cosmos/cosmos-sdk/tree/main/client/v2 +* https://github.com/cosmos/cosmos-sdk/pull/11725#issuecomment-1108676129 diff --git a/copy-of-sdk-docs/build/architecture/adr-059-test-scopes.md b/copy-of-sdk-docs/build/architecture/adr-059-test-scopes.md new file mode 100644 index 00000000..6fa387c2 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-059-test-scopes.md @@ -0,0 +1,254 @@ +# ADR 059: Test Scopes + +## Changelog + +* 2022-08-02: Initial Draft +* 2023-03-02: Add precision for integration tests +* 2023-03-23: Add precision for E2E tests + +## Status + +PROPOSED Partially Implemented + +## Abstract + +Recent work in the SDK aimed at breaking apart the monolithic root go module has highlighted +shortcomings and inconsistencies in our testing paradigm. This ADR clarifies a common +language for talking about test scopes and proposes an ideal state of tests at each scope. + +## Context + +[ADR-053: Go Module Refactoring](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-053-go-module-refactoring.md) expresses our desire for an SDK composed of many +independently versioned Go modules, and [ADR-057: App Wiring](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-057-app-wiring.md) offers a methodology +for breaking apart inter-module dependencies through the use of dependency injection. As +described in [EPIC: Separate all SDK modules into standalone go modules](https://github.com/cosmos/cosmos-sdk/issues/11899), module +dependencies are particularly complected in the test phase, where simapp is used as +the key test fixture in setting up and running tests. It is clear that the successful +completion of Phases 3 and 4 in that EPIC require the resolution of this dependency problem. + +In [EPIC: Unit Testing of Modules via Mocks](https://github.com/cosmos/cosmos-sdk/issues/12398) it was thought this Gordian knot could be +unwound by mocking all dependencies in the test phase for each module, but seeing how these +refactors were complete rewrites of test suites discussions began around the fate of the +existing integration tests. One perspective is that they ought to be thrown out, another is +that integration tests have some utility of their own and a place in the SDK's testing story. + +Another point of confusion has been the current state of CLI test suites, [x/auth](https://github.com/cosmos/cosmos-sdk/blob/0f7e56c6f9102cda0ca9aba5b6f091dbca976b5a/x/auth/client/testutil/suite.go#L44-L49) for +example. In code these are called integration tests, but in reality function as end to end +tests by starting up a tendermint node and full application. [EPIC: Rewrite and simplify +CLI tests](https://github.com/cosmos/cosmos-sdk/issues/12696) identifies the ideal state of CLI tests using mocks, but does not address the +place end to end tests may have in the SDK. + +From here we identify three scopes of testing, **unit**, **integration**, **e2e** (end to +end), seek to define the boundaries of each, their shortcomings (real and imposed), and their +ideal state in the SDK. + +### Unit tests + +Unit tests exercise the code contained in a single module (e.g. `/x/bank`) or package +(e.g. `/client`) in isolation from the rest of the code base. Within this we identify two +levels of unit tests, *illustrative* and *journey*. The definitions below lean heavily on +[The BDD Books - Formulation](https://leanpub.com/bddbooks-formulation) section 1.3. + +*Illustrative* tests exercise an atomic part of a module in isolation - in this case we +might do fixture setup/mocking of other parts of the module. + +Tests which exercise a whole module's function with dependencies mocked, are *journeys*. +These are almost like integration tests in that they exercise many things together but still +use mocks. + +Example 1 journey vs illustrative tests - [depinject's BDD style tests](https://github.com/cosmos/cosmos-sdk/blob/main/depinject/binding_test.go), show how we can +rapidly build up many illustrative cases demonstrating behavioral rules without [very much code](https://github.com/cosmos/cosmos-sdk/blob/main/depinject/binding_test.go) while maintaining high level readability. + +Example 2 [depinject table driven tests](https://github.com/cosmos/cosmos-sdk/blob/main/depinject/provider_desc_test.go) + +Example 3 [Bank keeper tests](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/x/bank/keeper/keeper_test.go#L94-L105) - A mock implementation of `AccountKeeper` is supplied to the keeper constructor. + +#### Limitations + +Certain modules are tightly coupled beyond the test phase. A recent dependency report for +`bank -> auth` found 274 total usages of `auth` in `bank`, 50 of which are in +production code and 224 in test. This tight coupling may suggest that either the modules +should be merged, or refactoring is required to abstract references to the core types tying +the modules together. It could also indicate that these modules should be tested together +in integration tests beyond mocked unit tests. + +In some cases setting up a test case for a module with many mocked dependencies can be quite +cumbersome and the resulting test may only show that the mocking framework works as expected +rather than working as a functional test of interdependent module behavior. + +### Integration tests + +Integration tests define and exercise relationships between an arbitrary number of modules +and/or application subsystems. + +Wiring for integration tests is provided by `depinject` and some [helper code](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/testutil/sims/app_helpers.go#L95) starts up +a running application. A section of the running application may then be tested. Certain +inputs during different phases of the application life cycle are expected to produce +invariant outputs without too much concern for component internals. This type of black box +testing has a larger scope than unit testing. + +Example 1 [client/grpc_query_test/TestGRPCQuery](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/client/grpc_query_test.go#L111-L129) - This test is misplaced in `/client`, +but tests the life cycle of (at least) `runtime` and `bank` as they progress through +startup, genesis and query time. It also exercises the fitness of the client and query +server without putting bytes on the wire through the use of [QueryServiceTestHelper](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/baseapp/grpcrouter_helpers.go#L31). + +Example 2 `x/evidence` Keeper integration tests - Starts up an application composed of [8 +modules](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/x/evidence/testutil/app.yaml#L1) with [5 keepers](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/x/evidence/keeper/keeper_test.go#L101-L106) used in the integration test suite. One test in the suite +exercises [HandleEquivocationEvidence](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/x/evidence/keeper/infraction_test.go#L42) which contains many interactions with the staking +keeper. + +Example 3 - Integration suite app configurations may also be specified via golang (not +YAML as above) [statically](https://github.com/cosmos/cosmos-sdk/blob/main/x/nft/testutil/app_config.go) or [dynamically](https://github.com/cosmos/cosmos-sdk/blob/8c23f6f957d1c0bedd314806d1ac65bea59b084c/tests/integration/bank/keeper/keeper_test.go#L129-L134). + +#### Limitations + +Setting up a particular input state may be more challenging since the application is +starting from a zero state. Some of this may be addressed by good test fixture +abstractions with testing of their own. Tests may also be more brittle, and larger +refactors could impact application initialization in unexpected ways with harder to +understand errors. This could also be seen as a benefit, and indeed the SDK's current +integration tests were helpful in tracking down logic errors during earlier stages +of app-wiring refactors. + +### Simulations + +Simulations (also called generative testing) are a special case of integration tests where +deterministically random module operations are executed against a running simapp, building +blocks on the chain until a specified height is reached. No *specific* assertions are +made for the state transitions resulting from module operations but any error will halt and +fail the simulation. Since `crisis` is included in simapp and the simulation runs +EndBlockers at the end of each block any module invariant violations will also fail +the simulation. + +Modules must implement [AppModuleSimulation.WeightedOperations](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/types/module/simulation.go#L31) to define their +simulation operations. Note that not all modules implement this which may indicate a +gap in current simulation test coverage. + +Modules not returning simulation operations: + +* `auth` +* `evidence` +* `mint` +* `params` + +A separate binary, [runsim](https://github.com/cosmos/tools/tree/master/cmd/runsim), is responsible for kicking off some of these tests and +managing their life cycle. + +#### Limitations + +* [A success](https://github.com/cosmos/cosmos-sdk/runs/7606931983?check_suite_focus=true) may take a long time to run, 7-10 minutes per simulation in CI. +* [Timeouts](https://github.com/cosmos/cosmos-sdk/runs/7606932295?check_suite_focus=true) sometimes occur on apparent successes without any indication why. +* Useful error messages not provided on [failure](https://github.com/cosmos/cosmos-sdk/runs/7606932548?check_suite_focus=true) from CI, requiring a developer to run + the simulation locally to reproduce. + +### E2E tests + +End to end tests exercise the entire system as we understand it in as close an approximation +to a production environment as is practical. Presently these tests are located at +[tests/e2e](https://github.com/cosmos/cosmos-sdk/tree/main/tests/e2e) and rely on [testutil/network](https://github.com/cosmos/cosmos-sdk/tree/main/testutil/network) to start up an in-process Tendermint node. + +An application should be built as minimally as possible to exercise the desired functionality. +The SDK uses an application will only the required modules for the tests. The application developer is advised to use its own application for e2e tests. + +#### Limitations + +In general the limitations of end to end tests are orchestration and compute cost. +Scaffolding is required to start up and run a prod-like environment and this +process takes much longer to start and run than unit or integration tests. + +Global locks present in Tendermint code cause stateful starting/stopping to sometimes hang +or fail intermittently when run in a CI environment. + +The scope of e2e tests has been complected with command line interface testing. + +## Decision + +We accept these test scopes and identify the following decisions points for each. + +| Scope | App Type | Mocks? | +| ----------- | ------------------- | ------ | +| Unit | None | Yes | +| Integration | integration helpers | Some | +| Simulation | minimal app | No | +| E2E | minimal app | No | + +The decision above is valid for the SDK. An application developer should test their application with their full application instead of the minimal app. + +### Unit Tests + +All modules must have mocked unit test coverage. + +Illustrative tests should outnumber journeys in unit tests. + +Unit tests should outnumber integration tests. + +Unit tests must not introduce additional dependencies beyond those already present in +production code. + +When module unit test introduction as per [EPIC: Unit testing of modules via mocks](https://github.com/cosmos/cosmos-sdk/issues/12398) +results in a near complete rewrite of an integration test suite the test suite should be +retained and moved to `/tests/integration`. We accept the resulting test logic +duplication but recommend improving the unit test suite through the addition of +illustrative tests. + +### Integration Tests + +All integration tests shall be located in `/tests/integration`, even those which do not +introduce extra module dependencies. + +To help limit scope and complexity, it is recommended to use the smallest possible number of +modules in application startup, i.e. don't depend on simapp. + +Integration tests should outnumber e2e tests. + +### Simulations + +Simulations shall use a minimal application (usually via app wiring). They are located under `/x/{moduleName}/simulation`. + +### E2E Tests + +Existing e2e tests shall be migrated to integration tests by removing the dependency on the +test network and in-process Tendermint node to ensure we do not lose test coverage. + +The e2e rest runner shall transition from in process Tendermint to a runner powered by +Docker via [dockertest](https://github.com/ory/dockertest). + +E2E tests exercising a full network upgrade shall be written. + +The CLI testing aspect of existing e2e tests shall be rewritten using the network mocking +demonstrated in [PR#12706](https://github.com/cosmos/cosmos-sdk/pull/12706). + +## Consequences + +### Positive + +* test coverage is increased +* test organization is improved +* reduced dependency graph size in modules +* simapp removed as a dependency from modules +* inter-module dependencies introduced in test code are removed +* reduced CI run time after transitioning away from in process Tendermint + +### Negative + +* some test logic duplication between unit and integration tests during transition +* test written using dockertest DX may be a bit worse + +### Neutral + +* some discovery required for e2e transition to dockertest + +## Further Discussions + +It may be useful if test suites could be run in integration mode (with mocked tendermint) or +with e2e fixtures (with real tendermint and many nodes). Integration fixtures could be used +for quicker runs, e2e fixtures could be used for more battle hardening. + +A PoC `x/gov` was completed in PR [#12847](https://github.com/cosmos/cosmos-sdk/pull/12847) +is in progress for unit tests demonstrating BDD [Rejected]. +Observing that a strength of BDD specifications is their readability, and a con is the +cognitive load while writing and maintaining, current consensus is to reserve BDD use +for places in the SDK where complex rules and module interactions are demonstrated. +More straightforward or low level test cases will continue to rely on go table tests. + +Levels are network mocking in integration and e2e tests are still being worked on and formalized. diff --git a/copy-of-sdk-docs/build/architecture/adr-060-abci-1.0.md b/copy-of-sdk-docs/build/architecture/adr-060-abci-1.0.md new file mode 100644 index 00000000..41e2230b --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-060-abci-1.0.md @@ -0,0 +1,238 @@ +# ADR 60: ABCI 1.0 Integration (Phase I) + +## Changelog + +* 2022-08-10: Initial Draft (@alexanderbez, @tac0turtle) +* Nov 12, 2022: Update `PrepareProposal` and `ProcessProposal` semantics per the + initial implementation [PR](https://github.com/cosmos/cosmos-sdk/pull/13453) (@alexanderbez) + +## Status + +ACCEPTED + +## Abstract + +This ADR describes the initial adoption of [ABCI 1.0](https://github.com/tendermint/tendermint/blob/master/spec/abci%2B%2B/README.md), +the next evolution of ABCI, within the Cosmos SDK. ABCI 1.0 aims to provide +application developers with more flexibility and control over application and +consensus semantics, e.g. in-application mempools, in-process oracles, and +order-book style matching engines. + +## Context + +Tendermint will release ABCI 1.0. Notably, at the time of this writing, +Tendermint is releasing v0.37.0 which will include `PrepareProposal` and `ProcessProposal`. + +The `PrepareProposal` ABCI method is concerned with a block proposer requesting +the application to evaluate a series of transactions to be included in the next +block, defined as a slice of `TxRecord` objects. The application can either +accept, reject, or completely ignore some or all of these transactions. This is +an important consideration to make as the application can essentially define and +control its own mempool allowing it to define sophisticated transaction priority +and filtering mechanisms, by completely ignoring the `TxRecords` Tendermint +sends it, favoring its own transactions. This essentially means that the Tendermint +mempool acts more like a gossip data structure. + +The second ABCI method, `ProcessProposal`, is used to process the block proposer's +proposal as defined by `PrepareProposal`. It is important to note the following +with respect to `ProcessProposal`: + +* Execution of `ProcessProposal` must be deterministic. +* There must be coherence between `PrepareProposal` and `ProcessProposal`. In + other words, for any two correct processes *p* and *q*, if *q*'s Tendermint + calls `RequestProcessProposal` on *up*, *q*'s Application returns + ACCEPT in `ResponseProcessProposal`. + +It is important to note that in ABCI 1.0 integration, the application +is NOT responsible for locking semantics -- Tendermint will still be responsible +for that. In the future, however, the application will be responsible for locking, +which allows for parallel execution possibilities. + +## Decision + +We will integrate ABCI 1.0, which will be introduced in Tendermint +v0.37.0, in the next major release of the Cosmos SDK. We will integrate ABCI 1.0 +methods on the `BaseApp` type. We describe the implementations of the two methods +individually below. + +Prior to describing the implementation of the two new methods, it is important to +note that the existing ABCI methods, `CheckTx`, `DeliverTx`, etc, still exist and +serve the same functions as they do now. + +### `PrepareProposal` + +Prior to evaluating the decision for how to implement `PrepareProposal`, it is +important to note that `CheckTx` will still be executed and will be responsible +for evaluating transaction validity as it does now, with one very important +*additive* distinction. + +When executing transactions in `CheckTx`, the application will now add valid +transactions, i.e. passing the AnteHandler, to its own mempool data structure. +In order to provide a flexible approach to meet the varying needs of application +developers, we will define both a mempool interface and a data structure utilizing +Golang generics, allowing developers to focus only on transaction +ordering. Developers requiring absolute full control can implement their own +custom mempool implementation. + +We define the general mempool interface as follows (subject to change): + +```go +type Mempool interface { + // Insert attempts to insert a Tx into the app-side mempool returning + // an error upon failure. + Insert(sdk.Context, sdk.Tx) error + + // Select returns an Iterator over the app-side mempool. If txs are specified, + // then they shall be incorporated into the Iterator. The Iterator must + // be closed by the caller. + Select(sdk.Context, [][]byte) Iterator + + // CountTx returns the number of transactions currently in the mempool. + CountTx() int + + // Remove attempts to remove a transaction from the mempool, returning an error + // upon failure. + Remove(sdk.Tx) error +} + +// Iterator defines an app-side mempool iterator interface that is as minimal as +// possible. The order of iteration is determined by the app-side mempool +// implementation. +type Iterator interface { + // Next returns the next transaction from the mempool. If there are no more + // transactions, it returns nil. + Next() Iterator + + // Tx returns the transaction at the current position of the iterator. + Tx() sdk.Tx +} +``` + +We will define an implementation of `Mempool`, defined by `nonceMempool`, that +will cover most basic application use-cases. Namely, it will prioritize transactions +by transaction sender, allowing for multiple transactions from the same sender. + +The default app-side mempool implementation, `nonceMempool`, will operate on a +single skip list data structure. Specifically, transactions with the lowest nonce +globally are prioritized. Transactions with the same nonce are prioritized by +sender address. + +```go +type nonceMempool struct { + txQueue *huandu.SkipList +} +``` + +Previous discussions1 have come to the agreement that Tendermint will +perform a request to the application, via `RequestPrepareProposal`, with a certain +amount of transactions reaped from Tendermint's local mempool. The exact amount +of transactions reaped will be determined by a local operator configuration. +This is referred to as the "one-shot approach" seen in discussions. + +When Tendermint reaps transactions from the local mempool and sends them to the +application via `RequestPrepareProposal`, the application will have to evaluate +the transactions. Specifically, it will need to inform Tendermint if it should +reject and or include each transaction. Note, the application can even *replace* +transactions entirely with other transactions. + +When evaluating transactions from `RequestPrepareProposal`, the application will +ignore *ALL* transactions sent to it in the request and instead reap up to +`RequestPrepareProposal.max_tx_bytes` from it's own mempool. + +Since an application can technically insert or inject transactions on `Insert` +during `CheckTx` execution, it is recommended that applications ensure transaction +validity when reaping transactions during `PrepareProposal`. However, what validity +exactly means is entirely determined by the application. + +The Cosmos SDK will provide a default `PrepareProposal` implementation that simply +select up to `MaxBytes` *valid* transactions. + +However, applications can override this default implementation with their own +implementation and set that on `BaseApp` via `SetPrepareProposal`. + + +### `ProcessProposal` + +The `ProcessProposal` ABCI method is relatively straightforward. It is responsible +for ensuring validity of the proposed block containing transactions that were +selected from the `PrepareProposal` step. However, how an application determines +validity of a proposed block depends on the application and its varying use cases. +For most applications, simply calling the `AnteHandler` chain would suffice, but +there could easily be other applications that need more control over the validation +process of the proposed block, such as ensuring txs are in a certain order or +that certain transactions are included. While this theoretically could be achieved +with a custom `AnteHandler` implementation, it's not the cleanest UX or the most +efficient solution. + +Instead, we will define an additional ABCI interface method on the existing +`Application` interface, similar to the existing ABCI methods such as `BeginBlock` +or `EndBlock`. This new interface method will be defined as follows: + +```go +ProcessProposal(sdk.Context, abci.ProcessProposalRequest) error {} +``` + +Note, we must call `ProcessProposal` with a new internal branched state on the +`Context` argument as we cannot simply just use the existing `checkState` because +`BaseApp` already has a modified `checkState` at this point. So when executing +`ProcessProposal`, we create a similar branched state, `processProposalState`, +off of `deliverState`. Note, the `processProposalState` is never committed and +is completely discarded after `ProcessProposal` finishes execution. + +The Cosmos SDK will provide a default implementation of `ProcessProposal` in which +all transactions are validated using the CheckTx flow, i.e. the AnteHandler, and +will always return ACCEPT unless any transaction cannot be decoded. + +### `DeliverTx` + +Since transactions are not truly removed from the app-side mempool during +`PrepareProposal`, since `ProcessProposal` can fail or take multiple rounds and +we do not want to lose transactions, we need to finally remove the transaction +from the app-side mempool during `DeliverTx` since during this phase, the +transactions are being included in the proposed block. + +Alternatively, we can keep the transactions as truly being removed during the +reaping phase in `PrepareProposal` and add them back to the app-side mempool in +case `ProcessProposal` fails. + +## Consequences + +### Backwards Compatibility + +ABCI 1.0 is naturally not backwards compatible with prior versions of the Cosmos SDK +and Tendermint. For example, an application that requests `RequestPrepareProposal` +to the same application that does not speak ABCI 1.0 will naturally fail. + +However, in the first phase of the integration, the existing ABCI methods as we +know them today will still exist and function as they currently do. + +### Positive + +* Applications now have full control over transaction ordering and priority. +* Lays the groundwork for the full integration of ABCI 1.0, which will unlock more + app-side use cases around block construction and integration with the Tendermint + consensus engine. + +### Negative + +* Requires that the "mempool", as a general data structure that collects and stores + uncommitted transactions will be duplicated between both Tendermint and the + Cosmos SDK. +* Additional requests between Tendermint and the Cosmos SDK in the context of + block execution. Albeit, the overhead should be negligible. +* Not backwards compatible with previous versions of Tendermint and the Cosmos SDK. + +## Further Discussions + +It is possible to design the app-side implementation of the `Mempool[T MempoolTx]` +in many different ways using different data structures and implementations. All +of which have different tradeoffs. The proposed solution keeps things simple +and covers cases that would be required for most basic applications. There are +tradeoffs that can be made to improve performance of reaping and inserting into +the provided mempool implementation. + +## References + +* https://github.com/tendermint/tendermint/blob/master/spec/abci%2B%2B/README.md +* [1] https://github.com/tendermint/tendermint/issues/7750#issuecomment-1076806155 +* [2] https://github.com/tendermint/tendermint/issues/7750#issuecomment-1075717151 diff --git a/copy-of-sdk-docs/build/architecture/adr-061-liquid-staking.md b/copy-of-sdk-docs/build/architecture/adr-061-liquid-staking.md new file mode 100644 index 00000000..a1be7e76 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-061-liquid-staking.md @@ -0,0 +1,82 @@ +# ADR-061: Liquid Staking + +## Changelog + +* 2022-09-10: Initial Draft (@zmanian) + +## Status + +ACCEPTED + +## Abstract + +Add a semi-fungible liquid staking primitive to the default Cosmos SDK staking module. This upgrades proof of stake to enable safe designs with lower overall monetary issuance and integration with numerous liquid staking protocols like Stride, Persistence, Quicksilver, Lido etc. + +## Context + +The original release of the Cosmos Hub featured the implementation of a ground breaking proof of stake mechanism featuring delegation, slashing, in protocol reward distribution and adaptive issuance. This design was state of the art for 2016 and has been deployed without major changes by many L1 blockchains. + +As both Proof of Stake and blockchain use cases have matured, this design has aged poorly and should no longer be considered a good baseline Proof of Stake issuance. In the world of application specific blockchains, there cannot be a one size fits all blockchain but the Cosmos SDK does endeavour to provide a good baseline implementation and one that is suitable for the Cosmos Hub. + +The most important deficiency of the legacy staking design is that it composes poorly with on chain protocols for trading, lending, derivatives that are referred to collectively as DeFi. The legacy staking implementation starves these applications of liquidity by increasing the risk free rate adaptively. It basically makes DeFi and staking security somewhat incompatible. + +The Osmosis team has adopted the idea of Superfluid and Interfluid staking where assets that are participating in DeFi applications can also be used in proof of stake. This requires tight integration with an enshrined set of DeFi applications and thus is unsuitable for the Cosmos SDK. + +It's also important to note that Interchain Accounts are available in the default IBC implementation and can be used to [rehypothecate](https://www.investopedia.com/terms/h/hypothecation.asp#toc-what-is-rehypothecation) delegations. Thus liquid staking is already possible and these changes merely improve the UX of liquid staking. Centralized exchanges also rehypothecate staked assets, posing challenges for decentralization. This ADR takes the position that adoption of in-protocol liquid staking is the preferable outcome and provides new levers to incentivize decentralization of stake. + +These changes to the staking module have been in development for more than a year and have seen substantial industry adoption who plan to build staking UX. The internal economics at Informal team has also done a review of the impacts of these changes and this review led to the development of the exempt delegation system. This system provides governance with a tuneable parameter for modulating the risks of principal agent problem called the exemption factor. + +## Decision + +We implement the semi-fungible liquid staking system and exemption factor system within the cosmos sdk. Though registered as fungible assets, these tokenized shares have extremely limited fungibility, only among the specific delegation record that was created when shares were tokenized. These assets can be used for OTC trades but composability with DeFi is limited. The primary expected use case is improving the user experience of liquid staking providers. + +A new governance parameter is introduced that defines the ratio of exempt to issued tokenized shares. This is called the exemption factor. A larger exemption factor allows more tokenized shares to be issued for a smaller amount of exempt delegations. If governance is comfortable with how the liquid staking market is evolving, it makes sense to increase this value. + +Min self delegation is removed from the staking system with the expectation that it will be replaced by the exempt delegations system. The exempt delegation system allows multiple accounts to demonstrate economic alignment with the validator operator as team members, partners etc. without co-mingling funds. Delegation exemption will likely be required to grow the validators' business under widespread adoption of liquid staking once governance has adjusted the exemption factor. + +When shares are tokenized, the underlying shares are transferred to a module account and rewards go to the module account for the TokenizedShareRecord. + +There is no longer a mechanism to override the validators vote for TokenizedShares. + + +### `MsgTokenizeShares` + +The MsgTokenizeShares message is used to create tokenize delegated tokens. This message can be executed by any delegator who has positive amount of delegation and after execution the specific amount of delegation disappear from the account and share tokens are provided. Share tokens are denominated in the validator and record id of the underlying delegation. + +A user may tokenize some or all of their delegation. + +They will receive shares with the denom of `cosmosvaloper1xxxx/5` where 5 is the record id for the validator operator. + +MsgTokenizeShares fails if the account is a VestingAccount. Users will have to move vested tokens to a new account and endure the unbonding period. We view this as an acceptable tradeoff vs. the complex book keeping required to track vested tokens. + +The total amount of outstanding tokenized shares for the validator is checked against the sum of exempt delegations multiplied by the exemption factor. If the tokenized shares exceeds this limit, execution fails. + +MsgTokenizeSharesResponse provides the number of tokens generated and their denom. + + +### `MsgRedeemTokensforShares` + +The MsgRedeemTokensforShares message is used to redeem the delegation from share tokens. This message can be executed by any user who owns share tokens. After execution delegations will appear to the user. + +### `MsgTransferTokenizeShareRecord` + +The MsgTransferTokenizeShareRecord message is used to transfer the ownership of rewards generated from the tokenized amount of delegation. The tokenize share record is created when a user tokenize his/her delegation and deleted when the full amount of share tokens are redeemed. + +This is designed to work with liquid staking designs that do not redeem the tokenized shares and may instead want to keep the shares tokenized. + + +### `MsgExemptDelegation` + +The MsgExemptDelegation message is used to exempt a delegation to a validator. If the exemption factor is greater than 0, this will allow more delegation shares to be issued from the validator. + +This design allows the chain to force an amount of self-delegation by validators participating in liquid staking schemes. + +## Consequences + +### Backwards Compatibility + +By setting the exemption factor to zero, this module works like legacy staking. The only substantial change is the removal of min-self-bond and without any tokenized shares, there is no incentive to exempt delegation. + +### Positive + +This approach should enable integration with liquid staking providers and improved user experience. It provides a pathway to security under non-exponential issuance policies in the baseline staking module. diff --git a/copy-of-sdk-docs/build/architecture/adr-062-collections-state-layer.md b/copy-of-sdk-docs/build/architecture/adr-062-collections-state-layer.md new file mode 100644 index 00000000..db71cef0 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-062-collections-state-layer.md @@ -0,0 +1,120 @@ +# ADR 062: Collections, a simplified storage layer for cosmos-sdk modules + +## Changelog + +* 30/11/2022: PROPOSED + +## Status + +PROPOSED - Implemented + +## Abstract + +We propose a simplified module storage layer which leverages golang generics to allow module developers to handle module +storage in a simple and straightforward manner, whilst offering safety, extensibility and standardization. + +## Context + +Module developers are forced into manually implementing storage functionalities in their modules, those functionalities include +but are not limited to: + +* Defining key to bytes formats. +* Defining value to bytes formats. +* Defining secondary indexes. +* Defining query methods to expose outside to deal with storage. +* Defining local methods to deal with storage writing. +* Dealing with genesis imports and exports. +* Writing tests for all the above. + + +This brings in a lot of problems: + +* It blocks developers from focusing on the most important part: writing business logic. +* Key to bytes formats are complex and their definition is error-prone, for example: + * how do I format time to bytes in such a way that bytes are sorted? + * how do I ensure when I don't have namespace collisions when dealing with secondary indexes? +* The lack of standardization makes life hard for clients, and the problem is exacerbated when it comes to providing proofs for objects present in state. Clients are forced to maintain a list of object paths to gather proofs. + +### Current Solution: ORM + +The current SDK proposed solution to this problem is [ORM](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-055-orm.md). +Whilst ORM offers a lot of good functionality aimed at solving these specific problems, it has some downsides: + +* It requires migrations. +* It uses the newest protobuf golang API, whilst the SDK still mainly uses gogoproto. +* Integrating ORM into a module would require the developer to deal with two different golang frameworks (golang protobuf + gogoproto) representing the same API objects. +* It has a high learning curve, even for simple storage layers as it requires developers to have knowledge around protobuf options, custom cosmos-sdk storage extensions, and tooling download. Then after this they still need to learn the code-generated API. + +### CosmWasm Solution: cw-storage-plus + +The collections API takes inspiration from [cw-storage-plus](https://docs.cosmwasm.com/docs/1.0/smart-contracts/state/cw-plus/), +which has demonstrated to be a powerful tool for dealing with storage in CosmWasm contracts. +It's simple, does not require extra tooling, it makes it easy to deal with complex storage structures (indexes, snapshot, etc). +The API is straightforward and explicit. + +## Decision + +We propose to port the `collections` API, whose implementation lives in [NibiruChain/collections](https://github.com/NibiruChain/collections) to cosmos-sdk. + +Collections implements four different storage handlers types: + +* `Map`: which deals with simple `key=>object` mappings. +* `KeySet`: which acts as a `Set` and only retains keys and no object (usecase: allow-lists). +* `Item`: which always contains only one object (usecase: Params) +* `Sequence`: which implements a simple always increasing number (usecase: Nonces) +* `IndexedMap`: builds on top of `Map` and `KeySet` and allows to create relationships with `Objects` and `Objects` secondary keys. + +All the collection APIs build on top of the simple `Map` type. + +Collections is fully generic, meaning that anything can be used as `Key` and `Value`. It can be a protobuf object or not. + +Collections types, in fact, delegate the duty of serialization of keys and values to a secondary collections API component called `ValueEncoders` and `KeyEncoders`. + +`ValueEncoders` take care of converting a value to bytes (relevant only for `Map`). And offers a plug and play layer which allows us to change how we encode objects, +which is relevant for swapping serialization frameworks and enhancing performance. +`Collections` already comes in with default `ValueEncoders`, specifically for: protobuf objects, special SDK types (sdk.Int, sdk.Dec). + +`KeyEncoders` take care of converting keys to bytes, `collections` already comes in with some default `KeyEncoders` for some primitive golang types +(uint64, string, time.Time, ...) and some widely used sdk types (sdk.Acc/Val/ConsAddress, sdk.Int/Dec, ...). +These default implementations also offer safety around proper lexicographic ordering and namespace-collision. + +Examples of the collections API can be found here: + +* introduction: https://github.com/NibiruChain/collections/tree/main/examples +* usage in nibiru: [x/oracle](https://github.com/NibiruChain/nibiru/blob/master/x/oracle/keeper/keeper.go#L32), [x/perp](https://github.com/NibiruChain/nibiru/blob/master/x/perp/keeper/keeper.go#L31) +* cosmos-sdk's x/staking migrated: https://github.com/testinginprod/cosmos-sdk/pull/22 + + +## Consequences + +### Backwards Compatibility + +The design of `ValueEncoders` and `KeyEncoders` allows modules to retain the same `byte(key)=>byte(value)` mappings, making +the upgrade to the new storage layer non-state breaking. + + +### Positive + +* ADR aimed at removing code from the SDK rather than adding it. Migrating just `x/staking` to collections would yield to a net decrease in LOC (even considering the addition of collections itself). +* Simplifies and standardizes storage layers across modules in the SDK. +* Does not require to have to deal with protobuf. +* It's pure golang code. +* Generalization over `KeyEncoders` and `ValueEncoders` allows us to not tie ourself to the data serialization framework. +* `KeyEncoders` and `ValueEncoders` can be extended to provide schema reflection. + +### Negative + +* Golang generics are not as battle-tested as other Golang features, despite being used in production right now. +* Collection types instantiation needs to be improved. + +### Neutral + +{neutral consequences} + +## Further Discussions + +* Automatic genesis import/export (not implemented because of API breakage) +* Schema reflection + + +## References diff --git a/copy-of-sdk-docs/build/architecture/adr-063-core-module-api.md b/copy-of-sdk-docs/build/architecture/adr-063-core-module-api.md new file mode 100644 index 00000000..57f92d4d --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-063-core-module-api.md @@ -0,0 +1,562 @@ +# ADR 063: Core Module API + +## Changelog + +* 2022-08-18 First Draft +* 2022-12-08 First Draft +* 2023-01-24 Updates + +## Status + +ACCEPTED Partially Implemented + +## Abstract + +A new core API is proposed as a way to develop cosmos-sdk applications that will eventually replace the existing +`AppModule` and `sdk.Context` frameworks a set of core services and extension interfaces. This core API aims to: + +* be simpler +* more extensible +* more stable than the current framework +* enable deterministic events and queries, +* support event listeners +* [ADR 033: Protobuf-based Inter-Module Communication](./adr-033-protobuf-inter-module-comm.md) clients. + +## Context + +Historically modules have exposed their functionality to the framework via the `AppModule` and `AppModuleBasic` +interfaces which have the following shortcomings: + +* both `AppModule` and `AppModuleBasic` need to be defined and registered which is counter-intuitive +* apps need to implement the full interfaces, even parts they don't need (although there are workarounds for this), +* interface methods depend heavily on unstable third party dependencies, in particular Comet, +* legacy required methods have littered these interfaces for far too long + +In order to interact with the state machine, modules have needed to do a combination of these things: + +* get store keys from the app +* call methods on `sdk.Context` which contains more or less the full set of capability available to modules. + +By isolating all the state machine functionality into `sdk.Context`, the set of functionalities available to +modules are tightly coupled to this type. If there are changes to upstream dependencies (such as Comet) +or new functionalities are desired (such as alternate store types), the changes need impact `sdk.Context` and all +consumers of it (basically all modules). Also, all modules now receive `context.Context` and need to convert these +to `sdk.Context`'s with a non-ergonomic unwrapping function. + +Any breaking changes to these interfaces, such as ones imposed by third-party dependencies like Comet, have the +side effect of forcing all modules in the ecosystem to update in lock-step. This means it is almost impossible to have +a version of the module which can be run with 2 or 3 different versions of the SDK or 2 or 3 different versions of +another module. This lock-step coupling slows down overall development within the ecosystem and causes updates to +components to be delayed longer than they would if things were more stable and loosely coupled. + +## Decision + +The `core` API proposes a set of core APIs that modules can rely on to interact with the state machine and expose their +functionalities to it that are designed in a principled way such that: + +* tight coupling of dependencies and unrelated functionalities is minimized or eliminated +* APIs can have long-term stability guarantees +* the SDK framework is extensible in a safe and straightforward way + +The design principles of the core API are as follows: + +* everything that a module wants to interact with in the state machine is a service +* all services coordinate state via `context.Context` and don't try to recreate the "bag of variables" approach of `sdk.Context` +* all independent services are isolated in independent packages with minimal APIs and minimal dependencies +* the core API should be minimalistic and designed for long-term support (LTS) +* a "runtime" module will implement all the "core services" defined by the core API and can handle all module + functionalities exposed by core extension interfaces +* other non-core and/or non-LTS services can be exposed by specific versions of runtime modules or other modules +following the same design principles, this includes functionality that interacts with specific non-stable versions of +third party dependencies such as Comet +* the core API doesn't implement *any* functionality, it just defines types +* go stable API compatibility guidelines are followed: https://go.dev/blog/module-compatibility + +A "runtime" module is any module which implements the core functionality of composing an ABCI app, which is currently +handled by `BaseApp` and the `ModuleManager`. Runtime modules which implement the core API are *intentionally* separate +from the core API in order to enable more parallel versions and forks of the runtime module than is possible with the +SDK's current tightly coupled `BaseApp` design while still allowing for a high degree of composability and +compatibility. + +Modules which are built only against the core API don't need to know anything about which version of runtime, +`BaseApp` or Comet in order to be compatible. Modules from the core mainline SDK could be easily composed +with a forked version of runtime with this pattern. + +This design is intended to enable matrices of compatible dependency versions. Ideally a given version of any module +is compatible with multiple versions of the runtime module and other compatible modules. This will allow dependencies +to be selectively updated based on battle-testing. More conservative projects may want to update some dependencies +slower than more fast moving projects. + +### Core Services + +The following "core services" are defined by the core API. All valid runtime module implementations should provide +implementations of these services to modules via both [dependency injection](./adr-057-app-wiring.md) and +manual wiring. The individual services described below are all bundled in a convenient `appmodule.Service` +"bundle service" so that for simplicity modules can declare a dependency on a single service. + +#### Store Services + +Store services will be defined in the `cosmossdk.io/core/store` package. + +The generic `store.KVStore` interface is the same as current SDK `KVStore` interface. Store keys have been refactored +into store services which, instead of expecting the context to know about stores, invert the pattern and allow +retrieving a store from a generic context. There are three store services for the three types of currently supported +stores - regular kv-store, memory, and transient: + +```go +type KVStoreService interface { + OpenKVStore(context.Context) KVStore +} + +type MemoryStoreService interface { + OpenMemoryStore(context.Context) KVStore +} +type TransientStoreService interface { + OpenTransientStore(context.Context) KVStore +} +``` + +Modules can use these services like this: + +```go +func (k msgServer) Send(ctx context.Context, msg *types.MsgSend) (*types.MsgSendResponse, error) { + store := k.kvStoreSvc.OpenKVStore(ctx) +} +``` + +Just as with the current runtime module implementation, modules will not need to explicitly name these store keys, +but rather the runtime module will choose an appropriate name for them and modules just need to request the +type of store they need in their dependency injection (or manual) constructors. + +#### Event Service + +The event `Service` will be defined in the `cosmossdk.io/core/event` package. + +The event `Service` allows modules to emit typed and legacy untyped events: + +```go +package event + +type Service interface { + // EmitProtoEvent emits events represented as a protobuf message (as described in ADR 032). + // + // Callers SHOULD assume that these events may be included in consensus. These events + // MUST be emitted deterministically and adding, removing or changing these events SHOULD + // be considered state-machine breaking. + EmitProtoEvent(ctx context.Context, event protoiface.MessageV1) error + + // EmitKVEvent emits an event based on an event and kv-pair attributes. + // + // These events will not be part of consensus and adding, removing or changing these events is + // not a state-machine breaking change. + EmitKVEvent(ctx context.Context, eventType string, attrs ...KVEventAttribute) error + + // EmitProtoEventNonConsensus emits events represented as a protobuf message (as described in ADR 032), without + // including it in blockchain consensus. + // + // These events will not be part of consensus and adding, removing or changing events is + // not a state-machine breaking change. + EmitProtoEventNonConsensus(ctx context.Context, event protoiface.MessageV1) error +} +``` + +Typed events emitted with `EmitProto` should be assumed to be part of blockchain consensus (whether they are part of +the block or app hash is left to the runtime to specify). + +Events emitted by `EmitKVEvent` and `EmitProtoEventNonConsensus` are not considered to be part of consensus and cannot be observed +by other modules. If there is a client-side need to add events in patch releases, these methods can be used. + +#### Logger + +A logger (`cosmossdk.io/log`) must be supplied using `depinject`, and will +be made available for modules to use via `depinject.In`. +Modules using it should follow the current pattern in the SDK by adding the module name before using it. + +```go +type ModuleInputs struct { + depinject.In + + Logger log.Logger +} + +func ProvideModule(in ModuleInputs) ModuleOutputs { + keeper := keeper.NewKeeper( + in.logger, + ) +} + +func NewKeeper(logger log.Logger) Keeper { + return Keeper{ + logger: logger.With(log.ModuleKey, "x/"+types.ModuleName), + } +} +``` + +### Core `AppModule` extension interfaces + + +Modules will provide their core services to the runtime module via extension interfaces built on top of the +`cosmossdk.io/core/appmodule.AppModule` tag interface. This tag interface requires only two empty methods which +allow `depinject` to identify implementers as `depinject.OnePerModule` types and as app module implementations: + +```go +type AppModule interface { + depinject.OnePerModuleType + + // IsAppModule is a dummy method to tag a struct as implementing an AppModule. + IsAppModule() +} +``` + +Other core extension interfaces will be defined in `cosmossdk.io/core` should be supported by valid runtime +implementations. + +#### `MsgServer` and `QueryServer` registration + +`MsgServer` and `QueryServer` registration is done by implementing the `HasServices` extension interface: + +```go +type HasServices interface { + AppModule + + RegisterServices(grpc.ServiceRegistrar) +} + +``` + +Because of the `cosmos.msg.v1.service` protobuf option, required for `Msg` services, the same `ServiceRegistrar` can be +used to register both `Msg` and query services. + +#### Genesis + +The genesis `Handler` functions - `DefaultGenesis`, `ValidateGenesis`, `InitGenesis` and `ExportGenesis` - are specified +against the `GenesisSource` and `GenesisTarget` interfaces which will abstract over genesis sources which may be a single +JSON object or collections of JSON objects that can be efficiently streamed. + +```go +// GenesisSource is a source for genesis data in JSON format. It may abstract over a +// single JSON object or separate files for each field in a JSON object that can +// be streamed over. Modules should open a separate io.ReadCloser for each field that +// is required. When fields represent arrays they can efficiently be streamed +// over. If there is no data for a field, this function should return nil, nil. It is +// important that the caller closes the reader when done with it. +type GenesisSource = func(field string) (io.ReadCloser, error) + +// GenesisTarget is a target for writing genesis data in JSON format. It may +// abstract over a single JSON object or JSON in separate files that can be +// streamed over. Modules should open a separate io.WriteCloser for each field +// and should prefer writing fields as arrays when possible to support efficient +// iteration. It is important the caller closers the writer AND checks the error +// when done with it. It is expected that a stream of JSON data is written +// to the writer. +type GenesisTarget = func(field string) (io.WriteCloser, error) +``` + +All genesis objects for a given module are expected to conform to the semantics of a JSON object. +Each field in the JSON object should be read and written separately to support streaming genesis. +The [ORM](./adr-055-orm.md) and [collections](./adr-062-collections-state-layer.md) both support +streaming genesis and modules using these frameworks generally do not need to write any manual +genesis code. + +To support genesis, modules should implement the `HasGenesis` extension interface: + +```go +type HasGenesis interface { + AppModule + + // DefaultGenesis writes the default genesis for this module to the target. + DefaultGenesis(GenesisTarget) error + + // ValidateGenesis validates the genesis data read from the source. + ValidateGenesis(GenesisSource) error + + // InitGenesis initializes module state from the genesis source. + InitGenesis(context.Context, GenesisSource) error + + // ExportGenesis exports module state to the genesis target. + ExportGenesis(context.Context, GenesisTarget) error +} +``` + +#### Pre Blockers + +Modules that have functionality that runs before BeginBlock and should implement the `HasPreBlocker` interfaces: + +```go +type HasPreBlocker interface { + AppModule + PreBlock(context.Context) error +} +``` + +#### Begin and End Blockers + +Modules that have functionality that runs before transactions (begin blockers) or after transactions +(end blockers) should implement the has `HasBeginBlocker` and/or `HasEndBlocker` interfaces: + +```go +type HasBeginBlocker interface { + AppModule + BeginBlock(context.Context) error +} + +type HasEndBlocker interface { + AppModule + EndBlock(context.Context) error +} +``` + +The `BeginBlock` and `EndBlock` methods will take a `context.Context`, because: + +* most modules don't need Comet information other than `BlockInfo` so we can eliminate dependencies on specific +Comet versions +* for the few modules that need Comet block headers and/or return validator updates, specific versions of the +runtime module will provide specific functionality for interacting with the specific version(s) of Comet +supported + +In order for `BeginBlock`, `EndBlock` and `InitGenesis` to send back validator updates and retrieve full Comet +block headers, the runtime module for a specific version of Comet could provide services like this: + +```go +type ValidatorUpdateService interface { + SetValidatorUpdates(context.Context, []abci.ValidatorUpdate) +} +``` + +Header Service defines a way to get header information about a block. This information is generalized for all implementations: + +```go + +type Service interface { + GetHeaderInfo(context.Context) Info +} + +type Info struct { + Height int64 // Height returns the height of the block + Hash []byte // Hash returns the hash of the block header + Time time.Time // Time returns the time of the block + ChainID string // ChainId returns the chain ID of the block +} +``` + +Comet Service provides a way to get comet specific information: + +```go +type Service interface { + GetCometInfo(context.Context) Info +} + +type CometInfo struct { + Evidence []abci.Misbehavior // Misbehavior returns the misbehavior of the block + // ValidatorsHash returns the hash of the validators + // For Comet, it is the hash of the next validators + ValidatorsHash []byte + ProposerAddress []byte // ProposerAddress returns the address of the block proposer + DecidedLastCommit abci.CommitInfo // DecidedLastCommit returns the last commit info +} +``` + +If a user would like to provide a module other information they would need to implement another service like: + +```go +type RollKit Interface { + ... +} +``` + +We know these types will change at the Comet level and that also a very limited set of modules actually need this +functionality, so they are intentionally kept out of core to keep core limited to the necessary, minimal set of stable +APIs. + +#### Remaining Parts of AppModule + +The current `AppModule` framework handles a number of additional concerns which aren't addressed by this core API. +These include: + +* gas +* block headers +* upgrades +* registration of gogo proto and amino interface types +* cobra query and tx commands +* gRPC gateway +* crisis module invariants +* simulations + +Additional `AppModule` extension interfaces either inside or outside of core will need to be specified to handle +these concerns. + +In the case of gogo proto and amino interfaces, the registration of these generally should happen as early +as possible during initialization and in [ADR 057: App Wiring](./adr-057-app-wiring.md), protobuf type registration +happens before dependency injection (although this could alternatively be done dedicated DI providers). + +gRPC gateway registration should probably be handled by the runtime module, but the core API shouldn't depend on gRPC +gateway types as 1) we are already using an older version and 2) it's possible the framework can do this registration +automatically in the future. So for now, the runtime module should probably provide some sort of specific type for doing +this registration ex: + +```go +type GrpcGatewayInfo struct { + Handlers []GrpcGatewayHandler +} + +type GrpcGatewayHandler func(ctx context.Context, mux *runtime.ServeMux, client QueryClient) error +``` + +which modules can return in a provider: + +```go +func ProvideGrpcGateway() GrpcGatewayInfo { + return GrpcGatewayInfo { + Handlers: []Handler {types.RegisterQueryHandlerClient} + } +} +``` + +Crisis module invariants and simulations are subject to potential redesign and should be managed with types +defined in the crisis and simulation modules respectively. + +Extension interface for CLI commands will be provided via the `cosmossdk.io/client/v2` module and its +[autocli](./adr-058-auto-generated-cli.md) framework. + +#### Example Usage + +Here is an example of setting up a hypothetical `foo` v2 module which uses the [ORM](./adr-055-orm.md) for its state +management and genesis. + +```go + +type Keeper struct { + db orm.ModuleDB + evtSrv event.Service +} + +func (k Keeper) RegisterServices(r grpc.ServiceRegistrar) { + foov1.RegisterMsgServer(r, k) + foov1.RegisterQueryServer(r, k) +} + +func (k Keeper) BeginBlock(context.Context) error { + return nil +} + +func ProvideApp(config *foomodulev2.Module, evtSvc event.EventService, db orm.ModuleDB) (Keeper, appmodule.AppModule){ + k := &Keeper{db: db, evtSvc: evtSvc} + return k, k +} +``` + +### Runtime Compatibility Version + +The `core` module will define a static integer var, `cosmossdk.io/core.RuntimeCompatibilityVersion`, which is +a minor version indicator of the core module that is accessible at runtime. Correct runtime module implementations +should check this compatibility version and return an error if the current `RuntimeCompatibilityVersion` is higher +than the version of the core API that this runtime version can support. When new features are adding to the `core` +module API that runtime modules are required to support, this version should be incremented. + +### Runtime Modules + +The initial `runtime` module will simply be created within the existing `github.com/cosmos/cosmos-sdk` go module +under the `runtime` package. This module will be a small wrapper around the existing `BaseApp`, `sdk.Context` and +module manager and follow the Cosmos SDK's existing [0-based versioning](https://0ver.org). To move to semantic +versioning as well as runtime modularity, new officially supported runtime modules will be created under the +`cosmossdk.io/runtime` prefix. For each supported consensus engine a semantically-versioned go module should be created +with a runtime implementation for that consensus engine. For example: + +* `cosmossdk.io/runtime/comet` +* `cosmossdk.io/runtime/comet/v2` +* `cosmossdk.io/runtime/rollkit` +* etc. + +These runtime modules should attempt to be semantically versioned even if the underlying consensus engine is not. Also, +because a runtime module is also a first class Cosmos SDK module, it should have a protobuf module config type. +A new semantically versioned module config type should be created for each of these runtime module such that there is a +1:1 correspondence between the go module and module config type. This is the same practice should be followed for every +semantically versioned Cosmos SDK module as described in [ADR 057: App Wiring](./adr-057-app-wiring.md). + +Currently, `github.com/cosmos/cosmos-sdk/runtime` uses the protobuf config type `cosmos.app.runtime.v1alpha1.Module`. +When we have a standalone v1 comet runtime, we should use a dedicated protobuf module config type such as +`cosmos.runtime.comet.v1.Module1`. When we release v2 of the comet runtime (`cosmossdk.io/runtime/comet/v2`) we should +have a corresponding `cosmos.runtime.comet.v2.Module` protobuf type. + +In order to make it easier to support different consensus engines that support the same core module functionality as +described in this ADR, a common go module should be created with shared runtime components. The easiest runtime components +to share initially are probably the message/query router, inter-module client, service register, and event router. +This common runtime module should be created initially as the `cosmossdk.io/runtime/common` go module. + +When this new architecture has been implemented, the main dependency for a Cosmos SDK module would be +`cosmossdk.io/core` and that module should be able to be used with any supported consensus engine (to the extent +that it does not explicitly depend on consensus engine specific functionality such as Comet's block headers). An +app developer would then be able to choose which consensus engine they want to use by importing the corresponding +runtime module. The current `BaseApp` would be refactored into the `cosmossdk.io/runtime/comet` module, the router +infrastructure in `baseapp/` would be refactored into `cosmossdk.io/runtime/common` and support ADR 033, and eventually +a dependency on `github.com/cosmos/cosmos-sdk` would no longer be required. + +In short, modules would depend primarily on `cosmossdk.io/core`, and each `cosmossdk.io/runtime/{consensus-engine}` +would implement the `cosmossdk.io/core` functionality for that consensus engine. + +One additional piece that would need to be resolved as part of this architecture is how runtimes relate to the server. +Likely it would make sense to modularize the current server architecture so that it can be used with any runtime even +if that is based on a consensus engine besides Comet. This means that eventually the Comet runtime would need to +encapsulate the logic for starting Comet and the ABCI app. + +### Testing + +A mock implementation of all services should be provided in core to allow for unit testing of modules +without needing to depend on any particular version of runtime. Mock services should +allow tests to observe service behavior or provide a non-production implementation - for instance memory +stores can be used to mock stores. + +For integration testing, a mock runtime implementation should be provided that allows composing different app modules +together for testing without a dependency on runtime or Comet. + +## Consequences + +### Backwards Compatibility + +Early versions of runtime modules should aim to support as much as possible modules built with the existing +`AppModule`/`sdk.Context` framework. As the core API is more widely adopted, later runtime versions may choose to +drop support and only support the core API plus any runtime module specific APIs (like specific versions of Comet). + +The core module itself should strive to remain at the go semantic version `v1` as long as possible and follow design +principles that allow for strong long-term support (LTS). + +Older versions of the SDK can support modules built against core with adaptors that convert wrap core `AppModule` +implementations in implementations of `AppModule` that conform to that version of the SDK's semantics as well +as by providing service implementations by wrapping `sdk.Context`. + +### Positive + +* better API encapsulation and separation of concerns +* more stable APIs +* more framework extensibility +* deterministic events and queries +* event listeners +* inter-module msg and query execution support +* more explicit support for forking and merging of module versions (including runtime) + +### Negative + +### Neutral + +* modules will need to be refactored to use this API +* some replacements for `AppModule` functionality still need to be defined in follow-ups + (type registration, commands, invariants, simulations) and this will take additional design work + +## Further Discussions + +* gas +* block headers +* upgrades +* registration of gogo proto and amino interface types +* cobra query and tx commands +* gRPC gateway +* crisis module invariants +* simulations + +## References + +* [ADR 033: Protobuf-based Inter-Module Communication](./adr-033-protobuf-inter-module-comm.md) +* [ADR 057: App Wiring](./adr-057-app-wiring.md) +* [ADR 055: ORM](./adr-055-orm.md) +* [ADR 028: Public Key Addresses](./adr-028-public-key-addresses.md) +* [Keeping Your Modules Compatible](https://go.dev/blog/module-compatibility) diff --git a/copy-of-sdk-docs/build/architecture/adr-064-abci-2.0.md b/copy-of-sdk-docs/build/architecture/adr-064-abci-2.0.md new file mode 100644 index 00000000..47689627 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-064-abci-2.0.md @@ -0,0 +1,473 @@ +# ADR 64: ABCI 2.0 Integration (Phase II) + +## Changelog + +* 2023-01-17: Initial Draft (@alexanderbez) +* 2023-04-06: Add upgrading section (@alexanderbez) +* 2023-04-10: Simplify vote extension state persistence (@alexanderbez) +* 2023-07-07: Revise vote extension state persistence (@alexanderbez) +* 2023-08-24: Revise vote extension power calculations and staking interface (@davidterpay) + +## Status + +ACCEPTED + +## Abstract + +This ADR outlines the continuation of the efforts to implement ABCI++ in the Cosmos +SDK outlined in [ADR 060: ABCI 1.0 (Phase I)](adr-060-abci-1.0.md). + +Specifically, this ADR outlines the design and implementation of ABCI 2.0, which +includes `ExtendVote`, `VerifyVoteExtension` and `FinalizeBlock`. + +## Context + +ABCI 2.0 continues the promised updates from ABCI++, specifically three additional +ABCI methods that the application can implement in order to gain further control, +insight and customization of the consensus process, unlocking many novel use-cases +that were previously not possible. We describe these three new methods below: + +### `ExtendVote` + +This method allows each validator process to extend the pre-commit phase of the +CometBFT consensus process. Specifically, it allows the application to perform +custom business logic that extends the pre-commit vote and supply additional data +as part of the vote, although they are signed separately by the same key. + +The data, called vote extension, will be broadcast and received together with the +vote it is extending, and will be made available to the application in the next +height. Specifically, the proposer of the next block will receive the vote extensions +in `RequestPrepareProposal.local_last_commit.votes`. + +If the application does not have vote extension information to provide, it +returns a 0-length byte array as its vote extension. + +**NOTE**: + +* Although each validator process submits its own vote extension, ONLY the *proposer* + of the *next* block will receive all the vote extensions included as part of the + pre-commit phase of the previous block. This means only the proposer will + implicitly have access to all the vote extensions, via `RequestPrepareProposal`, + and that not all vote extensions may be included, since a validator does not + have to wait for all pre-commits, only 2/3. +* The pre-commit vote is signed independently from the vote extension. + +### `VerifyVoteExtension` + +This method allows validators to validate the vote extension data attached to +each pre-commit message it receives. If the validation fails, the whole pre-commit +message will be deemed invalid and ignored by CometBFT. + +CometBFT uses `VerifyVoteExtension` when validating a pre-commit vote. Specifically, +for a pre-commit, CometBFT will: + +* Reject the message if it doesn't contain a signed vote AND a signed vote extension +* Reject the message if the vote's signature OR the vote extension's signature fails to verify +* Reject the message if `VerifyVoteExtension` was rejected by the app + +Otherwise, CometBFT will accept the pre-commit message. + +Note, this has important consequences on liveness, i.e., if vote extensions repeatedly +cannot be verified by correct validators, CometBFT may not be able to finalize +a block even if sufficiently many (+2/3) validators send pre-commit votes for +that block. Thus, `VerifyVoteExtension` should be used with special care. + +CometBFT recommends that an application that detects an invalid vote extension +SHOULD accept it in `ResponseVerifyVoteExtension` and ignore it in its own logic. + +### `FinalizeBlock` + +This method delivers a decided block to the application. The application must +execute the transactions in the block deterministically and update its state +accordingly. Cryptographic commitments to the block and transaction results, +returned via the corresponding parameters in `ResponseFinalizeBlock`, are +included in the header of the next block. CometBFT calls it when a new block +is decided. + +In other words, `FinalizeBlock` encapsulates the current ABCI execution flow of +`BeginBlock`, one or more `DeliverTx`, and `EndBlock` into a single ABCI method. +CometBFT will no longer execute requests for these legacy methods and instead +will just simply call `FinalizeBlock`. + +## Decision + +We will discuss changes to the Cosmos SDK to implement ABCI 2.0 in two distinct +phases, `VoteExtensions` and `FinalizeBlock`. + +### `VoteExtensions` + +Similarly for `PrepareProposal` and `ProcessProposal`, we propose to introduce +two new handlers that an application can implement in order to provide and verify +vote extensions. + +We propose the following new handlers for applications to implement: + +```go +type ExtendVoteHandler func(sdk.Context, abci.ExtendVoteRequest) abci.ExtendVoteResponse +type VerifyVoteExtensionHandler func(sdk.Context, abci.VerifyVoteExtensionRequest) abci.VerifyVoteExtensionResponse +``` + +An ephemeral context and state will be supplied to both handlers. The +context will contain relevant metadata such as the block height and block hash. +The state will be a cached version of the committed state of the application and +will be discarded after the execution of the handler, this means that both handlers +get a fresh state view and no changes made to it will be written. + +If an application decides to implement `ExtendVoteHandler`, it must return a +non-nil `ResponseExtendVote.VoteExtension`. + +Recall, an implementation of `ExtendVoteHandler` does NOT need to be deterministic, +however, given a set of vote extensions, `VerifyVoteExtensionHandler` must be +deterministic, otherwise the chain may suffer from liveness faults. In addition, +recall CometBFT proceeds in rounds for each height, so if a decision cannot be +made about a block proposal at a given height, CometBFT will proceed to the +next round and thus will execute `ExtendVote` and `VerifyVoteExtension` again for +the new round for each validator until 2/3 valid pre-commits can be obtained. + +Given the broad scope of potential implementations and use-cases of vote extensions, +and how to verify them, most applications should choose to implement the handlers +through a single handler type, which can have any number of dependencies injected +such as keepers. In addition, this handler type could contain some notion of +volatile vote extension state management which would assist in vote extension +verification. This state management could be ephemeral or could be some form of +on-disk persistence. + +Example: + +```go +// VoteExtensionHandler implements an Oracle vote extension handler. +type VoteExtensionHandler struct { + cdc Codec + mk MyKeeper + state VoteExtState // This could be a map or a DB connection object +} + +// ExtendVoteHandler can do something with h.mk and possibly h.state to create +// a vote extension, such as fetching a series of prices for supported assets. +func (h VoteExtensionHandler) ExtendVoteHandler(ctx sdk.Context, req abci.ExtendVoteRequest) abci.ExtendVoteResponse { + prices := GetPrices(ctx, h.mk.Assets()) + bz, err := EncodePrices(h.cdc, prices) + if err != nil { + panic(fmt.Errorf("failed to encode prices for vote extension: %w", err)) + } + + // store our vote extension at the given height + // + // NOTE: Vote extensions can be overridden since we can timeout in a round. + SetPrices(h.state, req, bz) + + return abci.ExtendVoteResponse{VoteExtension: bz} +} + +// VerifyVoteExtensionHandler can do something with h.state and req to verify +// the req.VoteExtension field, such as ensuring the provided oracle prices are +// within some valid range of our prices. +func (h VoteExtensionHandler) VerifyVoteExtensionHandler(ctx sdk.Context, req abci.VerifyVoteExtensionRequest) abci.VerifyVoteExtensionResponse { + prices, err := DecodePrices(h.cdc, req.VoteExtension) + if err != nil { + log("failed to decode vote extension", "err", err) + return abci.VerifyVoteExtensionResponse{Status: REJECT} + } + + if err := ValidatePrices(h.state, req, prices); err != nil { + log("failed to validate vote extension", "prices", prices, "err", err) + return abci.VerifyVoteExtensionResponse{Status: REJECT} + } + + // store updated vote extensions at the given height + // + // NOTE: Vote extensions can be overridden since we can timeout in a round. + SetPrices(h.state, req, req.VoteExtension) + + return abci.VerifyVoteExtensionResponse{Status: ACCEPT} +} +``` + +#### Vote Extension Propagation & Verification + +As mentioned previously, vote extensions for height `H` are only made available +to the proposer at height `H+1` during `PrepareProposal`. However, in order to +make vote extensions useful, all validators should have access to the agreed upon +vote extensions at height `H` during `H+1`. + +Since CometBFT includes all the vote extension signatures in `RequestPrepareProposal`, +we propose that the proposing validator manually "inject" the vote extensions +along with their respective signatures via a special transaction, `VoteExtsTx`, +into the block proposal during `PrepareProposal`. The `VoteExtsTx` will be +populated with a single `ExtendedCommitInfo` object which is received directly +from `RequestPrepareProposal`. + +For convention, the `VoteExtsTx` transaction should be the first transaction in +the block proposal, although chains can implement their own preferences. For +safety purposes, we also propose that the proposer itself verify all the vote +extension signatures it receives in `RequestPrepareProposal`. + +A validator, upon a `RequestProcessProposal`, will receive the injected `VoteExtsTx` +which includes the vote extensions along with their signatures. If no such transaction +exists, the validator MUST REJECT the proposal. + +When a validator inspects a `VoteExtsTx`, it will evaluate each `SignedVoteExtension`. +For each signed vote extension, the validator will generate the signed bytes and +verify the signature. At least 2/3 valid signatures, based on voting power, must +be received in order for the block proposal to be valid, otherwise the validator +MUST REJECT the proposal. + +In order to have the ability to validate signatures, `BaseApp` must have access +to the `x/staking` module, since this module stores an index from consensus +address to public key. However, we will avoid a direct dependency on `x/staking` +and instead rely on an interface instead. In addition, the Cosmos SDK will expose +a default signature verification method which applications can use: + +```go +type ValidatorStore interface { + GetPubKeyByConsAddr(context.Context, sdk.ConsAddress) (cmtprotocrypto.PublicKey, error) +} + +// ValidateVoteExtensions is a function that an application can execute in +// ProcessProposal to verify vote extension signatures. +func (app *BaseApp) ValidateVoteExtensions(ctx sdk.Context, currentHeight int64, extCommit abci.ExtendedCommitInfo) error { + votingPower := 0 + totalVotingPower := 0 + + for _, vote := range extCommit.Votes { + totalVotingPower += vote.Validator.Power + + if !vote.SignedLastBlock || len(vote.VoteExtension) == 0 { + continue + } + + valConsAddr := sdk.ConsAddress(vote.Validator.Address) + pubKeyProto, err := valStore.GetPubKeyByConsAddr(ctx, valConsAddr) + if err != nil { + return fmt.Errorf("failed to get public key for validator %s: %w", valConsAddr, err) + } + + if len(vote.ExtensionSignature) == 0 { + return fmt.Errorf("received a non-empty vote extension with empty signature for validator %s", valConsAddr) + } + + cmtPubKey, err := cryptoenc.PubKeyFromProto(pubKeyProto) + if err != nil { + return fmt.Errorf("failed to convert validator %X public key: %w", valConsAddr, err) + } + + cve := cmtproto.CanonicalVoteExtension{ + Extension: vote.VoteExtension, + Height: currentHeight - 1, // the vote extension was signed in the previous height + Round: int64(extCommit.Round), + ChainId: app.GetChainID(), + } + + extSignBytes, err := cosmosio.MarshalDelimited(&cve) + if err != nil { + return fmt.Errorf("failed to encode CanonicalVoteExtension: %w", err) + } + + if !cmtPubKey.VerifySignature(extSignBytes, vote.ExtensionSignature) { + return errors.New("received vote with invalid signature") + } + + votingPower += vote.Validator.Power + } + + if (votingPower / totalVotingPower) < threshold { + return errors.New("not enough voting power for the vote extensions") + } + + return nil +} +``` + +Once at least 2/3 signatures, by voting power, are received and verified, the +validator can use the vote extensions to derive additional data or come to some +decision based on the vote extensions. + +> NOTE: It is very important to state, that neither the vote propagation technique +> nor the vote extension verification mechanism described above is required for +> applications to implement. In other words, a proposer is not required to verify +> and propagate vote extensions along with their signatures nor are proposers +> required to verify those signatures. An application can implement it's own +> PKI mechanism and use that to sign and verify vote extensions. + +#### Vote Extension Persistence + +In certain contexts, it may be useful or necessary for applications to persist +data derived from vote extensions. In order to facilitate this use case, we propose +to allow app developers to define a pre-Blocker hook which will be called +at the very beginning of `FinalizeBlock`, i.e. before `BeginBlock` (see below). + +Note, we cannot allow applications to directly write to the application state +during `ProcessProposal` because during replay, CometBFT will NOT call `ProcessProposal`, +which would result in an incomplete state view. + +```go +func (a MyApp) PreBlocker(ctx sdk.Context, req *abci.FinalizeBlockRequest) error { + voteExts := GetVoteExtensions(ctx, req.Txs) + + // Process and perform some compute on vote extensions, storing any resulting + // state. + if err a.processVoteExtensions(ctx, voteExts); if err != nil { + return err + } +} +``` + +### `FinalizeBlock` + +The existing ABCI methods `BeginBlock`, `DeliverTx`, and `EndBlock` have existed +since the dawn of ABCI-based applications. Thus, applications, tooling, and developers +have grown used to these methods and their use-cases. Specifically, `BeginBlock` +and `EndBlock` have grown to be pretty integral and powerful within ABCI-based +applications. E.g. an application might want to run distribution and inflation +related operations prior to executing transactions and then have staking related +changes to happen after executing all transactions. + +We propose to keep `BeginBlock` and `EndBlock` within the SDK's core module +interfaces only so application developers can continue to build against existing +execution flows. However, we will remove `BeginBlock`, `DeliverTx` and `EndBlock` +from the SDK's `BaseApp` implementation and thus the ABCI surface area. + +What will then exist is a single `FinalizeBlock` execution flow. Specifically, in +`FinalizeBlock` we will execute the application's `BeginBlock`, followed by +execution of all the transactions, finally followed by execution of the application's +`EndBlock`. + +Note, we will still keep the existing transaction execution mechanics within +`BaseApp`, but all notions of `DeliverTx` will be removed, i.e. `deliverState` +will be replace with `finalizeState`, which will be committed on `Commit`. + +However, there are current parameters and fields that exist in the existing +`BeginBlock` and `EndBlock` ABCI types, such as votes that are used in distribution +and byzantine validators used in evidence handling. These parameters exist in the +`FinalizeBlock` request type, and will need to be passed to the application's +implementations of `BeginBlock` and `EndBlock`. + +This means the Cosmos SDK's core module interfaces will need to be updated to +reflect these parameters. The easiest and most straightforward way to achieve +this is to just pass `RequestFinalizeBlock` to `BeginBlock` and `EndBlock`. +Alternatively, we can create dedicated proxy types in the SDK that reflect these +legacy ABCI types, e.g. `LegacyBeginBlockRequest` and `LegacyEndBlockRequest`. Or, +we can come up with new types and names altogether. + +```go +func (app *BaseApp) FinalizeBlock(req abci.FinalizeBlockRequest) (*abci.FinalizeBlockResponse, error) { + ctx := ... + + if app.preBlocker != nil { + ctx := app.finalizeBlockState.ctx + rsp, err := app.preBlocker(ctx, req) + if err != nil { + return nil, err + } + if rsp.ConsensusParamsChanged { + app.finalizeBlockState.ctx = ctx.WithConsensusParams(app.GetConsensusParams(ctx)) + } + } + beginBlockResp, err := app.beginBlock(req) + appendBlockEventAttr(beginBlockResp.Events, "begin_block") + + txExecResults := make([]abci.ExecTxResult, 0, len(req.Txs)) + for _, tx := range req.Txs { + result := app.runTx(runTxModeFinalize, tx) + txExecResults = append(txExecResults, result) + } + + endBlockResp, err := app.endBlock(app.finalizeBlockState.ctx) + appendBlockEventAttr(beginBlockResp.Events, "end_block") + + return abci.FinalizeBlockResponse{ + TxResults: txExecResults, + Events: joinEvents(beginBlockResp.Events, endBlockResp.Events), + ValidatorUpdates: endBlockResp.ValidatorUpdates, + ConsensusParamUpdates: endBlockResp.ConsensusParamUpdates, + AppHash: nil, + } +} +``` + +#### Events + +Many tools, indexers and ecosystem libraries rely on the existence `BeginBlock` +and `EndBlock` events. Since CometBFT now only exposes `FinalizeBlockEvents`, we +find that it will still be useful for these clients and tools to still query for +and rely on existing events, especially since applications will still define +`BeginBlock` and `EndBlock` implementations. + +In order to facilitate existing event functionality, we propose that all `BeginBlock` +and `EndBlock` events have a dedicated `EventAttribute` with `key=block` and +`value=begin_block|end_block`. The `EventAttribute` will be appended to each event +in both `BeginBlock` and `EndBlock` events. + + +### Upgrading + +CometBFT defines a consensus parameter, [`VoteExtensionsEnableHeight`](https://github.com/cometbft/cometbft/blob/v0.38.0-alpha.1/spec/abci/abci%2B%2B_app_requirements.md#abciparamsvoteextensionsenableheight), +which specifies the height at which vote extensions are enabled and **required**. +If the value is set to zero, which is the default, then vote extensions are +disabled and an application is not required to implement and use vote extensions. + +However, if the value `H` is positive, at all heights greater than the configured +height `H` vote extensions must be present (even if empty). When the configured +height `H` is reached, `PrepareProposal` will not include vote extensions yet, +but `ExtendVote` and `VerifyVoteExtension` will be called. Then, when reaching +height `H+1`, `PrepareProposal` will include the vote extensions from height `H`. + +It is very important to note, for all heights after H: + +* Vote extensions CANNOT be disabled +* They are mandatory, i.e. all pre-commit messages sent MUST have an extension + attached (even if empty) + +When an application updates to the Cosmos SDK version with CometBFT v0.38 support, +in the upgrade handler it must ensure to set the consensus parameter +`VoteExtensionsEnableHeight` to the correct value. E.g. if an application is set +to perform an upgrade at height `H`, then the value of `VoteExtensionsEnableHeight` +should be set to any value `>=H+1`. This means that at the upgrade height, `H`, +vote extensions will not be enabled yet, but at height `H+1` they will be enabled. + +## Consequences + +### Backwards Compatibility + +ABCI 2.0 is naturally not backwards compatible with prior versions of the Cosmos SDK +and CometBFT. For example, an application that requests `RequestFinalizeBlock` +to the same application that does not speak ABCI 2.0 will naturally fail. + +In addition, `BeginBlock`, `DeliverTx` and `EndBlock` will be removed from the +application ABCI interfaces and along with the inputs and outputs being modified +in the module interfaces. + +### Positive + +* `BeginBlock` and `EndBlock` semantics remain, so burden on application developers + should be limited. +* Less communication overhead as multiple ABCI requests are condensed into a single + request. +* Sets the groundwork for optimistic execution. +* Vote extensions allow for an entirely new set of application primitives to be + developed, such as in-process price oracles and encrypted mempools. + +### Negative + +* Some existing Cosmos SDK core APIs may need to be modified and thus broken. +* Signature verification in `ProcessProposal` of 100+ vote extension signatures + will add significant performance overhead to `ProcessProposal`. Granted, the + signature verification process can happen concurrently using an error group + with `GOMAXPROCS` goroutines. + +### Neutral + +* Having to manually "inject" vote extensions into the block proposal during + `PrepareProposal` is an awkward approach and takes up block space unnecessarily. +* The requirement of `ResetProcessProposalState` can create a footgun for + application developers if they're not careful, but this is necessary in order + for applications to be able to commit state from vote extension computation. + +## Further Discussions + +Future discussions include design and implementation of ABCI 3.0, which is a +continuation of ABCI++ and the general discussion of optimistic execution. + +## References + +* [ADR 060: ABCI 1.0 (Phase I)](adr-060-abci-1.0.md) diff --git a/copy-of-sdk-docs/build/architecture/adr-065-store-v2.md b/copy-of-sdk-docs/build/architecture/adr-065-store-v2.md new file mode 100644 index 00000000..babf0eb7 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-065-store-v2.md @@ -0,0 +1,290 @@ +# ADR-065: Store V2 + +## Changelog + +* Feb 14, 2023: Initial Draft (@alexanderbez) + +## Status + +DRAFT + +## Abstract + +The storage and state primitives that Cosmos SDK based applications have used have +by and large not changed since the launch of the inaugural Cosmos Hub. The demands +and needs of Cosmos SDK based applications, from both developer and client UX +perspectives, have evolved and outgrown the ecosystem since these primitives +were first introduced. + +Over time as these applications have gained significant adoption, many critical +shortcomings and flaws have been exposed in the state and storage primitives of +the Cosmos SDK. + +In order to keep up with the evolving demands and needs of both clients and developers, +a major overhaul to these primitives is necessary. + +## Context + +The Cosmos SDK provides application developers with various storage primitives +for dealing with application state. Specifically, each module contains its own +merkle commitment data structure -- an IAVL tree. In this data structure, a module +can store and retrieve key-value pairs along with Merkle commitments, i.e. proofs, +to those key-value pairs indicating that they do or do not exist in the global +application state. This data structure is the base layer `KVStore`. + +In addition, the SDK provides abstractions on top of this Merkle data structure. +Namely, a root multi-store (RMS) is a collection of each module's `KVStore`. +Through the RMS, the application can serve queries and provide proofs to clients +in addition to providing a module access to its own unique `KVStore` through the use +of `StoreKey`, which is an OCAP primitive. + +There are further layers of abstraction that sit between the RMS and the underlying +IAVL `KVStore`. A `GasKVStore` is responsible for tracking gas IO consumption for +state machine reads and writes. A `CacheKVStore` is responsible for providing a +way to cache reads and buffer writes to make state transitions atomic, e.g. +transaction execution or governance proposal execution. + +There are a few critical drawbacks to these layers of abstraction and the overall +design of storage in the Cosmos SDK: + +* Since each module has its own IAVL `KVStore`, commitments are not [atomic](https://github.com/cosmos/cosmos-sdk/issues/14625) + * Note, we can still allow modules to have their own IAVL `KVStore`, but the + IAVL library will need to support the ability to pass a DB instance as an + argument to various IAVL APIs. +* Since IAVL is responsible for both state storage and commitment, running an + archive node becomes increasingly expensive as disk space grows exponentially. +* As the size of a network increases, various performance bottlenecks start to + emerge in many areas such as query performance, network upgrades, state + migrations, and general application performance. +* Developer UX is poor as it does not allow application developers to experiment + with different types of approaches to storage and commitments, along with the + complications of many layers of abstractions referenced above. + +See the [Storage Discussion](https://github.com/cosmos/cosmos-sdk/discussions/13545) for more information. + +## Alternatives + +There was a previous attempt to refactor the storage layer described in [ADR-040](./adr-040-storage-and-smt-state-commitments.md). +However, this approach mainly stems from the shortcomings of IAVL and various performance +issues around it. While there was a (partial) implementation of [ADR-040](./adr-040-storage-and-smt-state-commitments.md), +it was never adopted for a variety of reasons, such as the reliance on using an +SMT, which was more in a research phase, and some design choices that couldn't +be fully agreed upon, such as the snapshotting mechanism that would result in +massive state bloat. + +## Decision + +We propose to build upon some of the great ideas introduced in [ADR-040](./adr-040-storage-and-smt-state-commitments.md), +while being a bit more flexible with the underlying implementations and overall +less intrusive. Specifically, we propose to: + +* Separate the concerns of state commitment (**SC**), needed for consensus, and + state storage (**SS**), needed for state machine and clients. +* Reduce layers of abstractions necessary between the RMS and underlying stores. +* Provide atomic module store commitments by providing a batch database object + to core IAVL APIs. +* Reduce complexities in the `CacheKVStore` implementation while also improving + performance[3]. + +Furthermore, we will keep the IAVL is the backing [commitment](https://cryptography.fandom.com/wiki/Commitment_scheme) +store for the time being. While we might not fully settle on the use of IAVL in +the long term, we do not have strong empirical evidence to suggest a better +alternative. Given that the SDK provides interfaces for stores, it should be sufficient +to change the backing commitment store in the future should evidence arise to +warrant a better alternative. However there is promising work being done to IAVL +that should result in significant performance improvement [1,2]. + +### Separating SS and SC + +By separating SS and SC, it will allow for us to optimize against primary use cases +and access patterns to state. Specifically, The SS layer will be responsible for +direct access to data in the form of (key, value) pairs, whereas the SC layer (IAVL) +will be responsible for committing to data and providing Merkle proofs. + +Note, the underlying physical storage database will be the same between both the +SS and SC layers. So to avoid collisions between (key, value) pairs, both layers +will be namespaced. + +#### State Commitment (SC) + +Given that the existing solution today acts as both SS and SC, we can simply +repurpose it to act solely as the SC layer without any significant changes to +access patterns or behavior. In other words, the entire collection of existing +IAVL-backed module `KVStore`s will act as the SC layer. + +However, in order for the SC layer to remain lightweight and not duplicate a +majority of the data held in the SS layer, we encourage node operators to keep +tight pruning strategies. + +#### State Storage (SS) + +In the RMS, we will expose a *single* `KVStore` backed by the same physical +database that backs the SC layer. This `KVStore` will be explicitly namespaced +to avoid collisions and will act as the primary storage for (key, value) pairs. + +While we most likely will continue the use of `cosmos-db`, or some local interface, +to allow for flexibility and iteration over preferred physical storage backends +as research and benchmarking continues. However, we propose to hardcode the use +of RocksDB as the primary physical storage backend. + +Since the SS layer will be implemented as a `KVStore`, it will support the +following functionality: + +* Range queries +* CRUD operations +* Historical queries and versioning +* Pruning + +The RMS will keep track of all buffered writes using a dedicated and internal +`MemoryListener` for each `StoreKey`. For each block height, upon `Commit`, the +SS layer will write all buffered (key, value) pairs under a [RocksDB user-defined timestamp](https://github.com/facebook/rocksdb/wiki/User-defined-Timestamp-%28Experimental%29) column +family using the block height as the timestamp, which is an unsigned integer. +This will allow a client to fetch (key, value) pairs at historical and current +heights along with making iteration and range queries relatively performant as +the timestamp is the key suffix. + +Note, we choose not to use a more general approach of allowing any embedded key/value +database, such as LevelDB or PebbleDB, using height key-prefixed keys to +effectively version state because most of these databases use variable length +keys which would effectively make actions likes iteration and range queries less +performant. + +Since operators might want pruning strategies to differ in SS compared to SC, +e.g. having a very tight pruning strategy in SC while having a looser pruning +strategy for SS, we propose to introduce an additional pruning configuration, +with parameters that are identical to what exists in the SDK today, and allow +operators to control the pruning strategy of the SS layer independently of the +SC layer. + +Note, the SC pruning strategy must be congruent with the operator's state sync +configuration. This is so as to allow state sync snapshots to execute successfully, +otherwise, a snapshot could be triggered on a height that is not available in SC. + +#### State Sync + +The state sync process should be largely unaffected by the separation of the SC +and SS layers. However, if a node syncs via state sync, the SS layer of the node +will not have the state synced height available, since the IAVL import process is +not setup in way to easily allow direct key/value insertion. A modification of +the IAVL import process would be necessary to facilitate having the state sync +height available. + +Note, this is not problematic for the state machine itself because when a query +is made, the RMS will automatically direct the query correctly (see [Queries](#queries)). + +#### Queries + +To consolidate the query routing between both the SC and SS layers, we propose to +have a notion of a "query router" that is constructed in the RMS. This query router +will be supplied to each `KVStore` implementation. The query router will route +queries to either the SC layer or the SS layer based on a few parameters. If +`prove: true`, then the query must be routed to the SC layer. Otherwise, if the +query height is available in the SS layer, the query will be served from the SS +layer. Otherwise, we fall back on the SC layer. + +If no height is provided, the SS layer will assume the latest height. The SS +layer will store a reverse index to lookup `LatestVersion -> timestamp(version)` +which is set on `Commit`. + +#### Proofs + +Since the SS layer is naturally a storage layer only, without any commitments +to (key, value) pairs, it cannot provide Merkle proofs to clients during queries. + +Since the pruning strategy against the SC layer is configured by the operator, +we can therefore have the RMS route the query to the SC layer if the version exists and +`prove: true`. Otherwise, the query will fall back to the SS layer without a proof. + +We could explore the idea of using state snapshots to rebuild an in-memory IAVL +tree in real time against a version closest to the one provided in the query. +However, it is not clear what the performance implications will be of this approach. + +### Atomic Commitment + +We propose to modify the existing IAVL APIs to accept a batch DB object instead +of relying on an internal batch object in `nodeDB`. Since each underlying IAVL +`KVStore` shares the same DB in the SC layer, this will allow commits to be +atomic. + +Specifically, we propose to: + +* Remove the `dbm.Batch` field from `nodeDB` +* Update the `SaveVersion` method of the `MutableTree` IAVL type to accept a batch object +* Update the `Commit` method of the `CommitKVStore` interface to accept a batch object +* Create a batch object in the RMS during `Commit` and pass this object to each + `KVStore` +* Write the database batch after all stores have committed successfully + +Note, this will require IAVL to be updated to not rely or assume on any batch +being present during `SaveVersion`. + +## Consequences + +As a result of a new store V2 package, we should expect to see improved performance +for queries and transactions due to the separation of concerns. We should also +expect to see improved developer UX around experimentation of commitment schemes +and storage backends for further performance, in addition to a reduced amount of +abstraction around KVStores making operations such as caching and state branching +more intuitive. + +However, due to the proposed design, there are drawbacks around providing state +proofs for historical queries. + +### Backwards Compatibility + +This ADR proposes changes to the storage implementation in the Cosmos SDK through +an entirely new package. Interfaces may be borrowed and extended from existing +types that exist in `store`, but no existing implementations or interfaces will +be broken or modified. + +### Positive + +* Improved performance of independent SS and SC layers +* Reduced layers of abstraction making storage primitives easier to understand +* Atomic commitments for SC +* Redesign of storage types and interfaces will allow for greater experimentation + such as different physical storage backends and different commitment schemes + for different application modules + +### Negative + +* Providing proofs for historical state is challenging + +### Neutral + +* Keeping IAVL as the primary commitment data structure, although drastic + performance improvements are being made + +## Further Discussions + +### Module Storage Control + +Many modules store secondary indexes that are typically solely used to support +client queries, but are actually not needed for the state machine's state +transitions. What this means is that these indexes technically have no reason to +exist in the SC layer at all, as they take up unnecessary space. It is worth +exploring what an API would look like to allow modules to indicate what (key, value) +pairs they want to be persisted in the SC layer, implicitly indicating the SS +layer as well, as opposed to just persisting the (key, value) pair only in the +SS layer. + +### Historical State Proofs + +It is not clear what the importance or demand is within the community of providing +commitment proofs for historical state. While solutions can be devised such as +rebuilding trees on the fly based on state snapshots, it is not clear what the +performance implications are for such solutions. + +### Physical DB Backends + +This ADR proposes usage of RocksDB to utilize user-defined timestamps as a +versioning mechanism. However, other physical DB backends are available that may +offer alternative ways to implement versioning while also providing performance +improvements over RocksDB. E.g. PebbleDB supports MVCC timestamps as well, but +we'll need to explore how PebbleDB handles compaction and state growth over time. + +## References + +* [1] https://github.com/cosmos/iavl/pull/676 +* [2] https://github.com/cosmos/iavl/pull/664 +* [3] https://github.com/cosmos/cosmos-sdk/issues/14990 diff --git a/copy-of-sdk-docs/build/architecture/adr-068-preblock.md b/copy-of-sdk-docs/build/architecture/adr-068-preblock.md new file mode 100644 index 00000000..6b50cf0c --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-068-preblock.md @@ -0,0 +1,63 @@ +# ADR 068: Preblock + +## Changelog + +* Sept 13, 2023: Initial Draft + +## Status + +DRAFT + +## Abstract + +Introduce `PreBlock`, which runs before the begin blocker of other modules, and allows modifying consensus parameters, and the changes are visible to the following state machine logics. + +## Context + +When upgrading to sdk 0.47, the storage format for consensus parameters changed, but in the migration block, `ctx.ConsensusParams()` is always `nil`, because it fails to load the old format using new code, it's supposed to be migrated by the `x/upgrade` module first, but unfortunately, the migration happens in `BeginBlocker` handler, which runs after the `ctx` is initialized. +When we try to solve this, we find the `x/upgrade` module can't modify the context to make the consensus parameters visible for the other modules, the context is passed by value, and sdk team want to keep it that way, that's good for isolation between modules. + +## Alternatives + +The first alternative solution introduced a `MigrateModuleManager`, which only includes the `x/upgrade` module right now, and baseapp will run their `BeginBlocker`s before the other modules, and reload context's consensus parameters in between. + +## Decision + +Suggested this new lifecycle method. + +### `PreBlocker` + +There are two semantics around the new lifecycle method: + +* It runs before the `BeginBlocker` of all modules +* It can modify consensus parameters in storage, and signal the caller through the return value. + +When it returns `ConsensusParamsChanged=true`, the caller must refresh the consensus parameters in the finalize context: + +``` +app.finalizeBlockState.ctx = app.finalizeBlockState.ctx.WithConsensusParams(app.GetConsensusParams()) +``` + +The new ctx must be passed to all the other lifecycle methods. + + +## Consequences + +### Backwards Compatibility + +### Positive + +### Negative + +### Neutral + +## Further Discussions + +## Test Cases + +## References + +* [1] https://github.com/cosmos/cosmos-sdk/issues/16494 +* [2] https://github.com/cosmos/cosmos-sdk/pull/16583 +* [3] https://github.com/cosmos/cosmos-sdk/pull/17421 +* [4] https://github.com/cosmos/cosmos-sdk/pull/17713 diff --git a/copy-of-sdk-docs/build/architecture/adr-070-unordered-account.md b/copy-of-sdk-docs/build/architecture/adr-070-unordered-account.md new file mode 100644 index 00000000..767d40d5 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-070-unordered-account.md @@ -0,0 +1,327 @@ +# ADR 070: Unordered Transactions + +## Changelog + +* Dec 4, 2023: Initial Draft (@yihuang, @tac0turtle, @alexanderbez) +* Jan 30, 2024: Include section on deterministic transaction encoding +* Mar 18, 2025: Revise implementation to use Cosmos SDK KV Store and require unique timeouts per-address (@technicallyty) +* Apr 25, 2025: Add note about rejecting unordered txs with sequence values. + +## Status + +ACCEPTED Not Implemented + +## Abstract + +We propose a way to do replay-attack protection without enforcing the order of +transactions and without requiring the use of monotonically increasing sequences. Instead, we propose +the use of a time-based, ephemeral sequence. + +## Context + +Account sequence values serve to prevent replay attacks and ensure transactions from the same sender are included in blocks and executed +in sequential order. Unfortunately, this makes it difficult to reliably send many concurrent transactions from the +same sender. Victims of such limitations include IBC relayers and crypto exchanges. + +## Decision + +We propose adding a boolean field `unordered` and a google.protobuf.Timestamp field `timeout_timestamp` to the transaction body. + +Unordered transactions will bypass the traditional account sequence rules and follow the rules described +below, without impacting traditional ordered transactions which will follow the same sequence rules as before. + +We will introduce new storage of time-based, ephemeral unordered sequences using the SDK's existing KV Store library. +Specifically, we will leverage the existing x/auth KV store to store the unordered sequences. + +When an unordered transaction is included in a block, a concatenation of the `timeout_timestamp` and sender’s address bytes +will be recorded to state (i.e. `542939323/`). In cases of multi-party signing, one entry per signer +will be recorded to state. + +New transactions will be checked against the state to prevent duplicate submissions. To prevent the state from growing indefinitely, we propose the following: + +* Define an upper bound for the value of `timeout_timestamp` (i.e. 10 minutes). +* Add PreBlocker method to x/auth that removes state entries with a `timeout_timestamp` earlier than the current block time. + +### Transaction Format + +```protobuf +message TxBody { + ... + + bool unordered = 4; + google.protobuf.Timestamp timeout_timestamp = 5; +} +``` + +### Replay Protection + +We facilitate replay protection by storing the unordered sequence in the Cosmos SDK KV store. Upon transaction ingress, we check if the transaction's unordered +sequence exists in state, or if the TTL value is stale, i.e. before the current block time. If so, we reject it. Otherwise, +we add the unordered sequence to the state. This section of the state will belong to the `x/auth` module. + +The state is evaluated during x/auth's `PreBlocker`. All transactions with an unordered sequence earlier than the current block time +will be deleted. + +```go +func (am AppModule) PreBlock(ctx context.Context) (appmodule.ResponsePreBlock, error) { + err := am.accountKeeper.RemoveExpired(sdk.UnwrapSDKContext(ctx)) + if err != nil { + return nil, err + } + return &sdk.ResponsePreBlock{ConsensusParamsChanged: false}, nil +} +``` + +```golang +package keeper + +import ( + sdk "github.com/cosmos/cosmos-sdk/types" + + "cosmossdk.io/collections" + "cosmossdk.io/core/store" +) + +var ( + // just arbitrarily picking some upper bound number. + unorderedSequencePrefix = collections.NewPrefix(90) +) + +type AccountKeeper struct { + // ... + unorderedSequences collections.KeySet[collections.Pair[uint64, []byte]] +} + +func (m *AccountKeeper) Contains(ctx sdk.Context, sender []byte, timestamp uint64) (bool, error) { + return m.unorderedSequences.Has(ctx, collections.Join(timestamp, sender)) +} + +func (m *AccountKeeper) Add(ctx sdk.Context, sender []byte, timestamp uint64) error { + return m.unorderedSequences.Set(ctx, collections.Join(timestamp, sender)) +} + +func (m *AccountKeeper) RemoveExpired(ctx sdk.Context) error { + blkTime := ctx.BlockTime().UnixNano() + it, err := m.unorderedSequences.Iterate(ctx, collections.NewPrefixUntilPairRange[uint64, []byte](uint64(blkTime))) + if err != nil { + return err + } + defer it.Close() + + keys, err := it.Keys() + if err != nil { + return err + } + + for _, key := range keys { + if err := m.unorderedSequences.Remove(ctx, key); err != nil { + return err + } + } + + return nil +} + +``` + +### AnteHandler Decorator + +To facilitate bypassing nonce verification, we must modify the existing +`IncrementSequenceDecorator` AnteHandler decorator to skip the nonce verification +when the transaction is marked as unordered. + +```golang +func (isd IncrementSequenceDecorator) AnteHandle(ctx sdk.Context, tx sdk.Tx, simulate bool, next sdk.AnteHandler) (sdk.Context, error) { + if tx.UnOrdered() { + return next(ctx, tx, simulate) + } + + // ... +} +``` + +We also introduce a new decorator to perform the unordered transaction verification. + +```golang +package ante + +import ( + "slices" + "strings" + "time" + + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + authkeeper "github.com/cosmos/cosmos-sdk/x/auth/keeper" + authsigning "github.com/cosmos/cosmos-sdk/x/auth/signing" + + errorsmod "cosmossdk.io/errors" +) + +var _ sdk.AnteDecorator = (*UnorderedTxDecorator)(nil) + +// UnorderedTxDecorator defines an AnteHandler decorator that is responsible for +// checking if a transaction is intended to be unordered and, if so, evaluates +// the transaction accordingly. An unordered transaction will bypass having its +// nonce incremented, which allows fire-and-forget transaction broadcasting, +// removing the necessity of ordering on the sender-side. +// +// The transaction sender must ensure that unordered=true and a timeout_height +// is appropriately set. The AnteHandler will check that the transaction is not +// a duplicate and will evict it from state when the timeout is reached. +// +// The UnorderedTxDecorator should be placed as early as possible in the AnteHandler +// chain to ensure that during DeliverTx, the transaction is added to the unordered sequence state. +type UnorderedTxDecorator struct { + // maxUnOrderedTTL defines the maximum TTL a transaction can define. + maxTimeoutDuration time.Duration + txManager authkeeper.UnorderedTxManager +} + +func NewUnorderedTxDecorator( + utxm authkeeper.UnorderedTxManager, +) *UnorderedTxDecorator { + return &UnorderedTxDecorator{ + maxTimeoutDuration: 10 * time.Minute, + txManager: utxm, + } +} + +func (d *UnorderedTxDecorator) AnteHandle( + ctx sdk.Context, + tx sdk.Tx, + _ bool, + next sdk.AnteHandler, +) (sdk.Context, error) { + if err := d.ValidateTx(ctx, tx); err != nil { + return ctx, err + } + return next(ctx, tx, false) +} + +func (d *UnorderedTxDecorator) ValidateTx(ctx sdk.Context, tx sdk.Tx) error { + unorderedTx, ok := tx.(sdk.TxWithUnordered) + if !ok || !unorderedTx.GetUnordered() { + // If the transaction does not implement unordered capabilities or has the + // unordered value as false, we bypass. + return nil + } + + blockTime := ctx.BlockTime() + timeoutTimestamp := unorderedTx.GetTimeoutTimeStamp() + if timeoutTimestamp.IsZero() || timeoutTimestamp.Unix() == 0 { + return errorsmod.Wrap( + sdkerrors.ErrInvalidRequest, + "unordered transaction must have timeout_timestamp set", + ) + } + if timeoutTimestamp.Before(blockTime) { + return errorsmod.Wrap( + sdkerrors.ErrInvalidRequest, + "unordered transaction has a timeout_timestamp that has already passed", + ) + } + if timeoutTimestamp.After(blockTime.Add(d.maxTimeoutDuration)) { + return errorsmod.Wrapf( + sdkerrors.ErrInvalidRequest, + "unordered tx ttl exceeds %s", + d.maxTimeoutDuration.String(), + ) + } + + execMode := ctx.ExecMode() + if execMode == sdk.ExecModeSimulate { + return nil + } + + signerAddrs, err := getSigners(tx) + if err != nil { + return err + } + + for _, signer := range signerAddrs { + contains, err := d.txManager.Contains(ctx, signer, uint64(unorderedTx.GetTimeoutTimeStamp().Unix())) + if err != nil { + return errorsmod.Wrap( + sdkerrors.ErrIO, + "failed to check contains", + ) + } + if contains { + return errorsmod.Wrapf( + sdkerrors.ErrInvalidRequest, + "tx is duplicated for signer %x", signer, + ) + } + + if err := d.txManager.Add(ctx, signer, uint64(unorderedTx.GetTimeoutTimeStamp().Unix())); err != nil { + return errorsmod.Wrap( + sdkerrors.ErrIO, + "failed to add unordered sequence to state", + ) + } + } + + + return nil +} + +func getSigners(tx sdk.Tx) ([][]byte, error) { + sigTx, ok := tx.(authsigning.SigVerifiableTx) + if !ok { + return nil, errorsmod.Wrap(sdkerrors.ErrTxDecode, "invalid tx type") + } + return sigTx.GetSigners() +} + +``` + +### Unordered Sequences + +Unordered sequences provide a simple, straightforward mechanism to protect against both transaction malleability and +transaction duplication. It is important to note that the unordered sequence must still be unique. However, +the value is not required to be strictly increasing as with regular sequences, and the order in which the node receives +the transactions no longer matters. Clients can handle building unordered transactions similarly to the code below: + +```go +for _, tx := range txs { + tx.SetUnordered(true) + tx.SetTimeoutTimestamp(time.Now() + 1 * time.Nanosecond) +} +``` + +We will reject transactions that have both sequence and unordered timeouts set. We do this to avoid assuming the intent of the user. + +### State Management + +The storage of unordered sequences will be facilitated using the Cosmos SDK's KV Store service. + +## Note On Previous Design Iteration + +The previous iteration of unordered transactions worked by using an ad-hoc state-management system that posed severe +risks and a vector for duplicated tx processing. It relied on graceful app closure which would flush the current state +of the unordered sequence mapping. If 2/3 of the network crashed, and the graceful closure did not trigger, +the system would lose track of all sequences in the mapping, allowing those transactions to be replayed. The +implementation proposed in the updated version of this ADR solves this by writing directly to the Cosmos KV Store. +While this is less performant, for the initial implementation, we opted to choose a safer path and postpone performance optimizations until we have more data on real-world impacts and a more battle-tested approach to optimization. + +Additionally, the previous iteration relied on using hashes to create what we call an "unordered sequence." There are known +issues with transaction malleability in Cosmos SDK signing modes. This ADR gets away from this problem by enforcing +single-use unordered nonces, instead of deriving nonces from bytes in the transaction. + +## Consequences + +### Positive + +* Support unordered transaction inclusion, enabling the ability to "fire and forget" many transactions at once. + +### Negative + +* Requires additional storage overhead. +* Requirement of unique timestamps per transaction causes a small amount of additional overhead for clients. Clients must ensure each transaction's timeout timestamp is different. However, nanosecond differentials suffice. +* Usage of Cosmos SDK KV store is slower in comparison to using a non-merkleized store or ad-hoc methods, and block times may slow down as a result. + +## References + +* https://github.com/cosmos/cosmos-sdk/issues/13009 + diff --git a/copy-of-sdk-docs/build/architecture/adr-076-tx-malleability.md b/copy-of-sdk-docs/build/architecture/adr-076-tx-malleability.md new file mode 100644 index 00000000..9843b17f --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-076-tx-malleability.md @@ -0,0 +1,172 @@ +# Cosmos SDK Transaction Malleability Risk Review and Recommendations + +## Changelog + +* 2025-03-10: Initial draft (@aaronc) + +## Status + +PROPOSED: Not Implemented + +## Abstract + +Several encoding and sign mode related issues have historically resulted in the possibility +that Cosmos SDK transactions may be re-encoded in such a way as to change their hash +(and in rare cases, their meaning) without invalidating the signature. +This document details these cases, their potential risks, the extent to which they have been +addressed, and provides recommendations for future improvements. + +## Review + +One naive assumption about Cosmos SDK transactions is that hashing the raw bytes of a submitted transaction creates a safe unique identifier for the transaction. In reality, there are multiple ways in which transactions could be manipulated to create different transaction bytes (and as a result different hashes) that still pass signature verification. + +This document attempts to enumerate the various potential transaction "malleability" risks that we have identified and the extent to which they have or have not been addressed in various sign modes. We also identify vulnerabilities that could be introduced if developers make changes in the future without careful consideration of the complexities involved with transaction encoding, sign modes and signatures. + +### Risks Associated with Malleability + +The malleability of transactions poses the following potential risks to end users: + +* unsigned data could get added to transactions and be processed by state machines +* clients often rely on transaction hashes for checking transaction status, but whether or not submitted transaction hashes match processed transaction hashes depends primarily on good network actors rather than fundamental protocol guarantees +* transactions could potentially get executed more than once (faulty replay protection) + +If a client generates a transaction, keeps a record of its hash and then attempts to query nodes to check the transaction's status, this process may falsely conclude that the transaction had not been processed if an intermediary +processor decoded and re-encoded the transaction with different encoding rules (either maliciously or unintentionally). +As long as no malleability is present in the signature bytes themselves, clients _should_ query transactions by signature instead of hash. + +Not being cognizant of this risk may lead clients to submit the same transaction multiple times if they believe that +earlier transactions had failed or gotten lost in processing. +This could be an attack vector against users if wallets primarily query transactions by hash. + +If the state machine were to rely on transaction hashes as a replay mechanism itself, this would be faulty and not +provide the intended replay protection. Instead, the state machine should rely on deterministic representations of +transactions rather than the raw encoding, or other nonces, +if they want to provide some replay protection that doesn't rely on a monotonically +increasing account sequence number. + + +### Sources of Malleability + +#### Non-deterministic Protobuf Encoding + +Cosmos SDK transactions are encoded using protobuf binary encoding when they are submitted to the network. Protobuf binary is not inherently a deterministic encoding meaning that the same logical payload could have several valid bytes representations. In a basic sense, this means that protobuf in general can be decoded and re-encoded to produce a different byte stream (and thus different hash) without changing the logical meaning of the bytes. [ADR 027: Deterministic Protobuf Serialization](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-027-deterministic-protobuf-serialization.md) describes in detail what needs to be done to produce what we consider to be a "canonical", deterministic protobuf serialization. Briefly, the following sources of malleability at the encoding level have been identified and are addressed by this specification: + +* fields can be emitted in any order +* default field values can be included or omitted, and this doesn't change meaning unless `optional` is used +* `repeated` fields of scalars may use packed or "regular" encoding +* `varint`s can include extra ignored bits +* extra fields may be added and are usually simply ignored by decoders. [ADR 020](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-020-protobuf-transaction-encoding.md#unknown-field-filtering) specifies that in general such extra fields should cause messages and transactions to be rejected + +When using `SIGN_MODE_DIRECT` none of the above malleabilities will be tolerated because: + +* signatures of messages and extensions must be done over the raw encoded bytes of those fields +* the outer tx envelope (`TxRaw`) must follow ADR 027 rules or be rejected + +Transactions signed with `SIGN_MODE_LEGACY_AMINO_JSON`, however, have no way of protecting against the above malleabilities because what is signed is a JSON representation of the logical contents of the transaction. These logical contents could have any number of valid protobuf binary encodings, so in general there are no guarantees regarding transaction hash with Amino JSON signing. + +In addition to being aware of the general non-determinism of protobuf binary, developers need to pay special attention to make sure that unknown protobuf fields get rejected when developing new capabilities related to protobuf transactions. The protobuf serialization format was designed with the assumption that unknown data known to encoders could safely be ignored by decoders. This assumption may have been fairly safe within the walled garden of Google's centralized infrastructure. However, in distributed blockchain systems, this assumption is generally unsafe. If a newer client encodes a protobuf message with data intended for a newer server, it is not safe for an older server to simply ignore and discard instructions that it does not understand. These instructions could include critical information that the transaction signer is relying upon and just assuming that it is unimportant is not safe. + +[ADR 020](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-020-protobuf-transaction-encoding.md#unknown-field-filtering) specifies some provisions for "non-critical" fields which can safely be ignored by older servers. In practice, I have not seen any valid usages of this. It is something in the design that maintainers should be aware of, but it may not be necessary or even 100% safe. + +#### Non-deterministic Value Encoding + +In addition to the non-determinism present in protobuf binary itself, some protobuf field data is encoded using a micro-format which itself may not be deterministic. Consider for instance integer or decimal encoding. Some decoders may allow for the presence of leading or trailing zeros without changing the logical meaning, ex. `00100` vs `100` or `100.00` vs `100`. So if a sign mode encodes numbers deterministically, but decoders accept multiple representations, +a user may sign over the value `100` while `0100` gets encoded. This would be possible with Amino JSON to the extent that the integer decoder accepts leading zeros. I believe the current `Int` implementation will reject this, however, it is +probably possible to encode an octal or hexadecimal representation in the transaction whereas the user signs over a decimal integer. + +#### Signature Encoding + +Signatures themselves are encoded using a micro-format specific to the signature algorithm being used and sometimes these +micro-formats can allow for non-determinism (multiple valid bytes for the same signature). +Most of the signature algorithms supported by the SDK should reject non-canonical bytes in their current implementation. +However, the `Multisignature` protobuf type uses normal protobuf encoding and there is no check as to whether the +decoded bytes followed canonical ADR 027 rules or not. Therefore, multisig transactions can have malleability in +their signatures. +Any new or custom signature algorithms must make sure that they reject any non-canonical bytes, otherwise even +with `SIGN_MODE_DIRECT` there can be transaction hash malleability by re-encoding signatures with a non-canonical +representation. + +#### Fields not covered by Amino JSON + +Another area that needs to be addressed carefully is the discrepancy between `AminoSignDoc` (see [`aminojson.proto`](../../x/tx/signing/aminojson/internal/aminojsonpb/aminojson.proto)) used for `SIGN_MODE_LEGACY_AMINO_JSON` and the actual contents of `TxBody` and `AuthInfo` (see [`tx.proto`](../../proto/cosmos/tx/v1beta1/tx.proto)). +If fields get added to `TxBody` or `AuthInfo`, they must either have a corresponding representation in `AminoSignDoc` or Amino JSON signatures must be rejected when those new fields are set. Making sure that this is done is a +highly manual process, and developers could easily make the mistake of updating `TxBody` or `AuthInfo` +without paying any attention to the implementation of `GetSignBytes` for Amino JSON. This is a critical +vulnerability in which unsigned content can now get into the transaction and signature verification will +pass. + +## Sign Mode Summary and Recommendations + +The sign modes officially supported by the SDK are `SIGN_MODE_DIRECT`, `SIGN_MODE_TEXTUAL`, `SIGN_MODE_DIRECT_AUX`, +and `SIGN_MODE_LEGACY_AMINO_JSON`. +`SIGN_MODE_LEGACY_AMINO_JSON` is used commonly by wallets and is currently the only sign mode supported on Nano Ledger hardware devices +(although `SIGN_MODE_TEXTUAL` was designed to also support hardware devices). +`SIGN_MODE_DIRECT` is the simplest sign mode and its usage is also fairly common. +`SIGN_MODE_DIRECT_AUX` is a variant of `SIGN_MODE_DIRECT` that can be used by auxiliary signers in a multi-signer +transaction by those signers who are not paying gas. +`SIGN_MODE_TEXTUAL` was intended as a replacement for `SIGN_MODE_LEGACY_AMINO_JSON`, but as far as we know it +has not been adopted by any clients yet and thus is not in active use. + +All known malleability concerns have been addressed in the current implementation of `SIGN_MODE_DIRECT`. +The only known malleability that could occur with a transaction signed with `SIGN_MODE_DIRECT` would +need to be in the signature bytes themselves. +Since signatures are not signed over, it is impossible for any sign mode to address this directly +and instead signature algorithms need to take care to reject any non-canonically encoded signature bytes +to prevent malleability. +For the known malleability of the `Multisignature` type, we should make sure that any valid signatures +were encoded following canonical ADR 027 rules when doing signature verification. + +`SIGN_MODE_DIRECT_AUX` provides the same level of safety as `SIGN_MODE_DIRECT` because + +* the raw encoded `TxBody` bytes are signed over in `SignDocDirectAux`, and +* a transaction using `SIGN_MODE_DIRECT_AUX` still requires the primary signer to sign the transaction with `SIGN_MODE_DIRECT` + +`SIGN_MODE_TEXTUAL` also provides the same level of safety as `SIGN_MODE_DIRECT` because the hash of the raw encoded +`TxBody` and `AuthInfo` bytes are signed over. + +Unfortunately, the vast majority of unaddressed malleability risks affect `SIGN_MODE_LEGACY_AMINO_JSON` and this +sign mode is still commonly used. +It is recommended that the following improvements be made to Amino JSON signing: + +* hashes of `TxBody` and `AuthInfo` should be added to `AminoSignDoc` so that encoding-level malleability is addressed +* when constructing `AminoSignDoc`, [protoreflect](https://pkg.go.dev/google.golang.org/protobuf/reflect/protoreflect) API should be used to ensure that there are no fields in `TxBody` or `AuthInfo` which do not have a mapping in `AminoSignDoc` have been set +* fields present in `TxBody` or `AuthInfo` that are not present in `AminoSignDoc` (such as extension options) should +be added to `AminoSignDoc` if possible + +## Testing + +To test that transactions are resistant to malleability, +we can develop a test suite to run against all sign modes that +attempts to manipulate transaction bytes in the following ways: + +* changing protobuf encoding by + * reordering fields + * setting default values + * adding extra bits to varints, or + * setting new unknown fields +* modifying integer and decimal values encoded as strings with leading or trailing zeros + +Whenever any of these manipulations is done, we should observe that the sign doc bytes for the sign mode being +tested also change, meaning that the corresponding signatures will also have to change. + +In the case of Amino JSON, we should also develop tests which ensure that if any `TxBody` or `AuthInfo` +field not supported by Amino's `AminoSignDoc` is set that signing fails. + +In the general case of transaction decoding, we should have unit tests to ensure that + +* any `TxRaw` bytes which do not follow ADR 027 canonical encoding cause decoding to fail, and +* any top-level transaction elements including `TxBody`, `AuthInfo`, public keys, and messages which +have unknown fields set cause the transaction to be rejected +(this ensures that ADR 020 unknown field filtering is properly applied) + +For each supported signature algorithm, +there should also be unit tests to ensure that signatures must be encoded canonically +or get rejected. + +## References + +* [ADR 027: Deterministic Protobuf Serialization](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-027-deterministic-protobuf-serialization.md) +* [ADR 020](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-020-protobuf-transaction-encoding.md#unknown-field-filtering) +* [`aminojson.proto`](../../x/tx/signing/aminojson/internal/aminojsonpb/aminojson.proto) +* [`tx.proto`](../../proto/cosmos/tx/v1beta1/tx.proto) + diff --git a/copy-of-sdk-docs/build/architecture/adr-template.md b/copy-of-sdk-docs/build/architecture/adr-template.md new file mode 100644 index 00000000..7a2c1549 --- /dev/null +++ b/copy-of-sdk-docs/build/architecture/adr-template.md @@ -0,0 +1,83 @@ +# ADR {ADR-NUMBER}: {TITLE} + +## Changelog + +* {date}: {changelog} + +## Status + +{DRAFT | PROPOSED} Not Implemented + +> Please have a look at the [PROCESS](./PROCESS.md#adr-status) page. +> Use DRAFT if the ADR is in a draft stage (draft PR) or PROPOSED if it's in review. + +## Abstract + +> "If you can't explain it simply, you don't understand it well enough." Provide +> a simplified and layman-accessible explanation of the ADR. +> A short (~200 words) description of the issue being addressed. + +## Context + +> This section describes the forces at play, including technological, political, +> social, and project local. These forces are probably in tension, and should be +> called out as such. The language in this section is value-neutral. It is simply +> describing facts. It should clearly explain the problem and motivation that the +> proposal aims to resolve. +> {context body} + +## Alternatives + +> This section describes alternative designs to the chosen design. This section +> is important and if an adr does not have any alternatives then it should be +> considered that the ADR was not thought through. + +## Decision + +> This section describes our response to these forces. It is stated in full +> sentences, with active voice. "We will ..." +> {decision body} + +## Consequences + +> This section describes the resulting context, after applying the decision. All +> consequences should be listed here, not just the "positive" ones. A particular +> decision may have positive, negative, and neutral consequences, but all of them +> affect the team and project in the future. + +### Backwards Compatibility + +> All ADRs that introduce backwards incompatibilities must include a section +> describing these incompatibilities and their severity. The ADR must explain +> how the author proposes to deal with these incompatibilities. ADR submissions +> without a sufficient backwards compatibility treatise may be rejected outright. + +### Positive + +> {positive consequences} + +### Negative + +> {negative consequences} + +### Neutral + +> {neutral consequences} + +## Further Discussions + +> While an ADR is in the DRAFT or PROPOSED stage, this section should contain a +> summary of issues to be solved in future iterations (usually referencing comments +> from a pull-request discussion). +> +> Later, this section can optionally list ideas or improvements the author or +> reviewers found during the analysis of this ADR. + +## Test Cases [optional] + +Test cases for an implementation are mandatory for ADRs that are affecting consensus +changes. Other ADRs can choose to include links to test cases if applicable. + +## References + +* {reference link} diff --git a/copy-of-sdk-docs/build/architecture/bankv2.png b/copy-of-sdk-docs/build/architecture/bankv2.png new file mode 100644 index 0000000000000000000000000000000000000000..4123dbf5ed5d4fcecbc14813af0582890f53fdb8 GIT binary patch literal 280587 zcmeFZg;!MX*ET-tM=?NDM5I*&1Ox~7U>-0BOOXecS%b(qf*k+-O>z5 z4$KhmK0fcep6B}~{C?}1wPuNjGjq;;-+N#Cx~_d6{1oM-NX}E8N1;$8(oZFnQ7BUQ z@$B;1Gw{z{@goiR=Y+ko)MHeBC(RNHbps_W@krGrZgt!>PTk~C>i*A*40mpw z_4mJ(ayI`?bh>)tEwRrr5hE#BQ}xd#u{r|<+{GdD>fSn2KTz-P-1%}NDdk3C>S`PD z$~WTn_QS*Xi9b6$Nr~^Zb^P%Vr4yx#TZyxe#|7Sh)md3E=xD-t#ZLn6;(xvOYP=JaZX^Oxb_G-Vp!q4gL3Qpiuvxn4wUe$au*pbBN_uLXMA1Bb{rXl6 zPm4d3+;a656iVQgs=5uDzTDCB7AxCIH5F>=Vb7QDU1z%>s(xq2hjLlDfp^%)k32p; z?Q`ZueS3S0&62S7XtpVV^ttnx?J3l&qJBbwek}vflHKOBukJ~ z^G+$#Y@8vQ6<@hObL5qbaH161V5Ap??+RBrbp-47uA)${KC-d+MTuc(0}WFR@+UfAhY}n*{k3w|~Gm4EWbQ z4*{lXo$}S6Em`XpNk`{Uy;Bhpk~RCLu2vJelM!&U?`vv&!xTD${_hljp>J&TixRE< zJHb~_Q_o*5CTrP^*$I9!i4!wUQ_H!+W%NYydh|(D-v@@^pTTq@cgY&R*B|l$h-rBp z?Q#tVQ4cyZDq{Y5WB#km$}dW&^g)@890nsD<~!d}oZCZ$T8-G;^p%UfqNM)W3q9L( zIWsPlx+A9FS`UR%oK(*r6CJt}pPTDjQ+SEh(iyU)zcZ#{cfhPFwRfAmOwdwFjEjd$1I z8~mQoWXx}VrMtX#YeF2FJO{3^@jve&!f{Qcgb9o5Rqj5>{i^3$3&y z!#^{vx3vW<4s!Cp_Q*er`u4~W=3X{BlYG>27hlb4zRPW&)t=08 z7{v)Yjn!Sb_mR@y|H{VhXjT`I^{A;NVRyK@#9ZX+X%x?$(K2hasAgRax5-W~Lr8mY zYB2YOngp+m4vNw>}Vs zjeg8-Bmbb1rbo-zXLbhL!qn$1dv4G8G88e0O%eo9Nv08zQn{K+l$Hax(S4q)g@WB# zVeX_~Y}3;(hcQJ+HOjmG3)3txbM_H@%RHQXS5N!0@`an_V6?(cqANl02L|;p?`KDlz`>u@@UQD*mE_WI#gn|+ zVYYzh|p2seCC#tJs%L1j+1Q zui&m~Eh6BKYG7SI&UeZk8Do-ew6&3-k_LFKs}Ado%!%nY+}?y?8*=q8x{Z2OW|>M z8G&DwlV>0`UdZx!NT8z5m>uFJ!oxjE#^I)ueeg;|sO2Y*9&P4kGcsPL=8LjBk9y;6 zIb7757Qu7=d{L^_{Urlbk`0Zk@n!>q%;)P{|Gj|T_W0^*-%w_~qj{`JxOPVTnjpy-`e8aO_XAJ46n?@#Lm$_5Tl{->(2J} z46k1=7hXqACH?lKG4_@)bpJUoE?m$KiL3$V(s61k&p`6s{Ny`SG?$9iOZ)&qaC4LL z(pgk5%6dGe2Fpl+c^@wzVnSM1<|M zsXFln|Et7&bL*j&mI(PtUaP@G6Wk~YMME6ea^}QyswC@CQMb2)X)U{qlP6Hi%IfM8 zvrY8Y)URO4#YrT_B;YUlZ&&ZYI)B(K{}`*Urrn{8)NeIi{% zJgQk@ZC(|C@&c;|aSN0o??3%7;rX8=iyb|v zIg0fle!uWupy&*+_1X$B$Bo-}rFPd6xOkoNmU=Urg821g`v%Ia3D>!ejUyIv^=rBF zD`sZGcNY?3ufvyS6^lSg(ddCr3>lBkES zuCBUvjgo~<)^@FRFe?1ss#$M{_*i`P8eXmD&*K+z;pJT%HGk|kYS#}P5Ok`wZ zwx7wy?J3s~)?y324y!~G!V)JRxa};HEyQgVUcWaL_p_~SGShNB`|BSuJKVVQ>TZ-2 zJ$v9T_JYN4x9X7!J8_Tc3ltJ??U6&mmS?_9;=yloB`vK=g@yUwza?yJYY<9d`ZW_1lR~>$@4cz_AGl0fEiYfT`+1Xn=G_HR zvPgaW+{^A16A_JbD3o!LzrX)bP33JqTMj>7OZCQFt@Wm%LWWznX7*;?n@uA1Xfxxu zlM-_NK~eehPeeuW9Z(l~=1$lB^M+J)Ww0RNMZI^!pJ@e2>6VOIq4G3i71@LbH<=U? zE8Eo8~ zlbNl>O$-+ve-zhlXcjxl+G{uC2zvJ}ct?|kCaNirGNH_KysDJTZbrs#t&*b8PExTN zE_FRK-pSN6@`S32lP3jG)e`H`vg`b7`>Z(3cFz|WT-rr8Bop4eA8iVvo)J6V*U+`^ zSeS(%&Rc&C$4~XONB7Q}i4knZoJPAm)<{u(z6*)y{8rBZ3Qm8B_kkC@J7#@f%x0Ez zh?-|Z#7YLIC-ovCA{xKG5T9W)*q42-&UgByQxK=hJ%e?iC+2%g&Ns>mmqT%8% zbTjWDxLjU)6GLUzI-ZgL5CvA+A5(8FbY;Ch_Ps2=@|Eg~9=*rcdp0#2BNZ$8I?L5p zpL2rUq{ya^KAh9UcmeoJu6?m=PY-4&#D=i{c)|bOxxEge_F5F` zN++kUqNb+Qb#ljQ@aQ54gLX)=7d(C2N!IlNJt4YzCr>R26@EpME&D*1|2k(ZZ;RJ1A}Sd5e` z(S@+EYLkf(hMf(kf4EkQp)yklG{dY@;9lQq0;XR_A&XXms)jJ*U)=yf-f*B!)@cx;!^G z3hsh6i&(5$^!bJ@>t3molDIO-Wn zNEn+fNURK4D~}Wx6)h)IA=Ce5gcQBkCO}vXQCk@TEE@Xy!ZTO9^uc@w!L|m!yyvpj z(ZbTKrmEVojz-HIOdgBS2?`4G>T$z@ya*OZu^e-rB5;z-3sS;J92Zi7au>f;|>-+|-_1xSXm)myn zMkA-b8rBQ56;I#nT(>n_o4+t($r*6^!aP%HyhBeGg6Qjx2JS^R<0E_BA$4>zksR{X zV#310XGp5`#QomcI0u+hzO%xg1NF=6o+tPUe$W2vo2N`ewZ z+#4Gy(4scg*n*AG$s@rS-ZmLQr;QoOjUN|2n7e^VebH1)OAF%pfspgsl|w=zxxq0W zH5PZMu0Vj4Nk`1S8z5(~zmJe~5U z0xw7Li0MfcdCE(;ah&nkt9s5H@}nT%#b49EDrWo(8tX~L$S8FGER{5ehgon zmfK)O2k8nu9cT3>1u?h@;X=2a*286IvmEt2-{||9gPLfPM_yiAV74%%ppT1ZWDM|b zW56f=4(6h8uKmbtB!?bN`J|UUt;RW`U@jx?%#wI7{I~GNyl2n&(sQp8qZ}ns*WXY@ z+I)Lnpzk>oc)wH5Jn`NOs}ag~h)4e>#(p^~vssRRJjQAA=O=|hJ6;r+uy@2Tu44|p zd0-+kXRPWJ8frmyWYJ}xL|rsqdZ$tA7JrpF?$zrOt6|nG&;D$3q)eNa7RvoCB`0&*E2XgXxd=20z8d#ulLgD`NUHT%iatvz{rh)AgoYOb zwyq_Nc>pHq+gq!)&+HqUZJcQ(iLZXNz?i5r6GiWtOd>@osb~Z@;lADgRqiib%w&ok z>gl@9@!t}5Kla&Abe>>_s#(o$ebxoPokgHMPb=`}AiOMw7!^Xz&tzV0fVt1W$%$#g z+dkdgif!)TpSKxu!czcTT>9Ck#!`H(Y>5IrPY1J-C}bZhso}m7huWI<-!jmAu8u*#1x2oQVW`d5el|DE>h}ga@TPOP63Z zWk$Hd26eZ_uM7N{<#o&JRiM8P!Cl_7=Kklq`!3tnk@EF7Kf7!b`gV~CS?*`URd$iG z>s1NN9TjC@_(|kap9IZh#M%ToVTICG**G}-fk2eeWxs0=e|mf71I2lj5hCKDx*}J? z?rC%8e)hXo*U6MnubxByD5(hy@hfCZfpX?zvw?4gkK)!&w*&W_>ELG`G&M&C`B1`P z>9y*}uH#BB((Y27ye#D)W3E$O_Jxl11nQz{s+3q{k5d!n!rGqw`b4G#fKu2l^A*4A zf}2a)1$lgOP!vo%;}UwjX8f3&r@luHw(=5@);(~;i87|wR=9L{d5TfjpI@edzG^o6N0M_ zx-X`GEsmC>PIIMj4(l7uMQ|sQDSH( z1fX;EbZB(SKVvIQVOqOWn+re1t|WTGguQvMR~3ECa0}SNZuL65PFX{W)5Yj>l_RtCtCubl57^{XdczamBN>G6ARu3wrK_3IM5*5;%3s12uQgw7LF ztE;OJjPI`VSv~FHf(52F!1oN24sE=u_c>;^CiH8dGoMWKW`spVkQ)$2a5GRDlv@!U z&;;wdzE#>KxNs1z#$(`WV&$=BABj~#)4T1@QG}K$h0MzjNJ3*xW++i8MT3K27DG~h?k%=(Px+O2Wi<%0w zw6&?$F=Ap9X!Ikip|7H4HtYe20#1=^`>TLKeo?uv9V^1nBm?G~XBq>b>Eeh;sh0zH zIkn5IXpwj^3KkTN;j`9G9c(uSNgcGmW!4N=PbqO|3%>hp+Q-??X56jM+4Z4_(7i+t z)X%3&roX8{ErwHAzdxfFbp@61!1eJ}^1S?FqGMm*{v3@aat+tT+fihsTnt@|-2xCo@z!YbR1TH_jkl<8&eKw++XinA&dOTCq(`zsjwO`UdttjR&Y(nt_a*KA9Io`oy%&vLT$%=wJFF0A;ry+nd*cYh& zT3K*$C)L$Nd>|gg_4?=Tw_(dCX=a;5Fh;$?T?nH)-NCjS3XFD;amZOe*LzKWqqh^)EhD``|q}1JGhAh!< zs|(|TVXDo`%?(6Iuu*exApd0CRh@F1yv-rda*a^P{R24gx-{;q=U^3meJSrx1TQ4G zb5FRf1f`+Hoch7?0ZkG%lUv*waDih_mdB#+WkLRZPkdj+Mw4aO2w)7oxOd=KW)%ik zThN3)7G}u8Hc_L=A%QgK1gnok&CJZ2zbJ({TSWp4d{I(p_Ptzh2((yjx3|vo(e^sp z$z%S0q`GD3+W<~ckuvL1^|>QZpUtN!;$nJ4jemZ5Ia)SOM<81MjF2njlPvrtmoL*3 zG?z)Rl?z_Cjy6Itupgi?xC~qhq?YdWMAqr&I1ZGwwzj(9mzoWKek3yN%?Roj%B*ma zd$7?^&t)})nZ01JXQAu1q_K;CYup*91-?*ubDZG1+6p2r5cdLkcjpXBZv@#M+z1xM zSJYO4xCI?t2SAxoG6&932wiiAV3mcWq$Tk9H9rai8cL|U?yhUg*F_JqkoVqDGl&05 ze)S8C#&348PzY-Tm8;h>3`C5~KuAIFS7ioUp4p(HaL5L(!eDo*RM%mZm!lf_ku~s3 zB=(?PTQvZc2lW*Lr75h(sh!K6UYmuJGX%i*p7+H=XRG0&O6>)x0uP=9(_Bk^B0_tL zNdJ^Q8Z%?XhdFRkel}EYa8Fh3T~zc%ciX zp``Sw$k0lnp;^>P>6s3~TnF>VjX<1AV?TTlC;f@~1E0(AOpLLKGqK)lU>1$Pf(jn0 zyVO#5=8e6*{VY)aAf?m!m5cu zBnBbqli;!WY5dG7=d$PD$27k_w|Q{5ZN%mBXO6)0q>S~$hhsm&`mszzSbRo~(a_hM zAg#sxw>k+8qI&mx6SROb(ZOblE!I=j^x5E5@lUw$X2`m-=htjfBgw>!P2`%zR%~?| zz>bbK+)!7VbU_0^OwX?U4Jt68!X+c2NW_$!KlJGoJ5C8l{UM^i8wj*Xa(%+nGA#k3 zVdL8=bP#~JoVK-#^EHk*3fu(2$7ROP2d2-~x47$QNZ-J@HGFVp!u|LXsA|Q$S;Pjq zzY&j z3?SBIHI9V^3o_A9MP5)O{cwLFQSSU{vnm8w!9XajSg#XP6F#Ue22Z9DbL41naIi2L zz^=1L>kBmIS3fgA51Nma4I44?d6cZhn?y(9f%qn>l< zj(g4;fG)ns+2C5$i{g}&i&!9@WBbn^uPwhPz1Bp+@4*f$Ro69Gke~en1GWhjdawQv zdi*Gwd&rbtxRxf*;m|4Q&OhbS5=uHln8dKsd2SzBkfu#)L7lgoO$f2|T=9<*^&HVp z#N-U>Q`3v>w>Y{JAFqKKB)x&PMYCimBvws=VEX=ixo>1k?DXAV{*BK}aC-u@F0(`-dQ&?lHHTC0&uWB5)0#b+6B9>+65VQl^eNVI zytuX-5r^Z#jwa2G0ThUdYOzyj(eJ8)<5UT80E-obHQ|{Bv15Jsbv2ckmxBkc+8~%wCL4Ve zrXYF+PL9l>JsR&v#BF}H7dfKxpS>YG1opj!3`isI&w3{-8{2FPGrb@3)r3Pq_E%Gv zP-mWF5JUmPQ`VfGXYt3+*4Ah4o%;)!b>TY2rfOg_CpWF+kXR00YX)$T`Fn>P#0drc9CZgHFtzSx~= zhS&gDJAh8RK|PE=AmFQzLC}+^q!&@#bEQxO)5CXVI4X-qJlhjQ?t5(ntZN8rGPAL< z0r7Z(TN6puCjoN$CV?ztGPu*+%}bS-mF9yj7?0`_Vw4q)6>)K z2w1U#{_iK%KA?pig&rLJ@gbzDWY$|^p>LuX2IO|O0A0(Feh9L-2}-sB)(iL=8Spko zFr{)@jev-f>s332AVgHiL7=2{gNT|hHw5}5PBq)g%l}ICmx9Yvu`>{>EE<6HOgiI3 z0?8CssgVysfzA-YfFQG}+b3)c=-95>lb~LGy)Gie>*9E@Q9Jv!UMN%KsAfwv+UY~} zj~~gr`a0G!<%?2}9yL?xP&z2Q20;Fo44+oQsfT}bm4X6mk3nV}begsnx=Ei z+lVewo_iL4-?WByk}#pMyRn?cQbm+sCc=J=} z;o)KTgS)?zeU7dn>J2JEBN(Z1PBfbdcwb+ay=nJe`Lm8mnia3~p$oCpR4OF_tmDp^ zi#0dWJ!cvs5fO8kZPFB2J}V`LHyx4Y5>*9*GFW8yUxAH=u-RYY!fLK#WC{;xjt>@& zu^TZ^krDF;>!dtx+Odf+*5hN%ZKE8Ii~7L24i=>hLQ+z)S3-u4aGip;Rleac`zVP%}OH4hQBShP6QW#gBlE#Z+A8 zIREo+f*ZqKUR+3@u2t?hPO#Vz>4E_8OS}F-!+fS%4$=XE)~Y^?L4aJ~Ywh05&%Y(e zTnsm+&;SZRHxD${IF<95oqhP{&l#&L{VQqLAM9-|_AZpX9LUvbJxWRG=R&Rt=#?Jd z;w)_1_#hYC?(2n!uH0=~!9 zK|N>jQUVKrTdb|TSfL`=^B(x#V`}7Tt*TB~d>CNXJ&5)}`7DNCyb|D4&9MS|n>yhhWOtn|Uy&nMQU^>p_ zG^pe8!c`|W={b*=59SDR>I(2rc)34A_OXr6&IAxif$Q|7IoL-Mx+s7LjboL?(5gt@ zXreC2*j51>2RC`V0BBT=bLo(EH_ZYvrDI#mVov-AL?JDrbrAJ}xXe#)UqSRcqC<>; zT`P+UBYYGR-X2hwfyH46XtQ0nKH%V0~RS`9X$b=Lqy0^qI`@y>q z(NVxCq1tK&(u)br)f^u=Kl$6#;`FjJix})sMGyy~=qcXQ2Es+xp?hj^a6M39#@7b+ zclIKEy}SA~cc9Ne$5|)9jeWL?AXTI5f+x52^Qy0ZN@>vv&|})`bgqjl!9bzk=udai6PrmDN+UV70|{GYh&rH_SrF)&4B>1kP=0k?)}L$1eccud-^o(Y=S#o z5J-=kj0e=0yKDAu+O;rhG>PCI#B4sic6noOmQ+nJU;^i@-e=uzXu=|^s1 z`e{#nP|0LMZ$I+A{phOyr#W^bPCA2;a*CkUR@&~^Iqc4C%v9VpJXklObchdEM$KLsAp4`4j-N$dGv8SgQB3s0he4yz*sZfC zy;ID%?)3?o;i9>nwd%wb$iOV?(SIWDYH8Qi)otQ%8t|L`T6cQS?QZAgarY#19n%2O zF%!=HztybvaD3d&3U)TjAloG521?=^Vl)b#|Sv&oh!o^qxOY z8Yz?exg}Km&ooRFyB2rXZ>x2OgT2dIdFtX1n3|4++TJPF)wrh5iTmtU_va6LPMWk` z6YBTwx9Bf2DZ}}VmaeQSswrP@Y=~k;EtKm!{P@={gIsyEWGSsn>{#s(KWCsg+>8Pa`>O$yN|mf64&3qf6wc&cgGXI6tWDXGBjdqnVd8b6%}RG zDhdbRHc!LAQ$ayw#{lBy`iM5ht5iI~x7NBdG&VK|?pZoCBqRhj*XD*nt|4{p%t}d&T&5^dwg4wPh zL9E+OKh9w`NRAkbClGSMk-ERr4=PPg&GSDeXVUdNafu6 z?CDnwgMrsVdz^V)TL}Np_I955gK!SLC$P6id9Jm8)0%-PBSqiUB<{sKhob}6`in}D zp8IoBt?lh!{XTemFLm&XsTZ5((NMYT>ee&`5gsckl?9yd?d{#(>e5*F2O3pKlDci+ zSGuyH`s^PKrZ&q}?F{TvJ*bF0+Dd$Zp9vr>HS6LKci&mzAE37NcqG=N)=C$?M104qktsrWCX~*T?N@WitS(S*X`IKQZ01u6f zylC1X0ax+B8%@}33y}*$&(7NZisDL);`qyI&iA}M=cnx_tzKB zFSi$!AP%cus3cEKJr~((&&jwjiq$H&i5SS`Qjg2gugz!*K9nVAjbcvIWx0J@LP2yt z)NP0Axq#Dh-#NL2gWCGp{ql+mZMUtCkj?R2W;g}9NPO`+?TKRIKBV*xuF&hzZ3E)} z!gt(3Wz=I`h0k{4$>qz9#2b|NncS_cPGkGB$TI9Sa@MM{bt|v;?zM!?&)TbwSCJ4~ zk~yyq&8XUiT95Kkc6Mm{m4*<^Gaa4&SuGMNepQD%zs;lM?_cl_stDVwY zhFwP?<-v$B_T@M4d0bG#-MPI!j)9@-h#dS0^LA10kv}}d8DtE4Y%~&i2i-Y1IM@cK zwZF=-*@HlQ?p(JFXKm`{To78yi+~mGwG=(tqwVeBd=l)Tbn495?5{JV5FkC(>s~f^ zU91m1Q)TTrO(iPs-=XHGzVHq5v9oz1u^r5w4ib6BT?Pp~3d5?Z=1vj^GEz zYCe4UW~2-ow_eI?IiS?&uSUGFzm>Uiu)jq|oyv^hqC?8P*S`bg)mFY}^U9Zxy^g(E z=dk1{J!g7^VUlTp=sP5stz79_zaXSNm;y0$X@HZM`Ae3BP0rroCAHuJh| z`^YmUtqm8;z|!Aq@F8~P>5^nJJ$dSs9Gg>GTHNdGcs7y!-{^SlJN(AJu05M|p4EDE z^$~Rkn?{G*y^-E7wQfN?Zrf7lNkjfT6@wgls8qSp#Dt%EZ`)Vrsgapan2WR}E|l?W zC=f3Bx&KVu=c0zk0g3k>J^BE;bN2G3jC$E_+uOYbtUNsJ$y;9lA17Z~(UU-zi6yfW z@6U+5+^b1|8qK2O<&YiU2Kr26XPMVw?*KSs?{?+)iCR}NqCfM3GEnXNi_OG*I;{uu z1CW^tVZ6Pq8gLCuW0C1e$UlGX9B%_D&CtrPoeATKnk8?|ju^+Q)H;HbmckDA3a+d^ z>&`Ln4Qx!g#SpOK$E?qDHL_JEgwB(kg2L99Q?KgVB?KCFRy3$*P7zJy;CHA6$IPBS z^@Xxx<7+!w*79)-W72kpk;#TPZZuEF)^W|FxZd;Gu{%AUKY&q2CG+UFs?J1;e(e*g zdsB2iT_GWuN6?GpZzyOo_CR$qoPg&SK3CcYg(b(@SgicHJ!mDB*4J08T{pH7EBe9w z`@3jw&G%>I`T_hiN4aHC^75j_L*Lgz#JrSjZ1UxDfvGJ2N{;RIe5MS5N=#O_x@yI) z`Fu?8@?Q)^4StS`yD(Dg?gIjBs?U*GflecWwV#~k0CQU0&Tb>)!UY1Ej(APr}O)j_AC6J{FeDlGk&F znb-0XAGqoQi@M(c^hv(4N&U4O@zK$d+je&*$wqFjZ13{B{iS}(q~6&(P`B~hmE)HZ z0W@K&L>wKorv|x;OTCqp7?E1(lV7fpykRlyQg6tmP(@7KUcH={8O^vUt!!%QJ!)NU z-rI7?p67%BKmXuYn-aZh4x5lAH>bJ71GadvL~ANB_uas2>@h~Zq?DV!D$;(D`*{5F z?&vyi!$Nzs#hnM?iQm3G?By+Y-2g^*h?gVYxNoMssy~ah{|qqZus8PWm!ev(X8*S4 z`ot+(n`U4e5v-J>(h3Up6(qK=@Y~WLI$JL}r{N16%-76zaTd@bmsb<&YH#mrjc8g1 z3xw1m>()UBKaRhl-OGo9BhJJZDR^b0XN1Siw&ty`((3U|dUfE5FJ9!!W5xQys^^$? zXj9MhW*%E;nxT1L&F^?<%{K8<8oJg37&!?XOB18s9D||CL@QJ>dCA#Ws;*7QX*HP> zb1(!O6Xx4lIG8K0g}1lMVuuPFFRhQ1M#^9#*fbsi=g5QcG&ZOz%gQpUeNj{b*2lLH zEhhk+Wo_HWLc?OXsP@G|eMjuEI>yVndhBll0)?tEaB?cU#+i`W7_gA_=zRv2s7H9~ zXZFN($Bx)?^{x3xy6nu1g#PYSAM#7j>+EY7{K*4&8eYHVsOVE~`;67C;($y}UjEt` zI;X4?>ABO-oY8^-J=F_kCi%@9RQU)I1W--m_xFVDxk&nzK?4lLHz`8O_Vu?04cdsg z3=9mQ4>mey*U;Dqdx)yM&Gv!$AoO)wRVP1~;bw9sLVj}9SHudpw|N*D8DrE5CxJ2; z7iyNcZ0L&DcoJ+jx3=uR1nuonL%t7xHMQ$b5kz1Xt6sKqje;}A_M-9-ju^`*t+%h$ zq~^HXr?J#y;;{L918pemWYz6Q)+`&=m=BUlsQye4c7!rVwBBx)FKuIktKcRCqEJ0= zqrYUfd9ON0NU~CD>{S{XL;H0R1_nL%-Bnd!RkSvl^6}K|XRT8>`kK)!=<5iD_hs&h*09oZV8ftT0xA>L^@F#|gyG5Mei=FZ>ioduihixl{Tlh+o=z4P^Gu7r zFLSS}Kd|4s_lqZ*U(B>Wd&^DX)GKV#$$O}8CR_8A&cE4|ZnaL+?x)EJ-{Q3zYQHpD z<(RsQm3eLHkx*vTY}%{W9JlXvjD1UVl(<&21C~3d*#%8+-5P5JKN*P_)LP*a7}d)znr76JsT26yy1kcdfE4-`>&u%`nkWiC%{v1 z_QC}XMa7REo?8ampA!-?06(P)Fh^E(iJ9fL{5BQvU@g`o?9pa#wi=PR)hORW0$L+S zU3{*sxuOpZtg%$ChKX^M2DU_la)=V9pF;y`pK)Espjx&nf1c3!=HXF?`}cl%*eeuw6*w-BEh_I! zww*kAQg(gXcH*F11uGDC*CTzVQRcegZs-Q%dP1=(pwb#9Uc^)_3Bom|7OiK!64b%U z!EZa!n-t0+M@4gh1aCgcr~uO7AKnf@4pGzdesTj3ogHZzUXZ&0YBHdQbF2c z=xen3$&LArm2r#muh10kO~;+@)a?9!djZsoaXdNw%bWMrQ5vMI@QA!_Xheib#q=#{ zS|JB}{3&yYdNPl7(kDn=L z%8!q0-#|7YyF3GW$746sburPlR67FVL?u&x@!Q+l5zr5xIpPbp9gKQ@_M~64M%BP=qrTyiM<}QBj#vVT!mdUObf%Hlr%%7d0z2 z@0AW?M%$9(v*CFfg$MJzx$OViFQ^HY@uPKlrx<+k1t=p{ssDl zmhh~hXji^26z|$N60r?WTkfBYr}8PjNH6*ve~@#7!0XN~z1CIh>EWT8`o!9L z=xY;GojdMg`3Soe7gy8r@8Emx3Sk@~lRWOVrz)Iu$I*T#P?GRK`)P2ucp8xM>z-nuItD6m4EJ~L_ zB|+8n4W^YD0H4rd`(@EZy0J{KE?Nu=D+t!nMdg|-Vy2`&^3-#Bv9}o+S-I?T#%E`n zG0Er1yk5J;!F3-hZES2PNl0)>N?cU|7S*4xXD0IJ+bkZxqQK+0tl+&x!I_ZL6coz_ z<;mQ=IfS0KfmI`aepdj?criUAK`r-v2!>5PcV^(ap;1tPb5{bdx-e3-kh_7ML}tF# zMFU@rTY4;hC1nj17+8~uy?S0yW;L8t}I0IS+k)-$QPJnt#jqgctq&yRvsG&5v$tenZ_+Bjt@eDWvWWl z`ziA$3~)O;j>{gl3B}=erlSWJclL4(Cmzf)UH$Z_vA@FZLgwhRr;9J1qCRtw*S@}e zVsEj#-aBg8qbIB#PkjEoay0kc`P?ot=3q+0^kD2Qa@GAI)V{q`{0DmAS>kCae5$Rn5e~Sv;Jr)I2Q70DaiR1S|NsTJ6no z{BtUL^m~}0slpB2g4IKt2v)Tw9-Cd)+9ZK$zOs7>r(6hejCbw~VeOuV7Od~6G4kBM zFAm24y#^JPu5780*arh$8FDKQi@%OMF36BKYC9B*UcmF33}iCv%Y$ zM)J^#>|1|xCA%E#&JU0CcnY=aZg`z(M~w2FLxCTLE!+*~@uyr~Fr&E4rk#Zq&iAS;G*2bo$i?Oy$FQ>k7xM54pc+5J1XkqV${x)c-3AI)7_h&Wn z?Es%5M}w2?T{rR-r(y5&BcxW`^qQCThlkBx`i{nOx>zI^4;QodIbA^PD7 z)SL3wj*ik;)T%i+_kFN;@_ag{#=jpviItgk3S0k7{m`>r&;Q{9Ovid! z?-Xi^$GsnY;W5|`Ann*oj%qqST%b5#ib1b)oIys4dSlr|!aw#>`y7Mdeo`{`9}Jw= z?}^*##Z98~fgNPxgZx?3!IN8F$~5Q>;H;bLE7b@%acZsGhu+JwYVY~M-e4B;mt)>o zwtjnyi)uPPB5;c5Ch@Ov$*BL?+H&4=b54xV0k8EgP@%u|;~H#Me8MbG!xml#+KI<` zt>p1in;JAgcp7$Bhtokee(1q~`x;EEL%gxLSOhLt<94nmD< zZ-7;?uC2<)g3P!$8u9kY#D82-gM6Y~C{)~QFiF@o?-eT&;vf%ZW^M2EiFQaxT)p4G zegFRX5{2UNV2l3j9Na{#Y7+eY2;?<2G5}f+9?JQCX|mWX6SRe`TSrrn<<5@_^;>#p zfl22M4Yg(~CWo@B=jKAO%yHXsk(7!&T%alb_f5|D)OXUQVBxi}+ah~YX94y7JCK5f zUra6E2J?xc@egv5kQ|kTC#Q*ss96b7YK0ewiB*9BzThe;roIr}0(dSbD*xXD-Gt? zp07CuUoF~3d8ovkEdnE!(P;dx{z2xMx8hQ%dkUxn9!p?PC zGN0QA0g$aab)aBkAe!y{!=eBpa~7-2Ha)tBsjTAvd03CMPJF19>{> zOmf;4<6e(m_N09P^M?edW!9CTedpXam5hVuRJH@{Tj#!6k5ZAni3BVPL&Zfzq=VZ( z8V9=rDMCW#+)9jF9`w3|G4V$?f!8I+kE@&*$Z^|>JKY(3zuAM#A6x-tXbk9BCki<} z2GV)2!K^(h&g>*K`?$n;x8Lap=wDr#WVjW$^+KWM^X+IG~sy>DM z7BKniI)RBuhdvMtxxGmDprY$lFDJO7Tk~=nlXcEj<8{KIZKw^w^m~=l0n_@kt4jf- zofH1<3*Yp#IOQi#s>~gqBdY@~qRYEZUphN#Us4?d?LeygCEJ1AQZUZ+K?(`>qaShJ zy(0@&Wuf#@?dnEzV(+iyQ^eJHXw_fu&l~-BRG8Odtbzm%EC{{y4GJ?lSpbmXZ zSKj>9d7Y!z1)N+On_1XXZ4>ljvhKF{U7@Nt9qW^*SEYoluHg*o6BCYur|6^w*!64v z72P+^y(wzcWLzMJx=0$LI9e7@B5ma7r&H>6xO_6N#0{1Sb{re}N=ZesfAq>x&B}+& z7IJubEQa6_LRX+2^DGoOCroy3eZAl_`>4Ce-9hS{{%pv>7&^=Gk)!$WPoEf#3x}8v z=tMn!bq)_Q0b}_F99R&))urX_0%DujVR4qu96eqYA!N_g$dnLOp;qn8%*w$ru`N{W zIK5WaSyWt1e)Xy`u0ksjHi_`9H+Mn>>W3{?a%}!G+@5C;M?PLSa(UNOi?EC3Ygom6 z4y3+Tts=Hq3+a{ z)}K$ED?7}4y?Q$M%lkgwEMKl%pzDP!D|J|UhYlY6qBOc)B^NtTIre{(?$7#oBj^3m zPosu~FQt*{m6xVq7p{2TBw+@1=UXSS)MR9v>~fqq_!+ zsW=7OJ4ga%8MjD!;B z()C~I6-`df0%G2%B?CI4{CQIqrX8=VabmTP3iMCO&cXvJ_f^mAUWK(#5OtM;&Ggs%c_{ZB|m9IEx*%+rui>sZ(A&*qh#To_;CXJJv|pBz(mo){KqkP=ODo^aI?J3i    3X6PyIJj!omqeF(&ZSAd3!TmKflp%aHN0#7DqabK&A}sXVaC_ zvoj)mH1c`Y8WsZK;pxQ*cf#UQCj9_B5}Un_Io1WxP*hj{tb_f(rEmGG6ZToJ3(`j@ z1nJsl$R$d=K8oY07It4S!`aN%ySl6W$Tx+3K`KZOXCs1*!gBiYZ08n|`~AlC-n zXWQq=Lsc{7J;kjC^RYs%n-w~g(Jd^W$z-6@xkGtNRJf2Sn10bx!2%1wj6K{T+>3{T>^ayeQwGbqKm8j3yBzm z8=mses5-)1R^Ft$tRxGKRF;pTj6j*7wJ045MZU!AkTuo_gg(pHLS0Tc0210gquHi1 z9i1>Z@v1(^duXDz+7X~Y$H;9yT59_zgEMr5ik%WXHYUcdjQUmWSa|XeD-261EylwmMw4Ew;W<(-qg;X)bYXRQn?tGi-!=H2deC zXo66XDH+IjZA}VhS@G4e{KU77h~rman-B1oYA2m4S*V03$)<=!rgz070j zTua8KPPwFMSIoC>b#;#M(lN(j$wYJ0KAIg#;o@?(0x`se3|YK)N|HwjS>p zo%+P6S-`cbiNp<+%b)dXr{R`In$Oq+{$*WBP|3U^$|MHEVPr zg>H@&X9~4zXHle>&rdRWO#g_-i4WSFsIx8mwLc6s7tvZAaCyd@h#tP>1E^vK*<6f_ zq6n>~xl;W#Bcgyf**_>}jR1ER|Gf|>R^9;f3#J-eBg??Nd7hLsR{bI=DfmU!HsMbZ!d1;So*s%(N-Mp7v9hzX)9B{8PcI|t zQzKF?clLbhWa6EBUaOf6UZ~*wPZr^}s;a7po=_5}kP{_U(`+q63I6N^F6-O=W%Ro8 z0YZ*yINr|wAx_>+CPSa|ObZ4lZgPco&kh8=yn7kN@R+W8kSzXvq|i3HKZWdRkdluA z4YUx#cdIwCZRVEv6)P8)*l%-53g=oqD;h}^t-w}Y6Os8z6Yo=6S6BDGN1xKG7cUYU z)oevhD6nz~2;Oe`Xct!@A1f;dfc!L>;Ka7)1t!_)WhhC+DUtTYd{FYJ!cGC>;Iy~w zI5T*<-Hhu%$kVcgRE4!o%-7^{WvvU$2i>2{;>Pp5_AV@p3hlco;g>E8kXfR9Xi1QB zDn3$jsk&d#a#XUex5AOOYo&0{or#L2&3)II73UWxr~?olNaX9c2Xd6xs=5LgSFd&! zT%5oGaK8;}6HkFjh%DL3@*g+_UCi!#$wh{Ln3-#UY39W0o|Ur*9Mz7ko1G}hw0E}#L2Vs;@Rp{W6_!m|R$W4-k3 zP!madXkb<`Kb&PeOkb4RRh$tn72GP9rcEb|@5&j;{hmZ`g#LlM!+gIu*x^t535?#P zdgFvxRy)_nt!dYpZMxn10@Q{UOZG76m$|b%u|ll}I6Ga&P|Umc3WMFR$l^XS7V=?d z+q=8s$y3p2nW!Mi8EVSgjGLgJTn3uywC6&qKcZLrgF_rTl4DkmL1wLn59>oO^4Ds1 zI`CfuU+sPR%eX_#yIqe;?oV1-o)N31k_-*Kj0UNC?&u?%^Q68^K|mcCEi&{>!iikz zZ<;x~aaiVOm5|OLhnVa__|H)3WUBuQrb%yeepGM+(~qW7`=Q&gCPU z?q^8$-tgz2CrLl8l1QO?^Xml&3Lh2z9?}^&DI}^?{L*Nb85(vvjS&$R)$U8d?tgCC z(lDGw&HjO!t|bX)5x$1d8ll0c1MN{id)roe`Vf$S{M0yZeLNJ&-C8)?B`guZ(-A`b zt<0USx>kz1w!fB;hDAovI;AlvfeEq^E6cHl4UUy|#AhHh# zgj7mO>H2RkWwEY`CBMG}mq&dN9EdG$CCI{nMd}8Vg#7!u9>+76(Pyd~5-P`s9c(@$ zX9YFh^Uw)7r2i>GP%%1Wd}bVllMxp>BEVi^ z!G)2)DSN8a>&z>5bSM}~-Q2`(CTn5H@Y+I>lrjA^Yv+4BQ*t3P#Hn5GYT+n~hBpys z0{PoS0X~=$HrN!Vh4I+j9u4ztzdJgaWG&mO}LhT*xvq#raKy=#T@B?IRpFJ>R^AIW=4 z3sr1V-F`tEY<%{rn+H+s zPK|#Vjm4CI?VRC0%-fl&K2!q+IC1i1@>bCv0qycx353*-Gx@H2OuYgFhh@#bqSMCy zNJj_>psD4k%8wMK&-rrocJBvgO%Qj_4b=SDZ9d#0PGFFns6cdWVDJojs~2V}&rL!T zB?&`z9WMmLn_| zS1Lw0KQTy;PdfQ27d_V8pqwr2EuSmiI)SF=>6W$J`!@dh=hZUzc22F&)K4^##+ho? z++bi}05474X8cnKA4XOc?5-uD#zleA*f1uiaRrklPoep_I}kRm_8%7(~XuCM(N?V`mDOPJQVVI_vA(5AZP> zZMVOBfyJ=RWhtpzkWg-SAs44AJI^Yeyzy25?=}SWeX6r@OS+`v;+QM=npZCzLYjCx z^;SQ_&uDpg!%Q2;l|cT^p|3fFy4N3(HC4_*ed5TE^okUc{6T1`PAYN;!#oAIo&d^6 zAg`$s-t;GqeREiTCll&^IAJuiBaa!U-3%1Y(s!M@uV-HiK^4_ zBuk;0z0LC)ohD|8@?d#mhMMoPhb;ub7~A~{FzKPpeW>j~vq}^mH9@7T0MMTlSj8z} zqMn=%i?lDp@n+}d=1y>M6dUp5)UFfGuwE#%x1q&i$1li%2$brq%)EPPw)?REbr7Sk zoOrkTm{Ms%6FRH+7()|sk#Ig>b&P6c?@za97_imO0zH_x63Ma|6+7?-wxN;hhgJRV zk?~Tdq5t^)QIMcQp3>VK>=eZOeG**Fo*ZRD1_T)*9uo;YjLoc%u84?w*Ms(&i0MgR zD>rEp5Yt(}MHxW5iVFXg@UC1W6GRMvrU+Ve`R%6ImnQ(+;Y3mmR3C;}dA4lWP)}%Kg7!w1`kNK>YkH2>_Dv&; z;Jr1X_%;V*lJ}_y9blcmu|s)pE9KsxU%ftO!lk{tcdLC{D}>Y45z)uGZAw93RmwGU zxIaC-0mul*hbuqp6*^6SIwWv_Sp#nJ!}(vu#;&&~O78wR-Xu|YLM?xdvk1K`S{MSJ zR|(8K5&u-=T~gNhW~{sDGl%a=yE$X$$fN{9;5Mhtoj!L8|?^=L-2!c*{f-<*$U!|dir{lv156D~N z^HOoJW|_aYYNknm5uNDEmlpac5lQ@P?;J$X8NlVI#k3hzL2xTZqgdo~W8;~}!|xw& z;Y1Rnqsw{V4v26x~`Z1#jMr_W8i8}g>UO1e@1!N-%Y8339fkD658s(1R1^_Bg zx3o{bTi>bM^KlP|mEpyWI9MiaoIiH|@+%jMm{EYMWR0H&dQT3?wC9$t`3A&u5D$$t z!!g4Nvr8}&X}ho>pe5INCJtekLg@%q%Ald)Gs_lS7*fd4t*(sVB2*B|j=3v1V;GFG zUR6I#E^dn-&zKI#XWwe36b5ShEClAlP339;e40ao&H!agfS>v*oOo#gTI5bI!S$gv zUF_Jejrr&UEOsb^lOz4c-c}mbH!|-|LPw9>P*M3OZVE%2{=uZEe(0QJ<>hE~Km%GcV6M!nmlCmW>0AaveB*ozz3OUULVq{sw%zM0KvY-QF z!$2~Ti1J4`arCf80TT%%Zsb$Hf1?uB28l?N>!otA-DIOnFVQ1RR&`0Bx z)>!}6D2vdVEnfWH7cB+g}5oYk%U-h`qKs{Z8COt1kanx88xxdhm70tbLb zEFtNESaXIC+<-)R)84&1k^m${jXbV#L;@mB^}a5`Pen+QO;B>f)6PSDtBY%-OrZs* zz&1Vwrc0VXjb858c^w&}O#a?u^K%0|sUbuLp#s_!3R<3iw_FNrXEsyFA+w}JJ zMSc6W6>R+D%*-kPYoamMz-f|LU?`z4kF<;L&0@qigr5o~;_7N}Yy`aLU2_gmgc0fZR@bw^}jOgyh*ACaGHvk^i-s&?8|HQ4LF zFi7x-@gJMCQm$XAn!;^_iEzg_uH?yO8LjqSm^_N{tIdyBCiA`i8~nJ28S^?9-aVA1 ztjmAl!I>mQ|5i?SYGA+CEtUC|Z#S3(gH%H(I}=fv=+2DL@!4`+1kcqBw1|rrE*u90 zN9Ye&HT0t#+}sMbGb0Vamc1}V)YFR@2chixb<&<5XH9(l<&`2O`zZTZC~K8R@%!-J zie_8Fly0PVy{MFOurD}C+| zDi*=_R$NP4DZ@ZvL`c1?WG?pRMM2MR17&@N5M>o1jOfdsnIfX1n80W{ckbOr@Nu2D zACb$@4?q#Jd+MYK9S@4NJj>Cm`UCq2S596&5^EKlrVt;W%V-XJ<$@>u8H|0?zO@ie zCs-0v81+}@nCkrK>q|oAC>ME!x1_Am+#pTe78NH(M6u{@``dEFlZJo&`tzd5>#Hg% zEFfOL>$dOh?bXMjyOpfvrDv6a;&PbI1C;G$_*$@2xWDuZhx z2QzV2ao2HKSupM-<+ux5pyhyKOMmS+fNu2YRa#5WEcn5-`RiuTgUxJK<>X$U80m`xKzPaf|9NFg7R#Tj)R=x`9FWX zbtPk|fA?jz?H?q`|KoSr&XbS(H(%c_5}Lxl`^x{5(Dwe#*S$SsYy*EIg8%Z}Yy)6R z=pN61dISw@F8ujX9cL0sLLDx^YuJ|hEX3>VNk3#A3k@TYf=901pAg(4EB^As( zpm9tdaj+!DY54ut+;&w{)h8m%akNRILHKS(Yan?S@`zdE9GPNbf_dEc0U48bAZ=8+8)hWvzlpEs5PT-%v zE!bpI$*F&lQy+wUAxo@{#I!{#Z&}#fHj1`?ZK~F|ruy+eD9TFpbE5Tg@VU5s0=@xv zO;;we)9Z9hC~se9;g5H}W>H;SC2{VzA6G=gr@qy4eaDhB?iw;vC>7W02d}DlN|+v| zlym7U40{T_jhlZgL^-P&H-AL@@4qQtDA=i5BzUtu_vrr3l&{Qk1+&F{CSOnEqsGUV zC$i&j7Z0FRQ+_!**evf$yyEurmaSfOBlBD!-;tttZsla{L%foV8FOz_UxujLU7h4gq3Oe_+I+y4Th9S=K# z4eQrXmD|BUt@rSYO9ksnIGaz4s!iQCZAo`-(s;U}Vs>4AcZyjIH815Ji{_`77reYz z`b-w46O9&G0@IG7g1oQ zcd#K|FZ3NAsz@%a$56^sCSa1SnY&q}A9BeN-#Ir8xX{shr0Z@=8B7%PcoBj-rD{TMg)vxU@K!OO^JaXa+f zDoSeru8H~jRo}aAHyRTaQ>p}6x87=%YqzuYR=s<(jLu*8DhQ-fiJzWKuDRD7`RcVu z{yqjn~f`KDdSFFK!%-d+=@* zbWth5VX4O3<#k5|bzV-cyn}%wRoS2{5v8>gabw@+1JlGg7 z`fWo6XLGXkA8&6@eExDs&9UI%WpRI-!&rM?BPF1-J926*!bZkjt%JQ4$_%e!8tGP1 zPG=jnr*`>wrjN7Tihc0lLjKb9{2i^0l;k5rxds+PIZ^zptL=QSH9o?fmgUFZVpz4E$XH{U;hJ-4o`igLCa zHy)}}70{%|_(}bv*~N>_vy-)-uNSt>t)hJ886Q6gSu1B&)c}UCi@!fFVQ#>0C`cgf z5Mxw~=xPZmijTI|(!5iI_>OB=ukJe`Z`Hq=GS!%(DR0*QlCC{h>tZJDhSij_FH=*U z*b1YcX?;1aIW-VTPen=2FsMEVg957HGV`II?;V<2yk3hiD@yNMyY|&J>6*H*Rg_GN zR>M887P7$K+C|65BXqB(X2p*F?}z%4v-x=t?pev&8b(F$W8a>=a69|hT)So5%EMn3 z#=RHft~JYHtCfMx3USj$6c z9<98qY14I6zNcm5Sia5Sv%)d)ZNJ*vS~8sP)NkCnZLC?x`Fif@rMYwPgdEE7juX7^ z6dzC3x4zY|Z;`@PVn_StI}B*%kFiM=8TJLHg&8PtA6ykp-FU0G_XpP$ z`0F5-ZC^2+#YdO?d=?HuifU@Or6ZbdL|2`gQPq8qN zwsb)t`JKzI`e25h9v&gey_S=m>vVbimF}mS8}uE=>ohgE@Goipe~vTQ|Gx^De|?Gn zvAg@%=kcGa{9m8Pf2`sE^?96f`oH8QdpPCxtAB6-{_79@e{jd$^|!&ref8SSqO=o7 zuAUtce|>+B5VBCllIV}0vSWzga-{43Q@r>xknNK*Fyd>6kINo#-Gw(3yEmZ^KZnEwR^tbWZ zM@TV(b3L9PD=Xc}k3cWvCg#x3)Cz1kr@sEXI_3*b3eSH4a<5t7N>1aKoq;0FT)##H7RBEuC~xr1-nE#(->^JKi<0a zJlMqQ#B17HH#ZAkLfC=GLE-vhW1^~NR=b6(!_s`ofv5Yo=MANbuXZ>4V%zgVv`fly zUPgNOx$qWecFoe$)lL-s(ULvt&!D1wtGnCZD3=M>Q}=BN@?LvjS5Q@wZ#~fkdp$^T zhC-kK}UW)k_) z+qhbgYCL{+7CG*>?s-uSIC3WLO)qi_&x+gco# z2A8lB*gdI5X*R|y?qGwT5>5u7%3PYF3ETmb46bRAz2J9wX}`&bZB*0qzC0#3+hE}2 z-=+g?uj&kg#&!KkP~HvY>GjdX{~R2i9&o7S&@OiZ(=MtG=8&DUb5)M?>-XO|`_O~1 zC4PVT(XP5dxo6`8^47Ecys6jZpGq9wuE!P~X>|Pf@viSr8Qd4(R|0y*wK&Z$pFeli zE2z6c`jB&Zu}`RMrf{YJYM~b(O_%UOL|i5sh76s{(^>3Lw6V#8@pcO?kh|;KLu#XY zFRtx?G=K+Ll}t>|DAue76S8jN(zk7^F2bGR&)^{^JBx039?P4r1F_yx7;4o;+cPVs z9)^PTYad=yZFuE*4VRRZpcmL5Y&R};W~R;5q*j8vq(3T{zW6D%2hM$SecT%a3H!a= zMk>szxu><1VYY*ab=4QoK(Sbwrf)1#h= zlAnQDN#_>9s|jKTY%!eL=H)Rgi2!q2@Y+J^y^-VMCGhq=1c2PCf~%pVniBRsP&;hF14l z7J59Th$DpyR!}3~qOu$=9kvcT#vU>({)ID~W9w)R_z?_dLC`-{UOGM$O zU=X=SC(vA;StUDJZ3%*O@OV+%3n9SR`bGPWd~0^Q*%a!Ya`X&z5I6=4R`;fJxXz3yZ0!tHF-T*1z`_wllZ>N9SC~Oe-x`tt?6v2n$iB z>H|7B$jw5W@^)B;ko9pRq<-!z#wssi7Uucu$> za%C%BS#VrogUB?kZFI$Dd3kxnS;M=*u!`KZYgdXxp*^oV=Wzk)m%v;ef z(0zYBy%YaPc35?bBiZt~gNfn`Get;WCPOJ@B2^GiW@BS}&8kY1R5-6+9>B|i@bYq+ z1^W!yf(NI(?!ykn&}~8L@OG1WIR)Z>=bf5x(RDYXo#=~WYDgcg4l1GUL3g*>->_p-sw@t#jiakZJooq`zjatj6_u*F|bIS2uk>)jUc zua%1nu2;Bx`Lc9xJ>Ca-bV^wnF*(f&ui4b;_o&=?r)|8h4w-8&&z&2SIA&u3YXeu;O_UQ#=VTP%kfOO3_4k zsi~>S9!mWp{XPLQgU?)9bB`H5w}63Bidlb6_W0)$-4J0`fLEU20yCuld&vSaIP(O2 z!ehhxfhJA6!hpdtrB;$Z;x;YP!5QRB69m$z{4F9L^ss)}@~qvWHKA0qDIhA?fv?|W zW~9B_>5#h5LlZFv)^E1JPkMBaRF3 zpm@5ocN5ftfD0rB(vADU*OOn1iK-Bm5W&hjft>?Y)T)c2Bppn&eM6E z14YPGP*bb)n#VTZ3l9z3mS4snp3KCNq6P0h4Ep3^t)wKy3724lI!6ik&9Nb-K9_BE zTv_V=RZK0_Y*`a7X0En@YX?N-xL6A&YxIkY$UEJz^3~sCJU1$WNzpABc4$l`6veOMRSA(nfYqR~vR{hg|YaWGbo#wF@6MFa|uAUcl$k zrvEd%>Po^*oTA_VGt5IWrUFV_2t736OW4e$q>whm$v4C2nf{(o2V;)F`489Z;mp>X zNd?ofGX6NY>OtN*=yn0A!w9@?2n`J}s($ha_oOn3X+TW=SW#gZx~=*uOrvPI+wKUr z6ors%R1W*m4I*okhy8>c9iRs<u(&{&IMU~=-?}(K&3a=&x0EW(VXW> zge6b0xVnXxK>|}Xu*$QrhTL$aXw#Wb_QWE zrOn+5NudwtJ9R$NNfz^1F%bI zzS@IS>qe8yWV0gwNyWn1@kk}#U_4D0PA-0d8`&3`0p!%nIqa9@P@;;{CNAMg(x7Cw zcPl$-_3Il^qW6?`oU9f#XcIAq9farhU(cNOp1g6k2hsJ-xrfr3IGUEyv84TgyVH)t z@a!2Fu0Tq^vkVE)d%JXkD~?IQj=sZ(Yt0$xg!!D(x?IpAgbG|*AEcZq{fWUKG&133 zq$)-ROj0uh|0gnDB_G5rn+%Ks{{E`)MVot;Zu7oVha(!U?$J~z*t$U5IV)n-ci*oqt$u2{SS{nPf&~_P)kVbLn}`o5A6CD!P#%=CoDl}TaY+O zbI*{NJ(8*q3q%v8DoNj7_R}o}NhF&-oaRRv07qJN z>fneAugH)Ei5Q}_NZAMh-vt` zCx&~yy2G4Siw(jEO}t09J3niLJfwHFuRAaivFSvF@+Y?h&lf=e>T7MQbm&66Hwtc)SaG!L4km-3`1p6%lpXzNvo?J$dliz=~#%Ig>w z39k$rq}3+;Jo0s~w_I+RLNQN9<}3j%c?ap3OItvVyNT=q7r&=>aewjuXscon9O|D!oA*V@hhQVud3&sn%v^yFD~fo1~zMCyo11 zcDFluD)3!3Chns-OD&{)B_DyDv6X~JRGTCxLS6tauuC+j%O_r8ox?)y9Eo|P7$Vq4 zettfwfp3xs?j=~eb_NHIX!3*SVE|-~u)&{VH#dF^B_>`nDdB#9E<&GM+}yPSc&@qS&T`Nl^4RBweWf!cdNEC!VgA4vs2?Ph}5mLo4$>T#< zawX*?#KXIf9Y0Q@{DnM=VN7y@2y`HlbM0JY{%ekNxFFOqWpEPRc|sxa8KR)b(=BwE zqFFvGm~M$XXM8+01ClfD_@StFFv16a_Y1|4H2CGPGUnkJUPqt|NPEP~*mll0WJ&9f z7A_d=+`U_#Kgu6RsoYv(h|MYwo`TFDzNWq9F{XckhWHpBD#qb;9()7Q;SL_?I;`;c zJ*TbF3Br4Mp;_LR!wU&KJVD*8`l1_G5g-B=QhSgn>}9xvQSuoUcUq-AgK0TC(+M>c zNCKoX=F6CQh0^JW0R3s*t8SgaTu}o>ob44Be=le(X}@N^q@F)0A1Q!~#5PhyFZA^F zHJ+fTOr0Mpv|lJ?%^RxuYt=V2GCshb&MXY2k?Z_054LrVBQ|(fbeOw~rz9Vf;hn@x zd#L~(cEBtF7A2WUX2UI={B;#E#Gbr=}eSbd}fB zb*}}O)rg5@U>UNBJlmTxHinjFPj?wqxUnU!p|2X|A&?F!J~e-S4Vl{FOyCN7o1Y=% zo|x4O^IHTxV68&RK-$yHK_iwLrU%@hEqTHLUhl?tgP|NRsKuF0FJSXQ(?dW$%ml*W zW#M9;H!&Ce-C7)c5pB^q(wlv)~Dc(Zr_b} z8w)adw{}lBRfr^#eC4^OC#TR2&(6AW`jsKd+kP2-$)jF%FkVi?xCSjH%Pi(m$ekWz|j5SBs* z%twl1uS(nS%vqzA~m%=n(&f*MC|zr*Zz zg73lcRtE|ZA(G!ae|+&SgWvErp~dginrI6AH?N4?zW(DbNmjrPN>PqTzdtxd+?ru| zsku1gxME3wK7YGPlQrxp^ ziUgQ9D8g@VhU>b|U#d+BObV1lct7!v=5x5?pu{Xn>`wA0xc7Z@b(%$)aub(Bu-P)y zt@ATp#03R2aPaeVHY4?id<$M&FCMb4bZKkqy({5(nWcJ&7 ze>?bDmV6Bn?#3?r4Oye3OZi^F1<0KhuXnGYofQW6QBiN}tI z4nkyzfwX1;X!{5N%X0dCIq9`OV7cz&hOI?d;&b$k3{iE3Fn+DeDTt4cPY>xI=;i9~ zO~V;WlDq1yHxpFt@-TsrkZ=KwpyBY^rFn?!k$oJ>#)6tBbBvM!*9RRq-T{F0n$~$e z(%G?>K%D7QW+6R(5H@o|?Q<#u%52a0vJ|HlL(pZIZ#mZZ=)Wg9b%DRjU7XS6QVV3=Bo{^+~X1ej{0?AS?UfA+_LM*kek)ln;t^ zCK&FRf9GOkLrCkc6Y?J}?opNP`*jY%b-#JtHKr-(dGp}#78mV>4rw*p;S3&FRSfR$ zS^~(|?Q$Z~i7dgX!sJ5qm=4ov!S($*%RrJ#owgk!6 zFb6f@rj?I#HWSL5Pt;XWAR`=@T9&~X%hKr7h3kPRUQi3Tk+P0_sL0;$4gCZ*BDuNF zV1b*fHYgY;g-QU!st*>8BAhy>Rr1AEjw(n%j3ENPl#7Q;p`;nr_ic~>p=80d)L$?- zj(Q6CI~|UV+9xc#lW?EpFcn8IcCH2jk!OE@LaT3H?AF!Qm5n;w6FL2gEsM?ra+_pp zMXIvc$&iZoGmJQayF|Ybc|Aw4aI!qwke}FZyuBwf%BFg!Nbq~BlN0(Z&WKE_v99!m z$h`aS(FCg`v^8-zz_M^5;=uB-5pfRW5clL)6P#CS*h<{+<;w#Wz{t>wTULFGBd3*VR zpGg|Z6>PPAdv6sfF!?g3UXe!!pd+rm1C9tkF^k!cnvld8iNuC!Kx!XI58GY1GVWdU z0kD?B@HCJSkG3J zE}3lYtHT=~0xC>Fur5Qve-kF~%{`_Z8t)&?{$O)d?5mGLQ`lVtt59q|{^4otE3Zv+ zac~uNJ&~9lTDmG5bxQWnP}eRvg(g`9R|fKnq8f#TT!&uqPB8wjAfwT74j9YSEVcO^ zq(G*ap%k{^#8gx*V*w}Q1W{(wkvbIZn_Qms7)pC$dTLDyA2-gn1kwqSSrF6IYVe}w zr-zlhElv&3DdL_~ESj~Lk~%RmBN2H2owut9oJ6YdmTof7LC|w2pp7|w@#{>OsPn8W zPH^XRS&`xr5Qqy9M7C*QUOzhu7LK+uV{}7WS<*-Hx%E%C8hbFwM25F#<`f+wl`I)( z5f}&+tqvIlnCt5-%}{JGD^q|zw$djX71U!^8@O%E_7c~ z8%*)=SJ38Ze*pYi@Tm|YpVtg$XUNnNg#kb5$9Hng&J?ZC;ncY-d8lIN;_)htQmk;W*P@6tN5EWRdiLW6NYvfcusS zGr4U*@cu>>Q;E+5(P*}vfK4}Y8Zqt&4#qhCuz(S!5x?IWASS_A&yZx=gdRQ=iIezCqOx$pF8d%%E#S4i ziB!@mmd5aubzRb&`5f6S75Ec=%xwSbgy3T4*(QVzJf5$aF7st}Gud z3vf>Q5y|DayhzXrPyGVh8Fy095Oka{1JJiJlBY}}59W&Ozvl%Oh-75&Mv|YGA=OgQ z3nl_|B3;bv9ya~)`IX*azr&2dq4u%*_V6R^dk0z_F*`=Bnz9h`%PN zf1)0xLRPQ4oTDmUP8oCsm6~ou(i0AD_rrl(vrho5rqB`M&+R2*Ts4bfer#?@^ z)A^R?QleS`AHe{l>eABEewPts_;YSOomXnjbq{)huJ@bRNOnDj(Cb~XG@;*vPFazV z0sPydfTsl^<75xS#*vq1@_qy3@0{*=RKf*-d-}Q3F>^rhZos1=*I1DcASK9HcUc*H zm_02@S_3Uwn4VBG(8FNTs%6s@l>QkASs|;2@Z#0~scd`(p3sJ5hxMlJx|r%ZsZm4OwEg z!q~x+Ye+$kFk65+Gp*EH$`!MOK)L|iM-!_Dyy!(AjA~U-Dw%XSGe)jCedr*JY+c|K zYw6Zn^{7ur1}Tm9H<(b#bBKwINAM!ay6-~Fl*l{ZM+P*nm5pK)R+Qhv9j)6}CrB)Y zfNx_T4|#mRuwKP5ITk=8>Cg$d2j|j@dNaO)_BIJ+va+)2V=I877(gUZZoB)1g^V0; z+j&&rsdW_CmI2M&PYR?Ki$eNk^t=Xbc*Nx9OEAg%4JKc>K)5K#K$@`r{QX!A8C6ea z$6j${;eMRtk%QT)$q)E)Vt4N+<2r1nLs)!=P&Yt3a%bmUrDYde@=j~}N2&EMmbdn;8PflnK)`c@bmwO;Js{^I%8ysi8RN}35QudgY`Wz@#% z$$5Wotdy15qgp2&XcR5)9bzUMlhJvqPCB+B^g+|ZM_>QC^ykZfPKLz2j5GExO(i8? zKJ4qx?WM5}URZ7$?P<%Y`c!V+Zv4CU8`*UQ_%7vR*w3H3aFi;J%+#+xj@pJdUu2q^ zXnU1!?YjHA*({gL*T0`s2MP(P7`6c<;`Er&wj7yHpFUYEEMU|@jz9}9p;?ypW>vi_ zKXS%=;Y+2vM^K|CrUAN7?RDHyNB6J`nCWJ)~IS%OOg_pgY8v zt_hWwa6(GyV{i%WU0^@+qF}3rQRCY-pW)yo zZ5G9Hqx~-%yTwlxylx(R7lcf|Pagou8@<0KEKtRuBzb;dG9Rf`h0)d41yc#XhKc!( zcExF*eDU{p;7ArwvU7wprVE>@d{FlKL#8u3hfX z3k_#ki2AmA5MjW7ezgtzkn_*aMRBzMTaE6uAq!pl`VqKe(3XLnsS87h8_Rl@7 zIEyM3POU3(=qQv`bIq#Z`W}MM;HUfe+(?oMVLdUVBTYx@X>pMvv>~R@neBal5aE@R z%8IuO+o7Cu(KZk3t0Ub3VLfkQzo1>yRv+(h6pEE0zl>i4G=yu(mMzA?JJR%gv_5;8 zd}(n93G8)|)y7TR9ZDTnAyWBLETc%6%=Cw9zj12z6 z#-jy`ZnWH+Inf!Oq3cwm)-FrcL2nm1T3r#jpxxKkr$e)*Jkui3kwT_Xg14D)q%}%)ZN{v?Kg&Zh(|UBoJ0>E*f^=+ zi^0Jy%Yy`FdYV8bCpfk8`-5`Sfp}XUWI4hYlT*7@V#&mJ;&b4lmkP3CA^>={Gl$_+~8>xZ*Mq8L{9*i*AiSHs-eFn181{_V!#xO1BU!WuPh6` zrRtkA03q;k%1v7&K00sOH8>cD(xxAwz5%=Yw0_+&#M|q{5iiMnZd?n9xWwvpo3CEE z@=SQ)c1M2mRfFo##~PngInYQLM-R8<)E<=`al$Al$7~UicdtG&N=DuiT;cSi0gBZ} ze7j<0l?{2Rfk}s~Je#T5kSI*Nd?i`GP}6eVK3SJvP$2QJ-5o{HYrT*5$UUq{*4#W6 zLp}(|kqB!8DC10Z8KfK?REE1zq?~%x$EIF5lp;f4TwIL2#+;y5poCV?6>23>z+>Vr zIB#c7&@paFDEJi0tM~QIeVJNQ*Ig&H`7*Lix=SS`PQtM*Qs(IJ+VV3?Dy+AuXineJ z^Gk0wxSyYN zr4WBzBm12PW9pvQm4jxwI?c9~<&{Tt+8tMxpsMps!VuH5%U7Gcvs;|0{ z*7#(|ae|19|MTn4X7CLt6m9_Hfd?)i%(kdRSwQJd1ORkujPGM-Rmkvg2(z%W!;5$G zSCVOw;j{MlS-=78WF6F}M#fRL*2`SFbV*GqH4du)n8R~)I3d6r^fBeI0ahvp0%O!4 z?*MpyMXMPBV)l>RVKf|6oH|h>+6sWcgo|QgV)(3ny{R3{e$SkLn=4QXDu&V|)(f`} zshE4kz5Bt8*5uTh*X>jMKb?R&7hjD-#SpamBgr6jxbh!nC-ajr%3y-+VaUqt!UF%! zKl1G6Qh~Y%xWQ?;(IA~sNC@h5R}rsN_#Ch_^gfDy$N?RQt0b{J$ z$i_`+^lfAL{t4d^J--&hr-+@ZpO2rZ{q_Pv4+P{qBok!zmM1#DT$+iP`+*sCq`9r< z{lM=(enhy_@zV@6GcNdjqJQi5?3pZZrHM9AU*uHCgTIZOMm^sEC@Y7wQw{Hd+fC)g=@j<84uu1%3mo4TNxU2Zn72*6sEFVl=;O@AyF>>$vB%os)H-2!O9S(Eyi)6SX| z*i0ejHq+qh;W_e1?^mr1)N*u@Qnwhx>W>7BKml8MB=366+fgDOuRU1_7R(PwYoYIJ zRju+2W>8q|stD6bsAIY}*X<9~c3?zr4R2L4uGgASvgcQb7@G-|w$};8q&vekuxlhU>0E68$ySQQ$xb zU|l~!``qt+;QpPT8g6Zj$=Ilba#K%W!A)(v6_ckcgVXb-@@8h~pe`H80J(p)Zp(gM z%izgLvjoMo(#Y59wT@|ov^)>YNLyy1OlUd85#6$N;T(i!{`>0=+W}HYeLGrRUH#;0 zHE!5+GbKqSr>1uh_vHITOog}tqO<;qSxicvgo;W4VC~7^l|@l3+FZ=#>eBUOpulz> z8#a^wNOd_zC07O$C8NucI9}ONQ*?AvuGf)5Ua#iDA(3Zaaq*J~+4?AXArR%-FNmrH zLQ4vhXv=)o#Z)0F=BiIqV)G6&GV*8G!+S@(jD1sT^QP*OvNBqIEWxT;uRdHTzNw_- zhov706E-pEK60IkMud*I69hFD(rqw;( zL!QB=-H9=`c-c2S`oTFVk1;-YT>Yrua*S+IAxy!BaHN~8CZJTWqZ|TW`18z*{`D4m3rBnh`_>H8|CAO_+;gxwGtgX?vBQrPI*}HFz^?(v2fgwnDNt zF(dC_{jQzrb-g@33;dms5?{9Ey6W&?&EeN^{@&i+!F|4PT|fWxD6F4nwzj`uu~e=* zBvyj&CdbAwg>=~T4NLVsJpJl2CqExt+#QB?PO(AxV65t31oo7OB@W13iPMEnnIgjwMGy;|lV@N&8~`VI+uh$n`R0=r z|MC6%=#;e5I$@hhPo*|KIP!EKmm|8P);o@8*#0;vGwa~GpPL^XD_Os~f6?}wlh&?@ zwf(tlp08iO4q$D`Un%cL&Sn&3Wg|aPWH5>Ln>>)OllFYrL#a+9{byt#x!seKm7|yb6fWGovdeZU6;O0E^UkU)e`U*tBW+7s($yxRup%%@nC9Us?4c zgt(xLL%qA-AA_%G*qb+Rr1;7YBQjGv;Sz6-DyGH=vu5&3o#pAsQ`C?dbO+#zC0>zcJkFA4I&c2W;+3{n0cI0Z%2>JzQ&;yi0=6kcMd88c36tdN@Qkga-S60p_nCvP8^m=e>LPw#9>u=o9$^2Uh*sO#9Vae5U$= zWY}PpyK1`Rx|J*ULhYoET)78*$E4GS@lSCJbvWof^O{@(WC69vmn^^i_T-1IGMkr> zxxGIbv(QB0_%^-*X224MBiekYdmT$s6znbodV#HMZPMgQKoly0yE!pOXD>#ogWAm(P~!*$yPNggLa@y%~M5UR?n*9TGy}tSzBv|C-2b*-O z0*C!h6lLIvH^rE!7hI}924(=Hn}2bgabeg)P<2=Pz(uzZA+-?c+Jzk>v}b~MF$@bo zwr1aQbuEIt?DP@MH2e6krv5FWexRn@+bttgS#?($CWs~2doI+8E>R1Y><#BTg9=Va%i))!h{-d z^5!+K*of$fz^I7l%>+&8fxG(?+%X&FE~Y9D&M1%4h(8GJn)1=3B@r5^mM|>aXzI)* zQns5FC)9wPCKm6A>Pdhj^>ohsV-aeM(ZADDQ&muh$Z(Ww_%!#gzfLBvkLqn&yPmAZY46Z@L)4%A`CcKC*s7Ge> zprkSQ_U0zWT)G@#i%T9GF{xSG@UoO0omQPuA?9#pR)sVUt8=!S&Tacpc^Gx)w)QD6 zRibn%EeG*()-PR}X|_?^ve6CLQoAy@{_y^N`|1<((NsD$;N6Qyo^<+~F+sbhKhBkL zr1W4hhoDYsB03PyK*=g+;WpwB<{6Wow#woq6K2)Z(a~{1+~m}$XEf+QmQ{ z>nmlRvXoiP#S zK~o*4rd{)^4aU|Wj5T2Yb)sxoNEZf4osGoM`VW@w(RBkW$|NrZ`{q z=X!uR%bpLLH3&IGF>Km(JhJNO2pbylSaWzcwyIEN6)p?UM1+NkwDrr6*4A=>F1&rm zk}X36)o=-n;*IeOIgYYt zQdw07Al76Ulf+cF-9;Ov)G@!-1T4mgZ?&~t*`v_IOdb6VRZ&#xA zmMtq9JfS)gg0L`5FVJ)l1IUd^JqXFB&XFLw&ro&-!%ANw&6UAmP|sr?5Qq-XV;w=j za$U;Mn)BUm@(6*oOfJHF4?5^_Y~2e#uH`tEbP+l*+2hmY0{3o^F%}vUxWzSHY@N9H zF))=`piPJ3Fi^#5%LGfE5IT?IPn*Er5aRmeDSya9Mdx)ghHBe`jLOx6>#6!K;#c^1 z*B>&davTwY<@}3=ar$$`fASw#{tp)bG@dA>)pr~&gFWP}@VD!Y8=EVu?gs>*Lhw>> zvV4O;BA2BJy>!4K_IFGm0An~lM`<)icjQ}VotcB^%=bC*B}}`INyhV6rQ#7C%FfHl zU2b*;7SQQ%@i#d_*iFua3MdiYDj9uwcGKXv^zG6~6&mP4pbJSTUyrUgGVsZwf0 zh2&z71oS(b%~oDg%E`&;rEohJiynu6rTO1ON|<66f3CbpX@`Ax2sQODh}TynS;z;B zqL@UjC8_JWRu(Obt*n<5GZ7ImW~^O1QS}qzyS>^7d80u zMhOSUW-cXhLy#k=rp2irfAZ}#N4z_p9ZsprM~-Og2)8dHYc^Pbmw7s zeTbsZw%q3&E$C2TGF0`#=Gn7nWAIcmlRfV$-t*#B&fpD{aw*iE!p%a5pzJ^Jqq7tC z_VVWl`lhtlPb1sd+iUrW*C0qRo9w}f{ET|vuUUZY33kF(7R{UR$QXLt)YG;K1>`or zyapUTcxpavwN3f?2t0aP!D{U!(c;Y_!@O@ z!!uH=Ot#{(Lee99e-()1I_7rYh|n%<*Lmt!*A~Y37-h9HWpMK3$=;JC=(7gcQIhk{ z<{*-xfHC3W<(IOJ&SKAvLvDnYwodf%OGoazQQm~AD(QJJQlCYJpt9H)a>cH-0O(+O zwi^9I9z&!R1kw4OxSSuz24o!bzFoT>-CV(Py`-uCi6`MiDWDF+8o@kc5v)VTYr_;6w z0D#P|daF?&V+~u{Iw(HyD4tP4%{7@45ui@Qb+ZIoi*7Ndp@0H5T_z1`r=a}9*61;8 zW`Q^rNC%|i~k$ZdE zsV&pL`J`3<<_GE~IWZHZVH-4>L@wBZ=to{m;jxnE&-f$zt0q zWw765Hg4NiWNB}0jk{4r2$b(zf(!l&d<^YcKtc96x<$_9@n-3v7PS9*Z2|tc=G7HU z#n?Y%v>!Xpyt0_7MOYQXv>3!o*3*^T%WORfj@>44jc<<9G0PP~`j`l+ZFZvS|je2ryxkZ`y$7(bkMqfiTn^5x#9Y|HB}GN$0oof-Iv zCS(`_*`6g%KLfFo`82w4Y7OAjEd-U8$$o6vmG%~j8=E{%v0W{3~jM< zCaH6QBcU>!dtisV<;akoOm55YZ(-_UMgM$jV$<4$Hq) zBnh-&GDWo!3IbX+{1-ZQF)zMCNrv&|%9LCL1-?X`yggeFL^};U4UtL55V$ddT}i~a zL<#RgEy?`53Se6b?ntyh#rQA?oGAqbLW3e-F47UQ;=Ry;eTa{8bDJgaxp@~j+kc;!)_^^NVssPU!U0sw zhf!}D^DD~A5;?6KP2+W2wtS9GK+hW-{&P$NFaH%7wTT8!A%s1OKK3XF2{nUI{1~=Q zA@15#NW2wLG@1ea^Ec_V6ghozn&KaN~QdLeP3XsV3K793$0#x2hi+_&3(;$z7uSE|8A_} z(G3T%i()0y^5t+%q>Du2cs;=x2qoq#`?Ib6JBI2`pD(dJ8 zJ@W~4imlGBFqv#73ZJQm02yE4bSh(w{;cKZTDW;9XwwhSAU3pM-uwB}meN}Aj{TbM z2tZ=7{`T8%X58Spdr#)(H}0~adJ{UX=ZFUeSdi$|x z*Ge+)w;m!1Fgj_$BO`qoi}@ul{EV)$t>uzc#u5eyvJ66{=RrYef*+xCrqYU%0dEDp zRBg=701J0X6SmH_7Z@Q*x5VWBdS(G1Uj*LkqM*`B{%N_?1rR}YKxd%-G&O77GS-?0 zwYm$EOVKToMRV4|b`YgSGe}M;V2hrb8i3a8S@a$#qr%ewXLuDZV3Hc%z2_A2eYx8}x_3SyWdm9;nso}xEYDrJqA zf}x(804vqdc%usgkVoMKo@pPqv4Xvg7e8< zXw4IQdcb-%;Vga);2OhZk-dX$SdwOf>_P^PIAMpfH&LQc3`z{w*C6B%@_rJks34!? zjNXpvRfmBy;4wvDm9g62EDep7`l{7N$8WCB86Kx0iYV98 zK;xkOoDx-y&sPWfC3F9Zv^+LW#}0^hZb1O?47}Vj7Dm`bp@Z5COu++>Fc>IfBaZ$c zQKb)CjY~FT2b6`@0#a&5WGjM#PS4gDD4YgLHGs2-6OjOA*9r){YLlOXFd7O@d`ZO{ zffOK1K03@L_KgC;1J)oJO|2C?WCUnP&DCwahzReoFlv{W1 zSoMnm2nXfNomfhpJdp$rV@0%l<2c}|Ne5v z7fZL_sEpK>OoMBV_+)*MmEu9J0<}~Ize3!_8QFgrykyD(^^mV?)AJ@Gq-FJ&+~fJU z$K|G`wVG;YR#hYzFzbs{HrWtM5Ag`q^iSR_9)0jBpMrguslQI!n${Y<8tmD%f`WM_ zHvrctqI6Nlsf)&X^c`MtWn?(f4o<69uQmcc0ZQZ+uF)dm3D(3*>*rSj$@J4$j*Jl> zc|5WlBZ@o~j31axehuR>zuF{wFuUHqduIr3DJZOr#qY7MJfWm{jEE`O%T*zR-fTE@ z0%xJ;RA_B5$X7%omguoO%~(04t3_y^yJU%JU-D;ACaA|2G$&g64p5sQIj@s8$<%V9 zn6~j~^iHb3h?Iu4QHl8}080X6Cd#j`mp9si77aob}lYL1fm#9zEbw@G~n->&L5f+#W&+zZx*)f%`s;hNj z>hlr^$?|L0ucuhGF57$S?3)|25or|yuR5;`1-}Q#Vq}w^fPetTVas0Xz3=!}5^lYz z+VY>ZGxksO?A63Y?mP^j3QhY{Ar1}>4GU*l2ZJ$5;VDe{`K=ry>V8myM8$e=@9i5m z3P98(Hym-Po=`cjt=?Nt-=c`x|MRD(OR=xtRyBYE*sF&?o(#&lR99~2;1CWOlLiVQ zbZ6>1_IztWTzihc-Uk|qO_B#q#@+`qVG(qIm-7>&x)FzSDU9RPN+FJxWqtlXVa_at?M%#IvA>WP$P zJ$2HX98sP{Lg#acBnXR&rq(;JG$f!kH{BzLlTNa zY^XByHzMaKfQtD90*r<_G4#-0|+X`c>sG-@@Uad>%(l+Cg z#{iK^{OZZwIHydZVe+8bD}!e`ciz13k2*5y?DF$v zxTT-rNl|r(A$QLahV+xQ!PG`_@dTncB3hcX20o@uMLQqK_;Ui6@g(xj58}B|W)F~4 z8MmwQ?7%(EyV&F5;3bx&JEr7r$GKdD!oTaev*HmfKcp~YOn*Q?uw6>W;jiDkh(Y z?h36jEDXvytQkERNsM<`$S~CVrFx2hdqPG3U+34Y(H7g9mTPpF>4UQBt!=@z5bA;5VddYgevZ z*@X3Y@X(?A2$%3D2}2P?83|&qmF=zbIwYIG^H0W*T=)C;AENDzS4L}L>sDnnlF!>U zclgzSF2Mr90x~yL`UQZ!f~algfmIr>Mt457a?xTf<|MZV`}s z90itan+Pn7tFFE(o(<-BUMEkUwEXtwPwn&z$3Qm1ka4wNJ@eMx0g+w-6~o>Wno!`C zWjJSmxJK15PIOefN+@2G(Nj=OztDf7{VQ@T`WA==B0%M#Np8phXb)k<`+8To4%vV( zz=seE`=?}d766oEaG;5wC{AmnbG9cKcKe}}VqjXe9oq=iE3S6_$^9Lcs})W)7YKCu zTs*n~_hr-WFt%w0-->_)~{Y6cPyw4Y_p0Iwsd-tlsw7l|z z5DXvZz-G>hz zShB0H%~O~$V}=S2;A!7WY{FkldHjLNn+PYfGY)a)RwA|NFLOdrYJw5!`Z#_h3Quv~ z%`N-!)z{6<&7pJP{*sr~rrjp#m;ROQ(jB^0Cst0yKP&3Ho0w(jqXGH|?6w@76VGRb z*C>;VBm&JOJDtVvzY$|Hsdk97O%2>;%)IT0i1ONrQ6Dd{rAjWyV`9s=FEhS?bTq6l zmhk;*l2p_Zw=y_y!~U3)r3|A zKyw*KyjZFN&SGS}9A&EnLUG+C#xMd$u0_C3Yi#4#ehG2$W8ktM60rKiHVBN$%H&5= zCQWL@Tw)==$GFcndAL!DvcPYh9*Ds~|NW|I+xhD^ia_5avk@PIK#@qSYd$GkCAILv z=v=(T9za9}a9yJmi0iHmimtg@=SToVFG71X(1Pqir>Ylf!m z3$rz2=FfovL*UKLfIBBxPqux8z>3D)d}}=Y$8J;@;Y>d5D*7>0DeyARxD{}zo7ghL z#(U1{tyYanK}~w|Z?j%LH=RK1lH+kS?{?qN+U(rX?Ng_9D&JqVowH&#J<_o`}DxgQmBb5YEn^vx>A0LqP%<|uzg;Qa2UN&>ksOS+PwJ_ z7Gu6;0c0k~`HWM_p9KdC{kgDD>U9P_$Q>Ptdu)f=(Z110xsIuDvM zSbewx)d@%KnwY8pVnsI^Y_mu9URsEnoY-e2=ji8bQsL3tVZ-~+XV5?0_K!&qccyoA zc78!;{{;wSAi3=ZVgD)mZR^7ey=$GYlCd8i^4rzT#?lMFn9Mn{K+73|+HN!(n$SwS zR{0k`%WQur<=C#g7&)vl&wBm%-;>GrYiD(;{`mH`2QBz!;3FmT>roxnx<;$7lznR~Kf|`+RsntJRfM0)`DV=E;@9lC4m>%gK2?|2#tPBl+faO0X zd-RrA>dep63dH17Hw

    (*fZ?dQs|Lm6 zrKRH=w>t&KxEH@J$n5UNjZ=pJ{roj){9|7;Y3z0V`kuD)u9Gh<5Y##_Yy4sKm}3^l zzdv&E*(m3w+!d=<8G@Pg|GF-Y|6Uh|SWEBH4pa$KCyrkob$?9E{PnBw|7IE}V^%5n z{{GvRE*baRc1FHX3pbEnKeYnF#NQvh$?kC{W)i&e+)wS8dZGT)qW_<7o4I@{6e6y5YH8>I357k}RW%27dtHvLI znSPm!G3e^oE$E-T>Uf0FImO+)#lK1Xb*5VyipZD)m!J1sOUG?AFG+Tg{ zG$+r*1e+JAT$^sL_E$p3V1+DF!Gj++MB{Av?^oLjT1;jIa00sjKSbj4Fc#Ss13na;Z{r0@pEFE`WZM#5%{xTXg?9J&sg^TAIB%`x` z|L)`CzgwVp)v*5Wk4fq0xL;kd{N?KmeSmm@sKnX0%p)LhPfHXU_q;eN#`KfF{v=bo zrMDpJ*iTVZDR{cSe{#*P@t^#*MSh5?T3`)N{>MFaZ2s*kckSB6134-Pxr!a*Y1)}G z<3sM0xtnyf07Fn844uZKzn=w5r;Pu|lfS>2HmUJ{sZ3TI|Kpd{%#`_WoT?G*Db5&) zkJcRjBrZ-*9g9Na|LmWCA079@|NPn5KRcF=`_;ew4fpuCIR0<`kNc6av8@+FK8}oz zZaO_z7z10kaxt{d=W2b_I+)ukC=wyORcOa)gK)JVeVg*iW;OjPLj&(aw+z~*^YFAe zM6QUex%}kvZGc52`?8Ql-tpADf1=@Ut7!aF;ou+V zA@|!~{O^za>oot{bNSyVHde;|{!Hk<{&&Ir?}GWCtAgYImi@AUGj06cuUNZ$xeSpG z(3V5TdL^n#FahOP9(>>i`U-~6s6dp5Ue?@hc`NKcm43qVswbmq47tfEuFNson(Fc=1t-Y=p~<{ z4k4h>EImlWj=}8h1N%#79aLjXy}Q!&tQa)0Zr!+{gcccbcu6`&{)vBs4HiVWKiUK@ zk7{+T7DxLd9oWHX3kUoLVTge}KAo;73?1YY{GpChUhj>&chx~an9+kf&VlOmT-R<4 zckze=BO|;F?YlzAjwWi%zKFCANclg*Twyal+97XU0^UX{~U3pb#-=urSIp@tM1Q7oAL zg~C-k`%XA#ry%(+OqnS>N$8VGn95q+*BM{#EKS{r&IuE}t*+C2{xu-R5EF}RB7l#J zS+=0J9|z*`My*68bbSfN0(+;q*Uiw__{GS`pebH#?#9}vqcN{H)=s>*JW@9U4JGSP z^n*Cl9!#`=@e{thOwg9|1AlGa+_?|(!!M_-Sg~S_fWR)eD6DCGK6hbNpD3iD%|tr@ zy{)w@1Bx&coiQY9X~sOk#_{FKhz&~UX3(Dth|vf*=KAZ5QsPciUx9ofAkVHh*pTVB zRY*w0w&Qrp>kM}lG!8|h8eO2P0-3R*z84RfS}D3k%5FgLMf5){l4hwU#nZN z>bueQXhg+UfR3+r+`)45=2^ZAh<}N;RK?b993@5ocwjCaJeQwer{K_9C6qyjfdDrp z03KynU)euG8x!4x9vBJ|Nq{rWcVgDy$Y?(-g<58glEL6QWaB>SWBcg6>2FDC|4AS> z%~feB*lG1&&PRa+h6hTzy=151Os+3y z%lJKJS zAa@5NQqAjDmU>NUa?k<8y)!a03T33Qz-XMIbm#l!{b^E(nOFau1O9g1Wu1MOzB!u4 zfn3R~4)|l@#BMAeYC#hI2tyzI7}Z%E;lE-p%?kYY>!K!glo5Mla$8}&^%*#M1aTQ8 z)bN8?MnM3?*w|byt;FO51pFNQi0=luJFTm#s(@cdhY_haQm?PQ+BAe(ybxV_yj9-p zoO~Wk7kuJ}uwH1#+325wDwCv2K^6~?45?DGVRDm@#ZE#$3}obUAsNuwQ>4hM{jQHk zM`GyQyi_n$>|xG6b_776U;JYxuh?Ufd;@v~Vk&GriuP}}^Jt$lk&HBVXHq|#ivxxX zdx@%FYMTeBYHMoy3P9t#Iiqs@*e6)pOwht=ZIa+uALE`y#y^kWaD z8r$l{U|ZxXK}SaHV(?_WCLSFNERUCtL(6cI&g)=oAzzq;h+?cjfdeB zFQ;)F5>4ii{EMU45{grDx5@1=1#--Sr_)2Y3AAm23?LLpcnIxVlH9=!l&2S5=g-9c zu@UIdJVR3;w0v3E8 zF=HTN05r6D5M&@LsO#H0A@LR1r(E$+lV9!_gOP^ro*x-q_3v^5d~*e@VXj46_n

    IN5r;S$Sfky&jMcktILudhE2YzFfTwIU7YiXPgj=&2#H{+pLTV#k>vbmLa z;q2Lg09l8QJ|YSgv7v&h^WkJYMy`Q!H9_WUbvZS#ApGz;-CA0tBvg%-wTxFOfaL-)`hHTtF1 zgUYW)e+{d7@BCYMHQ55IK{U!2HskavM7Nx{Z^1t{&c8i^nQGxUd|b|9rx)OcJB7E` zOw*rWd;2YDm>Cm~=5oQXMhSafbtB>zTzaG6KNyL&p5{4tdkAsOsJ=;7BE-IIhLqo1 z!YT~0?qP#Ckbgpx5D0usMsdPYuR1t;lS+si8ZLSv`}gb-ldf;2NC=Y1u|mv8*y8aw z7l+v=1W&GbbSw|LH>Dj%Jm&xWif?C?*D(KKgsh22$J|vPFCB-=U@cdGIw%a%y-a0x z_I~gQi}1j|yW64B83b{Uj|oPMxZzat=RLQWV3Ulc$~>+FhQH}B0~{>SEYQZa zW|vj8Li%&7utj1J-jd^o+GG3_Md#9 z9XZish32seNHJ1(r{gu?=$H|Y!+#xKySoaSxy&gvRxQ8P=ofOmb7W1){*PlP;IE4x zIS>AY{2$ZF5e4k{imiaOrRObLWT3hpNG$jPP3}ML-@i``Nbm@ov4jxbltJmWgm@I~ zeGN(v4%L4UT)+Mhv^d3har2fei9%E3BVH=bC~`7^0=f02$;X5hpoJiXBS#}@Eh7gZ z>H^5luottmd%U#2SS#Ccx`@s;P@mbqsl<=v7(RHxy#2UpN*VPE>YKm_%8_ z!^5O7VC1sf+oKR%y{(7*uxKzk-Hr71n?~*4D~N{INy5n zW)GsSA|B{LS=qx_w2-Aerjr|c0h~EE?OIZNIP|p@Vxf|390yYl8veLi74)Jj6Glkr ziBF(11g(x|i`yIUfWpCKTX*=$)$)4leF}YXES55aG(i_GR5&Q6G%0NFgG_-`TA*h= z$AUn-q@x^F%>&w_ASEQ8u4;k#I|g3}z@VZLJB!jOXkngTyvTu*OdH+;{V!+k_eD}O zg`1xR);uYUWR(HJlEUKJ)vL7p@t)Szs8+c_;5%S90NgufAQ>%omnjZI*cKAdd=pLB zBWk^fh$=ot1<```HN83Xg=swiTE^4RAE>#V`W`YckkjX(fk-su)vF=yY{UdOWqc2a zw#K$=T-H-tkpYS7H{)0ImkPzMX$Jj}k_s?e=JN2Y0}qFh?^g-x0%a-0)yA$zp6|Wl1Fjfx z40M_zWURs9RVAO}LM8PX?(GpjfBw{LHv%slN?B^Ins}AZ(HZN#)U5e^7gIij#m3cx z17|l94im2~q-^TQ990vHj}=Dg>VnNc?r;9tM8wd~^9=>7ay=B^mPCRuO2D<~6?*vB7~+7$m=#gdy{98;#7UK}xHUXckBkFmS%=5>4?ONQnSG zQIq}C3siZ@bcaQ-wUe^GMU z$a1j5>ZY@wDc}^#VFslE+`1aOHK4hA5otC5_S;$8aukUzK-#i&r(t`azWX@*$b>L# z8#H}j`85<3lTr%AYa$0TO?upEWrDsb1LDuiMW5hBe-}y46BxCu0Ts1g41cVQ_|r1; z=LRr|VUZQ8dJY5xhJ@oP)KQ>Yf5AR@=<91Nu`h7+*w%Hh3Qo+#|0Jqn@MTX>QVNjY znK%yPLmR;-2k##LP3CSG>iMQS*?v$0hu>3hdFy!gRpY{8+jR|6`&j)uU#k}V^_RO5 zqnx;C2p~iXL;7o8!GP5bnHRzJo}^777>X+1)=uGG?ZSoBK>uOyAz1BysIIQ=s3PeO zQ7hf!p9KYx(GV4QNT*MCrCE?EZV&9JDZ4{{W^R~=2>~co4bTDC$Z$$)YM;-T4&D7uH96l*Y$8kB&eVR2>n;jT{(6_r16Z5vc?9tFYLq^N$*%8Sy+a z!y~cF(fNK#er@Z^(U~=DwgY>DDjDyA{z4k8tn=8j#B5T5GeK5^gir#%RxBQgmh%Fv zk^r!`!$6ElS@J*?GhLwO-Um)3`4wwt*VUmooyN^wjARyhp%1%)L{o^MU2_HV^NYvM z;>16Gt1u2l=w?*KwYAMUX5zf3{RZsIX!2Ojt6W;5*SmNl2eP=GN|%|L)7mm@?jaS;>Hipg*%ykieIQK;zr+9syr&DI@|@dWuzCpWIGs8S5TlKn^*U8rGL7C4nTSfC9s$SPXBm5P5^JdEEhU zMg$bAv%m@yIr(NPBJ}q}T{X2w3C5*Q@bjd2qnzKbUAvVxE%@}QXY7uztr8b(Q;H&o z_qLYzsSgjdYQ20U*;4`4kv0ip2=+l)RBrVN%~v|nh|dm2j9}WP>)4YhP?KD?nCfPu z=ph5)Fl3~H$F8IyC+Q*QZCtGN5(}urKtJAxKzbN7NQ#2Qnm5sUeomjeB?Jx%0yX5? zm+t5Q$xV4!I#wJ}l&3=*#4ZEl;H}Tw==GYE2pFZ;lz1Wd4*#3S^+6cP<=#F0Lqk7gQb6C&xLDIx$-b;{=UD>n|QcEn85+(&ggd*#X~%^3dzc;W9X8Tm!7nr0dlpeG6x(YsZ8Gb`5;w zgYeZ(`a75^__8}}b~j`kH)CiymB&_zq+ z5lG(c!S5hdDMs9iFia?N9P_M1JHBPw#i}+`()8p^w2NW-_yiNz-$rg`wYu_(KS2Ur z8akLow7p{Boe$v?oiaSwN3`|<0Cv9q<%jLkg0)j^4l>ymRv(zLNGC}|*-b{o40G;@;LNWi*U z5K)P&^8WBh(8AUsuRt&|TV_tLqQn}42en`5Yh%X`|5YFzl5i!fSgPsWU@*3tOa8q6 zSIoRx%;Z^;qI0`#8V8biO~@lIAEA4~se<~N(CMt~HrQ5?W(?8l)I!f6gb&_+UJ>;a;wfKxW{=si7B>qA0UHnjXJ<-{jr>cq$bsRyrFOt>9o zpfFi+2l%Z3-3juygQP4V#TPHHvBe7nq-G%J){S?=H)$n4#=|&_(Ig(ZjuR(Nq@Drb z)&s!!V@mrCP%2@}4nvFouiUjmlE*VS(xBW!T^Fzl(t4b3A}rLoXS>o2=C7eFX=JEN z(IYC~4@a;i;2;_49Vrr^ryl{P<1zp!q)RyR*iO-9%U*}Zyqt0!?hq^(Q3b#26b5)e zW;hg}n5{`x`=!A(1Ah1%20>i>QYHE~Rxt*%kh4%wDq%DllZP7^_DWt}UTQsHuG5)? z6ix-ef+a}CUi<-QN1#H{#Yv-(+dfsjin-0iH~7yvlO^XZbZ@J$a0WpQ8);K^!C{gf z!xWfIz61mW2t2AZMVf4n89S(?O#6mPhkzINZeEq6b@0vtP*!ALMAlKAO zm;wqGdc+7G&+xyJ76l(Kuh3D9Ng@LaNe|;_(Yyw%wdjoL$=ZsFI3Q<$XHR4X!IVh)z123f2@sUCvD zr1U~7&I;n-$4L(PLrD&GPEL317kOf>BjTGn&KHF4tjP(j4AL2IGp#Z%uJB(YByzclSnr!X2>E9Bjh9@7`5RzuIB4VBWmvr2lNjCVpurhjft)%#cfc z2;+wg6R$JL{-z0pBj+?2^B!1E0rd=gUml5P@GxE{EiGN#@pvOO$50qVM5X~6B=I;_ zz}JGKrIPW;55DLx{H7oTTaxhN^GJlpEL?GzGhRDW$p=(K1b@d=ND`I2X;S*~yILz1 zk4X5*Qk~obAr?SyfCVg2*m1y;nRgv^s2Wn7tX%=Hn?2^JjRGtU!y=JoUlZV1fI5_9 zZ+Hx`VTA3F(halCT~DN?n)Ui8oRINFQW^UGy}?2G`1Ih`%9K}a4jR@r-;zkAf-^lF zaerX~I*RKskP{kAY#;pg!BS(toE)<)N(L`gY?94*3-o&*r% z9x50x4E7#m!Ff=^qG`28N~$6*#ST`ANWk>UUd7;jt3?$9#iU$EZBPnWI*E_XwcD|! z;xVO7CJjj1wCU52V5xI)r&FN~9K5@FbfkEeEhU}=f+O@aNHD@TXeAaX8C537H(gm_ z(u|Yl>ltf=EVv=*k_1PlD;NT7Ks*cw6v+qlDz$ZsFMq@hC-xua#0LQi*bUZ!a}9Wvwd+o-XmFK zSZJq6VuE9F$E@pseaZU|YV~xI;{X{Vdux+*f%WS@5pcA z4%HBvpNpE&J61xqfB+v1Kt+}$U&Q95l*zCfkzmpG40sL6Lum8SY6Pi^cb+ctT&tFn z!*u!B5iLE&nD7JXv{Q-JwT#Dt;p% zJlru8S);yK8~Rq{@$(pIRds!;fA=qyvHIgb#&LEtPk-9|%pEEGwF^43Rd@%AFr_8$ z6vXXQg?y2awb2Wpdlh<L)zn_ytOMp&FKJIWqCBP(iPV)<4h z6(!R~=dV*afR0{QNJrFaAqQy}7ngM_R=la-g4Wh&w4(JxOv~bAvG)bF10+v#_f|h( z_O;E_FMfqnQbsBNaAe~|UYL$x7aT48lsD|x+{Pm$iBov`GFEvl~_+RUA)$~07kN!jy;*_Bp9PP(!k9hG0 z5Q4d0okx%+cN5}3=GI&wX#hr1pGCqG#NB%oz!LPo*62`O9U+qt z2h79XPn*8!%ncY^g(8=ryKx%sQO9fh5Usd-_vNN5f-eUFB*-t>Nun>9)9E5p4$9b% zS$sMaWKhU*HDD}Oj&R9^`@v~rvVhEa<4C0(99s2=>_JwsJ6d{9;ROAR+|A9%V>=ul z=mLUv?RL1lECYTc#BT`U=95st+k0YgU}Xw&R|DkE_K<7LCE8 zUJG3LBD2fNvb}a5-nE6zyRowInOA_Zwqhrbi^X0JF^4suL1#h!l*3GxqHIUIxR+Eh zz=UFxq`@-*x|xQg*|_Zpg$6{`WVCv?${`Ka8+{UsPE!!nZYjKym#VrkUM3WPnTtK< z8U*Hqu21~tU(eP&xG7ysO*Kq-t8q@N|D*eo-z(sXbQHM`5^HP;q%IYaT_$h>1Ve$0 z{iDy}v$sXv?EM?-u9`aBNp0n@)`H@<+OixQ*U!6}A8i0psqR3i=j}1)xK)CzDiKzM zq;0SoB9ESo{PfzLr1^NRuG!d4-Z~6*sCQ98T`xM`>vaO{!gZPnFSN6Z;nR#*v6W@h zR$(x8es$dW+I=z+xVoSK(_D1HVh^1SS&5`9ng1n5 zZ$Dzt$62qd05oB1=oK&Yr|vnxiNnAg%`5V8b=VX|&>NpBnUB^ZJd#t4Zn{g2O1WIS zM&nx4@Vre6(UE+HG_n!u_`~>oKmKw8G3BF?B zWrk4^v9KzTZQayrFa_vTg+g6M8aB0YSy90mzZUDU-}-)n_ubu3YA{wue_KoQz0m9p z1slM+wH^E+_&3Q60||v0VziwW(hLkAIT5l0#@^P~j7%C@TO+_$QUTh=2wMWY1LeoI zyYMf3ZZNABeK5;4ymq94gm3g#7M}U(zJ;ZgGe-5f_iJpJPeVO{=3QaxjYdIIcoP8r z3qyqdEnKep!0yg5^K_9menA-5PS|Jja^5x~Vx>oB6}#)i#XtGuWBLf4(Fj0_sWO2h)L9x#6-gk4wn z5G|+&fh@^THb|;p3c0u{kz0;rOOSZdWr{xJd!A0ZNhqXm8E{AiS6i&?a;-+YV*qs_ z7q{!j4|tTJ$R8Fq>t~#??_`g`Kb>Pnon!xs|I0iLJ+z?)PT#zShhkBHB0Kx~Y#JBF zny9;5LQ~_D{X&zWfU{jKo?I}n1!v|u9s#FKUh-Q#%nWh3xM+|8PwUn*^?@^+TF4&LX3dyHcGuvh+qaY2xS!EP};biiD|bz4k?NJpyk}Dr(~nEmU@K{?*0L zTP6(qbntBUpe+U(#RplcvvGITYtO|I_;f|_os?PuX3 zabObHUn`3eLm_TDX_sbjUweNiLdjSGZEu6VA{0ns!mi6d@ypFdeSsYG`a3d*s=Cl6 zPmZHxG6X?r4>nSwq1U#(`}TRK@B7r2rLPfp_5_b*0APHX%GlgCAJ@rZXwr{aUSLsr z!(5PT08lW(6;RK{R6TdCEJDv1^9FU=IvkVaLIin&ahvJ<8^|^sA}e2?v%`Mm;{KED zpnKb^+gY}pp@1ZkF^7Urf)utv+_NPxtswl->5upGYr!&W==g)TlU&}RiHuIR0hmD& zY=t}OApJ1Kje#@VGU%%Y2}WY>nv4%EBYH)bO7829HNxB${2qby);~se?VrE?yuZ-b zFBlUM2KB#-J=%J?dNiFZggOZ>CI+sXH3yM)%U{_TFAHGWZoOA^2+Hc}~<U4arCxS> z^hjSLzkMbnVd7cW$;?llRu&1O9I1d}!=rHYw3^j4C>$@Ew{^9?w#7=~Rm{AjH~;F# zwZix3#9o&wA#WI$$X=kW^hV*h_&|O3ud~h+Ht!vFp|~}g3MA826-nF- z*Uy+PKppn8zDT_#hs@^623@jJm+H=(A8TO)J_OM~1J4871a=xk))`pbGi_WgiwKkr zK?~*xf?oprCopyI?U@4GwyELZjd$SdtFX8m*b9RtAM2xevM5rzk*=Z1y)PMuwET`k zb;1n*)8cW+U9UIB;1VpKTrceVn1{Ym+>wO!QH=iQRz|fV zCH(sB4(i*@mPsn^xQqPeyggqY;ViIJj3S%@yO+d`xX$n0w))&$TODd%%Y!B-e02b8 z-ni^}1wUw6O2|%nP@$3VmwHmLor>uF(f$983YIjR8HE2492|3W1C7=3l_+ZAerhq0 zPDgdfcM(fEF=VDnu3Y)H`)=Uq0DBX2=0y~`R`w&JRkkunkdB~+QjO3Mxt=0diWM<1 z(2PuyQ7SSs!OLotYwA?9Mk$O&@pf52P>!dkr&PqI9VPaBWz#074yo>TRT209h@ht#Jse=`w)F!3fb#=YB9{K{A8o5}Q!|nV;p2Ee=@jCuT~HJXw{_ zrsyt<43Fft$>f=5OGoU!rqS8?vi;ZU@EM+g&PBTl-WP};PmtU!ZU)+Dc9wU4MxW1^ zHDyv);AR|xTUrIhk#3|7b>?7|f7}wM<_2?=r>G?tHoLkM8@C2XZ}6BC>oDRabcO}* zKP;fbKo%^|%ID>Ip@^j?vc$3b9+(LYtazc-`t9PNJ2Op!U8%VdSl{T7H^)<3vgJf? z%@iA_`p&v8TWm1T?K75TfWJaBUFdWJ3f#4uC0An&ssVsTLWW9;6t)16 z`Qg6_cEG~6JN`re!M@B#bf=8NzTUr6yDqHxN>p*q+_`m@1@AUA>aDMHhZ`WWBA+(X zqKCz^K~^BFRkanpeiySEu)k+y6Hhc~SN)I~h}#%+e};@6@L*)g3*@3|Whr^t;GkX9 zj6>7xr`1T5^KeewbX^z&QRB0lr|U`tTiMXiFg>ysz3m_?b*o3lXa@*%ES^34gl&6u z8$A6W>yHofvbsC8dW~*+Dqd-`O4Hf><*8RiO&iYM5J|xScov|Hnn>)Rn~>Id#oM=Y z;9dC6EFjACqPx3!M)3DK1@XSp{JSgQqtwuEap~COQvd6JR0yKR4NXc*OXCu;nS2rF zc{dCmjfQ^ya5+aUY`hd2s)f)?5eB{eo6J}C>NxZ63Dg+I9OX@4bsdh?IE2vZ^;C5P zibJ{C`oBvsTZl?iVtV$})t#c3PGWl`HV6?yRDEG<3R`+xt6<5}*qd`0`WNO8;FgA8 zARhtUF;V0U4qf@ID%Z^p`J9s`)%8oCnXh8qE#2^E8}f}{S0Q$?ac_Zu`j5J<#`kF- z?~`*0I1{#jo@U6$+ zwATXu2G0WzG1iL>2wC&x2-u`s zcX+ICde`ul*nrJw``I+d8X$QiTsB+--j>wo12yrxeJYHeNR|j(zq)=qd?lGUy@fFt z5mhnhe(LzxA`reqK+N~Ho{^gi;E?7H63LZwY1^I2Gje{3t(wgruAF4vK6$O?P*94#CPt#n@bJxTJrJm>7Q4<0lqJt^&} zRP9@)nD}c~!Z630{gYwQ?Mo=RiN;Mf<^iaXhZGs2Vbscw;$isknOb>*;UC>x6cJA6 zE&-?0rhU9V?-0%sq2U+2ixyFelw|A=PjNPIy3Jf?^^38%$Zbd0u}3vB;4}GhLhV3q zesfmI5p0O;Es*H3czp>*+ne6C&&HNxB0Y(~*;tqCjFBxc?IAh{v1|cGlPNH2fb}W- za^K$A^Wa%8<&fR8OQkV>#U}X1Lx}>WQosctp{TY8eQB!$vdLM(Zg1})IXM+@X^`=f z)d~6io%8dWKK_l(`;>8DT*r3g9$08gZ@>Myp&6js+)P8>206yoGj$D1)*Px2B*$4E zL;ud}s02n_qTi!1>!Crwt=xs92FT9Q(T%*|WmJ`F*T3~{Ea(G<8jM1|FMJRj5SveC zn2>9jJ>=9IQ0MiLbe#heO;`AqFACQHS3@gdzTy!$XI<9W?O!J%rf2Oan!+uXHK)x$ zJZVmzqq(_xdQ~-s0WMJKs62*7&le~gLcr~knCnlDsD$K$4vf*V$B5I9tx~}#7!8P+ zVx6dQ;lfZvUUqLICd$#UEzH_`6KE%hULfq{8sm#~fCT#yY?z{34G0bU=@AHyCkG_2 zZA3B$D<{^C*~6Uku?h#d5Mnc zsRs@n$|>&0qwKOuPsQk_FDSdm<|Iec6o~=kywi`X+V~Gmn#0!I1u+jklQC&N}KtmPLBE1CK)-+=DcD~3Q~~< z_W#4)pN3<-cj3eM)u2Milp#YYl8PuLQzarvl8}-@141%omMF6Z(qNX-U@G$*p;Sad z=BUi`JU{2h-tBvL-@oJk;(r{^aXc@6UhG}sy1v(ESnFKpI@el`VKW@>j}tV4^7xC0 z&Zgk1z9P~h(=+@9}bwLQ-}zu2|b93kU8?^2$3cM#S?BC!Uki@ycy@_S>^=Y zuzW1Iv&^Z|dt~p>Znz4uvt{p(P+d4WqO(|_&k)KqCd<_f{`ebA2F(Wi`=IC3#LOb!`0Fw`R2~sIX zdZyEJYoWa#>0C@E*CG|4a<*_80L2NQ{N(N_GFq0T4hV@1!m#JzYjlXmrwK+#5Ce4q z=|GI!HRFS^Lp~M7m;5Tk=lZP*(awRS1LExV3{Q?sd zoIn+Sx2Ag-GS-zTk80|(huj_NLd*1%-a-D14b>b)#*OW>_uK>0t})xr5+3%{LYs3i z<)fN{60)*QzmkxDKZ>@m8fdB%9B%}NdP4_n4-|bh(gCxe{9&O@HB;bC(bLA0zzt7Ay|9Hph9Yik z4iq|GnvCwagO0R^9>jfznYQEHjuKHsaHQ_4uq1bGKFPM zCg~_wdhE6_|oKM5Exu+AfYDS&)`n&6Lc>3GLYc{x7(4%|f#McC8 zR!DK)X`!}k9~nYJL5srtIC&^2MaLxY2sc zI1>@T{>t$fMED9IbwE!=SN(E^e5n<@wMuNbHI z!nHx5qO!sOL^D5HNpT>uH1PT~53~Fhf*+cTFEA>@v8eicJ1$A-+RYKIx`pzf_Xzg&bjeaY6pMNQdoQdG~!i>}Ug!{-o@3 zGs|!1f{QR1B(uJK4))O2WWI7DECY2>u^8fYt)3ga)LwG^=)9UgiLQu|IdL!g>@ z74GEFxm=VQY>XqT7$c@<0SvLBlOehpqY%VS7OuO=bw}+an%-aIuA(tOPhX3Vq9t!} z8@RP}t&fvO7(_yZwJQltjt_Q|F$vKCcGRO!!|a7Xn&|yV(bRyM7z7(4P!%B6m(J8( zR*#h9<55Fyn_~(_}(FP2EP-zJM$rn`Fj~65! z9z>#0;jOK1@>7)ucg&|#2i81;YW($E-uc=1&qcRsYLdNMHtv}`DEG-yI~50u71Ff; zXh8&W_7y^{a58F`%=9*r`PSYMMPy}M_8pPbqc2~+e7x`5om*jHJQu?3&adQ_+|k+Y zfyXR{SXJ4o4EO78x%1d-cIm5^S7L}^r|kRFS%&QmK)WpXbo`mJ%E2|Fc}Qbyq{{^w z%ut}8+t~g1(UvpWhhOzSsF%ID`YYY8hE*lpwx>pVzHN_(VN3_vGt_99Zvoh=VJP{# zA%I#d*eXUCaVxp;WMmYjRdHQND$?r{#%hGH?{RjN1LxUwaEZ&aDByNcNNF8YK<{rR zFUn{A*>6Jlvqgmhn*uyhG^SEiAn{8~I2RIh)a&X1_Z4+?bP58}nsL-RV9sv;n#WiU zzFoU^A=F$A(}#x2;Op2nd+H*vN*}F0$t?LD?R5E(Qf4Q;=%cW%3OspH9C#KSS%E4{ z4_DW>GBk8&0VxMUCGet(8zcYk!=5whhZAjVpB zZT6P#!-P=|2(?GY+7qxo^-`&t8!|F7l8_qG209)yaE56eL@GrQbb_r33BV7)PUvGI z!DJU;rC`OV>iuo&BAej!$Px1T^o1Pg(5uLg1&#b-Ao0-_on%4ir(Vt4^mwg9Sh_jkEgo#hv_9#}C~m9)X{CHR3u|5i;aB!a%L9(%b{CM;6GdO#&@v82 z>Rlf^Cxojes!y61i8v4XG=@1mB3DiHTxp={ zG<5&HS!ObdrxuUH1Q#+JBMS3HHd!9t-PU0)J3D&_X zS9^UrRtf%+5m{a9N>j80cYrGBseHQw6v=mO4C0Y~K7}pkm#pz87s~zf&(!gI+)Hji z*5k!H+o2ef$>S{o#EFt%jmISz^eq{giZK|07vClBh&O^NMIV+xT6WS9Ws%+y5sx;m zT(k4#JA<+Z+cy%*?%l_azGx-zHg9e;fn4lX&=-P3_s^}{y45s|_ccr+ab*h&hkjIV zG2^QZ^tH&9n)in7C1sMQ`v`Tp-snQE7M~qWSQ35Ebkw7vq2Va^xLV-H2Cj?=lG-a?agpG{ zNK@xt7b)asUATU zZ8B47gU_xA1q)M`%WSuv&qxE_R=`Lp7Bthr>#G{_U#1@0Yq#5 z0@Tz7*~uSw?@L-6=h|Z*4_R*w41qH=PBV{4f+UG}T;?vwKDJimpE#)Zr8+^68Tz{f z_o=dYBZtf-^b%`3#VwIHfSMD7GU{`Y2eNo^_X`C7@~o62?rErgw% zm;tFE=LGv)Hf{?@%-j_4>h)_M$0gScO&TrAJp0Q$aGy6+v2E1}9C3QREezm58-gJ@ zC#?jNSHfSjB!6vw7!@+k_-s`2iJM_bC2riw$4TUsk-Su@G?k*I)Bq`~N_IYWpMv1q zXXHT(P{ZL^h{Z&kKhbe5pb~-K?CIWTqzGvxm&CTtR2+JFi0lmD^AtFz0SbJPH?E;t zrf-(<^Il-z+?qjMrAe67gRw3E1frK)@*BJCQ(@=WB`%+-VY#Hyy&n;nt} zqs^RSQN+PG;Gezz$`zabhnkG1tSS_!QyLl?(ou_HJN=7h9;47&UFN6tMABr zGj+9xIhe_PT7XO%|5O|XK16u6n!TE6*w9>hqw{!Ha}nN@W^{iGsxRNdIC2M{x^fWy zctfWwXzKfm<{6W59c5xzLgQfE&>r_lOwd-;}uBN(m#1+=3+0ccxI2 zBd>wQuOeDu>RQfo^-MBYDUDxS1l35zLNV6<(7CcZYT)V8K>;uq^w-0)Y{3K@9>hzY z&}?R^88{Q*3yG{eFw~tJnS8k@RO69Of14%B_83NsTDQgK)Jakjr|AV{(~k<86abOSRUf`oslRV_#j4U1p~$yA6#R5@Ct}JOW6!PkNpPqFRd=1vH`pBWE6BE$cVt`5z3t3i5+&;8 zK;S@SlT-HYohL?aNJNG`dbEaMBLmEG_INlQYTM)m&Gg1zZHFROt)8K}@Sginx=b-V zr@ef%eA=_hj{DfYSE@sdj7Xd4MVeoJ4gDl0ZmLOx`=jc6-S%mTjTN%T0(7NlST5T6 z>EN9QJ56;OP)tEh^b69Rex85XvY#hOdvo#?(`B1Ct@~0hPu6H-if6xb1Kw|h1bPI5 zSK!9f0(nOxN=yPS&_=}q)X3W~WhUptKrw6w`>uw|`;BI{D=Xk0vwVx``* zEo`^td8_W~tpH=JPeW~VNXDdjtf!~vDmt&CE%t=sOPv&WNlm#1x$ z-9`*^f0QtXuvGzvGzzYZU$#B$%z{by5p-U=&z)J-)7RJ6{Y)7#2Jpj!!{PJURlkJe z0Z59Ok4Q73yy#rznfG{$g;gd3o(fpJiOwS~oRGiip{=_->=z&K7Z_$AZB*NTgajfu zG8>CT{GWzU5$Pz>+?MG@au-wF=@QXQ%T?n<-Buhs<3Lb=isWV`20Xr^L!6=!s9Dv|c5#&f4 z0+%BlEL@C92$0yNY%Y<5JP5cba48R*!`=9PD1-cnZ^Fe1NW=t3_Ig@!1)hCen4zf!u%BeQxZ8b3wed+>k*H^B?V@$y&`!wVNM(CPq}Lr+o` zm-!Kms$u6x8dq^0F?l8mfmsp&q~j>)$hB}V%!Gj9y7F$_LEc9}L9EC)dE%n-pSo_N zalh|lTBFTL@HPUDTA>Isfc!TKqbEHHZV6r2JO)PnEg3C2GD<2h8*J)Lsr$dzODy10 zrT^ekTa*AQA|_eME1R9~gmGEiK*pN~mZxQ1DdxEF7K@l$;&C0!@|qf5TV0r7iAdTj z;B{7Vh;4w8WI`6j8(5QI3qJJcBD0jv)ckBwF1qU=ylf?KAZ0g-ia0NXSRAPAJ40e4<>jvH`JhALL9)ybd8J}3 z(A~bfIMPIFmyM8JA*}uJT~%+ykuqRx6Zis-Y7oqNZBYws34ia$1IEvhvd?|A)e%_S z;>+P(3iznRcz7WID?wU`#CTLTzOcx4Gl(&^eC;;0BiD<>w15z6NLWS;Vsk1XRlvuS zqjMDYgq$~^4MnUX+_T}+&`8Xk0rVUZ?EM++N#HONflU5hSd?N^1SHP(Ln2v1g5X%4 zl&-P5bHTc+x1ay$2^ag*;S#}UT)V{xVTV2N#tB!z5)oKZYQH-}_PQ{Ge?I?TX z!0`xx0mbb(K%5}#?7hqW&U)B)f+FiX8|sr$r)J~?@yz7nSw$`jc@Lx)+p`0d{Axs5 zHBd83$fC#X{fOGwiNV7Ylz{4E!c+Kw7+7#hpfHfJzcu2Ni2UautiVqPQ!?!mEqw}A z^K6mM+C}hLde`$8Ol92=r4XmXf$|Ppf{jr{u?l4}rZ2UV_`V-FQcoJtInPfwD}o`X z4f(PF;pBr#9eyVaH5?I#d1IN2$aw*p-&&FM<;#~ga2|dr;Td;0HDUV*2jeX{1z&gx zb1R9bW&=gy1(3(W9!Pjsawk>y%#O&F>%o3sMet9wYw+VZ$1t4?`Y7g*qMOIyu*r%% zmwCBzU6!XISClJTTKyMYJ~T%GmTE9klvn>i78TQAP32_Z5*8vu zm{4+ysBXA0NcALM?MW(8j@dr#uRQb+Q_50c8us*6i^uUv^duIxLLb^>^o~fU{fP+! ztByF3~jFX^`Z04jf(nnsT14BN2Fe4*Gk)G&T zB{(98cDIu2-c0-DemIwG~5bjCBb^mn` z3B=@**suo#Fih^xpR8Axg!W_c3tOSz7D}9+Aynp@E zNyR2Gtt;8Lt;MuC-Iv1|8%UG_4m+H`u^NtE>@;1GHOPn(-noIBv4|ofd5_`gNpu6q zHYoqV-6d_4mr32V<*7c-vp0$u6+_gn(AHn?L2x7rMQjIb(Cy}6n6K3&;wLN#e|Bc2 zZ6V#Rw*k&0(Yk%XTUMPQmk=ks6$Vgb=+jy9pbIbt9FG*8e!o9h#9~Ypy{Fa;bam(S zp+h?R!h<&+ei*o8rW#QOyO^O;(%dX)?#8*vSKA1m54*WpGq@gqEE2Cd#f;!9Ah*Op_@>)UcNup7xWz8( zc$Ki#9?rfCCq(H^bL;ORH_8WrBuGApfbIK;8L|<*i=ys*an`IO`W=34Mc)!Xkl(@t z38Gq2@H%U7D7=LT49cD&pjR$bjX1*pOA+omR8|1ThCo~iEM7EFZPCL#K#K*cACyNM zOtB9x#DVkYf2s0Xe%`lS0pE?rO)sKX?eiy=3K_9AgcU4EMXb6VPV&U#wZmcOu^t4g zx!c24()5gIRf0uW4NEi6)P-!S7lIdgB%(hUau<AVi4VpT#V#ZNnpe!Y)s zQ9!x=p(JdkKfugRC=OUa3m$rA_Jg2^Y#_x+W32cV&2;afF9c))UrOVKpe>vGyZ7%8 zW;T-(BQZPjB^s&um?rA%wF((ezQ*3>xyg0qQnI;=CfDV?`n4T5$r6y%1aVo=&J`md zZNuO&p+ti#Z*6Oa2&yHw5d2Fk&oECmAyJD!K9Nw;AM`9sdNVfhPW3o2PC9^2TX5dY zxol*{MbUwk*f*Qq=AcSj2^K=vSgA2^8GH$Q$ZT(ZnG1)qru%n7pAZ1bz67Dp(AQn& zO6kuPi7dxcaNs1eu|UY&TkXe`E3$R#R+0`v6yOJHulUFNy9V&-Su?u` z1>_GP{T3GQ#E<@skb`=HDHiL)d6_^x1WkiE0OnCh;rTw@?(%kMGCvlUU?9|qD1iWO zQT?}`_qUxbP|dPZlqXn$7zPF0R;H$T5MOsbzi~w3)B>c%0enE)jC=43=|AtCY(-Z! zUw8@uAkL&O zxGHeuLP`q(Qg668Xhbf8c9FV}2gIdiHJn~oj}J`fE^sU?#NLtgDh&4;!ekLl?mXSg zww&8a?RJ*`YQjejV%A>?KsqZ~`;d?j5+;$*3B*&l1b~wd*HmK=`OIWd0TOQ`1|zv2 z4Y*0@8MvXs^g^7T{JG@JS;B!6WJZ`qSoNJGqJRh9hs}{DggK3^|HfnL?Xx?74oW_` zL(nFA89BnoCxMqmE}&^HWG9xA9`;pi{`5F7(64C~HAFXrA|?goC@klO_YoP~?b1=Q zNNvaV^FOdw@6%E)o!B(ioTvUxcm-wR4Mdx+^WlFrpbuP_#;p{exTwY3@OwdAl9ka= z|8hbg?zJQ0&eBImekaGt5yjUnxqqDfU*Djt_4uO@65riR^M^1L-*IL6Lk~=TbCdk< z_>%mMe5rf>cUSz!tNz_6g#3)sx_{VB@>hKQpB_kKQ~!TDB@cuWS{qlm)PZB+Hv+eF zW5mqAzt(zm{3hHNzPR9} zNBWR7{LJB^xQcE3^T{&aqwm;wbMrV#`~hHO2rtWm!9dPxf9{JQ8ychBzIX4QT73mD zfB>cz%|!h9W@>#l8&^0ITms`?YHUQIoKyW{Ph10!-d{Takj+ErWs)Xz%ct!1*zo5Q zm2Og5brr0a1%jSpgn=9JRvLe{y`wySS+MjPlnG4ag@C>GVmegpsz0At$T?zxm56j!D{KYcz=bmG1iFklBz_Cs}Tk*my|KaY$<2;Qd|lz0d1`6-9q6g+S~ zkHVjyN=EanTRtIyiQ-_ce}3)=o~CyFpNo@NvRP%-L|j^vH+ehaE}*7(d2bmdvHp4B z_~O4#Ps?=ftc@k|@K3XYaiRim|NJnFlzo~&BXFKBKzz8|N5_ncD-C4cAIM1H53o>0D=UN6b3yid5V zr^m?Dj2Gs=2bx|_s8cM7))V=}E+HDXWfEgsK|tX7D=vsPyVl z3Z?m9GuQAydoz@R2KrN5%wb;F^XV7+HoQ8$nzC2+_cK2Z%(Pxp4CVU5b==EwB3D{O zcHR-`Y7Ck#db3fQ3*7vv!+X$7>Yh50>7Cw@P~-wVg?mIn#YAHC#p zT*#=OSfxJ?XKfol?Hq}Jk+`D4)0_$TuTSm4hdD|;oqzroj=0MrSMNW^>A1=~Y!RWT zRs7d^QJ*A{;Gc(k6FMXBKaI8CkTw+xP!3b!iFjB3X;({&Qu7o1^C*W=oh{d#tQ1Z+Ee0w!A4_dwH5X`>O zzZj9f&wl>=pId-$|G()|{`?gGA8>O2_ksRC2n+xFKf!?iyF&kWg?_KV|G!Z3f6ve} z^`?KO`>oYS6qs~%uvHsMP-NBxkSXUQR{G1A^$5u^IGvM36Qs3gb}$WPFV#IH7ZBtG zK%-LxI-wPr1wX__3V=QOC`R%_h_eUT-eXPh+7wrsBmW>5=LnKDzY2nsHl=^ja;{bA zJin#dk>tV=1BpbQ1_gn@RZb&L$2zU}B$Cxupc=GIgs4#x=nIx(b!QUMxglgPf?PxY zjT==G;<(Vh@O$@GBY+7&3RG5g_s_tEsAh+`7-1;z*iZ6%5rX@m;bF?#U-cCTH`!6B zDRSAtBCNfDydlx1==CNR()&P7dao`-p2!lX#(EzmR3rE!N8130#^A&ucMIc?Oz`BeCd&_>*{zE82|wMqt7TlZNTIhUgg(pFc|kZ00$mnn*bY zeeYVxu#qfwT^cy-LG-Q-9P-9K3!47RN#rvWqUQTp_J4H}-4LKtm<0XW52-`p<)=JN88 zPq>rmj1epUbGBlHk=Q3=WLw4%Fb91%E-gnoCmM|xEs(+{Ot6p4X(V1o`kVI<+KedD zs9z?Y!HW|uq&kNK_k}I6hkmlaPy1K6T$NxvH?AfBi!boH+>I{kZ z(sngFZYKf{LgRS_%tHG@6rrsMj<*gb<@JMD+Z<$}XZJHmor5icr1H6uy7vatz6Ux- zwWbf75L%BO2LLsAIz6LiR(JF$5q2RB7LEQ9qS*F#A3kjE=MSQ7cXB4@7!oKJdzXdB z5nOZpKS`3kT|@~_gF@23azvW0bRU=ciEc!iM}`zv?*Dl*%(89{s>^9Dt593akd{>w`VBGr=-9s;!+KcP;U z)-as0B`H#{a$ZBH50sLmHTg$9(-M<07=gAI3Ax^2zyn8z1Q(&#;G`Lq%x1oJrzoOk zi-Vd(j4+a@tM^2bz65t%AB=?sY6tHP(s+5MgTIT$eo~__)J?dg*6(Hv8VS_It$BOP_y(MgGyWGG3ae6=*?GV8k^K*dKG^vF3d zY6k%HZ5^_8?ZAn&mAlMYUaNnEEr4>>2<4+j!PkC)i@Mq#YO4?4pPbgm)6(-Z!$}rx z#pz&qy;J%Op-j++dY}RpglP?a;z1HJluT<9Vo?~x0}Wxh)(d=)-EqqVHzRrRGsit} zh@{=7vtZ3EpkXG;&(xYLmX-!MN~EY@Va5FI%J+%EmK=&rF|FT8awtqWgS16o5bZ+J z43!^j;7^QCp-@T-;?4K{HtK3C-%EOjUM`@vK$f%p#kmU?Hd@g%eL*91aa5jNDr&3+xAh`}> z>CL-9sxomW#1akQ{T)W?x%1K^pZEXF+2Sg;9k-RRKDj!`^|yjlw<|ya)Oel&*7#hq zSi}y}C4{V;`xMGBw#<-c{`rr9lp-h&rp_Du>Mp%Fva_(?5~wL*9&>?Y6cK(*AN1q_ zQ1kulzLNb33I|?d63Jatpw}cF^GPn|B4m%1y+l&lhK%Fp%G&x6tIC7aDTG6Z8BZ#1 z6hPh>WbU1Wu`l6s$@0a^&Wvx!I;%+J383GJxG*6X{2gxfffHNl1j*EzBRb}ABOD3v zYLwdB|AY)`#-y6XozjEh0UV6)3uB0H1lbbwzD~IwvpQIzX{R0qGgtzRW;xllr1n@? z=b4`(E?zKO{FlIn_@J)fsrK1MlGVoNpW8FmC$qMFdY*SaCsXqCKE}?p z;YGZGuub0VXy2fHPFVScnr`cy_zz8udJGSAoSkKvn3<3B3>%@Ydhgk@kt(Lh2y$|u z!y1d0j*d4vKGAf+XWUZSFfcyOcBvkHqL#e$^-Mn8lNBY;cP%4h(o&la&C|%2jNhU& zs73qtSEYAXm$AH}B5fDq?M0N@`uf5zUydcto?F3!i7hQqO1s&^?hHV=$$-XaoR2=d zeY+G{4F!C2X+2siC8GW+rI=ymN|q{A7guqVd>Q*QH@wnbg&h zj@v4qzJ23>R)>Pz(6SZ&yPanw;84D-?OxB2rS(f@IE914O~tzNyFGrYW@U@>&I z9v!KmUt7TR3k7UlP4V~hJO1MJHcDVn(06zMG4Ui<4n{_!W=IgIQe0hK>*jlVd+FA! zS@WRx>({SPR#i>adH(*Ii<|Hi{`d0X&y_Su+m3=FGt6vWwrm+h2&`gf)t_m2qo(Z) znt0K@Qaya=;K4UYwNhE58wM0)hfRjjM=cUTxCEL7smScv!;85U@~F#HZj+Rd$S*8h zg62Tat0nLsPQ=LXhg}>Wg5^Au{`N#>DPuxs$cE zIL^T3wqiO|qC_Ppvj_+XB&Md`@bjZ`s;1_O(^gwsn_peM z8dQ_}g9j(BzubQmef`tzh6OP7f&55otG?0(ruz>cMnUv~_@0i7iz{qg4DCX#Y0-qj z%^viE$$VOFt}H5IJdvDy-}BnCT~!4W_%=7n4G#}npwBvaoW#Uc@blY5MX%v;@FJg4 zo{9!67p+vWJ?Lc7kn6O@!^1;x>sF7XBvF)WcVS%}C&>TH*47@Op`q2ks>Q|I=TQQKA&NKf3YRWj`V1xI)vH%KtZwS)N(7)A zKr#0HC<=b05?;L6JTkf_*IZ3gb2SzN=*b7KievaDKR;q@dr?INBYF{Vy6mZmefbgs zt!0=P`I4653f7`ELH!z(h z3Sji}moIm-n!g~4aTA;Iz6#|a-be~9q2PePWpk1S_+~X1(2fhe^9*pu1_lPyE}k|O z+`PFEH0l6qu-lL*iH(oHmz9u{BZCx~7t)o)YbckGiiJ4Xkr#rq=8|<}$EblT<9A^_ zM@HnaSd2_eQC95zcu@A8m+q@<-8R5I(!b}~So_D1FO-yOeSO#hV_T^qTl(CIBFQ&%DjboUvmQMrIIZab*pjzA!N1NNW=g^f6EahCKaPo5m< zYg~hDdLfD~)Z26GQc-=iFAh%0%^Krfs2Arm@JR2)D4UCESC2Pj*)o6(D}ZGM*RI)~ z3q#Yj%9lfI+KWgt7>k~h zclX-0MM#OdL8)(mEEcC-;yaWmuj1hFLYZduq}};5XDDcY3C$oE+DB}|xG1}_8`<=K zS?rGHYya!<(s8IFU%pg%a$aBG&DE9iCKpw~Zl6iZ6btl>KtOx^MR(N=oM39>)YQ}t zJX&?Tjiu#v++dgk!!FD!+w1I{Tl(D%tJ#LwI_Md?m++wha}2#BJV60`%{k+T^c*tg z5Rw%^jB^>?Chf;_kQ@J17U~0^P2xZ?-Ht$xjk|YqpbO}V6)W=Ly-u%bJ^mGFdljZ! znzP3XNTWFNT8N8_@a#ox`3NuU;`hUr>acNs|4jF$4^(i1D?I zo6^%Iw&-TEV6Bc%+(-Lm#NTIep{@di4k9>uRwXln6@@5{8{wQQO2Ri=eZ*^8%uZQD ze#e20DgsV{7mFQf$P~nq0N!bJglVa(yJ2(@rs3t6moq>u`OT76t*g>b<;al|6lJPu zYYS%1qF7}D0c{28T+n`}9bf`*ocD5j8F!5T3)H2~svwfr8$cKzf#(y7Tep7w67*bn z1DMJZHVr|5gx$~vL>}94q_F}*;!lNjm!rHMUn5s4T$*Ut{s|YNg3JF#8Weaqnl3bx zyogpz5j^NR6ol@d5IDf)Zi=0rnv&DYJ3FUhfRaTw9cydroY1B&eRJ~w{Q8F~w2QfQ z|9))cRdhNOTVw$e$j>^UiV8-l06`QBji?M7*U;nCq;NAJDepziEFdVOirXs-m4~EM zOLaR6FW$iTYMW1tpFo@65?BQUtMNk(rB`PrL_rd`LMbA|HRpu)7Dq=5B7oq-z=qz@ z?AZ1>NLbm?fw6JC`yA73jU@);a1@885S=Twaw#mLD?n#8_HS$2+` zKV-Vpg=VH-V$aT^k9ay-`7P6WavwprXRhrJYd;2h`qfpW=UBBvZgw^oxfu)$S`zpT zfDlKJ6cdm#v7(F~JxL*iJM?Uz{|hEYC89Kj=v-*5C7d7zr$;W{oiy&{TJ5NF@E|qm z&7$%^ET*jNiHJ8k1wg2!+3CPD@MCruh0(33zt+({(TLG=$}#HTm5!NBq}}lHqJ}@O zdU#01&TcnxMIZ$Px#yfT&CGI>F1v17@yz;CS?Bm>&o;08P{?Ivi@(NP)}USOB>g)?Vd5l$82 zInk9L<V7JK>?;Y6(C$~|{NhWhr6HcDOF$Z&>qpM4Unxlvat0HRoCAmy$`(&l{B**{hv1YRv#`8M=I zUvtC9hZeG}rM9-Vq&}(1GRtxDN<*ggq3`0v!oeipSyK>%4|3&-8>%4jqZ`sptjGpU z{$Tdt35z!Q2M;=S&5Nx6%K-i7zsjpY z#ZhNKDcB~`X*(vK;hZDzY}7SfJSpn9Rs#6!2hVUWH7Gc^4K`~6XPK&T5ug&-pX+GK z^SUfCTw0_x1C5^EhU~UfJAGQX_E%SzH|%8u2mrUfUQh!Pms=<(6ct&K$Fs+o3$cFz zq`lhh4f?q5dk=bDTJgCsnyuKEnw&8#gWB=q9ta&;;T&pF>;|k!)%N4Zk27$X_tCua zOg)^{xh~Yet^+I-cwG*up)blSqMJtXA!^*3n?HYE1?As9C8ZSr{Ocrsp*01Xr>;dC zOR9DKh!k6Z%-(>k?G8Q3jIqcBGOg$u;;CIEoe_@-%v1^AaE4Jcy92?FV9E_d>u2%a zZkga~Nz-PG5zL1lPn-p+12w)LU5Yl>rlQ{xNJ9C(>->+^H?0;qy(PB3wzdV5@_oP% z3j2%U{V;@T1K2si311mV4C%Qg-NEF&pVhs#aXbP}ef`Fbiiw{P*%5~fM@nTPA|zCR zhX?bkgIMe2`I9g(1qB6(!0;8*z0mL(I*$zxGh692K`(XPS<9{t9a;?w@}R4q=y#d- z0XR#~$|`JV;8K6aLN)@cfG$WD^K(vbB)}=8U;e(B+=bdF@5f~Z9Lo%JamAMAF;Hs1 zeT#%$26-Cqw5^cvo1hEc_XLN9`J-;*U6qQ8ihKzRi5e?z7NGEh9ayp$g{mz*JzHw$ zCI$^KFOwPsQ`GnGfE(+jrMU=!oMVECiTQ}R71B~rX^T|BYV@@}bN;;M$pk5c{8f|#DQf``2|8*=R!%_!ATG`8|t`T}9VMcz1F)nT^)LVwe2p8P)<(=qx zWw(6c*5JDxLApf89S)Y}reG}dHppH@R37f2M)VU$XP~34P5vFl#4MY5f3*lMDtv~N(5u5J9&GB%&XxR<2w*0Fz*V<&OHU*K%;J83_K`Y`g8a8XIeK5t0SoyJvjvQ+XZw zphuj1jRm?`GXB(y${l@LsTvzu*H!PXMF<4mbU%u}6bkbwgk(Vbi50kU%$GKch$v!m zTf=Sxef_1O_rNTHRXso&WnYn6xy!VU1*Mh35bCdI=6i`enP!G%wRXl8esmcXip6Ab z`178805gT_AAbG%h3;$xi0~8=Cei4M#w}OG`)OewNRj;-8Z3Zy$H=|LRms1*%@`c% zHZ*d*)R=jE!0B-@f^Sa4PnkA6sOUI);skZe`|;-h1nUuJ5mFY{nuOSBMqAk2%!}e5 zHT#)NtkGF04c+V^uvmC#P1;gfBxg$w>ElvD#*eG)4ph_Ps6} zkfk7&UV#iL_bFXns(Kjx0KDL{>}8^?tgM)X=@HQf+yqxy0NHe;1@za)U!KZPADBjC zMh%Kcd&>eMli-NY!&cdo^ zCM`W%dVWmqSh8dZfwZ4LF;UE#bAbxXVt3^6q3m^CEC!+0eCwSvg3ylO?1)3JHH28L z4%Xa*KiwAxmmBrH`YFc5tO3ynRCzy5RzG|YAjSjmOs?dnySt~ei>IGoki*BDcAmqnp zW@jO#zv5>bgdbHneL5^+4zZQcjNM9UY8M}C|6t`91O&>VC8Z9Z2o6O!`*m8XyR-8w z?kB1PT+f`uQAhLBrPjK+za#vg1^;lyzbP;yU+s2rKq(K&meOt}E<{#dG2)&uGy6W3 zmOg(|vrfcHOc5X z=FcE;pCNbc(Nj#eVuo*LtU}p+LS^0QKubNK1z4wJYP^zGf*8)i@-U5XiNpi1kbW8y z^BwnJ+3$GUXboF_!zuQ@yX`PoY#0sdtQ#}QYJos?UmOSxWj|ClZw9AyQmy9v<&0un z=G*As8M}EXpB^O}>!%6C!98AM`kIyN?`4e^l= zC2RqrZ=|H8sC>daxDoLyMj3gL{rFw0N$Fe|JFpvSo!ZCIa&m<+R%CTAy9!}s!;O4j zf)qy7o4QOAeSNmh#tj~cT$Jg^{TH!W@xkMNX&g_OuJ^s3u`9r(!St=@LL=M#s;d5V z-6ku*IlDbfO0u|~u>W-XQERCrof9YCV9L`IO*OT(D@IE}9bSL_{CQnC4kGjbyeZX> zeQwZmKi60_`t7r#A36EYRGst}?M#Zd_P&oEdzCe2*v{|${UWjbXcrtK{%-whPYw(s zyx4A{0QkS}v+0iAyEB^nuj^w^U0@SY4_jJ=*iO{COT(kx@gXQ^I3j`A7ekcgii%pv zrrj}BqQKjUDJiT~{mpp^BQxGiS04DghY=2b@7A6Ti(>~qXeUJ4=Mn@G2{m^6>EVPDwcKcSe=Zje`;aTx( z`gBb>!QMf#2Xv1gKc1MD7EGNZG`-e~6QqBX?)7eaR}3_|AU_{EfZ%fz_uCYt9MIJ; z!WlCHAB0=a{$ulL|JUX-VvLa3ch#1Idk?%k6d{d1Aud!YNEVP0-^K|E>pVRkgwd_u z>3*SnzmxSj&(Lz5QX#9J*P&+LTv_AfJgs z@>fQWWV-s4#9rwUOUzMD$vRSlRtJj+EgidgDq@i+OzXf9(=t`mct($C!-^kKQd(67 z>UdMf#pk}LprbKHKbd1wxov%Y36(SYp}#PD_BiJuMt^^Qw>kiB1zz`~;9oLZ<{|d| z41K(WloV~|5##F`LPZFns7AqHZf>~twXksihA=n-uf3GnK3w8G$& z3CY=kJD*dNRGTr4x&Ty1#8rjh;}%1E@V&R!4`jrCJ-xYb1G4OhrWdXry_HC#qc;I9;`OmI0 z{GWH#O$W#bUC@|4N>H~HaFHF^I^}_zW0^`X>m#%Uwd)ZlDs(?wQNL{I(iNGHz@%0? zIO9Cu4h-CI?3e)89G``yzu@b)c*Hs?alajDLh1Gwv_17&w8NVMeZ#u%d)! z+R^ly)Dp)cfB)v|*W+;(MQ(C%RLAW@*nT$nflkK37Pp{^3R`h&~Lv z0526!o#MjS*Mw@xl*3!jy!fPQHN?Wo>QybyNHME?ObxokABMF~=j_>aAcu7?)Kp%` zS_;ztdBZu);1efL`rMH0=BpO3EG<>uvGf?5wcExc-JkcRPy{GIThSnDlnx&bdIldB ziHGPCKD|a zXL=~;*J|33b!ciiIx61WZn*@EC&Y!vw=q^{RXN^;_t21Z9c0s}F-jMX3u+}qN&jGE?;`NHNDVJ1 z!@h==&={ktnH?6>?J~F`Q7FjR&_6%~BuBiAE!>t{Sx6~UmMsS+F3pB9XSEAD^xHQP zK5c5%5``Tj)29K2gw`4B0&=+F>a?PgTmrK;J4{a16tb8#Wp9c#nojxr^ZyrNSogL- z9`;FyY7Xt@$y8g|hnr=~T}>}tTKc90eo%Zu@~x!6!$*$_;V9O(Enl{*6cTadQJ$1h z24H;7In%FL;fjRdf$Hc(Z!>Q_FThZk^=+|HKn}*-&4|9=Os~Zd(>PHRBu;6JQN~h0 zh@snq;rGJB6RPH557`{(7PUZARa5F%n(Hqh@O*YoKT^%qwuO$Cwh*Pv@>!jW^I@hE zv3hm>>2Pgi4PlVJ|NI%F8LV;~PI;ZE=uv_#)$O-PNlBp%2R8<(ij9Kv50SE^$4!1_ z>x=tK8eNi)*fEA3K9zoX5y`k*y($4AT?-5#_MdFgWh*NU`$ovski0HLqZ}dIaI}?2 zy2${s7xWOQ_GKn#7`BR3#T=Dm?58~|YfN&)j*ZiIwz1(kd%FK5e{hf#cyR5#T*^iNFByUg{!Zl2Os zVqF@i!Owih)P*EFs5l6}KDwt%i%3|OHm-%H1W9082Z!lpC-y5SP$4O-Q1fIH#!?X7 zA3X5UlRkcaMdXv!dF?=)4nivE8O92z8FW|hciDKoTvyGJ8i|rD`M9EeVYE6#`DV;N@4TZRE+nX=!V_4rf<@SsR^w70)p~W_4VGcG6;`@;=u}BOX-~M12IW%ZzC0hYv{z z8|=rCX*d8&(%RaJNPlW_dU`z~aO8ey5=8I^1qB7Pb$s^m!h`$X-ZUXH4y&>lB(av|$&#zcmFvbDY z@2ce_&fi`ZQnHU*)p`^>`l1!%jG2MIN8?CQz*Dnda zckj9QdA}R<1%lg~eXjJa5tFAAlrA_J1y(oUqHl@Fnf zQh0=3JbzvQtdJt9=m&E8J6sA)uL;ONCU1k)$i~Uo!$Wy+C11l(pR(ZBwvtZWnVPKI9C&K$2AtwKra*0DQWBEQbnLOGr?W z?ocD;yq#S}#FJ;kvmkid?Uiem9dj@R?YO`!bNO}dF@4h2P zj(l$eSBvhm?r6y!=X^Ru(wYX9qB?8ljo>VlUG{X;B=C~N!oa{~EPH-srTVkBW9sVL zKz@Qn`da@r?FO>8&KLlRu$G&sH6eqJsR}_I6HetOIO?stI%+?U$8~jeEeq{$ma8d` z78~a}OdtT#BOWlP8~FJ*S-+I$BkCFC0K5s61Wuy5Qb>G%O~R7Ds66}0f%${${)^TN z!W_RgOhTgDi3}_w4x(pEOUtrH$2g#+bVchr9BRWZ_>}u-EOp&|JEp($>GY$Q`GIyc zN85$;yrJ7F*ld!6I9Cvc<~6XgH$EmoHc{1~qx4!?S@{f_iw_MJ6&1OWnPy*4sBZN0xJIz|YW}iYza~n7i)YNh^@XE>~V}pD@Qi&v*`s(0F z@+u_f19nY^`i=OHB~p|Yq;R3xU=Ez>0ey5mEo~P%y`xnF*C}uwI8YMcf+00}sg}44 zd=fNM6I0y@tbM}u7>G=Ayf_%Rddo0r-2y${iJgaK9OZEV)qtEF6)N(tA=>=76L+t| z0Q?9Q*g=nK#d6;A=yaHWNG+G(T}Jy%AaA;G;Q~-Kffh&x?1z8XnCrQ1t4dbl!iA@m z_n((dn&!N(HU$|$to}n!e zQNDG2d;L_iUG?x`)?S{@zCHpg{L0Q58xt}a)38!gG0WZ)b#R3>HEF41m&PHtcvJwi z9Bs1hlhCG3N4xDe2@0;N0_efc#33iS!kF%B#mKpJBH4kD9=)&{KX#|Qw3G(G1k~PQ z3fgeBprU>u7au0Qi8F9{nAMUn^bNwXs+!|+A~+02cIhaX_lp~nQ$eK}o;&xx3VDz! z>`hILA|l`l=>MRE;=qt}C1vFTq^WP+y5$Ok@fXWvVf~5 ziYaopaKz=%Fu!5d73`SiOYLju$Ep5A__h)b+Tv##LdWtf+x;s|qT6q_A8kPXOkmec zHzYye>A{f@FhL`;QvLyb){t!Zk48Q5YrnHn;yeD=LGt4UPr!;%kgs0o-;IzWnFq0n^(1ibxR5X*>JGpVqEOi;pzuu71UvI!;tzu`7O`1e%%4cZk%D!2oLav2}hu5`%Z!kc=CATTW<~zo| zkp{36Q&U6Luxu`asH9*+qSvhyty1cVjF6xSs=heUwe`t zia(XXS33^^a{{eTs2UaHUcOwqh>RjmsXjm#(0)`C0R>^&V;|kW-vVK+BC13Kd4`c! zq3JgQ6O zxw!av=!)Yn>iS|HV26WVXul|I6$ytB0tFB@oP@T>?STz38UOwp+R=G&{|~g|N8XgB zY6FwkfhA$<)~!PhEjl9Cw*NGG$}HcuefyW%QxA85edj_$$5q-SQ;8gvJ7jYgt#YHH z_`tU=#|d;Zg=CY--AbIa)gKrh-Vg9)8W#~kA@B%??pzn;GjKVoYd0^fuAJOrIP&9? zJ29zS%>>~YdhsRvdLGt+K_(H%ruzZFEhn_eaUNT6?O=Nqu-+9I)F2@t5dp*pd9ap2 zO6Cis1Ife|m0l=H-=IbZc^;i3UNbX}B#RBblURZQfCfBOgx9%lU(ny{fDY0B3@uXj z+S^M4wh`kWQ$j;eUkoUN6tCbhm(;AslHeQUmsk+?P(JFxo^{EIiF^0%rC{Wv$gzay z&*ebfqE)l*8&PPQ4j|*-Yk~n6{>bugn$4%cZGrk@hDk|1bJE6UCv2vPORmd2sckU) zg(-UZs4jm}6+)6iQ2paY1K{f)nCiF3&u~& zUb@Z`Cz6QgC9FDbsf0GV=&eM;4vjKyqIqX!iMI^o*a`@L&)05gKPQ15jUE+%L z0iT2fJJwk_V6vlPJ;8~9;u!byB5rzmIxl%q3vMrDhTtgh!mAc9S#q3nJ0IU-{2h%w z3IIq=x{<`uG>NNwQYvl^#5@8)?rnq-}f-)%wS-EC@PMH(gvZViiJoB(xG6`pwjK=2#R8W zfYK<9lyrj#C@l?#P$`K6(k1Y&8)KOH{C@BC{{3=Y-|q(pIOjRfbKm>kd+oK>wlqY) zcWG`rPRYpX{TYB?UW{trzKv5h2Z!Zly><7FcY~&nMs)y&tEHGzz0RulHQ{`hG<`rm z0yuTuspv2Fcm-Sn@7d4}%`&s)%X!U2?Vp4XW&LK_E7Y?%ZoqG-<-W7!*z{$Ww0R9972#@bDryBB-| zZBOR>`CVajOgyK92Q`+G4TVna+z*n1a*MIg^60s ze_rz^2N%}{p^+o!Ku5XdRo~^r2Fk(%yy+i3pmtX&Y4s2h@*Q3d4PjGEUn;GtmubaZLcV|I67cCi-b^|_z}=CCwqQjMaFjDKfx!2_ zer2Y)^|0V4Q!{M)ewwrYX#}33UuDFDRw@4ID zq#tboH5?7yQLc3xE$C_2E_0yN6vTWS6=?~JRH)Fm8?pWiZ zA+See1djNEy(7d{$XOfn{9j z-tk-Dr-;djl7(&;%7sZ>I}!Q!$Q^__Av0$1Cj#vFzpXgd4rCIDRgBdjuI*(qm-oZ~ z#wIDBw3cP{kU4;qxoKqdj>8K~s(L`+R@@MRvofr1@)dPp2F>^+Se;E=Z?J;%VILP+ z+vvV_aL)G2cw*p;EHH@ zM(8BV?ML$Q76#u_@}X-ue%qzo^-M4@B~W8;T~tMD zKXKiG8Xi(uQIUR(nlIT3=3{^d9v}Re*+&`|NiTMq=QdC(=cEE6mT=1QtN+ zumLay5$CO|Mi2c1l7SDGV4$&^X-j!oSpl}_6Ia(46-|hxYp6zgki@)q+f!$gQO`@- zPj@=)mBXeGAiKz;NW zg{|0D(FnG&D5of;fTwkYPo}4|m{bWHP|UB?Tu)oNEwkA=Ar6`NdLCcs>Amapp<# z@Q{Hz5S^W4*Z1bpUFYiRx-_>62R89MB-Idb#t-0G0yr&;4?qUeErmn%8q!jU&xFnbjI6i#B{pkm6!dQ(`@4vyS552D z^@ycQ6QMI9^%yAT;3XUffQ-9xC9P?CaxxGI${~}^2PJWUH*=sZ+=rzIvbPM+(=j}e z#<~FnyjxVzj64D)qS$c!k*Tytn=y}z=UdbtgqmIx$p{a@ZMjMKw8X;cKq8jpC1@-U zBm$JTg;etHy?ePRG(IHiD{f?BD(aI%iVT7FMX+`7qqQXfW$%C(>KuI?A+tWyCi%~> zOq@fcOb4PM2CwepX?LjB#ZLm9pU*PX( zVSnuJ=Ndk&0oM87e=mjYEHmE z>IEHWdotTH@1D17t*f{*9JT_B=WjS&G2kdVFp2<(6L2FKDeLW`7JWqQ24ax$}D--eQsmH1^|5(#oGsOW(ciVHz~fCF=xaD!%*gBvu6W$x@pz=RC={oUy5_?7Jc zuUbI%8B#cy_AWKUucxG^>l1Zh48 z2M4lm8f=*+Jdd({)+qSCLjJ5{=z{c@^eIRljX8$2NqbmWb|3~96ck*$cI_sJvKaGt zZFq<*k;bQ7AmcRw1QIXk+OYkIHiVbss0@WAcssT0wRW29ZQ6M7k%FDqx zbG$gmM6zsA2N7heOrI5Hyuo$S5oTo-XL;7q-OajwX?0aq9>V&5;7GZ7bcBJ3>ir{5 zwVR-%;cOx%%n(?tL=_{3lB;Rd(#GZzmWSS~f;0hKMufm;(Z6hKg|%{gNe%)anN)Q7 z*d&_Pd5AXzM9rNAn30E-2_{+vm<<@tOJjM%umvtx zBqj54O^av+|q8g4_z12Be(X{vJhP5Gaz6rt)X zP_O&uWzF&0bRbmTN4}YZKSR2_mz%o~I4FYkEsSAa@$kv%U8L%S^SANysrcr+d<3Vp zI6vNiIkB_e-MS;(hxKB8zA`b>J+NV1Fq3Rc}OTtO)?%4=yVYX`X%ynrpxO_0%yFK2Kw*` zB^Rwr-OE#SMAU&KzP9~C&Y-*3VU{ z@K;!nHPh4g)K4K;fc#J7DjnuwCB?;JU<@78?{3KyBtv|kj7#B+LV3T;45kJov7-+5 ze(vh}4e(6vfI5&lB+j&12T53j=IX@x^H0B6A`?IbB&TD9To8%FMsVH2OtJxA5tN=Z z;is*9Ab3QQd8gBNpXOo~X}?z$S)i~(w6p}U^!6`rRmDC`bJ7rs8^VyB&IK9*KOhn< zQ&;s5{-Qs-L$=HALYtNUDfRuR?y%~`c+P8Jp`pV3gk*K}VHH+090V8%EB;R!A1n)$ zNR3W3?+${7rUYyWdhr*z8tC9um>ELvfwjt9R#rCJU;ML0m>@Z4#r;EH@C&ln*fNhw zjEs!T!!_l?0BxQ}|HTWdV1m0wmB;*n#fULe+xd)JUOl;~hW$m@SO)d6pHdw`%hY6w zyXXi}B`QJxJm=H$(3p`v)c)(Aj|bnn3q~b5W=Yfk^sZG^o&i`%AT=Gvwa-JZ8zBxR zXFhb~HW0SxS>EAZj(M2|O(|=UyUANUAgz?XmfFY2k^aUBRNK(8mIf*o$mfD$&d!X+Sl)t{U996QUBl??FlGzkL+N+EQLHoylr~#x9)y zqvAaC0vY7_38pPLg}{|&pq+f*_VMFQP%KxI{VrPwmquFBTEUU8i5$MN39%vvw1=mw zSEQw;vQ`JqTv<&MIh_?VC{+G3dLIsRcsAZg=fV9U|Ni|)b#(Tk6R{Kug8Ifr9P=9v zOe2B-2v!IjgcHeq)MJ4t)7hf5LE(Vq;c|k;?!@l)u8ccMswwrZpV>tq^UlHw6WqhohX&?|yQcv_|0Xu??+g!vAUF zdX84zkApjbnS=giXs8o7(ih<-U7x7W2v+ffpr9b@R%z6aV%M(iyLIapV2*|(ku~Zd z!o9(gp4VZayMo-Be$`` zV0L6ad@Q2B;JbAdP`XC-Ls8ra8wYL>CqYVQwU7( zaaaP0K9CUthsFYY>!T#oDMqV>Crd=7rXB__n*c31c-S+`a09eRzJq2eN}OvjzOf$I ziZdAF%h>U82+ljSgbp3RugH+e)UA4q7*g0)O-!(Vl{v(PwhgmAZr zuKE{5+4w?Hy)K&z4d~euXU^RG`)}G*ik&AYAqh= z8ND(4*Z#Fnq9^f*;U~ZRxe6XF8U582AK;LRMr~7u)p~e$@8#e)j@}iTb)dN~$HM_x zW*u7lY!(}Kt~-cefZHw|G6p~YOYmkqkO&wN{j%+-F~A2#ya7qf2{}HJg2u-Z3a6Eo zH-X#ij9s!F`5tN#w51&JxG){zAvrNiO8Tt0<+_lRl2gQT;_G%~7ifepLWozw)I{t8 zghJXoaXoHcDt8{N9CX;Gr1T|Fl|NtbTqHX>r&s~GU>M>~KSWNIS5UAVzYh($%bP_} zh>t{w0t&JSAih7{&uCu0ycAt0Xi(mOE7TU)>gfU{y`CN$V$~g}(4Rhi8h}zBN0=iV zYQgmU0D#R!?KUq8ZuIgWg0?_UPagn%_79nPVj?fvi+8XC>nMj6f_+pf46iri4$HobiHWYPp3XWchI2#? z9|o7wIFNvCLtX}X9{F9^m@K!ucv@bbf#~!hQpe3F*MrDRN(~gQMAZn{y1s1-6tSd> z3Jz#dHE2b#dNph=52TNe7;o5i;jc>BK|?OCscSbXziI!D<@TX!!gKw9O1$F&N1!Y~ ze!ynIyt9%8+&5^iMF+0zEvc{H2%x0gW)rs%FbUjDk%22bd%t(;B88=XfY76iBizv2 zE=KeO!-l8c2geI6K!`^K<)Vp56lynwI^EbwQ1UC#!$MLNm)lu=!ppj~PUp*Tm_DeK zo4;kMG9v85KWPz|%Q_WSbJU-Jp6>E({Kx)#%?tk>B=*1H?Y{uP%I*K7)cZvvnE$4G z&Hps9er~Vt|7-gD|1jVdUcvF>0>_6k7=P$Me*GkECuDRac2;94JU}rc;>7U%jXz-J zJ@)k66V?j4*Wp)=-`|C4@&CNbdG_tw7lBE0%Nop*Seyl2u|GZ<@#@8L9MAAP`uz=8 zo&G=M4*&ibv;S+o@xM3X@1akuKe+(^p}ze4)lBbdK)gCStg&?M+9zClSr@Ha$JTB% zKKLZ3I$;sxue&g^F5N7Wwk}5Tp3%Ymi>yaodA>T+%K;U_J7An1NW z!d`B3_}3MD|7OIss`OOoznn+9Z@zhR3~ACLD9OaaGYY@`>!)~m-HrcwBISG8rX2d3 zt<)5*%+3vtm+pX)Y46?5{W{T?T^`O>7IBy{&s1g|)NQkPedVgb^8p@Rx8SOTLz4HC zymVDu(?dEdwK_d?BRw9j(AjnO?#;Ufuk&W6Z^z68P5XG~-7r~_<>&C;%&yFgE46&) zQ(C#5NLRZq?6+a!?ZTyz@uj~TG>xBMH`!M%%lY{anw+_!va(tL(1{34$c9sG<|mo| z`1wcL6N~o!`rT-p-d4^oE;X>aI=jMwYMySur@Ewk<*#3$p;5cH7xv9RzH%7Yp#Vdk zTLWNK9&x$CA^c07QF6K_93*~yeLVB8_c#Q=hr9>cyT%i5TQ7)EJ$GFE^~*Fg6_5Y* z4sEFMtWhi`7&QwN-+`6rKVPd{7GM1JFCH8E*~P#9MRPOc?}a~91>jPF#$y693I;|- zL1<@w+A@*9VcJQ1bJ5Q~uITd-buq%aqoAUQr-w2l2m&i5=h5NeDtSfq zE38Seu`+-c6X}T=IukJt~(Ee#JXbRkTU!%D;Z`go$2IPVF^3Vd$BmzVri8x#bjBq@H>w$i=A39VoYXFECgF89%Ay1V9 zkHbSt+UHOpWJ(foKs9K8|2>v|Gqg)Mm?h%iuk<84J3F`@^2qRjfE-yclI%KgI}Wh&i^c0#chkIy&87Bht}piuXb=Z**G{7=!?CAI@{80BtL`12^b95gx>_+ zAp#;o4=rW4^Li`wU2${FsEswU2A7oFpbl4n&E#wHm#(-HP)aI+(s1PSIr6^8Tr>jR9{5wES?h1D8;WWj1?ibC_0tY$=9xf3Vuh-IhyO<)S;`N@e1f)ILq zhQ|mm{w)!Q9J(>fEIC?=4yCG;Oly7Bm^!CmsrPu+$GrNj$?|4Uh0G%K9vWz>8$_Uudo%7m^8A!xo;9Lc6jwY))L>L}*su+wI+F{lN+=VlS4(EYJ zGsd2JXz9OZvBGXek{8Di1B~Qm@VUBLm~e$6)DG2xqt|++U^HZ--FotlD(ot!y8rPK*Noo`3mv41I}L zd#Y5$d#^?-!|Rnev%|ORc(q#DKKOxOo(vH{-#b~&mb6%lPsoy?&K!(e!N!+{r<5tc%G}*ug7&{8^R7`3YtZZd?4yd%>2;aphfmPxE{pj;x`5| z$_t{V;Ci@4o`YfKt>AiGJPM{zJhMhw1IgN5Kt9sRr;&&Q=eGhMnloR@Pe_?g^jmCj zy|l>WaiHoU!SxV@mJh{Yz&1-J+TtEs+we}3&ky9w_TfN}!A)0k_QgBF7(<8E93}!d zL~qZ(8G*3v;Hijbmd4VMY7#pCUo~u~yu?qyL#x$xSP}zmvtJ7VSDwg~?SuX2rOATT z7)6|ozPtAPt9cmfe65y~X5GL4gKXa`WqpQ?I#G`?KwhqU?*>3H3DZ!S1LSa{}&4PF~x`sg$ug%`(oG((YUUK+0`h{>P<$M zk}2vM0XCB&@NfAO^x0KRJnx3aVDFMl-$kWH!F8{CIt6R5r!K}nxE^Grt%q;Cm3;+T z8)nq9NyMQd7XTz0T#p?b0s0zF=;2|8ZQG1l`CzOB1=VYMZ%@xqbZJ$c4QnFYF&sye zl@FGDC_X&2&@d%aUL@kcArXKnNN_z+VvtUhoq-9R2d^-=9z|#vBDIGWMub20@j(Pe z#6~R_OV)G<@D_)305NH`=}X1X!>hT3C`{XkAFe0Rt;~ z_YQ|FqCMVAA`YFVqLPvXdN2nR?>IWDI1A%CK#=6fN3&HOhlPh0Bs))ieGOTY&`SgW z`I_G5^V>fGEK(9TxeqzG1qpM5RnF_rUM5~TFiywF?GM(6{5$Y}xV(83u0gS$$W)Ilcl{zD@qQ_g#p7 z^q@hlzAFxJFltqt4RQ2>CmoK0Z~iF0QRCH)4mF7R@${69wY!jg$-}23SgCdw@3y*T z{dFL4Kt2%LQiykZTUVzDWHynU)3P|X|8{hY0Ln#9e=AoM!x`XGtoc^ZP5lUpuMdGUOyz%*fs3%C1wrtgWsD;U|yV4lc7 zUtX&gCd2Kkn1z&Zu#%02yqCs88spP{eFaD@j5hJtsfl$xAd7-}H(Z_V;P9VcR`}O1 z9|X%I6G4=O1%Qja|0>;Rs()Wly6Gf=N$>&`qfBG~^oy7LdViXmEVmb5{Pj;Bo9x-q z7zW6ZKwy_g)_Hy0^w$sZjSqP?Kfe?o0DIEM$U)BvPb z6?135g7W;|zZ*ci;Fev>Ps7Nj1oRh5eFYT}I1aePQ>d>S3|1XF`18H-zt?uZTzD}V z0G@R~t@VQR8lmM=h4kRUc_KQe7d$+g2#z5{uOKkSgE4&XC=wf!@uv%3JBPt}!Cm>t zh`D|zqm<)MmJ5&jfSuMPymi4ZU%NASV_{@3(1W!EldyF{dg#LC6TMGp(LXnD!Qa#9 z9AEHU7yf{TY3+jhvhXK2PcAG<7ycw*?ZV1(;ZOem_BI(!!i#8f+}U|+qF?Mt*Te`_ zzCjI)Y|O38=4xty%2$+v7dld-DO-r(Tp<;fC^!_!Va zg4&AqS%bDSGlsNu{QkyTFD6Cu@`T$5jGH|DxqSt-GongaPMmmN&d*sI{pMKP z^c$`UwK_W&wZ=R*rwXNk11U9w+kZ6&@{(5rmBWK;T?GY^titxjUy_0}>gIJoRl z?&_^V?Nq}ii%+-I8yX6x4L-aH8Kah7sA_Mgb@$vnj*luQ^LQ}n#EHs=_|9Q!Q-c^Y zOLj=f+4P~I2VK2g+H%MLp0ssyWxLETPG{I?x%bbUl$d}VEBk9>e&W)}kpVfDp^Fyr zCF;thkDopMx6`+852lBP`ie?;T0)&pbqv&%G{lz;o9l#GwTRd?+GbHHg5?xOu8jj# zl=PtqUN=|Sz)IP+tjBA*tfosgby-oWs!|5NS*71FDIGRXH%~03Fw?H&={J#YF>0s` zNiuv-F)OApu(9s%-)XFP<5WwQ<+-AFDF=qk^&-^s^GijI85t$Q!`rFstj4EKTE8nS zOo=(%VYqEum;a=fT#FHHf4_96@o&qX`$w{K zTi8dJDYtO3Mfi9&q?D!XG}gX?|Bg4*)3XxfuZte;dQS-qtmX-Ml~Hq( zB1(;2;jtDYYpZn3nKCTJt3OHJtlbh_Y{5}BloVh7TX1k^OlW&r2DNYFD~T4&jZWKX zEGVeB=SgyK&oKNd8Q9nl{`h2N#cl@;Y}SI;|&yN?~e zR7-UG!wmK2RDmJ$=4f5qi|Br}tybx-g3%|UBwP5389gN=O#G5d%iKWh^{d;zep9!Q z@n$>jO$=A;XaAs~;gKYnUHdT%14(1Y< zh?LO`yzcMh3W=Z89oQ6Z={C>vv7{MegQlq%c7FX{ip8hF`t9=e))%>8Y}~b{xZEdvpYYnIxR*{<+y*|S z{2V1#Eqs*P*4D}QLm=Lrm$}$f7v*h*JHOGOu56N#@2ZvHq52SWs-AapaL$poIeqmZ zb8G86l~q{Hl%&LB%A!T9{F6b#n8={^s?IP{qu)_JeNsHxV$|HoYc>5jpM8&UXoy!A zRm!)=HMulfC;M99r(yH!al>^y2P%231X%k5xqJZuq8TFy0N00D6Cr`E&QT+U{|H`-? z-{5PlkQvTUSJL4xT~(tl)AlgK*ZqoL^6gt{ZpkZFY`)MkHonJLLXz8f&mM38)}#g@ zAGP`(uZ*qhDs6|7n*04Se7#gOtpnq6?eQjNX3EAE-IWtVW8re0jGt?F8(Z`#O=EFe za3o^KAI_$77$@u3eZ{_7G2Tw)Gt~1>_GQ?0sF=dc?1Hyo@w%{5!!u(mLx-lynx2S^ ztsCp{yJAj`2Cg@I-v=ME0eN5ADWQOtxqqN@}o}+_Z^7z$VGuN^pPNV25G+ zfKr5@Vpl|lUFX?5x=)@)4w)->OeSuv=|CE;@0lDas95JS|3D8MU{b_W7ev93OdMJA z?-$say{D{QTejl8T3n0ysg~6%^d~Y5<5Tw-|Mr`=1AjlBR_d_38=ifP9sV+Xu;6KO zULNj~2zmeXwDGf8DrT*5&pN2l>gsOE<^IXu8wAtYjRo1gL@lDntSAj4y{}u$SvaHK zjIhv_kzIW#n>j5_-|ImVwfY`OG`u#GbAA=q!T2E~^RlcQ6Y~$|%FoXxyRl_IFg35t zH=tC?cC`ugmKVK_d=s=dIHlg!U$%pB;_4pt8#hW2YW~);N}aSV_l=KCskfxuTHG}( zdG^&l;XzMN?JPqx#<{~3ZLH>@;Zo_eXNIchK7G6VFn%sF-mS6BJ{d1`R9Ts?Kj;@4 z|0`>_sX~&8ijM~lQUy#xUdL9xdd$OLXJoB-M4KW$)tdgY&X)4}0J*a4Yq>_&za7?| zetLQ8ZCp7q>RWPt=${lkzN{y6d@!d~BNG3R<7?x&{&U0T!k7$=WfCr~cd> zU3ErT?iPOWf|+ijzux-SHy0gohmPDnY*7}CqmP09kd-N0#e+la>;8MWJ#XwAt~C5c z=P_qX)suNFDQx|f9-|?>1m^E;NJ@QlpMkT(^^RDRlm!Ved7qpUTn4by>f@sd#(N2&h2CO(47(ZK``6Jo${zd)Q7O zJ^a?AN0S4|Y2N#nE^9dJFgH8fNwKm#Z?V#A{IE^=#FW>7T!c>yekbK>&yAH+)82Cz zmMr$!wkJxZ;k<@XQ&-!itf=JV;ntY=$>mF*WlKkT$Hd!N+jtvy^$E*0tM6H|#4to! z(Za(m!lAsnf8#3=W6If9#dhkMGOYK)i`QZ&2amKw({I%AOP={wk{l^w>}}lJx6#0e zgi_@ezSc5%to{9a54VQKk3V?y2mxc#9HFiS$13HjL!O#@^306Bf3j-g>+po?l=6ng zK%;@@ja}5oYsT9R{a>8R z!|?LaYR2BW4VAX(Y3gFs^o>rK)PO zYl${quuELeW~GW%xmq{=doQOv^X;pJ_emrzwOtF620+6}c$GI{pY`Lr70Sb8|HyV*V2*P&Bi#EK%{ z)zkDOS>4Pph|7vHsh!o>WvE?v(WHcORnINip(( z+gxJ221nf;SG5Ig$F{f@eEM`4d`=7e>2BRJNbB^{ix45ZC1+XIx7TOy+$peYPPYM) zqu2j?ht}XAgMdlFMErT3Fv;7?2bF2@_GOuotA1^-e|;k_^DofrpP%vU(CGK0q4`*} zmj1GwCl_;3Ndh}}dH=slV)E-p+>naP-QQ49zHDSXnfI#!W>~S4SJl~f^eEr5WevcZ zjxJ~?{CJCMS*2%^nws=ei)ku+HnsNrCxHC;t(&U<_v>3&e*XCN`TucQSf?-i!I7QE z{`WfOf1%>8Wvb0$T=%K#amZv8ug9fpFKAePe-TN=qko-OGvMzV9!o;r^cR5vd$yt^ zzq#C`U+vDrZU3ie79cJm6Tm(T_BkX54DzgJ`el++@}nN*-N#^|SrSsk$fs z{VMbSBIPv?RP935uY)Duzc;^fRUySjAna6Exi;uHa>CZf({0%P^LIz$>%!ff-sBlN z+O@P4P=Ph+&Yy)BZEbgL+vZ(aMeX;a?Gaa2e$HpC5qYJ!rS>W7xZIEB>6Hn`xZNx) zJ>VdMRxJy(ug^Sv@#4kwFdhN~2P-!@!1eup9fEir&9J2O%JgHqhq# z(+tuB(7|Cm_BcJ1d}4IX-?d&C8V{{tq`BGofTRvG>`ruZ0pS0hgNYn2Y5uod8ZnsM z6dEmwxa=9K@o4>}NAkKhXey1sT}!zU=9JMY>E?zmU6!dBprDU-&T1;us8i6sbx^75 zF9%^fYt|c;T&pWJstGa>Y?dNxk^t0#a^p=nw?sn&3V>9bA)hw@5gyP_n@y`EVe6e~SW*U&Wm;}vVeQKSzr^i@xqh}0EZqTZ*i-=^MQN^SQLf7Xn{e3hT z>NdOzK2;RN4rklo9W#p7(7UT`J3cxlple;~Crpujg_!{`>WO4C1fE_Cypwal7;+gv z+810pvC!wgbOeM5vOrTY0ur)JRp{Kk&qxXINj?A^K^BHl?XWj%`_WHbU&b&wOUf5)CgKWZjIW3q-Knv@VD!9 zjawAJf}ZpUT3Bf|Oh$>|BUWub2I)iAU)oC)!Jn@JIiOj1RWiV7)4e)b>tLGRi^o_4 z8mZ5Qxihk$ukM}w*_Q~oH;;-{D;-HU?sy}g=_o#;&`LX7VDzz!{CboA3N8_>j}A#OL-JYa8; z|4s4$Y28$1q21~^!+9jHsI;^O67v|*Z=dMWVC#_{+O`4DPX*mcqwE=T0QK*htFA|a zA1LWB(tKmPDFkS0LObWL5&!R_-hv1zUUvW9u5NU1u30ULOsB#%kF-b8(d)JAgWawk z_=03yd*&m%RCL7BFE^nWikn7Jk4*0 zM+34{HC!nO5u|}?ZXx}i6L;Y^@|56N@cKIqCZ!n-LNoZr6c7G$VHG1*B=Y|FQqu)a z$+ZeC$-qp4qbF@UaQQCGCqGy8cXcWD9(I5FR0p?Qz7ft#?!Lb2!G`D}TBC2s`Kb5P zr$7u0Vk!^CFbT9dR#OoUhDJtS4O%iY*R-xTgQ5Uqr#yWMK%@yrZs&aO-Z{J$19Y+Q zxIl*ij74>{MFp;XyxA=`g$2Z8(XY09&z@c^I6}5@nd7c$z+xlJbMBa_X{Ip9Z%Fea zd5|W61u}!kLS~z@2s{0LXI>KWY6J{{&rrDMuEKIn6%-RiyxnGN>#*M(zO`-BKmVm+ z3#U@-5g^&-<2+36^E&}u9`)pAb8q4XjH^=5usnyxNDVZC%{d4E-i0wHYQWvE=}3!< ze}G$DWOEi|K#mlNN_375CN_PKXxM1Bq}8RfFEtgBxzXL*=1NQOmic@9(G{!>M1_=E ziW4kZbZvHmPazADu6q)zT*wzpD~lYePJJXYb(-`?+d+uXZGxPM+LD=GFibu@TsQkG zL>y*qG4mm&piN#I?x|ja7SXy6XbhR6`P%~~S4>hsDjoychA!w`g+OqzxgcY1cA5?B z2+YY-54GC-9?U1uSa>l!&3dy5T&=N(Ba#R8ios!lFh{--%dsP*fktO9wmtov##KPw z^7clMIiGy6F%VI4t_dDd;KT5B``PsCe(4Tmep^_WZbNHSIFJM1jlwOBn1IFOF#F9K z1K@gCpk2oNg4I;0DLj(KM@M;QUKRGvHyI{&Yu8RJvYby0^5Go{eyWp)ZM)G z6}7bP{KA}Z?4Y6yY zZEmKgrzfl?Lp1Xob+Og0p#pP%{=9q5IGWwz=vF#Pn?&Ek#^^;iL%tF2IT|s`a=^5R zOpfazbKa|6_*=g8>(bn$Y!NU$jgFdpBUD&Hz0v8>XBNfoBK#)k;hs1-omx`1<|aD~ z!y-Uu3A6)CkN(d5#=5qwxFn&sWK)}dyqK7w^WCooA2%TrLD^5@rGhRf zxN_u4f(dZwZ46>&U`Xc;aF4Bf!b2m3IwoA<2u4~IUKj%!wSt{|G{|>ZSy&2U=Sulo ztBD_JWE}T?w!6*W19J~g|87Jru+S9UlkmjritA}^dhJisECd;W9%B^1xn`rHlQ;!^ z!)84_8Z~Hi%40L(sk%yN{m(1>&O8fvLb3}`xwF3ANG4eVufA5IR=!r0^7=?l)s{MN zPo6#AdkyxYD|obp`iTmzH3r51Wl-@yxc-(0R2}F zjQE0GWVO{coZ8lKe&+@I$4Ml;IU0jtvZV6U5N%~lO-O8rGc&rs^)){oR>i}br5#vzOJdrC8zl6a+fgVPvVIHz49zu>+0@d)h4W6#Xt zT1ML4r1{=$QSX5At`_HQM+KR8Qm0`f$*G$3D%oywYN`h(eKp!IXCM_5BpW{kAX z&9o*m&xLp!$%3}*o`jP^AIgM8=3!SH7YRk>X#2?F5b6=)q6xT)wHysXKbs+1vptY| z?b1aO(+K}(_gS<$yAi$!2jF(;`XgYom0AZCk>u<9S4GC)Qv8GIFYvyjl;V^uS`I5f z)S0n*%S5B>V9YLt4I6aI{it4thaK?2TcXb!;A`00{XiA zUHrzooF~mjL)F^+x=YIZ-1W+q8Eoh-GLiblKh7g@F*gs zq&Il5m8;^o#9amntCxp`CcqqR^Y#jJtdY5I18AZ~g4rZL1wtm~;d~rQoqq)LmlEdC zw3?oVhF{QvOI=!2SY32>;|05GypYI!iE%)*$k=xQ`n7PUhVM_Uvn=e{7sc!;dH2xP z7NmZNsz&ZwmEZ+nisdQfLt3{>;$_rrKA_lg4MFckI!njlwVLNKP45`kTnRIPhp9N zw?kxO6%tYdXO6J-I<6x&m_o!1Dvbh8H{3K?9Aq_Urh=f5YA}mm7r^8^aQ@u={kd_| zaYMr~y0hoQOD8N7wWNVY%mS-|sf!t8*9ZmS$Se_tX;-b1x3o;LhA{D>G`~SaOePXI zSR}z)H{@I+Yd9NJ-V=(QR!sPWj~MKSxFKfIX}X zMPqYx=s4^+n>{e82_M#I+C=~P~8@f?aD^ zJUr(?6qLn|?6vd%z6(*NE}buL+uAP4U5k}mwoF$1UUPGmE|L;I>C!JS0IY!(eFWP5b(W%~pAz{AD+*5b#MKy_a6T7saVw#`;)N$_vpL0(my1Ri z>kG4aF9aJxGL;4$o&D@#5GHZ0b=df1-&R?zgi8rdw;I?LM)(rz2Ex4)bRmqc<#fzy z!BJrQsASt`R#CzHB_{;6K28j*TB%F$%i)1U3wCS@b?O$rs?I}P4H;JPVyZ|Ft1&-? z%@6`~lf5)$MMagMx~=rzaA7m9wF<(ZQBY8NP-#nDf@=UFWWW-X7~r}2`(KC}Qw9|o zO7R{HDf@sOC$FK=&qJ!^v`>zkdBE7bp>3&WNF2&Jfh z?x`ER0aaSeP&#o3$Fw(gaqOQ;IcedJSR=O}5Nq@xw1?hSCb1C8swZO1PlJ%{+M$Az zO6J5)V!U7*h*PeYob)hgOPt&DoyT<=Rx=+slbd9@`8Oc8-bLsSKtMP&W77#G+#Z#I@0pI`;JD{4cwX@T zwzQfm1Z-Sq%TK7qK(DGmZXVnNd@t@L>hMr=(Ad&au=#qSI+K8D&@nMp!I29Y&tjJR zmQ@=fsc+hTw{7d3w7*m(5C&eOChF*ca>4#*FYtdu!{s0i^4krUwy^D|6WXUfH$K;L zj(hq$2Dgd~9$uYqk(HH2=&f6|9EQDH579?K1l@xrnTBd#T|io~KHVZlOjSwgS#;)@ zisyi!fPe}DRVBiFWWpS#7@vbkHOgP*5LR#|Y_sGWVOkK3kyF(@;g4`az%c8Ad(srw zfg8ziS0nohMdR^CemE7dVw&l+T22d>XiQM)BP zbRf>H*^sBs<_CMjNTaODtEJEOi{WT7YqXFg_)qKHY%&<6S6M|wMK2%#S0i~PsgUr{ zyPZ8?gJzZlhi8pp16X&sD~@0tt2lGxs6v)X3Uv@T&qEP#F*EZKK!edD_81)`I3AsY zNWZ$l6Rjc&;=cHDHUWV&jZRH@5bFJaNjPa)YXjbK5LupX+Wi9agw!w`hs!584v{ub zOXQ{Z$&sEK3F5K}8KwIevWJ>fntG$;UgTTnAiUK5(8UcigI;hp>o7MfCb`900+$iM za`u_b%Na88fjevB1>7w-j7^{=_7$>{1x`aSgwWrZEdvy!={Q+gKM+1GFpcn_ptqHL z@Q8V758F);`_B;dBCss4(p9S7jnlKP1tS71yLXc!>Kx8EO$X5TF*zX&+RR$33sCaKma4v0D=GT2CObESNY}e< zZo&!2n|#~MJO>*$IU;k>+ub;Wr#{}MBOnq4MN)LaBafk6*30+~3aJIl?V&U4Y42CY zF{F5-mD709VF zwQ+c|i_&YBHGhT$Og13)ic#RU6N5@rAOSX;YPbtGbYl9&@4I|}|Af1%>*op)u>6a2wt&al`xlii4wL>FM~WZ)-}lu2BTvm?+QL5($Djm-;@@U z^6%i)l8H&(>!?@Bd7>voq^=_X00r%O)Xd1r$eir-uGug*TM1%s1i{=`S;K3mqr*|n z_G0Q;lG?Xv35X1;g~yxZsOwin=|sfLfaVWR;a$b~+1XE#*MRumgL@q|xPMpziPseP z@dn|)fAxek)eMtTx?%QW<|QVHp^fB;hMyZ8;09`{ha-bz-oj-iUYHG06suI)7e1Ih zS!%qc5&p|Eq2so|NC9jFf_taLH9HfG+zMA=LUtSHwmEXhfKRS}{+mrIpjC2q!qhD$ zc#n@pf93UfoPWh9UV5e@*C0y=3%9k~P14&rWGpK?Xn*EIz%c|u(j6Swji92}+&Cfl zCJlOz8q6vmdAnY^I%Q(q6Mm4R?{+@Y0Wq4l#T;^ea%($2w_b35^r#LCHo<1xsF;Gh z?+cFjYJ><*#yO2LY#U-$iQ@;v*b8mcpV@a9C+Rm{b1U_3wa{7d#~(E%&*zf9wg2W_ z8qzvDMu(MqZnYgKnXiUVsQp+eXHK6+sP+*{KlkDBE-M?G%_6)v$Z-r@Vtg{S5~|Tv zl+8op1$AmBE}GNeUdx1DccC>+HjZg_`HX#{(9wkfm&i3k6fW`dVU5p!=KV@$(q~%` zD~Zq_kxuw)&Jx1j)bxRgPSthD0Tm;Uv4s!4&pt^Z$O1XOaVVIf1|d{ZM+(#dClLm+ z0U+xq&UwKzAP~0mFYy@i?2+4!!XqEv3JTCvbj!sS7Zr_wgWZh?6*a2n)uTU$nJztn zPRx~{T%R4U3zlHS+>bEGMWEB$x3w4C`MRBtgtVrt&xc}o0q%Mgq|qy<4f#|P`Q^wY zZ`|mue#ZuAkxg6o#TA+&;(UK!0PcuuqT6m?m3EE_3#)*VLb2_|K-vLR_OJu0hHNx% z0){jjnQteS^1H&~J4PQMw4)u$VkC+ryD?- z03Mij%#%1iv)hGg2HjW|=(+NSO)$TRm=ToSJU3A&>eKRjF3h#bz6JzkRwJ*70z|52 zR^11rN1|dX*95*rKpV;XahVwz)tCuDZXoc(5dB-wfsruiVdN*Lq7p&+0#g&03O66T zfTZvR@^O9mDfHAvfl2diWgDy?=65LSjBxYpUm5mqUD`cBVLH+_>>t(tpQyT5Pnz$^7G39lV@p-P!KnM$)bt45!kw(3@4_ z(W?)bn7U(%=f))9iJ7^bYcOFNHHp)XXYkh-a1q3j3?gW9ksE`>_cQstYR>gk2&J5E z(Y{>#HKYehipZgnOaeZlpe7X6xZb!ENaYIZvGSgFXKOsKI$w8W#*_ zCx`)r&=IIdhQ5BSfYN9L<6QNjhIEvsKrHc`oMCOp{Bd@lpG?I~oI;`>{pHISHk8lm z06wZDxHE%b8hXB)luJbNK$Hx;0wQ`uheF;~vlUlEWIB3qw_ZJsler4hAp&rYM4)YQ zrWG(+4SY*x{O5)p^o0CFCK^M7g1+3_<0pd%Cw2jYw@s1Y>cT=~wY0G`>R#+zdSsD! zMr^ojY88mWBY^S+o0Fel+qDL+v6}e$iHYCH2lLIta7QAsPoPYjg8xPWM(6F`wd>FW zH_+vQg6RTuTWtqO8aHnU4vO6bPF-j6Lsaw1JPY+DPsSi|)ghLo>R4|e;mS_|uNozK zn@?}HGZ37OnC6^dKFmuRBfjFx!Yy7 zSuO^f-sti3=Yi%_f%B|mFl?-rEA|CPOjo_k_k=aW$|RZiP5hoi7g-Q1T*qaYL`|CnxoCv@>Y=s8*tez1%R4K zy@sp>6&P6&Pz{A4!eUN>1i>!o=;{XS#|1erWT|1>m~Gs{%PS9DD!OV;8(l?}49hsN z!I<-t=L-m>9TvDuKp(~CaEPiayn6<#JR&Iz6oySH@{tHsW|4^cjj?x$&c*uky*&xA zeau^&yT{+QGBzwyK$4osjieSUY74EUu#gau!RdpWPDtV8eUzUHT`8isgWAk-?h!nh z^vnH(rN)ihhjx(Rnk0r0O8xwyijDzd6O{a(a8lw$1qy)i7=k6wmf|m0=||riCF^4c zucnf7fOOwrBql&VcgDS|m+U-9-A<88_zMOSgIgD zI$QnvjqZGKyG{NAvF;1$=0xsd)e~kdhklI z#(i1!Xc9HAApH~{Lr_ZFqn}&=$!I%6T;vr%es!f$~7-S!H$&ZYu=3N81z8q~$=yUpe?_ zTWD(?VCr_dTxj^LyLYwP0Xz~?aU?h0xSuy&do^Ac=G4~sgOw`^%l$GZ7pkHSnf+`8^u~(IdQ6aZ(J>XUfm%4cIv8Ii#uDE*0ACTK$8YpXf@oIc-PPE~P zr!d+D)=cjN`S~uyLS*1Wyy#r`1`=n_nx1lI zKpwvDEs-2CNS}WaMPNLb5AkT@9OuOWD`tytLj3T6C{ynuO_+eHxLff2lXQ>ZSW*mM{Rlqi554Y8gp zk@&K0$&;&b?9~|R8~%dp2U>w~@Zx;_Q8-u#;7uqG-TiMElryap39fKA8-~$nBwx4m zfke#P{2^xS5_qggxVGieSk4kU0$(xAmLTONd(wVAvY}?LT$8NCVT}ZMxzM2Vy3t%G+?0E_OBMycS7~R|4Om z)e>6(WR6ORIa_*e>c>dLDm$H!29ThA7xyTpaX41d_J(F|P&{tYMs6fEa8Kw#NG!Uh84Z!{e2iZu~lI97y%rR zy7hmZ1=>Om)RiarpmOIjTgEAk(S^F_O2FZutJ={%1n=eggf;wd5eQ)qeyLZSnyeC~ zf*NMKJ#q@Y_IFQKm#VV-`R5U!G5qvGsEJS%zYmWq%J}+bh4X_4rj~OcE!6X50dK|n zd5dy*WgO7*L#F-3@Vx28Nx%PXWZKPh0*Y!F%5?Rv;OmP{5ccZ^5=HLW`$be3KUTtc z)MBq?F=-*qxUN@*9xdyR9dB4V0eDY6^H7ex_}BIg z$PH1_9UjeiQfB6r6+4}ruk`@|^Kr(QQsUo;lu<&7=9o zFl0KV@kb9zEdv7wBhaVc{P`jMdU07~M93+x+=V4G!3o^UVgxW{yI{?V-+vDq6Y4W# zjxyL&i{Bv48@@Q$6pNjU5f=US^>*o-8<>McfIoJ3w>@c?*5%7Kn-V(_S^^04^Z8Jb z_{Dtj(Pj^yp<=HpZ^q*x1(M?goK4h=a{Wj{H1>!ln%YR-_IVccg7}Sgu=aXE_^pye zb3`ezqiGI(A3)zp_W)~jqhh^bStfcPHN}P5Ax5z#_hnn~C!y@o*Nn~;W5bB;(H0l5 z|CUlU47<^Wct`kAc~#xlh86t|B+1V^!3Y#(pNH{?)FZ_zy<)S0?yl>Yog%eO zPFW#R9%pR=tG&7T_In4geL{RqidA#2B8G=#?-82#cw36`GOR!K&{=hy0KUFzfBX(A z#u9|XonNX{xf6vipQ#8KAmOpo-}TM%tn9@RQK}MW=P2<`EXQ#4tn``dMTeOS9P{(3 zsq{etur*S2THOI}f+cfvb98Kig24T|QFugkkIb*HBb-kkKfbuv7A-ek>N=frf|y~) zG`vNcGD<*%zkXxBCgCUl{?)VYH{O$xw=);>Xs@U$S-Dli_QUZ!2CYt;?@Ju*? zrk{~u-PIMVpl)pHKISjF8KTfYlWyE;GepP3yi#ypfXVW{x5yPPebMQ8fQZ19Mhg@{ zT_Lh2Aw69<+C1igiwm#mJt1^VBrY9()7J#>q8l5e3UJ53*FzXwcz}9Q)g36r2&&~x zp8+|!J$m#=>=JP%Mrb1{=6jg4b&M<}u{&SEM?tTSmp(EZEe0?66ErW@I9Nt6f`wi! z^K}|kQY6ki^BD1iWgG&rXsal5Z17eBR!n-YPK7Bl_~`PXQd_;dtd1W23$;uQtiU`A zqy9+jNE>e--nf2!o9VcLg(c$mZr|yZw%|x1I2}Q>Ftf^ll3J|9AotFJtNwq$y%sRn zK;<_wp&pPa$-#g*0cwqe7YyID4@iXBbF=B6luj`UA6U=K9E~8ThkTW95H(6|TJI+E ztgm58&>8cAQuEL3KwLlOT1xyzlOslEYj>4h#%iwh;Q%{rv>vv0$aM?)i>o*8%c-+Ee&sI@;5j?Gc$;m z3w?-Biv`m+*>&c_I3S=cT#GYg(866=s1l_x1F{I0iv@9a5z7tS6)Jd2` zq^CyyRefIfA3d@N*EiUN1f{C?3IZP2BV{?V{oi+y>1@hir=Us!7f%N={OH4&`eTxs+D0-*^iigj1`k&Bi8~vFLgb9BE!|TYZ zc$FwP5EzdP7S6$f?l(Pwttnx#vA9UnlzE1UCE$%DT|hRDDe?Ko;a7-OQ5dm2STBm` z3Dg)omyc&Ulxs?84I*E!_Z4O|m*Z%AxcDPd)d=9De7;_&XA;q4yOHhzhrG(i_aoJ> z3M(H!{2 z9p)`Vm>-32^G4@kf?25=XVwJnCp1d2x@+RZhKodgw0Ob*z@jzu2(xCxQBf=fGPrnT`v4^sRrRBv)PqC&+JsIFU{Z!)dl%yYIgHeeLn1$|^T|uf5isV~){#AAM;5`k;vbd^!XAU?uQANyfd# z6HbLj9sdAO$%79LMjVXhy`UR%bM7a*C7S~xxSH}>4Dl=YF=dHU^8?f9I(q`5x$|3? z9tU6=vBmW%S1(=+@cq&UwxitJ_H1qzEQ7E$lhwyibyY28I#ELCw(gWK5OZnt_rj=R z%bGPWxJOJE$LZdV`fb)M{d|Ea_&ACOIs(~A{v?Ruj8SE7>aZuh!eWggyl%(D9cUrE zIGBuW!$gM$*%E-X^H2mq=jT#4H4?iG$K_VIJUN%e zoIgmgHYyA$>=S7yiZ}|3Phy&M0>lA!gd?@bLhlic(UU|M?Cyghiw+I|8d-UjMpkMA z%OVJ(-8j5FY_*W_Wq^m&)DOaqJTXWtj#m8B_y%4@La=qAS|0?pril*_dd#Y7LzMwR zLo`q3*fqKmy!gGkt8$CsgNzSGLpVi*VDglp{F~9-(Ia@_c%1;Z;?Swd%g_fW@ytM*r<>wNS@L=Nn&4 z33pr-n|?aGQtqD9(CLk=e@Z@OvG9WGM)5#U2y9C%jKc|qFKK#m=HZ=y2FoB7(ow@E z5ky(avipiW_a1pJdVyO@3lGxTcaZvC>92ba0BiutF?Zv2h1f2rcXZT<3aR|`UXDElk>#6Fij_!GAf)m?&Y=u})yR?cj3Ms$|dhPIZdXKY- zqjnPel9(4{Q}8h}8fkXb2CxgX=xTiWQ5-97IjXRsNyprBT@Q`E#_ajauslHnL;;x~ zbDCv6iU=kc1^}8%Oi-?^5@i~^fe0Np63E1QZbL|Q$4tLF)-z+}xkzqLoF)PqQvCxs zvPuDWl>srf6V))hxM>Al!46Q#fukO9zPX}SKFVG>jsM?n1K&*KK$Gh1A~KzO>&_YL-i28JycUu zaIgPkL<2Wo#)YFRMgb}wF~d)m8}{#q06n8oZ;Y`VPQ?Ka031v2LG?#yzlR9Z*Ya0#^Dc$_s zhe_f2*TloFe6s)02h~39+_1Q|BiEv;!V^3#PFc;}*zf4=9f7%e-ywYtC$k>Frt|k^ zAa#Yu3u&iNH;|e}WbDgpnUpto%C!g^3cE74mu6)1p{%w|asCc_FeqOrn39mc^e|V~ z+c$6C0f!)D0bXaa4CME|Q!Vv5zzMD%E<>*yS2yp0R~qRt15dcZh)oPMq!V%bsl{~& zzc>U0gss%ebEbZ*zFKGT-7KQRPwwc3&6~A>YT(kM9*=ZcCWLg{{MwO`1D(>=AE6NU zQu?mD;^S3JSKrQ>(=TP_zuW96|7LdRc^npA-_wpu3z5${bIsuYQFU!Qp zb4gf>VjRXF8N-cpASgct*DPsh?9Sw3uB;ZY2zNmvtvkw=`Q!^nC&`Rdj*Cx!r7_>6Q}vPE3sgm$glwY8{9X4J+{VG7xO{=CZU zIsGtOkOdy1*--VRkYANWjR1v#@w|NJ%*)0utgOF9W<~j@k%P`oLPc6$%%cFE9?$R0bvw(NgX$0EgE^Kx!eyIka z*PLBeP$Hxld7}b(+tAPu^qU$oQR5h)L-02#jGU z655Q@Bn-On6Bh(uby<=#FiBHg3K_iz`^4?;eU*}4>hJ`DW;bd=*vA(q&-J~VzbUVJ z+Dw&JQtv`eTeC|=Ay2Ec$FTACbL&hQ>!|R-ug=wpLnw2v|IS!6Uz7&#-33n5Ej@H_ zC;Xi-aVLLnAEhr>AbTG`ozHIh?SXg~PE}I0AqzSa2;Z{6C&sKja zAA$=M8qMM?dNVlPz5hhR$Jz2`a!8t=|el??i{Oq+ZA`r$Vl#| zo6-v}M&{{0-j}Oi%6banu=}eUY|#BR(>}j~F^oa`veZi&ibh>-I!D#_?%gU{fAsu$ z*ZL-g1S3R*i}^mufDWdC9-quZ6)Hv$d3mgjRavB7LQ-td4;Cw4Zc%x~_5`Xz_Q zJjZ!ugOHmmEh%}fdi9DUmz;d1NBSMV!kx>zcRtr~V$h!Iu=ea<->x=Nm+DP3wHJDE+Xhg>5uQ2dx&bG@KTp;0O2F%`eXx{w!kCBgl((}i2?x>3OFEw!8 zW6*LkS^4hk*RSWrB5ieT{UP5&UuBSKr6D$vl2%%}<;kW&S^wxaErp%WFXYOW>RjTV zoqWs5sZS#$MXkwQJzmUW=<$ks*0*j2dW%?Y{n7Ping%Iq2bfJ8P~WfXc4XkA>tazh zH9p=GMj{dM`=LmM&MR#1<{8Y1R!oe-qLtlfzyN;c&V7CtxtRB)DE#7NU_Q6I2BFlQ zP4X6odw6(+LCcOXSCJ{LW9fNNL?`%E8`HeSYQbXRt&dqd$P=$9Q?Xuqse_z0f=7R528|W^+&NC%aM3p6~*K|lG}z-m9KwX3n>dvYS%M* zPPmgZAgCw`ys%`+l6kQN1pxGPDd_M7TFW6UTq}9;p_^L>Xq{By9>B7E_*^JVxv6bBAfJ1TifSy`3%0%HD`pDwaoYhAbh~a@ z*RL@SxNP2v?famG^AfMsiq}G`QVKwxdAVH;nW_*sw6ed(${<(F_UY3O96U%okpuhQ z`j~DAl7I*bPWA#(M=xOArFs;;ZIF2wYe}H10l#vX-W9{pbmF>S&5tcf*6w*Vlm*%E z7SwyVK}K3Vdo57?q7A}&!d$yHsc*zF`zp3JcbwV~tm0hnS#P8sFdN6VlH|%o7No(3 z7paH5IDMaNo+zca*{m17<*!^!c(B9bFrQW{ua5LS`YB$}ebV}km|i$wFl%gQ!cK{5sk={PVGZ}I(7>L@O8 zvkITTR>PhqP&Zkf&4Q@0EjDMdOkg$V3#s(`O%g*5)oXv)KqD0~`Ys=LX9^}pv|c+M z`UJ=GN^b*B*@$=376?B@^hw#(g6tDLp^=#L)*lPdgHkYj#WMt@Niun&4#&HmK4>#n zU$X$5JUug<$KR2473JboD-~;2C`ZGlr)Ue1pcE(u=G_;@?yl~ZQuZdop+F_~gq)kQ ztMe{!h>3-3y%e7}y@C>(j%b7|jV-&qG1ky`J1WaU9;3M=tI-^L_39-sE*2`IHaH~+XjuqHBnIrWUkFQS~p^@ zq?mlI?u54yo5=4UG)`Gm`mN`=uD9)ivA9b+z$a>G@E{5VJsnEs+`Q5d_Cl zoi}@%9sphC;vFmusZJnT(5|Q<{})4`7_(o>RLRzx*6&!F8v%SDV{kkeL}beP!2Tl+ zEb4YZ?#a=S#~~4J^rgDLgB>(hG?6~F6U-IbWLO)iYQo2Pvh`8}cwM#P^UJ40)nYo% z89U~4?tWNgvk3>2Z3b^THWKc zS||wd)2+wamz24IjT&(W4!s=~a4$@zD=?5;1PBXd+=|9az2nF%r6Km4*N4)$da0#g z*z@PoR7%X%Co@rW_10b}WLAu9+hZN8KfwDXpucTa0b4GR64x9uIQ121c)&Xf-Xvu> z_l|P;YJJQRF0JgFBgA51X7D}UC51C)_eT{tKc{D?Ch0#!q1TPf4r4wRHIV~ z!S3dc$i#`zq54tRdh<>n_ubv6(bd9-k}S>H`AVuNraj;o;+)si{JAUIc}(&7c4NUm z0=$GC@@W+1n}52K3*YHE-^co$!Y)pPNhxrsUwXVns3vT0L+a<&%|@Lq{xjw&De9n! z63vh9UqM~5GT2_k+B(rn_$!le%dWRBwesD{s)v~GqYVXZP_{bO5G4#yYbvqrMWmqv z9*5n@#0InirhFA^8WQYbhQ9>r#1C0W>4H!$RcBE*8fGU+n~7d^g6QueChNnzR78)KIS*d1bwrtytJ?CC99qd9XPy*!5%e_G@){WUSxijVX z$&=D(JXniyjhQ9Meo3slNiPkl+i5OuT<-Su>km>hV5xxz_v{iBJbYlRHdUlsn7r1w z=j^-~C31fI9yyqH5|5IGgF0vwCrq7<8)|&AKL-S{hi}Mwa#WSDdz)c|>)?HyInVZOVOjasn2no>820J9u&q7 z{bm#_Oq&SYwAPY2bLZ}|R89pXsFO0))eHn!Jmy^nx70mTzu&%&1=r_4N?IDGr$^M) zy;AvWx-vy9cp|4aqr8-7l$Y}`xU?d!xJc?^fSJh+Kfh8SeEvvNA~v27t-!lLkF8MZ zm|2%HP*IyaXV({?tnAzg49TuQ?2{T3OdgQ$8rzhbKnWOisxm#x}?l{tY71K}C z;Szs@v>Qnud!R66+(>{WAG+5GqxXco(OvTDR^lY$&8mo2)$7+wnXC{+1!&U7assM5 z7HGa#TdACXko&=%WI3nlPpp-wo@o-QNGYgBBU0^_fo3ZhD9K;JBBoE0;N%G~ZmPYKbcPaA}V5FrYjrW_4Fi9^kLNdaK={9*y^Nd(WcnF{SHS z{@l?FXaZod^5nI_CP20svQL(Emm}9i+}f3e9CD!8dZP5x5V|&(QZJB=DcTQ#$LpFG zxX7u5VnMSu5?+q#%>^aGyILykHBHWdMiY12?)$2#(7PW;^uvP&s$2z-lWSKBmQAlZ zQ{=ySd#8=3j}NuT?{!c#Cgihn>(<&YBU&~FI!uRNhp{>g~*^?V&#Q9(DxRfnelI-Z? zxHPmpKs!2JmgJIktivSSrh^Wv=sls~a5T|w&T}E5CgDB+`a8j4l+W3g_7q)oZRBo( z4(_fZe)!7JBM8cVAQK1yN|3VqgHRVM zLV(Y|${LQnAy`o|&N#p7x|ox#(RPV3f{!vLzH66O+M=)`t}LbbvEp+*AAR4K$knyU zXQuc=X<4}3DKyFafx75?4fg0RR5PS}$}8G!wLl3lJ`5D3Ako=jDe`q_s1jQ6i-HNk zn(vJAj5=8syUra-^UDO|R*J)D95j zh#a7H3@U8W^zCBnEV$xu6<@-W&+W+i#|)1f0A-qHThY zdw3GvY2RuMil6YroTf8MFRjmp0x|Wr*P3y36s8w0q+Qt_qw7QauwdU#>;P82){T-7mv(=G)@p z-mwJadQiIQB2DMsor^)8Q_;HjP`7ye9;bOb8t}t0I)jtDa6+v8?Ai7(xoxzu^4~rz z$*|m*@-gEWi~}PdbD!m8Y+p$s&?xQ5y7{v(aI_rHfx{zF86#Qec4MLwit4gR+mrwo2V)i_?tm6dst&CK*>8(PSrMEVSDgS6{I-ZXc;M z+Y`S^lBUBxicEWYR@|B~uLQ@eT%Z|EBta{rkEUxnj3r3p`4uz~ifG6a zLeXEcTJ*X+WYq~mmjDPOPmGv7r+OPRuDYCdJ((ET9Eb-tO_xieBmm7aNH_tDaKgYI zU{TPWNQRyk8n#gSwZ8Sz3TU-~@JW5xY(9ErASG!U%d`Zkj?=g1x``;}UPCNWB$;+8 zR-W27I-!ClBo%|Ff-t}aX$pRsAt|`|eFwZ9Nd8y*H4eFH!8c(C)D_%KH9N7hiG#8+ z1vSEU{mcI8W18v(2=tx6Eh^Ferd72UR4;z0#UJDY#4H=UEOdJsG8-hN<#K9j6mcLX zTC6^L=ujKYOTo9*t%AVMc%n}a=mxmR&DPe|@PVL~)S$ze>S&FQF7nD(b>joAhXKCi zh!cTc$LcGPNKlPNj1s^Bs4I>^Q~@U%Npw0Ed5dV9)OzTq97ovUFzML=fPpBpwHYu= zhqireEHf96ngoZtF6k`6s0)@;5)!i4u6-S`&dtpYr{<+`;ZMTmHzC8RyOz%lF_$am z;bK9{0(++}axikz=l~{A0eBe9Dfm}40r|)B>%h?)dsnqer1m5nHgH)WP-{)H?!5F`6vs3Kf~M_^vzQv4v6}FD7H_7 z^Z_G9ZHuhl{MMv`K+PTb%7-BU!clf3k1-U01yV=6MDE?99+Vo zs2VV{VJjDx65dZP|8bRV*^AcSqcZrW zf<`x`qg4Xj`JH4=p3E03JniDh#w{b^*ga3FzFsQVQ55XK_mp17dHPY8^o8Q*&pip_ z+2mZbZ0R^!Ep}y14rNY~b5>Y|V`7vY`v0h55(XuOx~Ct9W4n;E77-G&yb zotzn0-JDRPdj_BpbtZY3LTHnmt*1_6c1R^;&4%PqBhkzr=yiF!Yd3pwW>Keox0;17 zDnCuIhlDa11bOQqI#JHxZS`HVl;^fH#F_7}3GI2@ha-u+_JIl|2^DfI!2~R%;|eG( zn|tJtK7r=YVSJZIS1F>yp=DFB#Cmn8SWh7^(y8)$nh_ z&FzpwqIC&O3NKxChHR9Q=5WCm+yZ6tR6}?d&jp8q`rPDl54a_meJKNU;xfr3e2Ur$ z=%5@LuX0{6{%pJCc zfv&Nc`Vo#6u+Q>Q{l^P${12klfpLGKhgB&${BatVqBues zZ(S?83!6n$=)Iv%U*Ulop38o)N03*JR)UCx+LcZfEI{xiU;?g$& zG>@ZassiJLr2Vr|Zrz+7_i8S%K?n{4X6(2b4rvk*Fxnu+B$oBz1XZPc%G<1E<;Zv0 zVuhDT>RB+Kp8BVijX$XKIPpU3g|xKInR9}>6uc4{f?;Hap_x5mWombPWXd=^FeGth zoVCRfH^LDMzGGoT3iTwtZuT?5N7tD)Iedq7wr+4$EwoT*`kU}w$7HstQVD=g9Z$_9k^}MCnCmJm~ zoZGj*3rzMv{3pIpc~>>UiLKys)q?3Sa7*4(=clfT+;LPXr6@bPbfe$)w{0b*2aUr5 zgTu3$9kC4OWjjPRr;(oHAP$5?_e0kOtSZbtw9O%zr|8%h(*3*+yiS$^xGl$!yj>f1 zLu(R*_lih5jm)Ol;s_!rmL?v-Sw)%UC+oqa@t&qZC`oZKZxyKvo8z(Oj*VDfUq;wR z(Z!4vC9Hx%8)_?EJMW{g~FE?lcU&5gx=hFI-2WJ4zy2sQw25E%~ zDmm(Yz)_*tqhDWNuZ2-N)SiHOCX&#NhX&bmwjiLB4pmSAEJK_9xEKP2cVQlk}_L%1wwt}cz!I7Or()i=bKflxdPBC?sS6e=h<;YkyP zfAZu>KJ|`dY&$-XKIGm<-3&5 z9z)Nfu;FEfRk~VRA>d9r0KsP^(n2MbFKe*BNMlQ`f8?M-W|NS|c4t(GwW@eTCpFGy z+$yY%{5gS+unGVmP>K~g*ULTsqJ~DkTC8-<&H3e#(BP4w02zR|)C3B_JO~7yabo3X zvu{gDPk<&OGSs9cg}8GXsb1YU98b!im?S0{=1GzWO@(BaMRVtN$D$3s&4yL?4_CSD zIo;3~DiCG}^_d^JPC)9=Y^*ka)~wUiGmL)2l(eT3AJo=SX-p|3l^i(3mt}b4gj67B zCJ<2boc_5`WeUTer)6G-)97?5sfgWPau_)9{;;{~RAGceqJenQe0=v$+h)}Eas2|F z7>49Cq&Ww3*t~>Hs_Uu_ibzE-RWv=a#fVwhvarGDMEG8BE?pUP#_Yh_M1)f6GKKEhOVm;U;4K)2y^}1cP8#0{ zps%DlPQ!_ERg8WG6Dx+9SQQosV;7Yh4issm z!|(z^^((7uIsfsaM*wmT62p|Ae+Dmtc8jQTxW15z8Vhxqv7-@OYP@lJTTZxR&fz13 z8Ms7-A;Y5qjgi@YD0jemxsv500KTTNR!5w1VJN^rqKzCjaqu9W6Vz?g)`2VJ#MT2Y zLwX8i-d|ZIfL(6(6%20TOlJ5u^;o=femV^WOpPv~ly#dK4b&!Y`KuLryDic$C z@O9zP-ftSDCM`r$-M6tpfq`dTo@h>t?w5CSO)(h?ZLz0VxlbXn$gecGFflvZjB}F> z>!~SB`^p=OfCFDWE?_2Aofv&+`R;X>Ka?nPD}0&$Lz8^f9(570(e7)lyiYmsgu_u4 z@p;+2hO7@w){3}y2|;H<%i)R;2K1=Hkfof|T{!I`z6pH#^a%!5sjNFv4AIFLMjBjz zLGgv{NKet%9EyimzPr^2owhW-C@f(FCoR~L;QK)@ie<2jD0QnbEw^M7ae(VkylQH5 zAId1)N+|6|wY>O|6$7g(7u@`3ZoyPU>O3Z;Z}ZuC%3t0}aLKH%Z%sK>8ExGceQ&|f z7ya|!H>&SUJ%=yt12R{y7JmK-4*m1xOiYh#8LvP6Og`Y7 zVYr0XGY8u{W}yZe>?5OH1mC(h|}vS z4xHIJ>nFkd%P-HT93Jx~R&9-JUwUslin{xi?J`%_ng8LcnU$eGhyh4_0n@}5xv{T z0Dv7FAV?P$7Zn+|4FhB$HGWVH7xRh0Ym6wTbUiP1o6wdwCmdMxd%2jH;u$vCS`U3x zVGR($=QV?8?UX6-8q0tIU;9bMCC1P!vLDoTr|M)FS)?vw%luJ8zg(#I;aMQbH4;BF zJcX|o5$kOE-O$x(FDB&CL`D8f3_Vzq8&OK0tNJbC)~`!L7JrIQ1AkFVdf{X?!Wxx2(#x|~^zb+>$%Zf|+M>--l#e)ERMMfJ1s8criacYgo9#6_;6Yv>OB zP1q>~cbO+oS~A&hV})6m_-GX|Zc%_yCzl|`3@IvkCaS4vC2Up|yC<_}PfO;B!-q^m zPb{}`oyzny!GGFc6Q+NB&X0e7+%GSeRHQY(45Jg$Xa=P%Z@ z8UEdm@PD#)zcG`Z&%gWmvgR+d;lKYq+kYDP_2SlW1@tpFP8>B(kO>WiXl7!fL`JSJ zfw97VeUoJvXUnlUcdWk4?ze45?Tu#&SK=m_{O7y+|CcW|{=I(o{J|Y{Errf-sQmlS z$3NOG>+xN=Y^9gr<6{O5c^MDg!Z7iDH~jq z|DN&RANT*?`RZATw5pT@i##7lcyaL6wRCfrM|R3Ep3C1ZY+tuQ$0NfQ`;qhyR#qyr zXN9)h1}aiRoKnc{qfQDg?ppZm-fhZ8%k)nC?Kklsk`E%dP-+$Q7CPE}fm&O%+!LYk zDu1uL#J|4u$A7<={9j$4|7i|@=|Z9>{@u@lM#WMb-#n`e-Oa+!KIp%P4fbP3z|IQq zfBl6Ud6z4T6uYbS^)U2t`OfI*%d+Y6I#|8`Sq*3{YSOnvXYl1-}+^G)^hW_w;17GIa}EIdBp8Mkp~ zXbtoIo(ctDEzXK2ojG}j7cS#e(3*aFQS{Q=Yi{2^^pDSr*KBBAV7uy-!dlLu>B7Y; zR{M8)8CW%V6eL&dupjYYA7!3$j)_Hlba3VS3`^NFiN7qMm{Xm#dv*$%=yvch-LQG| zq3lQZ`d{B+(ue6^4yAxac(=d(99uv2#ozu1(;r9v@h?k%jl*vUTfhG7V|lCFF@s6q zYJ~i0wmHimZ?1d%aEX4kX2#=RUKQ5=a%S^sB~Ju(ct{9*x*c((=QpMhJ=uRblWy!< zhgk8qAI(GmdI*)+{m;J3Gmn%hO!HTD*J$MIpQ*l~?s5BrU*q)FcDjXz$E@^><1W4J zWO|Wtm}$k0Bk(Rd)Za4U_RBdHaz8E2E=?H0`Nc$m`Tf6L?tk;1E&6YK@eQe=tV|zY z#Ohx-{OFN1uGeez`{cM*sb4-%8r>@EcI%$RHLIu`G3;`C|7P_RrU7xf@HqS)m$HJl zp`wK2uQzNThnN_LUy=ZV^z`W~;p#5C-sB$`o^qV?mp8^A|EJ60|HW793*4rj>t;(fc@!OW(TM>#s0X`HTepq`7`v-2aUQqFpJQb(GzOv5?;fpJLpef8Lsy-jO!{ zukxu0>)I14B6l{vSs%IbH>OcR+M0z4I?H0MEWhsEVQ`Hl`6nxYU%g>j_L%#0bNYuT z&oY@}RKK{)|L6NL{_wxP#?eBbwdm*u>%l__dK>=wtQ(J>Yr8Jmv*&GZVNrhm<o~=@x*vtuSG}MGz<4JRaMSnn)dE8 zCR*4HbUvJX@Z`UI|AZ@dIk3wgjZeQZelyzeuQ&WZ@)a&4emDxO8;RTe%yRuNt2ZD( zIo1Bn+v7jZr}ZY&n0Ea`pA$(;XT{3*De-$Z{qoulKfD$>a{33Rn7vE>Iv)j?pm^Q| z57ZTa2u~|0umEwkgU}`CyzOdc^iAo%S!=t?=>9(UnrG@K($LEldwt|<)pN}=hYqbW ze7FBSI#Xd)U=QkA7~Q%aN%=vsKoygq3h)PPyKWuCiOlFfId)N9U8Xu3ov1u1ZGQ6U z=0=AOfuvjyqW$HYBIEm{m|N90*7@^JzL?Sm^_~;_LpGKb3pCk7xpK0J|B%8;(d(x8 zm64TK@u5U+kceYw&? zNCz%F9NhO>A?}hmR3;*QVEl7|J%`uop@&x=(r!LAjrJzE`c*BPaIi}P%)j_m=AuPF zba~OFw}MYg`p_XRrKIh^Etdl)zx-SUH~Gf5Uz5UjNg&@!-9#*mOLQO)x`zI}pa(*J zYtaO?;kMa=U1+az0xPxKh*dla76WJ$ZAk+E7dCJ5$RR`MTo$EF9pnRgFLAw7vEd$g z<8Hn&R{f7wjs@uZ+;qx2t#behf+jRJM_rqQ>U$e>IdPo>7@4&K6w{?!gM_98{I#=g zOe;Vio?k=+S9`+OuU}0u76qGt9a{%hqI!+UR9xNYjDPNXTpeK1p%hCfu4HE1{=lCG%VFN@ z!(Wo{)h<9FB3>u)P(JyZ`q<~qdl{b#CDnUeYclNDa$vRN`e>*ZUMtg#r*(ycabQJb z#WAzVY5LPYLR}axwa*+{vG-6PYdHylS8j@kE22WLj;1`4*@k2A_HXtt)2!r2OJ+fd9o5(*|X4v zH{O`T1ZjAU3)^#N4-eLc(fT1N(FwHRI${eQ#*;gAh@N#{G#n_mPPdzKV_NZJ?nN~T z8#DP+&&Jt@Wcy5K+UJhL;pzJbWyOD2X*~4>hq=+$7(7`PZpPWr-Iy3K<)dX8+VtL) zaqmjTEuKBu^9da?;vt}MauE_x4J7K_biBL;jG#UExr*VW``a=ENQxY4TylJKHaWkl zM#efRKD&4v{u`UhuwT9=K~m!J)c+f1Jh1_{jgrO_m0yKjzt!oqy!;BNCq4``Xu}|f z7mXJy&^D4jIGd@9or3(m`wtsDlqLUIwAu5Iaz?Vw{mY^AR3D#_L)>p@1;i{X(3J?$d$@*jiH?#&s`VnwUht9eOuR;ppEHcoYlf95AJymDbf8!+?ib&?p%uE%fR35{ztP zexGSQd3zkj@m2DXQ|4VM9+fd* ztNAnf9NrWcNB7BtRJvzSv?o}q8$wA3>H->|ZQo__R~|KgA;v5n4?*K6|GIT+FE8#J z5yKd39qlg}H*Dl&Wgkmw|PVEZE*TlGuUHdn;w}NqZ#Kw{h1Cjf@qDlGc%jqsE z+mw>talF9WUu9bS&!abSPne7X#92 z3AKM~-;}sv=~DdQGkqI~YYhUcX)7RnL=U*pHueWz@1n&RG$um2_!zxkKMS{>&(|1+ zibv3FgmyY8V-`RNAWCa|LK>VK6)6Uo%AAv^CI~aLrpG~Gyx1&Scn(gLsySL+tXY0!uOCU z3UtN1?l3B<1OL7iijrIMv1*5547=92r*`GY$jE6)$%Wub9l^ovuBvSh0!2aBfo4ue zu<+S9qWr-|(W^wvzuAF$+--DUM$EQfUP)CREOZXay`3Pj4#P3X z4@~vE9VUWGGe_@#PxHoD0e>{Wp+$5FT9X~|c84+43^Tlrfb}y(=VuC}3R`+zFz^Px z-{&J#(ghLrSwJw~1G9-#;mRMq-hQk=i|Q6ZE6hhchqt& zwv&#;&7jl-CdBrT3m!%5Dc0#BEL+3{HsCa)GkPiDIDp(2!pEd&*TY~1j*aD=-CZLw zkMKpZVGOOY1D`1?E>#)71}Z_eSdW7SLJ z4cw!phP51vgGD*|lwf-RB4k%oCFYknz?M(|JSMXbWMVE&tIR$>&@bB4nl<@db&?Y_ zXnN%ybi{QhLH9e9Qml$Do!jrEp#{wgSK|L>R$B*aXjXiW`hgT=c)WOac6L=btnArD z1TkXI`>GPCbWe+(efc4*AFv*f%*arAc&yX9_ZoNjoB?YtCR@dR~1sixnAG}H~I05A=g*&~5vuLk2+UhGe-*pp@xBD4}Q)p0RoVpq7%KD!t_dP!Y9 z8+NA4TfHrG=duY4;HZwR9ETSrj zecZrqqlWcP!aF3OqFI6SEs|~Fv({n*Y}Z`0+CU2e`GP)-s&j>U(;i-}U2D5)F?8w< zvOD`dfBewGa zOz2i{nXP83N(9dM?lSa_m+NcU|D;FWRUxBCZ)Q#|W>N_-Z&O(XsjCwVLU!;#ZJ8bw zcGd-|iflN^jJm;s0}XqD!b2EP)CfaCJ0CcY)3zxytv5`bKe#+pr5LG*%#7ncSo*^d z__O2rguSnY8@xSMTs98KMmnM?DTE)pd@1|dmr&8JoE-6)TuIZrj2j@5#z+a_MHE@| ztVe75Ub9bZfA;K|lsBB)*OAkCHg0bCymqVenC^hS6}>F%^hG#W93bZu45H&j3b{K>fjNcjitYsp5z&Y zI^K0^IF9--3?>nOD+1k|kj(;i74?0Q9Q2J;#~PRSL1HW19P_aU@{2~wP+(q>i@Z~^ zsj2imBqdFinG;50cxy-jcpiS zF}<-CdUmQy{Bm+L;E<;O{xBv@++A{J{$x)NRDXAou*#-t4fd3D3s$KHn2TUcgMe=W z?mAV0wGc7#;gyv%&fpNU~_}@XG~KNQJ4mqi3-Kx;YFP3pOmkIj073 zA+K(2(xcaz7HEArSc_3v`uW_6T}B%_ZDP=-K#!&|W3=bQp0U(a9D2E!NRx|qv|0#B zO!OH#bow6pj0NO<>0ORPz6lbjlOdVd?z7?{t}P1C|=Z}9 zlfzDvA;v|J9p<8EksW!CSc(Xmo^avI(A=Z;4ap{@t{ieIwfJ^Q$cnex+QWHa5lu+G zfH#%tDaA1-07r=?EP8vyC^6`N4Uxa8v0C- zTqTLtREOiCk}6uoV&nkiGEFB`ze`27hUU=@!fAXLr@^K=Z!fRagkBWz=4QbnhLuEy z#^qlS__I(8OZA+`dEKWsIjCnb?-R5bzCfaV+OXVSakQqg?zOsZ&&nTFy{D9(eA#Dn zWT%;)l9?#d)pG1t%CNzSeK`_WCj`gcj(b|%+G>*xP$%>nMIj#mx@{?K*?*jI64C0F zu_+1n5NhmSqZzjLGip*!G~C_cXzhSZdKI?cdyFh?!@J?Sg7RWvpUy%_*ctak(Flcj z4w%8@rQ3X3Ak-BjK;`T0B@%Y%JmAP&52Y(R9fE3Df$=>!hI;PeSdmF>zy@KPx!O=N zuo^zSYH$;9(LxW09Wu*`6d#e*_{awy9*Us}@M032=|k{^<-vi;u%8sn3sG$hg_sq; zvsid18syG4^P=LqOPke23s34EgoboW75ztGKG6g{pLhszz+U9GkhHT9x0mD1^>1zv&cEyEz4$;iW1H*|}aea|`mYhX;rPcRRpPb2whRM|Gde&Dc$r@?!g>)wp z5+%d;hxJjM9!7`5I@I8zIJZn;QqRarpkx*~?+FxT7#36>hRqc?8nY1Mjnl30T^C1v ziYpT2gm=Z@qfy`J4f?EK^mwRU4qW?_M3Z8 z4={z}DeKG;lbT=}XXSYw$G^tJw zsQLp8bm_3Lay{v`eXZ4ar>b0-7ZN%P%Qv|_jMy{!p_mM_X4OE1wH#tzr)aBz@L87E z(M!+=Ay_UR6CiI9NuO`|p#yXb9XE1(VSkbtYKGeQDeMRA6 zn$G6Rb#>VyUj4=_mZ9wiEd{q_I`EhlqNP((3428*O3W1KYnF_h@-n)fl9;cMq^dM~ zqRDU8l#+;uh$IZ{LVC1FCd$zrA*o?FhrjXtQFaGPEYFW(0+qAP0uz3`^RN%njoUQ0 zv?AeI5=RLf4vUPI9Z8xf3DLD(g@gYNPsNV-*5@pPo6V64* zEz)6o6t-`$D6x{WHG{pFGe_%s8)0gG7um%|`vG816`Fy$(t$N*T-b-m^p&HrQh!_m z0|}ulj?NnRU@XMb*ZN~$6$W=bjBz$a#*Ts}^RA+9@X za~B<5^&kdL(#N@!hGpYLsQ6g>V$~x3ysg1m=oDCnhkNQb0IAp8PpICbAkdT4Q4pjDd}^?>gWDCI1hp9Zz>CFm zTSjL6I)WCE)<^agKOb$y!S-4WA+j&M*K!*UzIbhK6y3RW%+Rgc3&XPG(Unx=qW31P zG8s_nACjF7nbyJ>q{Vyn;|s>e_&W-6SYcp!4u)bZPC)C+`sQ-m&PMpX+M`2iudfxA zW~dj`kaf+X>q0%A4PyX06sZ>6c!eyW9*VB=6U3%UmF0u9(GhJmyDk-Zu4IG;%C~88 zQ|4;Fv&aq^%AQZdiS=S*U1H6?v-w=E6d;zDjS6FR?)&~1F;sO5ZpwRn(SeoPRvF!( z;)L2!`CD(pUf&5q%K`3al^uNMqJ&0~4uQ{q9F!8w07gJb$p+sEn9pqb$NkJNPS#`V zeRpG2I>i_%_npWQV2$Rr@G>n5OmL3RYa$>BK>M)}AO<4n$(*2COLKyP9V2GmjsZej zM@z=NWJUWHAt524@lgVkWBuWECa4VbG5cy`-5_erauaQrfKjtmAO{%h2Up$`20Ku~ z)Ed!apl%2YwTcUy`{99~Qxp0DQ%ah-2|w=Hd`zSBZv5L1mD;d;R9 zD|+t54T|!tXf2E~o*;CKPK`}v%XyUC4DU1;W@0JvrF)~VAsa#W_=?udiOx(Z(ann% zZT2#hqSR;B08n02xX5UISt7j~Yd8r;9sZ~aEb5}sKScOtK#g;HgYgiW9yXL&;oRSB zdHKK&xDHv(UAbd}uXmS-tPh$@UYlaT%;FC8WjNB9ljH1zvBB7e^ma|KZ#-6o)W9hl z^_Wt4Jqm|LI$y`yj_$pO8BxjuSka(RcB-N2__*A1E1XA*wa_^gA+x~305)gAyZEsJ zVkQ~r@0D8lMJFCV+C1KHlzp|^srVmC;Tty35Mr^AjvN@*RvlF+aSLbF?&!8tpY}PGQ=8VN@dt~B2AM|HP#6P z3sXo}wRO6OF+bhzio^^TNp|F44mrm+%PHv}rhKw_JaZsYFZ<<8c2CJu31LQ-Vy*pE z;CGVXY@lUyMTeT4vA<7;%1TQ9@vSvX0`Z~|yZ%Io^>GP(y8W5H=55w{D1QLY zfHch$70s-Hbjuv5VK+tGt^?T7hFmqT|HyT=wE9xGIcmp$*AJtl^0orJzZ)@o9PKss zEDkiQ?JyQ1XF08W#NkjGz2z#V=SvJ?`C+AhA4&D*GTbVqaJIosXOk?^-$QVnxz8LF z?BIYc^#; z!{IB6Q|9*ekM$eo1am1o-_qQ)UR1TO7lofb84gfI;s&ElB%7T2SZcegJQpo;Rl0V( z7JWZ`K)HDk#1=-wm{7^A*+r(uhszXM((-KAjBkM~#j6+fdG%i3eEx7Q#@RfT2tTvi z1xs!ik^HRx1y~$BjH*u47>>*c>^B?3p{d;TR7n|4Lwn|_Ps9$o!)W})c7EI8IkidSUn9PvE0YFV`$Z10il{muhZGH%g z;$8B|W(MVzP56T4vKrv>X2s(fQCRg&K(v$x-{;VRk(U;XZ2`KAkInSs@1{8V8sVoD zH87eYNU&ImtuuUv{En=h*mm*KrA^AyO#vJbu*c$L0(8G(*bUY5Z3PV0MLOo2b3tbF z*^s1&2rl$wbXxKN_lKR)K>CMpS%$DFDW+#ReFs5`^Cc?yfpt}lAHB0GOWiSZ( zu%131q63vWo1hp^U2zleDWy(Ptxkj@d%{8h+&3ZLAU0r=rBh%SVCY%#7kzWKaj6LJ zU0ddZPHjV%uhKs;OjKLM&Y=2|7&a>z|FNqwz~QZL?AN{oRwedYa~?}1S4Qx~$|k_s z+QPVr5)K)v8Iq;NNdz_{hBU?%i-t>2V#lpSj0in_BXPHHWi^oskMS1jqlm}0A)cJo?RE9a(O&El)(mYU#Do?}84Aa3c<3^c+$ znoK2qP!<1K>b+z9oZB0RW84kH>kp&{eTokoY}mOpjsNXb6+*;M@FZ{OfrI*tv*|n^ zJSm?q<(0?=obyDIMh2FYOK3MDOF0#i4wS}-C2nik?vGU{cW+mF zuYLCYQBi9w9xS;?3l5xKjvEMlSS}?SUb0CinH|GJLd?~}vhTNUE=w`)X0cs$?O0?B zY;~QG0=E(+D$xDB)DIou=ckt#W>6xN?u`~lX5tMfk3%P=mWaf&P7Fe6;S5AyqQ5NX zhfSmQc;Bi{j)b=vO>k2yC$#aT`>w6X^dy@^SrncPmEl-a4R83c9Dp}-?katpvUh zO97uVJEEnI7aQrYEj;bxqrYeop?gTc18R8SM@+c$0Za6u=>xRSK{3RP)5#HNOcwUk zD(e2Z7LnuJHB^g2Q7|(YUuUtF!@!5{_}dL-&UXwu^KrJVqWU9&^mykc{~`}#*fE~W z4qJXx89~d8ooh<ybM-qN^I|oa)>a+t)av%Q}E_m#hZBs6M1PLf9RT3`bFaGUx|TRCYhGdDQSkRnii5 zkb9(rAbOx1-Fx>avCT=B(*Qs;AbRN_t^G*H{DOjrR*69#ui^^_XXJN;AuM8BFGICL zTc0R=;?bybrLTJCvPE}wmdqYS^|jHh$hKrtm_ajLz?;TieCteNky{04 z8+`OF=B#Bmsnur`mdK2qby1%>5gc)I`W!Wkk|X|00Q3$?Bk1-YLItl?uC2Vm;uK8= z?t|c?d{hZ{UID&yl0qQowD@E>oJCft9sxF$bz0R!<}!HCnHmD`$S=0ZX6 zB?s4tEG7Xn|h&BYC%;gz)D0d5S?C zUeUM44_m4fgG9NH^iq_WOMW4di-2m9>T@JyE?DP`188=DZB!P{DP-6Pszma*@oCE* zy3Y1=FEU6>Ul|dDY{&n1q48RLt%@!EhYnqV2kMd0%0Y#b%uKpSJ|c6(4nLdua6>0C zu2q?TG7ZIcV`HCBwM2b-9Y_Bkpc6;H;u&EJhyq02oD0y(yJTXy($)Q|3<`Kjh?9-3 zSt)M~1bABFXzQ1Hu3gC!1$;CK3E!F7Q&G(d!T07pNdQRVvo-nv9&8FHmkWwkdZ+8X z77h2Y1ZB)licdRg6pyUPl4E;S73WBWte{V>&HVHrH8>FIqhCG?uw&=*Fg@`rHII{C zsUMu=`H>jr?!gpZD?*BSttZCJ+d_0%MtAZ66(XQx#rAXiFzRwQ*mo(>1hAqcJR&Lq zBxF|R-%&4QPN-I=)1Jgr*p^%BqtA&^BNdlcOCT$5G@7)^-qJ z~cBP)l?}Kc<$MW2LEny z-qI|hk_BEK6bbrJdkIQ_Lkt+*IAZ;yg>CA>q$r|lg z)K#zQ=EzJjK2*w-+&Fg74D%RBs0O1(>AqOXm zM~PM)5I}n@?BVigE1BN#m54Ngn&U8g*L~+=%UZo3jJYImR-KrU1YL2ZdFeQ{|4js4 z!cd@~k9Id`ZiUv^<%l{6s^QW|N$ju`c1(;nOr}>fF*7qC0n@C6Qks%&2HXmJ6JC>^ zS~u)JmzRO`G>8}l+BYfFv8TMfn&h|plH56)xt~PM7Pg=g4=tcE+wyZjmymG zWp_H)SdPPlK5EC91@Q?_G`v@$)V{t7g`iqw0L3L$oBlvo z;P4=qg_Y76=&EuLmoD61JV;OuG5U~bMVF?j-u`17!F!yXj2j6PpQYQ4AYOgt`@?uIa# z#yw|2Avokz5$Q9SGCQJkjR?$u1qtrCZI0ut77j%EfMF|53*1$lM%|H_9fC)JKV^iJ zXd@+Ugdoa+07!VoHr*a)hi<`q0n^dz6CWK!rezvgvh&AZTrhhWjv}mAGA>?_i%)^q zC-96nSI{~0=TAr~#)EE-w2sZwQHH&)2=aXwNkkvZlBZWJNoPeAK80_BUS16%(9vkK zPNO1ZwQYdz2xlarX22+=jK0QL2OG*rnnI*p<-}!q+zb+5mVE5w&m1XKm^t|{GQflD z+}NEWFDHo*Zl$D{oc^937&O?GN(gZSLu1Afr;P9xRB~{J(#&>EB+5|%Gpb{ODida*~B2%JVe&3%G-SA*t2Wmb8{GNeNR zZZ`(E3Mh>XSis5jQ;Xe2V4E7S>RAJDKRAMuvs1?#RLkCWu{45XQKoJ4ogjq*Y&bDz zdkZLYW;|3zaK?Ee?{Btq=guaQw$)TNe~B@#n}YYWOsu;9$_A?mHX% z%O4^Xwj(2{S827kLw&kru@>n-6EnxTGa$yPH0{|&XQv9bya3SsCfKhz5ELf}tVqLC z|43wRfEI45%=9jpYTQ$B8krdF-CV}Okr!T@shD_Si54w;q)>J(Pu{B143&U?uSuG|N<>CZP3ETnNKu(qWXjW@)=#!lqvSAQOZ$ZgVlC^lYAq*uxk1R;P za}SHyb4I;*S5axreR0>MTqjH9y(=#p1wx zx7$}2E?u^NAqU$Q$(U#Nlq1WQ*j-lsf7pBTa4h$>ZTMzWckk=iRpVkN5gx ztySw9&hvNvhU3_eeczABC5w~qmYK%HBqq(AQvBRBL_exBt*Yej36I6K*GFqwpVf?t zHQv6K`{MES$1km!HtiRmnt5N3OXmGE_LrQo3IWZvY1h9Vt7%B}^2wR%l+`|F%@Rb# z`5{$4cOvWtt6HeEh*VZ);c{5d_YrJai+-@t8Ua!k+A0AG8EOzTIQosb&&`b!&jTeB zMG!>%WjWwV6dyxfeOWddPHBc|0tHa)edU?FQmt~@2e%^RmA>VA7i(u5|YPX3d4Fkr9QrNt&wuKLrYOu zzFmIzmo-gBjV@0QQUfg90RAONb$J~K0^ z<7yT=xWBVBt7K5Ib7(_yivbxSTiq0?mQwnX_Va%rg(cwIB%6Rk?+O6@8m6el*VN+J zuXvwiW@biUj9NrH_H0`LS5!BYe{Ddk+-#ywTI>}UEbQw2BDr8d`jErZIR}H;SCMAH z3G}{Qj57#DkCED`H*v|w(eFhV9uBlPxS6NR@@4mYuN&Da7uu4%EqR_l4UdWOsI*KM zZ7mB`<>-kc>G!rfS&Dc-4p>l1sweJFI>e4hk2ro)R(HuhQ&EM_H}bRRT#N0F z9F=XcQ%mcbU3YE%ghanT(`4ZKT<1QIwPxuat-+-7xQt}SemM|aBflqT+VNRTgH5Zps!oXW&53I`Ek?NZJ_=Ec=E%NIwt zI+B6PP>xPILJe_FeMGK5RwqRaS=Q}b8*A$z;djU~7mTvz?jX>j{xpE6w*TsbV#U>FR*5dHvxDsg`GhEpjWj8s)4A`*H@uSfM zLnWecl|;0n+GR545n?r_(r#+nRKw{^paT&`kjfEL05WvdxDI;v?mp;$Ssl(f431`T zYL!3A6W5mS|5JIYIlP_1?d>1HkoGYEbd4rSNl7NPN8ZPq)P+*kjH|kKyDRw3$d@#% zs;Vo2ENs*r;kslWrR!GYJO#gZ&5oxr|Aja05ED~2tXH|QI`!4f7YJObI?z;QAt`t( z&A~atfSa4(w2HtMe0wb-Wb+-%D7!~y6v~Ff;k-?At=B8dd+nV-d_E_XkmEWR=~|_y z9f`{Z72zpb##elhp~M=Tk-=GTCEb{jy+c#e5>I14DMx@hg|WlH5JXAC^z&+0REi46 zyP*qE>bic5-0hqAFL#aSr{n>LUh=C4<=C^HAnUoIo}ZI*8tz5yhXN{zw<(g;TK?+p z?~U(OQWyqL^Y^-(@e=`T8s2c6YOMvUtJ=hjSc@jjjStt;MFWujJ!Ako_G2pe0n&@J z=XnZ1em?9|OQ>pQfLuhRj))vZH>C0I#0S?Phgpz^+R!y@@z~D7LWgPJzX0P>)Pp)v!q9m`g@X>^p5nUT&@j1+ddjudk34ueZHz zUVaA<N$g$FL%u??UTQw{d8a#{fWOH53x zSEF30-r<~uB1t$JEspsUJBvy(-Ug;-W(Hs$S)*rQc0Ndp-W`YrLaQv&MaUk@L@@|K zMI9KirwQ?m2SLZ%Kf}z_ln8QEqH!2gLrbECw&alZ-r&j;-C$u^edbc*4FdTBJ?pAu zlZGQ!uNcBv4#d99^7y7ZHKC@2ChPVsx_;g`iVebPco z068*DG>UDWucnZSsD?v&E?`9GpjQE0aEeYoi)&U16UFWZR)5?gc<~gyZ2(D{ax|xKmp?eZ>(Okv^pB8j!AQ8L%t`xrLB&w zMn#b{9zpNTEfDX|JiT6U;re8h0Isbxe10VxN8#yV)Vyi#RhnW%nCU}qzxnHcGpM)B zgBUY;)qLWmQ;ko^D~A#!BD)eR*UtVED1uLkNF$rCYSOr9`_7#Rjb^bcw-7IlVtrD( z)H~~fqfgO3q3&IvtCwM~hf36gA?72&Da-@IawZa3i@AsHkK)8O+Fsa=(l9qj?&rZ+ z3qB{0#D|G(hz3m9GH`*iyVeFo`lqxqG2k-sbwTCKMrZM6_EpeUiZb0p4`KOaV+WoI z4wcn&@QylZCS3$Kj@WAehfnp?Ol<_qTH|4ppM^_|RqJ>j)td;j=%9RJ4`zpV_hy^} z1P~Fe02u*E8BnJ`hYX1X4`4{&tUdoe0(e3tVV%s#r}u? z%wD0tp2){)&sO@VP%h7VQlR&8OrCYw{*zA_u4i?3CJ&ty&wFs4`lt(XwVn4va7kOv zBtEI=2bmd@SH2*$2_gDkvgsBvNJ>hgq1L*+Z|(6;upQ*#M_KU!=cO|1D9U6+I}?3d zuJV~kdeH67BYv0MUJZ@u2)IqydjK6V>y7}hQ1ke`C;9EPRQ#kwiA2r*nm{LqPR6g# z4gwyQqKb!b%b`lz4{b*y8-SU(zSlT6JtV4$W~A;*KS{Cg@XO6&*Y4duQf`%)w?rpV z({qJetw}SH9E;kV&>rg9U7Q{%X_ZFnXmQ+y4SOx=s)Ek96AcIb8{`sSSRl*WgDsWN z1`CaS%Rna~ni_@g6k?{A-at&z2ffevzyI#F-`IZ-)s6+Qylfh8{}=Ylc*$U7NK8!~r_o%yvi-FCkut}hPJp^{ zc(FN{i(s>3fEh@;iuiw9JO#f-Oe~^#`rS@p!>n3{+1qSGYLzO!oQp z0nR!f85!x_n^)a$pFrprv#`a)Vm0DoV@Wjlgd(@Yc`zF#&T9vb-ls@F1SlIafTyC4 z?jpS4bv^?N){|0~iy0n+Hr6)AJqSb3639e?MF;z_1JTgwJpFai^{HWqSL{wk;fSRZ zno3niu~=$>r=7-zE!`v8-B`4U(n9)5goWm%6;$eibL;{*E2n8e44IKFy8Dh0(Aq>@ zvjb@WogZV$@FV7|FufLcQ+K7#r(-XL4&FFsG>KnUg2>pAVOSor&qGd*mPtj5Pmmql zf_BLEDFLr{j(=&6Q=FMSPf-CB=ZbyH=yZYKr(hn?L5d`B3{9lsm4jzZpUpcE5YG{9 zYhiTh?7b6wNRUP3J!VB;Td@EP+*I0?GqM}ry?acGS*oQHU|oNV-t!s|yR9kZ59j8} z98TZ6BzGZlA7B&$$k6tz#s<%XJS6-{PPU6`z)mYh>L3i8Dd4HQK544RkY)poGhswC z6s8efmPok=R_<<>!5Khe7vh^caia7*kdYX*tjeHKqWui(wDw8`dQMSg?G=_IzwcL| z$(z48mQVsFC&7g*K-OMuy`^QZSwd&0cz639)|$G7mvp|CPGgmM?AWpXUXQ+NM%_C1 z11J4H(n?=bq?H^kRqZU@zaht>a^qZE@AUDb@3-y4K^l*BsYSBR%a;ir1U|9?eNOmD zw+N%)Y@W=ICt9m*6BP(xB;4hQp~0PTjSE$0t|Z%HL6`lz>JH=c$YdrBV#V4B)cHp=a(b9jD}B!4T~sa43Ms))67f6PG0)f6m*{`QP}ea9T(4Fh!^paj(EaZoNSsm&X3zvsB>Wa$NHi zR)Z>`9VUfcvh@ZS8EsLWccF+PX{JTD6HU?P?{y#iu~G!v7KN9xNrMCJgXdw>Y09e}}sd;(x5ZsjQoC_H2b5z6Tbc@3sqe2Bb`nZ6t)(81wz2p3<1?S-r(^_$=`;{jnK0ZY5kM=PMmm+Ec#y0pL%@g2bamNyFk; zA8sd`JnP##=m@8Yp(B9$sw~wbTG#?i5V`1EVGkcxHAd6uc;e<9bD}5~F_ilGC_pG6 z6&t>&qk{k$U&T`9f_+5OLw=ZsZn{dSLaoLD%q38Y!<1^@;zvjrktk*NP56vI;^j6; zf5JYNuWE|r?pHB>j$4QRmi~Fa%@XWXTY+|Dt5oKB{OsZao$#QN5UZN#50#}!aNt`)bs zD1q~rvu?k5ZrM1VRpty644gj|i3X{u-2J^tChyOG|9-cUZ~$z5`cZzJ6_F`K{)IiNpcX zB?wwuU`)eo z_g}ox(*FSfN!}fdstf&^*6w2k7Jrwm)13ttD+_yxB+-!rUWEY|Hw^2^*4B37k@2kC z{Xair<0L$e_3U|L2Z#elwh1thm^gY2E5`l5jB$0z-}lj^QHj*0%!Oi2ivBW*b>LnL z13cqU6NKMdF#n5Oi}yx9jInOv!Q=P+1|1Wypd>6)>#y7e62cTg#q(Azz!_aR&7$o> zUtf54Ma#p7pKV!zwn{=pRV8CtcI#%&L=>T=(cW|6_ww!A3eIs6#&BN@SV;wH$attZ z@6u2>`07U{JAoliy(TM_w-o6;y>gW&zQ$#DE=;6Y1#>}@9#|q+c=Cu}MM()I))dYV z8CrJj8=k%4r#a0<`K9Uhnx8+swV%n_*KlXV@^wzgE&bLjXI+@Panr5Ln>=W_Hz;%J zN2(H%2Jkfs64t;6v+)OxX6gdWyJqWj#shd{1hm($^fA9;tH3v)nqq__S_Q5a6muf$ z^+4N)@&O)JpwG`XdCaT3H?FlQJ7D*6Bh#l1_z@g<&qY` zK5XPVE^L>zuU-a}|(gi;;K@!Fajp@vMnFB~PDU zZj8%qV~cQ)nULl)jg@Hkv*T2vL;AXpJXp~q7diBu1*X5^m(vCD%Rjud{hy9?g?PG! zr14{2N4aTk`c~Gax4CID-^Ks)cU|b9w^p70dFs#ELO;t-9!=(HM{?jRu)ZQbI{K%T z|ICG}D4d1X#!C5mBxlkj642eVX0f4^d# zt17}NeJO9OBK!JI^*NQojWAZ_=Sx0!`&emB{z;bw%tey<*bgsJWn5&S*nb&?^@116 zrVaG3exS$NXa61hpwF#2`^Bke7e2J+=U4oW zxjYj-2!gF6907dO?dHV*Xz(!0I_&v&Xl~rGD=bS&ZqXv{Ob>)6%&;jdn;N{jHM9wD zn%8RZgISs#k6mAt%Zn?;KR*9tnqO|A!X`sA{CI?f~CG5l}QKYyCm_}l-v z$8sPAbF4){GdldgkB+guxTA{5w`5mnmQ=b%7=WF!P#+lY`TFv^{cyXusQ>O6|7X+n zUmwVY;e+|A*zWDyE^L;&Qh((~hg6Tk3`fnD40}Z5Hirwr0W1OY$IZy=D$m8M4Of-E zkEa{|#ejJi1KKNK;d!~->ZjA~f5Whr#HzwQCMVILyqp^yewO{P1*}=88K;Ki73V}= z{#NKbPaDB_*4UKUQGAcGw97yrWCvd~FKOB~xLK$*LLO_4?21la! zk_1|`VvO7_WDcZ+U<8v(mPB>mCDfPPdNvESRMWxw;{ofYX#`xUgG@juXAduEKNzz+ zL6~eg7~3LLUe5p}BO$Nw(UP&m3MYIKTyv?T<{)kO-dqqELau2~c=YB1B{Bb41_D{{ z95OdsbLIz_pJjZHm|+Bu!!zZR)Ja#xcFLoayo8@nHH3;qMG|-Yw80i3Ubfke9%;c_ zDA>uR;uqK@B~Jk}@RH{uF@@|8lZzTFapU(>x!|`QC=hRT`Q+6Dvh!@J=oF?7f>uG~ zfjUr`Eeem>FCwZy5QG`8vMWc;w$mlZ9Jwy5i+E9d)5fr@g3tv)Sxm zcFMt6{DOtT$&$CASZvWD$sy&y4qYvCP^H0KWKc_J<|J)SBIEdN@sb6RQA6?Usn#CJ zaja*{neF$|r3$UYaH&=;OUuWvHht9^O#{ke_1q(F1Ym6v9hhX3G80qQg9;yH5zxLm z?D}El_3Q6}-rNBlz5>}11kcq#rHJI1R1+d3Rk+dB{x-B3;gONb5dk2~5OKqT^ZMSs zdmk`={j~vl`Xwr=`=drgdP2+2V`ywi#Y}cYJ-~6mMt!gpIWH%n;buwLUH39b^z8zp=LWNT6f-JP7h zrZ~b`O6%9|XlRgj$fF$r2={EFsSwj+?5-t?7wf}aiX66pGFROku;&5vp&Vfdmp}3k zdXq|6{9LF^^?^18w~`;Smz4#sec7&$!H?5uq9QYzh)I;o(vv6EaR@G00A+eD zub6}-Q86*9^vDv|ELyW=3n3Y}&siV-^-^DgUric9l?afwWymW)Sg-xk7BMBA0N`0( zaYJE)#7m2MTn+P@|7bNB7TYy6ywnw83xaJoFsJnEL!L}>1vo?1&Ml%KSCPpLfY;L` z;Yok5D(uyP`rQ+ZXApSa5UKOQJ&)1RVN#K$6j{=S_O48h9IhD9&O=2AVANCyAbu&f z#Iq=&8#M-{fbV=Z}f)8!$a`=2x%Va|!o{;DJssx=XOxJh8ltA(5kf1m%-uEd^f>99)8P z5N#2k!rFs)rZ{hAPzeDYyf=X68-(h&T*gU=n4W_1IF|q;2;-gt@t;jK-h_Up(Q%n> z&sBAV_1_{>!>tZO&&W-*uyp_|H$JM}sp)j;4bj^&FwR4wG%0Ns-s z7v+w{t*fb$MW-lgLUqAjYVcBw(bJT~HtNt&VNPTi;2hq)r??l?`kKX-e>#fJ@8kwh zEc5>MqseE%T`7_4*0ryiNsx0Bo2jaz2qK7rJ9weBfTW$3JyCvLLH-1oR?VNujTFS{ zoGaN>aYT{T;zb?01wJPHoD6esp`>E56*GVb7f0 zss-bx2nc{5(6IjG{bnUWkE-#l{sBI7$0Yo9?4rxQ1LZjv=+z@#Zi`7ZgA$!u?C4qN3`+ z`tl?-6`)*!oC9~N4KUx@SD`dOHc{tbxN-YIs$zSm-d4ceM8XmjBu6dCAu^YmhtY~vXBvxTp8oG(CgwnymJnG%gab_mI&{5K)3L|>k%u0?Zynj^QYZkW z9wp~|6K|ok<4kG|+o$ueL4f|F zeEdNp7hg&C#AT~z4|Xcr)V>sVowaH1ip1^CZO`pK%Q&M5TZ=V)o`^)96~m13Y#eO{ z;CWkPLTxOWTwR}$TH{A&3vI|97<=j7>r}`Ahh881Fd>>fdG?t_`stNa-6Z21urY0e z&JQ9UBLjfbR8b*wHmW+ISkiuI9-cp=$Rs9NVjXURgniiBBW%2YquAZ}jz+z7A@5@5 zbzv=;(S*dfDs1yHLBV4d@d1M#Wd)#{^W4%sHmWMuSH(ZLZL$ubumRj7J${?*QccoU za$2InIq6{hD|w~`WxmH&oBF`uQqF-r&>#I-)d4 z1$MHyu4uA+F9%8iA8`CwxLMr2_3CX+K2UR#ACmF+(mi(%o&4$pu~`QG2d{!t&t&E} zxj*zJj=V(BiGarZg74U>aiY72At4 zWNTXkSSOXH%lvE`3m1aXkyyppux~3Z85}orWQrMUf&!&VaS~}8{IYyDLdrHUl`5DO z@l;epb$Q+5UMwR@5zqI1>8t|@;ta{W>hBS0lk|qtRYx>HTd`Cp1xHD0Lv&5s`5iBH(Jsh^cV$l&Hc_$-u6mgB;JvtLV9}&cu0ANkm;o zu-425H;o|$5OJ4m$-(^zC-AM$J`n{G{1aajFkOfpP2z zo0F>eagp3VZYxHsm(2g=0oU3X?L3*GV^rX&n zaN+Y8UaqqiFTU~wMMgeMuBg(Q?BsoB0!4Jfpm+6kwm4!Z;&ZKnnnE7}KTps>w3|VK ze4ppfM>L)~eE)eo0U-{pQu3?Snbho}D|^FFkLVS&{*^fVc4fblM`;hS(m=k_E$k(Z z17;Cfo-2wRSPgM58DBG;t(e}@fCeI9;`wE2#(@5+6vyXh1AoKdNiDNx%y>+e&%}y> zPBpBg0&AW&O2)b$cArqTAl`;EmmYaT-7XKbSzKIPEaG~FA|&E-p!LAAtlKw#SLC5- zY3}_{$H;ev;%1>sO_YvKnx}A2?e_#w9hZc=gh?*|#Kq92)A2)}a3=zQwi`e-hCnq9F+{VBWGExIX zph>2<1|m{8WKE&?Lix+J!N#qwrUmADEj?VUHSb})Ues;0OxL&1P?xplg;(WkkS!bl z2!S2VUR#3@>xR7Z2+m!QMu3@N20+1FFY|I*7Qx!MIcDJ=@8w4m6zeyCO?XNql_&)W z9Eb?rl<4=7ha{K4*CI@CPpt5Nlu_d102u!O5VQHr(VBi zr*t}T*S-*fctO$26h~K8WYw9i5Pt@<4&gw%hm>LkNcpne;I^&fJ<<=bE%?IQ&_Bz4 zjBA{`EfV+Aa>Qf3nU~E2ML3cxaIM*qIQFYaXx*Uj<%`8FRli$k5EiMKar3XDE3vXv_(A2OGsXkZJ<=6%zDD^Jc{gMf)u>m{^Y^yzFYir_6 z8b5&$@)VYEmzpSeIqo)C5jIj6Lh_3Ozl#$#6a$(P0z~P_QvHaL@T? zX|x)ZUnkuYDgV{`fkWkKa zHzYzCA5n548|@5^g;l@`za%}MImJoD0f>WC$#ysw#&;`me0OMgIb4kwRVuX+->HRI zErjujZiA48n6by-8!LmIuq6_#`wfT;QzF~3sr&43L@Lu%Og_H^lEnDZrs~$4FhZ$7 zG4uj9<_$Y{wpMM$8P;j!E1ZO|I5@i0ep5~yY#Yw#+LbSaAbdyE0HU#ysI6G(d`HlW zzAspN%da;uV4Gm!!yBVVs$yp{byBxLq;0ikUP{sii2(!cU4)`gR!U|LkiILWXK!4O z7;rpCt<=T_Pn!}YvWJOrK=#8>IABpn8r>GC#F>+YOiv5($;cWFy4dNeBOV$6 z?=kkSj_7rA=E)Z|LGTjvvhb3`#-83NUNdR-jt8nup)2MU0rw^65TdBBaO`R!Y$>6| z(m$`^JyDeb;vOTjH=RimyLRo$CI&5mv!r{c)CVFEh zvDeMG&`A$MeiM0LUoTnCNuIfTw`E&(iFvC*FI@q-V`JWjcc+qJH+59XL}`L3V09!v zh}`X~fkn#bR48Hx)pa^dt<|9y4a{qZgRF&EaOB-ohg0D!f->ox>p1zWE@k?u1C4Jm z$UvBMAoPZOLeRnd_cunfjFkcV55F#~CEp=TH>I^@e zA}0d`Bh3+^P^GfT*s+xwcJ16L`Fw6fFWdI2@|zmM&KP~hQF1EhA@R}P3{C zn`_HiXCbLll`*ZL#v^3TLiDFv^#37FtvnjE%qH3tF>O2g5O~eclWmTsAd0B3y-pE! zit}LHNu47+Ttw*(w7++U0x^ShT11Gh2GLEMLy0p0G=uckWV1`n&|H`PRs)piG4ez* z`Bs&cDxL(?#A7AB%gZ!kboLrkn#kmkvpKZ{L1E88ch)>mEq4K&3{+cNa-?0wZ!$!( zXK-Inlot8V048~ka9T3KAPfQNq_^C~P3xUNcVvW7lBIi!K8S}n=)&a8BuH-pF4^tM zg7j4SkD-?-AC{!L1*PIx+S28c*`D(P?hKG&Y{Zqt5_dtE^L|^^>kBVxbsSZeI#oQ{ z$FVL*1BRV3IEhRm1aLkxx=j#^ZL6Qy!NAx<-e_YE1fy6xqC{FF@Se;{$tAoD>U(v8 z!Qs9ce9qKlBe()tIA6akT~*@TA126tQoT?k6|W|m3OE2mU&W=sL+>cmP?wr$%*g?> z*d8gLw=)R~V|+=nMrc&91InVwk;@Wi(Rnk6x1Y@ENpk^0esTK2NL^!%apzKIl6?f2 zq>Mg}?B2afNXdwF&%>n(*sNqk7aScn;ax#`6LEQNSJwVe_)x*6)n&m#$*T$6`Q501 zMZSuIbfR>Fs;a7bKe>C(SuX}H0HAo`VvQ50n(Gh%pF(gcTui10F-;R=o`n7#K`q)2 z<Y|Wn zAhb){>D-PVWqkO_TB@(jKI<%503p!7y;Gio>CK+6-+yNwZMGwhF0dspyFLWcn+(XX z7U8nwb6X%qJn*JbiR3{-jMOwOrxTHD0BN^kDr#U%OAj4QcEZ;tAVYOkikt~Z<#6`? zz~mk2oGaem>tR~M$F{;qcHm|ohp_J5w zdHp(ajs`OCt>#(%T}rMsFdBAcTx?*j*nWe;ar8YBQozrnsNHszTFR{=@nZ}>wOe%) zHkz=HRcQ3((|Q&Ev=#NPMPbqd6BgkA&`Wf;wRMNEeJknF$bzb@$&5_7Xu*W+ks}oV z3JzuOQX}mC*qeand%!ojeCtUoL_1W33v$2pma)#01I1utc*zudr}4HppoG*?BjB*8 z*O>dX^QyPfV`fatGJxypL&>7Vq219qIX4Hf3UCL72nE1p^ni~$(8TQkGPS4}3GB!5 zoH4BV2}`xMCFD5bAdNL?>tMNUoX?uHrXpJB>ZvnlR0oHb@EQve-4Ir$#GwX7V2tw; zPKtI$X;8bsBb!9CKp59J%aJuGMHL$k^s*%~iRsYb_TWgI zj>F)MFg1BpJ^p^nN#ZdelJegX062!sSZu2^jv~IZhOxoWswPB5Gv7xUi2+jo)e(Df z9+PxOGzTdgc2e4E&0?~^v}U*%MAz`nurD{f%4CZY6Fyo|&6D`Q zWO=B~p+*&O0AxIPsfbpeO6EBz;yea6$0Yeh3Wq|9gQT;~$OPs1_j6Imq{gVgi62s7l$dhr7dqTO=H3j#hFkk8|yBCa>vQ zvQUH`XAyKnnR~VhO{0yU`2Kasm(cxH3GDdJj9lYhi9)&o&{oFG0g;=A z0MQ5F1a?|PBUIu8FI7+pt3^DK;^0rP*AtX(35`_K_JcbB={%9{@lZ_^0l$JK1iS#B ztIVgSqHIbC90|2E2Im&|5|;pe`ki+_+&X)ygzRXDcmroNi9Irh#YVUQ1n}aCJL6=f zG-KF(;PTEV%Z$qu57?}<@Z zbzZh9{M4!0IKm58P`4P(+-sA8n4SfbY7;Wcm4qp=;nC5rTRO<+nJ8`K>PiyFm?RRZ5(2HAL{^`9pxws| zd~yp-#!34Gwd-24`lADhj5UD|^&92qfJR3!>UnetB|EMKDL$6wBL^yA`dM(F-9bk? zN`aYAzF_}oSk)9B#8BKYsU=h=veu;8wp^R} z`7LZVky86B*7%dT3C@ib{jQDTXowJ3VVlr{OBYg zPg_DXD7M1U`59au{7&hcDlfkZ%=ub`VQ1@KT&2hs1~JqYG100<0gXGY9>Ya`8vZ(0 zUYK=X>Mf@<${^R5ZRY&d2xgcOk5X7Hk0<`${K9W@kq#C~@kUTS{2aZPQSA-+8psur z-G3BBV(%F7_sf-6P5=seniwS1M%2-Jya)`X5ZflCX462==W?nV>C;7j#_K=jz`v8~ zMlK-$*Xab4koLPJPaN%lhRzcYvKgXdreEa7c#eavJ z|DCKk^uZrw2DUp;(Izt(8_!`JoMm2j_}lM1JA$JgxPkp+RQ&xMM_Af{Gtn?|zD1gS z{`s~l3k62OmpB)1C4nk+inH+?!UsQwfCKc$66%m<{$k`(-3t)AyYjCQWHn|lc4Z)E!qlDbFx;|WOaK9?Z1xBgsVy>cYG}u#we|R2zRWTF zWke1V7%?LED`;X%_E4fluY$QFKWZ#VSA`x7lofrys(oH~!)Cwd&(}w5UBpxN<9n5G z(2g))ytF4mze2BlI(PIp2rgctfu_4!*JkRb9SAul$O??dZ(fkPeEIY>={VtfZI{fU zdnxFl_K!I4H$fX1k-BMUT_39RENg*lvY;eQo#y| z?%959j5+p~*BUr6m4>rpw{wydV8bX3n3uIzwiEY&g{fY~Qxa~yD`hT_<(rQbA^jA|c-V4@t2x}-jro2FH&e*)?&m)r- zSjql<|KZc&Z(EbbY$eQ}Zi`?yTR}Mx4o~t)AphJF?LpIDR@K)0UKLmBOTuNpK3+^+ z?WNk@$N*!NQbCK;{M>GZ{ur$J{gIKf*-t%k<;SrKe3=Ia3EShZ?O_A=#S|4`WSAk! z%%TVmI*L#X$@~)5I2p4Al{lmwXYxxg&UjEIL+{=dhNpAQR#?Q4B!ek-uudKA=QL?0 zgrD$=kJHXr>h~ZSWX}Xq1YnbG1@)#NYRa@0%s+ zF*4?&YS`LI63P@mVeWG&Q4A8!p;zL8ktL9*1y;2NRX&;bQ8(&f+qL_K-xs)Wgas4$ zq!P7|S~4D@+BVal$V7MQ$X;NqG_vT+jEKHWER|))@9Rw&_zeQnp_k~leW&vJvcK<> zQ2-f7f4lfKXDfs6<|((UAKT;|UJ@?ZCm(fxAn0e!KtqRU`LrY>SEm zH(BKpgNIP6?;|h=svBl3+%%(r%rWjjsHM-M@=#&#E*h_KBcmlTb7XC4XHaH9;P_GG z5!6&!MVp5q3^VsMvUphoS@0juda%%v z@m$XlB(c^Qys&H=xk&mjUT%XUd+yMm@i+gLhVNfRQU8q+FO@c&m`&Yn<*zc*+i#5g z0{&gbYiL-$UGsf4luuWVg$;u>!*BQ>yn>O1H}caL)-thywrBl|>GAv44n;3j_W3kC z-(RBne~*)lcRD6muYGdz?)c8Uu1RCvu7J+%mbg1bjCb@X5Va~iqfux;oxyL?zwQ8D+?55JYT?ZgSXjLovP;7|GZRfju{5K#7{n#4+BmV*eOidX*--7b)$^1Wy zh9za~UY&E zgJk52{sT{l>p85_K$g87HhqM-kwgI>_H*3vZ7c#WGFg%N3FQ9->Y`voO`PUH;P$#! z2I2$K<4`kfauHMBvc=D(K=|_uy@8d)x6)36@sBhJtJSN=td$48F&ouOauem|#-1-n zm45bz(sCGqk?TLB3?bqJh)Lum_6%t{XzbMef_i0GQ-e?747~ll+~~Wv^fVZ2V#Men z?@Z=0!@1e*|*NU;052p}f8QAV#Q01?18 zC0ccoWduW`7;avW3JjNtruG6{C)fmx8S}0lFi|LU1K9TmH328P`{S{G&&jxlO!cKx zT>w`y$neJW>QWDg(FVZpu{!K*HgMzHTAp9T45>r`WPH@pk0=HX{<{GD5}}BA?xe>+ z#mtJl--rew@hUi`2=U@9LbPl=Uqud^IdUTv$d!LC3U%v!0RuB| zolMh90@{UrKPys;JnEVE?!DB2;tJturva<-@Mer;Qb0{+44s#2wrHRPPrdC3dF4zV z3|%>FBS)8pyDR-=da@G86!bh_4qK-9#1!o%b+FY(1*KM(qV@Rk-mh zb_GeLA)tfq##m$sAac7xQO6Z*I1sc=2awo7-4uXZ>Z5{1 z_M6@fTOkypk5TKI1#*@4QpLrfc-2u4Mu@!brEW4QMvGLi^6KXKIi3^Mj@REnmT0QU z>BcB1QL`8@M>2wwpaLUHH+@j%m~8UuDXM$bWgSIC{@#Qx9SI zYb%)%(Sh15U{^zMVn?bKhLl2(FzipYvo-NF$MNi$N~H%_ITxF`=k5lDkV>i(urz5PJqiIjS`+<=TR$@Z7v@5yp4 zMCB%!l?I7^9yi59?mMuDSz7;vbZ&T_A|yqoEOr4j&eg70M2Vx#REGR2j}E>Biv3jh z%dPKIjY)1d`<<9b*^bwkU%0uyeBquT@WJ9&x0hYmOUV=P^5It437(g%0z%O=lo*OW<< z*l_Juee@XXr37Wz&p0YRAhS+RxBK{JZ3apZ4)9I#m#vwD>Ig((ccM`DRzsc5E7wR) zcZ-tJEBK8?f&?4Z<>BG6)4?I_MSpNum>Kwd?!6e>5VUGfy{BhELMPrZx$GxT8bLpN z1z$WrrC^nCB-j{WwTqi-R(A-!(KW5f|4$6@yc813eLCUHa~p zc8#RiSa@&Dy)W+!IX)p5df;fE4OjQn_WIoz!*Y9i!kQubz4@oMRv)a_%5B{oPVvNL z_X1I>*TwulWSXYGdGjeSsm42F_e;apsM_u$@0g6L_3Adh`>uvYMonOlMHYRua&gH- zO@n`32A+-sc30I$S(gsPYe_hKHeR@B(URrM3)-|dY&bzrTc+v}N{;i^&95#k-9_Hi z9$x?GB$|=Glj=p^`Nm~-;WjOoSEru+rC;?km5XLl}`tyDU68F5OCaZ*l!nwGAVJ}Ke zOXTFzOE_p}PsBwo4myz$5xazwnVH!OreG)>M`y=o;IL1MwMWmoSX3k@q-(3FoI|Nd zL~! zi__8Z3U@zKK)~{D@`0Rbo?QU-Ych2Kc9lYOg>7kP*g+g>*VK|Tz*tsweab&)<$+VE z$6AF$+SZU1t9$QgJYe%yQ}}GN;kJKWL2>!=ZBV#Nv5Sg|(0;D@vw|e&s1Yj}eJC!y zd=vsBTBuWr-fFfb_zmExm@?eN%d z1RA)UZDV6&`{w?rxa*^?o1GVskHq$)1WCIjm#6m9S-Nl`-YegU$Z{7}fv%{K(0b6O z4jqd_pz&zi7FAWre;o4=*1su%3vEUMDXlrHQRX!`L{yG!Kk|LWl=$m6d5dN&=s-35vrG<3ZFp zc}<~n6lmRzrnH83^X!}0N}$Mp`hR|`i`1?!XTSV=XB)G!n~feAuq6F3r%~1oS(epT zxZFhZlAxgAXDvzXlOtRJpqZ61`z%!vR~v-mAVQt&S$zidwCWo+ZK^B=*VX&t#kYrY zQ6~lyM{HeHmGqM3I#+MpXe-%Uyi#1;7Cy1*zFApWaQ;(sHJ56&MPQHp^3#VFcbJe) zD(ZzLZ``Rg2)a3Jh%=PPo*Jl-;aVqN2G$IS((P0u_scCNCB|o8_Ke zV}F{vff1j~7}-86P~^7OQg`jOYyT?k+PZo31^hC8t)&SZu+EA(Trv0V?eUYg(o|DB zk8#CT8ir>cfqA8@qT(H(S2wVv3GpO6qK*7lA5(wz>Q&S0)C5T2m(H74TCMZKG->go zMVrtFr2zMfm9#jjcrl!1Pq@1;78c$Jy9*5`r+ZG$&du-QQFd%Z==cg7+0Jd-0zZ8^ zjLNFW%9ZNB{`zZES$xn7&!`o6Zf74IGJrsk17gh*DX9{(>06>eaLn7*TomT1o|(-xm)o0dd=1> z5S*b}>bFf_ZUR9BS}Y#{sXfisa@~u(yb@>uxj0DjB0w&-wQB=EA`-nnKOh!OibB6K zGss8MP?vvQk%I0^uq8N~2+c`R(%*lN#`YfxzLsV8SL|s~iHYo3DW{%8_3z)O{p2o& zC!@Nv&c#-e^(MOT)(Ou)*Ll1ZQ8In_Wg6?g%q_5&WF0<->sny6(xB12cPA?#Ab`$^ zoSGWFix)3~cddTlKyY7wzu6vX%#hscGDWd=U^g_wQ{_nNNsMH=$n|2}6+3e0lB?ZO z2*%n#2a08?zQSm3=yx9kugBC=bURc}jKW2hixfRv0 zxQ^G@4R*$5_D1SjU=R0Qee90el>6%tEBdaoz7>lO)UxH6STz#Cl!v5eG$439@C(cD z#O5eux4BUbDQ2Z=xGwjcbb#)X&avUD*4FXRhfLy#FXBQi9haLkRofq8HZLyLvc31p z5?xTAWq&D$vN7PTjffKJ`1W$FrTw$m3Z2JRNJ>MD4aV(+vD&m+jmP> zZeEh9;XsACt7|9dvBuh`;ON+-x-W1Bzr~9F>2q@QR*qtM=zt8wl?3LpkJ{@ayHKnt zPB^%Ap^(rY!or~?AFVW&qg#7Fn8gJk#PGYjhSZF{gA>0HxmPTDQf$Bq;gp3KfM`cf zc_ux(F45)-Zr3&U=HQw?i*dXbf=nDlDOt&z)^+w1aeHHju(IH{_tyI;OZ z7Q&n4+Q4T$X&_lHu z*;+7;_~sNJ;abeu0&Z3IsSv8)xCoc}E_asX`bmi5{P-*H>)^ImD*91)G2g5@5?Xt3P0dz$Vxw+Ueme#br0bURNhzK%1&F(sg431J@w>wQR*%W63i$MQbT9cD>5}A4Uz6w}3s2mM(%cNDHvU z3N{+dNthH0(WqdN2uzUAp9LI?4bIvm4%VwbLYAiTgs|GWI)3*WKu=*fjcWE6#4FrG z9$JxZZxz$cHGBE}sr!~LUR(&quU1_!`@;ugJl5Tap||Pl-y&RrH=i~PAYWk^hOpka z$jCw@^fBmbAbW2SA_h7I&_NrjHFDZ2`ih*-7741zvSs-Z349e$BuB?(4QL|`yr!?O z-&C)X&|ZutgAR!Yv0zl1(F8_<9jzIqc74_U@D$VH=RpE56Gu=GU->`I{=P{2!crXZ4#iUD4jFVJc>s{kxlGt#^g_;KkwIAhnXz%d4-Vj+Z2hE1h$0if-y#JPX- zhMdLRuJ#(MZfl&1Kzjla#;A`PH7cwbtEvc0M}Q|w!2~UjkvaM?kV0+M0EMd0=MYHT z7^uO?Rs`{SYwV_t8=HVOT1O4ynn5Dm>F$6rn1NIP=XQ>1lJX^RY_%Ub({9@M_%$%a zt)L(kVX771J7)8UgUB35sv36f2*eKi?%we7qNeGvA-0U0+8v{b)|cBLhf8@OFX0Uo@> zUq*}jomI%DoIWp^`ZCW(}vYDBH3X z*es57y*XViSOK7+iC00mJ9(WC?JKwnbk2!@`;>2W0-$Z}uQl-oC*jRt5k6u3_$Hup zC!x3v1%AXg+QG%eg;&b_8gl6AH22&&Agv!K$)a|?B9G6wLysOklE)6)SXgK^J=9;O zhEM*Qzn+%Xhe83(sGZPaC*5?xg~?tYEvAIP^Cqa0#^Lz^ih9Us#5e^PUJ6TX$;w#q zr*lU~#|nS_b`#brM0v;sB1U!}vDSpc^~&irp12YSh@)0FeMeYmvABhvAL1_DeFGS> z0I;6fFLz`w1q8$ae%1tB>Q3j+Ut=aT!QJE)(8@sAmz7$la9JTJa6qSL(|)HUG!JdR z*Lhywz<{e1#Hm;N_ABb?>181FpjZJfwbC)8N7L|vk!a>Vwbf_(mW2_BvnVtA^Upu8 z%a-cL8)NUL!F@|60%|9{_>VyV(jt6VQ}GHVQ%DnIIepmv2-!f|ExzX~Kp<0HSFy#S zqLS>F4-;Zne!U?gCMLyJyRq6Nt-46yWr?4^o)_H*j!btl7c$i~v&(<`=wy;nF7H(b z!29t873&{_)j7 znYo*ThL&+rTh-1`*REDG+3ELKEOICR4DNFzfCsTS7+%r2AOY9FelSzm6taQItAm{| z^0*qGCjL#EeONm{=u}WZ=d6>Lmflt4I+!7?V^g6jT@?&xI2mWxojWgs&}b4~gZ4R= zC(0oq*tjm&G|AUpB&xM0OAq^|I2+lAC7j5L8WWBmKd!oHFSG{RsWpm2fDOtgCvLuP z;Ty+(TvJmMkpMTT`p*tq^X(;3$KNR`2ssx9DS6eJ#LDccU^ld_sx2{uA5jeY(}I9Dl5#^Vkm#5Q5E))&AL z>2uv$(9+oCb}tOCK5OcT&5^T<-qJl!-eCu119tl{)%3!I{e2se2$^Jr-ruXNeCFmX zUfxJ-fvHXdz(Gx9FMoM?Tj1rGyTCI9+Rc(r?!H~PbjF^52Dwi#Rx(AP@1B;RI2}CL)5P@j#4+M=+svVYF4u=ISFYse+%vz~6+%M+=if{d2w7q9olUdX?9Q%xl z3U;cZViyZVK#GC|X(9>|1+4U5r8A?Vh=^mCE=rLqC4fKx2gFJd0uhj+s6Z$|A%N6( zouH0WuJ?Mr=XyVWjE=ya2W?KhwKRYvY$!KKzJ)hLmK_~X=Vy|+ErF~MoVCS*48USbJ2KlEyA6L%*7Sbx^(c0J#J)cb>V^Dr# zVHCm9E!_9`g3><6&1rJ4@@&lGa*iW28pKxUFh_T1BacnE8ER{15e&H-p#&1{|9g$B zr1MQeJa>tx=nfzj<=COhCh%<3 zJU6N2_LTE#YHG9-PiGNOqp~`rn(porSbhHN*;PxIKE5X}=s8PhN*^ZqQU0Eam7Dvg z!v}O89Njw~6>6ID538Yj432F}e7KqF8cxsYfo|gq> zB0=kaQ+4Fm^Zz&jrFuN(ahYNTmy?r|A-5+=5}1{A>jb>z9bc~0%RT2y;|IhlY& z7w>BFZ?+4%KY!Ln4oc8F<5!CS2<;`M2vWyrWbiT}lVv;y9dQiDsQOCFIkq;v9t4sw zf}`3Q5B0KZdQ5!ey?gDJ?BQV#p>3!4VY$nWl!b%{b~extBhFj1-GPfKuLpdGL4dH8 zoqzuN`0-<3D(dd1LqVO#78LOO`m0@5!yRcM+oE-`<_nah(ntV=T>f5CwY~JjOvMgl z`db(+rJ?bF-Li6xJk1fDN%5s8*Yh<|0X@b==BRBor)67gfyO5EB#M)61_hbRR?(4a zzU)vCmN317s6nsbQi}h&7aBt2by2JdvP_bRf@mItRALP(9MrqgZ%xu_$WcK@iojDI zWdg8k8&zb%0^`^_=a{UkF@bkUoq zJUtQjn40fJH%N?(+=1g!8}J`1Y8rA)+~UfH+*2ru(DJ)=l1A0y=5+{0!J4rOwoN`6 zHjUQY!jL)m_Yx=KL5~^1zFIC9C_&m+aBKpl=?Ei1e~U)gHhrLIH?ZE{x$WBJi&}Uzq#)iLUcHx+<#l_Ck33Ie zouyPI`xd|>Ij1~nw~fJj>d~yDGSP(obM4$Kp~w2BP7hGsvEz3$dD4J#L*{-hYuZ!y>w}2;2PLNGXp8t^bdYK_O*apmM@LtpLVYd37e*mGyk zp2kvMx1fJ)#Q>UBBnPl+$gTNEBcKgNRv36X!1ecm3gDPCn-LChRT(?F?4CRx-9deQ zv)JG%wvd~g$H#a4_8a$(H=6>ZbA#lkrcu7!!FXb8-<>1^;tIoH25EV9-JPUX)Qo2G z%a$oaq#*W|Fe2$mDlsypyOm;ur5A`GkQ3ph6lOlndBZ-Rc%Cw%OZ+NSUhc*kR{bA!OL7n5(qkl;g~RFY@IB077Z0& zUaB(Z)Ea`NA)Kh#vO zNhTrLuvuZrxy3@YX%)i~MAldQ8&Au~0eL%-3Ny>mu zg{;ilRjc-p92&)SCkp{MKCNVVJu?d4O*p7II7CO)i$ERd(1P3 zie3*{zsS6DHOm^{*1UQ1=9wJaSy{=Fn)x`yfv=|y(e=moPR{BA6HRW-2s-Y&D#M>P z5B_S(8i(wZcu1u{d;9iCXMK(y4)^{+B7^KpMUGoIR3f$;9RF;mK7_@$RFh8tkoNA` zW9vS0=i1U0Z77C&?nk*1wPoZ?4f|}ENudy&jDz`ELDa|*9`>%?y9La#xL%Z$NRAjf z@4_{K6n$i~+0}y%WQ=G&Kfn1vQ0Lo6I%t16Sd>9xRXH&_Jf5_;e!qe9F#i61m7#vN zG^0#$%;UTTFbud(u2mkv96sYjp!_Fi@%%<_$R?4trU5}0kWB2yf%epdaSounMQMnP zue2#)v>Q*3YZIuH3`=LzV`^%Vu*&2%t~1R=j*;0o?ub}(pb z&~za|K}*@ts%yzlk&T>8t8wgY)wX)`a64#RuffT9+rYLomU>=QUsi>+iKfE>Wx7_l z!Yn4#m^2W@oM{Lxnaa;dQh&D^I9#Q)aBK#F5=($N#!t}Nea!;6xdp^%+&cwr+#xch z9`hE9D_$1IC$kJw%N1y2YD{XvEPC+L`|ayV=JL=1!2ksFm8$s~lSb)iL&sru)~VwA zFu24K_th@Q@plsrK>=Z@a9FB=_9zSz*VoUyMm4{EIiV6JQh zTsfNlsICyEwa49(^|L-7*^F+Xawo)Q9oN2ngp8`NM-8AFB2trW0M=aF^%_80k377P zh{1!=Ja)G5wm0vBaAKH22E%u7zTS~zgS)18nK$Oq5j>8?!a=zW#aUmiOvBCFw_^pY zvmWmg#~lLc;l{07EwnUjOc;{tSFU~!)buq5P1|T`uOR97YG1sU!+D#$uf<8Fy??QN zxcBLm@#|+NhYHnh?9X zpiL)y?~?V#Tr^-o@@!|Ewg@1VQ9alq(0y8WtC~@S&YO%(%||DwTiogEs<()31OZAi zsfWXnWSCEXUOgpEc=;otT!S>@0I%WCyDKduJgbpbYC@~621?*IraSmj8$vs0?$+@^D%;LU%WVUQvnkX#52r%C_t*$9vhb%Su!(O6 ze=4o8t&-sMNL%Ft4iV1AY%yO<|rxae{eL?k%NpzSc-` zPfx(|Q=+dH&s?q8_!(Ife>~aukh{jKr_|b+gmvi zY>3Y8L^;$08j~KP6t#0rhJ6-T_o3sMFmB zoS`S_5v>36GF8Cjl%WI$&W29byY~UBrr`(W%dJL z+2~YjPGf-&c0gPE4;}fFCr_H9spC7iKJ)GI!8F|x%L-dG2-^-E*Wy{cxyW(iAez_j z`+Dp=AxS}6<;Mr3`EV2w^w_|yVOu2-FA3+4L+8unKt&2{>p7E&oQ(ye`}BAmWsAd_ zaTE>nH-4D-{r=<6t-91T=aXM<*zgJdgOm`S?`#3#(@hi5(7J61v#eW?5HZxay>UB% z5|M&g)QbaL!s)<-AVM_gplsaD>+iyFGQ}a1Np{VhJNE?tL_?s>I!l{gy;2VlQ6$rf zw1)P}@Ky%X?5Ku^l)jk7RJkC)%wa>Jek#P|uzS8FSL%Zf(@?b_~qhBhd$(sjgRpQv6lLOsco?yg` zhlqaEdcOK+_z~L*B>qwg!GbxsYOjA`Dyvq__9Zo}G-$PCJoG+YfpV zf*j$C0FMoob1_GfDjBvASuvP_#SapAGgVCO43E#gC5dg=r|4AV^$?Rx0J z%{=x9ue1wzm<;X~O>yEQD0jIRV13lN?v=Qo$OK>tNs@ z=s0jFE8{^n0j^0If-JNo$?(8|`)F4g5p;*NkU;L*x4{2nF9***DmvO6;%+!Ht{iJb z>yNbZXO&rzhz}N&O<`SDChgg6^uG5)J9K zNnPrD+_7O_fEfaM0}m6{4Uwo;U=XyIY!dJRafRz>nc?wQj%2&AlZcXU@fIPC=M4{! zok2&`P?c0l<6c@*VcY~g#Htsfm7CAAnn@^LphcogQSS>#>5&y&(gz6RoUh8Q-3O9XQBn$4S2i-)l8KyNtDBk-xW=$HwK=!B4Rmu%0D4oe^rkBYn5 zXf4KJdsRnm0TR^4@HCk!N`L24&=L2b*AsLHy2xnG@Zl#HG+3k#0{(H9b0K)yr@ zNm?Kz$=`J3<+Eq8w1xgpB8fr;zqEBop*x9bp`nRb75Wf1a$YnFK@T-a0AH1DPx6^D zS|aBINBR*9blT-L>QO!QLV<5lPn0-F4c=hu@4f2;S#`Kwin2k=S;*9+e9;I?1UHT3TXdTsul-mKvSz1=ea3H zcMZc!VV1p+WLu_Jx@~AU9A$ICBkFeR_&Z+h6Mg<$?`+k&b?S&Mk)$z*Ldo@18Aw$Y z(18lteCi?^Tt^JUuUv_MD1{Lrv6>kuDfwV7o0oj(FC323*CV?4*F?WD5wDR$QvmdjIQKiOuSc~AyVR%> z4^Rk;rkalU!hIQRW|CIFq?5)t9*eHMeJb2i%;}0-w;n=jkvnnXMDyHa@D(68-VmxD3KUy+S@t6gMFiHfdcl|SD0tofvze%hkwmR<=){Q=P9>7eR;&j*Gk)4~%)aZP>z72_B32_!f9Hwq zq>J}^q&819EZJ{ig9en^p)lO(j;5D^CVqpWRX&K4YV9Lz+tk%4(=N+~1PXATI? z7Z8XCzn!oT_B%Q{CJu>gwN*m?nRd4UHEpKY!W>`?>gWVkgCTY*OA3ssWKZFCWk9Q> zRS)xn1Bii4s5Jr&J=k0p*IVac1msKt1tOtSXQO~;J!q~4_SFVW_6qb+I#|Fl4ggXR zh+X?rid#Bs)20PeCf|nH>GGoeW%X!RXCF2GNzoTR=<50inJVCb`yggfbcPO5rw*)g~#aP`aWeP03(7PAhlnusAvR0k({om-3ZqP zRnzH@ApqNP7HR-3h{t7s@kRpIUaO#Bh+vjJLpFRZX(RzTYbUR>dbKtJ3SNhiWFTjN z0VJGNlM9gG0mR54X`8O9Wcl1ebDBA1e_uR*u6^v-UF0qBVvBnC zaO1i2=gFB2#4Wamjh)7Nk>`1^_EF`q27J=MKWUJhLuwDbj@pA!boY`muQ|NOwAl@L z9AX3w$wZ6lLr!1rf2EzBEJCv}@=oqYw%Z~`kkDc8aq>1E;-E5jB40^z93kajM*fVr z`*}=?T;pF~KD+*5hW_Ix$}jwLYW@4S_<6^#{r&%c{He6;J(HZ4r9vM+?l*f-(i;>Q zIB&7pgOy4HW*Kom!3?aM8oi)#f{Xoc=hBdllP1a z^;rDW{~rHs^E4Zy8?%HZV6>WMyuiTT&qm&b{CY_YiC_Qq)ot|s{`}*+|NDusIZkyzs{>rw_0dd^+p6qz;CtkV zqeA{nIrHbrlw2TULONOnx{0s2ch3-MtHum2Lh$R%>k}t^eR)48!@52$v%yV`XyCT$ z{_{m8BCgC?z5Fa(nklwY1o~52mT6TdRdRciGE^bkl&$)E^f0nK8k)L33!?*C-R551kAesSwdvf3j4c!R?F z>a}Y(!om#O>65+w4pfq#_eoob&r0EcgA2GukEYJ|S2~CJ6)GhY5RN|e_24{%*EEZbk%_baaaSoJyGYm&mje}#BwAq8y^t7iH*UK1 zL)+%(t2dHW<8w<8Jz_|M>H-nNNx;Ljk_uiv@ju=?#hhGypUuQc>n~p1JUf5tWQM~Q z!|SNcP!5=3ZZegcIE%gPhv3rpmnsn0vExHGt>)OVTssDEGo6_UrZeFEIJN^|DH1_8>E0{Br?&jbXoVYi11EHgn zgb%vXl8$Syj>_quh9@D<+iy{)DHk}YvZ`vJ)KAyJZwK&^`y1leaVQKrO^KkD#70K` zXmu=LZ9 z`=t4En-)qs<*O$p!?)4wI_ADX^E*dD61dRfTrgDho zE-L=piGTeHrKw{)YL_!4Y#NSeZTozd(9(!20S>eeF$UB5oB9;%tMR{l@``spWq7L!}g_ycVlc+qub3}g= z*81xg@HZ0~?g_RT%_KJnKhr?CBCm!UF4>^9WL(AQZ@;iLXZ%P)!L(JLcYusOO8(HB z`spW|I+PIIe0FUBv5E{MXwiD}ryuS+tsxAbr$&N ztgRwXo_ubY`_CV0@+(piSt0fXp6`@Wy0++c{r( z!nw^md3W=v7c9OvQFKkjAE*8F?nP@H-`Kg=f-m4!dSQi>P+gJplcn`-jxlpJ>{pmt zPddhTJtgElMSFSd9A4hlCvV<8yC(Ks|8B2E{`A?52a5+hs*kU4ckTCToEA50#l!rT zAK}GE_g{)N)IWxAT2p+KpZfAhrkEdeVqrY4$Y+985XnHkfB8%*i#u4Aa!gr+MQtg) z(^|)Tr9|0Uj=og6<(f6-$6wy;RXn+1o`l1e@4taRr^O1%iMFTJxTfY)Z1;8lQ;vzs z`_Bhxx|3|%pT8pJ|8p(iU`fqt)F=a~0+n*w2!Gt*F^Unq?owc>ygeY4d zVnvl(LU&T7zsri6&GXmm`AnjQE4aRn(Nc4nK#_>b#eMnv*MPwPtGE0gpZ&{W996S~ z;$aw)da8HY1i{Ng{OpVHcYNo^(W@lunf6x_Y%!p?22uXES> z=@Jqu`ChKClfzBYCNv%WBnK(DpTGXMFZe%t=N~d1Cs71t;o9PdyQIUMK3#O`OjGWH z{qY_IPwOVeUFH!m-_MkFDOG9AGoCuJ;5Q=jW~`&FJ@;_N{jsHK5fOKSe~JoQl{(+> z>W7zbLMxOwjWpH{^fsm%l^N70=%=Ll&8`8{VI9vJwLseQ$^xoG4w6NOS;OJ zR=xs4rm_9)bRXl&M-F1LE`8@!|N2=U-`48&bL+ERK}Vlu{MS>Kcm`;x8MGgNjOo0| z^K|cc`)CUcfaZdkdl6lnCy@3LAP$coTHFteZ?cFD!|~I{uUs&}8ck7c(Bxu?20f9_ zx&Kul?j8^&BGnzKU{V?a7eDKp!lO|BmiHQ}YpjkV^XYaN_?3G3^%0zK{fNe71E>%e zF0^8 zHu7y=U|%I>`RH5|S@zmPomF)Z zfwqL$jeurp;z`w%gj&rTOm|gtzzKUwWYA4pIy(WrU&dI%DT8Eo^7t`j+xlJXld{#v z6MFogffB|f$wQqb1?c!Lo|@P8@U7{!8^~NubYH~1KKtK>ate7$DS7y8MCl1n?lk(g z&BS_=NWv4P(pK(|)Z^X(VT2z)5J%{}PS`wdSV$AF`eZ;E**v5%(wppjqZ+{PFoT*E zk%TUxsH$u~5asJ#36B30arFJOJ_T7E$6Ovy*V16fXcQZbez}#<4(fqvYTDsz#IA(g zf&t9ugg6XHYk>RWLA+#9?5qWDTm6fWaVEIw#9-@M2kCu2#Y9igNgM8`X)0gwJ*?VN z&`7RTV1khrBDv(%Z^tmULF`g6e6#afM?O4)vM{{VF4VdX4*?DH6`;K6u!X;iC=(L_ zPWBk`@&KYm3;?~ozA#Vy&gN6$?S!Y6a402GwbYsi(y8zD@&^wRM~%;LaFZGwC6Zj= zm24)hnq7@U*Z99kW{VTAk82&{JTbvq?$JKJX;~(~Gd^Polo5w!2O+yDjGjiJ_8A@} z#o(GYzU_Sdixt^A1+=tD48C}m}qFfK&(P_)t^wr>VVchoB z9(9XEJVNy3ws2MF!K8Iy9eW+QllXbSLjX^C?s#n0}+Mk+6d7kHx7ctV!-HrZeY{g z1HnLsed|^xyZ>@>Lc%2&NV(@PWr93ei~%FXQ8$^6hlOzU6a!IR7}GLdx#)=#Sz=?J zRGT*sml6Y|qS;>EXR^SXa~O4H5FZudk@ZJ-M5EqP7I-HSwAg39RHAB;CVbZ8N| zTg})2>YY}IQ+5b@#R#an7Ks=;0U7AGEZ`aKj$Q_@!W9+q(G5XHr!kAc+o?qC{hHMW zV~}E^KwOlpFGa+p$cV`hW`q4eOBZ7iMC1f!Yh>7&;_&X}YN&%8m1^h!tJf!xN_l^2 zOX(YS%LvqjE)q{bBALrbZpTb|7S!9&RuP2;R(;cGf5x{hMAW_lGFph^1aRko3=!N< zC4=<_R3R{{%Zx>w4~c2YOZH3qPohw7dFBUvF9#F%gMjiXND>nX;JAE_68BtujMHZ@&*`d#`Dl09Zv&6QZ%`Uq{jg7xOP#6@Qq)2cm4?H|dc658 zKutGXnuH^=LkHNhOL_W{2R^KFaKE~-zgm&eF5zvf~xrZTwI0`SSH|!A* z3Ibpgw35|0SeX}VE3UmsePOEJ1 z05B6kmfr&l;!jVG20M&|R$E{=XPCs?_vEHJvK!=6z}i|2wBG{Z;(_51+wSp{h0D!} zY?!`&O@wDZ`2b)AGUGzwO%#wi&Vl}+WL_{~mDL)qD=057as53G{*0N^^ivh~4S*Vn zq5LrP?JnV95RK@P?Nnu*yt7WdTf zN+?SXp!v>b%;_eXl!@Yy{+T{Dn3=G3Pu8^pzL^4%v8kOoPyNO779m{#^;pLKX)EMD7TSpq?pf9h|iGT3NY4(Xxh-W)sH!yMy z3C|yu3hwa_9;l8uL7c!;MTMAOXv%!NUNnfd0&HHL6kY)2Z2;A|%`LDU5Els%=kz zgdc7Yk8I8gWP4mwJ{3ARpCochnGd)GLT!cX=*ghLJnjB=_n0X@EpT?nKIf^;L_7og zu!c$lw?@Kryw35_`YDGypr;oz)rSx^sUpOZ+s|TwxS=2jsLt0o3wVieAQ3|)L5HjT z4&6JlE=jH@Chro6GvEn^osNI`@cgs)7<()L(@qk^w-AB?=C)1AtJmqLF2^-)WJ}pL z6%bFf!~(MuL~jvJX0qCf@W^7(8lhA-W;fu$HCurRU9~%rIaNs{%l_4-r;PaX#A3;> zmMEkihExyJi2)LnQOEPtdJp$%)R7N1iXbz!q+Vj#8 zmR^3)fb7K!B=MZPz2k_WT@ml=eD5(T4gK$EP3^KL(3V(;z!!T^ZN}Mg#Fn8qIx0TF zrx+&1h7gqRp1dRHC*!=5PbCK8oRr zwm&AjYtzvJAF}URj_-Y`sV7y5cTgY#NR02oWumA(h*v8~qEs*;e6PR!5b()n5(ti9 zc1m<7 zUSTE6U5kGMk|2y_bKT(L6%d58!2h&Y$dugUe&#n4QZS+u-1`>K=?N0GDv}?YR}r&B zJXR8;8SZSbzMkSin^$pjz;gE@qm}aB6)g(=k6IBr5O6aZ+{w=Q5UCZO+gh^)^*!V! z+9?IU?IZ=B&Y?vx-WKD)sdx0sc*^1Qht!SU>pGf#uoREfg&w#fhDaleXxz*!(eeUz zQ87Fhn!$~&HG!{q@^9sAPqw=q9L`q!9>k#`&X7>}9@8KJP)Ed3wrg0Dfhq5SEE4d* zsVGih8xHs55%f;60Rykvo z>^?1XnJ8E+M(hVoSWFiPn^d=iORSA}BBJMc^8@?EK6sL>5$NIe+o8}M;-e&e_7n|?e)_xPjHLlqL zELz@1^a!ZoZ5?qakrdIAv0_Dh#Cs2pB_pca-N|Y1SBpyUu+!|Js|(Uaq%03%vVD`b z2m&)v_}7M{z;Sx1wJI@#H6ICaC^fs;beG-_NgflTkV-Qrr}8;? zU04uBGU|lS>SA+2R84mA9zQ0`exPBq=8&`>tA$AnC8ISnFI{Mbl{)J{6@k&SZhigL}jbIxNocA6$PfkCUo1vkhpzDV}$VP6( zt|xZZb|rycz4uO&L7{r(6VR?*OB7IvlIw0*a0h*SmA>Q@=yUw(CR8>kqW;MIROsM= z5|=s^I#RWOhQc683;PBWQqzIpwt`jjdmo{GctEcuo-L=ntM1;#_M+9M0W3$B~FDKb$uTCJ-l5zgq0!KABBY>(d9& zcz=qy?e_Yoi1={83)^ELfOCeMDv-SZXGvicJ^twLJ|Ta{^snp5&36KmJ@L`nokmgM z5~nZ?o8`yie$uXWd+iu>z9%&Zk6eX4{2z^{!H=!9I#=r#G;;9028+jau!s>96{(kbPz8SyT#A&YfRbR zBGOv1BV}m%AIzN@Lm+P4j6F4j0{y=S+vTx4QZ!rGYIuEY%Prbte=f|sGALWyoEAP} zDF`zmzd_tuqR1N~Ox+Laab$IjR=9EJ(mGcj9*PT$?=_*u$~|R@QA0S?njkl(?I;AD z%nnD9bnLg}QQ`;0HO(hoH4>!}5npx)??;?lPaM=#JV7u`!T*H}k#p2M_6ut1B%Oz( zAi7MlX_A?QlwBUMpt!!xvh#Dp^K4ceZC2!a+(^fUD^?t-RE*NJls|w^v`pK=l(Mz1 zB@NR++I65VvuI`$8jjqr4|g8TBUMNWsvi~l1|xAZChTLTeTGQzCVapb7^U3r-Nh3+ zE0k!OG0HxIXef}|4_?HSu3HW>h-Je@D^KryI-pzQ8)OVyIe8H=FnuVTvu+;h(1)>#=EX!{Y#eROHYEd|* zjT=c_8d_Q7t{$!+&&#qz2pn#jrWotsBXR9{5vaiY;e(7AR#o9|30QZ)Aow^~dQzs1 zmi<`%a@we@^fcWi?w{AvG*9#g16RyEeCTb<``afj*Rbg|(UX}jwayMN`+O-wGpeM| zr7O8nZRPcd_3nFz10XuKBwqugXr@HmI8+s68gDH)ORRC5w}gLH*Bm0IZp5QIq)f3qYKr}`NX_kEJfAyzQy*?lJntJ8 zZWVZBVgU$M7l=Qzc5-`r0wT3twZ6#;7P37La%7i!reDXdWw=2oXp74iCbOl1=r>Pg zV!?UsLQIfD6$B-EEadrGbqTJsi z>^n;+NY=_7`Id~vGV5OvrqmKmW=xfiO80Al_@wD|I=JsQ2lzu2y+^$i6>)B<4GZ5^ z+d6J5yF~9t@JM_^u6#`#Q};S62fNgeE;eIHt1`l2*Z2n6yB9kd@Fsfc(%NIMOcbu^ zh=e<$Y&PK$iUtqEWq&`&;R!CYdD_O5uCJ%OEw^PgTyy9Lj2){(Zn^1fC+Kbfg(}9Q z49Cq$7sr4&&pB)0YFO3wwegQm1)t2p32xlAoYXCT)Ds%Dogg`f;0@5sQBT&fC3@*G zlU*rO1?k zJ3E(#07i`B?Yr)6inhu;ODMHvOw6_g(ErXdcC+8kj5ptdUotKEiEV?C! z*P3pF7JU|kI&@YZfcb+g!6K-%BQX!hYn=}-CLiVQ0*a5WIW#*<>`Q?fzbEi&i)4*h zu5s`usven5=%Ja(f3WvfE>k>o|C~Kis@e$ov?)cEr7sp_TVE80zWT$F25Go2Ow|%e zidVfRCizl^!SgKw~akuX7u&&`~^X;J~8W;+ZlG2=*W3jxF{ZX*qq-bgr4 z03Haa#;7K~l=$Zo@RIJ{0x)O1&H!yE5@#1O?MBNMj0`Tt4yv_m>3n^~FFD{Y8Us7a zY<>kixK~}jKHW^`OrLsAJ`|0eg3Q6HCpMmbesrMU=KG#Gupboj@&X$k@M2peMR=+d z;W@nrBx6Z4a)Ajm71hHsZ6n-lv|$qT-JUI=2yZ;9bT4cRS|+Ev9<^|5qHDiQ-K|2< zzUrq0@?kLvH(1Gm#S|AG_{!tEUzF*&ZzYClMh`J0AZiQQ4KUhdxB(zOQ(7-K zIa~bO!a!GKr8#uVx06qx*cl>!dF%TNyV%DNA^d8!cMH+V+=+20LQ=SZqxA-Y6@xx# zozY`22_tESn*)9EV?fHsfi3tAlGYe7f|K{cobbMhGiYM%cw&~SYXzCwaf}`FPpR79 z#4`6ZckUVAo)qd`?jebaKS12GO^v6)9qkmqD+bVKft})N0!QC(&^dA>go?z&{fyi5 z6$Qc7h1l*vox^8HS1vdf>(HI2)&ZRjzgpD%;haGfa2qzA+iDf)+xIZv@6Vd(F+X!s(%P2bmAb;Z36KSxJ69fn>2xvpCg=04C)i8 z9`$b3bZMLMRkhDzdN-C8)R%Z;LhSe6>mOh952b%3pSqubS^L4YV~e&3Tm#?Q7V_{k zc%uTagXQoF7BM5X@oYc*8lR_#it>SLv|wl$)=Gm?EvM@g1Qwj~GH^`$)nbT(<>{)V~bH zp_;N{Ag@Q*h6<0yh=m3zI}!&8)&j(k$E{u>3L+P_ijImwtZh7UHC_8cB}_l=m-$On<5$%-m|Y*y+WPM7 zK!=H9aI8&D>I#^axUg z>%!KQU`O=6I@GZ&Izc6?-Qj z*_Y5B$Yz4RC-Cu7^hRtkhFKki(QUe~fAS>Sko&zANvBrO;ngM$`%hPvD)S|uL*Ypf z*$Wqtw65?fB`v_K-^4un#J=N|z+D`rKUbLHN9o z^BaYH!)dViMjjV;unvo#7%FpEOFJ!&B8b6Bd?e*UdW0vG$nH(umPRiH8+b9wi2!HK z6Og;VfVRU1?PNSg(uuml z+9jH_U^0Dg|4P&Gki6j-h!&Wbn9(kkb=34#V2_6~+)2hk zbeD>;jE*D=6LZ%}JjP5do~2rFM>TB8$MfQZxw%K+ZT0Zc03Yl|Pps5EYKj>_3!k0b ztj|WVs3CfKF)!&Jg_MZ{^g>0pMmrxPGpP+}_%3mv;p53K}h`5PL<_i zk-?+mjY0_sMWL_&5$kh|;=!oVfu8VqYW6s3!*qVd#4Ffzez;1kc3B(7*Jp|-Y;&@D zU*z|I0~&XXrW4_n@?!|8v~3uS=O<*Rg>?B{$bz~s9}N@zPcixF(6F|y=(X}=yn#r# zM8IhwDoSRWZJMWWrGl3GkkMGX_X>03PmPYJXpAt%a29f5^LA_r^JlJsnD5*i7k70` zK@tX|A*D(FgX(qGW~2Z_!nF&h5T6A)Oa8>?^7HH6B9a3k5K1kEdY%Xg{KpexV^?8r z_0!bw6h(}o!NW?H5eNCxB9zOdOH5;Nvp*$^R8Y~XA&TcE*DpPYZWJ+I4bs@TQ^T_6 z>d5$>7i3|+bPky-j`S*(X;A^fB`}g}`M3ySrwD>1I?N;>(JGz9yaz{OR%wehVgQ*WoieiIU%>EXA+SwMd9^sy%@One^Y5 zvxq+uY2Xdf$1rrJbwm$gZfqcMY!T=a$vU%95L_?==*z&v>OFtetBhe z5As7|aRb$pM8lz$NK6ft!kC&$!#q@RnO9#Lm4>6Y7zb3{hY=DB8C92s{@^_7NZnj! zJgML@VWM)sB5vGP@N_$%w{qnci6;jtE?j_bfQ)20+FT0=(!!EQ+_{8RwUR|zpUp;N z93wy;_TeU|nWcyVIiuXjfaHKqYg*CtY9>vX_IZXvuxQ=ZU9dc1Qp9&Iz$A|B*wHTm zHXh41P07MmA^ZrOc|b+hgFV6aXpu{S-aM6~E_O{)B0Cd^oAg^-<;XmU5@%r!?l@qg zq1-W2Ns=|?m;4CW&{ODqU*qJFC5=w~Tn-|_E<~hIx3ZmpNK-YttxI%#mWk$lxshB1 zXge&s56z<|pfoQe_#@2FvNVUFStkc9Z7z9O&5-YXF1vF8qkVp$DCabIwyd$@A8fEG zJ~}AQyT|0<{a(jVMMc)Uo?=bAfaI!BkKPMf>sj{0!-dBsau(95e4?M7D;TElHf ztam^%y_yKCayxQIz`ucl(#5HqZOCc3Ta$z1;t9HS96}aph89>d4Kw8Pi5Uu^8OUg? zRk$q#*AFf#sts{)9S?wDm%>LnOh`+EYJrs(h+g8;#*zBQC%{tY_LIbe*sjU;ZzP%1 z(T@P*n%5eA-K&o5l9$f_$KLRVm5P1>Ho2S7TjT3*z~Uw@XbC3K^iomL4UaxtmF*9W zx2()SiYb6J-z?QZpb)bH8D&ZwlB|&KI^d>FUML8-a2{%e&*+2~;jEsAtnISV*dTKg zcs|4!jCAt#&kPc@3o0MPKdI_~V(0e`ScGee#r@cB`h=LS1uE1vInD-LR35|Wd$Ya|di zcUO|L23pjcQDu>(q)nyrlNMuAC-xI*n-CJhr?>qGr{vBDf?LFh(*xZAV|yncn?dMJ zq!CT%KLAom5%@rH4ChCS$LQntq^(C7EC~Pl@uba~|Fy*CeP;fMl?O{F{2~V5ix7Ag zA;jv(Yzqf|YKMNtr?-WONZiaqbWtA80Ai8!9vYsP&^!=D3C%|;;SY-l(;pU48UqM2|#2n3Dk44ve! zU_qq%#&;V-pym3&q9&TMd)Udo9m8!`oXn9^$(=w_m}2@mlB83j!-wG&I9p-hs3X!? zL(hft<`ofm6J<(?TM15)W*i2ANNzw9%7^_~F{BO*l6z*0p^SIo9%+f-i9pf?-nr{9 zBFPrF80ZJj;R5dD)-OE{-XdQRKoM{U0=I&#ro(jUtep>usY?JaJj35LlKVjVJRLm= zm^c9C6AfmJ)PAgXls_3fahqAi{i61Jl7khu^5*3a)wACNakTEGi=$mbs9pYNz5Ac_ z@n5*WSY0)~2sJc*#LRP@02>iAuEqAZRj$NsEC0}9GDEC1NOG;@)|{v4avld*Nh;+J zj)nl{nh8_L1C5r_wmdp8m<@yyvIypZ)l2My5a`GjX~x`uc{!?PwCx982YSsTW_u7E z`s8SXe!vlAOrLGW`fLau>egQl`294>=w`IoO1?G_hTv>e4mfpf`^BTZSk8=u^0FN1=x}X`F3~kcb*_&T|}^W@2|JK{Qx8E zVx@X1fO)bTJAW<*R3A^@Gvk?c(B3W^`V0yO@(^N|<)udGD_Nh7yScZ?ww#ErVVA6A zX~>Vb1QM@3y!4IRNmOlZUerE~E!W?o{(I^@!t{QEHu4;3l8?A+B559Xt<_de2p!$ruMY$HUq1fApL{6ibZj}To*@w7{B?C6!}C*MQsz>hGa z$gahFPYSZN1SSDxc3l=+Ou%vi+yzu9Lnxy;e6%h6J^Ux_F9}F*AmF9ZLib)))mmZ~ zH#UUEZ)+{B-K*aSYdIHP5Whh%nC<~)<6+S^khTDX+%6!)SYC~xi8&^rPP*67q01dWQQlHH%IDR$xJ;r*oKr6u9py}+%;FXCocFmx?S?+HOm?lJ ztg~gYFL?q@OEQo#<&HRmz@OvHduFODQ)%ly^v$0j#`6-&l_knY;76qMPa0AK(B~1l zqh6_SS{ELBgp5Nh49J~Zh13^YjPydu8-FlYK{XCA+x)e(tA*YGShrcBhN)Q3_i@pU_ z5NsCUczBJnycPHwd0ci_u0(8}ntd>0J~b~_7NKCIY+9(C$?+zod>4G?5_X_>!lh8T zN~Y%4rQ(+rvdzZ4Fs+LHI_fFV6>) zvZ);F8|5JeBMc2yZf&?@-1W=%3*)I2q@CEUvU4XG`&M0LUj>anTCd;! z{l6IE|0BBdzb|yP5j=L=*474jaahaVPx|Pp_KkW>G2M*%vH0m&J(yL5zS>MS)C}jz zz=@RqM*{#Gn&kBQ8^O-xY{y#qO`3R^d zJjJl^!i5Ho+Qa!{{bST@A?~*owttV(xao8DVMXJV_Zvj{!hH?Wi}}5P`;&=34YU_5 zU2^TYirBU1*?Gu8vjAHVp35eX3Q&Su7I$%fVPN_9N)*$@%1X7pjp?=I7$bT3C6wM^ zh%6tU`zoLKBT1xCW@#fBOHLO2%v{oqChoHBN6FQE7F-#>sc$k8#iXp&$95ME4_{F5 z%oQJRs$z(kq`-N5_PO%U{?Zx+rC^_g26zg z8Fg7HVtdsp!%Gx89;zb}M&FUcA`QMjpZoF2e}2VB0gSB>HZ%8W*plvBdA(62Y#q?m z&DeLI`%}}z|GG(({io2%jiIoGCXXWZcyBcN(P;Ach-1(XUKxJN>8cd(X{|W}$fD+s zPga^PAK$jzOLj0<#!T3~eC5Ps{j^5wCti*fnj8kT7xHoN zf#ko99!#IHMf*sIs=?Y-rk{+tm&E;_S~qv%=!cU{@+8B+P@vW}G>N#&55m8qijB)G z@RI>JZGRdV8mK#f+Oxmw4tU)fYMI=_Fx@`KMX%`3bN<{3qKM0VNF3BBHOS38LZuGc z%^843mH&@b$HR!xGK8i}g#m^Ho;OBLErZC7q3 z0dR9Ul7s9lh|>h86Q(A`XOg}lW<9=tDOJ{Oxtl3drY7g0HRm))_L~3@K(g7gdYtS% zYw}OG^Sn=V7$wBn5UZVk8-#M4hH(Hpyme=12Gh7Tj?bj+7$hked)g4X`}x6}UnhCH zu}dpLJ?|+`oH}>uT)rh8b5v%fw$9wkxU~5h-<2sO3erqkKMz=VY zu4nuAg->}S2geddlbxrhC$aMVeAy*rvHyZo*;!nrR-gAj&@T$*;p}G%i#rpVmkZgT zp4FB0vPqrZ)hq!%3iu9~>-0E;!X2(?Rf{V5PS4L<@JY)d^6b?y=jnYg4z zLTx~0PF*vGA#uj5?=O;X`y7Yz;CzxWyWGN3NLS9Q zIR}lV#Uu&Gz{0_9G!u_X>*sEriwn%XRaJenX!|tRktq~+S?rPQSJjC%hcY*O-D!O4 z)WU_|!}+|9k|vw|1A63_BYG@r=RF87>EoM8>6`V_BTTPJN*fWI;te<1g4?oA<{^Og ze$VH=WufKYp+Rhb_%9`W0=%CyGU@9H4e2y9r{PBSEbh-){WOQ96koA}PB_mvbf=F? z5_IhP`Q_@iPZOF)LMX$%_JM^zcX_`# zkG)!c%G^Tjz0ah*b8p>nR~cXS6d&swCC1A{BOz(BX;==CAD<Q+{&jB2+{<76ue<;jPV8m~&@VIk1aj)3Q92a1Wa9Ud;_ z{$gBV>dfvMOUj$z?+XC`-ceZbdp;~wY`H%Uq{qc>C-;W@6i^-#O~?}{TE5-WdXg`E z`#LIe1q$cE-?S7ieiNS}-z-qDB(<=gmWL>5{&sEPu4kY8Z~bxdBX6b&K?BR~_0EM) z0EyMtN0EP|bT7cYcD$2#c$t*d3$YDr*9XMLuWcJ&WBB&bMh8&WiXrmK2hvDK*M9t4 zYlKFyXoj`MsHOAHovH}cPo_+u%1X8ey!i=h?;#Lc(iW?Q%>87aki2VpnoS9aosYvk1FMQY%M>3MPN;`kt&j+ zBQ`oZMHNwPbzS-1X4hl3i6$Ea2XNZ2wI?QR@HiNs+WG%&MFJCV6ovoGZQj=;a zA-Te)E=EhWw=?(%JHzU0+2g^%irCmahJAzW+-P+hMEjIRuQu<>C;nSfJl(&f;-g1q zNV(RnKP;-7uqWB2=t9LRjjxi4`qyByvnMGtI(oV9Ox0wUcYms%)Tu2j_$}&nyxx~o zjo>f+=RNxG`1)E})?W80H>B@9-c)e8-o$t2>VTl252tK$U#Bi)$E7q*e+iU0}yDm9D%;VL?i$X0nK~ZX3QmhVtNzL=@>F+%C@=Jeb zYU+nm7EEK5D!qB~j;6bZoXvW>LUR++2A#{oR%|l8l4o$Ju~bDz=gVeK_w!w?bpg0} zx}5@^?q9!H;^Fo8cVb)K6lZ4kN9D;|9x^*{aD{kX@SyX-gQH9jcb!IIiC77@K6S$k zX%1dYNPcxd9=))Ek*SyXV%Lf0hS!-E7M00WR*hj}RD--c`l*+fvn%?7wOo2TfoJ9G z#@MhQ#&9}$1X5F+6Z7h^Jp9{xa%w9FotH9My`4gR(Jgg&73)s<1)lC@?R7V9$Yp5U zvtdWrEHr7{@In5jho@X)`x&dcim@=>P-bRN=$Ui9ogOVm@d6%9mS}J1h3cWct1Ir9 zT5B3c+px=pJck0LMXM838!~A9hwut`@MG#aF57T5YG@u^Ij_H%(FG3SDnNfry}`LYyO+PB;ksMp ziyL>|sMY)Xv5hXiaeFlLe#60~Cy#(G z-=wL_nK_>BqZn9P4}10xZp>t@ReB(Z92+Wm?R z8#!G=NCnN7JrQ6KrXQbrS$LlfsJ4gE32lEUJ>IVfnLtkf3o82Hi=sY$W zTA3*z0PiEZhpSs7tOj-rI^zeD^BXvx?(NmX-j&A+Wn*l_kK7)8?DOJ9ulU=xggklE zeJ#D6(haQ%c?Lm)@2*#uKF;%0i;OeJRw4V(?!=eWQdS){olapXxDDPVw~}pc-CAhW z==JeNuhI?;4b|R`M?*t>c-oAO)-IgRVUa7WLyZj?i4J5_K4E4u6P`y;^_kvQckm$I zpe7|t#@s9 zcer|@li%B3w_-(MtY2mNm_kn<}LBE`(EXb5CrlpoX%})RA};f-(Kgx zAj*4A=9N5okJC?woGsWXj`wXA+Iz|wH44k7w+}g=I@RCX`P(G9hRmKRd|x=76&3iU z?F-7QmLlWLMqD`WeY_}MM6r2x+|@g7F$J1xm#{3qE%?o`n|3f<840k{hjkW-*dj_ zeE)cN&U@a&+}-!R-PjL9L~6=Ql=@*hLHD zFWEG`@$M*bHfyMn9@U5^Epd~pD-2JXzJ9T*%iHJp0>UN4ItGpl=36dWD}ft$)|=1I zuQ)IE{oYrrB5R!`SxyhN0&FUx>^6>RSk&*Gk>WkmckaXDMcGpotP-jQ>c=*o(vkWt z`$)&buax~fKwsN^l}QRG>OW8UPIrm=WT)Cjq{4-V`hUU~g_l)-9HaZQm)*FLQUzfr zzxk4Y3I9#%e{;GYeOEh4YNzX}x)O!U54L|;Ac=^c3X0(es|WXUd{?aU4YoD}K(ozW z#i0;qO;G61t|=cY@2#>i4~Q(o!Py@3s{v^SoLH-xYjJq)$wqhW z{g2Jsmlx}Fx9N0bRDjJuM^`o1LcGzA?D|p24xX0yRv)YyZMDtof-=^2LiSeNxQA7R z=I{LX_&eZal_&(c;ND4G*R1Kt@A{Favd+xyy<%Q!L`62$>~OF1kgNDj{4r+@UTc|* z%foLa3~F_ZT>qx&3I6yI@2WOXzA-V`Xw|A?Vok)fk6E{}w&T(qj%7L5_Ia#|_!4gO zG*>l0HX+%@DWmlm_gu=WLVT{7QCQXCrl$fNA=d-WI;(vhpLjzFhHAw?r3e4?kPjG>Mzw%XR+ih)}WXZm^j9vZS@ z$f$YI?+)opNp*R*3a%!2cOt{u=_mN{g^k&U*ac zi%CKjg^vh>Z{X;XrsSrYn05%F=7HKrS#nEL-Eg)y_w<@MwwG%8k&_VC0sXIyG5IDs zk0ufzSx-y{-;eUN;^hYUeo#$A`lK*19Yb*jL5CR`e_8&^YTp?n1oyG%(=3}hZCV=I zH0RHq8ySG<>TGWV8w3TQqkeejWOhggfuTHoRlLhXzv)UK+4qCpf1Ln_{r!H83ojG{ zS(mz5vIX2TK|i8(GMcQ-{98-11G-drD^m_X9r*a4939zyFm#?o(#%22c` z_ot_)ua4eqFm>wG;D`itM(I1kF8_YWP6w{G%D;i}CZ%9BzNww^^<@keF2lVkpea!i z1jcobG%);aXm9lo`b8ivT>~BJ%uDcaJn5-o3v90c)-w@P!Gf=y^wlc)EpVy0m;hw8 zE+5(Ok9X&ng4^V|Oixw8)}MR`aCZ_u0qUPWys@9~!Tx8_;ubs%K*T;Cw*%kaXx-PI zTrSN=-cs~_*`!CWzhVOH3^L@s?`@s4;;XOHPwmqymm3=oCqp~S8P@3}T@C#i z;N#yvXA1;)cI$NrCPyDuGEPoBF#hXrvP8e+(>JL>qtJIo35GB}a)UiBS)Y_tZ{EDw z1KJ|;I7x`%*WD*;w*ad(>a0n1kJEmBCe)byc562t-ej<#NW93+&mR~qVUwN|1hPi> z7NBaJ2lII{2)Z*~pWWlQtifN=FEgD?Cer!H@ImVg)j%>iRfE*GZ^e+w;3tPc$*&|S zbOY!wj|&RO^Wh6rUm;<`rMOc#(7>njrPkXnxM6eM!y~Y8CG!R9}D`cX-wMZ3-l)^S#g) znrmcag!v3V_d=6l?8M?EiTZ2XFR1HISHTr`wqjwtgJr2Rc+dM9V{zrp_m;TzC7osi zw0@VXFeEGkRE#nb8>6yjhGmYtikmqVegMav{2`_)Kj?~qK!=_18xzw>SfS0#+JhWn zM^TsP@(Cjj__2Mq(N{DmEHcsye2ZY~_i$&*07J5HLp4UTc#-)cEiH)o$QNHNvRIK7 zL!%FTKq~kY$?u);e)(x2A4S{y!=~vZjPA1nW4Ao(OGbJr4Vxyci~B_s0ZMNMJ#|Qo zhqXYkpyXw4l%-34M!7VWkS$s%XlLLqx&UyTZcm5$BSqtH69BXHYRlO~%}V)hTYSVTJT- zf-tNUq*kvddTJ9PQWNh;B$c-3^rA-_sxhM810=(`wvXsx90I>ijlz#y$?veTrz(rY zNi}Fw3tp97x@S729u%~6D!%F1g;k&H01bYrQQh`cXJFw_-y4d+E^@I^!<+t&2U2GT zee4Gb*la}?Oo)-mc(UmS&WbqQEY43J0CHqxVYHjQz5T;e%8I0IcEaIhXdp<8_TR?0 zUMDw6< zKtet<0|axBXXG8)u^ZDMF&_vM63fXNxX;d=trE$rwNM|PnxO$rkz<#gtFEj*D${|X z3C_NMxepyOL@)rr*r$tm4z#_PUc7Z#5%>c<8!jnHK@tJnqU2g zIzovp28vYdxS@3nXP0yN(fOsA5a$V9wnp;Xy-LyJrUsT{KFh(*w(QP>;M~TVx8vq; zj#wXbB4;OJ+aCrMqa!dw{maALye|i^47yk-a&!BULu{Xpp$OvsjecrQ)17Y!<8mym_g?3cRMBFJ{H%W;cX)@$0yXW ztGrVz*!HSC-&OXyJBjeb1-1lfbxo63K~6-OD_F)7bNgneRfi58s;{weSJUXI_p0#k zKUIDMMn|cdU@D4f!eQS5Qf>%DK^S0>*-CweUAi8o13Km{^&p>~^0A9=>mnF`eT^K~ zP@=oJX)+12j2z%wo_%iL&fq{lI&jnVAGxiK0tH;SAW+oIotm4%hu|qQe8Cwi@@)GA zl;2!7xOPb;W`UTT!9lUjtWobeGY9aW$uYIG$M3m;1TI9sh#K|UF9+q-NTJX8TAOl% z4ZqaG?f4M9cvNc2_{11=r$r-=8_-qukJ+>z5E!{Q1}c-e1t_~uxV_)S50sNY*l-l~ zo1u;{wARQBTTI~9HaLOSR8pw{OXxtt{HfEUxeDE6sCt-m~Pu-GoQF6=Ia-RN%p-gP8m8b3I7BQvLpK=)+b zR!ED%6n=Jp)34Z1MS^ljRDaY@_C|Czo0T)8J7;~svHAGzqdV@+#-C=IVpJ`C7{^TV1Cz$D@fr*(1gku# zEmR+ni#WXf_53opf*c4?cZpdYgPlSnp0ZX6sC-3n*V3*-kSxzo0D5TW3Fn7k?unW| zHkWyMK`IkHC;{hj%(3bT3W zu|oD#0c2BDG%|yw8U#KU)2ZY-)6R#9X?_9r9iyMcSQ)N^v6Y&8e!>vsLEv?&)`Q8a z#=L36Gtw5l)Eie9ftgN=qXCGch6Bju}k`dXVl@pG(U|^?hkp2)ir^f zZ6DaWuC2+v)5*ujXLN0>+OV$==u^bwf18daYS@O|y#K+ZgbB9kw|LSelr%)FY`rv@U7+~8A{T2>cg?an7HPOG zhTmn-6a?Zy50co0I||J}|KWHj^SDcAAeC^j;Zjw7A@T4aqZy^#V45^Bubt3YWsK-En}$U)Af=kM zAq;O3m3YX-P7I8Gw#&Qm{nOvd;Bw?Mk~Dy|HO4$O_pl6RYGu^+*`>o>rId%b&5p963;}0ux`NMp z1}P#8v|3pxWgLM2E6e_ZC&Sw`I6%BM69>S7D~IG&7H^>s)Y{lXpC>7~U#& z>68jq*2}N$Ek!}5RdDG5?grjw=ci8al-&J-ll ztsyM25F&jqh$VR{=Dk|Wyjs%PE|J;u9!aM8dpB_WPgHFIyZ|tC3X)cs#dWqfLl?{MWt)B z3+Cy%zon(+%tpG!%EZ>kebVCbfa?^PVbALXtfkarl(@|XE6NrDJPpxw2u&=?XmADf zjN%U&^74R-gx!XdH#BeUlv9hDWUH2Sepu3(dvWKh2vi`Ye+{+vfQ%-3kUNs^QYJ_V zjiTu{V2Wh|n@GvT)|qW@@07s@%kq5-kQm*cTv1IPNVpJin6t{4n)T3qchqag=*g=K z#8wNscR&t4h3YlO?A+EG ztm@xGEKStrUP2&}B}_rlK5&h@AFjdyP6=6mur~OntL&p!4Vo>Fy(mPmPxt;d*@ojT zP2j_-T1E>OaeHh8#JyBUn9T~843IZp`GT}~+m+9rCRV7|-8(gMdQh1|6XXc2X~&Kq zkMD)F2#Xy4z5%g+K}cT~O`jW2_jc9=o_^1nQmuWF6 zo@%)v_3#=ksFcMUuAo4%9gr3CT9V?Ph(qPU;7+`c_*{F6 z7K=FibVKJhA}n|+o`rzaQjui<9NbhVy;mR@RY zBh{b_+f>h}AEv9QIBs^QR>N=8y^ zsBQ|c+cy(myiol+^V9gn8Lv*7h?9!%9>uMIS8?>vpDj|5ugnJ~AWkxJvAKgA!`dTl zH6R#S_qO^PjYhx2s;^FR6~jYf39{avWv9`vjIfYGd;IGahmhG z6)W=2y>&hZ89?p}D=%E?nQOr*RfdeIG%h1IR&7W1X#Z{QaN_eo(9-1h*}eOLjdHeopYTJm(fKCbL+;#5>_Ab-MgU;--~!X{(Eh10+%14vUP&uJ27roVcX`5J+kxUf z^jDj1d*UfoLIA_o9+ZOxg4}5XQ6JdtEje>ECj3~f8g87V`?zr{RQwK6=}SvX3e#!d z>2G(YIQ-hR$xs*#WTHzqv--sBfispU<3Q^bsHF4FtLV2MXmRB0@T%<3uaJqmf@Szy zCyE~z2h6&W*8ty@;mkFGbw&TEW{qwE2B@B!vFyHWr&VFOW@vQS{8{l&A2X zidfcY`0&`Kh?-*D$+}h-x=Et&Xh`M0v_KRL}nt?ki8hGq$!PPNq z@lR6O!v2ITYcjkYJr)G`Z^h2@{O0-Rt(lbN_%vq(g?M!cHnGMvl^I^$oj?mt>>PH$CxK z(6)3}^!g}NnP;xyU>yV>rhQ(LAzm&#xrLu2i^%3Z>yNlCBa~UM=M3MUz2lWKYd`-7 z*gkFWy6~cX9}=sey@TtxdCC!%(l*#<)88M#T5DNvxme zE2}8q+5S4%Tkn3i0SNxeFh5T`;{eO5ywVCHif2Az1aj}gz@9}X`|sfW$k<^i6^Htf zaVRnNobm^#%Ffn!YlUC}6>ya!GxxMa0Ff_+?}}hZz$ZwvBDkLpSiWo(+b<9mrFdfA zfC_zhl+SNjHFmUA(J&paZvMriX8i|0nLSD9RrH$qeCKziOc1?Xt4->W6vnQOVMWef z4a^L^(7TDXOfiyMTzOxA)8r6Xt-pI$++-IwDk@-rUqoC_j9ouS{Hn#a#79Y=m2w6i zq2ZrR+$pK3(!oj`rk2631a85^7`<31Ohsf&|xoq^iVllu=^2uOH1Rg z{;>C#kfX;Cn(a5oeCMA&G=NsrS{$OR~dO6?q+s$dEX4G1QY^V0; zNL?glzQep+QSvVH9j4@$`O3&GM@LcAj8jUL&L^>hT$KAIhOq#y%a%SG6-ZE3wW*43 z0yeJx7etapmN_kR(I==>fwT3>@Bd2sn+vdxI4~_0qSe~eU@1GJCi+P!iyhkko9D;u z-E3`rnELdKdj8_tw>GFIDA>fGhCqdECJRQr|MHh5cfQJb%BOrsLDMdZF$taSs5Tk? z;M9w)&#rH*r#YK-LQRZH_RK;Q&Z+f8Pp}cXM>s9XD=I1~R?y#xSeaT67)4;|r{z`u zD24Q2Vl!C$Ptfn*=K`rDP3k8{?GVpc@re^oc_Vz!6RHT?DRofT^%Cmf%o7&>CE_PMM9Mk~X= z>veX;fuDAF|MABufA-PR+F9PTPjmHc)m^SyT8H0#yposqsu=bT-goY)`uWstGsfQb zIUTv)Y}Hz%9(w-9MmuBUH6^_CjlM=Pcch%*h5-5XI1Jhtn!REJ!W)=r-L?Y&oNzwno zv4REH<&Z8cVS%{+g8tNTyJ~bw4*+Hu6@gkxJ1MkB4v?q`*gh%#r6) zG=BQ@=@>$OJ~44eSOZeo#PzST|9FoTt_z6fIwalx~Wj=?eF{K2J{>jh=h&X@coAq_vuwL#A2yTuWvI0YTV#*a7Zf$H_vTazPbsy+I!@D5j&5hvN{z!92*Oeclq=kb43rmpPUG#)mP7^N9Fl$ z-IZ+Rq@x!a60+GW<6OW67wi1|_cIk06_Wv;TZ>|x>q|M|LR%ZCODd}5*qJ40Bt|F2 z6yI{j>NRXZraS884K?^q`ww=#gl4MqrK~_;68FV$w(yT>1l%qD`M0EJY^gCN-2i7> zAv(<5`uggfw>H|v`}9Z2^UT15)msB!BIaDFv^{_W+kOq#meJi|D9ocRCgaMoH*R|H zt4&#PSA7}Is=}UsxOrF-|R?26V%7<0=SAs7XHRG2a%t z#P~i3kqJDgx5@eXQ4bK#iM5#HJc!D5??ymx4@z;AEzYd~hOE2B1+Wz?Qm&^*g%brt z=8#UD2DS%>*sG~W6-g^diz55^fSr~;g&Ck_t|f4GHML$16N=w&hu5oG()gOW1C9F8 zX{rrS=mBcl*+@isQt)CMp_}`YB6z53?-(rA5sH4!d^pvF)2ec)E_=@zaPqi=Z?_B-k1chh;f!oM20qMqQVLSa5pX9E&i>ou2a9rtQhxNX=(aC z88lCqXBng0I-~lb26EF23AdBOwV38DNn~mF}jXMgAW?(&yRq#^(ck5a%Cf0rF zOU$+sK%J0{LYIw07F@QV)54J{wO8lI&wfEe62PHmhbm43|Hguz0VaC8Fy-d$&F?t5 zrRI-SrCSr4#~inwUVi%fNZN=azJ%4wn(o`0UFG3{Rgo800cd$3O}d16MF67N94LYt zpy#(Yabk?q3jw`U@(Ix7@eY4lW#1&pq`~|U z|0X1`7r$>FI(2g&z{`s+>&6<|Xk%VnvE|kpq}ORI#;>n0{O0*q`%69UjA?+aPq0yB z%?((wBsYZnh=2v=Iyb%E>UAe(mt@O!$$v`8EyBzJ{jN+gef;N6PXIgQN$rmxSKuUE z$D#Kd+gZ%x7*;9UM%YNj^chkvxxWgBsBAfT{lwJ7r^qIJF!uc7Mp=2J9qSJ5F*EgI zS%FgD?>a0oyy)|!TniVI{*09Ow_`BtPeZ1THShvXXx-p|`@-%r*w;njPh$s4={Y5$ z7zg|u;1j>)M=4F*46+dpW}%Qjge7v}%5Y@obcgY2*cv%hS{kmEcVEZ*(RU0Lo<+E^ zLr$jA6HCNyd6Zq}qBAU9YQ>I76fRuhUVu-+5!*;a_)G224_G;^$hz3{pGM)`9|Zb| z!&z7v5rvD+7%*{dKX`#OIcCF+(*wRjoq8^{@PY9&7!(8dTef+lzX?^&nqji9qT=Pt z3ssD zUw1% zN?bhZt|6JRVLYjs2KqFxi;R%q9k&Etk{tUpu8O{o&!(yQeHDL44E+>;kCN7dW*mYM zPMv<(?Jpd&g^j%;Y~{Er!9WNcEasGQS^A%OJDj{TE@P%stt^2m$Aa@%N#)~38doQ_MPN6R`m#?gF_BX_F$HY}1a?v;nb z!IPGAwqAruajXoa-I!>aNY&m*6+Xku)~BHTOz(~b3Fqr#7A{&;78(|@ACWA$#$PYy z>&T@d%(V|0h1_5=sAJJ;ui=W74$%2(v0P8X=*`l^r0>@P6(j0T^p5zG%HmjfG4bdv zCF_Mg#V?)V;6kX~+{GpgcV?U=jaS$^n!NG8k24VdQuOo>05TYRAp(}d=zE>Kz8-cG zY%bFYhY=Cy_?;6b2L>t~hWlt50Ti~V>?XjU4kiS#cedSgW2!5z$b)SLVtSSbb7oE# z>DvM`8WZw~c&=G|cPgd5#>NEHl&sAGTeBZWR^~@adbyOpe7Rz1^OEiUMm5ad=!V78 z6aYfz$_zYr!N~-&=4oUw`Pi#%ecgxM{IDATz`)^zOz&^U#E&z0c=gy!QR3e^>FYrL z2|-S5-VP;VUBz{y-W)F1kp*Gw@!4N1BOlPk9E|}Zl(LCp`+;bw({YRqGE!1%)?ZRF zix^LO4F$X7s^~yV0~L64)6ISHM^(CqF^9)YHsjPV2y*N?*mWbLN^H65!B=Ou>7HDx zlStD-rqN524JaX7MRl}|vxYLTT2|G31XL-^(_zEf=SUtM9gm7_x*-5F};`UA6$vUHHsA zPD2(UV>0&6M77HiaNng{4jW7GAEK2X+t=5ant~uC9>%?moKYK8rWluScHP*efmw{i z!u93--5oNE4leaF(y6_gly>Pzl)=tV7&djMuJE}2`L|9v=T zWC4E`h69-0zROqz#X8&ZK~6!0DJxVE+{spR$X>@(>ssXr1ZJ z>SW)OG+EKEh)m`e(N%QJAu|GNIE*92`Xi;%b(w%FK5Y5VRH~Dy$3lvi zEQU?a)8OjGhW-q^bY~lqxfBl{5pYq$0SAcq9pj?vHWl{hJ{&_a)?9m!a>&Z$?ekl< z$kA;2U#D#_b1aO*Ni2T<_aH7zhjQJQ|MP?i2U!acsEoeVL7N}&MxyU%AOO~5=*-Xj zxIwUJTPW2`D@8Py?e@7IYss{6lNs*bW-IQkLBmpn(p3DzvA~SA8mAFr!1c0kZ(=ul z;^MUtP%Nx!SCJGdzbdE8{X^1H+xrp)w;+y^&lC1PJpzH#v6hcLC?fK@!LSEn^6{zO;7q)KlV zc62d-#R2AC8<#a-MM}+44jbFv6U5Q%fRVpK_fBiaRO$IbuL6kqsl$V%r8(UVF5{Y$ zQrh0#&CJwIH~^3-CGk%Fqs0ipX#k7LFv;@DV>oGkWV{yUIuaHG2*?YG3B8Otjs4uR ze!yd~MemAZ0oI=PKQVNgML(Q2w&aN!=<6S8PHfrnuO)r82OJ|O3Tco!(G0%3V}S{u z6chBxFpr&qHEI%w?DvH#LW`oGCT>7Z?YkS#c7F4n zK>9Gfd!(k;S+@RV);V@!VWNC_rBmbRR+NTxU>wGV84n5K3U}|_dseFo2#K6jVaKpv zi6(sY2U!jd%ZX?Lq1V<6)n#-8ZbxCU93mC0(*#Z-EwlhDT#1*{>nc{3D3+KgwQgi4+THZaD)GM@EK+6qBzv9p?No|a^Mgqd?<&h zl8B6yrZ8Ly`-<&m(j;e~)qDQeJrCV`t_iIB59F#Zu?tPs>&)pRRjF@op6X{~trYDu zRQGiC?OjqMb`kW(VjO~0kSQDt?@e$!wLz#kk4QwTEV;kNDPKeWc2d=T6DNLQaAQBz z>sSVTi07~d!pq5)}D z5VDQOfO%gdFbiQ~*WzPg*ySA90#x!mY+Ui(gYZXQ#|!|tmWgWi4s5>iVps~0{DZZ6 z4Hyk}%S5<<^jgrbZ%H0aTNxBE(216cKLO!ND=nWBWlJCx1Ph7WpuzkhKi|Qu=ha*3|k>D&36g&B$->Shq z1_XDu{u;GO)wbaGo=)}J2qDtTE?Hw}*@q06NA{6Z6MOfT3Nb_l^0xDnS;)-@!60Re z;5B193Pu0f6(=_kYT)MjZH;=wraY zlySlZNu-b@HK>34)s;%=FT(phx7>o&Ajl$^A+-#nK;X+yh{BBqlw(J3;9%xhFS3F; z?od+p;tR>xm>1b|A&4vCtSY-bucGx0}=V!1l!S=;&LL z%s<_};0}1nb3Yxv&uqL8k5DF>Sn>_(pA2w5zlXjTZp_(X9Knjc5HqwbJT&xrAv|dQ z^HV)fcnPMVWst`VzpT5CPHp`=zP@`qi@k6a)mmw3X>41QI~#;FKpdZW%lO4VzI{PE zp5x6)`uO&wmteG9wD`FVsu=A*X?^pbpXyiq*j~IcGHj7;iE9t1NRRwLxyhFwZMvA{ zVp4e!WeuWR5)fB*{o?~iOvK_1LF|~zYJgQSUiD)_`#;u49v{ittE$av=p{4FyI-HF z*748hBBjRVu67Pvo&gl^^v-cl%9ktQzvy7|%znuqo5a9iQJZzmehay-?8 z#OMm81Drk)(#T2CfE5%%(J--LC*9Kmt%zYHRt1U4KSW^m3vq-I53gKXG+)kP`56qS z^0Y7pz{3hKNIV?m+j>kbnqW}Fz96P)=q-0a1SF6DWJn{~dxCp+4Y*eQ2(1K(?|Cb- zhv*y9n7eGrAz11wg!<#X62V&Vw8%!rM;lFiE^1oZFDr(sg8;$ih^IvzP7l(Gg2YUF zS#gIrA~C23*LQSi60nrAvwM0iTry@7S-w` zZ^Z;xlG<_0i3~#Afm_Zd5J$W$Zw08D#!hueBl=ngY2j;7L(T`5g{MVVba)8NEyray zr32cN$%|L~$N@VWkc{arSHl=Z4ps;f54DaPiCPX%ogSg!94Lm$A(xHb{8-+gh8ErU z9y-g_kO*$ZRRoDiX++uE7w>nkIv^N}o;-7H5$ivCbQ{#5DkHise94cfVaQQhupD!z zDwqKVhBSh^co+%w=un3x?=H~bS{PIm>Wb07wE4xoLo(TnF=MAf8sW=yknLiFn&0=e zk7$&125XD{-dYJmv4ij4MA5^ErwcxK4XRT6(7J*~%cxApgl0Z?u&BtXp)$|2RmJk@ z1X~GEAB9>Z{)MTo6c)tUsgu%3`eIZ7OfD^)=22Joy#;*HiMzZCxvMS_ky+uTZOok#VW67-%BX#ECV1n;0qU!Pui2+P+D?vrC$s$r))W3g!&(>tLMk!{~76H3lT+}4# z>~Jd0Afk_!5LO6Qv*&GWIZxXK(ZGUO*g+etMq~9zF^l? zWYyIX1ZvV9GQ>;Z^pqwSy1l*E2oKgVwi58U6>I(Osoz`gQgb}cW=zv)ojb15iEJDmhV6 zXUGJ-rr($6(V4k#N(u#vwi4`>>Ge&qzywnxYlvFUt5ec3eK#x+*N-nEgYQ^y`0kbx zfd0al(i!7!e6KuUw0EHAVz%52pObMVR;nU?RamUh$}Mu_Lf7^9Ghd7c<-r%xkHR$_Ag_c z0QYRqR!59_w56PFOf7d|sw*lq|2P|TGW#~6{IUY8x+d1RGQ0H11q#-OOsg!Vr3|V>bAJf)dsIYO$hZW)2Dwl z&hDlD;ZbV#zQx1#!Nh;ec8#f{A{}ojbf6t-uK> zO-702@J^h7G0=a1gC5mL>zj3G+@qRpc%E$IWj%TQ}J)xsDyESX+oL!ps{^ zn{gk>I!~}EO~!E?>0MEWz9_yvjLv16GO@hgSh}bBx({%$U6O-Lf9AGgRZu11WINWt zO4yS~EiFM3RS3;2Z-{kis`b>=zYH+bRzmeaee0r&*mT2V;fy!RR)V8qE}#?a1~?Jv zFNXg0lP^GTNQy~W3K9dELkI(lm-pdSJGkj9s+vZhO3W~uVrgw{oh0!#eRtZsC;qBU zUBg>qW@=Y=6$M5f7W!JSJ`|gJL9Y?ogqPVVox)#=W0$xs`8(ygnsD#(^%Wzfw6(QA zRa;jYn|FS5<62EhSK~xy!OWHIA50xvc3;)l)h|43#M@U=Z*ja-1#5DJ=kDFxW4uXi z(T81~aBUrR_^m1}G!jlukDM}K!h+7GJ)1J^O0V7-Qd{bYSIb}2D;|{RI>yd-QcnO~ z<-^zhB&9D?t0MKAB909WTZ$7A{+ej}?Q^|VUr#UVL}&BEPot^%arhb04SO`C3r^1^ zZS`L62bsk1%yf*EWLoaNDZJ+MKW;W6!<;=)j5tz;iBAVPy_mx;g2QzN_5zpgKR*SF zksw#j#s(26+dO|rGqk9x{^1`RbPE|lmHMEJmSWfC2C|!l@{(hC$QXG{ zK2`PAJMv0OkxwJK9LdEjv@!~JR$6}d!%sv3@}6iXl;DIFuvLq2G?{SBwVe+b^XbsO zyB={~__;ZKA+QWGIgoIeATMK|kWEy1`3=wsdQc0_>5J^-S8dA?*F$PT+0hz_$)`7v z(myaH_X~+BVIjs7QYOTST+ZO`RJok-e+S!u^ezL}^Qzg zsGv`Hk14)nZ1@L*X&yk)o~P3GUPE7n4;)&}zwFER>DNJM~_ z#nU^>KV7}lk%dSsgr5Q{2zp1-;p6&xjOGD}_sTxzPW%~h9EYy(bJbAw!=pJ*A^_H# z4*ZhNy?M#<;nPpTQeY=fBB150T@EZPly{eiI9Xp%(Qvv7IbzWkc|UJ&tR9SI`s}i0 zbuWznAfP~f>0OMy#qcI=nt`CKm{ton!2V!D9>O0;j;E*}DW)`f4+lXTd|19z2bh)i*Q2(ZIk!_+og{Y(`%(PSKE;A2QuqmH;{^l3;CG za%_@=${by`{K$>QhY3p#0N>Ot1%EuSd`t2p1}J&rz8Fn;0O1M8oN)*TySyl+=4Bj~ zJC6 zuEfj+FE2hj+*v}yR9R!M80Jmg{AdKHAi;Uz)k?`7?CF8P2qflXqi=y@{!Ptba&f|T~}d2S(EMj%2gqu!t%e795z zw1Io8&ANo9w(x~`-$>w@3K+7!0Ye#wz!%}!I|p1uDLTg`@5uF;1?A!7ZSTs3PP{7? z>p%hDg#-U%R^R!N!l+)-AW+aw!YJ6zEwK<7JhesFEfs$)OUO^ps0m;EfS`ca^Iu!z zVxg^#IXg505-d{?_irrA|DG#vXYtYhgprRxt#TsFhHNmz==OsU1Cn*5-9Yv}REf0F z5X@b$7-w`;rF4uxZ|UZJXwYPNggu|e)d=?>OHbpDVxvCDjgO21YXF9htJT1#<3>3M zT{>xIyc6@H^7nFP3EI11u8Wf`xLJTC5=&-}gMLfoWm{}5#+m}S-W6)YYj}`HU!TeJ zlKgGQ!k#}+faO;0EKk0@8R*`z4U1&NdHr(8R8Kj&;<*g&veOuT2I03;q@~$Jbu@1l zur<;YzyUDc5^K#52RV&44YU-BNPKtyHD*U2iU45sFs>%1uoS4sgXSUzyu@wqsjg!u zdIr?4PS463=)S}4#ZRACfp1}sIKmb&#Uiqx9jK{ilNv;~iw*aVDX3jBLf26kuYt!+ zMV~Ou2_5`RJ2G*{2;{TXilEZhKMMX4>^|}4(GNqe#(60p_Y&p+l!lf8pOT10)QjSHR|~8rKlb4=lkoj*=|zO4shs?ZTwsV=91q=2F(!`? z#E*puGWJ$vC6Yu3iLIuoY)A1^l9S2Y;{#F4GlM-Fhh&WD-s!dit5~3xU_2ps8xLO> z(Le@NC7Kj?-bpbQEL3>S(^Ed`&Wk+i7pSarC#7&Zww+)ffR=Rpyb2-Fxmo*VL_&cT z$re_>TmvCO7&n`NrA3i6dsNXGpo|Jagyc@IB(>g=@w47{ZTs_kk3K55`s#O+zrM#~ zLPVG2YsWo3E-(LMe{J!Gf%6TkR*J;p%PTI<-MjGd;YFfHy9<4mUg@=4-q66{*Ok&^ z$BtN3VDheY&#vJw&Wu(ZIs4Dn+Q?C@>G<=3b&<$3h^g|WkUJa({5E&qym{ALps3hGwb>N^3h+$!gO?h1w_>eM z(_s&1v@sU;*IJKUf(c^@XeaV6oP2@#e{;8DoZXY zk4hj&qPa8=Xlf9^P@Puv`AbQ*Ll?ovd5N%vM+B9-TYcKhQZv5AF!J%kz#R;>#NAnF z?nROk9Wr>!R$C&6U_i^l=^Fxw@tg>akTj_7N_mPP1J$xbhIN1&nuM|7rlRTnKB5tm ziX+5ua}sU=hd^H3+OdCgs)sb?lUgDqeDiQ@ZNM*bJgJArW>Brl%gg&E3!TK{En`bQpoJ+4f#rKj_O249yHsS97c_8oVNO`MCOrX?ynq zY#jz9_W=3|zH!-XUk11%gy}5@BQVwS!JQ7t`zu$juyY7&2g%reK}DaZLNjk0y*Q;9 zdw|M)Huge52)Wi|2y(?NB<$U|Ti~gYEX@XHv{j+X$RZgJe$be4u0_hT8DJfrUs@o&%K=Gjax`v z*ts`Jcz}E^Y1rX%T>lRrJ|v`zVrzonD-qcFF)-L$G#_L~%;HQ( zGEb*WnZhQgV4nnr%F4||y2*+q?^4Fi8ZFiROg*48TUYLC3_3FZgLedXHfe0=JX_qZ zYD2I-2z_G)PK~}7!M1*Vo&_7-I}EE$1Q2!SdH-%VKP~c`(pHEW^7N0zNHn$ZIN_Eq@L>NOFjzajQ7Ll%_=skN?a_f^y>* zQr?_F=?sFXN~dW%&Y`986`u*~ziXiYs^xZh4Z)EXgeO6WL4*y+YsgVf1S??fUm_Rw>XuSFVqRG(wLm&V5=iV*gg?t{#$d-Ck*Q>O+Clj2}D zbr{=BVO;|L8GNgxT^$dj+wk9x1OyDDwOkoJGTB%2uRe3)!~o2=wxdHMDbLL2`)()g zg)KQxv$5eI5sz+v`&T4%iuGU;&{4_zFZWUMq02A#CB+lX6eS^6dHY;ie5x;+8A=T| z8eLP6U@l?uLbJ8`FtchbxdeN=$Jp7pUuw*@3?SwUZVi6dp^2?T{jpXOXbSbzbuts_ z({ZSveJ11&mSx}<>um2txa_B@>yoy=KOG0hm{cI|BG7i3Q z;doppjrQJGWG@MkV7f0WA)m$&EU|+~muEUu`dn23ks8F^v9?~LRv^xCVlYRe_G?)m z0PKR6T}ot@`ZV3Yd)I@!J=#4UFQ5dEEW8{MJWV=vKL)&zn^IZ#4kTa<5Eimk`;;H z-i?Yq{4e&E3czN$-LDX$p!1LNd6=Q^+dm;2EL9Gb-)jM=L&w=_*cO)(nPa-Wmy8)T zY7}`gJg#nw@d5i2YvJXl+k9jf(m)l~1vzpvkfNQ@;R3!o2Ax{OC$AOs~udLpQkp!2@^kK*{KtLW&oyIrbrt;!PurU5Od+d ziwx2a2bn_fzgyfCiN^Ojtk7-^T>l%zbq^w-b0d}a_=EL0?{$X!F9XfoaOw+pUgur^{Ino&+9bFn*}zV@Rw2wDE-b<2bbD6D-7*Q15*g+1@v5|2|zF*nA#cx^Am zpOdctr4NYV%rEz%1i#QJ#hUV^WH@2E_r*u9a5y!&wY$q>`Sf%$jymd#E+^{!0)inM- zPiSdrWZ3(87F)rDzpuhWI_5|PTPpP*!Y1WuZIpZ4w3Sc2oFo?iKW6b7hRxQ)Y%>l2ne{^NZObGSy!B*J}o6K^dBAT z=n4%|x5y}u?>dw6K^yr~jLqkDzxSsJpgWg;VGs9TiqAdzdm<2NR;~1T(0^`Y4953C zmY4*hzdOD9q@UkVoTPdoP*y7V-(Nk1DAo=HxxE%R>or5ay@~m;8qY_RCWFv(f2$Fq ztBl3I@lxxa?ld|6^NPL}_jd1bL1b0y#u94S+xPKEqwhF(4J2=RC@?ZmodZM32ggJgzTUuhC~?&ntD0 z0Zies;GexVX9rb_MdPV2V#McGpwqyksLrNnc^-!>#K@FOhvC8T58I4S*!xzv=xX;H zEVUlgK&^1(RyvA|T$K8C-(n4mNoHE?1JNAu=O^Wm8sqkk4)260Wa1Myg=dJSzdnl% z`nk?CY-79Xs^B-?8(n|8cY9A-m!aP3u`nH?PxQ}E+7B$t6>i*P(3wz1ic7>e^h!yu zBu(i<-O#s(3e?qSDl03?J1$Wyc1i-_2DxN^mJ7Ev2rp@2`C5-tKk+UX+5UI&$t<8m z$nAW$rQqmnCSXDLa~8_n{3Lk7S}c`0MuAqn0=+rUDMy0Ps{uhVnUp9zTh10mB}y#! zZx4^a33l#8b;bIC{VhpN#qcmZTV#WE__DI6Cp zRC;viM8e1&v$QS+6o0!}R`+08?!2JRDNeyJYx{^$=*c2l<$CR_oD9X@$0J3GLCyIF z;9PZwn#ZxLYg2D2cWe+65QXho*KQBO3Nj+;z1*Fr`bd?CELYtg{Q^;+aQH&E5ihG} zUy2*kZZ7A0gXli!43xuC=9A|U+*s^i4$b`;lcvKcj!Cj^6>8aDjiN&SFCyZ z);6@QL^wKj?*B4)dWJmx7$>8UjeGIe&<*vaX?vgI?W9SjWiL#r!ROW-xy3Vm&OO|J zHgV6E{^rMQ)+qRu8b7E-0j=XKbRP+ZWn(+6T zg?PB)^|S={-)6{f0P~XGKU$(YliR14-VE%#7qR4}x+z{EXl0PJjIUlUF@^Q%P$*

    IE!&qgx`rbJT+1h{ z$SRc`%FB0B7*VO-qjMOz*%#s)XH!4L4lH39Q61VI91z0Uwv;Q$iXXWX;$j5NuL6pKIvM*&mXDgXf)AkmzMaWuVmr?6J(0I(~Es_*3a#tkdFb{ z!hvPK^81bciOy$l&FvM5yLR{CLs}sX3`N$^sWGAA4VKOAssvP!S zHBPD98cfSWGQsM$kpkm3jbT@-YM*6`jrQops*}R;tjFYHxgU>qLidy_dW_M7tSo}# zzfkDO?@vXsLP@K>?os%~EC~cTE}O!&nSJgBt=92-nYeF)uhf;t8R@e z87h3o=bOKbl$Jfp{vQS1CTbJzAJ#K!)*bT>u zUWi;)g#*B<9Lo9Kq19oo5{TIXCqKyoljnds0weS^~sC--~brgtqx9kd^3)t}qf z+)1Ix84okKVSgxop_>Q^+dNPVPBrbIYcgrW6g!}`G#~{-5U5CW$u|^P9RCn+Iy~f4 zVlO-E3zI~8JP-xQbB8M!83K|Q>>SJkiJhHm1aorq;?WZiQErSY7=jaHKP`=hZ7V-Y zZxQskLm#@F2u32;O@x~1`1U}f1jjUh!Vk(8$j-YLkdNAR*7M8JlJ;6BP8G3*up^ay z8&uEhFv2D>wW_hV)O>CFFi1;JMqaGdfF;)d#**vzZqmtw9sL)w$Z8L;*O2XamDFzR$ zF=+|ny>5$av1UKxAxxH-13)Lf0cB2oeoBYv(bP8xLE32B%S2F~@?b}{hX+n$+DQ$d zJ8da^UJj9(jr%N%sG)Y&Rk*Fs7YKHGTvxJ>>EFR_p?3s!?j&I3%SwmcyZsjv4NQy? zJ*;SXVBFD{f5g&Pq%e!J&?5KF_B1^OJ(XLrQ;+G+nY5_D9+!0u=*D+5d+akd7%2u0 zfP0SAdph($(#S)-=n+f@AR2ru>n;@wXqhbtEfKsKlsWNaxa$Xlb1faq+yvC+&;0v{ zx*YA@&3k<|z{0-S4!>BThXVq)Xo^uQZo#y3C!kEmQ(qjS2o*J=iUCm2DaCj`&+4fR z$o1B(Qtxvw%M}=|&$blTOGUL+=o629AJEkha=EEEna_3PEK)jdo`Rd5hQ?FhO2i_p87x|R;^^)sb$;1`yD&OrXCPQoTAst?7q>PzF!QVWhqg2h3#u9_4 z_wKLAq-^_0v`@*i4z}D_{9gYCQdatPLbyEH>89ah^LE0`Sde(2JYIolD^?f1ExY&pZ{kRo#FJuv3HoG zZfF9nX3@Dwl=WqxO^scy)>LFaUiKz8g9VeYdl1(F{E5>AZ9nNZXgeA$jmbUqnIG_WGo%b`7*SfSRAOK z{(BARf&0nDa0Y};v3+#n zZ4!i9VxN?RM(PEs`PJiu9>luXK+eNQ4aCZo1R8P^h~rg}A zLmYS%t&!9y_J$9!Bqm2SQM6#d$jYL&nA|GIgV0`ZR!U5^+?l~K-$|Ik5;kXXXtsi0 zE)e((53K{;g|e$^P7XMEZ4p$?K_n!Togz($)5|Zod6Q5d$>u_{_e8`ejXyBs3x4U; z;m%o1BmC@tLyJnt(bae#r zzVj&=STQEA-z$RLC+OuQf1fS z6M}vMcnW+|@-!deltWhvsfEY7Rczek=|Q?{L2V%Gu-Pn!mtR1Dye=tQ0e^ZSJ=`+Q zT8$EkP-_qJlyJ4AHX^y$oZgw5=q>y>Q#O2SPMc`;oW zK^RGuO|%8^?SEbD?&=~cQ8I5t{;WOmr8jq;)h4RXU{JQGa#QgcXy)0_Xc;vMf@~m8 z=Tn4t{&O5_EU?U$J{rj#Y2EEatFaHDm(Ax0wF#`28x<$x*RNkm`f&#kD_w=;7BOfy$^WhfQx~xD$;0kFhb)O?I*n8YeM!PP<^hsYlt?vix~3p z1+iu0q--78hG%ncS&-E10xujyiMuqiWgd%gJd+|Kb;EO6z2qB#C;`a5K(z0+8FGD& z$3r^R|Cx;>YfsE{2?t@30z|eL6|>q!eI!>j|75gDZG)Dtnz)USM39g;h4auT833{( z#vB{%e`nTLHG8kK{Z4Br-_FQkDG+x!e*TS8e4@xiNDCv_WWEQjokUGSxH6(i;}0iF z^AV_D04Ws^8; zV2HMaU#Ua_hWrFaySyHwN!E)#g`P>afpoQxO3I8!$Hb66eeLMiENjWaBW2Q_Sa$Ux682yX(6s4wu8If!F6IlxM9 zI6{j+C<+q0i8z`NN2G-QQvxwZMlme;>V(6p4D-b8exhjEzJ8vZB)LCxbd^?|LJFzKYuBnTyzNooTTagnY&a-brsj^2ER zPgZ%;CB(|mQC5P{R`=K-i_eA)FZ7aw+5z_2w^XyA+a#fF4ZVb&sF2fbIIxXrEn0~@W5`AViJp2$) z4`dVop80|WJ%#xo+u(^~3B_UB=h@4ztfauq!*u3Ma*yO$oDc+9(w$%lUpO*=t2CiJ5#^;)YT-5@Cg@pvX$7r$urzYoMHMhC5h@uigYuXwfD zqm`<7EayE1_+QwKAHTJeY!8vYc=eyc{`&`~Zdth}j0UP#20vpb*5_n+fh5j%(o7DJ zPzDj8Hd$AUL}^l>9y+bHon)P)7!82D8>f{wG+cQ4C&&XQ+WU>JdG;ijLJn;JCt8xI z6`>A|Alf7%^8?UI?5epk1;)BxW(h0C%NN8Dv>3fCoaHHSQdL^b--?2ZF|fWXLBG@8SsAs*H0X7RWkCmx*U{ zJI2Pw$n_DDkKC+laLPooN~AdU;Zjb{594J#Mmsxwd>5&%!Gbj}RAWZ%sdzl6>O#za z;C(+e1Pdi?78SiRx`eVa5XIOW+izuw$PGfAxJb}`eL%#bA}w>KzaQ-1p^ZY}-tdnM z<)1Ib9{q=J`R6Oomi{->8@m7Ix%2<~3+?IrPsE1s+%*Ad;NAQo5cdw4z~zPK!y5g& zTjtD;O@H^)-~zq*;g9Eu9HN={O_Gvw{iFr$!W&6@?B74$DjQ=H+q=F+pnCUR^0%AK z?~yydzvJ6J71)2BA)dB6NT4iGaMJzmVpXI36Y%hzCm$j6U~eG&0&VglMxWi@Nqd*K z7f5sL-#@NzJ|#4rxsM><#MO!xr$8Umcf`@Y;nazLgb6U**{7){atm1$O_PXb<~_f= zW3R9JPo4pEs2dB4{o>6HB3j#~5V~nICvYSOM zJwZDFmxSE-`vxwdS%?09+h?^8Lg?U?)Agn=KH>MUS?!F04dJvq{H;vs|J*+p{^pz9 z!})Y{bTrdLhkosL(p8}Q_nU9#UqAU9!laznN4)Y@j#vm)F-M;}5!7*wCj&1eA{`ZT zBy2Qumbgh6D0m_K$J7!Mn%GCmjzlUH6 z?`NlkX*2}mm&+qGKMvWb+GcP(MEoO{NAqh2nitiEx({=HOafJ?crP;Khig3D^Wv3% zv;d?#gGeF#>=ud5E(q6f6)FMuQAfzfO+vEch0haJJDZ;3$O{v($0}5EIQzLOl5-l- z3;zU>NC~P~)xNy0$MU2~@83_KA!p zra?@7^H5kAV5Sz=_)}0oME@CGn*-*A5KD4-F`<@np^z-%8KUseLpO+@9RxN^1j$qF zbA;6?K|s025r>3G;_PQ9KX&u+s0O0OhE)e(v5EYbO3H1Tu9%oKhJt>&-|awK(E3~c z*(_@N@Tw0;HHftY@s8S(Z)%gKxS?_Hh2n;q!M&;6HC1WN1c(qtM~TTc2Uj4^NKv$I zCo7EhB`ToxbMchx@w0l?b?RIzUD}a^_)W4PUn*Vl4gDyQx#p7Lh+F$<;`JdPC}gF4ph&Db-nO7ASX)E z2`=!}0h0Iou7*oGl2^(w=cX=MXX47FbKJN$2cUj1G2?^uZ6 zR)V8_w=1V1|9ktTNk>w?5=0|>e!vju1n2z$o&Ve8#$Qj~K7MG)o5Pb87#l$B`9agg`gk?P*PUcmQbFFTMsmjJY3;28TjZC0}(=@q_|~1d=n1QqaL9Y zo!3{+-RSdk+ULEBLOJvCza}#N>j!V+nDJh;TuS@Y_{GKbqSEjrsn#LLWE<+Feci$6 zUnj#E<06I4mDuZK*dls7_e{}xZqKavXXD_%L|#)G7S@^)CYV6Zz$-#hqd=e@45gjt z-#-2a{6`nJ+=Jj5$oRY8z@cpU@6x68znp8_#(m}x)Q}m5KK;o#io;vUhkCZ-U&rp5 zk5Av4E5F0CjV~m@j!4N!9(ljlk9GkkY4dMre}rMl#hb%7^=DT)K@cIXMVrv zx1F?sAHTm*q;zog!Vue3D-o{JrebG8EP$X{`CNQE`IfiJ#DeedAK&(=LtBixOlE~M zpd;cBj2K9HM{}!lIsTsxB9cg`>kLn7x6f$cjSu3rt=*JpZhJ2OI_?=##imG%hS9Uj zZ|A)KTi&wIxXHY5=o^(x3|D8d) zM4X1~Yf^D8NjU;b{CC1N`>!-qL~aLs@k#KOM)3kkSpRi48msEU{;yTB<2%r<4%E5c zCdpYR{=S>?#3%8e`?G2i4{*%_ZKXN5s~u_io0`SHfBW|LCYZAP*BjIRqs#xm{P%xe zM*hE_=AVQr#^dj_U(!X#b;m0)~2{` z_dWag{Db0v*hAaBbPYCY|0Qv#ap{%^bg}!~J%1*C;?RMH% zj&A>NoAvO2c(lJC1jXpTEzRmvHVRuQf|tL(sy>?|gjr38A9$E#Z{Nv+?(Ocu*M@=8 zt=V;|YaX@%J@2b4a|;c1i&hXY&fbAS++IcowswIhE?g+gwvJL(QK?~E(tCb-w3X>{MOtuaCG z`u@+!m2X!tF)HT@k$loGqxsBuF)I3 zy3o%rC*RtXI(9ZA@$ipIUUwOfJ5IMRMMW{|ZNAoTbH2yVpAqoI3An5E7H^_Zgapj> zjLO6HH_8XvtzD<)X=rg&tFOW5>Q{aNn|28SbRG2?yF7Rz5VPk;6<=$|o}HAqH&T?+ z>SxEK6Ew&ttBvb5e)hx9Pr5v$$By|K_Zzk)v697?jvFt1JFr@u&3e$HAN%y)*+ZB1~{L z*0^-J?gq!(0Eg+zvgM)ak!byq)Z<7a=7IP1!5x~%b;X><9{TCUg8WiH0#Ll~Rd z4!pEybcwHyRW4kZH9Yy@9{xwI_>%L+d2@5sm>@19Cuf|!k#gSfVGt9%?KQf(gKX(2 zE@3sldN~f61l+fv93B5y;e~0G0|1BcAytA7$BF!?5ZJ$*63eO(d`Y??S?f`lZjJxZ z@#}f(C`U~La9`6+0_t48_O7O=Ch%&hY-e-U3ANOAUBQH53(_C%1+h*op)jhbZB8{- zhmw;e)y}%FtT$Qr^$S}o;ZO=?KnLn^_ph&gKNM(bF^u=0?4m7_E0@l>Eu+M`fbNcX zcK*ZIoA>X#21P{~F!GiK@;ztMqhBTG(?qr$IPG-rsek&e-0+YPrghsdN#8r!OF6nc zQERMX{#~~9r)Ddw-RmU|H$ORQEYScn<=Pd+mp;_vvzjF7u^hT`T6wd1z@llJ`0l2( zPo9a1!EtLSvAPdDcIVH;qq#>hH?gv`>EO?o$6U8_qk4}2IyW74$l_whhc^QQZuLn5 zd2UN6+zMFvTlM|+tXpc-BCr`GRm1*To6Vg$*eZDwPjwx9OMRjX}Yq&lUP3% z?=QWzA9%#XA|^*UuArTtd$`z3K6FRy! z9TqIo7<=J^o5aKhq|xz;zIz$$hk|aU9L&KS4XYL9Ww3)TFj0?g0S^lfRtEAhdm9ms4=ZxwT3!iztyGJ={{jsv` zdTVMNUp|37p4ss1_dJ_B6%x1~A8xSOe%nflTHXmSp|v*_&KdRI+i>uVRRA9!xVeJq z&@h%S8A;E%C`ao|@YuHt&it^Fl`YJ*9iorb#rr0!a*EC&;YvRie+Xk>wg#pO*P0E@ z#9C`4VId5gR0Lnf7z#m6ddf>HkeDxwYRp%#Bx}9CP|t-iA4xx|ly*orWSB;OnxeQE zziu`QdK5Na(X)Kb+Tr`bX>jqRTZ?ce=_s@v5tb?i9rEf zb398EL8Di@Hch1e^_N>+g2~IBvAfJ>W37dp;|j_SFkK#4O*tbdRIqUH=LU*P)3uuZ z*7EYgK&U9yd7;YYqlPrJ-M!1eqp_`vUhs0w>c9HxJgzprT;Z{VVsqr{SNBaeDQA_p zn>5s)KX&GmkRz*piXOztPfPH=IfCY9r-fEgRQnTkf~Ni~(37ASp}6#=Pmh=UXyC-d z4N26QuAo|3ihC@h#OvqTxra;mxCW=1wcgX$A4_JX#I6o$XM3{Kt?4~^cw!M1DfX?M zsRA1*(e+vd3nA@>SInN&(Nmrssf+WSvaRVyERIzWDyVODxXyy7+Bmnpa7-kYDa4r? zv~v}CHTv~@-0{!VRM?p}|t1Iz65-l8Okl z-}BQILr#J}s_*XK~%?a>C9>>2XC%0^gCh{;!$M|98jm z|G2#1e?QPaNfYh&|A)-!fA7%$-l2c)!2jFq`+wKaKX>qd=q}rn6a8OiAgF+_Rdg7y zgZJ3CgtK|sJL%RmpkZ6|QAqPaaJ*aWhraGQm)VvSUG@h^#vnjH>Q{c08$nw?cd$DH zZ8b+Q997MzC-~q69ke5d-^ut9aIpTm_R_av@z7=!xh$E7>~QOgXXn-Ldh_l(%gE+%kY94@{3V(SMPj@h z3WGK5d?~h!>a$+T5p9XD3S#iveu251*ZU3}@P=L9K1}{0FQutp;f49empUiF9+hA+ zXc&YzR*+EF3!dc~cmjj8C$Aj8zKVjnG6Y@Poa$CGXVURjYC9|nzX@H>eQn2XU(cw|`0FPb-ssjBQj(6+9EiD%P z>Qyamk-T+%(KvBMe0`vPrKd@9?vXu(vMT+JVCmXABwbh34GpUwdlwH~kx562 zbDkg;hH{+aR$Kr&8Fzr9kVRZ*ksGvEh2TLJPEOCNXDjgk!yWkZt7nsvz^rVo5+A#z zV}ZqT>C=ng11oJ-r4;B*>_N*j3?h_4-+3CxuZS-ObJOwVB-KaKv9i@@ug2{rS`>O_ zv;D}8^Y43#y+R5fFqUm&lDWnnlP7aU_hK?8? z*o+rP%7zEn&f(W$5C@yVayt*CYnISC^L9gJ%8bFv;o6@Z*Yh=4_j+@KvFWR89xd=C z7r}jw4fX;`GnrZeT&j{j3CS~B@CW+vDqRCSq!9d`kA!Dehe}@+xZd~{3ZUp`82Nsm zZO@=4M)5$OtO|K_)d|F<%Yi69B7-C*uCh7KN@^xMqA|(Ar$)Luggz)xe1;nXWsWf3P?r^cSZ$1ZEe&*fKDk`u!Jq+)_|OL z{l%G^Bj|Zben0-J*UAijD1y(EOd39PWHb+@T-VoreeG*C#vp{lKH;^hSryvo+VYg# zsgBh9sgrH9*U}5_uIYiGYnj1Y7boR2FS(8E@%X)-fA(gXY#o{r)?{4r4dOnHxcR6M z^fK|x{K|UOGP`wi;)5vpG1!mtL4GYui~m62RLLxlPz)^L^O~hDHVEDQe!*}Us}tS8 zJe!&@w$o_`l;M+i-p&tyckO(?##ueton>e1e(eChxiw;M%7YJ}>NWiN`L?V;vh`4l zAi7?I(x}gl%_k%z?x_f&ZiH;rt~v$BWBpkLTByo{#Bn#m=0J{l4@@mzcT6<1xk)Wf zn?q>s8tI5ZL5w)Ed<1X z>f)($S@e|iCS+AWZ6J5Gzh(N{&$js|k&gG*+NNqG{XuMhK&>Zp3(VR7d@k|AyuAnf zy4ikB;x}};Ot*7xjL#jxj0>%jzx*(?F7W}z;>DlMxYjGwz?yo&y0ao&6wEp&L@0j^ z_T5xnv$fI(1FY1}Ij0{pGy8D0*~W*wA#w8GLN7UWV-EHn9<4Ub65R`6!M)Ky_B=S@ z4hwmDzD?fZuQaPWG?p(CTb#U~u5oC4!{ zG-{^Hm)`eEB<-IwT6ZHa+YE`KLSqKJ*R~1mpWekv*3g-(^-^=Okd>II%yxa+WYAkZ zw>=i@ZQ~c%bQCS$Iw#(pfk|EJ6?Fg!UZM3Kh5+>P#!|y?X`C|czGu91oz*;kS)B@1 zocoexGaTtevYOt|2CuE*v5(~~3l|n3ZLrjFo*(2o{&v$|&*q^sS5x#j_ok~~p-d%Z z-rMUSIX4_ZG90=70-;Y8rrRKuFvKW5iSCIK)*LB~lmoFp;&xori2aW1`o1j; z3?(~i#Ecf<;8Ntr6|O07N_ok(J`}GuJ5EXnC)>d}$@0yO@+UXp zAd(Uvl^_4>XN0p7M0p(^&YSY=91~Qkth*lN5iQc?Qd1wPg>N=@|ID%OXFvwHsR=?! z-?M2~-w91lr^5k+Q&(SOB3!`~N|-P>dNyAS)IGP?l$^ns9czh&)*F|Wb{Opiezk28 zCHMR*(4OFLsnUAP)wo1@GiBf`@R``dNL30yKKkI>nTm?AmWJN8D{3RHzi;AaKfU9Q8=#BLuS~Kj6k{KT-S>(?F>h*u{gdDDH;6OyUL3!#h|{X; z&OAvAAWu&TIFf*Vv@-Yx#=$H(5Yd~Tcq!w(p)%FGG4MtoYR&BGDlMECXhQZDwaRxR zQM)z!y;sk*FE7-|w_GxuH7A1b^M--OKNj8G&}%(7WRIl&kV$~!@Io!Rc*HHm;r za$kKCGumssb8~fHIL@voXK%A(auOFZQ?dw28rWUhjR}6+@&A4BT^9@H*PlM;4-z`| z33SLD>6fo)RG!-mB>17xT)^oz%$my+jWP6zTrB!WjlhVFQ_s5n)<~O#-&s zQ(NQY+GQeZB+8KSUc^&Py{6@a(MvL}E3&>sR}7`%LWxgIS!;tQld8eYuTRkY(!9S< zcm;#LO2Q<#_3{3Y3g-oguP%ZaB`pb@b3o2gjJ}A#ecaqljTvb4g|z%S)T2_d)iYZT zgu+|kG>YL4o@UTCO?eogQt`1N;$&6iO4B_1@W-1e z3*THHk;K|KX9RP((yktZFwIDIFeR5i{yqHz(jRgBem?q|)_S2nYwgIlwaqDn&TUIf z=xAP}b%PM&k*Xi063She;ek8gPn1;qtqPD5SPZ|r|GSjxSoQiFIUxrU;m+s#DlhT; zaQ%KA5h;{a+n}LUMEjvAa_&sK(_=q)J3j8VC)3lJ0Q}p@bf}@Pm1V2m)cl={H3z0_ z(TZQhECo+-u9?Y2C0O}3%la}p5#PBZHzh^vCM88NHMq-|Z6Ew0>5E|^7gXC8DO-ci zn3ZIpdR)C7cBOV?c4p(#$$6aX=mlIdGSU3uVpAG#JLwEMf<%Y`CAUqQdHaQsDy;yh z!%JM2EV@Ibg(SYiZx)U~C0GWmG2si&t9hiCP`U+f{CpdkfpAlTzMH_$^*NJVvP-@p zDs;l@94(bfiPhT^-b2FK;YxpEZ#uPL@fgMjgeClHVG$c*Zp~q1#+MZToJAvPM}$vt z;ja5TQWfS|9frS?Vi`H{ba4hLj{1mrrbH*a`YW9BY(s`6$fahcV8<6WWNBTj}%))*cjU+W|AT&415N|hO=aSqcQyTWD)Z9u+Ngf6u4JY_^?PwV2(JE$AIjtjZD6} z=>{FFCp>>@GEAzQF$xuRLMHN;U8ohPCHM%XEyA2JPUI3`Lr5)gnq_%Y(c|d`4|X5e z>OS@Hk=*V(yjb!Bz|SU>CW7cLoq~6yzzfpbf28Wp>Q1x>&g@AOG;d>{8E1Z_V2z$! zrA}CD?SDQPY_hN!`$px*p%7;&!z)*c6H=UBj*Q`0>4e6WNcjp8u}cSHfWmyqn@xp} zVvnE6g64^a1TbwpcPdL+t?wG!EU*C!|BK|2evR z(4xdq3@&n1WgVT|)Fhk~_tx4TBEeVPD9k@8GI9?(6@z{@P*cyQ8(+@y{#2z;+Cnd_ z-8LLP^^V?Ydr#VB&|1qYfQ>#QL;lD zM^Lm0#_{4|9VQqzRKdAR8 z6PVA;#JtJc?S6LSo(dQsScE=AFCQsZX1?5EDui1h5e6lWnf-I!>KaqReCB~{PBoK{;c-79Lt>Ny_Qk#bqe+;<%`PpLeZlAfl@=uDYb%)L$Er5V9p>wLU zAWxy^bf$d(3Kw*o&pj`HJJf&+fHCJya&;E(mP`2%eC)z35TPA6TgOWXu$nY6Mli#b zY@VmTR(byf3?+Z=1{WGrFEGxegx%_hLr}t)P9|i^K4{KUmy?~k`UrslpNLJCSq{Q6BzT+9wKM3G-e)&{gbNlZ zJQy#XOBV(=2(FRIg7&BURu4;ogbC-@Ko%a;@z)wBRt$U1ooevzBaaMUEFJXK9AJxaYlMB|rRqV&UQZzRCYT59!y8Ck^GytO= zpO5>THg*R3xarS#y=K#+mmzHoly1*==Dj&}Qx%YgkMm-V`P_H)}u zDbAWQmW9?9a?>D#l;L7~fh-Ca%KbDdpvd zC%B*GPacV9ok7jad|ey~C4o(faT8RAZvP75MtTgmhSzDjY|H@f%P8q&1^YwNw^p5W z&skX5X>N8TL4SVV-qYJMTLmd^E6=yQnPiu8wotLxO6ZBATj4zVX^J=babPke3M~2J z11}@uyXQ!##YDo8T1nKBo9zSj9LXF4?f<&>Gq`4Gx0xDF%Ck+dNbAW+5pL9H=YDHPB$23r^6_l zK4A6<;9In|ignUEze&Ugt?=45Vu$`#xCL01I-_q$i0bTYl=Z$Kgqw@Y9pF4SdfA!=os`xLh@c>9G$T>yN67KVP4<(L9B7qO zVYTXT|3u#n58G`3nqO7-C(y|U{wM+Dwu3;IL9-;^WH~axted@KJC^v(OIM;7%qKg2 zN{YRN^^}u`#|jo(g~>kRHy_1}%@QPLo(FW-djS>lg4;)QOA4TRG(Rel=x06-wGXKI z_2^7OA4%J3V=187rLAZI-qh*ioSR$z?g;VEidXOd`T0USDYXgcmsGhhU$j-AMAN5(L<^pMfQ}H;7JKS$c(pcjiwRRGYSDn< zV6-LXi#jb<`$pf5qgk^-5U>M)m4Q`kB>yCo`$ou)c9GQcTt-WJ`N&F=zxF53s^?B$ z8NG9|ThM+Y5o0R)AGZ~OGbw_zAJa;fTHdBi>IMW!E+73I8`GBSAG$}roHWSDT0v>l z%3ZLt9PV>jmR$%S2A8N7*F}t6n`#WMhcC5x<)*%W(qJz1WEBuc91}Q z)6?=9S?%O5f}P+Y6PM#B1c!mPuIi2oZFq2*$xX;0VKG#ZgMiA8;|8&A+JMP0;?~vrT09E`MgAA!B*I z<6>}H@Kiu#vqae&3u@6a`WAow;lQAvth$@KV3TvE{HX*_v5&J9d~5Idbw13j2crS7 zJJj;eSeBylpc<8hu;}d#tPIL1*nigbM@CNI`FbK<%uEO%?+c~#RxZw>sdIl{;X1=ZI7cHb`nWmP?KN7#T)e}$&{EUN|rJ#>6?^>M=q#c8UK z==0Mycs@QhFQkbP0x-kdcjd(F9Ei{d_iUpr^g0Dn1M(` zv+0^nxKOxZ9Z7am!U^gt&nK~omU)F0h?mkWX5bcs*>NR_p1+eKYIZtw-h10q=T#jh zzLu;WB*`?and4jLyL$NCF`rr@^$b=xrl>EHS`^n~N&pw8_SW7i7J&!xb(5XWSH4LQoaFKov3dZ7=Vfvm`CV=c@xv1rhB_RMz- z_n~F=*mX?%_4D_4v+s)2n4UkUr#D7;224ti*w}P`9rI@3s(fW@_eR0dy&i(E*S<~7 znbfmM)&nSCWSs*T7*LUV=H~urt|bloI~;FNBaf0}#s}$5%Aby2+aA4{!7ylEm3skS zvw^VgzC4Sz#24~`uYBNn=h$LdMpa4X4++ea54HVaOIS4-eD}r-w9E0gIWLBh)b@#( z@JRa%Vdr3xB!pbT{H~_eQ&B5p4AyGAlQA(UR!B-kMBFV&+SDzC)(kJ$6RjAwnVdm~ z4B8a>Vvs4r63pD9*>n;?wb!Of1#|)?-Rr*J_6-adXZ~2&>j>@4A%eURm<6sIq~Azv zX54;%Z>ub3{QMf6&3qz0{rb-53q6&(owce}w788-odwB%Ijr@wZy6S$Qu z>=!_$H{~mNJa}-iHdeS3hKh>8&vuc6({a+vVs?<;kI99K8_Vw+Px4=@%4yjhPE*Pt z;;$Rn15zW462>ns+YWV%M|OhJtHQVs^9KMrlKHDbk^zNvB5Jl@yttupYkptGHb$Xw-HNUsP;t!)0QG#CQKG z|0U|5=-yJUWj5%uJ*mw=X>2gr+U#$8T1$Z43+Z%q#j$KA#9z!I(owNTRP21WGTa-x zhMSnD5e$nky&d?XV)iZ%H`tAHmWIj@C-srQf|kd%ZL!LoARuQuqCr`dwb=cX5@@I?v=xM$ijUxmgLOMjCI=EUMz<7Z;q~>F|cC*uTLzqL&1?QA@ z{~Ri+l0EC1+#6s1g#k;F8&9%+<+%)Nybn8*V70mu&6(oN@a6rp)UnMrrh_j?nC0!O z{$$e*K4;s*X8F_kKfjI@UTw>jfot{&?D~OhlMs<^KPnl)!U9`5dX))(RKAlco*ROP&ca1NEvlzDf86039tI7I918ld@tk^L})r zm;^6?J3u>#9T~j#p_kRK*6baZD?{XHN_J9}m}C(h^`aXmyKeW%y^@?mb^Y4i=luOH znKnnSr(`g9#6VC!RWT0hrJ(enC55kN z%&*xwhQl5XV@w>;LtI6|17i-g?EvAl@FQ5bodfj9UbC$36pQgXVVSTa){kelOD)V> zCP{}Pcg6N4j2$~W@+CrGi35h|6`Ag$n&})9#|t3g5hP&BRKI?>8zR8t8T38Y7F#vI zB0o91uNVd|C*jatz(S}sG?9`+9u5=}XaOzow5K}m>3zD79d2jeFDL5+S7Mf!O7i;_ z94p#$qL?&2dostyo&)*s=*3dTpfap;s$ABT2GVr+`m8L(%!6>tL|b^QbiOJ}_6jk} z<}@n5g@&zPgW41GKY?(*&@U)?+yo=Xt(c#~0v8=;uVh_%`95Ks!*=5{8sfjs6o^cH z`{3)n_%q@V1kmO&;yom#Y+oD-v24D(b%CGN?xz%q#vFH?cMBz+aKteR)@4By!@}4I z9u?UM-jo4q2{k5tQ@iG0hHqgU;(BZJQy`6;Lwm7vXW?EV`Iw)S+6UjK8Jt$E^3&7{ zDAWk6sixg}w8BDg?OPjQ78@}LqRP*@!~JsA$INuc74(V{WlBfRVqRitNI2kaKv)v2 z$fhSXW(jvkw((=LhfoCs9zI^%0Cw>m(Gxv~MRW@sgzjTNp7#OGL4vDIwoaby>gHI_ ztpj`nwYazKGN_9vFNwW{NoS<*`sThARi!}&6k8S}oowL@4LUWP7zc72zR+?i&LqfY zwoV+aUNg>%;8P%LdVhzdG)z%aN?VEHJu<9Czfq2H;6-JvRX@nOK%P4y^38>JzxD=Z zjTZ!eAl${{3^=li0m99%5WF_z&dCZP3vj_oSUl0k>^KaI1@&GJzAJwH`5j%pK5nQD zkI-~GO5s+W6U`|;&yTN!)wCZLHM)LzxmIQbUPcj!DI{HtJp{)9<9uo$L%Z*2X>?yh z3L6};3_>l6MP-{wr7}Oe7}GL-E!m)CzQbFLwWaTp1Y`?7n1&(IorhVbt`|W!XCeiU zt)MYP^?-(xBx45J<{Qy?VWBb$qL?QsBR=ES$a}xR=Ip+q4CB^p)6xkU50wT@JusKo zs~ZaeP9}Zs*aIocsU~NW@7GJ~pB?L?CRAwNYpqSxsxg2{=W&yg$oE>pPnC`CF$Xf;GMwd2^$$FFW!1#k6aiO>4tr<7Q?ybv0)wjpy@gE~Vpk;%%jB!9UA{`0qD& z#K(}s9xR{-?}XK0dZyX9UNVRri%%SZ9O*<_;>q-h`n0;0K#BYgc}WIsTlY_KLy8o3 zk;)r#xVMHthTx&Z20oJYq_W_gnZ+t$SBzF?|5_LxbrIT2g>|gaV3Jco`Vq`zGFwJ7 zMSeVK)0QwKkG`0hitOw0BHJ|8Ib6}U{5XB9ujQx*Ps*GD9DbBa1>YSHJkUyu^4<37 zPV=noL$Ys;tI6&nmyL#*%%XV!Y{Ib66H_r`mar?6s&Q$8LAA@^Xfd-Z;f0Cj6?JV4AmBFHjgb=~wT}nm^(9GzWj9@M!PZxEPzKm-bK^ z_1c`B?O^XJ#-Nm=IdwT)W3^(kY^dm1D~A7^NcT*MPSR3+vfaEove$;?r0wcZj5AG9 z$$_B60>WeuYwg<sSz7?%=I1wi_6`oFem8D^ZwVLo*Yuzd$BcV@`26Z5wo$T zcdj)Fe`rSkti$9n4;eu)PuP(rn~I_`el!{=c_-`I@9EgIS3Jax7eIX5tIZuH~ zpSC>u*z4g$R0%(%{S0VtH)hXT47(X!=*d*Gu?L{_YKyK%C7N%l+!pQGW?sE`u@2Se zVtH)RHSiuQ3wvXnU%&5}{F!?5SHJK+hIS_3k=y06loik9PWUJ)-ditv>F8a~EF&>? z#x2Qk!ib+z2p{Z)p^sc4;-S(&rhd3*vz$Cd@6C0miz{oD1 z%xJb&Z=7al2ce+ZoiRJf_SjAR@RBzubW+W3e0v)aFCLxpim$C|@deC=qKo0n$<$da z;p?V<{aq9j2Zz&M*dkPlkIhNX1sSr+Z)R-@0DlpaoYfkPh5xg4_L;N;w1eGxzJpc) z04@^V_iRDS((HtNG^^P6I|AG-iZCy|@$=y|L+An-&2}^I*I$r5{d7)_UGGs}0YiA@ zeD#7Jpcs`C{*~~AVcW#HH(?Q@q?r8USHZ3+X75F#f)C&-Zm`4ALP}9=FxPW-pgGeS z5y~!PK6)JBd24NaH6w(z%TTG)D;1*LmvXnB5OY1PR~0S_mB_}_q`a6VIo{=vhP+)A zaGa@qBDMHII+tB+)bR&$0I!0DaUXa3Hb6J0qBiN65IDLM)t+o2N?X0S2}o%a;Ib|X zFRTrw%{FfENtO-~qK){wTqz%NofR@RCTjGA%>2wcxdDf%iDvU+36{S+fB4^j_h|X^=m+SlmAFr+n?x| zN{ZSSos|3n0-RX2b8Hk)pzTg?+DdT%UBU>>Uc{!6W3JwiALP=de~Bn*gCl=QVQ`T} z=Tmp8L(j@?jf{#d+8L4N>tE$jnF0d$j2Bh$`-2pvUj1sB32SN}DIeTdF~XYHUP|Q) zK4NWo(Y5&YGGF!ZxHqFhk)J-vrtA{7?&~TPBsrm^RCut+g;_{S#%vUJJdZbH5NaIqDNNi6I!EiRB|BB_0uQ--28q#?g8D zYkNY9;;G)TpWO3#tdetSh5a`wg6m)pJ`2{VN-i@euMXB_fNam7=FF4{t+zlbDtztFb1(B|O7PO(c4z3piVj z-QDU*Fi`Mw1GQmqGov9oAdfdr-64U!hGkKzCeJ=aPPZY==(ThrH)A#g?>QY{P~{8B zL4vtjdp{K*s$BbKZp6RZ1Dtwll3aeVNT}_GdH* z`5w#Ye)(Yq=f#>B!-+Y}Ju?HnWXe-Vd@5A8epd{c(1>bU=A!$hj8BRUPhO#r=bWvD zNzYa+MU+44y{V>rz?eC;Oxtv_ycl?3==m!?tXq9WC3zT836z52_l^AeH~VTi();!? zYPLm(Aaa=x1x-w+Yo?^A$Inm=v2*h(wDOjv;O(g z5Q6{s_nlKOh>jSWodp&?Hope#Z>5>3H?<>r>#^Vdn~9oLUq&O6DlSe3h@DIu_s z>^}Gpg-nSafJQH!fAGTnb@4aC85m}%&ex5Xj=(%hIm#w86WSNezC6J}38+2Ns;kc4 z4!aLPM6DD#`9@)Y6SQNEKJxf|*1+u7pD|0bW468ERkcB)8SK-Kv1b4XM*p&xabnfY z_ORgX`mdu8rf;{9NzxC`4azoaZ9*Kn0NOmUeC6N54BfIvlYWG)6+uXb**;B^j zM@e}Q70A?Sx854x$zTXIHla)6!<+7a9FrS{15gWNZoD1@7iqV8!noi)R907SgNVsv zt$S{HXQ?C_RHud6A*V2iPdiG7HdXoAi70*it&N5ls zW2~>Wac=I&<#^}CT`)R7e)%HO8)h8W8d(icOcC@}e{b}Rd7b~Hxvt)LMcQ~g0NS|f zb9HXNx<I$JvnVxdujZ{~JD+Yg`wFUEJl`S~skrCR`@nE_2xA8(dZZ@U;}Dr>(%@7%dy z3o&3oZosbm?dNc|dgf3U45LaA$He4_4db=OeJC3?lkDvFG9OQJ5D~ty$iQb_z+wT1 zR_EJgv&Gn5Q5lnn&YMy}QES?UqS_}ZqYb0OTx-5#47b;F-JGtDR`rC(b>0Y&SIK9> zNhF=iZ?X<8NldeY4V)ycH(&(a2#pT3JE=eGwKc+=&85d^ne5vkWaxD+SuVCrzqZ2X+PCvHo9!( z(|hO^Rl%8{dM=z01whgBif452zU-LRl;FvIATY+Dq|*J5Z|~oix2f8s^*Jdel#eN# z?_poE%|(t$V#d98iX+gkKwdi<$>LUIftvtFs-&lDF+%XU_oAQ#!vX3QZ3Wp`R$7KE zIDiL1kn$oJvOhev^eK|6TYYg1KnM*r-sBPQO5`2ed^rm?lIJ%)Cglk~I*rMfnQ__N zs%rK1@yn$hvaj|f=QuHAq_lN2IzTCBtcYP=hewJV@SNiCMF#+6`U{pP*Y3EbRtwL# z)49l8(=D$ffFW~5as<~4vlkn`1q(7dFX+};L?*Ee&#_P>1#JdC)=q^l+%TEzRm#-R zmcs0xk9~i98-2X0hR(M(ax|V_!}_=%UthcPRagVk`?=>$by#(4ELpJp%gBe-zGNsT zGcIGqLEV2cr|w0OS=>lkRlgudO?ql`r|8j)DlP1E?QRQc>8>A6>G5~q)^`9Bo3GNj zFR!a(c+IZ5`l{ME;=fFvsdd))WTK2x|LbUdRU=1@5)&?V_-@>DKf5<2>e|bQaMPt? z;pG{Jm$gPCDxz@X|&P^Nf@ zorg~Mi~vCSmPY4A*G(gYm`Afwpj)7@er)pHN~5YF0on7heInJ#?N3*4raVjnj9jWf zNjBrl`=x_%DV90E)R_=A+yZ!g-2?G}8!D<(jp-E=1A(M2ZKki1m>;!QUafo$pQjh- ztHJ69z+BlCR@L<{8g48d_CCA#bV48{nJOT$Kon|ti&wM0;Zd7)04GDD>K^{>{E&% zM8NP0&eWy@^MOb|k<OEM;T<^SKjj;EN z8h(1`UMqnsdlu1ck{ovK`3)F0HeZllDB|I%;hOt-3xkkd&`Ez3MO&#&U(EUW{;z9<-@_-6M%v z39XtD^CTa5X(IN`C4U5yTQ`o7RJ=ZE@>Jdr=!bmZHTTN&z#sAOzD1&Qs41;?185^p z#jtF+9!rq^xbSe_fDJESW8{HH2Xp(BhO{&^uz@8IP>u1Ikkbx0bV?_u)O5G^Hnaw) z<>=+*Z$Wvjpf(|!a8Z*u;G$B#c<4qn^O`6w{O~R zSwd~B$6#jaI_AASAL_;(qrDvM^8zxi$?j!ac8z|c%aV^DyFR59j&_Id>3|KkGzyRB za;9XNfQFhZtQ04&2;yke(){2xJ|p@bW4onr`X05%%$6d-CRj?~fX;8Vkyje!O{tbf zfeHN5MAg@M4P77Pa>q$2DxGO&55-01*B?uBz#AG${@iafQlwc3Ky_rg;UufA103!f zL1+5&_js{M?M1xZJU>hSwe9#Hu;2*92moxa2cWY3-2;VFFf&8>TFY6Rym!HZ2?^rf zqfPiqhsoObBi?EK%!0-`Q9?`38)gDTdm>`tz}|+OrS9<=5vRGIB;^ch1Ve5x+NIg? z%yoT|<*eX${O*MWgLCM$_xABd8(E4|*CXf1VtUCpGn-siu06GvQh=C!d7}%4ac%J3 zo2T|86xC_`M5+U0-thY;wNuAdvOL~iRaK?b+R~Gdp(hy9v;WdikYTm(bC5KzBgph6 zV|&u6iNiwL0Xsljfr9B0$}hItDWu4>GxWD(lttzJgwFKM3~|g_mqyRU%PqHLe0rNj zX6Zo+6BD+UbRwj@Bd%;Zy1c8ifukz4{AzwHChN$W{?qA)7At*_(Y&{pY0%S{ZlyjtkWg)q81aPcr&p97Q^ z1@m5>x9@Aq(+uirufn8IO$>E@`n0ibu~N+3n?#h(a3;$C)!vtfQ=Rtze@Zi+sfLkI z*(RnGN(hxujirTDvTsFE)+GBnPg8c*|_Dobx%K<-XtV*YbW*CvNxjeCpNwTqg&gV_NGOWY+f`^;-@l zlCnxUd&E_?lT=+=P^V1NzBTpwdIXq5myOgtF zsOZ*Ht9ZT@OWM08S<&926f!s!i_=~xlbAJf3P1ILiqE|qtnM|iVz}Ka8oT}6PO@&1 z!iS*AQc^a4pD!rAI*MWM4SC(aIZ4)<8i0+8UNdPnkpF^TA;hx=r44|qwqLuyS=Jlx zIhDJST(G;qx524?(Jr+tF6)73?a-!S!?c}>#2mU_6YoG!RkBo0K7Hi%(Ksm86~kSz zI~$EKA8D$&b(-~Zwi$t`BUukkkv#&JXO|=M^$yI$$K%y%Z>am2NSVw#Z+vpx!#HbN zSUC6oL?LB-In8wmwQ=b((@N66(_#J^bIN{W*|pglEc&U!N47%NB~$uz!kXav<(x~7 z)0(f}Ha{H3|m&uH19!FI)!i^Fk<1M~KwpLJ+ zv!zl}w*pvYg8A6)jQzxv9m|u$kw-3L@#vKCM^&VNoR^I`j^OkNvpgHNNu~kS+IB}s z^mO|p^TKt>1h&c)5|c6T&+KHUw;cmiWW<1V((;zl8Ly2{8~Rn4xQ9 zV-qu>eyrlH_7H54+&M1ou?b?8xE!|0cExBzxlI}CazJV=YIr&+@!6&Yh=H~X(4{Od zm$uF1I`&Ss*v3N8EYtJzMKPmI!+m{y)dG5A$^JtS9&BVieN@=**;{IRCm*@urj=tK zISk@r#sEwykcq`7gZp4~upD3q8qcO`1YneVAZ^>=eS1cvT)7~$dy_=zG(65Yop&dE zqGiu|>}*$daJ%f|iZc5$g1V6pb0_7AtEj3=`19w+@lS<+%le7pIdmMG-_eyKGCpOi zcWez>Yy{=mxl;qbdO!PTTo1OiyrN)P80dqJh>RPbw1P<^4mv_oq>-DSIq@#;+7o8u z%@=8z@nJFt^+)K55!j+*p(a#BwB;30hqm;e`8nG`CauOh-#b!5F8`32O-PWPQ)v+U zU_>kWXx#B%k59jnNw*$()77EmZ1VMEpr7$`ZwE{;UT85Qrs)w3#FAW5ujhfP^F+Cfod3y%aDyBf?-2CkiFv0I{!xf^m!Af3(q63gL!EB>2{jN zI*Mnk8FD)|rbQ{`pBnpcn*?cF%wmGkVKM(x4=r49Um;wR(cGwK(2q`8%)h@vd+v6e zW;pOfmP%t^xBx$?>92)j#oZ9AIZI#jMOjK?(e&rUY8`DlVACF`7dLvk;H8~hSF!~`nr2m9?2?R|jJc%VKaojVr-03cWd;&WmEg#2=={6O}+P%)nRy(Ko!5ceecxI zgmtkA^4ha=s#VLLGwYR}ZiK*<{-#Xlp7!FdtU$#qJSjR@cHmvu3P4PbTpMg1b2CgJ zemcM?1Y1BcPVZ-}7C?ZkTxPv|z~uh&5FPCS&(|nM_q#s6oZ!3sLD^m~5YO?;N#TSE z;oCX()@hKWF~;r~7|g6LDw1xTIs|wP`K|#{nhyG3`;G{Zn~#X61-M_o{}r@|eu}bN zr?Ts~EGY5!EgEyL>EY;|UmNUHO<#jEaXZ4Sqe#5S!uos4+v~QT zj9{LWW=^|hYOLlCjTr=9R3A~3eMO=K`H!>=AT5rDWRb9}!aS@&)i6efHQ9rCEkhY_ zyl{%8gK{tu<>0jlM5wADn?V?+L%XCU_ff)CJ>zBNQ#&|w|xLnqkU&Sdk|;_YBgG2`;reXX$6No&{rE;r@zmrKc1|5|LzvYTV@Fv| z@mD-e2k28>B|{eMHbVgrazFY{?9JO|b?EJnD)T@Ult$R`rt41x z8Wg>Jb$Q1>)YbFsDA`XORt7?83J7X`(YPZvFn#;imkc8YKphfFW$bL5v}3kka78|r zjjX1+@WZzy42JeJK{r9HU$t~Nj6cx}G5Nv+jn&CcM|wtyB*AF~wC2XvHqX10n`4(Z zNeYBYs^zZ4Aez}vz3U~#0rlTW5s%M}os0{aTNfFrdekzYE!QB~+hgR3$hscVcmbL? z&KnJzZI&A@qg~_gCxo7W(K#!)49&-C&g{DE35cYR5$hF05gX<@(9gCqJ$`MWo|#zXz+kUq1?z%h(Zqo|!No453g#Vsd#Mtlq6HNv$6 zaYxI>uVVM#=IYb=cHFaVLRzZ6{4l2+tv=S77pqy@k+$y39##`%Ds(SH6=1ZYZ>5kc zSu|s#+0o%dhI(Z5XN><){G1yCso6=VIjoa)_ePDgO~5(4s-t-e+aBBz*Q%oCaM3zx z2`t1XCi*||WQT{Z{W&W{sR>&u5gp6);9fu!HKV!9c75!&o>uyZAu1bYa<`Qvdce#x z>I78dl`K^gkW?M|l_ZKJnc>vm9nqhF{i>424GOuyj-Ebenr-RM(UD3^Ocaqx^L5a5 zC4kNY&m=W>H>=>8Z{U#)i?GL~Rt)r=T|DVfXYqTLjA7b!<|>j$p zm{~TODu^`N&66pxGD*Wd_+Za)s=w3M1@;{R_4w5yV>8uS^H*m5H~>~7dh6b$tDiVe zmL$c~&Ryt##DZqUOooHRgQqXuv(+*`Ifb&E{^+#(9UITDuN>Fe)h33lfa}0hH(3ig zXqsLHQDoQDzHeO;+mK;M)1I4Wb5|BP(riC!g4SAzfE!P#E_CM@6B?(KPgYAbJU6zn zfE`8jr3E~F9;B-cfjjK}n}Rs(KU6=+A`JlKpp2 zTP-j)IRQv+t?$U~;^|1otypv##5lmoe(h2MAMy`2-zgQpjEzGch>+9o^^xG_+z9m* zF^zr~TK2j3OW&Wd1OZ?bG|5__ws;Nt2APyIx&tZ*vOhggR|G2P4Y>+(6N>_0UD1Ib zN2Hpxxv}D2O=EBvb5t=+6xPc=xY@*(3BQhNxSdYM-gsE~e*6OGp68KzjgiMjw}993 zjD;hVJ7Asn(zx*H7TO4=zzZKeB~K~>kO$QYAv0HVHrup5xM|1V;iHN>n)yOSH0OPpe5-^2G`vQ`ib*%Gm=!!eh?)LAjxfTR>4R7(MPX8GFzFyY*R7>i+F%ux zdq~ZRAw-?Mz9f{kxI5S=8cSu5+3ww(>8WB&e^RYcMoS5eS+YHPLQ4(zFOBP%T3pY= z1K%D%)FF!mu*VbfeyA#X-+G(Rh&uo9Os{2ch@Qj@#>5(Ijz}k%k=d3!-P!wmfG?mq zsO5-n2ham4 zVxsY5%*mOpY$^9XBvlUgFXS%caw!|8M?<-hA9Y0a73 z$0#e0A-W(<0BvaJz$BTjAXNmy`SF*#*~K#jHh>!7980Xaw()Aw_BSpjwBQ%o_pz}Q z-cq`hn#EOEMU|vL5vu9cl0_C@z4Cgpj$o9|J^*#Hg0|>q^&wZ781A4|&2}Y_#o(^K zAITi9RATaLUKheJ{*8#I@2f(0BM6@O?rSDm&joH7Ytb?640|61H0WqW1H;XjYAa#= zf?c_r3~Vv#X+?z%Vl6t3$ap|Gr{6nNievZfO{zwa9Iug#ECy(JDwE~<$65{{S%3i5 zE={$>m8`5xma{S_Mqhy@v|Enl3y&J2s-H!?e~hROK~pQ{FvMGudMHbeh_sO|nH=*p zizXQk(x{`?45oSg&hBPx`aly_xb*5eHLgd=(N01gJ9m{nL1z7V z*}!>JQFia{#t3!&&Tc%wm4WT1tZp1um>buDYsy=hsjhVdU5$Gv0}Y)c?7!98)v>9y zVhZwB3yXJ{WO-hv!8s_+GAwg;SqVt%%_9ujSBBuy+lC%IJ1M+Z0k(sx*dQf%q4F~8 zG5KF|MYWixUHmL>Xlff$czf#9&{FV2{PM(^k(K2)E(|XRXT{(Q3RR`+`@S-!h;GE~ z=@)*)YHLN~VU_kMg?CCf+II{2^VEA7Gk42u31mqsA9A~by3jfPv1Xyu!+I?+$rsBB;j(CI+8WSFCi61UY^*1yAb6i(EFwg6(iPDvlRU z^Qco%(?Nx)OFACW9&|hhS0GD>1!;i1m4Mbt*3+;Acn9H`aA8Ijiobr* z5#els2}k-ibLbzWS_wRzd`P=#=mrZ>p4Bfea}DUW{$HMKkS~>*e9}UYB8U1k0VJ_) z6qHmONxH7d$w8m&POdr`OmQ-{K1o>_s;iGpECQ|(Z0S*_qrv;9!$QOmg0^F{mQL;$ z$oPHii8=y`{0ImxWZzYx!2=iT$N=>p1?p~Hy9UZxcy4CzPPJhVg8xpg2UE+8lZeci zG%&>D524{WAidf6w!PVS%!oE_=VX)g=lNuB03#PvSFYMI(TXK3Y{h6gIx#WCfa<1r zxBHQi073IlI}u!l=td2)F_UgR>HFuv#M6CkTUV3m2as_HrVBtG?+DtdI~=iqYZjze zQPQ#7)-wZmhkSvgw%$brC?!yf(6wjho!yjyS#0x$tZ5OX@y4(2Zq)E>)S%-StV{XWi77H}hg;7EV5FXRZ zdg<03PxKFrMA}@C(}iw@*&E-SfXXSzrufG$=MaN{K6`*_fA;+@xbw1(pU^v-Dm@;iL7}2~Sfr!;%;_$-= zvQycwUW!;xylC2QErjIc2TJulj`hLhp}Rqf1EjI;00_DQjagJ>lt@DIIryTAv5Pp% zHfvEsL~NThTYMIB0B6vqaS~}asGVpjJTS^g53H`!BW~6PR4&MQ)<8Vw6x8F~YXM#N z&6N@JxjKF%1ByF5V6^tNEL$uOYoO&0I~&I@=KIN8%)oo&!tlNUZgdxodkLeE28;Yg zwG41YdfJ^s#9OS!xs`YfaIImHL;n>;{@`KM!7Xwdqcbpnxt*xRa@_R&Un|N~LO*$h z>FfQgOG?25S2UG`wbd>q6&e7qHG{>@EfN_2&Z6t`lH5T>`?PQ)Lk%?#16bb}H=Nxf zv-9SI?b6E0el%Ppil>G4WnASW`Pn!v8#0$gUmPl1x4G%+7WaZRBY=g(!L8|AN5P)^ z5`mB>$W0IZ_$IJR7+}4OFpRaFvJrH(R%c(u6}R`nhAk!;v{g+aWX?9io-nV-K$0QJ zfSB!~aSQquLjDt27U_*oJ5@Uh2Uh`>aK6yRfOu*Jrgg>P92^j{#6}4>T8zMg_wZ$H zZ5%e?_>MO-eYR^*Va%wqUz38W0r(e0z^|20S z8)O4qRw?155MvSpOU#spOY2zE^kAN0r<2m~)LUY?87`t-E3rRJ&k%e7h=z^mVW3q?)`YR!xXU{@fUmuGU zW@3V{xRnaib=leOw+E$=9lM}~iCl*Kct<>WAq%*QtUC;1B&lZ|bdvv!&K*SG2?O+K z93-*V0^X1TL4aVfi8PUkDNmNg4&u^bI)Nf-o}#P9bO1W;9q?r1{E<8Dy6SMw!VkWp zAyhJCZoo9;(Tpl(dm2S;rqFkTE$)XH-)PNFY?nt`TCO7kkGxQ&?E4E`C2K$h`Tp zv$tSm_}7+FEr3R!-$(~cw5kWQO4v0yk!7fU{)gE%fhK6;?A4G#$iqOeMlD^J7*Zt6 z0ljKIvi-t^Y`du;7K3Pmi3WLObP{BRByGBKwC3o@ruub>a~lwg8j1SY@OTH96nSte zpvz5OCnOX6vc9 zTNs0II!cho1`MW9_jemGIRVM`>X_>2e<{!-)*eJ$RgEnM1_+Z7}n>kzyTz#`7|K8t0DPX|oNB8G2eZ_xD>srkmpRM=|4W^8BTSxuul14um|qz-hM# zi~?7RG5t_iTPvrQ{~2(7W&fSX0$3dbM3|)HNGy56 zm^xx(*Zwh#f8YBpmm_Q84a3n{Sowd6W02oO1*3=OI=%x&>L5I)whTOZx#t=?02RfE zx|d3Ce*B?P_J8g+OEv!q!3Z<_{BnuFb1^Ip-?4_wkU{K)KM)T7NlT%7_r_o@o6YFI zZFs*a;5b+n#v65R+TnGR*xC_!c!2SA&@H0KRk?fB!h=CXcgUTKZ&+_e`cupUU}*y_ zRvuB7!aXFs&?>r>GGn7#hDBC3#bHG#>C_(1S-tg?8HV-RD(&C)M)yTndU^A6$Mht% z(HA!)mtV>kXYZ2;y>D{l$d#wkh-BmJ*Q%&(La6M&1jTxB!8=KNa}TSL_i8;qlrIe6 zB2o6S+cz#OMjk!O2(X!B^A1}iTqJ@7?T`&JI>F`e6OYuk1#}w;+P;H1Etq5Z96$N+ zvl|hOA!c+;yyz;KB}SEC?w{Vk|Dp+pLRJvg8WCBGnh*yl{VaL43G(6LU> zdRh;`3oyZ9D^BHu=5ex?mIX+zg1Sf)|26AHnQ%-@zK&u;Cs}T-QpG z=iB8mcqI*i`kzh@XUn53#Agwi91zk*gKdX}Ru|`6w>maJ7YH2O%Ekv)DHxL88x-ab z4)o~H9IJgvE@xf1Ge8z3YpsiL;w= zZEX}`nK9p0_&l$q^&Qq#L=!{*#odZgT1~za4Pj(PY81AzCQqafqc`A-KmjB()#gas z&q^{l>*)zoDQ%O4?}riJIc7)#yR1GrWAT;~w^JH(g1&~PzRk`P#$cxO`H=Td1vLCy zg_gFKV-s6l;7}%l;{$saPl#MlRvzSrA}V&2mPdwz62KeqO1_RHWfa*->TWzIUR2bw zx};!56BeKQdhyXW(W@^7|$XuhxzRBcN;PP%Tw>q2mv zJ3Cc`bF!UuGsMSm;ey<4FjNai)&2<6cc2XgwSum9f* zeH!im(`z4X2ADxUxX;9v1q~#G!z2C2cg3*lLnOjC8rgI=ya>M?JL?Z|-8nse1~c>5buOp`P@};jcBtH@48rt#V#T^?~!U~-SDSx-OEDQ@)vQ9CDZ$#3}o5TjZHar)Bq@1v+w3CVrChKn?>Gwq$vSA98` z%e`)Eqibc|Y_^=*lJGU~ZCL5q0xcM}*MB*eH5yRnKR{7cmc^E3zn*xkx5%w}Y}BUM z(omeL@E!EdR$H#hI69oN7X~nx2_!P?!Gsaq^dO{~LA_&&4^&L926IFS;c3^l$1uS-i6s z`4)wCs0O}N>V(j4*VWD;pV~&FP<&4j{!CGl@3go_6*gE|)ZBWXnbb8BLf%c`-Q43E2ar4kaei)(%<5(EW0MDwKJ6r2vharsrorWgqnZoL19m*Bqf7(W@ImIL1f!z)CN9AWd&* zq&L3)kCvF1jq>~wN7=)D^^@dHTi#{hgsb%#9kXhE|J!8=&HEBVlH&0m{uV|!7p>d2 zM{Lu~mALQXF1l?A^;=u}aClD6fXR55jm`F77g5uz(spJ}i4_zGI6Jo`b9u%ZymknP ziZ)L^8*vjbHB}K>LPf`D&A*hUUFMbrs6_>^?(?5YIOw>wwYyPKlE-Ly}8_fccR zqeaD*ifX1thbihzl&Y$QN8g*tE!Jszb6*cgR9CAAe?x6Gp-I9ar}KI72l*)9iI*RE ze?JybB2-Y&GOD1!J9xgJU>5O?H?muzrYBo=&U09^1>Wj*j@7fF4*u3O&UpQ-D@EP7 zDbH&-FP`=)c=|y*?~84(YL19q>78X(@8sjpwq+i49MitiW?sx*M2(Kll}5jRFEz^< z=&P+Y59Ac`AiAYW4+k+^Y${#GoC~D)I;gK-KY-NBQwbspHNI0W6OG-esotHm(K-Gj z4a0nY@V+pVV$Y3-$HaI)a!u!ea<<#nC1Q$?ueIagEiyLH;y`UcCZ2iGt@RG5lW)6*uV1+8tTMa>pd$6Tzf zmhY+P>+>?jT6A77u08*$lQQ2CuV76xNh_-+>+h(y=Wa%%$wbaqkQ%H z#0vz@*faX?MVFQJ6dLk;OZnPHMVY&}71?<-$RhPHQmUt3E6Vrl@8NF6BTiK4-B%C8 z*{p)rcBkss`tO@5E_p&mMVJ$(*IuWnz%#?%^mYq5RW(aR6=NTjGwg*2wC?#HVM|M# zZJ|ZSsty*5dYm~#Z#cZV%x1NS$oXHisnFtPCmnqQ9eqQ`{72U+YxdXvww9twpM5#K zIxOsDN?L-4$Kf@*7E@hqbowzZH@D4EpFf*)mLyivwci^r;>KOQs)S3uO Note: If a NoOp mempool is used, PrepareProposal and ProcessProposal both should be aware of this as +> PrepareProposal could include transactions that could fail verification in ProcessProposal. + +### Sender Nonce Mempool + +The nonce mempool is a mempool that keeps transactions from a sender sorted by nonce in order to avoid the issues with nonces. +It works by storing the transaction in a list sorted by the transaction nonce. When the proposer asks for transactions to be included in a block it randomly selects a sender and gets the first transaction in the list. It repeats this until the mempool is empty or the block is full. + +It is configurable with the following parameters: + +#### MaxTxs + +It is an integer value that sets the mempool in one of three modes, *bounded*, *unbounded*, or *disabled*. + +* **negative**: Disabled, mempool does not insert new transaction and return early. +* **zero**: Unbounded mempool has no transaction limit and will never fail with `ErrMempoolTxMaxCapacity`. +* **positive**: Bounded, it fails with `ErrMempoolTxMaxCapacity` when the `maxTx` value is the same as `CountTx()` + +#### Seed + +Set the seed for the random number generator used to select transactions from the mempool. + +### Priority Nonce Mempool + +The [priority nonce mempool](https://github.com/cosmos/cosmos-sdk/blob/main/types/mempool/priority_nonce_spec.md) is a mempool implementation that stores txs in a partially ordered set by 2 dimensions: + +* priority +* sender-nonce (sequence number) + +Internally it uses one priority ordered [skip list](https://pkg.go.dev/github.com/huandu/skiplist) and one skip list per sender ordered by sender-nonce (sequence number). When there are multiple txs from the same sender, they are not always comparable by priority to other sender txs and must be partially ordered by both sender-nonce and priority. + +It is configurable with the following parameters: + +#### MaxTxs + +It is an integer value that sets the mempool in one of three modes, *bounded*, *unbounded*, or *disabled*. + +* **negative**: Disabled, mempool does not insert new transaction and return early. +* **zero**: Unbounded mempool has no transaction limit and will never fail with `ErrMempoolTxMaxCapacity`. +* **positive**: Bounded, it fails with `ErrMempoolTxMaxCapacity` when the `maxTx` value is the same as `CountTx()` + +#### Callback + +The priority nonce mempool provides mempool options allowing the application to set callback(s). + +* **OnRead**: Set a callback to be called when a transaction is read from the mempool. +* **TxReplacement**: Sets a callback to be called when duplicate transaction nonce detected during mempool insert. Application can define a transaction replacement rule based on tx priority or certain transaction fields. + +More information on the SDK mempool implementation can be found in the [godocs](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/types/mempool). diff --git a/copy-of-sdk-docs/build/building-apps/03-app-upgrade.md b/copy-of-sdk-docs/build/building-apps/03-app-upgrade.md new file mode 100644 index 00000000..541530a1 --- /dev/null +++ b/copy-of-sdk-docs/build/building-apps/03-app-upgrade.md @@ -0,0 +1,218 @@ +--- +sidebar_position: 1 +--- + +# Application Upgrade + +:::note +This document describes how to upgrade your application. If you are looking specifically for the changes to perform between SDK versions, see the [SDK migrations documentation](https://docs.cosmos.network/main/migrations/intro). +::: + +:::warning +This section is currently incomplete. Track the progress of this document [here](https://github.com/cosmos/cosmos-sdk/issues/11504). +::: + +:::note Pre-requisite Readings + +* [`x/upgrade` Documentation](https://docs.cosmos.network/main/modules/upgrade) + +::: + +## General Workflow + +Let's assume we are running v0.38.0 of our software in our testnet and want to upgrade to v0.40.0. +How would this look in practice? First, we want to finalize the v0.40.0 release candidate +and then install a specially named upgrade handler (e.g. "testnet-v2" or even "v0.40.0"). An upgrade +handler should be defined in a new version of the software to define what migrations +to run to migrate from the older version of the software. Naturally, this is app-specific rather +than module-specific, and must be defined in `app.go`, even if it imports logic from various +modules to perform the actions. You can register them with `upgradeKeeper.SetUpgradeHandler` +during the app initialization (before starting the abci server), and they serve not only to +perform a migration, but also to identify if this is the old or new version (e.g. presence of +a handler registered for the named upgrade). + +Once the release candidate along with an appropriate upgrade handler is frozen, +we can have a governance vote to approve this upgrade at some future block height (e.g. 200000). +This is known as an upgrade.Plan. The v0.38.0 code will not know of this handler, but will +continue to run until block 200000, when the plan kicks in at `BeginBlock`. It will check +for the existence of the handler, and finding it missing, know that it is running the obsolete software, +and gracefully exit. + +Generally the application binary will restart on exit, but then will execute this BeginBlocker +again and exit, causing a restart loop. Either the operator can manually install the new software, +or you can make use of an external watcher daemon to possibly download and then switch binaries, +also potentially doing a backup. The SDK tool for doing such, is called [Cosmovisor](https://docs.cosmos.network/main/tooling/cosmovisor). + +When the binary restarts with the upgraded version (here v0.40.0), it will detect we have registered the +"testnet-v2" upgrade handler in the code, and realize it is the new version. It then will run the upgrade handler +and *migrate the database in-place*. Once finished, it marks the upgrade as done, and continues processing +the rest of the block as normal. Once 2/3 of the voting power has upgraded, the blockchain will immediately +resume the consensus mechanism. If the majority of operators add a custom `do-upgrade` script, this should +be a matter of minutes and not even require them to be awake at that time. + +## Integrating With An App + +:::tip +The following is not required for users using `depinject`, this is abstracted for them. +::: + +In addition to basic module wiring, set up the upgrade Keeper for the app and then define a `PreBlocker` that calls the upgrade +keeper's PreBlocker method: + +```go +func (app *myApp) PreBlocker(ctx sdk.Context, req req.RequestFinalizeBlock) (*sdk.ResponsePreBlock, error) { + // For demonstration sake, the app PreBlocker only returns the upgrade module pre-blocker. + // In a real app, the module manager should call all pre-blockers + // return app.ModuleManager.PreBlock(ctx, req) + return app.upgradeKeeper.PreBlocker(ctx, req) +} +``` + +The app must then integrate the upgrade keeper with its governance module as appropriate. The governance module +should call ScheduleUpgrade to schedule an upgrade and ClearUpgradePlan to cancel a pending upgrade. + +## Performing Upgrades + +Upgrades can be scheduled at a predefined block height. Once this block height is reached, the +existing software will cease to process ABCI messages and a new version with code that handles the upgrade must be deployed. +All upgrades are coordinated by a unique upgrade name that cannot be reused on the same blockchain. In order for the upgrade +module to know that the upgrade has been safely applied, a handler with the name of the upgrade must be installed. +Here is an example handler for an upgrade named "my-fancy-upgrade": + +```go +app.upgradeKeeper.SetUpgradeHandler("my-fancy-upgrade", func(ctx context.Context, plan upgrade.Plan) { + // Perform any migrations of the state store needed for this upgrade +}) +``` + +This upgrade handler performs the dual function of alerting the upgrade module that the named upgrade has been applied, +as well as providing the opportunity for the upgraded software to perform any necessary state migrations. Both the halt +(with the old binary) and applying the migration (with the new binary) are enforced in the state machine. Actually +switching the binaries is an ops task and not handled inside the sdk / abci app. + +Here is a sample code to set store migrations with an upgrade: + +```go +// this configures a no-op upgrade handler for the "my-fancy-upgrade" upgrade +app.UpgradeKeeper.SetUpgradeHandler("my-fancy-upgrade", func(ctx context.Context, plan upgrade.Plan) { + // upgrade changes here +}) +upgradeInfo, err := app.UpgradeKeeper.ReadUpgradeInfoFromDisk() +if err != nil { + // handle error +} +if upgradeInfo.Name == "my-fancy-upgrade" && !app.UpgradeKeeper.IsSkipHeight(upgradeInfo.Height) { + storeUpgrades := store.StoreUpgrades{ + Renamed: []store.StoreRename{{ + OldKey: "foo", + NewKey: "bar", + }}, + Deleted: []string{}, + } + // configure store loader that checks if version == upgradeHeight and applies store upgrades + app.SetStoreLoader(upgrade.UpgradeStoreLoader(upgradeInfo.Height, &storeUpgrades)) +} +``` + +## Halt Behavior + +Before halting the ABCI state machine in the BeginBlocker method, the upgrade module will log an error +that looks like: + +```text + UPGRADE "" NEEDED at height : +``` + +where `Name` and `Info` are the values of the respective fields on the upgrade Plan. + +To perform the actual halt of the blockchain, the upgrade keeper simply panics which prevents the ABCI state machine +from proceeding but doesn't actually exit the process. Exiting the process can cause issues for other nodes that start +to lose connectivity with the exiting nodes, thus this module prefers to just halt but not exit. + +## Automation + +Read more about [Cosmovisor](https://docs.cosmos.network/main/tooling/cosmovisor), the tool for automating upgrades. + +## Canceling Upgrades + +There are two ways to cancel a planned upgrade - with on-chain governance or off-chain social consensus. +For the first one, there is a `CancelSoftwareUpgrade` governance proposal, which can be voted on and will +remove the scheduled upgrade plan. Of course this requires that the upgrade was known to be a bad idea +well before the upgrade itself, to allow time for a vote. If you want to allow such a possibility, you +should set the upgrade height to be `2 * (votingperiod + depositperiod) + (safety delta)` from the beginning of +the first upgrade proposal. Safety delta is the time available from the success of an upgrade proposal +and the realization it was a bad idea (due to external testing). You can also start a `CancelSoftwareUpgrade` +proposal while the original `SoftwareUpgrade` proposal is still being voted upon, as long as the voting +period ends after the `SoftwareUpgrade` proposal. + +However, let's assume that we don't realize the upgrade has a bug until shortly before it will occur +(or while we try it out - hitting some panic in the migration). It would seem the blockchain is stuck, +but we need to allow an escape for social consensus to overrule the planned upgrade. To do so, there's +a `--unsafe-skip-upgrades` flag to the start command, which will cause the node to mark the upgrade +as done upon hitting the planned upgrade height(s), without halting and without actually performing a migration. +If over two-thirds run their nodes with this flag on the old binary, it will allow the chain to continue through +the upgrade with a manual override. (This must be well-documented for anyone syncing from genesis later on). + +Example: + +```shell + start --unsafe-skip-upgrades ... +``` + +## Pre-Upgrade Handling + +Cosmovisor supports custom pre-upgrade handling. Use pre-upgrade handling when you need to implement application config changes that are required in the newer version before you perform the upgrade. + +Using Cosmovisor pre-upgrade handling is optional. If pre-upgrade handling is not implemented, the upgrade continues. + +For example, make the required new-version changes to `app.toml` settings during the pre-upgrade handling. The pre-upgrade handling process means that the file does not have to be manually updated after the upgrade. + +Before the application binary is upgraded, Cosmovisor calls a `pre-upgrade` command that can be implemented by the application. + +The `pre-upgrade` command does not take in any command-line arguments and is expected to terminate with the following exit codes: + +| Exit status code | How it is handled in Cosmosvisor | +|------------------|---------------------------------------------------------------------------------------------------------------------| +| `0` | Assumes `pre-upgrade` command executed successfully and continues the upgrade. | +| `1` | Default exit code when `pre-upgrade` command has not been implemented. | +| `30` | `pre-upgrade` command was executed but failed. This fails the entire upgrade. | +| `31` | `pre-upgrade` command was executed but failed. But the command is retried until exit code `1` or `30` are returned. | + +## Sample + +Here is a sample structure of the `pre-upgrade` command: + +```go +func preUpgradeCommand() *cobra.Command { + cmd := &cobra.Command{ + Use: "pre-upgrade", + Short: "Pre-upgrade command", + Long: "Pre-upgrade command to implement custom pre-upgrade handling", + Run: func(cmd *cobra.Command, args []string) { + + err := HandlePreUpgrade() + + if err != nil { + os.Exit(30) + } + + os.Exit(0) + + }, + } + + return cmd +} +``` + +Ensure that the pre-upgrade command has been registered in the application: + +```go +rootCmd.AddCommand( + // .. + preUpgradeCommand(), + // .. + ) +``` + +When not using Cosmovisor, ensure to run ` pre-upgrade` before starting the application binary. diff --git a/copy-of-sdk-docs/build/building-apps/04-vote-extensions.md b/copy-of-sdk-docs/build/building-apps/04-vote-extensions.md new file mode 100644 index 00000000..f20ebde6 --- /dev/null +++ b/copy-of-sdk-docs/build/building-apps/04-vote-extensions.md @@ -0,0 +1,121 @@ +--- +sidebar_position: 1 +--- + +# Vote Extensions + +:::note Synopsis +This section describes how the application can define and use vote extensions +defined in ABCI++. +::: + +## Extend Vote + +ABCI++ allows an application to extend a pre-commit vote with arbitrary data. This +process does NOT have to be deterministic, and the data returned can be unique to the +validator process. The Cosmos SDK defines `baseapp.ExtendVoteHandler`: + +```go +type ExtendVoteHandler func(Context, *abci.ExtendVoteRequest) (*abci.ExtendVoteResponse, error) +``` + +An application can set this handler in `app.go` via the `baseapp.SetExtendVoteHandler` +`BaseApp` option function. The `sdk.ExtendVoteHandler`, if defined, is called during +the `ExtendVote` ABCI method. Note, if an application decides to implement +`baseapp.ExtendVoteHandler`, it MUST return a non-nil `VoteExtension`. However, the vote +extension can be empty. See [here](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/spec/abci/abci++_methods.md#extendvote) +for more details. + +There are many decentralized censorship-resistant use cases for vote extensions. +For example, a validator may want to submit prices for a price oracle or encryption +shares for an encrypted transaction mempool. Note, an application should be careful +to consider the size of the vote extensions as they could increase latency in block +production. See [here](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/docs/qa/CometBFT-QA-38.md#vote-extensions-testbed) +for more details. + +## Verify Vote Extension + +Similar to extending a vote, an application can also verify vote extensions from +other validators when validating their pre-commits. For a given vote extension, +this process MUST be deterministic. The Cosmos SDK defines `sdk.VerifyVoteExtensionHandler`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/abci.go#L26-L27 +``` + +An application can set this handler in `app.go` via the `baseapp.SetVerifyVoteExtensionHandler` +`BaseApp` option function. The `sdk.VerifyVoteExtensionHandler`, if defined, is called +during the `VerifyVoteExtension` ABCI method. If an application defines a vote +extension handler, it should also define a verification handler. Note, not all +validators will share the same view of what vote extensions they verify depending +on how votes are propagated. See [here](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/spec/abci/abci++_methods.md#verifyvoteextension) +for more details. + +## Vote Extension Propagation + +The agreed upon vote extensions at height `H` are provided to the proposing validator +at height `H+1` during `PrepareProposal`. As a result, the vote extensions are +not natively provided or exposed to the remaining validators during `ProcessProposal`. +As a result, if an application requires that the agreed upon vote extensions from +height `H` are available to all validators at `H+1`, the application must propagate +these vote extensions manually in the block proposal itself. This can be done by +"injecting" them into the block proposal, since the `Txs` field in `PrepareProposal` +is just a slice of byte slices. + +`FinalizeBlock` will ignore any byte slice that doesn't implement an `sdk.Tx`, so +any injected vote extensions will safely be ignored in `FinalizeBlock`. For more +details on propagation, see the [ABCI++ 2.0 ADR](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-064-abci-2.0.md#vote-extension-propagation--verification). + +### Recovery of injected Vote Extensions + +As stated before, vote extensions can be injected into a block proposal (along with +other transactions in the `Txs` field). The Cosmos SDK provides a pre-FinalizeBlock +hook to allow applications to recover vote extensions, perform any necessary +computation on them, and then store the results in the cached store. These results +will be available to the application during the subsequent `FinalizeBlock` call. + +An example of how a pre-FinalizeBlock hook could look is shown below: + +```go +app.SetPreBlocker(func(ctx sdk.Context, req *abci.FinalizeBlockRequest) error { + allVEs := []VE{} // store all parsed vote extensions here + for _, tx := range req.Txs { + // define a custom function that tries to parse the tx as a vote extension + ve, ok := parseVoteExtension(tx) + if !ok { + continue + } + + allVEs = append(allVEs, ve) + } + + // perform any necessary computation on the vote extensions and store the result + // in the cached store + result := compute(allVEs) + err := storeVEResult(ctx, result) + if err != nil { + return err + } + + return nil +}) + +``` + +Then, in an app's module, the application can retrieve the result of the computation +of vote extensions from the cached store: + +```go +func (k Keeper) BeginBlocker(ctx context.Context) error { + // retrieve the result of the computation of vote extensions from the cached store + result, err := k.GetVEResult(ctx) + if err != nil { + return err + } + + // use the result of the computation of vote extensions + k.setSomething(result) + + return nil +} +``` diff --git a/copy-of-sdk-docs/build/building-apps/05-app-testnet.md b/copy-of-sdk-docs/build/building-apps/05-app-testnet.md new file mode 100644 index 00000000..a9fe93d9 --- /dev/null +++ b/copy-of-sdk-docs/build/building-apps/05-app-testnet.md @@ -0,0 +1,235 @@ +--- +sidebar_position: 1 +--- + +# Application Testnets + +Building an application is complicated and requires a lot of testing. The Cosmos SDK provides a way to test your application in a real-world environment: a testnet. + +We allow developers to take the state from their mainnet and run tests against the state. This is useful for testing upgrade migrations, or for testing the application in a real-world environment. + +## Testnet Setup + +We will be breaking down the steps to create a testnet from mainnet state. + +```go + // InitSimAppForTestnet is broken down into two sections: + // Required Changes: Changes that, if not made, will cause the testnet to halt or panic + // Optional Changes: Changes to customize the testnet to one's liking (lower vote times, fund accounts, etc) + func InitSimAppForTestnet(app *SimApp, newValAddr bytes.HexBytes, newValPubKey crypto.PubKey, newOperatorAddress, upgradeToTrigger string) *SimApp { + ... + } +``` + +### Required Changes + +#### Staking + +When creating a testnet the important part is to migrate the validator set from many validators to one or a few. This allows developers to spin up the chain without needing to replace validator keys. + +```go + ctx := app.BaseApp.NewUncachedContext(true, tmproto.Header{}) + pubkey := &ed25519.PubKey{Key: newValPubKey.Bytes()} + pubkeyAny, err := types.NewAnyWithValue(pubkey) + if err != nil { + tmos.Exit(err.Error()) + } + + // STAKING + // + + // Create Validator struct for our new validator. + _, bz, err := bech32.DecodeAndConvert(newOperatorAddress) + if err != nil { + tmos.Exit(err.Error()) + } + bech32Addr, err := bech32.ConvertAndEncode("simvaloper", bz) + if err != nil { + tmos.Exit(err.Error()) + } + newVal := stakingtypes.Validator{ + OperatorAddress: bech32Addr, + ConsensusPubkey: pubkeyAny, + Jailed: false, + Status: stakingtypes.Bonded, + Tokens: sdk.NewInt(900000000000000), + DelegatorShares: sdk.MustNewDecFromStr("10000000"), + Description: stakingtypes.Description{ + Moniker: "Testnet Validator", + }, + Commission: stakingtypes.Commission{ + CommissionRates: stakingtypes.CommissionRates{ + Rate: sdk.MustNewDecFromStr("0.05"), + MaxRate: sdk.MustNewDecFromStr("0.1"), + MaxChangeRate: sdk.MustNewDecFromStr("0.05"), + }, + }, + MinSelfDelegation: sdk.OneInt(), + } + + // Remove all validators from power store + stakingKey := app.GetKey(stakingtypes.ModuleName) + stakingStore := ctx.KVStore(stakingKey) + iterator := app.StakingKeeper.ValidatorsPowerStoreIterator(ctx) + for ; iterator.Valid(); iterator.Next() { + stakingStore.Delete(iterator.Key()) + } + iterator.Close() + + // Remove all validators from last validators store + iterator = app.StakingKeeper.LastValidatorsIterator(ctx) + for ; iterator.Valid(); iterator.Next() { + app.StakingKeeper.LastValidatorPower.Delete(iterator.Key()) + } + iterator.Close() + + // Add our validator to power and last validators store + app.StakingKeeper.SetValidator(ctx, newVal) + err = app.StakingKeeper.SetValidatorByConsAddr(ctx, newVal) + if err != nil { + panic(err) + } + app.StakingKeeper.SetValidatorByPowerIndex(ctx, newVal) + app.StakingKeeper.SetLastValidatorPower(ctx, newVal.GetOperator(), 0) + if err := app.StakingKeeper.Hooks().AfterValidatorCreated(ctx, newVal.GetOperator()); err != nil { + panic(err) + } +``` + +#### Distribution + +Since the validator set has changed, we need to update the distribution records for the new validator. + + +```go + // Initialize records for this validator across all distribution stores + app.DistrKeeper.ValidatorHistoricalRewards.Set(ctx, newVal.GetOperator(), 0, distrtypes.NewValidatorHistoricalRewards(sdk.DecCoins{}, 1)) + app.DistrKeeper.ValidatorCurrentRewards.Set(ctx, newVal.GetOperator(), distrtypes.NewValidatorCurrentRewards(sdk.DecCoins{}, 1)) + app.DistrKeeper.ValidatorAccumulatedCommission.Set(ctx, newVal.GetOperator(), distrtypes.InitialValidatorAccumulatedCommission()) + app.DistrKeeper.ValidatorOutstandingRewards.Set(ctx, newVal.GetOperator(), distrtypes.ValidatorOutstandingRewards{Rewards: sdk.DecCoins{}}) +``` + +#### Slashing + +We also need to set the validator signing info for the new validator. + +```go + // SLASHING + // + + // Set validator signing info for our new validator. + newConsAddr := sdk.ConsAddress(newValAddr.Bytes()) + newValidatorSigningInfo := slashingtypes.ValidatorSigningInfo{ + Address: newConsAddr.String(), + StartHeight: app.LastBlockHeight() - 1, + Tombstoned: false, + } + app.SlashingKeeper.ValidatorSigningInfo.Set(ctx, newConsAddr, newValidatorSigningInfo) +``` + +#### Bank + +It is useful to create new accounts for your testing purposes. This avoids the need to have the same key as you may have on mainnet. + +```go + // BANK + // + + defaultCoins := sdk.NewCoins(sdk.NewInt64Coin("ustake", 1000000000000)) + + localSimAppAccounts := []sdk.AccAddress{ + sdk.MustAccAddressFromBech32("cosmos12smx2wdlyttvyzvzg54y2vnqwq2qjateuf7thj"), + sdk.MustAccAddressFromBech32("cosmos1cyyzpxplxdzkeea7kwsydadg87357qnahakaks"), + sdk.MustAccAddressFromBech32("cosmos18s5lynnmx37hq4wlrw9gdn68sg2uxp5rgk26vv"), + sdk.MustAccAddressFromBech32("cosmos1qwexv7c6sm95lwhzn9027vyu2ccneaqad4w8ka"), + sdk.MustAccAddressFromBech32("cosmos14hcxlnwlqtq75ttaxf674vk6mafspg8xwgnn53"), + sdk.MustAccAddressFromBech32("cosmos12rr534cer5c0vj53eq4y32lcwguyy7nndt0u2t"), + sdk.MustAccAddressFromBech32("cosmos1nt33cjd5auzh36syym6azgc8tve0jlvklnq7jq"), + sdk.MustAccAddressFromBech32("cosmos10qfrpash5g2vk3hppvu45x0g860czur8ff5yx0"), + sdk.MustAccAddressFromBech32("cosmos1f4tvsdukfwh6s9swrc24gkuz23tp8pd3e9r5fa"), + sdk.MustAccAddressFromBech32("cosmos1myv43sqgnj5sm4zl98ftl45af9cfzk7nhjxjqh"), + sdk.MustAccAddressFromBech32("cosmos14gs9zqh8m49yy9kscjqu9h72exyf295afg6kgk"), + sdk.MustAccAddressFromBech32("cosmos1jllfytsz4dryxhz5tl7u73v29exsf80vz52ucc")} + + // Fund localSimApp accounts + for _, account := range localSimAppAccounts { + err := app.BankKeeper.MintCoins(ctx, minttypes.ModuleName, defaultCoins) + if err != nil { + tmos.Exit(err.Error()) + } + err = app.BankKeeper.SendCoinsFromModuleToAccount(ctx, minttypes.ModuleName, account, defaultCoins) + if err != nil { + tmos.Exit(err.Error()) + } + } +``` + +#### Upgrade + +If you would like to schedule an upgrade the below can be used. + +```go + // UPGRADE + // + + if upgradeToTrigger != "" { + upgradePlan := upgradetypes.Plan{ + Name: upgradeToTrigger, + Height: app.LastBlockHeight(), + } + err = app.UpgradeKeeper.ScheduleUpgrade(ctx, upgradePlan) + if err != nil { + panic(err) + } + } +``` + +### Optional Changes + +If you have custom modules that rely on specific state from the above modules and/or you would like to test your custom module, you will need to update the state of your custom module to reflect your needs + +## Running the Testnet + +Before we can run the testnet we must plug everything together. + +in `root.go`, in the `initRootCmd` function we add: + +```diff + server.AddCommands(rootCmd, simapp.DefaultNodeHome, newApp, createSimAppAndExport, addModuleInitFlags) + ++ server.AddTestnetCreatorCommand(rootCmd, simapp.DefaultNodeHome, newTestnetApp, addModuleInitFlags) +``` + +Next we will add a newTestnetApp helper function: + +```diff +// newTestnetApp starts by running the normal newApp method. From there, the app interface returned is modified in order +// for a testnet to be created from the provided app. +func newTestnetApp(logger log.Logger, db cometbftdb.DB, traceStore io.Writer, appOpts servertypes.AppOptions) servertypes.Application { + // Create an app and type cast to an SimApp + app := newApp(logger, db, traceStore, appOpts) + simApp, ok := app.(*simapp.SimApp) + if !ok { + panic("app created from newApp is not of type simApp") + } + + newValAddr, ok := appOpts.Get(server.KeyNewValAddr).(bytes.HexBytes) + if !ok { + panic("newValAddr is not of type bytes.HexBytes") + } + newValPubKey, ok := appOpts.Get(server.KeyUserPubKey).(crypto.PubKey) + if !ok { + panic("newValPubKey is not of type crypto.PubKey") + } + newOperatorAddress, ok := appOpts.Get(server.KeyNewOpAddr).(string) + if !ok { + panic("newOperatorAddress is not of type string") + } + upgradeToTrigger, ok := appOpts.Get(server.KeyTriggerTestnetUpgrade).(string) + if !ok { + panic("upgradeToTrigger is not of type string") + } + + // Make modifications to the normal SimApp required to run the network locally + return simapp.InitSimAppForTestnet(simApp, newValAddr, newValPubKey, newOperatorAddress, upgradeToTrigger) +} +``` diff --git a/copy-of-sdk-docs/build/building-apps/_category_.json b/copy-of-sdk-docs/build/building-apps/_category_.json new file mode 100644 index 00000000..342732cc --- /dev/null +++ b/copy-of-sdk-docs/build/building-apps/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Building Apps", + "position": 0, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/build/building-apps/upgrades/_category_.json b/copy-of-sdk-docs/build/building-apps/upgrades/_category_.json new file mode 100644 index 00000000..949dd331 --- /dev/null +++ b/copy-of-sdk-docs/build/building-apps/upgrades/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Upgrade Tutorials", + "position": 0, + "link": null +} diff --git a/copy-of-sdk-docs/build/building-modules/00-intro.md b/copy-of-sdk-docs/build/building-modules/00-intro.md new file mode 100644 index 00000000..fba93f3e --- /dev/null +++ b/copy-of-sdk-docs/build/building-modules/00-intro.md @@ -0,0 +1,73 @@ +--- +sidebar_position: 1 +--- + +# Introduction to Cosmos SDK Modules + +:::note Synopsis +Modules define most of the logic of Cosmos SDK applications. Developers compose modules together using the Cosmos SDK to build their custom application-specific blockchains. This document outlines the basic concepts behind SDK modules and how to approach module management. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK application](../../learn/beginner/00-app-anatomy.md) +* [Lifecycle of a Cosmos SDK transaction](../../learn/beginner/01-tx-lifecycle.md) + +::: + +## Role of Modules in a Cosmos SDK Application + +The Cosmos SDK can be thought of as the Ruby-on-Rails of blockchain development. It comes with a core that provides the basic functionalities every blockchain application needs, like a [boilerplate implementation of the ABCI](../../learn/advanced/00-baseapp.md) to communicate with the underlying consensus engine, a [`multistore`](../../learn/advanced/04-store.md#multistore) to persist state, a [server](../../learn/advanced/03-node.md) to form a full-node and [interfaces](./09-module-interfaces.md) to handle queries. + +On top of this core, the Cosmos SDK enables developers to build modules that implement the business logic of their application. In other words, SDK modules implement the bulk of the logic of applications, while the core does the wiring and enables modules to be composed together. The end goal is to build a robust ecosystem of open-source Cosmos SDK modules, making it increasingly easier to build complex blockchain applications. + +Cosmos SDK modules can be seen as little state-machines within the state-machine. They generally define a subset of the state using one or more `KVStore`s in the [main multistore](../../learn/advanced/04-store.md), as well as a subset of [message types](./02-messages-and-queries.md#messages). These messages are routed by one of the main components of Cosmos SDK core, [`BaseApp`](../../learn/advanced/00-baseapp.md), to a module Protobuf [`Msg` service](./03-msg-services.md) that defines them. + +```mermaid +flowchart TD + A[Transaction relayed from the full-node's consensus engine to the node's application via DeliverTx] + A --> B[APPLICATION] + B --> C["Using baseapp's methods: Decode the Tx, extract and route the message(s)"] + C --> D[Message routed to the correct module to be processed] + D --> E[AUTH MODULE] + D --> F[BANK MODULE] + D --> G[STAKING MODULE] + D --> H[GOV MODULE] + H --> I[Handles message, Updates state] + E --> I + F --> I + G --> I + I --> J["Return result to the underlying consensus engine (e.g. CometBFT) (0=Ok, 1=Err)"] +``` + +As a result of this architecture, building a Cosmos SDK application usually revolves around writing modules to implement the specialized logic of the application and composing them with existing modules to complete the application. Developers will generally work on modules that implement logic needed for their specific use case that do not exist yet, and will use existing modules for more generic functionalities like staking, accounts, or token management. + + +### Modules as super-users + +Modules have the ability to perform actions that are not available to regular users. This is because modules are given sudo permissions by the state machine. Modules can reject another modules desire to execute a function but this logic must be explicit. Examples of this can be seen when modules create functions to modify parameters: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/61da5d1c29c16a1eb5bb5488719fde604ec07b10/x/bank/keeper/msg_server.go#L147-L149 +``` + +## How to Approach Building Modules as a Developer + +While there are no definitive guidelines for writing modules, here are some important design principles developers should keep in mind when building them: + +* **Composability**: Cosmos SDK applications are almost always composed of multiple modules. This means developers need to carefully consider the integration of their module not only with the core of the Cosmos SDK, but also with other modules. The former is achieved by following standard design patterns outlined [here](#main-components-of-cosmos-sdk-modules), while the latter is achieved by properly exposing the store(s) of the module via the [`keeper`](./06-keeper.md). +* **Specialization**: A direct consequence of the **composability** feature is that modules should be **specialized**. Developers should carefully establish the scope of their module and not batch multiple functionalities into the same module. This separation of concerns enables modules to be reused in other projects and improves the upgradability of the application. **Specialization** also plays an important role in the [object-capabilities model](../../docs/learn/advanced/10-ocap.md) of the Cosmos SDK. +* **Capabilities**: Most modules need to read and/or write to the store(s) of other modules. However, in an open-source environment, it is possible for some modules to be malicious. That is why module developers need to carefully think not only about how their module interacts with other modules, but also about how to give access to the module's store(s). The Cosmos SDK takes a capabilities-oriented approach to inter-module security. This means that each store defined by a module is accessed by a `key`, which is held by the module's [`keeper`](./06-keeper.md). This `keeper` defines how to access the store(s) and under what conditions. Access to the module's store(s) is done by passing a reference to the module's `keeper`. + +## Main Components of Cosmos SDK Modules + +Modules are by convention defined in the `./x/` subfolder (e.g. the `bank` module will be defined in the `./x/bank` folder). They generally share the same core components: + +* A [`keeper`](./06-keeper.md), used to access the module's store(s) and update the state. +* A [`Msg` service](./02-messages-and-queries.md#messages), used to process messages when they are routed to the module by [`BaseApp`](../../learn/advanced/00-baseapp.md#message-routing) and trigger state-transitions. +* A [query service](./04-query-services.md), used to process user queries when they are routed to the module by [`BaseApp`](../../learn/advanced/00-baseapp.md#query-routing). +* Interfaces, for end users to query the subset of the state defined by the module and create `message`s of the custom types defined in the module. + +In addition to these components, modules implement the `AppModule` interface in order to be managed by the [`module manager`](./01-module-manager.md). + +Please refer to the [structure document](./11-structure.md) to learn about the recommended structure of a module's directory. diff --git a/copy-of-sdk-docs/build/building-modules/01-module-manager.md b/copy-of-sdk-docs/build/building-modules/01-module-manager.md new file mode 100644 index 00000000..ee2a83a8 --- /dev/null +++ b/copy-of-sdk-docs/build/building-modules/01-module-manager.md @@ -0,0 +1,328 @@ +--- +sidebar_position: 1 +--- + +# Module Manager + +:::note Synopsis +Cosmos SDK modules need to implement the [`AppModule` interfaces](#application-module-interfaces), in order to be managed by the application's [module manager](#module-manager). The module manager plays an important role in [`message` and `query` routing](../../learn/advanced/00-baseapp.md#routing), and allows application developers to set the order of execution of a variety of functions like [`PreBlocker`](../../learn/beginner/00-app-anatomy.md#preblocker) and [`BeginBlocker` and `EndBlocker`](../../learn/beginner/00-app-anatomy.md#beginblocker-and-endblocker). +::: + +:::note Pre-requisite Readings + +* [Introduction to Cosmos SDK Modules](./00-intro.md) + +::: + +## Application Module Interfaces + +Application module interfaces exist to facilitate the composition of modules together to form a functional Cosmos SDK application. + +:::note + +It is recommended to implement interfaces from the [Core API](https://docs.cosmos.network/main/architecture/adr-063-core-module-api) `appmodule` package. This makes modules less dependent on the SDK. +For legacy reason modules can still implement interfaces from the SDK `module` package. +::: + +There are 2 main application module interfaces: + +* [`appmodule.AppModule` / `module.AppModule`](#appmodule) for inter-dependent module functionalities (except genesis-related functionalities). +* (legacy) [`module.AppModuleBasic`](#appmodulebasic) for independent module functionalities. New modules can use `module.CoreAppModuleBasicAdaptor` instead. + +The above interfaces are mostly embedding smaller interfaces (extension interfaces), that define specific functionalities: + +* (legacy) `module.HasName`: Allows the module to provide its own name for legacy purposes. +* (legacy) [`module.HasGenesisBasics`](#modulehasgenesisbasics): The legacy interface for stateless genesis methods. +* [`module.HasGenesis`](#modulehasgenesis) for inter-dependent genesis-related module functionalities. +* [`module.HasABCIGenesis`](#modulehasabcigenesis) for inter-dependent genesis-related module functionalities. +* [`appmodule.HasGenesis` / `module.HasGenesis`](#appmodulehasgenesis): The extension interface for stateful genesis methods. +* [`appmodule.HasPreBlocker`](#haspreblocker): The extension interface that contains information about the `AppModule` and `PreBlock`. +* [`appmodule.HasBeginBlocker`](#hasbeginblocker): The extension interface that contains information about the `AppModule` and `BeginBlock`. +* [`appmodule.HasEndBlocker`](#hasendblocker): The extension interface that contains information about the `AppModule` and `EndBlock`. +* [`appmodule.HasPrecommit`](#hasprecommit): The extension interface that contains information about the `AppModule` and `Precommit`. +* [`appmodule.HasPrepareCheckState`](#haspreparecheckstate): The extension interface that contains information about the `AppModule` and `PrepareCheckState`. +* [`appmodule.HasService` / `module.HasServices`](#hasservices): The extension interface for modules to register services. +* [`module.HasABCIEndBlock`](#hasabciendblock): The extension interface that contains information about the `AppModule`, `EndBlock` and returns an updated validator set. +* (legacy) [`module.HasInvariants`](#hasinvariants): The extension interface for registering invariants. +* (legacy) [`module.HasConsensusVersion`](#hasconsensusversion): The extension interface for declaring a module consensus version. + +The `AppModuleBasic` interface exists to define independent methods of the module, i.e. those that do not depend on other modules in the application. This allows for the construction of the basic application structure early in the application definition, generally in the `init()` function of the [main application file](../../learn/beginner/00-app-anatomy.md#core-application-file). + +The `AppModule` interface exists to define inter-dependent module methods. Many modules need to interact with other modules, typically through [`keeper`s](./06-keeper.md), which means there is a need for an interface where modules list their `keeper`s and other methods that require a reference to another module's object. `AppModule` interface extension, such as `HasBeginBlocker` and `HasEndBlocker`, also enables the module manager to set the order of execution between module's methods like `BeginBlock` and `EndBlock`, which is important in cases where the order of execution between modules matters in the context of the application. + +The usage of extension interfaces allows modules to define only the functionalities they need. For example, a module that does not need an `EndBlock` does not need to define the `HasEndBlocker` interface and thus the `EndBlock` method. `AppModule` and `AppModuleGenesis` are voluntarily small interfaces, that can take advantage of the `Module` patterns without having to define many placeholder functions. + +### `AppModuleBasic` + +:::note +Use `module.CoreAppModuleBasicAdaptor` instead for creating an `AppModuleBasic` from an `appmodule.AppModule`. +::: + +The `AppModuleBasic` interface defines the independent methods modules need to implement. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/module/module.go#L56-L61 +``` + +* `RegisterLegacyAminoCodec(*codec.LegacyAmino)`: Registers the `amino` codec for the module, which is used to marshal and unmarshal structs to/from `[]byte` in order to persist them in the module's `KVStore`. +* `RegisterInterfaces(codectypes.InterfaceRegistry)`: Registers a module's interface types and their concrete implementations as `proto.Message`. +* `RegisterGRPCGatewayRoutes(client.Context, *runtime.ServeMux)`: Registers gRPC routes for the module. + +All the `AppModuleBasic` of an application are managed by the [`BasicManager`](#basicmanager). + +### `HasName` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/module/module.go#L66-L68 +``` + +* `HasName` is an interface that has a method `Name()`. This method returns the name of the module as a `string`. + +### Genesis + +:::tip +For easily creating an `AppModule` that only has genesis functionalities, use `module.GenesisOnlyAppModule`. +::: + +#### `module.HasGenesisBasics` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/module/module.go#L71-L74 +``` + +Let us go through the methods: + +* `DefaultGenesis(codec.JSONCodec)`: Returns a default [`GenesisState`](./08-genesis.md#genesisstate) for the module, marshalled to `json.RawMessage`. The default `GenesisState` need to be defined by the module developer and is primarily used for testing. +* `ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage)`: Used to validate the `GenesisState` defined by a module, given in its `json.RawMessage` form. It will usually unmarshall the `json` before running a custom [`ValidateGenesis`](./08-genesis.md#validategenesis) function defined by the module developer. + +#### `module.HasGenesis` + +`HasGenesis` is an extension interface for allowing modules to implement genesis functionalities. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/6ce2505/types/module/module.go#L184-L189 +``` + +#### `module.HasABCIGenesis` + +`HasABCIGenesis` is an extension interface for allowing modules to implement genesis functionalities and returns validator set updates. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/6ce2505/types/module/module.go#L191-L196 +``` + +#### `appmodule.HasGenesis` + +:::warning +`appmodule.HasGenesis` is experimental and should be considered unstable, it is recommended to not use this interface at this time. +::: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/6ce2505/core/appmodule/genesis.go#L8-L25 +``` + +### `AppModule` + +The `AppModule` interface defines a module. Modules can declare their functionalities by implementing extensions interfaces. +`AppModule`s are managed by the [module manager](#manager), which checks which extension interfaces are implemented by the module. + +#### `appmodule.AppModule` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/6afece6/core/appmodule/module.go#L11-L20 +``` + +#### `module.AppModule` + +:::note +Previously the `module.AppModule` interface was containing all the methods that are defined in the extensions interfaces. This was leading to much boilerplate for modules that did not need all the functionalities. +::: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/module/module.go#L199-L206 +``` + +### `HasInvariants` + +This interface defines one method. It allows checking if a module can register invariants. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/module/module.go#L211-L214 +``` + +* `RegisterInvariants(sdk.InvariantRegistry)`: Registers the [`invariants`](./07-invariants.md) of the module. If an invariant deviates from its predicted value, the [`InvariantRegistry`](./07-invariants.md#registry) triggers appropriate logic (most often the chain will be halted). + +### `HasServices` + +This interface defines one method. It allows checking if a module can register services. + +#### `appmodule.HasService` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/6afece6/core/appmodule/module.go#L22-L40 +``` + +#### `module.HasServices` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/module/module.go#L217-L220 +``` + +* `RegisterServices(Configurator)`: Allows a module to register services. + +### `HasConsensusVersion` + +This interface defines one method for checking a module consensus version. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/module/module.go#L223-L229 +``` + +* `ConsensusVersion() uint64`: Returns the consensus version of the module. + +### `HasPreBlocker` + +The `HasPreBlocker` is an extension interface from `appmodule.AppModule`. All modules that have an `PreBlock` method implement this interface. + +### `HasBeginBlocker` + +The `HasBeginBlocker` is an extension interface from `appmodule.AppModule`. All modules that have an `BeginBlock` method implement this interface. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/core/appmodule/module.go#L73-L80 +``` + +* `BeginBlock(context.Context) error`: This method gives module developers the option to implement logic that is automatically triggered at the beginning of each block. + +### `HasEndBlocker` + +The `HasEndBlocker` is an extension interface from `appmodule.AppModule`. All modules that have an `EndBlock` method implement this interface. If a module needs to return validator set updates (staking), they can use `HasABCIEndBlock` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/core/appmodule/module.go#L83-L89 +``` + +* `EndBlock(context.Context) error`: This method gives module developers the option to implement logic that is automatically triggered at the end of each block. + +### `HasABCIEndBlock` + +The `HasABCIEndBlock` is an extension interface from `module.AppModule`. All modules that have an `EndBlock` which return validator set updates implement this interface. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/module/module.go#L236-L239 +``` + +* `EndBlock(context.Context) ([]abci.ValidatorUpdate, error)`: This method gives module developers the option to inform the underlying consensus engine of validator set changes (e.g. the `staking` module). + +### `HasPrecommit` + +`HasPrecommit` is an extension interface from `appmodule.AppModule`. All modules that have a `Precommit` method implement this interface. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/core/appmodule/module.go#L50-L53 +``` + +* `Precommit(context.Context)`: This method gives module developers the option to implement logic that is automatically triggered during [`Commit'](../../learn/advanced/00-baseapp.md#commit) of each block using the [`finalizeblockstate`](../../learn/advanced/00-baseapp.md#state-updates) of the block to be committed. Implement empty if no logic needs to be triggered during `Commit` of each block for this module. + +### `HasPrepareCheckState` + +`HasPrepareCheckState` is an extension interface from `appmodule.AppModule`. All modules that have a `PrepareCheckState` method implement this interface. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/core/appmodule/module.go#L44-L47 +``` + +* `PrepareCheckState(context.Context)`: This method gives module developers the option to implement logic that is automatically triggered during [`Commit'](../../learn/advanced/00-baseapp.md#commit) of each block using the [`checkState`](../../learn/advanced/00-baseapp.md#state-updates) of the next block. Implement empty if no logic needs to be triggered during `Commit` of each block for this module. + +### Implementing the Application Module Interfaces + +Typically, the various application module interfaces are implemented in a file called `module.go`, located in the module's folder (e.g. `./x/module/module.go`). + +Almost every module needs to implement the `AppModuleBasic` and `AppModule` interfaces. If the module is only used for genesis, it will implement `AppModuleGenesis` instead of `AppModule`. The concrete type that implements the interface can add parameters that are required for the implementation of the various methods of the interface. For example, the `Route()` function often calls a `NewMsgServerImpl(k keeper)` function defined in `keeper/msg_server.go` and therefore needs to pass the module's [`keeper`](./06-keeper.md) as a parameter. + +```go +// example +type AppModule struct { + AppModuleBasic + keeper Keeper +} +``` + +In the example above, you can see that the `AppModule` concrete type references an `AppModuleBasic`, and not an `AppModuleGenesis`. That is because `AppModuleGenesis` only needs to be implemented in modules that focus on genesis-related functionalities. In most modules, the concrete `AppModule` type will have a reference to an `AppModuleBasic` and implement the two added methods of `AppModuleGenesis` directly in the `AppModule` type. + +If no parameter is required (which is often the case for `AppModuleBasic`), just declare an empty concrete type like so: + +```go +type AppModuleBasic struct{} +``` + +## Module Managers + +Module managers are used to manage collections of `AppModuleBasic` and `AppModule`. + +### `BasicManager` + +The `BasicManager` is a structure that lists all the `AppModuleBasic` of an application: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/module/module.go#L77 +``` + +It implements the following methods: + +* `NewBasicManager(modules ...AppModuleBasic)`: Constructor function. It takes a list of the application's `AppModuleBasic` and builds a new `BasicManager`. This function is generally called in the `init()` function of [`app.go`](../../learn/beginner/00-app-anatomy.md#core-application-file) to quickly initialize the independent elements of the application's modules (click [here](https://github.com/cosmos/gaia/blob/main/app/app.go#L59-L74) to see an example). +* `NewBasicManagerFromManager(manager *Manager, customModuleBasics map[string]AppModuleBasic)`: Constructor function. It creates a new `BasicManager` from a `Manager`. The `BasicManager` will contain all `AppModuleBasic` from the `AppModule` manager using `CoreAppModuleBasicAdaptor` whenever possible. Module's `AppModuleBasic` can be overridden by passing a custom AppModuleBasic map +* `RegisterLegacyAminoCodec(cdc *codec.LegacyAmino)`: Registers the [`codec.LegacyAmino`s](../../learn/advanced/05-encoding.md#amino) of each of the application's `AppModuleBasic`. This function is usually called early on in the [application's construction](../../learn/beginner/00-app-anatomy.md#constructor). +* `RegisterInterfaces(registry codectypes.InterfaceRegistry)`: Registers interface types and implementations of each of the application's `AppModuleBasic`. +* `DefaultGenesis(cdc codec.JSONCodec)`: Provides default genesis information for modules in the application by calling the [`DefaultGenesis(cdc codec.JSONCodec)`](./08-genesis.md#defaultgenesis) function of each module. It only calls the modules that implements the `HasGenesisBasics` interfaces. +* `ValidateGenesis(cdc codec.JSONCodec, txEncCfg client.TxEncodingConfig, genesis map[string]json.RawMessage)`: Validates the genesis information modules by calling the [`ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage)`](./08-genesis.md#validategenesis) function of modules implementing the `HasGenesisBasics` interface. +* `RegisterGRPCGatewayRoutes(clientCtx client.Context, rtr *runtime.ServeMux)`: Registers gRPC routes for modules. +* `AddTxCommands(rootTxCmd *cobra.Command)`: Adds modules' transaction commands (defined as `GetTxCmd() *cobra.Command`) to the application's [`rootTxCommand`](../../learn/advanced/07-cli.md#transaction-commands). This function is usually called function from the `main.go` function of the [application's command-line interface](../../learn/advanced/07-cli.md). +* `AddQueryCommands(rootQueryCmd *cobra.Command)`: Adds modules' query commands (defined as `GetQueryCmd() *cobra.Command`) to the application's [`rootQueryCommand`](../../learn/advanced/07-cli.md#query-commands). This function is usually called function from the `main.go` function of the [application's command-line interface](../../learn/advanced/07-cli.md). + +### `Manager` + +The `Manager` is a structure that holds all the `AppModule` of an application, and defines the order of execution between several key components of these modules: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/module/module.go#L278-L288 +``` + +The module manager is used throughout the application whenever an action on a collection of modules is required. It implements the following methods: + +* `NewManager(modules ...AppModule)`: Constructor function. It takes a list of the application's `AppModule`s and builds a new `Manager`. It is generally called from the application's main [constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). +* `SetOrderInitGenesis(moduleNames ...string)`: Sets the order in which the [`InitGenesis`](./08-genesis.md#initgenesis) function of each module will be called when the application is first started. This function is generally called from the application's main [constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). + To initialize modules successfully, module dependencies should be considered. For example, the `genutil` module must occur after `staking` module so that the pools are properly initialized with tokens from genesis accounts, the `genutils` module must also occur after `auth` so that it can access the params from auth, IBC's `capability` module should be initialized before all other modules so that it can initialize any capabilities. +* `SetOrderExportGenesis(moduleNames ...string)`: Sets the order in which the [`ExportGenesis`](./08-genesis.md#exportgenesis) function of each module will be called in case of an export. This function is generally called from the application's main [constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). +* `SetOrderPreBlockers(moduleNames ...string)`: Sets the order in which the `PreBlock()` function of each module will be called before `BeginBlock()` of all modules. This function is generally called from the application's main [constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). +* `SetOrderBeginBlockers(moduleNames ...string)`: Sets the order in which the `BeginBlock()` function of each module will be called at the beginning of each block. This function is generally called from the application's main [constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). +* `SetOrderEndBlockers(moduleNames ...string)`: Sets the order in which the `EndBlock()` function of each module will be called at the end of each block. This function is generally called from the application's main [constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). +* `SetOrderPrecommiters(moduleNames ...string)`: Sets the order in which the `Precommit()` function of each module will be called during commit of each block. This function is generally called from the application's main [constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). +* `SetOrderPrepareCheckStaters(moduleNames ...string)`: Sets the order in which the `PrepareCheckState()` function of each module will be called during commit of each block. This function is generally called from the application's main [constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). +* `SetOrderMigrations(moduleNames ...string)`: Sets the order of migrations to be run. If not set then migrations will be run with an order defined in `DefaultMigrationsOrder`. +* `RegisterInvariants(ir sdk.InvariantRegistry)`: Registers the [invariants](./07-invariants.md) of module implementing the `HasInvariants` interface. +* `RegisterServices(cfg Configurator)`: Registers the services of modules implementing the `HasServices` interface. +* `InitGenesis(ctx context.Context, cdc codec.JSONCodec, genesisData map[string]json.RawMessage)`: Calls the [`InitGenesis`](./08-genesis.md#initgenesis) function of each module when the application is first started, in the order defined in `OrderInitGenesis`. Returns an `abci.InitChainResponse` to the underlying consensus engine, which can contain validator updates. +* `ExportGenesis(ctx context.Context, cdc codec.JSONCodec)`: Calls the [`ExportGenesis`](./08-genesis.md#exportgenesis) function of each module, in the order defined in `OrderExportGenesis`. The export constructs a genesis file from a previously existing state, and is mainly used when a hard-fork upgrade of the chain is required. +* `ExportGenesisForModules(ctx context.Context, cdc codec.JSONCodec, modulesToExport []string)`: Behaves the same as `ExportGenesis`, except takes a list of modules to export. +* `BeginBlock(ctx context.Context) error`: At the beginning of each block, this function is called from [`BaseApp`](../../learn/advanced/00-baseapp.md#beginblock) and, in turn, calls the [`BeginBlock`](./06-beginblock-endblock.md) function of each modules implementing the `appmodule.HasBeginBlocker` interface, in the order defined in `OrderBeginBlockers`. It creates a child [context](../../learn/advanced/02-context.md) with an event manager to aggregate [events](../../learn/advanced/08-events.md) emitted from each modules. +* `EndBlock(ctx context.Context) error`: At the end of each block, this function is called from [`BaseApp`](../../learn/advanced/00-baseapp.md#endblock) and, in turn, calls the [`EndBlock`](./06-beginblock-endblock.md) function of each modules implementing the `appmodule.HasEndBlocker` interface, in the order defined in `OrderEndBlockers`. It creates a child [context](../../learn/advanced/02-context.md) with an event manager to aggregate [events](../../learn/advanced/08-events.md) emitted from all modules. The function returns an `abci` which contains the aforementioned events, as well as validator set updates (if any). +* `EndBlock(context.Context) ([]abci.ValidatorUpdate, error)`: At the end of each block, this function is called from [`BaseApp`](../../learn/advanced/00-baseapp.md#endblock) and, in turn, calls the [`EndBlock`](./06-beginblock-endblock.md) function of each modules implementing the `module.HasABCIEndBlock` interface, in the order defined in `OrderEndBlockers`. It creates a child [context](../../learn/advanced/02-context.md) with an event manager to aggregate [events](../../learn/advanced/08-events.md) emitted from all modules. The function returns an `abci` which contains the aforementioned events, as well as validator set updates (if any). +* `Precommit(ctx context.Context)`: During [`Commit`](../../learn/advanced/00-baseapp.md#commit), this function is called from `BaseApp` immediately before the [`deliverState`](../../learn/advanced/00-baseapp.md#state-updates) is written to the underlying [`rootMultiStore`](../../learn/advanced/04-store.md#commitmultistore) and, in turn calls the `Precommit` function of each modules implementing the `HasPrecommit` interface, in the order defined in `OrderPrecommiters`. It creates a child [context](../../learn/advanced/02-context.md) where the underlying `CacheMultiStore` is that of the newly committed block's [`finalizeblockstate`](../../learn/advanced/00-baseapp.md#state-updates). +* `PrepareCheckState(ctx context.Context)`: During [`Commit`](../../learn/advanced/00-baseapp.md#commit), this function is called from `BaseApp` immediately after the [`deliverState`](../../learn/advanced/00-baseapp.md#state-updates) is written to the underlying [`rootMultiStore`](../../learn/advanced/04-store.md#commitmultistore) and, in turn calls the `PrepareCheckState` function of each module implementing the `HasPrepareCheckState` interface, in the order defined in `OrderPrepareCheckStaters`. It creates a child [context](../../learn/advanced/02-context.md) where the underlying `CacheMultiStore` is that of the next block's [`checkState`](../../learn/advanced/00-baseapp.md#state-updates). Writes to this state will be present in the [`checkState`](../../learn/advanced/00-baseapp.md#state-updates) of the next block, and therefore this method can be used to prepare the `checkState` for the next block. + +Here's an example of a concrete integration within an `simapp`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/app.go#L510-L533 +``` + +This is the same example from `runtime` (the package that powers app di): + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/runtime/module.go#L63 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/runtime/module.go#L85 +``` diff --git a/copy-of-sdk-docs/build/building-modules/02-messages-and-queries.md b/copy-of-sdk-docs/build/building-modules/02-messages-and-queries.md new file mode 100644 index 00000000..e6048c31 --- /dev/null +++ b/copy-of-sdk-docs/build/building-modules/02-messages-and-queries.md @@ -0,0 +1,137 @@ +--- +sidebar_position: 1 +--- + +# Messages and Queries + +:::note Synopsis +`Msg`s and `Queries` are the two primary objects handled by modules. Most of the core components defined in a module, like `Msg` services, `keeper`s and `Query` services, exist to process `message`s and `queries`. +::: + +:::note Pre-requisite Readings + +* [Introduction to Cosmos SDK Modules](./00-intro.md) + +::: + +## Messages + +`Msg`s are objects whose end-goal is to trigger state-transitions. They are wrapped in [transactions](../../learn/advanced/01-transactions.md), which may contain one or more of them. + +When a transaction is relayed from the underlying consensus engine to the Cosmos SDK application, it is first decoded by [`BaseApp`](../../learn/advanced/00-baseapp.md). Then, each message contained in the transaction is extracted and routed to the appropriate module via `BaseApp`'s `MsgServiceRouter` so that it can be processed by the module's [`Msg` service](./03-msg-services.md). For a more detailed explanation of the lifecycle of a transaction, click [here](../../learn/beginner/01-tx-lifecycle.md). + +### `Msg` Services + +Defining Protobuf `Msg` services is the recommended way to handle messages. A Protobuf `Msg` service should be created for each module, typically in `tx.proto` (see more info about [conventions and naming](../../learn/advanced/05-encoding.md#faq)). It must have an RPC service method defined for each message in the module. + + +Each `Msg` service method must have exactly one argument, which must implement the `sdk.Msg` interface, and a Protobuf response. The naming convention is to call the RPC argument `Msg` and the RPC response `MsgResponse`. For example: + +```protobuf + rpc Send(MsgSend) returns (MsgSendResponse); +``` + +See an example of a `Msg` service definition from `x/bank` module: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/bank/v1beta1/tx.proto#L13-L36 +``` + +### `sdk.Msg` Interface + +`sdk.Msg` is an alias of `proto.Message`. + +To attach a `ValidateBasic()` method to a message then you must add methods to the type adhering to the `HasValidateBasic`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/9c1e8b247cd47b5d3decda6e86fbc3bc996ee5d7/types/tx_msg.go#L84-L88 +``` + +In 0.50+ signers from the `GetSigners()` call are automated via a protobuf annotation. + +Read more about the signer field [here](./05-protobuf-annotations.md). + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/e6848d99b55a65d014375b295bdd7f9641aac95e/proto/cosmos/bank/v1beta1/tx.proto#L40 +``` + +If there is a need for custom signers then there is an alternative path which can be taken. A function which returns `signing.CustomGetSigner` for a specific message can be defined. + +```go +func ProvideBankSendTransactionGetSigners() signing.CustomGetSigner { + + // Extract the signer from the signature. + signer, err := coretypes.LatestSigner(Tx).Sender(ethTx) + if err != nil { + return nil, err + } + + // Return the signer in the required format. + return [][]byte{signer.Bytes()}, nil +} +``` + +When using dependency injection (depinject) this can be provided to the application via the provide method. + +```go +depinject.Provide(banktypes.ProvideBankSendTransactionGetSigners) +``` + +The Cosmos SDK uses Protobuf definitions to generate client and server code: + +* `MsgServer` interface defines the server API for the `Msg` service and its implementation is described as part of the [`Msg` services](./03-msg-services.md) documentation. +* Structures are generated for all RPC request and response types. + +A `RegisterMsgServer` method is also generated and should be used to register the module's `MsgServer` implementation in `RegisterServices` method from the [`AppModule` interface](./01-module-manager.md#appmodule). + +In order for clients (CLI and grpc-gateway) to have these URLs registered, the Cosmos SDK provides the function `RegisterMsgServiceDesc(registry codectypes.InterfaceRegistry, sd *grpc.ServiceDesc)` that should be called inside module's [`RegisterInterfaces`](01-module-manager.md#appmodulebasic) method, using the proto-generated `&_Msg_serviceDesc` as `*grpc.ServiceDesc` argument. + + +## Queries + +A `query` is a request for information made by end-users of applications through an interface and processed by a full-node. A `query` is received by a full-node through its consensus engine and relayed to the application via the ABCI. It is then routed to the appropriate module via `BaseApp`'s `QueryRouter` so that it can be processed by the module's query service (./04-query-services.md). For a deeper look at the lifecycle of a `query`, click [here](../../learn/beginner/02-query-lifecycle.md). + +### gRPC Queries + +Queries should be defined using [Protobuf services](https://developers.google.com/protocol-buffers/docs/proto#services). A `Query` service should be created per module in `query.proto`. This service lists endpoints starting with `rpc`. + +Here's an example of such a `Query` service definition: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/auth/v1beta1/query.proto#L14-L89 +``` + +As `proto.Message`s, generated `Response` types implement by default `String()` method of [`fmt.Stringer`](https://pkg.go.dev/fmt#Stringer). + +A `RegisterQueryServer` method is also generated and should be used to register the module's query server in the `RegisterServices` method from the [`AppModule` interface](./01-module-manager.md#appmodule). + +### Legacy Queries + +Before the introduction of Protobuf and gRPC in the Cosmos SDK, there was usually no specific `query` object defined by module developers, contrary to `message`s. Instead, the Cosmos SDK took the simpler approach of using a simple `path` to define each `query`. The `path` contains the `query` type and all the arguments needed to process it. For most module queries, the `path` should look like the following: + +```text +queryCategory/queryRoute/queryType/arg1/arg2/... +``` + +where: + +* `queryCategory` is the category of the `query`, typically `custom` for module queries. It is used to differentiate between different kinds of queries within `BaseApp`'s [`Query` method](../../learn/advanced/00-baseapp.md#query). +* `queryRoute` is used by `BaseApp`'s [`queryRouter`](../../learn/advanced/00-baseapp.md#query-routing) to map the `query` to its module. Usually, `queryRoute` should be the name of the module. +* `queryType` is used by the module's [`querier`](./04-query-services.md#legacy-queriers) to map the `query` to the appropriate `querier function` within the module. +* `args` are the actual arguments needed to process the `query`. They are filled out by the end-user. Note that for bigger queries, you might prefer passing arguments in the `Data` field of the request `req` instead of the `path`. + +The `path` for each `query` must be defined by the module developer in the module's [command-line interface file](./09-module-interfaces.md#query-commands). Overall, there are 3 mains components module developers need to implement in order to make the subset of the state defined by their module queryable: + +* A [`querier`](./04-query-services.md#legacy-queriers), to process the `query` once it has been [routed to the module](../../learn/advanced/00-baseapp.md#query-routing). +* [Query commands](./09-module-interfaces.md#query-commands) in the module's CLI file, where the `path` for each `query` is specified. +* `query` return types. Typically defined in a file `types/querier.go`, they specify the result type of each of the module's `queries`. These custom types must implement the `String()` method of [`fmt.Stringer`](https://pkg.go.dev/fmt#Stringer). + +### Store Queries + +Store queries access store keys directly. They use `clientCtx.QueryABCI(req abci.QueryRequest)` to return the full `abci.QueryResponse` with inclusion Merkle proofs. + +See following examples: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/baseapp/abci.go#L864-L894 +``` diff --git a/copy-of-sdk-docs/build/building-modules/03-msg-services.md b/copy-of-sdk-docs/build/building-modules/03-msg-services.md new file mode 100644 index 00000000..910d6f88 --- /dev/null +++ b/copy-of-sdk-docs/build/building-modules/03-msg-services.md @@ -0,0 +1,119 @@ +--- +sidebar_position: 1 +--- + +# `Msg` Services + +:::note Synopsis +A Protobuf `Msg` service processes [messages](./02-messages-and-queries.md#messages). Protobuf `Msg` services are specific to the module in which they are defined, and only process messages defined within the said module. They are called from `BaseApp` during [`DeliverTx`](../../learn/advanced/00-baseapp.md#delivertx). +::: + +:::note Pre-requisite Readings + +* [Module Manager](./01-module-manager.md) +* [Messages and Queries](./02-messages-and-queries.md) + +::: + +## Implementation of a module `Msg` service + +Each module should define a Protobuf `Msg` service, which will be responsible for processing requests (implementing `sdk.Msg`) and returning responses. + +As further described in [ADR 031](../../../architecture/adr-031-msg-service.md), this approach has the advantage of clearly specifying return types and generating server and client code. + +Protobuf generates a `MsgServer` interface based on a definition of `Msg` service. It is the role of the module developer to implement this interface, by implementing the state transition logic that should happen upon receival of each `sdk.Msg`. As an example, here is the generated `MsgServer` interface for `x/bank`, which exposes two `sdk.Msg`s: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/types/tx.pb.go#L550-L568 +``` + +When possible, the existing module's [`Keeper`](./06-keeper.md) should implement `MsgServer`, otherwise a `msgServer` struct that embeds the `Keeper` can be created, typically in `./keeper/msg_server.go`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/keeper/msg_server.go#L17-L19 +``` + +`msgServer` methods can retrieve the `sdk.Context` from the `context.Context` parameter using the `sdk.UnwrapSDKContext` method: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/keeper/msg_server.go#L56 +``` + +`sdk.Msg` processing usually follows these 3 steps: + +### Validation + +The message server must perform all validation required (both *stateful* and *stateless*) to make sure the `message` is valid. +The `signer` is charged for the gas cost of this validation. + +For example, a `msgServer` method for a `transfer` message should check that the sending account has enough funds to actually perform the transfer. + +It is recommended to implement all validation checks in a separate function that passes state values as arguments. This implementation simplifies testing. As expected, expensive validation functions charge additional gas. Example: + +```go +ValidateMsgA(msg MsgA, now Time, gm GasMeter) error { + if now.Before(msg.Expire) { + return sdkerrors.ErrInvalidRequest.Wrap("msg expired") + } + gm.ConsumeGas(1000, "signature verification") + return signatureVerification(msg.Prover, msg.Data) +} +``` + +:::warning +Previously, the `ValidateBasic` method was used to perform simple and stateless validation checks. +This way of validating is deprecated, this means the `msgServer` must perform all validation checks. +::: + +### State Transition + +After the validation is successful, the `msgServer` method uses the [`keeper`](./06-keeper.md) functions to access the state and perform a state transition. + +### Events + +Before returning, `msgServer` methods generally emit one or more [events](../../learn/advanced/08-events.md) by using the `EventManager` held in the `ctx`. Use the new `EmitTypedEvent` function that uses protobuf-based event types: + +```go +ctx.EventManager().EmitTypedEvent( + &group.EventABC{Key1: Value1, Key2: Value2}) +``` + +or the older `EmitEvent` function: + +```go +ctx.EventManager().EmitEvent( + sdk.NewEvent( + eventType, // e.g. sdk.EventTypeMessage for a message, types.CustomEventType for a custom event defined in the module + sdk.NewAttribute(key1, value1), + sdk.NewAttribute(key2, value2), + ), +) +``` + +These events are relayed back to the underlying consensus engine and can be used by service providers to implement services around the application. Click [here](../../learn/advanced/08-events.md) to learn more about events. + +The invoked `msgServer` method returns a `proto.Message` response and an `error`. These return values are then wrapped into an `*sdk.Result` or an `error` using `sdk.WrapServiceResult(ctx context.Context, res proto.Message, err error)`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/baseapp/msg_service_router.go#L160 +``` + +This method takes care of marshaling the `res` parameter to protobuf and attaching any events on the `ctx.EventManager()` to the `sdk.Result`. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/base/abci/v1beta1/abci.proto#L93-L113 +``` + +This diagram shows a typical structure of a Protobuf `Msg` service, and how the message propagates through the module. + +![Transaction flow](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/transaction_flow.svg) + +## Telemetry + +New [telemetry metrics](../../learn/advanced/09-telemetry.md) can be created from `msgServer` methods when handling messages. + +This is an example from the `x/auth/vesting` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/vesting/msg_server.go#L76-L88 +``` diff --git a/copy-of-sdk-docs/build/building-modules/04-query-services.md b/copy-of-sdk-docs/build/building-modules/04-query-services.md new file mode 100644 index 00000000..a787a0c2 --- /dev/null +++ b/copy-of-sdk-docs/build/building-modules/04-query-services.md @@ -0,0 +1,57 @@ +--- +sidebar_position: 1 +--- + +# Query Services + +:::note Synopsis +A Protobuf Query service processes [`queries`](./02-messages-and-queries.md#queries). Query services are specific to the module in which they are defined, and only process `queries` defined within said module. They are called from `BaseApp`'s [`Query` method](../../learn/advanced/00-baseapp.md#query). +::: + +:::note Pre-requisite Readings + +* [Module Manager](./01-module-manager.md) +* [Messages and Queries](./02-messages-and-queries.md) + +::: + +## Implementation of a module query service + +### gRPC Service + +When defining a Protobuf `Query` service, a `QueryServer` interface is generated for each module with all the service methods: + +```go +type QueryServer interface { + QueryBalance(context.Context, *QueryBalanceParams) (*types.Coin, error) + QueryAllBalances(context.Context, *QueryAllBalancesParams) (*QueryAllBalancesResponse, error) +} +``` + +These custom queries methods should be implemented by a module's keeper, typically in `./keeper/grpc_query.go`. The first parameter of these methods is a generic `context.Context`. Therefore, the Cosmos SDK provides a function `sdk.UnwrapSDKContext` to retrieve the `context.Context` from the provided +`context.Context`. + +Here's an example implementation for the bank module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/keeper/grpc_query.go +``` + +### Calling queries from the State Machine + +The Cosmos SDK v0.47 introduces a new `cosmos.query.v1.module_query_safe` Protobuf annotation which is used to state that a query that is safe to be called from within the state machine, for example: + +* a Keeper's query function can be called from another module's Keeper, +* ADR-033 intermodule query calls, +* CosmWasm contracts can also directly interact with these queries. + +If the `module_query_safe` annotation set to `true`, it means: + +* The query is deterministic: given a block height it will return the same response upon multiple calls, and doesn't introduce any state-machine breaking changes across SDK patch versions. +* Gas consumption never fluctuates across calls and across patch versions. + +If you are a module developer and want to use `module_query_safe` annotation for your own query, you have to ensure the following things: + +* the query is deterministic and won't introduce state-machine-breaking changes without coordinated upgrades +* it has its gas tracked, to avoid the attack vector where no gas is accounted for + on potentially high-computation queries. diff --git a/copy-of-sdk-docs/build/building-modules/05-protobuf-annotations.md b/copy-of-sdk-docs/build/building-modules/05-protobuf-annotations.md new file mode 100644 index 00000000..942b9a89 --- /dev/null +++ b/copy-of-sdk-docs/build/building-modules/05-protobuf-annotations.md @@ -0,0 +1,131 @@ +--- +sidebar_position: 1 +--- + +# ProtocolBuffer Annotations + +This document explains the various protobuf scalars that have been added to make working with protobuf easier for Cosmos SDK application developers + +## Signer + +Signer specifies which field should be used to determine the signer of a message for the Cosmos SDK. This field can be used for clients as well to infer which field should be used to determine the signer of a message. + +Read more about the signer field [here](./02-messages-and-queries.md). + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/e6848d99b55a65d014375b295bdd7f9641aac95e/proto/cosmos/bank/v1beta1/tx.proto#L40 +``` + +```proto +option (cosmos.msg.v1.signer) = "from_address"; +``` + +## Scalar + +The scalar type defines a way for clients to understand how to construct protobuf messages according to what is expected by the module and sdk. + +```proto +(cosmos_proto.scalar) = "cosmos.AddressString" +``` + +Example of account address string scalar: + +```proto reference +https://github.com/cosmos/cosmos-sdk/blob/e6848d99b55a65d014375b295bdd7f9641aac95e/proto/cosmos/bank/v1beta1/tx.proto#L46 +``` + +Example of validator address string scalar: + +```proto reference +https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/distribution/v1beta1/query.proto#L87 +``` + +Example of Decimals scalar: + +```proto reference +https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/distribution/v1beta1/distribution.proto#L26 +``` + +Example of Int scalar: + +```proto reference +https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/gov/v1/gov.proto#L137 +``` + +There are a few options for what can be provided as a scalar: `cosmos.AddressString`, `cosmos.ValidatorAddressString`, `cosmos.ConsensusAddressString`, `cosmos.Int`, `cosmos.Dec`. + +## Implements_Interface + +`Implements_Interface` is used to provide information to client tooling like [telescope](https://github.com/cosmology-tech/telescope) on how to encode and decode protobuf messages. + +```proto +option (cosmos_proto.implements_interface) = "cosmos.auth.v1beta1.AccountI"; +``` + +## Method,Field,Message Added In + +`method_added_in`, `field_added_in` and `message_added_in` are annotations to denote to clients that a field has been supported in a later version. This is useful when new methods or fields are added in later versions and that the client needs to be aware of what it can call. + +The annotation should be worded as follows: + +```proto +option (cosmos_proto.method_added_in) = "cosmos-sdk v0.50.1"; +option (cosmos_proto.method_added_in) = "x/epochs v1.0.0"; +option (cosmos_proto.method_added_in) = "simapp v24.0.0"; +``` + +## Amino + +The amino codec was removed in `v0.50+`, this means there is no need to register `legacyAminoCodec`. To replace the amino codec, Amino protobuf annotations are used to provide information to the amino codec on how to encode and decode protobuf messages. + +Amino annotations are only used for backwards compatibility with amino. New modules are not required to use amino annotations. + +The below annotations are used to provide information to the amino codec on how to encode and decode protobuf messages in a backwards compatible manner. + +### Name + +Name specifies the amino name that would show up for the user in order for them to see which message they are signing. + +```proto +option (amino.name) = "cosmos-sdk/BaseAccount"; +``` + +```proto reference +https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/bank/v1beta1/tx.proto#L41 +``` + +### Field_Name + +Field name specifies the amino name that would show up for the user in order for them to see which field they are signing. + +```proto +uint64 height = 1 [(amino.field_name) = "public_key"]; +``` + +```proto reference +https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/distribution/v1beta1/distribution.proto#L166 +``` + +### Dont_OmitEmpty + +Dont omitempty specifies that the field should not be omitted when encoding to amino. + +```proto +repeated cosmos.base.v1beta1.Coin amount = 3 [(amino.dont_omitempty) = true]; +``` + +```proto reference +https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/bank/v1beta1/bank.proto#L56 +``` + +### Encoding + +Encoding instructs the amino json marshaler how to encode certain fields that may differ from the standard encoding behaviour. The most common example of this is how `repeated cosmos.base.v1beta1.Coin` is encoded when using the amino json encoding format. The `legacy_coins` option tells the json marshaler [how to encode a null slice](https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/x/tx/signing/aminojson/json_marshal.go#L65) of `cosmos.base.v1beta1.Coin`. + +```proto +(amino.encoding) = "legacy_coins", +``` + +```proto reference +https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/bank/v1beta1/genesis.proto#L23 +``` diff --git a/copy-of-sdk-docs/build/building-modules/06-beginblock-endblock.md b/copy-of-sdk-docs/build/building-modules/06-beginblock-endblock.md new file mode 100644 index 00000000..93e07a54 --- /dev/null +++ b/copy-of-sdk-docs/build/building-modules/06-beginblock-endblock.md @@ -0,0 +1,47 @@ +--- +sidebar_position: 1 +--- + +# BeginBlocker and EndBlocker + +:::note Synopsis +`BeginBlocker` and `EndBlocker` are optional methods module developers can implement in their module. They will be triggered at the beginning and at the end of each block respectively, when the [`BeginBlock`](../../learn/advanced/00-baseapp.md#beginblock) and [`EndBlock`](../../learn/advanced/00-baseapp.md#endblock) ABCI messages are received from the underlying consensus engine. +::: + +:::note Pre-requisite Readings + +* [Module Manager](./01-module-manager.md) + +::: + +## BeginBlocker and EndBlocker + +`BeginBlocker` and `EndBlocker` are a way for module developers to add automatic execution of logic to their module. This is a powerful tool that should be used carefully, as complex automatic functions can slow down or even halt the chain. + +In 0.47.0, Prepare and Process Proposal were added that allow app developers to do arbitrary work at those phases, but they do not influence the work that will be done in BeginBlock. If an application requires `BeginBlock` to execute prior to any sort of work is done then this is not possible today (0.50.0). + +When needed, `BeginBlocker` and `EndBlocker` are implemented as part of the [`HasBeginBlocker`, `HasABCIEndBlocker` and `EndBlocker` interfaces](./01-module-manager.md#appmodule). This means either can be left-out if not required. The `BeginBlock` and `EndBlock` methods of the interface implemented in `module.go` generally defer to `BeginBlocker` and `EndBlocker` methods respectively, which are usually implemented in `abci.go`. + +The actual implementation of `BeginBlocker` and `EndBlocker` in `abci.go` is very similar to that of a [`Msg` service](./03-msg-services.md): + +* They generally use the [`keeper`](./06-keeper.md) and [`ctx`](../../learn/advanced/02-context.md) to retrieve information about the latest state. +* If needed, they use the `keeper` and `ctx` to trigger state-transitions. +* If needed, they can emit [`events`](../../learn/advanced/08-events.md) via the `ctx`'s `EventManager`. + +A specific type of `EndBlocker` is available to return validator updates to the underlying consensus engine in the form of an [`[]abci.ValidatorUpdates`](https://docs.cometbft.com/v0.37/spec/abci/abci++_methods#endblock). This is the preferred way to implement custom validator changes. + +It is possible for developers to define the order of execution between the `BeginBlocker`/`EndBlocker` functions of each of their application's modules via the module's manager `SetOrderBeginBlocker`/`SetOrderEndBlocker` methods. For more on the module manager, click [here](./01-module-manager.md#manager). + +See an example implementation of `BeginBlocker` from the `distribution` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/distribution/abci.go#L14-L38 +``` + +and an example implementation of `EndBlocker` from the `staking` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/staking/keeper/abci.go#L22-L27 +``` + + diff --git a/copy-of-sdk-docs/build/building-modules/06-keeper.md b/copy-of-sdk-docs/build/building-modules/06-keeper.md new file mode 100644 index 00000000..f942750e --- /dev/null +++ b/copy-of-sdk-docs/build/building-modules/06-keeper.md @@ -0,0 +1,92 @@ +--- +sidebar_position: 1 +--- + +# Keepers + +:::note Synopsis +`Keeper`s refer to a Cosmos SDK abstraction whose role is to manage access to the subset of the state defined by various modules. `Keeper`s are module-specific, i.e. the subset of state defined by a module can only be accessed by a `keeper` defined in said module. If a module needs to access the subset of state defined by another module, a reference to the second module's internal `keeper` needs to be passed to the first one. This is done in `app.go` during the instantiation of module keepers. +::: + +:::note Pre-requisite Readings + +* [Introduction to Cosmos SDK Modules](./00-intro.md) + +::: + +## Motivation + +The Cosmos SDK is a framework that makes it easy for developers to build complex decentralized applications from scratch, mainly by composing modules together. As the ecosystem of open-source modules for the Cosmos SDK expands, it will become increasingly likely that some of these modules contain vulnerabilities, as a result of the negligence or malice of their developers. + +The Cosmos SDK adopts an [object-capabilities-based approach](../../docs/learn/advanced/10-ocap.md) to help developers better protect their application from unwanted inter-module interactions, and `keeper`s are at the core of this approach. A `keeper` can be considered quite literally to be the gatekeeper of a module's store(s). Each store (typically an [`IAVL` Store](../../learn/advanced/04-store.md#iavl-store)) defined within a module comes with a `storeKey`, which grants unlimited access to it. The module's `keeper` holds this `storeKey` (which should otherwise remain unexposed), and defines [methods](#implementing-methods) for reading and writing to the store(s). + +The core idea behind the object-capabilities approach is to only reveal what is necessary to get the work done. In practice, this means that instead of handling permissions of modules through access-control lists, module `keeper`s are passed a reference to the specific instance of the other modules' `keeper`s that they need to access (this is done in the [application's constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function)). As a consequence, a module can only interact with the subset of state defined in another module via the methods exposed by the instance of the other module's `keeper`. This is a great way for developers to control the interactions that their own module can have with modules developed by external developers. + +## Type Definition + +`keeper`s are generally implemented in a `/keeper/keeper.go` file located in the module's folder. By convention, the type `keeper` of a module is simply named `Keeper` and usually follows the following structure: + +```go +type Keeper struct { + // External keepers, if any + + // Store key(s) + + // codec + + // authority +} +``` + +For example, here is the type definition of the `keeper` from the `staking` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/staking/keeper/keeper.go#L23-L31 +``` + +Let us go through the different parameters: + +* An expected `keeper` is a `keeper` external to a module that is required by the internal `keeper` of said module. External `keeper`s are listed in the internal `keeper`'s type definition as interfaces. These interfaces are themselves defined in an `expected_keepers.go` file in the root of the module's folder. In this context, interfaces are used to reduce the number of dependencies, as well as to facilitate the maintenance of the module itself. +* `storeKey`s grant access to the store(s) of the [multistore](../../learn/advanced/04-store.md) managed by the module. They should always remain unexposed to external modules. +* `cdc` is the [codec](../../learn/advanced/05-encoding.md) used to marshall and unmarshall structs to/from `[]byte`. The `cdc` can be any of `codec.BinaryCodec`, `codec.JSONCodec` or `codec.Codec` based on your requirements. It can be either a proto or amino codec as long as they implement these interfaces. +* The authority listed is a module account or user account that has the right to change module level parameters. Previously this was handled by the param module, which has been deprecated. + +Of course, it is possible to define different types of internal `keeper`s for the same module (e.g. a read-only `keeper`). Each type of `keeper` comes with its own constructor function, which is called from the [application's constructor function](../../learn/beginner/00-app-anatomy.md). This is where `keeper`s are instantiated, and where developers make sure to pass correct instances of modules' `keeper`s to other modules that require them. + +## Implementing Methods + +`Keeper`s primarily expose getter and setter methods for the store(s) managed by their module. These methods should remain as simple as possible and strictly be limited to getting or setting the requested value, as validity checks should have already been performed by the [`Msg` server](./03-msg-services.md) when `keeper`s' methods are called. + +Typically, a *getter* method will have the following signature + +```go +func (k Keeper) Get(ctx context.Context, key string) returnType +``` + +and the method will go through the following steps: + +1. Retrieve the appropriate store from the `ctx` using the `storeKey`. This is done through the `KVStore(storeKey sdk.StoreKey)` method of the `ctx`. Then it's preferred to use the `prefix.Store` to access only the desired limited subset of the store for convenience and safety. +2. If it exists, get the `[]byte` value stored at location `[]byte(key)` using the `Get(key []byte)` method of the store. +3. Unmarshall the retrieved value from `[]byte` to `returnType` using the codec `cdc`. Return the value. + +Similarly, a *setter* method will have the following signature + +```go +func (k Keeper) Set(ctx context.Context, key string, value valueType) +``` + +and the method will go through the following steps: + +1. Retrieve the appropriate store from the `ctx` using the `storeKey`. This is done through the `KVStore(storeKey sdk.StoreKey)` method of the `ctx`. It's preferred to use the `prefix.Store` to access only the desired limited subset of the store for convenience and safety. +2. Marshal `value` to `[]byte` using the codec `cdc`. +3. Set the encoded value in the store at location `key` using the `Set(key []byte, value []byte)` method of the store. + +For more, see an example of `keeper`'s [methods implementation from the `staking` module](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/staking/keeper/keeper.go). + +The [module `KVStore`](../../learn/advanced/04-store.md#kvstore-and-commitkvstore-interfaces) also provides an `Iterator()` method which returns an `Iterator` object to iterate over a domain of keys. + +This is an example from the `auth` module to iterate accounts: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/keeper/account.go +``` diff --git a/copy-of-sdk-docs/build/building-modules/07-invariants.md b/copy-of-sdk-docs/build/building-modules/07-invariants.md new file mode 100644 index 00000000..018796f7 --- /dev/null +++ b/copy-of-sdk-docs/build/building-modules/07-invariants.md @@ -0,0 +1,90 @@ +--- +sidebar_position: 1 +--- + +# Invariants + +:::note Synopsis +An invariant is a property of the application that should always be true. In the context of the Cosmos SDK, an `Invariant` is a function that checks for a particular invariant. These functions are useful to detect bugs early on and act upon them to limit their potential consequences (e.g. by halting the chain). They are also useful in the development process of the application to detect bugs via simulations. +::: + +:::note Pre-requisite Readings + +* [Keepers](./06-keeper.md) + +::: + +## Implementing `Invariant`s + +An `Invariant` is a function that checks for a particular invariant within a module. Module `Invariant`s must follow the `Invariant` type: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/invariant.go#L9 +``` + +The `string` return value is the invariant message, which can be used when printing logs, and the `bool` return value is the actual result of the invariant check. + +In practice, each module implements `Invariant`s in a `keeper/invariants.go` file within the module's folder. The standard is to implement one `Invariant` function per logical grouping of invariants with the following model: + +```go +// Example for an Invariant that checks balance-related invariants + +func BalanceInvariants(k Keeper) sdk.Invariant { + return func(ctx context.Context) (string, bool) { + // Implement checks for balance-related invariants + } +} +``` + +Additionally, module developers should generally implement an `AllInvariants` function that runs all the `Invariant`s functions of the module: + +```go +// AllInvariants runs all invariants of the module. +// In this example, the module implements two Invariants: BalanceInvariants and DepositsInvariants + +func AllInvariants(k Keeper) sdk.Invariant { + + return func(ctx context.Context) (string, bool) { + res, stop := BalanceInvariants(k)(ctx) + if stop { + return res, stop + } + + return DepositsInvariant(k)(ctx) + } +} +``` + +Finally, module developers need to implement the `RegisterInvariants` method as part of the [`AppModule` interface](./01-module-manager.md#appmodule). Indeed, the `RegisterInvariants` method of the module, implemented in the `module/module.go` file, typically only defers the call to a `RegisterInvariants` method implemented in the `keeper/invariants.go` file. The `RegisterInvariants` method registers a route for each `Invariant` function in the [`InvariantRegistry`](#invariant-registry): + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/staking/keeper/invariants.go#L12-L22 +``` + +For more, see an example of [`Invariant`s implementation from the `staking` module](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/staking/keeper/invariants.go). + +## Invariant Registry + +The `InvariantRegistry` is a registry where the `Invariant`s of all the modules of an application are registered. There is only one `InvariantRegistry` per **application**, meaning module developers need not implement their own `InvariantRegistry` when building a module. **All module developers need to do is to register their modules' invariants in the `InvariantRegistry`, as explained in the section above**. The rest of this section gives more information on the `InvariantRegistry` itself, and does not contain anything directly relevant to module developers. + +At its core, the `InvariantRegistry` is defined in the Cosmos SDK as an interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/invariant.go#L14-L17 +``` + +Typically, this interface is implemented in the `keeper` of a specific module. The most used implementation of an `InvariantRegistry` can be found in the `crisis` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/crisis/keeper/keeper.go#L48-L50 +``` + +The `InvariantRegistry` is therefore typically instantiated by instantiating the `keeper` of the `crisis` module in the [application's constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). + +`Invariant`s can be checked manually via [`message`s](./02-messages-and-queries.md), but most often they are checked automatically at the end of each block. Here is an example from the `crisis` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/crisis/abci.go#L13-L23 +``` + +In both cases, if one of the `Invariant`s returns false, the `InvariantRegistry` can trigger special logic (e.g. have the application panic and print the `Invariant`s message in the log). diff --git a/copy-of-sdk-docs/build/building-modules/08-genesis.md b/copy-of-sdk-docs/build/building-modules/08-genesis.md new file mode 100644 index 00000000..28ff911b --- /dev/null +++ b/copy-of-sdk-docs/build/building-modules/08-genesis.md @@ -0,0 +1,78 @@ +--- +sidebar_position: 1 +--- + +# Module Genesis + +:::note Synopsis +Modules generally handle a subset of the state and, as such, they need to define the related subset of the genesis file as well as methods to initialize, verify and export it. +::: + +:::note Pre-requisite Readings + +* [Module Manager](./01-module-manager.md) +* [Keepers](./06-keeper.md) + +::: + +## Type Definition + +The subset of the genesis state defined by a given module is generally defined in a `genesis.proto` file ([more info](../../learn/advanced/05-encoding.md#gogoproto) on how to define protobuf messages). The struct defining the module's subset of the genesis state is usually called `GenesisState` and contains all the module-related values that need to be initialized during the genesis process. + +See an example of `GenesisState` protobuf message definition from the `auth` module: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/auth/v1beta1/genesis.proto +``` + +Next we present the main genesis-related methods that need to be implemented by module developers in order for their module to be used in Cosmos SDK applications. + +### `DefaultGenesis` + +The `DefaultGenesis()` method is a simple function that calls the constructor function for `GenesisState` with the default value for each parameter. See an example from the `auth` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/module.go#L63-L67 +``` + +### `ValidateGenesis` + +The `ValidateGenesis(data GenesisState)` method is called to verify that the provided `genesisState` is correct. It should perform validity checks on each of the parameters listed in `GenesisState`. See an example from the `auth` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/types/genesis.go#L62-L75 +``` + +## Other Genesis Methods + +Other than the methods related directly to `GenesisState`, module developers are expected to implement two other methods as part of the [`AppModuleGenesis` interface](./01-module-manager.md#appmodulegenesis) (only if the module needs to initialize a subset of state in genesis). These methods are [`InitGenesis`](#initgenesis) and [`ExportGenesis`](#exportgenesis). + +### `InitGenesis` + +The `InitGenesis` method is executed during [`InitChain`](../../learn/advanced/00-baseapp.md#initchain) when the application is first started. Given a `GenesisState`, it initializes the subset of the state managed by the module by using the module's [`keeper`](./06-keeper.md) setter function on each parameter within the `GenesisState`. + +The [module manager](./01-module-manager.md#manager) of the application is responsible for calling the `InitGenesis` method of each of the application's modules in order. This order is set by the application developer via the manager's `SetOrderGenesisMethod`, which is called in the [application's constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). + +See an example of `InitGenesis` from the `auth` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/keeper/genesis.go#L8-L35 +``` + +### `ExportGenesis` + +The `ExportGenesis` method is executed whenever an export of the state is made. It takes the latest known version of the subset of the state managed by the module and creates a new `GenesisState` out of it. This is mainly used when the chain needs to be upgraded via a hard fork. + +See an example of `ExportGenesis` from the `auth` module. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/keeper/genesis.go#L37-L49 +``` + +### GenesisTxHandler + +`GenesisTxHandler` is a way for modules to submit state transitions prior to the first block. This is used by `x/genutil` to submit the genesis transactions for the validators to be added to staking. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/core/genesis/txhandler.go#L3-L6 +``` diff --git a/copy-of-sdk-docs/build/building-modules/09-module-interfaces.md b/copy-of-sdk-docs/build/building-modules/09-module-interfaces.md new file mode 100644 index 00000000..63a939d0 --- /dev/null +++ b/copy-of-sdk-docs/build/building-modules/09-module-interfaces.md @@ -0,0 +1,165 @@ +--- +sidebar_position: 1 +--- + +# Module Interfaces + +:::note Synopsis +This document details how to build CLI and REST interfaces for a module. Examples from various Cosmos SDK modules are included. +::: + +:::note Pre-requisite Readings + +* [Building Modules Intro](./00-intro.md) + +::: + +## CLI + +One of the main interfaces for an application is the [command-line interface](../../learn/advanced/07-cli.md). This entrypoint adds commands from the application's modules enabling end-users to create [**messages**](./02-messages-and-queries.md#messages) wrapped in transactions and [**queries**](./02-messages-and-queries.md#queries). The CLI files are typically found in the module's `./client/cli` folder. + +### Transaction Commands + +In order to create messages that trigger state changes, end-users must create [transactions](../../learn/advanced/01-transactions.md) that wrap and deliver the messages. A transaction command creates a transaction that includes one or more messages. + +Transaction commands typically have their own `tx.go` file that lives within the module's `./client/cli` folder. The commands are specified in getter functions and the name of the function should include the name of the command. + +Here is an example from the `x/bank` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/client/cli/tx.go#L37-L76 +``` + +In the example, `NewSendTxCmd()` creates and returns the transaction command for a transaction that wraps and delivers `MsgSend`. `MsgSend` is the message used to send tokens from one account to another. + +In general, the getter function does the following: + +* **Constructs the command:** Read the [Cobra Documentation](https://pkg.go.dev/github.com/spf13/cobra) for more detailed information on how to create commands. + * **Use:** Specifies the format of the user input required to invoke the command. In the example above, `send` is the name of the transaction command and `[from_key_or_address]`, `[to_address]`, and `[amount]` are the arguments. + * **Args:** The number of arguments the user provides. In this case, there are exactly three: `[from_key_or_address]`, `[to_address]`, and `[amount]`. + * **Short and Long:** Descriptions for the command. A `Short` description is expected. A `Long` description can be used to provide additional information that is displayed when a user adds the `--help` flag. + * **RunE:** Defines a function that can return an error. This is the function that is called when the command is executed. This function encapsulates all of the logic to create a new transaction. + * The function typically starts by getting the `clientCtx`, which can be done with `client.GetClientTxContext(cmd)`. The `clientCtx` contains information relevant to transaction handling, including information about the user. In this example, the `clientCtx` is used to retrieve the address of the sender by calling `clientCtx.GetFromAddress()`. + * If applicable, the command's arguments are parsed. In this example, the arguments `[to_address]` and `[amount]` are both parsed. + * A [message](./02-messages-and-queries.md) is created using the parsed arguments and information from the `clientCtx`. The constructor function of the message type is called directly. In this case, `types.NewMsgSend(fromAddr, toAddr, amount)`. Its good practice to call, if possible, the necessary [message validation methods](../building-modules/03-msg-services.md#Validation) before broadcasting the message. + * Depending on what the user wants, the transaction is either generated offline or signed and broadcasted to the preconfigured node using `tx.GenerateOrBroadcastTxCLI(clientCtx, flags, msg)`. +* **Adds transaction flags:** All transaction commands must add a set of transaction [flags](#flags). The transaction flags are used to collect additional information from the user (e.g. the amount of fees the user is willing to pay). The transaction flags are added to the constructed command using `AddTxFlagsToCmd(cmd)`. +* **Returns the command:** Finally, the transaction command is returned. + +Each module can implement `NewTxCmd()`, which aggregates all of the transaction commands of the module. Here is an example from the `x/bank` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/client/cli/tx.go#L20-L35 +``` + +Each module then can also implement a `GetTxCmd()` method that simply returns `NewTxCmd()`. This allows the root command to easily aggregate all of the transaction commands for each module. Here is an example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/module.go#L84-L86 +``` + +### Query Commands + +:::warning +This section is being rewritten. Refer to [AutoCLI](https://docs.cosmos.network/main/core/autocli) while this section is being updated. +::: + + + +## gRPC + +[gRPC](https://grpc.io/) is a Remote Procedure Call (RPC) framework. RPC is the preferred way for external clients like wallets and exchanges to interact with a blockchain. + +In addition to providing an ABCI query pathway, the Cosmos SDK provides a gRPC proxy server that routes gRPC query requests to ABCI query requests. + +In order to do that, modules must implement `RegisterGRPCGatewayRoutes(clientCtx client.Context, mux *runtime.ServeMux)` on `AppModuleBasic` to wire the client gRPC requests to the correct handler inside the module. + +Here's an example from the `x/auth` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/module.go#L71-L76 +``` + +## gRPC-gateway REST + +Applications need to support web services that use HTTP requests (e.g. a web wallet like [Keplr](https://keplr.app)). [grpc-gateway](https://github.com/grpc-ecosystem/grpc-gateway) translates REST calls into gRPC calls, which might be useful for clients that do not use gRPC. + +Modules that want to expose REST queries should add `google.api.http` annotations to their `rpc` methods, such as in the example below from the `x/auth` module: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/auth/v1beta1/query.proto#L14-L89 +``` + +gRPC gateway is started in-process along with the application and CometBFT. It can be enabled or disabled by setting gRPC Configuration `enable` in [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml). + +The Cosmos SDK provides a command for generating [Swagger](https://swagger.io/) documentation (`protoc-gen-swagger`). Setting `swagger` in [`app.toml`](../../user/run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml) defines if swagger documentation should be automatically registered. diff --git a/copy-of-sdk-docs/build/building-modules/11-structure.md b/copy-of-sdk-docs/build/building-modules/11-structure.md new file mode 100644 index 00000000..a36b9a49 --- /dev/null +++ b/copy-of-sdk-docs/build/building-modules/11-structure.md @@ -0,0 +1,95 @@ +--- +sidebar_position: 1 +--- + +# Recommended Folder Structure + +:::note Synopsis +This document outlines the recommended structure of Cosmos SDK modules. These ideas are meant to be applied as suggestions. Application developers are encouraged to improve upon and contribute to module structure and development design. +::: + +## Structure + +A typical Cosmos SDK module can be structured as follows: + +```shell +proto +└── {project_name} +    └── {module_name} +    └── {proto_version} +       ├── {module_name}.proto +       ├── event.proto +       ├── genesis.proto +       ├── query.proto +       └── tx.proto +``` + +* `{module_name}.proto`: The module's common message type definitions. +* `event.proto`: The module's message type definitions related to events. +* `genesis.proto`: The module's message type definitions related to genesis state. +* `query.proto`: The module's Query service and related message type definitions. +* `tx.proto`: The module's Msg service and related message type definitions. + +```shell +x/{module_name} +├── client +│   ├── cli +│   │ ├── query.go +│   │   └── tx.go +│   └── testutil +│   ├── cli_test.go +│   └── suite.go +├── exported +│   └── exported.go +├── keeper +│   ├── genesis.go +│   ├── grpc_query.go +│   ├── hooks.go +│   ├── invariants.go +│   ├── keeper.go +│   ├── keys.go +│   ├── msg_server.go +│   └── querier.go +├── module +│   └── module.go +│   └── abci.go +│   └── autocli.go +├── simulation +│   ├── decoder.go +│   ├── genesis.go +│   ├── operations.go +│   └── params.go +├── {module_name}.pb.go +├── codec.go +├── errors.go +├── events.go +├── events.pb.go +├── expected_keepers.go +├── genesis.go +├── genesis.pb.go +├── keys.go +├── msgs.go +├── params.go +├── query.pb.go +├── tx.pb.go +└── README.md +``` + +* `client/`: The module's CLI client functionality implementation and the module's CLI testing suite. +* `exported/`: The module's exported types - typically interface types. If a module relies on keepers from another module, it is expected to receive the keepers as interface contracts through the `expected_keepers.go` file (see below) in order to avoid a direct dependency on the module implementing the keepers. However, these interface contracts can define methods that operate on and/or return types that are specific to the module that is implementing the keepers and this is where `exported/` comes into play. The interface types that are defined in `exported/` use canonical types, allowing for the module to receive the keepers as interface contracts through the `expected_keepers.go` file. This pattern allows for code to remain DRY and also alleviates import cycle chaos. +* `keeper/`: The module's `Keeper` and `MsgServer` implementation. +* `module/`: The module's `AppModule` and `AppModuleBasic` implementation. + * `abci.go`: The module's `BeginBlocker` and `EndBlocker` implementations (this file is only required if `BeginBlocker` and/or `EndBlocker` need to be defined). + * `autocli.go`: The module [autocli](https://docs.cosmos.network/main/core/autocli) options. +* `simulation/`: The module's [simulation](./14-simulator.md) package defines functions used by the blockchain simulator application (`simapp`). +* `README.md`: The module's specification documents outlining important concepts, state storage structure, and message and event type definitions. Learn more about how to write module specs in the [spec guidelines](../../../spec/SPEC_MODULE.md). +* The root directory includes type definitions for messages, events, and genesis state, including the type definitions generated by Protocol Buffers. + * `codec.go`: The module's registry methods for interface types. + * `errors.go`: The module's sentinel errors. + * `events.go`: The module's event types and constructors. + * `expected_keepers.go`: The module's [expected keeper](./06-keeper.md#type-definition) interfaces. + * `genesis.go`: The module's genesis state methods and helper functions. + * `keys.go`: The module's store keys and associated helper functions. + * `msgs.go`: The module's message type definitions and associated methods. + * `params.go`: The module's parameter type definitions and associated methods. + * `*.pb.go`: The module's type definitions generated by Protocol Buffers (as defined in the respective `*.proto` files above). diff --git a/copy-of-sdk-docs/build/building-modules/12-errors.md b/copy-of-sdk-docs/build/building-modules/12-errors.md new file mode 100644 index 00000000..214ab70e --- /dev/null +++ b/copy-of-sdk-docs/build/building-modules/12-errors.md @@ -0,0 +1,56 @@ +--- +sidebar_position: 1 +--- + +# Errors + +:::note Synopsis +This document outlines the recommended usage and APIs for error handling in Cosmos SDK modules. +::: + +Modules are encouraged to define and register their own errors to provide better +context on failed message or handler execution. Typically, these errors should be +common or general errors which can be further wrapped to provide additional specific +execution context. + +## Registration + +Modules should define and register their custom errors in `x/{module}/errors.go`. +Registration of errors is handled via the [`errors` package](https://github.com/cosmos/cosmos-sdk/blob/main/errors/errors.go). + +Example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/distribution/types/errors.go +``` + +Each custom module error must provide the codespace, which is typically the module name +(e.g. "distribution") and is unique per module, and a uint32 code. Together, the codespace and code +provide a globally unique Cosmos SDK error. Typically, the code is monotonically increasing but does not +necessarily have to be. The only restrictions on error codes are the following: + +* Must be greater than one, as a code value of one is reserved for internal errors. +* Must be unique within the module. + +Note, the Cosmos SDK provides a core set of *common* errors. These errors are defined in [`types/errors/errors.go`](https://github.com/cosmos/cosmos-sdk/blob/main/types/errors/errors.go). + +## Wrapping + +The custom module errors can be returned as their concrete type as they already fulfill the `error` +interface. However, module errors can be wrapped to provide further context and meaning to failed +execution. + +Example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/keeper/keeper.go#L141-L182 +``` + +Regardless if an error is wrapped or not, the Cosmos SDK's `errors` package provides a function to determine if +an error is of a particular kind via `Is`. + +## ABCI + +If a module error is registered, the Cosmos SDK `errors` package allows ABCI information to be extracted +through the `ABCIInfo` function. The package also provides `ResponseCheckTx` and `ResponseDeliverTx` as +auxiliary functions to automatically get `CheckTx` and `DeliverTx` responses from an error. diff --git a/copy-of-sdk-docs/build/building-modules/13-upgrade.md b/copy-of-sdk-docs/build/building-modules/13-upgrade.md new file mode 100644 index 00000000..20c02e9f --- /dev/null +++ b/copy-of-sdk-docs/build/building-modules/13-upgrade.md @@ -0,0 +1,63 @@ +--- +sidebar_position: 1 +--- + +# Upgrading Modules + +:::note Synopsis +[In-Place Store Migrations](../../learn/advanced/15-upgrade.md) allow your modules to upgrade to new versions that include breaking changes. This document outlines how to build modules to take advantage of this functionality. +::: + +:::note Pre-requisite Readings + +* [In-Place Store Migration](../../learn/advanced/15-upgrade.md) + +::: + +## Consensus Version + +Successful upgrades of existing modules require each `AppModule` to implement the function `ConsensusVersion() uint64`. + +* The versions must be hard-coded by the module developer. +* The initial version **must** be set to 1. + +Consensus versions serve as state-breaking versions of app modules and must be incremented when the module introduces breaking changes. + +## Registering Migrations + +To register the functionality that takes place during a module upgrade, you must register which migrations you want to take place. + +Migration registration takes place in the `Configurator` using the `RegisterMigration` method. The `AppModule` reference to the configurator is in the `RegisterServices` method. + +You can register one or more migrations. If you register more than one migration script, list the migrations in increasing order and ensure there are enough migrations that lead to the desired consensus version. For example, to migrate to version 3 of a module, register separate migrations for version 1 and version 2 as shown in the following example: + +```go +func (am AppModule) RegisterServices(cfg module.Configurator) { + // --snip-- + cfg.RegisterMigration(types.ModuleName, 1, func(ctx sdk.Context) error { + // Perform in-place store migrations from ConsensusVersion 1 to 2. + }) + cfg.RegisterMigration(types.ModuleName, 2, func(ctx sdk.Context) error { + // Perform in-place store migrations from ConsensusVersion 2 to 3. + }) +} +``` + +Since these migrations are functions that need access to a Keeper's store, use a wrapper around the keepers called `Migrator` as shown in this example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/keeper/migrations.go +``` + +## Writing Migration Scripts + +To define the functionality that takes place during an upgrade, write a migration script and place the functions in a `migrations/` directory. For example, to write migration scripts for the bank module, place the functions in `x/bank/migrations/`. Use the recommended naming convention for these functions. For example, `v2bank` is the script that migrates the package `x/bank/migrations/v2`: + +```go +// Migrating bank module from version 1 to 2 +func (m Migrator) Migrate1to2(ctx sdk.Context) error { + return v2bank.MigrateStore(ctx, m.keeper.storeKey) // v2bank is package `x/bank/migrations/v2`. +} +``` + +To see example code of changes that were implemented in a migration of balance keys, check out [migrateBalanceKeys](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/migrations/v2/store.go#L55-L76). For context, this code introduced migrations of the bank store that updated addresses to be prefixed by their length in bytes as outlined in [ADR-028](../../../architecture/adr-028-public-key-addresses.md). diff --git a/copy-of-sdk-docs/build/building-modules/14-simulator.md b/copy-of-sdk-docs/build/building-modules/14-simulator.md new file mode 100644 index 00000000..a9763715 --- /dev/null +++ b/copy-of-sdk-docs/build/building-modules/14-simulator.md @@ -0,0 +1,177 @@ +--- +sidebar_position: 1 +--- + +# Module Simulation + +:::note Pre-requisite Readings + +* [Cosmos Blockchain Simulator](../../learn/advanced/12-simulation.md) + +::: + +## Synopsis + +This document guides developers on integrating their custom modules with the Cosmos SDK `Simulations`. +Simulations are useful for testing edge cases in module implementations. + +* [Simulation Package](#simulation-package) +* [Simulation App Module](#simulation-app-module) +* [SimsX](#simsx) + * [Example Implementations](#example-implementations) +* [Store decoders](#store-decoders) +* [Randomized genesis](#randomized-genesis) +* [Random weighted operations](#random-weighted-operations) + * [Using Simsx](#using-simsx) +* [App Simulator manager](#app-simulator-manager) +* [Running Simulations](#running-simulations) + + + +## Simulation Package + +The Cosmos SDK suggests organizing your simulation related code in a `x//simulation` package. + +## Simulation App Module + +To integrate with the Cosmos SDK `SimulationManager`, app modules must implement the `AppModuleSimulation` interface. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/3c6deab626648e47de752c33dac5d06af83e3ee3/types/module/simulation.go#L16-L27 +``` + +See an example implementation of these methods from `x/distribution` [here](https://github.com/cosmos/cosmos-sdk/blob/b55b9e14fb792cc8075effb373be9d26327fddea/x/distribution/module.go#L170-L194). + +## SimsX + +Cosmos SDK v0.53.0 introduced a new package, `simsx`, providing improved DevX for writing simulation code. + +It exposes the following extension interfaces that modules may implement to integrate with the new `simsx` runner. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/testutil/simsx/runner.go#L223-L234 +``` + +These methods allow constructing randomized messages and/or proposal messages. + +:::tip +Note that modules should **not** implement both `HasWeightedOperationsX` and `HasWeightedOperationsXWithProposals`. +See the runner code [here](https://github.com/cosmos/cosmos-sdk/blob/main/testutil/simsx/runner.go#L330-L339) for details + +If the module does **not** have message handlers or governance proposal handlers, these interface methods do **not** need to be implemented. +::: + +### Example Implementations + +* `HasWeightedOperationsXWithProposals`: [x/gov](https://github.com/cosmos/cosmos-sdk/blob/main/x/gov/module.go#L242-L261) +* `HasWeightedOperationsX`: [x/bank](https://github.com/cosmos/cosmos-sdk/blob/main/x/bank/module.go#L199-L203) +* `HasProposalMsgsX`: [x/bank](https://github.com/cosmos/cosmos-sdk/blob/main/x/bank/module.go#L194-L197) + +## Store decoders + +Registering the store decoders is required for the `AppImportExport` simulation. This allows +for the key-value pairs from the stores to be decoded to their corresponding types. +In particular, it matches the key to a concrete type and then unmarshals the value from the `KVPair` to the type provided. + +Modules using [collections](https://github.com/cosmos/cosmos-sdk/blob/main/collections/README.md) can use the `NewStoreDecoderFuncFromCollectionsSchema` function that builds the decoder for you: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/x/bank/module.go#L181-L184 +``` + +Modules not using collections must manually build the store decoder. +See the implementation [here](https://github.com/cosmos/cosmos-sdk/blob/main/x/distribution/simulation/decoder.go) from the distribution module for an example. + +## Randomized genesis + +The simulator tests different scenarios and values for genesis parameters. +App modules must implement a `GenerateGenesisState` method to generate the initial random `GenesisState` from a given seed. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/types/module/simulation.go#L20 +``` + +See an example from `x/auth` [here](https://github.com/cosmos/cosmos-sdk/blob/main/x/auth/module.go#L169-L172). + +Once the module's genesis parameters are generated randomly (or with the key and +values defined in a `params` file), they are marshaled to JSON format and added +to the app genesis JSON for the simulation. + +## Random weighted operations + +Operations are one of the crucial parts of the Cosmos SDK simulation. They are the transactions +(`Msg`) that are simulated with random field values. The sender of the operation +is also assigned randomly. + +Operations on the simulation are simulated using the full [transaction cycle](../../learn/advanced/01-transactions.md) of a +`ABCI` application that exposes the `BaseApp`. + +### Using Simsx + +Simsx introduces the ability to define a `MsgFactory` for each of a module's messages. + +These factories are registered in `WeightedOperationsX` and/or `ProposalMsgsX`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/x/distribution/module.go#L196-L206 +``` + +Note that the name passed in to `weights.Get` must match the name of the operation set in the `WeightedOperations`. + +For example, if the module contains an operation `op_weight_msg_set_withdraw_address`, the name passed to `weights.Get` should be `msg_set_withdraw_address`. + +See the `x/distribution` for an example of implementing message factories [here](https://github.com/cosmos/cosmos-sdk/blob/main/x/distribution/simulation/msg_factory.go) + +## App Simulator manager + +The following step is setting up the `SimulatorManager` at the app level. This +is required for the simulation test files in the next step. + +```go +type CoolApp struct { +... +sm *module.SimulationManager +} +``` + +Within the constructor of the application, construct the simulation manager using the modules from `ModuleManager` and call the `RegisterStoreDecoders` method. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/simapp/app.go#L650-L660 +``` + +Note that you may override some modules. +This is useful if the existing module configuration in the `ModuleManager` should be different in the `SimulationManager`. + +Finally, the application should expose the `SimulationManager` via the following method defined in the `Runtime` interface: + +```go +// SimulationManager implements the SimulationApp interface +func (app *SimApp) SimulationManager() *module.SimulationManager { +return app.sm +} +``` + +## Running Simulations + +To run the simulation, use the `simsx` runner. + +Call the following function from the `simsx` package to begin simulating with a default seed: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/testutil/simsx/runner.go#L69-L88 +``` + +If a custom seed is desired, tests should use `RunWithSeed`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/b55b9e14fb792cc8075effb373be9d26327fddea/testutil/simsx/runner.go#L151-L168 +``` + +These functions should be called in tests (i.e., app_test.go, app_sim_test.go, etc.) + +Example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/simapp/sim_test.go#L53-L65 +``` diff --git a/copy-of-sdk-docs/build/building-modules/15-depinject.md b/copy-of-sdk-docs/build/building-modules/15-depinject.md new file mode 100644 index 00000000..64aa3711 --- /dev/null +++ b/copy-of-sdk-docs/build/building-modules/15-depinject.md @@ -0,0 +1,124 @@ +--- +sidebar_position: 1 +--- + +# Modules depinject-ready + +:::note Pre-requisite Readings + +* [Depinject Documentation](../packages/01-depinject.md) + +::: + +[`depinject`](../packages/01-depinject.md) is used to wire any module in `app.go`. +All core modules are already configured to support dependency injection. + +To work with `depinject` a module must define its configuration and requirements so that `depinject` can provide the right dependencies. + +In brief, as a module developer, the following steps are required: + +1. Define the module configuration using Protobuf +2. Define the module dependencies in `x/{moduleName}/module.go` + +A chain developer can then use the module by following these two steps: + +1. Configure the module in `app_config.go` or `app.yaml` +2. Inject the module in `app.go` + +## Module Configuration + +The module available configuration is defined in a Protobuf file, located at `{moduleName}/module/v1/module.proto`. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/group/module/v1/module.proto +``` + +* `go_import` must point to the Go package of the custom module. +* Message fields define the module configuration. + That configuration can be set in the `app_config.go` / `app.yaml` file for a chain developer to configure the module. + Taking `group` as an example, a chain developer is able to decide, thanks to `uint64 max_metadata_len`, what the maximum metadata length allowed for a group proposal is. + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/app_config.go#L228-L234 + ``` + +That message is generated using [`pulsar`](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/scripts/protocgen-pulsar.sh) (by running `make proto-gen`). +In the case of the `group` module, this file is generated here: https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/api/cosmos/group/module/v1/module.pulsar.go. + +The part that is relevant for the module configuration is: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/api/cosmos/group/module/v1/module.pulsar.go#L515-L527 +``` + +:::note +Pulsar is optional. The official [`protoc-gen-go`](https://developers.google.com/protocol-buffers/docs/reference/go-generated) can be used as well. +::: + +## Dependency Definition + +Once the configuration proto is defined, the module's `module.go` must define what dependencies are required by the module. +The boilerplate is similar for all modules. + +:::warning +All methods, structs and their fields must be public for `depinject`. +::: + +1. Import the module configuration generated package: + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/group/module/module.go#L12-L14 + ``` + + Define an `init()` function for defining the `providers` of the module configuration: + This registers the module configuration message and the wiring of the module. + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/group/module/module.go#L194-L199 + ``` + +2. Ensure that the module implements the `appmodule.AppModule` interface: + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.47.0/x/group/module/module.go#L58-L64 + ``` + +3. Define a struct that inherits `depinject.In` and define the module inputs (i.e. module dependencies): + * `depinject` provides the right dependencies to the module. + * `depinject` also checks that all dependencies are provided. + + :::tip + For making a dependency optional, add the `optional:"true"` struct tag. + ::: + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/group/module/module.go#L201-L211 + ``` + +4. Define the module outputs with a public struct that inherits `depinject.Out`: + The module outputs are the dependencies that the module provides to other modules. It is usually the module itself and its keeper. + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/group/module/module.go#L213-L218 + ``` + +5. Create a function named `ProvideModule` (as called in 1.) and use the inputs for instantiating the module outputs. + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/group/module/module.go#L220-L235 + ``` + +The `ProvideModule` function should return an instance of `cosmossdk.io/core/appmodule.AppModule` which implements +one or more app module extension interfaces for initializing the module. + +Following is the complete app wiring configuration for `group`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/group/module/module.go#L194-L235 +``` + +The module is now ready to be used with `depinject` by a chain developer. + +## Integrate in an application + +The App Wiring is done in `app_config.go` / `app.yaml` and `app_di.go` and is explained in detail in the [overview of `app_di.go`](../building-apps/01-app-go-di.md). diff --git a/copy-of-sdk-docs/build/building-modules/16-testing.md b/copy-of-sdk-docs/build/building-modules/16-testing.md new file mode 100644 index 00000000..43a79b8e --- /dev/null +++ b/copy-of-sdk-docs/build/building-modules/16-testing.md @@ -0,0 +1,124 @@ +--- +sidebar_position: 1 +--- + +# Testing + +The Cosmos SDK contains different types of [tests](https://martinfowler.com/articles/practical-test-pyramid.html). +These tests have different goals and are used at different stages of the development cycle. +We advise, as a general rule, to use tests at all stages of the development cycle. +It is advised, as a chain developer, to test your application and modules in a similar way to the SDK. + +The rationale behind testing can be found in [ADR-59](https://docs.cosmos.network/main/build/architecture/adr-059-test-scopes). + +## Unit Tests + +Unit tests are the lowest test category of the [test pyramid](https://martinfowler.com/articles/practical-test-pyramid.html). +All packages and modules should have unit test coverage. Modules should have their dependencies mocked: this means mocking keepers. + +The SDK uses `mockgen` to generate mocks for keepers: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/scripts/mockgen.sh#L3-L6 +``` + +You can read more about mockgen [here](https://go.uber.org/mock). + +### Example + +As an example, we will walkthrough the [keeper tests](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/gov/keeper/keeper_test.go) of the `x/gov` module. + +The `x/gov` module has a `Keeper` type, which requires a few external dependencies (ie. imports outside `x/gov` to work properly). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/gov/keeper/keeper.go#L22-L24 +``` + +In order to only test `x/gov`, we mock the [expected keepers](https://docs.cosmos.network/v0.46/building-modules/keeper.html#type-definition) and instantiate the `Keeper` with the mocked dependencies. Note that we may need to configure the mocked dependencies to return the expected values: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/gov/keeper/common_test.go#L68-L82 +``` + +This allows us to test the `x/gov` module without having to import other modules. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/gov/keeper/keeper_test.go#L3-L42 +``` + +We can then create unit tests using the newly created `Keeper` instance. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/gov/keeper/keeper_test.go#L83-L107 +``` + +## Integration Tests + +Integration tests are at the second level of the [test pyramid](https://martinfowler.com/articles/practical-test-pyramid.html). +In the SDK, we locate our integration tests under [`/tests/integrations`](https://github.com/cosmos/cosmos-sdk/tree/main/tests/integration). + +The goal of these integration tests is to test how a component interacts with other dependencies. Compared to unit tests, integration tests do not mock dependencies. Instead, they use the direct dependencies of the component. This differs as well from end-to-end tests, which test the component with a full application. + +Integration tests interact with the tested module via the defined `Msg` and `Query` services. The result of the test can be verified by checking the state of the application, by checking the emitted events or the response. It is advised to combine two of these methods to verify the result of the test. + +The SDK provides small helpers for quickly setting up an integration tests. These helpers can be found at . + +### Example + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/a2f73a7dd37bea0ab303792c55fa1e4e1db3b898/testutil/integration/example_test.go#L30-L116 +``` + +## Deterministic and Regression tests + +Tests are written for queries in the Cosmos SDK which have `module_query_safe` Protobuf annotation. + +Each query is tested using 2 methods: + +* Use property-based testing with the [`rapid`](https://pkg.go.dev/pgregory.net/rapid@v0.5.3) library. The property that is tested is that the query response and gas consumption are the same upon 1000 query calls. +* Regression tests are written with hardcoded responses and gas, and verify they don't change upon 1000 calls and between SDK patch versions. + +Here's an example of regression tests: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/tests/integration/bank/keeper/deterministic_test.go#L143-L160 +``` + +## Simulations + +Simulations uses as well a minimal application, built with [`depinject`](../packages/01-depinject.md): + +:::note +You can as well use the `AppConfig` `configurator` for creating an `AppConfig` [inline](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/slashing/app_test.go#L54-L62). There is no difference between those two ways, use whichever you prefer. +::: + +Following is an example for `x/gov/` simulations: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/gov/simulation/operations_test.go#L415-L441 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/gov/simulation/operations_test.go#L94-L136 +``` + +## End-to-end Tests + +End-to-end tests are at the top of the [test pyramid](https://martinfowler.com/articles/practical-test-pyramid.html). +They must test the whole application flow, from the user perspective (for instance, CLI tests). They are located under [`/tests/e2e`](https://github.com/cosmos/cosmos-sdk/tree/main/tests/e2e). + + +For that, the SDK is using `simapp` but you should use your own application (`appd`). +Here are some examples: + +* SDK E2E tests: . +* Cosmos Hub E2E tests: . +* Osmosis E2E tests: . + +:::note warning +The SDK is in the process of creating its E2E tests, as defined in [ADR-59](https://docs.cosmos.network/main/build/architecture/adr-059-test-scopes). This page will eventually be updated with better examples. +::: + +## Learn More + +Learn more about testing scope in [ADR-59](https://docs.cosmos.network/main/build/architecture/adr-059-test-scopes). diff --git a/copy-of-sdk-docs/build/building-modules/17-preblock.md b/copy-of-sdk-docs/build/building-modules/17-preblock.md new file mode 100644 index 00000000..43722497 --- /dev/null +++ b/copy-of-sdk-docs/build/building-modules/17-preblock.md @@ -0,0 +1,32 @@ +--- +sidebar_position: 1 +--- + +# PreBlocker + +:::note Synopsis +`PreBlocker` is an optional method module developers can implement in their module. They will be triggered before [`BeginBlock`](../../learn/advanced/00-baseapp.md#beginblock). +::: + +:::note Pre-requisite Readings + +* [Module Manager](./01-module-manager.md) + +::: + +## PreBlocker + +There are two semantics around the new lifecycle method: + +* It runs before the `BeginBlocker` of all modules +* It can modify consensus parameters in storage, and signal the caller through the return value. + +When it returns `ConsensusParamsChanged=true`, the caller must refresh the consensus parameters in the deliver context: + +``` +app.finalizeBlockState.ctx = app.finalizeBlockState.ctx.WithConsensusParams(app.GetConsensusParams()) +``` + +The new ctx must be passed to all the other lifecycle methods. + + diff --git a/copy-of-sdk-docs/build/building-modules/_category_.json b/copy-of-sdk-docs/build/building-modules/_category_.json new file mode 100644 index 00000000..2d50f8b3 --- /dev/null +++ b/copy-of-sdk-docs/build/building-modules/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Building Modules", + "position": 1, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/build/building-modules/transaction_flow.svg b/copy-of-sdk-docs/build/building-modules/transaction_flow.svg new file mode 100644 index 00000000..93bb940a --- /dev/null +++ b/copy-of-sdk-docs/build/building-modules/transaction_flow.svg @@ -0,0 +1,48 @@ +UserUserbaseAppbaseApprouterrouterhandlerhandlermsgServermsgServerkeeperkeeperContext.EventManagerContext.EventManagerTransaction Type<Tx>Route(ctx, msgRoute)handlerMsg<Tx>(Context, Msg(...))<Tx>(Context, Msg)alt[addresses invalid, denominations wrong, etc.]errorperform action, update contextresults, error codeEmit relevant eventsmaybe wrap results in more structureresult, error coderesults, error code \ No newline at end of file diff --git a/copy-of-sdk-docs/build/migrations/01-intro.md b/copy-of-sdk-docs/build/migrations/01-intro.md new file mode 100644 index 00000000..e3146856 --- /dev/null +++ b/copy-of-sdk-docs/build/migrations/01-intro.md @@ -0,0 +1,15 @@ +--- +sidebar_position: 1 +--- + +# SDK Migrations + +To smoothen the update to the latest stable release, the SDK includes a CLI command for hard-fork migrations (under the ` genesis migrate` subcommand). +Additionally, the SDK includes in-place migrations for its core modules. These in-place migrations are useful to migrate between major releases. + +* Hard-fork migrations are supported from the last major release to the current one. +* [In-place module migrations](https://docs.cosmos.network/main/core/upgrade#overwriting-genesis-functions) are supported from the last two major releases to the current one. + +Migration from a version older than the last two major releases is not supported. + +When migrating from a previous version, refer to the [`UPGRADING.md`](../../../../UPGRADING.md) and the `CHANGELOG.md` of the version you are migrating to. diff --git a/copy-of-sdk-docs/build/migrations/02-upgrade-reference.md b/copy-of-sdk-docs/build/migrations/02-upgrade-reference.md new file mode 100644 index 00000000..aaefe25f --- /dev/null +++ b/copy-of-sdk-docs/build/migrations/02-upgrade-reference.md @@ -0,0 +1,26 @@ +# Upgrade Reference + +This document provides a quick reference for the upgrades from `v0.53.x` to `v0.54.x` of Cosmos SDK. + +Note, always read the **App Wiring Changes** section for more information on application wiring updates. + +🚨Upgrading to v0.54.x will require a **coordinated** chain upgrade.🚨 + +### TLDR + +**The only major feature in Cosmos SDK v0.54.x is the upgrade from CometBFT v0.x.x to CometBFT v2.** + +For a full list of changes, see the [Changelog](https://github.com/cosmos/cosmos-sdk/blob/release/v0.54.x/CHANGELOG.md). + +#### Deprecation of `TimeoutCommit` + +CometBFT v2 has deprecated the use of `TimeoutCommit` for a new field, `NextBlockDelay`, that is part of the +`FinalizeBlockResponse` ABCI message that is returned to CometBFT via the SDK baseapp. More information from +the CometBFT repo can be found [here](https://github.com/cometbft/cometbft/blob/88ef3d267de491db98a654be0af6d791e8724ed0/spec/abci/abci%2B%2B_methods.md?plain=1#L689). + +For SDK application developers and node runners, this means that the `timeout_commit` value in the `config.toml` file +is still used if `NextBlockDelay` is 0 (its default value). This means that when upgrading to Cosmos SDK v0.54.x, if +the existing `timout_commit` values that validators have been using will be maintained and have the same behavior. + +For setting the field in your application, there is a new `baseapp` option, `SetNextBlockDelay` which can be passed to your application upon +initialization in `app.go`. Setting this value to any non-zero value will override anything that is set in validators' `config.toml`. diff --git a/copy-of-sdk-docs/build/migrations/02-upgrading.md b/copy-of-sdk-docs/build/migrations/02-upgrading.md new file mode 100644 index 00000000..c63f249d --- /dev/null +++ b/copy-of-sdk-docs/build/migrations/02-upgrading.md @@ -0,0 +1,522 @@ +# Upgrading Cosmos SDK + +This guide provides instructions for upgrading to specific versions of Cosmos SDK. +Note, always read the **SimApp** section for more information on application wiring updates. + +## [v0.50.x](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.50.0) + +### Migration to CometBFT (Part 2) + +The Cosmos SDK has migrated in its previous versions, to CometBFT. +Some functions have been renamed to reflect the naming change. + +Following an exhaustive list: + +* `client.TendermintRPC` -> `client.CometRPC` +* `clitestutil.MockTendermintRPC` -> `clitestutil.MockCometRPC` +* `clitestutilgenutil.CreateDefaultTendermintConfig` -> `clitestutilgenutil.CreateDefaultCometConfig` +* Package `client/grpc/tmservice` -> `client/grpc/cmtservice` + +Additionally, the commands and flags mentioning `tendermint` have been renamed to `comet`. +These commands and flags are still supported for backward compatibility. + +For backward compatibility, the `**/tendermint/**` gRPC services are still supported. + +Additionally, the SDK is starting its abstraction from CometBFT Go types through the codebase: + +* The usage of the CometBFT logger has been replaced by the Cosmos SDK logger interface (`cosmossdk.io/log.Logger`). +* The usage of `github.com/cometbft/cometbft/libs/bytes.HexByte` has been replaced by `[]byte`. +* Usage of an application genesis (see [genutil](#xgenutil)). + +#### Enable Vote Extensions + +:::tip +This is an optional feature that is disabled by default. +::: + +Once all the code changes required to implement Vote Extensions are in place, +they can be enabled by setting the consensus param `Abci.VoteExtensionsEnableHeight` +to a value greater than zero. + +In a new chain, this can be done in the `genesis.json` file. + +For existing chains this can be done in two ways: + +* During an upgrade the value is set in an upgrade handler. +* A governance proposal that changes the consensus param **after a coordinated upgrade has taken place**. + +### BaseApp + +All ABCI methods now accept a pointer to the request and response types defined +by CometBFT. In addition, they also return errors. An ABCI method should only +return errors in cases where a catastrophic failure has occurred and the application +should halt. However, this is abstracted away from the application developer. Any +handler that an application can define or set that returns an error, will gracefully +by handled by `BaseApp` on behalf of the application. + +BaseApp calls of `BeginBlock` & `Endblock` are now private but are still exposed +to the application to define via the `Manager` type. `FinalizeBlock` is public +and should be used in order to test and run operations. This means that although +`BeginBlock` & `Endblock` no longer exist in the ABCI interface, they are automatically +called by `BaseApp` during `FinalizeBlock`. Specifically, the order of operations +is `BeginBlock` -> `DeliverTx` (for all txs) -> `EndBlock`. + +ABCI++ 2.0 also brings `ExtendVote` and `VerifyVoteExtension` ABCI methods. These +methods allow applications to extend and verify pre-commit votes. The Cosmos SDK +allows an application to define handlers for these methods via `ExtendVoteHandler` +and `VerifyVoteExtensionHandler` respectively. Please see [here](https://docs.cosmos.network/v0.50/build/building-apps/vote-extensions) +for more info. + +#### Set PreBlocker + +A `SetPreBlocker` method has been added to BaseApp. This is essential for BaseApp to run `PreBlock` which runs before begin blocker other modules, and allows to modify consensus parameters, and the changes are visible to the following state machine logics. +Read more about other use cases [here](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-068-preblock.md). + +`depinject` / app di users need to add `x/upgrade` in their `app_config.go` / `app.yml`: + +```diff ++ PreBlockers: []string{ ++ upgradetypes.ModuleName, ++ }, +BeginBlockers: []string{ +- upgradetypes.ModuleName, + minttypes.ModuleName, +} +``` + +When using (legacy) application wiring, the following must be added to `app.go`: + +```diff ++app.ModuleManager.SetOrderPreBlockers( ++ upgradetypes.ModuleName, ++) + +app.ModuleManager.SetOrderBeginBlockers( +- upgradetypes.ModuleName, +) + ++ app.SetPreBlocker(app.PreBlocker) + +// ... // + ++func (app *SimApp) PreBlocker(ctx sdk.Context, req *abci.RequestFinalizeBlock) (*sdk.ResponsePreBlock, error) { ++ return app.ModuleManager.PreBlock(ctx, req) ++} +``` + +#### Events + +The log section of `abci.TxResult` is not populated in the case of successful +msg(s) execution. Instead a new attribute is added to all messages indicating +the `msg_index` which identifies which events and attributes relate the same +transaction. + +`BeginBlock` & `EndBlock` Events are now emitted through `FinalizeBlock` but have +an added attribute, `mode=BeginBlock|EndBlock`, to identify if the event belongs +to `BeginBlock` or `EndBlock`. + +### Config files + +Confix is a new SDK tool for modifying and migrating configuration of the SDK. +It is the replacement of the `config.Cmd` command from the `client/config` package. + +Use the following command to migrate your configuration: + +```bash +simd config migrate v0.50 +``` + +If you were using ` config [key]` or ` config [key] [value]` to set and get values from the `client.toml`, replace it with ` config get client [key]` and ` config set client [key] [value]`. The extra verbosity is due to the extra functionalities added in config. + +More information about [confix](https://docs.cosmos.network/main/tooling/confix) and how to add it in your application binary in the [documentation](https://docs.cosmos.network/main/tooling/confix). + +#### gRPC-Web + +gRPC-Web is now listening to the same address and port as the gRPC Gateway API server (default: `localhost:1317`). +The possibility to listen to a different address has been removed, as well as its settings. +Use `confix` to clean-up your `app.toml`. A nginx (or alike) reverse-proxy can be set to keep the previous behavior. + +#### Database Support + +ClevelDB, BoltDB and BadgerDB are not supported anymore. To migrate from a unsupported database to a supported database please use a database migration tool. + +### Protobuf + +With the deprecation of the Amino JSON codec defined in [cosmos/gogoproto](https://github.com/cosmos/gogoproto) in favor of the protoreflect powered x/tx/aminojson codec, module developers are encouraged verify that their messages have the correct protobuf annotations to deterministically produce identical output from both codecs. + +For core SDK types equivalence is asserted by generative testing of [SignableTypes](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-beta.0/tests/integration/rapidgen/rapidgen.go#L102) in [TestAminoJSON_Equivalence](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-beta.0/tests/integration/tx/aminojson/aminojson_test.go#L94). + +**TODO: summarize proto annotation requirements.** + +#### Stringer + +The `gogoproto.goproto_stringer = false` annotation has been removed from most proto files. This means that the `String()` method is being generated for types that previously had this annotation. The generated `String()` method uses `proto.CompactTextString` for _stringifying_ structs. +[Verify](https://github.com/cosmos/cosmos-sdk/pull/13850#issuecomment-1328889651) the usage of the modified `String()` methods and double-check that they are not used in state-machine code. + +### SimApp + +In this section we describe the changes made in Cosmos SDK' SimApp. +**These changes are directly applicable to your application wiring.** + +#### Module Assertions + +Previously, all modules were required to be set in `OrderBeginBlockers`, `OrderEndBlockers` and `OrderInitGenesis / OrderExportGenesis` in `app.go` / `app_config.go`. This is no longer the case, the assertion has been loosened to only require modules implementing, respectively, the `appmodule.HasBeginBlocker`, `appmodule.HasEndBlocker` and `appmodule.HasGenesis` / `module.HasGenesis` interfaces. + +#### Module wiring + +The following modules `NewKeeper` function now take a `KVStoreService` instead of a `StoreKey`: + +* `x/auth` +* `x/authz` +* `x/bank` +* `x/consensus` +* `x/crisis` +* `x/distribution` +* `x/evidence` +* `x/feegrant` +* `x/gov` +* `x/mint` +* `x/nft` +* `x/slashing` +* `x/upgrade` + +**Users using `depinject` / app di do not need any changes, this is abstracted for them.** + +Users manually wiring their chain need to use the `runtime.NewKVStoreService` method to create a `KVStoreService` from a `StoreKey`: + +```diff +app.ConsensusParamsKeeper = consensusparamkeeper.NewKeeper( + appCodec, +- keys[consensusparamtypes.StoreKey] ++ runtime.NewKVStoreService(keys[consensusparamtypes.StoreKey]), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), +) +``` + +#### Logger + +Replace all your CometBFT logger imports by `cosmossdk.io/log`. + +Additionally, `depinject` / app di users must now supply a logger through the main `depinject.Supply` function instead of passing it to `appBuilder.Build`. + +```diff +appConfig = depinject.Configs( + AppConfig, + depinject.Supply( + // supply the application options + appOpts, ++ logger, + ... +``` + +```diff +- app.App = appBuilder.Build(logger, db, traceStore, baseAppOptions...) ++ app.App = appBuilder.Build(db, traceStore, baseAppOptions...) +``` + +User manually wiring their chain need to add the logger argument when creating the `x/bank` keeper. + +#### Module Basics + +Previously, the `ModuleBasics` was a global variable that was used to register all modules' `AppModuleBasic` implementation. +The global variable has been removed and the basic module manager can be now created from the module manager. + +This is automatically done for `depinject` / app di users, however for supplying different app module implementation, pass them via `depinject.Supply` in the main `AppConfig` (`app_config.go`): + +```go +depinject.Supply( + // supply custom module basics + map[string]module.AppModuleBasic{ + genutiltypes.ModuleName: genutil.NewAppModuleBasic(genutiltypes.DefaultMessageValidator), + govtypes.ModuleName: gov.NewAppModuleBasic( + []govclient.ProposalHandler{ + paramsclient.ProposalHandler, + }, + ), + }, + ) +``` + +Users manually wiring their chain need to use the new `module.NewBasicManagerFromManager` function, after the module manager creation, and pass a `map[string]module.AppModuleBasic` as argument for optionally overriding some module's `AppModuleBasic`. + +#### AutoCLI + +[`AutoCLI`](https://docs.cosmos.network/main/core/autocli) has been implemented by the SDK for all its module CLI queries. This means chains must add the following in their `root.go` to enable `AutoCLI` in their application: + +```go +if err := autoCliOpts.EnhanceRootCommand(rootCmd); err != nil { + panic(err) +} +``` + +Where `autoCliOpts` is the autocli options of the app, containing all modules and codecs. +That value can injected by depinject ([see root_v2.go](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-beta.0/simapp/simd/cmd/root_v2.go#L49-L67)) or manually provided by the app ([see legacy app.go](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-beta.0/simapp/app.go#L636-L655)). + +:::warning +Not doing this will result in all core SDK modules queries not to be included in the binary. +::: + +Additionally `AutoCLI` automatically adds the custom modules commands to the root command for all modules implementing the [`appmodule.AppModule`](https://pkg.go.dev/cosmossdk.io/core/appmodule#AppModule) interface. +This means, after ensuring all the used modules implement this interface, the following can be removed from your `root.go`: + +```diff +func txCommand() *cobra.Command { + .... +- appd.ModuleBasics.AddTxCommands(cmd) +} +``` + +```diff +func queryCommand() *cobra.Command { + .... +- appd.ModuleBasics.AddQueryCommands(cmd) +} +``` + +### Packages + +#### Math + +References to `types/math.go` which contained aliases for math types aliasing the `cosmossdk.io/math` package have been removed. +Import directly the `cosmossdk.io/math` package instead. + +#### Store + +References to `types/store.go` which contained aliases for store types have been remapped to point to appropriate `store/types`, hence the `types/store.go` file is no longer needed and has been removed. + +##### Extract Store to a standalone module + +The `store` module is extracted to have a separate go.mod file which allows it be a standalone module. +All the store imports are now renamed to use `cosmossdk.io/store` instead of `github.com/cosmos/cosmos-sdk/store` across the SDK. + +##### Streaming + +[ADR-38](https://docs.cosmos.network/main/architecture/adr-038-state-listening) has been implemented in the SDK. + +To continue using state streaming, replace `streaming.LoadStreamingServices` by the following in your `app.go`: + +```go +if err := app.RegisterStreamingServices(appOpts, app.kvStoreKeys()); err != nil { + panic(err) +} +``` + +#### Client + +The return type of the interface method `TxConfig.SignModeHandler()` has been changed from `x/auth/signing.SignModeHandler` to `x/tx/signing.HandlerMap`. This change is transparent to most users as the `TxConfig` interface is typically implemented by private `x/auth/tx.config` struct (as returned by `auth.NewTxConfig`) which has been updated to return the new type. If users have implemented their own `TxConfig` interface, they will need to update their implementation to return the new type. + +##### Textual sign mode + +A new sign mode is available in the SDK that produces more human readable output, currently only available on Ledger +devices but soon to be implemented in other UIs. + +:::tip +This sign mode does not allow offline signing +::: + +When using (legacy) application wiring, the following must be added to `app.go` after setting the app's bank keeper: + +```go + enabledSignModes := append(tx.DefaultSignModes, sigtypes.SignMode_SIGN_MODE_TEXTUAL) + txConfigOpts := tx.ConfigOptions{ + EnabledSignModes: enabledSignModes, + TextualCoinMetadataQueryFn: txmodule.NewBankKeeperCoinMetadataQueryFn(app.BankKeeper), + } + txConfig, err := tx.NewTxConfigWithOptions( + appCodec, + txConfigOpts, + ) + if err != nil { + log.Fatalf("Failed to create new TxConfig with options: %v", err) + } + app.txConfig = txConfig +``` + +When using `depinject` / `app di`, **it's enabled by default** if there's a bank keeper present. + +And in the application client (usually `root.go`): + +```go + if !clientCtx.Offline { + txConfigOpts.EnabledSignModes = append(txConfigOpts.EnabledSignModes, signing.SignMode_SIGN_MODE_TEXTUAL) + txConfigOpts.TextualCoinMetadataQueryFn = txmodule.NewGRPCCoinMetadataQueryFn(clientCtx) + txConfigWithTextual, err := tx.NewTxConfigWithOptions( + codec.NewProtoCodec(clientCtx.InterfaceRegistry), + txConfigOpts, + ) + if err != nil { + return err + } + clientCtx = clientCtx.WithTxConfig(txConfigWithTextual) + } +``` + +When using `depinject` / `app di`, the a tx config should be recreated from the `txConfigOpts` to use `NewGRPCCoinMetadataQueryFn` instead of depending on the bank keeper (that is used in the server). + +To learn more see the [docs](https://docs.cosmos.network/main/learn/advanced/transactions#sign_mode_textual) and the [ADR-050](https://docs.cosmos.network/main/build/architecture/adr-050-sign-mode-textual). + +### Modules + +#### `**all**` + +* [RFC 001](https://docs.cosmos.network/main/rfc/rfc-001-tx-validation) has defined a simplification of the message validation process for modules. + The `sdk.Msg` interface has been updated to not require the implementation of the `ValidateBasic` method. + It is now recommended to validate message directly in the message server. When the validation is performed in the message server, the `ValidateBasic` method on a message is no longer required and can be removed. + +* Messages no longer need to implement the `LegacyMsg` interface and implementations of `GetSignBytes` can be deleted. Because of this change, global legacy Amino codec definitions and their registration in `init()` can safely be removed as well. + +* The `AppModuleBasic` interface has been simplified. Defining `GetTxCmd() *cobra.Command` and `GetQueryCmd() *cobra.Command` is no longer required. The module manager detects when module commands are defined. If AutoCLI is enabled, `EnhanceRootCommand()` will add the auto-generated commands to the root command, unless a custom module command is defined and register that one instead. + +* The following modules' `Keeper` methods now take in a `context.Context` instead of `sdk.Context`. Any module that has an interfaces for them (like "expected keepers") will need to update and re-generate mocks if needed: + + * `x/authz` + * `x/bank` + * `x/mint` + * `x/crisis` + * `x/distribution` + * `x/evidence` + * `x/gov` + * `x/slashing` + * `x/upgrade` + +* `BeginBlock` and `EndBlock` have changed their signature, so it is important that any module implementing them are updated accordingly. + +```diff +- BeginBlock(sdk.Context, abci.RequestBeginBlock) ++ BeginBlock(context.Context) error +``` + +```diff +- EndBlock(sdk.Context, abci.RequestEndBlock) []abci.ValidatorUpdate ++ EndBlock(context.Context) error +``` + +In case a module requires to return `abci.ValidatorUpdate` from `EndBlock`, it can use the `HasABCIEndBlock` interface instead. + +```diff +- EndBlock(sdk.Context, abci.RequestEndBlock) []abci.ValidatorUpdate ++ EndBlock(context.Context) ([]abci.ValidatorUpdate, error) +``` + +:::tip +It is possible to ensure that a module implements the correct interfaces by using compiler assertions in your `x/{moduleName}/module.go`: + +```go +var ( + _ module.AppModuleBasic = (*AppModule)(nil) + _ module.AppModuleSimulation = (*AppModule)(nil) + _ module.HasGenesis = (*AppModule)(nil) + + _ appmodule.AppModule = (*AppModule)(nil) + _ appmodule.HasBeginBlocker = (*AppModule)(nil) + _ appmodule.HasEndBlocker = (*AppModule)(nil) + ... +) +``` + +Read more on those interfaces [here](https://docs.cosmos.network/v0.50/building-modules/module-manager#application-module-interfaces). + +::: + +* `GetSigners()` is no longer required to be implemented on `Msg` types. The SDK will automatically infer the signers from the `Signer` field on the message. The signer field is required on all messages unless using a custom signer function. + +To find out more please read the [signer field](../../build/building-modules/05-protobuf-annotations.md#signer) & [here](https://github.com/cosmos/cosmos-sdk/blob/7352d0bce8e72121e824297df453eb1059c28da8/docs/docs/build/building-modules/02-messages-and-queries.md#L40) documentation. + + +#### `x/auth` + +For ante handler construction via `ante.NewAnteHandler`, the field `ante.HandlerOptions.SignModeHandler` has been updated to `x/tx/signing/HandlerMap` from `x/auth/signing/SignModeHandler`. Callers typically fetch this value from `client.TxConfig.SignModeHandler()` (which is also changed) so this change should be transparent to most users. + +#### `x/capability` + +The capability module has been moved to [cosmos/ibc-go](https://github.com/cosmos/ibc-go). IBC v8 will contain the necessary changes to incorporate the new module location. In your `app.go`, you must import the capability module from the new location: + +```diff ++ "github.com/cosmos/ibc-go/modules/capability" ++ capabilitykeeper "github.com/cosmos/ibc-go/modules/capability/keeper" ++ capabilitytypes "github.com/cosmos/ibc-go/modules/capability/types" +- "github.com/cosmos/cosmos-sdk/x/capability/types" +- capabilitykeeper "github.com/cosmos/cosmos-sdk/x/capability/keeper" +- capabilitytypes "github.com/cosmos/cosmos-sdk/x/capability/types" +``` + +Similar to previous versions, your module manager must include the capability module. + +```go +app.ModuleManager = module.NewManager( + capability.NewAppModule(encodingConfig.Codec, *app.CapabilityKeeper, true), + // remaining modules +) +``` + +#### `x/genutil` + +The Cosmos SDK has migrated from a CometBFT genesis to a application managed genesis file. +The genesis is now fully handled by `x/genutil`. This has no consequences for running chains: + +* Importing a CometBFT genesis is still supported. +* Exporting a genesis now exports the genesis as an application genesis. + +When needing to read an application genesis, use the following helpers from the `x/genutil/types` package: + +```go +// AppGenesisFromReader reads the AppGenesis from the reader. +func AppGenesisFromReader(reader io.Reader) (*AppGenesis, error) + +// AppGenesisFromFile reads the AppGenesis from the provided file. +func AppGenesisFromFile(genFile string) (*AppGenesis, error) +``` + +#### `x/gov` + +##### Expedited Proposals + +The `gov` v1 module now supports expedited governance proposals. When a proposal is expedited, the voting period will be shortened to `ExpeditedVotingPeriod` parameter. An expedited proposal must have an higher voting threshold than a classic proposal, that threshold is defined with the `ExpeditedThreshold` parameter. + +##### Cancelling Proposals + +The `gov` module now supports cancelling governance proposals. When a proposal is canceled, all the deposits of the proposal are either burnt or sent to `ProposalCancelDest` address. The deposits burn rate will be determined by a new parameter called `ProposalCancelRatio` parameter. + +```text +1. deposits * proposal_cancel_ratio will be burned or sent to `ProposalCancelDest` address , if `ProposalCancelDest` is empty then deposits will be burned. +2. deposits * (1 - proposal_cancel_ratio) will be sent to depositors. +``` + +By default, the new `ProposalCancelRatio` parameter is set to `0.5` during migration and `ProposalCancelDest` is set to empty string (i.e. burnt). + +#### `x/evidence` + +##### Extract evidence to a standalone module + +The `x/evidence` module is extracted to have a separate go.mod file which allows it be a standalone module. +All the evidence imports are now renamed to use `cosmossdk.io/x/evidence` instead of `github.com/cosmos/cosmos-sdk/x/evidence` across the SDK. + +#### `x/nft` + +##### Extract nft to a standalone module + +The `x/nft` module is extracted to have a separate go.mod file which allows it to be a standalone module. +All the evidence imports are now renamed to use `cosmossdk.io/x/nft` instead of `github.com/cosmos/cosmos-sdk/x/nft` across the SDK. + +#### x/feegrant + +##### Extract feegrant to a standalone module + +The `x/feegrant` module is extracted to have a separate go.mod file which allows it to be a standalone module. +All the feegrant imports are now renamed to use `cosmossdk.io/x/feegrant` instead of `github.com/cosmos/cosmos-sdk/x/feegrant` across the SDK. + +#### `x/upgrade` + +##### Extract upgrade to a standalone module + +The `x/upgrade` module is extracted to have a separate go.mod file which allows it to be a standalone module. +All the upgrade imports are now renamed to use `cosmossdk.io/x/upgrade` instead of `github.com/cosmos/cosmos-sdk/x/upgrade` across the SDK. + +### Tooling + +#### Rosetta + +Rosetta has moved to it's own [repo](https://github.com/cosmos/rosetta) and not imported by the Cosmos SDK SimApp by default. +Any user who is interested on using the tool can connect it standalone to any node without the need to add it as part of the node binary. + +The rosetta tool also allows multi chain connections. diff --git a/copy-of-sdk-docs/build/migrations/03-upgrade-guide.md b/copy-of-sdk-docs/build/migrations/03-upgrade-guide.md new file mode 100644 index 00000000..057911c6 --- /dev/null +++ b/copy-of-sdk-docs/build/migrations/03-upgrade-guide.md @@ -0,0 +1,503 @@ +# Upgrade Guide + +This document provides a full guide for upgrading a Cosmos SDK chain from `v0.50.x` to `v0.53.x`. + +This guide includes one **required** change and three **optional** features. + +After completing this guide, applications will have: + +* The `x/protocolpool` module +* The `x/epochs` module +* Unordered Transaction support + +## Table of Contents + +* [App Wiring Changes (REQUIRED)](#app-wiring-changes-required) +* [Adding ProtocolPool Module (OPTIONAL)](#adding-protocolpool-module-optional) + * [ProtocolPool Manual Wiring](#protocolpool-manual-wiring) + * [ProtocolPool DI Wiring](#protocolpool-di-wiring) +* [Adding Epochs Module (OPTIONAL)](#adding-epochs-module-optional) + * [Epochs Manual Wiring](#epochs-manual-wiring) + * [Epochs DI Wiring](#epochs-di-wiring) +* [Enable Unordered Transactions (OPTIONAL)](#enable-unordered-transactions-optional) +* [Upgrade Handler](#upgrade-handler) + +## App Wiring Changes **REQUIRED** + +The `x/auth` module now contains a `PreBlocker` that _must_ be set in the module manager's `SetOrderPreBlockers` method. + +```go +app.ModuleManager.SetOrderPreBlockers( + upgradetypes.ModuleName, + authtypes.ModuleName, // NEW +) +``` + +## Adding ProtocolPool Module **OPTIONAL** + +:::warning + +Using an external community pool such as `x/protocolpool` will cause the following `x/distribution` handlers to return an error: + +**QueryService** + +* `CommunityPool` + +**MsgService** + +* `CommunityPoolSpend` +* `FundCommunityPool` + +If your services depend on this functionality from `x/distribution`, please update them to use either `x/protocolpool` or your custom external community pool alternatives. + +::: + +### Manual Wiring + +Import the following: + +```go +import ( + // ... + "github.com/cosmos/cosmos-sdk/x/protocolpool" + protocolpoolkeeper "github.com/cosmos/cosmos-sdk/x/protocolpool/keeper" + protocolpooltypes "github.com/cosmos/cosmos-sdk/x/protocolpool/types" +) +``` + +Set the module account permissions. + +```go +maccPerms = map[string][]string{ + // ... + protocolpooltypes.ModuleName: nil, + protocolpooltypes.ProtocolPoolEscrowAccount: nil, +} +``` + +Add the protocol pool keeper to your application struct. + +```go +ProtocolPoolKeeper protocolpoolkeeper.Keeper +``` + +Add the store key: + +```go +keys := storetypes.NewKVStoreKeys( + // ... + protocolpooltypes.StoreKey, +) +``` + +Instantiate the keeper. + +Make sure to do this before the distribution module instantiation, as you will pass the keeper there next. + +```go +app.ProtocolPoolKeeper = protocolpoolkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[protocolpooltypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), +) +``` + +Pass the protocolpool keeper to the distribution keeper: + +```go +app.DistrKeeper = distrkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[distrtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + app.StakingKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + distrkeeper.WithExternalCommunityPool(app.ProtocolPoolKeeper), // NEW +) +``` + +Add the protocolpool module to the module manager: + +```go +app.ModuleManager = module.NewManager( + // ... + protocolpool.NewAppModule(appCodec, app.ProtocolPoolKeeper, app.AccountKeeper, app.BankKeeper), +) +``` + +Add an entry for SetOrderBeginBlockers, SetOrderEndBlockers, SetOrderInitGenesis, and SetOrderExportGenesis. + +```go +app.ModuleManager.SetOrderBeginBlockers( + // must come AFTER distribution. + distrtypes.ModuleName, + protocolpooltypes.ModuleName, +) +``` + +```go +app.ModuleManager.SetOrderEndBlockers( + // order does not matter. + protocolpooltypes.ModuleName, +) +``` + +```go +app.ModuleManager.SetOrderInitGenesis( + // order does not matter. + protocolpooltypes.ModuleName, +) +``` + +```go +app.ModuleManager.SetOrderInitGenesis( + protocolpooltypes.ModuleName, // must be exported before bank. + banktypes.ModuleName, +) +``` + +### DI Wiring + +Note: _as long as an external community pool keeper (here, `x/protocolpool`) is wired in DI configs, `x/distribution` will automatically use it for its external pool._ + +First, set up the keeper for the application. + +Import the protocolpool keeper: + +```go +protocolpoolkeeper "github.com/cosmos/cosmos-sdk/x/protocolpool/keeper" +``` + +Add the keeper to your application struct: + +```go +ProtocolPoolKeeper protocolpoolkeeper.Keeper +``` + +Add the keeper to the depinject system: + +```go +depinject.Inject( + appConfig, + &appBuilder, + &app.appCodec, + &app.legacyAmino, + &app.txConfig, + &app.interfaceRegistry, + // ... other modules + &app.ProtocolPoolKeeper, // NEW MODULE! +) +``` + +Next, set up configuration for the module. + +Import the following: + +```go +import ( + protocolpoolmodulev1 "cosmossdk.io/api/cosmos/protocolpool/module/v1" + + _ "github.com/cosmos/cosmos-sdk/x/protocolpool" // import for side-effects + protocolpooltypes "github.com/cosmos/cosmos-sdk/x/protocolpool/types" +) +``` + +The protocolpool module has module accounts that handle funds. Add them to the module account permission configuration: + +```go +moduleAccPerms = []*authmodulev1.ModuleAccountPermission{ + // ... + {Account: protocolpooltypes.ModuleName}, + {Account: protocolpooltypes.ProtocolPoolEscrowAccount}, +} +``` + +Next, add an entry for BeginBlockers, EndBlockers, InitGenesis, and ExportGenesis. + +```go +BeginBlockers: []string{ + // ... + // must be AFTER distribution. + distrtypes.ModuleName, + protocolpooltypes.ModuleName, +}, +``` + +```go +EndBlockers: []string{ + // ... + // order for protocolpool does not matter. + protocolpooltypes.ModuleName, +}, +``` + +```go +InitGenesis: []string{ + // ... must be AFTER distribution. + distrtypes.ModuleName, + protocolpooltypes.ModuleName, +}, +``` + +```go +ExportGenesis: []string{ + // ... + // Must be exported before x/bank. + protocolpooltypes.ModuleName, + banktypes.ModuleName, +}, +``` + +Lastly, add an entry for protocolpool in the ModuleConfig. + +```go +{ + Name: protocolpooltypes.ModuleName, + Config: appconfig.WrapAny(&protocolpoolmodulev1.Module{}), +}, +``` + +## Adding Epochs Module **OPTIONAL** + +### Manual Wiring + +Import the following: + +```go +import ( + // ... + "github.com/cosmos/cosmos-sdk/x/epochs" + epochskeeper "github.com/cosmos/cosmos-sdk/x/epochs/keeper" + epochstypes "github.com/cosmos/cosmos-sdk/x/epochs/types" +) +``` + +Add the epochs keeper to your application struct: + +```go +EpochsKeeper epochskeeper.Keeper +``` + +Add the store key: + +```go +keys := storetypes.NewKVStoreKeys( + // ... + epochstypes.StoreKey, +) +``` + +Instantiate the keeper: + +```go +app.EpochsKeeper = epochskeeper.NewKeeper( + runtime.NewKVStoreService(keys[epochstypes.StoreKey]), + appCodec, +) +``` + +Set up hooks for the epochs keeper: + +To learn how to write hooks for the epoch keeper, see the [x/epoch README](https://github.com/cosmos/cosmos-sdk/blob/main/x/epochs/README.md) + +```go +app.EpochsKeeper.SetHooks( + epochstypes.NewMultiEpochHooks( + // insert epoch hooks receivers here + app.SomeOtherModule + ), +) +``` + +Add the epochs module to the module manager: + +```go +app.ModuleManager = module.NewManager( + // ... + epochs.NewAppModule(appCodec, app.EpochsKeeper), +) +``` + +Add entries for SetOrderBeginBlockers and SetOrderInitGenesis: + +```go +app.ModuleManager.SetOrderBeginBlockers( + // ... + epochstypes.ModuleName, +) +``` + +```go +app.ModuleManager.SetOrderInitGenesis( + // ... + epochstypes.ModuleName, +) +``` + +### DI Wiring + +First, set up the keeper for the application. + +Import the epochs keeper: + +```go +epochskeeper "github.com/cosmos/cosmos-sdk/x/epochs/keeper" +``` + +Add the keeper to your application struct: + +```go +EpochsKeeper epochskeeper.Keeper +``` + +Add the keeper to the depinject system: + +```go +depinject.Inject( + appConfig, + &appBuilder, + &app.appCodec, + &app.legacyAmino, + &app.txConfig, + &app.interfaceRegistry, + // ... other modules + &app.EpochsKeeper, // NEW MODULE! +) +``` + +Next, set up configuration for the module. + +Import the following: + +```go +import ( + epochsmodulev1 "cosmossdk.io/api/cosmos/epochs/module/v1" + + _ "github.com/cosmos/cosmos-sdk/x/epochs" // import for side-effects + epochstypes "github.com/cosmos/cosmos-sdk/x/epochs/types" +) +``` + +Add an entry for BeginBlockers and InitGenesis: + +```go +BeginBlockers: []string{ + // ... + epochstypes.ModuleName, +}, +``` + +```go +InitGenesis: []string{ + // ... + epochstypes.ModuleName, +}, +``` + +Lastly, add an entry for epochs in the ModuleConfig: + +```go +{ + Name: epochstypes.ModuleName, + Config: appconfig.WrapAny(&epochsmodulev1.Module{}), +}, +``` + +## Enable Unordered Transactions **OPTIONAL** + +To enable unordered transaction support on an application, the `x/auth` keeper must be supplied with the `WithUnorderedTransactions` option. + +Note that unordered transactions require sequence values to be zero, and will **FAIL** if a non-zero sequence value is set. +Please ensure no sequence value is set when submitting an unordered transaction. +Services that rely on prior assumptions about sequence values should be updated to handle unordered transactions. +Services should be aware that when the transaction is unordered, the transaction sequence will always be zero. + +```go + app.AccountKeeper = authkeeper.NewAccountKeeper( + appCodec, + runtime.NewKVStoreService(keys[authtypes.StoreKey]), + authtypes.ProtoBaseAccount, + maccPerms, + authcodec.NewBech32Codec(sdk.Bech32MainPrefix), + sdk.Bech32MainPrefix, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + authkeeper.WithUnorderedTransactions(true), // new option! + ) +``` + +If using dependency injection, update the auth module config. + +```go + { + Name: authtypes.ModuleName, + Config: appconfig.WrapAny(&authmodulev1.Module{ + Bech32Prefix: "cosmos", + ModuleAccountPermissions: moduleAccPerms, + EnableUnorderedTransactions: true, // remove this line if you do not want unordered transactions. + }), + }, +``` + +By default, unordered transactions use a transaction timeout duration of 10 minutes and a default gas charge of 2240 gas units. +To modify these default values, pass in the corresponding options to the new `SigVerifyOptions` field in `x/auth's` `ante.HandlerOptions`. + +```go +options := ante.HandlerOptions{ + SigVerifyOptions: []ante.SigVerificationDecoratorOption{ + // change below as needed. + ante.WithUnorderedTxGasCost(ante.DefaultUnorderedTxGasCost), + ante.WithMaxUnorderedTxTimeoutDuration(ante.DefaultMaxTimeoutDuration), + }, +} +``` + +```go +anteDecorators := []sdk.AnteDecorator{ + // ... other decorators ... + ante.NewSigVerificationDecorator(options.AccountKeeper, options.SignModeHandler, options.SigVerifyOptions...), // supply new options +} +``` + +## Upgrade Handler + +The upgrade handler only requires adding the store upgrades for the modules added above. +If your application is not adding `x/protocolpool` or `x/epochs`, you do not need to add the store upgrade. + +```go +// UpgradeName defines the on-chain upgrade name for the sample SimApp upgrade +// from v050 to v053. +// +// NOTE: This upgrade defines a reference implementation of what an upgrade +// could look like when an application is migrating from Cosmos SDK version +// v0.50.x to v0.53.x. +const UpgradeName = "v050-to-v053" + +func (app SimApp) RegisterUpgradeHandlers() { + app.UpgradeKeeper.SetUpgradeHandler( + UpgradeName, + func(ctx context.Context, _ upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + return app.ModuleManager.RunMigrations(ctx, app.Configurator(), fromVM) + }, + ) + + upgradeInfo, err := app.UpgradeKeeper.ReadUpgradeInfoFromDisk() + if err != nil { + panic(err) + } + + if upgradeInfo.Name == UpgradeName && !app.UpgradeKeeper.IsSkipHeight(upgradeInfo.Height) { + storeUpgrades := storetypes.StoreUpgrades{ + Added: []string{ + epochstypes.ModuleName, // if not adding x/epochs to your chain, remove this line. + protocolpooltypes.ModuleName, // if not adding x/protocolpool to your chain, remove this line. + }, + } + + // configure store loader that checks if version == upgradeHeight and applies store upgrades + app.SetStoreLoader(upgradetypes.UpgradeStoreLoader(upgradeInfo.Height, &storeUpgrades)) + } +} +``` diff --git a/copy-of-sdk-docs/build/migrations/_category_.json b/copy-of-sdk-docs/build/migrations/_category_.json new file mode 100644 index 00000000..5a06c3eb --- /dev/null +++ b/copy-of-sdk-docs/build/migrations/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Migrations", + "position": 3, + "link": null +} diff --git a/copy-of-sdk-docs/build/modules/README.md b/copy-of-sdk-docs/build/modules/README.md new file mode 100644 index 00000000..12a128c3 --- /dev/null +++ b/copy-of-sdk-docs/build/modules/README.md @@ -0,0 +1,63 @@ +--- +sidebar_position: 0 +--- + +# List of Modules + +Here are some production-grade modules that can be used in Cosmos SDK applications, along with their respective documentation: + +## Essential Modules + +Essential modules include functionality that _must_ be included in your Cosmos SDK blockchain. +These modules provide the core behaviors that are needed for users and operators such as balance tracking, +proof-of-stake capabilities and governance. + +* [Auth](./auth/README.md) - Authentication of accounts and transactions for Cosmos SDK applications. +* [Bank](./bank/README.md) - Token transfer functionalities. +* [Circuit](./circuit/README.md) - Circuit breaker module for pausing messages. +* [Consensus](./consensus/README.md) - Consensus module for modifying CometBFT's ABCI consensus params. +* [Distribution](./distribution/README.md) - Fee distribution, and staking token provision distribution. +* [Evidence](./evidence/README.md) - Evidence handling for double signing, misbehaviour, etc. +* [Governance](./gov/README.md) - On-chain proposals and voting. +* [Genutil](./genutil/README.md) - Genesis utilities for the Cosmos SDK. +* [Mint](./mint/README.md) - Creation of new units of staking token. +* [Slashing](./slashing/README.md) - Validator punishment mechanisms. +* [Staking](./staking/README.md) - Proof-of-Stake layer for public blockchains. +* [Upgrade](./upgrade/README.md) - Software upgrades handling and coordination. + +## Supplementary Modules + +Supplementary modules are modules that are maintained in the Cosmos SDK but are not necessary for +the core functionality of your blockchain. They can be thought of as ways to extend the +capabilities of your blockchain or further specialize it. + +* [Authz](./authz/README.md) - Authorization for accounts to perform actions on behalf of other accounts. +* [Epochs](./epochs/README.md) - Registration so SDK modules can have logic to be executed at the timed tickers. +* [Feegrant](./feegrant/README.md) - Grant fee allowances for executing transactions. +* [ProtocolPool](./protocolpool/README.md) - Extended management of community pool functionality. + +## Deprecated Modules + +The following modules are deprecated. They will no longer be maintained and eventually will be removed +in an upcoming release of the Cosmos SDK per our [release process](https://github.com/cosmos/cosmos-sdk/blob/main/RELEASE_PROCESS.md). + +* [Crisis](./crisis/README.md) - _Deprecated_ halting the blockchain under certain circumstances (e.g. if an invariant is broken). +* [Params](./params/README.md) - _Deprecated_ Globally available parameter store. +* [NFT](./nft/README.md) - _Deprecated_ NFT module implemented based on [ADR43](https://docs.cosmos.network/main/build/architecture/adr-043-nft-module). This module will be moved to the `cosmos-sdk-legacy` repo for use. +* [Group](./group/README.md) - _Deprecated_ Allows for the creation and management of on-chain multisig accounts. This module will be moved to the `cosmos-sdk-legacy` repo for legacy use. + +To learn more about the process of building modules, visit the [building modules reference documentation](https://docs.cosmos.network/main/building-modules/intro). + +## IBC + +The IBC module for the SDK is maintained by the IBC Go team in its [own repository](https://github.com/cosmos/ibc-go). + +Additionally, the [capability module](https://github.com/cosmos/ibc-go/tree/fdd664698d79864f1e00e147f9879e58497b5ef1/modules/capability) is from v0.50+ maintained by the IBC Go team in its [own repository](https://github.com/cosmos/ibc-go/tree/fdd664698d79864f1e00e147f9879e58497b5ef1/modules/capability). + +## CosmWasm + +The CosmWasm module enables smart contracts, learn more by going to their [documentation site](https://book.cosmwasm.com/), or visit [the repository](https://github.com/CosmWasm/cosmwasm). + +## EVM + +Read more about writing smart contracts with solidity at the official [`evm` documentation page](https://evm.cosmos.network/). diff --git a/copy-of-sdk-docs/build/modules/_category_.json b/copy-of-sdk-docs/build/modules/_category_.json new file mode 100644 index 00000000..72d229c0 --- /dev/null +++ b/copy-of-sdk-docs/build/modules/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Modules", + "position": 2, + "link": null +} diff --git a/copy-of-sdk-docs/build/modules/auth/1-vesting.md b/copy-of-sdk-docs/build/modules/auth/1-vesting.md new file mode 100644 index 00000000..92458067 --- /dev/null +++ b/copy-of-sdk-docs/build/modules/auth/1-vesting.md @@ -0,0 +1,618 @@ +--- +sidebar_position: 1 +--- + +# `x/auth/vesting` + + +* [Intro and Requirements](#intro-and-requirements) +* [Note](#note) +* [Vesting Account Types](#vesting-account-types) + * [BaseVestingAccount](#basevestingaccount) + * [ContinuousVestingAccount](#continuousvestingaccount) + * [DelayedVestingAccount](#delayedvestingaccount) + * [Period](#period) + * [PeriodicVestingAccount](#periodicvestingaccount) + * [PermanentLockedAccount](#permanentlockedaccount) +* [Vesting Account Specification](#vesting-account-specification) + * [Determining Vesting & Vested Amounts](#determining-vesting--vested-amounts) + * [Periodic Vesting Accounts](#periodic-vesting-accounts) + * [Transferring/Sending](#transferringsending) + * [Delegating](#delegating) + * [Undelegating](#undelegating) +* [Keepers & Handlers](#keepers--handlers) +* [Genesis Initialization](#genesis-initialization) +* [Examples](#examples) + * [Simple](#simple) + * [Slashing](#slashing) + * [Periodic Vesting](#periodic-vesting) +* [Glossary](#glossary) + +## Intro and Requirements + +This specification defines the vesting account implementation that is used by the Cosmos Hub. The requirements for this vesting account is that it should be initialized during genesis with a starting balance `X` and a vesting end time `ET`. A vesting account may be initialized with a vesting start time `ST` and a number of vesting periods `P`. If a vesting start time is included, the vesting period does not begin until start time is reached. If vesting periods are included, the vesting occurs over the specified number of periods. + +For all vesting accounts, the owner of the vesting account is able to delegate and undelegate from validators, however they cannot transfer coins to another account until those coins are vested. This specification allows for four different kinds of vesting: + +* Delayed vesting, where all coins are vested once `ET` is reached. +* Continuous vesting, where coins begin to vest at `ST` and vest linearly with respect to time until `ET` is reached +* Periodic vesting, where coins begin to vest at `ST` and vest periodically according to number of periods and the vesting amount per period. The number of periods, length per period, and amount per period are configurable. A periodic vesting account is distinguished from a continuous vesting account in that coins can be released in staggered tranches. For example, a periodic vesting account could be used for vesting arrangements where coins are released quarterly, yearly, or over any other function of tokens over time. +* Permanent locked vesting, where coins are locked forever. Coins in this account can still be used for delegating and for governance votes even while locked. + +## Note + +Vesting accounts can be initialized with some vesting and non-vesting coins. The non-vesting coins would be immediately transferable. DelayedVesting ContinuousVesting, PeriodicVesting and PermanentVesting accounts can be created with normal messages after genesis. Other types of vesting accounts must be created at genesis, or as part of a manual network upgrade. The current specification only allows for _unconditional_ vesting (ie. there is no possibility of reaching `ET` and +having coins fail to vest). + +## Vesting Account Types + +```go +// VestingAccount defines an interface that any vesting account type must +// implement. +type VestingAccount interface { + Account + + GetVestedCoins(Time) Coins + GetVestingCoins(Time) Coins + + // TrackDelegation performs internal vesting accounting necessary when + // delegating from a vesting account. It accepts the current block time, the + // delegation amount and balance of all coins whose denomination exists in + // the account's original vesting balance. + TrackDelegation(Time, Coins, Coins) + + // TrackUndelegation performs internal vesting accounting necessary when a + // vesting account performs an undelegation. + TrackUndelegation(Coins) + + GetStartTime() int64 + GetEndTime() int64 +} +``` + +### BaseVestingAccount + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/vesting/v1beta1/vesting.proto#L11-L35 +``` + +### ContinuousVestingAccount + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/vesting/v1beta1/vesting.proto#L37-L46 +``` + +### DelayedVestingAccount + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/vesting/v1beta1/vesting.proto#L48-L57 +``` + +### Period + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/vesting/v1beta1/vesting.proto#L59-L69 +``` + +```go +// Stores all vesting periods passed as part of a PeriodicVestingAccount +type Periods []Period + +``` + +### PeriodicVestingAccount + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/vesting/v1beta1/vesting.proto#L71-L81 +``` + +In order to facilitate less ad-hoc type checking and assertions and to support flexibility in account balance usage, the existing `x/bank` `ViewKeeper` interface is updated to contain the following: + +```go +type ViewKeeper interface { + // ... + + // Calculates the total locked account balance. + LockedCoins(ctx sdk.Context, addr sdk.AccAddress) sdk.Coins + + // Calculates the total spendable balance that can be sent to other accounts. + SpendableCoins(ctx sdk.Context, addr sdk.AccAddress) sdk.Coins +} +``` + +### PermanentLockedAccount + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/vesting/v1beta1/vesting.proto#L83-L94 +``` + +## Vesting Account Specification + +Given a vesting account, we define the following in the proceeding operations: + +* `OV`: The original vesting coin amount. It is a constant value. +* `V`: The number of `OV` coins that are still _vesting_. It is derived by +`OV`, `StartTime` and `EndTime`. This value is computed on demand and not on a per-block basis. +* `V'`: The number of `OV` coins that are _vested_ (unlocked). This value is computed on demand and not a per-block basis. +* `DV`: The number of delegated _vesting_ coins. It is a variable value. It is stored and modified directly in the vesting account. +* `DF`: The number of delegated _vested_ (unlocked) coins. It is a variable value. It is stored and modified directly in the vesting account. +* `BC`: The number of `OV` coins less any coins that are transferred +(which can be negative or delegated). It is considered to be balance of the embedded base account. It is stored and modified directly in the vesting account. + +### Determining Vesting & Vested Amounts + +It is important to note that these values are computed on demand and not on a mandatory per-block basis (e.g. `BeginBlocker` or `EndBlocker`). + +#### Continuously Vesting Accounts + +To determine the amount of coins that are vested for a given block time `T`, the +following is performed: + +1. Compute `X := T - StartTime` +2. Compute `Y := EndTime - StartTime` +3. Compute `V' := OV * (X / Y)` +4. Compute `V := OV - V'` + +Thus, the total amount of _vested_ coins is `V'` and the remaining amount, `V`, +is _vesting_. + +```go +func (cva ContinuousVestingAccount) GetVestedCoins(t Time) Coins { + if t <= cva.StartTime { + // We must handle the case where the start time for a vesting account has + // been set into the future or when the start of the chain is not exactly + // known. + return ZeroCoins + } else if t >= cva.EndTime { + return cva.OriginalVesting + } + + x := t - cva.StartTime + y := cva.EndTime - cva.StartTime + + return cva.OriginalVesting * (x / y) +} + +func (cva ContinuousVestingAccount) GetVestingCoins(t Time) Coins { + return cva.OriginalVesting - cva.GetVestedCoins(t) +} +``` + +### Periodic Vesting Accounts + +Periodic vesting accounts require calculating the coins released during each period for a given block time `T`. Note that multiple periods could have passed when calling `GetVestedCoins`, so we must iterate over each period until the end of that period is after `T`. + +1. Set `CT := StartTime` +2. Set `V' := 0` + +For each Period P: + + 1. Compute `X := T - CT` + 2. IF `X >= P.Length` + 1. Compute `V' += P.Amount` + 2. Compute `CT += P.Length` + 3. ELSE break + 3. Compute `V := OV - V'` + +```go +func (pva PeriodicVestingAccount) GetVestedCoins(t Time) Coins { + if t < pva.StartTime { + return ZeroCoins + } + ct := pva.StartTime // The start of the vesting schedule + vested := 0 + periods = pva.GetPeriods() + for _, period := range periods { + if t - ct < period.Length { + break + } + vested += period.Amount + ct += period.Length // increment ct to the start of the next vesting period + } + return vested +} + +func (pva PeriodicVestingAccount) GetVestingCoins(t Time) Coins { + return pva.OriginalVesting - cva.GetVestedCoins(t) +} +``` + +#### Delayed/Discrete Vesting Accounts + +Delayed vesting accounts are easier to reason about as they only have the full amount vesting up until a certain time, then all the coins become vested (unlocked). This does not include any unlocked coins the account may have initially. + +```go +func (dva DelayedVestingAccount) GetVestedCoins(t Time) Coins { + if t >= dva.EndTime { + return dva.OriginalVesting + } + + return ZeroCoins +} + +func (dva DelayedVestingAccount) GetVestingCoins(t Time) Coins { + return dva.OriginalVesting - dva.GetVestedCoins(t) +} +``` + +### Transferring/Sending + +At any given time, a vesting account may transfer: `min((BC + DV) - V, BC)`. + +In other words, a vesting account may transfer the minimum of the base account balance and the base account balance plus the number of currently delegated vesting coins less the number of coins vested so far. + +However, given that account balances are tracked via the `x/bank` module and that we want to avoid loading the entire account balance, we can instead determine the locked balance, which can be defined as `max(V - DV, 0)`, and infer the spendable balance from that. + +```go +func (va VestingAccount) LockedCoins(t Time) Coins { + return max(va.GetVestingCoins(t) - va.DelegatedVesting, 0) +} +``` + +The `x/bank` `ViewKeeper` can then provide APIs to determine locked and spendable coins for any account: + +```go +func (k Keeper) LockedCoins(ctx Context, addr AccAddress) Coins { + acc := k.GetAccount(ctx, addr) + if acc != nil { + if acc.IsVesting() { + return acc.LockedCoins(ctx.BlockTime()) + } + } + + // non-vesting accounts do not have any locked coins + return NewCoins() +} +``` + +#### Keepers/Handlers + +The corresponding `x/bank` keeper should appropriately handle sending coins based on if the account is a vesting account or not. + +```go +func (k Keeper) SendCoins(ctx Context, from Account, to Account, amount Coins) { + bc := k.GetBalances(ctx, from) + v := k.LockedCoins(ctx, from) + + spendable := bc - v + newCoins := spendable - amount + assert(newCoins >= 0) + + from.SetBalance(newCoins) + to.AddBalance(amount) + + // save balances... +} +``` + +### Delegating + +For a vesting account attempting to delegate `D` coins, the following is performed: + +1. Verify `BC >= D > 0` +2. Compute `X := min(max(V - DV, 0), D)` (portion of `D` that is vesting) +3. Compute `Y := D - X` (portion of `D` that is free) +4. Set `DV += X` +5. Set `DF += Y` + +```go +func (va VestingAccount) TrackDelegation(t Time, balance Coins, amount Coins) { + assert(balance <= amount) + x := min(max(va.GetVestingCoins(t) - va.DelegatedVesting, 0), amount) + y := amount - x + + va.DelegatedVesting += x + va.DelegatedFree += y +} +``` + +**Note** `TrackDelegation` only modifies the `DelegatedVesting` and `DelegatedFree` fields, so upstream callers MUST modify the `Coins` field by subtracting `amount`. + +#### Keepers/Handlers + +```go +func DelegateCoins(t Time, from Account, amount Coins) { + if isVesting(from) { + from.TrackDelegation(t, amount) + } else { + from.SetBalance(sc - amount) + } + + // save account... +} +``` + +### Undelegating + +For a vesting account attempting to undelegate `D` coins, the following is performed: + +> NOTE: `DV < D` and `(DV + DF) < D` may be possible due to quirks in the rounding of delegation/undelegation logic. + +1. Verify `D > 0` +2. Compute `X := min(DF, D)` (portion of `D` that should become free, prioritizing free coins) +3. Compute `Y := min(DV, D - X)` (portion of `D` that should remain vesting) +4. Set `DF -= X` +5. Set `DV -= Y` + +```go +func (cva ContinuousVestingAccount) TrackUndelegation(amount Coins) { + x := min(cva.DelegatedFree, amount) + y := amount - x + + cva.DelegatedFree -= x + cva.DelegatedVesting -= y +} +``` + +**Note** `TrackUnDelegation` only modifies the `DelegatedVesting` and `DelegatedFree` fields, so upstream callers MUST modify the `Coins` field by adding `amount`. + +**Note**: If a delegation is slashed, the continuous vesting account ends up with an excess `DV` amount, even after all its coins have vested. This is because undelegating free coins are prioritized. + +**Note**: The undelegation (bond refund) amount may exceed the delegated vesting (bond) amount due to the way undelegation truncates the bond refund, which can increase the validator's exchange rate (tokens/shares) slightly if the undelegated tokens are non-integral. + +#### Keepers/Handlers + +```go +func UndelegateCoins(to Account, amount Coins) { + if isVesting(to) { + if to.DelegatedFree + to.DelegatedVesting >= amount { + to.TrackUndelegation(amount) + // save account ... + } + } else { + AddBalance(to, amount) + // save account... + } +} +``` + +## Keepers & Handlers + +The `VestingAccount` implementations reside in `x/auth`. However, any keeper in a module (e.g. staking in `x/staking`) wishing to potentially utilize any vesting coins, must call explicit methods on the `x/bank` keeper (e.g. `DelegateCoins`) opposed to `SendCoins` and `SubtractCoins`. + +In addition, the vesting account should also be able to spend any coins it receives from other users. Thus, the bank module's `MsgSend` handler should error if a vesting account is trying to send an amount that exceeds their unlocked coin amount. + +See the above specification for full implementation details. + +## Genesis Initialization + +To initialize both vesting and non-vesting accounts, the `GenesisAccount` struct includes new fields: `Vesting`, `StartTime`, and `EndTime`. Accounts meant to be of type `BaseAccount` or any non-vesting type have `Vesting = false`. The genesis initialization logic (e.g. `initFromGenesisState`) must parse and return the correct accounts accordingly based off of these fields. + +```go +type GenesisAccount struct { + // ... + + // vesting account fields + OriginalVesting sdk.Coins `json:"original_vesting"` + DelegatedFree sdk.Coins `json:"delegated_free"` + DelegatedVesting sdk.Coins `json:"delegated_vesting"` + StartTime int64 `json:"start_time"` + EndTime int64 `json:"end_time"` +} + +func ToAccount(gacc GenesisAccount) Account { + bacc := NewBaseAccount(gacc) + + if gacc.OriginalVesting > 0 { + if ga.StartTime != 0 && ga.EndTime != 0 { + // return a continuous vesting account + } else if ga.EndTime != 0 { + // return a delayed vesting account + } else { + // invalid genesis vesting account provided + panic() + } + } + + return bacc +} +``` + +## Examples + +### Simple + +Given a continuous vesting account with 10 vesting coins. + +```text +OV = 10 +DF = 0 +DV = 0 +BC = 10 +V = 10 +V' = 0 +``` + +1. Immediately receives 1 coin + + ```text + BC = 11 + ``` + +2. Time passes, 2 coins vest + + ```text + V = 8 + V' = 2 + ``` + +3. Delegates 4 coins to validator A + + ```text + DV = 4 + BC = 7 + ``` + +4. Sends 3 coins + + ```text + BC = 4 + ``` + +5. More time passes, 2 more coins vest + + ```text + V = 6 + V' = 4 + ``` + +6. Sends 2 coins. At this point the account cannot send anymore until further +coins vest or it receives additional coins. It can still however, delegate. + + ```text + BC = 2 + ``` + +### Slashing + +Same initial starting conditions as the simple example. + +1. Time passes, 5 coins vest + + ```text + V = 5 + V' = 5 + ``` + +2. Delegate 5 coins to validator A + + ```text + DV = 5 + BC = 5 + ``` + +3. Delegate 5 coins to validator B + + ```text + DF = 5 + BC = 0 + ``` + +4. Validator A gets slashed by 50%, making the delegation to A now worth 2.5 coins +5. Undelegate from validator A (2.5 coins) + + ```text + DF = 5 - 2.5 = 2.5 + BC = 0 + 2.5 = 2.5 + ``` + +6. Undelegate from validator B (5 coins). The account at this point can only +send 2.5 coins unless it receives more coins or until more coins vest. +It can still however, delegate. + + ```text + DV = 5 - 2.5 = 2.5 + DF = 2.5 - 2.5 = 0 + BC = 2.5 + 5 = 7.5 + ``` + + Notice how we have an excess amount of `DV`. + +### Periodic Vesting + +A vesting account is created where 100 tokens will be released over 1 year, with +1/4 of tokens vesting each quarter. The vesting schedule would be as follows: + +```yaml +Periods: +- amount: 25stake, length: 7884000 +- amount: 25stake, length: 7884000 +- amount: 25stake, length: 7884000 +- amount: 25stake, length: 7884000 +``` + +```text +OV = 100 +DF = 0 +DV = 0 +BC = 100 +V = 100 +V' = 0 +``` + +1. Immediately receives 1 coin + + ```text + BC = 101 + ``` + +2. Vesting period 1 passes, 25 coins vest + + ```text + V = 75 + V' = 25 + ``` + +3. During vesting period 2, 5 coins are transferred and 5 coins are delegated + + ```text + DV = 5 + BC = 91 + ``` + +4. Vesting period 2 passes, 25 coins vest + + ```text + V = 50 + V' = 50 + ``` + +## Glossary + +* OriginalVesting: The amount of coins (per denomination) that are initially +part of a vesting account. These coins are set at genesis. +* StartTime: The BFT time at which a vesting account starts to vest. +* EndTime: The BFT time at which a vesting account is fully vested. +* DelegatedFree: The tracked amount of coins (per denomination) that are +delegated from a vesting account that have been fully vested at time of delegation. +* DelegatedVesting: The tracked amount of coins (per denomination) that are +delegated from a vesting account that were vesting at time of delegation. +* ContinuousVestingAccount: A vesting account implementation that vests coins +linearly over time. +* DelayedVestingAccount: A vesting account implementation that only fully vests +all coins at a given time. +* PeriodicVestingAccount: A vesting account implementation that vests coins +according to a custom vesting schedule. +* PermanentLockedAccount: It does not ever release coins, locking them indefinitely. +Coins in this account can still be used for delegating and for governance votes even while locked. + + +## CLI + +A user can query and interact with the `vesting` module using the CLI. + +### Transactions + +The `tx` commands allow users to interact with the `vesting` module. + +```bash +simd tx vesting --help +``` + +#### create-periodic-vesting-account + +The `create-periodic-vesting-account` command creates a new vesting account funded with an allocation of tokens, where a sequence of coins and period length in seconds. Periods are sequential, in that the duration of a period only starts at the end of the previous period. The duration of the first period starts upon account creation. + +```bash +simd tx vesting create-periodic-vesting-account [to_address] [periods_json_file] [flags] +``` + +Example: + +```bash +simd tx vesting create-periodic-vesting-account cosmos1.. periods.json +``` + +#### create-vesting-account + +The `create-vesting-account` command creates a new vesting account funded with an allocation of tokens. The account can either be a delayed or continuous vesting account, which is determined by the '--delayed' flag. All vesting accounts created will have their start time set by the committed block's time. The end_time must be provided as a UNIX epoch timestamp. + +```bash +simd tx vesting create-vesting-account [to_address] [amount] [end_time] [flags] +``` + +Example: + +```bash +simd tx vesting create-vesting-account cosmos1.. 100stake 2592000 +``` diff --git a/copy-of-sdk-docs/build/modules/auth/2-tx.md b/copy-of-sdk-docs/build/modules/auth/2-tx.md new file mode 100644 index 00000000..78da0503 --- /dev/null +++ b/copy-of-sdk-docs/build/modules/auth/2-tx.md @@ -0,0 +1,264 @@ +--- +sidebar_position: 1 +--- + +# `x/auth/tx` + +:::note Pre-requisite Readings + +* [Transactions](https://docs.cosmos.network/main/core/transactions#transaction-generation) +* [Encoding](https://docs.cosmos.network/main/core/encoding#transaction-encoding) + +::: + +## Abstract + +This document specifies the `x/auth/tx` package of the Cosmos SDK. + +This package represents the Cosmos SDK implementation of the `client.TxConfig`, `client.TxBuilder`, `client.TxEncoder` and `client.TxDecoder` interfaces. + +## Contents + +* [Transactions](#transactions) + * [`TxConfig`](#txconfig) + * [`TxBuilder`](#txbuilder) + * [`TxEncoder`/ `TxDecoder`](#txencoder-txdecoder) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + +## Transactions + +### `TxConfig` + +`client.TxConfig` defines an interface a client can utilize to generate an application-defined concrete transaction type. +The interface defines a set of methods for creating a `client.TxBuilder`. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/client/tx_config.go#L25-L31 +``` + +The default implementation of `client.TxConfig` is instantiated by `NewTxConfig` in `x/auth/tx` module. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/x/auth/tx/config.go#L22-L28 +``` + +### `TxBuilder` + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/client/tx_config.go#L33-L50 +``` + +The [`client.TxBuilder`](https://docs.cosmos.network/main/core/transactions#transaction-generation) interface is as well implemented by `x/auth/tx`. +A `client.TxBuilder` can be accessed with `TxConfig.NewTxBuilder()`. + +### `TxEncoder`/ `TxDecoder` + +More information about `TxEncoder` and `TxDecoder` can be found [here](https://docs.cosmos.network/main/core/encoding#transaction-encoding). + +## Client + +### CLI + +#### Query + +The `x/auth/tx` module provides a CLI command to query any transaction, given its hash, transaction sequence or signature. + +Without any argument, the command will query the transaction using the transaction hash. + +```shell +simd query tx DFE87B78A630C0EFDF76C80CD24C997E252792E0317502AE1A02B9809F0D8685 +``` + +When querying a transaction from an account given its sequence, use the `--type=acc_seq` flag: + +```shell +simd query tx --type=acc_seq cosmos1u69uyr6v9qwe6zaaeaqly2h6wnedac0xpxq325/1 +``` + +When querying a transaction given its signature, use the `--type=signature` flag: + +```shell +simd query tx --type=signature Ofjvgrqi8twZfqVDmYIhqwRLQjZZ40XbxEamk/veH3gQpRF0hL2PH4ejRaDzAX+2WChnaWNQJQ41ekToIi5Wqw== +``` + +When querying a transaction given its events, use the `--type=events` flag: + +```shell +simd query txs --events 'message.sender=cosmos...' --page 1 --limit 30 +``` + +The `x/auth/block` module provides a CLI command to query any block, given its hash, height, or events. + +When querying a block by its hash, use the `--type=hash` flag: + +```shell +simd query block --type=hash DFE87B78A630C0EFDF76C80CD24C997E252792E0317502AE1A02B9809F0D8685 +``` + +When querying a block by its height, use the `--type=height` flag: + +```shell +simd query block --type=height 1357 +``` + +When querying a block by its events, use the `--query` flag: + +```shell +simd query blocks --query 'message.sender=cosmos...' --page 1 --limit 30 +``` + +#### Transactions + +The `x/auth/tx` module provides a convenient CLI command for decoding and encoding transactions. + +#### `encode` + +The `encode` command encodes a transaction created with the `--generate-only` flag or signed with the sign command. +The transaction is serialized it to Protobuf and returned as base64. + +```bash +$ simd tx encode tx.json +Co8BCowBChwvY29zbW9zLmJhbmsudjFiZXRhMS5Nc2dTZW5kEmwKLWNvc21vczFsNnZzcWhoN3Jud3N5cjJreXozampnM3FkdWF6OGd3Z3lsODI3NRItY29zbW9zMTU4c2FsZHlnOHBteHU3Znd2dDBkNng3amVzd3A0Z3d5a2xrNnkzGgwKBXN0YWtlEgMxMDASBhIEEMCaDA== +$ simd tx encode tx.signed.json +``` + +More information about the `encode` command can be found running `simd tx encode --help`. + +#### `decode` + +The `decode` commands decodes a transaction encoded with the `encode` command. + + +```bash +simd tx decode Co8BCowBChwvY29zbW9zLmJhbmsudjFiZXRhMS5Nc2dTZW5kEmwKLWNvc21vczFsNnZzcWhoN3Jud3N5cjJreXozampnM3FkdWF6OGd3Z3lsODI3NRItY29zbW9zMTU4c2FsZHlnOHBteHU3Znd2dDBkNng3amVzd3A0Z3d5a2xrNnkzGgwKBXN0YWtlEgMxMDASBhIEEMCaDA== +``` + +More information about the `decode` command can be found running `simd tx decode --help`. + +### gRPC + +A user can query the `x/auth/tx` module using gRPC endpoints. + +#### `TxDecode` + +The `TxDecode` endpoint allows to decode a transaction. + +```shell +cosmos.tx.v1beta1.Service/TxDecode +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"tx_bytes":"Co8BCowBChwvY29zbW9zLmJhbmsudjFiZXRhMS5Nc2dTZW5kEmwKLWNvc21vczFsNnZzcWhoN3Jud3N5cjJreXozampnM3FkdWF6OGd3Z3lsODI3NRItY29zbW9zMTU4c2FsZHlnOHBteHU3Znd2dDBkNng3amVzd3A0Z3d5a2xrNnkzGgwKBXN0YWtlEgMxMDASBhIEEMCaDA=="}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/TxDecode +``` + +Example Output: + +```json +{ + "tx": { + "body": { + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"100"}],"fromAddress":"cosmos1l6vsqhh7rnwsyr2kyz3jjg3qduaz8gwgyl8275","toAddress":"cosmos158saldyg8pmxu7fwvt0d6x7jeswp4gwyklk6y3"} + ] + }, + "authInfo": { + "fee": { + "gasLimit": "200000" + } + } + } +} +``` + +#### `TxEncode` + +The `TxEncode` endpoint allows to encode a transaction. + +```shell +cosmos.tx.v1beta1.Service/TxEncode +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"tx": { + "body": { + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"100"}],"fromAddress":"cosmos1l6vsqhh7rnwsyr2kyz3jjg3qduaz8gwgyl8275","toAddress":"cosmos158saldyg8pmxu7fwvt0d6x7jeswp4gwyklk6y3"} + ] + }, + "authInfo": { + "fee": { + "gasLimit": "200000" + } + } + }}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/TxEncode +``` + +Example Output: + +```json +{ + "txBytes": "Co8BCowBChwvY29zbW9zLmJhbmsudjFiZXRhMS5Nc2dTZW5kEmwKLWNvc21vczFsNnZzcWhoN3Jud3N5cjJreXozampnM3FkdWF6OGd3Z3lsODI3NRItY29zbW9zMTU4c2FsZHlnOHBteHU3Znd2dDBkNng3amVzd3A0Z3d5a2xrNnkzGgwKBXN0YWtlEgMxMDASBhIEEMCaDA==" +} +``` + +#### `TxDecodeAmino` + +The `TxDecode` endpoint allows to decode an amino transaction. + +```shell +cosmos.tx.v1beta1.Service/TxDecodeAmino +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"amino_binary": "KCgWqQpvqKNhmgotY29zbW9zMXRzeno3cDJ6Z2Q3dnZrYWh5ZnJlNHduNXh5dTgwcnB0ZzZ2OWg1Ei1jb3Ntb3MxdHN6ejdwMnpnZDd2dmthaHlmcmU0d241eHl1ODBycHRnNnY5aDUaCwoFc3Rha2USAjEwEhEKCwoFc3Rha2USAjEwEMCaDCIGZm9vYmFy"}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/TxDecodeAmino +``` + +Example Output: + +```json +{ + "aminoJson": "{\"type\":\"cosmos-sdk/StdTx\",\"value\":{\"msg\":[{\"type\":\"cosmos-sdk/MsgSend\",\"value\":{\"from_address\":\"cosmos1tszz7p2zgd7vvkahyfre4wn5xyu80rptg6v9h5\",\"to_address\":\"cosmos1tszz7p2zgd7vvkahyfre4wn5xyu80rptg6v9h5\",\"amount\":[{\"denom\":\"stake\",\"amount\":\"10\"}]}}],\"fee\":{\"amount\":[{\"denom\":\"stake\",\"amount\":\"10\"}],\"gas\":\"200000\"},\"signatures\":null,\"memo\":\"foobar\",\"timeout_height\":\"0\"}}" +} +``` + +#### `TxEncodeAmino` + +The `TxEncodeAmino` endpoint allows to encode an amino transaction. + +```shell +cosmos.tx.v1beta1.Service/TxEncodeAmino +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"amino_json":"{\"type\":\"cosmos-sdk/StdTx\",\"value\":{\"msg\":[{\"type\":\"cosmos-sdk/MsgSend\",\"value\":{\"from_address\":\"cosmos1tszz7p2zgd7vvkahyfre4wn5xyu80rptg6v9h5\",\"to_address\":\"cosmos1tszz7p2zgd7vvkahyfre4wn5xyu80rptg6v9h5\",\"amount\":[{\"denom\":\"stake\",\"amount\":\"10\"}]}}],\"fee\":{\"amount\":[{\"denom\":\"stake\",\"amount\":\"10\"}],\"gas\":\"200000\"},\"signatures\":null,\"memo\":\"foobar\",\"timeout_height\":\"0\"}}"}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/TxEncodeAmino +``` + +Example Output: + +```json +{ + "amino_binary": "KCgWqQpvqKNhmgotY29zbW9zMXRzeno3cDJ6Z2Q3dnZrYWh5ZnJlNHduNXh5dTgwcnB0ZzZ2OWg1Ei1jb3Ntb3MxdHN6ejdwMnpnZDd2dmthaHlmcmU0d241eHl1ODBycHRnNnY5aDUaCwoFc3Rha2USAjEwEhEKCwoFc3Rha2USAjEwEMCaDCIGZm9vYmFy" +} +``` diff --git a/copy-of-sdk-docs/build/modules/auth/README.md b/copy-of-sdk-docs/build/modules/auth/README.md new file mode 100644 index 00000000..bd9f18a3 --- /dev/null +++ b/copy-of-sdk-docs/build/modules/auth/README.md @@ -0,0 +1,710 @@ +--- +sidebar_position: 1 +--- + +# `x/auth` + +## Abstract + +This document specifies the auth module of the Cosmos SDK. + +The auth module is responsible for specifying the base transaction and account types +for an application, since the SDK itself is agnostic to these particulars. It contains +the middlewares, where all basic transaction validity checks (signatures, nonces, auxiliary fields) +are performed, and exposes the account keeper, which allows other modules to read, write, and modify accounts. + +This module is used in the Cosmos Hub. + +## Contents + +* [Concepts](#concepts) + * [Gas & Fees](#gas--fees) +* [State](#state) + * [Accounts](#accounts) +* [AnteHandlers](#antehandlers) +* [Keepers](#keepers) + * [Account Keeper](#account-keeper) +* [Parameters](#parameters) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) + +## Concepts + +**Note:** The auth module is different from the [authz module](../authz/). + +The differences are: + +* `auth` - authentication of accounts and transactions for Cosmos SDK applications and is responsible for specifying the base transaction and account types. +* `authz` - authorization for accounts to perform actions on behalf of other accounts and enables a granter to grant authorizations to a grantee that allows the grantee to execute messages on behalf of the granter. + +### Gas & Fees + +Fees serve two purposes for an operator of the network. + +Fees limit the growth of the state stored by every full node and allow for +general purpose censorship of transactions of little economic value. Fees +are best suited as an anti-spam mechanism where validators are disinterested in +the use of the network and identities of users. + +Fees are determined by the gas limits and gas prices transactions provide, where +`fees = ceil(gasLimit * gasPrices)`. Txs incur gas costs for all state reads/writes, +signature verification, as well as costs proportional to the tx size. Operators +should set minimum gas prices when starting their nodes. They must set the unit +costs of gas in each token denomination they wish to support: + +`simd start ... --minimum-gas-prices=0.00001stake;0.05photinos` + +When adding transactions to mempool or gossipping transactions, validators check +if the transaction's gas prices, which are determined by the provided fees, meet +any of the validator's minimum gas prices. In other words, a transaction must +provide a fee of at least one denomination that matches a validator's minimum +gas price. + +CometBFT does not currently provide fee based mempool prioritization, and fee +based mempool filtering is local to node and not part of consensus. But with +minimum gas prices set, such a mechanism could be implemented by node operators. + +Because the market value for tokens will fluctuate, validators are expected to +dynamically adjust their minimum gas prices to a level that would encourage the +use of the network. + +## State + +### Accounts + +Accounts contain authentication information for a uniquely identified external user of an SDK blockchain, +including public key, address, and account number / sequence number for replay protection. For efficiency, +since account balances must also be fetched to pay fees, account structs also store the balance of a user +as `sdk.Coins`. + +Accounts are exposed externally as an interface, and stored internally as +either a base account or vesting account. Module clients wishing to add more +account types may do so. + +* `0x01 | Address -> ProtocolBuffer(account)` + +#### Account Interface + +The account interface exposes methods to read and write standard account information. +Note that all of these methods operate on an account struct conforming to the +interface - in order to write the account to the store, the account keeper will +need to be used. + +```go +// AccountI is an interface used to store coins at a given address within state. +// It presumes a notion of sequence numbers for replay protection, +// a notion of account numbers for replay protection for previously pruned accounts, +// and a pubkey for authentication purposes. +// +// Many complex conditions can be used in the concrete struct which implements AccountI. +type AccountI interface { + proto.Message + + GetAddress() sdk.AccAddress + SetAddress(sdk.AccAddress) error // errors if already set. + + GetPubKey() crypto.PubKey // can return nil. + SetPubKey(crypto.PubKey) error + + GetAccountNumber() uint64 + SetAccountNumber(uint64) error + + GetSequence() uint64 + SetSequence(uint64) error + + // Ensure that account implements stringer + String() string +} +``` + +##### Base Account + +A base account is the simplest and most common account type, which just stores all requisite +fields directly in a struct. + +```protobuf +// BaseAccount defines a base account type. It contains all the necessary fields +// for basic account functionality. Any custom account type should extend this +// type for additional functionality (e.g. vesting). +message BaseAccount { + string address = 1; + google.protobuf.Any pub_key = 2; + uint64 account_number = 3; + uint64 sequence = 4; +} +``` + +### Vesting Account + +See [Vesting](https://docs.cosmos.network/main/modules/auth/vesting/). + +## AnteHandlers + +The `x/auth` module presently has no transaction handlers of its own, but does expose the special `AnteHandler`, used for performing basic validity checks on a transaction, such that it could be thrown out of the mempool. +The `AnteHandler` can be seen as a set of decorators that check transactions within the current context, per [ADR 010](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-010-modular-antehandler.md). + +Note that the `AnteHandler` is called on both `CheckTx` and `DeliverTx`, as CometBFT proposers presently have the ability to include in their proposed block transactions which fail `CheckTx`. + +### Decorators + +The auth module provides `AnteDecorator`s that are recursively chained together into a single `AnteHandler` in the following order: + +* `SetUpContextDecorator`: Sets the `GasMeter` in the `Context` and wraps the next `AnteHandler` with a defer clause to recover from any downstream `OutOfGas` panics in the `AnteHandler` chain to return an error with information on gas provided and gas used. + +* `RejectExtensionOptionsDecorator`: Rejects all extension options which can optionally be included in protobuf transactions. + +* `MempoolFeeDecorator`: Checks if the `tx` fee is above local mempool `minFee` parameter during `CheckTx`. + +* `ValidateBasicDecorator`: Calls `tx.ValidateBasic` and returns any non-nil error. + +* `TxTimeoutHeightDecorator`: Check for a `tx` height timeout. + +* `ValidateMemoDecorator`: Validates `tx` memo with application parameters and returns any non-nil error. + +* `ConsumeGasTxSizeDecorator`: Consumes gas proportional to the `tx` size based on application parameters. + +* `DeductFeeDecorator`: Deducts the `FeeAmount` from first signer of the `tx`. If the `x/feegrant` module is enabled and a fee granter is set, it deducts fees from the fee granter account. + +* `SetPubKeyDecorator`: Sets the pubkey from a `tx`'s signers that does not already have its corresponding pubkey saved in the state machine and in the current context. + +* `ValidateSigCountDecorator`: Validates the number of signatures in `tx` based on app-parameters. + +* `SigGasConsumeDecorator`: Consumes parameter-defined amount of gas for each signature. This requires pubkeys to be set in context for all signers as part of `SetPubKeyDecorator`. + +* `SigVerificationDecorator`: Verifies all signatures are valid. This requires pubkeys to be set in context for all signers as part of `SetPubKeyDecorator`. + +* `IncrementSequenceDecorator`: Increments the account sequence for each signer to prevent replay attacks. + +## Keepers + +The auth module only exposes one keeper, the account keeper, which can be used to read and write accounts. + +### Account Keeper + +Presently only one fully-permissioned account keeper is exposed, which has the ability to both read and write +all fields of all accounts, and to iterate over all stored accounts. + +```go +// AccountKeeperI is the interface contract that x/auth's keeper implements. +type AccountKeeperI interface { + // Return a new account with the next account number and the specified address. Does not save the new account to the store. + NewAccountWithAddress(sdk.Context, sdk.AccAddress) types.AccountI + + // Return a new account with the next account number. Does not save the new account to the store. + NewAccount(sdk.Context, types.AccountI) types.AccountI + + // Check if an account exists in the store. + HasAccount(sdk.Context, sdk.AccAddress) bool + + // Retrieve an account from the store. + GetAccount(sdk.Context, sdk.AccAddress) types.AccountI + + // Set an account in the store. + SetAccount(sdk.Context, types.AccountI) + + // Remove an account from the store. + RemoveAccount(sdk.Context, types.AccountI) + + // Iterate over all accounts, calling the provided function. Stop iteration when it returns true. + IterateAccounts(sdk.Context, func(types.AccountI) bool) + + // Fetch the public key of an account at a specified address + GetPubKey(sdk.Context, sdk.AccAddress) (crypto.PubKey, error) + + // Fetch the sequence of an account at a specified address. + GetSequence(sdk.Context, sdk.AccAddress) (uint64, error) + + // Fetch the next account number, and increment the internal counter. + NextAccountNumber(sdk.Context) uint64 +} +``` + +## Parameters + +The auth module contains the following parameters: + +| Key | Type | Example | +| ---------------------- | --------------- | ------- | +| MaxMemoCharacters | uint64 | 256 | +| TxSigLimit | uint64 | 7 | +| TxSizeCostPerByte | uint64 | 10 | +| SigVerifyCostED25519 | uint64 | 590 | +| SigVerifyCostSecp256k1 | uint64 | 1000 | + +## Client + +### CLI + +A user can query and interact with the `auth` module using the CLI. + +### Query + +The `query` commands allow users to query `auth` state. + +```bash +simd query auth --help +``` + +#### account + +The `account` command allow users to query for an account by it's address. + +```bash +simd query auth account [address] [flags] +``` + +Example: + +```bash +simd query auth account cosmos1... +``` + +Example Output: + +```bash +'@type': /cosmos.auth.v1beta1.BaseAccount +account_number: "0" +address: cosmos1zwg6tpl8aw4rawv8sgag9086lpw5hv33u5ctr2 +pub_key: + '@type': /cosmos.crypto.secp256k1.PubKey + key: ApDrE38zZdd7wLmFS9YmqO684y5DG6fjZ4rVeihF/AQD +sequence: "1" +``` + +#### accounts + +The `accounts` command allow users to query all the available accounts. + +```bash +simd query auth accounts [flags] +``` + +Example: + +```bash +simd query auth accounts +``` + +Example Output: + +```bash +accounts: +- '@type': /cosmos.auth.v1beta1.BaseAccount + account_number: "0" + address: cosmos1zwg6tpl8aw4rawv8sgag9086lpw5hv33u5ctr2 + pub_key: + '@type': /cosmos.crypto.secp256k1.PubKey + key: ApDrE38zZdd7wLmFS9YmqO684y5DG6fjZ4rVeihF/AQD + sequence: "1" +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "8" + address: cosmos1yl6hdjhmkf37639730gffanpzndzdpmhwlkfhr + pub_key: null + sequence: "0" + name: transfer + permissions: + - minter + - burner +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "4" + address: cosmos1fl48vsnmsdzcv85q5d2q4z5ajdha8yu34mf0eh + pub_key: null + sequence: "0" + name: bonded_tokens_pool + permissions: + - burner + - staking +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "5" + address: cosmos1tygms3xhhs3yv487phx3dw4a95jn7t7lpm470r + pub_key: null + sequence: "0" + name: not_bonded_tokens_pool + permissions: + - burner + - staking +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "6" + address: cosmos10d07y265gmmuvt4z0w9aw880jnsr700j6zn9kn + pub_key: null + sequence: "0" + name: gov + permissions: + - burner +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "3" + address: cosmos1jv65s3grqf6v6jl3dp4t6c9t9rk99cd88lyufl + pub_key: null + sequence: "0" + name: distribution + permissions: [] +- '@type': /cosmos.auth.v1beta1.BaseAccount + account_number: "1" + address: cosmos147k3r7v2tvwqhcmaxcfql7j8rmkrlsemxshd3j + pub_key: null + sequence: "0" +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "7" + address: cosmos1m3h30wlvsf8llruxtpukdvsy0km2kum8g38c8q + pub_key: null + sequence: "0" + name: mint + permissions: + - minter +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "2" + address: cosmos17xpfvakm2amg962yls6f84z3kell8c5lserqta + pub_key: null + sequence: "0" + name: fee_collector + permissions: [] +pagination: + next_key: null + total: "0" +``` + +#### params + +The `params` command allow users to query the current auth parameters. + +```bash +simd query auth params [flags] +``` + +Example: + +```bash +simd query auth params +``` + +Example Output: + +```bash +max_memo_characters: "256" +sig_verify_cost_ed25519: "590" +sig_verify_cost_secp256k1: "1000" +tx_sig_limit: "7" +tx_size_cost_per_byte: "10" +``` + +### Transactions + +The `auth` module supports transactions commands to help you with signing and more. Compared to other modules you can access directly the `auth` module transactions commands using the only `tx` command. + +Use directly the `--help` flag to get more information about the `tx` command. + +```bash +simd tx --help +``` + +#### `sign` + +The `sign` command allows users to sign transactions that was generated offline. + +```bash +simd tx sign tx.json --from $ALICE > tx.signed.json +``` + +The result is a signed transaction that can be broadcasted to the network thanks to the broadcast command. + +More information about the `sign` command can be found running `simd tx sign --help`. + +#### `sign-batch` + +The `sign-batch` command allows users to sign multiples offline generated transactions. +The transactions can be in one file, with one tx per line, or in multiple files. + +```bash +simd tx sign txs.json --from $ALICE > tx.signed.json +``` + +or + +```bash +simd tx sign tx1.json tx2.json tx3.json --from $ALICE > tx.signed.json +``` + +The result is multiples signed transactions. For combining the signed transactions into one transactions, use the `--append` flag. + +More information about the `sign-batch` command can be found running `simd tx sign-batch --help`. + +#### `multi-sign` + +The `multi-sign` command allows users to sign transactions that was generated offline by a multisig account. + +```bash +simd tx multisign transaction.json k1k2k3 k1sig.json k2sig.json k3sig.json +``` + +Where `k1k2k3` is the multisig account address, `k1sig.json` is the signature of the first signer, `k2sig.json` is the signature of the second signer, and `k3sig.json` is the signature of the third signer. + +##### Nested multisig transactions + +To allow transactions to be signed by nested multisigs, meaning that a participant of a multisig account can be another multisig account, the `--skip-signature-verification` flag must be used. + +```bash +# First aggregate signatures of the multisig participant +simd tx multi-sign transaction.json ms1 ms1p1sig.json ms1p2sig.json --signature-only --skip-signature-verification > ms1sig.json + +# Then use the aggregated signatures and the other signatures to sign the final transaction +simd tx multi-sign transaction.json k1ms1 k1sig.json ms1sig.json --skip-signature-verification +``` + +Where `ms1` is the nested multisig account address, `ms1p1sig.json` is the signature of the first participant of the nested multisig account, `ms1p2sig.json` is the signature of the second participant of the nested multisig account, and `ms1sig.json` is the aggregated signature of the nested multisig account. + +`k1ms1` is a multisig account comprised of an individual signer and another nested multisig account (`ms1`). `k1sig.json` is the signature of the first signer of the individual member. + +More information about the `multi-sign` command can be found running `simd tx multi-sign --help`. + +#### `multisign-batch` + +The `multisign-batch` works the same way as `sign-batch`, but for multisig accounts. +With the difference that the `multisign-batch` command requires all transactions to be in one file, and the `--append` flag does not exist. + +More information about the `multisign-batch` command can be found running `simd tx multisign-batch --help`. + +#### `validate-signatures` + +The `validate-signatures` command allows users to validate the signatures of a signed transaction. + +```bash +$ simd tx validate-signatures tx.signed.json +Signers: + 0: cosmos1l6vsqhh7rnwsyr2kyz3jjg3qduaz8gwgyl8275 + +Signatures: + 0: cosmos1l6vsqhh7rnwsyr2kyz3jjg3qduaz8gwgyl8275 [OK] +``` + +More information about the `validate-signatures` command can be found running `simd tx validate-signatures --help`. + +#### `broadcast` + +The `broadcast` command allows users to broadcast a signed transaction to the network. + +```bash +simd tx broadcast tx.signed.json +``` + +More information about the `broadcast` command can be found running `simd tx broadcast --help`. + + +### gRPC + +A user can query the `auth` module using gRPC endpoints. + +#### Account + +The `account` endpoint allow users to query for an account by it's address. + +```bash +cosmos.auth.v1beta1.Query/Account +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"address":"cosmos1.."}' \ + localhost:9090 \ + cosmos.auth.v1beta1.Query/Account +``` + +Example Output: + +```bash +{ + "account":{ + "@type":"/cosmos.auth.v1beta1.BaseAccount", + "address":"cosmos1zwg6tpl8aw4rawv8sgag9086lpw5hv33u5ctr2", + "pubKey":{ + "@type":"/cosmos.crypto.secp256k1.PubKey", + "key":"ApDrE38zZdd7wLmFS9YmqO684y5DG6fjZ4rVeihF/AQD" + }, + "sequence":"1" + } +} +``` + +#### Accounts + +The `accounts` endpoint allow users to query all the available accounts. + +```bash +cosmos.auth.v1beta1.Query/Accounts +``` + +Example: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + cosmos.auth.v1beta1.Query/Accounts +``` + +Example Output: + +```bash +{ + "accounts":[ + { + "@type":"/cosmos.auth.v1beta1.BaseAccount", + "address":"cosmos1zwg6tpl8aw4rawv8sgag9086lpw5hv33u5ctr2", + "pubKey":{ + "@type":"/cosmos.crypto.secp256k1.PubKey", + "key":"ApDrE38zZdd7wLmFS9YmqO684y5DG6fjZ4rVeihF/AQD" + }, + "sequence":"1" + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos1yl6hdjhmkf37639730gffanpzndzdpmhwlkfhr", + "accountNumber":"8" + }, + "name":"transfer", + "permissions":[ + "minter", + "burner" + ] + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos1fl48vsnmsdzcv85q5d2q4z5ajdha8yu34mf0eh", + "accountNumber":"4" + }, + "name":"bonded_tokens_pool", + "permissions":[ + "burner", + "staking" + ] + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos1tygms3xhhs3yv487phx3dw4a95jn7t7lpm470r", + "accountNumber":"5" + }, + "name":"not_bonded_tokens_pool", + "permissions":[ + "burner", + "staking" + ] + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos10d07y265gmmuvt4z0w9aw880jnsr700j6zn9kn", + "accountNumber":"6" + }, + "name":"gov", + "permissions":[ + "burner" + ] + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos1jv65s3grqf6v6jl3dp4t6c9t9rk99cd88lyufl", + "accountNumber":"3" + }, + "name":"distribution" + }, + { + "@type":"/cosmos.auth.v1beta1.BaseAccount", + "accountNumber":"1", + "address":"cosmos147k3r7v2tvwqhcmaxcfql7j8rmkrlsemxshd3j" + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos1m3h30wlvsf8llruxtpukdvsy0km2kum8g38c8q", + "accountNumber":"7" + }, + "name":"mint", + "permissions":[ + "minter" + ] + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos17xpfvakm2amg962yls6f84z3kell8c5lserqta", + "accountNumber":"2" + }, + "name":"fee_collector" + } + ], + "pagination":{ + "total":"9" + } +} +``` + +#### Params + +The `params` endpoint allow users to query the current auth parameters. + +```bash +cosmos.auth.v1beta1.Query/Params +``` + +Example: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + cosmos.auth.v1beta1.Query/Params +``` + +Example Output: + +```bash +{ + "params": { + "maxMemoCharacters": "256", + "txSigLimit": "7", + "txSizeCostPerByte": "10", + "sigVerifyCostEd25519": "590", + "sigVerifyCostSecp256k1": "1000" + } +} +``` + +### REST + +A user can query the `auth` module using REST endpoints. + +#### Account + +The `account` endpoint allow users to query for an account by it's address. + +```bash +/cosmos/auth/v1beta1/account?address={address} +``` + +#### Accounts + +The `accounts` endpoint allow users to query all the available accounts. + +```bash +/cosmos/auth/v1beta1/accounts +``` + +#### Params + +The `params` endpoint allow users to query the current auth parameters. + +```bash +/cosmos/auth/v1beta1/params +``` diff --git a/copy-of-sdk-docs/build/modules/authz/README.md b/copy-of-sdk-docs/build/modules/authz/README.md new file mode 100644 index 00000000..3ec3c366 --- /dev/null +++ b/copy-of-sdk-docs/build/modules/authz/README.md @@ -0,0 +1,377 @@ +--- +sidebar_position: 1 +--- + +# `x/authz` + +## Abstract + +`x/authz` is an implementation of a Cosmos SDK module, per [ADR 30](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-030-authz-module.md), that allows +granting arbitrary privileges from one account (the granter) to another account (the grantee). Authorizations must be granted for a particular Msg service method one by one using an implementation of the `Authorization` interface. + +## Contents + +* [Concepts](#concepts) + * [Authorization and Grant](#authorization-and-grant) + * [Built-in Authorizations](#built-in-authorizations) + * [Gas](#gas) +* [State](#state) + * [Grant](#grant) + * [GrantQueue](#grantqueue) +* [Messages](#messages) + * [MsgGrant](#msggrant) + * [MsgRevoke](#msgrevoke) + * [MsgExec](#msgexec) +* [Events](#events) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) + +## Concepts + +### Authorization and Grant + +The `x/authz` module defines interfaces and messages grant authorizations to perform actions +on behalf of one account to other accounts. The design is defined in the [ADR 030](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-030-authz-module.md). + +A *grant* is an allowance to execute a Msg by the grantee on behalf of the granter. +Authorization is an interface that must be implemented by a concrete authorization logic to validate and execute grants. Authorizations are extensible and can be defined for any Msg service method even outside of the module where the Msg method is defined. See the `SendAuthorization` example in the next section for more details. + +**Note:** The authz module is different from the [auth (authentication)](../auth/) module that is responsible for specifying the base transaction and account types. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/authz/authorizations.go#L11-L25 +``` + +### Built-in Authorizations + +The Cosmos SDK `x/authz` module comes with following authorization types: + +#### GenericAuthorization + +`GenericAuthorization` implements the `Authorization` interface that gives unrestricted permission to execute the provided Msg on behalf of granter's account. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/authz.proto#L14-L22 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/authz/generic_authorization.go#L16-L29 +``` + +* `msg` stores Msg type URL. + +#### SendAuthorization + +`SendAuthorization` implements the `Authorization` interface for the `cosmos.bank.v1beta1.MsgSend` Msg. + +* It takes a (positive) `SpendLimit` that specifies the maximum amount of tokens the grantee can spend. The `SpendLimit` is updated as the tokens are spent. +* It takes an (optional) `AllowList` that specifies to which addresses a grantee can send token. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/authz.proto#L11-L30 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/bank/types/send_authorization.go#L29-L62 +``` + +* `spend_limit` keeps track of how many coins are left in the authorization. +* `allow_list` specifies an optional list of addresses to whom the grantee can send tokens on behalf of the granter. + +#### StakeAuthorization + +`StakeAuthorization` implements the `Authorization` interface for messages in the [staking module](https://docs.cosmos.network/v0.53/build/modules/staking). It takes an `AuthorizationType` to specify whether you want to authorise delegating, undelegating or redelegating (i.e. these have to be authorised separately). It also takes an optional `MaxTokens` that keeps track of a limit to the amount of tokens that can be delegated/undelegated/redelegated. If left empty, the amount is unlimited. Additionally, this Msg takes an `AllowList` or a `DenyList`, which allows you to select which validators you allow or deny grantees to stake with. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/authz.proto#L11-L35 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/staking/types/authz.go#L15-L35 +``` + +### Gas + +In order to prevent DoS attacks, granting `StakeAuthorization`s with `x/authz` incurs gas. `StakeAuthorization` allows you to authorize another account to delegate, undelegate, or redelegate to validators. The authorizer can define a list of validators they allow or deny delegations to. The Cosmos SDK iterates over these lists and charge 10 gas for each validator in both of the lists. + +Since the state maintaining a list for granter, grantee pair with same expiration, we are iterating over the list to remove the grant (in case of any revoke of particular `msgType`) from the list and we are charging 20 gas per iteration. + +## State + +### Grant + +Grants are identified by combining granter address (the address bytes of the granter), grantee address (the address bytes of the grantee) and Authorization type (its type URL). Hence we only allow one grant for the (granter, grantee, Authorization) triple. + +* Grant: `0x01 | granter_address_len (1 byte) | granter_address_bytes | grantee_address_len (1 byte) | grantee_address_bytes | msgType_bytes -> ProtocolBuffer(AuthorizationGrant)` + +The grant object encapsulates an `Authorization` type and an expiration timestamp: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/authz.proto#L24-L32 +``` + +### GrantQueue + +We are maintaining a queue for authz pruning. Whenever a grant is created, an item will be added to `GrantQueue` with a key of expiration, granter, grantee. + +In `EndBlock` (which runs for every block) we continuously check and prune the expired grants by forming a prefix key with current blocktime that passed the stored expiration in `GrantQueue`, we iterate through all the matched records from `GrantQueue` and delete them from the `GrantQueue` & `Grant`s store. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/5f4ddc6f80f9707320eec42182184207fff3833a/x/authz/keeper/keeper.go#L378-L403 +``` + +* GrantQueue: `0x02 | expiration_bytes | granter_address_len (1 byte) | granter_address_bytes | grantee_address_len (1 byte) | grantee_address_bytes -> ProtocolBuffer(GrantQueueItem)` + +The `expiration_bytes` are the expiration date in UTC with the format `"2006-01-02T15:04:05.000000000"`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/authz/keeper/keys.go#L77-L93 +``` + +The `GrantQueueItem` object contains the list of type urls between granter and grantee that expire at the time indicated in the key. + +## Messages + +In this section we describe the processing of messages for the authz module. + +### MsgGrant + +An authorization grant is created using the `MsgGrant` message. +If there is already a grant for the `(granter, grantee, Authorization)` triple, then the new grant overwrites the previous one. To update or extend an existing grant, a new grant with the same `(granter, grantee, Authorization)` triple should be created. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/tx.proto#L35-L45 +``` + +The message handling should fail if: + +* both granter and grantee have the same address. +* provided `Expiration` time is less than current unix timestamp (but a grant will be created if no `expiration` time is provided since `expiration` is optional). +* provided `Grant.Authorization` is not implemented. +* `Authorization.MsgTypeURL()` is not defined in the router (there is no defined handler in the app router to handle that Msg types). + +### MsgRevoke + +A grant can be removed with the `MsgRevoke` message. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/tx.proto#L69-L78 +``` + +The message handling should fail if: + +* both granter and grantee have the same address. +* provided `MsgTypeUrl` is empty. + +NOTE: The `MsgExec` message removes a grant if the grant has expired. + +### MsgExec + +When a grantee wants to execute a transaction on behalf of a granter, they must send `MsgExec`. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/tx.proto#L52-L63 +``` + +The message handling should fail if: + +* provided `Authorization` is not implemented. +* grantee doesn't have permission to run the transaction. +* if granted authorization is expired. + +## Events + +The authz module emits proto events defined in [the Protobuf reference](https://buf.build/cosmos/cosmos-sdk/docs/main/cosmos.authz.v1beta1#cosmos.authz.v1beta1.EventGrant). + +## Client + +### CLI + +A user can query and interact with the `authz` module using the CLI. + +#### Query + +The `query` commands allow users to query `authz` state. + +```bash +simd query authz --help +``` + +##### grants + +The `grants` command allows users to query grants for a granter-grantee pair. If the message type URL is set, it selects grants only for that message type. + +```bash +simd query authz grants [granter-addr] [grantee-addr] [msg-type-url]? [flags] +``` + +Example: + +```bash +simd query authz grants cosmos1.. cosmos1.. /cosmos.bank.v1beta1.MsgSend +``` + +Example Output: + +```bash +grants: +- authorization: + '@type': /cosmos.bank.v1beta1.SendAuthorization + spend_limit: + - amount: "100" + denom: stake + expiration: "2022-01-01T00:00:00Z" +pagination: null +``` + +#### Transactions + +The `tx` commands allow users to interact with the `authz` module. + +```bash +simd tx authz --help +``` + +##### exec + +The `exec` command allows a grantee to execute a transaction on behalf of granter. + +```bash + simd tx authz exec [tx-json-file] --from [grantee] [flags] +``` + +Example: + +```bash +simd tx authz exec tx.json --from=cosmos1.. +``` + +##### grant + +The `grant` command allows a granter to grant an authorization to a grantee. + +```bash +simd tx authz grant --from [flags] +``` + +* The `send` authorization_type refers to the built-in `SendAuthorization` type. The custom flags available are `spend-limit` (required) and `allow-list` (optional) , documented [here](#sendauthorization) + +Example: + +```bash + simd tx authz grant cosmos1.. send --spend-limit=100stake --allow-list=cosmos1...,cosmos2... --from=cosmos1.. +``` + +* The `generic` authorization_type refers to the built-in `GenericAuthorization` type. The custom flag available is `msg-type` (required) documented [here](#genericauthorization). + +> Note: `msg-type` is any valid Cosmos SDK `Msg` type url. + +Example: + +```bash + simd tx authz grant cosmos1.. generic --msg-type=/cosmos.bank.v1beta1.MsgSend --from=cosmos1.. +``` + +* The `delegate`,`unbond`,`redelegate` authorization_types refer to the built-in `StakeAuthorization` type. The custom flags available are `spend-limit` (optional), `allowed-validators` (optional) and `deny-validators` (optional) documented [here](#stakeauthorization). + +> Note: `allowed-validators` and `deny-validators` cannot both be empty. `spend-limit` represents the `MaxTokens` + +Example: + +```bash +simd tx authz grant cosmos1.. delegate --spend-limit=100stake --allowed-validators=cosmos...,cosmos... --deny-validators=cosmos... --from=cosmos1.. +``` + +##### revoke + +The `revoke` command allows a granter to revoke an authorization from a grantee. + +```bash +simd tx authz revoke [grantee] [msg-type-url] --from=[granter] [flags] +``` + +Example: + +```bash +simd tx authz revoke cosmos1.. /cosmos.bank.v1beta1.MsgSend --from=cosmos1.. +``` + +### gRPC + +A user can query the `authz` module using gRPC endpoints. + +#### Grants + +The `Grants` endpoint allows users to query grants for a granter-grantee pair. If the message type URL is set, it selects grants only for that message type. + +```bash +cosmos.authz.v1beta1.Query/Grants +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"granter":"cosmos1..","grantee":"cosmos1..","msg_type_url":"/cosmos.bank.v1beta1.MsgSend"}' \ + localhost:9090 \ + cosmos.authz.v1beta1.Query/Grants +``` + +Example Output: + +```bash +{ + "grants": [ + { + "authorization": { + "@type": "/cosmos.bank.v1beta1.SendAuthorization", + "spendLimit": [ + { + "denom":"stake", + "amount":"100" + } + ] + }, + "expiration": "2022-01-01T00:00:00Z" + } + ] +} +``` + +### REST + +A user can query the `authz` module using REST endpoints. + +```bash +/cosmos/authz/v1beta1/grants +``` + +Example: + +```bash +curl "localhost:1317/cosmos/authz/v1beta1/grants?granter=cosmos1..&grantee=cosmos1..&msg_type_url=/cosmos.bank.v1beta1.MsgSend" +``` + +Example Output: + +```bash +{ + "grants": [ + { + "authorization": { + "@type": "/cosmos.bank.v1beta1.SendAuthorization", + "spend_limit": [ + { + "denom": "stake", + "amount": "100" + } + ] + }, + "expiration": "2022-01-01T00:00:00Z" + } + ], + "pagination": null +} +``` diff --git a/copy-of-sdk-docs/build/modules/bank/README.md b/copy-of-sdk-docs/build/modules/bank/README.md new file mode 100644 index 00000000..62a781da --- /dev/null +++ b/copy-of-sdk-docs/build/modules/bank/README.md @@ -0,0 +1,1039 @@ +--- +sidebar_position: 1 +--- + +# `x/bank` + +## Abstract + +This document specifies the bank module of the Cosmos SDK. + +The bank module is responsible for handling multi-asset coin transfers between +accounts and tracking special-case pseudo-transfers which must work differently +with particular kinds of accounts (notably delegating/undelegating for vesting +accounts). It exposes several interfaces with varying capabilities for secure +interaction with other modules which must alter user balances. + +In addition, the bank module tracks and provides query support for the total +supply of all assets used in the application. + +This module is used in the Cosmos Hub. + +## Contents + +* [Supply](#supply) + * [Total Supply](#total-supply) +* [Module Accounts](#module-accounts) + * [Permissions](#permissions) +* [State](#state) +* [Params](#params) +* [Keepers](#keepers) +* [Messages](#messages) +* [Events](#events) + * [Message Events](#message-events) + * [Keeper Events](#keeper-events) +* [Parameters](#parameters) + * [SendEnabled](#sendenabled) + * [DefaultSendEnabled](#defaultsendenabled) +* [Client](#client) + * [CLI](#cli) + * [Query](#query) + * [Transactions](#transactions) +* [gRPC](#grpc) + +## Supply + +The `supply` functionality: + +* passively tracks the total supply of coins within a chain, +* provides a pattern for modules to hold/interact with `Coins`, and +* introduces the invariant check to verify a chain's total supply. + +### Total Supply + +The total `Supply` of the network is equal to the sum of all coins from the +account. The total supply is updated every time a `Coin` is minted (eg: as part +of the inflation mechanism) or burned (eg: due to slashing or if a governance +proposal is vetoed). + +## Module Accounts + +The supply functionality introduces a new type of `auth.Account` which can be used by +modules to allocate tokens and in special cases mint or burn tokens. At a base +level these module accounts are capable of sending/receiving tokens to and from +`auth.Account`s and other module accounts. This design replaces previous +alternative designs where, to hold tokens, modules would burn the incoming +tokens from the sender account, and then track those tokens internally. Later, +in order to send tokens, the module would need to effectively mint tokens +within a destination account. The new design removes duplicate logic between +modules to perform this accounting. + +The `ModuleAccount` interface is defined as follows: + +```go +type ModuleAccount interface { + auth.Account // same methods as the Account interface + + GetName() string // name of the module; used to obtain the address + GetPermissions() []string // permissions of module account + HasPermission(string) bool +} +``` + +> **WARNING!** +> Any module or message handler that allows either direct or indirect sending of funds must explicitly guarantee those funds cannot be sent to module accounts (unless allowed). + +The supply `Keeper` also introduces new wrapper functions for the auth `Keeper` +and the bank `Keeper` that are related to `ModuleAccount`s in order to be able +to: + +* Get and set `ModuleAccount`s by providing the `Name`. +* Send coins from and to other `ModuleAccount`s or standard `Account`s + (`BaseAccount` or `VestingAccount`) by passing only the `Name`. +* `Mint` or `Burn` coins for a `ModuleAccount` (restricted to its permissions). + +### Permissions + +Each `ModuleAccount` has a different set of permissions that provide different +object capabilities to perform certain actions. Permissions need to be +registered upon the creation of the supply `Keeper` so that every time a +`ModuleAccount` calls the allowed functions, the `Keeper` can lookup the +permissions to that specific account and perform or not perform the action. + +The available permissions are: + +* `Minter`: allows for a module to mint a specific amount of coins. +* `Burner`: allows for a module to burn a specific amount of coins. +* `Staking`: allows for a module to delegate and undelegate a specific amount of coins. + +## State + +The `x/bank` module keeps state of the following primary objects: + +1. Account balances +2. Denomination metadata +3. The total supply of all balances +4. Information on which denominations are allowed to be sent. + +In addition, the `x/bank` module keeps the following indexes to manage the +aforementioned state: + +* Supply Index: `0x0 | byte(denom) -> byte(amount)` +* Denom Metadata Index: `0x1 | byte(denom) -> ProtocolBuffer(Metadata)` +* Balances Index: `0x2 | byte(address length) | []byte(address) | []byte(balance.Denom) -> ProtocolBuffer(balance)` +* Reverse Denomination to Address Index: `0x03 | byte(denom) | 0x00 | []byte(address) -> 0` + +## Params + +The bank module stores it's params in state with the prefix of `0x05`, +it can be updated with governance or the address with authority. + +* Params: `0x05 | ProtocolBuffer(Params)` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/bank.proto#L12-L23 +``` + +## Keepers + +The bank module provides these exported keeper interfaces that can be +passed to other modules that read or update account balances. Modules +should use the least-permissive interface that provides the functionality they +require. + +Best practices dictate careful review of `bank` module code to ensure that +permissions are limited in the way that you expect. + +### Denied Addresses + +The `x/bank` module accepts a map of addresses that are considered blocklisted +from directly and explicitly receiving funds through means such as `MsgSend` and +`MsgMultiSend` and direct API calls like `SendCoinsFromModuleToAccount`. + +Typically, these addresses are module accounts. If these addresses receive funds +outside the expected rules of the state machine, invariants are likely to be +broken and could result in a halted network. + +By providing the `x/bank` module with a blocklisted set of addresses, an error occurs for the operation if a user or client attempts to directly or indirectly send funds to a blocklisted account, for example, by using [IBC](https://ibc.cosmos.network). + +### Common Types + +#### Input + +An input of a multiparty transfer + +```protobuf +// Input models transaction input. +message Input { + string address = 1; + repeated cosmos.base.v1beta1.Coin coins = 2; +} +``` + +#### Output + +An output of a multiparty transfer. + +```protobuf +// Output models transaction outputs. +message Output { + string address = 1; + repeated cosmos.base.v1beta1.Coin coins = 2; +} +``` + +### BaseKeeper + +The base keeper provides full-permission access: the ability to arbitrary modify any account's balance and mint or burn coins. + +Restricted permission to mint per module could be achieved by using baseKeeper with `WithMintCoinsRestriction` to give specific restrictions to mint (e.g. only minting certain denom). + +```go +// Keeper defines a module interface that facilitates the transfer of coins +// between accounts. +type Keeper interface { + SendKeeper + WithMintCoinsRestriction(MintingRestrictionFn) BaseKeeper + + InitGenesis(context.Context, *types.GenesisState) + ExportGenesis(context.Context) *types.GenesisState + + GetSupply(ctx context.Context, denom string) sdk.Coin + HasSupply(ctx context.Context, denom string) bool + GetPaginatedTotalSupply(ctx context.Context, pagination *query.PageRequest) (sdk.Coins, *query.PageResponse, error) + IterateTotalSupply(ctx context.Context, cb func(sdk.Coin) bool) + GetDenomMetaData(ctx context.Context, denom string) (types.Metadata, bool) + HasDenomMetaData(ctx context.Context, denom string) bool + SetDenomMetaData(ctx context.Context, denomMetaData types.Metadata) + IterateAllDenomMetaData(ctx context.Context, cb func(types.Metadata) bool) + + SendCoinsFromModuleToAccount(ctx context.Context, senderModule string, recipientAddr sdk.AccAddress, amt sdk.Coins) error + SendCoinsFromModuleToModule(ctx context.Context, senderModule, recipientModule string, amt sdk.Coins) error + SendCoinsFromAccountToModule(ctx context.Context, senderAddr sdk.AccAddress, recipientModule string, amt sdk.Coins) error + DelegateCoinsFromAccountToModule(ctx context.Context, senderAddr sdk.AccAddress, recipientModule string, amt sdk.Coins) error + UndelegateCoinsFromModuleToAccount(ctx context.Context, senderModule string, recipientAddr sdk.AccAddress, amt sdk.Coins) error + MintCoins(ctx context.Context, moduleName string, amt sdk.Coins) error + BurnCoins(ctx context.Context, moduleName string, amt sdk.Coins) error + + DelegateCoins(ctx context.Context, delegatorAddr, moduleAccAddr sdk.AccAddress, amt sdk.Coins) error + UndelegateCoins(ctx context.Context, moduleAccAddr, delegatorAddr sdk.AccAddress, amt sdk.Coins) error + + // GetAuthority gets the address capable of executing governance proposal messages. Usually the gov module account. + GetAuthority() string + + types.QueryServer +} +``` + +### SendKeeper + +The send keeper provides access to account balances and the ability to transfer coins between +accounts. The send keeper does not alter the total supply (mint or burn coins). + +```go +// SendKeeper defines a module interface that facilitates the transfer of coins +// between accounts without the possibility of creating coins. +type SendKeeper interface { + ViewKeeper + + AppendSendRestriction(restriction SendRestrictionFn) + PrependSendRestriction(restriction SendRestrictionFn) + ClearSendRestriction() + + InputOutputCoins(ctx context.Context, input types.Input, outputs []types.Output) error + SendCoins(ctx context.Context, fromAddr, toAddr sdk.AccAddress, amt sdk.Coins) error + + GetParams(ctx context.Context) types.Params + SetParams(ctx context.Context, params types.Params) error + + IsSendEnabledDenom(ctx context.Context, denom string) bool + SetSendEnabled(ctx context.Context, denom string, value bool) + SetAllSendEnabled(ctx context.Context, sendEnableds []*types.SendEnabled) + DeleteSendEnabled(ctx context.Context, denom string) + IterateSendEnabledEntries(ctx context.Context, cb func(denom string, sendEnabled bool) (stop bool)) + GetAllSendEnabledEntries(ctx context.Context) []types.SendEnabled + + IsSendEnabledCoin(ctx context.Context, coin sdk.Coin) bool + IsSendEnabledCoins(ctx context.Context, coins ...sdk.Coin) error + + BlockedAddr(addr sdk.AccAddress) bool +} +``` + +#### Send Restrictions + +The `SendKeeper` applies a `SendRestrictionFn` before each transfer of funds. + +```golang +// A SendRestrictionFn can restrict sends and/or provide a new receiver address. +type SendRestrictionFn func(ctx context.Context, fromAddr, toAddr sdk.AccAddress, amt sdk.Coins) (newToAddr sdk.AccAddress, err error) +``` + +After the `SendKeeper` (or `BaseKeeper`) has been created, send restrictions can be added to it using the `AppendSendRestriction` or `PrependSendRestriction` functions. +Both functions compose the provided restriction with any previously provided restrictions. +`AppendSendRestriction` adds the provided restriction to be run after any previously provided send restrictions. +`PrependSendRestriction` adds the restriction to be run before any previously provided send restrictions. +The composition will short-circuit when an error is encountered. I.e. if the first one returns an error, the second is not run. + +During `SendCoins`, the send restriction is applied before coins are removed from the from address and adding them to the to address. +During `InputOutputCoins`, the send restriction is applied after the input coins are removed and once for each output before the funds are added. + +A send restriction function should make use of a custom value in the context to allow bypassing that specific restriction. + +Send Restrictions are not placed on `ModuleToAccount` or `ModuleToModule` transfers. This is done due to modules needing to move funds to user accounts and other module accounts. This is a design decision to allow for more flexibility in the state machine. The state machine should be able to move funds between module accounts and user accounts without restrictions. + +Secondly this limitation would limit the usage of the state machine even for itself. users would not be able to receive rewards, not be able to move funds between module accounts. In the case that a user sends funds from a user account to the community pool and then a governance proposal is used to get those tokens into the users account this would fall under the discretion of the app chain developer to what they would like to do here. We can not make strong assumptions here. +Thirdly, this issue could lead into a chain halt if a token is disabled and the token is moved in the begin/endblock. This is the last reason we see the current change and more damaging then beneficial for users. + +For example, in your module's keeper package, you'd define the send restriction function: + +```golang +var _ banktypes.SendRestrictionFn = Keeper{}.SendRestrictionFn + +func (k Keeper) SendRestrictionFn(ctx context.Context, fromAddr, toAddr sdk.AccAddress, amt sdk.Coins) (sdk.AccAddress, error) { + // Bypass if the context says to. + if mymodule.HasBypass(ctx) { + return toAddr, nil + } + + // Your custom send restriction logic goes here. + return nil, errors.New("not implemented") +} +``` + +The bank keeper should be provided to your keeper's constructor so the send restriction can be added to it: + +```golang +func NewKeeper(cdc codec.BinaryCodec, storeKey storetypes.StoreKey, bankKeeper mymodule.BankKeeper) Keeper { + rv := Keeper{/*...*/} + bankKeeper.AppendSendRestriction(rv.SendRestrictionFn) + return rv +} +``` + +Then, in the `mymodule` package, define the context helpers: + +```golang +const bypassKey = "bypass-mymodule-restriction" + +// WithBypass returns a new context that will cause the mymodule bank send restriction to be skipped. +func WithBypass(ctx context.Context) context.Context { + return sdk.UnwrapSDKContext(ctx).WithValue(bypassKey, true) +} + +// WithoutBypass returns a new context that will cause the mymodule bank send restriction to not be skipped. +func WithoutBypass(ctx context.Context) context.Context { + return sdk.UnwrapSDKContext(ctx).WithValue(bypassKey, false) +} + +// HasBypass checks the context to see if the mymodule bank send restriction should be skipped. +func HasBypass(ctx context.Context) bool { + bypassValue := ctx.Value(bypassKey) + if bypassValue == nil { + return false + } + bypass, isBool := bypassValue.(bool) + return isBool && bypass +} +``` + +Now, anywhere where you want to use `SendCoins` or `InputOutputCoins`, but you don't want your send restriction applied: + +```golang +func (k Keeper) DoThing(ctx context.Context, fromAddr, toAddr sdk.AccAddress, amt sdk.Coins) error { + return k.bankKeeper.SendCoins(mymodule.WithBypass(ctx), fromAddr, toAddr, amt) +} +``` + +### ViewKeeper + +The view keeper provides read-only access to account balances. The view keeper does not have balance alteration functionality. All balance lookups are `O(1)`. + +```go +// ViewKeeper defines a module interface that facilitates read only access to +// account balances. +type ViewKeeper interface { + ValidateBalance(ctx context.Context, addr sdk.AccAddress) error + HasBalance(ctx context.Context, addr sdk.AccAddress, amt sdk.Coin) bool + + GetAllBalances(ctx context.Context, addr sdk.AccAddress) sdk.Coins + GetAccountsBalances(ctx context.Context) []types.Balance + GetBalance(ctx context.Context, addr sdk.AccAddress, denom string) sdk.Coin + LockedCoins(ctx context.Context, addr sdk.AccAddress) sdk.Coins + SpendableCoins(ctx context.Context, addr sdk.AccAddress) sdk.Coins + SpendableCoin(ctx context.Context, addr sdk.AccAddress, denom string) sdk.Coin + + IterateAccountBalances(ctx context.Context, addr sdk.AccAddress, cb func(coin sdk.Coin) (stop bool)) + IterateAllBalances(ctx context.Context, cb func(address sdk.AccAddress, coin sdk.Coin) (stop bool)) +} +``` + +## Messages + +### MsgSend + +Send coins from one address to another. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/tx.proto#L38-L53 +``` + +The message will fail under the following conditions: + +* The coins do not have sending enabled +* The `to` address is restricted + +### MsgMultiSend + +Send coins from one sender and to a series of different address. If any of the receiving addresses do not correspond to an existing account, a new account is created. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/tx.proto#L58-L69 +``` + +The message will fail under the following conditions: + +* Any of the coins do not have sending enabled +* Any of the `to` addresses are restricted +* Any of the coins are locked +* The inputs and outputs do not correctly correspond to one another + +### MsgUpdateParams + +The `bank` module params can be updated through `MsgUpdateParams`, which can be done using governance proposal. The signer will always be the `gov` module account address. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/tx.proto#L74-L88 +``` + +The message handling can fail if: + +* signer is not the gov module account address. + +### MsgSetSendEnabled + +Used with the x/gov module to set create/edit SendEnabled entries. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/tx.proto#L96-L117 +``` + +The message will fail under the following conditions: + +* The authority is not a bech32 address. +* The authority is not x/gov module's address. +* There are multiple SendEnabled entries with the same Denom. +* One or more SendEnabled entries has an invalid Denom. + +## Events + +The bank module emits the following events: + +### Message Events + +#### MsgSend + +| Type | Attribute Key | Attribute Value | +| -------- | ------------- | ------------------ | +| transfer | recipient | {recipientAddress} | +| transfer | amount | {amount} | +| message | module | bank | +| message | action | send | +| message | sender | {senderAddress} | + +#### MsgMultiSend + +| Type | Attribute Key | Attribute Value | +| -------- | ------------- | ------------------ | +| transfer | recipient | {recipientAddress} | +| transfer | amount | {amount} | +| message | module | bank | +| message | action | multisend | +| message | sender | {senderAddress} | + +### Keeper Events + +In addition to message events, the bank keeper will produce events when the following methods are called (or any method which ends up calling them) + +#### MintCoins + +```json +{ + "type": "coinbase", + "attributes": [ + { + "key": "minter", + "value": "{{sdk.AccAddress of the module minting coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being minted}}", + "index": true + } + ] +} +``` + +```json +{ + "type": "coin_received", + "attributes": [ + { + "key": "receiver", + "value": "{{sdk.AccAddress of the module minting coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being received}}", + "index": true + } + ] +} +``` + +#### BurnCoins + +```json +{ + "type": "burn", + "attributes": [ + { + "key": "burner", + "value": "{{sdk.AccAddress of the module burning coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being burned}}", + "index": true + } + ] +} +``` + +```json +{ + "type": "coin_spent", + "attributes": [ + { + "key": "spender", + "value": "{{sdk.AccAddress of the module burning coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being burned}}", + "index": true + } + ] +} +``` + +#### addCoins + +```json +{ + "type": "coin_received", + "attributes": [ + { + "key": "receiver", + "value": "{{sdk.AccAddress of the address beneficiary of the coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being received}}", + "index": true + } + ] +} +``` + +#### subUnlockedCoins/DelegateCoins + +```json +{ + "type": "coin_spent", + "attributes": [ + { + "key": "spender", + "value": "{{sdk.AccAddress of the address which is spending coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being spent}}", + "index": true + } + ] +} +``` + +## Parameters + +The bank module contains the following parameters + +### SendEnabled + +The SendEnabled parameter is now deprecated and not to be use. It is replaced +with state store records. + + +### DefaultSendEnabled + +The default send enabled value controls send transfer capability for all +coin denominations unless specifically included in the array of `SendEnabled` +parameters. + +## Client + +### CLI + +A user can query and interact with the `bank` module using the CLI. + +#### Query + +The `query` commands allow users to query `bank` state. + +```shell +simd query bank --help +``` + +##### balances + +The `balances` command allows users to query account balances by address. + +```shell +simd query bank balances [address] [flags] +``` + +Example: + +```shell +simd query bank balances cosmos1.. +``` + +Example Output: + +```yml +balances: +- amount: "1000000000" + denom: stake +pagination: + next_key: null + total: "0" +``` + +##### denom-metadata + +The `denom-metadata` command allows users to query metadata for coin denominations. A user can query metadata for a single denomination using the `--denom` flag or all denominations without it. + +```shell +simd query bank denom-metadata [flags] +``` + +Example: + +```shell +simd query bank denom-metadata --denom stake +``` + +Example Output: + +```yml +metadata: + base: stake + denom_units: + - aliases: + - STAKE + denom: stake + description: native staking token of simulation app + display: stake + name: SimApp Token + symbol: STK +``` + +##### total + +The `total` command allows users to query the total supply of coins. A user can query the total supply for a single coin using the `--denom` flag or all coins without it. + +```shell +simd query bank total [flags] +``` + +Example: + +```shell +simd query bank total --denom stake +``` + +Example Output: + +```yml +amount: "10000000000" +denom: stake +``` + +##### send-enabled + +The `send-enabled` command allows users to query for all or some SendEnabled entries. + +```shell +simd query bank send-enabled [denom1 ...] [flags] +``` + +Example: + +```shell +simd query bank send-enabled +``` + +Example output: + +```yml +send_enabled: +- denom: foocoin + enabled: true +- denom: barcoin +pagination: + next-key: null + total: 2 +``` + +#### Transactions + +The `tx` commands allow users to interact with the `bank` module. + +```shell +simd tx bank --help +``` + +##### send + +The `send` command allows users to send funds from one account to another. + +```shell +simd tx bank send [from_key_or_address] [to_address] [amount] [flags] +``` + +Example: + +```shell +simd tx bank send cosmos1.. cosmos1.. 100stake +``` + +## gRPC + +A user can query the `bank` module using gRPC endpoints. + +### Balance + +The `Balance` endpoint allows users to query account balance by address for a given denomination. + +```shell +cosmos.bank.v1beta1.Query/Balance +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"address":"cosmos1..","denom":"stake"}' \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/Balance +``` + +Example Output: + +```json +{ + "balance": { + "denom": "stake", + "amount": "1000000000" + } +} +``` + +### AllBalances + +The `AllBalances` endpoint allows users to query account balance by address for all denominations. + +```shell +cosmos.bank.v1beta1.Query/AllBalances +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"address":"cosmos1.."}' \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/AllBalances +``` + +Example Output: + +```json +{ + "balances": [ + { + "denom": "stake", + "amount": "1000000000" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### DenomMetadata + +The `DenomMetadata` endpoint allows users to query metadata for a single coin denomination. + +```shell +cosmos.bank.v1beta1.Query/DenomMetadata +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"denom":"stake"}' \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/DenomMetadata +``` + +Example Output: + +```json +{ + "metadata": { + "description": "native staking token of simulation app", + "denomUnits": [ + { + "denom": "stake", + "aliases": [ + "STAKE" + ] + } + ], + "base": "stake", + "display": "stake", + "name": "SimApp Token", + "symbol": "STK" + } +} +``` + +### DenomsMetadata + +The `DenomsMetadata` endpoint allows users to query metadata for all coin denominations. + +```shell +cosmos.bank.v1beta1.Query/DenomsMetadata +``` + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/DenomsMetadata +``` + +Example Output: + +```json +{ + "metadatas": [ + { + "description": "native staking token of simulation app", + "denomUnits": [ + { + "denom": "stake", + "aliases": [ + "STAKE" + ] + } + ], + "base": "stake", + "display": "stake", + "name": "SimApp Token", + "symbol": "STK" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### DenomOwners + +The `DenomOwners` endpoint allows users to query metadata for a single coin denomination. + +```shell +cosmos.bank.v1beta1.Query/DenomOwners +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"denom":"stake"}' \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/DenomOwners +``` + +Example Output: + +```json +{ + "denomOwners": [ + { + "address": "cosmos1..", + "balance": { + "denom": "stake", + "amount": "5000000000" + } + }, + { + "address": "cosmos1..", + "balance": { + "denom": "stake", + "amount": "5000000000" + } + }, + ], + "pagination": { + "total": "2" + } +} +``` + +### TotalSupply + +The `TotalSupply` endpoint allows users to query the total supply of all coins. + +```shell +cosmos.bank.v1beta1.Query/TotalSupply +``` + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/TotalSupply +``` + +Example Output: + +```json +{ + "supply": [ + { + "denom": "stake", + "amount": "10000000000" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### SupplyOf + +The `SupplyOf` endpoint allows users to query the total supply of a single coin. + +```shell +cosmos.bank.v1beta1.Query/SupplyOf +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"denom":"stake"}' \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/SupplyOf +``` + +Example Output: + +```json +{ + "amount": { + "denom": "stake", + "amount": "10000000000" + } +} +``` + +### Params + +The `Params` endpoint allows users to query the parameters of the `bank` module. + +```shell +cosmos.bank.v1beta1.Query/Params +``` + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/Params +``` + +Example Output: + +```json +{ + "params": { + "defaultSendEnabled": true + } +} +``` + +### SendEnabled + +The `SendEnabled` endpoints allows users to query the SendEnabled entries of the `bank` module. + +Any denominations NOT returned, use the `Params.DefaultSendEnabled` value. + +```shell +cosmos.bank.v1beta1.Query/SendEnabled +``` + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/SendEnabled +``` + +Example Output: + +```json +{ + "send_enabled": [ + { + "denom": "foocoin", + "enabled": true + }, + { + "denom": "barcoin" + } + ], + "pagination": { + "next-key": null, + "total": 2 + } +} +``` diff --git a/copy-of-sdk-docs/build/modules/circuit/README.md b/copy-of-sdk-docs/build/modules/circuit/README.md new file mode 100644 index 00000000..253ca497 --- /dev/null +++ b/copy-of-sdk-docs/build/modules/circuit/README.md @@ -0,0 +1,259 @@ +# `x/circuit` + +## Concepts + +Circuit Breaker is a module that is meant to avoid a chain needing to halt/shut down in the presence of a vulnerability, instead the module will allow specific messages or all messages to be disabled. When operating a chain, if it is app specific then a halt of the chain is less detrimental, but if there are applications built on top of the chain then halting is expensive due to the disturbance to applications. + +Circuit Breaker works with the idea that an address or set of addresses have the right to block messages from being executed and/or included in the mempool. Any address with a permission is able to reset the circuit breaker for the message. + +The transactions are checked and can be rejected at two points: + +* In `CircuitBreakerDecorator` [ante handler](https://docs.cosmos.network/main/learn/advanced/baseapp#antehandler): + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/x/circuit/v0.1.0/x/circuit/ante/circuit.go#L27-L41 +``` + +* With a [message router check](https://docs.cosmos.network/main/learn/advanced/baseapp#msg-service-router): + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.1/baseapp/msg_service_router.go#L104-L115 +``` + +:::note +The `CircuitBreakerDecorator` works for most use cases, but [does not check the inner messages of a transaction](https://docs.cosmos.network/main/learn/beginner/tx-lifecycle#antehandler). This means some transactions (such as `x/authz` transactions or some `x/gov` transactions) may pass the ante handler. **This does not affect the circuit breaker** as the message router check will still fail the transaction. +This tradeoff is to avoid introducing more dependencies in the `x/circuit` module. Chains can re-define the `CircuitBreakerDecorator` to check for inner messages if they wish to do so. +::: + +## State + +### Accounts + +* AccountPermissions `0x1 | account_address -> ProtocolBuffer(CircuitBreakerPermissions)` + +```go +type level int32 + +const ( + // LEVEL_NONE_UNSPECIFIED indicates that the account will have no circuit + // breaker permissions. + LEVEL_NONE_UNSPECIFIED = iota + // LEVEL_SOME_MSGS indicates that the account will have permission to + // trip or reset the circuit breaker for some Msg type URLs. If this level + // is chosen, a non-empty list of Msg type URLs must be provided in + // limit_type_urls. + LEVEL_SOME_MSGS + // LEVEL_ALL_MSGS indicates that the account can trip or reset the circuit + // breaker for Msg's of all type URLs. + LEVEL_ALL_MSGS + // LEVEL_SUPER_ADMIN indicates that the account can take all circuit breaker + // actions and can grant permissions to other accounts. + LEVEL_SUPER_ADMIN +) + +type Access struct { + level int32 + msgs []string // if full permission, msgs can be empty +} +``` + + +### Disable List + +List of type urls that are disabled. + +* DisableList `0x2 | msg_type_url -> []byte{}` + +## State Transitions + +### Authorize + +Authorize, is called by the module authority (default governance module account) or any account with `LEVEL_SUPER_ADMIN` to give permission to disable/enable messages to another account. There are three levels of permissions that can be granted. `LEVEL_SOME_MSGS` limits the number of messages that can be disabled. `LEVEL_ALL_MSGS` permits all messages to be disabled. `LEVEL_SUPER_ADMIN` allows an account to take all circuit breaker actions including authorizing and deauthorizing other accounts. + +```protobuf + // AuthorizeCircuitBreaker allows a super-admin to grant (or revoke) another + // account's circuit breaker permissions. + rpc AuthorizeCircuitBreaker(MsgAuthorizeCircuitBreaker) returns (MsgAuthorizeCircuitBreakerResponse); +``` + +### Trip + +Trip, is called by an authorized account to disable message execution for a specific msgURL. If empty, all the msgs will be disabled. + +```protobuf + // TripCircuitBreaker pauses processing of Msg's in the state machine. + rpc TripCircuitBreaker(MsgTripCircuitBreaker) returns (MsgTripCircuitBreakerResponse); +``` + +### Reset + +Reset is called by an authorized account to enable execution for a specific msgURL of previously disabled message. If empty, all the disabled messages will be enabled. + +```protobuf + // ResetCircuitBreaker resumes processing of Msg's in the state machine that + // have been paused using TripCircuitBreaker. + rpc ResetCircuitBreaker(MsgResetCircuitBreaker) returns (MsgResetCircuitBreakerResponse); +``` + +## Messages + +### MsgAuthorizeCircuitBreaker + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/cosmos/circuit/v1/tx.proto#L25-L75 +``` + +This message is expected to fail if: + +* the granter is not an account with permission level `LEVEL_SUPER_ADMIN` or the module authority + +### MsgTripCircuitBreaker + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/cosmos/circuit/v1/tx.proto#L77-L93 +``` + +This message is expected to fail if: + +* if the signer does not have a permission level with the ability to disable the specified type url message + +### MsgResetCircuitBreaker + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/cosmos/circuit/v1/tx.proto#L95-109 +``` + +This message is expected to fail if: + +* if the type url is not disabled + +## Events - list and describe event tags + +The circuit module emits the following events: + +### Message Events + +#### MsgAuthorizeCircuitBreaker + +| Type | Attribute Key | Attribute Value | +|---------|---------------|---------------------------| +| string | granter | {granterAddress} | +| string | grantee | {granteeAddress} | +| string | permission | {granteePermissions} | +| message | module | circuit | +| message | action | authorize_circuit_breaker | + +#### MsgTripCircuitBreaker + +| Type | Attribute Key | Attribute Value | +|----------|---------------|--------------------| +| string | authority | {authorityAddress} | +| []string | msg_urls | []string{msg_urls} | +| message | module | circuit | +| message | action | trip_circuit_breaker | + +#### ResetCircuitBreaker + +| Type | Attribute Key | Attribute Value | +|----------|---------------|--------------------| +| string | authority | {authorityAddress} | +| []string | msg_urls | []string{msg_urls} | +| message | module | circuit | +| message | action | reset_circuit_breaker | + + +## Keys - list of key prefixes used by the circuit module + +* `AccountPermissionPrefix` - `0x01` +* `DisableListPrefix` - `0x02` + +## Client - list and describe CLI commands and gRPC and REST endpoints + +## Examples: Using Circuit Breaker CLI Commands + +This section provides practical examples for using the Circuit Breaker module through the command-line interface (CLI). These examples demonstrate how to authorize accounts, disable (trip) specific message types, and re-enable (reset) them when needed. + +### Querying Circuit Breaker Permissions + +Check an account's current circuit breaker permissions: + +```bash +# Query permissions for a specific account + query circuit account-permissions + +# Example: +simd query circuit account-permissions cosmos1... +``` + +Check which message types are currently disabled: + +```bash +# Query all disabled message types + query circuit disabled-list + +# Example: +simd query circuit disabled-list +``` + +### Authorizing an Account as Circuit Breaker + +Only a super-admin or the module authority (typically the governance module account) can grant circuit breaker permissions to other accounts: + +```bash +# Grant LEVEL_ALL_MSGS permission (can disable any message type) + tx circuit authorize --level=ALL_MSGS --from= --gas=auto --gas-adjustment=1.5 + +# Grant LEVEL_SOME_MSGS permission (can only disable specific message types) + tx circuit authorize --level=SOME_MSGS --limit-type-urls="/cosmos.bank.v1beta1.MsgSend,/cosmos.staking.v1beta1.MsgDelegate" --from= --gas=auto --gas-adjustment=1.5 + +# Grant LEVEL_SUPER_ADMIN permission (can disable messages and authorize other accounts) + tx circuit authorize --level=SUPER_ADMIN --from= --gas=auto --gas-adjustment=1.5 +``` + +### Disabling Message Processing (Trip) + +Disable specific message types to prevent their execution (requires authorization): + +```bash +# Disable a single message type + tx circuit trip --type-urls="/cosmos.bank.v1beta1.MsgSend" --from= --gas=auto --gas-adjustment=1.5 + +# Disable multiple message types + tx circuit trip --type-urls="/cosmos.bank.v1beta1.MsgSend,/cosmos.staking.v1beta1.MsgDelegate" --from= --gas=auto --gas-adjustment=1.5 + +# Disable all message types (emergency measure) + tx circuit trip --from= --gas=auto --gas-adjustment=1.5 +``` + +### Re-enabling Message Processing (Reset) + +Re-enable previously disabled message types (requires authorization): + +```bash +# Re-enable a single message type + tx circuit reset --type-urls="/cosmos.bank.v1beta1.MsgSend" --from= --gas=auto --gas-adjustment=1.5 + +# Re-enable multiple message types + tx circuit reset --type-urls="/cosmos.bank.v1beta1.MsgSend,/cosmos.staking.v1beta1.MsgDelegate" --from= --gas=auto --gas-adjustment=1.5 + +# Re-enable all disabled message types + tx circuit reset --from= --gas=auto --gas-adjustment=1.5 +``` + +### Usage in Emergency Scenarios + +In case of a critical vulnerability in a specific message type: + +1. Quickly disable the vulnerable message type: + + ```bash + tx circuit trip --type-urls="/cosmos.vulnerable.v1beta1.MsgVulnerable" --from= --gas=auto --gas-adjustment=1.5 + ``` + +2. After a fix is deployed, re-enable the message type: + + ```bash + tx circuit reset --type-urls="/cosmos.vulnerable.v1beta1.MsgVulnerable" --from= --gas=auto --gas-adjustment=1.5 + ``` + +This allows chains to surgically disable problematic functionality without halting the entire chain, providing time for developers to implement and deploy fixes. diff --git a/copy-of-sdk-docs/build/modules/consensus/README.md b/copy-of-sdk-docs/build/modules/consensus/README.md new file mode 100644 index 00000000..902280a6 --- /dev/null +++ b/copy-of-sdk-docs/build/modules/consensus/README.md @@ -0,0 +1,7 @@ +--- +sidebar_position: 1 +--- + +# `x/consensus` + +Functionality to modify CometBFT's ABCI consensus params. diff --git a/copy-of-sdk-docs/build/modules/crisis/README.md b/copy-of-sdk-docs/build/modules/crisis/README.md new file mode 100644 index 00000000..631f9d85 --- /dev/null +++ b/copy-of-sdk-docs/build/modules/crisis/README.md @@ -0,0 +1,112 @@ +--- +sidebar_position: 1 +--- + +# `x/crisis` + +NOTE: `x/crisis` is deprecated as of Cosmos SDK v0.53 and will be removed in the next release. + +## Overview + +The crisis module halts the blockchain under the circumstance that a blockchain +invariant is broken. Invariants can be registered with the application during the +application initialization process. + +## Contents + +* [State](#state) +* [Messages](#messages) +* [Events](#events) +* [Parameters](#parameters) +* [Client](#client) + * [CLI](#cli) + +## State + +### ConstantFee + +Due to the anticipated large gas cost requirement to verify an invariant (and +potential to exceed the maximum allowable block gas limit) a constant fee is +used instead of the standard gas consumption method. The constant fee is +intended to be larger than the anticipated gas cost of running the invariant +with the standard gas consumption method. + +The ConstantFee param is stored in the module params state with the prefix of `0x01`, +it can be updated with governance or the address with authority. + +* Params: `mint/params -> legacy_amino(sdk.Coin)` + +## Messages + +In this section we describe the processing of the crisis messages and the +corresponding updates to the state. + +### MsgVerifyInvariant + +Blockchain invariants can be checked using the `MsgVerifyInvariant` message. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/crisis/v1beta1/tx.proto#L26-L42 +``` + +This message is expected to fail if: + +* the sender does not have enough coins for the constant fee +* the invariant route is not registered + +This message checks the invariant provided, and if the invariant is broken it +panics, halting the blockchain. If the invariant is broken, the constant fee is +never deducted as the transaction is never committed to a block (equivalent to +being refunded). However, if the invariant is not broken, the constant fee will +not be refunded. + +## Events + +The crisis module emits the following events: + +### Handlers + +#### MsgVerifyInvariant + +| Type | Attribute Key | Attribute Value | +|-----------|---------------|------------------| +| invariant | route | {invariantRoute} | +| message | module | crisis | +| message | action | verify_invariant | +| message | sender | {senderAddress} | + +## Parameters + +The crisis module contains the following parameters: + +| Key | Type | Example | +|-------------|---------------|-----------------------------------| +| ConstantFee | object (coin) | {"denom":"uatom","amount":"1000"} | + +## Client + +### CLI + +A user can query and interact with the `crisis` module using the CLI. + +#### Transactions + +The `tx` commands allow users to interact with the `crisis` module. + +```bash +simd tx crisis --help +``` + +##### invariant-broken + +The `invariant-broken` command submits proof when an invariant was broken to halt the chain + +```bash +simd tx crisis invariant-broken [module-name] [invariant-route] [flags] +``` + +Example: + +```bash +simd tx crisis invariant-broken bank total-supply --from=[keyname or address] +``` diff --git a/copy-of-sdk-docs/build/modules/distribution/README.md b/copy-of-sdk-docs/build/modules/distribution/README.md new file mode 100644 index 00000000..0563c5d7 --- /dev/null +++ b/copy-of-sdk-docs/build/modules/distribution/README.md @@ -0,0 +1,1128 @@ +--- +sidebar_position: 1 +--- + +# `x/distribution` + +## Overview + +This _simple_ distribution mechanism describes a functional way to passively +distribute rewards between validators and delegators. Note that this mechanism does +not distribute funds in as precisely as active reward distribution mechanisms and +will therefore be upgraded in the future. + +The mechanism operates as follows. Collected rewards are pooled globally and +divided out passively to validators and delegators. Each validator has the +opportunity to charge commission to the delegators on the rewards collected on +behalf of the delegators. Fees are collected directly into a global reward pool +and validator proposer-reward pool. Due to the nature of passive accounting, +whenever changes to parameters which affect the rate of reward distribution +occurs, withdrawal of rewards must also occur. + +* Whenever withdrawing, one must withdraw the maximum amount they are entitled + to, leaving nothing in the pool. +* Whenever bonding, unbonding, or re-delegating tokens to an existing account, a + full withdrawal of the rewards must occur (as the rules for lazy accounting + change). +* Whenever a validator chooses to change the commission on rewards, all accumulated + commission rewards must be simultaneously withdrawn. + +The above scenarios are covered in `hooks.md`. + +The distribution mechanism outlined herein is used to lazily distribute the +following rewards between validators and associated delegators: + +* multi-token fees to be socially distributed +* inflated staked asset provisions +* validator commission on all rewards earned by their delegators stake + +Fees are pooled within a global pool. The mechanisms used allow for validators +and delegators to independently and lazily withdraw their rewards. + +## Shortcomings + +As a part of the lazy computations, each delegator holds an accumulation term +specific to each validator which is used to estimate what their approximate +fair portion of tokens held in the global fee pool is owed to them. + +```text +entitlement = delegator-accumulation / all-delegators-accumulation +``` + +Under the circumstance that there was constant and equal flow of incoming +reward tokens every block, this distribution mechanism would be equal to the +active distribution (distribute individually to all delegators each block). +However, this is unrealistic so deviations from the active distribution will +occur based on fluctuations of incoming reward tokens as well as timing of +reward withdrawal by other delegators. + +If you happen to know that incoming rewards are about to significantly increase, +you are incentivized to not withdraw until after this event, increasing the +worth of your existing _accum_. See [#2764](https://github.com/cosmos/cosmos-sdk/issues/2764) +for further details. + +## Effect on Staking + +Charging commission on Atom provisions while also allowing for Atom-provisions +to be auto-bonded (distributed directly to the validators bonded stake) is +problematic within BPoS. Fundamentally, these two mechanisms are mutually +exclusive. If both commission and auto-bonding mechanisms are simultaneously +applied to the staking-token then the distribution of staking-tokens between +any validator and its delegators will change with each block. This then +necessitates a calculation for each delegation records for each block - +which is considered computationally expensive. + +In conclusion, we can only have Atom commission and unbonded atoms +provisions or bonded atom provisions with no Atom commission, and we elect to +implement the former. Stakeholders wishing to rebond their provisions may elect +to set up a script to periodically withdraw and rebond rewards. + +## Contents + +* [Concepts](#concepts) +* [State](#state) + * [FeePool](#feepool) + * [Validator Distribution](#validator-distribution) + * [Delegation Distribution](#delegation-distribution) + * [Params](#params) +* [Begin Block](#begin-block) +* [Messages](#messages) +* [Hooks](#hooks) +* [Events](#events) +* [Parameters](#parameters) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + +## Concepts + +In Proof of Stake (PoS) blockchains, rewards gained from transaction fees are paid to validators. The fee distribution module fairly distributes the rewards to the validators' constituent delegators. + +Rewards are calculated per period. The period is updated each time a validator's delegation changes, for example, when the validator receives a new delegation. +The rewards for a single validator can then be calculated by taking the total rewards for the period before the delegation started, minus the current total rewards. +To learn more, see the [F1 Fee Distribution paper](https://github.com/cosmos/cosmos-sdk/tree/main/docs/spec/fee_distribution/f1_fee_distr.pdf). + +The commission to the validator is paid when the validator is removed or when the validator requests a withdrawal. +The commission is calculated and incremented at every `BeginBlock` operation to update accumulated fee amounts. + +The rewards to a delegator are distributed when the delegation is changed or removed, or a withdrawal is requested. +Before rewards are distributed, all slashes to the validator that occurred during the current delegation are applied. + +### Reference Counting in F1 Fee Distribution + +In F1 fee distribution, the rewards a delegator receives are calculated when their delegation is withdrawn. This calculation must read the terms of the summation of rewards divided by the share of tokens from the period which they ended when they delegated, and the final period that was created for the withdrawal. + +Additionally, as slashes change the amount of tokens a delegation will have (but we calculate this lazily, +only when a delegator un-delegates), we must calculate rewards in separate periods before / after any slashes +which occurred in between when a delegator delegated and when they withdrew their rewards. Thus slashes, like +delegations, reference the period which was ended by the slash event. + +All stored historical rewards records for periods which are no longer referenced by any delegations +or any slashes can thus be safely removed, as they will never be read (future delegations and future +slashes will always reference future periods). This is implemented by tracking a `ReferenceCount` +along with each historical reward storage entry. Each time a new object (delegation or slash) +is created which might need to reference the historical record, the reference count is incremented. +Each time one object which previously needed to reference the historical record is deleted, the reference +count is decremented. If the reference count hits zero, the historical record is deleted. + +### External Community Pool Keepers + +An external pool community keeper is defined as: + +```go +// ExternalCommunityPoolKeeper is the interface that an external community pool module keeper must fulfill +// for x/distribution to properly accept it as a community pool fund destination. +type ExternalCommunityPoolKeeper interface { + // GetCommunityPoolModule gets the module name that funds should be sent to for the community pool. + // This is the address that x/distribution will send funds to for external management. + GetCommunityPoolModule() string + // FundCommunityPool allows an account to directly fund the community fund pool. + FundCommunityPool(ctx sdk.Context, amount sdk.Coins, senderAddr sdk.AccAddress) error + // DistributeFromCommunityPool distributes funds from the community pool module account to + // a receiver address. + DistributeFromCommunityPool(ctx sdk.Context, amount sdk.Coins, receiveAddr sdk.AccAddress) error +} +``` + +By default, the distribution module will use a community pool implementation that is internal. An external community pool +can be provided to the module which will have funds be diverted to it instead of the internal implementation. The reference +external community pool maintained by the Cosmos SDK is [`x/protocolpool`](../protocolpool/README.md). + +## State + +### FeePool + +All globally tracked parameters for distribution are stored within +`FeePool`. Rewards are collected and added to the reward pool and +distributed to validators/delegators from here. + +Note that the reward pool holds decimal coins (`DecCoins`) to allow +for fractions of coins to be received from operations like inflation. +When coins are distributed from the pool they are truncated back to +`sdk.Coins` which are non-decimal. + +* FeePool: `0x00 -> ProtocolBuffer(FeePool)` + +```go +// coins with decimal +type DecCoins []DecCoin + +type DecCoin struct { + Amount math.LegacyDec + Denom string +} +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/distribution/v1beta1/distribution.proto#L116-L123 +``` + +### Validator Distribution + +Validator distribution information for the relevant validator is updated each time: + +1. delegation amount to a validator is updated, +2. any delegator withdraws from a validator, or +3. the validator withdraws its commission. + +* ValidatorDistInfo: `0x02 | ValOperatorAddrLen (1 byte) | ValOperatorAddr -> ProtocolBuffer(validatorDistribution)` + +```go +type ValidatorDistInfo struct { + OperatorAddress sdk.AccAddress + SelfBondRewards sdkmath.DecCoins + ValidatorCommission types.ValidatorAccumulatedCommission +} +``` + +### Delegation Distribution + +Each delegation distribution only needs to record the height at which it last +withdrew fees. Because a delegation must withdraw fees each time it's +properties change (aka bonded tokens etc.) its properties will remain constant +and the delegator's _accumulation_ factor can be calculated passively knowing +only the height of the last withdrawal and its current properties. + +* DelegationDistInfo: `0x02 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValOperatorAddrLen (1 byte) | ValOperatorAddr -> ProtocolBuffer(delegatorDist)` + +```go +type DelegationDistInfo struct { + WithdrawalHeight int64 // last time this delegation withdrew rewards +} +``` + +### Params + +The distribution module stores it's params in state with the prefix of `0x09`, +it can be updated with governance or the address with authority. + +* Params: `0x09 | ProtocolBuffer(Params)` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/distribution/v1beta1/distribution.proto#L12-L42 +``` + +## Begin Block + +At each `BeginBlock`, all fees received in the previous block are transferred to +the distribution `ModuleAccount` account. When a delegator or validator +withdraws their rewards, they are taken out of the `ModuleAccount`. During begin +block, the different claims on the fees collected are updated as follows: + +* The reserve community tax is charged. +* The remainder is distributed proportionally by voting power to all bonded validators + +### The Distribution Scheme + +See [params](#params) for description of parameters. + +Let `fees` be the total fees collected in the previous block, including +inflationary rewards to the stake. All fees are collected in a specific module +account during the block. During `BeginBlock`, they are sent to the +`"distribution"` `ModuleAccount`. No other sending of tokens occurs. Instead, the +rewards each account is entitled to are stored, and withdrawals can be triggered +through the messages `FundCommunityPool`, `WithdrawValidatorCommission` and +`WithdrawDelegatorReward`. + +#### Reward to the Community Pool + +The community pool gets `community_tax * fees`, plus any remaining dust after +validators get their rewards that are always rounded down to the nearest +integer value. + +#### Using an External Community Pool + +Starting with Cosmos SDK v0.53.0, an external community pool, such as `x/protocolpool`, can be used in place of the `x/distribution` managed community pool. + + +Please view the warning in the next section before deciding to use an external community pool. + +```go +// ExternalCommunityPoolKeeper is the interface that an external community pool module keeper must fulfill +// for x/distribution to properly accept it as a community pool fund destination. +type ExternalCommunityPoolKeeper interface { + // GetCommunityPoolModule gets the module name that funds should be sent to for the community pool. + // This is the address that x/distribution will send funds to for external management. + GetCommunityPoolModule() string + // FundCommunityPool allows an account to directly fund the community fund pool. + FundCommunityPool(ctx sdk.Context, amount sdk.Coins, senderAddr sdk.AccAddress) error + // DistributeFromCommunityPool distributes funds from the community pool module account to + // a receiver address. + DistributeFromCommunityPool(ctx sdk.Context, amount sdk.Coins, receiveAddr sdk.AccAddress) error +} +``` + +```go +app.DistrKeeper = distrkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[distrtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + app.StakingKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + distrkeeper.WithExternalCommunityPool(app.ProtocolPoolKeeper), // New option. +) +``` + +#### External Community Pool Usage Warning + +When using an external community pool with `x/distribution`, the following handlers will return an error: + +**QueryService** + +* `CommunityPool` + +**MsgService** + +* `CommunityPoolSpend` +* `FundCommunityPool` + +If you have services that rely on this functionality from `x/distribution`, please update them to use the `x/protocolpool` equivalents. + +#### Reward To the Validators + +The proposer receives no extra rewards. All fees are distributed among all the +bonded validators, including the proposer, in proportion to their consensus power. + +```text +powFrac = validator power / total bonded validator power +voteMul = 1 - community_tax +``` + +All validators receive `fees * voteMul * powFrac`. + +#### Rewards to Delegators + +Each validator's rewards are distributed to its delegators. The validator also +has a self-delegation that is treated like a regular delegation in +distribution calculations. + +The validator sets a commission rate. The commission rate is flexible, but each +validator sets a maximum rate and a maximum daily increase. These maximums cannot be exceeded and protect delegators from sudden increases of validator commission rates to prevent validators from taking all of the rewards. + +The outstanding rewards that the operator is entitled to are stored in +`ValidatorAccumulatedCommission`, while the rewards the delegators are entitled +to are stored in `ValidatorCurrentRewards`. The [F1 fee distribution scheme](#concepts) is used to calculate the rewards per delegator as they +withdraw or update their delegation, and is thus not handled in `BeginBlock`. + +#### Example Distribution + +For this example distribution, the underlying consensus engine selects block proposers in +proportion to their power relative to the entire bonded power. + +All validators are equally performant at including pre-commits in their proposed +blocks. Then hold `(pre_commits included) / (total bonded validator power)` +constant so that the amortized block reward for the validator is `( validator power / total bonded power) * (1 - community tax rate)` of +the total rewards. Consequently, the reward for a single delegator is: + +```text +(delegator proportion of the validator power / validator power) * (validator power / total bonded power) + * (1 - community tax rate) * (1 - validator commission rate) += (delegator proportion of the validator power / total bonded power) * (1 - +community tax rate) * (1 - validator commission rate) +``` + +## Messages + +### MsgSetWithdrawAddress + +By default, the withdraw address is the delegator address. To change its withdraw address, a delegator must send a `MsgSetWithdrawAddress` message. +Changing the withdraw address is possible only if the parameter `WithdrawAddrEnabled` is set to `true`. + +The withdraw address cannot be any of the module accounts. These accounts are blocked from being withdraw addresses by being added to the distribution keeper's `blockedAddrs` array at initialization. + +Response: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/distribution/v1beta1/tx.proto#L49-L60 +``` + +```go +func (k Keeper) SetWithdrawAddr(ctx context.Context, delegatorAddr sdk.AccAddress, withdrawAddr sdk.AccAddress) error + if k.blockedAddrs[withdrawAddr.String()] { + fail with "`{withdrawAddr}` is not allowed to receive external funds" + } + + if !k.GetWithdrawAddrEnabled(ctx) { + fail with `ErrSetWithdrawAddrDisabled` + } + + k.SetDelegatorWithdrawAddr(ctx, delegatorAddr, withdrawAddr) +``` + +### MsgWithdrawDelegatorReward + +A delegator can withdraw its rewards. +Internally in the distribution module, this transaction simultaneously removes the previous delegation with associated rewards, the same as if the delegator simply started a new delegation of the same value. +The rewards are sent immediately from the distribution `ModuleAccount` to the withdraw address. +Any remainder (truncated decimals) are sent to the community pool. +The starting height of the delegation is set to the current validator period, and the reference count for the previous period is decremented. +The amount withdrawn is deducted from the `ValidatorOutstandingRewards` variable for the validator. + +In the F1 distribution, the total rewards are calculated per validator period, and a delegator receives a piece of those rewards in proportion to their stake in the validator. +In basic F1, the total rewards that all the delegators are entitled to between to periods is calculated the following way. +Let `R(X)` be the total accumulated rewards up to period `X` divided by the tokens staked at that time. The delegator allocation is `R(X) * delegator_stake`. +Then the rewards for all the delegators for staking between periods `A` and `B` are `(R(B) - R(A)) * total stake`. +However, these calculated rewards don't account for slashing. + +Taking the slashes into account requires iteration. +Let `F(X)` be the fraction a validator is to be slashed for a slashing event that happened at period `X`. +If the validator was slashed at periods `P1, ..., PN`, where `A < P1`, `PN < B`, the distribution module calculates the individual delegator's rewards, `T(A, B)`, as follows: + +```go +stake := initial stake +rewards := 0 +previous := A +for P in P1, ..., PN`: + rewards = (R(P) - previous) * stake + stake = stake * F(P) + previous = P +rewards = rewards + (R(B) - R(PN)) * stake +``` + +The historical rewards are calculated retroactively by playing back all the slashes and then attenuating the delegator's stake at each step. +The final calculated stake is equivalent to the actual staked coins in the delegation with a margin of error due to rounding errors. + +Response: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/distribution/v1beta1/tx.proto#L66-L77 +``` + +### WithdrawValidatorCommission + +The validator can send the WithdrawValidatorCommission message to withdraw their accumulated commission. +The commission is calculated in every block during `BeginBlock`, so no iteration is required to withdraw. +The amount withdrawn is deducted from the `ValidatorOutstandingRewards` variable for the validator. +Only integer amounts can be sent. If the accumulated awards have decimals, the amount is truncated before the withdrawal is sent, and the remainder is left to be withdrawn later. + +### FundCommunityPool + +:::warning + +This handler will return an error if an `ExternalCommunityPool` is used. + +::: + +This message sends coins directly from the sender to the community pool. + +The transaction fails if the amount cannot be transferred from the sender to the distribution module account. + +```go +func (k Keeper) FundCommunityPool(ctx context.Context, amount sdk.Coins, sender sdk.AccAddress) error { + if err := k.bankKeeper.SendCoinsFromAccountToModule(ctx, sender, types.ModuleName, amount); err != nil { + return err + } + + feePool, err := k.FeePool.Get(ctx) + if err != nil { + return err + } + + feePool.CommunityPool = feePool.CommunityPool.Add(sdk.NewDecCoinsFromCoins(amount...)...) + + if err := k.FeePool.Set(ctx, feePool); err != nil { + return err + } + + return nil +} +``` + +### Common distribution operations + +These operations take place during many different messages. + +#### Initialize delegation + +Each time a delegation is changed, the rewards are withdrawn and the delegation is reinitialized. +Initializing a delegation increments the validator period and keeps track of the starting period of the delegation. + +```go +// initialize starting info for a new delegation +func (k Keeper) initializeDelegation(ctx context.Context, val sdk.ValAddress, del sdk.AccAddress) { + // period has already been incremented - we want to store the period ended by this delegation action + previousPeriod := k.GetValidatorCurrentRewards(ctx, val).Period - 1 + + // increment reference count for the period we're going to track + k.incrementReferenceCount(ctx, val, previousPeriod) + + validator := k.stakingKeeper.Validator(ctx, val) + delegation := k.stakingKeeper.Delegation(ctx, del, val) + + // calculate delegation stake in tokens + // we don't store directly, so multiply delegation shares * (tokens per share) + // note: necessary to truncate so we don't allow withdrawing more rewards than owed + stake := validator.TokensFromSharesTruncated(delegation.GetShares()) + k.SetDelegatorStartingInfo(ctx, val, del, types.NewDelegatorStartingInfo(previousPeriod, stake, uint64(ctx.BlockHeight()))) +} +``` + +### MsgUpdateParams + +Distribution module params can be updated through `MsgUpdateParams`, which can be done using governance proposal and the signer will always be gov module account address. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/distribution/v1beta1/tx.proto#L133-L147 +``` + +The message handling can fail if: + +* signer is not the gov module account address. + +## Hooks + +Available hooks that can be called by and from this module. + +### Create or modify delegation distribution + +* triggered-by: `staking.MsgDelegate`, `staking.MsgBeginRedelegate`, `staking.MsgUndelegate` + +#### Before + +* The delegation rewards are withdrawn to the withdraw address of the delegator. + The rewards include the current period and exclude the starting period. +* The validator period is incremented. + The validator period is incremented because the validator's power and share distribution might have changed. +* The reference count for the delegator's starting period is decremented. + +#### After + +The starting height of the delegation is set to the previous period. +Because of the `Before`-hook, this period is the last period for which the delegator was rewarded. + +### Validator created + +* triggered-by: `staking.MsgCreateValidator` + +When a validator is created, the following validator variables are initialized: + +* Historical rewards +* Current accumulated rewards +* Accumulated commission +* Total outstanding rewards +* Period + +By default, all values are set to a `0`, except period, which is set to `1`. + +### Validator removed + +* triggered-by: `staking.RemoveValidator` + +Outstanding commission is sent to the validator's self-delegation withdrawal address. +Remaining delegator rewards get sent to the community fee pool. + +Note: The validator gets removed only when it has no remaining delegations. +At that time, all outstanding delegator rewards will have been withdrawn. +Any remaining rewards are dust amounts. + +### Validator is slashed + +* triggered-by: `staking.Slash` +* The current validator period reference count is incremented. + The reference count is incremented because the slash event has created a reference to it. +* The validator period is incremented. +* The slash event is stored for later use. + The slash event will be referenced when calculating delegator rewards. + +## Events + +The distribution module emits the following events: + +### BeginBlocker + +| Type | Attribute Key | Attribute Value | +|-----------------|---------------|--------------------| +| proposer_reward | validator | {validatorAddress} | +| proposer_reward | reward | {proposerReward} | +| commission | amount | {commissionAmount} | +| commission | validator | {validatorAddress} | +| rewards | amount | {rewardAmount} | +| rewards | validator | {validatorAddress} | + +### Handlers + +#### MsgSetWithdrawAddress + +| Type | Attribute Key | Attribute Value | +|----------------------|------------------|----------------------| +| set_withdraw_address | withdraw_address | {withdrawAddress} | +| message | module | distribution | +| message | action | set_withdraw_address | +| message | sender | {senderAddress} | + +#### MsgWithdrawDelegatorReward + +| Type | Attribute Key | Attribute Value | +|---------|---------------|---------------------------| +| withdraw_rewards | amount | {rewardAmount} | +| withdraw_rewards | validator | {validatorAddress} | +| message | module | distribution | +| message | action | withdraw_delegator_reward | +| message | sender | {senderAddress} | + +#### MsgWithdrawValidatorCommission + +| Type | Attribute Key | Attribute Value | +|------------|---------------|-------------------------------| +| withdraw_commission | amount | {commissionAmount} | +| message | module | distribution | +| message | action | withdraw_validator_commission | +| message | sender | {senderAddress} | + +## Parameters + +The distribution module contains the following parameters: + +| Key | Type | Example | +| ------------------- | ------------ | -------------------------- | +| communitytax | string (dec) | "0.020000000000000000" [0] | +| withdrawaddrenabled | bool | true | + +* [0] `communitytax` must be positive and cannot exceed 1.00. +* `baseproposerreward` and `bonusproposerreward` were parameters that are deprecated in v0.47 and are not used. + +:::note +The reserve pool is the pool of collected funds for use by governance taken via the `CommunityTax`. +Currently with the Cosmos SDK, tokens collected by the CommunityTax are accounted for but unspendable. +::: + +## Client + +## CLI + +A user can query and interact with the `distribution` module using the CLI. + +#### Query + +The `query` commands allow users to query `distribution` state. + +```shell +simd query distribution --help +``` + +##### commission + +The `commission` command allows users to query validator commission rewards by address. + +```shell +simd query distribution commission [address] [flags] +``` + +Example: + +```shell +simd query distribution commission cosmosvaloper1... +``` + +Example Output: + +```yml +commission: +- amount: "1000000.000000000000000000" + denom: stake +``` + +##### community-pool + +The `community-pool` command allows users to query all coin balances within the community pool. + +```shell +simd query distribution community-pool [flags] +``` + +Example: + +```shell +simd query distribution community-pool +``` + +Example Output: + +```yml +pool: +- amount: "1000000.000000000000000000" + denom: stake +``` + +##### params + +The `params` command allows users to query the parameters of the `distribution` module. + +```shell +simd query distribution params [flags] +``` + +Example: + +```shell +simd query distribution params +``` + +Example Output: + +```yml +base_proposer_reward: "0.000000000000000000" +bonus_proposer_reward: "0.000000000000000000" +community_tax: "0.020000000000000000" +withdraw_addr_enabled: true +``` + +##### rewards + +The `rewards` command allows users to query delegator rewards. Users can optionally include the validator address to query rewards earned from a specific validator. + +```shell +simd query distribution rewards [delegator-addr] [validator-addr] [flags] +``` + +Example: + +```shell +simd query distribution rewards cosmos1... +``` + +Example Output: + +```yml +rewards: +- reward: + - amount: "1000000.000000000000000000" + denom: stake + validator_address: cosmosvaloper1.. +total: +- amount: "1000000.000000000000000000" + denom: stake +``` + +##### slashes + +The `slashes` command allows users to query all slashes for a given block range. + +```shell +simd query distribution slashes [validator] [start-height] [end-height] [flags] +``` + +Example: + +```shell +simd query distribution slashes cosmosvaloper1... 1 1000 +``` + +Example Output: + +```yml +pagination: + next_key: null + total: "0" +slashes: +- validator_period: 20, + fraction: "0.009999999999999999" +``` + +##### validator-outstanding-rewards + +The `validator-outstanding-rewards` command allows users to query all outstanding (un-withdrawn) rewards for a validator and all their delegations. + +```shell +simd query distribution validator-outstanding-rewards [validator] [flags] +``` + +Example: + +```shell +simd query distribution validator-outstanding-rewards cosmosvaloper1... +``` + +Example Output: + +```yml +rewards: +- amount: "1000000.000000000000000000" + denom: stake +``` + +##### validator-distribution-info + +The `validator-distribution-info` command allows users to query validator commission and self-delegation rewards for validator. + +````shell +simd query distribution validator-distribution-info cosmosvaloper1... +``` + +Example Output: + +```yml +commission: +- amount: "100000.000000000000000000" + denom: stake +operator_address: cosmosvaloper1... +self_bond_rewards: +- amount: "100000.000000000000000000" + denom: stake +``` + +#### Transactions + +The `tx` commands allow users to interact with the `distribution` module. + +```shell +simd tx distribution --help +``` + +##### fund-community-pool + +The `fund-community-pool` command allows users to send funds to the community pool. + +```shell +simd tx distribution fund-community-pool [amount] [flags] +``` + +Example: + +```shell +simd tx distribution fund-community-pool 100stake --from cosmos1... +``` + +##### set-withdraw-addr + +The `set-withdraw-addr` command allows users to set the withdraw address for rewards associated with a delegator address. + +```shell +simd tx distribution set-withdraw-addr [withdraw-addr] [flags] +``` + +Example: + +```shell +simd tx distribution set-withdraw-addr cosmos1... --from cosmos1... +``` + +##### withdraw-all-rewards + +The `withdraw-all-rewards` command allows users to withdraw all rewards for a delegator. + +```shell +simd tx distribution withdraw-all-rewards [flags] +``` + +Example: + +```shell +simd tx distribution withdraw-all-rewards --from cosmos1... +``` + +##### withdraw-rewards + +The `withdraw-rewards` command allows users to withdraw all rewards from a given delegation address, +and optionally withdraw validator commission if the delegation address given is a validator operator and the user proves the `--commission` flag. + +```shell +simd tx distribution withdraw-rewards [validator-addr] [flags] +``` + +Example: + +```shell +simd tx distribution withdraw-rewards cosmosvaloper1... --from cosmos1... --commission +``` + +### gRPC + +A user can query the `distribution` module using gRPC endpoints. + +#### Params + +The `Params` endpoint allows users to query parameters of the `distribution` module. + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/Params +``` + +Example Output: + +```json +{ + "params": { + "communityTax": "20000000000000000", + "baseProposerReward": "00000000000000000", + "bonusProposerReward": "00000000000000000", + "withdrawAddrEnabled": true + } +} +``` + +#### ValidatorDistributionInfo + +The `ValidatorDistributionInfo` queries validator commission and self-delegation rewards for validator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"validator_address":"cosmosvalop1..."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/ValidatorDistributionInfo +``` + +Example Output: + +```json +{ + "commission": { + "commission": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] + }, + "self_bond_rewards": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ], + "validator_address": "cosmosvalop1..." +} +``` + +#### ValidatorOutstandingRewards + +The `ValidatorOutstandingRewards` endpoint allows users to query rewards of a validator address. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"validator_address":"cosmosvalop1.."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/ValidatorOutstandingRewards +``` + +Example Output: + +```json +{ + "rewards": { + "rewards": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] + } +} +``` + +#### ValidatorCommission + +The `ValidatorCommission` endpoint allows users to query accumulated commission for a validator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"validator_address":"cosmosvalop1.."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/ValidatorCommission +``` + +Example Output: + +```json +{ + "commission": { + "commission": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] + } +} +``` + +#### ValidatorSlashes + +The `ValidatorSlashes` endpoint allows users to query slash events of a validator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"validator_address":"cosmosvalop1.."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/ValidatorSlashes +``` + +Example Output: + +```json +{ + "slashes": [ + { + "validator_period": "20", + "fraction": "0.009999999999999999" + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### DelegationRewards + +The `DelegationRewards` endpoint allows users to query the total rewards accrued by a delegation. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"delegator_address":"cosmos1...","validator_address":"cosmosvalop1..."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/DelegationRewards +``` + +Example Output: + +```json +{ + "rewards": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] +} +``` + +#### DelegationTotalRewards + +The `DelegationTotalRewards` endpoint allows users to query the total rewards accrued by each validator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"delegator_address":"cosmos1..."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/DelegationTotalRewards +``` + +Example Output: + +```json +{ + "rewards": [ + { + "validatorAddress": "cosmosvaloper1...", + "reward": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] + } + ], + "total": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] +} +``` + +#### DelegatorValidators + +The `DelegatorValidators` endpoint allows users to query all validators for given delegator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"delegator_address":"cosmos1..."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/DelegatorValidators +``` + +Example Output: + +```json +{ + "validators": ["cosmosvaloper1..."] +} +``` + +#### DelegatorWithdrawAddress + +The `DelegatorWithdrawAddress` endpoint allows users to query the withdraw address of a delegator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"delegator_address":"cosmos1..."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/DelegatorWithdrawAddress +``` + +Example Output: + +```json +{ + "withdrawAddress": "cosmos1..." +} +``` + +#### CommunityPool + +The `CommunityPool` endpoint allows users to query the community pool coins. + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/CommunityPool +``` + +Example Output: + +```json +{ + "pool": [ + { + "denom": "stake", + "amount": "1000000000000000000" + } + ] +} +``` diff --git a/copy-of-sdk-docs/build/modules/epochs/README.md b/copy-of-sdk-docs/build/modules/epochs/README.md new file mode 100644 index 00000000..d5697066 --- /dev/null +++ b/copy-of-sdk-docs/build/modules/epochs/README.md @@ -0,0 +1,177 @@ +--- +sidebar_position: 1 +--- + +# `x/epochs` + +## Abstract + +Often in the SDK, we would like to run certain code every so often. The +purpose of `epochs` module is to allow other modules to set that they +would like to be signaled once every period. So another module can +specify it wants to execute code once a week, starting at UTC-time = x. +`epochs` creates a generalized epoch interface to other modules so that +they can easily be signaled upon such events. + +## Contents + +1. **[Concept](#concepts)** +2. **[State](#state)** +3. **[Events](#events)** +4. **[Keeper](#keepers)** +5. **[Hooks](#hooks)** +6. **[Queries](#queries)** + +## Concepts + +The epochs module defines on-chain timers that execute at fixed time intervals. +Other SDK modules can then register logic to be executed at the timer ticks. +We refer to the period in between two timer ticks as an "epoch". + +Every timer has a unique identifier. +Every epoch will have a start time, and an end time, where `end time = start time + timer interval`. +On mainnet, we only utilize one identifier, with a time interval of `one day`. + +The timer will tick at the first block whose block time is greater than the timer end time, +and set the start as the prior timer end time. (Notably, it's not set to the block time!) +This means that if the chain has been down for a while, you will get one timer tick per block, +until the timer has caught up. + +## State + +The Epochs module keeps a single `EpochInfo` per identifier. +This contains the current state of the timer with the corresponding identifier. +Its fields are modified at every timer tick. +EpochInfos are initialized as part of genesis initialization or upgrade logic, +and are only modified on begin blockers. + +## Events + +The `epochs` module emits the following events: + +### BeginBlocker + +| Type | Attribute Key | Attribute Value | +| ----------- | ------------- | --------------- | +| epoch_start | epoch_number | {epoch_number} | +| epoch_start | start_time | {start_time} | + +### EndBlocker + +| Type | Attribute Key | Attribute Value | +| --------- | ------------- | --------------- | +| epoch_end | epoch_number | {epoch_number} | + +## Keepers + +### Keeper functions + +Epochs keeper module provides utility functions to manage epochs. + +## Hooks + +```go + // the first block whose timestamp is after the duration is counted as the end of the epoch + AfterEpochEnd(ctx sdk.Context, epochIdentifier string, epochNumber int64) + // new epoch is next block of epoch end block + BeforeEpochStart(ctx sdk.Context, epochIdentifier string, epochNumber int64) +``` + +### How modules receive hooks + +On hook receiver function of other modules, they need to filter +`epochIdentifier` and only do executions for only specific +epochIdentifier. Filtering epochIdentifier could be in `Params` of other +modules so that they can be modified by governance. + +This is the standard dev UX of this: + +```golang +func (k MyModuleKeeper) AfterEpochEnd(ctx sdk.Context, epochIdentifier string, epochNumber int64) { + params := k.GetParams(ctx) + if epochIdentifier == params.DistrEpochIdentifier { + // my logic + } +} +``` + +### Panic isolation + +If a given epoch hook panics, its state update is reverted, but we keep +proceeding through the remaining hooks. This allows more advanced epoch +logic to be used, without concern over state machine halting, or halting +subsequent modules. + +This does mean that if there is behavior you expect from a prior epoch +hook, and that epoch hook reverted, your hook may also have an issue. So +do keep in mind "what if a prior hook didn't get executed" in the safety +checks you consider for a new epoch hook. + +## Queries + +The Epochs module provides the following queries to check the module's state. + +```protobuf +service Query { + // EpochInfos provide running epochInfos + rpc EpochInfos(QueryEpochsInfoRequest) returns (QueryEpochsInfoResponse) {} + // CurrentEpoch provide current epoch of specified identifier + rpc CurrentEpoch(QueryCurrentEpochRequest) returns (QueryCurrentEpochResponse) {} +} +``` + +### Epoch Infos + +Query the currently running epochInfos + +```sh + query epochs epoch-infos +``` + +:::details Example + +An example output: + +```sh +epochs: +- current_epoch: "183" + current_epoch_start_height: "2438409" + current_epoch_start_time: "2021-12-18T17:16:09.898160996Z" + duration: 86400s + epoch_counting_started: true + identifier: day + start_time: "2021-06-18T17:00:00Z" +- current_epoch: "26" + current_epoch_start_height: "2424854" + current_epoch_start_time: "2021-12-17T17:02:07.229632445Z" + duration: 604800s + epoch_counting_started: true + identifier: week + start_time: "2021-06-18T17:00:00Z" +``` + +::: + +### Current Epoch + +Query the current epoch by the specified identifier + +```sh + query epochs current-epoch [identifier] +``` + +:::details Example + +Query the current `day` epoch: + +```sh + query epochs current-epoch day +``` + +Which in this example outputs: + +```sh +current_epoch: "183" +``` + +::: diff --git a/copy-of-sdk-docs/build/modules/evidence/README.md b/copy-of-sdk-docs/build/modules/evidence/README.md new file mode 100644 index 00000000..aba2e10e --- /dev/null +++ b/copy-of-sdk-docs/build/modules/evidence/README.md @@ -0,0 +1,440 @@ +--- +sidebar_position: 1 +--- + +# `x/evidence` + +* [Concepts](#concepts) +* [State](#state) +* [Messages](#messages) +* [Events](#events) +* [Parameters](#parameters) +* [BeginBlock](#beginblock) +* [Client](#client) + * [CLI](#cli) + * [REST](#rest) + * [gRPC](#grpc) + +## Abstract + +`x/evidence` is an implementation of a Cosmos SDK module, per [ADR 009](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-009-evidence-module.md), +that allows for the submission and handling of arbitrary evidence of misbehavior such +as equivocation and counterfactual signing. + +The evidence module differs from standard evidence handling which typically expects the +underlying consensus engine, e.g. CometBFT, to automatically submit evidence when +it is discovered by allowing clients and foreign chains to submit more complex evidence +directly. + +All concrete evidence types must implement the `Evidence` interface contract. Submitted +`Evidence` is first routed through the evidence module's `Router` in which it attempts +to find a corresponding registered `Handler` for that specific `Evidence` type. +Each `Evidence` type must have a `Handler` registered with the evidence module's +keeper in order for it to be successfully routed and executed. + +Each corresponding handler must also fulfill the `Handler` interface contract. The +`Handler` for a given `Evidence` type can perform any arbitrary state transitions +such as slashing, jailing, and tombstoning. + +## Concepts + +### Evidence + +Any concrete type of evidence submitted to the `x/evidence` module must fulfill the +`Evidence` contract outlined below. Not all concrete types of evidence will fulfill +this contract in the same way and some data may be entirely irrelevant to certain +types of evidence. An additional `ValidatorEvidence`, which extends `Evidence`, +has also been created to define a contract for evidence against malicious validators. + +```go +// Evidence defines the contract which concrete evidence types of misbehavior +// must implement. +type Evidence interface { + proto.Message + + Route() string + String() string + Hash() []byte + ValidateBasic() error + + // Height at which the infraction occurred + GetHeight() int64 +} + +// ValidatorEvidence extends Evidence interface to define contract +// for evidence against malicious validators +type ValidatorEvidence interface { + Evidence + + // The consensus address of the malicious validator at time of infraction + GetConsensusAddress() sdk.ConsAddress + + // The total power of the malicious validator at time of infraction + GetValidatorPower() int64 + + // The total validator set power at time of infraction + GetTotalPower() int64 +} +``` + +### Registration & Handling + +The `x/evidence` module must first know about all types of evidence it is expected +to handle. This is accomplished by registering the `Route` method in the `Evidence` +contract with what is known as a `Router` (defined below). The `Router` accepts +`Evidence` and attempts to find the corresponding `Handler` for the `Evidence` +via the `Route` method. + +```go +type Router interface { + AddRoute(r string, h Handler) Router + HasRoute(r string) bool + GetRoute(path string) Handler + Seal() + Sealed() bool +} +``` + +The `Handler` (defined below) is responsible for executing the entirety of the +business logic for handling `Evidence`. This typically includes validating the +evidence, both stateless checks via `ValidateBasic` and stateful checks via any +keepers provided to the `Handler`. In addition, the `Handler` may also perform +capabilities such as slashing and jailing a validator. All `Evidence` handled +by the `Handler` should be persisted. + +```go +// Handler defines an agnostic Evidence handler. The handler is responsible +// for executing all corresponding business logic necessary for verifying the +// evidence as valid. In addition, the Handler may execute any necessary +// slashing and potential jailing. +type Handler func(context.Context, Evidence) error +``` + + +## State + +Currently the `x/evidence` module only stores valid submitted `Evidence` in state. +The evidence state is also stored and exported in the `x/evidence` module's `GenesisState`. + +```protobuf +// GenesisState defines the evidence module's genesis state. +message GenesisState { + // evidence defines all the evidence at genesis. + repeated google.protobuf.Any evidence = 1; +} + +``` + +All `Evidence` is retrieved and stored via a prefix `KVStore` using prefix `0x00` (`KeyPrefixEvidence`). + + +## Messages + +### MsgSubmitEvidence + +Evidence is submitted through a `MsgSubmitEvidence` message: + +```protobuf +// MsgSubmitEvidence represents a message that supports submitting arbitrary +// Evidence of misbehavior such as equivocation or counterfactual signing. +message MsgSubmitEvidence { + string submitter = 1; + google.protobuf.Any evidence = 2; +} +``` + +Note, the `Evidence` of a `MsgSubmitEvidence` message must have a corresponding +`Handler` registered with the `x/evidence` module's `Router` in order to be processed +and routed correctly. + +Given the `Evidence` is registered with a corresponding `Handler`, it is processed +as follows: + +```go +func SubmitEvidence(ctx Context, evidence Evidence) error { + if _, err := GetEvidence(ctx, evidence.Hash()); err == nil { + return errorsmod.Wrap(types.ErrEvidenceExists, strings.ToUpper(hex.EncodeToString(evidence.Hash()))) + } + if !router.HasRoute(evidence.Route()) { + return errorsmod.Wrap(types.ErrNoEvidenceHandlerExists, evidence.Route()) + } + + handler := router.GetRoute(evidence.Route()) + if err := handler(ctx, evidence); err != nil { + return errorsmod.Wrap(types.ErrInvalidEvidence, err.Error()) + } + + ctx.EventManager().EmitEvent( + sdk.NewEvent( + types.EventTypeSubmitEvidence, + sdk.NewAttribute(types.AttributeKeyEvidenceHash, strings.ToUpper(hex.EncodeToString(evidence.Hash()))), + ), + ) + + SetEvidence(ctx, evidence) + return nil +} +``` + +First, there must not already exist valid submitted `Evidence` of the exact same +type. Secondly, the `Evidence` is routed to the `Handler` and executed. Finally, +if there is no error in handling the `Evidence`, an event is emitted and it is persisted to state. + + +## Events + +The `x/evidence` module emits the following events: + +### Handlers + +#### MsgSubmitEvidence + +| Type | Attribute Key | Attribute Value | +| --------------- | ------------- | --------------- | +| submit_evidence | evidence_hash | {evidenceHash} | +| message | module | evidence | +| message | sender | {senderAddress} | +| message | action | submit_evidence | + + +## Parameters + +The evidence module does not contain any parameters. + + +## BeginBlock + +### Evidence Handling + +CometBFT blocks can include +[Evidence](https://github.com/cometbft/cometbft/blob/main/spec/abci/abci%2B%2B_basic_concepts.md#evidence) that indicates if a validator committed malicious behavior. The relevant information is forwarded to the application as ABCI Evidence in `abci.RequestBeginBlock` so that the validator can be punished accordingly. + +#### Equivocation + +The Cosmos SDK handles two types of evidence inside the ABCI `BeginBlock`: + +* `DuplicateVoteEvidence`, +* `LightClientAttackEvidence`. + +The evidence module handles these two evidence types the same way. First, the Cosmos SDK converts the CometBFT concrete evidence type to an SDK `Evidence` interface using `Equivocation` as the concrete type. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/evidence/v1beta1/evidence.proto#L12-L32 +``` + +For some `Equivocation` submitted in `block` to be valid, it must satisfy: + +`Evidence.Timestamp >= block.Timestamp - MaxEvidenceAge` + +Where: + +* `Evidence.Timestamp` is the timestamp in the block at height `Evidence.Height` +* `block.Timestamp` is the current block timestamp. + +If valid `Equivocation` evidence is included in a block, the validator's stake is +reduced (slashed) by `SlashFractionDoubleSign` as defined by the `x/slashing` module +of what their stake was when the infraction occurred, rather than when the evidence was discovered. +We want to "follow the stake", i.e., the stake that contributed to the infraction +should be slashed, even if it has since been redelegated or started unbonding. + +In addition, the validator is permanently jailed and tombstoned to make it impossible for that +validator to ever re-enter the validator set. + +The `Equivocation` evidence is handled as follows: + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/x/evidence/keeper/infraction.go#L26-L140 +``` + +**Note:** The slashing, jailing, and tombstoning calls are delegated through the `x/slashing` module +that emits informative events and finally delegates calls to the `x/staking` module. See documentation +on slashing and jailing in [State Transitions](../staking/README.md#state-transitions). + +## Client + +### CLI + +A user can query and interact with the `evidence` module using the CLI. + +#### Query + +The `query` commands allows users to query `evidence` state. + +```bash +simd query evidence --help +``` + +#### evidence + +The `evidence` command allows users to list all evidence or evidence by hash. + +Usage: + +```bash +simd query evidence [flags] +``` + +To query evidence by hash + +Example: + +```bash +simd query evidence evidence "DF0C23E8634E480F84B9D5674A7CDC9816466DEC28A3358F73260F68D28D7660" +``` + +Example Output: + +```bash +evidence: + consensus_address: cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h + height: 11 + power: 100 + time: "2021-10-20T16:08:38.194017624Z" +``` + +To get all evidence + +Example: + +```bash +simd query evidence list +``` + +Example Output: + +```bash +evidence: + consensus_address: cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h + height: 11 + power: 100 + time: "2021-10-20T16:08:38.194017624Z" +pagination: + next_key: null + total: "1" +``` + +### REST + +A user can query the `evidence` module using REST endpoints. + +#### Evidence + +Get evidence by hash + +```bash +/cosmos/evidence/v1beta1/evidence/{hash} +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/evidence/v1beta1/evidence/DF0C23E8634E480F84B9D5674A7CDC9816466DEC28A3358F73260F68D28D7660" +``` + +Example Output: + +```bash +{ + "evidence": { + "consensus_address": "cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h", + "height": "11", + "power": "100", + "time": "2021-10-20T16:08:38.194017624Z" + } +} +``` + +#### All evidence + +Get all evidence + +```bash +/cosmos/evidence/v1beta1/evidence +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/evidence/v1beta1/evidence" +``` + +Example Output: + +```bash +{ + "evidence": [ + { + "consensus_address": "cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h", + "height": "11", + "power": "100", + "time": "2021-10-20T16:08:38.194017624Z" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### gRPC + +A user can query the `evidence` module using gRPC endpoints. + +#### Evidence + +Get evidence by hash + +```bash +cosmos.evidence.v1beta1.Query/Evidence +``` + +Example: + +```bash +grpcurl -plaintext -d '{"evidence_hash":"DF0C23E8634E480F84B9D5674A7CDC9816466DEC28A3358F73260F68D28D7660"}' localhost:9090 cosmos.evidence.v1beta1.Query/Evidence +``` + +Example Output: + +```bash +{ + "evidence": { + "consensus_address": "cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h", + "height": "11", + "power": "100", + "time": "2021-10-20T16:08:38.194017624Z" + } +} +``` + +#### All evidence + +Get all evidence + +```bash +cosmos.evidence.v1beta1.Query/AllEvidence +``` + +Example: + +```bash +grpcurl -plaintext localhost:9090 cosmos.evidence.v1beta1.Query/AllEvidence +``` + +Example Output: + +```bash +{ + "evidence": [ + { + "consensus_address": "cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h", + "height": "11", + "power": "100", + "time": "2021-10-20T16:08:38.194017624Z" + } + ], + "pagination": { + "total": "1" + } +} +``` diff --git a/copy-of-sdk-docs/build/modules/feegrant/README.md b/copy-of-sdk-docs/build/modules/feegrant/README.md new file mode 100644 index 00000000..0ac1c298 --- /dev/null +++ b/copy-of-sdk-docs/build/modules/feegrant/README.md @@ -0,0 +1,396 @@ +--- +sidebar_position: 1 +--- + +# `x/feegrant` + +## Abstract + +This document specifies the fee grant module. For the full ADR, please see [Fee Grant ADR-029](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-029-fee-grant-module.md). + +This module allows accounts to grant fee allowances and to use fees from their accounts. Grantees can execute any transaction without the need to maintain sufficient fees. + +## Contents + +* [Concepts](#concepts) +* [State](#state) + * [FeeAllowance](#feeallowance) + * [FeeAllowanceQueue](#feeallowancequeue) +* [Messages](#messages) + * [Msg/GrantAllowance](#msggrantallowance) + * [Msg/RevokeAllowance](#msgrevokeallowance) +* [Events](#events) +* [Msg Server](#msg-server) + * [MsgGrantAllowance](#msggrantallowance-1) + * [MsgRevokeAllowance](#msgrevokeallowance-1) + * [Exec fee allowance](#exec-fee-allowance) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + +## Concepts + +### Grant + +`Grant` is stored in the KVStore to record a grant with full context. Every grant will contain `granter`, `grantee` and what kind of `allowance` is granted. `granter` is an account address who is giving permission to `grantee` (the beneficiary account address) to pay for some or all of `grantee`'s transaction fees. `allowance` defines what kind of fee allowance (`BasicAllowance` or `PeriodicAllowance`, see below) is granted to `grantee`. `allowance` accepts an interface which implements `FeeAllowanceI`, encoded as `Any` type. There can be only one existing fee grant allowed for a `grantee` and `granter`, self grants are not allowed. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/feegrant.proto#L83-L93 +``` + +`FeeAllowanceI` looks like: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/feegrant/fees.go#L9-L32 +``` + +### Fee Allowance types + +There are two types of fee allowances present at the moment: + +* `BasicAllowance` +* `PeriodicAllowance` +* `AllowedMsgAllowance` + +### BasicAllowance + +`BasicAllowance` is permission for `grantee` to use fee from a `granter`'s account. If any of the `spend_limit` or `expiration` reaches its limit, the grant will be removed from the state. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/feegrant.proto#L15-L28 +``` + +* `spend_limit` is the limit of coins that are allowed to be used from the `granter` account. If it is empty, it assumes there's no spend limit, `grantee` can use any number of available coins from `granter` account address before the expiration. + +* `expiration` specifies an optional time when this allowance expires. If the value is left empty, there is no expiry for the grant. + +* When a grant is created with empty values for `spend_limit` and `expiration`, it is still a valid grant. It won't restrict the `grantee` to use any number of coins from `granter` and it won't have any expiration. The only way to restrict the `grantee` is by revoking the grant. + +### PeriodicAllowance + +`PeriodicAllowance` is a repeating fee allowance for the mentioned period, we can mention when the grant can expire as well as when a period can reset. We can also define the maximum number of coins that can be used in a mentioned period of time. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/feegrant.proto#L34-L68 +``` + +* `basic` is the instance of `BasicAllowance` which is optional for periodic fee allowance. If empty, the grant will have no `expiration` and no `spend_limit`. + +* `period` is the specific period of time, after each period passes, `period_can_spend` will be reset. + +* `period_spend_limit` specifies the maximum number of coins that can be spent in the period. + +* `period_can_spend` is the number of coins left to be spent before the period_reset time. + +* `period_reset` keeps track of when a next period reset should happen. + +### AllowedMsgAllowance + +`AllowedMsgAllowance` is a fee allowance, it can be any of `BasicFeeAllowance`, `PeriodicAllowance` but restricted only to the allowed messages mentioned by the granter. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/feegrant.proto#L70-L81 +``` + +* `allowance` is either `BasicAllowance` or `PeriodicAllowance`. + +* `allowed_messages` is array of messages allowed to execute the given allowance. + +### FeeGranter flag + +`feegrant` module introduces a `FeeGranter` flag for CLI for the sake of executing transactions with fee granter. When this flag is set, `clientCtx` will append the granter account address for transactions generated through CLI. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/client/cmd.go#L249-L260 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/client/tx/tx.go#L109-L109 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/tx/builder.go#L275-L284 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/tx/v1beta1/tx.proto#L203-L224 +``` + +Example cmd: + +```go +./simd tx gov submit-proposal --title="Test Proposal" --description="My awesome proposal" --type="Text" --from validator-key --fee-granter=cosmos1xh44hxt7spr67hqaa7nyx5gnutrz5fraw6grxn --chain-id=testnet --fees="10stake" +``` + +### Granted Fee Deductions + +Fees are deducted from grants in the `x/auth` ante handler. To learn more about how ante handlers work, read the [Auth Module AnteHandlers Guide](../auth/README.md#antehandlers). + +### Gas + +In order to prevent DoS attacks, using a filtered `x/feegrant` incurs gas. The SDK must assure that the `grantee`'s transactions all conform to the filter set by the `granter`. The SDK does this by iterating over the allowed messages in the filter and charging 10 gas per filtered message. The SDK will then iterate over the messages being sent by the `grantee` to ensure the messages adhere to the filter, also charging 10 gas per message. The SDK will stop iterating and fail the transaction if it finds a message that does not conform to the filter. + +**WARNING**: The gas is charged against the granted allowance. Ensure your messages conform to the filter, if any, before sending transactions using your allowance. + +### Pruning + +A queue in the state maintained with the prefix of expiration of the grants and checks them on EndBlock with the current block time for every block to prune. + +## State + +### FeeAllowance + +Fee Allowances are identified by combining `Grantee` (the account address of fee allowance grantee) with the `Granter` (the account address of fee allowance granter). + +Fee allowance grants are stored in the state as follows: + +* Grant: `0x00 | grantee_addr_len (1 byte) | grantee_addr_bytes | granter_addr_len (1 byte) | granter_addr_bytes -> ProtocolBuffer(Grant)` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/feegrant/feegrant.pb.go#L222-L230 +``` + +### FeeAllowanceQueue + +Fee Allowances queue items are identified by combining the `FeeAllowancePrefixQueue` (i.e., 0x01), `expiration`, `grantee` (the account address of fee allowance grantee), `granter` (the account address of fee allowance granter). Endblocker checks `FeeAllowanceQueue` state for the expired grants and prunes them from `FeeAllowance` if there are any found. + +Fee allowance queue keys are stored in the state as follows: + +* Grant: `0x01 | expiration_bytes | grantee_addr_len (1 byte) | grantee_addr_bytes | granter_addr_len (1 byte) | granter_addr_bytes -> EmptyBytes` + +## Messages + +### Msg/GrantAllowance + +A fee allowance grant will be created with the `MsgGrantAllowance` message. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/tx.proto#L25-L39 +``` + +### Msg/RevokeAllowance + +An allowed grant fee allowance can be removed with the `MsgRevokeAllowance` message. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/tx.proto#L41-L54 +``` + +## Events + +The feegrant module emits the following events: + +## Msg Server + +### MsgGrantAllowance + +| Type | Attribute Key | Attribute Value | +| ------- | ------------- | ---------------- | +| message | action | set_feegrant | +| message | granter | {granterAddress} | +| message | grantee | {granteeAddress} | + +### MsgRevokeAllowance + +| Type | Attribute Key | Attribute Value | +| ------- | ------------- | ---------------- | +| message | action | revoke_feegrant | +| message | granter | {granterAddress} | +| message | grantee | {granteeAddress} | + +### Exec fee allowance + +| Type | Attribute Key | Attribute Value | +| ------- | ------------- | ---------------- | +| message | action | use_feegrant | +| message | granter | {granterAddress} | +| message | grantee | {granteeAddress} | + +### Prune fee allowances + +| Type | Attribute Key | Attribute Value | +| ------- | ------------- | ---------------- | +| message | action | prune_feegrant | +| message | pruner | {prunerAddress} | + + +## Client + +### CLI + +A user can query and interact with the `feegrant` module using the CLI. + +#### Query + +The `query` commands allow users to query `feegrant` state. + +```shell +simd query feegrant --help +``` + +##### grant + +The `grant` command allows users to query a grant for a given granter-grantee pair. + +```shell +simd query feegrant grant [granter] [grantee] [flags] +``` + +Example: + +```shell +simd query feegrant grant cosmos1.. cosmos1.. +``` + +Example Output: + +```yml +allowance: + '@type': /cosmos.feegrant.v1beta1.BasicAllowance + expiration: null + spend_limit: + - amount: "100" + denom: stake +grantee: cosmos1.. +granter: cosmos1.. +``` + +##### grants + +The `grants` command allows users to query all grants for a given grantee. + +```shell +simd query feegrant grants [grantee] [flags] +``` + +Example: + +```shell +simd query feegrant grants cosmos1.. +``` + +Example Output: + +```yml +allowances: +- allowance: + '@type': /cosmos.feegrant.v1beta1.BasicAllowance + expiration: null + spend_limit: + - amount: "100" + denom: stake + grantee: cosmos1.. + granter: cosmos1.. +pagination: + next_key: null + total: "0" +``` + +#### Transactions + +The `tx` commands allow users to interact with the `feegrant` module. + +```shell +simd tx feegrant --help +``` + +##### grant + +The `grant` command allows users to grant fee allowances to another account. The fee allowance can have an expiration date, a total spend limit, and/or a periodic spend limit. + +```shell +simd tx feegrant grant [granter] [grantee] [flags] +``` + +Example (one-time spend limit): + +```shell +simd tx feegrant grant cosmos1.. cosmos1.. --spend-limit 100stake +``` + +Example (periodic spend limit): + +```shell +simd tx feegrant grant cosmos1.. cosmos1.. --period 3600 --period-limit 10stake +``` + +##### revoke + +The `revoke` command allows users to revoke a granted fee allowance. + +```shell +simd tx feegrant revoke [granter] [grantee] [flags] +``` + +Example: + +```shell +simd tx feegrant revoke cosmos1.. cosmos1.. +``` + +### gRPC + +A user can query the `feegrant` module using gRPC endpoints. + +#### Allowance + +The `Allowance` endpoint allows users to query a granted fee allowance. + +```shell +cosmos.feegrant.v1beta1.Query/Allowance +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"grantee":"cosmos1..","granter":"cosmos1.."}' \ + localhost:9090 \ + cosmos.feegrant.v1beta1.Query/Allowance +``` + +Example Output: + +```json +{ + "allowance": { + "granter": "cosmos1..", + "grantee": "cosmos1..", + "allowance": {"@type":"/cosmos.feegrant.v1beta1.BasicAllowance","spendLimit":[{"denom":"stake","amount":"100"}]} + } +} +``` + +#### Allowances + +The `Allowances` endpoint allows users to query all granted fee allowances for a given grantee. + +```shell +cosmos.feegrant.v1beta1.Query/Allowances +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"address":"cosmos1.."}' \ + localhost:9090 \ + cosmos.feegrant.v1beta1.Query/Allowances +``` + +Example Output: + +```json +{ + "allowances": [ + { + "granter": "cosmos1..", + "grantee": "cosmos1..", + "allowance": {"@type":"/cosmos.feegrant.v1beta1.BasicAllowance","spendLimit":[{"denom":"stake","amount":"100"}]} + } + ], + "pagination": { + "total": "1" + } +} +``` diff --git a/copy-of-sdk-docs/build/modules/genutil/README.md b/copy-of-sdk-docs/build/modules/genutil/README.md new file mode 100644 index 00000000..34bc79d5 --- /dev/null +++ b/copy-of-sdk-docs/build/modules/genutil/README.md @@ -0,0 +1,89 @@ +# `x/genutil` + +## Concepts + +The `genutil` package contains a variety of genesis utility functionalities for usage within a blockchain application. Namely: + +* Genesis transactions related (gentx) +* Commands for collection and creation of gentxs +* `InitChain` processing of gentxs +* Genesis file creation +* Genesis file validation +* Genesis file migration +* CometBFT related initialization + * Translation of an app genesis to a CometBFT genesis + +## Genesis + +Genutil contains the data structure that defines an application genesis. +An application genesis consists of a consensus genesis (g.e. CometBFT genesis) and application related genesis data. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-rc.0/x/genutil/types/genesis.go#L24-L34 +``` + +The application genesis can then be translated to the consensus engine to the right format: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-rc.0/x/genutil/types/genesis.go#L126-L136 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-rc.0/server/start.go#L397-L407 +``` + +## Client + +### CLI + +The genutil commands are available under the `genesis` subcommand. + +#### add-genesis-account + +Add a genesis account to `genesis.json`. Learn more [here](https://docs.cosmos.network/main/run-node/run-node#adding-genesis-accounts). + +#### collect-gentxs + +Collect genesis txs and output a `genesis.json` file. + +```shell +simd genesis collect-gentxs +``` + +This will create a new `genesis.json` file that includes data from all the validators (we sometimes call it the "super genesis file" to distinguish it from single-validator genesis files). + +#### gentx + +Generate a genesis tx carrying a self delegation. + +```shell +simd genesis gentx [key_name] [amount] --chain-id [chain-id] +``` + +This will create the genesis transaction for your new chain. Here `amount` should be at least `1000000000stake`. +If you provide too much or too little, you will encounter an error when starting a node. + +#### migrate + +Migrate genesis to a specified target (SDK) version. + +```shell +simd genesis migrate [target-version] +``` + +:::tip +The `migrate` command is extensible and takes a `MigrationMap`. This map is a mapping of target versions to genesis migrations functions. +When not using the default `MigrationMap`, it is recommended to still call the default `MigrationMap` corresponding the SDK version of the chain and prepend/append your own genesis migrations. +::: + +#### validate-genesis + +Validates the genesis file at the default location or at the location passed as an argument. + +```shell +simd genesis validate-genesis +``` + +:::warning +Validate genesis only validates if the genesis is valid at the **current application binary**. For validating a genesis from a previous version of the application, use the `migrate` command to migrate the genesis to the current version. +::: diff --git a/copy-of-sdk-docs/build/modules/gov/README.md b/copy-of-sdk-docs/build/modules/gov/README.md new file mode 100644 index 00000000..7b10700c --- /dev/null +++ b/copy-of-sdk-docs/build/modules/gov/README.md @@ -0,0 +1,2588 @@ +--- +sidebar_position: 1 +--- + +# `x/gov` + +## Abstract + +This paper specifies the Governance module of the Cosmos SDK, which was first +described in the [Cosmos Whitepaper](https://cosmos.network/about/whitepaper) in +June 2016. + +The module enables Cosmos SDK based blockchain to support an on-chain governance +system. In this system, holders of the native staking token of the chain can vote +on proposals on a 1 token 1 vote basis. Next is a list of features the module +currently supports: + +* **Proposal submission:** Users can submit proposals with a deposit. Once the +minimum deposit is reached, the proposal enters voting period. The minimum deposit can be reached by collecting deposits from different users (including proposer) within deposit period. +* **Vote:** Participants can vote on proposals that reached MinDeposit and entered voting period. +* **Inheritance and penalties:** Delegators inherit their validator's vote if +they don't vote themselves. +* **Claiming deposit:** Users that deposited on proposals can recover their +deposits if the proposal was accepted or rejected. If the proposal was vetoed, or never entered voting period (minimum deposit not reached within deposit period), the deposit is burned. + +This module is in use on the Cosmos Hub (a.k.a [gaia](https://github.com/cosmos/gaia)). +Features that may be added in the future are described in [Future Improvements](#future-improvements). + +## Contents + +The following specification uses *ATOM* as the native staking token. The module +can be adapted to any Proof-Of-Stake blockchain by replacing *ATOM* with the native +staking token of the chain. + +* [Concepts](#concepts) + * [Proposal submission](#proposal-submission) + * [Deposit](#deposit) + * [Vote](#vote) + * [Software Upgrade](#software-upgrade) +* [State](#state) + * [Proposals](#proposals) + * [Parameters and base types](#parameters-and-base-types) + * [Deposit](#deposit-1) + * [ValidatorGovInfo](#validatorgovinfo) + * [Stores](#stores) + * [Proposal Processing Queue](#proposal-processing-queue) + * [Legacy Proposal](#legacy-proposal) +* [Messages](#messages) + * [Proposal Submission](#proposal-submission-1) + * [Deposit](#deposit-2) + * [Vote](#vote-1) +* [Events](#events) + * [EndBlocker](#endblocker) + * [Handlers](#handlers) +* [Parameters](#parameters) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) +* [Metadata](#metadata) + * [Proposal](#proposal-3) + * [Vote](#vote-5) +* [Future Improvements](#future-improvements) + +## Concepts + +*Disclaimer: This is work in progress. Mechanisms are susceptible to change.* + +The governance process is divided in a few steps that are outlined below: + +* **Proposal submission:** Proposal is submitted to the blockchain with a + deposit. +* **Vote:** Once deposit reaches a certain value (`MinDeposit`), proposal is + confirmed and vote opens. Bonded Atom holders can then send `TxGovVote` + transactions to vote on the proposal. +* **Execution** After a period of time, the votes are tallied and depending + on the result, the messages in the proposal will be executed. + +### Proposal submission + +#### Right to submit a proposal + +Every account can submit proposals by sending a `MsgSubmitProposal` transaction. +Once a proposal is submitted, it is identified by its unique `proposalID`. + +#### Proposal Messages + +A proposal includes an array of `sdk.Msg`s which are executed automatically if the +proposal passes. The messages are executed by the governance `ModuleAccount` itself. Modules +such as `x/upgrade`, that want to allow certain messages to be executed by governance +only should add a whitelist within the respective msg server, granting the governance +module the right to execute the message once a quorum has been reached. The governance +module uses the `MsgServiceRouter` to check that these messages are correctly constructed +and have a respective path to execute on but do not perform a full validity check. + +### Deposit + +To prevent spam, proposals must be submitted with a deposit in the coins defined by +the `MinDeposit` param. + +When a proposal is submitted, it has to be accompanied with a deposit that must be +strictly positive, but can be inferior to `MinDeposit`. The submitter doesn't need +to pay for the entire deposit on their own. The newly created proposal is stored in +an *inactive proposal queue* and stays there until its deposit passes the `MinDeposit`. +Other token holders can increase the proposal's deposit by sending a `Deposit` +transaction. If a proposal doesn't pass the `MinDeposit` before the deposit end time +(the time when deposits are no longer accepted), the proposal will be destroyed: the +proposal will be removed from state and the deposit will be burned (see x/gov `EndBlocker`). +When a proposal deposit passes the `MinDeposit` threshold (even during the proposal +submission) before the deposit end time, the proposal will be moved into the +*active proposal queue* and the voting period will begin. + +The deposit is kept in escrow and held by the governance `ModuleAccount` until the +proposal is finalized (passed or rejected). + +#### Deposit refund and burn + +When a proposal is finalized, the coins from the deposit are either refunded or burned +according to the final tally of the proposal: + +* If the proposal is approved or rejected but *not* vetoed, each deposit will be + automatically refunded to its respective depositor (transferred from the governance + `ModuleAccount`). +* When the proposal is vetoed with greater than 1/3, deposits will be burned from the + governance `ModuleAccount` and the proposal information along with its deposit + information will be removed from state. +* All refunded or burned deposits are removed from the state. Events are issued when + burning or refunding a deposit. + +### Vote + +#### Participants + +*Participants* are users that have the right to vote on proposals. On the +Cosmos Hub, participants are bonded Atom holders. Unbonded Atom holders and +other users do not get the right to participate in governance. However, they +can submit and deposit on proposals. + +Note that when *participants* have bonded and unbonded Atoms, their voting power is calculated from their bonded Atom holdings only. + +#### Voting period + +Once a proposal reaches `MinDeposit`, it immediately enters `Voting period`. We +define `Voting period` as the interval between the moment the vote opens and +the moment the vote closes. The initial value of `Voting period` is 2 weeks. + +#### Option set + +The option set of a proposal refers to the set of choices a participant can +choose from when casting its vote. + +The initial option set includes the following options: + +* `Yes` +* `No` +* `NoWithVeto` +* `Abstain` + +`NoWithVeto` counts as `No` but also adds a `Veto` vote. `Abstain` option +allows voters to signal that they do not intend to vote in favor or against the +proposal but accept the result of the vote. + +*Note: from the UI, for urgent proposals we should maybe add a ‘Not Urgent’ option that casts a `NoWithVeto` vote.* + +#### Weighted Votes + +[ADR-037](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-037-gov-split-vote.md) introduces the weighted vote feature which allows a staker to split their votes into several voting options. For example, it could use 70% of its voting power to vote Yes and 30% of its voting power to vote No. + +Often times the entity owning that address might not be a single individual. For example, a company might have different stakeholders who want to vote differently, and so it makes sense to allow them to split their voting power. Currently, it is not possible for them to do "passthrough voting" and giving their users voting rights over their tokens. However, with this system, exchanges can poll their users for voting preferences, and then vote on-chain proportionally to the results of the poll. + +To represent weighted vote on chain, we use the following Protobuf message. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1beta1/gov.proto#L34-L47 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1beta1/gov.proto#L181-L201 +``` + +For a weighted vote to be valid, the `options` field must not contain duplicate vote options, and the sum of weights of all options must be equal to 1. + +#### Custom Vote Calculation + +Cosmos SDK v0.53.0 introduced an option for developers to define a custom vote result and voting power calculation function. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/x/gov/keeper/tally.go#L15-L24 +``` + +This gives developers a more expressive way to handle governance on their appchains. +Developers can now build systems with: + +* Quadratic Voting +* Time-weighted Voting +* Reputation-Based voting + +##### Example + +```go +func myCustomVotingFunction( + ctx context.Context, + k Keeper, + proposal v1.Proposal, + validators map[string]v1.ValidatorGovInfo, +) (totalVoterPower math.LegacyDec, results map[v1.VoteOption]math.LegacyDec, err error) { + // ... tally logic +} + +govKeeper := govkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[govtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + app.StakingKeeper, + app.DistrKeeper, + app.MsgServiceRouter(), + govConfig, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + govkeeper.WithCustomCalculateVoteResultsAndVotingPowerFn(myCustomVotingFunction), +) +``` + +### Quorum + +Quorum is defined as the minimum percentage of voting power that needs to be +cast on a proposal for the result to be valid. + +### Expedited Proposals + +A proposal can be expedited, making the proposal use shorter voting duration and a higher tally threshold by its default. If an expedited proposal fails to meet the threshold within the scope of shorter voting duration, the expedited proposal is then converted to a regular proposal and restarts voting under regular voting conditions. + +#### Threshold + +Threshold is defined as the minimum proportion of `Yes` votes (excluding +`Abstain` votes) for the proposal to be accepted. + +Initially, the threshold is set at 50% of `Yes` votes, excluding `Abstain` +votes. A possibility to veto exists if more than 1/3rd of all votes are +`NoWithVeto` votes. Note, both of these values are derived from the `TallyParams` +on-chain parameter, which is modifiable by governance. +This means that proposals are accepted iff: + +* There exist bonded tokens. +* Quorum has been achieved. +* The proportion of `Abstain` votes is inferior to 1/1. +* The proportion of `NoWithVeto` votes is inferior to 1/3, including + `Abstain` votes. +* The proportion of `Yes` votes, excluding `Abstain` votes, at the end of + the voting period is superior to 1/2. + +For expedited proposals, by default, the threshold is higher than with a *normal proposal*, namely, 66.7%. + +#### Inheritance + +If a delegator does not vote, it will inherit its validator vote. + +* If the delegator votes before its validator, it will not inherit from the + validator's vote. +* If the delegator votes after its validator, it will override its validator + vote with its own. If the proposal is urgent, it is possible + that the vote will close before delegators have a chance to react and + override their validator's vote. This is not a problem, as proposals require more than 2/3rd of the total voting power to pass, when tallied at the end of the voting period. Because as little as 1/3 + 1 validation power could collude to censor transactions, non-collusion is already assumed for ranges exceeding this threshold. + +#### Validator’s punishment for non-voting + +At present, validators are not punished for failing to vote. + +#### Governance address + +Later, we may add permissioned keys that could only sign txs from certain modules. For the MVP, the `Governance address` will be the main validator address generated at account creation. This address corresponds to a different PrivKey than the CometBFT PrivKey which is responsible for signing consensus messages. Validators thus do not have to sign governance transactions with the sensitive CometBFT PrivKey. + +#### Burnable Params + +There are three parameters that define if the deposit of a proposal should be burned or returned to the depositors. + +* `BurnVoteVeto` burns the proposal deposit if the proposal gets vetoed. +* `BurnVoteQuorum` burns the proposal deposit if the proposal deposit if the vote does not reach quorum. +* `BurnProposalDepositPrevote` burns the proposal deposit if it does not enter the voting phase. + +> Note: These parameters are modifiable via governance. + +## State + +### Constitution + +`Constitution` is found in the genesis state. It is a string field intended to be used to describe the purpose of a particular blockchain, and its expected norms. A few examples of how the constitution field can be used: + +* define the purpose of the chain, laying a foundation for its future development +* set expectations for delegators +* set expectations for validators +* define the chain's relationship to "meatspace" entities, like a foundation or corporation + +Since this is more of a social feature than a technical feature, we'll now get into some items that may have been useful to have in a genesis constitution: + +* What limitations on governance exist, if any? + * is it okay for the community to slash the wallet of a whale that they no longer feel that they want around? (viz: Juno Proposal 4 and 16) + * can governance "socially slash" a validator who is using unapproved MEV? (viz: commonwealth.im/osmosis) + * In the event of an economic emergency, what should validators do? + * Terra crash of May, 2022, saw validators choose to run a new binary with code that had not been approved by governance, because the governance token had been inflated to nothing. +* What is the purpose of the chain, specifically? + * best example of this is the Cosmos hub, where different founding groups, have different interpretations of the purpose of the network. + +This genesis entry, "constitution" hasn't been designed for existing chains, who should likely just ratify a constitution using their governance system. Instead, this is for new chains. It will allow for validators to have a much clearer idea of purpose and the expectations placed on them while operating their nodes. Likewise, for community members, the constitution will give them some idea of what to expect from both the "chain team" and the validators, respectively. + +This constitution is designed to be immutable, and placed only in genesis, though that could change over time by a pull request to the cosmos-sdk that allows for the constitution to be changed by governance. Communities whishing to make amendments to their original constitution should use the governance mechanism and a "signaling proposal" to do exactly that. + +**Ideal use scenario for a cosmos chain constitution** + +As a chain developer, you decide that you'd like to provide clarity to your key user groups: + +* validators +* token holders +* developers (yourself) + +You use the constitution to immutably store some Markdown in genesis, so that when difficult questions come up, the constitution can provide guidance to the community. + +### Proposals + +`Proposal` objects are used to tally votes and generally track the proposal's state. +They contain an array of arbitrary `sdk.Msg`'s which the governance module will attempt +to resolve and then execute if the proposal passes. `Proposal`'s are identified by a +unique id and contains a series of timestamps: `submit_time`, `deposit_end_time`, +`voting_start_time`, `voting_end_time` which track the lifecycle of a proposal + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/gov.proto#L51-L99 +``` + +A proposal will generally require more than just a set of messages to explain its +purpose but need some greater justification and allow a means for interested participants +to discuss and debate the proposal. +In most cases, **it is encouraged to have an off-chain system that supports the on-chain governance process**. +To accommodate for this, a proposal contains a special **`metadata`** field, a string, +which can be used to add context to the proposal. The `metadata` field allows custom use for networks, +however, it is expected that the field contains a URL or some form of CID using a system such as +[IPFS](https://docs.ipfs.io/concepts/content-addressing/). To support the case of +interoperability across networks, the SDK recommends that the `metadata` represents +the following `JSON` template: + +```json +{ + "title": "...", + "description": "...", + "forum": "...", // a link to the discussion platform (i.e. Discord) + "other": "..." // any extra data that doesn't correspond to the other fields +} +``` + +This makes it far easier for clients to support multiple networks. + +The metadata has a maximum length that is chosen by the app developer, and +passed into the gov keeper as a config. The default maximum length in the SDK is 255 characters. + +#### Writing a module that uses governance + +There are many aspects of a chain, or of the individual modules that you may want to +use governance to perform such as changing various parameters. This is very simple +to do. First, write out your message types and `MsgServer` implementation. Add an +`authority` field to the keeper which will be populated in the constructor with the +governance module account: `govKeeper.GetGovernanceAccount().GetAddress()`. Then for +the methods in the `msg_server.go`, perform a check on the message that the signer +matches `authority`. This will prevent any user from executing that message. + +### Parameters and base types + +`Parameters` define the rules according to which votes are run. There can only +be one active parameter set at any given time. If governance wants to change a +parameter set, either to modify a value or add/remove a parameter field, a new +parameter set has to be created and the previous one rendered inactive. + +#### DepositParams + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/gov.proto#L152-L162 +``` + +#### VotingParams + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/gov.proto#L164-L168 +``` + +#### TallyParams + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/gov.proto#L170-L182 +``` + +Parameters are stored in a global `GlobalParams` KVStore. + +Additionally, we introduce some basic types: + +```go +type Vote byte + +const ( + VoteYes = 0x1 + VoteNo = 0x2 + VoteNoWithVeto = 0x3 + VoteAbstain = 0x4 +) + +type ProposalType string + +const ( + ProposalTypePlainText = "Text" + ProposalTypeSoftwareUpgrade = "SoftwareUpgrade" +) + +type ProposalStatus byte + + +const ( + StatusNil ProposalStatus = 0x00 + StatusDepositPeriod ProposalStatus = 0x01 // Proposal is submitted. Participants can deposit on it but not vote + StatusVotingPeriod ProposalStatus = 0x02 // MinDeposit is reached, participants can vote + StatusPassed ProposalStatus = 0x03 // Proposal passed and successfully executed + StatusRejected ProposalStatus = 0x04 // Proposal has been rejected + StatusFailed ProposalStatus = 0x05 // Proposal passed but failed execution +) +``` + +### Deposit + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/gov.proto#L38-L49 +``` + +### ValidatorGovInfo + +This type is used in a temp map when tallying + +```go + type ValidatorGovInfo struct { + Minus sdk.Dec + Vote Vote + } +``` + +## Stores + +:::note +Stores are KVStores in the multi-store. The key to find the store is the first parameter in the list +::: + +We will use one KVStore `Governance` to store four mappings: + +* A mapping from `proposalID|'proposal'` to `Proposal`. +* A mapping from `proposalID|'addresses'|address` to `Vote`. This mapping allows + us to query all addresses that voted on the proposal along with their vote by + doing a range query on `proposalID:addresses`. +* A mapping from `ParamsKey|'Params'` to `Params`. This map allows to query all + x/gov params. +* A mapping from `VotingPeriodProposalKeyPrefix|proposalID` to a single byte. This allows + us to know if a proposal is in the voting period or not with very low gas cost. + +For pseudocode purposes, here are the two function we will use to read or write in stores: + +* `load(StoreKey, Key)`: Retrieve item stored at key `Key` in store found at key `StoreKey` in the multistore +* `store(StoreKey, Key, value)`: Write value `Value` at key `Key` in store found at key `StoreKey` in the multistore + +### Proposal Processing Queue + +**Store:** + +* `ProposalProcessingQueue`: A queue `queue[proposalID]` containing all the + `ProposalIDs` of proposals that reached `MinDeposit`. During each `EndBlock`, + all the proposals that have reached the end of their voting period are processed. + To process a finished proposal, the application tallies the votes, computes the + votes of each validator and checks if every validator in the validator set has + voted. If the proposal is accepted, deposits are refunded. Finally, the proposal + content `Handler` is executed. + +And the pseudocode for the `ProposalProcessingQueue`: + +```go + in EndBlock do + + for finishedProposalID in GetAllFinishedProposalIDs(block.Time) + proposal = load(Governance, ) // proposal is a const key + + validators = Keeper.getAllValidators() + tmpValMap := map(sdk.AccAddress)ValidatorGovInfo + + // Initiate mapping at 0. This is the amount of shares of the validator's vote that will be overridden by their delegator's votes + for each validator in validators + tmpValMap(validator.OperatorAddr).Minus = 0 + + // Tally + voterIterator = rangeQuery(Governance, ) //return all the addresses that voted on the proposal + for each (voterAddress, vote) in voterIterator + delegations = stakingKeeper.getDelegations(voterAddress) // get all delegations for current voter + + for each delegation in delegations + // make sure delegation.Shares does NOT include shares being unbonded + tmpValMap(delegation.ValidatorAddr).Minus += delegation.Shares + proposal.updateTally(vote, delegation.Shares) + + _, isVal = stakingKeeper.getValidator(voterAddress) + if (isVal) + tmpValMap(voterAddress).Vote = vote + + tallyingParam = load(GlobalParams, 'TallyingParam') + + // Update tally if validator voted + for each validator in validators + if tmpValMap(validator).HasVoted + proposal.updateTally(tmpValMap(validator).Vote, (validator.TotalShares - tmpValMap(validator).Minus)) + + + + // Check if proposal is accepted or rejected + totalNonAbstain := proposal.YesVotes + proposal.NoVotes + proposal.NoWithVetoVotes + if (proposal.Votes.YesVotes/totalNonAbstain > tallyingParam.Threshold AND proposal.Votes.NoWithVetoVotes/totalNonAbstain < tallyingParam.Veto) + // proposal was accepted at the end of the voting period + // refund deposits (non-voters already punished) + for each (amount, depositor) in proposal.Deposits + depositor.AtomBalance += amount + + stateWriter, err := proposal.Handler() + if err != nil + // proposal passed but failed during state execution + proposal.CurrentStatus = ProposalStatusFailed + else + // proposal pass and state is persisted + proposal.CurrentStatus = ProposalStatusAccepted + stateWriter.save() + else + // proposal was rejected + proposal.CurrentStatus = ProposalStatusRejected + + store(Governance, , proposal) +``` + +### Legacy Proposal + +:::warning +Legacy proposals are deprecated. Use the new proposal flow by granting the governance module the right to execute the message. +::: + +A legacy proposal is the old implementation of governance proposal. +Contrary to proposal that can contain any messages, a legacy proposal allows to submit a set of pre-defined proposals. +These proposals are defined by their types and handled by handlers that are registered in the gov v1beta1 router. + +More information on how to submit proposals in the [client section](#client). + +## Messages + +### Proposal Submission + +Proposals can be submitted by any account via a `MsgSubmitProposal` transaction. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/tx.proto#L42-L69 +``` + +All `sdk.Msgs` passed into the `messages` field of a `MsgSubmitProposal` message +must be registered in the app's `MsgServiceRouter`. Each of these messages must +have one signer, namely the gov module account. And finally, the metadata length +must not be larger than the `maxMetadataLen` config passed into the gov keeper. +The `initialDeposit` must be strictly positive and conform to the accepted denom of the `MinDeposit` param. + +**State modifications:** + +* Generate new `proposalID` +* Create new `Proposal` +* Initialise `Proposal`'s attributes +* Decrease balance of sender by `InitialDeposit` +* If `MinDeposit` is reached: + * Push `proposalID` in `ProposalProcessingQueue` +* Transfer `InitialDeposit` from the `Proposer` to the governance `ModuleAccount` + +### Deposit + +Once a proposal is submitted, if `Proposal.TotalDeposit < ActiveParam.MinDeposit`, Atom holders can send +`MsgDeposit` transactions to increase the proposal's deposit. + +A deposit is accepted iff: + +* The proposal exists +* The proposal is not in the voting period +* The deposited coins are conform to the accepted denom from the `MinDeposit` param + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/tx.proto#L134-L147 +``` + +**State modifications:** + +* Decrease balance of sender by `deposit` +* Add `deposit` of sender in `proposal.Deposits` +* Increase `proposal.TotalDeposit` by sender's `deposit` +* If `MinDeposit` is reached: + * Push `proposalID` in `ProposalProcessingQueueEnd` +* Transfer `Deposit` from the `proposer` to the governance `ModuleAccount` + +### Vote + +Once `ActiveParam.MinDeposit` is reached, voting period starts. From there, +bonded Atom holders are able to send `MsgVote` transactions to cast their +vote on the proposal. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/tx.proto#L92-L108 +``` + +**State modifications:** + +* Record `Vote` of sender + +:::note +Gas cost for this message has to take into account the future tallying of the vote in EndBlocker. +::: + +## Events + +The governance module emits the following events: + +### EndBlocker + +| Type | Attribute Key | Attribute Value | +|-------------------|-----------------|------------------| +| inactive_proposal | proposal_id | {proposalID} | +| inactive_proposal | proposal_result | {proposalResult} | +| active_proposal | proposal_id | {proposalID} | +| active_proposal | proposal_result | {proposalResult} | + +### Handlers + +#### MsgSubmitProposal + +| Type | Attribute Key | Attribute Value | +|---------------------|---------------------|-----------------| +| submit_proposal | proposal_id | {proposalID} | +| submit_proposal [0] | voting_period_start | {proposalID} | +| proposal_deposit | amount | {depositAmount} | +| proposal_deposit | proposal_id | {proposalID} | +| message | module | governance | +| message | action | submit_proposal | +| message | sender | {senderAddress} | + +* [0] Event only emitted if the voting period starts during the submission. + +#### MsgVote + +| Type | Attribute Key | Attribute Value | +|---------------|---------------|-----------------| +| proposal_vote | option | {voteOption} | +| proposal_vote | proposal_id | {proposalID} | +| message | module | governance | +| message | action | vote | +| message | sender | {senderAddress} | + +#### MsgVoteWeighted + +| Type | Attribute Key | Attribute Value | +|---------------|---------------|-----------------------| +| proposal_vote | option | {weightedVoteOptions} | +| proposal_vote | proposal_id | {proposalID} | +| message | module | governance | +| message | action | vote | +| message | sender | {senderAddress} | + +#### MsgDeposit + +| Type | Attribute Key | Attribute Value | +|----------------------|---------------------|-----------------| +| proposal_deposit | amount | {depositAmount} | +| proposal_deposit | proposal_id | {proposalID} | +| proposal_deposit [0] | voting_period_start | {proposalID} | +| message | module | governance | +| message | action | deposit | +| message | sender | {senderAddress} | + +* [0] Event only emitted if the voting period starts during the submission. + +## Parameters + +The governance module contains the following parameters: + +| Key | Type | Example | +|-------------------------------|------------------|-----------------------------------------| +| min_deposit | array (coins) | [{"denom":"uatom","amount":"10000000"}] | +| max_deposit_period | string (time ns) | "172800000000000" (17280s) | +| voting_period | string (time ns) | "172800000000000" (17280s) | +| quorum | string (dec) | "0.334000000000000000" | +| threshold | string (dec) | "0.500000000000000000" | +| veto | string (dec) | "0.334000000000000000" | +| expedited_threshold | string (time ns) | "0.667000000000000000" | +| expedited_voting_period | string (time ns) | "86400000000000" (8600s) | +| expedited_min_deposit | array (coins) | [{"denom":"uatom","amount":"50000000"}] | +| burn_proposal_deposit_prevote | bool | false | +| burn_vote_quorum | bool | false | +| burn_vote_veto | bool | true | +| min_initial_deposit_ratio | string | "0.1" | + + +**NOTE**: The governance module contains parameters that are objects unlike other +modules. If only a subset of parameters are desired to be changed, only they need +to be included and not the entire parameter object structure. + +## Client + +### CLI + +A user can query and interact with the `gov` module using the CLI. + +#### Query + +The `query` commands allow users to query `gov` state. + +```bash +simd query gov --help +``` + +##### deposit + +The `deposit` command allows users to query a deposit for a given proposal from a given depositor. + +```bash +simd query gov deposit [proposal-id] [depositor-addr] [flags] +``` + +Example: + +```bash +simd query gov deposit 1 cosmos1.. +``` + +Example Output: + +```bash +amount: +- amount: "100" + denom: stake +depositor: cosmos1.. +proposal_id: "1" +``` + +##### deposits + +The `deposits` command allows users to query all deposits for a given proposal. + +```bash +simd query gov deposits [proposal-id] [flags] +``` + +Example: + +```bash +simd query gov deposits 1 +``` + +Example Output: + +```bash +deposits: +- amount: + - amount: "100" + denom: stake + depositor: cosmos1.. + proposal_id: "1" +pagination: + next_key: null + total: "0" +``` + +##### param + +The `param` command allows users to query a given parameter for the `gov` module. + +```bash +simd query gov param [param-type] [flags] +``` + +Example: + +```bash +simd query gov param voting +``` + +Example Output: + +```bash +voting_period: "172800000000000" +``` + +##### params + +The `params` command allows users to query all parameters for the `gov` module. + +```bash +simd query gov params [flags] +``` + +Example: + +```bash +simd query gov params +``` + +Example Output: + +```bash +deposit_params: + max_deposit_period: 172800s + min_deposit: + - amount: "10000000" + denom: stake +params: + expedited_min_deposit: + - amount: "50000000" + denom: stake + expedited_threshold: "0.670000000000000000" + expedited_voting_period: 86400s + max_deposit_period: 172800s + min_deposit: + - amount: "10000000" + denom: stake + min_initial_deposit_ratio: "0.000000000000000000" + proposal_cancel_burn_rate: "0.500000000000000000" + quorum: "0.334000000000000000" + threshold: "0.500000000000000000" + veto_threshold: "0.334000000000000000" + voting_period: 172800s +tally_params: + quorum: "0.334000000000000000" + threshold: "0.500000000000000000" + veto_threshold: "0.334000000000000000" +voting_params: + voting_period: 172800s +``` + +##### proposal + +The `proposal` command allows users to query a given proposal. + +```bash +simd query gov proposal [proposal-id] [flags] +``` + +Example: + +```bash +simd query gov proposal 1 +``` + +Example Output: + +```bash +deposit_end_time: "2022-03-30T11:50:20.819676256Z" +final_tally_result: + abstain_count: "0" + no_count: "0" + no_with_veto_count: "0" + yes_count: "0" +id: "1" +messages: +- '@type': /cosmos.bank.v1beta1.MsgSend + amount: + - amount: "10" + denom: stake + from_address: cosmos1.. + to_address: cosmos1.. +metadata: AQ== +status: PROPOSAL_STATUS_DEPOSIT_PERIOD +submit_time: "2022-03-28T11:50:20.819676256Z" +total_deposit: +- amount: "10" + denom: stake +voting_end_time: null +voting_start_time: null +``` + +##### proposals + +The `proposals` command allows users to query all proposals with optional filters. + +```bash +simd query gov proposals [flags] +``` + +Example: + +```bash +simd query gov proposals +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "0" +proposals: +- deposit_end_time: "2022-03-30T11:50:20.819676256Z" + final_tally_result: + abstain_count: "0" + no_count: "0" + no_with_veto_count: "0" + yes_count: "0" + id: "1" + messages: + - '@type': /cosmos.bank.v1beta1.MsgSend + amount: + - amount: "10" + denom: stake + from_address: cosmos1.. + to_address: cosmos1.. + metadata: AQ== + status: PROPOSAL_STATUS_DEPOSIT_PERIOD + submit_time: "2022-03-28T11:50:20.819676256Z" + total_deposit: + - amount: "10" + denom: stake + voting_end_time: null + voting_start_time: null +- deposit_end_time: "2022-03-30T14:02:41.165025015Z" + final_tally_result: + abstain_count: "0" + no_count: "0" + no_with_veto_count: "0" + yes_count: "0" + id: "2" + messages: + - '@type': /cosmos.bank.v1beta1.MsgSend + amount: + - amount: "10" + denom: stake + from_address: cosmos1.. + to_address: cosmos1.. + metadata: AQ== + status: PROPOSAL_STATUS_DEPOSIT_PERIOD + submit_time: "2022-03-28T14:02:41.165025015Z" + total_deposit: + - amount: "10" + denom: stake + voting_end_time: null + voting_start_time: null +``` + +##### proposer + +The `proposer` command allows users to query the proposer for a given proposal. + +```bash +simd query gov proposer [proposal-id] [flags] +``` + +Example: + +```bash +simd query gov proposer 1 +``` + +Example Output: + +```bash +proposal_id: "1" +proposer: cosmos1.. +``` + +##### tally + +The `tally` command allows users to query the tally of a given proposal vote. + +```bash +simd query gov tally [proposal-id] [flags] +``` + +Example: + +```bash +simd query gov tally 1 +``` + +Example Output: + +```bash +abstain: "0" +"no": "0" +no_with_veto: "0" +"yes": "1" +``` + +##### vote + +The `vote` command allows users to query a vote for a given proposal. + +```bash +simd query gov vote [proposal-id] [voter-addr] [flags] +``` + +Example: + +```bash +simd query gov vote 1 cosmos1.. +``` + +Example Output: + +```bash +option: VOTE_OPTION_YES +options: +- option: VOTE_OPTION_YES + weight: "1.000000000000000000" +proposal_id: "1" +voter: cosmos1.. +``` + +##### votes + +The `votes` command allows users to query all votes for a given proposal. + +```bash +simd query gov votes [proposal-id] [flags] +``` + +Example: + +```bash +simd query gov votes 1 +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "0" +votes: +- option: VOTE_OPTION_YES + options: + - option: VOTE_OPTION_YES + weight: "1.000000000000000000" + proposal_id: "1" + voter: cosmos1.. +``` + +#### Transactions + +The `tx` commands allow users to interact with the `gov` module. + +```bash +simd tx gov --help +``` + +##### deposit + +The `deposit` command allows users to deposit tokens for a given proposal. + +```bash +simd tx gov deposit [proposal-id] [deposit] [flags] +``` + +Example: + +```bash +simd tx gov deposit 1 10000000stake --from cosmos1.. +``` + +##### draft-proposal + +The `draft-proposal` command allows users to draft any type of proposal. +The command returns a `draft_proposal.json`, to be used by `submit-proposal` after being completed. +The `draft_metadata.json` is meant to be uploaded to [IPFS](#metadata). + +```bash +simd tx gov draft-proposal +``` + +##### submit-proposal + +The `submit-proposal` command allows users to submit a governance proposal along with some messages and metadata. +Messages, metadata and deposit are defined in a JSON file. + +```bash +simd tx gov submit-proposal [path-to-proposal-json] [flags] +``` + +Example: + +```bash +simd tx gov submit-proposal /path/to/proposal.json --from cosmos1.. +``` + +where `proposal.json` contains: + +```json +{ + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1...", // The gov module address + "to_address": "cosmos1...", + "amount":[{"denom": "stake","amount": "10"}] + } + ], + "metadata": "AQ==", + "deposit": "10stake", + "title": "Proposal Title", + "summary": "Proposal Summary" +} +``` + +:::note +By default the metadata, summary and title are both limited by 255 characters, this can be overridden by the application developer. +::: + +:::tip +When metadata is not specified, the title is limited to 255 characters and the summary 40x the title length. +::: + +##### submit-legacy-proposal + +The `submit-legacy-proposal` command allows users to submit a governance legacy proposal along with an initial deposit. + +```bash +simd tx gov submit-legacy-proposal [command] [flags] +``` + +Example: + +```bash +simd tx gov submit-legacy-proposal --title="Test Proposal" --description="testing" --type="Text" --deposit="100000000stake" --from cosmos1.. +``` + +Example (`param-change`): + +```bash +simd tx gov submit-legacy-proposal param-change proposal.json --from cosmos1.. +``` + +```json +{ + "title": "Test Proposal", + "description": "testing, testing, 1, 2, 3", + "changes": [ + { + "subspace": "staking", + "key": "MaxValidators", + "value": 100 + } + ], + "deposit": "10000000stake" +} +``` + +#### cancel-proposal + +Once proposal is canceled, from the deposits of proposal `deposits * proposal_cancel_ratio` will be burned or sent to `ProposalCancelDest` address , if `ProposalCancelDest` is empty then deposits will be burned. The `remaining deposits` will be sent to depositors. + +```bash +simd tx gov cancel-proposal [proposal-id] [flags] +``` + +Example: + +```bash +simd tx gov cancel-proposal 1 --from cosmos1... +``` + +##### vote + +The `vote` command allows users to submit a vote for a given governance proposal. + +```bash +simd tx gov vote [command] [flags] +``` + +Example: + +```bash +simd tx gov vote 1 yes --from cosmos1.. +``` + +##### weighted-vote + +The `weighted-vote` command allows users to submit a weighted vote for a given governance proposal. + +```bash +simd tx gov weighted-vote [proposal-id] [weighted-options] [flags] +``` + +Example: + +```bash +simd tx gov weighted-vote 1 yes=0.5,no=0.5 --from cosmos1.. +``` + +### gRPC + +A user can query the `gov` module using gRPC endpoints. + +#### Proposal + +The `Proposal` endpoint allows users to query a given proposal. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Proposal +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Proposal +``` + +Example Output: + +```bash +{ + "proposal": { + "proposalId": "1", + "content": {"@type":"/cosmos.gov.v1beta1.TextProposal","description":"testing, testing, 1, 2, 3","title":"Test Proposal"}, + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "finalTallyResult": { + "yes": "0", + "abstain": "0", + "no": "0", + "noWithVeto": "0" + }, + "submitTime": "2021-09-16T19:40:08.712440474Z", + "depositEndTime": "2021-09-18T19:40:08.712440474Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10000000" + } + ], + "votingStartTime": "2021-09-16T19:40:08.712440474Z", + "votingEndTime": "2021-09-18T19:40:08.712440474Z", + "title": "Test Proposal", + "summary": "testing, testing, 1, 2, 3" + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Proposal +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Proposal +``` + +Example Output: + +```bash +{ + "proposal": { + "id": "1", + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"10"}],"fromAddress":"cosmos1..","toAddress":"cosmos1.."} + ], + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "finalTallyResult": { + "yesCount": "0", + "abstainCount": "0", + "noCount": "0", + "noWithVetoCount": "0" + }, + "submitTime": "2022-03-28T11:50:20.819676256Z", + "depositEndTime": "2022-03-30T11:50:20.819676256Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10000000" + } + ], + "votingStartTime": "2022-03-28T14:25:26.644857113Z", + "votingEndTime": "2022-03-30T14:25:26.644857113Z", + "metadata": "AQ==", + "title": "Test Proposal", + "summary": "testing, testing, 1, 2, 3" + } +} +``` + +#### Proposals + +The `Proposals` endpoint allows users to query all proposals with optional filters. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Proposals +``` + +Example: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Proposals +``` + +Example Output: + +```bash +{ + "proposals": [ + { + "proposalId": "1", + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "finalTallyResult": { + "yes": "0", + "abstain": "0", + "no": "0", + "noWithVeto": "0" + }, + "submitTime": "2022-03-28T11:50:20.819676256Z", + "depositEndTime": "2022-03-30T11:50:20.819676256Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10000000010" + } + ], + "votingStartTime": "2022-03-28T14:25:26.644857113Z", + "votingEndTime": "2022-03-30T14:25:26.644857113Z" + }, + { + "proposalId": "2", + "status": "PROPOSAL_STATUS_DEPOSIT_PERIOD", + "finalTallyResult": { + "yes": "0", + "abstain": "0", + "no": "0", + "noWithVeto": "0" + }, + "submitTime": "2022-03-28T14:02:41.165025015Z", + "depositEndTime": "2022-03-30T14:02:41.165025015Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10" + } + ], + "votingStartTime": "0001-01-01T00:00:00Z", + "votingEndTime": "0001-01-01T00:00:00Z" + } + ], + "pagination": { + "total": "2" + } +} + +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Proposals +``` + +Example: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + cosmos.gov.v1.Query/Proposals +``` + +Example Output: + +```bash +{ + "proposals": [ + { + "id": "1", + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"10"}],"fromAddress":"cosmos1..","toAddress":"cosmos1.."} + ], + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "finalTallyResult": { + "yesCount": "0", + "abstainCount": "0", + "noCount": "0", + "noWithVetoCount": "0" + }, + "submitTime": "2022-03-28T11:50:20.819676256Z", + "depositEndTime": "2022-03-30T11:50:20.819676256Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10000000010" + } + ], + "votingStartTime": "2022-03-28T14:25:26.644857113Z", + "votingEndTime": "2022-03-30T14:25:26.644857113Z", + "metadata": "AQ==", + "title": "Proposal Title", + "summary": "Proposal Summary" + }, + { + "id": "2", + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"10"}],"fromAddress":"cosmos1..","toAddress":"cosmos1.."} + ], + "status": "PROPOSAL_STATUS_DEPOSIT_PERIOD", + "finalTallyResult": { + "yesCount": "0", + "abstainCount": "0", + "noCount": "0", + "noWithVetoCount": "0" + }, + "submitTime": "2022-03-28T14:02:41.165025015Z", + "depositEndTime": "2022-03-30T14:02:41.165025015Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10" + } + ], + "metadata": "AQ==", + "title": "Proposal Title", + "summary": "Proposal Summary" + } + ], + "pagination": { + "total": "2" + } +} +``` + +#### Vote + +The `Vote` endpoint allows users to query a vote for a given proposal. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Vote +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1","voter":"cosmos1.."}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Vote +``` + +Example Output: + +```bash +{ + "vote": { + "proposalId": "1", + "voter": "cosmos1..", + "option": "VOTE_OPTION_YES", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1000000000000000000" + } + ] + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Vote +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1","voter":"cosmos1.."}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Vote +``` + +Example Output: + +```bash +{ + "vote": { + "proposalId": "1", + "voter": "cosmos1..", + "option": "VOTE_OPTION_YES", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ] + } +} +``` + +#### Votes + +The `Votes` endpoint allows users to query all votes for a given proposal. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Votes +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Votes +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposalId": "1", + "voter": "cosmos1..", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1000000000000000000" + } + ] + } + ], + "pagination": { + "total": "1" + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Votes +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Votes +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposalId": "1", + "voter": "cosmos1..", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ] + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### Params + +The `Params` endpoint allows users to query all parameters for the `gov` module. + + + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Params +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"params_type":"voting"}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Params +``` + +Example Output: + +```bash +{ + "votingParams": { + "votingPeriod": "172800s" + }, + "depositParams": { + "maxDepositPeriod": "0s" + }, + "tallyParams": { + "quorum": "MA==", + "threshold": "MA==", + "vetoThreshold": "MA==" + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Params +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"params_type":"voting"}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Params +``` + +Example Output: + +```bash +{ + "votingParams": { + "votingPeriod": "172800s" + } +} +``` + +#### Deposit + +The `Deposit` endpoint allows users to query a deposit for a given proposal from a given depositor. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Deposit +``` + +Example: + +```bash +grpcurl -plaintext \ + '{"proposal_id":"1","depositor":"cosmos1.."}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Deposit +``` + +Example Output: + +```bash +{ + "deposit": { + "proposalId": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Deposit +``` + +Example: + +```bash +grpcurl -plaintext \ + '{"proposal_id":"1","depositor":"cosmos1.."}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Deposit +``` + +Example Output: + +```bash +{ + "deposit": { + "proposalId": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } +} +``` + +#### deposits + +The `Deposits` endpoint allows users to query all deposits for a given proposal. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Deposits +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Deposits +``` + +Example Output: + +```bash +{ + "deposits": [ + { + "proposalId": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } + ], + "pagination": { + "total": "1" + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Deposits +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Deposits +``` + +Example Output: + +```bash +{ + "deposits": [ + { + "proposalId": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### TallyResult + +The `TallyResult` endpoint allows users to query the tally of a given proposal. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/TallyResult +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/TallyResult +``` + +Example Output: + +```bash +{ + "tally": { + "yes": "1000000", + "abstain": "0", + "no": "0", + "noWithVeto": "0" + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/TallyResult +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1.Query/TallyResult +``` + +Example Output: + +```bash +{ + "tally": { + "yes": "1000000", + "abstain": "0", + "no": "0", + "noWithVeto": "0" + } +} +``` + +### REST + +A user can query the `gov` module using REST endpoints. + +#### proposal + +The `proposals` endpoint allows users to query a given proposal. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1 +``` + +Example Output: + +```bash +{ + "proposal": { + "proposal_id": "1", + "content": null, + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "final_tally_result": { + "yes": "0", + "abstain": "0", + "no": "0", + "no_with_veto": "0" + }, + "submit_time": "2022-03-28T11:50:20.819676256Z", + "deposit_end_time": "2022-03-30T11:50:20.819676256Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10000000010" + } + ], + "voting_start_time": "2022-03-28T14:25:26.644857113Z", + "voting_end_time": "2022-03-30T14:25:26.644857113Z" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1 +``` + +Example Output: + +```bash +{ + "proposal": { + "id": "1", + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1..", + "to_address": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10" + } + ] + } + ], + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "final_tally_result": { + "yes_count": "0", + "abstain_count": "0", + "no_count": "0", + "no_with_veto_count": "0" + }, + "submit_time": "2022-03-28T11:50:20.819676256Z", + "deposit_end_time": "2022-03-30T11:50:20.819676256Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10000000" + } + ], + "voting_start_time": "2022-03-28T14:25:26.644857113Z", + "voting_end_time": "2022-03-30T14:25:26.644857113Z", + "metadata": "AQ==", + "title": "Proposal Title", + "summary": "Proposal Summary" + } +} +``` + +#### proposals + +The `proposals` endpoint also allows users to query all proposals with optional filters. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals +``` + +Example Output: + +```bash +{ + "proposals": [ + { + "proposal_id": "1", + "content": null, + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "final_tally_result": { + "yes": "0", + "abstain": "0", + "no": "0", + "no_with_veto": "0" + }, + "submit_time": "2022-03-28T11:50:20.819676256Z", + "deposit_end_time": "2022-03-30T11:50:20.819676256Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10000000" + } + ], + "voting_start_time": "2022-03-28T14:25:26.644857113Z", + "voting_end_time": "2022-03-30T14:25:26.644857113Z" + }, + { + "proposal_id": "2", + "content": null, + "status": "PROPOSAL_STATUS_DEPOSIT_PERIOD", + "final_tally_result": { + "yes": "0", + "abstain": "0", + "no": "0", + "no_with_veto": "0" + }, + "submit_time": "2022-03-28T14:02:41.165025015Z", + "deposit_end_time": "2022-03-30T14:02:41.165025015Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10" + } + ], + "voting_start_time": "0001-01-01T00:00:00Z", + "voting_end_time": "0001-01-01T00:00:00Z" + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals +``` + +Example Output: + +```bash +{ + "proposals": [ + { + "id": "1", + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1..", + "to_address": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10" + } + ] + } + ], + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "final_tally_result": { + "yes_count": "0", + "abstain_count": "0", + "no_count": "0", + "no_with_veto_count": "0" + }, + "submit_time": "2022-03-28T11:50:20.819676256Z", + "deposit_end_time": "2022-03-30T11:50:20.819676256Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10000000010" + } + ], + "voting_start_time": "2022-03-28T14:25:26.644857113Z", + "voting_end_time": "2022-03-30T14:25:26.644857113Z", + "metadata": "AQ==", + "title": "Proposal Title", + "summary": "Proposal Summary" + }, + { + "id": "2", + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1..", + "to_address": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10" + } + ] + } + ], + "status": "PROPOSAL_STATUS_DEPOSIT_PERIOD", + "final_tally_result": { + "yes_count": "0", + "abstain_count": "0", + "no_count": "0", + "no_with_veto_count": "0" + }, + "submit_time": "2022-03-28T14:02:41.165025015Z", + "deposit_end_time": "2022-03-30T14:02:41.165025015Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10" + } + ], + "voting_start_time": null, + "voting_end_time": null, + "metadata": "AQ==", + "title": "Proposal Title", + "summary": "Proposal Summary" + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +#### voter vote + +The `votes` endpoint allows users to query a vote for a given proposal. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id}/votes/{voter} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1/votes/cosmos1.. +``` + +Example Output: + +```bash +{ + "vote": { + "proposal_id": "1", + "voter": "cosmos1..", + "option": "VOTE_OPTION_YES", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ] + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id}/votes/{voter} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1/votes/cosmos1.. +``` + +Example Output: + +```bash +{ + "vote": { + "proposal_id": "1", + "voter": "cosmos1..", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ], + "metadata": "" + } +} +``` + +#### votes + +The `votes` endpoint allows users to query all votes for a given proposal. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id}/votes +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1/votes +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposal_id": "1", + "voter": "cosmos1..", + "option": "VOTE_OPTION_YES", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id}/votes +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1/votes +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposal_id": "1", + "voter": "cosmos1..", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ], + "metadata": "" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### params + +The `params` endpoint allows users to query all parameters for the `gov` module. + + + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/params/{params_type} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/params/voting +``` + +Example Output: + +```bash +{ + "voting_params": { + "voting_period": "172800s" + }, + "deposit_params": { + "min_deposit": [ + ], + "max_deposit_period": "0s" + }, + "tally_params": { + "quorum": "0.000000000000000000", + "threshold": "0.000000000000000000", + "veto_threshold": "0.000000000000000000" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/params/{params_type} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/params/voting +``` + +Example Output: + +```bash +{ + "voting_params": { + "voting_period": "172800s" + }, + "deposit_params": { + "min_deposit": [ + ], + "max_deposit_period": "0s" + }, + "tally_params": { + "quorum": "0.000000000000000000", + "threshold": "0.000000000000000000", + "veto_threshold": "0.000000000000000000" + } +} +``` + +#### deposits + +The `deposits` endpoint allows users to query a deposit for a given proposal from a given depositor. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id}/deposits/{depositor} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1/deposits/cosmos1.. +``` + +Example Output: + +```bash +{ + "deposit": { + "proposal_id": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id}/deposits/{depositor} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1/deposits/cosmos1.. +``` + +Example Output: + +```bash +{ + "deposit": { + "proposal_id": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } +} +``` + +#### proposal deposits + +The `deposits` endpoint allows users to query all deposits for a given proposal. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id}/deposits +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1/deposits +``` + +Example Output: + +```bash +{ + "deposits": [ + { + "proposal_id": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id}/deposits +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1/deposits +``` + +Example Output: + +```bash +{ + "deposits": [ + { + "proposal_id": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### tally + +The `tally` endpoint allows users to query the tally of a given proposal. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id}/tally +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1/tally +``` + +Example Output: + +```bash +{ + "tally": { + "yes": "1000000", + "abstain": "0", + "no": "0", + "no_with_veto": "0" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id}/tally +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1/tally +``` + +Example Output: + +```bash +{ + "tally": { + "yes": "1000000", + "abstain": "0", + "no": "0", + "no_with_veto": "0" + } +} +``` + +## Metadata + +The gov module has two locations for metadata where users can provide further context about the on-chain actions they are taking. By default all metadata fields have a 255 character length field where metadata can be stored in json format, either on-chain or off-chain depending on the amount of data required. Here we provide a recommendation for the json structure and where the data should be stored. There are two important factors in making these recommendations. First, that the gov and group modules are consistent with one another, note the number of proposals made by all groups may be quite large. Second, that client applications such as block explorers and governance interfaces have confidence in the consistency of metadata structure across chains. + +### Proposal + +Location: off-chain as json object stored on IPFS (mirrors [group proposal](../group/README.md#metadata)) + +```json +{ + "title": "", + "authors": [""], + "summary": "", + "details": "", + "proposal_forum_url": "", + "vote_option_context": "", +} +``` + +:::note +The `authors` field is an array of strings, this is to allow for multiple authors to be listed in the metadata. +In v0.46, the `authors` field is a comma-separated string. Frontends are encouraged to support both formats for backwards compatibility. +::: + +### Vote + +Location: on-chain as json within 255 character limit (mirrors [group vote](../group/README.md#metadata)) + +```json +{ + "justification": "", +} +``` + +## Future Improvements + +The current documentation only describes the minimum viable product for the +governance module. Future improvements may include: + +* **`BountyProposals`:** If accepted, a `BountyProposal` creates an open + bounty. The `BountyProposal` specifies how many Atoms will be given upon + completion. These Atoms will be taken from the `reserve pool`. After a + `BountyProposal` is accepted by governance, anybody can submit a + `SoftwareUpgradeProposal` with the code to claim the bounty. Note that once a + `BountyProposal` is accepted, the corresponding funds in the `reserve pool` + are locked so that payment can always be honored. In order to link a + `SoftwareUpgradeProposal` to an open bounty, the submitter of the + `SoftwareUpgradeProposal` will use the `Proposal.LinkedProposal` attribute. + If a `SoftwareUpgradeProposal` linked to an open bounty is accepted by + governance, the funds that were reserved are automatically transferred to the + submitter. +* **Complex delegation:** Delegators could choose other representatives than + their validators. Ultimately, the chain of representatives would always end + up to a validator, but delegators could inherit the vote of their chosen + representative before they inherit the vote of their validator. In other + words, they would only inherit the vote of their validator if their other + appointed representative did not vote. +* **Better process for proposal review:** There would be two parts to + `proposal.Deposit`, one for anti-spam (same as in MVP) and an other one to + reward third party auditors. diff --git a/copy-of-sdk-docs/build/modules/group/README.md b/copy-of-sdk-docs/build/modules/group/README.md new file mode 100644 index 00000000..98fd7ba9 --- /dev/null +++ b/copy-of-sdk-docs/build/modules/group/README.md @@ -0,0 +1,2168 @@ +--- +sidebar_position: 1 +--- + +# `x/group` + +⚠️ **DEPRECATED**: This package is deprecated and will be removed in the next major release. The `x/group` module will be moved to a separate repo `github.com/cosmos/cosmos-sdk-legacy`. + +## Abstract + +The following documents specify the group module. + +This module allows the creation and management of on-chain multisig accounts and enables voting for message execution based on configurable decision policies. + +## Contents + +* [Concepts](#concepts) + * [Group](#group) + * [Group Policy](#group-policy) + * [Decision Policy](#decision-policy) + * [Proposal](#proposal) + * [Pruning](#pruning) +* [State](#state) + * [Group Table](#group-table) + * [Group Member Table](#group-member-table) + * [Group Policy Table](#group-policy-table) + * [Proposal Table](#proposal-table) + * [Vote Table](#vote-table) +* [Msg Service](#msg-service) + * [Msg/CreateGroup](#msgcreategroup) + * [Msg/UpdateGroupMembers](#msgupdategroupmembers) + * [Msg/UpdateGroupAdmin](#msgupdategroupadmin) + * [Msg/UpdateGroupMetadata](#msgupdategroupmetadata) + * [Msg/CreateGroupPolicy](#msgcreategrouppolicy) + * [Msg/CreateGroupWithPolicy](#msgcreategroupwithpolicy) + * [Msg/UpdateGroupPolicyAdmin](#msgupdategrouppolicyadmin) + * [Msg/UpdateGroupPolicyDecisionPolicy](#msgupdategrouppolicydecisionpolicy) + * [Msg/UpdateGroupPolicyMetadata](#msgupdategrouppolicymetadata) + * [Msg/SubmitProposal](#msgsubmitproposal) + * [Msg/WithdrawProposal](#msgwithdrawproposal) + * [Msg/Vote](#msgvote) + * [Msg/Exec](#msgexec) + * [Msg/LeaveGroup](#msgleavegroup) +* [Events](#events) + * [EventCreateGroup](#eventcreategroup) + * [EventUpdateGroup](#eventupdategroup) + * [EventCreateGroupPolicy](#eventcreategrouppolicy) + * [EventUpdateGroupPolicy](#eventupdategrouppolicy) + * [EventCreateProposal](#eventcreateproposal) + * [EventWithdrawProposal](#eventwithdrawproposal) + * [EventVote](#eventvote) + * [EventExec](#eventexec) + * [EventLeaveGroup](#eventleavegroup) + * [EventProposalPruned](#eventproposalpruned) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) +* [Metadata](#metadata) + +## Concepts + +### Group + +A group is simply an aggregation of accounts with associated weights. It is not +an account and doesn't have a balance. It doesn't in and of itself have any +sort of voting or decision weight. It does have an "administrator" which has +the ability to add, remove and update members in the group. Note that a +group policy account could be an administrator of a group, and that the +administrator doesn't necessarily have to be a member of the group. + +### Group Policy + +A group policy is an account associated with a group and a decision policy. +Group policies are abstracted from groups because a single group may have +multiple decision policies for different types of actions. Managing group +membership separately from decision policies results in the least overhead +and keeps membership consistent across different policies. The pattern that +is recommended is to have a single master group policy for a given group, +and then to create separate group policies with different decision policies +and delegate the desired permissions from the master account to +those "sub-accounts" using the `x/authz` module. + +### Decision Policy + +A decision policy is the mechanism by which members of a group can vote on +proposals, as well as the rules that dictate whether a proposal should pass +or not based on its tally outcome. + +All decision policies generally would have a minimum execution period and a +maximum voting window. The minimum execution period is the minimum amount of time +that must pass after submission in order for a proposal to potentially be executed, and it may +be set to 0. The maximum voting window is the maximum time after submission that a proposal may +be voted on before it is tallied. + +The chain developer also defines an app-wide maximum execution period, which is +the maximum amount of time after a proposal's voting period end where users are +allowed to execute a proposal. + +The current group module comes shipped with two decision policies: threshold +and percentage. Any chain developer can extend upon these two, by creating +custom decision policies, as long as they adhere to the `DecisionPolicy` +interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/x/group/types.go#L27-L45 +``` + +#### Threshold decision policy + +A threshold decision policy defines a threshold of yes votes (based on a tally +of voter weights) that must be achieved in order for a proposal to pass. For +this decision policy, abstain and veto are simply treated as no's. + +This decision policy also has a VotingPeriod window and a MinExecutionPeriod +window. The former defines the duration after proposal submission where members +are allowed to vote, after which tallying is performed. The latter specifies +the minimum duration after proposal submission where the proposal can be +executed. If set to 0, then the proposal is allowed to be executed immediately +on submission (using the `TRY_EXEC` option). Obviously, MinExecutionPeriod +cannot be greater than VotingPeriod+MaxExecutionPeriod (where MaxExecution is +the app-defined duration that specifies the window after voting ended where a +proposal can be executed). + +#### Percentage decision policy + +A percentage decision policy is similar to a threshold decision policy, except +that the threshold is not defined as a constant weight, but as a percentage. +It's more suited for groups where the group members' weights can be updated, as +the percentage threshold stays the same, and doesn't depend on how those member +weights get updated. + +Same as the Threshold decision policy, the percentage decision policy has the +two VotingPeriod and MinExecutionPeriod parameters. + +### Proposal + +Any member(s) of a group can submit a proposal for a group policy account to decide upon. +A proposal consists of a set of messages that will be executed if the proposal +passes as well as any metadata associated with the proposal. + +#### Voting + +There are four choices to choose while voting - yes, no, abstain and veto. Not +all decision policies will take the four choices into account. Votes can contain some optional metadata. +In the current implementation, the voting window begins as soon as a proposal +is submitted, and the end is defined by the group policy's decision policy. + +#### Withdrawing Proposals + +Proposals can be withdrawn any time before the voting period end, either by the +admin of the group policy or by one of the proposers. Once withdrawn, it is +marked as `PROPOSAL_STATUS_WITHDRAWN`, and no more voting or execution is +allowed on it. + +#### Aborted Proposals + +If the group policy is updated during the voting period of the proposal, then +the proposal is marked as `PROPOSAL_STATUS_ABORTED`, and no more voting or +execution is allowed on it. This is because the group policy defines the rules +of proposal voting and execution, so if those rules change during the lifecycle +of a proposal, then the proposal should be marked as stale. + +#### Tallying + +Tallying is the counting of all votes on a proposal. It happens only once in +the lifecycle of a proposal, but can be triggered by two factors, whichever +happens first: + +* either someone tries to execute the proposal (see next section), which can + happen on a `Msg/Exec` transaction, or a `Msg/{SubmitProposal,Vote}` + transaction with the `Exec` field set. When a proposal execution is attempted, + a tally is done first to make sure the proposal passes. +* or on `EndBlock` when the proposal's voting period end just passed. + +If the tally result passes the decision policy's rules, then the proposal is +marked as `PROPOSAL_STATUS_ACCEPTED`, or else it is marked as +`PROPOSAL_STATUS_REJECTED`. In any case, no more voting is allowed anymore, and the tally +result is persisted to state in the proposal's `FinalTallyResult`. + +#### Executing Proposals + +Proposals are executed only when the tallying is done, and the group account's +decision policy allows the proposal to pass based on the tally outcome. They +are marked by the status `PROPOSAL_STATUS_ACCEPTED`. Execution must happen +before a duration of `MaxExecutionPeriod` (set by the chain developer) after +each proposal's voting period end. + +Proposals will not be automatically executed by the chain in this current design, +but rather a user must submit a `Msg/Exec` transaction to attempt to execute the +proposal based on the current votes and decision policy. Any user (not only the +group members) can execute proposals that have been accepted, and execution fees are +paid by the proposal executor. +It's also possible to try to execute a proposal immediately on creation or on +new votes using the `Exec` field of `Msg/SubmitProposal` and `Msg/Vote` requests. +In the former case, proposers signatures are considered as yes votes. +In these cases, if the proposal can't be executed (i.e. it didn't pass the +decision policy's rules), it will still be opened for new votes and +could be tallied and executed later on. + +A successful proposal execution will have its `ExecutorResult` marked as +`PROPOSAL_EXECUTOR_RESULT_SUCCESS`. The proposal will be automatically pruned +after execution. On the other hand, a failed proposal execution will be marked +as `PROPOSAL_EXECUTOR_RESULT_FAILURE`. Such a proposal can be re-executed +multiple times, until it expires after `MaxExecutionPeriod` after voting period +end. + +### Pruning + +Proposals and votes are automatically pruned to avoid state bloat. + +Votes are pruned: + +* either after a successful tally, i.e. a tally whose result passes the decision + policy's rules, which can be triggered by a `Msg/Exec` or a + `Msg/{SubmitProposal,Vote}` with the `Exec` field set, +* or on `EndBlock` right after the proposal's voting period end. This applies to proposals with status `aborted` or `withdrawn` too. + +whichever happens first. + +Proposals are pruned: + +* on `EndBlock` whose proposal status is `withdrawn` or `aborted` on proposal's voting period end before tallying, +* and either after a successful proposal execution, +* or on `EndBlock` right after the proposal's `voting_period_end` + + `max_execution_period` (defined as an app-wide configuration) is passed, + +whichever happens first. + +## State + +The `group` module uses the `orm` package which provides table storage with support for +primary keys and secondary indexes. `orm` also defines `Sequence` which is a persistent unique key generator based on a counter that can be used along with `Table`s. + +Here's the list of tables and associated sequences and indexes stored as part of the `group` module. + +### Group Table + +The `groupTable` stores `GroupInfo`: `0x0 | BigEndian(GroupId) -> ProtocolBuffer(GroupInfo)`. + +#### groupSeq + +The value of `groupSeq` is incremented when creating a new group and corresponds to the new `GroupId`: `0x1 | 0x1 -> BigEndian`. + +The second `0x1` corresponds to the ORM `sequenceStorageKey`. + +#### groupByAdminIndex + +`groupByAdminIndex` allows to retrieve groups by admin address: +`0x2 | len([]byte(group.Admin)) | []byte(group.Admin) | BigEndian(GroupId) -> []byte()`. + +### Group Member Table + +The `groupMemberTable` stores `GroupMember`s: `0x10 | BigEndian(GroupId) | []byte(member.Address) -> ProtocolBuffer(GroupMember)`. + +The `groupMemberTable` is a primary key table and its `PrimaryKey` is given by +`BigEndian(GroupId) | []byte(member.Address)` which is used by the following indexes. + +#### groupMemberByGroupIndex + +`groupMemberByGroupIndex` allows to retrieve group members by group id: +`0x11 | BigEndian(GroupId) | PrimaryKey -> []byte()`. + +#### groupMemberByMemberIndex + +`groupMemberByMemberIndex` allows to retrieve group members by member address: +`0x12 | len([]byte(member.Address)) | []byte(member.Address) | PrimaryKey -> []byte()`. + +### Group Policy Table + +The `groupPolicyTable` stores `GroupPolicyInfo`: `0x20 | len([]byte(Address)) | []byte(Address) -> ProtocolBuffer(GroupPolicyInfo)`. + +The `groupPolicyTable` is a primary key table and its `PrimaryKey` is given by +`len([]byte(Address)) | []byte(Address)` which is used by the following indexes. + +#### groupPolicySeq + +The value of `groupPolicySeq` is incremented when creating a new group policy and is used to generate the new group policy account `Address`: +`0x21 | 0x1 -> BigEndian`. + +The second `0x1` corresponds to the ORM `sequenceStorageKey`. + +#### groupPolicyByGroupIndex + +`groupPolicyByGroupIndex` allows to retrieve group policies by group id: +`0x22 | BigEndian(GroupId) | PrimaryKey -> []byte()`. + +#### groupPolicyByAdminIndex + +`groupPolicyByAdminIndex` allows to retrieve group policies by admin address: +`0x23 | len([]byte(Address)) | []byte(Address) | PrimaryKey -> []byte()`. + +### Proposal Table + +The `proposalTable` stores `Proposal`s: `0x30 | BigEndian(ProposalId) -> ProtocolBuffer(Proposal)`. + +#### proposalSeq + +The value of `proposalSeq` is incremented when creating a new proposal and corresponds to the new `ProposalId`: `0x31 | 0x1 -> BigEndian`. + +The second `0x1` corresponds to the ORM `sequenceStorageKey`. + +#### proposalByGroupPolicyIndex + +`proposalByGroupPolicyIndex` allows to retrieve proposals by group policy account address: +`0x32 | len([]byte(account.Address)) | []byte(account.Address) | BigEndian(ProposalId) -> []byte()`. + +#### ProposalsByVotingPeriodEndIndex + +`proposalsByVotingPeriodEndIndex` allows to retrieve proposals sorted by chronological `voting_period_end`: +`0x33 | sdk.FormatTimeBytes(proposal.VotingPeriodEnd) | BigEndian(ProposalId) -> []byte()`. + +This index is used when tallying the proposal votes at the end of the voting period, and for pruning proposals at `VotingPeriodEnd + MaxExecutionPeriod`. + +### Vote Table + +The `voteTable` stores `Vote`s: `0x40 | BigEndian(ProposalId) | []byte(voter.Address) -> ProtocolBuffer(Vote)`. + +The `voteTable` is a primary key table and its `PrimaryKey` is given by +`BigEndian(ProposalId) | []byte(voter.Address)` which is used by the following indexes. + +#### voteByProposalIndex + +`voteByProposalIndex` allows to retrieve votes by proposal id: +`0x41 | BigEndian(ProposalId) | PrimaryKey -> []byte()`. + +#### voteByVoterIndex + +`voteByVoterIndex` allows to retrieve votes by voter address: +`0x42 | len([]byte(voter.Address)) | []byte(voter.Address) | PrimaryKey -> []byte()`. + +## Msg Service + +### Msg/CreateGroup + +A new group can be created with the `MsgCreateGroup`, which has an admin address, a list of members and some optional metadata. + +The metadata has a maximum length that is chosen by the app developer, and +passed into the group keeper as a config. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L67-L80 +``` + +It's expected to fail if + +* metadata length is greater than `MaxMetadataLen` config +* members are not correctly set (e.g. wrong address format, duplicates, or with 0 weight). + +### Msg/UpdateGroupMembers + +Group members can be updated with the `UpdateGroupMembers`. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L88-L102 +``` + +In the list of `MemberUpdates`, an existing member can be removed by setting its weight to 0. + +It's expected to fail if: + +* the signer is not the admin of the group. +* for any one of the associated group policies, if its decision policy's `Validate()` method fails against the updated group. + +### Msg/UpdateGroupAdmin + +The `UpdateGroupAdmin` can be used to update a group admin. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L107-L120 +``` + +It's expected to fail if the signer is not the admin of the group. + +### Msg/UpdateGroupMetadata + +The `UpdateGroupMetadata` can be used to update a group metadata. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L125-L138 +``` + +It's expected to fail if: + +* new metadata length is greater than `MaxMetadataLen` config. +* the signer is not the admin of the group. + +### Msg/CreateGroupPolicy + +A new group policy can be created with the `MsgCreateGroupPolicy`, which has an admin address, a group id, a decision policy and some optional metadata. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L147-L165 +``` + +It's expected to fail if: + +* the signer is not the admin of the group. +* metadata length is greater than `MaxMetadataLen` config. +* the decision policy's `Validate()` method doesn't pass against the group. + +### Msg/CreateGroupWithPolicy + +A new group with policy can be created with the `MsgCreateGroupWithPolicy`, which has an admin address, a list of members, a decision policy, a `group_policy_as_admin` field to optionally set group and group policy admin with group policy address and some optional metadata for group and group policy. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L191-L215 +``` + +It's expected to fail for the same reasons as `Msg/CreateGroup` and `Msg/CreateGroupPolicy`. + +### Msg/UpdateGroupPolicyAdmin + +The `UpdateGroupPolicyAdmin` can be used to update a group policy admin. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L173-L186 +``` + +It's expected to fail if the signer is not the admin of the group policy. + +### Msg/UpdateGroupPolicyDecisionPolicy + +The `UpdateGroupPolicyDecisionPolicy` can be used to update a decision policy. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L226-L241 +``` + +It's expected to fail if: + +* the signer is not the admin of the group policy. +* the new decision policy's `Validate()` method doesn't pass against the group. + +### Msg/UpdateGroupPolicyMetadata + +The `UpdateGroupPolicyMetadata` can be used to update a group policy metadata. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L246-L259 +``` + +It's expected to fail if: + +* new metadata length is greater than `MaxMetadataLen` config. +* the signer is not the admin of the group. + +### Msg/SubmitProposal + +A new proposal can be created with the `MsgSubmitProposal`, which has a group policy account address, a list of proposers addresses, a list of messages to execute if the proposal is accepted and some optional metadata. +An optional `Exec` value can be provided to try to execute the proposal immediately after proposal creation. Proposers signatures are considered as yes votes in this case. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L281-L315 +``` + +It's expected to fail if: + +* metadata, title, or summary length is greater than `MaxMetadataLen` config. +* if any of the proposers is not a group member. + +### Msg/WithdrawProposal + +A proposal can be withdrawn using `MsgWithdrawProposal` which has an `address` (can be either a proposer or the group policy admin) and a `proposal_id` (which has to be withdrawn). + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L323-L333 +``` + +It's expected to fail if: + +* the signer is neither the group policy admin nor proposer of the proposal. +* the proposal is already closed or aborted. + +### Msg/Vote + +A new vote can be created with the `MsgVote`, given a proposal id, a voter address, a choice (yes, no, veto or abstain) and some optional metadata. +An optional `Exec` value can be provided to try to execute the proposal immediately after voting. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L338-L358 +``` + +It's expected to fail if: + +* metadata length is greater than `MaxMetadataLen` config. +* the proposal is not in voting period anymore. + +### Msg/Exec + +A proposal can be executed with the `MsgExec`. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L363-L373 +``` + +The messages that are part of this proposal won't be executed if: + +* the proposal has not been accepted by the group policy. +* the proposal has already been successfully executed. + +### Msg/LeaveGroup + +The `MsgLeaveGroup` allows group member to leave a group. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L381-L391 +``` + +It's expected to fail if: + +* the group member is not part of the group. +* for any one of the associated group policies, if its decision policy's `Validate()` method fails against the updated group. + +## Events + +The group module emits the following events: + +### EventCreateGroup + +| Type | Attribute Key | Attribute Value | +| -------------------------------- | ------------- | -------------------------------- | +| message | action | /cosmos.group.v1.Msg/CreateGroup | +| cosmos.group.v1.EventCreateGroup | group_id | {groupId} | + +### EventUpdateGroup + +| Type | Attribute Key | Attribute Value | +| -------------------------------- | ------------- | ---------------------------------------------------------- | +| message | action | /cosmos.group.v1.Msg/UpdateGroup{Admin\|Metadata\|Members} | +| cosmos.group.v1.EventUpdateGroup | group_id | {groupId} | + +### EventCreateGroupPolicy + +| Type | Attribute Key | Attribute Value | +| -------------------------------------- | ------------- | -------------------------------------- | +| message | action | /cosmos.group.v1.Msg/CreateGroupPolicy | +| cosmos.group.v1.EventCreateGroupPolicy | address | {groupPolicyAddress} | + +### EventUpdateGroupPolicy + +| Type | Attribute Key | Attribute Value | +| -------------------------------------- | ------------- | ----------------------------------------------------------------------- | +| message | action | /cosmos.group.v1.Msg/UpdateGroupPolicy{Admin\|Metadata\|DecisionPolicy} | +| cosmos.group.v1.EventUpdateGroupPolicy | address | {groupPolicyAddress} | + +### EventCreateProposal + +| Type | Attribute Key | Attribute Value | +| ----------------------------------- | ------------- | ----------------------------------- | +| message | action | /cosmos.group.v1.Msg/CreateProposal | +| cosmos.group.v1.EventCreateProposal | proposal_id | {proposalId} | + +### EventWithdrawProposal + +| Type | Attribute Key | Attribute Value | +| ------------------------------------- | ------------- | ------------------------------------- | +| message | action | /cosmos.group.v1.Msg/WithdrawProposal | +| cosmos.group.v1.EventWithdrawProposal | proposal_id | {proposalId} | + +### EventVote + +| Type | Attribute Key | Attribute Value | +| ------------------------- | ------------- | ------------------------- | +| message | action | /cosmos.group.v1.Msg/Vote | +| cosmos.group.v1.EventVote | proposal_id | {proposalId} | + +## EventExec + +| Type | Attribute Key | Attribute Value | +| ------------------------- | ------------- | ------------------------- | +| message | action | /cosmos.group.v1.Msg/Exec | +| cosmos.group.v1.EventExec | proposal_id | {proposalId} | +| cosmos.group.v1.EventExec | logs | {logs_string} | + +### EventLeaveGroup + +| Type | Attribute Key | Attribute Value | +| ------------------------------- | ------------- | ------------------------------- | +| message | action | /cosmos.group.v1.Msg/LeaveGroup | +| cosmos.group.v1.EventLeaveGroup | proposal_id | {proposalId} | +| cosmos.group.v1.EventLeaveGroup | address | {address} | + +### EventProposalPruned + +| Type | Attribute Key | Attribute Value | +|-------------------------------------|---------------|---------------------------------| +| message | action | /cosmos.group.v1.Msg/LeaveGroup | +| cosmos.group.v1.EventProposalPruned | proposal_id | {proposalId} | +| cosmos.group.v1.EventProposalPruned | status | {ProposalStatus} | +| cosmos.group.v1.EventProposalPruned | tally_result | {TallyResult} | + + +## Client + +### CLI + +A user can query and interact with the `group` module using the CLI. + +#### Query + +The `query` commands allow users to query `group` state. + +```bash +simd query group --help +``` + +##### group-info + +The `group-info` command allows users to query for group info by given group id. + +```bash +simd query group group-info [id] [flags] +``` + +Example: + +```bash +simd query group group-info 1 +``` + +Example Output: + +```bash +admin: cosmos1.. +group_id: "1" +metadata: AQ== +total_weight: "3" +version: "1" +``` + +##### group-policy-info + +The `group-policy-info` command allows users to query for group policy info by account address of group policy . + +```bash +simd query group group-policy-info [group-policy-account] [flags] +``` + +Example: + +```bash +simd query group group-policy-info cosmos1.. +``` + +Example Output: + +```bash +address: cosmos1.. +admin: cosmos1.. +decision_policy: + '@type': /cosmos.group.v1.ThresholdDecisionPolicy + threshold: "1" + windows: + min_execution_period: 0s + voting_period: 432000s +group_id: "1" +metadata: AQ== +version: "1" +``` + +##### group-members + +The `group-members` command allows users to query for group members by group id with pagination flags. + +```bash +simd query group group-members [id] [flags] +``` + +Example: + +```bash +simd query group group-members 1 +``` + +Example Output: + +```bash +members: +- group_id: "1" + member: + address: cosmos1.. + metadata: AQ== + weight: "2" +- group_id: "1" + member: + address: cosmos1.. + metadata: AQ== + weight: "1" +pagination: + next_key: null + total: "2" +``` + +##### groups-by-admin + +The `groups-by-admin` command allows users to query for groups by admin account address with pagination flags. + +```bash +simd query group groups-by-admin [admin] [flags] +``` + +Example: + +```bash +simd query group groups-by-admin cosmos1.. +``` + +Example Output: + +```bash +groups: +- admin: cosmos1.. + group_id: "1" + metadata: AQ== + total_weight: "3" + version: "1" +- admin: cosmos1.. + group_id: "2" + metadata: AQ== + total_weight: "3" + version: "1" +pagination: + next_key: null + total: "2" +``` + +##### group-policies-by-group + +The `group-policies-by-group` command allows users to query for group policies by group id with pagination flags. + +```bash +simd query group group-policies-by-group [group-id] [flags] +``` + +Example: + +```bash +simd query group group-policies-by-group 1 +``` + +Example Output: + +```bash +group_policies: +- address: cosmos1.. + admin: cosmos1.. + decision_policy: + '@type': /cosmos.group.v1.ThresholdDecisionPolicy + threshold: "1" + windows: + min_execution_period: 0s + voting_period: 432000s + group_id: "1" + metadata: AQ== + version: "1" +- address: cosmos1.. + admin: cosmos1.. + decision_policy: + '@type': /cosmos.group.v1.ThresholdDecisionPolicy + threshold: "1" + windows: + min_execution_period: 0s + voting_period: 432000s + group_id: "1" + metadata: AQ== + version: "1" +pagination: + next_key: null + total: "2" +``` + +##### group-policies-by-admin + +The `group-policies-by-admin` command allows users to query for group policies by admin account address with pagination flags. + +```bash +simd query group group-policies-by-admin [admin] [flags] +``` + +Example: + +```bash +simd query group group-policies-by-admin cosmos1.. +``` + +Example Output: + +```bash +group_policies: +- address: cosmos1.. + admin: cosmos1.. + decision_policy: + '@type': /cosmos.group.v1.ThresholdDecisionPolicy + threshold: "1" + windows: + min_execution_period: 0s + voting_period: 432000s + group_id: "1" + metadata: AQ== + version: "1" +- address: cosmos1.. + admin: cosmos1.. + decision_policy: + '@type': /cosmos.group.v1.ThresholdDecisionPolicy + threshold: "1" + windows: + min_execution_period: 0s + voting_period: 432000s + group_id: "1" + metadata: AQ== + version: "1" +pagination: + next_key: null + total: "2" +``` + +##### proposal + +The `proposal` command allows users to query for proposal by id. + +```bash +simd query group proposal [id] [flags] +``` + +Example: + +```bash +simd query group proposal 1 +``` + +Example Output: + +```bash +proposal: + address: cosmos1.. + executor_result: EXECUTOR_RESULT_NOT_RUN + group_policy_version: "1" + group_version: "1" + metadata: AQ== + msgs: + - '@type': /cosmos.bank.v1beta1.MsgSend + amount: + - amount: "100000000" + denom: stake + from_address: cosmos1.. + to_address: cosmos1.. + proposal_id: "1" + proposers: + - cosmos1.. + result: RESULT_UNFINALIZED + status: STATUS_SUBMITTED + submitted_at: "2021-12-17T07:06:26.310638964Z" + windows: + min_execution_period: 0s + voting_period: 432000s + vote_state: + abstain_count: "0" + no_count: "0" + veto_count: "0" + yes_count: "0" + summary: "Summary" + title: "Title" +``` + +##### proposals-by-group-policy + +The `proposals-by-group-policy` command allows users to query for proposals by account address of group policy with pagination flags. + +```bash +simd query group proposals-by-group-policy [group-policy-account] [flags] +``` + +Example: + +```bash +simd query group proposals-by-group-policy cosmos1.. +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "1" +proposals: +- address: cosmos1.. + executor_result: EXECUTOR_RESULT_NOT_RUN + group_policy_version: "1" + group_version: "1" + metadata: AQ== + msgs: + - '@type': /cosmos.bank.v1beta1.MsgSend + amount: + - amount: "100000000" + denom: stake + from_address: cosmos1.. + to_address: cosmos1.. + proposal_id: "1" + proposers: + - cosmos1.. + result: RESULT_UNFINALIZED + status: STATUS_SUBMITTED + submitted_at: "2021-12-17T07:06:26.310638964Z" + windows: + min_execution_period: 0s + voting_period: 432000s + vote_state: + abstain_count: "0" + no_count: "0" + veto_count: "0" + yes_count: "0" + summary: "Summary" + title: "Title" +``` + +##### vote + +The `vote` command allows users to query for vote by proposal id and voter account address. + +```bash +simd query group vote [proposal-id] [voter] [flags] +``` + +Example: + +```bash +simd query group vote 1 cosmos1.. +``` + +Example Output: + +```bash +vote: + choice: CHOICE_YES + metadata: AQ== + proposal_id: "1" + submitted_at: "2021-12-17T08:05:02.490164009Z" + voter: cosmos1.. +``` + +##### votes-by-proposal + +The `votes-by-proposal` command allows users to query for votes by proposal id with pagination flags. + +```bash +simd query group votes-by-proposal [proposal-id] [flags] +``` + +Example: + +```bash +simd query group votes-by-proposal 1 +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "1" +votes: +- choice: CHOICE_YES + metadata: AQ== + proposal_id: "1" + submitted_at: "2021-12-17T08:05:02.490164009Z" + voter: cosmos1.. +``` + +##### votes-by-voter + +The `votes-by-voter` command allows users to query for votes by voter account address with pagination flags. + +```bash +simd query group votes-by-voter [voter] [flags] +``` + +Example: + +```bash +simd query group votes-by-voter cosmos1.. +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "1" +votes: +- choice: CHOICE_YES + metadata: AQ== + proposal_id: "1" + submitted_at: "2021-12-17T08:05:02.490164009Z" + voter: cosmos1.. +``` + +### Transactions + +The `tx` commands allow users to interact with the `group` module. + +```bash +simd tx group --help +``` + +#### create-group + +The `create-group` command allows users to create a group which is an aggregation of member accounts with associated weights and +an administrator account. + +```bash +simd tx group create-group [admin] [metadata] [members-json-file] +``` + +Example: + +```bash +simd tx group create-group cosmos1.. "AQ==" members.json +``` + +#### update-group-admin + +The `update-group-admin` command allows users to update a group's admin. + +```bash +simd tx group update-group-admin [admin] [group-id] [new-admin] [flags] +``` + +Example: + +```bash +simd tx group update-group-admin cosmos1.. 1 cosmos1.. +``` + +#### update-group-members + +The `update-group-members` command allows users to update a group's members. + +```bash +simd tx group update-group-members [admin] [group-id] [members-json-file] [flags] +``` + +Example: + +```bash +simd tx group update-group-members cosmos1.. 1 members.json +``` + +#### update-group-metadata + +The `update-group-metadata` command allows users to update a group's metadata. + +```bash +simd tx group update-group-metadata [admin] [group-id] [metadata] [flags] +``` + +Example: + +```bash +simd tx group update-group-metadata cosmos1.. 1 "AQ==" +``` + +#### create-group-policy + +The `create-group-policy` command allows users to create a group policy which is an account associated with a group and a decision policy. + +```bash +simd tx group create-group-policy [admin] [group-id] [metadata] [decision-policy] [flags] +``` + +Example: + +```bash +simd tx group create-group-policy cosmos1.. 1 "AQ==" '{"@type":"/cosmos.group.v1.ThresholdDecisionPolicy", "threshold":"1", "windows": {"voting_period": "120h", "min_execution_period": "0s"}}' +``` + +#### create-group-with-policy + +The `create-group-with-policy` command allows users to create a group which is an aggregation of member accounts with associated weights and an administrator account with decision policy. If the `--group-policy-as-admin` flag is set to `true`, the group policy address becomes the group and group policy admin. + +```bash +simd tx group create-group-with-policy [admin] [group-metadata] [group-policy-metadata] [members-json-file] [decision-policy] [flags] +``` + +Example: + +```bash +simd tx group create-group-with-policy cosmos1.. "AQ==" "AQ==" members.json '{"@type":"/cosmos.group.v1.ThresholdDecisionPolicy", "threshold":"1", "windows": {"voting_period": "120h", "min_execution_period": "0s"}}' +``` + +#### update-group-policy-admin + +The `update-group-policy-admin` command allows users to update a group policy admin. + +```bash +simd tx group update-group-policy-admin [admin] [group-policy-account] [new-admin] [flags] +``` + +Example: + +```bash +simd tx group update-group-policy-admin cosmos1.. cosmos1.. cosmos1.. +``` + +#### update-group-policy-metadata + +The `update-group-policy-metadata` command allows users to update a group policy metadata. + +```bash +simd tx group update-group-policy-metadata [admin] [group-policy-account] [new-metadata] [flags] +``` + +Example: + +```bash +simd tx group update-group-policy-metadata cosmos1.. cosmos1.. "AQ==" +``` + +#### update-group-policy-decision-policy + +The `update-group-policy-decision-policy` command allows users to update a group policy's decision policy. + +```bash +simd tx group update-group-policy-decision-policy [admin] [group-policy-account] [decision-policy] [flags] +``` + +Example: + +```bash +simd tx group update-group-policy-decision-policy cosmos1.. cosmos1.. '{"@type":"/cosmos.group.v1.ThresholdDecisionPolicy", "threshold":"2", "windows": {"voting_period": "120h", "min_execution_period": "0s"}}' +``` + +#### submit-proposal + +The `submit-proposal` command allows users to submit a new proposal. + +```bash +simd tx group submit-proposal [group-policy-account] [proposer[,proposer]*] [msg_tx_json_file] [metadata] [flags] +``` + +Example: + +```bash +simd tx group submit-proposal cosmos1.. cosmos1.. msg_tx.json "AQ==" +``` + +#### withdraw-proposal + +The `withdraw-proposal` command allows users to withdraw a proposal. + +```bash +simd tx group withdraw-proposal [proposal-id] [group-policy-admin-or-proposer] +``` + +Example: + +```bash +simd tx group withdraw-proposal 1 cosmos1.. +``` + +#### vote + +The `vote` command allows users to vote on a proposal. + +```bash +simd tx group vote proposal-id] [voter] [choice] [metadata] [flags] +``` + +Example: + +```bash +simd tx group vote 1 cosmos1.. CHOICE_YES "AQ==" +``` + +#### exec + +The `exec` command allows users to execute a proposal. + +```bash +simd tx group exec [proposal-id] [flags] +``` + +Example: + +```bash +simd tx group exec 1 +``` + +#### leave-group + +The `leave-group` command allows group member to leave the group. + +```bash +simd tx group leave-group [member-address] [group-id] +``` + +Example: + +```bash +simd tx group leave-group cosmos1... 1 +``` + +### gRPC + +A user can query the `group` module using gRPC endpoints. + +#### GroupInfo + +The `GroupInfo` endpoint allows users to query for group info by given group id. + +```bash +cosmos.group.v1.Query/GroupInfo +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"group_id":1}' localhost:9090 cosmos.group.v1.Query/GroupInfo +``` + +Example Output: + +```bash +{ + "info": { + "groupId": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "totalWeight": "3" + } +} +``` + +#### GroupPolicyInfo + +The `GroupPolicyInfo` endpoint allows users to query for group policy info by account address of group policy. + +```bash +cosmos.group.v1.Query/GroupPolicyInfo +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"address":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/GroupPolicyInfo +``` + +Example Output: + +```bash +{ + "info": { + "address": "cosmos1..", + "groupId": "1", + "admin": "cosmos1..", + "version": "1", + "decisionPolicy": {"@type":"/cosmos.group.v1.ThresholdDecisionPolicy","threshold":"1","windows": {"voting_period": "120h", "min_execution_period": "0s"}}, + } +} +``` + +#### GroupMembers + +The `GroupMembers` endpoint allows users to query for group members by group id with pagination flags. + +```bash +cosmos.group.v1.Query/GroupMembers +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"group_id":"1"}' localhost:9090 cosmos.group.v1.Query/GroupMembers +``` + +Example Output: + +```bash +{ + "members": [ + { + "groupId": "1", + "member": { + "address": "cosmos1..", + "weight": "1" + } + }, + { + "groupId": "1", + "member": { + "address": "cosmos1..", + "weight": "2" + } + } + ], + "pagination": { + "total": "2" + } +} +``` + +#### GroupsByAdmin + +The `GroupsByAdmin` endpoint allows users to query for groups by admin account address with pagination flags. + +```bash +cosmos.group.v1.Query/GroupsByAdmin +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"admin":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/GroupsByAdmin +``` + +Example Output: + +```bash +{ + "groups": [ + { + "groupId": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "totalWeight": "3" + }, + { + "groupId": "2", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "totalWeight": "3" + } + ], + "pagination": { + "total": "2" + } +} +``` + +#### GroupPoliciesByGroup + +The `GroupPoliciesByGroup` endpoint allows users to query for group policies by group id with pagination flags. + +```bash +cosmos.group.v1.Query/GroupPoliciesByGroup +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"group_id":"1"}' localhost:9090 cosmos.group.v1.Query/GroupPoliciesByGroup +``` + +Example Output: + +```bash +{ + "GroupPolicies": [ + { + "address": "cosmos1..", + "groupId": "1", + "admin": "cosmos1..", + "version": "1", + "decisionPolicy": {"@type":"/cosmos.group.v1.ThresholdDecisionPolicy","threshold":"1","windows":{"voting_period": "120h", "min_execution_period": "0s"}}, + }, + { + "address": "cosmos1..", + "groupId": "1", + "admin": "cosmos1..", + "version": "1", + "decisionPolicy": {"@type":"/cosmos.group.v1.ThresholdDecisionPolicy","threshold":"1","windows":{"voting_period": "120h", "min_execution_period": "0s"}}, + } + ], + "pagination": { + "total": "2" + } +} +``` + +#### GroupPoliciesByAdmin + +The `GroupPoliciesByAdmin` endpoint allows users to query for group policies by admin account address with pagination flags. + +```bash +cosmos.group.v1.Query/GroupPoliciesByAdmin +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"admin":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/GroupPoliciesByAdmin +``` + +Example Output: + +```bash +{ + "GroupPolicies": [ + { + "address": "cosmos1..", + "groupId": "1", + "admin": "cosmos1..", + "version": "1", + "decisionPolicy": {"@type":"/cosmos.group.v1.ThresholdDecisionPolicy","threshold":"1","windows":{"voting_period": "120h", "min_execution_period": "0s"}}, + }, + { + "address": "cosmos1..", + "groupId": "1", + "admin": "cosmos1..", + "version": "1", + "decisionPolicy": {"@type":"/cosmos.group.v1.ThresholdDecisionPolicy","threshold":"1","windows":{"voting_period": "120h", "min_execution_period": "0s"}}, + } + ], + "pagination": { + "total": "2" + } +} +``` + +#### Proposal + +The `Proposal` endpoint allows users to query for proposal by id. + +```bash +cosmos.group.v1.Query/Proposal +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' localhost:9090 cosmos.group.v1.Query/Proposal +``` + +Example Output: + +```bash +{ + "proposal": { + "proposalId": "1", + "address": "cosmos1..", + "proposers": [ + "cosmos1.." + ], + "submittedAt": "2021-12-17T07:06:26.310638964Z", + "groupVersion": "1", + "GroupPolicyVersion": "1", + "status": "STATUS_SUBMITTED", + "result": "RESULT_UNFINALIZED", + "voteState": { + "yesCount": "0", + "noCount": "0", + "abstainCount": "0", + "vetoCount": "0" + }, + "windows": { + "min_execution_period": "0s", + "voting_period": "432000s" + }, + "executorResult": "EXECUTOR_RESULT_NOT_RUN", + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"100000000"}],"fromAddress":"cosmos1..","toAddress":"cosmos1.."} + ], + "title": "Title", + "summary": "Summary", + } +} +``` + +#### ProposalsByGroupPolicy + +The `ProposalsByGroupPolicy` endpoint allows users to query for proposals by account address of group policy with pagination flags. + +```bash +cosmos.group.v1.Query/ProposalsByGroupPolicy +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"address":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/ProposalsByGroupPolicy +``` + +Example Output: + +```bash +{ + "proposals": [ + { + "proposalId": "1", + "address": "cosmos1..", + "proposers": [ + "cosmos1.." + ], + "submittedAt": "2021-12-17T08:03:27.099649352Z", + "groupVersion": "1", + "GroupPolicyVersion": "1", + "status": "STATUS_CLOSED", + "result": "RESULT_ACCEPTED", + "voteState": { + "yesCount": "1", + "noCount": "0", + "abstainCount": "0", + "vetoCount": "0" + }, + "windows": { + "min_execution_period": "0s", + "voting_period": "432000s" + }, + "executorResult": "EXECUTOR_RESULT_NOT_RUN", + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"100000000"}],"fromAddress":"cosmos1..","toAddress":"cosmos1.."} + ], + "title": "Title", + "summary": "Summary", + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### VoteByProposalVoter + +The `VoteByProposalVoter` endpoint allows users to query for vote by proposal id and voter account address. + +```bash +cosmos.group.v1.Query/VoteByProposalVoter +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1","voter":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/VoteByProposalVoter +``` + +Example Output: + +```bash +{ + "vote": { + "proposalId": "1", + "voter": "cosmos1..", + "choice": "CHOICE_YES", + "submittedAt": "2021-12-17T08:05:02.490164009Z" + } +} +``` + +#### VotesByProposal + +The `VotesByProposal` endpoint allows users to query for votes by proposal id with pagination flags. + +```bash +cosmos.group.v1.Query/VotesByProposal +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' localhost:9090 cosmos.group.v1.Query/VotesByProposal +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposalId": "1", + "voter": "cosmos1..", + "choice": "CHOICE_YES", + "submittedAt": "2021-12-17T08:05:02.490164009Z" + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### VotesByVoter + +The `VotesByVoter` endpoint allows users to query for votes by voter account address with pagination flags. + +```bash +cosmos.group.v1.Query/VotesByVoter +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"voter":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/VotesByVoter +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposalId": "1", + "voter": "cosmos1..", + "choice": "CHOICE_YES", + "submittedAt": "2021-12-17T08:05:02.490164009Z" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### REST + +A user can query the `group` module using REST endpoints. + +#### GroupInfo + +The `GroupInfo` endpoint allows users to query for group info by given group id. + +```bash +/cosmos/group/v1/group_info/{group_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/group_info/1 +``` + +Example Output: + +```bash +{ + "info": { + "id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "total_weight": "3" + } +} +``` + +#### GroupPolicyInfo + +The `GroupPolicyInfo` endpoint allows users to query for group policy info by account address of group policy. + +```bash +/cosmos/group/v1/group_policy_info/{address} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/group_policy_info/cosmos1.. +``` + +Example Output: + +```bash +{ + "info": { + "address": "cosmos1..", + "group_id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "decision_policy": { + "@type": "/cosmos.group.v1.ThresholdDecisionPolicy", + "threshold": "1", + "windows": { + "voting_period": "120h", + "min_execution_period": "0s" + } + }, + } +} +``` + +#### GroupMembers + +The `GroupMembers` endpoint allows users to query for group members by group id with pagination flags. + +```bash +/cosmos/group/v1/group_members/{group_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/group_members/1 +``` + +Example Output: + +```bash +{ + "members": [ + { + "group_id": "1", + "member": { + "address": "cosmos1..", + "weight": "1", + "metadata": "AQ==" + } + }, + { + "group_id": "1", + "member": { + "address": "cosmos1..", + "weight": "2", + "metadata": "AQ==" + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +#### GroupsByAdmin + +The `GroupsByAdmin` endpoint allows users to query for groups by admin account address with pagination flags. + +```bash +/cosmos/group/v1/groups_by_admin/{admin} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/groups_by_admin/cosmos1.. +``` + +Example Output: + +```bash +{ + "groups": [ + { + "id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "total_weight": "3" + }, + { + "id": "2", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "total_weight": "3" + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +#### GroupPoliciesByGroup + +The `GroupPoliciesByGroup` endpoint allows users to query for group policies by group id with pagination flags. + +```bash +/cosmos/group/v1/group_policies_by_group/{group_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/group_policies_by_group/1 +``` + +Example Output: + +```bash +{ + "group_policies": [ + { + "address": "cosmos1..", + "group_id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "decision_policy": { + "@type": "/cosmos.group.v1.ThresholdDecisionPolicy", + "threshold": "1", + "windows": { + "voting_period": "120h", + "min_execution_period": "0s" + } + }, + }, + { + "address": "cosmos1..", + "group_id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "decision_policy": { + "@type": "/cosmos.group.v1.ThresholdDecisionPolicy", + "threshold": "1", + "windows": { + "voting_period": "120h", + "min_execution_period": "0s" + } + }, + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +#### GroupPoliciesByAdmin + +The `GroupPoliciesByAdmin` endpoint allows users to query for group policies by admin account address with pagination flags. + +```bash +/cosmos/group/v1/group_policies_by_admin/{admin} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/group_policies_by_admin/cosmos1.. +``` + +Example Output: + +```bash +{ + "group_policies": [ + { + "address": "cosmos1..", + "group_id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "decision_policy": { + "@type": "/cosmos.group.v1.ThresholdDecisionPolicy", + "threshold": "1", + "windows": { + "voting_period": "120h", + "min_execution_period": "0s" + } + }, + }, + { + "address": "cosmos1..", + "group_id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "decision_policy": { + "@type": "/cosmos.group.v1.ThresholdDecisionPolicy", + "threshold": "1", + "windows": { + "voting_period": "120h", + "min_execution_period": "0s" + } + }, + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +``` + +#### Proposal + +The `Proposal` endpoint allows users to query for proposal by id. + +```bash +/cosmos/group/v1/proposal/{proposal_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/proposal/1 +``` + +Example Output: + +```bash +{ + "proposal": { + "proposal_id": "1", + "address": "cosmos1..", + "metadata": "AQ==", + "proposers": [ + "cosmos1.." + ], + "submitted_at": "2021-12-17T07:06:26.310638964Z", + "group_version": "1", + "group_policy_version": "1", + "status": "STATUS_SUBMITTED", + "result": "RESULT_UNFINALIZED", + "vote_state": { + "yes_count": "0", + "no_count": "0", + "abstain_count": "0", + "veto_count": "0" + }, + "windows": { + "min_execution_period": "0s", + "voting_period": "432000s" + }, + "executor_result": "EXECUTOR_RESULT_NOT_RUN", + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1..", + "to_address": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "100000000" + } + ] + } + ], + "title": "Title", + "summary": "Summary", + } +} +``` + +#### ProposalsByGroupPolicy + +The `ProposalsByGroupPolicy` endpoint allows users to query for proposals by account address of group policy with pagination flags. + +```bash +/cosmos/group/v1/proposals_by_group_policy/{address} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/proposals_by_group_policy/cosmos1.. +``` + +Example Output: + +```bash +{ + "proposals": [ + { + "id": "1", + "group_policy_address": "cosmos1..", + "metadata": "AQ==", + "proposers": [ + "cosmos1.." + ], + "submit_time": "2021-12-17T08:03:27.099649352Z", + "group_version": "1", + "group_policy_version": "1", + "status": "STATUS_CLOSED", + "result": "RESULT_ACCEPTED", + "vote_state": { + "yes_count": "1", + "no_count": "0", + "abstain_count": "0", + "veto_count": "0" + }, + "windows": { + "min_execution_period": "0s", + "voting_period": "432000s" + }, + "executor_result": "EXECUTOR_RESULT_NOT_RUN", + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1..", + "to_address": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "100000000" + } + ] + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### VoteByProposalVoter + +The `VoteByProposalVoter` endpoint allows users to query for vote by proposal id and voter account address. + +```bash +/cosmos/group/v1/vote_by_proposal_voter/{proposal_id}/{voter} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1beta1/vote_by_proposal_voter/1/cosmos1.. +``` + +Example Output: + +```bash +{ + "vote": { + "proposal_id": "1", + "voter": "cosmos1..", + "choice": "CHOICE_YES", + "metadata": "AQ==", + "submitted_at": "2021-12-17T08:05:02.490164009Z" + } +} +``` + +#### VotesByProposal + +The `VotesByProposal` endpoint allows users to query for votes by proposal id with pagination flags. + +```bash +/cosmos/group/v1/votes_by_proposal/{proposal_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/votes_by_proposal/1 +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposal_id": "1", + "voter": "cosmos1..", + "option": "CHOICE_YES", + "metadata": "AQ==", + "submit_time": "2021-12-17T08:05:02.490164009Z" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### VotesByVoter + +The `VotesByVoter` endpoint allows users to query for votes by voter account address with pagination flags. + +```bash +/cosmos/group/v1/votes_by_voter/{voter} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/votes_by_voter/cosmos1.. +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposal_id": "1", + "voter": "cosmos1..", + "choice": "CHOICE_YES", + "metadata": "AQ==", + "submitted_at": "2021-12-17T08:05:02.490164009Z" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +## Metadata + +The group module has four locations for metadata where users can provide further context about the on-chain actions they are taking. By default all metadata fields have a 255 character length field where metadata can be stored in json format, either on-chain or off-chain depending on the amount of data required. Here we provide a recommendation for the json structure and where the data should be stored. There are two important factors in making these recommendations. First, that the group and gov modules are consistent with one another, note the number of proposals made by all groups may be quite large. Second, that client applications such as block explorers and governance interfaces have confidence in the consistency of metadata structure across chains. + +### Proposal + +Location: off-chain as json object stored on IPFS (mirrors [gov proposal](../gov/README.md#metadata)) + +```json +{ + "title": "", + "authors": [""], + "summary": "", + "details": "", + "proposal_forum_url": "", + "vote_option_context": "", +} +``` + +:::note +The `authors` field is an array of strings, this is to allow for multiple authors to be listed in the metadata. +In v0.46, the `authors` field is a comma-separated string. Frontends are encouraged to support both formats for backwards compatibility. +::: + +### Vote + +Location: on-chain as json within 255 character limit (mirrors [gov vote](../gov/README.md#metadata)) + +```json +{ + "justification": "", +} +``` + +### Group + +Location: off-chain as json object stored on IPFS + +```json +{ + "name": "", + "description": "", + "group_website_url": "", + "group_forum_url": "", +} +``` + +### Decision policy + +Location: on-chain as json within 255 character limit + +```json +{ + "name": "", + "description": "", +} +``` diff --git a/copy-of-sdk-docs/build/modules/mint/README.md b/copy-of-sdk-docs/build/modules/mint/README.md new file mode 100644 index 00000000..89dab770 --- /dev/null +++ b/copy-of-sdk-docs/build/modules/mint/README.md @@ -0,0 +1,460 @@ +--- +sidebar_position: 1 +--- + +# `x/mint` + +The `x/mint` module handles the regular minting of new tokens in a configurable manner. + +## Contents + +* [State](#state) + * [Minter](#minter) + * [Params](#params) +* [Begin-Block](#begin-block) + * [NextInflationRate](#nextinflationrate) + * [NextAnnualProvisions](#nextannualprovisions) + * [BlockProvision](#blockprovision) +* [Parameters](#parameters) +* [Events](#events) + * [BeginBlocker](#beginblocker) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) + +## Concepts + +### The Minting Mechanism + +The default minting mechanism was designed to: + +* allow for a flexible inflation rate determined by market demand targeting a particular bonded-stake ratio +* effect a balance between market liquidity and staked supply + +In order to best determine the appropriate market rate for inflation rewards, a +moving change rate is used. The moving change rate mechanism ensures that if +the % bonded is either over or under the goal %-bonded, the inflation rate will +adjust to further incentivize or disincentivize being bonded, respectively. Setting the goal +%-bonded at less than 100% encourages the network to maintain some non-staked tokens +which should help provide some liquidity. + +It can be broken down in the following way: + +* If the actual percentage of bonded tokens is below the goal %-bonded the inflation rate will + increase until a maximum value is reached +* If the goal % bonded (67% in Cosmos-Hub) is maintained, then the inflation + rate will stay constant +* If the actual percentage of bonded tokens is above the goal %-bonded the inflation rate will + decrease until a minimum value is reached + +### Custom Minters + +As of Cosmos SDK v0.53.0, developers can set a custom `MintFn` for the module for specialized token minting logic. + +The function signature that a `MintFn` must implement is as follows: + +```go +// MintFn defines the function that needs to be implemented in order to customize the minting process. +type MintFn func(ctx sdk.Context, k *Keeper) error +``` + +This can be passed to the `Keeper` upon creation with an additional `Option`: + +```go +app.MintKeeper = mintkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[minttypes.StoreKey]), + app.StakingKeeper, + app.AccountKeeper, + app.BankKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + // mintkeeper.WithMintFn(CUSTOM_MINT_FN), // custom mintFn can be added here + ) +``` + +#### Custom Minter DI Example + +Below is a simple approach to creating a custom mint function with extra dependencies in DI configurations. +For this basic example, we will make the minter simply double the supply of `foo` coin. + +First, we will define a function that takes our required dependencies, and returns a `MintFn`. + +```go +// MyCustomMintFunction is a custom mint function that doubles the supply of `foo` coin. +func MyCustomMintFunction(bank bankkeeper.BaseKeeper) mintkeeper.MintFn { + return func(ctx sdk.Context, k *mintkeeper.Keeper) error { + supply := bank.GetSupply(ctx, "foo") + err := k.MintCoins(ctx, sdk.NewCoins(supply.Add(supply))) + if err != nil { + return err + } + return nil + } +} +``` + +Then, pass the function defined above into the `depinject.Supply` function with the required dependencies. + +```go +// NewSimApp returns a reference to an initialized SimApp. +func NewSimApp( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), +) *SimApp { + var ( + app = &SimApp{} + appBuilder *runtime.AppBuilder + appConfig = depinject.Configs( + AppConfig, + depinject.Supply( + appOpts, + logger, + // our custom mint function with the necessary dependency passed in. + MyCustomMintFunction(app.BankKeeper), + ), + ) + ) + // ... +} +``` + +## State + +### Minter + +The minter is a space for holding current inflation information. + +* Minter: `0x00 -> ProtocolBuffer(minter)` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/mint/v1beta1/mint.proto#L10-L24 +``` + +### Params + +The mint module stores its params in state with the prefix of `0x01`, +it can be updated with governance or the address with authority. + +* Params: `mint/params -> legacy_amino(params)` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/mint/v1beta1/mint.proto#L26-L59 +``` + +## Begin-Block + +Minting parameters are recalculated and inflation paid at the beginning of each block. + +### Inflation rate calculation + +Inflation rate is calculated using an "inflation calculation function" that's +passed to the `NewAppModule` function. If no function is passed, then the SDK's +default inflation function will be used (`NextInflationRate`). In case a custom +inflation calculation logic is needed, this can be achieved by defining and +passing a function that matches `InflationCalculationFn`'s signature. + +```go +type InflationCalculationFn func(ctx sdk.Context, minter Minter, params Params, bondedRatio math.LegacyDec) math.LegacyDec +``` + +#### NextInflationRate + +The target annual inflation rate is recalculated each block. +The inflation is also subject to a rate change (positive or negative) +depending on the distance from the desired ratio (67%). The maximum rate change +possible is defined to be 13% per year, however, the annual inflation is capped +as between 7% and 20%. + +```go +NextInflationRate(params Params, bondedRatio math.LegacyDec) (inflation math.LegacyDec) { + inflationRateChangePerYear = (1 - bondedRatio/params.GoalBonded) * params.InflationRateChange + inflationRateChange = inflationRateChangePerYear/blocksPerYr + + // increase the new annual inflation for this next block + inflation += inflationRateChange + if inflation > params.InflationMax { + inflation = params.InflationMax + } + if inflation < params.InflationMin { + inflation = params.InflationMin + } + + return inflation +} +``` + +### NextAnnualProvisions + +Calculate the annual provisions based on current total supply and inflation +rate. This parameter is calculated once per block. + +```go +NextAnnualProvisions(params Params, totalSupply math.LegacyDec) (provisions math.LegacyDec) { + return Inflation * totalSupply +``` + +### BlockProvision + +Calculate the provisions generated for each block based on current annual provisions. The provisions are then minted by the `mint` module's `ModuleMinterAccount` and then transferred to the `auth`'s `FeeCollector` `ModuleAccount`. + +```go +BlockProvision(params Params) sdk.Coin { + provisionAmt = AnnualProvisions/ params.BlocksPerYear + return sdk.NewCoin(params.MintDenom, provisionAmt.Truncate()) +``` + + +## Parameters + +The minting module contains the following parameters: + +| Key | Type | Example | +|---------------------|-----------------|------------------------| +| MintDenom | string | "uatom" | +| InflationRateChange | string (dec) | "0.130000000000000000" | +| InflationMax | string (dec) | "0.200000000000000000" | +| InflationMin | string (dec) | "0.070000000000000000" | +| GoalBonded | string (dec) | "0.670000000000000000" | +| BlocksPerYear | string (uint64) | "6311520" | + + +## Events + +The minting module emits the following events: + +### BeginBlocker + +| Type | Attribute Key | Attribute Value | +|------|-------------------|--------------------| +| mint | bonded_ratio | {bondedRatio} | +| mint | inflation | {inflation} | +| mint | annual_provisions | {annualProvisions} | +| mint | amount | {amount} | + + +## Client + +### CLI + +A user can query and interact with the `mint` module using the CLI. + +#### Query + +The `query` commands allows users to query `mint` state. + +```shell +simd query mint --help +``` + +##### annual-provisions + +The `annual-provisions` command allows users to query the current minting annual provisions value + +```shell +simd query mint annual-provisions [flags] +``` + +Example: + +```shell +simd query mint annual-provisions +``` + +Example Output: + +```shell +22268504368893.612100895088410693 +``` + +##### inflation + +The `inflation` command allows users to query the current minting inflation value + +```shell +simd query mint inflation [flags] +``` + +Example: + +```shell +simd query mint inflation +``` + +Example Output: + +```shell +0.199200302563256955 +``` + +##### params + +The `params` command allows users to query the current minting parameters + +```shell +simd query mint params [flags] +``` + +Example: + +```yml +blocks_per_year: "4360000" +goal_bonded: "0.670000000000000000" +inflation_max: "0.200000000000000000" +inflation_min: "0.070000000000000000" +inflation_rate_change: "0.130000000000000000" +mint_denom: stake +``` + +### gRPC + +A user can query the `mint` module using gRPC endpoints. + +#### AnnualProvisions + +The `AnnualProvisions` endpoint allows users to query the current minting annual provisions value + +```shell +/cosmos.mint.v1beta1.Query/AnnualProvisions +``` + +Example: + +```shell +grpcurl -plaintext localhost:9090 cosmos.mint.v1beta1.Query/AnnualProvisions +``` + +Example Output: + +```json +{ + "annualProvisions": "1432452520532626265712995618" +} +``` + +#### Inflation + +The `Inflation` endpoint allows users to query the current minting inflation value + +```shell +/cosmos.mint.v1beta1.Query/Inflation +``` + +Example: + +```shell +grpcurl -plaintext localhost:9090 cosmos.mint.v1beta1.Query/Inflation +``` + +Example Output: + +```json +{ + "inflation": "130197115720711261" +} +``` + +#### Params + +The `Params` endpoint allows users to query the current minting parameters + +```shell +/cosmos.mint.v1beta1.Query/Params +``` + +Example: + +```shell +grpcurl -plaintext localhost:9090 cosmos.mint.v1beta1.Query/Params +``` + +Example Output: + +```json +{ + "params": { + "mintDenom": "stake", + "inflationRateChange": "130000000000000000", + "inflationMax": "200000000000000000", + "inflationMin": "70000000000000000", + "goalBonded": "670000000000000000", + "blocksPerYear": "6311520" + } +} +``` + +### REST + +A user can query the `mint` module using REST endpoints. + +#### annual-provisions + +```shell +/cosmos/mint/v1beta1/annual_provisions +``` + +Example: + +```shell +curl "localhost:1317/cosmos/mint/v1beta1/annual_provisions" +``` + +Example Output: + +```json +{ + "annualProvisions": "1432452520532626265712995618" +} +``` + +#### inflation + +```shell +/cosmos/mint/v1beta1/inflation +``` + +Example: + +```shell +curl "localhost:1317/cosmos/mint/v1beta1/inflation" +``` + +Example Output: + +```json +{ + "inflation": "130197115720711261" +} +``` + +#### params + +```shell +/cosmos/mint/v1beta1/params +``` + +Example: + +```shell +curl "localhost:1317/cosmos/mint/v1beta1/params" +``` + +Example Output: + +```json +{ + "params": { + "mintDenom": "stake", + "inflationRateChange": "130000000000000000", + "inflationMax": "200000000000000000", + "inflationMin": "70000000000000000", + "goalBonded": "670000000000000000", + "blocksPerYear": "6311520" + } +} +``` diff --git a/copy-of-sdk-docs/build/modules/nft/README.md b/copy-of-sdk-docs/build/modules/nft/README.md new file mode 100644 index 00000000..4348aaca --- /dev/null +++ b/copy-of-sdk-docs/build/modules/nft/README.md @@ -0,0 +1,91 @@ +--- +sidebar_position: 1 +--- + +# `x/nft` + +⚠️ **DEPRECATED**: This package is deprecated and will be removed in the next major release. The `x/nft` module will be moved to a separate repo `github.com/cosmos/cosmos-sdk-legacy`. + +## Contents + +## Abstract + +`x/nft` is an implementation of a Cosmos SDK module, per [ADR 43](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-043-nft-module.md), that allows you to create nft classification, create nft, transfer nft, update nft, and support various queries by integrating the module. It is fully compatible with the ERC721 specification. + +* [Concepts](#concepts) + * [Class](#class) + * [NFT](#nft) +* [State](#state) + * [Class](#class-1) + * [NFT](#nft-1) + * [NFTOfClassByOwner](#nftofclassbyowner) + * [Owner](#owner) + * [TotalSupply](#totalsupply) +* [Messages](#messages) + * [MsgSend](#msgsend) +* [Events](#events) + +## Concepts + +### Class + +`x/nft` module defines a struct `Class` to describe the common characteristics of a class of nft, under this class, you can create a variety of nft, which is equivalent to an erc721 contract for Ethereum. The design is defined in the [ADR 043](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-043-nft-module.md). + +### NFT + +The full name of NFT is Non-Fungible Tokens. Because of the irreplaceable nature of NFT, it means that it can be used to represent unique things. The nft implemented by this module is fully compatible with Ethereum ERC721 standard. + +## State + +### Class + +Class is mainly composed of `id`, `name`, `symbol`, `description`, `uri`, `uri_hash`,`data` where `id` is the unique identifier of the class, similar to the Ethereum ERC721 contract address, the others are optional. + +* Class: `0x01 | classID | -> ProtocolBuffer(Class)` + +### NFT + +NFT is mainly composed of `class_id`, `id`, `uri`, `uri_hash` and `data`. Among them, `class_id` and `id` are two-tuples that identify the uniqueness of nft, `uri` and `uri_hash` is optional, which identifies the off-chain storage location of the nft, and `data` is an Any type. Use Any chain of `x/nft` modules can be customized by extending this field + +* NFT: `0x02 | classID | 0x00 | nftID |-> ProtocolBuffer(NFT)` + +### NFTOfClassByOwner + +NFTOfClassByOwner is mainly to realize the function of querying all nfts using classID and owner, without other redundant functions. + +* NFTOfClassByOwner: `0x03 | owner | 0x00 | classID | 0x00 | nftID |-> 0x01` + +### Owner + +Since there is no extra field in NFT to indicate the owner of nft, an additional key-value pair is used to save the ownership of nft. With the transfer of nft, the key-value pair is updated synchronously. + +* OwnerKey: `0x04 | classID | 0x00 | nftID |-> owner` + +### TotalSupply + +TotalSupply is responsible for tracking the number of all nfts under a certain class. Mint operation is performed under the changed class, supply increases by one, burn operation, and supply decreases by one. + +* OwnerKey: `0x05 | classID |-> totalSupply` + +## Messages + +In this section we describe the processing of messages for the NFT module. + +:::warning +The validation of `ClassID` and `NftID` is left to the app developer. +The SDK does not provide any validation for these fields. +::: + +### MsgSend + +You can use the `MsgSend` message to transfer the ownership of nft. This is a function provided by the `x/nft` module. Of course, you can use the `Transfer` method to implement your own transfer logic, but you need to pay extra attention to the transfer permissions. + +The message handling should fail if: + +* provided `ClassID` does not exist. +* provided `Id` does not exist. +* provided `Sender` does not the owner of nft. + +## Events + +The nft module emits proto events defined in [the Protobuf reference](https://buf.build/cosmos/cosmos-sdk/docs/main:cosmos.nft.v1beta1). diff --git a/copy-of-sdk-docs/build/modules/params/README.md b/copy-of-sdk-docs/build/modules/params/README.md new file mode 100644 index 00000000..10b47da4 --- /dev/null +++ b/copy-of-sdk-docs/build/modules/params/README.md @@ -0,0 +1,79 @@ +--- +sidebar_position: 1 +--- + +# `x/params` + +NOTE: `x/params` is deprecated as of Cosmos SDK v0.53 and will be removed in the next release. + +## Abstract + +Package params provides a globally available parameter store. + +There are two main types, Keeper and Subspace. Subspace is an isolated namespace for a +paramstore, where keys are prefixed by preconfigured spacename. Keeper has a +permission to access all existing spaces. + +Subspace can be used by the individual keepers, which need a private parameter store +that the other keepers cannot modify. The params Keeper can be used to add a route to `x/gov` router in order to modify any parameter in case a proposal passes. + +The following contents explains how to use params module for master and user modules. + +## Contents + +* [Keeper](#keeper) +* [Subspace](#subspace) + * [Key](#key) + * [KeyTable](#keytable) + * [ParamSet](#paramset) + +## Keeper + +In the app initialization stage, [subspaces](#subspace) can be allocated for other modules' keeper using `Keeper.Subspace` and are stored in `Keeper.spaces`. Then, those modules can have a reference to their specific parameter store through `Keeper.GetSubspace`. + +Example: + +```go +type ExampleKeeper struct { + paramSpace paramtypes.Subspace +} + +func (k ExampleKeeper) SetParams(ctx sdk.Context, params types.Params) { + k.paramSpace.SetParamSet(ctx, ¶ms) +} +``` + +## Subspace + +`Subspace` is a prefixed subspace of the parameter store. Each module which uses the +parameter store will take a `Subspace` to isolate permission to access. + +### Key + +Parameter keys are human readable alphanumeric strings. A parameter for the key +`"ExampleParameter"` is stored under `[]byte("SubspaceName" + "/" + "ExampleParameter")`, + where `"SubspaceName"` is the name of the subspace. + +Subkeys are secondary parameter keys those are used along with a primary parameter key. +Subkeys can be used for grouping or dynamic parameter key generation during runtime. + +### KeyTable + +All of the parameter keys that will be used should be registered at the compile +time. `KeyTable` is essentially a `map[string]attribute`, where the `string` is a parameter key. + +Currently, `attribute` consists of a `reflect.Type`, which indicates the parameter +type to check that provided key and value are compatible and registered, as well as a function `ValueValidatorFn` to validate values. + +Only primary keys have to be registered on the `KeyTable`. Subkeys inherit the +attribute of the primary key. + +### ParamSet + +Modules often define parameters as a proto message. The generated struct can implement +`ParamSet` interface to be used with the following methods: + +* `KeyTable.RegisterParamSet()`: registers all parameters in the struct +* `Subspace.{Get, Set}ParamSet()`: Get to & Set from the struct + +The implementer should be a pointer in order to use `GetParamSet()`. diff --git a/copy-of-sdk-docs/build/modules/protocolpool/README.md b/copy-of-sdk-docs/build/modules/protocolpool/README.md new file mode 100644 index 00000000..d88b1ee1 --- /dev/null +++ b/copy-of-sdk-docs/build/modules/protocolpool/README.md @@ -0,0 +1,162 @@ +--- +sidebar_position: 1 +--- + +# `x/protocolpool` + +## Concepts + +`x/protocolpool` is a supplemental Cosmos SDK module that handles functionality for community pool funds. The module provides a separate module account for the community pool making it easier to track the pool assets. Starting with v0.53 of the Cosmos SDK, community funds can be tracked using this module instead of the `x/distribution` module. Funds are migrated from the `x/distribution` module's community pool to `x/protocolpool`'s module account automatically. + +This module is `supplemental`; it is not required to run a Cosmos SDK chain. `x/protocolpool` enhances the community pool functionality provided by `x/distribution` and enables custom modules to further extend the community pool. + +Note: _as long as an external community pool keeper (here, `x/protocolpool`) is wired in DI configs, `x/distribution` will automatically use it for its external pool._ + +## Usage Limitations + +The following `x/distribution` handlers will now return an error when the `protocolpool` module is used with `x/distribution`: + +**QueryService** + +* `CommunityPool` + +**MsgService** + +* `CommunityPoolSpend` +* `FundCommunityPool` + +If you have services that rely on this functionality from `x/distribution`, please update them to use the `x/protocolpool` equivalents. + +## State Transitions + +### FundCommunityPool + +FundCommunityPool can be called by any valid account to send funds to the `x/protocolpool` module account. + +```protobuf + // FundCommunityPool defines a method to allow an account to directly + // fund the community pool. + rpc FundCommunityPool(MsgFundCommunityPool) returns (MsgFundCommunityPoolResponse); +``` + +### CommunityPoolSpend + +CommunityPoolSpend can be called by the module authority (default governance module account) or any account with authorization to spend funds from the `x/protocolpool` module account to a receiver address. + +```protobuf + // CommunityPoolSpend defines a governance operation for sending tokens from + // the community pool in the x/protocolpool module to another account, which + // could be the governance module itself. The authority is defined in the + // keeper. + rpc CommunityPoolSpend(MsgCommunityPoolSpend) returns (MsgCommunityPoolSpendResponse); +``` + +### CreateContinuousFund + +CreateContinuousFund is a message used to initiate a continuous fund for a specific recipient. The proposed percentage of funds will be distributed only on withdraw request for the recipient. The fund distribution continues until expiry time is reached or continuous fund request is canceled. +NOTE: This feature is designed to work with the SDK's default bond denom. + +```protobuf + // CreateContinuousFund defines a method to distribute a percentage of funds to an address continuously. + // This ContinuousFund can be indefinite or run until a given expiry time. + // Funds come from validator block rewards from x/distribution, but may also come from + // any user who funds the ProtocolPoolEscrow module account directly through x/bank. + rpc CreateContinuousFund(MsgCreateContinuousFund) returns (MsgCreateContinuousFundResponse); +``` + +### CancelContinuousFund + +CancelContinuousFund is a message used to cancel an existing continuous fund proposal for a specific recipient. Cancelling a continuous fund stops further distribution of funds, and the state object is removed from storage. + +```protobuf + // CancelContinuousFund defines a method for cancelling continuous fund. + rpc CancelContinuousFund(MsgCancelContinuousFund) returns (MsgCancelContinuousFundResponse); +``` + +## Messages + +### MsgFundCommunityPool + +This message sends coins directly from the sender to the community pool. + +:::tip +If you know the `x/protocolpool` module account address, you can directly use bank `send` transaction instead. +::: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/proto/cosmos/protocolpool/v1/tx.proto#L43-L53 +``` + +* The msg will fail if the amount cannot be transferred from the sender to the `x/protocolpool` module account. + +```go +func (k Keeper) FundCommunityPool(ctx context.Context, amount sdk.Coins, sender sdk.AccAddress) error { + return k.bankKeeper.SendCoinsFromAccountToModule(ctx, sender, types.ModuleName, amount) +} +``` + +### MsgCommunityPoolSpend + +This message distributes funds from the `x/protocolpool` module account to the recipient using `DistributeFromCommunityPool` keeper method. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/proto/cosmos/protocolpool/v1/tx.proto#L58-L69 +``` + +The message will fail under the following conditions: + +* The amount cannot be transferred to the recipient from the `x/protocolpool` module account. +* The `recipient` address is restricted + +```go +func (k Keeper) DistributeFromCommunityPool(ctx context.Context, amount sdk.Coins, receiveAddr sdk.AccAddress) error { + return k.bankKeeper.SendCoinsFromModuleToAccount(ctx, types.ModuleName, receiveAddr, amount) +} +``` + +### MsgCreateContinuousFund + +This message is used to create a continuous fund for a specific recipient. The proposed percentage of funds will be distributed only on withdraw request for the recipient. This fund distribution continues until expiry time is reached or continuous fund request is canceled. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/proto/cosmos/protocolpool/v1/tx.proto#L114-L130 +``` + +The message will fail under the following conditions: + +* The recipient address is empty or restricted. +* The percentage is zero/negative/greater than one. +* The Expiry time is less than the current block time. + +:::warning +If two continuous fund proposals to the same address are created, the previous ContinuousFund will be updated with the new ContinuousFund. +::: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/x/protocolpool/keeper/msg_server.go#L103-L166 +``` + +### MsgCancelContinuousFund + +This message is used to cancel an existing continuous fund proposal for a specific recipient. Once canceled, the continuous fund will no longer distribute funds at each begin block, and the state object will be removed. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/x/protocolpool/proto/cosmos/protocolpool/v1/tx.proto#L136-L161 +``` + +The message will fail under the following conditions: + +* The recipient address is empty or restricted. +* The ContinuousFund for the recipient does not exist. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/x/protocolpool/keeper/msg_server.go#L188-L226 +``` + +## Client + +It takes the advantage of `AutoCLI` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/x/protocolpool/autocli.go +``` diff --git a/copy-of-sdk-docs/build/modules/slashing/README.md b/copy-of-sdk-docs/build/modules/slashing/README.md new file mode 100644 index 00000000..5bf95b80 --- /dev/null +++ b/copy-of-sdk-docs/build/modules/slashing/README.md @@ -0,0 +1,813 @@ +--- +sidebar_position: 1 +--- + +# `x/slashing` + +## Abstract + +This section specifies the slashing module of the Cosmos SDK, which implements functionality +first outlined in the [Cosmos Whitepaper](https://cosmos.network/about/whitepaper) in June 2016. + +The slashing module enables Cosmos SDK-based blockchains to disincentivize any attributable action +by a protocol-recognized actor with value at stake by penalizing them ("slashing"). + +Penalties may include, but are not limited to: + +* Burning some amount of their stake +* Removing their ability to vote on future blocks for a period of time. + +This module will be used by the Cosmos Hub, the first hub in the Cosmos ecosystem. + +## Contents + +* [Concepts](#concepts) + * [States](#states) + * [Tombstone Caps](#tombstone-caps) + * [Infraction Timelines](#infraction-timelines) +* [State](#state) + * [Signing Info (Liveness)](#signing-info-liveness) + * [Params](#params) +* [Messages](#messages) + * [Unjail](#unjail) +* [BeginBlock](#beginblock) + * [Liveness Tracking](#liveness-tracking) +* [Hooks](#hooks) +* [Events](#events) +* [Staking Tombstone](#staking-tombstone) +* [Parameters](#parameters) +* [CLI](#cli) + * [Query](#query) + * [Transactions](#transactions) + * [gRPC](#grpc) + * [REST](#rest) + +## Concepts + +### States + +At any given time, there are any number of validators registered in the state +machine. Each block, the top `MaxValidators` (defined by `x/staking`) validators +who are not jailed become _bonded_, meaning that they may propose and vote on +blocks. Validators who are _bonded_ are _at stake_, meaning that part or all of +their stake and their delegators' stake is at risk if they commit a protocol fault. + +For each of these validators we keep a `ValidatorSigningInfo` record that contains +information pertaining to validator's liveness and other infraction related +attributes. + +### Tombstone Caps + +In order to mitigate the impact of initially likely categories of non-malicious +protocol faults, the Cosmos Hub implements for each validator +a _tombstone_ cap, which only allows a validator to be slashed once for a double +sign fault. For example, if you misconfigure your HSM and double-sign a bunch of +old blocks, you'll only be punished for the first double-sign (and then immediately tombstoned). This will still be quite expensive and desirable to avoid, but tombstone caps +somewhat blunt the economic impact of unintentional misconfiguration. + +Liveness faults do not have caps, as they can't stack upon each other. Liveness bugs are "detected" as soon as the infraction occurs, and the validators are immediately put in jail, so it is not possible for them to commit multiple liveness faults without unjailing in between. + +### Infraction Timelines + +To illustrate how the `x/slashing` module handles submitted evidence through +CometBFT consensus, consider the following examples: + +**Definitions**: + +_[_ : timeline start +_]_ : timeline end +_Cn_ : infraction `n` committed +_Dn_ : infraction `n` discovered +_Vb_ : validator bonded +_Vu_ : validator unbonded + +#### Single Double Sign Infraction + +\[----------C1----D1,Vu-----\] + +A single infraction is committed then later discovered, at which point the +validator is unbonded and slashed at the full amount for the infraction. + +#### Multiple Double Sign Infractions + +\[----------C1--C2---C3---D1,D2,D3Vu-----\] + +Multiple infractions are committed and then later discovered, at which point the +validator is jailed and slashed for only one infraction. Because the validator +is also tombstoned, they can not rejoin the validator set. + +## State + +### Signing Info (Liveness) + +Every block includes a set of precommits by the validators for the previous block, +known as the `LastCommitInfo` provided by CometBFT. A `LastCommitInfo` is valid so +long as it contains precommits from +2/3 of total voting power. + +Proposers are incentivized to include precommits from all validators in the CometBFT `LastCommitInfo` +by receiving additional fees proportional to the difference between the voting +power included in the `LastCommitInfo` and +2/3 (see [fee distribution](../distribution/README.md#begin-block)). + +```go +type LastCommitInfo struct { + Round int32 + Votes []VoteInfo +} +``` + +Validators are penalized for failing to be included in the `LastCommitInfo` for some +number of blocks by being automatically jailed, potentially slashed, and unbonded. + +Information about validator's liveness activity is tracked through `ValidatorSigningInfo`. +It is indexed in the store as follows: + +* ValidatorSigningInfo: `0x01 | ConsAddrLen (1 byte) | ConsAddress -> ProtocolBuffer(ValSigningInfo)` +* MissedBlocksBitArray: `0x02 | ConsAddrLen (1 byte) | ConsAddress | LittleEndianUint64(signArrayIndex) -> VarInt(didMiss)` (varint is a number encoding format) + +The first mapping allows us to easily lookup the recent signing info for a +validator based on the validator's consensus address. + +The second mapping (`MissedBlocksBitArray`) acts +as a bit-array of size `SignedBlocksWindow` that tells us if the validator missed +the block for a given index in the bit-array. The index in the bit-array is given +as little endian uint64. +The result is a `varint` that takes on `0` or `1`, where `0` indicates the +validator did not miss (did sign) the corresponding block, and `1` indicates +they missed the block (did not sign). + +Note that the `MissedBlocksBitArray` is not explicitly initialized up-front. Keys +are added as we progress through the first `SignedBlocksWindow` blocks for a newly +bonded validator. The `SignedBlocksWindow` parameter defines the size +(number of blocks) of the sliding window used to track validator liveness. + +The information stored for tracking validator liveness is as follows: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/slashing/v1beta1/slashing.proto#L13-L35 +``` + +### Params + +The slashing module stores it's params in state with the prefix of `0x00`, +it can be updated with governance or the address with authority. + +* Params: `0x00 | ProtocolBuffer(Params)` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/slashing/v1beta1/slashing.proto#L37-L59 +``` + +## Messages + +In this section we describe the processing of messages for the `slashing` module. + +### Unjail + +If a validator was automatically unbonded due to downtime and wishes to come back online & +possibly rejoin the bonded set, it must send `MsgUnjail`: + +```protobuf +// MsgUnjail is an sdk.Msg used for unjailing a jailed validator, thus returning +// them into the bonded validator set, so they can begin receiving provisions +// and rewards again. +message MsgUnjail { + string validator_addr = 1; +} +``` + +Below is a pseudocode of the `MsgSrv/Unjail` RPC: + +```go +unjail(tx MsgUnjail) + validator = getValidator(tx.ValidatorAddr) + if validator == nil + fail with "No validator found" + + if getSelfDelegation(validator) == 0 + fail with "validator must self delegate before unjailing" + + if !validator.Jailed + fail with "Validator not jailed, cannot unjail" + + info = GetValidatorSigningInfo(operator) + if info.Tombstoned + fail with "Tombstoned validator cannot be unjailed" + if block time < info.JailedUntil + fail with "Validator still jailed, cannot unjail until period has expired" + + validator.Jailed = false + setValidator(validator) + + return +``` + +If the validator has enough stake to be in the top `n = MaximumBondedValidators`, it will be automatically rebonded, +and all delegators still delegated to the validator will be rebonded and begin to again collect +provisions and rewards. + +## BeginBlock + +### Liveness Tracking + +At the beginning of each block, we update the `ValidatorSigningInfo` for each +validator and check if they've crossed below the liveness threshold over a +sliding window. This sliding window is defined by `SignedBlocksWindow` and the +index in this window is determined by `IndexOffset` found in the validator's +`ValidatorSigningInfo`. For each block processed, the `IndexOffset` is incremented +regardless if the validator signed or not. Once the index is determined, the +`MissedBlocksBitArray` and `MissedBlocksCounter` are updated accordingly. + +Finally, in order to determine if a validator crosses below the liveness threshold, +we fetch the maximum number of blocks missed, `maxMissed`, which is +`SignedBlocksWindow - (MinSignedPerWindow * SignedBlocksWindow)` and the minimum +height at which we can determine liveness, `minHeight`. If the current block is +greater than `minHeight` and the validator's `MissedBlocksCounter` is greater than +`maxMissed`, they will be slashed by `SlashFractionDowntime`, will be jailed +for `DowntimeJailDuration`, and have the following values reset: +`MissedBlocksBitArray`, `MissedBlocksCounter`, and `IndexOffset`. + +**Note**: Liveness slashes do **NOT** lead to a tombstoning. + +```go +height := block.Height + +for vote in block.LastCommitInfo.Votes { + signInfo := GetValidatorSigningInfo(vote.Validator.Address) + + // This is a relative index, so we count blocks the validator SHOULD have + // signed. We use the 0-value default signing info if not present, except for + // start height. + index := signInfo.IndexOffset % SignedBlocksWindow() + signInfo.IndexOffset++ + + // Update MissedBlocksBitArray and MissedBlocksCounter. The MissedBlocksCounter + // just tracks the sum of MissedBlocksBitArray. That way we avoid needing to + // read/write the whole array each time. + missedPrevious := GetValidatorMissedBlockBitArray(vote.Validator.Address, index) + missed := !signed + + switch { + case !missedPrevious && missed: + // array index has changed from not missed to missed, increment counter + SetValidatorMissedBlockBitArray(vote.Validator.Address, index, true) + signInfo.MissedBlocksCounter++ + + case missedPrevious && !missed: + // array index has changed from missed to not missed, decrement counter + SetValidatorMissedBlockBitArray(vote.Validator.Address, index, false) + signInfo.MissedBlocksCounter-- + + default: + // array index at this index has not changed; no need to update counter + } + + if missed { + // emit events... + } + + minHeight := signInfo.StartHeight + SignedBlocksWindow() + maxMissed := SignedBlocksWindow() - MinSignedPerWindow() + + // If we are past the minimum height and the validator has missed too many + // jail and slash them. + if height > minHeight && signInfo.MissedBlocksCounter > maxMissed { + validator := ValidatorByConsAddr(vote.Validator.Address) + + // emit events... + + // We need to retrieve the stake distribution which signed the block, so we + // subtract ValidatorUpdateDelay from the block height, and subtract an + // additional 1 since this is the LastCommit. + // + // Note, that this CAN result in a negative "distributionHeight" up to + // -ValidatorUpdateDelay-1, i.e. at the end of the pre-genesis block (none) = at the beginning of the genesis block. + // That's fine since this is just used to filter unbonding delegations & redelegations. + distributionHeight := height - sdk.ValidatorUpdateDelay - 1 + + SlashWithInfractionReason(vote.Validator.Address, distributionHeight, vote.Validator.Power, SlashFractionDowntime(), stakingtypes.Downtime) + Jail(vote.Validator.Address) + + signInfo.JailedUntil = block.Time.Add(DowntimeJailDuration()) + + // We need to reset the counter & array so that the validator won't be + // immediately slashed for downtime upon rebonding. + signInfo.MissedBlocksCounter = 0 + signInfo.IndexOffset = 0 + ClearValidatorMissedBlockBitArray(vote.Validator.Address) + } + + SetValidatorSigningInfo(vote.Validator.Address, signInfo) +} +``` + +## Hooks + +This section contains a description of the module's `hooks`. Hooks are operations that are executed automatically when events are raised. + +### Staking hooks + +The slashing module implements the `StakingHooks` defined in `x/staking` and are used as record-keeping of validators information. During the app initialization, these hooks should be registered in the staking module struct. + +The following hooks impact the slashing state: + +* `AfterValidatorBonded` creates a `ValidatorSigningInfo` instance as described in the following section. +* `AfterValidatorCreated` stores a validator's consensus key. +* `AfterValidatorRemoved` removes a validator's consensus key. + +### Validator Bonded + +Upon successful first-time bonding of a new validator, we create a new `ValidatorSigningInfo` structure for the +now-bonded validator, which `StartHeight` of the current block. + +If the validator was out of the validator set and gets bonded again, its new bonded height is set. + +```go +onValidatorBonded(address sdk.ValAddress) + + signingInfo, found = GetValidatorSigningInfo(address) + if !found { + signingInfo = ValidatorSigningInfo { + StartHeight : CurrentHeight, + IndexOffset : 0, + JailedUntil : time.Unix(0, 0), + Tombstone : false, + MissedBlockCounter : 0 + } else { + signingInfo.StartHeight = CurrentHeight + } + + setValidatorSigningInfo(signingInfo) + } + + return +``` + +## Events + +The slashing module emits the following events: + +### MsgServer + +#### MsgUnjail + +| Type | Attribute Key | Attribute Value | +| ------- | ------------- | ------------------ | +| message | module | slashing | +| message | sender | {validatorAddress} | + +### Keeper + +### BeginBlocker: HandleValidatorSignature + +| Type | Attribute Key | Attribute Value | +| ----- | ------------- | --------------------------- | +| slash | address | {validatorConsensusAddress} | +| slash | power | {validatorPower} | +| slash | reason | {slashReason} | +| slash | jailed [0] | {validatorConsensusAddress} | +| slash | burned coins | {math.Int} | + +* [0] Only included if the validator is jailed. + +| Type | Attribute Key | Attribute Value | +| -------- | ------------- | --------------------------- | +| liveness | address | {validatorConsensusAddress} | +| liveness | missed_blocks | {missedBlocksCounter} | +| liveness | height | {blockHeight} | + +#### Slash + +* same as `"slash"` event from `HandleValidatorSignature`, but without the `jailed` attribute. + +#### Jail + +| Type | Attribute Key | Attribute Value | +| ----- | ------------- | ------------------ | +| slash | jailed | {validatorAddress} | + +## Staking Tombstone + +### Abstract + +In the current implementation of the `slashing` module, when the consensus engine +informs the state machine of a validator's consensus fault, the validator is +partially slashed, and put into a "jail period", a period of time in which they +are not allowed to rejoin the validator set. However, because of the nature of +consensus faults and ABCI, there can be a delay between an infraction occurring, +and evidence of the infraction reaching the state machine (this is one of the +primary reasons for the existence of the unbonding period). + +> Note: The tombstone concept, only applies to faults that have a delay between +> the infraction occurring and evidence reaching the state machine. For example, +> evidence of a validator double signing may take a while to reach the state machine +> due to unpredictable evidence gossip layer delays and the ability of validators to +> selectively reveal double-signatures (e.g. to infrequently-online light clients). +> Liveness slashing, on the other hand, is detected immediately as soon as the +> infraction occurs, and therefore no slashing period is needed. A validator is +> immediately put into jail period, and they cannot commit another liveness fault +> until they unjail. In the future, there may be other types of byzantine faults +> that have delays (for example, submitting evidence of an invalid proposal as a transaction). +> When implemented, it will have to be decided whether these future types of +> byzantine faults will result in a tombstoning (and if not, the slash amounts +> will not be capped by a slashing period). + +In the current system design, once a validator is put in the jail for a consensus +fault, after the `JailPeriod` they are allowed to send a transaction to `unjail` +themselves, and thus rejoin the validator set. + +One of the "design desires" of the `slashing` module is that if multiple +infractions occur before evidence is executed (and a validator is put in jail), +they should only be punished for single worst infraction, but not cumulatively. +For example, if the sequence of events is: + +1. Validator A commits Infraction 1 (worth 30% slash) +2. Validator A commits Infraction 2 (worth 40% slash) +3. Validator A commits Infraction 3 (worth 35% slash) +4. Evidence for Infraction 1 reaches state machine (and validator is put in jail) +5. Evidence for Infraction 2 reaches state machine +6. Evidence for Infraction 3 reaches state machine + +Only Infraction 2 should have its slash take effect, as it is the highest. This +is done, so that in the case of the compromise of a validator's consensus key, +they will only be punished once, even if the hacker double-signs many blocks. +Because, the unjailing has to be done with the validator's operator key, they +have a chance to re-secure their consensus key, and then signal that they are +ready using their operator key. We call this period during which we track only +the max infraction, the "slashing period". + +Once, a validator rejoins by unjailing themselves, we begin a new slashing period; +if they commit a new infraction after unjailing, it gets slashed cumulatively on +top of the worst infraction from the previous slashing period. + +However, while infractions are grouped based off of the slashing periods, because +evidence can be submitted up to an `unbondingPeriod` after the infraction, we +still have to allow for evidence to be submitted for previous slashing periods. +For example, if the sequence of events is: + +1. Validator A commits Infraction 1 (worth 30% slash) +2. Validator A commits Infraction 2 (worth 40% slash) +3. Evidence for Infraction 1 reaches state machine (and Validator A is put in jail) +4. Validator A unjails + +We are now in a new slashing period, however we still have to keep the door open +for the previous infraction, as the evidence for Infraction 2 may still come in. +As the number of slashing periods increase, it creates more complexity as we have +to keep track of the highest infraction amount for every single slashing period. + +> Note: Currently, according to the `slashing` module spec, a new slashing period +> is created every time a validator is unbonded then rebonded. This should probably +> be changed to jailed/unjailed. See issue [#3205](https://github.com/cosmos/cosmos-sdk/issues/3205) +> for further details. For the remainder of this, I will assume that we only start +> a new slashing period when a validator gets unjailed. + +The maximum number of slashing periods is the `len(UnbondingPeriod) / len(JailPeriod)`. +The current defaults in Gaia for the `UnbondingPeriod` and `JailPeriod` are 3 weeks +and 2 days, respectively. This means there could potentially be up to 11 slashing +periods concurrently being tracked per validator. If we set the `JailPeriod >= UnbondingPeriod`, +we only have to track 1 slashing period (i.e not have to track slashing periods). + +Currently, in the jail period implementation, once a validator unjails, all of +their delegators who are delegated to them (haven't unbonded / redelegated away), +stay with them. Given that consensus safety faults are so egregious +(way more so than liveness faults), it is probably prudent to have delegators not +"auto-rebond" to the validator. + +#### Proposal: infinite jail + +We propose setting the "jail time" for a +validator who commits a consensus safety fault, to `infinite` (i.e. a tombstone state). +This essentially kicks the validator out of the validator set and does not allow +them to re-enter the validator set. All of their delegators (including the operator themselves) +have to either unbond or redelegate away. The validator operator can create a new +validator if they would like, with a new operator key and consensus key, but they +have to "re-earn" their delegations back. + +Implementing the tombstone system and getting rid of the slashing period tracking +will make the `slashing` module way simpler, especially because we can remove all +of the hooks defined in the `slashing` module consumed by the `staking` module +(the `slashing` module still consumes hooks defined in `staking`). + +#### Single slashing amount + +Another optimization that can be made is that if we assume that all ABCI faults +for CometBFT consensus are slashed at the same level, we don't have to keep +track of "max slash". Once an ABCI fault happens, we don't have to worry about +comparing potential future ones to find the max. + +Currently the only CometBFT ABCI fault is: + +* Unjustified precommits (double signs) + +It is currently planned to include the following fault in the near future: + +* Signing a precommit when you're in unbonding phase (needed to make light client bisection safe) + +Given that these faults are both attributable byzantine faults, we will likely +want to slash them equally, and thus we can enact the above change. + +> Note: This change may make sense for current CometBFT consensus, but maybe +> not for a different consensus algorithm or future versions of CometBFT that +> may want to punish at different levels (for example, partial slashing). + +## Parameters + +The slashing module contains the following parameters: + +| Key | Type | Example | +| ----------------------- | -------------- | ---------------------- | +| SignedBlocksWindow | string (int64) | "100" | +| MinSignedPerWindow | string (dec) | "0.500000000000000000" | +| DowntimeJailDuration | string (ns) | "600000000000" | +| SlashFractionDoubleSign | string (dec) | "0.050000000000000000" | +| SlashFractionDowntime | string (dec) | "0.010000000000000000" | + +## CLI + +A user can query and interact with the `slashing` module using the CLI. + +### Query + +The `query` commands allow users to query `slashing` state. + +```shell +simd query slashing --help +``` + +#### params + +The `params` command allows users to query genesis parameters for the slashing module. + +```shell +simd query slashing params [flags] +``` + +Example: + +```shell +simd query slashing params +``` + +Example Output: + +```yml +downtime_jail_duration: 600s +min_signed_per_window: "0.500000000000000000" +signed_blocks_window: "100" +slash_fraction_double_sign: "0.050000000000000000" +slash_fraction_downtime: "0.010000000000000000" +``` + +#### signing-info + +The `signing-info` command allows users to query signing-info of the validator using consensus public key. + +```shell +simd query slashing signing-infos [flags] +``` + +Example: + +```shell +simd query slashing signing-info '{"@type":"/cosmos.crypto.ed25519.PubKey","key":"Auxs3865HpB/EfssYOzfqNhEJjzys6jD5B6tPgC8="}' + +``` + +Example Output: + +```yml +address: cosmosvalcons1nrqsld3aw6lh6t082frdqc84uwxn0t958c +index_offset: "2068" +jailed_until: "1970-01-01T00:00:00Z" +missed_blocks_counter: "0" +start_height: "0" +tombstoned: false +``` + +#### signing-infos + +The `signing-infos` command allows users to query signing infos of all validators. + +```shell +simd query slashing signing-infos [flags] +``` + +Example: + +```shell +simd query slashing signing-infos +``` + +Example Output: + +```yml +info: +- address: cosmosvalcons1nrqsld3aw6lh6t082frdqc84uwxn0t958c + index_offset: "2075" + jailed_until: "1970-01-01T00:00:00Z" + missed_blocks_counter: "0" + start_height: "0" + tombstoned: false +pagination: + next_key: null + total: "0" +``` + +### Transactions + +The `tx` commands allow users to interact with the `slashing` module. + +```bash +simd tx slashing --help +``` + +#### unjail + +The `unjail` command allows users to unjail a validator previously jailed for downtime. + +```bash +simd tx slashing unjail --from mykey [flags] +``` + +Example: + +```bash +simd tx slashing unjail --from mykey +``` + +### gRPC + +A user can query the `slashing` module using gRPC endpoints. + +#### Params + +The `Params` endpoint allows users to query the parameters of slashing module. + +```shell +cosmos.slashing.v1beta1.Query/Params +``` + +Example: + +```shell +grpcurl -plaintext localhost:9090 cosmos.slashing.v1beta1.Query/Params +``` + +Example Output: + +```json +{ + "params": { + "signedBlocksWindow": "100", + "minSignedPerWindow": "NTAwMDAwMDAwMDAwMDAwMDAw", + "downtimeJailDuration": "600s", + "slashFractionDoubleSign": "NTAwMDAwMDAwMDAwMDAwMDA=", + "slashFractionDowntime": "MTAwMDAwMDAwMDAwMDAwMDA=" + } +} +``` + +#### SigningInfo + +The SigningInfo queries the signing info of given cons address. + +```shell +cosmos.slashing.v1beta1.Query/SigningInfo +``` + +Example: + +```shell +grpcurl -plaintext -d '{"cons_address":"cosmosvalcons1nrqsld3aw6lh6t082frdqc84uwxn0t958c"}' localhost:9090 cosmos.slashing.v1beta1.Query/SigningInfo +``` + +Example Output: + +```json +{ + "valSigningInfo": { + "address": "cosmosvalcons1nrqsld3aw6lh6t082frdqc84uwxn0t958c", + "indexOffset": "3493", + "jailedUntil": "1970-01-01T00:00:00Z" + } +} +``` + +#### SigningInfos + +The SigningInfos queries signing info of all validators. + +```shell +cosmos.slashing.v1beta1.Query/SigningInfos +``` + +Example: + +```shell +grpcurl -plaintext localhost:9090 cosmos.slashing.v1beta1.Query/SigningInfos +``` + +Example Output: + +```json +{ + "info": [ + { + "address": "cosmosvalcons1nrqslkwd3pz096lh6t082frdqc84uwxn0t958c", + "indexOffset": "2467", + "jailedUntil": "1970-01-01T00:00:00Z" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### REST + +A user can query the `slashing` module using REST endpoints. + +#### Params + +```shell +/cosmos/slashing/v1beta1/params +``` + +Example: + +```shell +curl "localhost:1317/cosmos/slashing/v1beta1/params" +``` + +Example Output: + +```json +{ + "params": { + "signed_blocks_window": "100", + "min_signed_per_window": "0.500000000000000000", + "downtime_jail_duration": "600s", + "slash_fraction_double_sign": "0.050000000000000000", + "slash_fraction_downtime": "0.010000000000000000" +} +``` + +#### signing_info + +```shell +/cosmos/slashing/v1beta1/signing_infos/%s +``` + +Example: + +```shell +curl "localhost:1317/cosmos/slashing/v1beta1/signing_infos/cosmosvalcons1nrqslkwd3pz096lh6t082frdqc84uwxn0t958c" +``` + +Example Output: + +```json +{ + "val_signing_info": { + "address": "cosmosvalcons1nrqslkwd3pz096lh6t082frdqc84uwxn0t958c", + "start_height": "0", + "index_offset": "4184", + "jailed_until": "1970-01-01T00:00:00Z", + "tombstoned": false, + "missed_blocks_counter": "0" + } +} +``` + +#### signing_infos + +```shell +/cosmos/slashing/v1beta1/signing_infos +``` + +Example: + +```shell +curl "localhost:1317/cosmos/slashing/v1beta1/signing_infos +``` + +Example Output: + +```json +{ + "info": [ + { + "address": "cosmosvalcons1nrqslkwd3pz096lh6t082frdqc84uwxn0t958c", + "start_height": "0", + "index_offset": "4169", + "jailed_until": "1970-01-01T00:00:00Z", + "tombstoned": false, + "missed_blocks_counter": "0" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` diff --git a/copy-of-sdk-docs/build/modules/staking/README.md b/copy-of-sdk-docs/build/modules/staking/README.md new file mode 100644 index 00000000..afed4bee --- /dev/null +++ b/copy-of-sdk-docs/build/modules/staking/README.md @@ -0,0 +1,3058 @@ +--- +sidebar_position: 1 +--- + +# `x/staking` + +## Abstract + +This paper specifies the Staking module of the Cosmos SDK that was first +described in the [Cosmos Whitepaper](https://cosmos.network/about/whitepaper) +in June 2016. + +The module enables Cosmos SDK-based blockchain to support an advanced +Proof-of-Stake (PoS) system. In this system, holders of the native staking token of +the chain can become validators and can delegate tokens to validators, +ultimately determining the effective validator set for the system. + +This module is used in the Cosmos Hub, the first Hub in the Cosmos +network. + +## Contents + +* [State](#state) + * [Pool](#pool) + * [LastTotalPower](#lasttotalpower) + * [ValidatorUpdates](#validatorupdates) + * [UnbondingID](#unbondingid) + * [Params](#params) + * [Validator](#validator) + * [Delegation](#delegation) + * [UnbondingDelegation](#unbondingdelegation) + * [Redelegation](#redelegation) + * [Queues](#queues) + * [HistoricalInfo](#historicalinfo) +* [State Transitions](#state-transitions) + * [Validators](#validators) + * [Delegations](#delegations) + * [Slashing](#slashing) + * [How Shares are calculated](#how-shares-are-calculated) +* [Messages](#messages) + * [MsgCreateValidator](#msgcreatevalidator) + * [MsgEditValidator](#msgeditvalidator) + * [MsgDelegate](#msgdelegate) + * [MsgUndelegate](#msgundelegate) + * [MsgCancelUnbondingDelegation](#msgcancelunbondingdelegation) + * [MsgBeginRedelegate](#msgbeginredelegate) + * [MsgUpdateParams](#msgupdateparams) +* [Begin-Block](#begin-block) + * [Historical Info Tracking](#historical-info-tracking) +* [End-Block](#end-block) + * [Validator Set Changes](#validator-set-changes) + * [Queues](#queues-1) +* [Hooks](#hooks) +* [Events](#events) + * [EndBlocker](#endblocker) + * [Msg's](#msgs) +* [Parameters](#parameters) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) + +## State + +### Pool + +Pool is used for tracking bonded and not-bonded token supply of the bond denomination. + +### LastTotalPower + +LastTotalPower tracks the total amounts of bonded tokens recorded during the previous end block. +Store entries prefixed with "Last" must remain unchanged until EndBlock. + +* LastTotalPower: `0x12 -> ProtocolBuffer(math.Int)` + +### ValidatorUpdates + +ValidatorUpdates contains the validator updates returned to ABCI at the end of every block. +The values are overwritten in every block. + +* ValidatorUpdates `0x61 -> []abci.ValidatorUpdate` + +### UnbondingID + +UnbondingID stores the ID of the latest unbonding operation. It enables creating unique IDs for unbonding operations, i.e., UnbondingID is incremented every time a new unbonding operation (validator unbonding, unbonding delegation, redelegation) is initiated. + +* UnbondingID: `0x37 -> uint64` + +### Params + +The staking module stores its params in state with the prefix of `0x51`, +it can be updated with governance or the address with authority. + +* Params: `0x51 | ProtocolBuffer(Params)` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L310-L333 +``` + +### Validator + +Validators can have one of three statuses + +* `Unbonded`: The validator is not in the active set. They cannot sign blocks and do not earn + rewards. They can receive delegations. +* `Bonded`: Once the validator receives sufficient bonded tokens they automatically join the + active set during [`EndBlock`](#validator-set-changes) and their status is updated to `Bonded`. + They are signing blocks and receiving rewards. They can receive further delegations. + They can be slashed for misbehavior. Delegators to this validator who unbond their delegation + must wait the duration of the UnbondingTime, a chain-specific param, during which time + they are still slashable for offences of the source validator if those offences were committed + during the period of time that the tokens were bonded. +* `Unbonding`: When a validator leaves the active set, either by choice or due to slashing, jailing or + tombstoning, an unbonding of all their delegations begins. All delegations must then wait the UnbondingTime + before their tokens are moved to their accounts from the `BondedPool`. + +:::warning +Tombstoning is permanent, once tombstoned a validator's consensus key can not be reused within the chain where the tombstoning happened. +::: + +Validators objects should be primarily stored and accessed by the +`OperatorAddr`, an SDK validator address for the operator of the validator. Two +additional indices are maintained per validator object in order to fulfill +required lookups for slashing and validator-set updates. A third special index +(`LastValidatorPower`) is also maintained which however remains constant +throughout each block, unlike the first two indices which mirror the validator +records within a block. + +* Validators: `0x21 | OperatorAddrLen (1 byte) | OperatorAddr -> ProtocolBuffer(validator)` +* ValidatorsByConsAddr: `0x22 | ConsAddrLen (1 byte) | ConsAddr -> OperatorAddr` +* ValidatorsByPower: `0x23 | BigEndian(ConsensusPower) | OperatorAddrLen (1 byte) | OperatorAddr -> OperatorAddr` +* LastValidatorsPower: `0x11 | OperatorAddrLen (1 byte) | OperatorAddr -> ProtocolBuffer(ConsensusPower)` +* ValidatorsByUnbondingID: `0x38 | UnbondingID -> 0x21 | OperatorAddrLen (1 byte) | OperatorAddr` + +`Validators` is the primary index - it ensures that each operator can have only one +associated validator, where the public key of that validator can change in the +future. Delegators can refer to the immutable operator of the validator, without +concern for the changing public key. + +`ValidatorsByUnbondingID` is an additional index that enables lookups for + validators by the unbonding IDs corresponding to their current unbonding. + +`ValidatorByConsAddr` is an additional index that enables lookups for slashing. +When CometBFT reports evidence, it provides the validator address, so this +map is needed to find the operator. Note that the `ConsAddr` corresponds to the +address which can be derived from the validator's `ConsPubKey`. + +`ValidatorsByPower` is an additional index that provides a sorted list of +potential validators to quickly determine the current active set. Here +ConsensusPower is validator.Tokens/10^6 by default. Note that all validators +where `Jailed` is true are not stored within this index. + +`LastValidatorsPower` is a special index that provides a historical list of the +last-block's bonded validators. This index remains constant during a block but +is updated during the validator set update process which takes place in [`EndBlock`](#end-block). + +Each validator's state is stored in a `Validator` struct: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L82-L138 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L26-L80 +``` + +### Delegation + +Delegations are identified by combining `DelegatorAddr` (the address of the delegator) +with the `ValidatorAddr` Delegators are indexed in the store as follows: + +* Delegation: `0x31 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValidatorAddrLen (1 byte) | ValidatorAddr -> ProtocolBuffer(delegation)` + +Stake holders may delegate coins to validators; under this circumstance their +funds are held in a `Delegation` data structure. It is owned by one +delegator, and is associated with the shares for one validator. The sender of +the transaction is the owner of the bond. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L198-L216 +``` + +#### Delegator Shares + +When one delegates tokens to a Validator, they are issued a number of delegator shares based on a +dynamic exchange rate, calculated as follows from the total number of tokens delegated to the +validator and the number of shares issued so far: + +`Shares per Token = validator.TotalShares() / validator.Tokens()` + +Only the number of shares received is stored on the DelegationEntry. When a delegator then +Undelegates, the token amount they receive is calculated from the number of shares they currently +hold and the inverse exchange rate: + +`Tokens per Share = validator.Tokens() / validatorShares()` + +These `Shares` are simply an accounting mechanism. They are not a fungible asset. The reason for +this mechanism is to simplify the accounting around slashing. Rather than iteratively slashing the +tokens of every delegation entry, instead the Validator's total bonded tokens can be slashed, +effectively reducing the value of each issued delegator share. + +### UnbondingDelegation + +Shares in a `Delegation` can be unbonded, but they must for some time exist as +an `UnbondingDelegation`, where shares can be reduced if Byzantine behavior is +detected. + +`UnbondingDelegation` are indexed in the store as: + +* UnbondingDelegation: `0x32 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValidatorAddrLen (1 byte) | ValidatorAddr -> ProtocolBuffer(unbondingDelegation)` +* UnbondingDelegationsFromValidator: `0x33 | ValidatorAddrLen (1 byte) | ValidatorAddr | DelegatorAddrLen (1 byte) | DelegatorAddr -> nil` +* UnbondingDelegationByUnbondingId: `0x38 | UnbondingId -> 0x32 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValidatorAddrLen (1 byte) | ValidatorAddr` + `UnbondingDelegation` is used in queries, to lookup all unbonding delegations for + a given delegator. + +`UnbondingDelegationsFromValidator` is used in slashing, to lookup all + unbonding delegations associated with a given validator that need to be + slashed. + + `UnbondingDelegationByUnbondingId` is an additional index that enables + lookups for unbonding delegations by the unbonding IDs of the containing + unbonding delegation entries. + + +A UnbondingDelegation object is created every time an unbonding is initiated. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L218-L261 +``` + +### Redelegation + +The bonded tokens worth of a `Delegation` may be instantly redelegated from a +source validator to a different validator (destination validator). However when +this occurs they must be tracked in a `Redelegation` object, whereby their +shares can be slashed if their tokens have contributed to a Byzantine fault +committed by the source validator. + +`Redelegation` are indexed in the store as: + +* Redelegations: `0x34 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValidatorAddrLen (1 byte) | ValidatorSrcAddr | ValidatorDstAddr -> ProtocolBuffer(redelegation)` +* RedelegationsBySrc: `0x35 | ValidatorSrcAddrLen (1 byte) | ValidatorSrcAddr | ValidatorDstAddrLen (1 byte) | ValidatorDstAddr | DelegatorAddrLen (1 byte) | DelegatorAddr -> nil` +* RedelegationsByDst: `0x36 | ValidatorDstAddrLen (1 byte) | ValidatorDstAddr | ValidatorSrcAddrLen (1 byte) | ValidatorSrcAddr | DelegatorAddrLen (1 byte) | DelegatorAddr -> nil` +* RedelegationByUnbondingId: `0x38 | UnbondingId -> 0x34 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValidatorAddrLen (1 byte) | ValidatorSrcAddr | ValidatorDstAddr` + + `Redelegations` is used for queries, to lookup all redelegations for a given + delegator. + + `RedelegationsBySrc` is used for slashing based on the `ValidatorSrcAddr`. + + `RedelegationsByDst` is used for slashing based on the `ValidatorDstAddr` + +The first map here is used for queries, to lookup all redelegations for a given +delegator. The second map is used for slashing based on the `ValidatorSrcAddr`, +while the third map is for slashing based on the `ValidatorDstAddr`. + +`RedelegationByUnbondingId` is an additional index that enables + lookups for redelegations by the unbonding IDs of the containing + redelegation entries. + +A redelegation object is created every time a redelegation occurs. To prevent +"redelegation hopping" redelegations may not occur under the situation that: + +* the (re)delegator already has another immature redelegation in progress + with a destination to a validator (let's call it `Validator X`) +* and, the (re)delegator is attempting to create a _new_ redelegation + where the source validator for this new redelegation is `Validator X`. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L263-L308 +``` + +### Queues + +All queue objects are sorted by timestamp. The time used within any queue is +firstly converted to UTC, rounded to the nearest nanosecond then sorted. The sortable time format +used is a slight modification of the RFC3339Nano and uses the format string +`"2006-01-02T15:04:05.000000000"`. Notably this format: + +* right pads all zeros +* drops the time zone info (we already use UTC) + +In all cases, the stored timestamp represents the maturation time of the queue +element. + +#### UnbondingDelegationQueue + +For the purpose of tracking progress of unbonding delegations the unbonding +delegations queue is kept. + +* UnbondingDelegation: `0x41 | format(time) -> []DVPair` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L162-L172 +``` + +#### RedelegationQueue + +For the purpose of tracking progress of redelegations the redelegation queue is +kept. + +* RedelegationQueue: `0x42 | format(time) -> []DVVTriplet` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L179-L191 +``` + +#### ValidatorQueue + +For the purpose of tracking progress of unbonding validators the validator +queue is kept. + +* ValidatorQueueTime: `0x43 | format(time) -> []sdk.ValAddress` + +The stored object by each key is an array of validator operator addresses from +which the validator object can be accessed. Typically it is expected that only +a single validator record will be associated with a given timestamp however it is possible +that multiple validators exist in the queue at the same location. + +### HistoricalInfo + +HistoricalInfo objects are stored and pruned at each block such that the staking keeper persists +the `n` most recent historical info defined by staking module parameter: `HistoricalEntries`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L17-L24 +``` + +At each BeginBlock, the staking keeper will persist the current Header and the Validators that committed +the current block in a `HistoricalInfo` object. The Validators are sorted on their address to ensure that +they are in a deterministic order. +The oldest HistoricalEntries will be pruned to ensure that there only exist the parameter-defined number of +historical entries. + +## State Transitions + +### Validators + +State transitions in validators are performed on every [`EndBlock`](#validator-set-changes) +in order to check for changes in the active `ValidatorSet`. + +A validator can be `Unbonded`, `Unbonding` or `Bonded`. `Unbonded` +and `Unbonding` are collectively called `Not Bonded`. A validator can move +directly between all the states, except for from `Bonded` to `Unbonded`. + +#### Not bonded to Bonded + +The following transition occurs when a validator's ranking in the `ValidatorPowerIndex` surpasses +that of the `LastValidator`. + +* set `validator.Status` to `Bonded` +* send the `validator.Tokens` from the `NotBondedTokens` to the `BondedPool` `ModuleAccount` +* delete the existing record from `ValidatorByPowerIndex` +* add a new updated record to the `ValidatorByPowerIndex` +* update the `Validator` object for this validator +* if it exists, delete any `ValidatorQueue` record for this validator + +#### Bonded to Unbonding + +When a validator begins the unbonding process the following operations occur: + +* send the `validator.Tokens` from the `BondedPool` to the `NotBondedTokens` `ModuleAccount` +* set `validator.Status` to `Unbonding` +* delete the existing record from `ValidatorByPowerIndex` +* add a new updated record to the `ValidatorByPowerIndex` +* update the `Validator` object for this validator +* insert a new record into the `ValidatorQueue` for this validator + +#### Unbonding to Unbonded + +A validator moves from unbonding to unbonded when the `ValidatorQueue` object +moves from bonded to unbonded + +* update the `Validator` object for this validator +* set `validator.Status` to `Unbonded` + +#### Jail/Unjail + +when a validator is jailed it is effectively removed from the CometBFT set. +this process may be also be reversed. the following operations occur: + +* set `Validator.Jailed` and update object +* if jailed delete record from `ValidatorByPowerIndex` +* if unjailed add record to `ValidatorByPowerIndex` + +Jailed validators are not present in any of the following stores: + +* the power store (from consensus power to address) + +### Delegations + +#### Delegate + +When a delegation occurs both the validator and the delegation objects are affected + +* determine the delegators shares based on tokens delegated and the validator's exchange rate +* remove tokens from the sending account +* add shares the delegation object or add them to a created validator object +* add new delegator shares and update the `Validator` object +* transfer the `delegation.Amount` from the delegator's account to the `BondedPool` or the `NotBondedPool` `ModuleAccount` depending if the `validator.Status` is `Bonded` or not +* delete the existing record from `ValidatorByPowerIndex` +* add an new updated record to the `ValidatorByPowerIndex` + +#### Begin Unbonding + +As a part of the Undelegate and Complete Unbonding state transitions Unbond +Delegation may be called. + +* subtract the unbonded shares from delegator +* add the unbonded tokens to an `UnbondingDelegationEntry` +* update the delegation or remove the delegation if there are no more shares +* if the delegation is the operator of the validator and no more shares exist then trigger a jail validator +* update the validator with removed the delegator shares and associated coins +* if the validator state is `Bonded`, transfer the `Coins` worth of the unbonded + shares from the `BondedPool` to the `NotBondedPool` `ModuleAccount` +* remove the validator if it is unbonded and there are no more delegation shares. +* remove the validator if it is unbonded and there are no more delegation shares +* get a unique `unbondingId` and map it to the `UnbondingDelegationEntry` in `UnbondingDelegationByUnbondingId` +* call the `AfterUnbondingInitiated(unbondingId)` hook +* add the unbonding delegation to `UnbondingDelegationQueue` with the completion time set to `UnbondingTime` + +#### Cancel an `UnbondingDelegation` Entry + +When a `cancel unbond delegation` occurs both the `validator`, the `delegation` and an `UnbondingDelegationQueue` state will be updated. + +* if cancel unbonding delegation amount equals to the `UnbondingDelegation` entry `balance`, then the `UnbondingDelegation` entry deleted from `UnbondingDelegationQueue`. +* if the `cancel unbonding delegation amount is less than the `UnbondingDelegation` entry balance, then the `UnbondingDelegation` entry will be updated with new balance in the `UnbondingDelegationQueue`. +* cancel `amount` is [Delegated](#delegations) back to the original `validator`. + +#### Complete Unbonding + +For undelegations which do not complete immediately, the following operations +occur when the unbonding delegation queue element matures: + +* remove the entry from the `UnbondingDelegation` object +* transfer the tokens from the `NotBondedPool` `ModuleAccount` to the delegator `Account` + +#### Begin Redelegation + +Redelegations affect the delegation, source and destination validators. + +* perform an `unbond` delegation from the source validator to retrieve the tokens worth of the unbonded shares +* using the unbonded tokens, `Delegate` them to the destination validator +* if the `sourceValidator.Status` is `Bonded`, and the `destinationValidator` is not, + transfer the newly delegated tokens from the `BondedPool` to the `NotBondedPool` `ModuleAccount` +* otherwise, if the `sourceValidator.Status` is not `Bonded`, and the `destinationValidator` + is `Bonded`, transfer the newly delegated tokens from the `NotBondedPool` to the `BondedPool` `ModuleAccount` +* record the token amount in an new entry in the relevant `Redelegation` + +From when a redelegation begins until it completes, the delegator is in a state of "pseudo-unbonding", and can still be +slashed for infractions that occurred before the redelegation began. + +#### Complete Redelegation + +When a redelegations complete the following occurs: + +* remove the entry from the `Redelegation` object + +### Slashing + +#### Slash Validator + +When a Validator is slashed, the following occurs: + +* The total `slashAmount` is calculated as the `slashFactor` (a chain parameter) \* `TokensFromConsensusPower`, + the total number of tokens bonded to the validator at the time of the infraction. +* Every unbonding delegation and pseudo-unbonding redelegation such that the infraction occurred before the unbonding or + redelegation began from the validator are slashed by the `slashFactor` percentage of the initialBalance. +* Each amount slashed from redelegations and unbonding delegations is subtracted from the + total slash amount. +* The `remainingSlashAmount` is then slashed from the validator's tokens in the `BondedPool` or + `NonBondedPool` depending on the validator's status. This reduces the total supply of tokens. + +In the case of a slash due to any infraction that requires evidence to submitted (for example double-sign), the slash +occurs at the block where the evidence is included, not at the block where the infraction occurred. +Put otherwise, validators are not slashed retroactively, only when they are caught. + +#### Slash Unbonding Delegation + +When a validator is slashed, so are those unbonding delegations from the validator that began unbonding +after the time of the infraction. Every entry in every unbonding delegation from the validator +is slashed by `slashFactor`. The amount slashed is calculated from the `InitialBalance` of the +delegation and is capped to prevent a resulting negative balance. Completed (or mature) unbondings are not slashed. + +#### Slash Redelegation + +When a validator is slashed, so are all redelegations from the validator that began after the +infraction. Redelegations are slashed by `slashFactor`. +Redelegations that began before the infraction are not slashed. +The amount slashed is calculated from the `InitialBalance` of the delegation and is capped to +prevent a resulting negative balance. +Mature redelegations (that have completed pseudo-unbonding) are not slashed. + +### How Shares are calculated + +At any given point in time, each validator has a number of tokens, `T`, and has a number of shares issued, `S`. +Each delegator, `i`, holds a number of shares, `S_i`. +The number of tokens is the sum of all tokens delegated to the validator, plus the rewards, minus the slashes. + +The delegator is entitled to a portion of the underlying tokens proportional to their proportion of shares. +So delegator `i` is entitled to `T * S_i / S` of the validator's tokens. + +When a delegator delegates new tokens to the validator, they receive a number of shares proportional to their contribution. +So when delegator `j` delegates `T_j` tokens, they receive `S_j = S * T_j / T` shares. +The total number of tokens is now `T + T_j`, and the total number of shares is `S + S_j`. +`j`s proportion of the shares is the same as their proportion of the total tokens contributed: `(S + S_j) / S = (T + T_j) / T`. + +A special case is the initial delegation, when `T = 0` and `S = 0`, so `T_j / T` is undefined. +For the initial delegation, delegator `j` who delegates `T_j` tokens receive `S_j = T_j` shares. +So a validator that hasn't received any rewards and has not been slashed will have `T = S`. + +## Messages + +In this section we describe the processing of the staking messages and the corresponding updates to the state. All created/modified state objects specified by each message are defined within the [state](#state) section. + +### MsgCreateValidator + +A validator is created using the `MsgCreateValidator` message. +The validator must be created with an initial delegation from the operator. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L20-L21 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L50-L73 +``` + +This message is expected to fail if: + +* another validator with this operator address is already registered +* another validator with this pubkey is already registered +* the initial self-delegation tokens are of a denom not specified as the bonding denom +* the commission parameters are faulty, namely: + * `MaxRate` is either > 1 or < 0 + * the initial `Rate` is either negative or > `MaxRate` + * the initial `MaxChangeRate` is either negative or > `MaxRate` +* the description fields are too large + +This message creates and stores the `Validator` object at appropriate indexes. +Additionally a self-delegation is made with the initial tokens delegation +tokens `Delegation`. The validator always starts as unbonded but may be bonded +in the first end-block. + +### MsgEditValidator + +The `Description`, `CommissionRate` of a validator can be updated using the +`MsgEditValidator` message. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L23-L24 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L78-L97 +``` + +This message is expected to fail if: + +* the initial `CommissionRate` is either negative or > `MaxRate` +* the `CommissionRate` has already been updated within the previous 24 hours +* the `CommissionRate` is > `MaxChangeRate` +* the description fields are too large + +This message stores the updated `Validator` object. + +### MsgDelegate + +Within this message the delegator provides coins, and in return receives +some amount of their validator's (newly created) delegator-shares that are +assigned to `Delegation.Shares`. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L26-L28 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L102-L114 +``` + +This message is expected to fail if: + +* the validator does not exist +* the `Amount` `Coin` has a denomination different than one defined by `params.BondDenom` +* the exchange rate is invalid, meaning the validator has no tokens (due to slashing) but there are outstanding shares +* the amount delegated is less than the minimum allowed delegation + +If an existing `Delegation` object for provided addresses does not already +exist then it is created as part of this message otherwise the existing +`Delegation` is updated to include the newly received shares. + +The delegator receives newly minted shares at the current exchange rate. +The exchange rate is the number of existing shares in the validator divided by +the number of currently delegated tokens. + +The validator is updated in the `ValidatorByPower` index, and the delegation is +tracked in validator object in the `Validators` index. + +It is possible to delegate to a jailed validator, the only difference being it +will not be added to the power index until it is unjailed. + +![Delegation sequence](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/delegation_sequence.svg) + +### MsgUndelegate + +The `MsgUndelegate` message allows delegators to undelegate their tokens from +validator. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L34-L36 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L140-L152 +``` + +This message returns a response containing the completion time of the undelegation: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L154-L158 +``` + +This message is expected to fail if: + +* the delegation doesn't exist +* the validator doesn't exist +* the delegation has less shares than the ones worth of `Amount` +* existing `UnbondingDelegation` has maximum entries as defined by `params.MaxEntries` +* the `Amount` has a denomination different than one defined by `params.BondDenom` + +When this message is processed the following actions occur: + +* validator's `DelegatorShares` and the delegation's `Shares` are both reduced by the message `SharesAmount` +* calculate the token worth of the shares remove that amount tokens held within the validator +* with those removed tokens, if the validator is: + * `Bonded` - add them to an entry in `UnbondingDelegation` (create `UnbondingDelegation` if it doesn't exist) with a completion time a full unbonding period from the current time. Update pool shares to reduce BondedTokens and increase NotBondedTokens by token worth of the shares. + * `Unbonding` - add them to an entry in `UnbondingDelegation` (create `UnbondingDelegation` if it doesn't exist) with the same completion time as the validator (`UnbondingMinTime`). + * `Unbonded` - then send the coins the message `DelegatorAddr` +* if there are no more `Shares` in the delegation, then the delegation object is removed from the store + * under this situation if the delegation is the validator's self-delegation then also jail the validator. + +![Unbond sequence](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/unbond_sequence.svg) + +### MsgCancelUnbondingDelegation + +The `MsgCancelUnbondingDelegation` message allows delegators to cancel the `unbondingDelegation` entry and delegate back to a previous validator. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L38-L42 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L160-L175 +``` + +This message is expected to fail if: + +* the `unbondingDelegation` entry is already processed. +* the `cancel unbonding delegation` amount is greater than the `unbondingDelegation` entry balance. +* the `cancel unbonding delegation` height doesn't exist in the `unbondingDelegationQueue` of the delegator. + +When this message is processed the following actions occur: + +* if the `unbondingDelegation` Entry balance is zero + * in this condition `unbondingDelegation` entry will be removed from `unbondingDelegationQueue`. + * otherwise `unbondingDelegationQueue` will be updated with new `unbondingDelegation` entry balance and initial balance +* the validator's `DelegatorShares` and the delegation's `Shares` are both increased by the message `Amount`. + +### MsgBeginRedelegate + +The redelegation command allows delegators to instantly switch validators. Once +the unbonding period has passed, the redelegation is automatically completed in +the EndBlocker. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L30-L32 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L119-L132 +``` + +This message returns a response containing the completion time of the redelegation: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L133-L138 +``` + +This message is expected to fail if: + +* the delegation doesn't exist +* the source or destination validators don't exist +* the delegation has less shares than the ones worth of `Amount` +* the source validator has a receiving redelegation which is not matured (aka. the redelegation may be transitive) +* existing `Redelegation` has maximum entries as defined by `params.MaxEntries` +* the `Amount` `Coin` has a denomination different than one defined by `params.BondDenom` + +When this message is processed the following actions occur: + +* the source validator's `DelegatorShares` and the delegations `Shares` are both reduced by the message `SharesAmount` +* calculate the token worth of the shares remove that amount tokens held within the source validator. +* if the source validator is: + * `Bonded` - add an entry to the `Redelegation` (create `Redelegation` if it doesn't exist) with a completion time a full unbonding period from the current time. Update pool shares to reduce BondedTokens and increase NotBondedTokens by token worth of the shares (this may be effectively reversed in the next step however). + * `Unbonding` - add an entry to the `Redelegation` (create `Redelegation` if it doesn't exist) with the same completion time as the validator (`UnbondingMinTime`). + * `Unbonded` - no action required in this step +* Delegate the token worth to the destination validator, possibly moving tokens back to the bonded state. +* if there are no more `Shares` in the source delegation, then the source delegation object is removed from the store + * under this situation if the delegation is the validator's self-delegation then also jail the validator. + +![Begin redelegation sequence](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/begin_redelegation_sequence.svg) + + +### MsgUpdateParams + +The `MsgUpdateParams` update the staking module parameters. +The params are updated through a governance proposal where the signer is the gov module account address. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L182-L195 +``` + +The message handling can fail if: + +* signer is not the authority defined in the staking keeper (usually the gov module account). + +## Begin-Block + +Each abci begin block call, the historical info will get stored and pruned +according to the `HistoricalEntries` parameter. + +### Historical Info Tracking + +If the `HistoricalEntries` parameter is 0, then the `BeginBlock` performs a no-op. + +Otherwise, the latest historical info is stored under the key `historicalInfoKey|height`, while any entries older than `height - HistoricalEntries` is deleted. +In most cases, this results in a single entry being pruned per block. +However, if the parameter `HistoricalEntries` has changed to a lower value there will be multiple entries in the store that must be pruned. + +## End-Block + +Each abci end block call, the operations to update queues and validator set +changes are specified to execute. + +### Validator Set Changes + +The staking validator set is updated during this process by state transitions +that run at the end of every block. As a part of this process any updated +validators are also returned back to CometBFT for inclusion in the CometBFT +validator set which is responsible for validating CometBFT messages at the +consensus layer. Operations are as following: + +* the new validator set is taken as the top `params.MaxValidators` number of + validators retrieved from the `ValidatorsByPower` index +* the previous validator set is compared with the new validator set: + * missing validators begin unbonding and their `Tokens` are transferred from the + `BondedPool` to the `NotBondedPool` `ModuleAccount` + * new validators are instantly bonded and their `Tokens` are transferred from the + `NotBondedPool` to the `BondedPool` `ModuleAccount` + +In all cases, any validators leaving or entering the bonded validator set or +changing balances and staying within the bonded validator set incur an update +message reporting their new consensus power which is passed back to CometBFT. + +The `LastTotalPower` and `LastValidatorsPower` hold the state of the total power +and validator power from the end of the last block, and are used to check for +changes that have occurred in `ValidatorsByPower` and the total new power, which +is calculated during `EndBlock`. + +### Queues + +Within staking, certain state-transitions are not instantaneous but take place +over a duration of time (typically the unbonding period). When these +transitions are mature certain operations must take place in order to complete +the state operation. This is achieved through the use of queues which are +checked/processed at the end of each block. + +#### Unbonding Validators + +When a validator is kicked out of the bonded validator set (either through +being jailed, or not having sufficient bonded tokens) it begins the unbonding +process along with all its delegations begin unbonding (while still being +delegated to this validator). At this point the validator is said to be an +"unbonding validator", whereby it will mature to become an "unbonded validator" +after the unbonding period has passed. + +Each block the validator queue is to be checked for mature unbonding validators +(namely with a completion time <= current time and completion height <= current +block height). At this point any mature validators which do not have any +delegations remaining are deleted from state. For all other mature unbonding +validators that still have remaining delegations, the `validator.Status` is +switched from `types.Unbonding` to +`types.Unbonded`. + +Unbonding operations can be put on hold by external modules via the `PutUnbondingOnHold(unbondingId)` method. + As a result, an unbonding operation (e.g., an unbonding delegation) that is on hold, cannot complete + even if it reaches maturity. For an unbonding operation with `unbondingId` to eventually complete + (after it reaches maturity), every call to `PutUnbondingOnHold(unbondingId)` must be matched + by a call to `UnbondingCanComplete(unbondingId)`. + +#### Unbonding Delegations + +Complete the unbonding of all mature `UnbondingDelegations.Entries` within the +`UnbondingDelegations` queue with the following procedure: + +* transfer the balance coins to the delegator's wallet address +* remove the mature entry from `UnbondingDelegation.Entries` +* remove the `UnbondingDelegation` object from the store if there are no + remaining entries. + +#### Redelegations + +Complete the unbonding of all mature `Redelegation.Entries` within the +`Redelegations` queue with the following procedure: + +* remove the mature entry from `Redelegation.Entries` +* remove the `Redelegation` object from the store if there are no + remaining entries. + +## Hooks + +Other modules may register operations to execute when a certain event has +occurred within staking. These events can be registered to execute either +right `Before` or `After` the staking event (as per the hook name). The +following hooks can registered with staking: + +* `AfterValidatorCreated(Context, ValAddress) error` + * called when a validator is created +* `BeforeValidatorModified(Context, ValAddress) error` + * called when a validator's state is changed +* `AfterValidatorRemoved(Context, ConsAddress, ValAddress) error` + * called when a validator is deleted +* `AfterValidatorBonded(Context, ConsAddress, ValAddress) error` + * called when a validator is bonded +* `AfterValidatorBeginUnbonding(Context, ConsAddress, ValAddress) error` + * called when a validator begins unbonding +* `BeforeDelegationCreated(Context, AccAddress, ValAddress) error` + * called when a delegation is created +* `BeforeDelegationSharesModified(Context, AccAddress, ValAddress) error` + * called when a delegation's shares are modified +* `AfterDelegationModified(Context, AccAddress, ValAddress) error` + * called when a delegation is created or modified +* `BeforeDelegationRemoved(Context, AccAddress, ValAddress) error` + * called when a delegation is removed +* `AfterUnbondingInitiated(Context, UnbondingID)` + * called when an unbonding operation (validator unbonding, unbonding delegation, redelegation) was initiated + + +## Events + +The staking module emits the following events: + +### EndBlocker + +| Type | Attribute Key | Attribute Value | +| --------------------- | --------------------- | ------------------------- | +| complete_unbonding | amount | {totalUnbondingAmount} | +| complete_unbonding | validator | {validatorAddress} | +| complete_unbonding | delegator | {delegatorAddress} | +| complete_redelegation | amount | {totalRedelegationAmount} | +| complete_redelegation | source_validator | {srcValidatorAddress} | +| complete_redelegation | destination_validator | {dstValidatorAddress} | +| complete_redelegation | delegator | {delegatorAddress} | + +## Msg's + +### MsgCreateValidator + +| Type | Attribute Key | Attribute Value | +| ---------------- | ------------- | ------------------ | +| create_validator | validator | {validatorAddress} | +| create_validator | amount | {delegationAmount} | +| message | module | staking | +| message | action | create_validator | +| message | sender | {senderAddress} | + +### MsgEditValidator + +| Type | Attribute Key | Attribute Value | +| -------------- | ------------------- | ------------------- | +| edit_validator | commission_rate | {commissionRate} | +| edit_validator | min_self_delegation | {minSelfDelegation} | +| message | module | staking | +| message | action | edit_validator | +| message | sender | {senderAddress} | + +### MsgDelegate + +| Type | Attribute Key | Attribute Value | +| -------- | ------------- | ------------------ | +| delegate | validator | {validatorAddress} | +| delegate | amount | {delegationAmount} | +| message | module | staking | +| message | action | delegate | +| message | sender | {senderAddress} | + +### MsgUndelegate + +| Type | Attribute Key | Attribute Value | +| ------- | ------------------- | ------------------ | +| unbond | validator | {validatorAddress} | +| unbond | amount | {unbondAmount} | +| unbond | completion_time [0] | {completionTime} | +| message | module | staking | +| message | action | begin_unbonding | +| message | sender | {senderAddress} | + +* [0] Time is formatted in the RFC3339 standard + +### MsgCancelUnbondingDelegation + +| Type | Attribute Key | Attribute Value | +| ----------------------------- | ------------------ | ------------------------------------| +| cancel_unbonding_delegation | validator | {validatorAddress} | +| cancel_unbonding_delegation | delegator | {delegatorAddress} | +| cancel_unbonding_delegation | amount | {cancelUnbondingDelegationAmount} | +| cancel_unbonding_delegation | creation_height | {unbondingCreationHeight} | +| message | module | staking | +| message | action | cancel_unbond | +| message | sender | {senderAddress} | + +### MsgBeginRedelegate + +| Type | Attribute Key | Attribute Value | +| ---------- | --------------------- | --------------------- | +| redelegate | source_validator | {srcValidatorAddress} | +| redelegate | destination_validator | {dstValidatorAddress} | +| redelegate | amount | {unbondAmount} | +| redelegate | completion_time [0] | {completionTime} | +| message | module | staking | +| message | action | begin_redelegate | +| message | sender | {senderAddress} | + +* [0] Time is formatted in the RFC3339 standard + +## Parameters + +The staking module contains the following parameters: + +| Key | Type | Example | +|-------------------|------------------|------------------------| +| UnbondingTime | string (time ns) | "259200000000000" | +| MaxValidators | uint16 | 100 | +| KeyMaxEntries | uint16 | 7 | +| HistoricalEntries | uint16 | 3 | +| BondDenom | string | "stake" | +| MinCommissionRate | string | "0.000000000000000000" | + +## Client + +### CLI + +A user can query and interact with the `staking` module using the CLI. + +#### Query + +The `query` commands allows users to query `staking` state. + +```bash +simd query staking --help +``` + +##### delegation + +The `delegation` command allows users to query delegations for an individual delegator on an individual validator. + +Usage: + +```bash +simd query staking delegation [delegator-addr] [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking delegation cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +balance: + amount: "10000000000" + denom: stake +delegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + shares: "10000000000.000000000000000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +##### delegations + +The `delegations` command allows users to query delegations for an individual delegator on all validators. + +Usage: + +```bash +simd query staking delegations [delegator-addr] [flags] +``` + +Example: + +```bash +simd query staking delegations cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p +``` + +Example Output: + +```bash +delegation_responses: +- balance: + amount: "10000000000" + denom: stake + delegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + shares: "10000000000.000000000000000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +- balance: + amount: "10000000000" + denom: stake + delegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + shares: "10000000000.000000000000000000" + validator_address: cosmosvaloper1x20lytyf6zkcrv5edpkfkn8sz578qg5sqfyqnp +pagination: + next_key: null + total: "0" +``` + +##### delegations-to + +The `delegations-to` command allows users to query delegations on an individual validator. + +Usage: + +```bash +simd query staking delegations-to [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking delegations-to cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +- balance: + amount: "504000000" + denom: stake + delegation: + delegator_address: cosmos1q2qwwynhv8kh3lu5fkeex4awau9x8fwt45f5cp + shares: "504000000.000000000000000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +- balance: + amount: "78125000000" + denom: uixo + delegation: + delegator_address: cosmos1qvppl3479hw4clahe0kwdlfvf8uvjtcd99m2ca + shares: "78125000000.000000000000000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +pagination: + next_key: null + total: "0" +``` + +##### historical-info + +The `historical-info` command allows users to query historical information at given height. + +Usage: + +```bash +simd query staking historical-info [height] [flags] +``` + +Example: + +```bash +simd query staking historical-info 10 +``` + +Example Output: + +```bash +header: + app_hash: Lbx8cXpI868wz8sgp4qPYVrlaKjevR5WP/IjUxwp3oo= + chain_id: testnet + consensus_hash: BICRvH3cKD93v7+R1zxE2ljD34qcvIZ0Bdi389qtoi8= + data_hash: 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= + evidence_hash: 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= + height: "10" + last_block_id: + hash: RFbkpu6pWfSThXxKKl6EZVDnBSm16+U0l0xVjTX08Fk= + part_set_header: + hash: vpIvXD4rxD5GM4MXGz0Sad9I7//iVYLzZsEU4BVgWIU= + total: 1 + last_commit_hash: Ne4uXyx4QtNp4Zx89kf9UK7oG9QVbdB6e7ZwZkhy8K0= + last_results_hash: 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= + next_validators_hash: nGBgKeWBjoxeKFti00CxHsnULORgKY4LiuQwBuUrhCs= + proposer_address: mMEP2c2IRPLr99LedSRtBg9eONM= + time: "2021-10-01T06:00:49.785790894Z" + validators_hash: nGBgKeWBjoxeKFti00CxHsnULORgKY4LiuQwBuUrhCs= + version: + app: "0" + block: "11" +valset: +- commission: + commission_rates: + max_change_rate: "0.010000000000000000" + max_rate: "0.200000000000000000" + rate: "0.100000000000000000" + update_time: "2021-10-01T05:52:50.380144238Z" + consensus_pubkey: + '@type': /cosmos.crypto.ed25519.PubKey + key: Auxs3865HpB/EfssYOzfqNhEJjzys2Fo6jD5B8tPgC8= + delegator_shares: "10000000.000000000000000000" + description: + details: "" + identity: "" + moniker: myvalidator + security_contact: "" + website: "" + jailed: false + min_self_delegation: "1" + operator_address: cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc + status: BOND_STATUS_BONDED + tokens: "10000000" + unbonding_height: "0" + unbonding_time: "1970-01-01T00:00:00Z" +``` + +##### params + +The `params` command allows users to query values set as staking parameters. + +Usage: + +```bash +simd query staking params [flags] +``` + +Example: + +```bash +simd query staking params +``` + +Example Output: + +```bash +bond_denom: stake +historical_entries: 10000 +max_entries: 7 +max_validators: 50 +unbonding_time: 1814400s +``` + +##### pool + +The `pool` command allows users to query values for amounts stored in the staking pool. + +Usage: + +```bash +simd q staking pool [flags] +``` + +Example: + +```bash +simd q staking pool +``` + +Example Output: + +```bash +bonded_tokens: "10000000" +not_bonded_tokens: "0" +``` + +##### redelegation + +The `redelegation` command allows users to query a redelegation record based on delegator and a source and destination validator address. + +Usage: + +```bash +simd query staking redelegation [delegator-addr] [src-validator-addr] [dst-validator-addr] [flags] +``` + +Example: + +```bash +simd query staking redelegation cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p cosmosvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +pagination: null +redelegation_responses: +- entries: + - balance: "50000000" + redelegation_entry: + completion_time: "2021-10-24T20:33:21.960084845Z" + creation_height: 2.382847e+06 + initial_balance: "50000000" + shares_dst: "50000000.000000000000000000" + - balance: "5000000000" + redelegation_entry: + completion_time: "2021-10-25T21:33:54.446846862Z" + creation_height: 2.397271e+06 + initial_balance: "5000000000" + shares_dst: "5000000000.000000000000000000" + redelegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + entries: null + validator_dst_address: cosmosvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm + validator_src_address: cosmosvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm +``` + +##### redelegations + +The `redelegations` command allows users to query all redelegation records for an individual delegator. + +Usage: + +```bash +simd query staking redelegations [delegator-addr] [flags] +``` + +Example: + +```bash +simd query staking redelegation cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "0" +redelegation_responses: +- entries: + - balance: "50000000" + redelegation_entry: + completion_time: "2021-10-24T20:33:21.960084845Z" + creation_height: 2.382847e+06 + initial_balance: "50000000" + shares_dst: "50000000.000000000000000000" + - balance: "5000000000" + redelegation_entry: + completion_time: "2021-10-25T21:33:54.446846862Z" + creation_height: 2.397271e+06 + initial_balance: "5000000000" + shares_dst: "5000000000.000000000000000000" + redelegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + entries: null + validator_dst_address: cosmosvaloper1uccl5ugxrm7vqlzwqr04pjd320d2fz0z3hc6vm + validator_src_address: cosmosvaloper1zppjyal5emta5cquje8ndkpz0rs046m7zqxrpp +- entries: + - balance: "562770000000" + redelegation_entry: + completion_time: "2021-10-25T21:42:07.336911677Z" + creation_height: 2.39735e+06 + initial_balance: "562770000000" + shares_dst: "562770000000.000000000000000000" + redelegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + entries: null + validator_dst_address: cosmosvaloper1uccl5ugxrm7vqlzwqr04pjd320d2fz0z3hc6vm + validator_src_address: cosmosvaloper1zppjyal5emta5cquje8ndkpz0rs046m7zqxrpp +``` + +##### redelegations-from + +The `redelegations-from` command allows users to query delegations that are redelegating _from_ a validator. + +Usage: + +```bash +simd query staking redelegations-from [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking redelegations-from cosmosvaloper1y4rzzrgl66eyhzt6gse2k7ej3zgwmngeleucjy +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "0" +redelegation_responses: +- entries: + - balance: "50000000" + redelegation_entry: + completion_time: "2021-10-24T20:33:21.960084845Z" + creation_height: 2.382847e+06 + initial_balance: "50000000" + shares_dst: "50000000.000000000000000000" + - balance: "5000000000" + redelegation_entry: + completion_time: "2021-10-25T21:33:54.446846862Z" + creation_height: 2.397271e+06 + initial_balance: "5000000000" + shares_dst: "5000000000.000000000000000000" + redelegation: + delegator_address: cosmos1pm6e78p4pgn0da365plzl4t56pxy8hwtqp2mph + entries: null + validator_dst_address: cosmosvaloper1uccl5ugxrm7vqlzwqr04pjd320d2fz0z3hc6vm + validator_src_address: cosmosvaloper1y4rzzrgl66eyhzt6gse2k7ej3zgwmngeleucjy +- entries: + - balance: "221000000" + redelegation_entry: + completion_time: "2021-10-05T21:05:45.669420544Z" + creation_height: 2.120693e+06 + initial_balance: "221000000" + shares_dst: "221000000.000000000000000000" + redelegation: + delegator_address: cosmos1zqv8qxy2zgn4c58fz8jt8jmhs3d0attcussrf6 + entries: null + validator_dst_address: cosmosvaloper10mseqwnwtjaqfrwwp2nyrruwmjp6u5jhah4c3y + validator_src_address: cosmosvaloper1y4rzzrgl66eyhzt6gse2k7ej3zgwmngeleucjy +``` + +##### unbonding-delegation + +The `unbonding-delegation` command allows users to query unbonding delegations for an individual delegator on an individual validator. + +Usage: + +```bash +simd query staking unbonding-delegation [delegator-addr] [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking unbonding-delegation cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p +entries: +- balance: "52000000" + completion_time: "2021-11-02T11:35:55.391594709Z" + creation_height: "55078" + initial_balance: "52000000" +validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +##### unbonding-delegations + +The `unbonding-delegations` command allows users to query all unbonding-delegations records for one delegator. + +Usage: + +```bash +simd query staking unbonding-delegations [delegator-addr] [flags] +``` + +Example: + +```bash +simd query staking unbonding-delegations cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "0" +unbonding_responses: +- delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + entries: + - balance: "52000000" + completion_time: "2021-11-02T11:35:55.391594709Z" + creation_height: "55078" + initial_balance: "52000000" + validator_address: cosmosvaloper1t8ehvswxjfn3ejzkjtntcyrqwvmvuknzmvtaaa + +``` + +##### unbonding-delegations-from + +The `unbonding-delegations-from` command allows users to query delegations that are unbonding _from_ a validator. + +Usage: + +```bash +simd query staking unbonding-delegations-from [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking unbonding-delegations-from cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "0" +unbonding_responses: +- delegator_address: cosmos1qqq9txnw4c77sdvzx0tkedsafl5s3vk7hn53fn + entries: + - balance: "150000000" + completion_time: "2021-11-01T21:41:13.098141574Z" + creation_height: "46823" + initial_balance: "150000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +- delegator_address: cosmos1peteje73eklqau66mr7h7rmewmt2vt99y24f5z + entries: + - balance: "24000000" + completion_time: "2021-10-31T02:57:18.192280361Z" + creation_height: "21516" + initial_balance: "24000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +##### validator + +The `validator` command allows users to query details about an individual validator. + +Usage: + +```bash +simd query staking validator [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking validator cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +commission: + commission_rates: + max_change_rate: "0.020000000000000000" + max_rate: "0.200000000000000000" + rate: "0.050000000000000000" + update_time: "2021-10-01T19:24:52.663191049Z" +consensus_pubkey: + '@type': /cosmos.crypto.ed25519.PubKey + key: sIiexdJdYWn27+7iUHQJDnkp63gq/rzUq1Y+fxoGjXc= +delegator_shares: "32948270000.000000000000000000" +description: + details: Witval is the validator arm from Vitwit. Vitwit is into software consulting + and services business since 2015. We are working closely with Cosmos ecosystem + since 2018. We are also building tools for the ecosystem, Aneka is our explorer + for the cosmos ecosystem. + identity: 51468B615127273A + moniker: Witval + security_contact: "" + website: "" +jailed: false +min_self_delegation: "1" +operator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +status: BOND_STATUS_BONDED +tokens: "32948270000" +unbonding_height: "0" +unbonding_time: "1970-01-01T00:00:00Z" +``` + +##### validators + +The `validators` command allows users to query details about all validators on a network. + +Usage: + +```bash +simd query staking validators [flags] +``` + +Example: + +```bash +simd query staking validators +``` + +Example Output: + +```bash +pagination: + next_key: FPTi7TKAjN63QqZh+BaXn6gBmD5/ + total: "0" +validators: +commission: + commission_rates: + max_change_rate: "0.020000000000000000" + max_rate: "0.200000000000000000" + rate: "0.050000000000000000" + update_time: "2021-10-01T19:24:52.663191049Z" +consensus_pubkey: + '@type': /cosmos.crypto.ed25519.PubKey + key: sIiexdJdYWn27+7iUHQJDnkp63gq/rzUq1Y+fxoGjXc= +delegator_shares: "32948270000.000000000000000000" +description: + details: Witval is the validator arm from Vitwit. Vitwit is into software consulting + and services business since 2015. We are working closely with Cosmos ecosystem + since 2018. We are also building tools for the ecosystem, Aneka is our explorer + for the cosmos ecosystem. + identity: 51468B615127273A + moniker: Witval + security_contact: "" + website: "" + jailed: false + min_self_delegation: "1" + operator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj + status: BOND_STATUS_BONDED + tokens: "32948270000" + unbonding_height: "0" + unbonding_time: "1970-01-01T00:00:00Z" +- commission: + commission_rates: + max_change_rate: "0.100000000000000000" + max_rate: "0.200000000000000000" + rate: "0.050000000000000000" + update_time: "2021-10-04T18:02:21.446645619Z" + consensus_pubkey: + '@type': /cosmos.crypto.ed25519.PubKey + key: GDNpuKDmCg9GnhnsiU4fCWktuGUemjNfvpCZiqoRIYA= + delegator_shares: "559343421.000000000000000000" + description: + details: Noderunners is a professional validator in POS networks. We have a huge + node running experience, reliable soft and hardware. Our commissions are always + low, our support to delegators is always full. Stake with us and start receiving + your Cosmos rewards now! + identity: 812E82D12FEA3493 + moniker: Noderunners + security_contact: info@noderunners.biz + website: http://noderunners.biz + jailed: false + min_self_delegation: "1" + operator_address: cosmosvaloper1q5ku90atkhktze83j9xjaks2p7uruag5zp6wt7 + status: BOND_STATUS_BONDED + tokens: "559343421" + unbonding_height: "0" + unbonding_time: "1970-01-01T00:00:00Z" +``` + +#### Transactions + +The `tx` commands allows users to interact with the `staking` module. + +```bash +simd tx staking --help +``` + +##### create-validator + +The command `create-validator` allows users to create new validator initialized with a self-delegation to it. + +Usage: + +```bash +simd tx staking create-validator [path/to/validator.json] [flags] +``` + +Example: + +```bash +simd tx staking create-validator /path/to/validator.json \ + --chain-id="name_of_chain_id" \ + --gas="auto" \ + --gas-adjustment="1.2" \ + --gas-prices="0.025stake" \ + --from=mykey +``` + +where `validator.json` contains: + +```json +{ + "pubkey": {"@type":"/cosmos.crypto.ed25519.PubKey","key":"BnbwFpeONLqvWqJb3qaUbL5aoIcW3fSuAp9nT3z5f20="}, + "amount": "1000000stake", + "moniker": "my-moniker", + "website": "https://myweb.site", + "security": "security-contact@gmail.com", + "details": "description of your validator", + "commission-rate": "0.10", + "commission-max-rate": "0.20", + "commission-max-change-rate": "0.01", + "min-self-delegation": "1" +} +``` + +and pubkey can be obtained by using `simd tendermint show-validator` command. + +##### delegate + +The command `delegate` allows users to delegate liquid tokens to a validator. + +Usage: + +```bash +simd tx staking delegate [validator-addr] [amount] [flags] +``` + +Example: + +```bash +simd tx staking delegate cosmosvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm 1000stake --from mykey +``` + +##### edit-validator + +The command `edit-validator` allows users to edit an existing validator account. + +Usage: + +```bash +simd tx staking edit-validator [flags] +``` + +Example: + +```bash +simd tx staking edit-validator --moniker "new_moniker_name" --website "new_website_url" --from mykey +``` + +##### redelegate + +The command `redelegate` allows users to redelegate illiquid tokens from one validator to another. + +Usage: + +```bash +simd tx staking redelegate [src-validator-addr] [dst-validator-addr] [amount] [flags] +``` + +Example: + +```bash +simd tx staking redelegate cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj cosmosvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm 100stake --from mykey +``` + +##### unbond + +The command `unbond` allows users to unbond shares from a validator. + +Usage: + +```bash +simd tx staking unbond [validator-addr] [amount] [flags] +``` + +Example: + +```bash +simd tx staking unbond cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj 100stake --from mykey +``` + +##### cancel unbond + +The command `cancel-unbond` allow users to cancel the unbonding delegation entry and delegate back to the original validator. + +Usage: + +```bash +simd tx staking cancel-unbond [validator-addr] [amount] [creation-height] +``` + +Example: + +```bash +simd tx staking cancel-unbond cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj 100stake 123123 --from mykey +``` + + +### gRPC + +A user can query the `staking` module using gRPC endpoints. + +#### Validators + +The `Validators` endpoint queries all validators that match the given status. + +```bash +cosmos.staking.v1beta1.Query/Validators +``` + +Example: + +```bash +grpcurl -plaintext localhost:9090 cosmos.staking.v1beta1.Query/Validators +``` + +Example Output: + +```bash +{ + "validators": [ + { + "operatorAddress": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "consensusPubkey": {"@type":"/cosmos.crypto.ed25519.PubKey","key":"Auxs3865HpB/EfssYOzfqNhEJjzys2Fo6jD5B8tPgC8="}, + "status": "BOND_STATUS_BONDED", + "tokens": "10000000", + "delegatorShares": "10000000000000000000000000", + "description": { + "moniker": "myvalidator" + }, + "unbondingTime": "1970-01-01T00:00:00Z", + "commission": { + "commissionRates": { + "rate": "100000000000000000", + "maxRate": "200000000000000000", + "maxChangeRate": "10000000000000000" + }, + "updateTime": "2021-10-01T05:52:50.380144238Z" + }, + "minSelfDelegation": "1" + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### Validator + +The `Validator` endpoint queries validator information for given validator address. + +```bash +cosmos.staking.v1beta1.Query/Validator +``` + +Example: + +```bash +grpcurl -plaintext -d '{"validator_addr":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/Validator +``` + +Example Output: + +```bash +{ + "validator": { + "operatorAddress": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "consensusPubkey": {"@type":"/cosmos.crypto.ed25519.PubKey","key":"Auxs3865HpB/EfssYOzfqNhEJjzys2Fo6jD5B8tPgC8="}, + "status": "BOND_STATUS_BONDED", + "tokens": "10000000", + "delegatorShares": "10000000000000000000000000", + "description": { + "moniker": "myvalidator" + }, + "unbondingTime": "1970-01-01T00:00:00Z", + "commission": { + "commissionRates": { + "rate": "100000000000000000", + "maxRate": "200000000000000000", + "maxChangeRate": "10000000000000000" + }, + "updateTime": "2021-10-01T05:52:50.380144238Z" + }, + "minSelfDelegation": "1" + } +} +``` + +#### ValidatorDelegations + +The `ValidatorDelegations` endpoint queries delegate information for given validator. + +```bash +cosmos.staking.v1beta1.Query/ValidatorDelegations +``` + +Example: + +```bash +grpcurl -plaintext -d '{"validator_addr":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/ValidatorDelegations +``` + +Example Output: + +```bash +{ + "delegationResponses": [ + { + "delegation": { + "delegatorAddress": "cosmos1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgy3ua5t", + "validatorAddress": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "shares": "10000000000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "10000000" + } + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### ValidatorUnbondingDelegations + +The `ValidatorUnbondingDelegations` endpoint queries delegate information for given validator. + +```bash +cosmos.staking.v1beta1.Query/ValidatorUnbondingDelegations +``` + +Example: + +```bash +grpcurl -plaintext -d '{"validator_addr":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/ValidatorUnbondingDelegations +``` + +Example Output: + +```bash +{ + "unbonding_responses": [ + { + "delegator_address": "cosmos1z3pzzw84d6xn00pw9dy3yapqypfde7vg6965fy", + "validator_address": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "entries": [ + { + "creation_height": "25325", + "completion_time": "2021-10-31T09:24:36.797320636Z", + "initial_balance": "20000000", + "balance": "20000000" + } + ] + }, + { + "delegator_address": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", + "validator_address": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "entries": [ + { + "creation_height": "13100", + "completion_time": "2021-10-30T12:53:02.272266791Z", + "initial_balance": "1000000", + "balance": "1000000" + } + ] + }, + ], + "pagination": { + "next_key": null, + "total": "8" + } +} +``` + +#### Delegation + +The `Delegation` endpoint queries delegate information for given validator delegator pair. + +```bash +cosmos.staking.v1beta1.Query/Delegation +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", validator_addr":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/Delegation +``` + +Example Output: + +```bash +{ + "delegation_response": + { + "delegation": + { + "delegator_address":"cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", + "validator_address":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "shares":"25083119936.000000000000000000" + }, + "balance": + { + "denom":"stake", + "amount":"25083119936" + } + } +} +``` + +#### UnbondingDelegation + +The `UnbondingDelegation` endpoint queries unbonding information for given validator delegator. + +```bash +cosmos.staking.v1beta1.Query/UnbondingDelegation +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", validator_addr":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/UnbondingDelegation +``` + +Example Output: + +```bash +{ + "unbond": { + "delegator_address": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", + "validator_address": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "entries": [ + { + "creation_height": "136984", + "completion_time": "2021-11-08T05:38:47.505593891Z", + "initial_balance": "400000000", + "balance": "400000000" + }, + { + "creation_height": "137005", + "completion_time": "2021-11-08T05:40:53.526196312Z", + "initial_balance": "385000000", + "balance": "385000000" + } + ] + } +} +``` + +#### DelegatorDelegations + +The `DelegatorDelegations` endpoint queries all delegations of a given delegator address. + +```bash +cosmos.staking.v1beta1.Query/DelegatorDelegations +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/DelegatorDelegations +``` + +Example Output: + +```bash +{ + "delegation_responses": [ + {"delegation":{"delegator_address":"cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77","validator_address":"cosmosvaloper1eh5mwu044gd5ntkkc2xgfg8247mgc56fww3vc8","shares":"25083339023.000000000000000000"},"balance":{"denom":"stake","amount":"25083339023"}} + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### DelegatorUnbondingDelegations + +The `DelegatorUnbondingDelegations` endpoint queries all unbonding delegations of a given delegator address. + +```bash +cosmos.staking.v1beta1.Query/DelegatorUnbondingDelegations +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/DelegatorUnbondingDelegations +``` + +Example Output: + +```bash +{ + "unbonding_responses": [ + { + "delegator_address": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", + "validator_address": "cosmosvaloper1sjllsnramtg3ewxqwwrwjxfgc4n4ef9uxyejze", + "entries": [ + { + "creation_height": "136984", + "completion_time": "2021-11-08T05:38:47.505593891Z", + "initial_balance": "400000000", + "balance": "400000000" + }, + { + "creation_height": "137005", + "completion_time": "2021-11-08T05:40:53.526196312Z", + "initial_balance": "385000000", + "balance": "385000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### Redelegations + +The `Redelegations` endpoint queries redelegations of given address. + +```bash +cosmos.staking.v1beta1.Query/Redelegations +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1ld5p7hn43yuh8ht28gm9pfjgj2fctujp2tgwvf", "src_validator_addr" : "cosmosvaloper1j7euyj85fv2jugejrktj540emh9353ltgppc3g", "dst_validator_addr" : "cosmosvaloper1yy3tnegzmkdcm7czzcy3flw5z0zyr9vkkxrfse"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/Redelegations +``` + +Example Output: + +```bash +{ + "redelegation_responses": [ + { + "redelegation": { + "delegator_address": "cosmos1ld5p7hn43yuh8ht28gm9pfjgj2fctujp2tgwvf", + "validator_src_address": "cosmosvaloper1j7euyj85fv2jugejrktj540emh9353ltgppc3g", + "validator_dst_address": "cosmosvaloper1yy3tnegzmkdcm7czzcy3flw5z0zyr9vkkxrfse", + "entries": null + }, + "entries": [ + { + "redelegation_entry": { + "creation_height": 135932, + "completion_time": "2021-11-08T03:52:55.299147901Z", + "initial_balance": "2900000", + "shares_dst": "2900000.000000000000000000" + }, + "balance": "2900000" + } + ] + } + ], + "pagination": null +} +``` + +#### DelegatorValidators + +The `DelegatorValidators` endpoint queries all validators information for given delegator. + +```bash +cosmos.staking.v1beta1.Query/DelegatorValidators +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1ld5p7hn43yuh8ht28gm9pfjgj2fctujp2tgwvf"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/DelegatorValidators +``` + +Example Output: + +```bash +{ + "validators": [ + { + "operator_address": "cosmosvaloper1eh5mwu044gd5ntkkc2xgfg8247mgc56fww3vc8", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "UPwHWxH1zHJWGOa/m6JB3f5YjHMvPQPkVbDqqi+U7Uw=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "347260647559", + "delegator_shares": "347260647559.000000000000000000", + "description": { + "moniker": "BouBouNode", + "identity": "", + "website": "https://boubounode.com", + "security_contact": "", + "details": "AI-based Validator. #1 AI Validator on Game of Stakes. Fairly priced. Don't trust (humans), verify. Made with BouBou love." + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.061000000000000000", + "max_rate": "0.300000000000000000", + "max_change_rate": "0.150000000000000000" + }, + "update_time": "2021-10-01T15:00:00Z" + }, + "min_self_delegation": "1" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### DelegatorValidator + +The `DelegatorValidator` endpoint queries validator information for given delegator validator + +```bash +cosmos.staking.v1beta1.Query/DelegatorValidator +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1eh5mwu044gd5ntkkc2xgfg8247mgc56f3n8rr7", "validator_addr": "cosmosvaloper1eh5mwu044gd5ntkkc2xgfg8247mgc56fww3vc8"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/DelegatorValidator +``` + +Example Output: + +```bash +{ + "validator": { + "operator_address": "cosmosvaloper1eh5mwu044gd5ntkkc2xgfg8247mgc56fww3vc8", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "UPwHWxH1zHJWGOa/m6JB3f5YjHMvPQPkVbDqqi+U7Uw=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "347262754841", + "delegator_shares": "347262754841.000000000000000000", + "description": { + "moniker": "BouBouNode", + "identity": "", + "website": "https://boubounode.com", + "security_contact": "", + "details": "AI-based Validator. #1 AI Validator on Game of Stakes. Fairly priced. Don't trust (humans), verify. Made with BouBou love." + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.061000000000000000", + "max_rate": "0.300000000000000000", + "max_change_rate": "0.150000000000000000" + }, + "update_time": "2021-10-01T15:00:00Z" + }, + "min_self_delegation": "1" + } +} +``` + +#### HistoricalInfo + +```bash +cosmos.staking.v1beta1.Query/HistoricalInfo +``` + +Example: + +```bash +grpcurl -plaintext -d '{"height" : 1}' localhost:9090 cosmos.staking.v1beta1.Query/HistoricalInfo +``` + +Example Output: + +```bash +{ + "hist": { + "header": { + "version": { + "block": "11", + "app": "0" + }, + "chain_id": "simd-1", + "height": "140142", + "time": "2021-10-11T10:56:29.720079569Z", + "last_block_id": { + "hash": "9gri/4LLJUBFqioQ3NzZIP9/7YHR9QqaM6B2aJNQA7o=", + "part_set_header": { + "total": 1, + "hash": "Hk1+C864uQkl9+I6Zn7IurBZBKUevqlVtU7VqaZl1tc=" + } + }, + "last_commit_hash": "VxrcS27GtvGruS3I9+AlpT7udxIT1F0OrRklrVFSSKc=", + "data_hash": "80BjOrqNYUOkTnmgWyz9AQ8n7SoEmPVi4QmAe8RbQBY=", + "validators_hash": "95W49n2hw8RWpr1GPTAO5MSPi6w6Wjr3JjjS7AjpBho=", + "next_validators_hash": "95W49n2hw8RWpr1GPTAO5MSPi6w6Wjr3JjjS7AjpBho=", + "consensus_hash": "BICRvH3cKD93v7+R1zxE2ljD34qcvIZ0Bdi389qtoi8=", + "app_hash": "ZZaxnSY3E6Ex5Bvkm+RigYCK82g8SSUL53NymPITeOE=", + "last_results_hash": "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=", + "evidence_hash": "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=", + "proposer_address": "aH6dO428B+ItuoqPq70efFHrSMY=" + }, + "valset": [ + { + "operator_address": "cosmosvaloper196ax4vc0lwpxndu9dyhvca7jhxp70rmcqcnylw", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "/O7BtNW0pafwfvomgR4ZnfldwPXiFfJs9mHg3gwfv5Q=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "1426045203613", + "delegator_shares": "1426045203613.000000000000000000", + "description": { + "moniker": "SG-1", + "identity": "48608633F99D1B60", + "website": "https://sg-1.online", + "security_contact": "", + "details": "SG-1 - your favorite validator on Witval. We offer 100% Soft Slash protection." + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.037500000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.030000000000000000" + }, + "update_time": "2021-10-01T15:00:00Z" + }, + "min_self_delegation": "1" + } + ] + } +} + +``` + +#### Pool + +The `Pool` endpoint queries the pool information. + +```bash +cosmos.staking.v1beta1.Query/Pool +``` + +Example: + +```bash +grpcurl -plaintext -d localhost:9090 cosmos.staking.v1beta1.Query/Pool +``` + +Example Output: + +```bash +{ + "pool": { + "not_bonded_tokens": "369054400189", + "bonded_tokens": "15657192425623" + } +} +``` + +#### Params + +The `Params` endpoint queries the pool information. + +```bash +cosmos.staking.v1beta1.Query/Params +``` + +Example: + +```bash +grpcurl -plaintext localhost:9090 cosmos.staking.v1beta1.Query/Params +``` + +Example Output: + +```bash +{ + "params": { + "unbondingTime": "1814400s", + "maxValidators": 100, + "maxEntries": 7, + "historicalEntries": 10000, + "bondDenom": "stake" + } +} +``` + +### REST + +A user can query the `staking` module using REST endpoints. + +#### DelegatorDelegations + +The `DelegatorDelegations` REST endpoint queries all delegations of a given delegator address. + +```bash +/cosmos/staking/v1beta1/delegations/{delegatorAddr} +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/delegations/cosmos1vcs68xf2tnqes5tg0khr0vyevm40ff6zdxatp5" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "delegation_responses": [ + { + "delegation": { + "delegator_address": "cosmos1vcs68xf2tnqes5tg0khr0vyevm40ff6zdxatp5", + "validator_address": "cosmosvaloper1quqxfrxkycr0uzt4yk0d57tcq3zk7srm7sm6r8", + "shares": "256250000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "256250000" + } + }, + { + "delegation": { + "delegator_address": "cosmos1vcs68xf2tnqes5tg0khr0vyevm40ff6zdxatp5", + "validator_address": "cosmosvaloper194v8uwee2fvs2s8fa5k7j03ktwc87h5ym39jfv", + "shares": "255150000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "255150000" + } + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +#### Redelegations + +The `Redelegations` REST endpoint queries redelegations of given address. + +```bash +/cosmos/staking/v1beta1/delegators/{delegatorAddr}/redelegations +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/delegators/cosmos1thfntksw0d35n2tkr0k8v54fr8wxtxwxl2c56e/redelegations?srcValidatorAddr=cosmosvaloper1lzhlnpahvznwfv4jmay2tgaha5kmz5qx4cuznf&dstValidatorAddr=cosmosvaloper1vq8tw77kp8lvxq9u3c8eeln9zymn68rng8pgt4" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "redelegation_responses": [ + { + "redelegation": { + "delegator_address": "cosmos1thfntksw0d35n2tkr0k8v54fr8wxtxwxl2c56e", + "validator_src_address": "cosmosvaloper1lzhlnpahvznwfv4jmay2tgaha5kmz5qx4cuznf", + "validator_dst_address": "cosmosvaloper1vq8tw77kp8lvxq9u3c8eeln9zymn68rng8pgt4", + "entries": null + }, + "entries": [ + { + "redelegation_entry": { + "creation_height": 151523, + "completion_time": "2021-11-09T06:03:25.640682116Z", + "initial_balance": "200000000", + "shares_dst": "200000000.000000000000000000" + }, + "balance": "200000000" + } + ] + } + ], + "pagination": null +} +``` + +#### DelegatorUnbondingDelegations + +The `DelegatorUnbondingDelegations` REST endpoint queries all unbonding delegations of a given delegator address. + +```bash +/cosmos/staking/v1beta1/delegators/{delegatorAddr}/unbonding_delegations +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/delegators/cosmos1nxv42u3lv642q0fuzu2qmrku27zgut3n3z7lll/unbonding_delegations" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "unbonding_responses": [ + { + "delegator_address": "cosmos1nxv42u3lv642q0fuzu2qmrku27zgut3n3z7lll", + "validator_address": "cosmosvaloper1e7mvqlz50ch6gw4yjfemsc069wfre4qwmw53kq", + "entries": [ + { + "creation_height": "2442278", + "completion_time": "2021-10-12T10:59:03.797335857Z", + "initial_balance": "50000000000", + "balance": "50000000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### DelegatorValidators + +The `DelegatorValidators` REST endpoint queries all validators information for given delegator address. + +```bash +/cosmos/staking/v1beta1/delegators/{delegatorAddr}/validators +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/delegators/cosmos1xwazl8ftks4gn00y5x3c47auquc62ssune9ppv/validators" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "validators": [ + { + "operator_address": "cosmosvaloper1xwazl8ftks4gn00y5x3c47auquc62ssuvynw64", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "5v4n3px3PkfNnKflSgepDnsMQR1hiNXnqOC11Y72/PQ=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "21592843799", + "delegator_shares": "21592843799.000000000000000000", + "description": { + "moniker": "jabbey", + "identity": "", + "website": "https://twitter.com/JoeAbbey", + "security_contact": "", + "details": "just another dad in the cosmos" + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.100000000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.100000000000000000" + }, + "update_time": "2021-10-09T19:03:54.984821705Z" + }, + "min_self_delegation": "1" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### DelegatorValidator + +The `DelegatorValidator` REST endpoint queries validator information for given delegator validator pair. + +```bash +/cosmos/staking/v1beta1/delegators/{delegatorAddr}/validators/{validatorAddr} +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/delegators/cosmos1xwazl8ftks4gn00y5x3c47auquc62ssune9ppv/validators/cosmosvaloper1xwazl8ftks4gn00y5x3c47auquc62ssuvynw64" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "validator": { + "operator_address": "cosmosvaloper1xwazl8ftks4gn00y5x3c47auquc62ssuvynw64", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "5v4n3px3PkfNnKflSgepDnsMQR1hiNXnqOC11Y72/PQ=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "21592843799", + "delegator_shares": "21592843799.000000000000000000", + "description": { + "moniker": "jabbey", + "identity": "", + "website": "https://twitter.com/JoeAbbey", + "security_contact": "", + "details": "just another dad in the cosmos" + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.100000000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.100000000000000000" + }, + "update_time": "2021-10-09T19:03:54.984821705Z" + }, + "min_self_delegation": "1" + } +} +``` + +#### HistoricalInfo + +The `HistoricalInfo` REST endpoint queries the historical information for given height. + +```bash +/cosmos/staking/v1beta1/historical_info/{height} +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/historical_info/153332" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "hist": { + "header": { + "version": { + "block": "11", + "app": "0" + }, + "chain_id": "cosmos-1", + "height": "153332", + "time": "2021-10-12T09:05:35.062230221Z", + "last_block_id": { + "hash": "NX8HevR5khb7H6NGKva+jVz7cyf0skF1CrcY9A0s+d8=", + "part_set_header": { + "total": 1, + "hash": "zLQ2FiKM5tooL3BInt+VVfgzjlBXfq0Hc8Iux/xrhdg=" + } + }, + "last_commit_hash": "P6IJrK8vSqU3dGEyRHnAFocoDGja0bn9euLuy09s350=", + "data_hash": "eUd+6acHWrNXYju8Js449RJ99lOYOs16KpqQl4SMrEM=", + "validators_hash": "mB4pravvMsJKgi+g8aYdSeNlt0kPjnRFyvtAQtaxcfw=", + "next_validators_hash": "mB4pravvMsJKgi+g8aYdSeNlt0kPjnRFyvtAQtaxcfw=", + "consensus_hash": "BICRvH3cKD93v7+R1zxE2ljD34qcvIZ0Bdi389qtoi8=", + "app_hash": "fuELArKRK+CptnZ8tu54h6xEleSWenHNmqC84W866fU=", + "last_results_hash": "p/BPexV4LxAzlVcPRvW+lomgXb6Yze8YLIQUo/4Kdgc=", + "evidence_hash": "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=", + "proposer_address": "G0MeY8xQx7ooOsni8KE/3R/Ib3Q=" + }, + "valset": [ + { + "operator_address": "cosmosvaloper196ax4vc0lwpxndu9dyhvca7jhxp70rmcqcnylw", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "/O7BtNW0pafwfvomgR4ZnfldwPXiFfJs9mHg3gwfv5Q=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "1416521659632", + "delegator_shares": "1416521659632.000000000000000000", + "description": { + "moniker": "SG-1", + "identity": "48608633F99D1B60", + "website": "https://sg-1.online", + "security_contact": "", + "details": "SG-1 - your favorite validator on cosmos. We offer 100% Soft Slash protection." + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.037500000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.030000000000000000" + }, + "update_time": "2021-10-01T15:00:00Z" + }, + "min_self_delegation": "1" + }, + { + "operator_address": "cosmosvaloper1t8ehvswxjfn3ejzkjtntcyrqwvmvuknzmvtaaa", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "uExZyjNLtr2+FFIhNDAMcQ8+yTrqE7ygYTsI7khkA5Y=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "1348298958808", + "delegator_shares": "1348298958808.000000000000000000", + "description": { + "moniker": "Cosmostation", + "identity": "AE4C403A6E7AA1AC", + "website": "https://www.cosmostation.io", + "security_contact": "admin@stamper.network", + "details": "Cosmostation validator node. Delegate your tokens and Start Earning Staking Rewards" + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.050000000000000000", + "max_rate": "1.000000000000000000", + "max_change_rate": "0.200000000000000000" + }, + "update_time": "2021-10-01T15:06:38.821314287Z" + }, + "min_self_delegation": "1" + } + ] + } +} +``` + +#### Parameters + +The `Parameters` REST endpoint queries the staking parameters. + +```bash +/cosmos/staking/v1beta1/params +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/params" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "params": { + "unbonding_time": "2419200s", + "max_validators": 100, + "max_entries": 7, + "historical_entries": 10000, + "bond_denom": "stake" + } +} +``` + +#### Pool + +The `Pool` REST endpoint queries the pool information. + +```bash +/cosmos/staking/v1beta1/pool +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/pool" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "pool": { + "not_bonded_tokens": "432805737458", + "bonded_tokens": "15783637712645" + } +} +``` + +#### Validators + +The `Validators` REST endpoint queries all validators that match the given status. + +```bash +/cosmos/staking/v1beta1/validators +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/validators" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "validators": [ + { + "operator_address": "cosmosvaloper1q3jsx9dpfhtyqqgetwpe5tmk8f0ms5qywje8tw", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "N7BPyek2aKuNZ0N/8YsrqSDhGZmgVaYUBuddY8pwKaE=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "383301887799", + "delegator_shares": "383301887799.000000000000000000", + "description": { + "moniker": "SmartNodes", + "identity": "D372724899D1EDC8", + "website": "https://smartnodes.co", + "security_contact": "", + "details": "Earn Rewards with Crypto Staking & Node Deployment" + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.050000000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.100000000000000000" + }, + "update_time": "2021-10-01T15:51:31.596618510Z" + }, + "min_self_delegation": "1" + }, + { + "operator_address": "cosmosvaloper1q5ku90atkhktze83j9xjaks2p7uruag5zp6wt7", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "GDNpuKDmCg9GnhnsiU4fCWktuGUemjNfvpCZiqoRIYA=" + }, + "jailed": false, + "status": "BOND_STATUS_UNBONDING", + "tokens": "1017819654", + "delegator_shares": "1017819654.000000000000000000", + "description": { + "moniker": "Noderunners", + "identity": "812E82D12FEA3493", + "website": "http://noderunners.biz", + "security_contact": "info@noderunners.biz", + "details": "Noderunners is a professional validator in POS networks. We have a huge node running experience, reliable soft and hardware. Our commissions are always low, our support to delegators is always full. Stake with us and start receiving your cosmos rewards now!" + }, + "unbonding_height": "147302", + "unbonding_time": "2021-11-08T22:58:53.718662452Z", + "commission": { + "commission_rates": { + "rate": "0.050000000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.100000000000000000" + }, + "update_time": "2021-10-04T18:02:21.446645619Z" + }, + "min_self_delegation": "1" + } + ], + "pagination": { + "next_key": "FONDBFkE4tEEf7yxWWKOD49jC2NK", + "total": "2" + } +} +``` + +#### Validator + +The `Validator` REST endpoint queries validator information for given validator address. + +```bash +/cosmos/staking/v1beta1/validators/{validatorAddr} +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/validators/cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "validator": { + "operator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "sIiexdJdYWn27+7iUHQJDnkp63gq/rzUq1Y+fxoGjXc=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "33027900000", + "delegator_shares": "33027900000.000000000000000000", + "description": { + "moniker": "Witval", + "identity": "51468B615127273A", + "website": "", + "security_contact": "", + "details": "Witval is the validator arm from Vitwit. Vitwit is into software consulting and services business since 2015. We are working closely with Cosmos ecosystem since 2018. We are also building tools for the ecosystem, Aneka is our explorer for the cosmos ecosystem." + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.050000000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.020000000000000000" + }, + "update_time": "2021-10-01T19:24:52.663191049Z" + }, + "min_self_delegation": "1" + } +} +``` + +#### ValidatorDelegations + +The `ValidatorDelegations` REST endpoint queries delegate information for given validator. + +```bash +/cosmos/staking/v1beta1/validators/{validatorAddr}/delegations +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/validators/cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q/delegations" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "delegation_responses": [ + { + "delegation": { + "delegator_address": "cosmos190g5j8aszqhvtg7cprmev8xcxs6csra7xnk3n3", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "31000000000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "31000000000" + } + }, + { + "delegation": { + "delegator_address": "cosmos1ddle9tczl87gsvmeva3c48nenyng4n56qwq4ee", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "628470000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "628470000" + } + }, + { + "delegation": { + "delegator_address": "cosmos10fdvkczl76m040smd33lh9xn9j0cf26kk4s2nw", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "838120000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "838120000" + } + }, + { + "delegation": { + "delegator_address": "cosmos1n8f5fknsv2yt7a8u6nrx30zqy7lu9jfm0t5lq8", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "500000000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "500000000" + } + }, + { + "delegation": { + "delegator_address": "cosmos16msryt3fqlxtvsy8u5ay7wv2p8mglfg9hrek2e", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "61310000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "61310000" + } + } + ], + "pagination": { + "next_key": null, + "total": "5" + } +} +``` + +#### Delegation + +The `Delegation` REST endpoint queries delegate information for given validator delegator pair. + +```bash +/cosmos/staking/v1beta1/validators/{validatorAddr}/delegations/{delegatorAddr} +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/validators/cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q/delegations/cosmos1n8f5fknsv2yt7a8u6nrx30zqy7lu9jfm0t5lq8" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "delegation_response": { + "delegation": { + "delegator_address": "cosmos1n8f5fknsv2yt7a8u6nrx30zqy7lu9jfm0t5lq8", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "500000000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "500000000" + } + } +} +``` + +#### UnbondingDelegation + +The `UnbondingDelegation` REST endpoint queries unbonding information for given validator delegator pair. + +```bash +/cosmos/staking/v1beta1/validators/{validatorAddr}/delegations/{delegatorAddr}/unbonding_delegation +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/validators/cosmosvaloper13v4spsah85ps4vtrw07vzea37gq5la5gktlkeu/delegations/cosmos1ze2ye5u5k3qdlexvt2e0nn0508p04094ya0qpm/unbonding_delegation" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "unbond": { + "delegator_address": "cosmos1ze2ye5u5k3qdlexvt2e0nn0508p04094ya0qpm", + "validator_address": "cosmosvaloper13v4spsah85ps4vtrw07vzea37gq5la5gktlkeu", + "entries": [ + { + "creation_height": "153687", + "completion_time": "2021-11-09T09:41:18.352401903Z", + "initial_balance": "525111", + "balance": "525111" + } + ] + } +} +``` + +#### ValidatorUnbondingDelegations + +The `ValidatorUnbondingDelegations` REST endpoint queries unbonding delegations of a validator. + +```bash +/cosmos/staking/v1beta1/validators/{validatorAddr}/unbonding_delegations +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/validators/cosmosvaloper13v4spsah85ps4vtrw07vzea37gq5la5gktlkeu/unbonding_delegations" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "unbonding_responses": [ + { + "delegator_address": "cosmos1q9snn84jfrd9ge8t46kdcggpe58dua82vnj7uy", + "validator_address": "cosmosvaloper13v4spsah85ps4vtrw07vzea37gq5la5gktlkeu", + "entries": [ + { + "creation_height": "90998", + "completion_time": "2021-11-05T00:14:37.005841058Z", + "initial_balance": "24000000", + "balance": "24000000" + } + ] + }, + { + "delegator_address": "cosmos1qf36e6wmq9h4twhdvs6pyq9qcaeu7ye0s3dqq2", + "validator_address": "cosmosvaloper13v4spsah85ps4vtrw07vzea37gq5la5gktlkeu", + "entries": [ + { + "creation_height": "47478", + "completion_time": "2021-11-01T22:47:26.714116854Z", + "initial_balance": "8000000", + "balance": "8000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` diff --git a/copy-of-sdk-docs/build/modules/upgrade/README.md b/copy-of-sdk-docs/build/modules/upgrade/README.md new file mode 100644 index 00000000..0ff5ad01 --- /dev/null +++ b/copy-of-sdk-docs/build/modules/upgrade/README.md @@ -0,0 +1,609 @@ +--- +sidebar_position: 1 +--- + +# `x/upgrade` + +## Abstract + +`x/upgrade` is an implementation of a Cosmos SDK module that facilitates smoothly +upgrading a live Cosmos chain to a new (breaking) software version. It accomplishes this by +providing a `PreBlocker` hook that prevents the blockchain state machine from +proceeding once a pre-defined upgrade block height has been reached. + +The module does not prescribe anything regarding how governance decides to do an +upgrade, but just the mechanism for coordinating the upgrade safely. Without software +support for upgrades, upgrading a live chain is risky because all of the validators +need to pause their state machines at exactly the same point in the process. If +this is not done correctly, there can be state inconsistencies which are hard to +recover from. + +* [Concepts](#concepts) +* [State](#state) +* [Events](#events) +* [Client](#client) + * [CLI](#cli) + * [REST](#rest) + * [gRPC](#grpc) +* [Resources](#resources) + +## Concepts + +### Plan + +The `x/upgrade` module defines a `Plan` type in which a live upgrade is scheduled +to occur. A `Plan` can be scheduled at a specific block height. +A `Plan` is created once a (frozen) release candidate along with an appropriate upgrade +`Handler` (see below) is agreed upon, where the `Name` of a `Plan` corresponds to a +specific `Handler`. Typically, a `Plan` is created through a governance proposal +process, where if voted upon and passed, will be scheduled. The `Info` of a `Plan` +may contain various metadata about the upgrade, typically application specific +upgrade info to be included on-chain such as a git commit that validators could +automatically upgrade to. + +```go +type Plan struct { + Name string + Height int64 + Info string +} +``` + +#### Sidecar Process + +If an operator running the application binary also runs a sidecar process to assist +in the automatic download and upgrade of a binary, the `Info` allows this process to +be seamless. This tool is [Cosmovisor](https://github.com/cosmos/cosmos-sdk/tree/main/tools/cosmovisor#readme). + +### Handler + +The `x/upgrade` module facilitates upgrading from major version X to major version Y. To +accomplish this, node operators must first upgrade their current binary to a new +binary that has a corresponding `Handler` for the new version Y. It is assumed that +this version has fully been tested and approved by the community at large. This +`Handler` defines what state migrations need to occur before the new binary Y +can successfully run the chain. Naturally, this `Handler` is application specific +and not defined on a per-module basis. Registering a `Handler` is done via +`Keeper#SetUpgradeHandler` in the application. + +```go +type UpgradeHandler func(Context, Plan, VersionMap) (VersionMap, error) +``` + +During each `EndBlock` execution, the `x/upgrade` module checks if there exists a +`Plan` that should execute (is scheduled at that height). If so, the corresponding +`Handler` is executed. If the `Plan` is expected to execute but no `Handler` is registered +or if the binary was upgraded too early, the node will gracefully panic and exit. + +### StoreLoader + +The `x/upgrade` module also facilitates store migrations as part of the upgrade. The +`StoreLoader` sets the migrations that need to occur before the new binary can +successfully run the chain. This `StoreLoader` is also application specific and +not defined on a per-module basis. Registering this `StoreLoader` is done via +`app#SetStoreLoader` in the application. + +```go +func UpgradeStoreLoader (upgradeHeight int64, storeUpgrades *store.StoreUpgrades) baseapp.StoreLoader +``` + +If there's a planned upgrade and the upgrade height is reached, the old binary writes `Plan` to the disk before panicking. + +This information is critical to ensure the `StoreUpgrades` happens smoothly at correct height and +expected upgrade. It eliminates the chances for the new binary to execute `StoreUpgrades` multiple +times every time on restart. Also if there are multiple upgrades planned on same height, the `Name` +will ensure these `StoreUpgrades` takes place only in planned upgrade handler. + +### Proposal + +Typically, a `Plan` is proposed and submitted through governance via a proposal +containing a `MsgSoftwareUpgrade` message. +This proposal prescribes to the standard governance process. If the proposal passes, +the `Plan`, which targets a specific `Handler`, is persisted and scheduled. The +upgrade can be delayed or hastened by updating the `Plan.Height` in a new proposal. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/upgrade/v1beta1/tx.proto#L29-L41 +``` + +#### Cancelling Upgrade Proposals + +Upgrade proposals can be cancelled. There exists a gov-enabled `MsgCancelUpgrade` +message type, which can be embedded in a proposal, voted on and, if passed, will +remove the scheduled upgrade `Plan`. +Of course this requires that the upgrade was known to be a bad idea well before the +upgrade itself, to allow time for a vote. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/upgrade/v1beta1/tx.proto#L48-L57 +``` + +If such a possibility is desired, the upgrade height is to be +`2 * (VotingPeriod + DepositPeriod) + (SafetyDelta)` from the beginning of the +upgrade proposal. The `SafetyDelta` is the time available from the success of an +upgrade proposal and the realization it was a bad idea (due to external social consensus). + +A `MsgCancelUpgrade` proposal can also be made while the original +`MsgSoftwareUpgrade` proposal is still being voted upon, as long as the `VotingPeriod` +ends after the `MsgSoftwareUpgrade` proposal. + +## State + +The internal state of the `x/upgrade` module is relatively minimal and simple. The +state contains the currently active upgrade `Plan` (if one exists) by key +`0x0` and if a `Plan` is marked as "done" by key `0x1`. The state +contains the consensus versions of all app modules in the application. The versions +are stored as big endian `uint64`, and can be accessed with prefix `0x2` appended +by the corresponding module name of type `string`. The state maintains a +`Protocol Version` which can be accessed by key `0x3`. + +* Plan: `0x0 -> Plan` +* Done: `0x1 | byte(plan name) -> BigEndian(Block Height)` +* ConsensusVersion: `0x2 | byte(module name) -> BigEndian(Module Consensus Version)` +* ProtocolVersion: `0x3 -> BigEndian(Protocol Version)` + +The `x/upgrade` module contains no genesis state. + +## Events + +The `x/upgrade` does not emit any events by itself. Any and all proposal related +events are emitted through the `x/gov` module. + +## Client + +### CLI + +A user can query and interact with the `upgrade` module using the CLI. + +#### Query + +The `query` commands allow users to query `upgrade` state. + +```bash +simd query upgrade --help +``` + +##### applied + +The `applied` command allows users to query the block header for height at which a completed upgrade was applied. + +```bash +simd query upgrade applied [upgrade-name] [flags] +``` + +If upgrade-name was previously executed on the chain, this returns the header for the block at which it was applied. +This helps a client determine which binary was valid over a given range of blocks, as well as more context to understand past migrations. + +Example: + +```bash +simd query upgrade applied "test-upgrade" +``` + +Example Output: + +```bash +"block_id": { + "hash": "A769136351786B9034A5F196DC53F7E50FCEB53B48FA0786E1BFC45A0BB646B5", + "parts": { + "total": 1, + "hash": "B13CBD23011C7480E6F11BE4594EE316548648E6A666B3575409F8F16EC6939E" + } + }, + "block_size": "7213", + "header": { + "version": { + "block": "11" + }, + "chain_id": "testnet-2", + "height": "455200", + "time": "2021-04-10T04:37:57.085493838Z", + "last_block_id": { + "hash": "0E8AD9309C2DC411DF98217AF59E044A0E1CCEAE7C0338417A70338DF50F4783", + "parts": { + "total": 1, + "hash": "8FE572A48CD10BC2CBB02653CA04CA247A0F6830FF19DC972F64D339A355E77D" + } + }, + "last_commit_hash": "DE890239416A19E6164C2076B837CC1D7F7822FC214F305616725F11D2533140", + "data_hash": "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855", + "validators_hash": "A31047ADE54AE9072EE2A12FF260A8990BA4C39F903EAF5636B50D58DBA72582", + "next_validators_hash": "A31047ADE54AE9072EE2A12FF260A8990BA4C39F903EAF5636B50D58DBA72582", + "consensus_hash": "048091BC7DDC283F77BFBF91D73C44DA58C3DF8A9CBC867405D8B7F3DAADA22F", + "app_hash": "28ECC486AFC332BA6CC976706DBDE87E7D32441375E3F10FD084CD4BAF0DA021", + "last_results_hash": "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855", + "evidence_hash": "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855", + "proposer_address": "2ABC4854B1A1C5AA8403C4EA853A81ACA901CC76" + }, + "num_txs": "0" +} +``` + +##### module versions + +The `module_versions` command gets a list of module names and their respective consensus versions. + +Following the command with a specific module name will return only +that module's information. + +```bash +simd query upgrade module_versions [optional module_name] [flags] +``` + +Example: + +```bash +simd query upgrade module_versions +``` + +Example Output: + +```bash +module_versions: +- name: auth + version: "2" +- name: authz + version: "1" +- name: bank + version: "2" +- name: distribution + version: "2" +- name: evidence + version: "1" +- name: feegrant + version: "1" +- name: genutil + version: "1" +- name: gov + version: "2" +- name: ibc + version: "2" +- name: mint + version: "1" +- name: params + version: "1" +- name: slashing + version: "2" +- name: staking + version: "2" +- name: transfer + version: "1" +- name: upgrade + version: "1" +- name: vesting + version: "1" +``` + +Example: + +```bash +regen query upgrade module_versions ibc +``` + +Example Output: + +```bash +module_versions: +- name: ibc + version: "2" +``` + +##### plan + +The `plan` command gets the currently scheduled upgrade plan, if one exists. + +```bash +regen query upgrade plan [flags] +``` + +Example: + +```bash +simd query upgrade plan +``` + +Example Output: + +```bash +height: "130" +info: "" +name: test-upgrade +time: "0001-01-01T00:00:00Z" +upgraded_client_state: null +``` + +#### Transactions + +The upgrade module supports the following transactions: + +* `software-proposal` - submits an upgrade proposal: + +```bash +simd tx upgrade software-upgrade v2 --title="Test Proposal" --summary="testing" --deposit="100000000stake" --upgrade-height 1000000 \ +--upgrade-info '{ "binaries": { "linux/amd64":"https://example.com/simd.zip?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f" } }' --from cosmos1.. +``` + +* `cancel-software-upgrade` - cancels a previously submitted upgrade proposal: + +```bash +simd tx upgrade cancel-software-upgrade --title="Test Proposal" --summary="testing" --deposit="100000000stake" --from cosmos1.. +``` + +### REST + +A user can query the `upgrade` module using REST endpoints. + +#### Applied Plan + +`AppliedPlan` queries a previously applied upgrade plan by its name. + +```bash +/cosmos/upgrade/v1beta1/applied_plan/{name} +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/upgrade/v1beta1/applied_plan/v2.0-upgrade" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "height": "30" +} +``` + +#### Current Plan + +`CurrentPlan` queries the current upgrade plan. + +```bash +/cosmos/upgrade/v1beta1/current_plan +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/upgrade/v1beta1/current_plan" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "plan": "v2.1-upgrade" +} +``` + +#### Module versions + +`ModuleVersions` queries the list of module versions from state. + +```bash +/cosmos/upgrade/v1beta1/module_versions +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/upgrade/v1beta1/module_versions" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "module_versions": [ + { + "name": "auth", + "version": "2" + }, + { + "name": "authz", + "version": "1" + }, + { + "name": "bank", + "version": "2" + }, + { + "name": "distribution", + "version": "2" + }, + { + "name": "evidence", + "version": "1" + }, + { + "name": "feegrant", + "version": "1" + }, + { + "name": "genutil", + "version": "1" + }, + { + "name": "gov", + "version": "2" + }, + { + "name": "ibc", + "version": "2" + }, + { + "name": "mint", + "version": "1" + }, + { + "name": "params", + "version": "1" + }, + { + "name": "slashing", + "version": "2" + }, + { + "name": "staking", + "version": "2" + }, + { + "name": "transfer", + "version": "1" + }, + { + "name": "upgrade", + "version": "1" + }, + { + "name": "vesting", + "version": "1" + } + ] +} +``` + +### gRPC + +A user can query the `upgrade` module using gRPC endpoints. + +#### Applied Plan + +`AppliedPlan` queries a previously applied upgrade plan by its name. + +```bash +cosmos.upgrade.v1beta1.Query/AppliedPlan +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"name":"v2.0-upgrade"}' \ + localhost:9090 \ + cosmos.upgrade.v1beta1.Query/AppliedPlan +``` + +Example Output: + +```bash +{ + "height": "30" +} +``` + +#### Current Plan + +`CurrentPlan` queries the current upgrade plan. + +```bash +cosmos.upgrade.v1beta1.Query/CurrentPlan +``` + +Example: + +```bash +grpcurl -plaintext localhost:9090 cosmos.slashing.v1beta1.Query/CurrentPlan +``` + +Example Output: + +```bash +{ + "plan": "v2.1-upgrade" +} +``` + +#### Module versions + +`ModuleVersions` queries the list of module versions from state. + +```bash +cosmos.upgrade.v1beta1.Query/ModuleVersions +``` + +Example: + +```bash +grpcurl -plaintext localhost:9090 cosmos.slashing.v1beta1.Query/ModuleVersions +``` + +Example Output: + +```bash +{ + "module_versions": [ + { + "name": "auth", + "version": "2" + }, + { + "name": "authz", + "version": "1" + }, + { + "name": "bank", + "version": "2" + }, + { + "name": "distribution", + "version": "2" + }, + { + "name": "evidence", + "version": "1" + }, + { + "name": "feegrant", + "version": "1" + }, + { + "name": "genutil", + "version": "1" + }, + { + "name": "gov", + "version": "2" + }, + { + "name": "ibc", + "version": "2" + }, + { + "name": "mint", + "version": "1" + }, + { + "name": "params", + "version": "1" + }, + { + "name": "slashing", + "version": "2" + }, + { + "name": "staking", + "version": "2" + }, + { + "name": "transfer", + "version": "1" + }, + { + "name": "upgrade", + "version": "1" + }, + { + "name": "vesting", + "version": "1" + } + ] +} +``` + +## Resources + +A list of (external) resources to learn more about the `x/upgrade` module. + +* [Cosmos Dev Series: Cosmos Blockchain Upgrade](https://medium.com/web3-surfers/cosmos-dev-series-cosmos-sdk-based-blockchain-upgrade-b5e99181554c) - The blog post that explains how software upgrades work in detail. diff --git a/copy-of-sdk-docs/build/packages/01-depinject.md b/copy-of-sdk-docs/build/packages/01-depinject.md new file mode 100644 index 00000000..4fa96325 --- /dev/null +++ b/copy-of-sdk-docs/build/packages/01-depinject.md @@ -0,0 +1,205 @@ +--- +sidebar_position: 1 +--- + +# Depinject + +> **DISCLAIMER**: This is a **beta** package. The SDK team is actively working on this feature and we are looking for feedback from the community. Please try it out and let us know what you think. + +## Overview + +`depinject` is a dependency injection (DI) framework for the Cosmos SDK, designed to streamline the process of building and configuring blockchain applications. It works in conjunction with the `core/appconfig` module to replace the majority of boilerplate code in `app.go` with a configuration file in Go, YAML, or JSON format. + +`depinject` is particularly useful for developing blockchain applications: + +* With multiple interdependent components, modules, or services. Helping manage their dependencies effectively. +* That require decoupling of these components, making it easier to test, modify, or replace individual parts without affecting the entire system. +* That are wanting to simplify the setup and initialisation of modules and their dependencies by reducing boilerplate code and automating dependency management. + +By using `depinject`, developers can achieve: + +* Cleaner and more organised code. +* Improved modularity and maintainability. +* A more maintainable and modular structure for their blockchain applications, ultimately enhancing development velocity and code quality. + +* [Go Doc](https://pkg.go.dev/cosmossdk.io/depinject) + +## Usage + +The `depinject` framework, based on dependency injection concepts, streamlines the management of dependencies within your blockchain application using its Configuration API. This API offers a set of functions and methods to create easy to use configurations, making it simple to define, modify, and access dependencies and their relationships. + +A core component of the [Configuration API](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/depinject#Config) is the `Provide` function, which allows you to register provider functions that supply dependencies. Inspired by constructor injection, these provider functions form the basis of the dependency tree, enabling the management and resolution of dependencies in a structured and maintainable manner. Additionally, `depinject` supports interface types as inputs to provider functions, offering flexibility and decoupling between components, similar to interface injection concepts. + +By leveraging `depinject` and its Configuration API, you can efficiently handle dependencies in your blockchain application, ensuring a clean, modular, and well-organised codebase. + +Example: + +```go +package main + +import ( + "fmt" + + "cosmossdk.io/depinject" +) + +type AnotherInt int + +func GetInt() int { return 1 } +func GetAnotherInt() AnotherInt { return 2 } + +func main() { + var ( + x int + y AnotherInt + ) + + fmt.Printf("Before (%v, %v)\n", x, y) + depinject.Inject( + depinject.Provide( + GetInt, + GetAnotherInt, + ), + &x, + &y, + ) + fmt.Printf("After (%v, %v)\n", x, y) +} +``` + +In this example, `depinject.Provide` registers two provider functions that return `int` and `AnotherInt` values. The `depinject.Inject` function is then used to inject these values into the variables `x` and `y`. + +Provider functions serve as the basis for the dependency tree. They are analysed to identify their inputs as dependencies and their outputs as dependents. These dependents can either be used by another provider function or be stored outside the DI container (e.g., `&x` and `&y` in the example above). Provider functions must be exported. + +### Interface type resolution + +`depinject` supports the use of interface types as inputs to provider functions, which helps decouple dependencies between modules. This approach is particularly useful for managing complex systems with multiple modules, such as the Cosmos SDK, where dependencies need to be flexible and maintainable. + +For example, `x/bank` expects an [AccountKeeper](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/x/bank/types#AccountKeeper) interface as [input to ProvideModule](https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/x/bank/module.go#L208-L260). `SimApp` uses the implementation in `x/auth`, but the modular design allows for easy changes to the implementation if needed. + +Consider the following example: + +```go +package duck + +type Duck interface { + quack() +} + +type AlsoDuck interface { + quack() +} + +type Mallard struct{} +type Canvasback struct{} + +func (duck Mallard) quack() {} +func (duck Canvasback) quack() {} + +type Pond struct { + Duck AlsoDuck +} +``` + +And the following provider functions: + +```go +func GetMallard() duck.Mallard { + return Mallard{} +} + +func GetPond(duck Duck) Pond { + return Pond{Duck: duck} +} + +func GetCanvasback() Canvasback { + return Canvasback{} +} +``` + +In this example, there's a `Pond` struct that has a `Duck` field of type `AlsoDuck`. The `depinject` framework can automatically resolve the appropriate implementation when there's only one available, as shown below: + +```go +var pond Pond + +depinject.Inject( + depinject.Provide( + GetMallard, + GetPond, + ), + &pond) +``` + +This code snippet results in the `Duck` field of `Pond` being implicitly bound to the `Mallard` implementation because it's the only implementation of the `Duck` interface in the container. + +However, if there are multiple implementations of the `Duck` interface, as in the following example, you'll encounter an error: + +```go +var pond Pond + +depinject.Inject( + depinject.Provide( + GetMallard, + GetCanvasback, + GetPond, + ), + &pond) +``` + +A specific binding preference for `Duck` is required. + +#### `BindInterface` API + +In the above situation registering a binding for a given interface binding may look like: + +```go +depinject.Inject( + depinject.Configs( + depinject.BindInterface( + "duck/duck.Duck", + "duck/duck.Mallard", + ), + depinject.Provide( + GetMallard, + GetCanvasback, + GetPond, + ), + ), + &pond) +``` + +Now `depinject` has enough information to provide `Mallard` as an input to `APond`. + +### Full example in real app + +:::warning +When using `depinject.Inject`, the injected types must be pointers. +::: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/app_di.go#L165-L188 +``` + +## Debugging + +Issues with resolving dependencies in the container can be done with logs and [Graphviz](https://graphviz.org) renderings of the container tree. +By default, whenever there is an error, logs will be printed to stderr and a rendering of the dependency graph in Graphviz DOT format will be saved to `debug_container.dot`. + +Here is an example Graphviz rendering of a successful build of a dependency graph: +![Graphviz Example](https://raw.githubusercontent.com/cosmos/cosmos-sdk/ff39d243d421442b400befcd959ec3ccd2525154/depinject/testdata/example.svg) + +Rectangles represent functions, ovals represent types, rounded rectangles represent modules and the single hexagon +represents the function which called `Build`. Black-colored shapes mark functions and types that were called/resolved +without an error. Gray-colored nodes mark functions and types that could have been called/resolved in the container but +were left unused. + +Here is an example Graphviz rendering of a dependency graph build which failed: +![Graphviz Error Example](https://raw.githubusercontent.com/cosmos/cosmos-sdk/ff39d243d421442b400befcd959ec3ccd2525154/depinject/testdata/example_error.svg) + +Graphviz DOT files can be converted into SVG's for viewing in a web browser using the `dot` command-line tool, ex: + +```txt +dot -Tsvg debug_container.dot > debug_container.svg +``` + +Many other tools including some IDEs support working with DOT files. diff --git a/copy-of-sdk-docs/build/packages/02-collections.md b/copy-of-sdk-docs/build/packages/02-collections.md new file mode 100644 index 00000000..d8f9c17e --- /dev/null +++ b/copy-of-sdk-docs/build/packages/02-collections.md @@ -0,0 +1,1210 @@ +# Collections + +Collections is a library meant to simplify the experience with respect to module state handling. + +Cosmos SDK modules handle their state using the `KVStore` interface. The problem with working with +`KVStore` is that it forces you to think of state as a bytes KV pairings when in reality the majority of +state comes from complex concrete golang objects (strings, ints, structs, etc.). + +Collections allows you to work with state as if they were normal golang objects and removes the need +for you to think of your state as raw bytes in your code. + +It also allows you to migrate your existing state without causing any state breakage that forces you into +tedious and complex chain state migrations. + +## Installation + +To install collections in your cosmos-sdk chain project, run the following command: + +```shell +go get cosmossdk.io/collections +``` + +## Core types + +Collections offers 5 different APIs to work with state, which will be explored in the next sections, these APIs are: + +* ``Map``: to work with typed arbitrary KV pairings. +* ``KeySet``: to work with just typed keys +* ``Item``: to work with just one typed value +* ``Sequence``: which is a monotonically increasing number. +* ``IndexedMap``: which combines ``Map`` and `KeySet` to provide a `Map` with indexing capabilities. + +## Preliminary components + +Before exploring the different collections types and their capability it is necessary to introduce +the three components that every collection shares. In fact when instantiating a collection type by doing, for example, +```collections.NewMap/collections.NewItem/...``` you will find yourself having to pass them some common arguments. + +For example, in code: + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + sdk "github.com/cosmos/cosmos-sdk/types" +) + +var AllowListPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + AllowList collections.KeySet[string] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + + return Keeper{ + AllowList: collections.NewKeySet(sb, AllowListPrefix, "allow_list", collections.StringKey), + } +} + +``` + +Let's analyse the shared arguments, what they do, and why we need them. + +### SchemaBuilder + +The first argument passed is the ``SchemaBuilder`` + +`SchemaBuilder` is a structure that keeps track of all the state of a module, it is not required by the collections + to deal with state but it offers a dynamic and reflective way for clients to explore a module's state. + +We instantiate a ``SchemaBuilder`` by passing it a function that given the modules store key returns the module's specific store. + +We then need to pass the schema builder to every collection type we instantiate in our keeper, in our case the `AllowList`. + +### Prefix + +The second argument passed to our ``KeySet`` is a `collections.Prefix`, a prefix represents a partition of the module's `KVStore` +where all the state of a specific collection will be saved. + +Since a module can have multiple collections, the following is expected: + +* module params will become a `collections.Item` +* the `AllowList` is a `collections.KeySet` + +We don't want a collection to write over the state of the other collection so we pass it a prefix, which defines a storage +partition owned by the collection. + +If you already built modules, the prefix translates to the items you were creating in your ``types/keys.go`` file, example: https://github.com/cosmos/cosmos-sdk/blob/v0.52.0-rc.1/x/feegrant/key.go#L16~L22 + +your old: + +```go +var ( + // FeeAllowanceKeyPrefix is the set of the kvstore for fee allowance data + // - 0x00: allowance + FeeAllowanceKeyPrefix = []byte{0x00} + + // FeeAllowanceQueueKeyPrefix is the set of the kvstore for fee allowance keys data + // - 0x01: + FeeAllowanceQueueKeyPrefix = []byte{0x01} +) +``` + +becomes: + +```go +var ( + // FeeAllowanceKeyPrefix is the set of the kvstore for fee allowance data + // - 0x00: allowance + FeeAllowanceKeyPrefix = collections.NewPrefix(0) + + // FeeAllowanceQueueKeyPrefix is the set of the kvstore for fee allowance keys data + // - 0x01: + FeeAllowanceQueueKeyPrefix = collections.NewPrefix(1) +) +``` + +#### Rules + +``collections.NewPrefix`` accepts either `uint8`, `string` or `[]bytes` it's good practice to use an always increasing `uint8`for disk space efficiency. + +A collection **MUST NOT** share the same prefix as another collection in the same module, and a collection prefix **MUST NEVER** start with the same prefix as another, examples: + +```go +prefix1 := collections.NewPrefix("prefix") +prefix2 := collections.NewPrefix("prefix") // THIS IS BAD! +``` + +```go +prefix1 := collections.NewPrefix("a") +prefix2 := collections.NewPrefix("aa") // prefix2 starts with the same as prefix1: BAD!!! +``` + +### Human-Readable Name + +The third parameter we pass to a collection is a string, which is a human-readable name. +It is needed to make the role of a collection understandable by clients who have no clue about +what a module is storing in state. + +#### Rules + +Each collection in a module **MUST** have a unique humanised name. + +## Key and Value Codecs + +A collection is generic over the type you can use as keys or values. +This makes collections dumb, but also means that hypothetically we can store everything +that can be a go type into a collection. We are not bounded to any type of encoding (be it proto, json or whatever) + +So a collection needs to be given a way to understand how to convert your keys and values to bytes. +This is achieved through ``KeyCodec`` and `ValueCodec`, which are arguments that you pass to your +collections when you're instantiating them using the ```collections.NewMap/collections.NewItem/...``` +instantiation functions. + +NOTE: Generally speaking you will never be required to implement your own ``Key/ValueCodec`` as +the SDK and collections libraries already come with default, safe and fast implementation of those. +You might need to implement them only if you're migrating to collections and there are state layout incompatibilities. + +Let's explore an example: + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + sdk "github.com/cosmos/cosmos-sdk/types" +) + +var IDsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + IDs collections.Map[string, uint64] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + + return Keeper{ + IDs: collections.NewMap(sb, IDsPrefix, "ids", collections.StringKey, collections.Uint64Value), + } +} +``` + +We're now instantiating a map where the key is string and the value is `uint64`. +We already know the first three arguments of the ``NewMap`` function. + +The fourth parameter is our `KeyCodec`, we know that the ``Map`` has `string` as key so we pass it a `KeyCodec` that handles strings as keys. + +The fifth parameter is our `ValueCodec`, we know that the `Map` has a `uint64` as value so we pass it a `ValueCodec` that handles uint64. + +Collections already comes with all the required implementations for golang primitive types. + +Let's make another example, this falls closer to what we build using cosmos SDK, let's say we want +to create a `collections.Map` that maps account addresses to their base account. So we want to map an `sdk.AccAddress` to an `auth.BaseAccount` (which is a proto): + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts collections.Map[sdk.AccAddress, authtypes.BaseAccount] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewMap(sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollValue[authtypes.BaseAccount](cdc)), + } +} +``` + +As we can see here since our `collections.Map` maps `sdk.AccAddress` to `authtypes.BaseAccount`, +we use the `sdk.AccAddressKey` which is the `KeyCodec` implementation for `AccAddress` and we use `codec.CollValue` to +encode our proto type `BaseAccount`. + +Generally speaking you will always find the respective key and value codecs for types in the `go.mod` path you're using +to import that type. If you want to encode proto values refer to the codec `codec.CollValue` function, which allows you +to encode any type implement the `proto.Message` interface. + +## Map + +We analyse the first and most important collection type, the ``collections.Map``. +This is the type that everything else builds on top of. + +### Use case + +A `collections.Map` is used to map arbitrary keys with arbitrary values. + +### Example + +It's easier to explain a `collections.Map` capabilities through an example: + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "fmt" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts collections.Map[sdk.AccAddress, authtypes.BaseAccount] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewMap(sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollValue[authtypes.BaseAccount](cdc)), + } +} + +func (k Keeper) CreateAccount(ctx sdk.Context, addr sdk.AccAddress, account authtypes.BaseAccount) error { + has, err := k.Accounts.Has(ctx, addr) + if err != nil { + return err + } + if has { + return fmt.Errorf("account already exists: %s", addr) + } + + err = k.Accounts.Set(ctx, addr, account) + if err != nil { + return err + } + return nil +} + +func (k Keeper) GetAccount(ctx sdk.Context, addr sdk.AccAddress) (authtypes.BaseAccount, error) { + acc, err := k.Accounts.Get(ctx, addr) + if err != nil { + return authtypes.BaseAccount{}, err + } + + return acc, nil +} + +func (k Keeper) RemoveAccount(ctx sdk.Context, addr sdk.AccAddress) error { + err := k.Accounts.Remove(ctx, addr) + if err != nil { + return err + } + return nil +} +``` + +#### Set method + +Set maps with the provided `AccAddress` (the key) to the `auth.BaseAccount` (the value). + +Under the hood the `collections.Map` will convert the key and value to bytes using the [key and value codec](README.md#key-and-value-codecs). +It will prepend to our bytes key the [prefix](README.md#prefix) and store it in the KVStore of the module. + +#### Has method + +The has method reports if the provided key exists in the store. + +#### Get method + +The get method accepts the `AccAddress` and returns the associated `auth.BaseAccount` if it exists, otherwise it errors. + +#### Remove method + +The remove method accepts the `AccAddress` and removes it from the store. It won't report errors +if it does not exist, to check for existence before removal use the ``Has`` method. + +#### Iteration + +Iteration has a separate section. + +## KeySet + +The second type of collection is `collections.KeySet`, as the word suggests it maintains +only a set of keys without values. + +#### Implementation curiosity + +A `collections.KeySet` is just a `collections.Map` with a `key` but no value. +The value internally is always the same and is represented as an empty byte slice ```[]byte{}```. + +### Example + +As always we explore the collection type through an example: + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "fmt" + sdk "github.com/cosmos/cosmos-sdk/types" +) + +var ValidatorsSetPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + ValidatorsSet collections.KeySet[sdk.ValAddress] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + ValidatorsSet: collections.NewKeySet(sb, ValidatorsSetPrefix, "validators_set", sdk.ValAddressKey), + } +} + +func (k Keeper) AddValidator(ctx sdk.Context, validator sdk.ValAddress) error { + has, err := k.ValidatorsSet.Has(ctx, validator) + if err != nil { + return err + } + if has { + return fmt.Errorf("validator already in set: %s", validator) + } + + err = k.ValidatorsSet.Set(ctx, validator) + if err != nil { + return err + } + + return nil +} + +func (k Keeper) RemoveValidator(ctx sdk.Context, validator sdk.ValAddress) error { + err := k.ValidatorsSet.Remove(ctx, validator) + if err != nil { + return err + } + return nil +} +``` + +The first difference we notice is that `KeySet` needs use to specify only one type parameter: the key (`sdk.ValAddress` in this case). +The second difference we notice is that `KeySet` in its `NewKeySet` function does not require +us to specify a `ValueCodec` but only a `KeyCodec`. This is because a `KeySet` only saves keys and not values. + +Let's explore the methods. + +#### Has method + +Has allows us to understand if a key is present in the `collections.KeySet` or not, functions in the same way as `collections.Map.Has +` + +#### Set method + +Set inserts the provided key in the `KeySet`. + +#### Remove method + +Remove removes the provided key from the `KeySet`, it does not error if the key does not exist, +if existence check before removal is required it needs to be coupled with the `Has` method. + +## Item + +The third type of collection is the `collections.Item`. +It stores only one single item, it's useful for example for parameters, there's only one instance +of parameters in state always. + +### implementation curiosity + +A `collections.Item` is just a `collections.Map` with no key but just a value. +The key is the prefix of the collection! + +### Example + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + stakingtypes "cosmossdk.io/x/staking/types" +) + +var ParamsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Params collections.Item[stakingtypes.Params] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Params: collections.NewItem(sb, ParamsPrefix, "params", codec.CollValue[stakingtypes.Params](cdc)), + } +} + +func (k Keeper) UpdateParams(ctx sdk.Context, params stakingtypes.Params) error { + err := k.Params.Set(ctx, params) + if err != nil { + return err + } + return nil +} + +func (k Keeper) GetParams(ctx sdk.Context) (stakingtypes.Params, error) { + return k.Params.Get(ctx) +} +``` + +The first key difference we notice is that we specify only one type parameter, which is the value we're storing. +The second key difference is that we don't specify the `KeyCodec`, since we store only one item we already know the key +and the fact that it is constant. + +## Iteration + +One of the key features of the ``KVStore`` is iterating over keys. + +Collections which deal with keys (so `Map`, `KeySet` and `IndexedMap`) allow you to iterate +over keys in a safe and typed way. They all share the same API, the only difference being +that ``KeySet`` returns a different type of `Iterator` because `KeySet` only deals with keys. + +:::note + +Every collection shares the same `Iterator` semantics. + +::: + +Let's have a look at the `Map.Iterate` method: + +```go +func (m Map[K, V]) Iterate(ctx context.Context, ranger Ranger[K]) (Iterator[K, V], error) +``` + +It accepts a `collections.Ranger[K]`, which is an API that instructs map on how to iterate over keys. +As always we don't need to implement anything here as `collections` already provides some generic `Ranger` implementers +that expose all you need to work with ranges. + +### Example + +We have a `collections.Map` that maps accounts using `uint64` IDs. + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts collections.Map[uint64, authtypes.BaseAccount] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewMap(sb, AccountsPrefix, "accounts", collections.Uint64Key, codec.CollValue[authtypes.BaseAccount](cdc)), + } +} + +func (k Keeper) GetAllAccounts(ctx sdk.Context) ([]authtypes.BaseAccount, error) { + // passing a nil Ranger equals to: iterate over every possible key + iter, err := k.Accounts.Iterate(ctx, nil) + if err != nil { + return nil, err + } + accounts, err := iter.Values() + if err != nil { + return nil, err + } + + return accounts, err +} + +func (k Keeper) IterateAccountsBetween(ctx sdk.Context, start, end uint64) ([]authtypes.BaseAccount, error) { + // The collections.Range API offers a lot of capabilities + // like defining where the iteration starts or ends. + rng := new(collections.Range[uint64]). + StartInclusive(start). + EndExclusive(end). + Descending() + + iter, err := k.Accounts.Iterate(ctx, rng) + if err != nil { + return nil, err + } + accounts, err := iter.Values() + if err != nil { + return nil, err + } + + return accounts, nil +} + +func (k Keeper) IterateAccounts(ctx sdk.Context, do func(id uint64, acc authtypes.BaseAccount) (stop bool)) error { + iter, err := k.Accounts.Iterate(ctx, nil) + if err != nil { + return err + } + defer iter.Close() + + for ; iter.Valid(); iter.Next() { + kv, err := iter.KeyValue() + if err != nil { + return err + } + + if do(kv.Key, kv.Value) { + break + } + } + return nil +} +``` + +Let's analyse each method in the example and how it makes use of the `Iterate` and the returned `Iterator` API. + +#### GetAllAccounts + +In `GetAllAccounts` we pass to our `Iterate` a nil `Ranger`. This means that the returned `Iterator` will include +all the existing keys within the collection. + +Then we use the `Values` method from the returned `Iterator` API to collect all the values into a slice. + +`Iterator` offers other methods such as `Keys()` to collect only the keys and not the values and `KeyValues` to collect +all the keys and values. + + +#### IterateAccountsBetween + +Here we make use of the `collections.Range` helper to specialise our range. +We make it start in a point through `StartInclusive` and end in the other with `EndExclusive`, then +we instruct it to report us results in reverse order through `Descending` + +Then we pass the range instruction to `Iterate` and get an `Iterator`, which will contain only the results +we specified in the range. + +Then we use again the `Values` method of the `Iterator` to collect all the results. + +`collections.Range` also offers a `Prefix` API which is not applicable to all keys types, +for example uint64 cannot be prefix because it is of constant size, but a `string` key +can be prefixed. + +#### IterateAccounts + +Here we showcase how to lazily collect values from an Iterator. + +:::note + +`Keys/Values/KeyValues` fully consume and close the `Iterator`, here we need to explicitly do a `defer iterator.Close()` call. + +::: + +`Iterator` also exposes a `Value` and `Key` method to collect only the current value or key, if collecting both is not needed. + +:::note + +For this `callback` pattern, collections expose a `Walk` API. + +::: + +## Composite keys + +So far we've worked only with simple keys, like `uint64`, the account address, etc. +There are some more complex cases in, which we need to deal with composite keys. + +A key is composite when it is composed of multiple keys, for example bank balances as stored as the composite key +`(AccAddress, string)` where the first part is the address holding the coins and the second part is the denom. + +Example, let's say address `BOB` holds `10atom,15osmo`, this is how it is stored in state: + +``` +(bob, atom) => 10 +(bob, osmos) => 15 +``` + +Now this allows to efficiently get a specific denom balance of an address, by simply `getting` `(address, denom)`, or getting all the balances +of an address by prefixing over `(address)`. + +Let's see now how we can work with composite keys using collections. + +### Example + +In our example we will show-case how we can use collections when we are dealing with balances, similar to bank, +a balance is a mapping between `(address, denom) => math.Int` the composite key in our case is `(address, denom)`. + +## Instantiation of a composite key collection + +```go +package collections + +import ( + "cosmossdk.io/collections" + "cosmossdk.io/math" + storetypes "cosmossdk.io/store/types" + sdk "github.com/cosmos/cosmos-sdk/types" +) + + +var BalancesPrefix = collections.NewPrefix(1) + +type Keeper struct { + Schema collections.Schema + Balances collections.Map[collections.Pair[sdk.AccAddress, string], math.Int] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Balances: collections.NewMap( + sb, BalancesPrefix, "balances", + collections.PairKeyCodec(sdk.AccAddressKey, collections.StringKey), + sdk.IntValue, + ), + } +} +``` + +### The Map Key definition + +First of all we can see that in order to define a composite key of two elements we use the `collections.Pair` type: + +```go +collections.Map[collections.Pair[sdk.AccAddress, string], math.Int] +``` + +`collections.Pair` defines a key composed of two other keys, in our case the first part is `sdk.AccAddress`, the second +part is `string`. + +#### The Key Codec instantiation + +The arguments to instantiate are always the same, the only thing that changes is how we instantiate +the ``KeyCodec``, since this key is composed of two keys we use `collections.PairKeyCodec`, which generates +a `KeyCodec` composed of two key codecs. The first one will encode the first part of the key, the second one will +encode the second part of the key. + + +### Working with composite key collections + +Let's expand on the example we used before: + +```go +var BalancesPrefix = collections.NewPrefix(1) + +type Keeper struct { + Schema collections.Schema + Balances collections.Map[collections.Pair[sdk.AccAddress, string], math.Int] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Balances: collections.NewMap( + sb, BalancesPrefix, "balances", + collections.PairKeyCodec(sdk.AccAddressKey, collections.StringKey), + sdk.IntValue, + ), + } +} + +func (k Keeper) SetBalance(ctx sdk.Context, address sdk.AccAddress, denom string, amount math.Int) error { + key := collections.Join(address, denom) + return k.Balances.Set(ctx, key, amount) +} + +func (k Keeper) GetBalance(ctx sdk.Context, address sdk.AccAddress, denom string) (math.Int, error) { + return k.Balances.Get(ctx, collections.Join(address, denom)) +} + +func (k Keeper) GetAllAddressBalances(ctx sdk.Context, address sdk.AccAddress) (sdk.Coins, error) { + balances := sdk.NewCoins() + + rng := collections.NewPrefixedPairRange[sdk.AccAddress, string](address) + + iter, err := k.Balances.Iterate(ctx, rng) + if err != nil { + return nil, err + } + + kvs, err := iter.KeyValues() + if err != nil { + return nil, err + } + + for _, kv := range kvs { + balances = balances.Add(sdk.NewCoin(kv.Key.K2(), kv.Value)) + } + return balances, nil +} + +func (k Keeper) GetAllAddressBalancesBetween(ctx sdk.Context, address sdk.AccAddress, startDenom, endDenom string) (sdk.Coins, error) { + rng := collections.NewPrefixedPairRange[sdk.AccAddress, string](address). + StartInclusive(startDenom). + EndInclusive(endDenom) + + iter, err := k.Balances.Iterate(ctx, rng) + if err != nil { + return nil, err + } + ... +} +``` + +#### SetBalance + +As we can see here we're setting the balance of an address for a specific denom. +We use the `collections.Join` function to generate the composite key. +`collections.Join` returns a `collections.Pair` (which is the key of our `collections.Map`) + +`collections.Pair` contains the two keys we have joined, it also exposes two methods: `K1` to fetch the 1st part of the +key and `K2` to fetch the second part. + +As always, we use the `collections.Map.Set` method to map the composite key to our value (`math.Int` in this case) + +#### GetBalance + +To get a value in composite key collection, we simply use `collections.Join` to compose the key. + +#### GetAllAddressBalances + +We use `collections.PrefixedPairRange` to iterate over all the keys starting with the provided address. +Concretely the iteration will report all the balances belonging to the provided address. + +The first part is that we instantiate a `PrefixedPairRange`, which is a `Ranger` implementer aimed to help +in `Pair` keys iterations. + +```go + rng := collections.NewPrefixedPairRange[sdk.AccAddress, string](address) +``` + +As we can see here we're passing the type parameters of the `collections.Pair` because golang type inference +with respect to generics is not as permissive as other languages, so we need to explicitly say what are the types of the pair key. + +#### GetAllAddressesBalancesBetween + +This showcases how we can further specialise our range to limit the results further, by specifying +the range between the second part of the key (in our case the denoms, which are strings). + +## IndexedMap + +`collections.IndexedMap` is a collection that uses under the hood a `collections.Map`, and has a struct, which contains the indexes that we need to define. + +### Example + +Let's say we have an `auth.BaseAccount` struct which looks like the following: + +```go +type BaseAccount struct { + AccountNumber uint64 `protobuf:"varint,3,opt,name=account_number,json=accountNumber,proto3" json:"account_number,omitempty"` + Sequence uint64 `protobuf:"varint,4,opt,name=sequence,proto3" json:"sequence,omitempty"` +} +``` + +First of all, when we save our accounts in state we map them using a primary key `sdk.AccAddress`. +If it were to be a `collections.Map` it would be `collections.Map[sdk.AccAddress, authtypes.BaseAccount]`. + +Then we also want to be able to get an account not only by its `sdk.AccAddress`, but also by its `AccountNumber`. + +So we can say we want to create an `Index` that maps our `BaseAccount` to its `AccountNumber`. + +We also know that this `Index` is unique. Unique means that there can only be one `BaseAccount` that maps to a specific +`AccountNumber`. + +First of all, we start by defining the object that contains our index: + +```go +var AccountsNumberIndexPrefix = collections.NewPrefix(1) + +type AccountsIndexes struct { + Number *indexes.Unique[uint64, sdk.AccAddress, authtypes.BaseAccount] +} + +func NewAccountIndexes(sb *collections.SchemaBuilder) AccountsIndexes { + return AccountsIndexes{ + Number: indexes.NewUnique( + sb, AccountsNumberIndexPrefix, "accounts_by_number", + collections.Uint64Key, sdk.AccAddressKey, + func(_ sdk.AccAddress, v authtypes.BaseAccount) (uint64, error) { + return v.AccountNumber, nil + }, + ), + } +} +``` + +We create an `AccountIndexes` struct which contains a field: `Number`. This field represents our `AccountNumber` index. +`AccountNumber` is a field of `authtypes.BaseAccount` and it's a `uint64`. + +Then we can see in our `AccountIndexes` struct the `Number` field is defined as: + +```go +*indexes.Unique[uint64, sdk.AccAddress, authtypes.BaseAccount] +``` + +Where the first type parameter is `uint64`, which is the field type of our index. +The second type parameter is the primary key `sdk.AccAddress`. +And the third type parameter is the actual object we're storing `authtypes.BaseAccount`. + +Then we create a `NewAccountIndexes` function that instantiates and returns the `AccountsIndexes` struct. + +The function takes a `SchemaBuilder`. Then we instantiate our `indexes.Unique`, let's analyse the arguments we pass to +`indexes.NewUnique`. + +#### NOTE: indexes list + +The `AccountsIndexes` struct contains the indexes, the `NewIndexedMap` function will infer the indexes form that struct +using reflection, this happens only at init and is not computationally expensive. In case you want to explicitly declare +indexes: implement the `Indexes` interface in the `AccountsIndexes` struct: + +```go +func (a AccountsIndexes) IndexesList() []collections.Index[sdk.AccAddress, authtypes.BaseAccount] { + return []collections.Index[sdk.AccAddress, authtypes.BaseAccount]{a.Number} +} +``` + +#### Instantiating a `indexes.Unique` + +The first three arguments, we already know them, they are: `SchemaBuilder`, `Prefix` which is our index prefix (the partition +where index keys relationship for the `Number` index will be maintained), and the human name for the `Number` index. + +The second argument is a `collections.Uint64Key` which is a key codec to deal with `uint64` keys, we pass that because +the key we're trying to index is a `uint64` key (the account number), and then we pass as fifth argument the primary key codec, +which in our case is `sdk.AccAddress` (remember: we're mapping `sdk.AccAddress` => `BaseAccount`). + +Then as last parameter we pass a function that: given the `BaseAccount` returns its `AccountNumber`. + +After this we can proceed instantiating our `IndexedMap`. + +```go +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts *collections.IndexedMap[sdk.AccAddress, authtypes.BaseAccount, AccountsIndexes] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewIndexedMap( + sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollValue[authtypes.BaseAccount](cdc), + NewAccountIndexes(sb), + ), + } +} +``` + +As we can see here what we do, for now, is the same thing as we did for `collections.Map`. +We pass it the `SchemaBuilder`, the `Prefix` where we plan to store the mapping between `sdk.AccAddress` and `authtypes.BaseAccount`, +the human name and the respective `sdk.AccAddress` key codec and `authtypes.BaseAccount` value codec. + +Then we pass the instantiation of our `AccountIndexes` through `NewAccountIndexes`. + +Full example: + +```go +package docs + +import ( + "cosmossdk.io/collections" + "cosmossdk.io/collections/indexes" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsNumberIndexPrefix = collections.NewPrefix(1) + +type AccountsIndexes struct { + Number *indexes.Unique[uint64, sdk.AccAddress, authtypes.BaseAccount] +} + +func (a AccountsIndexes) IndexesList() []collections.Index[sdk.AccAddress, authtypes.BaseAccount] { + return []collections.Index[sdk.AccAddress, authtypes.BaseAccount]{a.Number} +} + +func NewAccountIndexes(sb *collections.SchemaBuilder) AccountsIndexes { + return AccountsIndexes{ + Number: indexes.NewUnique( + sb, AccountsNumberIndexPrefix, "accounts_by_number", + collections.Uint64Key, sdk.AccAddressKey, + func(_ sdk.AccAddress, v authtypes.BaseAccount) (uint64, error) { + return v.AccountNumber, nil + }, + ), + } +} + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts *collections.IndexedMap[sdk.AccAddress, authtypes.BaseAccount, AccountsIndexes] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewIndexedMap( + sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollValue[authtypes.BaseAccount](cdc), + NewAccountIndexes(sb), + ), + } +} +``` + +### Working with IndexedMaps + +Whilst instantiating `collections.IndexedMap` is tedious, working with them is extremely smooth. + +Let's take the full example, and expand it with some use-cases. + +```go +package docs + +import ( + "cosmossdk.io/collections" + "cosmossdk.io/collections/indexes" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsNumberIndexPrefix = collections.NewPrefix(1) + +type AccountsIndexes struct { + Number *indexes.Unique[uint64, sdk.AccAddress, authtypes.BaseAccount] +} + +func (a AccountsIndexes) IndexesList() []collections.Index[sdk.AccAddress, authtypes.BaseAccount] { + return []collections.Index[sdk.AccAddress, authtypes.BaseAccount]{a.Number} +} + +func NewAccountIndexes(sb *collections.SchemaBuilder) AccountsIndexes { + return AccountsIndexes{ + Number: indexes.NewUnique( + sb, AccountsNumberIndexPrefix, "accounts_by_number", + collections.Uint64Key, sdk.AccAddressKey, + func(_ sdk.AccAddress, v authtypes.BaseAccount) (uint64, error) { + return v.AccountNumber, nil + }, + ), + } +} + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts *collections.IndexedMap[sdk.AccAddress, authtypes.BaseAccount, AccountsIndexes] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewIndexedMap( + sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollValue[authtypes.BaseAccount](cdc), + NewAccountIndexes(sb), + ), + } +} + +func (k Keeper) CreateAccount(ctx sdk.Context, addr sdk.AccAddress) error { + nextAccountNumber := k.getNextAccountNumber() + + newAcc := authtypes.BaseAccount{ + AccountNumber: nextAccountNumber, + Sequence: 0, + } + + return k.Accounts.Set(ctx, addr, newAcc) +} + +func (k Keeper) RemoveAccount(ctx sdk.Context, addr sdk.AccAddress) error { + return k.Accounts.Remove(ctx, addr) +} + +func (k Keeper) GetAccountByNumber(ctx sdk.Context, accNumber uint64) (sdk.AccAddress, authtypes.BaseAccount, error) { + accAddress, err := k.Accounts.Indexes.Number.MatchExact(ctx, accNumber) + if err != nil { + return nil, authtypes.BaseAccount{}, err + } + + acc, err := k.Accounts.Get(ctx, accAddress) + return accAddress, acc, nil +} + +func (k Keeper) GetAccountsByNumber(ctx sdk.Context, startAccNum, endAccNum uint64) ([]authtypes.BaseAccount, error) { + rng := new(collections.Range[uint64]). + StartInclusive(startAccNum). + EndInclusive(endAccNum) + + iter, err := k.Accounts.Indexes.Number.Iterate(ctx, rng) + if err != nil { + return nil, err + } + + return indexes.CollectValues(ctx, k.Accounts, iter) +} + + +func (k Keeper) getNextAccountNumber() uint64 { + return 0 +} +``` + +## Collections with interfaces as values + +Although cosmos-sdk is shifting away from the usage of interface registry, there are still some places where it is used. +In order to support old code, we have to support collections with interface values. + +The generic `codec.CollValue` is not able to handle interface values, so we need to use a special type `codec.CollValueInterface`. +`codec.CollValueInterface` takes a `codec.BinaryCodec` as an argument, and uses it to marshal and unmarshal values as interfaces. +The `codec.CollValueInterface` lives in the `codec` package, whose import path is `github.com/cosmos/cosmos-sdk/codec`. + +### Instantiating Collections with interface values + +In order to instantiate a collection with interface values, we need to use `codec.CollValueInterface` instead of `codec.CollValue`. + +```go +package example + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts *collections.Map[sdk.AccAddress, sdk.AccountI] +} + +func NewKeeper(cdc codec.BinaryCodec, storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewMap( + sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollInterfaceValue[sdk.AccountI](cdc), + ), + } +} + +func (k Keeper) SaveBaseAccount(ctx sdk.Context, account authtypes.BaseAccount) error { + return k.Accounts.Set(ctx, account.GetAddress(), account) +} + +func (k Keeper) SaveModuleAccount(ctx sdk.Context, account authtypes.ModuleAccount) error { + return k.Accounts.Set(ctx, account.GetAddress(), account) +} + +func (k Keeper) GetAccount(ctx sdk.context, addr sdk.AccAddress) (sdk.AccountI, error) { + return k.Accounts.Get(ctx, addr) +} +``` + +## Triple key + +The `collections.Triple` is a special type of key composed of three keys, it's identical to `collections.Pair`. + +Let's see an example. + +```go +package example + +import ( + "context" + + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" +) + +type AccAddress = string +type ValAddress = string + +type Keeper struct { + // let's simulate we have redelegations which are stored as a triple key composed of + // the delegator, the source validator and the destination validator. + Redelegations collections.KeySet[collections.Triple[AccAddress, ValAddress, ValAddress]] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Redelegations: collections.NewKeySet(sb, collections.NewPrefix(0), "redelegations", collections.TripleKeyCodec(collections.StringKey, collections.StringKey, collections.StringKey) + } +} + +// RedelegationsByDelegator iterates over all the redelegations of a given delegator and calls onResult providing +// each redelegation from source validator towards the destination validator. +func (k Keeper) RedelegationsByDelegator(ctx context.Context, delegator AccAddress, onResult func(src, dst ValAddress) (stop bool, err error)) error { + rng := collections.NewPrefixedTripleRange[AccAddress, ValAddress, ValAddress](delegator) + return k.Redelegations.Walk(ctx, rng, func(key collections.Triple[AccAddress, ValAddress, ValAddress]) (stop bool, err error) { + return onResult(key.K2(), key.K3()) + }) +} + +// RedelegationsByDelegatorAndValidator iterates over all the redelegations of a given delegator and its source validator and calls onResult for each +// destination validator. +func (k Keeper) RedelegationsByDelegatorAndValidator(ctx context.Context, delegator AccAddress, validator ValAddress, onResult func(dst ValAddress) (stop bool, err error)) error { + rng := collections.NewSuperPrefixedTripleRange[AccAddress, ValAddress, ValAddress](delegator, validator) + return k.Redelegations.Walk(ctx, rng, func(key collections.Triple[AccAddress, ValAddress, ValAddress]) (stop bool, err error) { + return onResult(key.K3()) + }) +} +``` + +## Advanced Usages + +### Alternative Value Codec + +The `codec.AltValueCodec` allows a collection to decode values using a different codec than the one used to encode them. +Basically it enables to decode two different byte representations of the same concrete value. +It can be used to lazily migrate values from one bytes representation to another, as long as the new representation is +not able to decode the old one. + +A concrete example can be found in `x/bank` where the balance was initially stored as `Coin` and then migrated to `Int`. + +```go + +var BankBalanceValueCodec = codec.NewAltValueCodec(sdk.IntValue, func(b []byte) (sdk.Int, error) { + coin := sdk.Coin{} + err := coin.Unmarshal(b) + if err != nil { + return sdk.Int{}, err + } + return coin.Amount, nil +}) +``` + +The above example shows how to create an `AltValueCodec` that can decode both `sdk.Int` and `sdk.Coin` values. The provided +decoder function will be used as a fallback in case the default decoder fails. When the value will be encoded back into state +it will use the default encoder. This allows to lazily migrate values to a new bytes representation. diff --git a/copy-of-sdk-docs/build/packages/README.md b/copy-of-sdk-docs/build/packages/README.md new file mode 100644 index 00000000..e6dbeeb2 --- /dev/null +++ b/copy-of-sdk-docs/build/packages/README.md @@ -0,0 +1,38 @@ +--- +sidebar_position: 0 +--- + +# Packages + +The Cosmos SDK is a collection of Go modules. This section provides documentation on various packages that can be used when developing a Cosmos SDK chain. +It lists all standalone Go modules that are part of the Cosmos SDK. + +:::tip +For more information on SDK modules, see the [SDK Modules](https://docs.cosmos.network/main/modules) section. +For more information on SDK tooling, see the [Tooling](https://docs.cosmos.network/main/tooling) section. +::: + +## Core + +* [Core](https://pkg.go.dev/cosmossdk.io/core) - Core library defining SDK interfaces ([ADR-063](https://docs.cosmos.network/main/architecture/adr-063-core-module-api)) +* [API](https://pkg.go.dev/cosmossdk.io/api) - API library containing generated SDK Pulsar API +* [Store](https://pkg.go.dev/cosmossdk.io/store) - Implementation of the Cosmos SDK store + +## State Management + +* [Collections](./02-collections.md) - State management library + +## Automation + +* [Depinject](./01-depinject.md) - Dependency injection framework +* [Client/v2](https://pkg.go.dev/cosmossdk.io/client/v2) - Library powering [AutoCLI](https://docs.cosmos.network/main/core/autocli) + +## Utilities + +* [Log](https://pkg.go.dev/cosmossdk.io/log) - Logging library +* [Errors](https://pkg.go.dev/cosmossdk.io/errors) - Error handling library +* [Math](https://pkg.go.dev/cosmossdk.io/math) - Math library for SDK arithmetic operations + +## Example + +* [SimApp](https://pkg.go.dev/cosmossdk.io/simapp) - SimApp is **the** sample Cosmos SDK chain. This package should not be imported in your application. diff --git a/copy-of-sdk-docs/build/packages/_category_.json b/copy-of-sdk-docs/build/packages/_category_.json new file mode 100644 index 00000000..5ed885eb --- /dev/null +++ b/copy-of-sdk-docs/build/packages/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Packages", + "position": 4, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/build/rfc/PROCESS.md b/copy-of-sdk-docs/build/rfc/PROCESS.md new file mode 100644 index 00000000..a34af226 --- /dev/null +++ b/copy-of-sdk-docs/build/rfc/PROCESS.md @@ -0,0 +1,62 @@ +# RFC Creation Process + +1. Copy the `rfc-template.md` file. Use the following filename pattern: `rfc-next_number-title.md` +2. Create a draft Pull Request if you want to get an early feedback. +3. Make sure the context and a solution is clear and well documented. +4. Add an entry to a list in the [README](./README.md) file. +5. Create a Pull Request to propose a new ADR. + +## What is an RFC? + +An RFC is a sort of async whiteboarding session. It is meant to replace the need for a distributed team to come together to make a decision. Currently, the Cosmos SDK team and contributors are distributed around the world. The team conducts working groups to have a synchronous discussion and an RFC can be used to capture the discussion for a wider audience to better understand the changes that are coming to the software. + +The main difference the Cosmos SDK is defining as a differentiation between RFC and ADRs is that one is to come to consensus and circulate information about a potential change or feature. An ADR is used if there is already consensus on a feature or change and there is not a need to articulate the change coming to the software. An ADR will articulate the changes and have a lower amount of communication . + +## RFC life cycle + +RFC creation is an **iterative** process. An RFC is meant as a distributed colloboration session, it may have many comments and is usually the bi-product of no working group or synchornous communication + +1. Proposals could start with a new GitHub Issue, be a result of existing Issues or a discussion. + +2. An RFC doesn't have to arrive to `main` with an _accepted_ status in a single PR. If the motivation is clear and the solution is sound, we SHOULD be able to merge it and keep a _proposed_ status. It's preferable to have an iterative approach rather than long, not merged Pull Requests. + +3. If a _proposed_ RFC is merged, then it should clearly document outstanding issues either in the RFC document notes or in a GitHub Issue. + +4. The PR SHOULD always be merged. In the case of a faulty RFC, we still prefer to merge it with a _rejected_ status. The only time the RFC SHOULD NOT be merged is if the author abandons it. + +5. Merged RFCs SHOULD NOT be pruned. + +6. If there is consensus and enough feedback then the RFC can be accepted. + +> Note: An RFC is written when there is no working group or team session on the problem. RFC's are meant as a distributed white boarding session. If there is a working group on the proposal there is no need to have an RFC as there is synchornous whiteboarding going on. + +### RFC status + +Status has two components: + +```text +{CONSENSUS STATUS} +``` + +#### Consensus Status + +```text +DRAFT -> PROPOSED -> LAST CALL yyyy-mm-dd -> ACCEPTED | REJECTED -> SUPERSEDED by ADR-xxx + \ | + \ | + v v + ABANDONED +``` + +* `DRAFT`: [optional] an ADR which is work in progress, not being ready for a general review. This is to present an early work and get an early feedback in a Draft Pull Request form. +* `PROPOSED`: an ADR covering a full solution architecture and still in the review - project stakeholders haven't reached an agreed yet. +* `LAST CALL `: [optional] clear notify that we are close to accept updates. Changing a status to `LAST CALL` means that social consensus (of Cosmos SDK maintainers) has been reached and we still want to give it a time to let the community react or analyze. +* `ACCEPTED`: ADR which will represent a currently implemented or to be implemented architecture design. +* `REJECTED`: ADR can go from PROPOSED or ACCEPTED to rejected if the consensus among project stakeholders will decide so. +* `SUPERSEEDED by ADR-xxx`: ADR which has been superseded by a new ADR. +* `ABANDONED`: the ADR is no longer pursued by the original authors. + +## Language used in RFC + +* The background/goal should be written in the present tense. +* Avoid using a first, personal form. diff --git a/copy-of-sdk-docs/build/rfc/README.md b/copy-of-sdk-docs/build/rfc/README.md new file mode 100644 index 00000000..8b8ead24 --- /dev/null +++ b/copy-of-sdk-docs/build/rfc/README.md @@ -0,0 +1,38 @@ +--- +sidebar_position: 1 +--- + +# Requests for Comments + +A Request for Comments (RFC) is a record of discussion on an open-ended topic +related to the design and implementation of the Cosmos SDK, for which no +immediate decision is required. + +The purpose of an RFC is to serve as a historical record of a high-level +discussion that might otherwise only be recorded in an ad-hoc way (for example, +via gists or Google docs) that are difficult to discover for someone after the +fact. An RFC _may_ give rise to more specific architectural _decisions_ for +the Cosmos SDK, but those decisions must be recorded separately in +[Architecture Decision Records (ADR)](../architecture). + +As a rule of thumb, if you can articulate a specific question that needs to be +answered, write an ADR. If you need to explore the topic and get input from +others to know what questions need to be answered, an RFC may be appropriate. + +## RFC Content + +An RFC should provide: + +* A **changelog**, documenting when and how the RFC has changed. +* An **abstract**, briefly summarizing the topic so the reader can quickly tell + whether it is relevant to their interest. +* Any **background** a reader will need to understand and participate in the + substance of the discussion (links to other documents are fine here). +* The **discussion**, the primary content of the document. + +The [rfc-template.md](./rfc-template.md) file includes placeholders for these +sections. + +## Table of Contents + +* [RFC-001: Tx Validation](./rfc-001-tx-validation.md) diff --git a/copy-of-sdk-docs/build/rfc/_category_.json b/copy-of-sdk-docs/build/rfc/_category_.json new file mode 100644 index 00000000..a5712bda --- /dev/null +++ b/copy-of-sdk-docs/build/rfc/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "RFC", + "position": 7, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/build/rfc/rfc-001-tx-validation.md b/copy-of-sdk-docs/build/rfc/rfc-001-tx-validation.md new file mode 100644 index 00000000..923e1c72 --- /dev/null +++ b/copy-of-sdk-docs/build/rfc/rfc-001-tx-validation.md @@ -0,0 +1,25 @@ +# RFC 001: Transaction Validation + +## Changelog + +* 2023-03-12: Proposed + +## Background + +Transation Validation is crucial to a functioning state machine. Within the Cosmos SDK there are two validation flows, one is outside the message server and the other within. The flow outside of the message server is the `ValidateBasic` function. It is called in the antehandler on both `CheckTx` and `DeliverTx`. There is an overhead and sometimes duplication of validation within these two flows. This extra validation provides an additional check before entering the mempool. + +With the deprecation of [`GetSigners`](https://github.com/cosmos/cosmos-sdk/issues/11275) we have the optionality to remove [sdk.Msg](https://github.com/cosmos/cosmos-sdk/blob/16a5404f8e00ddcf8857c8a55dca2f7c109c29bc/types/tx_msg.go#L16) and the `ValidateBasic` function. + +With the separation of CometBFT and Cosmos-SDK, there is a lack of control of what transactions get broadcasted and included in a block. This extra validation in the antehandler is meant to help in this case. In most cases the transaction is or should be simulated against a node for validation. With this flow transactions will be treated the same. + +## Proposal + +The acceptance of this RFC would move validation within `ValidateBasic` to the message server in modules, update tutorials and docs to remove mention of using `ValidateBasic` in favour of handling all validation for a message where it is executed. + +We can and will still support the `Validatebasic` function for users and provide an extension interface of the function once `sdk.Msg` is depreacted. + +> Note: This is how messages are handled in VMs like Ethereum and CosmWasm. + +### Consequences + +The consequence of updating the transaction flow is that transaction that may have failed before with the `ValidateBasic` flow will now be included in a block and fees charged. diff --git a/copy-of-sdk-docs/build/rfc/rfc-template.md b/copy-of-sdk-docs/build/rfc/rfc-template.md new file mode 100644 index 00000000..417a795d --- /dev/null +++ b/copy-of-sdk-docs/build/rfc/rfc-template.md @@ -0,0 +1,83 @@ +# RFC {RFC-NUMBER}: {TITLE} + +## Changelog + +* {date}: {changelog} + +## Background + +> The next section is the "Background" section. This section should be at least two paragraphs and can take up to a whole +> page in some cases. The guiding goal of the background section is: as a newcomer to this project (new employee, team +> transfer), can I read the background section and follow any links to get the full context of why this change is +> necessary? +> +> If you can't show a random engineer the background section and have them acquire nearly full context on the necessity +> for the RFC, then the background section is not full enough. To help achieve this, link to prior RFCs, discussions, and +> more here as necessary to provide context so you don't have to simply repeat yourself. + + +## Proposal + +> The next required section is "Proposal" or "Goal". Given the background above, this section proposes a solution. +> This should be an overview of the "how" for the solution, but for details further sections will be used. + + +## Abandoned Ideas (Optional) + +> As RFCs evolve, it is common that there are ideas that are abandoned. Rather than simply deleting them from the +> document, you should try to organize them into sections that make it clear they're abandoned while explaining why they +> were abandoned. +> +> When sharing your RFC with others or having someone look back on your RFC in the future, it is common to walk the same +> path and fall into the same pitfalls that we've since matured from. Abandoned ideas are a way to recognize that path +> and explain the pitfalls and why they were abandoned. + +## Descision + +> This section describes alternative designs to the chosen design. This section +> is important and if an adr does not have any alternatives then it should be +> considered that the ADR was not thought through. + +## Consequences (optional) + +> This section describes the resulting context, after applying the decision. All +> consequences should be listed here, not just the "positive" ones. A particular +> decision may have positive, negative, and neutral consequences, but all of them +> affect the team and project in the future. + +### Backwards Compatibility + +> All ADRs that introduce backwards incompatibilities must include a section +> describing these incompatibilities and their severity. The ADR must explain +> how the author proposes to deal with these incompatibilities. ADR submissions +> without a sufficient backwards compatibility treatise may be rejected outright. + +### Positive + +> {positive consequences} + +### Negative + +> {negative consequences} + +### Neutral + +> {neutral consequences} + + + +### References + +> Links to external materials needed to follow the discussion may be added here. +> +> In addition, if the discussion in a request for comments leads to any design +> decisions, it may be helpful to add links to the ADR documents here after the +> discussion has settled. + +## Discussion + +> This section contains the core of the discussion. +> +> There is no fixed format for this section, but ideally changes to this +> section should be updated before merging to reflect any discussion that took +> place on the PR that made those changes. diff --git a/copy-of-sdk-docs/build/rfc/rfc/PROCESS.md b/copy-of-sdk-docs/build/rfc/rfc/PROCESS.md new file mode 100644 index 00000000..20f08a6e --- /dev/null +++ b/copy-of-sdk-docs/build/rfc/rfc/PROCESS.md @@ -0,0 +1,62 @@ +# RFC Creation Process + +1. Copy the `rfc-template.md` file. Use the following filename pattern: `rfc-next_number-title.md` +2. Create a draft Pull Request if you want to get an early feedback. +3. Make sure the context and a solution is clear and well documented. +4. Add an entry to a list in the [README](./README.md) file. +5. Create a Pull Request to propose a new ADR. + +## What is an RFC? + +An RFC is a sort of async whiteboarding session. It is meant to replace the need for a distributed team to come together to make a decision. Currently, the Cosmos SDK team and contributors are distributed around the world. The team conducts working groups to have a synchronous discussion and an RFC can be used to capture the discussion for a wider audience to better understand the changes that are coming to the software. + +The main difference the Cosmos SDK is defining as a differentiation between RFC and ADRs is that one is to come to consensus and circulate information about a potential change or feature. An ADR is used if there is already consensus on a feature or change and there is not a need to articulate the change coming to the software. An ADR will articulate the changes and have a lower amount of communication. + +## RFC life cycle + +RFC creation is an **iterative** process. An RFC is meant as a distributed collaboration session, it may have many comments and is usually the by-product of no working group or synchronous communication + +1. Proposals could start with a new GitHub Issue, be a result of existing Issues or a discussion. + +2. An RFC doesn't have to arrive to `main` with an _accepted_ status in a single PR. If the motivation is clear and the solution is sound, we SHOULD be able to merge it and keep a _proposed_ status. It's preferable to have an iterative approach rather than long, not merged Pull Requests. + +3. If a _proposed_ RFC is merged, then it should clearly document outstanding issues either in the RFC document notes or in a GitHub Issue. + +4. The PR SHOULD always be merged. In the case of a faulty RFC, we still prefer to merge it with a _rejected_ status. The only time the RFC SHOULD NOT be merged is if the author abandons it. + +5. Merged RFCs SHOULD NOT be pruned. + +6. If there is consensus and enough feedback then the RFC can be accepted. + +> Note: An RFC is written when there is no working group or team session on the problem. RFC's are meant as a distributed white boarding session. If there is a working group on the proposal there is no need to have an RFC as there is synchronous whiteboarding going on. + +### RFC status + +Status has two components: + +```text +{CONSENSUS STATUS} +``` + +#### Consensus Status + +```text +DRAFT -> PROPOSED -> LAST CALL yyyy-mm-dd -> ACCEPTED | REJECTED -> SUPERSEDED by ADR-xxx + \ | + \ | + v v + ABANDONED +``` + +* `DRAFT`: [optional] an ADR which is work in progress, not being ready for a general review. This is to present an early work and get an early feedback in a Draft Pull Request form. +* `PROPOSED`: an ADR covering a full solution architecture and still in the review - project stakeholders haven't reached an agreed yet. +* `LAST CALL `: [optional] clear notify that we are close to accept updates. Changing a status to `LAST CALL` means that social consensus (of Cosmos SDK maintainers) has been reached and we still want to give it a time to let the community react or analyze. +* `ACCEPTED`: ADR which will represent a currently implemented or to be implemented architecture design. +* `REJECTED`: ADR can go from PROPOSED or ACCEPTED to rejected if the consensus among project stakeholders will decide so. +* `SUPERSEDED by ADR-xxx`: ADR which has been superseded by a new ADR. +* `ABANDONED`: the ADR is no longer pursued by the original authors. + +## Language used in RFC + +* The background/goal should be written in the present tense. +* Avoid using a first, personal form. diff --git a/copy-of-sdk-docs/build/rfc/rfc/README.md b/copy-of-sdk-docs/build/rfc/rfc/README.md new file mode 100644 index 00000000..8b8ead24 --- /dev/null +++ b/copy-of-sdk-docs/build/rfc/rfc/README.md @@ -0,0 +1,38 @@ +--- +sidebar_position: 1 +--- + +# Requests for Comments + +A Request for Comments (RFC) is a record of discussion on an open-ended topic +related to the design and implementation of the Cosmos SDK, for which no +immediate decision is required. + +The purpose of an RFC is to serve as a historical record of a high-level +discussion that might otherwise only be recorded in an ad-hoc way (for example, +via gists or Google docs) that are difficult to discover for someone after the +fact. An RFC _may_ give rise to more specific architectural _decisions_ for +the Cosmos SDK, but those decisions must be recorded separately in +[Architecture Decision Records (ADR)](../architecture). + +As a rule of thumb, if you can articulate a specific question that needs to be +answered, write an ADR. If you need to explore the topic and get input from +others to know what questions need to be answered, an RFC may be appropriate. + +## RFC Content + +An RFC should provide: + +* A **changelog**, documenting when and how the RFC has changed. +* An **abstract**, briefly summarizing the topic so the reader can quickly tell + whether it is relevant to their interest. +* Any **background** a reader will need to understand and participate in the + substance of the discussion (links to other documents are fine here). +* The **discussion**, the primary content of the document. + +The [rfc-template.md](./rfc-template.md) file includes placeholders for these +sections. + +## Table of Contents + +* [RFC-001: Tx Validation](./rfc-001-tx-validation.md) diff --git a/copy-of-sdk-docs/build/rfc/rfc/_category_.json b/copy-of-sdk-docs/build/rfc/rfc/_category_.json new file mode 100644 index 00000000..a5712bda --- /dev/null +++ b/copy-of-sdk-docs/build/rfc/rfc/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "RFC", + "position": 7, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/build/rfc/rfc/rfc-001-tx-validation.md b/copy-of-sdk-docs/build/rfc/rfc/rfc-001-tx-validation.md new file mode 100644 index 00000000..80dc8e1f --- /dev/null +++ b/copy-of-sdk-docs/build/rfc/rfc/rfc-001-tx-validation.md @@ -0,0 +1,25 @@ +# RFC 001: Transaction Validation + +## Changelog + +* 2023-03-12: Proposed + +## Background + +Transaction Validation is crucial to a functioning state machine. Within the Cosmos SDK there are two validation flows, one is outside the message server and the other within. The flow outside of the message server is the `ValidateBasic` function. It is called in the antehandler on both `CheckTx` and `DeliverTx`. There is an overhead and sometimes duplication of validation within these two flows. This extra validation provides an additional check before entering the mempool. + +With the deprecation of [`GetSigners`](https://github.com/cosmos/cosmos-sdk/issues/11275) we have the optionality to remove [sdk.Msg](https://github.com/cosmos/cosmos-sdk/blob/16a5404f8e00ddcf8857c8a55dca2f7c109c29bc/types/tx_msg.go#L16) and the `ValidateBasic` function. + +With the separation of CometBFT and Cosmos-SDK, there is a lack of control of what transactions get broadcasted and included in a block. This extra validation in the antehandler is meant to help in this case. In most cases the transaction is or should be simulated against a node for validation. With this flow transactions will be treated the same. + +## Proposal + +The acceptance of this RFC would move validation within `ValidateBasic` to the message server in modules, update tutorials and docs to remove mention of using `ValidateBasic` in favour of handling all validation for a message where it is executed. + +We can and will still support the `ValidateBasic` function for users and provide an extension interface of the function once `sdk.Msg` is deprecated. + +> Note: This is how messages are handled in VMs like Ethereum and CosmWasm. + +### Consequences + +The consequence of updating the transaction flow is that transaction that may have failed before with the `ValidateBasic` flow will now be included in a block and the fees charged. diff --git a/copy-of-sdk-docs/build/rfc/rfc/rfc-template.md b/copy-of-sdk-docs/build/rfc/rfc/rfc-template.md new file mode 100644 index 00000000..f4e79fbb --- /dev/null +++ b/copy-of-sdk-docs/build/rfc/rfc/rfc-template.md @@ -0,0 +1,83 @@ +# RFC {RFC-NUMBER}: {TITLE} + +## Changelog + +* {date}: {changelog} + +## Background + +> The next section is the "Background" section. This section should be at least two paragraphs and can take up to a whole +> page in some cases. The guiding goal of the background section is: as a newcomer to this project (new employee, team +> transfer), can I read the background section and follow any links to get the full context of why this change is +> necessary? +> +> If you can't show a random engineer the background section and have them acquire nearly full context on the necessity +> for the RFC, then the background section is not full enough. To help achieve this, link to prior RFCs, discussions, and +> more here as necessary to provide context so you don't have to simply repeat yourself. + + +## Proposal + +> The next required section is "Proposal" or "Goal". Given the background above, this section proposes a solution. +> This should be an overview of the "how" for the solution, but for details further sections will be used. + + +## Abandoned Ideas (Optional) + +> As RFCs evolve, it is common that there are ideas that are abandoned. Rather than simply deleting them from the +> document, you should try to organize them into sections that make it clear they're abandoned while explaining why they +> were abandoned. +> +> When sharing your RFC with others or having someone look back on your RFC in the future, it is common to walk the same +> path and fall into the same pitfalls that we've since matured from. Abandoned ideas are a way to recognize that path +> and explain the pitfalls and why they were abandoned. + +## Decision + +> This section describes alternative designs to the chosen design. This section +> is important and if an adr does not have any alternatives then it should be +> considered that the ADR was not thought through. + +## Consequences (optional) + +> This section describes the resulting context, after applying the decision. All +> consequences should be listed here, not just the "positive" ones. A particular +> decision may have positive, negative, and neutral consequences, but all of them +> affect the team and project in the future. + +### Backwards Compatibility + +> All ADRs that introduce backwards incompatibilities must include a section +> describing these incompatibilities and their severity. The ADR must explain +> how the author proposes to deal with these incompatibilities. ADR submissions +> without a sufficient backwards compatibility treatise may be rejected outright. + +### Positive + +> {positive consequences} + +### Negative + +> {negative consequences} + +### Neutral + +> {neutral consequences} + + + +### References + +> Links to external materials needed to follow the discussion may be added here. +> +> In addition, if the discussion in a request for comments leads to any design +> decisions, it may be helpful to add links to the ADR documents here after the +> discussion has settled. + +## Discussion + +> This section contains the core of the discussion. +> +> There is no fixed format for this section, but ideally changes to this +> section should be updated before merging to reflect any discussion that took +> place on the PR that made those changes. diff --git a/copy-of-sdk-docs/build/spec/README.md b/copy-of-sdk-docs/build/spec/README.md new file mode 100644 index 00000000..cca186ad --- /dev/null +++ b/copy-of-sdk-docs/build/spec/README.md @@ -0,0 +1,25 @@ +--- +sidebar_position: 1 +--- + +# Specifications + +This directory contains specifications for the modules of the Cosmos SDK as well as Interchain Standards (ICS) and other specifications. + +Cosmos SDK applications hold this state in a Merkle store. Updates to +the store may be made during transactions and at the beginning and end of every +block. + +## Cosmos SDK specifications + +* [Store](./store) - The core Merkle store that holds the state. +* [Bech32](./addresses/bech32.md) - Address format for Cosmos SDK applications. + +## Modules specifications + +Go to the [module directory](https://docs.cosmos.network/main/modules) + +## CometBFT + +For details on the underlying blockchain and p2p protocols, see +the [CometBFT specification](https://github.com/cometbft/cometbft/tree/main/spec). diff --git a/copy-of-sdk-docs/build/spec/SPEC_MODULE.md b/copy-of-sdk-docs/build/spec/SPEC_MODULE.md new file mode 100644 index 00000000..bb9ee251 --- /dev/null +++ b/copy-of-sdk-docs/build/spec/SPEC_MODULE.md @@ -0,0 +1,60 @@ +# Specification of Modules + +This file intends to outline the common structure for specifications within +this directory. + +## Tense + +For consistency, specs should be written in passive present tense. + +## Pseudo-Code + +Generally, pseudo-code should be minimized throughout the spec. Often, simple +bulleted-lists which describe a function's operations are sufficient and should +be considered preferable. In certain instances, due to the complex nature of +the functionality being described pseudo-code may the most suitable form of +specification. In these cases use of pseudo-code is permissible, but should be +presented in a concise manner, ideally restricted to only the complex +element as a part of a larger description. + +## Common Layout + +The following generalized `README` structure should be used to breakdown +specifications for modules. The following list is nonbinding and all sections are optional. + +* `# {Module Name}` - overview of the module +* `## Concepts` - describe specialized concepts and definitions used throughout the spec +* `## State` - specify and describe structures expected to be marshaled into the store, and their keys +* `## State Transitions` - standard state transition operations triggered by hooks, messages, etc. +* `## Messages` - specify message structure(s) and expected state machine behavior(s) +* `## Begin Block` - specify any begin-block operations +* `## End Block` - specify any end-block operations +* `## Hooks` - describe available hooks to be called by/from this module +* `## Events` - list and describe event tags used +* `## Client` - list and describe CLI commands and gRPC and REST endpoints +* `## Params` - list all module parameters, their types (in JSON) and examples +* `## Future Improvements` - describe future improvements of this module +* `## Tests` - acceptance tests +* `## Appendix` - supplementary details referenced elsewhere within the spec + +### Notation for key-value mapping + +Within `## State` the following notation `->` should be used to describe key to +value mapping: + +```text +key -> value +``` + +to represent byte concatenation the `|` may be used. In addition, encoding +type may be specified, for example: + +```text +0x00 | addressBytes | address2Bytes -> amino(value_object) +``` + +Additionally, index mappings may be specified by mapping to the `nil` value, for example: + +```text +0x01 | address2Bytes | addressBytes -> nil +``` diff --git a/copy-of-sdk-docs/build/spec/SPEC_STANDARD.md b/copy-of-sdk-docs/build/spec/SPEC_STANDARD.md new file mode 100644 index 00000000..c08fbf04 --- /dev/null +++ b/copy-of-sdk-docs/build/spec/SPEC_STANDARD.md @@ -0,0 +1,121 @@ +# What is an SDK standard? + +An SDK standard is a design document describing a particular protocol, standard, or feature expected to be used by the Cosmos SDK. An SDK standard should list the desired properties of the standard, explain the design rationale, and provide a concise but comprehensive technical specification. The primary author is responsible for pushing the proposal through the standardization process, soliciting input and support from the community, and communicating with relevant stakeholders to ensure (social) consensus. + +## Sections + +An SDK standard consists of: + +* a synopsis, +* overview and basic concepts, +* technical specification, +* history log, and +* copyright notice. + +All top-level sections are required. References should be included inline as links, or tabulated at the bottom of the section if necessary. Included subsections should be listed in the order specified below. + +### Table Of Contents + +Provide a table of contents at the top of the file to help readers. + +### Synopsis + +The document should include a brief (~200 word) synopsis providing a high-level description of and rationale for the specification. + +### Overview and basic concepts + +This section should include a motivation subsection and a definition subsection if required: + +* *Motivation* - A rationale for the existence of the proposed feature, or the proposed changes to an existing feature. +* *Definitions* - A list of new terms or concepts used in the document or required to understand it. + +### System model and properties + +This section should include an assumption subsection if any, the mandatory properties subsection, and a dependency subsection. Note that the first two subsections are tightly coupled: how to enforce a property will depend directly on the assumptions made. This subsection is important to capture the interactions of the specified feature with the "rest-of-the-world," i.e., with other features of the ecosystem. + +* *Assumptions* - A list of any assumptions made by the feature designer. It should capture which features are used by the feature under specification, and what do we expect from them. +* *Properties* - A list of the desired properties or characteristics of the feature specified, and expected effects or failures when the properties are violated. In case it is relevant, it can also include a list of properties that the feature does not guarantee. +* *Dependencies* - A list of the features that use the feature under specification and how. + +### Technical specification + +This is the main section of the document, and should contain protocol documentation, design rationale, required references, and technical details where appropriate. +The section may have any or all of the following subsections, as appropriate to the particular specification. The API subsection is especially encouraged when appropriate. + +* *API* - A detailed description of the feature's API. +* *Technical Details* - All technical details including syntax, diagrams, semantics, protocols, data structures, algorithms, and pseudocode as appropriate. The technical specification should be detailed enough such that separate correct implementations of the specification without knowledge of each other are compatible. +* *Backwards Compatibility* - A discussion of compatibility (or lack thereof) with previous feature or protocol versions. +* *Known Issues* - A list of known issues. This subsection is specially important for specifications of already in-use features. +* *Example Implementation* - A concrete example implementation or description of an expected implementation to serve as the primary reference for implementers. + +### History + +A specification should include a history section, listing any inspiring documents and a plaintext log of significant changes. + +See an example history section [below](#history-1). + +### Copyright + +A specification should include a copyright section waiving rights via [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0). + +## Formatting + +### General + +Specifications must be written in GitHub-flavored Markdown. + +For a GitHub-flavored Markdown cheat sheet, see [here](https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet). For a local Markdown renderer, see [here](https://github.com/joeyespo/grip). + +### Language + +Specifications should be written in Simple English, avoiding obscure terminology and unnecessary jargon. For excellent examples of Simple English, please see the [Simple English Wikipedia](https://simple.wikipedia.org/wiki/Main_Page). + +The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in specifications are to be interpreted as described in [RFC 2119](https://tools.ietf.org/html/rfc2119). + +### Pseudocode + +Pseudocode in specifications should be language-agnostic and formatted in a simple imperative standard, with line numbers, variables, simple conditional blocks, for loops, and +English fragments where necessary to explain further functionality such as scheduling timeouts. LaTeX images should be avoided because they are challenging to review in diff form. + +Pseudocode for structs can be written in a simple language like TypeScript or golang, as interfaces. + +Example Golang pseudocode struct: + +```go +type CacheKVStore interface { + cache: map[Key]Value + parent: KVStore + deleted: Key +} +``` + +Pseudocode for algorithms should be written in simple Golang, as functions. + +Example pseudocode algorithm: + +```go +func get( + store CacheKVStore, + key Key) Value { + + value = store.cache.get(Key) + if (value !== null) { + return value + } else { + value = store.parent.get(key) + store.cache.set(key, value) + return value + } +} +``` + +## History + +This specification was significantly inspired by and derived from IBC's [ICS](https://github.com/cosmos/ibc/blob/main/spec/ics-001-ics-standard/README.md), which +was in turn derived from Ethereum's [EIP 1](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-1.md). + +Nov 24, 2022 - Initial draft finished and submitted as a PR + +## Copyright + +All content herein is licensed under [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0). diff --git a/copy-of-sdk-docs/build/spec/_category_.json b/copy-of-sdk-docs/build/spec/_category_.json new file mode 100644 index 00000000..5c2ccf7d --- /dev/null +++ b/copy-of-sdk-docs/build/spec/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Specifications", + "position": 8, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-docs/build/spec/_ics/README.md b/copy-of-sdk-docs/build/spec/_ics/README.md new file mode 100644 index 00000000..803e0c89 --- /dev/null +++ b/copy-of-sdk-docs/build/spec/_ics/README.md @@ -0,0 +1,3 @@ +# Cosmos ICS + +* [ICS030 - Signed Messages](./ics-030-signed-messages.md) diff --git a/copy-of-sdk-docs/build/spec/_ics/ics-030-signed-messages.md b/copy-of-sdk-docs/build/spec/_ics/ics-030-signed-messages.md new file mode 100644 index 00000000..a7c56715 --- /dev/null +++ b/copy-of-sdk-docs/build/spec/_ics/ics-030-signed-messages.md @@ -0,0 +1,192 @@ +# ICS 030: Cosmos Signed Messages + +>TODO: Replace with valid ICS number and possibly move to new location. + +* [Changelog](#changelog) +* [Abstract](#abstract) +* [Preliminary](#preliminary) +* [Specification](#specification) +* [Future Adaptations](#future-adaptations) +* [API](#api) +* [References](#references) + +## Status + +Proposed. + +## Changelog + +## Abstract + +Having the ability to sign messages off-chain has proven to be a fundamental aspect +of nearly any blockchain. The notion of signing messages off-chain has many +added benefits such as saving on computational costs and reducing transaction +throughput and overhead. Within the context of the Cosmos, some of the major +applications of signing such data includes, but is not limited to, providing a +cryptographic secure and verifiable means of proving validator identity and +possibly associating it with some other framework or organization. In addition, +having the ability to sign Cosmos messages with a Ledger or similar HSM device. + +A standardized protocol for hashing, signing, and verifying messages that can be +implemented by the Cosmos SDK and other third-party organizations is needed. Such a +standardized protocol subscribes to the following: + +* Contains a specification of human-readable and machine-verifiable typed structured data +* Contains a framework for deterministic and injective encoding of structured data +* Utilizes cryptographic secure hashing and signing algorithms +* A framework for supporting extensions and domain separation +* Is invulnerable to chosen ciphertext attacks +* Has protection against potentially signing transactions a user did not intend to + +This specification is only concerned with the rationale and the standardized +implementation of Cosmos signed messages. It does **not** concern itself with the +concept of replay attacks as that will be left up to the higher-level application +implementation. If you view signed messages in the means of authorizing some +action or data, then such an application would have to either treat this as +idempotent or have mechanisms in place to reject known signed messages. + +## Preliminary + +The Cosmos message signing protocol will be parameterized with a cryptographic +secure hashing algorithm `SHA-256` and a signing algorithm `S` that contains +the operations `sign` and `verify` which provide a digital signature over a set +of bytes and verification of a signature respectively. + +Note, our goal here is not to provide context and reasoning about why necessarily +these algorithms were chosen apart from the fact they are the defacto algorithms +used in CometBFT and the Cosmos SDK and that they satisfy our needs for such +cryptographic algorithms such as having resistance to collision and second +pre-image attacks, as well as being [deterministic](https://en.wikipedia.org/wiki/Hash_function#Determinism) and [uniform](https://en.wikipedia.org/wiki/Hash_function#Uniformity). + +## Specification + +CometBFT has a well established protocol for signing messages using a canonical +JSON representation as defined [here](https://github.com/cometbft/cometbft/blob/master/types/canonical.go). + +An example of such a canonical JSON structure is CometBFT's vote structure: + +```go +type CanonicalJSONVote struct { + ChainID string `json:"@chain_id"` + Type string `json:"@type"` + BlockID CanonicalJSONBlockID `json:"block_id"` + Height int64 `json:"height"` + Round int `json:"round"` + Timestamp string `json:"timestamp"` + VoteType byte `json:"type"` +} +``` + +With such canonical JSON structures, the specification requires that they include +meta fields: `@chain_id` and `@type`. These meta fields are reserved and must be +included. They are both of type `string`. In addition, fields must be ordered +in lexicographically ascending order. + +For the purposes of signing Cosmos messages, the `@chain_id` field must correspond +to the Cosmos chain identifier. The user-agent should **refuse** signing if the +`@chain_id` field does not match the currently active chain! The `@type` field +must equal the constant `"message"`. The `@type` field corresponds to the type of +structure the user will be signing in an application. For now, a user is only +allowed to sign bytes of valid ASCII text ([see here](https://github.com/cometbft/cometbft/blob/v0.37.0/libs/strings/string.go#L35-L64)). +However, this will change and evolve to support additional application-specific +structures that are human-readable and machine-verifiable ([see Future Adaptations](#future-adaptations)). + +Thus, we can have a canonical JSON structure for signing Cosmos messages using +the [JSON schema](http://json-schema.org/) specification as such: + +```json +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$id": "cosmos/signing/typeData/schema", + "title": "The Cosmos signed message typed data schema.", + "type": "object", + "properties": { + "@chain_id": { + "type": "string", + "description": "The corresponding Cosmos chain identifier.", + "minLength": 1 + }, + "@type": { + "type": "string", + "description": "The message type. It must be 'message'.", + "enum": [ + "message" + ] + }, + "text": { + "type": "string", + "description": "The valid ASCII text to sign.", + "pattern": "^[\\x20-\\x7E]+$", + "minLength": 1 + } + }, + "required": [ + "@chain_id", + "@type", + "text" + ] +} +``` + +e.g. + +```json +{ + "@chain_id": "1", + "@type": "message", + "text": "Hello, you can identify me as XYZ on keybase." +} +``` + +## Future Adaptations + +As applications can vary greatly in domain, it will be vital to support both +domain separation and human-readable and machine-verifiable structures. + +Domain separation will allow for application developers to prevent collisions of +otherwise identical structures. It should be designed to be unique per application +use and should directly be used in the signature encoding itself. + +Human-readable and machine-verifiable structures will allow end users to sign +more complex structures, apart from just string messages, and still be able to +know exactly what they are signing (opposed to signing a bunch of arbitrary bytes). + +Thus, in the future, the Cosmos signing message specification will be expected +to expand upon it's canonical JSON structure to include such functionality. + +## API + +Application developers and designers should formalize a standard set of APIs that +adhere to the following specification: + +----- + +### **cosmosSignBytes** + +Params: + +* `data`: the Cosmos signed message canonical JSON structure +* `address`: the Bech32 Cosmos account address to sign data with + +Returns: + +* `signature`: the Cosmos signature derived using signing algorithm `S` + +----- + +### Examples + +Using the `secp256k1` as the DSA, `S`: + +```javascript +data = { + "@chain_id": "1", + "@type": "message", + "text": "I hereby claim I am ABC on Keybase!" +} + +cosmosSignBytes(data, "cosmos1pvsch6cddahhrn5e8ekw0us50dpnugwnlfngt3") +> "0x7fc4a495473045022100dec81a9820df0102381cdbf7e8b0f1e2cb64c58e0ecda1324543742e0388e41a02200df37905a6505c1b56a404e23b7473d2c0bc5bcda96771d2dda59df6ed2b98f8" +``` + +## References diff --git a/copy-of-sdk-docs/build/spec/addresses/README.md b/copy-of-sdk-docs/build/spec/addresses/README.md new file mode 100644 index 00000000..61db3aa9 --- /dev/null +++ b/copy-of-sdk-docs/build/spec/addresses/README.md @@ -0,0 +1,3 @@ +# Addresses spec + +* [Bech32](./bech32.md) diff --git a/copy-of-sdk-docs/build/spec/addresses/bech32.md b/copy-of-sdk-docs/build/spec/addresses/bech32.md new file mode 100644 index 00000000..dcf8349b --- /dev/null +++ b/copy-of-sdk-docs/build/spec/addresses/bech32.md @@ -0,0 +1,21 @@ +# Bech32 on Cosmos + +The Cosmos network prefers to use the Bech32 address format wherever users must handle binary data. Bech32 encoding provides robust integrity checks on data and the human readable part (HRP) provides contextual hints that can assist UI developers with providing informative error messages. + +In the Cosmos network, keys and addresses may refer to a number of different roles in the network like accounts, validators etc. + +## HRP table + +| HRP | Definition | +| ---------------- | ------------------------------------- | +| cosmos | Cosmos Account Address | +| cosmosvalcons | Cosmos Validator Consensus Address | +| cosmosvaloper | Cosmos Validator Operator Address | + +## Encoding + +While all user facing interfaces to Cosmos software should exposed Bech32 interfaces, many internal interfaces encode binary value in hex or base64 encoded form. + +To convert between other binary representation of addresses and keys, it is important to first apply the Amino encoding process before Bech32 encoding. + +A complete implementation of the Amino serialization format is unnecessary in most cases. Simply prepending bytes from this [table](https://github.com/cometbft/cometbft/blob/main/spec/blockchain/encoding.md) to the byte string payload before Bech32 encoding will be sufficient for compatible representation. diff --git a/copy-of-sdk-docs/build/spec/fee_distribution/f1_fee_distr.pdf b/copy-of-sdk-docs/build/spec/fee_distribution/f1_fee_distr.pdf new file mode 100644 index 0000000000000000000000000000000000000000..b9995386957cb1be5fe5c21551b0645009063045 GIT binary patch literal 185175 zcma&sQn3}=x^TW8fI-42U!FX=@Y09J=ww8$~idyB}M3W`R z=G`Jx?A{G!m=b1l!uMa#&{)1g|78A@xvgyW?^L*-r?G5pP{*!(2Otgzxi!foSI$4B zs%B`Z-VV1$S92rx4X`?Breh2V{B~+;H^ZioL|=gzQ!qy%H|^UFD9jw#Paq<56qv~# zm!{_}8*7NUDV<{%&zANq3QADW{Jet5+&C#;_!8q&Na3iF6<}T0N&KKgPDj%y zi%U_6Gjm}aHXtP4iZHW7das7MC56Lo7};FZs!qLjjyu2KYCe$0*u(en#%z%DF`7%| z9S3V@$L~SRD)1#qIvgcpTzqegqk80yQx8vL{5=Zw!t>^6Tj{%)N|bux&~q_QkT5NS zM#wlbnGyEkjrVwU4?1p>H@|+%{<RWHV~%3?+^)f8c>ss-2ysY?m{@lo#!h9?reBcV%`O}A;n9;X zAxG?kl|b-EX`1jlWNfyeT|jWPOgUS|SDpvX%3Zeu#-miSt*05X;*B-PtH%@1(tO>I zK-u-eGCEh2Y|nF*GP>{f`L#$ZykJj~=T}@wxZMM+HXM1?=^Rn-%|=0I@>QyMN`@v!zKhmw*6#Tk~EQ@(>#(q z4mcvaYU=YBfBr+I?Sq>`>RjWd7*Wb7i~kkl2dKWC0IpJFO1RWJ)yG}u)?7_8 zOcp>;Ad{E=@y_804n%{bpsk2$wV`;-!r+Bw>+^f4)-cPULm8gByfEh2o~;TqfV*)x z0+SCFBV;zn608Ht`b`k3XK*$_nOzgcqpTS}3-CyNmZF*$iQQ7E#LmXz2(jnLz;KTD zI52Oy7@KlFnMV6w&iAU0hqO6QYeMUB5-%_hU%a+bTtFB%-Uki+$58denPI!T=`><& z=imyj!izCY&E2W%Yf^k(8Nm8o_`4y+k7vh78;AmQS=yw@PO_Kti>SOSKO{p~mAJX%ie$CvD$wULu&o9AY$U^$?1{-AQUv z=vmeNL})5$zQBe^p~_QLjyf}%G{V#$-9XgTipnslz#?mDlcW{VV)DpW z#(B5b^p5ki@Jmj$J4cO1dpXQNRqmS_jvRrLC6LJ~FadAYxYRZYlmH%%6j_3Uh$VQ= z9hPZtyAlSUrui7JyyZxM)n`dDsI(@qgCP$WhkPM29r9uxs3Ss42MN2S_tGGP)kK ze>8(|&(WJbwE9KH=8h5LoARTRS8QK1E3=@nW#^d_T_f%4C$_c(fh+?CjI%V(9UmWD^QXuw1&uK=8! z4XqnS{QQ;4w9ll<@}kLIZ4E5)2uWQ2JXJZq-ieqbWd28l_P9DUkdn3-{sC)OTC71JF!BGTs=MlEZ@uFzplFA{%DjO zujBnI7ASs5l?)pBt+s%k!&t}1Rd>?ttq3IJX}WgL4Wx^Gw(ClG8*;>16<)58L0$7i zVlZEixF3Duya;LE5}y=6$wMNX+swZBiJPW(Rf#^`+{HpSaM(KFc4QclxD`%&esFSK8=+VVf*Apylv)eo9R z8VdP7DfEU1&WQR-Qk4@=(p4ojwV%Eqg@Pad_vZkH(rFnOGkeqjZ-@VR{a<%*u>Nm= zurPCS{G!;x_~X8)IOaHxZSEs8D`RSJA&6<|qiD;8aVep$OffgG ze@C8`imgzd!uM>fyj$N15+UE>gNA45}9+a9w$CybrKb%ojPn#F#4Na1(D3VK)+@$H)5p0zZ5IxqIvBSF-Eu1}`vRvB5FleY&uHHaNq^|Lp8n zmkyu56&Ld9&FKyj41|Yxr9Thndyepm;>x(#5YY2|u}zo?Be}S45w;$an>27tPn;xH zuE$kB06Mu|P+9dRL7cjufD6_L@Y!U+pu-Cf#M;d?q7<9m)xBm)y2wf9W3w$UNlC6YMVtzm~ z1(Xi@dibTnW4oajm&yM^#u(>Q;MHcMF300+1tvmb0!GTbe$&v!EVqHDKDnY>;(GyI z;hoJ){zL>8 z@H=agJ`Vm~^m^0|B=h}nyp>8 zz1c5-3}fY|$lhZR`Ixl|+M(9WWOrBKHV4^5_fH@)2s1Q)N9Tw_uMxGHp*AAoE;8}g z(yfgUcDr3S1o|coY9h!s8zYM`--6wPa_cFjKG_iIx!X5U2TT%YSC4@EHSH@e=r-!R z{ndzfge}0li~IJ?Zl49EFdyIh#G`lp?$Uq8I;6od`mGhRF*KQ4c_wyF=M#LtXbjvE zQeMGSN?BPtW9H798C?UWJ@PWkN6^>LoQD64w6J_?fuxA@GRy8RabJ2>SG}FI;~mVK zgYTau-dEwfmxSlRc_?JxUW`a$O?LLqPWnDb-sr}ntg?3#2DtT*ykeB7|2x^N<8!Os z1g>Y1*N^$!@g(0Nm`&3rCIW(6tG-F2U=|e6JvNXC!xn3^jWYw)0N56=h~jlH&9tAT zBHuc%LiSvTN3Z^!doOEK)!(->RG6}h{0}w+qEZ1^HB&XE(MaEgMWruGOhJvADd7ka z;=uLA2Ftr7;CG~o?Rs#?+!$S)eBgc8&O1nbyNI9Dk|sj2e{BVL1Yt2yK1&~i6WD4D zZ*qR;UYtPxbh7sFJa~>yP_edr;E+!rkB>nm21)-!(@=2)&K1e<_ObiXq*1#Fiy2=N zR$*NanLm*=mzG!f1W~&iOCL4k>ZxZvu{`)m?^Y>rCTXAkJbi>Z0qDj}wp|*{&dN_? zp8^9|LGtXtA&lsly~vlgB}yYcCFBHMQ1VBpT_@cZjx&Kgh#SBRG_5$udH6{Jgm_;=WgC$Jx^1;Y&Yx(=8S(dEHzu+BJ z;X#1}&=(A{82NKdMU~EmI57lcrSqhXiK^g{9z=;+JeR0C#m*gARzIXjyAF#G-Xgvc=Yl6pQpA6-A~-fVN@+Y%AAMFBNQYR z+-kMFBiqSSQG~P2?WVT%Ctfk)%?*LQ7nLQLC+-zdZw4taS*9K*meCmk5G_igcIOXi z>p|Uaom9jMM}E96EXvqQEPSSLZ{Ka#I9IU1`(T^GWFB-+s#Pp|h)DznlX8UNa-LhS zARiOufsxPJ;h-$Rt9wg4&#DYV{mQOw5dl`VH8UD}G)*?WlM@m)64!$xx@10rzo+?06C09A~KqD{($W z(!xrY(vR+fSE`=JxGD|h>bSBm$Ma6~>EVi$%%_-CBUJ`r$JvN+b>ry^_26*>PnShr zN4tomSZ$>UG1vUNz<^t!aq6WA>0=^b`?t8*&gO8X6SqjWPTATLqfEkK8zK>AKX}^| z2JR8FW43vvIwZ zIGkh%o{L!#W*PT0bT_4>EG=(bF_K9KKeQ+U!IlU_) z3~yO7e&%+n(Ru%Bj8sw72Dz+{6Lrq;UjX3sF=w#EaMrQ`L;l1vZ(3XqJ{vV^Z<69A zV;Yuz=4@4?Qx<#wV2kOCfS8Te^eZzw;V;zG^ecb;+_m$uB0ZaN!+ zF&>Msp;@p=;g$A0EF)aNgalkL%@?s~U5S}c6O**D=pXUonnSzQ45;>L?t9nFAXp>X zd}FHz8Utp$M+WNm?gQeyLuRBz>ICo64OAQ~5qm?6ASjc4zF(*VkTJ>wnsaA| z%IVrir?W!pfa0b@j8KGWC}SU&A-OL>@#9*7--GQKK^xa*wj4p@ft`zRBMsIzaXmRT zAp5`CF7KIN9cSLjPfrZY@d>O2L!yM3-l{WIAu{GKSA|7}RQkmo6s7xnRV(8gg~vWx zkh8sQz`1qd%_NA?N=?FtFI~sAGG2Ga-ZjEP%g>aYw%8EyPYNmsDhUMW$cLflAPhX7 z=~PnPZh0XBk6=>E{pZw{UPPcke-8wAXYhJ5uD4(nF*!bShNK&B00E1M)WUq>b8-x- zmf;TJz<#(PfAu9T$4S3Cld?Mf*$*4h+2o~{D5)ZH#pCgnK4MP#`J=;Jk{4_jSNd*z}!kTt~D(q+_1n%JjI zp^_W%KbE;dKD~>A`F>3%cQ7K@t?Fx-+!cQ~6fI%alpP_+x+=sPR!NPTZqA2hP0w=UsCyRyM5C5&^nq zLooWJ#@{r^8X016r_S|zlA~#mYHtoCN6@Rdk(lHogZsnc{TfS90ePzXQf}&Xc;&+mR1oSMZ}y z3?N?mMj_CJ(Jxm?!N0)Qj{w^L-ASDPp_7=o*x3KuPHNNEaoAzU@PBK_WI(EoU8i&C z2G^w9vWG1lB-xA$(kr|O;VtH~Wlg5FLg^XsUkF>3WQo3F{}W;A$wh{^5cikov10?% z;8)RBTFIPyTX)|+m5F2_S}y%eILFmR&%s~%r^ThO=j-F&L_>h0wYY8T;)OW#k{eNC zj%;cdbs`aZ*m@2vxvf>!WqQ?_1V%B{thxAc#0+gpj_D4U{SLQf<%#S2w^=s1+VPe3 zwKu_*ny6`tbAq3zp57&|(+>GZmc^99sWw`bm$rX<>{D=-dRCCySn`EUZ(*C*<4{6RcSGU=V#es8 z0c3ua-tleqk_Y`;PtFW2(m10%&m+(uQ10DDVw^-QP)ET=JNZS;r0h?Cfn%#^3za1ye$IhRo9){_}CpxHm#YBt{Jf zGG%D(M&(LjCR{{Xgz7(DFXJT0HgzcqzeM9MRFXe7B82Fh8Ty3Q>|w7j_KCM z03yqOE#3^Ki^Do&VU-HDo&{o0v`_i-z`!G7%(QuQ3GcdRJ zR^=pO_H0_w5IUauWs`1Vf3w8I6llIyqSv!fm_O;F^V|QqMCUt%@td)8qf@|&8i0}X zthOe@ylPh}Pd|NEx|Kh+O#&@POa{s8Wri{4SN4G2HW2xvov!?2Us(2d`1~g?kkAi5 z-v8Wk?z46Ibgskr@;%n|83Ls2TG&NUfDas<0tFaT_I2J!HdH!6oqJ0RK$GHmeKr=T zAB)nhw59&uMo$S#Ar794G=KHBZahnoH}IMtvM$pn$gj@S55A6pD{wBFzIW}%Ve)89 z&Aud&Ymck(Cg{HD;p?DM8rFKd3Q}$-j@K};9fQB6o%cT&xJ5F5vyY*^sJH$`YTwbw zZ_#*4L|KoAB$C0!XFS(ai!k9t4Pnycbj&Bqz~kvR zz1t;Puk}1lUU2!`ZX?r3H?Q{&#w`=mIz%i}y(L(!LFta8UI7~QHrQp2pMqi8A1l?ASPeCi z3!5HU4`O-C<{S%ZIyMkM=#6waVK_%k@eQJBN!&~xJ9`xcYvra3Z}I8yu(kHoI)hO( z;oNsp-xjF9_$fc^%@rKw>GVvOTLjwXSrm!jWnzZWdDtP~i2xF?B$LF@7HZb=rqIHQ z?qc6*JwtX^=Jp*znj~(c@!B2N!{<0-*6Tu--aKJ8*6a#>1WkCrXqkC|>UeTK>VxZ5 z2#1V0nl&=KXRK%ugtd)%aw)Old!%7No1C&Of_~GF`Uod{{i_a*^#!!W>7q)94;Uw) zcwP}7W$9!RcF#|Z&CuY>4>dNMUqgX)s(u9pi^~xioB+7(dk9s7rUN-r)mPtc*<%6M zE-UjQNq7vMXO&ucV&J1ga;^%6#E~da2@l|AM#sfryxtx^biUs4T}We?vcJy+V%iH_ zHm1=|VWeJdj0EZbQhm5g8}*+uhF6e4#~Cz-qZx17Vpp7c_B6iHTc5xn3@K_`+}&A zIfWkoTRkK(0w3#Cal2)BsHW+%%?2M4ad;{*vP`?F5dxgoYeGxR21>>z<=>GWlQE|1 zU*oxv0s}yp6XmPLQvrHpSd%)?FO>>hd?H8CG8>;3Q^R&AJ)U7Se($rkPxQk*iFwN{?LlgmHE*UcIRmHN33Yu(6Fg}@=^?j(9P#;1i&v!KT zjoe(-<^z)7_=CJrM?wn}Auf@9!<3q*A%1YqTe3(}05Po#;aLnQW)-bKX$O(I)FdDe z3lqJB`+Mmdudu<81MTyb5A4B4>oEt;4-_ET@@CV>lyaflqFIyv&fDWYcML2=FaX9& zZe&6~n0(|Cxw)x3N#dhC3j1Ki^-J&^kY+$^TRz{Y0c_P86BSN*T)~vU*%5Vy=piuZl95I%$1~S_feS;?xosC}RM4SMEz3P-*)O3fgQ5-{V^hAYU)R{SDM`CICNK5?fDE7=d6 zg`QrF0EDjLq!#3nDGVsm`56VB4C)uIb?hl&9(z_2RuLN_Di>(gneTSGe}|9kW-`Oh zWG{yXpdMhuE#tzH_V)?IW>NxenpOg(>>7nGNlt~rp%)7MnV?3dG7kIJG=uI0y`6QC z@O%K}0QN8ZI0Us&fvM5wy!>-=2#&hzrs9q3V%WLm?+6bYxs0Fb>&rC3YMx#K7Q7EK zG*@KN!VA&9&`1h=m-W!)&_Ny7*-m<=D>qxQ}l73;f+Hjxk(?riuK z#RYH!*%7)iJ~WpR%T?s=5fMAHO6rBq0P?2s8)7{5T?b3Gj3!Gx_{X!yrEpsf7%2kA z0i8~5wPT^ftsA5yIYdlJ^laaqv}0)Hx^)&l>6><@8&NDXIk-SPoN?RC z$E9DBs{G@6qqoD7dS5s;mTdm~Hs?)zR^o-+D@Wl6qMRyRQzhEdn=WO-1vhMeBV;lD z62BTqsv0jjx1)>3UtLwoL+ejum@qWv81mU^1bYyK+8;Dg-I#d1!zjye?2r6en;3%-LgYUU7=a+i? z8W0ovn@6m!4wF)*`xGmDa;vVVcW5+g9{ zWV@{Ls@b5R?I;8a7`rXv5t#n}47vGM_cdjmiP!l71wB=n-K__RDU~Oxq_Jw_HI1>K zv%}k%yJkItvnVNdLFYHvxBj!=XtE1bRYxAFViLo&;IIp*!&m z+ZYk-YTY%0?a%A|+phjLpaa9-Epx&-9P!Nw1x-#5eGszIh6S8%2;=aZe+DkU>2!&u zW0{w8Lw6qoeL zp2&VJdqE<7Try{QVl+;Q*T8%V*!2L34|+PAlWHqkLQkg)CO#bp^@}%8o@~qB5f@gq z-f1C>4wxCot13;qS;ny6p=k)Nf!$9jSjZNy+@q{U%a4i|omb8dd?tqs zG5_D~WXQ%i&wb+&VK1VjL#NKF#UbVkhh?)?f7#tgcL)tBb1>zwMCJx4t3 zQP{IA-F)IhmU|p*S{A)YlLMm@+Ll=gSNh*pd|W~|3Z&P-?arX6{c26Co$HvpRy}Wo zlyE2WAn>h!b;{C}&%rdXPdlF3m=v1-3OHHUb=M=>Uh@!x8kA>7Bo2A^5 z2Cg^`J}QdACa_T!bbekOTuTO*y@_gNwA^?VEdw81c3F3+{<(HU) zd}>^k*X!xSE)^3TLPgW_J{*+td_lBo{z9u#Dl_=qnuij}t8BiM=w2qDCW_;27+wyO zyQ2Ljk_CyoWRSzgnMmLSu5&*J;*Uz9d_D2UI3m>!MUa)^BZm3DT$c{TYWT11*?G}o zG)M{cj&Z)wX@U~6o;*8&h^oEqpk*xV6t?_kM-9=gneEDfrT`x^F~uWzTzd~7G)K}K zDp6fIInJRn9)0W{JZiS`C+pnDza)LT&FA;#WJg~Y>K9>rgt4y~2moUUPsMNo!NAs^LSw~ST@5cIB~(nc?|rO_Zf zeS`Fj1C7EeAu1-Ln}jCDtWIzsBUx+%nUT0JQb~qK5CgssWj@*&<9|q*(edcsFX;eF z7#krbl;9lt^=w8w&noo-2ssNx4gLw6x5A@C;A%N_QF3&~+hx8H|hXoCjQ7)C3iV3D9{ zw4LO}!BZ_@WnFrn4RNmWt-r%yXz6~QRi3ri)_)SvAO>P%I_FRd9S(T{TXm$dc=Vgd zo6Jb2V(V$!mG2*RUG5-)z=>@#Q@{#&X1Iz zd?1yq#3l(!2oZH8h){#bjI1NVd^trPB0$?w)4=xYos%ZQophs`0}?bfs8M{TjsJ?8 zcbRfCPBG<4Aso#xqhOfSSGnpKie~|0W@#Ns5SQpM9fz;%2(18fv;D>VK>DuMGcz|`!)j8Qo7fv` z^yi8r8c6G`rSjVz^IL!^mfyJ##f9lm#=d;Avm9O+x#|Yq`N@ot3OtNtkp3dT@OmP6 z>$wj>$W_@AAHnz9I3uKhN4B_ZcQM&}#5PC*#A~~fH@SA5yHsX{(l`|7lu}vI93P;I z&jW{oW|!X5+annF!rTFPXLiC7M6euu#!v?1P71@QV(!k9X^s>B;;)0qI=MXCyNqRRrL z{an%&PRisy3HqxeME7@H7c%G-`nu8M+V~UEG<^Xxojuoh*ZE#dc4NcEP)oSm6x-NQ zxE^xu9?~Cz2+ez}sW1<+oY?5V_Kws0B@IZF8-#s6*Qvx~^tMQo2t>QYKl|_!HUTgC zawRPp0Tv$wPP+h8ubC$pB>9<_XHc~507NR{a{RAQesoJ&ere2{P_UNH8iAE=&e0W@ z(k%->cC?31vYmyPE$7VvF_^s4qJ5Z}@`t}JWCR|Ouu{T4pFjybN z9;AV`mSO9hsZ~AlCK+a8CX{4o&?)$GJl@^yc6)y9VRIY}4Q#taac!(7iWm*u*DSh4fcc~@;A zf_Se|VD92Hoo2LxL7-D87qPO+toXZGu_;LG6`Tk+Zdm*a8x844f=fX5b^2dn82W`b zTKfhChbwQ6JQy~C?-|^43b?`wBb*;1MWEJ8Q_ANt%Hgk2>N1{@&s%Kbu~g@8Fm|@Y zWZ+O!zV-*DqLWCqe;PRzgR`Wz~ zMyca=fUJ}Jh~l9x?nXa>rx;8KlUegHxIE2a_3zMBI**}I2`lzxJ`$*NrkKX)6R6qS zfipyFr`njjNR+Mr!LIk!!@%jI*&O!Qx?c+y8wy(iDj~9JdT0yK-GMD~~s|q34m(2Ia?1~fPos|dPl6{F5 zK|ON|C0RfJY#%q~Mhz>+)-BhgVPtI{|YfwG-=_KRd|c))@2e%jpbyO% zEEqPbS;6t(DHpHa&liri8bcJ#aJ}Z;EXjmPz4Swmx!b=zgm?Wz6U#3zfo;x>W~k&v z(NDi~Ss>hjy*$7fkXoAgSEt*wWJ{XB$Gz!zdCAIn?BP-Da(vNcQ--*bjZlykk`g7!fxJ;FL0`O8fb0QDpIHWPV~A}J$MpTio;jWTz(U6DArwC;{T zOr$tGDr?N%b;z?hq`rfHo!fmcS*Gy}=-O_S4mYbh&9CcUUkwe9@nl9uACahcbfpj} zJ1r4dGJZJ@?g43KxZz#iQD{2Jv82L_P{5L=?{$r9%1!73rE^u{;EP4+aRRGj>uWVS zqDRVFKvLhq2_(-)QiyQ$9Yhysi9^S#(32<7!BC|TKynj{an?Yz#$M3ED8J?ssd0+M zeXtj<$wj!GJ~;<5brSE7e@fSw3xHa;5vcXDvC{O{yo=3ry~Z`TPoIyx@f>EANhRk~ z8^2waw=BlVqd6_R{WE-r9nD)eiV%;frjeMtWS_

    (w`o4Ytm1lYA76?R0$v(9S0DXBH~N+}MaOrH>-A@NWd5|js$K_H|Yh;rg5&4n<8 zvEd#8-TNNip_H&lahhS5h+3|bN+pasmZB@ib6yG8{gzV6MjfrAX0~YFRm`D7H)}6! zk9v*T1^bN-s4Ldyjk6(7q}qLcIvA@*TS8WZAYZ6D$oru%TO{osj*b(fqJ8;k>r;_B z=9JnQ8M~l_Q`LE=+?)2lubhrCV#19VVb7F~T2;!9)MGKUEWM1q2`t;f5gO4n_OSQ7 zs5Ll^)Q-8gTz`*sVBRT8oy);~I%7=AqqD~5FexNMcE6ye^nKsiL+3gWu{<-M09xE_ zU{`@kTZODgQl=U()TB9iio1M)QjOUD<(KUV8*G)Au}CQxCPLnN!P@qE! za=$M(vc0oXU$#@V4>DDA`y;4m&YJXG_y%Slk@T}E#RUEpn1I;OH2PzQP;v}Ab2ViQ zl(#!Sa`lZD-L0?xsn(8al~r4UzW%0t*qX&~23=JS6xq66hBzGoUSjm>&(bB^#D4JS zyGho#g{^#o7n(N(Z0WjR`ce}S9*^N18sMvT_kq~qEz6-ZY2=Y4f@&w0LC^rw*|NKp z2~^Ac&&sN(~QYX|-4vJaAsfGpi23>}q~{(_3a(v#=n(|gN>*H%|vc0PP|K5u&4im^Dqu~> z+GAHxNeY^|`vt5ll!|=3TSW2G?b(3U=%8lIwq5Y%xV`@k$1hD3K1c$DjRJD@tOB5} zFmd~7Oqz(f%dBU<6BX;~!iivx9SgDE*HpnmvgUtq(#>w2$h!KF)*w!14)Zue zgdOYXgPpUD90?1X4S{DM2i*~YoukV++y+h->{9mzOw@)RD0mA(P~7RUJ?6PO`}QOh zwLmh~!Ng{ZfYrD#x>`7fH7`H6YQQVW^lCS!JnX6QGHJR9QnciUSBxcN(l^NIPC!em3MA(eg{#d9xmNGe8Y#a7Fo>B z{wjauKUJ`NOMB2!p_c*CgH8K20+@E1&^0_%eVJ)NAiiGP80Mc7h}JGrVRI4JbKTV`Tp4WBApB`mJVAdhziO%p*JiJd&UEU|$iDHiG)D z5+@Swb!|H*;scBeTxYzgU*Y~SN5KCH9natF@rtAnq2CIKF@bejRJRGZ?O>*+y%P_E z-~Zi6J-k>;YolnsA}C@PD`9jLaCWHkgycBRja*i=Yp1poT5&4(z8dn<|uR$yNCi)W4zJ&f~EH72i1+D{r9fzxzZYx&tlUHu-q za;2I~lo;)#b;wN}*;rU*7-sc9HTZ%iszsvPeFmTQq1M)kAh@q&dCyjha5B}2Amv3} z{l)i;-hD~&TZi)G&5H=KNWDPbE4KfH4CzA&I>mT&5aZ-#J|(DYDU2>V0^|{l;*}YI z;U;&k;!><_v8qxw)EBb;`p1~XC0IrH!$iTzF{f$1iK`wHipZQ+WGU1@1a)4HQGgko zM^Wa1;5s*+8mZ;r0?mIh!i}tDAbxcOU4%^FEZrX&Wnu=)kIu&#ez(U28hX=N7Ue?8 z6H+9X*6#+w&&X+**CKbASI=@vqLhs{amZScd8!189@-C3lR(-UE({~!yAbMy*&tY3 z!91B(V8&O&>@5-f`Z$wKSgzJQqt-3z5bhFu2s`%NkjzOVnJdb{)0u|HB*h~2C>mZ88aZ=P z-zXIs-@RPVvdds8CDOD#5)AMkeusMW>o{fOHV)hEGIF#IRWU2z@UC=Aby5-))SPd_m~Y5M_6lnc&{pJrV5EV9m=9*|Vl@F0yln!|-HA$0m9hq^)rTfuc? z^ZQ3_l&lHtbowpZM{5a9o-c>IO{8k?Em^&v&SEo=Kvc=&VLv85XE=h;4k^b42Hwx? zQ1P`8^|;!GN}tR4MLF5T)!#>pld;eoo3DZtbH;@MHm2iFg>OHDrdu;Ulv9shrFyXJ zinEnx!;}x9l8a&D`)A-!@;1@j6(4u_D#hA4W*f5@xhMnk?62Y~bGC@z8y3l$Q!yfLg>P=vFO@(=a5&Hf7$p0a!ES{y86VW7+N z%DjDhMAw*SW0VM)miSqO7rM``qlwksVOJmG*ux@*@r62Z6A6bbZJ+sK2}vMJXmg!m z^iXso55B7o{^NuA{kpFp;QuRC^#}N9C)BEx9l2%?N~Tq6gk*)QnG8U~&Vz0)Hm_Ug z3|SDIz~aMxtnP(XH9GT2E?tbC#H}jrlRwgjv`9T?&WzSFOJ5L1GtJIYhM?yo-aaQk z!OiLgM^n=%d6r>ZOtsk|=aA!nP3SqlZrySJ6n)l#ztWH)v?3BC!2pAF;!V+Kn?goq zqY;!eQ*?7Mu51!q5jFISNQuTa4R>4BVxbdb_$gDm+?TSj1YKNqiPLW=mgZVFq5YAmB{aQ_W~Je;9y26K(3ik zt}{mH5UmCYR$mdMVo-3@fYBoI=a1`(rZ z!E|(0y;BJ7)fFU}nDKM%`P=i#M1g+-FE-b=#QZQ8s^k$|-rtTe-1O^!3Fm{}m{|HJ zc*^NPK`sMY;6-F&B_qaVAd!4a%Bl`8@&3?XWBGg_(29~Z#UJOYU4q_&x#O-VQau8> ziJ^&CZN7U;C^l%dLt~Sw>XAr!U>mBQQA@F6Dq=iSB&^mvo^FWiUNJ=S<=Itzyqv-$ z#I(qKvj7W3Qs;VZIoie97vC;hwbE-F9rplF%o4sN*ebAIpj+A?SZiF0!HrjcbD);w zQ>P#y%2SifkNjW@8O!%bQK}}nF=2CnbFzvFTNP4oGy&vK2je!j!&HFjyN8p`#;ZEg zJtAa+54a0s0whs)2}sN6r11GnOP-K@@MJN(grZ3W{v7KiZ#Uy9Y>EX*8`{#r?~8R2 z*ZPf%)^VN@j5W2#SQw*6F}|`dpQ~y(Ydfl*#pevjA0krn(vNu=O25rcLeHp2u-e($ z6_X=o?sp^e#x%u09_zR)9L{IFLTv}!2EN?D)1kwT#(p&{z#XVOoSi^2#dOfWZZZ>@ zROf|*+ykPeFLNV3abtRGJn@_M98p zClJSm>VZGk4e>m>#%#IXuOcB$LT)Hgsj71*mVB3&M%*K0vs-8qahotpqsPG%4Nh$8FYxnv1#0sg`W9=7-L@LPxtsqyl#h7j6K z!_&$_U(f1f4MvJ+8b=!&&3$#_^Y!J^=j;*`$)vxW2+0ryRY}>ss8p-Fe)Jd6@~kv4 z{9Hh;fX90zs~b)tIAE)Q@kUGVQDW5A9P(?~=&!A|qx7Z@-o&rU@-HlK3m&!UW~cA0 z4VjP3fWx|rDR*={{)Eu9l|N5VvOg@Z!Vn66iHFy05Ej96z(EEO9_|CtZ^U86?x$=V z%SNUBuh}`rCiT?5virEa@M_TxHK>S2lIvD=*TQRZkJmZ<-k+hozrMA?dE@_wv2zF# z1!%H$+qP}nwr$&X-?nYrwr|_EZQIt|iFmV`KjO`1rs5*Hn^UKFu_g1=gidz@} zG71EL86EP1ID2)4l%`F0_*!iBC4;_|-@LlggDQMm*?=?ZXAi<0>WM%4kBfc|V%5dh z3tZ27tM}EJ(yQyT_!*Mi3EQd7mO1h%+da394rkn0zkSTN^Xi2e+`;J+)IYdlBXNwW zZBp@>A@fi77@hU%crBNgoUcX5D>DgFzF|{zZgVf)GMVz>0cqYel<$CM{ww z?6bg5Y6K|@_^CX)JH2GLMq!9Qw`f;3_rrXi-|~P)#Q=-|*;sXAk<$1-4^R7k`WAbl z|66`BGBEuI{l&=ee=Y-U`KP}&*${e8)oq+3V5++dcWxSNfk@H-Vghh7@hl=**HcK< z3*C}_K4zj4yQ+#gi_x=i;KGik*y+C;y&PZ3sO*wAY!+EM)^Y7raO@wd|Bf$sBM+ZX z*LJ)UhqJv~)u<$c-8R?QI_uON^1$A_*~9x$F%ZA+q*4=X9mZ9pufWNHf&aLZ4+e#) zqJej`rnuRT7VrFB&g*n{w~x%aHp>#l)T8OrtTIAI*X~)kG4a}yOEReQ(!S{U30&kj zo7xS!j;3LwRi0E;0U_VUnKo;Y8)Wg=WC)t?B572kDmR2y@XsE^ws=K1u>?P{#P&;e zEnS>}!1Tns8+DP{CqLL1ZW{rg$CgmhmL|B%F}Pc3kz4H&OfzM_%W!mH$nOl9o>+dpiuc(n^@{L*M4qhHJS&+ltV7KX zCU}TieUW&qSK~$42K-F%%*MJjZ8D|JnC{J4&t(;~xxO+yX(XlW zqYZxwtEhut)DTR6qH;QLXjAJI>fLMxd^mzc(KQ-@o4<8ZK>}3ljKZnvCPRjhery4J z#jI=`&t5P>lHgZh!LZ=GOcFJ!Ls3VZDbya%yCoZL3MtvIpA?ap^^S( z1*g>#P3OP>aoC@Hp=ruaxG(yQn~Uh@z~e6A#>3Hd8l*X%U@6qy-#ushP(%O(IfXXd z$LM8bZEEN=mD~!+Sb_w}JtDXzyp>_alS`{&EN8vwx(*KCB_j0)cTHeiG;43YRrF1=PJdo4nQ;?0>H9(=TZg}|=d1sVs>M__Tk0~(Qq z%pFW!+GDZu5rkU@)Dik0Ww=xlz{P+76YE?jmmt73ww!%)BV5=8<`id2IIDyJvk_qq zbHx>T6zxuo8rrb+SoB`CxY_TXbsE*OeO28|3EdAgtdIs2RuB#fMZXXQV`>|7inA~E zfPW;G&Ck4bRm0QZcOEIY{k(21z1PYj62S{OYu^BVxfsT1eu?+z}lZy87x}9F&mes|7ih$wrzD9MAS;q~vBjeB~I& zoPJ?dKQNH11Ic@Xwki9gGfM)U!90|jwh=qElCW4OB<|T`QgAoF~wjo%U4C<3&R7x z&fIZy8dURWkr}?=PaP`5{qYZ*fn24tu*R~YV|{QGlH+Rl<0m*N;(jZ@}K zK%pMoK8cX$_vVrv!rM%r>ui&9MqD0kW~Bbp^$(BwSpQ=66VPbdJWS`c$n=Gmtq(;+ zY4rg1rNV=P*Xk#f_+WjRD`49Tzv{rUTd=Dj)3R;5ISWW6*d(>vDUA zoJU6Uj|8Xp_t?H|z3rdrX;Ir&>gdl#ei}!nO&ce}g|)3!M#{7=+XwRZo;mhSy)XRR zJ~nhRjxCzi<0iXRHtp*+!CkYdqQp92{BfEMs5EgD9utXBASD(hq_R;1dK*PVA;#^+ zar1E&eNt>IHjl-|@=%u&g~I778j64Em9&-mCUJU(H<>?atqIVIxG{51!?zjwIRC^h zO_mQ-RhPqDxJKe;P)>~VH#Inp^Q`lB>0g!Ag78L*wQ(7VzbUxy%{*lW!K0L6txZyF zHb{-;!*CbVQ5mo0d`6J_mx-DtBSr!D>&AHR7R`fbqq|O@qPspHcrQIAqCz>c1~7f-^+Lfj?M0M9T3@y8=f9psi)pet9MqG{#{O+ zr#|Cu*U}KW7(U^DCAkh6Ng^q2MG3JWzg=JBNrG_0ItL2@K|?UqY^|X2zckf6IdBi; zJtMI{`eGXHJ_&DM&}%{5Oo|GUlBE?X6Mp*ejl`-HhX}O=Gmi_9rR34zF;jg8`e=us z+DV**!H(w?J`X|v0bPQgS$L5!8oRvDhOU(@pftLD=h z6B-$BS~ct`(hCba?x)^)fk^HzR$%FKs*=@2_s}Oulm)CgK~wjy>M9@lL4LEPz8@@e zIOdw!qj*qNKCp8<4QL=1V$g6`2_Y!aY%-B!=TVsQT z$dDSYaF2x9VdFLsqX_>|#iL!)cvvXEdLQvaz`E!Dl%$HjiFu`|^;|Cn&~N*0QHLmD zQB6yUprEe6tO~H#<(I7Hmje#eb*Cq-7yx;N`}3S6@Y4BS)0a&2-l6X36pa|!lXlO25};1C2_mQ?`7 z`L1)-UNP3?>bYC(wHxnY^^PM0!GM$-M?a}Dm=!572yC?!GD7i6!(#@BAid`x{ntM) zlacYv#b^xi;&)|AFoesaXq;G)2WDKAwHf?+Ib>oER%J(~{>&7D$g*a*Ed^`AOR#Q2W zh1$SBrK-`&AW(JMYFgG#!S(U*=R{uvgC^rYTvtr2|0{N4{0H%4W%(bX9}@v1GbaP% z|4jd-e*DjnfRUB)|0R9=|5<-AFQ5uKn=7DDhX`A`Sb?3LAn-RxT>&Enj<7cYdk91eEnT%*fcx)cgWE zf-+e#xP227{ZkVYu@a&scIP(0A8|MdQpiVVCXlU%ziAO6lQ zA@W%Zfa~w??-_oM;SgFtIkhqYt^uF~%%S72t;LY@VFh4qj3Av}-trKd1JPz?UcP8( z?Ck8O1hmP`>WkVLaEbe-7uJFDp`3s?I|5|@dntiY0$TI^${C530GDWKa(>jx1E#aL z{bLFGs`^G2Kuk`bE)I;$p`1Xv%)raX$AFWs1l|0wCx31GAl}M20ocr1e?vbb{a?*2XY<-S_rW4&t4-B-m<8zvj4{kq5XmAC|>U>@e z-cKEBuKVoV^nL}+Qr$|;dM(pC)|xEVG`arzn~?l8c%l;iBxD3-1L{;)SMzLn1H=OZ z9N8K5KX3L;?2=%?yJX7$5Ed-#Ih@b^Wr(GR-~YacTU%O{`@E z0DAkSeQuQfCSQHb!p!|N5xDsO#*{$#=I9{!zs%-eHaIn8cKJ4Z`{BLz>iqo5zTZ;( z)&>3eQ71YzG`vg8f424i#^G65TOQuW4PPF0aP-;*0KK`QU;Wfopq})R`BeziO+NNgl3vU7mG-tp=R{!xxVV7)A^3L?NZjb?eNor0xUzybezJ`I zA?t8gUl%|gq^Gd|%zUCBK1Dk^fT%P3`Q32rKB5=!djO50UjjXVs3AW@cxr#q3-|+o z`mry;Yyh-%{&4ud!YBQqNjL+=?;ySJrJsCt{%8I(*3K0_#9eBjAHlj7j9uI##knFnc z=DYefk8ajqjjjorUr_xBjbG>z`EhzD6CEE5;?!}UonDJKgIn&tnPohQ-8AdQzDaK=f)58 z3H6e=ejPn(R@Vm*pUOs78O2xGV=fq%OI*bpHaKd_eE)M=%TMw+<^S)^O4Qe;MtTCUb^9-vYA z5^AY<4F>PkSRDU?``C&nzMO1BttYK2I^%j? ze&^=&yHIS+xkxrdOtYkH-sZ$;tAO#DJ5$RnP9mlm;O8YvjDI0lnG22Rwiy*n`ZnH0 zGI&`^*k?jn&O+5dY7YsX2rLu4A_&~`^JdLMOX+TgUv;mLIvr!1?Ap-haF2_DBTsJz zyquIa;0TppwY~=<>OW9G?(eksAhJL`QvtH)B}-T41V~S!S{O(a$4@OOII9{mVb|s4 zm(uixr-+jT5>SEryFcB>6tbe=E;{K1rAtdX^3TgvsD0P%xYHHe!{qJPm;cc>kz+rY zhoTupMzch9YSA6y3Z{YFJ8 z{@yctJ@W~~-X$=ri|SkcZuq9gv=ma~coJ-hgZ!GRw8f+TMPCx!TmhIK$Q79PH%+Pi zNbOX~n$R4R2cNNc(^-S?yu%xpKY7&eK)-qbk8M0;2vwMJd_Q46`_(T{cWrv*kENXQ zvUr93>1ELJyd-hMw?!a098^ujJw9Cgd=sowB%cZSD<&6Y+t4Loe5c7_6bB& zGeFYXN!`-xK~VjJ?H37EO(8Tak`@3{xLdH9Y24JWbepCu!342%K*UO#K*Ui$d7zQr zSYLvEC2;c}i(x@pWQ}$PpGoGNin!#LQ;qv0WfT%?b?=shN&rH<9O>J{rxpyKP-1xn zh90smyNNMuA&$*IrEniHIkmDgLN*h}AhM9SrIp1u6Um%4sO==5A5=$+Tcx2m_^xSr zpr_DM;w?5D4aY~XKSO+dELM0kUwuAnV}mUjGrk^T1!$r3O8@kI5^t<;?1f^Wpx&h~ zNtChh8Zt+gTDFhkKOY^|;KI&F;IPJMm0&`L{MS=1!4B%!BbD+uxdd`XC~`UJEePn- zy@-)+ROmCz|`nUW+EPjH%y#^sv zcSCwa%0?n|S9CAho_PNmM9`9eVeBBUZwFb!7=Zv9in-^tf`tM*a0#LIp}$Y(wIFDJ zP&#qOXn+mIC_NiGrn9CR*wPCD z_;m%1q`;duM+;|UTL>k~VOIT&%7k#;v|N^Z4-vW0BMnA=Qe2}s&U~VUAicA8S`%t> zB19C=C$^e47fhX2lFAEPb!9%hwvDB%E+;5vH&H}OJ>%uCjqolDyV%fgz~9_|n;G z(gLUGEH^U0UR-e(u%ZysnbC$cb;DVm{1S26l+$i%nIh$S9gPbO_Nq&C=n--)XXMfT zXhZ%X7q0_dCd1S_hB4-tBH7Gk2se>oNX2X4y)Pzl-}WWn zfb3u>($w0q*R1FhdZV&N`+EQLLea?)R1a+=s~;b z3X0wCH+)*?!P@!x^@E$&mgfV@cqaTL$#nTlGdu2hV>(K^D2^kRWNQlO)B@1-a>W4u zr^QP`<#y9S+EUhz-GG>62d(6K6+vClMIING2>AWoM{O9t60V}{sOpJlknTas7FlSd z=a8=~E_ByqmnQ;zEF8i~7p0G=g4l}-bvehQa}1l5lIA_dP2tXD!gY#BFz;u}zWWRB zA!bz=5@Fxf6Eo?TadSC5wmD3bC^$Wx*xZv|F_tL-fcth&RtnocVer-3YGI1KYzGFi zYh_wy7EfR~#OaH-rm@wdYm(lqzrYgc)bLwj>G$@A>av zA>`c~n$CkWFu(NbqQUjil+Ri<0|A{=XQQ&`me2MqZ11;isUxq03 zqTjf2<6>JAd@sa)WphIHYy%3o9&h>wQCB(vUZ2@A|25FxKJ9P(cy zobQIOml|FgQ1`Mea}`e})9ZOydE=!4njD0rjJzHCA95EJj|XWdGpQ?!U8?UkcEILH zXICsnRTM?0_ljTOUI0;v4Y@L0y%;~yYd9#Go_fp_=q_Z1td>t!2>H)3XoQW*m z49V#Rln8=j!Dv$ddGZmMfWxD8Yl=-H{_JOa9^j{q`vrr^Rb&-SB^=JjIJj5`R9{r` z{Tbn6TB-JTxSW8$7KKmrK9?>X$)l3jVFX2J=-5!WRU)Cu#{PnX7RV3xEHZN<-{DDQ z92g~t*8H5s-Ox*fkS~@>>Q05%9XoKC5W=FfCiHVA%q6V-Z#ADalH0C-DJd#ORU|pa z$>J&zT9&>q;GP2g9`|-@dv@kMru8Z$5wt7Lni-Lw9U@LP1xeBV8XmY!tfZGj4=(g`>ruQyJkS4ArYnWIRz)K8hXUEC?vMQW(l0KVt$Du`K_KrxO;*CDfO@eYK_qar7gla@(fyO{zLji0IKaQR;qNV)^HM6swFrzgl;_;f|M=)CYrQVC|5cg`( zF5F=%_L!u3*+L_xJ) zJ)NPA^`X3s4(|t1fj=&I`O@urRlGKR@3X`7bm{70bdWTFM^qsdIv8JXo2}1)|K5gd z9ZmY$#QGexhGoVwdmDoZOeu8Sr&L`!!YDA1Y8;r>Q0>YrXBpJsbjhJr_r2rz!zvP- z{Bi2)Ll$pyn8;{&P#*Ey1tBN9a+p4RCr=JG6``{$-wOtFnX|wIzSMJIiWAQOloQ2E zLugG`I*OB*RdGRA!U2IdJrCUowL)C(jM|l^78SJA)og=C z%5=p6J1PhwjVV`_uCYr|IxV`Du#S2Bzw;}d*nE|dfiG_O4 zjJb`Hq8qf*rP6@}4blqqCsI7*mf>ZqXEr5P_)~HmDx*ZkuAbl2F!inc4_3FAfo1QH z@VPJ2Hfx3{8c8v8nVeQ4*-&=RwcS5D8;!_Sn=cuDAiPOpC?v*J20Vp*1EgWK`kU#g^=GUOY|i18k?nP@IQG-_bs^I@Ao=E;3C znziUxo$x+-6JcLOuw0`&SoZ9Hmeqh#cd-v&w(#XzKIp*}{z0f@MoV@<{K}2AYJAw` z39o@+`a}Xdl(--?1`C%wH(M(6E=2T9OwOi66-%nlcyb%TrVn z-n}GrGX^Q-=pcxGeCho-AzsC$ZVy0{ZKIh^w4R%q4P;~nS!p6BHch?nbm!8Q>4d=h z2zh5-FcU0?-F5pgRDjA^86{6`7vnGon6sw6kvPU?HePycb1NKiI68hyTMV-gB+5AqvwA-c_PIS$M7Kes5Np19uvU+gOp-TdB z7f)79nO}leDqz6L+{ksAj>-mf$1cKnx0LdorVL(hAIa68GvNk^w9B9Lj~Y-+vK#1G zDX}KY;h|IFm?X=~edk!8=E5ecupueyec;6}N3iaaXDorlZ~BE7Ti8g9Szi zux)JkqYDnsjw<$k=%I0xxJn*Vp%Zeoch?dD$6MtjpT>dfDobnUsjIDq^w+uTUt6XP zmre`r|>_dw%?ip!(149y()^9g99x#=1Elhaxcr2Rsh(rYEuEw>iX#RNXMBA1b&KUgNlx_9eYhRxg~Feu*0FqUYtr zeocKBZL+twjewmOp0;1ObzB7PnP=rw_k&N8`|88;%bKt%>Wd&J5D00)!B`thXorSd zjM7rLpX$AAr_E$*)-Y;!w?+htyd_m~cz~&q>&(ce^743Q*P&MQD3b&5Qzv3=!A4sP zpW*Vt;zkk0al)k=WsJ{j?26MHi8~0a=j8qUUIesLYJ)*E*w`sZG&kfN(hiRCe%Z+e zwlIXFIuk{3PmgW3qEuV1s2sp;kYDxzh~0XYONponU+pVG0L^#8g;6R-4F{QG8F8Qy z;hKDp)RwAdPNbC#fB9nUJJj9)!iGuJh*g3ey*nJUj3A7MEtkMdAVj_?bpl z^A2qjk!bu9yJL;ngo+>GNg@fWwqE8%S8x3kW6MMlY!`RCX2>osMMEQj-3_BuB`QuU z@5D<)j)&MOv`c%AZ<|Zv{+=}t`lrd*IQ;42*=+cYGXRc?K?dHP*0+_(&au$Io>ZE7Izxi3 z&)lffZ}M;|T#9+>vX(;z<(E6}{XSpZP*Svh1qwt7VtNv|Urro11q#eZ4h1)w-^FtO zhG%_IqgHHne4Ei2U&QA4u+vp^#ifD_ikBfO(^}q4)Zy9OjhL?8ZDiLwEr9CpzT`Z} z+&WJ&a~>2HjXEi<7085>jqA}GBlVNoCG0~mdB(K$U?!Y(;O^ZNxeN zkK+gZY1Xho_7dX)5ATt%Yi;1n+c%0jY`-9O5}}yNW5#g!)ye#_OjzF))GIroZlbK) zQ3*%Ci`pjk9|r=2?s2J&Y)2!L+5Nk)teEc;Mg7%b);Y|~6!-2btc=j0j16 zMh^(D{c1um(Wu#-F7;hCzO0Xmt{ad-gN@rT#auzOI562zkH0?U&Aqd;UeNk*t@uUS zO{Yth_==SIpdI=zd~!*;DDCmjoCe_imnsU8R3GTm9!MNgdqX&iy7awg7DDHBq9`Co z@rqXF%A}Mc=^hk3HODQ5Rop!|?bY@kF@1=ZZo+CQ>x0(Lw5C9AVcr(7Kn{rsgSJZd1z|X4 zMA>4ljW|osEo(K*2X=?0_KerA+az2m?;PsxYS03JRmb(!$pqzA0%o(T9W+ph04-Kg z#iFA2rg)~#H9Uhn6+EECAQF}KmYC|T=DhKx+`#pYrA8!IPd><|gvkh^ryd=hw!7^$ z+jS(t-Nh9jfO99iIoYz$h;@!iAJKgd-hEIo65+pSvhDP1bA3<^gcA+j0&UKlM0o1o zP?Up&3b;xZDB8(RGun%X`cDv#(MtccJbf3O|PQG~cL;^e) z4D-q_C+A%79@%Q2|LF39epQGK3N%&L+%L$#FL~)awFy5(q=rgh%+J-NBiKt~Z9mW9>8@9$5 z&_zU?O`kw&2(gaQ#k8HbYfeT8>rWLY0gdh+sO*O><47!n`N&ocK|LO_<4|}YfRst2 zwIWOHns^MQf-_gVxW$${6VPwEeY2Xi6Py|J4n?^Y$k2M*stR~HL zlHtuyBhF#jr){1;J^Rn@}74}Mb_Ikx{A-d`Ew#HsxS?GgwSf@h2uaE74T*# z-N~G_lHOzr?8csVJ~lrw@r2Rq*ZtzeV@TFA+r63)xMhkbaxZ8!LMoFMX7mf_7xEL|Fz5exzEn=h;jXYAx}F}}EGYZ$ z`DjZ-v%^eNONkH}HpVam54|AXyEF$eVp^w|pDkuVKk#jjTD~G^oKGw~3d60wR?0r5 zA2yySjuo>88QtHM2viy@g{jZMcGGae8`DteLb%L1ev6bE*Zcg(lt$ic$cAG3nVqT+ ztnSxm>J%RhzuoKMFlZ{uQ;F?5f1|W}XTBtzoPL}N0!nBYiilkn3GOrK89a_?T6G0U zp=ica>@)w@B!Vn^g&B1_zXqSQx=R|^wf7u>HzI;&=aR3HnSk%um>Dp~f4`3n?kBW8 z<_S5*vt@#_Q6n+H16hf^2q5pKnyjW;w09qi;N7Uyk$C;Ld1kbqU`Vvz6g7v^muq=i&VJ zN;oshM0b|oJCyD#HKlp)YN#6vE`Rru!zig`2zGQXc|~&vfdo(+1XTt)oUvTVD-f2d zt#!g;s8JGo(JpR<0d9gWyJ){_{dLpM?Tgj(i4^ZGQ8wtiW{CZ6t!)fk{Jgx}gFt)x z%d|Q|9u))ivKp@dhg7Yxip_--i2goZz5}sSB|Td{wf@F8(n1D4r0tolD!0QQrg9hiE2CA`}^G$wq+ zHg6;$;i}Npd4KMMdxHHXK-}pJ5cEE4NhV^JufVJ;1piyYe2j&Z^&rO`VnEfB+R1=d z8+ueT3cEbwnE&%^nKy(y-KB@J!04ORf=AOo%%Cc4L8&yIPb!&|VhCl+5uFB#@kj{3 zh-U)3^wvEbWrQRI-T@9So{cPynSFu3%c*73Du!}mKcEpac~C@=eCn6=awHcqIzgYg zh_n*uCO4HU65f^8{61SlCtmYGfW(*S-Qg)JTZ7b@Pv%p|F{q?R+k8w=$}cjgHf&K_ zTNHa(G@7~;(>c{b9toG3N3dv!8c0QQP1&GPnUY`+X_Vtfk`K0oZsWQ$EiqNfcW3}` zpk8uq!j{>m!2{!kN)OZ%Tqen&c+2GG8xVzpNagx&RAs*wQVgo!j2DE@D<0k)A-Kb< zle*xUB(9f_QYv`Bi5x#Ww{F4$XUFmKnT)a4%q3ya*RevxVuL7v9~(=>nMilAOk8LP zblay#@!(Kw%>`(r4*&aIjwbIcakZfZqp0NpP|u>nYm9JT=zwoG?=*POCZY(97_A7< ztrX@)wVVU=y{XAY^p5Jfq>~2c2w_I!CpcBac2*?jXmHMc6vy(x_3eE>|e!T2Sk6jW*g zJ3R?eDU_$|7CpGVEECjJ`2~8uG;_(Ax2SU}(243vI#f~gj4$42+6P~oZ(x6_PGZw@ zLM680SWJ1@pXj(7yjMzb#`)CM45t8Jia~$208hCJr5~yI{h5R}R9f52s$BAw1qq*` z<8Y9Ik7imu9ZY5!b<>`9S8ZDR(Aj^y4}uY+-t$e!mL`VZ)1XSPaXOn}TuCjIw`Vk5 zZ;q#yY_kf3el?JDjF5>GhW;-aniIP;%n(l#<2pN_t|4@VB)NOD6*PUy+~wb}qcw#d znWEf>C?5R$erKl-JHc(jt2#dd^24SgpWq>n4OIX7zdy@Tt+~U!TbMtz|8m^QmrZee z;A%3G?6sbBaSn1lu1$ec6etuuL;9%Zz3GXaGake4xtz>LU{ghn)`xn%R4{9Uh+ zW}++Ea*pA~yjjX(J1ZVBKSgO6CvT_3Acw=ck+KM8I2}eE`*1o?$uoqX}jg+dLxynoJQLSmnksB8t7Sj4!p9;JbWSzv59`Q&M#W2vo)Tr6bm-*#G7 zV|M}XCT?^_@5+uSjEgBXR{qsUAS*MwD5llg(J&xXcAl**bL(F;;2rNur&Yl_@yG

    J&~cnA5tbZ)11zsq74WfTi9b=OlE{M?6pnVE|@`Dm1~{{X`#cjaZR+{!v} zZg(ajuBmW2QnP-P^r}-lupm^zl+|@+aqiUat{{3`T`!=S7*k*t?JSX6aIEAyYktvN z7%`=fl}a{3z@dsZK{^5tRv+Roe>J(4NL^ilAY`j6%kR3cG}CKuOpvUdVDiN3K5!}z zEA3$^g^MqG&?dO(E8soyCyadM;KrtisFY|u>E4QT@0$5*4Bv?%4S~LHh5EwbbUFKL2Fe z4=aZ$Wl>^A_>I(D;$hR;@xoRO=2xNcf*o;9btNAe7n(s6J};GHb|!^lIROeD}JLfX4|k7Y^`Mu;i(RsxHtPsoR8I~4Bg zs(UvHonPF2D@F#+-MAi`+sEC)b4k9!#|++^IxDfdz+CJ~pc#g6$n)It{Hz7_$a~0m zMcec;*s}CdQ1?x4b<09^YlFWPh#Xc*d7;!8D7^JOh`Rsz2pFr=}&duztSCf+H<4aR*oYQG=VdLS5O z$q%aKIlLp83r1U;O~jz0@16YghIT!)t4?t~3XOUBC3>Vx4Wk?;q?Hz?LgxdVd@L^a;~m) zrt+Ibxbvw0A;NW}lv{L*7NDvuYj_6U?W11=lMv`Bu@0uenQ;}^?w!q-;C-%g?!!^= zmw3b&8T<%1CaS1E(OLSaCtVMOSjvab00BTV`OTAnux`KWxoq5#7|-=-j3TB$hhJE- z-g65+4xIF>tZQ8^YGl%fcG6>&u7p9IMpXB^+D#<4uf+uHz+F^PySSWqiUziQ1@1>E z1G!#e`{C_O9nA5WhDQN4KBza8e0U<(!|7koqYtOXqe~9<2u|98v|$+<2&_26phs(| z!y?39xP$&p+(V%H89Bx)>7o(3xTmp08OkSvUR`Pa=o!N&z)|1@(|m8bW83mO$yy%Y)I>T_+iwNQVqE70Rpm~!hy`f_W+14E4N|m z*nJPal1O^~+Ew%l4XMy3q$ify&bloD+Fp-@G@|pYN0J22O0$yQ!8`Sn=S#GjONKE3 zBl=K!IniQ?mFLO0wPrL(3(9mJFEvjaP1j!g&o$8{F)YzJsM!^RPNVcYg_H#Bf_+yb zQOG!UkNAGl^4UTkzjnNJ)471(`>r-v$#q_zzn^YAkb5~sRc=4O;U-$CErdb#t%~_S56=adx zWenslD~QX9#EX9I)WyUUgw72PIA(|pGrDxp$MEsa{6DG(f>r^mD5+d8Yng9xe9jl=OXd4)vJf-yP~K$uZjTS?dVrVTuEKZrjJ_?*wc8!rUt z5Tfu@m3W5}zKePV>rKdDO53S+geH9*ogHz;#iCo+uC>|GP8{B^T{;b$jPefNjxG;I zMJ_p>D=;dtil~r4Ig}pq((rWY%eVnspFxj$Mp9MjWT`U2PF)$IJPLY=oHg#nfFLUfdS^LS)>~hiYziQVJn2 z^mH!Tt1?=+#n2J;FU=_1;nR6ye5OwYY`F&jWrWuD;?g_DOl9Y?eTCzrD?l|Y-#wp_ zHb=m08QTd_Rb9`>uR=qipe;0d4hE}@Ed3~X&;+yk6$Hu3bfT439kzcUqb z9`T(SU98hIi|%C773OE6ct1~T7?QO7oHPnP=)qCnA;4;?SEdtnipbeIFk_SAgjmzD z9w6VF@JIwTm_^d6O-!C>OT1Gb1yO$%Q|rV#IINi2P_=f`iS6ERM5?}QWZ);$>oRqrk zLs%Zpwl4hq9U=<`z}@C${gu@xUWu3&$85})hhfU0OPl}2+pdqPk)ZeK36tTkiIzqp z7mIa$Xfh_I+gdioCRZjn0D1QJu};(ijxoq*~qmUF9lOp?jp`du7KH)qWce zU#_Y0f*)%`JC*kxVh|qDfBG$U=zt`PLWF~Ux<;qE9EwS4#YTTc-r)o4c+#5Y<?o?RmULv)z0e&jM=y)!9LZE7l`7s zkFFd$eq8xE476b)I~a}H(A`uY!Q?)^xw!nZ(57(-r{XyN`5JvtP%fx?!45$UqHf@Q zNU1(K5* zSkA1!*B{aGp(1-Opve73^(7&qUDL;(k}n?(LR*@9@|UJc+%u|~>Z5!CRL_@pc`U8# zvFdwCl$%#5@Uc7x`NFPq*M>TivRl7(xhR_T4)ZG80)kv_5T+yDq0Z{U2L;RvIsTro?(w-(XJ>ur46)CLM%Jq}SqVT#HQSONWb%-V;VF`16<-Y!;}G49&=Bss3wU}Ac^UI|Pd z9&J+tA#?MpXWgP666RrFp7+5ej0}}ApqIrNw0FWGm(J{bI#Wxk^97EEd75^39b832^0ryBFgbF={KZJ!^*x2M!`vLDoJD7P|}WG)t=3V=lh!D&$IQLx=}wzQnw2+Y6K_ zVxc!k)h_PeWI%2`7DmNE4S#7Bq6-7Fl|`!%U4y8)^nheA?-0ilQtr@^M`qZ{zYDgm zAIFyo^4fW~^{WUah~8p`N{w*#{m}G~PE@N4FH!DIvOX4HydDl!LM#g_G+tl+7h~tp zoLd*D+t{{k?%1|%+jidAwr$(C?d;e)wtc_OsXC3*xXoGX2dr5&<`|DW2%oRKNzg2p zSrr9O)!sZDmx=(2kar8Dc?UtPkR+=)4u%81`O+6r9)mCbq96MB3wB03H^^KalW#il zDPemWrSg(w-ydT3NP%BdeC$iBQDRO?R2x0s&p*mx7NqvwO3t;==R+ZM{plhg2xF9| z#qeFBW8we!4WgPw1lAMJpAL)~pvavd2Ls-q!sw3%?9rQ5gGv5yhelF{hlvwq<}d$e zFA;n>RW)2Kf4?l#K~pl9rRG@nu9PwqEN{^859ckxTk1yYuK^tKyu?IM;*#EH%+I8U zif+No|5DBLVV$!fAVW+Wkr@XZb6rR^di}UD^jhYR1BR!Ag2V&5NRxg0WSEd+brx|S z233?!#CY4;K@n3*5Dk#;mGm&5b>+LdP*&76;a%>cM@8Y#3MoyZHI`mE+$0?wRAd#S zI8LP@*7DiywS5!f%2vIl0OZ1sgaO!1PQ=RImw;Mj5?|ldOKei z$F+|i|H*%mp+*KjQ)?VgBiWWcs)9TF)lO}s9EMBK8O0W9Z5S`E3e9meOk|+3nx$y2 z0c&}{tJTI*jbHO(J>(sfYPzqu#UHQCkbW;BR`|}e9rl!OMv}jTG!2JlfaU7kIOxc} zdX4k@2E0mF7%eh@81qG2nt(5c-t3K4$jGVRg39_=R#?9T$K1Q`Rn}v`2_el)An=9K z(#ee$<3_$9kUEsW-t76;j``oLTGb#UrTV?5y@kExg6Rw&r0;IfM}3x6Je%MjOhbRZ z9+fDCip!*fkkE3X@QH_zg@rBH)$W>UHI}yz&w|a1+Qm{2Ke~?f#ozW}PP^z{#<3x~z z@LU{(8nHBu{6)%TlinFTT(pNC#VGFqp-oi}&cx z;(`g(%+1}tdG`*zOeZ-G0sVJ?SH)vSg&h7xIe(G~$LnmmX9l*}kd*JNP{puua-qxv z)ze0EWJIV+SqyTIXihEL&m^KDRU%Pa;;@bLvDylm7nR7yrQ&pGl%0zMpfG$+XT;WaBsOr2Xv(5=h=I z4uPqqjJ-$H!k@`Eu~Xb%*!6P^iNEt-zAm#J|q|kj@5+2`K%}3da7>UbT`~hdxZaNTb&xc#} z^r6EIf>3JiJ0azTt9avU#OoKrMrESDd003R3ba&R-oGny^25X1G;}tBD+9HJnUk&;?A{Q=slW2k2u;m0Hv;tMAO!f` z=#W?Fgt5nyD9*TI6uY1KQ_UN>!xu!;(_Hj$hiKSCrnA4~8$>0?pEp?knN!{Nw%Uxk zlil7EN`k0JCfptsEA>AxAGLMUCLBRD+*fG75AZ*)$w8%w02aD&Xr}BFSPEYP+>Toz zO&4lfk1_(RXy)=c5Y-fEcZk{)rRm);OD{f9Ni=MIi8yBY$;XCC^Aq_`L5(7Uv6lj3 zJ_kg%v_;J){p^V&Hkx{>jO@F(og0>w0=_x^!q+4;=d=j2d8n%1*=a0M{#B+8b0=8e z6>wvg5g~=q;Wr0iftl94VUW_Me5x*fo5h3;VUGsvXr~Zwwem6omDNyG$j2c(P5AT{ zsT^OYmC}6q{CL}xcpp5q-7J*F)Q$oO=KlK$b*Y8Xlp(i#_iW z44EKMdLNuC?^;eU7_C$Xl~akosV;88N<&|^HiwjJMA>(l0W^z{PI|~3>OOG+^1BNX z+7W0}%mMrQNa3-;hEP&oAdXf!@WI;tB6shJi;z{K(U&Th6E!{nEk0vFb7`v5nOKl> zk$TAUby(+(VMTOMShtdCXE%t#h5L5$sJlz&-)ypvyoZ9Kcvv1SR*n+`Dmu5C7f1w}97yKgq9tAzzpr`Ts9bm*f8sb(vUM zIsZq;WhP?h6Cs7@2^#P^qTC!$c!~!vjHJ zVBE!~(FW@*dF04I3jRSr-a!Msg^a$7jtCI}2|$s(Fp7{#;}t-;hYJB^^#HMvfm{d= zlm)mx2oKs`>n?76*+B0%`~$m-jEr>rb%&hb5?1=o3v3N|A! zuHYWRzXyrB@D`_MpyC3c79fP?FcRGb0(&SZG;l!&gawsVAYS(%k{>LaFQ$EnuT@+i zLdL!R;qQ}gS|qspEo@u6SXWmN(jG%7od9?^1aMyUwSBi|*As{U|~neS?!u&0<6OI))yGKX3IYf&D`T-8CTrR7Cjrg-{xpK?d*C zLyC$vu3NnU{_<OU*NWeP!Y5BBt-V|f}mhC8}LA0DRm1 zeEI}RLxjb%v3C5ZemUg!@Ghb550jF?>>pr)0KdJBgaDD8h3*LqTLv5XmjZumX`mYg zgGGE#V(gUpn_c~20(1W0Ajl60m{<`n)`Ws^{!nycOG25({v3P?sC>6i|HdEm7kxR9 z{oaP8?Cjs|S;y^t{7S&PhYa@qFbgKH&7$)GWl26^5&dkfAbnU^o+LU>_+P5(4W2P2 zi2NP;-4V@*W}ZQXSq$sc-ugb6BJ3Qj#||DwQnV|9y;?5?**^dc{E-PKptFH|8a)W2 zICelsKiVXqc_c@aa5#;k%!2&uKBhp)B0CIKm z1HvVX+F$pAfdvk5?icM(%zy%d`oWC^2~hVZWdd6G*o%l)Kmro|h7=uldPk&!1M2z- z`<+clQ-6^;1LPH4ASb#^7-H4rbQ*yzJ5bAEW6 zDcsy^d^ghBhCs z_z*y|onC!m+FyP=o3?-ZaeeVcISyEj*(e-KJG!EfF3FYf`?pwqsI{fREr7@VC}#2B zB5&?pm1_{?8qpYCg=ZA~I*m)#KmIye#Nq33)6cvSm2t{s(+xuVj1_%H(l{1<(?^;3`Y60=gaLZbn03S0t<*Tmnf8u9PN@)9a}db+NOutDQ8rLI`4D>}{L zZ6->skDuWwK$e3-Fq(Aa`q=Pcjhp($@t$w+rCIxO!pTY$n!?vHAWLDtXu0n_d5WjY zQ$ezeq)IXDVzme1d@N8jr{V$7uMU$dYe4V}W#6AFN5^YrCl*9*RG3*^0yz3fL*fQC zVo+fzytkM;9-Mku!e(hD^Q?!l5x7s>bJdnyVG@AyD;mzB*GiwK(KS`5$)EnQ8rz2! zUmAs+0TQ$LrI8`+22Li1Lkx}z?atl`Gj$mvsc~2Mt6L3uJ(&^#WHI`v&qkbpPYs(72^h*Bdg_~C z0&0vaEg*C6DmHe=jNA^?|Bxo;Y?-D+RNFkKM za1jL1KSos&oU+luG!9QiLHHm>;X2}j)Ra{8T#+WrFS!p^36y*) z13o$VF<`W>rv4lptL^v}@JmGf-HaS)#6$h6NT$I+k)8mY?u=qB-1$g;niWKFTPSD_s8?sLVsl1O5hS$nNm6UYeZb6& zXvUpktj5Mrp+P8b~{ zQ-Y%R2JBM`{1>)qS8!KOCNyLI^AgxJLk%$Om}o0dS9VfMe$JtbNtB=v@VT5`4~=NP zW`5@(mn-n*AfuFY_)C=Rf3wxjD#hDXQ>z%k<9L%f<$4QD^rzB?E)PW}VIa2- zcf}CtK@k2D9CnE-ILL>&>D%TumPvJER8s4 z^4pJTs;PDWsQGNnNa@H&m*zNGRjc$jc?|$2{`@YI1_lbDc{Ae8G0#gTdY;5+$xFjW zz;{yDaChs(z+$3pBwK}y#e5yy98L4CCaq}?nVjK6b7bnNCbOOKHWBg!pk0JXplT3# zp3{sE34jdTv9d*_&Es3(DKP`L9Q;m6WV)nZMyvfV1cdNAYtEIJK@h&`RX%n(!L7$b zXH4tH`|&r2GmAv=W${r;852LndNVAOcKxuxQ3g_4E5OObYsn3?a+%L8CYbg_6hx8NgSj4FV zTx`6PZET2cGBUTPqd$To@w6eh423kmf79tA>?rvyOQ?cm*J`Vz?^uydGNFQGCCQ0K zvio;+9e@K>2W=ZJ4SC{oG(jgQ`F_QtR378JSi!yMh-Ze*XE^cD0y~uup>Up<@)Wq# z;k>DXp*LYjdbsrOSv((u-aS#dzdaVBd;qDmoZb!Z7ZX?>q}-a^lJEiR?7^_3?G7Y6ChBZMdjF+##oGsyBQ=|vbApX6qr!=Q9n28j^I@9}xM?R(cU`&wZQt)aArj@&>a)3ZL~lW4Ryim2ib`+K$2W{4`ugEhd zD3>?9mCFY%L>4jaZDtCp)e#>#KDj6l8%JT`{{9v>yST-(RTzeiL=#ME@p3-3w;>-) z;-IG^PnS%jZ!cyZ2jOt%8h^&HwoWmVln7?!Q>rDs{btWUzqK$AwPLClq`j6T$kPA7 zdg;cX3;V=ZYo3rlFlI3LJkS$D&`xsX40VAQrhxk>A>KuEv0YAqgvRRbIDs(p;q)&oB**4Z>Zgji8^tr{0&#o`}&^J}Iw+?a5(_mOu3G)>*W<5pG($p(9h7 za2jnwybhc@-KEyQ73$T`A!Lp&To2kZL@3AFuZ))~29v+VyojxQm;`Zv>(Oi? zk@4$-t)KP|60ghTaeWD1^IZAcrFNKD(;QQeFtq zqlc~)EV43JmrId0BNe_z9z7~QZEtr90pCmd9&;gEEX9Q$aBNj{RrsWn zg?K)u@14_x4g(D)s8Ac$s)93cB^_mP)`u*>0^;#| zj3J2KKyHt}32a< z5Ga(iaj91koqH0jgG?|e@ea0ckHh9%%jycmyrbY}ZD3sx3;%QTI6;wi<4P;@Y$Rdi z%q7@tzh5eqSh{8Jgl{(TNN~i@%L2s+f++f1p5%S%R`1l{AG&mz&B0c^c9A^$j9RtgwH^EYJiNBjeqIxR$E2Njov->Iy$2cD8H>+w3t1M;G6f~!O6C9MBs-KJ zt@t%YJ!EBAUmOB!GuL@)fifu~`;DAG&Yc`F*Z-*V>B!<=t>8zv|G9chbFdr1zfNnZ z7lH33W!Muhl$QM$bTRGFh4*R7>*n2C+}g*4mMl*zg+l;dhO7-Tjdv>8gWwGsYs``C zrF88_V6~H8U$b^P0nb6uXIA&)nvh7cyu%TnFmrKipcBjn)59>)^?I)7c+U|q)7Ax0 z1;Ot>F4Zj(ClU=WZ(}|l^rmZIF>D97?9}bA4&9b|cq{_~H9}`lw9VQJZajRo!DMMp(>0 zUgT%v+<$(hd?AQ|SWSPgvP%{+m|%K3x9&Nl%tU*qZA7J+eTF(}C6`pSmw4^y(daOF zQ3}bdid}!IXte@8a_uzrOlGm*_0jQOUoc{wS06TeXCPc4qDVfc9|&&TGqED~*1^v{ zyO)W7`-5tl?ey2JhoiOPTJfccO2FVk=}rkOa&jZmiRYZ&Lx{+cD&k0#3@RrV?eUlQa>%Y7pLiGdq`&MZF(y4gTK zbSo%?#Ll z6+idLduJ(%#Es_9t{Y`oQoxL9P1skp_pBBOLZeyLzG&@1&X^uldAgJz5L?OKjFYE0 zuSGdimeU0JA2?PEg#{pNuh$+3-hFQyF?MIe2lVHsWZtrt4^(xx2AN?tjMI~;pVJH#&yg`@XaEZ}D zG<*0b`QGVvu9|3at!SYY}vgfbD&Sw*6Sbw*)vsptU2wJ@Xj=MhZMP$U25_)ah_)M3lh!LGi0f==@;*dbCQLs5-3>*$8(E~@dX-|} zjJtp_o($mRDjVufUb+b}XgO9SKc(^^<8_f@w$pa4X~}NM>Fp;u+QI?W(Go$x6XtGu zD^j;t>Mj;Al~{h^Y%G5&eDl-Vcs)qPEbNGiJ7jB^)#2pdQ6;b^`&Bcwm}27WN3pvR z?-P-%2SQ}wOcf3WR5)BtC$g&6+}c(K$tucv+r)cPolZ5-J@rlos?@Yk9@lcw{ZB`G zx-_*xn#u9&ocx{+38}JDvWDFDCoXt?fp#LB^@rjN$S%!2}Sc z2{ys?pch7%#KoE{8Qz>|zKSuBCVe~jLNgoR9(nWy4~zYs>>d0^%N6C$9$tI)4|2hn z<>`eIWDb^svMM|Q@;pibzkfxtN^HGSO{JGlsUgbF@6R3_gHz7cc30W2ZKh2PehUYQ z(gM)}?IRg){`%>}pXXTs^CEMfh#Wz7pU+Y5(Y*PN_exdxJzWyYt4xcj>N3d648tt8 zu)p@3QT#vlwhdHJrqMQ=(ddb8_tWS3jMSA%nh9Z=Yt&-jSeK5MXz}WDjlBG-OxrSP zy!>~ZD`Pb6KOIb1)Rdbp3$9kSaK@guk$sP{`w>cUSh3A!*RaDs%!f4%cbu|6C#s!; zX<`k)7~lumuj?Ck+efTYC_m<*da|AaN2h!cXZ|QHaFqH?qI6L&jJNy+%T6@l1TAk> z>k*h)7$baJ;r!^xM6!rXR8)lJ7e4yDNR#InoXBx*UQyajqb)JJj*F%~vCXUS3E`wxyS#a5|R}vd$%M zTtr9b$YWsTrqTdT^7toH^B~q9J1616{$BnS^v{nhC@6C^p?^~^|22K}CJwnT43cRT z&{SI4JNnwkb@Tks(>Xg+eH@}2NoY5uQjcq=zH#(|Cl7|N(dRb2**2!;mpSa|O^o*R zYjn&_B(VLd=sRm2rO(4kU%o>JH6#`_5XD4LotH{a8liRZ-;!`(%p{y~Bx4$#9T_(7 z_rop;!@%{k7;agmvSB#b5E>bgZVg|#^!`x8Rb!$Zznrc!h;Gs~*r)~irDfqxu3Vlj za*0{(F%fV@LPOb~zIZR+`8IPilKSxms3c4jxGzW@v)lhS#3P&09Nv6VVh`eGSd8Z4U5P2THmLgUS0hj5gFRk12L8~q zIk1wEXxpn$dutR8QP4MrY4urL<8M&YcGs~ZlBK0Bvyd~cz`Pybl)$Lqb8%zp*n19yml1 z)ZCR0S7iGRk2swvH>`J#Nsl%*Xa9)upqTl(Lc^97XVQz6d)cLT7Pgz>l;;2&bQUG8ieH#G0e!#$L(2zm&sJd$7Z6gUy{}A0!5{&8;`5R zvLS&0A#=RF(%hYu{PHaNmuGp-056LQrz9-VJvmAe(sFpE0?)McqQy7ECc%#wFJQ$)UM7O#VM1W|^2;MM4-QX6xjc8u=7)4) zl420=idu>ZsLbQ*ZUFC3+{jg1nfR4`8h7O6B?o*jx@-CnTM)iz%^QTP)A6&o@-V-E ziC}r&-8dHNPXhSme*c47iRcH)ihQq7UxU@C?`;(D& zxK|cdE(IGCrn(P_z>kyHSUm-1T|&f<#SWa>bUst&tX<9}J5q-)X%=8|gUw=cH6fln zwk*(SoZm{_j&kyq^7V;PA~e@{Fk6wcXpFi`Lx|1wH}$ZR+V_ob%rR#;Q#oB)JH+O4 zH3F4O7p#+(m@*%QXm^I++TBhPotJY1=h1o(b)YCy-M550H>8O8GDW>h`r>@e1Ui(m zq;0YC3d@<_A^?ZTe- z&g99AHBtMA0{TdTL9#2QIjehiz@pt(31#KoXZ6~3I?jLq?APW=@H!7JufwCvGosA@}}Z`nn+1@1$b+QdYfyHyrdAiF>1>L( zT%rHYM6h&L(4As{1ZXT-Z`)OLYB@#u02UkqweLt7(@vMzK(1E-m~HTNsYihp@q>z>cQHeZw7<+Qm#Y zB>0rOL*Hv(x@het08DIk@7V)`%_oWN;XAF`yZ;NmDGfxP`+nlk^TN$Vf_UK%>Kqlc zDRUc|OK7<_ox?LEuQCe$*7ahpMNeFLz@#_Fr5NZqr_s$4_3;i`h>HUVym082cnRpv zofUb>HmydnBpLG~Q_w5cG?(&Fa}YU2{$n)Ke@k8BTB?MSgH?~){~T=TBq^-V9WAD@ z+#R&k6j2ysMd2VgOiX$Bx|-oTA?* zW?7di@t^_osT0Z!Ys9(cN``wp>tm;*qyS{wBn*e%6lEx3%NVgVkH&aFH(1Va8@u>W z?iWdL0pt~Du?!<`FC+7Z9Q=6aCHhTX>*9!DI|6i9rfv%*v>%?)X$g1}_6peN7aKQh z?5F%Qule6pBlmyq`;H;`DhminZI(iB{+T2K=i@>JjT`f|NFUSa998{7a*`v?{a@sq z>;EF>?Ck9S!^)Y7IM|uk{^#_+$vG!G`~UZ`x6tIx?ISLw5$gqMky>j3)uCDJUo` zFB=tLQin)xN38w6cpe}!5THnzV6u`x!GJ$VRL_JYc*O9Ez@NhSz}!IrpN?1~*#RQh zH`oCI+}%VDk6)*Z0b7BPKuJkS`@h!+icbMV1qg;%f{-z;fu7suu0Y+OG5ZLLP|W)V z#2vStM2UGz!oq%jenEza4nmwmT5;io`;cN?KybvnNFj_P$amFd0StdZA1rKw!0>=f zFe_dO1CY0&&mqMHf!ZNFDnP;h`CcA^x`Yq`wQm56XKe!UDL`EzHoXvn`3>X`0|$T! z`GUA43P9R$8PfDQu}G@1jVtl$AFC@-Urc#?Pk9r!bDAllH)@wG;H1sm2C zeC+_;F9Qj>f(8$?zlHF7HNOQ6{4DAX>n*b5|4j8nJ9C|(W)wH&h=>RUcP@8V&5uq6 za_GqO3REb-xDF5T8eI6};v6)Dm+RMhaCSs(3KH!7F376(bG)4e_0z^Bk^sb1kkSy+ z!3lH-9`MG~0rf3yh_?^@4j<%~=>UKd_8Q^?mT$Kc3@VUM*dhc;;rNRQB1qyxBvj!K z^2?7LAP6K;0g7UX=oB^t^%Li36UO=N)Yt0|wnAtK-IGcP1@!g&ewqJVJA`-e=QW`J zyuV&^Vn%R&MKJSrKJ6DIHD&(?C?%kQN>ET!8V?F6GAa^;j4T9L=og^`G3-ZcLLi6D zNZv7Eh46V7;X;7z^M@MbMt~y(^6pl%>rUrf7--v{b_a$E!nNZYi90gdVI4Pr4IAmZQ400fML^k(q)I*6-d zr;lj2z3B^H$o}>7mCL((nd}vIJ%29rFVh3HgWPj)R2Z1961lJzY=rfzZ9= z)WAJqB>!d4_)P;L@mKgKQS>T*L7-Xk8}&^BXVL%&Zbi7N8Js!v!Ve$Gg8H*#hoPom!+o>w!zAfMNAe!bia)>gGcEujR zVlO*x5s^v*fO$L#oh*UQ^QNa^?@mg-N<&*@b;MIQ+@lUEu zUPe3yH{qarCA>!lyC#oJDWp>mNuDnU#jK7E?KN21DQzw=8{#GQ7Z{9G-kj=DctloH zYExw%&AK}FDrRu-vc?N@eVjZ&DPAL8feh%2)r482=~bKhs}cmdED^DrJ#>$-YBnU@ z_l|zWoTEy6$!UGSY%K1gorzog*S9*7cNe6~QFWAzdnGtM8tQ#Wj1F?TC{LO!3htkh zjLXLvh8At@!CrX64mE!7OYhk!#V=kou@j+OvZkB@)Yfc}1oly;&flYfD#{)dGejSs z@4P+|X}bJqewTkaQWfl-yamT9l}svhxVl<-*2cRQ+PGP3^N;D&2MyxKiPR}|1xLGN zmuI+$`*}A8wjHniQ;KpQq4m2g z-AjN5!6*ZvYi#QuG^9utg=-DgCnvQ7rZSN=7Y4bi$nU58-s4eVJ0tjDUKw}(EOOH* zY}AgqJ3fSMRLy_hFg)Yr^zm(edbNMtu3$f%xA?R#=`yH)SLO-PVvu+0(o|G&VpZhI zl(?MX1>m+J=BHDJj2`aCP=^)0Yy(dh)$OVI{~q4MGC z4%5{|IghAYbFz%zvV!_sit^PXc4VvhUy~CMHxlVGKWsAsm6($=;31CmQRwR zGzZYn@xAp(MGNU?x{1nMIVKU)+(T*sr}>rB!RcJ zz5ftb%>%0`FL+#01_g`O(iKP26mRU|d z+1$f-sL4CW2de{YFHYyh+UJU;3KbofIIxHaZ= zgPb1P{Y6}_zL3>S{EqDE&UwvF7ZEGPbZpgqsA8L>MXhH&8(_~|+gZMFi6)$U>vr+d z-x*Hg`rk1p;TqtUYm#?6vP=fjn0Ioz6TPd1Cu_C0zK=E*ypHsKcq!<85It%o(|rS3&cWEtZQ2$CY;QBaV6e< ztjw>ow!sC5?m+doE7V&>4{6k2##2;#BDJ#kO_Vb^o^=3hK50dj(tBQuSS;T6J)*&8 zWH8yPK*kwL<_}on0^D2zQKqW0bog4<^|$#N|3MwcLKMblFWEf~NKESc(|`bsHQ6yt zspYAm6eMh|P(&1&hJ3d}FvN2h`LayRH?_$j7#+W`M|cnC72kGpbrPKGg#CY=sJ_T2 z3Z>*fWZz5G{sa3L2}8b0S!Ec%8#+Ao-<1LN3qiMS-sF6mC|fD{ZY`RC(TmPr56j#e z_-c@QZnm#9I`@;D>}i8o%l#B3+yG72|M2R%8QCqBkG3BPKDYX8Cuzb^EebGL8@@Uo zcPBN=fwFcO`ieQj+cG(W^W=xbYi6jW55Nx+M|NLMmq0<@P3;=fB`-yFsYGKF-?~c$ z7Z-dsvx~5{SNQXQQbHR7-xxGO`7i~^XpCD!g`bEK~)$K}gP{XSH;LdV3J&8Wu0WaBY_+5sXBAJJ} z7A|~i&5{Qh;CZOB$H)G4hl%&dJ^$H=wmf1{@9J1*^{zznw_5P-Xf5|a%C_t7Xd3f|NK3sht#P)(8`--n_oYqNR z4W^n)!N)>CW86STceQhOQO&v~j;fd!4bBsoj|mmKV*pcRl%lV5I!v5+xZ!*8YpIK7 zqb>m*hFe&Von2FOZCH}PPog@GmF@7g7S#aji;ffQrQ`Ds7V;!#d*t}km*5ELWOsIk znxidAf`l%`U_Tb7CyavdJ=tQ!Wc`MzA^IiyaD)7#x`*E<6d_$bS7?r<*p*~-qtv9S z$R=O=(~jXJ|Cowa{hx(nr#9xKzOH5Dm@y#>egzG}L>haHbpP^VHb{ToF^lir+QT#p z;75!C@ea=cz-zY|(V?0q=F|J^Xl0>cJ2K48^Y4JkOZoz=ah~N;u>6nG;n8 z?=fZ}YXDQ0Zx4cLMyQEDG$7#=`al`z65-_@_bDFLVXnXUKfAhkp|9z%pBCB&Fb{GK zmPZ%SLa6L~Q6Ru-sRunrc*9tCno+|Z<7+8a0k(R$dcp~}YerHhydm$rIe)@Ke8W^n z{AcKvIUpBKg%Gj#W8*E7h@hORUjs(aF+7+2UF?&|czef|Bc-c)7)~s?9O3o`KFIi8pCyTblHdafpI5O%Ks=IE z*YUQBngyPj^_P{`m5f2mh2A>o?0rh2YGlOC2Cqz^<=OWu!+OtOa@_`PwrsW|8@1BR z8Y>h}Q3!jFw&@-%s6M=Abx9K`0W`WA-8I0n3jCw32A-_YN#Rzg4*h zWqD&HJ2s&g*=~RlS+l8raW_s9n1GT;69A|8q}w=ORB>N4SLgy zCg3V~nTbHV*ln~oY>ZVJ0KW3sUK&Mr z79`#%>X3Vka=@t2Dx;4XX#q`d|5Ansr+j9$B8;XXW6}^7C$S+_s)x7+okf0=(u?Lm zY{Y5+;IcP4n+~zuO&hl_Tja}T%3aCHfCX#ieQcjx*4QS)`fDJKC-FSF4EB>A$RfZ*kot~GB{sZ zSRKD7iI*YozU7T0<;HI6?^O=swvgE#Ss3LR((CzsUar}HS@f`-IZAcHaO*g+0t$5) zCKa0HEoSIjA*NQQSyxInx0C4mn>H@bf39~sr4J6kLSy4(LiDUAJdfFof4suVg01gM zs)k2$k4YZ&MrM*;w-Qcr3Q+^w*vswxT8pE=t{nixYxJ4f1wWIKt2r_j3~29>XNr56 z_gI67-tW@7?q5O-&q&aX8t z>gug^GEoE5pcyo6D7fOeR*K|ht)9YUHd(nwSW5Xz1lUvs@j!KIiROt=rEr@l7YOYU z4Y=-|xVm^R8)#j~0mSv9N~rD7X>(8w#m~`RkQ7l^T@yu9u^Ej%F1+@9+A`;(Z%G?t zgLsd#xY~^rBdGQT%7l9BbvL+JSDd{t3I1ALBNzX>j)rec@?cf%IUrQZQ*yZ%Vb@`n z9WH`_D69RAj4zjU|A(scbcNyy?}aHLCF404>2Qhc9((Mm8T7vpiX(9105>2IbVh za?Z0$DY?Sy+vg8;n$mZzt))6ys^XN}2S4XVRm96vK}@;LrD*;eqf=UV&m8JGb_NSe zDnW|bpO-*(iFz-7HKz-mRL=1#9KUJuoau|rO{`YqquimT2F+6sM7*JKT<`8une%;R z5hiT)ir|T?;cNy>1cORc1~RsrBIsrmGcA|QK|=_O5rtOV`N7JjcWOVW=8)%|nzd!U z))%JMpoXh)MsPT3wb`yQHC0?t%8{PO4e(eeRl$<5fr-(#3yAaR?r0$&WT@S1oaU#5 zuN;-Dg;H(Q&s|+wn^hPChwX6ChfVvtu_e>q&8144vjlBr-5&ojsCH9bBFpETDJJ9n z@)AOZK0|`2iJjwOJw?K)h^9={%rC}6t zDE-w1h012Zw!^j1zd$pZMpt`O_vz@GgR0zgi!XbsxB(JuzFb(z9TX34>H%ti$0fv_ zZYBX%Qfa=hW_hs5@T;%$zWZ6_5CM#rri3x)@1;9iT&psXExmd*>PPLSn`f3$UEy0k z`Fa`J4h=Dhrb^m2-~do<+Cz-AFn3J%hwqTIXlFrorPN%HfPtBnl!k6a7qLA-=XCa` zw`ugU?G&93kM2eCA^F zP9+AhmUIV&eKCU7S*WkpZ~iM&>0v&agt!^eG4qyIrof8*MEAJsJi8C+mC*Dx;8(RC0IyvUJMQRpj*Bnu3$U~)@33$KGQf4~TPc)N| zN!7k?ebG?1Jzh{SLTjU(_y~)E@j2R5S0Z(5OLr>=xD<|e1m6BvJWY01u=(8p#SOYQ zJe<#={)claED|%LR5fiovoFzcir(gM>hFoyAX8kA10wl*9EZdu`P#B!G|V{Z%EPlL2i_3#81ie6xkC zs3LcV4})Xp1&`pB;<-TavzFrHdWx3sU9Ckj0jJgKrDPH9~E0~p;2k=Rd;1) z>J^4B67ktyGbUntS+7hDEUjYRz2`*fY-{E0QR+ZwTiix(r|XqqTE8Hp`2tsXthmV5 zVN?~IBKoG8Mh28V9Z_(ygn^}!i69!bAZ_TL)mHupD<#?piQ9m{_TG*VVBe9{k!bH! z@KjvBr;72XgjRGZ?!;Uc%{X8z@%P`T*J9SrmFMX~L1j-t;^6M05v>dyxb~>HcW>74 zGGK0z=e1m5J!6SvPMLzDR?p8zTTh$;a2fp-u=W2KJBR2@y0Bfxwr$(!*tYGYV|Q%Z z&KujdZQC8&=IL|R`p@Va{F7R{X0>)zO`d(<*Og+B5S~UCQIrQ;rSS(9z+Mm3X%S|U zN+#ObRO{MfUOgA!e&jx=x}-BC%q~eN>(uk?dl$ZP1AjBGrLLs?)5(q<3ShUt&LsQe zQ`}DA537qfj_fB;>eUD0 zCdv8>fVbWj4KJ)k@N+boB$ z*HGULrqh{HUQKoXsV(zyYZ7!yWS-WN5Qcn_5XMlv`w8xELtiP=N)OMU9Kg(o@1Eon zc*Mn{m=?*$RUiIM`Q5_xf~<2$MbQe8tRb)Tx$>Fd=e5I%>Kot6>*3c5Bdtio84E3P zlXyRZN1rj14b(XGQoB|<|BIcb?4B(eSC^Q0uxF%c?vzU>bO=OrRN;iiW2JwwgnJHkv{ny2Z zOUn$e79CZkAeeIPel@1NHORHsdjh|`i3gU&X9~+vLd86_Ps4q8Nags|5JG2(+-K?7 z0Z+Zg_-81LnUA8B^etZ^4DObS<-6kXC5jz7P3ew=CM!e45{XTSTU_~h7zMdmzKnhY z{DVMY?4UDQ^KY=Nvt9@pN}*H)fnF&FQFvc+N&EpUe))gRs&2b3xO^Y9{X)Zy0y4{7 zU*CcGk8h$00rrK*TlYnqiR1q4PokZ9Qrt~Il95o5?$tvRwTQs6=a+>R#ocpOCaseZ z^mTTTY>QoX4q0xSIm{Zg=v?a+%|-b+PcMQ}IT`~&5qEMB@*vcmM3|~unR`1l1t!5S zz*TNo(3b@RPrAglUlsoC*a98GxL5r`6H*b#44_eY`}y%Jld;EC_q;|t`*=vI z+gSuK4v@VsR|%bn&S98SRkY&G^LAFQBAkas@i121&nxkZD29(ECEQd}&pT76$BG)f z+XOlY3u$YaOr=EWa_XWaz;dwidRtI@!lGUlOp+$cK?6vCUnWL)I5QriRC)DO#%W$r zU3NYimX-NAf&H`$$=Y#?*3{)zeC@prQI3E);s9P;IKO4u`kFGS#L|-?Ng=o0-$VzI zF182S7h|z_S>Z#_G6&V-`Qv`0wK`0nG=3;(rnu_8@1k18=?^?sIEr1j5`qc%ey`D# zf6JaW#%GOfI31)rJ$41o=qO?mgxzh6F3vD%^N}x7exPm*#+7EYp8!3e+_}D^b9mX3 zKv!1bX~|mORfK*X@W~DWY2^AyKEUbZnfIuDQcf9LVOrQy$eEu7pl|=;hwd>g&Q(6o z&WPH~ngCwKKge}>9<09{Se@T}jY2$n)+03>-=9qEnzr=k7tfUgEuOo;(>C_n*iw-^ z%GnY67V9v`qAK^=>%@0U@Ki{pdT&y4uk6_9yv^rf7+|cz(SPC#oNj?b9BK+v#nw1z zC3Mk>lbW`3*?)hZpVvSeH<)@Z$2l_4)DyR^n+tXUfL7o{{Qqt(!>8bE>TZ zt?zQn28~^eidi)N_YXIuNU`IxC{-+*DR|Mw1v0O@!m*fY@%uc zeeeu_NMT~v(gTOb9*?x$d3nDMPldE$+Z!wj+l0X7fX0wWlOa7j50k(0tUiko{BkU4PCR#9ES#xSI2pX)+6nXaH;(=>G~&i=7Wi`3C(q zIWGs%rUXIA)+=;`K!dVc(43*a(!Svz4)HXZjD46rt@rn-lrQWpOqKiBdd39saC(It znGt#_{kNRxQuY0jWz};5gjwNbDiUI!w*ZgV1g%o5uwmAZFvuFdOvR*iTYAkKw{Vly ziv0J)s0^*!8h-)z)$N|13hOgwmE?~0;;-|UqjHk1XY?DLHrMK68#+|AUnZOWxqsY4 zCb#wxK`7+8glFxO$s~SJ9cU2n9b`#hPa;jGP+_L!+b>2iCA>EjndTbbHU%}`N-i`+ zWFMGruJx$(J?F^YBtAI)ib_SkUqxeg-i(yZkTPi;^Tiy#0vyVVX@?#>ZZ~^P+-ha< zWwVC{md3M#yQNZwwXz_6BwEt|F8yEaaJ~fxeQ3Th0ky;uN?ByG;H>Tpx9>2nm0I<1 zi^F!>Cwp4Hz0(AxqS{N5@pTr~_fUNPJOn#hO zHFZ>`Rv?2*S*Y%x=i0u3z>DXn(_{eo{F<;9WzBQ*+Zc-J@YZRn^7ShuzT~dbK7w`u zM5@kd;ypsiD&B$ld*j&SALl+eqmJi#l9i4hLz^FrJ#szh2tGXpLZM^Ey(+-gRc2CO zKpr&q`75u{g4@hZt)aijfpRlsI>mN8CE{)qSkC#@1xL91lM)k!Q33kG`W!sc3Q^r_ zv%d*vPO$ewicI;SdO}G>p_1V+Rd%AVi=tI-)iY(DW?Ma9!0}qC&Cmgr8WAh5V-Su` zmRH9vy1jM#yjzi(1b+vmWG^L@vLA7}92r+~M&K*6Hrh92rCcZH=~dV{*EO?|n1i8= zkhAgs{kd% z_yOLC+<*L!Gzly7f2Bz{Isd;Q{hu(MnTdntzv3j!EX-V-|BuA*zYwOsfGcKQtU$o2 zRJqqHXYc*fqhBks3HloXqv%G;IJ!~m=e1$JU_{EmqPbBuwLQ#tzi@Y+eEnqHWKEIH zHhXVhXut607cb43r!)m>`X3U>GpWmSAQ1aERaB5rLiz^&`)Nvc2Kv`gX22mmo0h>if>5<{197zjXL}20e+uK_0WlyT^#5Q9>xKZa z2)fmw3#P#5fjNQ*&HpYYp3$!{#MN0-$@$?0!J@+k&JGOxr1NVBCBql0F_g(e6-0+> z1n1^AYXbWP)I^+Wh%|NKC(IPSHefg-e0fPgKwu*%L4`ZCEFPTzz6Tt-4$>s37+=XV z26NkK=8rRn{HS1U^ScQMUx(?@K7?Zk=NR~(K0F5u!B8e1^>KW7dK~5u#(e@|PF)qa zj3+4jn?wC=(;xhH_Ae0EI@b^GHQ~)}K%cxHHz++laqNsBC1YI@d>_sw5J=f%d0juR z5gkxo(z3ls9w^%VA)*UpAih6_0)$@*0@#?86^OqA{`Vr`(gOM=Tu_5hKSHmU=@0(# zS-KgZs)#r?mWUDy?aIxE#ZV*uXtCX^{)bi9i!wYcY1S{EeQkW=-3?dWZsxK>-Vl>B zzFe6UYhJpO@Zt-H&qa&I#hH`0$h7_q>006nh`8&esa` z5V8e=?J6$h{Aíw? zSI+4u^xo^&+fC9q>R=U-Jc9mD<`28^A8dAV*WuNvpQcZP;$*a;e=LTHX>h}%{Uaa; zr&}nX*Ia_nZ_Zcg5XL;W$jUNJJhOZVPSinEHvheq!dPx3% z4N7pGZ=E#xeH_32jz0_-etv#`^Gy8EF8AP_Mu$wmv4A z&0fogR^6AE0d9YQAPy4M>kInB;c)+*pNoQyx#f>bj9_ltTPqBdk2d$3LC|N6kb=xp zuj|+^E#WF(dqPY`LZH)gm`7nRoNv^9@K*=^>T>k42gX03YwOuWb(ENWDzm;o*5R}p zH$o54AZuoRQQyKKx*6qM+GqTKxoORK+D-`z?t z)%^tJfp|_4Uz1nfd*g4Q*FSsob15Eb$5rTC`~>xZcwP}-RkOYbZ_ByD1ol+;Vt)oG za~gTRfOD+^K7n%^cz%F$@4uBGPE_}o?%b7+=NpEpbD zzMZT%(`z2&MP5KHQnzf$6-Yja4yF@VZEM0@FzY#l(MNB0l??IMCkwZ4@!X&0nd{63 z8*~t5q3%IfddH;M&?szutSK(W84F0pyXROX4zKUR*VLuj*bk8D((X!jWJ6?yWrc-c0m}7kmEFb4RA3va6 zXhjicyIXOZRd?zt&SkSfPE{s<1jgr>qq{UsolH-El(<5&(bH}Ww?$oA)bBb4N@rl9 zO^O<#8EvXHTWei*4;8)rkZMBO9TE{bbEKYQhg*GPU6;-lko^?ozEe^7w()9vOG;x4AS{z0kQe&DxvE);vx*bH2cn&AvR7L5NC~((iV*FeW zJm*qKe^O`}6-y*B>UUgqo4ht(!7{&Zx;he1+8xhNL_>NKlVN(`@^@i=>f*JlTAds= zh7)F~n1ywVGWXnS*CI#B(muRNT$s^qeK9hAnBM*DFHkPuT3TGTE*Bk=tK&J4Uqzh0 zZ8L~fDjzG(B|v*u+1MLE5ukCcJ3D7JNh@bom>F7dk_8<(&^w!)?8IV(Q!8{_6IeXS z3FPP{_?;j}1aVP~vlh%TEs|58XM78hAfklON6bmWJ8PpN19~0!c%6TF&2x17GJK!+ z6?^MrFB)0NbdEVXNl@|^RW2K!x`e-CkV7J3FU8{YN>*-l{Qey4JWk66`Usl;dUk^h zkh2de7Cq@`?5e^8m+qb{7ObS0C;>8}%?T6+>|^e_hiG!xZQYgAryQiG9tUT1j~eiE zhS!WdjWj`a(JW-^-(ewvcED-h+B%Lb%f zwyoj_IzI_N{gldP=l%=@ow!$xLa}=zCyC2hlZ7Mb%y)uaA=40m&)UIwQu?^5Gj`%8 zhkH833uc@TXe-lA25d`2;(*nwI1IYp_)mwm=RhGL2V8W&z6e-4)8+S(T3k0TmW+A| zSs*1H>kXpe3-lUEj;4S~2C?lXANn@LFD!6Q$FO>CcO&UwF*FqtHOeMAbpLE*X!xo=LWIXm((lCaigh4F4sd4xk6Z&r@ zza^K@904F3Sp-eHU+>iQ(>3B1%P5+5Ym@No%GTUMEq~Urq-t5|F^zJMbK-tttA@MB zfMRH^ky3qL?IFj+JCmlz8aMUGQ{$!xywh%zu`1Q<>LvMLMMc^@fy*aZDXJDIbK zX6*mCi?G!*gS8xzLIK@55zprHB*XmW?=y8Pu>0KerW&rv$6A`D+X=CTm&;?PkJ4TA z8upx$eO&)64*Tk{$L+C9Ni==*G=HzmgqE+>51LD| zw12PE6{3j2WMwsZUi7dXQrhP?OmtCACgxp?X=WE@h`kFGz3M;X+lc#>BO)}T7&{-# z65%Vf`wdB%RIu`~7L3a@lq%a0Doz-GuX0k&#)^7(Iym91F++H<;a|8|192N8o3DNI z%+|t{o5_TA%(a*T?u=)?@nV})ug-gqN83rzyPZJk#JY7{Hri=bai{qtM!5 zuvl$|PWQABY4PBQ?-l1Ys6e`MbnmB&+9@u3n9?skpi@G`og}M9q6p`a2*|>`+!?7E zxGHyUCNSGFUTgd?pQ%zou9cWkzF%8nR}>Wv$?3)vYl1$B` zxocVFEv5w58ZZ5X(~H<$nMB*b012 zbr3!6oX44pAYy(Ut6}Zbv#-3wzf0{t{E6Q;V$unf>PQl_(R7+{0sPeI#)$4*_gVe z6wQ&PyKvFB?3MId7bc@O2t~dVlSVUj6tKZ7YwFq?TYXmA|z&1CQ zN;yG2#5KTN)1}R@FJ2K`{o6L65$`wGZ@w$)n_|{r5U`g&QzM!J@9Q6xveK8IWtYQv z37A)$)pcJTv%d`h%P`{Tb?NeLiT;^A9rww8rZP|>9*%-#zSya6zs|>MJVg);EXsXA zl0qQd@nox-HJw45D83Ouqg%hp~oW$sD>2q`RQ{X)@K%Z6PNS6M zhC8*kw_I2IQ?{tp9m_7y2DUZ2-pAq8rJsqd8GQ%bl>Krz0t+2fU355v3OeXBuF@x6 zmYaJtsp0};g{n}RI`f#{yM4vm-tRBwK0A>FB)%^BRt#b)tP@Rk6rIaL47}|gTR-@J zM}hTdq5M-f@zcABFci=phIkg(*o$QjDlIis*LSrKH^LIN3o4nj!Vlh$*OfDH>Nm@n z4^F+^jg+&Ys0|l-X{b)NZ-XM}M!S3NOfQ6!t-CyMFzR5dmMxlwi)sc`(liyyZ{=6! z&!7;xJpjuWzTQWp1S_|-&B7c+e@)0w@h2M+qogJ_x!C(n_8c_^c5!CFjpIy?!bW_s zgx5K0(h(^{p`P)se4iQCX+5RQxlF_?`Y^^6|LFsUW;F9Kw!@W}*!*{xq&Tre@gs-5 zWN8I#6wP@fk3*o4A8zVV^1)ufu^<48f&U#Lia(Cf zDRRTJeU#)o%V>|fnd$o#A$mI8oLojU{q|rW0vXJvB|Gg6eZo1|Qo}ey9i&7pm@?2w zstK&}4r*hj{+)J@h}UptZBphSHu;_xs>DK zo>4W0ZNVtiu8S8(Fyy@6gF(x=tqb*$oqN%A4`vkRdh#@qQh|;)YgkL-wn13+tW)jz zOtmo)i2$A^j+RB1*#_c*()q=-8H*NV=V$8ZLs?NULWdwR<-SJ9BwQ^ek|o#V()nVw zybRN1AQtZDNox6tC#8HxUPnte)VeKbLSayA;%_wT<>9nDKiW;&q5waV%=u2ch=MCm zQTQjB3wc`>%UqywDl?^VRzzG!dn1@kc4)EA z33G-RI1R(EA{X_O*3*g6Z}tQXT#K#b0=tINOs{cEDmX|Ml7Xi`>|eQA_Ub*UQL~HUo!AJ!O`N-OYH1neEnDZo_7-p|y$*dOVM~p6u>5r&%pJ`mjINuv_Xay6ygu`aF zttnCs4X5WB3Z$@lF_vwLmeI$B>wG8K?L2=GR^VNC)jGgP*;)FtPC7w$45SPEBp1-J z@NoQxSh+=*C2N_@q8RZmW$4MW*)kL)LYh$u08Xf+?Oh{-70|*x>~9HvTWUKW6;-9E zvUVaIm1k7X67`T!O=3F*w2p z3gMg24{rsUObtZ~huayKHNDPj8LEmn@(=pw%`g~TJ5GEWOZ=``E|!4rIRF_pyd^t< z*+Iz-<>r3FQg2gs34==6^Xg@J?+Jih`uEB1D@{Hte-1SkX(G|VKaZP2`$gnrI1@y4 z5kVH3*)}GAvG-?&W_wQ;r2upAVp1^JYIeCuV`Z6V{V_Ut8ns~GV2$*#&f=CBfYNG4 zf;Sv2E*WTW2p6^PM;3u$O$?*HO@4gF+9$LnK?18^mVquZBZR8=^*E*#h@-cql2uO= zU#{ru?HDrxK6xbZkt)whP}KgM*86!jr%|zsy3+3FLScrSS@Qew6Ie>$vHh+O@x$NvcCHufq%rcw(CGe0=hLxdkqN*5gl=TJyGZ#3p7p83eD@7Jn6IgqP@^J z0^7Af4DFVAc{K=GV&3~{IE3>5cv{yA`U|F79|%qt6z#VWWw&T^Rg z=6?0(_nA)}27PT65|KmeoYMk}s`YE+aJTz|S6}wfYKfgxY*vfqgQ{r5SA$qjXIi)v znv8PXcMheST)wv0h=$dk(}IKK#k(Z-x8<2HyJFR>)MWYQVcL>8#SSX$<$ce>VzN+d zwS|LXC*ln=NdHF>VGgT&x?PHlpdRZsD3;m5lyeJKV^lymoZq|4i&cY;qZ}h!=ki>{ zRzdS2C*SE=PZfJA&009I1^lmYE)R*F??EoE+x0jy8qOi3Pu5|=!wdtrxI-zi)tauW z4NO}hqXJy`rN6aEw|=Mu3IP7*Uu#G43$%iF4G{%)d4%VbMVmO02 z-P_#D3wA0{fOVeb7OpHh_&@V%$AXH*H0)Ki*N3=qdKzc!=zeF(nDl|)b^5!oL_tZ5 z(M8S!07kCUlPc^?_&%-=Obg|?yf)`KY&j7*JY2oTwQ$i4zr!F{ zkOjKnHoS9hWcP^p##&NXL0O>IMaXiy_cb8T-f(Q4t26>cQeZ@>t6p)MEMc!DM?(0I z4o-fg$QP!#`Agyaa{f8jhRf_xg=o0fo^>y4%w7)=3hn=UkedED$b4BWGOqGb%OP3j5f~pl|T9 zY+C%X$GP=s0HzCd092RqhUf&ga-v`*m~i3?vQ3=kw>~{X8NBkg9GefyqbPFj+cVV@ zqWb*EzP+gd2Ruy+!Gm7?7R~wNT<|Dww1=4wtbnvpitsg{ks$!2I%um~f{(}~m2mMkeekAnAX>8X%@v0g7(coEi=*f_^eHUM!dPF+~ zwJQ23g;*BnojCU|A+yspKDOJ1rtTMI`c{2qX9@!?zjR2~bH*{p2=af^#$3b|MW>=x z8cCDC+WT7a~ik?x|5XiOd&$1ewITHd?v`nVT(a#POa~Dg3kt zGNfXhlUJr`DeTL)!!k>lK9H7_@D7E-3}B|}JY24b5v=b1Fl1KDtMts- zWX^3!+dprAio?O+NPs#)E&Uhd>&FV6J5W$?%Uha$MhF|HsZC++*MXUR502+QzTNvP zw1p=W z?jq0oH~+(*+8y>}Do(Y2SB3kjz|SrxpzVX!8`s53^T#^!Q1cK*^))8i%EGj#eqGP% z^aE;1T;)(1`Q_q7o7K#O?kxLS=h6g;#V}x~6s|Srrn7*#H%^XZVCdbi8pD zj`lu+g(PIQ>28MSPHm7Her^?beJ)a4w{yPs1$%G`f06pqccz8vWB;!(GdrpwZ5VY=SCkN2=^^6y8Pla^ zy2|5Kj<-a5tzJT}Lwu-r@3*fj*sfHCXOD9%h(W+0i%IiLPM{yx9%VjQJud8D&}2>W ztI=_rfmx)&+fnTWmV9!uW)BK4%@9aVMu%|V>te{7p4qev{Li%KswUJbkgzMDQB`h< zlp$_+%H0L7gK;Y_`MQcbt!K>8KwTJ%c?oGq^`1DXZBc1S)k%nqXZ6+a%+X5Xo=)D9 z2pfUjBk=XeyNFChS#STjnv9*QLS0KH5(cx846-NT(l%(DE=C*VDwk6lIIfmf`n!+A0WPIZbgJ~vqZyXFDgbR?*n z_5nNPIM$I^EQ%!S&H|m|uzAj|-S!enQt_fk^d|Jgb0YJQ0-pRcc;O0Io>kVJ2Ns(l ztb(Ox52T)G6|Hut*urVPiFB9}A6|WvfhD@r=Lg`0{I+fuW|bsHqdNZwV%fF`{DBu) zQndkfm!h}JK}ETc?}Ndu%kpKR%~5y^g9|N9Lmo`&InjSdgmmHjMDN79*6PWEb#W@e z{T?3(5Wp!-%A$_N98V{zFVa%=3E~J*T4Y+vPuSNN=MR+}UChmSM2a8{FF8v29W5R?b10)JU}bp>Nf z=lcB@brm4e$VUGp(nH)2JY#NL+F5_-*y=taIt*DC$e=9d>;`@u+D1wz6IZl$gIMRD z=En4FQ5xj2XT_&UwA@cMe7x!Zi_9TY*C`foO|bMh<@gG{Xa&rX4I|%ZZRg4JN6P&T zOEZ%!g6jT+3-97@_^#<%vwtIP^jgg`#s;CA$0eK}!G_O_(O6Cy4>MR{rS%_ItU*11 z-<~YYlDM7HEGi2;riDSl8}o&~|5&Uqz`*`Hb(9Bz2k7EP$64Q?6*^t`a6H2GV)G!U zqJ3r;-`j3!Ngl^cOQ$k6#~8Rc;wna2Ylr}D;T5ELArNXbhX1P=XV`m(cH%q=AvD#e zla#3(xTaI9IC8FJM=umi3Oi-QtZc@N>1fV;?q ztD{uD{znan5*gaUd2;Q&Xmm&>uEyS7)l2cWm#FsO6Rqeo7_KcCv6DV`)jF`!GK!n_ z5miiCGObe5y{5}|G?s~mq88pdJcSDqd_DRX8D|{5)R8?UQBc*ro%mnRooYt9T8Ew}q#5$lSafO7yG%)io3^5|23KXz`W0$FtlHwD)r` z@m;c<3d!E$J+g8YByRIR;ZVF?KiD2?uX=pCYl^4zfbBPzRqI1G|ApfPGw7sXDDOvD zg6Lqt*6~e2%4M&%Q-nh6<_u6v*zK8cW+JEM9B~w?_?Y3~USqbG3}*WW$uE*mbQ3KM zip6->l!bfyO%q~gPy%&iZ^%N%CJ7Nol5mi!VrjCGU;eQ!H7&SnAZ5*|3CAC_x&bo!rhKq^W)uR!nlx}H*y zoQ*eR+jBZf9Nn{PX?d#zeDn>Ake{QtyQM^tW;m@(zo+tYMPkFYp5V|rHqDfCqVuF2 z@j5YUteR$&HYW*jy8bZGWAb8yyyA4?og{h;QEIzxE$I{BFi81V9{pmV8-t@e9fpF2P(9iMS) zS}1vL{wOo24^kkxf1<}xWl|m{RY|WpI9+uVm!*2(atZ>|3p7KDxcsHe?Nq)Hreno% zPlHnTd@`fgpaLgF(P|NXBQ8W(yo(xz3E2-Mca%A#%tLmeZ{76Kv1%KLEnY0E?u6-rA@3((YOEG zL7!ChwC!mVuhfTOfvUz4f3apB^-li9JZ_3HG#{bDCxoA>VGEA9HpmmJt@h5*sSnEH zr$l}52^lv@B(5-IaG^)mz#n(4_W;>9X|lK{laF8Mff>qJtM|dq;G=OSI2~H!#y(1LB-A8Z8>M8%Ud z-sG&I>oF&Cr$)K>VXV*~HVyWwP8N=Z2=ncpo-~t>=T*sGhGmnQb<_{`PeJb+mAoOSM}Ea!}FxQ#KsiePKS6{8iUf z-pFJ$+<7-{|q!N?AB{ z41fL6zzHCkG*;^w$A~u@90oZzs3>Zljp-#rBy$WXyFYN+LsY&Y(M^M)?FA>VtYzpy z(}1-S^D}F8Lx${$=Tq=(=?TJk3My4q=Up82QOqJ%##bZ2_tk_b= z&VLP5$T+qsI3PUy+eAZj+i2@#NmQlY#L)kUvyI50CyZ*KTVtuNXxRtD>`ehjJaH1= zK6ifKsNZViG1nrADvHoqbEc}PjjKN3Jhe0b!J#jQad&*F_#`v@-B2Aq!HF@G(j2!t ze}6i!pL76DaODbHx9rEVqyN-~lF+qsaz7vj2q{B;Nv*J>S0ND`E-v;CE(Y=8}+9r5YU*V2q4Y%#+R3%H!g#)H9UCF`zWvPW7Qw7Fb@l<97Q* zR^GkmErzp&I8BGV4pz5R<(d}Th%~?L+`-+H{YU%h6WeJ%`FM)T!2R!zy{DBN&1d`hj zCSKiXy-uE!AlWTJ(YZI8?I+xX?~%~{bz@C48hd%4&H$XX3=|5x zt?OnS#f=PC8zlVZp)Lh0idc-eupVaoGh2?f#0WAO@j;(yAjWL33EANrdfbQsA2;?= zEWG_YzU?ANe6vw_%~|0+z1gxbRH}hm(+zF|{-$R!&69=ugh+Qmv8Dsj1oF*H*(5dj zB7#jquLhRRVnx~hl{-^V+Rq2C>)<%K9ZMXjx1P6WN_0qcfYu#Z?bB0~6L`44{~k7X zW#~Mi;-OaJay`?FfP!B5w~$m;#5l)>{(Lc`^>+`$fKHj++|~l?Tl8_gZp6Xx_sW+ zF#><37cGIfBc>p@FMNXTA&(;6gg#Td%pj;b-l>t5mN6!t1IKL5ZF0Uuaw;F+;g+F2 zNs|`bmAq;UA`1cf+cSpgUNgj|qD8vMzx(VBd5+b5XjaDVZ7?QdM09&L{3wW)gtxA? z_QD(K}3^ITnQA?;s`TWH7opiY6 zNMRi%dkW|^Qa4pfnuR-OOBm}wbbFnSzR=|q=;Am1WKYaS2yxY@W&PI&#a2}OTszFO zJUtgeBfTH$R;$%E{jC`JY1W<{oqRxxA(*38$s3Mx5#8d@>i|`-xxR2&ZTR(A=|}vl z;DVSqyeiz_mX02b5D*zIFZ1jX6v#4}dy6P)*=@U{i5xo=%V_SYF+^yTRT5wu1S-MR zU}1tqnn8OkwfGYUKdcFqhOh$_LaW+~gzc;b;!ONDaYk`CdYO^vUkBS1b@!uqY-WCvz|M1E$0dF2smEt=)Sa zlBDllSkbpj_}V&901Ps(Gfd0`g1Gx7BgJ4yK)o46 zZO@52Se1FVxsRHLj8tPd+Z#=*@gkN%;E*tc;h%PIO`OC1d+iO!<2KldH2qL)<8-NZ ziTYS_lvJwU2X8UiO7%{PsrIH(uLpd)D3iL(F!X;iKa1n6F#|p@C3r?(avgtr-5`zX z%O<6E;LBFs2x36V*&np-@m3X=7fF;n(DZEK@Ikq)tGg=S8U~?N?k12m%}bXJ9-JX; zfbQC|D9YK=lHa}|6<+5viK`_er_o|$O@Hs-4h}0pln%0w)ll4*(0@V7`AI*Za#^WIj7vy~X?yF;%b8 z_fzvvyLYw^jP?0&7Q9UJajQf9JAOMg$KTOZCZ(s{lVBPA^ z?Ikj7_sSM)kqyuXJp9d~I-}-%u{8qRsSOk07~`*UF54=uY3RffnTc?LHvv6U3kz`& z8OOxXJ8ftW(hi~&nasxael4S)A)FK4S_b^nE-SnW}@ ziy1S!G3)7eq2lp@QmY$Q>okx}v57Gh%vEB%wgRNnw2@rI-3~3KSrXiBa8xZXoXK5j zH1%jmOT763MG3VB{Z}X8A2X83-q;F;m-l~S|I9?pZ0y|sbN7!h$;|qnZbq(uoq+$f zoADoEa%ua$#wG0#5(HFob#8kbK9Qvlh?GeLjwr@OiW6jk1b-piCCEim+Ko!jZ|UZ< z*LkMfdb`uSdiV0A`m4uFV78=me#t1UAyCWz$Vick2NO~ei>R=qWC#)n#DmLU&`#FV zQx9s3;IkDwNuTiY5+pz<B=ZVcWST=4*iYB0|bQ`QqZy)cY*XawWCZMruVh(g93C@nr7X!FL!KN)ll z+ZZ|!WJ%CLr*7~dHkHWBA7KgwB-HCu0-8cehigkIJ!x@!8vuH^HvsJ1f^1<9+9tBs z0%ThUyS5H*1OCd+B#3_q^v#M5Nx>($im`t`S_9e`+8LDH?=KO=H-rM`>M`XIq8$JL zj>`gdNmd2Mi8VaUHCz?|w(;+sh3FgZf9gH@p7~aT0{H^KH8cfta|PxRAeH^=0~jMh z{2r@x>N6Nz2O=t4t`&^$hP`AaJcI~b3!)sr48I!RD7K{V^=F5pHW*tJl9{3AV z|HDplQp*xoN(b4T7{JZtpYMPd|G9ou2p%5>uM5;10LC!Hg+hDCJ&!Z5dm{XF zf18P41v1$qeQ5*gGwA)%%iv#_gn?*&d8Pb(`Eru3q_L8=Z1~Q2_48R+s9ObMBmf5D z;Uv6GsOb_03K$KU^;4e*6Z*aec~z)DS;B$X1NlCCzDxgJuHW1RGkn*!m%_ZFNSMO^*iT=pyd+{OB?ocM`4{MnB0s_g!<=UlY^`S}aMEqKZIjo?mJ zP5Y??WK}1DE%?K;1oSDL(u5o_jAv8KDlsx_vPSmctnUfcBEu;ySw@d8$@{Y znCmkpL~o?t>oPh$iU`Eb6U56zSo@892i(<00B!~D`<1m0B#%G^_ni*np1lrf2=6@d z={hY80wh1jxM)B0Z=)Twe{c^$9fZH(VL-U9egfiL{sw>J9zr?{_znJ?&Mhpjzc~i) z4td)A7`(o)0z>pd=ort)4bq7P>Z?IE>#9pDwKdvDhZo=#>-X%L6OMC=gt<+|^ykU|w~dE$3iC^iIT>hqqPm{U&o1=2k&A8~pgv zYdwfd|L(&1>YK=H?&lT`tsBJxt)Qe(s)qdK9fEzMAJDtNGuJ9OC$>)TCcaK@c<|~0 zl`SY=bdy2Hs2%bx%y4b{Ct*|nU4;=ATzH(X@;cG%_;AwdNoDhCkxvB&qqL^Vvw`99 z3q&o%efKf@G{AlQZ`%Z+BgJBI{v3J1sxGN5${ew2X8j$mK60QOyQl#@V%4+#ff8<) z1m;yz4fhE-YiZa3;S(lhn&MzkV8I0_8`^aS9t5=U+=3PV?V-jY;0;Bzh$|#dR5m#9 z#jRyx4saqvv3eN?KePg;?;16Haz_w^HIsYY(|mitAWe7L{)wZsu>K}RGoBIH?kBc) zJmR%AKO`tRqGM7Fclriex2Innq8?MvRSg(J`|Xg;*x#+#j)9Emhbi-n0v>VgT{Qm!L3;B@4+*L+WkK$qOV_MZmvqY5)Rh}! z2ToMX1Gq)8(lN?il?;!WRLeeWldIJp*<4YH3?)&BVRl2ivet#}LRVGon1?;+9a=ZD zPtYgEW!)nsh~;7idLiq@`cB3zR~6*FQVU;7=a2Yc)1)6q?J^f2NyRl4rO6d<$$F!3 zCfl=>>$vg966u4&$2>@B)AiN=E2M?XM5#3D>gHqcFSA6 zn7zWlHzsWlGX(B<-ww6oCV|b$*%Yr@v9MOCq&D+2rCAa`u-KVY1*ZU7kCV5(YK4b{CK8E4b2%&4AI3oJK7j2^Cim|`3=hnE`>E-`HCrY z{}?84!>!sqPVdGG50evkmvM8-%uAv)%}}E9H&oO3pzR$c2aM~!esFslKe!_>yFCLBfT_*b~eY%GSZNtcDNs zcBZKaN14eww0#}pa3%T@0D->bXQyf266OC0ZGtEM)rfABNlq`)o;Gss`W-~12pA9? z{aPGeQ3%#TYKcV|fS-ANkKb1+pl3nam9#eHcuDyvV@N9JjXnkc$MU$Hw~8O(1*n54 zSHPS2f#L{z`WUHJw6q*R`lvc%m3Eb{g)9hU%8CKGTfKoD`PcT}Kb4;KK~SjiB&~Qz zSj>Qn8Y$}|UiS2eky>?YF4=R$v_Zri^p>79_)@yjccLCKbRDUtx=z;f7KFtzN<;w4 zSYwJL3t8t@&`L5#Z?>AP3GEn7lQ19esL)R7kr5lhTUgJ4ywn@lN1e*ehG&eAbGd7~%1X>tk6MIvgq>yh*M7 zZ@syF^t2QR4u(XyyR0eb@>YnkcDU&L6M&K@-uA*1e4F-mi$A_QhB5TcpwVn2{7vq7 zE-#?;l9daojjwmN#)-Eb-$>U=+coPylNotUm+!I9Kfu|HU{!?Rh+oJ+{6t>ZcQq>u zbB09d*L_K8jA3d!Y(P`yb-0;FD`<>Fv_KE|PB<~kx#VFGF9E^0%@&w2TzT9Ua@l@% z^Sb#DU_^JpLocYCpSJr8?MyDYOXkh{PM10L42SRgk0zI_A5EO8VL;nI5h=co{S*Lu zAs#)&w@0S)O}hbqW=!UTv+_hSx`*SjNL`U!AuZBi(goOmYSDgNZ+{pM3xJaQ^5z{) z6vs$r4Hj1SIllbP9WZ%-@$2!!e9u13UIw}tAH#-^;fiP1q1Nwbu@;Rjr=n;oF&jS0 z#8q@=nRDXiK&KN8)_Q8}jX<8;Ruc|frAf#}z~<@i?Uro4LX#ci3p#w-BeZWLhdo_dq0+muMs(C>T%9b&h0 z5dOOKGHglz8;Lq-->c+!g}bGv3XOaq`L4WbhRao$aYiHi$752|?PQOizs|9HCJ7GV zDiZU<(W?J5eZ6afUu~FSd{w;0eG6S!&^}(Oyj>=>dyS8rGt8omN9yB2&rvA}PEqwl z%w@G`#%lp0iYxUCAgnt+o>H|ma$&)?ThDDn+ftXk4qlLrsCa}>)MN#HYI~?)aq8_x zh&4ZkLulfrTefsIOI-kU_bR6vJap-gK#2*lyUMMjf&e5$1(^qG`LEL6Czl*VaMu~E zu(@smmSQFb2Q@5B`C86YT}TQo$wZDHTx|fG@l-5v^{r)i;5u zpbtbie`7^Uh@a(PE%kBcdS9f9NSI7N?&nmqg{nmle0T6g$`~sx34>Bpj^bA8y9Kvh z{3Y9NG&#vs*KHFA5k_=7f~DUrEE=+y_G*Fg<-9B4c3J%)j`Aji%_)C3B$(*nOih0A1!cFVvQf(d-+Ete=L5ZAnS%yZoYL` zRh%aBC@A5nD^rMxQKM-}HWI4h?dgWq7=Q;Z?(ep3E{1=sf0veJX)96s>>+e09Vj@? zI%4|;3pWq$E0;%oZc;%kS0cLuF2j<6wP=OGpK)Ed9O1O0^%V$J<=YF?=uR4++D{Pc zS`m+3bQAq)}Dfos>8*%m)BjOAxP7(^lKE=XV;6J zS*sd)#p({xxEIgvepTau z(!C&!p?<3C4a4~9>g7Vf`l1TJLoZ_>U>^PbFxN%dFBO|!)wL?E2PSp4)cMw<{KgHf z2Ujh!C}z)j0APv$SRj>D3(O*+izj9K&4`re^n`|n%jX%9pZS(O<7j)@$}t?mPE4J-a^{1Sx}6I^${&kX639Tu%57ptfDWhHpkt55#~B1htSV)C z`vofzaw|n1$|-Yx?@+Q=P<$e(F{q;HI99sswLEXk6oX|juufyRF5x@d`|+K2Me&E| z(wGpHapScrazAQ%+}D?kMglliKFUH%8o1)JsfH!!|IGZBIio7D0XSH>2Ss8zznNgs zX1AzbT&;y1Ecxj(BAlADylE!&|EnJa)GyDLz5Dm0Sb2K=8U^zlL?zwlO0_JU1+UFP zRl`FxzH@UPvQmbu#G4!l7+ zs;(_J?hiu@+@yA`>-%|cVn$)0otnX*iFWl|S)2v}5MtSlmN}{rB|3{5@5LDwV)!Hr zGX%-N%cn1)Kj#g2hZc(efLXGh^%zc>U{|w&S1;Sehgi4LGI>r^-b?rZs~+v3DO*vV zl+Wj?&fj|Ctd=3f`_T!pGH-)cfoXVAebSn~i_hAQ=U;)wcSw_hsawMlFX2Osj$K0J2{e&Ey5?UuZm>)SdzY90aFxAim6!+^ zz=DidypH#rd4@GPmqYY93vXJe2Tj*hH;P-Yzc)9}a(ej3GL@F_Cdj;-Bn@jPUlh1A zm^D(;EO0)KYn*(muu`C&CWbw_&|*MZD?KD-&X+*yV2K;{^VOg*MfAbLi>J1AE{mrC znH=mJ9PmxQtbcYiHZ{vPCqY(O@YO;#3wD0tb{N+pOc~W*R9sF|Fz!CkT}i;%C3&H< ziVClCIOnkqiCVEl?2j?5lpt->IPhf*Y zhzYz^Ah29hty2xO70uTIJkBLp6&0a40jK@*6=T{>#C!P2i4R5YCWc97_Y|?` zb1M8Q)=%CFLCpyI1}o3ytuRiY94F&W&l588>s>0e4u>S}VWLX$_Vx-oRx>a1Rnsy? z`t%WPMy3dXrF}R#c-9p9ZuIg(xekI~e6fIFg!758d(3i4QcYR0^S?x;)ME;n&0Bxa z#wEh@e4hLd{ zRgbAGQJabXY}_H9Hp4Pl#QbrEUbeeGJ#= za11Epr9RRL`UuV8Wjr21AKfH|uA)L{^l zBGsCKT1m?L3F}4fZZ(c1*g^{7-F~4O`KD`dl4If^PO6OPF%WkyzFRha%DItdPkiMs z%g)(}0Z(bgDp!+?fjMUy&*=mKloyxt>Sx5eh1u|DJoaTi{_rc>3P3TP13syS74tMN zuZML1VDz}h_7;<%w0p?G(J&m1`ha?Xjscw%(MN54Oi>I+tJA;%5mXSfMQmAo7HC!# z5y^JS0HZtm?{56VR%0ATY}BQ*H8`f!EtjU+b-w9p{@i$>hxor&VJj3UnV!GF13n7K zbX~+>PK0sSwCY%KO-~N zUk@d28Q_CUGW8|w4$&p)9X-_q`c@(b@P|ye7SRyTs%Xvx%UO=FpltH2Wo*>rY`fDw2U*%57Q3@chyxTNUx%8D^x|j9X;!o2P zdyljjSo&V4c`TH$7P@Bs#^fJd>S~D}9{M|Q5HE3tkSALo6V9{Ay)s*!G8o9Uo~BJt zzTTw;LwFD>H5tmmxeERms^ixZmM7`Ow0cog+?KDTLy_z)m03f63H#&OzPz5TKts)3 zMS(Es#RifEysbnPR+=`xcm@Bk}ufT|tkRQ6z07)ITcUgFRXvoRE= z$8#>hG!!0LERM{ZUWxUw982~JI{!+`&4`iodavZX%h*TBDWb?U96)8qnrERHs^e%p zSaD*5aP?V_H!mx>XCMNTh_XwNq|wzDx8;GB$5a4RiqUo9R&6bw0d9GELbx7Lt`FBr zs-6hS)Hl=dUnK(?^IQaW(M%rvQ&=4G#B^FG7B}T)-&mLu!jfiob9k4g=UgvdlW5CF zFo(n=^$%jO`{TKw)re8^5ZySgS$cijps|~}pa8raSHQkxtcwi;zwiut$O|(2a0VW?f?pXUL2GUy52|h2{h${8=f3hZ9`fk6;WQot;u)*LrjR_6) zzf_=axwEQJY(=d%9Eqx`Sc9T}O&Xeq-0`SPVC#^edt$HNXio?Hn(@BBC0@8(_W zro&kQ{+z--R^Pn`lYFHU((!W~XHfYZ&|rrRH74ZcGi%M7At57i!Hcvj5o~ zjkGNrLn@6*Cqz)41*7vu@_`7t9s zWv^s3o~W~q|N6dTO%HJlyxXJY4H{!r8*mo#Ex8AR>DAlERto2UBOeH!UHe+8e z@|L1sGtU3az{n<8Gr0c}X-Jc<>vg8{jAob6+tehENRGO%jajdK!zACpEajHx?`3c@>rqZi5k5!G5d8m>+)ZsZ@_)j>$h=?XzqO2 zOkRNOaI}ciL<@>AOe_dTUGnuKnHU&c0TkhecbESY>IK|I`k)?7rb{4+*=-`_>CIZE zR21%FTtqt8Ta=t*OdUJ}fya2(QVkbmX7s_h-uz+@-F@JdbDhX{K951kn2-K<%-OY;v<%J#rb@++5jkPVN@2}`gPHk8P);F3* zH7E_3Byxr-UOL9LYaen`0&vc@T2ffn!TUbfTN5lA>0=g{8?C3xNN2zhtRtp|!uWqY zblUPi`q_53D9Rp$C7mdQHf$c(=c&)A_Nv8|AOB`+MkR9Y=_l*ZOc>5ZpOhw+`bQr2 zZ0Yo(v>F<1+bH(s^4jF52<6Qki)gxY@5uzjaqtsDbI$Mk9oHX6!M8oFPma264TCO& zkuU41L<|*xr9}eg-0KkiLPS=rdal7 z`87QX*$o~xY0mP!EW62?NraTaeS=mc2u%pxt26qDSdwkSLq%ns~0upD874l zr#_Am*^r1$%_8631PSP6EyXk!IXp_1_f~=XGVmG>Yz`S^E@y5Z2AP;Fa#9SM8m(bA z|GswHXs4KjtXpRsq#3Bto>mvgL*q(c6A0{>@^t?@n|yx<)-N25T>eJwk3N3KZ}3Vc z(lw?!`q#}26>DBg2$(TbQB_p)*TK_lhZWoifwA!iT&;)NioT>U{xaIaudkP(vfZ?| z@4r}DaqLHBQ?IaSdj9M!6{X!Wyu2D;A>m|%odccX!(mjCzy)A(>%Dx}7Pk`BJQ8sf zd1yG>iRm+R^e*JK0nj6rHEVzZ=_@yt2R>;DRsD~EC(P+Uk4?!2Xsx;VWkk-iv@ z_3T8NTDQq~9k{7Z5GY+^Fi%nca(1IAw65TemWBP1rZO2)(0Zg}Sr>q8i%o-!q;AKRF2jqTz zBE2i}4zbe9z2KT!Z5@*WBKf$Y^59@A9QqBX@5r|QTc%Ew9$Ou;$FeYlLi{e=hYOGr zp>YMNPmXTgk&zM)Xb{Hz^Rp~n8=jh-(P$h_JxR?JeQAbLMQxhKG$u@wbs5HW7y6cS zm8WB5l$!VFU6n}uGWvGW{clH)&NFCzZu#;u0YQHICNsR?^Cm22-9~a&0kwmS)@UVr z?2>&X{yS@6m&lUpl+ic0Qmn$Pi=~f&@TqzeX(ppHcyBw}b1K?cH(dFu=k7ziJ>05jO|d|HcRY?@3B#CQf#)|6fC}3H(p44hDU!=-eJc zTxTbkhX*tRJllfi;SEDSJ6OaXL%&{d=pGW0r6UwrhU85*Yf9E{y?1@b#U-HS7O*P7 zhGv~jcaR=`B7`l;6dD$iriVoIw}x&O($M16*v#Toth{I*MEEM`H!{h}HISi>NU~v% z5F(jDh;=MRZUXMXxZ(;5f~svDl&cL0uPYeOH~8ubNWtAbC;*$M0}7;cYD+jB$V@#j zm=xHr)QsLl@u z8^FWO_ny;*6LdW%s~77_tsPrPLKolgWnoY7x?Q_1Fqf#VrjF=ym%i~E;n8_=!BAFO z5)zUK>md58Q-C@VcJAPKqkHWqzXpG89`x!Fu>mBAzSf`9==@};93FzZ6Zp97huI66 z_*c>#J`~7v?ft#&jT>0V0%&e=ApF|Hlb(@s&p;-A_aFn|%QqJ<4@jL+9_U+0y)Q%1 zlu(1!g9zy00OINKUFCikDk}uk5V|oCXewxhi0L7qxHmFLJ>W27zcY{z7~+a?>kz2n z_vic5^htzKR>HlR%u_#;ThX?kkZ z>iO>YC8+YvnDHwZ{u}=gK>GfRL3U{F@SBnS!}$FxX?FtD`1&!r7uIB-m;wIB-B%0r z?l=1a&i1E#YS;OC zx7r*L1auisPq=qC9h1@h<#)dODkE%r@^k-VV6s=uypC}a;@u{;m-)^t@23;Nsv)f8 z__q7-XdgVYy)Dy=xHt9({2s`cOCMtiY(?l%w*h+~g15w*|!8S)6ELF*UTU}5bG*bB(EP>_f* zaQX%DO*w3v@U9H*^S2K(xiRQBkkO3m2iRc3@dLEy$nE`qp6~yjurFY6AX|cf{@)H` zSWe804D7FFY{u7L#;;XgNHA{@`oxSAeELukyGv1Cd+XsSeoc3Zuzf{V`zJ0fikR3W zqL2kviro}87ngK&!3jEe$1$u;_i8Dw-7W*2w!3wEB8R7g9%JH+cO!ZGe6C+#aQ>Vt z7kLrxgn5{>`Wy;j3e5`^s4@wh$Bxsq%ChG|3ixnFJ-=V$Mo4;vEVu#@%?KF{MLVr{ z6oRP0nfY>v(rI5Yn~2loKn90JVq#O;6($-z@)%{Mwo44|@sgA0k-N1qniC)^2f4&x zpSu}sH!d(0ZOc%xXxx7i7R^B4#Pv)6oiHaybun~A;`Ed*`il-{x23E~E01nAQz`q;RPsHif;E)(7Q+LPjkGYAYE>G7BGuaq>% zF~6M=E;{6W)w-XwaPe$^++C-nllNGb5RwX~4ux#5HX`FB^)V(NVi*-@kqpD8reSWz zydldSIBu+gfi3O1uxpPgUCq|QTxv4V#|6(Ds0q|*NZTNy2qI+q_P@4%NaXvBd0P0y zsknV2T#KgmTJd&o^J@Gfe3H_N`f#2WoX8>R^nIBW_tv$*oQ!?|!&#}TSXe$+w)}{W zHBl;`$SFRnYH&Bq+qK#6$yWOyzmKP=!C*#lt+Pq+*`OZcQ!ORqD>Mh`%kc|AmRCm= zaQe*G147&9)%+>ZNJ!9?FOf>TxdeJauDkO#P+iDrvUkOPba}c>+wziHrx_G@c>RL` zgb&*F4;5Zi)!z4e&H8;AtDFbVpveu0KSC_F1ESW%%*Ha%>{xPeDzV&+@UOat1CXl` z@J6zH?>c@nel;n_AmqbunsP0KBaVNJ7b|KIFvg#AiZdndZ?GdfF0y`vGA>_h~LvzY9y;kUTr1nW^xua zY&_Qwqcy@FG$4Hh5+6_|o@}^3KpuWjO0y$K@POzUhfk->fM|6p*lj#PprD6Qa{&iW z#ngu!=G`}SkMD+rqOW1Dli$kWOI>;S)9&P&_R!u)5Yo><8X(baB6w5e zyHY|;TL7|#flj&<*hWqBnI7ZP>kqgl3qyC(4+HBS(24@bVj;Cg;5 zlmasTO3HwN`H(uP%BS$MzjTJb*^R8)f%xr-9FdR#8?p?}6T2qHJwoSjY#WQ>KuDVQ zNnc@U!(W3Z+LE)wk?Cp9QH{ao*PZ0HB>kfRs=fEh;g>+lhqr?qU)vre=zAjSz&l)3 zSw#3*{Rx~gLH|Y8Tk&`gp>2)>Mx|**#JKF?Ga}aDx}pKhVvC009t?l?ooI_LpSmi#r$)>V#`&BLHLI(p zW!1=;s4XGE;+^DWg|bOemY|uuBFPBQv(J~@F$4$x@4SCl*h7$%62p^q`$8_Mb%!pbV zLGjnMEQR+lm_Q}Je$o;ek|E+~O3iPVoFuUk{&0;bZ2E@J)r&-v+6Ppkx_Sak5n!B7 z+v*`iTDJ0Ml-ANbow8~T%{QP@7`IUuXC_#>7iT`jG~T#mM1hD>5I}k+mWPtKpM_UQ zjIn#Z4y7M+hOkF#N4TA7_upA{7kTnm9~sz7!YDhAF)pF%?zTs0m*qs_b11feSsGg= z4Y=I$;!BOM?wD?uTzXn_G-2lT%vn@mM`9^>R2HdRg>2=b;%l#u!B@(=5atiq&0Jb= z)t9kC6q;1~lIo)BuB;>X!3hHXSvIdA>wTe*f5`p9h>kNl@~D=ESs1f}eOz*3gX+lj zt*WYS;B%<0)I_>?EX9k-d`~j9n!CD821rik)hmwL}Jbq z$TctKHDWK1bgf*UIOb>>Uz>7vwrlOU^Q7x)vc4W`W*-D7k6Ia#eIK0?hg?^dK{@J% z4G+koWXp>ZBIxS7FITgmUy60KU)2kaKfXVWC&nCXI{s#h_6IEQ3kqsU5SeC%m(tD+5}fv;&JTLyG;XR z`{=e9zkOs3KToEkQ+)=3;y-Slwh(Uh^MhiI;Q4>Zg&oZ`b_JtHP=LfKox+@+d3?Pn zA#+NILtmeYKP2`564x5@xh32l7My5!2KVV<9Jen!GQtD)ap46)V` zwR|S~lt4;Pw z;bW6n`wtbz1*gz#cbh`xPZ(s3d3=dmrhe!u!r3;j43U+KUA`-O+z9Bvf`6bIjR+jQ z;K$E3wJ=u>EY=F7ssroVozdT!vbKEGP8@_$0DfaXFP2FcDPHDNc`A9ZMeG`t^jR`I z*m_9uj;(*P)o&h7gjk%$e9{@c$rDEdy|AO#8W<|gOy@NY!69;wME&LHtf`J(dtVY# z)xk{N$HNUdYh8PW4KUrD5aWK1AkM&DDOXt7ODZ)&6ed}6OyY~nNP5B_UW#|qV~93Z$C-AOJgpYbWR!VCe3aS( zpunf-a&D6EDWee-d2DT9W(uT$pimtlMt(G}<-ylJ$z7gm@)r3lu#ALODQYYno*Ts5 zSVqRZnJNQe1HTu1Dhp{R?Wa_Jf4;EVzQ{>&IHWSst(bo|FZx4(dPdp!Hf~ra;p&wEz=WN7^5j{h=XI+owfIZaB>!VlU*nJlP5Fr#{X_pq^qPEB;rLe_bRD(-A= z&-D=M_wkEc*MIBIJZAw)#yD>d$tH70E1g3jnD33San{1HNtwDrex+u!_p_V4Nw)f- z>Jk=XkR+UQGb6m^(t;s37oY!SpTEy>oWBj_8Qb#ryk7%m7H;ibRHy0_KVPqXX06wv zeYV=va_&`xRY$Dz9u@a{3o{@vm3qVVW#Rk1D*k4()<)|%61~(_@s^*X-nU><{6!r7 zH)S|%G1T;f6mDsPJzOXx2)>eI#k|05?-2WJ7GIZ2Pt9PB#Vc|`^a4QH+PR|e0(kki zeZdTzZQ`ILd+aM%?=I`Cih!$kXY<&$#2{0ZHmi$3rS_m|#HwU@E-)-#)f-|o$N z`l(VA4s{PM;h2UYW@E>+3GqIkkpN7noL$CBgtO{t^)QWJC$W$|* z3%UdCh<&|7sGGllzeY!WI54aVCiYd8*o*)t{Ku!JJnUAwWJ`>EA%D;eovAJR1u(Zr z(n^uCBqWC_J>48|m!qrNXFo8oaOtQvgkPVmF|$coY_|7#zloO?Mb|fCbV3$PTsfcQ z@@Kkcb#@kymxz%mJ8#3=zSmC@xjYDqr~1(5&UR`_dcY_jovY~i{u4bc?WW50BkQBN z#@Rb%C7yhW?51tERD7L;%m>D?)WS_%U%WIh8pJ3>;(%QS$C#Zu*{xZ&sB>wZcD$uH z{Pt?-38LGUtRNmtTNP3ly*cTXVlR9p<*Iea1Mwy=FGu&26#uVP^*HW;1I`U{Kx{eu z@r^mOGd!$GdeSQU=2}CMZ7BNu0&+gbHE??%kY`Ae#6F1YVy2x-mz(UblDi)xF2u(_ z{vsF9qNc{!mJLQkK&FrW)B^5lE3OOAYsexg46xD}>S_pPq{n6zU9}vMwhtH-HdL}u zx2E7b+DmjM5urmm_kzP~m%iuWjG=YTMvN<$LwhcDc#r_}&SI9{{i^%iPv7B1Mwo(> z+7hIcyR)%0$3HZRGg>~#g_3VTpG)7L?&yaI$VXqVI@ zw0X|T2+>eWeGVm)f%4RD2rMj7Hl-}n$yF$a)DGC2YP9$?B;(PiQ zy&SWW^My8QcoH+J6;0E+IYcgNa)Z9FxR#wbtJ4|9L7VC?2_1b=k4((K7OVQ1-c)Hs zB+U|-E0aa|2n?Vprb`88Ypnz`%Y{^<0Zx1*Pi$|Maxs7CLSGl-!m`Ybc@PO^^D~vV zlZYeR@2et;8ynwBk!UQA(J3xUbk)B+H^Vv%_s@Kk@sGqX5459sY1U<#D!>Dh z3sJw&#BM);nCLeo8^TuhHzpibJh&>HORQtmS@i6b!WhthshpwF#3=HRT7A^94@U&; z88ou`cu6f=0e{?jqRL_sPAD15%n}U*q)=q5zL0ccuY`Wfrvh^}+sXUh>9aQ15IVD= zH#^G~MCZ+9T8~-|8%}0Oi2tog2u&Yt9oXx;YNM5LGj_{-0Sd|x=+C0xc#+{r;T6FZ zh*>XZ^o8Ws+Z2*Zmen%BtN$q7K1tiK!9=ao>&V5SPLJsa`mINtrfJ05r-Drs*x7rr zX0{T_M3y*uLas(Hi`&*RurtX9AX`1>Q(faDrZbdq8qa6t4?O&adDph;KWLcKemN^i1|LKha}*MuOw9(9lUu zBC-Wes}pkCvzAGNQZ)2)R${bC&@(ufI3d)mG`+_Kl<_{1wpf*htzRXDw%cY^`b9ot zueB9U76t6Vj;T1~5{`-xr^251B-w*G=DLv5)q7aVqL|>SbE8}2MvR?@-c^tKgiJ4J zI%UdHP;>lnSJFS;l+s)>2xdT>zpYwEk29c6wnYEa&c0T^E=j}mP}X$N&OiYF|Lqdt2l}! z26raZcRu$;m=|FegN}s=98*WLhL2e=@rUG^q`tILqF|Vm+D&vGG zW93&)mCgt-NZ@zLy4i((s?y-lf8e3Y)B|r5ijzWC2DA zo;kKH4j(llC?)p1QA2nTxLbh`&EIEAc)&H@>?^!U#ukJx{;BJKC#Ne7FJ1Be?z)X; zTg7EPir!MSs#CvlC-H#8_5Qey4T&koB5tg1-K;cqqoQWcvVEDyx%9Ut*CBa%(6A&F zkc+^f{$O1DZ^_XxAG-dlv*OU7@ytd)sLNPPJ+`jl4$p*C z(?~wpy#E^Dp~O*)6633j7!e&t^=G{HgLi?4p9P*qK1Td!SoYt6szWTok8NA7K=o%+ zKl}>E+D^˾_D-i^RkP!Ip-Hg-uf{(57>MVxu}v}=`*8zI}d7!L08AX!vMY+hB^ zMn%J8vf3|}NpjvX+&M1C+@=I_iz*>qrJvvB%;fAXNygzCa7^pld(h+Qj`v%7%iVd$ zfSQ^c_Q>7dDPuQ!L<}wvMEx>|Ml54vql3@T%pd&OY!G0CRBGc+_NK?+oPvJvA2$b3(zHD)0f$(5c~*|Zb0 z3gg$?lMbgWY!~Pvhns8zloAVfzOx5X928Xz`d*ZNMdCX9(?)}ia5Ozqm`^I-`SqcG z*qek5n&F=$MJ5|}+YMIl0MbjH9bMM$OK*#u>i#vQaakNcl$bh_H$(>STz?-BIEt@o z&`mN=HZ-^^1S;n3tKV;9vnc!P!ftXspfDgd?=0!gkvcnIX>403=Y$CDyp%TQ30Zd> z8vk=yVST>}Uh7Xc25ZqF)ls%VTAAfZPN?K_d_a5l_k&)eD*vGbnS{GSwWPH_rrywc zoxch8vkUpq`^kW_sQm6YKuzW3AJEHv87*gdPLWeTy=wfWOU( zyRoYdHq;!}c2C0Ag8~Io;qK-Lwzg+tH~}&664e45f#wttZT@YM4vRWt&E?{a{AVuQ(rPq*%@B55%&{HjYp8+`^bKE zr?kc|Up)$Cb4?(o?y=2WI?maozlc>A`x`E}I-sBb7EVNl#qf+iu0HCy;6eTnl#k9< z<`FLI%jvJ(NG}3hYtdn>nlHb2 zZcoLi6q+5a$4juIeDK(SDOm19i%tr5upUj%#WN4~EmN zP{u{x7puHqKu%tDx(F|PyhJF=A3jPul(rKN=QYYdwfWkl;158i%oG&7%gvkh>T20I z@HKAR7-;-Ga-_O>glaAvKd(A^s~T+LHZ)o{@IcXWiIu&G8S1yCVpEu944(~qiGq0b z+qZ?A>%P9ytz6En%M%q%e%vTK)_z7|?cP=UU{@@iUGD)-TRX;K=1MRreN}Vxq5J0C z@A3LC-`eqqwPPu6ucIrV?AYV?O^EV~d0WTOKk9Lz_#rJS;!dOYzn=1>GYOxY`N{!$ zNcnUOBL|b;(1tl}x1np)fEQWgtV|n0`e7wgQH&R`iG}`6=O3{5vdYVF=a-2k_c4f7 z8)n=SHt6Z3f$e4X6sV$<8ZD$G=_KoR0Ha40LGjM5X=)Y8yse89Nly1DgDfB1;Xk)M zL1^Kmbbv3*P+|(b2vae>-HuX2R-As`D$?51z5A_jpvY8B5G2vqtaW!jMwJK2o0t8B z`d{*is2*$%D_q99s76lsGR#Unx72;Nz4xrtfR3E;dr^#4+P3CggG1M;OJ>aXq@K`W z_=(A--~%_$)GD*iKnE9vOb#~xoZS6rNha^F7T<;A+4d|I$tOeAr#{o^svBr@JM8zftGBkLT# zzh`4{Nf~XF3*`QQDU>~DPpN_8|2Kxk%zW+B&~ei`&Y_HYJx|d3$?-D7MsI`2D=&5U zU^WNR!SMj*;tKyDhjLKak?k!TJmJ>r;cS32Ei`-jUuVgApMwNo^T^a#>|^0`LP>X& zd;^O&2Z4|tmzdNv|J`KF!E%yQU1MA!$@k$1N5UXdQNqOYgW+z}B(_r*^i5&Zf&Om} za;f!?bh-K!WcuuR6dz1WyrLBB$?biyuaDqSbCOrSmJ4={*<3~Go66%$_Yb&t2+36a zI@_e>pnq;vgEd+mZL`R^0$8{v<~3!?qD5jv^@Q3KrD#Y6VqthLRBdO8VG4I6o=r1N zS7Gt83a5Bd{w9eJm>`a9$G{W<^HnG$QJu<2=yEH}KZ5-)Ean#8FL!r|U%K#x?gsNo zgqJK>F8l4p|tm^b^Cf`L}D?%6W&#*$(tKC=zy?zx`2)11a%j*FYJ?6jw{ z!VbwyEv<#!az-&T46Wt*7>_qzR*8~WGm!opxA)a9){lu|O{f1V*C(PVHQ7!&D9KbG z;UhUDo_K?sUx~<9n$#wx)>#(B34f<9vrrcxt-)~<$s^Vzm>hB{5i$Zu+w&R<`c*K9 z`&n;p%sBApwC$6xG!8qpGuSX{o3V@`@hcUL2EF!Se(wFd+0D*zaBuJ`n5!YQ9u2;% zM8fk9_eOQJTP$Kqpc3>5V8cWBjB~WlQPEw@&^D9h{{SxIF6rB^Ady8y^YmN3DiENCCVY z>B-XJr>=)lN62YSEHf53r`J0x@S|2PDEK;Jv|YzK&i+|PU;2d}j%MVg^9umu)oS`X zQE5M2th_Ymn+TJk(zw|Pc>5-E+2{DP(d-oglx~T_ zC&Im8Y$$6n;RM|`w>ESJs{nG6xYo&PZWoT}C#xc`z0)We@QRI#6MT}k6X5wz&AbK(%M9Qa zDN`0PpsYZTOV&buzAavlCrL-8m&o8MDx48SLIG4O=MLfmg1+%YdTs|R* z%q13PJ?NDP^d0*xKX;}t4xDMUepekl=* z=1g$A{&`9~WK0o`iP&d0w;PG*cW`#NKF;>p8Nsgm@R+WWudu??*!u%M3s2@F9U{;b z!Cg-Axg!-bn;Bb#7-2mO$>G+ad&;~4?`VBQJ&5ke?e1cJYzv(VZ|dLf^0zRNoV@KZ zUPO31m_9FRzjGWE-uq+vNM!?}HicuH9%p2vxU4*-Cn3awfNqGopWqn(Et@>P;k`6) zO+3=L5~UB?R+2i}&es3X$Ob2|#ExfOoA;>tFhrL59^!86y@2kED<>)X?!?UuLCIBu z*a!E5{AmCx@M9rQ0an(SwvZ@g65Nd%VLMHIIo)V>z_wd-!-gAK>}4D!aKzbRH@Z%}><@ zl1|f75CDx5U)1>PA<$s9d9tC3zGOovXO8CCY;NCD z%lX&Gmg<=|sXZI40Qu!xyGYCc|M}i!6TZJrLg~P&p8L=WEh7M7iiVC7RdU_d*n||v z5FCcb2J4P@dakQ8{-cFn*l}f6Y6*Sr8h$YORh1YqLe0b-{?yt(raCrS1pIMz)O)eq zF=^hk1Xb=Z(R~ReVqqv9A?e-VUZSq*lt{B?lTXvJKc!B1qc^y{UKN}f|c3ud5iR3j2Q~GG`icX&&yJviVwA)x0TTh4pz+{&V-Gf1_oCXgC zgrDxI4@TCo5SekZ0+S2jZ?=Bm%PYs!|66^^`d{kPzs$@m|KY0s{-ys6w{{#~60LNyJlg z3%z3yxxWrAfE@lr>Z$AiOnhj~d@eaZc6TD9!&_TwzDY|H6A?p`b5Wp&<}^|>Ah-2S zEr6xKTfWuV|J$DW|Awp4y*^6A{zAaBjde~RDVo5BN7qKjP$0gbaLs6ZWURG8Aqgb2 zr~q(qv$6j`O4)$3zJ--P(fuHAZ?*we)mDElu6LGuaMn1!3@nZH0PP)F9PaC!>cLdk zH~;`C=fkP5x38rD7|AAfgc!kD5mvV+7bchcCb6Yn$s8Dc8&ffRVKjGpCL9`Uo1C0o z4D1@5UbP4>Y*=?`CE3*^e6ex-WUj5ndL9xQoj}!nH?9ZXYsS_&{W>#0zhNsav#6`Q z(e=*uCd-cuFZKZw6Fyl%sRiDN8o=6tTh~@sUEhA|Q*?mYjsD=L77uAWlU-hk=N)}p zP(bf#d=p>PRtR0+DpZ6|__3L(Nn{9HmnQ(Q*RQHqoxs6qxZ1`hTkuriDyyv6Z&&aL zKjokP-Mx-=cVL*+-i{GC-H)%A9UGC|r+N@}_Set6A4VNzNNEaCC-z|B z-I2*5Fx}%_W8m5!?Z4W$DZW2W1?I*dH%#C4Ne=ZufUiGEG_BGn9zyR+#>(A+r&!Ta3 zGaSzksc*{i0FEbs1pX}s+m}u`+^vpi1xRD#lkM;LYIYaKTY^w_HO|kLsAlW==50Pn zB@Gwo3?HkBo7gD2Or1Xh5A}>UXIOPs<#*@i0;fESc)S< z!1_-wee6vx07exRMm*x%*uK!;XN2n(mdt(Om4wkXvIA-hkOtVj2Le#WS1H^g1!S#9s0r7zLojn_XJQL;|;~@rF_yEoB-2J`VLqHto-YPK<2A-4G$zL_ZiTO znD~uv3v$E@fz5x^6B+~DTmB91=VkuMuL+<$#S5Vsw~Pl8UGfF)cX0N}zw6rWgTR)( z?SsghYW587mv-!fkZN|PGYGq^=8N46{23D%anUk3cNg<@Gghzu4cdnT^nC{~eWzpb zqyq%r%6D5iwQ2e7`1@)iz+VNviS|CF@0)Gu9X=-*TV<7f@K=Y==|-Qh*1u7~B7gX- zr*~!_Wc4q5Kz;V@eu@LQG=IXuNL7D8`@VmOCqZ!oqhcChXV2)sRG(EmS!|D-efVt` zu73P?r#U`B`>cK{6mA)#pXg?KBtgHzV2}NG+I-6T+BkpY1FW+8Zn(+7bC+_e9qN8G z&fj?lc0o*zU>revcE0oPKZzPZzc47#ThXWCaIJlYKqNK4CvRBq0ouPDE`GE~qIU#h zIcMiL_k8U44&Mu2dCzWtG#+~NpLYhnESN5LWq!tjK3IX=znP(|>9=4%!{2P)cPY29 zzqQ$%oo(ZMfP8bdDz90pdwZVIHicd2W_7@H@o;_kZ$G(y?|!iBd!4(s=|uWO!T7aCsWws-T#P0$binD;ej2a7M4br#6X4A+q0kFg5gvYiT< z$mLKc=bdx1vC0WDcf(G+Mac*-rYDq_mGWrtMU?8e7~SxB^J0d@oYB2WPXS%j?afB~ z(mLK(jug^TiOWVDTFEUKSw!?8CYTtacq+57&pU6&s|EOmppV}trEJ20WTnhQ;W(vGj-m(FGaUc(4PAJr9R;s zI)S0Xwo)mxipf9JAJ}P4&F6D6G+sH}BgyTnF82xmdX9qutDIvw6B@QsniNX578}y} zbz8g+>%ihK9hHMC9M+8}>`bOuVWeb zk#k2`;Y6sgVA7_w&y65c$$JsSwfNpDQcQKh+q0fWXUE}KM45n0d~mg^xEbFb-)YxR z{9L}F-LEejOTHa)k&GYxE|b*3ia@UR$HIUh-bTEvW=?1FQla=5d z&3L$lqFdVL-v_%QRX@0mN*!WKfi(1*0k|G{*hTX|j`5t2g5ap4gF=?kYRRN}Z85G^iR+ zi`6P{@h$=iq%x;awx@?MG7^_z4N{#cv(k7rqHx=h=49h<1Gu4nrg%bdkZ+TKOqj`v zt9_S86b9wJb^-{rkJLE`gbjh6Guz;cgMTwibxQ0-_Z0o9pgacide+@iVR>T(EA_p! zPb-q6vV5Z*DtxogZ+HD9x1J*TP|Mlp8RtCjJaivfY;S+ln>%jiLBOvWQo}Ff7hS~9Xefn7d~u!~X}pYas)ZUkD)MJP(p3RgL*ZV6 zXU1TtBO%l_W4K1uUoSl^Gyt;lfEYf|`Jovy1!K{c@CRF2@wO?pa#6tim9{=whdP(R zGS9IE_fZ!@uCt0&)+Qg@p*lLRQ;Hh$c)znm@XTcGya48FJ8q9Ol(R?b?h5)&tzs`I z>8&s4vt<+583?3fEZ;RjqsXJ9O;`vM5;hg`uwBEkpNCER~BB7)9bQDM8SRY zg$*w#!YK%O&PQi{^houy5>^iz_bm_<EU8tRXaWiq$dZ%hPTI*^JH8 zkJOnda7a-y@Lmrudn5Mx$O)i~$z1J^Up{ina1go``@@{2mQ{4*jTXiaLEna6dtnx< z!3>VQEXz22)PpxCr7A$9?B#5DHrfu3ot{;OM7voCMN%|8&WEsuW4EXxGKvysb^1ar zjhDZXEBzFk|ILi-wwQ5K`}KtLX`y`5{wO;B0$RZef{Ni6g`%HJf0PzM9FcOXUB(r@ z>cLAD)*GzSMm}w20+S{Zi2&0eStvaZ?~||`lCf+L>30SWauy@GLtTms)HgnfA@b$h z8WYZB6ngxijA9N>(U(eg?s(_Sa8`@)HTxk%KINt8Tjd(U{K+9+2D{g2>3j>#Y*Hdx zu_4%F&I(K}PKEY{Cz(OvP9K3jyW*yb!t*%v3V{8vW`dv8ZMv*~CE)|DTgW5AEs$OwG=Z®cJ;^V-pd>T?lQ>;=Q>%vyx5? zx8TEdoNs}Y_%z*wP+s+oWjvmG0{87Sa=*S52F_&N=Kf5aQkL0p4r zsVXxiH6?pSvlNb}XVQaV-iR0C-g27_?2dJ~f`knZx!8``aR#rq#N|9(w1ew`uGT_A zmnF|XoDPw>cAY!!rw`TvyqOncP4mlFCj&oUiEkS8tNrEqI(@$QjJmHHAl8XiDKe&= zL0pj6^ZqVEKR2WyY#o6Dw#f!4mBZ3~|8O~3qp@mJ5)5r`b9Uhk^mW5JVT*k{88|MU z*qbB7gCeDL+CUTpml(y72*v%uK?o6UqWGPv88(#JYv!%9D_W*`8fm^$YT2vcd1v%m zP$~dz2s=hqD@3alV=ja#htS^$_BHt3YsfI7=fqxs@U2$!&!L;on!1At`a@~;sE8d} zh9Sc)<)Z2#{mc8PDWEMK9fv#^65?vCSoBg20lZxCzgW;~MX0~`99U>>Zpiv)R%7@W zHFlCqku}$32l{b`>6PB%NoMU|cFqWo!BQ|od7vKefm@DAGXY2Q0e6NTVfT9qs<)A6 zSvO(_Ot46$UCu-^SnjD;2^tW`pY#ODa2<^=hhv-G>tMa_LktYfV;UPL?PeGb92xV! zLmXo9s}|QD^1+!imArzo`ta5jz%zyr^u7U`e*Ql)994D|ZJ%HRbsCC_16gq6t(N3NR;j>g3Vn^SZR z&cmQqG^e|s)O`$(`(jBZ2#_qy=0m_@PJtb`#{HbzJ~n>bTSP z`bN)05R(thwM6{N*Lc;jq=f`cg;3FSI{MSbr~(~51rx)wORSKB=M`Zxxf3*2?F%T^ zoyEpZSc!8F&kN4nM{81SMg^XvT(bok8Vna!%a@!b3r=3FEpgN5hWm*?G&QL)A(6MF zN+@OCbT=D{UScypdRdx4D)GN3<6KBkF^ z%3VA zVxlVCCHmAp3{7mm&;H$#3IoE0+>3Tm!IYO>6dfSH<>Er8?0Vk@B-3)>? zZ+;z4FxmuD4*(rqDtn7^wKXNe!}c;iwaS1f;1Y$qbhmN*5ns#p0Dih)rAd zO|+$7pqVo-Mb2>FQ#&-}oxt}y_HL*p-HA`~BV<~Ws>}Y6s*K1~^mRd$YEjB=TtP+`*a4^x9GM?8BsjsNok2(f>SB*B!wT`EJNMC5U!05-eTBVo8(l z3uD@LVr0vv?rRoqQ|3-F5`yr8;t*>O z;o#n3)X)|P#q@zTq|j6~Vi=QVGn6uX7#SMCw7Y5psF>1VmC9mj0A`LD&VuSb*+Jlk zSxv`dya_;}#GQ73^UvS#lfI5vg#KvZ)g8fgZZCh6U)%y~!6r2Jx*jPguHi#KLxkAq zY8zeGvSY7(KiIXVnDEQ+3{^Wjy{2mFcj#Y*n)4}op>$Od(z?cUX$Ju5tcLWB*oSd? zGfYz`isghFU#R)$d@)p4zcX=GF93HI{%dVOLy@2uOiL55iY=UGx>AJv>#L(Bbmq+8 z{X4#_T97M zvLdCL9*X5Z?55U!!`7am0?ijp>cY>cdWKxln}^-(>b5^#UxPy(gEVi-GoFp_x&=y< z#OEZhP>-k_kXUiL*N%Dgu>L0V&pJEj?$g2v6_E9ajFaV<0jYNLL)&UX!q{xSj`&zf z+nR#|Z32yn3RS7JQtW4MYgMWC@0@&Y@yn^rb7Sm>+&vqgQgs`zi9XyF>zwYFFLeMi z<QYOwTGwumyjGxwbocFw{U0jZi>Uxg{_tW&O&!{r#k;qG6dsTSZf+|sMLE|j`f{{ zW%{yW)Bp(IxNGOp354YRL?Z zvsDcWusqURahLnMuQG;T?Jh;+tpJSaU#F6bPNG6e zu{~;78KVjlS+Qs&e1bU?;nqN4dVqXFi3jSXex*Yl8MiNTYA+LwO;P57X~=EQ4blqc z1@X|^+bHO8UedRsN>UxR)1(7^T8*}sA$yUu)HacNAa|}m>0@x_R6K%`%DlXjMS#_> z_GmM)cWMARBg6BjyKjaGAifPK;v^hQ*N9xR8pB}HJs{-N9=}TQrl)5e86?3Jh+r(r z2j6l_5Rc&A)dQnHN!~StSiTZv}EWtqI z@me|S(%2+pAp>LLZBz$G{IcJfI8BtVG~HX~?$$Y+o(x}T90-b;ErBZT2Ur;Xo36dE z=%3J3Lu8FgXqCOQ4ju)Y!$VKJH_clS^-cbdr3K1F^Xya|egaUQaF{m9oWS{2Mn@e_ zJtpI7ki?Zq;zYUx`bqDC=e4p)Sy7swo8FNRR%55rKJ3)~&l9O_(wK21x*@Hm;hz_& zHgX{TC$*eLZ!NI=O*AqR={qRA1$Z>A;t39tL%yaYrHDHP+*fgtQs_GSR$eMt7_F_2 zt7H)F^@oWwZ4x!qWD{vYn=Tn1-oN^ENv9GxDaHCQ4cOngr`hKPhOs(xyTTX0U#dbF ze=UT&NrRuHC`%1#BSloN@)P6jNs<$2`S0?^h2qhtmO1W>J1n6z_awX`6$o>J8bX32>qv{&%T3`OO_LGIN!p*6+fCaFL+x;uC^d}%aeX!Yz>zk*s za?b(ci7jDyHXA=xjI_27iHQ7u=SKk!mSRo`oVflPXi%aWKVILAo<@?Ro{y5Irn7u- zsT7G;5!eHGbGQiD8zK!vEeT4fE1y!hSf)#O{-meW12-is*X(zpl&WENOWITEB}~z2H}Pr)QaL@7=r@a? z;w3E}#B3#3CY_@v;)q2h5AN2K*^Sa`Xw4A%uVpi9*#!Am!DntJ)>7yJT{<5Lb%X%% zwB|^-jb^U#+lG4en9ZQe&DSLqx0cZ2Ub;Eqvwxr5M=FM{uv^*8%`*Z@k5?=i91pgA zS(?f^g(Mo5`zoqvSWJ1RQOvp}X=D9aoj}=Xu|!Wv8b!7x#P~JlHgQj}21|N=(%oGS ztR|T_jKN}45!XH1+K=A08N&yX;OU0$FN47X7Dun53umOvuwC#8h{7xBBfD{eEX1<# z8ya1R-bjDuSlj|J5x=$jXYfbRd|5XP#m-tnBW%aZnl3qAdG_mwvW!5vn-x*KtJ>vR zBn0D6I=&J0}qA?UX~XAd=o9Op)S& z8ewccS&W)`))zfWb5P+s0KTAgSbuI~efzzKZlW+(<%fXyl~H$aI3+xW*klh*W|(5x z-*=Emr?Hq+o2f~8$4oG)S$5-;5;S+!u<4LNxVH*E2D}_@>J4&mCs8&Wyu$jc&a$iB z2(S}gE{zoMUqXaBO<{7R=6*oE->Fw?%qxYEdRg9fgIVEdWvj4nX|K%5BB~==-XJVlogq;(%){ z5aV8dx=h`0wfUoKlxh%+mMO3H&pEL7z~W@;BE`slVkM;wyf@7nT^CLk;<5V~A~i+P zAZS6P-W|L~+oCFh$O$%+fVqyhHRyL>Gs8E3vlqRy=1aA0=r7JaQ$M(7!4Zkl|J?T+ ziyhc|lm2_`_T=z`##eOU^uDTm?3u1}7hXEu7miulq)Fe%DPX=-166LWAsR{+G~#GC z#+*<-yep{Di@_it^OGC&FkLAOjUV%6sqXF8S$Q=FGqQ?2%{7 ze6+VdEDe7t+Ndub_JAz}Kze56B=heSKX{Ide zEu6Ck9JT9;;wfQg-*?610P%C;*>Q#p(g3(fo(;dG2Xqx;_xL%3__Z4#E*c|j6{0?qs3;vS2j=BQ2n0;y@g-d(kvTJ)W->`X4mkb6hkbP|0rxv z>KiJQ_%pU`%EbBGqPR9lbGGJ}AO~(a_5ss4~L4g!77_e_K^7QSz6lOubA~SsA{0G9&depXMp5I9v__dl#oBP&?JYM`Z@2 zjck@KW$K;VP1eJuY%BOO7M29CJ7h5FOc@5IAPOPuI&A!{vg*ZtY7iCX$Gh*`7uKwU$2d!vHA(Gv*DPDUt z8G$JY@6+n+19Zz_<B|GB7Uh z86<&WuLaloP*W+y+JG?HDv_tDHq#b_Dkvl)tPQzLFm`B)W;nQBp9e##*}Cp3Ug(5o zskFi3mj8C!6!1ZUCK$7`!|hB1vn9Z}8JI=z1B4b;&tFn**4#y?{<+IH;~Ag_C4LZ< z$ZY!l(8*K-Zk%k4i6MAg=v27-8_1M2E~pFgJ5Zd|r(rFr#)k54|8xo99c_(@u1uzq zfxrmyu?p$RBz#psOJJLgb0+G!Ms#s4T1Y2hxnGMxxlA}`z(wHUzCE$9uuJ$N9_7va zW5+Q`YqjYK#k1|v{;z}l3_p=0cRL^LjFbl!CCJ!R!bAM*A7$GaT~3YLBKCux4ay<^4DI6D@UI2NU|eUgCPsy34nxuowjrWvs7zI7V4Z88R1G74gp*V z2PtYc9F&kHFW#8pXjU08f;MB%NnNLVTB7+o3h zpSCWv%krB)cI61mT$_xt*6bS!Vd35@HMFwsiI*xZzay!LevVYZYqPa7UPis@Hch>W zW1m%};2l4$H0AiZ+043P*dn&DGFS~oNIm`%JbZ8364wusG4qI;cbr#smfTn2C{I#8 z&lZWq`RfTr4KmW^J7}2>gx>n)wVqZTz8kW9_+1}uni47m8k7d z3Ywx;t^f8WG@e)4_~h?Ta`4 zOQ{e*6|JUZ%%0LuLXC6_Z7$HtBN+bV8FUdz+31G5%o8<@b&G4Q8FSm@jNS8+=Jx5? zSO*b0XotMB%=jaa_?4IS=y6wn5zXqPo;a1)3y$#;o9KhJI!esLz-ID9iQY=SAYtq@= z&_?r-N`uie886rE6s?rE{7ZJrpF>q+V87Fkw(L*^i@%Cm2-y_Zgu+XgMF0dh>kG<> z(O5(sjJtZ~SG9{wFbp*t>FJgW*~>J<9G{82K|VItZ1){3l78NmP~-3N`5sl)QB*6* zRw$J&@=S86q#5CWsADKaHZJTGj1mw!cIUf)(u-Vb3yO0$-zi>}WOK!bFxg>}Nf3#L z@4Pd_xcn6IpJ#Nt$?&DD#Da5EdyKD_o4f>{2kBb#`zni)eii>mq$h-#6 zptm{Ab>7E6QhgSZV;i2@ex)-{VkJyD6j7cX{Ici9;>+}?%b>ty=bL}_O|n?x8(ElX zQf^p(>wa|X^Jy-PFF`NY(S*MQ!`JBK){2kJ`;uR9|BRu>h&RP|8Xi&yyo+g_NK@Zk zC7(=>wNBG6X$J=Pwu7j8r*Nc-ZcWy`9Tct0v`Ys3cZPL;D${QF#u(v~v~g0&4%{L- zlaFFsg1*Aef!+CO$7oK^jM)Vg?@`XFMtg0kKS`DkNGW6S^3*>J6%geO?_)*S&z=B= zH&pD0@btw!(S2Q`y!8FlRT>F@=dK!nTe8{{b=lx}-TJE4!saImi3mOCFbvK_ZXx5uTg^ zG>Q&K2^~K|>T;K=CF(3_D#u&>UU0d_TMDwP@<`<17;;QEFjg%_r)d;_a$7%b7W*_T zOvJ(A626Q-UfE@-QSyTDo}P;fZ*0jgs{qe%wf2$NTipa=r?>9DqT)MMAeXlsbz8$B zPEN=+s~2fCo)6LcVF<|j`(d@cHNELZw=eO>#iHTe*E^bT8$i5C=kw;V9W#zLNst1- z+#YuU&`wO%F>s_KMzXX#h!=!5t$nqqYg$26E-M3Ka~11z{sfJSqlTPQ04qa`5!d_v zpk-X$cq^AQ5F;qKJ)4pue(vgOrj%IGU}5zxpWg|43x8GP{4aMlCSmDGD)P>3{wZDR z*Cs+ccyZ@=)eQ6JxdQvC!IHrr%!|TY^kHWI)|w>`3TG7IC<3L^w#3h7!Rgyg=crCs z04QQSm?r`Apl0Td9ISBe0oy6gSSEv|n}@gPgCfR?3s z&J_clumUqC4U;E1k&=AjEL`+bAZMqNbPEARCMnXhzYIzJu(7y$wYNyL=T~KIUpVVh z9wn+lP{B#PvI}RAe+#5YUQuo)!JkFEcnnzS5E6n{B#0ApeiW1@zrj3dTD0pNClp>R z9>=0ry!3o1a27HzGd73TX5Od?img95phEVqDVz^r`2_aUE1nWvs)$NN96Xwp}=!=Kw%E&vC_5YvuWykupXOC>nANFj(-^L#kpS@ zJ*MIVNfNgAlRQID1`v1q zwawb;P&U;Yg&+@Q2<9V1v%8p;339)}Xu&7OzuU6HlG5tw;x_TWHEkf<&yMaM2qw9&>HKqU~Bk_F#2lxTz>>mR_c0 zZ7pU$q+t^^^hDx6DVNaZE8nr`8{AC<*A9`$jaYY0ce!>AuVPlAo4IR!lsKy|cgu;) z-p8p0bLPRs|I{ooJt|oH9NSdP_%EDtcFDE?sT|9j{J-EuuI_X4>vmS1`@r*l4bv?pDxRpb} z6cskV<2Vi6Kvby^+8SF_q8f)F>Ci-Ydq!dc33u0oL+`qVRENG*Bi6N8^a4Nl7YgD= zA(XyXsGYgX=gUaH%Q;LAiV4kNrN&%fp^Cu0yDG*x9>|WX4k7OSF#B~Srqo(JXK;wf z7lc#f3YJf@C1Ee)R6pir%iHShbX>00xqIg-8l(`N*tJd}L<^~o2pR3VGY1*UiyL~r z$#bHrDYg_AbV5g$Gc@Lk4u(j8Dk!%@ObD7JFuWICLo$^0?~mC@FDrIDTNKAvz+KHQ zP|t+*m0Nj#bMrwG9H~o`QR*i_9hnGPk9Xi#@EJ-7^t=S5?B$P4qgz_`O2!xLZVaWn zq(AaK$92m9;)Wp<4-154Hw*0Xg9!rh;2=o<42)d7n2Q$1xL%=E*V{vLeSHDi*LTZ@GG-B*pheX;D5ycJs#HFNL_)a2-&&iEves*X_< z;u}kCaYWqLdeTz(gH5Ja`&Ej{eAuxlvNSSTREtSF)Ja|12O?Z>TCwHj{er?pk?B$d z2TS#hn(A}P!39(^MC#vGSkCu>oV6BV##E#c^&_y9sU~TVFQuLJ2e(NaJwn>%aK>02 z@1>soU~TUwFFN(VL)u-3GJaP~My)l2nRa*F9?4c-CCkW2?~+{FLY03aP8AX5I%~4f zLkq@k)fRLP$ma@-3?SBxswBHbeAF=2#ELmo(Rny|FtnPR+yzYG=d*9jgr&}_4i{Zy zMrL_xJBr^Bg>*WNU)b>lL94R(+4GkZd&p_OxCZqFmcr}fT87SQ?OxwLa)l8-D0|G? zg0~e}H-yJl9J`AN1|3H_;Gm429hH_E&tmj9u&i;(1r_EAI=9J^Rznyu-5qquQZ)k7 z*QBJT6A+juF?Tt(9d=+KZjDg>p~|`oI{vi6EYq>95bd=*Rg!*xbE~wSlTMg*c4~ko z)XqftP3<~>9p`?txp31Q>7kGPn}Sz?OILvQA6dhr&^tj-Ful2ges2QM*h;iNVaN0Z zs%{aI6x|@jCpkOxMSae-#R-W*p#$t$mBBFomlwk;;iaxUC_GoZr9ARZu-J&6cr;1x zmYxWMMJd0>C|bj$hc(amhG3D4kF{}QXCxZMC_e)JkgVpQzkl5ZDa(g{x6>g}Cx zUhd%w>tuB)aCNB+2+qE5dZt_p<9jAp-8E1+NPetNyd6r`dWP_nn2-&hCNDeWPG}E6 z3*!Vj<{-xjedkPR5}9wWSJv+tBlx=}vnxYCk7hhFRk^inc+fz7DAmhLCdbOpgyj+B zeYi!@?D+kFZg8qBh^)0;CnEE#4N(`zaXGEOHDv~-Ju4cPeZt6X2T)iHsqI$WNfFOe z&9b=|mtVzhsXe+s|B{urN3N8IP!8r<#4S4(9(@V8IH$qR5$qqO((nL7Hi7Few)`SG z{z(YKxpyGC4#2B` zIH{5TjpK3pvcta@-7P$3GJGHcN55F0+tTjg9${4N7kDa9tWWTdw+G<;BkGaly!KK+4ZYRSP_jgYlhcldF7zl? z*j$Yr44#ejGfI6ma9_@Nn%6{J2BbA4zV_o)lL1EMEZ$&?`n_ik^`H5jotFyk{(g#} zF8z9uBUK=AsbN^CUgCTnDzb*N8?L5$Xq(o$S&zEVyF2_Gd+@40;&NK$^O6o*5=b<0 zU_*+fuxnQ)0lnK#CoGJ5zH@H+kpk~Yk8v#C4VQt%FV zeFWZTT^PPfG+(Psv-&7uxx{eAT09#|3NL0+)6A7Vz-HKfGr^;C^#mX0FR+*vz~vnT4DY!(OdBY;_g1!h~+n`0&rVY`cj}3su)4Hb^)dT#Y z!&q^jeXRtQ4E;Z5jmn#yI`L{?&`CgIA|>`@4xufSe6@d#n(+z zO5Vr~{W-B^Lw#_Uh-ptvOoW7814 znj*B8c{_hpvIkL0C6uFgy(-AOyHSQw>7mB)p<{+X^e+89F7!XJ)FAwiM`jkm@g9by z9qvN~a`yOq6f)8foO#-LB+gsBJ_OWDd28Ob#y`SP9*ZW5?zj(#{7Rj*yu18B^8$k9!fWTyT?jwomA>AE0*bZ(I6rn-)ng>=d^U z9|2Wu(pE~4;vg7pYmc{UJZ`2xZB?K`qGjj2(PWG*q8}ik7Ar<;JiXI9ughwKd!j4H z_5%6KBKy~nF zSsY+YQsCzu@8@LaxB%>X!DbFQBwU^GS&*O!UPY4>wI5C<(8IM*|0o`Dr6UOEZhNJ& z)6;9CbN~KZ9aQMW(P|+nDNM4+$wqI5^l}CJ36}jyL$-L(m?%P$6>hy-R4@={1@!M0 z3fMl9MFYda^P%&}+B+y9h1>RA>^E&)8c21B)FiieQ0-w&f&>}b(8~Q{UBJe4BGl>D zNU=4>Q#w;tz!Bh&)AU4)>r#HZQ=9Fu5TFFR))KINJ5rjW*75|)r(!@_7Gqp+r4Z>x zv@V?Sq<>od_e?FR4`L-XoUZy4KnCN}^EX*F7^R~~}grwgnw;xTdJ zI)sOnwKQj@jWtg=Ije*{hW~E1Dbn*)i#UgS5^r*BFS89bk^!-u?3d`?T4b?`{(X9M zK~^M!L^(o?7fq87kGBm!zhVLSmj!7LbP+vjxyh8_qG{>ak1NOBLIT}>?wOH=BMzT^ z_1{Anmbe2KL`J37x-kRpW}Q68=-EQ~0_o`X)n6DzvNmRf*RRmhwv#D-nz57{Pq9FY z!!Wj2uD+c_$S=17?N!%`btHcl1`Ix}c^xv+xmZ&clm<^)mg&Z8*k8~M{7K-rji+`r z-JyniebeEC#htr86}U&(M)ATT@`!#4)cvKQn`uMS-vl>fEYhnN+SkBsc3}Z>-yqLZ zh*N63zfU2$6Xr^-9HT@fkJC!p)cM83k@oron}sD~6RZ!%W#^$~7VCXor2+SP#x`Gu z%^+96J25nPHhZ6i*(GngJdHU6_%si?vU$NeJ8gqSEzJ@IuI#)<0LVhfj*ys4@F_fr zoxPH=I%gHjXYeD5y|LJ0r8ID>{|eOe_pL%1fpTuNLGecvuOQ z`z$sBFAry&Oke8*+0S~IfjBzJV+VhS6eC0mUe5Uo0rdjj7iMK`aHe8k7UNT)f?)B=F8wuP@LeZOI=|bVf~r8)U!o>$KB61<=@s zw3s&|+uy`;529vx;;Y3l79MN1A7XLd2Wv5C)RS;au%ZNJkpLl0EN+b`C|8U_*X-#y zI!h9rAS~0V0!&kH4K4NcWz^a*TgztoqN)CCJhy_W7d@{gggXd&uSWho_n^ z%T^8CzJo|KGx=aK2$|Z~xR0n>THG!DnJzf(8$dOt36mK;E`SYk=U;lU!eu_TravdI zq6ZzHy#>x)qyl*_+(R8#s7M7GC|r$gIU#-K;5f4%|01OhwNIKK!2&Z|koum6VkcSTW0C)L*~oWLEpMMGluJ#@l-0joQjQT@A}xmV zhf}`2dI;8B>_~t2hmn7p2_itHe%QCkx+RJsI6DUQVFEojO&-FLCmD_db9{dchYQ}Y zn$##N^lXga{8J**f)mTF=`M5n3}j}^&1P$;Hywnb!kA~5wx9!PPH1n ztL1yN9a+nV@L?4HEQoamETt)+mTs5zZ3R!vz~8t}$b+T)kVMxxwlc1;R{pOOkXM5< zUDoAc#?Y{=fnKKNKE>~v1ZX?j=<(rm-FgX^8P{&=F;AHl5s}rCsiUYso$iZ@-1)); z4iIwAs{l_zIE6gc({zI!6o>+=DDvwAs)D_RY}mk?R^W&xOr>bSKy4V{7jCt+;(P}C zgv{!CgYbF!T&KKQ&dl+zg(fQV>#-~vMcG8aWvR%Kt;2+IH9xI57d|PJxy1?W3FkPn z=B8$NSuo`4X`-Pr-GNFQL7ipp%}{L8a1o;@Ks;exnL*1pFAQ#)MY1-36oj+~d)1I; zChK~A7#o_`vmI2r%w(xRgwRyIdWI=9$kx3j*wb`jnzvAcdz2n;fU=tEo60pPHb~#rvO3(uER;)r z+uPy-cJki$*PVSKOdV9A1KRwDN&clyxh?H27mbfQdYj;F53w1<#UCxB?VD!$;2ib1 zKhmm}d1=fDI&AR6U*}sYO7`8L5BSW?9I}k9W)hcU4)eBU@+EX#?QX-q5(}y_dIJe+ zek#Ut@N2{8a_epnJ|lyZ+j71~Jlb>HJrmSBufiaDrj*D#B&yf$hZfJJz*O;lJ7*5n z_xzw@z#7|MFcH#@H&}7MH8bqVwI*WtbszX~?)sUi2X1porgoIfGj8>~yI;s!#T zl_BXbsfz|5YM(6)v=)p2?pfn>$J(MF{1qn9>FYp>2$Vg0DD;JpaCn0mCU|q~kZ%Fh zW8Q~v2wo-xO>D=5fo^lPS^py_QAI#WHS?+@nFVEGuWW#wT|`GNjutxFYVtnAqa92H z0fBHHE(n#i*vIj_5CCE_X!S{*%pVyef#o4!Ho(MWd#g4FNH8O!Ct-@wx_Df}%bt

    #-Q)Qd~0k!|-IzD88Bl zj8oGUFWaKYu;<}6`F#yxqKwjx7ItUVY3LT-T!#}`;sgM+GW`JjnXW{5D&$75I6O=&kw;qXsFQW7A7qeWkshE>Bhx7PY|bV>sg1_TZfi1c)J7(jvzy8CQvGyAZRbp-)2mG~L!@$`K|C zjp4zD*I~i#39%4`Gd=97)!jK+GTu(LE0Z$+a=Jv@+K-jY-AX4@2<0$^LClv`ei}2S zx!1$uY<8iv&#+eN7Qu+>#~E5xK6*<+JbuPnk~*Iqcc2~=CWgZP;g30dPwf%UQ`&rS z0cbY5uv8`05jx+umoo~~9UmGGx&<6tQsPT!jYR8E5+e`suxJMP0-Yww?3i62O^I$G z468GJz)ZIBbj5h6Q5vPew9Np3dNu@SoP#gnd%5TbMG>s`UESYKMVDtIcE%%1tR`&L z*nR$!@m*EP>@zMIS{F|+WNYJ;f{)@Gy&k#jq1wzD-|b(HotJDmo4xWsjNL<%AW*Ue z;IeI-UGB1N+qP}nwrzIVwr$%sr#3HQ7PEN&;BInpGxB_=s8(V`JW$5Q+o;&#gLtIg zACA_;&YU?SN>Vov^F{+_e=Cs>h6iyWpbYEpSZTMs|8T?5heqs1Nosa}BX-dzSY%`Y zQYYF&Ixz|=TjR#URcG23fnvAIdN+l^6yQ4R6YzMN5A|kSvSK`8v z2k+usk)1C=zU_*bk?A{9T9n04KNIw3y@LB^9)#JJY3kzrSn%-PLs->2KzID-hxp2|dJp$-AYef70)+2^c%S(-xujD#et>PpHH7D&1aiIbzfDmX6$HM( z1s0GUiAL>@C$q-4dIR%g-VacDrbzZSEON110BrggLf)ujlK0D; z8e!S4ZGJ2|FY?cT`N5Qyr#aL=gjzd8#Nda48QDIq%bc~zpqc1I#^76U-3PDo6EMrb zu2fZuGS{dznC(GKF_f&i$Zde*M9u$x2{4Gf%QZR|-`VvoFOuh=$Ks%WHGPa>6$ZUU z@PxHicFf)}UgPs%sV)|wuz2^4NO6{OYeG72Leyd%_tU+dQ|&DD<Y|0TZ5(kInAJ^R~r<*3V1yx%xmE0FxaYv1M~gsa7oqh%xCj6gWe?aKFSe= zj|c8D<=O7XezdaV>vh6@>CPr_Zhd;JSyD;|rpN^#1Ab?cztQ_O;%~ ze0o;`r7Pc{(BudKe78G7!pMc|v8i-n+n-MW=TJS^skr{C@pG9iG&Gi#+V@GOI85UE z{z8k?4$+hG8OGj0-Uaq&6=4aU)9l;bh`(KoD@eqWT_`OI%<4kxV6aG7(er?M!k!MZT+j|J-G#OW5J|LtXAktcSQkga`3qQzkSa(MNrtjjGP_l%0 zJ1uRaknsn~9W#C55H{u(_ zZ|Qj_HfuFGJ5c!sEs>7q15TnUfL-Pw_YIl6#@8 z#{!8^ASq4LvL8rLq>^PMnsk#4$$Np>EJ?a<0#x5(z@R-Qe2SM=dEB$EzR~pNCo-_v z3}EX3mxmwWXP1|5i9Mui=SB6#{+w8#ma=4gV8s~NU}`MObTX;6LZaW`*wQ~^H>@;M z6yQkd_(zYzzEP{zfDh{lZoG|p%`Fva31DO>Gnx+LVsi$264GT1(#MRhg+eYPaWnI? z3jEwfdV*1K*Y^%22xv4=+95fZ4yaBFMZv3d?tS|YN@qLg`Gnbu-&g6(MVG1TB%T9t z|2$yfQ3((CIrkoFYH~90x1xW9l;<7?&e&j5Y%Rx6UT`wNe~@ZLJJ2T&Y^S0yHzfpN zTTnK4upA#^!?<8rf>1$_j~&)fESqNxxWEDK9sWB6qmKMs5-U=;ugw6zTE$m4HRA<- zANse*COYdUNH+DVH71$rw-f=7omKUGWptwVEjm8*Hu9}Y6+z9U;^}~|6lxYuQe4Qg z)Vums;xU}Zlz$bEGbe5EF=$nD5OJSm-Mez3r=F_?tqRkIE7WmciBqRo6RxEzoS9n@ zQ7`2I!u~q2`!ez@-N!H?cZhJaB^K3-#?AYg#~BwDT8}je zsWj?zztT`nqG zdFx2#fR*^blX+92@xd^*JoYZ*6lXD?l^tU?I6bIaXuR6ad(w>seLhBft^*u+Jcs+c&@$y-n)rj7STpJfK{%DO8<*cnme=C}Ev>t5ev zIv|cp|8U{a!iUDQu8-*9;c5Sx$uwd_k z_GKN&$HjX_MT&L=_PyNqgf)gn94UcnGyjJO;2U=q2d|GK;B%VQj&iur5QEtlD>iFV zps+7N01zRoc26P8OFyA5!V}V@=I*O|8=~c{)!qxJU!)*zj;N=%w)2ywbCi;8=+P-j z(M!-;2PT38#)-<3Gw^+u)L3QtP;oScOEo(_91{g{MDAbY zdH7IxL@+@-Cp#)vs@YIvs+!_B)6JWYA}s1=0^N_sB#%$UYS_M+U0m;&#=)4Py0_1e zmQ{dZAUR}>_q@)9bvqdR9K~d_&INrmgqo0IMszT_eH#u^NAAiIw~WC(B(@OOh7Adg zy%qG|E;^rC_|bGvq$?~d5>f-vF(TY+MJA`@Pje{tS)xK)Zxgw}WGqI$CXu zwAf;7H4*ina%%D0oh#Q#G43w6cL{L~#y=l!sNWCUz>Yc&aW?`ZgPF~XwUP`8N26I| z@5#shs;o*IUudiZLxJ;|98d7+SDHZi*eK6#1rui^9urn2R+Q4tT`_c7#NUAVe2!>n z?lq$yDwT8wCCPU}-8}?qJp?*1B3i&ifWot;yDY?2#>i#w1f~-hwIRYR#sxr)Jo%ka zsFk)bH=HRpjZx8*GKSfsjQ`*t>Qo&8_eV@T!4iI!AKX&!9u2Q%%X<;oFVE3Yt@E-F zU^m|$2dYi??HSf19!NIG^Yxfg4r*H`fXfnJpR5uzvv)z{odNNvG0c_UmySwDkRsL8 zpbM8nu45sC?`X1mPH&ZG^5b5r&l7;+=sdnyMW&AXO%(@k3~|8Z_1w}69vBg#3eI=&q(+((Hj57dZbcPBE|;Ygr>AVB8<{{tD_HnHI>- zeD!d}fO}5&b&$OADQ;Xy$`KM`I#GFF)i;o1nqxZjUE8uU7ZM0a@yC?>T*kw?ynXRF z{>-mI3d4Nmy?@5HHX}5eS%PZe1M`E{N6y{I6@E;fl*m&hSpxB|1Mf8?F?!|ajZ@<7 zYf*>agK70P%c+qu5<>33%7zdNz!GD3iil(_fvP^S*5@#3;H|cXfT77_V<~_?8XEpQ z@1n7K{$A)z;A4)jHb}oI_k>q_C~xrwc7B*ur(Sj?QvPV^RT5bbOp1oGtE+@Nq-moD z-t&WnC*u&_O85I$6w|#}v3&xqbSbb9%?|_gr!*`q1vL-OejAxVsKF-0Js>d}t-q!< zAf*kS7)Bh+_c=zk)&Rxni~BLjo)vL4_Zx&JSeZvoJF`04|$hal_Gg{`A?vffF5^y>?Z^dwuT zg9Xd^YxDPVH}dRs9sOC<6idF~Uk}IqpA#s4o+DI_1WPMpKXf*IAsK~fiuDA>0kzS0X5 zBQJS!e*)EiG}I1n0lXuac&~eckqFE>2oVm7lX^nr!m(wwt)X!c)_Hg3f_w!FbE&9B zQqDNy^kUfrE<=NhjL&|L-TEU=fFYMsSkTy$7wbxgm=OykN5u7rW=WHuB&l}Z!?M;g zJe9VqV`gdeWH;r{Prl<}b(p)WNxUvBSU;D3Q4P@yztOYX)xE@{MuGEnTJ)IQ<>oX( zv7d>w9&?+kJ59!X~<=aa7_&7ICm4(y;p4w!dqP_K~*Ly@g$(3ovE? z=p=9vk`8JTS&-7A#vMWz`P-K9-&$0J0?BfO0CzZ4>8Yoyzqwb8GYv&eUbb4-B^y4) z7$UV@7i=f#%cC;Urq-F}A!?SFoGk>%n5qk!9UY1V?`&3e->kxnRKoDiyj5zCBK5e( zFkk}`DxMc-3*e98N3l^K01nayjoL$k8#;Tl@m`0Dcw7D?^Vo#XB5CP_O1g8Iqz)MQ zGBHWK_}?WMY3-$5rs?qc`Wn22nX16f^MoArwr|NxPR6;?@8x0%O$qnYnhV=MFlF z*V{nXYGfQ(J^06}+Y-xUc&%}aMHkF3-hUqtwwy+uotisFAX)%zr4DMhadA!sGNblJ zAkQv#J%EVLJS~IxSF{HOVA(K&gmGi45@ZwLD(HbosJ&SC{+lPp4pX@_6EU8KO5hgh z4L*uVvVKkpYpo7(dAMfVIXb#5I0QS=RVy@7vDA-=77a#Wh4c*w z@b1-p#l^Uwgd1d_&d7_pJk`uQl3WDm-4+4qEkW!eLyblAaGVw}uuu&fcQEaf@bC9u zjmL2^Bc3!6VN}g*W!pD|dgf}!VBe0k+H{R_I`ZV7#3n^mFRU8;(U?6F>XHR;B%+Q) zMq-{AdTPqENKi7sU-W4cDBNaGUs_1oMa>Z$?}D!9*T3-9+P`KU z?6edNrMIcx~ac#t7?OHX|e&CY`^7_k>08KxxSMo=vgOpgulaT|JI<;@SkX>6O*QMey!i!=17PT0#qyf#rWVwtngb2ukRc{n&2+1 zZT87)p6|S>r{JSvhV{=0sSl={AUuPN;Kl5-iGGa5F%C-KDFSwmg@a z@!$396IM_hWdn^lb+}EI!!E@*8d_GB-_ne#fkZ61e0eYljH@&-n7A`ygjk z!*)IkEkGEtwQe@zpjyaYPFhi3&@Z((o6DZ!k5;5LZoTU3h>t%{^Lp6CE`>OearRJO z6-GH+V{@T^XAJ;=pw0$_SQ|Nj^-0uoCQKBM;ezCMIh8R~B)t84^zkgkr?-^)zA~av zV{LdG8g|({)nVQn{%LxwTH{6f3owY^yM!il4keuzyZ17c+OD#2gkT$Yua^9G>_Gcu zfh>{)TFRs*0BZh=7OAWXM27MhKu)VOlsm0`QRg&oKWYs30s}lApy97d0E*n}&CY&W5}H=|a=S)CrkPF8%`>$_?fAvMW2KWd8*A zW^ADH&1y!o)<5~D>d>Q2FO!+6eL}?*rD!DPD}b+yegB6XjZR;8>m2yF{UWc4hcy{( zI7R~m?HiZNCnG2kiTXX(0Yg~JMB9I&Uq|*#<&lfVc+{HB8?kgChLIvY@zcK3bg+A@ z!Z<(9GPi7xPjgAhGo)(~!%?(Ce2NI^Y-OD>%;5&8|Gf0iP&h9E0L;I&ox;mVO{4DQ ze(m;XR40Tv^C>+dRMI!gN970k{W|3<=Y5O6(%fJqZ^C>X9b4WukW?K7X!-}i+V;g_ zs%>OSozS(PxZTp{RQXlz(H2@0;r?v5+B8H!rW28?V}` zg?|D1Y9-w4ah8A|kRdbqQLRIXcx_nQ!m8h2J0gBeNV@Qdho#2f^Hvsp$C_jS3&9)x zMFf$jdo?f3vV!N@v+R@9A`}Z^OUOWW9HjW-3O9ZEAFrH=%o&V)RTxJjOE^W=9Y(2k zLZpg0f763-ePP>$2#m+#T;R|Wpz>4{>kNL=225-lzTj9zq`osFpwJw=1ezGh(Tv+d zp9cuF(Vnaju%F7nYC#Ksvx;T|-?A-{Gyw4w6NLDK4&2_qa$QQ839O_u5$aQlu*i;KjmD;32hEf{VR1FWHpTd#zxoix<47u^;LDb8 zJN2PA+Ei*XF2{Mk8P9|d$c|Kl$&!2(mGt*L)jlnLpp(;GZaFtPz*1xf1S$h)V?XDO z04yYl5cI!8^B14j&+u`(iwXO8kuBpX+nw{t-gn)fxmRPkh=ey}d<=+E-ZxzdgfFmT zzWuS6DC*}6 zcIwMn);4>Tann^8i@Zl_DoZS?P#LzF(P9$hq>u_$+RpEOkrZeq9zk;a)QIN)Z6m1kw%qSy~H zKG28nFXS63=D~#$_sFV$QYrlD0VCQ4LmRXgP?(sh9odTpylyw+5u-3lW9|r8gGL8q zGB%x%OtL$aGg(&`pwyq(r+Q1(BLiSd&r^NpBrCbGgDqmS9K_}BtyOR_BhHpS!S_?$ zj*syko8Z|IrdKI3(EmPKbe;8kbo8r;W#=#vLff3XH0YIFP)^)Kzao(_ycVb5& z8q2Aj#q$kf@n|IOa=`nkXcN%;eoO^3)Y@%ZGtB)M0xD+Yy@8SwM>WFxsE8xC6UJA= ze1*De1{!LcXCMd6>5J%3`Z?w{ocQCgN^to29QJqxITMeXBx1BJle%VhM7%6v5l{Ci}i2w^h)2;5@9UgzSdY zW|a<>nS4GK%DKY-^k0R{tyt;lF+3}5j!F(TY@Lm<>r@>_zv)bQz~bTr>gd8 zQjvueqMKwP^L?OX^&p<_obl3GkzEGXMv$!q5;y|lnO9O--a~1h&Y>LK(i+|ntNcSz zc>;qH!7<-j+v-wJ3Yj3&V`SXJ|IA)gOH&m0tiL&WbZ1aTai8KmQbNu52{VMnd%;mw zpWFQUOrToeC&{4pMc)YlKRbspibgl9rWaE{adlqn(s*#0C#5}FV3PwQq6 zXywm^6raX)U{ZV>e@RL;z=-GZhPrKWeS{Pnk6}{CDK%63vDLF98iQ=im(oj;Ao= ze1klK-%#W!+Qy(#RV^qqmN5Nb8R6V}Ts~O%yJZ%@diZuJ89j{-rfbB=_v?Jh0rpx& zVvZHJuSp6_jEBM3ZcfuhPR~`qc8nQKo=K=%sT;N0#5g(y&NvpzI&RRA#4@ITOCzHG zedDuZ4NsMfitkL1nlt-68TH<7+wt@S6fEkWg1(l`S62Mpb5ip;m#B3c_5Jq@yfwkjCZ{28%{Vmy+6kyKbXf;X^axbVLPYCZW5=xuFr{DkJ!hB4cOi3Pt z1AepmD2wuQkuWU57Li!877%aT&7r)sWSrxxtTI$b2&1s?6*VuJyIyWVgs=G+<<^ub z@JLW;DhTQq$gF{m;|4R;U`$nwSU}!-DzHc##3UUoHUOx`6e}~^SX*9j?7xL4^&}XN z*o&jqz?0Ftd(E=_CZsh`4rIRK-(M1@E_loMO^<4FF9T>$~ zJJl;nz>hG>G$svb(tGL%er`?saotAL_26#|s-96S;*42U86*RZ2M51wdadS%`($dbgbST>Z5C}v7h>#6sW&fI%MsBkhC6!1xqD3vA4|HYz{*?VB$MO2> zr)gVLoobBrVQMmGZO2N*L>pKK)U%aF4HZuC9_kj56i`Cr9Vh^RKrRd(0%g$Hm^p|b zf466{wQ5)|2pj}1@e`dN5)h2=#(JFKkXsfS4%o~?01!w308m~WkU^XPfdB$T;xiON zR17GIUkAa{4-KCW84lQUxBgGxmKP#|DEXmx`p+k*-Ksqh2norc+cyL_MQZ>e0w)4Y z9;g6^zxEB)x_=%3a4RlI)ZSi0eFb}rl?#0WgkSZx4obL zFtT3^HpVmg+gL6LUaxKgAjB=?XZCgN=}tI79d7{tFH5Y-iZF=|59QUm`-Wh42lg7wuGJO@ z2f`j;=V$lb)337^fTSN8=k&*R#FtnL5YUf%5Du~qlv6;j^~b1(H4yiE@Fg|Y?-d{i z=%$Gr0O0%k^K0f_N9WlNWAO$59sgybR^O)JPA&CgCg$gv@=w1vz;~xWKY$KDBA{PT zD;u8_2n59E4Rt%gsBS61H*y7_qaQHIH`nD?(zl~tZO?V?LG9Kq$fql<^=p?|A3%&R zlMNsW;QE#?rHS8Uu5um8{Vz3;;751!Z(GSt_=)LrP$&jDDQKwh^m;x+R{c;`wF z+NTe+-j5_R;7?nFhMs3w>BWx+b6nmBx11llzz-hrpdji#aPvwq!By5b%0#Y9;f^F& zaBpwB9sKBxDrhei0LXXjjZed+*0nBNtf%nz9?%Zmv~Q}C|61RbuWedh7zIEOpP!e# z|BC<;3L@Yu^k!`V_v#5eEb!}_p5380#BO&NpC2%e|Hp@j@DSkVc#pI%0fRn3&oQqU zP;c!6YXSoBZQ!>^|I6gZlgrl#kzK8f&uz~x_rRI197^xaCp-!O(5t?$VEo5s-G|SQ zxUVkOHyt&BT`ue${7*N^JS59q#o#(5B3v%{GS4j|v_C=}cEs36mJ-5t7Kn z6<^G`19!o&>}mB>^!AumIWhbTa-9v8J+@R`{r9t<;zCT$3P$DH3(?+c=lbtS8T9LU z&hfpodO9d+K^V5j&XD^KK;A9jC_$}RPB~9z^~g=`AxLM*(V9;1C9jN-3Keo9beBh$ z3nBc2EtRSJVeBFGAf@RBw2kAQQlGHkLu0pIVUI&WCSM;0Q4Kclk)rg;XzW*JowCgx zFG2df_pY5#EJ6NQRwinu<3*U$lOkkBtM3R;%nYT-Z@TdnMC9}vN>4IY?FEoLPaGf4 z^>@{NG`gW%g`$Lvr-f1XoEA$Tjkmd?0 zh~*CqE_a`1jC=Gp;RilU`pB}E2=j3)^Os3s*K6CJRMIjy-fyqp|X_%I}4- zmD13Z;!ZyE?mwcy!bD!yW?1R&{xb8418w^th#XYm$AI^`3CXdXZS=t1mHQzfJ8$rV z04fCmm1s(C%jQr%t*(XgW6x~B)qlOajhN11zYJJ$SAWnN@evnb^ZW1<3+|Zl7q~^6 z4Xsl1IhHKh#a$oA_ zg{>q#8=z6#gR(TtsXUXLhfxtu?#f|VuzTCRC*gZii{;*@j=py%Slx0eoQDT7+x~Db zqrGfhlwM~k-V&PwMvHPRbK>ETw}Xi))8TSofH(KZuiLQIIuQROs=ZcFjEMC?Kxsc$ zaeS}au_CXBjCkK@Wv6CC9Fo(P*+DWK5v2Fwz+*I1meq7JH(bd=!ee9^#XRXuE51*k zVg~hXDRc}}isBu%hqBW!OgA`DRm zLfX++ofgb=A2oua=Ek#~X*=dgYyQzIZ_VZBktASE*jIzRx8_zVGt2t-zNlgxnCwQ& zpHAH00xy077wK6Yex?{ox2D?O!QyR(R`%n*Zf_*IufEmceaN$T8qy!zHlDx@Mff5Z zGvROk^@rf>YY0X(d^}xa$F7#k1f2(RlJq5g2k&)5;!>`BI{318#Cj^Al`L3bI-tDj zysY#$kgLsn$POdI0Q{Gi!5jXdTzHytb3SJM2|Ai~Lw0mk#BVE`ZZtt)jnR$OL6;>W zv3Q1n`5MKml}tjNC4B`a{c)~*DG*lfw6gf|BTByex2eoG*)T+9(2{0l5`rV)?6Uek zUK9f^qF7<4(L=Tr%zoTCFO`a0jc%O2nH0TY-C>Nz&AoKI!`#FSlg z)@BPpMdl#hMPQ|Hdg$B>OhEy&*#_bI1Z$jeDhM#P%FZ%mK72UIN@^!4&v+fc_iHx6 zZLaUPUPfwYQi#DcT2kW@p`vVej=E23Jy)9GK5aun<+Fp@ok5@LjT0pTSU(2k-G&Eq z@y1V_EHglz+@&RB&Dti{saAZUcT}Y91ewGFT7YC6CLujvr8=Bu$T3)4%L=!D#6~iV zCiiti8j+sEP`)4;S-vLn^Pm5dP(NHE(&9LjC6Qfm@`|=Vx1$NJ*9)R(cm9PcsEfQN zUsa0=HPKRxmVtI^z=5KFW276pOSY0n@@g1|uZ4N0UCDO@hjZ%ag{otp8Z@T}4N4?e z#Uo&%mZiS^-l-AuKY|k677T%NdTZcMSK0J69sLB-xf_^&AfTN+PR7EC%$Mmd8o|)b4X|5j9KoLknDd!eiF`y8|X$XbOU1s?8(eIL45a1v8;1) zJi8IM#uYT&rX@IyOx&hxe9>41F1R8UAaoJ*W-9_fdESyoqaBj|ls{Ak`}Q9z@LWD< z?P>MHfkF+X*?9^$Hj&Zlw-S9ngv+N`FwTB>I78tC9}j2L0 z2>m-*O5q(NKG>2bJ}_b(LE2&})A_gTNS~48UL1Q90Sd(=nI}+*dX87S2v+zvJSCB9 zbhJ+DiuicCZOzP&ELS~JA*A+Tv4(o5<=SGn*H-qbpyea)21O-0Pxt4gi$UEzD-iOjvxlSkny$LU`Y zFALXhDW})IdI--#V(lcIMb6gDTiVhe7-Z*Ie?v#(Hv0!{HV(n5NQ5XEvGzeqc0%z! zhr|23dOGZE3zmkK$6(F{!o8MvT4kPUb^+h>)Jz3-D8AKbYl-Tt6@v8iXOtF`<69Tp zwKxh*#EF$neDQg=?jrEm%`n>1i#h#9ebebDuaMmNJGtq?vX|8g@q$6uW9Toeko%?G zIV4-MV|)$yu6DR(a$4eta434yW-KC)t7;$(C$qFKo@Frmu8Bx=w336C>ZR_FahXhS z|8KV@U9-~A!&jpo!Xk|ka}7m(63)_c&E<*&rT$7g+OgC~xJ>N<)HNPeD)ZW}Q+mcm zrmHcWEn2aiQZqmH{pFlCQG9r28deI9(%_3$2&$rcUxWd5tTdhYazc>wDO8p*Hd zyE`$XWYoWcY_sAZS)cOSoLCHH-x7scqNT8!N#2E7CXN{(8uNoF>56i`k%iIf4aHNRO|@qnGBeO76C6E5%x}Wo%e$#7D6d322683t$co9i zOp$8DDNC-;x^0{xD$93_L_De?NH^><%V+f^JTHKYtN4#5op+QOs;}lR#uS#Fj_s|7 z%ah;0qHL)~eW+a9+hpxULi`sZD=b{J3Fs;*I8C~tgJS=@78URqVVsSyGl6?Xy@VT6 z^{EVGSq6#=1BerZX7!9todh2M&zGp?giWWyJ-B5V`}RwcG8sRE{nI=H3bm;KPrP3u zuHg?(C^>9~4v57#Ni(Nkgf)9NgZhSdHSFWD7(rtQpTCmK0H<)cWW3fn>Kob9?bEU% zGzI#}Mzf1ZmJ6=m{jwjbn{NLOT=b5Z3^{MoJVV#3xZp?UM#3cmDNlyRa~1NAjhV4o z5}=>%68OO>E>yM&AYzDv;tFZWAEK{Z+qsp@fK`d+l*=B0XVhP3TbUxJ1#2C6Jyj}m zTD`$S%v4FF>{ql79?gkVw`k>V^qM?u8J+jeNE=D=kPe(-j7tHnio&oS0 zXOcUsd=DmgmNU1JtC%N`)*j%9?8p9tU;MF9+W2^7i^&PS@*W-M!By-6y}GR|YLdN? z0Lh_PR+UZUng3i2TX%Roeq8Cb=M2O~MU68+;*0rfjFm4gk?^TD`5AsMC};kjK2Q_V z3+>V7Zh8ptk=9DWE1D(ZuVKFj#ez2O7HM_~0Vb`4=I?~zYJVU(2)g@crd02jx~-OS za+K3f6}pMp@f)@@iHg`$0fAJL?pRUUkR~J(#F!Wzm{%ERz)WVyc?mx}X_fSe$Vgs? zWc@p8>v1|TbV}wVKEf2;lLhk`1Dzm>9mDw22$qS?*H^w95T>74p3uGA4rY9>7GB=b_ zTSY_EOF9r5$wt!mw4$Fs(k2g|@RV4Pz-T{&fJmEv@yMnRCM+ZqS|UNMe7mtZuq>2rWuzgvi!h^ zc`ZoAk6vtVk7KgYXkRT4v`LZ;C(#Kk85 zHX&6RW(-7B`-yO#4fP9x5P{V0Z~}p`a6n~z6wgGpiXSf%GPs9f3rK=yx#9_zA9Zh7 z&luX*q&Xbd2BI&9?>s>)-?rWj8JE}R1SrM+#6|mP&B1u2S6s}DhaolDf`Dd$nB7ae zeJki$Pp4{Qz!bBw26!ebcK%)gugqf(8y+~#01uz$4$)AvE;CsRhCC}hbQmpRh;dMe z4&*XHqE7$h2?o)}i7yP%x*6=knK!WM4k#yV@HGC~>%bQ)a#>LJi;0;@O>_rYOWc{N zqmYFyTJ<{ALGh&Oqd8_|?a)yStN2@@x>T)!vu~w_%2buY#>gs0j__d}F&c!3^b^{e z3&b>cb=XlZt4%&AxOoijV5lix{<(U(b+Ms$30>%lMD@9T?_Xgf{4gZ>-x|m?98O(B z!vcY5n?0Q)UPI_M@eI84fA3>3^_}zr{7*?Xg|jG2suP_UwmO+%_YPmL<>3)epB{OY zb>=CX^&%pwl=Po2QyO;GM%zax?Ch8usrpQv-jsHM8LI|RCT$|a%3APpGx@PSjBh~X z&)~>Y@A@`?X={2^eDs9MPuWVJ0!UFrYGU_VQ|y%I2@mO#9@B&MXdV3z(t zG?l&B6Jj6a5jj^l+vxQ8CpW254EuS{(y&`5xVq0|HsLnidZ>SvOpUIwOQ!4pF{zR12C&oo@EgcglLgGXzgW4hdL z1`Q_kzk{fWPkAWUnUfF4Pa^X85B* zPPFv*8!=T-QW#G4;OjhMe3eelb3q0>2xpba*I&9d2F7{mVP1#n3^OKdwpt#_iM!^t zg(B0MO*(=Vy8`zOH9^acX@AQuCauO?AkY45$E%2BCzG7+(IWI(SDKX=v^fQX$0zd; zzA}4pP#zMAYen(0k^(^?MCosIurDYktFRyPC()^X88;lnGGV6}!I^gZA>9XB5^6l5 zN2!DfU3(Cpsp9VFwPL2pfxm+b}PXIe!_iED-c!TYa zgHdbTh3{H73^A6HOaJz4yW9~KI4HpV4obu&$L8@#z?V4Fe7S1gjob8KMLeX$3RpA_?ae0F= z+13_if-M2i&ngV%m#YH$gC@|5dX-*{PfnT#&$!1EipUPlGjwbW_}a2GU@IqsG@rY) zB?g$1NSncGraelNFAx1}jrlD~>-hf~54NG<(!(!cY=;k_uzPIEx8@3fU7SR9(C9Rz zV!rzW;2EoP$gQVOQu-_POhnu?7AeE!?IYCi|h3DIAQH)b}1FW3LfHqqU zFB|A1d2M7MuNDesV4do%@NRR#CN0i(8t>Kz=d2g^dXkW~mf9gP{@~boxgdF&gWXnn ztOIcG`MJ{V=ud^R&71rVTenAPbJGh=kR$jAXj}GLEmOL{7;>^SclxL#)Z#4%hBau@ zY;P@ui$QB|WTff^!k4ll{vBL!mlSFmpm}>Rk1&Huylu(&CYijL4X=lbFGlvmV|9KI zz*D}B1!+Nz^V{S+y`J4La@tjkegUfGt$GO$CF&Q7Na(vii`6pe3&+cf-Y4*_7uSr= z=k5m;S@1mQ(kE%EiH~OF!&R3ET{L`ZhoPCZ+v$);5x%(WgM2dfF}#d#tCqV_65Ckw z@v0CBdceN!`LZLIqsdZrv=u&XB5A+1JfnXJFJyYW;KX$7`=W!Bw!Qxy;Tx%@ZdKw5 zJCr7TA&>}3k3{7bj~!J*X?MujNSjbA1| zj*4@xf}&x32Z;?udr%PkD%^yE@AQsrIUsk1;1P`}4f>#*s<`B$wl)5b%)B zjjLAbEmL|Tc59I(_A4yboXE$VQ6m`%kThma%{jF7HU)%(W$2o(d+Skf!Jmjihn)Mz zxY#l`i)k%QPNno1{f-~TL}X@REpq_mv$=zrdZLDzHz77W+ikhYF$Y7@5PN9Xx9(J5 z{yRiQ-o5Poj~m&kwDpdKX?qI{H)|X5{dvRrgjn*#^a(0=V4a)`Y)e8R`%87PtOL5r zF3Y~g;OyG{9{alcwOj2h1cIHS{dGC~STJGqOKm3deh`-|03rIGbmcmqZ;@N#)us#b z`&f=Avz`><@~)3AXRfwJ(HaPCIj>8DhlZOd$&(Kfi^Y$vp$pKF@e=W%7|9YD8MMId zlbqzByI_n%J^NUNu?EDaK{8F4X|?XL7G`xi6WY0Nwd-anK&)3dDSNTY5HcS>=c&C4 zijf1>4*eTSLXy}ESxhmPX^mzsV1&>gE?{Ik z&qy+^s;c2!O;d1?ZgVnVvLY963$gk}Ze7;SKvCqM?hY0?H@dj+#oJx8m0Scgi}{3u zf!xK@)Y&tQZC&fl;YLwN^s?>_rtxp6x6*b$4FTuv6C_lR2*uvz;4}vNA&s1m;qH1KHfl-h%mknE%`K6z%!Iy*?({Pzsw^YZH04~SAbD3`9Qr>ji#u7Cj z0%1>`jtp+r1ABB-nGoC)eiR^3cV6S{Lx4*(BXId6I<5*+0hI{gDvj#XLY!Ft{RVdd z{+;s#c)XwPFmOZ5dkL-a8e72%rP*~N_&80jz8IE8gPr*J5@Uulk)@$^g~$3?#4WRpLQ4A-Ob{e z1ehjGs{upZffgnkNNydt2X7>)j&%M=0F;U;JSzjURm1ElFXOPuP22n3(I7rblJaiB zPzy`njA}eCMcq~j28j9H&u-{}9UG2y)CbDsVykRWoK7Ku$^M}@hpSDHVZ{z$wn3ss zy*;HJUK#0c2T`L=XCppe}i_!OHwSxMe{$(;P4!PaDH!GhF}6M?JdAjuDSuO)!$69qeidpOaVX3N;* zP1)VzCBZ-s)f2HGxY#NeXePto8Uh*rFg|3Zu|V}YD2j4I;+Dp@dD8?y?-#bVez%8m zXT~vTT8H*=yt&QF)wg2&err$6A=Gm>a=_=bT-dHKk$TsJs%m`aF`lBMmU_QJ>v(H< zM+-#qq%z_ei;p%TmavEMBoZ9Tk5V4lVhIc1yDnzP>WnVW<=jJd?rTgmTCMhuQQk&> zadi;-vTCVX7J9}R`sC*9>a8M=7Rs^#@{9y3e3eJJ=GMCMv@iQ6ahHI2*3R;~k;rV? zOC_~caK^E6W=q%;DsOxkl~6~ah5Z-7Q){ohj{+?s@6!?%R{qB(=CPPP)pBOrAb(Q} zs$s6RKO(mvkVh9TnP;zscIHokvOcv%YVccbvTc7illv;3gl6KIWz&dWF?|Z;+BVQ- zc!wkrf5zMr4Mxl<2b6!&Lu3W@0M$ro45QRH?|$4Ek?cB|#_Ed5#4?r2faBq5ljd)E zJVh8N)-sGC64A4~vzT2Z#-gSB;h$tJulzlu1h@<3I5$%eW0`}bMR;l=t3(X#qFTGI zLAR5ZB0z2#%FVE&BQvlhfPD zc%{%z>V#y~gvi42CEKCU{PdUfkKd&r^kWuSa|te+v%wB1}kYK zQaDeOPtMHWu_dm0DjH9mk9)9R!p~yk^va3zvy#B~owPqQqyX9v;LM z!Ka_+j;XvOxKXVZwTlZFug~OQ7ewJ;{gLoW_O)S-c4|-EJE7UR4ZV4ay9Ncu<_qW) z9KarmMkgOO--*0_p*00F+0CY#Og2m5A<4c3V@STKtl?{Q-9L%Z_k=_>24)yn!+qiM z-*|S2N|y7F9xyx_Gb*n?MiNTw6OR9ixA*2PM~7>>l5Kd%rtoF%tJ|%2&c`3C_*gBv zQ6!OjFE<^gNX4!&es7t|OSdxP-k3#+I{fA;RwJpebbH$8UhU8hf=E8wVbuBi#G<3p zv+Zz(=>Z*Zz^}z6XE3FGo4pIN&_lhmu>=;dS}h3p>5oV~Tcyr6k%};!{1XZD;%R=i zV3!L*AaPs|tnd%i*ks~$l8GaTvIE}I=A#)*%3YM$dU!4f(0|6 zXqK=_&oak|ud+{FD~+Vt4Pd=0J7L(f9FgBv6u>+`Rt3Le%X@uzV)(t(-?vBplItg9Y^Jg=7+zd0)>< zZ}1r+2oH7so3(_C2Vbmxo>L^~Vzsgw)#9B2;h&fd`2Df|Qp#yxd4R{;)hb6AI^y5t z5^Th$T&~xxt;MhbDKj-O{T*pu8n2y)DpuREu)?0x6c#yPamBg!P`O{$ScWHgZlS+;$K@L%WJ zL!gAY&34h=JEO=*QC}LpCYR(ZS}T=G*o6B3#;|K=Nq%*dI8cDJSPeyBQD+{$6A

    Z_eF*iBN_ZbQUbl_9G*%`jcU4qH2|n5y_LXI({VD zR;sX>&|chheswJb{OeX1Vn7MKSe4yP(>Q9`cm`&3QS$C(vE|M6bn#60mr1b?-1l+U zR~`7Vq+QO7X;6?*2Y4kP4h(!CNGamy)_AI35+|}rYZCHOh%0O%@kR5ty(grn& zBb0FnzgGN1%hT{zSA2^j9%?Vg2yLd64Qbxfpk-RP!-6Kga750q;K9bu&!Ago$5)1yX&y?QyBtJZP>thdS79bRE{w^o8D^y zlSs;g^cqd>`W2fxxaNnszWr#V`2IQSMziP59>OM5(;@BbOa(! z_W6>weZ-Sm`2 z{j*EUz-qlS4`(A#>)V=)wNeQ_lqIztht*{!OUE%=(=MS%QdR<{{2&Lzem@N`6;pYm00*K_2G6YKA> zEP3dD0Ww4|`)O`9*I7SSMhfD>_H+14lj;Eg9O+Kc8U1XbEoAR7=U#7k#ndi*gu|QR z1CJzb>Nfv7yqjoN!-@?Qv98Yn8C}|God%~j=6LbTxPpqT1YK&w8g(#Z|3Uo@#D?yL zLUVPY2*u=W{`ng&>EiGUyZ>?xH=B77C5M|#`{dnVmUwoF)^^sirS=$KkJl^Ate~^0 ziqVpi9bvdtGLzVv!a3zHO_WZU>6sN++8Jtr&A)ZLM%6aaf<#RW=CBNFaC{B2%?kWJ z-ri+lA|;g7baqH56z#2VSf}V2Sxd$X7XAs&e4J>pE%>n+oL8*5z{0lBv4=zlVyb*P!kSAtobESD1zETsKX6GlgYy0gk?B8x(?+oW3RpaF8 zYjTpKLxT}YP6s%z%_g#c(ef4h`&$IWd30uN)4ryyEHFqR)CLEu$-B7igJUXp$EK>d zWiI;~Qen>=myJu|hvEj)=wf3!w(~X?MlYNrNy9-0dmO!XQbY|-xd@vu=G3@DlR0Ks zd5#pyGNV~{IJaIUo@5$GBZ~F_Scb%xTP8el*{#|`s8sj@4cy#0g>+pa>(kQ3%WY*M z8isXFVevj)%mCQVb*N zg?|FT>gw4XfyKr1aAY9wU)==b9|PR~5*Zhh1qT9DAH?7NOE8H225>M+3(w@wO~sE2 z2Fg{q5IJzQg@ccpDjPTTb&AAqHwmDBczkU7g98iS0LsNL9a8|{VMHcXe|;EPI?4*5 zl1}ljU*|`U;!IDAlVklJFrc=!wtBQRwwfONj{umdKh^LAVm^>72v@uR3_u?g7&-c8 z;IHy%r05^{reOA;hN{8o9PJpKet)qbm|5M(98fFfVe1NWs@BM)mPhfo`lTWT~y@ftRf&9Lp7#SIZR@YH^H;82*eb@#-U}Tcrdd?0G2H@xd)4uRg z*4X+ncOx{T@R)`PqW#y|7{ElrNr1yKpkK$c{e5}- z{Lc9%r=Y=F9Dc)oKD`4bFA^y=9i{y!e>TY|p`3u-8}01@)Ym%r0d!?)0ocgs`ak=c z$T5U|HbBqv5QOoIULb~}*u;|f86&wdx$al`)@f4mL7 z{8m5h68!oB{igg&W!?X7#}_xn%-FGg+x`BI*;xN+aQKb7E7ve96Z@VT!Yu>%=u?)t z%gaas&l1SC`CX+tH2z`-CzSt_)wc=ZkR03|Fq4cgTbk-O{4iGgV>ND#FJF&1jqq@( z3Rqts!2f&bl})X5IhHkauaMBEvo|*IeoI1*j` z3BdXFhxf$s3(Xr8fb$y$PYcx9G30ydTRrTNuLJM$4uI?H{#T7oCI<%_*Dh(-($D(I z@9wth540{wPnyoU8RV)wnpn1sHu4yixRpzHyRFSwjF&gDWkFpNHvFc zI5F(AK8>B^eBK{Ag)Og}mSsK|n;13QuIEmsXqAi&TcJ;8iFrPSdNRdTu~5m$Lej6l zmpeOBL%Wy-pg%#>HnBZSaG{F0Hz`(i$yz#k=cfzt?>5JEDs@Nmw~}QVJC$PR?`SiN zCz-~x2nqyT4eaKLs!W#WR!qRZiG#$(kdhPD$~- z3-+|oAJ-E7P0;s56sb_Hc_w*Z+#KAMwav+4q_$;?p*Ae**yaY7~qCKs)$9F|lj3|VfqfM5h%12DQrhBeqlARW zz^w`%`8jv~-fw%_wj9u7)0~|kQyaer>UerAd}MY73b~O#bb@4hESet==N2oR=D1fu)~<#`m2(Rc zK344xmeEp_hT>aAr+|jseKzyP;mR=ArF-jyPQ9Na;ej^Mb_(Uo_=Mc`)p>oaX)p50 z!LHFDSuemNRN`@15p(>8@}hLyT1asu6v%`SOGr@jbOGc5XjY-2O8@2W!qMHppGujN&JloWxWSE*M|Q_M=*FCxM$F0O*YsOD5OIa4pp*Ro1i$emOs3)B?$9ZwA=|&Z8cJhGrw0jso0#lkpgKad%fJTB zbqb02q3eehvTc6x_@~2XW?sI@)hp1GICZ`Jfn*Ry+Uzwy;K^|};mv^0^kJ{uFvGHO zs1jGg>c=dN(pdXZYVnxMQDt@(_}uzEdtEmQ+ei^(PwGds=~x6A=(H$+9zsk zdr8u^HAmww>`~X79-#-RzvhtT@Y@y+r9dISS+`lOn&#C{8gJ$hW&(@<3V)E4l*9Oq zh0iOvJy-~)U&DLQ9{q}>p25oJlrSTs)kQ;QrKNRPY^^gpnziv@XZBowz)zlq} zb*m8yqu~rg9vj0ZYG^Lfyno*%XF3rmd#$;IAs}!smTq>D)yHo7wBXl$Zho3G{zc`7 z_!nI{wDEuG!v}v)PM|m{$!9#1pAXJlwZ3?G%G1q5l+>mA?IMSsny(E)%3Og9m{Rf7QRO)t?C+^c=ceU~i9vl$+jWdP z+Ad(C$p?I=vru||*swGy9(vx06d=IR%Fh=q1bZ=D=FVPZK{GHqvBMZ+wGMf3wX82q zbTTtd>h|MTYb3~(oO}P6LRC8HH^%mh=hSF>rbic~z|fJ|Z+FHgT)pOW4e$$7-~ZG-IV^ zD{(R@p2cZYqY6;Jj+t(lJt9qvwfmhAE#4wRfL~?B%h`ezBc5Xc5QHmdBEOHR@s$mzc0k;e}fEtQTJ(QcGw|hyX|mih^V1 zO?EkASjvH}p%FXFYiA8YsPTblWi(exx5%I$6Q?P}cwHim$m@@RinOCRS1i&rcA4Sr zikLVFmc7YQQdp_e$yZtx#l{NbP|-l z>;BCjiUcx^L7B!>Ag*p`AxJUA#Ajx{|Ih?Is_7cc;Z2gd(0UfBE7?KOUe0h8 zIgR>2bEVK8#@I~|$go3>d^z0+h=@X&5*;{G`$AW;V5MVJ?D(UH(Kz+T9I-d~vE)8e zJKx9xON*KZIe1FGB7oywzX(@|yyhxCy)~1!p0KsIcH+XjpgZgZa@h&Bl<-c$G_gv# zO=R0O&!_5bkp#*er>ZIi8{vURWmJTN7bT2jE`J}(3QfqX+dnr%QB=S~a4CXo$QKxu zz>?^&iJo9vHVUpe={}FBVo(lHig%9CdX!Jiy?a0g-Fk$*=P^~_1^F>uL4 zp4e2g4tv`W8ThmWL(vS9)2j^sf%Z|;mttQ_L_!nHdA2Am(YmS=3; za}Otrf`HWVy&AW2I1b6aUOL_T8)-YorRx)NrTYC(%vT56_{^oXh&jX$phr}*-gpy> z(e{h4Sqi`X_Rcz^=)F)X2RIAkQ{b#w78|rAZfo<~q4AYYp1QjbO&* z2vJndLy4RFFfDbK6qpL*-k=3)Vj0Ab%!HueGv?gRMzX}YqDgGT{gU(h2`W(x06H91yWy<#%V_v&0uM`sw3fysug%Gkx#zfaLXyk~l<~}*pf_&+aJyvBW z{54O8U#;=_QBl__e7Ia^aLa@IVzbL}Mw6VF?IGQHdi$eN;NF%A7;_qfO6IQN%bcTu zh%OkW?(~eCZ9N%O><&0C-F|oFl=Lnqop0bZ2POa%uiezLpN3d=az4V55-;y|iA}3? zHGatDTmZX2utdM5iCqkryPC=B%Chlly>>3ARWhzruX+QSKRZd=dx-|}shBn>a)w&3 z+lkeNK>@~v_bpYB4^p7bU97501J^B!3)t6ktPMM(giS{<_F8=_xmY#!9Ya=0B<^gQ zth2{64lA|NsZAo&Gk4qJKTu}On>2Xf=+YN#0vL>!_+hh{dVd6hy6qxgcq6%hSM8Fa z(XJ)^jl_x_QltQ~G&}_*X50*dobWlY$7#Zx^35Z_f;XreXMw=5(&j;jrRH?kJt&pl zH9p?BzE8mhy0IPfFEN8drJzShm-D&{jcp zL#;q@O2x=1@2N1Q@Rj?5T-@B&)!=0cNp9^4?I9+Q+?!^qwSZ26uLMMn^H!C&teFXU z@`BZ6;lW50=U+Y~tolSA8MfOOk2P*eTAa1euka?tlayQ&A>1XO65*^975@$+V)Vj5 z<@;aA`e(^b3j5rsc1FvXsz}?15eS-wtwpqXp;aoY%U1Xe97kXrbb!7m5a1iV+bWby z8+mg&okh*a|`r-M~_kE3y>s0spY|C zP{xNf?Lo{W=beuNd8P{WrR0#p{0w*J_SlnoTMJAZi%E${s_ZZR?3ReAo9@-mT$`yX3;9*h!7pAByG0CA?^t+)yjRBs1q^ zDp3~lv$Qsk6q@vmV4+5iQqTLMcSY`ga?cb`8e@RjrtpD%Yf?Pin2s}xg5F6CV}rBI>h6N+=F`o z{$BG5u^hCT+eK)w*-qz$m=*k^La7F{`XZT|aDGRYhl8K?7IVx`fe5qjrSZ0D4QSG@ zQ6}fpVPS<9?womqP4VvW71Ggyu-mMzW%Jgm;iJ>3)CO@$-fk;GZSkyy{wP6%i(#E%T|OAuNW%$vLo#8$I9qrX4lMp5bj zYROs3V6*OKWc-`NLWL&Sw|!8!>}jh2d%O7R{9??fDZ>z|$l5E6f2^~&_C?;qk@t#1 zYHShNWxA}HJLFy*|GHgyo(^+ zRzFF^eTI%Bja8)4XEFM>4yHGL4&Q$ctHqeF}|+wr&r{TwJH<%tT!$ zauQ4NvFW8LE=~2KlnUMDULmj}law)cav89X-!l8%seuey?{)?M_BTV-)rCCB1ooMs z%&yVms50|196@A4zM@IhVUF4F#v&J4Q{8qdovUm|Cl1gB zuh>@u=nJ=)K`2?^43EBF7bz4?VjEC_LFDL;P9{Du=+TVuoG_(C7R-?q$7rCY^w)NJ zY4S5t$h-3;NVY?lhy?dkqO;AbZwT`y%Ztw-3S`Muwa8E9UAns}N_jsgc2~(d z=`Ih7y}pBC;m4z`qu3@DC~i(YHYD|?rgHLp!_x5Ax}hm>KK)}_9En>95gI7^v2Cqm zBIB2F07uyR+|PNa^`ddl&Q%0n4}YkTCN*mYMnqDEM2q`;sIq_uLcp?N-Hpf4bZV>Z z&Ct_rJ*8?@XGcmsGaIZXMdwaO=L`VYbY^L|MmOY`DD_q-80j8l_=?G+#6~2tk)UG3 za@kAzdG4ejvco0bPHh{eusfebtC4$T`c&z%UT!d9$KZ>0`boTN9~qjn2A4`- z(yn!yg#<^-0EYc$tg@~|d5Fic{s=9q`4T?+OVe-uy3 zOqg&G^u;uf$pmcrSkNPRpUPt^CBAdaR+ir4sx^L|M(Z=@@vs7p0PUh_%fcbRL!I@Z zsjA>3YLS7NhV}d9;BOY>*|&zF+(3?1C|w8h^U>1O#lInq3Hm z8eamnFK6Z3)1J9v+UG<}3Fw#T+%BgQt5QSQoDEM)$uPAZc&z_m0Mi~Ea@^Ax(i^T$CCnM zOAe#eE7ovl5;c3VKPc%cz}Yg(xutf?A~ST|g88Y!eYaTRkKCW&7p7ryWSDS_VcM<* z+c_ID-%(K(Hd;=4qgp(u76!!a>0}5qqRqx#459}#&GhlN55Jm7YnpO%AM!cia-4F& z-x14<3*!8#-;>&j4-hxrfP=O*bH!Njty)9TnpR)x@qHx-n>&31jsz(W-rG5e_!DW# z&FAFet8Rw4@>?0gP0l1t6zGLcYI2#rWcrQIR;k>qc8jV4meST8OPa`jU@OrTvU_fo z6-YDZz|}yYEtAS@?hPf4hOJ)A*btPq+tfm%*i`{Pxl25CNJ68!HyCs6$p_&lR@osr2 z-?m?LMn4Gk2n(TLYLV6N5;KtuN2~Tw&~hHe*QTRUKw_WZMTx2CU3%+o8D<~Xt1inm zVU>arGDBl6!jXW3y-zY}lx|gCO&c-i_0y0Q4d|17T0#J6v3sNvUnUDIT7i?XmPrxI z{*(v_ioHka1)CO9QSb`rYGBQ|Q)7!R9O74(KX~#Iyae+=ijp5h{$5yr15NRYjrd3sT5k-w;#nnCdz;ewnhr^8e<`v|6}C&+ z5PpE6x>#MKa5EiFw}iRh7PnE}`e-T@$K#9Z5q6R3NuAs&b++dYT$FKpEH>DP$hsoNYH$^xZ(3vDQkn8=E+iI+ku6wd-P!DHPhC?z;iVBB$+NN2B zavXjI90qpctR}7d2NCAkHTg%#P&E-i~m8(;Ynq6n}ag1XVK2G5q#=k|K5SoXR0D#y_ z!`H%Q7!_ncY1mc`50*7B2O={Ib~P9M2(`M)A|r_ev#?X`p63}&6!hmTs0Y>(i}Xcv zSE}QxTiMRZ+vNGdi$V9;a}l9l|2=ooR_`1(3+sod{~X zUHU#-_S+hjW1U|4Uc4uKv5=!QrU4iw$!g~^f~=5B#~Ib|q4E}DUpKWFqWTRBv1QJ{ zer0*Y&YUU9hC^6PmVt_V%6>~s) zSLT<%1fkB5T54ENs05N;Pj1o{BHqK(ij)Ubv3ZTDX^wLLO1XkBu#~lND~j5_qxv~_ zQaR9&DAQp5VDBmDDmUS$n}Q0~-}DisT9b02(|W;vy-j!0znv+vr=`RD`R+nXc9taY zDDKpuDPZ4vxi)I=o`pKn(RTi`ZQM=%!+rr`qF_Xj*v@*qWBQjhteg8~snt#7J;NFN`+90bevJOo4 zWP6`C$*=@TyRo*L#Z^60@0PAYkKw2R-UJGJUsvKsnBRkhnike7jDihTmLgW9!q})= zlDz0x#4&e=x<2tD3gE2-K13!mSGXzX;_R(Tw0u1+A7sM>XNMl?&>*(crY6VjUtWqE zN1kW8@HWw zE7d~2RcQh@jxeZ-GdtP$IA;Lww}(Vt+}GgIX4LybvM1;EOPGA(F^NazQ`;jd3tlJ3 zaR*uVQf)U|$0*`BdaN-dRDutdX;j8)L*8!t!>YO*9bkmhkCZfbh&5~;nRsv#3eYDL zRG~NtqD-m9WabiTV_EJyS%*+&76L*v8z6lXJX3vq5%NHF3(6MaSU|j9=5bCm8g=&? z2G$%{+q+Ly9HN)0P5yaGjHTpACW39-%KyTOY{Jq!Pm;y}uXB3y4`^p)~=z@eBk?MAGl9~lkH z4xnvEVQH)tk3beuzl@07XMNjNk`Jdpy6HDx4FOAlQVqVxukDmcjV6k$ zm7uL3pEL1F`Q!rD<(7Zq6P$=Lb%NrWy%tUq0`MBGE&I|8yesJl5aUk@byCF>jZg_s)z_xI6?jz(pxYDh8(1(y0rSx4?F%VGAml(Q`hwTT5s=SCTDXL)bzMdF>TD1{a!tRhRa0j2SF z6)cgG?bN@Y4gKQ#!6gl+VMIKxn|mL`D1JZOP8V!Q+O_x0 zuK%hW(;J!=$)r(Awpin*y$P$~ryKPs#RMtw`SLR31BR{T9Q<}**(e&J2Do4=Gm@It zoe^ffQ04iYr~XbO`(i<}52G4ac*z!^=FtCiUgE;@lunK)X2sxvZ74t%;l$u(W=Cc8 zwx|)aDhNw`cXK85N@3HJ4{_o*UfK?_$=NALEq_4$;#2(4Q#>JX339y%hK3TZp-}sGdy_>` z<5t!%R2f%z-u~F?LKct)g3D0f==>XT#Ao-_U2`Uh{UC44 z*bug{`1L z)b+ADH?$}4Hl|o+ESRu7dH4UdIpwdHuwWa~tjyiE49N0*C*W$Wn-q=uDHf<(g6@^u zO2zV5Ys#ztbGs^E#BO!s~uWW8$e&!y*L=2`E< z{FMI@3pU1byZw{q{-@rQ`FK-OX~q+q7n|lp3xh#I{kOFeWo& z4=bohOu}QG@~u1Ou}G8h&{8fy70JP#6V1K=zYsD;P6w578c^B)bjN}fm#)40!87Vk zY5Pym);|mj-_Fnyiktg?Ff9gr1}2vOb*C}nvv4r~M`(+corB^3iq!sppe( z2GIC6>$-YzoTQ6My_~c}e-CKMALM#x- zCh#FZPW^v3Ba~+W_X>($cx?#ZeAlmdFEyla;bt)~aA#)+NS`ek0O;H~E(~rDMo0({ z3?3Qe9Ml2e%M$Gl;0o-0I~{-mULPc+;3pjhA=ccE9ucS?Q`_JLo*fEn57NyaA8@S+ zFcfnGK*tT@E3WAU51hAOPYoCz5&pxiv#-#PByhkFJm~rw!S+VKoeug2#6Gw~5TLVi z1IQeY84m#3?d=%CRfM4aUZ0MB8pS%y<8+*=?*nIJ=>i zKgb|9!5UfxAJi2nV17bwJpb=6?3a@mB{7J-|9TOiD?Ax`_S5Z^I@9p|94?m!@ie$T z;2@$L1i;7hmzPP%aVjv-&BbTi=j}e!#V(t|>iquq_FW$V2}v+qf1Vx$$Q~Lhut5hD zBB;1NTEOpgA$aJw3h3FbI!rqe5dL$S`W4N0)jyM3>D+f3y*t3~^fN$!2{lOnKk}VM zz!2Z-DsKKa>!eTUht2hO^1%=Oi|1s7aYnpsN>@&#OVDZV$@L&JU|8D zi%&;}!0)IM*umeU^P8+P0L+LbAHvP?`;}x+zLFjYR^p(~B@cUFSQO`(@4V z+Aj(n=ssXAX;zlt%49I7YDi0#3Pq#)olW$J7l=(-@9yq%j!=t-0a;_*ZiT8~Ua>Y0f+UE>~t-k^0h*q+`;q_`Xwr zh?u`b_#a;)+b&Z2%^{^kLAtP)BZp@y}5{x-1%r_QM;@w?uk+=8t;$6dv1p3OLbJ!#f zBB~#RnR)cGzD3hW(xGNQg&)D&Xt^TmpBlB*cSW?f3J}&1J=K2b+=0to6%Ux1R!E;o zS+HQIhNnee$!f~lvL=DX%bjxbRu9prT11C{dfQeG%9#Z%OzCY@arVi{U604!7*srQ zOtX0;G@3W=JFo1ly(Be`$jACq62hd%=uN=m5Zia&4BzunIhfKN#!;b@op`r8&KYVA zLR$_1R!H7jufM6ht3?XRJe=2HhLPftkF_;E-0bXl_Ya$7m^cFZXToQPZ(8IlePQAu zIVcQVt!mTgCm07-^*)ST1)-4_gElH|gN`f1!0FCthh-WgBO>Wt3vyLbTX_z=bk?py0Q2&6BA-%==&jHwgxZxVDIdIS1{3iyp25F(%U`;}o)FeflHSyKF06%ViC zTuXs~_QfCpyKr0oKH=0lIoe^OJZHqg;f=yjW{qs=aNrCn&sC$zcXh&)haSBvkJ65= zmUuasf@qS)G037!QGzISx;wgX+Si%R4@`!;xlfDwW{8Lm_=3h1q(0h`_;7=E3&?rBts8wnl#@vRRWodgqhX9d$hFF zK-8!4GEdCD08T(9DY$!u1vAxXj-MCz#twPptkFLmobmpS=_)$?yf#)hh-G4s-Y>C0 zeuI;mh8OmLUfLnak|g)mWmDcMMTi#NG!1Lk{tb?Z7E!Q-!@IAApSg3~hik3WL8EDZ zPVC!bY%T67kzx$pig8o*D>`g9PNoTnfRVDX_}qBWLgPu zyQnGdRe!h@L78*)^CQnp*KIYAPum1{-Q3* z^piAlFRNv$IVTy)K%x)fGw1-!9WvY+0%Wx-2f84$<;RG^y#Gjp8dlD&ck(;TGGJ5o z$i3q(!V?x%|3N)%GP5AQfy=-7oK&oW!@{7sYSMXCFk47LwY9YR6I8K$Xbb-elBCN} zn7;unI@##+VtxO*D#U7K*osOQr@^?mtqJ)M9$mb9d-T%d#+6J#SFZ|tXpm@YMQ9oD z$;t=gM0DD^xVB)3)l(pJ9RKGhmjWFQi~HYL`+N(4vZ%4Xbp;vxPd zOKKDxDy2okyrEd>gKMGZu7$avY+Qg*kuV)8a{TkTxg zq=TG?vPtEH7{yby?q=wJLTXpul2H>iWDwhPq)Dh265q76>v;<1MtlWqU$ z#d4H4Lu=B(;Mn*)<)62d1R<`a#KQ=g=qU0Giorp$t!Tw94vwJ7sZ5)AJWM7}&TbYx z-m;KG!Jq1Uq~o~tRWj_m_RJe6r7$gZhJ5$-wb?bjEJwdicSDQ6!dW1fmeF+0sh~a@ z=e849gG}e%ZJ;aS=&}Z}NEhI`Zlg1j=^&rSMt4^r0p_|c(5I0lk2jrn{>LpNIIp80 z^0s$`KJw7K0~s`detMtIbfSl;-RHLGQF2QLqY4!(K1WhZ*!%c_WU!Vo<1PE~Z>{R{ z0WcjAq5ojF*{MUqK)R;U6qbJz=+?kM#&8e{qemttPqtyoYjUvOUoFRTYSloBCnAHJ zj*8QXFUXGEjcJj78B@lQvVH8=@=Hp4T7xJ_E(jf+V-aOOCG5oWX3v;wP|DJZ(gC^C ziI~hWG3bN$?646H-?x27g9UKJ32zu(=6`hLEqSQ0#+Tf_FYzBX+w9^l$t*F$k3Aee)sJvY0fiSLE8Mc54vQjnW)+3_ zk!wO$;*INQ?MK&{rTw#xqBDvJX`YuFw4B57gipY8lNe;>7mQJ6IJ{{DNN(;Bpv&3h zF?0E$c4wO8MLf}}!*(e<*E)+fWi0L+$zR7ojjkS#keuk3V zmN=6)aQJv>F{eHzWAW`oo&%3FN_ta4PYW3{UN1vRHu}^ouZlF;qEdYyC76c4WkuC% zydbN^%c&}D=R}-lI&Dc!jb9U|V`(>+CwN4pcFQ~k_2JElyRVlwz5A<7?unf0RMm0Sk2}kD&noeYVqetPzPQyA4T)9x#ml`T&o|<= zyR1P8crBuU9n>f0Y9sUiIFJuap`?!_!-xN~tFR)F1@5yT9 z$)b-ptG2k;K^e-e4}qb`7+RLJA7zBwY@}p$7F)@%XfWv3WGAvA1$%H|TRu1K=B$<- z6t7_q?hRVqMp#9KiTZ!LVR&RgNUmjlByx8yq%PiDImg}3RNO<_I2`6}7w|B%bAs~S zmA-$jdtjH*TrXareyI@qoR>gAZB&C~>CE3-#OBE{QWhq$q$x&~6Rw>sr6YWJ5M`{e z*#8xsMizo^T_|l;V?F<+l?fPvQE=Oq@o5CBk)9L62oQYC zqD9P^Sgf8w;riUNb@PkNK(G={JHgBd-D{P%?pCek@h}RSgtB92H4c%i5ckkAo!t&J zZTEc#t%e~!It}kBL0MkhAvp6?`GjQKEl$%yl?{{e)dO%0oXX4O#gXP6P9D&!CFe;>3L>QP7nyi7E$^v`bmRjE7u}i>F&3S<)>p_?{a9<7O4V+S z;3pBZO=agFi%^dWpX?9r93%T#OP<3G8MKLoM~_x~mZnOp%6nnqa*#O*OKv(oo#J{$ z+*sdXciu#Lhf(t@!2b1UXeKF>QKuhfI}rshs^=ab65*{nisr**k)fo&E}x)zk)2Yk+q@*(1F1^prW|_O>*`kxj7L&v-;O^^8pN)!L`{P9 zs^o;O`~^;R*3JycwIb2~DjQ8}`~bVoUrGhLaaSitY@k zpu)kcT~ZY7MdG*TetLTVgEGYs=({K7x$T$EaicTW8`#IR;YjXaAo0}=w{%p;3^v-r zdhJ1=nW>%7pZ+Wfqp3+ev)UmKt*7m=C6Ah2Z9zHEZ%}XJe7*bJ9;xC>ATdr78;?kO z#}lMvP#r6Sh=f+^Xzp}gH{UcxL4&1Q)v^uM5p=cP1TS5$8f!fTtIj^UO&?koTH+I9 zcP9u%%CNOJAM!Ydrob5vAJTj7d=EdsmYlSo-O+(HcX>!~=yn5)R zV+Co$U53DGIZh_~t#<<$$|OsA#*=%6TfBs#?YtJ|Yf!}-Ds0jwd$_Ha0%}Z>Nn+D_ zmmXI_jA-x}5|U9&Sc=$nIn3$ z*6c^FUHB1ujjY+9tqKE=j4ke#Ubc&s`Ua|V7Z|%@0zVkfJaLlppYn3i7Fb=e0>r{CLXWf`}TN6v~+oQN}uATUY@ahv~R&RVnA`# zC?VtLY6T5h9M+*4NK1N4=MSm6o=okGwcL2a7QFqbr28bi>#b?<(1`A{B=MPiX5#4C znf>6dQ7lUDYZM91`+6I;^~+!)7nFEx|E85^BrUY0w{&&gu4n1=tF#Ja+Q?wH)cid$ zKvIUhx|jsal+O{>(o~O8@T+;cW4D>z77J+?XUB zFSud8VRq6@{Cy!jn??WB6c?d#7^+u9353Zz%}lk6K_c)fNL}|Hhg29}-K#i-VGzU6zTQ0gs(Zg9Sb!GA1OQw8B#nN59XKd6P%?&@sS!%NnJRj&0SWk<| zgL>U$aP9gizIS5+4E?;lL5#qs;(kCnPq*k1~Js(WT!CXnSrfgw6P{gK8o~a5B zKnl(5Axg)2S5A)abgZ~9BBW;E*+m_ETDXP~=3{vkpbIFYgNWm;z5+lgBPld?Xm;}{ z`p9Z*m3^_iwSim9*2@6Cm6ZQ<0;^g*HMp`VoH22_buF#|sg7sI zOp&rOdC9X=tX@x<$^6sz(3R!f=xPCdrOq2ZQ)Hue)b{+O0saKJHn z^Ua3SkcYa_x5-t$bMHOXmFBi;e;_pL zdNwwd=6 zSXBI^)OkBOvzFJR;AGEycV3dndquBeBz#)|*Vjw$bn$(|5!=edD5n%7-xNxlpq$eLc3g7<;_l~+5ozmKQH~&iZj}m*Ft;o3- zaRPn@{w?$h#ch^z(~F2^od*ZZxh+eypc*i=4D+m0R2NoUg(znEO=)guP@_@&i*Bem zyeV8%@aV58qV7V}`e3^}r-u))g%_SRSRl3g#k@(U*UsgG1?1XltW(wnl+jDn0vcV^qW+=$s0-il zn}G)RI`7|ONKR9xY&kt|oLM!8+Oqx624@jE9r$w+|Dd7p^tgXH!(G5yEGA=#gfuMpbjvDZ)C zU-=C8@*LgV*W(AWkZ@h&wh@5VAoT~%#}U4Ix=mYo`Tkcz>VasOnAh(y$eQ9cpT#xh z6N@rx10vy{f|e!25Mf-$qp7D5^*Rr96+p+bQ%bCazD?R!zvoo;= z%8(g)4su?Dw`O~UN-%gnJZ*w&h*_uFR#aR{n}zC&c$Hc*Z@02o)x<5-eDjhxSqd%z z)N}9{g1%Kz*<6PCp|&G-{fozJ3C_7gsIL;2&ia9T3L;s+cb~GUW)HTFF>$Mb-$vA) zFL9^S87VTEv2R#tsnf?dL=;&4B^JEN<>>0uuNOxbeI_Ob=ak{W7VWgkJ9iDe9J_y~HoevDN{`GZ$u&+QLZa(ZzKNzYQJ`4< zlb^vm9y!`(t*0D2qF0_0Ru%V{-JNS+`PPefbST8!Ah>=WG8m0arNZMLqFP^oI?C&x zb=Q=^Y$xqP>6`$iTU+uaQGIaEuM?7z*F50@4h6^K5(X=L2V}NXWHhv#8_1zwbhG@? zwn!k=K&51KJr#In0Kl3{=9m8ov9bLp#P)9>_kV#KGa)-0^M6Ea9BfSgf5henuA*YQ zK~KiyA~_);!NO9M?;`1b!U)IM3&!{xp0FUfjIf-NsyduFoDd#_n2d-hM~a$gO5psX z>*mMrq{?-A-TLZ_cLi?-Z{@3s&SPy*M|cYU3T8#Dunq-DvW{3`U{(en3PM^suulm{ zNC*~e8S)zv97?P2>l4``dH*NT`n9h>1Ed6c2xSp&jxryA8WJi2LiiAs=swbbQ2_={ z?KO^gT^_j%8eXs!7@jP^%K~+ifUqoJ80>?Hm-lb5@^=Fm%z%hL5;(Z$-OjNf8|fw@ zaL^zBP=zWATuDx3h$rC8LPID{_E&xS;975^znG#(l#GlDD3On8A|IZVQQ@GV$Qttb zSepdb7(niz-~S@3V50p13UX*9Ff9+_&!6673wImBMMMNrAbu!J+#`9$-h$0tKf(Sr zL1$gid?tw4_d=UnaUtASbxVIF$KwZfwKM`{7j+V zk3tnp=#sM_up@#C>%RTFLn34^byPa{!1#rM;RiAB$DMbblOS(LX-|Lu=Qqqh0ZZUd;;+}p0hCtzaB>--^B&de zJ;3l1(sgJr(T{dTR0xWhApFtZgF76>vy`-+d~|-_X%~px-&^!^py8?BMpLp7&riQ zP-wB*q^(zL*Tqw&asZR8ajuMwqEkPOn$R2f!L}QFN;xm0#~Yh@x1lb5VQ2bUpHJ3V z%H8K3sqg)fN!(07)cDQ$ILNhT<4}&z$nJ3G`?J8-RDpm`Z3hjzbTq5HqfjYfKi@Ja z>lN76-CF5F{x%62aK$a8if5WcU@VpB|P z-Krgb!`w%5&!w*pw1!geU797KQ111VH|6umK;(WYjas)TEsgKkujU`Eea;_r-KQp> z&!f+aOxvmIjUT12&GvtBYPVyy*%$X5Pq)&$W6R-9S>g2fig(qc=NFFqVJ=Oa&sCtl zY2L|+0Ma{x*2~e2eT|U_I$FXM_|6Y@*ANn^${F}!NED9P^7OQSTb_l&Mp2;sy7@^39s+7B3ahl zRU2MP%Tp=B`{}Wa2iY;07O1qwaE|jgRvLLsPLiN)U}AG}ZREF>i0euRoi7*Bl<7gu z)&obmZT{BBu}tIQ*`F?I%cVmO!vfT(a_MC}{L|sXslx^2X+*SI9c?6azP)eAn3R&o z@Ivh^S7zdM&#|yc;3k4+0@3tY4O{vY9b9RvVZzQNYu(Ofv1Sb2%!Uf>#&J5)+2pL9 zit3i~uEm(mn?@P-6|pQAZPM6;6*S*KZde;%QxCa~m<1Q(2&|-TbE&qxf@wqZYy9Y> z0?jFUXsaB$imWUwR_;!})FddZgLl?EbC#1F@)`D`tS2?i_zM#@n^STF84IVe{k=8` zOU_FF8iSp-n@iANy5H2$ze|$8RVxW^_}iEBV_lcd+y|24GOo-X4|z$Nb7$l!Ju75Y zrXPJt)lDq+<%K(9Ar@sD{w<^-ly-JJdg2ULd*bo#CSNbXdNU?roD;nwO#8SK7iR=v zb4c{JQ00gVzp{^>n5nk#Pu&{e^bE63!5DWGp;X(AeHSrESyS}~%8|hnQdJ&nu_vsH zO;hafySmWB%-Glyww!ZrUT{*1p8tuX>aP|)RLW5FGbAI63i@NZTyR}?uG2(dZ@@p(ekmQEpn1_!;pzl zZ&Kp^w2}MI?=}H?ISDF`d)d;OZ6%+DNGRdIpRiXUi|!SG6~;aVqde&HbB1FrI`{<#`2{s zN0=(JWR%5Yo7oYQSG`9>~ollZ}U(nZV^WFG;lXGwpT@RD%6iAQm@GwTg~xh z6TiUmo9sBWyX^T(g@cW`Ni!`MnMxt0bd3;v~en^f2G@S+^B<5;iiZ>Qe)2 zp8*ApkuKqp(Nfm^Oz)g$9@wsTu?dy^65D7~JV}DDcoqI@~`Iw_)P>oQ& z#574nwA2=fT8iph8$+#>CVZm+*}8A>>Yd+2qzHM%O$06UTvq78tciPN54oD?W<)S1 z(_R-O@a()Mlq9y}89KSnv&2%nW%r=jwTYd%1wO4|TwA9@c3|>~j??)ZrzwcQgRlE6 zWzNG<9LFD1bf!SwQ(;GmXIZO4y2CPV)diul`}pS`BcmPHc;Yl_JJe!IzROPt2@-yKi~$1x}WK--dy1bO4~x$?$L6hO=C zQ0JxQnU0)!*P>F1K_CB%@chZ9EOsu*PK84;Tx?gk@I07UNr@TaFpEed^bWW}+`rWV zZ?lJf@6jNQ8T<6nIklO1 z5V@fBLrOb(CLEZNanRG5ZkhhqSVBRlD%%aB?#|7OkX$5{YN}=v%MM}7G#gfW$~Ur? zOk$J}KiI<(2D?`KSnZ;Z-Qj6{Oa0ikR1$4Jd*|%;EaowX(yz~DcHWjeTf70yg;^VP<)Uqe$^#I?z_ zuw*QeB;vi@_m`UxqXU@8RNfd}Rd% zI`H!pmD+tiYj?@kwVkg++$TI8xcIUA%3jL$5T(`0#asxivp58(j&cxIeFO%S)v@le zzXKSAG*-gj=q4tilbYi_pK+`q$FYa9e%vk^>UN1j4$1 z?&Cg@xgCbiGarG=?SV8yi`+t3;$pPCa@|(H@ieWU3@A`S>qM-N_K3=n4p?_g>-YDw zx>M%BBXoS$dN<7d+PC($^gX~MQ@+xuN;sZjMj8BRY*nQZF50C`;-u8Ews&1|u457? zSpaa|btq3TeED}?R(zT2vQp)mUkauTySlJ>nz+Vf`9lM3+Ps~|ucfs`YLrMJ->Z3s zMDFkfMoGKxisW8a9B?1Ma<_cM#^soK9lwY32~fJ-$cB2SYB+4vsfWENq73C8qVzlpDt~Gx*N8~Mp&s*tnX!<{TaN!TnD21J}F%uLW z$t3{1^Cus2M3Y#=hX&t#V0rwfFSh37C8U`pkOEW4F1z-K*0W09`}uxlc|(p(8_Cs7 z&J*8}Iz|hyzTrF(s%e_I)p8qCO7~4Ct-b1 zksJOKo&nD%Aa6To*ezTD2%mJ%^5|Cota*40D1vyk!BmWP3!ZZ({=>x}RZ#U3(N+RI zFt*zAu^FbMlSfCcu$PsHb2QhhEz754SztPimzLhLW}av@)AwpLa;}bFYQGWTH8RL25rrF zvur;0I@32HMewi9w35ia^?>h7(2EzcZQLEOL}GUKB&W(vHU*OvUDA)a)JQy<_C^Q>h|=}Y}qIW<~Dbq8aoE)6#-b6?i*Vz2S@)hpjL zmfcB50O1Z~*V%5x<;f<#{Il}#$r2W5VpFOqBrnMr+#mJlv;&cPApg8{BH_dEXDGa$ z^7*82ugkRc9jq%&FCg>l5-H@0-j~AKGsxL!?_6GXn?tSk-F4GMdj*J0?~>HLq*M3X z)nSjBMRuSXGh93?4EA=4V&w+I%Hd3fZRA1C&LXO1`bZ0eX^5#;h#ZtBrb%MO-lYM~ z_a$jnH1f^S{5Ei@Tr*O2?&1wj;y#v<{{BJQ@Xozvr_uWhLiokzg>Xu-o7@<<$?JpF zwk<*~LWtfE0FUk$v2(wjSbZ`?z66L$^@hB z3qudjle!UTTK-K-oG$+*P#Vw9G$Eg`;%+rI@&KkQB9_M~jC@CC?uQ(@z z%{82y?aM`8y1=+IJ<=Nc49Di0!{hRFaDc$GT0BU^0*$l7=M+H;Z(v}$SU(1Or>TU2>p`3pT+f2Cqh_3j1ILhk@eGDNgR-=mwt6y|5S;~X@ ze_IX_{*efABXep}W(FTOEKr13=Rpb)p3~$#kMwsJ=L+^*2i#su{hN)7A6+FAgOi4L zIjkQLW4ZA+C%N0$+J7*~k&+P|#z}^D1!h9r<;Mi;(B9RtIxfwwH@$@jCJv`)>Fdcg&gM zGScv&%=*N8&|&9wPY>Zwzc|1%eLCZ^cP&r&4Qv?GKYSFSl$pyVpkK>%_|;EOBmKFioWqEu!c!x|=S( z_`-5Iu!0|??0b*{nR&VFEp3=I)Q4(}I4_=i zB<}%E4pZ~}M^2sMwtr#yr;BX(P-jvUeg5kbpl|Ih8Zz;AepQ=%aF5m@ zDw+4n*KaHJs6<9-nyT{fW?5GF$tTwOY;P-Y{e;PVD&9p+w*ZsTdi`Eei!0Uj3zr$6 zXNGL}G4eLf8GruA!~>;>E-A6G9jowB?HcRdbd05$AWUBTl-gr6%sWRp(Pl-fmz_fj z+?0910P2$W+r05pQmU5qkh0Ku2oZJlCUXkZCeE+^1nY@V`H1Db!K2|xkAsdirm zg6*uIhE;#6+PLeG5D>BWK$miqkDh>A*vf4MTKU%qd0<7V=kZtC5^zRQO{D*a{1|Lf5rR*SAA9r;T1FfXtPD$ zyK!sEx*~67V8O20-|5dEjJ1S?U3A+@Z)YsBcZNHJ$h$~dzWxM~#g8+ZgUlr{O^?uB z>$G3vPbH)$n-~vkSa*40^g{SH98cBu=ODF5%AF!GO4V9IFUc$?;-ahQo?&WZ1LBf6{4O<&@lXJE-2|@%3so3b*8_jM7h6l7 zZ^J%nI+#_|l!JuwRj#i(1bXW)HnlwO&BBAYkbtBAgDKy7pV@u!5X$vDoi zDV+XZQcw+p5So8MWpaQ&aXn%;1J3HIWPBoM62A7x?8jA!Ju6ms6TA5;o2}KfyxZM0auv+=+vDbj5LTjEj$ABWqr zS_ZFyseLQmWO_4zr>W=LQA?J>VQs%3NK2@CiIO?iOBBS<9~@`TuXy^3!M<;?Iqs!I zz!R`yO8Gb{cG`*>fB1gAqOqrzQnj=d#8LZTWrpZy^D49MpQil%9XWD9k)w)rvphMf zBlA?-edx-$x}7Z%o@tvynwT>|*8-QT z$ja4lT7iQ|EG-KS7tP-7#qlv9dnZvO; zuH8_!WO~u=e6JhMWzFso;lzlxt;LSu(J}FnKRlWgvjIo~VN_IMh1xvC0nFC``$DH5 z{?QYm{s08BW`eerIb2^bGBm|7w`H4MYIvpN=GaPfu)H1TXxeM`NbC-NTJz}D zoyAB8DJ#h!Uafl#>7bC?_Vc+^CJw&~qg-gurqOSuLgh+M3=Xw7fKMjtglw0mN@PN# z{$``k*bUmWd@V>lni{DqE?!0g8s|I8%ud4^2wFUk|6dM_S7{T38iICx7Tvq;h8Pz$ zYu9sL0~)jmvuQ;!n3QxqE?R-Gin{%TrDfEWD!QE!(uWyq$>r?cP+mWB^ip5rBaw*? zEqz?7Gh|v#g1@eshlJ<_4l&tn!dqt>Op&r+ONlp4)D$`bykDP5qD$k6m4i)dyvuK~ z%v49S9SKBpE$nZa91_H(dG;xKXnH2;RYXmnZvU{nG^tjTqJ+2G+XMA}P#?#nbzaW- zu`u{IF~K=~OFG|pL1&=Ch+BtQfaus>g(KeL$BW26d(Xr%*YaVe{Lbc`{ zP?RcLU9(2T6b6T<$(bB4!;xvafhC*%@rn1%HjZ`mSg2BeaCfO4d2s_NyDhtJs#RA9 zt>Sx(Po&S$Y9_Lx@Ok;lYgb39noCg-SNUiSlUkak75VqIyL+K}`mhT=&2q{%R@~W= z1=CC>ME{PqMbrt>iLJW!uQ>YORZs_BfI-`-gRQ-{jfspPrfl(mdn@UTm!k(^E@HYN zb5GQwf2BnN6&UNX>^v5}NdJ*gZ2WRZsDAm1aUvlB z^qG7~r-nH5*4|7$s4g`@YLTkpQ=rX=e>yYl1C(Vd@F{)t)<93;l$NbY*O3BW5jl4s zvj-YT^5?1Wr;LTAl(1Jp?0m!QCrku~B%1<&)T)+)i>rRT+FV`)|E!47#ngDw@XX_xp|5_!dxnY+pw64Qr8*8|e2mcXh%*iir@xR%@ zkhyuOEjsuob8n`wDnEz>NPZ;$3FmVBC!EX0_ndV|L@K{6Dt=N>;H5n z{~tT|jo=D7+Rb#)+79mQ*Z=)Y53jXq$M4Gd@755tLIg@XtnBt}>Ed&3walD-{HWfb zsb<;BXggQ29T$I6bZcOyqfX9ts#g2&X}T5F>0>?{sRp&Z`=KMG@DX^aR) zDNV)L=Gn#sBqM|l0Fk}Y#oKw1<&&|!l%3iJ{kGafB_ykWVe~zDv3ILEre~M4tC6W; ze+FPO|4=>njU^JoI*LO=5{^!x?a2dB*y#lyUbJ7#zArSd1Y>gvcL2WH>;AN~KMHjY z?ncXCYn&aRrexoEcXq8?*eQ zp4*R!j#UrfN6qb!5g3EFhnGBt0e4$X&cMsAAB3L^#|%?aR+B^5(;wnbg0%GXLX6(D zgdB|C(cv)=15?8j5QiSX>yJAcnsOGvz3<+=hIVuwx%Z>iY{&i#fc^aXaayw*CZf@!U`@_gFYR%M-iz=a1^UH&*nu-7QD>j}c5 z;cz%#03?s}-KGRU&Fn!zDmdHMKQ$?V#MIDJe~!HKsGU1riuc}YMtXF5UkcuCNXUea zW6=R6Q87ud2Iu=m=P|e6gE!&7b|>EXL(v6mdr;vF%s{x>yGnt!&)z_3@pO^CJ1IC| z{WZ_y&h*3adTBp6_JJ8`z98>9#VbBzIDsaye}pTlqknda|~U(@b~ zS0-QGYu~XREnkJW6FhVsfL?dKpQ>-U$vuLcu7y|ea)BJ~Z{Jn#%a7-uu#Yb1(w;4y zn^Rv@+#g3oz$oVrWH%y1Lqo?w2jkED&W_?uw$8u9pmDXt_O?EwI>3-}u!n zmfV}LmUFOILW4IDz;gZnBEHeqOcfnx;LMT!6orvXjWlK|Ddq&@EmKU$?iD zq`Hy&nH%$Ksl;s^37z6EBza`4$i+v*E;JUKh})N5_E%%zC82g7&k^NA_LgV7Dh%T_ z-$zl``3H?(Oz6~2*|nPU7{H?@-7I=3nhAO>-F;OE4Z9@^$b@Pd;X2mE7wwGnEXnNN=yOUxd;c{pQ#^xmJi7ciV-O=Q~6&ulo zOq*6~SN!5iMeJP{{BfC zWT?MiZO)QU^;ndcY|j2rY!J8;*r0r%9{~TjxreNoGfZTmcBW>zfWmF|upY z-eLRt%eGi>A2a#4J2fGs3%f90b)FERHx{Bs*rC!*LrHBP6h9Z?*Q-l58@Ty`$}4T-(C|DnZwW``kI% z>>LqJ7!!IXA?zW@9HNmD(;#+2s-kwd-nHe-EX4 z%OU#AXiz6$d$2h@4mAo~!+Y-1o%nsHRa6)p zli1!_BuWD@VcV1u)803QW8ta237RoJimXRpy3FUim18Ta(}@AJkSJ9m!6PN^@G;V; zeRfN0eMz@GWnoGcfhFX&qK1q!V~?lAuN2YJNtx93rvj|Ln3TMJ{@0UJ95N*VLVCdW zSOl+rbayYn@XdH*fe-yj&{j7hvt3b-={b5_!nobCb#Y1vo>o>|&<)RSfR35V$y(jh z;*{F#sCIfbQj{r^N>i9xBLTm0b8E+VgY-KgI!pi6$Guauk5UWw^|~OCq&)0P+DwYc zCI${+=e-;D%guKUwB)<-eCIKM+*HF-$MpNsZ(C**YI@`FI!^^o#wPhGG}j^1(y5p* zvSF3vy)D0JoR@1rn@TV}ir3a@ImW~WCG)zsXL2vsz$zB@=;%JC(HTun2u`uHlCLiZ zjtduFU2mUJ4t$BpwPNeDPrO%dpqoVvlfil+{?U@ncP~xB`C|QMMQDF@s6?T1b|!=+ z&jvgMO4AxtV1oOWKQWW{O!3J2xX`ft!mK=&6J*ZKZ@G`b<(i~kA`J>y&x$4FEjEMR z4Hg(u3LW$OyvZrUq_R_y0o zzKm;YS?6*VEI0@F@|FKke9-C-ZYFT1^?CE_@-TbS{la86J89afJfr4pcR*C8_GxFJ zIbceqw~jTnC)J*tOV=kN$rz+1F6K$#>W*C7t?Znbja;Api8-s=d0%B7P^|pmCi@}d zIA}iXqr?C*D~o}b3JC7MZKBoILVWGlW&7;}`2*BKl`OiUE7t(U9~mB1zK%$+W;!Uk zNKMB+Cqffzoxx`C@5K@^r=|xG`h(IAhKA-Rp5bf+?r-Ls1x1~Omsb^WDV(g8WCCp7 zUYxMY=XohXxf6Y6W>%;)e0vV57JhU}ot>b@Pckgz(~>oA9p=GixzZ7xb?F|j_b z4CsD>F(XeAYwv;H10(L`L;bnx7#yocbMuxR~jR!eKBypZ`c}E#P)aylHY{O}YVdGyflDV$XqJDOP zj&+JTeR#;@iXJo*dh~zt#x}i=*ISi1UZz{%ppLtHTHn3gw=V z2dC3Hpa}nNUv%p`H3|7*0(%x3Q#Xu=>lQ0}DSnN_uXm?qdnyT$XR$j(PkkPJcM{2W zS+ezH0{XL>il)d`8kw*qz*ih^A_@wuyp=PDgb{g-yET|rz!Wc5X<2W}5NFaAY`9if z(7=%#ob2bOH&b_*c^oVQiE6j-TNCfTO~w6IN>ZV}BV|hjcm$6;5)V+|dg$49MQ&BQ z?voJ5;voTw)X3&8CA#onm@JkSfpsEQt31KLotdlcLcN+-2-18;(!cO7M6)jzlNbZspd4ySuv`^O6A&RG7+|+x_?mA8?Mk|YMsL{VfGI015?gHlV|X#w?(?;F#Mj`|lvx}!>IwSM8K{We-NvYJ)6Www ze)vou%IP97Q3JmOGXvFFP#Ql12F_va^x;rInL=y{?Q4qh=D1Ee86TC#&P+^}2Ea=< zdShE42*xK^ou*SBX(P!V3Rc||R0n!5uW9E5dd^wqUaH!Il|pmXBv9#acv^PjUp>CMp>iy*X!~-IS$1i!13l zvY{98&2>y<6Uuk;xO6B+7XyW)u--iy*&AK2MyW2L(8QTzT)B<9Vy+(J1>XA>(eQV( z!ra)i48KOh9`OnFcX2kxN8QA>T$~U}b@*-B)oWU4y)0?fVb@<4IqS&`tTJ90-NmEA zUr#ZFXW-#T{*~{_K>sfF9MPPi+H@YIqK$gg(R~G$$PGh6hQ&)hMJ_G_I6H_5d$)kkG5_=xx}xXa_;DsP!sG6;?qC!pN2tarTL>&KvbK_W~Mczu)u7Y`_fp zs7~5Hw^{nsVpkERi+8N^)(LG$m~5Z5;G%jg1BB49=tjJ;-hfL|31 zd+RO{VrnmGVm(fPTXFFJDXBh4z09`KqniN`X9_B+o6pfUC0%{01TLvj;+ zb$eTGe}!f)*g2E4*h!ui%Oid7aCaM4=+8@_PsNOZ%SeF{S7!L$2XZihg0s)(h%Xi` z4sb{p;vpAvMb0fB8Ho`(8z+#Lhv81AM)%ZYaT3D}-1Do5rfPj$OAf8yMHUcI)~Rjb z`98Q6DGsH`6&XnCmob_Ai1|VF<pRxS-!@$!Qu^(-EmqtFmXSw`x&5NO|y%~?_AIx zH{EQw9y=iNj3dxZqLe?TXzOnLDb6O^roe8^GGyOD)55`6*1$hjiK5;5&TFswqXv?R z2%9HfjmWD1RSW27WEH|@qF$d9kEspJ_^NS-sryMe9UBYY)SR%6thfWE*E7j&KDB0G z^1`=-toRGg#_*|w$5BI-C`9;z(?*zQa)>3*dDgPdQ6O}pmVxBHQV}9(<@TN1mlQl$ zlz`i$OU8k%5Qqc6%Ewgr;@kPlZRy%)}{>|H*vLA9n4uW{}T>G`|e z?_t@ozzw3gReU5j4(u9V-4TZEEp|$TUas$unl%ottNy9VH;PECWuKQuJ`v`WWgjO0 zM*XHk!sGtZYZ&eDWcDp-fl3G4l%#X_6`BO#HmG{ba#fH+7I5wp&JZ@6QLrE0hyiig zS|_cZ$8WqQ6bfk%Zr$<(R4lk?dUX?@VI(k=_T8>nKcUbWRNPs9ah_4P0yDRhVEle$ zC+tLi+6(SswR00|?8=-(yoNF3)XKpbczu@zexwTHyv$p(f)ctFj5gt3F%qt>tt{9_ z#56h>X&LY-JsdTGO|#418y6$<&IouZSmTwuc(!=()Hc}%sqM;x`EQZDYmANOeP`A! z-cOS@M0Gqmp%gP2!dt1JLEnee^5hD^uNxnu z=J`zzzv?j%j4LUOjx3%c&z|0zkfJA?R&m6JoUkG+kI8hwm`kw9yN3KQg3P71cT?5M zf9w7B5&TFwUA&;Z8tcltY<5?3G;oFpfI<)!>d&GywSj;gMTf%JCPf;d7cvM}3Xnmf zlOP4~YZsiz)0j214MKYAj{}Bs5fR30Jkk$@|Ng-|Dvym*O1Q!4r)!)Wo!$D{n4Z&zNu3?*qtPi@+UwA||g?4^fl;GT5M1Oba;{ zXz#CouHMCF+6_>mHoO*Tg?e|0%fuc(?C209$y5v% z=X7{8fvA1lDy3oFG@Q5UX!(Y4u^=&esLg zF9+F@EIIJA3=kTNhH6WBUfmT z$dLs+T4IBN4v6uoiBS1c+rF50MNz%Lth8gDYExpp)$~H4o6+NW?%Y)2YU&9JtKvZ9 z@$1OmpwT>cLh&Sh(Q$<`if0X|W4<7FTa0DBh@`?F7@)%RERpuy-AM)Uk|32J@u!6; z?av&tG7nwN7h`)JycPR?OoDK6P3Q1-?ppGLx5%P`O4^E-?7oSb6w1RY>U;trn3|1l zqv`g6&}I*+nAF;KqX~L(M@5PPjx=_>Ruc7WSGjX0M*WVVi;Mg0H>5x!PtPv@W5!S` zmTvz2rue;`kgk-T${Cicd3%faEZ&JZHn4>hRjQ6?x?5iZ(<<>~D(&a>QqfFHuZZyU{@DRT=TG;0iyiHL51{i}B3qWrru?AWojw7KxW@ z10!E~R?QKbZZ>~1gn3kgiNsthKRm4Xl><{P5+KVPU(}laRE{m`?U@--qk}Bj3$sT&qJ#$F;}h#eO?A2so)+xtq{%s6c2a5QI3n%q8d4hG#>$z z4}mjyCKUmOgA)b#3rmYoX@vwIJIvz-u`y^$X5+xVbo}JQow+k3lEnNTkgdhS@!4sE za|@@u<%-~};kkM2lx(h5^wWxpzaHRy$dC)iShQrM4o?Q7{))`+D~a{o=?;gP-e)a+c6|;wkIOXI57A@h#g+;unz`lxK{yF66Tfb3pQQG z#2w~ChS^TC9bt#B6f^3~;LDr3a~Jn{oA59)Jd|BNa#Z)P*=1~_52t+C&e1gM#&*LOkp%nOo0{>nD*HJ&!xbh$go4g#ElUgU^Ew7nKd$4hJ zpe|&~0+opJHymEB?qi?c2ZK#r#Db?`q@qkAFl56Z;v-$VaBV#XEPj=@doTiFKQn6T zbE?9w7Obb?sq)X`GR^Fq4J0%6rwfrPmxSMSB&@+1Fa^52BW{a3K3QO}QQUx0O`}Nu z_}}(~rPlr%se40H^|KFKTcb!cfPo#|AoI}O$3azPz!aou18)NU--W2Z4wM4iwHTf& zc!pA!oVEh%Ld1}*7D7W-(NsA5;BWD%AgBh^t$ z)J3)YR7%!6z52^uCPBQ}No|fxew$A2h4^U!xY;fW#@0!?vG~$G;`cJjDeD2hj%u`? zDa$5CRVTUifb_XeH+TxPTVDvv3xN;qSDsgZ^L(=DCF@PY_+i{+d*`oyI_s^EJi9PL z0k4DORPo3wZ7(!5pd)Lm6$h`}TXic6)PGq~eS{K~*?BR_KhoPmdzU%SF&5p~h7NX= zY6N&!i~Uxe)v)sW=v&9JC8Ao={26#S)GrO+g?Id(rV2jjW_7Okc?c`=%9S6KwL#hn zW3nhADo_tAw=Vq%*0^(1yk>mApZ(>B#?a#o4mIwcI?USC5-D|@?wt!XJM28iDPYZ8qZyM~{|Fbt4oYkjIA+(<*b%Zk| zO5f2iG>CLmR7QdNUMt;c64cZAo)YNQ+@Uz|4*p~WlSiG}yc$f+-+9`N&}uWkG^Y&e zIgCI#w*V8^S`hLgqYw%b%e&>NYt-Pn!t9t^9;HgF#8)cmr4MO!!_Nfmm3>%**4j>S zc=Uk-BM!+3UrHcq;Ol!=rtLNOWje9h7-@Lq4xB{*+SP$OXnhs`ZDTdm{vv?r&02;n z#Z&tNqgp6^cyzgBs7iSvW9LJk|8fzmv)cU|aUAKXlTro;WZ5fz5GN6-}IIa&<2>4J=6}alK#6G?e4(#4%l7G-R$H*q-q2LGg#kLP=nU=@(s2`Vl&T zSdV^y;2$m1A5jcDL$5WFdrKJ?+m(_+LC;cWI1L4-%)^1rGp5by2Mlui#6mjCg?(FF zMVGsa0I?N9zHXi~xQ;@WOyRk4z6%AEDCNB4ymITS}%J zJR$u)vzfls{orR8z8d{dcJov|Vth-G92>KNdsoC>BeMsI$*gmTRxpqNx0rOQxHN$d zLnXBTV(c9jE8)U!-PpEWv9)5`wr$(CS+Q-~cEz@B>wKrN(fAwtD&~C0GmyJ8>W$c* z3WuG=c)AhL(6%pJawFa97eo3u7xd#-rDxk{>|JDFZT$eQo&A-HIb{44xLgyhdt`WM z*Q9S5u2j&VCgUK)IyCQxLtd>sd8iC83Mn0cXz0Vl~f^s3$5IkI(A7n zb*4Ga*8I~svk;ZQ^yN^#=y=qOMM-aFJ`j83lZE5?bI{JPKeM9vd3ht_jV>(d05Snu z?LGmNX`&^*&GDjDMret2i8X4_3g#I%ak*9_-_aOq@qS$2$!d`cJD!fySK`6H`#A&e zV|mB;hDVGT-0^!xbE0g9JNEojlw4=^&Vbo`WXR3P6j=zqDK`{p`7WMGYgE8Vn<4F4 z$bHBpw(Z1vK8WP@FUe?5I&B}h5Tl@PYCZL{oTPemk+#x)RQ$ju6q&^4R?gnX+QUY& zHPlg!x@_w)0V5$?U{t%$$D+!7U1JKF_fw4d=rtBs!fTdQ^VtFOL&nsc#&y^pvlZT* zDQllPBA=PwLk7YMp?h=RI9i>obpBpaQM+nMwH-SyAN7-Ny(P8q3o{lMOs0{SE1t}h zDO#~4L-66v#cA#HeRE@lV|ruWR`3}`o_BVx3ox7!TbI|tGE)?MzhVS;XHeocXocn@ z!p$}_vDTGwQu2z)L9bk(0lDzK;z113!{CXBw;_dut2h@6<_xD5bI&x)(vnQaWuWQ9 zo)TMiS#)8Beth+UiU4eh<-`q(udO%f2_(^AFRk!dRIuoQ(1)!Kh%6 zO*q-^RWFia-xu;=Td2Lg{ENKm4PI4zL>uYX43zyr_BpFn#DX>?c+lemLpLa*%Z7IL zo3h|D3!KB z)1iyy?DWnn2?ng@!#HQ(aC@4VG;b$$0?jIeFyd7oF9FJePQx$TuM*S0>XV)n($PK` zXGMOPR~iBLx(=#q>DD@mOs3mWKE8II=#R-n#_WRLA6NHycQ2-}d0>7&vBFx>TxC2( z>n_$$BlwPZXpCjP5(Br)W>MgZIG94N*aP!kFvmimdam9O)D}yDBe=pQlf^?O?suWr z9l84pQ1|mVRRhy82Jfm~Bg3bTPiaxCL;}S2f44b9-J}nR10L!6@{1R`$P!#|4Cl{r z6ui34Vw#9;%>R{tXUMN&LDarLHks3XVU;|#Kwp=@eeki<1-ftiBY->^JUpXDQ0zHG1;6>J`@RpyAW+HcKzD0il=ttS6VQ$9_AuKi!vJCX|VZ~Gq|GL*^L zZuh@V?I3&IpFfFFDXB!I)@p*sYT)z0;4EXWM~jdxB)qTS^R-zFDrV67b>FYM*)1Mj zwl>SK?0&)VWT}YF+NBMT)@vXz$lsA$FC|oKYM~~foGUya_C2&fGaX*`UZ%UJN&E(x zMPP+2paNWMBtcX^ea1`K%6TX#9I4w<%1!C6CSvDs>)zoMf8am`Mw-_O4ULLAcS9d@ zQv){^g+=v1pO>(qy72?0p|>2#M_)Uy>;|7CpnE%6FA=_9A<4*mO{kNgu50pxw@H^x zmH&bU5A3xq2xQLV#feDkk?l_wFCtCv3o^5Wv;j%MEV`i6YPp$7*>AF@*O-H?ptI@xSisEL8B(m^G-7PWTv^em-%OjfZy?wp9#}6T) z`;+AMs6603uu06qR0r7)Wy>A?o653l}b_(1f{ zXQsSrML|q{{NjQpf36uqd`lNcwrx1m8ENCh^D(@xf1i78rgqKj?PrgxP`5(EoFM^7 zYSRs5WWti#gq)jLggWJsBr#(bQU0lpXjF$ZC{5>-PsP1xpjajKFn)Lj^5tp)DEGXh zZ5X0o4D#C;^`S$i4O>#Ac~Z`FW8K-m>vBd87&%WN#}_gwzLo zqaDuU7M~6&Cw3IlpgJWZe3sJ$O3;#nwfGzGdLMW$Cw3b$jF7&O!Y?BvE?@ z1-9dv*OOpVbby7(Zay_{?Opsdtuy^(B^Ar}Ex-V+`Xi>B)i>FPD6sNLZ?%vAEg~IF z=2|{no`5bMl>BAS@LNBL2Kt%FoKE~z54TNzhe2iy96o&7y-*1+Y*2EnunS>DEm*I& z66u@5<13zC#lub=E!<2a&Rs0vD$;byk}Je?d9u~?&TDr3!P0gLbDnh(Ev8z<2^vEG zChos54E={ZWn}QacvYa@f|Pnc%#Sbb|D|ogbbNDYk5+KP1GWvd9^cJ?zKr?CY`){W z`wWv>Nhx%Cvl@QkLh`TF-ht0=!Q&s2pkWrEx)-R;KvL6Lrz}m|-oUu?2YHUN*fz$k zo!7)WQ-FS0ld#D?Qwswn(WW~hXj7N$xK#boQb0N8J;F=t92gQeRY<85{S%k|yDVPC z`G+}*a{AD2Q&=_$S;1Ey6{0&uL^|H6oc=BtyWXjly;^C&ncymOsyY9f^Q0)+(1)fB zHm!nROF1WGgWPnVo~`@e2F~B-Ugn_cAkwmk);UN+l!5ez_s>a3prq&r^$66@sE7dU=I+0pXCFsqo{c~Et07KHXaIS8y#&C zZe4ofEB%(3iE{2C3y{Bb|5?{DiL1D9M=jWCOLer&?9ac6yQ^Cf+~m(%a0e7t&G^4y z@1U+c4A9w6)*xz(EL5L}nKO0z+jZgl?6&$IHYb=A`A^;HBkNY?TDGdM-mzZeZG85Q4Sz5hP4x9fFO}Os2UTgiiXDXvaWXm;ilCbT8z1<_Kg<1{lzMZe0#qd@EjgorE%)^M_wwr@1d#8hp~b3{<4JAP4AiR;HQMzg|Nm-b#9EnSipB699IbEv%) z-taJHRRE#T$@_>QsRd>S!WrQwduXz|&AqZb0q?$g^gW?VtLzAUw zCApcPA;x@zfh%-9uwGTrxI;eq3B_r3<#$_;oN!NKx17H^@Trc?Z`zP0%c;u<+l9-M zm~CR=91WobmbYDGWy#j?S*(}A zH)|>fbkzxhC5L=^QnK$G4rwTVayVyQnp z_kkahrZdL-^u38L2w%P4R2sU3Er2K9WVg{t=qx21WJMZZ)1KttC@MJOZ)`d@Yuy{@ zFh%N$B)m4rF9I?Du4)leStGYSpHwlls47aRVtRx26X||t>d?=d$1kN>gl7BfI3n5M zkY=SC3q0p`HK9+K{eRY`HoOnkbDF9&*Fh&Fq^>wYeGXCV*MXAy6fm2&JlDUCQ-cb` z=3N>LCQD$wsqC&Z3^USkf=>7G1!Iq&Zf3mBrXH{P?QMHGazdyXs0cfoJck>Tc9Y%9 zEwN=O|Gg-vL_m*H)YDy{#;0Zci^BPo*W4NkEZ zEii*&-0uc4fj8?( za|tp8Fs>=a8&_a-Ps=!7iH0((giep(f{rUU$Ci$bknG7;i2p!+emFm;s+(w^M;X0R z+|YgSA|%v(7x7hB@@A$1V!Q51rq1&Hg4Y=fAn0!Ei_t8h`PWvQ0?s;7hfJ*Wc~)6) zVD)TwTlc7_-3&7AG2J=Z9x{B7ldm{}q*t)&WppA|EhN})L3eH&ScW#p8?=#&(qO#K zg$K+^qH-QP?8f5BT#!UjLKYBo*ox{VpyT`O>fB){KV!BlQpvX9oFM;x)xEaE+>sT{ zOKOt%0^|N@tXzYI*ANZdF~siKQb4IHEZAQy9~xM0?oCixA=VH?ylpo%Vu1;whm0QV zu2Q5fgD#>5S^S}}pdjO*UCBsfAa|17RWPPRcL1?(4)L9>URgd``cm1q{xb$DfhWV- zlecVdhRDQbpbt;jR$KcqD4}x=dI2d?1UrOicC=PjQRj9hr6G1hdtnffIU)YJ=9yea zdv)6^K{mhdAGRv_`uYePyF}lht3>!ogOhy67Dn^lz06)~xEDS<0KXxu9_5~f)XWlg zz;PZ*I~!5CmF_(gQS2$H*8$GU!8mJd2+ANh5U(;i^xzm*o_6D@7n$jK})`bSg{17)xK^hOhy; zp4B?M>DyM>!~lNNT)s}9Fj}ihYnq%~L{{tejgtww&%)}wHEx$^5=#@=>Rwlp_z0x*7MHGl7uQ#(=!H6^-%>(cNr3bEgOnnjGFGI=@& z@}`z-qQRNC;w=KlkGXV!w&etH($Iv#Nj7!n29cKe>Y?goVV^ExGO}zO6xOE=w%(1` z>N1WwvLilvh4cXZa1S+%Yd4XlzCq+EhO1ahmM2afsW151LpHv=a|!{}a<0~I9)oT(?q9yC%BG&iEt<`Niwf}WhMOyUgG zLo-@;q~PJN<(^~S%Z>|vZ-sM3$FGe!amQ${62eq^_RSa)_p#lgn{M>bz-lZlcQ-?u z*&HuaU8=anwMywy9Cz)&^wI?MOGgil9Jj5Z5SXV`AAKr8NH+yV#VJ!37dj~lgOo46 z7i-KiBA@3Bg;-AYvJ)GAq{vtQI_ZwGB-W6``M?=_l148}F?EdX&N?f)eP3 zkH&4I`#P-1%cxm0`q3(~MwQ0YQ~Qk5HnVPQqmHTRT~C~l+m~tl9#%T8yPuS~Gi$<1 z9JW52knY{{Uc@b{*?)bx2Ft8|Iy8eBzb3W_81+*HI_-=dn`WpVMC(yRHcI8q{6;8z zr?B+swmVlaC@$*_`9R}@Xt}uf@7 zA8*xaTJjAh_$>wpWaCudm%17EU*{Df0hiA?$3>>>$ z#%wxey2@SuGLjH()un8^x(2<{^8ussI=YpFfy~ef%aVUG?K0J_+XpOAYB_stDs}%Q zj>AzR2_I=N10S}HD5b?;iqniYD+xR#s5B*9P@b#>&^puG=hS<*);Q+mynml=nCM`Z zk?i_CX@;c$3&A)IqrfpB3-)a)**eF%wJu#?H`5A#qBm^b7;bigg1wqW(NFMX8^h4L z&8cP;kH(&gv+%s@P44(O;|Ybv9sDU5tgN7GR#Z(yI}e-&lsZCNo@`jZ&`?INf&xkC z%|oug%k^uQ>U{oS=G?|_HNvo;B$f^9;T+D7)@&xwfD~gJafe5z`GhGLP?(trlCl_c za8gK$&1uV#-KEUxFe3+#;Ijw9t>*YK$0>sY}i#>B|wR;rvSqD|Y>ph<`&1hsuPgmLHK z7*BjzM~*GR&Z6B{7NsZCtr$Mc6sZqzl_SHacm-nnFeRG!PuGBZzO|nIQ*LdcEmoA* zp?Rn|(GFbwn1VuRhcLz#vhC3GNP{=K7$HJt4_8+y zysA~EbcLLK&8;$Z7xg294kV1m^k>1h(~d|fC7PBq9ty(Og$MzV2Ee$?;4BG6O3Q`! z#-=f1z~Qi3hbvkkiV@=Gcc1bp0bSx)U?~6Y+C(j0jtky>gF5Ul*enA+J{$>97uRLF z7_2pk5)g86EGTgd$y%)P;O5!=d8hqq_>=9d`P-X>TPL5Fe{&Wa_;a$N)vQfc0JOh! zsQcL1J+D`*Ge)B_FvCFTF}iGfz>qexd0vDMleoopv(f4{0;3DXif9nXjcauLRXKl9NHU(8Z@jAH}s<4MgPHm{%#1}+?e8@$oB|D zXO7u{9vw^r*MVNDPIP4!J7`i@^oE~Cq+Tm~8o`j&Kr`^PH0-lq>NkXb+HcB)tbr=6 z#pa*T`pdq#zi1j1LUz`E%XXD$1mn*oi_OT$E;kPP?DHOLx|OFY5r+LWefCUdbq!xB zCNkzCe7b+=ViGQp9-d8&=qd8MMMEL}&L zJ%b2$V15J>1{T@6dhbp~!*4Hn-qU_Nm_TNIBa!Nc--jHDa%j*+0k&UcHyEYGD#rsC4N%cDu-lV{#jl(KMOG%(5; z)d{-dJ7I==Pd%<|vcz@_=FKR~k>WuM34nqbU~frY%TU7nb8+2du}}NwsXdO5z#=#b zJ`FRd1Va9J9V3N6)QlGG6*L%Neki80Tup;sgf6B5NWwvj?)?vl7m7AR;!1sw{LAOk zidi<|ZWm87LdgJBvAvTL6YJy@kL)PBY4p&L_O-i%0RJoi+Zp~hRdt!SN2~8Ie>I!M z1iLx+At+c=O6rZ=x0P4Fwk+~7`nd#4d>vO}nyY-@}#YBXonZ3G~z*tSXggd0NR9X1^KAA!&fcJQHuWen|s@Ja-PPvsuPuIOuOz2fX8k zVPgJ3Cvmw;1qZKWWn<1TrxVvY)5xE4zNtX)PfUfeRR!JJK<%F@@Qz%`9%giQ?y>kl z;zVP|LGJ}cG&^KD>k))pVm`HYdULFrx2q@x(5GrX-?h6LJvcRS73v4a;%fKDcHt~7 zUiiOx@zAH;e!Fgc3E3<{ET-i&MHhAy7MoWVoGubtQ+aGdylJ9UGf>`4Ur)1{7*#FP>FvElU1D zlP|h`#UD$lCf7SHj>CGy`IaOkD$|bFtAo^<9m=I9naS=bNTbD2T^?SruM{LW`66IV zVm#*Waj2^YaC1T%x^i>s?3X7fT7MQV|j<7hC#|OS$RV~#| zX+^=L{RzC;Qhk;tup-RAkKLgG5pWDDt5wB!iV{dCr!#wvZZ=_B`_p#2fEjX`R|u&6 z>@OqW0Q`tJ`I6Zp2OGmsSPE4vZ4&7%lePJQ#*?{|?6f-$_^i8z<-g^LVHS zq)PJU0y_u@NsknwL>+Lk^lcBIf*2fx7#M|1qHe((73@4B;Hg&STowsTFe(VG0tDkJ znqaQyb?aCE@>6X^YUg{JrOEt-rzsho-i=h5*c56Kx-wA6C`2SQun|brSJ_&T2nY%d z69Qx;qN9C!4-4$cKKt(!$VF&aQ9|SIfWmW75Tk|+e8>RGv!X;m8~}uf8UZOa1wAzh z90b@%Ab)ySBqg0z0R9Lx9Ox+&n2VAOO?J8@>f!D+h`Y<6{`2b_Y7hJoSj5z%7|g#5 zG-bO$&w&vN`X8jBPX5gr{s0kJKN@(LFw@U3)PVOYc<_A!I`aMVGde^^QK+KcER0VO zkUqyKxB-Z$aF0(uQh!|%Fa(kNS>8fOWCxHLy~C3}gfbf3A?!mCNIeh;LKw-s2Btk3 z*adk14Fcox3MiJBK%#%*^A8CW$PXTZfQrVG{{D~0FASLYj~hhb0Hr%3(gIX%x({;; z(ExOKQXUQH>-l3f8DGs12@Pfc*Z$)cBie%M^0FKk`itsaUkn{Rg^)-=LI#3}j1(Fy zBI>_6&EjG*pn=~QW3Zs#i9>#$mPAH0fs;CyhSMkaNj`tp{!ep(H=y4b(||#0Oqjjz zwtu#PC<2TxvQNLXueaj)W6>ca0{*RK?ppwC2zC6h z{SOOKfRHJ!)(t~{0b~$h5k&PJ0=zv9+aI_iK{pP?fDe5jc6elavafWNpMO7zjBA@y zu-rX;si8F|x6ij#ATZCtL6PYg3I-h#tLBNi>Cclgy+XGXP%A6m2TIkD#(x;M>IlI* z&yY_nXT2&pgslFniNU2)6P=?4W4ib6%zkR}RYYpdEKv;^P$b+^;Y6V(cz603#GZr^ zWa5&SG##^5A}GaaO5onu+q^5*ruT_Yx z+UKh`JJlJB(b`lZQ}kRv^2oBxlGokm3!u;~clpEUbHCdxIf?K4`C>Zo&!F{9GSbdJ z$HbPE4OBJ&!Fyk0gAvr$Do~CFCtO?fK&OS8B{aBTnm5xMeNNHpc~fUX!Th4W-My(P z&}vO~=<|?nCzdi2{C%)@8PzPj#;1vaq_}Nk;XnuMvWZi*{ep<&w1_j@^&q0q&xcD5 zNYHrhLH?UlMf5ndh2SPD4Q%ie`QU}H)Lxg1{G=o*YTa~_v^ad1S1plMsNO4PfOglX zFAF-~?5L1^VU)$dUH6rsi;nW^{hp|MG>Q)2vvu*M(Yl%81Zw0xGSrQocBGQq-rfMv zqN;uHgq)}-Bf-}#%csnR=Hc)8ah92R@5d}UbRv7$%dmQ_oZTHK zG8}Q`8trw{!J&qAcV=)?+^_wj)O%a5F&Bm}Nmq?g@x_Sfm|xp%uMH;smG>Y7o(Ye@+pFqbSq@x2?uk)kG7PYO z7VaFGb3uC?AfISof)T>w@(KMD^Nr|J$zM_0OLkW z=6a1vz6;uUKj7W018!nw@W8T0<+(PIc%^huG3U#waYE(Bj$4!mK$xJEmZiA`JlCBF z85GHy5N!z1iGi{@RrCAY`&Y1h0u@Xk9_vP(d@5TInLHl`YBzYjq7Tr!NtD_)98B0F zbwAApn>x&QTkU<>3%>RPGMZARuJQS2v0u~*Ae^AK>7c^xu(@LC7^{>NpNI!9-m(K}{EAfk1kul0guT1me2ESQHdPm{d zJ7R($-W$-t2gVC#qB04z<1!iOGCZGH$RSsKWmH%&r|w{5mUSYq$4^r5z+l7AM`6ah zw#&~@attDDO|PX%y|*q#b#_a5E}SA>BGdwK8Qz3=25+@ttiL4Ide6%{65U8?72F%G zKxVK+A1ntuYpdP_Om!Pj7oZRY9h{DD!Z!0cqF;v$I^s-lup6J zIkGr(rfHtg=Wt%pRu_5SFiA>$#`PAb7;qyCg8^(4i>XrZ3uIUE!z_o>I{>L6u0r6L zpV4C`MA>5b03~NavySmXI}xj-6hB!OXb%}*FPKj(EEZe&ijzhsH}@(sMu5BU zA7>kP;>f)>izFqT%8=vXEBzs?S3qstI)S+@v+~9$V`ogav9>cuf7E+Bc9OQzbDE{&PQE4>+O`|j5>~Trf+v% zI7%IdCs8OmlBge2rvC7aAL}&97H(`Eg;mhUm1jg#TX7=?K^G+K^{-_VAeR(&&;~+I zdpa~)tE(FPD~5D3@ociZ+4eDDs}NM>m@RNa~z>bdkJ&{%h;w=8luA2*FtABr8wXNas;r=HvrkCn4Oc%dfTOga#0G17UPpjf^h z+4d?2lva{Js(Tg(iM9w3ehOfA-=WW-$iFGC~*)!av2zul`_1&7H zSlJVMQiYKYvO?`~$-%^FUYJU0=oC;m5=K{cz2-RPi^R)#UA(U=k$7A+d%}n|g?y6n z>C0DLsfOQ7u3JhI>(81C%?SmrP8nGLP7g%RHWq$a4=*8n973zd2}#9<2vEZY(U9jh z1yzKdKT^k79!pShirm``u$CN7Fee0y(Dk>0ft=yB(0pB>9Vgb%^Jm=-sGq8#4Os3ToqOUi~I;QS!dWBH}I= z^na%;kgNp4J)1c!RGCYASbhk5*NIxqX`a0>Mk{*kw&Z)xON&*?68ggN**aTDK_sW# zCi{`lQa4*;(5aQmd*&t(BQ@*JbuHU5`FCT~X}*IIqu0V3Hx@%{JX1SyB>a|6Adf5i zn$vDb5h~1XdROr`5q~5Q3z(ENm{J+2)&1(3D0pXYu&oqu3mxgN1YSTA(A~$p%JjA7 zP$Slj@eoJZ`gF|Jua$PE&i@qR2A^5}UFxK69bkfe6qdh8uNT1{xd-qD2~{Oc86NX; z^xD}Q*)`}{MLtL(tCA0KqLh6i4siz3M)MD5T7A%=?f0mtI0Bb#E(iw;_L#yX3s?^O}5N_3A|=+%(b)&zl9ME43`8XTYL{T87KK&`-Eif6x{Rj+}B5A zkP?$!R9_Zno!&INzTyC@Sm>)9CD9g0P}2tL>mInVlby7q{dXi-lxfxUzk|vjiUqKI zy3qa_t3b|fxvsvc3qkA-B9Kp#TPad3OayoKj?UVn^1{4{URO*EhGHHV6Ux0@vn8Bq z4sY{&zdwGKa8tp9uu58ui8e7zE8hHF&^*3dYDb^N8*D$m|MFpsbWKS>$_b;{XRtv} zj2YwMzE8P*19gtnya$$h=M+(CD<7^YHRIWNwv~{DMn*-!640-CPchAzVX0;FL{u@g z{7R%Da=J;IZF&){QW{O-bBt-_cgR0&VEoy-ZWqjY+AN_(wrX3}4=wZbShBoZRq?aa zn7QYCV$KehAt^}!NK={L8!#h(xypR1HRgG@qK9=on7mV{J!=@WqeeD=Gh1%uv#N6f zrwMGx8BD|Xo&zQ=XTP62zq$<7I(^%xFz9%IrC;U7QZ;w(wgvpS@;cW!>{n6+*YmO( zs{tKirA_W05A%BPdY-1req_#-l-bmfcc z_o8o`1RwZOAL{$eKgi&MV?LnW{&_Nwp;t=|Xx}crM{0s)^QH)cUxMq8Lw2l0NGepu zg-9R!=Tb;=Pgh#c>Y0>6A^%VoDozZuF7QFnP7MAd zWc>H)l>^!l@+O)wN^#n;Gs=yq`ro(Z;Wd@Ux_qUJH%}HnHnFLOS3jp?Q3h)cM>&)E zTk@#_`D&#KS6&VrQwB1cY>vIFmWBU;x~5*z_j7RU9$!-3d8kd~qiF}J4_0n>U zO-IK&4od{y=1TL7>tNkwj@j#5Z7}k)z>Dg|Q^^{cPulb~!DL-f+2Z`J@R5r9?Q`+m z^^*<`u~VE6H@Mw6c_X<0P#~-mBdEMCKr3{GEt>V;gq|)OVb9MWPl;&DiSWD?P3dv7 z(K`{4psgd%8!5j}vb24b+*^Y`cn`7KyB*r%K{vIs2x(^ePxZ5m1WU@_Te_7P<3P#F zVXa$qy|;6Rz45(S);~-#qruw+kZptQmoukyxlX}8Go?e%mz*#r?ZK(2bGp}=58kJISIwIk%75Sax2|1c+v}B+=yOc6PWgkCrAyIh03lu7mI3cz#BKLF&*;wODXMVjdSZ zPN>O%8IjeKo?XSZiHqm$&iZ{8+7FGR{#Y^Xj&1s})qjS;y0@ZkS8!_!OY(yAXlPpr z;8oE1qPGQ9CVETIIlnqR&dr#Lu)WNr>Tjv?CLnNTXsg=r9()B6J9m;UhL_WsJUNwW_5}`3HFa?dg$%bIfz&8gX(_M5|F& zp0GySx`89I6kzXS1rOQ!E(VviragDWlmLywf3Q^UlUh>J>S8ode4#-F?`XWTql zLcEK;1K=q}5q9Wx(W|cLvN&4s*v+3Ph1d69G6b-zq@In(&>Og7xEX(rZg*72gxngg z;@ukbr7nwNx_ETfuIxH-L1b+a5g}6epc-joOLZ6$oj}k4=M;9k77r7KDO|DVyj9=6 zI&WJE-*^?nXm7-}!_Zuq7#6wO za*mL=H7#fa+|8)5Zu9MQbZoCIMzFqPSG^Ge>K4c{bH~EHLNAQbzK$;o-vL9}D)(MD zo5^m*5E&^wI8n$vbm_sz8N2dz>$$qL7_p3(q5C(YXt*WL(uRyj?Wa4Lz)qdB?mOAD zWQ~(8UXPAGHYuN-MwuDQr;EI9Pv1=!-(n+rIT3P+tndhu&ih{ZgY3XJ8U0bU_c~+= zfyOSiW@3H}S6JVU&qRZWCB|((oteH{uU*Ca+WUKup#^_?8jzqTi%_Ct8!E*DDN;;p zSS;fOod3DQi9(Misxf0|o)Kc=P?{ycaJcqIk0)&jRSvbkL1G&rjIywNk zXMQKzGZ!_Y=Yvdxxt6RyZO0tQ^Xk>#VY}wWtdEuOuN1av@!22iS^nk1VQjziN+;Pa@m2 zTm-%FH1DX~&z1w4WA2uPL{D2$i{fE4h(vnS1rkj}3VG6SiJi@s?TQ&=UHG~RY8vRO z*1{(=WQZBr0NG%Oi5*cDotr5=RZJ;LP|i(X7iwxs%dy;Ms$;14SE$mQy1<;aySk52 z=5_FCCC>^-tENxZ%#Kl5;7MDXGBIPCELa3pGEg-!0i7yCi31qGiu7cHTn_(k$Od}8 z3nbu%W(tg>24`0#n@y3#2*V&(+ULPmG*9{0d=v?m%n6;>otGhF2&6123+-g#+i?=7 zY_gY}j`|$r)Fb`>GIF+?JW-v?$c^l9tk+ZP{>)3W_{+ z(;0U~ES|{xM)rn6TvI9>oE8UUy?8T8V}om`IjGVE7=1Y9AIspOE-F1X6|J>!b$0Vd z6cwHit(T>M|Cgac#@*oT@kl4xBD1F65bG8FuYU#idL#a6Q-?T2%d(XtNdAjFc=n&G zMPD#;&0rT!XG)efQ}ikYf)2G^>uz#(FM8-9eLL5o5w(eDJaq<~z0xU$y!H1;xzF)R zRNcU5cr1}fiw)jsNx^XDyjrn+-;hf-7h|rjyDE>JSIp4Q_cW&Y93gW*#NQ93x@^es zuXshQw-$%qEb2F+HD$D9^~DR@Eg_; zHkzW+I*vRXf8!j*Wo{ZyS=*w=sr#P$+Oq6FQbo3Gzg&QG-?(wQXP3~(vwRFrai0f4 zlstQ#bQ}ANX&Z!oSTMKneT6L#gc%!WvDM)goFIwcH`18+-R^3@Fh}a_XKo+p3=0dC zxYx5WMc_4N*t}bG1XrIsPf{;MR+8GB3YFKgizYlYw%&06gJ({v&$YoZMu)L4dl&KR zD~bqPua8L!g*wKor<1YA5aX_SYg~uuRVE^|WB=-_nQfK+Sb(&>Wwu@3seaQ0;$5Cp z*6DC~6rZMBR{D6@U&>qV2Lv%H@X~Sp*EW?i-l%P*w@j_J>$)eyJM*sh5B0)bf2t?z z3HV^prnsArDh^3i;?5b1I_X1B+$`wP2Ch@{_o?l&zP>+GEAHvO>UpXBLZwLl66CSpj|2}3 zTYnqrfg!U`N9R*_=3$yf6TmT!i&geO$-tn3K-cj$Bs?*qw4mp} zdA7^8Oykfz#$5cl6snSBb--Bw2Gkg+01*^n#OiF+m)_878%P^8^Wbg#`Zf#G<)SMj zC`$phK~u`p*9(n}FjnC&g2&o{Zp9UC(R^yP;O^8bvLsQaY?azhfb4AqD6ITv#*PB%)CkyS)#Mhxh{v!smARu~w`s zNR@{5*=r5EROPL(uA*=Eku#MK<%m$zTpY)NzCie?IdUvjp^>F))@ z;U?FPO&%YmvGhUHvvTIJ-w-`x>a+jIbF+myF+`6`2=)ry^_OReRI&W zqKOYzF=!#vE-VD9v(wVi793Zho8dCk3$fC^VY6?_@8~u9Qvy4xfTzI?!=T^o~ zMu6t7q|WoBJbF5Z?tD?C-Z&eH-DhZTDt$~oz1Cj4_MNb}#LxbwiI-(ewHHiI7>1l| zwaoq$mTmVg2I0&8f71p_|{#ol{rc3Aggu@64#@2F*U5I zsyoWzT1JAyHrVw$aJ1fP-^?!KQz2Et4k$5y(+!q(IO3vR!thfXg6!fv;Bm&4J%bWk z2aR)%#TL+{N`}^4SoBCwP~;Hh{!zmCn#tJt??KUzg}KGTm`N|8ghJ{Fp;wHW^>l=K zN;;fC_ReGk1y4|~;r_tbGN`4$#dOs~L!eq0Ao_%lNcfm_b=nrFFBJeQyq>F6cz)$q z1*lwiFV6{LVVthe~9@u^mNik5GYD}u_{Kx~-YefJw z;u7;FnM>=Nxc~$BhuK|z$#+Oi7sl%=^{crn&-RnMJh;j2!akcRju_>9=$ds)*Vd*A z)iq1;M*EqhVChU1Gx@FpQ*M8T;*aG^RFFrGVfHzA?=q#(vKuUdr`1Mj|K1rlgPp%Fbz91ph4r33tM+fMF;d%0aIl&qBj>vc%w{Byyd*+Z8X0hsUW zKa~S|`0#S*iDL{O5?0YW*Cd0rRRiR5T%2NrS(_w5CX$mC+9<36U!v^xp3(#(=FxeR zYI2y;=YUl>>;g6w?mng~UGpvIYvClTf-YXrb4vmSDQU*-<1;K%s%X^)U%ZgavL51} zVB9`!>J{O>QCw&CRkgqo1eet93@tkqhOVmZQKHaNrGO9S}To&vbyZ*48iR zNqGIq|A2|vnEoeB%mQHgKbV+}lktDg;r`#4n4N=_qeuOetpBlk$nthBAOR4dgnBFqk(hYI{<*Q&Gkp;-B{(8Tw_r`+ zB~M^#D2}Dj2w9B%qsWl;wZea!Uzh0p!24hU1iUDoZ`}Aq*HEH^LyF7EE9;M|>eBnj+E*@(b5j45;ikQX4Loq{z$eGm{9 z0r&;}lJP$AlYHHPr=fn>qi^im)%h=JhRK19K| z+ll_Y8vq!mfo&qmzi#m06cSb-0_H(~@aMpTLO2U_Jai2Z`ozF~sDt@TJ=;@h2j`Jt z#5<6_FXR!zLWKT}-9UdiH@!H7aBqFy4&p$xHU6-Lq*kHcQQ@6j!KkKvN(%~${0`XU zQwAXIk{TKcDgrHG13d?KIy`xZaC25}1p zQIJqCuY3JP_;MBn0|Bl!Ktk(Bu>uW7{VwCe3Df%3EMg#pegyh^SI`0pa`*l5{W$|i z$3O$NHSoy)wEGIX#GIn2qICGfa^Gjn%nXGX06>(0>VK4g0t31)A|xsN0^0RYn+F;C zX&rdY(=lyl1GzhsZ#y&oP#?4N2k*aM#mf%xUs({ySA_+4_!2)V^%3$xdIEj=rF-6` z`UQmkRzCcqy!!)+_b&GCxTo*AfBZuR;us<4`oNkkbQLW?%Sr#S2mAt-fj-8XFBEA0 zRvr3_rz#pWBNy+pTQEHafO)=y{q8Yhg8zkFl7bBjTKh?yCj2^QsN(G3Q=kihy;^Mp z&lwqe)n{t%BYHWz4TsfA?-N#N_WkLo6WXdd!|1?su(Tj{%o z3-uBp7FkS&8b3tpnoJnIJzjvj;kgv{h@P66JB;Zh2~oIGuIsj4zFR~e%Qnr`Ox?nk znE!ZSw{ckr54_y_tPi);Hro?wR6>9e?zL7uiJ)k^J+RJ#Pg#c%v}Ykndhkj8V${nz ze_=tzONNYuNahz7-2i8o20YYd>axcYUW4EPhwhGRBw;HsEv(OUX()=(R!^1tkt#Q8 zz!XbXR^>h{Cel<>YFu^57_)ANo>ofQX#IZq*qgblNA*uwFUK+OCoxKKQ8S>YT?K{^ za9zB~q-tTpxnURBH`*s3+{~kMgf%c2aI47$U}0+-bDzKA0gJ}CfiBcTO@kGm*rq04 zgpJM%`n~8mrse77dep6vh1s!@JSVXZXzb}BYd}MqY&Mni_j(q+zjYWre;lYJZ94SR zuSKxYD7BrQ&G!3ohuh2s8KyiYF3`cxOpTY!v^H~;K|rt7uj^hb5qBsaVsC4#(9)`m4++SVZ(Wt(qmzxN%|YvJ;D$B>d=qJMA5F+!@KnxMW)rD;~r^0`?P__ z@%p?N2?F|U-6F#ehQxox#1DE@WD){(JK7s#+9b!S7Wz8)(FNo=EoG!zDYtVW-puiX z_Wjt8<@4H!8U{6@==kx;wz)2le9t<-059sMC#yFrT{MkonR1^5V+9dp_F&QNHp!D# z2hBvM?CEDg*^{3yTYS!641_6}IOT*ck~s5e{FUtkI#ih}sM8x6@QJ` zW)lM$dul8l{sE3%G@)f2FR+ARhqqNyc?Ia#7UJIGQl>KC>fgi+M`|nnn(5Bbv3E|F zFR49$O<`mW#ZfLtY=65)+}T=d=j-689$zA&&YxNwT{pwAcf}=mlk zlSC&Rf01v!iWLKe+9D>xXatehD1!^wkTJbG%uX=sx;#ExZH7gX30ZPs;AwO>l{zx_RfMOHA88$=A?QE&xe=3SLf8SCTz#(a~D%a z7W_^rq$hnQd4n+4GqXpfy)ynJ*-o3;n7kCGRBX--NVCkiNnjZ`D-Z<%h;rsV$0N4# z@IVhm>ShqOckKH_G4|PV{ALJdrVj5U;Hd_LX#0 z+@F~1REgL0@N+0@jU5+*Z#qPr>qN}^g&hs@Z~ad?!sxn&x|Ycaar&oGd#G$A_#>U( zj-0~~C7|SYhbEF-(_c68Sv5jckQCH>l8eYkV+7ahz8~`lY&G9Zt279JW-9upooS;( zV(jZj*!SGZ1_gkIX#)obeQ`5Qu7#cJXlgQs$xZAkosM@*AW3UJTioJeem0>aEFW=mb>;%I3aaykun}DRXPz4XgoE*pMa~$ zV?1`vhfmtp#x)4yTf3r4I84aYF}Q}fQL1c61nb60{CpD~P^>vwzSYR0dbt?KIxvGQUVh$xIhyPX)DZb->(&H?mTn7Pc- zd}@dBeh=eFd($b&C9qw+cYu<>c$w$A5goF5!$t&wY^_@-2APICy;-Q9(K#8dUN!0S z{7PTNGIsspI5*6t5gdkP_e+y(6dpThJVqg%pO~qr>Xy|~)2dNIGptYa&_QRfH9TsR z+*e?J5QJ1*GqIW~Qz-U%ILW+3IiXmkPRV z^{-&^#*h48%6f1qu(~913?*5G@82#OZ6TH_JWgiUkbQC4raJpb~@$*NK>kx18sbEqkgXRmQX$B^sZ2tvn`P(@W9)dv`!Py=omwY}3aX8+= zJ-?e_vVaE@AImQHXwAd6m00}^KKT1y|J-$l(3OHe2jHvAti5MEyruY^^(zjG%43nO zdz~~)B#TD-WFVFiy$Alaq704>@u4$oqUKR`lY6?&&63?&j}r)%7-QRUS?Hx=9wpT> zh}&7XKVM-;-_ddxepaJ3L-g$jWqASK{l`r3CD4aLg<6(LXQYFGmYDvr0vZ5vuFo`)Bx!Sa=G7%i4U8`i-4&cyl$E3HKpJ>#jS#qctewrnK66Aa~9Ed z>P!$Xge}zGp?Z5h{9wtAmMGj1WdD{#n1VXn8~YJM)m~*^VWMdA z^{_1z*1y8F=On#lUmELdQbZ#~F(gf$Y#MJ?j?$M~=lO|q`cg{4_Rk80sQuH0CVR%E z8yUewA;K};O|nN(hCnh(!xD;G);^FYE1=$~U2U!D9b`F+xn zOl!r@5&t)q_D-?^J>62NIs9V*#j>84>|X^U6ie4>D@Y@K`&e6TdedNWGo0%i`dht^ zX`&Gp`p$A1#UeT_*mTeCKWvePxN(uUhDks%vwM#m1T59&Q2AZSw!59SVO^(u7erSF z_J!aX2{j1j)=3_2cFD3^#TVW@rrzf+<494gwPOeu$eh1>xM1kB!w|!F7^}1(*%8$3 zYlkR`MxH^GA*4j6h~m@-+4LQiPF=F#m*zHZF&MkfmT^hOWQw%039f5$VYnnFS3oVsi z#VnN7_`c$MQb3jV73M{OxzR}=&1bDrw~I__n{>F=MuGQKyZ|(BQ;d&T`=#!a3w5lW z9S*EE3W+t7W0@HQ2niYDnL0eT4Eg3{y=X7wA{831;ouWUzSFOO!DP-LS}Sgd(C56~ z@_bs_{{qnHYSUviu=#O6OCs342{f%x+3tPhlMqXe55WYbb7N;Fcw>}qZWCqN*7u zPZTDDWXPU_2v)c6u@xCGc3N-i;dZ~ro3$8CHSm9#oG|oVPyDE`a>#n*Stj9Urx5iV zqpy%*wyY1(+HuR03Z`Bpp`3aar;?bhDYVB1UF&v4@0>sKvhQj=V>#=(Z)BO$O8W}R!jiP#dW?bk(&1ZVC@iUkM zK2z%_zntZhQ}k#E>7F%}E7L{lI>OO9ME(bI2x}yMZ}uaTPbUAmVJ=z@RWkAzWg(N> zF)?ZtFg;$)V<43S+33ZUSLjwGhS^6EinJ*x)S0IPru8c9$@83%yy5C(SyI*H`Q#OGNOG;5<0wsWN6!{YQb`w4oe7E5EUUPAsAalqxV_JX>QE8FRX)kLZH++Iux?m=eZu|j<*-JYVN`%$*kGD;b&k$VqE8tgeNAIv zn64_bQgS)rjqeEdI#!ZD6=E8ywWsAP$nrcQio~P%D!fpmo`sL-SwcXn<@Je~A11YV#J9T-$cqGfZF!t#i$u~=u zXW-9x%eZbmeVCqFn1z!jSXgC~C7gclTOlj37G++GtAB>hcc6|q0;*i+d6!`UJi ze1_W3`&VLd0znrw$JMWbbi$6UXhVg^e5S0QbYl?4H)%NPkLS!bgSuMf&ustE|{ z{F*<(SJ~Z>wGbO<_7)mC1C2Wfx4k`%ezC3~hU93pK{t0gmoGGQO7_k*^ZV$0v`ikG zleFH>WPbqFk!bTHLx%s^p(8|*h)=I_vQ2UMyR@C_g$ct#$H>am0L0!4pqbXa`R*P67^6yufm$ze@?;LG%*3gm2ypH13 zqw8^i8?VkFLAG(Tj}if6HZR)fKAxYm0csbq6!A4X4YgFjP1%&qiqoR$^+Na%Fvk$a zX+^9LOL`rz{;jIV@3m?y?x~61Vk+hOOKO(pz0HgW4w~ z&N_2{+RB>~#@UO-e2|eDa|XB+|~L%v&cr2ln*xAsS*>wYL3~*E8@GAgOL`n zlBCL8VjbCn3S@OV zf_0`HQf5(WTy*irH)N~;5gwSj8~VE<1r)gHzBh6GF(FNv%c*=F225%JQ{Ongxj~o1 z%ObqM(qYe>UDms~=u@+h)KEr z{uj_90qGMy*}aCOi2#)`#xYuDON=xgtm1T27Ry3ETB=QBl!! z#hTu+nmr2&*E%wm+omD6v5>p;Kb8fQC&_axdFteqT~p}%`oeRO3!kpbO|B!l!FGV& zfMS+72q448EObyxf9;8t?5drg_g4io1)l9$0eS0dup|kk5NSOImlpZH2<3iJ0 z9mFbCtlqroF&s@`(&6xq|9(E*;}2lMmoW)Ag0QW(qK*y^Snp~0mhEN(MyM>^X)~Hu zOyi3Ks=}Qa8k#v<_>3vT<(ybGp6_*XV*(5IBz}eJ*@nUcrl(Z0U!5?0Qfma>jh`uw zLVrndfs8IU)>PVCVDYFs>f<{I1rMH2>S|UK$QJ~D`rH@Q$ThDgA&}$wXS*s=CQ6Cb zNy0mPeawja_98@}Ar5uS^`%kP*Yz0?boscV|9eRn`YmAo5b5Q$DekSR4u-wj`NEb*#&{=zHWa7sX-1a z9S4Guh2aR3^U6X?$C>Ji4 zIBH+e-7f38zm2~YOq}r@L zZrKfgszI6FT>A*S0Y2u1-PgDouJg9yNovE{t7Xjb#Fd=0#qoUlETTwUd{$W=t1B*j zUc|qkW@pb;g8cwlw(gC(O>j?z;$HKl$hrz=`?&N0Y!J@YWJzwTOz}*wz2iaq}Qg6 z--5fBH)yJj#>8xqFm3h77r`iT^#9_`ewi?QJ3~uIZtnkL${6q&m^c{!YxFCxWME|b zuhDzKVPYIC(dv zia?QDJgrDYU>qo(;(=E^Iedaa4BqN=Bv6ZdPXI;M`G31JMLP$*;K5HUcto z>`#Sf$wmR8|KGo9b$`Lrk}@}u0~|uWuE~yB!#oNQ$cv`@@RfNC;GtJaLHqRsJjsde zHz!fxQGkT)#{WuA{Qdh!9|7UKH-KCYgCFJ~+8+2RIAD{U7+PkcI>PbwQJ9^>sLtox z7vwGPpMP0XQ_88Hg`IA6S3`Xq16@S}EHU!do+A9-KqamxfGQ5*EFSXxr`_Q6!p^mB74BX5Smf4~>+(cljvL=7GZcHo1lh5(@6csPOQw;0R~mPD+#oRvk|+xz3tna^wAm*8{g$zQg<`2A>CLBbydK>ykF zBZ!N=)v{oBZwZ)+2Zy0aYhA;EUJ`z_&O(F&5DNCg;9qGgdO~j2hAhcq5pGu4gv-FHrvNXqo|@6d4e{5HP($KL-omj5l_ zmopPHNQVM?`<8LGLV!RZe} z#RE=h*F~>_e3DnE!T-Us1o)Kd@T3QaE<@WT}g2q&MJQ-8$K!w2-0{#?Zf{J}n!__#C_sgD96 z@O%GGEBFKcy!lTIt1PvYOx3CP-9LNZ?z6SefL;$h$=MPRBpIex4QIz)x!imD^rTgw z?rr%dJB`OMlElUI)}&BgrTtK+zH3e5c%}Zfe)N&~a_?Z06HN*f0d12m;Jls@TB#Nb zVh=V_Fkq1Rf$Y*;hwjcTJ0*qd#ZX*~EOfecR$$s(C|zE|`<+#B}X7ik2Wabr_zs9Te3 z%0W|f_KxNA)S+APe&r0`{#FK=g75xi-{-QbYMw~-o6eMSghfDa8nB&(mqt2ibr&dv z#wl_5$XM*1{1ae)5A=qnP~x_~Tmg}MLeCogtb1^r@LaK>pP=nm$_*=myL(Ol_sZXl+I z!1JvIqQE7)3f2@4P7K+48N~edjcjC(I@fgB48+3A*{KS=qn(bd8+gyS#KrUhVTpF> z@x~bbl}7Gv5@SCRPjeJ!#quPhbE%o?1QQ>&T{d=-T+fNW%xd%8!7y zDRGzSjRx^fZ};u03cMV6Ayri7q(cNVC=}1KCq@$dijrH^&#!5^2!>V}%?c?ltFG7f z1gjT#mMrbfWzbl0r`-Bp`rq%7y!L3i76IttRZ=%{r^-cgtkxErIi9f6wF_Tu2f``U zX60~~^7&Va9gYec=+jYT_}&04Ggsm5B&tRrR*hvtbi!(N>OXbQIHr;E!5p_}(~lz& z3(i0DvaKt%2`LW6W`qf$iwg>GmDo{v*0!oqb}Kc z$!Iy2M(BZMHG`smQP15oQbUqptYXQdUt4|8KF0wF7CfOM2Pdg2>?_cT^kmDn3X9I^ zUZ1n|hV3J*H{`@Bx<6Ry&@pc7>v^JyQ)T|x;HmeF)6OgndV~qxIE~gL611$_;%0tl zE5$|18D?N;ryKP*1!$aP1olzt;@_HVK-YuBE4LsgA z8s)G`@NN|}ASjt8x>^g(b&-Oa?v6UGY0!Ac>dOYanhqWL{_Xdbc+ae);vRoFt(0QnFziKV4guZjRtL>WV=5}NMJsmVQWyb)s`Y-#KDXh?~l`)R~a^On!xlj zv-YM<;X*0`gK4nam5>?Z^NXv|P&9yX#1-(|kbe7xc74-=^gB?J=r;$PzV%BIuFa*# zef7p`-u)$AEyS}G>IPDIX9@*x`k=bGjond;EJUSd@00L^QQzJdUKTSSSRiedfScMp z#nI`%DPaGqocs+ffU>+@D*o`zkZFic@OtH4#|sLxM$QRubeegvH@DhKj15s`1j~Eu z{8_y|+~XzAk3rjNeqY~u?$6ve5q>VDyG+csK|6V1Ju*d(QhfacOGQ06^H0wvx)+xX zgbz1azwCsjd2VwIz;q!%;K-)99*lsyC0i(3h!8^9PQPi_TY~mPD#wZb*@>Ws~4_sGCTp+ z2}KG}g)$pRifojqLp-m;#fi@L;D>UIoPx?(sRr}8IcLr~Up(oiS9QzrSq<`=7}+2M}-C5P8t$4=^ybAOM)!;$PKIJnMbI# zq0n($!hR>a!oXEljX;WXRR}a_(KxWAETc%kQ;GF17bZAGspc-bE0YW}C?JtP428dh zx?>R8U@2Qr0|HP_9Dwwxa<+#hsVcyFQ50udWi0$w(6ju}?sK(kSrXObD!Ex0Pm#r1 zkuAs*xS@gUz~vw{?^C{m(nts6Li&B+H_xguoTzvQF0Kai^~!!E#I(9Aw9Davj^-!O z5Z7~}7}O?Y1L*fWSU?Ekv?J&=R=LGn7dy zsbPy@!iM<*$lPwlW=m)&CHf5$=S%ZKC<|#*C)xxNA30*hy-gw+^*B`%Xl+cJNZ6k2 z`{|ifmPq_u-BF^F_ZG^@gYFX_y z_L{_@iB{dmt5 zfZFu8_U2_ThljJ?1By{9%<^|o0L!eJ2)8IjuJ8@3Srqx@I(JyCmakgXbF)FD$P!+$ z->zT=MV2-1SoZPv-Ak5T(Xui_00*@Xf7%VDu<~of-EUf=FEH`JzFD=J30h?soAROU z2G@8aJ!10U>6?U1V#P8GQJ@?Vh5^Qg?uD}fxk$8?tZ^aYxsCbxLhxuU1-sx&C`&ar zmtZ@oV-HX!ovTZ#W@pSZjJQrUm&z=u(22=|A}X%Q1LzL6NZ1EYQEpsc2+d15 z3Q6N&ncQ+=7-+?C$s#!Q{u?u?NN&mwU`;T_n-a=X;>i6}s(h zD$GFJe5;&sLnP>B5wS!NX?Xm{W>_USY zDKr{4Jq~d{_s@6r-L@g7u7ETx;V={5Mltt#hVQT-(EZQ>PVnV;AlTT%NV+ZTl8+3*u#MKbAD$tHqwFwJr z-Om~Lgn^+SJ8NRk-mGBm&90Kk(~lyncm$bEdrXE*P8zsMW}6=MR$T25Vq?o#)X|2| zM2V@=>4Vv5pG`=TzTg5hHT9DLCh8@KN6P;Gv2W10D55Khy#8+TrpYAMym(nj&~*nZ z5{sD|YCcseoxR0%SeiEIgBys@WlhkI^;;FHSDgd-&c}1}5Q}3QPK5uVtKLsD5uXsd zn5d(rfn?Bse#7DnO5AxZ5XB=B*-P!2ldZBqSuXkzzizs$GrUBrjky_tEII^xrf<#) zG@?bGt!ydFG1`laV_VT5%YM>31~x*Pg6=~&te3>GDSKe``_x5;UiCyy*z0LmI`%K2 z1gUg_bfil{^T=}19Q#1W*S+xUXbe~_R~xN}A51UA_VW_>RFCn$%+K8c(dk@zJ6AkC zMIF8v(p2}&?@~Glq~2Y#V}-r{PL)5zWYEs``Ugb$eNiR!hDH~9Jjixy5 zR7_4$YHTHW!?F1+K+0WAC@7XNi_LcxctuRkKhMsv6X8H_$CJBJP>dE68he?e4rx}% z(mL~wb-HnQ;g0tYB%VQ4dvEJ(8xCRDKGd}f`vwnZD`bRo+w~+291M4i9Rul=Vm6s) zk+KFcWR5&*QIo`X+G^YVS`t7K!!AJ;U4a7m-cJ>j>or;~Ucg+6T`C(lcEXvZR#}PJ zg!Yy=qgevaLa|wXtm!>FBlF%0TxGQDY*^abIX*I@0vQ?CzJ`#Q8J<%{9~gbBTJ>qo zMwoTQ$CBGg{;2o?u88haij{Db@|P%@EV`1Px@}< zL^3?{cO`xVCpeS4=7?HJF0vvGMG~~MHL>Hp+qZC^4O0^A&4tJf5&M+UPMXy`fWSUZ zx3?^|@*l=cZa>oM=ZdA4YnFx>{*Uujv$-&9L-s{2E; zREah2svy3!;0v;cmalP5S#c%1TGe9D|L)wVskNmkG<0`HoT<-+={OSx)rN#92VA@y z#<$=v!xjFq+w)WN;YqcV_iZaY&2IC4Hou%5%Pu?m5bvlZ`N*QLb8owe`tRhPkT}OC zYl%C1ZE&T!p;QkJ^7!9{_bN_rcKV9Q$=!QSArHWpmz^38+Ci-QXOAmQpeK((GA;y`yy~ z6gd(iSw?IVr*9T0l~e7vJ5`JaF>JA|Qj;>APT7;_m-wwc3i>qeRg4y!Xti*o1kR{R zmW2{QOn>cWX=|@CA9i$)iylyddB;?|RN2;vL+7jH@KXZ(!=0wLk?xG#$wJ?8@lEa1 zCo0Ycbc%9ef{^KJrtbA-GXlEZLr?2&f2NAxdGT^~Wpnu^&yl+XJxm%aNr662nHv^Y zPG|q^6^NRGoBXwOFnfl8;kP!9&>}>=%IuPi9Pj0)9%Jz)Y?m5wU4-L-V%jrt0i=p9 zpQ6W^only|dZvumSu38XzA3+BDU+5G!z7H~QL*jp$nis|ji8!PYXsO*b8se8@r|T7 zLGPZc>izHGk2AszSURoVR}`B@RHXrD3jAF(lH!58H(eB*-t{_h94*GWh}M^9eXsuU zq8emK=*>C!1`$E@?3fN8R$Iz;dvz6WNN$P-A%OV}C>h`88_5aHeu=$=p11_ns66NZ z*~Y5}lxo|^Up!eU_uRGoRL@4Gz3zXL=n z?X5f(sB$(u9lk2sdc{kT?ximCa6%kcc8A{$-#!YAW&++7b%tJk2jau%<|{5QHJ8|O zCyY2yGEMhiqo}-;*dAWtVWr}kwiE(35O`ErGA ztwU~%grO(EC*WMK$3Qp6U-X^N=p<#6JoIFKx*ovXrxs=RH!y`Skd%-7YN0KtP#8Yd zOJ(xRwkys-#)wVW(}X7)Jv?epM6X<0Zs3nNp_vR9ydKs9HqL3a!WaguUXQ9A)}}5M z-`RPrLNacUrjdhyGgph<3a2GiySwNGopr71v3|a0Tb9CZBl?~6KXbP)Qia66E2=`; z-t@4kStfFYOtqBZ09wb%2Br~HFfWsspe9E;1M%SLE5V})eWpE95lA!-Tnj-qJkj_S zQA--fE2h!c-5<*qs=H!^kgyT?%Nuk^Ft`zgV|=$hENwbnE@^)9PW9NQ>8z|3p?EY% z^F+fZihcm9QO1liy$uA;hRWv6(giwx9hka>1wE4Xo#~^E_c1^agJF_DiMH$YpSYL{ zbFXYMkdt|H%qMP0=hHDAJnyiC+vPqqOZBt7TyER%O)56nqHdjKVDj+ji_|2G?%cy& z==hZrP)^ICnjHX3g6WCzt&U_19z7=&oyFIL>9s=;SXQ*Uu;gNW6;gu^o*fTr{pYBw zKoTy-ixqz*Mg1QtA>VrBbaNfC7f(lC)?s zFPv|gfxmoYxd0z5Rl}gGq)s4Vc^{F}CSHu{ppx@IcN+%fJLDZ)6ZF19^`GVxT zhf+;0a9?LziB$PIH`rXLXOKkP7!P<$X;1yDwCN?M*9R8*5xGWr9dShez^==bLHOG5 ziFlgBr(u^4OitZ6@HMqH9-=(L*!mJyx9F^=GFoL;*lM0nHQNm>Vd|dfTDeJe6rmq* zk)SI9||E}@LQ=@gT$aU8S7-}iqRSW@it{l{ckqgJm;kl+O>X4~P z(~_tnDEIPN7BH+3{?AFK6|=8y%rleeLCxm#`YL~tpMC34QI6Nq!&T#!KoWE@d3i0= zS23BZ#(FTl-MQUGvfWm7uuyp3T)f~3eW0ypewAM zw1IPn&XYhm+`D#N580=?cX?(~=@8#XVwGbp-qly7p+B7ivuDQvUE^!eU0%;@kdS;I zO1ukoQII;Z4~`G1h4R@nozH@Ze2p@P%URsTP1BDi`FR3p8mGvDN*#)1gQ9hJgG_vu5ktmwSua$2 zZXbivX3?C{xe$cu=_5A;IIa^x`b)jIX`c7Bg|Rv@dB!@w5NLKJ6`FY39ExsXj(XfR zjD44`JCzzXO$NFv-W$0*#0=h5U>8k|p|7?TX4sy)Buh4@>T|=^Uk|ni3>c;;QnH#1 zUba0%l$r4-bK-)p--gX3iF8*SF}%r24$Hj(D%?Zor&CLH^iGe>Ix!V^rvvonyB*}&ZHpSE1qxd11JTW81P<1dBgb#>uT z?Z|3Qy?32x@8RnwFp-SHF)(|1J^nE^LsQsXAker78+a@nqY!)YC@QV^lM8Uen@8m^ zr6z5v%)xhCZ>l@-g4Dlw{hi&J<|zF7LnYK5gv1gl1@}P-e=)TPwb>^$k6C_Ova=Jt z;6-md>`};c-`0eIp|`q_X(qH|`M__IU=8iSMy+Y|8&O!gZUQ5^KVTtJb^LYESJUfg zVkzTu#_OG*UdbcM*7`QloP0xZr@ypKev}a|-13xu{^dsX40=WkYh72NYtF zXwjpfYVXAdxQMV{P^d>l%I@k2{S%=G-MI_E)As64C!YIQ4Oe&m8rL_8BMiZdi0xBx z2aRawD?1aC=Q}?Tvi~*Z=DZKK$5)We)CJBSCB#<=FfKJ4z#oV6w3ZuI4;R-l7X}3R zlm&(+4#?9K5s|m7)`3%Mu1CN^+Aws2IMbjGytahXN2-HD(HHXbNA%BuUCR~lBle`m zAc(0zCcyTr0IYzQQTH@70n{W3R6>_Q6o3;of{MeU#19DXeU@ibK13!61i{vXggK19 zq1e;!BH^wBgR4Wa?jy#p)CVC2nF2&@A;eNpS4mVMUnnnxv|y1Z=})R-DK^lYPtOVL z_Wy+^P$)+#{xs@bPFH z7*fHTa6QxKac_2v*X7!S-kn&x1T@D@`MK5~9pv6V8#QUoelP60#G_=8WXrF^=ecfHw z%BmMv=Co|MQL|S0OlcqXZ*I&j$i$mX>2F-XTv@Q+kYH~iohULx_S(`ZLFt|qC5FOh zyX`8fIqDN62X2g9#KGC;>P7FI7PZ)m#;%it2WKd2!JJoTdhB^gMeNn5e~jGkin$Tv zhP0%)!~eQa^}q@V&}H$(cy3p$1#Yjgts>c;dn5Ooddfy0HC~ef_x6X6|4Lk*OZQ!v z4lV-j!Z<-`iqQ@4Ov*IGvQs9z6CHiqe}{wneO8mj`f9HT_F!f$^Nf!~PeauHts~oA zY8*H8RGb~daGH($aAsf2_C~`i9~?aH8}_{j=tpMSCrPWiv!!|8uk9Ttcmk3&FVn`e zweCWX=5QI;Ulc8n!ge97D&4u)FD(fsoG=Mk8s49f$eEq z5z#A?*w{rG~>?kpA~~l zYl@|sytkL@(ZQZ=|MF)4UP$arq_~R2sFZu)$DJ6(v+#TlcXb4WXp;MaO!s&2UnhVR z$ONsQ&%=wycIGmK>TUe3C){0OUXf^o%!c|p<5Fo;24XIYbJs4U7>b)ShbNX{TSzh` zJtl_%Km>he@{GpvjQ;R7qqK$7?gC}kGJp(xXKf;V^9@{R&0p@g811|`bj86B3(wr> ztVLW1MI7KshHq69>=K2Tf0lvX%v(tqB_5x>)6)aFmEcd#hQZr zQvD4k1Njx*85x*zu$YOD0J zUl)_9{^@0ebL0Qaa&lgE?PbNK)RJOkPS9X8^mfM0h`crAu=u(3d1kcy>K^J(47BP= z>9nn~ENYX9sH%CN)G4zWNP)Kc%6eJtsX0{HLRK#2K~rAhMk{^p!G+Pk=n9)RIuH7OgcNy4NDZONv0_+`O@RcY+|5M#gOExub4k{ z$i!btrPw(mnlv?@f1Nt0a^>4T4Px*CT;f@XVzaT!fSFa&_!#(3w7h{QRm`|Km6841 zs&OeEYnsK#8QG;}vd@eq$ zeF1_Hsfe>X#t2GQUXPV^bTCCX^krJJ9GOTLmz7DuxB}J`%1H?YL$+Z_$WGS5LqS{6 zr>#{{HKuF^3#dKCLWf=6DHCCW}Q9|jX+GRK|Oj$9MKyA42v+X6FFSYunPMA-dVG| zxQ*Yap8>}>0688rI`Nkp09nO-_HK+y!;`ta^Pl<$7jpYqx8*-h= z?niYiuT`6>OF6qMLZ|64`cx9`_;i){m!x4sr3L#phGsvM|Z4y&-R7ETq zAm*b{#WHcVgyhm^Y{d%3@goVPdBP(uDbBh&J5X6z?>;v$)9lodu=$EBN#CKZCx5CZ zBGNfm)s#~Z-Q825lw=>YJHT`sO62NyIQxSc--eV%!F2GX7x}<00o0LBo#NxfF@iZ)X3MHgo^v}dQLirGZf*qwq;1+sdW^% z{O)lQ#}uHL8P9`KLN3e8RL|9>oU$n%4JvLsiOkXJLLc?1zamnV^-=Jv9FYcG5D`BG zkHjFUoSZx5G+~XE(0@Uj3do>lcv9x&%6F$^ILQjINz1sHW=%-PBU>(QBoh(w2xFQ& z;$O%!MKd>Nldiju8Ec1Y9VOGf8qNs7=Bb^5m$*gGDW~cUCDLMiPYdZw+*v`irwJ6; zydS!zI8rf?rl_`q;>_GZTc=qwjA24QA}`K zp9;-HJR}sB9f_ghF11q$0Cw*viTHsW88IutVy z3#6417bt0!lw?f^ut{){Z|uCVVkXw80q5yQqoG!77{LLKOJgPaou5c)VXAI zi{U%$&X}U3y(J!sNG{{s?Nh*b6h_F(R2_43$-|`{ z(cJx#t~L};a6b%o$r_(Z`yJI^jDvQJ%`DO)cFfHus@zLX$g$5y{d&k){yj_$WHK>t zePZp9`ic8L&C+4TAhjj;T{f#kuBi(}Xe=}5wl1^J?(vp#gE_Fz^Tt>P*DTvGYk|)NY29Cb# zOWrp7#&bEU@uqk=>fuh5J`{Ts?M@KA>%tz@bH|r9q~so-?yGT&K0F#TB%3{G=lryB z*N!@p_m0JP#TjwLCpys39h>mr$jTn~I#QZBs``Po4+qwLx6^S(cRO`gtTj4cHi5o4cU#vb8glt-dDYwuhDcI!Go*!S8eRJ>P zIP~u_Fb7S> z{4AbUZ0+o2OhfoBG}+hd>Fiw z_c1<(6I#A5ZqKgK&)osNcCGeu8`wl7o^V+iXUK#n&4;nf_h5&$)x%~-o7-)QVA}&1;iS{M;CFo#t>1*(UwXVFJt-|bnGu>u zvy=whT*albA024XhHqa+Ol^7U0zaYgpN@hBzD$SmdwH5#q5cSA>%f&`a|WTK4>yI` zvGzR1^wrW)qMQ}x2Wi{miRR^&Xed`%)#VEK! zgVpkVo*7h75i6FxA29dWF#k;aT-|`ZQI>(-agE+@r=RICGivWq2UgNew+81^DJ`g5 z&S19^8t-P>f4rHrI48x+EGsFqj;P*3=3Zo@|32Au(A!s1t5C#2TD@E(?%*Fij%2sjq589%9d?0O#TFZH*_n{lqX+&_Y~H#d7Z z8+H4JCFpz-a09jaL9TAlYOY~8#-f6=d;|(SXk*d90i8H1%o?rP(FPfyjTuCNGiE>w zUHWg2R&;&VzP|Q2pmvgr*~esB1stykF2dqEKlSU3tsdIAJgUsN=-k|5@Mjg=WUo_B zw|M1uj*UwB>-Jn6II~nQfz&R5;XcrF`Owze8fztHe+mQm9MDH9JjJ4a(Datg@*dnXG!TVVrd6MS-EPDXkL4tfT9rr(x@k&T9)m5iRA z?024wo$>!~in61Dy}gMsKAot6wUY@XoxHM$I<4scY2?a-nohDX1`^ybh`<0Mhd)G= z(~y%>FaiOF2%?gpA`(adIg&uaeV<`Kt_g<+qH-*PT!M&*0xBSvBc~8i5o16|!_j{&~5`vxYTt+V9a_i|B@o-zNvMavC6zPEepEPL!yu zD@sD>Lw-JS9oY}U>ge~x=DAhH;X>DFST7}R+iojV zVoILPF-M&3o7kacccPMeWd)`dchC^qZ}8`s1BxlE?|qEi3R zc5O&?DHlxD%s^4HHF7)~AU!?z*j`xu5>(O7IVod&9I8}0vCpP*svT$6FViKnTdnHc zE}h>p_pq0jTFaCNpYxyYwS^VN$VY#OzgWWR^`G+u4z=7bbSRr=)jzqSyU4Nrx)NL; zuKhx3(6f7kky?WpcVG2wQY&UN?^i-njBRU(Assb(yufSUW`%d*CL~livsCsN)4YJ(R(R&U2=ZiZUJHnRmy6{ za!pzuePPdxE_MYxm4D-F)D5Dl%wZbLzkK)*h-wOWmCdlx+(=H!gw(S=M(GOY zJl3njRTQdSl1$bmS%P;{3-bfRY->Maq=JFO&58b5_M`7~y6tfOfGnZA}8ohi5485uDPN9 zNfJA;Bc{DJD4pc=Yids4wKUd9@vWs6A!o<{`^?HXpp$OBQxkVmZJ!bG@lfg*>2qgq zidMX~pp<+6!pRs6zg94{i8+1R5OFJD_M>t~Ih7ARP-I;JVKoLYHCa~Lx2r2@+0Lcg z!8RP0bb9`gx!6fHyk)v~q?{mVm+DLHy?2*73DqHOT|4)`)26xbOk8-nv6C3kkn@Fr zwBDYSTVwZ9n~hN})_ia3ov+W1O%QmVt8T_F>7U2$xx6#x={YV#mb{l#28{@q8-%B|Yqfq?{z*eT@IEJM zX3|u#?Py|BtR-Gf&;F)Ofj|b{uv|et=WmT|EXj5`8&&bZ^7ehwYufPAug#}t(Z|+M z*IkCQX$6yY&SsVK>?O0Prg(lcV$ACeez@pO@|UlEQTb)W@$WqMtLD5+(HfDH46*N0 zJ0B9%|5szc{G~DcfoRUhDV|W6EtO0O1HNe3w4KPSE z;QyNlwwppLiFr@#bIb%JYMpa7x?cIfWW#}0XsFZ*n( zdgbuX@n!nM5&cVq7iqrMFMSfO$d&JJz#h%6!rk4YXz9Noii0_R^A>vs@ba3A!Bk}F zYn!Xtb?TB<+8GrkDtGSXs?27X{B&|mG%MI{&WA3=jN8%3JaX!Q0$*h9aN`+T66BDZ zh-t9W%M&Y!Y2}A1rls{iU@i?Zx0{N?+BA2Ga@|1q_c#e&zEOzegWK^85xqPVo3GK{YCDy{62K9KGf}IX#3|nXO%f*Uu4kXeqEcSy8Gg zpHdUCdXxJPB~?r&dEQj8nfveyJ+k5nS0XKv=-3+9@(q#&QuY{bLWiw3L@hoqh`h^C hEwLT^?}N!;k^-5b!fOWIAe*u0V5q|&x literal 0 HcmV?d00001 diff --git a/copy-of-sdk-docs/build/spec/fee_distribution/f1_fee_distr.tex b/copy-of-sdk-docs/build/spec/fee_distribution/f1_fee_distr.tex new file mode 100644 index 00000000..f704e52a --- /dev/null +++ b/copy-of-sdk-docs/build/spec/fee_distribution/f1_fee_distr.tex @@ -0,0 +1,245 @@ +\documentclass[]{article} +\usepackage{hyperref} + +%opening +\title{F1 Fee Distribution Draft-02} +\author{Dev Ojha} + +\begin{document} + +\maketitle + +\begin{abstract} + In a proof of stake blockchain, validators need to split the rewards gained from transaction fees each block. Furthermore, these fees must be fairly distributed to each of a validator's constituent delegators. They accrue this reward throughout the entire time they are delegated, and they have a special operation to withdraw accrued rewards. + + The F1 fee distribution scheme works for any algorithm to split funds between validators each block, with minimal iteration, and the only approximations being due to finite decimal precision. Per block there is a single iteration over the validator set, to enable reward algorithms that differ by validator. No iteration is required to delegate, or withdraw. The state usage is one state update per validator per block, and one state entry per active delegation. It can optionally handle arbitrary inflation schemes, and auto-bonding of rewards. +\end{abstract} + +\section{F1 Fee Distribution} + +\subsection{Context} +In a proof of stake blockchain, each validator has an associated stake. +Transaction fees get rewarded to validators based on the incentive scheme of the underlying proof of stake model. +The fee distribution problem occurs in proof of stake blockchains supporting delegation, as there is a need to distribute a validator's fee rewards to its delegators. +The trivial solution of just giving the rewards to each delegator every block is too expensive to perform on-chain. +So instead fee distribution algorithms have delegators perform a withdraw action, which when performed yields the same total amount of fees as if they had received them at every block. + +This details F1, an approximation-free, slash-tolerant fee distribution algorithm which allows validator commission-rates, inflation rates, and fee proportions, which can all efficiently change per validator, every block. +The algorithm requires iterating over the bonded validators every block, and withdraws require no iteration. +This is cheap, due to staking logic already requiring iteration over all validators, which causes the expensive state-reads to be cached. + +The key point of how F1 works is that it tracks how much rewards a delegator with 1 stake for a given validator would be entitled to if it had bonded at block 0 until the latest block. +When a delegator bonds at block $b$, the amount of rewards a delegator with 1 stake would have if bonded at block 0 until block $b$ is also persisted to state. +When the delegator withdraws, they receive the difference of these two values. +Since rewards are distributed according to stake-weighting, this amount of rewards can be scaled by the amount of stake a delegator had. +Section 1.2 describes this in more detail, with an argument for it being approximation free. +Section 2 details how to adapt this algorithm to handle commission rates, slashing, and inflation. + +\subsection{Base algorithm} +In this section, we show that the F1 base algorithm gives each delegator rewards identical to that which they'd receive in the naive and correct fee distribution algorithm that iterated over all delegators every block. + +Even distribution of a validators rewards amongst its validators weighted by stake means the following: +Suppose a delegator delegates $x$ stake to a validator $v$ at block $h$. +Let the amount of stake the validator has at block $i$ be $s_i$ and the amount of fees they receive at this height be $f_i$. +Then if a delegator contributing $x$ stake decides to withdraw at block $n$, the rewards they receive are +$$\sum_{i = h}^{n} \frac{x}{s_i}f_i = x \sum_{i = h}^{n} \frac{f_i}{s_i}$$ + +Note that $s_i$ does not change every block, +it only changes if the validator gets slashed, +or if any delegator alters the amount they have delegated. +We'll relegate handling of slashes to \autoref{ssec:slashing}, +and only consider the case with no slashing here. +We can change the iteration from being over every block, to instead being over the set of blocks between two changes in validator $v$'s total stake. +Let each of these set of blocks be called a period. +A new period begins every time that validator's total stake changes. +Let the total amount of stake for the validator in period $p$ be $n_p$. +Let $T_p$ be the total fees that validator $v$ accrued in period $p$. +Let $h$ be the start of period $p_{init}$, and height $n$ be the end of $p_{final}$. +It follows that +$$x \sum_{i = h}^{n} \frac{f_i}{s_i} = x \sum_{p = p_{init}}^{p_{final}} \frac{T_p}{n_p}$$ + +Let $p_0$ represent the period which begins when the validator first bonds. +The central idea to the F1 model is that at the end of the $k$th period, +the following is stored at a state location indexable by $k$: $\sum_{i=0}^{k}\frac{T_i}{n_i}$. +Let the index of the current period be $f$. +When a delegator wants to delegate or withdraw their reward, they first create a new entry in state to end the current period. +Then this entry is created using the previous entry as follows: +$$Entry_f = \sum_{i=0}^{f}\frac{T_i}{n_i} = \sum_{i=0}^{f-1}\frac{T_i}{n_i} + \frac{T_f}{n_f} = Entry_{f-1} + \frac{T_f}{n_f}$$ +Where $T_f$ is the fees the validator has accrued in period $f$, and $n_f$ is the validators total amount of stake in period $f$. + +The withdrawer's delegation object has the index $k$ for the period which they ended by bonding. (They start receiving rewards for period $k + 1$) +The reward they should receive when withdrawing is: + +$$x \sum_{i = k + 1}^{f} \frac{T_i}{n_i} = x\left(\left(\sum_{i=0}^{f}\frac{T_i}{n_i}\right) - \left(\sum_{i=0}^{k}\frac{T_i}{n_i}\right)\right) = x\left(Entry_f - Entry_k\right)$$ + +It is clear from the equations that this payout mechanism maintains correctness, and requires no iterations. It just needed the two state reads for these entries. + +$T_f$ is a separate variable in state for the amount of fees this validator has accrued since the last update to its power. +This variable is incremented at every block by however much fees this validator received that block. +On the update to the validators power, this variable is used to create the entry in state at $f$, and is then reset to 0. + +This fee distribution proposal is agnostic to how all of the blocks fees are divided up between validators. +This creates many nice properties, for example it is possible to only rewarding validators who signed that block. + +\section{Additional add-ons} +\subsection{Commission Rates} +Commission rates are the idea that a validator can take a fixed $x\%$ cut of all of their received fees, before redistributing evenly to the constituent delegators. +This can easily be done as follows: + +In block $h$ a validator receives $f_h$ fees. +Instead of incrementing that validators ``total accrued fees this period variable" by $f_h$, it is instead incremented by $(1 - commission\_rate) * f_p$. +Then $commission\_rate * f_p$ is deposited directly to the validator's account. +This allows for efficient updates to a validator's commission rate every block if desired. +More generally, each validator could have a function which takes their fees as input, and outputs a set of outputs to pay these fees too. (i.e. x\% going to themselves, y\% to delegators, z\% burnt) + +\subsection{Slashing} +\label{ssec:slashing} +Slashing is distinct from withdrawals, since it lowers the stake of all of the delegator's by a fixed percentage. +Since no one is charged gas for slashes, a slash cannot iterate over all delegators. +Thus we can no longer just multiply by $x$ over the difference in stake. +This section describes a simple solution that should suffice for most chains needs. An asymptotically optimal solution is provided in section 2.4. +TODO: Consider removing this section in favor of just using the current section 2.4? + +The solution here is to instead store each period created by a slash in the validators state. +Then when withdrawing, you must iterate over all slashes between when you started and ended. +Suppose you delegated at period $0$, a y\% slash occurred at period $2$, and your withdrawal creates period $4$. +Then you receive funds from periods $0$ to $2$ as normal. +The equations for funds you receive for periods $2$ to $4$ now use $(1 - y)x$ for your stake instead of just $x$ stake. +When there are multiple slashes, you just account for the accumulated slash factor. + +In practice this will not really be an efficiency hit, as the number of slashes is expected to be 0 or 1 for most validators. +Validators that get slashed more will naturally lose their delegators. +A malicious validator that gets itself slashed many times would increase the gas to withdraw linearly, but the economic loss of funds due to the slashes is expected to far out-weigh the extra overhead the honest withdrawer must pay for due to the gas. +(TODO: frame that above sentence in terms of griefing factors, as that's more correct) + +\subsection{Inflation} +Inflation is the idea that we want every staked coin to create more staking tokens as time progresses. +The purpose being to drive down the relative worth of unstaked tokens. +Each block, every staked token should produce $x$ staking tokens as inflation, where $x$ is calculated from a function $inflation$ which takes state and the block information as input. +Let $x_i$ represent the evaluation of $inflation$ in the $i$th block. +The goal of this section is to auto-bond inflation in the fee distribution model without iteration. +This is done by preserving the invariant that every state entry contains the rewards one would have if they had bonded one stake at genesis until that corresponding block. + +In state a variable should be kept for the number of tokens one would have now due to inflation, +given that they bonded one token at genesis. +This is $\prod_{0}^{now} (1 + x_i)$. +Each period now stores this total inflation product along with what it already stores per-period. + +Let $R_i$ be the fee rewards in block $i$, and $n_i$ be the total amount bonded to that validator in that block. +The correct amount of rewards which 1 token at genesis should have now is: +$$Reward(now) = \sum_{i = 0}^{now}\left(\prod_{j = 0}^{i} 1 + x_j \right) * \frac{R_i}{n_i}$$ +The term in the sum is the amount of stake one stake becomes due to inflation, multiplied by the amount of fees per stake. + +Now we cast this into the period frame of view. +Recall that we build the rewards by creating a state entry for the rewards of the previous period, and keeping track of the rewards within this period. +Thus we first define the correct amount of rewards for each successive period, proving correctness of this via induction. +We then show that the state entry that gets efficiently built up block by block is equal to this value for the latest period. + +Let $start, end$ denote the start/end of a period. + +Suppose that $\forall f > 0$, $Reward(end(f))$ is correctly constructed as +$$Reward(end(f)) = Reward(end(f-1)) + \sum_{i = start(f)}^{end(f)}\left(\prod_{j = 0}^{i} 1 + x_j \right) \frac{R_i}{n_i}$$ +and that for $f = 0$, $Reward(end(0)) = 0$. +(With period 1 being defined as the period that has the first bond into it) +It must be shown that assuming the supposition $\forall f \leq f_0$, $$Reward(end(f_0 + 1)) = Reward(end(f_0)) + \sum_{i = start(f_0 + 1)}^{end(f_0 + 1)}\left(\prod_{j = 0}^{i} 1 + x_j \right) \frac{R_i}{n_i}$$ +Using the definition of $Reward$, it follows that: +$$\sum_{i = 0}^{end(f_0 + 1)}\left(\prod_{j = 0}^{i} 1 + x_j \right) * \frac{R_i}{n_i} = \sum_{i = 0}^{end(f_0)}\left(\prod_{j = 0}^{i} 1 + x_j \right) * \frac{R_i}{n_i} + \sum_{i = start(f_0 + 1)}^{end(f_0 + 1)}\left(\prod_{j = 0}^{i} 1 + x_j \right) \frac{R_i}{n_i}$$ + +Since the first summation on the right hand side is $Reward(end(f_0))$, the supposition is proven true. +Consequently, the reward for just period $f$ adjusted for the amount of inflation 1 token at genesis would produce, is: +$$\sum_{i = start(f)}^{end(f)}\left(\prod_{j = 0}^{i} 1 + x_j \right) \frac{R_i}{n_i}$$ + +TODO: make this proof + pre-amble less verbose, and just wrap up into a lemma. +Maybe just leave this proof or the last part to the reader, since it easily follows from summation bounds. + +Now note that +$$\sum_{i = start(f)}^{end(f)}\left(\prod_{j = 0}^{i} 1 + x_j \right) \frac{R_i}{n_i} = \left(\prod_{j = 0}^{end(f - 1)} 1 + x_j \right)\sum_{i = start(f)}^{end(f)}\left(\prod_{j = start(f)}^{i} 1 + x_j \right) \frac{R_i}{n_i}$$ +By definition of period, and inflation being applied every block, \\ +$n_i = n_{start(f)}\left(\prod_{j = start(f)}^{i} 1 + x_j \right)$. This cancels out the product in the summation, therefore +$$\sum_{i = start(f)}^{end(f)}\left(\prod_{j = 0}^{i} 1 + x_j \right) \frac{R_i}{n_i} = \left(\prod_{j = 0}^{end(f - 1)} 1 + x_j \right)\frac{\sum_{i = start(f)}^{end(f)}R_i}{n_{start(f)}}$$ + +Thus every block, each validator just has to add the total amount of fees (The $R_i$ term) that goes to delegates to some per-period term. +When creating a new period, $n_{start(f)}$ can be cached in state, and the product is already stored in the previous periods state entry. +You then get the next period's $n_{start(f)}$ from the consensus' power entry for this validator. +This is thus extremely efficient per block. + +When withdrawing, you take the difference as before, +which yields the amount of rewards you would have obtained with $(\prod_0^{begin\ bonding\ period}1 + x)$ stake from the block you began bonding at until now. +$(\prod_0^{begin\ bonding\ period}1 + x)$ is known, since its included in the state entry for when you bonded. +You then divide the entitled fees by $(\prod_0^{begin\ bonding\ period}1 + x)$ to normalize it to being the amount of rewards you're entitled to from 1 stake at that block to now. +Then as before, you multiply by the amount of stake you had initially bonded. +\\TODO: (Does the difference equating to that make sense, or should it be shown explicitly) +\\TODO: Does this need to explain how the originally bonded tokens are refunded, or is that clear? + +The inflation function could vary per block, +and per validator if ever a need rose. +If the inflation rate is the same for everyone then there can be a single global store for the entries corresponding to the product of inflations. +Inflation creation can trivially be epoched as long as inflation isn't required within the epoch, through changes to the $inflation$ function. + +\subsection{Withdrawing with no iteration over slashes} +Notice that a slash is the same as a negative inflation rate for a validator in one block. +For example a $20\%$ slash is equivalent to a $-20\%$ inflation for a validator in a block. +Given correctness of auto-bonding inflation with different inflation rates per-validator, +it follows that handling slashes can be correctly done by simply subtracting the validators inflation factor in that block to be the negative of the slash factor. +This significantly simplifies the withdrawal procedure. + +\subsection{Auto bonding fees} +TODO: Fill this out. +Core idea: you use the same mechanism as previously, but you just don't take that optimization with $n_{i}$ and the $n_{start}$ relation. +Fairly simple to do. + +\subsection{Delegation updates} +Updating your delegation amount is equivalent to withdrawing earned rewards and a fully independent new delegation occurring in the same block. +The same applies for redelegation. +From the view of fee distribution, partial redelegation is the same as a delegation update + a new delegation. + +\subsection{Jailing / being kicked out of the validator set} +This basically requires no change. +In each block you only iterate over the currently bonded validators. +So you simply don't update the "total accrued fees this period" variable for jailed / non-bonded validators. +Withdrawing requires \textit{no} special casing here! + +\section{State Requirements} +State entries can be pruned quite effectively. +Suppose for the sake of exposition that there is at most one delegation / withdrawal to a particular validator in any given block. +Then each delegation is responsible for one addition to state. +Only the next period, and this delegator's withdrawal could depend on this entry. Thus once this delegator withdraws, this state entry can be pruned. +For the entry created by the delegator's withdrawal, that is only required by the creation of the next period. +Thus once the next period is created, that withdrawal's period can be deleted. + +This can be easily adapted to the case where there are multiple delegations / withdrawals per block, by maintaining a reference count in each period starting state entry. + +The slash entries for a validator can only be pruned when all of that validator's delegators have their bonding period starting after the slash. +This seems ineffective to keep track of, thus it is not worth it. +Each slash should instead remain in state until the validator unbonds and all delegators have their fees withdrawn. + +\section{Implementers Considerations} +TODO: Convert this section into a proper conclusion + +This is an extremely simple scheme with many nice benefits. +\begin{itemize} + \item The overhead per block is a simple iteration over the bonded validator set, which occurs anyway. (Thus it can be implemented ``for-free" with an optimized code-base) + \item Withdrawing earned fees only requires iterating over slashes since when you bonded. (Which is a negligible iteration) + \item There are no approximations in any of the calculations. (modulo minor errata resulting from fixed precision decimals used in divisions) + \item Supports arbitrary inflation models. (Thus could even vary upon block signers) + \item Supports arbitrary fee distribution amongst the validator set. (Thus can account for things like only online validators get fees, which has important incentivization impacts) + \item The above two can change on a live chain with no issues. + \item Validator commission rates can be changed every block + \item The simplicity of this scheme lends itself well to implementation +\end{itemize} + +Thus this scheme has efficiency improvements, simplicity improvements, and expressiveness improvements over the currently proposed schemes. With a correct fee distribution amongst the validator set, this solves the existing problem where one could withhold their signature for risk-free gain. + +\section{TO DOs} + +\begin{itemize} + \item A global fee pool can be described. + \item Mention storage optimization for how to prune slashing entries in the uniform inflation and iteration over slashing case + \item Add equation numbers + \item perhaps re-organize so that the no iteration + \item Section on decimal precision considerations (would unums help?), and mitigating errors in calculation with floats and decimals. -- This probably belongs in a corollary markdown file in the implementation + \item Consider indicating that the withdraw action need not be a tx type and could instead happen 'transparently' when more coins are needed, if a chain desired this for UX / p2p efficiency. +\end{itemize} + + +\end{document} diff --git a/copy-of-sdk-docs/build/spec/store/README.md b/copy-of-sdk-docs/build/spec/store/README.md new file mode 100644 index 00000000..3bf8b0e3 --- /dev/null +++ b/copy-of-sdk-docs/build/spec/store/README.md @@ -0,0 +1,235 @@ +# Store + +The store package defines the interfaces, types and abstractions for Cosmos SDK +modules to read and write to Merkleized state within a Cosmos SDK application. +The store package provides many primitives for developers to use in order to +work with both state storage and state commitment. Below we describe the various +abstractions. + +## Types + +### `Store` + +The bulk of the store interfaces are defined [here](https://github.com/cosmos/cosmos-sdk/blob/main/store/types/store.go), +where the base primitive interface, for which other interfaces build off of, is +the `Store` type. The `Store` interface defines the ability to tell the type of +the implementing store and the ability to cache wrap via the `CacheWrapper` interface. + +### `CacheWrapper` & `CacheWrap` + +One of the most important features a store has the ability to perform is the +ability to cache wrap. Cache wrapping is essentially the underlying store wrapping +itself within another store type that performs caching for both reads and writes +with the ability to flush writes via `Write()`. + +### `KVStore` & `CacheKVStore` + +One of the most important interfaces that both developers and modules interface +with, which also provides the basis of most state storage and commitment operations, +is the `KVStore`. The `KVStore` interface provides basic CRUD abilities and +prefix-based iteration, including reverse iteration. + +Typically, each module has it's own dedicated `KVStore` instance, which it can +get access to via the `sdk.Context` and the use of a pointer-based named key -- +`KVStoreKey`. The `KVStoreKey` provides pseudo-OCAP. How a exactly a `KVStoreKey` +maps to a `KVStore` will be illustrated below through the `CommitMultiStore`. + +Note, a `KVStore` cannot directly commit state. Instead, a `KVStore` can be wrapped +by a `CacheKVStore` which extends a `KVStore` and provides the ability for the +caller to execute `Write()` which commits state to the underlying state storage. +Note, this doesn't actually flush writes to disk as writes are held in memory +until `Commit()` is called on the `CommitMultiStore`. + +### `CommitMultiStore` + +The `CommitMultiStore` interface exposes the top-level interface that is used +to manage state commitment and storage by an SDK application and abstracts the +concept of multiple `KVStore`s which are used by multiple modules. Specifically, +it supports the following high-level primitives: + +* Allows for a caller to retrieve a `KVStore` by providing a `KVStoreKey`. +* Exposes pruning mechanisms to remove state pinned against a specific height/version + in the past. +* Allows for loading state storage at a particular height/version in the past to + provide current head and historical queries. +* Provides the ability to rollback state to a previous height/version. +* Provides the ability to load state storage at a particular height/version + while also performing store upgrades, which are used during live hard-fork + application state migrations. +* Provides the ability to commit all current accumulated state to disk and performs + Merkle commitment. + +## Implementation Details + +While there are many interfaces that the `store` package provides, there is +typically a core implementation for each main interface that modules and +developers interact with that are defined in the Cosmos SDK. + +### `iavl.Store` + +The `iavl.Store` provides the core implementation for state storage and commitment +by implementing the following interfaces: + +* `KVStore` +* `CommitStore` +* `CommitKVStore` +* `Queryable` +* `StoreWithInitialVersion` + +It allows for all CRUD operations to be performed along with allowing current +and historical state queries, prefix iteration, and state commitment along with +Merkle proof operations. The `iavl.Store` also provides the ability to remove +historical state from the state commitment layer. + +An overview of the IAVL implementation can be found [here](https://github.com/cosmos/iavl/blob/master/docs/overview.md). +It is important to note that the IAVL store provides both state commitment and +logical storage operations, which comes with drawbacks as there are various +performance impacts, some of which are very drastic, when it comes to the +operations mentioned above. + +When dealing with state management in modules and clients, the Cosmos SDK provides +various layers of abstractions or "store wrapping", where the `iavl.Store` is the +bottom most layer. When requesting a store to perform reads or writes in a module, +the typical abstraction layer in order is defined as follows: + +```text +iavl.Store <- cachekv.Store <- gaskv.Store <- cachemulti.Store <- rootmulti.Store +``` + +### Concurrent use of IAVL store + +The tree under `iavl.Store` is not safe for concurrent use. It is the +responsibility of the caller to ensure that concurrent access to the store is +not performed. + +The main issue with concurrent use is when data is written at the same time as +it's being iterated over. Doing so will cause an irrecoverable fatal error because +of concurrent reads and writes to an internal map. + +Although it's not recommended, you can iterate through values while writing to +it by disabling "FastNode" **without guarantees that the values being written will +be returned during the iteration** (if you need this, you might want to reconsider +the design of your application). This is done by setting `iavl-disable-fastnode` +to `true` in the config TOML file. + +### `cachekv.Store` + +The `cachekv.Store` store wraps an underlying `KVStore`, typically a `iavl.Store` +and contains an in-memory cache for storing pending writes to underlying `KVStore`. +`Set` and `Delete` calls are executed on the in-memory cache, whereas `Has` calls +are proxied to the underlying `KVStore`. + +One of the most important calls to a `cachekv.Store` is `Write()`, which ensures +that key-value pairs are written to the underlying `KVStore` in a deterministic +and ordered manner by sorting the keys first. The store keeps track of "dirty" +keys and uses these to determine what keys to sort. In addition, it also keeps +track of deleted keys and ensures these are also removed from the underlying +`KVStore`. + +The `cachekv.Store` also provides the ability to perform iteration and reverse +iteration. Iteration is performed through the `cacheMergeIterator` type and uses +both the dirty cache and underlying `KVStore` to iterate over key-value pairs. + +Note, all calls to CRUD and iteration operations on a `cachekv.Store` are thread-safe. + +### `gaskv.Store` + +The `gaskv.Store` store provides a simple implementation of a `KVStore`. +Specifically, it just wraps an existing `KVStore`, such as a cache-wrapped +`iavl.Store`, and incurs configurable gas costs for CRUD operations via +`ConsumeGas()` calls defined on the `GasMeter` which exists in a `sdk.Context` +and then proxies the underlying CRUD call to the underlying store. Note, the +`GasMeter` is reset on each block. + +### `cachemulti.Store` & `rootmulti.Store` + +The `rootmulti.Store` acts as an abstraction around a series of stores. Namely, +it implements the `CommitMultiStore` an `Queryable` interfaces. Through the +`rootmulti.Store`, an SDK module can request access to a `KVStore` to perform +state CRUD operations and queries by holding access to a unique `KVStoreKey`. + +The `rootmulti.Store` ensures these queries and state operations are performed +through cached-wrapped instances of `cachekv.Store` which is described above. The +`rootmulti.Store` implementation is also responsible for committing all accumulated +state from each `KVStore` to disk and returning an application state Merkle root. + +Queries can be performed to return state data along with associated state +commitment proofs for both previous heights/versions and the current state root. +Queries are routed based on store name, i.e. a module, along with other parameters +which are defined in `abci.QueryRequest`. + +The `rootmulti.Store` also provides primitives for pruning data at a given +height/version from state storage. When a height is committed, the `rootmulti.Store` +will determine if other previous heights should be considered for removal based +on the operator's pruning settings defined by `PruningOptions`, which defines +how many recent versions to keep on disk and the interval at which to remove +"staged" pruned heights from disk. During each interval, the staged heights are +removed from each `KVStore`. Note, it is up to the underlying `KVStore` +implementation to determine how pruning is actually performed. The `PruningOptions` +are defined as follows: + +```go +type PruningOptions struct { + // KeepRecent defines how many recent heights to keep on disk. + KeepRecent uint64 + + // Interval defines when the pruned heights are removed from disk. + Interval uint64 + + // Strategy defines the kind of pruning strategy. See below for more information on each. + Strategy PruningStrategy +} +``` + +The Cosmos SDK defines a preset number of pruning "strategies": `default`, `everything` +`nothing`, and `custom`. + +It is important to note that the `rootmulti.Store` considers each `KVStore` as a +separate logical store. In other words, they do not share a Merkle tree or +comparable data structure. This means that when state is committed via +`rootmulti.Store`, each store is committed in sequence and thus is not atomic. + +In terms of store construction and wiring, each Cosmos SDK application contains +a `BaseApp` instance which internally has a reference to a `CommitMultiStore` +that is implemented by a `rootmulti.Store`. The application then registers one or +more `KVStoreKey` that pertain to a unique module and thus a `KVStore`. Through +the use of an `sdk.Context` and a `KVStoreKey`, each module can get direct access +to it's respective `KVStore` instance. + +Example: + +```go +func NewApp(...) Application { + // ... + + bApp := baseapp.NewBaseApp(appName, logger, db, txConfig.TxDecoder(), baseAppOptions...) + bApp.SetCommitMultiStoreTracer(traceStore) + bApp.SetVersion(version.Version) + bApp.SetInterfaceRegistry(interfaceRegistry) + + // ... + + keys := sdk.NewKVStoreKeys(...) + transientKeys := sdk.NewTransientStoreKeys(...) + memKeys := sdk.NewMemoryStoreKeys(...) + + // ... + + // initialize stores + app.MountKVStores(keys) + app.MountTransientStores(transientKeys) + app.MountMemoryStores(memKeys) + + // ... +} +``` + +The `rootmulti.Store` itself can be cache-wrapped which returns an instance of a +`cachemulti.Store`. For each block, `BaseApp` ensures that the proper abstractions +are created on the `CommitMultiStore`, i.e. ensuring that the `rootmulti.Store` +is cached-wrapped and uses the resulting `cachemulti.Store` to be set on the +`sdk.Context` which is then used for block and transaction execution. As a result, +all state mutations due to block and transaction execution are actually held +ephemerally until `Commit()` is called by the ABCI client. This concept is further +expanded upon when the AnteHandler is executed per transaction to ensure state +is not committed for transactions that failed CheckTx. diff --git a/copy-of-sdk-docs/build/spec/store/interblock-cache.md b/copy-of-sdk-docs/build/spec/store/interblock-cache.md new file mode 100644 index 00000000..cfa2edb5 --- /dev/null +++ b/copy-of-sdk-docs/build/spec/store/interblock-cache.md @@ -0,0 +1,289 @@ +# Inter-block Cache + +* [Inter-block Cache](#inter-block-cache) + * [Synopsis](#synopsis) + * [Overview and basic concepts](#overview-and-basic-concepts) + * [Motivation](#motivation) + * [Definitions](#definitions) + * [System model and properties](#system-model-and-properties) + * [Assumptions](#assumptions) + * [Properties](#properties) + * [Thread safety](#thread-safety) + * [Crash recovery](#crash-recovery) + * [Iteration](#iteration) + * [Technical specification](#technical-specification) + * [General design](#general-design) + * [API](#api) + * [CommitKVCacheManager](#commitkvcachemanager) + * [CommitKVStoreCache](#commitkvstorecache) + * [Implementation details](#implementation-details) + * [History](#history) + * [Copyright](#copyright) + +## Synopsis + +The inter-block cache is an in-memory cache storing (in-most-cases) immutable state that modules need to read in between blocks. When enabled, all sub-stores of a multi store, e.g., `rootmulti`, are wrapped. + +## Overview and basic concepts + +### Motivation + +The goal of the inter-block cache is to allow SDK modules to have fast access to data that it is typically queried during the execution of every block. This is data that do not change often, e.g. module parameters. The inter-block cache wraps each `CommitKVStore` of a multi store such as `rootmulti` with a fixed size, write-through cache. Caches are not cleared after a block is committed, as opposed to other caching layers such as `cachekv`. + +### Definitions + +* `Store key` uniquely identifies a store. +* `KVCache` is a `CommitKVStore` wrapped with a cache. +* `Cache manager` is a key component of the inter-block cache responsible for maintaining a map from `store keys` to `KVCaches`. + +## System model and properties + +### Assumptions + +This specification assumes that there exists a cache implementation accessible to the inter-block cache feature. + +> The implementation uses adaptive replacement cache (ARC), an enhancement over the standard last-recently-used (LRU) cache in that tracks both frequency and recency of use. + +The inter-block cache requires that the cache implementation to provide methods to create a cache, add a key/value pair, remove a key/value pair and retrieve the value associated to a key. In this specification, we assume that a `Cache` feature offers this functionality through the following methods: + +* `NewCache(size int)` creates a new cache with `size` capacity and returns it. +* `Get(key string)` attempts to retrieve a key/value pair from `Cache.` It returns `(value []byte, success bool)`. If `Cache` contains the key, it `value` contains the associated value and `success=true`. Otherwise, `success=false` and `value` should be ignored. +* `Add(key string, value []byte)` inserts a key/value pair into the `Cache`. +* `Remove(key string)` removes the key/value pair identified by `key` from `Cache`. + +The specification also assumes that `CommitKVStore` offers the following API: + +* `Get(key string)` attempts to retrieve a key/value pair from `CommitKVStore`. +* `Set(key, string, value []byte)` inserts a key/value pair into the `CommitKVStore`. +* `Delete(key string)` removes the key/value pair identified by `key` from `CommitKVStore`. + +> Ideally, both `Cache` and `CommitKVStore` should be specified in a different document and referenced here. + +### Properties + +#### Thread safety + +Accessing the `cache manager` or a `KVCache` is not thread-safe: no method is guarded with a lock. +Note that this is true even if the cache implementation is thread-safe. + +> For instance, assume that two `Set` operations are executed concurrently on the same key, each writing a different value. After both are executed, the cache and the underlying store may be inconsistent, each storing a different value under the same key. + +#### Crash recovery + +The inter-block cache transparently delegates `Commit()` to its aggregate `CommitKVStore`. If the +aggregate `CommitKVStore` supports atomic writes and use them to guarantee that the store is always in a consistent state in disk, the inter-block cache can be transparently moved to a consistent state when a failure occurs. + +> Note that this is the case for `IAVLStore`, the preferred `CommitKVStore`. On commit, it calls `SaveVersion()` on the underlying `MutableTree`. `SaveVersion` writes to disk are atomic via batching. This means that only consistent versions of the store (the tree) are written to the disk. Thus, in case of a failure during a `SaveVersion` call, on recovery from disk, the version of the store will be consistent. + +#### Iteration + +Iteration over each wrapped store is supported via the embedded `CommitKVStore` interface. + +## Technical specification + +### General design + +The inter-block cache feature is composed by two components: `CommitKVCacheManager` and `CommitKVCache`. + +`CommitKVCacheManager` implements the cache manager. It maintains a mapping from a store key to a `KVStore`. + +```go +type CommitKVStoreCacheManager interface{ + cacheSize uint + caches map[string]CommitKVStore +} +``` + +`CommitKVStoreCache` implements a `KVStore`: a write-through cache that wraps a `CommitKVStore`. This means that deletes and writes always happen to both the cache and the underlying `CommitKVStore`. Reads on the other hand first hit the internal cache. During a cache miss, the read is delegated to the underlying `CommitKVStore` and cached. + +```go +type CommitKVStoreCache interface{ + store CommitKVStore + cache Cache +} +``` + +To enable inter-block cache on `rootmulti`, one needs to instantiate a `CommitKVCacheManager` and set it by calling `SetInterBlockCache()` before calling one of `LoadLatestVersion()`, `LoadLatestVersionAndUpgrade(...)`, `LoadVersionAndUpgrade(...)` and `LoadVersion(version)`. + +### API + +#### CommitKVCacheManager + +The method `NewCommitKVStoreCacheManager` creates a new cache manager and returns it. + +| Name | Type | Description | +| ------------- | ---------|------- | +| size | integer | Determines the capacity of each of the KVCache maintained by the manager | + +```go +func NewCommitKVStoreCacheManager(size uint) CommitKVStoreCacheManager { + manager = CommitKVStoreCacheManager{size, make(map[string]CommitKVStore)} + return manager +} +``` + +`GetStoreCache` returns a cache from the CommitStoreCacheManager for a given store key. If no cache exists for the store key, then one is created and set. + +| Name | Type | Description | +| ------------- | ---------|------- | +| manager | `CommitKVStoreCacheManager` | The cache manager | +| storeKey | string | The store key of the store being retrieved | +| store | `CommitKVStore` | The store that it is cached in case the manager does not have any in its map of caches | + +```go +func GetStoreCache( + manager CommitKVStoreCacheManager, + storeKey string, + store CommitKVStore) CommitKVStore { + + if manager.caches.has(storeKey) { + return manager.caches.get(storeKey) + } else { + cache = CommitKVStoreCacheManager{store, manager.cacheSize} + manager.set(storeKey, cache) + return cache + } +} +``` + +`Unwrap` returns the underlying CommitKVStore for a given store key. + +| Name | Type | Description | +| ------------- | ---------|------- | +| manager | `CommitKVStoreCacheManager` | The cache manager | +| storeKey | string | The store key of the store being unwrapped | + +```go +func Unwrap( + manager CommitKVStoreCacheManager, + storeKey string) CommitKVStore { + + if manager.caches.has(storeKey) { + cache = manager.caches.get(storeKey) + return cache.store + } else { + return nil + } +} +``` + +`Reset` resets the manager's map of caches. + +| Name | Type | Description | +| ------------- | ---------|------- | +| manager | `CommitKVStoreCacheManager` | The cache manager | + +```go +function Reset(manager CommitKVStoreCacheManager) { + + for (let storeKey of manager.caches.keys()) { + manager.caches.delete(storeKey) + } +} +``` + +#### CommitKVStoreCache + +`NewCommitKVStoreCache` creates a new `CommitKVStoreCache` and returns it. + +| Name | Type | Description | +| ------------- | ---------|------- | +| store | CommitKVStore | The store to be cached | +| size | string | Determines the capacity of the cache being created | + +```go +func NewCommitKVStoreCache( + store CommitKVStore, + size uint) CommitKVStoreCache { + KVCache = CommitKVStoreCache{store, NewCache(size)} + return KVCache +} +``` + +`Get` retrieves a value by key. It first looks in the cache. If the key is not in the cache, the query is delegated to the underlying `CommitKVStore`. In the latter case, the key/value pair is cached. The method returns the value. + +| Name | Type | Description | +| ------------- | ---------|------- | +| KVCache | `CommitKVStoreCache` | The `CommitKVStoreCache` from which the key/value pair is retrieved | +| key | string | Key of the key/value pair being retrieved | + +```go +func Get( + KVCache CommitKVStoreCache, + key string) []byte { + valueCache, success := KVCache.cache.Get(key) + if success { + // cache hit + return valueCache + } else { + // cache miss + valueStore = KVCache.store.Get(key) + KVCache.cache.Add(key, valueStore) + return valueStore + } +} +``` + +`Set` inserts a key/value pair into both the write-through cache and the underlying `CommitKVStore`. + +| Name | Type | Description | +| ------------- | ---------|------- | +| KVCache | `CommitKVStoreCache` | The `CommitKVStoreCache` to which the key/value pair is inserted | +| key | string | Key of the key/value pair being inserted | +| value | []byte | Value of the key/value pair being inserted | + +```go +func Set( + KVCache CommitKVStoreCache, + key string, + value []byte) { + + KVCache.cache.Add(key, value) + KVCache.store.Set(key, value) +} +``` + +`Delete` removes a key/value pair from both the write-through cache and the underlying `CommitKVStore`. + +| Name | Type | Description | +| ------------- | ---------|------- | +| KVCache | `CommitKVStoreCache` | The `CommitKVStoreCache` from which the key/value pair is deleted | +| key | string | Key of the key/value pair being deleted | + +```go +func Delete( + KVCache CommitKVStoreCache, + key string) { + + KVCache.cache.Remove(key) + KVCache.store.Delete(key) +} +``` + +`CacheWrap` wraps a `CommitKVStoreCache` with another caching layer (`CacheKV`). + +> It is unclear whether there is a use case for `CacheWrap`. + +| Name | Type | Description | +| ------------- | ---------|------- | +| KVCache | `CommitKVStoreCache` | The `CommitKVStoreCache` being wrapped | + +```go +func CacheWrap( + KVCache CommitKVStoreCache) { + + return CacheKV.NewStore(KVCache) +} +``` + +### Implementation details + +The inter-block cache implementation uses a fixed-sized adaptive replacement cache (ARC) as cache. [The ARC implementation](https://github.com/hashicorp/golang-lru/blob/main/arc/arc.go) is thread-safe. ARC is an enhancement over the standard LRU cache in that tracks both frequency and recency of use. This avoids a burst in access to new entries from evicting the frequently used older entries. It adds some additional tracking overhead to a standard LRU cache, computationally it is roughly `2x` the cost, and the extra memory overhead is linear with the size of the cache. The default cache size is `1000`. + +## History + +Dec 20, 2022 - Initial draft finished and submitted as a PR + +## Copyright + +All content herein is licensed under [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0). diff --git a/copy-of-sdk-docs/build/tooling/00-protobuf.md b/copy-of-sdk-docs/build/tooling/00-protobuf.md new file mode 100644 index 00000000..128970c0 --- /dev/null +++ b/copy-of-sdk-docs/build/tooling/00-protobuf.md @@ -0,0 +1,113 @@ +--- +sidebar_position: 1 +--- + +# Protocol Buffers + +It is known that Cosmos SDK uses protocol buffers extensively, this document is meant to provide a guide on how it is used in the cosmos-sdk. + +To generate the proto file, the Cosmos SDK uses a docker image, this image is provided to all to use as well. The latest version is `ghcr.io/cosmos/proto-builder:0.17.0` + +Below is the example of the Cosmos SDK's commands for generating, linting, and formatting protobuf files that can be reused in any applications makefile. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/Makefile#L411-L432 +``` + +The script used to generate the protobuf files can be found in the `scripts/` directory. + +```shell reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/scripts/protocgen.sh +``` + +## Buf + +[Buf](https://buf.build) is a protobuf tool that abstracts the need to use the complicated `protoc` toolchain on top of various other things that ensure you are using protobuf in accordance with the majority of the ecosystem. Within the cosmos-sdk repository there are a few files that have a buf prefix. Lets start with the top level and then dive into the various directories. + +### Workspace + +At the root level directory a workspace is defined using [buf workspaces](https://docs.buf.build/configuration/v1/buf-work-yaml). This helps if there are one or more protobuf containing directories in your project. + +Cosmos SDK example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/buf.work.yaml#L6-L9 +``` + +### Proto Directory + +Next is the `proto/` directory where all of our protobuf files live. In here there are many different buf files defined each serving a different purpose. + +```bash +├── README.md +├── buf.gen.gogo.yaml +├── buf.gen.pulsar.yaml +├── buf.gen.swagger.yaml +├── buf.lock +├── buf.md +├── buf.yaml +├── cosmos +└── tendermint +``` + +The above diagram shows all the files and directories within the Cosmos SDK `proto/` directory. + +#### `buf.gen.gogo.yaml` + +`buf.gen.gogo.yaml` defines how the protobuf files should be generated for use with in the module. This file uses [gogoproto](https://github.com/gogo/protobuf), a separate generator from the google go-proto generator that makes working with various objects more ergonomic, and it has more performant encode and decode steps + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/buf.gen.gogo.yaml#L1-L9 +``` + +:::tip +Example of how to define `gen` files can be found [here](https://docs.buf.build/generate/overview) +::: + +#### `buf.gen.pulsar.yaml` + +`buf.gen.pulsar.yaml` defines how protobuf files should be generated using the [new golang apiv2 of protobuf](https://go.dev/blog/protobuf-apiv2). This generator is used instead of the google go-proto generator because it has some extra helpers for Cosmos SDK applications and will have more performant encode and decode than the google go-proto generator. You can follow the development of this generator [here](https://github.com/cosmos/cosmos-proto). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/buf.gen.pulsar.yaml#L1-L18 +``` + +:::tip +Example of how to define `gen` files can be found [here](https://docs.buf.build/generate/overview) +::: + +#### `buf.gen.swagger.yaml` + +`buf.gen.swagger.yaml` generates the swagger documentation for the query and messages of the chain. This will only define the REST API endpoints that were defined in the query and msg servers. You can find examples of this [here](https://github.com/cosmos/cosmos-sdk/blob/main/proto/cosmos/bank/v1beta1/query.proto#L19) + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/buf.gen.swagger.yaml#L1-L6 +``` + +:::tip +Example of how to define `gen` files can be found [here](https://docs.buf.build/generate/overview) +::: + +#### `buf.lock` + +This is an autogenerated file based on the dependencies required by the `.gen` files. There is no need to copy the current one. If you depend on cosmos-sdk proto definitions a new entry for the Cosmos SDK will need to be provided. The dependency you will need to use is `buf.build/cosmos/cosmos-sdk`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/buf.lock#L1-L16 +``` + +#### `buf.yaml` + +`buf.yaml` defines the [name of your package](https://github.com/cosmos/cosmos-sdk/blob/main/proto/buf.yaml#L3), which [breakage checker](https://docs.buf.build/breaking/overview) to use and how to [lint your protobuf files](https://buf.build/docs/tutorials/getting-started-with-buf-cli#lint-your-api). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/buf.yaml#L1-L24 +``` + +We use a variety of linters for the Cosmos SDK protobuf files. The repo also checks this in ci. + +A reference to the github actions can be found [here](https://github.com/cosmos/cosmos-sdk/blob/main/.github/workflows/proto.yml#L1-L32) + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/.github/workflows/proto.yml#L1-L32 +``` diff --git a/copy-of-sdk-docs/build/tooling/01-cosmovisor.md b/copy-of-sdk-docs/build/tooling/01-cosmovisor.md new file mode 100644 index 00000000..7c70611f --- /dev/null +++ b/copy-of-sdk-docs/build/tooling/01-cosmovisor.md @@ -0,0 +1,411 @@ +--- +sidebar_position: 1 +--- + +# Cosmovisor + +`cosmovisor` is a process manager for Cosmos SDK application binaries that automates application binary switch at chain upgrades. +It polls the `upgrade-info.json` file that is created by the x/upgrade module at upgrade height, and then can automatically download the new binary, stop the current binary, switch from the old binary to the new one, and finally restart the node with the new binary. + +* [Design](#design) +* [Contributing](#contributing) +* [Setup](#setup) + * [Installation](#installation) + * [Command Line Arguments And Environment Variables](#command-line-arguments-and-environment-variables) + * [Folder Layout](#folder-layout) +* [Usage](#usage) + * [Initialization](#initialization) + * [Detecting Upgrades](#detecting-upgrades) + * [Adding Upgrade Binary](#adding-upgrade-binary) + * [Auto-Download](#auto-download) + * [Preparing for an Upgrade](#preparing-for-an-upgrade) +* [Example: SimApp Upgrade](#example-simapp-upgrade) + * [Chain Setup](#chain-setup) + * [Prepare Cosmovisor and Start the Chain](#prepare-cosmovisor-and-start-the-chain) + * [Update App](#update-app) + +## Design + +Cosmovisor is designed to be used as a wrapper for a `Cosmos SDK` app: + +* it will pass arguments to the associated app (configured by `DAEMON_NAME` env variable). + Running `cosmovisor run arg1 arg2 ....` will run `app arg1 arg2 ...`; +* it will manage an app by restarting and upgrading if needed; +* it is configured using environment variables, not positional arguments. + +*Note: If new versions of the application are not set up to run in-place store migrations, migrations will need to be run manually before restarting `cosmovisor` with the new binary. For this reason, we recommend applications adopt in-place store migrations.* + +:::tip +Only the latest version of cosmovisor is actively developed/maintained. +::: + +:::warning +Versions prior to v1.0.0 have a vulnerability that could lead to a DOS. Please upgrade to the latest version. +::: + +## Contributing + +Cosmovisor is part of the Cosmos SDK monorepo, but it's a separate module with it's own release schedule. + +Release branches have the following format `release/cosmovisor/vA.B.x`, where A and B are a number (e.g. `release/cosmovisor/v1.3.x`). Releases are tagged using the following format: `cosmovisor/vA.B.C`. + +## Setup + +### Installation + +You can download Cosmovisor from the [GitHub releases](https://github.com/cosmos/cosmos-sdk/releases/tag/cosmovisor%2Fv1.5.0). + +To install the latest version of `cosmovisor`, run the following command: + +```shell +go install cosmossdk.io/tools/cosmovisor/cmd/cosmovisor@latest +``` + +To install a specific version, you can specify the version: + +```shell +go install cosmossdk.io/tools/cosmovisor/cmd/cosmovisor@v1.5.0 +``` + +Run `cosmovisor version` to check the cosmovisor version. + +Alternatively, for building from source, simply run `make cosmovisor`. The binary will be located in `tools/cosmovisor`. + +:::warning +Installing cosmovisor using `go install` will display the correct `cosmovisor` version. +Building from source (`make cosmovisor`) or installing `cosmovisor` by other means won't display the correct version. +::: + +### Command Line Arguments And Environment Variables + +The first argument passed to `cosmovisor` is the action for `cosmovisor` to take. Options are: + +* `help`, `--help`, or `-h` - Output `cosmovisor` help information and check your `cosmovisor` configuration. +* `run` - Run the configured binary using the rest of the provided arguments. +* `version` - Output the `cosmovisor` version and also run the binary with the `version` argument. +* `config` - Display the current `cosmovisor` configuration, that means displaying the environment variables value that `cosmovisor` is using. +* `add-upgrade` - Add an upgrade manually to `cosmovisor`. This command allow you to easily add the binary corresponding to an upgrade in cosmovisor. + +All arguments passed to `cosmovisor run` will be passed to the application binary (as a subprocess). `cosmovisor` will return `/dev/stdout` and `/dev/stderr` of the subprocess as its own. For this reason, `cosmovisor run` cannot accept any command-line arguments other than those available to the application binary. + +`cosmovisor` reads its configuration from environment variables, or its configuration file (use `--cosmovisor-config `): + +* `DAEMON_HOME` is the location where the `cosmovisor/` directory is kept that contains the genesis binary, the upgrade binaries, and any additional auxiliary files associated with each binary (e.g. `$HOME/.gaiad`, `$HOME/.regend`, `$HOME/.simd`, etc.). +* `DAEMON_NAME` is the name of the binary itself (e.g. `gaiad`, `regend`, `simd`, etc.). +* `DAEMON_ALLOW_DOWNLOAD_BINARIES` (*optional*), if set to `true`, will enable auto-downloading of new binaries (for security reasons, this is intended for full nodes rather than validators). By default, `cosmovisor` will not auto-download new binaries. +* `DAEMON_DOWNLOAD_MUST_HAVE_CHECKSUM` (*optional*, default = `false`), if `true` cosmovisor will require that a checksum is provided in the upgrade plan for the binary to be downloaded. If `false`, cosmovisor will not require a checksum to be provided, but still check the checksum if one is provided. +* `DAEMON_RESTART_AFTER_UPGRADE` (*optional*, default = `true`), if `true`, restarts the subprocess with the same command-line arguments and flags (but with the new binary) after a successful upgrade. Otherwise (`false`), `cosmovisor` stops running after an upgrade and requires the system administrator to manually restart it. Note restart is only after the upgrade and does not auto-restart the subprocess after an error occurs. +* `DAEMON_RESTART_DELAY` (*optional*, default none), allow a node operator to define a delay between the node halt (for upgrade) and backup by the specified time. The value must be a duration (e.g. `1s`). +* `DAEMON_SHUTDOWN_GRACE` (*optional*, default none), if set, send interrupt to binary and wait the specified time to allow for cleanup/cache flush to disk before sending the kill signal. The value must be a duration (e.g. `1s`). +* `DAEMON_POLL_INTERVAL` (*optional*, default 300 milliseconds), is the interval length for polling the upgrade plan file. The value must be a duration (e.g. `1s`). +* `DAEMON_DATA_BACKUP_DIR` option to set a custom backup directory. If not set, `DAEMON_HOME` is used. +* `UNSAFE_SKIP_BACKUP` (defaults to `false`), if set to `true`, upgrades directly without performing a backup. Otherwise (`false`, default) backs up the data before trying the upgrade. The default value of false is useful and recommended in case of failures and when a backup needed to rollback. We recommend using the default backup option `UNSAFE_SKIP_BACKUP=false`. +* `DAEMON_PREUPGRADE_MAX_RETRIES` (defaults to `0`). The maximum number of times to call [`pre-upgrade`](https://docs.cosmos.network/main/build/building-apps/app-upgrade#pre-upgrade-handling) in the application after exit status of `31`. After the maximum number of retries, Cosmovisor fails the upgrade. +* `COSMOVISOR_DISABLE_LOGS` (defaults to `false`). If set to true, this will disable Cosmovisor logs (but not the underlying process) completely. This may be useful, for example, when a Cosmovisor subcommand you are executing returns a valid JSON you are then parsing, as logs added by Cosmovisor make this output not a valid JSON. +* `COSMOVISOR_COLOR_LOGS` (defaults to `true`). If set to true, this will colorise Cosmovisor logs (but not the underlying process). +* `COSMOVISOR_TIMEFORMAT_LOGS` (defaults to `kitchen`). If set to a value (`layout|ansic|unixdate|rubydate|rfc822|rfc822z|rfc850|rfc1123|rfc1123z|rfc3339|rfc3339nano|kitchen`), this will add timestamp prefix to Cosmovisor logs (but not the underlying process). +* `COSMOVISOR_CUSTOM_PREUPGRADE` (defaults to ``). If set, this will run $DAEMON_HOME/cosmovisor/$COSMOVISOR_CUSTOM_PREUPGRADE prior to upgrade with the arguments [ upgrade.Name, upgrade.Height ]. Executes a custom script (separate and prior to the chain daemon pre-upgrade command) +* `COSMOVISOR_DISABLE_RECASE` (defaults to `false`). If set to true, the upgrade directory will expected to match the upgrade plan name without any case changes + +### Folder Layout + +`$DAEMON_HOME/cosmovisor` is expected to belong completely to `cosmovisor` and the subprocesses that are controlled by it. The folder content is organized as follows: + +```text +. +├── current -> genesis or upgrades/ +├── genesis +│   └── bin +│   └── $DAEMON_NAME +└── upgrades +│ └── +│ ├── bin +│ │   └── $DAEMON_NAME +│ └── upgrade-info.json +└── preupgrade.sh (optional) +``` + +The `cosmovisor/` directory includes a subdirectory for each version of the application (i.e. `genesis` or `upgrades/`). Within each subdirectory is the application binary (i.e. `bin/$DAEMON_NAME`) and any additional auxiliary files associated with each binary. `current` is a symbolic link to the currently active directory (i.e. `genesis` or `upgrades/`). The `name` variable in `upgrades/` is the lowercased URI-encoded name of the upgrade as specified in the upgrade module plan. Note that the upgrade name path are normalized to be lowercased: for instance, `MyUpgrade` is normalized to `myupgrade`, and its path is `upgrades/myupgrade`. + +Please note that `$DAEMON_HOME/cosmovisor` only stores the *application binaries*. The `cosmovisor` binary itself can be stored in any typical location (e.g. `/usr/local/bin`). The application will continue to store its data in the default data directory (e.g. `$HOME/.simapp`) or the data directory specified with the `--home` flag. `$DAEMON_HOME` is dependent of the data directory and must be set to the same directory as the data directory, you will end up with a configuration like the following: + +```text +.simapp +├── config +├── data +└── cosmovisor +``` + +## Usage + +The system administrator is responsible for: + +* installing the `cosmovisor` binary +* configuring the host's init system (e.g. `systemd`, `launchd`, etc.) +* appropriately setting the environmental variables +* creating the `/cosmovisor` directory +* creating the `/cosmovisor/genesis/bin` folder +* creating the `/cosmovisor/upgrades//bin` folders +* placing the different versions of the `` executable in the appropriate `bin` folders. + +`cosmovisor` will set the `current` link to point to `genesis` at first start (i.e. when no `current` link exists) and then handle switching binaries at the correct points in time so that the system administrator can prepare days in advance and relax at upgrade time. + +In order to support downloadable binaries, a tarball for each upgrade binary will need to be packaged up and made available through a canonical URL. Additionally, a tarball that includes the genesis binary and all available upgrade binaries can be packaged up and made available so that all the necessary binaries required to sync a fullnode from start can be easily downloaded. + +The `DAEMON` specific code and operations (e.g. cometBFT config, the application db, syncing blocks, etc.) all work as expected. The application binaries' directives such as command-line flags and environment variables also work as expected. + +### Initialization + +The `cosmovisor init ` command creates the folder structure required for using cosmovisor. + +It does the following: + +* creates the `/cosmovisor` folder if it doesn't yet exist +* creates the `/cosmovisor/genesis/bin` folder if it doesn't yet exist +* copies the provided executable file to `/cosmovisor/genesis/bin/` +* creates the `current` link, pointing to the `genesis` folder + +It uses the `DAEMON_HOME` and `DAEMON_NAME` environment variables for folder location and executable name. + +The `cosmovisor init` command is specifically for initializing cosmovisor, and should not be confused with a chain's `init` command (e.g. `cosmovisor run init`). + +### Detecting Upgrades + +`cosmovisor` is polling the `$DAEMON_HOME/data/upgrade-info.json` file for new upgrade instructions. The file is created by the x/upgrade module in `BeginBlocker` when an upgrade is detected and the blockchain reaches the upgrade height. +The following heuristic is applied to detect the upgrade: + +* When starting, `cosmovisor` doesn't know much about currently running upgrade, except the binary which is `current/bin/`. It tries to read the `current/update-info.json` file to get information about the current upgrade name. +* If neither `cosmovisor/current/upgrade-info.json` nor `data/upgrade-info.json` exist, then `cosmovisor` will wait for `data/upgrade-info.json` file to trigger an upgrade. +* If `cosmovisor/current/upgrade-info.json` doesn't exist but `data/upgrade-info.json` exists, then `cosmovisor` assumes that whatever is in `data/upgrade-info.json` is a valid upgrade request. In this case `cosmovisor` tries immediately to make an upgrade according to the `name` attribute in `data/upgrade-info.json`. +* Otherwise, `cosmovisor` waits for changes in `upgrade-info.json`. As soon as a new upgrade name is recorded in the file, `cosmovisor` will trigger an upgrade mechanism. + +When the upgrade mechanism is triggered, `cosmovisor` will: + +1. if `DAEMON_ALLOW_DOWNLOAD_BINARIES` is enabled, start by auto-downloading a new binary into `cosmovisor//bin` (where `` is the `upgrade-info.json:name` attribute); +2. update the `current` symbolic link to point to the new directory and save `data/upgrade-info.json` to `cosmovisor/current/upgrade-info.json`. + +### Adding Upgrade Binary + +`cosmovisor` has an `add-upgrade` command that allows to easily link a binary to an upgrade. It creates a new folder in `cosmovisor/upgrades/` and copies the provided executable file to `cosmovisor/upgrades//bin/`. + +Using the `--upgrade-height` flag allows to specify at which height the binary should be switched, without going via a governance proposal. +This enables support for an emergency coordinated upgrades where the binary must be switched at a specific height, but there is no time to go through a governance proposal. + +:::warning +`--upgrade-height` creates an `upgrade-info.json` file. This means if a chain upgrade via governance proposal is executed before the specified height with `--upgrade-height`, the governance proposal will overwrite the `upgrade-info.json` plan created by `add-upgrade --upgrade-height `. +Take this into consideration when using `--upgrade-height`. +::: + +### Auto-Download + +Generally, `cosmovisor` requires that the system administrator place all relevant binaries on disk before the upgrade happens. However, for people who don't need such control and want an automated setup (maybe they are syncing a non-validating fullnode and want to do little maintenance), there is another option. + +**NOTE: we don't recommend using auto-download** because it doesn't verify in advance if a binary is available. If there will be any issue with downloading a binary, the cosmovisor will stop and won't restart an App (which could lead to a chain halt). + +If `DAEMON_ALLOW_DOWNLOAD_BINARIES` is set to `true`, and no local binary can be found when an upgrade is triggered, `cosmovisor` will attempt to download and install the binary itself based on the instructions in the `info` attribute in the `data/upgrade-info.json` file. The files is constructed by the x/upgrade module and contains data from the upgrade `Plan` object. The `Plan` has an info field that is expected to have one of the following two valid formats to specify a download: + +1. Store an os/architecture -> binary URI map in the upgrade plan info field as JSON under the `"binaries"` key. For example: + + ```json + { + "binaries": { + "linux/amd64":"https://example.com/gaia.zip?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f" + } + } + ``` + + You can include multiple binaries at once to ensure more than one environment will receive the correct binaries: + + ```json + { + "binaries": { + "linux/amd64":"https://example.com/gaia.zip?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f", + "linux/arm64":"https://example.com/gaia.zip?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f", + "darwin/amd64":"https://example.com/gaia.zip?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f" + } + } + ``` + + When submitting this as a proposal ensure there are no spaces. An example command using `gaiad` could look like: + + ```shell + > gaiad tx upgrade software-upgrade Vega \ + --title Vega \ + --deposit 100uatom \ + --upgrade-height 7368420 \ + --upgrade-info '{"binaries":{"linux/amd64":"https://github.com/cosmos/gaia/releases/download/v6.0.0-rc1/gaiad-v6.0.0-rc1-linux-amd64","linux/arm64":"https://github.com/cosmos/gaia/releases/download/v6.0.0-rc1/gaiad-v6.0.0-rc1-linux-arm64","darwin/amd64":"https://github.com/cosmos/gaia/releases/download/v6.0.0-rc1/gaiad-v6.0.0-rc1-darwin-amd64"}}' \ + --summary "upgrade to Vega" \ + --gas 400000 \ + --from user \ + --chain-id test \ + --home test/val2 \ + --node tcp://localhost:36657 \ + --yes + ``` + +2. Store a link to a file that contains all information in the above format (e.g. if you want to specify lots of binaries, changelog info, etc. without filling up the blockchain). For example: + + ```text + https://example.com/testnet-1001-info.json?checksum=sha256:deaaa99fda9407c4dbe1d04bd49bab0cc3c1dd76fa392cd55a9425be074af01e + ``` + +When `cosmovisor` is triggered to download the new binary, `cosmovisor` will parse the `"binaries"` field, download the new binary with [go-getter](https://github.com/hashicorp/go-getter), and unpack the new binary in the `upgrades/` folder so that it can be run as if it was installed manually. + +Note that for this mechanism to provide strong security guarantees, all URLs should include a SHA 256/512 checksum. This ensures that no false binary is run, even if someone hacks the server or hijacks the DNS. `go-getter` will always ensure the downloaded file matches the checksum if it is provided. `go-getter` will also handle unpacking archives into directories (in this case the download link should point to a `zip` file of all data in the `bin` directory). + +To properly create a sha256 checksum on linux, you can use the `sha256sum` utility. For example: + +```shell +sha256sum ./testdata/repo/zip_directory/autod.zip +``` + +The result will look something like the following: `29139e1381b8177aec909fab9a75d11381cab5adf7d3af0c05ff1c9c117743a7`. + +You can also use `sha512sum` if you would prefer to use longer hashes, or `md5sum` if you would prefer to use broken hashes. Whichever you choose, make sure to set the hash algorithm properly in the checksum argument to the URL. + +### Preparing for an Upgrade + +To prepare for an upgrade, use the `prepare-upgrade` command: + +```shell +cosmovisor prepare-upgrade +``` + +This command performs the following actions: + +1. Retrieves upgrade information directly from the blockchain about the next scheduled upgrade. +2. Downloads the new binary specified in the upgrade plan. +3. Verifies the binary's checksum (if required by configuration). +4. Places the new binary in the appropriate directory for Cosmovisor to use during the upgrade. + +The `prepare-upgrade` command provides detailed logging throughout the process, including: + +* The name and height of the upcoming upgrade +* The URL from which the new binary is being downloaded +* Confirmation of successful download and verification +* The path where the new binary has been placed + +Example output: + +```bash +INFO Preparing for upgrade name=v1.0.0 height=1000000 +INFO Downloading upgrade binary url=https://example.com/binary/v1.0.0?checksum=sha256:339911508de5e20b573ce902c500ee670589073485216bee8b045e853f24bce8 +INFO Upgrade preparation complete name=v1.0.0 height=1000000 +``` + +*Note: The current way of downloading manually and placing the binary at the right place would still work.* + +## Example: SimApp Upgrade + +The following instructions provide a demonstration of `cosmovisor` using the simulation application (`simapp`) shipped with the Cosmos SDK's source code. The following commands are to be run from within the `cosmos-sdk` repository. + +### Chain Setup + +Let's create a new chain using the `v0.47.4` version of simapp (the Cosmos SDK demo app): + +```shell +git checkout v0.47.4 +make build +``` + +Clean `~/.simapp` (never do this in a production environment): + +```shell +./build/simd tendermint unsafe-reset-all +``` + +Set up app config: + +```shell +./build/simd config chain-id test +./build/simd config keyring-backend test +./build/simd config broadcast-mode sync +``` + +Initialize the node and overwrite any previous genesis file (never do this in a production environment): + +```shell +./build/simd init test --chain-id test --overwrite +``` + +For the sake of this demonstration, amend `voting_period` in `genesis.json` to a reduced time of 20 seconds (`20s`): + +```shell +cat <<< $(jq '.app_state.gov.params.voting_period = "20s"' $HOME/.simapp/config/genesis.json) > $HOME/.simapp/config/genesis.json +``` + +Create a validator, and setup genesis transaction: + +```shell +./build/simd keys add validator +./build/simd genesis add-genesis-account validator 1000000000stake --keyring-backend test +./build/simd genesis gentx validator 1000000stake --chain-id test +./build/simd genesis collect-gentxs +``` + +#### Prepare Cosmovisor and Start the Chain + +Set the required environment variables: + +```shell +export DAEMON_NAME=simd +export DAEMON_HOME=$HOME/.simapp +``` + +Set the optional environment variable to trigger an automatic app restart: + +```shell +export DAEMON_RESTART_AFTER_UPGRADE=true +``` + +Initialize cosmovisor with the current binary: + +```shell +cosmovisor init ./build/simd +``` + +Now you can run cosmovisor with simapp v0.47.4: + +```shell +cosmovisor run start +``` + +### Update App + +Update app to the latest version (e.g. v0.50.0). + +:::note + +Migration plans are defined using the `x/upgrade` module and described in [In-Place Store Migrations](https://github.com/cosmos/cosmos-sdk/blob/main/docs/learn/advanced/15-upgrade.md). Migrations can perform any deterministic state change. + +The migration plan to upgrade the simapp from v0.47 to v0.50 is defined in `simapp/upgrade.go`. + +::: + +Build the new version `simd` binary: + +```shell +make build +``` + +Add the new `simd` binary and the upgrade name: + +:::warning + +The migration name must match the one defined in the migration plan. + +::: + +```shell +cosmovisor add-upgrade v047-to-v050 ./build/simd +``` + +Open a new terminal window and submit an upgrade proposal along with a deposit and a vote (these commands must be run within 20 seconds of each other): + +```shell +./build/simd tx upgrade software-upgrade v047-to-v050 --title upgrade --summary upgrade --upgrade-height 200 --upgrade-info "{}" --no-validate --from validator --yes +./build/simd tx gov deposit 1 10000000stake --from validator --yes +./build/simd tx gov vote 1 yes --from validator --yes +``` + +The upgrade will occur automatically at height 200. Note: you may need to change the upgrade height in the snippet above if your test play takes more time. diff --git a/copy-of-sdk-docs/build/tooling/02-confix.md b/copy-of-sdk-docs/build/tooling/02-confix.md new file mode 100644 index 00000000..00851ede --- /dev/null +++ b/copy-of-sdk-docs/build/tooling/02-confix.md @@ -0,0 +1,156 @@ +--- +sidebar_position: 1 +--- + +# Confix + +`Confix` is a configuration management tool that allows you to manage your configuration via CLI. + +It is based on the [CometBFT RFC 019](https://github.com/cometbft/cometbft/blob/5013bc3f4a6d64dcc2bf02ccc002ebc9881c62e4/docs/rfc/rfc-019-config-version.md). + +## Installation + +### Add Config Command + +To add the confix tool, it's required to add the `ConfigCommand` to your application's root command file (e.g. `/cmd/root.go`). + +Import the `confixCmd` package: + +```go +import "cosmossdk.io/tools/confix/cmd" +``` + +Find the following line: + +```go +initRootCmd(rootCmd, moduleManager) +``` + +After that line, add the following: + +```go +rootCmd.AddCommand( + confixcmd.ConfigCommand(), +) +``` + +The `ConfixCommand` function builds the `config` root command and is defined in the `confixCmd` package (`cosmossdk.io/tools/confix/cmd`). +An implementation example can be found in `simapp`. + +The command will be available as `simd config`. + +:::tip +Using confix directly in the application can have less features than using it standalone. +This is because confix is versioned with the SDK, while `latest` is the standalone version. +::: + +### Using Confix Standalone + +To use Confix standalone, without having to add it in your application, install it with the following command: + +```bash +go install cosmossdk.io/tools/confix/cmd/confix@latest +``` + +Alternatively, for building from source, simply run `make confix`. The binary will be located in `tools/confix`. + +## Usage + +Use standalone: + +```shell +confix --help +``` + +Use in simd: + +```shell +simd config fix --help +``` + +### Get + +Get a configuration value, e.g.: + +```shell +simd config get app pruning # gets the value pruning from app.toml +simd config get client chain-id # gets the value chain-id from client.toml +``` + +```shell +confix get ~/.simapp/config/app.toml pruning # gets the value pruning from app.toml +confix get ~/.simapp/config/client.toml chain-id # gets the value chain-id from client.toml +``` + +### Set + +Set a configuration value, e.g.: + +```shell +simd config set app pruning "enabled" # sets the value pruning from app.toml +simd config set client chain-id "foo-1" # sets the value chain-id from client.toml +``` + +```shell +confix set ~/.simapp/config/app.toml pruning "enabled" # sets the value pruning from app.toml +confix set ~/.simapp/config/client.toml chain-id "foo-1" # sets the value chain-id from client.toml +``` + +### Migrate + +Migrate a configuration file to a new version, config type defaults to `app.toml`, if you want to change it to `client.toml`, please indicate it by adding the optional parameter, e.g.: + +```shell +simd config migrate v0.50 # migrates defaultHome/config/app.toml to the latest v0.50 config +simd config migrate v0.50 --client # migrates defaultHome/config/client.toml to the latest v0.50 config +``` + +```shell +confix migrate v0.50 ~/.simapp/config/app.toml # migrate ~/.simapp/config/app.toml to the latest v0.50 config +confix migrate v0.50 ~/.simapp/config/client.toml --client # migrate ~/.simapp/config/client.toml to the latest v0.50 config +``` + +### Diff + +Get the diff between a given configuration file and the default configuration file, e.g.: + +```shell +simd config diff v0.47 # gets the diff between defaultHome/config/app.toml and the latest v0.47 config +simd config diff v0.47 --client # gets the diff between defaultHome/config/client.toml and the latest v0.47 config +``` + +```shell +confix diff v0.47 ~/.simapp/config/app.toml # gets the diff between ~/.simapp/config/app.toml and the latest v0.47 config +confix diff v0.47 ~/.simapp/config/client.toml --client # gets the diff between ~/.simapp/config/client.toml and the latest v0.47 config +``` + +### View + +View a configuration file, e.g: + +```shell +simd config view client # views the current app client config +``` + +```shell +confix view ~/.simapp/config/client.toml # views the current app client conf +``` + +### Maintainer + +At each SDK modification of the default configuration, add the default SDK config under `data/vXX-app.toml`. +This allows users to use the tool standalone. + +### Compatibility + +The recommended standalone version is `latest`, which is using the latest development version of the Confix. + +| SDK Version | Confix Version | +| ----------- | -------------- | +| v0.50 | v0.1.x | +| v0.52 | v0.2.x | +| v2 | v0.2.x | + +## Credits + +This project is based on the [CometBFT RFC 019](https://github.com/cometbft/cometbft/blob/5013bc3f4a6d64dcc2bf02ccc002ebc9881c62e4/docs/rfc/rfc-019-config-version.md) and their never released own implementation of [confix](https://github.com/cometbft/cometbft/blob/v0.36.x/scripts/confix/confix.go). diff --git a/copy-of-sdk-docs/build/tooling/03-hubl.md b/copy-of-sdk-docs/build/tooling/03-hubl.md new file mode 100644 index 00000000..97d02921 --- /dev/null +++ b/copy-of-sdk-docs/build/tooling/03-hubl.md @@ -0,0 +1,73 @@ +--- +sidebar_position: 1 +--- + +# Hubl + +`Hubl` is a tool that allows you to query any Cosmos SDK based blockchain. +It takes advantage of the new [AutoCLI](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/client/v2@v2.0.0-20220916140313-c5245716b516/cli) feature of the Cosmos SDK. + +## Installation + +Hubl can be installed using `go install`: + +```shell +go install cosmossdk.io/tools/hubl/cmd/hubl@latest +``` + +Or build from source: + +```shell +git clone --depth=1 https://github.com/cosmos/cosmos-sdk +make hubl +``` + +The binary will be located in `tools/hubl`. + +## Usage + +```shell +hubl --help +``` + +### Add chain + +To configure a new chain just run this command using the --init flag and the name of the chain as it's listed in the chain registry (). + +If the chain is not listed in the chain registry, you can use any unique name. + +```shell +hubl init [chain-name] +hubl init regen +``` + +The chain configuration is stored in `~/.hubl/config.toml`. + +:::tip + +When using an unsecure gRPC endpoint, change the `insecure` field to `true` in the config file. + +```toml +[chains] +[chains.regen] +[[chains.regen.trusted-grpc-endpoints]] +endpoint = 'localhost:9090' +insecure = true +``` + +Or use the `--insecure` flag: + +```shell +hubl init regen --insecure +``` + +::: + +### Query + +To query a chain, you can use the `query` command. +Then specify which module you want to query and the query itself. + +```shell +hubl regen query auth module-accounts +``` diff --git a/copy-of-sdk-docs/build/tooling/README.md b/copy-of-sdk-docs/build/tooling/README.md new file mode 100644 index 00000000..230918c2 --- /dev/null +++ b/copy-of-sdk-docs/build/tooling/README.md @@ -0,0 +1,17 @@ +--- +sidebar_position: 0 +--- + +# Tools + +This section provides documentation on various tooling maintained by the SDK team. +This includes tools for development, operating a node, and ease of use of a Cosmos SDK chain. + +## CLI Tools + +* [Cosmovisor](../../../tools/cosmovisor/README.md) +* [Confix](../../../tools/confix/README.md) + +## Other Tools + +* [Protocol Buffers](./00-protobuf.md) diff --git a/copy-of-sdk-docs/build/tooling/_category_.json b/copy-of-sdk-docs/build/tooling/_category_.json new file mode 100644 index 00000000..eb57cb8a --- /dev/null +++ b/copy-of-sdk-docs/build/tooling/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Tooling", + "position": 5, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/_category_.json b/copy-of-sdk-versioned_docs/version-0.47/build/_category_.json new file mode 100644 index 00000000..9f308823 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Build", + "position": 0, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/PROCESS.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/PROCESS.md new file mode 100644 index 00000000..e30a7406 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/PROCESS.md @@ -0,0 +1,58 @@ +# ADR Creation Process + +1. Copy the `adr-template.md` file. Use the following filename pattern: `adr-next_number-title.md` +2. Create a draft Pull Request if you want to get an early feedback. +3. Make sure the context and a solution is clear and well documented. +4. Add an entry to a list in the [README](README.md) file. +5. Create a Pull Request to propose a new ADR. + +## What is an ADR? + +An ADR is a document to document an implementation and design that may or may not have been discussed in an RFC. While an RFC is meant to replace synchoronus communication in a distributed environment, an ADR is meant to document an already made decision. An ADR wont come with much of a communication overhead because the discussion was recorded in an RFC or a synchronous discussion. If the consensus came from a synchoronus discussion then a short excerpt should be added to the ADR to explain the goals. + +## ADR life cycle + +ADR creation is an **iterative** process. Instead of having a high amount of communication overhead, an ADR is used when there is already a decision made and implementation details need to be added. The ADR should document what the collective consensus for the specific issue is and how to solve it. + +1. Every ADR should start with either an RFC or discussion where consensus has been met. + +2. Once consensus is met, a GitHub Pull Request (PR) is created with a new document based on the `adr-template.md`. + +3. If a _proposed_ ADR is merged, then it should clearly document outstanding issues either in ADR document notes or in a GitHub Issue. + +4. The PR SHOULD always be merged. In the case of a faulty ADR, we still prefer to merge it with a _rejected_ status. The only time the ADR SHOULD NOT be merged is if the author abandons it. + +5. Merged ADRs SHOULD NOT be pruned. + +### ADR status + +Status has two components: + +```text +{CONSENSUS STATUS} {IMPLEMENTATION STATUS} +``` + +IMPLEMENTATION STATUS is either `Implemented` or `Not Implemented`. + +#### Consensus Status + +```text +DRAFT -> PROPOSED -> LAST CALL yyyy-mm-dd -> ACCEPTED | REJECTED -> SUPERSEDED by ADR-xxx + \ | + \ | + v v + ABANDONED +``` + +* `DRAFT`: [optional] an ADR which is work in progress, not being ready for a general review. This is to present an early work and get an early feedback in a Draft Pull Request form. +* `PROPOSED`: an ADR covering a full solution architecture and still in the review - project stakeholders haven't reached an agreed yet. +* `LAST CALL `: [optional] clear notify that we are close to accept updates. Changing a status to `LAST CALL` means that social consensus (of Cosmos SDK maintainers) has been reached and we still want to give it a time to let the community react or analyze. +* `ACCEPTED`: ADR which will represent a currently implemented or to be implemented architecture design. +* `REJECTED`: ADR can go from PROPOSED or ACCEPTED to rejected if the consensus among project stakeholders will decide so. +* `SUPERSEEDED by ADR-xxx`: ADR which has been superseded by a new ADR. +* `ABANDONED`: the ADR is no longer pursued by the original authors. + +## Language used in ADR + +* The context/background should be written in the present tense. +* Avoid using a first, personal form. diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/README.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/README.md new file mode 100644 index 00000000..ce1ee432 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/README.md @@ -0,0 +1,94 @@ +--- +sidebar_position: 1 +--- + +# Architecture Decision Records (ADR) + +This is a location to record all high-level architecture decisions in the Cosmos-SDK. + +An Architectural Decision (**AD**) is a software design choice that addresses a functional or non-functional requirement that is architecturally significant. +An Architecturally Significant Requirement (**ASR**) is a requirement that has a measurable effect on a software system’s architecture and quality. +An Architectural Decision Record (**ADR**) captures a single AD, such as often done when writing personal notes or meeting minutes; the collection of ADRs created and maintained in a project constitute its decision log. All these are within the topic of Architectural Knowledge Management (AKM). + +You can read more about the ADR concept in this [blog post](https://product.reverb.com/documenting-architecture-decisions-the-reverb-way-a3563bb24bd0#.78xhdix6t). + +## Rationale + +ADRs are intended to be the primary mechanism for proposing new feature designs and new processes, for collecting community input on an issue, and for documenting the design decisions. +An ADR should provide: + +* Context on the relevant goals and the current state +* Proposed changes to achieve the goals +* Summary of pros and cons +* References +* Changelog + +Note the distinction between an ADR and a spec. The ADR provides the context, intuition, reasoning, and +justification for a change in architecture, or for the architecture of something +new. The spec is much more compressed and streamlined summary of everything as +it stands today. + +If recorded decisions turned out to be lacking, convene a discussion, record the new decisions here, and then modify the code to match. + +## Creating new ADR + +Read about the [PROCESS](PROCESS.md). + +### Use RFC 2119 Keywords + +When writing ADRs, follow the same best practices for writing RFCs. When writing RFCs, key words are used to signify the requirements in the specification. These words are often capitalized: "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL. They are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119). + +## ADR Table of Contents + +### Accepted + +* [ADR 002: SDK Documentation Structure](adr-002-docs-structure.md) +* [ADR 004: Split Denomination Keys](adr-004-split-denomination-keys.md) +* [ADR 006: Secret Store Replacement](adr-006-secret-store-replacement.md) +* [ADR 009: Evidence Module](adr-009-evidence-module.md) +* [ADR 010: Modular AnteHandler](adr-010-modular-antehandler.md) +* [ADR 019: Protocol Buffer State Encoding](adr-019-protobuf-state-encoding.md) +* [ADR 020: Protocol Buffer Transaction Encoding](adr-020-protobuf-transaction-encoding.md) +* [ADR 021: Protocol Buffer Query Encoding](adr-021-protobuf-query-encoding.md) +* [ADR 023: Protocol Buffer Naming and Versioning](adr-023-protobuf-naming.md) +* [ADR 029: Fee Grant Module](adr-029-fee-grant-module.md) +* [ADR 030: Message Authorization Module](adr-030-authz-module.md) +* [ADR 031: Protobuf Msg Services](adr-031-msg-service.md) +* [ADR 055: ORM](adr-055-orm.md) +* [ADR 058: Auto-Generated CLI](adr-058-auto-generated-cli.md) +* [ADR 060: ABCI 1.0 (Phase I)](adr-060-abci-1.0.md) +* [ADR 061: Liquid Staking](adr-061-liquid-staking.md) + +### Proposed + +* [ADR 003: Dynamic Capability Store](adr-003-dynamic-capability-store.md) +* [ADR 011: Generalize Genesis Accounts](adr-011-generalize-genesis-accounts.md) +* [ADR 012: State Accessors](adr-012-state-accessors.md) +* [ADR 013: Metrics](adr-013-metrics.md) +* [ADR 016: Validator Consensus Key Rotation](adr-016-validator-consensus-key-rotation.md) +* [ADR 017: Historical Header Module](adr-017-historical-header-module.md) +* [ADR 018: Extendable Voting Periods](adr-018-extendable-voting-period.md) +* [ADR 022: Custom baseapp panic handling](adr-022-custom-panic-handling.md) +* [ADR 024: Coin Metadata](adr-024-coin-metadata.md) +* [ADR 027: Deterministic Protobuf Serialization](adr-027-deterministic-protobuf-serialization.md) +* [ADR 028: Public Key Addresses](adr-028-public-key-addresses.md) +* [ADR 032: Typed Events](adr-032-typed-events.md) +* [ADR 033: Inter-module RPC](adr-033-protobuf-inter-module-comm.md) +* [ADR 035: Rosetta API Support](adr-035-rosetta-api-support.md) +* [ADR 037: Governance Split Votes](adr-037-gov-split-vote.md) +* [ADR 038: State Listening](adr-038-state-listening.md) +* [ADR 039: Epoched Staking](adr-039-epoched-staking.md) +* [ADR 040: Storage and SMT State Commitments](adr-040-storage-and-smt-state-commitments.md) +* [ADR 046: Module Params](adr-046-module-params.md) +* [ADR 054: Semver Compatible SDK Modules](adr-054-semver-compatible-modules.md) +* [ADR 057: App Wiring](adr-057-app-wiring.md) +* [ADR 059: Test Scopes](adr-059-test-scopes.md) +* [ADR 062: Collections State Layer](adr-062-collections-state-layer.md) +* [ADR 063: Core Module API](adr-063-core-module-api.md) +* [ADR 065: Store V2](adr-065-store-v2.md) + +### Draft + +* [ADR 044: Guidelines for Updating Protobuf Definitions](adr-044-protobuf-updates-guidelines.md) +* [ADR 047: Extend Upgrade Plan](adr-047-extend-upgrade-plan.md) +* [ADR 053: Go Module Refactoring](adr-053-go-module-refactoring.md) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/_category_.json b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/_category_.json new file mode 100644 index 00000000..87ceb937 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "ADRs", + "position": 11, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-002-docs-structure.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-002-docs-structure.md new file mode 100644 index 00000000..5819151f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-002-docs-structure.md @@ -0,0 +1,86 @@ +# ADR 002: SDK Documentation Structure + +## Context + +There is a need for a scalable structure of the Cosmos SDK documentation. Current documentation includes a lot of non-related Cosmos SDK material, is difficult to maintain and hard to follow as a user. + +Ideally, we would have: + +* All docs related to dev frameworks or tools live in their respective github repos (sdk repo would contain sdk docs, hub repo would contain hub docs, lotion repo would contain lotion docs, etc.) +* All other docs (faqs, whitepaper, high-level material about Cosmos) would live on the website. + +## Decision + +Re-structure the `/docs` folder of the Cosmos SDK github repo as follows: + +```text +docs/ +├── README +├── intro/ +├── concepts/ +│ ├── baseapp +│ ├── types +│ ├── store +│ ├── server +│ ├── modules/ +│ │ ├── keeper +│ │ ├── handler +│ │ ├── cli +│ ├── gas +│ └── commands +├── clients/ +│ ├── lite/ +│ ├── service-providers +├── modules/ +├── spec/ +├── translations/ +└── architecture/ +``` + +The files in each sub-folders do not matter and will likely change. What matters is the sectioning: + +* `README`: Landing page of the docs. +* `intro`: Introductory material. Goal is to have a short explainer of the Cosmos SDK and then channel people to the resource they need. The [Cosmos SDK tutorial](https://github.com/cosmos/sdk-application-tutorial/) will be highlighted, as well as the `godocs`. +* `concepts`: Contains high-level explanations of the abstractions of the Cosmos SDK. It does not contain specific code implementation and does not need to be updated often. **It is not an API specification of the interfaces**. API spec is the `godoc`. +* `clients`: Contains specs and info about the various Cosmos SDK clients. +* `spec`: Contains specs of modules, and others. +* `modules`: Contains links to `godocs` and the spec of the modules. +* `architecture`: Contains architecture-related docs like the present one. +* `translations`: Contains different translations of the documentation. + +Website docs sidebar will only include the following sections: + +* `README` +* `intro` +* `concepts` +* `clients` + +`architecture` need not be displayed on the website. + +## Status + +Accepted + +## Consequences + +### Positive + +* Much clearer organisation of the Cosmos SDK docs. +* The `/docs` folder now only contains Cosmos SDK and gaia related material. Later, it will only contain Cosmos SDK related material. +* Developers only have to update `/docs` folder when they open a PR (and not `/examples` for example). +* Easier for developers to find what they need to update in the docs thanks to reworked architecture. +* Cleaner vuepress build for website docs. +* Will help build an executable doc (cf https://github.com/cosmos/cosmos-sdk/issues/2611) + +### Neutral + +* We need to move a bunch of deprecated stuff to `/_attic` folder. +* We need to integrate content in `docs/sdk/docs/core` in `concepts`. +* We need to move all the content that currently lives in `docs` and does not fit in new structure (like `lotion`, intro material, whitepaper) to the website repository. +* Update `DOCS_README.md` + +## References + +* https://github.com/cosmos/cosmos-sdk/issues/1460 +* https://github.com/cosmos/cosmos-sdk/pull/2695 +* https://github.com/cosmos/cosmos-sdk/issues/2611 diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-003-dynamic-capability-store.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-003-dynamic-capability-store.md new file mode 100644 index 00000000..f9ddd364 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-003-dynamic-capability-store.md @@ -0,0 +1,344 @@ +# ADR 3: Dynamic Capability Store + +## Changelog + +* 12 December 2019: Initial version +* 02 April 2020: Memory Store Revisions + +## Context + +Full implementation of the [IBC specification](https://github.com/cosmos/ibc) requires the ability to create and authenticate object-capability keys at runtime (i.e., during transaction execution), +as described in [ICS 5](https://github.com/cosmos/ibc/tree/master/spec/core/ics-005-port-allocation#technical-specification). In the IBC specification, capability keys are created for each newly initialised +port & channel, and are used to authenticate future usage of the port or channel. Since channels and potentially ports can be initialised during transaction execution, the state machine must be able to create +object-capability keys at this time. + +At present, the Cosmos SDK does not have the ability to do this. Object-capability keys are currently pointers (memory addresses) of `StoreKey` structs created at application initialisation in `app.go` ([example](https://github.com/cosmos/gaia/blob/dcbddd9f04b3086c0ad07ee65de16e7adedc7da4/app/app.go#L132)) +and passed to Keepers as fixed arguments ([example](https://github.com/cosmos/gaia/blob/dcbddd9f04b3086c0ad07ee65de16e7adedc7da4/app/app.go#L160)). Keepers cannot create or store capability keys during transaction execution — although they could call `NewKVStoreKey` and take the memory address +of the returned struct, storing this in the Merklised store would result in a consensus fault, since the memory address will be different on each machine (this is intentional — were this not the case, the keys would be predictable and couldn't serve as object capabilities). + +Keepers need a way to keep a private map of store keys which can be altered during transaction execution, along with a suitable mechanism for regenerating the unique memory addresses (capability keys) in this map whenever the application is started or restarted, along with a mechanism to revert capability creation on tx failure. +This ADR proposes such an interface & mechanism. + +## Decision + +The Cosmos SDK will include a new `CapabilityKeeper` abstraction, which is responsible for provisioning, +tracking, and authenticating capabilities at runtime. During application initialisation in `app.go`, +the `CapabilityKeeper` will be hooked up to modules through unique function references +(by calling `ScopeToModule`, defined below) so that it can identify the calling module when later +invoked. + +When the initial state is loaded from disk, the `CapabilityKeeper`'s `Initialise` function will create +new capability keys for all previously allocated capability identifiers (allocated during execution of +past transactions and assigned to particular modes), and keep them in a memory-only store while the +chain is running. + +The `CapabilityKeeper` will include a persistent `KVStore`, a `MemoryStore`, and an in-memory map. +The persistent `KVStore` tracks which capability is owned by which modules. +The `MemoryStore` stores a forward mapping that map from module name, capability tuples to capability names and +a reverse mapping that map from module name, capability name to the capability index. +Since we cannot marshal the capability into a `KVStore` and unmarshal without changing the memory location of the capability, +the reverse mapping in the KVStore will simply map to an index. This index can then be used as a key in the ephemeral +go-map to retrieve the capability at the original memory location. + +The `CapabilityKeeper` will define the following types & functions: + +The `Capability` is similar to `StoreKey`, but has a globally unique `Index()` instead of +a name. A `String()` method is provided for debugging. + +A `Capability` is simply a struct, the address of which is taken for the actual capability. + +```go +type Capability struct { + index uint64 +} +``` + +A `CapabilityKeeper` contains a persistent store key, memory store key, and mapping of allocated module names. + +```go +type CapabilityKeeper struct { + persistentKey StoreKey + memKey StoreKey + capMap map[uint64]*Capability + moduleNames map[string]interface{} + sealed bool +} +``` + +The `CapabilityKeeper` provides the ability to create *scoped* sub-keepers which are tied to a +particular module name. These `ScopedCapabilityKeeper`s must be created at application initialisation +and passed to modules, which can then use them to claim capabilities they receive and retrieve +capabilities which they own by name, in addition to creating new capabilities & authenticating capabilities +passed by other modules. + +```go +type ScopedCapabilityKeeper struct { + persistentKey StoreKey + memKey StoreKey + capMap map[uint64]*Capability + moduleName string +} +``` + +`ScopeToModule` is used to create a scoped sub-keeper with a particular name, which must be unique. +It MUST be called before `InitialiseAndSeal`. + +```go +func (ck CapabilityKeeper) ScopeToModule(moduleName string) ScopedCapabilityKeeper { + if k.sealed { + panic("cannot scope to module via a sealed capability keeper") + } + + if _, ok := k.scopedModules[moduleName]; ok { + panic(fmt.Sprintf("cannot create multiple scoped keepers for the same module name: %s", moduleName)) + } + + k.scopedModules[moduleName] = struct{}{} + + return ScopedKeeper{ + cdc: k.cdc, + storeKey: k.storeKey, + memKey: k.memKey, + capMap: k.capMap, + module: moduleName, + } +} +``` + +`InitialiseAndSeal` MUST be called exactly once, after loading the initial state and creating all +necessary `ScopedCapabilityKeeper`s, in order to populate the memory store with newly-created +capability keys in accordance with the keys previously claimed by particular modules and prevent the +creation of any new `ScopedCapabilityKeeper`s. + +```go +func (ck CapabilityKeeper) InitialiseAndSeal(ctx Context) { + if ck.sealed { + panic("capability keeper is sealed") + } + + persistentStore := ctx.KVStore(ck.persistentKey) + map := ctx.KVStore(ck.memKey) + + // initialise memory store for all names in persistent store + for index, value := range persistentStore.Iter() { + capability = &CapabilityKey{index: index} + + for moduleAndCapability := range value { + moduleName, capabilityName := moduleAndCapability.Split("/") + memStore.Set(moduleName + "/fwd/" + capability, capabilityName) + memStore.Set(moduleName + "/rev/" + capabilityName, index) + + ck.capMap[index] = capability + } + } + + ck.sealed = true +} +``` + +`NewCapability` can be called by any module to create a new unique, unforgeable object-capability +reference. The newly created capability is automatically persisted; the calling module need not +call `ClaimCapability`. + +```go +func (sck ScopedCapabilityKeeper) NewCapability(ctx Context, name string) (Capability, error) { + // check name not taken in memory store + if capStore.Get("rev/" + name) != nil { + return nil, errors.New("name already taken") + } + + // fetch the current index + index := persistentStore.Get("index") + + // create a new capability + capability := &CapabilityKey{index: index} + + // set persistent store + persistentStore.Set(index, Set.singleton(sck.moduleName + "/" + name)) + + // update the index + index++ + persistentStore.Set("index", index) + + // set forward mapping in memory store from capability to name + memStore.Set(sck.moduleName + "/fwd/" + capability, name) + + // set reverse mapping in memory store from name to index + memStore.Set(sck.moduleName + "/rev/" + name, index) + + // set the in-memory mapping from index to capability pointer + capMap[index] = capability + + // return the newly created capability + return capability +} +``` + +`AuthenticateCapability` can be called by any module to check that a capability +does in fact correspond to a particular name (the name can be untrusted user input) +with which the calling module previously associated it. + +```go +func (sck ScopedCapabilityKeeper) AuthenticateCapability(name string, capability Capability) bool { + // return whether forward mapping in memory store matches name + return memStore.Get(sck.moduleName + "/fwd/" + capability) === name +} +``` + +`ClaimCapability` allows a module to claim a capability key which it has received from another module +so that future `GetCapability` calls will succeed. + +`ClaimCapability` MUST be called if a module which receives a capability wishes to access it by name +in the future. Capabilities are multi-owner, so if multiple modules have a single `Capability` reference, +they will all own it. + +```go +func (sck ScopedCapabilityKeeper) ClaimCapability(ctx Context, capability Capability, name string) error { + persistentStore := ctx.KVStore(sck.persistentKey) + + // set forward mapping in memory store from capability to name + memStore.Set(sck.moduleName + "/fwd/" + capability, name) + + // set reverse mapping in memory store from name to capability + memStore.Set(sck.moduleName + "/rev/" + name, capability) + + // update owner set in persistent store + owners := persistentStore.Get(capability.Index()) + owners.add(sck.moduleName + "/" + name) + persistentStore.Set(capability.Index(), owners) +} +``` + +`GetCapability` allows a module to fetch a capability which it has previously claimed by name. +The module is not allowed to retrieve capabilities which it does not own. + +```go +func (sck ScopedCapabilityKeeper) GetCapability(ctx Context, name string) (Capability, error) { + // fetch the index of capability using reverse mapping in memstore + index := memStore.Get(sck.moduleName + "/rev/" + name) + + // fetch capability from go-map using index + capability := capMap[index] + + // return the capability + return capability +} +``` + +`ReleaseCapability` allows a module to release a capability which it had previously claimed. If no +more owners exist, the capability will be deleted globally. + +```go +func (sck ScopedCapabilityKeeper) ReleaseCapability(ctx Context, capability Capability) err { + persistentStore := ctx.KVStore(sck.persistentKey) + + name := capStore.Get(sck.moduleName + "/fwd/" + capability) + if name == nil { + return error("capability not owned by module") + } + + // delete forward mapping in memory store + memoryStore.Delete(sck.moduleName + "/fwd/" + capability, name) + + // delete reverse mapping in memory store + memoryStore.Delete(sck.moduleName + "/rev/" + name, capability) + + // update owner set in persistent store + owners := persistentStore.Get(capability.Index()) + owners.remove(sck.moduleName + "/" + name) + if owners.size() > 0 { + // there are still other owners, keep the capability around + persistentStore.Set(capability.Index(), owners) + } else { + // no more owners, delete the capability + persistentStore.Delete(capability.Index()) + delete(capMap[capability.Index()]) + } +} +``` + +### Usage patterns + +#### Initialisation + +Any modules which use dynamic capabilities must be provided a `ScopedCapabilityKeeper` in `app.go`: + +```go +ck := NewCapabilityKeeper(persistentKey, memoryKey) +mod1Keeper := NewMod1Keeper(ck.ScopeToModule("mod1"), ....) +mod2Keeper := NewMod2Keeper(ck.ScopeToModule("mod2"), ....) + +// other initialisation logic ... + +// load initial state... + +ck.InitialiseAndSeal(initialContext) +``` + +#### Creating, passing, claiming and using capabilities + +Consider the case where `mod1` wants to create a capability, associate it with a resource (e.g. an IBC channel) by name, then pass it to `mod2` which will use it later: + +Module 1 would have the following code: + +```go +capability := scopedCapabilityKeeper.NewCapability(ctx, "resourceABC") +mod2Keeper.SomeFunction(ctx, capability, args...) +``` + +`SomeFunction`, running in module 2, could then claim the capability: + +```go +func (k Mod2Keeper) SomeFunction(ctx Context, capability Capability) { + k.sck.ClaimCapability(ctx, capability, "resourceABC") + // other logic... +} +``` + +Later on, module 2 can retrieve that capability by name and pass it to module 1, which will authenticate it against the resource: + +```go +func (k Mod2Keeper) SomeOtherFunction(ctx Context, name string) { + capability := k.sck.GetCapability(ctx, name) + mod1.UseResource(ctx, capability, "resourceABC") +} +``` + +Module 1 will then check that this capability key is authenticated to use the resource before allowing module 2 to use it: + +```go +func (k Mod1Keeper) UseResource(ctx Context, capability Capability, resource string) { + if !k.sck.AuthenticateCapability(name, capability) { + return errors.New("unauthenticated") + } + // do something with the resource +} +``` + +If module 2 passed the capability key to module 3, module 3 could then claim it and call module 1 just like module 2 did +(in which case module 1, module 2, and module 3 would all be able to use this capability). + +## Status + +Proposed. + +## Consequences + +### Positive + +* Dynamic capability support. +* Allows CapabilityKeeper to return same capability pointer from go-map while reverting any writes to the persistent `KVStore` and in-memory `MemoryStore` on tx failure. + +### Negative + +* Requires an additional keeper. +* Some overlap with existing `StoreKey` system (in the future they could be combined, since this is a superset functionality-wise). +* Requires an extra level of indirection in the reverse mapping, since MemoryStore must map to index which must then be used as key in a go map to retrieve the actual capability + +### Neutral + +(none known) + +## References + +* [Original discussion](https://github.com/cosmos/cosmos-sdk/pull/5230#discussion_r343978513) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-004-split-denomination-keys.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-004-split-denomination-keys.md new file mode 100644 index 00000000..8abf25fd --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-004-split-denomination-keys.md @@ -0,0 +1,120 @@ +# ADR 004: Split Denomination Keys + +## Changelog + +* 2020-01-08: Initial version +* 2020-01-09: Alterations to handle vesting accounts +* 2020-01-14: Updates from review feedback +* 2020-01-30: Updates from implementation + +### Glossary + +* denom / denomination key -- unique token identifier. + +## Context + +With permissionless IBC, anyone will be able to send arbitrary denominations to any other account. Currently, all non-zero balances are stored along with the account in an `sdk.Coins` struct, which creates a potential denial-of-service concern, as too many denominations will become expensive to load & store each time the account is modified. See issues [5467](https://github.com/cosmos/cosmos-sdk/issues/5467) and [4982](https://github.com/cosmos/cosmos-sdk/issues/4982) for additional context. + +Simply rejecting incoming deposits after a denomination count limit doesn't work, since it opens up a griefing vector: someone could send a user lots of nonsensical coins over IBC, and then prevent the user from receiving real denominations (such as staking rewards). + +## Decision + +Balances shall be stored per-account & per-denomination under a denomination- and account-unique key, thus enabling O(1) read & write access to the balance of a particular account in a particular denomination. + +### Account interface (x/auth) + +`GetCoins()` and `SetCoins()` will be removed from the account interface, since coin balances will +now be stored in & managed by the bank module. + +The vesting account interface will replace `SpendableCoins` in favor of `LockedCoins` which does +not require the account balance anymore. In addition, `TrackDelegation()` will now accept the +account balance of all tokens denominated in the vesting balance instead of loading the entire +account balance. + +Vesting accounts will continue to store original vesting, delegated free, and delegated +vesting coins (which is safe since these cannot contain arbitrary denominations). + +### Bank keeper (x/bank) + +The following APIs will be added to the `x/bank` keeper: + +* `GetAllBalances(ctx Context, addr AccAddress) Coins` +* `GetBalance(ctx Context, addr AccAddress, denom string) Coin` +* `SetBalance(ctx Context, addr AccAddress, coin Coin)` +* `LockedCoins(ctx Context, addr AccAddress) Coins` +* `SpendableCoins(ctx Context, addr AccAddress) Coins` + +Additional APIs may be added to facilitate iteration and auxiliary functionality not essential to +core functionality or persistence. + +Balances will be stored first by the address, then by the denomination (the reverse is also possible, +but retrieval of all balances for a single account is presumed to be more frequent): + +```go +var BalancesPrefix = []byte("balances") + +func (k Keeper) SetBalance(ctx Context, addr AccAddress, balance Coin) error { + if !balance.IsValid() { + return err + } + + store := ctx.KVStore(k.storeKey) + balancesStore := prefix.NewStore(store, BalancesPrefix) + accountStore := prefix.NewStore(balancesStore, addr.Bytes()) + + bz := Marshal(balance) + accountStore.Set([]byte(balance.Denom), bz) + + return nil +} +``` + +This will result in the balances being indexed by the byte representation of +`balances/{address}/{denom}`. + +`DelegateCoins()` and `UndelegateCoins()` will be altered to only load each individual +account balance by denomination found in the (un)delegation amount. As a result, +any mutations to the account balance by will made by denomination. + +`SubtractCoins()` and `AddCoins()` will be altered to read & write the balances +directly instead of calling `GetCoins()` / `SetCoins()` (which no longer exist). + +`trackDelegation()` and `trackUndelegation()` will be altered to no longer update +account balances. + +External APIs will need to scan all balances under an account to retain backwards-compatibility. It +is advised that these APIs use `GetBalance` and `SetBalance` instead of `GetAllBalances` when +possible as to not load the entire account balance. + +### Supply module + +The supply module, in order to implement the total supply invariant, will now need +to scan all accounts & call `GetAllBalances` using the `x/bank` Keeper, then sum +the balances and check that they match the expected total supply. + +## Status + +Accepted. + +## Consequences + +### Positive + +* O(1) reads & writes of balances (with respect to the number of denominations for +which an account has non-zero balances). Note, this does not relate to the actual +I/O cost, rather the total number of direct reads needed. + +### Negative + +* Slightly less efficient reads/writes when reading & writing all balances of a +single account in a transaction. + +### Neutral + +None in particular. + +## References + +* Ref: https://github.com/cosmos/cosmos-sdk/issues/4982 +* Ref: https://github.com/cosmos/cosmos-sdk/issues/5467 +* Ref: https://github.com/cosmos/cosmos-sdk/issues/5492 diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-006-secret-store-replacement.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-006-secret-store-replacement.md new file mode 100644 index 00000000..fe2e2546 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-006-secret-store-replacement.md @@ -0,0 +1,54 @@ +# ADR 006: Secret Store Replacement + +## Changelog + +* July 29th, 2019: Initial draft +* September 11th, 2019: Work has started +* November 4th: Cosmos SDK changes merged in +* November 18th: Gaia changes merged in + +## Context + +Currently, a Cosmos SDK application's CLI directory stores key material and metadata in a plain text database in the user’s home directory. Key material is encrypted by a passphrase, protected by bcrypt hashing algorithm. Metadata (e.g. addresses, public keys, key storage details) is available in plain text. + +This is not desirable for a number of reasons. Perhaps the biggest reason is insufficient security protection of key material and metadata. Leaking the plain text allows an attacker to surveil what keys a given computer controls via a number of techniques, like compromised dependencies without any privilege execution. This could be followed by a more targeted attack on a particular user/computer. + +All modern desktop computers OS (Ubuntu, Debian, MacOS, Windows) provide a built-in secret store that is designed to allow applications to store information that is isolated from all other applications and requires passphrase entry to access the data. + +We are seeking solution that provides a common abstraction layer to the many different backends and reasonable fallback for minimal platforms that don’t provide a native secret store. + +## Decision + +We recommend replacing the current Keybase backend based on LevelDB with [Keyring](https://github.com/99designs/keyring) by 99 designs. This application is designed to provide a common abstraction and uniform interface between many secret stores and is used by AWS Vault application by 99-designs application. + +This appears to fulfill the requirement of protecting both key material and metadata from rouge software on a user’s machine. + +## Status + +Accepted + +## Consequences + +### Positive + +Increased safety for users. + +### Negative + +Users must manually migrate. + +Testing against all supported backends is difficult. + +Running tests locally on a Mac require numerous repetitive password entries. + +### Neutral + +{neutral consequences} + +## References + +* #4754 Switch secret store to the keyring secret store (original PR by @poldsam) [__CLOSED__] +* #5029 Add support for github.com/99designs/keyring-backed keybases [__MERGED__] +* #5097 Add keys migrate command [__MERGED__] +* #5180 Drop on-disk keybase in favor of keyring [_PENDING_REVIEW_] +* cosmos/gaia#164 Drop on-disk keybase in favor of keyring (gaia's changes) [_PENDING_REVIEW_] diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-007-specialization-groups.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-007-specialization-groups.md new file mode 100644 index 00000000..9a351dd1 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-007-specialization-groups.md @@ -0,0 +1,177 @@ +# ADR 007: Specialization Groups + +## Changelog + +* 2019 Jul 31: Initial Draft + +## Context + +This idea was first conceived of in order to fulfill the use case of the +creation of a decentralized Computer Emergency Response Team (dCERT), whose +members would be elected by a governing community and would fulfill the role of +coordinating the community under emergency situations. This thinking +can be further abstracted into the conception of "blockchain specialization +groups". + +The creation of these groups are the beginning of specialization capabilities +within a wider blockchain community which could be used to enable a certain +level of delegated responsibilities. Examples of specialization which could be +beneficial to a blockchain community include: code auditing, emergency response, +code development etc. This type of community organization paves the way for +individual stakeholders to delegate votes by issue type, if in the future +governance proposals include a field for issue type. + +## Decision + +A specialization group can be broadly broken down into the following functions +(herein containing examples): + +* Membership Admittance +* Membership Acceptance +* Membership Revocation + * (probably) Without Penalty + * member steps down (self-Revocation) + * replaced by new member from governance + * (probably) With Penalty + * due to breach of soft-agreement (determined through governance) + * due to breach of hard-agreement (determined by code) +* Execution of Duties + * Special transactions which only execute for members of a specialization + group (for example, dCERT members voting to turn off transaction routes in + an emergency scenario) +* Compensation + * Group compensation (further distribution decided by the specialization group) + * Individual compensation for all constituents of a group from the + greater community + +Membership admittance to a specialization group could take place over a wide +variety of mechanisms. The most obvious example is through a general vote among +the entire community, however in certain systems a community may want to allow +the members already in a specialization group to internally elect new members, +or maybe the community may assign a permission to a particular specialization +group to appoint members to other 3rd party groups. The sky is really the limit +as to how membership admittance can be structured. We attempt to capture +some of these possiblities in a common interface dubbed the `Electionator`. For +its initial implementation as a part of this ADR we recommend that the general +election abstraction (`Electionator`) is provided as well as a basic +implementation of that abstraction which allows for a continuous election of +members of a specialization group. + +``` golang +// The Electionator abstraction covers the concept space for +// a wide variety of election kinds. +type Electionator interface { + + // is the election object accepting votes. + Active() bool + + // functionality to execute for when a vote is cast in this election, here + // the vote field is anticipated to be marshalled into a vote type used + // by an election. + // + // NOTE There are no explicit ids here. Just votes which pertain specifically + // to one electionator. Anyone can create and send a vote to the electionator item + // which will presumably attempt to marshal those bytes into a particular struct + // and apply the vote information in some arbitrary way. There can be multiple + // Electionators within the Cosmos-Hub for multiple specialization groups, votes + // would need to be routed to the Electionator upstream of here. + Vote(addr sdk.AccAddress, vote []byte) + + // here lies all functionality to authenticate and execute changes for + // when a member accepts being elected + AcceptElection(sdk.AccAddress) + + // Register a revoker object + RegisterRevoker(Revoker) + + // No more revokers may be registered after this function is called + SealRevokers() + + // register hooks to call when an election actions occur + RegisterHooks(ElectionatorHooks) + + // query for the current winner(s) of this election based on arbitrary + // election ruleset + QueryElected() []sdk.AccAddress + + // query metadata for an address in the election this + // could include for example position that an address + // is being elected for within a group + // + // this metadata may be directly related to + // voting information and/or privileges enabled + // to members within a group. + QueryMetadata(sdk.AccAddress) []byte +} + +// ElectionatorHooks, once registered with an Electionator, +// trigger execution of relevant interface functions when +// Electionator events occur. +type ElectionatorHooks interface { + AfterVoteCast(addr sdk.AccAddress, vote []byte) + AfterMemberAccepted(addr sdk.AccAddress) + AfterMemberRevoked(addr sdk.AccAddress, cause []byte) +} + +// Revoker defines the function required for a membership revocation rule-set +// used by a specialization group. This could be used to create self revoking, +// and evidence based revoking, etc. Revokers types may be created and +// reused for different election types. +// +// When revoking the "cause" bytes may be arbitrarily marshalled into evidence, +// memos, etc. +type Revoker interface { + RevokeName() string // identifier for this revoker type + RevokeMember(addr sdk.AccAddress, cause []byte) error +} +``` + +Certain level of commonality likely exists between the existing code within +`x/governance` and required functionality of elections. This common +functionality should be abstracted during implementation. Similarly for each +vote implementation client CLI/REST functionality should be abstracted +to be reused for multiple elections. + +The specialization group abstraction firstly extends the `Electionator` +but also further defines traits of the group. + +``` golang +type SpecializationGroup interface { + Electionator + GetName() string + GetDescription() string + + // general soft contract the group is expected + // to fulfill with the greater community + GetContract() string + + // messages which can be executed by the members of the group + Handler(ctx sdk.Context, msg sdk.Msg) sdk.Result + + // logic to be executed at endblock, this may for instance + // include payment of a stipend to the group members + // for participation in the security group. + EndBlocker(ctx sdk.Context) +} +``` + +## Status + +> Proposed + +## Consequences + +### Positive + +* increases specialization capabilities of a blockchain +* improve abstractions in `x/gov/` such that they can be used with specialization groups + +### Negative + +* could be used to increase centralization within a community + +### Neutral + +## References + +* [dCERT ADR](adr-008-dCERT-group.md) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-008-dCERT-group.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-008-dCERT-group.md new file mode 100644 index 00000000..2097bf1b --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-008-dCERT-group.md @@ -0,0 +1,171 @@ +# ADR 008: Decentralized Computer Emergency Response Team (dCERT) Group + +## Changelog + +* 2019 Jul 31: Initial Draft + +## Context + +In order to reduce the number of parties involved with handling sensitive +information in an emergency scenario, we propose the creation of a +specialization group named The Decentralized Computer Emergency Response Team +(dCERT). Initially this group's role is intended to serve as coordinators +between various actors within a blockchain community such as validators, +bug-hunters, and developers. During a time of crisis, the dCERT group would +aggregate and relay input from a variety of stakeholders to the developers who +are actively devising a patch to the software, this way sensitive information +does not need to be publicly disclosed while some input from the community can +still be gained. + +Additionally, a special privilege is proposed for the dCERT group: the capacity +to "circuit-break" (aka. temporarily disable) a particular message path. Note +that this privilege should be enabled/disabled globally with a governance +parameter such that this privilege could start disabled and later be enabled +through a parameter change proposal, once a dCERT group has been established. + +In the future it is foreseeable that the community may wish to expand the roles +of dCERT with further responsibilities such as the capacity to "pre-approve" a +security update on behalf of the community prior to a full community +wide vote whereby the sensitive information would be revealed prior to a +vulnerability being patched on the live network. + +## Decision + +The dCERT group is proposed to include an implementation of a `SpecializationGroup` +as defined in [ADR 007](adr-007-specialization-groups.md). This will include the +implementation of: + +* continuous voting +* slashing due to breach of soft contract +* revoking a member due to breach of soft contract +* emergency disband of the entire dCERT group (ex. for colluding maliciously) +* compensation stipend from the community pool or other means decided by + governance + +This system necessitates the following new parameters: + +* blockly stipend allowance per dCERT member +* maximum number of dCERT members +* required staked slashable tokens for each dCERT member +* quorum for suspending a particular member +* proposal wager for disbanding the dCERT group +* stabilization period for dCERT member transition +* circuit break dCERT privileges enabled + +These parameters are expected to be implemented through the param keeper such +that governance may change them at any given point. + +### Continuous Voting Electionator + +An `Electionator` object is to be implemented as continuous voting and with the +following specifications: + +* All delegation addresses may submit votes at any point which updates their + preferred representation on the dCERT group. +* Preferred representation may be arbitrarily split between addresses (ex. 50% + to John, 25% to Sally, 25% to Carol) +* In order for a new member to be added to the dCERT group they must + send a transaction accepting their admission at which point the validity of + their admission is to be confirmed. + * A sequence number is assigned when a member is added to dCERT group. + If a member leaves the dCERT group and then enters back, a new sequence number + is assigned. +* Addresses which control the greatest amount of preferred-representation are + eligible to join the dCERT group (up the _maximum number of dCERT members_). + If the dCERT group is already full and new member is admitted, the existing + dCERT member with the lowest amount of votes is kicked from the dCERT group. + * In the split situation where the dCERT group is full but a vying candidate + has the same amount of vote as an existing dCERT member, the existing + member should maintain its position. + * In the split situation where somebody must be kicked out but the two + addresses with the smallest number of votes have the same number of votes, + the address with the smallest sequence number maintains its position. +* A stabilization period can be optionally included to reduce the + "flip-flopping" of the dCERT membership tail members. If a stabilization + period is provided which is greater than 0, when members are kicked due to + insufficient support, a queue entry is created which documents which member is + to replace which other member. While this entry is in the queue, no new entries + to kick that same dCERT member can be made. When the entry matures at the + duration of the stabilization period, the new member is instantiated, and old + member kicked. + +### Staking/Slashing + +All members of the dCERT group must stake tokens _specifically_ to maintain +eligibility as a dCERT member. These tokens can be staked directly by the vying +dCERT member or out of the good will of a 3rd party (who shall gain no on-chain +benefits for doing so). This staking mechanism should use the existing global +unbonding time of tokens staked for network validator security. A dCERT member +can _only be_ a member if it has the required tokens staked under this +mechanism. If those tokens are unbonded then the dCERT member must be +automatically kicked from the group. + +Slashing of a particular dCERT member due to soft-contract breach should be +performed by governance on a per member basis based on the magnitude of the +breach. The process flow is anticipated to be that a dCERT member is suspended +by the dCERT group prior to being slashed by governance. + +Membership suspension by the dCERT group takes place through a voting procedure +by the dCERT group members. After this suspension has taken place, a governance +proposal to slash the dCERT member must be submitted, if the proposal is not +approved by the time the rescinding member has completed unbonding their +tokens, then the tokens are no longer staked and unable to be slashed. + +Additionally in the case of an emergency situation of a colluding and malicious +dCERT group, the community needs the capability to disband the entire dCERT +group and likely fully slash them. This could be achieved though a special new +proposal type (implemented as a general governance proposal) which would halt +the functionality of the dCERT group until the proposal was concluded. This +special proposal type would likely need to also have a fairly large wager which +could be slashed if the proposal creator was malicious. The reason a large +wager should be required is because as soon as the proposal is made, the +capability of the dCERT group to halt message routes is put on temporarily +suspended, meaning that a malicious actor who created such a proposal could +then potentially exploit a bug during this period of time, with no dCERT group +capable of shutting down the exploitable message routes. + +### dCERT membership transactions + +Active dCERT members + +* change of the description of the dCERT group +* circuit break a message route +* vote to suspend a dCERT member. + +Here circuit-breaking refers to the capability to disable a groups of messages, +This could for instance mean: "disable all staking-delegation messages", or +"disable all distribution messages". This could be accomplished by verifying +that the message route has not been "circuit-broken" at CheckTx time (in +`baseapp/baseapp.go`). + +"unbreaking" a circuit is anticipated only to occur during a hard fork upgrade +meaning that no capability to unbreak a message route on a live chain is +required. + +Note also, that if there was a problem with governance voting (for instance a +capability to vote many times) then governance would be broken and should be +halted with this mechanism, it would be then up to the validator set to +coordinate and hard-fork upgrade to a patched version of the software where +governance is re-enabled (and fixed). If the dCERT group abuses this privilege +they should all be severely slashed. + +## Status + +> Proposed + +## Consequences + +### Positive + +* Potential to reduces the number of parties to coordinate with during an emergency +* Reduction in possibility of disclosing sensitive information to malicious parties + +### Negative + +* Centralization risks + +### Neutral + +## References + + [Specialization Groups ADR](adr-007-specialization-groups.md) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-009-evidence-module.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-009-evidence-module.md new file mode 100644 index 00000000..ded04a14 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-009-evidence-module.md @@ -0,0 +1,182 @@ +# ADR 009: Evidence Module + +## Changelog + +* 2019 July 31: Initial draft +* 2019 October 24: Initial implementation + +## Status + +Accepted + +## Context + +In order to support building highly secure, robust and interoperable blockchain +applications, it is vital for the Cosmos SDK to expose a mechanism in which arbitrary +evidence can be submitted, evaluated and verified resulting in some agreed upon +penalty for any misbehavior committed by a validator, such as equivocation (double-voting), +signing when unbonded, signing an incorrect state transition (in the future), etc. +Furthermore, such a mechanism is paramount for any +[IBC](https://github.com/cosmos/ics/blob/master/ibc/2_IBC_ARCHITECTURE.md) or +cross-chain validation protocol implementation in order to support the ability +for any misbehavior to be relayed back from a collateralized chain to a primary +chain so that the equivocating validator(s) can be slashed. + +## Decision + +We will implement an evidence module in the Cosmos SDK supporting the following +functionality: + +* Provide developers with the abstractions and interfaces necessary to define + custom evidence messages, message handlers, and methods to slash and penalize + accordingly for misbehavior. +* Support the ability to route evidence messages to handlers in any module to + determine the validity of submitted misbehavior. +* Support the ability, through governance, to modify slashing penalties of any + evidence type. +* Querier implementation to support querying params, evidence types, params, and + all submitted valid misbehavior. + +### Types + +First, we define the `Evidence` interface type. The `x/evidence` module may implement +its own types that can be used by many chains (e.g. `CounterFactualEvidence`). +In addition, other modules may implement their own `Evidence` types in a similar +manner in which governance is extensible. It is important to note any concrete +type implementing the `Evidence` interface may include arbitrary fields such as +an infraction time. We want the `Evidence` type to remain as flexible as possible. + +When submitting evidence to the `x/evidence` module, the concrete type must provide +the validator's consensus address, which should be known by the `x/slashing` +module (assuming the infraction is valid), the height at which the infraction +occurred and the validator's power at same height in which the infraction occurred. + +```go +type Evidence interface { + Route() string + Type() string + String() string + Hash() HexBytes + ValidateBasic() error + + // The consensus address of the malicious validator at time of infraction + GetConsensusAddress() ConsAddress + + // Height at which the infraction occurred + GetHeight() int64 + + // The total power of the malicious validator at time of infraction + GetValidatorPower() int64 + + // The total validator set power at time of infraction + GetTotalPower() int64 +} +``` + +### Routing & Handling + +Each `Evidence` type must map to a specific unique route and be registered with +the `x/evidence` module. It accomplishes this through the `Router` implementation. + +```go +type Router interface { + AddRoute(r string, h Handler) Router + HasRoute(r string) bool + GetRoute(path string) Handler + Seal() +} +``` + +Upon successful routing through the `x/evidence` module, the `Evidence` type +is passed through a `Handler`. This `Handler` is responsible for executing all +corresponding business logic necessary for verifying the evidence as valid. In +addition, the `Handler` may execute any necessary slashing and potential jailing. +Since slashing fractions will typically result from some form of static functions, +allow the `Handler` to do this provides the greatest flexibility. An example could +be `k * evidence.GetValidatorPower()` where `k` is an on-chain parameter controlled +by governance. The `Evidence` type should provide all the external information +necessary in order for the `Handler` to make the necessary state transitions. +If no error is returned, the `Evidence` is considered valid. + +```go +type Handler func(Context, Evidence) error +``` + +### Submission + +`Evidence` is submitted through a `MsgSubmitEvidence` message type which is internally +handled by the `x/evidence` module's `SubmitEvidence`. + +```go +type MsgSubmitEvidence struct { + Evidence +} + +func handleMsgSubmitEvidence(ctx Context, keeper Keeper, msg MsgSubmitEvidence) Result { + if err := keeper.SubmitEvidence(ctx, msg.Evidence); err != nil { + return err.Result() + } + + // emit events... + + return Result{ + // ... + } +} +``` + +The `x/evidence` module's keeper is responsible for matching the `Evidence` against +the module's router and invoking the corresponding `Handler` which may include +slashing and jailing the validator. Upon success, the submitted evidence is persisted. + +```go +func (k Keeper) SubmitEvidence(ctx Context, evidence Evidence) error { + handler := keeper.router.GetRoute(evidence.Route()) + if err := handler(ctx, evidence); err != nil { + return ErrInvalidEvidence(keeper.codespace, err) + } + + keeper.setEvidence(ctx, evidence) + return nil +} +``` + +### Genesis + +Finally, we need to represent the genesis state of the `x/evidence` module. The +module only needs a list of all submitted valid infractions and any necessary params +for which the module needs in order to handle submitted evidence. The `x/evidence` +module will naturally define and route native evidence types for which it'll most +likely need slashing penalty constants for. + +```go +type GenesisState struct { + Params Params + Infractions []Evidence +} +``` + +## Consequences + +### Positive + +* Allows the state machine to process misbehavior submitted on-chain and penalize + validators based on agreed upon slashing parameters. +* Allows evidence types to be defined and handled by any module. This further allows + slashing and jailing to be defined by more complex mechanisms. +* Does not solely rely on Tendermint to submit evidence. + +### Negative + +* No easy way to introduce new evidence types through governance on a live chain + due to the inability to introduce the new evidence type's corresponding handler + +### Neutral + +* Should we persist infractions indefinitely? Or should we rather rely on events? + +## References + +* [ICS](https://github.com/cosmos/ics) +* [IBC Architecture](https://github.com/cosmos/ics/blob/master/ibc/1_IBC_ARCHITECTURE.md) +* [Tendermint Fork Accountability](https://github.com/tendermint/spec/blob/7b3138e69490f410768d9b1ffc7a17abc23ea397/spec/consensus/fork-accountability.md) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-010-modular-antehandler.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-010-modular-antehandler.md new file mode 100644 index 00000000..386af1a7 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-010-modular-antehandler.md @@ -0,0 +1,290 @@ +# ADR 010: Modular AnteHandler + +## Changelog + +* 2019 Aug 31: Initial draft +* 2021 Sep 14: Superseded by ADR-045 + +## Status + +SUPERSEDED by ADR-045 + +## Context + +The current AnteHandler design allows users to either use the default AnteHandler provided in `x/auth` or to build their own AnteHandler from scratch. Ideally AnteHandler functionality is split into multiple, modular functions that can be chained together along with custom ante-functions so that users do not have to rewrite common antehandler logic when they want to implement custom behavior. + +For example, let's say a user wants to implement some custom signature verification logic. In the current codebase, the user would have to write their own Antehandler from scratch largely reimplementing much of the same code and then set their own custom, monolithic antehandler in the baseapp. Instead, we would like to allow users to specify custom behavior when necessary and combine them with default ante-handler functionality in a way that is as modular and flexible as possible. + +## Proposals + +### Per-Module AnteHandler + +One approach is to use the [ModuleManager](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/types/module) and have each module implement its own antehandler if it requires custom antehandler logic. The ModuleManager can then be passed in an AnteHandler order in the same way it has an order for BeginBlockers and EndBlockers. The ModuleManager returns a single AnteHandler function that will take in a tx and run each module's `AnteHandle` in the specified order. The module manager's AnteHandler is set as the baseapp's AnteHandler. + +Pros: + +1. Simple to implement +2. Utilizes the existing ModuleManager architecture + +Cons: + +1. Improves granularity but still cannot get more granular than a per-module basis. e.g. If auth's `AnteHandle` function is in charge of validating memo and signatures, users cannot swap the signature-checking functionality while keeping the rest of auth's `AnteHandle` functionality. +2. Module AnteHandler are run one after the other. There is no way for one AnteHandler to wrap or "decorate" another. + +### Decorator Pattern + +The [weave project](https://github.com/iov-one/weave) achieves AnteHandler modularity through the use of a decorator pattern. The interface is designed as follows: + +```go +// Decorator wraps a Handler to provide common functionality +// like authentication, or fee-handling, to many Handlers +type Decorator interface { + Check(ctx Context, store KVStore, tx Tx, next Checker) (*CheckResult, error) + Deliver(ctx Context, store KVStore, tx Tx, next Deliverer) (*DeliverResult, error) +} +``` + +Each decorator works like a modularized Cosmos SDK antehandler function, but it can take in a `next` argument that may be another decorator or a Handler (which does not take in a next argument). These decorators can be chained together, one decorator being passed in as the `next` argument of the previous decorator in the chain. The chain ends in a Router which can take a tx and route to the appropriate msg handler. + +A key benefit of this approach is that one Decorator can wrap its internal logic around the next Checker/Deliverer. A weave Decorator may do the following: + +```go +// Example Decorator's Deliver function +func (example Decorator) Deliver(ctx Context, store KVStore, tx Tx, next Deliverer) { + // Do some pre-processing logic + + res, err := next.Deliver(ctx, store, tx) + + // Do some post-processing logic given the result and error +} +``` + +Pros: + +1. Weave Decorators can wrap over the next decorator/handler in the chain. The ability to both pre-process and post-process may be useful in certain settings. +2. Provides a nested modular structure that isn't possible in the solution above, while also allowing for a linear one-after-the-other structure like the solution above. + +Cons: + +1. It is hard to understand at first glance the state updates that would occur after a Decorator runs given the `ctx`, `store`, and `tx`. A Decorator can have an arbitrary number of nested Decorators being called within its function body, each possibly doing some pre- and post-processing before calling the next decorator on the chain. Thus to understand what a Decorator is doing, one must also understand what every other decorator further along the chain is also doing. This can get quite complicated to understand. A linear, one-after-the-other approach while less powerful, may be much easier to reason about. + +### Chained Micro-Functions + +The benefit of Weave's approach is that the Decorators can be very concise, which when chained together allows for maximum customizability. However, the nested structure can get quite complex and thus hard to reason about. + +Another approach is to split the AnteHandler functionality into tightly scoped "micro-functions", while preserving the one-after-the-other ordering that would come from the ModuleManager approach. + +We can then have a way to chain these micro-functions so that they run one after the other. Modules may define multiple ante micro-functions and then also provide a default per-module AnteHandler that implements a default, suggested order for these micro-functions. + +Users can order the AnteHandlers easily by simply using the ModuleManager. The ModuleManager will take in a list of AnteHandlers and return a single AnteHandler that runs each AnteHandler in the order of the list provided. If the user is comfortable with the default ordering of each module, this is as simple as providing a list with each module's antehandler (exactly the same as BeginBlocker and EndBlocker). + +If however, users wish to change the order or add, modify, or delete ante micro-functions in anyway; they can always define their own ante micro-functions and add them explicitly to the list that gets passed into module manager. + +#### Default Workflow + +This is an example of a user's AnteHandler if they choose not to make any custom micro-functions. + +##### Cosmos SDK code + +```go +// Chains together a list of AnteHandler micro-functions that get run one after the other. +// Returned AnteHandler will abort on first error. +func Chainer(order []AnteHandler) AnteHandler { + return func(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + for _, ante := range order { + ctx, err := ante(ctx, tx, simulate) + if err != nil { + return ctx, err + } + } + return ctx, err + } +} +``` + +```go +// AnteHandler micro-function to verify signatures +func VerifySignatures(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + // verify signatures + // Returns InvalidSignature Result and abort=true if sigs invalid + // Return OK result and abort=false if sigs are valid +} + +// AnteHandler micro-function to validate memo +func ValidateMemo(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + // validate memo +} + +// Auth defines its own default ante-handler by chaining its micro-functions in a recommended order +AuthModuleAnteHandler := Chainer([]AnteHandler{VerifySignatures, ValidateMemo}) +``` + +```go +// Distribution micro-function to deduct fees from tx +func DeductFees(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + // Deduct fees from tx + // Abort if insufficient funds in account to pay for fees +} + +// Distribution micro-function to check if fees > mempool parameter +func CheckMempoolFees(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + // If CheckTx: Abort if the fees are less than the mempool's minFee parameter +} + +// Distribution defines its own default ante-handler by chaining its micro-functions in a recommended order +DistrModuleAnteHandler := Chainer([]AnteHandler{CheckMempoolFees, DeductFees}) +``` + +```go +type ModuleManager struct { + // other fields + AnteHandlerOrder []AnteHandler +} + +func (mm ModuleManager) GetAnteHandler() AnteHandler { + retun Chainer(mm.AnteHandlerOrder) +} +``` + +##### User Code + +```go +// Note: Since user is not making any custom modifications, we can just SetAnteHandlerOrder with the default AnteHandlers provided by each module in our preferred order +moduleManager.SetAnteHandlerOrder([]AnteHandler(AuthModuleAnteHandler, DistrModuleAnteHandler)) + +app.SetAnteHandler(mm.GetAnteHandler()) +``` + +#### Custom Workflow + +This is an example workflow for a user that wants to implement custom antehandler logic. In this example, the user wants to implement custom signature verification and change the order of antehandler so that validate memo runs before signature verification. + +##### User Code + +```go +// User can implement their own custom signature verification antehandler micro-function +func CustomSigVerify(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + // do some custom signature verification logic +} +``` + +```go +// Micro-functions allow users to change order of when they get executed, and swap out default ante-functionality with their own custom logic. +// Note that users can still chain the default distribution module handler, and auth micro-function along with their custom ante function +moduleManager.SetAnteHandlerOrder([]AnteHandler(ValidateMemo, CustomSigVerify, DistrModuleAnteHandler)) +``` + +Pros: + +1. Allows for ante functionality to be as modular as possible. +2. For users that do not need custom ante-functionality, there is little difference between how antehandlers work and how BeginBlock and EndBlock work in ModuleManager. +3. Still easy to understand + +Cons: + +1. Cannot wrap antehandlers with decorators like you can with Weave. + +### Simple Decorators + +This approach takes inspiration from Weave's decorator design while trying to minimize the number of breaking changes to the Cosmos SDK and maximizing simplicity. Like Weave decorators, this approach allows one `AnteDecorator` to wrap the next AnteHandler to do pre- and post-processing on the result. This is useful since decorators can do defer/cleanups after an AnteHandler returns as well as perform some setup beforehand. Unlike Weave decorators, these `AnteDecorator` functions can only wrap over the AnteHandler rather than the entire handler execution path. This is deliberate as we want decorators from different modules to perform authentication/validation on a `tx`. However, we do not want decorators being capable of wrapping and modifying the results of a `MsgHandler`. + +In addition, this approach will not break any core Cosmos SDK API's. Since we preserve the notion of an AnteHandler and still set a single AnteHandler in baseapp, the decorator is simply an additional approach available for users that desire more customization. The API of modules (namely `x/auth`) may break with this approach, but the core API remains untouched. + +Allow Decorator interface that can be chained together to create a Cosmos SDK AnteHandler. + +This allows users to choose between implementing an AnteHandler by themselves and setting it in the baseapp, or use the decorator pattern to chain their custom decorators with the Cosmos SDK provided decorators in the order they wish. + +```go +// An AnteDecorator wraps an AnteHandler, and can do pre- and post-processing on the next AnteHandler +type AnteDecorator interface { + AnteHandle(ctx Context, tx Tx, simulate bool, next AnteHandler) (newCtx Context, err error) +} +``` + +```go +// ChainAnteDecorators will recursively link all of the AnteDecorators in the chain and return a final AnteHandler function +// This is done to preserve the ability to set a single AnteHandler function in the baseapp. +func ChainAnteDecorators(chain ...AnteDecorator) AnteHandler { + if len(chain) == 1 { + return func(ctx Context, tx Tx, simulate bool) { + chain[0].AnteHandle(ctx, tx, simulate, nil) + } + } + return func(ctx Context, tx Tx, simulate bool) { + chain[0].AnteHandle(ctx, tx, simulate, ChainAnteDecorators(chain[1:])) + } +} +``` + +#### Example Code + +Define AnteDecorator functions + +```go +// Setup GasMeter, catch OutOfGasPanic and handle appropriately +type SetUpContextDecorator struct{} + +func (sud SetUpContextDecorator) AnteHandle(ctx Context, tx Tx, simulate bool, next AnteHandler) (newCtx Context, err error) { + ctx.GasMeter = NewGasMeter(tx.Gas) + + defer func() { + // recover from OutOfGas panic and handle appropriately + } + + return next(ctx, tx, simulate) +} + +// Signature Verification decorator. Verify Signatures and move on +type SigVerifyDecorator struct{} + +func (svd SigVerifyDecorator) AnteHandle(ctx Context, tx Tx, simulate bool, next AnteHandler) (newCtx Context, err error) { + // verify sigs. Return error if invalid + + // call next antehandler if sigs ok + return next(ctx, tx, simulate) +} + +// User-defined Decorator. Can choose to pre- and post-process on AnteHandler +type UserDefinedDecorator struct{ + // custom fields +} + +func (udd UserDefinedDecorator) AnteHandle(ctx Context, tx Tx, simulate bool, next AnteHandler) (newCtx Context, err error) { + // pre-processing logic + + ctx, err = next(ctx, tx, simulate) + + // post-processing logic +} +``` + +Link AnteDecorators to create a final AnteHandler. Set this AnteHandler in baseapp. + +```go +// Create final antehandler by chaining the decorators together +antehandler := ChainAnteDecorators(NewSetUpContextDecorator(), NewSigVerifyDecorator(), NewUserDefinedDecorator()) + +// Set chained Antehandler in the baseapp +bapp.SetAnteHandler(antehandler) +``` + +Pros: + +1. Allows one decorator to pre- and post-process the next AnteHandler, similar to the Weave design. +2. Do not need to break baseapp API. Users can still set a single AnteHandler if they choose. + +Cons: + +1. Decorator pattern may have a deeply nested structure that is hard to understand, this is mitigated by having the decorator order explicitly listed in the `ChainAnteDecorators` function. +2. Does not make use of the ModuleManager design. Since this is already being used for BeginBlocker/EndBlocker, this proposal seems unaligned with that design pattern. + +## Consequences + +Since pros and cons are written for each approach, it is omitted from this section + +## References + +* [#4572](https://github.com/cosmos/cosmos-sdk/issues/4572): Modular AnteHandler Issue +* [#4582](https://github.com/cosmos/cosmos-sdk/pull/4583): Initial Implementation of Per-Module AnteHandler Approach +* [Weave Decorator Code](https://github.com/iov-one/weave/blob/master/handler.go#L35) +* [Weave Design Videos](https://vimeo.com/showcase/6189877) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-011-generalize-genesis-accounts.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-011-generalize-genesis-accounts.md new file mode 100644 index 00000000..92a704ba --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-011-generalize-genesis-accounts.md @@ -0,0 +1,170 @@ +# ADR 011: Generalize Genesis Accounts + +## Changelog + +* 2019-08-30: initial draft + +## Context + +Currently, the Cosmos SDK allows for custom account types; the `auth` keeper stores any type fulfilling its `Account` interface. However `auth` does not handle exporting or loading accounts to/from a genesis file, this is done by `genaccounts`, which only handles one of 4 concrete account types (`BaseAccount`, `ContinuousVestingAccount`, `DelayedVestingAccount` and `ModuleAccount`). + +Projects desiring to use custom accounts (say custom vesting accounts) need to fork and modify `genaccounts`. + +## Decision + +In summary, we will (un)marshal all accounts (interface types) directly using amino, rather than converting to `genaccounts`’s `GenesisAccount` type. Since doing this removes the majority of `genaccounts`'s code, we will merge `genaccounts` into `auth`. Marshalled accounts will be stored in `auth`'s genesis state. + +Detailed changes: + +### 1) (Un)Marshal accounts directly using amino + +The `auth` module's `GenesisState` gains a new field `Accounts`. Note these aren't of type `exported.Account` for reasons outlined in section 3. + +```go +// GenesisState - all auth state that must be provided at genesis +type GenesisState struct { + Params Params `json:"params" yaml:"params"` + Accounts []GenesisAccount `json:"accounts" yaml:"accounts"` +} +``` + +Now `auth`'s `InitGenesis` and `ExportGenesis` (un)marshal accounts as well as the defined params. + +```go +// InitGenesis - Init store state from genesis data +func InitGenesis(ctx sdk.Context, ak AccountKeeper, data GenesisState) { + ak.SetParams(ctx, data.Params) + // load the accounts + for _, a := range data.Accounts { + acc := ak.NewAccount(ctx, a) // set account number + ak.SetAccount(ctx, acc) + } +} + +// ExportGenesis returns a GenesisState for a given context and keeper +func ExportGenesis(ctx sdk.Context, ak AccountKeeper) GenesisState { + params := ak.GetParams(ctx) + + var genAccounts []exported.GenesisAccount + ak.IterateAccounts(ctx, func(account exported.Account) bool { + genAccount := account.(exported.GenesisAccount) + genAccounts = append(genAccounts, genAccount) + return false + }) + + return NewGenesisState(params, genAccounts) +} +``` + +### 2) Register custom account types on the `auth` codec + +The `auth` codec must have all custom account types registered to marshal them. We will follow the pattern established in `gov` for proposals. + +An example custom account definition: + +```go +import authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + +// Register the module account type with the auth module codec so it can decode module accounts stored in a genesis file +func init() { + authtypes.RegisterAccountTypeCodec(ModuleAccount{}, "cosmos-sdk/ModuleAccount") +} + +type ModuleAccount struct { + ... +``` + +The `auth` codec definition: + +```go +var ModuleCdc *codec.LegacyAmino + +func init() { + ModuleCdc = codec.NewLegacyAmino() + // register module msg's and Account interface + ... + // leave the codec unsealed +} + +// RegisterAccountTypeCodec registers an external account type defined in another module for the internal ModuleCdc. +func RegisterAccountTypeCodec(o interface{}, name string) { + ModuleCdc.RegisterConcrete(o, name, nil) +} +``` + +### 3) Genesis validation for custom account types + +Modules implement a `ValidateGenesis` method. As `auth` does not know of account implementations, accounts will need to validate themselves. + +We will unmarshal accounts into a `GenesisAccount` interface that includes a `Validate` method. + +```go +type GenesisAccount interface { + exported.Account + Validate() error +} +``` + +Then the `auth` `ValidateGenesis` function becomes: + +```go +// ValidateGenesis performs basic validation of auth genesis data returning an +// error for any failed validation criteria. +func ValidateGenesis(data GenesisState) error { + // Validate params + ... + + // Validate accounts + addrMap := make(map[string]bool, len(data.Accounts)) + for _, acc := range data.Accounts { + + // check for duplicated accounts + addrStr := acc.GetAddress().String() + if _, ok := addrMap[addrStr]; ok { + return fmt.Errorf("duplicate account found in genesis state; address: %s", addrStr) + } + addrMap[addrStr] = true + + // check account specific validation + if err := acc.Validate(); err != nil { + return fmt.Errorf("invalid account found in genesis state; address: %s, error: %s", addrStr, err.Error()) + } + + } + return nil +} +``` + +### 4) Move add-genesis-account cli to `auth` + +The `genaccounts` module contains a cli command to add base or vesting accounts to a genesis file. + +This will be moved to `auth`. We will leave it to projects to write their own commands to add custom accounts. An extensible cli handler, similar to `gov`, could be created but it is not worth the complexity for this minor use case. + +### 5) Update module and vesting accounts + +Under the new scheme, module and vesting account types need some minor updates: + +* Type registration on `auth`'s codec (shown above) +* A `Validate` method for each `Account` concrete type + +## Status + +Proposed + +## Consequences + +### Positive + +* custom accounts can be used without needing to fork `genaccounts` +* reduction in lines of code + +### Negative + +### Neutral + +* `genaccounts` module no longer exists +* accounts in genesis files are stored under `accounts` in `auth` rather than in the `genaccounts` module. +-`add-genesis-account` cli command now in `auth` + +## References diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-012-state-accessors.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-012-state-accessors.md new file mode 100644 index 00000000..93600000 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-012-state-accessors.md @@ -0,0 +1,155 @@ +# ADR 012: State Accessors + +## Changelog + +* 2019 Sep 04: Initial draft + +## Context + +Cosmos SDK modules currently use the `KVStore` interface and `Codec` to access their respective state. While +this provides a large degree of freedom to module developers, it is hard to modularize and the UX is +mediocre. + +First, each time a module tries to access the state, it has to marshal the value and set or get the +value and finally unmarshal. Usually this is done by declaring `Keeper.GetXXX` and `Keeper.SetXXX` functions, +which are repetitive and hard to maintain. + +Second, this makes it harder to align with the object capability theorem: the right to access the +state is defined as a `StoreKey`, which gives full access on the entire Merkle tree, so a module cannot +send the access right to a specific key-value pair (or a set of key-value pairs) to another module safely. + +Finally, because the getter/setter functions are defined as methods of a module's `Keeper`, the reviewers +have to consider the whole Merkle tree space when they reviewing a function accessing any part of the state. +There is no static way to know which part of the state that the function is accessing (and which is not). + +## Decision + +We will define a type named `Value`: + +```go +type Value struct { + m Mapping + key []byte +} +``` + +The `Value` works as a reference for a key-value pair in the state, where `Value.m` defines the key-value +space it will access and `Value.key` defines the exact key for the reference. + +We will define a type named `Mapping`: + +```go +type Mapping struct { + storeKey sdk.StoreKey + cdc *codec.LegacyAmino + prefix []byte +} +``` + +The `Mapping` works as a reference for a key-value space in the state, where `Mapping.storeKey` defines +the IAVL (sub-)tree and `Mapping.prefix` defines the optional subspace prefix. + +We will define the following core methods for the `Value` type: + +```go +// Get and unmarshal stored data, noop if not exists, panic if cannot unmarshal +func (Value) Get(ctx Context, ptr interface{}) {} + +// Get and unmarshal stored data, return error if not exists or cannot unmarshal +func (Value) GetSafe(ctx Context, ptr interface{}) {} + +// Get stored data as raw byte slice +func (Value) GetRaw(ctx Context) []byte {} + +// Marshal and set a raw value +func (Value) Set(ctx Context, o interface{}) {} + +// Check if a raw value exists +func (Value) Exists(ctx Context) bool {} + +// Delete a raw value value +func (Value) Delete(ctx Context) {} +``` + +We will define the following core methods for the `Mapping` type: + +```go +// Constructs key-value pair reference corresponding to the key argument in the Mapping space +func (Mapping) Value(key []byte) Value {} + +// Get and unmarshal stored data, noop if not exists, panic if cannot unmarshal +func (Mapping) Get(ctx Context, key []byte, ptr interface{}) {} + +// Get and unmarshal stored data, return error if not exists or cannot unmarshal +func (Mapping) GetSafe(ctx Context, key []byte, ptr interface{}) + +// Get stored data as raw byte slice +func (Mapping) GetRaw(ctx Context, key []byte) []byte {} + +// Marshal and set a raw value +func (Mapping) Set(ctx Context, key []byte, o interface{}) {} + +// Check if a raw value exists +func (Mapping) Has(ctx Context, key []byte) bool {} + +// Delete a raw value value +func (Mapping) Delete(ctx Context, key []byte) {} +``` + +Each method of the `Mapping` type that is passed the arguments `ctx`, `key`, and `args...` will proxy +the call to `Mapping.Value(key)` with arguments `ctx` and `args...`. + +In addition, we will define and provide a common set of types derived from the `Value` type: + +```go +type Boolean struct { Value } +type Enum struct { Value } +type Integer struct { Value; enc IntEncoding } +type String struct { Value } +// ... +``` + +Where the encoding schemes can be different, `o` arguments in core methods are typed, and `ptr` arguments +in core methods are replaced by explicit return types. + +Finally, we will define a family of types derived from the `Mapping` type: + +```go +type Indexer struct { + m Mapping + enc IntEncoding +} +``` + +Where the `key` argument in core method is typed. + +Some of the properties of the accessor types are: + +* State access happens only when a function which takes a `Context` as an argument is invoked +* Accessor type structs give rights to access the state only that the struct is referring, no other +* Marshalling/Unmarshalling happens implicitly within the core methods + +## Status + +Proposed + +## Consequences + +### Positive + +* Serialization will be done automatically +* Shorter code size, less boilerplate, better UX +* References to the state can be transferred safely +* Explicit scope of accessing + +### Negative + +* Serialization format will be hidden +* Different architecture from the current, but the use of accessor types can be opt-in +* Type-specific types (e.g. `Boolean` and `Integer`) have to be defined manually + +### Neutral + +## References + +* [#4554](https://github.com/cosmos/cosmos-sdk/issues/4554) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-013-metrics.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-013-metrics.md new file mode 100644 index 00000000..33849b56 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-013-metrics.md @@ -0,0 +1,157 @@ +# ADR 013: Observability + +## Changelog + +* 20-01-2020: Initial Draft + +## Status + +Proposed + +## Context + +Telemetry is paramount into debugging and understanding what the application is doing and how it is +performing. We aim to expose metrics from modules and other core parts of the Cosmos SDK. + +In addition, we should aim to support multiple configurable sinks that an operator may choose from. +By default, when telemetry is enabled, the application should track and expose metrics that are +stored in-memory. The operator may choose to enable additional sinks, where we support only +[Prometheus](https://prometheus.io/) for now, as it's battle-tested, simple to setup, open source, +and is rich with ecosystem tooling. + +We must also aim to integrate metrics into the Cosmos SDK in the most seamless way possible such that +metrics may be added or removed at will and without much friction. To do this, we will use the +[go-metrics](https://github.com/armon/go-metrics) library. + +Finally, operators may enable telemetry along with specific configuration options. If enabled, metrics +will be exposed via `/metrics?format={text|prometheus}` via the API server. + +## Decision + +We will add an additional configuration block to `app.toml` that defines telemetry settings: + +```toml +############################################################################### +### Telemetry Configuration ### +############################################################################### + +[telemetry] + +# Prefixed with keys to separate services +service-name = {{ .Telemetry.ServiceName }} + +# Enabled enables the application telemetry functionality. When enabled, +# an in-memory sink is also enabled by default. Operators may also enabled +# other sinks such as Prometheus. +enabled = {{ .Telemetry.Enabled }} + +# Enable prefixing gauge values with hostname +enable-hostname = {{ .Telemetry.EnableHostname }} + +# Enable adding hostname to labels +enable-hostname-label = {{ .Telemetry.EnableHostnameLabel }} + +# Enable adding service to labels +enable-service-label = {{ .Telemetry.EnableServiceLabel }} + +# PrometheusRetentionTime, when positive, enables a Prometheus metrics sink. +prometheus-retention-time = {{ .Telemetry.PrometheusRetentionTime }} +``` + +The given configuration allows for two sinks -- in-memory and Prometheus. We create a `Metrics` +type that performs all the bootstrapping for the operator, so capturing metrics becomes seamless. + +```go +// Metrics defines a wrapper around application telemetry functionality. It allows +// metrics to be gathered at any point in time. When creating a Metrics object, +// internally, a global metrics is registered with a set of sinks as configured +// by the operator. In addition to the sinks, when a process gets a SIGUSR1, a +// dump of formatted recent metrics will be sent to STDERR. +type Metrics struct { + memSink *metrics.InmemSink + prometheusEnabled bool +} + +// Gather collects all registered metrics and returns a GatherResponse where the +// metrics are encoded depending on the type. Metrics are either encoded via +// Prometheus or JSON if in-memory. +func (m *Metrics) Gather(format string) (GatherResponse, error) { + switch format { + case FormatPrometheus: + return m.gatherPrometheus() + + case FormatText: + return m.gatherGeneric() + + case FormatDefault: + return m.gatherGeneric() + + default: + return GatherResponse{}, fmt.Errorf("unsupported metrics format: %s", format) + } +} +``` + +In addition, `Metrics` allows us to gather the current set of metrics at any given point in time. An +operator may also choose to send a signal, SIGUSR1, to dump and print formatted metrics to STDERR. + +During an application's bootstrapping and construction phase, if `Telemetry.Enabled` is `true`, the +API server will create an instance of a reference to `Metrics` object and will register a metrics +handler accordingly. + +```go +func (s *Server) Start(cfg config.Config) error { + // ... + + if cfg.Telemetry.Enabled { + m, err := telemetry.New(cfg.Telemetry) + if err != nil { + return err + } + + s.metrics = m + s.registerMetrics() + } + + // ... +} + +func (s *Server) registerMetrics() { + metricsHandler := func(w http.ResponseWriter, r *http.Request) { + format := strings.TrimSpace(r.FormValue("format")) + + gr, err := s.metrics.Gather(format) + if err != nil { + rest.WriteErrorResponse(w, http.StatusBadRequest, fmt.Sprintf("failed to gather metrics: %s", err)) + return + } + + w.Header().Set("Content-Type", gr.ContentType) + _, _ = w.Write(gr.Metrics) + } + + s.Router.HandleFunc("/metrics", metricsHandler).Methods("GET") +} +``` + +Application developers may track counters, gauges, summaries, and key/value metrics. There is no +additional lifting required by modules to leverage profiling metrics. To do so, it's as simple as: + +```go +func (k BaseKeeper) MintCoins(ctx sdk.Context, moduleName string, amt sdk.Coins) error { + defer metrics.MeasureSince(time.Now(), "MintCoins") + // ... +} +``` + +## Consequences + +### Positive + +* Exposure into the performance and behavior of an application + +### Negative + +### Neutral + +## References diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-014-proportional-slashing.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-014-proportional-slashing.md new file mode 100644 index 00000000..63cd04de --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-014-proportional-slashing.md @@ -0,0 +1,85 @@ +# ADR 14: Proportional Slashing + +## Changelog + +* 2019-10-15: Initial draft +* 2020-05-25: Removed correlation root slashing +* 2020-07-01: Updated to include S-curve function instead of linear + +## Context + +In Proof of Stake-based chains, centralization of consensus power amongst a small set of validators can cause harm to the network due to increased risk of censorship, liveness failure, fork attacks, etc. However, while this centralization causes a negative externality to the network, it is not directly felt by the delegators contributing towards delegating towards already large validators. We would like a way to pass on the negative externality cost of centralization onto those large validators and their delegators. + +## Decision + +### Design + +To solve this problem, we will implement a procedure called Proportional Slashing. The desire is that the larger a validator is, the more they should be slashed. The first naive attempt is to make a validator's slash percent proportional to their share of consensus voting power. + +```text +slash_amount = k * power // power is the faulting validator's voting power and k is some on-chain constant +``` + +However, this will incentivize validators with large amounts of stake to split up their voting power amongst accounts (sybil attack), so that if they fault, they all get slashed at a lower percent. The solution to this is to take into account not just a validator's own voting percentage, but also the voting percentage of all the other validators who get slashed in a specified time frame. + +```text +slash_amount = k * (power_1 + power_2 + ... + power_n) // where power_i is the voting power of the ith validator faulting in the specified time frame and k is some on-chain constant +``` + +Now, if someone splits a validator of 10% into two validators of 5% each which both fault, then they both fault in the same time frame, they both will get slashed at the sum 10% amount. + +However in practice, we likely don't want a linear relation between amount of stake at fault, and the percentage of stake to slash. In particular, solely 5% of stake double signing effectively did nothing to majorly threaten security, whereas 30% of stake being at fault clearly merits a large slashing factor, due to being very close to the point at which Tendermint security is threatened. A linear relation would require a factor of 6 gap between these two, whereas the difference in risk posed to the network is much larger. We propose using S-curves (formally [logistic functions](https://en.wikipedia.org/wiki/Logistic_function) to solve this). S-Curves capture the desired criterion quite well. They allow the slashing factor to be minimal for small values, and then grow very rapidly near some threshold point where the risk posed becomes notable. + +#### Parameterization + +This requires parameterizing a logistic function. It is very well understood how to parameterize this. It has four parameters: + +1) A minimum slashing factor +2) A maximum slashing factor +3) The inflection point of the S-curve (essentially where do you want to center the S) +4) The rate of growth of the S-curve (How elongated is the S) + +#### Correlation across non-sybil validators + +One will note, that this model doesn't differentiate between multiple validators run by the same operators vs validators run by different operators. This can be seen as an additional benefit in fact. It incentivizes validators to differentiate their setups from other validators, to avoid having correlated faults with them or else they risk a higher slash. So for example, operators should avoid using the same popular cloud hosting platforms or using the same Staking as a Service providers. This will lead to a more resilient and decentralized network. + +#### Griefing + +Griefing, the act of intentionally getting oneself slashed in order to make another's slash worse, could be a concern here. However, using the protocol described here, the attacker also gets equally impacted by the grief as the victim, so it would not provide much benefit to the griefer. + +### Implementation + +In the slashing module, we will add two queues that will track all of the recent slash events. For double sign faults, we will define "recent slashes" as ones that have occurred within the last `unbonding period`. For liveness faults, we will define "recent slashes" as ones that have occurred withing the last `jail period`. + +```go +type SlashEvent struct { + Address sdk.ValAddress + ValidatorVotingPercent sdk.Dec + SlashedSoFar sdk.Dec +} +``` + +These slash events will be pruned from the queue once they are older than their respective "recent slash period". + +Whenever a new slash occurs, a `SlashEvent` struct is created with the faulting validator's voting percent and a `SlashedSoFar` of 0. Because recent slash events are pruned before the unbonding period and unjail period expires, it should not be possible for the same validator to have multiple SlashEvents in the same Queue at the same time. + +We then will iterate over all the SlashEvents in the queue, adding their `ValidatorVotingPercent` to calculate the new percent to slash all the validators in the queue at, using the "Square of Sum of Roots" formula introduced above. + +Once we have the `NewSlashPercent`, we then iterate over all the `SlashEvent`s in the queue once again, and if `NewSlashPercent > SlashedSoFar` for that SlashEvent, we call the `staking.Slash(slashEvent.Address, slashEvent.Power, Math.Min(Math.Max(minSlashPercent, NewSlashPercent - SlashedSoFar), maxSlashPercent)` (we pass in the power of the validator before any slashes occurred, so that we slash the right amount of tokens). We then set `SlashEvent.SlashedSoFar` amount to `NewSlashPercent`. + +## Status + +Proposed + +## Consequences + +### Positive + +* Increases decentralization by disincentivizing delegating to large validators +* Incentivizes Decorrelation of Validators +* More severely punishes attacks than accidental faults +* More flexibility in slashing rates parameterization + +### Negative + +* More computationally expensive than current implementation. Will require more data about "recent slashing events" to be stored on chain. diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-016-validator-consensus-key-rotation.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-016-validator-consensus-key-rotation.md new file mode 100644 index 00000000..1d91a8de --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-016-validator-consensus-key-rotation.md @@ -0,0 +1,125 @@ +# ADR 016: Validator Consensus Key Rotation + +## Changelog + +* 2019 Oct 23: Initial draft +* 2019 Nov 28: Add key rotation fee + +## Context + +Validator consensus key rotation feature has been discussed and requested for a long time, for the sake of safer validator key management policy (e.g. https://github.com/tendermint/tendermint/issues/1136). So, we suggest one of the simplest form of validator consensus key rotation implementation mostly onto Cosmos SDK. + +We don't need to make any update on consensus logic in Tendermint because Tendermint does not have any mapping information of consensus key and validator operator key, meaning that from Tendermint point of view, a consensus key rotation of a validator is simply a replacement of a consensus key to another. + +Also, it should be noted that this ADR includes only the simplest form of consensus key rotation without considering multiple consensus keys concept. Such multiple consensus keys concept shall remain a long term goal of Tendermint and Cosmos SDK. + +## Decision + +### Pseudo procedure for consensus key rotation + +* create new random consensus key. +* create and broadcast a transaction with a `MsgRotateConsPubKey` that states the new consensus key is now coupled with the validator operator with signature from the validator's operator key. +* old consensus key becomes unable to participate on consensus immediately after the update of key mapping state on-chain. +* start validating with new consensus key. +* validators using HSM and KMS should update the consensus key in HSM to use the new rotated key after the height `h` when `MsgRotateConsPubKey` committed to the blockchain. + +### Considerations + +* consensus key mapping information management strategy + * store history of each key mapping changes in the kvstore. + * the state machine can search corresponding consensus key paired with given validator operator for any arbitrary height in a recent unbonding period. + * the state machine does not need any historical mapping information which is past more than unbonding period. +* key rotation costs related to LCD and IBC + * LCD and IBC will have traffic/computation burden when there exists frequent power changes + * In current Tendermint design, consensus key rotations are seen as power changes from LCD or IBC perspective + * Therefore, to minimize unnecessary frequent key rotation behavior, we limited maximum number of rotation in recent unbonding period and also applied exponentially increasing rotation fee +* limits + * a validator cannot rotate its consensus key more than `MaxConsPubKeyRotations` time for any unbonding period, to prevent spam. + * parameters can be decided by governance and stored in genesis file. +* key rotation fee + * a validator should pay `KeyRotationFee` to rotate the consensus key which is calculated as below + * `KeyRotationFee` = (max(`VotingPowerPercentage` *100, 1)* `InitialKeyRotationFee`) * 2^(number of rotations in `ConsPubKeyRotationHistory` in recent unbonding period) +* evidence module + * evidence module can search corresponding consensus key for any height from slashing keeper so that it can decide which consensus key is supposed to be used for given height. +* abci.ValidatorUpdate + * tendermint already has ability to change a consensus key by ABCI communication(`ValidatorUpdate`). + * validator consensus key update can be done via creating new + delete old by change the power to zero. + * therefore, we expect we even do not need to change tendermint codebase at all to implement this feature. +* new genesis parameters in `staking` module + * `MaxConsPubKeyRotations` : maximum number of rotation can be executed by a validator in recent unbonding period. default value 10 is suggested(11th key rotation will be rejected) + * `InitialKeyRotationFee` : the initial key rotation fee when no key rotation has happened in recent unbonding period. default value 1atom is suggested(1atom fee for the first key rotation in recent unbonding period) + +### Workflow + +1. The validator generates a new consensus keypair. +2. The validator generates and signs a `MsgRotateConsPubKey` tx with their operator key and new ConsPubKey + + ```go + type MsgRotateConsPubKey struct { + ValidatorAddress sdk.ValAddress + NewPubKey crypto.PubKey + } + ``` + +3. `handleMsgRotateConsPubKey` gets `MsgRotateConsPubKey`, calls `RotateConsPubKey` with emits event +4. `RotateConsPubKey` + * checks if `NewPubKey` is not duplicated on `ValidatorsByConsAddr` + * checks if the validator is does not exceed parameter `MaxConsPubKeyRotations` by iterating `ConsPubKeyRotationHistory` + * checks if the signing account has enough balance to pay `KeyRotationFee` + * pays `KeyRotationFee` to community fund + * overwrites `NewPubKey` in `validator.ConsPubKey` + * deletes old `ValidatorByConsAddr` + * `SetValidatorByConsAddr` for `NewPubKey` + * Add `ConsPubKeyRotationHistory` for tracking rotation + + ```go + type ConsPubKeyRotationHistory struct { + OperatorAddress sdk.ValAddress + OldConsPubKey crypto.PubKey + NewConsPubKey crypto.PubKey + RotatedHeight int64 + } + ``` + +5. `ApplyAndReturnValidatorSetUpdates` checks if there is `ConsPubKeyRotationHistory` with `ConsPubKeyRotationHistory.RotatedHeight == ctx.BlockHeight()` and if so, generates 2 `ValidatorUpdate` , one for a remove validator and one for create new validator + + ```go + abci.ValidatorUpdate{ + PubKey: cmttypes.TM2PB.PubKey(OldConsPubKey), + Power: 0, + } + + abci.ValidatorUpdate{ + PubKey: cmttypes.TM2PB.PubKey(NewConsPubKey), + Power: v.ConsensusPower(), + } + ``` + +6. at `previousVotes` Iteration logic of `AllocateTokens`, `previousVote` using `OldConsPubKey` match up with `ConsPubKeyRotationHistory`, and replace validator for token allocation +7. Migrate `ValidatorSigningInfo` and `ValidatorMissedBlockBitArray` from `OldConsPubKey` to `NewConsPubKey` + +* Note : All above features shall be implemented in `staking` module. + +## Status + +Proposed + +## Consequences + +### Positive + +* Validators can immediately or periodically rotate their consensus key to have better security policy +* improved security against Long-Range attacks (https://nearprotocol.com/blog/long-range-attacks-and-a-new-fork-choice-rule) given a validator throws away the old consensus key(s) + +### Negative + +* Slash module needs more computation because it needs to lookup corresponding consensus key of validators for each height +* frequent key rotations will make light client bisection less efficient + +### Neutral + +## References + +* on tendermint repo : https://github.com/tendermint/tendermint/issues/1136 +* on cosmos-sdk repo : https://github.com/cosmos/cosmos-sdk/issues/5231 +* about multiple consensus keys : https://github.com/tendermint/tendermint/issues/1758#issuecomment-545291698 diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-017-historical-header-module.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-017-historical-header-module.md new file mode 100644 index 00000000..573c632c --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-017-historical-header-module.md @@ -0,0 +1,61 @@ +# ADR 17: Historical Header Module + +## Changelog + +* 26 November 2019: Start of first version +* 2 December 2019: Final draft of first version + +## Context + +In order for the Cosmos SDK to implement the [IBC specification](https://github.com/cosmos/ics), modules within the Cosmos SDK must have the ability to introspect recent consensus states (validator sets & commitment roots) as proofs of these values on other chains must be checked during the handshakes. + +## Decision + +The application MUST store the most recent `n` headers in a persistent store. At first, this store MAY be the current Merklised store. A non-Merklised store MAY be used later as no proofs are necessary. + +The application MUST store this information by storing new headers immediately when handling `abci.RequestBeginBlock`: + +```go +func BeginBlock(ctx sdk.Context, keeper HistoricalHeaderKeeper, req abci.RequestBeginBlock) abci.ResponseBeginBlock { + info := HistoricalInfo{ + Header: ctx.BlockHeader(), + ValSet: keeper.StakingKeeper.GetAllValidators(ctx), // note that this must be stored in a canonical order + } + keeper.SetHistoricalInfo(ctx, ctx.BlockHeight(), info) + n := keeper.GetParamRecentHeadersToStore() + keeper.PruneHistoricalInfo(ctx, ctx.BlockHeight() - n) + // continue handling request +} +``` + +Alternatively, the application MAY store only the hash of the validator set. + +The application MUST make these past `n` committed headers available for querying by Cosmos SDK modules through the `Keeper`'s `GetHistoricalInfo` function. This MAY be implemented in a new module, or it MAY also be integrated into an existing one (likely `x/staking` or `x/ibc`). + +`n` MAY be configured as a parameter store parameter, in which case it could be changed by `ParameterChangeProposal`s, although it will take some blocks for the stored information to catch up if `n` is increased. + +## Status + +Proposed. + +## Consequences + +Implementation of this ADR will require changes to the Cosmos SDK. It will not require changes to Tendermint. + +### Positive + +* Easy retrieval of headers & state roots for recent past heights by modules anywhere in the Cosmos SDK. +* No RPC calls to Tendermint required. +* No ABCI alterations required. + +### Negative + +* Duplicates `n` headers data in Tendermint & the application (additional disk usage) - in the long term, an approach such as [this](https://github.com/tendermint/tendermint/issues/4210) might be preferable. + +### Neutral + +(none known) + +## References + +* [ICS 2: "Consensus state introspection"](https://github.com/cosmos/ibc/tree/master/spec/core/ics-002-client-semantics#consensus-state-introspection) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-018-extendable-voting-period.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-018-extendable-voting-period.md new file mode 100644 index 00000000..ee238fc3 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-018-extendable-voting-period.md @@ -0,0 +1,66 @@ +# ADR 18: Extendable Voting Periods + +## Changelog + +* 1 January 2020: Start of first version + +## Context + +Currently the voting period for all governance proposals is the same. However, this is suboptimal as all governance proposals do not require the same time period. For more non-contentious proposals, they can be dealt with more efficently with a faster period, while more contentious or complex proposals may need a longer period for extended discussion/consideration. + +## Decision + +We would like to design a mechanism for making the voting period of a governance proposal variable based on the demand of voters. We would like it to be based on the view of the governance participants, rather than just the proposer of a governance proposal (thus, allowing the proposer to select the voting period length is not sufficient). + +However, we would like to avoid the creation of an entire second voting process to determine the length of the voting period, as it just pushed the problem to determining the length of that first voting period. + +Thus, we propose the following mechanism: + +### Params + +* The current gov param `VotingPeriod` is to be replaced by a `MinVotingPeriod` param. This is the default voting period that all governance proposal voting periods start with. +* There is a new gov param called `MaxVotingPeriodExtension`. + +### Mechanism + +There is a new `Msg` type called `MsgExtendVotingPeriod`, which can be sent by any staked account during a proposal's voting period. It allows the sender to unilaterally extend the length of the voting period by `MaxVotingPeriodExtension * sender's share of voting power`. Every address can only call `MsgExtendVotingPeriod` once per proposal. + +So for example, if the `MaxVotingPeriodExtension` is set to 100 Days, then anyone with 1% of voting power can extend the voting power by 1 day. If 33% of voting power has sent the message, the voting period will be extended by 33 days. Thus, if absolutely everyone chooses to extend the voting period, the absolute maximum voting period will be `MinVotingPeriod + MaxVotingPeriodExtension`. + +This system acts as a sort of distributed coordination, where individual stakers choosing to extend or not, allows the system the guage the conentiousness/complexity of the proposal. It is extremely unlikely that many stakers will choose to extend at the exact same time, it allows stakers to view how long others have already extended thus far, to decide whether or not to extend further. + +### Dealing with Unbonding/Redelegation + +There is one thing that needs to be addressed. How to deal with redelegation/unbonding during the voting period. If a staker of 5% calls `MsgExtendVotingPeriod` and then unbonds, does the voting period then decrease by 5 days again? This is not good as it can give people a false sense of how long they have to make their decision. For this reason, we want to design it such that the voting period length can only be extended, not shortened. To do this, the current extension amount is based on the highest percent that voted extension at any time. This is best explained by example: + +1. Let's say 2 stakers of voting power 4% and 3% respectively vote to extend. The voting period will be extended by 7 days. +2. Now the staker of 3% decides to unbond before the end of the voting period. The voting period extension remains 7 days. +3. Now, let's say another staker of 2% voting power decides to extend voting period. There is now 6% of active voting power choosing the extend. The voting power remains 7 days. +4. If a fourth staker of 10% chooses to extend now, there is a total of 16% of active voting power wishing to extend. The voting period will be extended to 16 days. + +### Delegators + +Just like votes in the actual voting period, delegators automatically inherit the extension of their validators. If their validator chooses to extend, their voting power will be used in the validator's extension. However, the delegator is unable to override their validator and "unextend" as that would contradict the "voting power length can only be ratcheted up" principle described in the previous section. However, a delegator may choose the extend using their personal voting power, if their validator has not done so. + +## Status + +Proposed + +## Consequences + +### Positive + +* More complex/contentious governance proposals will have more time to properly digest and deliberate + +### Negative + +* Governance process becomes more complex and requires more understanding to interact with effectively +* Can no longer predict when a governance proposal will end. Can't assume order in which governance proposals will end. + +### Neutral + +* The minimum voting period can be made shorter + +## References + +* [Cosmos Forum post where idea first originated](https://forum.cosmos.network/t/proposal-draft-reduce-governance-voting-period-to-7-days/3032/9) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-019-protobuf-state-encoding.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-019-protobuf-state-encoding.md new file mode 100644 index 00000000..5ad1b953 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-019-protobuf-state-encoding.md @@ -0,0 +1,379 @@ +# ADR 019: Protocol Buffer State Encoding + +## Changelog + +* 2020 Feb 15: Initial Draft +* 2020 Feb 24: Updates to handle messages with interface fields +* 2020 Apr 27: Convert usages of `oneof` for interfaces to `Any` +* 2020 May 15: Describe `cosmos_proto` extensions and amino compatibility +* 2020 Dec 4: Move and rename `MarshalAny` and `UnmarshalAny` into the `codec.Codec` interface. +* 2021 Feb 24: Remove mentions of `HybridCodec`, which has been abandoned in [#6843](https://github.com/cosmos/cosmos-sdk/pull/6843). + +## Status + +Accepted + +## Context + +Currently, the Cosmos SDK utilizes [go-amino](https://github.com/tendermint/go-amino/) for binary +and JSON object encoding over the wire bringing parity between logical objects and persistence objects. + +From the Amino docs: + +> Amino is an object encoding specification. It is a subset of Proto3 with an extension for interface +> support. See the [Proto3 spec](https://developers.google.com/protocol-buffers/docs/proto3) for more +> information on Proto3, which Amino is largely compatible with (but not with Proto2). +> +> The goal of the Amino encoding protocol is to bring parity into logic objects and persistence objects. + +Amino also aims to have the following goals (not a complete list): + +* Binary bytes must be decode-able with a schema. +* Schema must be upgradeable. +* The encoder and decoder logic must be reasonably simple. + +However, we believe that Amino does not fulfill these goals completely and does not fully meet the +needs of a truly flexible cross-language and multi-client compatible encoding protocol in the Cosmos SDK. +Namely, Amino has proven to be a big pain-point in regards to supporting object serialization across +clients written in various languages while providing virtually little in the way of true backwards +compatibility and upgradeability. Furthermore, through profiling and various benchmarks, Amino has +been shown to be an extremely large performance bottleneck in the Cosmos SDK 1. This is +largely reflected in the performance of simulations and application transaction throughput. + +Thus, we need to adopt an encoding protocol that meets the following criteria for state serialization: + +* Language agnostic +* Platform agnostic +* Rich client support and thriving ecosystem +* High performance +* Minimal encoded message size +* Codegen-based over reflection-based +* Supports backward and forward compatibility + +Note, migrating away from Amino should be viewed as a two-pronged approach, state and client encoding. +This ADR focuses on state serialization in the Cosmos SDK state machine. A corresponding ADR will be +made to address client-side encoding. + +## Decision + +We will adopt [Protocol Buffers](https://developers.google.com/protocol-buffers) for serializing +persisted structured data in the Cosmos SDK while providing a clean mechanism and developer UX for +applications wishing to continue to use Amino. We will provide this mechanism by updating modules to +accept a codec interface, `Marshaler`, instead of a concrete Amino codec. Furthermore, the Cosmos SDK +will provide two concrete implementations of the `Marshaler` interface: `AminoCodec` and `ProtoCodec`. + +* `AminoCodec`: Uses Amino for both binary and JSON encoding. +* `ProtoCodec`: Uses Protobuf for both binary and JSON encoding. + +Modules will use whichever codec that is instantiated in the app. By default, the Cosmos SDK's `simapp` +instantiates a `ProtoCodec` as the concrete implementation of `Marshaler`, inside the `MakeTestEncodingConfig` +function. This can be easily overwritten by app developers if they so desire. + +The ultimate goal will be to replace Amino JSON encoding with Protobuf encoding and thus have +modules accept and/or extend `ProtoCodec`. Until then, Amino JSON is still provided for legacy use-cases. +A handful of places in the Cosmos SDK still have Amino JSON hardcoded, such as the Legacy API REST endpoints +and the `x/params` store. They are planned to be converted to Protobuf in a gradual manner. + +### Module Codecs + +Modules that do not require the ability to work with and serialize interfaces, the path to Protobuf +migration is pretty straightforward. These modules are to simply migrate any existing types that +are encoded and persisted via their concrete Amino codec to Protobuf and have their keeper accept a +`Marshaler` that will be a `ProtoCodec`. This migration is simple as things will just work as-is. + +Note, any business logic that needs to encode primitive types like `bool` or `int64` should use +[gogoprotobuf](https://github.com/cosmos/gogoproto) Value types. + +Example: + +```go + ts, err := gogotypes.TimestampProto(completionTime) + if err != nil { + // ... + } + + bz := cdc.MustMarshal(ts) +``` + +However, modules can vary greatly in purpose and design and so we must support the ability for modules +to be able to encode and work with interfaces (e.g. `Account` or `Content`). For these modules, they +must define their own codec interface that extends `Marshaler`. These specific interfaces are unique +to the module and will contain method contracts that know how to serialize the needed interfaces. + +Example: + +```go +// x/auth/types/codec.go + +type Codec interface { + codec.Codec + + MarshalAccount(acc exported.Account) ([]byte, error) + UnmarshalAccount(bz []byte) (exported.Account, error) + + MarshalAccountJSON(acc exported.Account) ([]byte, error) + UnmarshalAccountJSON(bz []byte) (exported.Account, error) +} +``` + +### Usage of `Any` to encode interfaces + +In general, module-level .proto files should define messages which encode interfaces +using [`google.protobuf.Any`](https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/any.proto). +After [extension discussion](https://github.com/cosmos/cosmos-sdk/issues/6030), +this was chosen as the preferred alternative to application-level `oneof`s +as in our original protobuf design. The arguments in favor of `Any` can be +summarized as follows: + +* `Any` provides a simpler, more consistent client UX for dealing with +interfaces than app-level `oneof`s that will need to be coordinated more +carefully across applications. Creating a generic transaction +signing library using `oneof`s may be cumbersome and critical logic may need +to be reimplemented for each chain +* `Any` provides more resistance against human error than `oneof` +* `Any` is generally simpler to implement for both modules and apps + +The main counter-argument to using `Any` centers around its additional space +and possibly performance overhead. The space overhead could be dealt with using +compression at the persistence layer in the future and the performance impact +is likely to be small. Thus, not using `Any` is seem as a pre-mature optimization, +with user experience as the higher order concern. + +Note, that given the Cosmos SDK's decision to adopt the `Codec` interfaces described +above, apps can still choose to use `oneof` to encode state and transactions +but it is not the recommended approach. If apps do choose to use `oneof`s +instead of `Any` they will likely lose compatibility with client apps that +support multiple chains. Thus developers should think carefully about whether +they care more about what is possibly a pre-mature optimization or end-user +and client developer UX. + +### Safe usage of `Any` + +By default, the [gogo protobuf implementation of `Any`](https://pkg.go.dev/github.com/cosmos/gogoproto/types) +uses [global type registration]( https://github.com/cosmos/gogoproto/blob/master/proto/properties.go#L540) +to decode values packed in `Any` into concrete +go types. This introduces a vulnerability where any malicious module +in the dependency tree could register a type with the global protobuf registry +and cause it to be loaded and unmarshaled by a transaction that referenced +it in the `type_url` field. + +To prevent this, we introduce a type registration mechanism for decoding `Any` +values into concrete types through the `InterfaceRegistry` interface which +bears some similarity to type registration with Amino: + +```go +type InterfaceRegistry interface { + // RegisterInterface associates protoName as the public name for the + // interface passed in as iface + // Ex: + // registry.RegisterInterface("cosmos_sdk.Msg", (*sdk.Msg)(nil)) + RegisterInterface(protoName string, iface interface{}) + + // RegisterImplementations registers impls as a concrete implementations of + // the interface iface + // Ex: + // registry.RegisterImplementations((*sdk.Msg)(nil), &MsgSend{}, &MsgMultiSend{}) + RegisterImplementations(iface interface{}, impls ...proto.Message) + +} +``` + +In addition to serving as a whitelist, `InterfaceRegistry` can also serve +to communicate the list of concrete types that satisfy an interface to clients. + +In .proto files: + +* fields which accept interfaces should be annotated with `cosmos_proto.accepts_interface` +using the same full-qualified name passed as `protoName` to `InterfaceRegistry.RegisterInterface` +* interface implementations should be annotated with `cosmos_proto.implements_interface` +using the same full-qualified name passed as `protoName` to `InterfaceRegistry.RegisterInterface` + +In the future, `protoName`, `cosmos_proto.accepts_interface`, `cosmos_proto.implements_interface` +may be used via code generation, reflection &/or static linting. + +The same struct that implements `InterfaceRegistry` will also implement an +interface `InterfaceUnpacker` to be used for unpacking `Any`s: + +```go +type InterfaceUnpacker interface { + // UnpackAny unpacks the value in any to the interface pointer passed in as + // iface. Note that the type in any must have been registered with + // RegisterImplementations as a concrete type for that interface + // Ex: + // var msg sdk.Msg + // err := ctx.UnpackAny(any, &msg) + // ... + UnpackAny(any *Any, iface interface{}) error +} +``` + +Note that `InterfaceRegistry` usage does not deviate from standard protobuf +usage of `Any`, it just introduces a security and introspection layer for +golang usage. + +`InterfaceRegistry` will be a member of `ProtoCodec` +described above. In order for modules to register interface types, app modules +can optionally implement the following interface: + +```go +type InterfaceModule interface { + RegisterInterfaceTypes(InterfaceRegistry) +} +``` + +The module manager will include a method to call `RegisterInterfaceTypes` on +every module that implements it in order to populate the `InterfaceRegistry`. + +### Using `Any` to encode state + +The Cosmos SDK will provide support methods `MarshalInterface` and `UnmarshalInterface` to hide a complexity of wrapping interface types into `Any` and allow easy serialization. + +```go +import "github.com/cosmos/cosmos-sdk/codec" + +// note: eviexported.Evidence is an interface type +func MarshalEvidence(cdc codec.BinaryCodec, e eviexported.Evidence) ([]byte, error) { + return cdc.MarshalInterface(e) +} + +func UnmarshalEvidence(cdc codec.BinaryCodec, bz []byte) (eviexported.Evidence, error) { + var evi eviexported.Evidence + err := cdc.UnmarshalInterface(&evi, bz) + return err, nil +} +``` + +### Using `Any` in `sdk.Msg`s + +A similar concept is to be applied for messages that contain interfaces fields. +For example, we can define `MsgSubmitEvidence` as follows where `Evidence` is +an interface: + +```protobuf +// x/evidence/types/types.proto + +message MsgSubmitEvidence { + bytes submitter = 1 + [ + (gogoproto.casttype) = "github.com/cosmos/cosmos-sdk/types.AccAddress" + ]; + google.protobuf.Any evidence = 2; +} +``` + +Note that in order to unpack the evidence from `Any` we do need a reference to +`InterfaceRegistry`. In order to reference evidence in methods like +`ValidateBasic` which shouldn't have to know about the `InterfaceRegistry`, we +introduce an `UnpackInterfaces` phase to deserialization which unpacks +interfaces before they're needed. + +### Unpacking Interfaces + +To implement the `UnpackInterfaces` phase of deserialization which unpacks +interfaces wrapped in `Any` before they're needed, we create an interface +that `sdk.Msg`s and other types can implement: + +```go +type UnpackInterfacesMessage interface { + UnpackInterfaces(InterfaceUnpacker) error +} +``` + +We also introduce a private `cachedValue interface{}` field onto the `Any` +struct itself with a public getter `GetCachedValue() interface{}`. + +The `UnpackInterfaces` method is to be invoked during message deserialization right +after `Unmarshal` and any interface values packed in `Any`s will be decoded +and stored in `cachedValue` for reference later. + +Then unpacked interface values can safely be used in any code afterwards +without knowledge of the `InterfaceRegistry` +and messages can introduce a simple getter to cast the cached value to the +correct interface type. + +This has the added benefit that unmarshaling of `Any` values only happens once +during initial deserialization rather than every time the value is read. Also, +when `Any` values are first packed (for instance in a call to +`NewMsgSubmitEvidence`), the original interface value is cached so that +unmarshaling isn't needed to read it again. + +`MsgSubmitEvidence` could implement `UnpackInterfaces`, plus a convenience getter +`GetEvidence` as follows: + +```go +func (msg MsgSubmitEvidence) UnpackInterfaces(ctx sdk.InterfaceRegistry) error { + var evi eviexported.Evidence + return ctx.UnpackAny(msg.Evidence, *evi) +} + +func (msg MsgSubmitEvidence) GetEvidence() eviexported.Evidence { + return msg.Evidence.GetCachedValue().(eviexported.Evidence) +} +``` + +### Amino Compatibility + +Our custom implementation of `Any` can be used transparently with Amino if used +with the proper codec instance. What this means is that interfaces packed within +`Any`s will be amino marshaled like regular Amino interfaces (assuming they +have been registered properly with Amino). + +In order for this functionality to work: + +* **all legacy code must use `*codec.LegacyAmino` instead of `*amino.Codec` which is + now a wrapper which properly handles `Any`** +* **all new code should use `Marshaler` which is compatible with both amino and + protobuf** +* Also, before v0.39, `codec.LegacyAmino` will be renamed to `codec.LegacyAmino`. + +### Why Wasn't X Chosen Instead + +For a more complete comparison to alternative protocols, see [here](https://codeburst.io/json-vs-protocol-buffers-vs-flatbuffers-a4247f8bda6f). + +### Cap'n Proto + +While [Cap’n Proto](https://capnproto.org/) does seem like an advantageous alternative to Protobuf +due to it's native support for interfaces/generics and built in canonicalization, it does lack the +rich client ecosystem compared to Protobuf and is a bit less mature. + +### FlatBuffers + +[FlatBuffers](https://google.github.io/flatbuffers/) is also a potentially viable alternative, with the +primary difference being that FlatBuffers does not need a parsing/unpacking step to a secondary +representation before you can access data, often coupled with per-object memory allocation. + +However, it would require great efforts into research and full understanding the scope of the migration +and path forward -- which isn't immediately clear. In addition, FlatBuffers aren't designed for +untrusted inputs. + +## Future Improvements & Roadmap + +In the future we may consider a compression layer right above the persistence +layer which doesn't change tx or merkle tree hashes, but reduces the storage +overhead of `Any`. In addition, we may adopt protobuf naming conventions which +make type URLs a bit more concise while remaining descriptive. + +Additional code generation support around the usage of `Any` is something that +could also be explored in the future to make the UX for go developers more +seamless. + +## Consequences + +### Positive + +* Significant performance gains. +* Supports backward and forward type compatibility. +* Better support for cross-language clients. + +### Negative + +* Learning curve required to understand and implement Protobuf messages. +* Slightly larger message size due to use of `Any`, although this could be offset + by a compression layer in the future + +### Neutral + +## References + +1. https://github.com/cosmos/cosmos-sdk/issues/4977 +2. https://github.com/cosmos/cosmos-sdk/issues/5444 diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-020-protobuf-transaction-encoding.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-020-protobuf-transaction-encoding.md new file mode 100644 index 00000000..344a7fef --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-020-protobuf-transaction-encoding.md @@ -0,0 +1,464 @@ +# ADR 020: Protocol Buffer Transaction Encoding + +## Changelog + +* 2020 March 06: Initial Draft +* 2020 March 12: API Updates +* 2020 April 13: Added details on interface `oneof` handling +* 2020 April 30: Switch to `Any` +* 2020 May 14: Describe public key encoding +* 2020 June 08: Store `TxBody` and `AuthInfo` as bytes in `SignDoc`; Document `TxRaw` as broadcast and storage type. +* 2020 August 07: Use ADR 027 for serializing `SignDoc`. +* 2020 August 19: Move sequence field from `SignDoc` to `SignerInfo`, as discussed in [#6966](https://github.com/cosmos/cosmos-sdk/issues/6966). +* 2020 September 25: Remove `PublicKey` type in favor of `secp256k1.PubKey`, `ed25519.PubKey` and `multisig.LegacyAminoPubKey`. +* 2020 October 15: Add `GetAccount` and `GetAccountWithHeight` methods to the `AccountRetriever` interface. +* 2021 Feb 24: The Cosmos SDK does not use Tendermint's `PubKey` interface anymore, but its own `cryptotypes.PubKey`. Updates to reflect this. +* 2021 May 3: Rename `clientCtx.JSONMarshaler` to `clientCtx.JSONCodec`. +* 2021 June 10: Add `clientCtx.Codec: codec.Codec`. + +## Status + +Accepted + +## Context + +This ADR is a continuation of the motivation, design, and context established in +[ADR 019](adr-019-protobuf-state-encoding.md), namely, we aim to design the +Protocol Buffer migration path for the client-side of the Cosmos SDK. + +Specifically, the client-side migration path primarily includes tx generation and +signing, message construction and routing, in addition to CLI & REST handlers and +business logic (i.e. queriers). + +With this in mind, we will tackle the migration path via two main areas, txs and +querying. However, this ADR solely focuses on transactions. Querying should be +addressed in a future ADR, but it should build off of these proposals. + +Based on detailed discussions ([\#6030](https://github.com/cosmos/cosmos-sdk/issues/6030) +and [\#6078](https://github.com/cosmos/cosmos-sdk/issues/6078)), the original +design for transactions was changed substantially from an `oneof` /JSON-signing +approach to the approach described below. + +## Decision + +### Transactions + +Since interface values are encoded with `google.protobuf.Any` in state (see [ADR 019](adr-019-protobuf-state-encoding.md)), +`sdk.Msg`s are encoding with `Any` in transactions. + +One of the main goals of using `Any` to encode interface values is to have a +core set of types which is reused by apps so that +clients can safely be compatible with as many chains as possible. + +It is one of the goals of this specification to provide a flexible cross-chain transaction +format that can serve a wide variety of use cases without breaking client +compatibility. + +In order to facilitate signing, transactions are separated into `TxBody`, +which will be re-used by `SignDoc` below, and `signatures`: + +```protobuf +// types/types.proto +package cosmos_sdk.v1; + +message Tx { + TxBody body = 1; + AuthInfo auth_info = 2; + // A list of signatures that matches the length and order of AuthInfo's signer_infos to + // allow connecting signature meta information like public key and signing mode by position. + repeated bytes signatures = 3; +} + +// A variant of Tx that pins the signer's exact binary represenation of body and +// auth_info. This is used for signing, broadcasting and verification. The binary +// `serialize(tx: TxRaw)` is stored in Tendermint and the hash `sha256(serialize(tx: TxRaw))` +// becomes the "txhash", commonly used as the transaction ID. +message TxRaw { + // A protobuf serialization of a TxBody that matches the representation in SignDoc. + bytes body = 1; + // A protobuf serialization of an AuthInfo that matches the representation in SignDoc. + bytes auth_info = 2; + // A list of signatures that matches the length and order of AuthInfo's signer_infos to + // allow connecting signature meta information like public key and signing mode by position. + repeated bytes signatures = 3; +} + +message TxBody { + // A list of messages to be executed. The required signers of those messages define + // the number and order of elements in AuthInfo's signer_infos and Tx's signatures. + // Each required signer address is added to the list only the first time it occurs. + // + // By convention, the first required signer (usually from the first message) is referred + // to as the primary signer and pays the fee for the whole transaction. + repeated google.protobuf.Any messages = 1; + string memo = 2; + int64 timeout_height = 3; + repeated google.protobuf.Any extension_options = 1023; +} + +message AuthInfo { + // This list defines the signing modes for the required signers. The number + // and order of elements must match the required signers from TxBody's messages. + // The first element is the primary signer and the one which pays the fee. + repeated SignerInfo signer_infos = 1; + // The fee can be calculated based on the cost of evaluating the body and doing signature verification of the signers. This can be estimated via simulation. + Fee fee = 2; +} + +message SignerInfo { + // The public key is optional for accounts that already exist in state. If unset, the + // verifier can use the required signer address for this position and lookup the public key. + google.protobuf.Any public_key = 1; + // ModeInfo describes the signing mode of the signer and is a nested + // structure to support nested multisig pubkey's + ModeInfo mode_info = 2; + // sequence is the sequence of the account, which describes the + // number of committed transactions signed by a given address. It is used to prevent + // replay attacks. + uint64 sequence = 3; +} + +message ModeInfo { + oneof sum { + Single single = 1; + Multi multi = 2; + } + + // Single is the mode info for a single signer. It is structured as a message + // to allow for additional fields such as locale for SIGN_MODE_TEXTUAL in the future + message Single { + SignMode mode = 1; + } + + // Multi is the mode info for a multisig public key + message Multi { + // bitarray specifies which keys within the multisig are signing + CompactBitArray bitarray = 1; + // mode_infos is the corresponding modes of the signers of the multisig + // which could include nested multisig public keys + repeated ModeInfo mode_infos = 2; + } +} + +enum SignMode { + SIGN_MODE_UNSPECIFIED = 0; + + SIGN_MODE_DIRECT = 1; + + SIGN_MODE_TEXTUAL = 2; + + SIGN_MODE_LEGACY_AMINO_JSON = 127; +} +``` + +As will be discussed below, in order to include as much of the `Tx` as possible +in the `SignDoc`, `SignerInfo` is separated from signatures so that only the +raw signatures themselves live outside of what is signed over. + +Because we are aiming for a flexible, extensible cross-chain transaction +format, new transaction processing options should be added to `TxBody` as soon +those use cases are discovered, even if they can't be implemented yet. + +Because there is coordination overhead in this, `TxBody` includes an +`extension_options` field which can be used for any transaction processing +options that are not already covered. App developers should, nevertheless, +attempt to upstream important improvements to `Tx`. + +### Signing + +All of the signing modes below aim to provide the following guarantees: + +* **No Malleability**: `TxBody` and `AuthInfo` cannot change once the transaction + is signed +* **Predictable Gas**: if I am signing a transaction where I am paying a fee, + the final gas is fully dependent on what I am signing + +These guarantees give the maximum amount confidence to message signers that +manipulation of `Tx`s by intermediaries can't result in any meaningful changes. + +#### `SIGN_MODE_DIRECT` + +The "direct" signing behavior is to sign the raw `TxBody` bytes as broadcast over +the wire. This has the advantages of: + +* requiring the minimum additional client capabilities beyond a standard protocol + buffers implementation +* leaving effectively zero holes for transaction malleability (i.e. there are no + subtle differences between the signing and encoding formats which could + potentially be exploited by an attacker) + +Signatures are structured using the `SignDoc` below which reuses the serialization of +`TxBody` and `AuthInfo` and only adds the fields which are needed for signatures: + +```protobuf +// types/types.proto +message SignDoc { + // A protobuf serialization of a TxBody that matches the representation in TxRaw. + bytes body = 1; + // A protobuf serialization of an AuthInfo that matches the representation in TxRaw. + bytes auth_info = 2; + string chain_id = 3; + uint64 account_number = 4; +} +``` + +In order to sign in the default mode, clients take the following steps: + +1. Serialize `TxBody` and `AuthInfo` using any valid protobuf implementation. +2. Create a `SignDoc` and serialize it using [ADR 027](adr-027-deterministic-protobuf-serialization.md). +3. Sign the encoded `SignDoc` bytes. +4. Build a `TxRaw` and serialize it for broadcasting. + +Signature verification is based on comparing the raw `TxBody` and `AuthInfo` +bytes encoded in `TxRaw` not based on any ["canonicalization"](https://github.com/regen-network/canonical-proto3) +algorithm which creates added complexity for clients in addition to preventing +some forms of upgradeability (to be addressed later in this document). + +Signature verifiers do: + +1. Deserialize a `TxRaw` and pull out `body` and `auth_info`. +2. Create a list of required signer addresses from the messages. +3. For each required signer: + * Pull account number and sequence from the state. + * Obtain the public key either from state or `AuthInfo`'s `signer_infos`. + * Create a `SignDoc` and serialize it using [ADR 027](adr-027-deterministic-protobuf-serialization.md). + * Verify the signature at the same list position against the serialized `SignDoc`. + +#### `SIGN_MODE_LEGACY_AMINO` + +In order to support legacy wallets and exchanges, Amino JSON will be temporarily +supported transaction signing. Once wallets and exchanges have had a +chance to upgrade to protobuf based signing, this option will be disabled. In +the meantime, it is foreseen that disabling the current Amino signing would cause +too much breakage to be feasible. Note that this is mainly a requirement of the +Cosmos Hub and other chains may choose to disable Amino signing immediately. + +Legacy clients will be able to sign a transaction using the current Amino +JSON format and have it encoded to protobuf using the REST `/tx/encode` +endpoint before broadcasting. + +#### `SIGN_MODE_TEXTUAL` + +As was discussed extensively in [\#6078](https://github.com/cosmos/cosmos-sdk/issues/6078), +there is a desire for a human-readable signing encoding, especially for hardware +wallets like the [Ledger](https://www.ledger.com) which display +transaction contents to users before signing. JSON was an attempt at this but +falls short of the ideal. + +`SIGN_MODE_TEXTUAL` is intended as a placeholder for a human-readable +encoding which will replace Amino JSON. This new encoding should be even more +focused on readability than JSON, possibly based on formatting strings like +[MessageFormat](http://userguide.icu-project.org/formatparse/messages). + +In order to ensure that the new human-readable format does not suffer from +transaction malleability issues, `SIGN_MODE_TEXTUAL` +requires that the _human-readable bytes are concatenated with the raw `SignDoc`_ +to generate sign bytes. + +Multiple human-readable formats (maybe even localized messages) may be supported +by `SIGN_MODE_TEXTUAL` when it is implemented. + +### Unknown Field Filtering + +Unknown fields in protobuf messages should generally be rejected by transaction +processors because: + +* important data may be present in the unknown fields, that if ignored, will + cause unexpected behavior for clients +* they present a malleability vulnerability where attackers can bloat tx size + by adding random uninterpreted data to unsigned content (i.e. the master `Tx`, + not `TxBody`) + +There are also scenarios where we may choose to safely ignore unknown fields +(https://github.com/cosmos/cosmos-sdk/issues/6078#issuecomment-624400188) to +provide graceful forwards compatibility with newer clients. + +We propose that field numbers with bit 11 set (for most use cases this is +the range of 1024-2047) be considered non-critical fields that can safely be +ignored if unknown. + +To handle this we will need a unknown field filter that: + +* always rejects unknown fields in unsigned content (i.e. top-level `Tx` and + unsigned parts of `AuthInfo` if present based on the signing mode) +* rejects unknown fields in all messages (including nested `Any`s) other than + fields with bit 11 set + +This will likely need to be a custom protobuf parser pass that takes message bytes +and `FileDescriptor`s and returns a boolean result. + +### Public Key Encoding + +Public keys in the Cosmos SDK implement the `cryptotypes.PubKey` interface. +We propose to use `Any` for protobuf encoding as we are doing with other interfaces (for example, in `BaseAccount.PubKey` and `SignerInfo.PublicKey`). +The following public keys are implemented: secp256k1, secp256r1, ed25519 and legacy-multisignature. + +Ex: + +```protobuf +message PubKey { + bytes key = 1; +} +``` + +`multisig.LegacyAminoPubKey` has an array of `Any`'s member to support any +protobuf public key type. + +Apps should only attempt to handle a registered set of public keys that they +have tested. The provided signature verification ante handler decorators will +enforce this. + +### CLI & REST + +Currently, the REST and CLI handlers encode and decode types and txs via Amino +JSON encoding using a concrete Amino codec. Being that some of the types dealt with +in the client can be interfaces, similar to how we described in [ADR 019](adr-019-protobuf-state-encoding.md), +the client logic will now need to take a codec interface that knows not only how +to handle all the types, but also knows how to generate transactions, signatures, +and messages. + +```go +type AccountRetriever interface { + GetAccount(clientCtx Context, addr sdk.AccAddress) (client.Account, error) + GetAccountWithHeight(clientCtx Context, addr sdk.AccAddress) (client.Account, int64, error) + EnsureExists(clientCtx client.Context, addr sdk.AccAddress) error + GetAccountNumberSequence(clientCtx client.Context, addr sdk.AccAddress) (uint64, uint64, error) +} + +type Generator interface { + NewTx() TxBuilder + NewFee() ClientFee + NewSignature() ClientSignature + MarshalTx(tx types.Tx) ([]byte, error) +} + +type TxBuilder interface { + GetTx() sdk.Tx + + SetMsgs(...sdk.Msg) error + GetSignatures() []sdk.Signature + SetSignatures(...sdk.Signature) + GetFee() sdk.Fee + SetFee(sdk.Fee) + GetMemo() string + SetMemo(string) +} +``` + +We then update `Context` to have new fields: `Codec`, `TxGenerator`, +and `AccountRetriever`, and we update `AppModuleBasic.GetTxCmd` to take +a `Context` which should have all of these fields pre-populated. + +Each client method should then use one of the `Init` methods to re-initialize +the pre-populated `Context`. `tx.GenerateOrBroadcastTx` can be used to +generate or broadcast a transaction. For example: + +```go +import "github.com/spf13/cobra" +import "github.com/cosmos/cosmos-sdk/client" +import "github.com/cosmos/cosmos-sdk/client/tx" + +func NewCmdDoSomething(clientCtx client.Context) *cobra.Command { + return &cobra.Command{ + RunE: func(cmd *cobra.Command, args []string) error { + clientCtx := ctx.InitWithInput(cmd.InOrStdin()) + msg := NewSomeMsg{...} + tx.GenerateOrBroadcastTx(clientCtx, msg) + }, + } +} +``` + +## Future Improvements + +### `SIGN_MODE_TEXTUAL` specification + +A concrete specification and implementation of `SIGN_MODE_TEXTUAL` is intended +as a near-term future improvement so that the ledger app and other wallets +can gracefully transition away from Amino JSON. + +### `SIGN_MODE_DIRECT_AUX` + +(\*Documented as option (3) in https://github.com/cosmos/cosmos-sdk/issues/6078#issuecomment-628026933) + +We could add a mode `SIGN_MODE_DIRECT_AUX` +to support scenarios where multiple signatures +are being gathered into a single transaction but the message composer does not +yet know which signatures will be included in the final transaction. For instance, +I may have a 3/5 multisig wallet and want to send a `TxBody` to all 5 +signers to see who signs first. As soon as I have 3 signatures then I will go +ahead and build the full transaction. + +With `SIGN_MODE_DIRECT`, each signer needs +to sign the full `AuthInfo` which includes the full list of all signers and +their signing modes, making the above scenario very hard. + +`SIGN_MODE_DIRECT_AUX` would allow "auxiliary" signers to create their signature +using only `TxBody` and their own `PublicKey`. This allows the full list of +signers in `AuthInfo` to be delayed until signatures have been collected. + +An "auxiliary" signer is any signer besides the primary signer who is paying +the fee. For the primary signer, the full `AuthInfo` is actually needed to calculate gas and fees +because that is dependent on how many signers and which key types and signing +modes they are using. Auxiliary signers, however, do not need to worry about +fees or gas and thus can just sign `TxBody`. + +To generate a signature in `SIGN_MODE_DIRECT_AUX` these steps would be followed: + +1. Encode `SignDocAux` (with the same requirement that fields must be serialized + in order): + + ```protobuf + // types/types.proto + message SignDocAux { + bytes body_bytes = 1; + // PublicKey is included in SignDocAux : + // 1. as a special case for multisig public keys. For multisig public keys, + // the signer should use the top-level multisig public key they are signing + // against, not their own public key. This is to prevent against a form + // of malleability where a signature could be taken out of context of the + // multisig key that was intended to be signed for + // 2. to guard against scenario where configuration information is encoded + // in public keys (it has been proposed) such that two keys can generate + // the same signature but have different security properties + // + // By including it here, the composer of AuthInfo cannot reference the + // a public key variant the signer did not intend to use + PublicKey public_key = 2; + string chain_id = 3; + uint64 account_number = 4; + } + ``` + +2. Sign the encoded `SignDocAux` bytes +3. Send their signature and `SignerInfo` to primary signer who will then + sign and broadcast the final transaction (with `SIGN_MODE_DIRECT` and `AuthInfo` + added) once enough signatures have been collected + +### `SIGN_MODE_DIRECT_RELAXED` + +(_Documented as option (1)(a) in https://github.com/cosmos/cosmos-sdk/issues/6078#issuecomment-628026933_) + +This is a variation of `SIGN_MODE_DIRECT` where multiple signers wouldn't need to +coordinate public keys and signing modes in advance. It would involve an alternate +`SignDoc` similar to `SignDocAux` above with fee. This could be added in the future +if client developers found the burden of collecting public keys and modes in advance +too burdensome. + +## Consequences + +### Positive + +* Significant performance gains. +* Supports backward and forward type compatibility. +* Better support for cross-language clients. +* Multiple signing modes allow for greater protocol evolution + +### Negative + +* `google.protobuf.Any` type URLs increase transaction size although the effect + may be negligible or compression may be able to mitigate it. + +### Neutral + +## References diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-021-protobuf-query-encoding.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-021-protobuf-query-encoding.md new file mode 100644 index 00000000..76fd40fe --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-021-protobuf-query-encoding.md @@ -0,0 +1,256 @@ +# ADR 021: Protocol Buffer Query Encoding + +## Changelog + +* 2020 March 27: Initial Draft + +## Status + +Accepted + +## Context + +This ADR is a continuation of the motivation, design, and context established in +[ADR 019](adr-019-protobuf-state-encoding.md) and +[ADR 020](adr-020-protobuf-transaction-encoding.md), namely, we aim to design the +Protocol Buffer migration path for the client-side of the Cosmos SDK. + +This ADR continues from [ADD 020](adr-020-protobuf-transaction-encoding.md) +to specify the encoding of queries. + +## Decision + +### Custom Query Definition + +Modules define custom queries through a protocol buffers `service` definition. +These `service` definitions are generally associated with and used by the +GRPC protocol. However, the protocol buffers specification indicates that +they can be used more generically by any request/response protocol that uses +protocol buffer encoding. Thus, we can use `service` definitions for specifying +custom ABCI queries and even reuse a substantial amount of the GRPC infrastructure. + +Each module with custom queries should define a service canonically named `Query`: + +```protobuf +// x/bank/types/types.proto + +service Query { + rpc QueryBalance(QueryBalanceParams) returns (cosmos_sdk.v1.Coin) { } + rpc QueryAllBalances(QueryAllBalancesParams) returns (QueryAllBalancesResponse) { } +} +``` + +#### Handling of Interface Types + +Modules that use interface types and need true polymorphism generally force a +`oneof` up to the app-level that provides the set of concrete implementations of +that interface that the app supports. While app's are welcome to do the same for +queries and implement an app-level query service, it is recommended that modules +provide query methods that expose these interfaces via `google.protobuf.Any`. +There is a concern on the transaction level that the overhead of `Any` is too +high to justify its usage. However for queries this is not a concern, and +providing generic module-level queries that use `Any` does not preclude apps +from also providing app-level queries that return use the app-level `oneof`s. + +A hypothetical example for the `gov` module would look something like: + +```protobuf +// x/gov/types/types.proto + +import "google/protobuf/any.proto"; + +service Query { + rpc GetProposal(GetProposalParams) returns (AnyProposal) { } +} + +message AnyProposal { + ProposalBase base = 1; + google.protobuf.Any content = 2; +} +``` + +### Custom Query Implementation + +In order to implement the query service, we can reuse the existing [gogo protobuf](https://github.com/cosmos/gogoproto) +grpc plugin, which for a service named `Query` generates an interface named +`QueryServer` as below: + +```go +type QueryServer interface { + QueryBalance(context.Context, *QueryBalanceParams) (*types.Coin, error) + QueryAllBalances(context.Context, *QueryAllBalancesParams) (*QueryAllBalancesResponse, error) +} +``` + +The custom queries for our module are implemented by implementing this interface. + +The first parameter in this generated interface is a generic `context.Context`, +whereas querier methods generally need an instance of `sdk.Context` to read +from the store. Since arbitrary values can be attached to `context.Context` +using the `WithValue` and `Value` methods, the Cosmos SDK should provide a function +`sdk.UnwrapSDKContext` to retrieve the `sdk.Context` from the provided +`context.Context`. + +An example implementation of `QueryBalance` for the bank module as above would +look something like: + +```go +type Querier struct { + Keeper +} + +func (q Querier) QueryBalance(ctx context.Context, params *types.QueryBalanceParams) (*sdk.Coin, error) { + balance := q.GetBalance(sdk.UnwrapSDKContext(ctx), params.Address, params.Denom) + return &balance, nil +} +``` + +### Custom Query Registration and Routing + +Query server implementations as above would be registered with `AppModule`s using +a new method `RegisterQueryService(grpc.Server)` which could be implemented simply +as below: + +```go +// x/bank/module.go +func (am AppModule) RegisterQueryService(server grpc.Server) { + types.RegisterQueryServer(server, keeper.Querier{am.keeper}) +} +``` + +Underneath the hood, a new method `RegisterService(sd *grpc.ServiceDesc, handler interface{})` +will be added to the existing `baseapp.QueryRouter` to add the queries to the custom +query routing table (with the routing method being described below). +The signature for this method matches the existing +`RegisterServer` method on the GRPC `Server` type where `handler` is the custom +query server implementation described above. + +GRPC-like requests are routed by the service name (ex. `cosmos_sdk.x.bank.v1.Query`) +and method name (ex. `QueryBalance`) combined with `/`s to form a full +method name (ex. `/cosmos_sdk.x.bank.v1.Query/QueryBalance`). This gets translated +into an ABCI query as `custom/cosmos_sdk.x.bank.v1.Query/QueryBalance`. Service handlers +registered with `QueryRouter.RegisterService` will be routed this way. + +Beyond the method name, GRPC requests carry a protobuf encoded payload, which maps naturally +to `RequestQuery.Data`, and receive a protobuf encoded response or error. Thus +there is a quite natural mapping of GRPC-like rpc methods to the existing +`sdk.Query` and `QueryRouter` infrastructure. + +This basic specification allows us to reuse protocol buffer `service` definitions +for ABCI custom queries substantially reducing the need for manual decoding and +encoding in query methods. + +### GRPC Protocol Support + +In addition to providing an ABCI query pathway, we can easily provide a GRPC +proxy server that routes requests in the GRPC protocol to ABCI query requests +under the hood. In this way, clients could use their host languages' existing +GRPC implementations to make direct queries against Cosmos SDK app's using +these `service` definitions. In order for this server to work, the `QueryRouter` +on `BaseApp` will need to expose the service handlers registered with +`QueryRouter.RegisterService` to the proxy server implementation. Nodes could +launch the proxy server on a separate port in the same process as the ABCI app +with a command-line flag. + +### REST Queries and Swagger Generation + +[grpc-gateway](https://github.com/grpc-ecosystem/grpc-gateway) is a project that +translates REST calls into GRPC calls using special annotations on service +methods. Modules that want to expose REST queries should add `google.api.http` +annotations to their `rpc` methods as in this example below. + +```protobuf +// x/bank/types/types.proto + +service Query { + rpc QueryBalance(QueryBalanceParams) returns (cosmos_sdk.v1.Coin) { + option (google.api.http) = { + get: "/x/bank/v1/balance/{address}/{denom}" + }; + } + rpc QueryAllBalances(QueryAllBalancesParams) returns (QueryAllBalancesResponse) { + option (google.api.http) = { + get: "/x/bank/v1/balances/{address}" + }; + } +} +``` + +grpc-gateway will work direcly against the GRPC proxy described above which will +translate requests to ABCI queries under the hood. grpc-gateway can also +generate Swagger definitions automatically. + +In the current implementation of REST queries, each module needs to implement +REST queries manually in addition to ABCI querier methods. Using the grpc-gateway +approach, there will be no need to generate separate REST query handlers, just +query servers as described above as grpc-gateway handles the translation of protobuf +to REST as well as Swagger definitions. + +The Cosmos SDK should provide CLI commands for apps to start GRPC gateway either in +a separate process or the same process as the ABCI app, as well as provide a +command for generating grpc-gateway proxy `.proto` files and the `swagger.json` +file. + +### Client Usage + +The gogo protobuf grpc plugin generates client interfaces in addition to server +interfaces. For the `Query` service defined above we would get a `QueryClient` +interface like: + +```go +type QueryClient interface { + QueryBalance(ctx context.Context, in *QueryBalanceParams, opts ...grpc.CallOption) (*types.Coin, error) + QueryAllBalances(ctx context.Context, in *QueryAllBalancesParams, opts ...grpc.CallOption) (*QueryAllBalancesResponse, error) +} +``` + +Via a small patch to gogo protobuf ([gogo/protobuf#675](https://github.com/gogo/protobuf/pull/675)) +we have tweaked the grpc codegen to use an interface rather than concrete type +for the generated client struct. This allows us to also reuse the GRPC infrastructure +for ABCI client queries. + +1Context`will receive a new method`QueryConn`that returns a`ClientConn` +that routes calls to ABCI queries + +Clients (such as CLI methods) will then be able to call query methods like this: + +```go +clientCtx := client.NewContext() +queryClient := types.NewQueryClient(clientCtx.QueryConn()) +params := &types.QueryBalanceParams{addr, denom} +result, err := queryClient.QueryBalance(gocontext.Background(), params) +``` + +### Testing + +Tests would be able to create a query client directly from keeper and `sdk.Context` +references using a `QueryServerTestHelper` as below: + +```go +queryHelper := baseapp.NewQueryServerTestHelper(ctx) +types.RegisterQueryServer(queryHelper, keeper.Querier{app.BankKeeper}) +queryClient := types.NewQueryClient(queryHelper) +``` + +## Future Improvements + +## Consequences + +### Positive + +* greatly simplified querier implementation (no manual encoding/decoding) +* easy query client generation (can use existing grpc and swagger tools) +* no need for REST query implementations +* type safe query methods (generated via grpc plugin) +* going forward, there will be less breakage of query methods because of the +backwards compatibility guarantees provided by buf + +### Negative + +* all clients using the existing ABCI/REST queries will need to be refactored +for both the new GRPC/REST query paths as well as protobuf/proto-json encoded +data, but this is more or less unavoidable in the protobuf refactoring + +### Neutral + +## References diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-022-custom-panic-handling.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-022-custom-panic-handling.md new file mode 100644 index 00000000..2cdce59f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-022-custom-panic-handling.md @@ -0,0 +1,218 @@ +# ADR 022: Custom BaseApp panic handling + +## Changelog + +* 2020 Apr 24: Initial Draft +* 2021 Sep 14: Superseded by ADR-045 + +## Status + +SUPERSEDED by ADR-045 + +## Context + +The current implementation of BaseApp does not allow developers to write custom error handlers during panic recovery +[runTx()](https://github.com/cosmos/cosmos-sdk/blob/bad4ca75f58b182f600396ca350ad844c18fc80b/baseapp/baseapp.go#L539) +method. We think that this method can be more flexible and can give Cosmos SDK users more options for customizations without +the need to rewrite whole BaseApp. Also there's one special case for `sdk.ErrorOutOfGas` error handling, that case +might be handled in a "standard" way (middleware) alongside the others. + +We propose middleware-solution, which could help developers implement the following cases: + +* add external logging (let's say sending reports to external services like [Sentry](https://sentry.io)); +* call panic for specific error cases; + +It will also make `OutOfGas` case and `default` case one of the middlewares. +`Default` case wraps recovery object to an error and logs it ([example middleware implementation](#recovery-middleware)). + +Our project has a sidecar service running alongside the blockchain node (smart contracts virtual machine). It is +essential that node <-> sidecar connectivity stays stable for TXs processing. So when the communication breaks we need +to crash the node and reboot it once the problem is solved. That behaviour makes node's state machine execution +deterministic. As all keeper panics are caught by runTx's `defer()` handler, we have to adjust the BaseApp code +in order to customize it. + +## Decision + +### Design + +#### Overview + +Instead of hardcoding custom error handling into BaseApp we suggest using set of middlewares which can be customized +externally and will allow developers use as many custom error handlers as they want. Implementation with tests +can be found [here](https://github.com/cosmos/cosmos-sdk/pull/6053). + +#### Implementation details + +##### Recovery handler + +New `RecoveryHandler` type added. `recoveryObj` input argument is an object returned by the standard Go function +`recover()` from the `builtin` package. + +```go +type RecoveryHandler func(recoveryObj interface{}) error +``` + +Handler should type assert (or other methods) an object to define if object should be handled. +`nil` should be returned if input object can't be handled by that `RecoveryHandler` (not a handler's target type). +Not `nil` error should be returned if input object was handled and middleware chain execution should be stopped. + +An example: + +```go +func exampleErrHandler(recoveryObj interface{}) error { + err, ok := recoveryObj.(error) + if !ok { return nil } + + if someSpecificError.Is(err) { + panic(customPanicMsg) + } else { + return nil + } +} +``` + +This example breaks the application execution, but it also might enrich the error's context like the `OutOfGas` handler. + +##### Recovery middleware + +We also add a middleware type (decorator). That function type wraps `RecoveryHandler` and returns the next middleware in +execution chain and handler's `error`. Type is used to separate actual `recovery()` object handling from middleware +chain processing. + +```go +type recoveryMiddleware func(recoveryObj interface{}) (recoveryMiddleware, error) + +func newRecoveryMiddleware(handler RecoveryHandler, next recoveryMiddleware) recoveryMiddleware { + return func(recoveryObj interface{}) (recoveryMiddleware, error) { + if err := handler(recoveryObj); err != nil { + return nil, err + } + return next, nil + } +} +``` + +Function receives a `recoveryObj` object and returns: + +* (next `recoveryMiddleware`, `nil`) if object wasn't handled (not a target type) by `RecoveryHandler`; +* (`nil`, not nil `error`) if input object was handled and other middlewares in the chain should not be executed; +* (`nil`, `nil`) in case of invalid behavior. Panic recovery might not have been properly handled; +this can be avoided by always using a `default` as a rightmost middleware in the chain (always returns an `error`'); + +`OutOfGas` middleware example: + +```go +func newOutOfGasRecoveryMiddleware(gasWanted uint64, ctx sdk.Context, next recoveryMiddleware) recoveryMiddleware { + handler := func(recoveryObj interface{}) error { + err, ok := recoveryObj.(sdk.ErrorOutOfGas) + if !ok { return nil } + + return errorsmod.Wrap( + sdkerrors.ErrOutOfGas, fmt.Sprintf( + "out of gas in location: %v; gasWanted: %d, gasUsed: %d", err.Descriptor, gasWanted, ctx.GasMeter().GasConsumed(), + ), + ) + } + + return newRecoveryMiddleware(handler, next) +} +``` + +`Default` middleware example: + +```go +func newDefaultRecoveryMiddleware() recoveryMiddleware { + handler := func(recoveryObj interface{}) error { + return errorsmod.Wrap( + sdkerrors.ErrPanic, fmt.Sprintf("recovered: %v\nstack:\n%v", recoveryObj, string(debug.Stack())), + ) + } + + return newRecoveryMiddleware(handler, nil) +} +``` + +##### Recovery processing + +Basic chain of middlewares processing would look like: + +```go +func processRecovery(recoveryObj interface{}, middleware recoveryMiddleware) error { + if middleware == nil { return nil } + + next, err := middleware(recoveryObj) + if err != nil { return err } + if next == nil { return nil } + + return processRecovery(recoveryObj, next) +} +``` + +That way we can create a middleware chain which is executed from left to right, the rightmost middleware is a +`default` handler which must return an `error`. + +##### BaseApp changes + +The `default` middleware chain must exist in a `BaseApp` object. `Baseapp` modifications: + +```go +type BaseApp struct { + // ... + runTxRecoveryMiddleware recoveryMiddleware +} + +func NewBaseApp(...) { + // ... + app.runTxRecoveryMiddleware = newDefaultRecoveryMiddleware() +} + +func (app *BaseApp) runTx(...) { + // ... + defer func() { + if r := recover(); r != nil { + recoveryMW := newOutOfGasRecoveryMiddleware(gasWanted, ctx, app.runTxRecoveryMiddleware) + err, result = processRecovery(r, recoveryMW), nil + } + + gInfo = sdk.GasInfo{GasWanted: gasWanted, GasUsed: ctx.GasMeter().GasConsumed()} + }() + // ... +} +``` + +Developers can add their custom `RecoveryHandler`s by providing `AddRunTxRecoveryHandler` as a BaseApp option parameter to the `NewBaseapp` constructor: + +```go +func (app *BaseApp) AddRunTxRecoveryHandler(handlers ...RecoveryHandler) { + for _, h := range handlers { + app.runTxRecoveryMiddleware = newRecoveryMiddleware(h, app.runTxRecoveryMiddleware) + } +} +``` + +This method would prepend handlers to an existing chain. + +## Consequences + +### Positive + +* Developers of Cosmos SDK based projects can add custom panic handlers to: + * add error context for custom panic sources (panic inside of custom keepers); + * emit `panic()`: passthrough recovery object to the Tendermint core; + * other necessary handling; +* Developers can use standard Cosmos SDK `BaseApp` implementation, rather that rewriting it in their projects; +* Proposed solution doesn't break the current "standard" `runTx()` flow; + +### Negative + +* Introduces changes to the execution model design. + +### Neutral + +* `OutOfGas` error handler becomes one of the middlewares; +* Default panic handler becomes one of the middlewares; + +## References + +* [PR-6053 with proposed solution](https://github.com/cosmos/cosmos-sdk/pull/6053) +* [Similar solution. ADR-010 Modular AnteHandler](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-010-modular-antehandler.md) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-023-protobuf-naming.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-023-protobuf-naming.md new file mode 100644 index 00000000..4360befd --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-023-protobuf-naming.md @@ -0,0 +1,263 @@ +# ADR 023: Protocol Buffer Naming and Versioning Conventions + +## Changelog + +* 2020 April 27: Initial Draft +* 2020 August 5: Update guidelines + +## Status + +Accepted + +## Context + +Protocol Buffers provide a basic [style guide](https://developers.google.com/protocol-buffers/docs/style) +and [Buf](https://buf.build/docs/style-guide) builds upon that. To the +extent possible, we want to follow industry accepted guidelines and wisdom for +the effective usage of protobuf, deviating from those only when there is clear +rationale for our use case. + +### Adoption of `Any` + +The adoption of `google.protobuf.Any` as the recommended approach for encoding +interface types (as opposed to `oneof`) makes package naming a central part +of the encoding as fully-qualified message names now appear in encoded +messages. + +### Current Directory Organization + +Thus far we have mostly followed [Buf's](https://buf.build) [DEFAULT](https://buf.build/docs/lint-checkers#default) +recommendations, with the minor deviation of disabling [`PACKAGE_DIRECTORY_MATCH`](https://buf.build/docs/lint-checkers#file_layout) +which although being convenient for developing code comes with the warning +from Buf that: + +> you will have a very bad time with many Protobuf plugins across various languages if you do not do this + +### Adoption of gRPC Queries + +In [ADR 021](adr-021-protobuf-query-encoding.md), gRPC was adopted for Protobuf +native queries. The full gRPC service path thus becomes a key part of ABCI query +path. In the future, gRPC queries may be allowed from within persistent scripts +by technologies such as CosmWasm and these query routes would be stored within +script binaries. + +## Decision + +The goal of this ADR is to provide thoughtful naming conventions that: + +* encourage a good user experience for when users interact directly with +.proto files and fully-qualified protobuf names +* balance conciseness against the possibility of either over-optimizing (making +names too short and cryptic) or under-optimizing (just accepting bloated names +with lots of redundant information) + +These guidelines are meant to act as a style guide for both the Cosmos SDK and +third-party modules. + +As a starting point, we should adopt all of the [DEFAULT](https://buf.build/docs/lint-checkers#default) +checkers in [Buf's](https://buf.build) including [`PACKAGE_DIRECTORY_MATCH`](https://buf.build/docs/lint-checkers#file_layout), +except: + +* [PACKAGE_VERSION_SUFFIX](https://buf.build/docs/lint-checkers#package_version_suffix) +* [SERVICE_SUFFIX](https://buf.build/docs/lint-checkers#service_suffix) + +Further guidelines to be described below. + +### Principles + +#### Concise and Descriptive Names + +Names should be descriptive enough to convey their meaning and distinguish +them from other names. + +Given that we are using fully-qualifed names within +`google.protobuf.Any` as well as within gRPC query routes, we should aim to +keep names concise, without going overboard. The general rule of thumb should +be if a shorter name would convey more or else the same thing, pick the shorter +name. + +For instance, `cosmos.bank.MsgSend` (19 bytes) conveys roughly the same information +as `cosmos_sdk.x.bank.v1.MsgSend` (28 bytes) but is more concise. + +Such conciseness makes names both more pleasant to work with and take up less +space within transactions and on the wire. + +We should also resist the temptation to over-optimize, by making names +cryptically short with abbreviations. For instance, we shouldn't try to +reduce `cosmos.bank.MsgSend` to `csm.bk.MSnd` just to save a few bytes. + +The goal is to make names **_concise but not cryptic_**. + +#### Names are for Clients First + +Package and type names should be chosen for the benefit of users, not +necessarily because of legacy concerns related to the go code-base. + +#### Plan for Longevity + +In the interests of long-term support, we should plan on the names we do +choose to be in usage for a long time, so now is the opportunity to make +the best choices for the future. + +### Versioning + +#### Guidelines on Stable Package Versions + +In general, schema evolution is the way to update protobuf schemas. That means that new fields, +messages, and RPC methods are _added_ to existing schemas and old fields, messages and RPC methods +are maintained as long as possible. + +Breaking things is often unacceptable in a blockchain scenario. For instance, immutable smart contracts +may depend on certain data schemas on the host chain. If the host chain breaks those schemas, the smart +contract may be irreparably broken. Even when things can be fixed (for instance in client software), +this often comes at a high cost. + +Instead of breaking things, we should make every effort to evolve schemas rather than just breaking them. +[Buf](https://buf.build) breaking change detection should be used on all stable (non-alpha or beta) packages +to prevent such breakage. + +With that in mind, different stable versions (i.e. `v1` or `v2`) of a package should more or less be considered +different packages and this should be last resort approach for upgrading protobuf schemas. Scenarios where creating +a `v2` may make sense are: + +* we want to create a new module with similar functionality to an existing module and adding `v2` is the most natural +way to do this. In that case, there are really just two different, but similar modules with different APIs. +* we want to add a new revamped API for an existing module and it's just too cumbersome to add it to the existing package, +so putting it in `v2` is cleaner for users. In this case, care should be made to not deprecate support for +`v1` if it is actively used in immutable smart contracts. + +#### Guidelines on unstable (alpha and beta) package versions + +The following guidelines are recommended for marking packages as alpha or beta: + +* marking something as `alpha` or `beta` should be a last resort and just putting something in the +stable package (i.e. `v1` or `v2`) should be preferred +* a package _should_ be marked as `alpha` _if and only if_ there are active discussions to remove +or significantly alter the package in the near future +* a package _should_ be marked as `beta` _if and only if_ there is an active discussion to +significantly refactor/rework the functionality in the near future but not remove it +* modules _can and should_ have types in both stable (i.e. `v1` or `v2`) and unstable (`alpha` or `beta`) packages. + +_`alpha` and `beta` should not be used to avoid responsibility for maintaining compatibility._ +Whenever code is released into the wild, especially on a blockchain, there is a high cost to changing things. In some +cases, for instance with immutable smart contracts, a breaking change may be impossible to fix. + +When marking something as `alpha` or `beta`, maintainers should ask the questions: + +* what is the cost of asking others to change their code vs the benefit of us maintaining the optionality to change it? +* what is the plan for moving this to `v1` and how will that affect users? + +`alpha` or `beta` should really be used to communicate "changes are planned". + +As a case study, gRPC reflection is in the package `grpc.reflection.v1alpha`. It hasn't been changed since +2017 and it is now used in other widely used software like gRPCurl. Some folks probably use it in production services +and so if they actually went and changed the package to `grpc.reflection.v1`, some software would break and +they probably don't want to do that... So now the `v1alpha` package is more or less the de-facto `v1`. Let's not do that. + +The following are guidelines for working with non-stable packages: + +* [Buf's recommended version suffix](https://buf.build/docs/lint-checkers#package_version_suffix) +(ex. `v1alpha1`) _should_ be used for non-stable packages +* non-stable packages should generally be excluded from breaking change detection +* immutable smart contract modules (i.e. CosmWasm) _should_ block smart contracts/persistent +scripts from interacting with `alpha`/`beta` packages + +#### Omit v1 suffix + +Instead of using [Buf's recommended version suffix](https://buf.build/docs/lint-checkers#package_version_suffix), +we can omit `v1` for packages that don't actually have a second version. This +allows for more concise names for common use cases like `cosmos.bank.Send`. +Packages that do have a second or third version can indicate that with `.v2` +or `.v3`. + +### Package Naming + +#### Adopt a short, unique top-level package name + +Top-level packages should adopt a short name that is known to not collide with +other names in common usage within the Cosmos ecosystem. In the near future, a +registry should be created to reserve and index top-level package names used +within the Cosmos ecosystem. Because the Cosmos SDK is intended to provide +the top-level types for the Cosmos project, the top-level package name `cosmos` +is recommended for usage within the Cosmos SDK instead of the longer `cosmos_sdk`. +[ICS](https://github.com/cosmos/ics) specifications could consider a +short top-level package like `ics23` based upon the standard number. + +#### Limit sub-package depth + +Sub-package depth should be increased with caution. Generally a single +sub-package is needed for a module or a library. Even though `x` or `modules` +is used in source code to denote modules, this is often unnecessary for .proto +files as modules are the primary thing sub-packages are used for. Only items which +are known to be used infrequently should have deep sub-package depths. + +For the Cosmos SDK, it is recommended that that we simply write `cosmos.bank`, +`cosmos.gov`, etc. rather than `cosmos.x.bank`. In practice, most non-module +types can go straight in the `cosmos` package or we can introduce a +`cosmos.base` package if needed. Note that this naming _will not_ change +go package names, i.e. the `cosmos.bank` protobuf package will still live in +`x/bank`. + +### Message Naming + +Message type names should be as concise possible without losing clarity. `sdk.Msg` +types which are used in transactions will retain the `Msg` prefix as that provides +helpful context. + +### Service and RPC Naming + +[ADR 021](adr-021-protobuf-query-encoding.md) specifies that modules should +implement a gRPC query service. We should consider the principle of conciseness +for query service and RPC names as these may be called from persistent script +modules such as CosmWasm. Also, users may use these query paths from tools like +[gRPCurl](https://github.com/fullstorydev/grpcurl). As an example, we can shorten +`/cosmos_sdk.x.bank.v1.QueryService/QueryBalance` to +`/cosmos.bank.Query/Balance` without losing much useful information. + +RPC request and response types _should_ follow the `ServiceNameMethodNameRequest`/ +`ServiceNameMethodNameResponse` naming convention. i.e. for an RPC method named `Balance` +on the `Query` service, the request and response types would be `QueryBalanceRequest` +and `QueryBalanceResponse`. This will be more self-explanatory than `BalanceRequest` +and `BalanceResponse`. + +#### Use just `Query` for the query service + +Instead of [Buf's default service suffix recommendation](https://github.com/cosmos/cosmos-sdk/pull/6033), +we should simply use the shorter `Query` for query services. + +For other types of gRPC services, we should consider sticking with Buf's +default recommendation. + +#### Omit `Get` and `Query` from query service RPC names + +`Get` and `Query` should be omitted from `Query` service names because they are +redundant in the fully-qualified name. For instance, `/cosmos.bank.Query/QueryBalance` +just says `Query` twice without any new information. + +## Future Improvements + +A registry of top-level package names should be created to coordinate naming +across the ecosystem, prevent collisions, and also help developers discover +useful schemas. A simple starting point would be a git repository with +community-based governance. + +## Consequences + +### Positive + +* names will be more concise and easier to read and type +* all transactions using `Any` will be at shorter (`_sdk.x` and `.v1` will be removed) +* `.proto` file imports will be more standard (without `"third_party/proto"` in +the path) +* code generation will be easier for clients because .proto files will be +in a single `proto/` directory which can be copied rather than scattered +throughout the Cosmos SDK + +### Negative + +### Neutral + +* `.proto` files will need to be reorganized and refactored +* some modules may need to be marked as alpha or beta + +## References diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-024-coin-metadata.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-024-coin-metadata.md new file mode 100644 index 00000000..71bedac5 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-024-coin-metadata.md @@ -0,0 +1,140 @@ +# ADR 024: Coin Metadata + +## Changelog + +* 05/19/2020: Initial draft + +## Status + +Proposed + +## Context + +Assets in the Cosmos SDK are represented via a `Coins` type that consists of an `amount` and a `denom`, +where the `amount` can be any arbitrarily large or small value. In addition, the Cosmos SDK uses an +account-based model where there are two types of primary accounts -- basic accounts and module accounts. +All account types have a set of balances that are composed of `Coins`. The `x/bank` module keeps +track of all balances for all accounts and also keeps track of the total supply of balances in an +application. + +With regards to a balance `amount`, the Cosmos SDK assumes a static and fixed unit of denomination, +regardless of the denomination itself. In other words, clients and apps built atop a Cosmos-SDK-based +chain may choose to define and use arbitrary units of denomination to provide a richer UX, however, by +the time a tx or operation reaches the Cosmos SDK state machine, the `amount` is treated as a single +unit. For example, for the Cosmos Hub (Gaia), clients assume 1 ATOM = 10^6 uatom, and so all txs and +operations in the Cosmos SDK work off of units of 10^6. + +This clearly provides a poor and limited UX especially as interoperability of networks increases and +as a result the total amount of asset types increases. We propose to have `x/bank` additionally keep +track of metadata per `denom` in order to help clients, wallet providers, and explorers improve their +UX and remove the requirement for making any assumptions on the unit of denomination. + +## Decision + +The `x/bank` module will be updated to store and index metadata by `denom`, specifically the "base" or +smallest unit -- the unit the Cosmos SDK state-machine works with. + +Metadata may also include a non-zero length list of denominations. Each entry contains the name of +the denomination `denom`, the exponent to the base and a list of aliases. An entry is to be +interpreted as `1 denom = 10^exponent base_denom` (e.g. `1 ETH = 10^18 wei` and `1 uatom = 10^0 uatom`). + +There are two denominations that are of high importance for clients: the `base`, which is the smallest +possible unit and the `display`, which is the unit that is commonly referred to in human communication +and on exchanges. The values in those fields link to an entry in the list of denominations. + +The list in `denom_units` and the `display` entry may be changed via governance. + +As a result, we can define the type as follows: + +```protobuf +message DenomUnit { + string denom = 1; + uint32 exponent = 2; + repeated string aliases = 3; +} + +message Metadata { + string description = 1; + repeated DenomUnit denom_units = 2; + string base = 3; + string display = 4; +} +``` + +As an example, the ATOM's metadata can be defined as follows: + +```json +{ + "name": "atom", + "description": "The native staking token of the Cosmos Hub.", + "denom_units": [ + { + "denom": "uatom", + "exponent": 0, + "aliases": [ + "microatom" + ], + }, + { + "denom": "matom", + "exponent": 3, + "aliases": [ + "milliatom" + ] + }, + { + "denom": "atom", + "exponent": 6, + } + ], + "base": "uatom", + "display": "atom", +} +``` + +Given the above metadata, a client may infer the following things: + +* 4.3atom = 4.3 * (10^6) = 4,300,000uatom +* The string "atom" can be used as a display name in a list of tokens. +* The balance 4300000 can be displayed as 4,300,000uatom or 4,300matom or 4.3atom. + The `display` denomination 4.3atom is a good default if the authors of the client don't make + an explicit decision to choose a different representation. + +A client should be able to query for metadata by denom both via the CLI and REST interfaces. In +addition, we will add handlers to these interfaces to convert from any unit to another given unit, +as the base framework for this already exists in the Cosmos SDK. + +Finally, we need to ensure metadata exists in the `GenesisState` of the `x/bank` module which is also +indexed by the base `denom`. + +```go +type GenesisState struct { + SendEnabled bool `json:"send_enabled" yaml:"send_enabled"` + Balances []Balance `json:"balances" yaml:"balances"` + Supply sdk.Coins `json:"supply" yaml:"supply"` + DenomMetadata []Metadata `json:"denom_metadata" yaml:"denom_metadata"` +} +``` + +## Future Work + +In order for clients to avoid having to convert assets to the base denomination -- either manually or +via an endpoint, we may consider supporting automatic conversion of a given unit input. + +## Consequences + +### Positive + +* Provides clients, wallet providers and block explorers with additional data on + asset denomination to improve UX and remove any need to make assumptions on + denomination units. + +### Negative + +* A small amount of required additional storage in the `x/bank` module. The amount + of additional storage should be minimal as the amount of total assets should not + be large. + +### Neutral + +## References diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-027-deterministic-protobuf-serialization.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-027-deterministic-protobuf-serialization.md new file mode 100644 index 00000000..e19a45a7 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-027-deterministic-protobuf-serialization.md @@ -0,0 +1,314 @@ +# ADR 027: Deterministic Protobuf Serialization + +## Changelog + +* 2020-08-07: Initial Draft +* 2020-09-01: Further clarify rules + +## Status + +Proposed + +## Abstract + +Fully deterministic structure serialization, which works across many languages and clients, +is needed when signing messages. We need to be sure that whenever we serialize +a data structure, no matter in which supported language, the raw bytes +will stay the same. +[Protobuf](https://developers.google.com/protocol-buffers/docs/proto3) +serialization is not bijective (i.e. there exist a practically unlimited number of +valid binary representations for a given protobuf document)1. + +This document describes a deterministic serialization scheme for +a subset of protobuf documents, that covers this use case but can be reused in +other cases as well. + +### Context + +For signature verification in Cosmos SDK, the signer and verifier need to agree on +the same serialization of a `SignDoc` as defined in +[ADR-020](adr-020-protobuf-transaction-encoding.md) without transmitting the +serialization. + +Currently, for block signatures we are using a workaround: we create a new [TxRaw](https://github.com/cosmos/cosmos-sdk/blob/9e85e81e0e8140067dd893421290c191529c148c/proto/cosmos/tx/v1beta1/tx.proto#L30) +instance (as defined in [adr-020-protobuf-transaction-encoding](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-020-protobuf-transaction-encoding.md#transactions)) +by converting all [Tx](https://github.com/cosmos/cosmos-sdk/blob/9e85e81e0e8140067dd893421290c191529c148c/proto/cosmos/tx/v1beta1/tx.proto#L13) +fields to bytes on the client side. This adds an additional manual +step when sending and signing transactions. + +### Decision + +The following encoding scheme is to be used by other ADRs, +and in particular for `SignDoc` serialization. + +## Specification + +### Scope + +This ADR defines a protobuf3 serializer. The output is a valid protobuf +serialization, such that every protobuf parser can parse it. + +No maps are supported in version 1 due to the complexity of defining a +deterministic serialization. This might change in future. Implementations must +reject documents containing maps as invalid input. + +### Background - Protobuf3 Encoding + +Most numeric types in protobuf3 are encoded as +[varints](https://developers.google.com/protocol-buffers/docs/encoding#varints). +Varints are at most 10 bytes, and since each varint byte has 7 bits of data, +varints are a representation of `uint70` (70-bit unsigned integer). When +encoding, numeric values are casted from their base type to `uint70`, and when +decoding, the parsed `uint70` is casted to the appropriate numeric type. + +The maximum valid value for a varint that complies with protobuf3 is +`FF FF FF FF FF FF FF FF FF 7F` (i.e. `2**70 -1`). If the field type is +`{,u,s}int64`, the highest 6 bits of the 70 are dropped during decoding, +introducing 6 bits of malleability. If the field type is `{,u,s}int32`, the +highest 38 bits of the 70 are dropped during decoding, introducing 38 bits of +malleability. + +Among other sources of non-determinism, this ADR eliminates the possibility of +encoding malleability. + +### Serialization rules + +The serialization is based on the +[protobuf3 encoding](https://developers.google.com/protocol-buffers/docs/encoding) +with the following additions: + +1. Fields must be serialized only once in ascending order +2. Extra fields or any extra data must not be added +3. [Default values](https://developers.google.com/protocol-buffers/docs/proto3#default) + must be omitted +4. `repeated` fields of scalar numeric types must use + [packed encoding](https://developers.google.com/protocol-buffers/docs/encoding#packed) +5. Varint encoding must not be longer than needed: + * No trailing zero bytes (in little endian, i.e. no leading zeroes in big + endian). Per rule 3 above, the default value of `0` must be omitted, so + this rule does not apply in such cases. + * The maximum value for a varint must be `FF FF FF FF FF FF FF FF FF 01`. + In other words, when decoded, the highest 6 bits of the 70-bit unsigned + integer must be `0`. (10-byte varints are 10 groups of 7 bits, i.e. + 70 bits, of which only the lowest 70-6=64 are useful.) + * The maximum value for 32-bit values in varint encoding must be `FF FF FF FF 0F` + with one exception (below). In other words, when decoded, the highest 38 + bits of the 70-bit unsigned integer must be `0`. + * The one exception to the above is _negative_ `int32`, which must be + encoded using the full 10 bytes for sign extension2. + * The maximum value for Boolean values in varint encoding must be `01` (i.e. + it must be `0` or `1`). Per rule 3 above, the default value of `0` must + be omitted, so if a Boolean is included it must have a value of `1`. + +While rule number 1. and 2. should be pretty straight forward and describe the +default behavior of all protobuf encoders the author is aware of, the 3rd rule +is more interesting. After a protobuf3 deserialization you cannot differentiate +between unset fields and fields set to the default value3. At +serialization level however, it is possible to set the fields with an empty +value or omitting them entirely. This is a significant difference to e.g. JSON +where a property can be empty (`""`, `0`), `null` or undefined, leading to 3 +different documents. + +Omitting fields set to default values is valid because the parser must assign +the default value to fields missing in the serialization4. For scalar +types, omitting defaults is required by the spec5. For `repeated` +fields, not serializing them is the only way to express empty lists. Enums must +have a first element of numeric value 0, which is the default6. And +message fields default to unset7. + +Omitting defaults allows for some amount of forward compatibility: users of +newer versions of a protobuf schema produce the same serialization as users of +older versions as long as newly added fields are not used (i.e. set to their +default value). + +### Implementation + +There are three main implementation strategies, ordered from the least to the +most custom development: + +* **Use a protobuf serializer that follows the above rules by default.** E.g. + [gogoproto](https://pkg.go.dev/github.com/cosmos/gogoproto/gogoproto) is known to + be compliant by in most cases, but not when certain annotations such as + `nullable = false` are used. It might also be an option to configure an + existing serializer accordingly. +* **Normalize default values before encoding them.** If your serializer follows + rule 1. and 2. and allows you to explicitly unset fields for serialization, + you can normalize default values to unset. This can be done when working with + [protobuf.js](https://www.npmjs.com/package/protobufjs): + + ```js + const bytes = SignDoc.encode({ + bodyBytes: body.length > 0 ? body : null, // normalize empty bytes to unset + authInfoBytes: authInfo.length > 0 ? authInfo : null, // normalize empty bytes to unset + chainId: chainId || null, // normalize "" to unset + accountNumber: accountNumber || null, // normalize 0 to unset + accountSequence: accountSequence || null, // normalize 0 to unset + }).finish(); + ``` + +* **Use a hand-written serializer for the types you need.** If none of the above + ways works for you, you can write a serializer yourself. For SignDoc this + would look something like this in Go, building on existing protobuf utilities: + + ```go + if !signDoc.body_bytes.empty() { + buf.WriteUVarInt64(0xA) // wire type and field number for body_bytes + buf.WriteUVarInt64(signDoc.body_bytes.length()) + buf.WriteBytes(signDoc.body_bytes) + } + + if !signDoc.auth_info.empty() { + buf.WriteUVarInt64(0x12) // wire type and field number for auth_info + buf.WriteUVarInt64(signDoc.auth_info.length()) + buf.WriteBytes(signDoc.auth_info) + } + + if !signDoc.chain_id.empty() { + buf.WriteUVarInt64(0x1a) // wire type and field number for chain_id + buf.WriteUVarInt64(signDoc.chain_id.length()) + buf.WriteBytes(signDoc.chain_id) + } + + if signDoc.account_number != 0 { + buf.WriteUVarInt64(0x20) // wire type and field number for account_number + buf.WriteUVarInt(signDoc.account_number) + } + + if signDoc.account_sequence != 0 { + buf.WriteUVarInt64(0x28) // wire type and field number for account_sequence + buf.WriteUVarInt(signDoc.account_sequence) + } + ``` + +### Test vectors + +Given the protobuf definition `Article.proto` + +```protobuf +package blog; +syntax = "proto3"; + +enum Type { + UNSPECIFIED = 0; + IMAGES = 1; + NEWS = 2; +}; + +enum Review { + UNSPECIFIED = 0; + ACCEPTED = 1; + REJECTED = 2; +}; + +message Article { + string title = 1; + string description = 2; + uint64 created = 3; + uint64 updated = 4; + bool public = 5; + bool promoted = 6; + Type type = 7; + Review review = 8; + repeated string comments = 9; + repeated string backlinks = 10; +}; +``` + +serializing the values + +```yaml +title: "The world needs change 🌳" +description: "" +created: 1596806111080 +updated: 0 +public: true +promoted: false +type: Type.NEWS +review: Review.UNSPECIFIED +comments: ["Nice one", "Thank you"] +backlinks: [] +``` + +must result in the serialization + +```text +0a1b54686520776f726c64206e65656473206368616e676520f09f8cb318e8bebec8bc2e280138024a084e696365206f6e654a095468616e6b20796f75 +``` + +When inspecting the serialized document, you see that every second field is +omitted: + +```shell +$ echo 0a1b54686520776f726c64206e65656473206368616e676520f09f8cb318e8bebec8bc2e280138024a084e696365206f6e654a095468616e6b20796f75 | xxd -r -p | protoc --decode_raw +1: "The world needs change \360\237\214\263" +3: 1596806111080 +5: 1 +7: 2 +9: "Nice one" +9: "Thank you" +``` + +## Consequences + +Having such an encoding available allows us to get deterministic serialization +for all protobuf documents we need in the context of Cosmos SDK signing. + +### Positive + +* Well defined rules that can be verified independent of a reference + implementation +* Simple enough to keep the barrier to implement transaction signing low +* It allows us to continue to use 0 and other empty values in SignDoc, avoiding + the need to work around 0 sequences. This does not imply the change from + https://github.com/cosmos/cosmos-sdk/pull/6949 should not be merged, but not + too important anymore. + +### Negative + +* When implementing transaction signing, the encoding rules above must be + understood and implemented. +* The need for rule number 3. adds some complexity to implementations. +* Some data structures may require custom code for serialization. Thus + the code is not very portable - it will require additional work for each + client implementing serialization to properly handle custom data structures. + +### Neutral + +### Usage in Cosmos SDK + +For the reasons mentioned above ("Negative" section) we prefer to keep workarounds +for shared data structure. Example: the aforementioned `TxRaw` is using raw bytes +as a workaround. This allows them to use any valid Protobuf library without +the need of implementing a custom serializer that adheres to this standard (and related risks of bugs). + +## References + +* 1 _When a message is serialized, there is no guaranteed order for + how its known or unknown fields should be written. Serialization order is an + implementation detail and the details of any particular implementation may + change in the future. Therefore, protocol buffer parsers must be able to parse + fields in any order._ from + https://developers.google.com/protocol-buffers/docs/encoding#order +* 2 https://developers.google.com/protocol-buffers/docs/encoding#signed_integers +* 3 _Note that for scalar message fields, once a message is parsed + there's no way of telling whether a field was explicitly set to the default + value (for example whether a boolean was set to false) or just not set at all: + you should bear this in mind when defining your message types. For example, + don't have a boolean that switches on some behavior when set to false if you + don't want that behavior to also happen by default._ from + https://developers.google.com/protocol-buffers/docs/proto3#default +* 4 _When a message is parsed, if the encoded message does not + contain a particular singular element, the corresponding field in the parsed + object is set to the default value for that field._ from + https://developers.google.com/protocol-buffers/docs/proto3#default +* 5 _Also note that if a scalar message field is set to its default, + the value will not be serialized on the wire._ from + https://developers.google.com/protocol-buffers/docs/proto3#default +* 6 _For enums, the default value is the first defined enum value, + which must be 0._ from + https://developers.google.com/protocol-buffers/docs/proto3#default +* 7 _For message fields, the field is not set. Its exact value is + language-dependent._ from + https://developers.google.com/protocol-buffers/docs/proto3#default +* Encoding rules and parts of the reasoning taken from + [canonical-proto3 Aaron Craelius](https://github.com/regen-network/canonical-proto3) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-028-public-key-addresses.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-028-public-key-addresses.md new file mode 100644 index 00000000..9f394f7a --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-028-public-key-addresses.md @@ -0,0 +1,342 @@ +# ADR 028: Public Key Addresses + +## Changelog + +* 2020/08/18: Initial version +* 2021/01/15: Analysis and algorithm update + +## Status + +Proposed + +## Abstract + +This ADR defines an address format for all addressable Cosmos SDK accounts. That includes: new public key algorithms, multisig public keys, and module accounts. + +## Context + +Issue [\#3685](https://github.com/cosmos/cosmos-sdk/issues/3685) identified that public key +address spaces are currently overlapping. We confirmed that it significantly decreases security of Cosmos SDK. + +### Problem + +An attacker can control an input for an address generation function. This leads to a birthday attack, which significantly decreases the security space. +To overcome this, we need to separate the inputs for different kind of account types: +a security break of one account type shouldn't impact the security of other account types. + +### Initial proposals + +One initial proposal was extending the address length and +adding prefixes for different types of addresses. + +@ethanfrey explained an alternate approach originally used in https://github.com/iov-one/weave: + +> I spent quite a bit of time thinking about this issue while building weave... The other cosmos Sdk. +> Basically I define a condition to be a type and format as human readable string with some binary data appended. This condition is hashed into an Address (again at 20 bytes). The use of this prefix makes it impossible to find a preimage for a given address with a different condition (eg ed25519 vs secp256k1). +> This is explained in depth here https://weave.readthedocs.io/en/latest/design/permissions.html +> And the code is here, look mainly at the top where we process conditions. https://github.com/iov-one/weave/blob/master/conditions.go + +And explained how this approach should be sufficiently collision resistant: + +> Yeah, AFAIK, 20 bytes should be collision resistance when the preimages are unique and not malleable. A space of 2^160 would expect some collision to be likely around 2^80 elements (birthday paradox). And if you want to find a collision for some existing element in the database, it is still 2^160. 2^80 only is if all these elements are written to state. +> The good example you brought up was eg. a public key bytes being a valid public key on two algorithms supported by the codec. Meaning if either was broken, you would break accounts even if they were secured with the safer variant. This is only as the issue when no differentiating type info is present in the preimage (before hashing into an address). +> I would like to hear an argument if the 20 bytes space is an actual issue for security, as I would be happy to increase my address sizes in weave. I just figured cosmos and ethereum and bitcoin all use 20 bytes, it should be good enough. And the arguments above which made me feel it was secure. But I have not done a deeper analysis. + +This led to the first proposal (which we proved to be not good enough): +we concatenate a key type with a public key, hash it and take the first 20 bytes of that hash, summarized as `sha256(keyTypePrefix || keybytes)[:20]`. + +### Review and Discussions + +In [\#5694](https://github.com/cosmos/cosmos-sdk/issues/5694) we discussed various solutions. +We agreed that 20 bytes it's not future proof, and extending the address length is the only way to allow addresses of different types, various signature types, etc. +This disqualifies the initial proposal. + +In the issue we discussed various modifications: + +* Choice of the hash function. +* Move the prefix out of the hash function: `keyTypePrefix + sha256(keybytes)[:20]` [post-hash-prefix-proposal]. +* Use double hashing: `sha256(keyTypePrefix + sha256(keybytes)[:20])`. +* Increase to keybytes hash slice from 20 byte to 32 or 40 bytes. We concluded that 32 bytes, produced by a good hash functions is future secure. + +### Requirements + +* Support currently used tools - we don't want to break an ecosystem, or add a long adaptation period. Ref: https://github.com/cosmos/cosmos-sdk/issues/8041 +* Try to keep the address length small - addresses are widely used in state, both as part of a key and object value. + +### Scope + +This ADR only defines a process for the generation of address bytes. For end-user interactions with addresses (through the API, or CLI, etc.), we still use bech32 to format these addresses as strings. This ADR doesn't change that. +Using Bech32 for string encoding gives us support for checksum error codes and handling of user typos. + +## Decision + +We define the following account types, for which we define the address function: + +1. simple accounts: represented by a regular public key (ie: secp256k1, sr25519) +2. naive multisig: accounts composed by other addressable objects (ie: naive multisig) +3. composed accounts with a native address key (ie: bls, group module accounts) +4. module accounts: basically any accounts which cannot sign transactions and which are managed internally by modules + +### Legacy Public Key Addresses Don't Change + +Currently (Jan 2021), the only officially supported Cosmos SDK user accounts are `secp256k1` basic accounts and legacy amino multisig. +They are used in existing Cosmos SDK zones. They use the following address formats: + +* secp256k1: `ripemd160(sha256(pk_bytes))[:20]` +* legacy amino multisig: `sha256(aminoCdc.Marshal(pk))[:20]` + +We don't want to change existing addresses. So the addresses for these two key types will remain the same. + +The current multisig public keys use amino serialization to generate the address. We will retain +those public keys and their address formatting, and call them "legacy amino" multisig public keys +in protobuf. We will also create multisig public keys without amino addresses to be described below. + +### Hash Function Choice + +As in other parts of the Cosmos SDK, we will use `sha256`. + +### Basic Address + +We start with defining a base algorithm for generating addresses which we will call `Hash`. Notably, it's used for accounts represented by a single key pair. For each public key schema we have to have an associated `typ` string, explained in the next section. `hash` is the cryptographic hash function defined in the previous section. + +```go +const A_LEN = 32 + +func Hash(typ string, key []byte) []byte { + return hash(hash(typ) + key)[:A_LEN] +} +``` + +The `+` is bytes concatenation, which doesn't use any separator. + +This algorithm is the outcome of a consultation session with a professional cryptographer. +Motivation: this algorithm keeps the address relatively small (length of the `typ` doesn't impact the length of the final address) +and it's more secure than [post-hash-prefix-proposal] (which uses the first 20 bytes of a pubkey hash, significantly reducing the address space). +Moreover the cryptographer motivated the choice of adding `typ` in the hash to protect against a switch table attack. + +`address.Hash` is a low level function to generate _base_ addresses for new key types. Example: + +* BLS: `address.Hash("bls", pubkey)` + +### Composed Addresses + +For simple composed accounts (like a new naive multisig) we generalize the `address.Hash`. The address is constructed by recursively creating addresses for the sub accounts, sorting the addresses and composing them into a single address. It ensures that the ordering of keys doesn't impact the resulting address. + +```go +// We don't need a PubKey interface - we need anything which is addressable. +type Addressable interface { + Address() []byte +} + +func Composed(typ string, subaccounts []Addressable) []byte { + addresses = map(subaccounts, \a -> LengthPrefix(a.Address())) + addresses = sort(addresses) + return address.Hash(typ, addresses[0] + ... + addresses[n]) +} +``` + +The `typ` parameter should be a schema descriptor, containing all significant attributes with deterministic serialization (eg: utf8 string). +`LengthPrefix` is a function which prepends 1 byte to the address. The value of that byte is the length of the address bits before prepending. The address must be at most 255 bits long. +We are using `LengthPrefix` to eliminate conflicts - it assures, that for 2 lists of addresses: `as = {a1, a2, ..., an}` and `bs = {b1, b2, ..., bm}` such that every `bi` and `ai` is at most 255 long, `concatenate(map(as, (a) => LengthPrefix(a))) = map(bs, (b) => LengthPrefix(b))` if `as = bs`. + +Implementation Tip: account implementations should cache addresses. + +#### Multisig Addresses + +For a new multisig public keys, we define the `typ` parameter not based on any encoding scheme (amino or protobuf). This avoids issues with non-determinism in the encoding scheme. + +Example: + +```protobuf +package cosmos.crypto.multisig; + +message PubKey { + uint32 threshold = 1; + repeated google.protobuf.Any pubkeys = 2; +} +``` + +```go +func (multisig PubKey) Address() { + // first gather all nested pub keys + var keys []address.Addressable // cryptotypes.PubKey implements Addressable + for _, _key := range multisig.Pubkeys { + keys = append(keys, key.GetCachedValue().(cryptotypes.PubKey)) + } + + // form the type from the message name (cosmos.crypto.multisig.PubKey) and the threshold joined together + prefix := fmt.Sprintf("%s/%d", proto.MessageName(multisig), multisig.Threshold) + + // use the Composed function defined above + return address.Composed(prefix, keys) +} +``` + + +### Derived Addresses + +We must be able to cryptographically derive one address from another one. The derivation process must guarantee hash properties, hence we use the already defined `Hash` function: + +```go +func Derive(address, derivationKey []byte) []byte { + return Hash(addres, derivationKey) +} +``` + +### Module Account Addresses + +A module account will have `"module"` type. Module accounts can have sub accounts. The submodule account will be created based on module name, and sequence of derivation keys. Typically, the first derivation key should be a class of the derived accounts. The derivation process has a defined order: module name, submodule key, subsubmodule key... An example module account is created using: + +```go +address.Module(moduleName, key) +``` + +An example sub-module account is created using: + +```go +groupPolicyAddresses := []byte{1} +address.Module(moduleName, groupPolicyAddresses, policyID) +``` + +The `address.Module` function is using `address.Hash` with `"module"` as the type argument, and byte representation of the module name concatenated with submodule key. The two last component must be uniquely separated to avoid potential clashes (example: modulename="ab" & submodulekey="bc" will have the same derivation key as modulename="a" & submodulekey="bbc"). +We use a null byte (`'\x00'`) to separate module name from the submodule key. This works, because null byte is not a part of a valid module name. Finally, the sub-submodule accounts are created by applying the `Derive` function recursively. +We could use `Derive` function also in the first step (rather than concatenating module name with zero byte and the submodule key). We decided to do concatenation to avoid one level of derivation and speed up computation. + +For backward compatibility with the existing `authtypes.NewModuleAddress`, we add a special case in `Module` function: when no derivation key is provided, we fallback to the "legacy" implementation. + +```go +func Module(moduleName string, derivationKeys ...[]byte) []byte{ + if len(derivationKeys) == 0 { + return authtypes.NewModuleAddress(modulenName) // legacy case + } + submoduleAddress := Hash("module", []byte(moduleName) + 0 + key) + return fold((a, k) => Derive(a, k), subsubKeys, submoduleAddress) +} +``` + +**Example 1** A lending BTC pool address would be: + +```go +btcPool := address.Module("lending", btc.Address()}) +``` + +If we want to create an address for a module account depending on more than one key, we can concatenate them: + +```go +btcAtomAMM := address.Module("amm", btc.Address() + atom.Address()}) +``` + +**Example 2** a smart-contract address could be constructed by: + +```go +smartContractAddr = Module("mySmartContractVM", smartContractsNamespace, smartContractKey}) + +// which equals to: +smartContractAddr = Derived( + Module("mySmartContractVM", smartContractsNamespace), + []{smartContractKey}) +``` + +### Schema Types + +A `typ` parameter used in `Hash` function SHOULD be unique for each account type. +Since all Cosmos SDK account types are serialized in the state, we propose to use the protobuf message name string. + +Example: all public key types have a unique protobuf message type similar to: + +```protobuf +package cosmos.crypto.sr25519; + +message PubKey { + bytes key = 1; +} +``` + +All protobuf messages have unique fully qualified names, in this example `cosmos.crypto.sr25519.PubKey`. +These names are derived directly from .proto files in a standardized way and used +in other places such as the type URL in `Any`s. We can easily obtain the name using +`proto.MessageName(msg)`. + +## Consequences + +### Backwards Compatibility + +This ADR is compatible with what was committed and directly supported in the Cosmos SDK repository. + +### Positive + +* a simple algorithm for generating addresses for new public keys, complex accounts and modules +* the algorithm generalizes _native composed keys_ +* increased security and collision resistance of addresses +* the approach is extensible for future use-cases - one can use other address types, as long as they don't conflict with the address length specified here (20 or 32 bytes). +* support new account types. + +### Negative + +* addresses do not communicate key type, a prefixed approach would have done this +* addresses are 60% longer and will consume more storage space +* requires a refactor of KVStore store keys to handle variable length addresses + +### Neutral + +* protobuf message names are used as key type prefixes + +## Further Discussions + +Some accounts can have a fixed name or may be constructed in other way (eg: modules). We were discussing an idea of an account with a predefined name (eg: `me.regen`), which could be used by institutions. +Without going into details, these kinds of addresses are compatible with the hash based addresses described here as long as they don't have the same length. +More specifically, any special account address must not have a length equal to 20 or 32 bytes. + +## Appendix: Consulting session + +End of Dec 2020 we had a session with [Alan Szepieniec](https://scholar.google.be/citations?user=4LyZn8oAAAAJ&hl=en) to consult the approach presented above. + +Alan general observations: + +* we don’t need 2-preimage resistance +* we need 32bytes address space for collision resistance +* when an attacker can control an input for object with an address then we have a problem with birthday attack +* there is an issue with smart-contracts for hashing +* sha2 mining can be use to breaking address pre-image + +Hashing algorithm + +* any attack breaking blake3 will break blake2 +* Alan is pretty confident about the current security analysis of the blake hash algorithm. It was a finalist, and the author is well known in security analysis. + +Algorithm: + +* Alan recommends to hash the prefix: `address(pub_key) = hash(hash(key_type) + pub_key)[:32]`, main benefits: + * we are free to user arbitrary long prefix names + * we still don’t risk collisions + * switch tables +* discussion about penalization -> about adding prefix post hash +* Aaron asked about post hash prefixes (`address(pub_key) = key_type + hash(pub_key)`) and differences. Alan noted that this approach has longer address space and it’s stronger. + +Algorithm for complex / composed keys: + +* merging tree like addresses with same algorithm are fine + +Module addresses: Should module addresses have different size to differentiate it? + +* we will need to set a pre-image prefix for module addresse to keept them in 32-byte space: `hash(hash('module') + module_key)` +* Aaron observation: we already need to deal with variable length (to not break secp256k1 keys). + +Discssion about arithmetic hash function for ZKP + +* Posseidon / Rescue +* Problem: much bigger risk because we don’t know much techniques and history of crypto-analysis of arithmetic constructions. It’s still a new ground and area of active research. + +Post quantum signature size + +* Alan suggestion: Falcon: speed / size ration - very good. +* Aaron - should we think about it? + Alan: based on early extrapolation this thing will get able to break EC cryptography in 2050 . But that’s a lot of uncertainty. But there is magic happening with recurions / linking / simulation and that can speedup the progress. + +Other ideas + +* Let’s say we use same key and two different address algorithms for 2 different use cases. Is it still safe to use it? Alan: if we want to hide the public key (which is not our use case), then it’s less secure but there are fixes. + +### References + +* [Notes](https://hackmd.io/_NGWI4xZSbKzj1BkCqyZMw) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-029-fee-grant-module.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-029-fee-grant-module.md new file mode 100644 index 00000000..6b52556f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-029-fee-grant-module.md @@ -0,0 +1,153 @@ +# ADR 029: Fee Grant Module + +## Changelog + +* 2020/08/18: Initial Draft +* 2021/05/05: Removed height based expiration support and simplified naming. + +## Status + +Accepted + +## Context + +In order to make blockchain transactions, the signing account must possess a sufficient balance of the right denomination +in order to pay fees. There are classes of transactions where needing to maintain a wallet with sufficient fees is a +barrier to adoption. + +For instance, when proper permissions are setup, someone may temporarily delegate the ability to vote on proposals to +a "burner" account that is stored on a mobile phone with only minimal security. + +Other use cases include workers tracking items in a supply chain or farmers submitting field data for analytics +or compliance purposes. + +For all of these use cases, UX would be significantly enhanced by obviating the need for these accounts to always +maintain the appropriate fee balance. This is especially true if we wanted to achieve enterprise adoption for something +like supply chain tracking. + +While one solution would be to have a service that fills up these accounts automatically with the appropriate fees, a better UX +would be provided by allowing these accounts to pull from a common fee pool account with proper spending limits. +A single pool would reduce the churn of making lots of small "fill up" transactions and also more effectively leverages +the resources of the organization setting up the pool. + +## Decision + +As a solution we propose a module, `x/feegrant` which allows one account, the "granter" to grant another account, the "grantee" +an allowance to spend the granter's account balance for fees within certain well-defined limits. + +Fee allowances are defined by the extensible `FeeAllowanceI` interface: + +```go +type FeeAllowanceI { + // Accept can use fee payment requested as well as timestamp of the current block + // to determine whether or not to process this. This is checked in + // Keeper.UseGrantedFees and the return values should match how it is handled there. + // + // If it returns an error, the fee payment is rejected, otherwise it is accepted. + // The FeeAllowance implementation is expected to update it's internal state + // and will be saved again after an acceptance. + // + // If remove is true (regardless of the error), the FeeAllowance will be deleted from storage + // (eg. when it is used up). (See call to RevokeFeeAllowance in Keeper.UseGrantedFees) + Accept(ctx sdk.Context, fee sdk.Coins, msgs []sdk.Msg) (remove bool, err error) + + // ValidateBasic should evaluate this FeeAllowance for internal consistency. + // Don't allow negative amounts, or negative periods for example. + ValidateBasic() error +} +``` + +Two basic fee allowance types, `BasicAllowance` and `PeriodicAllowance` are defined to support known use cases: + +```protobuf +// BasicAllowance implements FeeAllowanceI with a one-time grant of tokens +// that optionally expires. The delegatee can use up to SpendLimit to cover fees. +message BasicAllowance { + // spend_limit specifies the maximum amount of tokens that can be spent + // by this allowance and will be updated as tokens are spent. If it is + // empty, there is no spend limit and any amount of coins can be spent. + repeated cosmos_sdk.v1.Coin spend_limit = 1; + + // expiration specifies an optional time when this allowance expires + google.protobuf.Timestamp expiration = 2; +} + +// PeriodicAllowance extends FeeAllowanceI to allow for both a maximum cap, +// as well as a limit per time period. +message PeriodicAllowance { + BasicAllowance basic = 1; + + // period specifies the time duration in which period_spend_limit coins can + // be spent before that allowance is reset + google.protobuf.Duration period = 2; + + // period_spend_limit specifies the maximum number of coins that can be spent + // in the period + repeated cosmos_sdk.v1.Coin period_spend_limit = 3; + + // period_can_spend is the number of coins left to be spent before the period_reset time + repeated cosmos_sdk.v1.Coin period_can_spend = 4; + + // period_reset is the time at which this period resets and a new one begins, + // it is calculated from the start time of the first transaction after the + // last period ended + google.protobuf.Timestamp period_reset = 5; +} + +``` + +Allowances can be granted and revoked using `MsgGrantAllowance` and `MsgRevokeAllowance`: + +```protobuf +// MsgGrantAllowance adds permission for Grantee to spend up to Allowance +// of fees from the account of Granter. +message MsgGrantAllowance { + string granter = 1; + string grantee = 2; + google.protobuf.Any allowance = 3; + } + + // MsgRevokeAllowance removes any existing FeeAllowance from Granter to Grantee. + message MsgRevokeAllowance { + string granter = 1; + string grantee = 2; + } +``` + +In order to use allowances in transactions, we add a new field `granter` to the transaction `Fee` type: + +```protobuf +package cosmos.tx.v1beta1; + +message Fee { + repeated cosmos.base.v1beta1.Coin amount = 1; + uint64 gas_limit = 2; + string payer = 3; + string granter = 4; +} +``` + +`granter` must either be left empty or must correspond to an account which has granted +a fee allowance to fee payer (either the first signer or the value of the `payer` field). + +A new `AnteDecorator` named `DeductGrantedFeeDecorator` will be created in order to process transactions with `fee_payer` +set and correctly deduct fees based on fee allowances. + +## Consequences + +### Positive + +* improved UX for use cases where it is cumbersome to maintain an account balance just for fees + +### Negative + +### Neutral + +* a new field must be added to the transaction `Fee` message and a new `AnteDecorator` must be +created to use it + +## References + +* Blog article describing initial work: https://medium.com/regen-network/hacking-the-cosmos-cosmwasm-and-key-management-a08b9f561d1b +* Initial public specification: https://gist.github.com/aaronc/b60628017352df5983791cad30babe56 +* Original subkeys proposal from B-harvest which influenced this design: https://github.com/cosmos/cosmos-sdk/issues/4480 diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-030-authz-module.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-030-authz-module.md new file mode 100644 index 00000000..0454138d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-030-authz-module.md @@ -0,0 +1,258 @@ +# ADR 030: Authorization Module + +## Changelog + +* 2019-11-06: Initial Draft +* 2020-10-12: Updated Draft +* 2020-11-13: Accepted +* 2020-05-06: proto API updates, use `sdk.Msg` instead of `sdk.ServiceMsg` (the latter concept was removed from Cosmos SDK) +* 2022-04-20: Updated the `SendAuthorization` proto docs to clarify the `SpendLimit` is a required field. (Generic authorization can be used with bank msg type url to create limit less bank authorization) + +## Status + +Accepted + +## Abstract + +This ADR defines the `x/authz` module which allows accounts to grant authorizations to perform actions +on behalf of that account to other accounts. + +## Context + +The concrete use cases which motivated this module include: + +* the desire to delegate the ability to vote on proposals to other accounts besides the account which one has +delegated stake +* "sub-keys" functionality, as originally proposed in [\#4480](https://github.com/cosmos/cosmos-sdk/issues/4480) which +is a term used to describe the functionality provided by this module together with +the `fee_grant` module from [ADR 029](adr-029-fee-grant-module.md) and the [group module](https://github.com/cosmos/cosmos-sdk/tree/main/x/group). + +The "sub-keys" functionality roughly refers to the ability for one account to grant some subset of its capabilities to +other accounts with possibly less robust, but easier to use security measures. For instance, a master account representing +an organization could grant the ability to spend small amounts of the organization's funds to individual employee accounts. +Or an individual (or group) with a multisig wallet could grant the ability to vote on proposals to any one of the member +keys. + +The current implementation is based on work done by the [Gaian's team at Hackatom Berlin 2019](https://github.com/cosmos-gaians/cosmos-sdk/tree/hackatom/x/delegation). + +## Decision + +We will create a module named `authz` which provides functionality for +granting arbitrary privileges from one account (the _granter_) to another account (the _grantee_). Authorizations +must be granted for a particular `Msg` service methods one by one using an implementation +of `Authorization` interface. + +### Types + +Authorizations determine exactly what privileges are granted. They are extensible +and can be defined for any `Msg` service method even outside of the module where +the `Msg` method is defined. `Authorization`s reference `Msg`s using their TypeURL. + +#### Authorization + +```go +type Authorization interface { + proto.Message + + // MsgTypeURL returns the fully-qualified Msg TypeURL (as described in ADR 020), + // which will process and accept or reject a request. + MsgTypeURL() string + + // Accept determines whether this grant permits the provided sdk.Msg to be performed, and if + // so provides an upgraded authorization instance. + Accept(ctx sdk.Context, msg sdk.Msg) (AcceptResponse, error) + + // ValidateBasic does a simple validation check that + // doesn't require access to any other information. + ValidateBasic() error +} + +// AcceptResponse instruments the controller of an authz message if the request is accepted +// and if it should be updated or deleted. +type AcceptResponse struct { + // If Accept=true, the controller can accept and authorization and handle the update. + Accept bool + // If Delete=true, the controller must delete the authorization object and release + // storage resources. + Delete bool + // Controller, who is calling Authorization.Accept must check if `Updated != nil`. If yes, + // it must use the updated version and handle the update on the storage level. + Updated Authorization +} +``` + +For example a `SendAuthorization` like this is defined for `MsgSend` that takes +a `SpendLimit` and updates it down to zero: + +```go +type SendAuthorization struct { + // SpendLimit specifies the maximum amount of tokens that can be spent + // by this authorization and will be updated as tokens are spent. This field is required. (Generic authorization + // can be used with bank msg type url to create limit less bank authorization). + SpendLimit sdk.Coins +} + +func (a SendAuthorization) MsgTypeURL() string { + return sdk.MsgTypeURL(&MsgSend{}) +} + +func (a SendAuthorization) Accept(ctx sdk.Context, msg sdk.Msg) (authz.AcceptResponse, error) { + mSend, ok := msg.(*MsgSend) + if !ok { + return authz.AcceptResponse{}, sdkerrors.ErrInvalidType.Wrap("type mismatch") + } + limitLeft, isNegative := a.SpendLimit.SafeSub(mSend.Amount) + if isNegative { + return authz.AcceptResponse{}, sdkerrors.ErrInsufficientFunds.Wrapf("requested amount is more than spend limit") + } + if limitLeft.IsZero() { + return authz.AcceptResponse{Accept: true, Delete: true}, nil + } + + return authz.AcceptResponse{Accept: true, Delete: false, Updated: &SendAuthorization{SpendLimit: limitLeft}}, nil +} +``` + +A different type of capability for `MsgSend` could be implemented +using the `Authorization` interface with no need to change the underlying +`bank` module. + +##### Small notes on `AcceptResponse` + +* The `AcceptResponse.Accept` field will be set to `true` if the authorization is accepted. +However, if it is rejected, the function `Accept` will raise an error (without setting `AcceptResponse.Accept` to `false`). + +* The `AcceptResponse.Updated` field will be set to a non-nil value only if there is a real change to the authorization. +If authorization remains the same (as is, for instance, always the case for a [`GenericAuthorization`](#genericauthorization)), +the field will be `nil`. + +### `Msg` Service + +```protobuf +service Msg { + // Grant grants the provided authorization to the grantee on the granter's + // account with the provided expiration time. + rpc Grant(MsgGrant) returns (MsgGrantResponse); + + // Exec attempts to execute the provided messages using + // authorizations granted to the grantee. Each message should have only + // one signer corresponding to the granter of the authorization. + rpc Exec(MsgExec) returns (MsgExecResponse); + + // Revoke revokes any authorization corresponding to the provided method name on the + // granter's account that has been granted to the grantee. + rpc Revoke(MsgRevoke) returns (MsgRevokeResponse); +} + +// Grant gives permissions to execute +// the provided method with expiration time. +message Grant { + google.protobuf.Any authorization = 1 [(cosmos_proto.accepts_interface) = "cosmos.authz.v1beta1.Authorization"]; + google.protobuf.Timestamp expiration = 2 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false]; +} + +message MsgGrant { + string granter = 1; + string grantee = 2; + + Grant grant = 3 [(gogoproto.nullable) = false]; +} + +message MsgExecResponse { + cosmos.base.abci.v1beta1.Result result = 1; +} + +message MsgExec { + string grantee = 1; + // Authorization Msg requests to execute. Each msg must implement Authorization interface + repeated google.protobuf.Any msgs = 2 [(cosmos_proto.accepts_interface) = "cosmos.base.v1beta1.Msg"];; +} +``` + +### Router Middleware + +The `authz` `Keeper` will expose a `DispatchActions` method which allows other modules to send `Msg`s +to the router based on `Authorization` grants: + +```go +type Keeper interface { + // DispatchActions routes the provided msgs to their respective handlers if the grantee was granted an authorization + // to send those messages by the first (and only) signer of each msg. + DispatchActions(ctx sdk.Context, grantee sdk.AccAddress, msgs []sdk.Msg) sdk.Result` +} +``` + +### CLI + +#### `tx exec` Method + +When a CLI user wants to run a transaction on behalf of another account using `MsgExec`, they +can use the `exec` method. For instance `gaiacli tx gov vote 1 yes --from --generate-only | gaiacli tx authz exec --send-as --from ` +would send a transaction like this: + +```go +MsgExec { + Grantee: mykey, + Msgs: []sdk.Msg{ + MsgVote { + ProposalID: 1, + Voter: cosmos3thsdgh983egh823 + Option: Yes + } + } +} +``` + +#### `tx grant --from ` + +This CLI command will send a `MsgGrant` transaction. `authorization` should be encoded as +JSON on the CLI. + +#### `tx revoke --from ` + +This CLI command will send a `MsgRevoke` transaction. + +### Built-in Authorizations + +#### `SendAuthorization` + +```protobuf +// SendAuthorization allows the grantee to spend up to spend_limit coins from +// the granter's account. +message SendAuthorization { + repeated cosmos.base.v1beta1.Coin spend_limit = 1; +} +``` + +#### `GenericAuthorization` + +```protobuf +// GenericAuthorization gives the grantee unrestricted permissions to execute +// the provided method on behalf of the granter's account. +message GenericAuthorization { + option (cosmos_proto.implements_interface) = "Authorization"; + + // Msg, identified by it's type URL, to grant unrestricted permissions to execute + string msg = 1; +} +``` + +## Consequences + +### Positive + +* Users will be able to authorize arbitrary actions on behalf of their accounts to other +users, improving key management for many use cases +* The solution is more generic than previously considered approaches and the +`Authorization` interface approach can be extended to cover other use cases by +SDK users + +### Negative + +### Neutral + +## References + +* Initial Hackatom implementation: https://github.com/cosmos-gaians/cosmos-sdk/tree/hackatom/x/delegation +* Post-Hackatom spec: https://gist.github.com/aaronc/b60628017352df5983791cad30babe56#delegation-module +* B-Harvest subkeys spec: https://github.com/cosmos/cosmos-sdk/issues/4480 diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-031-msg-service.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-031-msg-service.md new file mode 100644 index 00000000..b8e4005d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-031-msg-service.md @@ -0,0 +1,202 @@ +# ADR 031: Protobuf Msg Services + +## Changelog + +* 2020-10-05: Initial Draft +* 2021-04-21: Remove `ServiceMsg`s to follow Protobuf `Any`'s spec, see [#9063](https://github.com/cosmos/cosmos-sdk/issues/9063). + +## Status + +Accepted + +## Abstract + +We want to leverage protobuf `service` definitions for defining `Msg`s which will give us significant developer UX +improvements in terms of the code that is generated and the fact that return types will now be well defined. + +## Context + +Currently `Msg` handlers in the Cosmos SDK do have return values that are placed in the `data` field of the response. +These return values, however, are not specified anywhere except in the golang handler code. + +In early conversations [it was proposed](https://docs.google.com/document/d/1eEgYgvgZqLE45vETjhwIw4VOqK-5hwQtZtjVbiXnIGc/edit) +that `Msg` return types be captured using a protobuf extension field, ex: + +```protobuf +package cosmos.gov; + +message MsgSubmitProposal + option (cosmos_proto.msg_return) = “uint64”; + string delegator_address = 1; + string validator_address = 2; + repeated sdk.Coin amount = 3; +} +``` + +This was never adopted, however. + +Having a well-specified return value for `Msg`s would improve client UX. For instance, +in `x/gov`, `MsgSubmitProposal` returns the proposal ID as a big-endian `uint64`. +This isn’t really documented anywhere and clients would need to know the internals +of the Cosmos SDK to parse that value and return it to users. + +Also, there may be cases where we want to use these return values programatically. +For instance, https://github.com/cosmos/cosmos-sdk/issues/7093 proposes a method for +doing inter-module Ocaps using the `Msg` router. A well-defined return type would +improve the developer UX for this approach. + +In addition, handler registration of `Msg` types tends to add a bit of +boilerplate on top of keepers and is usually done through manual type switches. +This isn't necessarily bad, but it does add overhead to creating modules. + +## Decision + +We decide to use protobuf `service` definitions for defining `Msg`s as well as +the code generated by them as a replacement for `Msg` handlers. + +Below we define how this will look for the `SubmitProposal` message from `x/gov` module. +We start with a `Msg` `service` definition: + +```protobuf +package cosmos.gov; + +service Msg { + rpc SubmitProposal(MsgSubmitProposal) returns (MsgSubmitProposalResponse); +} + +// Note that for backwards compatibility this uses MsgSubmitProposal as the request +// type instead of the more canonical MsgSubmitProposalRequest +message MsgSubmitProposal { + google.protobuf.Any content = 1; + string proposer = 2; +} + +message MsgSubmitProposalResponse { + uint64 proposal_id; +} +``` + +While this is most commonly used for gRPC, overloading protobuf `service` definitions like this does not violate +the intent of the [protobuf spec](https://developers.google.com/protocol-buffers/docs/proto3#services) which says: +> If you don’t want to use gRPC, it’s also possible to use protocol buffers with your own RPC implementation. +With this approach, we would get an auto-generated `MsgServer` interface: + +In addition to clearly specifying return types, this has the benefit of generating client and server code. On the server +side, this is almost like an automatically generated keeper method and could maybe be used intead of keepers eventually +(see [\#7093](https://github.com/cosmos/cosmos-sdk/issues/7093)): + +```go +package gov + +type MsgServer interface { + SubmitProposal(context.Context, *MsgSubmitProposal) (*MsgSubmitProposalResponse, error) +} +``` + +On the client side, developers could take advantage of this by creating RPC implementations that encapsulate transaction +logic. Protobuf libraries that use asynchronous callbacks, like [protobuf.js](https://github.com/protobufjs/protobuf.js#using-services) +could use this to register callbacks for specific messages even for transactions that include multiple `Msg`s. + +Each `Msg` service method should have exactly one request parameter: its corresponding `Msg` type. For example, the `Msg` service method `/cosmos.gov.v1beta1.Msg/SubmitProposal` above has exactly one request parameter, namely the `Msg` type `/cosmos.gov.v1beta1.MsgSubmitProposal`. It is important the reader understands clearly the nomenclature difference between a `Msg` service (a Protobuf service) and a `Msg` type (a Protobuf message), and the differences in their fully-qualified name. + +This convention has been decided over the more canonical `Msg...Request` names mainly for backwards compatibility, but also for better readability in `TxBody.messages` (see [Encoding section](#encoding) below): transactions containing `/cosmos.gov.MsgSubmitProposal` read better than those containing `/cosmos.gov.v1beta1.MsgSubmitProposalRequest`. + +One consequence of this convention is that each `Msg` type can be the request parameter of only one `Msg` service method. However, we consider this limitation a good practice in explicitness. + +### Encoding + +Encoding of transactions generated with `Msg` services do not differ from current Protobuf transaction encoding as defined in [ADR-020](adr-020-protobuf-transaction-encoding.md). We are encoding `Msg` types (which are exactly `Msg` service methods' request parameters) as `Any` in `Tx`s which involves packing the +binary-encoded `Msg` with its type URL. + +### Decoding + +Since `Msg` types are packed into `Any`, decoding transactions messages are done by unpacking `Any`s into `Msg` types. For more information, please refer to [ADR-020](adr-020-protobuf-transaction-encoding.md#transactions). + +### Routing + +We propose to add a `msg_service_router` in BaseApp. This router is a key/value map which maps `Msg` types' `type_url`s to their corresponding `Msg` service method handler. Since there is a 1-to-1 mapping between `Msg` types and `Msg` service method, the `msg_service_router` has exactly one entry per `Msg` service method. + +When a transaction is processed by BaseApp (in CheckTx or in DeliverTx), its `TxBody.messages` are decoded as `Msg`s. Each `Msg`'s `type_url` is matched against an entry in the `msg_service_router`, and the respective `Msg` service method handler is called. + +For backward compatability, the old handlers are not removed yet. If BaseApp receives a legacy `Msg` with no correspoding entry in the `msg_service_router`, it will be routed via its legacy `Route()` method into the legacy handler. + +### Module Configuration + +In [ADR 021](adr-021-protobuf-query-encoding.md), we introduced a method `RegisterQueryService` +to `AppModule` which allows for modules to register gRPC queriers. + +To register `Msg` services, we attempt a more extensible approach by converting `RegisterQueryService` +to a more generic `RegisterServices` method: + +```go +type AppModule interface { + RegisterServices(Configurator) + ... +} + +type Configurator interface { + QueryServer() grpc.Server + MsgServer() grpc.Server +} + +// example module: +func (am AppModule) RegisterServices(cfg Configurator) { + types.RegisterQueryServer(cfg.QueryServer(), keeper) + types.RegisterMsgServer(cfg.MsgServer(), keeper) +} +``` + +The `RegisterServices` method and the `Configurator` interface are intended to +evolve to satisfy the use cases discussed in [\#7093](https://github.com/cosmos/cosmos-sdk/issues/7093) +and [\#7122](https://github.com/cosmos/cosmos-sdk/issues/7421). + +When `Msg` services are registered, the framework _should_ verify that all `Msg` types +implement the `sdk.Msg` interface and throw an error during initialization rather +than later when transactions are processed. + +### `Msg` Service Implementation + +Just like query services, `Msg` service methods can retrieve the `sdk.Context` +from the `context.Context` parameter method using the `sdk.UnwrapSDKContext` +method: + +```go +package gov + +func (k Keeper) SubmitProposal(goCtx context.Context, params *types.MsgSubmitProposal) (*MsgSubmitProposalResponse, error) { + ctx := sdk.UnwrapSDKContext(goCtx) + ... +} +``` + +The `sdk.Context` should have an `EventManager` already attached by BaseApp's `msg_service_router`. + +Separate handler definition is no longer needed with this approach. + +## Consequences + +This design changes how a module functionality is exposed and accessed. It deprecates the existing `Handler` interface and `AppModule.Route` in favor of [Protocol Buffer Services](https://developers.google.com/protocol-buffers/docs/proto3#services) and Service Routing described above. This dramatically simplifies the code. We don't need to create handlers and keepers any more. Use of Protocol Buffer auto-generated clients clearly separates the communication interfaces between the module and a modules user. The control logic (aka handlers and keepers) is not exposed any more. A module interface can be seen as a black box accessible through a client API. It's worth to note that the client interfaces are also generated by Protocol Buffers. + +This also allows us to change how we perform functional tests. Instead of mocking AppModules and Router, we will mock a client (server will stay hidden). More specifically: we will never mock `moduleA.MsgServer` in `moduleB`, but rather `moduleA.MsgClient`. One can think about it as working with external services (eg DBs, or online servers...). We assume that the transmission between clients and servers is correctly handled by generated Protocol Buffers. + +Finally, closing a module to client API opens desirable OCAP patterns discussed in ADR-033. Since server implementation and interface is hidden, nobody can hold "keepers"/servers and will be forced to relay on the client interface, which will drive developers for correct encapsulation and software engineering patterns. + +### Pros + +* communicates return type clearly +* manual handler registration and return type marshaling is no longer needed, just implement the interface and register it +* communication interface is automatically generated, the developer can now focus only on the state transition methods - this would improve the UX of [\#7093](https://github.com/cosmos/cosmos-sdk/issues/7093) approach (1) if we chose to adopt that +* generated client code could be useful for clients and tests +* dramatically reduces and simplifies the code + +### Cons + +* using `service` definitions outside the context of gRPC could be confusing (but doesn’t violate the proto3 spec) + +## References + +* [Initial Github Issue \#7122](https://github.com/cosmos/cosmos-sdk/issues/7122) +* [proto 3 Language Guide: Defining Services](https://developers.google.com/protocol-buffers/docs/proto3#services) +* [Initial pre-`Any` `Msg` designs](https://docs.google.com/document/d/1eEgYgvgZqLE45vETjhwIw4VOqK-5hwQtZtjVbiXnIGc) +* [ADR 020](adr-020-protobuf-transaction-encoding.md) +* [ADR 021](adr-021-protobuf-query-encoding.md) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-032-typed-events.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-032-typed-events.md new file mode 100644 index 00000000..c1dd0a73 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-032-typed-events.md @@ -0,0 +1,319 @@ +# ADR 032: Typed Events + +## Changelog + +* 28-Sept-2020: Initial Draft + +## Authors + +* Anil Kumar (@anilcse) +* Jack Zampolin (@jackzampolin) +* Adam Bozanich (@boz) + +## Status + +Proposed + +## Abstract + +Currently in the Cosmos SDK, events are defined in the handlers for each message as well as `BeginBlock` and `EndBlock`. Each module doesn't have types defined for each event, they are implemented as `map[string]string`. Above all else this makes these events difficult to consume as it requires a great deal of raw string matching and parsing. This proposal focuses on updating the events to use **typed events** defined in each module such that emiting and subscribing to events will be much easier. This workflow comes from the experience of the Akash Network team. + +## Context + +Currently in the Cosmos SDK, events are defined in the handlers for each message, meaning each module doesn't have a cannonical set of types for each event. Above all else this makes these events difficult to consume as it requires a great deal of raw string matching and parsing. This proposal focuses on updating the events to use **typed events** defined in each module such that emiting and subscribing to events will be much easier. This workflow comes from the experience of the Akash Network team. + +[Our platform](http://github.com/ovrclk/akash) requires a number of programatic on chain interactions both on the provider (datacenter - to bid on new orders and listen for leases created) and user (application developer - to send the app manifest to the provider) side. In addition the Akash team is now maintaining the IBC [`relayer`](https://github.com/ovrclk/relayer), another very event driven process. In working on these core pieces of infrastructure, and integrating lessons learned from Kubernetes developement, our team has developed a standard method for defining and consuming typed events in Cosmos SDK modules. We have found that it is extremely useful in building this type of event driven application. + +As the Cosmos SDK gets used more extensively for apps like `peggy`, other peg zones, IBC, DeFi, etc... there will be an exploding demand for event driven applications to support new features desired by users. We propose upstreaming our findings into the Cosmos SDK to enable all Cosmos SDK applications to quickly and easily build event driven apps to aid their core application. Wallets, exchanges, explorers, and defi protocols all stand to benefit from this work. + +If this proposal is accepted, users will be able to build event driven Cosmos SDK apps in go by just writing `EventHandler`s for their specific event types and passing them to `EventEmitters` that are defined in the Cosmos SDK. + +The end of this proposal contains a detailed example of how to consume events after this refactor. + +This proposal is specifically about how to consume these events as a client of the blockchain, not for intermodule communication. + +## Decision + +**Step-1**: Implement additional functionality in the `types` package: `EmitTypedEvent` and `ParseTypedEvent` functions + +```go +// types/events.go + +// EmitTypedEvent takes typed event and emits converting it into sdk.Event +func (em *EventManager) EmitTypedEvent(event proto.Message) error { + evtType := proto.MessageName(event) + evtJSON, err := codec.ProtoMarshalJSON(event) + if err != nil { + return err + } + + var attrMap map[string]json.RawMessage + err = json.Unmarshal(evtJSON, &attrMap) + if err != nil { + return err + } + + var attrs []abci.EventAttribute + for k, v := range attrMap { + attrs = append(attrs, abci.EventAttribute{ + Key: []byte(k), + Value: v, + }) + } + + em.EmitEvent(Event{ + Type: evtType, + Attributes: attrs, + }) + + return nil +} + +// ParseTypedEvent converts abci.Event back to typed event +func ParseTypedEvent(event abci.Event) (proto.Message, error) { + concreteGoType := proto.MessageType(event.Type) + if concreteGoType == nil { + return nil, fmt.Errorf("failed to retrieve the message of type %q", event.Type) + } + + var value reflect.Value + if concreteGoType.Kind() == reflect.Ptr { + value = reflect.New(concreteGoType.Elem()) + } else { + value = reflect.Zero(concreteGoType) + } + + protoMsg, ok := value.Interface().(proto.Message) + if !ok { + return nil, fmt.Errorf("%q does not implement proto.Message", event.Type) + } + + attrMap := make(map[string]json.RawMessage) + for _, attr := range event.Attributes { + attrMap[string(attr.Key)] = attr.Value + } + + attrBytes, err := json.Marshal(attrMap) + if err != nil { + return nil, err + } + + err = jsonpb.Unmarshal(strings.NewReader(string(attrBytes)), protoMsg) + if err != nil { + return nil, err + } + + return protoMsg, nil +} +``` + +Here, the `EmitTypedEvent` is a method on `EventManager` which takes typed event as input and apply json serialization on it. Then it maps the JSON key/value pairs to `event.Attributes` and emits it in form of `sdk.Event`. `Event.Type` will be the type URL of the proto message. + +When we subscribe to emitted events on the CometBFT websocket, they are emitted in the form of an `abci.Event`. `ParseTypedEvent` parses the event back to it's original proto message. + +**Step-2**: Add proto definitions for typed events for msgs in each module: + +For example, let's take `MsgSubmitProposal` of `gov` module and implement this event's type. + +```protobuf +// proto/cosmos/gov/v1beta1/gov.proto +// Add typed event definition + +package cosmos.gov.v1beta1; + +message EventSubmitProposal { + string from_address = 1; + uint64 proposal_id = 2; + TextProposal proposal = 3; +} +``` + +**Step-3**: Refactor event emission to use the typed event created and emit using `sdk.EmitTypedEvent`: + +```go +// x/gov/handler.go +func handleMsgSubmitProposal(ctx sdk.Context, keeper keeper.Keeper, msg types.MsgSubmitProposalI) (*sdk.Result, error) { + ... + types.Context.EventManager().EmitTypedEvent( + &EventSubmitProposal{ + FromAddress: fromAddress, + ProposalId: id, + Proposal: proposal, + }, + ) + ... +} +``` + +### How to subscribe to these typed events in `Client` + +> NOTE: Full code example below + +Users will be able to subscribe using `client.Context.Client.Subscribe` and consume events which are emitted using `EventHandler`s. + +Akash Network has built a simple [`pubsub`](https://github.com/ovrclk/akash/blob/90d258caeb933b611d575355b8df281208a214f8/pubsub/bus.go#L20). This can be used to subscribe to `abci.Events` and [publish](https://github.com/ovrclk/akash/blob/90d258caeb933b611d575355b8df281208a214f8/events/publish.go#L21) them as typed events. + +Please see the below code sample for more detail on this flow looks for clients. + +## Consequences + +### Positive + +* Improves consistency of implementation for the events currently in the Cosmos SDK +* Provides a much more ergonomic way to handle events and facilitates writing event driven applications +* This implementation will support a middleware ecosystem of `EventHandler`s + +### Negative + +## Detailed code example of publishing events + +This ADR also proposes adding affordances to emit and consume these events. This way developers will only need to write +`EventHandler`s which define the actions they desire to take. + +```go +// EventEmitter is a type that describes event emitter functions +// This should be defined in `types/events.go` +type EventEmitter func(context.Context, client.Context, ...EventHandler) error + +// EventHandler is a type of function that handles events coming out of the event bus +// This should be defined in `types/events.go` +type EventHandler func(proto.Message) error + +// Sample use of the functions below +func main() { + ctx, cancel := context.WithCancel(context.Background()) + + if err := TxEmitter(ctx, client.Context{}.WithNodeURI("tcp://localhost:26657"), SubmitProposalEventHandler); err != nil { + cancel() + panic(err) + } + + return +} + +// SubmitProposalEventHandler is an example of an event handler that prints proposal details +// when any EventSubmitProposal is emitted. +func SubmitProposalEventHandler(ev proto.Message) (err error) { + switch event := ev.(type) { + // Handle governance proposal events creation events + case govtypes.EventSubmitProposal: + // Users define business logic here e.g. + fmt.Println(ev.FromAddress, ev.ProposalId, ev.Proposal) + return nil + default: + return nil + } +} + +// TxEmitter is an example of an event emitter that emits just transaction events. This can and +// should be implemented somewhere in the Cosmos SDK. The Cosmos SDK can include an EventEmitters for tm.event='Tx' +// and/or tm.event='NewBlock' (the new block events may contain typed events) +func TxEmitter(ctx context.Context, cliCtx client.Context, ehs ...EventHandler) (err error) { + // Instantiate and start CometBFT RPC client + client, err := cliCtx.GetNode() + if err != nil { + return err + } + + if err = client.Start(); err != nil { + return err + } + + // Start the pubsub bus + bus := pubsub.NewBus() + defer bus.Close() + + // Initialize a new error group + eg, ctx := errgroup.WithContext(ctx) + + // Publish chain events to the pubsub bus + eg.Go(func() error { + return PublishChainTxEvents(ctx, client, bus, simapp.ModuleBasics) + }) + + // Subscribe to the bus events + subscriber, err := bus.Subscribe() + if err != nil { + return err + } + + // Handle all the events coming out of the bus + eg.Go(func() error { + var err error + for { + select { + case <-ctx.Done(): + return nil + case <-subscriber.Done(): + return nil + case ev := <-subscriber.Events(): + for _, eh := range ehs { + if err = eh(ev); err != nil { + break + } + } + } + } + return nil + }) + + return group.Wait() +} + +// PublishChainTxEvents events using cmtclient. Waits on context shutdown signals to exit. +func PublishChainTxEvents(ctx context.Context, client cmtclient.EventsClient, bus pubsub.Bus, mb module.BasicManager) (err error) { + // Subscribe to transaction events + txch, err := client.Subscribe(ctx, "txevents", "tm.event='Tx'", 100) + if err != nil { + return err + } + + // Unsubscribe from transaction events on function exit + defer func() { + err = client.UnsubscribeAll(ctx, "txevents") + }() + + // Use errgroup to manage concurrency + g, ctx := errgroup.WithContext(ctx) + + // Publish transaction events in a goroutine + g.Go(func() error { + var err error + for { + select { + case <-ctx.Done(): + break + case ed := <-ch: + switch evt := ed.Data.(type) { + case cmttypes.EventDataTx: + if !evt.Result.IsOK() { + continue + } + // range over events, parse them using the basic manager and + // send them to the pubsub bus + for _, abciEv := range events { + typedEvent, err := sdk.ParseTypedEvent(abciEv) + if err != nil { + return er + } + if err := bus.Publish(typedEvent); err != nil { + bus.Close() + return + } + continue + } + } + } + } + return err + }) + + // Exit on error or context cancelation + return g.Wait() +} +``` + +## References + +* [Publish Custom Events via a bus](https://github.com/ovrclk/akash/blob/90d258caeb933b611d575355b8df281208a214f8/events/publish.go#L19-L58) +* [Consuming the events in `Client`](https://github.com/ovrclk/deploy/blob/bf6c633ab6c68f3026df59efd9982d6ca1bf0561/cmd/event-handlers.go#L57) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-033-protobuf-inter-module-comm.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-033-protobuf-inter-module-comm.md new file mode 100644 index 00000000..2ff59fbe --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-033-protobuf-inter-module-comm.md @@ -0,0 +1,400 @@ +# ADR 033: Protobuf-based Inter-Module Communication + +## Changelog + +* 2020-10-05: Initial Draft + +## Status + +Proposed + +## Abstract + +This ADR introduces a system for permissioned inter-module communication leveraging the protobuf `Query` and `Msg` +service definitions defined in [ADR 021](adr-021-protobuf-query-encoding.md) and +[ADR 031](adr-031-msg-service.md) which provides: + +* stable protobuf based module interfaces to potentially later replace the keeper paradigm +* stronger inter-module object capabilities (OCAPs) guarantees +* module accounts and sub-account authorization + +## Context + +In the current Cosmos SDK documentation on the [Object-Capability Model](../../learn/advanced/10-ocap.md), it is stated that: + +> We assume that a thriving ecosystem of Cosmos SDK modules that are easy to compose into a blockchain application will contain faulty or malicious modules. + +There is currently not a thriving ecosystem of Cosmos SDK modules. We hypothesize that this is in part due to: + +1. lack of a stable v1.0 Cosmos SDK to build modules off of. Module interfaces are changing, sometimes dramatically, from +point release to point release, often for good reasons, but this does not create a stable foundation to build on. +2. lack of a properly implemented object capability or even object-oriented encapsulation system which makes refactors +of module keeper interfaces inevitable because the current interfaces are poorly constrained. + +### `x/bank` Case Study + +Currently the `x/bank` keeper gives pretty much unrestricted access to any module which references it. For instance, the +`SetBalance` method allows the caller to set the balance of any account to anything, bypassing even proper tracking of supply. + +There appears to have been some later attempts to implement some semblance of OCAPs using module-level minting, staking +and burning permissions. These permissions allow a module to mint, burn or delegate tokens with reference to the module’s +own account. These permissions are actually stored as a `[]string` array on the `ModuleAccount` type in state. + +However, these permissions don’t really do much. They control what modules can be referenced in the `MintCoins`, +`BurnCoins` and `DelegateCoins***` methods, but for one there is no unique object capability token that controls access — +just a simple string. So the `x/upgrade` module could mint tokens for the `x/staking` module simple by calling +`MintCoins(“staking”)`. Furthermore, all modules which have access to these keeper methods, also have access to +`SetBalance` negating any other attempt at OCAPs and breaking even basic object-oriented encapsulation. + +## Decision + +Based on [ADR-021](adr-021-protobuf-query-encoding.md) and [ADR-031](adr-031-msg-service.md), we introduce the +Inter-Module Communication framework for secure module authorization and OCAPs. +When implemented, this could also serve as an alternative to the existing paradigm of passing keepers between +modules. The approach outlined here-in is intended to form the basis of a Cosmos SDK v1.0 that provides the necessary +stability and encapsulation guarantees that allow a thriving module ecosystem to emerge. + +Of particular note — the decision is to _enable_ this functionality for modules to adopt at their own discretion. +Proposals to migrate existing modules to this new paradigm will have to be a separate conversation, potentially +addressed as amendments to this ADR. + +### New "Keeper" Paradigm + +In [ADR 021](adr-021-protobuf-query-encoding.md), a mechanism for using protobuf service definitions to define queriers +was introduced and in [ADR 31](adr-031-msg-service.md), a mechanism for using protobuf service to define `Msg`s was added. +Protobuf service definitions generate two golang interfaces representing the client and server sides of a service plus +some helper code. Here is a minimal example for the bank `cosmos.bank.Msg/Send` message type: + +```go +package bank + +type MsgClient interface { + Send(context.Context, *MsgSend, opts ...grpc.CallOption) (*MsgSendResponse, error) +} + +type MsgServer interface { + Send(context.Context, *MsgSend) (*MsgSendResponse, error) +} +``` + +[ADR 021](adr-021-protobuf-query-encoding.md) and [ADR 31](adr-031-msg-service.md) specifies how modules can implement the generated `QueryServer` +and `MsgServer` interfaces as replacements for the legacy queriers and `Msg` handlers respectively. + +In this ADR we explain how modules can make queries and send `Msg`s to other modules using the generated `QueryClient` +and `MsgClient` interfaces and propose this mechanism as a replacement for the existing `Keeper` paradigm. To be clear, +this ADR does not necessitate the creation of new protobuf definitions or services. Rather, it leverages the same proto +based service interfaces already used by clients for inter-module communication. + +Using this `QueryClient`/`MsgClient` approach has the following key benefits over exposing keepers to external modules: + +1. Protobuf types are checked for breaking changes using [buf](https://buf.build/docs/breaking-overview) and because of +the way protobuf is designed this will give us strong backwards compatibility guarantees while allowing for forward +evolution. +2. The separation between the client and server interfaces will allow us to insert permission checking code in between +the two which checks if one module is authorized to send the specified `Msg` to the other module providing a proper +object capability system (see below). +3. The router for inter-module communication gives us a convenient place to handle rollback of transactions, +enabling atomicy of operations ([currently a problem](https://github.com/cosmos/cosmos-sdk/issues/8030)). Any failure within a module-to-module call would result in a failure of the entire +transaction + +This mechanism has the added benefits of: + +* reducing boilerplate through code generation, and +* allowing for modules in other languages either via a VM like CosmWasm or sub-processes using gRPC + +### Inter-module Communication + +To use the `Client` generated by the protobuf compiler we need a `grpc.ClientConn` [interface](https://github.com/grpc/grpc-go/blob/v1.49.x/clientconn.go#L441-L450) +implementation. For this we introduce +a new type, `ModuleKey`, which implements the `grpc.ClientConn` interface. `ModuleKey` can be thought of as the "private +key" corresponding to a module account, where authentication is provided through use of a special `Invoker()` function, +described in more detail below. + +Blockchain users (external clients) use their account's private key to sign transactions containing `Msg`s where they are listed as signers (each +message specifies required signers with `Msg.GetSigner`). The authentication checks is performed by `AnteHandler`. + +Here, we extend this process, by allowing modules to be identified in `Msg.GetSigners`. When a module wants to trigger the execution a `Msg` in another module, +its `ModuleKey` acts as the sender (through the `ClientConn` interface we describe below) and is set as a sole "signer". It's worth to note +that we don't use any cryptographic signature in this case. +For example, module `A` could use its `A.ModuleKey` to create `MsgSend` object for `/cosmos.bank.Msg/Send` transaction. `MsgSend` validation +will assure that the `from` account (`A.ModuleKey` in this case) is the signer. + +Here's an example of a hypothetical module `foo` interacting with `x/bank`: + +```go +package foo + + +type FooMsgServer { + // ... + + bankQuery bank.QueryClient + bankMsg bank.MsgClient +} + +func NewFooMsgServer(moduleKey RootModuleKey, ...) FooMsgServer { + // ... + + return FooMsgServer { + // ... + modouleKey: moduleKey, + bankQuery: bank.NewQueryClient(moduleKey), + bankMsg: bank.NewMsgClient(moduleKey), + } +} + +func (foo *FooMsgServer) Bar(ctx context.Context, req *MsgBarRequest) (*MsgBarResponse, error) { + balance, err := foo.bankQuery.Balance(&bank.QueryBalanceRequest{Address: fooMsgServer.moduleKey.Address(), Denom: "foo"}) + + ... + + res, err := foo.bankMsg.Send(ctx, &bank.MsgSendRequest{FromAddress: fooMsgServer.moduleKey.Address(), ...}) + + ... +} +``` + +This design is also intended to be extensible to cover use cases of more fine grained permissioning like minting by +denom prefix being restricted to certain modules (as discussed in +[#7459](https://github.com/cosmos/cosmos-sdk/pull/7459#discussion_r529545528)). + +### `ModuleKey`s and `ModuleID`s + +A `ModuleKey` can be thought of as a "private key" for a module account and a `ModuleID` can be thought of as the +corresponding "public key". From the [ADR 028](adr-028-public-key-addresses.md), modules can have both a root module account and any number of sub-accounts +or derived accounts that can be used for different pools (ex. staking pools) or managed accounts (ex. group +accounts). We can also think of module sub-accounts as similar to derived keys - there is a root key and then some +derivation path. `ModuleID` is a simple struct which contains the module name and optional "derivation" path, +and forms its address based on the `AddressHash` method from [the ADR-028](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-028-public-key-addresses.md): + +```go +type ModuleID struct { + ModuleName string + Path []byte +} + +func (key ModuleID) Address() []byte { + return AddressHash(key.ModuleName, key.Path) +} +``` + +In addition to being able to generate a `ModuleID` and address, a `ModuleKey` contains a special function called +`Invoker` which is the key to safe inter-module access. The `Invoker` creates an `InvokeFn` closure which is used as an `Invoke` method in +the `grpc.ClientConn` interface and under the hood is able to route messages to the appropriate `Msg` and `Query` handlers +performing appropriate security checks on `Msg`s. This allows for even safer inter-module access than keeper's whose +private member variables could be manipulated through reflection. Golang does not support reflection on a function +closure's captured variables and direct manipulation of memory would be needed for a truly malicious module to bypass +the `ModuleKey` security. + +The two `ModuleKey` types are `RootModuleKey` and `DerivedModuleKey`: + +```go +type Invoker func(callInfo CallInfo) func(ctx context.Context, request, response interface{}, opts ...interface{}) error + +type CallInfo { + Method string + Caller ModuleID +} + +type RootModuleKey struct { + moduleName string + invoker Invoker +} + +func (rm RootModuleKey) Derive(path []byte) DerivedModuleKey { /* ... */} + +type DerivedModuleKey struct { + moduleName string + path []byte + invoker Invoker +} +``` + +A module can get access to a `DerivedModuleKey`, using the `Derive(path []byte)` method on `RootModuleKey` and then +would use this key to authenticate `Msg`s from a sub-account. Ex: + +```go +package foo + +func (fooMsgServer *MsgServer) Bar(ctx context.Context, req *MsgBar) (*MsgBarResponse, error) { + derivedKey := fooMsgServer.moduleKey.Derive(req.SomePath) + bankMsgClient := bank.NewMsgClient(derivedKey) + res, err := bankMsgClient.Balance(ctx, &bank.MsgSend{FromAddress: derivedKey.Address(), ...}) + ... +} +``` + +In this way, a module can gain permissioned access to a root account and any number of sub-accounts and send +authenticated `Msg`s from these accounts. The `Invoker` `callInfo.Caller` parameter is used under the hood to +distinguish between different module accounts, but either way the function returned by `Invoker` only allows `Msg`s +from either the root or a derived module account to pass through. + +Note that `Invoker` itself returns a function closure based on the `CallInfo` passed in. This will allow client implementations +in the future that cache the invoke function for each method type avoiding the overhead of hash table lookup. +This would reduce the performance overhead of this inter-module communication method to the bare minimum required for +checking permissions. + +To re-iterate, the closure only allows access to authorized calls. There is no access to anything else regardless of any +name impersonation. + +Below is a rough sketch of the implementation of `grpc.ClientConn.Invoke` for `RootModuleKey`: + +```go +func (key RootModuleKey) Invoke(ctx context.Context, method string, args, reply interface{}, opts ...grpc.CallOption) error { + f := key.invoker(CallInfo {Method: method, Caller: ModuleID {ModuleName: key.moduleName}}) + return f(ctx, args, reply) +} +``` + +### `AppModule` Wiring and Requirements + +In [ADR 031](adr-031-msg-service.md), the `AppModule.RegisterService(Configurator)` method was introduced. To support +inter-module communication, we extend the `Configurator` interface to pass in the `ModuleKey` and to allow modules to +specify their dependencies on other modules using `RequireServer()`: + +```go +type Configurator interface { + MsgServer() grpc.Server + QueryServer() grpc.Server + + ModuleKey() ModuleKey + RequireServer(msgServer interface{}) +} +``` + +The `ModuleKey` is passed to modules in the `RegisterService` method itself so that `RegisterServices` serves as a single +entry point for configuring module services. This is intended to also have the side-effect of greatly reducing boilerplate in +`app.go`. For now, `ModuleKey`s will be created based on `AppModuleBasic.Name()`, but a more flexible system may be +introduced in the future. The `ModuleManager` will handle creation of module accounts behind the scenes. + +Because modules do not get direct access to each other anymore, modules may have unfulfilled dependencies. To make sure +that module dependencies are resolved at startup, the `Configurator.RequireServer` method should be added. The `ModuleManager` +will make sure that all dependencies declared with `RequireServer` can be resolved before the app starts. An example +module `foo` could declare it's dependency on `x/bank` like this: + +```go +package foo + +func (am AppModule) RegisterServices(cfg Configurator) { + cfg.RequireServer((*bank.QueryServer)(nil)) + cfg.RequireServer((*bank.MsgServer)(nil)) +} +``` + +### Security Considerations + +In addition to checking for `ModuleKey` permissions, a few additional security precautions will need to be taken by +the underlying router infrastructure. + +#### Recursion and Re-entry + +Recursive or re-entrant method invocations pose a potential security threat. This can be a problem if Module A +calls Module B and Module B calls module A again in the same call. + +One basic way for the router system to deal with this is to maintain a call stack which prevents a module from +being referenced more than once in the call stack so that there is no re-entry. A `map[string]interface{}` table +in the router could be used to perform this security check. + +#### Queries + +Queries in Cosmos SDK are generally un-permissioned so allowing one module to query another module should not pose +any major security threats assuming basic precautions are taken. The basic precaution that the router system will +need to take is making sure that the `sdk.Context` passed to query methods does not allow writing to the store. This +can be done for now with a `CacheMultiStore` as is currently done for `BaseApp` queries. + +### Internal Methods + +In many cases, we may wish for modules to call methods on other modules which are not exposed to clients at all. For this +purpose, we add the `InternalServer` method to `Configurator`: + +```go +type Configurator interface { + MsgServer() grpc.Server + QueryServer() grpc.Server + InternalServer() grpc.Server +} +``` + +As an example, x/slashing's Slash must call x/staking's Slash, but we don't want to expose x/staking's Slash to end users +and clients. + +Internal protobuf services will be defined in a corresponding `internal.proto` file in the given module's +proto package. + +Services registered against `InternalServer` will be callable from other modules but not by external clients. + +An alternative solution to internal-only methods could involve hooks / plugins as discussed [here](https://github.com/cosmos/cosmos-sdk/pull/7459#issuecomment-733807753). +A more detailed evaluation of a hooks / plugin system will be addressed later in follow-ups to this ADR or as a separate +ADR. + +### Authorization + +By default, the inter-module router requires that messages are sent by the first signer returned by `GetSigners`. The +inter-module router should also accept authorization middleware such as that provided by [ADR 030](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-030-authz-module.md). +This middleware will allow accounts to otherwise specific module accounts to perform actions on their behalf. +Authorization middleware should take into account the need to grant certain modules effectively "admin" privileges to +other modules. This will be addressed in separate ADRs or updates to this ADR. + +### Future Work + +Other future improvements may include: + +* custom code generation that: + * simplifies interfaces (ex. generates code with `sdk.Context` instead of `context.Context`) + * optimizes inter-module calls - for instance caching resolved methods after first invocation +* combining `StoreKey`s and `ModuleKey`s into a single interface so that modules have a single OCAPs handle +* code generation which makes inter-module communication more performant +* decoupling `ModuleKey` creation from `AppModuleBasic.Name()` so that app's can override root module account names +* inter-module hooks and plugins + +## Alternatives + +### MsgServices vs `x/capability` + +The `x/capability` module does provide a proper object-capability implementation that can be used by any module in the +Cosmos SDK and could even be used for inter-module OCAPs as described in [\#5931](https://github.com/cosmos/cosmos-sdk/issues/5931). + +The advantages of the approach described in this ADR are mostly around how it integrates with other parts of the Cosmos SDK, +specifically: + +* protobuf so that: + * code generation of interfaces can be leveraged for a better dev UX + * module interfaces are versioned and checked for breakage using [buf](https://docs.buf.build/breaking-overview) +* sub-module accounts as per ADR 028 +* the general `Msg` passing paradigm and the way signers are specified by `GetSigners` + +Also, this is a complete replacement for keepers and could be applied to _all_ inter-module communication whereas the +`x/capability` approach in #5931 would need to be applied method by method. + +## Consequences + +### Backwards Compatibility + +This ADR is intended to provide a pathway to a scenario where there is greater long term compatibility between modules. +In the short-term, this will likely result in breaking certain `Keeper` interfaces which are too permissive and/or +replacing `Keeper` interfaces altogether. + +### Positive + +* an alternative to keepers which can more easily lead to stable inter-module interfaces +* proper inter-module OCAPs +* improved module developer DevX, as commented on by several particpants on + [Architecture Review Call, Dec 3](https://hackmd.io/E0wxxOvRQ5qVmTf6N_k84Q) +* lays the groundwork for what can be a greatly simplified `app.go` +* router can be setup to enforce atomic transactions for module-to-module calls + +### Negative + +* modules which adopt this will need significant refactoring + +### Neutral + +## Test Cases [optional] + +## References + +* [ADR 021](adr-021-protobuf-query-encoding.md) +* [ADR 031](adr-031-msg-service.md) +* [ADR 028](adr-028-public-key-addresses.md) +* [ADR 030 draft](https://github.com/cosmos/cosmos-sdk/pull/7105) +* [Object-Capability Model](https://docs.network.com/main/core/ocap) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-034-account-rekeying.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-034-account-rekeying.md new file mode 100644 index 00000000..cd9b9146 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-034-account-rekeying.md @@ -0,0 +1,76 @@ +# ADR 034: Account Rekeying + +## Changelog + +* 30-09-2020: Initial Draft + +## Status + +PROPOSED + +## Abstract + +Account rekeying is a process hat allows an account to replace its authentication pubkey with a new one. + +## Context + +Currently, in the Cosmos SDK, the address of an auth `BaseAccount` is based on the hash of the public key. Once an account is created, the public key for the account is set in stone, and cannot be changed. This can be a problem for users, as key rotation is a useful security practice, but is not possible currently. Furthermore, as multisigs are a type of pubkey, once a multisig for an account is set, it can not be updated. This is problematic, as multisigs are often used by organizations or companies, who may need to change their set of multisig signers for internal reasons. + +Transferring all the assets of an account to a new account with the updated pubkey is not sufficient, because some "engagements" of an account are not easily transferable. For example, in staking, to transfer bonded Atoms, an account would have to unbond all delegations and wait the three week unbonding period. Even more significantly, for validator operators, ownership over a validator is not transferrable at all, meaning that the operator key for a validator can never be updated, leading to poor operational security for validators. + +## Decision + +We propose the addition of a new feature to `x/auth` that allows accounts to update the public key associated with their account, while keeping the address the same. + +This is possible because the Cosmos SDK `BaseAccount` stores the public key for an account in state, instead of making the assumption that the public key is included in the transaction (whether explicitly or implicitly through the signature) as in other blockchains such as Bitcoin and Ethereum. Because the public key is stored on chain, it is okay for the public key to not hash to the address of an account, as the address is not pertinent to the signature checking process. + +To build this system, we design a new Msg type as follows: + +```protobuf +service Msg { + rpc ChangePubKey(MsgChangePubKey) returns (MsgChangePubKeyResponse); +} + +message MsgChangePubKey { + string address = 1; + google.protobuf.Any pub_key = 2; +} + +message MsgChangePubKeyResponse {} +``` + +The MsgChangePubKey transaction needs to be signed by the existing pubkey in state. + +Once, approved, the handler for this message type, which takes in the AccountKeeper, will update the in-state pubkey for the account and replace it with the pubkey from the Msg. + +An account that has had its pubkey changed cannot be automatically pruned from state. This is because if pruned, the original pubkey of the account would be needed to recreate the same address, but the owner of the address may not have the original pubkey anymore. Currently, we do not automatically prune any accounts anyways, but we would like to keep this option open the road (this is the purpose of account numbers). To resolve this, we charge an additional gas fee for this operation to compensate for this this externality (this bound gas amount is configured as parameter `PubKeyChangeCost`). The bonus gas is charged inside the handler, using the `ConsumeGas` function. Furthermore, in the future, we can allow accounts that have rekeyed manually prune themselves using a new Msg type such as `MsgDeleteAccount`. Manually pruning accounts can give a gas refund as an incentive for performing the action. + +```go + amount := ak.GetParams(ctx).PubKeyChangeCost + ctx.GasMeter().ConsumeGas(amount, "pubkey change fee") +``` + +Everytime a key for an address is changed, we will store a log of this change in the state of the chain, thus creating a stack of all previous keys for an address and the time intervals for which they were active. This allows dapps and clients to easily query past keys for an account which may be useful for features such as verifying timestamped off-chain signed messages. + +## Consequences + +### Positive + +* Will allow users and validator operators to employ better operational security practices with key rotation. +* Will allow organizations or groups to easily change and add/remove multisig signers. + +### Negative + +Breaks the current assumed relationship between address and pubkeys as H(pubkey) = address. This has a couple of consequences. + +* This makes wallets that support this feature more complicated. For example, if an address on chain was updated, the corresponding key in the CLI wallet also needs to be updated. +* Cannot automatically prune accounts with 0 balance that have had their pubkey changed. + +### Neutral + +* While the purpose of this is intended to allow the owner of an account to update to a new pubkey they own, this could technically also be used to transfer ownership of an account to a new owner. For example, this could be use used to sell a staked position without unbonding or an account that has vesting tokens. However, the friction of this is very high as this would essentially have to be done as a very specific OTC trade. Furthermore, additional constraints could be added to prevent accouns with Vesting tokens to use this feature. +* Will require that PubKeys for an account are included in the genesis exports. + +## References + +* https://www.algorand.com/resources/blog/announcing-rekeying diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-035-rosetta-api-support.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-035-rosetta-api-support.md new file mode 100644 index 00000000..01a81048 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-035-rosetta-api-support.md @@ -0,0 +1,211 @@ +# ADR 035: Rosetta API Support + +## Authors + +* Jonathan Gimeno (@jgimeno) +* David Grierson (@senormonito) +* Alessio Treglia (@alessio) +* Frojdy Dymylja (@fdymylja) + +## Changelog + +* 2021-05-12: the external library [cosmos-rosetta-gateway](https://github.com/tendermint/cosmos-rosetta-gateway) has been moved within the Cosmos SDK. + +## Context + +[Rosetta API](https://www.rosetta-api.org/) is an open-source specification and set of tools developed by Coinbase to +standardise blockchain interactions. + +Through the use of a standard API for integrating blockchain applications it will + +* Be easier for a user to interact with a given blockchain +* Allow exchanges to integrate new blockchains quickly and easily +* Enable application developers to build cross-blockchain applications such as block explorers, wallets and dApps at + considerably lower cost and effort. + +## Decision + +It is clear that adding Rosetta API support to the Cosmos SDK will bring value to all the developers and +Cosmos SDK based chains in the ecosystem. How it is implemented is key. + +The driving principles of the proposed design are: + +1. **Extensibility:** it must be as riskless and painless as possible for application developers to set-up network + configurations to expose Rosetta API-compliant services. +2. **Long term support:** This proposal aims to provide support for all the supported Cosmos SDK release series. +3. **Cost-efficiency:** Backporting changes to Rosetta API specifications from `master` to the various stable + branches of Cosmos SDK is a cost that needs to be reduced. + +We will achieve these delivering on these principles by the following: + +1. There will be a package `rosetta/lib` + for the implementation of the core Rosetta API features, particularly: + a. The types and interfaces (`Client`, `OfflineClient`...), this separates design from implementation detail. + b. The `Server` functionality as this is independent of the Cosmos SDK version. + c. The `Online/OfflineNetwork`, which is not exported, and implements the rosetta API using the `Client` interface to query the node, build tx and so on. + d. The `errors` package to extend rosetta errors. +2. Due to differences between the Cosmos release series, each series will have its own specific implementation of `Client` interface. +3. There will be two options for starting an API service in applications: + a. API shares the application process + b. API-specific process. + +## Architecture + +### The External Repo + +As section will describe the proposed external library, including the service implementation, plus the defined types and interfaces. + +#### Server + +`Server` is a simple `struct` that is started and listens to the port specified in the settings. This is meant to be used across all the Cosmos SDK versions that are actively supported. + +The constructor follows: + +`func NewServer(settings Settings) (Server, error)` + +`Settings`, which are used to construct a new server, are the following: + +```go +// Settings define the rosetta server settings +type Settings struct { + // Network contains the information regarding the network + Network *types.NetworkIdentifier + // Client is the online API handler + Client crgtypes.Client + // Listen is the address the handler will listen at + Listen string + // Offline defines if the rosetta service should be exposed in offline mode + Offline bool + // Retries is the number of readiness checks that will be attempted when instantiating the handler + // valid only for online API + Retries int + // RetryWait is the time that will be waited between retries + RetryWait time.Duration +} +``` + +#### Types + +Package types uses a mixture of rosetta types and custom defined type wrappers, that the client must parse and return while executing operations. + +##### Interfaces + +Every SDK version uses a different format to connect (rpc, gRPC, etc), query and build transactions, we have abstracted this in what is the `Client` interface. +The client uses rosetta types, whilst the `Online/OfflineNetwork` takes care of returning correctly parsed rosetta responses and errors. + +Each Cosmos SDK release series will have their own `Client` implementations. +Developers can implement their own custom `Client`s as required. + +```go +// Client defines the API the client implementation should provide. +type Client interface { + // Needed if the client needs to perform some action before connecting. + Bootstrap() error + // Ready checks if the servicer constraints for queries are satisfied + // for example the node might still not be ready, it's useful in process + // when the rosetta instance might come up before the node itself + // the servicer must return nil if the node is ready + Ready() error + + // Data API + + // Balances fetches the balance of the given address + // if height is not nil, then the balance will be displayed + // at the provided height, otherwise last block balance will be returned + Balances(ctx context.Context, addr string, height *int64) ([]*types.Amount, error) + // BlockByHashAlt gets a block and its transaction at the provided height + BlockByHash(ctx context.Context, hash string) (BlockResponse, error) + // BlockByHeightAlt gets a block given its height, if height is nil then last block is returned + BlockByHeight(ctx context.Context, height *int64) (BlockResponse, error) + // BlockTransactionsByHash gets the block, parent block and transactions + // given the block hash. + BlockTransactionsByHash(ctx context.Context, hash string) (BlockTransactionsResponse, error) + // BlockTransactionsByHash gets the block, parent block and transactions + // given the block hash. + BlockTransactionsByHeight(ctx context.Context, height *int64) (BlockTransactionsResponse, error) + // GetTx gets a transaction given its hash + GetTx(ctx context.Context, hash string) (*types.Transaction, error) + // GetUnconfirmedTx gets an unconfirmed Tx given its hash + // NOTE(fdymylja): NOT IMPLEMENTED YET! + GetUnconfirmedTx(ctx context.Context, hash string) (*types.Transaction, error) + // Mempool returns the list of the current non confirmed transactions + Mempool(ctx context.Context) ([]*types.TransactionIdentifier, error) + // Peers gets the peers currently connected to the node + Peers(ctx context.Context) ([]*types.Peer, error) + // Status returns the node status, such as sync data, version etc + Status(ctx context.Context) (*types.SyncStatus, error) + + // Construction API + + // PostTx posts txBytes to the node and returns the transaction identifier plus metadata related + // to the transaction itself. + PostTx(txBytes []byte) (res *types.TransactionIdentifier, meta map[string]interface{}, err error) + // ConstructionMetadataFromOptions + ConstructionMetadataFromOptions(ctx context.Context, options map[string]interface{}) (meta map[string]interface{}, err error) + OfflineClient +} + +// OfflineClient defines the functionalities supported without having access to the node +type OfflineClient interface { + NetworkInformationProvider + // SignedTx returns the signed transaction given the tx bytes (msgs) plus the signatures + SignedTx(ctx context.Context, txBytes []byte, sigs []*types.Signature) (signedTxBytes []byte, err error) + // TxOperationsAndSignersAccountIdentifiers returns the operations related to a transaction and the account + // identifiers if the transaction is signed + TxOperationsAndSignersAccountIdentifiers(signed bool, hexBytes []byte) (ops []*types.Operation, signers []*types.AccountIdentifier, err error) + // ConstructionPayload returns the construction payload given the request + ConstructionPayload(ctx context.Context, req *types.ConstructionPayloadsRequest) (resp *types.ConstructionPayloadsResponse, err error) + // PreprocessOperationsToOptions returns the options given the preprocess operations + PreprocessOperationsToOptions(ctx context.Context, req *types.ConstructionPreprocessRequest) (options map[string]interface{}, err error) + // AccountIdentifierFromPublicKey returns the account identifier given the public key + AccountIdentifierFromPublicKey(pubKey *types.PublicKey) (*types.AccountIdentifier, error) +} +``` + +### 2. Cosmos SDK Implementation + +The Cosmos SDK implementation, based on version, takes care of satisfying the `Client` interface. +In Stargate, Launchpad and 0.37, we have introduced the concept of rosetta.Msg, this message is not in the shared repository as the sdk.Msg type differs between Cosmos SDK versions. + +The rosetta.Msg interface follows: + +```go +// Msg represents a cosmos-sdk message that can be converted from and to a rosetta operation. +type Msg interface { + sdk.Msg + ToOperations(withStatus, hasError bool) []*types.Operation + FromOperations(ops []*types.Operation) (sdk.Msg, error) +} +``` + +Hence developers who want to extend the rosetta set of supported operations just need to extend their module's sdk.Msgs with the `ToOperations` and `FromOperations` methods. + +### 3. API service invocation + +As stated at the start, application developers will have two methods for invocation of the Rosetta API service: + +1. Shared process for both application and API +2. Standalone API service + +#### Shared Process (Only Stargate) + +Rosetta API service could run within the same execution process as the application. This would be enabled via app.toml settings, and if gRPC is not enabled the rosetta instance would be spinned in offline mode (tx building capabilities only). + +#### Separate API service + +Client application developers can write a new command to launch a Rosetta API server as a separate process too, using the rosetta command contained in the `/server/rosetta` package. Construction of the command depends on Cosmos SDK version. Examples can be found inside `simd` for stargate, and `contrib/rosetta/simapp` for other release series. + +## Status + +Proposed + +## Consequences + +### Positive + +* Out-of-the-box Rosetta API support within Cosmos SDK. +* Blockchain interface standardisation + +## References + +* https://www.rosetta-api.org/ diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-036-arbitrary-signature.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-036-arbitrary-signature.md new file mode 100644 index 00000000..fe9dada5 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-036-arbitrary-signature.md @@ -0,0 +1,132 @@ +# ADR 036: Arbitrary Message Signature Specification + +## Changelog + +* 28/10/2020 - Initial draft + +## Authors + +* Antoine Herzog (@antoineherzog) +* Zaki Manian (@zmanian) +* Aleksandr Bezobchuk (alexanderbez) [1] +* Frojdi Dymylja (@fdymylja) + +## Status + +Draft + +## Abstract + +Currently, in the Cosmos SDK, there is no convention to sign arbitrary message like on Ethereum. We propose with this specification, for Cosmos SDK ecosystem, a way to sign and validate off-chain arbitrary messages. + +This specification serves the purpose of covering every use case, this means that cosmos-sdk applications developers decide how to serialize and represent `Data` to users. + +## Context + +Having the ability to sign messages off-chain has proven to be a fundamental aspect of nearly any blockchain. The notion of signing messages off-chain has many added benefits such as saving on computational costs and reducing transaction throughput and overhead. Within the context of the Cosmos, some of the major applications of signing such data includes, but is not limited to, providing a cryptographic secure and verifiable means of proving validator identity and possibly associating it with some other framework or organization. In addition, having the ability to sign Cosmos messages with a Ledger or similar HSM device. + +Further context and use cases can be found in the references links. + +## Decision + +The aim is being able to sign arbitrary messages, even using Ledger or similar HSM devices. + +As a result signed messages should look roughly like Cosmos SDK messages but **must not** be a valid on-chain transaction. `chain-id`, `account_number` and `sequence` can all be assigned invalid values. + +Cosmos SDK 0.40 also introduces a concept of “auth_info” this can specify SIGN_MODES. + +A spec should include an `auth_info` that supports SIGN_MODE_DIRECT and SIGN_MODE_LEGACY_AMINO. + +Create the `offchain` proto definitions, we extend the auth module with `offchain` package to offer functionalities to verify and sign offline messages. + +An offchain transaction follows these rules: + +* the memo must be empty +* nonce, sequence number must be equal to 0 +* chain-id must be equal to “” +* fee gas must be equal to 0 +* fee amount must be an empty array + +Verification of an offchain transaction follows the same rules as an onchain one, except for the spec differences highlighted above. + +The first message added to the `offchain` package is `MsgSignData`. + +`MsgSignData` allows developers to sign arbitrary bytes valid offchain only. Where `Signer` is the account address of the signer. `Data` is arbitrary bytes which can represent `text`, `files`, `object`s. It's applications developers decision how `Data` should be deserialized, serialized and the object it can represent in their context. + +It's applications developers decision how `Data` should be treated, by treated we mean the serialization and deserialization process and the Object `Data` should represent. + +Proto definition: + +```protobuf +// MsgSignData defines an arbitrary, general-purpose, off-chain message +message MsgSignData { + // Signer is the sdk.AccAddress of the message signer + bytes Signer = 1 [(gogoproto.jsontag) = "signer", (gogoproto.casttype) = "github.com/cosmos/cosmos-sdk/types.AccAddress"]; + // Data represents the raw bytes of the content that is signed (text, json, etc) + bytes Data = 2 [(gogoproto.jsontag) = "data"]; +} +``` + +Signed MsgSignData json example: + +```json +{ + "type": "cosmos-sdk/StdTx", + "value": { + "msg": [ + { + "type": "sign/MsgSignData", + "value": { + "signer": "cosmos1hftz5ugqmpg9243xeegsqqav62f8hnywsjr4xr", + "data": "cmFuZG9t" + } + } + ], + "fee": { + "amount": [], + "gas": "0" + }, + "signatures": [ + { + "pub_key": { + "type": "tendermint/PubKeySecp256k1", + "value": "AqnDSiRoFmTPfq97xxEb2VkQ/Hm28cPsqsZm9jEVsYK9" + }, + "signature": "8y8i34qJakkjse9pOD2De+dnlc4KvFgh0wQpes4eydN66D9kv7cmCEouRrkka9tlW9cAkIL52ErB+6ye7X5aEg==" + } + ], + "memo": "" + } +} +``` + +## Consequences + +There is a specification on how messages, that are not meant to be broadcast to a live chain, should be formed. + +### Backwards Compatibility + +Backwards compatibility is maintained as this is a new message spec definition. + +### Positive + +* A common format that can be used by multiple applications to sign and verify off-chain messages. +* The specification is primitive which means it can cover every use case without limiting what is possible to fit inside it. +* It gives room for other off-chain messages specifications that aim to target more specific and common use cases such as off-chain-based authN/authZ layers [2]. + +### Negative + +* Current proposal requires a fixed relationship between an account address and a public key. +* Doesn't work with multisig accounts. + +## Further discussion + +* Regarding security in `MsgSignData`, the developer using `MsgSignData` is in charge of making the content laying in `Data` non-replayable when, and if, needed. +* the offchain package will be further extended with extra messages that target specific use cases such as, but not limited to, authentication in applications, payment channels, L2 solutions in general. + +## References + +1. https://github.com/cosmos/ics/pull/33 +2. https://github.com/cosmos/cosmos-sdk/pull/7727#discussion_r515668204 +3. https://github.com/cosmos/cosmos-sdk/pull/7727#issuecomment-722478477 +4. https://github.com/cosmos/cosmos-sdk/pull/7727#issuecomment-721062923 diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-037-gov-split-vote.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-037-gov-split-vote.md new file mode 100644 index 00000000..0a3b9bc4 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-037-gov-split-vote.md @@ -0,0 +1,111 @@ +# ADR 037: Governance split votes + +## Changelog + +* 2020/10/28: Intial draft + +## Status + +Accepted + +## Abstract + +This ADR defines a modification to the governance module that would allow a staker to split their votes into several voting options. For example, it could use 70% of its voting power to vote Yes and 30% of its voting power to vote No. + +## Context + +Currently, an address can cast a vote with only one options (Yes/No/Abstain/NoWithVeto) and use their full voting power behind that choice. + +However, often times the entity owning that address might not be a single individual. For example, a company might have different stakeholders who want to vote differently, and so it makes sense to allow them to split their voting power. Another example use case is exchanges. Many centralized exchanges often stake a portion of their users' tokens in their custody. Currently, it is not possible for them to do "passthrough voting" and giving their users voting rights over their tokens. However, with this system, exchanges can poll their users for voting preferences, and then vote on-chain proportionally to the results of the poll. + +## Decision + +We modify the vote structs to be + +```go +type WeightedVoteOption struct { + Option string + Weight sdk.Dec +} + +type Vote struct { + ProposalID int64 + Voter sdk.Address + Options []WeightedVoteOption +} +``` + +And for backwards compatibility, we introduce `MsgVoteWeighted` while keeping `MsgVote`. + +```go +type MsgVote struct { + ProposalID int64 + Voter sdk.Address + Option Option +} + +type MsgVoteWeighted struct { + ProposalID int64 + Voter sdk.Address + Options []WeightedVoteOption +} +``` + +The `ValidateBasic` of a `MsgVoteWeighted` struct would require that + +1. The sum of all the Rates is equal to 1.0 +2. No Option is repeated + +The governance tally function will iterate over all the options in a vote and add to the tally the result of the voter's voting power * the rate for that option. + +```go +tally() { + results := map[types.VoteOption]sdk.Dec + + for _, vote := range votes { + for i, weightedOption := range vote.Options { + results[weightedOption.Option] += getVotingPower(vote.voter) * weightedOption.Weight + } + } +} +``` + +The CLI command for creating a multi-option vote would be as such: + +```shell +simd tx gov vote 1 "yes=0.6,no=0.3,abstain=0.05,no_with_veto=0.05" --from mykey +``` + +To create a single-option vote a user can do either + +```shell +simd tx gov vote 1 "yes=1" --from mykey +``` + +or + +```shell +simd tx gov vote 1 yes --from mykey +``` + +to maintain backwards compatibility. + +## Consequences + +### Backwards Compatibility + +* Previous VoteMsg types will remain the same and so clients will not have to update their procedure unless they want to support the WeightedVoteMsg feature. +* When querying a Vote struct from state, its structure will be different, and so clients wanting to display all voters and their respective votes will have to handle the new format and the fact that a single voter can have split votes. +* The result of querying the tally function should have the same API for clients. + +### Positive + +* Can make the voting process more accurate for addresses representing multiple stakeholders, often some of the largest addresses. + +### Negative + +* Is more complex than simple voting, and so may be harder to explain to users. However, this is mostly mitigated because the feature is opt-in. + +### Neutral + +* Relatively minor change to governance tally function. diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-038-state-listening.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-038-state-listening.md new file mode 100644 index 00000000..212d275d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-038-state-listening.md @@ -0,0 +1,822 @@ +# ADR 038: KVStore state listening + +## Changelog + +* 11/23/2020: Initial draft +* 10/06/2022: Introduce plugin system based on hashicorp/go-plugin +* 10/14/2022: + * Add `ListenCommit`, flatten the state writes in a block to a single batch. + * Remove listeners from cache stores, should only listen to `rootmulti.Store`. + * Remove `HaltAppOnDeliveryError()`, the errors are propagated by default, the implementations should return nil if don't want to propogate errors. + + +## Status + +Proposed + +## Abstract + +This ADR defines a set of changes to enable listening to state changes of individual KVStores and exposing these data to consumers. + +## Context + +Currently, KVStore data can be remotely accessed through [Queries](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules/02-messages-and-queries.md#queries) +which proceed either through Tendermint and the ABCI, or through the gRPC server. +In addition to these request/response queries, it would be beneficial to have a means of listening to state changes as they occur in real time. + +## Decision + +We will modify the `CommitMultiStore` interface and its concrete (`rootmulti`) implementations and introduce a new `listenkv.Store` to allow listening to state changes in underlying KVStores. We don't need to listen to cache stores, because we can't be sure that the writes will be committed eventually, and the writes are duplicated in `rootmulti.Store` eventually, so we should only listen to `rootmulti.Store`. +We will introduce a plugin system for configuring and running streaming services that write these state changes and their surrounding ABCI message context to different destinations. + +### Listening + +In a new file, `store/types/listening.go`, we will create a `MemoryListener` struct for streaming out protobuf encoded KV pairs state changes from a KVStore. +The `MemoryListener` will be used internally by the concrete `rootmulti` implementation to collect state changes from KVStores. + +```go +// MemoryListener listens to the state writes and accumulate the records in memory. +type MemoryListener struct { + stateCache []StoreKVPair +} + +// NewMemoryListener creates a listener that accumulate the state writes in memory. +func NewMemoryListener() *MemoryListener { + return &MemoryListener{} +} + +// OnWrite writes state change events to the internal cache +func (fl *MemoryListener) OnWrite(storeKey StoreKey, key []byte, value []byte, delete bool) { + fl.stateCache = append(fl.stateCache, StoreKVPair{ + StoreKey: storeKey.Name(), + Delete: delete, + Key: key, + Value: value, + }) +} + +// PopStateCache returns the current state caches and set to nil +func (fl *MemoryListener) PopStateCache() []StoreKVPair { + res := fl.stateCache + fl.stateCache = nil + return res +} +``` + +We will also define a protobuf type for the KV pairs. In addition to the key and value fields this message +will include the StoreKey for the originating KVStore so that we can collect information from separate KVStores and determine the source of each KV pair. + +```protobuf +message StoreKVPair { + optional string store_key = 1; // the store key for the KVStore this pair originates from + required bool set = 2; // true indicates a set operation, false indicates a delete operation + required bytes key = 3; + required bytes value = 4; +} +``` + +### ListenKVStore + +We will create a new `Store` type `listenkv.Store` that the `rootmulti` store will use to wrap a `KVStore` to enable state listening. +We will configure the `Store` with a `MemoryListener` which will collect state changes for output to specific destinations. + +```go +// Store implements the KVStore interface with listening enabled. +// Operations are traced on each advanced KVStore call and written to any of the +// underlying listeners with the proper key and operation permissions +type Store struct { + parent types.KVStore + listener *types.MemoryListener + parentStoreKey types.StoreKey +} + +// NewStore returns a reference to a new traceKVStore given a parent +// KVStore implementation and a buffered writer. +func NewStore(parent types.KVStore, psk types.StoreKey, listener *types.MemoryListener) *Store { + return &Store{parent: parent, listener: listener, parentStoreKey: psk} +} + +// Set implements the KVStore interface. It traces a write operation and +// delegates the Set call to the parent KVStore. +func (s *Store) Set(key []byte, value []byte) { + types.AssertValidKey(key) + s.parent.Set(key, value) + s.listener.OnWrite(s.parentStoreKey, key, value, false) +} + +// Delete implements the KVStore interface. It traces a write operation and +// delegates the Delete call to the parent KVStore. +func (s *Store) Delete(key []byte) { + s.parent.Delete(key) + s.listener.OnWrite(s.parentStoreKey, key, nil, true) +} +``` + +### MultiStore interface updates + +We will update the `CommitMultiStore` interface to allow us to wrap a `Memorylistener` to a specific `KVStore`. +Note that the `MemoryListener` will be attached internally by the concrete `rootmulti` implementation. + +```go +type CommitMultiStore interface { + ... + + // AddListeners adds a listener for the KVStore belonging to the provided StoreKey + AddListeners(keys []StoreKey) + + // PopStateCache returns the accumulated state change messages from MemoryListener + PopStateCache() []StoreKVPair +} +``` + + +### MultiStore implementation updates + +We will adjust the `rootmulti` `GetKVStore` method to wrap the returned `KVStore` with a `listenkv.Store` if listening is turned on for that `Store`. + +```go +func (rs *Store) GetKVStore(key types.StoreKey) types.KVStore { + store := rs.stores[key].(types.KVStore) + + if rs.TracingEnabled() { + store = tracekv.NewStore(store, rs.traceWriter, rs.traceContext) + } + if rs.ListeningEnabled(key) { + store = listenkv.NewStore(store, key, rs.listeners[key]) + } + + return store +} +``` + +We will implement `AddListeners` to manage KVStore listeners internally and implement `PopStateCache` +for a means of retrieving the current state. + +```go +// AddListeners adds state change listener for a specific KVStore +func (rs *Store) AddListeners(keys []types.StoreKey) { + listener := types.NewMemoryListener() + for i := range keys { + rs.listeners[keys[i]] = listener + } +} +``` + +```go +func (rs *Store) PopStateCache() []types.StoreKVPair { + var cache []types.StoreKVPair + for _, ls := range rs.listeners { + cache = append(cache, ls.PopStateCache()...) + } + sort.SliceStable(cache, func(i, j int) bool { + return cache[i].StoreKey < cache[j].StoreKey + }) + return cache +} +``` + +We will also adjust the `rootmulti` `CacheMultiStore` and `CacheMultiStoreWithVersion` methods to enable listening in +the cache layer. + +```go +func (rs *Store) CacheMultiStore() types.CacheMultiStore { + stores := make(map[types.StoreKey]types.CacheWrapper) + for k, v := range rs.stores { + store := v.(types.KVStore) + // Wire the listenkv.Store to allow listeners to observe the writes from the cache store, + // set same listeners on cache store will observe duplicated writes. + if rs.ListeningEnabled(k) { + store = listenkv.NewStore(store, k, rs.listeners[k]) + } + stores[k] = store + } + return cachemulti.NewStore(rs.db, stores, rs.keysByName, rs.traceWriter, rs.getTracingContext()) +} +``` + +```go +func (rs *Store) CacheMultiStoreWithVersion(version int64) (types.CacheMultiStore, error) { + // ... + + // Wire the listenkv.Store to allow listeners to observe the writes from the cache store, + // set same listeners on cache store will observe duplicated writes. + if rs.ListeningEnabled(key) { + cacheStore = listenkv.NewStore(cacheStore, key, rs.listeners[key]) + } + + cachedStores[key] = cacheStore + } + + return cachemulti.NewStore(rs.db, cachedStores, rs.keysByName, rs.traceWriter, rs.getTracingContext()), nil +} +``` + +### Exposing the data + +#### Streaming Service + +We will introduce a new `ABCIListener` interface that plugs into the BaseApp and relays ABCI requests and responses +so that the service can group the state changes with the ABCI requests. + +```go +// baseapp/streaming.go + +// ABCIListener is the interface that we're exposing as a streaming service. +type ABCIListener interface { + // ListenBeginBlock updates the streaming service with the latest BeginBlock messages + ListenBeginBlock(ctx context.Context, req abci.RequestBeginBlock, res abci.ResponseBeginBlock) error + // ListenEndBlock updates the steaming service with the latest EndBlock messages + ListenEndBlock(ctx types.Context, req abci.RequestEndBlock, res abci.ResponseEndBlock) error + // ListenDeliverTx updates the steaming service with the latest DeliverTx messages + ListenDeliverTx(ctx context.Context, req abci.RequestDeliverTx, res abci.ResponseDeliverTx) error + // ListenCommit updates the steaming service with the latest Commit messages and state changes + ListenCommit(ctx context.Context, res abci.ResponseCommit, changeSet []*store.StoreKVPair) error +} +``` + +#### BaseApp Registration + +We will add a new method to the `BaseApp` to enable the registration of `StreamingService`s: + + ```go + // SetStreamingService is used to set a streaming service into the BaseApp hooks and load the listeners into the multistore +func (app *BaseApp) SetStreamingService(s ABCIListener) { + // register the StreamingService within the BaseApp + // BaseApp will pass BeginBlock, DeliverTx, and EndBlock requests and responses to the streaming services to update their ABCI context + app.abciListeners = append(app.abciListeners, s) +} +``` + +We will add two new fields to the `BaseApp` struct: + +```go +type BaseApp struct { + + ... + + // abciListenersAsync for determining if abciListeners will run asynchronously. + // When abciListenersAsync=false and stopNodeOnABCIListenerErr=false listeners will run synchronized but will not stop the node. + // When abciListenersAsync=true stopNodeOnABCIListenerErr will be ignored. + abciListenersAsync bool + + // stopNodeOnABCIListenerErr halts the node when ABCI streaming service listening results in an error. + // stopNodeOnABCIListenerErr=true must be paired with abciListenersAsync=false. + stopNodeOnABCIListenerErr bool +} +``` + +#### ABCI Event Hooks + +We will modify the `BeginBlock`, `EndBlock`, `DeliverTx` and `Commit` methods to pass ABCI requests and responses +to any streaming service hooks registered with the `BaseApp`. + +```go +func (app *BaseApp) BeginBlock(req abci.RequestBeginBlock) (res abci.ResponseBeginBlock) { + + ... + + // call the streaming service hook with the BeginBlock messages + for _, abciListener := range app.abciListeners { + ctx := app.deliverState.ctx + blockHeight := ctx.BlockHeight() + if app.abciListenersAsync { + go func(req abci.RequestBeginBlock, res abci.ResponseBeginBlock) { + if err := app.abciListener.ListenBeginBlock(ctx, req, res); err != nil { + app.logger.Error("BeginBlock listening hook failed", "height", blockHeight, "err", err) + } + }(req, res) + } else { + if err := app.abciListener.ListenBeginBlock(ctx, req, res); err != nil { + app.logger.Error("BeginBlock listening hook failed", "height", blockHeight, "err", err) + if app.stopNodeOnABCIListenerErr { + os.Exit(1) + } + } + } + } + + return res +} +``` + +```go +func (app *BaseApp) EndBlock(req abci.RequestEndBlock) (res abci.ResponseEndBlock) { + + ... + + // call the streaming service hook with the EndBlock messages + for _, abciListener := range app.abciListeners { + ctx := app.deliverState.ctx + blockHeight := ctx.BlockHeight() + if app.abciListenersAsync { + go func(req abci.RequestEndBlock, res abci.ResponseEndBlock) { + if err := app.abciListener.ListenEndBlock(blockHeight, req, res); err != nil { + app.logger.Error("EndBlock listening hook failed", "height", blockHeight, "err", err) + } + }(req, res) + } else { + if err := app.abciListener.ListenEndBlock(blockHeight, req, res); err != nil { + app.logger.Error("EndBlock listening hook failed", "height", blockHeight, "err", err) + if app.stopNodeOnABCIListenerErr { + os.Exit(1) + } + } + } + } + + return res +} +``` + +```go +func (app *BaseApp) DeliverTx(req abci.RequestDeliverTx) abci.ResponseDeliverTx { + + var abciRes abci.ResponseDeliverTx + defer func() { + // call the streaming service hook with the EndBlock messages + for _, abciListener := range app.abciListeners { + ctx := app.deliverState.ctx + blockHeight := ctx.BlockHeight() + if app.abciListenersAsync { + go func(req abci.RequestDeliverTx, res abci.ResponseDeliverTx) { + if err := app.abciListener.ListenDeliverTx(blockHeight, req, res); err != nil { + app.logger.Error("DeliverTx listening hook failed", "height", blockHeight, "err", err) + } + }(req, abciRes) + } else { + if err := app.abciListener.ListenDeliverTx(blockHeight, req, res); err != nil { + app.logger.Error("DeliverTx listening hook failed", "height", blockHeight, "err", err) + if app.stopNodeOnABCIListenerErr { + os.Exit(1) + } + } + } + } + }() + + ... + + return abciRes +} +``` + +```go +func (app *BaseApp) Commit() abci.ResponseCommit { + + ... + + res := abci.ResponseCommit{ + Data: commitID.Hash, + RetainHeight: retainHeight, + } + + // call the streaming service hook with the Commit messages + for _, abciListener := range app.abciListeners { + ctx := app.deliverState.ctx + blockHeight := ctx.BlockHeight() + changeSet := app.cms.PopStateCache() + if app.abciListenersAsync { + go func(res abci.ResponseCommit, changeSet []store.StoreKVPair) { + if err := app.abciListener.ListenCommit(ctx, res, changeSet); err != nil { + app.logger.Error("ListenCommit listening hook failed", "height", blockHeight, "err", err) + } + }(res, changeSet) + } else { + if err := app.abciListener.ListenCommit(ctx, res, changeSet); err != nil { + app.logger.Error("ListenCommit listening hook failed", "height", blockHeight, "err", err) + if app.stopNodeOnABCIListenerErr { + os.Exit(1) + } + } + } + } + + ... + + return res +} +``` + +#### Go Plugin System + +We propose a plugin architecture to load and run `Streaming` plugins and other types of implementations. We will introduce a plugin +system over gRPC that is used to load and run Cosmos-SDK plugins. The plugin system uses [hashicorp/go-plugin](https://github.com/hashicorp/go-plugin). +Each plugin must have a struct that implements the `plugin.Plugin` interface and an `Impl` interface for processing messages over gRPC. +Each plugin must also have a message protocol defined for the gRPC service: + +```go +// streaming/plugins/abci/{plugin_version}/interface.go + +// Handshake is a common handshake that is shared by streaming and host. +// This prevents users from executing bad plugins or executing a plugin +// directory. It is a UX feature, not a security feature. +var Handshake = plugin.HandshakeConfig{ + ProtocolVersion: 1, + MagicCookieKey: "ABCI_LISTENER_PLUGIN", + MagicCookieValue: "ef78114d-7bdf-411c-868f-347c99a78345", +} + +// ListenerPlugin is the base struc for all kinds of go-plugin implementations +// It will be included in interfaces of different Plugins +type ABCIListenerPlugin struct { + // GRPCPlugin must still implement the Plugin interface + plugin.Plugin + // Concrete implementation, written in Go. This is only used for plugins + // that are written in Go. + Impl baseapp.ABCIListener +} + +func (p *ListenerGRPCPlugin) GRPCServer(_ *plugin.GRPCBroker, s *grpc.Server) error { + RegisterABCIListenerServiceServer(s, &GRPCServer{Impl: p.Impl}) + return nil +} + +func (p *ListenerGRPCPlugin) GRPCClient( + _ context.Context, + _ *plugin.GRPCBroker, + c *grpc.ClientConn, +) (interface{}, error) { + return &GRPCClient{client: NewABCIListenerServiceClient(c)}, nil +} +``` + +The `plugin.Plugin` interface has two methods `Client` and `Server`. For our GRPC service these are `GRPCClient` and `GRPCServer` +The `Impl` field holds the concrete implementation of our `baseapp.ABCIListener` interface written in Go. +Note: this is only used for plugin implementations written in Go. + +The advantage of having such a plugin system is that within each plugin authors can define the message protocol in a way that fits their use case. +For example, when state change listening is desired, the `ABCIListener` message protocol can be defined as below (*for illustrative purposes only*). +When state change listening is not desired than `ListenCommit` can be omitted from the protocol. + +```protobuf +syntax = "proto3"; + +... + +message Empty {} + +message ListenBeginBlockRequest { + RequestBeginBlock req = 1; + ResponseBeginBlock res = 2; +} +message ListenEndBlockRequest { + RequestEndBlock req = 1; + ResponseEndBlock res = 2; +} +message ListenDeliverTxRequest { + int64 block_height = 1; + RequestDeliverTx req = 2; + ResponseDeliverTx res = 3; +} +message ListenCommitRequest { + int64 block_height = 1; + ResponseCommit res = 2; + repeated StoreKVPair changeSet = 3; +} + +// plugin that listens to state changes +service ABCIListenerService { + rpc ListenBeginBlock(ListenBeginBlockRequest) returns (Empty); + rpc ListenEndBlock(ListenEndBlockRequest) returns (Empty); + rpc ListenDeliverTx(ListenDeliverTxRequest) returns (Empty); + rpc ListenCommit(ListenCommitRequest) returns (Empty); +} +``` + +```protobuf +... +// plugin that doesn't listen to state changes +service ABCIListenerService { + rpc ListenBeginBlock(ListenBeginBlockRequest) returns (Empty); + rpc ListenEndBlock(ListenEndBlockRequest) returns (Empty); + rpc ListenDeliverTx(ListenDeliverTxRequest) returns (Empty); + rpc ListenCommit(ListenCommitRequest) returns (Empty); +} +``` + +Implementing the service above: + +```go +// streaming/plugins/abci/{plugin_version}/grpc.go + +var ( + _ baseapp.ABCIListener = (*GRPCClient)(nil) +) + +// GRPCClient is an implementation of the ABCIListener and ABCIListenerPlugin interfaces that talks over RPC. +type GRPCClient struct { + client ABCIListenerServiceClient +} + +func (m *GRPCClient) ListenBeginBlock(ctx context.Context, req abci.RequestBeginBlock, res abci.ResponseBeginBlock) error { + _, err := m.client.ListenBeginBlock(ctx, &ListenBeginBlockRequest{Req: req, Res: res}) + return err +} + +func (m *GRPCClient) ListenEndBlock(goCtx context.Context, req abci.RequestEndBlock, res abci.ResponseEndBlock) error { + _, err := m.client.ListenEndBlock(ctx, &ListenEndBlockRequest{Req: req, Res: res}) + return err +} + +func (m *GRPCClient) ListenDeliverTx(goCtx context.Context, req abci.RequestDeliverTx, res abci.ResponseDeliverTx) error { + ctx := sdk.UnwrapSDKContext(goCtx) + _, err := m.client.ListenDeliverTx(ctx, &ListenDeliverTxRequest{BlockHeight: ctx.BlockHeight(), Req: req, Res: res}) + return err +} + +func (m *GRPCClient) ListenCommit(goCtx context.Context, res abci.ResponseCommit, changeSet []store.StoreKVPair) error { + ctx := sdk.UnwrapSDKContext(goCtx) + _, err := m.client.ListenCommit(ctx, &ListenCommitRequest{BlockHeight: ctx.BlockHeight(), Res: res, ChangeSet: changeSet}) + return err +} + +// GRPCServer is the gRPC server that GRPCClient talks to. +type GRPCServer struct { + // This is the real implementation + Impl baseapp.ABCIListener +} + +func (m *GRPCServer) ListenBeginBlock(ctx context.Context, req *ListenBeginBlockRequest) (*Empty, error) { + return &Empty{}, m.Impl.ListenBeginBlock(ctx, req.Req, req.Res) +} + +func (m *GRPCServer) ListenEndBlock(ctx context.Context, req *ListenEndBlockRequest) (*Empty, error) { + return &Empty{}, m.Impl.ListenEndBlock(ctx, req.Req, req.Res) +} + +func (m *GRPCServer) ListenDeliverTx(ctx context.Context, req *ListenDeliverTxRequest) (*Empty, error) { + return &Empty{}, m.Impl.ListenDeliverTx(ctx, req.Req, req.Res) +} + +func (m *GRPCServer) ListenCommit(ctx context.Context, req *ListenCommitRequest) (*Empty, error) { + return &Empty{}, m.Impl.ListenCommit(ctx, req.Res, req.ChangeSet) +} + +``` + +And the pre-compiled Go plugin `Impl`(*this is only used for plugins that are written in Go*): + +```go +// streaming/plugins/abci/{plugin_version}/impl/plugin.go + +// Plugins are pre-compiled and loaded by the plugin system + +// ABCIListener is the implementation of the baseapp.ABCIListener interface +type ABCIListener struct{} + +func (m *ABCIListenerPlugin) ListenBeginBlock(ctx context.Context, req abci.RequestBeginBlock, res abci.ResponseBeginBlock) error { + // send data to external system +} + +func (m *ABCIListenerPlugin) ListenEndBlock(ctx context.Context, req abci.RequestBeginBlock, res abci.ResponseBeginBlock) error { + // send data to external system +} + +func (m *ABCIListenerPlugin) ListenDeliverTxBlock(ctx context.Context, req abci.RequestBeginBlock, res abci.ResponseBeginBlock) error { + // send data to external system +} + +func (m *ABCIListenerPlugin) ListenCommit(ctx context.Context, res abci.ResponseCommit, changeSet []store.StoreKVPair) error { + // send data to external system +} + +func main() { + plugin.Serve(&plugin.ServeConfig{ + HandshakeConfig: grpc_abci_v1.Handshake, + Plugins: map[string]plugin.Plugin{ + "grpc_plugin_v1": &grpc_abci_v1.ABCIListenerGRPCPlugin{Impl: &ABCIListenerPlugin{}}, + }, + + // A non-nil value here enables gRPC serving for this streaming... + GRPCServer: plugin.DefaultGRPCServer, + }) +} +``` + +We will introduce a plugin loading system that will return `(interface{}, error)`. +This provides the advantage of using versioned plugins where the plugin interface and gRPC protocol change over time. +In addition, it allows for building independent plugin that can expose different parts of the system over gRPC. + +```go +func NewStreamingPlugin(name string, logLevel string) (interface{}, error) { + logger := hclog.New(&hclog.LoggerOptions{ + Output: hclog.DefaultOutput, + Level: toHclogLevel(logLevel), + Name: fmt.Sprintf("plugin.%s", name), + }) + + // We're a host. Start by launching the streaming process. + env := os.Getenv(GetPluginEnvKey(name)) + client := plugin.NewClient(&plugin.ClientConfig{ + HandshakeConfig: HandshakeMap[name], + Plugins: PluginMap, + Cmd: exec.Command("sh", "-c", env), + Logger: logger, + AllowedProtocols: []plugin.Protocol{ + plugin.ProtocolNetRPC, plugin.ProtocolGRPC}, + }) + + // Connect via RPC + rpcClient, err := client.Client() + if err != nil { + return nil, err + } + + // Request streaming plugin + return rpcClient.Dispense(name) +} + +``` + +We propose a `RegisterStreamingPlugin` function for the App to register `NewStreamingPlugin`s with the App's BaseApp. +Streaming plugins can be of `Any` type; therefore, the function takes in an interface vs a concrete type. +For example, we could have plugins of `ABCIListener`, `WasmListener` or `IBCListener`. Note that `RegisterStreamingPluing` function +is helper function and not a requirement. Plugin registration can easily be moved from the App to the BaseApp directly. + +```go +// baseapp/streaming.go + +// RegisterStreamingPlugin registers streaming plugins with the App. +// This method returns an error if a plugin is not supported. +func RegisterStreamingPlugin( + bApp *BaseApp, + appOpts servertypes.AppOptions, + keys map[string]*types.KVStoreKey, + streamingPlugin interface{}, +) error { + switch t := streamingPlugin.(type) { + case ABCIListener: + registerABCIListenerPlugin(bApp, appOpts, keys, t) + default: + return fmt.Errorf("unexpected plugin type %T", t) + } + return nil +} +``` + +```go +func registerABCIListenerPlugin( + bApp *BaseApp, + appOpts servertypes.AppOptions, + keys map[string]*store.KVStoreKey, + abciListener ABCIListener, +) { + asyncKey := fmt.Sprintf("%s.%s.%s", StreamingTomlKey, StreamingABCITomlKey, StreamingABCIAsync) + async := cast.ToBool(appOpts.Get(asyncKey)) + stopNodeOnErrKey := fmt.Sprintf("%s.%s.%s", StreamingTomlKey, StreamingABCITomlKey, StreamingABCIStopNodeOnErrTomlKey) + stopNodeOnErr := cast.ToBool(appOpts.Get(stopNodeOnErrKey)) + keysKey := fmt.Sprintf("%s.%s.%s", StreamingTomlKey, StreamingABCITomlKey, StreamingABCIKeysTomlKey) + exposeKeysStr := cast.ToStringSlice(appOpts.Get(keysKey)) + exposedKeys := exposeStoreKeysSorted(exposeKeysStr, keys) + bApp.cms.AddListeners(exposedKeys) + bApp.SetStreamingService(abciListener) + bApp.stopNodeOnABCIListenerErr = stopNodeOnErr + bApp.abciListenersAsync = async +} +``` + +```go +func exposeAll(list []string) bool { + for _, ele := range list { + if ele == "*" { + return true + } + } + return false +} + +func exposeStoreKeys(keysStr []string, keys map[string]*types.KVStoreKey) []types.StoreKey { + var exposeStoreKeys []types.StoreKey + if exposeAll(keysStr) { + exposeStoreKeys = make([]types.StoreKey, 0, len(keys)) + for _, storeKey := range keys { + exposeStoreKeys = append(exposeStoreKeys, storeKey) + } + } else { + exposeStoreKeys = make([]types.StoreKey, 0, len(keysStr)) + for _, keyStr := range keysStr { + if storeKey, ok := keys[keyStr]; ok { + exposeStoreKeys = append(exposeStoreKeys, storeKey) + } + } + } + // sort storeKeys for deterministic output + sort.SliceStable(exposeStoreKeys, func(i, j int) bool { + return exposeStoreKeys[i].Name() < exposeStoreKeys[j].Name() + }) + + return exposeStoreKeys +} +``` + +The `NewStreamingPlugin` and `RegisterStreamingPlugin` functions are used to register a plugin with the App's BaseApp. + +e.g. in `NewSimApp`: + +```go +func NewSimApp( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), +) *SimApp { + + ... + + keys := sdk.NewKVStoreKeys( + authtypes.StoreKey, banktypes.StoreKey, stakingtypes.StoreKey, + minttypes.StoreKey, distrtypes.StoreKey, slashingtypes.StoreKey, + govtypes.StoreKey, paramstypes.StoreKey, ibchost.StoreKey, upgradetypes.StoreKey, + evidencetypes.StoreKey, ibctransfertypes.StoreKey, capabilitytypes.StoreKey, + ) + + ... + + // register streaming services + streamingCfg := cast.ToStringMap(appOpts.Get(baseapp.StreamingTomlKey)) + for service := range streamingCfg { + pluginKey := fmt.Sprintf("%s.%s.%s", baseapp.StreamingTomlKey, service, baseapp.StreamingPluginTomlKey) + pluginName := strings.TrimSpace(cast.ToString(appOpts.Get(pluginKey))) + if len(pluginName) > 0 { + logLevel := cast.ToString(appOpts.Get(flags.FlagLogLevel)) + plugin, err := streaming.NewStreamingPlugin(pluginName, logLevel) + if err != nil { + tmos.Exit(err.Error()) + } + if err := baseapp.RegisterStreamingPlugin(bApp, appOpts, keys, plugin); err != nil { + tmos.Exit(err.Error()) + } + } + } + + return app +``` + +#### Configuration + +The plugin system will be configured within an App's TOML configuration files. + +```toml +# gRPC streaming +[streaming] + +# ABCI streaming service +[streaming.abci] + +# The plugin version to use for ABCI listening +plugin = "abci_v1" + +# List of kv store keys to listen to for state changes. +# Set to ["*"] to expose all keys. +keys = ["*"] + +# Enable abciListeners to run asynchronously. +# When abciListenersAsync=false and stopNodeOnABCIListenerErr=false listeners will run synchronized but will not stop the node. +# When abciListenersAsync=true stopNodeOnABCIListenerErr will be ignored. +async = false + +# Whether to stop the node on message deliver error. +stop-node-on-err = true +``` + +There will be four parameters for configuring `ABCIListener` plugin: `streaming.abci.plugin`, `streaming.abci.keys`, `streaming.abci.async` and `streaming.abci.stop-node-on-err`. +`streaming.abci.plugin` is the name of the plugin we want to use for streaming, `streaming.abci.keys` is a set of store keys for stores it listens to, +`streaming.abci.async` is bool enabling asynchronous listening and `streaming.abci.stop-node-on-err` is a bool that stops the node when true and when operating +on synchronized mode `streaming.abci.async=false`. Note that `streaming.abci.stop-node-on-err=true` will be ignored if `streaming.abci.async=true`. + +The configuration above support additional streaming plugins by adding the plugin to the `[streaming]` configuration section +and registering the plugin with `RegisterStreamingPlugin` helper function. + +Note the that each plugin must include `streaming.{service}.plugin` property as it is a requirement for doing the lookup and registration of the plugin +with the App. All other properties are unique to the individual services. + +#### Encoding and decoding streams + +ADR-038 introduces the interfaces and types for streaming state changes out from KVStores, associating this +data with their related ABCI requests and responses, and registering a service for consuming this data and streaming it to some destination in a final format. +Instead of prescribing a final data format in this ADR, it is left to a specific plugin implementation to define and document this format. +We take this approach because flexibility in the final format is necessary to support a wide range of streaming service plugins. For example, +the data format for a streaming service that writes the data out to a set of files will differ from the data format that is written to a Kafka topic. + +## Consequences + +These changes will provide a means of subscribing to KVStore state changes in real time. + +### Backwards Compatibility + +* This ADR changes the `CommitMultiStore` interface, implementations supporting the previous version of this interface will not support the new one + +### Positive + +* Ability to listen to KVStore state changes in real time and expose these events to external consumers + +### Negative + +* Changes `CommitMultiStore` interface and its implementations + +### Neutral + +* Introduces additional- but optional- complexity to configuring and running a cosmos application +* If an application developer opts to use these features to expose data, they need to be aware of the ramifications/risks of that data exposure as it pertains to the specifics of their application diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-039-epoched-staking.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-039-epoched-staking.md new file mode 100644 index 00000000..29418fc8 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-039-epoched-staking.md @@ -0,0 +1,122 @@ +# ADR 039: Epoched Staking + +## Changelog + +* 10-Feb-2021: Initial Draft + +## Authors + +* Dev Ojha (@valardragon) +* Sunny Aggarwal (@sunnya97) + +## Status + +Proposed + +## Abstract + +This ADR updates the proof of stake module to buffer the staking weight updates for a number of blocks before updating the consensus' staking weights. The length of the buffer is dubbed an epoch. The prior functionality of the staking module is then a special case of the abstracted module, with the epoch being set to 1 block. + +## Context + +The current proof of stake module takes the design decision to apply staking weight changes to the consensus engine immediately. This means that delegations and unbonds get applied immediately to the validator set. This decision was primarily done as it was implementationally simplest, and because we at the time believed that this would lead to better UX for clients. + +An alternative design choice is to allow buffering staking updates (delegations, unbonds, validators joining) for a number of blocks. This 'epoch'd proof of stake consensus provides the guarantee that the consensus weights for validators will not change mid-epoch, except in the event of a slash condition. + +Additionally, the UX hurdle may not be as significant as was previously thought. This is because it is possible to provide users immediate acknowledgement that their bond was recorded and will be executed. + +Furthermore, it has become clearer over time that immediate execution of staking events comes with limitations, such as: + +* Threshold based cryptography. One of the main limitations is that because the validator set can change so regularly, it makes the running of multiparty computation by a fixed validator set difficult. Many threshold-based cryptographic features for blockchains such as randomness beacons and threshold decryption require a computationally-expensive DKG process (will take much longer than 1 block to create). To productively use these, we need to guarantee that the result of the DKG will be used for a reasonably long time. It wouldn't be feasible to rerun the DKG every block. By epoching staking, it guarantees we'll only need to run a new DKG once every epoch. + +* Light client efficiency. This would lessen the overhead for IBC when there is high churn in the validator set. In the Tendermint light client bisection algorithm, the number of headers you need to verify is related to bounding the difference in validator sets between a trusted header and the latest header. If the difference is too great, you verify more header in between the two. By limiting the frequency of validator set changes, we can reduce the worst case size of IBC lite client proofs, which occurs when a validator set has high churn. + +* Fairness of deterministic leader election. Currently we have no ways of reasoning of fairness of deterministic leader election in the presence of staking changes without epochs (tendermint/spec#217). Breaking fairness of leader election is profitable for validators, as they earn additional rewards from being the proposer. Adding epochs at least makes it easier for our deterministic leader election to match something we can prove secure. (Albeit, we still haven’t proven if our current algorithm is fair with > 2 validators in the presence of stake changes) + +* Staking derivative design. Currently, reward distribution is done lazily using the F1 fee distribution. While saving computational complexity, lazy accounting requires a more stateful staking implementation. Right now, each delegation entry has to track the time of last withdrawal. Handling this can be a challenge for some staking derivatives designs that seek to provide fungibility for all tokens staked to a single validator. Force-withdrawing rewards to users can help solve this, however it is infeasible to force-withdraw rewards to users on a per block basis. With epochs, a chain could more easily alter the design to have rewards be forcefully withdrawn (iterating over delegator accounts only once per-epoch), and can thus remove delegation timing from state. This may be useful for certain staking derivative designs. + +## Design considerations + +### Slashing + +There is a design consideration for whether to apply a slash immediately or at the end of an epoch. A slash event should apply to only members who are actually staked during the time of the infraction, namely during the epoch the slash event occured. + +Applying it immediately can be viewed as offering greater consensus layer security, at potential costs to the aforementioned usecases. The benefits of immediate slashing for consensus layer security can be all be obtained by executing the validator jailing immediately (thus removing it from the validator set), and delaying the actual slash change to the validator's weight until the epoch boundary. For the use cases mentioned above, workarounds can be integrated to avoid problems, as follows: + +* For threshold based cryptography, this setting will have the threshold cryptography use the original epoch weights, while consensus has an update that lets it more rapidly benefit from additional security. If the threshold based cryptography blocks liveness of the chain, then we have effectively raised the liveness threshold of the remaining validators for the rest of the epoch. (Alternatively, jailed nodes could still contribute shares) This plan will fail in the extreme case that more than 1/3rd of the validators have been jailed within a single epoch. For such an extreme scenario, the chain already have its own custom incident response plan, and defining how to handle the threshold cryptography should be a part of that. +* For light client efficiency, there can be a bit included in the header indicating an intra-epoch slash (ala https://github.com/tendermint/spec/issues/199). +* For fairness of deterministic leader election, applying a slash or jailing within an epoch would break the guarantee we were seeking to provide. This then re-introduces a new (but significantly simpler) problem for trying to provide fairness guarantees. Namely, that validators can adversarially elect to remove themself from the set of proposers. From a security perspective, this could potentially be handled by two different mechanisms (or prove to still be too difficult to achieve). One is making a security statement acknowledging the ability for an adversary to force an ahead-of-time fixed threshold of users to drop out of the proposer set within an epoch. The second method would be to parameterize such that the cost of a slash within the epoch far outweights benefits due to being a proposer. However, this latter criterion is quite dubious, since being a proposer can have many advantageous side-effects in chains with complex state machines. (Namely, DeFi games such as Fomo3D) +* For staking derivative design, there is no issue introduced. This does not increase the state size of staking records, since whether a slash has occured is fully queryable given the validator address. + +### Token lockup + +When someone makes a transaction to delegate, even though they are not immediately staked, their tokens should be moved into a pool managed by the staking module which will then be used at the end of an epoch. This prevents concerns where they stake, and then spend those tokens not realizing they were already allocated for staking, and thus having their staking tx fail. + +### Pipelining the epochs + +For threshold based cryptography in particular, we need a pipeline for epoch changes. This is because when we are in epoch N, we want the epoch N+1 weights to be fixed so that the validator set can do the DKG accordingly. So if we are currently in epoch N, the stake weights for epoch N+1 should already be fixed, and new stake changes should be getting applied to epoch N + 2. + +This can be handled by making a parameter for the epoch pipeline length. This parameter should not be alterable except during hard forks, to mitigate implementation complexity of switching the pipeline length. + +With pipeline length 1, if I redelegate during epoch N, then my redelegation is applied prior to the beginning of epoch N+1. +With pipeline length 2, if I redelegate during epoch N, then my redelegation is applied prior to the beginning of epoch N+2. + +### Rewards + +Even though all staking updates are applied at epoch boundaries, rewards can still be distributed immediately when they are claimed. This is because they do not affect the current stake weights, as we do not implement auto-bonding of rewards. If such a feature were to be implemented, it would have to be setup so that rewards are auto-bonded at the epoch boundary. + +### Parameterizing the epoch length + +When choosing the epoch length, there is a trade-off queued state/computation buildup, and countering the previously discussed limitations of immediate execution if they apply to a given chain. + +Until an ABCI mechanism for variable block times is introduced, it is ill-advised to be using high epoch lengths due to the computation buildup. This is because when a block's execution time is greater than the expected block time from Tendermint, rounds may increment. + +## Decision + +**Step-1**: Implement buffering of all staking and slashing messages. + +First we create a pool for storing tokens that are being bonded, but should be applied at the epoch boundary called the `EpochDelegationPool`. Then, we have two separate queues, one for staking, one for slashing. We describe what happens on each message being delivered below: + +### Staking messages + +* **MsgCreateValidator**: Move user's self-bond to `EpochDelegationPool` immediately. Queue a message for the epoch boundary to handle the self-bond, taking the funds from the `EpochDelegationPool`. If Epoch execution fail, return back funds from `EpochDelegationPool` to user's account. +* **MsgEditValidator**: Validate message and if valid queue the message for execution at the end of the Epoch. +* **MsgDelegate**: Move user's funds to `EpochDelegationPool` immediately. Queue a message for the epoch boundary to handle the delegation, taking the funds from the `EpochDelegationPool`. If Epoch execution fail, return back funds from `EpochDelegationPool` to user's account. +* **MsgBeginRedelegate**: Validate message and if valid queue the message for execution at the end of the Epoch. +* **MsgUndelegate**: Validate message and if valid queue the message for execution at the end of the Epoch. + +### Slashing messages + +* **MsgUnjail**: Validate message and if valid queue the message for execution at the end of the Epoch. +* **Slash Event**: Whenever a slash event is created, it gets queued in the slashing module to apply at the end of the epoch. The queues should be setup such that this slash applies immediately. + +### Evidence Messages + +* **MsgSubmitEvidence**: This gets executed immediately, and the validator gets jailed immediately. However in slashing, the actual slash event gets queued. + +Then we add methods to the end blockers, to ensure that at the epoch boundary the queues are cleared and delegation updates are applied. + +**Step-2**: Implement querying of queued staking txs. + +When querying the staking activity of a given address, the status should return not only the amount of tokens staked, but also if there are any queued stake events for that address. This will require more work to be done in the querying logic, to trace the queued upcoming staking events. + +As an initial implementation, this can be implemented as a linear search over all queued staking events. However, for chains that need long epochs, they should eventually build additional support for nodes that support querying to be able to produce results in constant time. (This is do-able by maintaining an auxilliary hashmap for indexing upcoming staking events by address) + +**Step-3**: Adjust gas + +Currently gas represents the cost of executing a transaction when its done immediately. (Merging together costs of p2p overhead, state access overhead, and computational overhead) However, now a transaction can cause computation in a future block, namely at the epoch boundary. + +To handle this, we should initially include parameters for estimating the amount of future computation (denominated in gas), and add that as a flat charge needed for the message. +We leave it as out of scope for how to weight future computation versus current computation in gas pricing, and have it set such that the are weighted equally for now. + +## Consequences + +### Positive + +* Abstracts the proof of stake module that allows retaining the existing functionality +* Enables new features such as validator-set based threshold cryptography + +### Negative + +* Increases complexity of integrating more complex gas pricing mechanisms, as they now have to consider future execution costs as well. +* When epoch > 1, validators can no longer leave the network immediately, and must wait until an epoch boundary. diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-040-storage-and-smt-state-commitments.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-040-storage-and-smt-state-commitments.md new file mode 100644 index 00000000..b089bfb1 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-040-storage-and-smt-state-commitments.md @@ -0,0 +1,289 @@ +# ADR 040: Storage and SMT State Commitments + +## Changelog + +* 2020-01-15: Draft + +## Status + +DRAFT Not Implemented + +## Abstract + +Sparse Merkle Tree ([SMT](https://osf.io/8mcnh/)) is a version of a Merkle Tree with various storage and performance optimizations. This ADR defines a separation of state commitments from data storage and the Cosmos SDK transition from IAVL to SMT. + +## Context + +Currently, Cosmos SDK uses IAVL for both state [commitments](https://cryptography.fandom.com/wiki/Commitment_scheme) and data storage. + +IAVL has effectively become an orphaned project within the Cosmos ecosystem and it's proven to be an inefficient state commitment data structure. +In the current design, IAVL is used for both data storage and as a Merkle Tree for state commitments. IAVL is meant to be a standalone Merkelized key/value database, however it's using a KV DB engine to store all tree nodes. So, each node is stored in a separate record in the KV DB. This causes many inefficiencies and problems: + +* Each object query requires a tree traversal from the root. Subsequent queries for the same object are cached on the Cosmos SDK level. +* Each edge traversal requires a DB query. +* Creating snapshots is [expensive](https://github.com/cosmos/cosmos-sdk/issues/7215#issuecomment-684804950). It takes about 30 seconds to export less than 100 MB of state (as of March 2020). +* Updates in IAVL may trigger tree reorganization and possible O(log(n)) hashes re-computation, which can become a CPU bottleneck. +* The node structure is pretty expensive - it contains a standard tree node elements (key, value, left and right element) and additional metadata such as height, version (which is not required by the Cosmos SDK). The entire node is hashed, and that hash is used as the key in the underlying database, [ref](https://github.com/cosmos/iavl/blob/master/docs/node/03-node.md +). + +Moreover, the IAVL project lacks support and a maintainer and we already see better and well-established alternatives. Instead of optimizing the IAVL, we are looking into other solutions for both storage and state commitments. + +## Decision + +We propose to separate the concerns of state commitment (**SC**), needed for consensus, and state storage (**SS**), needed for state machine. Finally we replace IAVL with [Celestia's SMT](https://github.com/lazyledger/smt). Celestia SMT is based on Diem (called jellyfish) design [*] - it uses a compute-optimised SMT by replacing subtrees with only default values with a single node (same approach is used by Ethereum2) and implements compact proofs. + +The storage model presented here doesn't deal with data structure nor serialization. It's a Key-Value database, where both key and value are binaries. The storage user is responsible for data serialization. + +### Decouple state commitment from storage + +Separation of storage and commitment (by the SMT) will allow the optimization of different components according to their usage and access patterns. + +`SC` (SMT) is used to commit to a data and compute Merkle proofs. `SS` is used to directly access data. To avoid collisions, both `SS` and `SC` will use a separate storage namespace (they could use the same database underneath). `SS` will store each record directly (mapping `(key, value)` as `key → value`). + +SMT is a merkle tree structure: we don't store keys directly. For every `(key, value)` pair, `hash(key)` is used as leaf path (we hash a key to uniformly distribute leaves in the tree) and `hash(value)` as the leaf contents. The tree structure is specified in more depth [below](#smt-for-state-commitment). + +For data access we propose 2 additional KV buckets (implemented as namespaces for the key-value pairs, sometimes called [column family](https://github.com/facebook/rocksdb/wiki/Terminology)): + +1. B1: `key → value`: the principal object storage, used by a state machine, behind the Cosmos SDK `KVStore` interface: provides direct access by key and allows prefix iteration (KV DB backend must support it). +2. B2: `hash(key) → key`: a reverse index to get a key from an SMT path. Internally the SMT will store `(key, value)` as `prefix || hash(key) || hash(value)`. So, we can get an object value by composing `hash(key) → B2 → B1`. +3. We could use more buckets to optimize the app usage if needed. + +We propose to use a KV database for both `SS` and `SC`. The store interface will allow to use the same physical DB backend for both `SS` and `SC` as well two separate DBs. The latter option allows for the separation of `SS` and `SC` into different hardware units, providing support for more complex setup scenarios and improving overall performance: one can use different backends (eg RocksDB and Badger) as well as independently tuning the underlying DB configuration. + +### Requirements + +State Storage requirements: + +* range queries +* quick (key, value) access +* creating a snapshot +* historical versioning +* pruning (garbage collection) + +State Commitment requirements: + +* fast updates +* tree path should be short +* query historical commitment proofs using ICS-23 standard +* pruning (garbage collection) + +### SMT for State Commitment + +A Sparse Merkle tree is based on the idea of a complete Merkle tree of an intractable size. The assumption here is that as the size of the tree is intractable, there would only be a few leaf nodes with valid data blocks relative to the tree size, rendering a sparse tree. + +The full specification can be found at [Celestia](https://github.com/celestiaorg/celestia-specs/blob/ec98170398dfc6394423ee79b00b71038879e211/src/specs/data_structures.md#sparse-merkle-tree). In summary: + +* The SMT consists of a binary Merkle tree, constructed in the same fashion as described in [Certificate Transparency (RFC-6962)](https://tools.ietf.org/html/rfc6962), but using as the hashing function SHA-2-256 as defined in [FIPS 180-4](https://doi.org/10.6028/NIST.FIPS.180-4). +* Leaves and internal nodes are hashed differently: the one-byte `0x00` is prepended for leaf nodes while `0x01` is prepended for internal nodes. +* Default values are given to leaf nodes with empty leaves. +* While the above rule is sufficient to pre-compute the values of intermediate nodes that are roots of empty subtrees, a further simplification is to extend this default value to all nodes that are roots of empty subtrees. The 32-byte zero is used as the default value. This rule takes precedence over the above one. +* An internal node that is the root of a subtree that contains exactly one non-empty leaf is replaced by that leaf's leaf node. + +### Snapshots for storage sync and state versioning + +Below, with simple _snapshot_ we refer to a database snapshot mechanism, not to a _ABCI snapshot sync_. The latter will be referred as _snapshot sync_ (which will directly use DB snapshot as described below). + +Database snapshot is a view of DB state at a certain time or transaction. It's not a full copy of a database (it would be too big). Usually a snapshot mechanism is based on a _copy on write_ and it allows DB state to be efficiently delivered at a certain stage. +Some DB engines support snapshotting. Hence, we propose to reuse that functionality for the state sync and versioning (described below). We limit the supported DB engines to ones which efficiently implement snapshots. In a final section we discuss the evaluated DBs. + +One of the Stargate core features is a _snapshot sync_ delivered in the `/snapshot` package. It provides a way to trustlessly sync a blockchain without repeating all transactions from the genesis. This feature is implemented in Cosmos SDK and requires storage support. Currently IAVL is the only supported backend. It works by streaming to a client a snapshot of a `SS` at a certain version together with a header chain. + +A new database snapshot will be created in every `EndBlocker` and identified by a block height. The `root` store keeps track of the available snapshots to offer `SS` at a certain version. The `root` store implements the `RootStore` interface described below. In essence, `RootStore` encapsulates a `Committer` interface. `Committer` has a `Commit`, `SetPruning`, `GetPruning` functions which will be used for creating and removing snapshots. The `rootStore.Commit` function creates a new snapshot and increments the version on each call, and checks if it needs to remove old versions. We will need to update the SMT interface to implement the `Committer` interface. +NOTE: `Commit` must be called exactly once per block. Otherwise we risk going out of sync for the version number and block height. +NOTE: For the Cosmos SDK storage, we may consider splitting that interface into `Committer` and `PruningCommitter` - only the multiroot should implement `PruningCommitter` (cache and prefix store don't need pruning). + +Number of historical versions for `abci.RequestQuery` and state sync snapshots is part of a node configuration, not a chain configuration (configuration implied by the blockchain consensus). A configuration should allow to specify number of past blocks and number of past blocks modulo some number (eg: 100 past blocks and one snapshot every 100 blocks for past 2000 blocks). Archival nodes can keep all past versions. + +Pruning old snapshots is effectively done by a database. Whenever we update a record in `SC`, SMT won't update nodes - instead it creates new nodes on the update path, without removing the old one. Since we are snapshotting each block, we need to change that mechanism to immediately remove orphaned nodes from the database. This is a safe operation - snapshots will keep track of the records and make it available when accessing past versions. + +To manage the active snapshots we will either use a DB _max number of snapshots_ option (if available), or we will remove DB snapshots in the `EndBlocker`. The latter option can be done efficiently by identifying snapshots with block height and calling a store function to remove past versions. + +#### Accessing old state versions + +One of the functional requirements is to access old state. This is done through `abci.RequestQuery` structure. The version is specified by a block height (so we query for an object by a key `K` at block height `H`). The number of old versions supported for `abci.RequestQuery` is configurable. Accessing an old state is done by using available snapshots. +`abci.RequestQuery` doesn't need old state of `SC` unless the `prove=true` parameter is set. The SMT merkle proof must be included in the `abci.ResponseQuery` only if both `SC` and `SS` have a snapshot for requested version. + +Moreover, Cosmos SDK could provide a way to directly access a historical state. However, a state machine shouldn't do that - since the number of snapshots is configurable, it would lead to nondeterministic execution. + +We positively [validated](https://github.com/cosmos/cosmos-sdk/discussions/8297) a versioning and snapshot mechanism for querying old state with regards to the database we evaluated. + +### State Proofs + +For any object stored in State Store (SS), we have corresponding object in `SC`. A proof for object `V` identified by a key `K` is a branch of `SC`, where the path corresponds to the key `hash(K)`, and the leaf is `hash(K, V)`. + +### Rollbacks + +We need to be able to process transactions and roll-back state updates if a transaction fails. This can be done in the following way: during transaction processing, we keep all state change requests (writes) in a `CacheWrapper` abstraction (as it's done today). Once we finish the block processing, in the `Endblocker`, we commit a root store - at that time, all changes are written to the SMT and to the `SS` and a snapshot is created. + +### Committing to an object without saving it + +We identified use-cases, where modules will need to save an object commitment without storing an object itself. Sometimes clients are receiving complex objects, and they have no way to prove a correctness of that object without knowing the storage layout. For those use cases it would be easier to commit to the object without storing it directly. + +### Refactor MultiStore + +The Stargate `/store` implementation (store/v1) adds an additional layer in the SDK store construction - the `MultiStore` structure. The multistore exists to support the modularity of the Cosmos SDK - each module is using its own instance of IAVL, but in the current implementation, all instances share the same database. The latter indicates, however, that the implementation doesn't provide true modularity. Instead it causes problems related to race condition and atomic DB commits (see: [\#6370](https://github.com/cosmos/cosmos-sdk/issues/6370) and [discussion](https://github.com/cosmos/cosmos-sdk/discussions/8297#discussioncomment-757043)). + +We propose to reduce the multistore concept from the SDK, and to use a single instance of `SC` and `SS` in a `RootStore` object. To avoid confusion, we should rename the `MultiStore` interface to `RootStore`. The `RootStore` will have the following interface; the methods for configuring tracing and listeners are omitted for brevity. + +```go +// Used where read-only access to versions is needed. +type BasicRootStore interface { + Store + GetKVStore(StoreKey) KVStore + CacheRootStore() CacheRootStore +} + +// Used as the main app state, replacing CommitMultiStore. +type CommitRootStore interface { + BasicRootStore + Committer + Snapshotter + + GetVersion(uint64) (BasicRootStore, error) + SetInitialVersion(uint64) error + + ... // Trace and Listen methods +} + +// Replaces CacheMultiStore for branched state. +type CacheRootStore interface { + BasicRootStore + Write() + + ... // Trace and Listen methods +} + +// Example of constructor parameters for the concrete type. +type RootStoreConfig struct { + Upgrades *StoreUpgrades + InitialVersion uint64 + + ReservePrefix(StoreKey, StoreType) +} +``` + + + + +In contrast to `MultiStore`, `RootStore` doesn't allow to dynamically mount sub-stores or provide an arbitrary backing DB for individual sub-stores. + +NOTE: modules will be able to use a special commitment and their own DBs. For example: a module which will use ZK proofs for state can store and commit this proof in the `RootStore` (usually as a single record) and manage the specialized store privately or using the `SC` low level interface. + +#### Compatibility support + +To ease the transition to this new interface for users, we can create a shim which wraps a `CommitMultiStore` but provides a `CommitRootStore` interface, and expose functions to safely create and access the underlying `CommitMultiStore`. + +The new `RootStore` and supporting types can be implemented in a `store/v2alpha1` package to avoid breaking existing code. + +#### Merkle Proofs and IBC + +Currently, an IBC (v1.0) Merkle proof path consists of two elements (`["", ""]`), with each key corresponding to a separate proof. These are each verified according to individual [ICS-23 specs](https://github.com/cosmos/ibc-go/blob/f7051429e1cf833a6f65d51e6c3df1609290a549/modules/core/23-commitment/types/merkle.go#L17), and the result hash of each step is used as the committed value of the next step, until a root commitment hash is obtained. +The root hash of the proof for `""` is hashed with the `""` to validate against the App Hash. + +This is not compatible with the `RootStore`, which stores all records in a single Merkle tree structure, and won't produce separate proofs for the store- and record-key. Ideally, the store-key component of the proof could just be omitted, and updated to use a "no-op" spec, so only the record-key is used. However, because the IBC verification code hardcodes the `"ibc"` prefix and applies it to the SDK proof as a separate element of the proof path, this isn't possible without a breaking change. Breaking this behavior would severely impact the Cosmos ecosystem which already widely adopts the IBC module. Requesting an update of the IBC module across the chains is a time consuming effort and not easily feasible. + +As a workaround, the `RootStore` will have to use two separate SMTs (they could use the same underlying DB): one for IBC state and one for everything else. A simple Merkle map that reference these SMTs will act as a Merkle Tree to create a final App hash. The Merkle map is not stored in a DBs - it's constructed in the runtime. The IBC substore key must be `"ibc"`. + +The workaround can still guarantee atomic syncs: the [proposed DB backends](#evaluated-kv-databases) support atomic transactions and efficient rollbacks, which will be used in the commit phase. + +The presented workaround can be used until the IBC module is fully upgraded to supports single-element commitment proofs. + +### Optimization: compress module key prefixes + +We consider a compression of prefix keys by creating a mapping from module key to an integer, and serializing the integer using varint coding. Varint coding assures that different values don't have common byte prefix. For Merkle Proofs we can't use prefix compression - so it should only apply for the `SS` keys. Moreover, the prefix compression should be only applied for the module namespace. More precisely: + +* each module has it's own namespace; +* when accessing a module namespace we create a KVStore with embedded prefix; +* that prefix will be compressed only when accessing and managing `SS`. + +We need to assure that the codes won't change. We can fix the mapping in a static variable (provided by an app) or SS state under a special key. + +TODO: need to make decision about the key compression. + +## Optimization: SS key compression + +Some objects may be saved with key, which contains a Protobuf message type. Such keys are long. We could save a lot of space if we can map Protobuf message types in varints. + +TODO: finalize this or move to another ADR. + +## Migration + +Using the new store will require a migration. 2 Migrations are proposed: + +1. Genesis export -- it will reset the blockchain history. +2. In place migration: we can reuse `UpgradeKeeper.SetUpgradeHandler` to provide the migration logic: + +```go +app.UpgradeKeeper.SetUpgradeHandler("adr-40", func(ctx sdk.Context, plan upgradetypes.Plan, vm module.VersionMap) (module.VersionMap, error) { + + storev2.Migrate(iavlstore, v2.store) + + // RunMigrations returns the VersionMap + // with the updated module ConsensusVersions + return app.mm.RunMigrations(ctx, vm) +}) +``` + +The `Migrate` function will read all entries from a store/v1 DB and save them to the AD-40 combined KV store. +Cache layer should not be used and the operation must finish with a single Commit call. + +Inserting records to the `SC` (SMT) component is the bottleneck. Unfortunately SMT doesn't support batch transactions. +Adding batch transactions to `SC` layer is considered as a feature after the main release. + +## Consequences + +### Backwards Compatibility + +This ADR doesn't introduce any Cosmos SDK level API changes. + +We change the storage layout of the state machine, a storage hard fork and network upgrade is required to incorporate these changes. SMT provides a merkle proof functionality, however it is not compatible with ICS23. Updating the proofs for ICS23 compatibility is required. + +### Positive + +* Decoupling state from state commitment introduce better engineering opportunities for further optimizations and better storage patterns. +* Performance improvements. +* Joining SMT based camp which has wider and proven adoption than IAVL. Example projects which decided on SMT: Ethereum2, Diem (Libra), Trillan, Tezos, Celestia. +* Multistore removal fixes a longstanding issue with the current MultiStore design. +* Simplifies merkle proofs - all modules, except IBC, have only one pass for merkle proof. + +### Negative + +* Storage migration +* LL SMT doesn't support pruning - we will need to add and test that functionality. +* `SS` keys will have an overhead of a key prefix. This doesn't impact `SC` because all keys in `SC` have same size (they are hashed). + +### Neutral + +* Deprecating IAVL, which is one of the core proposals of Cosmos Whitepaper. + +## Alternative designs + +Most of the alternative designs were evaluated in [state commitments and storage report](https://paper.dropbox.com/published/State-commitments-and-storage-review--BDvA1MLwRtOx55KRihJ5xxLbBw-KeEB7eOd11pNrZvVtqUgL3h). + +Ethereum research published [Verkle Trie](https://dankradfeist.de/ethereum/2021/06/18/verkle-trie-for-eth1.html) - an idea of combining polynomial commitments with merkle tree in order to reduce the tree height. This concept has a very good potential, but we think it's too early to implement it. The current, SMT based design could be easily updated to the Verkle Trie once other research implement all necessary libraries. The main advantage of the design described in this ADR is the separation of state commitments from the data storage and designing a more powerful interface. + +## Further Discussions + +### Evaluated KV Databases + +We verified existing databases KV databases for evaluating snapshot support. The following databases provide efficient snapshot mechanism: Badger, RocksDB, [Pebble](https://github.com/cockroachdb/pebble). Databases which don't provide such support or are not production ready: boltdb, leveldb, goleveldb, membdb, lmdb. + +### RDBMS + +Use of RDBMS instead of simple KV store for state. Use of RDBMS will require a Cosmos SDK API breaking change (`KVStore` interface) and will allow better data extraction and indexing solutions. Instead of saving an object as a single blob of bytes, we could save it as record in a table in the state storage layer, and as a `hash(key, protobuf(object))` in the SMT as outlined above. To verify that an object registered in RDBMS is same as the one committed to SMT, one will need to load it from RDBMS, marshal using protobuf, hash and do SMT search. + +### Off Chain Store + +We were discussing use case where modules can use a support database, which is not automatically committed. Module will responsible for having a sound storage model and can optionally use the feature discussed in __Committing to an object without saving it_ section. + +## References + +* [IAVL What's Next?](https://github.com/cosmos/cosmos-sdk/issues/7100) +* [IAVL overview](https://docs.google.com/document/d/16Z_hW2rSAmoyMENO-RlAhQjAG3mSNKsQueMnKpmcBv0/edit#heading=h.yd2th7x3o1iv) of it's state v0.15 +* [State commitments and storage report](https://paper.dropbox.com/published/State-commitments-and-storage-review--BDvA1MLwRtOx55KRihJ5xxLbBw-KeEB7eOd11pNrZvVtqUgL3h) +* [Celestia (LazyLedger) SMT](https://github.com/lazyledger/smt) +* Facebook Diem (Libra) SMT [design](https://developers.diem.com/papers/jellyfish-merkle-tree/2021-01-14.pdf) +* [Trillian Revocation Transparency](https://github.com/google/trillian/blob/master/docs/papers/RevocationTransparency.pdf), [Trillian Verifiable Data Structures](https://github.com/google/trillian/blob/master/docs/papers/VerifiableDataStructures.pdf). +* Design and implementation [discussion](https://github.com/cosmos/cosmos-sdk/discussions/8297). +* [How to Upgrade IBC Chains and their Clients](https://github.com/cosmos/ibc-go/blob/main/docs/ibc/upgrades/quick-guide.md) +* [ADR-40 Effect on IBC](https://github.com/cosmos/ibc-go/discussions/256) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-041-in-place-store-migrations.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-041-in-place-store-migrations.md new file mode 100644 index 00000000..2237b610 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-041-in-place-store-migrations.md @@ -0,0 +1,167 @@ +# ADR 041: In-Place Store Migrations + +## Changelog + +* 17.02.2021: Initial Draft + +## Status + +Accepted + +## Abstract + +This ADR introduces a mechanism to perform in-place state store migrations during chain software upgrades. + +## Context + +When a chain upgrade introduces state-breaking changes inside modules, the current procedure consists of exporting the whole state into a JSON file (via the `simd export` command), running migration scripts on the JSON file (`simd genesis migrate` command), clearing the stores (`simd unsafe-reset-all` command), and starting a new chain with the migrated JSON file as new genesis (optionally with a custom initial block height). An example of such a procedure can be seen [in the Cosmos Hub 3->4 migration guide](https://github.com/cosmos/gaia/blob/v4.0.3/docs/migration/cosmoshub-3.md#upgrade-procedure). + +This procedure is cumbersome for multiple reasons: + +* The procedure takes time. It can take hours to run the `export` command, plus some additional hours to run `InitChain` on the fresh chain using the migrated JSON. +* The exported JSON file can be heavy (~100MB-1GB), making it difficult to view, edit and transfer, which in turn introduces additional work to solve these problems (such as [streaming genesis](https://github.com/cosmos/cosmos-sdk/issues/6936)). + +## Decision + +We propose a migration procedure based on modifying the KV store in-place without involving the JSON export-process-import flow described above. + +### Module `ConsensusVersion` + +We introduce a new method on the `AppModule` interface: + +```go +type AppModule interface { + // --snip-- + ConsensusVersion() uint64 +} +``` + +This methods returns an `uint64` which serves as state-breaking version of the module. It MUST be incremented on each consensus-breaking change introduced by the module. To avoid potential errors with default values, the initial version of a module MUST be set to 1. In the Cosmos SDK, version 1 corresponds to the modules in the v0.41 series. + +### Module-Specific Migration Functions + +For each consensus-breaking change introduced by the module, a migration script from ConsensusVersion `N` to version `N+1` MUST be registered in the `Configurator` using its newly-added `RegisterMigration` method. All modules receive a reference to the configurator in their `RegisterServices` method on `AppModule`, and this is where the migration functions should be registered. The migration functions should be registered in increasing order. + +```go +func (am AppModule) RegisterServices(cfg module.Configurator) { + // --snip-- + cfg.RegisterMigration(types.ModuleName, 1, func(ctx sdk.Context) error { + // Perform in-place store migrations from ConsensusVersion 1 to 2. + }) + cfg.RegisterMigration(types.ModuleName, 2, func(ctx sdk.Context) error { + // Perform in-place store migrations from ConsensusVersion 2 to 3. + }) + // etc. +} +``` + +For example, if the new ConsensusVersion of a module is `N` , then `N-1` migration functions MUST be registered in the configurator. + +In the Cosmos SDK, the migration functions are handled by each module's keeper, because the keeper holds the `sdk.StoreKey` used to perform in-place store migrations. To not overload the keeper, a `Migrator` wrapper is used by each module to handle the migration functions: + +```go +// Migrator is a struct for handling in-place store migrations. +type Migrator struct { + BaseKeeper +} +``` + +Migration functions should live inside the `migrations/` folder of each module, and be called by the Migrator's methods. We propose the format `Migrate{M}to{N}` for method names. + +```go +// Migrate1to2 migrates from version 1 to 2. +func (m Migrator) Migrate1to2(ctx sdk.Context) error { + return v2bank.MigrateStore(ctx, m.keeper.storeKey) // v043bank is package `x/bank/migrations/v2`. +} +``` + +Each module's migration functions are specific to the module's store evolutions, and are not described in this ADR. An example of x/bank store key migrations after the introduction of ADR-028 length-prefixed addresses can be seen in this [store.go code](https://github.com/cosmos/cosmos-sdk/blob/36f68eb9e041e20a5bb47e216ac5eb8b91f95471/x/bank/legacy/v043/store.go#L41-L62). + +### Tracking Module Versions in `x/upgrade` + +We introduce a new prefix store in `x/upgrade`'s store. This store will track each module's current version, it can be modelized as a `map[string]uint64` of module name to module ConsensusVersion, and will be used when running the migrations (see next section for details). The key prefix used is `0x1`, and the key/value format is: + +```text +0x2 | {bytes(module_name)} => BigEndian(module_consensus_version) +``` + +The initial state of the store is set from `app.go`'s `InitChainer` method. + +The UpgradeHandler signature needs to be updated to take a `VersionMap`, as well as return an upgraded `VersionMap` and an error: + +```diff +- type UpgradeHandler func(ctx sdk.Context, plan Plan) ++ type UpgradeHandler func(ctx sdk.Context, plan Plan, versionMap VersionMap) (VersionMap, error) +``` + +To apply an upgrade, we query the `VersionMap` from the `x/upgrade` store and pass it into the handler. The handler runs the actual migration functions (see next section), and if successful, returns an updated `VersionMap` to be stored in state. + +```diff +func (k UpgradeKeeper) ApplyUpgrade(ctx sdk.Context, plan types.Plan) { + // --snip-- +- handler(ctx, plan) ++ updatedVM, err := handler(ctx, plan, k.GetModuleVersionMap(ctx)) // k.GetModuleVersionMap() fetches the VersionMap stored in state. ++ if err != nil { ++ return err ++ } ++ ++ // Set the updated consensus versions to state ++ k.SetModuleVersionMap(ctx, updatedVM) +} +``` + +A gRPC query endpoint to query the `VersionMap` stored in `x/upgrade`'s state will also be added, so that app developers can double-check the `VersionMap` before the upgrade handler runs. + +### Running Migrations + +Once all the migration handlers are registered inside the configurator (which happens at startup), running migrations can happen by calling the `RunMigrations` method on `module.Manager`. This function will loop through all modules, and for each module: + +* Get the old ConsensusVersion of the module from its `VersionMap` argument (let's call it `M`). +* Fetch the new ConsensusVersion of the module from the `ConsensusVersion()` method on `AppModule` (call it `N`). +* If `N>M`, run all registered migrations for the module sequentially `M -> M+1 -> M+2...` until `N`. + * There is a special case where there is no ConsensusVersion for the module, as this means that the module has been newly added during the upgrade. In this case, no migration function is run, and the module's current ConsensusVersion is saved to `x/upgrade`'s store. + +If a required migration is missing (e.g. if it has not been registered in the `Configurator`), then the `RunMigrations` function will error. + +In practice, the `RunMigrations` method should be called from inside an `UpgradeHandler`. + +```go +app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, vm module.VersionMap) (module.VersionMap, error) { + return app.mm.RunMigrations(ctx, vm) +}) +``` + +Assuming a chain upgrades at block `n`, the procedure should run as follows: + +* the old binary will halt in `BeginBlock` when starting block `N`. In its store, the ConsensusVersions of the old binary's modules are stored. +* the new binary will start at block `N`. The UpgradeHandler is set in the new binary, so will run at `BeginBlock` of the new binary. Inside `x/upgrade`'s `ApplyUpgrade`, the `VersionMap` will be retrieved from the (old binary's) store, and passed into the `RunMigrations` functon, migrating all module stores in-place before the modules' own `BeginBlock`s. + +## Consequences + +### Backwards Compatibility + +This ADR introduces a new method `ConsensusVersion()` on `AppModule`, which all modules need to implement. It also alters the UpgradeHandler function signature. As such, it is not backwards-compatible. + +While modules MUST register their migration functions when bumping ConsensusVersions, running those scripts using an upgrade handler is optional. An application may perfectly well decide to not call the `RunMigrations` inside its upgrade handler, and continue using the legacy JSON migration path. + +### Positive + +* Perform chain upgrades without manipulating JSON files. +* While no benchmark has been made yet, it is probable that in-place store migrations will take less time than JSON migrations. The main reason supporting this claim is that both the `simd export` command on the old binary and the `InitChain` function on the new binary will be skipped. + +### Negative + +* Module developers MUST correctly track consensus-breaking changes in their modules. If a consensus-breaking change is introduced in a module without its corresponding `ConsensusVersion()` bump, then the `RunMigrations` function won't detect the migration, and the chain upgrade might be unsuccessful. Documentation should clearly reflect this. + +### Neutral + +* The Cosmos SDK will continue to support JSON migrations via the existing `simd export` and `simd genesis migrate` commands. +* The current ADR does not allow creating, renaming or deleting stores, only modifying existing store keys and values. The Cosmos SDK already has the `StoreLoader` for those operations. + +## Further Discussions + +## References + +* Initial discussion: https://github.com/cosmos/cosmos-sdk/discussions/8429 +* Implementation of `ConsensusVersion` and `RunMigrations`: https://github.com/cosmos/cosmos-sdk/pull/8485 +* Issue discussing `x/upgrade` design: https://github.com/cosmos/cosmos-sdk/issues/8514 diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-042-group-module.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-042-group-module.md new file mode 100644 index 00000000..834ec455 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-042-group-module.md @@ -0,0 +1,279 @@ +# ADR 042: Group Module + +## Changelog + +* 2020/04/09: Initial Draft + +## Status + +Draft + +## Abstract + +This ADR defines the `x/group` module which allows the creation and management of on-chain multi-signature accounts and enables voting for message execution based on configurable decision policies. + +## Context + +The legacy amino multi-signature mechanism of the Cosmos SDK has certain limitations: + +* Key rotation is not possible, although this can be solved with [account rekeying](adr-034-account-rekeying.md). +* Thresholds can't be changed. +* UX is cumbersome for non-technical users ([#5661](https://github.com/cosmos/cosmos-sdk/issues/5661)). +* It requires `legacy_amino` sign mode ([#8141](https://github.com/cosmos/cosmos-sdk/issues/8141)). + +While the group module is not meant to be a total replacement for the current multi-signature accounts, it provides a solution to the limitations described above, with a more flexible key management system where keys can be added, updated or removed, as well as configurable thresholds. +It's meant to be used with other access control modules such as [`x/feegrant`](adr-029-fee-grant-module.md) ans [`x/authz`](adr-030-authz-module.md) to simplify key management for individuals and organizations. + +The proof of concept of the group module can be found in https://github.com/regen-network/regen-ledger/tree/master/proto/regen/group/v1alpha1 and https://github.com/regen-network/regen-ledger/tree/master/x/group. + +## Decision + +We propose merging the `x/group` module with its supporting [ORM/Table Store package](https://github.com/regen-network/regen-ledger/tree/master/orm) ([#7098](https://github.com/cosmos/cosmos-sdk/issues/7098)) into the Cosmos SDK and continuing development here. There will be a dedicated ADR for the ORM package. + +### Group + +A group is a composition of accounts with associated weights. It is not +an account and doesn't have a balance. It doesn't in and of itself have any +sort of voting or decision weight. +Group members can create proposals and vote on them through group accounts using different decision policies. + +It has an `admin` account which can manage members in the group, update the group +metadata and set a new admin. + +```protobuf +message GroupInfo { + + // group_id is the unique ID of this group. + uint64 group_id = 1; + + // admin is the account address of the group's admin. + string admin = 2; + + // metadata is any arbitrary metadata to attached to the group. + bytes metadata = 3; + + // version is used to track changes to a group's membership structure that + // would break existing proposals. Whenever a member weight has changed, + // or any member is added or removed, the version is incremented and will + // invalidate all proposals from older versions. + uint64 version = 4; + + // total_weight is the sum of the group members' weights. + string total_weight = 5; +} +``` + +```protobuf +message GroupMember { + + // group_id is the unique ID of the group. + uint64 group_id = 1; + + // member is the member data. + Member member = 2; +} + +// Member represents a group member with an account address, +// non-zero weight and metadata. +message Member { + + // address is the member's account address. + string address = 1; + + // weight is the member's voting weight that should be greater than 0. + string weight = 2; + + // metadata is any arbitrary metadata to attached to the member. + bytes metadata = 3; +} +``` + +### Group Account + +A group account is an account associated with a group and a decision policy. +A group account does have a balance. + +Group accounts are abstracted from groups because a single group may have +multiple decision policies for different types of actions. Managing group +membership separately from decision policies results in the least overhead +and keeps membership consistent across different policies. The pattern that +is recommended is to have a single master group account for a given group, +and then to create separate group accounts with different decision policies +and delegate the desired permissions from the master account to +those "sub-accounts" using the [`x/authz` module](adr-030-authz-module.md). + +```protobuf +message GroupAccountInfo { + + // address is the group account address. + string address = 1; + + // group_id is the ID of the Group the GroupAccount belongs to. + uint64 group_id = 2; + + // admin is the account address of the group admin. + string admin = 3; + + // metadata is any arbitrary metadata of this group account. + bytes metadata = 4; + + // version is used to track changes to a group's GroupAccountInfo structure that + // invalidates active proposal from old versions. + uint64 version = 5; + + // decision_policy specifies the group account's decision policy. + google.protobuf.Any decision_policy = 6 [(cosmos_proto.accepts_interface) = "cosmos.group.v1.DecisionPolicy"]; +} +``` + +Similarly to a group admin, a group account admin can update its metadata, decision policy or set a new group account admin. + +A group account can also be an admin or a member of a group. +For instance, a group admin could be another group account which could "elects" the members or it could be the same group that elects itself. + +### Decision Policy + +A decision policy is the mechanism by which members of a group can vote on +proposals. + +All decision policies should have a minimum and maximum voting window. +The minimum voting window is the minimum duration that must pass in order +for a proposal to potentially pass, and it may be set to 0. The maximum voting +window is the maximum time that a proposal may be voted on and executed if +it reached enough support before it is closed. +Both of these values must be less than a chain-wide max voting window parameter. + +We define the `DecisionPolicy` interface that all decision policies must implement: + +```go +type DecisionPolicy interface { + codec.ProtoMarshaler + + ValidateBasic() error + GetTimeout() types.Duration + Allow(tally Tally, totalPower string, votingDuration time.Duration) (DecisionPolicyResult, error) + Validate(g GroupInfo) error +} + +type DecisionPolicyResult struct { + Allow bool + Final bool +} +``` + +#### Threshold decision policy + +A threshold decision policy defines a minimum support votes (_yes_), based on a tally +of voter weights, for a proposal to pass. For +this decision policy, abstain and veto are treated as no support (_no_). + +```protobuf +message ThresholdDecisionPolicy { + + // threshold is the minimum weighted sum of support votes for a proposal to succeed. + string threshold = 1; + + // voting_period is the duration from submission of a proposal to the end of voting period + // Within this period, votes and exec messages can be submitted. + google.protobuf.Duration voting_period = 2 [(gogoproto.nullable) = false]; +} +``` + +### Proposal + +Any member of a group can submit a proposal for a group account to decide upon. +A proposal consists of a set of `sdk.Msg`s that will be executed if the proposal +passes as well as any metadata associated with the proposal. These `sdk.Msg`s get validated as part of the `Msg/CreateProposal` request validation. They should also have their signer set as the group account. + +Internally, a proposal also tracks: + +* its current `Status`: submitted, closed or aborted +* its `Result`: unfinalized, accepted or rejected +* its `VoteState` in the form of a `Tally`, which is calculated on new votes and when executing the proposal. + +```protobuf +// Tally represents the sum of weighted votes. +message Tally { + option (gogoproto.goproto_getters) = false; + + // yes_count is the weighted sum of yes votes. + string yes_count = 1; + + // no_count is the weighted sum of no votes. + string no_count = 2; + + // abstain_count is the weighted sum of abstainers. + string abstain_count = 3; + + // veto_count is the weighted sum of vetoes. + string veto_count = 4; +} +``` + +### Voting + +Members of a group can vote on proposals. There are four choices to choose while voting - yes, no, abstain and veto. Not +all decision policies will support them. Votes can contain some optional metadata. +In the current implementation, the voting window begins as soon as a proposal +is submitted. + +Voting internally updates the proposal `VoteState` as well as `Status` and `Result` if needed. + +### Executing Proposals + +Proposals will not be automatically executed by the chain in this current design, +but rather a user must submit a `Msg/Exec` transaction to attempt to execute the +proposal based on the current votes and decision policy. A future upgrade could +automate this and have the group account (or a fee granter) pay. + +#### Changing Group Membership + +In the current implementation, updating a group or a group account after submitting a proposal will make it invalid. It will simply fail if someone calls `Msg/Exec` and will eventually be garbage collected. + +### Notes on current implementation + +This section outlines the current implementation used in the proof of concept of the group module but this could be subject to changes and iterated on. + +#### ORM + +The [ORM package](https://github.com/cosmos/cosmos-sdk/discussions/9156) defines tables, sequences and secondary indexes which are used in the group module. + +Groups are stored in state as part of a `groupTable`, the `group_id` being an auto-increment integer. Group members are stored in a `groupMemberTable`. + +Group accounts are stored in a `groupAccountTable`. The group account address is generated based on an auto-increment integer which is used to derive the group module `RootModuleKey` into a `DerivedModuleKey`, as stated in [ADR-033](adr-033-protobuf-inter-module-comm.md#modulekeys-and-moduleids). The group account is added as a new `ModuleAccount` through `x/auth`. + +Proposals are stored as part of the `proposalTable` using the `Proposal` type. The `proposal_id` is an auto-increment integer. + +Votes are stored in the `voteTable`. The primary key is based on the vote's `proposal_id` and `voter` account address. + +#### ADR-033 to route proposal messages + +Inter-module communication introduced by [ADR-033](adr-033-protobuf-inter-module-comm.md) can be used to route a proposal's messages using the `DerivedModuleKey` corresponding to the proposal's group account. + +## Consequences + +### Positive + +* Improved UX for multi-signature accounts allowing key rotation and custom decision policies. + +### Negative + +### Neutral + +* It uses ADR 033 so it will need to be implemented within the Cosmos SDK, but this doesn't imply necessarily any large refactoring of existing Cosmos SDK modules. +* The current implementation of the group module uses the ORM package. + +## Further Discussions + +* Convergence of `/group` and `x/gov` as both support proposals and voting: https://github.com/cosmos/cosmos-sdk/discussions/9066 +* `x/group` possible future improvements: + * Execute proposals on submission (https://github.com/regen-network/regen-ledger/issues/288) + * Withdraw a proposal (https://github.com/regen-network/cosmos-modules/issues/41) + * Make `Tally` more flexible and support non-binary choices + +## References + +* Initial specification: + * https://gist.github.com/aaronc/b60628017352df5983791cad30babe56#group-module + * [#5236](https://github.com/cosmos/cosmos-sdk/pull/5236) +* Proposal to add `x/group` into the Cosmos SDK: [#7633](https://github.com/cosmos/cosmos-sdk/issues/7633) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-043-nft-module.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-043-nft-module.md new file mode 100644 index 00000000..87b4dbb5 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-043-nft-module.md @@ -0,0 +1,349 @@ +# ADR 43: NFT Module + +## Changelog + +* 2021-05-01: Initial Draft +* 2021-07-02: Review updates +* 2022-06-15: Add batch operation +* 2022-11-11: Remove strict validation of classID and tokenID + +## Status + +PROPOSED + +## Abstract + +This ADR defines the `x/nft` module which is a generic implementation of NFTs, roughly "compatible" with ERC721. **Applications using the `x/nft` module must implement the following functions**: + +* `MsgNewClass` - Receive the user's request to create a class, and call the `NewClass` of the `x/nft` module. +* `MsgUpdateClass` - Receive the user's request to update a class, and call the `UpdateClass` of the `x/nft` module. +* `MsgMintNFT` - Receive the user's request to mint a nft, and call the `MintNFT` of the `x/nft` module. +* `BurnNFT` - Receive the user's request to burn a nft, and call the `BurnNFT` of the `x/nft` module. +* `UpdateNFT` - Receive the user's request to update a nft, and call the `UpdateNFT` of the `x/nft` module. + +## Context + +NFTs are more than just crypto art, which is very helpful for accruing value to the Cosmos ecosystem. As a result, Cosmos Hub should implement NFT functions and enable a unified mechanism for storing and sending the ownership representative of NFTs as discussed in https://github.com/cosmos/cosmos-sdk/discussions/9065. + +As discussed in [#9065](https://github.com/cosmos/cosmos-sdk/discussions/9065), several potential solutions can be considered: + +* irismod/nft and modules/incubator/nft +* CW721 +* DID NFTs +* interNFT + +Since functions/use cases of NFTs are tightly connected with their logic, it is almost impossible to support all the NFTs' use cases in one Cosmos SDK module by defining and implementing different transaction types. + +Considering generic usage and compatibility of interchain protocols including IBC and Gravity Bridge, it is preferred to have a generic NFT module design which handles the generic NFTs logic. +This design idea can enable composability that application-specific functions should be managed by other modules on Cosmos Hub or on other Zones by importing the NFT module. + +The current design is based on the work done by [IRISnet team](https://github.com/irisnet/irismod/tree/master/modules/nft) and an older implementation in the [Cosmos repository](https://github.com/cosmos/modules/tree/master/incubator/nft). + +## Decision + +We create a `x/nft` module, which contains the following functionality: + +* Store NFTs and track their ownership. +* Expose `Keeper` interface for composing modules to transfer, mint and burn NFTs. +* Expose external `Message` interface for users to transfer ownership of their NFTs. +* Query NFTs and their supply information. + +The proposed module is a base module for NFT app logic. It's goal it to provide a common layer for storage, basic transfer functionality and IBC. The module should not be used as a standalone. +Instead an app should create a specialized module to handle app specific logic (eg: NFT ID construction, royalty), user level minting and burning. Moreover an app specialized module should handle auxiliary data to support the app logic (eg indexes, ORM, business data). + +All data carried over IBC must be part of the `NFT` or `Class` type described below. The app specific NFT data should be encoded in `NFT.data` for cross-chain integrity. Other objects related to NFT, which are not important for integrity can be part of the app specific module. + +### Types + +We propose two main types: + +* `Class` -- describes NFT class. We can think about it as a smart contract address. +* `NFT` -- object representing unique, non fungible asset. Each NFT is associated with a Class. + +#### Class + +NFT **Class** is comparable to an ERC-721 smart contract (provides description of a smart contract), under which a collection of NFTs can be created and managed. + +```protobuf +message Class { + string id = 1; + string name = 2; + string symbol = 3; + string description = 4; + string uri = 5; + string uri_hash = 6; + google.protobuf.Any data = 7; +} +``` + +* `id` is used as the primary index for storing the class; _required_ +* `name` is a descriptive name of the NFT class; _optional_ +* `symbol` is the symbol usually shown on exchanges for the NFT class; _optional_ +* `description` is a detailed description of the NFT class; _optional_ +* `uri` is a URI for the class metadata stored off chain. It should be a JSON file that contains metadata about the NFT class and NFT data schema ([OpenSea example](https://docs.opensea.io/docs/contract-level-metadata)); _optional_ +* `uri_hash` is a hash of the document pointed by uri; _optional_ +* `data` is app specific metadata of the class; _optional_ + +#### NFT + +We define a general model for `NFT` as follows. + +```protobuf +message NFT { + string class_id = 1; + string id = 2; + string uri = 3; + string uri_hash = 4; + google.protobuf.Any data = 10; +} +``` + +* `class_id` is the identifier of the NFT class where the NFT belongs; _required_ +* `id` is an identifier of the NFT, unique within the scope of its class. It is specified by the creator of the NFT and may be expanded to use DID in the future. `class_id` combined with `id` uniquely identifies an NFT and is used as the primary index for storing the NFT; _required_ + + ```text + {class_id}/{id} --> NFT (bytes) + ``` + +* `uri` is a URI for the NFT metadata stored off chain. Should point to a JSON file that contains metadata about this NFT (Ref: [ERC721 standard and OpenSea extension](https://docs.opensea.io/docs/metadata-standards)); _required_ +* `uri_hash` is a hash of the document pointed by uri; _optional_ +* `data` is an app specific data of the NFT. CAN be used by composing modules to specify additional properties of the NFT; _optional_ + +This ADR doesn't specify values that `data` can take; however, best practices recommend upper-level NFT modules clearly specify their contents. Although the value of this field doesn't provide the additional context required to manage NFT records, which means that the field can technically be removed from the specification, the field's existence allows basic informational/UI functionality. + +### `Keeper` Interface + +```go +type Keeper interface { + NewClass(ctx sdk.Context,class Class) + UpdateClass(ctx sdk.Context,class Class) + + Mint(ctx sdk.Context,nft NFT,receiver sdk.AccAddress) // updates totalSupply + BatchMint(ctx sdk.Context, tokens []NFT,receiver sdk.AccAddress) error + + Burn(ctx sdk.Context, classId string, nftId string) // updates totalSupply + BatchBurn(ctx sdk.Context, classID string, nftIDs []string) error + + Update(ctx sdk.Context, nft NFT) + BatchUpdate(ctx sdk.Context, tokens []NFT) error + + Transfer(ctx sdk.Context, classId string, nftId string, receiver sdk.AccAddress) + BatchTransfer(ctx sdk.Context, classID string, nftIDs []string, receiver sdk.AccAddress) error + + GetClass(ctx sdk.Context, classId string) Class + GetClasses(ctx sdk.Context) []Class + + GetNFT(ctx sdk.Context, classId string, nftId string) NFT + GetNFTsOfClassByOwner(ctx sdk.Context, classId string, owner sdk.AccAddress) []NFT + GetNFTsOfClass(ctx sdk.Context, classId string) []NFT + + GetOwner(ctx sdk.Context, classId string, nftId string) sdk.AccAddress + GetBalance(ctx sdk.Context, classId string, owner sdk.AccAddress) uint64 + GetTotalSupply(ctx sdk.Context, classId string) uint64 +} +``` + +Other business logic implementations should be defined in composing modules that import `x/nft` and use its `Keeper`. + +### `Msg` Service + +```protobuf +service Msg { + rpc Send(MsgSend) returns (MsgSendResponse); +} + +message MsgSend { + string class_id = 1; + string id = 2; + string sender = 3; + string reveiver = 4; +} +message MsgSendResponse {} +``` + +`MsgSend` can be used to transfer the ownership of an NFT to another address. + +The implementation outline of the server is as follows: + +```go +type msgServer struct{ + k Keeper +} + +func (m msgServer) Send(ctx context.Context, msg *types.MsgSend) (*types.MsgSendResponse, error) { + // check current ownership + assertEqual(msg.Sender, m.k.GetOwner(msg.ClassId, msg.Id)) + + // transfer ownership + m.k.Transfer(msg.ClassId, msg.Id, msg.Receiver) + + return &types.MsgSendResponse{}, nil +} +``` + +The query service methods for the `x/nft` module are: + +```protobuf +service Query { + // Balance queries the number of NFTs of a given class owned by the owner, same as balanceOf in ERC721 + rpc Balance(QueryBalanceRequest) returns (QueryBalanceResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/balance/{owner}/{class_id}"; + } + + // Owner queries the owner of the NFT based on its class and id, same as ownerOf in ERC721 + rpc Owner(QueryOwnerRequest) returns (QueryOwnerResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/owner/{class_id}/{id}"; + } + + // Supply queries the number of NFTs from the given class, same as totalSupply of ERC721. + rpc Supply(QuerySupplyRequest) returns (QuerySupplyResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/supply/{class_id}"; + } + + // NFTs queries all NFTs of a given class or owner,choose at least one of the two, similar to tokenByIndex in ERC721Enumerable + rpc NFTs(QueryNFTsRequest) returns (QueryNFTsResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/nfts"; + } + + // NFT queries an NFT based on its class and id. + rpc NFT(QueryNFTRequest) returns (QueryNFTResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/nfts/{class_id}/{id}"; + } + + // Class queries an NFT class based on its id + rpc Class(QueryClassRequest) returns (QueryClassResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/classes/{class_id}"; + } + + // Classes queries all NFT classes + rpc Classes(QueryClassesRequest) returns (QueryClassesResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/classes"; + } +} + +// QueryBalanceRequest is the request type for the Query/Balance RPC method +message QueryBalanceRequest { + string class_id = 1; + string owner = 2; +} + +// QueryBalanceResponse is the response type for the Query/Balance RPC method +message QueryBalanceResponse { + uint64 amount = 1; +} + +// QueryOwnerRequest is the request type for the Query/Owner RPC method +message QueryOwnerRequest { + string class_id = 1; + string id = 2; +} + +// QueryOwnerResponse is the response type for the Query/Owner RPC method +message QueryOwnerResponse { + string owner = 1; +} + +// QuerySupplyRequest is the request type for the Query/Supply RPC method +message QuerySupplyRequest { + string class_id = 1; +} + +// QuerySupplyResponse is the response type for the Query/Supply RPC method +message QuerySupplyResponse { + uint64 amount = 1; +} + +// QueryNFTstRequest is the request type for the Query/NFTs RPC method +message QueryNFTsRequest { + string class_id = 1; + string owner = 2; + cosmos.base.query.v1beta1.PageRequest pagination = 3; +} + +// QueryNFTsResponse is the response type for the Query/NFTs RPC methods +message QueryNFTsResponse { + repeated cosmos.nft.v1beta1.NFT nfts = 1; + cosmos.base.query.v1beta1.PageResponse pagination = 2; +} + +// QueryNFTRequest is the request type for the Query/NFT RPC method +message QueryNFTRequest { + string class_id = 1; + string id = 2; +} + +// QueryNFTResponse is the response type for the Query/NFT RPC method +message QueryNFTResponse { + cosmos.nft.v1beta1.NFT nft = 1; +} + +// QueryClassRequest is the request type for the Query/Class RPC method +message QueryClassRequest { + string class_id = 1; +} + +// QueryClassResponse is the response type for the Query/Class RPC method +message QueryClassResponse { + cosmos.nft.v1beta1.Class class = 1; +} + +// QueryClassesRequest is the request type for the Query/Classes RPC method +message QueryClassesRequest { + // pagination defines an optional pagination for the request. + cosmos.base.query.v1beta1.PageRequest pagination = 1; +} + +// QueryClassesResponse is the response type for the Query/Classes RPC method +message QueryClassesResponse { + repeated cosmos.nft.v1beta1.Class classes = 1; + cosmos.base.query.v1beta1.PageResponse pagination = 2; +} +``` + +### Interoperability + +Interoperability is all about reusing assets between modules and chains. The former one is achieved by ADR-33: Protobuf client - server communication. At the time of writing ADR-33 is not finalized. The latter is achieved by IBC. Here we will focus on the IBC side. +IBC is implemented per module. Here, we aligned that NFTs will be recorded and managed in the x/nft. This requires creation of a new IBC standard and implementation of it. + +For IBC interoperability, NFT custom modules MUST use the NFT object type understood by the IBC client. So, for x/nft interoperability, custom NFT implementations (example: x/cryptokitty) should use the canonical x/nft module and proxy all NFT balance keeping functionality to x/nft or else re-implement all functionality using the NFT object type understood by the IBC client. In other words: x/nft becomes the standard NFT registry for all Cosmos NFTs (example: x/cryptokitty will register a kitty NFT in x/nft and use x/nft for book keeping). This was [discussed](https://github.com/cosmos/cosmos-sdk/discussions/9065#discussioncomment-873206) in the context of using x/bank as a general asset balance book. Not using x/nft will require implementing another module for IBC. + +## Consequences + +### Backward Compatibility + +No backward incompatibilities. + +### Forward Compatibility + +This specification conforms to the ERC-721 smart contract specification for NFT identifiers. Note that ERC-721 defines uniqueness based on (contract address, uint256 tokenId), and we conform to this implicitly because a single module is currently aimed to track NFT identifiers. Note: use of the (mutable) data field to determine uniqueness is not safe.s + +### Positive + +* NFT identifiers available on Cosmos Hub. +* Ability to build different NFT modules for the Cosmos Hub, e.g., ERC-721. +* NFT module which supports interoperability with IBC and other cross-chain infrastructures like Gravity Bridge + +### Negative + +* New IBC app is required for x/nft +* CW721 adapter is required + +### Neutral + +* Other functions need more modules. For example, a custody module is needed for NFT trading function, a collectible module is needed for defining NFT properties. + +## Further Discussions + +For other kinds of applications on the Hub, more app-specific modules can be developed in the future: + +* `x/nft/custody`: custody of NFTs to support trading functionality. +* `x/nft/marketplace`: selling and buying NFTs using sdk.Coins. +* `x/fractional`: a module to split an ownership of an asset (NFT or other assets) for multiple stakeholder. `x/group` should work for most of the cases. + +Other networks in the Cosmos ecosystem could design and implement their own NFT modules for specific NFT applications and use cases. + +## References + +* Initial discussion: https://github.com/cosmos/cosmos-sdk/discussions/9065 +* x/nft: initialize module: https://github.com/cosmos/cosmos-sdk/pull/9174 +* [ADR 033](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-033-protobuf-inter-module-comm.md) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-044-protobuf-updates-guidelines.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-044-protobuf-updates-guidelines.md new file mode 100644 index 00000000..245adcff --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-044-protobuf-updates-guidelines.md @@ -0,0 +1,129 @@ +# ADR 044: Guidelines for Updating Protobuf Definitions + +## Changelog + +* 28.06.2021: Initial Draft +* 02.12.2021: Add `Since:` comment for new fields +* 21.07.2022: Remove the rule of no new `Msg` in the same proto version. + +## Status + +Draft + +## Abstract + +This ADR provides guidelines and recommended practices when updating Protobuf definitions. These guidelines are targeting module developers. + +## Context + +The Cosmos SDK maintains a set of [Protobuf definitions](https://github.com/cosmos/cosmos-sdk/tree/main/proto/cosmos). It is important to correctly design Protobuf definitions to avoid any breaking changes within the same version. The reasons are to not break tooling (including indexers and explorers), wallets and other third-party integrations. + +When making changes to these Protobuf definitions, the Cosmos SDK currently only follows [Buf's](https://docs.buf.build/) recommendations. We noticed however that Buf's recommendations might still result in breaking changes in the SDK in some cases. For example: + +* Adding fields to `Msg`s. Adding fields is a not a Protobuf spec-breaking operation. However, when adding new fields to `Msg`s, the unknown field rejection will throw an error when sending the new `Msg` to an older node. +* Marking fields as `reserved`. Protobuf proposes the `reserved` keyword for removing fields without the need to bump the package version. However, by doing so, client backwards compatibility is broken as Protobuf doesn't generate anything for `reserved` fields. See [#9446](https://github.com/cosmos/cosmos-sdk/issues/9446) for more details on this issue. + +Moreover, module developers often face other questions around Protobuf definitions such as "Can I rename a field?" or "Can I deprecate a field?" This ADR aims to answer all these questions by providing clear guidelines about allowed updates for Protobuf definitions. + +## Decision + +We decide to keep [Buf's](https://docs.buf.build/) recommendations with the following exceptions: + +* `UNARY_RPC`: the Cosmos SDK currently does not support streaming RPCs. +* `COMMENT_FIELD`: the Cosmos SDK allows fields with no comments. +* `SERVICE_SUFFIX`: we use the `Query` and `Msg` service naming convention, which doesn't use the `-Service` suffix. +* `PACKAGE_VERSION_SUFFIX`: some packages, such as `cosmos.crypto.ed25519`, don't use a version suffix. +* `RPC_REQUEST_STANDARD_NAME`: Requests for the `Msg` service don't have the `-Request` suffix to keep backwards compatibility. + +On top of Buf's recommendations we add the following guidelines that are specific to the Cosmos SDK. + +### Updating Protobuf Definition Without Bumping Version + +#### 1. Module developers MAY add new Protobuf definitions + +Module developers MAY add new `message`s, new `Service`s, new `rpc` endpoints, and new fields to existing messages. This recommendation follows the Protobuf specification, but is added in this document for clarity, as the SDK requires one additional change. + +The SDK requires the Protobuf comment of the new addition to contain one line with the following format: + +```protobuf +// Since: cosmos-sdk {, ...} +``` + +Where each `version` denotes a minor ("0.45") or patch ("0.44.5") version from which the field is available. This will greatly help client libraries, who can optionally use reflection or custom code generation to show/hide these fields depending on the targetted node version. + +As examples, the following comments are valid: + +```protobuf +// Since: cosmos-sdk 0.44 + +// Since: cosmos-sdk 0.42.11, 0.44.5 +``` + +and the following ones are NOT valid: + +```protobuf +// Since cosmos-sdk v0.44 + +// since: cosmos-sdk 0.44 + +// Since: cosmos-sdk 0.42.11 0.44.5 + +// Since: Cosmos SDK 0.42.11, 0.44.5 +``` + +#### 2. Fields MAY be marked as `deprecated`, and nodes MAY implement a protocol-breaking change for handling these fields + +Protobuf supports the [`deprecated` field option](https://developers.google.com/protocol-buffers/docs/proto#options), and this option MAY be used on any field, including `Msg` fields. If a node handles a Protobuf message with a non-empty deprecated field, the node MAY change its behavior upon processing it, even in a protocol-breaking way. When possible, the node MUST handle backwards compatibility without breaking the consensus (unless we increment the proto version). + +As an example, the Cosmos SDK v0.42 to v0.43 update contained two Protobuf-breaking changes, listed below. Instead of bumping the package versions from `v1beta1` to `v1`, the SDK team decided to follow this guideline, by reverting the breaking changes, marking those changes as deprecated, and modifying the node implementation when processing messages with deprecated fields. More specifically: + +* The Cosmos SDK recently removed support for [time-based software upgrades](https://github.com/cosmos/cosmos-sdk/pull/8849). As such, the `time` field has been marked as deprecated in `cosmos.upgrade.v1beta1.Plan`. Moreover, the node will reject any proposal containing an upgrade Plan whose `time` field is non-empty. +* The Cosmos SDK now supports [governance split votes](adr-037-gov-split-vote.md). When querying for votes, the returned `cosmos.gov.v1beta1.Vote` message has its `option` field (used for 1 vote option) deprecated in favor of its `options` field (allowing multiple vote options). Whenever possible, the SDK still populates the deprecated `option` field, that is, if and only if the `len(options) == 1` and `options[0].Weight == 1.0`. + +#### 3. Fields MUST NOT be renamed + +Whereas the official Protobuf recommendations do not prohibit renaming fields, as it does not break the Protobuf binary representation, the SDK explicitly forbids renaming fields in Protobuf structs. The main reason for this choice is to avoid introducing breaking changes for clients, which often rely on hard-coded fields from generated types. Moreover, renaming fields will lead to client-breaking JSON representations of Protobuf definitions, used in REST endpoints and in the CLI. + +### Incrementing Protobuf Package Version + +TODO, needs architecture review. Some topics: + +* Bumping versions frequency +* When bumping versions, should the Cosmos SDK support both versions? + * i.e. v1beta1 -> v1, should we have two folders in the Cosmos SDK, and handlers for both versions? +* mention ADR-023 Protobuf naming + +## Consequences + +> This section describes the resulting context, after applying the decision. All consequences should be listed here, not just the "positive" ones. A particular decision may have positive, negative, and neutral consequences, but all of them affect the team and project in the future. + +### Backwards Compatibility + +> All ADRs that introduce backwards incompatibilities must include a section describing these incompatibilities and their severity. The ADR must explain how the author proposes to deal with these incompatibilities. ADR submissions without a sufficient backwards compatibility treatise may be rejected outright. + +### Positive + +* less pain to tool developers +* more compatibility in the ecosystem +* ... + +### Negative + +{negative consequences} + +### Neutral + +* more rigor in Protobuf review + +## Further Discussions + +This ADR is still in the DRAFT stage, and the "Incrementing Protobuf Package Version" will be filled in once we make a decision on how to correctly do it. + +## Test Cases [optional] + +Test cases for an implementation are mandatory for ADRs that are affecting consensus changes. Other ADRs can choose to include links to test cases if applicable. + +## References + +* [#9445](https://github.com/cosmos/cosmos-sdk/issues/9445) Release proto definitions v1 +* [#9446](https://github.com/cosmos/cosmos-sdk/issues/9446) Address v1beta1 proto breaking changes diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-045-check-delivertx-middlewares.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-045-check-delivertx-middlewares.md new file mode 100644 index 00000000..756fa5a2 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-045-check-delivertx-middlewares.md @@ -0,0 +1,312 @@ +# ADR 045: BaseApp `{Check,Deliver}Tx` as Middlewares + +## Changelog + +* 20.08.2021: Initial draft. +* 07.12.2021: Update `tx.Handler` interface ([\#10693](https://github.com/cosmos/cosmos-sdk/pull/10693)). +* 17.05.2022: ADR is abandoned, as middlewares are deemed too hard to reason about. + +## Status + +ABANDONED. Replacement is being discussed in [#11955](https://github.com/cosmos/cosmos-sdk/issues/11955). + +## Abstract + +This ADR replaces the current BaseApp `runTx` and antehandlers design with a middleware-based design. + +## Context + +BaseApp's implementation of ABCI `{Check,Deliver}Tx()` and its own `Simulate()` method call the `runTx` method under the hood, which first runs antehandlers, then executes `Msg`s. However, the [transaction Tips](https://github.com/cosmos/cosmos-sdk/issues/9406) and [refunding unused gas](https://github.com/cosmos/cosmos-sdk/issues/2150) use cases require custom logic to be run after the `Msg`s execution. There is currently no way to achieve this. + +An naive solution would be to add post-`Msg` hooks to BaseApp. However, the Cosmos SDK team thinks in parallel about the bigger picture of making app wiring simpler ([#9181](https://github.com/cosmos/cosmos-sdk/discussions/9182)), which includes making BaseApp more lightweight and modular. + +## Decision + +We decide to transform Baseapp's implementation of ABCI `{Check,Deliver}Tx` and its own `Simulate` methods to use a middleware-based design. + +The two following interfaces are the base of the middleware design, and are defined in `types/tx`: + +```go +type Handler interface { + CheckTx(ctx context.Context, req Request, checkReq RequestCheckTx) (Response, ResponseCheckTx, error) + DeliverTx(ctx context.Context, req Request) (Response, error) + SimulateTx(ctx context.Context, req Request (Response, error) +} + +type Middleware func(Handler) Handler +``` + +where we define the following arguments and return types: + +```go +type Request struct { + Tx sdk.Tx + TxBytes []byte +} + +type Response struct { + GasWanted uint64 + GasUsed uint64 + // MsgResponses is an array containing each Msg service handler's response + // type, packed in an Any. This will get proto-serialized into the `Data` field + // in the ABCI Check/DeliverTx responses. + MsgResponses []*codectypes.Any + Log string + Events []abci.Event +} + +type RequestCheckTx struct { + Type abci.CheckTxType +} + +type ResponseCheckTx struct { + Priority int64 +} +``` + +Please note that because CheckTx handles separate logic related to mempool priotization, its signature is different than DeliverTx and SimulateTx. + +BaseApp holds a reference to a `tx.Handler`: + +```go +type BaseApp struct { + // other fields + txHandler tx.Handler +} +``` + +Baseapp's ABCI `{Check,Deliver}Tx()` and `Simulate()` methods simply call `app.txHandler.{Check,Deliver,Simulate}Tx()` with the relevant arguments. For example, for `DeliverTx`: + +```go +func (app *BaseApp) DeliverTx(req abci.RequestDeliverTx) abci.ResponseDeliverTx { + var abciRes abci.ResponseDeliverTx + ctx := app.getContextForTx(runTxModeDeliver, req.Tx) + res, err := app.txHandler.DeliverTx(ctx, tx.Request{TxBytes: req.Tx}) + if err != nil { + abciRes = sdkerrors.ResponseDeliverTx(err, uint64(res.GasUsed), uint64(res.GasWanted), app.trace) + return abciRes + } + + abciRes, err = convertTxResponseToDeliverTx(res) + if err != nil { + return sdkerrors.ResponseDeliverTx(err, uint64(res.GasUsed), uint64(res.GasWanted), app.trace) + } + + return abciRes +} + +// convertTxResponseToDeliverTx converts a tx.Response into a abci.ResponseDeliverTx. +func convertTxResponseToDeliverTx(txRes tx.Response) (abci.ResponseDeliverTx, error) { + data, err := makeABCIData(txRes) + if err != nil { + return abci.ResponseDeliverTx{}, nil + } + + return abci.ResponseDeliverTx{ + Data: data, + Log: txRes.Log, + Events: txRes.Events, + }, nil +} + +// makeABCIData generates the Data field to be sent to ABCI Check/DeliverTx. +func makeABCIData(txRes tx.Response) ([]byte, error) { + return proto.Marshal(&sdk.TxMsgData{MsgResponses: txRes.MsgResponses}) +} +``` + +The implementations are similar for `BaseApp.CheckTx` and `BaseApp.Simulate`. + +`baseapp.txHandler`'s three methods' implementations can obviously be monolithic functions, but for modularity we propose a middleware composition design, where a middleware is simply a function that takes a `tx.Handler`, and returns another `tx.Handler` wrapped around the previous one. + +### Implementing a Middleware + +In practice, middlewares are created by Go function that takes as arguments some parameters needed for the middleware, and returns a `tx.Middleware`. + +For example, for creating an arbitrary `MyMiddleware`, we can implement: + +```go +// myTxHandler is the tx.Handler of this middleware. Note that it holds a +// reference to the next tx.Handler in the stack. +type myTxHandler struct { + // next is the next tx.Handler in the middleware stack. + next tx.Handler + // some other fields that are relevant to the middleware can be added here +} + +// NewMyMiddleware returns a middleware that does this and that. +func NewMyMiddleware(arg1, arg2) tx.Middleware { + return func (txh tx.Handler) tx.Handler { + return myTxHandler{ + next: txh, + // optionally, set arg1, arg2... if they are needed in the middleware + } + } +} + +// Assert myTxHandler is a tx.Handler. +var _ tx.Handler = myTxHandler{} + +func (h myTxHandler) CheckTx(ctx context.Context, req Request, checkReq RequestcheckTx) (Response, ResponseCheckTx, error) { + // CheckTx specific pre-processing logic + + // run the next middleware + res, checkRes, err := txh.next.CheckTx(ctx, req, checkReq) + + // CheckTx specific post-processing logic + + return res, checkRes, err +} + +func (h myTxHandler) DeliverTx(ctx context.Context, req Request) (Response, error) { + // DeliverTx specific pre-processing logic + + // run the next middleware + res, err := txh.next.DeliverTx(ctx, tx, req) + + // DeliverTx specific post-processing logic + + return res, err +} + +func (h myTxHandler) SimulateTx(ctx context.Context, req Request) (Response, error) { + // SimulateTx specific pre-processing logic + + // run the next middleware + res, err := txh.next.SimulateTx(ctx, tx, req) + + // SimulateTx specific post-processing logic + + return res, err +} +``` + +### Composing Middlewares + +While BaseApp simply holds a reference to a `tx.Handler`, this `tx.Handler` itself is defined using a middleware stack. The Cosmos SDK exposes a base (i.e. innermost) `tx.Handler` called `RunMsgsTxHandler`, which executes messages. + +Then, the app developer can compose multiple middlewares on top on the base `tx.Handler`. Each middleware can run pre-and-post-processing logic around its next middleware, as described in the section above. Conceptually, as an example, given the middlewares `A`, `B`, and `C` and the base `tx.Handler` `H` the stack looks like: + +```text +A.pre + B.pre + C.pre + H # The base tx.handler, for example `RunMsgsTxHandler` + C.post + B.post +A.post +``` + +We define a `ComposeMiddlewares` function for composing middlewares. It takes the base handler as first argument, and middlewares in the "outer to inner" order. For the above stack, the final `tx.Handler` is: + +```go +txHandler := middleware.ComposeMiddlewares(H, A, B, C) +``` + +The middleware is set in BaseApp via its `SetTxHandler` setter: + +```go +// simapp/app.go + +txHandler := middleware.ComposeMiddlewares(...) +app.SetTxHandler(txHandler) +``` + +The app developer can define their own middlewares, or use the Cosmos SDK's pre-defined middlewares from `middleware.NewDefaultTxHandler()`. + +### Middlewares Maintained by the Cosmos SDK + +While the app developer can define and compose the middlewares of their choice, the Cosmos SDK provides a set of middlewares that caters for the ecosystem's most common use cases. These middlewares are: + +| Middleware | Description | +| ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| RunMsgsTxHandler | This is the base `tx.Handler`. It replaces the old baseapp's `runMsgs`, and executes a transaction's `Msg`s. | +| TxDecoderMiddleware | This middleware takes in transaction raw bytes, and decodes them into a `sdk.Tx`. It replaces the `baseapp.txDecoder` field, so that BaseApp stays as thin as possible. Since most middlewares read the contents of the `sdk.Tx`, the TxDecoderMiddleware should be run first in the middleware stack. | +| {Antehandlers} | Each antehandler is converted to its own middleware. These middlewares perform signature verification, fee deductions and other validations on the incoming transaction. | +| IndexEventsTxMiddleware | This is a simple middleware that chooses which events to index in Tendermint. Replaces `baseapp.indexEvents` (which unfortunately still exists in baseapp too, because it's used to index Begin/EndBlock events) | +| RecoveryTxMiddleware | This index recovers from panics. It replaces baseapp.runTx's panic recovery described in [ADR-022](adr-022-custom-panic-handling.md). | +| GasTxMiddleware | This replaces the [`Setup`](https://github.com/cosmos/cosmos-sdk/blob/v0.43.0/x/auth/ante/setup.go) Antehandler. It sets a GasMeter on sdk.Context. Note that before, GasMeter was set on sdk.Context inside the antehandlers, and there was some mess around the fact that antehandlers had their own panic recovery system so that the GasMeter could be read by baseapp's recovery system. Now, this mess is all removed: one middleware sets GasMeter, another one handles recovery. | + +### Similarities and Differences between Antehandlers and Middlewares + +The middleware-based design builds upon the existing antehandlers design described in [ADR-010](adr-010-modular-antehandler.md). Even though the final decision of ADR-010 was to go with the "Simple Decorators" approach, the middleware design is actually very similar to the other [Decorator Pattern](adr-010-modular-antehandler.md#decorator-pattern) proposal, also used in [weave](https://github.com/iov-one/weave). + +#### Similarities with Antehandlers + +* Designed as chaining/composing small modular pieces. +* Allow code reuse for `{Check,Deliver}Tx` and for `Simulate`. +* Set up in `app.go`, and easily customizable by app developers. +* Order is important. + +#### Differences with Antehandlers + +* The Antehandlers are run before `Msg` execution, whereas middlewares can run before and after. +* The middleware approach uses separate methods for `{Check,Deliver,Simulate}Tx`, whereas the antehandlers pass a `simulate bool` flag and uses the `sdkCtx.Is{Check,Recheck}Tx()` flags to determine in which transaction mode we are. +* The middleware design lets each middleware hold a reference to the next middleware, whereas the antehandlers pass a `next` argument in the `AnteHandle` method. +* The middleware design use Go's standard `context.Context`, whereas the antehandlers use `sdk.Context`. + +## Consequences + +### Backwards Compatibility + +Since this refactor removes some logic away from BaseApp and into middlewares, it introduces API-breaking changes for app developers. Most notably, instead of creating an antehandler chain in `app.go`, app developers need to create a middleware stack: + +```diff +- anteHandler, err := ante.NewAnteHandler( +- ante.HandlerOptions{ +- AccountKeeper: app.AccountKeeper, +- BankKeeper: app.BankKeeper, +- SignModeHandler: encodingConfig.TxConfig.SignModeHandler(), +- FeegrantKeeper: app.FeeGrantKeeper, +- SigGasConsumer: ante.DefaultSigVerificationGasConsumer, +- }, +-) ++txHandler, err := authmiddleware.NewDefaultTxHandler(authmiddleware.TxHandlerOptions{ ++ Debug: app.Trace(), ++ IndexEvents: indexEvents, ++ LegacyRouter: app.legacyRouter, ++ MsgServiceRouter: app.msgSvcRouter, ++ LegacyAnteHandler: anteHandler, ++ TxDecoder: encodingConfig.TxConfig.TxDecoder, ++}) +if err != nil { + panic(err) +} +- app.SetAnteHandler(anteHandler) ++ app.SetTxHandler(txHandler) +``` + +Other more minor API breaking changes will also be provided in the CHANGELOG. As usual, the Cosmos SDK will provide a release migration document for app developers. + +This ADR does not introduce any state-machine-, client- or CLI-breaking changes. + +### Positive + +* Allow custom logic to be run before an after `Msg` execution. This enables the [tips](https://github.com/cosmos/cosmos-sdk/issues/9406) and [gas refund](https://github.com/cosmos/cosmos-sdk/issues/2150) uses cases, and possibly other ones. +* Make BaseApp more lightweight, and defer complex logic to small modular components. +* Separate paths for `{Check,Deliver,Simulate}Tx` with different returns types. This allows for improved readability (replace `if sdkCtx.IsRecheckTx() && !simulate {...}` with separate methods) and more flexibility (e.g. returning a `priority` in `ResponseCheckTx`). + +### Negative + +* It is hard to understand at first glance the state updates that would occur after a middleware runs given the `sdk.Context` and `tx`. A middleware can have an arbitrary number of nested middleware being called within its function body, each possibly doing some pre- and post-processing before calling the next middleware on the chain. Thus to understand what a middleware is doing, one must also understand what every other middleware further along the chain is also doing, and the order of middlewares matters. This can get quite complicated to understand. +* API-breaking changes for app developers. + +### Neutral + +No neutral consequences. + +## Further Discussions + +* [#9934](https://github.com/cosmos/cosmos-sdk/discussions/9934) Decomposing BaseApp's other ABCI methods into middlewares. +* Replace `sdk.Tx` interface with the concrete protobuf Tx type in the `tx.Handler` methods signature. + +## Test Cases + +We update the existing baseapp and antehandlers tests to use the new middleware API, but keep the same test cases and logic, to avoid introducing regressions. Existing CLI tests will also be left untouched. + +For new middlewares, we introduce unit tests. Since middlewares are purposefully small, unit tests suit well. + +## References + +* Initial discussion: https://github.com/cosmos/cosmos-sdk/issues/9585 +* Implementation: [#9920 BaseApp refactor](https://github.com/cosmos/cosmos-sdk/pull/9920) and [#10028 Antehandlers migration](https://github.com/cosmos/cosmos-sdk/pull/10028) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-046-module-params.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-046-module-params.md new file mode 100644 index 00000000..369cd043 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-046-module-params.md @@ -0,0 +1,184 @@ +# ADR 046: Module Params + +## Changelog + +* Sep 22, 2021: Initial Draft + +## Status + +Proposed + +## Abstract + +This ADR describes an alternative approach to how Cosmos SDK modules use, interact, +and store their respective parameters. + +## Context + +Currently, in the Cosmos SDK, modules that require the use of parameters use the +`x/params` module. The `x/params` works by having modules define parameters, +typically via a simple `Params` structure, and registering that structure in +the `x/params` module via a unique `Subspace` that belongs to the respective +registering module. The registering module then has unique access to its respective +`Subspace`. Through this `Subspace`, the module can get and set its `Params` +structure. + +In addition, the Cosmos SDK's `x/gov` module has direct support for changing +parameters on-chain via a `ParamChangeProposal` governance proposal type, where +stakeholders can vote on suggested parameter changes. + +There are various tradeoffs to using the `x/params` module to manage individual +module parameters. Namely, managing parameters essentially comes for "free" in +that developers only need to define the `Params` struct, the `Subspace`, and the +various auxiliary functions, e.g. `ParamSetPairs`, on the `Params` type. However, +there are some notable drawbacks. These drawbacks include the fact that parameters +are serialized in state via JSON which is extremely slow. In addition, parameter +changes via `ParamChangeProposal` governance proposals have no way of reading from +or writing to state. In other words, it is currently not possible to have any +state transitions in the application during an attempt to change param(s). + +## Decision + +We will build off of the alignment of `x/gov` and `x/authz` work per +[#9810](https://github.com/cosmos/cosmos-sdk/pull/9810). Namely, module developers +will create one or more unique parameter data structures that must be serialized +to state. The Param data structures must implement `sdk.Msg` interface with respective +Protobuf Msg service method which will validate and update the parameters with all +necessary changes. The `x/gov` module via the work done in +[#9810](https://github.com/cosmos/cosmos-sdk/pull/9810), will dispatch Param +messages, which will be handled by Protobuf Msg services. + +Note, it is up to developers to decide how to structure their parameters and +the respective `sdk.Msg` messages. Consider the parameters currently defined in +`x/auth` using the `x/params` module for parameter management: + +```protobuf +message Params { + uint64 max_memo_characters = 1; + uint64 tx_sig_limit = 2; + uint64 tx_size_cost_per_byte = 3; + uint64 sig_verify_cost_ed25519 = 4; + uint64 sig_verify_cost_secp256k1 = 5; +} +``` + +Developers can choose to either create a unique data structure for every field in +`Params` or they can create a single `Params` structure as outlined above in the +case of `x/auth`. + +In the former, `x/params`, approach, a `sdk.Msg` would need to be created for every single +field along with a handler. This can become burdensome if there are a lot of +parameter fields. In the latter case, there is only a single data structure and +thus only a single message handler, however, the message handler might have to be +more sophisticated in that it might need to understand what parameters are being +changed vs what parameters are untouched. + +Params change proposals are made using the `x/gov` module. Execution is done through +`x/authz` authorization to the root `x/gov` module's account. + +Continuing to use `x/auth`, we demonstrate a more complete example: + +```go +type Params struct { + MaxMemoCharacters uint64 + TxSigLimit uint64 + TxSizeCostPerByte uint64 + SigVerifyCostED25519 uint64 + SigVerifyCostSecp256k1 uint64 +} + +type MsgUpdateParams struct { + MaxMemoCharacters uint64 + TxSigLimit uint64 + TxSizeCostPerByte uint64 + SigVerifyCostED25519 uint64 + SigVerifyCostSecp256k1 uint64 +} + +type MsgUpdateParamsResponse struct {} + +func (ms msgServer) UpdateParams(goCtx context.Context, msg *types.MsgUpdateParams) (*types.MsgUpdateParamsResponse, error) { + ctx := sdk.UnwrapSDKContext(goCtx) + + // verification logic... + + // persist params + params := ParamsFromMsg(msg) + ms.SaveParams(ctx, params) + + return &types.MsgUpdateParamsResponse{}, nil +} + +func ParamsFromMsg(msg *types.MsgUpdateParams) Params { + // ... +} +``` + +A gRPC `Service` query should also be provided, for example: + +```protobuf +service Query { + // ... + + rpc Params(QueryParamsRequest) returns (QueryParamsResponse) { + option (google.api.http).get = "/cosmos//v1beta1/params"; + } +} + +message QueryParamsResponse { + Params params = 1 [(gogoproto.nullable) = false]; +} +``` + +## Consequences + +As a result of implementing the module parameter methodology, we gain the ability +for module parameter changes to be stateful and extensible to fit nearly every +application's use case. We will be able to emit events (and trigger hooks registered +to that events using the work proposed in [event hooks](https://github.com/cosmos/cosmos-sdk/discussions/9656)), +call other Msg service methods or perform migration. +In addition, there will be significant gains in performance when it comes to reading +and writing parameters from and to state, especially if a specific set of parameters +are read on a consistent basis. + +However, this methodology will require developers to implement more types and +Msg service metohds which can become burdensome if many parameters exist. In addition, +developers are required to implement persistance logics of module parameters. +However, this should be trivial. + +### Backwards Compatibility + +The new method for working with module parameters is naturally not backwards +compatible with the existing `x/params` module. However, the `x/params` will +remain in the Cosmos SDK and will be marked as deprecated with no additional +functionality being added apart from potential bug fixes. Note, the `x/params` +module may be removed entirely in a future release. + +### Positive + +* Module parameters are serialized more efficiently +* Modules are able to react on parameters changes and perform additional actions. +* Special events can be emitted, allowing hooks to be triggered. + +### Negative + +* Module parameters becomes slightly more burdensome for module developers: + * Modules are now responsible for persisting and retrieving parameter state + * Modules are now required to have unique message handlers to handle parameter + changes per unique parameter data structure. + +### Neutral + +* Requires [#9810](https://github.com/cosmos/cosmos-sdk/pull/9810) to be reviewed + and merged. + + + +## References + +* https://github.com/cosmos/cosmos-sdk/pull/9810 +* https://github.com/cosmos/cosmos-sdk/issues/9438 +* https://github.com/cosmos/cosmos-sdk/discussions/9913 diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-047-extend-upgrade-plan.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-047-extend-upgrade-plan.md new file mode 100644 index 00000000..3a4f3aac --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-047-extend-upgrade-plan.md @@ -0,0 +1,250 @@ +# ADR 047: Extend Upgrade Plan + +## Changelog + +* Nov, 23, 2021: Initial Draft + +## Status + +PROPOSED Not Implemented + +## Abstract + +This ADR expands the existing x/upgrade `Plan` proto message to include new fields for defining pre-run and post-run processes within upgrade tooling. +It also defines a structure for providing downloadable artifacts involved in an upgrade. + +## Context + +The `upgrade` module in conjunction with Cosmovisor are designed to facilitate and automate a blockchain's transition from one version to another. + +Users submit a software upgrade governance proposal containing an upgrade `Plan`. +The [Plan](https://github.com/cosmos/cosmos-sdk/blob/v0.44.5/proto/cosmos/upgrade/v1beta1/upgrade.proto#L12) currently contains the following fields: +* `name`: A short string identifying the new version. +* `height`: The chain height at which the upgrade is to be performed. +* `info`: A string containing information about the upgrade. + +The `info` string can be anything. +However, Cosmovisor will try to use the `info` field to automatically download a new version of the blockchain executable. +For the auto-download to work, Cosmovisor expects it to be either a stringified JSON object (with a specific structure defined through documentation), or a URL that will return such JSON. +The JSON object identifies URLs used to download the new blockchain executable for different platforms (OS and Architecture, e.g. "linux/amd64"). +Such a URL can either return the executable file directly or can return an archive containing the executable and possibly other assets. + +If the URL returns an archive, it is decompressed into `{DAEMON_HOME}/cosmovisor/{upgrade name}`. +Then, if `{DAEMON_HOME}/cosmovisor/{upgrade name}/bin/{DAEMON_NAME}` does not exist, but `{DAEMON_HOME}/cosmovisor/{upgrade name}/{DAEMON_NAME}` does, the latter is copied to the former. +If the URL returns something other than an archive, it is downloaded to `{DAEMON_HOME}/cosmovisor/{upgrade name}/bin/{DAEMON_NAME}`. + +If an upgrade height is reached and the new version of the executable version isn't available, Cosmovisor will stop running. + +Both `DAEMON_HOME` and `DAEMON_NAME` are [environment variables used to configure Cosmovisor](https://github.com/cosmos/cosmos-sdk/blob/cosmovisor/v1.0.0/cosmovisor/README.md#command-line-arguments-and-environment-variables). + +Currently, there is no mechanism that makes Cosmovisor run a command after the upgraded chain has been restarted. + +The current upgrade process has this timeline: + +1. An upgrade governance proposal is submitted and approved. +1. The upgrade height is reached. +1. The `x/upgrade` module writes the `upgrade_info.json` file. +1. The chain halts. +1. Cosmovisor backs up the data directory (if set up to do so). +1. Cosmovisor downloads the new executable (if not already in place). +1. Cosmovisor executes the `${DAEMON_NAME} pre-upgrade`. +1. Cosmovisor restarts the app using the new version and same args originally provided. + +## Decision + +### Protobuf Updates + +We will update the `x/upgrade.Plan` message for providing upgrade instructions. +The upgrade instructions will contain a list of artifacts available for each platform. +It allows for the definition of a pre-run and post-run commands. +These commands are not consensus guaranteed; they will be executed by Cosmosvisor (or other) during its upgrade handling. + +```protobuf +message Plan { + // ... (existing fields) + + UpgradeInstructions instructions = 6; +} +``` + +The new `UpgradeInstructions instructions` field MUST be optional. + +```protobuf +message UpgradeInstructions { + string pre_run = 1; + string post_run = 2; + repeated Artifact artifacts = 3; + string description = 4; +} +``` + +All fields in the `UpgradeInstructions` are optional. +* `pre_run` is a command to run prior to the upgraded chain restarting. + If defined, it will be executed after halting and downloading the new artifact but before restarting the upgraded chain. + The working directory this command runs from MUST be `{DAEMON_HOME}/cosmovisor/{upgrade name}`. + This command MUST behave the same as the current [pre-upgrade](https://github.com/cosmos/cosmos-sdk/blob/v0.44.5/docs/migrations/pre-upgrade.md) command. + It does not take in any command-line arguments and is expected to terminate with the following exit codes: + + | Exit status code | How it is handled in Cosmosvisor | + |------------------|---------------------------------------------------------------------------------------------------------------------| + | `0` | Assumes `pre-upgrade` command executed successfully and continues the upgrade. | + | `1` | Default exit code when `pre-upgrade` command has not been implemented. | + | `30` | `pre-upgrade` command was executed but failed. This fails the entire upgrade. | + | `31` | `pre-upgrade` command was executed but failed. But the command is retried until exit code `1` or `30` are returned. | + If defined, then the app supervisors (e.g. Cosmovisor) MUST NOT run `app pre-run`. +* `post_run` is a command to run after the upgraded chain has been started. If defined, this command MUST be only executed at most once by an upgrading node. + The output and exit code SHOULD be logged but SHOULD NOT affect the running of the upgraded chain. + The working directory this command runs from MUST be `{DAEMON_HOME}/cosmovisor/{upgrade name}`. +* `artifacts` define items to be downloaded. + It SHOULD have only one entry per platform. +* `description` contains human-readable information about the upgrade and might contain references to external resources. + It SHOULD NOT be used for structured processing information. + +```protobuf +message Artifact { + string platform = 1; + string url = 2; + string checksum = 3; + string checksum_algo = 4; +} +``` + +* `platform` is a required string that SHOULD be in the format `{OS}/{CPU}`, e.g. `"linux/amd64"`. + The string `"any"` SHOULD also be allowed. + An `Artifact` with a `platform` of `"any"` SHOULD be used as a fallback when a specific `{OS}/{CPU}` entry is not found. + That is, if an `Artifact` exists with a `platform` that matches the system's OS and CPU, that should be used; + otherwise, if an `Artifact` exists with a `platform` of `any`, that should be used; + otherwise no artifact should be downloaded. +* `url` is a required URL string that MUST conform to [RFC 1738: Uniform Resource Locators](https://www.ietf.org/rfc/rfc1738.txt). + A request to this `url` MUST return either an executable file or an archive containing either `bin/{DAEMON_NAME}` or `{DAEMON_NAME}`. + The URL should not contain checksum - it should be specified by the `checksum` attribute. +* `checksum` is a checksum of the expected result of a request to the `url`. + It is not required, but is recommended. + If provided, it MUST be a hex encoded checksum string. + Tools utilizing these `UpgradeInstructions` MUST fail if a `checksum` is provided but is different from the checksum of the result returned by the `url`. +* `checksum_algo` is a string identify the algorithm used to generate the `checksum`. + Recommended algorithms: `sha256`, `sha512`. + Algorithms also supported (but not recommended): `sha1`, `md5`. + If a `checksum` is provided, a `checksum_algo` MUST also be provided. + +A `url` is not required to contain a `checksum` query parameter. +If the `url` does contain a `checksum` query parameter, the `checksum` and `checksum_algo` fields MUST also be populated, and their values MUST match the value of the query parameter. +For example, if the `url` is `"https://example.com?checksum=md5:d41d8cd98f00b204e9800998ecf8427e"`, then the `checksum` field must be `"d41d8cd98f00b204e9800998ecf8427e"` and the `checksum_algo` field must be `"md5"`. + +### Upgrade Module Updates + +If an upgrade `Plan` does not use the new `UpgradeInstructions` field, existing functionality will be maintained. +The parsing of the `info` field as either a URL or `binaries` JSON will be deprecated. +During validation, if the `info` field is used as such, a warning will be issued, but not an error. + +We will update the creation of the `upgrade-info.json` file to include the `UpgradeInstructions`. + +We will update the optional validation available via CLI to account for the new `Plan` structure. +We will add the following validation: + +1. If `UpgradeInstructions` are provided: + 1. There MUST be at least one entry in `artifacts`. + 1. All of the `artifacts` MUST have a unique `platform`. + 1. For each `Artifact`, if the `url` contains a `checksum` query parameter: + 1. The `checksum` query parameter value MUST be in the format of `{checksum_algo}:{checksum}`. + 1. The `{checksum}` from the query parameter MUST equal the `checksum` provided in the `Artifact`. + 1. The `{checksum_algo}` from the query parameter MUST equal the `checksum_algo` provided in the `Artifact`. +1. The following validation is currently done using the `info` field. We will apply similar validation to the `UpgradeInstructions`. + For each `Artifact`: + 1. The `platform` MUST have the format `{OS}/{CPU}` or be `"any"`. + 1. The `url` field MUST NOT be empty. + 1. The `url` field MUST be a proper URL. + 1. A `checksum` MUST be provided either in the `checksum` field or as a query parameter in the `url`. + 1. If the `checksum` field has a value and the `url` also has a `checksum` query parameter, the two values MUST be equal. + 1. The `url` MUST return either a file or an archive containing either `bin/{DAEMON_NAME}` or `{DAEMON_NAME}`. + 1. If a `checksum` is provided (in the field or as a query param), the checksum of the result of the `url` MUST equal the provided checksum. + +Downloading of an `Artifact` will happen the same way that URLs from `info` are currently downloaded. + +### Cosmovisor Updates + +If the `upgrade-info.json` file does not contain any `UpgradeInstructions`, existing functionality will be maintained. + +We will update Cosmovisor to look for and handle the new `UpgradeInstructions` in `upgrade-info.json`. +If the `UpgradeInstructions` are provided, we will do the following: + +1. The `info` field will be ignored. +1. The `artifacts` field will be used to identify the artifact to download based on the `platform` that Cosmovisor is running in. +1. If a `checksum` is provided (either in the field or as a query param in the `url`), and the downloaded artifact has a different checksum, the upgrade process will be interrupted and Cosmovisor will exit with an error. +1. If a `pre_run` command is defined, it will be executed at the same point in the process where the `app pre-upgrade` command would have been executed. + It will be executed using the same environment as other commands run by Cosmovisor. +1. If a `post_run` command is defined, it will be executed after executing the command that restarts the chain. + It will be executed in a background process using the same environment as the other commands. + Any output generated by the command will be logged. + Once complete, the exit code will be logged. + +We will deprecate the use of the `info` field for anything other than human readable information. +A warning will be logged if the `info` field is used to define the assets (either by URL or JSON). + +The new upgrade timeline is very similar to the current one. Changes are in bold: + +1. An upgrade governance proposal is submitted and approved. +1. The upgrade height is reached. +1. The `x/upgrade` module writes the `upgrade_info.json` file **(now possibly with `UpgradeInstructions`)**. +1. The chain halts. +1. Cosmovisor backs up the data directory (if set up to do so). +1. Cosmovisor downloads the new executable (if not already in place). +1. Cosmovisor executes **the `pre_run` command if provided**, or else the `${DAEMON_NAME} pre-upgrade` command. +1. Cosmovisor restarts the app using the new version and same args originally provided. +1. **Cosmovisor immediately runs the `post_run` command in a detached process.** + +## Consequences + +### Backwards Compatibility + +Since the only change to existing definitions is the addition of the `instructions` field to the `Plan` message, and that field is optional, there are no backwards incompatibilities with respects to the proto messages. +Additionally, current behavior will be maintained when no `UpgradeInstructions` are provided, so there are no backwards incompatibilities with respects to either the upgrade module or Cosmovisor. + +### Forwards Compatibility + +In order to utilize the `UpgradeInstructions` as part of a software upgrade, both of the following must be true: + +1. The chain must already be using a sufficiently advanced version of the Cosmos SDK. +1. The chain's nodes must be using a sufficiently advanced version of Cosmovisor. + +### Positive + +1. The structure for defining artifacts is clearer since it is now defined in the proto instead of in documentation. +1. Availability of a pre-run command becomes more obvious. +1. A post-run command becomes possible. + +### Negative + +1. The `Plan` message becomes larger. This is negligible because A) the `x/upgrades` module only stores at most one upgrade plan, and B) upgrades are rare enough that the increased gas cost isn't a concern. +1. There is no option for providing a URL that will return the `UpgradeInstructions`. +1. The only way to provide multiple assets (executables and other files) for a platform is to use an archive as the platform's artifact. + +### Neutral + +1. Existing functionality of the `info` field is maintained when the `UpgradeInstructions` aren't provided. + +## Further Discussions + +1. [Draft PR #10032 Comment](https://github.com/cosmos/cosmos-sdk/pull/10032/files?authenticity_token=pLtzpnXJJB%2Fif2UWiTp9Td3MvRrBF04DvjSuEjf1azoWdLF%2BSNymVYw9Ic7VkqHgNLhNj6iq9bHQYnVLzMXd4g%3D%3D&file-filters%5B%5D=.go&file-filters%5B%5D=.proto#r698708349): + Consider different names for `UpgradeInstructions instructions` (either the message type or field name). +1. [Draft PR #10032 Comment](https://github.com/cosmos/cosmos-sdk/pull/10032/files?authenticity_token=pLtzpnXJJB%2Fif2UWiTp9Td3MvRrBF04DvjSuEjf1azoWdLF%2BSNymVYw9Ic7VkqHgNLhNj6iq9bHQYnVLzMXd4g%3D%3D&file-filters%5B%5D=.go&file-filters%5B%5D=.proto#r754655072): + 1. Consider putting the `string platform` field inside `UpgradeInstructions` and make `UpgradeInstructions` a repeated field in `Plan`. + 1. Consider using a `oneof` field in the `Plan` which could either be `UpgradeInstructions` or else a URL that should return the `UpgradeInstructions`. + 1. Consider allowing `info` to either be a JSON serialized version of `UpgradeInstructions` or else a URL that returns that. +1. [Draft PR #10032 Comment](https://github.com/cosmos/cosmos-sdk/pull/10032/files?authenticity_token=pLtzpnXJJB%2Fif2UWiTp9Td3MvRrBF04DvjSuEjf1azoWdLF%2BSNymVYw9Ic7VkqHgNLhNj6iq9bHQYnVLzMXd4g%3D%3D&file-filters%5B%5D=.go&file-filters%5B%5D=.proto#r755462876): + Consider not including the `UpgradeInstructions.description` field, using the `info` field for that purpose instead. +1. [Draft PR #10032 Comment](https://github.com/cosmos/cosmos-sdk/pull/10032/files?authenticity_token=pLtzpnXJJB%2Fif2UWiTp9Td3MvRrBF04DvjSuEjf1azoWdLF%2BSNymVYw9Ic7VkqHgNLhNj6iq9bHQYnVLzMXd4g%3D%3D&file-filters%5B%5D=.go&file-filters%5B%5D=.proto#r754643691): + Consider allowing multiple artifacts to be downloaded for any given `platform` by adding a `name` field to the `Artifact` message. +1. [PR #10502 Comment](https://github.com/cosmos/cosmos-sdk/pull/10602#discussion_r781438288) + Allow the new `UpgradeInstructions` to be provided via URL. +1. [PR #10502 Comment](https://github.com/cosmos/cosmos-sdk/pull/10602#discussion_r781438288) + Allow definition of a `signer` for assets (as an alternative to using a `checksum`). + +## References + +* [Current upgrade.proto](https://github.com/cosmos/cosmos-sdk/blob/v0.44.5/proto/cosmos/upgrade/v1beta1/upgrade.proto) +* [Upgrade Module README](https://github.com/cosmos/cosmos-sdk/blob/v0.44.5/x/upgrade/spec/README.md) +* [Cosmovisor README](https://github.com/cosmos/cosmos-sdk/blob/cosmovisor/v1.0.0/cosmovisor/README.md) +* [Pre-upgrade README](https://github.com/cosmos/cosmos-sdk/blob/v0.44.5/docs/migrations/pre-upgrade.md) +* [Draft/POC PR #10032](https://github.com/cosmos/cosmos-sdk/pull/10032) +* [RFC 1738: Uniform Resource Locators](https://www.ietf.org/rfc/rfc1738.txt) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-048-consensus-fees.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-048-consensus-fees.md new file mode 100644 index 00000000..f1c6065c --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-048-consensus-fees.md @@ -0,0 +1,204 @@ +# ADR 048: Multi Tire Gas Price System + +## Changelog + +* Dec 1, 2021: Initial Draft + +## Status + +Rejected + +## Abstract + +This ADR describes a flexible mechanism to maintain a consensus level gas prices, in which one can choose a multi-tier gas price system or EIP-1559 like one through configuration. + +## Context + +Currently, each validator configures it's own `minimal-gas-prices` in `app.yaml`. But setting a proper minimal gas price is critical to protect network from dos attack, and it's hard for all the validators to pick a sensible value, so we propose to maintain a gas price in consensus level. + +Since tendermint 0.34.20 has supported mempool prioritization, we can take advantage of that to implement more sophisticated gas fee system. + +## Multi-Tier Price System + +We propose a multi-tier price system on consensus to provide maximum flexibility: + +* Tier 1: a constant gas price, which could only be modified occasionally through governance proposal. +* Tier 2: a dynamic gas price which is adjusted according to previous block load. +* Tier 3: a dynamic gas price which is adjusted according to previous block load at a higher speed. + +The gas price of higher tier should bigger than the lower tier. + +The transaction fees are charged with the exact gas price calculated on consensus. + +The parameter schema is like this: + +```protobuf +message TierParams { + uint32 priority = 1 // priority in tendermint mempool + Coin initial_gas_price = 2 // + uint32 parent_gas_target = 3 // the target saturation of block + uint32 change_denominator = 4 // decides the change speed + Coin min_gas_price = 5 // optional lower bound of the price adjustment + Coin max_gas_price = 6 // optional upper bound of the price adjustment +} + +message Params { + repeated TierParams tiers = 1; +} +``` + +### Extension Options + +We need to allow user to specify the tier of service for the transaction, to support it in an extensible way, we add an extension option in `AuthInfo`: + +```protobuf +message ExtensionOptionsTieredTx { + uint32 fee_tier = 1 +} +``` + +The value of `fee_tier` is just the index to the `tiers` parameter list. + +We also change the semantic of existing `fee` field of `Tx`, instead of charging user the exact `fee` amount, we treat it as a fee cap, while the actual amount of fee charged is decided dynamically. If the `fee` is smaller than dynamic one, the transaction won't be included in current block and ideally should stay in the mempool until the consensus gas price drop. The mempool can eventually prune old transactions. + +### Tx Prioritization + +Transactions are prioritized based on the tier, the higher the tier, the higher the priority. + +Within the same tier, follow the default Tendermint order (currently FIFO). Be aware of that the mempool tx ordering logic is not part of consensus and can be modified by malicious validator. + +This mechanism can be easily composed with prioritization mechanisms: + +* we can add extra tiers out of a user control: + * Example 1: user can set tier 0, 10 or 20, but the protocol will create tiers 0, 1, 2 ... 29. For example IBC transactions will go to tier `user_tier + 5`: if user selected tier 1, then the transaction will go to tier 15. + * Example 2: we can reserve tier 4, 5, ... only for special transaction types. For example, tier 5 is reserved for evidence tx. So if submits a bank.Send transaction and set tier 5, it will be delegated to tier 3 (the max tier level available for any transaction). + * Example 3: we can enforce that all transactions of a sepecific type will go to specific tier. For example, tier 100 will be reserved for evidence transactions and all evidence transactions will always go to that tier. + +### `min-gas-prices` + +Deprecate the current per-validator `min-gas-prices` configuration, since it would confusing for it to work together with the consensus gas price. + +### Adjust For Block Load + +For tier 2 and tier 3 transactions, the gas price is adjusted according to previous block load, the logic could be similar to EIP-1559: + +```python +def adjust_gas_price(gas_price, parent_gas_used, tier): + if parent_gas_used == tier.parent_gas_target: + return gas_price + elif parent_gas_used > tier.parent_gas_target: + gas_used_delta = parent_gas_used - tier.parent_gas_target + gas_price_delta = max(gas_price * gas_used_delta // tier.parent_gas_target // tier.change_speed, 1) + return gas_price + gas_price_delta + else: + gas_used_delta = parent_gas_target - parent_gas_used + gas_price_delta = gas_price * gas_used_delta // parent_gas_target // tier.change_speed + return gas_price - gas_price_delta +``` + +### Block Segment Reservation + +Ideally we should reserve block segments for each tier, so the lower tiered transactions won't be completely squeezed out by higher tier transactions, which will force user to use higher tier, and the system degraded to a single tier. + +We need help from tendermint to implement this. + +## Implementation + +We can make each tier's gas price strategy fully configurable in protocol parameters, while providing a sensible default one. + +Pseudocode in python-like syntax: + +```python +interface TieredTx: + def tier(self) -> int: + pass + +def tx_tier(tx): + if isinstance(tx, TieredTx): + return tx.tier() + else: + # default tier for custom transactions + return 0 + # NOTE: we can add more rules here per "Tx Prioritization" section + +class TierParams: + 'gas price strategy parameters of one tier' + priority: int # priority in tendermint mempool + initial_gas_price: Coin + parent_gas_target: int + change_speed: Decimal # 0 means don't adjust for block load. + +class Params: + 'protocol parameters' + tiers: List[TierParams] + +class State: + 'consensus state' + # total gas used in last block, None when it's the first block + parent_gas_used: Optional[int] + # gas prices of last block for all tiers + gas_prices: List[Coin] + +def begin_block(): + 'Adjust gas prices' + for i, tier in enumerate(Params.tiers): + if State.parent_gas_used is None: + # initialized gas price for the first block + State.gas_prices[i] = tier.initial_gas_price + else: + # adjust gas price according to gas used in previous block + State.gas_prices[i] = adjust_gas_price(State.gas_prices[i], State.parent_gas_used, tier) + +def mempoolFeeTxHandler_checkTx(ctx, tx): + # the minimal-gas-price configured by validator, zero in deliver_tx context + validator_price = ctx.MinGasPrice() + consensus_price = State.gas_prices[tx_tier(tx)] + min_price = max(validator_price, consensus_price) + + # zero means infinity for gas price cap + if tx.gas_price() > 0 and tx.gas_price() < min_price: + return 'insufficient fees' + return next_CheckTx(ctx, tx) + +def txPriorityHandler_checkTx(ctx, tx): + res, err := next_CheckTx(ctx, tx) + # pass priority to tendermint + res.Priority = Params.tiers[tx_tier(tx)].priority + return res, err + +def end_block(): + 'Update block gas used' + State.parent_gas_used = block_gas_meter.consumed() +``` + +### Dos attack protection + +To fully saturate the blocks and prevent other transactions from executing, attacker need to use transactions of highest tier, the cost would be significantly higher than the default tier. + +If attacker spam with lower tier transactions, user can mitigate by sending higher tier transactions. + +## Consequences + +### Backwards Compatibility + +* New protocol parameters. +* New consensus states. +* New/changed fields in transaction body. + +### Positive + +* The default tier keeps the same predictable gas price experience for client. +* The higher tier's gas price can adapt to block load. +* No priority conflict with custom priority based on transaction types, since this proposal only occupy three priority levels. +* Possibility to compose different priority rules with tiers + +### Negative + +* Wallets & tools need to update to support the new `tier` parameter, and semantic of `fee` field is changed. + +### Neutral + +## References + +* https://eips.ethereum.org/EIPS/eip-1559 +* https://iohk.io/en/blog/posts/2021/11/26/network-traffic-and-tiered-pricing/ diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-049-state-sync-hooks.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-049-state-sync-hooks.md new file mode 100644 index 00000000..c7353aa3 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-049-state-sync-hooks.md @@ -0,0 +1,174 @@ +# ADR 049: State Sync Hooks + +## Changelog + +* Jan 19, 2022: Initial Draft +* Apr 29, 2022: Safer extension snapshotter interface + +## Status + +Implemented + +## Abstract + +This ADR outlines a hooks-based mechanism for application modules to provide additional state (outside of the IAVL tree) to be used +during state sync. + +## Context + +New clients use state-sync to download snapshots of module state from peers. Currently, the snapshot consists of a +stream of `SnapshotStoreItem` and `SnapshotIAVLItem`, which means that application modules that define their state outside of the IAVL +tree cannot include their state as part of the state-sync process. + +Note, Even though the module state data is outside of the tree, for determinism we require that the hash of the external data should +be posted in the IAVL tree. + +## Decision + +A simple proposal based on our existing implementation is that, we can add two new message types: `SnapshotExtensionMeta` +and `SnapshotExtensionPayload`, and they are appended to the existing multi-store stream with `SnapshotExtensionMeta` +acting as a delimiter between extensions. As the chunk hashes should be able to ensure data integrity, we don't need +a delimiter to mark the end of the snapshot stream. + +Besides, we provide `Snapshotter` and `ExtensionSnapshotter` interface for modules to implement snapshotters, which will handle both taking +snapshot and the restoration. Each module could have mutiple snapshotters, and for modules with additional state, they should +implement `ExtensionSnapshotter` as extension snapshotters. When setting up the application, the snapshot `Manager` should call +`RegisterExtensions([]ExtensionSnapshotter…)` to register all the extension snapshotters. + +```protobuf +// SnapshotItem is an item contained in a rootmulti.Store snapshot. +// On top of the exsiting SnapshotStoreItem and SnapshotIAVLItem, we add two new options for the item. +message SnapshotItem { + // item is the specific type of snapshot item. + oneof item { + SnapshotStoreItem store = 1; + SnapshotIAVLItem iavl = 2 [(gogoproto.customname) = "IAVL"]; + SnapshotExtensionMeta extension = 3; + SnapshotExtensionPayload extension_payload = 4; + } +} + +// SnapshotExtensionMeta contains metadata about an external snapshotter. +// One module may need multiple snapshotters, so each module may have multiple SnapshotExtensionMeta. +message SnapshotExtensionMeta { + // the name of the ExtensionSnapshotter, and it is registered to snapshotter manager when setting up the application + // name should be unique for each ExtensionSnapshotter as we need to alphabetically order their snapshots to get + // deterministic snapshot stream. + string name = 1; + // this is used by each ExtensionSnapshotter to decide the format of payloads included in SnapshotExtensionPayload message + // it is used within the snapshotter/namespace, not global one for all modules + uint32 format = 2; +} + +// SnapshotExtensionPayload contains payloads of an external snapshotter. +message SnapshotExtensionPayload { + bytes payload = 1; +} +``` + +When we create a snapshot stream, the `multistore` snapshot is always placed at the beginning of the binary stream, and other extension snapshots are alphabetically ordered by the name of the corresponding `ExtensionSnapshotter`. + +The snapshot stream would look like as follows: + +```go +// multi-store snapshot +{SnapshotStoreItem | SnapshotIAVLItem, ...} +// extension1 snapshot +SnapshotExtensionMeta +{SnapshotExtensionPayload, ...} +// extension2 snapshot +SnapshotExtensionMeta +{SnapshotExtensionPayload, ...} +``` + +We add an `extensions` field to snapshot `Manager` for extension snapshotters. The `multistore` snapshotter is a special one and it doesn't need a name because it is always placed at the beginning of the binary stream. + +```go +type Manager struct { + store *Store + multistore types.Snapshotter + extensions map[string]types.ExtensionSnapshotter + mtx sync.Mutex + operation operation + chRestore chan<- io.ReadCloser + chRestoreDone <-chan restoreDone + restoreChunkHashes [][]byte + restoreChunkIndex uint32 +} +``` + +For extension snapshotters that implement the `ExtensionSnapshotter` interface, their names should be registered to the snapshot `Manager` by +calling `RegisterExtensions` when setting up the application. The snapshotters will handle both taking snapshot and restoration. + +```go +// RegisterExtensions register extension snapshotters to manager +func (m *Manager) RegisterExtensions(extensions ...types.ExtensionSnapshotter) error +``` + +On top of the existing `Snapshotter` interface for the `multistore`, we add `ExtensionSnapshotter` interface for the extension snapshotters. Three more function signatures: `SnapshotFormat()`, `SupportedFormats()` and `SnapshotName()` are added to `ExtensionSnapshotter`. + +```go +// ExtensionPayloadReader read extension payloads, +// it returns io.EOF when reached either end of stream or the extension boundaries. +type ExtensionPayloadReader = func() ([]byte, error) + +// ExtensionPayloadWriter is a helper to write extension payloads to underlying stream. +type ExtensionPayloadWriter = func([]byte) error + +// ExtensionSnapshotter is an extension Snapshotter that is appended to the snapshot stream. +// ExtensionSnapshotter has an unique name and manages it's own internal formats. +type ExtensionSnapshotter interface { + // SnapshotName returns the name of snapshotter, it should be unique in the manager. + SnapshotName() string + + // SnapshotFormat returns the default format used to take a snapshot. + SnapshotFormat() uint32 + + // SupportedFormats returns a list of formats it can restore from. + SupportedFormats() []uint32 + + // SnapshotExtension writes extension payloads into the underlying protobuf stream. + SnapshotExtension(height uint64, payloadWriter ExtensionPayloadWriter) error + + // RestoreExtension restores an extension state snapshot, + // the payload reader returns `io.EOF` when reached the extension boundaries. + RestoreExtension(height uint64, format uint32, payloadReader ExtensionPayloadReader) error + +} +``` + +## Consequences + +As a result of this implementation, we are able to create snapshots of binary chunk stream for the state that we maintain outside of the IAVL Tree, CosmWasm blobs for example. And new clients are able to fetch sanpshots of state for all modules that have implemented the corresponding interface from peer nodes. + + +### Backwards Compatibility + +This ADR introduces new proto message types, add an `extensions` field in snapshot `Manager`, and add new `ExtensionSnapshotter` interface, so this is not backwards compatible if we have extensions. + +But for applications that does not have the state data outside of the IAVL tree for any module, the snapshot stream is backwards-compatible. + +### Positive + +* State maintained outside of IAVL tree like CosmWasm blobs can create snapshots by implementing extension snapshotters, and being fetched by new clients via state-sync. + +### Negative + +### Neutral + +* All modules that maintain state outside of IAVL tree need to implement `ExtensionSnapshotter` and the snapshot `Manager` need to call `RegisterExtensions` when setting up the application. + +## Further Discussions + +While an ADR is in the DRAFT or PROPOSED stage, this section should contain a summary of issues to be solved in future iterations (usually referencing comments from a pull-request discussion). +Later, this section can optionally list ideas or improvements the author or reviewers found during the analysis of this ADR. + +## Test Cases [optional] + +Test cases for an implementation are mandatory for ADRs that are affecting consensus changes. Other ADRs can choose to include links to test cases if applicable. + +## References + +* https://github.com/cosmos/cosmos-sdk/pull/10961 +* https://github.com/cosmos/cosmos-sdk/issues/7340 +* https://hackmd.io/gJoyev6DSmqqkO667WQlGw diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-050-sign-mode-textual-annex1.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-050-sign-mode-textual-annex1.md new file mode 100644 index 00000000..13deec92 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-050-sign-mode-textual-annex1.md @@ -0,0 +1,358 @@ +# ADR 050: SIGN_MODE_TEXTUAL: Annex 1 Value Renderers + +## Changelog + +* Dec 06, 2021: Initial Draft +* Feb 07, 2022: Draft read and concept-ACKed by the Ledger team. +* Dec 01, 2022: Remove `Object: ` prefix on Any header screen. +* Dec 13, 2022: Sign over bytes hash when bytes length > 32. +* Mar 27, 2023: Update `Any` value renderer to omit message header screen. + +## Status + +Accepted. Implementation started. Small value renderers details still need to be polished. + +## Abstract + +This Annex describes value renderers, which are used for displaying Protobuf values in a human-friendly way using a string array. + +## Value Renderers + +Value Renderers describe how values of different Protobuf types should be encoded as a string array. Value renderers can be formalized as a set of bijective functions `func renderT(value T) []string`, where `T` is one of the below Protobuf types for which this spec is defined. + +### Protobuf `number` + +* Applies to: + * protobuf numeric integer types (`int{32,64}`, `uint{32,64}`, `sint{32,64}`, `fixed{32,64}`, `sfixed{32,64}`) + * strings whose `customtype` is `github.com/cosmos/cosmos-sdk/types.Int` or `github.com/cosmos/cosmos-sdk/types.Dec` + * bytes whose `customtype` is `github.com/cosmos/cosmos-sdk/types.Int` or `github.com/cosmos/cosmos-sdk/types.Dec` +* Trailing decimal zeroes are always removed +* Formatting with `'`s for every three integral digits. +* Usage of `.` to denote the decimal delimiter. + +#### Examples + +* `1000` (uint64) -> `1'000` +* `"1000000.00"` (string representing a Dec) -> `1'000'000` +* `"1000000.10"` (string representing a Dec) -> `1'000'000.1` + +### `coin` + +* Applies to `cosmos.base.v1beta1.Coin`. +* Denoms are converted to `display` denoms using `Metadata` (if available). **This requires a state query**. The definition of `Metadata` can be found in the [bank protobuf definition](https://buf.build/cosmos/cosmos-sdk/docs/main:cosmos.bank.v1beta1#cosmos.bank.v1beta1.Metadata). If the `display` field is empty or nil, then we do not perform any denom conversion. +* Amounts are converted to `display` denom amounts and rendered as `number`s above + * We do not change the capitalization of the denom. In practice, `display` denoms are stored in lowercase in state (e.g. `10 atom`), however they are often showed in UPPERCASE in everyday life (e.g. `10 ATOM`). Value renderers keep the case used in state, but we may recommend chains changing the denom metadata to be uppercase for better user display. +* One space between the denom and amount (e.g. `10 atom`). +* In the future, IBC denoms could maybe be converted to DID/IIDs, if we can find a robust way for doing this (ex. `cosmos:cosmos:hub:bank:denom:atom`) + +#### Examples + +* `1000000000uatom` -> `["1'000 atom"]`, because atom is the metadata's display denom. + +### `coins` + +* an array of `coin` is display as the concatenation of each `coin` encoded as the specification above, the joined together with the delimiter `", "` (a comma and a space, no quotes around). +* the list of coins is ordered by unicode code point of the display denom: `A-Z` < `a-z`. For example, the string `aAbBcC` would be sorted `ABCabc`. + * if the coins list had 0 items in it then it'll be rendered as `zero` + +### Example + +* `["3cosm", "2000000uatom"]` -> `2 atom, 3 COSM` (assuming the display denoms are `atom` and `COSM`) +* `["10atom", "20Acoin"]` -> `20 Acoin, 10 atom` (assuming the display denoms are `atom` and `Acoin`) +* `[]` -> `zero` + +### `repeated` + +* Applies to all `repeated` fields, except `cosmos.tx.v1beta1.TxBody#Messages`, which has a particular encoding (see [ADR-050](adr-050-sign-mode-textual.md)). +* A repeated type has the following template: + +``` +: + (/): + + (/): + +End of . +``` + +where: + +* `field_name` is the Protobuf field name of the repeated field +* `field_kind`: + * if the type of the repeated field is a message, `field_kind` is the message name + * if the type of the repeated field is an enum, `field_kind` is the enum name + * in any other case, `field_kind` is the protobuf primitive type (e.g. "string" or "bytes") +* `int` is the length of the array +* `index` is one based index of the repeated field + +#### Examples + +Given the proto definition: + +```protobuf +message AllowedMsgAllowance { + repeated string allowed_messages = 1; +} +``` + +and initializing with: + +```go +x := []AllowedMsgAllowance{"cosmos.bank.v1beta1.MsgSend", "cosmos.gov.v1.MsgVote"} +``` + +we have the following value-rendered encoding: + +``` +Allowed messages: 2 strings +Allowed messages (1/2): cosmos.bank.v1beta1.MsgSend +Allowed messages (2/2): cosmos.gov.v1.MsgVote +End of Allowed messages +``` + +### `message` + +* Applies to all Protobuf messages that do not have a custom encoding. +* Field names follow [sentence case](https://en.wiktionary.org/wiki/sentence_case) + * replace each `_` with a space + * capitalize first letter of the sentence +* Field names are ordered by their Protobuf field number +* Screen title is the field name, and screen content is the value. +* Nesting: + * if a field contains a nested message, we value-render the underlying message using the template: + + ``` + : <1st line of value-rendered message> + > // Notice the `>` prefix. + ``` + + * `>` character is used to denote nesting. For each additional level of nesting, add `>`. + +#### Examples + +Given the following Protobuf messages: + +```protobuf +enum VoteOption { + VOTE_OPTION_UNSPECIFIED = 0; + VOTE_OPTION_YES = 1; + VOTE_OPTION_ABSTAIN = 2; + VOTE_OPTION_NO = 3; + VOTE_OPTION_NO_WITH_VETO = 4; +} + +message WeightedVoteOption { + VoteOption option = 1; + string weight = 2 [(cosmos_proto.scalar) = "cosmos.Dec"]; +} + +message Vote { + uint64 proposal_id = 1; + string voter = 2 [(cosmos_proto.scalar) = "cosmos.AddressString"]; + reserved 3; + repeated WeightedVoteOption options = 4; +} +``` + +we get the following encoding for the `Vote` message: + +``` +Vote object +> Proposal id: 4 +> Voter: cosmos1abc...def +> Options: 2 WeightedVoteOptions +> Options (1/2): WeightedVoteOption object +>> Option: VOTE_OPTION_YES +>> Weight: 0.7 +> Options (2/2): WeightedVoteOption object +>> Option: VOTE_OPTION_NO +>> Weight: 0.3 +> End of Options +``` + +### Enums + +* Show the enum variant name as string. + +#### Examples + +See example above with `message Vote{}`. + +### `google.protobuf.Any` + +* Applies to `google.protobuf.Any` +* Rendered as: + +``` + +> +``` + +There is however one exception: when the underlying message is a Protobuf message that does not have a custom encoding, then the message header screen is omitted, and one level of indentation is removed. + +Messages that have a custom encoding, including `google.protobuf.Timestamp`, `google.protobuf.Duration`, `google.protobuf.Any`, `cosmos.base.v1beta1.Coin`, and messages that have an app-defined custom encoding, will preserve their header and indentation level. + +#### Examples + +Message header screen is stripped, one-level of indentation removed: +``` +/cosmos.gov.v1.Vote +> Proposal id: 4 +> Vote: cosmos1abc...def +> Options: 2 WeightedVoteOptions +> Options (1/2): WeightedVoteOption object +>> Option: Yes +>> Weight: 0.7 +> Options (2/2): WeightedVoteOption object +>> Option: No +>> Weight: 0.3 +> End of Options +``` + +Message with custom encoding: +``` +/cosmos.base.v1beta1.Coin +> 10uatom +``` + +### `google.protobuf.Timestamp` + +Rendered using [RFC 3339](https://www.rfc-editor.org/rfc/rfc3339) (a +simplification of ISO 8601), which is the current recommendation for portable +time values. The rendering always uses "Z" (UTC) as the timezone. It uses only +the necessary fractional digits of a second, omitting the fractional part +entirely if the timestamp has no fractional seconds. (The resulting timestamps +are not automatically sortable by standard lexicographic order, but we favor +the legibility of the shorter string.) + +#### Examples + +The timestamp with 1136214245 seconds and 700000000 nanoseconds is rendered +as `2006-01-02T15:04:05.7Z`. +The timestamp with 1136214245 seconds and zero nanoseconds is rendered +as `2006-01-02T15:04:05Z`. + +### `google.protobuf.Duration` + +The duration proto expresses a raw number of seconds and nanoseconds. +This will be rendered as longer time units of days, hours, and minutes, +plus any remaining seconds, in that order. +Leading and trailing zero-quantity units will be omitted, but all +units in between nonzero units will be shown, e.g. ` 3 days, 0 hours, 0 minutes, 5 seconds`. + +Even longer time units such as months or years are imprecise. +Weeks are precise, but not commonly used - `91 days` is more immediately +legible than `13 weeks`. Although `days` can be problematic, +e.g. noon to noon on subsequent days can be 23 or 25 hours depending on +daylight savings transitions, there is significant advantage in using +strict 24-hour days over using only hours (e.g. `91 days` vs `2184 hours`). + +When nanoseconds are nonzero, they will be shown as fractional seconds, +with only the minimum number of digits, e.g `0.5 seconds`. + +A duration of exactly zero is shown as `0 seconds`. + +Units will be given as singular (no trailing `s`) when the quantity is exactly one, +and will be shown in plural otherwise. + +Negative durations will be indicated with a leading minus sign (`-`). + +Examples: + +* `1 day` +* `30 days` +* `-1 day, 12 hours` +* `3 hours, 0 minutes, 53.025 seconds` + +### bytes + +* Bytes of length shorter or equal to 35 are rendered in hexadecimal, all capital letters, without the `0x` prefix. +* Bytes of length greater than 35 are hashed using SHA256. The rendered text is `SHA-256=`, followed by the 32-byte hash, in hexadecimal, all capital letters, without the `0x` prefix. +* The hexadecimal string is finally separated into groups of 4 digits, with a space `' '` as separator. If the bytes length is odd, the 2 remaining hexadecimal characters are at the end. + +The number 35 was chosen because it is the longest length where the hashed-and-prefixed representation is longer than the original data directly formatted, using the 3 rules above. More specifically: +- a 35-byte array will have 70 hex characters, plus 17 space characters, resulting in 87 characters. +- byte arrays starting from length 36 will be be hashed to 32 bytes, which is 64 hex characters plus 15 spaces, and with the `SHA-256=` prefix, it takes 87 characters. +Also, secp256k1 public keys have length 33, so their Textual representation is not their hashed value, which we would like to avoid. + +Note: Data longer than 35 bytes are not rendered in a way that can be inverted. See ADR-050's [section about invertability](adr-050-sign-mode-textual.md#invertible-rendering) for a discussion. + +#### Examples + +Inputs are displayed as byte arrays. + +* `[0]`: `00` +* `[0,1,2]`: `0001 02` +* `[0,1,2,..,34]`: `0001 0203 0405 0607 0809 0A0B 0C0D 0E0F 1011 1213 1415 1617 1819 1A1B 1C1D 1E1F 2021 22` +* `[0,1,2,..,35]`: `SHA-256=5D7E 2D9B 1DCB C85E 7C89 0036 A2CF 2F9F E7B6 6554 F2DF 08CE C6AA 9C0A 25C9 9C21` + +### address bytes + +We currently use `string` types in protobuf for addresses so this may not be needed, but if any address bytes are used in sign mode textual they should be rendered with bech32 formatting + +### strings + +Strings are rendered as-is. + +### Default Values + +* Default Protobuf values for each field are skipped. + +#### Example + +```protobuf +message TestData { + string signer = 1; + string metadata = 2; +} +``` + +```go +myTestData := TestData{ + Signer: "cosmos1abc" +} +``` + +We get the following encoding for the `TestData` message: + +``` +TestData object +> Signer: cosmos1abc +``` + +### bool + +Boolean values are rendered as `True` or `False`. + +### [ABANDONED] Custom `msg_title` instead of Msg `type_url` + +_This paragraph is in the Annex for informational purposes only, and will be removed in a next update of the ADR._ + +
    + Click to see abandoned idea. + +* all protobuf messages to be used with `SIGN_MODE_TEXTUAL` CAN have a short title associated with them that can be used in format strings whenever the type URL is explicitly referenced via the `cosmos.msg.v1.textual.msg_title` Protobuf message option. +* if this option is not specified for a Msg, then the Protobuf fully qualified name will be used. + +```protobuf +message MsgSend { + option (cosmos.msg.v1.textual.msg_title) = "bank send coins"; +} +``` + +* they MUST be unique per message, per chain + +#### Examples + +* `cosmos.gov.v1.MsgVote` -> `governance v1 vote` + +#### Best Pratices + +We recommend to use this option only for `Msg`s whose Protobuf fully qualified name can be hard to understand. As such, the two examples above (`MsgSend` and `MsgVote`) are not good examples to be used with `msg_title`. We still allow `msg_title` for chains who might have `Msg`s with complex or non-obvious names. + +In those cases, we recommend to drop the version (e.g. `v1`) in the string if there's only one version of the module on chain. This way, the bijective mapping can figure out which message each string corresponds to. If multiple Protobuf versions of the same module exist on the same chain, we recommend keeping the first `msg_title` with version, and the second `msg_title` with version (e.g. `v2`): + +* `mychain.mymodule.v1.MsgDo` -> `mymodule do something` +* `mychain.mymodule.v2.MsgDo` -> `mymodule v2 do something` + +
    diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-050-sign-mode-textual-annex2.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-050-sign-mode-textual-annex2.md new file mode 100644 index 00000000..9bd0f3f4 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-050-sign-mode-textual-annex2.md @@ -0,0 +1,122 @@ +# ADR 050: SIGN_MODE_TEXTUAL: Annex 2 XXX + +## Changelog + +* Oct 3, 2022: Initial Draft + +## Status + +DRAFT + +## Abstract + +This annex provides normative guidance on how devices should render a +`SIGN_MODE_TEXTUAL` document. + +## Context + +`SIGN_MODE_TEXTUAL` allows a legible version of a transaction to be signed +on a hardware security device, such as a Ledger. Early versions of the +design rendered transactions directly to lines of ASCII text, but this +proved awkward from its in-band signaling, and for the need to display +Unicode text within the transaction. + +## Decision + +`SIGN_MODE_TEXTUAL` renders to an abstract representation, leaving it +up to device-specific software how to present this representation given the +capabilities, limitations, and conventions of the deivce. + +We offer the following normative guidance: + +1. The presentation should be as legible as possible to the user, given +the capabilities of the device. If legibility could be sacrificed for other +properties, we would recommend just using some other signing mode. +Legibility should focus on the common case - it is okay for unusual cases +to be less legible. + +2. The presentation should be invertible if possible without substantial +sacrifice of legibility. Any change to the rendered data should result +in a visible change to the presentation. This extends the integrity of the +signing to user-visible presentation. + +3. The presentation should follow normal conventions of the device, +without sacrificing legibility or invertibility. + +As an illustration of these principles, here is an example algorithm +for presentation on a device which can display a single 80-character +line of printable ASCII characters: + +* The presentation is broken into lines, and each line is presented in +sequence, with user controls for going forward or backward a line. + +* Expert mode screens are only presented if the device is in expert mode. + +* Each line of the screen starts with a number of `>` characters equal +to the screen's indentation level, followed by a `+` character if this +isn't the first line of the screen, followed by a space if either a +`>` or a `+` has been emitted, +or if this header is followed by a `>`, `+`, or space. + +* If the line ends with whitespace or an `@` character, an additional `@` +character is appended to the line. + +* The following ASCII control characters or backslash (`\`) are converted +to a backslash followed by a letter code, in the manner of string literals +in many languages: + + * a: U+0007 alert or bell + * b: U+0008 backspace + * f: U+000C form feed + * n: U+000A line feed + * r: U+000D carriage return + * t: U+0009 horizontal tab + * v: U+000B vertical tab + * `\`: U+005C backslash + +* All other ASCII control characters, plus non-ASCII Unicode code points, +are shown as either: + + * `\u` followed by 4 uppercase hex chacters for code points + in the basic multilingual plane (BMP). + + * `\U` followed by 8 uppercase hex characters for other code points. + +* The screen will be broken into multiple lines to fit the 80-character +limit, considering the above transformations in a way that attempts to +minimize the number of lines generated. Expanded control or Unicode characters +are never split across lines. + +Example output: + +``` +An introductory line. +key1: 123456 +key2: a string that ends in whitespace @ +key3: a string that ends in a single ampersand - @@ + >tricky key4<: note the leading space in the presentation +introducing an aggregate +> key5: false +> key6: a very long line of text, please co\u00F6perate and break into +>+ multiple lines. +> Can we do further nesting? +>> You bet we can! +``` + +The inverse mapping gives us the only input which could have +generated this output (JSON notation for string data): + +``` +Indent Text +------ ---- +0 "An introductory line." +0 "key1: 123456" +0 "key2: a string that ends in whitespace " +0 "key3: a string that ends in a single ampersand - @" +0 ">tricky key4<: note the leading space in the presentation" +0 "introducing an aggregate" +1 "key5: false" +1 "key6: a very long line of text, please coöperate and break into multiple lines." +1 "Can we do further nesting?" +2 "You bet we can!" +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-050-sign-mode-textual.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-050-sign-mode-textual.md new file mode 100644 index 00000000..efa4ace4 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-050-sign-mode-textual.md @@ -0,0 +1,369 @@ +# ADR 050: SIGN_MODE_TEXTUAL + +## Changelog + +* Dec 06, 2021: Initial Draft. +* Feb 07, 2022: Draft read and concept-ACKed by the Ledger team. +* May 16, 2022: Change status to Accepted. +* Aug 11, 2022: Require signing over tx raw bytes. +* Sep 07, 2022: Add custom `Msg`-renderers. +* Sep 18, 2022: Structured format instead of lines of text +* Nov 23, 2022: Specify CBOR encoding. +* Dec 01, 2022: Link to examples in separate JSON file. +* Dec 06, 2022: Re-ordering of envelope screens. +* Dec 14, 2022: Mention exceptions for invertability. +* Jan 23, 2023: Switch Screen.Text to Title+Content. +* Mar 07, 2023: Change SignDoc from array to struct containing array. +* Mar 20, 2023: Introduce a spec version initialized to 0. + +## Status + +Accepted. Implementation started. Small value renderers details still need to be polished. + +Spec version: 0. + +## Abstract + +This ADR specifies SIGN_MODE_TEXTUAL, a new string-based sign mode that is targetted at signing with hardware devices. + +## Context + +Protobuf-based SIGN_MODE_DIRECT was introduced in [ADR-020](adr-020-protobuf-transaction-encoding.md) and is intended to replace SIGN_MODE_LEGACY_AMINO_JSON in most situations, such as mobile wallets and CLI keyrings. However, the [Ledger](https://www.ledger.com/) hardware wallet is still using SIGN_MODE_LEGACY_AMINO_JSON for displaying the sign bytes to the user. Hardware wallets cannot transition to SIGN_MODE_DIRECT as: + +* SIGN_MODE_DIRECT is binary-based and thus not suitable for display to end-users. Technically, hardware wallets could simply display the sign bytes to the user. But this would be considered as blind signing, and is a security concern. +* hardware cannot decode the protobuf sign bytes due to memory constraints, as the Protobuf definitions would need to be embedded on the hardware device. + +In an effort to remove Amino from the SDK, a new sign mode needs to be created for hardware devices. [Initial discussions](https://github.com/cosmos/cosmos-sdk/issues/6513) propose a text-based sign mode, which this ADR formally specifies. + +## Decision + +In SIGN_MODE_TEXTUAL, a transaction is rendered into a textual representation, +which is then sent to a secure device or subsystem for the user to review and sign. +Unlike `SIGN_MODE_DIRECT`, the transmitted data can be simply decoded into legible text +even on devices with limited processing and display. + +The textual representation is a sequence of _screens_. +Each screen is meant to be displayed in its entirety (if possible) even on a small device like a Ledger. +A screen is roughly equivalent to a short line of text. +Large screens can be displayed in several pieces, +much as long lines of text are wrapped, +so no hard guidance is given, though 40 characters is a good target. +A screen is used to display a single key/value pair for scalar values +(or composite values with a compact notation, such as `Coins`) +or to introduce or conclude a larger grouping. + +The text can contain the full range of Unicode code points, including control characters and nul. +The device is responsible for deciding how to display characters it cannot render natively. +See [annex 2](adr-050-sign-mode-textual-annex2.md) for guidance. + +Screens have a non-negative indentation level to signal composite or nested structures. +Indentation level zero is the top level. +Indentation is displayed via some device-specific mechanism. +Message quotation notation is an appropriate model, such as +leading `>` characters or vertical bars on more capable displays. + +Some screens are marked as _expert_ screens, +meant to be displayed only if the viewer chooses to opt in for the extra detail. +Expert screens are meant for information that is rarely useful, +or needs to be present only for signature integrity (see below). + +### Invertible Rendering + +We require that the rendering of the transaction be invertible: +there must be a parsing function such that for every transaction, +when rendered to the textual representation, +parsing that representation yeilds a proto message equivalent +to the original under proto equality. + +Note that this inverse function does not need to perform correct +parsing or error signaling for the whole domain of textual data. +Merely that the range of valid transactions be invertible under +the composition of rendering and parsing. + +Note that the existence of an inverse function ensures that the +rendered text contains the full information of the original transaction, +not a hash or subset. + +We make an exception for invertibility for data which are too large to +meaningfully display, such as byte strings longer than 32 bytes. We may then +selectively render them with a cryptographically-strong hash. In these cases, +it is still computationally infeasible to find a different transaction which +has the same rendering. However, we must ensure that the hash computation is +simple enough to be reliably executed independently, so at least the hash is +itself reasonably verifiable when the raw byte string is not. + +### Chain State + +The rendering function (and parsing function) may depend on the current chain state. +This is useful for reading parameters, such as coin display metadata, +or for reading user-specific preferences such as language or address aliases. +Note that if the observed state changes between signature generation +and the transaction's inclusion in a block, the delivery-time rendering +might differ. If so, the signature will be invalid and the transaction +will be rejected. + +### Signature and Security + +For security, transaction signatures should have three properties: + +1. Given the transaction, signatures, and chain state, it must be possible to validate that the signatures matches the transaction, +to verify that the signers must have known their respective secret keys. + +2. It must be computationally infeasible to find a substantially different transaction for which the given signatures are valid, given the same chain state. + +3. The user should be able to give informed consent to the signed data via a simple, secure device with limited display capabilities. + +The correctness and security of `SIGN_MODE_TEXTUAL` is guaranteed by demonstrating an inverse function from the rendering to transaction protos. +This means that it is impossible for a different protocol buffer message to render to the same text. + +### Transaction Hash Malleability + +When client software forms a transaction, the "raw" transaction (`TxRaw`) is serialized as a proto +and a hash of the resulting byte sequence is computed. +This is the `TxHash`, and is used by various services to track the submitted transaction through its lifecycle. +Various misbehavior is possible if one can generate a modified transaction with a different TxHash +but for which the signature still checks out. + +SIGN_MODE_TEXTUAL prevents this transaction malleability by including the TxHash as an expert screen +in the rendering. + +### SignDoc + +The SignDoc for `SIGN_MODE_TEXTUAL` is formed from a data structure like: + +```go +type Screen struct { + Title string // possibly size limited to, advised to 64 characters + Content string // possibly size limited to, advised to 255 characters + Indent uint8 // size limited to something small like 16 or 32 + Expert bool +} + +type SignDocTextual struct { + Screens []Screen +} +``` + +We do not plan to use protobuf serialization to form the sequence of bytes +that will be tranmitted and signed, in order to keep the decoder simple. +We will use [CBOR](https://cbor.io) ([RFC 8949](https://www.rfc-editor.org/rfc/rfc8949.html)) instead. +The encoding is defined by the following CDDL ([RFC 8610](https://www.rfc-editor.org/rfc/rfc8610)): + +``` +;;; CDDL (RFC 8610) Specification of SignDoc for SIGN_MODE_TEXTUAL. +;;; Must be encoded using CBOR deterministic encoding (RFC 8949, section 4.2.1). + +;; A Textual document is a struct containing one field: an array of screens. +sign_doc = { + screens_key: [* screen], +} + +;; The key is an integer to keep the encoding small. +screens_key = 1 + +;; A screen consists of a text string, an indentation, and the expert flag, +;; represented as an integer-keyed map. All entries are optional +;; and MUST be omitted from the encoding if empty, zero, or false. +;; Text defaults to the empty string, indent defaults to zero, +;; and expert defaults to false. +screen = { + ? title_key: tstr, + ? content_key: tstr, + ? indent_key: uint, + ? expert_key: bool, +} + +;; Keys are small integers to keep the encoding small. +title_key = 1 +content_key = 2 +indent_key = 3 +expert_key = 4 +``` + +Defining the sign_doc as directly an array of screens has also been considered. However, given the possibility of future iterations of this specification, using a single-keyed struct has been chosen over the former proposal, as structs allow for easier backwards-compatibility. + +## Details + +In the examples that follow, screens will be shown as lines of text, +indentation is indicated with a leading '>', +and expert screens are marked with a leading `*`. + +### Encoding of the Transaction Envelope + +We define "transaction envelope" as all data in a transaction that is not in the `TxBody.Messages` field. Transaction envelope includes fee, signer infos and memo, but don't include `Msg`s. `//` denotes comments and are not shown on the Ledger device. + +``` +Chain ID: +Account number: +Sequence: +Address: +*Public Key: +This transaction has Message(s) // Pluralize "Message" only when int>1 +> Message (/): // See value renderers for Any rendering. +End of Message +Memo: // Skipped if no memo set. +Fee: // See value renderers for coins rendering. +*Fee payer: // Skipped if no fee_payer set. +*Fee granter: // Skipped if no fee_granter set. +Tip: // Skippted if no tip. +Tipper: +*Gas Limit: +*Timeout Height: // Skipped if no timeout_height set. +*Other signer: SignerInfo // Skipped if the transaction only has 1 signer. +*> Other signer (/): +*End of other signers +*Extension options: Any: // Skipped if no body extension options +*> Extension options (/): +*End of extension options +*Non critical extension options: Any: // Skipped if no body non critical extension options +*> Non critical extension options (/): +*End of Non critical extension options +*Hash of raw bytes: // Hex encoding of bytes defined, to prevent tx hash malleability. +``` + +### Encoding of the Transaction Body + +Transaction Body is the `Tx.TxBody.Messages` field, which is an array of `Any`s, where each `Any` packs a `sdk.Msg`. Since `sdk.Msg`s are widely used, they have a slightly different encoding than usual array of `Any`s (Protobuf: `repeated google.protobuf.Any`) described in Annex 1. + +``` +This transaction has message: // Optional 's' for "message" if there's is >1 sdk.Msgs. +// For each Msg, print the following 2 lines: +Msg (/): // E.g. Msg (1/2): bank v1beta1 send coins + +End of transaction messages +``` + +#### Example + +Given the following Protobuf message: + +```protobuf +message Grant { + google.protobuf.Any authorization = 1 [(cosmos_proto.accepts_interface) = "cosmos.authz.v1beta1.Authorization"]; + google.protobuf.Timestamp expiration = 2 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false]; +} + +message MsgGrant { + option (cosmos.msg.v1.signer) = "granter"; + + string granter = 1 [(cosmos_proto.scalar) = "cosmos.AddressString"]; + string grantee = 2 [(cosmos_proto.scalar) = "cosmos.AddressString"]; +} +``` + +and a transaction containing 1 such `sdk.Msg`, we get the following encoding: + +``` +This transaction has 1 message: +Msg (1/1): authz v1beta1 grant +Granter: cosmos1abc...def +Grantee: cosmos1ghi...jkl +End of transaction messages +``` + +### Custom `Msg` Renderers + +Application developers may choose to not follow default renderer value output for their own `Msg`s. In this case, they can implement their own custom `Msg` renderer. This is similar to [EIP4430](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-4430.md), where the smart contract developer chooses the description string to be shown to the end user. + +This is done by setting the `cosmos.msg.textual.v1.expert_custom_renderer` Protobuf option to a non-empty string. This option CAN ONLY be set on a Protobuf message representing transaction message object (implementing `sdk.Msg` interface). + +```protobuf +message MsgFooBar { + // Optional comments to describe in human-readable language the formatting + // rules of the custom renderer. + option (cosmos.msg.textual.v1.expert_custom_renderer) = ""; + + // proto fields +} +``` + +When this option is set on a `Msg`, a registered function will transform the `Msg` into an array of one or more strings, which MAY use the key/value format (described in point #3) with the expert field prefix (described in point #5) and arbitrary indentation (point #6). These strings MAY be rendered from a `Msg` field using a default value renderer, or they may be generated from several fields using custom logic. + +The `` is a string convention chosen by the application developer and is used to identify the custom `Msg` renderer. For example, the documentation or specification of this custom algorithm can reference this identifier. This identifier CAN have a versioned suffix (e.g. `_v1`) to adapt for future changes (which would be consensus-breaking). We also recommend adding Protobuf comments to describe in human language the custom logic used. + +Moreover, the renderer must provide 2 functions: one for formatting from Protobuf to string, and one for parsing string to Protobuf. These 2 functions are provided by the application developer. To satisfy point #1, the parse function MUST be the inverse of the formatting function. This property will not be checked by the SDK at runtime. However, we strongly recommend the application developer to include a comprehensive suite in their app repo to test invertibility, as to not introduce security bugs. + +### Require signing over the `TxBody` and `AuthInfo` raw bytes + +Recall that the transaction bytes merklelized on chain are the Protobuf binary serialization of [TxRaw](hhttps://buf.build/cosmos/cosmos-sdk/docs/main:cosmos.tx.v1beta1#cosmos.tx.v1beta1.TxRaw), which contains the `body_bytes` and `auth_info_bytes`. Moreover, the transaction hash is defined as the SHA256 hash of the `TxRaw` bytes. We require that the user signs over these bytes in SIGN_MODE_TEXTUAL, more specifically over the following string: + +``` +*Hash of raw bytes: +``` + +where: + +* `++` denotes concatenation, +* `HEX` is the hexadecimal representation of the bytes, all in capital letters, no `0x` prefix, +* and `len()` is encoded as a Big-Endian uint64. + +This is to prevent transaction hash malleability. The point #1 about invertiblity assures that transaction `body` and `auth_info` values are not malleable, but the transaction hash still might be malleable with point #1 only, because the SIGN_MODE_TEXTUAL strings don't follow the byte ordering defined in `body_bytes` and `auth_info_bytes`. Without this hash, a malicious validator or exchange could intercept a transaction, modify its transaction hash _after_ the user signed it using SIGN_MODE_TEXTUAL (by tweaking the byte ordering inside `body_bytes` or `auth_info_bytes`), and then submit it to Tendermint. + +By including this hash in the SIGN_MODE_TEXTUAL signing payload, we keep the same level of guarantees as [SIGN_MODE_DIRECT](adr-020-protobuf-transaction-encoding.md). + +These bytes are only shown in expert mode, hence the leading `*`. + +## Updates to the current specification + +The current specification is not set in stone, and future iterations are to be expected. We distinguish two categories of updates to this specification: + +1. Updates that require changes of the hardware device embedded application. +2. Updates that only modify the envelope and the value renderers. + +Updates in the 1st category include changes of the `Screen` struct or its corresponding CBOR encoding. This type of updates require a modification of the hardware signer application, to be able to decode and parse the new types. Backwards-compatibility must also be guaranteed, so that the new hardware application works with existing versions of the SDK. These updates require the coordination of multiple parties: SDK developers, hardware application developers (currently: Zondax), and client-side developers (e.g. CosmJS). Furthermore, a new submission of the hardware device application may be necessary, which, dependending on the vendor, can take some time. As such, we recommend to avoid this type of updates as much as possible. + +Updates in the 2nd category include changes to any of the value renderers or to the transaction envelope. For example, the ordering of fields in the envelope can be swapped, or the timestamp formatting can be modified. Since SIGN_MODE_TEXTUAL sends `Screen`s to the hardware device, this type of change do not need a hardware wallet application update. They are however state-machine-breaking, and must be documented as such. They require the coordination of SDK developers with client-side developers (e.g. CosmJS), so that the updates are released on both sides close to each other in time. + +We define a spec version, which is an integer that must be incremented on each update of either category. This spec version will be exposed by the SDK's implementation, and can be communicated to clients. For example, SDK v0.48 might use the spec version 1, and SDK v0.49 might use 2; thanks to this versioning, clients can know how to craft SIGN_MODE_TEXTUAL transactions based on the target SDK version. + +The current spec version is defined in the "Status" section, on the top of this document. It is initialized to `0` to allow flexibility in choosing how to define future versions, as it would allow adding a field either in the SignDoc Go struct or in Protobuf in a backwards-compatible way. + +## Additional Formatting by the Hardware Device + +See [annex 2](adr-050-sign-mode-textual-annex2.md). + +## Examples + +1. A minimal MsgSend: [see transaction](https://github.com/cosmos/cosmos-sdk/blob/094abcd393379acbbd043996024d66cd65246fb1/tx/textual/internal/testdata/e2e.json#L2-L70). +2. A transaction with a bit of everything: [see transaction](https://github.com/cosmos/cosmos-sdk/blob/094abcd393379acbbd043996024d66cd65246fb1/tx/textual/internal/testdata/e2e.json#L71-L270). + +The examples below are stored in a JSON file with the following fields: +- `proto`: the representation of the transaction in ProtoJSON, +- `screens`: the transaction rendered into SIGN_MODE_TEXTUAL screens, +- `cbor`: the sign bytes of the transaction, which is the CBOR encoding of the screens. + +## Consequences + +### Backwards Compatibility + +SIGN_MODE_TEXTUAL is purely additive, and doesn't break any backwards compatibility with other sign modes. + +### Positive + +* Human-friendly way of signing in hardware devices. +* Once SIGN_MODE_TEXTUAL is shipped, SIGN_MODE_LEGACY_AMINO_JSON can be deprecated and removed. On the longer term, once the ecosystem has totally migrated, Amino can be totally removed. + +### Negative + +* Some fields are still encoded in non-human-readable ways, such as public keys in hexadecimal. +* New ledger app needs to be released, still unclear + +### Neutral + +* If the transaction is complex, the string array can be arbitrarily long, and some users might just skip some screens and blind sign. + +## Further Discussions + +* Some details on value renderers need to be polished, see [Annex 1](adr-050-sign-mode-textual-annex1.md). +* Are ledger apps able to support both SIGN_MODE_LEGACY_AMINO_JSON and SIGN_MODE_TEXTUAL at the same time? +* Open question: should we add a Protobuf field option to allow app developers to overwrite the textual representation of certain Protobuf fields and message? This would be similar to Ethereum's [EIP4430](https://github.com/ethereum/EIPs/pull/4430), where the contract developer decides on the textual representation. +* Internationalization. + +## References + +* [Annex 1](adr-050-sign-mode-textual-annex1.md) + +* Initial discussion: https://github.com/cosmos/cosmos-sdk/issues/6513 +* Living document used in the working group: https://hackmd.io/fsZAO-TfT0CKmLDtfMcKeA?both +* Working group meeting notes: https://hackmd.io/7RkGfv_rQAaZzEigUYhcXw +* Ethereum's "Described Transactions" https://github.com/ethereum/EIPs/pull/4430 diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-053-go-module-refactoring.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-053-go-module-refactoring.md new file mode 100644 index 00000000..d15c3901 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-053-go-module-refactoring.md @@ -0,0 +1,110 @@ +# ADR 053: Go Module Refactoring + +## Changelog + +* 2022-04-27: First Draft + +## Status + +PROPOSED + +## Abstract + +The current SDK is built as a single monolithic go module. This ADR describes +how we refactor the SDK into smaller independently versioned go modules +for ease of maintenance. + +## Context + +Go modules impose certain requirements on software projects with respect to +stable version numbers (anything above 0.x) in that [any API breaking changes +necessitate a major version](https://go.dev/doc/modules/release-workflow#breaking) +increase which technically creates a new go module +(with a v2, v3, etc. suffix). + +[Keeping modules API compatible](https://go.dev/blog/module-compatibility) in +this way requires a fair amount of fair thought and discipline. + +The Cosmos SDK is a fairly large project which originated before go modules +came into existence and has always been under a v0.x release even though +it has been used in production for years now, not because it isn't production +quality software, but rather because the API compatibility guarantees required +by go modules are fairly complex to adhere to with such a large project. +Up to now, it has generally been deemed more important to be able to break the +API if needed rather than require all users update all package import paths +to accommodate breaking changes causing v2, v3, etc. releases. This is in +addition to the other complexities related to protobuf generated code that will +be addressed in a separate ADR. + +Nevertheless, the desire for semantic versioning has been [strong in the +community](https://github.com/cosmos/cosmos-sdk/discussions/10162) and the +single go module release process has made it very hard to +release small changes to isolated features in a timely manner. Release cycles +often exceed six months which means small improvements done in a day or +two get bottle-necked by everything else in the monolithic release cycle. + +## Decision + +To improve the current situation, the SDK is being refactored into multiple +go modules within the current repository. There has been a [fair amount of +debate](https://github.com/cosmos/cosmos-sdk/discussions/10582#discussioncomment-1813377) +as to how to do this, with some developers arguing for larger vs smaller +module scopes. There are pros and cons to both approaches (which will be +discussed below in the [Consequences](#consequences) section), but the +approach being adopted is the following: + +* a go module should generally be scoped to a specific coherent set of +functionality (such as math, errors, store, etc.) +* when code is removed from the core SDK and moved to a new module path, every +effort should be made to avoid API breaking changes in the existing code using +aliases and wrapper types (as done in https://github.com/cosmos/cosmos-sdk/pull/10779 +and https://github.com/cosmos/cosmos-sdk/pull/11788) +* new go modules should be moved to a standalone domain (`cosmossdk.io`) before +being tagged as `v1.0.0` to accommodate the possibility that they may be +better served by a standalone repository in the future +* all go modules should follow the guidelines in https://go.dev/blog/module-compatibility +before `v1.0.0` is tagged and should make use of `internal` packages to limit +the exposed API surface +* the new go module's API may deviate from the existing code where there are +clear improvements to be made or to remove legacy dependencies (for instance on +amino or gogo proto), as long the old package attempts +to avoid API breakage with aliases and wrappers +* care should be taken when simply trying to turn an existing package into a +new go module: https://github.com/golang/go/wiki/Modules#is-it-possible-to-add-a-module-to-a-multi-module-repository. +In general, it seems safer to just create a new module path (appending v2, v3, etc. +if necessary), rather than trying to make an old package a new module. + +## Consequences + +### Backwards Compatibility + +If the above guidelines are followed to use aliases or wrapper types pointing +in existing APIs that point back to the new go modules, there should be no or +very limited breaking changes to existing APIs. + +### Positive + +* standalone pieces of software will reach `v1.0.0` sooner +* new features to specific functionality will be released sooner + +### Negative + +* there will be more go module versions to update in the SDK itself and +per-project, although most of these will hopefully be indirect + +### Neutral + +## Further Discussions + +Further discussions are occurring in primarily in +https://github.com/cosmos/cosmos-sdk/discussions/10582 and within +the Cosmos SDK Framework Working Group. + +## References + +* https://go.dev/doc/modules/release-workflow +* https://go.dev/blog/module-compatibility +* https://github.com/cosmos/cosmos-sdk/discussions/10162 +* https://github.com/cosmos/cosmos-sdk/discussions/10582 +* https://github.com/cosmos/cosmos-sdk/pull/10779 +* https://github.com/cosmos/cosmos-sdk/pull/11788 diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-054-semver-compatible-modules.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-054-semver-compatible-modules.md new file mode 100644 index 00000000..ed2a5f3f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-054-semver-compatible-modules.md @@ -0,0 +1,728 @@ +# ADR 054: Semver Compatible SDK Modules + +## Changelog + +* 2022-04-27: First draft + +## Status + +DRAFT + +## Abstract + +In order to move the Cosmos SDK to a system of decoupled semantically versioned +modules which can be composed in different combinations (ex. staking v3 with +bank v1 and distribution v2), we need to reassess how we organize the API surface +of modules to avoid problems with go semantic import versioning and +circular dependencies. This ADR explores various approaches we can take to +addressing these issues. + +## Context + +There has been [a fair amount of desire](https://github.com/cosmos/cosmos-sdk/discussions/10162) +in the community for semantic versioning in the SDK and there has been significant +movement to splitting SDK modules into [standalone go modules](https://github.com/cosmos/cosmos-sdk/issues/11899). +Both of these will ideally allow the ecosystem to move faster because we won't +be waiting for all dependencies to update synchronously. For instance, we could +have 3 versions of the core SDK compatible with the latest 2 releases of +CosmWasm as well as 4 different versions of staking . This sort of setup would +allow early adopters to aggressively integrate new versions, while allowing +more conservative users to be selective about which versions they're ready for. + +In order to achieve this, we need to solve the following problems: + +1. because of the way [go semantic import versioning](https://research.swtch.com/vgo-import) (SIV) + works, moving to SIV naively will actually make it harder to achieve these goals +2. circular dependencies between modules need to be broken to actually release + many modules in the SDK independently +3. pernicious minor version incompatibilities introduced through correctly + [evolving protobuf schemas](https://developers.google.com/protocol-buffers/docs/proto3#updating) + without correct [unknown field filtering](adr-020-protobuf-transaction-encoding.md#unknown-field-filtering) + +Note that all the following discussion assumes that the proto file versioning and state machine versioning of a module +are distinct in that: + +* proto files are maintained in a non-breaking way (using something + like [buf breaking](https://docs.buf.build/breaking/overview) + to ensure all changes are backwards compatible) +* proto file versions get bumped much less frequently, i.e. we might maintain `cosmos.bank.v1` through many versions + of the bank module state machine +* state machine breaking changes are more common and ideally this is what we'd want to semantically version with + go modules, ex. `x/bank/v2`, `x/bank/v3`, etc. + +### Problem 1: Semantic Import Versioning Compatibility + +Consider we have a module `foo` which defines the following `MsgDoSomething` and that we've released its state +machine in go module `example.com/foo`: + +```protobuf +package foo.v1; + +message MsgDoSomething { + string sender = 1; + uint64 amount = 2; +} + +service Msg { + DoSomething(MsgDoSomething) returns (MsgDoSomethingResponse); +} +``` + +Now consider that we make a revision to this module and add a new `condition` field to `MsgDoSomething` and also +add a new validation rule on `amount` requiring it to be non-zero, and that following go semantic versioning we +release the next state machine version of `foo` as `example.com/foo/v2`. + +```protobuf +// Revision 1 +package foo.v1; + +message MsgDoSomething { + string sender = 1; + + // amount must be a non-zero integer. + uint64 amount = 2; + + // condition is an optional condition on doing the thing. + // + // Since: Revision 1 + Condition condition = 3; +} +``` + +Approaching this naively, we would generate the protobuf types for the initial +version of `foo` in `example.com/foo/types` and we would generate the protobuf +types for the second version in `example.com/foo/v2/types`. + +Now let's say we have a module `bar` which talks to `foo` using this keeper +interface which `foo` provides: + +```go +type FooKeeper interface { + DoSomething(MsgDoSomething) error +} +``` + +#### Scenario A: Backward Compatibility: Newer Foo, Older Bar + +Imagine we have a chain which uses both `foo` and `bar` and wants to upgrade to +`foo/v2`, but the `bar` module has not upgraded to `foo/v2`. + +In this case, the chain will not be able to upgrade to `foo/v2` until `bar` +has upgraded its references to `example.com/foo/types.MsgDoSomething` to +`example.com/foo/v2/types.MsgDoSomething`. + +Even if `bar`'s usage of `MsgDoSomething` has not changed at all, the upgrade +will be impossible without this change because `example.com/foo/types.MsgDoSomething` +and `example.com/foo/v2/types.MsgDoSomething` are fundamentally different +incompatible structs in the go type system. + +#### Scenario B: Forward Compatibility: Older Foo, Newer Bar + +Now let's consider the reverse scenario, where `bar` upgrades to `foo/v2` +by changing the `MsgDoSomething` reference to `example.com/foo/v2/types.MsgDoSomething` +and releases that as `bar/v2` with some other changes that a chain wants. +The chain, however, has decided that it thinks the changes in `foo/v2` are too +risky and that it'd prefer to stay on the initial version of `foo`. + +In this scenario, it is impossible to upgrade to `bar/v2` without upgrading +to `foo/v2` even if `bar/v2` would have worked 100% fine with `foo` other +than changing the import path to `MsgDoSomething` (meaning that `bar/v2` +doesn't actually use any new features of `foo/v2`). + +Now because of the way go semantic import versioning works, we are locked +into either using `foo` and `bar` OR `foo/v2` and `bar/v2`. We cannot have +`foo` + `bar/v2` OR `foo/v2` + `bar`. The go type system doesn't allow this +even if both versions of these modules are otherwise compatible with each +other. + +#### Naive Mitigation + +A naive approach to fixing this would be to not regenerate the protobuf types +in `example.com/foo/v2/types` but instead just update `example.com/foo/types` +to reflect the changes needed for `v2` (adding `condition` and requiring +`amount` to be non-zero). Then we could release a patch of `example.com/foo/types` +with this update and use that for `foo/v2`. But this change is state machine +breaking for `v1`. It requires changing the `ValidateBasic` method to reject +the case where `amount` is zero, and it adds the `condition` field which +should be rejected based +on [ADR 020 unknown field filtering](adr-020-protobuf-transaction-encoding.md#unknown-field-filtering). +So adding these changes as a patch on `v1` is actually incorrect based on semantic +versioning. Chains that want to stay on `v1` of `foo` should not +be importing these changes because they are incorrect for `v1.` + +### Problem 2: Circular dependencies + +None of the above approaches allow `foo` and `bar` to be separate modules +if for some reason `foo` and `bar` depend on each other in different ways. +For instance, we can't have `foo` import `bar/types` while `bar` imports +`foo/types`. + +We have several cases of circular module dependencies in the SDK +(ex. staking, distribution and slashing) that are legitimate from a state machine +perspective. Without separating the API types out somehow, there would be +no way to independently semantically version these modules without some other +mitigation. + +### Problem 3: Handling Minor Version Incompatibilities + +Imagine that we solve the first two problems but now have a scenario where +`bar/v2` wants the option to use `MsgDoSomething.condition` which only `foo/v2` +supports. If `bar/v2` works with `foo` `v1` and sets `condition` to some non-nil +value, then `foo` will silently ignore this field resulting in a silent logic +possibly dangerous logic error. If `bar/v2` were able to check whether `foo` was +on `v1` or `v2` and dynamically, it could choose to only use `condition` when +`foo/v2` is available. Even if `bar/v2` were able to perform this check, however, +how do we know that it is always performing the check properly. Without +some sort of +framework-level [unknown field filtering](adr-020-protobuf-transaction-encoding.md#unknown-field-filtering), +it is hard to know whether these pernicious hard to detect bugs are getting into +our app and a client-server layer such as [ADR 033: Inter-Module Communication](adr-033-protobuf-inter-module-comm.md) +may be needed to do this. + +## Solutions + +### Approach A) Separate API and State Machine Modules + +One solution (first proposed in https://github.com/cosmos/cosmos-sdk/discussions/10582) is to isolate all protobuf +generated code into a separate module +from the state machine module. This would mean that we could have state machine +go modules `foo` and `foo/v2` which could use a types or API go module say +`foo/api`. This `foo/api` go module would be perpetually on `v1.x` and only +accept non-breaking changes. This would then allow other modules to be +compatible with either `foo` or `foo/v2` as long as the inter-module API only +depends on the types in `foo/api`. It would also allow modules `foo` and `bar` +to depend on each other in that both of them could depend on `foo/api` and +`bar/api` without `foo` directly depending on `bar` and vice versa. + +This is similar to the naive mitigation described above except that it separates +the types into separate go modules which in and of itself could be used to +break circular module dependencies. It has the same problems as the naive solution, +otherwise, which we could rectify by: + +1. removing all state machine breaking code from the API module (ex. `ValidateBasic` and any other interface methods) +2. embedding the correct file descriptors for unknown field filtering in the binary + +#### Migrate all interface methods on API types to handlers + +To solve 1), we need to remove all interface implementations from generated +types and instead use a handler approach which essentially means that given +a type `X`, we have some sort of resolver which allows us to resolve interface +implementations for that type (ex. `sdk.Msg` or `authz.Authorization`). For +example: + +```go +func (k Keeper) DoSomething(msg MsgDoSomething) error { + var validateBasicHandler ValidateBasicHandler + err := k.resolver.Resolve(&validateBasic, msg) + if err != nil { + return err + } + + err = validateBasicHandler.ValidateBasic() + ... +} +``` + +In the case of some methods on `sdk.Msg`, we could replace them with declarative +annotations. For instance, `GetSigners` can already be replaced by the protobuf +annotation `cosmos.msg.v1.signer`. In the future, we may consider some sort +of protobuf validation framework (like https://github.com/bufbuild/protoc-gen-validate +but more Cosmos-specific) to replace `ValidateBasic`. + +#### Pinned FileDescriptor's + +To solve 2), state machine modules must be able to specify what the version of +the protobuf files was that they were built against. For instance if the API +module for `foo` upgrades to `foo/v2`, the original `foo` module still needs +a copy of the original protobuf files it was built with so that ADR 020 +unknown field filtering will reject `MsgDoSomething` when `condition` is +set. + +The simplest way to do this may be to embed the protobuf `FileDescriptor`s into +the module itself so that these `FileDescriptor`s are used at runtime rather +than the ones that are built into the `foo/api` which may be different. Using +[buf build](https://docs.buf.build/build/usage#output-format), [go embed](https://pkg.go.dev/embed), +and a build script we can probably come up with a solution for embedding +`FileDescriptor`s into modules that is fairly straightforward. + +#### Potential limitations to generated code + +One challenge with this approach is that it places heavy restrictions on what +can go in API modules and requires that most of this is state machine breaking. +All or most of the code in the API module would be generated from protobuf +files, so we can probably control this with how code generation is done, but +it is a risk to be aware of. + +For instance, we do code generation for the ORM that in the future could +contain optimizations that are state machine breaking. We +would either need to ensure very carefully that the optimizations aren't +actually state machine breaking in generated code or separate this generated code +out from the API module into the state machine module. Both of these mitigations +are potentially viable but the API module approach does require an extra level +of care to avoid these sorts of issues. + +#### Minor Version Incompatibilities + +This approach in and of itself does little to address any potential minor +version incompatibilities and the +requisite [unknown field filtering](adr-020-protobuf-transaction-encoding.md#unknown-field-filtering). +Likely some sort of client-server routing layer which does this check such as +[ADR 033: Inter-Module communication](adr-033-protobuf-inter-module-comm.md) +is required to make sure that this is done properly. We could then allow +modules to perform a runtime check given a `MsgClient`, ex: + +```go +func (k Keeper) CallFoo() error { + if k.interModuleClient.MinorRevision(k.fooMsgClient) >= 2 { + k.fooMsgClient.DoSomething(&MsgDoSomething{Condition: ...}) + } else { + ... + } +} +``` + +To do the unknown field filtering itself, the ADR 033 router would need to use +the [protoreflect API](https://pkg.go.dev/google.golang.org/protobuf/reflect/protoreflect) +to ensure that no fields unknown to the receiving module are set. This could +result in an undesirable performance hit depending on how complex this logic is. + +### Approach B) Changes to Generated Code + +An alternate approach to solving the versioning problem is to change how protobuf code is generated and move modules +mostly or completely in the direction of inter-module communication as described +in [ADR 033](adr-033-protobuf-inter-module-comm.md). +In this paradigm, a module could generate all the types it needs internally - including the API types of other modules - +and talk to other modules via a client-server boundary. For instance, if `bar` needs to talk to `foo`, it could +generate its own version of `MsgDoSomething` as `bar/internal/foo/v1.MsgDoSomething` and just pass this to the +inter-module router which would somehow convert it to the version which foo needs (ex. `foo/internal.MsgDoSomething`). + +Currently, two generated structs for the same protobuf type cannot exist in the same go binary without special +build flags (see https://developers.google.com/protocol-buffers/docs/reference/go/faq#fix-namespace-conflict). +A relatively simple mitigation to this issue would be to set up the protobuf code to not register protobuf types +globally if they are generated in an `internal/` package. This will require modules to register their types manually +with the app-level level protobuf registry, this is similar to what modules already do with the `InterfaceRegistry` +and amino codec. + +If modules _only_ do ADR 033 message passing then a naive and non-performant solution for +converting `bar/internal/foo/v1.MsgDoSomething` +to `foo/internal.MsgDoSomething` would be marshaling and unmarshaling in the ADR 033 router. This would break down if +we needed to expose protobuf types in `Keeper` interfaces because the whole point is to try to keep these types +`internal/` so that we don't end up with all the import version incompatibilities we've described above. However, +because of the issue with minor version incompatibilities and the need +for [unknown field filtering](adr-020-protobuf-transaction-encoding.md#unknown-field-filtering), +sticking with the `Keeper` paradigm instead of ADR 033 may be unviable to begin with. + +A more performant solution (that could maybe be adapted to work with `Keeper` interfaces) would be to only expose +getters and setters for generated types and internally store data in memory buffers which could be passed from +one implementation to another in a zero-copy way. + +For example, imagine this protobuf API with only getters and setters is exposed for `MsgSend`: + +```go +type MsgSend interface { + proto.Message + GetFromAddress() string + GetToAddress() string + GetAmount() []v1beta1.Coin + SetFromAddress(string) + SetToAddress(string) + SetAmount([]v1beta1.Coin) +} + +func NewMsgSend() MsgSend { return &msgSendImpl{memoryBuffers: ...} } +``` + +Under the hood, `MsgSend` could be implemented based on some raw memory buffer in the same way +that [Cap'n Proto](https://capnproto.org) +and [FlatBuffers](https://google.github.io/flatbuffers/) so that we could convert between one version of `MsgSend` +and another without serialization (i.e. zero-copy). This approach would have the added benefits of allowing zero-copy +message passing to modules written in other languages such as Rust and accessed through a VM or FFI. It could also make +unknown field filtering in inter-module communication simpler if we require that all new fields are added in sequential +order, ex. just checking that no field `> 5` is set. + +Also, we wouldn't have any issues with state machine breaking code on generated types because all the generated +code used in the state machine would actually live in the state machine module itself. Depending on how interface +types and protobuf `Any`s are used in other languages, however, it may still be desirable to take the handler +approach described in approach A. Either way, types implementing interfaces would still need to be registered +with an `InterfaceRegistry` as they are now because there would be no way to retrieve them via the global registry. + +In order to simplify access to other modules using ADR 033, a public API module (maybe even one +[remotely generated by Buf](https://docs.buf.build/bsr/remote-generation/go)) could be used by client modules instead +of requiring to generate all client types internally. + +The big downsides of this approach are that it requires big changes to how people use protobuf types and would be a +substantial rewrite of the protobuf code generator. This new generated code, however, could still be made compatible +with +the [`google.golang.org/protobuf/reflect/protoreflect`](https://pkg.go.dev/google.golang.org/protobuf/reflect/protoreflect) +API in order to work with all standard golang protobuf tooling. + +It is possible that the naive approach of marshaling/unmarshaling in the ADR 033 router is an acceptable intermediate +solution if the changes to the code generator are seen as too complex. However, since all modules would likely need +to migrate to ADR 033 anyway with this approach, it might be better to do this all at once. + +### Approach C) Don't address these issues + +If the above solutions are seen as too complex, we can also decide not to do anything explicit to enable better module +version compatibility, and break circular dependencies. + +In this case, when developers are confronted with the issues described above they can require dependencies to update in +sync (what we do now) or attempt some ad-hoc potentially hacky solution. + +One approach is to ditch go semantic import versioning (SIV) altogether. Some people have commented that go's SIV +(i.e. changing the import path to `foo/v2`, `foo/v3`, etc.) is too restrictive and that it should be optional. The +golang maintainers disagree and only officially support semantic import versioning. We could, however, take the +contrarian perspective and get more flexibility by using 0.x-based versioning basically forever. + +Module version compatibility could then be achieved using go.mod replace directives to pin dependencies to specific +compatible 0.x versions. For instance if we knew `foo` 0.2 and 0.3 were both compatible with `bar` 0.3 and 0.4, we +could use replace directives in our go.mod to stick to the versions of `foo` and `bar` we want. This would work as +long as the authors of `foo` and `bar` avoid incompatible breaking changes between these modules. + +Or, if developers choose to use semantic import versioning, they can attempt the naive solution described above +and would also need to use special tags and replace directives to make sure that modules are pinned to the correct +versions. + +Note, however, that all of these ad-hoc approaches, would be vulnerable to the minor version compatibility issues +described above unless [unknown field filtering](adr-020-protobuf-transaction-encoding.md#unknown-field-filtering) +is properly addressed. + +### Approach D) Avoid protobuf generated code in public APIs + +An alternative approach would be to avoid protobuf generated code in public module APIs. This would help avoid the +discrepancy between state machine versions and client API versions at the module to module boundaries. It would mean +that we wouldn't do inter-module message passing based on ADR 033, but rather stick to the existing keeper approach +and take it one step further by avoiding any protobuf generated code in the keeper interface methods. + +Using this approach, our `foo.Keeper.DoSomething` method wouldn't have the generated `MsgDoSomething` struct (which +comes from the protobuf API), but instead positional parameters. Then in order for `foo/v2` to support the `foo/v1` +keeper it would simply need to implement both the v1 and v2 keeper APIs. The `DoSomething` method in v2 could have the +additional `condition` parameter, but this wouldn't be present in v1 at all so there would be no danger of a client +accidentally setting this when it isn't available. + +So this approach would avoid the challenge around minor version incompatibilities because the existing module keeper +API would not get new fields when they are added to protobuf files. + +Taking this approach, however, would likely require making all protobuf generated code internal in order to prevent +it from leaking into the keeper API. This means we would still need to modify the protobuf code generator to not +register `internal/` code with the global registry, and we would still need to manually register protobuf +`FileDescriptor`s (this is probably true in all scenarios). It may, however, be possible to avoid needing to refactor +interface methods on generated types to handlers. + +Also, this approach doesn't address what would be done in scenarios where modules still want to use the message router. +Either way, we probably still want a way to pass messages from one module to another router safely even if it's just for +use cases like `x/gov`, `x/authz`, CosmWasm, etc. That would still require most of the things outlined in approach (B), +although we could advise modules to prefer keepers for communicating with other modules. + +The biggest downside of this approach is probably that it requires a strict refactoring of keeper interfaces to avoid +generated code leaking into the API. This may result in cases where we need to duplicate types that are already defined +in proto files and then write methods for converting between the golang and protobuf version. This may end up in a lot +of unnecessary boilerplate and that may discourage modules from actually adopting it and achieving effective version +compatibility. Approaches (A) and (B), although heavy handed initially, aim to provide a system which once adopted +more or less gives the developer version compatibility for free with minimal boilerplate. Approach (D) may not be able +to provide such a straightforward system since it requires a golang API to be defined alongside a protobuf API in a +way that requires duplication and differing sets of design principles (protobuf APIs encourage additive changes +while golang APIs would forbid it). + +Other downsides to this approach are: +* no clear roadmap to supporting modules in other languages like Rust +* doesn't get us any closer to proper object capability security (one of the goals of ADR 033) +* ADR 033 needs to be done properly anyway for the set of use cases which do need it + +## Decision + +The latest **DRAFT** proposal is: + +1. we are alignment on adopting [ADR 033](adr-033-protobuf-inter-module-comm.md) not just as an addition to the + framework, but as a core replacement to the keeper paradigm entirely. +2. the ADR 033 inter-module router will accommodate any variation of approach (A) or (B) given the following rules: + a. if the client type is the same as the server type then pass it directly through, + b. if both client and server use the zero-copy generated code wrappers (which still need to be defined), then pass + the memory buffers from one wrapper to the other, or + c. marshal/unmarshal types between client and server. + +This approach will allow for both maximal correctness and enable a clear path to enabling modules within in other +languages, possibly executed within a WASM VM. + +### Minor API Revisions + +To declare minor API revisions of proto files, we propose the following guidelines (which were already documented +in [cosmos.app.v1alpha module options](../proto/cosmos/app/v1alpha1/module.proto)): +* proto packages which are revised from their initial version (considered revision `0`) should include a `package` +* comment in some .proto file containing the test `Revision N` at the start of a comment line where `N` is the current +revision number. +* all fields, messages, etc. added in a version beyond the initial revision should add a comment at the start of a +comment line of the form `Since: Revision N` where `N` is the non-zero revision it was added. + +It is advised that there is a 1:1 correspondence between a state machine module and versioned set of proto files +which are versioned either as a buf module a go API module or both. If the buf schema registry is used, the version of +this buf module should always be `1.N` where `N` corresponds to the package revision. Patch releases should be used when +only documentation comments are updated. It is okay to include proto packages named `v2`, `v3`, etc. in this same +`1.N` versioned buf module (ex. `cosmos.bank.v2`) as long as all these proto packages consist of a single API intended +to be served by a single SDK module. + +### Introspecting Minor API Revisions + +In order for modules to introspect the minor API revision of peer modules, we propose adding the following method +to `cosmossdk.io/core/intermodule.Client`: + +```go +ServiceRevision(ctx context.Context, serviceName string) uint64 +``` + +Modules could all this using the service name statically generated by the go grpc code generator: + +```go +intermoduleClient.ServiceRevision(ctx, bankv1beta1.Msg_ServiceDesc.ServiceName) +``` + +In the future, we may decide to extend the code generator used for protobuf services to add a field +to client types which does this check more concisely, ex: + +```go +package bankv1beta1 + +type MsgClient interface { + Send(context.Context, MsgSend) (MsgSendResponse, error) + ServiceRevision(context.Context) uint64 +} +``` + +### Unknown Field Filtering + +To correctly perform [unknown field filtering](adr-020-protobuf-transaction-encoding.md#unknown-field-filtering), +the inter-module router can do one of the following: + +* use the `protoreflect` API for messages which support that +* for gogo proto messages, marshal and use the existing `codec/unknownproto` code +* for zero-copy messages, do a simple check on the highest set field number (assuming we can require that fields are + adding consecutively in increasing order) + +### `FileDescriptor` Registration + +Because a single go binary may contain different versions of the same generated protobuf code, we cannot rely on the +global protobuf registry to contain the correct `FileDescriptor`s. Because `appconfig` module configuration is itself +written in protobuf, we would like to load the `FileDescriptor`s for a module before loading a module itself. So we +will provide ways to register `FileDescriptor`s at module registration time before instantiation. We propose the +following `cosmossdk.io/core/appmodule.Option` constructors for the various cases of how `FileDescriptor`s may be +packaged: + +```go +package appmodule + +// this can be used when we are using google.golang.org/protobuf compatible generated code +// Ex: +// ProtoFiles(bankv1beta1.File_cosmos_bank_v1beta1_module_proto) +func ProtoFiles(file []protoreflect.FileDescriptor) Option {} + +// this can be used when we are using gogo proto generated code. +func GzippedProtoFiles(file [][]byte) Option {} + +// this can be used when we are using buf build to generated a pinned file descriptor +func ProtoImage(protoImage []byte) Option {} +``` + +This approach allows us to support several ways protobuf files might be generated: +* proto files generated internally to a module (use `ProtoFiles`) +* the API module approach with pinned file descriptors (use `ProtoImage`) +* gogo proto (use `GzippedProtoFiles`) + +### Module Dependency Declaration + +One risk of ADR 033 is that dependencies are called at runtime which are not present in the loaded set of SDK modules. +Also we want modules to have a way to define a minimum dependency API revision that they require. Therefore, all +modules should declare their set of dependencies upfront. These dependencies could be defined when a module is +instantiated, but ideally we know what the dependencies are before instantiation and can statically look at an app +config and determine whether the set of modules. For example, if `bar` requires `foo` revision `>= 1`, then we +should be able to know this when creating an app config with two versions of `bar` and `foo`. + +We propose defining these dependencies in the proto options of the module config object itself. + +### Interface Registration + +We will also need to define how interface methods are defined on types that are serialized as `google.protobuf.Any`'s. +In light of the desire to support modules in other languages, we may want to think of solutions that will accommodate +other languages such as plugins described briefly in [ADR 033](adr-033-protobuf-inter-module-comm.md#internal-methods). + +### Testing + +In order to ensure that modules are indeed with multiple versions of their dependencies, we plan to provide specialized +unit and integration testing infrastructure that automatically tests multiple versions of dependencies. + +#### Unit Testing + +Unit tests should be conducted inside SDK modules by mocking their dependencies. In a full ADR 033 scenario, +this means that all interaction with other modules is done via the inter-module router, so mocking of dependencies +means mocking their msg and query server implementations. We will provide both a test runner and fixture to make this +streamlined. The key thing that the test runner should do to test compatibility is to test all combinations of +dependency API revisions. This can be done by taking the file descriptors for the dependencies, parsing their comments +to determine the revisions various elements were added, and then created synthetic file descriptors for each revision +by subtracting elements that were added later. + +Here is a proposed API for the unit test runner and fixture: + +```go +package moduletesting + +import ( + "context" + "testing" + + "cosmossdk.io/core/intermodule" + "cosmossdk.io/depinject" + "google.golang.org/grpc" + "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/reflect/protodesc" +) + +type TestFixture interface { + context.Context + intermodule.Client // for making calls to the module we're testing + BeginBlock() + EndBlock() +} + +type UnitTestFixture interface { + TestFixture + grpc.ServiceRegistrar // for registering mock service implementations +} + +type UnitTestConfig struct { + ModuleConfig proto.Message // the module's config object + DepinjectConfig depinject.Config // optional additional depinject config options + DependencyFileDescriptors []protodesc.FileDescriptorProto // optional dependency file descriptors to use instead of the global registry +} + +// Run runs the test function for all combinations of dependency API revisions. +func (cfg UnitTestConfig) Run(t *testing.T, f func(t *testing.T, f UnitTestFixture)) { + // ... +} +``` + +Here is an example for testing bar calling foo which takes advantage of conditional service revisions in the expected +mock arguments: + +```go +func TestBar(t *testing.T) { + UnitTestConfig{ModuleConfig: &foomodulev1.Module{}}.Run(t, func (t *testing.T, f moduletesting.UnitTestFixture) { + ctrl := gomock.NewController(t) + mockFooMsgServer := footestutil.NewMockMsgServer() + foov1.RegisterMsgServer(f, mockFooMsgServer) + barMsgClient := barv1.NewMsgClient(f) + if f.ServiceRevision(foov1.Msg_ServiceDesc.ServiceName) >= 1 { + mockFooMsgServer.EXPECT().DoSomething(gomock.Any(), &foov1.MsgDoSomething{ + ..., + Condition: ..., // condition is expected in revision >= 1 + }).Return(&foov1.MsgDoSomethingResponse{}, nil) + } else { + mockFooMsgServer.EXPECT().DoSomething(gomock.Any(), &foov1.MsgDoSomething{...}).Return(&foov1.MsgDoSomethingResponse{}, nil) + } + res, err := barMsgClient.CallFoo(f, &MsgCallFoo{}) + ... + }) +} +``` + +The unit test runner would make sure that no dependency mocks return arguments which are invalid for the service +revision being tested to ensure that modules don't incorrectly depend on functionality not present in a given revision. + +#### Integration Testing + +An integration test runner and fixture would also be provided which instead of using mocks would test actual module +dependencies in various combinations. Here is the proposed API: + +```go +type IntegrationTestFixture interface { + TestFixture +} + +type IntegrationTestConfig struct { + ModuleConfig proto.Message // the module's config object + DependencyMatrix map[string][]proto.Message // all the dependent module configs +} + +// Run runs the test function for all combinations of dependency modules. +func (cfg IntegationTestConfig) Run(t *testing.T, f func (t *testing.T, f IntegrationTestFixture)) { + // ... +} +``` + +And here is an example with foo and bar: + +```go +func TestBarIntegration(t *testing.T) { + IntegrationTestConfig{ + ModuleConfig: &barmodulev1.Module{}, + DependencyMatrix: map[string][]proto.Message{ + "runtime": []proto.Message{ // test against two versions of runtime + &runtimev1.Module{}, + &runtimev2.Module{}, + }, + "foo": []proto.Message{ // test against three versions of foo + &foomodulev1.Module{}, + &foomodulev2.Module{}, + &foomodulev3.Module{}, + } + } + }.Run(t, func (t *testing.T, f moduletesting.IntegrationTestFixture) { + barMsgClient := barv1.NewMsgClient(f) + res, err := barMsgClient.CallFoo(f, &MsgCallFoo{}) + ... + }) +} +``` + +Unlike unit tests, integration tests actually pull in other module dependencies. So that modules can be written +without direct dependencies on other modules and because golang has no concept of development dependencies, integration +tests should be written in separate go modules, ex. `example.com/bar/v2/test`. Because this paradigm uses go semantic +versioning, it is possible to build a single go module which imports 3 versions of bar and 2 versions of runtime and +can test these all together in the six various combinations of dependencies. + +## Consequences + +### Backwards Compatibility + +Modules which migrate fully to ADR 033 will not be compatible with existing modules which use the keeper paradigm. +As a temporary workaround we may create some wrapper types that emulate the current keeper interface to minimize +the migration overhead. + +### Positive + +* we will be able to deliver interoperable semantically versioned modules which should dramatically increase the + ability of the Cosmos SDK ecosystem to iterate on new features +* it will be possible to write Cosmos SDK modules in other languages in the near future + +### Negative + +* all modules will need to be refactored somewhat dramatically + +### Neutral + +* the `cosmossdk.io/core/appconfig` framework will play a more central role in terms of how modules are defined, this + is likely generally a good thing but does mean additional changes for users wanting to stick to the pre-depinject way + of wiring up modules +* `depinject` is somewhat less needed or maybe even obviated because of the full ADR 033 approach. If we adopt the + core API proposed in https://github.com/cosmos/cosmos-sdk/pull/12239, then a module would probably always instantiate + itself with a method `ProvideModule(appmodule.Service) (appmodule.AppModule, error)`. There is no complex wiring of + keeper dependencies in this scenario and dependency injection may not have as much of (or any) use case. + +## Further Discussions + +The decision described above is considered in draft mode and is pending final buy-in from the team and key stakeholders. +Key outstanding discussions if we do adopt that direction are: + +* how do module clients introspect dependency module API revisions +* how do modules determine a minor dependency module API revision requirement +* how do modules appropriately test compatibility with different dependency versions +* how to register and resolve interface implementations +* how do modules register their protobuf file descriptors depending on the approach they take to generated code (the + API module approach may still be viable as a supported strategy and would need pinned file descriptors) + +## References + +* https://github.com/cosmos/cosmos-sdk/discussions/10162 +* https://github.com/cosmos/cosmos-sdk/discussions/10582 +* https://github.com/cosmos/cosmos-sdk/discussions/10368 +* https://github.com/cosmos/cosmos-sdk/pull/11340 +* https://github.com/cosmos/cosmos-sdk/issues/11899 +* [ADR 020](adr-020-protobuf-transaction-encoding.md) +* [ADR 033](adr-033-protobuf-inter-module-comm.md) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-055-orm.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-055-orm.md new file mode 100644 index 00000000..be7255f0 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-055-orm.md @@ -0,0 +1,113 @@ +# ADR 055: ORM + +## Changelog + +* 2022-04-27: First draft + +## Status + +ACCEPTED Implemented + +## Abstract + +In order to make it easier for developers to build Cosmos SDK modules and for clients to query, index and verify proofs +against state data, we have implemented an ORM (object-relational mapping) layer for the Cosmos SDK. + +## Context + +Historically modules in the Cosmos SDK have always used the key-value store directly and created various handwritten +functions for managing key format as well as constructing secondary indexes. This consumes a significant amount of +time when building a module and is error-prone. Because key formats are non-standard, sometimes poorly documented, +and subject to change, it is hard for clients to generically index, query and verify merkle proofs against state data. + +The known first instance of an "ORM" in the Cosmos ecosystem was in [weave](https://github.com/iov-one/weave/tree/master/orm). +A later version was built for [regen-ledger](https://github.com/regen-network/regen-ledger/tree/157181f955823149e1825263a317ad8e16096da4/orm) for +use in the group module and later [ported to the SDK](https://github.com/cosmos/cosmos-sdk/tree/35d3312c3be306591fcba39892223f1244c8d108/x/group/internal/orm) +just for that purpose. + +While these earlier designs made it significantly easier to write state machines, they still required a lot of manual +configuration, didn't expose state format directly to clients, and were limited in their support of different types +of index keys, composite keys, and range queries. + +Discussions about the design continued in https://github.com/cosmos/cosmos-sdk/discussions/9156 and more +sophisticated proofs of concept were created in https://github.com/allinbits/cosmos-sdk-poc/tree/master/runtime/orm +and https://github.com/cosmos/cosmos-sdk/pull/10454. + +## Decision + +These prior efforts culminated in the creation of the Cosmos SDK `orm` go module which uses protobuf annotations +for specifying ORM table definitions. This ORM is based on the new `google.golang.org/protobuf/reflect/protoreflect` +API and supports: + +* sorted indexes for all simple protobuf types (except `bytes`, `enum`, `float`, `double`) as well as `Timestamp` and `Duration` +* unsorted `bytes` and `enum` indexes +* composite primary and secondary keys +* unique indexes +* auto-incrementing `uint64` primary keys +* complex prefix and range queries +* paginated queries +* complete logical decoding of KV-store data + +Almost all the information needed to decode state directly is specified in .proto files. Each table definition specifies +an ID which is unique per .proto file and each index within a table is unique within that table. Clients then only need +to know the name of a module and the prefix ORM data for a specific .proto file within that module in order to decode +state data directly. This additional information will be exposed directly through app configs which will be explained +in a future ADR related to app wiring. + +The ORM makes optimizations around storage space by not repeating values in the primary key in the key value +when storing primary key records. For example, if the object `{"a":0,"b":1}` has the primary key `a`, it will +be stored in the key value store as `Key: '0', Value: {"b":1}` (with more efficient protobuf binary encoding). +Also, the generated code from https://github.com/cosmos/cosmos-proto does optimizations around the +`google.golang.org/protobuf/reflect/protoreflect` API to improve performance. + +A code generator is included with the ORM which creates type safe wrappers around the ORM's dynamic `Table` +implementation and is the recommended way for modules to use the ORM. + +The ORM tests provide a simplified bank module demonstration which illustrates: +* [ORM proto options](https://github.com/cosmos/cosmos-sdk/blob/0d846ae2f0424b2eb640f6679a703b52d407813d/orm/internal/testpb/bank.proto) +* [Generated Code](https://github.com/cosmos/cosmos-sdk/blob/0d846ae2f0424b2eb640f6679a703b52d407813d/orm/internal/testpb/bank.cosmos_orm.go) +* [Example Usage in a Module Keeper](https://github.com/cosmos/cosmos-sdk/blob/0d846ae2f0424b2eb640f6679a703b52d407813d/orm/model/ormdb/module_test.go) + +## Consequences + +### Backwards Compatibility + +State machine code that adopts the ORM will need migrations as the state layout is generally backwards incompatible. +These state machines will also need to migrate to https://github.com/cosmos/cosmos-proto at least for state data. + +### Positive + +* easier to build modules +* easier to add secondary indexes to state +* possible to write a generic indexer for ORM state +* easier to write clients that do state proofs +* possible to automatically write query layers rather than needing to manually implement gRPC queries + +### Negative + +* worse performance than handwritten keys (for now). See [Further Discussions](#further-discussions) +for potential improvements + +### Neutral + +## Further Discussions + +Further discussions will happen within the Cosmos SDK Framework Working Group. Current planned and ongoing work includes: + +* automatically generate client-facing query layer +* client-side query libraries that transparently verify light client proofs +* index ORM data to SQL databases +* improve performance by: + * optimizing existing reflection based code to avoid unnecessary gets when doing deletes & updates of simple tables + * more sophisticated code generation such as making fast path reflection even faster (avoiding `switch` statements), + or even fully generating code that equals handwritten performance + + +## References + +* https://github.com/iov-one/weave/tree/master/orm). +* https://github.com/regen-network/regen-ledger/tree/157181f955823149e1825263a317ad8e16096da4/orm +* https://github.com/cosmos/cosmos-sdk/tree/35d3312c3be306591fcba39892223f1244c8d108/x/group/internal/orm +* https://github.com/cosmos/cosmos-sdk/discussions/9156 +* https://github.com/allinbits/cosmos-sdk-poc/tree/master/runtime/orm +* https://github.com/cosmos/cosmos-sdk/pull/10454 diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-057-app-wiring.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-057-app-wiring.md new file mode 100644 index 00000000..0a23f393 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-057-app-wiring.md @@ -0,0 +1,340 @@ +# ADR 057: App Wiring + +## Changelog + +* 2022-05-04: Initial Draft +* 2022-08-19: Updates + +## Status + +PROPOSED Implemented + +## Abstract + +In order to make it easier to build Cosmos SDK modules and apps, we propose a new app wiring system based on +dependency injection and declarative app configurations to replace the current `app.go` code. + +## Context + +A number of factors have made the SDK and SDK apps in their current state hard to maintain. A symptom of the current +state of complexity is [`simapp/app.go`](https://github.com/cosmos/cosmos-sdk/blob/c3edbb22cab8678c35e21fe0253919996b780c01/simapp/app.go) +which contains almost 100 lines of imports and is otherwise over 600 lines of mostly boilerplate code that is +generally copied to each new project. (Not to mention the additional boilerplate which gets copied in `simapp/simd`.) + +The large amount of boilerplate needed to bootstrap an app has made it hard to release independently versioned go +modules for Cosmos SDK modules as described in [ADR 053: Go Module Refactoring](adr-053-go-module-refactoring.md). + +In addition to being very verbose and repetitive, `app.go` also exposes a large surface area for breaking changes +as most modules instantiate themselves with positional parameters which forces breaking changes anytime a new parameter +(even an optional one) is needed. + +Several attempts were made to improve the current situation including [ADR 033: Internal-Module Communication](adr-033-protobuf-inter-module-comm.md) +and [a proof-of-concept of a new SDK](https://github.com/allinbits/cosmos-sdk-poc). The discussions around these +designs led to the current solution described here. + +## Decision + +In order to improve the current situation, a new "app wiring" paradigm has been designed to replace `app.go` which +involves: + +* declaration configuration of the modules in an app which can be serialized to JSON or YAML +* a dependency-injection (DI) framework for instantiating apps from the that configuration + +### Dependency Injection + +When examining the code in `app.go` most of the code simply instantiates modules with dependencies provided either +by the framework (such as store keys) or by other modules (such as keepers). It is generally pretty obvious given +the context what the correct dependencies actually should be, so dependency-injection is an obvious solution. Rather +than making developers manually resolve dependencies, a module will tell the DI container what dependency it needs +and the container will figure out how to provide it. + +We explored several existing DI solutions in golang and felt that the reflection-based approach in [uber/dig](https://github.com/uber-go/dig) +was closest to what we needed but not quite there. Assessing what we needed for the SDK, we designed and built +the Cosmos SDK [depinject module](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/depinject), which has the following +features: + +* dependency resolution and provision through functional constructors, ex: `func(need SomeDep) (AnotherDep, error)` +* dependency injection `In` and `Out` structs which support `optional` dependencies +* grouped-dependencies (many-per-container) through the `ManyPerContainerType` tag interface +* module-scoped dependencies via `ModuleKey`s (where each module gets a unique dependency) +* one-per-module dependencies through the `OnePerModuleType` tag interface +* sophisticated debugging information and container visualization via GraphViz + +Here are some examples of how these would be used in an SDK module: + +* `StoreKey` could be a module-scoped dependency which is unique per module +* a module's `AppModule` instance (or the equivalent) could be a `OnePerModuleType` +* CLI commands could be provided with `ManyPerContainerType`s + +Note that even though dependency resolution is dynamic and based on reflection, which could be considered a pitfall +of this approach, the entire dependency graph should be resolved immediately on app startup and only gets resolved +once (except in the case of dynamic config reloading which is a separate topic). This means that if there are any +errors in the dependency graph, they will get reported immediately on startup so this approach is only slightly worse +than fully static resolution in terms of error reporting and much better in terms of code complexity. + +### Declarative App Config + +In order to compose modules into an app, a declarative app configuration will be used. This configuration is based off +of protobuf and its basic structure is very simple: + +```protobuf +package cosmos.app.v1; + +message Config { + repeated ModuleConfig modules = 1; +} + +message ModuleConfig { + string name = 1; + google.protobuf.Any config = 2; +} +``` + +(See also https://github.com/cosmos/cosmos-sdk/blob/6e18f582bf69e3926a1e22a6de3c35ea327aadce/proto/cosmos/app/v1alpha1/config.proto) + +The configuration for every module is itself a protobuf message and modules will be identified and loaded based +on the protobuf type URL of their config object (ex. `cosmos.bank.module.v1.Module`). Modules are given a unique short `name` +to share resources across different versions of the same module which might have a different protobuf package +versions (ex. `cosmos.bank.module.v2.Module`). All module config objects should define the `cosmos.app.v1alpha1.module` +descriptor option which will provide additional useful metadata for the framework and which can also be indexed +in module registries. + +An example app config in YAML might look like this: + +```yaml +modules: + - name: baseapp + config: + "@type": cosmos.baseapp.module.v1.Module + begin_blockers: [staking, auth, bank] + end_blockers: [bank, auth, staking] + init_genesis: [bank, auth, staking] + - name: auth + config: + "@type": cosmos.auth.module.v1.Module + bech32_prefix: "foo" + - name: bank + config: + "@type": cosmos.bank.module.v1.Module + - name: staking + config: + "@type": cosmos.staking.module.v1.Module +``` + +In the above example, there is a hypothetical `baseapp` module which contains the information around ordering of +begin blockers, end blockers, and init genesis. Rather than lifting these concerns up to the module config layer, +they are themselves handled by a module which could allow a convenient way of swapping out different versions of +baseapp (for instance to target different versions of tendermint), without needing to change the rest of the config. +The `baseapp` module would then provide to the server framework (which sort of sits outside the ABCI app) an instance +of `abci.Application`. + +In this model, an app is *modules all the way down* and the dependency injection/app config layer is very much +protocol-agnostic and can adapt to even major breaking changes at the protocol layer. + +### Module & Protobuf Registration + +In order for the two components of dependency injection and declarative configuration to work together as described, +we need a way for modules to actually register themselves and provide dependencies to the container. + +One additional complexity that needs to be handled at this layer is protobuf registry initialization. Recall that +in both the current SDK `codec` and the proposed [ADR 054: Protobuf Semver Compatible Codegen](https://github.com/cosmos/cosmos-sdk/pull/11802), +protobuf types need to be explicitly registered. Given that the app config itself is based on protobuf and +uses protobuf `Any` types, protobuf registration needs to happen before the app config itself can be decoded. Because +we don't know which protobuf `Any` types will be needed a priori and modules themselves define those types, we need +to decode the app config in separate phases: + +1. parse app config JSON/YAML as raw JSON and collect required module type URLs (without doing proto JSON decoding) +2. build a [protobuf type registry](https://pkg.go.dev/google.golang.org/protobuf@v1.28.0/reflect/protoregistry) based + on file descriptors and types provided by each required module +3. decode the app config as proto JSON using the protobuf type registry + +Because in [ADR 054: Protobuf Semver Compatible Codegen](https://github.com/cosmos/cosmos-sdk/pull/11802), each module +should use `internal` generated code which is not registered with the global protobuf registry, this code should provide +an alternate way to register protobuf types with a type registry. In the same way that `.pb.go` files currently have a +`var File_foo_proto protoreflect.FileDescriptor` for the file `foo.proto`, generated code should have a new member +`var Types_foo_proto TypeInfo` where `TypeInfo` is an interface or struct with all the necessary info to register both +the protobuf generated types and file descriptor. + +So a module must provide dependency injection providers and protobuf types, and takes as input its module +config object which uniquely identifies the module based on its type URL. + +With this in mind, we define a global module register which allows module implementations to register themselves +with the following API: + +```go +// Register registers a module with the provided type name (ex. cosmos.bank.module.v1.Module) +// and the provided options. +func Register(configTypeName protoreflect.FullName, option ...Option) { ... } + +type Option { /* private methods */ } + +// Provide registers dependency injection provider functions which work with the +// cosmos-sdk container module. These functions can also accept an additional +// parameter for the module's config object. +func Provide(providers ...interface{}) Option { ... } + +// Types registers protobuf TypeInfo's with the protobuf registry. +func Types(types ...TypeInfo) Option { ... } +``` + +Ex: + +```go +func init() { + appmodule.Register("cosmos.bank.module.v1.Module", + appmodule.Types( + types.Types_tx_proto, + types.Types_query_proto, + types.Types_types_proto, + ), + appmodule.Provide( + provideBankModule, + ) + ) +} + +type Inputs struct { + container.In + + AuthKeeper auth.Keeper + DB ormdb.ModuleDB +} + +type Outputs struct { + Keeper bank.Keeper + AppModule appmodule.AppModule +} + +func ProvideBankModule(config *bankmodulev1.Module, Inputs) (Outputs, error) { ... } +``` + +Note that in this module, a module configuration object *cannot* register different dependency providers at runtime +based on the configuration. This is intentional because it allows us to know globally which modules provide which +dependencies, and it will also allow us to do code generation of the whole app initialization. This +can help us figure out issues with missing dependencies in an app config if the needed modules are loaded at runtime. +In cases where required modules are not loaded at runtime, it may be possible to guide users to the correct module if +through a global Cosmos SDK module registry. + +The `*appmodule.Handler` type referenced above is a replacement for the legacy `AppModule` framework, and +described in [ADR 063: Core Module API](./adr-063-core-module-api.md). + +### New `app.go` + +With this setup, `app.go` might now look something like this: + +```go +package main + +import ( + // Each go package which registers a module must be imported just for side-effects + // so that module implementations are registered. + _ "github.com/cosmos/cosmos-sdk/x/auth/module" + _ "github.com/cosmos/cosmos-sdk/x/bank/module" + _ "github.com/cosmos/cosmos-sdk/x/staking/module" + "github.com/cosmos/cosmos-sdk/core/app" +) + +// go:embed app.yaml +var appConfigYAML []byte + +func main() { + app.Run(app.LoadYAML(appConfigYAML)) +} +``` + +### Application to existing SDK modules + +So far we have described a system which is largely agnostic to the specifics of the SDK such as store keys, `AppModule`, +`BaseApp`, etc. Improvements to these parts of the framework that integrate with the general app wiring framework +defined here are described in [ADR 061: Core Module API](./adr-063-core-module-api.md). + +### Registration of Inter-Module Hooks + +### Registration of Inter-Module Hooks + +Some modules define a hooks interface (ex. `StakingHooks`) which allows one module to call back into another module +when certain events happen. + +With the app wiring framework, these hooks interfaces can be defined as a `OnePerModuleType`s and then the module +which consumes these hooks can collect these hooks as a map of module name to hook type (ex. `map[string]FooHooks`). Ex: + +```go +func init() { + appmodule.Register( + &foomodulev1.Module{}, + appmodule.Invoke(InvokeSetFooHooks), + ... + ) +} +func InvokeSetFooHooks( + keeper *keeper.Keeper, + fooHooks map[string]FooHooks, +) error { + for k in sort.Strings(maps.Keys(fooHooks)) { + keeper.AddFooHooks(fooHooks[k]) + } +} +``` + +Optionally, the module consuming hooks can allow app's to define an order for calling these hooks based on module name +in its config object. + +An alternative way for registering hooks via reflection was considered where all keeper types are inspected to see if +they implement the hook interface by the modules exposing hooks. This has the downsides of: + +* needing to expose all the keepers of all modules to the module providing hooks, +* not allowing for encapsulating hooks on a different type which doesn't expose all keeper methods, +* harder to know statically which module expose hooks or are checking for them. + +With the approach proposed here, hooks registration will be obviously observable in `app.go` if `depinject` codegen +(described below) is used. + +### Code Generation + +The `depinject` framework will optionally allow the app configuration and dependency injection wiring to be code +generated. This will allow: + +* dependency injection wiring to be inspected as regular go code just like the existing `app.go`, +* dependency injection to be opt-in with manual wiring 100% still possible. + +Code generation requires that all providers and invokers and their parameters are exported and in non-internal packages. + +## Consequences + +### Backwards Compatibility + +Modules which work with the new app wiring system do not need to drop their existing `AppModule` and `NewKeeper` +registration paradigms. These two methods can live side-by-side for as long as is needed. + +### Positive + +* wiring up new apps will be simpler, more succinct and less error-prone +* it will be easier to develop and test standalone SDK modules without needing to replicate all of simapp +* it may be possible to dynamically load modules and upgrade chains without needing to do a coordinated stop and binary + upgrade using this mechanism +* easier plugin integration +* dependency injection framework provides more automated reasoning about dependencies in the project, with a graph visualization. + +### Negative + +* it may be confusing when a dependency is missing although error messages, the GraphViz visualization, and global + module registration may help with that + +### Neutral + +* it will require work and education + +## Further Discussions + +The protobuf type registration system described in this ADR has not been implemented and may need to be reconsidered in +light of code generation. It may be better to do this type registration with a DI provider. + +## References + +* https://github.com/cosmos/cosmos-sdk/blob/c3edbb22cab8678c35e21fe0253919996b780c01/simapp/app.go +* https://github.com/allinbits/cosmos-sdk-poc +* https://github.com/uber-go/dig +* https://github.com/google/wire +* https://pkg.go.dev/github.com/cosmos/cosmos-sdk/container +* https://github.com/cosmos/cosmos-sdk/pull/11802 +* [ADR 063](./adr-063-core-module-api.md) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-058-auto-generated-cli.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-058-auto-generated-cli.md new file mode 100644 index 00000000..b295ff4b --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-058-auto-generated-cli.md @@ -0,0 +1,98 @@ +# ADR 058: Auto-Generated CLI + +## Changelog + +* 2022-05-04: Initial Draft + +## Status + +ACCEPTED Partially Implemented + +## Abstract + +In order to make it easier for developers to write Cosmos SDK modules, we provide infrastructure which automatically +generates CLI commands based on protobuf definitions. + +## Context + +Current Cosmos SDK modules generally implement a CLI command for every transaction and every query supported by the +module. These are handwritten for each command and essentially amount to providing some CLI flags or positional +arguments for specific fields in protobuf messages. + +In order to make sure CLI commands are correctly implemented as well as to make sure that the application works +in end-to-end scenarios, we do integration tests using CLI commands. While these tests are valuable on some-level, +they can be hard to write and maintain, and run slowly. [Some teams have contemplated](https://github.com/regen-network/regen-ledger/issues/1041) +moving away from CLI-style integration tests (which are really end-to-end tests) towards narrower integration tests +which exercise `MsgClient` and `QueryClient` directly. This might involve replacing the current end-to-end CLI +tests with unit tests as there still needs to be some way to test these CLI commands for full quality assurance. + +## Decision + +To make module development simpler, we provide infrastructure - in the new [`client/v2`](https://github.com/cosmos/cosmos-sdk/tree/main/client/v2) +go module - for automatically generating CLI commands based on protobuf definitions to either replace or complement +handwritten CLI commands. This will mean that when developing a module, it will be possible to skip both writing and +testing CLI commands as that can all be taken care of by the framework. + +The basic design for automatically generating CLI commands is to: + +* create one CLI command for each `rpc` method in a protobuf `Query` or `Msg` service +* create a CLI flag for each field in the `rpc` request type +* for `query` commands call gRPC and print the response as protobuf JSON or YAML (via the `-o`/`--output` flag) +* for `tx` commands, create a transaction and apply common transaction flags + +In order to make the auto-generated CLI as easy to use (or easier) than handwritten CLI, we need to do custom handling +of specific protobuf field types so that the input format is easy for humans: + +* `Coin`, `Coins`, `DecCoin`, and `DecCoins` should be input using the existing format (i.e. `1000uatom`) +* it should be possible to specify an address using either the bech32 address string or a named key in the keyring +* `Timestamp` and `Duration` should accept strings like `2001-01-01T00:00:00Z` and `1h3m` respectively +* pagination should be handled with flags like `--page-limit`, `--page-offset`, etc. +* it should be possible to customize any other protobuf type either via its message name or a `cosmos_proto.scalar` annotation + +At a basic level it should be possible to generate a command for a single `rpc` method as well as all the commands for +a whole protobuf `service` definition. It should be possible to mix and match auto-generated and handwritten commands. + +## Consequences + +### Backwards Compatibility + +Existing modules can mix and match auto-generated and handwritten CLI commands so it is up to them as to whether they +make breaking changes by replacing handwritten commands with slightly different auto-generated ones. + +For now the SDK will maintain the existing set of CLI commands for backwards compatibility but new commands will use +this functionality. + +### Positive + +* module developers will not need to write CLI commands +* module developers will not need to test CLI commands +* [lens](https://github.com/strangelove-ventures/lens) may benefit from this + +### Negative + +### Neutral + +## Further Discussions + +We would like to be able to customize: + +* short and long usage strings for commands +* aliases for flags (ex. `-a` for `--amount`) +* which fields are positional parameters rather than flags + +It is an [open discussion](https://github.com/cosmos/cosmos-sdk/pull/11725#issuecomment-1108676129) +as to whether these customizations options should line in: + +* the .proto files themselves, +* separate config files (ex. YAML), or +* directly in code + +Providing the options in .proto files would allow a dynamic client to automatically generate +CLI commands on the fly. However, that may pollute the .proto files themselves with information that is only relevant +for a small subset of users. + +## References + +* https://github.com/regen-network/regen-ledger/issues/1041 +* https://github.com/cosmos/cosmos-sdk/tree/main/client/v2 +* https://github.com/cosmos/cosmos-sdk/pull/11725#issuecomment-1108676129 diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-059-test-scopes.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-059-test-scopes.md new file mode 100644 index 00000000..06034459 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-059-test-scopes.md @@ -0,0 +1,254 @@ +# ADR 059: Test Scopes + +## Changelog + +* 2022-08-02: Initial Draft +* 2023-03-02: Add precision for integration tests +* 2023-03-23: Add precision for E2E tests + +## Status + +PROPOSED Partially Implemented + +## Abstract + +Recent work in the SDK aimed at breaking apart the monolithic root go module has highlighted +shortcomings and inconsistencies in our testing paradigm. This ADR clarifies a common +language for talking about test scopes and proposes an ideal state of tests at each scope. + +## Context + +[ADR-053: Go Module Refactoring](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-053-go-module-refactoring.md) expresses our desire for an SDK composed of many +independently versioned Go modules, and [ADR-057: App Wiring](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-057-app-wiring.md) offers a methodology +for breaking apart inter-module dependencies through the use of dependency injection. As +described in [EPIC: Separate all SDK modules into standalone go modules](https://github.com/cosmos/cosmos-sdk/issues/11899), module +dependencies are particularly complected in the test phase, where simapp is used as +the key test fixture in setting up and running tests. It is clear that the successful +completion of Phases 3 and 4 in that EPIC require the resolution of this dependency problem. + +In [EPIC: Unit Testing of Modules via Mocks](https://github.com/cosmos/cosmos-sdk/issues/12398) it was thought this Gordian knot could be +unwound by mocking all dependencies in the test phase for each module, but seeing how these +refactors were complete rewrites of test suites discussions began around the fate of the +existing integration tests. One perspective is that they ought to be thrown out, another is +that integration tests have some utility of their own and a place in the SDK's testing story. + +Another point of confusion has been the current state of CLI test suites, [x/auth](https://github.com/cosmos/cosmos-sdk/blob/0f7e56c6f9102cda0ca9aba5b6f091dbca976b5a/x/auth/client/testutil/suite.go#L44-L49) for +example. In code these are called integration tests, but in reality function as end to end +tests by starting up a tendermint node and full application. [EPIC: Rewrite and simplify +CLI tests](https://github.com/cosmos/cosmos-sdk/issues/12696) identifies the ideal state of CLI tests using mocks, but does not address the +place end to end tests may have in the SDK. + +From here we identify three scopes of testing, **unit**, **integration**, **e2e** (end to +end), seek to define the boundaries of each, their shortcomings (real and imposed), and their +ideal state in the SDK. + +### Unit tests + +Unit tests exercise the code contained in a single module (e.g. `/x/bank`) or package +(e.g. `/client`) in isolation from the rest of the code base. Within this we identify two +levels of unit tests, *illustrative* and *journey*. The definitions below lean heavily on +[The BDD Books - Formulation](https://leanpub.com/bddbooks-formulation) section 1.3. + +*Illustrative* tests exercise an atomic part of a module in isolation - in this case we +might do fixture setup/mocking of other parts of the module. + +Tests which exercise a whole module's function with dependencies mocked, are *journeys*. +These are almost like integration tests in that they exercise many things together but still +use mocks. + +Example 1 journey vs illustrative tests - [depinject's BDD style tests](https://github.com/cosmos/cosmos-sdk/blob/main/depinject/features/bindings.feature), show how we can +rapidly build up many illustrative cases demonstrating behavioral rules without [very much code](https://github.com/cosmos/cosmos-sdk/blob/main/depinject/binding_test.go) while maintaining high level readability. + +Example 2 [depinject table driven tests](https://github.com/cosmos/cosmos-sdk/blob/main/depinject/provider_desc_test.go) + +Example 3 [Bank keeper tests](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/x/bank/keeper/keeper_test.go#L94-L105) - A mock implementation of `AccountKeeper` is supplied to the keeper constructor. + +#### Limitations + +Certain modules are tightly coupled beyond the test phase. A recent dependency report for +`bank -> auth` found 274 total usages of `auth` in `bank`, 50 of which are in +production code and 224 in test. This tight coupling may suggest that either the modules +should be merged, or refactoring is required to abstract references to the core types tying +the modules together. It could also indicate that these modules should be tested together +in integration tests beyond mocked unit tests. + +In some cases setting up a test case for a module with many mocked dependencies can be quite +cumbersome and the resulting test may only show that the mocking framework works as expected +rather than working as a functional test of interdependent module behavior. + +### Integration tests + +Integration tests define and exercise relationships between an arbitrary number of modules +and/or application subsystems. + +Wiring for integration tests is provided by `depinject` and some [helper code](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/testutil/sims/app_helpers.go#L95) starts up +a running application. A section of the running application may then be tested. Certain +inputs during different phases of the application life cycle are expected to produce +invariant outputs without too much concern for component internals. This type of black box +testing has a larger scope than unit testing. + +Example 1 [client/grpc_query_test/TestGRPCQuery](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/client/grpc_query_test.go#L111-L129) - This test is misplaced in `/client`, +but tests the life cycle of (at least) `runtime` and `bank` as they progress through +startup, genesis and query time. It also exercises the fitness of the client and query +server without putting bytes on the wire through the use of [QueryServiceTestHelper](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/baseapp/grpcrouter_helpers.go#L31). + +Example 2 `x/evidence` Keeper integration tests - Starts up an application composed of [8 +modules](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/x/evidence/testutil/app.yaml#L1) with [5 keepers](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/x/evidence/keeper/keeper_test.go#L101-L106) used in the integration test suite. One test in the suite +exercises [HandleEquivocationEvidence](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/x/evidence/keeper/infraction_test.go#L42) which contains many interactions with the staking +keeper. + +Example 3 - Integration suite app configurations may also be specified via golang (not +YAML as above) [statically](https://github.com/cosmos/cosmos-sdk/blob/main/x/nft/testutil/app_config.go) or [dynamically](https://github.com/cosmos/cosmos-sdk/blob/8c23f6f957d1c0bedd314806d1ac65bea59b084c/tests/integration/bank/keeper/keeper_test.go#L129-L134). + +#### Limitations + +Setting up a particular input state may be more challenging since the application is +starting from a zero state. Some of this may be addressed by good test fixture +abstractions with testing of their own. Tests may also be more brittle, and larger +refactors could impact application initialization in unexpected ways with harder to +understand errors. This could also be seen as a benefit, and indeed the SDK's current +integration tests were helpful in tracking down logic errors during earlier stages +of app-wiring refactors. + +### Simulations + +Simulations (also called generative testing) are a special case of integration tests where +deterministically random module operations are executed against a running simapp, building +blocks on the chain until a specified height is reached. No *specific* assertions are +made for the state transitions resulting from module operations but any error will halt and +fail the simulation. Since `crisis` is included in simapp and the simulation runs +EndBlockers at the end of each block any module invariant violations will also fail +the simulation. + +Modules must implement [AppModuleSimulation.WeightedOperations](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/types/module/simulation.go#L31) to define their +simulation operations. Note that not all modules implement this which may indicate a +gap in current simulation test coverage. + +Modules not returning simulation operations: + +* `auth` +* `evidence` +* `mint` +* `params` + +A separate binary, [runsim](https://github.com/cosmos/tools/tree/master/cmd/runsim), is responsible for kicking off some of these tests and +managing their life cycle. + +#### Limitations + +* [A success](https://github.com/cosmos/cosmos-sdk/runs/7606931983?check_suite_focus=true) may take a long time to run, 7-10 minutes per simulation in CI. +* [Timeouts](https://github.com/cosmos/cosmos-sdk/runs/7606932295?check_suite_focus=true) sometimes occur on apparent successes without any indication why. +* Useful error messages not provided on [failure](https://github.com/cosmos/cosmos-sdk/runs/7606932548?check_suite_focus=true) from CI, requiring a developer to run + the simulation locally to reproduce. + +### E2E tests + +End to end tests exercise the entire system as we understand it in as close an approximation +to a production environment as is practical. Presently these tests are located at +[tests/e2e](https://github.com/cosmos/cosmos-sdk/tree/main/tests/e2e) and rely on [testutil/network](https://github.com/cosmos/cosmos-sdk/tree/main/testutil/network) to start up an in-process Tendermint node. + +An application should be built as minimally as possible to exercise the desired functionality. +The SDK uses an application will only the required modules for the tests. The application developer is adviced to use its own application for e2e tests. + +#### Limitations + +In general the limitations of end to end tests are orchestration and compute cost. +Scaffolding is required to start up and run a prod-like environment and the this +process takes much longer to start and run than unit or integration tests. + +Global locks present in Tendermint code cause stateful starting/stopping to sometimes hang +or fail intermittently when run in a CI environment. + +The scope of e2e tests has been complected with command line interface testing. + +## Decision + +We accept these test scopes and identify the following decisions points for each. + +| Scope | App Type | Mocks? | +| ----------- | ------------------- | ------ | +| Unit | None | Yes | +| Integration | integration helpers | Some | +| Simulation | minimal app | No | +| E2E | minimal app | No | + +The decision above is valid for the SDK. An application developer should test their application with their full application instead of the minimal app. + +### Unit Tests + +All modules must have mocked unit test coverage. + +Illustrative tests should outnumber journeys in unit tests. + +Unit tests should outnumber integration tests. + +Unit tests must not introduce additional dependencies beyond those already present in +production code. + +When module unit test introduction as per [EPIC: Unit testing of modules via mocks](https://github.com/cosmos/cosmos-sdk/issues/12398) +results in a near complete rewrite of an integration test suite the test suite should be +retained and moved to `/tests/integration`. We accept the resulting test logic +duplication but recommend improving the unit test suite through the addition of +illustrative tests. + +### Integration Tests + +All integration tests shall be located in `/tests/integration`, even those which do not +introduce extra module dependencies. + +To help limit scope and complexity, it is recommended to use the smallest possible number of +modules in application startup, i.e. don't depend on simapp. + +Integration tests should outnumber e2e tests. + +### Simulations + +Simulations shall use a minimal application (usually via app wiring). They are located under `/x/{moduleName}/simulation`. + +### E2E Tests + +Existing e2e tests shall be migrated to integration tests by removing the dependency on the +test network and in-process Tendermint node to ensure we do not lose test coverage. + +The e2e rest runner shall transition from in process Tendermint to a runner powered by +Docker via [dockertest](https://github.com/ory/dockertest). + +E2E tests exercising a full network upgrade shall be written. + +The CLI testing aspect of existing e2e tests shall be rewritten using the network mocking +demonstrated in [PR#12706](https://github.com/cosmos/cosmos-sdk/pull/12706). + +## Consequences + +### Positive + +* test coverage is increased +* test organization is improved +* reduced dependency graph size in modules +* simapp removed as a dependency from modules +* inter-module dependencies introduced in test code are removed +* reduced CI run time after transitioning away from in process Tendermint + +### Negative + +* some test logic duplication between unit and integration tests during transition +* test written using dockertest DX may be a bit worse + +### Neutral + +* some discovery required for e2e transition to dockertest + +## Further Discussions + +It may be useful if test suites could be run in integration mode (with mocked tendermint) or +with e2e fixtures (with real tendermint and many nodes). Integration fixtures could be used +for quicker runs, e2e fixures could be used for more battle hardening. + +A PoC `x/gov` was completed in PR [#12847](https://github.com/cosmos/cosmos-sdk/pull/12847) +is in progress for unit tests demonstrating BDD [Rejected]. +Observing that a strength of BDD specifications is their readability, and a con is the +cognitive load while writing and maintaining, current consensus is to reserve BDD use +for places in the SDK where complex rules and module interactions are demonstrated. +More straightforward or low level test cases will continue to rely on go table tests. + +Levels are network mocking in integration and e2e tests are still being worked on and formalized. diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-060-abci-1.0.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-060-abci-1.0.md new file mode 100644 index 00000000..3f29be78 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-060-abci-1.0.md @@ -0,0 +1,238 @@ +# ADR 60: ABCI 1.0 Integration (Phase I) + +## Changelog + +* 2022-08-10: Initial Draft (@alexanderbez, @tac0turtle) +* Nov 12, 2022: Update `PrepareProposal` and `ProcessProposal` semantics per the + initial implementation [PR](https://github.com/cosmos/cosmos-sdk/pull/13453) (@alexanderbez) + +## Status + +ACCEPTED + +## Abstract + +This ADR describes the initial adoption of [ABCI 1.0](https://github.com/tendermint/tendermint/blob/master/spec/abci%2B%2B/README.md), +the next evolution of ABCI, within the Cosmos SDK. ABCI 1.0 aims to provide +application developers with more flexibility and control over application and +consensus semantics, e.g. in-application mempools, in-process oracles, and +order-book style matching engines. + +## Context + +Tendermint will release ABCI 1.0. Notably, at the time of this writing, +Tendermint is releasing v0.37.0 which will include `PrepareProposal` and `ProcessProposal`. + +The `PrepareProposal` ABCI method is concerned with a block proposer requesting +the application to evaluate a series of transactions to be included in the next +block, defined as a slice of `TxRecord` objects. The application can either +accept, reject, or completely ignore some or all of these transactions. This is +an important consideration to make as the application can essentially define and +control its own mempool allowing it to define sophisticated transaction priority +and filtering mechanisms, by completely ignoring the `TxRecords` Tendermint +sends it, favoring its own transactions. This essentially means that the Tendermint +mempool acts more like a gossip data structure. + +The second ABCI method, `ProcessProposal`, is used to process the block proposer's +proposal as defined by `PrepareProposal`. It is important to note the following +with respect to `ProcessProposal`: + +* Execution of `ProcessProposal` must be deterministic. +* There must be coherence between `PrepareProposal` and `ProcessProposal`. In + other words, for any two correct processes *p* and *q*, if *q*'s Tendermint + calls `RequestProcessProposal` on *up*, *q*'s Application returns + ACCEPT in `ResponseProcessProposal`. + +It is important to note that in ABCI 1.0 integration, the application +is NOT responsible for locking semantics -- Tendermint will still be responsible +for that. In the future, however, the application will be responsible for locking, +which allows for parallel execution possibilities. + +## Decision + +We will integrate ABCI 1.0, which will be introduced in Tendermint +v0.37.0, in the next major release of the Cosmos SDK. We will integrate ABCI 1.0 +methods on the `BaseApp` type. We describe the implementations of the two methods +individually below. + +Prior to describing the implementation of the two new methods, it is important to +note that the existing ABCI methods, `CheckTx`, `DeliverTx`, etc, still exist and +serve the same functions as they do now. + +### `PrepareProposal` + +Prior to evaluating the decision for how to implement `PrepareProposal`, it is +important to note that `CheckTx` will still be executed and will be responsible +for evaluating transaction validity as it does now, with one very important +*additive* distinction. + +When executing transactions in `CheckTx`, the application will now add valid +transactions, i.e. passing the AnteHandler, to its own mempool data structure. +In order to provide a flexible approach to meet the varying needs of application +developers, we will define both a mempool interface and a data structure utilizing +Golang generics, allowing developers to focus only on transaction +ordering. Developers requiring absolute full control can implement their own +custom mempool implementation. + +We define the general mempool interface as follows (subject to change): + +```go +type Mempool interface { + // Insert attempts to insert a Tx into the app-side mempool returning + // an error upon failure. + Insert(sdk.Context, sdk.Tx) error + + // Select returns an Iterator over the app-side mempool. If txs are specified, + // then they shall be incorporated into the Iterator. The Iterator must + // closed by the caller. + Select(sdk.Context, [][]byte) Iterator + + // CountTx returns the number of transactions currently in the mempool. + CountTx() int + + // Remove attempts to remove a transaction from the mempool, returning an error + // upon failure. + Remove(sdk.Tx) error +} + +// Iterator defines an app-side mempool iterator interface that is as minimal as +// possible. The order of iteration is determined by the app-side mempool +// implementation. +type Iterator interface { + // Next returns the next transaction from the mempool. If there are no more + // transactions, it returns nil. + Next() Iterator + + // Tx returns the transaction at the current position of the iterator. + Tx() sdk.Tx +} +``` + +We will define an implementation of `Mempool`, defined by `nonceMempool`, that +will cover most basic application use-cases. Namely, it will prioritize transactions +by transaction sender, allowing for multiple transactions from the same sender. + +The default app-side mempool implementation, `nonceMempool`, will operate on a +single skip list data structure. Specifically, transactions with the lowest nonce +globally are prioritized. Transactions with the same nonce are prioritized by +sender address. + +```go +type nonceMempool struct { + txQueue *huandu.SkipList +} +``` + +Previous discussions1 have come to the agreement that Tendermint will +perform a request to the application, via `RequestPrepareProposal`, with a certain +amount of transactions reaped from Tendermint's local mempool. The exact amount +of transactions reaped will be determined by a local operator configuration. +This is referred to as the "one-shot approach" seen in discussions. + +When Tendermint reaps transactions from the local mempool and sends them to the +application via `RequestPrepareProposal`, the application will have to evaluate +the transactions. Specifically, it will need to inform Tendermint if it should +reject and or include each transaction. Note, the application can even *replace* +transactions entirely with other transactions. + +When evaluating transactions from `RequestPrepareProposal`, the application will +ignore *ALL* transactions sent to it in the request and instead reap up to +`RequestPrepareProposal.max_tx_bytes` from it's own mempool. + +Since an application can technically insert or inject transactions on `Insert` +during `CheckTx` execution, it is recommended that applications ensure transaction +validity when reaping transactions during `PrepareProposal`. However, what validity +exactly means is entirely determined by the application. + +The Cosmos SDK will provide a default `PrepareProposal` implementation that simply +select up to `MaxBytes` *valid* transactions. + +However, applications can override this default implementation with their own +implementation and set that on `BaseApp` via `SetPrepareProposal`. + + +### `ProcessProposal` + +The `ProcessProposal` ABCI method is relatively straightforward. It is responsible +for ensuring validity of the proposed block containing transactions that were +selected from the `PrepareProposal` step. However, how an application determines +validity of a proposed block depends on the application and its varying use cases. +For most applications, simply calling the `AnteHandler` chain would suffice, but +there could easily be other applications that need more control over the validation +process of the proposed block, such as ensuring txs are in a certain order or +that certain transactions are included. While this theoretically could be achieved +with a custom `AnteHandler` implementation, it's not the cleanest UX or the most +efficient solution. + +Instead, we will define an additional ABCI interface method on the existing +`Application` interface, similar to the existing ABCI methods such as `BeginBlock` +or `EndBlock`. This new interface method will be defined as follows: + +```go +ProcessProposal(sdk.Context, abci.RequestProcessProposal) error {} +``` + +Note, we must call `ProcessProposal` with a new internal branched state on the +`Context` argument as we cannot simply just use the existing `checkState` because +`BaseApp` already has a modified `checkState` at this point. So when executing +`ProcessProposal`, we create a similar branched state, `processProposalState`, +off of `deliverState`. Note, the `processProposalState` is never committed and +is completely discarded after `ProcessProposal` finishes execution. + +The Cosmos SDK will provide a default implementation of `ProcessProposal` in which +all transactions are validated using the CheckTx flow, i.e. the AnteHandler, and +will always return ACCEPT unless any transaction cannot be decoded. + +### `DeliverTx` + +Since transactions are not truly removed from the app-side mempool during +`PrepareProposal`, since `ProcessProposal` can fail or take multiple rounds and +we do not want to lose transactions, we need to finally remove the transaction +from the app-side mempool during `DeliverTx` since during this phase, the +transactions are being included in the proposed block. + +Alternatively, we can keep the transactions as truly being removed during the +reaping phase in `PrepareProposal` and add them back to the app-side mempool in +case `ProcessProposal` fails. + +## Consequences + +### Backwards Compatibility + +ABCI 1.0 is naturally not backwards compatible with prior versions of the Cosmos SDK +and Tendermint. For example, an application that requests `RequestPrepareProposal` +to the same application that does not speak ABCI 1.0 will naturally fail. + +However, in the first phase of the integration, the existing ABCI methods as we +know them today will still exist and function as they currently do. + +### Positive + +* Applications now have full control over transaction ordering and priority. +* Lays the groundwork for the full integration of ABCI 1.0, which will unlock more + app-side use cases around block construction and integration with the Tendermint + consensus engine. + +### Negative + +* Requires that the "mempool", as a general data structure that collects and stores + uncommitted transactions will be duplicated between both Tendermint and the + Cosmos SDK. +* Additional requests between Tendermint and the Cosmos SDK in the context of + block execution. Albeit, the overhead should be negligible. +* Not backwards compatible with previous versions of Tendermint and the Cosmos SDK. + +## Further Discussions + +It is possible to design the app-side implementation of the `Mempool[T MempoolTx]` +in many different ways using different data structures and implementations. All +of which have different tradeoffs. The proposed solution keeps things simple +and covers cases that would be required for most basic applications. There are +tradeoffs that can be made to improve performance of reaping and inserting into +the provided mempool implementation. + +## References + +* https://github.com/tendermint/tendermint/blob/master/spec/abci%2B%2B/README.md +* [1] https://github.com/tendermint/tendermint/issues/7750#issuecomment-1076806155 +* [2] https://github.com/tendermint/tendermint/issues/7750#issuecomment-1075717151 diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-061-liquid-staking.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-061-liquid-staking.md new file mode 100644 index 00000000..fcfeda0d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-061-liquid-staking.md @@ -0,0 +1,82 @@ +# ADR ADR-061: Liquid Staking + +## Changelog + +* 2022-09-10: Initial Draft (@zmanian) + +## Status + +ACCEPTED + +## Abstract + +Add a semi-fungible liquid staking primitive to the default Cosmos SDK staking module. This upgrades proof of stake to enable safe designs with lower overall monetary issuance and integration with numerous liquid staking protocols like Stride, Persistence, Quicksilver, Lido etc. + +## Context + +The original release of the Cosmos Hub featured the implementation of a ground breaking proof of stake mechanism featuring delegation, slashing, in protocol reward distribution and adaptive issuance. This design was state of the art for 2016 and has been deployed without major changes by many L1 blockchains. + +As both Proof of Stake and blockchain use cases have matured, this design has aged poorly and should no longer be considered a good baseline Proof of Stake issuance. In the world of application specific blockchains, there cannot be a one size fits all blockchain but the Cosmos SDK does endeavour to provide a good baseline implementation and one that is suitable for the Cosmos Hub. + +The most important deficiency of the legacy staking design is that it composes poorly with on chain protocols for trading, lending, derivatives that are referred to collectively as DeFi. The legacy staking implementation starves these applications of liquidity by increasing the risk free rate adaptively. It basically makes DeFi and staking security somewhat incompatible. + +The Osmosis team has adopted the idea of Superfluid and Interfluid staking where assets that are participating in DeFi appliactions can also be used in proof of stake. This requires tight integration with an enshrined set of DeFi applications and thus is unsuitable for the Cosmos SDK. + +It's also important to note that Interchain Accounts are available in the default IBC implementation and can be used to [rehypothecate](https://www.investopedia.com/terms/h/hypothecation.asp#toc-what-is-rehypothecation) delegations. Thus liquid staking is already possible and these changes merely improve the UX of liquid staking. Centralized exchanges also rehypothecate staked assets, posing challenges for decentralization. This ADR takes the position that adoption of in-protocol liquid staking is the preferable outcome and provides new levers to incentivize decentralization of stake. + +These changes to the staking module have been in development for more than a year and have seen substantial industry adoption who plan to build staking UX. The internal economics at Informal team has also done a review of the impacts of these changes and this review led to the development of the exempt delegation system. This system provides governance with a tuneable parameter for modulating the risks of principal agent problem called the exemption factor. + +## Decision + +We implement the semi-fungible liquid staking system and exemption factor system within the cosmos sdk. Though registered as fungible assets, these tokenized shares have extremely limited fungibility, only among the specific delegation record that was created when shares were tokenized. These assets can be used for OTC trades but composability with DeFi is limited. The primary expected use case is improving the user experience of liquid staking providers. + +A new governance parameter is introduced that defines the ratio of exempt to issued tokenized shares. This is called the exemption factor. A larger exemption factor allows more tokenized shares to be issued for a smaller amount of exempt delegations. If governance is comfortable with how the liquid staking market is evolving, it makes sense to increase this value. + +Min self delegation is removed from the staking system with the expectation that it will be replaced by the exempt delegations system. The exempt delegation system allows multiple accounts to demonstrate economic alignment with the validator operator as team members, partners etc. without co-mingling funds. Delegation exemption will likely be required to grow the validators' business under widespread adoption of liquid staking once governance has adjusted the exemption factor. + +When shares are tokenized, the underlying shares are transferred to a module account and rewards go to the module account for the TokenizedShareRecord. + +There is no longer a mechanism to override the validators vote for TokenizedShares. + + +### `MsgTokenizeShares` + +The MsgTokenizeShares message is used to create tokenize delegated tokens. This message can be executed by any delegator who has positive amount of delegation and after execution the specific amount of delegation disappear from the account and share tokens are provided. Share tokens are denominated in the validator and record id of the underlying delegation. + +A user may tokenize some or all of their delegation. + +They will receive shares with the denom of `cosmosvaloper1xxxx/5` where 5 is the record id for the validator operator. + +MsgTokenizeShares fails if the account is a VestingAccount. Users will have to move vested tokens to a new account and endure the unbonding period. We view this as an acceptable tradeoff vs. the complex book keeping required to track vested tokens. + +The total amount of outstanding tokenized shares for the validator is checked against the sum of exempt delegations multiplied by the exemption factor. If the tokenized shares exceeds this limit, execution fails. + +MsgTokenizeSharesResponse provides the number of tokens generated and their denom. + + +### `MsgRedeemTokensforShares` + +The MsgRedeemTokensforShares message is used to redeem the delegation from share tokens. This message can be executed by any user who owns share tokens. After execution delegations will appear to the user. + +### `MsgTransferTokenizeShareRecord` + +The MsgTransferTokenizeShareRecord message is used to transfer the ownership of rewards generated from the tokenized amount of delegation. The tokenize share record is created when a user tokenize his/her delegation and deleted when the full amount of share tokens are redeemed. + +This is designed to work with liquid staking designs that do not redeem the tokenized shares and may instead want to keep the shares tokenized. + + +### `MsgExemptDelegation` + +The MsgExemptDelegation message is used to exempt a delegation to a validator. If the exemption factor is greater than 0, this will allow more delegation shares to be issued from the validator. + +This design allows the chain to force an amount of self-delegation by validators participating in liquid staking schemes. + +## Consequences + +### Backwards Compatibility + +By setting the exemption factor to zero, this module works like legacy staking. The only substantial change is the removal of min-self-bond and without any tokenized shares, there is no incentive to exempt delegation. + +### Positive + +This approach should enable integration with liquid staking providers and improved user experience. It provides a pathway to security under non-exponential issuance policies in the baseline staking module. diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-062-collections-state-layer.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-062-collections-state-layer.md new file mode 100644 index 00000000..8ebaddda --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-062-collections-state-layer.md @@ -0,0 +1,117 @@ +# ADR 062: Collections, a simplified storage layer for cosmos-sdk modules. + +## Changelog + +* 30/11/2022: PROPOSED + +## Status + +PROPOSED - Implemented + +## Abstract + +We propose a simplified module storage layer which leverages golang generics to allow module developers to handle module +storage in a simple and straightforward manner, whilst offering safety, extensibility and standardisation. + +## Context + +Module developers are forced into manually implementing storage functionalities in their modules, those functionalities include +but are not limited to: + +- Defining key to bytes formats. +- Defining value to bytes formats. +- Defining secondary indexes. +- Defining query methods to expose outside to deal with storage. +- Defining local methods to deal with storage writing. +- Dealing with genesis imports and exports. +- Writing tests for all the above. + + +This brings in a lot of problems: +- It blocks developers from focusing on the most important part: writing business logic. +- Key to bytes formats are complex and their definition is error-prone, for example: + - how do I format time to bytes in such a way that bytes are sorted? + - how do I ensure when I don't have namespace collisions when dealing with secondary indexes? +- The lack of standardisation makes life hard for clients, and the problem is exacerbated when it comes to providing proofs for objects present in state. Clients are forced to maintain a list of object paths to gather proofs. + +### Current Solution: ORM + +The current SDK proposed solution to this problem is [ORM](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-055-orm.md). +Whilst ORM offers a lot of good functionality aimed at solving these specific problems, it has some downsides: +- It requires migrations. +- It uses the newest protobuf golang API, whilst the SDK still mainly uses gogoproto. +- Integrating ORM into a module would require the developer to deal with two different golang frameworks (golang protobuf + gogoproto) representing the same API objects. +- It has a high learning curve, even for simple storage layers as it requires developers to have knowledge around protobuf options, custom cosmos-sdk storage extensions, and tooling download. Then after this they still need to learn the code-generated API. + +### CosmWasm Solution: cw-storage-plus + +The collections API takes inspiration from [cw-storage-plus](https://docs.cosmwasm.com/docs/1.0/smart-contracts/state/cw-plus/), +which has demonstrated to be a powerful tool for dealing with storage in CosmWasm contracts. +It's simple, does not require extra tooling, it makes it easy to deal with complex storage structures (indexes, snapshot, etc). +The API is straightforward and explicit. + +## Decision + +We propose to port the `collections` API, whose implementation lives in [NibiruChain/collections](https://github.com/NibiruChain/collections) to cosmos-sdk. + +Collections implements four different storage handlers types: + +- `Map`: which deals with simple `key=>object` mappings. +- `KeySet`: which acts as a `Set` and only retains keys and no object (usecase: allow-lists). +- `Item`: which always contains only one object (usecase: Params) +- `Sequence`: which implements a simple always increasing number (usecase: Nonces) +- `IndexedMap`: builds on top of `Map` and `KeySet` and allows to create relationships with `Objects` and `Objects` secondary keys. + +All the collection APIs build on top of the simple `Map` type. + +Collections is fully generic, meaning that anything can be used as `Key` and `Value`. It can be a protobuf object or not. + +Collections types, in fact, delegate the duty of serialisation of keys and values to a secondary collections API component called `ValueEncoders` and `KeyEncoders`. + +`ValueEncoders` take care of converting a value to bytes (relevant only for `Map`). And offers a plug and play layer which allows us to change how we encode objects, +which is relevant for swapping serialisation frameworks and enhancing performance. +`Collections` already comes in with default `ValueEncoders`, specifically for: protobuf objects, special SDK types (sdk.Int, sdk.Dec). + +`KeyEncoders` take care of converting keys to bytes, `collections` already comes in with some default `KeyEncoders` for some privimite golang types +(uint64, string, time.Time, ...) and some widely used sdk types (sdk.Acc/Val/ConsAddress, sdk.Int/Dec, ...). +These default implementations also offer safety around proper lexicographic ordering and namespace-collision. + +Examples of the collections API can be found here: +- introduction: https://github.com/NibiruChain/collections/tree/main/examples +- usage in nibiru: [x/oracle](https://github.com/NibiruChain/nibiru/blob/master/x/oracle/keeper/keeper.go#L32), [x/perp](https://github.com/NibiruChain/nibiru/blob/master/x/perp/keeper/keeper.go#L31) +- cosmos-sdk's x/staking migrated: https://github.com/testinginprod/cosmos-sdk/pull/22 + + +## Consequences + +### Backwards Compatibility + +The design of `ValueEncoders` and `KeyEncoders` allows modules to retain the same `byte(key)=>byte(value)` mappings, making +the upgrade to the new storage layer non-state breaking. + + +### Positive + +- ADR aimed at removing code from the SDK rather than adding it. Migrating just `x/staking` to collections would yield to a net decrease in LOC (even considering the addition of collections itself). +- Simplifies and standardises storage layers across modules in the SDK. +- Does not require to have to deal with protobuf. +- It's pure golang code. +- Generalisation over `KeyEncoders` and `ValueEncoders` allows us to not tie ourself to the data serialisation framework. +- `KeyEncoders` and `ValueEncoders` can be extended to provide schema reflection. + +### Negative + +- Golang generics are not as battle-tested as other Golang features, despite being used in production right now. +- Collection types instantiation needs to be improved. + +### Neutral + +{neutral consequences} + +## Further Discussions + +- Automatic genesis import/export (not implemented because of API breakage) +- Schema reflection + + +## References diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-063-core-module-api.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-063-core-module-api.md new file mode 100644 index 00000000..43c025b0 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-063-core-module-api.md @@ -0,0 +1,505 @@ +# ADR 063: Core Module API + +## Changelog + +* 2022-08-18 First Draft +* 2022-12-08 First Draft +* 2023-01-24 Updates + +## Status + +ACCEPTED Partially Implemented + +## Abstract + +A new core API is proposed as a way to develop cosmos-sdk applications that will eventually replace the existing +`AppModule` and `sdk.Context` frameworks a set of core services and extension interfaces. This core API aims to: + +* be simpler +* more extensible +* more stable than the current framework +* enable deterministic events and queries, +* support event listeners +* [ADR 033: Protobuf-based Inter-Module Communication](adr-033-protobuf-inter-module-comm.md) clients. + +## Context + +Historically modules have exposed their functionality to the framework via the `AppModule` and `AppModuleBasic` +interfaces which have the following shortcomings: + +* both `AppModule` and `AppModuleBasic` need to be defined and registered which is counter-intuitive +* apps need to implement the full interfaces, even parts they don't need (although there are workarounds for this), +* interface methods depend heavily on unstable third party dependencies, in particular Comet, +* legacy required methods have littered these interfaces for far too long + +In order to interact with the state machine, modules have needed to do a combination of these things: + +* get store keys from the app +* call methods on `sdk.Context` which contains more or less the full set of capability available to modules. + +By isolating all the state machine functionality into `sdk.Context`, the set of functionalities available to +modules are tightly coupled to this type. If there are changes to upstream dependencies (such as Comet) +or new functionalities are desired (such as alternate store types), the changes need impact `sdk.Context` and all +consumers of it (basically all modules). Also, all modules now receive `context.Context` and need to convert these +to `sdk.Context`'s with a non-ergonomic unwrapping function. + +Any breaking changes to these interfaces, such as ones imposed by third-party dependencies like Comet, have the +side effect of forcing all modules in the ecosystem to update in lock-step. This means it is almost impossible to have +a version of the module which can be run with 2 or 3 different versions of the SDK or 2 or 3 different versions of +another module. This lock-step coupling slows down overall development within the ecosystem and causes updates to +components to be delayed longer than they would if things were more stable and loosely coupled. + +## Decision + +The `core` API proposes a set of core APIs that modules can rely on to interact with the state machine and expose their +functionalities to it that are designed in a principled way such that: + +* tight coupling of dependencies and unrelated functionalities is minimized or eliminated +* APIs can have long-term stability guarantees +* the SDK framework is extensible in a safe and straightforward way + +The design principles of the core API are as follows: + +* everything that a module wants to interact with in the state machine is a service +* all services coordinate state via `context.Context` and don't try to recreate the "bag of variables" approach of `sdk.Context` +* all independent services are isolated in independent packages with minimal APIs and minimal dependencies +* the core API should be minimalistic and designed for long-term support (LTS) +* a "runtime" module will implement all the "core services" defined by the core API and can handle all module + functionalities exposed by core extension interfaces +* other non-core and/or non-LTS services can be exposed by specific versions of runtime modules or other modules +following the same design principles, this includes functionality that interacts with specific non-stable versions of +third party dependencies such as Comet +* the core API doesn't implement *any* functionality, it just defines types +* go stable API compatibility guidelines are followed: https://go.dev/blog/module-compatibility + +A "runtime" module is any module which implements the core functionality of composing an ABCI app, which is currently +handled by `BaseApp` and the `ModuleManager`. Runtime modules which implement the core API are *intentionally* separate +from the core API in order to enable more parallel versions and forks of the runtime module than is possible with the +SDK's current tightly coupled `BaseApp` design while still allowing for a high degree of composability and +compatibility. + +Modules which are built only against the core API don't need to know anything about which version of runtime, +`BaseApp` or Comet in order to be compatible. Modules from the core mainline SDK could be easily composed +with a forked version of runtime with this pattern. + +This design is intended to enable matrices of compatible dependency versions. Ideally a given version of any module +is compatible with multiple versions of the runtime module and other compatible modules. This will allow dependencies +to be selectively updated based on battle-testing. More conservative projects may want to update some dependencies +slower than more fast moving projects. + +### Core Services + +The following "core services" are defined by the core API. All valid runtime module implementations should provide +implementations of these services to modules via both [dependency injection](adr-057-app-wiring.md) and +manual wiring. The individual services described below are all bundled in a convenient `appmodule.Service` +"bundle service" so that for simplicity modules can declare a dependency on a single service. + +#### Store Services + +Store services will be defined in the `cosmossdk.io/core/store` package. + +The generic `store.KVStore` interface is the same as current SDK `KVStore` interface. Store keys have been refactored +into store services which, instead of expecting the context to know about stores, invert the pattern and allow +retrieving a store from a generic context. There are three store services for the three types of currently supported +stores - regular kv-store, memory, and transient: + +```go +type KVStoreService interface { + OpenKVStore(context.Context) KVStore +} + +type MemoryStoreService interface { + OpenMemoryStore(context.Context) KVStore +} +type TransientStoreService interface { + OpenTransientStore(context.Context) KVStore +} +``` + +Modules can use these services like this: + +```go +func (k msgServer) Send(ctx context.Context, msg *types.MsgSend) (*types.MsgSendResponse, error) { + store := k.kvStoreSvc.OpenKVStore(ctx) +} +``` + +Just as with the current runtime module implementation, modules will not need to explicitly name these store keys, +but rather the runtime module will choose an appropriate name for them and modules just need to request the +type of store they need in their dependency injection (or manual) constructors. + +#### Event Service + +The event `Service` will be defined in the `cosmossdk.io/core/event` package. + +The event `Service` allows modules to emit typed and legacy untyped events: + +```go +package event + +type Service interface { + // EmitProtoEvent emits events represented as a protobuf message (as described in ADR 032). + // + // Callers SHOULD assume that these events may be included in consensus. These events + // MUST be emitted deterministically and adding, removing or changing these events SHOULD + // be considered state-machine breaking. + EmitProtoEvent(ctx context.Context, event protoiface.MessageV1) error + + // EmitKVEvent emits an event based on an event and kv-pair attributes. + // + // These events will not be part of consensus and adding, removing or changing these events is + // not a state-machine breaking change. + EmitKVEvent(ctx context.Context, eventType string, attrs ...KVEventAttribute) error + + // EmitProtoEventNonConsensus emits events represented as a protobuf message (as described in ADR 032), without + // including it in blockchain consensus. + // + // These events will not be part of consensus and adding, removing or changing events is + // not a state-machine breaking change. + EmitProtoEventNonConsensus(ctx context.Context, event protoiface.MessageV1) error +} +``` + +Typed events emitted with `EmitProto` should be assumed to be part of blockchain consensus (whether they are part of +the block or app hash is left to the runtime to specify). + +Events emitted by `EmitKVEvent` and `EmitProtoEventNonConsensus` are not considered to be part of consensus and cannot be observed +by other modules. If there is a client-side need to add events in patch releases, these methods can be used. + +#### Logger + +A logger (`cosmossdk.io/log`) must be supplied using `depinject`, and will +be made available for modules to use via `depinject.In`. +Modules using it should follow the current pattern in the SDK by adding the module name before using it. + +```go +type ModuleInputs struct { + depinject.In + + Logger log.Logger +} + +func ProvideModule(in ModuleInputs) ModuleOutputs { + keeper := keeper.NewKeeper( + in.logger, + ) +} + +func NewKeeper(logger log.Logger) Keeper { + return Keeper{ + logger: logger.With(log.ModuleKey, "x/"+types.ModuleName), + } +} +``` + +### Core `AppModule` extension interfaces + + +Modules will provide their core services to the runtime module via extension interfaces built on top of the +`cosmossdk.io/core/appmodule.AppModule` tag interface. This tag interface requires only two empty methods which +allow `depinject` to identify implementors as `depinject.OnePerModule` types and as app module implementations: + +```go +type AppModule interface { + depinject.OnePerModuleType + + // IsAppModule is a dummy method to tag a struct as implementing an AppModule. + IsAppModule() +} +``` + +Other core extension interfaces will be defined in `cosmossdk.io/core` should be supported by valid runtime +implementations. + +#### `MsgServer` and `QueryServer` registration + +`MsgServer` and `QueryServer` registration is done by implementing the `HasServices` extension interface: + +```go +type HasServices interface { + AppModule + + RegisterServices(grpc.ServiceRegistrar) +} + +``` + +Because of the `cosmos.msg.v1.service` protobuf option, required for `Msg` services, the same `ServiceRegitrar` can be +used to register both `Msg` and query services. + +#### Genesis + +The genesis `Handler` functions - `DefaultGenesis`, `ValidateGenesis`, `InitGenesis` and `ExportGenesis` - are specified +against the `GenesisSource` and `GenesisTarget` interfaces which will abstract over genesis sources which may be a single +JSON object or collections of JSON objects that can be efficiently streamed. + +```go +// GenesisSource is a source for genesis data in JSON format. It may abstract over a +// single JSON object or separate files for each field in a JSON object that can +// be streamed over. Modules should open a separate io.ReadCloser for each field that +// is required. When fields represent arrays they can efficiently be streamed +// over. If there is no data for a field, this function should return nil, nil. It is +// important that the caller closes the reader when done with it. +type GenesisSource = func(field string) (io.ReadCloser, error) + +// GenesisTarget is a target for writing genesis data in JSON format. It may +// abstract over a single JSON object or JSON in separate files that can be +// streamed over. Modules should open a separate io.WriteCloser for each field +// and should prefer writing fields as arrays when possible to support efficient +// iteration. It is important the caller closers the writer AND checks the error +// when done with it. It is expected that a stream of JSON data is written +// to the writer. +type GenesisTarget = func(field string) (io.WriteCloser, error) +``` + +All genesis objects for a given module are expected to conform to the semantics of a JSON object. +Each field in the JSON object should be read and written separately to support streaming genesis. +The [ORM](adr-055-orm.md) and [collections](adr-062-collections-state-layer.md) both support +streaming genesis and modules using these frameworks generally do not need to write any manual +genesis code. + +To support genesis, modules should implement the `HasGenesis` extension interface: + +```go +type HasGenesis interface { + AppModule + + // DefaultGenesis writes the default genesis for this module to the target. + DefaultGenesis(GenesisTarget) error + + // ValidateGenesis validates the genesis data read from the source. + ValidateGenesis(GenesisSource) error + + // InitGenesis initializes module state from the genesis source. + InitGenesis(context.Context, GenesisSource) error + + // ExportGenesis exports module state to the genesis target. + ExportGenesis(context.Context, GenesisTarget) error +} +``` + +#### Begin and End Blockers + +Modules that have functionality that runs before transactions (begin blockers) or after transactions +(end blockers) should implement the has `HasBeginBlocker` and/or `HasEndBlocker` interfaces: + +```go +type HasBeginBlocker interface { + AppModule + BeginBlock(context.Context) error +} + +type HasEndBlocker interface { + AppModule + EndBlock(context.Context) error +} +``` + +The `BeginBlock` and `EndBlock` methods will take a `context.Context`, because: + +* most modules don't need Comet information other than `BlockInfo` so we can eliminate dependencies on specific +Comet versions +* for the few modules that need Comet block headers and/or return validator updates, specific versions of the +runtime module will provide specific functionality for interacting with the specific version(s) of Comet +supported + +In order for `BeginBlock`, `EndBlock` and `InitGenesis` to send back validator updates and retrieve full Comet +block headers, the runtime module for a specific version of Comet could provide services like this: + +```go +type ValidatorUpdateService interface { + SetValidatorUpdates(context.Context, []abci.ValidatorUpdate) +} +``` + +Header Service defines a way to get header information about a block. This information is generalized for all implementations: + +```go + +type Service interface { + GetHeaderInfo(context.Context) Info +} + +type Info struct { + Height int64 // Height returns the height of the block + Hash []byte // Hash returns the hash of the block header + Time time.Time // Time returns the time of the block + ChainID string // ChainId returns the chain ID of the block +} +``` + +Comet Service provides a way to get comet specific information: + +```go +type Service interface { + GetCometInfo(context.Context) Info +} + +type CometInfo struct { + Evidence []abci.Misbehavior // Misbehavior returns the misbehavior of the block + // ValidatorsHash returns the hash of the validators + // For Comet, it is the hash of the next validators + ValidatorsHash []byte + ProposerAddress []byte // ProposerAddress returns the address of the block proposer + DecidedLastCommit abci.CommitInfo // DecidedLastCommit returns the last commit info +} +``` + +If a user would like to provide a module other information they would need to implement another service like: + +```go +type RollKit Interface { + ... +} +``` + +We know these types will change at the Comet level and that also a very limited set of modules actually need this +functionality, so they are intentionally kept out of core to keep core limited to the necessary, minimal set of stable +APIs. + +#### Remaining Parts of AppModule + +The current `AppModule` framework handles a number of additional concerns which aren't addressed by this core API. +These include: + +* gas +* block headers +* upgrades +* registration of gogo proto and amino interface types +* cobra query and tx commands +* gRPC gateway +* crisis module invariants +* simulations + +Additional `AppModule` extension interfaces either inside or outside of core will need to be specified to handle +these concerns. + +In the case of gogo proto and amino interfaces, the registration of these generally should happen as early +as possible during initialization and in [ADR 057: App Wiring](./adr-057-app-wiring.md), protobuf type registration +happens before dependency injection (although this could alternatively be done dedicated DI providers). + +gRPC gateway registration should probably be handled by the runtime module, but the core API shouldn't depend on gRPC +gateway types as 1) we are already using an older version and 2) it's possible the framework can do this registration +automatically in the future. So for now, the runtime module should probably provide some sort of specific type for doing +this registration ex: + +```go +type GrpcGatewayInfo struct { + Handlers []GrpcGatewayHandler +} + +type GrpcGatewayHandler func(ctx context.Context, mux *runtime.ServeMux, client QueryClient) error +``` + +which modules can return in a provider: + +```go +func ProvideGrpcGateway() GrpcGatewayInfo { + return GrpcGatewayinfo { + Handlers: []Handler {types.RegisterQueryHandlerClient} + } +} +``` + +Crisis module invariants and simulations are subject to potential redesign and should be managed with types +defined in the crisis and simulation modules respectively. + +Extension interface for CLI commands will be provided via the `cosmossdk.io/client/v2` module and its +[autocli](adr-058-auto-generated-cli.md) framework. + +#### Example Usage + +Here is an example of setting up a hypothetical `foo` v2 module which uses the [ORM](adr-055-orm.md) for its state +management and genesis. + +```go + +type Keeper struct { + db orm.ModuleDB + evtSrv event.Service +} + +func (k Keeper) RegisterServices(r grpc.ServiceRegistrar) { + foov1.RegisterMsgServer(r, k) + foov1.RegisterQueryServer(r, k) +} + +func (k Keeper) BeginBlock(context.Context) error { + return nil +} + +func ProvideApp(config *foomodulev2.Module, evtSvc event.EventService, db orm.ModuleDB) (Keeper, appmodule.AppModule){ + k := &Keeper{db: db, evtSvc: evtSvc} + return k, k +} +``` + +### Runtime Compatibility Version + +The `core` module will define a static integer var, `cosmossdk.io/core.RuntimeCompatibilityVersion`, which is +a minor version indicator of the core module that is accessible at runtime. Correct runtime module implementations +should check this compatibility version and return an error if the current `RuntimeCompatibilityVersion` is higher +than the version of the core API that this runtime version can support. When new features are adding to the `core` +module API that runtime modules are required to support, this version should be incremented. + +### Testing + +A mock implementation of all services should be provided in core to allow for unit testing of modules +without needing to depend on any particular version of runtime. Mock services should +allow tests to observe service behavior or provide a non-production implementation - for instance memory +stores can be used to mock stores. + +For integration testing, a mock runtime implementation should be provided that allows composing different app modules +together for testing without a dependency on runtime or Comet. + +## Consequences + +### Backwards Compatibility + +Early versions of runtime modules should aim to support as much as possible modules built with the existing +`AppModule`/`sdk.Context` framework. As the core API is more widely adopted, later runtime versions may choose to +drop support and only support the core API plus any runtime module specific APIs (like specific versions of Comet). + +The core module itself should strive to remain at the go semantic version `v1` as long as possible and follow design +principles that allow for strong long-term support (LTS). + +Older versions of the SDK can support modules built against core with adaptors that convert wrap core `AppModule` +implementations in implementations of `AppModule` that conform to that version of the SDK's semantics as well +as by providing service implementations by wrapping `sdk.Context`. + +### Positive + +* better API encapsulation and separation of concerns +* more stable APIs +* more framework extensibility +* deterministic events and queries +* event listeners +* inter-module msg and query execution support +* more explicit support for forking and merging of module versions (including runtime) + +### Negative + +### Neutral + +* modules will need to be refactored to use this API +* some replacements for `AppModule` functionality still need to be defined in follow-ups + (type registration, commands, invariants, simulations) and this will take additional design work + +## Further Discussions + +* gas +* block headers +* upgrades +* registration of gogo proto and amino interface types +* cobra query and tx commands +* gRPC gateway +* crisis module invariants +* simulations + +## References + +* [ADR 033: Protobuf-based Inter-Module Communication](adr-033-protobuf-inter-module-comm.md) +* [ADR 057: App Wiring](./adr-057-app-wiring.md) +* [ADR 055: ORM](adr-055-orm.md) +* [ADR 028: Public Key Addresses](adr-028-public-key-addresses.md) +* [Keeping Your Modules Compatible](https://go.dev/blog/module-compatibility) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-064-abci-2.0.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-064-abci-2.0.md new file mode 100644 index 00000000..9a471805 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-064-abci-2.0.md @@ -0,0 +1,461 @@ +# ADR 64: ABCI 2.0 Integration (Phase II) + +## Changelog + +* 2023-01-17: Initial Draft (@alexanderbez) +* 2023-04-06: Add upgrading section (@alexanderbez) +* 2023-04-10: Simplify vote extension state persistence (@alexanderbez) + +## Status + +ACCEPTED + +## Abstract + +This ADR outlines the continuation of the efforts to implement ABCI++ in the Cosmos +SDK outlined in [ADR 060: ABCI 1.0 (Phase I)](adr-060-abci-1.0.md). + +Specifically, this ADR outlines the design and implementation of ABCI 2.0, which +includes `ExtendVote`, `VerifyVoteExtension` and `FinalizeBlock`. + +## Context + +ABCI 2.0 continues the promised updates from ABCI++, specifically three additional +ABCI methods that the application can implement in order to gain further control, +insight and customization of the consensus process, unlocking many novel use-cases +that previously not possible. We describe these three new methods below: + +### `ExtendVote` + +This method allows each validator process to extend the pre-commit phase of the +CometBFT consensus process. Specifically, it allows the application to perform +custom business logic that extends the pre-commit vote and supply additional data +as part of the vote, although they are signed separately by the same key. + +The data, called vote extension, will be broadcast and received together with the +vote it is extending, and will be made available to the application in the next +height. Specifically, the proposer of the next block will receive the vote extensions +in `RequestPrepareProposal.local_last_commit.votes`. + +If the application does not have vote extension information to provide, it +returns a 0-length byte array as its vote extension. + +**NOTE**: + +* Although each validator process submits its own vote extension, ONLY the *proposer* + of the *next* block will receive all the vote extensions included as part of the + pre-commit phase of the previous block. This means only the proposer will + implicitly have access to all the vote extensions, via `RequestPrepareProposal`, + and that not all vote extensions may be included, since a validator does not + have to wait for all pre-commits, only 2/3. +* The pre-commit vote is signed independently from the vote extension. + +### `VerifyVoteExtension` + +This method allows validators to validate the vote extension data attached to +each pre-commit message it receives. If the validation fails, the whole pre-commit +message will be deemed invalid and ignored by CometBFT. + +CometBFT uses `VerifyVoteExtension` when validating a pre-commit vote. Specifically, +for a pre-commit, CometBFT will: + +* Reject the message if it doesn't contain a signed vote AND a signed vote extension +* Reject the message if the vote's signature OR the vote extension's signature fails to verify +* Reject the message if `VerifyVoteExtension` was rejected by the app + +Otherwise, CometBFT will accept the pre-commit message. + +Note, this has important consequences on liveness, i.e., if vote extensions repeatedly +cannot be verified by correct validators, CometBFT may not be able to finalize +a block even if sufficiently many (+2/3) validators send pre-commit votes for +that block. Thus, `VerifyVoteExtension` should be used with special care. + +CometBFT recommends that an application that detects an invalid vote extension +SHOULD accept it in `ResponseVerifyVoteExtension` and ignore it in its own logic. + +### `FinalizeBlock` + +This method delivers a decided block to the application. The application must +execute the transactions in the block deterministically and update its state +accordingly. Cryptographic commitments to the block and transaction results, +returned via the corresponding parameters in `ResponseFinalizeBlock`, are +included in the header of the next block. CometBFT calls it when a new block +is decided. + +In other words, `FinalizeBlock` encapsulates the current ABCI execution flow of +`BeginBlock`, one or more `DeliverTx`, and `EndBlock` into a single ABCI method. +CometBFT will no longer execute requests for these legacy methods and instead +will just simply call `FinalizeBlock`. + +## Decision + +We will discuss changes to the Cosmos SDK to implement ABCI 2.0 in two distinct +phases, `VoteExtensions` and `FinalizeBlock`. + +### `VoteExtensions` + +Similarly for `PrepareProposal` and `ProcessProposal`, we propose to introduce +two new handlers that an application can implement in order to provide and verify +vote extensions. + +We propose the following new handlers for applications to implement: + +```go +type ExtendVoteHandler func(sdk.Context, abci.RequestExtendVote) abci.ResponseExtendVote +type VerifyVoteExtensionHandler func(sdk.Context, abci.RequestVerifyVoteExtension) abci.ResponseVerifyVoteExtension +``` + +A new execution state, `voteExtensionState`, will be introduced and provided as +the `Context` that is supplied to both handlers. It will contain relevant metadata +such as the block height and block hash. Note, `voteExtensionState` is never +committed and will exist as ephemeral state only in the context of a single block. + +If an application decides to implement `ExtendVoteHandler`, it must return a +non-nil `ResponseExtendVote.VoteExtension`. + +Recall, an implementation of `ExtendVoteHandler` does NOT need to be deterministic, +however, given a set of vote extensions, `VerifyVoteExtensionHandler` must be +deterministic, otherwise the chain may suffer from liveness faults. In addition, +recall CometBFT proceeds in rounds for each height, so if a decision cannot be +made about about a block proposal at a given height, CometBFT will proceed to the +next round and thus will execute `ExtendVote` and `VerifyVoteExtension` again for +the new round for each validator until 2/3 valid pre-commits can be obtained. + +Given the broad scope of potential implementations and use-cases of vote extensions, +and how to verify them, most applications should choose to implement the handlers +through a single handler type, which can have any number of dependencies injected +such as keepers. In addition, this handler type could contain some notion of +volatile vote extension state management which would assist in vote extension +verification. This state management could be ephemeral or could be some form of +on-disk persistence. + +Example: + +```go +// VoteExtensionHandler implements an Oracle vote extension handler. +type VoteExtensionHandler struct { + cdc Codec + mk MyKeeper + state VoteExtState // This could be a map or a DB connection object +} + +// ExtendVoteHandler can do something with h.mk and possibly h.state to create +// a vote extension, such as fetching a series of prices for supported assets. +func (h VoteExtensionHandler) ExtendVoteHandler(ctx sdk.Context, req abci.RequestExtendVote) abci.ResponseExtendVote { + prices := GetPrices(ctx, h.mk.Assets()) + bz, err := EncodePrices(h.cdc, prices) + if err != nil { + panic(fmt.Errorf("failed to encode prices for vote extension: %w", err)) + } + + // store our vote extension at the given height + // + // NOTE: Vote extensions can be overridden since we can timeout in a round. + SetPrices(h.state, req, bz) + + return abci.ResponseExtendVote{VoteExtension: bz} +} + +// VerifyVoteExtensionHandler can do something with h.state and req to verify +// the req.VoteExtension field, such as ensuring the provided oracle prices are +// within some valid range of our prices. +func (h VoteExtensionHandler) VerifyVoteExtensionHandler(ctx sdk.Context, req abci.RequestVerifyVoteExtension) abci.ResponseVerifyVoteExtension { + prices, err := DecodePrices(h.cdc, req.VoteExtension) + if err != nil { + log("failed to decode vote extension", "err", err) + return abci.ResponseVerifyVoteExtension{Status: REJECT} + } + + if err := ValidatePrices(h.state, req, prices); err != nil { + log("failed to validate vote extension", "prices", prices, "err", err) + return abci.ResponseVerifyVoteExtension{Status: REJECT} + } + + // store updated vote extensions at the given height + // + // NOTE: Vote extensions can be overridden since we can timeout in a round. + SetPrices(h.state, req, req.VoteExtension) + + return abci.ResponseVerifyVoteExtension{Status: ACCEPT} +} +``` + +#### Vote Extension Propagation & Verification + +As mentioned previously, vote extensions for height `H` are only made available +to the proposer at height `H+1` during `PrepareProposal`. However, in order to +make vote extensions useful, all validators should have access to the agreed upon +vote extensions at height `H` during `H+1`. + +Since CometBFT includes all the vote extension signatures in `RequestPrepareProposal`, +we propose that the proposing validator manually "inject" the vote extensions +along with their respective signatures via a special transaction, `VoteExtsTx`, +into the block proposal during `PrepareProposal`. The `VoteExtsTx` will be +populated with a single `ExtendedCommitInfo` object which is received directly +from `RequestPrepareProposal`. + +For convention, the `VoteExtsTx` transaction should be the first transaction in +the block proposal, although chains can implement their own preferences. For +safety purposes, we also propose that the proposer itself verify all the vote +extension signatures it receives in `RequestPrepareProposal`. + +A validator, upon a `RequestProcessProposal`, will receive the injected `VoteExtsTx` +which includes the vote extensions along with their signatures. If no such transaction +exists, the validator MUST REJECT the proposal. + +When a validator inspects a `VoteExtsTx`, it will evaluate each `SignedVoteExtension`. +For each signed vote extension, the validator will generate the signed bytes and +verify the signature. At least 2/3 valid signatures, based on voting power, must +be received in order for the block proposal to be valid, otherwise the validator +MUST REJECT the proposal. + +In order to have the ability to validate signatures, `BaseApp` must have access +to the `x/staking` module, since this module stores an index from consensus +address to public key. However, we will avoid a direct dependency on `x/staking` +and instead rely on an interface instead. In addition, the Cosmos SDK will expose +a default signature verification method which applications can use: + +```go +type ValidatorStore interface { + GetValidatorByConsAddr(sdk.Context, cryptotypes.Address) (cryptotypes.PubKey, error) +} + +// ValidateVoteExtensions is a function that an application can execute in +// ProcessProposal to verify vote extension signatures. +func (app *BaseApp) ValidateVoteExtensions(ctx sdk.Context, currentHeight int64, extCommit abci.ExtendedCommitInfo) error { + for _, vote := range extCommit.Votes { + if !vote.SignedLastBlock || len(vote.VoteExtension) == 0 { + continue + } + + valConsAddr := cmtcrypto.Address(vote.Validator.Address) + + validator, err := app.validatorStore.GetValidatorByConsAddr(ctx, valConsAddr) + if err != nil { + return fmt.Errorf("failed to get validator %s for vote extension", valConsAddr) + } + + cmtPubKey, err := validator.CmtConsPublicKey() + if err != nil { + return fmt.Errorf("failed to convert public key: %w", err) + } + + if len(vote.ExtensionSignature) == 0 { + return fmt.Errorf("received a non-empty vote extension with empty signature for validator %s", valConsAddr) + } + + cve := cmtproto.CanonicalVoteExtension{ + Extension: vote.VoteExtension, + Height: currentHeight - 1, // the vote extension was signed in the previous height + Round: int64(extCommit.Round), + ChainId: app.GetChainID(), + } + + extSignBytes, err := cosmosio.MarshalDelimited(&cve) + if err != nil { + return fmt.Errorf("failed to encode CanonicalVoteExtension: %w", err) + } + + if !cmtPubKey.VerifySignature(extSignBytes, vote.ExtensionSignature) { + return errors.New("received vote with invalid signature") + } + + return nil + } +} +``` + +Once at least 2/3 signatures, by voting power, are received and verified, the +validator can use the vote extensions to derive additional data or come to some +decision based on the vote extensions. + +> NOTE: It is very important to state, that neither the vote propagation technique +> nor the vote extension verification mechanism described above is required for +> applications to implement. In other words, a proposer is not required to verify +> and propagate vote extensions along with their signatures nor are proposers +> required to verify those signatures. An application can implement it's own +> PKI mechanism and use that to sign and verify vote extensions. + +#### Vote Extension Persistence + +In certain contexts, it may be useful or necessary for applications to persist +data derived from vote extensions. In order to facilitate this use case, we +propose to allow application developers to manually retrieve the `finalizeState` +context (see [`FinalizeBlock`](#finalizeblock-1) below). Using this context, +state can be directly written to `finalizeState`, which will be used during +`FinalizeBlock` and eventually committed to the application state. Note, since +`ProcessProposal` can timeout and thus require another round of consensus, we +will reset `finalizeState` in the beginning of `ProcessProposal`. + +A `ProcessProposal` handler could look like the following: + +```go +func (h MyHandler) ProcessProposalHandler() sdk.ProcessProposalHandler { + return func(ctx sdk.Context, req abci.RequestProcessProposal) abci.ResponseProcessProposal { + for _, txBytes := range req.Txs { + _, err := h.app.ProcessProposalVerifyTx(txBytes) + if err != nil { + return abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT} + } + } + + fCtx := h.app.GetFinalizeState() + + // Any state changes that occur on the provided fCtx WILL be written to state! + h.myKeeper.SetVoteExtResult(fCtx, ...) + + return abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT} + } +} +``` + +### `FinalizeBlock` + +The existing ABCI methods `BeginBlock`, `DeliverTx`, and `EndBlock` have existed +since the dawn of ABCI-based applications. Thus, applications, tooling, and developers +have grown used to these methods and their use-cases. Specifically, `BeginBlock` +and `EndBlock` have grown to be pretty integral and powerful within ABCI-based +applications. E.g. an application might want to run distribution and inflation +related operations prior to executing transactions and then have staking related +changes to happen after executing all transactions. + +We propose to keep `BeginBlock` and `EndBlock` within the SDK's core module +interfaces only so application developers can continue to build against existing +execution flows. However, we will remove `BeginBlock`, `DeliverTx` and `EndBlock` +from the SDK's `BaseApp` implementation and thus the ABCI surface area. + +What will then exist is a single `FinalizeBlock` execution flow. Specifically, in +`FinalizeBlock` we will execute the application's `BeginBlock`, followed by +execution of all the transactions, finally followed by execution of the application's +`EndBlock`. + +Note, we will still keep the existing transaction execution mechanics within +`BaseApp`, but all notions of `DeliverTx` will be removed, i.e. `deliverState` +will be replace with `finalizeState`, which will be committed on `Commit`. + +However, there are current parameters and fields that exist in the existing +`BeginBlock` and `EndBlock` ABCI types, such as votes that are used in distribution +and byzantine validators used in evidence handling. These parameters exist in the +`FinalizeBlock` request type, and will need to be passed to the application's +implementations of `BeginBlock` and `EndBlock`. + +This means the Cosmos SDK's core module interfaces will need to be updated to +reflect these parameters. The easiest and most straightforward way to achieve +this is to just pass `RequestFinalizeBlock` to `BeginBlock` and `EndBlock`. +Alternatively, we can create dedicated proxy types in the SDK that reflect these +legacy ABCI types, e.g. `LegacyBeginBlockRequest` and `LegacyEndBlockRequest`. Or, +we can come up with new types and names altogether. + +```go +func (app *BaseApp) FinalizeBlock(req abci.RequestFinalizeBlock) abci.ResponseFinalizeBlock { + // merge any state changes from ProcessProposal into the FinalizeBlock state + app.MergeProcessProposalState() + + beginBlockResp := app.beginBlock(ctx, req) + appendBlockEventAttr(beginBlockResp.Events, "begin_block") + + txExecResults := make([]abci.ExecTxResult, 0, len(req.Txs)) + for _, tx := range req.Txs { + result := app.runTx(runTxModeFinalize, tx) + txExecResults = append(txExecResults, result) + } + + endBlockResp := app.endBlock(ctx, req) + appendBlockEventAttr(beginBlockResp.Events, "end_block") + + return abci.ResponseFinalizeBlock{ + TxResults: txExecResults, + Events: joinEvents(beginBlockResp.Events, endBlockResp.Events), + ValidatorUpdates: endBlockResp.ValidatorUpdates, + ConsensusParamUpdates: endBlockResp.ConsensusParamUpdates, + AppHash: nil, + } +} +``` + +#### Events + +Many tools, indexers and ecosystem libraries rely on the existence `BeginBlock` +and `EndBlock` events. Since CometBFT now only exposes `FinalizeBlockEvents`, we +find that it will still be useful for these clients and tools to still query for +and rely on existing events, especially since applications will still define +`BeginBlock` and `EndBlock` implementations. + +In order to facilitate existing event functionality, we propose that all `BeginBlock` +and `EndBlock` events have a dedicated `EventAttribute` with `key=block` and +`value=begin_block|end_block`. The `EventAttribute` will be appended to each event +in both `BeginBlock` and `EndBlock` events`. + + +### Upgrading + +CometBFT defines a consensus parameter, [`VoteExtensionsEnableHeight`](https://github.com/cometbft/cometbft/blob/v0.38.0-alpha.1/spec/abci/abci%2B%2B_app_requirements.md#abciparamsvoteextensionsenableheight), +which specifies the height at which vote extensions are enabled and **required**. +If the value is set to zero, which is the default, then vote extensions are +disabled and an application is not required to implement and use vote extensions. + +However, if the value `H` is positive, at all heights greater than the configured +height `H` vote extensions must be present (even if empty). When the configured +height `H` is reached, `PrepareProposal` will not include vote extensions yet, +but `ExtendVote` and `VerifyVoteExtension` will be called. Then, when reaching +height `H+1`, `PrepareProposal` will include the vote extensions from height `H`. + +It is very important to note, for all heights after H: + +* Vote extensions CANNOT be disabled +* They are mandatory, i.e. all pre-commit messages sent MUST have an extension + attached (even if empty) + +When an application updates to the Cosmos SDK version with CometBFT v0.38 support, +in the upgrade handler it must ensure to set the consensus parameter +`VoteExtensionsEnableHeight` to the correct value. E.g. if an application is set +to perform an upgrade at height `H`, then the value of `VoteExtensionsEnableHeight` +should be set to any value `>=H+1`. This means that at the upgrade height, `H`, +vote extensions will not be enabled yet, but at height `H+1` they will be enabled. + +## Consequences + +### Backwards Compatibility + +ABCI 2.0 is naturally not backwards compatible with prior versions of the Cosmos SDK +and CometBFT. For example, an application that requests `RequestFinalizeBlock` +to the same application that does not speak ABCI 2.0 will naturally fail. + +In addition, `BeginBlock`, `DeliverTx` and `EndBlock` will be removed from the +application ABCI interfaces and along with the inputs and outputs being modified +in the module interfaces. + +### Positive + +* `BeginBlock` and `EndBlock` semantics remain, so burden on application developers + should be limited. +* Less communication overhead as multiple ABCI requests are condensed into a single + request. +* Sets the groundwork for optimistic execution. +* Vote extensions allow for an entirely new set of application primitives to be + developed, such as in-process price oracles and encrypted mempools. + +### Negative + +* Some existing Cosmos SDK core APIs may need to be modified and thus broken. +* Signature verification in `ProcessProposal` of 100+ vote extension signatures + will add significant performance overhead to `ProcessProposal`. Granted, the + signature verification process can happen concurrently using an error group + with `GOMAXPROCS` goroutines. + +### Neutral + +* Having to manually "inject" vote extensions into the block proposal during + `PrepareProposal` is an awkward approach and takes up block space unnecessarily. +* The requirement of `ResetProcessProposalState` can create a footgun for + application developers if they're not careful, but this is necessary in order + for applications to be able to commit state from vote extension computation. + +## Further Discussions + +Future discussions include design and implementation of ABCI 3.0, which is a +continuation of ABCI++ and the general discussion of optimistic execution. + +## References + +* [ADR 060: ABCI 1.0 (Phase I)](adr-060-abci-1.0.md) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-065-store-v2.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-065-store-v2.md new file mode 100644 index 00000000..67c1830f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-065-store-v2.md @@ -0,0 +1,290 @@ +# ADR-065: Store V2 + +## Changelog + +* Feb 14, 2023: Initial Draft (@alexanderbez) + +## Status + +DRAFT + +## Abstract + +The storage and state primitives that Cosmos SDK based applications have used have +by and large not changed since the launch of the inaugural Cosmos Hub. The demands +and needs of Cosmos SDK based applications, from both developer and client UX +perspectives, have evolved and outgrown the ecosystem since these primitives +were first introduced. + +Over time as these applications have gained significant adoption, many critical +shortcomings and flaws have been exposed in the state and storage primitives of +the Cosmos SDK. + +In order to keep up with the evolving demands and needs of both clients and developers, +a major overhaul to these primitives are necessary. + +## Context + +The Cosmos SDK provides application developers with various storage primitives +for dealing with application state. Specifically, each module contains its own +merkle commitment data structure -- an IAVL tree. In this data structure, a module +can store and retrieve key-value pairs along with Merkle commitments, i.e. proofs, +to those key-value pairs indicating that they do or do not exist in the global +application state. This data structure is the base layer `KVStore`. + +In addition, the SDK provides abstractions on top of this Merkle data structure. +Namely, a root multi-store (RMS) is a collection of each module's `KVStore`. +Through the RMS, the application can serve queries and provide proofs to clients +in addition to provide a module access to its own unique `KVStore` though the use +of `StoreKey`, which is an OCAP primitive. + +There are further layers of abstraction that sit between the RMS and the underlying +IAVL `KVStore`. A `GasKVStore` is responsible for tracking gas IO consumption for +state machine reads and writes. A `CacheKVStore` is responsible for providing a +way to cache reads and buffer writes to make state transitions atomic, e.g. +transaction execution or governance proposal execution. + +There are a few critical drawbacks to these layers of abstraction and the overall +design of storage in the Cosmos SDK: + +* Since each module has its own IAVL `KVStore`, commitments are not [atomic](https://github.com/cosmos/cosmos-sdk/issues/14625) + * Note, we can still allow modules to have their own IAVL `KVStore`, but the + IAVL library will need to support the ability to pass a DB instance as an + argument to various IAVL APIs. +* Since IAVL is responsible for both state storage and commitment, running an + archive node becomes increasingly expensive as disk space grows exponentially. +* As the size of a network increases, various performance bottlenecks start to + emerge in many areas such as query performance, network upgrades, state + migrations, and general application performance. +* Developer UX is poor as it does not allow application developers to experiment + with different types of approaches to storage and commitments, along with the + complications of many layers of abstractions referenced above. + +See the [Storage Discussion](https://github.com/cosmos/cosmos-sdk/discussions/13545) for more information. + +## Alternatives + +There was a previous attempt to refactor the storage layer described in [ADR-040](adr-040-storage-and-smt-state-commitments.md). +However, this approach mainly stems on the short comings of IAVL and various performance +issues around it. While there was a (partial) implementation of [ADR-040](adr-040-storage-and-smt-state-commitments.md), +it was never adopted for a variety of reasons, such as the reliance on using an +SMT, which was more in a research phase, and some design choices that couldn't +be fully agreed upon, such as the snap-shotting mechanism that would result in +massive state bloat. + +## Decision + +We propose to build upon some of the great ideas introduced in [ADR-040](adr-040-storage-and-smt-state-commitments.md), +while being a bit more flexible with the underlying implementations and overall +less intrusive. Specifically, we propose to: + +* Separate the concerns of state commitment (**SC**), needed for consensus, and + state storage (**SS**), needed for state machine and clients. +* Reduce layers of abstractions necessary between the RMS and underlying stores. +* Provide atomic module store commitments by providing a batch database object + to core IAVL APIs. +* Reduce complexities in the `CacheKVStore` implementation while also improving + performance[3]. + +Furthermore, we will keep the IAVL is the backing [commitment](https://cryptography.fandom.com/wiki/Commitment_scheme) +store for the time being. While we might not fully settle on the use of IAVL in +the long term, we do not have strong empirical evidence to suggest a better +alternative. Given that the SDK provides interfaces for stores, it should be sufficient +to change the backing commitment store in the future should evidence arise to +warrant a better alternative. However there is promising work being done to IAVL +that should result in significant performance improvement [1,2]. + +### Separating SS and SC + +By separating SS and SC, it will allow for us to optimize against primary use cases +and access patterns to state. Specifically, The SS layer will be responsible for +direct access to data in the form of (key, value) pairs, whereas the SC layer (IAVL) +will be responsible for committing to data and providing Merkle proofs. + +Note, the underlying physical storage database will be the same between both the +SS and SC layers. So to avoid collisions between (key, value) pairs, both layers +will be namespaced. + +#### State Commitment (SC) + +Given that the existing solution today acts as both SS and SC, we can simply +repurpose it to act solely as the SC layer without any significant changes to +access patterns or behavior. In other words, the entire collection of existing +IAVL-backed module `KVStore`s will act as the SC layer. + +However, in order for the SC layer to remain lightweight and not duplicate a +majority of the data held in the SS layer, we encourage node operators to keep +tight pruning strategies. + +#### State Storage (SS) + +In the RMS, we will expose a *single* `KVStore` backed by the same physical +database that backs the SC layer. This `KVStore` will be explicitly namespaced +to avoid collisions and will act as the primary storage for (key, value) pairs. + +While we most likely will continue the use of `cosmos-db`, or some local interface, +to allow for flexibility and iteration over preferred physical storage backends +as research and benchmarking continues. However, we propose to hardcode the use +of RocksDB as the primary physical storage backend. + +Since the SS layer will be implemented as a `KVStore`, it will support the +following functionality: + +* Range queries +* CRUD operations +* Historical queries and versioning +* Pruning + +The RMS will keep track of all buffered writes using a dedicated and internal +`MemoryListener` for each `StoreKey`. For each block height, upon `Commit`, the +SS layer will write all buffered (key, value) pairs under a [RocksDB user-defined timestamp](https://github.com/facebook/rocksdb/wiki/User-defined-Timestamp-%28Experimental%29) column +family using the block height as the timestamp, which is an unsigned integer. +This will allow a client to fetch (key, value) pairs at historical and current +heights along with making iteration and range queries relatively performant as +the timestamp is the key suffix. + +Note, we choose not to use a more general approach of allowing any embedded key/value +database, such as LevelDB or PebbleDB, using height key-prefixed keys to +effectively version state because most of these databases use variable length +keys which would effectively make actions likes iteration and range queries less +performant. + +Since operators might want pruning strategies to differ in SS compared to SC, +e.g. having a very tight pruning strategy in SC while having a looser pruning +strategy for SS, we propose to introduce an additional pruning configuration, +with parameters that are identical to what exists in the SDK today, and allow +operators to control the pruning strategy of the SS layer independently of the +SC layer. + +Note, the SC pruning strategy must be congruent with the operator's state sync +configuration. This is so as to allow state sync snapshots to execute successfully, +otherwise, a snapshot could be triggered on a height that is not available in SC. + +#### State Sync + +The state sync process should be largely unaffected by the separation of the SC +and SS layers. However, if a node syncs via state sync, the SS layer of the node +will not have the state synced height available, since the IAVL import process is +not setup in way to easily allow direct key/value insertion. A modification of +the IAVL import process would be necessary to facilitate having the state sync +height available. + +Note, this is not problematic for the state machine itself because when a query +is made, the RMS will automatically direct the query correctly (see [Queries](#queries)). + +#### Queries + +To consolidate the query routing between both the SC and SS layers, we propose to +have a notion of a "query router" that is constructed in the RMS. This query router +will be supplied to each `KVStore` implementation. The query router will route +queries to either the SC layer or the SS layer based on a few parameters. If +`prove: true`, then the query must be routed to the SC layer. Otherwise, if the +query height is available in the SS layer, the query will be served from the SS +layer. Otherwise, we fall back on the SC layer. + +If no height is provided, the SS layer will assume the latest height. The SS +layer will store a reverse index to lookup `LatestVersion -> timestamp(version)` +which is set on `Commit`. + +#### Proofs + +Since the SS layer is naturally a storage layer only, without any commitments +to (key, value) pairs, it cannot provide Merkle proofs to clients during queries. + +Since the pruning strategy against the SC layer is configured by the operator, +we can therefore have the RMS route the query SC layer if the version exists and +`prove: true`. Otherwise, the query will fall back to the SS layer without a proof. + +We could explore the idea of using state snapshots to rebuild an in-memory IAVL +tree in real time against a version closest to the one provided in the query. +However, it is not clear what the performance implications will be of this approach. + +### Atomic Commitment + +We propose to modify the existing IAVL APIs to accept a batch DB object instead +of relying on an internal batch object in `nodeDB`. Since each underlying IAVL +`KVStore` shares the same DB in the SC layer, this will allow commits to be +atomic. + +Specifically, we propose to: + +* Remove the `dbm.Batch` field from `nodeDB` +* Update the `SaveVersion` method of the `MutableTree` IAVL type to accept a batch object +* Update the `Commit` method of the `CommitKVStore` interface to accept a batch object +* Create a batch object in the RMS during `Commit` and pass this object to each + `KVStore` +* Write the database batch after all stores have committed successfully + +Note, this will require IAVL to be updated to not rely or assume on any batch +being present during `SaveVersion`. + +## Consequences + +As a result of a new store V2 package, we should expect to see improved performance +for queries and transactions due to the separation of concerns. We should also +expect to see improved developer UX around experimentation of commitment schemes +and storage backends for further performance, in addition to a reduced amount of +abstraction around KVStores making operations such as caching and state branching +more intuitive. + +However, due to the proposed design, there are drawbacks around providing state +proofs for historical queries. + +### Backwards Compatibility + +This ADR proposes changes to the storage implementation in the Cosmos SDK through +an entirely new package. Interfaces may be borrowed and extended from existing +types that exist in `store`, but no existing implementations or interfaces will +be broken or modified. + +### Positive + +* Improved performance of independent SS and SC layers +* Reduced layers of abstraction making storage primitives easier to understand +* Atomic commitments for SC +* Redesign of storage types and interfaces will allow for greater experimentation + such as different physical storage backends and different commitment schemes + for different application modules + +### Negative + +* Providing proofs for historical state is challenging + +### Neutral + +* Keeping IAVL as the primary commitment data structure, although drastic + performance improvements are being made + +## Further Discussions + +### Module Storage Control + +Many modules store secondary indexes that are typically solely used to support +client queries, but are actually not needed for the state machine's state +transitions. What this means is that these indexes technically have no reason to +exist in the SC layer at all, as they take up unnecessary space. It is worth +exploring what an API would look like to allow modules to indicate what (key, value) +pairs they want to be persisted in the SC layer, implicitly indicating the SS +layer as well, as opposed to just persisting the (key, value) pair only in the +SS layer. + +### Historical State Proofs + +It is not clear what the importance or demand is within the community of providing +commitment proofs for historical state. While solutions can be devised such as +rebuilding trees on the fly based on state snapshots, it is not clear what the +performance implications are for such solutions. + +### Physical DB Backends + +This ADR proposes usage of RocksDB to utilize user-defined timestamps as a +versioning mechanism. However, other physical DB backends are available that may +offer alternative ways to implement versioning while also providing performance +improvements over RocksDB. E.g. PebbleDB supports MVCC timestamps as well, but +we'll need to explore how PebbleDB handles compaction and state growth over time. + +## References + +* [1] https://github.com/cosmos/iavl/pull/676 +* [2] https://github.com/cosmos/iavl/pull/664 +* [3] https://github.com/cosmos/cosmos-sdk/issues/14990 diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-template.md b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-template.md new file mode 100644 index 00000000..dcf07343 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/architecture/adr-template.md @@ -0,0 +1,83 @@ +# ADR {ADR-NUMBER}: {TITLE} + +## Changelog + +* {date}: {changelog} + +## Status + +{DRAFT | PROPOSED} Not Implemented + +> Please have a look at the [PROCESS](PROCESS.md#adr-status) page. +> Use DRAFT if the ADR is in a draft stage (draft PR) or PROPOSED if it's in review. + +## Abstract + +> "If you can't explain it simply, you don't understand it well enough." Provide +> a simplified and layman-accessible explanation of the ADR. +> A short (~200 word) description of the issue being addressed. + +## Context + +> This section describes the forces at play, including technological, political, +> social, and project local. These forces are probably in tension, and should be +> called out as such. The language in this section is value-neutral. It is simply +> describing facts. It should clearly explain the problem and motivation that the +> proposal aims to resolve. +> {context body} + +## Alternatives + +> This section describes alternative designs to the chosen design. This section +> is important and if an adr does not have any alternatives then it should be +> considered that the ADR was not thought through. + +## Decision + +> This section describes our response to these forces. It is stated in full +> sentences, with active voice. "We will ..." +> {decision body} + +## Consequences + +> This section describes the resulting context, after applying the decision. All +> consequences should be listed here, not just the "positive" ones. A particular +> decision may have positive, negative, and neutral consequences, but all of them +> affect the team and project in the future. + +### Backwards Compatibility + +> All ADRs that introduce backwards incompatibilities must include a section +> describing these incompatibilities and their severity. The ADR must explain +> how the author proposes to deal with these incompatibilities. ADR submissions +> without a sufficient backwards compatibility treatise may be rejected outright. + +### Positive + +> {positive consequences} + +### Negative + +> {negative consequences} + +### Neutral + +> {neutral consequences} + +## Further Discussions + +> While an ADR is in the DRAFT or PROPOSED stage, this section should contain a +> summary of issues to be solved in future iterations (usually referencing comments +> from a pull-request discussion). +> +> Later, this section can optionally list ideas or improvements the author or +> reviewers found during the analysis of this ADR. + +## Test Cases [optional] + +Test cases for an implementation are mandatory for ADRs that are affecting consensus +changes. Other ADRs can choose to include links to test cases if applicable. + +## References + +* {reference link} diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/build.md b/copy-of-sdk-versioned_docs/version-0.47/build/build.md new file mode 100644 index 00000000..7e009792 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/build.md @@ -0,0 +1,15 @@ +--- +sidebar_position: 0 +--- +# Build + +* [Architecture](./architecture/README.md) - Overview and detailed explanation of the system architecture. +* [Building Apps](./building-apps/00-app-go.md) - The documentation in this section will guide you through the process of developing your dApp using the Cosmos SDK framework. +* [Modules](./modules/README.md) - Information about the various modules available in the Cosmos SDK: Auth, Authz, Bank, Crisis, Distribution, Evidence, Feegrant, Governance, Mint, Params, Slashing, Staking, Upgrade, NFT, Consensus, Circuit, Genutil. +* [Migrations](./migrations/01-intro.md) - See what has been updated in each release the process of the transition between versions. +* [Packages](./packages/README.md) - Explore a curated collection of pre-built modules and functionalities, streamlining the development process. +* [Tooling](./tooling/README.md) - A suite of utilities designed to enhance the development workflow, optimizing the efficiency of Cosmos SDK-based projects. +* [ADR's](./architecture/README.md) - Provides a structured repository of key decisions made during the development process, which have been documented and offers rationale behind key decisions being made. +* [RFC](./rfc/README.md) - A Request for Comments (RFC) is a record of discussion on an open-ended topic related to the design and implementation of the Cosmos SDK, for which no immediate decision is required. +* [Specifications](../build/spec/SPEC_STANDARD.md) - A detailed reference for the specifications of various components and features. +* [REST API](https://docs.cosmos.network/api) - A comprehensive reference for the application programming interfaces (APIs) provided by the SDK. diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/building-apps/00-app-go.md b/copy-of-sdk-versioned_docs/version-0.47/build/building-apps/00-app-go.md new file mode 100644 index 00000000..36366d39 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/building-apps/00-app-go.md @@ -0,0 +1,15 @@ +--- +sidebar_position: 1 + +--- + +# Overview of `app.go` + +This section is intended to provide an overview of the `SimApp` `app.go` file and is still a work in progress. +For now please instead read the [tutorials](https://tutorials.cosmos.network) for a deep dive on how to build a chain. + +## Complete `app.go` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/app.go#L107-L738 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/building-apps/01-app-go-v2.md b/copy-of-sdk-versioned_docs/version-0.47/build/building-apps/01-app-go-v2.md new file mode 100644 index 00000000..57c1ef0a --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/building-apps/01-app-go-v2.md @@ -0,0 +1,132 @@ +--- +sidebar_position: 1 + +--- + +# Overview of `app_v2.go` + +:::note Synopsis + +The Cosmos SDK allows much easier wiring of an `app.go` thanks to App Wiring and [`depinject`](../packages/01-depinject.md). +Learn more about the rationale of App Wiring in [ADR-057](../architecture/adr-057-app-wiring.md). + +::: + +:::note + +### Pre-requisite Readings + +* [ADR 057: App Wiring](../architecture/adr-057-app-wiring.md) +* [Depinject Documentation](../packages/01-depinject.md) +* [Modules depinject-ready](../building-modules/15-depinject.md) + +::: + +This section is intended to provide an overview of the `SimApp` `app_v2.go` file with App Wiring. + +## `app_config.go` + +The `app_config.go` file is the single place to configure all modules parameters. + +1. Create the `AppConfig` variable: + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/app_config.go#L91-L93 + ``` + +2. Configure the `runtime` module: + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/app_config.go#L94-L158 + ``` + +3. Configure the modules defined in the `BeginBlocker` and `EndBlocker` and the `tx` module: + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/app_config.go#L159-L177 + ``` + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/app_config.go#L192-L194 + ``` + +### Complete `app_config.go` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/app_config.go#L52-L254 +``` + +### Alternative formats + +:::tip +The example above shows how to create an `AppConfig` using Go. However, it is also possible to create an `AppConfig` using YAML, or JSON. +The configuration can then be embed with `go:embed` and read with [`appconfig.LoadYAML`](https://pkg.go.dev/cosmossdk.io/core/appconfig#LoadYAML), or [`appconfig.LoadJSON`](https://pkg.go.dev/cosmossdk.io/core/appconfig#LoadJSON), in `app_v2.go`. + +```go +//go:embed app_config.yaml +var ( + appConfigYaml []byte + appConfig = appconfig.LoadYAML(appConfigYaml) +) +``` + +::: + +```yaml +modules: + - name: runtime + config: + "@type": cosmos.app.runtime.v1alpha1.Module + app_name: SimApp + begin_blockers: [staking, auth, bank] + end_blockers: [bank, auth, staking] + init_genesis: [bank, auth, staking] + - name: auth + config: + "@type": cosmos.auth.module.v1.Module + bech32_prefix: cosmos + - name: bank + config: + "@type": cosmos.bank.module.v1.Module + - name: staking + config: + "@type": cosmos.staking.module.v1.Module + - name: tx + config: + "@type": cosmos.tx.module.v1.Module +``` + +A more complete example of `app.yaml` can be found [here](https://github.com/cosmos/cosmos-sdk/blob/91b1d83f1339e235a1dfa929ecc00084101a19e3/simapp/app.yaml). + +## `app_v2.go` + +`app_v2.go` is the place where `SimApp` is constructed. `depinject.Inject` facilitates that by automatically wiring the app modules and keepers, provided an application configuration `AppConfig` is provided. `SimApp` is constructed, when calling the injected `*runtime.AppBuilder`, with `appBuilder.Build(...)`. +In short `depinject` and the [`runtime` package](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/runtime) abstract the wiring of the app, and the `AppBuilder` is the place where the app is constructed. [`runtime`](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/runtime) takes care of registering the codecs, KV store, subspaces and instantiating `baseapp`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/app_v2.go#L158-L291 +``` + +:::warning +When using `depinject.Inject`, the injected types must be pointers. +::: + +### Advanced Configuration + +In advanced cases, it is possible to inject extra (module) configuration in a way that is not (yet) supported by `AppConfig`. +In this case, use `depinject.Configs` for combining the extra configuration and `AppConfig`, and `depinject.Supply` to providing that extra configuration. +More information on how work `depinject.Configs` and `depinject.Supply` can be found in the [`depinject` documentation](https://pkg.go.dev/cosmossdk.io/depinject). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/app_v2.go#L186-L216 +``` + +### Complete `app_v2.go` + +:::tip +Note that in the complete `SimApp` `app_v2.go` file, testing utilities are also defined, but they could as well be defined in a separate file. +::: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/app_v2.go#L75-L395 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/building-apps/02-app-mempool.md b/copy-of-sdk-versioned_docs/version-0.47/build/building-apps/02-app-mempool.md new file mode 100644 index 00000000..9f7f30d4 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/building-apps/02-app-mempool.md @@ -0,0 +1,165 @@ +--- +sidebar_position: 1 + +--- + +# Application mempool + +:::note Synopsis +This sections describes how the app-side mempool can be used and replaced. +::: + +Since `v0.47` the application has its own mempool to allow much more granular +block building than previous versions. This change was enabled by +[ABCI 1.0](https://github.com/cometbft/cometbft/blob/v0.37.0/spec/abci). +Notably it introduces the `PrepareProposal` and `ProcessProposal` steps of ABCI++. + +:::note + +### Pre-requisite Readings + +* [BaseApp](../../learn/advanced/00-baseapp.md) + +::: + +## Prepare Proposal + +`PrepareProposal` handles construction of the block, meaning that when a proposer +is preparing to propose a block, it requests the application to evaluate a +`RequestPrepareProposal`, which contains a series of transactions from CometBFT's +mempool. At this point, the application has complete control over the proposal. +It can modify, delete, and inject transactions from it's own app-side mempool into +the proposal or even ignore all the transactions altogether. What the application +does with the transactions provided to it by `RequestPrepareProposal` have no +effect on CometBFT's mempool. + +Note, that the application defines the semantics of the `PrepareProposal` and it +MAY be non-deterministic and is only executed by the current block proposer. + +Now, reading mempool twice in the previous sentence is confusing, lets break it down. +CometBFT has a mempool that handles gossiping transactions to other nodes +in the network. How these transactions are ordered is determined by CometBFT's +mempool, typically FIFO. However, since the application is able to fully inspect +all transactions, it can provide greater control over transaction ordering. +Allowing the application to handle ordering enables the application to define how +it would like the block constructed. + +Currently, there is a default `PrepareProposal` implementation provided by the application. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/baseapp/baseapp.go#L868-L916 +``` + +This default implementation can be overridden by the application developer in +favor of a custom implementation in [`app.go`](01-app-go-v2.md): + +```go +prepareOpt := func(app *baseapp.BaseApp) { + abciPropHandler := baseapp.NewDefaultProposalHandler(mempool, app) + app.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) +} + +baseAppOptions = append(baseAppOptions, prepareOpt) +``` + +## Process Proposal + +`ProcessProposal` handles the validation of a proposal from `PrepareProposal`, +which also includes a block header. Meaning, that after a block has been proposed +the other validators have the right to vote on a block. The validator in the +default implementation of `PrepareProposal` runs basic validity checks on each +transaction. + +Note, `ProcessProposal` MAY NOT be non-deterministic, i.e. it must be deterministic. +This means if `ProcessProposal` panics or fails and we reject, all honest validator +processes will prevote nil and the CometBFT round will proceed again until a valid +proposal is proposed. + +Here is the implementation of the default implementation: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/baseapp/baseapp.go#L927-L942 +``` + +Like `PrepareProposal` this implementation is the default and can be modified by the application developer in [`app.go`](01-app-go-v2.md): + +```go +processOpt := func(app *baseapp.BaseApp) { + abciPropHandler := baseapp.NewDefaultProposalHandler(mempool, app) + app.SetProcessProposal(abciPropHandler.ProcessProposalHandler()) +} + +baseAppOptions = append(baseAppOptions, processOpt) +``` + +## Mempool + +Now that we have walked through the `PrepareProposal` & `ProcessProposal`, we can move on to walking through the mempool. + +There are countless designs that an application developer can write for a mempool, the SDK opted to provide only simple mempool implementations. +Namely, the SDK provides the following mempools: + +* [No-op Mempool](#no-op-mempool) +* [Sender Nonce Mempool](#sender-nonce-mempool) +* [Priority Nonce Mempool](#priority-nonce-mempool) + +The default SDK is a [No-op Mempool](#no-op-mempool), but it can be replaced by the application developer in [`app.go`](01-app-go-v2.md): + +```go +nonceMempool := mempool.NewSenderNonceMempool() +mempoolOpt := baseapp.SetMempool(nonceMempool) +baseAppOptions = append(baseAppOptions, mempoolOpt) +``` + +### No-op Mempool + +A no-op mempool is a mempool where transactions are completely discarded and ignored when BaseApp interacts with the mempool. +When this mempool is used, it assumed that an application will rely on CometBFT's transaction ordering defined in `RequestPrepareProposal`, +which is FIFO-ordered by default. + +### Sender Nonce Mempool + +The nonce mempool is a mempool that keeps transactions from an sorted by nonce in order to avoid the issues with nonces. +It works by storing the transaction in a list sorted by the transaction nonce. When the proposer asks for transactions to be included in a block it randomly selects a sender and gets the first transaction in the list. It repeats this until the mempool is empty or the block is full. + +It is configurable with the following parameters: + +#### MaxTxs + +It is an integer value that sets the mempool in one of three modes, *bounded*, *unbounded*, or *disabled*. + +* **negative**: Disabled, mempool does not insert new transaction and return early. +* **zero**: Unbounded mempool has no transaction limit and will never fail with `ErrMempoolTxMaxCapacity`. +* **positive**: Bounded, it fails with `ErrMempoolTxMaxCapacity` when `maxTx` value is the same as `CountTx()` + +#### Seed + +Set the seed for the random number generator used to select transactions from the mempool. + +### Priority Nonce Mempool + +The [priority nonce mempool](https://github.com/cosmos/cosmos-sdk/blob/main/types/mempool/priority_nonce_spec.md) is a mempool implementation that stores txs in a partially ordered set by 2 dimensions: + +* priority +* sender-nonce (sequence number) + +Internally it uses one priority ordered [skip list](https://pkg.go.dev/github.com/huandu/skiplist) and one skip list per sender ordered by sender-nonce (sequence number). When there are multiple txs from the same sender, they are not always comparable by priority to other sender txs and must be partially ordered by both sender-nonce and priority. + +It is configurable with the following parameters: + +#### MaxTxs + +It is an integer value that sets the mempool in one of three modes, *bounded*, *unbounded*, or *disabled*. + +* **negative**: Disabled, mempool does not insert new transaction and return early. +* **zero**: Unbounded mempool has no transaction limit and will never fail with `ErrMempoolTxMaxCapacity`. +* **positive**: Bounded, it fails with `ErrMempoolTxMaxCapacity` when `maxTx` value is the same as `CountTx()` + +#### Callback + +The priority nonce mempool provides mempool options allowing the application sets callback(s). + +* **OnRead**: Set a callback to be called when a transaction is read from the mempool. +* **TxReplacement**: Sets a callback to be called when duplicated transaction nonce detected during mempool insert. Application can define a transaction replacement rule based on tx priority or certain transaction fields. + +More information on the SDK mempool implementation can be found in the [godocs](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/types/mempool). diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/building-apps/03-app-upgrade.md b/copy-of-sdk-versioned_docs/version-0.47/build/building-apps/03-app-upgrade.md new file mode 100644 index 00000000..b0a77467 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/building-apps/03-app-upgrade.md @@ -0,0 +1,70 @@ +--- +sidebar_position: 1 + +--- + +# Application upgrade + +:::note +This document describes how to upgrade your application. If you are looking specifically for the changes to perform between SDK versions, see the [SDK migrations documentation](https://docs.cosmos.network/main/migrations/intro). +::: + +:::warning +This section is currently incomplete. Track the progress of this document [here](https://github.com/cosmos/cosmos-sdk/issues/11504). +::: + +## Pre-Upgrade Handling + +Cosmovisor supports custom pre-upgrade handling. Use pre-upgrade handling when you need to implement application config changes that are required in the newer version before you perform the upgrade. + +Using Cosmovisor pre-upgrade handling is optional. If pre-upgrade handling is not implemented, the upgrade continues. + +For example, make the required new-version changes to `app.toml` settings during the pre-upgrade handling. The pre-upgrade handling process means that the file does not have to be manually updated after the upgrade. + +Before the application binary is upgraded, Cosmovisor calls a `pre-upgrade` command that can be implemented by the application. + +The `pre-upgrade` command does not take in any command-line arguments and is expected to terminate with the following exit codes: + +| Exit status code | How it is handled in Cosmosvisor | +|------------------|---------------------------------------------------------------------------------------------------------------------| +| `0` | Assumes `pre-upgrade` command executed successfully and continues the upgrade. | +| `1` | Default exit code when `pre-upgrade` command has not been implemented. | +| `30` | `pre-upgrade` command was executed but failed. This fails the entire upgrade. | +| `31` | `pre-upgrade` command was executed but failed. But the command is retried until exit code `1` or `30` are returned. | + +## Sample + +Here is a sample structure of the `pre-upgrade` command: + +```go +func preUpgradeCommand() *cobra.Command { + cmd := &cobra.Command{ + Use: "pre-upgrade", + Short: "Pre-upgrade command", + Long: "Pre-upgrade command to implement custom pre-upgrade handling", + Run: func(cmd *cobra.Command, args []string) { + + err := HandlePreUpgrade() + + if err != nil { + os.Exit(30) + } + + os.Exit(0) + + }, + } + + return cmd +} +``` + +Ensure that the pre-upgrade command has been registered in the application: + +```go +rootCmd.AddCommand( + // .. + preUpgradeCommand(), + // .. + ) +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/building-apps/_category_.json b/copy-of-sdk-versioned_docs/version-0.47/build/building-apps/_category_.json new file mode 100644 index 00000000..342732cc --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/building-apps/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Building Apps", + "position": 0, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/00-intro.md b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/00-intro.md new file mode 100644 index 00000000..760a739b --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/00-intro.md @@ -0,0 +1,94 @@ +--- +sidebar_position: 1 +--- + +# Introduction to Cosmos SDK Modules + +:::note Synopsis +Modules define most of the logic of Cosmos SDK applications. Developers compose modules together using the Cosmos SDK to build their custom application-specific blockchains. This document outlines the basic concepts behind SDK modules and how to approach module management. +::: + +:::note + +### Pre-requisite Readings + +* [Anatomy of a Cosmos SDK application](../../learn/beginner/00-overview-app.md) +* [Lifecycle of a Cosmos SDK transaction](../../learn/beginner/01-tx-lifecycle.md) + +::: + +## Role of Modules in a Cosmos SDK Application + +The Cosmos SDK can be thought of as the Ruby-on-Rails of blockchain development. It comes with a core that provides the basic functionalities every blockchain application needs, like a [boilerplate implementation of the ABCI](../../learn/advanced/00-baseapp.md) to communicate with the underlying consensus engine, a [`multistore`](../../learn/advanced/04-store.md#multistore) to persist state, a [server](../../learn/advanced/03-node.md) to form a full-node and [interfaces](09-module-interfaces.md) to handle queries. + +On top of this core, the Cosmos SDK enables developers to build modules that implement the business logic of their application. In other words, SDK modules implement the bulk of the logic of applications, while the core does the wiring and enables modules to be composed together. The end goal is to build a robust ecosystem of open-source Cosmos SDK modules, making it increasingly easier to build complex blockchain applications. + +Cosmos SDK modules can be seen as little state-machines within the state-machine. They generally define a subset of the state using one or more `KVStore`s in the [main multistore](../../learn/advanced/04-store.md), as well as a subset of [message types](02-messages-and-queries.md#messages). These messages are routed by one of the main components of Cosmos SDK core, [`BaseApp`](../../learn/advanced/00-baseapp.md), to a module Protobuf [`Msg` service](03-msg-services.md) that defines them. + +```text + + + | + | Transaction relayed from the full-node's consensus engine + | to the node's application via DeliverTx + | + | + | + +---------------------v--------------------------+ + | APPLICATION | + | | + | Using baseapp's methods: Decode the Tx, | + | extract and route the message(s) | + | | + +---------------------+--------------------------+ + | + | + | + +---------------------------+ + | + | + | + | Message routed to the correct + | module to be processed + | + | ++----------------+ +---------------+ +----------------+ +------v----------+ +| | | | | | | | +| AUTH MODULE | | BANK MODULE | | STAKING MODULE | | GOV MODULE | +| | | | | | | | +| | | | | | | Handles message,| +| | | | | | | Updates state | +| | | | | | | | ++----------------+ +---------------+ +----------------+ +------+----------+ + | + | + | + | + +--------------------------+ + | + | Return result to the underlying consensus engine (e.g. CometBFT) + | (0=Ok, 1=Err) + v +``` + +As a result of this architecture, building a Cosmos SDK application usually revolves around writing modules to implement the specialized logic of the application and composing them with existing modules to complete the application. Developers will generally work on modules that implement logic needed for their specific use case that do not exist yet, and will use existing modules for more generic functionalities like staking, accounts, or token management. + +## How to Approach Building Modules as a Developer + +While there are no definitive guidelines for writing modules, here are some important design principles developers should keep in mind when building them: + +* **Composability**: Cosmos SDK applications are almost always composed of multiple modules. This means developers need to carefully consider the integration of their module not only with the core of the Cosmos SDK, but also with other modules. The former is achieved by following standard design patterns outlined [here](#main-components-of-cosmos-sdk-modules), while the latter is achieved by properly exposing the store(s) of the module via the [`keeper`](06-keeper.md). +* **Specialization**: A direct consequence of the **composability** feature is that modules should be **specialized**. Developers should carefully establish the scope of their module and not batch multiple functionalities into the same module. This separation of concerns enables modules to be re-used in other projects and improves the upgradability of the application. **Specialization** also plays an important role in the [object-capabilities model](../../learn/advanced/10-ocap.md) of the Cosmos SDK. +* **Capabilities**: Most modules need to read and/or write to the store(s) of other modules. However, in an open-source environment, it is possible for some modules to be malicious. That is why module developers need to carefully think not only about how their module interacts with other modules, but also about how to give access to the module's store(s). The Cosmos SDK takes a capabilities-oriented approach to inter-module security. This means that each store defined by a module is accessed by a `key`, which is held by the module's [`keeper`](06-keeper.md). This `keeper` defines how to access the store(s) and under what conditions. Access to the module's store(s) is done by passing a reference to the module's `keeper`. + +## Main Components of Cosmos SDK Modules + +Modules are by convention defined in the `./x/` subfolder (e.g. the `bank` module will be defined in the `./x/bank` folder). They generally share the same core components: + +* A [`keeper`](06-keeper.md), used to access the module's store(s) and update the state. +* A [`Msg` service](02-messages-and-queries.md#messages), used to process messages when they are routed to the module by [`BaseApp`](../../learn/advanced/00-baseapp.md#message-routing) and trigger state-transitions. +* A [query service](04-query-services.md), used to process user queries when they are routed to the module by [`BaseApp`](../../learn/advanced/00-baseapp.md#query-routing). +* Interfaces, for end users to query the subset of the state defined by the module and create `message`s of the custom types defined in the module. + +In addition to these components, modules implement the `AppModule` interface in order to be managed by the [`module manager`](01-module-manager.md). + +Please refer to the [structure document](11-structure.md) to learn about the recommended structure of a module's directory. diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/01-module-manager.md b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/01-module-manager.md new file mode 100644 index 00000000..d4e70021 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/01-module-manager.md @@ -0,0 +1,273 @@ +--- +sidebar_position: 1 +--- + +# Module Manager + +:::note Synopsis +Cosmos SDK modules need to implement the [`AppModule` interfaces](#application-module-interfaces), in order to be managed by the application's [module manager](#module-manager). The module manager plays an important role in [`message` and `query` routing](../../learn/advanced/00-baseapp.md#msg-service-router), and allows application developers to set the order of execution of a variety of functions like [`BeginBlocker` and `EndBlocker`](../../learn/beginner/00-overview-app#beginblocker-and-endblocker). +::: + +:::note + +### Pre-requisite Readings + +* [Introduction to Cosmos SDK Modules](00-intro.md) + +::: + +## Application Module Interfaces + +Application module interfaces exist to facilitate the composition of modules together to form a functional Cosmos SDK application. +There are 4 main application module interfaces: + +* [`AppModuleBasic`](#appmodulebasic) for independent module functionalities. +* [`AppModule`](#appmodule) for inter-dependent module functionalities (except genesis-related functionalities). +* [`AppModuleGenesis`](#appmodulegenesis) for inter-dependent genesis-related module functionalities. +* `GenesisOnlyAppModule`: Defines an `AppModule` that only has import/export functionality + +The above interfaces are mostly embedding smaller interfaces (extension interfaces), that defines specific functionalities: + +* `HasName`: Allows the module to provide its own name for legacy purposes. +* [`HasGenesisBasics`](#hasgenesisbasics): The legacy interface for stateless genesis methods. +* [`HasGenesis`](#hasgenesis): The extension interface for stateful genesis methods. +* [`HasInvariants`](#hasinvariants): The extension interface for registering invariants. +* [`HasServices`](#hasservices): The extension interface for modules to register services. +* [`HasConsensusVersion`](#hasconsensusversion): The extension interface for declaring a module consensus version. +* [`BeginBlockAppModule`](#beginblockappmodule): The extension interface that contains information about the `AppModule` and `BeginBlock`. +* [`EndBlockAppModule`](#endblockappmodule): The extension interface that contains information about the `AppModule` and `EndBlock`. +* [`HasPrecommit`](#hasprecommit): The extension interface that contains information about the `AppModule` and `Precommit`. +* [`HasPrepareCheckState`](#haspreparecheckstate): The extension interface that contains information about the `AppModule` and `PrepareCheckState`. + +The `AppModuleBasic` interface exists to define independent methods of the module, i.e. those that do not depend on other modules in the application. This allows for the construction of the basic application structure early in the application definition, generally in the `init()` function of the [main application file](../../learn/beginner/00-overview-app.md#core-application-file). + +The `AppModule` interface exists to define inter-dependent module methods. Many modules need to interact with other modules, typically through [`keeper`s](06-keeper.md), which means there is a need for an interface where modules list their `keeper`s and other methods that require a reference to another module's object. `AppModule` interface extension, such as `BeginBlockAppModule` and `EndBlockAppModule`, also enables the module manager to set the order of execution between module's methods like `BeginBlock` and `EndBlock`, which is important in cases where the order of execution between modules matters in the context of the application. + +The usage of extension interfaces allows modules to define only the functionalities they need. For example, a module that does not need an `EndBlock` does not need to define the `EndBlockAppModule` interface and thus the `EndBlock` method. `AppModule` and `AppModuleGenesis` are voluntarily small interfaces, that can take advantage of the `Module` patterns without having to define many placeholder functions. + +### `AppModuleBasic` + +The `AppModuleBasic` interface defines the independent methods modules need to implement. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/module/module.go#L49-L59 +``` + +Let us go through the methods: + +* `RegisterLegacyAminoCodec(*codec.LegacyAmino)`: Registers the `amino` codec for the module, which is used to marshal and unmarshal structs to/from `[]byte` in order to persist them in the module's `KVStore`. +* `RegisterInterfaces(codectypes.InterfaceRegistry)`: Registers a module's interface types and their concrete implementations as `proto.Message`. +* `RegisterGRPCGatewayRoutes(client.Context, *runtime.ServeMux)`: Registers gRPC routes for the module. +* `GetTxCmd()`: Returns the root [`Tx` command](09-module-interfaces.md#transaction-commands) for the module. The subcommands of this root command are used by end-users to generate new transactions containing [`message`s](02-messages-and-queries.md#queries) defined in the module. +* `GetQueryCmd()`: Return the root [`query` command](09-module-interfaces.md#query-commands) for the module. The subcommands of this root command are used by end-users to generate new queries to the subset of the state defined by the module. + +All the `AppModuleBasic` of an application are managed by the [`BasicManager`](#basicmanager). + +### `HasName` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/module/module.go#L61-L66 +``` + +* `HasName` is an interface that has a method `Name()`. This method returns the name of the module as a `string`. + +### `HasGenesisBasics` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/module/module.go#L68-L72 +``` + +Let us go through the methods: + +* `DefaultGenesis(codec.JSONCodec)`: Returns a default [`GenesisState`](08-genesis.md) for the module, marshalled to `json.RawMessage`. The default `GenesisState` need to be defined by the module developer and is primarily used for testing. +* `ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage)`: Used to validate the `GenesisState` defined by a module, given in its `json.RawMessage` form. It will usually unmarshall the `json` before running a custom [`ValidateGenesis`](08-genesis.md#validategenesis) function defined by the module developer. + +### `AppModuleGenesis` + +The `AppModuleGenesis` interface is a simple embedding of the `AppModuleBasic` and `HasGenesis` interfaces. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/module/module.go#L156-L160 +``` + +It does not have its own manager, and exists separately from [`AppModule`](#appmodule) only for modules that exist only to implement genesis functionalities, so that they can be managed without having to implement all of `AppModule`'s methods. + +### `HasGenesis` + +The `HasGenesis` interface is an extension interface of `HasGenesisBasics`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/module/module.go#L162-L167 +``` + +Let us go through the two added methods: + +* `InitGenesis(sdk.Context, codec.JSONCodec, json.RawMessage)`: Initializes the subset of the state managed by the module. It is called at genesis (i.e. when the chain is first started). +* `ExportGenesis(sdk.Context, codec.JSONCodec)`: Exports the latest subset of the state managed by the module to be used in a new genesis file. `ExportGenesis` is called for each module when a new chain is started from the state of an existing chain. + +### `AppModule` + +The `AppModule` interface defines a module. Modules can declare their functionalities by implementing extensions interfaces. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/module/module.go#L169-L173 +``` + +`AppModule`s are managed by the [module manager](#manager), which checks which extension interfaces are implemented by the module. + +:::note +Previously the `AppModule` interface was containing all the methods that are defined in the extensions interfaces. This was leading to much boilerplate for modules that did not need all the functionalities. +::: + +### `HasInvariants` + +This interface defines one method. It allows to checks if a module can register invariants. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/module/module.go#L175-L179 +``` + +* `RegisterInvariants(sdk.InvariantRegistry)`: Registers the [`invariants`](07-invariants.md) of the module. If an invariant deviates from its predicted value, the [`InvariantRegistry`](07-invariants.md#invariant-registry) triggers appropriate logic (most often the chain will be halted). + +### `HasServices` + +This interface defines one method. It allows to checks if a module can register invariants. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/module/module.go#L181-L185 +``` + +* `RegisterServices(Configurator)`: Allows a module to register services. + +### `HasConsensusVersion` + +This interface defines one method for checking a module consensus version. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/module/module.go#L187-L194 +``` + +* `ConsensusVersion() uint64`: Returns the consensus version of the module. + +### `BeginBlockAppModule` + +The `BeginBlockAppModule` is an extension interface from `AppModule`. All modules that have an `BeginBlock` method implement this interface. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/module/module.go#L196-L200 +``` + +* `BeginBlock(sdk.Context, abci.RequestBeginBlock)`: This method gives module developers the option to implement logic that is automatically triggered at the beginning of each block. Implement empty if no logic needs to be triggered at the beginning of each block for this module. + +### `EndBlockAppModule` + +The `EndBlockAppModule` is an extension interface from `AppModule`. All modules that have an `EndBlock` method implement this interface. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/module/module.go#L202-L206 +``` + +* `EndBlock(sdk.Context, abci.RequestEndBlock)`: This method gives module developers the option to implement logic that is automatically triggered at the end of each block. This is also where the module can inform the underlying consensus engine of validator set changes (e.g. the `staking` module). Implement empty if no logic needs to be triggered at the end of each block for this module. + +### `HasPrecommit` + +`HasPrecommit` is an extension interface from `AppModule`. All modules that have a `Precommit` method implement this interface. + +* `Precommit(sdk.Context)`: This method gives module developers the option to implement logic that is automatically triggered during [`Commit'](../../learn/advanced/00-baseapp.md#commit) of each block using the [`deliverState`](../../learn/advanced/00-baseapp.md#state-updates) of the block to be committed. Implement empty if no logic needs to be triggered during `Commit` of each block for this module. + +### `HasPrepareCheckState` + +`HasPrepareCheckState` is an extension interface from `AppModule`. All modules that have a `PrepareCheckState` method implement this interface. + +* `PrepareCheckState(sdk.Context)`: This method gives module developers the option to implement logic that is automatically triggered during [`Commit'](../../learn/advanced/00-baseapp.md) of each block using the [`checkState`](../../learn/advanced/00-baseapp.md#state-updates) of the next block. Implement empty if no logic needs to be triggered during `Commit` of each block for this module. + +### Implementing the Application Module Interfaces + +Typically, the various application module interfaces are implemented in a file called `module.go`, located in the module's folder (e.g. `./x/module/module.go`). + +Almost every module needs to implement the `AppModuleBasic` and `AppModule` interfaces. If the module is only used for genesis, it will implement `AppModuleGenesis` instead of `AppModule`. The concrete type that implements the interface can add parameters that are required for the implementation of the various methods of the interface. For example, the `Route()` function often calls a `NewMsgServerImpl(k keeper)` function defined in `keeper/msg_server.go` and therefore needs to pass the module's [`keeper`](06-keeper.md) as a parameter. + +```go +// example +type AppModule struct { + AppModuleBasic + keeper Keeper +} +``` + +In the example above, you can see that the `AppModule` concrete type references an `AppModuleBasic`, and not an `AppModuleGenesis`. That is because `AppModuleGenesis` only needs to be implemented in modules that focus on genesis-related functionalities. In most modules, the concrete `AppModule` type will have a reference to an `AppModuleBasic` and implement the two added methods of `AppModuleGenesis` directly in the `AppModule` type. + +If no parameter is required (which is often the case for `AppModuleBasic`), just declare an empty concrete type like so: + +```go +type AppModuleBasic struct{} +``` + +## Module Managers + +Module managers are used to manage collections of `AppModuleBasic` and `AppModule`. + +### `BasicManager` + +The `BasicManager` is a structure that lists all the `AppModuleBasic` of an application: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/module/module.go#L74-L84 +``` + +It implements the following methods: + +* `NewBasicManager(modules ...AppModuleBasic)`: Constructor function. It takes a list of the application's `AppModuleBasic` and builds a new `BasicManager`. This function is generally called in the `init()` function of [`app.go`](../../learn/beginner/00-overview-app.md#core-application-file) to quickly initialize the independent elements of the application's modules (click [here](https://github.com/cosmos/gaia/blob/main/app/app.go#L59-L74) to see an example). +* `RegisterLegacyAminoCodec(cdc *codec.LegacyAmino)`: Registers the [`codec.LegacyAmino`s](../../learn/advanced/06-encoding.md#amino) of each of the application's `AppModuleBasic`. This function is usually called early on in the [application's construction](../../learn/beginner/00-overview-app.md#constructor). +* `RegisterInterfaces(registry codectypes.InterfaceRegistry)`: Registers interface types and implementations of each of the application's `AppModuleBasic`. +* `DefaultGenesis(cdc codec.JSONCodec)`: Provides default genesis information for modules in the application by calling the [`DefaultGenesis(cdc codec.JSONCodec)`](08-genesis.md#defaultgenesis) function of each module. It only calls the modules that implements the `HasGenesisBasics` interfaces. +* `ValidateGenesis(cdc codec.JSONCodec, txEncCfg client.TxEncodingConfig, genesis map[string]json.RawMessage)`: Validates the genesis information modules by calling the [`ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage)`](08-genesis.md#validategenesis) function of modules implementing the `HasGenesisBasics` interface. +* `RegisterGRPCGatewayRoutes(clientCtx client.Context, rtr *runtime.ServeMux)`: Registers gRPC routes for modules. +* `AddTxCommands(rootTxCmd *cobra.Command)`: Adds modules' transaction commands to the application's [`rootTxCommand`](../../learn/advanced/07-cli.md#transaction-commands). This function is usually called function from the `main.go` function of the [application's command-line interface](../../learn/advanced/07-cli.md). +* `AddQueryCommands(rootQueryCmd *cobra.Command)`: Adds modules' query commands to the application's [`rootQueryCommand`](../../learn/advanced/07-cli.md#query-commands). This function is usually called function from the `main.go` function of the [application's command-line interface](../../learn/advanced/07-cli.md). + +### `Manager` + +The `Manager` is a structure that holds all the `AppModule` of an application, and defines the order of execution between several key components of these modules: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/module/module.go#L246-L273 +``` + +The module manager is used throughout the application whenever an action on a collection of modules is required. It implements the following methods: + +* `NewManager(modules ...AppModule)`: Constructor function. It takes a list of the application's `AppModule`s and builds a new `Manager`. It is generally called from the application's main [constructor function](../../learn/beginner/00-overview-app.md#constructor-function). +* `SetOrderInitGenesis(moduleNames ...string)`: Sets the order in which the [`InitGenesis`](08-genesis.md#initgenesis) function of each module will be called when the application is first started. This function is generally called from the application's main [constructor function](../../learn/beginner/00-overview-app.md#constructor-function). + To initialize modules successfully, module dependencies should be considered. For example, the `genutil` module must occur after `staking` module so that the pools are properly initialized with tokens from genesis accounts, the `genutils` module must also occur after `auth` so that it can access the params from auth, IBC's `capability` module should be initialized before all other modules so that it can initialize any capabilities. +* `SetOrderExportGenesis(moduleNames ...string)`: Sets the order in which the [`ExportGenesis`](08-genesis.md#exportgenesis) function of each module will be called in case of an export. This function is generally called from the application's main [constructor function](../../learn/beginner/00-overview-app.md#constructor-function). +* `SetOrderBeginBlockers(moduleNames ...string)`: Sets the order in which the `BeginBlock()` function of each module will be called at the beginning of each block. This function is generally called from the application's main [constructor function](../../learn/beginner/00-overview-app.md#constructor-function). +* `SetOrderEndBlockers(moduleNames ...string)`: Sets the order in which the `EndBlock()` function of each module will be called at the end of each block. This function is generally called from the application's main [constructor function](../../learn/beginner/00-overview-app.md#constructor-function). +* `SetOrderPrecommiters(moduleNames ...string)`: Sets the order in which the `Precommit()` function of each module will be called during commit of each block. This function is generally called from the application's main [constructor function](../../learn/beginner/00-overview-app.md#constructor-function). +* `SetOrderPrepareCheckStaters(moduleNames ...string)`: Sets the order in which the `PrepareCheckState()` function of each module will be called during commit of each block. This function is generally called from the application's main [constructor function](../../learn/beginner/00-overview-app.md#constructor-function). +* `SetOrderMigrations(moduleNames ...string)`: Sets the order of migrations to be run. If not set then migrations will be run with an order defined in `DefaultMigrationsOrder`. +* `RegisterInvariants(ir sdk.InvariantRegistry)`: Registers the [invariants](07-invariants.md) of module implementing the `HasInvariants` interface. +* `RegisterRoutes(router sdk.Router, queryRouter sdk.QueryRouter, legacyQuerierCdc *codec.LegacyAmino)`: Registers legacy [`Msg`](02-messages-and-queries.md#messages) and [`querier`](04-query-services.md) routes. +* `RegisterServices(cfg Configurator)`: Registers the services of modules implementing the `HasServices` interface. +* `InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, genesisData map[string]json.RawMessage)`: Calls the [`InitGenesis`](08-genesis.md#initgenesis) function of each module when the application is first started, in the order defined in `OrderInitGenesis`. Returns an `abci.ResponseInitChain` to the underlying consensus engine, which can contain validator updates. +* `ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec)`: Calls the [`ExportGenesis`](08-genesis.md#exportgenesis) function of each module, in the order defined in `OrderExportGenesis`. The export constructs a genesis file from a previously existing state, and is mainly used when a hard-fork upgrade of the chain is required. +* `ExportGenesisForModules(ctx sdk.Context, cdc codec.JSONCodec, modulesToExport []string)`: Behaves the same as `ExportGenesis`, except takes a list of modules to export. +* `BeginBlock(ctx sdk.Context, req abci.RequestBeginBlock)`: At the beginning of each block, this function is called from [`BaseApp`](../../learn/advanced/00-baseapp.md#beginblock) and, in turn, calls the [`BeginBlock`](05-beginblock-endblock.md) function of each modules implementing the `BeginBlockAppModule` interface, in the order defined in `OrderBeginBlockers`. It creates a child [context](../../learn/advanced/02-context.md) with an event manager to aggregate [events](../../learn/advanced/08-events.md) emitted from all modules. The function returns an `abci.ResponseBeginBlock` which contains the aforementioned events. +* `EndBlock(ctx sdk.Context, req abci.RequestEndBlock)`: At the end of each block, this function is called from [`BaseApp`](../../learn/advanced/00-baseapp.md#endblock) and, in turn, calls the [`EndBlock`](05-beginblock-endblock.md) function of each modules implementing the `EndBlockAppModule` interface, in the order defined in `OrderEndBlockers`. It creates a child [context](../../learn/advanced/02-context.md) with an event manager to aggregate [events](../../learn/advanced/08-events.md) emitted from all modules. The function returns an `abci.ResponseEndBlock` which contains the aforementioned events, as well as validator set updates (if any). +* `Precommit(ctx sdk.Context)`: During [`Commit`](../../learn/advanced/00-baseapp.md#commit), this function is called from `BaseApp` immediately before the [`deliverState`](../../learn/advanced/00-baseapp.md#state-updates) is written to the underlying [`rootMultiStore`](../../learn/advanced/04-store.md#commitkvstore) and, in turn calls the `Precommit` function of each modules implementing the `HasPrecommit` interface, in the order defined in `OrderPrecommiters`. It creates a child [context](../../learn/advanced/02-context.md) where the underlying `CacheMultiStore` is that of the newly committed block's [`deliverState`](../../learn/advanced/00-baseapp.md#state-updates). +* `PrepareCheckState(ctx sdk.Context)`: During [`Commit`](../../learn/advanced/00-baseapp.md#commit), this function is called from `BaseApp` immediately after the [`deliverState`](../../learn/advanced/00-baseapp.md#state-updates) is written to the underlying [`rootMultiStore`](../../learn/advanced/04-store.md#commitmultistore) and, in turn calls the `PrepareCheckState` function of each module implementing the `HasPrepareCheckState` interface, in the order defined in `OrderPrepareCheckStaters`. It creates a child [context](../../learn/advanced/02-context.md) where the underlying `CacheMultiStore` is that of the next block's [`checkState`](../../learn/advanced/00-baseapp.md#state-updates). Writes to this state will be present in the [`checkState`](../../learn/advanced/00-baseapp.md#state-updates) of the next block, and therefore this method can be used to prepare the `checkState` for the next block. + +Here's an example of a concrete integration within an `simapp`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/app.go#L386-L432 +``` + +This is the same example from `runtime` (the package that powers app v2): + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/runtime/module.go#L77 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/runtime/module.go#L87 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/02-messages-and-queries.md b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/02-messages-and-queries.md new file mode 100644 index 00000000..828b95db --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/02-messages-and-queries.md @@ -0,0 +1,126 @@ +--- +sidebar_position: 1 +--- + +# Messages and Queries + +:::note Synopsis +`Msg`s and `Queries` are the two primary objects handled by modules. Most of the core components defined in a module, like `Msg` services, `keeper`s and `Query` services, exist to process `message`s and `queries`. +::: + +:::note + +### Pre-requisite Readings + +* [Introduction to Cosmos SDK Modules](00-intro.md) + +::: + +## Messages + +`Msg`s are objects whose end-goal is to trigger state-transitions. They are wrapped in [transactions](../../learn/advanced/01-transactions.md), which may contain one or more of them. + +When a transaction is relayed from the underlying consensus engine to the Cosmos SDK application, it is first decoded by [`BaseApp`](../../learn/advanced/00-baseapp.md). Then, each message contained in the transaction is extracted and routed to the appropriate module via `BaseApp`'s `MsgServiceRouter` so that it can be processed by the module's [`Msg` service](03-msg-services.md). For a more detailed explanation of the lifecycle of a transaction, click [here](../../learn/beginner/01-tx-lifecycle.md). + +### `Msg` Services + +Defining Protobuf `Msg` services is the recommended way to handle messages. A Protobuf `Msg` service should be created for each module, typically in `tx.proto` (see more info about [conventions and naming](../../learn/advanced/06-encoding.md#faq)). It must have an RPC service method defined for each message in the module. + +See an example of a `Msg` service definition from `x/bank` module: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/tx.proto#L13-L36 +``` + +Each `Msg` service method must have exactly one argument, which must implement the `sdk.Msg` interface, and a Protobuf response. The naming convention is to call the RPC argument `Msg` and the RPC response `MsgResponse`. For example: + +```protobuf + rpc Send(MsgSend) returns (MsgSendResponse); +``` + +`sdk.Msg` interface is a simplified version of the Amino `LegacyMsg` interface described [below](#legacy-amino-legacymsg-s) with the `GetSigners()` method. For backwards compatibility with [Amino `LegacyMsg`s](#egacy-amino-legacymsg-s), existing `LegacyMsg` types should be used as the request parameter for `service` RPC definitions. Newer `sdk.Msg` types, which only support `service` definitions, should use canonical `Msg...` name. + +The Cosmos SDK uses Protobuf definitions to generate client and server code: + +* `MsgServer` interface defines the server API for the `Msg` service and its implementation is described as part of the [`Msg` services](03-msg-services.md) documentation. +* Structures are generated for all RPC request and response types. + +A `RegisterMsgServer` method is also generated and should be used to register the module's `MsgServer` implementation in `RegisterServices` method from the [`AppModule` interface](01-module-manager.md#appmodule). + +In order for clients (CLI and grpc-gateway) to have these URLs registered, the Cosmos SDK provides the function `RegisterMsgServiceDesc(registry codectypes.InterfaceRegistry, sd *grpc.ServiceDesc)` that should be called inside module's [`RegisterInterfaces`](01-module-manager.md#appmodulebasic) method, using the proto-generated `&_Msg_serviceDesc` as `*grpc.ServiceDesc` argument. + +### Legacy Amino `LegacyMsg`s + +The following way of defining messages is deprecated and using [`Msg` services](#msg-services) is preferred. + +Amino `LegacyMsg`s can be defined as protobuf messages. The messages definition usually includes a list of parameters needed to process the message that will be provided by end-users when they want to create a new transaction containing said message. + +A `LegacyMsg` is typically accompanied by a standard constructor function, that is called from one of the [module's interface](09-module-interfaces.md). `message`s also need to implement the `sdk.Msg` interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/tx_msg.go#L14-L26 +``` + +It extends `proto.Message` and contains the following methods: + +* `GetSignBytes() []byte`: Return the canonical byte representation of the message. Used to generate a signature. +* `GetSigners() []AccAddress`: Return the list of signers. The Cosmos SDK will make sure that each `message` contained in a transaction is signed by all the signers listed in the list returned by this method. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/migrations/legacytx/stdsign.go#L20-L36 +``` + +See an example implementation of a `message` from the `gov` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/gov/types/v1/msgs.go#L121-L153 +``` + +## Queries + +A `query` is a request for information made by end-users of applications through an interface and processed by a full-node. A `query` is received by a full-node through its consensus engine and relayed to the application via the ABCI. It is then routed to the appropriate module via `BaseApp`'s `QueryRouter` so that it can be processed by the module's query service (./04-query-services.md). For a deeper look at the lifecycle of a `query`, click [here](../../learn/beginner/02-query-lifecycle.md). + +### gRPC Queries + +Queries should be defined using [Protobuf services](https://developers.google.com/protocol-buffers/docs/proto#services). A `Query` service should be created per module in `query.proto`. This service lists endpoints starting with `rpc`. + +Here's an example of such a `Query` service definition: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/auth/v1beta1/query.proto#L14-L89 +``` + +As `proto.Message`s, generated `Response` types implement by default `String()` method of [`fmt.Stringer`](https://pkg.go.dev/fmt#Stringer). + +A `RegisterQueryServer` method is also generated and should be used to register the module's query server in the `RegisterServices` method from the [`AppModule` interface](01-module-manager.md#appmodule). + +### Legacy Queries + +Before the introduction of Protobuf and gRPC in the Cosmos SDK, there was usually no specific `query` object defined by module developers, contrary to `message`s. Instead, the Cosmos SDK took the simpler approach of using a simple `path` to define each `query`. The `path` contains the `query` type and all the arguments needed to process it. For most module queries, the `path` should look like the following: + +```text +queryCategory/queryRoute/queryType/arg1/arg2/... +``` + +where: + +* `queryCategory` is the category of the `query`, typically `custom` for module queries. It is used to differentiate between different kinds of queries within `BaseApp`'s [`Query` method](../../learn/advanced/00-baseapp.md#query). +* `queryRoute` is used by `BaseApp`'s [`queryRouter`](../../learn/advanced/00-baseapp.md#grpc-query-router) to map the `query` to its module. Usually, `queryRoute` should be the name of the module. +* `queryType` is used by the module's [`querier`](04-query-services.md#query-services) to map the `query` to the appropriate `querier function` within the module. +* `args` are the actual arguments needed to process the `query`. They are filled out by the end-user. Note that for bigger queries, you might prefer passing arguments in the `Data` field of the request `req` instead of the `path`. + +The `path` for each `query` must be defined by the module developer in the module's [command-line interface file](09-module-interfaces.md#query-commands).Overall, there are 3 mains components module developers need to implement in order to make the subset of the state defined by their module queryable: + +* A [`querier`](04-query-services.md#query-services), to process the `query` once it has been [routed to the module](../../learn/advanced/00-baseapp.md#grpc-query-router). +* [Query commands](09-module-interfaces.md#query-commands) in the module's CLI file, where the `path` for each `query` is specified. +* `query` return types. Typically defined in a file `types/querier.go`, they specify the result type of each of the module's `queries`. These custom types must implement the `String()` method of [`fmt.Stringer`](https://pkg.go.dev/fmt#Stringer). + +### Store Queries + +Store queries query directly for store keys. They use `clientCtx.QueryABCI(req abci.RequestQuery)` to return the full `abci.ResponseQuery` with inclusion Merkle proofs. + +See following examples: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/baseapp/abci.go#L881-L902 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/03-msg-services.md b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/03-msg-services.md new file mode 100644 index 00000000..a6431408 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/03-msg-services.md @@ -0,0 +1,121 @@ +--- +sidebar_position: 1 +--- + +# `Msg` Services + +:::note Synopsis +A Protobuf `Msg` service processes [messages](02-messages-and-queries.md#messages). Protobuf `Msg` services are specific to the module in which they are defined, and only process messages defined within the said module. They are called from `BaseApp` during [`DeliverTx`](../../learn/advanced/00-baseapp.md#delivertx). +::: + +:::note + +### Pre-requisite Readings + +* [Module Manager](01-module-manager.md) +* [Messages and Queries](02-messages-and-queries.md) + +::: + +## Implementation of a module `Msg` service + +Each module should define a Protobuf `Msg` service, which will be responsible for processing requests (implementing `sdk.Msg`) and returning responses. + +As further described in [ADR 031](../architecture/adr-031-msg-service.md), this approach has the advantage of clearly specifying return types and generating server and client code. + +Protobuf generates a `MsgServer` interface based on a definition of `Msg` service. It is the role of the module developer to implement this interface, by implementing the state transition logic that should happen upon receival of each `sdk.Msg`. As an example, here is the generated `MsgServer` interface for `x/bank`, which exposes two `sdk.Msg`s: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/bank/types/tx.pb.go#L550-L568 +``` + +When possible, the existing module's [`Keeper`](06-keeper.md) should implement `MsgServer`, otherwise a `msgServer` struct that embeds the `Keeper` can be created, typically in `./keeper/msg_server.go`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/bank/keeper/msg_server.go#L15-L17 +``` + +`msgServer` methods can retrieve the `sdk.Context` from the `context.Context` parameter method using the `sdk.UnwrapSDKContext`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/bank/keeper/msg_server.go#L28 +``` + +`sdk.Msg` processing usually follows these 3 steps: + +### Validation + +The message server must perform all validation required (both *stateful* and *stateless*) to make sure the `message` is valid. +The `signer` is charged for the gas cost of this validation. + +For example, a `msgServer` method for a `transfer` message should check that the sending account has enough funds to actually perform the transfer. + +It is recommended to implement all validation checks in a separate function that passes state values as arguments. This implementation simplifies testing. As expected, expensive validation functions charge additional gas. Example: + +```go +ValidateMsgA(msg MsgA, now Time, gm GasMeter) error { + if now.Before(msg.Expire) { + return sdkerrrors.ErrInvalidRequest.Wrap("msg expired") + } + gm.ConsumeGas(1000, "signature verification") + return signatureVerificaton(msg.Prover, msg.Data) +} +``` + +:::warning +Previously, the `ValidateBasic` method was used to perform simple and stateless validation checks. +This way of validating is deprecated, this means the `msgServer` must perform all validation checks. +::: + +### State Transition + +After the validation is successful, the `msgServer` method uses the [`keeper`](06-keeper.md) functions to access the state and perform a state transition. + +### Events + +Before returning, `msgServer` methods generally emit one or more [events](../../learn/advanced/08-events.md) by using the `EventManager` held in the `ctx`. Use the new `EmitTypedEvent` function that uses protobuf-based event types: + +```go +ctx.EventManager().EmitTypedEvent( + &group.EventABC{Key1: Value1, Key2, Value2}) +``` + +or the older `EmitEvent` function: + +```go +ctx.EventManager().EmitEvent( + sdk.NewEvent( + eventType, // e.g. sdk.EventTypeMessage for a message, types.CustomEventType for a custom event defined in the module + sdk.NewAttribute(key1, value1), + sdk.NewAttribute(key2, value2), + ), +) +``` + +These events are relayed back to the underlying consensus engine and can be used by service providers to implement services around the application. Click [here](../../learn/advanced/08-events.md) to learn more about events. + +The invoked `msgServer` method returns a `proto.Message` response and an `error`. These return values are then wrapped into an `*sdk.Result` or an `error` using `sdk.WrapServiceResult(ctx sdk.Context, res proto.Message, err error)`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/baseapp/msg_service_router.go#L131 +``` + +This method takes care of marshaling the `res` parameter to protobuf and attaching any events on the `ctx.EventManager()` to the `sdk.Result`. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/base/abci/v1beta1/abci.proto#L88-L109 +``` + +This diagram shows a typical structure of a Protobuf `Msg` service, and how the message propagates through the module. + +![Transaction flow](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/transaction_flow.svg) + +## Telemetry + +New [telemetry metrics](../../learn/advanced/11-telemetry.md) can be created from `msgServer` methods when handling messages. + +This is an example from the `x/auth/vesting` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/vesting/msg_server.go#L68-L80 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/04-query-services.md b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/04-query-services.md new file mode 100644 index 00000000..20721c10 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/04-query-services.md @@ -0,0 +1,59 @@ +--- +sidebar_position: 1 +--- + +# Query Services + +:::note Synopsis +A Protobuf Query service processes [`queries`](02-messages-and-queries.md#queries). Query services are specific to the module in which they are defined, and only process `queries` defined within said module. They are called from `BaseApp`'s [`Query` method](../../learn/advanced/00-baseapp.md#query). +::: + +:::note + +### Pre-requisite Readings + +* [Module Manager](01-module-manager.md) +* [Messages and Queries](02-messages-and-queries.md) + +::: + +## Implementation of a module query service + +### gRPC Service + +When defining a Protobuf `Query` service, a `QueryServer` interface is generated for each module with all the service methods: + +```go +type QueryServer interface { + QueryBalance(context.Context, *QueryBalanceParams) (*types.Coin, error) + QueryAllBalances(context.Context, *QueryAllBalancesParams) (*QueryAllBalancesResponse, error) +} +``` + +These custom queries methods should be implemented by a module's keeper, typically in `./keeper/grpc_query.go`. The first parameter of these methods is a generic `context.Context`. Therefore, the Cosmos SDK provides a function `sdk.UnwrapSDKContext` to retrieve the `sdk.Context` from the provided +`context.Context`. + +Here's an example implementation for the bank module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/bank/keeper/grpc_query.go +``` + +### Calling queries from the State Machine + +The Cosmos SDK v0.47 introduces a new `cosmos.query.v1.module_query_safe` Protobuf annotation which is used to state that a query that is safe to be called from within the state machine, for example: + +* a Keeper's query function can be called from another module's Keeper, +* ADR-033 intermodule query calls, +* CosmWasm contracts can also directly interact with these queries. + +If the `module_query_safe` annotation set to `true`, it means: + +* The query is deterministic: given a block height it will return the same response upon multiple calls, and doesn't introduce any state-machine breaking changes across SDK patch versions. +* Gas consumption never fluctuates across calls and across patch versions. + +If you are a module developer and want to use `module_query_safe` annotation for your own query, you have to ensure the following things: + +* the query is deterministic and won't introduce state-machine-breaking changes without coordinated upgrades +* it has its gas tracked, to avoid the attack vector where no gas is accounted for + on potentially high-computation queries. diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/05-beginblock-endblock.md b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/05-beginblock-endblock.md new file mode 100644 index 00000000..08a03a11 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/05-beginblock-endblock.md @@ -0,0 +1,47 @@ +--- +sidebar_position: 1 +--- + +# BeginBlocker and EndBlocker + +:::note Synopsis +`BeginBlocker` and `EndBlocker` are optional methods module developers can implement in their module. They will be triggered at the beginning and at the end of each block respectively, when the [`BeginBlock`](../../learn/advanced/00-baseapp.md#beginblock) and [`EndBlock`](../../learn/advanced/00-baseapp.md#endblock) ABCI messages are received from the underlying consensus engine. +::: + +:::note + +### Pre-requisite Readings + +* [Module Manager](01-module-manager.md) + +::: + +## BeginBlocker and EndBlocker + +`BeginBlocker` and `EndBlocker` are a way for module developers to add automatic execution of logic to their module. This is a powerful tool that should be used carefully, as complex automatic functions can slow down or even halt the chain. + +When needed, `BeginBlocker` and `EndBlocker` are implemented as part of the [`BeginBlockAppModule` and `BeginBlockAppModule` interfaces](01-module-manager.md#appmodule). This means either can be left-out if not required. The `BeginBlock` and `EndBlock` methods of the interface implemented in `module.go` generally defer to `BeginBlocker` and `EndBlocker` methods respectively, which are usually implemented in `abci.go`. + +The actual implementation of `BeginBlocker` and `EndBlocker` in `abci.go` are very similar to that of a [`Msg` service](03-msg-services.md): + +* They generally use the [`keeper`](06-keeper.md) and [`ctx`](../../learn/advanced/02-context.md) to retrieve information about the latest state. +* If needed, they use the `keeper` and `ctx` to trigger state-transitions. +* If needed, they can emit [`events`](../../learn/advanced/08-events.md) via the `ctx`'s `EventManager`. + +A specificity of the `EndBlocker` is that it can return validator updates to the underlying consensus engine in the form of an [`[]abci.ValidatorUpdates`](https://docs.cometbft.com/v0.37/spec/abci/abci++_methods#endblock). This is the preferred way to implement custom validator changes. + +It is possible for developers to define the order of execution between the `BeginBlocker`/`EndBlocker` functions of each of their application's modules via the module's manager `SetOrderBeginBlocker`/`SetOrderEndBlocker` methods. For more on the module manager, click [here](01-module-manager.md#manager). + +See an example implementation of `BeginBlocker` from the `distribution` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/distribution/abci.go#L14-L38 +``` + +and an example implementation of `EndBlocker` from the `staking` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/staking/abci.go#L22-L27 +``` + + diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/06-keeper.md b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/06-keeper.md new file mode 100644 index 00000000..25778499 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/06-keeper.md @@ -0,0 +1,93 @@ +--- +sidebar_position: 1 +--- + +# Keepers + +:::note Synopsis +`Keeper`s refer to a Cosmos SDK abstraction whose role is to manage access to the subset of the state defined by various modules. `Keeper`s are module-specific, i.e. the subset of state defined by a module can only be accessed by a `keeper` defined in said module. If a module needs to access the subset of state defined by another module, a reference to the second module's internal `keeper` needs to be passed to the first one. This is done in `app.go` during the instantiation of module keepers. +::: + +:::note + +### Pre-requisite Readings + +* [Introduction to Cosmos SDK Modules](00-intro.md) + +::: + +## Motivation + +The Cosmos SDK is a framework that makes it easy for developers to build complex decentralized applications from scratch, mainly by composing modules together. As the ecosystem of open-source modules for the Cosmos SDK expands, it will become increasingly likely that some of these modules contain vulnerabilities, as a result of the negligence or malice of their developer. + +The Cosmos SDK adopts an [object-capabilities-based approach](../../learn/advanced/10-ocap.md) to help developers better protect their application from unwanted inter-module interactions, and `keeper`s are at the core of this approach. A `keeper` can be considered quite literally to be the gatekeeper of a module's store(s). Each store (typically an [`IAVL` Store](../../learn/advanced/04-store.md#iavl-store)) defined within a module comes with a `storeKey`, which grants unlimited access to it. The module's `keeper` holds this `storeKey` (which should otherwise remain unexposed), and defines [methods](#implementing-methods) for reading and writing to the store(s). + +The core idea behind the object-capabilities approach is to only reveal what is necessary to get the work done. In practice, this means that instead of handling permissions of modules through access-control lists, module `keeper`s are passed a reference to the specific instance of the other modules' `keeper`s that they need to access (this is done in the [application's constructor function](../../learn/beginner/00-overview-app.md#constructor-function)). As a consequence, a module can only interact with the subset of state defined in another module via the methods exposed by the instance of the other module's `keeper`. This is a great way for developers to control the interactions that their own module can have with modules developed by external developers. + +## Type Definition + +`keeper`s are generally implemented in a `/keeper/keeper.go` file located in the module's folder. By convention, the type `keeper` of a module is simply named `Keeper` and usually follows the following structure: + +```go +type Keeper struct { + // External keepers, if any + + // Store key(s) + + // codec + + // authority +} +``` + +For example, here is the type definition of the `keeper` from the `staking` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/staking/keeper/keeper.go#L23-L31 +``` + +Let us go through the different parameters: + +* An expected `keeper` is a `keeper` external to a module that is required by the internal `keeper` of said module. External `keeper`s are listed in the internal `keeper`'s type definition as interfaces. These interfaces are themselves defined in an `expected_keepers.go` file in the root of the module's folder. In this context, interfaces are used to reduce the number of dependencies, as well as to facilitate the maintenance of the module itself. +* `storeKey`s grant access to the store(s) of the [multistore](../../learn/advanced/04-store.md) managed by the module. They should always remain unexposed to external modules. +* `cdc` is the [codec](../../learn/advanced/06-encoding.md) used to marshall and unmarshall structs to/from `[]byte`. The `cdc` can be any of `codec.BinaryCodec`, `codec.JSONCodec` or `codec.Codec` based on your requirements. It can be either a proto or amino codec as long as they implement these interfaces. The authority listed is a module account or user account that has the right to change module level parameters. Previously this was handled by the param module, which has been deprecated. + +Of course, it is possible to define different types of internal `keeper`s for the same module (e.g. a read-only `keeper`). Each type of `keeper` comes with its own constructor function, which is called from the [application's constructor function](../../learn/beginner/00-overview-app.md). This is where `keeper`s are instantiated, and where developers make sure to pass correct instances of modules' `keeper`s to other modules that require them. + +## Implementing Methods + +`Keeper`s primarily expose getter and setter methods for the store(s) managed by their module. These methods should remain as simple as possible and strictly be limited to getting or setting the requested value, as validity checks should have already been performed by the [`Msg` server](03-msg-services.md) when `keeper`s' methods are called. + +Typically, a *getter* method will have the following signature + +```go +func (k Keeper) Get(ctx sdk.Context, key string) returnType +``` + +and the method will go through the following steps: + +1. Retrieve the appropriate store from the `ctx` using the `storeKey`. This is done through the `KVStore(storeKey sdk.StoreKey)` method of the `ctx`. Then it's preferred to use the `prefix.Store` to access only the desired limited subset of the store for convenience and safety. +2. If it exists, get the `[]byte` value stored at location `[]byte(key)` using the `Get(key []byte)` method of the store. +3. Unmarshall the retrieved value from `[]byte` to `returnType` using the codec `cdc`. Return the value. + +Similarly, a *setter* method will have the following signature + +```go +func (k Keeper) Set(ctx sdk.Context, key string, value valueType) +``` + +and the method will go through the following steps: + +1. Retrieve the appropriate store from the `ctx` using the `storeKey`. This is done through the `KVStore(storeKey sdk.StoreKey)` method of the `ctx`. It's preferred to use the `prefix.Store` to access only the desired limited subset of the store for convenience and safety. +2. Marshal `value` to `[]byte` using the codec `cdc`. +3. Set the encoded value in the store at location `key` using the `Set(key []byte, value []byte)` method of the store. + +For more, see an example of `keeper`'s [methods implementation from the `staking` module](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/staking/keeper/keeper.go). + +The [module `KVStore`](../../learn/advanced/04-store.md#kvstore-and-commitkvstore-interfaces) also provides an `Iterator()` method which returns an `Iterator` object to iterate over a domain of keys. + +This is an example from the `auth` module to iterate accounts: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/keeper/account.go#L94-L108 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/07-invariants.md b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/07-invariants.md new file mode 100644 index 00000000..27b31558 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/07-invariants.md @@ -0,0 +1,92 @@ +--- +sidebar_position: 1 +--- + +# Invariants + +:::note Synopsis +An invariant is a property of the application that should always be true. In the context of the Cosmos SDK, an `Invariant` is a function that checks for a particular invariant. These functions are useful to detect bugs early on and act upon them to limit their potential consequences (e.g. by halting the chain). They are also useful in the development process of the application to detect bugs via simulations. +::: + +:::note + +### Pre-requisite Readings + +* [Keepers](06-keeper.md) + +::: + +## Implementing `Invariant`s + +An `Invariant` is a function that checks for a particular invariant within a module. Module `Invariant`s must follow the `Invariant` type: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/invariant.go#L9 +``` + +The `string` return value is the invariant message, which can be used when printing logs, and the `bool` return value is the actual result of the invariant check. + +In practice, each module implements `Invariant`s in a `keeper/invariants.go` file within the module's folder. The standard is to implement one `Invariant` function per logical grouping of invariants with the following model: + +```go +// Example for an Invariant that checks balance-related invariants + +func BalanceInvariants(k Keeper) sdk.Invariant { + return func(ctx sdk.Context) (string, bool) { + // Implement checks for balance-related invariants + } +} +``` + +Additionally, module developers should generally implement an `AllInvariants` function that runs all the `Invariant`s functions of the module: + +```go +// AllInvariants runs all invariants of the module. +// In this example, the module implements two Invariants: BalanceInvariants and DepositsInvariants + +func AllInvariants(k Keeper) sdk.Invariant { + + return func(ctx sdk.Context) (string, bool) { + res, stop := BalanceInvariants(k)(ctx) + if stop { + return res, stop + } + + return DepositsInvariant(k)(ctx) + } +} +``` + +Finally, module developers need to implement the `RegisterInvariants` method as part of the [`AppModule` interface](01-module-manager.md#appmodule). Indeed, the `RegisterInvariants` method of the module, implemented in the `module/module.go` file, typically only defers the call to a `RegisterInvariants` method implemented in the `keeper/invariants.go` file. The `RegisterInvariants` method registers a route for each `Invariant` function in the [`InvariantRegistry`](#invariant-registry): + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/staking/keeper/invariants.go#L12-L22 +``` + +For more, see an example of [`Invariant`s implementation from the `staking` module](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/staking/keeper/invariants.go). + +## Invariant Registry + +The `InvariantRegistry` is a registry where the `Invariant`s of all the modules of an application are registered. There is only one `InvariantRegistry` per **application**, meaning module developers need not implement their own `InvariantRegistry` when building a module. **All module developers need to do is to register their modules' invariants in the `InvariantRegistry`, as explained in the section above**. The rest of this section gives more information on the `InvariantRegistry` itself, and does not contain anything directly relevant to module developers. + +At its core, the `InvariantRegistry` is defined in the Cosmos SDK as an interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/types/invariant.go#L14-L17 +``` + +Typically, this interface is implemented in the `keeper` of a specific module. The most used implementation of an `InvariantRegistry` can be found in the `crisis` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/crisis/keeper/keeper.go#L57-L61 +``` + +The `InvariantRegistry` is therefore typically instantiated by instantiating the `keeper` of the `crisis` module in the [application's constructor function](../../learn/beginner/00-overview-app.md#constructor-function). + +`Invariant`s can be checked manually via [`message`s](02-messages-and-queries.md), but most often they are checked automatically at the end of each block. Here is an example from the `crisis` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/crisis/abci.go#L12-L21 +``` + +In both cases, if one of the `Invariant`s returns false, the `InvariantRegistry` can trigger special logic (e.g. have the application panic and print the `Invariant`s message in the log). diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/08-genesis.md b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/08-genesis.md new file mode 100644 index 00000000..9658a648 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/08-genesis.md @@ -0,0 +1,80 @@ +--- +sidebar_position: 1 +--- + +# Module Genesis + +:::note Synopsis +Modules generally handle a subset of the state and, as such, they need to define the related subset of the genesis file as well as methods to initialize, verify and export it. +::: + +:::note + +### Pre-requisite Readings + +* [Module Manager](01-module-manager.md) +* [Keepers](06-keeper.md) + +::: + +## Type Definition + +The subset of the genesis state defined from a given module is generally defined in a `genesis.proto` file ([more info](../../learn/advanced/06-encoding.md#gogoproto) on how to define protobuf messages). The struct defining the module's subset of the genesis state is usually called `GenesisState` and contains all the module-related values that need to be initialized during the genesis process. + +See an example of `GenesisState` protobuf message definition from the `auth` module: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/auth/v1beta1/genesis.proto +``` + +Next we present the main genesis-related methods that need to be implemented by module developers in order for their module to be used in Cosmos SDK applications. + +### `DefaultGenesis` + +The `DefaultGenesis()` method is a simple method that calls the constructor function for `GenesisState` with the default value for each parameter. See an example from the `auth` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/module.go#L55-L59 +``` + +### `ValidateGenesis` + +The `ValidateGenesis(data GenesisState)` method is called to verify that the provided `genesisState` is correct. It should perform validity checks on each of the parameters listed in `GenesisState`. See an example from the `auth` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/types/genesis.go#L61-L74 +``` + +## Other Genesis Methods + +Other than the methods related directly to `GenesisState`, module developers are expected to implement two other methods as part of the [`AppModuleGenesis` interface](01-module-manager.md#appmodulegenesis) (only if the module needs to initialize a subset of state in genesis). These methods are [`InitGenesis`](#initgenesis) and [`ExportGenesis`](#exportgenesis). + +### `InitGenesis` + +The `InitGenesis` method is executed during [`InitChain`](../../learn/advanced/00-baseapp.md#initchain) when the application is first started. Given a `GenesisState`, it initializes the subset of the state managed by the module by using the module's [`keeper`](06-keeper.md) setter function on each parameter within the `GenesisState`. + +The [module manager](01-module-manager.md#manager) of the application is responsible for calling the `InitGenesis` method of each of the application's modules in order. This order is set by the application developer via the manager's `SetOrderGenesisMethod`, which is called in the [application's constructor function](../../learn/beginner/00-overview-app.md#constructor-function). + +See an example of `InitGenesis` from the `auth` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/keeper/genesis.go#L8-L35 +``` + +### `ExportGenesis` + +The `ExportGenesis` method is executed whenever an export of the state is made. It takes the latest known version of the subset of the state managed by the module and creates a new `GenesisState` out of it. This is mainly used when the chain needs to be upgraded via a hard fork. + +See an example of `ExportGenesis` from the `auth` module. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/keeper/genesis.go#L37-L49 +``` + +### GenesisTxHandler + +`GenesisTxHandler` is a way for modules to submit state transitions prior to the first block. This is used by `x/genutil` to submit the genesis transactions for the validators to be added to staking. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/advanced/genesis/txhandler.go#L3-L6 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/09-module-interfaces.md b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/09-module-interfaces.md new file mode 100644 index 00000000..9f24df60 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/09-module-interfaces.md @@ -0,0 +1,161 @@ +--- +sidebar_position: 1 +--- + +# Module Interfaces + +:::note Synopsis +This document details how to build CLI and REST interfaces for a module. Examples from various Cosmos SDK modules are included. +::: + +:::note + +### Pre-requisite Readings + +* [Building Modules Intro](00-intro.md) + +::: + +## CLI + +One of the main interfaces for an application is the [command-line interface](../../learn/advanced/07-cli.md). This entrypoint adds commands from the application's modules enabling end-users to create [**messages**](02-messages-and-queries.md#messages) wrapped in transactions and [**queries**](02-messages-and-queries.md#queries). The CLI files are typically found in the module's `./client/cli` folder. + +### Transaction Commands + +In order to create messages that trigger state changes, end-users must create [transactions](../../learn/advanced/01-transactions.md) that wrap and deliver the messages. A transaction command creates a transaction that includes one or more messages. + +Transaction commands typically have their own `tx.go` file that lives within the module's `./client/cli` folder. The commands are specified in getter functions and the name of the function should include the name of the command. + +Here is an example from the `x/bank` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/bank/client/cli/tx.go#L35-L71 +``` + +In the example, `NewSendTxCmd()` creates and returns the transaction command for a transaction that wraps and delivers `MsgSend`. `MsgSend` is the message used to send tokens from one account to another. + +In general, the getter function does the following: + +* **Constructs the command:** Read the [Cobra Documentation](https://pkg.go.dev/github.com/spf13/cobra) for more detailed information on how to create commands. + * **Use:** Specifies the format of the user input required to invoke the command. In the example above, `send` is the name of the transaction command and `[from_key_or_address]`, `[to_address]`, and `[amount]` are the arguments. + * **Args:** The number of arguments the user provides. In this case, there are exactly three: `[from_key_or_address]`, `[to_address]`, and `[amount]`. + * **Short and Long:** Descriptions for the command. A `Short` description is expected. A `Long` description can be used to provide additional information that is displayed when a user adds the `--help` flag. + * **RunE:** Defines a function that can return an error. This is the function that is called when the command is executed. This function encapsulates all of the logic to create a new transaction. + * The function typically starts by getting the `clientCtx`, which can be done with `client.GetClientTxContext(cmd)`. The `clientCtx` contains information relevant to transaction handling, including information about the user. In this example, the `clientCtx` is used to retrieve the address of the sender by calling `clientCtx.GetFromAddress()`. + * If applicable, the command's arguments are parsed. In this example, the arguments `[to_address]` and `[amount]` are both parsed. + * A [message](02-messages-and-queries.md) is created using the parsed arguments and information from the `clientCtx`. The constructor function of the message type is called directly. In this case, `types.NewMsgSend(fromAddr, toAddr, amount)`. Its good practice to call, if possible, the necessary [message validation methods](Validation) before broadcasting the message. + * Depending on what the user wants, the transaction is either generated offline or signed and broadcasted to the preconfigured node using `tx.GenerateOrBroadcastTxCLI(clientCtx, flags, msg)`. +* **Adds transaction flags:** All transaction commands must add a set of transaction [flags](#flags). The transaction flags are used to collect additional information from the user (e.g. the amount of fees the user is willing to pay). The transaction flags are added to the constructed command using `AddTxFlagsToCmd(cmd)`. +* **Returns the command:** Finally, the transaction command is returned. + +Each module must implement `NewTxCmd()`, which aggregates all of the transaction commands of the module. Here is an example from the `x/bank` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/bank/client/cli/tx.go#L17-L33 +``` + +Each module must also implement the `GetTxCmd()` method for `AppModuleBasic` that simply returns `NewTxCmd()`. This allows the root command to easily aggregate all of the transaction commands for each module. Here is an example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/bank/module.go#L79-L82 +``` + +### Query Commands + +[Queries](02-messages-and-queries.md#queries) allow users to gather information about the application or network state; they are routed by the application and processed by the module in which they are defined. Query commands typically have their own `query.go` file in the module's `./client/cli` folder. Like transaction commands, they are specified in getter functions. Here is an example of a query command from the `x/auth` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/client/cli/query.go#L86-L128 +``` + +In the example, `GetAccountCmd()` creates and returns a query command that returns the state of an account based on the provided account address. + +In general, the getter function does the following: + +* **Constructs the command:** Read the [Cobra Documentation](https://pkg.go.dev/github.com/spf13/cobra) for more detailed information on how to create commands. + * **Use:** Specifies the format of the user input required to invoke the command. In the example above, `account` is the name of the query command and `[address]` is the argument. + * **Args:** The number of arguments the user provides. In this case, there is exactly one: `[address]`. + * **Short and Long:** Descriptions for the command. A `Short` description is expected. A `Long` description can be used to provide additional information that is displayed when a user adds the `--help` flag. + * **RunE:** Defines a function that can return an error. This is the function that is called when the command is executed. This function encapsulates all of the logic to create a new query. + * The function typically starts by getting the `clientCtx`, which can be done with `client.GetClientQueryContext(cmd)`. The `clientCtx` contains information relevant to query handling. + * If applicable, the command's arguments are parsed. In this example, the argument `[address]` is parsed. + * A new `queryClient` is initialized using `NewQueryClient(clientCtx)`. The `queryClient` is then used to call the appropriate [query](02-messages-and-queries.md#grpc-queries). + * The `clientCtx.PrintProto` method is used to format the `proto.Message` object so that the results can be printed back to the user. +* **Adds query flags:** All query commands must add a set of query [flags](#flags). The query flags are added to the constructed command using `AddQueryFlagsToCmd(cmd)`. +* **Returns the command:** Finally, the query command is returned. + +Each module must implement `GetQueryCmd()`, which aggregates all of the query commands of the module. Here is an example from the `x/auth` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/client/cli/query.go#L33-L53 +``` + +Each module must also implement the `GetQueryCmd()` method for `AppModuleBasic` that returns the `GetQueryCmd()` function. This allows for the root command to easily aggregate all of the query commands for each module. Here is an example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/bank/module.go#L84-L87 +``` + +### Flags + +[Flags](../../learn/advanced/07-cli.md#flags) allow users to customize commands. `--fees` and `--gas-prices` are examples of flags that allow users to set the [fees](../../learn/beginner/04-gas-fees.md) and gas prices for their transactions. + +Flags that are specific to a module are typically created in a `flags.go` file in the module's `./client/cli` folder. When creating a flag, developers set the value type, the name of the flag, the default value, and a description about the flag. Developers also have the option to mark flags as _required_ so that an error is thrown if the user does not include a value for the flag. + +Here is an example that adds the `--from` flag to a command: + +```go +cmd.Flags().String(FlagFrom, "", "Name or address of private key with which to sign") +``` + +In this example, the value of the flag is a `String`, the name of the flag is `from` (the value of the `FlagFrom` constant), the default value of the flag is `""`, and there is a description that will be displayed when a user adds `--help` to the command. + +Here is an example that marks the `--from` flag as _required_: + +```go +cmd.MarkFlagRequired(FlagFrom) +``` + +For more detailed information on creating flags, visit the [Cobra Documentation](https://github.com/spf13/cobra). + +As mentioned in [transaction commands](#transaction-commands), there is a set of flags that all transaction commands must add. This is done with the `AddTxFlagsToCmd` method defined in the Cosmos SDK's `./client/flags` package. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/client/flags/flags.go#L108-L138 +``` + +Since `AddTxFlagsToCmd(cmd *cobra.Command)` includes all of the basic flags required for a transaction command, module developers may choose not to add any of their own (specifying arguments instead may often be more appropriate). + +Similarly, there is a `AddQueryFlagsToCmd(cmd *cobra.Command)` to add common flags to a module query command. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/client/flags/flags.go#L95-L106 +``` + +## gRPC + +[gRPC](https://grpc.io/) is a Remote Procedure Call (RPC) framework. RPC is the preferred way for external clients like wallets and exchanges to interact with a blockchain. + +In addition to providing an ABCI query pathway, the Cosmos SDK provides a gRPC proxy server that routes gRPC query requests to ABCI query requests. + +In order to do that, modules must implement `RegisterGRPCGatewayRoutes(clientCtx client.Context, mux *runtime.ServeMux)` on `AppModuleBasic` to wire the client gRPC requests to the correct handler inside the module. + +Here's an example from the `x/auth` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/module.go#L71-L76 +``` + +## gRPC-gateway REST + +Applications need to support web services that use HTTP requests (e.g. a web wallet like [Keplr](https://keplr.app)). [grpc-gateway](https://github.com/grpc-ecosystem/grpc-gateway) translates REST calls into gRPC calls, which might be useful for clients that do not use gRPC. + +Modules that want to expose REST queries should add `google.api.http` annotations to their `rpc` methods, such as in the example below from the `x/auth` module: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/auth/v1beta1/query.proto#L14-L89 +``` + +gRPC gateway is started in-process along with the application and CometBFT. It can be enabled or disabled by setting gRPC Configuration `enable` in [`app.toml`](../../user/run-node/02-interact-node.md#configuring-the-node-using-apptoml). + +The Cosmos SDK provides a command for generating [Swagger](https://swagger.io/) documentation (`protoc-gen-swagger`). Setting `swagger` in [`app.toml`](../../user/run-node/02-interact-node.md#configuring-the-node-using-apptoml) defines if swagger documentation should be automatically registered. diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/11-structure.md b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/11-structure.md new file mode 100644 index 00000000..22930ee4 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/11-structure.md @@ -0,0 +1,95 @@ +--- +sidebar_position: 1 +--- + +# Recommended Folder Structure + +:::note Synopsis +This document outlines the recommended structure of Cosmos SDK modules. These ideas are meant to be applied as suggestions. Application developers are encouraged to improve upon and contribute to module structure and development design. +::: + +## Structure + +A typical Cosmos SDK module can be structured as follows: + +```shell +proto +└── {project_name} +    └── {module_name} +    └── {proto_version} +       ├── {module_name}.proto +       ├── event.proto +       ├── genesis.proto +       ├── query.proto +       └── tx.proto +``` + +* `{module_name}.proto`: The module's common message type definitions. +* `event.proto`: The module's message type definitions related to events. +* `genesis.proto`: The module's message type definitions related to genesis state. +* `query.proto`: The module's Query service and related message type definitions. +* `tx.proto`: The module's Msg service and related message type definitions. + +```shell +x/{module_name} +├── client +│   ├── cli +│   │ ├── query.go +│   │   └── tx.go +│   └── testutil +│   ├── cli_test.go +│   └── suite.go +├── exported +│   └── exported.go +├── keeper +│   ├── genesis.go +│   ├── grpc_query.go +│   ├── hooks.go +│   ├── invariants.go +│   ├── keeper.go +│   ├── keys.go +│   ├── msg_server.go +│   └── querier.go +├── module +│   └── module.go +│   └── abci.go +│   └── autocli.go +├── simulation +│   ├── decoder.go +│   ├── genesis.go +│   ├── operations.go +│   └── params.go +├── {module_name}.pb.go +├── codec.go +├── errors.go +├── events.go +├── events.pb.go +├── expected_keepers.go +├── genesis.go +├── genesis.pb.go +├── keys.go +├── msgs.go +├── params.go +├── query.pb.go +├── tx.pb.go +└── 05-depinject.md +``` + +* `client/`: The module's CLI client functionality implementation and the module's CLI testing suite. +* `exported/`: The module's exported types - typically interface types. If a module relies on keepers from another module, it is expected to receive the keepers as interface contracts through the `expected_keepers.go` file (see below) in order to avoid a direct dependency on the module implementing the keepers. However, these interface contracts can define methods that operate on and/or return types that are specific to the module that is implementing the keepers and this is where `exported/` comes into play. The interface types that are defined in `exported/` use canonical types, allowing for the module to receive the keepers as interface contracts through the `expected_keepers.go` file. This pattern allows for code to remain DRY and also alleviates import cycle chaos. +* `keeper/`: The module's `Keeper` and `MsgServer` implementation. +* `module/`: The module's `AppModule` and `AppModuleBasic` implementation. + * `abci.go`: The module's `BeginBlocker` and `EndBlocker` implementations (this file is only required if `BeginBlocker` and/or `EndBlocker` need to be defined). + * `autocli.go`: The module [autocli](../tooling/03-autocli.md) options. +* `simulation/`: The module's [simulation](14-simulator.md) package defines functions used by the blockchain simulator application (`simapp`). +* `REAMDE.md`: The module's specification documents outlining important concepts, state storage structure, and message and event type definitions. Learn more how to write module specs in the [spec guidelines](../spec/SPEC_MODULE.md). +* The root directory includes type definitions for messages, events, and genesis state, including the type definitions generated by Protocol Buffers. + * `codec.go`: The module's registry methods for interface types. + * `errors.go`: The module's sentinel errors. + * `events.go`: The module's event types and constructors. + * `expected_keepers.go`: The module's [expected keeper](06-keeper.md#type-definition) interfaces. + * `genesis.go`: The module's genesis state methods and helper functions. + * `keys.go`: The module's store keys and associated helper functions. + * `msgs.go`: The module's message type definitions and associated methods. + * `params.go`: The module's parameter type definitions and associated methods. + * `*.pb.go`: The module's type definitions generated by Protocol Buffers (as defined in the respective `*.proto` files above). diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/12-errors.md b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/12-errors.md new file mode 100644 index 00000000..969ce6e7 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/12-errors.md @@ -0,0 +1,56 @@ +--- +sidebar_position: 1 +--- + +# Errors + +:::note Synopsis +This document outlines the recommended usage and APIs for error handling in Cosmos SDK modules. +::: + +Modules are encouraged to define and register their own errors to provide better +context on failed message or handler execution. Typically, these errors should be +common or general errors which can be further wrapped to provide additional specific +execution context. + +## Registration + +Modules should define and register their custom errors in `x/{module}/errors.go`. +Registration of errors is handled via the [`errors` package](https://github.com/cosmos/cosmos-sdk/blob/main/errors/errors.go). + +Example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/distribution/types/errors.go#L1-L21 +``` + +Each custom module error must provide the codespace, which is typically the module name +(e.g. "distribution") and is unique per module, and a uint32 code. Together, the codespace and code +provide a globally unique Cosmos SDK error. Typically, the code is monotonically increasing but does not +necessarily have to be. The only restrictions on error codes are the following: + +* Must be greater than one, as a code value of one is reserved for internal errors. +* Must be unique within the module. + +Note, the Cosmos SDK provides a core set of *common* errors. These errors are defined in [`types/errors/errors.go`](https://github.com/cosmos/cosmos-sdk/blob/main/types/errors/errors.go). + +## Wrapping + +The custom module errors can be returned as their concrete type as they already fulfill the `error` +interface. However, module errors can be wrapped to provide further context and meaning to failed +execution. + +Example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/bank/keeper/keeper.go#L141-L182 +``` + +Regardless if an error is wrapped or not, the Cosmos SDK's `errors` package provides a function to determine if +an error is of a particular kind via `Is`. + +## ABCI + +If a module error is registered, the Cosmos SDK `errors` package allows ABCI information to be extracted +through the `ABCIInfo` function. The package also provides `ResponseCheckTx` and `ResponseDeliverTx` as +auxiliary functions to automatically get `CheckTx` and `DeliverTx` responses from an error. diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/13-upgrade.md b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/13-upgrade.md new file mode 100644 index 00000000..3636fefa --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/13-upgrade.md @@ -0,0 +1,65 @@ +--- +sidebar_position: 1 +--- + +# Upgrading Modules + +:::note Synopsis +[In-Place Store Migrations](../../learn/advanced/16-upgrade.md) allow your modules to upgrade to new versions that include breaking changes. This document outlines how to build modules to take advantage of this functionality. +::: + +:::note + +### Pre-requisite Readings + +* [In-Place Store Migration](../../learn/advanced/16-upgrade.md) + +::: + +## Consensus Version + +Successful upgrades of existing modules require each `AppModule` to implement the function `ConsensusVersion() uint64`. + +* The versions must be hard-coded by the module developer. +* The initial version **must** be set to 1. + +Consensus versions serve as state-breaking versions of app modules and must be incremented when the module introduces breaking changes. + +## Registering Migrations + +To register the functionality that takes place during a module upgrade, you must register which migrations you want to take place. + +Migration registration takes place in the `Configurator` using the `RegisterMigration` method. The `AppModule` reference to the configurator is in the `RegisterServices` method. + +You can register one or more migrations. If you register more than one migration script, list the migrations in increasing order and ensure there are enough migrations that lead to the desired consensus version. For example, to migrate to version 3 of a module, register separate migrations for version 1 and version 2 as shown in the following example: + +```go +func (am AppModule) RegisterServices(cfg module.Configurator) { + // --snip-- + cfg.RegisterMigration(types.ModuleName, 1, func(ctx sdk.Context) error { + // Perform in-place store migrations from ConsensusVersion 1 to 2. + }) + cfg.RegisterMigration(types.ModuleName, 2, func(ctx sdk.Context) error { + // Perform in-place store migrations from ConsensusVersion 2 to 3. + }) +} +``` + +Since these migrations are functions that need access to a Keeper's store, use a wrapper around the keepers called `Migrator` as shown in this example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/bank/keeper/migrations.go#L11-L35 +``` + +## Writing Migration Scripts + +To define the functionality that takes place during an upgrade, write a migration script and place the functions in a `migrations/` directory. For example, to write migration scripts for the bank module, place the functions in `x/bank/migrations/`. Use the recommended naming convention for these functions. For example, `v2bank` is the script that migrates the package `x/bank/migrations/v2`: + +```go +// Migrating bank module from version 1 to 2 +func (m Migrator) Migrate1to2(ctx sdk.Context) error { + return v2bank.MigrateStore(ctx, m.keeper.storeKey) // v2bank is package `x/bank/migrations/v2`. +} +``` + +To see example code of changes that were implemented in a migration of balance keys, check out [migrateBalanceKeys](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/bank/migrations/v2/store.go#L52-L73). For context, this code introduced migrations of the bank store that updated addresses to be prefixed by their length in bytes as outlined in [ADR-028](../architecture/adr-028-public-key-addresses.md). diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/14-simulator.md b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/14-simulator.md new file mode 100644 index 00000000..9e02a1e9 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/14-simulator.md @@ -0,0 +1,135 @@ +--- +sidebar_position: 1 +--- + +# Module Simulation + +:::note + +### Pre-requisite Readings + +* [Cosmos Blockchain Simulator](../../learn/advanced/13-simulation.md) +::: + +## Synopsis + +This document details how to define each module simulation functions to be +integrated with the application `SimulationManager`. + +* [Simulation package](#simulation-package) + * [Store decoders](#store-decoders) + * [Randomized genesis](#randomized-genesis) + * [Randomized parameter changes](#randomized-parameter-changes) + * [Random weighted operations](#random-weighted-operations) + * [Random proposal contents](#random-proposal-contents) +* [Registering simulation functions](#registering-simulation-functions) +* [App Simulator manager](#app-simulator-manager) + +## Simulation package + +Every module that implements the Cosmos SDK simulator needs to have a `x//simulation` +package which contains the primary functions required by the fuzz tests: store +decoders, randomized genesis state and parameters, weighted operations and proposal +contents. + +### Store decoders + +Registering the store decoders is required for the `AppImportExport`. This allows +for the key-value pairs from the stores to be decoded (_i.e_ unmarshalled) +to their corresponding types. In particular, it matches the key to a concrete type +and then unmarshals the value from the `KVPair` to the type provided. + +You can use the example [here](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/distribution/simulation/decoder.go) from the distribution module to implement your store decoders. + +### Randomized genesis + +The simulator tests different scenarios and values for genesis parameters +in order to fully test the edge cases of specific modules. The `simulator` package from each module must expose a `RandomizedGenState` function to generate the initial random `GenesisState` from a given seed. + +Once the module genesis parameter are generated randomly (or with the key and +values defined in a `params` file), they are marshaled to JSON format and added +to the app genesis JSON to use it on the simulations. + +You can check an example on how to create the randomized genesis [here](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/staking/simulation/genesis.go). + +### Randomized parameter changes + +The simulator is able to test parameter changes at random. The simulator package from each module must contain a `RandomizedParams` func that will simulate parameter changes of the module throughout the simulations lifespan. + +You can see how an example of what is needed to fully test parameter changes [here](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/staking/simulation/params.go) + +### Random weighted operations + +Operations are one of the crucial parts of the Cosmos SDK simulation. They are the transactions +(`Msg`) that are simulated with random field values. The sender of the operation +is also assigned randomly. + +Operations on the simulation are simulated using the full [transaction cycle](../../learn/advanced/01-transactions.md) of a +`ABCI` application that exposes the `BaseApp`. + +Shown below is how weights are set: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/staking/simulation/operations.go#L19-L86 +``` + +As you can see, the weights are predefined in this case. Options exist to override this behavior with different weights. One option is to use `*rand.Rand` to define a random weight for the operation, or you can inject your own predefined weights. + +Here is how one can override the above package `simappparams`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/Makefile#L293-L299 +``` + +For the last test a tool called [runsim](https://github.com/cosmos/tools/tree/master/cmd/runsim) is used, this is used to parallelize go test instances, provide info to Github and slack integrations to provide information to your team on how the simulations are running. + +### Random proposal contents + +Randomized governance proposals are also supported on the Cosmos SDK simulator. Each +module must define the governance proposal `Content`s that they expose and register +them to be used on the parameters. + +## Registering simulation functions + +Now that all the required functions are defined, we need to integrate them into the module pattern within the `module.go`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/distribution/module.go#L180-L203 +``` + +## App Simulator manager + +The following step is setting up the `SimulatorManager` at the app level. This +is required for the simulation test files on the next step. + +```go +type CustomApp struct { + ... + sm *module.SimulationManager +} +``` + +Then at the instantiation of the application, we create the `SimulationManager` +instance in the same way we create the `ModuleManager` but this time we only pass +the modules that implement the simulation functions from the `AppModuleSimulation` +interface described above. + +```go +func NewCustomApp(...) { + // create the simulation manager and define the order of the modules for deterministic simulations + app.sm = module.NewSimulationManager( + auth.NewAppModule(app.accountKeeper), + bank.NewAppModule(app.bankKeeper, app.accountKeeper), + supply.NewAppModule(app.supplyKeeper, app.accountKeeper), + gov.NewAppModule(app.govKeeper, app.accountKeeper, app.supplyKeeper), + mint.NewAppModule(app.mintKeeper), + distr.NewAppModule(app.distrKeeper, app.accountKeeper, app.supplyKeeper, app.stakingKeeper), + staking.NewAppModule(app.stakingKeeper, app.accountKeeper, app.supplyKeeper), + slashing.NewAppModule(app.slashingKeeper, app.accountKeeper, app.stakingKeeper), + ) + + // register the store decoders for simulation tests + app.sm.RegisterStoreDecoders() + ... +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/15-depinject.md b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/15-depinject.md new file mode 100644 index 00000000..fc793f04 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/15-depinject.md @@ -0,0 +1,126 @@ +--- +sidebar_position: 1 +--- + +# Modules depinject-ready + +:::note + +### Pre-requisite Readings + +* [Depinject Documentation](../packages/01-depinject.md) + +::: + +[`depinject`](../packages/01-depinject.md) is used to wire any module in `app.go`. +All core modules are already configured to support dependency injection. + +To work with `depinject` a module must define its configuration and requirements so that `depinject` can provide the right dependencies. + +In brief, as a module developer, the following steps are required: + +1. Define the module configuration using Protobuf +2. Define the module dependencies in `x/{moduleName}/module.go` + +A chain developer can then use the module by following these two steps: + +1. Configure the module in `app_config.go` or `app.yaml` +2. Inject the module in `app.go` + +## Module Configuration + +The module available configuration is defined in a Protobuf file, located at `{moduleName}/module/v1/module.proto`. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/module/v1/module.proto +``` + +* `go_import` must point to the Go package of the custom module. +* Message fields define the module configuration. + That configuration can be set in the `app_config.go` / `app.yaml` file for a chain developer to configure the module. + Taking `group` as example, a chain developer is able to decide, thanks to `uint64 max_metadata_len`, what the maximum metatada length allowed for a group porposal is. + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/app_config.go#L226-L230 + ``` + +That message is generated using [`pulsar`](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/scripts/protocgen-pulsar.sh) (by running `make proto-gen`). +In the case of the `group` module, this file is generated here: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/api/cosmos/group/module/v1/module.pulsar.go. + +The part that is relevant for the module configuration is: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/api/cosmos/group/module/v1/module.pulsar.go#L515-L527 +``` + +:::note +Pulsar is optional. The official [`protoc-gen-go`](https://developers.google.com/protocol-buffers/docs/reference/go-generated) can be used as well. +::: + +## Dependency Definition + +Once the configuration proto is defined, the module's `module.go` must define what dependencies are required by the module. +The boilerplate is similar for all modules. + +:::warning +All methods, structs and their fields must be public for `depinject`. +::: + +1. Import the module configuration generated package: + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/group/module/module.go#L12-L14 + ``` + + Define an `init()` function for defining the `providers` of the module configuration: + This registers the module configuration message and the wiring of the module. + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/group/module/module.go#L199-L204 + ``` + +2. Ensure that the module implements the `appmodule.AppModule` interface: + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.47.0/x/group/module/module.go#L58-L64 + ``` + +3. Define a struct that inherits `depinject.In` and define the module inputs (i.e. module dependencies): + * `depinject` provides the right dependencies to the module. + * `depinject` also checks that all dependencies are provided. + + :::tip + For making a dependency optional, add the `optional:"true"` struct tag. + ::: + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/group/module/module.go#L206-L216 + ``` + +4. Define the module outputs with a public struct that inherits `depinject.Out`: + The module outputs are the dependencies that the module provides to other modules. It is usually the module itself and its keeper. + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/group/module/module.go#L218-L223 + ``` + +5. Create a function named `ProvideModule` (as called in 1.) and use the inputs for instantiating the module outputs. + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/group/module/module.go#L225-L235 + ``` + +The `ProvideModule` function should return an instance of `cosmossdk.io/core/appmodule.AppModule` which implements +one or more app module extension interfaces for initializing the module. + +Following is the complete app wiring configuration for `group`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/group/module/module.go#L195-L235 +``` + +The module is now ready to be used with `depinject` by a chain developer. + +## Integrate in an application + +The App Wiring is done in `app_config.go` / `app.yaml` and `app_v2.go` and is explained in detail in the [overview of `app_v2.go`](../building-apps/01-app-go-v2.md). diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/16-testing.md b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/16-testing.md new file mode 100644 index 00000000..cd49fc45 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/16-testing.md @@ -0,0 +1,124 @@ +--- +sidebar_position: 1 +--- + +# Testing + +The Cosmos SDK contains different types of [tests](https://martinfowler.com/articles/practical-test-pyramid.html). +These tests have different goals and are used at different stages of the development cycle. +We advice, as a general rule, to use tests at all stages of the development cycle. +It is adviced, as a chain developer, to test your application and modules in a similar way than the SDK. + +The rationale behind testing can be found in [ADR-59](https://docs.cosmos.network/main/architecture/adr-059-test-scopes.html). + +## Unit Tests + +Unit tests are the lowest test category of the [test pyramid](https://martinfowler.com/articles/practical-test-pyramid.html). +All packages and modules should have unit test coverage. Modules should have their dependencies mocked: this means mocking keepers. + +The SDK uses `mockgen` to generate mocks for keepers: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/scripts/mockgen.sh#L3-L6 +``` + +You can read more about mockgen [here](https://github.com/golang/mock). + +### Example + +As an example, we will walkthrough the [keeper tests](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/gov/keeper/keeper_test.go) of the `x/gov` module. + +The `x/gov` module has a `Keeper` type requires a few external dependencies (ie. imports outside `x/gov` to work properly). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/gov/keeper/keeper.go#L61-L65 +``` + +In order to only test `x/gov`, we mock the [expected keepers](https://docs.cosmos.network/v0.46/building-modules/keeper.html#type-definition) and instantiate the `Keeper` with the mocked dependencies. Note that we may need to configure the mocked dependencies to return the expected values: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/gov/keeper/common_test.go#L67-L81 +``` + +This allows us to test the `x/gov` module without having to import other modules. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/gov/keeper/keeper_test.go#L3-L35 +``` + +We can test then create unit tests using the newly created `Keeper` instance. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/gov/keeper/keeper_test.go#L73-L91 +``` + +## Integration Tests + +Integration tests are at the second level of the [test pyramid](https://martinfowler.com/articles/practical-test-pyramid.html). +In the SDK, we locate our integration tests under [`/tests/integrations`](https://github.com/cosmos/cosmos-sdk/tree/main/tests/integration). + +The goal of these integration tests is to test how a component interacts with other dependencies. Compared to unit tests, integration tests do not mock dependencies. Instead, they use the direct dependencies of the component. This differs as well from end-to-end tests, which test the component with a full application. + +Integration tests interact with the tested module via the defined `Msg` and `Query` services. The result of the test can be verified by checking the state of the application, by checking the emitted events or the response. It is adviced to combine two of these methods to verify the result of the test. + +The SDK provides small helpers for quickly setting up an integration tests. These helpers can be found at . + +### Example + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/29e22b3bdb05353555c8e0b269311bbff7b8deca/testutil/integration/example_test.go#L22-L89 +``` + +## Deterministic and Regression tests + +Tests are written for queries in the Cosmos SDK which have `module_query_safe` Protobuf annotation. + +Each query is tested using 2 methods: + +* Use property-based testing with the [`rapid`](https://pkg.go.dev/pgregory.net/rapid@v0.5.3) library. The property that is tested is that the query response and gas consumption are the same upon 1000 query calls. +* Regression tests are written with hardcoded responses and gas, and verify they don't change upon 1000 calls and between SDK patch versions. + +Here's an example of regression tests: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/tests/integration/bank/keeper/deterministic_test.go#L102-L115 +``` + +## Simulations + +Simulations uses as well a minimal application, built with [`depinject`](../packages/01-depinject.md): + +:::note +You can as well use the `AppConfig` `configurator` for creating an `AppConfig` [inline](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/slashing/app_test.go#L54-L62). There is no difference between those two ways, use whichever you prefer. +::: + +Following is an example for `x/gov/` simulations: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/gov/simulation/operations_test.go#L292-L310 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/gov/simulation/operations_test.go#L69-L111 +``` + +## End-to-end Tests + +End-to-end tests are at the top of the [test pyramid](https://martinfowler.com/articles/practical-test-pyramid.html). +They must test the whole application flow, from the user perspective (for instance, CLI tests). They are located under [`/tests/e2e`](https://github.com/cosmos/cosmos-sdk/tree/main/tests/e2e). + + +For that, the SDK is using `simapp` but you should use your own application (`appd`). +Here are some examples: + +* SDK E2E tests: . +* Cosmos Hub E2E tests: . +* Osmosis E2E tests: . + +:::note warning +The SDK is in the process of creating its E2E tests, as defined in [ADR-59](https://docs.cosmos.network/main/architecture/adr-059-test-scopes.html). This page will eventually be updated with better examples. +::: + +## Learn More + +Learn more about testing scope in [ADR-59](https://docs.cosmos.network/main/architecture/adr-059-test-scopes.html). diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/_category_.json b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/_category_.json new file mode 100644 index 00000000..2d50f8b3 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Building Modules", + "position": 1, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/transaction_flow.svg b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/transaction_flow.svg new file mode 100644 index 00000000..93bb940a --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/building-modules/transaction_flow.svg @@ -0,0 +1,48 @@ +UserUserbaseAppbaseApprouterrouterhandlerhandlermsgServermsgServerkeeperkeeperContext.EventManagerContext.EventManagerTransaction Type<Tx>Route(ctx, msgRoute)handlerMsg<Tx>(Context, Msg(...))<Tx>(Context, Msg)alt[addresses invalid, denominations wrong, etc.]errorperform action, update contextresults, error codeEmit relevant eventsmaybe wrap results in more structureresult, error coderesults, error code \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/migrations/01-intro.md b/copy-of-sdk-versioned_docs/version-0.47/build/migrations/01-intro.md new file mode 100644 index 00000000..82f1db58 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/migrations/01-intro.md @@ -0,0 +1,15 @@ +--- +sidebar_position: 1 +--- + +# SDK Migrations + +To smoothen the update to the latest stable release, the SDK includes a CLI command for hard-fork migrations (under the ` genesis migrate` subcommand). +Additionally, the SDK includes in-place migrations for its core modules. These in-place migrations are useful to migrate between major releases. + +* Hard-fork migrations are supported from the last major release to the current one. +* In-place module migrations are supported from the last two major releases to the current one. + +Migration from a version older than the last two major releases is not supported. + +When migrating from a previous version, refer to the [`UPGRADING.md`](02-upgrading.md) and the `CHANGELOG.md` of the version you are migrating to. diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/migrations/02-upgrading.md b/copy-of-sdk-versioned_docs/version-0.47/build/migrations/02-upgrading.md new file mode 100644 index 00000000..8c3a6dc2 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/migrations/02-upgrading.md @@ -0,0 +1,612 @@ +# Upgrading Cosmos SDK + +This guide provides instructions for upgrading to specific versions of Cosmos SDK. +Note, always read the **SimApp** section for more information on application wiring updates. + +## [Unreleased] + +### Migration to CometBFT (Part 2) + +The Cosmos SDK has migrated in its previous versions, to CometBFT. +Some functions have been renamed to reflect the naming change. + +Following an exhaustive list: + +* `client.TendermintRPC` -> `client.CometRPC` +* `clitestutil.MockTendermintRPC` -> `clitestutil.MockCometRPC` +* `clitestutilgenutil.CreateDefaultTendermintConfig` -> `clitestutilgenutil.CreateDefaultCometConfig` +* Package `client/grpc/tmservice` -> `client/grpc/cmtservice` + +Additionally, the commands and flags mentioning `tendermint` have been renamed to `comet`. +However, these commands and flags is still supported for backward compatibility. + +For backward compatibility, the `**/tendermint/**` gRPC services are still supported. + +Additionally, the SDK is starting its abstraction from CometBFT Go types thorought the codebase: + +* The usage of CometBFT have been replaced to use the Cosmos SDK logger interface (`cosmossdk.io/log.Logger`). +* The usage of `github.com/cometbft/cometbft/libs/bytes.HexByte` have been replaced by `[]byte`. + +### Configuration + +A new tool have been created for migrating configuration of the SDK. Use the following command to migrate your configuration: + +```bash +simd config migrate v0.48 +``` + +More information about [confix](https://docs.cosmos.network/main/tooling/confix). + +#### Events + +The log section of abci.TxResult is not populated in the case of successful msg(s) execution. Instead a new attribute is added to all messages indicating the `msg_index` which identifies which events and attributes relate the same transaction + +#### gRPC-Web + +gRPC-Web is now listening to the same address as the gRPC Gateway API server (default: `localhost:1317`). +The possibility to listen to a different address has been removed, as well as its settings. +Use `confix` to clean-up your `app.toml`. A nginx (or alike) reverse-proxy can be set to keep the previous behavior. + +#### Database Support + +ClevelDB, BoltDB and BadgerDB are not supported anymore. To migrate from a unsupported database to a supported database please use the database migration tool. + +### Protobuf + +The SDK is in the process of removing all `gogoproto` annotations. + +#### Stringer + +The `gogoproto.goproto_stringer = false` annotation has been removed from most proto files. This means that the `String()` method is being generated for types that previously had this annotation. The generated `String()` method uses `proto.CompactTextString` for _stringifying_ structs. +[Verify](https://github.com/cosmos/cosmos-sdk/pull/13850#issuecomment-1328889651) the usage of the modified `String()` methods and double-check that they are not used in state-machine code. + +### SimApp + + + +#### Module Assertions + +Previously, all modules were required to be set in `OrderBeginBlockers`, `OrderEndBlockers` and `OrderInitGenesis / OrderExportGenesis` in `app.go` / `app_config.go`. +This is no longer the case, the assertion has been loosened to only require modules implementing, respectively, the `module.BeginBlockAppModule`, `module.EndBlockAppModule` and `module.HasGenesis` interfaces. + +#### Modules Keepers + +The following modules `NewKeeper` function now take a `KVStoreService` instead of a `StoreKey`: + +* `x/auth` +* `x/authz` +* `x/bank` +* `x/consensus` +* `x/distribution` +* `x/feegrant` +* `x/nft` + +User manually wiring their chain need to use the `runtime.NewKVStoreService` method to create a `KVStoreService` from a `StoreKey`: + +```diff +app.ConsensusParamsKeeper = consensusparamkeeper.NewKeeper( + appCodec, +- keys[consensusparamtypes.StoreKey] ++ runtime.NewKVStoreService(keys[consensusparamtypes.StoreKey]), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), +) +``` + +The following modules' `Keeper` methods now take in a `context.Context` instead of `sdk.Context`. Any module that has an interfaces for them (like "expected keepers") will need to update and re-generate mocks if needed: + +* `x/authz` +* `x/bank` +* `x/distribution` + +**Users using depinject do not need any changes, this is automatically done for them.** + +#### Logger + +The following modules `NewKeeper` function now take a `log.Logger`: + +* `x/bank` + +`depinject` users must now supply the logger through the main `depinject.Supply` function instead of passing it to `appBuilder.Build`. + +```diff +appConfig = depinject.Configs( + AppConfig, + depinject.Supply( + // supply the application options + appOpts, ++ logger, + ... +``` + +```diff +- app.App = appBuilder.Build(logger, db, traceStore, baseAppOptions...) ++ app.App = appBuilder.Build(db, traceStore, baseAppOptions...) +``` + +User manually wiring their chain need to add the logger argument when creating the keeper. + +#### Module Basics + +Previously, the `ModuleBasics` was a global variable that was used to register all modules's `AppModuleBasic` implementation. +The global variable has been removed and the basic module manager can be now created from the module manager. + +This is automatically done for depinject users, however for supplying different app module implementation, pass them via `depinject.Supply` in the main `AppConfig` (`app_config.go`): + +```go +depinject.Supply( + // supply custom module basics + map[string]module.AppModuleBasic{ + genutiltypes.ModuleName: genutil.NewAppModuleBasic(genutiltypes.DefaultMessageValidator), + govtypes.ModuleName: gov.NewAppModuleBasic( + []govclient.ProposalHandler{ + paramsclient.ProposalHandler, + }, + ), + }, + ) +``` + +Users manually wiring their chain need to use the new `module.NewBasicManagerFromManager` function, after the module manager creation, and pass a `map[string]module.AppModuleBasic` as argument for optionally overridding some module's `AppModuleBasic`. + +### Packages + +#### Store + +References to `types/store.go` which contained aliases for store types have been remapped to point to appropriate store/types, hence the `types/store.go` file is no longer needed and has been removed. + +##### Extract Store to a standalone module + +The `store` module is extracted to have a separate go.mod file which allows it be a standalone module. +All the store imports are now renamed to use `cosmossdk.io/store` instead of `github.com/cosmos/cosmos-sdk/store` across the SDK. + +#### Client + +The return type of the interface method `TxConfig.SignModeHandler()` has been changed from `x/auth/signing.SignModeHandler` to `x/tx/signing.HandlerMap`. This change is transparent to most users as the `TxConfig` interface is typically implemented by private `x/auth/tx.config` struct (as returned by `auth.NewTxConfig`) which has been updated to return the new type. If users have implemented their own `TxConfig` interface, they will need to update their implementation to return the new type. + +### Modules + +#### `**all**` + +[RFC 001](https://docs.cosmos.network/main/rfc/rfc-001-tx-validation) has defined a simplification of the message validation process for modules. +The `sdk.Msg` interface has been updated to not require the implementation of the `ValidateBasic` method. +It is now recommended to validate message directly in the message server. When the validation is performed in the message server, the `ValidateBasic` method on a message is no longer required and can be removed. + +#### `x/auth` + +For ante handler construction via `ante.NewAnteHandler`, the field `ante.HandlerOptions.SignModeHandler` has been updated to `x/tx/signing/HandlerMap` from `x/auth/signing/SignModeHandler`. Callers typically fetch this value from `client.TxConfig.SignModeHandler()` (which is also changed) so this change should be transparent to most users. + +#### `x/capability` + +Capability was moved to [IBC-GO](https://github.com/cosmos/ibc-go). IBC V8 will contain the necessary changes to incorporate the new module location + +#### `x/gov` + +##### Expedited Proposals + +The `gov` v1 module has been updated to support the ability to expedite governance proposals. When a proposal is expedited, the voting period will be shortened to `ExpeditedVotingPeriod` parameter. An expedited proposal must have an higher voting threshold than a classic proposal, that threshold is defined with the `ExpeditedThreshold` parameter. + +##### Cancelling Proposals + +The `gov` module has been updated to support the ability to cancel governance proposals. When a proposal is canceled, all the deposits of the proposal are either burnt or sent to `ProposalCancelDest` address. The deposits burn rate will be determined by a new parameter called `ProposalCancelRatio` parameter. + +```text + 1. deposits * proposal_cancel_ratio will be burned or sent to `ProposalCancelDest` address , if `ProposalCancelDest` is empty then deposits will be burned. + 2. deposits * (1 - proposal_cancel_ratio) will be sent to depositors. +``` + +By default, the new `ProposalCancelRatio` parameter is set to 0.5 during migration and `ProposalCancelDest` is set to empty string (i.e. burnt). + +#### `x/evidence` + +##### Extract evidence to a standalone module + +The `x/evidence` module is extracted to have a separate go.mod file which allows it be a standalone module. +All the evidence imports are now renamed to use `cosmossdk.io/x/evidence` instead of `github.com/cosmos/cosmos-sdk/x/evidence` across the SDK. + +#### `x/nft` + +##### Extract nft to a standalone module + +The `x/nft` module is extracted to have a separate go.mod file which allows it to be a standalone module. + +#### x/feegrant + +##### Extract feegrant to a standalone module + +The `x/feegrant` module is extracted to have a separate go.mod file which allows it to be a standalone module. +All the feegrant imports are now renamed to use `cosmossdk.io/x/feegrant` instead of `github.com/cosmos/cosmos-sdk/x/feegrant` across the SDK. + +#### `x/upgrade` + +##### Extract upgrade to a standalone module + +The `x/upgrade` module is extracted to have a separate go.mod file which allows it to be a standalone module. +All the upgrade imports are now renamed to use `cosmossdk.io/x/upgrade` instead of `github.com/cosmos/cosmos-sdk/x/upgrade` across the SDK. + +## [v0.47.x](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.47.0) + +### Migration to CometBFT (Part 1) + +The Cosmos SDK has migrated to CometBFT, as its default consensus engine. +CometBFT is an implementation of the Tendermint consensus algorithm, and the successor of Tendermint Core. +Due to the import changes, this is a breaking change. Chains need to remove **entirely** their imports of Tendermint Core in their codebase, from direct and indirects imports in their `go.mod`. + +* Replace `github.com/tendermint/tendermint` by `github.com/cometbft/cometbft` +* Replace `github.com/tendermint/tm-db` by `github.com/cometbft/cometbft-db` +* Verify `github.com/tendermint/tendermint` is not an indirect or direct dependency +* Run `make proto-gen` + +Other than that, the migration should be seamless. +On the SDK side, clean-up of variables, functions to reflect the new name will only happen from v0.48 (part 2). + +Note: It is possible that these steps must first be performed by your dependencies before you can perform them on your own codebase. + +### Simulation + +Remove `RandomizedParams` from `AppModuleSimulation` interface. Previously, it used to generate random parameter changes during simulations, however, it does so through ParamChangeProposal which is now legacy. Since all modules were migrated, we can now safely remove this from `AppModuleSimulation` interface. + +Moreover, to support the `MsgUpdateParams` governance proposals for each modules, `AppModuleSimulation` now defines a `AppModule.ProposalMsgs` method in addition to `AppModule.ProposalContents`. That method defines the messages that can be used to submit a proposal and that should be tested in simulation. + +When a module has no proposal messages or proposal content to be tested by simulation, the `AppModule.ProposalMsgs` and `AppModule.ProposalContents` methods can be deleted. + +### gRPC + +A new gRPC service, `proto/cosmos/base/node/v1beta1/query.proto`, has been introduced +which exposes various operator configuration. App developers should be sure to +register the service with the gRPC-gateway service via +`nodeservice.RegisterGRPCGatewayRoutes` in their application construction, which +is typically found in `RegisterAPIRoutes`. + +### AppModule Interface + +Support for the `AppModule` `Querier`, `Route` and `LegacyQuerier` methods has been entirely removed from the `AppModule` +interface. This removes and fully deprecates all legacy queriers. All modules no longer support the REST API previously +known as the LCD, and the `sdk.Msg#Route` method won't be used anymore. + +Most other existing `AppModule` methods have been moved to extension interfaces in preparation for the migration +to the `cosmossdk.io/core/appmodule` API in the next release. Most `AppModule` implementations should not be broken +by this change. + +### SimApp + +The `simapp` package **should not be imported in your own app**. Instead, you should import the `runtime.AppI` interface, that defines an `App`, and use the [`simtestutil` package](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/testutil/sims) for application testing. + +#### App Wiring + +SimApp's `app_v2.go` is using [App Wiring](https://docs.cosmos.network/main/building-apps/app-go-v2), the dependency injection framework of the Cosmos SDK. +This means that modules are injected directly into SimApp thanks to a [configuration file](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/app_config.go). +The previous behavior, without the dependency injection framework, is still present in [`app.go`](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/app.go) and is not going anywhere. + +If you are using a `app.go` without dependency injection, add the following lines to your `app.go` in order to provide newer gRPC services: + +```go +autocliv1.RegisterQueryServer(app.GRPCQueryRouter(), runtimeservices.NewAutoCLIQueryService(app.ModuleManager.Modules)) + +reflectionSvc, err := runtimeservices.NewReflectionService() +if err != nil { + panic(err) +} +reflectionv1.RegisterReflectionServiceServer(app.GRPCQueryRouter(), reflectionSvc) +``` + +#### Constructor + +The constructor, `NewSimApp` has been simplified: + +* `NewSimApp` does not take encoding parameters (`encodingConfig`) as input, instead the encoding parameters are injected (when using app wiring), or directly created in the constructor. Instead, we can instantiate `SimApp` for getting the encoding configuration. +* `NewSimApp` now uses `AppOptions` for getting the home path (`homePath`) and the invariant checks period (`invCheckPeriod`). These were unnecessary given as arguments as they were already present in the `AppOptions`. + +#### Encoding + +`simapp.MakeTestEncodingConfig()` was deprecated and has been removed. Instead you can use the `TestEncodingConfig` from the `types/module/testutil` package. +This means you can replace your usage of `simapp.MakeTestEncodingConfig` in tests to `moduletestutil.MakeTestEncodingConfig`, which takes a series of relevant `AppModuleBasic` as input (the module being tested and any potential dependencies). + +#### Export + +`ExportAppStateAndValidators` takes an extra argument, `modulesToExport`, which is a list of module names to export. +That argument should be passed to the module maanager `ExportGenesisFromModules` method. + +#### Replaces + +The `GoLevelDB` version must pinned to `v1.0.1-0.20210819022825-2ae1ddf74ef7` in the application, following versions might cause unexpected behavior. +This can be done adding `replace github.com/syndtr/goleveldb => github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7` to the `go.mod` file. + +* [issue #14949 on cosmos-sdk](https://github.com/cosmos/cosmos-sdk/issues/14949) +* [issue #25413 on go-ethereum](https://github.com/ethereum/go-ethereum/pull/25413) + +### Protobuf + +The SDK has migrated from `gogo/protobuf` (which is currently unmaintained), to our own maintained fork, [`cosmos/gogoproto`](https://github.com/cosmos/gogoproto). + +This means you should replace all imports of `github.com/gogo/protobuf` to `github.com/cosmos/gogoproto`. +This allows you to remove the replace directive `replace github.com/gogo/protobuf => github.com/regen-network/protobuf v1.3.3-alpha.regen.1` from your `go.mod` file. + +Please use the `ghcr.io/cosmos/proto-builder` image (version >= `0.11.5`) for generating protobuf files. + +See which buf commit for `cosmos/cosmos-sdk` to pin in your `buf.yaml` file [here](../tooling). + +#### Gogoproto Import Paths + +The SDK made a [patch fix](https://github.com/cosmos/gogoproto/pull/32) on its gogoproto repository to require that each proto file's package name matches its OS import path (relatively to a protobuf root import path, usually the root `proto/` folder, set by the `protoc -I` flag). + +For example, assuming you put all your proto files in subfolders inside your root `proto/` folder, then a proto file with package name `myapp.mymodule.v1` should be found in the `proto/myapp/mymodule/v1/` folder. If it is in another folder, the proto generation command will throw an error. + +If you are using a custom folder structure for your proto files, please reorganize them so that their OS path matches their proto package name. + +This is to allow the proto FileDescriptSets to be correctly registered, and this standardized OS import paths allows [Hubl](https://github.com/cosmos/cosmos-sdk/tree/main/tools/hubl) to reflectively talk to any chain. + +#### `{accepts,implements}_interface` proto annotations + +The SDK is normalizing the strings inside the Protobuf `accepts_interface` and `implements_interface` annotations. We require them to be fully-scoped names. They will soon be used by code generators like Pulsar and Telescope to match which messages can or cannot be packed inside `Any`s. + +Here are the following replacements that you need to perform on your proto files: + +```diff +- "Content" ++ "cosmos.gov.v1beta1.Content" +- "Authorization" ++ "cosmos.authz.v1beta1.Authorization" +- "sdk.Msg" ++ "cosmos.base.v1beta1.Msg" +- "AccountI" ++ "cosmos.auth.v1beta1.AccountI" +- "ModuleAccountI" ++ "cosmos.auth.v1beta1.ModuleAccountI" +- "FeeAllowanceI" ++ "cosmos.feegrant.v1beta1.FeeAllowanceI" +``` + +Please also check that in your own app's proto files that there are no single-word names for those two proto annotations. If so, then replace them with fully-qualified names, even though those names don't actually resolve to an actual protobuf entity. + +For more information, see the [encoding guide](../../learn/advanced/06-encoding.md). + +### Transactions + +#### Broadcast Mode + +Broadcast mode `block` was deprecated and has been removed. Please use `sync` mode +instead. When upgrading your tests from `block` to `sync` and checking for a +transaction code, you need to query the transaction first (with its hash) to get +the correct code. + +### Modules + +#### `**all**` + +`EventTypeMessage` events, with `sdk.AttributeKeyModule` and `sdk.AttributeKeySender` are now emitted directly at message excecution (in `baseapp`). +This means that the following boilerplate should be removed from all your custom modules: + +```go +ctx.EventManager().EmitEvent( + sdk.NewEvent( + sdk.EventTypeMessage, + sdk.NewAttribute(sdk.AttributeKeyModule, types.AttributeValueCategory), + sdk.NewAttribute(sdk.AttributeKeySender, `signer/sender`), + ), +) +``` + +The module name is assumed by `baseapp` to be the second element of the message route: `"cosmos.bank.v1beta1.MsgSend" -> "bank"`. +In case a module does not follow the standard message path, (e.g. IBC), it is advised to keep emitting the module name event. +`Baseapp` only emits that event if the module has not already done so. + +#### `x/params` + +The `params` module was deprecated since v0.46. The Cosmos SDK has migrated away from `x/params` for its own modules. +Cosmos SDK modules now store their parameters directly in its repective modules. +The `params` module will be removed in `v0.48`, as mentioned [in v0.46 release](https://github.com/cosmos/cosmos-sdk/blob/v0.46.1/UPGRADING.md#xparams). It is strongly encouraged to migrate away from `x/params` before `v0.48`. + +When performing a chain migration, the params table must be initizalied manually. This was done in the modules keepers in previous versions. +Have a look at `simapp.RegisterUpgradeHandlers()` for an example. + +#### `x/gov` + +##### Minimum Proposal Deposit At Time of Submission + +The `gov` module has been updated to support a minimum proposal deposit at submission time. It is determined by a new +parameter called `MinInitialDepositRatio`. When multiplied by the existing `MinDeposit` parameter, it produces +the necessary proportion of coins needed at the proposal submission time. The motivation for this change is to prevent proposal spamming. + +By default, the new `MinInitialDepositRatio` parameter is set to zero during migration. The value of zero signifies that this +feature is disabled. If chains wish to utilize the minimum proposal deposits at time of submission, the migration logic needs to be +modified to set the new parameter to the desired value. + +##### New Proposal.Proposer field + +The `Proposal` proto has been updated with proposer field. For proposal state migraton developers can call `v4.AddProposerAddressToProposal` in their upgrade handler to update all existing proposal and make them compatible and **this migration is optional**. + +```go +import ( + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/module" + v4 "github.com/cosmos/cosmos-sdk/x/gov/migrations/v4" + upgradetypes "github.com/cosmos/cosmos-sdk/x/upgrade/types" +) + +func (app SimApp) RegisterUpgradeHandlers() { + app.UpgradeKeeper.SetUpgradeHandler(UpgradeName, + func(ctx sdk.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + // this migration is optional + // add proposal ids with proposers which are active (deposit or voting period) + proposals := make(map[uint64]string) + proposals[1] = "cosmos1luyncewxk4lm24k6gqy8y5dxkj0klr4tu0lmnj" ... + v4.AddProposerAddressToProposal(ctx, sdk.NewKVStoreKey(v4.ModuleName), app.appCodec, proposals) + return app.ModuleManager.RunMigrations(ctx, app.Configurator(), fromVM) + }) +} + +``` + +#### `x/consensus` + +Introducing a new `x/consensus` module to handle managing Tendermint consensus +parameters. For migration it is required to call a specific migration to migrate +existing parameters from the deprecated `x/params` to `x/consensus` module. App +developers should ensure to call `baseapp.MigrateParams` in their upgrade handler. + +Example: + +```go +func (app SimApp) RegisterUpgradeHandlers() { + ----> baseAppLegacySS := app.ParamsKeeper.Subspace(baseapp.Paramspace).WithKeyTable(paramstypes.ConsensusParamsKeyTable()) <---- + + app.UpgradeKeeper.SetUpgradeHandler( + UpgradeName, + func(ctx sdk.Context, _ upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + // Migrate Tendermint consensus parameters from x/params module to a + // dedicated x/consensus module. + ----> baseapp.MigrateParams(ctx, baseAppLegacySS, &app.ConsensusParamsKeeper) <---- + + // ... + + return app.ModuleManager.RunMigrations(ctx, app.Configurator(), fromVM) + }, + ) + + // ... +} +``` + +The old params module is required to still be imported in your app.go in order to handle this migration. + +##### `app.go` changes + +When using an `app.go` without App Wiring, the following changes are required: + +```diff +- bApp.SetParamStore(app.ParamsKeeper.Subspace(baseapp.Paramspace).WithKeyTable(paramstypes.ConsensusParamsKeyTable())) ++ app.ConsensusParamsKeeper = consensusparamkeeper.NewKeeper(appCodec, keys[consensusparamstypes.StoreKey], authtypes.NewModuleAddress(govtypes.ModuleName).String()) ++ bApp.SetParamStore(&app.ConsensusParamsKeeper) +``` + +When using App Wiring, the paramater store is automatically set for you. + +#### `x/nft` + +The SDK does not validate anymore the `classID` and `nftID` of an NFT, for extra flexibility in your NFT implementation. +This means chain developers need to validate the `classID` and `nftID` of an NFT. + +### Ledger + +Ledger support has been generalized to enable use of different apps and keytypes that use `secp256k1`. The Ledger interface remains the same, but it can now be provided through the Keyring `Options`, allowing higher-level chains to connect to different Ledger apps or use custom implementations. In addition, higher-level chains can provide custom key implementations around the Ledger public key, to enable greater flexibility with address generation and signing. + +This is not a breaking change, as all values will default to use the standard Cosmos app implementation unless specified otherwise. + +## [v0.46.x](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.46.0) + +### Go API Changes + +The `replace google.golang.org/grpc` directive can be removed from the `go.mod`, it is no more required to block the version. + +A few packages that were deprecated in the previous version are now removed. + +For instance, the REST API, deprecated in v0.45, is now removed. If you have not migrated yet, please follow the [instructions](https://docs.cosmos.network/v0.45/migrations/rest.html). + +To improve clarity of the API, some renaming and improvements has been done: + +| Package | Previous | Current | +| --------- | ---------------------------------- | ------------------------------------ | +| `simapp` | `encodingConfig.Marshaler` | `encodingConfig.Codec` | +| `simapp` | `FundAccount`, `FundModuleAccount` | Functions moved to `x/bank/testutil` | +| `types` | `AccAddressFromHex` | `AccAddressFromHexUnsafe` | +| `x/auth` | `MempoolFeeDecorator` | Use `DeductFeeDecorator` instead | +| `x/bank` | `AddressFromBalancesStore` | `AddressAndDenomFromBalancesStore` | +| `x/gov` | `keeper.DeleteDeposits` | `keeper.DeleteAndBurnDeposits` | +| `x/gov` | `keeper.RefundDeposits` | `keeper.RefundAndDeleteDeposits` | +| `x/{mod}` | package `legacy` | package `migrations` | + +For the exhaustive list of API renaming, please refer to the [CHANGELOG](https://github.com/cosmos/cosmos-sdk/blob/main/CHANGELOG.md). + +#### new packages + +Additionally, new packages have been introduced in order to further split the codebase. Aliases are available for a new API breaking migration, but it is encouraged to migrate to this new packages: + +* `errors` should replace `types/errors` when registering errors or wrapping SDK errors. +* `math` contains the `Int` or `Uint` types that are used in the SDK. +* `x/nft` an NFT base module. +* `x/group` a group module allowing to create DAOs, multisig and policies. Greatly composes with `x/authz`. + +#### `x/authz` + +* `authz.NewMsgGrant` `expiration` is now a pointer. When `nil` is used, then no expiration will be set (grant won't expire). +* `authz.NewGrant` takes a new argument: block time, to correctly validate expire time. + +### Keyring + +The keyring has been refactored in v0.46. + +* The `Unsafe*` interfaces have been removed from the keyring package. Please use interface casting if you wish to access those unsafe functions. +* The keys' implementation has been refactored to be serialized as proto. +* `keyring.NewInMemory` and `keyring.New` takes now a `codec.Codec`. +* Take `keyring.Record` instead of `Info` as first argument in: + * `MkConsKeyOutput` + * `MkValKeyOutput` + * `MkAccKeyOutput` +* Rename: + * `SavePubKey` to `SaveOfflineKey` and remove the `algo` argument. + * `NewMultiInfo`, `NewLedgerInfo` to `NewLegacyMultiInfo`, `newLegacyLedgerInfo` respectively. + * `NewOfflineInfo` to `newLegacyOfflineInfo` and move it to `migration_test.go`. + +### PostHandler + +A `postHandler` is like an `antehandler`, but is run _after_ the `runMsgs` execution. It is in the same store branch that `runMsgs`, meaning that both `runMsgs` and `postHandler`. This allows to run a custom logic after the execution of the messages. + +### IAVL + +v0.19.0 IAVL introduces a new "fast" index. This index represents the latest state of the +IAVL laid out in a format that preserves data locality by key. As a result, it allows for faster queries and iterations +since data can now be read in lexicographical order that is frequent for Cosmos-SDK chains. + +The first time the chain is started after the upgrade, the aforementioned index is created. The creation process +might take time and depends on the size of the latest state of the chain. For example, Osmosis takes around 15 minutes to rebuild the index. + +While the index is being created, node operators can observe the following in the logs: +"Upgrading IAVL storage for faster queries + execution on the live state. This may take a while". The store +key is appended to the message. The message is printed for every module that has a non-transient store. +As a result, it gives a good indication of the progress of the upgrade. + +There is also downgrade and re-upgrade protection. If a node operator chooses to downgrade to IAVL pre-fast index, and then upgrade again, the index is rebuilt from scratch. This implementation detail should not be relevant in most cases. It was added as a safeguard against operator +mistakes. + +### Modules + +#### `x/params` + +* The `x/params` module has been depreacted in favour of each module housing and providing way to modify their parameters. Each module that has parameters that are changable during runtime have an authority, the authority can be a module or user account. The Cosmos SDK team recommends migrating modules away from using the param module. An example of how this could look like can be found [here](https://github.com/cosmos/cosmos-sdk/pull/12363). +* The Param module will be maintained until April 18, 2023. At this point the module will reach end of life and be removed from the Cosmos SDK. + +#### `x/gov` + +The `gov` module has been greatly improved. The previous API has been moved to `v1beta1` while the new implementation is called `v1`. + +In order to submit a proposal with `submit-proposal` you now need to pass a `proposal.json` file. +You can still use the old way by using `submit-legacy-proposal`. This is not recommended. +More information can be found in the gov module [client documentation](https://docs.cosmos.network/v0.46/modules/gov/07_client.html). + +#### `x/staking` + +The `staking module` added a new message type to cancel unbonding delegations. Users that have unbonded by accident or wish to cancel a undelegation can now specify the amount and valdiator they would like to cancel the unbond from + +### Protobuf + +The `third_party/proto` folder that existed in [previous version](https://github.com/cosmos/cosmos-sdk/tree/v0.45.3/third_party/proto) now does not contains directly the [proto files](https://github.com/cosmos/cosmos-sdk/tree/release/v0.46.x/third_party/proto). + +Instead, the SDK uses [`buf`](https://buf.build). Clients should have their own [`buf.yaml`](https://docs.buf.build/configuration/v1/buf-yaml) with `buf.build/cosmos/cosmos-sdk` as dependency, in order to avoid having to copy paste these files. + +The protos can as well be downloaded using `buf export buf.build/cosmos/cosmos-sdk:8cb30a2c4de74dc9bd8d260b1e75e176 --output `. + +Cosmos message protobufs should be extended with `cosmos.msg.v1.signer`: + +```protobuf +message MsgSetWithdrawAddress { + option (cosmos.msg.v1.signer) = "delegator_address"; ++ + + option (gogoproto.equal) = false; + option (gogoproto.goproto_getters) = false; + + string delegator_address = 1 [(cosmos_proto.scalar) = "cosmos.AddressString"]; + string withdraw_address = 2 [(cosmos_proto.scalar) = "cosmos.AddressString"]; +} +``` + +When clients interract with a node they are required to set a codec in in the grpc.Dial. More information can be found in this [doc](https://docs.cosmos.network/v0.46/run-node/interact-node.html#programmatically-via-go). diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/migrations/_category_.json b/copy-of-sdk-versioned_docs/version-0.47/build/migrations/_category_.json new file mode 100644 index 00000000..258dc810 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/migrations/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "SDK Migrations", + "position": 3, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/modules/README.md b/copy-of-sdk-versioned_docs/version-0.47/build/modules/README.md new file mode 100644 index 00000000..53f5dd0d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/modules/README.md @@ -0,0 +1,41 @@ +--- +sidebar_position: 0 +--- + +# Module Summary + +Here are some production-grade modules that can be used in Cosmos SDK applications, along with their respective documentation: + +* [Auth](auth/README.md) - Authentication of accounts and transactions for Cosmos SDK applications. +* [Authz](authz/README.md) - Authorization for accounts to perform actions on behalf of other accounts. +* [Bank](bank/README.md) - Token transfer functionalities. +* [Crisis](crisis/README.md) - Halting the blockchain under certain circumstances (e.g. if an invariant is broken). +* [Distribution](distribution/README.md) - Fee distribution, and staking token provision distribution. +* [Evidence](evidence/README.md) - Evidence handling for double signing, misbehaviour, etc. +* [Feegrant](feegrant/README.md) - Grant fee allowances for executing transactions. +* [Governance](gov/README.md) - On-chain proposals and voting. +* [Mint](mint/README.md) - Creation of new units of staking token. +* [Params](params/README.md) - Globally available parameter store. +* [Slashing](slashing/README.md) - Validator punishment mechanisms. +* [Staking](staking/README.md) - Proof-of-Stake layer for public blockchains. +* [Upgrade](upgrade/README.md) - Software upgrades handling and coordination. +* [NFT](nft/README.md) - NFT module implemented based on [ADR43](https://docs.cosmos.network/main/architecture/adr-043-nft-module.html). +* [Consensus](consensus/README.md) - Consensus module for modifying CometBFT's ABCI consensus params. +* [Circuit](circuit/README.md) - Circuit breaker module for pausing messages. +* [Genutil](genutil/README.md) - Genesis utilities for the Cosmos SDK. + +To learn more about the process of building modules, visit the [building modules reference documentation](https://docs.cosmos.network/main/building-modules/intro). + +## IBC + +The IBC module for the SDK is maintained by the IBC Go team in its [own repository](https://github.com/cosmos/ibc-go). + +Additionally, the [capability module](https://github.com/cosmos/ibc-go/tree/fdd664698d79864f1e00e147f9879e58497b5ef1/modules/capability) is from v0.48+ maintained by the IBC Go team in its [own repository](https://github.com/cosmos/ibc-go/tree/fdd664698d79864f1e00e147f9879e58497b5ef1/modules/capability). + +## CosmWasm + +The CosmWasm module enables smart contracts, learn more by going to their [documentation site](https://book.cosmwasm.com/), or visit [the repository](https://github.com/CosmWasm/cosmwasm). + +## EVM + +Read more about writing smart contracts with solidity at the official [`evm` documentation page](https://docs.evmos.org/protocol/modules/evm). diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/modules/_category_.json b/copy-of-sdk-versioned_docs/version-0.47/build/modules/_category_.json new file mode 100644 index 00000000..9aac4ff6 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/modules/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "List of SDK Modules", + "position": 2, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/modules/accounts/accounts.md b/copy-of-sdk-versioned_docs/version-0.47/build/modules/accounts/accounts.md new file mode 100644 index 00000000..9ffcbed6 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/modules/accounts/accounts.md @@ -0,0 +1,3 @@ +# x/accounts + +The x/accounts module provides module and facilities for writing smart cosmos-sdk accounts. \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/modules/auth/1-vesting.md b/copy-of-sdk-versioned_docs/version-0.47/build/modules/auth/1-vesting.md new file mode 100644 index 00000000..62619ede --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/modules/auth/1-vesting.md @@ -0,0 +1,618 @@ +--- +sidebar_position: 1 +--- + +# `x/auth/vesting` + + +* [Intro and Requirements](#intro-and-requirements) +* [Note](#note) +* [Vesting Account Types](#vesting-account-types) + * [BaseVestingAccount](#basevestingaccount) + * [ContinuousVestingAccount](#continuousvestingaccount) + * [DelayedVestingAccount](#delayedvestingaccount) + * [Period](#period) + * [PeriodicVestingAccount](#periodicvestingaccount) + * [PermanentLockedAccount](#permanentlockedaccount) +* [Vesting Account Specification](#vesting-account-specification) + * [Determining Vesting & Vested Amounts](#determining-vesting--vested-amounts) + * [Periodic Vesting Accounts](#periodic-vesting-accounts) + * [Transferring/Sending](#transferringsending) + * [Delegating](#delegating) + * [Undelegating](#undelegating) +* [Keepers & Handlers](#keepers--handlers) +* [Genesis Initialization](#genesis-initialization) +* [Examples](#examples) + * [Simple](#simple) + * [Slashing](#slashing) + * [Periodic Vesting](#periodic-vesting) +* [Glossary](#glossary) + +## Intro and Requirements + +This specification defines the vesting account implementation that is used by the Cosmos Hub. The requirements for this vesting account is that it should be initialized during genesis with a starting balance `X` and a vesting end time `ET`. A vesting account may be initialized with a vesting start time `ST` and a number of vesting periods `P`. If a vesting start time is included, the vesting period does not begin until start time is reached. If vesting periods are included, the vesting occurs over the specified number of periods. + +For all vesting accounts, the owner of the vesting account is able to delegate and undelegate from validators, however they cannot transfer coins to another account until those coins are vested. This specification allows for four different kinds of vesting: + +* Delayed vesting, where all coins are vested once `ET` is reached. +* Continous vesting, where coins begin to vest at `ST` and vest linearly with respect to time until `ET` is reached +* Periodic vesting, where coins begin to vest at `ST` and vest periodically according to number of periods and the vesting amount per period. The number of periods, length per period, and amount per period are configurable. A periodic vesting account is distinguished from a continuous vesting account in that coins can be released in staggered tranches. For example, a periodic vesting account could be used for vesting arrangements where coins are relased quarterly, yearly, or over any other function of tokens over time. +* Permanent locked vesting, where coins are locked forever. Coins in this account can still be used for delegating and for governance votes even while locked. + +## Note + +Vesting accounts can be initialized with some vesting and non-vesting coins. The non-vesting coins would be immediately transferable. DelayedVesting ContinuousVesting, PeriodicVesting and PermenantVesting accounts can be created with normal messages after genesis. Other types of vesting accounts must be created at genesis, or as part of a manual network upgrade. The current specification only allows for _unconditional_ vesting (ie. there is no possibility of reaching `ET` and +having coins fail to vest). + +## Vesting Account Types + +```go +// VestingAccount defines an interface that any vesting account type must +// implement. +type VestingAccount interface { + Account + + GetVestedCoins(Time) Coins + GetVestingCoins(Time) Coins + + // TrackDelegation performs internal vesting accounting necessary when + // delegating from a vesting account. It accepts the current block time, the + // delegation amount and balance of all coins whose denomination exists in + // the account's original vesting balance. + TrackDelegation(Time, Coins, Coins) + + // TrackUndelegation performs internal vesting accounting necessary when a + // vesting account performs an undelegation. + TrackUndelegation(Coins) + + GetStartTime() int64 + GetEndTime() int64 +} +``` + +### BaseVestingAccount + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/vesting/v1beta1/vesting.proto#L11-L35 +``` + +### ContinuousVestingAccount + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/vesting/v1beta1/vesting.proto#L37-L46 +``` + +### DelayedVestingAccount + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/vesting/v1beta1/vesting.proto#L48-L57 +``` + +### Period + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/vesting/v1beta1/vesting.proto#L59-L69 +``` + +```go +// Stores all vesting periods passed as part of a PeriodicVestingAccount +type Periods []Period + +``` + +### PeriodicVestingAccount + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/vesting/v1beta1/vesting.proto#L71-L81 +``` + +In order to facilitate less ad-hoc type checking and assertions and to support flexibility in account balance usage, the existing `x/bank` `ViewKeeper` interface is updated to contain the following: + +```go +type ViewKeeper interface { + // ... + + // Calculates the total locked account balance. + LockedCoins(ctx sdk.Context, addr sdk.AccAddress) sdk.Coins + + // Calculates the total spendable balance that can be sent to other accounts. + SpendableCoins(ctx sdk.Context, addr sdk.AccAddress) sdk.Coins +} +``` + +### PermanentLockedAccount + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/vesting/v1beta1/vesting.proto#L83-L94 +``` + +## Vesting Account Specification + +Given a vesting account, we define the following in the proceeding operations: + +* `OV`: The original vesting coin amount. It is a constant value. +* `V`: The number of `OV` coins that are still _vesting_. It is derived by +`OV`, `StartTime` and `EndTime`. This value is computed on demand and not on a per-block basis. +* `V'`: The number of `OV` coins that are _vested_ (unlocked). This value is computed on demand and not a per-block basis. +* `DV`: The number of delegated _vesting_ coins. It is a variable value. It is stored and modified directly in the vesting account. +* `DF`: The number of delegated _vested_ (unlocked) coins. It is a variable value. It is stored and modified directly in the vesting account. +* `BC`: The number of `OV` coins less any coins that are transferred +(which can be negative or delegated). It is considered to be balance of the embedded base account. It is stored and modified directly in the vesting account. + +### Determining Vesting & Vested Amounts + +It is important to note that these values are computed on demand and not on a mandatory per-block basis (e.g. `BeginBlocker` or `EndBlocker`). + +#### Continuously Vesting Accounts + +To determine the amount of coins that are vested for a given block time `T`, the +following is performed: + +1. Compute `X := T - StartTime` +2. Compute `Y := EndTime - StartTime` +3. Compute `V' := OV * (X / Y)` +4. Compute `V := OV - V'` + +Thus, the total amount of _vested_ coins is `V'` and the remaining amount, `V`, +is _vesting_. + +```go +func (cva ContinuousVestingAccount) GetVestedCoins(t Time) Coins { + if t <= cva.StartTime { + // We must handle the case where the start time for a vesting account has + // been set into the future or when the start of the chain is not exactly + // known. + return ZeroCoins + } else if t >= cva.EndTime { + return cva.OriginalVesting + } + + x := t - cva.StartTime + y := cva.EndTime - cva.StartTime + + return cva.OriginalVesting * (x / y) +} + +func (cva ContinuousVestingAccount) GetVestingCoins(t Time) Coins { + return cva.OriginalVesting - cva.GetVestedCoins(t) +} +``` + +### Periodic Vesting Accounts + +Periodic vesting accounts require calculating the coins released during each period for a given block time `T`. Note that multiple periods could have passed when calling `GetVestedCoins`, so we must iterate over each period until the end of that period is after `T`. + +1. Set `CT := StartTime` +2. Set `V' := 0` + +For each Period P: + + 1. Compute `X := T - CT` + 2. IF `X >= P.Length` + 1. Compute `V' += P.Amount` + 2. Compute `CT += P.Length` + 3. ELSE break + 3. Compute `V := OV - V'` + +```go +func (pva PeriodicVestingAccount) GetVestedCoins(t Time) Coins { + if t < pva.StartTime { + return ZeroCoins + } + ct := pva.StartTime // The start of the vesting schedule + vested := 0 + periods = pva.GetPeriods() + for _, period := range periods { + if t - ct < period.Length { + break + } + vested += period.Amount + ct += period.Length // increment ct to the start of the next vesting period + } + return vested +} + +func (pva PeriodicVestingAccount) GetVestingCoins(t Time) Coins { + return pva.OriginalVesting - cva.GetVestedCoins(t) +} +``` + +#### Delayed/Discrete Vesting Accounts + +Delayed vesting accounts are easier to reason about as they only have the full amount vesting up until a certain time, then all the coins become vested (unlocked). This does not include any unlocked coins the account may have initially. + +```go +func (dva DelayedVestingAccount) GetVestedCoins(t Time) Coins { + if t >= dva.EndTime { + return dva.OriginalVesting + } + + return ZeroCoins +} + +func (dva DelayedVestingAccount) GetVestingCoins(t Time) Coins { + return dva.OriginalVesting - dva.GetVestedCoins(t) +} +``` + +### Transferring/Sending + +At any given time, a vesting account may transfer: `min((BC + DV) - V, BC)`. + +In other words, a vesting account may transfer the minimum of the base account balance and the base account balance plus the number of currently delegated vesting coins less the number of coins vested so far. + +However, given that account balances are tracked via the `x/bank` module and that we want to avoid loading the entire account balance, we can instead determine the locked balance, which can be defined as `max(V - DV, 0)`, and infer the spendable balance from that. + +```go +func (va VestingAccount) LockedCoins(t Time) Coins { + return max(va.GetVestingCoins(t) - va.DelegatedVesting, 0) +} +``` + +The `x/bank` `ViewKeeper` can then provide APIs to determine locked and spendable coins for any account: + +```go +func (k Keeper) LockedCoins(ctx Context, addr AccAddress) Coins { + acc := k.GetAccount(ctx, addr) + if acc != nil { + if acc.IsVesting() { + return acc.LockedCoins(ctx.BlockTime()) + } + } + + // non-vesting accounts do not have any locked coins + return NewCoins() +} +``` + +#### Keepers/Handlers + +The corresponding `x/bank` keeper should appropriately handle sending coins based on if the account is a vesting account or not. + +```go +func (k Keeper) SendCoins(ctx Context, from Account, to Account, amount Coins) { + bc := k.GetBalances(ctx, from) + v := k.LockedCoins(ctx, from) + + spendable := bc - v + newCoins := spendable - amount + assert(newCoins >= 0) + + from.SetBalance(newCoins) + to.AddBalance(amount) + + // save balances... +} +``` + +### Delegating + +For a vesting account attempting to delegate `D` coins, the following is performed: + +1. Verify `BC >= D > 0` +2. Compute `X := min(max(V - DV, 0), D)` (portion of `D` that is vesting) +3. Compute `Y := D - X` (portion of `D` that is free) +4. Set `DV += X` +5. Set `DF += Y` + +```go +func (va VestingAccount) TrackDelegation(t Time, balance Coins, amount Coins) { + assert(balance <= amount) + x := min(max(va.GetVestingCoins(t) - va.DelegatedVesting, 0), amount) + y := amount - x + + va.DelegatedVesting += x + va.DelegatedFree += y +} +``` + +**Note** `TrackDelegation` only modifies the `DelegatedVesting` and `DelegatedFree` fields, so upstream callers MUST modify the `Coins` field by subtracting `amount`. + +#### Keepers/Handlers + +```go +func DelegateCoins(t Time, from Account, amount Coins) { + if isVesting(from) { + from.TrackDelegation(t, amount) + } else { + from.SetBalance(sc - amount) + } + + // save account... +} +``` + +### Undelegating + +For a vesting account attempting to undelegate `D` coins, the following is performed: + +> NOTE: `DV < D` and `(DV + DF) < D` may be possible due to quirks in the rounding of delegation/undelegation logic. + +1. Verify `D > 0` +2. Compute `X := min(DF, D)` (portion of `D` that should become free, prioritizing free coins) +3. Compute `Y := min(DV, D - X)` (portion of `D` that should remain vesting) +4. Set `DF -= X` +5. Set `DV -= Y` + +```go +func (cva ContinuousVestingAccount) TrackUndelegation(amount Coins) { + x := min(cva.DelegatedFree, amount) + y := amount - x + + cva.DelegatedFree -= x + cva.DelegatedVesting -= y +} +``` + +**Note** `TrackUnDelegation` only modifies the `DelegatedVesting` and `DelegatedFree` fields, so upstream callers MUST modify the `Coins` field by adding `amount`. + +**Note**: If a delegation is slashed, the continuous vesting account ends up with an excess `DV` amount, even after all its coins have vested. This is because undelegating free coins are prioritized. + +**Note**: The undelegation (bond refund) amount may exceed the delegated vesting (bond) amount due to the way undelegation truncates the bond refund, which can increase the validator's exchange rate (tokens/shares) slightly if the undelegated tokens are non-integral. + +#### Keepers/Handlers + +```go +func UndelegateCoins(to Account, amount Coins) { + if isVesting(to) { + if to.DelegatedFree + to.DelegatedVesting >= amount { + to.TrackUndelegation(amount) + // save account ... + } + } else { + AddBalance(to, amount) + // save account... + } +} +``` + +## Keepers & Handlers + +The `VestingAccount` implementations reside in `x/auth`. However, any keeper in a module (e.g. staking in `x/staking`) wishing to potentially utilize any vesting coins, must call explicit methods on the `x/bank` keeper (e.g. `DelegateCoins`) opposed to `SendCoins` and `SubtractCoins`. + +In addition, the vesting account should also be able to spend any coins it receives from other users. Thus, the bank module's `MsgSend` handler should error if a vesting account is trying to send an amount that exceeds their unlocked coin amount. + +See the above specification for full implementation details. + +## Genesis Initialization + +To initialize both vesting and non-vesting accounts, the `GenesisAccount` struct includes new fields: `Vesting`, `StartTime`, and `EndTime`. Accounts meant to be of type `BaseAccount` or any non-vesting type have `Vesting = false`. The genesis initialization logic (e.g. `initFromGenesisState`) must parse and return the correct accounts accordingly based off of these fields. + +```go +type GenesisAccount struct { + // ... + + // vesting account fields + OriginalVesting sdk.Coins `json:"original_vesting"` + DelegatedFree sdk.Coins `json:"delegated_free"` + DelegatedVesting sdk.Coins `json:"delegated_vesting"` + StartTime int64 `json:"start_time"` + EndTime int64 `json:"end_time"` +} + +func ToAccount(gacc GenesisAccount) Account { + bacc := NewBaseAccount(gacc) + + if gacc.OriginalVesting > 0 { + if ga.StartTime != 0 && ga.EndTime != 0 { + // return a continuous vesting account + } else if ga.EndTime != 0 { + // return a delayed vesting account + } else { + // invalid genesis vesting account provided + panic() + } + } + + return bacc +} +``` + +## Examples + +### Simple + +Given a continuous vesting account with 10 vesting coins. + +```text +OV = 10 +DF = 0 +DV = 0 +BC = 10 +V = 10 +V' = 0 +``` + +1. Immediately receives 1 coin + + ```text + BC = 11 + ``` + +2. Time passes, 2 coins vest + + ```text + V = 8 + V' = 2 + ``` + +3. Delegates 4 coins to validator A + + ```text + DV = 4 + BC = 7 + ``` + +4. Sends 3 coins + + ```text + BC = 4 + ``` + +5. More time passes, 2 more coins vest + + ```text + V = 6 + V' = 4 + ``` + +6. Sends 2 coins. At this point the account cannot send anymore until further +coins vest or it receives additional coins. It can still however, delegate. + + ```text + BC = 2 + ``` + +### Slashing + +Same initial starting conditions as the simple example. + +1. Time passes, 5 coins vest + + ```text + V = 5 + V' = 5 + ``` + +2. Delegate 5 coins to validator A + + ```text + DV = 5 + BC = 5 + ``` + +3. Delegate 5 coins to validator B + + ```text + DF = 5 + BC = 0 + ``` + +4. Validator A gets slashed by 50%, making the delegation to A now worth 2.5 coins +5. Undelegate from validator A (2.5 coins) + + ```text + DF = 5 - 2.5 = 2.5 + BC = 0 + 2.5 = 2.5 + ``` + +6. Undelegate from validator B (5 coins). The account at this point can only +send 2.5 coins unless it receives more coins or until more coins vest. +It can still however, delegate. + + ```text + DV = 5 - 2.5 = 2.5 + DF = 2.5 - 2.5 = 0 + BC = 2.5 + 5 = 7.5 + ``` + + Notice how we have an excess amount of `DV`. + +### Periodic Vesting + +A vesting account is created where 100 tokens will be released over 1 year, with +1/4 of tokens vesting each quarter. The vesting schedule would be as follows: + +```yaml +Periods: +- amount: 25stake, length: 7884000 +- amount: 25stake, length: 7884000 +- amount: 25stake, length: 7884000 +- amount: 25stake, length: 7884000 +``` + +```text +OV = 100 +DF = 0 +DV = 0 +BC = 100 +V = 100 +V' = 0 +``` + +1. Immediately receives 1 coin + + ```text + BC = 101 + ``` + +2. Vesting period 1 passes, 25 coins vest + + ```text + V = 75 + V' = 25 + ``` + +3. During vesting period 2, 5 coins are transfered and 5 coins are delegated + + ```text + DV = 5 + BC = 91 + ``` + +4. Vesting period 2 passes, 25 coins vest + + ```text + V = 50 + V' = 50 + ``` + +## Glossary + +* OriginalVesting: The amount of coins (per denomination) that are initially +part of a vesting account. These coins are set at genesis. +* StartTime: The BFT time at which a vesting account starts to vest. +* EndTime: The BFT time at which a vesting account is fully vested. +* DelegatedFree: The tracked amount of coins (per denomination) that are +delegated from a vesting account that have been fully vested at time of delegation. +* DelegatedVesting: The tracked amount of coins (per denomination) that are +delegated from a vesting account that were vesting at time of delegation. +* ContinuousVestingAccount: A vesting account implementation that vests coins +linearly over time. +* DelayedVestingAccount: A vesting account implementation that only fully vests +all coins at a given time. +* PeriodicVestingAccount: A vesting account implementation that vests coins +according to a custom vesting schedule. +* PermanentLockedAccount: It does not ever release coins, locking them indefinitely. +Coins in this account can still be used for delegating and for governance votes even while locked. + + +## CLI + +A user can query and interact with the `vesting` module using the CLI. + +### Transactions + +The `tx` commands allow users to interact with the `vesting` module. + +```bash +simd tx vesting --help +``` + +#### create-periodic-vesting-account + +The `create-periodic-vesting-account` command creates a new vesting account funded with an allocation of tokens, where a sequence of coins and period length in seconds. Periods are sequential, in that the duration of of a period only starts at the end of the previous period. The duration of the first period starts upon account creation. + +```bash +simd tx vesting create-periodic-vesting-account [to_address] [periods_json_file] [flags] +``` + +Example: + +```bash +simd tx vesting create-periodic-vesting-account cosmos1.. periods.json +``` + +#### create-vesting-account + +The `create-vesting-account` command creates a new vesting account funded with an allocation of tokens. The account can either be a delayed or continuous vesting account, which is determined by the '--delayed' flag. All vesting accouts created will have their start time set by the committed block's time. The end_time must be provided as a UNIX epoch timestamp. + +```bash +simd tx vesting create-vesting-account [to_address] [amount] [end_time] [flags] +``` + +Example: + +```bash +simd tx vesting create-vesting-account cosmos1.. 100stake 2592000 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/modules/auth/2-tx.md b/copy-of-sdk-versioned_docs/version-0.47/build/modules/auth/2-tx.md new file mode 100644 index 00000000..0460f69d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/modules/auth/2-tx.md @@ -0,0 +1,266 @@ +--- +sidebar_position: 1 +--- + +# `x/auth/tx` + +:::note + +### Pre-requisite Readings + +* [Transactions](https://docs.cosmos.network/main/core/transactions#transaction-generation) +* [Encoding](https://docs.cosmos.network/main/core/encoding#transaction-encoding) + +::: + +## Abstract + +This document specifies the `x/auth/tx` package of the Cosmos SDK. + +This package represents the Cosmos SDK implementation of the `client.TxConfig`, `client.TxBuilder`, `client.TxEncoder` and `client.TxDecoder` interfaces. + +## Contents + +* [Transactions](#transactions) + * [`TxConfig`](#txconfig) + * [`TxBuilder`](#txbuilder) + * [`TxEncoder`/ `TxDecoder`](#txencoder-txdecoder) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + +## Transactions + +### `TxConfig` + +`client.TxConfig` defines an interface a client can utilize to generate an application-defined concrete transaction type. +The interface defines a set of methods for creating a `client.TxBuilder`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/client/tx_config.go#L25-L31 +``` + +The default implementation of `client.TxConfig` is instantiated by `NewTxConfig` in `x/auth/tx` module. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/tx/config.go#L22-L28 +``` + +### `TxBuilder` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/client/tx_config.go#L33-L50 +``` + +The [`client.TxBuilder`](https://docs.cosmos.network/main/core/transactions#transaction-generation) interface is as well implemented by `x/auth/tx`. +A `client.TxBuilder` can be accessed with `TxConfig.NewTxBuilder()`. + +### `TxEncoder`/ `TxDecoder` + +More information about `TxEncoder` and `TxDecoder` can be found [here](https://docs.cosmos.network/main/core/encoding#transaction-encoding). + +## Client + +### CLI + +#### Query + +The `x/auth/tx` module provides a CLI command to query any transaction, given its hash, transaction sequence or signature. + +Without any argument, the command will query the transaction using the transaction hash. + +```shell +simd query tx DFE87B78A630C0EFDF76C80CD24C997E252792E0317502AE1A02B9809F0D8685 +``` + +When querying a transaction from an account given its sequence, use the `--type=acc_seq` flag: + +```shell +simd query tx --type=acc_seq cosmos1u69uyr6v9qwe6zaaeaqly2h6wnedac0xpxq325/1 +``` + +When querying a transaction given its signature, use the `--type=signature` flag: + +```shell +simd query tx --type=signature Ofjvgrqi8twZfqVDmYIhqwRLQjZZ40XbxEamk/veH3gQpRF0hL2PH4ejRaDzAX+2WChnaWNQJQ41ekToIi5Wqw== +``` + +When querying a transaction given its events, use the `--type=events` flag: + +```shell +simd query txs --events 'message.sender=cosmos...' --page 1 --limit 30 +``` + +The `x/auth/block` module provides a CLI command to query any block, given its hash, height, or events. + +When querying a block by its hash, use the `--type=hash` flag: + +```shell +simd query block --type=hash DFE87B78A630C0EFDF76C80CD24C997E252792E0317502AE1A02B9809F0D8685 +``` + +When querying a block by its height, use the `--type=height` flag: + +```shell +simd query block --type=height 1357 +``` + +When querying a block by its events, use the `--query` flag: + +```shell +simd query blocks --query 'message.sender=cosmos...' --page 1 --limit 30 +``` + +#### Transactions + +The `x/auth/tx` module provides a convinient CLI command for decoding and encoding transactions. + +#### `encode` + +The `encode` command encodes a transaction created with the `--generate-only` flag or signed with the sign command. +The transaction is seralized it to Protobuf and returned as base64. + +```bash +$ simd tx encode tx.json +Co8BCowBChwvY29zbW9zLmJhbmsudjFiZXRhMS5Nc2dTZW5kEmwKLWNvc21vczFsNnZzcWhoN3Jud3N5cjJreXozampnM3FkdWF6OGd3Z3lsODI3NRItY29zbW9zMTU4c2FsZHlnOHBteHU3Znd2dDBkNng3amVzd3A0Z3d5a2xrNnkzGgwKBXN0YWtlEgMxMDASBhIEEMCaDA== +$ simd tx encode tx.signed.json +``` + +More information about the `encode` command can be found running `simd tx encode --help`. + +#### `decode` + +The `decode` commands decodes a transaction encoded with the `encode` command. + + +```bash +simd tx decode Co8BCowBChwvY29zbW9zLmJhbmsudjFiZXRhMS5Nc2dTZW5kEmwKLWNvc21vczFsNnZzcWhoN3Jud3N5cjJreXozampnM3FkdWF6OGd3Z3lsODI3NRItY29zbW9zMTU4c2FsZHlnOHBteHU3Znd2dDBkNng3amVzd3A0Z3d5a2xrNnkzGgwKBXN0YWtlEgMxMDASBhIEEMCaDA== +``` + +More information about the `decode` command can be found running `simd tx decode --help`. + +### gRPC + +A user can query the `x/auth/tx` module using gRPC endpoints. + +#### `TxDecode` + +The `TxDecode` endpoint allows to decode a transaction. + +```shell +cosmos.tx.v1beta1.Service/TxDecode +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"tx_bytes":"Co8BCowBChwvY29zbW9zLmJhbmsudjFiZXRhMS5Nc2dTZW5kEmwKLWNvc21vczFsNnZzcWhoN3Jud3N5cjJreXozampnM3FkdWF6OGd3Z3lsODI3NRItY29zbW9zMTU4c2FsZHlnOHBteHU3Znd2dDBkNng3amVzd3A0Z3d5a2xrNnkzGgwKBXN0YWtlEgMxMDASBhIEEMCaDA=="}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/TxDecode +``` + +Example Output: + +```json +{ + "tx": { + "body": { + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"100"}],"fromAddress":"cosmos1l6vsqhh7rnwsyr2kyz3jjg3qduaz8gwgyl8275","toAddress":"cosmos158saldyg8pmxu7fwvt0d6x7jeswp4gwyklk6y3"} + ] + }, + "authInfo": { + "fee": { + "gasLimit": "200000" + } + } + } +} +``` + +#### `TxEncode` + +The `TxEncode` endpoint allows to encode a transaction. + +```shell +cosmos.tx.v1beta1.Service/TxEncode +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"tx": { + "body": { + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"100"}],"fromAddress":"cosmos1l6vsqhh7rnwsyr2kyz3jjg3qduaz8gwgyl8275","toAddress":"cosmos158saldyg8pmxu7fwvt0d6x7jeswp4gwyklk6y3"} + ] + }, + "authInfo": { + "fee": { + "gasLimit": "200000" + } + } + }}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/TxEncode +``` + +Example Output: + +```json +{ + "txBytes": "Co8BCowBChwvY29zbW9zLmJhbmsudjFiZXRhMS5Nc2dTZW5kEmwKLWNvc21vczFsNnZzcWhoN3Jud3N5cjJreXozampnM3FkdWF6OGd3Z3lsODI3NRItY29zbW9zMTU4c2FsZHlnOHBteHU3Znd2dDBkNng3amVzd3A0Z3d5a2xrNnkzGgwKBXN0YWtlEgMxMDASBhIEEMCaDA==" +} +``` + +#### `TxDecodeAmino` + +The `TxDecode` endpoint allows to decode an amino transaction. + +```shell +cosmos.tx.v1beta1.Service/TxDecodeAmino +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"amino_binary": "KCgWqQpvqKNhmgotY29zbW9zMXRzeno3cDJ6Z2Q3dnZrYWh5ZnJlNHduNXh5dTgwcnB0ZzZ2OWg1Ei1jb3Ntb3MxdHN6ejdwMnpnZDd2dmthaHlmcmU0d241eHl1ODBycHRnNnY5aDUaCwoFc3Rha2USAjEwEhEKCwoFc3Rha2USAjEwEMCaDCIGZm9vYmFy"}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/TxDecodeAmino +``` + +Example Output: + +```json +{ + "aminoJson": "{\"type\":\"cosmos-sdk/StdTx\",\"value\":{\"msg\":[{\"type\":\"cosmos-sdk/MsgSend\",\"value\":{\"from_address\":\"cosmos1tszz7p2zgd7vvkahyfre4wn5xyu80rptg6v9h5\",\"to_address\":\"cosmos1tszz7p2zgd7vvkahyfre4wn5xyu80rptg6v9h5\",\"amount\":[{\"denom\":\"stake\",\"amount\":\"10\"}]}}],\"fee\":{\"amount\":[{\"denom\":\"stake\",\"amount\":\"10\"}],\"gas\":\"200000\"},\"signatures\":null,\"memo\":\"foobar\",\"timeout_height\":\"0\"}}" +} +``` + +#### `TxEncodeAmino` + +The `TxEncodeAmino` endpoint allows to encode an amino transaction. + +```shell +cosmos.tx.v1beta1.Service/TxEncodeAmino +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"amino_json":"{\"type\":\"cosmos-sdk/StdTx\",\"value\":{\"msg\":[{\"type\":\"cosmos-sdk/MsgSend\",\"value\":{\"from_address\":\"cosmos1tszz7p2zgd7vvkahyfre4wn5xyu80rptg6v9h5\",\"to_address\":\"cosmos1tszz7p2zgd7vvkahyfre4wn5xyu80rptg6v9h5\",\"amount\":[{\"denom\":\"stake\",\"amount\":\"10\"}]}}],\"fee\":{\"amount\":[{\"denom\":\"stake\",\"amount\":\"10\"}],\"gas\":\"200000\"},\"signatures\":null,\"memo\":\"foobar\",\"timeout_height\":\"0\"}}"}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/TxEncodeAmino +``` + +Example Output: + +```json +{ + "amino_binary": "KCgWqQpvqKNhmgotY29zbW9zMXRzeno3cDJ6Z2Q3dnZrYWh5ZnJlNHduNXh5dTgwcnB0ZzZ2OWg1Ei1jb3Ntb3MxdHN6ejdwMnpnZDd2dmthaHlmcmU0d241eHl1ODBycHRnNnY5aDUaCwoFc3Rha2USAjEwEhEKCwoFc3Rha2USAjEwEMCaDCIGZm9vYmFy" +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/modules/auth/README.md b/copy-of-sdk-versioned_docs/version-0.47/build/modules/auth/README.md new file mode 100644 index 00000000..4b5a2ad1 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/modules/auth/README.md @@ -0,0 +1,705 @@ +--- +sidebar_position: 1 +--- + +# `x/auth` + +## Abstract + +This document specifies the auth module of the Cosmos SDK. + +The auth module is responsible for specifying the base transaction and account types +for an application, since the SDK itself is agnostic to these particulars. It contains +the middlewares, where all basic transaction validity checks (signatures, nonces, auxiliary fields) +are performed, and exposes the account keeper, which allows other modules to read, write, and modify accounts. + +This module is used in the Cosmos Hub. + +## Contents + +* [Concepts](#concepts) + * [Gas & Fees](#gas--fees) +* [State](#state) + * [Accounts](#accounts) +* [AnteHandlers](#antehandlers) +* [Keepers](#keepers) + * [Account Keeper](#account-keeper) +* [Parameters](#parameters) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) + +## Concepts + +**Note:** The auth module is different from the [authz module](../modules/authz/). + +The differences are: + +* `auth` - authentication of accounts and transactions for Cosmos SDK applications and is responsible for specifying the base transaction and account types. +* `authz` - authorization for accounts to perform actions on behalf of other accounts and enables a granter to grant authorizations to a grantee that allows the grantee to execute messages on behalf of the granter. + +### Gas & Fees + +Fees serve two purposes for an operator of the network. + +Fees limit the growth of the state stored by every full node and allow for +general purpose censorship of transactions of little economic value. Fees +are best suited as an anti-spam mechanism where validators are disinterested in +the use of the network and identities of users. + +Fees are determined by the gas limits and gas prices transactions provide, where +`fees = ceil(gasLimit * gasPrices)`. Txs incur gas costs for all state reads/writes, +signature verification, as well as costs proportional to the tx size. Operators +should set minimum gas prices when starting their nodes. They must set the unit +costs of gas in each token denomination they wish to support: + +`simd start ... --minimum-gas-prices=0.00001stake;0.05photinos` + +When adding transactions to mempool or gossipping transactions, validators check +if the transaction's gas prices, which are determined by the provided fees, meet +any of the validator's minimum gas prices. In other words, a transaction must +provide a fee of at least one denomination that matches a validator's minimum +gas price. + +CometBFT does not currently provide fee based mempool prioritization, and fee +based mempool filtering is local to node and not part of consensus. But with +minimum gas prices set, such a mechanism could be implemented by node operators. + +Because the market value for tokens will fluctuate, validators are expected to +dynamically adjust their minimum gas prices to a level that would encourage the +use of the network. + +## State + +### Accounts + +Accounts contain authentication information for a uniquely identified external user of an SDK blockchain, +including public key, address, and account number / sequence number for replay protection. For efficiency, +since account balances must also be fetched to pay fees, account structs also store the balance of a user +as `sdk.Coins`. + +Accounts are exposed externally as an interface, and stored internally as +either a base account or vesting account. Module clients wishing to add more +account types may do so. + +* `0x01 | Address -> ProtocolBuffer(account)` + +#### Account Interface + +The account interface exposes methods to read and write standard account information. +Note that all of these methods operate on an account struct conforming to the +interface - in order to write the account to the store, the account keeper will +need to be used. + +```go +// AccountI is an interface used to store coins at a given address within state. +// It presumes a notion of sequence numbers for replay protection, +// a notion of account numbers for replay protection for previously pruned accounts, +// and a pubkey for authentication purposes. +// +// Many complex conditions can be used in the concrete struct which implements AccountI. +type AccountI interface { + proto.Message + + GetAddress() sdk.AccAddress + SetAddress(sdk.AccAddress) error // errors if already set. + + GetPubKey() crypto.PubKey // can return nil. + SetPubKey(crypto.PubKey) error + + GetAccountNumber() uint64 + SetAccountNumber(uint64) error + + GetSequence() uint64 + SetSequence(uint64) error + + // Ensure that account implements stringer + String() string +} +``` + +##### Base Account + +A base account is the simplest and most common account type, which just stores all requisite +fields directly in a struct. + +```protobuf +// BaseAccount defines a base account type. It contains all the necessary fields +// for basic account functionality. Any custom account type should extend this +// type for additional functionality (e.g. vesting). +message BaseAccount { + string address = 1; + google.protobuf.Any pub_key = 2; + uint64 account_number = 3; + uint64 sequence = 4; +} +``` + +### Vesting Account + +See [Vesting](https://docs.cosmos.network/main/modules/auth/vesting/). + +## AnteHandlers + +The `x/auth` module presently has no transaction handlers of its own, but does expose the special `AnteHandler`, used for performing basic validity checks on a transaction, such that it could be thrown out of the mempool. +The `AnteHandler` can be seen as a set of decorators that check transactions within the current context, per [ADR 010](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-010-modular-antehandler.md). + +Note that the `AnteHandler` is called on both `CheckTx` and `DeliverTx`, as CometBFT proposers presently have the ability to include in their proposed block transactions which fail `CheckTx`. + +### Decorators + +The auth module provides `AnteDecorator`s that are recursively chained together into a single `AnteHandler` in the following order: + +* `SetUpContextDecorator`: Sets the `GasMeter` in the `Context` and wraps the next `AnteHandler` with a defer clause to recover from any downstream `OutOfGas` panics in the `AnteHandler` chain to return an error with information on gas provided and gas used. + +* `RejectExtensionOptionsDecorator`: Rejects all extension options which can optionally be included in protobuf transactions. + +* `MempoolFeeDecorator`: Checks if the `tx` fee is above local mempool `minFee` parameter during `CheckTx`. + +* `ValidateBasicDecorator`: Calls `tx.ValidateBasic` and returns any non-nil error. + +* `TxTimeoutHeightDecorator`: Check for a `tx` height timeout. + +* `ValidateMemoDecorator`: Validates `tx` memo with application parameters and returns any non-nil error. + +* `ConsumeGasTxSizeDecorator`: Consumes gas proportional to the `tx` size based on application parameters. + +* `DeductFeeDecorator`: Deducts the `FeeAmount` from first signer of the `tx`. If the `x/feegrant` module is enabled and a fee granter is set, it deducts fees from the fee granter account. + +* `SetPubKeyDecorator`: Sets the pubkey from a `tx`'s signers that does not already have its corresponding pubkey saved in the state machine and in the current context. + +* `ValidateSigCountDecorator`: Validates the number of signatures in `tx` based on app-parameters. + +* `SigGasConsumeDecorator`: Consumes parameter-defined amount of gas for each signature. This requires pubkeys to be set in context for all signers as part of `SetPubKeyDecorator`. + +* `SigVerificationDecorator`: Verifies all signatures are valid. This requires pubkeys to be set in context for all signers as part of `SetPubKeyDecorator`. + +* `IncrementSequenceDecorator`: Increments the account sequence for each signer to prevent replay attacks. + +## Keepers + +The auth module only exposes one keeper, the account keeper, which can be used to read and write accounts. + +### Account Keeper + +Presently only one fully-permissioned account keeper is exposed, which has the ability to both read and write +all fields of all accounts, and to iterate over all stored accounts. + +```go +// AccountKeeperI is the interface contract that x/auth's keeper implements. +type AccountKeeperI interface { + // Return a new account with the next account number and the specified address. Does not save the new account to the store. + NewAccountWithAddress(sdk.Context, sdk.AccAddress) types.AccountI + + // Return a new account with the next account number. Does not save the new account to the store. + NewAccount(sdk.Context, types.AccountI) types.AccountI + + // Check if an account exists in the store. + HasAccount(sdk.Context, sdk.AccAddress) bool + + // Retrieve an account from the store. + GetAccount(sdk.Context, sdk.AccAddress) types.AccountI + + // Set an account in the store. + SetAccount(sdk.Context, types.AccountI) + + // Remove an account from the store. + RemoveAccount(sdk.Context, types.AccountI) + + // Iterate over all accounts, calling the provided function. Stop iteration when it returns true. + IterateAccounts(sdk.Context, func(types.AccountI) bool) + + // Fetch the public key of an account at a specified address + GetPubKey(sdk.Context, sdk.AccAddress) (crypto.PubKey, error) + + // Fetch the sequence of an account at a specified address. + GetSequence(sdk.Context, sdk.AccAddress) (uint64, error) + + // Fetch the next account number, and increment the internal counter. + NextAccountNumber(sdk.Context) uint64 +} +``` + +## Parameters + +The auth module contains the following parameters: + +| Key | Type | Example | +| ---------------------- | --------------- | ------- | +| MaxMemoCharacters | uint64 | 256 | +| TxSigLimit | uint64 | 7 | +| TxSizeCostPerByte | uint64 | 10 | +| SigVerifyCostED25519 | uint64 | 590 | +| SigVerifyCostSecp256k1 | uint64 | 1000 | + +## Client + +### CLI + +A user can query and interact with the `auth` module using the CLI. + +### Query + +The `query` commands allow users to query `auth` state. + +```bash +simd query auth --help +``` + +#### account + +The `account` command allow users to query for an account by it's address. + +```bash +simd query auth account [address] [flags] +``` + +Example: + +```bash +simd query auth account cosmos1... +``` + +Example Output: + +```bash +'@type': /cosmos.auth.v1beta1.BaseAccount +account_number: "0" +address: cosmos1zwg6tpl8aw4rawv8sgag9086lpw5hv33u5ctr2 +pub_key: + '@type': /cosmos.crypto.secp256k1.PubKey + key: ApDrE38zZdd7wLmFS9YmqO684y5DG6fjZ4rVeihF/AQD +sequence: "1" +``` + +#### accounts + +The `accounts` command allow users to query all the available accounts. + +```bash +simd query auth accounts [flags] +``` + +Example: + +```bash +simd query auth accounts +``` + +Example Output: + +```bash +accounts: +- '@type': /cosmos.auth.v1beta1.BaseAccount + account_number: "0" + address: cosmos1zwg6tpl8aw4rawv8sgag9086lpw5hv33u5ctr2 + pub_key: + '@type': /cosmos.crypto.secp256k1.PubKey + key: ApDrE38zZdd7wLmFS9YmqO684y5DG6fjZ4rVeihF/AQD + sequence: "1" +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "8" + address: cosmos1yl6hdjhmkf37639730gffanpzndzdpmhwlkfhr + pub_key: null + sequence: "0" + name: transfer + permissions: + - minter + - burner +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "4" + address: cosmos1fl48vsnmsdzcv85q5d2q4z5ajdha8yu34mf0eh + pub_key: null + sequence: "0" + name: bonded_tokens_pool + permissions: + - burner + - staking +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "5" + address: cosmos1tygms3xhhs3yv487phx3dw4a95jn7t7lpm470r + pub_key: null + sequence: "0" + name: not_bonded_tokens_pool + permissions: + - burner + - staking +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "6" + address: cosmos10d07y265gmmuvt4z0w9aw880jnsr700j6zn9kn + pub_key: null + sequence: "0" + name: gov + permissions: + - burner +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "3" + address: cosmos1jv65s3grqf6v6jl3dp4t6c9t9rk99cd88lyufl + pub_key: null + sequence: "0" + name: distribution + permissions: [] +- '@type': /cosmos.auth.v1beta1.BaseAccount + account_number: "1" + address: cosmos147k3r7v2tvwqhcmaxcfql7j8rmkrlsemxshd3j + pub_key: null + sequence: "0" +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "7" + address: cosmos1m3h30wlvsf8llruxtpukdvsy0km2kum8g38c8q + pub_key: null + sequence: "0" + name: mint + permissions: + - minter +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "2" + address: cosmos17xpfvakm2amg962yls6f84z3kell8c5lserqta + pub_key: null + sequence: "0" + name: fee_collector + permissions: [] +pagination: + next_key: null + total: "0" +``` + +#### params + +The `params` command allow users to query the current auth parameters. + +```bash +simd query auth params [flags] +``` + +Example: + +```bash +simd query auth params +``` + +Example Output: + +```bash +max_memo_characters: "256" +sig_verify_cost_ed25519: "590" +sig_verify_cost_secp256k1: "1000" +tx_sig_limit: "7" +tx_size_cost_per_byte: "10" +``` + +### Transactions + +The `auth` module supports transactions commands to help you with signing and more. Compared to other modules you can access directly the `auth` module transactions commands using the only `tx` command. + +Use directly the `--help` flag to get more information about the `tx` command. + +```bash +simd tx --help +``` + +#### `sign` + +The `sign` command allows users to sign transactions that was generated offline. + +```bash +simd tx sign tx.json --from $ALICE > tx.signed.json +``` + +The result is a signed transaction that can be broadcasted to the network thanks to the broadcast command. + +More information about the `sign` command can be found running `simd tx sign --help`. + +#### `sign-batch` + +The `sign-batch` command allows users to sign multiples offline generated transactions. +The transactions can be in one file, with one tx per line, or in multiple files. + +```bash +simd tx sign txs.json --from $ALICE > tx.signed.json +``` + +or + +```bash +simd tx sign tx1.json tx2.json tx3.json --from $ALICE > tx.signed.json +``` + +The result is multiples signed transactions. For combining the signed transactions into one transactions, use the `--append` flag. + +More information about the `sign-batch` command can be found running `simd tx sign-batch --help`. + +#### `multi-sign` + +The `multi-sign` command allows users to sign transactions that was generated offline by a multisig account. + +```bash +simd tx multisign transaction.json k1k2k3 k1sig.json k2sig.json k3sig.json +``` + +Where `k1k2k3` is the multisig account address, `k1sig.json` is the signature of the first signer, `k2sig.json` is the signature of the second signer, and `k3sig.json` is the signature of the third signer. + +More information about the `multi-sign` command can be found running `simd tx multi-sign --help`. + +#### `multisign-batch` + +The `multisign-batch` works the same way as `sign-batch`, but for multisig accounts. +With the difference that the `multisign-batch` command requires all transactions to be in one file, and the `--append` flag does not exist. + +More information about the `multisign-batch` command can be found running `simd tx multisign-batch --help`. + +#### `validate-signatures` + +The `validate-signatures` command allows users to validate the signatures of a signed transaction. + +```bash +$ simd tx validate-signatures tx.signed.json +Signers: + 0: cosmos1l6vsqhh7rnwsyr2kyz3jjg3qduaz8gwgyl8275 + +Signatures: + 0: cosmos1l6vsqhh7rnwsyr2kyz3jjg3qduaz8gwgyl8275 [OK] +``` + +More information about the `validate-signatures` command can be found running `simd tx validate-signatures --help`. + +#### `broadcast` + +The `broadcast` command allows users to broadcast a signed transaction to the network. + +```bash +simd tx broadcast tx.signed.json +``` + +More information about the `broadcast` command can be found running `simd tx broadcast --help`. + +#### `aux-to-fee` + +The `aux-to-fee` comamnds includes the aux signer data in the tx, broadcast the tx, and sends the tip amount to the broadcaster. +[Learn more about tip transaction](https://docs.cosmos.network/main/core/tips). + +```bash +# simd tx bank send --aux (optional: --tip --tipper ) +simd tx aux-to-fee tx.aux.signed.json +``` + +More information about the `aux-to-fee` command can be found running `simd tx aux-to-fee --help`. + +### gRPC + +A user can query the `auth` module using gRPC endpoints. + +#### Account + +The `account` endpoint allow users to query for an account by it's address. + +```bash +cosmos.auth.v1beta1.Query/Account +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"address":"cosmos1.."}' \ + localhost:9090 \ + cosmos.auth.v1beta1.Query/Account +``` + +Example Output: + +```bash +{ + "account":{ + "@type":"/cosmos.auth.v1beta1.BaseAccount", + "address":"cosmos1zwg6tpl8aw4rawv8sgag9086lpw5hv33u5ctr2", + "pubKey":{ + "@type":"/cosmos.crypto.secp256k1.PubKey", + "key":"ApDrE38zZdd7wLmFS9YmqO684y5DG6fjZ4rVeihF/AQD" + }, + "sequence":"1" + } +} +``` + +#### Accounts + +The `accounts` endpoint allow users to query all the available accounts. + +```bash +cosmos.auth.v1beta1.Query/Accounts +``` + +Example: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + cosmos.auth.v1beta1.Query/Accounts +``` + +Example Output: + +```bash +{ + "accounts":[ + { + "@type":"/cosmos.auth.v1beta1.BaseAccount", + "address":"cosmos1zwg6tpl8aw4rawv8sgag9086lpw5hv33u5ctr2", + "pubKey":{ + "@type":"/cosmos.crypto.secp256k1.PubKey", + "key":"ApDrE38zZdd7wLmFS9YmqO684y5DG6fjZ4rVeihF/AQD" + }, + "sequence":"1" + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos1yl6hdjhmkf37639730gffanpzndzdpmhwlkfhr", + "accountNumber":"8" + }, + "name":"transfer", + "permissions":[ + "minter", + "burner" + ] + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos1fl48vsnmsdzcv85q5d2q4z5ajdha8yu34mf0eh", + "accountNumber":"4" + }, + "name":"bonded_tokens_pool", + "permissions":[ + "burner", + "staking" + ] + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos1tygms3xhhs3yv487phx3dw4a95jn7t7lpm470r", + "accountNumber":"5" + }, + "name":"not_bonded_tokens_pool", + "permissions":[ + "burner", + "staking" + ] + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos10d07y265gmmuvt4z0w9aw880jnsr700j6zn9kn", + "accountNumber":"6" + }, + "name":"gov", + "permissions":[ + "burner" + ] + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos1jv65s3grqf6v6jl3dp4t6c9t9rk99cd88lyufl", + "accountNumber":"3" + }, + "name":"distribution" + }, + { + "@type":"/cosmos.auth.v1beta1.BaseAccount", + "accountNumber":"1", + "address":"cosmos147k3r7v2tvwqhcmaxcfql7j8rmkrlsemxshd3j" + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos1m3h30wlvsf8llruxtpukdvsy0km2kum8g38c8q", + "accountNumber":"7" + }, + "name":"mint", + "permissions":[ + "minter" + ] + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos17xpfvakm2amg962yls6f84z3kell8c5lserqta", + "accountNumber":"2" + }, + "name":"fee_collector" + } + ], + "pagination":{ + "total":"9" + } +} +``` + +#### Params + +The `params` endpoint allow users to query the current auth parameters. + +```bash +cosmos.auth.v1beta1.Query/Params +``` + +Example: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + cosmos.auth.v1beta1.Query/Params +``` + +Example Output: + +```bash +{ + "params": { + "maxMemoCharacters": "256", + "txSigLimit": "7", + "txSizeCostPerByte": "10", + "sigVerifyCostEd25519": "590", + "sigVerifyCostSecp256k1": "1000" + } +} +``` + +### REST + +A user can query the `auth` module using REST endpoints. + +#### Account + +The `account` endpoint allow users to query for an account by it's address. + +```bash +/cosmos/auth/v1beta1/account?address={address} +``` + +#### Accounts + +The `accounts` endpoint allow users to query all the available accounts. + +```bash +/cosmos/auth/v1beta1/accounts +``` + +#### Params + +The `params` endpoint allow users to query the current auth parameters. + +```bash +/cosmos/auth/v1beta1/params +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/modules/authz/README.md b/copy-of-sdk-versioned_docs/version-0.47/build/modules/authz/README.md new file mode 100644 index 00000000..2ab2dcba --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/modules/authz/README.md @@ -0,0 +1,355 @@ +--- +sidebar_position: 1 +--- + +# `x/authz` + +## Abstract + +`x/authz` is an implementation of a Cosmos SDK module, per [ADR 30](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-030-authz-module.md), that allows +granting arbitrary privileges from one account (the granter) to another account (the grantee). Authorizations must be granted for a particular Msg service method one by one using an implementation of the `Authorization` interface. + +## Contents + +* [Concepts](#concepts) + * [Authorization and Grant](#authorization-and-grant) + * [Built-in Authorizations](#built-in-authorizations) + * [Gas](#gas) +* [State](#state) + * [Grant](#grant) + * [GrantQueue](#grantqueue) +* [Messages](#messages) + * [MsgGrant](#msggrant) + * [MsgRevoke](#msgrevoke) + * [MsgExec](#msgexec) +* [Events](#events) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) + +## Concepts + +### Authorization and Grant + +The `x/authz` module defines interfaces and messages grant authorizations to perform actions +on behalf of one account to other accounts. The design is defined in the [ADR 030](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-030-authz-module.md). + +A *grant* is an allowance to execute a Msg by the grantee on behalf of the granter. +Authorization is an interface that must be implemented by a concrete authorization logic to validate and execute grants. Authorizations are extensible and can be defined for any Msg service method even outside of the module where the Msg method is defined. See the `SendAuthorization` example in the next section for more details. + +**Note:** The authz module is different from the [auth (authentication)](../modules/auth/) module that is responsible for specifying the base transaction and account types. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/authz/authorizations.go#L11-L25 +``` + +### Built-in Authorizations + +The Cosmos SDK `x/authz` module comes with following authorization types: + +#### GenericAuthorization + +`GenericAuthorization` implements the `Authorization` interface that gives unrestricted permission to execute the provided Msg on behalf of granter's account. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/authz.proto#L14-L22 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/authz/generic_authorization.go#L16-L29 +``` + +* `msg` stores Msg type URL. + +#### SendAuthorization + +`SendAuthorization` implements the `Authorization` interface for the `cosmos.bank.v1beta1.MsgSend` Msg. + +* It takes a (positive) `SpendLimit` that specifies the maximum amount of tokens the grantee can spend. The `SpendLimit` is updated as the tokens are spent. +* It takes an (optional) `AllowList` that specifies to which addresses a grantee can send token. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/authz.proto#L11-L30 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/bank/types/send_authorization.go#L29-L62 +``` + +* `spend_limit` keeps track of how many coins are left in the authorization. +* `allow_list` specifies an optional list of addresses to whom the grantee can send tokens on behalf of the granter. + +#### StakeAuthorization + +`StakeAuthorization` implements the `Authorization` interface for messages in the [staking module](https://docs.cosmos.network/v0.44/modules/staking/). It takes an `AuthorizationType` to specify whether you want to authorise delegating, undelegating or redelegating (i.e. these have to be authorised seperately). It also takes a required `MaxTokens` that keeps track of a limit to the amount of tokens that can be delegated/undelegated/redelegated. If left empty, the amount is unlimited. Additionally, this Msg takes an `AllowList` or a `DenyList`, which allows you to select which validators you allow or deny grantees to stake with. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/authz.proto#L11-L35 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/staking/types/authz.go#L15-L35 +``` + +### Gas + +In order to prevent DoS attacks, granting `StakeAuthorization`s with `x/authz` incurs gas. `StakeAuthorization` allows you to authorize another account to delegate, undelegate, or redelegate to validators. The authorizer can define a list of validators they allow or deny delegations to. The Cosmos SDK iterates over these lists and charge 10 gas for each validator in both of the lists. + +Since the state maintaining a list for granter, grantee pair with same expiration, we are iterating over the list to remove the grant (incase of any revoke of paritcular `msgType`) from the list and we are charging 20 gas per iteration. + +## State + +### Grant + +Grants are identified by combining granter address (the address bytes of the granter), grantee address (the address bytes of the grantee) and Authorization type (its type URL). Hence we only allow one grant for the (granter, grantee, Authorization) triple. + +* Grant: `0x01 | granter_address_len (1 byte) | granter_address_bytes | grantee_address_len (1 byte) | grantee_address_bytes | msgType_bytes -> ProtocolBuffer(AuthorizationGrant)` + +The grant object encapsulates an `Authorization` type and an expiration timestamp: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/authz.proto#L24-L32 +``` + +### GrantQueue + +We are maintaining a queue for authz pruning. Whenever a grant is created, an item will be added to `GrantQueue` with a key of expiration, granter, grantee. + +In `EndBlock` (which runs for every block) we continuously check and prune the expired grants by forming a prefix key with current blocktime that passed the stored expiration in `GrantQueue`, we iterate through all the matched records from `GrantQueue` and delete them from the `GrantQueue` & `Grant`s store. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/5f4ddc6f80f9707320eec42182184207fff3833a/x/authz/keeper/keeper.go#L378-L403 +``` + +* GrantQueue: `0x02 | expiration_bytes | granter_address_len (1 byte) | granter_address_bytes | grantee_address_len (1 byte) | grantee_address_bytes -> ProtocalBuffer(GrantQueueItem)` + +The `expiration_bytes` are the expiration date in UTC with the format `"2006-01-02T15:04:05.000000000"`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/authz/keeper/keys.go#L77-L93 +``` + +The `GrantQueueItem` object contains the list of type urls between granter and grantee that expire at the time indicated in the key. + +## Messages + +In this section we describe the processing of messages for the authz module. + +### MsgGrant + +An authorization grant is created using the `MsgGrant` message. +If there is already a grant for the `(granter, grantee, Authorization)` triple, then the new grant overwrites the previous one. To update or extend an existing grant, a new grant with the same `(granter, grantee, Authorization)` triple should be created. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/tx.proto#L35-L45 +``` + +The message handling should fail if: + +* both granter and grantee have the same address. +* provided `Expiration` time is less than current unix timestamp (but a grant will be created if no `expiration` time is provided since `expiration` is optional). +* provided `Grant.Authorization` is not implemented. +* `Authorization.MsgTypeURL()` is not defined in the router (there is no defined handler in the app router to handle that Msg types). + +### MsgRevoke + +A grant can be removed with the `MsgRevoke` message. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/tx.proto#L69-L78 +``` + +The message handling should fail if: + +* both granter and grantee have the same address. +* provided `MsgTypeUrl` is empty. + +NOTE: The `MsgExec` message removes a grant if the grant has expired. + +### MsgExec + +When a grantee wants to execute a transaction on behalf of a granter, they must send `MsgExec`. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/tx.proto#L52-L63 +``` + +The message handling should fail if: + +* provided `Authorization` is not implemented. +* grantee doesn't have permission to run the transaction. +* if granted authorization is expired. + +## Events + +The authz module emits proto events defined in [the Protobuf reference](https://buf.build/cosmos/cosmos-sdk/docs/main/cosmos.authz.v1beta1#cosmos.authz.v1beta1.EventGrant). + +## Client + +### CLI + +A user can query and interact with the `authz` module using the CLI. + +#### Query + +The `query` commands allow users to query `authz` state. + +```bash +simd query authz --help +``` + +##### grants + +The `grants` command allows users to query grants for a granter-grantee pair. If the message type URL is set, it selects grants only for that message type. + +```bash +simd query authz grants [granter-addr] [grantee-addr] [msg-type-url]? [flags] +``` + +Example: + +```bash +simd query authz grants cosmos1.. cosmos1.. /cosmos.bank.v1beta1.MsgSend +``` + +Example Output: + +```bash +grants: +- authorization: + '@type': /cosmos.bank.v1beta1.SendAuthorization + spend_limit: + - amount: "100" + denom: stake + expiration: "2022-01-01T00:00:00Z" +pagination: null +``` + +#### Transactions + +The `tx` commands allow users to interact with the `authz` module. + +```bash +simd tx authz --help +``` + +##### exec + +The `exec` command allows a grantee to execute a transaction on behalf of granter. + +```bash + simd tx authz exec [tx-json-file] --from [grantee] [flags] +``` + +Example: + +```bash +simd tx authz exec tx.json --from=cosmos1.. +``` + +##### grant + +The `grant` command allows a granter to grant an authorization to a grantee. + +```bash +simd tx authz grant --from [flags] +``` + +Example: + +```bash +simd tx authz grant cosmos1.. send --spend-limit=100stake --from=cosmos1.. +``` + +##### revoke + +The `revoke` command allows a granter to revoke an authorization from a grantee. + +```bash +simd tx authz revoke [grantee] [msg-type-url] --from=[granter] [flags] +``` + +Example: + +```bash +simd tx authz revoke cosmos1.. /cosmos.bank.v1beta1.MsgSend --from=cosmos1.. +``` + +### gRPC + +A user can query the `authz` module using gRPC endpoints. + +#### Grants + +The `Grants` endpoint allows users to query grants for a granter-grantee pair. If the message type URL is set, it selects grants only for that message type. + +```bash +cosmos.authz.v1beta1.Query/Grants +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"granter":"cosmos1..","grantee":"cosmos1..","msg_type_url":"/cosmos.bank.v1beta1.MsgSend"}' \ + localhost:9090 \ + cosmos.authz.v1beta1.Query/Grants +``` + +Example Output: + +```bash +{ + "grants": [ + { + "authorization": { + "@type": "/cosmos.bank.v1beta1.SendAuthorization", + "spendLimit": [ + { + "denom":"stake", + "amount":"100" + } + ] + }, + "expiration": "2022-01-01T00:00:00Z" + } + ] +} +``` + +### REST + +A user can query the `authz` module using REST endpoints. + +```bash +/cosmos/authz/v1beta1/grants +``` + +Example: + +```bash +curl "localhost:1317/cosmos/authz/v1beta1/grants?granter=cosmos1..&grantee=cosmos1..&msg_type_url=/cosmos.bank.v1beta1.MsgSend" +``` + +Example Output: + +```bash +{ + "grants": [ + { + "authorization": { + "@type": "/cosmos.bank.v1beta1.SendAuthorization", + "spend_limit": [ + { + "denom": "stake", + "amount": "100" + } + ] + }, + "expiration": "2022-01-01T00:00:00Z" + } + ], + "pagination": null +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/modules/bank/README.md b/copy-of-sdk-versioned_docs/version-0.47/build/modules/bank/README.md new file mode 100644 index 00000000..340822aa --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/modules/bank/README.md @@ -0,0 +1,950 @@ +--- +sidebar_position: 1 +--- + +# `x/bank` + +## Abstract + +This document specifies the bank module of the Cosmos SDK. + +The bank module is responsible for handling multi-asset coin transfers between +accounts and tracking special-case pseudo-transfers which must work differently +with particular kinds of accounts (notably delegating/undelegating for vesting +accounts). It exposes several interfaces with varying capabilities for secure +interaction with other modules which must alter user balances. + +In addition, the bank module tracks and provides query support for the total +supply of all assets used in the application. + +This module is used in the Cosmos Hub. + +## Contents + +* [Supply](#supply) + * [Total Supply](#total-supply) +* [Module Accounts](#module-accounts) + * [Permissions](#permissions) +* [State](#state) +* [Params](#params) +* [Keepers](#keepers) +* [Messages](#messages) +* [Events](#events) + * [Message Events](#message-events) + * [Keeper Events](#keeper-events) +* [Parameters](#parameters) + * [SendEnabled](#sendenabled) + * [DefaultSendEnabled](#defaultsendenabled) +* [Client](#client) + * [CLI](#cli) + * [Query](#query) + * [Transactions](#transactions) +* [gRPC](#grpc) + +## Supply + +The `supply` functionality: + +* passively tracks the total supply of coins within a chain, +* provides a pattern for modules to hold/interact with `Coins`, and +* introduces the invariant check to verify a chain's total supply. + +### Total Supply + +The total `Supply` of the network is equal to the sum of all coins from the +account. The total supply is updated every time a `Coin` is minted (eg: as part +of the inflation mechanism) or burned (eg: due to slashing or if a governance +proposal is vetoed). + +## Module Accounts + +The supply functionality introduces a new type of `auth.Account` which can be used by +modules to allocate tokens and in special cases mint or burn tokens. At a base +level these module accounts are capable of sending/receiving tokens to and from +`auth.Account`s and other module accounts. This design replaces previous +alternative designs where, to hold tokens, modules would burn the incoming +tokens from the sender account, and then track those tokens internally. Later, +in order to send tokens, the module would need to effectively mint tokens +within a destination account. The new design removes duplicate logic between +modules to perform this accounting. + +The `ModuleAccount` interface is defined as follows: + +```go +type ModuleAccount interface { + auth.Account // same methods as the Account interface + + GetName() string // name of the module; used to obtain the address + GetPermissions() []string // permissions of module account + HasPermission(string) bool +} +``` + +> **WARNING!** +> Any module or message handler that allows either direct or indirect sending of funds must explicitly guarantee those funds cannot be sent to module accounts (unless allowed). + +The supply `Keeper` also introduces new wrapper functions for the auth `Keeper` +and the bank `Keeper` that are related to `ModuleAccount`s in order to be able +to: + +* Get and set `ModuleAccount`s by providing the `Name`. +* Send coins from and to other `ModuleAccount`s or standard `Account`s + (`BaseAccount` or `VestingAccount`) by passing only the `Name`. +* `Mint` or `Burn` coins for a `ModuleAccount` (restricted to its permissions). + +### Permissions + +Each `ModuleAccount` has a different set of permissions that provide different +object capabilities to perform certain actions. Permissions need to be +registered upon the creation of the supply `Keeper` so that every time a +`ModuleAccount` calls the allowed functions, the `Keeper` can lookup the +permissions to that specific account and perform or not perform the action. + +The available permissions are: + +* `Minter`: allows for a module to mint a specific amount of coins. +* `Burner`: allows for a module to burn a specific amount of coins. +* `Staking`: allows for a module to delegate and undelegate a specific amount of coins. + +## State + +The `x/bank` module keeps state of the following primary objects: + +1. Account balances +2. Denomination metadata +3. The total supply of all balances +4. Information on which denominations are allowed to be sent. + +In addition, the `x/bank` module keeps the following indexes to manage the +aforementioned state: + +* Supply Index: `0x0 | byte(denom) -> byte(amount)` +* Denom Metadata Index: `0x1 | byte(denom) -> ProtocolBuffer(Metadata)` +* Balances Index: `0x2 | byte(address length) | []byte(address) | []byte(balance.Denom) -> ProtocolBuffer(balance)` +* Reverse Denomination to Address Index: `0x03 | byte(denom) | 0x00 | []byte(address) -> 0` + +## Params + +The bank module stores it's params in state with the prefix of `0x05`, +it can be updated with governance or the address with authority. + +* Params: `0x05 | ProtocolBuffer(Params)` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/bank.proto#L12-L23 +``` + +## Keepers + +The bank module provides these exported keeper interfaces that can be +passed to other modules that read or update account balances. Modules +should use the least-permissive interface that provides the functionality they +require. + +Best practices dictate careful review of `bank` module code to ensure that +permissions are limited in the way that you expect. + +### Denied Addresses + +The `x/bank` module accepts a map of addresses that are considered blocklisted +from directly and explicitly receiving funds through means such as `MsgSend` and +`MsgMultiSend` and direct API calls like `SendCoinsFromModuleToAccount`. + +Typically, these addresses are module accounts. If these addresses receive funds +outside the expected rules of the state machine, invariants are likely to be +broken and could result in a halted network. + +By providing the `x/bank` module with a blocklisted set of addresses, an error occurs for the operation if a user or client attempts to directly or indirectly send funds to a blocklisted account, for example, by using [IBC](https://ibc.cosmos.network). + +### Common Types + +#### Input + +An input of a multiparty transfer + +```protobuf +// Input models transaction input. +message Input { + string address = 1; + repeated cosmos.base.v1beta1.Coin coins = 2; +} +``` + +#### Output + +An output of a multiparty transfer. + +```protobuf +// Output models transaction outputs. +message Output { + string address = 1; + repeated cosmos.base.v1beta1.Coin coins = 2; +} +``` + +### BaseKeeper + +The base keeper provides full-permission access: the ability to arbitrary modify any account's balance and mint or burn coins. + +Restricted permission to mint per module could be achieved by using baseKeeper with `WithMintCoinsRestriction` to give specific restrictions to mint (e.g. only minting certain denom). + +```go +// Keeper defines a module interface that facilitates the transfer of coins +// between accounts. +type Keeper interface { + SendKeeper + WithMintCoinsRestriction(MintingRestrictionFn) BaseKeeper + + InitGenesis(context.Context, *types.GenesisState) + ExportGenesis(context.Context) *types.GenesisState + + GetSupply(ctx context.Context, denom string) sdk.Coin + HasSupply(ctx context.Context, denom string) bool + GetPaginatedTotalSupply(ctx context.Context, pagination *query.PageRequest) (sdk.Coins, *query.PageResponse, error) + IterateTotalSupply(ctx context.Context, cb func(sdk.Coin) bool) + GetDenomMetaData(ctx context.Context, denom string) (types.Metadata, bool) + HasDenomMetaData(ctx context.Context, denom string) bool + SetDenomMetaData(ctx context.Context, denomMetaData types.Metadata) + IterateAllDenomMetaData(ctx context.Context, cb func(types.Metadata) bool) + + SendCoinsFromModuleToAccount(ctx context.Context, senderModule string, recipientAddr sdk.AccAddress, amt sdk.Coins) error + SendCoinsFromModuleToModule(ctx context.Context, senderModule, recipientModule string, amt sdk.Coins) error + SendCoinsFromAccountToModule(ctx context.Context, senderAddr sdk.AccAddress, recipientModule string, amt sdk.Coins) error + DelegateCoinsFromAccountToModule(ctx context.Context, senderAddr sdk.AccAddress, recipientModule string, amt sdk.Coins) error + UndelegateCoinsFromModuleToAccount(ctx context.Context, senderModule string, recipientAddr sdk.AccAddress, amt sdk.Coins) error + MintCoins(ctx context.Context, moduleName string, amt sdk.Coins) error + BurnCoins(ctx context.Context, moduleName string, amt sdk.Coins) error + + DelegateCoins(ctx context.Context, delegatorAddr, moduleAccAddr sdk.AccAddress, amt sdk.Coins) error + UndelegateCoins(ctx context.Context, moduleAccAddr, delegatorAddr sdk.AccAddress, amt sdk.Coins) error + + // GetAuthority gets the address capable of executing governance proposal messages. Usually the gov module account. + GetAuthority() string + + types.QueryServer +} +``` + +### SendKeeper + +The send keeper provides access to account balances and the ability to transfer coins between +accounts. The send keeper does not alter the total supply (mint or burn coins). + +```go +// SendKeeper defines a module interface that facilitates the transfer of coins +// between accounts without the possibility of creating coins. +type SendKeeper interface { + ViewKeeper + + InputOutputCoins(ctx context.Context, inputs types.Input, outputs []types.Output) error + SendCoins(ctx context.Context, fromAddr sdk.AccAddress, toAddr sdk.AccAddress, amt sdk.Coins) error + + GetParams(ctx context.Context) types.Params + SetParams(ctx context.Context, params types.Params) error + + IsSendEnabledDenom(ctx context.Context, denom string) bool + SetSendEnabled(ctx context.Context, denom string, value bool) + SetAllSendEnabled(ctx context.Context, sendEnableds []*types.SendEnabled) + DeleteSendEnabled(ctx context.Context, denom string) + IterateSendEnabledEntries(ctx context.Context, cb func(denom string, sendEnabled bool) (stop bool)) + GetAllSendEnabledEntries(ctx context.Context) []types.SendEnabled + + IsSendEnabledCoin(ctx context.Context, coin sdk.Coin) bool + IsSendEnabledCoins(ctx context.Context, coins ...sdk.Coin) error + + BlockedAddr(addr sdk.AccAddress) bool +} +``` + +### ViewKeeper + +The view keeper provides read-only access to account balances. The view keeper does not have balance alteration functionality. All balance lookups are `O(1)`. + +```go +// ViewKeeper defines a module interface that facilitates read only access to +// account balances. +type ViewKeeper interface { + ValidateBalance(ctx context.Context, addr sdk.AccAddress) error + HasBalance(ctx context.Context, addr sdk.AccAddress, amt sdk.Coin) bool + + GetAllBalances(ctx context.Context, addr sdk.AccAddress) sdk.Coins + GetAccountsBalances(ctx context.Context) []types.Balance + GetBalance(ctx context.Context, addr sdk.AccAddress, denom string) sdk.Coin + LockedCoins(ctx context.Context, addr sdk.AccAddress) sdk.Coins + SpendableCoins(ctx context.Context, addr sdk.AccAddress) sdk.Coins + SpendableCoin(ctx context.Context, addr sdk.AccAddress, denom string) sdk.Coin + + IterateAccountBalances(ctx context.Context, addr sdk.AccAddress, cb func(coin sdk.Coin) (stop bool)) + IterateAllBalances(ctx context.Context, cb func(address sdk.AccAddress, coin sdk.Coin) (stop bool)) +} +``` + +## Messages + +### MsgSend + +Send coins from one address to another. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/tx.proto#L38-L53 +``` + +The message will fail under the following conditions: + +* The coins do not have sending enabled +* The `to` address is restricted + +### MsgMultiSend + +Send coins from one sender and to a series of different address. If any of the receiving addresses do not correspond to an existing account, a new account is created. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/tx.proto#L58-L69 +``` + +The message will fail under the following conditions: + +* Any of the coins do not have sending enabled +* Any of the `to` addresses are restricted +* Any of the coins are locked +* The inputs and outputs do not correctly correspond to one another + +### MsgUpdateParams + +The `bank` module params can be updated through `MsgUpdateParams`, which can be done using governance proposal. The signer will always be the `gov` module account address. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/tx.proto#L74-L88 +``` + +The message handling can fail if: + +* signer is not the gov module account address. + +### MsgSetSendEnabled + +Used with the x/gov module to set create/edit SendEnabled entries. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/tx.proto#L96-L117 +``` + +The message will fail under the following conditions: + +* The authority is not a bech32 address. +* The authority is not x/gov module's address. +* There are multiple SendEnabled entries with the same Denom. +* One or more SendEnabled entries has an invalid Denom. + +## Events + +The bank module emits the following events: + +### Message Events + +#### MsgSend + +| Type | Attribute Key | Attribute Value | +| -------- | ------------- | ------------------ | +| transfer | recipient | {recipientAddress} | +| transfer | amount | {amount} | +| message | module | bank | +| message | action | send | +| message | sender | {senderAddress} | + +#### MsgMultiSend + +| Type | Attribute Key | Attribute Value | +| -------- | ------------- | ------------------ | +| transfer | recipient | {recipientAddress} | +| transfer | amount | {amount} | +| message | module | bank | +| message | action | multisend | +| message | sender | {senderAddress} | + +### Keeper Events + +In addition to message events, the bank keeper will produce events when the following methods are called (or any method which ends up calling them) + +#### MintCoins + +```json +{ + "type": "coinbase", + "attributes": [ + { + "key": "minter", + "value": "{{sdk.AccAddress of the module minting coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being minted}}", + "index": true + } + ] +} +``` + +```json +{ + "type": "coin_received", + "attributes": [ + { + "key": "receiver", + "value": "{{sdk.AccAddress of the module minting coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being received}}", + "index": true + } + ] +} +``` + +#### BurnCoins + +```json +{ + "type": "burn", + "attributes": [ + { + "key": "burner", + "value": "{{sdk.AccAddress of the module burning coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being burned}}", + "index": true + } + ] +} +``` + +```json +{ + "type": "coin_spent", + "attributes": [ + { + "key": "spender", + "value": "{{sdk.AccAddress of the module burning coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being burned}}", + "index": true + } + ] +} +``` + +#### addCoins + +```json +{ + "type": "coin_received", + "attributes": [ + { + "key": "receiver", + "value": "{{sdk.AccAddress of the address beneficiary of the coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being received}}", + "index": true + } + ] +} +``` + +#### subUnlockedCoins/DelegateCoins + +```json +{ + "type": "coin_spent", + "attributes": [ + { + "key": "spender", + "value": "{{sdk.AccAddress of the address which is spending coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being spent}}", + "index": true + } + ] +} +``` + +## Parameters + +The bank module contains the following parameters + +### SendEnabled + +The SendEnabled parameter is now deprecated and not to be use. It is replaced +with state store records. + + +### DefaultSendEnabled + +The default send enabled value controls send transfer capability for all +coin denominations unless specifically included in the array of `SendEnabled` +parameters. + +## Client + +### CLI + +A user can query and interact with the `bank` module using the CLI. + +#### Query + +The `query` commands allow users to query `bank` state. + +```shell +simd query bank --help +``` + +##### balances + +The `balances` command allows users to query account balances by address. + +```shell +simd query bank balances [address] [flags] +``` + +Example: + +```shell +simd query bank balances cosmos1.. +``` + +Example Output: + +```yml +balances: +- amount: "1000000000" + denom: stake +pagination: + next_key: null + total: "0" +``` + +##### denom-metadata + +The `denom-metadata` command allows users to query metadata for coin denominations. A user can query metadata for a single denomination using the `--denom` flag or all denominations without it. + +```shell +simd query bank denom-metadata [flags] +``` + +Example: + +```shell +simd query bank denom-metadata --denom stake +``` + +Example Output: + +```yml +metadata: + base: stake + denom_units: + - aliases: + - STAKE + denom: stake + description: native staking token of simulation app + display: stake + name: SimApp Token + symbol: STK +``` + +##### total + +The `total` command allows users to query the total supply of coins. A user can query the total supply for a single coin using the `--denom` flag or all coins without it. + +```shell +simd query bank total [flags] +``` + +Example: + +```shell +simd query bank total --denom stake +``` + +Example Output: + +```yml +amount: "10000000000" +denom: stake +``` + +##### send-enabled + +The `send-enabled` command allows users to query for all or some SendEnabled entries. + +```shell +simd query bank send-enabled [denom1 ...] [flags] +``` + +Example: + +```shell +simd query bank send-enabled +``` + +Example output: + +```yml +send_enabled: +- denom: foocoin + enabled: true +- denom: barcoin +pagination: + next-key: null + total: 2 +``` + +#### Transactions + +The `tx` commands allow users to interact with the `bank` module. + +```shell +simd tx bank --help +``` + +##### send + +The `send` command allows users to send funds from one account to another. + +```shell +simd tx bank send [from_key_or_address] [to_address] [amount] [flags] +``` + +Example: + +```shell +simd tx bank send cosmos1.. cosmos1.. 100stake +``` + +## gRPC + +A user can query the `bank` module using gRPC endpoints. + +### Balance + +The `Balance` endpoint allows users to query account balance by address for a given denomination. + +```shell +cosmos.bank.v1beta1.Query/Balance +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"address":"cosmos1..","denom":"stake"}' \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/Balance +``` + +Example Output: + +```json +{ + "balance": { + "denom": "stake", + "amount": "1000000000" + } +} +``` + +### AllBalances + +The `AllBalances` endpoint allows users to query account balance by address for all denominations. + +```shell +cosmos.bank.v1beta1.Query/AllBalances +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"address":"cosmos1.."}' \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/AllBalances +``` + +Example Output: + +```json +{ + "balances": [ + { + "denom": "stake", + "amount": "1000000000" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### DenomMetadata + +The `DenomMetadata` endpoint allows users to query metadata for a single coin denomination. + +```shell +cosmos.bank.v1beta1.Query/DenomMetadata +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"denom":"stake"}' \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/DenomMetadata +``` + +Example Output: + +```json +{ + "metadata": { + "description": "native staking token of simulation app", + "denomUnits": [ + { + "denom": "stake", + "aliases": [ + "STAKE" + ] + } + ], + "base": "stake", + "display": "stake", + "name": "SimApp Token", + "symbol": "STK" + } +} +``` + +### DenomsMetadata + +The `DenomsMetadata` endpoint allows users to query metadata for all coin denominations. + +```shell +cosmos.bank.v1beta1.Query/DenomsMetadata +``` + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/DenomsMetadata +``` + +Example Output: + +```json +{ + "metadatas": [ + { + "description": "native staking token of simulation app", + "denomUnits": [ + { + "denom": "stake", + "aliases": [ + "STAKE" + ] + } + ], + "base": "stake", + "display": "stake", + "name": "SimApp Token", + "symbol": "STK" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### DenomOwners + +The `DenomOwners` endpoint allows users to query metadata for a single coin denomination. + +```shell +cosmos.bank.v1beta1.Query/DenomOwners +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"denom":"stake"}' \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/DenomOwners +``` + +Example Output: + +```json +{ + "denomOwners": [ + { + "address": "cosmos1..", + "balance": { + "denom": "stake", + "amount": "5000000000" + } + }, + { + "address": "cosmos1..", + "balance": { + "denom": "stake", + "amount": "5000000000" + } + }, + ], + "pagination": { + "total": "2" + } +} +``` + +### TotalSupply + +The `TotalSupply` endpoint allows users to query the total supply of all coins. + +```shell +cosmos.bank.v1beta1.Query/TotalSupply +``` + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/TotalSupply +``` + +Example Output: + +```json +{ + "supply": [ + { + "denom": "stake", + "amount": "10000000000" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### SupplyOf + +The `SupplyOf` endpoint allows users to query the total supply of a single coin. + +```shell +cosmos.bank.v1beta1.Query/SupplyOf +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"denom":"stake"}' \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/SupplyOf +``` + +Example Output: + +```json +{ + "amount": { + "denom": "stake", + "amount": "10000000000" + } +} +``` + +### Params + +The `Params` endpoint allows users to query the parameters of the `bank` module. + +```shell +cosmos.bank.v1beta1.Query/Params +``` + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/Params +``` + +Example Output: + +```json +{ + "params": { + "defaultSendEnabled": true + } +} +``` + +### SendEnabled + +The `SendEnabled` enpoints allows users to query the SendEnabled entries of the `bank` module. + +Any denominations NOT returned, use the `Params.DefaultSendEnabled` value. + +```shell +cosmos.bank.v1beta1.Query/SendEnabled +``` + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/SendEnabled +``` + +Example Output: + +```json +{ + "send_enabled": [ + { + "denom": "foocoin", + "enabled": true + }, + { + "denom": "barcoin" + } + ], + "pagination": { + "next-key": null, + "total": 2 + } +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/modules/circuit/README.md b/copy-of-sdk-versioned_docs/version-0.47/build/modules/circuit/README.md new file mode 100644 index 00000000..7386680e --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/modules/circuit/README.md @@ -0,0 +1,151 @@ +# `x/circuit` + +## Concepts + +Circuit Breaker is a module that is meant to avoid a chain needing to halt/shut down in the presence of a vulnerability, instead the module will allow specific messages or all messages to be disabled. When operating a chain, if it is app specific then a halt of the chain is less detrimental, but if there are applications built on top of the chain then halting is expensive due to the disturbance to applications. + +Circuit Breaker works with the idea that an address or set of addresses have the right to block messages from being executed and/or included in the mempool. Any address with a permission is able to reset the circuit breaker for the message. + +## State + +### Accounts + +* AccountPermissions `0x1 | account_address -> ProtocolBuffer(CircuitBreakerPermissions)` + +```go +type level int32 + +const ( + // LEVEL_NONE_UNSPECIFIED indicates that the account will have no circuit + // breaker permissions. + LEVEL_NONE_UNSPECIFIED = iota + // LEVEL_SOME_MSGS indicates that the account will have permission to + // trip or reset the circuit breaker for some Msg type URLs. If this level + // is chosen, a non-empty list of Msg type URLs must be provided in + // limit_type_urls. + LEVEL_SOME_MSGS + // LEVEL_ALL_MSGS indicates that the account can trip or reset the circuit + // breaker for Msg's of all type URLs. + LEVEL_ALL_MSGS + // LEVEL_SUPER_ADMIN indicates that the account can take all circuit breaker + // actions and can grant permissions to other accounts. + LEVEL_SUPER_ADMIN +) + +type Access struct { + level int32 + msgs []string // if full permission, msgs can be empty +} +``` + + +### Disable List + +List of type urls that are disabled. + +* DisableList `0x2 | msg_type_url -> []byte{}` + +## State Transitions + +### Authorize + +Authorize, is called by the module authority (default governance module account) or any account with `LEVEL_SUPER_ADMIN` to give permission to disable/enable messages to another account. There are three levels of permissions that can be granted. `LEVEL_SOME_MSGS` limits the number of messages that can be disabled. `LEVEL_ALL_MSGS` permits all messages to be disabled. `LEVEL_SUPER_ADMIN` allows an account to take all circuit breaker actions including authorizing and deauthorizing other accounts. + +```protobuf + // AuthorizeCircuitBreaker allows a super-admin to grant (or revoke) another + // account's circuit breaker permissions. + rpc AuthorizeCircuitBreaker(MsgAuthorizeCircuitBreaker) returns (MsgAuthorizeCircuitBreakerResponse); +``` + +### Trip + +Trip, is called by an authorized account to disable message execution for a specific msgURL. If empty, all the msgs will be disabled. + +```protobuf + // TripCircuitBreaker pauses processing of Msg's in the state machine. + rpc TripCircuitBreaker(MsgTripCircuitBreaker) returns (MsgTripCircuitBreakerResponse); +``` + +### Reset + +Reset is called by an authorized account to enable execution for a specific msgURL of previously disabled message. If empty, all the disabled messages will be enabled. + +```protobuf + // ResetCircuitBreaker resumes processing of Msg's in the state machine that + // have been been paused using TripCircuitBreaker. + rpc ResetCircuitBreaker(MsgResetCircuitBreaker) returns (MsgResetCircuitBreakerResponse); +``` + +## Messages + +### MsgAuthorizeCircuitBreaker + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/cosmos/circuit/v1/tx.proto#L25-L75 +``` + +This message is expected to fail if: + +* the granter is not an account with permission level `LEVEL_SUPER_ADMIN` or the module authority + +### MsgTripCircuitBreaker + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/cosmos/circuit/v1/tx.proto#L77-L93 +``` + +This message is expected to fail if: + +* if the signer does not have a permission level with the ability to disable the specified type url message + +### MsgResetCircuitBreaker + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/cosmos/circuit/v1/tx.proto#L95-109 +``` + +This message is expected to fail if: + +* if the type url is not disabled + +## Events - list and describe event tags + +The circuit module emits the following events: + +### Message Events + +#### MsgAuthorizeCircuitBreaker + +| Type | Attribute Key | Attribute Value | +|---------|---------------|---------------------------| +| string | granter | {granterAddress} | +| string | grantee | {granteeAddress} | +| string | permission | {granteePermissions} | +| message | module | circuit | +| message | action | authorize_circuit_breaker | + +#### MsgTripCircuitBreaker + +| Type | Attribute Key | Attribute Value | +|----------|---------------|--------------------| +| string | authority | {authorityAddress} | +| []string | msg_urls | []string{msg_urls} | +| message | module | circuit | +| message | action | trip_circuit_breaker | + +#### ResetCircuitBreaker + +| Type | Attribute Key | Attribute Value | +|----------|---------------|--------------------| +| string | authority | {authorityAddress} | +| []string | msg_urls | []string{msg_urls} | +| message | module | circuit | +| message | action | reset_circuit_breaker | + + +## Keys - list of key prefixes used by the circuit module + +* `AccountPermissionPrefix` - `0x01` +* `DisableListPrefix` - `0x02` + +## Client - list and describe CLI commands and gRPC and REST endpoints diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/modules/consensus/README.md b/copy-of-sdk-versioned_docs/version-0.47/build/modules/consensus/README.md new file mode 100644 index 00000000..902280a6 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/modules/consensus/README.md @@ -0,0 +1,7 @@ +--- +sidebar_position: 1 +--- + +# `x/consensus` + +Functionality to modify CometBFT's ABCI consensus params. diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/modules/crisis/README.md b/copy-of-sdk-versioned_docs/version-0.47/build/modules/crisis/README.md new file mode 100644 index 00000000..e4e29d0a --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/modules/crisis/README.md @@ -0,0 +1,110 @@ +--- +sidebar_position: 1 +--- + +# `x/crisis` + +## Overview + +The crisis module halts the blockchain under the circumstance that a blockchain +invariant is broken. Invariants can be registered with the application during the +application initialization process. + +## Contents + +* [State](#state) +* [Messages](#messages) +* [Events](#events) +* [Parameters](#parameters) +* [Client](#client) + * [CLI](#cli) + +## State + +### ConstantFee + +Due to the anticipated large gas cost requirement to verify an invariant (and +potential to exceed the maximum allowable block gas limit) a constant fee is +used instead of the standard gas consumption method. The constant fee is +intended to be larger than the anticipated gas cost of running the invariant +with the standard gas consumption method. + +The ConstantFee param is stored in the module params state with the prefix of `0x01`, +it can be updated with governance or the address with authority. + +* Params: `mint/params -> legacy_amino(sdk.Coin)` + +## Messages + +In this section we describe the processing of the crisis messages and the +corresponding updates to the state. + +### MsgVerifyInvariant + +Blockchain invariants can be checked using the `MsgVerifyInvariant` message. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/crisis/v1beta1/tx.proto#L26-L42 +``` + +This message is expected to fail if: + +* the sender does not have enough coins for the constant fee +* the invariant route is not registered + +This message checks the invariant provided, and if the invariant is broken it +panics, halting the blockchain. If the invariant is broken, the constant fee is +never deducted as the transaction is never committed to a block (equivalent to +being refunded). However, if the invariant is not broken, the constant fee will +not be refunded. + +## Events + +The crisis module emits the following events: + +### Handlers + +#### MsgVerifyInvariance + +| Type | Attribute Key | Attribute Value | +|-----------|---------------|------------------| +| invariant | route | {invariantRoute} | +| message | module | crisis | +| message | action | verify_invariant | +| message | sender | {senderAddress} | + +## Parameters + +The crisis module contains the following parameters: + +| Key | Type | Example | +|-------------|---------------|-----------------------------------| +| ConstantFee | object (coin) | {"denom":"uatom","amount":"1000"} | + +## Client + +### CLI + +A user can query and interact with the `crisis` module using the CLI. + +#### Transactions + +The `tx` commands allow users to interact with the `crisis` module. + +```bash +simd tx crisis --help +``` + +##### invariant-broken + +The `invariant-broken` command submits proof when an invariant was broken to halt the chain + +```bash +simd tx crisis invariant-broken [module-name] [invariant-route] [flags] +``` + +Example: + +```bash +simd tx crisis invariant-broken bank total-supply --from=[keyname or address] +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/modules/distribution/README.md b/copy-of-sdk-versioned_docs/version-0.47/build/modules/distribution/README.md new file mode 100644 index 00000000..e46dab3f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/modules/distribution/README.md @@ -0,0 +1,1042 @@ +--- +sidebar_position: 1 +--- + +# `x/distribution` + +## Overview + +This _simple_ distribution mechanism describes a functional way to passively +distribute rewards between validators and delegators. Note that this mechanism does +not distribute funds in as precisely as active reward distribution mechanisms and +will therefore be upgraded in the future. + +The mechanism operates as follows. Collected rewards are pooled globally and +divided out passively to validators and delegators. Each validator has the +opportunity to charge commission to the delegators on the rewards collected on +behalf of the delegators. Fees are collected directly into a global reward pool +and validator proposer-reward pool. Due to the nature of passive accounting, +whenever changes to parameters which affect the rate of reward distribution +occurs, withdrawal of rewards must also occur. + +* Whenever withdrawing, one must withdraw the maximum amount they are entitled + to, leaving nothing in the pool. +* Whenever bonding, unbonding, or re-delegating tokens to an existing account, a + full withdrawal of the rewards must occur (as the rules for lazy accounting + change). +* Whenever a validator chooses to change the commission on rewards, all accumulated + commission rewards must be simultaneously withdrawn. + +The above scenarios are covered in `hooks.md`. + +The distribution mechanism outlined herein is used to lazily distribute the +following rewards between validators and associated delegators: + +* multi-token fees to be socially distributed +* inflated staked asset provisions +* validator commission on all rewards earned by their delegators stake + +Fees are pooled within a global pool. The mechanisms used allow for validators +and delegators to independently and lazily withdraw their rewards. + +## Shortcomings + +As a part of the lazy computations, each delegator holds an accumulation term +specific to each validator which is used to estimate what their approximate +fair portion of tokens held in the global fee pool is owed to them. + +```text +entitlement = delegator-accumulation / all-delegators-accumulation +``` + +Under the circumstance that there was constant and equal flow of incoming +reward tokens every block, this distribution mechanism would be equal to the +active distribution (distribute individually to all delegators each block). +However, this is unrealistic so deviations from the active distribution will +occur based on fluctuations of incoming reward tokens as well as timing of +reward withdrawal by other delegators. + +If you happen to know that incoming rewards are about to significantly increase, +you are incentivized to not withdraw until after this event, increasing the +worth of your existing _accum_. See [#2764](https://github.com/cosmos/cosmos-sdk/issues/2764) +for further details. + +## Effect on Staking + +Charging commission on Atom provisions while also allowing for Atom-provisions +to be auto-bonded (distributed directly to the validators bonded stake) is +problematic within BPoS. Fundamentally, these two mechanisms are mutually +exclusive. If both commission and auto-bonding mechanisms are simultaneously +applied to the staking-token then the distribution of staking-tokens between +any validator and its delegators will change with each block. This then +necessitates a calculation for each delegation records for each block - +which is considered computationally expensive. + +In conclusion, we can only have Atom commission and unbonded atoms +provisions or bonded atom provisions with no Atom commission, and we elect to +implement the former. Stakeholders wishing to rebond their provisions may elect +to set up a script to periodically withdraw and rebond rewards. + +## Contents + +* [Concepts](#concepts) +* [State](#state) + * [FeePool](#feepool) + * [Validator Distribution](#validator-distribution) + * [Delegation Distribution](#delegation-distribution) + * [Params](#params) +* [Begin Block](#begin-block) +* [Messages](#messages) +* [Hooks](#hooks) +* [Events](#events) +* [Parameters](#parameters) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + +## Concepts + +In Proof of Stake (PoS) blockchains, rewards gained from transaction fees are paid to validators. The fee distribution module fairly distributes the rewards to the validators' constituent delegators. + +Rewards are calculated per period. The period is updated each time a validator's delegation changes, for example, when the validator receives a new delegation. +The rewards for a single validator can then be calculated by taking the total rewards for the period before the delegation started, minus the current total rewards. +To learn more, see the [F1 Fee Distribution paper](https://github.com/cosmos/cosmos-sdk/tree/main/docs/spec/fee_distribution/f1_fee_distr.pdf). + +The commission to the validator is paid when the validator is removed or when the validator requests a withdrawal. +The commission is calculated and incremented at every `BeginBlock` operation to update accumulated fee amounts. + +The rewards to a delegator are distributed when the delegation is changed or removed, or a withdrawal is requested. +Before rewards are distributed, all slashes to the validator that occurred during the current delegation are applied. + +### Reference Counting in F1 Fee Distribution + +In F1 fee distribution, the rewards a delegator receives are calculated when their delegation is withdrawn. This calculation must read the terms of the summation of rewards divided by the share of tokens from the period which they ended when they delegated, and the final period that was created for the withdrawal. + +Additionally, as slashes change the amount of tokens a delegation will have (but we calculate this lazily, +only when a delegator un-delegates), we must calculate rewards in separate periods before / after any slashes +which occurred in between when a delegator delegated and when they withdrew their rewards. Thus slashes, like +delegations, reference the period which was ended by the slash event. + +All stored historical rewards records for periods which are no longer referenced by any delegations +or any slashes can thus be safely removed, as they will never be read (future delegations and future +slashes will always reference future periods). This is implemented by tracking a `ReferenceCount` +along with each historical reward storage entry. Each time a new object (delegation or slash) +is created which might need to reference the historical record, the reference count is incremented. +Each time one object which previously needed to reference the historical record is deleted, the reference +count is decremented. If the reference count hits zero, the historical record is deleted. + +## State + +### FeePool + +All globally tracked parameters for distribution are stored within +`FeePool`. Rewards are collected and added to the reward pool and +distributed to validators/delegators from here. + +Note that the reward pool holds decimal coins (`DecCoins`) to allow +for fractions of coins to be received from operations like inflation. +When coins are distributed from the pool they are truncated back to +`sdk.Coins` which are non-decimal. + +* FeePool: `0x00 -> ProtocolBuffer(FeePool)` + +```go +// coins with decimal +type DecCoins []DecCoin + +type DecCoin struct { + Amount math.LegacyDec + Denom string +} +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/distribution/v1beta1/distribution.proto#L116-L123 +``` + +### Validator Distribution + +Validator distribution information for the relevant validator is updated each time: + +1. delegation amount to a validator is updated, +2. any delegator withdraws from a validator, or +3. the validator withdraws its commission. + +* ValidatorDistInfo: `0x02 | ValOperatorAddrLen (1 byte) | ValOperatorAddr -> ProtocolBuffer(validatorDistribution)` + +```go +type ValidatorDistInfo struct { + OperatorAddress sdk.AccAddress + SelfBondRewards sdkmath.DecCoins + ValidatorCommission types.ValidatorAccumulatedCommission +} +``` + +### Delegation Distribution + +Each delegation distribution only needs to record the height at which it last +withdrew fees. Because a delegation must withdraw fees each time it's +properties change (aka bonded tokens etc.) its properties will remain constant +and the delegator's _accumulation_ factor can be calculated passively knowing +only the height of the last withdrawal and its current properties. + +* DelegationDistInfo: `0x02 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValOperatorAddrLen (1 byte) | ValOperatorAddr -> ProtocolBuffer(delegatorDist)` + +```go +type DelegationDistInfo struct { + WithdrawalHeight int64 // last time this delegation withdrew rewards +} +``` + +### Params + +The distribution module stores it's params in state with the prefix of `0x09`, +it can be updated with governance or the address with authority. + +* Params: `0x09 | ProtocolBuffer(Params)` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/distribution/v1beta1/distribution.proto#L12-L42 +``` + +## Begin Block + +At each `BeginBlock`, all fees received in the previous block are transferred to +the distribution `ModuleAccount` account. When a delegator or validator +withdraws their rewards, they are taken out of the `ModuleAccount`. During begin +block, the different claims on the fees collected are updated as follows: + +* The reserve community tax is charged. +* The remainder is distributed proportionally by voting power to all bonded validators + +### The Distribution Scheme + +See [params](#params) for description of parameters. + +Let `fees` be the total fees collected in the previous block, including +inflationary rewards to the stake. All fees are collected in a specific module +account during the block. During `BeginBlock`, they are sent to the +`"distribution"` `ModuleAccount`. No other sending of tokens occurs. Instead, the +rewards each account is entitled to are stored, and withdrawals can be triggered +through the messages `FundCommunityPool`, `WithdrawValidatorCommission` and +`WithdrawDelegatorReward`. + +#### Reward to the Community Pool + +The community pool gets `community_tax * fees`, plus any remaining dust after +validators get their rewards that are always rounded down to the nearest +integer value. + +#### Reward To the Validators + +The proposer receives no extra rewards. All fees are distributed among all the +bonded validators, including the proposer, in proportion to their consensus power. + +```text +powFrac = validator power / total bonded validator power +voteMul = 1 - community_tax +``` + +All validators receive `fees * voteMul * powFrac`. + +#### Rewards to Delegators + +Each validator's rewards are distributed to its delegators. The validator also +has a self-delegation that is treated like a regular delegation in +distribution calculations. + +The validator sets a commission rate. The commission rate is flexible, but each +validator sets a maximum rate and a maximum daily increase. These maximums cannot be exceeded and protect delegators from sudden increases of validator commission rates to prevent validators from taking all of the rewards. + +The outstanding rewards that the operator is entitled to are stored in +`ValidatorAccumulatedCommission`, while the rewards the delegators are entitled +to are stored in `ValidatorCurrentRewards`. The [F1 fee distribution scheme](#concepts) is used to calculate the rewards per delegator as they +withdraw or update their delegation, and is thus not handled in `BeginBlock`. + +#### Example Distribution + +For this example distribution, the underlying consensus engine selects block proposers in +proportion to their power relative to the entire bonded power. + +All validators are equally performant at including pre-commits in their proposed +blocks. Then hold `(pre_commits included) / (total bonded validator power)` +constant so that the amortized block reward for the validator is `( validator power / total bonded power) * (1 - community tax rate)` of +the total rewards. Consequently, the reward for a single delegator is: + +```text +(delegator proportion of the validator power / validator power) * (validator power / total bonded power) + * (1 - community tax rate) * (1 - validator commission rate) += (delegator proportion of the validator power / total bonded power) * (1 - +community tax rate) * (1 - validator commission rate) +``` + +## Messages + +### MsgSetWithdrawAddress + +By default, the withdraw address is the delegator address. To change its withdraw address, a delegator must send a `MsgSetWithdrawAddress` message. +Changing the withdraw address is possible only if the parameter `WithdrawAddrEnabled` is set to `true`. + +The withdraw address cannot be any of the module accounts. These accounts are blocked from being withdraw addresses by being added to the distribution keeper's `blockedAddrs` array at initialization. + +Response: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/distribution/v1beta1/tx.proto#L49-L60 +``` + +```go +func (k Keeper) SetWithdrawAddr(ctx context.Context, delegatorAddr sdk.AccAddress, withdrawAddr sdk.AccAddress) error + if k.blockedAddrs[withdrawAddr.String()] { + fail with "`{withdrawAddr}` is not allowed to receive external funds" + } + + if !k.GetWithdrawAddrEnabled(ctx) { + fail with `ErrSetWithdrawAddrDisabled` + } + + k.SetDelegatorWithdrawAddr(ctx, delegatorAddr, withdrawAddr) +``` + +### MsgWithdrawDelegatorReward + +A delegator can withdraw its rewards. +Internally in the distribution module, this transaction simultaneously removes the previous delegation with associated rewards, the same as if the delegator simply started a new delegation of the same value. +The rewards are sent immediately from the distribution `ModuleAccount` to the withdraw address. +Any remainder (truncated decimals) are sent to the community pool. +The starting height of the delegation is set to the current validator period, and the reference count for the previous period is decremented. +The amount withdrawn is deducted from the `ValidatorOutstandingRewards` variable for the validator. + +In the F1 distribution, the total rewards are calculated per validator period, and a delegator receives a piece of those rewards in proportion to their stake in the validator. +In basic F1, the total rewards that all the delegators are entitled to between to periods is calculated the following way. +Let `R(X)` be the total accumulated rewards up to period `X` divided by the tokens staked at that time. The delegator allocation is `R(X) * delegator_stake`. +Then the rewards for all the delegators for staking between periods `A` and `B` are `(R(B) - R(A)) * total stake`. +However, these calculated rewards don't account for slashing. + +Taking the slashes into account requires iteration. +Let `F(X)` be the fraction a validator is to be slashed for a slashing event that happened at period `X`. +If the validator was slashed at periods `P1, ..., PN`, where `A < P1`, `PN < B`, the distribution module calculates the individual delegator's rewards, `T(A, B)`, as follows: + +```go +stake := initial stake +rewards := 0 +previous := A +for P in P1, ..., PN`: + rewards = (R(P) - previous) * stake + stake = stake * F(P) + previous = P +rewards = rewards + (R(B) - R(PN)) * stake +``` + +The historical rewards are calculated retroactively by playing back all the slashes and then attenuating the delegator's stake at each step. +The final calculated stake is equivalent to the actual staked coins in the delegation with a margin of error due to rounding errors. + +Response: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/distribution/v1beta1/tx.proto#L66-L77 +``` + +### WithdrawValidatorCommission + +The validator can send the WithdrawValidatorCommission message to withdraw their accumulated commission. +The commission is calculated in every block during `BeginBlock`, so no iteration is required to withdraw. +The amount withdrawn is deducted from the `ValidatorOutstandingRewards` variable for the validator. +Only integer amounts can be sent. If the accumulated awards have decimals, the amount is truncated before the withdrawal is sent, and the remainder is left to be withdrawn later. + +### FundCommunityPool + +This message sends coins directly from the sender to the community pool. + +The transaction fails if the amount cannot be transferred from the sender to the distribution module account. + +```go +func (k Keeper) FundCommunityPool(ctx context.Context, amount sdk.Coins, sender sdk.AccAddress) error { + if err := k.bankKeeper.SendCoinsFromAccountToModule(ctx, sender, types.ModuleName, amount); err != nil { + return err + } + + feePool := k.GetFeePool(ctx) + feePool.CommunityPool = feePool.CommunityPool.Add(sdk.NewDecCoinsFromCoins(amount...)...) + k.SetFeePool(ctx, feePool) + + return nil +} +``` + +### Common distribution operations + +These operations take place during many different messages. + +#### Initialize delegation + +Each time a delegation is changed, the rewards are withdrawn and the delegation is reinitialized. +Initializing a delegation increments the validator period and keeps track of the starting period of the delegation. + +```go +// initialize starting info for a new delegation +func (k Keeper) initializeDelegation(ctx context.Context, val sdk.ValAddress, del sdk.AccAddress) { + // period has already been incremented - we want to store the period ended by this delegation action + previousPeriod := k.GetValidatorCurrentRewards(ctx, val).Period - 1 + + // increment reference count for the period we're going to track + k.incrementReferenceCount(ctx, val, previousPeriod) + + validator := k.stakingKeeper.Validator(ctx, val) + delegation := k.stakingKeeper.Delegation(ctx, del, val) + + // calculate delegation stake in tokens + // we don't store directly, so multiply delegation shares * (tokens per share) + // note: necessary to truncate so we don't allow withdrawing more rewards than owed + stake := validator.TokensFromSharesTruncated(delegation.GetShares()) + k.SetDelegatorStartingInfo(ctx, val, del, types.NewDelegatorStartingInfo(previousPeriod, stake, uint64(ctx.BlockHeight()))) +} +``` + +### MsgUpdateParams + +Distribution module params can be updated through `MsgUpdateParams`, which can be done using governance proposal and the signer will always be gov module account address. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/distribution/v1beta1/tx.proto#L133-L147 +``` + +The message handling can fail if: + +* signer is not the gov module account address. + +## Hooks + +Available hooks that can be called by and from this module. + +### Create or modify delegation distribution + +* triggered-by: `staking.MsgDelegate`, `staking.MsgBeginRedelegate`, `staking.MsgUndelegate` + +#### Before + +* The delegation rewards are withdrawn to the withdraw address of the delegator. + The rewards include the current period and exclude the starting period. +* The validator period is incremented. + The validator period is incremented because the validator's power and share distribution might have changed. +* The reference count for the delegator's starting period is decremented. + +#### After + +The starting height of the delegation is set to the previous period. +Because of the `Before`-hook, this period is the last period for which the delegator was rewarded. + +### Validator created + +* triggered-by: `staking.MsgCreateValidator` + +When a validator is created, the following validator variables are initialized: + +* Historical rewards +* Current accumulated rewards +* Accumulated commission +* Total outstanding rewards +* Period + +By default, all values are set to a `0`, except period, which is set to `1`. + +### Validator removed + +* triggered-by: `staking.RemoveValidator` + +Outstanding commission is sent to the validator's self-delegation withdrawal address. +Remaining delegator rewards get sent to the community fee pool. + +Note: The validator gets removed only when it has no remaining delegations. +At that time, all outstanding delegator rewards will have been withdrawn. +Any remaining rewards are dust amounts. + +### Validator is slashed + +* triggered-by: `staking.Slash` +* The current validator period reference count is incremented. + The reference count is incremented because the slash event has created a reference to it. +* The validator period is incremented. +* The slash event is stored for later use. + The slash event will be referenced when calculating delegator rewards. + +## Events + +The distribution module emits the following events: + +### BeginBlocker + +| Type | Attribute Key | Attribute Value | +|-----------------|---------------|--------------------| +| proposer_reward | validator | {validatorAddress} | +| proposer_reward | reward | {proposerReward} | +| commission | amount | {commissionAmount} | +| commission | validator | {validatorAddress} | +| rewards | amount | {rewardAmount} | +| rewards | validator | {validatorAddress} | + +### Handlers + +#### MsgSetWithdrawAddress + +| Type | Attribute Key | Attribute Value | +|----------------------|------------------|----------------------| +| set_withdraw_address | withdraw_address | {withdrawAddress} | +| message | module | distribution | +| message | action | set_withdraw_address | +| message | sender | {senderAddress} | + +#### MsgWithdrawDelegatorReward + +| Type | Attribute Key | Attribute Value | +|---------|---------------|---------------------------| +| withdraw_rewards | amount | {rewardAmount} | +| withdraw_rewards | validator | {validatorAddress} | +| message | module | distribution | +| message | action | withdraw_delegator_reward | +| message | sender | {senderAddress} | + +#### MsgWithdrawValidatorCommission + +| Type | Attribute Key | Attribute Value | +|------------|---------------|-------------------------------| +| withdraw_commission | amount | {commissionAmount} | +| message | module | distribution | +| message | action | withdraw_validator_commission | +| message | sender | {senderAddress} | + +## Parameters + +The distribution module contains the following parameters: + +| Key | Type | Example | +| ------------------- | ------------ | -------------------------- | +| communitytax | string (dec) | "0.020000000000000000" [0] | +| withdrawaddrenabled | bool | true | + +* [0] `communitytax` must be positive and cannot exceed 1.00. +* `baseproposerreward` and `bonusproposerreward` were parameters that are deprecated in v0.47 and are not used. + +:::note +The reserve pool is the pool of collected funds for use by governance taken via the `CommunityTax`. +Currently with the Cosmos SDK, tokens collected by the CommunityTax are accounted for but unspendable. +::: + +## Client + +## CLI + +A user can query and interact with the `distribution` module using the CLI. + +#### Query + +The `query` commands allow users to query `distribution` state. + +```shell +simd query distribution --help +``` + +##### commission + +The `commission` command allows users to query validator commission rewards by address. + +```shell +simd query distribution commission [address] [flags] +``` + +Example: + +```shell +simd query distribution commission cosmosvaloper1... +``` + +Example Output: + +```yml +commission: +- amount: "1000000.000000000000000000" + denom: stake +``` + +##### community-pool + +The `community-pool` command allows users to query all coin balances within the community pool. + +```shell +simd query distribution community-pool [flags] +``` + +Example: + +```shell +simd query distribution community-pool +``` + +Example Output: + +```yml +pool: +- amount: "1000000.000000000000000000" + denom: stake +``` + +##### params + +The `params` command allows users to query the parameters of the `distribution` module. + +```shell +simd query distribution params [flags] +``` + +Example: + +```shell +simd query distribution params +``` + +Example Output: + +```yml +base_proposer_reward: "0.000000000000000000" +bonus_proposer_reward: "0.000000000000000000" +community_tax: "0.020000000000000000" +withdraw_addr_enabled: true +``` + +##### rewards + +The `rewards` command allows users to query delegator rewards. Users can optionally include the validator address to query rewards earned from a specific validator. + +```shell +simd query distribution rewards [delegator-addr] [validator-addr] [flags] +``` + +Example: + +```shell +simd query distribution rewards cosmos1... +``` + +Example Output: + +```yml +rewards: +- reward: + - amount: "1000000.000000000000000000" + denom: stake + validator_address: cosmosvaloper1.. +total: +- amount: "1000000.000000000000000000" + denom: stake +``` + +##### slashes + +The `slashes` command allows users to query all slashes for a given block range. + +```shell +simd query distribution slashes [validator] [start-height] [end-height] [flags] +``` + +Example: + +```shell +simd query distribution slashes cosmosvaloper1... 1 1000 +``` + +Example Output: + +```yml +pagination: + next_key: null + total: "0" +slashes: +- validator_period: 20, + fraction: "0.009999999999999999" +``` + +##### validator-outstanding-rewards + +The `validator-outstanding-rewards` command allows users to query all outstanding (un-withdrawn) rewards for a validator and all their delegations. + +```shell +simd query distribution validator-outstanding-rewards [validator] [flags] +``` + +Example: + +```shell +simd query distribution validator-outstanding-rewards cosmosvaloper1... +``` + +Example Output: + +```yml +rewards: +- amount: "1000000.000000000000000000" + denom: stake +``` + +##### validator-distribution-info + +The `validator-distribution-info` command allows users to query validator commission and self-delegation rewards for validator. + +```shell +simd query distribution validator-distribution-info cosmosvaloper1... +``` + +Example Output: + +```yml +commission: +- amount: "100000.000000000000000000" + denom: stake +operator_address: cosmosvaloper1... +self_bond_rewards: +- amount: "100000.000000000000000000" + denom: stake +``` + +#### Transactions + +The `tx` commands allow users to interact with the `distribution` module. + +```shell +simd tx distribution --help +``` + +##### fund-community-pool + +The `fund-community-pool` command allows users to send funds to the community pool. + +```shell +simd tx distribution fund-community-pool [amount] [flags] +``` + +Example: + +```shell +simd tx distribution fund-community-pool 100stake --from cosmos1... +``` + +##### set-withdraw-addr + +The `set-withdraw-addr` command allows users to set the withdraw address for rewards associated with a delegator address. + +```shell +simd tx distribution set-withdraw-addr [withdraw-addr] [flags] +``` + +Example: + +```shell +simd tx distribution set-withdraw-addr cosmos1... --from cosmos1... +``` + +##### withdraw-all-rewards + +The `withdraw-all-rewards` command allows users to withdraw all rewards for a delegator. + +```shell +simd tx distribution withdraw-all-rewards [flags] +``` + +Example: + +```shell +simd tx distribution withdraw-all-rewards --from cosmos1... +``` + +##### withdraw-rewards + +The `withdraw-rewards` command allows users to withdraw all rewards from a given delegation address, +and optionally withdraw validator commission if the delegation address given is a validator operator and the user proves the `--commission` flag. + +```shell +simd tx distribution withdraw-rewards [validator-addr] [flags] +``` + +Example: + +```shell +simd tx distribution withdraw-rewards cosmosvaloper1... --from cosmos1... --commission +``` + +### gRPC + +A user can query the `distribution` module using gRPC endpoints. + +#### Params + +The `Params` endpoint allows users to query parameters of the `distribution` module. + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/Params +``` + +Example Output: + +```json +{ + "params": { + "communityTax": "20000000000000000", + "baseProposerReward": "00000000000000000", + "bonusProposerReward": "00000000000000000", + "withdrawAddrEnabled": true + } +} +``` + +#### ValidatorDistributionInfo + +The `ValidatorDistributionInfo` queries validator commission and self-delegation rewards for validator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"validator_address":"cosmosvalop1..."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/ValidatorDistributionInfo +``` + +Example Output: + +```json +{ + "commission": { + "commission": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] + }, + "self_bond_rewards": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ], + "validator_address": "cosmosvalop1..." +} +``` + +#### ValidatorOutstandingRewards + +The `ValidatorOutstandingRewards` endpoint allows users to query rewards of a validator address. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"validator_address":"cosmosvalop1.."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/ValidatorOutstandingRewards +``` + +Example Output: + +```json +{ + "rewards": { + "rewards": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] + } +} +``` + +#### ValidatorCommission + +The `ValidatorCommission` endpoint allows users to query accumulated commission for a validator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"validator_address":"cosmosvalop1.."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/ValidatorCommission +``` + +Example Output: + +```json +{ + "commission": { + "commission": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] + } +} +``` + +#### ValidatorSlashes + +The `ValidatorSlashes` endpoint allows users to query slash events of a validator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"validator_address":"cosmosvalop1.."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/ValidatorSlashes +``` + +Example Output: + +```json +{ + "slashes": [ + { + "validator_period": "20", + "fraction": "0.009999999999999999" + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### DelegationRewards + +The `DelegationRewards` endpoint allows users to query the total rewards accrued by a delegation. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"delegator_address":"cosmos1...","validator_address":"cosmosvalop1..."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/DelegationRewards +``` + +Example Output: + +```json +{ + "rewards": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] +} +``` + +#### DelegationTotalRewards + +The `DelegationTotalRewards` endpoint allows users to query the total rewards accrued by each validator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"delegator_address":"cosmos1..."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/DelegationTotalRewards +``` + +Example Output: + +```json +{ + "rewards": [ + { + "validatorAddress": "cosmosvaloper1...", + "reward": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] + } + ], + "total": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] +} +``` + +#### DelegatorValidators + +The `DelegatorValidators` endpoint allows users to query all validators for given delegator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"delegator_address":"cosmos1..."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/DelegatorValidators +``` + +Example Output: + +```json +{ + "validators": ["cosmosvaloper1..."] +} +``` + +#### DelegatorWithdrawAddress + +The `DelegatorWithdrawAddress` endpoint allows users to query the withdraw address of a delegator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"delegator_address":"cosmos1..."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/DelegatorWithdrawAddress +``` + +Example Output: + +```json +{ + "withdrawAddress": "cosmos1..." +} +``` + +#### CommunityPool + +The `CommunityPool` endpoint allows users to query the community pool coins. + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/CommunityPool +``` + +Example Output: + +```json +{ + "pool": [ + { + "denom": "stake", + "amount": "1000000000000000000" + } + ] +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/modules/evidence/README.md b/copy-of-sdk-versioned_docs/version-0.47/build/modules/evidence/README.md new file mode 100644 index 00000000..263481b0 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/modules/evidence/README.md @@ -0,0 +1,440 @@ +--- +sidebar_position: 1 +--- + +# `x/evidence` + +* [Concepts](#concepts) +* [State](#state) +* [Messages](#messages) +* [Events](#events) +* [Parameters](#parameters) +* [BeginBlock](#beginblock) +* [Client](#client) + * [CLI](#cli) + * [REST](#rest) + * [gRPC](#grpc) + +## Abstract + +`x/evidence` is an implementation of a Cosmos SDK module, per [ADR 009](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-009-evidence-module.md), +that allows for the submission and handling of arbitrary evidence of misbehavior such +as equivocation and counterfactual signing. + +The evidence module differs from standard evidence handling which typically expects the +underlying consensus engine, e.g. CometBFT, to automatically submit evidence when +it is discovered by allowing clients and foreign chains to submit more complex evidence +directly. + +All concrete evidence types must implement the `Evidence` interface contract. Submitted +`Evidence` is first routed through the evidence module's `Router` in which it attempts +to find a corresponding registered `Handler` for that specific `Evidence` type. +Each `Evidence` type must have a `Handler` registered with the evidence module's +keeper in order for it to be successfully routed and executed. + +Each corresponding handler must also fulfill the `Handler` interface contract. The +`Handler` for a given `Evidence` type can perform any arbitrary state transitions +such as slashing, jailing, and tombstoning. + +## Concepts + +### Evidence + +Any concrete type of evidence submitted to the `x/evidence` module must fulfill the +`Evidence` contract outlined below. Not all concrete types of evidence will fulfill +this contract in the same way and some data may be entirely irrelevant to certain +types of evidence. An additional `ValidatorEvidence`, which extends `Evidence`, +has also been created to define a contract for evidence against malicious validators. + +```go +// Evidence defines the contract which concrete evidence types of misbehavior +// must implement. +type Evidence interface { + proto.Message + + Route() string + String() string + Hash() []byte + ValidateBasic() error + + // Height at which the infraction occurred + GetHeight() int64 +} + +// ValidatorEvidence extends Evidence interface to define contract +// for evidence against malicious validators +type ValidatorEvidence interface { + Evidence + + // The consensus address of the malicious validator at time of infraction + GetConsensusAddress() sdk.ConsAddress + + // The total power of the malicious validator at time of infraction + GetValidatorPower() int64 + + // The total validator set power at time of infraction + GetTotalPower() int64 +} +``` + +### Registration & Handling + +The `x/evidence` module must first know about all types of evidence it is expected +to handle. This is accomplished by registering the `Route` method in the `Evidence` +contract with what is known as a `Router` (defined below). The `Router` accepts +`Evidence` and attempts to find the corresponding `Handler` for the `Evidence` +via the `Route` method. + +```go +type Router interface { + AddRoute(r string, h Handler) Router + HasRoute(r string) bool + GetRoute(path string) Handler + Seal() + Sealed() bool +} +``` + +The `Handler` (defined below) is responsible for executing the entirety of the +business logic for handling `Evidence`. This typically includes validating the +evidence, both stateless checks via `ValidateBasic` and stateful checks via any +keepers provided to the `Handler`. In addition, the `Handler` may also perform +capabilities such as slashing and jailing a validator. All `Evidence` handled +by the `Handler` should be persisted. + +```go +// Handler defines an agnostic Evidence handler. The handler is responsible +// for executing all corresponding business logic necessary for verifying the +// evidence as valid. In addition, the Handler may execute any necessary +// slashing and potential jailing. +type Handler func(sdk.Context, Evidence) error +``` + + +## State + +Currently the `x/evidence` module only stores valid submitted `Evidence` in state. +The evidence state is also stored and exported in the `x/evidence` module's `GenesisState`. + +```protobuf +// GenesisState defines the evidence module's genesis state. +message GenesisState { + // evidence defines all the evidence at genesis. + repeated google.protobuf.Any evidence = 1; +} + +``` + +All `Evidence` is retrieved and stored via a prefix `KVStore` using prefix `0x00` (`KeyPrefixEvidence`). + + +## Messages + +### MsgSubmitEvidence + +Evidence is submitted through a `MsgSubmitEvidence` message: + +```protobuf +// MsgSubmitEvidence represents a message that supports submitting arbitrary +// Evidence of misbehavior such as equivocation or counterfactual signing. +message MsgSubmitEvidence { + string submitter = 1; + google.protobuf.Any evidence = 2; +} +``` + +Note, the `Evidence` of a `MsgSubmitEvidence` message must have a corresponding +`Handler` registered with the `x/evidence` module's `Router` in order to be processed +and routed correctly. + +Given the `Evidence` is registered with a corresponding `Handler`, it is processed +as follows: + +```go +func SubmitEvidence(ctx Context, evidence Evidence) error { + if _, ok := GetEvidence(ctx, evidence.Hash()); ok { + return errorsmod.Wrap(types.ErrEvidenceExists, strings.ToUpper(hex.EncodeToString(evidence.Hash()))) + } + if !router.HasRoute(evidence.Route()) { + return errorsmod.Wrap(types.ErrNoEvidenceHandlerExists, evidence.Route()) + } + + handler := router.GetRoute(evidence.Route()) + if err := handler(ctx, evidence); err != nil { + return errorsmod.Wrap(types.ErrInvalidEvidence, err.Error()) + } + + ctx.EventManager().EmitEvent( + sdk.NewEvent( + types.EventTypeSubmitEvidence, + sdk.NewAttribute(types.AttributeKeyEvidenceHash, strings.ToUpper(hex.EncodeToString(evidence.Hash()))), + ), + ) + + SetEvidence(ctx, evidence) + return nil +} +``` + +First, there must not already exist valid submitted `Evidence` of the exact same +type. Secondly, the `Evidence` is routed to the `Handler` and executed. Finally, +if there is no error in handling the `Evidence`, an event is emitted and it is persisted to state. + + +## Events + +The `x/evidence` module emits the following events: + +### Handlers + +#### MsgSubmitEvidence + +| Type | Attribute Key | Attribute Value | +| --------------- | ------------- | --------------- | +| submit_evidence | evidence_hash | {evidenceHash} | +| message | module | evidence | +| message | sender | {senderAddress} | +| message | action | submit_evidence | + + +## Parameters + +The evidence module does not contain any parameters. + + +## BeginBlock + +### Evidence Handling + +CometBFT blocks can include +[Evidence](https://github.com/cometbft/cometbft/blob/main/spec/abci/abci%2B%2B_basic_concepts.md#evidence) that indicates if a validator committed malicious behavior. The relevant information is forwarded to the application as ABCI Evidence in `abci.RequestBeginBlock` so that the validator can be punished accordingly. + +#### Equivocation + +The Cosmos SDK handles two types of evidence inside the ABCI `BeginBlock`: + +* `DuplicateVoteEvidence`, +* `LightClientAttackEvidence`. + +The evidence module handles these two evidence types the same way. First, the Cosmos SDK converts the CometBFT concrete evidence type to an SDK `Evidence` interface using `Equivocation` as the concrete type. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/evidence/v1beta1/evidence.proto#L12-L32 +``` + +For some `Equivocation` submitted in `block` to be valid, it must satisfy: + +`Evidence.Timestamp >= block.Timestamp - MaxEvidenceAge` + +Where: + +* `Evidence.Timestamp` is the timestamp in the block at height `Evidence.Height` +* `block.Timestamp` is the current block timestamp. + +If valid `Equivocation` evidence is included in a block, the validator's stake is +reduced (slashed) by `SlashFractionDoubleSign` as defined by the `x/slashing` module +of what their stake was when the infraction occurred, rather than when the evidence was discovered. +We want to "follow the stake", i.e., the stake that contributed to the infraction +should be slashed, even if it has since been redelegated or started unbonding. + +In addition, the validator is permanently jailed and tombstoned to make it impossible for that +validator to ever re-enter the validator set. + +The `Equivocation` evidence is handled as follows: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/evidence/keeper/infraction.go#L26-L140 +``` + +**Note:** The slashing, jailing, and tombstoning calls are delegated through the `x/slashing` module +that emits informative events and finally delegates calls to the `x/staking` module. See documentation +on slashing and jailing in [State Transitions](../staking/README.md#state-transitions). + +## Client + +### CLI + +A user can query and interact with the `evidence` module using the CLI. + +#### Query + +The `query` commands allows users to query `evidence` state. + +```bash +simd query evidence --help +``` + +#### evidence + +The `evidence` command allows users to list all evidence or evidence by hash. + +Usage: + +```bash +simd query evidence [flags] +``` + +To query evidence by hash + +Example: + +```bash +simd query evidence "DF0C23E8634E480F84B9D5674A7CDC9816466DEC28A3358F73260F68D28D7660" +``` + +Example Output: + +```bash +evidence: + consensus_address: cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h + height: 11 + power: 100 + time: "2021-10-20T16:08:38.194017624Z" +``` + +To get all evidence + +Example: + +```bash +simd query evidence +``` + +Example Output: + +```bash +evidence: + consensus_address: cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h + height: 11 + power: 100 + time: "2021-10-20T16:08:38.194017624Z" +pagination: + next_key: null + total: "1" +``` + +### REST + +A user can query the `evidence` module using REST endpoints. + +#### Evidence + +Get evidence by hash + +```bash +/cosmos/evidence/v1beta1/evidence/{hash} +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/evidence/v1beta1/evidence/DF0C23E8634E480F84B9D5674A7CDC9816466DEC28A3358F73260F68D28D7660" +``` + +Example Output: + +```bash +{ + "evidence": { + "consensus_address": "cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h", + "height": "11", + "power": "100", + "time": "2021-10-20T16:08:38.194017624Z" + } +} +``` + +#### All evidence + +Get all evidence + +```bash +/cosmos/evidence/v1beta1/evidence +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/evidence/v1beta1/evidence" +``` + +Example Output: + +```bash +{ + "evidence": [ + { + "consensus_address": "cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h", + "height": "11", + "power": "100", + "time": "2021-10-20T16:08:38.194017624Z" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### gRPC + +A user can query the `evidence` module using gRPC endpoints. + +#### Evidence + +Get evidence by hash + +```bash +cosmos.evidence.v1beta1.Query/Evidence +``` + +Example: + +```bash +grpcurl -plaintext -d '{"evidence_hash":"DF0C23E8634E480F84B9D5674A7CDC9816466DEC28A3358F73260F68D28D7660"}' localhost:9090 cosmos.evidence.v1beta1.Query/Evidence +``` + +Example Output: + +```bash +{ + "evidence": { + "consensus_address": "cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h", + "height": "11", + "power": "100", + "time": "2021-10-20T16:08:38.194017624Z" + } +} +``` + +#### All evidence + +Get all evidence + +```bash +cosmos.evidence.v1beta1.Query/AllEvidence +``` + +Example: + +```bash +grpcurl -plaintext localhost:9090 cosmos.evidence.v1beta1.Query/AllEvidence +``` + +Example Output: + +```bash +{ + "evidence": [ + { + "consensus_address": "cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h", + "height": "11", + "power": "100", + "time": "2021-10-20T16:08:38.194017624Z" + } + ], + "pagination": { + "total": "1" + } +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/modules/feegrant/README.md b/copy-of-sdk-versioned_docs/version-0.47/build/modules/feegrant/README.md new file mode 100644 index 00000000..9fcd1e47 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/modules/feegrant/README.md @@ -0,0 +1,388 @@ +--- +sidebar_position: 1 +--- + +# `x/feegrant` + +## Abstract + +This document specifies the fee grant module. For the full ADR, please see [Fee Grant ADR-029](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-029-fee-grant-module.md). + +This module allows accounts to grant fee allowances and to use fees from their accounts. Grantees can execute any transaction without the need to maintain sufficient fees. + +## Contents + +* [Concepts](#concepts) +* [State](#state) + * [FeeAllowance](#feeallowance) + * [FeeAllowanceQueue](#feeallowancequeue) +* [Messages](#messages) + * [Msg/GrantAllowance](#msggrantallowance) + * [Msg/RevokeAllowance](#msgrevokeallowance) +* [Events](#events) +* [Msg Server](#msg-server) + * [MsgGrantAllowance](#msggrantallowance-1) + * [MsgRevokeAllowance](#msgrevokeallowance-1) + * [Exec fee allowance](#exec-fee-allowance) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + +## Concepts + +### Grant + +`Grant` is stored in the KVStore to record a grant with full context. Every grant will contain `granter`, `grantee` and what kind of `allowance` is granted. `granter` is an account address who is giving permission to `grantee` (the beneficiary account address) to pay for some or all of `grantee`'s transaction fees. `allowance` defines what kind of fee allowance (`BasicAllowance` or `PeriodicAllowance`, see below) is granted to `grantee`. `allowance` accepts an interface which implements `FeeAllowanceI`, encoded as `Any` type. There can be only one existing fee grant allowed for a `grantee` and `granter`, self grants are not allowed. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/feegrant.proto#L83-L93 +``` + +`FeeAllowanceI` looks like: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/feegrant/fees.go#L9-L32 +``` + +### Fee Allowance types + +There are two types of fee allowances present at the moment: + +* `BasicAllowance` +* `PeriodicAllowance` +* `AllowedMsgAllowance` + +### BasicAllowance + +`BasicAllowance` is permission for `grantee` to use fee from a `granter`'s account. If any of the `spend_limit` or `expiration` reaches its limit, the grant will be removed from the state. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/feegrant.proto#L15-L28 +``` + +* `spend_limit` is the limit of coins that are allowed to be used from the `granter` account. If it is empty, it assumes there's no spend limit, `grantee` can use any number of available coins from `granter` account address before the expiration. + +* `expiration` specifies an optional time when this allowance expires. If the value is left empty, there is no expiry for the grant. + +* When a grant is created with empty values for `spend_limit` and `expiration`, it is still a valid grant. It won't restrict the `grantee` to use any number of coins from `granter` and it won't have any expiration. The only way to restrict the `grantee` is by revoking the grant. + +### PeriodicAllowance + +`PeriodicAllowance` is a repeating fee allowance for the mentioned period, we can mention when the grant can expire as well as when a period can reset. We can also define the maximum number of coins that can be used in a mentioned period of time. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/feegrant.proto#L34-L68 +``` + +* `basic` is the instance of `BasicAllowance` which is optional for periodic fee allowance. If empty, the grant will have no `expiration` and no `spend_limit`. + +* `period` is the specific period of time, after each period passes, `period_can_spend` will be reset. + +* `period_spend_limit` specifies the maximum number of coins that can be spent in the period. + +* `period_can_spend` is the number of coins left to be spent before the period_reset time. + +* `period_reset` keeps track of when a next period reset should happen. + +### AllowedMsgAllowance + +`AllowedMsgAllowance` is a fee allowance, it can be any of `BasicFeeAllowance`, `PeriodicAllowance` but restricted only to the allowed messages mentioned by the granter. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/feegrant.proto#L70-L81 +``` + +* `allowance` is either `BasicAllowance` or `PeriodicAllowance`. + +* `allowed_messages` is array of messages allowed to execute the given allowance. + +### FeeGranter flag + +`feegrant` module introduces a `FeeGranter` flag for CLI for the sake of executing transactions with fee granter. When this flag is set, `clientCtx` will append the granter account address for transactions generated through CLI. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/client/cmd.go#L249-L260 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/client/tx/tx.go#L109-L109 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/tx/builder.go#L275-L284 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/tx/v1beta1/tx.proto#L203-L224 +``` + +Example cmd: + +```go +./simd tx gov submit-proposal --title="Test Proposal" --description="My awesome proposal" --type="Text" --from validator-key --fee-granter=cosmos1xh44hxt7spr67hqaa7nyx5gnutrz5fraw6grxn --chain-id=testnet --fees="10stake" +``` + +### Granted Fee Deductions + +Fees are deducted from grants in the `x/auth` ante handler. To learn more about how ante handlers work, read the [Auth Module AnteHandlers Guide](../auth/README.md#antehandlers). + +### Gas + +In order to prevent DoS attacks, using a filtered `x/feegrant` incurs gas. The SDK must assure that the `grantee`'s transactions all conform to the filter set by the `granter`. The SDK does this by iterating over the allowed messages in the filter and charging 10 gas per filtered message. The SDK will then iterate over the messages being sent by the `grantee` to ensure the messages adhere to the filter, also charging 10 gas per message. The SDK will stop iterating and fail the transaction if it finds a message that does not conform to the filter. + +**WARNING**: The gas is charged against the granted allowance. Ensure your messages conform to the filter, if any, before sending transactions using your allowance. + +### Pruning + +A queue in the state maintained with the prefix of expiration of the grants and checks them on EndBlock with the current block time for every block to prune. + +## State + +### FeeAllowance + +Fee Allowances are identified by combining `Grantee` (the account address of fee allowance grantee) with the `Granter` (the account address of fee allowance granter). + +Fee allowance grants are stored in the state as follows: + +* Grant: `0x00 | grantee_addr_len (1 byte) | grantee_addr_bytes | granter_addr_len (1 byte) | granter_addr_bytes -> ProtocolBuffer(Grant)` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/feegrant/feegrant.pb.go#L222-L230 +``` + +### FeeAllowanceQueue + +Fee Allowances queue items are identified by combining the `FeeAllowancePrefixQueue` (i.e., 0x01), `expiration`, `grantee` (the account address of fee allowance grantee), `granter` (the account address of fee allowance granter). Endblocker checks `FeeAllowanceQueue` state for the expired grants and prunes them from `FeeAllowance` if there are any found. + +Fee allowance queue keys are stored in the state as follows: + +* Grant: `0x01 | expiration_bytes | grantee_addr_len (1 byte) | grantee_addr_bytes | granter_addr_len (1 byte) | granter_addr_bytes -> EmptyBytes` + +## Messages + +### Msg/GrantAllowance + +A fee allowance grant will be created with the `MsgGrantAllowance` message. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/tx.proto#L25-L39 +``` + +### Msg/RevokeAllowance + +An allowed grant fee allowance can be removed with the `MsgRevokeAllowance` message. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/tx.proto#L41-L54 +``` + +## Events + +The feegrant module emits the following events: + +## Msg Server + +### MsgGrantAllowance + +| Type | Attribute Key | Attribute Value | +| ------- | ------------- | ---------------- | +| message | action | set_feegrant | +| message | granter | {granterAddress} | +| message | grantee | {granteeAddress} | + +### MsgRevokeAllowance + +| Type | Attribute Key | Attribute Value | +| ------- | ------------- | ---------------- | +| message | action | revoke_feegrant | +| message | granter | {granterAddress} | +| message | grantee | {granteeAddress} | + +### Exec fee allowance + +| Type | Attribute Key | Attribute Value | +| ------- | ------------- | ---------------- | +| message | action | use_feegrant | +| message | granter | {granterAddress} | +| message | grantee | {granteeAddress} | + +## Client + +### CLI + +A user can query and interact with the `feegrant` module using the CLI. + +#### Query + +The `query` commands allow users to query `feegrant` state. + +```shell +simd query feegrant --help +``` + +##### grant + +The `grant` command allows users to query a grant for a given granter-grantee pair. + +```shell +simd query feegrant grant [granter] [grantee] [flags] +``` + +Example: + +```shell +simd query feegrant grant cosmos1.. cosmos1.. +``` + +Example Output: + +```yml +allowance: + '@type': /cosmos.feegrant.v1beta1.BasicAllowance + expiration: null + spend_limit: + - amount: "100" + denom: stake +grantee: cosmos1.. +granter: cosmos1.. +``` + +##### grants + +The `grants` command allows users to query all grants for a given grantee. + +```shell +simd query feegrant grants [grantee] [flags] +``` + +Example: + +```shell +simd query feegrant grants cosmos1.. +``` + +Example Output: + +```yml +allowances: +- allowance: + '@type': /cosmos.feegrant.v1beta1.BasicAllowance + expiration: null + spend_limit: + - amount: "100" + denom: stake + grantee: cosmos1.. + granter: cosmos1.. +pagination: + next_key: null + total: "0" +``` + +#### Transactions + +The `tx` commands allow users to interact with the `feegrant` module. + +```shell +simd tx feegrant --help +``` + +##### grant + +The `grant` command allows users to grant fee allowances to another account. The fee allowance can have an expiration date, a total spend limit, and/or a periodic spend limit. + +```shell +simd tx feegrant grant [granter] [grantee] [flags] +``` + +Example (one-time spend limit): + +```shell +simd tx feegrant grant cosmos1.. cosmos1.. --spend-limit 100stake +``` + +Example (periodic spend limit): + +```shell +simd tx feegrant grant cosmos1.. cosmos1.. --period 3600 --period-limit 10stake +``` + +##### revoke + +The `revoke` command allows users to revoke a granted fee allowance. + +```shell +simd tx feegrant revoke [granter] [grantee] [flags] +``` + +Example: + +```shell +simd tx feegrant revoke cosmos1.. cosmos1.. +``` + +### gRPC + +A user can query the `feegrant` module using gRPC endpoints. + +#### Allowance + +The `Allowance` endpoint allows users to query a granted fee allowance. + +```shell +cosmos.feegrant.v1beta1.Query/Allowance +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"grantee":"cosmos1..","granter":"cosmos1.."}' \ + localhost:9090 \ + cosmos.feegrant.v1beta1.Query/Allowance +``` + +Example Output: + +```json +{ + "allowance": { + "granter": "cosmos1..", + "grantee": "cosmos1..", + "allowance": {"@type":"/cosmos.feegrant.v1beta1.BasicAllowance","spendLimit":[{"denom":"stake","amount":"100"}]} + } +} +``` + +#### Allowances + +The `Allowances` endpoint allows users to query all granted fee allowances for a given grantee. + +```shell +cosmos.feegrant.v1beta1.Query/Allowances +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"address":"cosmos1.."}' \ + localhost:9090 \ + cosmos.feegrant.v1beta1.Query/Allowances +``` + +Example Output: + +```json +{ + "allowances": [ + { + "granter": "cosmos1..", + "grantee": "cosmos1..", + "allowance": {"@type":"/cosmos.feegrant.v1beta1.BasicAllowance","spendLimit":[{"denom":"stake","amount":"100"}]} + } + ], + "pagination": { + "total": "1" + } +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/modules/genutil/README.md b/copy-of-sdk-versioned_docs/version-0.47/build/modules/genutil/README.md new file mode 100644 index 00000000..c534b8b0 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/modules/genutil/README.md @@ -0,0 +1,69 @@ +# `x/genutil` + +## Concepts + +The `genutil` package contains a variaety of genesis utility functionalities for usage within a blockchain application. Namely: + +* Genesis transactions related (gentx) +* Commands for collection and creation of gentxs +* `InitChain` processing of gentxs +* Genesis file validation +* Genesis file migration +* CometBFT related initialization + * Translation of an app genesis to a CometBFT genesis + +## Client + +### CLI + +The genutil commands are available under the `genesis` subcommand. + +#### add-genesis-account + +Add a genesis account to `genesis.json`. Learn more [here](https://docs.cosmos.network/main/run-node/run-node#adding-genesis-accounts). + +#### collect-gentxs + +Collect genesis txs and output a `genesis.json` file. + +```shell +simd genesis collect-gentxs +``` + +This will create a new `genesis.json` file that includes data from all the validators (we sometimes call it the "super genesis file" to distinguish it from single-validator genesis files). + +#### gentx + +Generate a genesis tx carrying a self delegation. + +```shell +simd genesis gentx [key_name] [amount] --chain-id [chain-id] +``` + +This will create the genesis transaction for your new chain. Here `amount` should be at least `1000000000stake`. +If you provide too much or too little, you will encounter an error when starting a node. + +#### migrate + +Migrate genesis to a specified target (SDK) version. + +```shell +simd genesis migrate [target-version] +``` + +:::tip +The `migrate` command is extensible and takes a `MigrationMap`. This map is a mapping of target versions to genesis migrations functions. +When not using the default `MigrationMap`, it is recommended to still call the default `MigrationMap` corresponding the SDK version of the chain and prepend/append your own genesis migrations. +::: + +#### validate-genesis + +Validates the genesis file at the default location or at the location passed as an argument. + +```shell +simd genesis validate-genesis +``` + +:::warning +Validate genesis only validates if the genesis is valid at the **current application binary**. For validating a genesis from a previous version of the application, use the `migrate` command to migrate the genesis to the current version. +::: diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/modules/gov/README.md b/copy-of-sdk-versioned_docs/version-0.47/build/modules/gov/README.md new file mode 100644 index 00000000..8dac16a3 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/modules/gov/README.md @@ -0,0 +1,2658 @@ +--- +sidebar_position: 1 +--- + +# `x/gov` + +## Abstract + +This paper specifies the Governance module of the Cosmos SDK, which was first +described in the [Cosmos Whitepaper](https://cosmos.network/about/whitepaper) in +June 2016. + +The module enables Cosmos SDK based blockchain to support an on-chain governance +system. In this system, holders of the native staking token of the chain can vote +on proposals on a 1 token 1 vote basis. Next is a list of features the module +currently supports: + +* **Proposal submission:** Users can submit proposals with a deposit. Once the +minimum deposit is reached, the proposal enters voting period. +* **Vote:** Participants can vote on proposals that reached MinDeposit +* **Inheritance and penalties:** Delegators inherit their validator's vote if +they don't vote themselves. +* **Claiming deposit:** Users that deposited on proposals can recover their +deposits if the proposal was accepted or rejected. If the proposal was vetoed, or never entered voting period, the deposit is burned. + +This module will be used in the Cosmos Hub, the first Hub in the Cosmos network. +Features that may be added in the future are described in [Future Improvements](#future-improvements). + +## Contents + +The following specification uses *ATOM* as the native staking token. The module +can be adapted to any Proof-Of-Stake blockchain by replacing *ATOM* with the native +staking token of the chain. + +* [Concepts](#concepts) + * [Proposal submission](#proposal-submission) + * [Deposit](#deposit) + * [Vote](#vote) +* [State](#state) + * [Proposals](#proposals) + * [Parameters and base types](#parameters-and-base-types) + * [Deposit](#deposit-1) + * [ValidatorGovInfo](#validatorgovinfo) + * [Stores](#stores) + * [Proposal Processing Queue](#proposal-processing-queue) + * [Legacy Proposal](#legacy-proposal) +* [Messages](#messages) + * [Proposal Submission](#proposal-submission-1) + * [Deposit](#deposit-2) + * [Vote](#vote-1) +* [Events](#events) + * [EndBlocker](#endblocker) + * [Handlers](#handlers) +* [Parameters](#parameters) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) +* [Metadata](#metadata) + * [Proposal](#proposal-3) + * [Vote](#vote-5) +* [Future Improvements](#future-improvements) + +## Concepts + +*Disclaimer: This is work in progress. Mechanisms are susceptible to change.* + +The governance process is divided in a few steps that are outlined below: + +* **Proposal submission:** Proposal is submitted to the blockchain with a + deposit. +* **Vote:** Once deposit reaches a certain value (`MinDeposit`), proposal is + confirmed and vote opens. Bonded Atom holders can then send `TxGovVote` + transactions to vote on the proposal. +* **Execution** After a period of time, the votes are tallied and depending + on the result, the messages in the proposal will be executed. + +### Proposal submission + +#### Right to submit a proposal + +Every account can submit proposals by sending a `MsgSubmitProposal` transaction. +Once a proposal is submitted, it is identified by its unique `proposalID`. + +#### Proposal Messages + +A proposal includes an array of `sdk.Msg`s which are executed automatically if the +proposal passes. The messages are executed by the governance `ModuleAccount` itself. Modules +such as `x/upgrade`, that want to allow certain messages to be executed by governance +only should add a whitelist within the respective msg server, granting the governance +module the right to execute the message once a quorum has been reached. The governance +module uses the `MsgServiceRouter` to check that these messages are correctly constructed +and have a respective path to execute on but do not perform a full validity check. + +### Deposit + +To prevent spam, proposals must be submitted with a deposit in the coins defined by +the `MinDeposit` param. + +When a proposal is submitted, it has to be accompanied with a deposit that must be +strictly positive, but can be inferior to `MinDeposit`. The submitter doesn't need +to pay for the entire deposit on their own. The newly created proposal is stored in +an *inactive proposal queue* and stays there until its deposit passes the `MinDeposit`. +Other token holders can increase the proposal's deposit by sending a `Deposit` +transaction. If a proposal doesn't pass the `MinDeposit` before the deposit end time +(the time when deposits are no longer accepted), the proposal will be destroyed: the +proposal will be removed from state and the deposit will be burned (see x/gov `EndBlocker`). +When a proposal deposit passes the `MinDeposit` threshold (even during the proposal +submission) before the deposit end time, the proposal will be moved into the +*active proposal queue* and the voting period will begin. + +The deposit is kept in escrow and held by the governance `ModuleAccount` until the +proposal is finalized (passed or rejected). + +#### Deposit refund and burn + +When a proposal is finalized, the coins from the deposit are either refunded or burned +according to the final tally of the proposal: + +* If the proposal is approved or rejected but *not* vetoed, each deposit will be + automatically refunded to its respective depositor (transferred from the governance + `ModuleAccount`). +* When the proposal is vetoed with greater than 1/3, deposits will be burned from the + governance `ModuleAccount` and the proposal information along with its deposit + information will be removed from state. +* All refunded or burned deposits are removed from the state. Events are issued when + burning or refunding a deposit. + +### Vote + +#### Participants + +*Participants* are users that have the right to vote on proposals. On the +Cosmos Hub, participants are bonded Atom holders. Unbonded Atom holders and +other users do not get the right to participate in governance. However, they +can submit and deposit on proposals. + +Note that when *participants* have bonded and unbonded Atoms, their voting power is calculated from their bonded Atom holdings only. + +#### Voting period + +Once a proposal reaches `MinDeposit`, it immediately enters `Voting period`. We +define `Voting period` as the interval between the moment the vote opens and +the moment the vote closes. `Voting period` should always be shorter than +`Unbonding period` to prevent double voting. The initial value of +`Voting period` is 2 weeks. + +#### Option set + +The option set of a proposal refers to the set of choices a participant can +choose from when casting its vote. + +The initial option set includes the following options: + +* `Yes` +* `No` +* `NoWithVeto` +* `Abstain` + +`NoWithVeto` counts as `No` but also adds a `Veto` vote. `Abstain` option +allows voters to signal that they do not intend to vote in favor or against the +proposal but accept the result of the vote. + +*Note: from the UI, for urgent proposals we should maybe add a ‘Not Urgent’ option that casts a `NoWithVeto` vote.* + +#### Weighted Votes + +[ADR-037](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-037-gov-split-vote.md) introduces the weighted vote feature which allows a staker to split their votes into several voting options. For example, it could use 70% of its voting power to vote Yes and 30% of its voting power to vote No. + +Often times the entity owning that address might not be a single individual. For example, a company might have different stakeholders who want to vote differently, and so it makes sense to allow them to split their voting power. Currently, it is not possible for them to do "passthrough voting" and giving their users voting rights over their tokens. However, with this system, exchanges can poll their users for voting preferences, and then vote on-chain proportionally to the results of the poll. + +To represent weighted vote on chain, we use the following Protobuf message. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1beta1/gov.proto#L34-L47 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1beta1/gov.proto#L181-L201 +``` + +For a weighted vote to be valid, the `options` field must not contain duplicate vote options, and the sum of weights of all options must be equal to 1. + +### Quorum + +Quorum is defined as the minimum percentage of voting power that needs to be +cast on a proposal for the result to be valid. + +### Expedited Proposals + +A proposal can be expedited, making the proposal use shorter voting duration and a higher tally threshold by its default. If an expedited proposal fails to meet the threshold within the scope of shorter voting duration, the expedited proposal is then converted to a regular proposal and restarts voting under regular voting conditions. + +#### Threshold + +Threshold is defined as the minimum proportion of `Yes` votes (excluding +`Abstain` votes) for the proposal to be accepted. + +Initially, the threshold is set at 50% of `Yes` votes, excluding `Abstain` +votes. A possibility to veto exists if more than 1/3rd of all votes are +`NoWithVeto` votes. Note, both of these values are derived from the `TallyParams` +on-chain parameter, which is modifiable by governance. +This means that proposals are accepted iff: + +* There exist bonded tokens. +* Quorum has been achieved. +* The proportion of `Abstain` votes is inferior to 1/1. +* The proportion of `NoWithVeto` votes is inferior to 1/3, including + `Abstain` votes. +* The proportion of `Yes` votes, excluding `Abstain` votes, at the end of + the voting period is superior to 1/2. + +For expedited proposals, by default, the threshold is higher than with a *normal proposal*, namely, 66.7%. + +#### Inheritance + +If a delegator does not vote, it will inherit its validator vote. + +* If the delegator votes before its validator, it will not inherit from the + validator's vote. +* If the delegator votes after its validator, it will override its validator + vote with its own. If the proposal is urgent, it is possible + that the vote will close before delegators have a chance to react and + override their validator's vote. This is not a problem, as proposals require more than 2/3rd of the total voting power to pass, when tallied at the end of the voting period. Because as little as 1/3 + 1 validation power could collude to censor transactions, non-collusion is already assumed for ranges exceeding this threshold. + +#### Validator’s punishment for non-voting + +At present, validators are not punished for failing to vote. + +#### Governance address + +Later, we may add permissioned keys that could only sign txs from certain modules. For the MVP, the `Governance address` will be the main validator address generated at account creation. This address corresponds to a different PrivKey than the CometBFT PrivKey which is responsible for signing consensus messages. Validators thus do not have to sign governance transactions with the sensitive CometBFT PrivKey. + +#### Burnable Params + +There are three parameters that define if the deposit of a proposal should be burned or returned to the depositors. + +* `BurnVoteVeto` burns the proposal deposit if the proposal gets vetoed. +* `BurnVoteQuorum` burns the proposal deposit if the proposal deposit if the vote does not reach quorum. +* `BurnProposalDepositPrevote` burns the proposal deposit if it does not enter the voting phase. + +> Note: These parameters are modifiable via governance. + +## State + +### Constitution + +`Constitution` is found in the genesis state. It is a string field intended to be used to descibe the purpose of a particular blockchain, and its expected norms. A few examples of how the constitution field can be used: + +* define the purpose of the chain, laying a foundation for its future development +* set expectations for delegators +* set expectations for validators +* define the chain's relationship to "meatspace" entities, like a foundation or corporation + +Since this is more of a social feature than a technical feature, we'll now get into some items that may have been useful to have in a genesis constitution: + +* What limitations on governance exist, if any? + * is it okay for the community to slash the wallet of a whale that they no longer feel that they want around? (viz: Juno Proposal 4 and 16) + * can governance "socially slash" a validator who is using unapproved MEV? (viz: commonwealth.im/osmosis) + * In the event of an economic emergency, what should validators do? + * Terra crash of May, 2022, saw validators choose to run a new binary with code that had not been approved by governance, because the governance token had been inflated to nothing. +* What is the purpose of the chain, specifically? + * best example of this is the Cosmos hub, where different founding groups, have different interpertations of the purpose of the network. + +This genesis entry, "constitution" hasn't been designed for existing chains, who should likely just ratify a constitution using their governance system. Instead, this is for new chains. It will allow for validators to have a much clearer idea of purpose and the expecations placed on them while operating thier nodes. Likewise, for community members, the constitution will give them some idea of what to expect from both the "chain team" and the validators, respectively. + +This constitution is designed to be immutable, and placed only in genesis, though that could change over time by a pull request to the cosmos-sdk that allows for the constitution to be changed by governance. Communities whishing to make amendments to their original constitution should use the governance mechanism and a "signaling proposal" to do exactly that. + +**Ideal use scenario for a cosmos chain constitution** + +As a chain developer, you decide that you'd like to provide clarity to your key user groups: + +* validators +* token holders +* developers (yourself) + +You use the constitution to immutably store some Markdown in genesis, so that when difficult questions come up, the constutituon can provide guidance to the community. + +### Proposals + +`Proposal` objects are used to tally votes and generally track the proposal's state. +They contain an array of arbitrary `sdk.Msg`'s which the governance module will attempt +to resolve and then execute if the proposal passes. `Proposal`'s are identified by a +unique id and contains a series of timestamps: `submit_time`, `deposit_end_time`, +`voting_start_time`, `voting_end_time` which track the lifecycle of a proposal + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/gov.proto#L51-L99 +``` + +A proposal will generally require more than just a set of messages to explain its +purpose but need some greater justification and allow a means for interested participants +to discuss and debate the proposal. +In most cases, **it is encouraged to have an off-chain system that supports the on-chain governance process**. +To accommodate for this, a proposal contains a special **`metadata`** field, a string, +which can be used to add context to the proposal. The `metadata` field allows custom use for networks, +however, it is expected that the field contains a URL or some form of CID using a system such as +[IPFS](https://docs.ipfs.io/concepts/content-addressing/). To support the case of +interoperability across networks, the SDK recommends that the `metadata` represents +the following `JSON` template: + +```json +{ + "title": "...", + "description": "...", + "forum": "...", // a link to the discussion platform (i.e. Discord) + "other": "..." // any extra data that doesn't correspond to the other fields +} +``` + +This makes it far easier for clients to support multiple networks. + +The metadata has a maximum length that is chosen by the app developer, and +passed into the gov keeper as a config. The default maximum length in the SDK is 255 characters. + +#### Writing a module that uses governance + +There are many aspects of a chain, or of the individual modules that you may want to +use governance to perform such as changing various parameters. This is very simple +to do. First, write out your message types and `MsgServer` implementation. Add an +`authority` field to the keeper which will be populated in the constructor with the +governance module account: `govKeeper.GetGovernanceAccount().GetAddress()`. Then for +the methods in the `msg_server.go`, perform a check on the message that the signer +matches `authority`. This will prevent any user from executing that message. + +### Parameters and base types + +`Parameters` define the rules according to which votes are run. There can only +be one active parameter set at any given time. If governance wants to change a +parameter set, either to modify a value or add/remove a parameter field, a new +parameter set has to be created and the previous one rendered inactive. + +#### DepositParams + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/gov.proto#L152-L162 +``` + +#### VotingParams + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/gov.proto#L164-L168 +``` + +#### TallyParams + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/gov.proto#L170-L182 +``` + +Parameters are stored in a global `GlobalParams` KVStore. + +Additionally, we introduce some basic types: + +```go +type Vote byte + +const ( + VoteYes = 0x1 + VoteNo = 0x2 + VoteNoWithVeto = 0x3 + VoteAbstain = 0x4 +) + +type ProposalType string + +const ( + ProposalTypePlainText = "Text" + ProposalTypeSoftwareUpgrade = "SoftwareUpgrade" +) + +type ProposalStatus byte + + +const ( + StatusNil ProposalStatus = 0x00 + StatusDepositPeriod ProposalStatus = 0x01 // Proposal is submitted. Participants can deposit on it but not vote + StatusVotingPeriod ProposalStatus = 0x02 // MinDeposit is reached, participants can vote + StatusPassed ProposalStatus = 0x03 // Proposal passed and successfully executed + StatusRejected ProposalStatus = 0x04 // Proposal has been rejected + StatusFailed ProposalStatus = 0x05 // Proposal passed but failed execution +) +``` + +### Deposit + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/gov.proto#L38-L49 +``` + +### ValidatorGovInfo + +This type is used in a temp map when tallying + +```go + type ValidatorGovInfo struct { + Minus sdk.Dec + Vote Vote + } +``` + +## Stores + +:::note +Stores are KVStores in the multi-store. The key to find the store is the first parameter in the list +::: + +We will use one KVStore `Governance` to store four mappings: + +* A mapping from `proposalID|'proposal'` to `Proposal`. +* A mapping from `proposalID|'addresses'|address` to `Vote`. This mapping allows + us to query all addresses that voted on the proposal along with their vote by + doing a range query on `proposalID:addresses`. +* A mapping from `ParamsKey|'Params'` to `Params`. This map allows to query all + x/gov params. +* A mapping from `VotingPeriodProposalKeyPrefix|proposalID` to a single byte. This allows + us to know if a proposal is in the voting period or not with very low gas cost. + +For pseudocode purposes, here are the two function we will use to read or write in stores: + +* `load(StoreKey, Key)`: Retrieve item stored at key `Key` in store found at key `StoreKey` in the multistore +* `store(StoreKey, Key, value)`: Write value `Value` at key `Key` in store found at key `StoreKey` in the multistore + +### Proposal Processing Queue + +**Store:** + +* `ProposalProcessingQueue`: A queue `queue[proposalID]` containing all the + `ProposalIDs` of proposals that reached `MinDeposit`. During each `EndBlock`, + all the proposals that have reached the end of their voting period are processed. + To process a finished proposal, the application tallies the votes, computes the + votes of each validator and checks if every validator in the validator set has + voted. If the proposal is accepted, deposits are refunded. Finally, the proposal + content `Handler` is executed. + +And the pseudocode for the `ProposalProcessingQueue`: + +```go + in EndBlock do + + for finishedProposalID in GetAllFinishedProposalIDs(block.Time) + proposal = load(Governance, ) // proposal is a const key + + validators = Keeper.getAllValidators() + tmpValMap := map(sdk.AccAddress)ValidatorGovInfo + + // Initiate mapping at 0. This is the amount of shares of the validator's vote that will be overridden by their delegator's votes + for each validator in validators + tmpValMap(validator.OperatorAddr).Minus = 0 + + // Tally + voterIterator = rangeQuery(Governance, ) //return all the addresses that voted on the proposal + for each (voterAddress, vote) in voterIterator + delegations = stakingKeeper.getDelegations(voterAddress) // get all delegations for current voter + + for each delegation in delegations + // make sure delegation.Shares does NOT include shares being unbonded + tmpValMap(delegation.ValidatorAddr).Minus += delegation.Shares + proposal.updateTally(vote, delegation.Shares) + + _, isVal = stakingKeeper.getValidator(voterAddress) + if (isVal) + tmpValMap(voterAddress).Vote = vote + + tallyingParam = load(GlobalParams, 'TallyingParam') + + // Update tally if validator voted + for each validator in validators + if tmpValMap(validator).HasVoted + proposal.updateTally(tmpValMap(validator).Vote, (validator.TotalShares - tmpValMap(validator).Minus)) + + + + // Check if proposal is accepted or rejected + totalNonAbstain := proposal.YesVotes + proposal.NoVotes + proposal.NoWithVetoVotes + if (proposal.Votes.YesVotes/totalNonAbstain > tallyingParam.Threshold AND proposal.Votes.NoWithVetoVotes/totalNonAbstain < tallyingParam.Veto) + // proposal was accepted at the end of the voting period + // refund deposits (non-voters already punished) + for each (amount, depositor) in proposal.Deposits + depositor.AtomBalance += amount + + stateWriter, err := proposal.Handler() + if err != nil + // proposal passed but failed during state execution + proposal.CurrentStatus = ProposalStatusFailed + else + // proposal pass and state is persisted + proposal.CurrentStatus = ProposalStatusAccepted + stateWriter.save() + else + // proposal was rejected + proposal.CurrentStatus = ProposalStatusRejected + + store(Governance, , proposal) +``` + +### Legacy Proposal + +A legacy proposal is the old implementation of governance proposal. +Contrary to proposal that can contain any messages, a legacy proposal allows to submit a set of pre-defined proposals. +These proposal are defined by their types. + +While proposals should use the new implementation of the governance proposal, we need still to use legacy proposal in order to submit a `software-upgrade` and a `cancel-software-upgrade` proposal. + +More information on how to submit proposals in the [client section](#client). + +## Messages + +### Proposal Submission + +Proposals can be submitted by any account via a `MsgSubmitProposal` transaction. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/tx.proto#L42-L69 +``` + +All `sdk.Msgs` passed into the `messages` field of a `MsgSubmitProposal` message +must be registered in the app's `MsgServiceRouter`. Each of these messages must +have one signer, namely the gov module account. And finally, the metadata length +must not be larger than the `maxMetadataLen` config passed into the gov keeper. + +**State modifications:** + +* Generate new `proposalID` +* Create new `Proposal` +* Initialise `Proposal`'s attributes +* Decrease balance of sender by `InitialDeposit` +* If `MinDeposit` is reached: + * Push `proposalID` in `ProposalProcessingQueue` +* Transfer `InitialDeposit` from the `Proposer` to the governance `ModuleAccount` + +A `MsgSubmitProposal` transaction can be handled according to the following +pseudocode. + +```go +// PSEUDOCODE // +// Check if MsgSubmitProposal is valid. If it is, create proposal // + +upon receiving txGovSubmitProposal from sender do + + if !correctlyFormatted(txGovSubmitProposal) + // check if proposal is correctly formatted and the messages have routes to other modules. Includes fee payment. + // check if all messages' unique Signer is the gov acct. + // check if the metadata is not too long. + throw + + initialDeposit = txGovSubmitProposal.InitialDeposit + if (initialDeposit.Atoms <= 0) OR (sender.AtomBalance < initialDeposit.Atoms) + // InitialDeposit is negative or null OR sender has insufficient funds + throw + + if (txGovSubmitProposal.Type != ProposalTypePlainText) OR (txGovSubmitProposal.Type != ProposalTypeSoftwareUpgrade) + + sender.AtomBalance -= initialDeposit.Atoms + + depositParam = load(GlobalParams, 'DepositParam') + + proposalID = generate new proposalID + proposal = NewProposal() + + proposal.Messages = txGovSubmitProposal.Messages + proposal.Metadata = txGovSubmitProposal.Metadata + proposal.TotalDeposit = initialDeposit + proposal.SubmitTime = + proposal.DepositEndTime = .Add(depositParam.MaxDepositPeriod) + proposal.Deposits.append({initialDeposit, sender}) + proposal.Submitter = sender + proposal.YesVotes = 0 + proposal.NoVotes = 0 + proposal.NoWithVetoVotes = 0 + proposal.AbstainVotes = 0 + proposal.CurrentStatus = ProposalStatusOpen + + store(Proposals, , proposal) // Store proposal in Proposals mapping + return proposalID +``` + +### Deposit + +Once a proposal is submitted, if +`Proposal.TotalDeposit < ActiveParam.MinDeposit`, Atom holders can send +`MsgDeposit` transactions to increase the proposal's deposit. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/tx.proto#L134-L147 +``` + +**State modifications:** + +* Decrease balance of sender by `deposit` +* Add `deposit` of sender in `proposal.Deposits` +* Increase `proposal.TotalDeposit` by sender's `deposit` +* If `MinDeposit` is reached: + * Push `proposalID` in `ProposalProcessingQueueEnd` +* Transfer `Deposit` from the `proposer` to the governance `ModuleAccount` + +A `MsgDeposit` transaction has to go through a number of checks to be valid. +These checks are outlined in the following pseudocode. + +```go +// PSEUDOCODE // +// Check if MsgDeposit is valid. If it is, increase deposit and check if MinDeposit is reached + +upon receiving txGovDeposit from sender do + // check if proposal is correctly formatted. Includes fee payment. + + if !correctlyFormatted(txGovDeposit) + throw + + proposal = load(Proposals, ) // proposal is a const key, proposalID is variable + + if (proposal == nil) + // There is no proposal for this proposalID + throw + + if (txGovDeposit.Deposit.Atoms <= 0) OR (sender.AtomBalance < txGovDeposit.Deposit.Atoms) OR (proposal.CurrentStatus != ProposalStatusOpen) + + // deposit is negative or null + // OR sender has insufficient funds + // OR proposal is not open for deposit anymore + + throw + + depositParam = load(GlobalParams, 'DepositParam') + + if (CurrentBlock >= proposal.SubmitBlock + depositParam.MaxDepositPeriod) + proposal.CurrentStatus = ProposalStatusClosed + + else + // sender can deposit + sender.AtomBalance -= txGovDeposit.Deposit.Atoms + + proposal.Deposits.append({txGovVote.Deposit, sender}) + proposal.TotalDeposit.Plus(txGovDeposit.Deposit) + + if (proposal.TotalDeposit >= depositParam.MinDeposit) + // MinDeposit is reached, vote opens + + proposal.VotingStartBlock = CurrentBlock + proposal.CurrentStatus = ProposalStatusActive + ProposalProcessingQueue.push(txGovDeposit.ProposalID) + + store(Proposals, , proposal) +``` + +### Vote + +Once `ActiveParam.MinDeposit` is reached, voting period starts. From there, +bonded Atom holders are able to send `MsgVote` transactions to cast their +vote on the proposal. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/tx.proto#L92-L108 +``` + +**State modifications:** + +* Record `Vote` of sender + +:::note +Gas cost for this message has to take into account the future tallying of the vote in EndBlocker. +::: + +Next is a pseudocode outline of the way `MsgVote` transactions are handled: + +```go + // PSEUDOCODE // + // Check if MsgVote is valid. If it is, count vote// + + upon receiving txGovVote from sender do + // check if proposal is correctly formatted. Includes fee payment. + + if !correctlyFormatted(txGovDeposit) + throw + + proposal = load(Proposals, ) + + if (proposal == nil) + // There is no proposal for this proposalID + throw + + + if (proposal.CurrentStatus == ProposalStatusActive) + + + // Sender can vote if + // Proposal is active + // Sender has some bonds + + store(Governance, , txGovVote.Vote) // Voters can vote multiple times. Re-voting overrides previous vote. This is ok because tallying is done once at the end. +``` + +## Events + +The governance module emits the following events: + +### EndBlocker + +| Type | Attribute Key | Attribute Value | +|-------------------|-----------------|------------------| +| inactive_proposal | proposal_id | {proposalID} | +| inactive_proposal | proposal_result | {proposalResult} | +| active_proposal | proposal_id | {proposalID} | +| active_proposal | proposal_result | {proposalResult} | + +### Handlers + +#### MsgSubmitProposal + +| Type | Attribute Key | Attribute Value | +|---------------------|---------------------|-----------------| +| submit_proposal | proposal_id | {proposalID} | +| submit_proposal [0] | voting_period_start | {proposalID} | +| proposal_deposit | amount | {depositAmount} | +| proposal_deposit | proposal_id | {proposalID} | +| message | module | governance | +| message | action | submit_proposal | +| message | sender | {senderAddress} | + +* [0] Event only emitted if the voting period starts during the submission. + +#### MsgVote + +| Type | Attribute Key | Attribute Value | +|---------------|---------------|-----------------| +| proposal_vote | option | {voteOption} | +| proposal_vote | proposal_id | {proposalID} | +| message | module | governance | +| message | action | vote | +| message | sender | {senderAddress} | + +#### MsgVoteWeighted + +| Type | Attribute Key | Attribute Value | +|---------------|---------------|-----------------------| +| proposal_vote | option | {weightedVoteOptions} | +| proposal_vote | proposal_id | {proposalID} | +| message | module | governance | +| message | action | vote | +| message | sender | {senderAddress} | + +#### MsgDeposit + +| Type | Attribute Key | Attribute Value | +|----------------------|---------------------|-----------------| +| proposal_deposit | amount | {depositAmount} | +| proposal_deposit | proposal_id | {proposalID} | +| proposal_deposit [0] | voting_period_start | {proposalID} | +| message | module | governance | +| message | action | deposit | +| message | sender | {senderAddress} | + +* [0] Event only emitted if the voting period starts during the submission. + +## Parameters + +The governance module contains the following parameters: + +| Key | Type | Example | +|-------------------------------|------------------|-----------------------------------------| +| min_deposit | array (coins) | [{"denom":"uatom","amount":"10000000"}] | +| max_deposit_period | string (time ns) | "172800000000000" (17280s) | +| voting_period | string (time ns) | "172800000000000" (17280s) | +| quorum | string (dec) | "0.334000000000000000" | +| threshold | string (dec) | "0.500000000000000000" | +| veto | string (dec) | "0.334000000000000000" | +| expedited_threshold | string (time ns) | "0.667000000000000000" | +| expedited_voting_period | string (time ns) | "86400000000000" (8600s) | +| expedited_min_deposit | array (coins) | [{"denom":"uatom","amount":"50000000"}] | +| burn_proposal_deposit_prevote | bool | false | +| burn_vote_quorum | bool | false | +| burn_vote_veto | bool | true | + +**NOTE**: The governance module contains parameters that are objects unlike other +modules. If only a subset of parameters are desired to be changed, only they need +to be included and not the entire parameter object structure. + +## Client + +### CLI + +A user can query and interact with the `gov` module using the CLI. + +#### Query + +The `query` commands allow users to query `gov` state. + +```bash +simd query gov --help +``` + +##### deposit + +The `deposit` command allows users to query a deposit for a given proposal from a given depositor. + +```bash +simd query gov deposit [proposal-id] [depositer-addr] [flags] +``` + +Example: + +```bash +simd query gov deposit 1 cosmos1.. +``` + +Example Output: + +```bash +amount: +- amount: "100" + denom: stake +depositor: cosmos1.. +proposal_id: "1" +``` + +##### deposits + +The `deposits` command allows users to query all deposits for a given proposal. + +```bash +simd query gov deposits [proposal-id] [flags] +``` + +Example: + +```bash +simd query gov deposits 1 +``` + +Example Output: + +```bash +deposits: +- amount: + - amount: "100" + denom: stake + depositor: cosmos1.. + proposal_id: "1" +pagination: + next_key: null + total: "0" +``` + +##### param + +The `param` command allows users to query a given parameter for the `gov` module. + +```bash +simd query gov param [param-type] [flags] +``` + +Example: + +```bash +simd query gov param voting +``` + +Example Output: + +```bash +voting_period: "172800000000000" +``` + +##### params + +The `params` command allows users to query all parameters for the `gov` module. + +```bash +simd query gov params [flags] +``` + +Example: + +```bash +simd query gov params +``` + +Example Output: + +```bash +deposit_params: + max_deposit_period: 172800s + min_deposit: + - amount: "10000000" + denom: stake +params: + expedited_min_deposit: + - amount: "50000000" + denom: stake + expedited_threshold: "0.670000000000000000" + expedited_voting_period: 86400s + max_deposit_period: 172800s + min_deposit: + - amount: "10000000" + denom: stake + min_initial_deposit_ratio: "0.000000000000000000" + proposal_cancel_burn_rate: "0.500000000000000000" + quorum: "0.334000000000000000" + threshold: "0.500000000000000000" + veto_threshold: "0.334000000000000000" + voting_period: 172800s +tally_params: + quorum: "0.334000000000000000" + threshold: "0.500000000000000000" + veto_threshold: "0.334000000000000000" +voting_params: + voting_period: 172800s +``` + +##### proposal + +The `proposal` command allows users to query a given proposal. + +```bash +simd query gov proposal [proposal-id] [flags] +``` + +Example: + +```bash +simd query gov proposal 1 +``` + +Example Output: + +```bash +deposit_end_time: "2022-03-30T11:50:20.819676256Z" +final_tally_result: + abstain_count: "0" + no_count: "0" + no_with_veto_count: "0" + yes_count: "0" +id: "1" +messages: +- '@type': /cosmos.bank.v1beta1.MsgSend + amount: + - amount: "10" + denom: stake + from_address: cosmos1.. + to_address: cosmos1.. +metadata: AQ== +status: PROPOSAL_STATUS_DEPOSIT_PERIOD +submit_time: "2022-03-28T11:50:20.819676256Z" +total_deposit: +- amount: "10" + denom: stake +voting_end_time: null +voting_start_time: null +``` + +##### proposals + +The `proposals` command allows users to query all proposals with optional filters. + +```bash +simd query gov proposals [flags] +``` + +Example: + +```bash +simd query gov proposals +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "0" +proposals: +- deposit_end_time: "2022-03-30T11:50:20.819676256Z" + final_tally_result: + abstain_count: "0" + no_count: "0" + no_with_veto_count: "0" + yes_count: "0" + id: "1" + messages: + - '@type': /cosmos.bank.v1beta1.MsgSend + amount: + - amount: "10" + denom: stake + from_address: cosmos1.. + to_address: cosmos1.. + metadata: AQ== + status: PROPOSAL_STATUS_DEPOSIT_PERIOD + submit_time: "2022-03-28T11:50:20.819676256Z" + total_deposit: + - amount: "10" + denom: stake + voting_end_time: null + voting_start_time: null +- deposit_end_time: "2022-03-30T14:02:41.165025015Z" + final_tally_result: + abstain_count: "0" + no_count: "0" + no_with_veto_count: "0" + yes_count: "0" + id: "2" + messages: + - '@type': /cosmos.bank.v1beta1.MsgSend + amount: + - amount: "10" + denom: stake + from_address: cosmos1.. + to_address: cosmos1.. + metadata: AQ== + status: PROPOSAL_STATUS_DEPOSIT_PERIOD + submit_time: "2022-03-28T14:02:41.165025015Z" + total_deposit: + - amount: "10" + denom: stake + voting_end_time: null + voting_start_time: null +``` + +##### proposer + +The `proposer` command allows users to query the proposer for a given proposal. + +```bash +simd query gov proposer [proposal-id] [flags] +``` + +Example: + +```bash +simd query gov proposer 1 +``` + +Example Output: + +```bash +proposal_id: "1" +proposer: cosmos1.. +``` + +##### tally + +The `tally` command allows users to query the tally of a given proposal vote. + +```bash +simd query gov tally [proposal-id] [flags] +``` + +Example: + +```bash +simd query gov tally 1 +``` + +Example Output: + +```bash +abstain: "0" +"no": "0" +no_with_veto: "0" +"yes": "1" +``` + +##### vote + +The `vote` command allows users to query a vote for a given proposal. + +```bash +simd query gov vote [proposal-id] [voter-addr] [flags] +``` + +Example: + +```bash +simd query gov vote 1 cosmos1.. +``` + +Example Output: + +```bash +option: VOTE_OPTION_YES +options: +- option: VOTE_OPTION_YES + weight: "1.000000000000000000" +proposal_id: "1" +voter: cosmos1.. +``` + +##### votes + +The `votes` command allows users to query all votes for a given proposal. + +```bash +simd query gov votes [proposal-id] [flags] +``` + +Example: + +```bash +simd query gov votes 1 +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "0" +votes: +- option: VOTE_OPTION_YES + options: + - option: VOTE_OPTION_YES + weight: "1.000000000000000000" + proposal_id: "1" + voter: cosmos1.. +``` + +#### Transactions + +The `tx` commands allow users to interact with the `gov` module. + +```bash +simd tx gov --help +``` + +##### deposit + +The `deposit` command allows users to deposit tokens for a given proposal. + +```bash +simd tx gov deposit [proposal-id] [deposit] [flags] +``` + +Example: + +```bash +simd tx gov deposit 1 10000000stake --from cosmos1.. +``` + +##### draft-proposal + +The `draft-proposal` command allows users to draft any type of proposal. +The command returns a `draft_proposal.json`, to be used by `submit-proposal` after being completed. +The `draft_metadata.json` is meant to be uploaded to [IPFS](#metadata). + +```bash +simd tx gov draft-proposal +``` + +##### submit-proposal + +The `submit-proposal` command allows users to submit a governance proposal along with some messages and metadata. +Messages, metadata and deposit are defined in a JSON file. + +```bash +simd tx gov submit-proposal [path-to-proposal-json] [flags] +``` + +Example: + +```bash +simd tx gov submit-proposal /path/to/proposal.json --from cosmos1.. +``` + +where `proposal.json` contains: + +```json +{ + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1...", // The gov module module address + "to_address": "cosmos1...", + "amount":[{"denom": "stake","amount": "10"}] + } + ], + "metadata": "AQ==", + "deposit": "10stake", + "title": "Proposal Title", + "summary": "Proposal Summary" +} +``` + +:::note +By default the metadata, summary and title are both limited by 255 characters, this can be overridden by the application developer. +::: + +##### submit-legacy-proposal + +The `submit-legacy-proposal` command allows users to submit a governance legacy proposal along with an initial deposit. + +```bash +simd tx gov submit-legacy-proposal [command] [flags] +``` + +Example: + +```bash +simd tx gov submit-legacy-proposal --title="Test Proposal" --description="testing" --type="Text" --deposit="100000000stake" --from cosmos1.. +``` + +Example (`param-change`): + +```bash +simd tx gov submit-legacy-proposal param-change proposal.json --from cosmos1.. +``` + +```json +{ + "title": "Test Proposal", + "description": "testing, testing, 1, 2, 3", + "changes": [ + { + "subspace": "staking", + "key": "MaxValidators", + "value": 100 + } + ], + "deposit": "10000000stake" +} +``` + +#### cancel-proposal + +Once proposal is canceled, from the deposits of proposal `deposits * proposal_cancel_ratio` will be burned or sent to `ProposalCancelDest` address , if `ProposalCancelDest` is empty then deposits will be burned. The `remaining deposits` will be sent to depositers. + +```bash +simd tx gov cancel-proposal [proposal-id] [flags] +``` + +Example: + +```bash +simd tx gov cancel-proposal 1 --from cosmos1... +``` + +##### vote + +The `vote` command allows users to submit a vote for a given governance proposal. + +```bash +simd tx gov vote [command] [flags] +``` + +Example: + +```bash +simd tx gov vote 1 yes --from cosmos1.. +``` + +##### weighted-vote + +The `weighted-vote` command allows users to submit a weighted vote for a given governance proposal. + +```bash +simd tx gov weighted-vote [proposal-id] [weighted-options] [flags] +``` + +Example: + +```bash +simd tx gov weighted-vote 1 yes=0.5,no=0.5 --from cosmos1.. +``` + +### gRPC + +A user can query the `gov` module using gRPC endpoints. + +#### Proposal + +The `Proposal` endpoint allows users to query a given proposal. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Proposal +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Proposal +``` + +Example Output: + +```bash +{ + "proposal": { + "proposalId": "1", + "content": {"@type":"/cosmos.gov.v1beta1.TextProposal","description":"testing, testing, 1, 2, 3","title":"Test Proposal"}, + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "finalTallyResult": { + "yes": "0", + "abstain": "0", + "no": "0", + "noWithVeto": "0" + }, + "submitTime": "2021-09-16T19:40:08.712440474Z", + "depositEndTime": "2021-09-18T19:40:08.712440474Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10000000" + } + ], + "votingStartTime": "2021-09-16T19:40:08.712440474Z", + "votingEndTime": "2021-09-18T19:40:08.712440474Z", + "title": "Test Proposal", + "summary": "testing, testing, 1, 2, 3" + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Proposal +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Proposal +``` + +Example Output: + +```bash +{ + "proposal": { + "id": "1", + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"10"}],"fromAddress":"cosmos1..","toAddress":"cosmos1.."} + ], + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "finalTallyResult": { + "yesCount": "0", + "abstainCount": "0", + "noCount": "0", + "noWithVetoCount": "0" + }, + "submitTime": "2022-03-28T11:50:20.819676256Z", + "depositEndTime": "2022-03-30T11:50:20.819676256Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10000000" + } + ], + "votingStartTime": "2022-03-28T14:25:26.644857113Z", + "votingEndTime": "2022-03-30T14:25:26.644857113Z", + "metadata": "AQ==", + "title": "Test Proposal", + "summary": "testing, testing, 1, 2, 3" + } +} +``` + +#### Proposals + +The `Proposals` endpoint allows users to query all proposals with optional filters. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Proposals +``` + +Example: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Proposals +``` + +Example Output: + +```bash +{ + "proposals": [ + { + "proposalId": "1", + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "finalTallyResult": { + "yes": "0", + "abstain": "0", + "no": "0", + "noWithVeto": "0" + }, + "submitTime": "2022-03-28T11:50:20.819676256Z", + "depositEndTime": "2022-03-30T11:50:20.819676256Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10000000010" + } + ], + "votingStartTime": "2022-03-28T14:25:26.644857113Z", + "votingEndTime": "2022-03-30T14:25:26.644857113Z" + }, + { + "proposalId": "2", + "status": "PROPOSAL_STATUS_DEPOSIT_PERIOD", + "finalTallyResult": { + "yes": "0", + "abstain": "0", + "no": "0", + "noWithVeto": "0" + }, + "submitTime": "2022-03-28T14:02:41.165025015Z", + "depositEndTime": "2022-03-30T14:02:41.165025015Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10" + } + ], + "votingStartTime": "0001-01-01T00:00:00Z", + "votingEndTime": "0001-01-01T00:00:00Z" + } + ], + "pagination": { + "total": "2" + } +} + +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Proposals +``` + +Example: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + cosmos.gov.v1.Query/Proposals +``` + +Example Output: + +```bash +{ + "proposals": [ + { + "id": "1", + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"10"}],"fromAddress":"cosmos1..","toAddress":"cosmos1.."} + ], + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "finalTallyResult": { + "yesCount": "0", + "abstainCount": "0", + "noCount": "0", + "noWithVetoCount": "0" + }, + "submitTime": "2022-03-28T11:50:20.819676256Z", + "depositEndTime": "2022-03-30T11:50:20.819676256Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10000000010" + } + ], + "votingStartTime": "2022-03-28T14:25:26.644857113Z", + "votingEndTime": "2022-03-30T14:25:26.644857113Z", + "metadata": "AQ==", + "title": "Proposal Title", + "summary": "Proposal Summary" + }, + { + "id": "2", + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"10"}],"fromAddress":"cosmos1..","toAddress":"cosmos1.."} + ], + "status": "PROPOSAL_STATUS_DEPOSIT_PERIOD", + "finalTallyResult": { + "yesCount": "0", + "abstainCount": "0", + "noCount": "0", + "noWithVetoCount": "0" + }, + "submitTime": "2022-03-28T14:02:41.165025015Z", + "depositEndTime": "2022-03-30T14:02:41.165025015Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10" + } + ], + "metadata": "AQ==", + "title": "Proposal Title", + "summary": "Proposal Summary" + } + ], + "pagination": { + "total": "2" + } +} +``` + +#### Vote + +The `Vote` endpoint allows users to query a vote for a given proposal. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Vote +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1","voter":"cosmos1.."}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Vote +``` + +Example Output: + +```bash +{ + "vote": { + "proposalId": "1", + "voter": "cosmos1..", + "option": "VOTE_OPTION_YES", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1000000000000000000" + } + ] + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Vote +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1","voter":"cosmos1.."}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Vote +``` + +Example Output: + +```bash +{ + "vote": { + "proposalId": "1", + "voter": "cosmos1..", + "option": "VOTE_OPTION_YES", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ] + } +} +``` + +#### Votes + +The `Votes` endpoint allows users to query all votes for a given proposal. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Votes +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Votes +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposalId": "1", + "voter": "cosmos1..", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1000000000000000000" + } + ] + } + ], + "pagination": { + "total": "1" + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Votes +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Votes +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposalId": "1", + "voter": "cosmos1..", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ] + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### Params + +The `Params` endpoint allows users to query all parameters for the `gov` module. + + + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Params +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"params_type":"voting"}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Params +``` + +Example Output: + +```bash +{ + "votingParams": { + "votingPeriod": "172800s" + }, + "depositParams": { + "maxDepositPeriod": "0s" + }, + "tallyParams": { + "quorum": "MA==", + "threshold": "MA==", + "vetoThreshold": "MA==" + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Params +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"params_type":"voting"}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Params +``` + +Example Output: + +```bash +{ + "votingParams": { + "votingPeriod": "172800s" + } +} +``` + +#### Deposit + +The `Deposit` endpoint allows users to query a deposit for a given proposal from a given depositor. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Deposit +``` + +Example: + +```bash +grpcurl -plaintext \ + '{"proposal_id":"1","depositor":"cosmos1.."}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Deposit +``` + +Example Output: + +```bash +{ + "deposit": { + "proposalId": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Deposit +``` + +Example: + +```bash +grpcurl -plaintext \ + '{"proposal_id":"1","depositor":"cosmos1.."}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Deposit +``` + +Example Output: + +```bash +{ + "deposit": { + "proposalId": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } +} +``` + +#### deposits + +The `Deposits` endpoint allows users to query all deposits for a given proposal. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Deposits +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Deposits +``` + +Example Output: + +```bash +{ + "deposits": [ + { + "proposalId": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } + ], + "pagination": { + "total": "1" + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Deposits +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Deposits +``` + +Example Output: + +```bash +{ + "deposits": [ + { + "proposalId": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### TallyResult + +The `TallyResult` endpoint allows users to query the tally of a given proposal. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/TallyResult +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/TallyResult +``` + +Example Output: + +```bash +{ + "tally": { + "yes": "1000000", + "abstain": "0", + "no": "0", + "noWithVeto": "0" + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/TallyResult +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1.Query/TallyResult +``` + +Example Output: + +```bash +{ + "tally": { + "yes": "1000000", + "abstain": "0", + "no": "0", + "noWithVeto": "0" + } +} +``` + +### REST + +A user can query the `gov` module using REST endpoints. + +#### proposal + +The `proposals` endpoint allows users to query a given proposal. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1 +``` + +Example Output: + +```bash +{ + "proposal": { + "proposal_id": "1", + "content": null, + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "final_tally_result": { + "yes": "0", + "abstain": "0", + "no": "0", + "no_with_veto": "0" + }, + "submit_time": "2022-03-28T11:50:20.819676256Z", + "deposit_end_time": "2022-03-30T11:50:20.819676256Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10000000010" + } + ], + "voting_start_time": "2022-03-28T14:25:26.644857113Z", + "voting_end_time": "2022-03-30T14:25:26.644857113Z" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1 +``` + +Example Output: + +```bash +{ + "proposal": { + "id": "1", + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1..", + "to_address": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10" + } + ] + } + ], + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "final_tally_result": { + "yes_count": "0", + "abstain_count": "0", + "no_count": "0", + "no_with_veto_count": "0" + }, + "submit_time": "2022-03-28T11:50:20.819676256Z", + "deposit_end_time": "2022-03-30T11:50:20.819676256Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10000000" + } + ], + "voting_start_time": "2022-03-28T14:25:26.644857113Z", + "voting_end_time": "2022-03-30T14:25:26.644857113Z", + "metadata": "AQ==", + "title": "Proposal Title", + "summary": "Proposal Summary" + } +} +``` + +#### proposals + +The `proposals` endpoint also allows users to query all proposals with optional filters. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals +``` + +Example Output: + +```bash +{ + "proposals": [ + { + "proposal_id": "1", + "content": null, + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "final_tally_result": { + "yes": "0", + "abstain": "0", + "no": "0", + "no_with_veto": "0" + }, + "submit_time": "2022-03-28T11:50:20.819676256Z", + "deposit_end_time": "2022-03-30T11:50:20.819676256Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10000000" + } + ], + "voting_start_time": "2022-03-28T14:25:26.644857113Z", + "voting_end_time": "2022-03-30T14:25:26.644857113Z" + }, + { + "proposal_id": "2", + "content": null, + "status": "PROPOSAL_STATUS_DEPOSIT_PERIOD", + "final_tally_result": { + "yes": "0", + "abstain": "0", + "no": "0", + "no_with_veto": "0" + }, + "submit_time": "2022-03-28T14:02:41.165025015Z", + "deposit_end_time": "2022-03-30T14:02:41.165025015Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10" + } + ], + "voting_start_time": "0001-01-01T00:00:00Z", + "voting_end_time": "0001-01-01T00:00:00Z" + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals +``` + +Example Output: + +```bash +{ + "proposals": [ + { + "id": "1", + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1..", + "to_address": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10" + } + ] + } + ], + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "final_tally_result": { + "yes_count": "0", + "abstain_count": "0", + "no_count": "0", + "no_with_veto_count": "0" + }, + "submit_time": "2022-03-28T11:50:20.819676256Z", + "deposit_end_time": "2022-03-30T11:50:20.819676256Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10000000010" + } + ], + "voting_start_time": "2022-03-28T14:25:26.644857113Z", + "voting_end_time": "2022-03-30T14:25:26.644857113Z", + "metadata": "AQ==", + "title": "Proposal Title", + "summary": "Proposal Summary" + }, + { + "id": "2", + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1..", + "to_address": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10" + } + ] + } + ], + "status": "PROPOSAL_STATUS_DEPOSIT_PERIOD", + "final_tally_result": { + "yes_count": "0", + "abstain_count": "0", + "no_count": "0", + "no_with_veto_count": "0" + }, + "submit_time": "2022-03-28T14:02:41.165025015Z", + "deposit_end_time": "2022-03-30T14:02:41.165025015Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10" + } + ], + "voting_start_time": null, + "voting_end_time": null, + "metadata": "AQ==", + "title": "Proposal Title", + "summary": "Proposal Summary" + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +#### voter vote + +The `votes` endpoint allows users to query a vote for a given proposal. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id}/votes/{voter} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1/votes/cosmos1.. +``` + +Example Output: + +```bash +{ + "vote": { + "proposal_id": "1", + "voter": "cosmos1..", + "option": "VOTE_OPTION_YES", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ] + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id}/votes/{voter} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1/votes/cosmos1.. +``` + +Example Output: + +```bash +{ + "vote": { + "proposal_id": "1", + "voter": "cosmos1..", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ], + "metadata": "" + } +} +``` + +#### votes + +The `votes` endpoint allows users to query all votes for a given proposal. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id}/votes +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1/votes +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposal_id": "1", + "voter": "cosmos1..", + "option": "VOTE_OPTION_YES", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id}/votes +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1/votes +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposal_id": "1", + "voter": "cosmos1..", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ], + "metadata": "" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### params + +The `params` endpoint allows users to query all parameters for the `gov` module. + + + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/params/{params_type} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/params/voting +``` + +Example Output: + +```bash +{ + "voting_params": { + "voting_period": "172800s" + }, + "deposit_params": { + "min_deposit": [ + ], + "max_deposit_period": "0s" + }, + "tally_params": { + "quorum": "0.000000000000000000", + "threshold": "0.000000000000000000", + "veto_threshold": "0.000000000000000000" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/params/{params_type} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/params/voting +``` + +Example Output: + +```bash +{ + "voting_params": { + "voting_period": "172800s" + }, + "deposit_params": { + "min_deposit": [ + ], + "max_deposit_period": "0s" + }, + "tally_params": { + "quorum": "0.000000000000000000", + "threshold": "0.000000000000000000", + "veto_threshold": "0.000000000000000000" + } +} +``` + +#### deposits + +The `deposits` endpoint allows users to query a deposit for a given proposal from a given depositor. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id}/deposits/{depositor} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1/deposits/cosmos1.. +``` + +Example Output: + +```bash +{ + "deposit": { + "proposal_id": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id}/deposits/{depositor} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1/deposits/cosmos1.. +``` + +Example Output: + +```bash +{ + "deposit": { + "proposal_id": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } +} +``` + +#### proposal deposits + +The `deposits` endpoint allows users to query all deposits for a given proposal. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id}/deposits +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1/deposits +``` + +Example Output: + +```bash +{ + "deposits": [ + { + "proposal_id": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id}/deposits +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1/deposits +``` + +Example Output: + +```bash +{ + "deposits": [ + { + "proposal_id": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### tally + +The `tally` endpoint allows users to query the tally of a given proposal. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id}/tally +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1/tally +``` + +Example Output: + +```bash +{ + "tally": { + "yes": "1000000", + "abstain": "0", + "no": "0", + "no_with_veto": "0" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id}/tally +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1/tally +``` + +Example Output: + +```bash +{ + "tally": { + "yes": "1000000", + "abstain": "0", + "no": "0", + "no_with_veto": "0" + } +} +``` + +## Metadata + +The gov module has two locations for metadata where users can provide further context about the on-chain actions they are taking. By default all metadata fields have a 255 character length field where metadata can be stored in json format, either on-chain or off-chain depending on the amount of data required. Here we provide a recommendation for the json structure and where the data should be stored. There are two important factors in making these recommendations. First, that the gov and group modules are consistent with one another, note the number of proposals made by all groups may be quite large. Second, that client applications such as block explorers and governance interfaces have confidence in the consistency of metadata structure accross chains. + +### Proposal + +Location: off-chain as json object stored on IPFS (mirrors [group proposal](../group/README.md#metadata)) + +```json +{ + "title": "", + "authors": [""], + "summary": "", + "details": "", + "proposal_forum_url": "", + "vote_option_context": "", +} +``` + +:::note +The `authors` field is an array of strings, this is to allow for multiple authors to be listed in the metadata. +In v0.46, the `authors` field is a comma-separated string. Frontends are encouraged to support both formats for backwards compatibility. +::: + +### Vote + +Location: on-chain as json within 255 character limit (mirrors [group vote](../group/README.md#metadata)) + +```json +{ + "justification": "", +} +``` + +## Future Improvements + +The current documentation only describes the minimum viable product for the +governance module. Future improvements may include: + +* **`BountyProposals`:** If accepted, a `BountyProposal` creates an open + bounty. The `BountyProposal` specifies how many Atoms will be given upon + completion. These Atoms will be taken from the `reserve pool`. After a + `BountyProposal` is accepted by governance, anybody can submit a + `SoftwareUpgradeProposal` with the code to claim the bounty. Note that once a + `BountyProposal` is accepted, the corresponding funds in the `reserve pool` + are locked so that payment can always be honored. In order to link a + `SoftwareUpgradeProposal` to an open bounty, the submitter of the + `SoftwareUpgradeProposal` will use the `Proposal.LinkedProposal` attribute. + If a `SoftwareUpgradeProposal` linked to an open bounty is accepted by + governance, the funds that were reserved are automatically transferred to the + submitter. +* **Complex delegation:** Delegators could choose other representatives than + their validators. Ultimately, the chain of representatives would always end + up to a validator, but delegators could inherit the vote of their chosen + representative before they inherit the vote of their validator. In other + words, they would only inherit the vote of their validator if their other + appointed representative did not vote. +* **Better process for proposal review:** There would be two parts to + `proposal.Deposit`, one for anti-spam (same as in MVP) and an other one to + reward third party auditors. diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/modules/group/README.md b/copy-of-sdk-versioned_docs/version-0.47/build/modules/group/README.md new file mode 100644 index 00000000..b94fec72 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/modules/group/README.md @@ -0,0 +1,2156 @@ +--- +sidebar_position: 1 +--- + +# `x/group` + +## Abstract + +The following documents specify the group module. + +This module allows the creation and management of on-chain multisig accounts and enables voting for message execution based on configurable decision policies. + +## Contents + +* [Concepts](#concepts) + * [Group](#group) + * [Group Policy](#group-policy) + * [Decision Policy](#decision-policy) + * [Proposal](#proposal) + * [Pruning](#pruning) +* [State](#state) + * [Group Table](#group-table) + * [Group Member Table](#group-member-table) + * [Group Policy Table](#group-policy-table) + * [Proposal Table](#proposal-table) + * [Vote Table](#vote-table) +* [Msg Service](#msg-service) + * [Msg/CreateGroup](#msgcreategroup) + * [Msg/UpdateGroupMembers](#msgupdategroupmembers) + * [Msg/UpdateGroupAdmin](#msgupdategroupadmin) + * [Msg/UpdateGroupMetadata](#msgupdategroupmetadata) + * [Msg/CreateGroupPolicy](#msgcreategrouppolicy) + * [Msg/CreateGroupWithPolicy](#msgcreategroupwithpolicy) + * [Msg/UpdateGroupPolicyAdmin](#msgupdategrouppolicyadmin) + * [Msg/UpdateGroupPolicyDecisionPolicy](#msgupdategrouppolicydecisionpolicy) + * [Msg/UpdateGroupPolicyMetadata](#msgupdategrouppolicymetadata) + * [Msg/SubmitProposal](#msgsubmitproposal) + * [Msg/WithdrawProposal](#msgwithdrawproposal) + * [Msg/Vote](#msgvote) + * [Msg/Exec](#msgexec) + * [Msg/LeaveGroup](#msgleavegroup) +* [Events](#events) + * [EventCreateGroup](#eventcreategroup) + * [EventUpdateGroup](#eventupdategroup) + * [EventCreateGroupPolicy](#eventcreategrouppolicy) + * [EventUpdateGroupPolicy](#eventupdategrouppolicy) + * [EventCreateProposal](#eventcreateproposal) + * [EventWithdrawProposal](#eventwithdrawproposal) + * [EventVote](#eventvote) + * [EventExec](#eventexec) + * [EventLeaveGroup](#eventleavegroup) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) +* [Metadata](#metadata) + +## Concepts + +### Group + +A group is simply an aggregation of accounts with associated weights. It is not +an account and doesn't have a balance. It doesn't in and of itself have any +sort of voting or decision weight. It does have an "administrator" which has +the ability to add, remove and update members in the group. Note that a +group policy account could be an administrator of a group, and that the +administrator doesn't necessarily have to be a member of the group. + +### Group Policy + +A group policy is an account associated with a group and a decision policy. +Group policies are abstracted from groups because a single group may have +multiple decision policies for different types of actions. Managing group +membership separately from decision policies results in the least overhead +and keeps membership consistent across different policies. The pattern that +is recommended is to have a single master group policy for a given group, +and then to create separate group policies with different decision policies +and delegate the desired permissions from the master account to +those "sub-accounts" using the `x/authz` module. + +### Decision Policy + +A decision policy is the mechanism by which members of a group can vote on +proposals, as well as the rules that dictate whether a proposal should pass +or not based on its tally outcome. + +All decision policies generally would have a mininum execution period and a +maximum voting window. The minimum execution period is the minimum amount of time +that must pass after submission in order for a proposal to potentially be executed, and it may +be set to 0. The maximum voting window is the maximum time after submission that a proposal may +be voted on before it is tallied. + +The chain developer also defines an app-wide maximum execution period, which is +the maximum amount of time after a proposal's voting period end where users are +allowed to execute a proposal. + +The current group module comes shipped with two decision policies: threshold +and percentage. Any chain developer can extend upon these two, by creating +custom decision policies, as long as they adhere to the `DecisionPolicy` +interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/group/types.go#L27-L45 +``` + +#### Threshold decision policy + +A threshold decision policy defines a threshold of yes votes (based on a tally +of voter weights) that must be achieved in order for a proposal to pass. For +this decision policy, abstain and veto are simply treated as no's. + +This decision policy also has a VotingPeriod window and a MinExecutionPeriod +window. The former defines the duration after proposal submission where members +are allowed to vote, after which tallying is performed. The latter specifies +the minimum duration after proposal submission where the proposal can be +executed. If set to 0, then the proposal is allowed to be executed immediately +on submission (using the `TRY_EXEC` option). Obviously, MinExecutionPeriod +cannot be greater than VotingPeriod+MaxExecutionPeriod (where MaxExecution is +the app-defined duration that specifies the window after voting ended where a +proposal can be executed). + +#### Percentage decision policy + +A percentage decision policy is similar to a threshold decision policy, except +that the threshold is not defined as a constant weight, but as a percentage. +It's more suited for groups where the group members' weights can be updated, as +the percentage threshold stays the same, and doesn't depend on how those member +weights get updated. + +Same as the Threshold decision policy, the percentage decision policy has the +two VotingPeriod and MinExecutionPeriod parameters. + +### Proposal + +Any member(s) of a group can submit a proposal for a group policy account to decide upon. +A proposal consists of a set of messages that will be executed if the proposal +passes as well as any metadata associated with the proposal. + +#### Voting + +There are four choices to choose while voting - yes, no, abstain and veto. Not +all decision policies will take the four choices into account. Votes can contain some optional metadata. +In the current implementation, the voting window begins as soon as a proposal +is submitted, and the end is defined by the group policy's decision policy. + +#### Withdrawing Proposals + +Proposals can be withdrawn any time before the voting period end, either by the +admin of the group policy or by one of the proposers. Once withdrawn, it is +marked as `PROPOSAL_STATUS_WITHDRAWN`, and no more voting or execution is +allowed on it. + +#### Aborted Proposals + +If the group policy is updated during the voting period of the proposal, then +the proposal is marked as `PROPOSAL_STATUS_ABORTED`, and no more voting or +execution is allowed on it. This is because the group policy defines the rules +of proposal voting and execution, so if those rules change during the lifecycle +of a proposal, then the proposal should be marked as stale. + +#### Tallying + +Tallying is the counting of all votes on a proposal. It happens only once in +the lifecycle of a proposal, but can be triggered by two factors, whichever +happens first: + +* either someone tries to execute the proposal (see next section), which can + happen on a `Msg/Exec` transaction, or a `Msg/{SubmitProposal,Vote}` + transaction with the `Exec` field set. When a proposal execution is attempted, + a tally is done first to make sure the proposal passes. +* or on `EndBlock` when the proposal's voting period end just passed. + +If the tally result passes the decision policy's rules, then the proposal is +marked as `PROPOSAL_STATUS_ACCEPTED`, or else it is marked as +`PROPOSAL_STATUS_REJECTED`. In any case, no more voting is allowed anymore, and the tally +result is persisted to state in the proposal's `FinalTallyResult`. + +#### Executing Proposals + +Proposals are executed only when the tallying is done, and the group account's +decision policy allows the proposal to pass based on the tally outcome. They +are marked by the status `PROPOSAL_STATUS_ACCEPTED`. Execution must happen +before a duration of `MaxExecutionPeriod` (set by the chain developer) after +each proposal's voting period end. + +Proposals will not be automatically executed by the chain in this current design, +but rather a user must submit a `Msg/Exec` transaction to attempt to execute the +proposal based on the current votes and decision policy. Any user (not only the +group members) can execute proposals that have been accepted, and execution fees are +paid by the proposal executor. +It's also possible to try to execute a proposal immediately on creation or on +new votes using the `Exec` field of `Msg/SubmitProposal` and `Msg/Vote` requests. +In the former case, proposers signatures are considered as yes votes. +In these cases, if the proposal can't be executed (i.e. it didn't pass the +decision policy's rules), it will still be opened for new votes and +could be tallied and executed later on. + +A successful proposal execution will have its `ExecutorResult` marked as +`PROPOSAL_EXECUTOR_RESULT_SUCCESS`. The proposal will be automatically pruned +after execution. On the other hand, a failed proposal execution will be marked +as `PROPOSAL_EXECUTOR_RESULT_FAILURE`. Such a proposal can be re-executed +multiple times, until it expires after `MaxExecutionPeriod` after voting period +end. + +### Pruning + +Proposals and votes are automatically pruned to avoid state bloat. + +Votes are pruned: + +* either after a successful tally, i.e. a tally whose result passes the decision + policy's rules, which can be trigged by a `Msg/Exec` or a + `Msg/{SubmitProposal,Vote}` with the `Exec` field set, +* or on `EndBlock` right after the proposal's voting period end. This applies to proposals with status `aborted` or `withdrawn` too. + +whichever happens first. + +Proposals are pruned: + +* on `EndBlock` whose proposal status is `withdrawn` or `aborted` on proposal's voting period end before tallying, +* and either after a successful proposal execution, +* or on `EndBlock` right after the proposal's `voting_period_end` + + `max_execution_period` (defined as an app-wide configuration) is passed, + +whichever happens first. + +## State + +The `group` module uses the `orm` package which provides table storage with support for +primary keys and secondary indexes. `orm` also defines `Sequence` which is a persistent unique key generator based on a counter that can be used along with `Table`s. + +Here's the list of tables and associated sequences and indexes stored as part of the `group` module. + +### Group Table + +The `groupTable` stores `GroupInfo`: `0x0 | BigEndian(GroupId) -> ProtocolBuffer(GroupInfo)`. + +#### groupSeq + +The value of `groupSeq` is incremented when creating a new group and corresponds to the new `GroupId`: `0x1 | 0x1 -> BigEndian`. + +The second `0x1` corresponds to the ORM `sequenceStorageKey`. + +#### groupByAdminIndex + +`groupByAdminIndex` allows to retrieve groups by admin address: +`0x2 | len([]byte(group.Admin)) | []byte(group.Admin) | BigEndian(GroupId) -> []byte()`. + +### Group Member Table + +The `groupMemberTable` stores `GroupMember`s: `0x10 | BigEndian(GroupId) | []byte(member.Address) -> ProtocolBuffer(GroupMember)`. + +The `groupMemberTable` is a primary key table and its `PrimaryKey` is given by +`BigEndian(GroupId) | []byte(member.Address)` which is used by the following indexes. + +#### groupMemberByGroupIndex + +`groupMemberByGroupIndex` allows to retrieve group members by group id: +`0x11 | BigEndian(GroupId) | PrimaryKey -> []byte()`. + +#### groupMemberByMemberIndex + +`groupMemberByMemberIndex` allows to retrieve group members by member address: +`0x12 | len([]byte(member.Address)) | []byte(member.Address) | PrimaryKey -> []byte()`. + +### Group Policy Table + +The `groupPolicyTable` stores `GroupPolicyInfo`: `0x20 | len([]byte(Address)) | []byte(Address) -> ProtocolBuffer(GroupPolicyInfo)`. + +The `groupPolicyTable` is a primary key table and its `PrimaryKey` is given by +`len([]byte(Address)) | []byte(Address)` which is used by the following indexes. + +#### groupPolicySeq + +The value of `groupPolicySeq` is incremented when creating a new group policy and is used to generate the new group policy account `Address`: +`0x21 | 0x1 -> BigEndian`. + +The second `0x1` corresponds to the ORM `sequenceStorageKey`. + +#### groupPolicyByGroupIndex + +`groupPolicyByGroupIndex` allows to retrieve group policies by group id: +`0x22 | BigEndian(GroupId) | PrimaryKey -> []byte()`. + +#### groupPolicyByAdminIndex + +`groupPolicyByAdminIndex` allows to retrieve group policies by admin address: +`0x23 | len([]byte(Address)) | []byte(Address) | PrimaryKey -> []byte()`. + +### Proposal Table + +The `proposalTable` stores `Proposal`s: `0x30 | BigEndian(ProposalId) -> ProtocolBuffer(Proposal)`. + +#### proposalSeq + +The value of `proposalSeq` is incremented when creating a new proposal and corresponds to the new `ProposalId`: `0x31 | 0x1 -> BigEndian`. + +The second `0x1` corresponds to the ORM `sequenceStorageKey`. + +#### proposalByGroupPolicyIndex + +`proposalByGroupPolicyIndex` allows to retrieve proposals by group policy account address: +`0x32 | len([]byte(account.Address)) | []byte(account.Address) | BigEndian(ProposalId) -> []byte()`. + +#### ProposalsByVotingPeriodEndIndex + +`proposalsByVotingPeriodEndIndex` allows to retrieve proposals sorted by chronological `voting_period_end`: +`0x33 | sdk.FormatTimeBytes(proposal.VotingPeriodEnd) | BigEndian(ProposalId) -> []byte()`. + +This index is used when tallying the proposal votes at the end of the voting period, and for pruning proposals at `VotingPeriodEnd + MaxExecutionPeriod`. + +### Vote Table + +The `voteTable` stores `Vote`s: `0x40 | BigEndian(ProposalId) | []byte(voter.Address) -> ProtocolBuffer(Vote)`. + +The `voteTable` is a primary key table and its `PrimaryKey` is given by +`BigEndian(ProposalId) | []byte(voter.Address)` which is used by the following indexes. + +#### voteByProposalIndex + +`voteByProposalIndex` allows to retrieve votes by proposal id: +`0x41 | BigEndian(ProposalId) | PrimaryKey -> []byte()`. + +#### voteByVoterIndex + +`voteByVoterIndex` allows to retrieve votes by voter address: +`0x42 | len([]byte(voter.Address)) | []byte(voter.Address) | PrimaryKey -> []byte()`. + +## Msg Service + +### Msg/CreateGroup + +A new group can be created with the `MsgCreateGroup`, which has an admin address, a list of members and some optional metadata. + +The metadata has a maximum length that is chosen by the app developer, and +passed into the group keeper as a config. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L67-L80 +``` + +It's expected to fail if + +* metadata length is greater than `MaxMetadataLen` config +* members are not correctly set (e.g. wrong address format, duplicates, or with 0 weight). + +### Msg/UpdateGroupMembers + +Group members can be updated with the `UpdateGroupMembers`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L88-L102 +``` + +In the list of `MemberUpdates`, an existing member can be removed by setting its weight to 0. + +It's expected to fail if: + +* the signer is not the admin of the group. +* for any one of the associated group policies, if its decision policy's `Validate()` method fails against the updated group. + +### Msg/UpdateGroupAdmin + +The `UpdateGroupAdmin` can be used to update a group admin. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L107-L120 +``` + +It's expected to fail if the signer is not the admin of the group. + +### Msg/UpdateGroupMetadata + +The `UpdateGroupMetadata` can be used to update a group metadata. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L125-L138 +``` + +It's expected to fail if: + +* new metadata length is greater than `MaxMetadataLen` config. +* the signer is not the admin of the group. + +### Msg/CreateGroupPolicy + +A new group policy can be created with the `MsgCreateGroupPolicy`, which has an admin address, a group id, a decision policy and some optional metadata. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L147-L165 +``` + +It's expected to fail if: + +* the signer is not the admin of the group. +* metadata length is greater than `MaxMetadataLen` config. +* the decision policy's `Validate()` method doesn't pass against the group. + +### Msg/CreateGroupWithPolicy + +A new group with policy can be created with the `MsgCreateGroupWithPolicy`, which has an admin address, a list of members, a decision policy, a `group_policy_as_admin` field to optionally set group and group policy admin with group policy address and some optional metadata for group and group policy. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L191-L215 +``` + +It's expected to fail for the same reasons as `Msg/CreateGroup` and `Msg/CreateGroupPolicy`. + +### Msg/UpdateGroupPolicyAdmin + +The `UpdateGroupPolicyAdmin` can be used to update a group policy admin. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L173-L186 +``` + +It's expected to fail if the signer is not the admin of the group policy. + +### Msg/UpdateGroupPolicyDecisionPolicy + +The `UpdateGroupPolicyDecisionPolicy` can be used to update a decision policy. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L226-L241 +``` + +It's expected to fail if: + +* the signer is not the admin of the group policy. +* the new decision policy's `Validate()` method doesn't pass against the group. + +### Msg/UpdateGroupPolicyMetadata + +The `UpdateGroupPolicyMetadata` can be used to update a group policy metadata. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L246-L259 +``` + +It's expected to fail if: + +* new metadata length is greater than `MaxMetadataLen` config. +* the signer is not the admin of the group. + +### Msg/SubmitProposal + +A new proposal can be created with the `MsgSubmitProposal`, which has a group policy account address, a list of proposers addresses, a list of messages to execute if the proposal is accepted and some optional metadata. +An optional `Exec` value can be provided to try to execute the proposal immediately after proposal creation. Proposers signatures are considered as yes votes in this case. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L281-L315 +``` + +It's expected to fail if: + +* metadata, title, or summary length is greater than `MaxMetadataLen` config. +* if any of the proposers is not a group member. + +### Msg/WithdrawProposal + +A proposal can be withdrawn using `MsgWithdrawProposal` which has an `address` (can be either a proposer or the group policy admin) and a `proposal_id` (which has to be withdrawn). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L323-L333 +``` + +It's expected to fail if: + +* the signer is neither the group policy admin nor proposer of the proposal. +* the proposal is already closed or aborted. + +### Msg/Vote + +A new vote can be created with the `MsgVote`, given a proposal id, a voter address, a choice (yes, no, veto or abstain) and some optional metadata. +An optional `Exec` value can be provided to try to execute the proposal immediately after voting. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L338-L358 +``` + +It's expected to fail if: + +* metadata length is greater than `MaxMetadataLen` config. +* the proposal is not in voting period anymore. + +### Msg/Exec + +A proposal can be executed with the `MsgExec`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L363-L373 +``` + +The messages that are part of this proposal won't be executed if: + +* the proposal has not been accepted by the group policy. +* the proposal has already been successfully executed. + +### Msg/LeaveGroup + +The `MsgLeaveGroup` allows group member to leave a group. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L381-L391 +``` + +It's expected to fail if: + +* the group member is not part of the group. +* for any one of the associated group policies, if its decision policy's `Validate()` method fails against the updated group. + +## Events + +The group module emits the following events: + +### EventCreateGroup + +| Type | Attribute Key | Attribute Value | +| -------------------------------- | ------------- | -------------------------------- | +| message | action | /cosmos.group.v1.Msg/CreateGroup | +| cosmos.group.v1.EventCreateGroup | group_id | {groupId} | + +### EventUpdateGroup + +| Type | Attribute Key | Attribute Value | +| -------------------------------- | ------------- | ---------------------------------------------------------- | +| message | action | /cosmos.group.v1.Msg/UpdateGroup{Admin\|Metadata\|Members} | +| cosmos.group.v1.EventUpdateGroup | group_id | {groupId} | + +### EventCreateGroupPolicy + +| Type | Attribute Key | Attribute Value | +| -------------------------------------- | ------------- | -------------------------------------- | +| message | action | /cosmos.group.v1.Msg/CreateGroupPolicy | +| cosmos.group.v1.EventCreateGroupPolicy | address | {groupPolicyAddress} | + +### EventUpdateGroupPolicy + +| Type | Attribute Key | Attribute Value | +| -------------------------------------- | ------------- | ----------------------------------------------------------------------- | +| message | action | /cosmos.group.v1.Msg/UpdateGroupPolicy{Admin\|Metadata\|DecisionPolicy} | +| cosmos.group.v1.EventUpdateGroupPolicy | address | {groupPolicyAddress} | + +### EventCreateProposal + +| Type | Attribute Key | Attribute Value | +| ----------------------------------- | ------------- | ----------------------------------- | +| message | action | /cosmos.group.v1.Msg/CreateProposal | +| cosmos.group.v1.EventCreateProposal | proposal_id | {proposalId} | + +### EventWithdrawProposal + +| Type | Attribute Key | Attribute Value | +| ------------------------------------- | ------------- | ------------------------------------- | +| message | action | /cosmos.group.v1.Msg/WithdrawProposal | +| cosmos.group.v1.EventWithdrawProposal | proposal_id | {proposalId} | + +### EventVote + +| Type | Attribute Key | Attribute Value | +| ------------------------- | ------------- | ------------------------- | +| message | action | /cosmos.group.v1.Msg/Vote | +| cosmos.group.v1.EventVote | proposal_id | {proposalId} | + +## EventExec + +| Type | Attribute Key | Attribute Value | +| ------------------------- | ------------- | ------------------------- | +| message | action | /cosmos.group.v1.Msg/Exec | +| cosmos.group.v1.EventExec | proposal_id | {proposalId} | +| cosmos.group.v1.EventExec | logs | {logs_string} | + +### EventLeaveGroup + +| Type | Attribute Key | Attribute Value | +| ------------------------------- | ------------- | ------------------------------- | +| message | action | /cosmos.group.v1.Msg/LeaveGroup | +| cosmos.group.v1.EventLeaveGroup | proposal_id | {proposalId} | +| cosmos.group.v1.EventLeaveGroup | address | {address} | + + +## Client + +### CLI + +A user can query and interact with the `group` module using the CLI. + +#### Query + +The `query` commands allow users to query `group` state. + +```bash +simd query group --help +``` + +##### group-info + +The `group-info` command allows users to query for group info by given group id. + +```bash +simd query group group-info [id] [flags] +``` + +Example: + +```bash +simd query group group-info 1 +``` + +Example Output: + +```bash +admin: cosmos1.. +group_id: "1" +metadata: AQ== +total_weight: "3" +version: "1" +``` + +##### group-policy-info + +The `group-policy-info` command allows users to query for group policy info by account address of group policy . + +```bash +simd query group group-policy-info [group-policy-account] [flags] +``` + +Example: + +```bash +simd query group group-policy-info cosmos1.. +``` + +Example Output: + +```bash +address: cosmos1.. +admin: cosmos1.. +decision_policy: + '@type': /cosmos.group.v1.ThresholdDecisionPolicy + threshold: "1" + windows: + min_execution_period: 0s + voting_period: 432000s +group_id: "1" +metadata: AQ== +version: "1" +``` + +##### group-members + +The `group-members` command allows users to query for group members by group id with pagination flags. + +```bash +simd query group group-members [id] [flags] +``` + +Example: + +```bash +simd query group group-members 1 +``` + +Example Output: + +```bash +members: +- group_id: "1" + member: + address: cosmos1.. + metadata: AQ== + weight: "2" +- group_id: "1" + member: + address: cosmos1.. + metadata: AQ== + weight: "1" +pagination: + next_key: null + total: "2" +``` + +##### groups-by-admin + +The `groups-by-admin` command allows users to query for groups by admin account address with pagination flags. + +```bash +simd query group groups-by-admin [admin] [flags] +``` + +Example: + +```bash +simd query group groups-by-admin cosmos1.. +``` + +Example Output: + +```bash +groups: +- admin: cosmos1.. + group_id: "1" + metadata: AQ== + total_weight: "3" + version: "1" +- admin: cosmos1.. + group_id: "2" + metadata: AQ== + total_weight: "3" + version: "1" +pagination: + next_key: null + total: "2" +``` + +##### group-policies-by-group + +The `group-policies-by-group` command allows users to query for group policies by group id with pagination flags. + +```bash +simd query group group-policies-by-group [group-id] [flags] +``` + +Example: + +```bash +simd query group group-policies-by-group 1 +``` + +Example Output: + +```bash +group_policies: +- address: cosmos1.. + admin: cosmos1.. + decision_policy: + '@type': /cosmos.group.v1.ThresholdDecisionPolicy + threshold: "1" + windows: + min_execution_period: 0s + voting_period: 432000s + group_id: "1" + metadata: AQ== + version: "1" +- address: cosmos1.. + admin: cosmos1.. + decision_policy: + '@type': /cosmos.group.v1.ThresholdDecisionPolicy + threshold: "1" + windows: + min_execution_period: 0s + voting_period: 432000s + group_id: "1" + metadata: AQ== + version: "1" +pagination: + next_key: null + total: "2" +``` + +##### group-policies-by-admin + +The `group-policies-by-admin` command allows users to query for group policies by admin account address with pagination flags. + +```bash +simd query group group-policies-by-admin [admin] [flags] +``` + +Example: + +```bash +simd query group group-policies-by-admin cosmos1.. +``` + +Example Output: + +```bash +group_policies: +- address: cosmos1.. + admin: cosmos1.. + decision_policy: + '@type': /cosmos.group.v1.ThresholdDecisionPolicy + threshold: "1" + windows: + min_execution_period: 0s + voting_period: 432000s + group_id: "1" + metadata: AQ== + version: "1" +- address: cosmos1.. + admin: cosmos1.. + decision_policy: + '@type': /cosmos.group.v1.ThresholdDecisionPolicy + threshold: "1" + windows: + min_execution_period: 0s + voting_period: 432000s + group_id: "1" + metadata: AQ== + version: "1" +pagination: + next_key: null + total: "2" +``` + +##### proposal + +The `proposal` command allows users to query for proposal by id. + +```bash +simd query group proposal [id] [flags] +``` + +Example: + +```bash +simd query group proposal 1 +``` + +Example Output: + +```bash +proposal: + address: cosmos1.. + executor_result: EXECUTOR_RESULT_NOT_RUN + group_policy_version: "1" + group_version: "1" + metadata: AQ== + msgs: + - '@type': /cosmos.bank.v1beta1.MsgSend + amount: + - amount: "100000000" + denom: stake + from_address: cosmos1.. + to_address: cosmos1.. + proposal_id: "1" + proposers: + - cosmos1.. + result: RESULT_UNFINALIZED + status: STATUS_SUBMITTED + submitted_at: "2021-12-17T07:06:26.310638964Z" + windows: + min_execution_period: 0s + voting_period: 432000s + vote_state: + abstain_count: "0" + no_count: "0" + veto_count: "0" + yes_count: "0" + summary: "Summary" + title: "Title" +``` + +##### proposals-by-group-policy + +The `proposals-by-group-policy` command allows users to query for proposals by account address of group policy with pagination flags. + +```bash +simd query group proposals-by-group-policy [group-policy-account] [flags] +``` + +Example: + +```bash +simd query group proposals-by-group-policy cosmos1.. +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "1" +proposals: +- address: cosmos1.. + executor_result: EXECUTOR_RESULT_NOT_RUN + group_policy_version: "1" + group_version: "1" + metadata: AQ== + msgs: + - '@type': /cosmos.bank.v1beta1.MsgSend + amount: + - amount: "100000000" + denom: stake + from_address: cosmos1.. + to_address: cosmos1.. + proposal_id: "1" + proposers: + - cosmos1.. + result: RESULT_UNFINALIZED + status: STATUS_SUBMITTED + submitted_at: "2021-12-17T07:06:26.310638964Z" + windows: + min_execution_period: 0s + voting_period: 432000s + vote_state: + abstain_count: "0" + no_count: "0" + veto_count: "0" + yes_count: "0" + summary: "Summary" + title: "Title" +``` + +##### vote + +The `vote` command allows users to query for vote by proposal id and voter account address. + +```bash +simd query group vote [proposal-id] [voter] [flags] +``` + +Example: + +```bash +simd query group vote 1 cosmos1.. +``` + +Example Output: + +```bash +vote: + choice: CHOICE_YES + metadata: AQ== + proposal_id: "1" + submitted_at: "2021-12-17T08:05:02.490164009Z" + voter: cosmos1.. +``` + +##### votes-by-proposal + +The `votes-by-proposal` command allows users to query for votes by proposal id with pagination flags. + +```bash +simd query group votes-by-proposal [proposal-id] [flags] +``` + +Example: + +```bash +simd query group votes-by-proposal 1 +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "1" +votes: +- choice: CHOICE_YES + metadata: AQ== + proposal_id: "1" + submitted_at: "2021-12-17T08:05:02.490164009Z" + voter: cosmos1.. +``` + +##### votes-by-voter + +The `votes-by-voter` command allows users to query for votes by voter account address with pagination flags. + +```bash +simd query group votes-by-voter [voter] [flags] +``` + +Example: + +```bash +simd query group votes-by-voter cosmos1.. +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "1" +votes: +- choice: CHOICE_YES + metadata: AQ== + proposal_id: "1" + submitted_at: "2021-12-17T08:05:02.490164009Z" + voter: cosmos1.. +``` + +### Transactions + +The `tx` commands allow users to interact with the `group` module. + +```bash +simd tx group --help +``` + +#### create-group + +The `create-group` command allows users to create a group which is an aggregation of member accounts with associated weights and +an administrator account. + +```bash +simd tx group create-group [admin] [metadata] [members-json-file] +``` + +Example: + +```bash +simd tx group create-group cosmos1.. "AQ==" members.json +``` + +#### update-group-admin + +The `update-group-admin` command allows users to update a group's admin. + +```bash +simd tx group update-group-admin [admin] [group-id] [new-admin] [flags] +``` + +Example: + +```bash +simd tx group update-group-admin cosmos1.. 1 cosmos1.. +``` + +#### update-group-members + +The `update-group-members` command allows users to update a group's members. + +```bash +simd tx group update-group-members [admin] [group-id] [members-json-file] [flags] +``` + +Example: + +```bash +simd tx group update-group-members cosmos1.. 1 members.json +``` + +#### update-group-metadata + +The `update-group-metadata` command allows users to update a group's metadata. + +```bash +simd tx group update-group-metadata [admin] [group-id] [metadata] [flags] +``` + +Example: + +```bash +simd tx group update-group-metadata cosmos1.. 1 "AQ==" +``` + +#### create-group-policy + +The `create-group-policy` command allows users to create a group policy which is an account associated with a group and a decision policy. + +```bash +simd tx group create-group-policy [admin] [group-id] [metadata] [decision-policy] [flags] +``` + +Example: + +```bash +simd tx group create-group-policy cosmos1.. 1 "AQ==" '{"@type":"/cosmos.group.v1.ThresholdDecisionPolicy", "threshold":"1", "windows": {"voting_period": "120h", "min_execution_period": "0s"}}' +``` + +#### create-group-with-policy + +The `create-group-with-policy` command allows users to create a group which is an aggregation of member accounts with associated weights and an administrator account with decision policy. If the `--group-policy-as-admin` flag is set to `true`, the group policy address becomes the group and group policy admin. + +```bash +simd tx group create-group-with-policy [admin] [group-metadata] [group-policy-metadata] [members-json-file] [decision-policy] [flags] +``` + +Example: + +```bash +simd tx group create-group-with-policy cosmos1.. "AQ==" "AQ==" members.json '{"@type":"/cosmos.group.v1.ThresholdDecisionPolicy", "threshold":"1", "windows": {"voting_period": "120h", "min_execution_period": "0s"}}' +``` + +#### update-group-policy-admin + +The `update-group-policy-admin` command allows users to update a group policy admin. + +```bash +simd tx group update-group-policy-admin [admin] [group-policy-account] [new-admin] [flags] +``` + +Example: + +```bash +simd tx group update-group-policy-admin cosmos1.. cosmos1.. cosmos1.. +``` + +#### update-group-policy-metadata + +The `update-group-policy-metadata` command allows users to update a group policy metadata. + +```bash +simd tx group update-group-policy-metadata [admin] [group-policy-account] [new-metadata] [flags] +``` + +Example: + +```bash +simd tx group update-group-policy-metadata cosmos1.. cosmos1.. "AQ==" +``` + +#### update-group-policy-decision-policy + +The `update-group-policy-decision-policy` command allows users to update a group policy's decision policy. + +```bash +simd tx group update-group-policy-decision-policy [admin] [group-policy-account] [decision-policy] [flags] +``` + +Example: + +```bash +simd tx group update-group-policy-decision-policy cosmos1.. cosmos1.. '{"@type":"/cosmos.group.v1.ThresholdDecisionPolicy", "threshold":"2", "windows": {"voting_period": "120h", "min_execution_period": "0s"}}' +``` + +#### create-proposal + +The `create-proposal` command allows users to submit a new proposal. + +```bash +simd tx group create-proposal [group-policy-account] [proposer[,proposer]*] [msg_tx_json_file] [metadata] [flags] +``` + +Example: + +```bash +simd tx group create-proposal cosmos1.. cosmos1.. msg_tx.json "AQ==" +``` + +#### withdraw-proposal + +The `withdraw-proposal` command allows users to withdraw a proposal. + +```bash +simd tx group withdraw-proposal [proposal-id] [group-policy-admin-or-proposer] +``` + +Example: + +```bash +simd tx group withdraw-proposal 1 cosmos1.. +``` + +#### vote + +The `vote` command allows users to vote on a proposal. + +```bash +simd tx group vote proposal-id] [voter] [choice] [metadata] [flags] +``` + +Example: + +```bash +simd tx group vote 1 cosmos1.. CHOICE_YES "AQ==" +``` + +#### exec + +The `exec` command allows users to execute a proposal. + +```bash +simd tx group exec [proposal-id] [flags] +``` + +Example: + +```bash +simd tx group exec 1 +``` + +#### leave-group + +The `leave-group` command allows group member to leave the group. + +```bash +simd tx group leave-group [member-address] [group-id] +``` + +Example: + +```bash +simd tx group leave-group cosmos1... 1 +``` + +### gRPC + +A user can query the `group` module using gRPC endpoints. + +#### GroupInfo + +The `GroupInfo` endpoint allows users to query for group info by given group id. + +```bash +cosmos.group.v1.Query/GroupInfo +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"group_id":1}' localhost:9090 cosmos.group.v1.Query/GroupInfo +``` + +Example Output: + +```bash +{ + "info": { + "groupId": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "totalWeight": "3" + } +} +``` + +#### GroupPolicyInfo + +The `GroupPolicyInfo` endpoint allows users to query for group policy info by account address of group policy. + +```bash +cosmos.group.v1.Query/GroupPolicyInfo +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"address":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/GroupPolicyInfo +``` + +Example Output: + +```bash +{ + "info": { + "address": "cosmos1..", + "groupId": "1", + "admin": "cosmos1..", + "version": "1", + "decisionPolicy": {"@type":"/cosmos.group.v1.ThresholdDecisionPolicy","threshold":"1","windows": {"voting_period": "120h", "min_execution_period": "0s"}}, + } +} +``` + +#### GroupMembers + +The `GroupMembers` endpoint allows users to query for group members by group id with pagination flags. + +```bash +cosmos.group.v1.Query/GroupMembers +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"group_id":"1"}' localhost:9090 cosmos.group.v1.Query/GroupMembers +``` + +Example Output: + +```bash +{ + "members": [ + { + "groupId": "1", + "member": { + "address": "cosmos1..", + "weight": "1" + } + }, + { + "groupId": "1", + "member": { + "address": "cosmos1..", + "weight": "2" + } + } + ], + "pagination": { + "total": "2" + } +} +``` + +#### GroupsByAdmin + +The `GroupsByAdmin` endpoint allows users to query for groups by admin account address with pagination flags. + +```bash +cosmos.group.v1.Query/GroupsByAdmin +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"admin":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/GroupsByAdmin +``` + +Example Output: + +```bash +{ + "groups": [ + { + "groupId": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "totalWeight": "3" + }, + { + "groupId": "2", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "totalWeight": "3" + } + ], + "pagination": { + "total": "2" + } +} +``` + +#### GroupPoliciesByGroup + +The `GroupPoliciesByGroup` endpoint allows users to query for group policies by group id with pagination flags. + +```bash +cosmos.group.v1.Query/GroupPoliciesByGroup +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"group_id":"1"}' localhost:9090 cosmos.group.v1.Query/GroupPoliciesByGroup +``` + +Example Output: + +```bash +{ + "GroupPolicies": [ + { + "address": "cosmos1..", + "groupId": "1", + "admin": "cosmos1..", + "version": "1", + "decisionPolicy": {"@type":"/cosmos.group.v1.ThresholdDecisionPolicy","threshold":"1","windows":{"voting_period": "120h", "min_execution_period": "0s"}}, + }, + { + "address": "cosmos1..", + "groupId": "1", + "admin": "cosmos1..", + "version": "1", + "decisionPolicy": {"@type":"/cosmos.group.v1.ThresholdDecisionPolicy","threshold":"1","windows":{"voting_period": "120h", "min_execution_period": "0s"}}, + } + ], + "pagination": { + "total": "2" + } +} +``` + +#### GroupPoliciesByAdmin + +The `GroupPoliciesByAdmin` endpoint allows users to query for group policies by admin account address with pagination flags. + +```bash +cosmos.group.v1.Query/GroupPoliciesByAdmin +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"admin":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/GroupPoliciesByAdmin +``` + +Example Output: + +```bash +{ + "GroupPolicies": [ + { + "address": "cosmos1..", + "groupId": "1", + "admin": "cosmos1..", + "version": "1", + "decisionPolicy": {"@type":"/cosmos.group.v1.ThresholdDecisionPolicy","threshold":"1","windows":{"voting_period": "120h", "min_execution_period": "0s"}}, + }, + { + "address": "cosmos1..", + "groupId": "1", + "admin": "cosmos1..", + "version": "1", + "decisionPolicy": {"@type":"/cosmos.group.v1.ThresholdDecisionPolicy","threshold":"1","windows":{"voting_period": "120h", "min_execution_period": "0s"}}, + } + ], + "pagination": { + "total": "2" + } +} +``` + +#### Proposal + +The `Proposal` endpoint allows users to query for proposal by id. + +```bash +cosmos.group.v1.Query/Proposal +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' localhost:9090 cosmos.group.v1.Query/Proposal +``` + +Example Output: + +```bash +{ + "proposal": { + "proposalId": "1", + "address": "cosmos1..", + "proposers": [ + "cosmos1.." + ], + "submittedAt": "2021-12-17T07:06:26.310638964Z", + "groupVersion": "1", + "GroupPolicyVersion": "1", + "status": "STATUS_SUBMITTED", + "result": "RESULT_UNFINALIZED", + "voteState": { + "yesCount": "0", + "noCount": "0", + "abstainCount": "0", + "vetoCount": "0" + }, + "windows": { + "min_execution_period": "0s", + "voting_period": "432000s" + }, + "executorResult": "EXECUTOR_RESULT_NOT_RUN", + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"100000000"}],"fromAddress":"cosmos1..","toAddress":"cosmos1.."} + ], + "title": "Title", + "summary": "Summary", + } +} +``` + +#### ProposalsByGroupPolicy + +The `ProposalsByGroupPolicy` endpoint allows users to query for proposals by account address of group policy with pagination flags. + +```bash +cosmos.group.v1.Query/ProposalsByGroupPolicy +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"address":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/ProposalsByGroupPolicy +``` + +Example Output: + +```bash +{ + "proposals": [ + { + "proposalId": "1", + "address": "cosmos1..", + "proposers": [ + "cosmos1.." + ], + "submittedAt": "2021-12-17T08:03:27.099649352Z", + "groupVersion": "1", + "GroupPolicyVersion": "1", + "status": "STATUS_CLOSED", + "result": "RESULT_ACCEPTED", + "voteState": { + "yesCount": "1", + "noCount": "0", + "abstainCount": "0", + "vetoCount": "0" + }, + "windows": { + "min_execution_period": "0s", + "voting_period": "432000s" + }, + "executorResult": "EXECUTOR_RESULT_NOT_RUN", + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"100000000"}],"fromAddress":"cosmos1..","toAddress":"cosmos1.."} + ], + "title": "Title", + "summary": "Summary", + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### VoteByProposalVoter + +The `VoteByProposalVoter` endpoint allows users to query for vote by proposal id and voter account address. + +```bash +cosmos.group.v1.Query/VoteByProposalVoter +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1","voter":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/VoteByProposalVoter +``` + +Example Output: + +```bash +{ + "vote": { + "proposalId": "1", + "voter": "cosmos1..", + "choice": "CHOICE_YES", + "submittedAt": "2021-12-17T08:05:02.490164009Z" + } +} +``` + +#### VotesByProposal + +The `VotesByProposal` endpoint allows users to query for votes by proposal id with pagination flags. + +```bash +cosmos.group.v1.Query/VotesByProposal +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' localhost:9090 cosmos.group.v1.Query/VotesByProposal +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposalId": "1", + "voter": "cosmos1..", + "choice": "CHOICE_YES", + "submittedAt": "2021-12-17T08:05:02.490164009Z" + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### VotesByVoter + +The `VotesByVoter` endpoint allows users to query for votes by voter account address with pagination flags. + +```bash +cosmos.group.v1.Query/VotesByVoter +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"voter":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/VotesByVoter +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposalId": "1", + "voter": "cosmos1..", + "choice": "CHOICE_YES", + "submittedAt": "2021-12-17T08:05:02.490164009Z" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### REST + +A user can query the `group` module using REST endpoints. + +#### GroupInfo + +The `GroupInfo` endpoint allows users to query for group info by given group id. + +```bash +/cosmos/group/v1/group_info/{group_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/group_info/1 +``` + +Example Output: + +```bash +{ + "info": { + "id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "total_weight": "3" + } +} +``` + +#### GroupPolicyInfo + +The `GroupPolicyInfo` endpoint allows users to query for group policy info by account address of group policy. + +```bash +/cosmos/group/v1/group_policy_info/{address} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/group_policy_info/cosmos1.. +``` + +Example Output: + +```bash +{ + "info": { + "address": "cosmos1..", + "group_id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "decision_policy": { + "@type": "/cosmos.group.v1.ThresholdDecisionPolicy", + "threshold": "1", + "windows": { + "voting_period": "120h", + "min_execution_period": "0s" + } + }, + } +} +``` + +#### GroupMembers + +The `GroupMembers` endpoint allows users to query for group members by group id with pagination flags. + +```bash +/cosmos/group/v1/group_members/{group_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/group_members/1 +``` + +Example Output: + +```bash +{ + "members": [ + { + "group_id": "1", + "member": { + "address": "cosmos1..", + "weight": "1", + "metadata": "AQ==" + } + }, + { + "group_id": "1", + "member": { + "address": "cosmos1..", + "weight": "2", + "metadata": "AQ==" + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +#### GroupsByAdmin + +The `GroupsByAdmin` endpoint allows users to query for groups by admin account address with pagination flags. + +```bash +/cosmos/group/v1/groups_by_admin/{admin} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/groups_by_admin/cosmos1.. +``` + +Example Output: + +```bash +{ + "groups": [ + { + "id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "total_weight": "3" + }, + { + "id": "2", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "total_weight": "3" + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +#### GroupPoliciesByGroup + +The `GroupPoliciesByGroup` endpoint allows users to query for group policies by group id with pagination flags. + +```bash +/cosmos/group/v1/group_policies_by_group/{group_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/group_policies_by_group/1 +``` + +Example Output: + +```bash +{ + "group_policies": [ + { + "address": "cosmos1..", + "group_id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "decision_policy": { + "@type": "/cosmos.group.v1.ThresholdDecisionPolicy", + "threshold": "1", + "windows": { + "voting_period": "120h", + "min_execution_period": "0s" + } + }, + }, + { + "address": "cosmos1..", + "group_id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "decision_policy": { + "@type": "/cosmos.group.v1.ThresholdDecisionPolicy", + "threshold": "1", + "windows": { + "voting_period": "120h", + "min_execution_period": "0s" + } + }, + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +#### GroupPoliciesByAdmin + +The `GroupPoliciesByAdmin` endpoint allows users to query for group policies by admin account address with pagination flags. + +```bash +/cosmos/group/v1/group_policies_by_admin/{admin} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/group_policies_by_admin/cosmos1.. +``` + +Example Output: + +```bash +{ + "group_policies": [ + { + "address": "cosmos1..", + "group_id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "decision_policy": { + "@type": "/cosmos.group.v1.ThresholdDecisionPolicy", + "threshold": "1", + "windows": { + "voting_period": "120h", + "min_execution_period": "0s" + } + }, + }, + { + "address": "cosmos1..", + "group_id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "decision_policy": { + "@type": "/cosmos.group.v1.ThresholdDecisionPolicy", + "threshold": "1", + "windows": { + "voting_period": "120h", + "min_execution_period": "0s" + } + }, + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +``` + +#### Proposal + +The `Proposal` endpoint allows users to query for proposal by id. + +```bash +/cosmos/group/v1/proposal/{proposal_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/proposal/1 +``` + +Example Output: + +```bash +{ + "proposal": { + "proposal_id": "1", + "address": "cosmos1..", + "metadata": "AQ==", + "proposers": [ + "cosmos1.." + ], + "submitted_at": "2021-12-17T07:06:26.310638964Z", + "group_version": "1", + "group_policy_version": "1", + "status": "STATUS_SUBMITTED", + "result": "RESULT_UNFINALIZED", + "vote_state": { + "yes_count": "0", + "no_count": "0", + "abstain_count": "0", + "veto_count": "0" + }, + "windows": { + "min_execution_period": "0s", + "voting_period": "432000s" + }, + "executor_result": "EXECUTOR_RESULT_NOT_RUN", + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1..", + "to_address": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "100000000" + } + ] + } + ], + "title": "Title", + "summary": "Summary", + } +} +``` + +#### ProposalsByGroupPolicy + +The `ProposalsByGroupPolicy` endpoint allows users to query for proposals by account address of group policy with pagination flags. + +```bash +/cosmos/group/v1/proposals_by_group_policy/{address} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/proposals_by_group_policy/cosmos1.. +``` + +Example Output: + +```bash +{ + "proposals": [ + { + "id": "1", + "group_policy_address": "cosmos1..", + "metadata": "AQ==", + "proposers": [ + "cosmos1.." + ], + "submit_time": "2021-12-17T08:03:27.099649352Z", + "group_version": "1", + "group_policy_version": "1", + "status": "STATUS_CLOSED", + "result": "RESULT_ACCEPTED", + "vote_state": { + "yes_count": "1", + "no_count": "0", + "abstain_count": "0", + "veto_count": "0" + }, + "windows": { + "min_execution_period": "0s", + "voting_period": "432000s" + }, + "executor_result": "EXECUTOR_RESULT_NOT_RUN", + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1..", + "to_address": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "100000000" + } + ] + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### VoteByProposalVoter + +The `VoteByProposalVoter` endpoint allows users to query for vote by proposal id and voter account address. + +```bash +/cosmos/group/v1/vote_by_proposal_voter/{proposal_id}/{voter} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1beta1/vote_by_proposal_voter/1/cosmos1.. +``` + +Example Output: + +```bash +{ + "vote": { + "proposal_id": "1", + "voter": "cosmos1..", + "choice": "CHOICE_YES", + "metadata": "AQ==", + "submitted_at": "2021-12-17T08:05:02.490164009Z" + } +} +``` + +#### VotesByProposal + +The `VotesByProposal` endpoint allows users to query for votes by proposal id with pagination flags. + +```bash +/cosmos/group/v1/votes_by_proposal/{proposal_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/votes_by_proposal/1 +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposal_id": "1", + "voter": "cosmos1..", + "option": "CHOICE_YES", + "metadata": "AQ==", + "submit_time": "2021-12-17T08:05:02.490164009Z" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### VotesByVoter + +The `VotesByVoter` endpoint allows users to query for votes by voter account address with pagination flags. + +```bash +/cosmos/group/v1/votes_by_voter/{voter} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/votes_by_voter/cosmos1.. +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposal_id": "1", + "voter": "cosmos1..", + "choice": "CHOICE_YES", + "metadata": "AQ==", + "submitted_at": "2021-12-17T08:05:02.490164009Z" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +## Metadata + +The group module has four locations for metadata where users can provide further context about the on-chain actions they are taking. By default all metadata fields have a 255 character length field where metadata can be stored in json format, either on-chain or off-chain depending on the amount of data required. Here we provide a recommendation for the json structure and where the data should be stored. There are two important factors in making these recommendations. First, that the group and gov modules are consistent with one another, note the number of proposals made by all groups may be quite large. Second, that client applications such as block explorers and governance interfaces have confidence in the consistency of metadata structure accross chains. + +### Proposal + +Location: off-chain as json object stored on IPFS (mirrors [gov proposal](../gov/README.md#metadata)) + +```json +{ + "title": "", + "authors": [""], + "summary": "", + "details": "", + "proposal_forum_url": "", + "vote_option_context": "", +} +``` + +:::note +The `authors` field is an array of strings, this is to allow for multiple authors to be listed in the metadata. +In v0.46, the `authors` field is a comma-separated string. Frontends are encouraged to support both formats for backwards compatibility. +::: + +### Vote + +Location: on-chain as json within 255 character limit (mirrors [gov vote](../gov/README.md#metadata)) + +```json +{ + "justification": "", +} +``` + +### Group + +Location: off-chain as json object stored on IPFS + +```json +{ + "name": "", + "description": "", + "group_website_url": "", + "group_forum_url": "", +} +``` + +### Decision policy + +Location: on-chain as json within 255 character limit + +```json +{ + "name": "", + "description": "", +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/modules/mint/README.md b/copy-of-sdk-versioned_docs/version-0.47/build/modules/mint/README.md new file mode 100644 index 00000000..900615bb --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/modules/mint/README.md @@ -0,0 +1,383 @@ +--- +sidebar_position: 1 +--- + +# `x/mint` + +## Contents + +* [State](#state) + * [Minter](#minter) + * [Params](#params) +* [Begin-Block](#begin-block) + * [NextInflationRate](#nextinflationrate) + * [NextAnnualProvisions](#nextannualprovisions) + * [BlockProvision](#blockprovision) +* [Parameters](#parameters) +* [Events](#events) + * [BeginBlocker](#beginblocker) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) + +## Concepts + +### The Minting Mechanism + +The minting mechanism was designed to: + +* allow for a flexible inflation rate determined by market demand targeting a particular bonded-stake ratio +* effect a balance between market liquidity and staked supply + +In order to best determine the appropriate market rate for inflation rewards, a +moving change rate is used. The moving change rate mechanism ensures that if +the % bonded is either over or under the goal %-bonded, the inflation rate will +adjust to further incentivize or disincentivize being bonded, respectively. Setting the goal +%-bonded at less than 100% encourages the network to maintain some non-staked tokens +which should help provide some liquidity. + +It can be broken down in the following way: + +* If the inflation rate is below the goal %-bonded the inflation rate will + increase until a maximum value is reached +* If the goal % bonded (67% in Cosmos-Hub) is maintained, then the inflation + rate will stay constant +* If the inflation rate is above the goal %-bonded the inflation rate will + decrease until a minimum value is reached + + +## State + +### Minter + +The minter is a space for holding current inflation information. + +* Minter: `0x00 -> ProtocolBuffer(minter)` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/mint/v1beta1/mint.proto#L10-L24 +``` + +### Params + +The mint module stores it's params in state with the prefix of `0x01`, +it can be updated with governance or the address with authority. + +* Params: `mint/params -> legacy_amino(params)` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/mint/v1beta1/mint.proto#L26-L59 +``` + +## Begin-Block + +Minting parameters are recalculated and inflation paid at the beginning of each block. + +### Inflation rate calculation + +Inflation rate is calculated using an "inflation calculation function" that's +passed to the `NewAppModule` function. If no function is passed, then the SDK's +default inflation function will be used (`NextInflationRate`). In case a custom +inflation calculation logic is needed, this can be achieved by defining and +passing a function that matches `InflationCalculationFn`'s signature. + +```go +type InflationCalculationFn func(ctx sdk.Context, minter Minter, params Params, bondedRatio math.LegacyDec) math.LegacyDec +``` + +#### NextInflationRate + +The target annual inflation rate is recalculated each block. +The inflation is also subject to a rate change (positive or negative) +depending on the distance from the desired ratio (67%). The maximum rate change +possible is defined to be 13% per year, however the annual inflation is capped +as between 7% and 20%. + +```go +NextInflationRate(params Params, bondedRatio math.LegacyDec) (inflation math.LegacyDec) { + inflationRateChangePerYear = (1 - bondedRatio/params.GoalBonded) * params.InflationRateChange + inflationRateChange = inflationRateChangePerYear/blocksPerYr + + // increase the new annual inflation for this next block + inflation += inflationRateChange + if inflation > params.InflationMax { + inflation = params.InflationMax + } + if inflation < params.InflationMin { + inflation = params.InflationMin + } + + return inflation +} +``` + +### NextAnnualProvisions + +Calculate the annual provisions based on current total supply and inflation +rate. This parameter is calculated once per block. + +```go +NextAnnualProvisions(params Params, totalSupply math.LegacyDec) (provisions math.LegacyDec) { + return Inflation * totalSupply +``` + +### BlockProvision + +Calculate the provisions generated for each block based on current annual provisions. The provisions are then minted by the `mint` module's `ModuleMinterAccount` and then transferred to the `auth`'s `FeeCollector` `ModuleAccount`. + +```go +BlockProvision(params Params) sdk.Coin { + provisionAmt = AnnualProvisions/ params.BlocksPerYear + return sdk.NewCoin(params.MintDenom, provisionAmt.Truncate()) +``` + + +## Parameters + +The minting module contains the following parameters: + +| Key | Type | Example | +|---------------------|-----------------|------------------------| +| MintDenom | string | "uatom" | +| InflationRateChange | string (dec) | "0.130000000000000000" | +| InflationMax | string (dec) | "0.200000000000000000" | +| InflationMin | string (dec) | "0.070000000000000000" | +| GoalBonded | string (dec) | "0.670000000000000000" | +| BlocksPerYear | string (uint64) | "6311520" | + + +## Events + +The minting module emits the following events: + +### BeginBlocker + +| Type | Attribute Key | Attribute Value | +|------|-------------------|--------------------| +| mint | bonded_ratio | {bondedRatio} | +| mint | inflation | {inflation} | +| mint | annual_provisions | {annualProvisions} | +| mint | amount | {amount} | + + +## Client + +### CLI + +A user can query and interact with the `mint` module using the CLI. + +#### Query + +The `query` commands allow users to query `mint` state. + +```shell +simd query mint --help +``` + +##### annual-provisions + +The `annual-provisions` command allow users to query the current minting annual provisions value + +```shell +simd query mint annual-provisions [flags] +``` + +Example: + +```shell +simd query mint annual-provisions +``` + +Example Output: + +```shell +22268504368893.612100895088410693 +``` + +##### inflation + +The `inflation` command allow users to query the current minting inflation value + +```shell +simd query mint inflation [flags] +``` + +Example: + +```shell +simd query mint inflation +``` + +Example Output: + +```shell +0.199200302563256955 +``` + +##### params + +The `params` command allow users to query the current minting parameters + +```shell +simd query mint params [flags] +``` + +Example: + +```yml +blocks_per_year: "4360000" +goal_bonded: "0.670000000000000000" +inflation_max: "0.200000000000000000" +inflation_min: "0.070000000000000000" +inflation_rate_change: "0.130000000000000000" +mint_denom: stake +``` + +### gRPC + +A user can query the `mint` module using gRPC endpoints. + +#### AnnualProvisions + +The `AnnualProvisions` endpoint allow users to query the current minting annual provisions value + +```shell +/cosmos.mint.v1beta1.Query/AnnualProvisions +``` + +Example: + +```shell +grpcurl -plaintext localhost:9090 cosmos.mint.v1beta1.Query/AnnualProvisions +``` + +Example Output: + +```json +{ + "annualProvisions": "1432452520532626265712995618" +} +``` + +#### Inflation + +The `Inflation` endpoint allow users to query the current minting inflation value + +```shell +/cosmos.mint.v1beta1.Query/Inflation +``` + +Example: + +```shell +grpcurl -plaintext localhost:9090 cosmos.mint.v1beta1.Query/Inflation +``` + +Example Output: + +```json +{ + "inflation": "130197115720711261" +} +``` + +#### Params + +The `Params` endpoint allow users to query the current minting parameters + +```shell +/cosmos.mint.v1beta1.Query/Params +``` + +Example: + +```shell +grpcurl -plaintext localhost:9090 cosmos.mint.v1beta1.Query/Params +``` + +Example Output: + +```json +{ + "params": { + "mintDenom": "stake", + "inflationRateChange": "130000000000000000", + "inflationMax": "200000000000000000", + "inflationMin": "70000000000000000", + "goalBonded": "670000000000000000", + "blocksPerYear": "6311520" + } +} +``` + +### REST + +A user can query the `mint` module using REST endpoints. + +#### annual-provisions + +```shell +/cosmos/mint/v1beta1/annual_provisions +``` + +Example: + +```shell +curl "localhost:1317/cosmos/mint/v1beta1/annual_provisions" +``` + +Example Output: + +```json +{ + "annualProvisions": "1432452520532626265712995618" +} +``` + +#### inflation + +```shell +/cosmos/mint/v1beta1/inflation +``` + +Example: + +```shell +curl "localhost:1317/cosmos/mint/v1beta1/inflation" +``` + +Example Output: + +```json +{ + "inflation": "130197115720711261" +} +``` + +#### params + +```shell +/cosmos/mint/v1beta1/params +``` + +Example: + +```shell +curl "localhost:1317/cosmos/mint/v1beta1/params" +``` + +Example Output: + +```json +{ + "params": { + "mintDenom": "stake", + "inflationRateChange": "130000000000000000", + "inflationMax": "200000000000000000", + "inflationMin": "70000000000000000", + "goalBonded": "670000000000000000", + "blocksPerYear": "6311520" + } +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/modules/nft/README.md b/copy-of-sdk-versioned_docs/version-0.47/build/modules/nft/README.md new file mode 100644 index 00000000..34c1d406 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/modules/nft/README.md @@ -0,0 +1,89 @@ +--- +sidebar_position: 1 +--- + +# `x/nft` + +## Contents + +## Abstract + +`x/nft` is an implementation of a Cosmos SDK module, per [ADR 43](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-043-nft-module.md), that allows you to create nft classification, create nft, transfer nft, update nft, and support various queries by integrating the module. It is fully compatible with the ERC721 specification. + +* [Concepts](#concepts) + * [Class](#class) + * [NFT](#nft) +* [State](#state) + * [Class](#class-1) + * [NFT](#nft-1) + * [NFTOfClassByOwner](#nftofclassbyowner) + * [Owner](#owner) + * [TotalSupply](#totalsupply) +* [Messages](#messages) + * [MsgSend](#msgsend) +* [Events](#events) + +## Concepts + +### Class + +`x/nft` module defines a struct `Class` to describe the common characteristics of a class of nft, under this class, you can create a variety of nft, which is equivalent to an erc721 contract for Ethereum. The design is defined in the [ADR 043](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-043-nft-module.md). + +### NFT + +The full name of NFT is Non-Fungible Tokens. Because of the irreplaceable nature of NFT, it means that it can be used to represent unique things. The nft implemented by this module is fully compatible with Ethereum ERC721 standard. + +## State + +### Class + +Class is mainly composed of `id`, `name`, `symbol`, `description`, `uri`, `uri_hash`,`data` where `id` is the unique identifier of the class, similar to the Ethereum ERC721 contract address, the others are optional. + +* Class: `0x01 | classID | -> ProtocolBuffer(Class)` + +### NFT + +NFT is mainly composed of `class_id`, `id`, `uri`, `uri_hash` and `data`. Among them, `class_id` and `id` are two-tuples that identify the uniqueness of nft, `uri` and `uri_hash` is optional, which identifies the off-chain storage location of the nft, and `data` is an Any type. Use Any chain of `x/nft` modules can be customized by extending this field + +* NFT: `0x02 | classID | 0x00 | nftID |-> ProtocolBuffer(NFT)` + +### NFTOfClassByOwner + +NFTOfClassByOwner is mainly to realize the function of querying all nfts using classID and owner, without other redundant functions. + +* NFTOfClassByOwner: `0x03 | owner | 0x00 | classID | 0x00 | nftID |-> 0x01` + +### Owner + +Since there is no extra field in NFT to indicate the owner of nft, an additional key-value pair is used to save the ownership of nft. With the transfer of nft, the key-value pair is updated synchronously. + +* OwnerKey: `0x04 | classID | 0x00 | nftID |-> owner` + +### TotalSupply + +TotalSupply is responsible for tracking the number of all nfts under a certain class. Mint operation is performed under the changed class, supply increases by one, burn operation, and supply decreases by one. + +* OwnerKey: `0x05 | classID |-> totalSupply` + +## Messages + +In this section we describe the processing of messages for the NFT module. + +:::warning +The validation of `ClassID` and `NftID` is left to the app developer. +The SDK does not provide any validation for these fields. +::: + +### MsgSend + +You can use the `MsgSend` message to transfer the ownership of nft. This is a function provided by the `x/nft` module. Of course, you can use the `Transfer` method to implement your own transfer logic, but you need to pay extra attention to the transfer permissions. + +The message handling should fail if: + +* provided `ClassID` does not exist. +* provided `Id` does not exist. +* provided `Sender` does not the owner of nft. + +## Events + +The nft module emits proto events defined in [the Protobuf reference](https://buf.build/cosmos/cosmos-sdk/docs/main:cosmos.nft.v1beta1). diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/modules/params/README.md b/copy-of-sdk-versioned_docs/version-0.47/build/modules/params/README.md new file mode 100644 index 00000000..f8d374d0 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/modules/params/README.md @@ -0,0 +1,79 @@ +--- +sidebar_position: 1 +--- + +# `x/params` + +> Note: The Params module has been depreacted in favour of each module housing its own parameters. + +## Abstract + +Package params provides a globally available parameter store. + +There are two main types, Keeper and Subspace. Subspace is an isolated namespace for a +paramstore, where keys are prefixed by preconfigured spacename. Keeper has a +permission to access all existing spaces. + +Subspace can be used by the individual keepers, which need a private parameter store +that the other keepers cannot modify. The params Keeper can be used to add a route to `x/gov` router in order to modify any parameter in case a proposal passes. + +The following contents explains how to use params module for master and user modules. + +## Contents + +* [Keeper](#keeper) +* [Subspace](#subspace) + * [Key](#key) + * [KeyTable](#keytable) + * [ParamSet](#paramset) + +## Keeper + +In the app initialization stage, [subspaces](#subspace) can be allocated for other modules' keeper using `Keeper.Subspace` and are stored in `Keeper.spaces`. Then, those modules can have a reference to their specific parameter store through `Keeper.GetSubspace`. + +Example: + +```go +type ExampleKeeper struct { + paramSpace paramtypes.Subspace +} + +func (k ExampleKeeper) SetParams(ctx sdk.Context, params types.Params) { + k.paramSpace.SetParamSet(ctx, ¶ms) +} +``` + +## Subspace + +`Subspace` is a prefixed subspace of the parameter store. Each module which uses the +parameter store will take a `Subspace` to isolate permission to access. + +### Key + +Parameter keys are human readable alphanumeric strings. A parameter for the key +`"ExampleParameter"` is stored under `[]byte("SubspaceName" + "/" + "ExampleParameter")`, + where `"SubspaceName"` is the name of the subspace. + +Subkeys are secondary parameter keys those are used along with a primary parameter key. +Subkeys can be used for grouping or dynamic parameter key generation during runtime. + +### KeyTable + +All of the parameter keys that will be used should be registered at the compile +time. `KeyTable` is essentially a `map[string]attribute`, where the `string` is a parameter key. + +Currently, `attribute` consists of a `reflect.Type`, which indicates the parameter +type to check that provided key and value are compatible and registered, as well as a function `ValueValidatorFn` to validate values. + +Only primary keys have to be registered on the `KeyTable`. Subkeys inherit the +attribute of the primary key. + +### ParamSet + +Modules often define parameters as a proto message. The generated struct can implement +`ParamSet` interface to be used with the following methods: + +* `KeyTable.RegisterParamSet()`: registers all parameters in the struct +* `Subspace.{Get, Set}ParamSet()`: Get to & Set from the struct + +The implementor should be a pointer in order to use `GetParamSet()`. diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/modules/slashing/README.md b/copy-of-sdk-versioned_docs/version-0.47/build/modules/slashing/README.md new file mode 100644 index 00000000..591a9a73 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/modules/slashing/README.md @@ -0,0 +1,813 @@ +--- +sidebar_position: 1 +--- + +# `x/slashing` + +## Abstract + +This section specifies the slashing module of the Cosmos SDK, which implements functionality +first outlined in the [Cosmos Whitepaper](https://cosmos.network/about/whitepaper) in June 2016. + +The slashing module enables Cosmos SDK-based blockchains to disincentivize any attributable action +by a protocol-recognized actor with value at stake by penalizing them ("slashing"). + +Penalties may include, but are not limited to: + +* Burning some amount of their stake +* Removing their ability to vote on future blocks for a period of time. + +This module will be used by the Cosmos Hub, the first hub in the Cosmos ecosystem. + +## Contents + +* [Concepts](#concepts) + * [States](#states) + * [Tombstone Caps](#tombstone-caps) + * [Infraction Timelines](#infraction-timelines) +* [State](#state) + * [Signing Info (Liveness)](#signing-info-liveness) + * [Params](#params) +* [Messages](#messages) + * [Unjail](#unjail) +* [BeginBlock](#beginblock) + * [Liveness Tracking](#liveness-tracking) +* [Hooks](#hooks) +* [Events](#events) +* [Staking Tombstone](#staking-tombstone) +* [Parameters](#parameters) +* [CLI](#cli) + * [Query](#query) + * [Transactions](#transactions) + * [gRPC](#grpc) + * [REST](#rest) + +## Concepts + +### States + +At any given time, there are any number of validators registered in the state +machine. Each block, the top `MaxValidators` (defined by `x/staking`) validators +who are not jailed become _bonded_, meaning that they may propose and vote on +blocks. Validators who are _bonded_ are _at stake_, meaning that part or all of +their stake and their delegators' stake is at risk if they commit a protocol fault. + +For each of these validators we keep a `ValidatorSigningInfo` record that contains +information partaining to validator's liveness and other infraction related +attributes. + +### Tombstone Caps + +In order to mitigate the impact of initially likely categories of non-malicious +protocol faults, the Cosmos Hub implements for each validator +a _tombstone_ cap, which only allows a validator to be slashed once for a double +sign fault. For example, if you misconfigure your HSM and double-sign a bunch of +old blocks, you'll only be punished for the first double-sign (and then immediately tombstombed). This will still be quite expensive and desirable to avoid, but tombstone caps +somewhat blunt the economic impact of unintentional misconfiguration. + +Liveness faults do not have caps, as they can't stack upon each other. Liveness bugs are "detected" as soon as the infraction occurs, and the validators are immediately put in jail, so it is not possible for them to commit multiple liveness faults without unjailing in between. + +### Infraction Timelines + +To illustrate how the `x/slashing` module handles submitted evidence through +CometBFT consensus, consider the following examples: + +**Definitions**: + +_[_ : timeline start +_]_ : timeline end +_Cn_ : infraction `n` committed +_Dn_ : infraction `n` discovered +_Vb_ : validator bonded +_Vu_ : validator unbonded + +#### Single Double Sign Infraction + +\[----------C1----D1,Vu-----\] + +A single infraction is committed then later discovered, at which point the +validator is unbonded and slashed at the full amount for the infraction. + +#### Multiple Double Sign Infractions + +\[----------C1--C2---C3---D1,D2,D3Vu-----\] + +Multiple infractions are committed and then later discovered, at which point the +validator is jailed and slashed for only one infraction. Because the validator +is also tombstoned, they can not rejoin the validator set. + +## State + +### Signing Info (Liveness) + +Every block includes a set of precommits by the validators for the previous block, +known as the `LastCommitInfo` provided by CometBFT. A `LastCommitInfo` is valid so +long as it contains precommits from +2/3 of total voting power. + +Proposers are incentivized to include precommits from all validators in the CometBFT `LastCommitInfo` +by receiving additional fees proportional to the difference between the voting +power included in the `LastCommitInfo` and +2/3 (see [fee distribution](../distribution/README.md#begin-block)). + +```go +type LastCommitInfo struct { + Round int32 + Votes []VoteInfo +} +``` + +Validators are penalized for failing to be included in the `LastCommitInfo` for some +number of blocks by being automatically jailed, potentially slashed, and unbonded. + +Information about validator's liveness activity is tracked through `ValidatorSigningInfo`. +It is indexed in the store as follows: + +* ValidatorSigningInfo: `0x01 | ConsAddrLen (1 byte) | ConsAddress -> ProtocolBuffer(ValSigningInfo)` +* MissedBlocksBitArray: `0x02 | ConsAddrLen (1 byte) | ConsAddress | LittleEndianUint64(signArrayIndex) -> VarInt(didMiss)` (varint is a number encoding format) + +The first mapping allows us to easily lookup the recent signing info for a +validator based on the validator's consensus address. + +The second mapping (`MissedBlocksBitArray`) acts +as a bit-array of size `SignedBlocksWindow` that tells us if the validator missed +the block for a given index in the bit-array. The index in the bit-array is given +as little endian uint64. +The result is a `varint` that takes on `0` or `1`, where `0` indicates the +validator did not miss (did sign) the corresponding block, and `1` indicates +they missed the block (did not sign). + +Note that the `MissedBlocksBitArray` is not explicitly initialized up-front. Keys +are added as we progress through the first `SignedBlocksWindow` blocks for a newly +bonded validator. The `SignedBlocksWindow` parameter defines the size +(number of blocks) of the sliding window used to track validator liveness. + +The information stored for tracking validator liveness is as follows: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/slashing/v1beta1/slashing.proto#L13-L35 +``` + +### Params + +The slashing module stores it's params in state with the prefix of `0x00`, +it can be updated with governance or the address with authority. + +* Params: `0x00 | ProtocolBuffer(Params)` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/slashing/v1beta1/slashing.proto#L37-L59 +``` + +## Messages + +In this section we describe the processing of messages for the `slashing` module. + +### Unjail + +If a validator was automatically unbonded due to downtime and wishes to come back online & +possibly rejoin the bonded set, it must send `MsgUnjail`: + +```protobuf +// MsgUnjail is an sdk.Msg used for unjailing a jailed validator, thus returning +// them into the bonded validator set, so they can begin receiving provisions +// and rewards again. +message MsgUnjail { + string validator_addr = 1; +} +``` + +Below is a pseudocode of the `MsgSrv/Unjail` RPC: + +```go +unjail(tx MsgUnjail) + validator = getValidator(tx.ValidatorAddr) + if validator == nil + fail with "No validator found" + + if getSelfDelegation(validator) == 0 + fail with "validator must self delegate before unjailing" + + if !validator.Jailed + fail with "Validator not jailed, cannot unjail" + + info = GetValidatorSigningInfo(operator) + if info.Tombstoned + fail with "Tombstoned validator cannot be unjailed" + if block time < info.JailedUntil + fail with "Validator still jailed, cannot unjail until period has expired" + + validator.Jailed = false + setValidator(validator) + + return +``` + +If the validator has enough stake to be in the top `n = MaximumBondedValidators`, it will be automatically rebonded, +and all delegators still delegated to the validator will be rebonded and begin to again collect +provisions and rewards. + +## BeginBlock + +### Liveness Tracking + +At the beginning of each block, we update the `ValidatorSigningInfo` for each +validator and check if they've crossed below the liveness threshold over a +sliding window. This sliding window is defined by `SignedBlocksWindow` and the +index in this window is determined by `IndexOffset` found in the validator's +`ValidatorSigningInfo`. For each block processed, the `IndexOffset` is incremented +regardless if the validator signed or not. Once the index is determined, the +`MissedBlocksBitArray` and `MissedBlocksCounter` are updated accordingly. + +Finally, in order to determine if a validator crosses below the liveness threshold, +we fetch the maximum number of blocks missed, `maxMissed`, which is +`SignedBlocksWindow - (MinSignedPerWindow * SignedBlocksWindow)` and the minimum +height at which we can determine liveness, `minHeight`. If the current block is +greater than `minHeight` and the validator's `MissedBlocksCounter` is greater than +`maxMissed`, they will be slashed by `SlashFractionDowntime`, will be jailed +for `DowntimeJailDuration`, and have the following values reset: +`MissedBlocksBitArray`, `MissedBlocksCounter`, and `IndexOffset`. + +**Note**: Liveness slashes do **NOT** lead to a tombstombing. + +```go +height := block.Height + +for vote in block.LastCommitInfo.Votes { + signInfo := GetValidatorSigningInfo(vote.Validator.Address) + + // This is a relative index, so we counts blocks the validator SHOULD have + // signed. We use the 0-value default signing info if not present, except for + // start height. + index := signInfo.IndexOffset % SignedBlocksWindow() + signInfo.IndexOffset++ + + // Update MissedBlocksBitArray and MissedBlocksCounter. The MissedBlocksCounter + // just tracks the sum of MissedBlocksBitArray. That way we avoid needing to + // read/write the whole array each time. + missedPrevious := GetValidatorMissedBlockBitArray(vote.Validator.Address, index) + missed := !signed + + switch { + case !missedPrevious && missed: + // array index has changed from not missed to missed, increment counter + SetValidatorMissedBlockBitArray(vote.Validator.Address, index, true) + signInfo.MissedBlocksCounter++ + + case missedPrevious && !missed: + // array index has changed from missed to not missed, decrement counter + SetValidatorMissedBlockBitArray(vote.Validator.Address, index, false) + signInfo.MissedBlocksCounter-- + + default: + // array index at this index has not changed; no need to update counter + } + + if missed { + // emit events... + } + + minHeight := signInfo.StartHeight + SignedBlocksWindow() + maxMissed := SignedBlocksWindow() - MinSignedPerWindow() + + // If we are past the minimum height and the validator has missed too many + // jail and slash them. + if height > minHeight && signInfo.MissedBlocksCounter > maxMissed { + validator := ValidatorByConsAddr(vote.Validator.Address) + + // emit events... + + // We need to retrieve the stake distribution which signed the block, so we + // subtract ValidatorUpdateDelay from the block height, and subtract an + // additional 1 since this is the LastCommit. + // + // Note, that this CAN result in a negative "distributionHeight" up to + // -ValidatorUpdateDelay-1, i.e. at the end of the pre-genesis block (none) = at the beginning of the genesis block. + // That's fine since this is just used to filter unbonding delegations & redelegations. + distributionHeight := height - sdk.ValidatorUpdateDelay - 1 + + SlashWithInfractionReason(vote.Validator.Address, distributionHeight, vote.Validator.Power, SlashFractionDowntime(), stakingtypes.Downtime) + Jail(vote.Validator.Address) + + signInfo.JailedUntil = block.Time.Add(DowntimeJailDuration()) + + // We need to reset the counter & array so that the validator won't be + // immediately slashed for downtime upon rebonding. + signInfo.MissedBlocksCounter = 0 + signInfo.IndexOffset = 0 + ClearValidatorMissedBlockBitArray(vote.Validator.Address) + } + + SetValidatorSigningInfo(vote.Validator.Address, signInfo) +} +``` + +## Hooks + +This section contains a description of the module's `hooks`. Hooks are operations that are executed automatically when events are raised. + +### Staking hooks + +The slashing module implements the `StakingHooks` defined in `x/staking` and are used as record-keeping of validators information. During the app initialization, these hooks should be registered in the staking module struct. + +The following hooks impact the slashing state: + +* `AfterValidatorBonded` creates a `ValidatorSigningInfo` instance as described in the following section. +* `AfterValidatorCreated` stores a validator's consensus key. +* `AfterValidatorRemoved` removes a validator's consensus key. + +### Validator Bonded + +Upon successful first-time bonding of a new validator, we create a new `ValidatorSigningInfo` structure for the +now-bonded validator, which `StartHeight` of the current block. + +If the validator was out of the validator set and gets bonded again, its new bonded height is set. + +```go +onValidatorBonded(address sdk.ValAddress) + + signingInfo, found = GetValidatorSigningInfo(address) + if !found { + signingInfo = ValidatorSigningInfo { + StartHeight : CurrentHeight, + IndexOffset : 0, + JailedUntil : time.Unix(0, 0), + Tombstone : false, + MissedBloskCounter : 0 + } else { + signingInfo.StartHeight = CurrentHeight + } + + setValidatorSigningInfo(signingInfo) + } + + return +``` + +## Events + +The slashing module emits the following events: + +### MsgServer + +#### MsgUnjail + +| Type | Attribute Key | Attribute Value | +| ------- | ------------- | ------------------ | +| message | module | slashing | +| message | sender | {validatorAddress} | + +### Keeper + +### BeginBlocker: HandleValidatorSignature + +| Type | Attribute Key | Attribute Value | +| ----- | ------------- | --------------------------- | +| slash | address | {validatorConsensusAddress} | +| slash | power | {validatorPower} | +| slash | reason | {slashReason} | +| slash | jailed [0] | {validatorConsensusAddress} | +| slash | burned coins | {math.Int} | + +* [0] Only included if the validator is jailed. + +| Type | Attribute Key | Attribute Value | +| -------- | ------------- | --------------------------- | +| liveness | address | {validatorConsensusAddress} | +| liveness | missed_blocks | {missedBlocksCounter} | +| liveness | height | {blockHeight} | + +#### Slash + +* same as `"slash"` event from `HandleValidatorSignature`, but without the `jailed` attribute. + +#### Jail + +| Type | Attribute Key | Attribute Value | +| ----- | ------------- | ------------------ | +| slash | jailed | {validatorAddress} | + +## Staking Tombstone + +### Abstract + +In the current implementation of the `slashing` module, when the consensus engine +informs the state machine of a validator's consensus fault, the validator is +partially slashed, and put into a "jail period", a period of time in which they +are not allowed to rejoin the validator set. However, because of the nature of +consensus faults and ABCI, there can be a delay between an infraction occurring, +and evidence of the infraction reaching the state machine (this is one of the +primary reasons for the existence of the unbonding period). + +> Note: The tombstone concept, only applies to faults that have a delay between +> the infraction occurring and evidence reaching the state machine. For example, +> evidence of a validator double signing may take a while to reach the state machine +> due to unpredictable evidence gossip layer delays and the ability of validators to +> selectively reveal double-signatures (e.g. to infrequently-online light clients). +> Liveness slashing, on the other hand, is detected immediately as soon as the +> infraction occurs, and therefore no slashing period is needed. A validator is +> immediately put into jail period, and they cannot commit another liveness fault +> until they unjail. In the future, there may be other types of byzantine faults +> that have delays (for example, submitting evidence of an invalid proposal as a transaction). +> When implemented, it will have to be decided whether these future types of +> byzantine faults will result in a tombstoning (and if not, the slash amounts +> will not be capped by a slashing period). + +In the current system design, once a validator is put in the jail for a consensus +fault, after the `JailPeriod` they are allowed to send a transaction to `unjail` +themselves, and thus rejoin the validator set. + +One of the "design desires" of the `slashing` module is that if multiple +infractions occur before evidence is executed (and a validator is put in jail), +they should only be punished for single worst infraction, but not cumulatively. +For example, if the sequence of events is: + +1. Validator A commits Infraction 1 (worth 30% slash) +2. Validator A commits Infraction 2 (worth 40% slash) +3. Validator A commits Infraction 3 (worth 35% slash) +4. Evidence for Infraction 1 reaches state machine (and validator is put in jail) +5. Evidence for Infraction 2 reaches state machine +6. Evidence for Infraction 3 reaches state machine + +Only Infraction 2 should have its slash take effect, as it is the highest. This +is done, so that in the case of the compromise of a validator's consensus key, +they will only be punished once, even if the hacker double-signs many blocks. +Because, the unjailing has to be done with the validator's operator key, they +have a chance to re-secure their consensus key, and then signal that they are +ready using their operator key. We call this period during which we track only +the max infraction, the "slashing period". + +Once, a validator rejoins by unjailing themselves, we begin a new slashing period; +if they commit a new infraction after unjailing, it gets slashed cumulatively on +top of the worst infraction from the previous slashing period. + +However, while infractions are grouped based off of the slashing periods, because +evidence can be submitted up to an `unbondingPeriod` after the infraction, we +still have to allow for evidence to be submitted for previous slashing periods. +For example, if the sequence of events is: + +1. Validator A commits Infraction 1 (worth 30% slash) +2. Validator A commits Infraction 2 (worth 40% slash) +3. Evidence for Infraction 1 reaches state machine (and Validator A is put in jail) +4. Validator A unjails + +We are now in a new slashing period, however we still have to keep the door open +for the previous infraction, as the evidence for Infraction 2 may still come in. +As the number of slashing periods increase, it creates more complexity as we have +to keep track of the highest infraction amount for every single slashing period. + +> Note: Currently, according to the `slashing` module spec, a new slashing period +> is created every time a validator is unbonded then rebonded. This should probably +> be changed to jailed/unjailed. See issue [#3205](https://github.com/cosmos/cosmos-sdk/issues/3205) +> for further details. For the remainder of this, I will assume that we only start +> a new slashing period when a validator gets unjailed. + +The maximum number of slashing periods is the `len(UnbondingPeriod) / len(JailPeriod)`. +The current defaults in Gaia for the `UnbondingPeriod` and `JailPeriod` are 3 weeks +and 2 days, respectively. This means there could potentially be up to 11 slashing +periods concurrently being tracked per validator. If we set the `JailPeriod >= UnbondingPeriod`, +we only have to track 1 slashing period (i.e not have to track slashing periods). + +Currently, in the jail period implementation, once a validator unjails, all of +their delegators who are delegated to them (haven't unbonded / redelegated away), +stay with them. Given that consensus safety faults are so egregious +(way more so than liveness faults), it is probably prudent to have delegators not +"auto-rebond" to the validator. + +#### Proposal: infinite jail + +We propose setting the "jail time" for a +validator who commits a consensus safety fault, to `infinite` (i.e. a tombstone state). +This essentially kicks the validator out of the validator set and does not allow +them to re-enter the validator set. All of their delegators (including the operator themselves) +have to either unbond or redelegate away. The validator operator can create a new +validator if they would like, with a new operator key and consensus key, but they +have to "re-earn" their delegations back. + +Implementing the tombstone system and getting rid of the slashing period tracking +will make the `slashing` module way simpler, especially because we can remove all +of the hooks defined in the `slashing` module consumed by the `staking` module +(the `slashing` module still consumes hooks defined in `staking`). + +#### Single slashing amount + +Another optimization that can be made is that if we assume that all ABCI faults +for CometBFT consensus are slashed at the same level, we don't have to keep +track of "max slash". Once an ABCI fault happens, we don't have to worry about +comparing potential future ones to find the max. + +Currently the only CometBFT ABCI fault is: + +* Unjustified precommits (double signs) + +It is currently planned to include the following fault in the near future: + +* Signing a precommit when you're in unbonding phase (needed to make light client bisection safe) + +Given that these faults are both attributable byzantine faults, we will likely +want to slash them equally, and thus we can enact the above change. + +> Note: This change may make sense for current CometBFT consensus, but maybe +> not for a different consensus algorithm or future versions of CometBFT that +> may want to punish at different levels (for example, partial slashing). + +## Parameters + +The slashing module contains the following parameters: + +| Key | Type | Example | +| ----------------------- | -------------- | ---------------------- | +| SignedBlocksWindow | string (int64) | "100" | +| MinSignedPerWindow | string (dec) | "0.500000000000000000" | +| DowntimeJailDuration | string (ns) | "600000000000" | +| SlashFractionDoubleSign | string (dec) | "0.050000000000000000" | +| SlashFractionDowntime | string (dec) | "0.010000000000000000" | + +## CLI + +A user can query and interact with the `slashing` module using the CLI. + +### Query + +The `query` commands allow users to query `slashing` state. + +```shell +simd query slashing --help +``` + +#### params + +The `params` command allows users to query genesis parameters for the slashing module. + +```shell +simd query slashing params [flags] +``` + +Example: + +```shell +simd query slashing params +``` + +Example Output: + +```yml +downtime_jail_duration: 600s +min_signed_per_window: "0.500000000000000000" +signed_blocks_window: "100" +slash_fraction_double_sign: "0.050000000000000000" +slash_fraction_downtime: "0.010000000000000000" +``` + +#### signing-info + +The `signing-info` command allows users to query signing-info of the validator using consensus public key. + +```shell +simd query slashing signing-infos [flags] +``` + +Example: + +```shell +simd query slashing signing-info '{"@type":"/cosmos.crypto.ed25519.PubKey","key":"Auxs3865HpB/EfssYOzfqNhEJjzys6jD5B6tPgC8="}' + +``` + +Example Output: + +```yml +address: cosmosvalcons1nrqsld3aw6lh6t082frdqc84uwxn0t958c +index_offset: "2068" +jailed_until: "1970-01-01T00:00:00Z" +missed_blocks_counter: "0" +start_height: "0" +tombstoned: false +``` + +#### signing-infos + +The `signing-infos` command allows users to query signing infos of all validators. + +```shell +simd query slashing signing-infos [flags] +``` + +Example: + +```shell +simd query slashing signing-infos +``` + +Example Output: + +```yml +info: +- address: cosmosvalcons1nrqsld3aw6lh6t082frdqc84uwxn0t958c + index_offset: "2075" + jailed_until: "1970-01-01T00:00:00Z" + missed_blocks_counter: "0" + start_height: "0" + tombstoned: false +pagination: + next_key: null + total: "0" +``` + +### Transactions + +The `tx` commands allow users to interact with the `slashing` module. + +```bash +simd tx slashing --help +``` + +#### unjail + +The `unjail` command allows users to unjail a validator previously jailed for downtime. + +```bash +simd tx slashing unjail --from mykey [flags] +``` + +Example: + +```bash +simd tx slashing unjail --from mykey +``` + +### gRPC + +A user can query the `slashing` module using gRPC endpoints. + +#### Params + +The `Params` endpoint allows users to query the parameters of slashing module. + +```shell +cosmos.slashing.v1beta1.Query/Params +``` + +Example: + +```shell +grpcurl -plaintext localhost:9090 cosmos.slashing.v1beta1.Query/Params +``` + +Example Output: + +```json +{ + "params": { + "signedBlocksWindow": "100", + "minSignedPerWindow": "NTAwMDAwMDAwMDAwMDAwMDAw", + "downtimeJailDuration": "600s", + "slashFractionDoubleSign": "NTAwMDAwMDAwMDAwMDAwMDA=", + "slashFractionDowntime": "MTAwMDAwMDAwMDAwMDAwMDA=" + } +} +``` + +#### SigningInfo + +The SigningInfo queries the signing info of given cons address. + +```shell +cosmos.slashing.v1beta1.Query/SigningInfo +``` + +Example: + +```shell +grpcurl -plaintext -d '{"cons_address":"cosmosvalcons1nrqsld3aw6lh6t082frdqc84uwxn0t958c"}' localhost:9090 cosmos.slashing.v1beta1.Query/SigningInfo +``` + +Example Output: + +```json +{ + "valSigningInfo": { + "address": "cosmosvalcons1nrqsld3aw6lh6t082frdqc84uwxn0t958c", + "indexOffset": "3493", + "jailedUntil": "1970-01-01T00:00:00Z" + } +} +``` + +#### SigningInfos + +The SigningInfos queries signing info of all validators. + +```shell +cosmos.slashing.v1beta1.Query/SigningInfos +``` + +Example: + +```shell +grpcurl -plaintext localhost:9090 cosmos.slashing.v1beta1.Query/SigningInfos +``` + +Example Output: + +```json +{ + "info": [ + { + "address": "cosmosvalcons1nrqslkwd3pz096lh6t082frdqc84uwxn0t958c", + "indexOffset": "2467", + "jailedUntil": "1970-01-01T00:00:00Z" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### REST + +A user can query the `slashing` module using REST endpoints. + +#### Params + +```shell +/cosmos/slashing/v1beta1/params +``` + +Example: + +```shell +curl "localhost:1317/cosmos/slashing/v1beta1/params" +``` + +Example Output: + +```json +{ + "params": { + "signed_blocks_window": "100", + "min_signed_per_window": "0.500000000000000000", + "downtime_jail_duration": "600s", + "slash_fraction_double_sign": "0.050000000000000000", + "slash_fraction_downtime": "0.010000000000000000" +} +``` + +#### signing_info + +```shell +/cosmos/slashing/v1beta1/signing_infos/%s +``` + +Example: + +```shell +curl "localhost:1317/cosmos/slashing/v1beta1/signing_infos/cosmosvalcons1nrqslkwd3pz096lh6t082frdqc84uwxn0t958c" +``` + +Example Output: + +```json +{ + "val_signing_info": { + "address": "cosmosvalcons1nrqslkwd3pz096lh6t082frdqc84uwxn0t958c", + "start_height": "0", + "index_offset": "4184", + "jailed_until": "1970-01-01T00:00:00Z", + "tombstoned": false, + "missed_blocks_counter": "0" + } +} +``` + +#### signing_infos + +```shell +/cosmos/slashing/v1beta1/signing_infos +``` + +Example: + +```shell +curl "localhost:1317/cosmos/slashing/v1beta1/signing_infos +``` + +Example Output: + +```json +{ + "info": [ + { + "address": "cosmosvalcons1nrqslkwd3pz096lh6t082frdqc84uwxn0t958c", + "start_height": "0", + "index_offset": "4169", + "jailed_until": "1970-01-01T00:00:00Z", + "tombstoned": false, + "missed_blocks_counter": "0" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/modules/staking/README.md b/copy-of-sdk-versioned_docs/version-0.47/build/modules/staking/README.md new file mode 100644 index 00000000..5dd94dc6 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/modules/staking/README.md @@ -0,0 +1,3058 @@ +--- +sidebar_position: 1 +--- + +# `x/staking` + +## Abstract + +This paper specifies the Staking module of the Cosmos SDK that was first +described in the [Cosmos Whitepaper](https://cosmos.network/about/whitepaper) +in June 2016. + +The module enables Cosmos SDK-based blockchain to support an advanced +Proof-of-Stake (PoS) system. In this system, holders of the native staking token of +the chain can become validators and can delegate tokens to validators, +ultimately determining the effective validator set for the system. + +This module is used in the Cosmos Hub, the first Hub in the Cosmos +network. + +## Contents + +* [State](#state) + * [Pool](#pool) + * [LastTotalPower](#lasttotalpower) + * [ValidatorUpdates](#validatorupdates) + * [UnbondingID](#unbondingid) + * [Params](#params) + * [Validator](#validator) + * [Delegation](#delegation) + * [UnbondingDelegation](#unbondingdelegation) + * [Redelegation](#redelegation) + * [Queues](#queues) + * [HistoricalInfo](#historicalinfo) +* [State Transitions](#state-transitions) + * [Validators](#validators) + * [Delegations](#delegations) + * [Slashing](#slashing) + * [How Shares are calculated](#how-shares-are-calculated) +* [Messages](#messages) + * [MsgCreateValidator](#msgcreatevalidator) + * [MsgEditValidator](#msgeditvalidator) + * [MsgDelegate](#msgdelegate) + * [MsgUndelegate](#msgundelegate) + * [MsgCancelUnbondingDelegation](#msgcancelunbondingdelegation) + * [MsgBeginRedelegate](#msgbeginredelegate) + * [MsgUpdateParams](#msgupdateparams) +* [Begin-Block](#begin-block) + * [Historical Info Tracking](#historical-info-tracking) +* [End-Block](#end-block) + * [Validator Set Changes](#validator-set-changes) + * [Queues](#queues-1) +* [Hooks](#hooks) +* [Events](#events) + * [EndBlocker](#endblocker) + * [Msg's](#msgs) +* [Parameters](#parameters) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) + +## State + +### Pool + +Pool is used for tracking bonded and not-bonded token supply of the bond denomination. + +### LastTotalPower + +LastTotalPower tracks the total amounts of bonded tokens recorded during the previous end block. +Store entries prefixed with "Last" must remain unchanged until EndBlock. + +* LastTotalPower: `0x12 -> ProtocolBuffer(math.Int)` + +### ValidatorUpdates + +ValidatorUpdates contains the validator updates returned to ABCI at the end of every block. +The values are overwritten in every block. + +* ValidatorUpdates `0x61 -> []abci.ValidatorUpdate` + +### UnbondingID + +UnbondingID stores the ID of the latest unbonding operation. It enables to create unique IDs for unbonding operation, i.e., UnbondingID is incremented every time a new unbonding operation (validator unbonding, unbonding delegation, redelegation) is initiated. + +* UnbondingID: `0x37 -> uint64` + +### Params + +The staking module stores its params in state with the prefix of `0x51`, +it can be updated with governance or the address with authority. + +* Params: `0x51 | ProtocolBuffer(Params)` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L310-L333 +``` + +### Validator + +Validators can have one of three statuses + +* `Unbonded`: The validator is not in the active set. They cannot sign blocks and do not earn + rewards. They can receive delegations. +* `Bonded`: Once the validator receives sufficient bonded tokens they automatically join the + active set during [`EndBlock`](#validator-set-changes) and their status is updated to `Bonded`. + They are signing blocks and receiving rewards. They can receive further delegations. + They can be slashed for misbehavior. Delegators to this validator who unbond their delegation + must wait the duration of the UnbondingTime, a chain-specific param, during which time + they are still slashable for offences of the source validator if those offences were committed + during the period of time that the tokens were bonded. +* `Unbonding`: When a validator leaves the active set, either by choice or due to slashing, jailing or + tombstoning, an unbonding of all their delegations begins. All delegations must then wait the UnbondingTime + before their tokens are moved to their accounts from the `BondedPool`. + +:::warning +Tombstoning is permanent, once tombstoned a validators consensus key can not be reused within the chain where the tombstoning happened. +::: + +Validators objects should be primarily stored and accessed by the +`OperatorAddr`, an SDK validator address for the operator of the validator. Two +additional indices are maintained per validator object in order to fulfill +required lookups for slashing and validator-set updates. A third special index +(`LastValidatorPower`) is also maintained which however remains constant +throughout each block, unlike the first two indices which mirror the validator +records within a block. + +* Validators: `0x21 | OperatorAddrLen (1 byte) | OperatorAddr -> ProtocolBuffer(validator)` +* ValidatorsByConsAddr: `0x22 | ConsAddrLen (1 byte) | ConsAddr -> OperatorAddr` +* ValidatorsByPower: `0x23 | BigEndian(ConsensusPower) | OperatorAddrLen (1 byte) | OperatorAddr -> OperatorAddr` +* LastValidatorsPower: `0x11 | OperatorAddrLen (1 byte) | OperatorAddr -> ProtocolBuffer(ConsensusPower)` +* ValidatorsByUnbondingID: `0x38 | UnbondingID -> 0x21 | OperatorAddrLen (1 byte) | OperatorAddr` + +`Validators` is the primary index - it ensures that each operator can have only one +associated validator, where the public key of that validator can change in the +future. Delegators can refer to the immutable operator of the validator, without +concern for the changing public key. + +`ValidatorsByUnbondingID` is an additional index that enables lookups for + validators by the unbonding IDs corresponding to their current unbonding. + +`ValidatorByConsAddr` is an additional index that enables lookups for slashing. +When CometBFT reports evidence, it provides the validator address, so this +map is needed to find the operator. Note that the `ConsAddr` corresponds to the +address which can be derived from the validator's `ConsPubKey`. + +`ValidatorsByPower` is an additional index that provides a sorted list of +potential validators to quickly determine the current active set. Here +ConsensusPower is validator.Tokens/10^6 by default. Note that all validators +where `Jailed` is true are not stored within this index. + +`LastValidatorsPower` is a special index that provides a historical list of the +last-block's bonded validators. This index remains constant during a block but +is updated during the validator set update process which takes place in [`EndBlock`](#end-block). + +Each validator's state is stored in a `Validator` struct: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L82-L138 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L26-L80 +``` + +### Delegation + +Delegations are identified by combining `DelegatorAddr` (the address of the delegator) +with the `ValidatorAddr` Delegators are indexed in the store as follows: + +* Delegation: `0x31 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValidatorAddrLen (1 byte) | ValidatorAddr -> ProtocolBuffer(delegation)` + +Stake holders may delegate coins to validators; under this circumstance their +funds are held in a `Delegation` data structure. It is owned by one +delegator, and is associated with the shares for one validator. The sender of +the transaction is the owner of the bond. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L198-L216 +``` + +#### Delegator Shares + +When one Delegates tokens to a Validator they are issued a number of delegator shares based on a +dynamic exchange rate, calculated as follows from the total number of tokens delegated to the +validator and the number of shares issued so far: + +`Shares per Token = validator.TotalShares() / validator.Tokens()` + +Only the number of shares received is stored on the DelegationEntry. When a delegator then +Undelegates, the token amount they receive is calculated from the number of shares they currently +hold and the inverse exchange rate: + +`Tokens per Share = validator.Tokens() / validatorShares()` + +These `Shares` are simply an accounting mechanism. They are not a fungible asset. The reason for +this mechanism is to simplify the accounting around slashing. Rather than iteratively slashing the +tokens of every delegation entry, instead the Validators total bonded tokens can be slashed, +effectively reducing the value of each issued delegator share. + +### UnbondingDelegation + +Shares in a `Delegation` can be unbonded, but they must for some time exist as +an `UnbondingDelegation`, where shares can be reduced if Byzantine behavior is +detected. + +`UnbondingDelegation` are indexed in the store as: + +* UnbondingDelegation: `0x32 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValidatorAddrLen (1 byte) | ValidatorAddr -> ProtocolBuffer(unbondingDelegation)` +* UnbondingDelegationsFromValidator: `0x33 | ValidatorAddrLen (1 byte) | ValidatorAddr | DelegatorAddrLen (1 byte) | DelegatorAddr -> nil` +* UnbondingDelegationByUnbondingId: `0x38 | UnbondingId -> 0x32 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValidatorAddrLen (1 byte) | ValidatorAddr` + `UnbondingDelegation` is used in queries, to lookup all unbonding delegations for + a given delegator. + +`UnbondingDelegationsFromValidator` is used in slashing, to lookup all + unbonding delegations associated with a given validator that need to be + slashed. + + `UnbondingDelegationByUnbondingId` is an additional index that enables + lookups for unbonding delegations by the unbonding IDs of the containing + unbonding delegation entries. + + +A UnbondingDelegation object is created every time an unbonding is initiated. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L218-L261 +``` + +### Redelegation + +The bonded tokens worth of a `Delegation` may be instantly redelegated from a +source validator to a different validator (destination validator). However when +this occurs they must be tracked in a `Redelegation` object, whereby their +shares can be slashed if their tokens have contributed to a Byzantine fault +committed by the source validator. + +`Redelegation` are indexed in the store as: + +* Redelegations: `0x34 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValidatorAddrLen (1 byte) | ValidatorSrcAddr | ValidatorDstAddr -> ProtocolBuffer(redelegation)` +* RedelegationsBySrc: `0x35 | ValidatorSrcAddrLen (1 byte) | ValidatorSrcAddr | ValidatorDstAddrLen (1 byte) | ValidatorDstAddr | DelegatorAddrLen (1 byte) | DelegatorAddr -> nil` +* RedelegationsByDst: `0x36 | ValidatorDstAddrLen (1 byte) | ValidatorDstAddr | ValidatorSrcAddrLen (1 byte) | ValidatorSrcAddr | DelegatorAddrLen (1 byte) | DelegatorAddr -> nil` +* RedelegationByUnbondingId: `0x38 | UnbondingId -> 0x34 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValidatorAddrLen (1 byte) | ValidatorSrcAddr | ValidatorDstAddr` + + `Redelegations` is used for queries, to lookup all redelegations for a given + delegator. + + `RedelegationsBySrc` is used for slashing based on the `ValidatorSrcAddr`. + + `RedelegationsByDst` is used for slashing based on the `ValidatorDstAddr` + +The first map here is used for queries, to lookup all redelegations for a given +delegator. The second map is used for slashing based on the `ValidatorSrcAddr`, +while the third map is for slashing based on the `ValidatorDstAddr`. + +`RedelegationByUnbondingId` is an additional index that enables + lookups for redelegations by the unbonding IDs of the containing + redelegation entries. + +A redelegation object is created every time a redelegation occurs. To prevent +"redelegation hopping" redelegations may not occur under the situation that: + +* the (re)delegator already has another immature redelegation in progress + with a destination to a validator (let's call it `Validator X`) +* and, the (re)delegator is attempting to create a _new_ redelegation + where the source validator for this new redelegation is `Validator X`. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L263-L308 +``` + +### Queues + +All queues objects are sorted by timestamp. The time used within any queue is +first rounded to the nearest nanosecond then sorted. The sortable time format +used is a slight modification of the RFC3339Nano and uses the format string +`"2006-01-02T15:04:05.000000000"`. Notably this format: + +* right pads all zeros +* drops the time zone info (uses UTC) + +In all cases, the stored timestamp represents the maturation time of the queue +element. + +#### UnbondingDelegationQueue + +For the purpose of tracking progress of unbonding delegations the unbonding +delegations queue is kept. + +* UnbondingDelegation: `0x41 | format(time) -> []DVPair` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L162-L172 +``` + +#### RedelegationQueue + +For the purpose of tracking progress of redelegations the redelegation queue is +kept. + +* RedelegationQueue: `0x42 | format(time) -> []DVVTriplet` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L179-L191 +``` + +#### ValidatorQueue + +For the purpose of tracking progress of unbonding validators the validator +queue is kept. + +* ValidatorQueueTime: `0x43 | format(time) -> []sdk.ValAddress` + +The stored object as each key is an array of validator operator addresses from +which the validator object can be accessed. Typically it is expected that only +a single validator record will be associated with a given timestamp however it is possible +that multiple validators exist in the queue at the same location. + +### HistoricalInfo + +HistoricalInfo objects are stored and pruned at each block such that the staking keeper persists +the `n` most recent historical info defined by staking module parameter: `HistoricalEntries`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L17-L24 +``` + +At each BeginBlock, the staking keeper will persist the current Header and the Validators that committed +the current block in a `HistoricalInfo` object. The Validators are sorted on their address to ensure that +they are in a deterministic order. +The oldest HistoricalEntries will be pruned to ensure that there only exist the parameter-defined number of +historical entries. + +## State Transitions + +### Validators + +State transitions in validators are performed on every [`EndBlock`](#validator-set-changes) +in order to check for changes in the active `ValidatorSet`. + +A validator can be `Unbonded`, `Unbonding` or `Bonded`. `Unbonded` +and `Unbonding` are collectively called `Not Bonded`. A validator can move +directly between all the states, except for from `Bonded` to `Unbonded`. + +#### Not bonded to Bonded + +The following transition occurs when a validator's ranking in the `ValidatorPowerIndex` surpasses +that of the `LastValidator`. + +* set `validator.Status` to `Bonded` +* send the `validator.Tokens` from the `NotBondedTokens` to the `BondedPool` `ModuleAccount` +* delete the existing record from `ValidatorByPowerIndex` +* add a new updated record to the `ValidatorByPowerIndex` +* update the `Validator` object for this validator +* if it exists, delete any `ValidatorQueue` record for this validator + +#### Bonded to Unbonding + +When a validator begins the unbonding process the following operations occur: + +* send the `validator.Tokens` from the `BondedPool` to the `NotBondedTokens` `ModuleAccount` +* set `validator.Status` to `Unbonding` +* delete the existing record from `ValidatorByPowerIndex` +* add a new updated record to the `ValidatorByPowerIndex` +* update the `Validator` object for this validator +* insert a new record into the `ValidatorQueue` for this validator + +#### Unbonding to Unbonded + +A validator moves from unbonding to unbonded when the `ValidatorQueue` object +moves from bonded to unbonded + +* update the `Validator` object for this validator +* set `validator.Status` to `Unbonded` + +#### Jail/Unjail + +when a validator is jailed it is effectively removed from the CometBFT set. +this process may be also be reversed. the following operations occur: + +* set `Validator.Jailed` and update object +* if jailed delete record from `ValidatorByPowerIndex` +* if unjailed add record to `ValidatorByPowerIndex` + +Jailed validators are not present in any of the following stores: + +* the power store (from consensus power to address) + +### Delegations + +#### Delegate + +When a delegation occurs both the validator and the delegation objects are affected + +* determine the delegators shares based on tokens delegated and the validator's exchange rate +* remove tokens from the sending account +* add shares the delegation object or add them to a created validator object +* add new delegator shares and update the `Validator` object +* transfer the `delegation.Amount` from the delegator's account to the `BondedPool` or the `NotBondedPool` `ModuleAccount` depending if the `validator.Status` is `Bonded` or not +* delete the existing record from `ValidatorByPowerIndex` +* add an new updated record to the `ValidatorByPowerIndex` + +#### Begin Unbonding + +As a part of the Undelegate and Complete Unbonding state transitions Unbond +Delegation may be called. + +* subtract the unbonded shares from delegator +* add the unbonded tokens to an `UnbondingDelegationEntry` +* update the delegation or remove the delegation if there are no more shares +* if the delegation is the operator of the validator and no more shares exist then trigger a jail validator +* update the validator with removed the delegator shares and associated coins +* if the validator state is `Bonded`, transfer the `Coins` worth of the unbonded + shares from the `BondedPool` to the `NotBondedPool` `ModuleAccount` +* remove the validator if it is unbonded and there are no more delegation shares. +* remove the validator if it is unbonded and there are no more delegation shares +* get a unique `unbondingId` and map it to the `UnbondingDelegationEntry` in `UnbondingDelegationByUnbondingId` +* call the `AfterUnbondingInitiated(unbondingId)` hook +* add the unbonding delegation to `UnbondingDelegationQueue` with the completion time set to `UnbondingTime` + +#### Cancel an `UnbondingDelegation` Entry + +When a `cancel unbond delegation` occurs both the `validator`, the `delegation` and an `UnbondingDelegationQueue` state will be updated. + +* if cancel unbonding delegation amount equals to the `UnbondingDelegation` entry `balance`, then the `UnbondingDelegation` entry deleted from `UnbondingDelegationQueue`. +* if the `cancel unbonding delegation amount is less than the `UnbondingDelegation` entry balance, then the `UnbondingDelegation` entry will be updated with new balance in the `UnbondingDelegationQueue`. +* cancel `amount` is [Delegated](#delegations) back to the original `validator`. + +#### Complete Unbonding + +For undelegations which do not complete immediately, the following operations +occur when the unbonding delegation queue element matures: + +* remove the entry from the `UnbondingDelegation` object +* transfer the tokens from the `NotBondedPool` `ModuleAccount` to the delegator `Account` + +#### Begin Redelegation + +Redelegations affect the delegation, source and destination validators. + +* perform an `unbond` delegation from the source validator to retrieve the tokens worth of the unbonded shares +* using the unbonded tokens, `Delegate` them to the destination validator +* if the `sourceValidator.Status` is `Bonded`, and the `destinationValidator` is not, + transfer the newly delegated tokens from the `BondedPool` to the `NotBondedPool` `ModuleAccount` +* otherwise, if the `sourceValidator.Status` is not `Bonded`, and the `destinationValidator` + is `Bonded`, transfer the newly delegated tokens from the `NotBondedPool` to the `BondedPool` `ModuleAccount` +* record the token amount in an new entry in the relevant `Redelegation` + +From when a redelegation begins until it completes, the delegator is in a state of "pseudo-unbonding", and can still be +slashed for infractions that occurred before the redelegation began. + +#### Complete Redelegation + +When a redelegations complete the following occurs: + +* remove the entry from the `Redelegation` object + +### Slashing + +#### Slash Validator + +When a Validator is slashed, the following occurs: + +* The total `slashAmount` is calculated as the `slashFactor` (a chain parameter) \* `TokensFromConsensusPower`, + the total number of tokens bonded to the validator at the time of the infraction. +* Every unbonding delegation and pseudo-unbonding redelegation such that the infraction occured before the unbonding or + redelegation began from the validator are slashed by the `slashFactor` percentage of the initialBalance. +* Each amount slashed from redelegations and unbonding delegations is subtracted from the + total slash amount. +* The `remaingSlashAmount` is then slashed from the validator's tokens in the `BondedPool` or + `NonBondedPool` depending on the validator's status. This reduces the total supply of tokens. + +In the case of a slash due to any infraction that requires evidence to submitted (for example double-sign), the slash +occurs at the block where the evidence is included, not at the block where the infraction occured. +Put otherwise, validators are not slashed retroactively, only when they are caught. + +#### Slash Unbonding Delegation + +When a validator is slashed, so are those unbonding delegations from the validator that began unbonding +after the time of the infraction. Every entry in every unbonding delegation from the validator +is slashed by `slashFactor`. The amount slashed is calculated from the `InitialBalance` of the +delegation and is capped to prevent a resulting negative balance. Completed (or mature) unbondings are not slashed. + +#### Slash Redelegation + +When a validator is slashed, so are all redelegations from the validator that began after the +infraction. Redelegations are slashed by `slashFactor`. +Redelegations that began before the infraction are not slashed. +The amount slashed is calculated from the `InitialBalance` of the delegation and is capped to +prevent a resulting negative balance. +Mature redelegations (that have completed pseudo-unbonding) are not slashed. + +### How Shares are calculated + +At any given point in time, each validator has a number of tokens, `T`, and has a number of shares issued, `S`. +Each delegator, `i`, holds a number of shares, `S_i`. +The number of tokens is the sum of all tokens delegated to the validator, plus the rewards, minus the slashes. + +The delegator is entitled to a portion of the underlying tokens proportional to their proportion of shares. +So delegator `i` is entitled to `T * S_i / S` of the validator's tokens. + +When a delegator delegates new tokens to the validator, they receive a number of shares proportional to their contribution. +So when delegator `j` delegates `T_j` tokens, they receive `S_j = S * T_j / T` shares. +The total number of tokens is now `T + T_j`, and the total number of shares is `S + S_j`. +`j`s proportion of the shares is the same as their proportion of the total tokens contributed: `(S + S_j) / S = (T + T_j) / T`. + +A special case is the initial delegation, when `T = 0` and `S = 0`, so `T_j / T` is undefined. +For the initial delegation, delegator `j` who delegates `T_j` tokens receive `S_j = T_j` shares. +So a validator that hasn't received any rewards and has not been slashed will have `T = S`. + +## Messages + +In this section we describe the processing of the staking messages and the corresponding updates to the state. All created/modified state objects specified by each message are defined within the [state](#state) section. + +### MsgCreateValidator + +A validator is created using the `MsgCreateValidator` message. +The validator must be created with an initial delegation from the operator. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L20-L21 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L50-L73 +``` + +This message is expected to fail if: + +* another validator with this operator address is already registered +* another validator with this pubkey is already registered +* the initial self-delegation tokens are of a denom not specified as the bonding denom +* the commission parameters are faulty, namely: + * `MaxRate` is either > 1 or < 0 + * the initial `Rate` is either negative or > `MaxRate` + * the initial `MaxChangeRate` is either negative or > `MaxRate` +* the description fields are too large + +This message creates and stores the `Validator` object at appropriate indexes. +Additionally a self-delegation is made with the initial tokens delegation +tokens `Delegation`. The validator always starts as unbonded but may be bonded +in the first end-block. + +### MsgEditValidator + +The `Description`, `CommissionRate` of a validator can be updated using the +`MsgEditValidator` message. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L23-L24 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L78-L97 +``` + +This message is expected to fail if: + +* the initial `CommissionRate` is either negative or > `MaxRate` +* the `CommissionRate` has already been updated within the previous 24 hours +* the `CommissionRate` is > `MaxChangeRate` +* the description fields are too large + +This message stores the updated `Validator` object. + +### MsgDelegate + +Within this message the delegator provides coins, and in return receives +some amount of their validator's (newly created) delegator-shares that are +assigned to `Delegation.Shares`. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L26-L28 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L102-L114 +``` + +This message is expected to fail if: + +* the validator does not exist +* the `Amount` `Coin` has a denomination different than one defined by `params.BondDenom` +* the exchange rate is invalid, meaning the validator has no tokens (due to slashing) but there are outstanding shares +* the amount delegated is less than the minimum allowed delegation + +If an existing `Delegation` object for provided addresses does not already +exist then it is created as part of this message otherwise the existing +`Delegation` is updated to include the newly received shares. + +The delegator receives newly minted shares at the current exchange rate. +The exchange rate is the number of existing shares in the validator divided by +the number of currently delegated tokens. + +The validator is updated in the `ValidatorByPower` index, and the delegation is +tracked in validator object in the `Validators` index. + +It is possible to delegate to a jailed validator, the only difference being it +will not be added to the power index until it is unjailed. + +![Delegation sequence](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/delegation_sequence.svg) + +### MsgUndelegate + +The `MsgUndelegate` message allows delegators to undelegate their tokens from +validator. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L34-L36 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L140-L152 +``` + +This message returns a response containing the completion time of the undelegation: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L154-L158 +``` + +This message is expected to fail if: + +* the delegation doesn't exist +* the validator doesn't exist +* the delegation has less shares than the ones worth of `Amount` +* existing `UnbondingDelegation` has maximum entries as defined by `params.MaxEntries` +* the `Amount` has a denomination different than one defined by `params.BondDenom` + +When this message is processed the following actions occur: + +* validator's `DelegatorShares` and the delegation's `Shares` are both reduced by the message `SharesAmount` +* calculate the token worth of the shares remove that amount tokens held within the validator +* with those removed tokens, if the validator is: + * `Bonded` - add them to an entry in `UnbondingDelegation` (create `UnbondingDelegation` if it doesn't exist) with a completion time a full unbonding period from the current time. Update pool shares to reduce BondedTokens and increase NotBondedTokens by token worth of the shares. + * `Unbonding` - add them to an entry in `UnbondingDelegation` (create `UnbondingDelegation` if it doesn't exist) with the same completion time as the validator (`UnbondingMinTime`). + * `Unbonded` - then send the coins the message `DelegatorAddr` +* if there are no more `Shares` in the delegation, then the delegation object is removed from the store + * under this situation if the delegation is the validator's self-delegation then also jail the validator. + +![Unbond sequence](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/unbond_sequence.svg) + +### MsgCancelUnbondingDelegation + +The `MsgCancelUnbondingDelegation` message allows delegators to cancel the `unbondingDelegation` entry and delegate back to a previous validator. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L38-L42 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L160-L175 +``` + +This message is expected to fail if: + +* the `unbondingDelegation` entry is already processed. +* the `cancel unbonding delegation` amount is greater than the `unbondingDelegation` entry balance. +* the `cancel unbonding delegation` height doesn't exist in the `unbondingDelegationQueue` of the delegator. + +When this message is processed the following actions occur: + +* if the `unbondingDelegation` Entry balance is zero + * in this condition `unbondingDelegation` entry will be removed from `unbondingDelegationQueue`. + * otherwise `unbondingDelegationQueue` will be updated with new `unbondingDelegation` entry balance and initial balance +* the validator's `DelegatorShares` and the delegation's `Shares` are both increased by the message `Amount`. + +### MsgBeginRedelegate + +The redelegation command allows delegators to instantly switch validators. Once +the unbonding period has passed, the redelegation is automatically completed in +the EndBlocker. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L30-L32 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L119-L132 +``` + +This message returns a response containing the completion time of the redelegation: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L133-L138 +``` + +This message is expected to fail if: + +* the delegation doesn't exist +* the source or destination validators don't exist +* the delegation has less shares than the ones worth of `Amount` +* the source validator has a receiving redelegation which is not matured (aka. the redelegation may be transitive) +* existing `Redelegation` has maximum entries as defined by `params.MaxEntries` +* the `Amount` `Coin` has a denomination different than one defined by `params.BondDenom` + +When this message is processed the following actions occur: + +* the source validator's `DelegatorShares` and the delegations `Shares` are both reduced by the message `SharesAmount` +* calculate the token worth of the shares remove that amount tokens held within the source validator. +* if the source validator is: + * `Bonded` - add an entry to the `Redelegation` (create `Redelegation` if it doesn't exist) with a completion time a full unbonding period from the current time. Update pool shares to reduce BondedTokens and increase NotBondedTokens by token worth of the shares (this may be effectively reversed in the next step however). + * `Unbonding` - add an entry to the `Redelegation` (create `Redelegation` if it doesn't exist) with the same completion time as the validator (`UnbondingMinTime`). + * `Unbonded` - no action required in this step +* Delegate the token worth to the destination validator, possibly moving tokens back to the bonded state. +* if there are no more `Shares` in the source delegation, then the source delegation object is removed from the store + * under this situation if the delegation is the validator's self-delegation then also jail the validator. + +![Begin redelegation sequence](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/begin_redelegation_sequence.svg) + + +### MsgUpdateParams + +The `MsgUpdateParams` update the staking module parameters. +The params are updated through a governance proposal where the signer is the gov module account address. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L182-L195 +``` + +The message handling can fail if: + +* signer is not the authority defined in the staking keeper (usually the gov module account). + +## Begin-Block + +Each abci begin block call, the historical info will get stored and pruned +according to the `HistoricalEntries` parameter. + +### Historical Info Tracking + +If the `HistoricalEntries` parameter is 0, then the `BeginBlock` performs a no-op. + +Otherwise, the latest historical info is stored under the key `historicalInfoKey|height`, while any entries older than `height - HistoricalEntries` is deleted. +In most cases, this results in a single entry being pruned per block. +However, if the parameter `HistoricalEntries` has changed to a lower value there will be multiple entries in the store that must be pruned. + +## End-Block + +Each abci end block call, the operations to update queues and validator set +changes are specified to execute. + +### Validator Set Changes + +The staking validator set is updated during this process by state transitions +that run at the end of every block. As a part of this process any updated +validators are also returned back to CometBFT for inclusion in the CometBFT +validator set which is responsible for validating CometBFT messages at the +consensus layer. Operations are as following: + +* the new validator set is taken as the top `params.MaxValidators` number of + validators retrieved from the `ValidatorsByPower` index +* the previous validator set is compared with the new validator set: + * missing validators begin unbonding and their `Tokens` are transferred from the + `BondedPool` to the `NotBondedPool` `ModuleAccount` + * new validators are instantly bonded and their `Tokens` are transferred from the + `NotBondedPool` to the `BondedPool` `ModuleAccount` + +In all cases, any validators leaving or entering the bonded validator set or +changing balances and staying within the bonded validator set incur an update +message reporting their new consensus power which is passed back to CometBFT. + +The `LastTotalPower` and `LastValidatorsPower` hold the state of the total power +and validator power from the end of the last block, and are used to check for +changes that have occurred in `ValidatorsByPower` and the total new power, which +is calculated during `EndBlock`. + +### Queues + +Within staking, certain state-transitions are not instantaneous but take place +over a duration of time (typically the unbonding period). When these +transitions are mature certain operations must take place in order to complete +the state operation. This is achieved through the use of queues which are +checked/processed at the end of each block. + +#### Unbonding Validators + +When a validator is kicked out of the bonded validator set (either through +being jailed, or not having sufficient bonded tokens) it begins the unbonding +process along with all its delegations begin unbonding (while still being +delegated to this validator). At this point the validator is said to be an +"unbonding validator", whereby it will mature to become an "unbonded validator" +after the unbonding period has passed. + +Each block the validator queue is to be checked for mature unbonding validators +(namely with a completion time <= current time and completion height <= current +block height). At this point any mature validators which do not have any +delegations remaining are deleted from state. For all other mature unbonding +validators that still have remaining delegations, the `validator.Status` is +switched from `types.Unbonding` to +`types.Unbonded`. + +Unbonding operations can be put on hold by external modules via the `PutUnbondingOnHold(unbondingId)` method. + As a result, an unbonding operation (e.g., an unbonding delegation) that is on hold, cannot complete + even if it reaches maturity. For an unbonding operation with `unbondingId` to eventually complete + (after it reaches maturity), every call to `PutUnbondingOnHold(unbondingId)` must be matched + by a call to `UnbondingCanComplete(unbondingId)`. + +#### Unbonding Delegations + +Complete the unbonding of all mature `UnbondingDelegations.Entries` within the +`UnbondingDelegations` queue with the following procedure: + +* transfer the balance coins to the delegator's wallet address +* remove the mature entry from `UnbondingDelegation.Entries` +* remove the `UnbondingDelegation` object from the store if there are no + remaining entries. + +#### Redelegations + +Complete the unbonding of all mature `Redelegation.Entries` within the +`Redelegations` queue with the following procedure: + +* remove the mature entry from `Redelegation.Entries` +* remove the `Redelegation` object from the store if there are no + remaining entries. + +## Hooks + +Other modules may register operations to execute when a certain event has +occurred within staking. These events can be registered to execute either +right `Before` or `After` the staking event (as per the hook name). The +following hooks can registered with staking: + +* `AfterValidatorCreated(Context, ValAddress) error` + * called when a validator is created +* `BeforeValidatorModified(Context, ValAddress) error` + * called when a validator's state is changed +* `AfterValidatorRemoved(Context, ConsAddress, ValAddress) error` + * called when a validator is deleted +* `AfterValidatorBonded(Context, ConsAddress, ValAddress) error` + * called when a validator is bonded +* `AfterValidatorBeginUnbonding(Context, ConsAddress, ValAddress) error` + * called when a validator begins unbonding +* `BeforeDelegationCreated(Context, AccAddress, ValAddress) error` + * called when a delegation is created +* `BeforeDelegationSharesModified(Context, AccAddress, ValAddress) error` + * called when a delegation's shares are modified +* `AfterDelegationModified(Context, AccAddress, ValAddress) error` + * called when a delegation is created or modified +* `BeforeDelegationRemoved(Context, AccAddress, ValAddress) error` + * called when a delegation is removed +* `AfterUnbondingInitiated(Context, UnbondingID)` + * called when an unbonding operation (validator unbonding, unbonding delegation, redelegation) was initiated + + +## Events + +The staking module emits the following events: + +### EndBlocker + +| Type | Attribute Key | Attribute Value | +| --------------------- | --------------------- | ------------------------- | +| complete_unbonding | amount | {totalUnbondingAmount} | +| complete_unbonding | validator | {validatorAddress} | +| complete_unbonding | delegator | {delegatorAddress} | +| complete_redelegation | amount | {totalRedelegationAmount} | +| complete_redelegation | source_validator | {srcValidatorAddress} | +| complete_redelegation | destination_validator | {dstValidatorAddress} | +| complete_redelegation | delegator | {delegatorAddress} | + +## Msg's + +### MsgCreateValidator + +| Type | Attribute Key | Attribute Value | +| ---------------- | ------------- | ------------------ | +| create_validator | validator | {validatorAddress} | +| create_validator | amount | {delegationAmount} | +| message | module | staking | +| message | action | create_validator | +| message | sender | {senderAddress} | + +### MsgEditValidator + +| Type | Attribute Key | Attribute Value | +| -------------- | ------------------- | ------------------- | +| edit_validator | commission_rate | {commissionRate} | +| edit_validator | min_self_delegation | {minSelfDelegation} | +| message | module | staking | +| message | action | edit_validator | +| message | sender | {senderAddress} | + +### MsgDelegate + +| Type | Attribute Key | Attribute Value | +| -------- | ------------- | ------------------ | +| delegate | validator | {validatorAddress} | +| delegate | amount | {delegationAmount} | +| message | module | staking | +| message | action | delegate | +| message | sender | {senderAddress} | + +### MsgUndelegate + +| Type | Attribute Key | Attribute Value | +| ------- | ------------------- | ------------------ | +| unbond | validator | {validatorAddress} | +| unbond | amount | {unbondAmount} | +| unbond | completion_time [0] | {completionTime} | +| message | module | staking | +| message | action | begin_unbonding | +| message | sender | {senderAddress} | + +* [0] Time is formatted in the RFC3339 standard + +### MsgCancelUnbondingDelegation + +| Type | Attribute Key | Attribute Value | +| ----------------------------- | ------------------ | ------------------------------------| +| cancel_unbonding_delegation | validator | {validatorAddress} | +| cancel_unbonding_delegation | delegator | {delegatorAddress} | +| cancel_unbonding_delegation | amount | {cancelUnbondingDelegationAmount} | +| cancel_unbonding_delegation | creation_height | {unbondingCreationHeight} | +| message | module | staking | +| message | action | cancel_unbond | +| message | sender | {senderAddress} | + +### MsgBeginRedelegate + +| Type | Attribute Key | Attribute Value | +| ---------- | --------------------- | --------------------- | +| redelegate | source_validator | {srcValidatorAddress} | +| redelegate | destination_validator | {dstValidatorAddress} | +| redelegate | amount | {unbondAmount} | +| redelegate | completion_time [0] | {completionTime} | +| message | module | staking | +| message | action | begin_redelegate | +| message | sender | {senderAddress} | + +* [0] Time is formatted in the RFC3339 standard + +## Parameters + +The staking module contains the following parameters: + +| Key | Type | Example | +|-------------------|------------------|------------------------| +| UnbondingTime | string (time ns) | "259200000000000" | +| MaxValidators | uint16 | 100 | +| KeyMaxEntries | uint16 | 7 | +| HistoricalEntries | uint16 | 3 | +| BondDenom | string | "stake" | +| MinCommissionRate | string | "0.000000000000000000" | + +## Client + +### CLI + +A user can query and interact with the `staking` module using the CLI. + +#### Query + +The `query` commands allows users to query `staking` state. + +```bash +simd query staking --help +``` + +##### delegation + +The `delegation` command allows users to query delegations for an individual delegator on an individual validator. + +Usage: + +```bash +simd query staking delegation [delegator-addr] [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking delegation cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +balance: + amount: "10000000000" + denom: stake +delegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + shares: "10000000000.000000000000000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +##### delegations + +The `delegations` command allows users to query delegations for an individual delegator on all validators. + +Usage: + +```bash +simd query staking delegations [delegator-addr] [flags] +``` + +Example: + +```bash +simd query staking delegations cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p +``` + +Example Output: + +```bash +delegation_responses: +- balance: + amount: "10000000000" + denom: stake + delegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + shares: "10000000000.000000000000000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +- balance: + amount: "10000000000" + denom: stake + delegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + shares: "10000000000.000000000000000000" + validator_address: cosmosvaloper1x20lytyf6zkcrv5edpkfkn8sz578qg5sqfyqnp +pagination: + next_key: null + total: "0" +``` + +##### delegations-to + +The `delegations-to` command allows users to query delegations on an individual validator. + +Usage: + +```bash +simd query staking delegations-to [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking delegations-to cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +- balance: + amount: "504000000" + denom: stake + delegation: + delegator_address: cosmos1q2qwwynhv8kh3lu5fkeex4awau9x8fwt45f5cp + shares: "504000000.000000000000000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +- balance: + amount: "78125000000" + denom: uixo + delegation: + delegator_address: cosmos1qvppl3479hw4clahe0kwdlfvf8uvjtcd99m2ca + shares: "78125000000.000000000000000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +pagination: + next_key: null + total: "0" +``` + +##### historical-info + +The `historical-info` command allows users to query historical information at given height. + +Usage: + +```bash +simd query staking historical-info [height] [flags] +``` + +Example: + +```bash +simd query staking historical-info 10 +``` + +Example Output: + +```bash +header: + app_hash: Lbx8cXpI868wz8sgp4qPYVrlaKjevR5WP/IjUxwp3oo= + chain_id: testnet + consensus_hash: BICRvH3cKD93v7+R1zxE2ljD34qcvIZ0Bdi389qtoi8= + data_hash: 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= + evidence_hash: 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= + height: "10" + last_block_id: + hash: RFbkpu6pWfSThXxKKl6EZVDnBSm16+U0l0xVjTX08Fk= + part_set_header: + hash: vpIvXD4rxD5GM4MXGz0Sad9I7//iVYLzZsEU4BVgWIU= + total: 1 + last_commit_hash: Ne4uXyx4QtNp4Zx89kf9UK7oG9QVbdB6e7ZwZkhy8K0= + last_results_hash: 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= + next_validators_hash: nGBgKeWBjoxeKFti00CxHsnULORgKY4LiuQwBuUrhCs= + proposer_address: mMEP2c2IRPLr99LedSRtBg9eONM= + time: "2021-10-01T06:00:49.785790894Z" + validators_hash: nGBgKeWBjoxeKFti00CxHsnULORgKY4LiuQwBuUrhCs= + version: + app: "0" + block: "11" +valset: +- commission: + commission_rates: + max_change_rate: "0.010000000000000000" + max_rate: "0.200000000000000000" + rate: "0.100000000000000000" + update_time: "2021-10-01T05:52:50.380144238Z" + consensus_pubkey: + '@type': /cosmos.crypto.ed25519.PubKey + key: Auxs3865HpB/EfssYOzfqNhEJjzys2Fo6jD5B8tPgC8= + delegator_shares: "10000000.000000000000000000" + description: + details: "" + identity: "" + moniker: myvalidator + security_contact: "" + website: "" + jailed: false + min_self_delegation: "1" + operator_address: cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc + status: BOND_STATUS_BONDED + tokens: "10000000" + unbonding_height: "0" + unbonding_time: "1970-01-01T00:00:00Z" +``` + +##### params + +The `params` command allows users to query values set as staking parameters. + +Usage: + +```bash +simd query staking params [flags] +``` + +Example: + +```bash +simd query staking params +``` + +Example Output: + +```bash +bond_denom: stake +historical_entries: 10000 +max_entries: 7 +max_validators: 50 +unbonding_time: 1814400s +``` + +##### pool + +The `pool` command allows users to query values for amounts stored in the staking pool. + +Usage: + +```bash +simd q staking pool [flags] +``` + +Example: + +```bash +simd q staking pool +``` + +Example Output: + +```bash +bonded_tokens: "10000000" +not_bonded_tokens: "0" +``` + +##### redelegation + +The `redelegation` command allows users to query a redelegation record based on delegator and a source and destination validator address. + +Usage: + +```bash +simd query staking redelegation [delegator-addr] [src-validator-addr] [dst-validator-addr] [flags] +``` + +Example: + +```bash +simd query staking redelegation cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p cosmosvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +pagination: null +redelegation_responses: +- entries: + - balance: "50000000" + redelegation_entry: + completion_time: "2021-10-24T20:33:21.960084845Z" + creation_height: 2.382847e+06 + initial_balance: "50000000" + shares_dst: "50000000.000000000000000000" + - balance: "5000000000" + redelegation_entry: + completion_time: "2021-10-25T21:33:54.446846862Z" + creation_height: 2.397271e+06 + initial_balance: "5000000000" + shares_dst: "5000000000.000000000000000000" + redelegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + entries: null + validator_dst_address: cosmosvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm + validator_src_address: cosmosvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm +``` + +##### redelegations + +The `redelegations` command allows users to query all redelegation records for an individual delegator. + +Usage: + +```bash +simd query staking redelegations [delegator-addr] [flags] +``` + +Example: + +```bash +simd query staking redelegation cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "0" +redelegation_responses: +- entries: + - balance: "50000000" + redelegation_entry: + completion_time: "2021-10-24T20:33:21.960084845Z" + creation_height: 2.382847e+06 + initial_balance: "50000000" + shares_dst: "50000000.000000000000000000" + - balance: "5000000000" + redelegation_entry: + completion_time: "2021-10-25T21:33:54.446846862Z" + creation_height: 2.397271e+06 + initial_balance: "5000000000" + shares_dst: "5000000000.000000000000000000" + redelegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + entries: null + validator_dst_address: cosmosvaloper1uccl5ugxrm7vqlzwqr04pjd320d2fz0z3hc6vm + validator_src_address: cosmosvaloper1zppjyal5emta5cquje8ndkpz0rs046m7zqxrpp +- entries: + - balance: "562770000000" + redelegation_entry: + completion_time: "2021-10-25T21:42:07.336911677Z" + creation_height: 2.39735e+06 + initial_balance: "562770000000" + shares_dst: "562770000000.000000000000000000" + redelegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + entries: null + validator_dst_address: cosmosvaloper1uccl5ugxrm7vqlzwqr04pjd320d2fz0z3hc6vm + validator_src_address: cosmosvaloper1zppjyal5emta5cquje8ndkpz0rs046m7zqxrpp +``` + +##### redelegations-from + +The `redelegations-from` command allows users to query delegations that are redelegating _from_ a validator. + +Usage: + +```bash +simd query staking redelegations-from [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking redelegations-from cosmosvaloper1y4rzzrgl66eyhzt6gse2k7ej3zgwmngeleucjy +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "0" +redelegation_responses: +- entries: + - balance: "50000000" + redelegation_entry: + completion_time: "2021-10-24T20:33:21.960084845Z" + creation_height: 2.382847e+06 + initial_balance: "50000000" + shares_dst: "50000000.000000000000000000" + - balance: "5000000000" + redelegation_entry: + completion_time: "2021-10-25T21:33:54.446846862Z" + creation_height: 2.397271e+06 + initial_balance: "5000000000" + shares_dst: "5000000000.000000000000000000" + redelegation: + delegator_address: cosmos1pm6e78p4pgn0da365plzl4t56pxy8hwtqp2mph + entries: null + validator_dst_address: cosmosvaloper1uccl5ugxrm7vqlzwqr04pjd320d2fz0z3hc6vm + validator_src_address: cosmosvaloper1y4rzzrgl66eyhzt6gse2k7ej3zgwmngeleucjy +- entries: + - balance: "221000000" + redelegation_entry: + completion_time: "2021-10-05T21:05:45.669420544Z" + creation_height: 2.120693e+06 + initial_balance: "221000000" + shares_dst: "221000000.000000000000000000" + redelegation: + delegator_address: cosmos1zqv8qxy2zgn4c58fz8jt8jmhs3d0attcussrf6 + entries: null + validator_dst_address: cosmosvaloper10mseqwnwtjaqfrwwp2nyrruwmjp6u5jhah4c3y + validator_src_address: cosmosvaloper1y4rzzrgl66eyhzt6gse2k7ej3zgwmngeleucjy +``` + +##### unbonding-delegation + +The `unbonding-delegation` command allows users to query unbonding delegations for an individual delegator on an individual validator. + +Usage: + +```bash +simd query staking unbonding-delegation [delegator-addr] [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking unbonding-delegation cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p +entries: +- balance: "52000000" + completion_time: "2021-11-02T11:35:55.391594709Z" + creation_height: "55078" + initial_balance: "52000000" +validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +##### unbonding-delegations + +The `unbonding-delegations` command allows users to query all unbonding-delegations records for one delegator. + +Usage: + +```bash +simd query staking unbonding-delegations [delegator-addr] [flags] +``` + +Example: + +```bash +simd query staking unbonding-delegations cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "0" +unbonding_responses: +- delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + entries: + - balance: "52000000" + completion_time: "2021-11-02T11:35:55.391594709Z" + creation_height: "55078" + initial_balance: "52000000" + validator_address: cosmosvaloper1t8ehvswxjfn3ejzkjtntcyrqwvmvuknzmvtaaa + +``` + +##### unbonding-delegations-from + +The `unbonding-delegations-from` command allows users to query delegations that are unbonding _from_ a validator. + +Usage: + +```bash +simd query staking unbonding-delegations-from [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking unbonding-delegations-from cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "0" +unbonding_responses: +- delegator_address: cosmos1qqq9txnw4c77sdvzx0tkedsafl5s3vk7hn53fn + entries: + - balance: "150000000" + completion_time: "2021-11-01T21:41:13.098141574Z" + creation_height: "46823" + initial_balance: "150000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +- delegator_address: cosmos1peteje73eklqau66mr7h7rmewmt2vt99y24f5z + entries: + - balance: "24000000" + completion_time: "2021-10-31T02:57:18.192280361Z" + creation_height: "21516" + initial_balance: "24000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +##### validator + +The `validator` command allows users to query details about an individual validator. + +Usage: + +```bash +simd query staking validator [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking validator cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +commission: + commission_rates: + max_change_rate: "0.020000000000000000" + max_rate: "0.200000000000000000" + rate: "0.050000000000000000" + update_time: "2021-10-01T19:24:52.663191049Z" +consensus_pubkey: + '@type': /cosmos.crypto.ed25519.PubKey + key: sIiexdJdYWn27+7iUHQJDnkp63gq/rzUq1Y+fxoGjXc= +delegator_shares: "32948270000.000000000000000000" +description: + details: Witval is the validator arm from Vitwit. Vitwit is into software consulting + and services business since 2015. We are working closely with Cosmos ecosystem + since 2018. We are also building tools for the ecosystem, Aneka is our explorer + for the cosmos ecosystem. + identity: 51468B615127273A + moniker: Witval + security_contact: "" + website: "" +jailed: false +min_self_delegation: "1" +operator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +status: BOND_STATUS_BONDED +tokens: "32948270000" +unbonding_height: "0" +unbonding_time: "1970-01-01T00:00:00Z" +``` + +##### validators + +The `validators` command allows users to query details about all validators on a network. + +Usage: + +```bash +simd query staking validators [flags] +``` + +Example: + +```bash +simd query staking validators +``` + +Example Output: + +```bash +pagination: + next_key: FPTi7TKAjN63QqZh+BaXn6gBmD5/ + total: "0" +validators: +commission: + commission_rates: + max_change_rate: "0.020000000000000000" + max_rate: "0.200000000000000000" + rate: "0.050000000000000000" + update_time: "2021-10-01T19:24:52.663191049Z" +consensus_pubkey: + '@type': /cosmos.crypto.ed25519.PubKey + key: sIiexdJdYWn27+7iUHQJDnkp63gq/rzUq1Y+fxoGjXc= +delegator_shares: "32948270000.000000000000000000" +description: + details: Witval is the validator arm from Vitwit. Vitwit is into software consulting + and services business since 2015. We are working closely with Cosmos ecosystem + since 2018. We are also building tools for the ecosystem, Aneka is our explorer + for the cosmos ecosystem. + identity: 51468B615127273A + moniker: Witval + security_contact: "" + website: "" + jailed: false + min_self_delegation: "1" + operator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj + status: BOND_STATUS_BONDED + tokens: "32948270000" + unbonding_height: "0" + unbonding_time: "1970-01-01T00:00:00Z" +- commission: + commission_rates: + max_change_rate: "0.100000000000000000" + max_rate: "0.200000000000000000" + rate: "0.050000000000000000" + update_time: "2021-10-04T18:02:21.446645619Z" + consensus_pubkey: + '@type': /cosmos.crypto.ed25519.PubKey + key: GDNpuKDmCg9GnhnsiU4fCWktuGUemjNfvpCZiqoRIYA= + delegator_shares: "559343421.000000000000000000" + description: + details: Noderunners is a professional validator in POS networks. We have a huge + node running experience, reliable soft and hardware. Our commissions are always + low, our support to delegators is always full. Stake with us and start receiving + your Cosmos rewards now! + identity: 812E82D12FEA3493 + moniker: Noderunners + security_contact: info@noderunners.biz + website: http://noderunners.biz + jailed: false + min_self_delegation: "1" + operator_address: cosmosvaloper1q5ku90atkhktze83j9xjaks2p7uruag5zp6wt7 + status: BOND_STATUS_BONDED + tokens: "559343421" + unbonding_height: "0" + unbonding_time: "1970-01-01T00:00:00Z" +``` + +#### Transactions + +The `tx` commands allows users to interact with the `staking` module. + +```bash +simd tx staking --help +``` + +##### create-validator + +The command `create-validator` allows users to create new validator initialized with a self-delegation to it. + +Usage: + +```bash +simd tx staking create-validator [path/to/validator.json] [flags] +``` + +Example: + +```bash +simd tx staking create-validator /path/to/validator.json \ + --chain-id="name_of_chain_id" \ + --gas="auto" \ + --gas-adjustment="1.2" \ + --gas-prices="0.025stake" \ + --from=mykey +``` + +where `validator.json` contains: + +```json +{ + "pubkey": {"@type":"/cosmos.crypto.ed25519.PubKey","key":"BnbwFpeONLqvWqJb3qaUbL5aoIcW3fSuAp9nT3z5f20="}, + "amount": "1000000stake", + "moniker": "my-moniker", + "website": "https://myweb.site", + "security": "security-contact@gmail.com", + "details": "description of your validator", + "commission-rate": "0.10", + "commission-max-rate": "0.20", + "commission-max-change-rate": "0.01", + "min-self-delegation": "1" +} +``` + +and pubkey can be obtained by using `simd tendermint show-validator` command. + +##### delegate + +The command `delegate` allows users to delegate liquid tokens to a validator. + +Usage: + +```bash +simd tx staking delegate [validator-addr] [amount] [flags] +``` + +Example: + +```bash +simd tx staking delegate cosmosvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm 1000stake --from mykey +``` + +##### edit-validator + +The command `edit-validator` allows users to edit an existing validator account. + +Usage: + +```bash +simd tx staking edit-validator [flags] +``` + +Example: + +```bash +simd tx staking edit-validator --moniker "new_moniker_name" --website "new_webiste_url" --from mykey +``` + +##### redelegate + +The command `redelegate` allows users to redelegate illiquid tokens from one validator to another. + +Usage: + +```bash +simd tx staking redelegate [src-validator-addr] [dst-validator-addr] [amount] [flags] +``` + +Example: + +```bash +simd tx staking redelegate cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj cosmosvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm 100stake --from mykey +``` + +##### unbond + +The command `unbond` allows users to unbond shares from a validator. + +Usage: + +```bash +simd tx staking unbond [validator-addr] [amount] [flags] +``` + +Example: + +```bash +simd tx staking unbond cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj 100stake --from mykey +``` + +##### cancel unbond + +The command `cancel-unbond` allow users to cancel the unbonding delegation entry and delegate back to the original validator. + +Usage: + +```bash +simd tx staking cancel-unbond [validator-addr] [amount] [creation-height] +``` + +Example: + +```bash +simd tx staking cancel-unbond cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj 100stake 123123 --from mykey +``` + + +### gRPC + +A user can query the `staking` module using gRPC endpoints. + +#### Validators + +The `Validators` endpoint queries all validators that match the given status. + +```bash +cosmos.staking.v1beta1.Query/Validators +``` + +Example: + +```bash +grpcurl -plaintext localhost:9090 cosmos.staking.v1beta1.Query/Validators +``` + +Example Output: + +```bash +{ + "validators": [ + { + "operatorAddress": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "consensusPubkey": {"@type":"/cosmos.crypto.ed25519.PubKey","key":"Auxs3865HpB/EfssYOzfqNhEJjzys2Fo6jD5B8tPgC8="}, + "status": "BOND_STATUS_BONDED", + "tokens": "10000000", + "delegatorShares": "10000000000000000000000000", + "description": { + "moniker": "myvalidator" + }, + "unbondingTime": "1970-01-01T00:00:00Z", + "commission": { + "commissionRates": { + "rate": "100000000000000000", + "maxRate": "200000000000000000", + "maxChangeRate": "10000000000000000" + }, + "updateTime": "2021-10-01T05:52:50.380144238Z" + }, + "minSelfDelegation": "1" + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### Validator + +The `Validator` endpoint queries validator information for given validator address. + +```bash +cosmos.staking.v1beta1.Query/Validator +``` + +Example: + +```bash +grpcurl -plaintext -d '{"validator_addr":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/Validator +``` + +Example Output: + +```bash +{ + "validator": { + "operatorAddress": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "consensusPubkey": {"@type":"/cosmos.crypto.ed25519.PubKey","key":"Auxs3865HpB/EfssYOzfqNhEJjzys2Fo6jD5B8tPgC8="}, + "status": "BOND_STATUS_BONDED", + "tokens": "10000000", + "delegatorShares": "10000000000000000000000000", + "description": { + "moniker": "myvalidator" + }, + "unbondingTime": "1970-01-01T00:00:00Z", + "commission": { + "commissionRates": { + "rate": "100000000000000000", + "maxRate": "200000000000000000", + "maxChangeRate": "10000000000000000" + }, + "updateTime": "2021-10-01T05:52:50.380144238Z" + }, + "minSelfDelegation": "1" + } +} +``` + +#### ValidatorDelegations + +The `ValidatorDelegations` endpoint queries delegate information for given validator. + +```bash +cosmos.staking.v1beta1.Query/ValidatorDelegations +``` + +Example: + +```bash +grpcurl -plaintext -d '{"validator_addr":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/ValidatorDelegations +``` + +Example Output: + +```bash +{ + "delegationResponses": [ + { + "delegation": { + "delegatorAddress": "cosmos1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgy3ua5t", + "validatorAddress": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "shares": "10000000000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "10000000" + } + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### ValidatorUnbondingDelegations + +The `ValidatorUnbondingDelegations` endpoint queries delegate information for given validator. + +```bash +cosmos.staking.v1beta1.Query/ValidatorUnbondingDelegations +``` + +Example: + +```bash +grpcurl -plaintext -d '{"validator_addr":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/ValidatorUnbondingDelegations +``` + +Example Output: + +```bash +{ + "unbonding_responses": [ + { + "delegator_address": "cosmos1z3pzzw84d6xn00pw9dy3yapqypfde7vg6965fy", + "validator_address": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "entries": [ + { + "creation_height": "25325", + "completion_time": "2021-10-31T09:24:36.797320636Z", + "initial_balance": "20000000", + "balance": "20000000" + } + ] + }, + { + "delegator_address": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", + "validator_address": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "entries": [ + { + "creation_height": "13100", + "completion_time": "2021-10-30T12:53:02.272266791Z", + "initial_balance": "1000000", + "balance": "1000000" + } + ] + }, + ], + "pagination": { + "next_key": null, + "total": "8" + } +} +``` + +#### Delegation + +The `Delegation` endpoint queries delegate information for given validator delegator pair. + +```bash +cosmos.staking.v1beta1.Query/Delegation +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", validator_addr":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/Delegation +``` + +Example Output: + +```bash +{ + "delegation_response": + { + "delegation": + { + "delegator_address":"cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", + "validator_address":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "shares":"25083119936.000000000000000000" + }, + "balance": + { + "denom":"stake", + "amount":"25083119936" + } + } +} +``` + +#### UnbondingDelegation + +The `UnbondingDelegation` endpoint queries unbonding information for given validator delegator. + +```bash +cosmos.staking.v1beta1.Query/UnbondingDelegation +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", validator_addr":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/UnbondingDelegation +``` + +Example Output: + +```bash +{ + "unbond": { + "delegator_address": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", + "validator_address": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "entries": [ + { + "creation_height": "136984", + "completion_time": "2021-11-08T05:38:47.505593891Z", + "initial_balance": "400000000", + "balance": "400000000" + }, + { + "creation_height": "137005", + "completion_time": "2021-11-08T05:40:53.526196312Z", + "initial_balance": "385000000", + "balance": "385000000" + } + ] + } +} +``` + +#### DelegatorDelegations + +The `DelegatorDelegations` endpoint queries all delegations of a given delegator address. + +```bash +cosmos.staking.v1beta1.Query/DelegatorDelegations +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/DelegatorDelegations +``` + +Example Output: + +```bash +{ + "delegation_responses": [ + {"delegation":{"delegator_address":"cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77","validator_address":"cosmosvaloper1eh5mwu044gd5ntkkc2xgfg8247mgc56fww3vc8","shares":"25083339023.000000000000000000"},"balance":{"denom":"stake","amount":"25083339023"}} + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### DelegatorUnbondingDelegations + +The `DelegatorUnbondingDelegations` endpoint queries all unbonding delegations of a given delegator address. + +```bash +cosmos.staking.v1beta1.Query/DelegatorUnbondingDelegations +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/DelegatorUnbondingDelegations +``` + +Example Output: + +```bash +{ + "unbonding_responses": [ + { + "delegator_address": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", + "validator_address": "cosmosvaloper1sjllsnramtg3ewxqwwrwjxfgc4n4ef9uxyejze", + "entries": [ + { + "creation_height": "136984", + "completion_time": "2021-11-08T05:38:47.505593891Z", + "initial_balance": "400000000", + "balance": "400000000" + }, + { + "creation_height": "137005", + "completion_time": "2021-11-08T05:40:53.526196312Z", + "initial_balance": "385000000", + "balance": "385000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### Redelegations + +The `Redelegations` endpoint queries redelegations of given address. + +```bash +cosmos.staking.v1beta1.Query/Redelegations +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1ld5p7hn43yuh8ht28gm9pfjgj2fctujp2tgwvf", "src_validator_addr" : "cosmosvaloper1j7euyj85fv2jugejrktj540emh9353ltgppc3g", "dst_validator_addr" : "cosmosvaloper1yy3tnegzmkdcm7czzcy3flw5z0zyr9vkkxrfse"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/Redelegations +``` + +Example Output: + +```bash +{ + "redelegation_responses": [ + { + "redelegation": { + "delegator_address": "cosmos1ld5p7hn43yuh8ht28gm9pfjgj2fctujp2tgwvf", + "validator_src_address": "cosmosvaloper1j7euyj85fv2jugejrktj540emh9353ltgppc3g", + "validator_dst_address": "cosmosvaloper1yy3tnegzmkdcm7czzcy3flw5z0zyr9vkkxrfse", + "entries": null + }, + "entries": [ + { + "redelegation_entry": { + "creation_height": 135932, + "completion_time": "2021-11-08T03:52:55.299147901Z", + "initial_balance": "2900000", + "shares_dst": "2900000.000000000000000000" + }, + "balance": "2900000" + } + ] + } + ], + "pagination": null +} +``` + +#### DelegatorValidators + +The `DelegatorValidators` endpoint queries all validators information for given delegator. + +```bash +cosmos.staking.v1beta1.Query/DelegatorValidators +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1ld5p7hn43yuh8ht28gm9pfjgj2fctujp2tgwvf"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/DelegatorValidators +``` + +Example Output: + +```bash +{ + "validators": [ + { + "operator_address": "cosmosvaloper1eh5mwu044gd5ntkkc2xgfg8247mgc56fww3vc8", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "UPwHWxH1zHJWGOa/m6JB3f5YjHMvPQPkVbDqqi+U7Uw=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "347260647559", + "delegator_shares": "347260647559.000000000000000000", + "description": { + "moniker": "BouBouNode", + "identity": "", + "website": "https://boubounode.com", + "security_contact": "", + "details": "AI-based Validator. #1 AI Validator on Game of Stakes. Fairly priced. Don't trust (humans), verify. Made with BouBou love." + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.061000000000000000", + "max_rate": "0.300000000000000000", + "max_change_rate": "0.150000000000000000" + }, + "update_time": "2021-10-01T15:00:00Z" + }, + "min_self_delegation": "1" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### DelegatorValidator + +The `DelegatorValidator` endpoint queries validator information for given delegator validator + +```bash +cosmos.staking.v1beta1.Query/DelegatorValidator +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1eh5mwu044gd5ntkkc2xgfg8247mgc56f3n8rr7", "validator_addr": "cosmosvaloper1eh5mwu044gd5ntkkc2xgfg8247mgc56fww3vc8"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/DelegatorValidator +``` + +Example Output: + +```bash +{ + "validator": { + "operator_address": "cosmosvaloper1eh5mwu044gd5ntkkc2xgfg8247mgc56fww3vc8", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "UPwHWxH1zHJWGOa/m6JB3f5YjHMvPQPkVbDqqi+U7Uw=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "347262754841", + "delegator_shares": "347262754841.000000000000000000", + "description": { + "moniker": "BouBouNode", + "identity": "", + "website": "https://boubounode.com", + "security_contact": "", + "details": "AI-based Validator. #1 AI Validator on Game of Stakes. Fairly priced. Don't trust (humans), verify. Made with BouBou love." + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.061000000000000000", + "max_rate": "0.300000000000000000", + "max_change_rate": "0.150000000000000000" + }, + "update_time": "2021-10-01T15:00:00Z" + }, + "min_self_delegation": "1" + } +} +``` + +#### HistoricalInfo + +```bash +cosmos.staking.v1beta1.Query/HistoricalInfo +``` + +Example: + +```bash +grpcurl -plaintext -d '{"height" : 1}' localhost:9090 cosmos.staking.v1beta1.Query/HistoricalInfo +``` + +Example Output: + +```bash +{ + "hist": { + "header": { + "version": { + "block": "11", + "app": "0" + }, + "chain_id": "simd-1", + "height": "140142", + "time": "2021-10-11T10:56:29.720079569Z", + "last_block_id": { + "hash": "9gri/4LLJUBFqioQ3NzZIP9/7YHR9QqaM6B2aJNQA7o=", + "part_set_header": { + "total": 1, + "hash": "Hk1+C864uQkl9+I6Zn7IurBZBKUevqlVtU7VqaZl1tc=" + } + }, + "last_commit_hash": "VxrcS27GtvGruS3I9+AlpT7udxIT1F0OrRklrVFSSKc=", + "data_hash": "80BjOrqNYUOkTnmgWyz9AQ8n7SoEmPVi4QmAe8RbQBY=", + "validators_hash": "95W49n2hw8RWpr1GPTAO5MSPi6w6Wjr3JjjS7AjpBho=", + "next_validators_hash": "95W49n2hw8RWpr1GPTAO5MSPi6w6Wjr3JjjS7AjpBho=", + "consensus_hash": "BICRvH3cKD93v7+R1zxE2ljD34qcvIZ0Bdi389qtoi8=", + "app_hash": "ZZaxnSY3E6Ex5Bvkm+RigYCK82g8SSUL53NymPITeOE=", + "last_results_hash": "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=", + "evidence_hash": "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=", + "proposer_address": "aH6dO428B+ItuoqPq70efFHrSMY=" + }, + "valset": [ + { + "operator_address": "cosmosvaloper196ax4vc0lwpxndu9dyhvca7jhxp70rmcqcnylw", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "/O7BtNW0pafwfvomgR4ZnfldwPXiFfJs9mHg3gwfv5Q=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "1426045203613", + "delegator_shares": "1426045203613.000000000000000000", + "description": { + "moniker": "SG-1", + "identity": "48608633F99D1B60", + "website": "https://sg-1.online", + "security_contact": "", + "details": "SG-1 - your favorite validator on Witval. We offer 100% Soft Slash protection." + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.037500000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.030000000000000000" + }, + "update_time": "2021-10-01T15:00:00Z" + }, + "min_self_delegation": "1" + } + ] + } +} + +``` + +#### Pool + +The `Pool` endpoint queries the pool information. + +```bash +cosmos.staking.v1beta1.Query/Pool +``` + +Example: + +```bash +grpcurl -plaintext -d localhost:9090 cosmos.staking.v1beta1.Query/Pool +``` + +Example Output: + +```bash +{ + "pool": { + "not_bonded_tokens": "369054400189", + "bonded_tokens": "15657192425623" + } +} +``` + +#### Params + +The `Params` endpoint queries the pool information. + +```bash +cosmos.staking.v1beta1.Query/Params +``` + +Example: + +```bash +grpcurl -plaintext localhost:9090 cosmos.staking.v1beta1.Query/Params +``` + +Example Output: + +```bash +{ + "params": { + "unbondingTime": "1814400s", + "maxValidators": 100, + "maxEntries": 7, + "historicalEntries": 10000, + "bondDenom": "stake" + } +} +``` + +### REST + +A user can query the `staking` module using REST endpoints. + +#### DelegatorDelegations + +The `DelegtaorDelegations` REST endpoint queries all delegations of a given delegator address. + +```bash +/cosmos/staking/v1beta1/delegations/{delegatorAddr} +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/delegations/cosmos1vcs68xf2tnqes5tg0khr0vyevm40ff6zdxatp5" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "delegation_responses": [ + { + "delegation": { + "delegator_address": "cosmos1vcs68xf2tnqes5tg0khr0vyevm40ff6zdxatp5", + "validator_address": "cosmosvaloper1quqxfrxkycr0uzt4yk0d57tcq3zk7srm7sm6r8", + "shares": "256250000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "256250000" + } + }, + { + "delegation": { + "delegator_address": "cosmos1vcs68xf2tnqes5tg0khr0vyevm40ff6zdxatp5", + "validator_address": "cosmosvaloper194v8uwee2fvs2s8fa5k7j03ktwc87h5ym39jfv", + "shares": "255150000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "255150000" + } + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +#### Redelegations + +The `Redelegations` REST endpoint queries redelegations of given address. + +```bash +/cosmos/staking/v1beta1/delegators/{delegatorAddr}/redelegations +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/delegators/cosmos1thfntksw0d35n2tkr0k8v54fr8wxtxwxl2c56e/redelegations?srcValidatorAddr=cosmosvaloper1lzhlnpahvznwfv4jmay2tgaha5kmz5qx4cuznf&dstValidatorAddr=cosmosvaloper1vq8tw77kp8lvxq9u3c8eeln9zymn68rng8pgt4" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "redelegation_responses": [ + { + "redelegation": { + "delegator_address": "cosmos1thfntksw0d35n2tkr0k8v54fr8wxtxwxl2c56e", + "validator_src_address": "cosmosvaloper1lzhlnpahvznwfv4jmay2tgaha5kmz5qx4cuznf", + "validator_dst_address": "cosmosvaloper1vq8tw77kp8lvxq9u3c8eeln9zymn68rng8pgt4", + "entries": null + }, + "entries": [ + { + "redelegation_entry": { + "creation_height": 151523, + "completion_time": "2021-11-09T06:03:25.640682116Z", + "initial_balance": "200000000", + "shares_dst": "200000000.000000000000000000" + }, + "balance": "200000000" + } + ] + } + ], + "pagination": null +} +``` + +#### DelegatorUnbondingDelegations + +The `DelegatorUnbondingDelegations` REST endpoint queries all unbonding delegations of a given delegator address. + +```bash +/cosmos/staking/v1beta1/delegators/{delegatorAddr}/unbonding_delegations +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/delegators/cosmos1nxv42u3lv642q0fuzu2qmrku27zgut3n3z7lll/unbonding_delegations" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "unbonding_responses": [ + { + "delegator_address": "cosmos1nxv42u3lv642q0fuzu2qmrku27zgut3n3z7lll", + "validator_address": "cosmosvaloper1e7mvqlz50ch6gw4yjfemsc069wfre4qwmw53kq", + "entries": [ + { + "creation_height": "2442278", + "completion_time": "2021-10-12T10:59:03.797335857Z", + "initial_balance": "50000000000", + "balance": "50000000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### DelegatorValidators + +The `DelegatorValidators` REST endpoint queries all validators information for given delegator address. + +```bash +/cosmos/staking/v1beta1/delegators/{delegatorAddr}/validators +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/delegators/cosmos1xwazl8ftks4gn00y5x3c47auquc62ssune9ppv/validators" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "validators": [ + { + "operator_address": "cosmosvaloper1xwazl8ftks4gn00y5x3c47auquc62ssuvynw64", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "5v4n3px3PkfNnKflSgepDnsMQR1hiNXnqOC11Y72/PQ=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "21592843799", + "delegator_shares": "21592843799.000000000000000000", + "description": { + "moniker": "jabbey", + "identity": "", + "website": "https://twitter.com/JoeAbbey", + "security_contact": "", + "details": "just another dad in the cosmos" + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.100000000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.100000000000000000" + }, + "update_time": "2021-10-09T19:03:54.984821705Z" + }, + "min_self_delegation": "1" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### DelegatorValidator + +The `DelegatorValidator` REST endpoint queries validator information for given delegator validator pair. + +```bash +/cosmos/staking/v1beta1/delegators/{delegatorAddr}/validators/{validatorAddr} +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/delegators/cosmos1xwazl8ftks4gn00y5x3c47auquc62ssune9ppv/validators/cosmosvaloper1xwazl8ftks4gn00y5x3c47auquc62ssuvynw64" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "validator": { + "operator_address": "cosmosvaloper1xwazl8ftks4gn00y5x3c47auquc62ssuvynw64", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "5v4n3px3PkfNnKflSgepDnsMQR1hiNXnqOC11Y72/PQ=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "21592843799", + "delegator_shares": "21592843799.000000000000000000", + "description": { + "moniker": "jabbey", + "identity": "", + "website": "https://twitter.com/JoeAbbey", + "security_contact": "", + "details": "just another dad in the cosmos" + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.100000000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.100000000000000000" + }, + "update_time": "2021-10-09T19:03:54.984821705Z" + }, + "min_self_delegation": "1" + } +} +``` + +#### HistoricalInfo + +The `HistoricalInfo` REST endpoint queries the historical information for given height. + +```bash +/cosmos/staking/v1beta1/historical_info/{height} +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/historical_info/153332" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "hist": { + "header": { + "version": { + "block": "11", + "app": "0" + }, + "chain_id": "cosmos-1", + "height": "153332", + "time": "2021-10-12T09:05:35.062230221Z", + "last_block_id": { + "hash": "NX8HevR5khb7H6NGKva+jVz7cyf0skF1CrcY9A0s+d8=", + "part_set_header": { + "total": 1, + "hash": "zLQ2FiKM5tooL3BInt+VVfgzjlBXfq0Hc8Iux/xrhdg=" + } + }, + "last_commit_hash": "P6IJrK8vSqU3dGEyRHnAFocoDGja0bn9euLuy09s350=", + "data_hash": "eUd+6acHWrNXYju8Js449RJ99lOYOs16KpqQl4SMrEM=", + "validators_hash": "mB4pravvMsJKgi+g8aYdSeNlt0kPjnRFyvtAQtaxcfw=", + "next_validators_hash": "mB4pravvMsJKgi+g8aYdSeNlt0kPjnRFyvtAQtaxcfw=", + "consensus_hash": "BICRvH3cKD93v7+R1zxE2ljD34qcvIZ0Bdi389qtoi8=", + "app_hash": "fuELArKRK+CptnZ8tu54h6xEleSWenHNmqC84W866fU=", + "last_results_hash": "p/BPexV4LxAzlVcPRvW+lomgXb6Yze8YLIQUo/4Kdgc=", + "evidence_hash": "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=", + "proposer_address": "G0MeY8xQx7ooOsni8KE/3R/Ib3Q=" + }, + "valset": [ + { + "operator_address": "cosmosvaloper196ax4vc0lwpxndu9dyhvca7jhxp70rmcqcnylw", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "/O7BtNW0pafwfvomgR4ZnfldwPXiFfJs9mHg3gwfv5Q=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "1416521659632", + "delegator_shares": "1416521659632.000000000000000000", + "description": { + "moniker": "SG-1", + "identity": "48608633F99D1B60", + "website": "https://sg-1.online", + "security_contact": "", + "details": "SG-1 - your favorite validator on cosmos. We offer 100% Soft Slash protection." + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.037500000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.030000000000000000" + }, + "update_time": "2021-10-01T15:00:00Z" + }, + "min_self_delegation": "1" + }, + { + "operator_address": "cosmosvaloper1t8ehvswxjfn3ejzkjtntcyrqwvmvuknzmvtaaa", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "uExZyjNLtr2+FFIhNDAMcQ8+yTrqE7ygYTsI7khkA5Y=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "1348298958808", + "delegator_shares": "1348298958808.000000000000000000", + "description": { + "moniker": "Cosmostation", + "identity": "AE4C403A6E7AA1AC", + "website": "https://www.cosmostation.io", + "security_contact": "admin@stamper.network", + "details": "Cosmostation validator node. Delegate your tokens and Start Earning Staking Rewards" + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.050000000000000000", + "max_rate": "1.000000000000000000", + "max_change_rate": "0.200000000000000000" + }, + "update_time": "2021-10-01T15:06:38.821314287Z" + }, + "min_self_delegation": "1" + } + ] + } +} +``` + +#### Parameters + +The `Parameters` REST endpoint queries the staking parameters. + +```bash +/cosmos/staking/v1beta1/params +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/params" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "params": { + "unbonding_time": "2419200s", + "max_validators": 100, + "max_entries": 7, + "historical_entries": 10000, + "bond_denom": "stake" + } +} +``` + +#### Pool + +The `Pool` REST endpoint queries the pool information. + +```bash +/cosmos/staking/v1beta1/pool +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/pool" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "pool": { + "not_bonded_tokens": "432805737458", + "bonded_tokens": "15783637712645" + } +} +``` + +#### Validators + +The `Validators` REST endpoint queries all validators that match the given status. + +```bash +/cosmos/staking/v1beta1/validators +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/validators" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "validators": [ + { + "operator_address": "cosmosvaloper1q3jsx9dpfhtyqqgetwpe5tmk8f0ms5qywje8tw", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "N7BPyek2aKuNZ0N/8YsrqSDhGZmgVaYUBuddY8pwKaE=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "383301887799", + "delegator_shares": "383301887799.000000000000000000", + "description": { + "moniker": "SmartNodes", + "identity": "D372724899D1EDC8", + "website": "https://smartnodes.co", + "security_contact": "", + "details": "Earn Rewards with Crypto Staking & Node Deployment" + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.050000000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.100000000000000000" + }, + "update_time": "2021-10-01T15:51:31.596618510Z" + }, + "min_self_delegation": "1" + }, + { + "operator_address": "cosmosvaloper1q5ku90atkhktze83j9xjaks2p7uruag5zp6wt7", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "GDNpuKDmCg9GnhnsiU4fCWktuGUemjNfvpCZiqoRIYA=" + }, + "jailed": false, + "status": "BOND_STATUS_UNBONDING", + "tokens": "1017819654", + "delegator_shares": "1017819654.000000000000000000", + "description": { + "moniker": "Noderunners", + "identity": "812E82D12FEA3493", + "website": "http://noderunners.biz", + "security_contact": "info@noderunners.biz", + "details": "Noderunners is a professional validator in POS networks. We have a huge node running experience, reliable soft and hardware. Our commissions are always low, our support to delegators is always full. Stake with us and start receiving your cosmos rewards now!" + }, + "unbonding_height": "147302", + "unbonding_time": "2021-11-08T22:58:53.718662452Z", + "commission": { + "commission_rates": { + "rate": "0.050000000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.100000000000000000" + }, + "update_time": "2021-10-04T18:02:21.446645619Z" + }, + "min_self_delegation": "1" + } + ], + "pagination": { + "next_key": "FONDBFkE4tEEf7yxWWKOD49jC2NK", + "total": "2" + } +} +``` + +#### Validator + +The `Validator` REST endpoint queries validator information for given validator address. + +```bash +/cosmos/staking/v1beta1/validators/{validatorAddr} +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/validators/cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "validator": { + "operator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "sIiexdJdYWn27+7iUHQJDnkp63gq/rzUq1Y+fxoGjXc=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "33027900000", + "delegator_shares": "33027900000.000000000000000000", + "description": { + "moniker": "Witval", + "identity": "51468B615127273A", + "website": "", + "security_contact": "", + "details": "Witval is the validator arm from Vitwit. Vitwit is into software consulting and services business since 2015. We are working closely with Cosmos ecosystem since 2018. We are also building tools for the ecosystem, Aneka is our explorer for the cosmos ecosystem." + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.050000000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.020000000000000000" + }, + "update_time": "2021-10-01T19:24:52.663191049Z" + }, + "min_self_delegation": "1" + } +} +``` + +#### ValidatorDelegations + +The `ValidatorDelegations` REST endpoint queries delegate information for given validator. + +```bash +/cosmos/staking/v1beta1/validators/{validatorAddr}/delegations +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/validators/cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q/delegations" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "delegation_responses": [ + { + "delegation": { + "delegator_address": "cosmos190g5j8aszqhvtg7cprmev8xcxs6csra7xnk3n3", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "31000000000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "31000000000" + } + }, + { + "delegation": { + "delegator_address": "cosmos1ddle9tczl87gsvmeva3c48nenyng4n56qwq4ee", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "628470000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "628470000" + } + }, + { + "delegation": { + "delegator_address": "cosmos10fdvkczl76m040smd33lh9xn9j0cf26kk4s2nw", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "838120000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "838120000" + } + }, + { + "delegation": { + "delegator_address": "cosmos1n8f5fknsv2yt7a8u6nrx30zqy7lu9jfm0t5lq8", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "500000000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "500000000" + } + }, + { + "delegation": { + "delegator_address": "cosmos16msryt3fqlxtvsy8u5ay7wv2p8mglfg9hrek2e", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "61310000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "61310000" + } + } + ], + "pagination": { + "next_key": null, + "total": "5" + } +} +``` + +#### Delegation + +The `Delegation` REST endpoint queries delegate information for given validator delegator pair. + +```bash +/cosmos/staking/v1beta1/validators/{validatorAddr}/delegations/{delegatorAddr} +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/validators/cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q/delegations/cosmos1n8f5fknsv2yt7a8u6nrx30zqy7lu9jfm0t5lq8" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "delegation_response": { + "delegation": { + "delegator_address": "cosmos1n8f5fknsv2yt7a8u6nrx30zqy7lu9jfm0t5lq8", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "500000000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "500000000" + } + } +} +``` + +#### UnbondingDelegation + +The `UnbondingDelegation` REST endpoint queries unbonding information for given validator delegator pair. + +```bash +/cosmos/staking/v1beta1/validators/{validatorAddr}/delegations/{delegatorAddr}/unbonding_delegation +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/validators/cosmosvaloper13v4spsah85ps4vtrw07vzea37gq5la5gktlkeu/delegations/cosmos1ze2ye5u5k3qdlexvt2e0nn0508p04094ya0qpm/unbonding_delegation" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "unbond": { + "delegator_address": "cosmos1ze2ye5u5k3qdlexvt2e0nn0508p04094ya0qpm", + "validator_address": "cosmosvaloper13v4spsah85ps4vtrw07vzea37gq5la5gktlkeu", + "entries": [ + { + "creation_height": "153687", + "completion_time": "2021-11-09T09:41:18.352401903Z", + "initial_balance": "525111", + "balance": "525111" + } + ] + } +} +``` + +#### ValidatorUnbondingDelegations + +The `ValidatorUnbondingDelegations` REST endpoint queries unbonding delegations of a validator. + +```bash +/cosmos/staking/v1beta1/validators/{validatorAddr}/unbonding_delegations +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/validators/cosmosvaloper13v4spsah85ps4vtrw07vzea37gq5la5gktlkeu/unbonding_delegations" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "unbonding_responses": [ + { + "delegator_address": "cosmos1q9snn84jfrd9ge8t46kdcggpe58dua82vnj7uy", + "validator_address": "cosmosvaloper13v4spsah85ps4vtrw07vzea37gq5la5gktlkeu", + "entries": [ + { + "creation_height": "90998", + "completion_time": "2021-11-05T00:14:37.005841058Z", + "initial_balance": "24000000", + "balance": "24000000" + } + ] + }, + { + "delegator_address": "cosmos1qf36e6wmq9h4twhdvs6pyq9qcaeu7ye0s3dqq2", + "validator_address": "cosmosvaloper13v4spsah85ps4vtrw07vzea37gq5la5gktlkeu", + "entries": [ + { + "creation_height": "47478", + "completion_time": "2021-11-01T22:47:26.714116854Z", + "initial_balance": "8000000", + "balance": "8000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/modules/upgrade/README.md b/copy-of-sdk-versioned_docs/version-0.47/build/modules/upgrade/README.md new file mode 100644 index 00000000..d1be1b2c --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/modules/upgrade/README.md @@ -0,0 +1,619 @@ +--- +sidebar_position: 1 +--- + +# `x/upgrade` + +## Abstract + +`x/upgrade` is an implementation of a Cosmos SDK module that facilitates smoothly +upgrading a live Cosmos chain to a new (breaking) software version. It accomplishes this by +providing a `BeginBlocker` hook that prevents the blockchain state machine from +proceeding once a pre-defined upgrade block height has been reached. + +The module does not prescribe anything regarding how governance decides to do an +upgrade, but just the mechanism for coordinating the upgrade safely. Without software +support for upgrades, upgrading a live chain is risky because all of the validators +need to pause their state machines at exactly the same point in the process. If +this is not done correctly, there can be state inconsistencies which are hard to +recover from. + +* [Concepts](#concepts) +* [State](#state) +* [Events](#events) +* [Client](#client) + * [CLI](#cli) + * [REST](#rest) + * [gRPC](#grpc) +* [Resources](#resources) + +## Concepts + +### Plan + +The `x/upgrade` module defines a `Plan` type in which a live upgrade is scheduled +to occur. A `Plan` can be scheduled at a specific block height. +A `Plan` is created once a (frozen) release candidate along with an appropriate upgrade +`Handler` (see below) is agreed upon, where the `Name` of a `Plan` corresponds to a +specific `Handler`. Typically, a `Plan` is created through a governance proposal +process, where if voted upon and passed, will be scheduled. The `Info` of a `Plan` +may contain various metadata about the upgrade, typically application specific +upgrade info to be included on-chain such as a git commit that validators could +automatically upgrade to. + +#### Sidecar Process + +If an operator running the application binary also runs a sidecar process to assist +in the automatic download and upgrade of a binary, the `Info` allows this process to +be seamless. This tool is [Cosmovisor](https://github.com/cosmos/cosmos-sdk/tree/main/tools/cosmovisor#readme). + +```go +type Plan struct { + Name string + Height int64 + Info string +} +``` + +### Handler + +The `x/upgrade` module facilitates upgrading from major version X to major version Y. To +accomplish this, node operators must first upgrade their current binary to a new +binary that has a corresponding `Handler` for the new version Y. It is assumed that +this version has fully been tested and approved by the community at large. This +`Handler` defines what state migrations need to occur before the new binary Y +can successfully run the chain. Naturally, this `Handler` is application specific +and not defined on a per-module basis. Registering a `Handler` is done via +`Keeper#SetUpgradeHandler` in the application. + +```go +type UpgradeHandler func(Context, Plan, VersionMap) (VersionMap, error) +``` + +During each `EndBlock` execution, the `x/upgrade` module checks if there exists a +`Plan` that should execute (is scheduled at that height). If so, the corresponding +`Handler` is executed. If the `Plan` is expected to execute but no `Handler` is registered +or if the binary was upgraded too early, the node will gracefully panic and exit. + +### StoreLoader + +The `x/upgrade` module also facilitates store migrations as part of the upgrade. The +`StoreLoader` sets the migrations that need to occur before the new binary can +successfully run the chain. This `StoreLoader` is also application specific and +not defined on a per-module basis. Registering this `StoreLoader` is done via +`app#SetStoreLoader` in the application. + +```go +func UpgradeStoreLoader (upgradeHeight int64, storeUpgrades *store.StoreUpgrades) baseapp.StoreLoader +``` + +If there's a planned upgrade and the upgrade height is reached, the old binary writes `Plan` to the disk before panicking. + +This information is critical to ensure the `StoreUpgrades` happens smoothly at correct height and +expected upgrade. It eliminiates the chances for the new binary to execute `StoreUpgrades` multiple +times everytime on restart. Also if there are multiple upgrades planned on same height, the `Name` +will ensure these `StoreUpgrades` takes place only in planned upgrade handler. + +### Proposal + +Typically, a `Plan` is proposed and submitted through governance via a proposal +containing a `MsgSoftwareUpgrade` message. +This proposal prescribes to the standard governance process. If the proposal passes, +the `Plan`, which targets a specific `Handler`, is persisted and scheduled. The +upgrade can be delayed or hastened by updating the `Plan.Height` in a new proposal. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/upgrade/v1beta1/tx.proto#L29-L41 +``` + +#### Cancelling Upgrade Proposals + +Upgrade proposals can be cancelled. There exists a gov-enabled `MsgCancelUpgrade` +message type, which can be embedded in a proposal, voted on and, if passed, will +remove the scheduled upgrade `Plan`. +Of course this requires that the upgrade was known to be a bad idea well before the +upgrade itself, to allow time for a vote. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/upgrade/v1beta1/tx.proto#L48-L57 +``` + +If such a possibility is desired, the upgrade height is to be +`2 * (VotingPeriod + DepositPeriod) + (SafetyDelta)` from the beginning of the +upgrade proposal. The `SafetyDelta` is the time available from the success of an +upgrade proposal and the realization it was a bad idea (due to external social consensus). + +A `MsgCancelUpgrade` proposal can also be made while the original +`MsgSoftwareUpgrade` proposal is still being voted upon, as long as the `VotingPeriod` +ends after the `MsgSoftwareUpgrade` proposal. + +## State + +The internal state of the `x/upgrade` module is relatively minimal and simple. The +state contains the currently active upgrade `Plan` (if one exists) by key +`0x0` and if a `Plan` is marked as "done" by key `0x1`. The state +contains the consensus versions of all app modules in the application. The versions +are stored as big endian `uint64`, and can be accessed with prefix `0x2` appended +by the corresponding module name of type `string`. The state maintains a +`Protocol Version` which can be accessed by key `0x3`. + +* Plan: `0x0 -> Plan` +* Done: `0x1 | byte(plan name) -> BigEndian(Block Height)` +* ConsensusVersion: `0x2 | byte(module name) -> BigEndian(Module Consensus Version)` +* ProtocolVersion: `0x3 -> BigEndian(Protocol Version)` + +The `x/upgrade` module contains no genesis state. + +## Events + +The `x/upgrade` does not emit any events by itself. Any and all proposal related +events are emitted through the `x/gov` module. + +## Client + +### CLI + +A user can query and interact with the `upgrade` module using the CLI. + +#### Query + +The `query` commands allow users to query `upgrade` state. + +```bash +simd query upgrade --help +``` + +##### applied + +The `applied` command allows users to query the block header for height at which a completed upgrade was applied. + +```bash +simd query upgrade applied [upgrade-name] [flags] +``` + +If upgrade-name was previously executed on the chain, this returns the header for the block at which it was applied. +This helps a client determine which binary was valid over a given range of blocks, as well as more context to understand past migrations. + +Example: + +```bash +simd query upgrade applied "test-upgrade" +``` + +Example Output: + +```bash +"block_id": { + "hash": "A769136351786B9034A5F196DC53F7E50FCEB53B48FA0786E1BFC45A0BB646B5", + "parts": { + "total": 1, + "hash": "B13CBD23011C7480E6F11BE4594EE316548648E6A666B3575409F8F16EC6939E" + } + }, + "block_size": "7213", + "header": { + "version": { + "block": "11" + }, + "chain_id": "testnet-2", + "height": "455200", + "time": "2021-04-10T04:37:57.085493838Z", + "last_block_id": { + "hash": "0E8AD9309C2DC411DF98217AF59E044A0E1CCEAE7C0338417A70338DF50F4783", + "parts": { + "total": 1, + "hash": "8FE572A48CD10BC2CBB02653CA04CA247A0F6830FF19DC972F64D339A355E77D" + } + }, + "last_commit_hash": "DE890239416A19E6164C2076B837CC1D7F7822FC214F305616725F11D2533140", + "data_hash": "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855", + "validators_hash": "A31047ADE54AE9072EE2A12FF260A8990BA4C39F903EAF5636B50D58DBA72582", + "next_validators_hash": "A31047ADE54AE9072EE2A12FF260A8990BA4C39F903EAF5636B50D58DBA72582", + "consensus_hash": "048091BC7DDC283F77BFBF91D73C44DA58C3DF8A9CBC867405D8B7F3DAADA22F", + "app_hash": "28ECC486AFC332BA6CC976706DBDE87E7D32441375E3F10FD084CD4BAF0DA021", + "last_results_hash": "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855", + "evidence_hash": "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855", + "proposer_address": "2ABC4854B1A1C5AA8403C4EA853A81ACA901CC76" + }, + "num_txs": "0" +} +``` + +##### module versions + +The `module_versions` command gets a list of module names and their respective consensus versions. + +Following the command with a specific module name will return only +that module's information. + +```bash +simd query upgrade module_versions [optional module_name] [flags] +``` + +Example: + +```bash +simd query upgrade module_versions +``` + +Example Output: + +```bash +module_versions: +- name: auth + version: "2" +- name: authz + version: "1" +- name: bank + version: "2" +- name: crisis + version: "1" +- name: distribution + version: "2" +- name: evidence + version: "1" +- name: feegrant + version: "1" +- name: genutil + version: "1" +- name: gov + version: "2" +- name: ibc + version: "2" +- name: mint + version: "1" +- name: params + version: "1" +- name: slashing + version: "2" +- name: staking + version: "2" +- name: transfer + version: "1" +- name: upgrade + version: "1" +- name: vesting + version: "1" +``` + +Example: + +```bash +regen query upgrade module_versions ibc +``` + +Example Output: + +```bash +module_versions: +- name: ibc + version: "2" +``` + +##### plan + +The `plan` command gets the currently scheduled upgrade plan, if one exists. + +```bash +regen query upgrade plan [flags] +``` + +Example: + +```bash +simd query upgrade plan +``` + +Example Output: + +```bash +height: "130" +info: "" +name: test-upgrade +time: "0001-01-01T00:00:00Z" +upgraded_client_state: null +``` + +#### Transactions + +The upgrade module supports the following transactions: + +* `software-proposal` - submits an upgrade proposal: + +```bash +simd tx upgrade software-upgrade v2 --title="Test Proposal" --summary="testing" --deposit="100000000stake" --upgrade-height 1000000 \ +--upgrade-info '{ "binaries": { "linux/amd64":"https://example.com/simd.zip?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f" } }' --from cosmos1.. +``` + +* `cancel-software-upgrade` - cancels a previously submitted upgrade proposal: + +```bash +simd tx upgrade cancel-software-upgrade --title="Test Proposal" --summary="testing" --deposit="100000000stake" --from cosmos1.. +``` + +### REST + +A user can query the `upgrade` module using REST endpoints. + +#### Applied Plan + +`AppliedPlan` queries a previously applied upgrade plan by its name. + +```bash +/cosmos/upgrade/v1beta1/applied_plan/{name} +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/upgrade/v1beta1/applied_plan/v2.0-upgrade" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "height": "30" +} +``` + +#### Current Plan + +`CurrentPlan` queries the current upgrade plan. + +```bash +/cosmos/upgrade/v1beta1/current_plan +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/upgrade/v1beta1/current_plan" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "plan": "v2.1-upgrade" +} +``` + +#### Module versions + +`ModuleVersions` queries the list of module versions from state. + +```bash +/cosmos/upgrade/v1beta1/module_versions +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/upgrade/v1beta1/module_versions" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "module_versions": [ + { + "name": "auth", + "version": "2" + }, + { + "name": "authz", + "version": "1" + }, + { + "name": "bank", + "version": "2" + }, + { + "name": "crisis", + "version": "1" + }, + { + "name": "distribution", + "version": "2" + }, + { + "name": "evidence", + "version": "1" + }, + { + "name": "feegrant", + "version": "1" + }, + { + "name": "genutil", + "version": "1" + }, + { + "name": "gov", + "version": "2" + }, + { + "name": "ibc", + "version": "2" + }, + { + "name": "mint", + "version": "1" + }, + { + "name": "params", + "version": "1" + }, + { + "name": "slashing", + "version": "2" + }, + { + "name": "staking", + "version": "2" + }, + { + "name": "transfer", + "version": "1" + }, + { + "name": "upgrade", + "version": "1" + }, + { + "name": "vesting", + "version": "1" + } + ] +} +``` + +### gRPC + +A user can query the `upgrade` module using gRPC endpoints. + +#### Applied Plan + +`AppliedPlan` queries a previously applied upgrade plan by its name. + +```bash +cosmos.upgrade.v1beta1.Query/AppliedPlan +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"name":"v2.0-upgrade"}' \ + localhost:9090 \ + cosmos.upgrade.v1beta1.Query/AppliedPlan +``` + +Example Output: + +```bash +{ + "height": "30" +} +``` + +#### Current Plan + +`CurrentPlan` queries the current upgrade plan. + +```bash +cosmos.upgrade.v1beta1.Query/CurrentPlan +``` + +Example: + +```bash +grpcurl -plaintext localhost:9090 cosmos.slashing.v1beta1.Query/CurrentPlan +``` + +Example Output: + +```bash +{ + "plan": "v2.1-upgrade" +} +``` + +#### Module versions + +`ModuleVersions` queries the list of module versions from state. + +```bash +cosmos.upgrade.v1beta1.Query/ModuleVersions +``` + +Example: + +```bash +grpcurl -plaintext localhost:9090 cosmos.slashing.v1beta1.Query/ModuleVersions +``` + +Example Output: + +```bash +{ + "module_versions": [ + { + "name": "auth", + "version": "2" + }, + { + "name": "authz", + "version": "1" + }, + { + "name": "bank", + "version": "2" + }, + { + "name": "crisis", + "version": "1" + }, + { + "name": "distribution", + "version": "2" + }, + { + "name": "evidence", + "version": "1" + }, + { + "name": "feegrant", + "version": "1" + }, + { + "name": "genutil", + "version": "1" + }, + { + "name": "gov", + "version": "2" + }, + { + "name": "ibc", + "version": "2" + }, + { + "name": "mint", + "version": "1" + }, + { + "name": "params", + "version": "1" + }, + { + "name": "slashing", + "version": "2" + }, + { + "name": "staking", + "version": "2" + }, + { + "name": "transfer", + "version": "1" + }, + { + "name": "upgrade", + "version": "1" + }, + { + "name": "vesting", + "version": "1" + } + ] +} +``` + +## Resources + +A list of (external) resources to learn more about the `x/upgrade` module. + +* [Cosmos Dev Series: Cosmos Blockchain Upgrade](https://medium.com/web3-surfers/cosmos-dev-series-cosmos-sdk-based-blockchain-upgrade-b5e99181554c) - The blog post that explains how software upgrades work in detail. diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/packages/01-depinject.md b/copy-of-sdk-versioned_docs/version-0.47/build/packages/01-depinject.md new file mode 100644 index 00000000..258e1e0b --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/packages/01-depinject.md @@ -0,0 +1,187 @@ +--- +sidebar_position: 1 +--- + +# Depinject + +> **DISCLAIMER**: This is a **beta** package. The SDK team is actively working on this feature and we are looking for feedback from the community. Please try it out and let us know what you think. + +## Overview + +`depinject` is a dependency injection (DI) framework for the Cosmos SDK, designed to streamline the process of building and configuring blockchain applications. It works in conjunction with the `core/appconfig` module to replace the majority of boilerplate code in `app.go` with a configuration file in Go, YAML, or JSON format. + +`depinject` is particularly useful for developing blockchain applications: + +* With multiple interdependent components, modules, or services. Helping manage their dependencies effectively. +* That require decoupling of these components, making it easier to test, modify, or replace individual parts without affecting the entire system. +* That are wanting to simplify the setup and initialisation of modules and their dependencies by reducing boilerplate code and automating dependency management. + +By using `depinject`, developers can achieve: + +* Cleaner and more organised code. +* Improved modularity and maintainability. +* A more maintainable and modular structure for their blockchain applications, ultimately enhancing development velocity and code quality. + +* [Go Doc](https://pkg.go.dev/cosmossdk.io/depinject) + +## Usage + +The `depinject` framework, based on dependency injection concepts, streamlines the management of dependencies within your blockchain application using its Configuration API. This API offers a set of functions and methods to create easy to use configurations, making it simple to define, modify, and access dependencies and their relationships. + +A core component of the [Configuration API](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/depinject#Config) is the `Provide` function, which allows you to register provider functions that supply dependencies. Inspired by constructor injection, these provider functions form the basis of the dependency tree, enabling the management and resolution of dependencies in a structured and maintainable manner. Additionally, `depinject` supports interface types as inputs to provider functions, offering flexibility and decoupling between components, similar to interface injection concepts. + +By leveraging `depinject` and its Configuration API, you can efficiently handle dependencies in your blockchain application, ensuring a clean, modular, and well-organised codebase. + +Example: + +```go +package main + +import ( + "fmt" + + "cosmossdk.io/depinject" +) + +type AnotherInt int + +func main() { + var ( + x int + y AnotherInt + ) + + fmt.Printf("Before (%v, %v)\n", x, y) + depinject.Inject( + depinject.Provide( + func() int { return 1 }, + func() AnotherInt { return AnotherInt(2) }, + ), + &x, + &y, + ) + fmt.Printf("After (%v, %v)\n", x, y) +} +``` + +In this example, `depinject.Provide` registers two provider functions that return `int` and `AnotherInt` values. The `depinject.Inject` function is then used to inject these values into the variables `x` and `y`. + +Provider functions serve as the basis for the dependency tree. They are analysed to identify their inputs as dependencies and their outputs as dependents. These dependents can either be used by another provider function or be stored outside the DI container (e.g., `&x` and `&y` in the example above). + +### Interface type resolution + +`depinject` supports the use of interface types as inputs to provider functions, which helps decouple dependencies between modules. This approach is particularly useful for managing complex systems with multiple modules, such as the Cosmos SDK, where dependencies need to be flexible and maintainable. + +For example, `x/bank` expects an [AccountKeeper](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/x/bank/types#AccountKeeper) interface as [input to ProvideModule](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/bank/module.go#L208-L260). `SimApp` uses the implementation in `x/auth`, but the modular design allows for easy changes to the implementation if needed. + +Consider the following example: + +```go +package duck + +type Duck interface { + quack() +} + +type AlsoDuck interface { + quack() +} + +type Mallard struct{} +type Canvasback struct{} + +func (duck Mallard) quack() {} +func (duck Canvasback) quack() {} + +type Pond struct { + Duck AlsoDuck +} +``` + +In this example, there's a `Pond` struct that has a `Duck` field of type `AlsoDuck`. The `depinject` framework can automatically resolve the appropriate implementation when there's only one available, as shown below: + +```go +var pond Pond + +depinject.Inject( + depinject.Provide( + func() Mallard { return Mallard{} }, + func(duck Duck) Pond { + return Pond{Duck: duck} + }), + &pond) +``` + +This code snippet results in the `Duck` field of `Pond` being implicitly bound to the `Mallard` implementation because it's the only implementation of the `Duck` interface in the container. + +However, if there are multiple implementations of the `Duck` interface, as in the following example, you'll encounter an error: + +```go +var pond Pond + +depinject.Inject( + depinject.Provide( + func() Mallard { return Mallard{} }, + func() Canvasback { return Canvasback{} }, + func(duck Duck) Pond { + return Pond{Duck: duck} + }), + &pond) +``` + +A specific binding preference for `Duck` is required. + +#### `BindInterface` API + +In the above situation registering a binding for a given interface binding may look like: + +```go +depinject.Inject( + depinject.Configs( + depinject.BindInterface( + "duck.Duck", + "duck.Mallard"), + depinject.Provide( + func() Mallard { return Mallard{} }, + func() Canvasback { return Canvasback{} }, + func(duck Duck) APond { + return Pond{Duck: duck} + })), + &pond) +``` + +Now `depinject` has enough information to provide `Mallard` as an input to `APond`. + +### Full example in real app + +:::warning +When using `depinject.Inject`, the injected types must be pointers. +::: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/app_v2.go#L219-L244 +``` + +## Debugging + +Issues with resolving dependencies in the container can be done with logs and [Graphviz](https://graphviz.org) renderings of the container tree. +By default, whenever there is an error, logs will be printed to stderr and a rendering of the dependency graph in Graphviz DOT format will be saved to `debug_container.dot`. + +Here is an example Graphviz rendering of a successful build of a dependency graph: +![Graphviz Example](https://raw.githubusercontent.com/cosmos/cosmos-sdk/ff39d243d421442b400befcd959ec3ccd2525154/depinject/testdata/example.svg) + +Rectangles represent functions, ovals represent types, rounded rectangles represent modules and the single hexagon +represents the function which called `Build`. Black-colored shapes mark functions and types that were called/resolved +without an error. Gray-colored nodes mark functions and types that could have been called/resolved in the container but +were left unused. + +Here is an example Graphviz rendering of a dependency graph build which failed: +![Graphviz Error Example](https://raw.githubusercontent.com/cosmos/cosmos-sdk/ff39d243d421442b400befcd959ec3ccd2525154/depinject/testdata/example_error.svg) + +Graphviz DOT files can be converted into SVG's for viewing in a web browser using the `dot` command-line tool, ex: + +```txt +dot -Tsvg debug_container.dot > debug_container.svg +``` + +Many other tools including some IDEs support working with DOT files. diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/packages/02-collections.md b/copy-of-sdk-versioned_docs/version-0.47/build/packages/02-collections.md new file mode 100644 index 00000000..fc74594e --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/packages/02-collections.md @@ -0,0 +1,1119 @@ +# Collections + +Collections is a library meant to simplify the experience with respect to module state handling. + +Cosmos SDK modules handle their state using the `KVStore` interface. The problem with working with +`KVStore` is that it forces you to think of state as a bytes KV pairings when in reality the majority of +state comes from complex concrete golang objects (strings, ints, structs, etc.). + +Collections allows you to work with state as if they were normal golang objects and removes the need +for you to think of your state as raw bytes in your code. + +It also allows you to migrate your existing state without causing any state breakage that forces you into +tedious and complex chain state migrations. + +## Installation + +To install collections in your cosmos-sdk chain project, run the following command: + +```shell +go get cosmossdk.io/collections +``` + +## Core types + +Collections offers 5 different APIs to work with state, which will be explored in the next sections, these APIs are: +- ``Map``: to work with typed arbitrary KV pairings. +- ``KeySet``: to work with just typed keys +- ``Item``: to work with just one typed value +- ``Sequence``: which is a monotonically increasing number. +- ``IndexedMap``: which combines ``Map`` and `KeySet` to provide a `Map` with indexing capabilities. + +## Preliminary components + +Before exploring the different collections types and their capability it is necessary to introduce +the three components that every collection shares. In fact when instantiating a collection type by doing, for example, +```collections.NewMap/collections.NewItem/...``` you will find yourself having to pass them some common arguments. + +For example, in code: + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + sdk "github.com/cosmos/cosmos-sdk/types" +) + +var AllowListPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + AllowList collections.KeySet[string] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + + return Keeper{ + AllowList: collections.NewKeySet(sb, AllowListPrefix, "allow_list", collections.StringKey), + } +} + +``` + +Let's analyse the shared arguments, what they do, and why we need them. + +### SchemaBuilder + +The first argument passed is the ``SchemaBuilder`` + +`SchemaBuilder` is a structure that keeps track of all the state of a module, it is not required by the collections + to deal with state but it offers a dynamic and reflective way for clients to explore a module's state. + +We instantiate a ``SchemaBuilder`` by passing it a function that given the modules store key returns the module's specific store. + +We then need to pass the schema builder to every collection type we instantiate in our keeper, in our case the `AllowList`. + +### Prefix + +The second argument passed to our ``KeySet`` is a `collections.Prefix`, a prefix represents a partition of the module's `KVStore` +where all the state of a specific collection will be saved. + +Since a module can have multiple collections, the following is expected: +- module params will become a `collections.Item` +- the `AllowList` is a `collections.KeySet` + +We don't want a collection to write over the state of the other collection so we pass it a prefix, which defines a storage +partition owned by the collection. + +If you already built modules, the prefix translates to the items you were creating in your ``types/keys.go`` file, example: https://github.com/cosmos/cosmos-sdk/blob/main/x/feegrant/key.go#L27 + +your old: +```go +var ( + // FeeAllowanceKeyPrefix is the set of the kvstore for fee allowance data + // - 0x00: allowance + FeeAllowanceKeyPrefix = []byte{0x00} + + // FeeAllowanceQueueKeyPrefix is the set of the kvstore for fee allowance keys data + // - 0x01: + FeeAllowanceQueueKeyPrefix = []byte{0x01} +) +``` +becomes: +```go +var ( + // FeeAllowanceKeyPrefix is the set of the kvstore for fee allowance data + // - 0x00: allowance + FeeAllowanceKeyPrefix = collections.NewPrefix(0) + + // FeeAllowanceQueueKeyPrefix is the set of the kvstore for fee allowance keys data + // - 0x01: + FeeAllowanceQueueKeyPrefix = collections.NewPrefix(1) +) +``` + +#### Rules + +``collections.NewPrefix`` accepts either `uint8`, `string` or `[]bytes` it's good practice to use an always increasing `uint8`for disk space efficiency. + +A collection **MUST NOT** share the same prefix as another collection in the same module, and a collection prefix **MUST NEVER** start with the same prefix as another, examples: + +```go +prefix1 := collections.NewPrefix("prefix") +prefix2 := collections.NewPrefix("prefix") // THIS IS BAD! +``` + +```go +prefix1 := collections.NewPrefix("a") +prefix2 := collections.NewPrefix("aa") // prefix2 starts with the same as prefix1: BAD!!! +``` +### Human-Readable Name + +The third parameter we pass to a collection is a string, which is a human-readable name. +It is needed to make the role of a collection understandable by clients who have no clue about +what a module is storing in state. + +#### Rules + +Each collection in a module **MUST** have a unique humanised name. + +## Key and Value Codecs + +A collection is generic over the type you can use as keys or values. +This makes collections dumb, but also means that hypothetically we can store everything +that can be a go type into a collection. We are not bounded to any type of encoding (be it proto, json or whatever) + +So a collection needs to be given a way to understand how to convert your keys and values to bytes. +This is achieved through ``KeyCodec`` and `ValueCodec`, which are arguments that you pass to your +collections when you're instantiating them using the ```collections.NewMap/collections.NewItem/...``` +instantiation functions. + +NOTE: Generally speaking you will never be required to implement your own ``Key/ValueCodec`` as +the SDK and collections libraries already come with default, safe and fast implementation of those. +You might need to implement them only if you're migrating to collections and there are state layout incompatibilities. + +Let's explore an example: + +````go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + sdk "github.com/cosmos/cosmos-sdk/types" +) + +var IDsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + IDs collections.Map[string, uint64] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + + return Keeper{ + IDs: collections.NewMap(sb, IDsPrefix, "ids", collections.StringKey, collections.Uint64Value), + } +} +```` + +We're now instantiating a map where the key is string and the value is `uint64`. +We already know the first three arguments of the ``NewMap`` function. + +The fourth parameter is our `KeyCodec`, we know that the ``Map`` has `string` as key so we pass it a `KeyCodec` that handles strings as keys. + +The fifth parameter is our `ValueCodec`, we know that the `Map` as a `uint64` as value so we pass it a `ValueCodec` that handles uint64. + +Collections already comes with all the required implementations for golang primitive types. + +Let's make another example, this falls closer to what we build using cosmos SDK, let's say we want +to create a `collections.Map` that maps account addresses to their base account. So we want to map an `sdk.AccAddress` to an `auth.BaseAccount` (which is a proto): + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts collections.Map[sdk.AccAddress, authtypes.BaseAccount] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewMap(sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollValue[authtypes.BaseAccount](cdc)), + } +} +``` + +As we can see here since our `collections.Map` maps `sdk.AccAddress` to `authtypes.BaseAccount`, +we use the `sdk.AccAddressKey` which is the `KeyCodec` implementation for `AccAddress` and we use `codec.CollValue` to +encode our proto type `BaseAccount`. + +Generally speaking you will always find the respective key and value codecs for types in the `go.mod` path you're using +to import that type. If you want to encode proto values refer to the codec `codec.CollValue` function, which allows you +to encode any type implement the `proto.Message` interface. + +## Map + +We analyse the first and most important collection type, the ``collections.Map``. +This is the type that everything else builds on top of. + +### Use case + +A `collections.Map` is used to map arbitrary keys with arbitrary values. + +### Example + +It's easier to explain a `collections.Map` capabilities through an example: + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "fmt" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts collections.Map[sdk.AccAddress, authtypes.BaseAccount] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewMap(sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollValue[authtypes.BaseAccount](cdc)), + } +} + +func (k Keeper) CreateAccount(ctx sdk.Context, addr sdk.AccAddress, account authtypes.BaseAccount) error { + has, err := k.Accounts.Has(ctx, addr) + if err != nil { + return err + } + if has { + return fmt.Errorf("account already exists: %s", addr) + } + + err = k.Accounts.Set(ctx, addr, account) + if err != nil { + return err + } + return nil +} + +func (k Keeper) GetAccount(ctx sdk.Context, addr sdk.AccAddress) (authtypes.BaseAccount, error) { + acc, err := k.Accounts.Get(ctx, addr) + if err != nil { + return authtypes.BaseAccount{}, err + } + + return acc, nil +} + +func (k Keeper) RemoveAccount(ctx sdk.Context, addr sdk.AccAddress) error { + err := k.Accounts.Remove(ctx, addr) + if err != nil { + return err + } + return nil +} +``` + +#### Set method + +Set maps with the provided `AccAddress` (the key) to the `auth.BaseAccount` (the value). + +Under the hood the `collections.Map` will convert the key and value to bytes using the [key and value codec](README.md#key-and-value-codecs). +It will prepend to our bytes key the [prefix](README.md#prefix) and store it in the KVStore of the module. + +#### Has method + +The has method reports if the provided key exists in the store. + +#### Get method + +The get method accepts the `AccAddress` and returns the associated `auth.BaseAccount` if it exists, otherwise it errors. + +#### Remove method + +The remove method accepts the `AccAddress` and removes it from the store. It won't report errors +if it does not exist, to check for existence before removal use the ``Has`` method. + +#### Iteration + +Iteration has a separate section. + +## KeySet + +The second type of collection is `collections.KeySet`, as the word suggests it maintains +only a set of keys without values. + +#### Implementation curiosity + +A `collections.KeySet` is just a `collections.Map` with a `key` but no value. +The value internally is always the same and is represented as an empty byte slice ```[]byte{}```. + +### Example + +As always we explore the collection type through an example: + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "fmt" + sdk "github.com/cosmos/cosmos-sdk/types" +) + +var ValidatorsSetPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + ValidatorsSet collections.KeySet[sdk.ValAddress] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + ValidatorsSet: collections.NewKeySet(sb, ValidatorsSetPrefix, "validators_set", sdk.ValAddressKey), + } +} + +func (k Keeper) AddValidator(ctx sdk.Context, validator sdk.ValAddress) error { + has, err := k.ValidatorsSet.Has(ctx, validator) + if err != nil { + return err + } + if has { + return fmt.Errorf("validator already in set: %s", validator) + } + + err = k.ValidatorsSet.Set(ctx, validator) + if err != nil { + return err + } + + return nil +} + +func (k Keeper) RemoveValidator(ctx sdk.Context, validator sdk.ValAddress) error { + err := k.ValidatorsSet.Remove(ctx, validator) + if err != nil { + return err + } + return nil +} +``` +The first difference we notice is that `KeySet` needs use to specify only one type parameter: the key (`sdk.ValAddress` in this case). +The second difference we notice is that `KeySet` in its `NewKeySet` function does not require +us to specify a `ValueCodec` but only a `KeyCodec`. This is because a `KeySet` only saves keys and not values. + +Let's explore the methods. + +#### Has method + +Has allows us to understand if a key is present in the `collections.KeySet` or not, functions in the same way as `collections.Map.Has +` + +#### Set method + +Set inserts the provided key in the `KeySet`. + +#### Remove method + +Remove removes the provided key from the `KeySet`, it does not error if the key does not exist, +if existence check before removal is required it needs to be coupled with the `Has` method. + +## Item + +The third type of collection is the `collections.Item`. +It stores only one single item, it's useful for example for parameters, there's only one instance +of parameters in state always. + +#### implementation curiosity + +A `collections.Item` is just a `collections.Map` with no key but just a value. +The key is the prefix of the collection! + +### Example + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types" +) + +var ParamsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Params collections.Item[stakingtypes.Params] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Params: collections.NewItem(sb, ParamsPrefix, "params", codec.CollValue[stakingtypes.Params](cdc)), + } +} + +func (k Keeper) UpdateParams(ctx sdk.Context, params stakingtypes.Params) error { + err := k.Params.Set(ctx, params) + if err != nil { + return err + } + return nil +} + +func (k Keeper) GetParams(ctx sdk.Context) (stakingtypes.Params, error) { + return k.Params.Get(ctx) +} +``` + +The first key difference we notice is that we specify only one type parameter, which is the value we're storing. +The second key difference is that we don't specify the `KeyCodec`, since we store only one item we already know the key +and the fact that it is constant. + +## Iteration + +One of the key features of the ``KVStore`` is iterating over keys. + +Collections which deal with keys (so `Map`, `KeySet` and `IndexedMap`) allow you to iterate +over keys in a safe and typed way. They all share the same API, the only difference being +that ``KeySet`` returns a different type of `Iterator` because `KeySet` only deals with keys. + +:::note + +Every collection shares the same `Iterator` semantics. + +::: + +Let's have a look at the `Map.Iterate` method: + +```go +func (m Map[K, V]) Iterate(ctx context.Context, ranger Ranger[K]) (Iterator[K, V], error) +``` + +It accepts a `collections.Ranger[K]`, which is an API that instructs map on how to iterate over keys. +As always we don't need to implement anything here as `collections` already provides some generic `Ranger` implementers +that expose all you need to work with ranges. + +### Example + +We have a `collections.Map` that maps accounts using `uint64` IDs. + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts collections.Map[uint64, authtypes.BaseAccount] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewMap(sb, AccountsPrefix, "accounts", collections.Uint64Key, codec.CollValue[authtypes.BaseAccount](cdc)), + } +} + +func (k Keeper) GetAllAccounts(ctx sdk.Context) ([]authtypes.BaseAccount, error) { + // passing a nil Ranger equals to: iterate over every possible key + iter, err := k.Accounts.Iterate(ctx, nil) + if err != nil { + return nil, err + } + accounts, err := iter.Values() + if err != nil { + return nil, err + } + + return accounts, err +} + +func (k Keeper) IterateAccountsBetween(ctx sdk.Context, start, end uint64) ([]authtypes.BaseAccount, error) { + // The collections.Range API offers a lot of capability + // like defining where the iteration starts or ends. + rng := new(collections.Range[uint64]). + StartInclusive(start). + EndExclusive(end). + Descending() + + iter, err := k.Accounts.Iterate(ctx, rng) + if err != nil { + return nil, err + } + accounts, err := iter.Values() + if err != nil { + return nil, err + } + + return accounts, nil +} + +func (k Keeper) IterateAccounts(ctx sdk.Context, do func(id uint64, acc authtypes.BaseAccount) (stop bool)) error { + iter, err := k.Accounts.Iterate(ctx, nil) + if err != nil { + return err + } + defer iter.Close() + + for ; iter.Valid(); iter.Next() { + kv, err := iter.KeyValue() + if err != nil { + return err + } + + if do(kv.Key, kv.Value) { + break + } + } + return nil +} +``` + +Let's analyse each method in the example and how it makes use of the `Iterate` and the returned `Iterator` API. + +#### GetAllAccounts + +In `GetAllAccounts` we pass to our `Iterate` a nil `Ranger`. This means that the returned `Iterator` will include +all the existing keys within the collection. + +Then we use some the `Values` method from the returned `Iterator` API to collect all the values into a slice. + +`Iterator` offers other methods such as `Keys()` to collect only the keys and not the values and `KeyValues` to collect +all the keys and values. + + +#### IterateAccountsBetween + +Here we make use of the `collections.Range` helper to specialise our range. +We make it start in a point through `StartInclusive` and end in the other with `EndExclusive`, then +we instruct it to report us results in reverse order through `Descending` + +Then we pass the range instruction to `Iterate` and get an `Iterator`, which will contain only the results +we specified in the range. + +Then we use again th `Values` method of the `Iterator` to collect all the results. + +`collections.Range` also offers a `Prefix` API which is not appliable to all keys types, +for example uint64 cannot be prefix because it is of constant size, but a `string` key +can be prefixed. + +#### IterateAccounts + +Here we showcase how to lazily collect values from an Iterator. + +:::note + +`Keys/Values/KeyValues` fully consume and close the `Iterator`, here we need to explicitly do a `defer iterator.Close()` call. + +::: + +`Iterator` also exposes a `Value` and `Key` method to collect only the current value or key, if collecting both is not needed. + +:::note + +For this `callback` pattern, collections expose a `Walk` API. + +::: + +## Composite keys + +So far we've worked only with simple keys, like `uint64`, the account address, etc. +There are some more complex cases in, which we need to deal with composite keys. + +A key is composite when it is composed of multiple keys, for example bank balances as stored as the composite key +`(AccAddress, string)` where the first part is the address holding the coins and the second part is the denom. + +Example, let's say address `BOB` holds `10atom,15osmo`, this is how it is stored in state: + +``` +(bob, atom) => 10 +(bob, osmos) => 15 +``` + +Now this allows to efficiently get a specific denom balance of an address, by simply `getting` `(address, denom)`, or getting all the balances +of an address by prefixing over `(address)`. + +Let's see now how we can work with composite keys using collections. + +### Example + +In our example we will show-case how we can use collections when we are dealing with balances, similar to bank, +a balance is a mapping between `(address, denom) => math.Int` the composite key in our case is `(address, denom)`. + +## Instantiation of a composite key collection + +```go +package collections + +import ( + "cosmossdk.io/collections" + "cosmossdk.io/math" + storetypes "cosmossdk.io/store/types" + sdk "github.com/cosmos/cosmos-sdk/types" +) + + +var BalancesPrefix = collections.NewPrefix(1) + +type Keeper struct { + Schema collections.Schema + Balances collections.Map[collections.Pair[sdk.AccAddress, string], math.Int] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Balances: collections.NewMap( + sb, BalancesPrefix, "balances", + collections.PairKeyCodec(sdk.AccAddressKey, collections.StringKey), + math.IntValue, + ), + } +} +``` + +#### The Map Key definition + +First of all we can see that in order to define a composite key of two elements we use the `collections.Pair` type: +````go +collections.Map[collections.Pair[sdk.AccAddress, string], math.Int] +```` + +`collections.Pair` defines a key composed of two other keys, in our case the first part is `sdk.AccAddress`, the second +part is `string`. + +#### The Key Codec instantiation + +The arguments to instantiate are always the same, the only thing that changes is how we instantiate +the ``KeyCodec``, since this key is composed of two keys we use `collections.PairKeyCodec`, which generates +a `KeyCodec` composed of two key codecs. The first one will encode the first part of the key, the second one will +encode the second part of the key. + + +### Working with composite key collections + +Let's expand on the example we used before: + +````go +var BalancesPrefix = collections.NewPrefix(1) + +type Keeper struct { + Schema collections.Schema + Balances collections.Map[collections.Pair[sdk.AccAddress, string], math.Int] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Balances: collections.NewMap( + sb, BalancesPrefix, "balances", + collections.PairKeyCodec(sdk.AccAddressKey, collections.StringKey), + math.IntValue, + ), + } +} + +func (k Keeper) SetBalance(ctx sdk.Context, address sdk.AccAddress, denom string, amount math.Int) error { + key := collections.Join(address, denom) + return k.Balances.Set(ctx, key, amount) +} + +func (k Keeper) GetBalance(ctx sdk.Context, address sdk.AccAddress, denom string) (math.Int, error) { + return k.Balances.Get(ctx, collections.Join(address, denom)) +} + +func (k Keeper) GetAllAddressBalances(ctx sdk.Context, address sdk.AccAddress) (sdk.Coins, error) { + balances := sdk.NewCoins() + + rng := collections.NewPrefixedPairRange[sdk.AccAddress, string](address) + + iter, err := k.Balances.Iterate(ctx, rng) + if err != nil { + return nil, err + } + + kvs, err := iter.KeyValues() + if err != nil { + return nil, err + } + + for _, kv := range kvs { + balances = balances.Add(sdk.NewCoin(kv.Key.K2(), kv.Value)) + } + return balances, nil +} + +func (k Keeper) GetAllAddressBalancesBetween(ctx sdk.Context, address sdk.AccAddress, startDenom, endDenom string) (sdk.Coins, error) { + rng := collections.NewPrefixedPairRange[sdk.AccAddress, string](address). + StartInclusive(startDenom). + EndInclusive(endDenom) + + iter, err := k.Balances.Iterate(ctx, rng) + if err != nil { + return nil, err + } + ... +} +```` + +#### SetBalance + +As we can see here we're setting the balance of an address for a specific denom. +We use the `collections.Join` function to generate the composite key. +`collections.Join` returns a `collections.Pair` (which is the key of our `collections.Map`) + +`collections.Pair` contains the two keys we have joined, it also exposes two methods: `K1` to fetch the 1st part of the +key and `K2` to fetch the second part. + +As always, we use the `collections.Map.Set` method to map the composite key to our value (`math.Int`in this case) + +#### GetBalance + +To get a value in composite key collection, we simply use `collections.Join` to compose the key. + +#### GetAllAddressBalances + +We use `collections.PrefixedPairRange` to iterate over all the keys starting with the provided address. +Concretely the iteration will report all the balances belonging to the provided address. + +The first part is that we instantiate a `PrefixedPairRange`, which is a `Ranger` implementer aimed to help +in `Pair` keys iterations. + +```go + rng := collections.NewPrefixedPairRange[sdk.AccAddress, string](address) +``` + +As we can see here we're passing the type parameters of the `collections.Pair` because golang type inference +with respect to generics is not as permissive as other languages, so we need to explitly say what are the types of the pair key. + +#### GetAllAddressesBalancesBetween + +This showcases how we can further specialise our range to limit the results further, by specifying +the range between the second part of the key (in our case the denoms, which are strings). + +## IndexedMap + +`collections.IndexedMap` is a collection that uses under the hood a `collections.Map`, and has a struct, which contains the indexes that we need to define. + +### Example + +Let's say we have an `auth.BaseAccount` struct which looks like the following: + +```go +type BaseAccount struct { + AccountNumber uint64 `protobuf:"varint,3,opt,name=account_number,json=accountNumber,proto3" json:"account_number,omitempty"` + Sequence uint64 `protobuf:"varint,4,opt,name=sequence,proto3" json:"sequence,omitempty"` +} +``` + +First of all, when we save our accounts in state we map them using a primary key `sdk.AccAddress`. +If it were to be a `collections.Map` it would be `collections.Map[sdk.AccAddres, authtypes.BaseAccount]`. + +Then we also want to be able to get an account not only by its `sdk.AccAddress`, but also by its `AccountNumber`. + +So we can say we want to create an `Index` that maps our `BaseAccount` to its `AccountNumber`. + +We also know that this `Index` is unique. Unique means that there can only be one `BaseAccount` that maps to a specific +`AccountNumber`. + +First of all, we start by defining the object that contains our index: + +```go +var AccountsNumberIndexPrefix = collections.NewPrefix(1) + +type AccountsIndexes struct { + Number *indexes.Unique[uint64, sdk.AccAddress, authtypes.BaseAccount] +} + +func (a AccountsIndexes) IndexesList() []collections.Index[sdk.AccAddress, authtypes.BaseAccount] { + return []collections.Index[sdk.AccAddress, authtypes.BaseAccount]{a.Number} +} + +func NewAccountIndexes(sb *collections.SchemaBuilder) AccountsIndexes { + return AccountsIndexes{ + Number: indexes.NewUnique( + sb, AccountsNumberIndexPrefix, "accounts_by_number", + collections.Uint64Key, sdk.AccAddressKey, + func(_ sdk.AccAddress, v authtypes.BaseAccount) (uint64, error) { + return v.AccountNumber, nil + }, + ), + } +} +``` + +We create an `AccountIndexes` struct which contains a field: `Number`. This field represents our `AccountNumber` index. +`AccountNumber` is a field of `authtypes.BaseAccount` and it's a `uint64`. + +Then we can see in our `AccountIndexes` struct the `Number` field is defined as: + +```go +*indexes.Unique[uint64, sdk.AccAddress, authtypes.BaseAccount] +``` + +Where the first type parameter is `uint64`, which is the field type of our index. +The second type parameter is the primary key `sdk.AccAddress` +And the third type parameter is the actual object we're storing `authtypes.BaseAccount`. + +Then we implement a function called `IndexesList` on our `AccountIndexes` struct, this will be used +by the `IndexedMap` to keep the underlying map in sync with the indexes, in our case `Number`. +This function just needs to return the slice of indexes contained in the struct. + +Then we create a `NewAccountIndexes` function that instantiates and returns the `AccountsIndexes` struct. + +The function takes a `SchemaBuilder`. Then we instantiate our `indexes.Unique`, let's analyse the arguments we pass to +`indexes.NewUnique`. + +#### Instantiating a `indexes.Unique` + +The first three arguments, we already know them, they are: `SchemaBuilder`, `Prefix` which is our index prefix (the partition +where index keys relationship for the `Number` index will be maintained), and the human name for the `Number` index. + +The second argument is a `collections.Uint64Key` which is a key codec to deal with `uint64` keys, we pass that because +the key we're trying to index is a `uint64` key (the account number), and then we pass as fifth argument the primary key codec, +which in our case is `sdk.AccAddress` (remember: we're mapping `sdk.AccAddress` => `BaseAccount`). + +Then as last parameter we pass a function that: given the `BaseAccount` returns its `AccountNumber`. + +After this we can proceed instantiating our `IndexedMap`. + +```go +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts *collections.IndexedMap[sdk.AccAddress, authtypes.BaseAccount, AccountsIndexes] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewIndexedMap( + sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollValue[authtypes.BaseAccount](cdc), + NewAccountIndexes(sb), + ), + } +} +``` + +As we can see here what we do, for now, is the same thing as we did for `collections.Map`. +We pass it the `SchemaBuilder`, the `Prefix` where we plan to store the mapping between `sdk.AccAddress` and `authtypes.BaseAccount`, +the human name and the respective `sdk.AccAddress` key codec and `authtypes.BaseAccount` value codec. + +Then we pass the instantiation of our `AccountIndexes` through `NewAccountIndexes`. + +Full example: + +```go +package docs + +import ( + "cosmossdk.io/collections" + "cosmossdk.io/collections/indexes" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsNumberIndexPrefix = collections.NewPrefix(1) + +type AccountsIndexes struct { + Number *indexes.Unique[uint64, sdk.AccAddress, authtypes.BaseAccount] +} + +func (a AccountsIndexes) IndexesList() []collections.Index[sdk.AccAddress, authtypes.BaseAccount] { + return []collections.Index[sdk.AccAddress, authtypes.BaseAccount]{a.Number} +} + +func NewAccountIndexes(sb *collections.SchemaBuilder) AccountsIndexes { + return AccountsIndexes{ + Number: indexes.NewUnique( + sb, AccountsNumberIndexPrefix, "accounts_by_number", + collections.Uint64Key, sdk.AccAddressKey, + func(_ sdk.AccAddress, v authtypes.BaseAccount) (uint64, error) { + return v.AccountNumber, nil + }, + ), + } +} + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts *collections.IndexedMap[sdk.AccAddress, authtypes.BaseAccount, AccountsIndexes] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewIndexedMap( + sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollValue[authtypes.BaseAccount](cdc), + NewAccountIndexes(sb), + ), + } +} +``` + +### Working with IndexedMaps + +Whilst instantiating `collections.IndexedMap` is tedious, working with them is extremely smooth. + +Let's take the full example, and expand it with some use-cases. + +```go +package docs + +import ( + "cosmossdk.io/collections" + "cosmossdk.io/collections/indexes" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsNumberIndexPrefix = collections.NewPrefix(1) + +type AccountsIndexes struct { + Number *indexes.Unique[uint64, sdk.AccAddress, authtypes.BaseAccount] +} + +func (a AccountsIndexes) IndexesList() []collections.Index[sdk.AccAddress, authtypes.BaseAccount] { + return []collections.Index[sdk.AccAddress, authtypes.BaseAccount]{a.Number} +} + +func NewAccountIndexes(sb *collections.SchemaBuilder) AccountsIndexes { + return AccountsIndexes{ + Number: indexes.NewUnique( + sb, AccountsNumberIndexPrefix, "accounts_by_number", + collections.Uint64Key, sdk.AccAddressKey, + func(_ sdk.AccAddress, v authtypes.BaseAccount) (uint64, error) { + return v.AccountNumber, nil + }, + ), + } +} + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts *collections.IndexedMap[sdk.AccAddress, authtypes.BaseAccount, AccountsIndexes] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewIndexedMap( + sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollValue[authtypes.BaseAccount](cdc), + NewAccountIndexes(sb), + ), + } +} + +func (k Keeper) CreateAccount(ctx sdk.Context, addr sdk.AccAddress) error { + nextAccountNumber := k.getNextAccountNumber() + + newAcc := authtypes.BaseAccount{ + AccountNumber: nextAccountNumber, + Sequence: 0, + } + + return k.Accounts.Set(ctx, addr, newAcc) +} + +func (k Keeper) RemoveAccount(ctx sdk.Context, addr sdk.AccAddress) error { + return k.Accounts.Remove(ctx, addr) +} + +func (k Keeper) GetAccountByNumber(ctx sdk.Context, accNumber uint64) (sdk.AccAddress, authtypes.BaseAccount, error) { + accAddress, err := k.Accounts.Indexes.Number.MatchExact(ctx, accNumber) + if err != nil { + return nil, authtypes.BaseAccount{}, err + } + + acc, err := k.Accounts.Get(ctx, accAddress) + return accAddress, acc, nil +} + +func (k Keeper) GetAccountsByNumber(ctx sdk.Context, startAccNum, endAccNum uint64) ([]authtypes.BaseAccount, error) { + rng := new(collections.Range[uint64]). + StartInclusive(startAccNum). + EndInclusive(endAccNum) + + iter, err := k.Accounts.Indexes.Number.Iterate(ctx, rng) + if err != nil { + return nil, err + } + + return indexes.CollectValues(ctx, k.Accounts, iter) +} + + +func (k Keeper) getNextAccountNumber() uint64 { + return 0 +} +``` + +## Collections with interfaces as values + +Although cosmos-sdk is shifting away from the usage of interface registry, there are still some places where it is used. +In order to support old code, we have to support collections with interface values. + +The generic `codec.CollValue` is not able to handle interface values, so we need to use a special type `codec.CollValueInterface`. +`codec.CollValueInterface` takes a `codec.BinaryCodec` as an argument, and uses it to marshal and unmarshal values as interfaces. +The `codec.CollValueInterface` lives in the `codec` package, whose import path is `github.com/cosmos/cosmos-sdk/codec`. + +### Instantiating Collections with interface values + +In order to instantiate a collection with interface values, we need to use `codec.CollValueInterface` instead of `codec.CollValue`. + +```go +package example + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts *collections.Map[sdk.AccAddress, sdk.AccountI] +} + +func NewKeeper(cdc codec.BinaryCodec, storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewMap( + sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollInterfaceValue[sdk.AccountI](cdc), + ), + } +} + +func (k Keeper) SaveBaseAccount(ctx sdk.Context, account authtypes.BaseAccount) error { + return k.Accounts.Set(ctx, account.GetAddress(), account) +} + +func (k Keeper) SaveModuleAccount(ctx sdk.Context, account authtypes.ModuleAccount) error { + return k.Accounts.Set(ctx, account.GetAddress(), account) +} + +func (k Keeper) GetAccount(ctx sdk.context, addr sdk.AccAddress) (sdk.AccountI, error) { + return k.Accounts.Get(ctx, addr) +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/packages/03-orm.md b/copy-of-sdk-versioned_docs/version-0.47/build/packages/03-orm.md new file mode 100644 index 00000000..14bc84b8 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/packages/03-orm.md @@ -0,0 +1,329 @@ +# ORM + +The Cosmos SDK ORM is a state management library that provides a rich, but opinionated set of tools for managing a +module's state. It provides support for: + +* type safe management of state +* multipart keys +* secondary indexes +* unique indexes +* easy prefix and range queries +* automatic genesis import/export +* automatic query services for clients, including support for light client proofs (still in development) +* indexing state data in external databases (still in development) + +## Design and Philosophy + +The ORM's data model is inspired by the relational data model found in SQL databases. The core abstraction is a table +with a primary key and optional secondary indexes. + +Because the Cosmos SDK uses protobuf as its encoding layer, ORM tables are defined directly in .proto files using +protobuf options. Each table is defined by a single protobuf `message` type and a schema of multiple tables is +represented by a single .proto file. + +Table structure is specified in the same file where messages are defined in order to make it easy to focus on better +design of the state layer. Because blockchain state layout is part of the public API for clients (TODO: link to docs on +light client proofs), it is important to think about the state layout as being part of the public API of a module. +Changing the state layout actually breaks clients, so it is ideal to think through it carefully up front and to aim for +a design that will eliminate or minimize breaking changes down the road. Also, good design of state enables building +more performant and sophisticated applications. Providing users with a set of tools inspired by relational databases +which have a long history of database design best practices and allowing schema to be specified declaratively in a +single place are design choices the ORM makes to enable better design and more durable APIs. + +Also, by only supporting the table abstraction as opposed to key-value pair maps, it is easy to add to new +columns/fields to any data structure without causing a breaking change and the data structures can easily be indexed in +any off-the-shelf SQL database for more sophisticated queries. + +The encoding of fields in keys is designed to support ordered iteration for all protobuf primitive field types +except for `bytes` as well as the well-known types `google.protobuf.Timestamp` and `google.protobuf.Duration`. Encodings +are optimized for storage space when it makes sense (see the documentation in `cosmos/orm/v1/orm.proto` for more details) +and table rows do not use extra storage space to store key fields in the value. + +We recommend that users of the ORM attempt to follow database design best practices such as +[normalization](https://en.wikipedia.org/wiki/Database_normalization) (at least 1NF). +For instance, defining `repeated` fields in a table is considered an anti-pattern because breaks first normal form (1NF). +Although we support `repeated` fields in tables, they cannot be used as key fields for this reason. This may seem +restrictive but years of best practice (and also experience in the SDK) have shown that following this pattern +leads to easier to maintain schemas. + +To illustrate the motivation for these principles with an example from the SDK, historically balances were stored +as a mapping from account -> map of denom to amount. This did not scale well because an account with 100 token balances +needed to be encoded/decoded every time a single coin balance changed. Now balances are stored as account,denom -> amount +as in the example above. With the ORM's data model, if we wanted to add a new field to `Balance` such as +`unlocked_balance` (if vesting accounts were redesigned in this way), it would be easy to add it to this table without +requiring a data migration. Because of the ORM's optimizations, the account and denom are only stored in the key part +of storage and not in the value leading to both a flexible data model and efficient usage of storage. + +## Defining Tables + +To define a table: + +1) create a .proto file to describe the module's state (naming it `state.proto` is recommended for consistency), +and import "cosmos/orm/v1/orm.proto", ex: + +```protobuf +syntax = "proto3"; +package bank_example; + +import "cosmos/orm/v1/orm.proto"; +``` + +2) define a `message` for the table, ex: + +```protobuf +message Balance { + bytes account = 1; + string denom = 2; + uint64 balance = 3; +} +``` + +3) add the `cosmos.orm.v1.table` option to the table and give the table an `id` unique within this .proto file: + +```protobuf +message Balance { + option (cosmos.orm.v1.table) = { + id: 1 + }; + + bytes account = 1; + string denom = 2; + uint64 balance = 3; +} +``` + +4) define the primary key field or fields, as a comma-separated list of the fields from the message which should make +up the primary key: + +```protobuf +message Balance { + option (cosmos.orm.v1.table) = { + id: 1 + primary_key: { fields: "account,denom" } + }; + + bytes account = 1; + string denom = 2; + uint64 balance = 3; +} +``` + +5) add any desired secondary indexes by specifying an `id` unique within the table and a comma-separate list of the +index fields: + +```protobuf +message Balance { + option (cosmos.orm.v1.table) = { + id: 1; + primary_key: { fields: "account,denom" } + index: { id: 1 fields: "denom" } // this allows querying for the accounts which own a denom + }; + + bytes account = 1; + string denom = 2; + uint64 amount = 3; +} +``` + +### Auto-incrementing Primary Keys + +A common pattern in SDK modules and in database design is to define tables with a single integer `id` field with an +automatically generated primary key. In the ORM we can do this by setting the `auto_increment` option to `true` on the +primary key, ex: + +```protobuf +message Account { + option (cosmos.orm.v1.table) = { + id: 2; + primary_key: { fields: "id", auto_increment: true } + }; + + uint64 id = 1; + bytes address = 2; +} +``` + +### Unique Indexes + +A unique index can be added by setting the `unique` option to `true` on an index, ex: + +```protobuf +message Account { + option (cosmos.orm.v1.table) = { + id: 2; + primary_key: { fields: "id", auto_increment: true } + index: {id: 1, fields: "address", unique: true} + }; + + uint64 id = 1; + bytes address = 2; +} +``` + +### Singletons + +The ORM also supports a special type of table with only one row called a `singleton`. This can be used for storing +module parameters. Singletons only need to define a unique `id` and that cannot conflict with the id of other +tables or singletons in the same .proto file. Ex: + +```protobuf +message Params { + option (cosmos.orm.v1.singleton) = { + id: 3; + }; + + google.protobuf.Duration voting_period = 1; + uint64 min_threshold = 2; +} +``` + +## Running Codegen + +NOTE: the ORM will only work with protobuf code that implements the [google.golang.org/protobuf](https://pkg.go.dev/google.golang.org/protobuf) +API. That means it will not work with code generated using gogo-proto. + +To install the ORM's code generator, run: + +```shell +go install cosmossdk.io/orm/cmd/protoc-gen-go-cosmos-orm@latest +``` + +The recommended way to run the code generator is to use [buf build](https://docs.buf.build/build/usage). +This is an example `buf.gen.yaml` that runs `protoc-gen-go`, `protoc-gen-go-grpc` and `protoc-gen-go-cosmos-orm` +using buf managed mode: + +```yaml +version: v1 +managed: + enabled: true + go_package_prefix: + default: foo.bar/api # the go package prefix of your package + override: + buf.build/cosmos/cosmos-sdk: cosmossdk.io/api # required to import the Cosmos SDK api module +plugins: + - name: go + out: . + opt: paths=source_relative + - name: go-grpc + out: . + opt: paths=source_relative + - name: go-cosmos-orm + out: . + opt: paths=source_relative +``` + +## Using the ORM in a module + +### Initialization + +To use the ORM in a module, first create a `ModuleSchemaDescriptor`. This tells the ORM which .proto files have defined +an ORM schema and assigns them all a unique non-zero id. Ex: + +```go +var MyModuleSchema = &ormv1alpha1.ModuleSchemaDescriptor{ + SchemaFile: []*ormv1alpha1.ModuleSchemaDescriptor_FileEntry{ + { + Id: 1, + ProtoFileName: mymodule.File_my_module_state_proto.Path(), + }, + }, +} +``` + +In the ORM generated code for a file named `state.proto`, there should be an interface `StateStore` that got generated +with a constructor `NewStateStore` that takes a parameter of type `ormdb.ModuleDB`. Add a reference to `StateStore` +to your module's keeper struct. Ex: + +```go +type Keeper struct { + db StateStore +} +``` + +Then instantiate the `StateStore` instance via an `ormdb.ModuleDB` that is instantiated from the `SchemaDescriptor` +above and one or more store services from `cosmossdk.io/core/store`. Ex: + +```go +func NewKeeper(storeService store.KVStoreService) (*Keeper, error) { + modDb, err := ormdb.NewModuleDB(MyModuleSchema, ormdb.ModuleDBOptions{KVStoreService: storeService}) + if err != nil { + return nil, err + } + db, err := NewStateStore(modDb) + if err != nil { + return nil, err + } + return Keeper{db: db}, nil +} +``` + +### Using the generated code + +The generated code for the ORM contains methods for inserting, updating, deleting and querying table entries. +For each table in a .proto file, there is a type-safe table interface implemented in generated code. For instance, +for a table named `Balance` there should be a `BalanceTable` interface that looks like this: + +```go +type BalanceTable interface { + Insert(ctx context.Context, balance *Balance) error + Update(ctx context.Context, balance *Balance) error + Save(ctx context.Context, balance *Balance) error + Delete(ctx context.Context, balance *Balance) error + Has(ctx context.Context, acocunt []byte, denom string) (found bool, err error) + // Get returns nil and an error which responds true to ormerrors.IsNotFound() if the record was not found. + Get(ctx context.Context, acocunt []byte, denom string) (*Balance, error) + List(ctx context.Context, prefixKey BalanceIndexKey, opts ...ormlist.Option) (BalanceIterator, error) + ListRange(ctx context.Context, from, to BalanceIndexKey, opts ...ormlist.Option) (BalanceIterator, error) + DeleteBy(ctx context.Context, prefixKey BalanceIndexKey) error + DeleteRange(ctx context.Context, from, to BalanceIndexKey) error + + doNotImplement() +} +``` + +This `BalanceTable` should be accessible from the `StateStore` interface (assuming our file is named `state.proto`) +via a `BalanceTable()` accessor method. If all the above example tables/singletons were in the same `state.proto`, +then `StateStore` would get generated like this: + +```go +type BankStore interface { + BalanceTable() BalanceTable + AccountTable() AccountTable + ParamsTable() ParamsTable + + doNotImplement() +} +``` + +So to work with the `BalanceTable` in a keeper method we could use code like this: + +```go +func (k keeper) AddBalance(ctx context.Context, acct []byte, denom string, amount uint64) error { + balance, err := k.db.BalanceTable().Get(ctx, acct, denom) + if err != nil && !ormerrors.IsNotFound(err) { + return err + } + + if balance == nil { + balance = &Balance{ + Account: acct, + Denom: denom, + Amount: amount, + } + } else { + balance.Amount = balance.Amount + amount + } + + return k.db.BalanceTable().Save(ctx, balance) +} +``` + +`List` methods take `IndexKey` parameters. For instance, `BalanceTable.List` takes `BalanceIndexKey`. `BalanceIndexKey` +let's represent index keys for the different indexes (primary and secondary) on the `Balance` table. The primary key +in the `Balance` table gets a struct `BalanceAccountDenomIndexKey` and the first index gets an index key `BalanceDenomIndexKey`. +If we wanted to list all the denoms and amounts that an account holds, we would use `BalanceAccountDenomIndexKey` +with a `List` query just on the account prefix. Ex: + +```go +it, err := keeper.db.BalanceTable().List(ctx, BalanceAccountDenomIndexKey{}.WithAccount(acct)) +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/packages/README.md b/copy-of-sdk-versioned_docs/version-0.47/build/packages/README.md new file mode 100644 index 00000000..7132b413 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/packages/README.md @@ -0,0 +1,39 @@ +--- +sidebar_position: 0 +--- + +# Packages + +The Cosmos SDK is a collection of Go modules. This section provides documentation on various packages that can used when developing a Cosmos SDK chain. +It lists all standalone Go modules that are part of the Cosmos SDK. + +:::tip +For more information on SDK modules, see the [SDK Modules](https://docs.cosmos.network/main/modules) section. +For more information on SDK tooling, see the [Tooling](https://docs.cosmos.network/main/tooling) section. +::: + +## Core + +* [Core](https://pkg.go.dev/cosmossdk.io/core) - Core library defining SDK interfaces ([ADR-063](https://docs.cosmos.network/main/architecture/adr-063-core-module-api)) +* [API](https://pkg.go.dev/cosmossdk.io/api) - API library containing generated SDK Pulsar API +* [Store](https://pkg.go.dev/cosmossdk.io/store) - Implementation of the Cosmos SDK store + +## State Management + +* [Collections](02-collections.md) - State management library +* [ORM](03-orm.md) - State management library + +## Automation + +* [Depinject](01-depinject.md) - Dependency injection framework +* [Client/v2](https://pkg.go.dev/cosmossdk.io/client/v2) - Library powering [AutoCLI](https://docs.cosmos.network/main/building-modules/autocli) + +## Utilities + +* [Log](https://pkg.go.dev/cosmossdk.io/log) - Logging library +* [Errors](https://pkg.go.dev/cosmossdk.io/errors) - Error handling library +* [Math](https://pkg.go.dev/cosmossdk.io/math) - Math library for SDK arithmetic operations + +## Example + +* [SimApp](https://pkg.go.dev/cosmossdk.io/simapp) - SimApp is **the** sample Cosmos SDK chain. This package should not be imported in your application. diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/packages/_category_.json b/copy-of-sdk-versioned_docs/version-0.47/build/packages/_category_.json new file mode 100644 index 00000000..e91118d3 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/packages/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Packages", + "position": 9, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/rfc/PROCESS.md b/copy-of-sdk-versioned_docs/version-0.47/build/rfc/PROCESS.md new file mode 100644 index 00000000..71b0c7ce --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/rfc/PROCESS.md @@ -0,0 +1,62 @@ +# RFC Creation Process + +1. Copy the `rfc-template.md` file. Use the following filename pattern: `rfc-next_number-title.md` +2. Create a draft Pull Request if you want to get an early feedback. +3. Make sure the context and a solution is clear and well documented. +4. Add an entry to a list in the [README](README.md) file. +5. Create a Pull Request to propose a new ADR. + +## What is an RFC? + +An RFC is a sort of async whiteboarding session. It is meant to replace the need for a distributed team to come together to make a decision. Currently, the Cosmos SDK team and contributors are distributed around the world. The team conducts working groups to have a synchronous discussion and an RFC can be used to capture the discussion for a wider audience to better understand the changes that are coming to the software. + +The main difference the Cosmos SDK is defining as a differentiation between RFC and ADRs is that one is to come to consensus and circulate information about a potential change or feature. An ADR is used if there is already consensus on a feature or change and there is not a need to articulate the change coming to the software. An ADR will articulate the changes and have a lower amount of communication . + +## RFC life cycle + +RFC creation is an **iterative** process. An RFC is meant as a distributed colloboration session, it may have many comments and is usually the bi-product of no working group or synchornous communication + +1. Proposals could start with a new GitHub Issue, be a result of existing Issues or a discussion. + +2. An RFC doesn't have to arrive to `main` with an _accepted_ status in a single PR. If the motivation is clear and the solution is sound, we SHOULD be able to merge it and keep a _proposed_ status. It's preferable to have an iterative approach rather than long, not merged Pull Requests. + +3. If a _proposed_ RFC is merged, then it should clearly document outstanding issues either in the RFC document notes or in a GitHub Issue. + +4. The PR SHOULD always be merged. In the case of a faulty RFC, we still prefer to merge it with a _rejected_ status. The only time the RFC SHOULD NOT be merged is if the author abandons it. + +5. Merged RFCs SHOULD NOT be pruned. + +6. If there is consensus and enough feedback then the RFC can be accepted. + +> Note: An RFC is written when there is no working group or team session on the problem. RFC's are meant as a distributed white boarding session. If there is a working group on the proposal there is no need to have an RFC as there is synchornous whiteboarding going on. + +### RFC status + +Status has two components: + +```text +{CONSENSUS STATUS} +``` + +#### Consensus Status + +```text +DRAFT -> PROPOSED -> LAST CALL yyyy-mm-dd -> ACCEPTED | REJECTED -> SUPERSEDED by ADR-xxx + \ | + \ | + v v + ABANDONED +``` + +* `DRAFT`: [optional] an ADR which is work in progress, not being ready for a general review. This is to present an early work and get an early feedback in a Draft Pull Request form. +* `PROPOSED`: an ADR covering a full solution architecture and still in the review - project stakeholders haven't reached an agreed yet. +* `LAST CALL `: [optional] clear notify that we are close to accept updates. Changing a status to `LAST CALL` means that social consensus (of Cosmos SDK maintainers) has been reached and we still want to give it a time to let the community react or analyze. +* `ACCEPTED`: ADR which will represent a currently implemented or to be implemented architecture design. +* `REJECTED`: ADR can go from PROPOSED or ACCEPTED to rejected if the consensus among project stakeholders will decide so. +* `SUPERSEEDED by ADR-xxx`: ADR which has been superseded by a new ADR. +* `ABANDONED`: the ADR is no longer pursued by the original authors. + +## Language used in RFC + +* The background/goal should be written in the present tense. +* Avoid using a first, personal form. diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/rfc/README.md b/copy-of-sdk-versioned_docs/version-0.47/build/rfc/README.md new file mode 100644 index 00000000..40559b62 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/rfc/README.md @@ -0,0 +1,34 @@ +--- +sidebar_position: 1 +--- + +# Requests for Comments + +A Request for Comments (RFC) is a record of discussion on an open-ended topic +related to the design and implementation of the Cosmos SDK, for which no +immediate decision is required. + +The purpose of an RFC is to serve as a historical record of a high-level +discussion that might otherwise only be recorded in an ad-hoc way (for example, +via gists or Google docs) that are difficult to discover for someone after the +fact. An RFC _may_ give rise to more specific architectural _decisions_ for +the Cosmos SDK, but those decisions must be recorded separately in +[Architecture Decision Records (ADR)](../architecture/README.md). + +As a rule of thumb, if you can articulate a specific question that needs to be +answered, write an ADR. If you need to explore the topic and get input from +others to know what questions need to be answered, an RFC may be appropriate. + +## RFC Content + +An RFC should provide: + +* A **changelog**, documenting when and how the RFC has changed. +* An **abstract**, briefly summarizing the topic so the reader can quickly tell + whether it is relevant to their interest. +* Any **background** a reader will need to understand and participate in the + substance of the discussion (links to other documents are fine here). +* The **discussion**, the primary content of the document. + +The [rfc-template.md](rfc-template.md) file includes placeholders for these +sections. diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/rfc/_category_.json b/copy-of-sdk-versioned_docs/version-0.47/build/rfc/_category_.json new file mode 100644 index 00000000..40fac982 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/rfc/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "RFCs", + "position": 12, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/rfc/rfc-001-tx-validation.md b/copy-of-sdk-versioned_docs/version-0.47/build/rfc/rfc-001-tx-validation.md new file mode 100644 index 00000000..923e1c72 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/rfc/rfc-001-tx-validation.md @@ -0,0 +1,25 @@ +# RFC 001: Transaction Validation + +## Changelog + +* 2023-03-12: Proposed + +## Background + +Transation Validation is crucial to a functioning state machine. Within the Cosmos SDK there are two validation flows, one is outside the message server and the other within. The flow outside of the message server is the `ValidateBasic` function. It is called in the antehandler on both `CheckTx` and `DeliverTx`. There is an overhead and sometimes duplication of validation within these two flows. This extra validation provides an additional check before entering the mempool. + +With the deprecation of [`GetSigners`](https://github.com/cosmos/cosmos-sdk/issues/11275) we have the optionality to remove [sdk.Msg](https://github.com/cosmos/cosmos-sdk/blob/16a5404f8e00ddcf8857c8a55dca2f7c109c29bc/types/tx_msg.go#L16) and the `ValidateBasic` function. + +With the separation of CometBFT and Cosmos-SDK, there is a lack of control of what transactions get broadcasted and included in a block. This extra validation in the antehandler is meant to help in this case. In most cases the transaction is or should be simulated against a node for validation. With this flow transactions will be treated the same. + +## Proposal + +The acceptance of this RFC would move validation within `ValidateBasic` to the message server in modules, update tutorials and docs to remove mention of using `ValidateBasic` in favour of handling all validation for a message where it is executed. + +We can and will still support the `Validatebasic` function for users and provide an extension interface of the function once `sdk.Msg` is depreacted. + +> Note: This is how messages are handled in VMs like Ethereum and CosmWasm. + +### Consequences + +The consequence of updating the transaction flow is that transaction that may have failed before with the `ValidateBasic` flow will now be included in a block and fees charged. diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/rfc/rfc-template.md b/copy-of-sdk-versioned_docs/version-0.47/build/rfc/rfc-template.md new file mode 100644 index 00000000..417a795d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/rfc/rfc-template.md @@ -0,0 +1,83 @@ +# RFC {RFC-NUMBER}: {TITLE} + +## Changelog + +* {date}: {changelog} + +## Background + +> The next section is the "Background" section. This section should be at least two paragraphs and can take up to a whole +> page in some cases. The guiding goal of the background section is: as a newcomer to this project (new employee, team +> transfer), can I read the background section and follow any links to get the full context of why this change is +> necessary? +> +> If you can't show a random engineer the background section and have them acquire nearly full context on the necessity +> for the RFC, then the background section is not full enough. To help achieve this, link to prior RFCs, discussions, and +> more here as necessary to provide context so you don't have to simply repeat yourself. + + +## Proposal + +> The next required section is "Proposal" or "Goal". Given the background above, this section proposes a solution. +> This should be an overview of the "how" for the solution, but for details further sections will be used. + + +## Abandoned Ideas (Optional) + +> As RFCs evolve, it is common that there are ideas that are abandoned. Rather than simply deleting them from the +> document, you should try to organize them into sections that make it clear they're abandoned while explaining why they +> were abandoned. +> +> When sharing your RFC with others or having someone look back on your RFC in the future, it is common to walk the same +> path and fall into the same pitfalls that we've since matured from. Abandoned ideas are a way to recognize that path +> and explain the pitfalls and why they were abandoned. + +## Descision + +> This section describes alternative designs to the chosen design. This section +> is important and if an adr does not have any alternatives then it should be +> considered that the ADR was not thought through. + +## Consequences (optional) + +> This section describes the resulting context, after applying the decision. All +> consequences should be listed here, not just the "positive" ones. A particular +> decision may have positive, negative, and neutral consequences, but all of them +> affect the team and project in the future. + +### Backwards Compatibility + +> All ADRs that introduce backwards incompatibilities must include a section +> describing these incompatibilities and their severity. The ADR must explain +> how the author proposes to deal with these incompatibilities. ADR submissions +> without a sufficient backwards compatibility treatise may be rejected outright. + +### Positive + +> {positive consequences} + +### Negative + +> {negative consequences} + +### Neutral + +> {neutral consequences} + + + +### References + +> Links to external materials needed to follow the discussion may be added here. +> +> In addition, if the discussion in a request for comments leads to any design +> decisions, it may be helpful to add links to the ADR documents here after the +> discussion has settled. + +## Discussion + +> This section contains the core of the discussion. +> +> There is no fixed format for this section, but ideally changes to this +> section should be updated before merging to reflect any discussion that took +> place on the PR that made those changes. diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/spec/SPEC_MODULE.md b/copy-of-sdk-versioned_docs/version-0.47/build/spec/SPEC_MODULE.md new file mode 100644 index 00000000..1b5e5d5d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/spec/SPEC_MODULE.md @@ -0,0 +1,60 @@ +# Specification of Modules + +This file intends to outline the common structure for specifications within +this directory. + +## Tense + +For consistency, specs should be written in passive present tense. + +## Pseudo-Code + +Generally, pseudo-code should be minimized throughout the spec. Often, simple +bulleted-lists which describe a function's operations are sufficient and should +be considered preferable. In certain instances, due to the complex nature of +the functionality being described pseudo-code may the most suitable form of +specification. In these cases use of pseudo-code is permissible, but should be +presented in a concise manner, ideally restricted to only the complex +element as a part of a larger description. + +## Common Layout + +The following generalized `README` structure should be used to breakdown +specifications for modules. The following list is nonbinding and all sections are optional. + +* `# {Module Name}` - overview of the module +* `## Concepts` - describe specialized concepts and definitions used throughout the spec +* `## State` - specify and describe structures expected to marshalled into the store, and their keys +* `## State Transitions` - standard state transition operations triggered by hooks, messages, etc. +* `## Messages` - specify message structure(s) and expected state machine behaviour(s) +* `## Begin Block` - specify any begin-block operations +* `## End Block` - specify any end-block operations +* `## Hooks` - describe available hooks to be called by/from this module +* `## Events` - list and describe event tags used +* `## Client` - list and describe CLI commands and gRPC and REST endpoints +* `## Params` - list all module parameters, their types (in JSON) and examples +* `## Future Improvements` - describe future improvements of this module +* `## Tests` - acceptance tests +* `## Appendix` - supplementary details referenced elsewhere within the spec + +### Notation for key-value mapping + +Within `## State` the following notation `->` should be used to describe key to +value mapping: + +```text +key -> value +``` + +to represent byte concatenation the `|` may be used. In addition, encoding +type may be specified, for example: + +```text +0x00 | addressBytes | address2Bytes -> amino(value_object) +``` + +Additionally, index mappings may be specified by mapping to the `nil` value, for example: + +```text +0x01 | address2Bytes | addressBytes -> nil +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/spec/SPEC_STANDARD.md b/copy-of-sdk-versioned_docs/version-0.47/build/spec/SPEC_STANDARD.md new file mode 100644 index 00000000..3608b365 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/spec/SPEC_STANDARD.md @@ -0,0 +1,121 @@ +# What is an SDK standard? + +An SDK standard is a design document describing a particular protocol, standard, or feature expected to be used by the Cosmos SDK. A SDK standard should list the desired properties of the standard, explain the design rationale, and provide a concise but comprehensive technical specification. The primary author is responsible for pushing the proposal through the standardization process, soliciting input and support from the community, and communicating with relevant stakeholders to ensure (social) consensus. + +## Sections + +A SDK standard consists of: + +* a synopsis, +* overview and basic concepts, +* technical specification, +* history log, and +* copyright notice. + +All top-level sections are required. References should be included inline as links, or tabulated at the bottom of the section if necessary. Included sub-sections should be listed in the order specified below. + +### Table Of Contents + +Provide a table of contents at the top of the file to assist readers. + +### Synopsis + +The document should include a brief (~200 word) synopsis providing a high-level description of and rationale for the specification. + +### Overview and basic concepts + +This section should include a motivation sub-section and a definitions sub-section if required: + +* *Motivation* - A rationale for the existence of the proposed feature, or the proposed changes to an existing feature. +* *Definitions* - A list of new terms or concepts utilized in the document or required to understand it. + +### System model and properties + +This section should include an assumptions sub-section if any, the mandatory properties sub-section, and a dependencies sub-section. Note that the first two sub-section are are tightly coupled: how to enforce a property will depend directly on the assumptions made. This sub-section is important to capture the interactions of the specified feature with the "rest-of-the-world", i.e., with other features of the ecosystem. + +* *Assumptions* - A list of any assumptions made by the feature designer. It should capture which features are used by the feature under specification, and what do we expect from them. +* *Properties* - A list of the desired properties or characteristics of the feature specified, and expected effects or failures when the properties are violated. In case it is relevant, it can also include a list of properties that the feature does not guarantee. +* *Dependencies* - A list of the features that use the feature under specification and how. + +### Technical specification + +This is the main section of the document, and should contain protocol documentation, design rationale, required references, and technical details where appropriate. +The section may have any or all of the following sub-sections, as appropriate to the particular specification. The API sub-section is especially encouraged when appropriate. + +* *API* - A detailed description of the features's API. +* *Technical Details* - All technical details including syntax, diagrams, semantics, protocols, data structures, algorithms, and pseudocode as appropriate. The technical specification should be detailed enough such that separate correct implementations of the specification without knowledge of each other are compatible. +* *Backwards Compatibility* - A discussion of compatibility (or lack thereof) with previous feature or protocol versions. +* *Known Issues* - A list of known issues. This sub-section is specially important for specifications of already in-use features. +* *Example Implementation* - A concrete example implementation or description of an expected implementation to serve as the primary reference for implementers. + +### History + +A specification should include a history section, listing any inspiring documents and a plaintext log of significant changes. + +See an example history section [below](#history-1). + +### Copyright + +A specification should include a copyright section waiving rights via [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0). + +## Formatting + +### General + +Specifications must be written in GitHub-flavoured Markdown. + +For a GitHub-flavoured Markdown cheat sheet, see [here](https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet). For a local Markdown renderer, see [here](https://github.com/joeyespo/grip). + +### Language + +Specifications should be written in Simple English, avoiding obscure terminology and unnecessary jargon. For excellent examples of Simple English, please see the [Simple English Wikipedia](https://simple.wikipedia.org/wiki/Main_Page). + +The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in specifications are to be interpreted as described in [RFC 2119](https://tools.ietf.org/html/rfc2119). + +### Pseudocode + +Pseudocode in specifications should be language-agnostic and formatted in a simple imperative standard, with line numbers, variables, simple conditional blocks, for loops, and +English fragments where necessary to explain further functionality such as scheduling timeouts. LaTeX images should be avoided because they are difficult to review in diff form. + +Pseudocode for structs can be written in a simple language like Typescript or golang, as interfaces. + +Example Golang pseudocode struct: + +```go +type CacheKVStore interface { + cache: map[Key]Value + parent: KVStore + deleted: Key +} +``` + +Pseudocode for algorithms should be written in simple Golang, as functions. + +Example pseudocode algorithm: + +```go +func get( + store CacheKVStore, + key Key) Value { + + value = store.cache.get(Key) + if (value !== null) { + return value + } else { + value = store.parent.get(key) + store.cache.set(key, value) + return value + } +} +``` + +## History + +This specification was significantly inspired by and derived from IBC's [ICS](https://github.com/cosmos/ibc/blob/main/spec/ics-001-ics-standard/README.md), which +was in turn derived from Ethereum's [EIP 1](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-1.md). + +Nov 24, 2022 - Initial draft finished and submitted as a PR + +## Copyright + +All content herein is licensed under [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0). diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/spec/_category_.json b/copy-of-sdk-versioned_docs/version-0.47/build/spec/_category_.json new file mode 100644 index 00000000..0f109234 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/spec/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Specifications", + "position": 6, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/spec/addresses/README.md b/copy-of-sdk-versioned_docs/version-0.47/build/spec/addresses/README.md new file mode 100644 index 00000000..af63429d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/spec/addresses/README.md @@ -0,0 +1,3 @@ +# Addresses spec + +* [Bech32](bech32.md) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/spec/addresses/bech32.md b/copy-of-sdk-versioned_docs/version-0.47/build/spec/addresses/bech32.md new file mode 100644 index 00000000..f996f901 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/spec/addresses/bech32.md @@ -0,0 +1,21 @@ +# Bech32 on Cosmos + +The Cosmos network prefers to use the Bech32 address format wherever users must handle binary data. Bech32 encoding provides robust integrity checks on data and the human readable part (HRP) provides contextual hints that can assist UI developers with providing informative error messages. + +In the Cosmos network, keys and addresses may refer to a number of different roles in the network like accounts, validators etc. + +## HRP table + +| HRP | Definition | +| ---------------- | ------------------------------------- | +| cosmos | Cosmos Account Address | +| cosmosvalcons | Cosmos Validator Consensus Address | +| cosmosvaloper | Cosmos Validator Operator Address | + +## Encoding + +While all user facing interfaces to Cosmos software should exposed Bech32 interfaces, many internal interfaces encode binary value in hex or base64 encoded form. + +To covert between other binary representation of addresses and keys, it is important to first apply the Amino encoding process before Bech32 encoding. + +A complete implementation of the Amino serialization format is unnecessary in most cases. Simply prepending bytes from this [table](https://github.com/cometbft/cometbft/blob/main/spec/blockchain/05-encoding.md) to the byte string payload before Bech32 encoding will sufficient for compatible representation. diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/spec/fee_distribution/f1_fee_distr.pdf b/copy-of-sdk-versioned_docs/version-0.47/build/spec/fee_distribution/f1_fee_distr.pdf new file mode 100644 index 0000000000000000000000000000000000000000..b9995386957cb1be5fe5c21551b0645009063045 GIT binary patch literal 185175 zcma&sQn3}=x^TW8fI-42U!FX=@Y09J=ww8$~idyB}M3W`R z=G`Jx?A{G!m=b1l!uMa#&{)1g|78A@xvgyW?^L*-r?G5pP{*!(2Otgzxi!foSI$4B zs%B`Z-VV1$S92rx4X`?Breh2V{B~+;H^ZioL|=gzQ!qy%H|^UFD9jw#Paq<56qv~# zm!{_}8*7NUDV<{%&zANq3QADW{Jet5+&C#;_!8q&Na3iF6<}T0N&KKgPDj%y zi%U_6Gjm}aHXtP4iZHW7das7MC56Lo7};FZs!qLjjyu2KYCe$0*u(en#%z%DF`7%| z9S3V@$L~SRD)1#qIvgcpTzqegqk80yQx8vL{5=Zw!t>^6Tj{%)N|bux&~q_QkT5NS zM#wlbnGyEkjrVwU4?1p>H@|+%{<RWHV~%3?+^)f8c>ss-2ysY?m{@lo#!h9?reBcV%`O}A;n9;X zAxG?kl|b-EX`1jlWNfyeT|jWPOgUS|SDpvX%3Zeu#-miSt*05X;*B-PtH%@1(tO>I zK-u-eGCEh2Y|nF*GP>{f`L#$ZykJj~=T}@wxZMM+HXM1?=^Rn-%|=0I@>QyMN`@v!zKhmw*6#Tk~EQ@(>#(q z4mcvaYU=YBfBr+I?Sq>`>RjWd7*Wb7i~kkl2dKWC0IpJFO1RWJ)yG}u)?7_8 zOcp>;Ad{E=@y_804n%{bpsk2$wV`;-!r+Bw>+^f4)-cPULm8gByfEh2o~;TqfV*)x z0+SCFBV;zn608Ht`b`k3XK*$_nOzgcqpTS}3-CyNmZF*$iQQ7E#LmXz2(jnLz;KTD zI52Oy7@KlFnMV6w&iAU0hqO6QYeMUB5-%_hU%a+bTtFB%-Uki+$58denPI!T=`><& z=imyj!izCY&E2W%Yf^k(8Nm8o_`4y+k7vh78;AmQS=yw@PO_Kti>SOSKO{p~mAJX%ie$CvD$wULu&o9AY$U^$?1{-AQUv z=vmeNL})5$zQBe^p~_QLjyf}%G{V#$-9XgTipnslz#?mDlcW{VV)DpW z#(B5b^p5ki@Jmj$J4cO1dpXQNRqmS_jvRrLC6LJ~FadAYxYRZYlmH%%6j_3Uh$VQ= z9hPZtyAlSUrui7JyyZxM)n`dDsI(@qgCP$WhkPM29r9uxs3Ss42MN2S_tGGP)kK ze>8(|&(WJbwE9KH=8h5LoARTRS8QK1E3=@nW#^d_T_f%4C$_c(fh+?CjI%V(9UmWD^QXuw1&uK=8! z4XqnS{QQ;4w9ll<@}kLIZ4E5)2uWQ2JXJZq-ieqbWd28l_P9DUkdn3-{sC)OTC71JF!BGTs=MlEZ@uFzplFA{%DjO zujBnI7ASs5l?)pBt+s%k!&t}1Rd>?ttq3IJX}WgL4Wx^Gw(ClG8*;>16<)58L0$7i zVlZEixF3Duya;LE5}y=6$wMNX+swZBiJPW(Rf#^`+{HpSaM(KFc4QclxD`%&esFSK8=+VVf*Apylv)eo9R z8VdP7DfEU1&WQR-Qk4@=(p4ojwV%Eqg@Pad_vZkH(rFnOGkeqjZ-@VR{a<%*u>Nm= zurPCS{G!;x_~X8)IOaHxZSEs8D`RSJA&6<|qiD;8aVep$OffgG ze@C8`imgzd!uM>fyj$N15+UE>gNA45}9+a9w$CybrKb%ojPn#F#4Na1(D3VK)+@$H)5p0zZ5IxqIvBSF-Eu1}`vRvB5FleY&uHHaNq^|Lp8n zmkyu56&Ld9&FKyj41|Yxr9Thndyepm;>x(#5YY2|u}zo?Be}S45w;$an>27tPn;xH zuE$kB06Mu|P+9dRL7cjufD6_L@Y!U+pu-Cf#M;d?q7<9m)xBm)y2wf9W3w$UNlC6YMVtzm~ z1(Xi@dibTnW4oajm&yM^#u(>Q;MHcMF300+1tvmb0!GTbe$&v!EVqHDKDnY>;(GyI z;hoJ){zL>8 z@H=agJ`Vm~^m^0|B=h}nyp>8 zz1c5-3}fY|$lhZR`Ixl|+M(9WWOrBKHV4^5_fH@)2s1Q)N9Tw_uMxGHp*AAoE;8}g z(yfgUcDr3S1o|coY9h!s8zYM`--6wPa_cFjKG_iIx!X5U2TT%YSC4@EHSH@e=r-!R z{ndzfge}0li~IJ?Zl49EFdyIh#G`lp?$Uq8I;6od`mGhRF*KQ4c_wyF=M#LtXbjvE zQeMGSN?BPtW9H798C?UWJ@PWkN6^>LoQD64w6J_?fuxA@GRy8RabJ2>SG}FI;~mVK zgYTau-dEwfmxSlRc_?JxUW`a$O?LLqPWnDb-sr}ntg?3#2DtT*ykeB7|2x^N<8!Os z1g>Y1*N^$!@g(0Nm`&3rCIW(6tG-F2U=|e6JvNXC!xn3^jWYw)0N56=h~jlH&9tAT zBHuc%LiSvTN3Z^!doOEK)!(->RG6}h{0}w+qEZ1^HB&XE(MaEgMWruGOhJvADd7ka z;=uLA2Ftr7;CG~o?Rs#?+!$S)eBgc8&O1nbyNI9Dk|sj2e{BVL1Yt2yK1&~i6WD4D zZ*qR;UYtPxbh7sFJa~>yP_edr;E+!rkB>nm21)-!(@=2)&K1e<_ObiXq*1#Fiy2=N zR$*NanLm*=mzG!f1W~&iOCL4k>ZxZvu{`)m?^Y>rCTXAkJbi>Z0qDj}wp|*{&dN_? zp8^9|LGtXtA&lsly~vlgB}yYcCFBHMQ1VBpT_@cZjx&Kgh#SBRG_5$udH6{Jgm_;=WgC$Jx^1;Y&Yx(=8S(dEHzu+BJ z;X#1}&=(A{82NKdMU~EmI57lcrSqhXiK^g{9z=;+JeR0C#m*gARzIXjyAF#G-Xgvc=Yl6pQpA6-A~-fVN@+Y%AAMFBNQYR z+-kMFBiqSSQG~P2?WVT%Ctfk)%?*LQ7nLQLC+-zdZw4taS*9K*meCmk5G_igcIOXi z>p|Uaom9jMM}E96EXvqQEPSSLZ{Ka#I9IU1`(T^GWFB-+s#Pp|h)DznlX8UNa-LhS zARiOufsxPJ;h-$Rt9wg4&#DYV{mQOw5dl`VH8UD}G)*?WlM@m)64!$xx@10rzo+?06C09A~KqD{($W z(!xrY(vR+fSE`=JxGD|h>bSBm$Ma6~>EVi$%%_-CBUJ`r$JvN+b>ry^_26*>PnShr zN4tomSZ$>UG1vUNz<^t!aq6WA>0=^b`?t8*&gO8X6SqjWPTATLqfEkK8zK>AKX}^| z2JR8FW43vvIwZ zIGkh%o{L!#W*PT0bT_4>EG=(bF_K9KKeQ+U!IlU_) z3~yO7e&%+n(Ru%Bj8sw72Dz+{6Lrq;UjX3sF=w#EaMrQ`L;l1vZ(3XqJ{vV^Z<69A zV;Yuz=4@4?Qx<#wV2kOCfS8Te^eZzw;V;zG^ecb;+_m$uB0ZaN!+ zF&>Msp;@p=;g$A0EF)aNgalkL%@?s~U5S}c6O**D=pXUonnSzQ45;>L?t9nFAXp>X zd}FHz8Utp$M+WNm?gQeyLuRBz>ICo64OAQ~5qm?6ASjc4zF(*VkTJ>wnsaA| z%IVrir?W!pfa0b@j8KGWC}SU&A-OL>@#9*7--GQKK^xa*wj4p@ft`zRBMsIzaXmRT zAp5`CF7KIN9cSLjPfrZY@d>O2L!yM3-l{WIAu{GKSA|7}RQkmo6s7xnRV(8gg~vWx zkh8sQz`1qd%_NA?N=?FtFI~sAGG2Ga-ZjEP%g>aYw%8EyPYNmsDhUMW$cLflAPhX7 z=~PnPZh0XBk6=>E{pZw{UPPcke-8wAXYhJ5uD4(nF*!bShNK&B00E1M)WUq>b8-x- zmf;TJz<#(PfAu9T$4S3Cld?Mf*$*4h+2o~{D5)ZH#pCgnK4MP#`J=;Jk{4_jSNd*z}!kTt~D(q+_1n%JjI zp^_W%KbE;dKD~>A`F>3%cQ7K@t?Fx-+!cQ~6fI%alpP_+x+=sPR!NPTZqA2hP0w=UsCyRyM5C5&^nq zLooWJ#@{r^8X016r_S|zlA~#mYHtoCN6@Rdk(lHogZsnc{TfS90ePzXQf}&Xc;&+mR1oSMZ}y z3?N?mMj_CJ(Jxm?!N0)Qj{w^L-ASDPp_7=o*x3KuPHNNEaoAzU@PBK_WI(EoU8i&C z2G^w9vWG1lB-xA$(kr|O;VtH~Wlg5FLg^XsUkF>3WQo3F{}W;A$wh{^5cikov10?% z;8)RBTFIPyTX)|+m5F2_S}y%eILFmR&%s~%r^ThO=j-F&L_>h0wYY8T;)OW#k{eNC zj%;cdbs`aZ*m@2vxvf>!WqQ?_1V%B{thxAc#0+gpj_D4U{SLQf<%#S2w^=s1+VPe3 zwKu_*ny6`tbAq3zp57&|(+>GZmc^99sWw`bm$rX<>{D=-dRCCySn`EUZ(*C*<4{6RcSGU=V#es8 z0c3ua-tleqk_Y`;PtFW2(m10%&m+(uQ10DDVw^-QP)ET=JNZS;r0h?Cfn%#^3za1ye$IhRo9){_}CpxHm#YBt{Jf zGG%D(M&(LjCR{{Xgz7(DFXJT0HgzcqzeM9MRFXe7B82Fh8Ty3Q>|w7j_KCM z03yqOE#3^Ki^Do&VU-HDo&{o0v`_i-z`!G7%(QuQ3GcdRJ zR^=pO_H0_w5IUauWs`1Vf3w8I6llIyqSv!fm_O;F^V|QqMCUt%@td)8qf@|&8i0}X zthOe@ylPh}Pd|NEx|Kh+O#&@POa{s8Wri{4SN4G2HW2xvov!?2Us(2d`1~g?kkAi5 z-v8Wk?z46Ibgskr@;%n|83Ls2TG&NUfDas<0tFaT_I2J!HdH!6oqJ0RK$GHmeKr=T zAB)nhw59&uMo$S#Ar794G=KHBZahnoH}IMtvM$pn$gj@S55A6pD{wBFzIW}%Ve)89 z&Aud&Ymck(Cg{HD;p?DM8rFKd3Q}$-j@K};9fQB6o%cT&xJ5F5vyY*^sJH$`YTwbw zZ_#*4L|KoAB$C0!XFS(ai!k9t4Pnycbj&Bqz~kvR zz1t;Puk}1lUU2!`ZX?r3H?Q{&#w`=mIz%i}y(L(!LFta8UI7~QHrQp2pMqi8A1l?ASPeCi z3!5HU4`O-C<{S%ZIyMkM=#6waVK_%k@eQJBN!&~xJ9`xcYvra3Z}I8yu(kHoI)hO( z;oNsp-xjF9_$fc^%@rKw>GVvOTLjwXSrm!jWnzZWdDtP~i2xF?B$LF@7HZb=rqIHQ z?qc6*JwtX^=Jp*znj~(c@!B2N!{<0-*6Tu--aKJ8*6a#>1WkCrXqkC|>UeTK>VxZ5 z2#1V0nl&=KXRK%ugtd)%aw)Old!%7No1C&Of_~GF`Uod{{i_a*^#!!W>7q)94;Uw) zcwP}7W$9!RcF#|Z&CuY>4>dNMUqgX)s(u9pi^~xioB+7(dk9s7rUN-r)mPtc*<%6M zE-UjQNq7vMXO&ucV&J1ga;^%6#E~da2@l|AM#sfryxtx^biUs4T}We?vcJy+V%iH_ zHm1=|VWeJdj0EZbQhm5g8}*+uhF6e4#~Cz-qZx17Vpp7c_B6iHTc5xn3@K_`+}&A zIfWkoTRkK(0w3#Cal2)BsHW+%%?2M4ad;{*vP`?F5dxgoYeGxR21>>z<=>GWlQE|1 zU*oxv0s}yp6XmPLQvrHpSd%)?FO>>hd?H8CG8>;3Q^R&AJ)U7Se($rkPxQk*iFwN{?LlgmHE*UcIRmHN33Yu(6Fg}@=^?j(9P#;1i&v!KT zjoe(-<^z)7_=CJrM?wn}Auf@9!<3q*A%1YqTe3(}05Po#;aLnQW)-bKX$O(I)FdDe z3lqJB`+Mmdudu<81MTyb5A4B4>oEt;4-_ET@@CV>lyaflqFIyv&fDWYcML2=FaX9& zZe&6~n0(|Cxw)x3N#dhC3j1Ki^-J&^kY+$^TRz{Y0c_P86BSN*T)~vU*%5Vy=piuZl95I%$1~S_feS;?xosC}RM4SMEz3P-*)O3fgQ5-{V^hAYU)R{SDM`CICNK5?fDE7=d6 zg`QrF0EDjLq!#3nDGVsm`56VB4C)uIb?hl&9(z_2RuLN_Di>(gneTSGe}|9kW-`Oh zWG{yXpdMhuE#tzH_V)?IW>NxenpOg(>>7nGNlt~rp%)7MnV?3dG7kIJG=uI0y`6QC z@O%K}0QN8ZI0Us&fvM5wy!>-=2#&hzrs9q3V%WLm?+6bYxs0Fb>&rC3YMx#K7Q7EK zG*@KN!VA&9&`1h=m-W!)&_Ny7*-m<=D>qxQ}l73;f+Hjxk(?riuK z#RYH!*%7)iJ~WpR%T?s=5fMAHO6rBq0P?2s8)7{5T?b3Gj3!Gx_{X!yrEpsf7%2kA z0i8~5wPT^ftsA5yIYdlJ^laaqv}0)Hx^)&l>6><@8&NDXIk-SPoN?RC z$E9DBs{G@6qqoD7dS5s;mTdm~Hs?)zR^o-+D@Wl6qMRyRQzhEdn=WO-1vhMeBV;lD z62BTqsv0jjx1)>3UtLwoL+ejum@qWv81mU^1bYyK+8;Dg-I#d1!zjye?2r6en;3%-LgYUU7=a+i? z8W0ovn@6m!4wF)*`xGmDa;vVVcW5+g9{ zWV@{Ls@b5R?I;8a7`rXv5t#n}47vGM_cdjmiP!l71wB=n-K__RDU~Oxq_Jw_HI1>K zv%}k%yJkItvnVNdLFYHvxBj!=XtE1bRYxAFViLo&;IIp*!&m z+ZYk-YTY%0?a%A|+phjLpaa9-Epx&-9P!Nw1x-#5eGszIh6S8%2;=aZe+DkU>2!&u zW0{w8Lw6qoeL zp2&VJdqE<7Try{QVl+;Q*T8%V*!2L34|+PAlWHqkLQkg)CO#bp^@}%8o@~qB5f@gq z-f1C>4wxCot13;qS;ny6p=k)Nf!$9jSjZNy+@q{U%a4i|omb8dd?tqs zG5_D~WXQ%i&wb+&VK1VjL#NKF#UbVkhh?)?f7#tgcL)tBb1>zwMCJx4t3 zQP{IA-F)IhmU|p*S{A)YlLMm@+Ll=gSNh*pd|W~|3Z&P-?arX6{c26Co$HvpRy}Wo zlyE2WAn>h!b;{C}&%rdXPdlF3m=v1-3OHHUb=M=>Uh@!x8kA>7Bo2A^5 z2Cg^`J}QdACa_T!bbekOTuTO*y@_gNwA^?VEdw81c3F3+{<(HU) zd}>^k*X!xSE)^3TLPgW_J{*+td_lBo{z9u#Dl_=qnuij}t8BiM=w2qDCW_;27+wyO zyQ2Ljk_CyoWRSzgnMmLSu5&*J;*Uz9d_D2UI3m>!MUa)^BZm3DT$c{TYWT11*?G}o zG)M{cj&Z)wX@U~6o;*8&h^oEqpk*xV6t?_kM-9=gneEDfrT`x^F~uWzTzd~7G)K}K zDp6fIInJRn9)0W{JZiS`C+pnDza)LT&FA;#WJg~Y>K9>rgt4y~2moUUPsMNo!NAs^LSw~ST@5cIB~(nc?|rO_Zf zeS`Fj1C7EeAu1-Ln}jCDtWIzsBUx+%nUT0JQb~qK5CgssWj@*&<9|q*(edcsFX;eF z7#krbl;9lt^=w8w&noo-2ssNx4gLw6x5A@C;A%N_QF3&~+hx8H|hXoCjQ7)C3iV3D9{ zw4LO}!BZ_@WnFrn4RNmWt-r%yXz6~QRi3ri)_)SvAO>P%I_FRd9S(T{TXm$dc=Vgd zo6Jb2V(V$!mG2*RUG5-)z=>@#Q@{#&X1Iz zd?1yq#3l(!2oZH8h){#bjI1NVd^trPB0$?w)4=xYos%ZQophs`0}?bfs8M{TjsJ?8 zcbRfCPBG<4Aso#xqhOfSSGnpKie~|0W@#Ns5SQpM9fz;%2(18fv;D>VK>DuMGcz|`!)j8Qo7fv` z^yi8r8c6G`rSjVz^IL!^mfyJ##f9lm#=d;Avm9O+x#|Yq`N@ot3OtNtkp3dT@OmP6 z>$wj>$W_@AAHnz9I3uKhN4B_ZcQM&}#5PC*#A~~fH@SA5yHsX{(l`|7lu}vI93P;I z&jW{oW|!X5+annF!rTFPXLiC7M6euu#!v?1P71@QV(!k9X^s>B;;)0qI=MXCyNqRRrL z{an%&PRisy3HqxeME7@H7c%G-`nu8M+V~UEG<^Xxojuoh*ZE#dc4NcEP)oSm6x-NQ zxE^xu9?~Cz2+ez}sW1<+oY?5V_Kws0B@IZF8-#s6*Qvx~^tMQo2t>QYKl|_!HUTgC zawRPp0Tv$wPP+h8ubC$pB>9<_XHc~507NR{a{RAQesoJ&ere2{P_UNH8iAE=&e0W@ z(k%->cC?31vYmyPE$7VvF_^s4qJ5Z}@`t}JWCR|Ouu{T4pFjybN z9;AV`mSO9hsZ~AlCK+a8CX{4o&?)$GJl@^yc6)y9VRIY}4Q#taac!(7iWm*u*DSh4fcc~@;A zf_Se|VD92Hoo2LxL7-D87qPO+toXZGu_;LG6`Tk+Zdm*a8x844f=fX5b^2dn82W`b zTKfhChbwQ6JQy~C?-|^43b?`wBb*;1MWEJ8Q_ANt%Hgk2>N1{@&s%Kbu~g@8Fm|@Y zWZ+O!zV-*DqLWCqe;PRzgR`Wz~ zMyca=fUJ}Jh~l9x?nXa>rx;8KlUegHxIE2a_3zMBI**}I2`lzxJ`$*NrkKX)6R6qS zfipyFr`njjNR+Mr!LIk!!@%jI*&O!Qx?c+y8wy(iDj~9JdT0yK-GMD~~s|q34m(2Ia?1~fPos|dPl6{F5 zK|ON|C0RfJY#%q~Mhz>+)-BhgVPtI{|YfwG-=_KRd|c))@2e%jpbyO% zEEqPbS;6t(DHpHa&liri8bcJ#aJ}Z;EXjmPz4Swmx!b=zgm?Wz6U#3zfo;x>W~k&v z(NDi~Ss>hjy*$7fkXoAgSEt*wWJ{XB$Gz!zdCAIn?BP-Da(vNcQ--*bjZlykk`g7!fxJ;FL0`O8fb0QDpIHWPV~A}J$MpTio;jWTz(U6DArwC;{T zOr$tGDr?N%b;z?hq`rfHo!fmcS*Gy}=-O_S4mYbh&9CcUUkwe9@nl9uACahcbfpj} zJ1r4dGJZJ@?g43KxZz#iQD{2Jv82L_P{5L=?{$r9%1!73rE^u{;EP4+aRRGj>uWVS zqDRVFKvLhq2_(-)QiyQ$9Yhysi9^S#(32<7!BC|TKynj{an?Yz#$M3ED8J?ssd0+M zeXtj<$wj!GJ~;<5brSE7e@fSw3xHa;5vcXDvC{O{yo=3ry~Z`TPoIyx@f>EANhRk~ z8^2waw=BlVqd6_R{WE-r9nD)eiV%;frjeMtWS_
    (w`o4Ytm1lYA76?R0$v(9S0DXBH~N+}MaOrH>-A@NWd5|js$K_H|Yh;rg5&4n<8 zvEd#8-TNNip_H&lahhS5h+3|bN+pasmZB@ib6yG8{gzV6MjfrAX0~YFRm`D7H)}6! zk9v*T1^bN-s4Ldyjk6(7q}qLcIvA@*TS8WZAYZ6D$oru%TO{osj*b(fqJ8;k>r;_B z=9JnQ8M~l_Q`LE=+?)2lubhrCV#19VVb7F~T2;!9)MGKUEWM1q2`t;f5gO4n_OSQ7 zs5Ll^)Q-8gTz`*sVBRT8oy);~I%7=AqqD~5FexNMcE6ye^nKsiL+3gWu{<-M09xE_ zU{`@kTZODgQl=U()TB9iio1M)QjOUD<(KUV8*G)Au}CQxCPLnN!P@qE! za=$M(vc0oXU$#@V4>DDA`y;4m&YJXG_y%Slk@T}E#RUEpn1I;OH2PzQP;v}Ab2ViQ zl(#!Sa`lZD-L0?xsn(8al~r4UzW%0t*qX&~23=JS6xq66hBzGoUSjm>&(bB^#D4JS zyGho#g{^#o7n(N(Z0WjR`ce}S9*^N18sMvT_kq~qEz6-ZY2=Y4f@&w0LC^rw*|NKp z2~^Ac&&sN(~QYX|-4vJaAsfGpi23>}q~{(_3a(v#=n(|gN>*H%|vc0PP|K5u&4im^Dqu~> z+GAHxNeY^|`vt5ll!|=3TSW2G?b(3U=%8lIwq5Y%xV`@k$1hD3K1c$DjRJD@tOB5} zFmd~7Oqz(f%dBU<6BX;~!iivx9SgDE*HpnmvgUtq(#>w2$h!KF)*w!14)Zue zgdOYXgPpUD90?1X4S{DM2i*~YoukV++y+h->{9mzOw@)RD0mA(P~7RUJ?6PO`}QOh zwLmh~!Ng{ZfYrD#x>`7fH7`H6YQQVW^lCS!JnX6QGHJR9QnciUSBxcN(l^NIPC!em3MA(eg{#d9xmNGe8Y#a7Fo>B z{wjauKUJ`NOMB2!p_c*CgH8K20+@E1&^0_%eVJ)NAiiGP80Mc7h}JGrVRI4JbKTV`Tp4WBApB`mJVAdhziO%p*JiJd&UEU|$iDHiG)D z5+@Swb!|H*;scBeTxYzgU*Y~SN5KCH9natF@rtAnq2CIKF@bejRJRGZ?O>*+y%P_E z-~Zi6J-k>;YolnsA}C@PD`9jLaCWHkgycBRja*i=Yp1poT5&4(z8dn<|uR$yNCi)W4zJ&f~EH72i1+D{r9fzxzZYx&tlUHu-q za;2I~lo;)#b;wN}*;rU*7-sc9HTZ%iszsvPeFmTQq1M)kAh@q&dCyjha5B}2Amv3} z{l)i;-hD~&TZi)G&5H=KNWDPbE4KfH4CzA&I>mT&5aZ-#J|(DYDU2>V0^|{l;*}YI z;U;&k;!><_v8qxw)EBb;`p1~XC0IrH!$iTzF{f$1iK`wHipZQ+WGU1@1a)4HQGgko zM^Wa1;5s*+8mZ;r0?mIh!i}tDAbxcOU4%^FEZrX&Wnu=)kIu&#ez(U28hX=N7Ue?8 z6H+9X*6#+w&&X+**CKbASI=@vqLhs{amZScd8!189@-C3lR(-UE({~!yAbMy*&tY3 z!91B(V8&O&>@5-f`Z$wKSgzJQqt-3z5bhFu2s`%NkjzOVnJdb{)0u|HB*h~2C>mZ88aZ=P z-zXIs-@RPVvdds8CDOD#5)AMkeusMW>o{fOHV)hEGIF#IRWU2z@UC=Aby5-))SPd_m~Y5M_6lnc&{pJrV5EV9m=9*|Vl@F0yln!|-HA$0m9hq^)rTfuc? z^ZQ3_l&lHtbowpZM{5a9o-c>IO{8k?Em^&v&SEo=Kvc=&VLv85XE=h;4k^b42Hwx? zQ1P`8^|;!GN}tR4MLF5T)!#>pld;eoo3DZtbH;@MHm2iFg>OHDrdu;Ulv9shrFyXJ zinEnx!;}x9l8a&D`)A-!@;1@j6(4u_D#hA4W*f5@xhMnk?62Y~bGC@z8y3l$Q!yfLg>P=vFO@(=a5&Hf7$p0a!ES{y86VW7+N z%DjDhMAw*SW0VM)miSqO7rM``qlwksVOJmG*ux@*@r62Z6A6bbZJ+sK2}vMJXmg!m z^iXso55B7o{^NuA{kpFp;QuRC^#}N9C)BEx9l2%?N~Tq6gk*)QnG8U~&Vz0)Hm_Ug z3|SDIz~aMxtnP(XH9GT2E?tbC#H}jrlRwgjv`9T?&WzSFOJ5L1GtJIYhM?yo-aaQk z!OiLgM^n=%d6r>ZOtsk|=aA!nP3SqlZrySJ6n)l#ztWH)v?3BC!2pAF;!V+Kn?goq zqY;!eQ*?7Mu51!q5jFISNQuTa4R>4BVxbdb_$gDm+?TSj1YKNqiPLW=mgZVFq5YAmB{aQ_W~Je;9y26K(3ik zt}{mH5UmCYR$mdMVo-3@fYBoI=a1`(rZ z!E|(0y;BJ7)fFU}nDKM%`P=i#M1g+-FE-b=#QZQ8s^k$|-rtTe-1O^!3Fm{}m{|HJ zc*^NPK`sMY;6-F&B_qaVAd!4a%Bl`8@&3?XWBGg_(29~Z#UJOYU4q_&x#O-VQau8> ziJ^&CZN7U;C^l%dLt~Sw>XAr!U>mBQQA@F6Dq=iSB&^mvo^FWiUNJ=S<=Itzyqv-$ z#I(qKvj7W3Qs;VZIoie97vC;hwbE-F9rplF%o4sN*ebAIpj+A?SZiF0!HrjcbD);w zQ>P#y%2SifkNjW@8O!%bQK}}nF=2CnbFzvFTNP4oGy&vK2je!j!&HFjyN8p`#;ZEg zJtAa+54a0s0whs)2}sN6r11GnOP-K@@MJN(grZ3W{v7KiZ#Uy9Y>EX*8`{#r?~8R2 z*ZPf%)^VN@j5W2#SQw*6F}|`dpQ~y(Ydfl*#pevjA0krn(vNu=O25rcLeHp2u-e($ z6_X=o?sp^e#x%u09_zR)9L{IFLTv}!2EN?D)1kwT#(p&{z#XVOoSi^2#dOfWZZZ>@ zROf|*+ykPeFLNV3abtRGJn@_M98p zClJSm>VZGk4e>m>#%#IXuOcB$LT)Hgsj71*mVB3&M%*K0vs-8qahotpqsPG%4Nh$8FYxnv1#0sg`W9=7-L@LPxtsqyl#h7j6K z!_&$_U(f1f4MvJ+8b=!&&3$#_^Y!J^=j;*`$)vxW2+0ryRY}>ss8p-Fe)Jd6@~kv4 z{9Hh;fX90zs~b)tIAE)Q@kUGVQDW5A9P(?~=&!A|qx7Z@-o&rU@-HlK3m&!UW~cA0 z4VjP3fWx|rDR*={{)Eu9l|N5VvOg@Z!Vn66iHFy05Ej96z(EEO9_|CtZ^U86?x$=V z%SNUBuh}`rCiT?5virEa@M_TxHK>S2lIvD=*TQRZkJmZ<-k+hozrMA?dE@_wv2zF# z1!%H$+qP}nwr$&X-?nYrwr|_EZQIt|iFmV`KjO`1rs5*Hn^UKFu_g1=gidz@} zG71EL86EP1ID2)4l%`F0_*!iBC4;_|-@LlggDQMm*?=?ZXAi<0>WM%4kBfc|V%5dh z3tZ27tM}EJ(yQyT_!*Mi3EQd7mO1h%+da394rkn0zkSTN^Xi2e+`;J+)IYdlBXNwW zZBp@>A@fi77@hU%crBNgoUcX5D>DgFzF|{zZgVf)GMVz>0cqYel<$CM{ww z?6bg5Y6K|@_^CX)JH2GLMq!9Qw`f;3_rrXi-|~P)#Q=-|*;sXAk<$1-4^R7k`WAbl z|66`BGBEuI{l&=ee=Y-U`KP}&*${e8)oq+3V5++dcWxSNfk@H-Vghh7@hl=**HcK< z3*C}_K4zj4yQ+#gi_x=i;KGik*y+C;y&PZ3sO*wAY!+EM)^Y7raO@wd|Bf$sBM+ZX z*LJ)UhqJv~)u<$c-8R?QI_uON^1$A_*~9x$F%ZA+q*4=X9mZ9pufWNHf&aLZ4+e#) zqJej`rnuRT7VrFB&g*n{w~x%aHp>#l)T8OrtTIAI*X~)kG4a}yOEReQ(!S{U30&kj zo7xS!j;3LwRi0E;0U_VUnKo;Y8)Wg=WC)t?B572kDmR2y@XsE^ws=K1u>?P{#P&;e zEnS>}!1Tns8+DP{CqLL1ZW{rg$CgmhmL|B%F}Pc3kz4H&OfzM_%W!mH$nOl9o>+dpiuc(n^@{L*M4qhHJS&+ltV7KX zCU}TieUW&qSK~$42K-F%%*MJjZ8D|JnC{J4&t(;~xxO+yX(XlW zqYZxwtEhut)DTR6qH;QLXjAJI>fLMxd^mzc(KQ-@o4<8ZK>}3ljKZnvCPRjhery4J z#jI=`&t5P>lHgZh!LZ=GOcFJ!Ls3VZDbya%yCoZL3MtvIpA?ap^^S( z1*g>#P3OP>aoC@Hp=ruaxG(yQn~Uh@z~e6A#>3Hd8l*X%U@6qy-#ushP(%O(IfXXd z$LM8bZEEN=mD~!+Sb_w}JtDXzyp>_alS`{&EN8vwx(*KCB_j0)cTHeiG;43YRrF1=PJdo4nQ;?0>H9(=TZg}|=d1sVs>M__Tk0~(Qq z%pFW!+GDZu5rkU@)Dik0Ww=xlz{P+76YE?jmmt73ww!%)BV5=8<`id2IIDyJvk_qq zbHx>T6zxuo8rrb+SoB`CxY_TXbsE*OeO28|3EdAgtdIs2RuB#fMZXXQV`>|7inA~E zfPW;G&Ck4bRm0QZcOEIY{k(21z1PYj62S{OYu^BVxfsT1eu?+z}lZy87x}9F&mes|7ih$wrzD9MAS;q~vBjeB~I& zoPJ?dKQNH11Ic@Xwki9gGfM)U!90|jwh=qElCW4OB<|T`QgAoF~wjo%U4C<3&R7x z&fIZy8dURWkr}?=PaP`5{qYZ*fn24tu*R~YV|{QGlH+Rl<0m*N;(jZ@}K zK%pMoK8cX$_vVrv!rM%r>ui&9MqD0kW~Bbp^$(BwSpQ=66VPbdJWS`c$n=Gmtq(;+ zY4rg1rNV=P*Xk#f_+WjRD`49Tzv{rUTd=Dj)3R;5ISWW6*d(>vDUA zoJU6Uj|8Xp_t?H|z3rdrX;Ir&>gdl#ei}!nO&ce}g|)3!M#{7=+XwRZo;mhSy)XRR zJ~nhRjxCzi<0iXRHtp*+!CkYdqQp92{BfEMs5EgD9utXBASD(hq_R;1dK*PVA;#^+ zar1E&eNt>IHjl-|@=%u&g~I778j64Em9&-mCUJU(H<>?atqIVIxG{51!?zjwIRC^h zO_mQ-RhPqDxJKe;P)>~VH#Inp^Q`lB>0g!Ag78L*wQ(7VzbUxy%{*lW!K0L6txZyF zHb{-;!*CbVQ5mo0d`6J_mx-DtBSr!D>&AHR7R`fbqq|O@qPspHcrQIAqCz>c1~7f-^+Lfj?M0M9T3@y8=f9psi)pet9MqG{#{O+ zr#|Cu*U}KW7(U^DCAkh6Ng^q2MG3JWzg=JBNrG_0ItL2@K|?UqY^|X2zckf6IdBi; zJtMI{`eGXHJ_&DM&}%{5Oo|GUlBE?X6Mp*ejl`-HhX}O=Gmi_9rR34zF;jg8`e=us z+DV**!H(w?J`X|v0bPQgS$L5!8oRvDhOU(@pftLD=h z6B-$BS~ct`(hCba?x)^)fk^HzR$%FKs*=@2_s}Oulm)CgK~wjy>M9@lL4LEPz8@@e zIOdw!qj*qNKCp8<4QL=1V$g6`2_Y!aY%-B!=TVsQT z$dDSYaF2x9VdFLsqX_>|#iL!)cvvXEdLQvaz`E!Dl%$HjiFu`|^;|Cn&~N*0QHLmD zQB6yUprEe6tO~H#<(I7Hmje#eb*Cq-7yx;N`}3S6@Y4BS)0a&2-l6X36pa|!lXlO25};1C2_mQ?`7 z`L1)-UNP3?>bYC(wHxnY^^PM0!GM$-M?a}Dm=!572yC?!GD7i6!(#@BAid`x{ntM) zlacYv#b^xi;&)|AFoesaXq;G)2WDKAwHf?+Ib>oER%J(~{>&7D$g*a*Ed^`AOR#Q2W zh1$SBrK-`&AW(JMYFgG#!S(U*=R{uvgC^rYTvtr2|0{N4{0H%4W%(bX9}@v1GbaP% z|4jd-e*DjnfRUB)|0R9=|5<-AFQ5uKn=7DDhX`A`Sb?3LAn-RxT>&Enj<7cYdk91eEnT%*fcx)cgWE zf-+e#xP227{ZkVYu@a&scIP(0A8|MdQpiVVCXlU%ziAO6lQ zA@W%Zfa~w??-_oM;SgFtIkhqYt^uF~%%S72t;LY@VFh4qj3Av}-trKd1JPz?UcP8( z?Ck8O1hmP`>WkVLaEbe-7uJFDp`3s?I|5|@dntiY0$TI^${C530GDWKa(>jx1E#aL z{bLFGs`^G2Kuk`bE)I;$p`1Xv%)raX$AFWs1l|0wCx31GAl}M20ocr1e?vbb{a?*2XY<-S_rW4&t4-B-m<8zvj4{kq5XmAC|>U>@e z-cKEBuKVoV^nL}+Qr$|;dM(pC)|xEVG`arzn~?l8c%l;iBxD3-1L{;)SMzLn1H=OZ z9N8K5KX3L;?2=%?yJX7$5Ed-#Ih@b^Wr(GR-~YacTU%O{`@E z0DAkSeQuQfCSQHb!p!|N5xDsO#*{$#=I9{!zs%-eHaIn8cKJ4Z`{BLz>iqo5zTZ;( z)&>3eQ71YzG`vg8f424i#^G65TOQuW4PPF0aP-;*0KK`QU;Wfopq})R`BeziO+NNgl3vU7mG-tp=R{!xxVV7)A^3L?NZjb?eNor0xUzybezJ`I zA?t8gUl%|gq^Gd|%zUCBK1Dk^fT%P3`Q32rKB5=!djO50UjjXVs3AW@cxr#q3-|+o z`mry;Yyh-%{&4ud!YBQqNjL+=?;ySJrJsCt{%8I(*3K0_#9eBjAHlj7j9uI##knFnc z=DYefk8ajqjjjorUr_xBjbG>z`EhzD6CEE5;?!}UonDJKgIn&tnPohQ-8AdQzDaK=f)58 z3H6e=ejPn(R@Vm*pUOs78O2xGV=fq%OI*bpHaKd_eE)M=%TMw+<^S)^O4Qe;MtTCUb^9-vYA z5^AY<4F>PkSRDU?``C&nzMO1BttYK2I^%j? ze&^=&yHIS+xkxrdOtYkH-sZ$;tAO#DJ5$RnP9mlm;O8YvjDI0lnG22Rwiy*n`ZnH0 zGI&`^*k?jn&O+5dY7YsX2rLu4A_&~`^JdLMOX+TgUv;mLIvr!1?Ap-haF2_DBTsJz zyquIa;0TppwY~=<>OW9G?(eksAhJL`QvtH)B}-T41V~S!S{O(a$4@OOII9{mVb|s4 zm(uixr-+jT5>SEryFcB>6tbe=E;{K1rAtdX^3TgvsD0P%xYHHe!{qJPm;cc>kz+rY zhoTupMzch9YSA6y3Z{YFJ8 z{@yctJ@W~~-X$=ri|SkcZuq9gv=ma~coJ-hgZ!GRw8f+TMPCx!TmhIK$Q79PH%+Pi zNbOX~n$R4R2cNNc(^-S?yu%xpKY7&eK)-qbk8M0;2vwMJd_Q46`_(T{cWrv*kENXQ zvUr93>1ELJyd-hMw?!a098^ujJw9Cgd=sowB%cZSD<&6Y+t4Loe5c7_6bB& zGeFYXN!`-xK~VjJ?H37EO(8Tak`@3{xLdH9Y24JWbepCu!342%K*UO#K*Ui$d7zQr zSYLvEC2;c}i(x@pWQ}$PpGoGNin!#LQ;qv0WfT%?b?=shN&rH<9O>J{rxpyKP-1xn zh90smyNNMuA&$*IrEniHIkmDgLN*h}AhM9SrIp1u6Um%4sO==5A5=$+Tcx2m_^xSr zpr_DM;w?5D4aY~XKSO+dELM0kUwuAnV}mUjGrk^T1!$r3O8@kI5^t<;?1f^Wpx&h~ zNtChh8Zt+gTDFhkKOY^|;KI&F;IPJMm0&`L{MS=1!4B%!BbD+uxdd`XC~`UJEePn- zy@-)+ROmCz|`nUW+EPjH%y#^sv zcSCwa%0?n|S9CAho_PNmM9`9eVeBBUZwFb!7=Zv9in-^tf`tM*a0#LIp}$Y(wIFDJ zP&#qOXn+mIC_NiGrn9CR*wPCD z_;m%1q`;duM+;|UTL>k~VOIT&%7k#;v|N^Z4-vW0BMnA=Qe2}s&U~VUAicA8S`%t> zB19C=C$^e47fhX2lFAEPb!9%hwvDB%E+;5vH&H}OJ>%uCjqolDyV%fgz~9_|n;G z(gLUGEH^U0UR-e(u%ZysnbC$cb;DVm{1S26l+$i%nIh$S9gPbO_Nq&C=n--)XXMfT zXhZ%X7q0_dCd1S_hB4-tBH7Gk2se>oNX2X4y)Pzl-}WWn zfb3u>($w0q*R1FhdZV&N`+EQLLea?)R1a+=s~;b z3X0wCH+)*?!P@!x^@E$&mgfV@cqaTL$#nTlGdu2hV>(K^D2^kRWNQlO)B@1-a>W4u zr^QP`<#y9S+EUhz-GG>62d(6K6+vClMIING2>AWoM{O9t60V}{sOpJlknTas7FlSd z=a8=~E_ByqmnQ;zEF8i~7p0G=g4l}-bvehQa}1l5lIA_dP2tXD!gY#BFz;u}zWWRB zA!bz=5@Fxf6Eo?TadSC5wmD3bC^$Wx*xZv|F_tL-fcth&RtnocVer-3YGI1KYzGFi zYh_wy7EfR~#OaH-rm@wdYm(lqzrYgc)bLwj>G$@A>av zA>`c~n$CkWFu(NbqQUjil+Ri<0|A{=XQQ&`me2MqZ11;isUxq03 zqTjf2<6>JAd@sa)WphIHYy%3o9&h>wQCB(vUZ2@A|25FxKJ9P(cy zobQIOml|FgQ1`Mea}`e})9ZOydE=!4njD0rjJzHCA95EJj|XWdGpQ?!U8?UkcEILH zXICsnRTM?0_ljTOUI0;v4Y@L0y%;~yYd9#Go_fp_=q_Z1td>t!2>H)3XoQW*m z49V#Rln8=j!Dv$ddGZmMfWxD8Yl=-H{_JOa9^j{q`vrr^Rb&-SB^=JjIJj5`R9{r` z{Tbn6TB-JTxSW8$7KKmrK9?>X$)l3jVFX2J=-5!WRU)Cu#{PnX7RV3xEHZN<-{DDQ z92g~t*8H5s-Ox*fkS~@>>Q05%9XoKC5W=FfCiHVA%q6V-Z#ADalH0C-DJd#ORU|pa z$>J&zT9&>q;GP2g9`|-@dv@kMru8Z$5wt7Lni-Lw9U@LP1xeBV8XmY!tfZGj4=(g`>ruQyJkS4ArYnWIRz)K8hXUEC?vMQW(l0KVt$Du`K_KrxO;*CDfO@eYK_qar7gla@(fyO{zLji0IKaQR;qNV)^HM6swFrzgl;_;f|M=)CYrQVC|5cg`( zF5F=%_L!u3*+L_xJ) zJ)NPA^`X3s4(|t1fj=&I`O@urRlGKR@3X`7bm{70bdWTFM^qsdIv8JXo2}1)|K5gd z9ZmY$#QGexhGoVwdmDoZOeu8Sr&L`!!YDA1Y8;r>Q0>YrXBpJsbjhJr_r2rz!zvP- z{Bi2)Ll$pyn8;{&P#*Ey1tBN9a+p4RCr=JG6``{$-wOtFnX|wIzSMJIiWAQOloQ2E zLugG`I*OB*RdGRA!U2IdJrCUowL)C(jM|l^78SJA)og=C z%5=p6J1PhwjVV`_uCYr|IxV`Du#S2Bzw;}d*nE|dfiG_O4 zjJb`Hq8qf*rP6@}4blqqCsI7*mf>ZqXEr5P_)~HmDx*ZkuAbl2F!inc4_3FAfo1QH z@VPJ2Hfx3{8c8v8nVeQ4*-&=RwcS5D8;!_Sn=cuDAiPOpC?v*J20Vp*1EgWK`kU#g^=GUOY|i18k?nP@IQG-_bs^I@Ao=E;3C znziUxo$x+-6JcLOuw0`&SoZ9Hmeqh#cd-v&w(#XzKIp*}{z0f@MoV@<{K}2AYJAw` z39o@+`a}Xdl(--?1`C%wH(M(6E=2T9OwOi66-%nlcyb%TrVn z-n}GrGX^Q-=pcxGeCho-AzsC$ZVy0{ZKIh^w4R%q4P;~nS!p6BHch?nbm!8Q>4d=h z2zh5-FcU0?-F5pgRDjA^86{6`7vnGon6sw6kvPU?HePycb1NKiI68hyTMV-gB+5AqvwA-c_PIS$M7Kes5Np19uvU+gOp-TdB z7f)79nO}leDqz6L+{ksAj>-mf$1cKnx0LdorVL(hAIa68GvNk^w9B9Lj~Y-+vK#1G zDX}KY;h|IFm?X=~edk!8=E5ecupueyec;6}N3iaaXDorlZ~BE7Ti8g9Szi zux)JkqYDnsjw<$k=%I0xxJn*Vp%Zeoch?dD$6MtjpT>dfDobnUsjIDq^w+uTUt6XP zmre`r|>_dw%?ip!(149y()^9g99x#=1Elhaxcr2Rsh(rYEuEw>iX#RNXMBA1b&KUgNlx_9eYhRxg~Feu*0FqUYtr zeocKBZL+twjewmOp0;1ObzB7PnP=rw_k&N8`|88;%bKt%>Wd&J5D00)!B`thXorSd zjM7rLpX$AAr_E$*)-Y;!w?+htyd_m~cz~&q>&(ce^743Q*P&MQD3b&5Qzv3=!A4sP zpW*Vt;zkk0al)k=WsJ{j?26MHi8~0a=j8qUUIesLYJ)*E*w`sZG&kfN(hiRCe%Z+e zwlIXFIuk{3PmgW3qEuV1s2sp;kYDxzh~0XYONponU+pVG0L^#8g;6R-4F{QG8F8Qy z;hKDp)RwAdPNbC#fB9nUJJj9)!iGuJh*g3ey*nJUj3A7MEtkMdAVj_?bpl z^A2qjk!bu9yJL;ngo+>GNg@fWwqE8%S8x3kW6MMlY!`RCX2>osMMEQj-3_BuB`QuU z@5D<)j)&MOv`c%AZ<|Zv{+=}t`lrd*IQ;42*=+cYGXRc?K?dHP*0+_(&au$Io>ZE7Izxi3 z&)lffZ}M;|T#9+>vX(;z<(E6}{XSpZP*Svh1qwt7VtNv|Urro11q#eZ4h1)w-^FtO zhG%_IqgHHne4Ei2U&QA4u+vp^#ifD_ikBfO(^}q4)Zy9OjhL?8ZDiLwEr9CpzT`Z} z+&WJ&a~>2HjXEi<7085>jqA}GBlVNoCG0~mdB(K$U?!Y(;O^ZNxeN zkK+gZY1Xho_7dX)5ATt%Yi;1n+c%0jY`-9O5}}yNW5#g!)ye#_OjzF))GIroZlbK) zQ3*%Ci`pjk9|r=2?s2J&Y)2!L+5Nk)teEc;Mg7%b);Y|~6!-2btc=j0j16 zMh^(D{c1um(Wu#-F7;hCzO0Xmt{ad-gN@rT#auzOI562zkH0?U&Aqd;UeNk*t@uUS zO{Yth_==SIpdI=zd~!*;DDCmjoCe_imnsU8R3GTm9!MNgdqX&iy7awg7DDHBq9`Co z@rqXF%A}Mc=^hk3HODQ5Rop!|?bY@kF@1=ZZo+CQ>x0(Lw5C9AVcr(7Kn{rsgSJZd1z|X4 zMA>4ljW|osEo(K*2X=?0_KerA+az2m?;PsxYS03JRmb(!$pqzA0%o(T9W+ph04-Kg z#iFA2rg)~#H9Uhn6+EECAQF}KmYC|T=DhKx+`#pYrA8!IPd><|gvkh^ryd=hw!7^$ z+jS(t-Nh9jfO99iIoYz$h;@!iAJKgd-hEIo65+pSvhDP1bA3<^gcA+j0&UKlM0o1o zP?Up&3b;xZDB8(RGun%X`cDv#(MtccJbf3O|PQG~cL;^e) z4D-q_C+A%79@%Q2|LF39epQGK3N%&L+%L$#FL~)awFy5(q=rgh%+J-NBiKt~Z9mW9>8@9$5 z&_zU?O`kw&2(gaQ#k8HbYfeT8>rWLY0gdh+sO*O><47!n`N&ocK|LO_<4|}YfRst2 zwIWOHns^MQf-_gVxW$${6VPwEeY2Xi6Py|J4n?^Y$k2M*stR~HL zlHtuyBhF#jr){1;J^Rn@}74}Mb_Ikx{A-d`Ew#HsxS?GgwSf@h2uaE74T*# z-N~G_lHOzr?8csVJ~lrw@r2Rq*ZtzeV@TFA+r63)xMhkbaxZ8!LMoFMX7mf_7xEL|Fz5exzEn=h;jXYAx}F}}EGYZ$ z`DjZ-v%^eNONkH}HpVam54|AXyEF$eVp^w|pDkuVKk#jjTD~G^oKGw~3d60wR?0r5 zA2yySjuo>88QtHM2viy@g{jZMcGGae8`DteLb%L1ev6bE*Zcg(lt$ic$cAG3nVqT+ ztnSxm>J%RhzuoKMFlZ{uQ;F?5f1|W}XTBtzoPL}N0!nBYiilkn3GOrK89a_?T6G0U zp=ica>@)w@B!Vn^g&B1_zXqSQx=R|^wf7u>HzI;&=aR3HnSk%um>Dp~f4`3n?kBW8 z<_S5*vt@#_Q6n+H16hf^2q5pKnyjW;w09qi;N7Uyk$C;Ld1kbqU`Vvz6g7v^muq=i&VJ zN;oshM0b|oJCyD#HKlp)YN#6vE`Rru!zig`2zGQXc|~&vfdo(+1XTt)oUvTVD-f2d zt#!g;s8JGo(JpR<0d9gWyJ){_{dLpM?Tgj(i4^ZGQ8wtiW{CZ6t!)fk{Jgx}gFt)x z%d|Q|9u))ivKp@dhg7Yxip_--i2goZz5}sSB|Td{wf@F8(n1D4r0tolD!0QQrg9hiE2CA`}^G$wq+ zHg6;$;i}Npd4KMMdxHHXK-}pJ5cEE4NhV^JufVJ;1piyYe2j&Z^&rO`VnEfB+R1=d z8+ueT3cEbwnE&%^nKy(y-KB@J!04ORf=AOo%%Cc4L8&yIPb!&|VhCl+5uFB#@kj{3 zh-U)3^wvEbWrQRI-T@9So{cPynSFu3%c*73Du!}mKcEpac~C@=eCn6=awHcqIzgYg zh_n*uCO4HU65f^8{61SlCtmYGfW(*S-Qg)JTZ7b@Pv%p|F{q?R+k8w=$}cjgHf&K_ zTNHa(G@7~;(>c{b9toG3N3dv!8c0QQP1&GPnUY`+X_Vtfk`K0oZsWQ$EiqNfcW3}` zpk8uq!j{>m!2{!kN)OZ%Tqen&c+2GG8xVzpNagx&RAs*wQVgo!j2DE@D<0k)A-Kb< zle*xUB(9f_QYv`Bi5x#Ww{F4$XUFmKnT)a4%q3ya*RevxVuL7v9~(=>nMilAOk8LP zblay#@!(Kw%>`(r4*&aIjwbIcakZfZqp0NpP|u>nYm9JT=zwoG?=*POCZY(97_A7< ztrX@)wVVU=y{XAY^p5Jfq>~2c2w_I!CpcBac2*?jXmHMc6vy(x_3eE>|e!T2Sk6jW*g zJ3R?eDU_$|7CpGVEECjJ`2~8uG;_(Ax2SU}(243vI#f~gj4$42+6P~oZ(x6_PGZw@ zLM680SWJ1@pXj(7yjMzb#`)CM45t8Jia~$208hCJr5~yI{h5R}R9f52s$BAw1qq*` z<8Y9Ik7imu9ZY5!b<>`9S8ZDR(Aj^y4}uY+-t$e!mL`VZ)1XSPaXOn}TuCjIw`Vk5 zZ;q#yY_kf3el?JDjF5>GhW;-aniIP;%n(l#<2pN_t|4@VB)NOD6*PUy+~wb}qcw#d znWEf>C?5R$erKl-JHc(jt2#dd^24SgpWq>n4OIX7zdy@Tt+~U!TbMtz|8m^QmrZee z;A%3G?6sbBaSn1lu1$ec6etuuL;9%Zz3GXaGake4xtz>LU{ghn)`xn%R4{9Uh+ zW}++Ea*pA~yjjX(J1ZVBKSgO6CvT_3Acw=ck+KM8I2}eE`*1o?$uoqX}jg+dLxynoJQLSmnksB8t7Sj4!p9;JbWSzv59`Q&M#W2vo)Tr6bm-*#G7 zV|M}XCT?^_@5+uSjEgBXR{qsUAS*MwD5llg(J&xXcAl**bL(F;;2rNur&Yl_@yG

    J&~cnA5tbZ)11zsq74WfTi9b=OlE{M?6pnVE|@`Dm1~{{X`#cjaZR+{!v} zZg(ajuBmW2QnP-P^r}-lupm^zl+|@+aqiUat{{3`T`!=S7*k*t?JSX6aIEAyYktvN z7%`=fl}a{3z@dsZK{^5tRv+Roe>J(4NL^ilAY`j6%kR3cG}CKuOpvUdVDiN3K5!}z zEA3$^g^MqG&?dO(E8soyCyadM;KrtisFY|u>E4QT@0$5*4Bv?%4S~LHh5EwbbUFKL2Fe z4=aZ$Wl>^A_>I(D;$hR;@xoRO=2xNcf*o;9btNAe7n(s6J};GHb|!^lIROeD}JLfX4|k7Y^`Mu;i(RsxHtPsoR8I~4Bg zs(UvHonPF2D@F#+-MAi`+sEC)b4k9!#|++^IxDfdz+CJ~pc#g6$n)It{Hz7_$a~0m zMcec;*s}CdQ1?x4b<09^YlFWPh#Xc*d7;!8D7^JOh`Rsz2pFr=}&duztSCf+H<4aR*oYQG=VdLS5O z$q%aKIlLp83r1U;O~jz0@16YghIT!)t4?t~3XOUBC3>Vx4Wk?;q?Hz?LgxdVd@L^a;~m) zrt+Ibxbvw0A;NW}lv{L*7NDvuYj_6U?W11=lMv`Bu@0uenQ;}^?w!q-;C-%g?!!^= zmw3b&8T<%1CaS1E(OLSaCtVMOSjvab00BTV`OTAnux`KWxoq5#7|-=-j3TB$hhJE- z-g65+4xIF>tZQ8^YGl%fcG6>&u7p9IMpXB^+D#<4uf+uHz+F^PySSWqiUziQ1@1>E z1G!#e`{C_O9nA5WhDQN4KBza8e0U<(!|7koqYtOXqe~9<2u|98v|$+<2&_26phs(| z!y?39xP$&p+(V%H89Bx)>7o(3xTmp08OkSvUR`Pa=o!N&z)|1@(|m8bW83mO$yy%Y)I>T_+iwNQVqE70Rpm~!hy`f_W+14E4N|m z*nJPal1O^~+Ew%l4XMy3q$ify&bloD+Fp-@G@|pYN0J22O0$yQ!8`Sn=S#GjONKE3 zBl=K!IniQ?mFLO0wPrL(3(9mJFEvjaP1j!g&o$8{F)YzJsM!^RPNVcYg_H#Bf_+yb zQOG!UkNAGl^4UTkzjnNJ)471(`>r-v$#q_zzn^YAkb5~sRc=4O;U-$CErdb#t%~_S56=adx zWenslD~QX9#EX9I)WyUUgw72PIA(|pGrDxp$MEsa{6DG(f>r^mD5+d8Yng9xe9jl=OXd4)vJf-yP~K$uZjTS?dVrVTuEKZrjJ_?*wc8!rUt z5Tfu@m3W5}zKePV>rKdDO53S+geH9*ogHz;#iCo+uC>|GP8{B^T{;b$jPefNjxG;I zMJ_p>D=;dtil~r4Ig}pq((rWY%eVnspFxj$Mp9MjWT`U2PF)$IJPLY=oHg#nfFLUfdS^LS)>~hiYziQVJn2 z^mH!Tt1?=+#n2J;FU=_1;nR6ye5OwYY`F&jWrWuD;?g_DOl9Y?eTCzrD?l|Y-#wp_ zHb=m08QTd_Rb9`>uR=qipe;0d4hE}@Ed3~X&;+yk6$Hu3bfT439kzcUqb z9`T(SU98hIi|%C773OE6ct1~T7?QO7oHPnP=)qCnA;4;?SEdtnipbeIFk_SAgjmzD z9w6VF@JIwTm_^d6O-!C>OT1Gb1yO$%Q|rV#IINi2P_=f`iS6ERM5?}QWZ);$>oRqrk zLs%Zpwl4hq9U=<`z}@C${gu@xUWu3&$85})hhfU0OPl}2+pdqPk)ZeK36tTkiIzqp z7mIa$Xfh_I+gdioCRZjn0D1QJu};(ijxoq*~qmUF9lOp?jp`du7KH)qWce zU#_Y0f*)%`JC*kxVh|qDfBG$U=zt`PLWF~Ux<;qE9EwS4#YTTc-r)o4c+#5Y<?o?RmULv)z0e&jM=y)!9LZE7l`7s zkFFd$eq8xE476b)I~a}H(A`uY!Q?)^xw!nZ(57(-r{XyN`5JvtP%fx?!45$UqHf@Q zNU1(K5* zSkA1!*B{aGp(1-Opve73^(7&qUDL;(k}n?(LR*@9@|UJc+%u|~>Z5!CRL_@pc`U8# zvFdwCl$%#5@Uc7x`NFPq*M>TivRl7(xhR_T4)ZG80)kv_5T+yDq0Z{U2L;RvIsTro?(w-(XJ>ur46)CLM%Jq}SqVT#HQSONWb%-V;VF`16<-Y!;}G49&=Bss3wU}Ac^UI|Pd z9&J+tA#?MpXWgP666RrFp7+5ej0}}ApqIrNw0FWGm(J{bI#Wxk^97EEd75^39b832^0ryBFgbF={KZJ!^*x2M!`vLDoJD7P|}WG)t=3V=lh!D&$IQLx=}wzQnw2+Y6K_ zVxc!k)h_PeWI%2`7DmNE4S#7Bq6-7Fl|`!%U4y8)^nheA?-0ilQtr@^M`qZ{zYDgm zAIFyo^4fW~^{WUah~8p`N{w*#{m}G~PE@N4FH!DIvOX4HydDl!LM#g_G+tl+7h~tp zoLd*D+t{{k?%1|%+jidAwr$(C?d;e)wtc_OsXC3*xXoGX2dr5&<`|DW2%oRKNzg2p zSrr9O)!sZDmx=(2kar8Dc?UtPkR+=)4u%81`O+6r9)mCbq96MB3wB03H^^KalW#il zDPemWrSg(w-ydT3NP%BdeC$iBQDRO?R2x0s&p*mx7NqvwO3t;==R+ZM{plhg2xF9| z#qeFBW8we!4WgPw1lAMJpAL)~pvavd2Ls-q!sw3%?9rQ5gGv5yhelF{hlvwq<}d$e zFA;n>RW)2Kf4?l#K~pl9rRG@nu9PwqEN{^859ckxTk1yYuK^tKyu?IM;*#EH%+I8U zif+No|5DBLVV$!fAVW+Wkr@XZb6rR^di}UD^jhYR1BR!Ag2V&5NRxg0WSEd+brx|S z233?!#CY4;K@n3*5Dk#;mGm&5b>+LdP*&76;a%>cM@8Y#3MoyZHI`mE+$0?wRAd#S zI8LP@*7DiywS5!f%2vIl0OZ1sgaO!1PQ=RImw;Mj5?|ldOKei z$F+|i|H*%mp+*KjQ)?VgBiWWcs)9TF)lO}s9EMBK8O0W9Z5S`E3e9meOk|+3nx$y2 z0c&}{tJTI*jbHO(J>(sfYPzqu#UHQCkbW;BR`|}e9rl!OMv}jTG!2JlfaU7kIOxc} zdX4k@2E0mF7%eh@81qG2nt(5c-t3K4$jGVRg39_=R#?9T$K1Q`Rn}v`2_el)An=9K z(#ee$<3_$9kUEsW-t76;j``oLTGb#UrTV?5y@kExg6Rw&r0;IfM}3x6Je%MjOhbRZ z9+fDCip!*fkkE3X@QH_zg@rBH)$W>UHI}yz&w|a1+Qm{2Ke~?f#ozW}PP^z{#<3x~z z@LU{(8nHBu{6)%TlinFTT(pNC#VGFqp-oi}&cx z;(`g(%+1}tdG`*zOeZ-G0sVJ?SH)vSg&h7xIe(G~$LnmmX9l*}kd*JNP{puua-qxv z)ze0EWJIV+SqyTIXihEL&m^KDRU%Pa;;@bLvDylm7nR7yrQ&pGl%0zMpfG$+XT;WaBsOr2Xv(5=h=I z4uPqqjJ-$H!k@`Eu~Xb%*!6P^iNEt-zAm#J|q|kj@5+2`K%}3da7>UbT`~hdxZaNTb&xc#} z^r6EIf>3JiJ0azTt9avU#OoKrMrESDd003R3ba&R-oGny^25X1G;}tBD+9HJnUk&;?A{Q=slW2k2u;m0Hv;tMAO!f` z=#W?Fgt5nyD9*TI6uY1KQ_UN>!xu!;(_Hj$hiKSCrnA4~8$>0?pEp?knN!{Nw%Uxk zlil7EN`k0JCfptsEA>AxAGLMUCLBRD+*fG75AZ*)$w8%w02aD&Xr}BFSPEYP+>Toz zO&4lfk1_(RXy)=c5Y-fEcZk{)rRm);OD{f9Ni=MIi8yBY$;XCC^Aq_`L5(7Uv6lj3 zJ_kg%v_;J){p^V&Hkx{>jO@F(og0>w0=_x^!q+4;=d=j2d8n%1*=a0M{#B+8b0=8e z6>wvg5g~=q;Wr0iftl94VUW_Me5x*fo5h3;VUGsvXr~Zwwem6omDNyG$j2c(P5AT{ zsT^OYmC}6q{CL}xcpp5q-7J*F)Q$oO=KlK$b*Y8Xlp(i#_iW z44EKMdLNuC?^;eU7_C$Xl~akosV;88N<&|^HiwjJMA>(l0W^z{PI|~3>OOG+^1BNX z+7W0}%mMrQNa3-;hEP&oAdXf!@WI;tB6shJi;z{K(U&Th6E!{nEk0vFb7`v5nOKl> zk$TAUby(+(VMTOMShtdCXE%t#h5L5$sJlz&-)ypvyoZ9Kcvv1SR*n+`Dmu5C7f1w}97yKgq9tAzzpr`Ts9bm*f8sb(vUM zIsZq;WhP?h6Cs7@2^#P^qTC!$c!~!vjHJ zVBE!~(FW@*dF04I3jRSr-a!Msg^a$7jtCI}2|$s(Fp7{#;}t-;hYJB^^#HMvfm{d= zlm)mx2oKs`>n?76*+B0%`~$m-jEr>rb%&hb5?1=o3v3N|A! zuHYWRzXyrB@D`_MpyC3c79fP?FcRGb0(&SZG;l!&gawsVAYS(%k{>LaFQ$EnuT@+i zLdL!R;qQ}gS|qspEo@u6SXWmN(jG%7od9?^1aMyUwSBi|*As{U|~neS?!u&0<6OI))yGKX3IYf&D`T-8CTrR7Cjrg-{xpK?d*C zLyC$vu3NnU{_<OU*NWeP!Y5BBt-V|f}mhC8}LA0DRm1 zeEI}RLxjb%v3C5ZemUg!@Ghb550jF?>>pr)0KdJBgaDD8h3*LqTLv5XmjZumX`mYg zgGGE#V(gUpn_c~20(1W0Ajl60m{<`n)`Ws^{!nycOG25({v3P?sC>6i|HdEm7kxR9 z{oaP8?Cjs|S;y^t{7S&PhYa@qFbgKH&7$)GWl26^5&dkfAbnU^o+LU>_+P5(4W2P2 zi2NP;-4V@*W}ZQXSq$sc-ugb6BJ3Qj#||DwQnV|9y;?5?**^dc{E-PKptFH|8a)W2 zICelsKiVXqc_c@aa5#;k%!2&uKBhp)B0CIKm z1HvVX+F$pAfdvk5?icM(%zy%d`oWC^2~hVZWdd6G*o%l)Kmro|h7=uldPk&!1M2z- z`<+clQ-6^;1LPH4ASb#^7-H4rbQ*yzJ5bAEW6 zDcsy^d^ghBhCs z_z*y|onC!m+FyP=o3?-ZaeeVcISyEj*(e-KJG!EfF3FYf`?pwqsI{fREr7@VC}#2B zB5&?pm1_{?8qpYCg=ZA~I*m)#KmIye#Nq33)6cvSm2t{s(+xuVj1_%H(l{1<(?^;3`Y60=gaLZbn03S0t<*Tmnf8u9PN@)9a}db+NOutDQ8rLI`4D>}{L zZ6->skDuWwK$e3-Fq(Aa`q=Pcjhp($@t$w+rCIxO!pTY$n!?vHAWLDtXu0n_d5WjY zQ$ezeq)IXDVzme1d@N8jr{V$7uMU$dYe4V}W#6AFN5^YrCl*9*RG3*^0yz3fL*fQC zVo+fzytkM;9-Mku!e(hD^Q?!l5x7s>bJdnyVG@AyD;mzB*GiwK(KS`5$)EnQ8rz2! zUmAs+0TQ$LrI8`+22Li1Lkx}z?atl`Gj$mvsc~2Mt6L3uJ(&^#WHI`v&qkbpPYs(72^h*Bdg_~C z0&0vaEg*C6DmHe=jNA^?|Bxo;Y?-D+RNFkKM za1jL1KSos&oU+luG!9QiLHHm>;X2}j)Ra{8T#+WrFS!p^36y*) z13o$VF<`W>rv4lptL^v}@JmGf-HaS)#6$h6NT$I+k)8mY?u=qB-1$g;niWKFTPSD_s8?sLVsl1O5hS$nNm6UYeZb6& zXvUpktj5Mrp+P8b~{ zQ-Y%R2JBM`{1>)qS8!KOCNyLI^AgxJLk%$Om}o0dS9VfMe$JtbNtB=v@VT5`4~=NP zW`5@(mn-n*AfuFY_)C=Rf3wxjD#hDXQ>z%k<9L%f<$4QD^rzB?E)PW}VIa2- zcf}CtK@k2D9CnE-ILL>&>D%TumPvJER8s4 z^4pJTs;PDWsQGNnNa@H&m*zNGRjc$jc?|$2{`@YI1_lbDc{Ae8G0#gTdY;5+$xFjW zz;{yDaChs(z+$3pBwK}y#e5yy98L4CCaq}?nVjK6b7bnNCbOOKHWBg!pk0JXplT3# zp3{sE34jdTv9d*_&Es3(DKP`L9Q;m6WV)nZMyvfV1cdNAYtEIJK@h&`RX%n(!L7$b zXH4tH`|&r2GmAv=W${r;852LndNVAOcKxuxQ3g_4E5OObYsn3?a+%L8CYbg_6hx8NgSj4FV zTx`6PZET2cGBUTPqd$To@w6eh423kmf79tA>?rvyOQ?cm*J`Vz?^uydGNFQGCCQ0K zvio;+9e@K>2W=ZJ4SC{oG(jgQ`F_QtR378JSi!yMh-Ze*XE^cD0y~uup>Up<@)Wq# z;k>DXp*LYjdbsrOSv((u-aS#dzdaVBd;qDmoZb!Z7ZX?>q}-a^lJEiR?7^_3?G7Y6ChBZMdjF+##oGsyBQ=|vbApX6qr!=Q9n28j^I@9}xM?R(cU`&wZQt)aArj@&>a)3ZL~lW4Ryim2ib`+K$2W{4`ugEhd zD3>?9mCFY%L>4jaZDtCp)e#>#KDj6l8%JT`{{9v>yST-(RTzeiL=#ME@p3-3w;>-) z;-IG^PnS%jZ!cyZ2jOt%8h^&HwoWmVln7?!Q>rDs{btWUzqK$AwPLClq`j6T$kPA7 zdg;cX3;V=ZYo3rlFlI3LJkS$D&`xsX40VAQrhxk>A>KuEv0YAqgvRRbIDs(p;q)&oB**4Z>Zgji8^tr{0&#o`}&^J}Iw+?a5(_mOu3G)>*W<5pG($p(9h7 za2jnwybhc@-KEyQ73$T`A!Lp&To2kZL@3AFuZ))~29v+VyojxQm;`Zv>(Oi? zk@4$-t)KP|60ghTaeWD1^IZAcrFNKD(;QQeFtq zqlc~)EV43JmrId0BNe_z9z7~QZEtr90pCmd9&;gEEX9Q$aBNj{RrsWn zg?K)u@14_x4g(D)s8Ac$s)93cB^_mP)`u*>0^;#| zj3J2KKyHt}32a< z5Ga(iaj91koqH0jgG?|e@ea0ckHh9%%jycmyrbY}ZD3sx3;%QTI6;wi<4P;@Y$Rdi z%q7@tzh5eqSh{8Jgl{(TNN~i@%L2s+f++f1p5%S%R`1l{AG&mz&B0c^c9A^$j9RtgwH^EYJiNBjeqIxR$E2Njov->Iy$2cD8H>+w3t1M;G6f~!O6C9MBs-KJ zt@t%YJ!EBAUmOB!GuL@)fifu~`;DAG&Yc`F*Z-*V>B!<=t>8zv|G9chbFdr1zfNnZ z7lH33W!Muhl$QM$bTRGFh4*R7>*n2C+}g*4mMl*zg+l;dhO7-Tjdv>8gWwGsYs``C zrF88_V6~H8U$b^P0nb6uXIA&)nvh7cyu%TnFmrKipcBjn)59>)^?I)7c+U|q)7Ax0 z1;Ot>F4Zj(ClU=WZ(}|l^rmZIF>D97?9}bA4&9b|cq{_~H9}`lw9VQJZajRo!DMMp(>0 zUgT%v+<$(hd?AQ|SWSPgvP%{+m|%K3x9&Nl%tU*qZA7J+eTF(}C6`pSmw4^y(daOF zQ3}bdid}!IXte@8a_uzrOlGm*_0jQOUoc{wS06TeXCPc4qDVfc9|&&TGqED~*1^v{ zyO)W7`-5tl?ey2JhoiOPTJfccO2FVk=}rkOa&jZmiRYZ&Lx{+cD&k0#3@RrV?eUlQa>%Y7pLiGdq`&MZF(y4gTK zbSo%?#Ll z6+idLduJ(%#Es_9t{Y`oQoxL9P1skp_pBBOLZeyLzG&@1&X^uldAgJz5L?OKjFYE0 zuSGdimeU0JA2?PEg#{pNuh$+3-hFQyF?MIe2lVHsWZtrt4^(xx2AN?tjMI~;pVJH#&yg`@XaEZ}D zG<*0b`QGVvu9|3at!SYY}vgfbD&Sw*6Sbw*)vsptU2wJ@Xj=MhZMP$U25_)ah_)M3lh!LGi0f==@;*dbCQLs5-3>*$8(E~@dX-|} zjJtp_o($mRDjVufUb+b}XgO9SKc(^^<8_f@w$pa4X~}NM>Fp;u+QI?W(Go$x6XtGu zD^j;t>Mj;Al~{h^Y%G5&eDl-Vcs)qPEbNGiJ7jB^)#2pdQ6;b^`&Bcwm}27WN3pvR z?-P-%2SQ}wOcf3WR5)BtC$g&6+}c(K$tucv+r)cPolZ5-J@rlos?@Yk9@lcw{ZB`G zx-_*xn#u9&ocx{+38}JDvWDFDCoXt?fp#LB^@rjN$S%!2}Sc z2{ys?pch7%#KoE{8Qz>|zKSuBCVe~jLNgoR9(nWy4~zYs>>d0^%N6C$9$tI)4|2hn z<>`eIWDb^svMM|Q@;pibzkfxtN^HGSO{JGlsUgbF@6R3_gHz7cc30W2ZKh2PehUYQ z(gM)}?IRg){`%>}pXXTs^CEMfh#Wz7pU+Y5(Y*PN_exdxJzWyYt4xcj>N3d648tt8 zu)p@3QT#vlwhdHJrqMQ=(ddb8_tWS3jMSA%nh9Z=Yt&-jSeK5MXz}WDjlBG-OxrSP zy!>~ZD`Pb6KOIb1)Rdbp3$9kSaK@guk$sP{`w>cUSh3A!*RaDs%!f4%cbu|6C#s!; zX<`k)7~lumuj?Ck+efTYC_m<*da|AaN2h!cXZ|QHaFqH?qI6L&jJNy+%T6@l1TAk> z>k*h)7$baJ;r!^xM6!rXR8)lJ7e4yDNR#InoXBx*UQyajqb)JJj*F%~vCXUS3E`wxyS#a5|R}vd$%M zTtr9b$YWsTrqTdT^7toH^B~q9J1616{$BnS^v{nhC@6C^p?^~^|22K}CJwnT43cRT z&{SI4JNnwkb@Tks(>Xg+eH@}2NoY5uQjcq=zH#(|Cl7|N(dRb2**2!;mpSa|O^o*R zYjn&_B(VLd=sRm2rO(4kU%o>JH6#`_5XD4LotH{a8liRZ-;!`(%p{y~Bx4$#9T_(7 z_rop;!@%{k7;agmvSB#b5E>bgZVg|#^!`x8Rb!$Zznrc!h;Gs~*r)~irDfqxu3Vlj za*0{(F%fV@LPOb~zIZR+`8IPilKSxms3c4jxGzW@v)lhS#3P&09Nv6VVh`eGSd8Z4U5P2THmLgUS0hj5gFRk12L8~q zIk1wEXxpn$dutR8QP4MrY4urL<8M&YcGs~ZlBK0Bvyd~cz`Pybl)$Lqb8%zp*n19yml1 z)ZCR0S7iGRk2swvH>`J#Nsl%*Xa9)upqTl(Lc^97XVQz6d)cLT7Pgz>l;;2&bQUG8ieH#G0e!#$L(2zm&sJd$7Z6gUy{}A0!5{&8;`5R zvLS&0A#=RF(%hYu{PHaNmuGp-056LQrz9-VJvmAe(sFpE0?)McqQy7ECc%#wFJQ$)UM7O#VM1W|^2;MM4-QX6xjc8u=7)4) zl420=idu>ZsLbQ*ZUFC3+{jg1nfR4`8h7O6B?o*jx@-CnTM)iz%^QTP)A6&o@-V-E ziC}r&-8dHNPXhSme*c47iRcH)ihQq7UxU@C?`;(D& zxK|cdE(IGCrn(P_z>kyHSUm-1T|&f<#SWa>bUst&tX<9}J5q-)X%=8|gUw=cH6fln zwk*(SoZm{_j&kyq^7V;PA~e@{Fk6wcXpFi`Lx|1wH}$ZR+V_ob%rR#;Q#oB)JH+O4 zH3F4O7p#+(m@*%QXm^I++TBhPotJY1=h1o(b)YCy-M550H>8O8GDW>h`r>@e1Ui(m zq;0YC3d@<_A^?ZTe- z&g99AHBtMA0{TdTL9#2QIjehiz@pt(31#KoXZ6~3I?jLq?APW=@H!7JufwCvGosA@}}Z`nn+1@1$b+QdYfyHyrdAiF>1>L( zT%rHYM6h&L(4As{1ZXT-Z`)OLYB@#u02UkqweLt7(@vMzK(1E-m~HTNsYihp@q>z>cQHeZw7<+Qm#Y zB>0rOL*Hv(x@het08DIk@7V)`%_oWN;XAF`yZ;NmDGfxP`+nlk^TN$Vf_UK%>Kqlc zDRUc|OK7<_ox?LEuQCe$*7ahpMNeFLz@#_Fr5NZqr_s$4_3;i`h>HUVym082cnRpv zofUb>HmydnBpLG~Q_w5cG?(&Fa}YU2{$n)Ke@k8BTB?MSgH?~){~T=TBq^-V9WAD@ z+#R&k6j2ysMd2VgOiX$Bx|-oTA?* zW?7di@t^_osT0Z!Ys9(cN``wp>tm;*qyS{wBn*e%6lEx3%NVgVkH&aFH(1Va8@u>W z?iWdL0pt~Du?!<`FC+7Z9Q=6aCHhTX>*9!DI|6i9rfv%*v>%?)X$g1}_6peN7aKQh z?5F%Qule6pBlmyq`;H;`DhminZI(iB{+T2K=i@>JjT`f|NFUSa998{7a*`v?{a@sq z>;EF>?Ck9S!^)Y7IM|uk{^#_+$vG!G`~UZ`x6tIx?ISLw5$gqMky>j3)uCDJUo` zFB=tLQin)xN38w6cpe}!5THnzV6u`x!GJ$VRL_JYc*O9Ez@NhSz}!IrpN?1~*#RQh zH`oCI+}%VDk6)*Z0b7BPKuJkS`@h!+icbMV1qg;%f{-z;fu7suu0Y+OG5ZLLP|W)V z#2vStM2UGz!oq%jenEza4nmwmT5;io`;cN?KybvnNFj_P$amFd0StdZA1rKw!0>=f zFe_dO1CY0&&mqMHf!ZNFDnP;h`CcA^x`Yq`wQm56XKe!UDL`EzHoXvn`3>X`0|$T! z`GUA43P9R$8PfDQu}G@1jVtl$AFC@-Urc#?Pk9r!bDAllH)@wG;H1sm2C zeC+_;F9Qj>f(8$?zlHF7HNOQ6{4DAX>n*b5|4j8nJ9C|(W)wH&h=>RUcP@8V&5uq6 za_GqO3REb-xDF5T8eI6};v6)Dm+RMhaCSs(3KH!7F376(bG)4e_0z^Bk^sb1kkSy+ z!3lH-9`MG~0rf3yh_?^@4j<%~=>UKd_8Q^?mT$Kc3@VUM*dhc;;rNRQB1qyxBvj!K z^2?7LAP6K;0g7UX=oB^t^%Li36UO=N)Yt0|wnAtK-IGcP1@!g&ewqJVJA`-e=QW`J zyuV&^Vn%R&MKJSrKJ6DIHD&(?C?%kQN>ET!8V?F6GAa^;j4T9L=og^`G3-ZcLLi6D zNZv7Eh46V7;X;7z^M@MbMt~y(^6pl%>rUrf7--v{b_a$E!nNZYi90gdVI4Pr4IAmZQ400fML^k(q)I*6-d zr;lj2z3B^H$o}>7mCL((nd}vIJ%29rFVh3HgWPj)R2Z1961lJzY=rfzZ9= z)WAJqB>!d4_)P;L@mKgKQS>T*L7-Xk8}&^BXVL%&Zbi7N8Js!v!Ve$Gg8H*#hoPom!+o>w!zAfMNAe!bia)>gGcEujR zVlO*x5s^v*fO$L#oh*UQ^QNa^?@mg-N<&*@b;MIQ+@lUEu zUPe3yH{qarCA>!lyC#oJDWp>mNuDnU#jK7E?KN21DQzw=8{#GQ7Z{9G-kj=DctloH zYExw%&AK}FDrRu-vc?N@eVjZ&DPAL8feh%2)r482=~bKhs}cmdED^DrJ#>$-YBnU@ z_l|zWoTEy6$!UGSY%K1gorzog*S9*7cNe6~QFWAzdnGtM8tQ#Wj1F?TC{LO!3htkh zjLXLvh8At@!CrX64mE!7OYhk!#V=kou@j+OvZkB@)Yfc}1oly;&flYfD#{)dGejSs z@4P+|X}bJqewTkaQWfl-yamT9l}svhxVl<-*2cRQ+PGP3^N;D&2MyxKiPR}|1xLGN zmuI+$`*}A8wjHniQ;KpQq4m2g z-AjN5!6*ZvYi#QuG^9utg=-DgCnvQ7rZSN=7Y4bi$nU58-s4eVJ0tjDUKw}(EOOH* zY}AgqJ3fSMRLy_hFg)Yr^zm(edbNMtu3$f%xA?R#=`yH)SLO-PVvu+0(o|G&VpZhI zl(?MX1>m+J=BHDJj2`aCP=^)0Yy(dh)$OVI{~q4MGC z4%5{|IghAYbFz%zvV!_sit^PXc4VvhUy~CMHxlVGKWsAsm6($=;31CmQRwR zGzZYn@xAp(MGNU?x{1nMIVKU)+(T*sr}>rB!RcJ zz5ftb%>%0`FL+#01_g`O(iKP26mRU|d z+1$f-sL4CW2de{YFHYyh+UJU;3KbofIIxHaZ= zgPb1P{Y6}_zL3>S{EqDE&UwvF7ZEGPbZpgqsA8L>MXhH&8(_~|+gZMFi6)$U>vr+d z-x*Hg`rk1p;TqtUYm#?6vP=fjn0Ioz6TPd1Cu_C0zK=E*ypHsKcq!<85It%o(|rS3&cWEtZQ2$CY;QBaV6e< ztjw>ow!sC5?m+doE7V&>4{6k2##2;#BDJ#kO_Vb^o^=3hK50dj(tBQuSS;T6J)*&8 zWH8yPK*kwL<_}on0^D2zQKqW0bog4<^|$#N|3MwcLKMblFWEf~NKESc(|`bsHQ6yt zspYAm6eMh|P(&1&hJ3d}FvN2h`LayRH?_$j7#+W`M|cnC72kGpbrPKGg#CY=sJ_T2 z3Z>*fWZz5G{sa3L2}8b0S!Ec%8#+Ao-<1LN3qiMS-sF6mC|fD{ZY`RC(TmPr56j#e z_-c@QZnm#9I`@;D>}i8o%l#B3+yG72|M2R%8QCqBkG3BPKDYX8Cuzb^EebGL8@@Uo zcPBN=fwFcO`ieQj+cG(W^W=xbYi6jW55Nx+M|NLMmq0<@P3;=fB`-yFsYGKF-?~c$ z7Z-dsvx~5{SNQXQQbHR7-xxGO`7i~^XpCD!g`bEK~)$K}gP{XSH;LdV3J&8Wu0WaBY_+5sXBAJJ} z7A|~i&5{Qh;CZOB$H)G4hl%&dJ^$H=wmf1{@9J1*^{zznw_5P-Xf5|a%C_t7Xd3f|NK3sht#P)(8`--n_oYqNR z4W^n)!N)>CW86STceQhOQO&v~j;fd!4bBsoj|mmKV*pcRl%lV5I!v5+xZ!*8YpIK7 zqb>m*hFe&Von2FOZCH}PPog@GmF@7g7S#aji;ffQrQ`Ds7V;!#d*t}km*5ELWOsIk znxidAf`l%`U_Tb7CyavdJ=tQ!Wc`MzA^IiyaD)7#x`*E<6d_$bS7?r<*p*~-qtv9S z$R=O=(~jXJ|Cowa{hx(nr#9xKzOH5Dm@y#>egzG}L>haHbpP^VHb{ToF^lir+QT#p z;75!C@ea=cz-zY|(V?0q=F|J^Xl0>cJ2K48^Y4JkOZoz=ah~N;u>6nG;n8 z?=fZ}YXDQ0Zx4cLMyQEDG$7#=`al`z65-_@_bDFLVXnXUKfAhkp|9z%pBCB&Fb{GK zmPZ%SLa6L~Q6Ru-sRunrc*9tCno+|Z<7+8a0k(R$dcp~}YerHhydm$rIe)@Ke8W^n z{AcKvIUpBKg%Gj#W8*E7h@hORUjs(aF+7+2UF?&|czef|Bc-c)7)~s?9O3o`KFIi8pCyTblHdafpI5O%Ks=IE z*YUQBngyPj^_P{`m5f2mh2A>o?0rh2YGlOC2Cqz^<=OWu!+OtOa@_`PwrsW|8@1BR z8Y>h}Q3!jFw&@-%s6M=Abx9K`0W`WA-8I0n3jCw32A-_YN#Rzg4*h zWqD&HJ2s&g*=~RlS+l8raW_s9n1GT;69A|8q}w=ORB>N4SLgy zCg3V~nTbHV*ln~oY>ZVJ0KW3sUK&Mr z79`#%>X3Vka=@t2Dx;4XX#q`d|5Ansr+j9$B8;XXW6}^7C$S+_s)x7+okf0=(u?Lm zY{Y5+;IcP4n+~zuO&hl_Tja}T%3aCHfCX#ieQcjx*4QS)`fDJKC-FSF4EB>A$RfZ*kot~GB{sZ zSRKD7iI*YozU7T0<;HI6?^O=swvgE#Ss3LR((CzsUar}HS@f`-IZAcHaO*g+0t$5) zCKa0HEoSIjA*NQQSyxInx0C4mn>H@bf39~sr4J6kLSy4(LiDUAJdfFof4suVg01gM zs)k2$k4YZ&MrM*;w-Qcr3Q+^w*vswxT8pE=t{nixYxJ4f1wWIKt2r_j3~29>XNr56 z_gI67-tW@7?q5O-&q&aX8t z>gug^GEoE5pcyo6D7fOeR*K|ht)9YUHd(nwSW5Xz1lUvs@j!KIiROt=rEr@l7YOYU z4Y=-|xVm^R8)#j~0mSv9N~rD7X>(8w#m~`RkQ7l^T@yu9u^Ej%F1+@9+A`;(Z%G?t zgLsd#xY~^rBdGQT%7l9BbvL+JSDd{t3I1ALBNzX>j)rec@?cf%IUrQZQ*yZ%Vb@`n z9WH`_D69RAj4zjU|A(scbcNyy?}aHLCF404>2Qhc9((Mm8T7vpiX(9105>2IbVh za?Z0$DY?Sy+vg8;n$mZzt))6ys^XN}2S4XVRm96vK}@;LrD*;eqf=UV&m8JGb_NSe zDnW|bpO-*(iFz-7HKz-mRL=1#9KUJuoau|rO{`YqquimT2F+6sM7*JKT<`8une%;R z5hiT)ir|T?;cNy>1cORc1~RsrBIsrmGcA|QK|=_O5rtOV`N7JjcWOVW=8)%|nzd!U z))%JMpoXh)MsPT3wb`yQHC0?t%8{PO4e(eeRl$<5fr-(#3yAaR?r0$&WT@S1oaU#5 zuN;-Dg;H(Q&s|+wn^hPChwX6ChfVvtu_e>q&8144vjlBr-5&ojsCH9bBFpETDJJ9n z@)AOZK0|`2iJjwOJw?K)h^9={%rC}6t zDE-w1h012Zw!^j1zd$pZMpt`O_vz@GgR0zgi!XbsxB(JuzFb(z9TX34>H%ti$0fv_ zZYBX%Qfa=hW_hs5@T;%$zWZ6_5CM#rri3x)@1;9iT&psXExmd*>PPLSn`f3$UEy0k z`Fa`J4h=Dhrb^m2-~do<+Cz-AFn3J%hwqTIXlFrorPN%HfPtBnl!k6a7qLA-=XCa` zw`ugU?G&93kM2eCA^F zP9+AhmUIV&eKCU7S*WkpZ~iM&>0v&agt!^eG4qyIrof8*MEAJsJi8C+mC*Dx;8(RC0IyvUJMQRpj*Bnu3$U~)@33$KGQf4~TPc)N| zN!7k?ebG?1Jzh{SLTjU(_y~)E@j2R5S0Z(5OLr>=xD<|e1m6BvJWY01u=(8p#SOYQ zJe<#={)claED|%LR5fiovoFzcir(gM>hFoyAX8kA10wl*9EZdu`P#B!G|V{Z%EPlL2i_3#81ie6xkC zs3LcV4})Xp1&`pB;<-TavzFrHdWx3sU9Ckj0jJgKrDPH9~E0~p;2k=Rd;1) z>J^4B67ktyGbUntS+7hDEUjYRz2`*fY-{E0QR+ZwTiix(r|XqqTE8Hp`2tsXthmV5 zVN?~IBKoG8Mh28V9Z_(ygn^}!i69!bAZ_TL)mHupD<#?piQ9m{_TG*VVBe9{k!bH! z@KjvBr;72XgjRGZ?!;Uc%{X8z@%P`T*J9SrmFMX~L1j-t;^6M05v>dyxb~>HcW>74 zGGK0z=e1m5J!6SvPMLzDR?p8zTTh$;a2fp-u=W2KJBR2@y0Bfxwr$(!*tYGYV|Q%Z z&KujdZQC8&=IL|R`p@Va{F7R{X0>)zO`d(<*Og+B5S~UCQIrQ;rSS(9z+Mm3X%S|U zN+#ObRO{MfUOgA!e&jx=x}-BC%q~eN>(uk?dl$ZP1AjBGrLLs?)5(q<3ShUt&LsQe zQ`}DA537qfj_fB;>eUD0 zCdv8>fVbWj4KJ)k@N+boB$ z*HGULrqh{HUQKoXsV(zyYZ7!yWS-WN5Qcn_5XMlv`w8xELtiP=N)OMU9Kg(o@1Eon zc*Mn{m=?*$RUiIM`Q5_xf~<2$MbQe8tRb)Tx$>Fd=e5I%>Kot6>*3c5Bdtio84E3P zlXyRZN1rj14b(XGQoB|<|BIcb?4B(eSC^Q0uxF%c?vzU>bO=OrRN;iiW2JwwgnJHkv{ny2Z zOUn$e79CZkAeeIPel@1NHORHsdjh|`i3gU&X9~+vLd86_Ps4q8Nags|5JG2(+-K?7 z0Z+Zg_-81LnUA8B^etZ^4DObS<-6kXC5jz7P3ew=CM!e45{XTSTU_~h7zMdmzKnhY z{DVMY?4UDQ^KY=Nvt9@pN}*H)fnF&FQFvc+N&EpUe))gRs&2b3xO^Y9{X)Zy0y4{7 zU*CcGk8h$00rrK*TlYnqiR1q4PokZ9Qrt~Il95o5?$tvRwTQs6=a+>R#ocpOCaseZ z^mTTTY>QoX4q0xSIm{Zg=v?a+%|-b+PcMQ}IT`~&5qEMB@*vcmM3|~unR`1l1t!5S zz*TNo(3b@RPrAglUlsoC*a98GxL5r`6H*b#44_eY`}y%Jld;EC_q;|t`*=vI z+gSuK4v@VsR|%bn&S98SRkY&G^LAFQBAkas@i121&nxkZD29(ECEQd}&pT76$BG)f z+XOlY3u$YaOr=EWa_XWaz;dwidRtI@!lGUlOp+$cK?6vCUnWL)I5QriRC)DO#%W$r zU3NYimX-NAf&H`$$=Y#?*3{)zeC@prQI3E);s9P;IKO4u`kFGS#L|-?Ng=o0-$VzI zF182S7h|z_S>Z#_G6&V-`Qv`0wK`0nG=3;(rnu_8@1k18=?^?sIEr1j5`qc%ey`D# zf6JaW#%GOfI31)rJ$41o=qO?mgxzh6F3vD%^N}x7exPm*#+7EYp8!3e+_}D^b9mX3 zKv!1bX~|mORfK*X@W~DWY2^AyKEUbZnfIuDQcf9LVOrQy$eEu7pl|=;hwd>g&Q(6o z&WPH~ngCwKKge}>9<09{Se@T}jY2$n)+03>-=9qEnzr=k7tfUgEuOo;(>C_n*iw-^ z%GnY67V9v`qAK^=>%@0U@Ki{pdT&y4uk6_9yv^rf7+|cz(SPC#oNj?b9BK+v#nw1z zC3Mk>lbW`3*?)hZpVvSeH<)@Z$2l_4)DyR^n+tXUfL7o{{Qqt(!>8bE>TZ zt?zQn28~^eidi)N_YXIuNU`IxC{-+*DR|Mw1v0O@!m*fY@%uc zeeeu_NMT~v(gTOb9*?x$d3nDMPldE$+Z!wj+l0X7fX0wWlOa7j50k(0tUiko{BkU4PCR#9ES#xSI2pX)+6nXaH;(=>G~&i=7Wi`3C(q zIWGs%rUXIA)+=;`K!dVc(43*a(!Svz4)HXZjD46rt@rn-lrQWpOqKiBdd39saC(It znGt#_{kNRxQuY0jWz};5gjwNbDiUI!w*ZgV1g%o5uwmAZFvuFdOvR*iTYAkKw{Vly ziv0J)s0^*!8h-)z)$N|13hOgwmE?~0;;-|UqjHk1XY?DLHrMK68#+|AUnZOWxqsY4 zCb#wxK`7+8glFxO$s~SJ9cU2n9b`#hPa;jGP+_L!+b>2iCA>EjndTbbHU%}`N-i`+ zWFMGruJx$(J?F^YBtAI)ib_SkUqxeg-i(yZkTPi;^Tiy#0vyVVX@?#>ZZ~^P+-ha< zWwVC{md3M#yQNZwwXz_6BwEt|F8yEaaJ~fxeQ3Th0ky;uN?ByG;H>Tpx9>2nm0I<1 zi^F!>Cwp4Hz0(AxqS{N5@pTr~_fUNPJOn#hO zHFZ>`Rv?2*S*Y%x=i0u3z>DXn(_{eo{F<;9WzBQ*+Zc-J@YZRn^7ShuzT~dbK7w`u zM5@kd;ypsiD&B$ld*j&SALl+eqmJi#l9i4hLz^FrJ#szh2tGXpLZM^Ey(+-gRc2CO zKpr&q`75u{g4@hZt)aijfpRlsI>mN8CE{)qSkC#@1xL91lM)k!Q33kG`W!sc3Q^r_ zv%d*vPO$ewicI;SdO}G>p_1V+Rd%AVi=tI-)iY(DW?Ma9!0}qC&Cmgr8WAh5V-Su` zmRH9vy1jM#yjzi(1b+vmWG^L@vLA7}92r+~M&K*6Hrh92rCcZH=~dV{*EO?|n1i8= zkhAgs{kd% z_yOLC+<*L!Gzly7f2Bz{Isd;Q{hu(MnTdntzv3j!EX-V-|BuA*zYwOsfGcKQtU$o2 zRJqqHXYc*fqhBks3HloXqv%G;IJ!~m=e1$JU_{EmqPbBuwLQ#tzi@Y+eEnqHWKEIH zHhXVhXut607cb43r!)m>`X3U>GpWmSAQ1aERaB5rLiz^&`)Nvc2Kv`gX22mmo0h>if>5<{197zjXL}20e+uK_0WlyT^#5Q9>xKZa z2)fmw3#P#5fjNQ*&HpYYp3$!{#MN0-$@$?0!J@+k&JGOxr1NVBCBql0F_g(e6-0+> z1n1^AYXbWP)I^+Wh%|NKC(IPSHefg-e0fPgKwu*%L4`ZCEFPTzz6Tt-4$>s37+=XV z26NkK=8rRn{HS1U^ScQMUx(?@K7?Zk=NR~(K0F5u!B8e1^>KW7dK~5u#(e@|PF)qa zj3+4jn?wC=(;xhH_Ae0EI@b^GHQ~)}K%cxHHz++laqNsBC1YI@d>_sw5J=f%d0juR z5gkxo(z3ls9w^%VA)*UpAih6_0)$@*0@#?86^OqA{`Vr`(gOM=Tu_5hKSHmU=@0(# zS-KgZs)#r?mWUDy?aIxE#ZV*uXtCX^{)bi9i!wYcY1S{EeQkW=-3?dWZsxK>-Vl>B zzFe6UYhJpO@Zt-H&qa&I#hH`0$h7_q>006nh`8&esa` z5V8e=?J6$h{Aíw? zSI+4u^xo^&+fC9q>R=U-Jc9mD<`28^A8dAV*WuNvpQcZP;$*a;e=LTHX>h}%{Uaa; zr&}nX*Ia_nZ_Zcg5XL;W$jUNJJhOZVPSinEHvheq!dPx3% z4N7pGZ=E#xeH_32jz0_-etv#`^Gy8EF8AP_Mu$wmv4A z&0fogR^6AE0d9YQAPy4M>kInB;c)+*pNoQyx#f>bj9_ltTPqBdk2d$3LC|N6kb=xp zuj|+^E#WF(dqPY`LZH)gm`7nRoNv^9@K*=^>T>k42gX03YwOuWb(ENWDzm;o*5R}p zH$o54AZuoRQQyKKx*6qM+GqTKxoORK+D-`z?t z)%^tJfp|_4Uz1nfd*g4Q*FSsob15Eb$5rTC`~>xZcwP}-RkOYbZ_ByD1ol+;Vt)oG za~gTRfOD+^K7n%^cz%F$@4uBGPE_}o?%b7+=NpEpbD zzMZT%(`z2&MP5KHQnzf$6-Yja4yF@VZEM0@FzY#l(MNB0l??IMCkwZ4@!X&0nd{63 z8*~t5q3%IfddH;M&?szutSK(W84F0pyXROX4zKUR*VLuj*bk8D((X!jWJ6?yWrc-c0m}7kmEFb4RA3va6 zXhjicyIXOZRd?zt&SkSfPE{s<1jgr>qq{UsolH-El(<5&(bH}Ww?$oA)bBb4N@rl9 zO^O<#8EvXHTWei*4;8)rkZMBO9TE{bbEKYQhg*GPU6;-lko^?ozEe^7w()9vOG;x4AS{z0kQe&DxvE);vx*bH2cn&AvR7L5NC~((iV*FeW zJm*qKe^O`}6-y*B>UUgqo4ht(!7{&Zx;he1+8xhNL_>NKlVN(`@^@i=>f*JlTAds= zh7)F~n1ywVGWXnS*CI#B(muRNT$s^qeK9hAnBM*DFHkPuT3TGTE*Bk=tK&J4Uqzh0 zZ8L~fDjzG(B|v*u+1MLE5ukCcJ3D7JNh@bom>F7dk_8<(&^w!)?8IV(Q!8{_6IeXS z3FPP{_?;j}1aVP~vlh%TEs|58XM78hAfklON6bmWJ8PpN19~0!c%6TF&2x17GJK!+ z6?^MrFB)0NbdEVXNl@|^RW2K!x`e-CkV7J3FU8{YN>*-l{Qey4JWk66`Usl;dUk^h zkh2de7Cq@`?5e^8m+qb{7ObS0C;>8}%?T6+>|^e_hiG!xZQYgAryQiG9tUT1j~eiE zhS!WdjWj`a(JW-^-(ewvcED-h+B%Lb%f zwyoj_IzI_N{gldP=l%=@ow!$xLa}=zCyC2hlZ7Mb%y)uaA=40m&)UIwQu?^5Gj`%8 zhkH833uc@TXe-lA25d`2;(*nwI1IYp_)mwm=RhGL2V8W&z6e-4)8+S(T3k0TmW+A| zSs*1H>kXpe3-lUEj;4S~2C?lXANn@LFD!6Q$FO>CcO&UwF*FqtHOeMAbpLE*X!xo=LWIXm((lCaigh4F4sd4xk6Z&r@ zza^K@904F3Sp-eHU+>iQ(>3B1%P5+5Ym@No%GTUMEq~Urq-t5|F^zJMbK-tttA@MB zfMRH^ky3qL?IFj+JCmlz8aMUGQ{$!xywh%zu`1Q<>LvMLMMc^@fy*aZDXJDIbK zX6*mCi?G!*gS8xzLIK@55zprHB*XmW?=y8Pu>0KerW&rv$6A`D+X=CTm&;?PkJ4TA z8upx$eO&)64*Tk{$L+C9Ni==*G=HzmgqE+>51LD| zw12PE6{3j2WMwsZUi7dXQrhP?OmtCACgxp?X=WE@h`kFGz3M;X+lc#>BO)}T7&{-# z65%Vf`wdB%RIu`~7L3a@lq%a0Doz-GuX0k&#)^7(Iym91F++H<;a|8|192N8o3DNI z%+|t{o5_TA%(a*T?u=)?@nV})ug-gqN83rzyPZJk#JY7{Hri=bai{qtM!5 zuvl$|PWQABY4PBQ?-l1Ys6e`MbnmB&+9@u3n9?skpi@G`og}M9q6p`a2*|>`+!?7E zxGHyUCNSGFUTgd?pQ%zou9cWkzF%8nR}>Wv$?3)vYl1$B` zxocVFEv5w58ZZ5X(~H<$nMB*b012 zbr3!6oX44pAYy(Ut6}Zbv#-3wzf0{t{E6Q;V$unf>PQl_(R7+{0sPeI#)$4*_gVe z6wQ&PyKvFB?3MId7bc@O2t~dVlSVUj6tKZ7YwFq?TYXmA|z&1CQ zN;yG2#5KTN)1}R@FJ2K`{o6L65$`wGZ@w$)n_|{r5U`g&QzM!J@9Q6xveK8IWtYQv z37A)$)pcJTv%d`h%P`{Tb?NeLiT;^A9rww8rZP|>9*%-#zSya6zs|>MJVg);EXsXA zl0qQd@nox-HJw45D83Ouqg%hp~oW$sD>2q`RQ{X)@K%Z6PNS6M zhC8*kw_I2IQ?{tp9m_7y2DUZ2-pAq8rJsqd8GQ%bl>Krz0t+2fU355v3OeXBuF@x6 zmYaJtsp0};g{n}RI`f#{yM4vm-tRBwK0A>FB)%^BRt#b)tP@Rk6rIaL47}|gTR-@J zM}hTdq5M-f@zcABFci=phIkg(*o$QjDlIis*LSrKH^LIN3o4nj!Vlh$*OfDH>Nm@n z4^F+^jg+&Ys0|l-X{b)NZ-XM}M!S3NOfQ6!t-CyMFzR5dmMxlwi)sc`(liyyZ{=6! z&!7;xJpjuWzTQWp1S_|-&B7c+e@)0w@h2M+qogJ_x!C(n_8c_^c5!CFjpIy?!bW_s zgx5K0(h(^{p`P)se4iQCX+5RQxlF_?`Y^^6|LFsUW;F9Kw!@W}*!*{xq&Tre@gs-5 zWN8I#6wP@fk3*o4A8zVV^1)ufu^<48f&U#Lia(Cf zDRRTJeU#)o%V>|fnd$o#A$mI8oLojU{q|rW0vXJvB|Gg6eZo1|Qo}ey9i&7pm@?2w zstK&}4r*hj{+)J@h}UptZBphSHu;_xs>DK zo>4W0ZNVtiu8S8(Fyy@6gF(x=tqb*$oqN%A4`vkRdh#@qQh|;)YgkL-wn13+tW)jz zOtmo)i2$A^j+RB1*#_c*()q=-8H*NV=V$8ZLs?NULWdwR<-SJ9BwQ^ek|o#V()nVw zybRN1AQtZDNox6tC#8HxUPnte)VeKbLSayA;%_wT<>9nDKiW;&q5waV%=u2ch=MCm zQTQjB3wc`>%UqywDl?^VRzzG!dn1@kc4)EA z33G-RI1R(EA{X_O*3*g6Z}tQXT#K#b0=tINOs{cEDmX|Ml7Xi`>|eQA_Ub*UQL~HUo!AJ!O`N-OYH1neEnDZo_7-p|y$*dOVM~p6u>5r&%pJ`mjINuv_Xay6ygu`aF zttnCs4X5WB3Z$@lF_vwLmeI$B>wG8K?L2=GR^VNC)jGgP*;)FtPC7w$45SPEBp1-J z@NoQxSh+=*C2N_@q8RZmW$4MW*)kL)LYh$u08Xf+?Oh{-70|*x>~9HvTWUKW6;-9E zvUVaIm1k7X67`T!O=3F*w2p z3gMg24{rsUObtZ~huayKHNDPj8LEmn@(=pw%`g~TJ5GEWOZ=``E|!4rIRF_pyd^t< z*+Iz-<>r3FQg2gs34==6^Xg@J?+Jih`uEB1D@{Hte-1SkX(G|VKaZP2`$gnrI1@y4 z5kVH3*)}GAvG-?&W_wQ;r2upAVp1^JYIeCuV`Z6V{V_Ut8ns~GV2$*#&f=CBfYNG4 zf;Sv2E*WTW2p6^PM;3u$O$?*HO@4gF+9$LnK?18^mVquZBZR8=^*E*#h@-cql2uO= zU#{ru?HDrxK6xbZkt)whP}KgM*86!jr%|zsy3+3FLScrSS@Qew6Ie>$vHh+O@x$NvcCHufq%rcw(CGe0=hLxdkqN*5gl=TJyGZ#3p7p83eD@7Jn6IgqP@^J z0^7Af4DFVAc{K=GV&3~{IE3>5cv{yA`U|F79|%qt6z#VWWw&T^Rg z=6?0(_nA)}27PT65|KmeoYMk}s`YE+aJTz|S6}wfYKfgxY*vfqgQ{r5SA$qjXIi)v znv8PXcMheST)wv0h=$dk(}IKK#k(Z-x8<2HyJFR>)MWYQVcL>8#SSX$<$ce>VzN+d zwS|LXC*ln=NdHF>VGgT&x?PHlpdRZsD3;m5lyeJKV^lymoZq|4i&cY;qZ}h!=ki>{ zRzdS2C*SE=PZfJA&009I1^lmYE)R*F??EoE+x0jy8qOi3Pu5|=!wdtrxI-zi)tauW z4NO}hqXJy`rN6aEw|=Mu3IP7*Uu#G43$%iF4G{%)d4%VbMVmO02 z-P_#D3wA0{fOVeb7OpHh_&@V%$AXH*H0)Ki*N3=qdKzc!=zeF(nDl|)b^5!oL_tZ5 z(M8S!07kCUlPc^?_&%-=Obg|?yf)`KY&j7*JY2oTwQ$i4zr!F{ zkOjKnHoS9hWcP^p##&NXL0O>IMaXiy_cb8T-f(Q4t26>cQeZ@>t6p)MEMc!DM?(0I z4o-fg$QP!#`Agyaa{f8jhRf_xg=o0fo^>y4%w7)=3hn=UkedED$b4BWGOqGb%OP3j5f~pl|T9 zY+C%X$GP=s0HzCd092RqhUf&ga-v`*m~i3?vQ3=kw>~{X8NBkg9GefyqbPFj+cVV@ zqWb*EzP+gd2Ruy+!Gm7?7R~wNT<|Dww1=4wtbnvpitsg{ks$!2I%um~f{(}~m2mMkeekAnAX>8X%@v0g7(coEi=*f_^eHUM!dPF+~ zwJQ23g;*BnojCU|A+yspKDOJ1rtTMI`c{2qX9@!?zjR2~bH*{p2=af^#$3b|MW>=x z8cCDC+WT7a~ik?x|5XiOd&$1ewITHd?v`nVT(a#POa~Dg3kt zGNfXhlUJr`DeTL)!!k>lK9H7_@D7E-3}B|}JY24b5v=b1Fl1KDtMts- zWX^3!+dprAio?O+NPs#)E&Uhd>&FV6J5W$?%Uha$MhF|HsZC++*MXUR502+QzTNvP zw1p=W z?jq0oH~+(*+8y>}Do(Y2SB3kjz|SrxpzVX!8`s53^T#^!Q1cK*^))8i%EGj#eqGP% z^aE;1T;)(1`Q_q7o7K#O?kxLS=h6g;#V}x~6s|Srrn7*#H%^XZVCdbi8pD zj`lu+g(PIQ>28MSPHm7Her^?beJ)a4w{yPs1$%G`f06pqccz8vWB;!(GdrpwZ5VY=SCkN2=^^6y8Pla^ zy2|5Kj<-a5tzJT}Lwu-r@3*fj*sfHCXOD9%h(W+0i%IiLPM{yx9%VjQJud8D&}2>W ztI=_rfmx)&+fnTWmV9!uW)BK4%@9aVMu%|V>te{7p4qev{Li%KswUJbkgzMDQB`h< zlp$_+%H0L7gK;Y_`MQcbt!K>8KwTJ%c?oGq^`1DXZBc1S)k%nqXZ6+a%+X5Xo=)D9 z2pfUjBk=XeyNFChS#STjnv9*QLS0KH5(cx846-NT(l%(DE=C*VDwk6lIIfmf`n!+A0WPIZbgJ~vqZyXFDgbR?*n z_5nNPIM$I^EQ%!S&H|m|uzAj|-S!enQt_fk^d|Jgb0YJQ0-pRcc;O0Io>kVJ2Ns(l ztb(Ox52T)G6|Hut*urVPiFB9}A6|WvfhD@r=Lg`0{I+fuW|bsHqdNZwV%fF`{DBu) zQndkfm!h}JK}ETc?}Ndu%kpKR%~5y^g9|N9Lmo`&InjSdgmmHjMDN79*6PWEb#W@e z{T?3(5Wp!-%A$_N98V{zFVa%=3E~J*T4Y+vPuSNN=MR+}UChmSM2a8{FF8v29W5R?b10)JU}bp>Nf z=lcB@brm4e$VUGp(nH)2JY#NL+F5_-*y=taIt*DC$e=9d>;`@u+D1wz6IZl$gIMRD z=En4FQ5xj2XT_&UwA@cMe7x!Zi_9TY*C`foO|bMh<@gG{Xa&rX4I|%ZZRg4JN6P&T zOEZ%!g6jT+3-97@_^#<%vwtIP^jgg`#s;CA$0eK}!G_O_(O6Cy4>MR{rS%_ItU*11 z-<~YYlDM7HEGi2;riDSl8}o&~|5&Uqz`*`Hb(9Bz2k7EP$64Q?6*^t`a6H2GV)G!U zqJ3r;-`j3!Ngl^cOQ$k6#~8Rc;wna2Ylr}D;T5ELArNXbhX1P=XV`m(cH%q=AvD#e zla#3(xTaI9IC8FJM=umi3Oi-QtZc@N>1fV;?q ztD{uD{znan5*gaUd2;Q&Xmm&>uEyS7)l2cWm#FsO6Rqeo7_KcCv6DV`)jF`!GK!n_ z5miiCGObe5y{5}|G?s~mq88pdJcSDqd_DRX8D|{5)R8?UQBc*ro%mnRooYt9T8Ew}q#5$lSafO7yG%)io3^5|23KXz`W0$FtlHwD)r` z@m;c<3d!E$J+g8YByRIR;ZVF?KiD2?uX=pCYl^4zfbBPzRqI1G|ApfPGw7sXDDOvD zg6Lqt*6~e2%4M&%Q-nh6<_u6v*zK8cW+JEM9B~w?_?Y3~USqbG3}*WW$uE*mbQ3KM zip6->l!bfyO%q~gPy%&iZ^%N%CJ7Nol5mi!VrjCGU;eQ!H7&SnAZ5*|3CAC_x&bo!rhKq^W)uR!nlx}H*y zoQ*eR+jBZf9Nn{PX?d#zeDn>Ake{QtyQM^tW;m@(zo+tYMPkFYp5V|rHqDfCqVuF2 z@j5YUteR$&HYW*jy8bZGWAb8yyyA4?og{h;QEIzxE$I{BFi81V9{pmV8-t@e9fpF2P(9iMS) zS}1vL{wOo24^kkxf1<}xWl|m{RY|WpI9+uVm!*2(atZ>|3p7KDxcsHe?Nq)Hreno% zPlHnTd@`fgpaLgF(P|NXBQ8W(yo(xz3E2-Mca%A#%tLmeZ{76Kv1%KLEnY0E?u6-rA@3((YOEG zL7!ChwC!mVuhfTOfvUz4f3apB^-li9JZ_3HG#{bDCxoA>VGEA9HpmmJt@h5*sSnEH zr$l}52^lv@B(5-IaG^)mz#n(4_W;>9X|lK{laF8Mff>qJtM|dq;G=OSI2~H!#y(1LB-A8Z8>M8%Ud z-sG&I>oF&Cr$)K>VXV*~HVyWwP8N=Z2=ncpo-~t>=T*sGhGmnQb<_{`PeJb+mAoOSM}Ea!}FxQ#KsiePKS6{8iUf z-pFJ$+<7-{|q!N?AB{ z41fL6zzHCkG*;^w$A~u@90oZzs3>Zljp-#rBy$WXyFYN+LsY&Y(M^M)?FA>VtYzpy z(}1-S^D}F8Lx${$=Tq=(=?TJk3My4q=Up82QOqJ%##bZ2_tk_b= z&VLP5$T+qsI3PUy+eAZj+i2@#NmQlY#L)kUvyI50CyZ*KTVtuNXxRtD>`ehjJaH1= zK6ifKsNZViG1nrADvHoqbEc}PjjKN3Jhe0b!J#jQad&*F_#`v@-B2Aq!HF@G(j2!t ze}6i!pL76DaODbHx9rEVqyN-~lF+qsaz7vj2q{B;Nv*J>S0ND`E-v;CE(Y=8}+9r5YU*V2q4Y%#+R3%H!g#)H9UCF`zWvPW7Qw7Fb@l<97Q* zR^GkmErzp&I8BGV4pz5R<(d}Th%~?L+`-+H{YU%h6WeJ%`FM)T!2R!zy{DBN&1d`hj zCSKiXy-uE!AlWTJ(YZI8?I+xX?~%~{bz@C48hd%4&H$XX3=|5x zt?OnS#f=PC8zlVZp)Lh0idc-eupVaoGh2?f#0WAO@j;(yAjWL33EANrdfbQsA2;?= zEWG_YzU?ANe6vw_%~|0+z1gxbRH}hm(+zF|{-$R!&69=ugh+Qmv8Dsj1oF*H*(5dj zB7#jquLhRRVnx~hl{-^V+Rq2C>)<%K9ZMXjx1P6WN_0qcfYu#Z?bB0~6L`44{~k7X zW#~Mi;-OaJay`?FfP!B5w~$m;#5l)>{(Lc`^>+`$fKHj++|~l?Tl8_gZp6Xx_sW+ zF#><37cGIfBc>p@FMNXTA&(;6gg#Td%pj;b-l>t5mN6!t1IKL5ZF0Uuaw;F+;g+F2 zNs|`bmAq;UA`1cf+cSpgUNgj|qD8vMzx(VBd5+b5XjaDVZ7?QdM09&L{3wW)gtxA? z_QD(K}3^ITnQA?;s`TWH7opiY6 zNMRi%dkW|^Qa4pfnuR-OOBm}wbbFnSzR=|q=;Am1WKYaS2yxY@W&PI&#a2}OTszFO zJUtgeBfTH$R;$%E{jC`JY1W<{oqRxxA(*38$s3Mx5#8d@>i|`-xxR2&ZTR(A=|}vl z;DVSqyeiz_mX02b5D*zIFZ1jX6v#4}dy6P)*=@U{i5xo=%V_SYF+^yTRT5wu1S-MR zU}1tqnn8OkwfGYUKdcFqhOh$_LaW+~gzc;b;!ONDaYk`CdYO^vUkBS1b@!uqY-WCvz|M1E$0dF2smEt=)Sa zlBDllSkbpj_}V&901Ps(Gfd0`g1Gx7BgJ4yK)o46 zZO@52Se1FVxsRHLj8tPd+Z#=*@gkN%;E*tc;h%PIO`OC1d+iO!<2KldH2qL)<8-NZ ziTYS_lvJwU2X8UiO7%{PsrIH(uLpd)D3iL(F!X;iKa1n6F#|p@C3r?(avgtr-5`zX z%O<6E;LBFs2x36V*&np-@m3X=7fF;n(DZEK@Ikq)tGg=S8U~?N?k12m%}bXJ9-JX; zfbQC|D9YK=lHa}|6<+5viK`_er_o|$O@Hs-4h}0pln%0w)ll4*(0@V7`AI*Za#^WIj7vy~X?yF;%b8 z_fzvvyLYw^jP?0&7Q9UJajQf9JAOMg$KTOZCZ(s{lVBPA^ z?Ikj7_sSM)kqyuXJp9d~I-}-%u{8qRsSOk07~`*UF54=uY3RffnTc?LHvv6U3kz`& z8OOxXJ8ftW(hi~&nasxael4S)A)FK4S_b^nE-SnW}@ ziy1S!G3)7eq2lp@QmY$Q>okx}v57Gh%vEB%wgRNnw2@rI-3~3KSrXiBa8xZXoXK5j zH1%jmOT763MG3VB{Z}X8A2X83-q;F;m-l~S|I9?pZ0y|sbN7!h$;|qnZbq(uoq+$f zoADoEa%ua$#wG0#5(HFob#8kbK9Qvlh?GeLjwr@OiW6jk1b-piCCEim+Ko!jZ|UZ< z*LkMfdb`uSdiV0A`m4uFV78=me#t1UAyCWz$Vick2NO~ei>R=qWC#)n#DmLU&`#FV zQx9s3;IkDwNuTiY5+pz<B=ZVcWST=4*iYB0|bQ`QqZy)cY*XawWCZMruVh(g93C@nr7X!FL!KN)ll z+ZZ|!WJ%CLr*7~dHkHWBA7KgwB-HCu0-8cehigkIJ!x@!8vuH^HvsJ1f^1<9+9tBs z0%ThUyS5H*1OCd+B#3_q^v#M5Nx>($im`t`S_9e`+8LDH?=KO=H-rM`>M`XIq8$JL zj>`gdNmd2Mi8VaUHCz?|w(;+sh3FgZf9gH@p7~aT0{H^KH8cfta|PxRAeH^=0~jMh z{2r@x>N6Nz2O=t4t`&^$hP`AaJcI~b3!)sr48I!RD7K{V^=F5pHW*tJl9{3AV z|HDplQp*xoN(b4T7{JZtpYMPd|G9ou2p%5>uM5;10LC!Hg+hDCJ&!Z5dm{XF zf18P41v1$qeQ5*gGwA)%%iv#_gn?*&d8Pb(`Eru3q_L8=Z1~Q2_48R+s9ObMBmf5D z;Uv6GsOb_03K$KU^;4e*6Z*aec~z)DS;B$X1NlCCzDxgJuHW1RGkn*!m%_ZFNSMO^*iT=pyd+{OB?ocM`4{MnB0s_g!<=UlY^`S}aMEqKZIjo?mJ zP5Y??WK}1DE%?K;1oSDL(u5o_jAv8KDlsx_vPSmctnUfcBEu;ySw@d8$@{Y znCmkpL~o?t>oPh$iU`Eb6U56zSo@892i(<00B!~D`<1m0B#%G^_ni*np1lrf2=6@d z={hY80wh1jxM)B0Z=)Twe{c^$9fZH(VL-U9egfiL{sw>J9zr?{_znJ?&Mhpjzc~i) z4td)A7`(o)0z>pd=ort)4bq7P>Z?IE>#9pDwKdvDhZo=#>-X%L6OMC=gt<+|^ykU|w~dE$3iC^iIT>hqqPm{U&o1=2k&A8~pgv zYdwfd|L(&1>YK=H?&lT`tsBJxt)Qe(s)qdK9fEzMAJDtNGuJ9OC$>)TCcaK@c<|~0 zl`SY=bdy2Hs2%bx%y4b{Ct*|nU4;=ATzH(X@;cG%_;AwdNoDhCkxvB&qqL^Vvw`99 z3q&o%efKf@G{AlQZ`%Z+BgJBI{v3J1sxGN5${ew2X8j$mK60QOyQl#@V%4+#ff8<) z1m;yz4fhE-YiZa3;S(lhn&MzkV8I0_8`^aS9t5=U+=3PV?V-jY;0;Bzh$|#dR5m#9 z#jRyx4saqvv3eN?KePg;?;16Haz_w^HIsYY(|mitAWe7L{)wZsu>K}RGoBIH?kBc) zJmR%AKO`tRqGM7Fclriex2Innq8?MvRSg(J`|Xg;*x#+#j)9Emhbi-n0v>VgT{Qm!L3;B@4+*L+WkK$qOV_MZmvqY5)Rh}! z2ToMX1Gq)8(lN?il?;!WRLeeWldIJp*<4YH3?)&BVRl2ivet#}LRVGon1?;+9a=ZD zPtYgEW!)nsh~;7idLiq@`cB3zR~6*FQVU;7=a2Yc)1)6q?J^f2NyRl4rO6d<$$F!3 zCfl=>>$vg966u4&$2>@B)AiN=E2M?XM5#3D>gHqcFSA6 zn7zWlHzsWlGX(B<-ww6oCV|b$*%Yr@v9MOCq&D+2rCAa`u-KVY1*ZU7kCV5(YK4b{CK8E4b2%&4AI3oJK7j2^Cim|`3=hnE`>E-`HCrY z{}?84!>!sqPVdGG50evkmvM8-%uAv)%}}E9H&oO3pzR$c2aM~!esFslKe!_>yFCLBfT_*b~eY%GSZNtcDNs zcBZKaN14eww0#}pa3%T@0D->bXQyf266OC0ZGtEM)rfABNlq`)o;Gss`W-~12pA9? z{aPGeQ3%#TYKcV|fS-ANkKb1+pl3nam9#eHcuDyvV@N9JjXnkc$MU$Hw~8O(1*n54 zSHPS2f#L{z`WUHJw6q*R`lvc%m3Eb{g)9hU%8CKGTfKoD`PcT}Kb4;KK~SjiB&~Qz zSj>Qn8Y$}|UiS2eky>?YF4=R$v_Zri^p>79_)@yjccLCKbRDUtx=z;f7KFtzN<;w4 zSYwJL3t8t@&`L5#Z?>AP3GEn7lQ19esL)R7kr5lhTUgJ4ywn@lN1e*ehG&eAbGd7~%1X>tk6MIvgq>yh*M7 zZ@syF^t2QR4u(XyyR0eb@>YnkcDU&L6M&K@-uA*1e4F-mi$A_QhB5TcpwVn2{7vq7 zE-#?;l9daojjwmN#)-Eb-$>U=+coPylNotUm+!I9Kfu|HU{!?Rh+oJ+{6t>ZcQq>u zbB09d*L_K8jA3d!Y(P`yb-0;FD`<>Fv_KE|PB<~kx#VFGF9E^0%@&w2TzT9Ua@l@% z^Sb#DU_^JpLocYCpSJr8?MyDYOXkh{PM10L42SRgk0zI_A5EO8VL;nI5h=co{S*Lu zAs#)&w@0S)O}hbqW=!UTv+_hSx`*SjNL`U!AuZBi(goOmYSDgNZ+{pM3xJaQ^5z{) z6vs$r4Hj1SIllbP9WZ%-@$2!!e9u13UIw}tAH#-^;fiP1q1Nwbu@;Rjr=n;oF&jS0 z#8q@=nRDXiK&KN8)_Q8}jX<8;Ruc|frAf#}z~<@i?Uro4LX#ci3p#w-BeZWLhdo_dq0+muMs(C>T%9b&h0 z5dOOKGHglz8;Lq-->c+!g}bGv3XOaq`L4WbhRao$aYiHi$752|?PQOizs|9HCJ7GV zDiZU<(W?J5eZ6afUu~FSd{w;0eG6S!&^}(Oyj>=>dyS8rGt8omN9yB2&rvA}PEqwl z%w@G`#%lp0iYxUCAgnt+o>H|ma$&)?ThDDn+ftXk4qlLrsCa}>)MN#HYI~?)aq8_x zh&4ZkLulfrTefsIOI-kU_bR6vJap-gK#2*lyUMMjf&e5$1(^qG`LEL6Czl*VaMu~E zu(@smmSQFb2Q@5B`C86YT}TQo$wZDHTx|fG@l-5v^{r)i;5u zpbtbie`7^Uh@a(PE%kBcdS9f9NSI7N?&nmqg{nmle0T6g$`~sx34>Bpj^bA8y9Kvh z{3Y9NG&#vs*KHFA5k_=7f~DUrEE=+y_G*Fg<-9B4c3J%)j`Aji%_)C3B$(*nOih0A1!cFVvQf(d-+Ete=L5ZAnS%yZoYL` zRh%aBC@A5nD^rMxQKM-}HWI4h?dgWq7=Q;Z?(ep3E{1=sf0veJX)96s>>+e09Vj@? zI%4|;3pWq$E0;%oZc;%kS0cLuF2j<6wP=OGpK)Ed9O1O0^%V$J<=YF?=uR4++D{Pc zS`m+3bQAq)}Dfos>8*%m)BjOAxP7(^lKE=XV;6J zS*sd)#p({xxEIgvepTau z(!C&!p?<3C4a4~9>g7Vf`l1TJLoZ_>U>^PbFxN%dFBO|!)wL?E2PSp4)cMw<{KgHf z2Ujh!C}z)j0APv$SRj>D3(O*+izj9K&4`re^n`|n%jX%9pZS(O<7j)@$}t?mPE4J-a^{1Sx}6I^${&kX639Tu%57ptfDWhHpkt55#~B1htSV)C z`vofzaw|n1$|-Yx?@+Q=P<$e(F{q;HI99sswLEXk6oX|juufyRF5x@d`|+K2Me&E| z(wGpHapScrazAQ%+}D?kMglliKFUH%8o1)JsfH!!|IGZBIio7D0XSH>2Ss8zznNgs zX1AzbT&;y1Ecxj(BAlADylE!&|EnJa)GyDLz5Dm0Sb2K=8U^zlL?zwlO0_JU1+UFP zRl`FxzH@UPvQmbu#G4!l7+ zs;(_J?hiu@+@yA`>-%|cVn$)0otnX*iFWl|S)2v}5MtSlmN}{rB|3{5@5LDwV)!Hr zGX%-N%cn1)Kj#g2hZc(efLXGh^%zc>U{|w&S1;Sehgi4LGI>r^-b?rZs~+v3DO*vV zl+Wj?&fj|Ctd=3f`_T!pGH-)cfoXVAebSn~i_hAQ=U;)wcSw_hsawMlFX2Osj$K0J2{e&Ey5?UuZm>)SdzY90aFxAim6!+^ zz=DidypH#rd4@GPmqYY93vXJe2Tj*hH;P-Yzc)9}a(ej3GL@F_Cdj;-Bn@jPUlh1A zm^D(;EO0)KYn*(muu`C&CWbw_&|*MZD?KD-&X+*yV2K;{^VOg*MfAbLi>J1AE{mrC znH=mJ9PmxQtbcYiHZ{vPCqY(O@YO;#3wD0tb{N+pOc~W*R9sF|Fz!CkT}i;%C3&H< ziVClCIOnkqiCVEl?2j?5lpt->IPhf*Y zhzYz^Ah29hty2xO70uTIJkBLp6&0a40jK@*6=T{>#C!P2i4R5YCWc97_Y|?` zb1M8Q)=%CFLCpyI1}o3ytuRiY94F&W&l588>s>0e4u>S}VWLX$_Vx-oRx>a1Rnsy? z`t%WPMy3dXrF}R#c-9p9ZuIg(xekI~e6fIFg!758d(3i4QcYR0^S?x;)ME;n&0Bxa z#wEh@e4hLd{ zRgbAGQJabXY}_H9Hp4Pl#QbrEUbeeGJ#= za11Epr9RRL`UuV8Wjr21AKfH|uA)L{^l zBGsCKT1m?L3F}4fZZ(c1*g^{7-F~4O`KD`dl4If^PO6OPF%WkyzFRha%DItdPkiMs z%g)(}0Z(bgDp!+?fjMUy&*=mKloyxt>Sx5eh1u|DJoaTi{_rc>3P3TP13syS74tMN zuZML1VDz}h_7;<%w0p?G(J&m1`ha?Xjscw%(MN54Oi>I+tJA;%5mXSfMQmAo7HC!# z5y^JS0HZtm?{56VR%0ATY}BQ*H8`f!EtjU+b-w9p{@i$>hxor&VJj3UnV!GF13n7K zbX~+>PK0sSwCY%KO-~N zUk@d28Q_CUGW8|w4$&p)9X-_q`c@(b@P|ye7SRyTs%Xvx%UO=FpltH2Wo*>rY`fDw2U*%57Q3@chyxTNUx%8D^x|j9X;!o2P zdyljjSo&V4c`TH$7P@Bs#^fJd>S~D}9{M|Q5HE3tkSALo6V9{Ay)s*!G8o9Uo~BJt zzTTw;LwFD>H5tmmxeERms^ixZmM7`Ow0cog+?KDTLy_z)m03f63H#&OzPz5TKts)3 zMS(Es#RifEysbnPR+=`xcm@Bk}ufT|tkRQ6z07)ITcUgFRXvoRE= z$8#>hG!!0LERM{ZUWxUw982~JI{!+`&4`iodavZX%h*TBDWb?U96)8qnrERHs^e%p zSaD*5aP?V_H!mx>XCMNTh_XwNq|wzDx8;GB$5a4RiqUo9R&6bw0d9GELbx7Lt`FBr zs-6hS)Hl=dUnK(?^IQaW(M%rvQ&=4G#B^FG7B}T)-&mLu!jfiob9k4g=UgvdlW5CF zFo(n=^$%jO`{TKw)re8^5ZySgS$cijps|~}pa8raSHQkxtcwi;zwiut$O|(2a0VW?f?pXUL2GUy52|h2{h${8=f3hZ9`fk6;WQot;u)*LrjR_6) zzf_=axwEQJY(=d%9Eqx`Sc9T}O&Xeq-0`SPVC#^edt$HNXio?Hn(@BBC0@8(_W zro&kQ{+z--R^Pn`lYFHU((!W~XHfYZ&|rrRH74ZcGi%M7At57i!Hcvj5o~ zjkGNrLn@6*Cqz)41*7vu@_`7t9s zWv^s3o~W~q|N6dTO%HJlyxXJY4H{!r8*mo#Ex8AR>DAlERto2UBOeH!UHe+8e z@|L1sGtU3az{n<8Gr0c}X-Jc<>vg8{jAob6+tehENRGO%jajdK!zACpEajHx?`3c@>rqZi5k5!G5d8m>+)ZsZ@_)j>$h=?XzqO2 zOkRNOaI}ciL<@>AOe_dTUGnuKnHU&c0TkhecbESY>IK|I`k)?7rb{4+*=-`_>CIZE zR21%FTtqt8Ta=t*OdUJ}fya2(QVkbmX7s_h-uz+@-F@JdbDhX{K951kn2-K<%-OY;v<%J#rb@++5jkPVN@2}`gPHk8P);F3* zH7E_3Byxr-UOL9LYaen`0&vc@T2ffn!TUbfTN5lA>0=g{8?C3xNN2zhtRtp|!uWqY zblUPi`q_53D9Rp$C7mdQHf$c(=c&)A_Nv8|AOB`+MkR9Y=_l*ZOc>5ZpOhw+`bQr2 zZ0Yo(v>F<1+bH(s^4jF52<6Qki)gxY@5uzjaqtsDbI$Mk9oHX6!M8oFPma264TCO& zkuU41L<|*xr9}eg-0KkiLPS=rdal7 z`87QX*$o~xY0mP!EW62?NraTaeS=mc2u%pxt26qDSdwkSLq%ns~0upD874l zr#_Am*^r1$%_8631PSP6EyXk!IXp_1_f~=XGVmG>Yz`S^E@y5Z2AP;Fa#9SM8m(bA z|GswHXs4KjtXpRsq#3Bto>mvgL*q(c6A0{>@^t?@n|yx<)-N25T>eJwk3N3KZ}3Vc z(lw?!`q#}26>DBg2$(TbQB_p)*TK_lhZWoifwA!iT&;)NioT>U{xaIaudkP(vfZ?| z@4r}DaqLHBQ?IaSdj9M!6{X!Wyu2D;A>m|%odccX!(mjCzy)A(>%Dx}7Pk`BJQ8sf zd1yG>iRm+R^e*JK0nj6rHEVzZ=_@yt2R>;DRsD~EC(P+Uk4?!2Xsx;VWkk-iv@ z_3T8NTDQq~9k{7Z5GY+^Fi%nca(1IAw65TemWBP1rZO2)(0Zg}Sr>q8i%o-!q;AKRF2jqTz zBE2i}4zbe9z2KT!Z5@*WBKf$Y^59@A9QqBX@5r|QTc%Ew9$Ou;$FeYlLi{e=hYOGr zp>YMNPmXTgk&zM)Xb{Hz^Rp~n8=jh-(P$h_JxR?JeQAbLMQxhKG$u@wbs5HW7y6cS zm8WB5l$!VFU6n}uGWvGW{clH)&NFCzZu#;u0YQHICNsR?^Cm22-9~a&0kwmS)@UVr z?2>&X{yS@6m&lUpl+ic0Qmn$Pi=~f&@TqzeX(ppHcyBw}b1K?cH(dFu=k7ziJ>05jO|d|HcRY?@3B#CQf#)|6fC}3H(p44hDU!=-eJc zTxTbkhX*tRJllfi;SEDSJ6OaXL%&{d=pGW0r6UwrhU85*Yf9E{y?1@b#U-HS7O*P7 zhGv~jcaR=`B7`l;6dD$iriVoIw}x&O($M16*v#Toth{I*MEEM`H!{h}HISi>NU~v% z5F(jDh;=MRZUXMXxZ(;5f~svDl&cL0uPYeOH~8ubNWtAbC;*$M0}7;cYD+jB$V@#j zm=xHr)QsLl@u z8^FWO_ny;*6LdW%s~77_tsPrPLKolgWnoY7x?Q_1Fqf#VrjF=ym%i~E;n8_=!BAFO z5)zUK>md58Q-C@VcJAPKqkHWqzXpG89`x!Fu>mBAzSf`9==@};93FzZ6Zp97huI66 z_*c>#J`~7v?ft#&jT>0V0%&e=ApF|Hlb(@s&p;-A_aFn|%QqJ<4@jL+9_U+0y)Q%1 zlu(1!g9zy00OINKUFCikDk}uk5V|oCXewxhi0L7qxHmFLJ>W27zcY{z7~+a?>kz2n z_vic5^htzKR>HlR%u_#;ThX?kkZ z>iO>YC8+YvnDHwZ{u}=gK>GfRL3U{F@SBnS!}$FxX?FtD`1&!r7uIB-m;wIB-B%0r z?l=1a&i1E#YS;OC zx7r*L1auisPq=qC9h1@h<#)dODkE%r@^k-VV6s=uypC}a;@u{;m-)^t@23;Nsv)f8 z__q7-XdgVYy)Dy=xHt9({2s`cOCMtiY(?l%w*h+~g15w*|!8S)6ELF*UTU}5bG*bB(EP>_f* zaQX%DO*w3v@U9H*^S2K(xiRQBkkO3m2iRc3@dLEy$nE`qp6~yjurFY6AX|cf{@)H` zSWe804D7FFY{u7L#;;XgNHA{@`oxSAeELukyGv1Cd+XsSeoc3Zuzf{V`zJ0fikR3W zqL2kviro}87ngK&!3jEe$1$u;_i8Dw-7W*2w!3wEB8R7g9%JH+cO!ZGe6C+#aQ>Vt z7kLrxgn5{>`Wy;j3e5`^s4@wh$Bxsq%ChG|3ixnFJ-=V$Mo4;vEVu#@%?KF{MLVr{ z6oRP0nfY>v(rI5Yn~2loKn90JVq#O;6($-z@)%{Mwo44|@sgA0k-N1qniC)^2f4&x zpSu}sH!d(0ZOc%xXxx7i7R^B4#Pv)6oiHaybun~A;`Ed*`il-{x23E~E01nAQz`q;RPsHif;E)(7Q+LPjkGYAYE>G7BGuaq>% zF~6M=E;{6W)w-XwaPe$^++C-nllNGb5RwX~4ux#5HX`FB^)V(NVi*-@kqpD8reSWz zydldSIBu+gfi3O1uxpPgUCq|QTxv4V#|6(Ds0q|*NZTNy2qI+q_P@4%NaXvBd0P0y zsknV2T#KgmTJd&o^J@Gfe3H_N`f#2WoX8>R^nIBW_tv$*oQ!?|!&#}TSXe$+w)}{W zHBl;`$SFRnYH&Bq+qK#6$yWOyzmKP=!C*#lt+Pq+*`OZcQ!ORqD>Mh`%kc|AmRCm= zaQe*G147&9)%+>ZNJ!9?FOf>TxdeJauDkO#P+iDrvUkOPba}c>+wziHrx_G@c>RL` zgb&*F4;5Zi)!z4e&H8;AtDFbVpveu0KSC_F1ESW%%*Ha%>{xPeDzV&+@UOat1CXl` z@J6zH?>c@nel;n_AmqbunsP0KBaVNJ7b|KIFvg#AiZdndZ?GdfF0y`vGA>_h~LvzY9y;kUTr1nW^xua zY&_Qwqcy@FG$4Hh5+6_|o@}^3KpuWjO0y$K@POzUhfk->fM|6p*lj#PprD6Qa{&iW z#ngu!=G`}SkMD+rqOW1Dli$kWOI>;S)9&P&_R!u)5Yo><8X(baB6w5e zyHY|;TL7|#flj&<*hWqBnI7ZP>kqgl3qyC(4+HBS(24@bVj;Cg;5 zlmasTO3HwN`H(uP%BS$MzjTJb*^R8)f%xr-9FdR#8?p?}6T2qHJwoSjY#WQ>KuDVQ zNnc@U!(W3Z+LE)wk?Cp9QH{ao*PZ0HB>kfRs=fEh;g>+lhqr?qU)vre=zAjSz&l)3 zSw#3*{Rx~gLH|Y8Tk&`gp>2)>Mx|**#JKF?Ga}aDx}pKhVvC009t?l?ooI_LpSmi#r$)>V#`&BLHLI(p zW!1=;s4XGE;+^DWg|bOemY|uuBFPBQv(J~@F$4$x@4SCl*h7$%62p^q`$8_Mb%!pbV zLGjnMEQR+lm_Q}Je$o;ek|E+~O3iPVoFuUk{&0;bZ2E@J)r&-v+6Ppkx_Sak5n!B7 z+v*`iTDJ0Ml-ANbow8~T%{QP@7`IUuXC_#>7iT`jG~T#mM1hD>5I}k+mWPtKpM_UQ zjIn#Z4y7M+hOkF#N4TA7_upA{7kTnm9~sz7!YDhAF)pF%?zTs0m*qs_b11feSsGg= z4Y=I$;!BOM?wD?uTzXn_G-2lT%vn@mM`9^>R2HdRg>2=b;%l#u!B@(=5atiq&0Jb= z)t9kC6q;1~lIo)BuB;>X!3hHXSvIdA>wTe*f5`p9h>kNl@~D=ESs1f}eOz*3gX+lj zt*WYS;B%<0)I_>?EX9k-d`~j9n!CD821rik)hmwL}Jbq z$TctKHDWK1bgf*UIOb>>Uz>7vwrlOU^Q7x)vc4W`W*-D7k6Ia#eIK0?hg?^dK{@J% z4G+koWXp>ZBIxS7FITgmUy60KU)2kaKfXVWC&nCXI{s#h_6IEQ3kqsU5SeC%m(tD+5}fv;&JTLyG;XR z`{=e9zkOs3KToEkQ+)=3;y-Slwh(Uh^MhiI;Q4>Zg&oZ`b_JtHP=LfKox+@+d3?Pn zA#+NILtmeYKP2`564x5@xh32l7My5!2KVV<9Jen!GQtD)ap46)V` zwR|S~lt4;Pw z;bW6n`wtbz1*gz#cbh`xPZ(s3d3=dmrhe!u!r3;j43U+KUA`-O+z9Bvf`6bIjR+jQ z;K$E3wJ=u>EY=F7ssroVozdT!vbKEGP8@_$0DfaXFP2FcDPHDNc`A9ZMeG`t^jR`I z*m_9uj;(*P)o&h7gjk%$e9{@c$rDEdy|AO#8W<|gOy@NY!69;wME&LHtf`J(dtVY# z)xk{N$HNUdYh8PW4KUrD5aWK1AkM&DDOXt7ODZ)&6ed}6OyY~nNP5B_UW#|qV~93Z$C-AOJgpYbWR!VCe3aS( zpunf-a&D6EDWee-d2DT9W(uT$pimtlMt(G}<-ylJ$z7gm@)r3lu#ALODQYYno*Ts5 zSVqRZnJNQe1HTu1Dhp{R?Wa_Jf4;EVzQ{>&IHWSst(bo|FZx4(dPdp!Hf~ra;p&wEz=WN7^5j{h=XI+owfIZaB>!VlU*nJlP5Fr#{X_pq^qPEB;rLe_bRD(-A= z&-D=M_wkEc*MIBIJZAw)#yD>d$tH70E1g3jnD33San{1HNtwDrex+u!_p_V4Nw)f- z>Jk=XkR+UQGb6m^(t;s37oY!SpTEy>oWBj_8Qb#ryk7%m7H;ibRHy0_KVPqXX06wv zeYV=va_&`xRY$Dz9u@a{3o{@vm3qVVW#Rk1D*k4()<)|%61~(_@s^*X-nU><{6!r7 zH)S|%G1T;f6mDsPJzOXx2)>eI#k|05?-2WJ7GIZ2Pt9PB#Vc|`^a4QH+PR|e0(kki zeZdTzZQ`ILd+aM%?=I`Cih!$kXY<&$#2{0ZHmi$3rS_m|#HwU@E-)-#)f-|o$N z`l(VA4s{PM;h2UYW@E>+3GqIkkpN7noL$CBgtO{t^)QWJC$W$|* z3%UdCh<&|7sGGllzeY!WI54aVCiYd8*o*)t{Ku!JJnUAwWJ`>EA%D;eovAJR1u(Zr z(n^uCBqWC_J>48|m!qrNXFo8oaOtQvgkPVmF|$coY_|7#zloO?Mb|fCbV3$PTsfcQ z@@Kkcb#@kymxz%mJ8#3=zSmC@xjYDqr~1(5&UR`_dcY_jovY~i{u4bc?WW50BkQBN z#@Rb%C7yhW?51tERD7L;%m>D?)WS_%U%WIh8pJ3>;(%QS$C#Zu*{xZ&sB>wZcD$uH z{Pt?-38LGUtRNmtTNP3ly*cTXVlR9p<*Iea1Mwy=FGu&26#uVP^*HW;1I`U{Kx{eu z@r^mOGd!$GdeSQU=2}CMZ7BNu0&+gbHE??%kY`Ae#6F1YVy2x-mz(UblDi)xF2u(_ z{vsF9qNc{!mJLQkK&FrW)B^5lE3OOAYsexg46xD}>S_pPq{n6zU9}vMwhtH-HdL}u zx2E7b+DmjM5urmm_kzP~m%iuWjG=YTMvN<$LwhcDc#r_}&SI9{{i^%iPv7B1Mwo(> z+7hIcyR)%0$3HZRGg>~#g_3VTpG)7L?&yaI$VXqVI@ zw0X|T2+>eWeGVm)f%4RD2rMj7Hl-}n$yF$a)DGC2YP9$?B;(PiQ zy&SWW^My8QcoH+J6;0E+IYcgNa)Z9FxR#wbtJ4|9L7VC?2_1b=k4((K7OVQ1-c)Hs zB+U|-E0aa|2n?Vprb`88Ypnz`%Y{^<0Zx1*Pi$|Maxs7CLSGl-!m`Ybc@PO^^D~vV zlZYeR@2et;8ynwBk!UQA(J3xUbk)B+H^Vv%_s@Kk@sGqX5459sY1U<#D!>Dh z3sJw&#BM);nCLeo8^TuhHzpibJh&>HORQtmS@i6b!WhthshpwF#3=HRT7A^94@U&; z88ou`cu6f=0e{?jqRL_sPAD15%n}U*q)=q5zL0ccuY`Wfrvh^}+sXUh>9aQ15IVD= zH#^G~MCZ+9T8~-|8%}0Oi2tog2u&Yt9oXx;YNM5LGj_{-0Sd|x=+C0xc#+{r;T6FZ zh*>XZ^o8Ws+Z2*Zmen%BtN$q7K1tiK!9=ao>&V5SPLJsa`mINtrfJ05r-Drs*x7rr zX0{T_M3y*uLas(Hi`&*RurtX9AX`1>Q(faDrZbdq8qa6t4?O&adDph;KWLcKemN^i1|LKha}*MuOw9(9lUu zBC-Wes}pkCvzAGNQZ)2)R${bC&@(ufI3d)mG`+_Kl<_{1wpf*htzRXDw%cY^`b9ot zueB9U76t6Vj;T1~5{`-xr^251B-w*G=DLv5)q7aVqL|>SbE8}2MvR?@-c^tKgiJ4J zI%UdHP;>lnSJFS;l+s)>2xdT>zpYwEk29c6wnYEa&c0T^E=j}mP}X$N&OiYF|Lqdt2l}! z26raZcRu$;m=|FegN}s=98*WLhL2e=@rUG^q`tILqF|Vm+D&vGG zW93&)mCgt-NZ@zLy4i((s?y-lf8e3Y)B|r5ijzWC2DA zo;kKH4j(llC?)p1QA2nTxLbh`&EIEAc)&H@>?^!U#ukJx{;BJKC#Ne7FJ1Be?z)X; zTg7EPir!MSs#CvlC-H#8_5Qey4T&koB5tg1-K;cqqoQWcvVEDyx%9Ut*CBa%(6A&F zkc+^f{$O1DZ^_XxAG-dlv*OU7@ytd)sLNPPJ+`jl4$p*C z(?~wpy#E^Dp~O*)6633j7!e&t^=G{HgLi?4p9P*qK1Td!SoYt6szWTok8NA7K=o%+ zKl}>E+D^˾_D-i^RkP!Ip-Hg-uf{(57>MVxu}v}=`*8zI}d7!L08AX!vMY+hB^ zMn%J8vf3|}NpjvX+&M1C+@=I_iz*>qrJvvB%;fAXNygzCa7^pld(h+Qj`v%7%iVd$ zfSQ^c_Q>7dDPuQ!L<}wvMEx>|Ml54vql3@T%pd&OY!G0CRBGc+_NK?+oPvJvA2$b3(zHD)0f$(5c~*|Zb0 z3gg$?lMbgWY!~Pvhns8zloAVfzOx5X928Xz`d*ZNMdCX9(?)}ia5Ozqm`^I-`SqcG z*qek5n&F=$MJ5|}+YMIl0MbjH9bMM$OK*#u>i#vQaakNcl$bh_H$(>STz?-BIEt@o z&`mN=HZ-^^1S;n3tKV;9vnc!P!ftXspfDgd?=0!gkvcnIX>403=Y$CDyp%TQ30Zd> z8vk=yVST>}Uh7Xc25ZqF)ls%VTAAfZPN?K_d_a5l_k&)eD*vGbnS{GSwWPH_rrywc zoxch8vkUpq`^kW_sQm6YKuzW3AJEHv87*gdPLWeTy=wfWOU( zyRoYdHq;!}c2C0Ag8~Io;qK-Lwzg+tH~}&664e45f#wttZT@YM4vRWt&E?{a{AVuQ(rPq*%@B55%&{HjYp8+`^bKE zr?kc|Up)$Cb4?(o?y=2WI?maozlc>A`x`E}I-sBb7EVNl#qf+iu0HCy;6eTnl#k9< z<`FLI%jvJ(NG}3hYtdn>nlHb2 zZcoLi6q+5a$4juIeDK(SDOm19i%tr5upUj%#WN4~EmN zP{u{x7puHqKu%tDx(F|PyhJF=A3jPul(rKN=QYYdwfWkl;158i%oG&7%gvkh>T20I z@HKAR7-;-Ga-_O>glaAvKd(A^s~T+LHZ)o{@IcXWiIu&G8S1yCVpEu944(~qiGq0b z+qZ?A>%P9ytz6En%M%q%e%vTK)_z7|?cP=UU{@@iUGD)-TRX;K=1MRreN}Vxq5J0C z@A3LC-`eqqwPPu6ucIrV?AYV?O^EV~d0WTOKk9Lz_#rJS;!dOYzn=1>GYOxY`N{!$ zNcnUOBL|b;(1tl}x1np)fEQWgtV|n0`e7wgQH&R`iG}`6=O3{5vdYVF=a-2k_c4f7 z8)n=SHt6Z3f$e4X6sV$<8ZD$G=_KoR0Ha40LGjM5X=)Y8yse89Nly1DgDfB1;Xk)M zL1^Kmbbv3*P+|(b2vae>-HuX2R-As`D$?51z5A_jpvY8B5G2vqtaW!jMwJK2o0t8B z`d{*is2*$%D_q99s76lsGR#Unx72;Nz4xrtfR3E;dr^#4+P3CggG1M;OJ>aXq@K`W z_=(A--~%_$)GD*iKnE9vOb#~xoZS6rNha^F7T<;A+4d|I$tOeAr#{o^svBr@JM8zftGBkLT# zzh`4{Nf~XF3*`QQDU>~DPpN_8|2Kxk%zW+B&~ei`&Y_HYJx|d3$?-D7MsI`2D=&5U zU^WNR!SMj*;tKyDhjLKak?k!TJmJ>r;cS32Ei`-jUuVgApMwNo^T^a#>|^0`LP>X& zd;^O&2Z4|tmzdNv|J`KF!E%yQU1MA!$@k$1N5UXdQNqOYgW+z}B(_r*^i5&Zf&Om} za;f!?bh-K!WcuuR6dz1WyrLBB$?biyuaDqSbCOrSmJ4={*<3~Go66%$_Yb&t2+36a zI@_e>pnq;vgEd+mZL`R^0$8{v<~3!?qD5jv^@Q3KrD#Y6VqthLRBdO8VG4I6o=r1N zS7Gt83a5Bd{w9eJm>`a9$G{W<^HnG$QJu<2=yEH}KZ5-)Ean#8FL!r|U%K#x?gsNo zgqJK>F8l4p|tm^b^Cf`L}D?%6W&#*$(tKC=zy?zx`2)11a%j*FYJ?6jw{ z!VbwyEv<#!az-&T46Wt*7>_qzR*8~WGm!opxA)a9){lu|O{f1V*C(PVHQ7!&D9KbG z;UhUDo_K?sUx~<9n$#wx)>#(B34f<9vrrcxt-)~<$s^Vzm>hB{5i$Zu+w&R<`c*K9 z`&n;p%sBApwC$6xG!8qpGuSX{o3V@`@hcUL2EF!Se(wFd+0D*zaBuJ`n5!YQ9u2;% zM8fk9_eOQJTP$Kqpc3>5V8cWBjB~WlQPEw@&^D9h{{SxIF6rB^Ady8y^YmN3DiENCCVY z>B-XJr>=)lN62YSEHf53r`J0x@S|2PDEK;Jv|YzK&i+|PU;2d}j%MVg^9umu)oS`X zQE5M2th_Ymn+TJk(zw|Pc>5-E+2{DP(d-oglx~T_ zC&Im8Y$$6n;RM|`w>ESJs{nG6xYo&PZWoT}C#xc`z0)We@QRI#6MT}k6X5wz&AbK(%M9Qa zDN`0PpsYZTOV&buzAavlCrL-8m&o8MDx48SLIG4O=MLfmg1+%YdTs|R* z%q13PJ?NDP^d0*xKX;}t4xDMUepekl=* z=1g$A{&`9~WK0o`iP&d0w;PG*cW`#NKF;>p8Nsgm@R+WWudu??*!u%M3s2@F9U{;b z!Cg-Axg!-bn;Bb#7-2mO$>G+ad&;~4?`VBQJ&5ke?e1cJYzv(VZ|dLf^0zRNoV@KZ zUPO31m_9FRzjGWE-uq+vNM!?}HicuH9%p2vxU4*-Cn3awfNqGopWqn(Et@>P;k`6) zO+3=L5~UB?R+2i}&es3X$Ob2|#ExfOoA;>tFhrL59^!86y@2kED<>)X?!?UuLCIBu z*a!E5{AmCx@M9rQ0an(SwvZ@g65Nd%VLMHIIo)V>z_wd-!-gAK>}4D!aKzbRH@Z%}><@ zl1|f75CDx5U)1>PA<$s9d9tC3zGOovXO8CCY;NCD z%lX&Gmg<=|sXZI40Qu!xyGYCc|M}i!6TZJrLg~P&p8L=WEh7M7iiVC7RdU_d*n||v z5FCcb2J4P@dakQ8{-cFn*l}f6Y6*Sr8h$YORh1YqLe0b-{?yt(raCrS1pIMz)O)eq zF=^hk1Xb=Z(R~ReVqqv9A?e-VUZSq*lt{B?lTXvJKc!B1qc^y{UKN}f|c3ud5iR3j2Q~GG`icX&&yJviVwA)x0TTh4pz+{&V-Gf1_oCXgC zgrDxI4@TCo5SekZ0+S2jZ?=Bm%PYs!|66^^`d{kPzs$@m|KY0s{-ys6w{{#~60LNyJlg z3%z3yxxWrAfE@lr>Z$AiOnhj~d@eaZc6TD9!&_TwzDY|H6A?p`b5Wp&<}^|>Ah-2S zEr6xKTfWuV|J$DW|Awp4y*^6A{zAaBjde~RDVo5BN7qKjP$0gbaLs6ZWURG8Aqgb2 zr~q(qv$6j`O4)$3zJ--P(fuHAZ?*we)mDElu6LGuaMn1!3@nZH0PP)F9PaC!>cLdk zH~;`C=fkP5x38rD7|AAfgc!kD5mvV+7bchcCb6Yn$s8Dc8&ffRVKjGpCL9`Uo1C0o z4D1@5UbP4>Y*=?`CE3*^e6ex-WUj5ndL9xQoj}!nH?9ZXYsS_&{W>#0zhNsav#6`Q z(e=*uCd-cuFZKZw6Fyl%sRiDN8o=6tTh~@sUEhA|Q*?mYjsD=L77uAWlU-hk=N)}p zP(bf#d=p>PRtR0+DpZ6|__3L(Nn{9HmnQ(Q*RQHqoxs6qxZ1`hTkuriDyyv6Z&&aL zKjokP-Mx-=cVL*+-i{GC-H)%A9UGC|r+N@}_Set6A4VNzNNEaCC-z|B z-I2*5Fx}%_W8m5!?Z4W$DZW2W1?I*dH%#C4Ne=ZufUiGEG_BGn9zyR+#>(A+r&!Ta3 zGaSzksc*{i0FEbs1pX}s+m}u`+^vpi1xRD#lkM;LYIYaKTY^w_HO|kLsAlW==50Pn zB@Gwo3?HkBo7gD2Or1Xh5A}>UXIOPs<#*@i0;fESc)S< z!1_-wee6vx07exRMm*x%*uK!;XN2n(mdt(Om4wkXvIA-hkOtVj2Le#WS1H^g1!S#9s0r7zLojn_XJQL;|;~@rF_yEoB-2J`VLqHto-YPK<2A-4G$zL_ZiTO znD~uv3v$E@fz5x^6B+~DTmB91=VkuMuL+<$#S5Vsw~Pl8UGfF)cX0N}zw6rWgTR)( z?SsghYW587mv-!fkZN|PGYGq^=8N46{23D%anUk3cNg<@Gghzu4cdnT^nC{~eWzpb zqyq%r%6D5iwQ2e7`1@)iz+VNviS|CF@0)Gu9X=-*TV<7f@K=Y==|-Qh*1u7~B7gX- zr*~!_Wc4q5Kz;V@eu@LQG=IXuNL7D8`@VmOCqZ!oqhcChXV2)sRG(EmS!|D-efVt` zu73P?r#U`B`>cK{6mA)#pXg?KBtgHzV2}NG+I-6T+BkpY1FW+8Zn(+7bC+_e9qN8G z&fj?lc0o*zU>revcE0oPKZzPZzc47#ThXWCaIJlYKqNK4CvRBq0ouPDE`GE~qIU#h zIcMiL_k8U44&Mu2dCzWtG#+~NpLYhnESN5LWq!tjK3IX=znP(|>9=4%!{2P)cPY29 zzqQ$%oo(ZMfP8bdDz90pdwZVIHicd2W_7@H@o;_kZ$G(y?|!iBd!4(s=|uWO!T7aCsWws-T#P0$binD;ej2a7M4br#6X4A+q0kFg5gvYiT< z$mLKc=bdx1vC0WDcf(G+Mac*-rYDq_mGWrtMU?8e7~SxB^J0d@oYB2WPXS%j?afB~ z(mLK(jug^TiOWVDTFEUKSw!?8CYTtacq+57&pU6&s|EOmppV}trEJ20WTnhQ;W(vGj-m(FGaUc(4PAJr9R;s zI)S0Xwo)mxipf9JAJ}P4&F6D6G+sH}BgyTnF82xmdX9qutDIvw6B@QsniNX578}y} zbz8g+>%ihK9hHMC9M+8}>`bOuVWeb zk#k2`;Y6sgVA7_w&y65c$$JsSwfNpDQcQKh+q0fWXUE}KM45n0d~mg^xEbFb-)YxR z{9L}F-LEejOTHa)k&GYxE|b*3ia@UR$HIUh-bTEvW=?1FQla=5d z&3L$lqFdVL-v_%QRX@0mN*!WKfi(1*0k|G{*hTX|j`5t2g5ap4gF=?kYRRN}Z85G^iR+ zi`6P{@h$=iq%x;awx@?MG7^_z4N{#cv(k7rqHx=h=49h<1Gu4nrg%bdkZ+TKOqj`v zt9_S86b9wJb^-{rkJLE`gbjh6Guz;cgMTwibxQ0-_Z0o9pgacide+@iVR>T(EA_p! zPb-q6vV5Z*DtxogZ+HD9x1J*TP|Mlp8RtCjJaivfY;S+ln>%jiLBOvWQo}Ff7hS~9Xefn7d~u!~X}pYas)ZUkD)MJP(p3RgL*ZV6 zXU1TtBO%l_W4K1uUoSl^Gyt;lfEYf|`Jovy1!K{c@CRF2@wO?pa#6tim9{=whdP(R zGS9IE_fZ!@uCt0&)+Qg@p*lLRQ;Hh$c)znm@XTcGya48FJ8q9Ol(R?b?h5)&tzs`I z>8&s4vt<+583?3fEZ;RjqsXJ9O;`vM5;hg`uwBEkpNCER~BB7)9bQDM8SRY zg$*w#!YK%O&PQi{^houy5>^iz_bm_<EU8tRXaWiq$dZ%hPTI*^JH8 zkJOnda7a-y@Lmrudn5Mx$O)i~$z1J^Up{ina1go``@@{2mQ{4*jTXiaLEna6dtnx< z!3>VQEXz22)PpxCr7A$9?B#5DHrfu3ot{;OM7voCMN%|8&WEsuW4EXxGKvysb^1ar zjhDZXEBzFk|ILi-wwQ5K`}KtLX`y`5{wO;B0$RZef{Ni6g`%HJf0PzM9FcOXUB(r@ z>cLAD)*GzSMm}w20+S{Zi2&0eStvaZ?~||`lCf+L>30SWauy@GLtTms)HgnfA@b$h z8WYZB6ngxijA9N>(U(eg?s(_Sa8`@)HTxk%KINt8Tjd(U{K+9+2D{g2>3j>#Y*Hdx zu_4%F&I(K}PKEY{Cz(OvP9K3jyW*yb!t*%v3V{8vW`dv8ZMv*~CE)|DTgW5AEs$OwG=Z®cJ;^V-pd>T?lQ>;=Q>%vyx5? zx8TEdoNs}Y_%z*wP+s+oWjvmG0{87Sa=*S52F_&N=Kf5aQkL0p4r zsVXxiH6?pSvlNb}XVQaV-iR0C-g27_?2dJ~f`knZx!8``aR#rq#N|9(w1ew`uGT_A zmnF|XoDPw>cAY!!rw`TvyqOncP4mlFCj&oUiEkS8tNrEqI(@$QjJmHHAl8XiDKe&= zL0pj6^ZqVEKR2WyY#o6Dw#f!4mBZ3~|8O~3qp@mJ5)5r`b9Uhk^mW5JVT*k{88|MU z*qbB7gCeDL+CUTpml(y72*v%uK?o6UqWGPv88(#JYv!%9D_W*`8fm^$YT2vcd1v%m zP$~dz2s=hqD@3alV=ja#htS^$_BHt3YsfI7=fqxs@U2$!&!L;on!1At`a@~;sE8d} zh9Sc)<)Z2#{mc8PDWEMK9fv#^65?vCSoBg20lZxCzgW;~MX0~`99U>>Zpiv)R%7@W zHFlCqku}$32l{b`>6PB%NoMU|cFqWo!BQ|od7vKefm@DAGXY2Q0e6NTVfT9qs<)A6 zSvO(_Ot46$UCu-^SnjD;2^tW`pY#ODa2<^=hhv-G>tMa_LktYfV;UPL?PeGb92xV! zLmXo9s}|QD^1+!imArzo`ta5jz%zyr^u7U`e*Ql)994D|ZJ%HRbsCC_16gq6t(N3NR;j>g3Vn^SZR z&cmQqG^e|s)O`$(`(jBZ2#_qy=0m_@PJtb`#{HbzJ~n>bTSP z`bN)05R(thwM6{N*Lc;jq=f`cg;3FSI{MSbr~(~51rx)wORSKB=M`Zxxf3*2?F%T^ zoyEpZSc!8F&kN4nM{81SMg^XvT(bok8Vna!%a@!b3r=3FEpgN5hWm*?G&QL)A(6MF zN+@OCbT=D{UScypdRdx4D)GN3<6KBkF^ z%3VA zVxlVCCHmAp3{7mm&;H$#3IoE0+>3Tm!IYO>6dfSH<>Er8?0Vk@B-3)>? zZ+;z4FxmuD4*(rqDtn7^wKXNe!}c;iwaS1f;1Y$qbhmN*5ns#p0Dih)rAd zO|+$7pqVo-Mb2>FQ#&-}oxt}y_HL*p-HA`~BV<~Ws>}Y6s*K1~^mRd$YEjB=TtP+`*a4^x9GM?8BsjsNok2(f>SB*B!wT`EJNMC5U!05-eTBVo8(l z3uD@LVr0vv?rRoqQ|3-F5`yr8;t*>O z;o#n3)X)|P#q@zTq|j6~Vi=QVGn6uX7#SMCw7Y5psF>1VmC9mj0A`LD&VuSb*+Jlk zSxv`dya_;}#GQ73^UvS#lfI5vg#KvZ)g8fgZZCh6U)%y~!6r2Jx*jPguHi#KLxkAq zY8zeGvSY7(KiIXVnDEQ+3{^Wjy{2mFcj#Y*n)4}op>$Od(z?cUX$Ju5tcLWB*oSd? zGfYz`isghFU#R)$d@)p4zcX=GF93HI{%dVOLy@2uOiL55iY=UGx>AJv>#L(Bbmq+8 z{X4#_T97M zvLdCL9*X5Z?55U!!`7am0?ijp>cY>cdWKxln}^-(>b5^#UxPy(gEVi-GoFp_x&=y< z#OEZhP>-k_kXUiL*N%Dgu>L0V&pJEj?$g2v6_E9ajFaV<0jYNLL)&UX!q{xSj`&zf z+nR#|Z32yn3RS7JQtW4MYgMWC@0@&Y@yn^rb7Sm>+&vqgQgs`zi9XyF>zwYFFLeMi z<QYOwTGwumyjGxwbocFw{U0jZi>Uxg{_tW&O&!{r#k;qG6dsTSZf+|sMLE|j`f{{ zW%{yW)Bp(IxNGOp354YRL?Z zvsDcWusqURahLnMuQG;T?Jh;+tpJSaU#F6bPNG6e zu{~;78KVjlS+Qs&e1bU?;nqN4dVqXFi3jSXex*Yl8MiNTYA+LwO;P57X~=EQ4blqc z1@X|^+bHO8UedRsN>UxR)1(7^T8*}sA$yUu)HacNAa|}m>0@x_R6K%`%DlXjMS#_> z_GmM)cWMARBg6BjyKjaGAifPK;v^hQ*N9xR8pB}HJs{-N9=}TQrl)5e86?3Jh+r(r z2j6l_5Rc&A)dQnHN!~StSiTZv}EWtqI z@me|S(%2+pAp>LLZBz$G{IcJfI8BtVG~HX~?$$Y+o(x}T90-b;ErBZT2Ur;Xo36dE z=%3J3Lu8FgXqCOQ4ju)Y!$VKJH_clS^-cbdr3K1F^Xya|egaUQaF{m9oWS{2Mn@e_ zJtpI7ki?Zq;zYUx`bqDC=e4p)Sy7swo8FNRR%55rKJ3)~&l9O_(wK21x*@Hm;hz_& zHgX{TC$*eLZ!NI=O*AqR={qRA1$Z>A;t39tL%yaYrHDHP+*fgtQs_GSR$eMt7_F_2 zt7H)F^@oWwZ4x!qWD{vYn=Tn1-oN^ENv9GxDaHCQ4cOngr`hKPhOs(xyTTX0U#dbF ze=UT&NrRuHC`%1#BSloN@)P6jNs<$2`S0?^h2qhtmO1W>J1n6z_awX`6$o>J8bX32>qv{&%T3`OO_LGIN!p*6+fCaFL+x;uC^d}%aeX!Yz>zk*s za?b(ci7jDyHXA=xjI_27iHQ7u=SKk!mSRo`oVflPXi%aWKVILAo<@?Ro{y5Irn7u- zsT7G;5!eHGbGQiD8zK!vEeT4fE1y!hSf)#O{-meW12-is*X(zpl&WENOWITEB}~z2H}Pr)QaL@7=r@a? z;w3E}#B3#3CY_@v;)q2h5AN2K*^Sa`Xw4A%uVpi9*#!Am!DntJ)>7yJT{<5Lb%X%% zwB|^-jb^U#+lG4en9ZQe&DSLqx0cZ2Ub;Eqvwxr5M=FM{uv^*8%`*Z@k5?=i91pgA zS(?f^g(Mo5`zoqvSWJ1RQOvp}X=D9aoj}=Xu|!Wv8b!7x#P~JlHgQj}21|N=(%oGS ztR|T_jKN}45!XH1+K=A08N&yX;OU0$FN47X7Dun53umOvuwC#8h{7xBBfD{eEX1<# z8ya1R-bjDuSlj|J5x=$jXYfbRd|5XP#m-tnBW%aZnl3qAdG_mwvW!5vn-x*KtJ>vR zBn0D6I=&J0}qA?UX~XAd=o9Op)S& z8ewccS&W)`))zfWb5P+s0KTAgSbuI~efzzKZlW+(<%fXyl~H$aI3+xW*klh*W|(5x z-*=Emr?Hq+o2f~8$4oG)S$5-;5;S+!u<4LNxVH*E2D}_@>J4&mCs8&Wyu$jc&a$iB z2(S}gE{zoMUqXaBO<{7R=6*oE->Fw?%qxYEdRg9fgIVEdWvj4nX|K%5BB~==-XJVlogq;(%){ z5aV8dx=h`0wfUoKlxh%+mMO3H&pEL7z~W@;BE`slVkM;wyf@7nT^CLk;<5V~A~i+P zAZS6P-W|L~+oCFh$O$%+fVqyhHRyL>Gs8E3vlqRy=1aA0=r7JaQ$M(7!4Zkl|J?T+ ziyhc|lm2_`_T=z`##eOU^uDTm?3u1}7hXEu7miulq)Fe%DPX=-166LWAsR{+G~#GC z#+*<-yep{Di@_it^OGC&FkLAOjUV%6sqXF8S$Q=FGqQ?2%{7 ze6+VdEDe7t+Ndub_JAz}Kze56B=heSKX{Ide zEu6Ck9JT9;;wfQg-*?610P%C;*>Q#p(g3(fo(;dG2Xqx;_xL%3__Z4#E*c|j6{0?qs3;vS2j=BQ2n0;y@g-d(kvTJ)W->`X4mkb6hkbP|0rxv z>KiJQ_%pU`%EbBGqPR9lbGGJ}AO~(a_5ss4~L4g!77_e_K^7QSz6lOubA~SsA{0G9&depXMp5I9v__dl#oBP&?JYM`Z@2 zjck@KW$K;VP1eJuY%BOO7M29CJ7h5FOc@5IAPOPuI&A!{vg*ZtY7iCX$Gh*`7uKwU$2d!vHA(Gv*DPDUt z8G$JY@6+n+19Zz_<B|GB7Uh z86<&WuLaloP*W+y+JG?HDv_tDHq#b_Dkvl)tPQzLFm`B)W;nQBp9e##*}Cp3Ug(5o zskFi3mj8C!6!1ZUCK$7`!|hB1vn9Z}8JI=z1B4b;&tFn**4#y?{<+IH;~Ag_C4LZ< z$ZY!l(8*K-Zk%k4i6MAg=v27-8_1M2E~pFgJ5Zd|r(rFr#)k54|8xo99c_(@u1uzq zfxrmyu?p$RBz#psOJJLgb0+G!Ms#s4T1Y2hxnGMxxlA}`z(wHUzCE$9uuJ$N9_7va zW5+Q`YqjYK#k1|v{;z}l3_p=0cRL^LjFbl!CCJ!R!bAM*A7$GaT~3YLBKCux4ay<^4DI6D@UI2NU|eUgCPsy34nxuowjrWvs7zI7V4Z88R1G74gp*V z2PtYc9F&kHFW#8pXjU08f;MB%NnNLVTB7+o3h zpSCWv%krB)cI61mT$_xt*6bS!Vd35@HMFwsiI*xZzay!LevVYZYqPa7UPis@Hch>W zW1m%};2l4$H0AiZ+043P*dn&DGFS~oNIm`%JbZ8364wusG4qI;cbr#smfTn2C{I#8 z&lZWq`RfTr4KmW^J7}2>gx>n)wVqZTz8kW9_+1}uni47m8k7d z3Ywx;t^f8WG@e)4_~h?Ta`4 zOQ{e*6|JUZ%%0LuLXC6_Z7$HtBN+bV8FUdz+31G5%o8<@b&G4Q8FSm@jNS8+=Jx5? zSO*b0XotMB%=jaa_?4IS=y6wn5zXqPo;a1)3y$#;o9KhJI!esLz-ID9iQY=SAYtq@= z&_?r-N`uie886rE6s?rE{7ZJrpF>q+V87Fkw(L*^i@%Cm2-y_Zgu+XgMF0dh>kG<> z(O5(sjJtZ~SG9{wFbp*t>FJgW*~>J<9G{82K|VItZ1){3l78NmP~-3N`5sl)QB*6* zRw$J&@=S86q#5CWsADKaHZJTGj1mw!cIUf)(u-Vb3yO0$-zi>}WOK!bFxg>}Nf3#L z@4Pd_xcn6IpJ#Nt$?&DD#Da5EdyKD_o4f>{2kBb#`zni)eii>mq$h-#6 zptm{Ab>7E6QhgSZV;i2@ex)-{VkJyD6j7cX{Ici9;>+}?%b>ty=bL}_O|n?x8(ElX zQf^p(>wa|X^Jy-PFF`NY(S*MQ!`JBK){2kJ`;uR9|BRu>h&RP|8Xi&yyo+g_NK@Zk zC7(=>wNBG6X$J=Pwu7j8r*Nc-ZcWy`9Tct0v`Ys3cZPL;D${QF#u(v~v~g0&4%{L- zlaFFsg1*Aef!+CO$7oK^jM)Vg?@`XFMtg0kKS`DkNGW6S^3*>J6%geO?_)*S&z=B= zH&pD0@btw!(S2Q`y!8FlRT>F@=dK!nTe8{{b=lx}-TJE4!saImi3mOCFbvK_ZXx5uTg^ zG>Q&K2^~K|>T;K=CF(3_D#u&>UU0d_TMDwP@<`<17;;QEFjg%_r)d;_a$7%b7W*_T zOvJ(A626Q-UfE@-QSyTDo}P;fZ*0jgs{qe%wf2$NTipa=r?>9DqT)MMAeXlsbz8$B zPEN=+s~2fCo)6LcVF<|j`(d@cHNELZw=eO>#iHTe*E^bT8$i5C=kw;V9W#zLNst1- z+#YuU&`wO%F>s_KMzXX#h!=!5t$nqqYg$26E-M3Ka~11z{sfJSqlTPQ04qa`5!d_v zpk-X$cq^AQ5F;qKJ)4pue(vgOrj%IGU}5zxpWg|43x8GP{4aMlCSmDGD)P>3{wZDR z*Cs+ccyZ@=)eQ6JxdQvC!IHrr%!|TY^kHWI)|w>`3TG7IC<3L^w#3h7!Rgyg=crCs z04QQSm?r`Apl0Td9ISBe0oy6gSSEv|n}@gPgCfR?3s z&J_clumUqC4U;E1k&=AjEL`+bAZMqNbPEARCMnXhzYIzJu(7y$wYNyL=T~KIUpVVh z9wn+lP{B#PvI}RAe+#5YUQuo)!JkFEcnnzS5E6n{B#0ApeiW1@zrj3dTD0pNClp>R z9>=0ry!3o1a27HzGd73TX5Od?img95phEVqDVz^r`2_aUE1nWvs)$NN96Xwp}=!=Kw%E&vC_5YvuWykupXOC>nANFj(-^L#kpS@ zJ*MIVNfNgAlRQID1`v1q zwawb;P&U;Yg&+@Q2<9V1v%8p;339)}Xu&7OzuU6HlG5tw;x_TWHEkf<&yMaM2qw9&>HKqU~Bk_F#2lxTz>>mR_c0 zZ7pU$q+t^^^hDx6DVNaZE8nr`8{AC<*A9`$jaYY0ce!>AuVPlAo4IR!lsKy|cgu;) z-p8p0bLPRs|I{ooJt|oH9NSdP_%EDtcFDE?sT|9j{J-EuuI_X4>vmS1`@r*l4bv?pDxRpb} z6cskV<2Vi6Kvby^+8SF_q8f)F>Ci-Ydq!dc33u0oL+`qVRENG*Bi6N8^a4Nl7YgD= zA(XyXsGYgX=gUaH%Q;LAiV4kNrN&%fp^Cu0yDG*x9>|WX4k7OSF#B~Srqo(JXK;wf z7lc#f3YJf@C1Ee)R6pir%iHShbX>00xqIg-8l(`N*tJd}L<^~o2pR3VGY1*UiyL~r z$#bHrDYg_AbV5g$Gc@Lk4u(j8Dk!%@ObD7JFuWICLo$^0?~mC@FDrIDTNKAvz+KHQ zP|t+*m0Nj#bMrwG9H~o`QR*i_9hnGPk9Xi#@EJ-7^t=S5?B$P4qgz_`O2!xLZVaWn zq(AaK$92m9;)Wp<4-154Hw*0Xg9!rh;2=o<42)d7n2Q$1xL%=E*V{vLeSHDi*LTZ@GG-B*pheX;D5ycJs#HFNL_)a2-&&iEves*X_< z;u}kCaYWqLdeTz(gH5Ja`&Ej{eAuxlvNSSTREtSF)Ja|12O?Z>TCwHj{er?pk?B$d z2TS#hn(A}P!39(^MC#vGSkCu>oV6BV##E#c^&_y9sU~TVFQuLJ2e(NaJwn>%aK>02 z@1>soU~TUwFFN(VL)u-3GJaP~My)l2nRa*F9?4c-CCkW2?~+{FLY03aP8AX5I%~4f zLkq@k)fRLP$ma@-3?SBxswBHbeAF=2#ELmo(Rny|FtnPR+yzYG=d*9jgr&}_4i{Zy zMrL_xJBr^Bg>*WNU)b>lL94R(+4GkZd&p_OxCZqFmcr}fT87SQ?OxwLa)l8-D0|G? zg0~e}H-yJl9J`AN1|3H_;Gm429hH_E&tmj9u&i;(1r_EAI=9J^Rznyu-5qquQZ)k7 z*QBJT6A+juF?Tt(9d=+KZjDg>p~|`oI{vi6EYq>95bd=*Rg!*xbE~wSlTMg*c4~ko z)XqftP3<~>9p`?txp31Q>7kGPn}Sz?OILvQA6dhr&^tj-Ful2ges2QM*h;iNVaN0Z zs%{aI6x|@jCpkOxMSae-#R-W*p#$t$mBBFomlwk;;iaxUC_GoZr9ARZu-J&6cr;1x zmYxWMMJd0>C|bj$hc(amhG3D4kF{}QXCxZMC_e)JkgVpQzkl5ZDa(g{x6>g}Cx zUhd%w>tuB)aCNB+2+qE5dZt_p<9jAp-8E1+NPetNyd6r`dWP_nn2-&hCNDeWPG}E6 z3*!Vj<{-xjedkPR5}9wWSJv+tBlx=}vnxYCk7hhFRk^inc+fz7DAmhLCdbOpgyj+B zeYi!@?D+kFZg8qBh^)0;CnEE#4N(`zaXGEOHDv~-Ju4cPeZt6X2T)iHsqI$WNfFOe z&9b=|mtVzhsXe+s|B{urN3N8IP!8r<#4S4(9(@V8IH$qR5$qqO((nL7Hi7Few)`SG z{z(YKxpyGC4#2B` zIH{5TjpK3pvcta@-7P$3GJGHcN55F0+tTjg9${4N7kDa9tWWTdw+G<;BkGaly!KK+4ZYRSP_jgYlhcldF7zl? z*j$Yr44#ejGfI6ma9_@Nn%6{J2BbA4zV_o)lL1EMEZ$&?`n_ik^`H5jotFyk{(g#} zF8z9uBUK=AsbN^CUgCTnDzb*N8?L5$Xq(o$S&zEVyF2_Gd+@40;&NK$^O6o*5=b<0 zU_*+fuxnQ)0lnK#CoGJ5zH@H+kpk~Yk8v#C4VQt%FV zeFWZTT^PPfG+(Psv-&7uxx{eAT09#|3NL0+)6A7Vz-HKfGr^;C^#mX0FR+*vz~vnT4DY!(OdBY;_g1!h~+n`0&rVY`cj}3su)4Hb^)dT#Y z!&q^jeXRtQ4E;Z5jmn#yI`L{?&`CgIA|>`@4xufSe6@d#n(+z zO5Vr~{W-B^Lw#_Uh-ptvOoW7814 znj*B8c{_hpvIkL0C6uFgy(-AOyHSQw>7mB)p<{+X^e+89F7!XJ)FAwiM`jkm@g9by z9qvN~a`yOq6f)8foO#-LB+gsBJ_OWDd28Ob#y`SP9*ZW5?zj(#{7Rj*yu18B^8$k9!fWTyT?jwomA>AE0*bZ(I6rn-)ng>=d^U z9|2Wu(pE~4;vg7pYmc{UJZ`2xZB?K`qGjj2(PWG*q8}ik7Ar<;JiXI9ughwKd!j4H z_5%6KBKy~nF zSsY+YQsCzu@8@LaxB%>X!DbFQBwU^GS&*O!UPY4>wI5C<(8IM*|0o`Dr6UOEZhNJ& z)6;9CbN~KZ9aQMW(P|+nDNM4+$wqI5^l}CJ36}jyL$-L(m?%P$6>hy-R4@={1@!M0 z3fMl9MFYda^P%&}+B+y9h1>RA>^E&)8c21B)FiieQ0-w&f&>}b(8~Q{UBJe4BGl>D zNU=4>Q#w;tz!Bh&)AU4)>r#HZQ=9Fu5TFFR))KINJ5rjW*75|)r(!@_7Gqp+r4Z>x zv@V?Sq<>od_e?FR4`L-XoUZy4KnCN}^EX*F7^R~~}grwgnw;xTdJ zI)sOnwKQj@jWtg=Ije*{hW~E1Dbn*)i#UgS5^r*BFS89bk^!-u?3d`?T4b?`{(X9M zK~^M!L^(o?7fq87kGBm!zhVLSmj!7LbP+vjxyh8_qG{>ak1NOBLIT}>?wOH=BMzT^ z_1{Anmbe2KL`J37x-kRpW}Q68=-EQ~0_o`X)n6DzvNmRf*RRmhwv#D-nz57{Pq9FY z!!Wj2uD+c_$S=17?N!%`btHcl1`Ix}c^xv+xmZ&clm<^)mg&Z8*k8~M{7K-rji+`r z-JyniebeEC#htr86}U&(M)ATT@`!#4)cvKQn`uMS-vl>fEYhnN+SkBsc3}Z>-yqLZ zh*N63zfU2$6Xr^-9HT@fkJC!p)cM83k@oron}sD~6RZ!%W#^$~7VCXor2+SP#x`Gu z%^+96J25nPHhZ6i*(GngJdHU6_%si?vU$NeJ8gqSEzJ@IuI#)<0LVhfj*ys4@F_fr zoxPH=I%gHjXYeD5y|LJ0r8ID>{|eOe_pL%1fpTuNLGecvuOQ z`z$sBFAry&Oke8*+0S~IfjBzJV+VhS6eC0mUe5Uo0rdjj7iMK`aHe8k7UNT)f?)B=F8wuP@LeZOI=|bVf~r8)U!o>$KB61<=@s zw3s&|+uy`;529vx;;Y3l79MN1A7XLd2Wv5C)RS;au%ZNJkpLl0EN+b`C|8U_*X-#y zI!h9rAS~0V0!&kH4K4NcWz^a*TgztoqN)CCJhy_W7d@{gggXd&uSWho_n^ z%T^8CzJo|KGx=aK2$|Z~xR0n>THG!DnJzf(8$dOt36mK;E`SYk=U;lU!eu_TravdI zq6ZzHy#>x)qyl*_+(R8#s7M7GC|r$gIU#-K;5f4%|01OhwNIKK!2&Z|koum6VkcSTW0C)L*~oWLEpMMGluJ#@l-0joQjQT@A}xmV zhf}`2dI;8B>_~t2hmn7p2_itHe%QCkx+RJsI6DUQVFEojO&-FLCmD_db9{dchYQ}Y zn$##N^lXga{8J**f)mTF=`M5n3}j}^&1P$;Hywnb!kA~5wx9!PPH1n ztL1yN9a+nV@L?4HEQoamETt)+mTs5zZ3R!vz~8t}$b+T)kVMxxwlc1;R{pOOkXM5< zUDoAc#?Y{=fnKKNKE>~v1ZX?j=<(rm-FgX^8P{&=F;AHl5s}rCsiUYso$iZ@-1)); z4iIwAs{l_zIE6gc({zI!6o>+=DDvwAs)D_RY}mk?R^W&xOr>bSKy4V{7jCt+;(P}C zgv{!CgYbF!T&KKQ&dl+zg(fQV>#-~vMcG8aWvR%Kt;2+IH9xI57d|PJxy1?W3FkPn z=B8$NSuo`4X`-Pr-GNFQL7ipp%}{L8a1o;@Ks;exnL*1pFAQ#)MY1-36oj+~d)1I; zChK~A7#o_`vmI2r%w(xRgwRyIdWI=9$kx3j*wb`jnzvAcdz2n;fU=tEo60pPHb~#rvO3(uER;)r z+uPy-cJki$*PVSKOdV9A1KRwDN&clyxh?H27mbfQdYj;F53w1<#UCxB?VD!$;2ib1 zKhmm}d1=fDI&AR6U*}sYO7`8L5BSW?9I}k9W)hcU4)eBU@+EX#?QX-q5(}y_dIJe+ zek#Ut@N2{8a_epnJ|lyZ+j71~Jlb>HJrmSBufiaDrj*D#B&yf$hZfJJz*O;lJ7*5n z_xzw@z#7|MFcH#@H&}7MH8bqVwI*WtbszX~?)sUi2X1porgoIfGj8>~yI;s!#T zl_BXbsfz|5YM(6)v=)p2?pfn>$J(MF{1qn9>FYp>2$Vg0DD;JpaCn0mCU|q~kZ%Fh zW8Q~v2wo-xO>D=5fo^lPS^py_QAI#WHS?+@nFVEGuWW#wT|`GNjutxFYVtnAqa92H z0fBHHE(n#i*vIj_5CCE_X!S{*%pVyef#o4!Ho(MWd#g4FNH8O!Ct-@wx_Df}%bt

    #-Q)Qd~0k!|-IzD88Bl zj8oGUFWaKYu;<}6`F#yxqKwjx7ItUVY3LT-T!#}`;sgM+GW`JjnXW{5D&$75I6O=&kw;qXsFQW7A7qeWkshE>Bhx7PY|bV>sg1_TZfi1c)J7(jvzy8CQvGyAZRbp-)2mG~L!@$`K|C zjp4zD*I~i#39%4`Gd=97)!jK+GTu(LE0Z$+a=Jv@+K-jY-AX4@2<0$^LClv`ei}2S zx!1$uY<8iv&#+eN7Qu+>#~E5xK6*<+JbuPnk~*Iqcc2~=CWgZP;g30dPwf%UQ`&rS z0cbY5uv8`05jx+umoo~~9UmGGx&<6tQsPT!jYR8E5+e`suxJMP0-Yww?3i62O^I$G z468GJz)ZIBbj5h6Q5vPew9Np3dNu@SoP#gnd%5TbMG>s`UESYKMVDtIcE%%1tR`&L z*nR$!@m*EP>@zMIS{F|+WNYJ;f{)@Gy&k#jq1wzD-|b(HotJDmo4xWsjNL<%AW*Ue z;IeI-UGB1N+qP}nwrzIVwr$%sr#3HQ7PEN&;BInpGxB_=s8(V`JW$5Q+o;&#gLtIg zACA_;&YU?SN>Vov^F{+_e=Cs>h6iyWpbYEpSZTMs|8T?5heqs1Nosa}BX-dzSY%`Y zQYYF&Ixz|=TjR#URcG23fnvAIdN+l^6yQ4R6YzMN5A|kSvSK`8v z2k+usk)1C=zU_*bk?A{9T9n04KNIw3y@LB^9)#JJY3kzrSn%-PLs->2KzID-hxp2|dJp$-AYef70)+2^c%S(-xujD#et>PpHH7D&1aiIbzfDmX6$HM( z1s0GUiAL>@C$q-4dIR%g-VacDrbzZSEON110BrggLf)ujlK0D; z8e!S4ZGJ2|FY?cT`N5Qyr#aL=gjzd8#Nda48QDIq%bc~zpqc1I#^76U-3PDo6EMrb zu2fZuGS{dznC(GKF_f&i$Zde*M9u$x2{4Gf%QZR|-`VvoFOuh=$Ks%WHGPa>6$ZUU z@PxHicFf)}UgPs%sV)|wuz2^4NO6{OYeG72Leyd%_tU+dQ|&DD<Y|0TZ5(kInAJ^R~r<*3V1yx%xmE0FxaYv1M~gsa7oqh%xCj6gWe?aKFSe= zj|c8D<=O7XezdaV>vh6@>CPr_Zhd;JSyD;|rpN^#1Ab?cztQ_O;%~ ze0o;`r7Pc{(BudKe78G7!pMc|v8i-n+n-MW=TJS^skr{C@pG9iG&Gi#+V@GOI85UE z{z8k?4$+hG8OGj0-Uaq&6=4aU)9l;bh`(KoD@eqWT_`OI%<4kxV6aG7(er?M!k!MZT+j|J-G#OW5J|LtXAktcSQkga`3qQzkSa(MNrtjjGP_l%0 zJ1uRaknsn~9W#C55H{u(_ zZ|Qj_HfuFGJ5c!sEs>7q15TnUfL-Pw_YIl6#@8 z#{!8^ASq4LvL8rLq>^PMnsk#4$$Np>EJ?a<0#x5(z@R-Qe2SM=dEB$EzR~pNCo-_v z3}EX3mxmwWXP1|5i9Mui=SB6#{+w8#ma=4gV8s~NU}`MObTX;6LZaW`*wQ~^H>@;M z6yQkd_(zYzzEP{zfDh{lZoG|p%`Fva31DO>Gnx+LVsi$264GT1(#MRhg+eYPaWnI? z3jEwfdV*1K*Y^%22xv4=+95fZ4yaBFMZv3d?tS|YN@qLg`Gnbu-&g6(MVG1TB%T9t z|2$yfQ3((CIrkoFYH~90x1xW9l;<7?&e&j5Y%Rx6UT`wNe~@ZLJJ2T&Y^S0yHzfpN zTTnK4upA#^!?<8rf>1$_j~&)fESqNxxWEDK9sWB6qmKMs5-U=;ugw6zTE$m4HRA<- zANse*COYdUNH+DVH71$rw-f=7omKUGWptwVEjm8*Hu9}Y6+z9U;^}~|6lxYuQe4Qg z)Vums;xU}Zlz$bEGbe5EF=$nD5OJSm-Mez3r=F_?tqRkIE7WmciBqRo6RxEzoS9n@ zQ7`2I!u~q2`!ez@-N!H?cZhJaB^K3-#?AYg#~BwDT8}je zsWj?zztT`nqG zdFx2#fR*^blX+92@xd^*JoYZ*6lXD?l^tU?I6bIaXuR6ad(w>seLhBft^*u+Jcs+c&@$y-n)rj7STpJfK{%DO8<*cnme=C}Ev>t5ev zIv|cp|8U{a!iUDQu8-*9;c5Sx$uwd_k z_GKN&$HjX_MT&L=_PyNqgf)gn94UcnGyjJO;2U=q2d|GK;B%VQj&iur5QEtlD>iFV zps+7N01zRoc26P8OFyA5!V}V@=I*O|8=~c{)!qxJU!)*zj;N=%w)2ywbCi;8=+P-j z(M!-;2PT38#)-<3Gw^+u)L3QtP;oScOEo(_91{g{MDAbY zdH7IxL@+@-Cp#)vs@YIvs+!_B)6JWYA}s1=0^N_sB#%$UYS_M+U0m;&#=)4Py0_1e zmQ{dZAUR}>_q@)9bvqdR9K~d_&INrmgqo0IMszT_eH#u^NAAiIw~WC(B(@OOh7Adg zy%qG|E;^rC_|bGvq$?~d5>f-vF(TY+MJA`@Pje{tS)xK)Zxgw}WGqI$CXu zwAf;7H4*ina%%D0oh#Q#G43w6cL{L~#y=l!sNWCUz>Yc&aW?`ZgPF~XwUP`8N26I| z@5#shs;o*IUudiZLxJ;|98d7+SDHZi*eK6#1rui^9urn2R+Q4tT`_c7#NUAVe2!>n z?lq$yDwT8wCCPU}-8}?qJp?*1B3i&ifWot;yDY?2#>i#w1f~-hwIRYR#sxr)Jo%ka zsFk)bH=HRpjZx8*GKSfsjQ`*t>Qo&8_eV@T!4iI!AKX&!9u2Q%%X<;oFVE3Yt@E-F zU^m|$2dYi??HSf19!NIG^Yxfg4r*H`fXfnJpR5uzvv)z{odNNvG0c_UmySwDkRsL8 zpbM8nu45sC?`X1mPH&ZG^5b5r&l7;+=sdnyMW&AXO%(@k3~|8Z_1w}69vBg#3eI=&q(+((Hj57dZbcPBE|;Ygr>AVB8<{{tD_HnHI>- zeD!d}fO}5&b&$OADQ;Xy$`KM`I#GFF)i;o1nqxZjUE8uU7ZM0a@yC?>T*kw?ynXRF z{>-mI3d4Nmy?@5HHX}5eS%PZe1M`E{N6y{I6@E;fl*m&hSpxB|1Mf8?F?!|ajZ@<7 zYf*>agK70P%c+qu5<>33%7zdNz!GD3iil(_fvP^S*5@#3;H|cXfT77_V<~_?8XEpQ z@1n7K{$A)z;A4)jHb}oI_k>q_C~xrwc7B*ur(Sj?QvPV^RT5bbOp1oGtE+@Nq-moD z-t&WnC*u&_O85I$6w|#}v3&xqbSbb9%?|_gr!*`q1vL-OejAxVsKF-0Js>d}t-q!< zAf*kS7)Bh+_c=zk)&Rxni~BLjo)vL4_Zx&JSeZvoJF`04|$hal_Gg{`A?vffF5^y>?Z^dwuT zg9Xd^YxDPVH}dRs9sOC<6idF~Uk}IqpA#s4o+DI_1WPMpKXf*IAsK~fiuDA>0kzS0X5 zBQJS!e*)EiG}I1n0lXuac&~eckqFE>2oVm7lX^nr!m(wwt)X!c)_Hg3f_w!FbE&9B zQqDNy^kUfrE<=NhjL&|L-TEU=fFYMsSkTy$7wbxgm=OykN5u7rW=WHuB&l}Z!?M;g zJe9VqV`gdeWH;r{Prl<}b(p)WNxUvBSU;D3Q4P@yztOYX)xE@{MuGEnTJ)IQ<>oX( zv7d>w9&?+kJ59!X~<=aa7_&7ICm4(y;p4w!dqP_K~*Ly@g$(3ovE? z=p=9vk`8JTS&-7A#vMWz`P-K9-&$0J0?BfO0CzZ4>8Yoyzqwb8GYv&eUbb4-B^y4) z7$UV@7i=f#%cC;Urq-F}A!?SFoGk>%n5qk!9UY1V?`&3e->kxnRKoDiyj5zCBK5e( zFkk}`DxMc-3*e98N3l^K01nayjoL$k8#;Tl@m`0Dcw7D?^Vo#XB5CP_O1g8Iqz)MQ zGBHWK_}?WMY3-$5rs?qc`Wn22nX16f^MoArwr|NxPR6;?@8x0%O$qnYnhV=MFlF z*V{nXYGfQ(J^06}+Y-xUc&%}aMHkF3-hUqtwwy+uotisFAX)%zr4DMhadA!sGNblJ zAkQv#J%EVLJS~IxSF{HOVA(K&gmGi45@ZwLD(HbosJ&SC{+lPp4pX@_6EU8KO5hgh z4L*uVvVKkpYpo7(dAMfVIXb#5I0QS=RVy@7vDA-=77a#Wh4c*w z@b1-p#l^Uwgd1d_&d7_pJk`uQl3WDm-4+4qEkW!eLyblAaGVw}uuu&fcQEaf@bC9u zjmL2^Bc3!6VN}g*W!pD|dgf}!VBe0k+H{R_I`ZV7#3n^mFRU8;(U?6F>XHR;B%+Q) zMq-{AdTPqENKi7sU-W4cDBNaGUs_1oMa>Z$?}D!9*T3-9+P`KU z?6edNrMIcx~ac#t7?OHX|e&CY`^7_k>08KxxSMo=vgOpgulaT|JI<;@SkX>6O*QMey!i!=17PT0#qyf#rWVwtngb2ukRc{n&2+1 zZT87)p6|S>r{JSvhV{=0sSl={AUuPN;Kl5-iGGa5F%C-KDFSwmg@a z@!$396IM_hWdn^lb+}EI!!E@*8d_GB-_ne#fkZ61e0eYljH@&-n7A`ygjk z!*)IkEkGEtwQe@zpjyaYPFhi3&@Z((o6DZ!k5;5LZoTU3h>t%{^Lp6CE`>OearRJO z6-GH+V{@T^XAJ;=pw0$_SQ|Nj^-0uoCQKBM;ezCMIh8R~B)t84^zkgkr?-^)zA~av zV{LdG8g|({)nVQn{%LxwTH{6f3owY^yM!il4keuzyZ17c+OD#2gkT$Yua^9G>_Gcu zfh>{)TFRs*0BZh=7OAWXM27MhKu)VOlsm0`QRg&oKWYs30s}lApy97d0E*n}&CY&W5}H=|a=S)CrkPF8%`>$_?fAvMW2KWd8*A zW^ADH&1y!o)<5~D>d>Q2FO!+6eL}?*rD!DPD}b+yegB6XjZR;8>m2yF{UWc4hcy{( zI7R~m?HiZNCnG2kiTXX(0Yg~JMB9I&Uq|*#<&lfVc+{HB8?kgChLIvY@zcK3bg+A@ z!Z<(9GPi7xPjgAhGo)(~!%?(Ce2NI^Y-OD>%;5&8|Gf0iP&h9E0L;I&ox;mVO{4DQ ze(m;XR40Tv^C>+dRMI!gN970k{W|3<=Y5O6(%fJqZ^C>X9b4WukW?K7X!-}i+V;g_ zs%>OSozS(PxZTp{RQXlz(H2@0;r?v5+B8H!rW28?V}` zg?|D1Y9-w4ah8A|kRdbqQLRIXcx_nQ!m8h2J0gBeNV@Qdho#2f^Hvsp$C_jS3&9)x zMFf$jdo?f3vV!N@v+R@9A`}Z^OUOWW9HjW-3O9ZEAFrH=%o&V)RTxJjOE^W=9Y(2k zLZpg0f763-ePP>$2#m+#T;R|Wpz>4{>kNL=225-lzTj9zq`osFpwJw=1ezGh(Tv+d zp9cuF(Vnaju%F7nYC#Ksvx;T|-?A-{Gyw4w6NLDK4&2_qa$QQ839O_u5$aQlu*i;KjmD;32hEf{VR1FWHpTd#zxoix<47u^;LDb8 zJN2PA+Ei*XF2{Mk8P9|d$c|Kl$&!2(mGt*L)jlnLpp(;GZaFtPz*1xf1S$h)V?XDO z04yYl5cI!8^B14j&+u`(iwXO8kuBpX+nw{t-gn)fxmRPkh=ey}d<=+E-ZxzdgfFmT zzWuS6DC*}6 zcIwMn);4>Tann^8i@Zl_DoZS?P#LzF(P9$hq>u_$+RpEOkrZeq9zk;a)QIN)Z6m1kw%qSy~H zKG28nFXS63=D~#$_sFV$QYrlD0VCQ4LmRXgP?(sh9odTpylyw+5u-3lW9|r8gGL8q zGB%x%OtL$aGg(&`pwyq(r+Q1(BLiSd&r^NpBrCbGgDqmS9K_}BtyOR_BhHpS!S_?$ zj*syko8Z|IrdKI3(EmPKbe;8kbo8r;W#=#vLff3XH0YIFP)^)Kzao(_ycVb5& z8q2Aj#q$kf@n|IOa=`nkXcN%;eoO^3)Y@%ZGtB)M0xD+Yy@8SwM>WFxsE8xC6UJA= ze1*De1{!LcXCMd6>5J%3`Z?w{ocQCgN^to29QJqxITMeXBx1BJle%VhM7%6v5l{Ci}i2w^h)2;5@9UgzSdY zW|a<>nS4GK%DKY-^k0R{tyt;lF+3}5j!F(TY@Lm<>r@>_zv)bQz~bTr>gd8 zQjvueqMKwP^L?OX^&p<_obl3GkzEGXMv$!q5;y|lnO9O--a~1h&Y>LK(i+|ntNcSz zc>;qH!7<-j+v-wJ3Yj3&V`SXJ|IA)gOH&m0tiL&WbZ1aTai8KmQbNu52{VMnd%;mw zpWFQUOrToeC&{4pMc)YlKRbspibgl9rWaE{adlqn(s*#0C#5}FV3PwQq6 zXywm^6raX)U{ZV>e@RL;z=-GZhPrKWeS{Pnk6}{CDK%63vDLF98iQ=im(oj;Ao= ze1klK-%#W!+Qy(#RV^qqmN5Nb8R6V}Ts~O%yJZ%@diZuJ89j{-rfbB=_v?Jh0rpx& zVvZHJuSp6_jEBM3ZcfuhPR~`qc8nQKo=K=%sT;N0#5g(y&NvpzI&RRA#4@ITOCzHG zedDuZ4NsMfitkL1nlt-68TH<7+wt@S6fEkWg1(l`S62Mpb5ip;m#B3c_5Jq@yfwkjCZ{28%{Vmy+6kyKbXf;X^axbVLPYCZW5=xuFr{DkJ!hB4cOi3Pt z1AepmD2wuQkuWU57Li!877%aT&7r)sWSrxxtTI$b2&1s?6*VuJyIyWVgs=G+<<^ub z@JLW;DhTQq$gF{m;|4R;U`$nwSU}!-DzHc##3UUoHUOx`6e}~^SX*9j?7xL4^&}XN z*o&jqz?0Ftd(E=_CZsh`4rIRK-(M1@E_loMO^<4FF9T>$~ zJJl;nz>hG>G$svb(tGL%er`?saotAL_26#|s-96S;*42U86*RZ2M51wdadS%`($dbgbST>Z5C}v7h>#6sW&fI%MsBkhC6!1xqD3vA4|HYz{*?VB$MO2> zr)gVLoobBrVQMmGZO2N*L>pKK)U%aF4HZuC9_kj56i`Cr9Vh^RKrRd(0%g$Hm^p|b zf466{wQ5)|2pj}1@e`dN5)h2=#(JFKkXsfS4%o~?01!w308m~WkU^XPfdB$T;xiON zR17GIUkAa{4-KCW84lQUxBgGxmKP#|DEXmx`p+k*-Ksqh2norc+cyL_MQZ>e0w)4Y z9;g6^zxEB)x_=%3a4RlI)ZSi0eFb}rl?#0WgkSZx4obL zFtT3^HpVmg+gL6LUaxKgAjB=?XZCgN=}tI79d7{tFH5Y-iZF=|59QUm`-Wh42lg7wuGJO@ z2f`j;=V$lb)337^fTSN8=k&*R#FtnL5YUf%5Du~qlv6;j^~b1(H4yiE@Fg|Y?-d{i z=%$Gr0O0%k^K0f_N9WlNWAO$59sgybR^O)JPA&CgCg$gv@=w1vz;~xWKY$KDBA{PT zD;u8_2n59E4Rt%gsBS61H*y7_qaQHIH`nD?(zl~tZO?V?LG9Kq$fql<^=p?|A3%&R zlMNsW;QE#?rHS8Uu5um8{Vz3;;751!Z(GSt_=)LrP$&jDDQKwh^m;x+R{c;`wF z+NTe+-j5_R;7?nFhMs3w>BWx+b6nmBx11llzz-hrpdji#aPvwq!By5b%0#Y9;f^F& zaBpwB9sKBxDrhei0LXXjjZed+*0nBNtf%nz9?%Zmv~Q}C|61RbuWedh7zIEOpP!e# z|BC<;3L@Yu^k!`V_v#5eEb!}_p5380#BO&NpC2%e|Hp@j@DSkVc#pI%0fRn3&oQqU zP;c!6YXSoBZQ!>^|I6gZlgrl#kzK8f&uz~x_rRI197^xaCp-!O(5t?$VEo5s-G|SQ zxUVkOHyt&BT`ue${7*N^JS59q#o#(5B3v%{GS4j|v_C=}cEs36mJ-5t7Kn z6<^G`19!o&>}mB>^!AumIWhbTa-9v8J+@R`{r9t<;zCT$3P$DH3(?+c=lbtS8T9LU z&hfpodO9d+K^V5j&XD^KK;A9jC_$}RPB~9z^~g=`AxLM*(V9;1C9jN-3Keo9beBh$ z3nBc2EtRSJVeBFGAf@RBw2kAQQlGHkLu0pIVUI&WCSM;0Q4Kclk)rg;XzW*JowCgx zFG2df_pY5#EJ6NQRwinu<3*U$lOkkBtM3R;%nYT-Z@TdnMC9}vN>4IY?FEoLPaGf4 z^>@{NG`gW%g`$Lvr-f1XoEA$Tjkmd?0 zh~*CqE_a`1jC=Gp;RilU`pB}E2=j3)^Os3s*K6CJRMIjy-fyqp|X_%I}4- zmD13Z;!ZyE?mwcy!bD!yW?1R&{xb8418w^th#XYm$AI^`3CXdXZS=t1mHQzfJ8$rV z04fCmm1s(C%jQr%t*(XgW6x~B)qlOajhN11zYJJ$SAWnN@evnb^ZW1<3+|Zl7q~^6 z4Xsl1IhHKh#a$oA_ zg{>q#8=z6#gR(TtsXUXLhfxtu?#f|VuzTCRC*gZii{;*@j=py%Slx0eoQDT7+x~Db zqrGfhlwM~k-V&PwMvHPRbK>ETw}Xi))8TSofH(KZuiLQIIuQROs=ZcFjEMC?Kxsc$ zaeS}au_CXBjCkK@Wv6CC9Fo(P*+DWK5v2Fwz+*I1meq7JH(bd=!ee9^#XRXuE51*k zVg~hXDRc}}isBu%hqBW!OgA`DRm zLfX++ofgb=A2oua=Ek#~X*=dgYyQzIZ_VZBktASE*jIzRx8_zVGt2t-zNlgxnCwQ& zpHAH00xy077wK6Yex?{ox2D?O!QyR(R`%n*Zf_*IufEmceaN$T8qy!zHlDx@Mff5Z zGvROk^@rf>YY0X(d^}xa$F7#k1f2(RlJq5g2k&)5;!>`BI{318#Cj^Al`L3bI-tDj zysY#$kgLsn$POdI0Q{Gi!5jXdTzHytb3SJM2|Ai~Lw0mk#BVE`ZZtt)jnR$OL6;>W zv3Q1n`5MKml}tjNC4B`a{c)~*DG*lfw6gf|BTByex2eoG*)T+9(2{0l5`rV)?6Uek zUK9f^qF7<4(L=Tr%zoTCFO`a0jc%O2nH0TY-C>Nz&AoKI!`#FSlg z)@BPpMdl#hMPQ|Hdg$B>OhEy&*#_bI1Z$jeDhM#P%FZ%mK72UIN@^!4&v+fc_iHx6 zZLaUPUPfwYQi#DcT2kW@p`vVej=E23Jy)9GK5aun<+Fp@ok5@LjT0pTSU(2k-G&Eq z@y1V_EHglz+@&RB&Dti{saAZUcT}Y91ewGFT7YC6CLujvr8=Bu$T3)4%L=!D#6~iV zCiiti8j+sEP`)4;S-vLn^Pm5dP(NHE(&9LjC6Qfm@`|=Vx1$NJ*9)R(cm9PcsEfQN zUsa0=HPKRxmVtI^z=5KFW276pOSY0n@@g1|uZ4N0UCDO@hjZ%ag{otp8Z@T}4N4?e z#Uo&%mZiS^-l-AuKY|k677T%NdTZcMSK0J69sLB-xf_^&AfTN+PR7EC%$Mmd8o|)b4X|5j9KoLknDd!eiF`y8|X$XbOU1s?8(eIL45a1v8;1) zJi8IM#uYT&rX@IyOx&hxe9>41F1R8UAaoJ*W-9_fdESyoqaBj|ls{Ak`}Q9z@LWD< z?P>MHfkF+X*?9^$Hj&Zlw-S9ngv+N`FwTB>I78tC9}j2L0 z2>m-*O5q(NKG>2bJ}_b(LE2&})A_gTNS~48UL1Q90Sd(=nI}+*dX87S2v+zvJSCB9 zbhJ+DiuicCZOzP&ELS~JA*A+Tv4(o5<=SGn*H-qbpyea)21O-0Pxt4gi$UEzD-iOjvxlSkny$LU`Y zFALXhDW})IdI--#V(lcIMb6gDTiVhe7-Z*Ie?v#(Hv0!{HV(n5NQ5XEvGzeqc0%z! zhr|23dOGZE3zmkK$6(F{!o8MvT4kPUb^+h>)Jz3-D8AKbYl-Tt6@v8iXOtF`<69Tp zwKxh*#EF$neDQg=?jrEm%`n>1i#h#9ebebDuaMmNJGtq?vX|8g@q$6uW9Toeko%?G zIV4-MV|)$yu6DR(a$4eta434yW-KC)t7;$(C$qFKo@Frmu8Bx=w336C>ZR_FahXhS z|8KV@U9-~A!&jpo!Xk|ka}7m(63)_c&E<*&rT$7g+OgC~xJ>N<)HNPeD)ZW}Q+mcm zrmHcWEn2aiQZqmH{pFlCQG9r28deI9(%_3$2&$rcUxWd5tTdhYazc>wDO8p*Hd zyE`$XWYoWcY_sAZS)cOSoLCHH-x7scqNT8!N#2E7CXN{(8uNoF>56i`k%iIf4aHNRO|@qnGBeO76C6E5%x}Wo%e$#7D6d322683t$co9i zOp$8DDNC-;x^0{xD$93_L_De?NH^><%V+f^JTHKYtN4#5op+QOs;}lR#uS#Fj_s|7 z%ah;0qHL)~eW+a9+hpxULi`sZD=b{J3Fs;*I8C~tgJS=@78URqVVsSyGl6?Xy@VT6 z^{EVGSq6#=1BerZX7!9todh2M&zGp?giWWyJ-B5V`}RwcG8sRE{nI=H3bm;KPrP3u zuHg?(C^>9~4v57#Ni(Nkgf)9NgZhSdHSFWD7(rtQpTCmK0H<)cWW3fn>Kob9?bEU% zGzI#}Mzf1ZmJ6=m{jwjbn{NLOT=b5Z3^{MoJVV#3xZp?UM#3cmDNlyRa~1NAjhV4o z5}=>%68OO>E>yM&AYzDv;tFZWAEK{Z+qsp@fK`d+l*=B0XVhP3TbUxJ1#2C6Jyj}m zTD`$S%v4FF>{ql79?gkVw`k>V^qM?u8J+jeNE=D=kPe(-j7tHnio&oS0 zXOcUsd=DmgmNU1JtC%N`)*j%9?8p9tU;MF9+W2^7i^&PS@*W-M!By-6y}GR|YLdN? z0Lh_PR+UZUng3i2TX%Roeq8Cb=M2O~MU68+;*0rfjFm4gk?^TD`5AsMC};kjK2Q_V z3+>V7Zh8ptk=9DWE1D(ZuVKFj#ez2O7HM_~0Vb`4=I?~zYJVU(2)g@crd02jx~-OS za+K3f6}pMp@f)@@iHg`$0fAJL?pRUUkR~J(#F!Wzm{%ERz)WVyc?mx}X_fSe$Vgs? zWc@p8>v1|TbV}wVKEf2;lLhk`1Dzm>9mDw22$qS?*H^w95T>74p3uGA4rY9>7GB=b_ zTSY_EOF9r5$wt!mw4$Fs(k2g|@RV4Pz-T{&fJmEv@yMnRCM+ZqS|UNMe7mtZuq>2rWuzgvi!h^ zc`ZoAk6vtVk7KgYXkRT4v`LZ;C(#Kk85 zHX&6RW(-7B`-yO#4fP9x5P{V0Z~}p`a6n~z6wgGpiXSf%GPs9f3rK=yx#9_zA9Zh7 z&luX*q&Xbd2BI&9?>s>)-?rWj8JE}R1SrM+#6|mP&B1u2S6s}DhaolDf`Dd$nB7ae zeJki$Pp4{Qz!bBw26!ebcK%)gugqf(8y+~#01uz$4$)AvE;CsRhCC}hbQmpRh;dMe z4&*XHqE7$h2?o)}i7yP%x*6=knK!WM4k#yV@HGC~>%bQ)a#>LJi;0;@O>_rYOWc{N zqmYFyTJ<{ALGh&Oqd8_|?a)yStN2@@x>T)!vu~w_%2buY#>gs0j__d}F&c!3^b^{e z3&b>cb=XlZt4%&AxOoijV5lix{<(U(b+Ms$30>%lMD@9T?_Xgf{4gZ>-x|m?98O(B z!vcY5n?0Q)UPI_M@eI84fA3>3^_}zr{7*?Xg|jG2suP_UwmO+%_YPmL<>3)epB{OY zb>=CX^&%pwl=Po2QyO;GM%zax?Ch8usrpQv-jsHM8LI|RCT$|a%3APpGx@PSjBh~X z&)~>Y@A@`?X={2^eDs9MPuWVJ0!UFrYGU_VQ|y%I2@mO#9@B&MXdV3z(t zG?l&B6Jj6a5jj^l+vxQ8CpW254EuS{(y&`5xVq0|HsLnidZ>SvOpUIwOQ!4pF{zR12C&oo@EgcglLgGXzgW4hdL z1`Q_kzk{fWPkAWUnUfF4Pa^X85B* zPPFv*8!=T-QW#G4;OjhMe3eelb3q0>2xpba*I&9d2F7{mVP1#n3^OKdwpt#_iM!^t zg(B0MO*(=Vy8`zOH9^acX@AQuCauO?AkY45$E%2BCzG7+(IWI(SDKX=v^fQX$0zd; zzA}4pP#zMAYen(0k^(^?MCosIurDYktFRyPC()^X88;lnGGV6}!I^gZA>9XB5^6l5 zN2!DfU3(Cpsp9VFwPL2pfxm+b}PXIe!_iED-c!TYa zgHdbTh3{H73^A6HOaJz4yW9~KI4HpV4obu&$L8@#z?V4Fe7S1gjob8KMLeX$3RpA_?ae0F= z+13_if-M2i&ngV%m#YH$gC@|5dX-*{PfnT#&$!1EipUPlGjwbW_}a2GU@IqsG@rY) zB?g$1NSncGraelNFAx1}jrlD~>-hf~54NG<(!(!cY=;k_uzPIEx8@3fU7SR9(C9Rz zV!rzW;2EoP$gQVOQu-_POhnu?7AeE!?IYCi|h3DIAQH)b}1FW3LfHqqU zFB|A1d2M7MuNDesV4do%@NRR#CN0i(8t>Kz=d2g^dXkW~mf9gP{@~boxgdF&gWXnn ztOIcG`MJ{V=ud^R&71rVTenAPbJGh=kR$jAXj}GLEmOL{7;>^SclxL#)Z#4%hBau@ zY;P@ui$QB|WTff^!k4ll{vBL!mlSFmpm}>Rk1&Huylu(&CYijL4X=lbFGlvmV|9KI zz*D}B1!+Nz^V{S+y`J4La@tjkegUfGt$GO$CF&Q7Na(vii`6pe3&+cf-Y4*_7uSr= z=k5m;S@1mQ(kE%EiH~OF!&R3ET{L`ZhoPCZ+v$);5x%(WgM2dfF}#d#tCqV_65Ckw z@v0CBdceN!`LZLIqsdZrv=u&XB5A+1JfnXJFJyYW;KX$7`=W!Bw!Qxy;Tx%@ZdKw5 zJCr7TA&>}3k3{7bj~!J*X?MujNSjbA1| zj*4@xf}&x32Z;?udr%PkD%^yE@AQsrIUsk1;1P`}4f>#*s<`B$wl)5b%)B zjjLAbEmL|Tc59I(_A4yboXE$VQ6m`%kThma%{jF7HU)%(W$2o(d+Skf!Jmjihn)Mz zxY#l`i)k%QPNno1{f-~TL}X@REpq_mv$=zrdZLDzHz77W+ikhYF$Y7@5PN9Xx9(J5 z{yRiQ-o5Poj~m&kwDpdKX?qI{H)|X5{dvRrgjn*#^a(0=V4a)`Y)e8R`%87PtOL5r zF3Y~g;OyG{9{alcwOj2h1cIHS{dGC~STJGqOKm3deh`-|03rIGbmcmqZ;@N#)us#b z`&f=Avz`><@~)3AXRfwJ(HaPCIj>8DhlZOd$&(Kfi^Y$vp$pKF@e=W%7|9YD8MMId zlbqzByI_n%J^NUNu?EDaK{8F4X|?XL7G`xi6WY0Nwd-anK&)3dDSNTY5HcS>=c&C4 zijf1>4*eTSLXy}ESxhmPX^mzsV1&>gE?{Ik z&qy+^s;c2!O;d1?ZgVnVvLY963$gk}Ze7;SKvCqM?hY0?H@dj+#oJx8m0Scgi}{3u zf!xK@)Y&tQZC&fl;YLwN^s?>_rtxp6x6*b$4FTuv6C_lR2*uvz;4}vNA&s1m;qH1KHfl-h%mknE%`K6z%!Iy*?({Pzsw^YZH04~SAbD3`9Qr>ji#u7Cj z0%1>`jtp+r1ABB-nGoC)eiR^3cV6S{Lx4*(BXId6I<5*+0hI{gDvj#XLY!Ft{RVdd z{+;s#c)XwPFmOZ5dkL-a8e72%rP*~N_&80jz8IE8gPr*J5@Uulk)@$^g~$3?#4WRpLQ4A-Ob{e z1ehjGs{upZffgnkNNydt2X7>)j&%M=0F;U;JSzjURm1ElFXOPuP22n3(I7rblJaiB zPzy`njA}eCMcq~j28j9H&u-{}9UG2y)CbDsVykRWoK7Ku$^M}@hpSDHVZ{z$wn3ss zy*;HJUK#0c2T`L=XCppe}i_!OHwSxMe{$(;P4!PaDH!GhF}6M?JdAjuDSuO)!$69qeidpOaVX3N;* zP1)VzCBZ-s)f2HGxY#NeXePto8Uh*rFg|3Zu|V}YD2j4I;+Dp@dD8?y?-#bVez%8m zXT~vTT8H*=yt&QF)wg2&err$6A=Gm>a=_=bT-dHKk$TsJs%m`aF`lBMmU_QJ>v(H< zM+-#qq%z_ei;p%TmavEMBoZ9Tk5V4lVhIc1yDnzP>WnVW<=jJd?rTgmTCMhuQQk&> zadi;-vTCVX7J9}R`sC*9>a8M=7Rs^#@{9y3e3eJJ=GMCMv@iQ6ahHI2*3R;~k;rV? zOC_~caK^E6W=q%;DsOxkl~6~ah5Z-7Q){ohj{+?s@6!?%R{qB(=CPPP)pBOrAb(Q} zs$s6RKO(mvkVh9TnP;zscIHokvOcv%YVccbvTc7illv;3gl6KIWz&dWF?|Z;+BVQ- zc!wkrf5zMr4Mxl<2b6!&Lu3W@0M$ro45QRH?|$4Ek?cB|#_Ed5#4?r2faBq5ljd)E zJVh8N)-sGC64A4~vzT2Z#-gSB;h$tJulzlu1h@<3I5$%eW0`}bMR;l=t3(X#qFTGI zLAR5ZB0z2#%FVE&BQvlhfPD zc%{%z>V#y~gvi42CEKCU{PdUfkKd&r^kWuSa|te+v%wB1}kYK zQaDeOPtMHWu_dm0DjH9mk9)9R!p~yk^va3zvy#B~owPqQqyX9v;LM z!Ka_+j;XvOxKXVZwTlZFug~OQ7ewJ;{gLoW_O)S-c4|-EJE7UR4ZV4ay9Ncu<_qW) z9KarmMkgOO--*0_p*00F+0CY#Og2m5A<4c3V@STKtl?{Q-9L%Z_k=_>24)yn!+qiM z-*|S2N|y7F9xyx_Gb*n?MiNTw6OR9ixA*2PM~7>>l5Kd%rtoF%tJ|%2&c`3C_*gBv zQ6!OjFE<^gNX4!&es7t|OSdxP-k3#+I{fA;RwJpebbH$8UhU8hf=E8wVbuBi#G<3p zv+Zz(=>Z*Zz^}z6XE3FGo4pIN&_lhmu>=;dS}h3p>5oV~Tcyr6k%};!{1XZD;%R=i zV3!L*AaPs|tnd%i*ks~$l8GaTvIE}I=A#)*%3YM$dU!4f(0|6 zXqK=_&oak|ud+{FD~+Vt4Pd=0J7L(f9FgBv6u>+`Rt3Le%X@uzV)(t(-?vBplItg9Y^Jg=7+zd0)>< zZ}1r+2oH7so3(_C2Vbmxo>L^~Vzsgw)#9B2;h&fd`2Df|Qp#yxd4R{;)hb6AI^y5t z5^Th$T&~xxt;MhbDKj-O{T*pu8n2y)DpuREu)?0x6c#yPamBg!P`O{$ScWHgZlS+;$K@L%WJ zL!gAY&34h=JEO=*QC}LpCYR(ZS}T=G*o6B3#;|K=Nq%*dI8cDJSPeyBQD+{$6A

    Z_eF*iBN_ZbQUbl_9G*%`jcU4qH2|n5y_LXI({VD zR;sX>&|chheswJb{OeX1Vn7MKSe4yP(>Q9`cm`&3QS$C(vE|M6bn#60mr1b?-1l+U zR~`7Vq+QO7X;6?*2Y4kP4h(!CNGamy)_AI35+|}rYZCHOh%0O%@kR5ty(grn& zBb0FnzgGN1%hT{zSA2^j9%?Vg2yLd64Qbxfpk-RP!-6Kga750q;K9bu&!Ago$5)1yX&y?QyBtJZP>thdS79bRE{w^o8D^y zlSs;g^cqd>`W2fxxaNnszWr#V`2IQSMziP59>OM5(;@BbOa(! z_W6>weZ-Sm`2 z{j*EUz-qlS4`(A#>)V=)wNeQ_lqIztht*{!OUE%=(=MS%QdR<{{2&Lzem@N`6;pYm00*K_2G6YKA> zEP3dD0Ww4|`)O`9*I7SSMhfD>_H+14lj;Eg9O+Kc8U1XbEoAR7=U#7k#ndi*gu|QR z1CJzb>Nfv7yqjoN!-@?Qv98Yn8C}|God%~j=6LbTxPpqT1YK&w8g(#Z|3Uo@#D?yL zLUVPY2*u=W{`ng&>EiGUyZ>?xH=B77C5M|#`{dnVmUwoF)^^sirS=$KkJl^Ate~^0 ziqVpi9bvdtGLzVv!a3zHO_WZU>6sN++8Jtr&A)ZLM%6aaf<#RW=CBNFaC{B2%?kWJ z-ri+lA|;g7baqH56z#2VSf}V2Sxd$X7XAs&e4J>pE%>n+oL8*5z{0lBv4=zlVyb*P!kSAtobESD1zETsKX6GlgYy0gk?B8x(?+oW3RpaF8 zYjTpKLxT}YP6s%z%_g#c(ef4h`&$IWd30uN)4ryyEHFqR)CLEu$-B7igJUXp$EK>d zWiI;~Qen>=myJu|hvEj)=wf3!w(~X?MlYNrNy9-0dmO!XQbY|-xd@vu=G3@DlR0Ks zd5#pyGNV~{IJaIUo@5$GBZ~F_Scb%xTP8el*{#|`s8sj@4cy#0g>+pa>(kQ3%WY*M z8isXFVevj)%mCQVb*N zg?|FT>gw4XfyKr1aAY9wU)==b9|PR~5*Zhh1qT9DAH?7NOE8H225>M+3(w@wO~sE2 z2Fg{q5IJzQg@ccpDjPTTb&AAqHwmDBczkU7g98iS0LsNL9a8|{VMHcXe|;EPI?4*5 zl1}ljU*|`U;!IDAlVklJFrc=!wtBQRwwfONj{umdKh^LAVm^>72v@uR3_u?g7&-c8 z;IHy%r05^{reOA;hN{8o9PJpKet)qbm|5M(98fFfVe1NWs@BM)mPhfo`lTWT~y@ftRf&9Lp7#SIZR@YH^H;82*eb@#-U}Tcrdd?0G2H@xd)4uRg z*4X+ncOx{T@R)`PqW#y|7{ElrNr1yKpkK$c{e5}- z{Lc9%r=Y=F9Dc)oKD`4bFA^y=9i{y!e>TY|p`3u-8}01@)Ym%r0d!?)0ocgs`ak=c z$T5U|HbBqv5QOoIULb~}*u;|f86&wdx$al`)@f4mL7 z{8m5h68!oB{igg&W!?X7#}_xn%-FGg+x`BI*;xN+aQKb7E7ve96Z@VT!Yu>%=u?)t z%gaas&l1SC`CX+tH2z`-CzSt_)wc=ZkR03|Fq4cgTbk-O{4iGgV>ND#FJF&1jqq@( z3Rqts!2f&bl})X5IhHkauaMBEvo|*IeoI1*j` z3BdXFhxf$s3(Xr8fb$y$PYcx9G30ydTRrTNuLJM$4uI?H{#T7oCI<%_*Dh(-($D(I z@9wth540{wPnyoU8RV)wnpn1sHu4yixRpzHyRFSwjF&gDWkFpNHvFc zI5F(AK8>B^eBK{Ag)Og}mSsK|n;13QuIEmsXqAi&TcJ;8iFrPSdNRdTu~5m$Lej6l zmpeOBL%Wy-pg%#>HnBZSaG{F0Hz`(i$yz#k=cfzt?>5JEDs@Nmw~}QVJC$PR?`SiN zCz-~x2nqyT4eaKLs!W#WR!qRZiG#$(kdhPD$~- z3-+|oAJ-E7P0;s56sb_Hc_w*Z+#KAMwav+4q_$;?p*Ae**yaY7~qCKs)$9F|lj3|VfqfM5h%12DQrhBeqlARW zz^w`%`8jv~-fw%_wj9u7)0~|kQyaer>UerAd}MY73b~O#bb@4hESet==N2oR=D1fu)~<#`m2(Rc zK344xmeEp_hT>aAr+|jseKzyP;mR=ArF-jyPQ9Na;ej^Mb_(Uo_=Mc`)p>oaX)p50 z!LHFDSuemNRN`@15p(>8@}hLyT1asu6v%`SOGr@jbOGc5XjY-2O8@2W!qMHppGujN&JloWxWSE*M|Q_M=*FCxM$F0O*YsOD5OIa4pp*Ro1i$emOs3)B?$9ZwA=|&Z8cJhGrw0jso0#lkpgKad%fJTB zbqb02q3eehvTc6x_@~2XW?sI@)hp1GICZ`Jfn*Ry+Uzwy;K^|};mv^0^kJ{uFvGHO zs1jGg>c=dN(pdXZYVnxMQDt@(_}uzEdtEmQ+ei^(PwGds=~x6A=(H$+9zsk zdr8u^HAmww>`~X79-#-RzvhtT@Y@y+r9dISS+`lOn&#C{8gJ$hW&(@<3V)E4l*9Oq zh0iOvJy-~)U&DLQ9{q}>p25oJlrSTs)kQ;QrKNRPY^^gpnziv@XZBowz)zlq} zb*m8yqu~rg9vj0ZYG^Lfyno*%XF3rmd#$;IAs}!smTq>D)yHo7wBXl$Zho3G{zc`7 z_!nI{wDEuG!v}v)PM|m{$!9#1pAXJlwZ3?G%G1q5l+>mA?IMSsny(E)%3Og9m{Rf7QRO)t?C+^c=ceU~i9vl$+jWdP z+Ad(C$p?I=vru||*swGy9(vx06d=IR%Fh=q1bZ=D=FVPZK{GHqvBMZ+wGMf3wX82q zbTTtd>h|MTYb3~(oO}P6LRC8HH^%mh=hSF>rbic~z|fJ|Z+FHgT)pOW4e$$7-~ZG-IV^ zD{(R@p2cZYqY6;Jj+t(lJt9qvwfmhAE#4wRfL~?B%h`ezBc5Xc5QHmdBEOHR@s$mzc0k;e}fEtQTJ(QcGw|hyX|mih^V1 zO?EkASjvH}p%FXFYiA8YsPTblWi(exx5%I$6Q?P}cwHim$m@@RinOCRS1i&rcA4Sr zikLVFmc7YQQdp_e$yZtx#l{NbP|-l z>;BCjiUcx^L7B!>Ag*p`AxJUA#Ajx{|Ih?Is_7cc;Z2gd(0UfBE7?KOUe0h8 zIgR>2bEVK8#@I~|$go3>d^z0+h=@X&5*;{G`$AW;V5MVJ?D(UH(Kz+T9I-d~vE)8e zJKx9xON*KZIe1FGB7oywzX(@|yyhxCy)~1!p0KsIcH+XjpgZgZa@h&Bl<-c$G_gv# zO=R0O&!_5bkp#*er>ZIi8{vURWmJTN7bT2jE`J}(3QfqX+dnr%QB=S~a4CXo$QKxu zz>?^&iJo9vHVUpe={}FBVo(lHig%9CdX!Jiy?a0g-Fk$*=P^~_1^F>uL4 zp4e2g4tv`W8ThmWL(vS9)2j^sf%Z|;mttQ_L_!nHdA2Am(YmS=3; za}Otrf`HWVy&AW2I1b6aUOL_T8)-YorRx)NrTYC(%vT56_{^oXh&jX$phr}*-gpy> z(e{h4Sqi`X_Rcz^=)F)X2RIAkQ{b#w78|rAZfo<~q4AYYp1QjbO&* z2vJndLy4RFFfDbK6qpL*-k=3)Vj0Ab%!HueGv?gRMzX}YqDgGT{gU(h2`W(x06H91yWy<#%V_v&0uM`sw3fysug%Gkx#zfaLXyk~l<~}*pf_&+aJyvBW z{54O8U#;=_QBl__e7Ia^aLa@IVzbL}Mw6VF?IGQHdi$eN;NF%A7;_qfO6IQN%bcTu zh%OkW?(~eCZ9N%O><&0C-F|oFl=Lnqop0bZ2POa%uiezLpN3d=az4V55-;y|iA}3? zHGatDTmZX2utdM5iCqkryPC=B%Chlly>>3ARWhzruX+QSKRZd=dx-|}shBn>a)w&3 z+lkeNK>@~v_bpYB4^p7bU97501J^B!3)t6ktPMM(giS{<_F8=_xmY#!9Ya=0B<^gQ zth2{64lA|NsZAo&Gk4qJKTu}On>2Xf=+YN#0vL>!_+hh{dVd6hy6qxgcq6%hSM8Fa z(XJ)^jl_x_QltQ~G&}_*X50*dobWlY$7#Zx^35Z_f;XreXMw=5(&j;jrRH?kJt&pl zH9p?BzE8mhy0IPfFEN8drJzShm-D&{jcp zL#;q@O2x=1@2N1Q@Rj?5T-@B&)!=0cNp9^4?I9+Q+?!^qwSZ26uLMMn^H!C&teFXU z@`BZ6;lW50=U+Y~tolSA8MfOOk2P*eTAa1euka?tlayQ&A>1XO65*^975@$+V)Vj5 z<@;aA`e(^b3j5rsc1FvXsz}?15eS-wtwpqXp;aoY%U1Xe97kXrbb!7m5a1iV+bWby z8+mg&okh*a|`r-M~_kE3y>s0spY|C zP{xNf?Lo{W=beuNd8P{WrR0#p{0w*J_SlnoTMJAZi%E${s_ZZR?3ReAo9@-mT$`yX3;9*h!7pAByG0CA?^t+)yjRBs1q^ zDp3~lv$Qsk6q@vmV4+5iQqTLMcSY`ga?cb`8e@RjrtpD%Yf?Pin2s}xg5F6CV}rBI>h6N+=F`o z{$BG5u^hCT+eK)w*-qz$m=*k^La7F{`XZT|aDGRYhl8K?7IVx`fe5qjrSZ0D4QSG@ zQ6}fpVPS<9?womqP4VvW71Ggyu-mMzW%Jgm;iJ>3)CO@$-fk;GZSkyy{wP6%i(#E%T|OAuNW%$vLo#8$I9qrX4lMp5bj zYROs3V6*OKWc-`NLWL&Sw|!8!>}jh2d%O7R{9??fDZ>z|$l5E6f2^~&_C?;qk@t#1 zYHShNWxA}HJLFy*|GHgyo(^+ zRzFF^eTI%Bja8)4XEFM>4yHGL4&Q$ctHqeF}|+wr&r{TwJH<%tT!$ zauQ4NvFW8LE=~2KlnUMDULmj}law)cav89X-!l8%seuey?{)?M_BTV-)rCCB1ooMs z%&yVms50|196@A4zM@IhVUF4F#v&J4Q{8qdovUm|Cl1gB zuh>@u=nJ=)K`2?^43EBF7bz4?VjEC_LFDL;P9{Du=+TVuoG_(C7R-?q$7rCY^w)NJ zY4S5t$h-3;NVY?lhy?dkqO;AbZwT`y%Ztw-3S`Muwa8E9UAns}N_jsgc2~(d z=`Ih7y}pBC;m4z`qu3@DC~i(YHYD|?rgHLp!_x5Ax}hm>KK)}_9En>95gI7^v2Cqm zBIB2F07uyR+|PNa^`ddl&Q%0n4}YkTCN*mYMnqDEM2q`;sIq_uLcp?N-Hpf4bZV>Z z&Ct_rJ*8?@XGcmsGaIZXMdwaO=L`VYbY^L|MmOY`DD_q-80j8l_=?G+#6~2tk)UG3 za@kAzdG4ejvco0bPHh{eusfebtC4$T`c&z%UT!d9$KZ>0`boTN9~qjn2A4`- z(yn!yg#<^-0EYc$tg@~|d5Fic{s=9q`4T?+OVe-uy3 zOqg&G^u;uf$pmcrSkNPRpUPt^CBAdaR+ir4sx^L|M(Z=@@vs7p0PUh_%fcbRL!I@Z zsjA>3YLS7NhV}d9;BOY>*|&zF+(3?1C|w8h^U>1O#lInq3Hm z8eamnFK6Z3)1J9v+UG<}3Fw#T+%BgQt5QSQoDEM)$uPAZc&z_m0Mi~Ea@^Ax(i^T$CCnM zOAe#eE7ovl5;c3VKPc%cz}Yg(xutf?A~ST|g88Y!eYaTRkKCW&7p7ryWSDS_VcM<* z+c_ID-%(K(Hd;=4qgp(u76!!a>0}5qqRqx#459}#&GhlN55Jm7YnpO%AM!cia-4F& z-x14<3*!8#-;>&j4-hxrfP=O*bH!Njty)9TnpR)x@qHx-n>&31jsz(W-rG5e_!DW# z&FAFet8Rw4@>?0gP0l1t6zGLcYI2#rWcrQIR;k>qc8jV4meST8OPa`jU@OrTvU_fo z6-YDZz|}yYEtAS@?hPf4hOJ)A*btPq+tfm%*i`{Pxl25CNJ68!HyCs6$p_&lR@osr2 z-?m?LMn4Gk2n(TLYLV6N5;KtuN2~Tw&~hHe*QTRUKw_WZMTx2CU3%+o8D<~Xt1inm zVU>arGDBl6!jXW3y-zY}lx|gCO&c-i_0y0Q4d|17T0#J6v3sNvUnUDIT7i?XmPrxI z{*(v_ioHka1)CO9QSb`rYGBQ|Q)7!R9O74(KX~#Iyae+=ijp5h{$5yr15NRYjrd3sT5k-w;#nnCdz;ewnhr^8e<`v|6}C&+ z5PpE6x>#MKa5EiFw}iRh7PnE}`e-T@$K#9Z5q6R3NuAs&b++dYT$FKpEH>DP$hsoNYH$^xZ(3vDQkn8=E+iI+ku6wd-P!DHPhC?z;iVBB$+NN2B zavXjI90qpctR}7d2NCAkHTg%#P&E-i~m8(;Ynq6n}ag1XVK2G5q#=k|K5SoXR0D#y_ z!`H%Q7!_ncY1mc`50*7B2O={Ib~P9M2(`M)A|r_ev#?X`p63}&6!hmTs0Y>(i}Xcv zSE}QxTiMRZ+vNGdi$V9;a}l9l|2=ooR_`1(3+sod{~X zUHU#-_S+hjW1U|4Uc4uKv5=!QrU4iw$!g~^f~=5B#~Ib|q4E}DUpKWFqWTRBv1QJ{ zer0*Y&YUU9hC^6PmVt_V%6>~s) zSLT<%1fkB5T54ENs05N;Pj1o{BHqK(ij)Ubv3ZTDX^wLLO1XkBu#~lND~j5_qxv~_ zQaR9&DAQp5VDBmDDmUS$n}Q0~-}DisT9b02(|W;vy-j!0znv+vr=`RD`R+nXc9taY zDDKpuDPZ4vxi)I=o`pKn(RTi`ZQM=%!+rr`qF_Xj*v@*qWBQjhteg8~snt#7J;NFN`+90bevJOo4 zWP6`C$*=@TyRo*L#Z^60@0PAYkKw2R-UJGJUsvKsnBRkhnike7jDihTmLgW9!q})= zlDz0x#4&e=x<2tD3gE2-K13!mSGXzX;_R(Tw0u1+A7sM>XNMl?&>*(crY6VjUtWqE zN1kW8@HWw zE7d~2RcQh@jxeZ-GdtP$IA;Lww}(Vt+}GgIX4LybvM1;EOPGA(F^NazQ`;jd3tlJ3 zaR*uVQf)U|$0*`BdaN-dRDutdX;j8)L*8!t!>YO*9bkmhkCZfbh&5~;nRsv#3eYDL zRG~NtqD-m9WabiTV_EJyS%*+&76L*v8z6lXJX3vq5%NHF3(6MaSU|j9=5bCm8g=&? z2G$%{+q+Ly9HN)0P5yaGjHTpACW39-%KyTOY{Jq!Pm;y}uXB3y4`^p)~=z@eBk?MAGl9~lkH z4xnvEVQH)tk3beuzl@07XMNjNk`Jdpy6HDx4FOAlQVqVxukDmcjV6k$ zm7uL3pEL1F`Q!rD<(7Zq6P$=Lb%NrWy%tUq0`MBGE&I|8yesJl5aUk@byCF>jZg_s)z_xI6?jz(pxYDh8(1(y0rSx4?F%VGAml(Q`hwTT5s=SCTDXL)bzMdF>TD1{a!tRhRa0j2SF z6)cgG?bN@Y4gKQ#!6gl+VMIKxn|mL`D1JZOP8V!Q+O_x0 zuK%hW(;J!=$)r(Awpin*y$P$~ryKPs#RMtw`SLR31BR{T9Q<}**(e&J2Do4=Gm@It zoe^ffQ04iYr~XbO`(i<}52G4ac*z!^=FtCiUgE;@lunK)X2sxvZ74t%;l$u(W=Cc8 zwx|)aDhNw`cXK85N@3HJ4{_o*UfK?_$=NALEq_4$;#2(4Q#>JX339y%hK3TZp-}sGdy_>` z<5t!%R2f%z-u~F?LKct)g3D0f==>XT#Ao-_U2`Uh{UC44 z*bug{`1L z)b+ADH?$}4Hl|o+ESRu7dH4UdIpwdHuwWa~tjyiE49N0*C*W$Wn-q=uDHf<(g6@^u zO2zV5Ys#ztbGs^E#BO!s~uWW8$e&!y*L=2`E< z{FMI@3pU1byZw{q{-@rQ`FK-OX~q+q7n|lp3xh#I{kOFeWo& z4=bohOu}QG@~u1Ou}G8h&{8fy70JP#6V1K=zYsD;P6w578c^B)bjN}fm#)40!87Vk zY5Pym);|mj-_Fnyiktg?Ff9gr1}2vOb*C}nvv4r~M`(+corB^3iq!sppe( z2GIC6>$-YzoTQ6My_~c}e-CKMALM#x- zCh#FZPW^v3Ba~+W_X>($cx?#ZeAlmdFEyla;bt)~aA#)+NS`ek0O;H~E(~rDMo0({ z3?3Qe9Ml2e%M$Gl;0o-0I~{-mULPc+;3pjhA=ccE9ucS?Q`_JLo*fEn57NyaA8@S+ zFcfnGK*tT@E3WAU51hAOPYoCz5&pxiv#-#PByhkFJm~rw!S+VKoeug2#6Gw~5TLVi z1IQeY84m#3?d=%CRfM4aUZ0MB8pS%y<8+*=?*nIJ=>i zKgb|9!5UfxAJi2nV17bwJpb=6?3a@mB{7J-|9TOiD?Ax`_S5Z^I@9p|94?m!@ie$T z;2@$L1i;7hmzPP%aVjv-&BbTi=j}e!#V(t|>iquq_FW$V2}v+qf1Vx$$Q~Lhut5hD zBB;1NTEOpgA$aJw3h3FbI!rqe5dL$S`W4N0)jyM3>D+f3y*t3~^fN$!2{lOnKk}VM zz!2Z-DsKKa>!eTUht2hO^1%=Oi|1s7aYnpsN>@&#OVDZV$@L&JU|8D zi%&;}!0)IM*umeU^P8+P0L+LbAHvP?`;}x+zLFjYR^p(~B@cUFSQO`(@4V z+Aj(n=ssXAX;zlt%49I7YDi0#3Pq#)olW$J7l=(-@9yq%j!=t-0a;_*ZiT8~Ua>Y0f+UE>~t-k^0h*q+`;q_`Xwr zh?u`b_#a;)+b&Z2%^{^kLAtP)BZp@y}5{x-1%r_QM;@w?uk+=8t;$6dv1p3OLbJ!#f zBB~#RnR)cGzD3hW(xGNQg&)D&Xt^TmpBlB*cSW?f3J}&1J=K2b+=0to6%Ux1R!E;o zS+HQIhNnee$!f~lvL=DX%bjxbRu9prT11C{dfQeG%9#Z%OzCY@arVi{U604!7*srQ zOtX0;G@3W=JFo1ly(Be`$jACq62hd%=uN=m5Zia&4BzunIhfKN#!;b@op`r8&KYVA zLR$_1R!H7jufM6ht3?XRJe=2HhLPftkF_;E-0bXl_Ya$7m^cFZXToQPZ(8IlePQAu zIVcQVt!mTgCm07-^*)ST1)-4_gElH|gN`f1!0FCthh-WgBO>Wt3vyLbTX_z=bk?py0Q2&6BA-%==&jHwgxZxVDIdIS1{3iyp25F(%U`;}o)FeflHSyKF06%ViC zTuXs~_QfCpyKr0oKH=0lIoe^OJZHqg;f=yjW{qs=aNrCn&sC$zcXh&)haSBvkJ65= zmUuasf@qS)G037!QGzISx;wgX+Si%R4@`!;xlfDwW{8Lm_=3h1q(0h`_;7=E3&?rBts8wnl#@vRRWodgqhX9d$hFF zK-8!4GEdCD08T(9DY$!u1vAxXj-MCz#twPptkFLmobmpS=_)$?yf#)hh-G4s-Y>C0 zeuI;mh8OmLUfLnak|g)mWmDcMMTi#NG!1Lk{tb?Z7E!Q-!@IAApSg3~hik3WL8EDZ zPVC!bY%T67kzx$pig8o*D>`g9PNoTnfRVDX_}qBWLgPu zyQnGdRe!h@L78*)^CQnp*KIYAPum1{-Q3* z^piAlFRNv$IVTy)K%x)fGw1-!9WvY+0%Wx-2f84$<;RG^y#Gjp8dlD&ck(;TGGJ5o z$i3q(!V?x%|3N)%GP5AQfy=-7oK&oW!@{7sYSMXCFk47LwY9YR6I8K$Xbb-elBCN} zn7;unI@##+VtxO*D#U7K*osOQr@^?mtqJ)M9$mb9d-T%d#+6J#SFZ|tXpm@YMQ9oD z$;t=gM0DD^xVB)3)l(pJ9RKGhmjWFQi~HYL`+N(4vZ%4Xbp;vxPd zOKKDxDy2okyrEd>gKMGZu7$avY+Qg*kuV)8a{TkTxg zq=TG?vPtEH7{yby?q=wJLTXpul2H>iWDwhPq)Dh265q76>v;<1MtlWqU$ z#d4H4Lu=B(;Mn*)<)62d1R<`a#KQ=g=qU0Giorp$t!Tw94vwJ7sZ5)AJWM7}&TbYx z-m;KG!Jq1Uq~o~tRWj_m_RJe6r7$gZhJ5$-wb?bjEJwdicSDQ6!dW1fmeF+0sh~a@ z=e849gG}e%ZJ;aS=&}Z}NEhI`Zlg1j=^&rSMt4^r0p_|c(5I0lk2jrn{>LpNIIp80 z^0s$`KJw7K0~s`detMtIbfSl;-RHLGQF2QLqY4!(K1WhZ*!%c_WU!Vo<1PE~Z>{R{ z0WcjAq5ojF*{MUqK)R;U6qbJz=+?kM#&8e{qemttPqtyoYjUvOUoFRTYSloBCnAHJ zj*8QXFUXGEjcJj78B@lQvVH8=@=Hp4T7xJ_E(jf+V-aOOCG5oWX3v;wP|DJZ(gC^C ziI~hWG3bN$?646H-?x27g9UKJ32zu(=6`hLEqSQ0#+Tf_FYzBX+w9^l$t*F$k3Aee)sJvY0fiSLE8Mc54vQjnW)+3_ zk!wO$;*INQ?MK&{rTw#xqBDvJX`YuFw4B57gipY8lNe;>7mQJ6IJ{{DNN(;Bpv&3h zF?0E$c4wO8MLf}}!*(e<*E)+fWi0L+$zR7ojjkS#keuk3V zmN=6)aQJv>F{eHzWAW`oo&%3FN_ta4PYW3{UN1vRHu}^ouZlF;qEdYyC76c4WkuC% zydbN^%c&}D=R}-lI&Dc!jb9U|V`(>+CwN4pcFQ~k_2JElyRVlwz5A<7?unf0RMm0Sk2}kD&noeYVqetPzPQyA4T)9x#ml`T&o|<= zyR1P8crBuU9n>f0Y9sUiIFJuap`?!_!-xN~tFR)F1@5yT9 z$)b-ptG2k;K^e-e4}qb`7+RLJA7zBwY@}p$7F)@%XfWv3WGAvA1$%H|TRu1K=B$<- z6t7_q?hRVqMp#9KiTZ!LVR&RgNUmjlByx8yq%PiDImg}3RNO<_I2`6}7w|B%bAs~S zmA-$jdtjH*TrXareyI@qoR>gAZB&C~>CE3-#OBE{QWhq$q$x&~6Rw>sr6YWJ5M`{e z*#8xsMizo^T_|l;V?F<+l?fPvQE=Oq@o5CBk)9L62oQYC zqD9P^Sgf8w;riUNb@PkNK(G={JHgBd-D{P%?pCek@h}RSgtB92H4c%i5ckkAo!t&J zZTEc#t%e~!It}kBL0MkhAvp6?`GjQKEl$%yl?{{e)dO%0oXX4O#gXP6P9D&!CFe;>3L>QP7nyi7E$^v`bmRjE7u}i>F&3S<)>p_?{a9<7O4V+S z;3pBZO=agFi%^dWpX?9r93%T#OP<3G8MKLoM~_x~mZnOp%6nnqa*#O*OKv(oo#J{$ z+*sdXciu#Lhf(t@!2b1UXeKF>QKuhfI}rshs^=ab65*{nisr**k)fo&E}x)zk)2Yk+q@*(1F1^prW|_O>*`kxj7L&v-;O^^8pN)!L`{P9 zs^o;O`~^;R*3JycwIb2~DjQ8}`~bVoUrGhLaaSitY@k zpu)kcT~ZY7MdG*TetLTVgEGYs=({K7x$T$EaicTW8`#IR;YjXaAo0}=w{%p;3^v-r zdhJ1=nW>%7pZ+Wfqp3+ev)UmKt*7m=C6Ah2Z9zHEZ%}XJe7*bJ9;xC>ATdr78;?kO z#}lMvP#r6Sh=f+^Xzp}gH{UcxL4&1Q)v^uM5p=cP1TS5$8f!fTtIj^UO&?koTH+I9 zcP9u%%CNOJAM!Ydrob5vAJTj7d=EdsmYlSo-O+(HcX>!~=yn5)R zV+Co$U53DGIZh_~t#<<$$|OsA#*=%6TfBs#?YtJ|Yf!}-Ds0jwd$_Ha0%}Z>Nn+D_ zmmXI_jA-x}5|U9&Sc=$nIn3$ z*6c^FUHB1ujjY+9tqKE=j4ke#Ubc&s`Ua|V7Z|%@0zVkfJaLlppYn3i7Fb=e0>r{CLXWf`}TN6v~+oQN}uATUY@ahv~R&RVnA`# zC?VtLY6T5h9M+*4NK1N4=MSm6o=okGwcL2a7QFqbr28bi>#b?<(1`A{B=MPiX5#4C znf>6dQ7lUDYZM91`+6I;^~+!)7nFEx|E85^BrUY0w{&&gu4n1=tF#Ja+Q?wH)cid$ zKvIUhx|jsal+O{>(o~O8@T+;cW4D>z77J+?XUB zFSud8VRq6@{Cy!jn??WB6c?d#7^+u9353Zz%}lk6K_c)fNL}|Hhg29}-K#i-VGzU6zTQ0gs(Zg9Sb!GA1OQw8B#nN59XKd6P%?&@sS!%NnJRj&0SWk<| zgL>U$aP9gizIS5+4E?;lL5#qs;(kCnPq*k1~Js(WT!CXnSrfgw6P{gK8o~a5B zKnl(5Axg)2S5A)abgZ~9BBW;E*+m_ETDXP~=3{vkpbIFYgNWm;z5+lgBPld?Xm;}{ z`p9Z*m3^_iwSim9*2@6Cm6ZQ<0;^g*HMp`VoH22_buF#|sg7sI zOp&rOdC9X=tX@x<$^6sz(3R!f=xPCdrOq2ZQ)Hue)b{+O0saKJHn z^Ua3SkcYa_x5-t$bMHOXmFBi;e;_pL zdNwwd=6 zSXBI^)OkBOvzFJR;AGEycV3dndquBeBz#)|*Vjw$bn$(|5!=edD5n%7-xNxlpq$eLc3g7<;_l~+5ozmKQH~&iZj}m*Ft;o3- zaRPn@{w?$h#ch^z(~F2^od*ZZxh+eypc*i=4D+m0R2NoUg(znEO=)guP@_@&i*Bem zyeV8%@aV58qV7V}`e3^}r-u))g%_SRSRl3g#k@(U*UsgG1?1XltW(wnl+jDn0vcV^qW+=$s0-il zn}G)RI`7|ONKR9xY&kt|oLM!8+Oqx624@jE9r$w+|Dd7p^tgXH!(G5yEGA=#gfuMpbjvDZ)C zU-=C8@*LgV*W(AWkZ@h&wh@5VAoT~%#}U4Ix=mYo`Tkcz>VasOnAh(y$eQ9cpT#xh z6N@rx10vy{f|e!25Mf-$qp7D5^*Rr96+p+bQ%bCazD?R!zvoo;= z%8(g)4su?Dw`O~UN-%gnJZ*w&h*_uFR#aR{n}zC&c$Hc*Z@02o)x<5-eDjhxSqd%z z)N}9{g1%Kz*<6PCp|&G-{fozJ3C_7gsIL;2&ia9T3L;s+cb~GUW)HTFF>$Mb-$vA) zFL9^S87VTEv2R#tsnf?dL=;&4B^JEN<>>0uuNOxbeI_Ob=ak{W7VWgkJ9iDe9J_y~HoevDN{`GZ$u&+QLZa(ZzKNzYQJ`4< zlb^vm9y!`(t*0D2qF0_0Ru%V{-JNS+`PPefbST8!Ah>=WG8m0arNZMLqFP^oI?C&x zb=Q=^Y$xqP>6`$iTU+uaQGIaEuM?7z*F50@4h6^K5(X=L2V}NXWHhv#8_1zwbhG@? zwn!k=K&51KJr#In0Kl3{=9m8ov9bLp#P)9>_kV#KGa)-0^M6Ea9BfSgf5henuA*YQ zK~KiyA~_);!NO9M?;`1b!U)IM3&!{xp0FUfjIf-NsyduFoDd#_n2d-hM~a$gO5psX z>*mMrq{?-A-TLZ_cLi?-Z{@3s&SPy*M|cYU3T8#Dunq-DvW{3`U{(en3PM^suulm{ zNC*~e8S)zv97?P2>l4``dH*NT`n9h>1Ed6c2xSp&jxryA8WJi2LiiAs=swbbQ2_={ z?KO^gT^_j%8eXs!7@jP^%K~+ifUqoJ80>?Hm-lb5@^=Fm%z%hL5;(Z$-OjNf8|fw@ zaL^zBP=zWATuDx3h$rC8LPID{_E&xS;975^znG#(l#GlDD3On8A|IZVQQ@GV$Qttb zSepdb7(niz-~S@3V50p13UX*9Ff9+_&!6673wImBMMMNrAbu!J+#`9$-h$0tKf(Sr zL1$gid?tw4_d=UnaUtASbxVIF$KwZfwKM`{7j+V zk3tnp=#sM_up@#C>%RTFLn34^byPa{!1#rM;RiAB$DMbblOS(LX-|Lu=Qqqh0ZZUd;;+}p0hCtzaB>--^B&de zJ;3l1(sgJr(T{dTR0xWhApFtZgF76>vy`-+d~|-_X%~px-&^!^py8?BMpLp7&riQ zP-wB*q^(zL*Tqw&asZR8ajuMwqEkPOn$R2f!L}QFN;xm0#~Yh@x1lb5VQ2bUpHJ3V z%H8K3sqg)fN!(07)cDQ$ILNhT<4}&z$nJ3G`?J8-RDpm`Z3hjzbTq5HqfjYfKi@Ja z>lN76-CF5F{x%62aK$a8if5WcU@VpB|P z-Krgb!`w%5&!w*pw1!geU797KQ111VH|6umK;(WYjas)TEsgKkujU`Eea;_r-KQp> z&!f+aOxvmIjUT12&GvtBYPVyy*%$X5Pq)&$W6R-9S>g2fig(qc=NFFqVJ=Oa&sCtl zY2L|+0Ma{x*2~e2eT|U_I$FXM_|6Y@*ANn^${F}!NED9P^7OQSTb_l&Mp2;sy7@^39s+7B3ahl zRU2MP%Tp=B`{}Wa2iY;07O1qwaE|jgRvLLsPLiN)U}AG}ZREF>i0euRoi7*Bl<7gu z)&obmZT{BBu}tIQ*`F?I%cVmO!vfT(a_MC}{L|sXslx^2X+*SI9c?6azP)eAn3R&o z@Ivh^S7zdM&#|yc;3k4+0@3tY4O{vY9b9RvVZzQNYu(Ofv1Sb2%!Uf>#&J5)+2pL9 zit3i~uEm(mn?@P-6|pQAZPM6;6*S*KZde;%QxCa~m<1Q(2&|-TbE&qxf@wqZYy9Y> z0?jFUXsaB$imWUwR_;!})FddZgLl?EbC#1F@)`D`tS2?i_zM#@n^STF84IVe{k=8` zOU_FF8iSp-n@iANy5H2$ze|$8RVxW^_}iEBV_lcd+y|24GOo-X4|z$Nb7$l!Ju75Y zrXPJt)lDq+<%K(9Ar@sD{w<^-ly-JJdg2ULd*bo#CSNbXdNU?roD;nwO#8SK7iR=v zb4c{JQ00gVzp{^>n5nk#Pu&{e^bE63!5DWGp;X(AeHSrESyS}~%8|hnQdJ&nu_vsH zO;hafySmWB%-Glyww!ZrUT{*1p8tuX>aP|)RLW5FGbAI63i@NZTyR}?uG2(dZ@@p(ekmQEpn1_!;pzl zZ&Kp^w2}MI?=}H?ISDF`d)d;OZ6%+DNGRdIpRiXUi|!SG6~;aVqde&HbB1FrI`{<#`2{s zN0=(JWR%5Yo7oYQSG`9>~ollZ}U(nZV^WFG;lXGwpT@RD%6iAQm@GwTg~xh z6TiUmo9sBWyX^T(g@cW`Ni!`MnMxt0bd3;v~en^f2G@S+^B<5;iiZ>Qe)2 zp8*ApkuKqp(Nfm^Oz)g$9@wsTu?dy^65D7~JV}DDcoqI@~`Iw_)P>oQ& z#574nwA2=fT8iph8$+#>CVZm+*}8A>>Yd+2qzHM%O$06UTvq78tciPN54oD?W<)S1 z(_R-O@a()Mlq9y}89KSnv&2%nW%r=jwTYd%1wO4|TwA9@c3|>~j??)ZrzwcQgRlE6 zWzNG<9LFD1bf!SwQ(;GmXIZO4y2CPV)diul`}pS`BcmPHc;Yl_JJe!IzROPt2@-yKi~$1x}WK--dy1bO4~x$?$L6hO=C zQ0JxQnU0)!*P>F1K_CB%@chZ9EOsu*PK84;Tx?gk@I07UNr@TaFpEed^bWW}+`rWV zZ?lJf@6jNQ8T<6nIklO1 z5V@fBLrOb(CLEZNanRG5ZkhhqSVBRlD%%aB?#|7OkX$5{YN}=v%MM}7G#gfW$~Ur? zOk$J}KiI<(2D?`KSnZ;Z-Qj6{Oa0ikR1$4Jd*|%;EaowX(yz~DcHWjeTf70yg;^VP<)Uqe$^#I?z_ zuw*QeB;vi@_m`UxqXU@8RNfd}Rd% zI`H!pmD+tiYj?@kwVkg++$TI8xcIUA%3jL$5T(`0#asxivp58(j&cxIeFO%S)v@le zzXKSAG*-gj=q4tilbYi_pK+`q$FYa9e%vk^>UN1j4$1 z?&Cg@xgCbiGarG=?SV8yi`+t3;$pPCa@|(H@ieWU3@A`S>qM-N_K3=n4p?_g>-YDw zx>M%BBXoS$dN<7d+PC($^gX~MQ@+xuN;sZjMj8BRY*nQZF50C`;-u8Ews&1|u457? zSpaa|btq3TeED}?R(zT2vQp)mUkauTySlJ>nz+Vf`9lM3+Ps~|ucfs`YLrMJ->Z3s zMDFkfMoGKxisW8a9B?1Ma<_cM#^soK9lwY32~fJ-$cB2SYB+4vsfWENq73C8qVzlpDt~Gx*N8~Mp&s*tnX!<{TaN!TnD21J}F%uLW z$t3{1^Cus2M3Y#=hX&t#V0rwfFSh37C8U`pkOEW4F1z-K*0W09`}uxlc|(p(8_Cs7 z&J*8}Iz|hyzTrF(s%e_I)p8qCO7~4Ct-b1 zksJOKo&nD%Aa6To*ezTD2%mJ%^5|Cota*40D1vyk!BmWP3!ZZ({=>x}RZ#U3(N+RI zFt*zAu^FbMlSfCcu$PsHb2QhhEz754SztPimzLhLW}av@)AwpLa;}bFYQGWTH8RL25rrF zvur;0I@32HMewi9w35ia^?>h7(2EzcZQLEOL}GUKB&W(vHU*OvUDA)a)JQy<_C^Q>h|=}Y}qIW<~Dbq8aoE)6#-b6?i*Vz2S@)hpjL zmfcB50O1Z~*V%5x<;f<#{Il}#$r2W5VpFOqBrnMr+#mJlv;&cPApg8{BH_dEXDGa$ z^7*82ugkRc9jq%&FCg>l5-H@0-j~AKGsxL!?_6GXn?tSk-F4GMdj*J0?~>HLq*M3X z)nSjBMRuSXGh93?4EA=4V&w+I%Hd3fZRA1C&LXO1`bZ0eX^5#;h#ZtBrb%MO-lYM~ z_a$jnH1f^S{5Ei@Tr*O2?&1wj;y#v<{{BJQ@Xozvr_uWhLiokzg>Xu-o7@<<$?JpF zwk<*~LWtfE0FUk$v2(wjSbZ`?z66L$^@hB z3qudjle!UTTK-K-oG$+*P#Vw9G$Eg`;%+rI@&KkQB9_M~jC@CC?uQ(@z z%{82y?aM`8y1=+IJ<=Nc49Di0!{hRFaDc$GT0BU^0*$l7=M+H;Z(v}$SU(1Or>TU2>p`3pT+f2Cqh_3j1ILhk@eGDNgR-=mwt6y|5S;~X@ ze_IX_{*efABXep}W(FTOEKr13=Rpb)p3~$#kMwsJ=L+^*2i#su{hN)7A6+FAgOi4L zIjkQLW4ZA+C%N0$+J7*~k&+P|#z}^D1!h9r<;Mi;(B9RtIxfwwH@$@jCJv`)>Fdcg&gM zGScv&%=*N8&|&9wPY>Zwzc|1%eLCZ^cP&r&4Qv?GKYSFSl$pyVpkK>%_|;EOBmKFioWqEu!c!x|=S( z_`-5Iu!0|??0b*{nR&VFEp3=I)Q4(}I4_=i zB<}%E4pZ~}M^2sMwtr#yr;BX(P-jvUeg5kbpl|Ih8Zz;AepQ=%aF5m@ zDw+4n*KaHJs6<9-nyT{fW?5GF$tTwOY;P-Y{e;PVD&9p+w*ZsTdi`Eei!0Uj3zr$6 zXNGL}G4eLf8GruA!~>;>E-A6G9jowB?HcRdbd05$AWUBTl-gr6%sWRp(Pl-fmz_fj z+?0910P2$W+r05pQmU5qkh0Ku2oZJlCUXkZCeE+^1nY@V`H1Db!K2|xkAsdirm zg6*uIhE;#6+PLeG5D>BWK$miqkDh>A*vf4MTKU%qd0<7V=kZtC5^zRQO{D*a{1|Lf5rR*SAA9r;T1FfXtPD$ zyK!sEx*~67V8O20-|5dEjJ1S?U3A+@Z)YsBcZNHJ$h$~dzWxM~#g8+ZgUlr{O^?uB z>$G3vPbH)$n-~vkSa*40^g{SH98cBu=ODF5%AF!GO4V9IFUc$?;-ahQo?&WZ1LBf6{4O<&@lXJE-2|@%3so3b*8_jM7h6l7 zZ^J%nI+#_|l!JuwRj#i(1bXW)HnlwO&BBAYkbtBAgDKy7pV@u!5X$vDoi zDV+XZQcw+p5So8MWpaQ&aXn%;1J3HIWPBoM62A7x?8jA!Ju6ms6TA5;o2}KfyxZM0auv+=+vDbj5LTjEj$ABWqr zS_ZFyseLQmWO_4zr>W=LQA?J>VQs%3NK2@CiIO?iOBBS<9~@`TuXy^3!M<;?Iqs!I zz!R`yO8Gb{cG`*>fB1gAqOqrzQnj=d#8LZTWrpZy^D49MpQil%9XWD9k)w)rvphMf zBlA?-edx-$x}7Z%o@tvynwT>|*8-QT z$ja4lT7iQ|EG-KS7tP-7#qlv9dnZvO; zuH8_!WO~u=e6JhMWzFso;lzlxt;LSu(J}FnKRlWgvjIo~VN_IMh1xvC0nFC``$DH5 z{?QYm{s08BW`eerIb2^bGBm|7w`H4MYIvpN=GaPfu)H1TXxeM`NbC-NTJz}D zoyAB8DJ#h!Uafl#>7bC?_Vc+^CJw&~qg-gurqOSuLgh+M3=Xw7fKMjtglw0mN@PN# z{$``k*bUmWd@V>lni{DqE?!0g8s|I8%ud4^2wFUk|6dM_S7{T38iICx7Tvq;h8Pz$ zYu9sL0~)jmvuQ;!n3QxqE?R-Gin{%TrDfEWD!QE!(uWyq$>r?cP+mWB^ip5rBaw*? zEqz?7Gh|v#g1@eshlJ<_4l&tn!dqt>Op&r+ONlp4)D$`bykDP5qD$k6m4i)dyvuK~ z%v49S9SKBpE$nZa91_H(dG;xKXnH2;RYXmnZvU{nG^tjTqJ+2G+XMA}P#?#nbzaW- zu`u{IF~K=~OFG|pL1&=Ch+BtQfaus>g(KeL$BW26d(Xr%*YaVe{Lbc`{ zP?RcLU9(2T6b6T<$(bB4!;xvafhC*%@rn1%HjZ`mSg2BeaCfO4d2s_NyDhtJs#RA9 zt>Sx(Po&S$Y9_Lx@Ok;lYgb39noCg-SNUiSlUkak75VqIyL+K}`mhT=&2q{%R@~W= z1=CC>ME{PqMbrt>iLJW!uQ>YORZs_BfI-`-gRQ-{jfspPrfl(mdn@UTm!k(^E@HYN zb5GQwf2BnN6&UNX>^v5}NdJ*gZ2WRZsDAm1aUvlB z^qG7~r-nH5*4|7$s4g`@YLTkpQ=rX=e>yYl1C(Vd@F{)t)<93;l$NbY*O3BW5jl4s zvj-YT^5?1Wr;LTAl(1Jp?0m!QCrku~B%1<&)T)+)i>rRT+FV`)|E!47#ngDw@XX_xp|5_!dxnY+pw64Qr8*8|e2mcXh%*iir@xR%@ zkhyuOEjsuob8n`wDnEz>NPZ;$3FmVBC!EX0_ndV|L@K{6Dt=N>;H5n z{~tT|jo=D7+Rb#)+79mQ*Z=)Y53jXq$M4Gd@755tLIg@XtnBt}>Ed&3walD-{HWfb zsb<;BXggQ29T$I6bZcOyqfX9ts#g2&X}T5F>0>?{sRp&Z`=KMG@DX^aR) zDNV)L=Gn#sBqM|l0Fk}Y#oKw1<&&|!l%3iJ{kGafB_ykWVe~zDv3ILEre~M4tC6W; ze+FPO|4=>njU^JoI*LO=5{^!x?a2dB*y#lyUbJ7#zArSd1Y>gvcL2WH>;AN~KMHjY z?ncXCYn&aRrexoEcXq8?*eQ zp4*R!j#UrfN6qb!5g3EFhnGBt0e4$X&cMsAAB3L^#|%?aR+B^5(;wnbg0%GXLX6(D zgdB|C(cv)=15?8j5QiSX>yJAcnsOGvz3<+=hIVuwx%Z>iY{&i#fc^aXaayw*CZf@!U`@_gFYR%M-iz=a1^UH&*nu-7QD>j}c5 z;cz%#03?s}-KGRU&Fn!zDmdHMKQ$?V#MIDJe~!HKsGU1riuc}YMtXF5UkcuCNXUea zW6=R6Q87ud2Iu=m=P|e6gE!&7b|>EXL(v6mdr;vF%s{x>yGnt!&)z_3@pO^CJ1IC| z{WZ_y&h*3adTBp6_JJ8`z98>9#VbBzIDsaye}pTlqknda|~U(@b~ zS0-QGYu~XREnkJW6FhVsfL?dKpQ>-U$vuLcu7y|ea)BJ~Z{Jn#%a7-uu#Yb1(w;4y zn^Rv@+#g3oz$oVrWH%y1Lqo?w2jkED&W_?uw$8u9pmDXt_O?EwI>3-}u!n zmfV}LmUFOILW4IDz;gZnBEHeqOcfnx;LMT!6orvXjWlK|Ddq&@EmKU$?iD zq`Hy&nH%$Ksl;s^37z6EBza`4$i+v*E;JUKh})N5_E%%zC82g7&k^NA_LgV7Dh%T_ z-$zl``3H?(Oz6~2*|nPU7{H?@-7I=3nhAO>-F;OE4Z9@^$b@Pd;X2mE7wwGnEXnNN=yOUxd;c{pQ#^xmJi7ciV-O=Q~6&ulo zOq*6~SN!5iMeJP{{BfC zWT?MiZO)QU^;ndcY|j2rY!J8;*r0r%9{~TjxreNoGfZTmcBW>zfWmF|upY z-eLRt%eGi>A2a#4J2fGs3%f90b)FERHx{Bs*rC!*LrHBP6h9Z?*Q-l58@Ty`$}4T-(C|DnZwW``kI% z>>LqJ7!!IXA?zW@9HNmD(;#+2s-kwd-nHe-EX4 z%OU#AXiz6$d$2h@4mAo~!+Y-1o%nsHRa6)p zli1!_BuWD@VcV1u)803QW8ta237RoJimXRpy3FUim18Ta(}@AJkSJ9m!6PN^@G;V; zeRfN0eMz@GWnoGcfhFX&qK1q!V~?lAuN2YJNtx93rvj|Ln3TMJ{@0UJ95N*VLVCdW zSOl+rbayYn@XdH*fe-yj&{j7hvt3b-={b5_!nobCb#Y1vo>o>|&<)RSfR35V$y(jh z;*{F#sCIfbQj{r^N>i9xBLTm0b8E+VgY-KgI!pi6$Guauk5UWw^|~OCq&)0P+DwYc zCI${+=e-;D%guKUwB)<-eCIKM+*HF-$MpNsZ(C**YI@`FI!^^o#wPhGG}j^1(y5p* zvSF3vy)D0JoR@1rn@TV}ir3a@ImW~WCG)zsXL2vsz$zB@=;%JC(HTun2u`uHlCLiZ zjtduFU2mUJ4t$BpwPNeDPrO%dpqoVvlfil+{?U@ncP~xB`C|QMMQDF@s6?T1b|!=+ z&jvgMO4AxtV1oOWKQWW{O!3J2xX`ft!mK=&6J*ZKZ@G`b<(i~kA`J>y&x$4FEjEMR z4Hg(u3LW$OyvZrUq_R_y0o zzKm;YS?6*VEI0@F@|FKke9-C-ZYFT1^?CE_@-TbS{la86J89afJfr4pcR*C8_GxFJ zIbceqw~jTnC)J*tOV=kN$rz+1F6K$#>W*C7t?Znbja;Api8-s=d0%B7P^|pmCi@}d zIA}iXqr?C*D~o}b3JC7MZKBoILVWGlW&7;}`2*BKl`OiUE7t(U9~mB1zK%$+W;!Uk zNKMB+Cqffzoxx`C@5K@^r=|xG`h(IAhKA-Rp5bf+?r-Ls1x1~Omsb^WDV(g8WCCp7 zUYxMY=XohXxf6Y6W>%;)e0vV57JhU}ot>b@Pckgz(~>oA9p=GixzZ7xb?F|j_b z4CsD>F(XeAYwv;H10(L`L;bnx7#yocbMuxR~jR!eKBypZ`c}E#P)aylHY{O}YVdGyflDV$XqJDOP zj&+JTeR#;@iXJo*dh~zt#x}i=*ISi1UZz{%ppLtHTHn3gw=V z2dC3Hpa}nNUv%p`H3|7*0(%x3Q#Xu=>lQ0}DSnN_uXm?qdnyT$XR$j(PkkPJcM{2W zS+ezH0{XL>il)d`8kw*qz*ih^A_@wuyp=PDgb{g-yET|rz!Wc5X<2W}5NFaAY`9if z(7=%#ob2bOH&b_*c^oVQiE6j-TNCfTO~w6IN>ZV}BV|hjcm$6;5)V+|dg$49MQ&BQ z?voJ5;voTw)X3&8CA#onm@JkSfpsEQt31KLotdlcLcN+-2-18;(!cO7M6)jzlNbZspd4ySuv`^O6A&RG7+|+x_?mA8?Mk|YMsL{VfGI015?gHlV|X#w?(?;F#Mj`|lvx}!>IwSM8K{We-NvYJ)6Www ze)vou%IP97Q3JmOGXvFFP#Ql12F_va^x;rInL=y{?Q4qh=D1Ee86TC#&P+^}2Ea=< zdShE42*xK^ou*SBX(P!V3Rc||R0n!5uW9E5dd^wqUaH!Il|pmXBv9#acv^PjUp>CMp>iy*X!~-IS$1i!13l zvY{98&2>y<6Uuk;xO6B+7XyW)u--iy*&AK2MyW2L(8QTzT)B<9Vy+(J1>XA>(eQV( z!ra)i48KOh9`OnFcX2kxN8QA>T$~U}b@*-B)oWU4y)0?fVb@<4IqS&`tTJ90-NmEA zUr#ZFXW-#T{*~{_K>sfF9MPPi+H@YIqK$gg(R~G$$PGh6hQ&)hMJ_G_I6H_5d$)kkG5_=xx}xXa_;DsP!sG6;?qC!pN2tarTL>&KvbK_W~Mczu)u7Y`_fp zs7~5Hw^{nsVpkERi+8N^)(LG$m~5Z5;G%jg1BB49=tjJ;-hfL|31 zd+RO{VrnmGVm(fPTXFFJDXBh4z09`KqniN`X9_B+o6pfUC0%{01TLvj;+ zb$eTGe}!f)*g2E4*h!ui%Oid7aCaM4=+8@_PsNOZ%SeF{S7!L$2XZihg0s)(h%Xi` z4sb{p;vpAvMb0fB8Ho`(8z+#Lhv81AM)%ZYaT3D}-1Do5rfPj$OAf8yMHUcI)~Rjb z`98Q6DGsH`6&XnCmob_Ai1|VF<pRxS-!@$!Qu^(-EmqtFmXSw`x&5NO|y%~?_AIx zH{EQw9y=iNj3dxZqLe?TXzOnLDb6O^roe8^GGyOD)55`6*1$hjiK5;5&TFswqXv?R z2%9HfjmWD1RSW27WEH|@qF$d9kEspJ_^NS-sryMe9UBYY)SR%6thfWE*E7j&KDB0G z^1`=-toRGg#_*|w$5BI-C`9;z(?*zQa)>3*dDgPdQ6O}pmVxBHQV}9(<@TN1mlQl$ zlz`i$OU8k%5Qqc6%Ewgr;@kPlZRy%)}{>|H*vLA9n4uW{}T>G`|e z?_t@ozzw3gReU5j4(u9V-4TZEEp|$TUas$unl%ottNy9VH;PECWuKQuJ`v`WWgjO0 zM*XHk!sGtZYZ&eDWcDp-fl3G4l%#X_6`BO#HmG{ba#fH+7I5wp&JZ@6QLrE0hyiig zS|_cZ$8WqQ6bfk%Zr$<(R4lk?dUX?@VI(k=_T8>nKcUbWRNPs9ah_4P0yDRhVEle$ zC+tLi+6(SswR00|?8=-(yoNF3)XKpbczu@zexwTHyv$p(f)ctFj5gt3F%qt>tt{9_ z#56h>X&LY-JsdTGO|#418y6$<&IouZSmTwuc(!=()Hc}%sqM;x`EQZDYmANOeP`A! z-cOS@M0Gqmp%gP2!dt1JLEnee^5hD^uNxnu z=J`zzzv?j%j4LUOjx3%c&z|0zkfJA?R&m6JoUkG+kI8hwm`kw9yN3KQg3P71cT?5M zf9w7B5&TFwUA&;Z8tcltY<5?3G;oFpfI<)!>d&GywSj;gMTf%JCPf;d7cvM}3Xnmf zlOP4~YZsiz)0j214MKYAj{}Bs5fR30Jkk$@|Ng-|Dvym*O1Q!4r)!)Wo!$D{n4Z&zNu3?*qtPi@+UwA||g?4^fl;GT5M1Oba;{ zXz#CouHMCF+6_>mHoO*Tg?e|0%fuc(?C209$y5v% z=X7{8fvA1lDy3oFG@Q5UX!(Y4u^=&esLg zF9+F@EIIJA3=kTNhH6WBUfmT z$dLs+T4IBN4v6uoiBS1c+rF50MNz%Lth8gDYExpp)$~H4o6+NW?%Y)2YU&9JtKvZ9 z@$1OmpwT>cLh&Sh(Q$<`if0X|W4<7FTa0DBh@`?F7@)%RERpuy-AM)Uk|32J@u!6; z?av&tG7nwN7h`)JycPR?OoDK6P3Q1-?ppGLx5%P`O4^E-?7oSb6w1RY>U;trn3|1l zqv`g6&}I*+nAF;KqX~L(M@5PPjx=_>Ruc7WSGjX0M*WVVi;Mg0H>5x!PtPv@W5!S` zmTvz2rue;`kgk-T${Cicd3%faEZ&JZHn4>hRjQ6?x?5iZ(<<>~D(&a>QqfFHuZZyU{@DRT=TG;0iyiHL51{i}B3qWrru?AWojw7KxW@ z10!E~R?QKbZZ>~1gn3kgiNsthKRm4Xl><{P5+KVPU(}laRE{m`?U@--qk}Bj3$sT&qJ#$F;}h#eO?A2so)+xtq{%s6c2a5QI3n%q8d4hG#>$z z4}mjyCKUmOgA)b#3rmYoX@vwIJIvz-u`y^$X5+xVbo}JQow+k3lEnNTkgdhS@!4sE za|@@u<%-~};kkM2lx(h5^wWxpzaHRy$dC)iShQrM4o?Q7{))`+D~a{o=?;gP-e)a+c6|;wkIOXI57A@h#g+;unz`lxK{yF66Tfb3pQQG z#2w~ChS^TC9bt#B6f^3~;LDr3a~Jn{oA59)Jd|BNa#Z)P*=1~_52t+C&e1gM#&*LOkp%nOo0{>nD*HJ&!xbh$go4g#ElUgU^Ew7nKd$4hJ zpe|&~0+opJHymEB?qi?c2ZK#r#Db?`q@qkAFl56Z;v-$VaBV#XEPj=@doTiFKQn6T zbE?9w7Obb?sq)X`GR^Fq4J0%6rwfrPmxSMSB&@+1Fa^52BW{a3K3QO}QQUx0O`}Nu z_}}(~rPlr%se40H^|KFKTcb!cfPo#|AoI}O$3azPz!aou18)NU--W2Z4wM4iwHTf& zc!pA!oVEh%Ld1}*7D7W-(NsA5;BWD%AgBh^t$ z)J3)YR7%!6z52^uCPBQ}No|fxew$A2h4^U!xY;fW#@0!?vG~$G;`cJjDeD2hj%u`? zDa$5CRVTUifb_XeH+TxPTVDvv3xN;qSDsgZ^L(=DCF@PY_+i{+d*`oyI_s^EJi9PL z0k4DORPo3wZ7(!5pd)Lm6$h`}TXic6)PGq~eS{K~*?BR_KhoPmdzU%SF&5p~h7NX= zY6N&!i~Uxe)v)sW=v&9JC8Ao={26#S)GrO+g?Id(rV2jjW_7Okc?c`=%9S6KwL#hn zW3nhADo_tAw=Vq%*0^(1yk>mApZ(>B#?a#o4mIwcI?USC5-D|@?wt!XJM28iDPYZ8qZyM~{|Fbt4oYkjIA+(<*b%Zk| zO5f2iG>CLmR7QdNUMt;c64cZAo)YNQ+@Uz|4*p~WlSiG}yc$f+-+9`N&}uWkG^Y&e zIgCI#w*V8^S`hLgqYw%b%e&>NYt-Pn!t9t^9;HgF#8)cmr4MO!!_Nfmm3>%**4j>S zc=Uk-BM!+3UrHcq;Ol!=rtLNOWje9h7-@Lq4xB{*+SP$OXnhs`ZDTdm{vv?r&02;n z#Z&tNqgp6^cyzgBs7iSvW9LJk|8fzmv)cU|aUAKXlTro;WZ5fz5GN6-}IIa&<2>4J=6}alK#6G?e4(#4%l7G-R$H*q-q2LGg#kLP=nU=@(s2`Vl&T zSdV^y;2$m1A5jcDL$5WFdrKJ?+m(_+LC;cWI1L4-%)^1rGp5by2Mlui#6mjCg?(FF zMVGsa0I?N9zHXi~xQ;@WOyRk4z6%AEDCNB4ymITS}%J zJR$u)vzfls{orR8z8d{dcJov|Vth-G92>KNdsoC>BeMsI$*gmTRxpqNx0rOQxHN$d zLnXBTV(c9jE8)U!-PpEWv9)5`wr$(CS+Q-~cEz@B>wKrN(fAwtD&~C0GmyJ8>W$c* z3WuG=c)AhL(6%pJawFa97eo3u7xd#-rDxk{>|JDFZT$eQo&A-HIb{44xLgyhdt`WM z*Q9S5u2j&VCgUK)IyCQxLtd>sd8iC83Mn0cXz0Vl~f^s3$5IkI(A7n zb*4Ga*8I~svk;ZQ^yN^#=y=qOMM-aFJ`j83lZE5?bI{JPKeM9vd3ht_jV>(d05Snu z?LGmNX`&^*&GDjDMret2i8X4_3g#I%ak*9_-_aOq@qS$2$!d`cJD!fySK`6H`#A&e zV|mB;hDVGT-0^!xbE0g9JNEojlw4=^&Vbo`WXR3P6j=zqDK`{p`7WMGYgE8Vn<4F4 z$bHBpw(Z1vK8WP@FUe?5I&B}h5Tl@PYCZL{oTPemk+#x)RQ$ju6q&^4R?gnX+QUY& zHPlg!x@_w)0V5$?U{t%$$D+!7U1JKF_fw4d=rtBs!fTdQ^VtFOL&nsc#&y^pvlZT* zDQllPBA=PwLk7YMp?h=RI9i>obpBpaQM+nMwH-SyAN7-Ny(P8q3o{lMOs0{SE1t}h zDO#~4L-66v#cA#HeRE@lV|ruWR`3}`o_BVx3ox7!TbI|tGE)?MzhVS;XHeocXocn@ z!p$}_vDTGwQu2z)L9bk(0lDzK;z113!{CXBw;_dut2h@6<_xD5bI&x)(vnQaWuWQ9 zo)TMiS#)8Beth+UiU4eh<-`q(udO%f2_(^AFRk!dRIuoQ(1)!Kh%6 zO*q-^RWFia-xu;=Td2Lg{ENKm4PI4zL>uYX43zyr_BpFn#DX>?c+lemLpLa*%Z7IL zo3h|D3!KB z)1iyy?DWnn2?ng@!#HQ(aC@4VG;b$$0?jIeFyd7oF9FJePQx$TuM*S0>XV)n($PK` zXGMOPR~iBLx(=#q>DD@mOs3mWKE8II=#R-n#_WRLA6NHycQ2-}d0>7&vBFx>TxC2( z>n_$$BlwPZXpCjP5(Br)W>MgZIG94N*aP!kFvmimdam9O)D}yDBe=pQlf^?O?suWr z9l84pQ1|mVRRhy82Jfm~Bg3bTPiaxCL;}S2f44b9-J}nR10L!6@{1R`$P!#|4Cl{r z6ui34Vw#9;%>R{tXUMN&LDarLHks3XVU;|#Kwp=@eeki<1-ftiBY->^JUpXDQ0zHG1;6>J`@RpyAW+HcKzD0il=ttS6VQ$9_AuKi!vJCX|VZ~Gq|GL*^L zZuh@V?I3&IpFfFFDXB!I)@p*sYT)z0;4EXWM~jdxB)qTS^R-zFDrV67b>FYM*)1Mj zwl>SK?0&)VWT}YF+NBMT)@vXz$lsA$FC|oKYM~~foGUya_C2&fGaX*`UZ%UJN&E(x zMPP+2paNWMBtcX^ea1`K%6TX#9I4w<%1!C6CSvDs>)zoMf8am`Mw-_O4ULLAcS9d@ zQv){^g+=v1pO>(qy72?0p|>2#M_)Uy>;|7CpnE%6FA=_9A<4*mO{kNgu50pxw@H^x zmH&bU5A3xq2xQLV#feDkk?l_wFCtCv3o^5Wv;j%MEV`i6YPp$7*>AF@*O-H?ptI@xSisEL8B(m^G-7PWTv^em-%OjfZy?wp9#}6T) z`;+AMs6603uu06qR0r7)Wy>A?o653l}b_(1f{ zXQsSrML|q{{NjQpf36uqd`lNcwrx1m8ENCh^D(@xf1i78rgqKj?PrgxP`5(EoFM^7 zYSRs5WWti#gq)jLggWJsBr#(bQU0lpXjF$ZC{5>-PsP1xpjajKFn)Lj^5tp)DEGXh zZ5X0o4D#C;^`S$i4O>#Ac~Z`FW8K-m>vBd87&%WN#}_gwzLo zqaDuU7M~6&Cw3IlpgJWZe3sJ$O3;#nwfGzGdLMW$Cw3b$jF7&O!Y?BvE?@ z1-9dv*OOpVbby7(Zay_{?Opsdtuy^(B^Ar}Ex-V+`Xi>B)i>FPD6sNLZ?%vAEg~IF z=2|{no`5bMl>BAS@LNBL2Kt%FoKE~z54TNzhe2iy96o&7y-*1+Y*2EnunS>DEm*I& z66u@5<13zC#lub=E!<2a&Rs0vD$;byk}Je?d9u~?&TDr3!P0gLbDnh(Ev8z<2^vEG zChos54E={ZWn}QacvYa@f|Pnc%#Sbb|D|ogbbNDYk5+KP1GWvd9^cJ?zKr?CY`){W z`wWv>Nhx%Cvl@QkLh`TF-ht0=!Q&s2pkWrEx)-R;KvL6Lrz}m|-oUu?2YHUN*fz$k zo!7)WQ-FS0ld#D?Qwswn(WW~hXj7N$xK#boQb0N8J;F=t92gQeRY<85{S%k|yDVPC z`G+}*a{AD2Q&=_$S;1Ey6{0&uL^|H6oc=BtyWXjly;^C&ncymOsyY9f^Q0)+(1)fB zHm!nROF1WGgWPnVo~`@e2F~B-Ugn_cAkwmk);UN+l!5ez_s>a3prq&r^$66@sE7dU=I+0pXCFsqo{c~Et07KHXaIS8y#&C zZe4ofEB%(3iE{2C3y{Bb|5?{DiL1D9M=jWCOLer&?9ac6yQ^Cf+~m(%a0e7t&G^4y z@1U+c4A9w6)*xz(EL5L}nKO0z+jZgl?6&$IHYb=A`A^;HBkNY?TDGdM-mzZeZG85Q4Sz5hP4x9fFO}Os2UTgiiXDXvaWXm;ilCbT8z1<_Kg<1{lzMZe0#qd@EjgorE%)^M_wwr@1d#8hp~b3{<4JAP4AiR;HQMzg|Nm-b#9EnSipB699IbEv%) z-taJHRRE#T$@_>QsRd>S!WrQwduXz|&AqZb0q?$g^gW?VtLzAUw zCApcPA;x@zfh%-9uwGTrxI;eq3B_r3<#$_;oN!NKx17H^@Trc?Z`zP0%c;u<+l9-M zm~CR=91WobmbYDGWy#j?S*(}A zH)|>fbkzxhC5L=^QnK$G4rwTVayVyQnp z_kkahrZdL-^u38L2w%P4R2sU3Er2K9WVg{t=qx21WJMZZ)1KttC@MJOZ)`d@Yuy{@ zFh%N$B)m4rF9I?Du4)leStGYSpHwlls47aRVtRx26X||t>d?=d$1kN>gl7BfI3n5M zkY=SC3q0p`HK9+K{eRY`HoOnkbDF9&*Fh&Fq^>wYeGXCV*MXAy6fm2&JlDUCQ-cb` z=3N>LCQD$wsqC&Z3^USkf=>7G1!Iq&Zf3mBrXH{P?QMHGazdyXs0cfoJck>Tc9Y%9 zEwN=O|Gg-vL_m*H)YDy{#;0Zci^BPo*W4NkEZ zEii*&-0uc4fj8?( za|tp8Fs>=a8&_a-Ps=!7iH0((giep(f{rUU$Ci$bknG7;i2p!+emFm;s+(w^M;X0R z+|YgSA|%v(7x7hB@@A$1V!Q51rq1&Hg4Y=fAn0!Ei_t8h`PWvQ0?s;7hfJ*Wc~)6) zVD)TwTlc7_-3&7AG2J=Z9x{B7ldm{}q*t)&WppA|EhN})L3eH&ScW#p8?=#&(qO#K zg$K+^qH-QP?8f5BT#!UjLKYBo*ox{VpyT`O>fB){KV!BlQpvX9oFM;x)xEaE+>sT{ zOKOt%0^|N@tXzYI*ANZdF~siKQb4IHEZAQy9~xM0?oCixA=VH?ylpo%Vu1;whm0QV zu2Q5fgD#>5S^S}}pdjO*UCBsfAa|17RWPPRcL1?(4)L9>URgd``cm1q{xb$DfhWV- zlecVdhRDQbpbt;jR$KcqD4}x=dI2d?1UrOicC=PjQRj9hr6G1hdtnffIU)YJ=9yea zdv)6^K{mhdAGRv_`uYePyF}lht3>!ogOhy67Dn^lz06)~xEDS<0KXxu9_5~f)XWlg zz;PZ*I~!5CmF_(gQS2$H*8$GU!8mJd2+ANh5U(;i^xzm*o_6D@7n$jK})`bSg{17)xK^hOhy; zp4B?M>DyM>!~lNNT)s}9Fj}ihYnq%~L{{tejgtww&%)}wHEx$^5=#@=>Rwlp_z0x*7MHGl7uQ#(=!H6^-%>(cNr3bEgOnnjGFGI=@& z@}`z-qQRNC;w=KlkGXV!w&etH($Iv#Nj7!n29cKe>Y?goVV^ExGO}zO6xOE=w%(1` z>N1WwvLilvh4cXZa1S+%Yd4XlzCq+EhO1ahmM2afsW151LpHv=a|!{}a<0~I9)oT(?q9yC%BG&iEt<`Niwf}WhMOyUgG zLo-@;q~PJN<(^~S%Z>|vZ-sM3$FGe!amQ${62eq^_RSa)_p#lgn{M>bz-lZlcQ-?u z*&HuaU8=anwMywy9Cz)&^wI?MOGgil9Jj5Z5SXV`AAKr8NH+yV#VJ!37dj~lgOo46 z7i-KiBA@3Bg;-AYvJ)GAq{vtQI_ZwGB-W6``M?=_l148}F?EdX&N?f)eP3 zkH&4I`#P-1%cxm0`q3(~MwQ0YQ~Qk5HnVPQqmHTRT~C~l+m~tl9#%T8yPuS~Gi$<1 z9JW52knY{{Uc@b{*?)bx2Ft8|Iy8eBzb3W_81+*HI_-=dn`WpVMC(yRHcI8q{6;8z zr?B+swmVlaC@$*_`9R}@Xt}uf@7 zA8*xaTJjAh_$>wpWaCudm%17EU*{Df0hiA?$3>>>$ z#%wxey2@SuGLjH()un8^x(2<{^8ussI=YpFfy~ef%aVUG?K0J_+XpOAYB_stDs}%Q zj>AzR2_I=N10S}HD5b?;iqniYD+xR#s5B*9P@b#>&^puG=hS<*);Q+mynml=nCM`Z zk?i_CX@;c$3&A)IqrfpB3-)a)**eF%wJu#?H`5A#qBm^b7;bigg1wqW(NFMX8^h4L z&8cP;kH(&gv+%s@P44(O;|Ybv9sDU5tgN7GR#Z(yI}e-&lsZCNo@`jZ&`?INf&xkC z%|oug%k^uQ>U{oS=G?|_HNvo;B$f^9;T+D7)@&xwfD~gJafe5z`GhGLP?(trlCl_c za8gK$&1uV#-KEUxFe3+#;Ijw9t>*YK$0>sY}i#>B|wR;rvSqD|Y>ph<`&1hsuPgmLHK z7*BjzM~*GR&Z6B{7NsZCtr$Mc6sZqzl_SHacm-nnFeRG!PuGBZzO|nIQ*LdcEmoA* zp?Rn|(GFbwn1VuRhcLz#vhC3GNP{=K7$HJt4_8+y zysA~EbcLLK&8;$Z7xg294kV1m^k>1h(~d|fC7PBq9ty(Og$MzV2Ee$?;4BG6O3Q`! z#-=f1z~Qi3hbvkkiV@=Gcc1bp0bSx)U?~6Y+C(j0jtky>gF5Ul*enA+J{$>97uRLF z7_2pk5)g86EGTgd$y%)P;O5!=d8hqq_>=9d`P-X>TPL5Fe{&Wa_;a$N)vQfc0JOh! zsQcL1J+D`*Ge)B_FvCFTF}iGfz>qexd0vDMleoopv(f4{0;3DXif9nXjcauLRXKl9NHU(8Z@jAH}s<4MgPHm{%#1}+?e8@$oB|D zXO7u{9vw^r*MVNDPIP4!J7`i@^oE~Cq+Tm~8o`j&Kr`^PH0-lq>NkXb+HcB)tbr=6 z#pa*T`pdq#zi1j1LUz`E%XXD$1mn*oi_OT$E;kPP?DHOLx|OFY5r+LWefCUdbq!xB zCNkzCe7b+=ViGQp9-d8&=qd8MMMEL}&L zJ%b2$V15J>1{T@6dhbp~!*4Hn-qU_Nm_TNIBa!Nc--jHDa%j*+0k&UcHyEYGD#rsC4N%cDu-lV{#jl(KMOG%(5; z)d{-dJ7I==Pd%<|vcz@_=FKR~k>WuM34nqbU~frY%TU7nb8+2du}}NwsXdO5z#=#b zJ`FRd1Va9J9V3N6)QlGG6*L%Neki80Tup;sgf6B5NWwvj?)?vl7m7AR;!1sw{LAOk zidi<|ZWm87LdgJBvAvTL6YJy@kL)PBY4p&L_O-i%0RJoi+Zp~hRdt!SN2~8Ie>I!M z1iLx+At+c=O6rZ=x0P4Fwk+~7`nd#4d>vO}nyY-@}#YBXonZ3G~z*tSXggd0NR9X1^KAA!&fcJQHuWen|s@Ja-PPvsuPuIOuOz2fX8k zVPgJ3Cvmw;1qZKWWn<1TrxVvY)5xE4zNtX)PfUfeRR!JJK<%F@@Qz%`9%giQ?y>kl z;zVP|LGJ}cG&^KD>k))pVm`HYdULFrx2q@x(5GrX-?h6LJvcRS73v4a;%fKDcHt~7 zUiiOx@zAH;e!Fgc3E3<{ET-i&MHhAy7MoWVoGubtQ+aGdylJ9UGf>`4Ur)1{7*#FP>FvElU1D zlP|h`#UD$lCf7SHj>CGy`IaOkD$|bFtAo^<9m=I9naS=bNTbD2T^?SruM{LW`66IV zVm#*Waj2^YaC1T%x^i>s?3X7fT7MQV|j<7hC#|OS$RV~#| zX+^=L{RzC;Qhk;tup-RAkKLgG5pWDDt5wB!iV{dCr!#wvZZ=_B`_p#2fEjX`R|u&6 z>@OqW0Q`tJ`I6Zp2OGmsSPE4vZ4&7%lePJQ#*?{|?6f-$_^i8z<-g^LVHS zq)PJU0y_u@NsknwL>+Lk^lcBIf*2fx7#M|1qHe((73@4B;Hg&STowsTFe(VG0tDkJ znqaQyb?aCE@>6X^YUg{JrOEt-rzsho-i=h5*c56Kx-wA6C`2SQun|brSJ_&T2nY%d z69Qx;qN9C!4-4$cKKt(!$VF&aQ9|SIfWmW75Tk|+e8>RGv!X;m8~}uf8UZOa1wAzh z90b@%Ab)ySBqg0z0R9Lx9Ox+&n2VAOO?J8@>f!D+h`Y<6{`2b_Y7hJoSj5z%7|g#5 zG-bO$&w&vN`X8jBPX5gr{s0kJKN@(LFw@U3)PVOYc<_A!I`aMVGde^^QK+KcER0VO zkUqyKxB-Z$aF0(uQh!|%Fa(kNS>8fOWCxHLy~C3}gfbf3A?!mCNIeh;LKw-s2Btk3 z*adk14Fcox3MiJBK%#%*^A8CW$PXTZfQrVG{{D~0FASLYj~hhb0Hr%3(gIX%x({;; z(ExOKQXUQH>-l3f8DGs12@Pfc*Z$)cBie%M^0FKk`itsaUkn{Rg^)-=LI#3}j1(Fy zBI>_6&EjG*pn=~QW3Zs#i9>#$mPAH0fs;CyhSMkaNj`tp{!ep(H=y4b(||#0Oqjjz zwtu#PC<2TxvQNLXueaj)W6>ca0{*RK?ppwC2zC6h z{SOOKfRHJ!)(t~{0b~$h5k&PJ0=zv9+aI_iK{pP?fDe5jc6elavafWNpMO7zjBA@y zu-rX;si8F|x6ij#ATZCtL6PYg3I-h#tLBNi>Cclgy+XGXP%A6m2TIkD#(x;M>IlI* z&yY_nXT2&pgslFniNU2)6P=?4W4ib6%zkR}RYYpdEKv;^P$b+^;Y6V(cz603#GZr^ zWa5&SG##^5A}GaaO5onu+q^5*ruT_Yx z+UKh`JJlJB(b`lZQ}kRv^2oBxlGokm3!u;~clpEUbHCdxIf?K4`C>Zo&!F{9GSbdJ z$HbPE4OBJ&!Fyk0gAvr$Do~CFCtO?fK&OS8B{aBTnm5xMeNNHpc~fUX!Th4W-My(P z&}vO~=<|?nCzdi2{C%)@8PzPj#;1vaq_}Nk;XnuMvWZi*{ep<&w1_j@^&q0q&xcD5 zNYHrhLH?UlMf5ndh2SPD4Q%ie`QU}H)Lxg1{G=o*YTa~_v^ad1S1plMsNO4PfOglX zFAF-~?5L1^VU)$dUH6rsi;nW^{hp|MG>Q)2vvu*M(Yl%81Zw0xGSrQocBGQq-rfMv zqN;uHgq)}-Bf-}#%csnR=Hc)8ah92R@5d}UbRv7$%dmQ_oZTHK zG8}Q`8trw{!J&qAcV=)?+^_wj)O%a5F&Bm}Nmq?g@x_Sfm|xp%uMH;smG>Y7o(Ye@+pFqbSq@x2?uk)kG7PYO z7VaFGb3uC?AfISof)T>w@(KMD^Nr|J$zM_0OLkW z=6a1vz6;uUKj7W018!nw@W8T0<+(PIc%^huG3U#waYE(Bj$4!mK$xJEmZiA`JlCBF z85GHy5N!z1iGi{@RrCAY`&Y1h0u@Xk9_vP(d@5TInLHl`YBzYjq7Tr!NtD_)98B0F zbwAApn>x&QTkU<>3%>RPGMZARuJQS2v0u~*Ae^AK>7c^xu(@LC7^{>NpNI!9-m(K}{EAfk1kul0guT1me2ESQHdPm{d zJ7R($-W$-t2gVC#qB04z<1!iOGCZGH$RSsKWmH%&r|w{5mUSYq$4^r5z+l7AM`6ah zw#&~@attDDO|PX%y|*q#b#_a5E}SA>BGdwK8Qz3=25+@ttiL4Ide6%{65U8?72F%G zKxVK+A1ntuYpdP_Om!Pj7oZRY9h{DD!Z!0cqF;v$I^s-lup6J zIkGr(rfHtg=Wt%pRu_5SFiA>$#`PAb7;qyCg8^(4i>XrZ3uIUE!z_o>I{>L6u0r6L zpV4C`MA>5b03~NavySmXI}xj-6hB!OXb%}*FPKj(EEZe&ijzhsH}@(sMu5BU zA7>kP;>f)>izFqT%8=vXEBzs?S3qstI)S+@v+~9$V`ogav9>cuf7E+Bc9OQzbDE{&PQE4>+O`|j5>~Trf+v% zI7%IdCs8OmlBge2rvC7aAL}&97H(`Eg;mhUm1jg#TX7=?K^G+K^{-_VAeR(&&;~+I zdpa~)tE(FPD~5D3@ociZ+4eDDs}NM>m@RNa~z>bdkJ&{%h;w=8luA2*FtABr8wXNas;r=HvrkCn4Oc%dfTOga#0G17UPpjf^h z+4d?2lva{Js(Tg(iM9w3ehOfA-=WW-$iFGC~*)!av2zul`_1&7H zSlJVMQiYKYvO?`~$-%^FUYJU0=oC;m5=K{cz2-RPi^R)#UA(U=k$7A+d%}n|g?y6n z>C0DLsfOQ7u3JhI>(81C%?SmrP8nGLP7g%RHWq$a4=*8n973zd2}#9<2vEZY(U9jh z1yzKdKT^k79!pShirm``u$CN7Fee0y(Dk>0ft=yB(0pB>9Vgb%^Jm=-sGq8#4Os3ToqOUi~I;QS!dWBH}I= z^na%;kgNp4J)1c!RGCYASbhk5*NIxqX`a0>Mk{*kw&Z)xON&*?68ggN**aTDK_sW# zCi{`lQa4*;(5aQmd*&t(BQ@*JbuHU5`FCT~X}*IIqu0V3Hx@%{JX1SyB>a|6Adf5i zn$vDb5h~1XdROr`5q~5Q3z(ENm{J+2)&1(3D0pXYu&oqu3mxgN1YSTA(A~$p%JjA7 zP$Slj@eoJZ`gF|Jua$PE&i@qR2A^5}UFxK69bkfe6qdh8uNT1{xd-qD2~{Oc86NX; z^xD}Q*)`}{MLtL(tCA0KqLh6i4siz3M)MD5T7A%=?f0mtI0Bb#E(iw;_L#yX3s?^O}5N_3A|=+%(b)&zl9ME43`8XTYL{T87KK&`-Eif6x{Rj+}B5A zkP?$!R9_Zno!&INzTyC@Sm>)9CD9g0P}2tL>mInVlby7q{dXi-lxfxUzk|vjiUqKI zy3qa_t3b|fxvsvc3qkA-B9Kp#TPad3OayoKj?UVn^1{4{URO*EhGHHV6Ux0@vn8Bq z4sY{&zdwGKa8tp9uu58ui8e7zE8hHF&^*3dYDb^N8*D$m|MFpsbWKS>$_b;{XRtv} zj2YwMzE8P*19gtnya$$h=M+(CD<7^YHRIWNwv~{DMn*-!640-CPchAzVX0;FL{u@g z{7R%Da=J;IZF&){QW{O-bBt-_cgR0&VEoy-ZWqjY+AN_(wrX3}4=wZbShBoZRq?aa zn7QYCV$KehAt^}!NK={L8!#h(xypR1HRgG@qK9=on7mV{J!=@WqeeD=Gh1%uv#N6f zrwMGx8BD|Xo&zQ=XTP62zq$<7I(^%xFz9%IrC;U7QZ;w(wgvpS@;cW!>{n6+*YmO( zs{tKirA_W05A%BPdY-1req_#-l-bmfcc z_o8o`1RwZOAL{$eKgi&MV?LnW{&_Nwp;t=|Xx}crM{0s)^QH)cUxMq8Lw2l0NGepu zg-9R!=Tb;=Pgh#c>Y0>6A^%VoDozZuF7QFnP7MAd zWc>H)l>^!l@+O)wN^#n;Gs=yq`ro(Z;Wd@Ux_qUJH%}HnHnFLOS3jp?Q3h)cM>&)E zTk@#_`D&#KS6&VrQwB1cY>vIFmWBU;x~5*z_j7RU9$!-3d8kd~qiF}J4_0n>U zO-IK&4od{y=1TL7>tNkwj@j#5Z7}k)z>Dg|Q^^{cPulb~!DL-f+2Z`J@R5r9?Q`+m z^^*<`u~VE6H@Mw6c_X<0P#~-mBdEMCKr3{GEt>V;gq|)OVb9MWPl;&DiSWD?P3dv7 z(K`{4psgd%8!5j}vb24b+*^Y`cn`7KyB*r%K{vIs2x(^ePxZ5m1WU@_Te_7P<3P#F zVXa$qy|;6Rz45(S);~-#qruw+kZptQmoukyxlX}8Go?e%mz*#r?ZK(2bGp}=58kJISIwIk%75Sax2|1c+v}B+=yOc6PWgkCrAyIh03lu7mI3cz#BKLF&*;wODXMVjdSZ zPN>O%8IjeKo?XSZiHqm$&iZ{8+7FGR{#Y^Xj&1s})qjS;y0@ZkS8!_!OY(yAXlPpr z;8oE1qPGQ9CVETIIlnqR&dr#Lu)WNr>Tjv?CLnNTXsg=r9()B6J9m;UhL_WsJUNwW_5}`3HFa?dg$%bIfz&8gX(_M5|F& zp0GySx`89I6kzXS1rOQ!E(VviragDWlmLywf3Q^UlUh>J>S8ode4#-F?`XWTql zLcEK;1K=q}5q9Wx(W|cLvN&4s*v+3Ph1d69G6b-zq@In(&>Og7xEX(rZg*72gxngg z;@ukbr7nwNx_ETfuIxH-L1b+a5g}6epc-joOLZ6$oj}k4=M;9k77r7KDO|DVyj9=6 zI&WJE-*^?nXm7-}!_Zuq7#6wO za*mL=H7#fa+|8)5Zu9MQbZoCIMzFqPSG^Ge>K4c{bH~EHLNAQbzK$;o-vL9}D)(MD zo5^m*5E&^wI8n$vbm_sz8N2dz>$$qL7_p3(q5C(YXt*WL(uRyj?Wa4Lz)qdB?mOAD zWQ~(8UXPAGHYuN-MwuDQr;EI9Pv1=!-(n+rIT3P+tndhu&ih{ZgY3XJ8U0bU_c~+= zfyOSiW@3H}S6JVU&qRZWCB|((oteH{uU*Ca+WUKup#^_?8jzqTi%_Ct8!E*DDN;;p zSS;fOod3DQi9(Misxf0|o)Kc=P?{ycaJcqIk0)&jRSvbkL1G&rjIywNk zXMQKzGZ!_Y=Yvdxxt6RyZO0tQ^Xk>#VY}wWtdEuOuN1av@!22iS^nk1VQjziN+;Pa@m2 zTm-%FH1DX~&z1w4WA2uPL{D2$i{fE4h(vnS1rkj}3VG6SiJi@s?TQ&=UHG~RY8vRO z*1{(=WQZBr0NG%Oi5*cDotr5=RZJ;LP|i(X7iwxs%dy;Ms$;14SE$mQy1<;aySk52 z=5_FCCC>^-tENxZ%#Kl5;7MDXGBIPCELa3pGEg-!0i7yCi31qGiu7cHTn_(k$Od}8 z3nbu%W(tg>24`0#n@y3#2*V&(+ULPmG*9{0d=v?m%n6;>otGhF2&6123+-g#+i?=7 zY_gY}j`|$r)Fb`>GIF+?JW-v?$c^l9tk+ZP{>)3W_{+ z(;0U~ES|{xM)rn6TvI9>oE8UUy?8T8V}om`IjGVE7=1Y9AIspOE-F1X6|J>!b$0Vd z6cwHit(T>M|Cgac#@*oT@kl4xBD1F65bG8FuYU#idL#a6Q-?T2%d(XtNdAjFc=n&G zMPD#;&0rT!XG)efQ}ikYf)2G^>uz#(FM8-9eLL5o5w(eDJaq<~z0xU$y!H1;xzF)R zRNcU5cr1}fiw)jsNx^XDyjrn+-;hf-7h|rjyDE>JSIp4Q_cW&Y93gW*#NQ93x@^es zuXshQw-$%qEb2F+HD$D9^~DR@Eg_; zHkzW+I*vRXf8!j*Wo{ZyS=*w=sr#P$+Oq6FQbo3Gzg&QG-?(wQXP3~(vwRFrai0f4 zlstQ#bQ}ANX&Z!oSTMKneT6L#gc%!WvDM)goFIwcH`18+-R^3@Fh}a_XKo+p3=0dC zxYx5WMc_4N*t}bG1XrIsPf{;MR+8GB3YFKgizYlYw%&06gJ({v&$YoZMu)L4dl&KR zD~bqPua8L!g*wKor<1YA5aX_SYg~uuRVE^|WB=-_nQfK+Sb(&>Wwu@3seaQ0;$5Cp z*6DC~6rZMBR{D6@U&>qV2Lv%H@X~Sp*EW?i-l%P*w@j_J>$)eyJM*sh5B0)bf2t?z z3HV^prnsArDh^3i;?5b1I_X1B+$`wP2Ch@{_o?l&zP>+GEAHvO>UpXBLZwLl66CSpj|2}3 zTYnqrfg!U`N9R*_=3$yf6TmT!i&geO$-tn3K-cj$Bs?*qw4mp} zdA7^8Oykfz#$5cl6snSBb--Bw2Gkg+01*^n#OiF+m)_878%P^8^Wbg#`Zf#G<)SMj zC`$phK~u`p*9(n}FjnC&g2&o{Zp9UC(R^yP;O^8bvLsQaY?azhfb4AqD6ITv#*PB%)CkyS)#Mhxh{v!smARu~w`s zNR@{5*=r5EROPL(uA*=Eku#MK<%m$zTpY)NzCie?IdUvjp^>F))@ z;U?FPO&%YmvGhUHvvTIJ-w-`x>a+jIbF+myF+`6`2=)ry^_OReRI&W zqKOYzF=!#vE-VD9v(wVi793Zho8dCk3$fC^VY6?_@8~u9Qvy4xfTzI?!=T^o~ zMu6t7q|WoBJbF5Z?tD?C-Z&eH-DhZTDt$~oz1Cj4_MNb}#LxbwiI-(ewHHiI7>1l| zwaoq$mTmVg2I0&8f71p_|{#ol{rc3Aggu@64#@2F*U5I zsyoWzT1JAyHrVw$aJ1fP-^?!KQz2Et4k$5y(+!q(IO3vR!thfXg6!fv;Bm&4J%bWk z2aR)%#TL+{N`}^4SoBCwP~;Hh{!zmCn#tJt??KUzg}KGTm`N|8ghJ{Fp;wHW^>l=K zN;;fC_ReGk1y4|~;r_tbGN`4$#dOs~L!eq0Ao_%lNcfm_b=nrFFBJeQyq>F6cz)$q z1*lwiFV6{LVVthe~9@u^mNik5GYD}u_{Kx~-YefJw z;u7;FnM>=Nxc~$BhuK|z$#+Oi7sl%=^{crn&-RnMJh;j2!akcRju_>9=$ds)*Vd*A z)iq1;M*EqhVChU1Gx@FpQ*M8T;*aG^RFFrGVfHzA?=q#(vKuUdr`1Mj|K1rlgPp%Fbz91ph4r33tM+fMF;d%0aIl&qBj>vc%w{Byyd*+Z8X0hsUW zKa~S|`0#S*iDL{O5?0YW*Cd0rRRiR5T%2NrS(_w5CX$mC+9<36U!v^xp3(#(=FxeR zYI2y;=YUl>>;g6w?mng~UGpvIYvClTf-YXrb4vmSDQU*-<1;K%s%X^)U%ZgavL51} zVB9`!>J{O>QCw&CRkgqo1eet93@tkqhOVmZQKHaNrGO9S}To&vbyZ*48iR zNqGIq|A2|vnEoeB%mQHgKbV+}lktDg;r`#4n4N=_qeuOetpBlk$nthBAOR4dgnBFqk(hYI{<*Q&Gkp;-B{(8Tw_r`+ zB~M^#D2}Dj2w9B%qsWl;wZea!Uzh0p!24hU1iUDoZ`}Aq*HEH^LyF7EE9;M|>eBnj+E*@(b5j45;ikQX4Loq{z$eGm{9 z0r&;}lJP$AlYHHPr=fn>qi^im)%h=JhRK19K| z+ll_Y8vq!mfo&qmzi#m06cSb-0_H(~@aMpTLO2U_Jai2Z`ozF~sDt@TJ=;@h2j`Jt z#5<6_FXR!zLWKT}-9UdiH@!H7aBqFy4&p$xHU6-Lq*kHcQQ@6j!KkKvN(%~${0`XU zQwAXIk{TKcDgrHG13d?KIy`xZaC25}1p zQIJqCuY3JP_;MBn0|Bl!Ktk(Bu>uW7{VwCe3Df%3EMg#pegyh^SI`0pa`*l5{W$|i z$3O$NHSoy)wEGIX#GIn2qICGfa^Gjn%nXGX06>(0>VK4g0t31)A|xsN0^0RYn+F;C zX&rdY(=lyl1GzhsZ#y&oP#?4N2k*aM#mf%xUs({ySA_+4_!2)V^%3$xdIEj=rF-6` z`UQmkRzCcqy!!)+_b&GCxTo*AfBZuR;us<4`oNkkbQLW?%Sr#S2mAt-fj-8XFBEA0 zRvr3_rz#pWBNy+pTQEHafO)=y{q8Yhg8zkFl7bBjTKh?yCj2^QsN(G3Q=kihy;^Mp z&lwqe)n{t%BYHWz4TsfA?-N#N_WkLo6WXdd!|1?su(Tj{%o z3-uBp7FkS&8b3tpnoJnIJzjvj;kgv{h@P66JB;Zh2~oIGuIsj4zFR~e%Qnr`Ox?nk znE!ZSw{ckr54_y_tPi);Hro?wR6>9e?zL7uiJ)k^J+RJ#Pg#c%v}Ykndhkj8V${nz ze_=tzONNYuNahz7-2i8o20YYd>axcYUW4EPhwhGRBw;HsEv(OUX()=(R!^1tkt#Q8 zz!XbXR^>h{Cel<>YFu^57_)ANo>ofQX#IZq*qgblNA*uwFUK+OCoxKKQ8S>YT?K{^ za9zB~q-tTpxnURBH`*s3+{~kMgf%c2aI47$U}0+-bDzKA0gJ}CfiBcTO@kGm*rq04 zgpJM%`n~8mrse77dep6vh1s!@JSVXZXzb}BYd}MqY&Mni_j(q+zjYWre;lYJZ94SR zuSKxYD7BrQ&G!3ohuh2s8KyiYF3`cxOpTY!v^H~;K|rt7uj^hb5qBsaVsC4#(9)`m4++SVZ(Wt(qmzxN%|YvJ;D$B>d=qJMA5F+!@KnxMW)rD;~r^0`?P__ z@%p?N2?F|U-6F#ehQxox#1DE@WD){(JK7s#+9b!S7Wz8)(FNo=EoG!zDYtVW-puiX z_Wjt8<@4H!8U{6@==kx;wz)2le9t<-059sMC#yFrT{MkonR1^5V+9dp_F&QNHp!D# z2hBvM?CEDg*^{3yTYS!641_6}IOT*ck~s5e{FUtkI#ih}sM8x6@QJ` zW)lM$dul8l{sE3%G@)f2FR+ARhqqNyc?Ia#7UJIGQl>KC>fgi+M`|nnn(5Bbv3E|F zFR49$O<`mW#ZfLtY=65)+}T=d=j-689$zA&&YxNwT{pwAcf}=mlk zlSC&Rf01v!iWLKe+9D>xXatehD1!^wkTJbG%uX=sx;#ExZH7gX30ZPs;AwO>l{zx_RfMOHA88$=A?QE&xe=3SLf8SCTz#(a~D%a z7W_^rq$hnQd4n+4GqXpfy)ynJ*-o3;n7kCGRBX--NVCkiNnjZ`D-Z<%h;rsV$0N4# z@IVhm>ShqOckKH_G4|PV{ALJdrVj5U;Hd_LX#0 z+@F~1REgL0@N+0@jU5+*Z#qPr>qN}^g&hs@Z~ad?!sxn&x|Ycaar&oGd#G$A_#>U( zj-0~~C7|SYhbEF-(_c68Sv5jckQCH>l8eYkV+7ahz8~`lY&G9Zt279JW-9upooS;( zV(jZj*!SGZ1_gkIX#)obeQ`5Qu7#cJXlgQs$xZAkosM@*AW3UJTioJeem0>aEFW=mb>;%I3aaykun}DRXPz4XgoE*pMa~$ zV?1`vhfmtp#x)4yTf3r4I84aYF}Q}fQL1c61nb60{CpD~P^>vwzSYR0dbt?KIxvGQUVh$xIhyPX)DZb->(&H?mTn7Pc- zd}@dBeh=eFd($b&C9qw+cYu<>c$w$A5goF5!$t&wY^_@-2APICy;-Q9(K#8dUN!0S z{7PTNGIsspI5*6t5gdkP_e+y(6dpThJVqg%pO~qr>Xy|~)2dNIGptYa&_QRfH9TsR z+*e?J5QJ1*GqIW~Qz-U%ILW+3IiXmkPRV z^{-&^#*h48%6f1qu(~913?*5G@82#OZ6TH_JWgiUkbQC4raJpb~@$*NK>kx18sbEqkgXRmQX$B^sZ2tvn`P(@W9)dv`!Py=omwY}3aX8+= zJ-?e_vVaE@AImQHXwAd6m00}^KKT1y|J-$l(3OHe2jHvAti5MEyruY^^(zjG%43nO zdz~~)B#TD-WFVFiy$Alaq704>@u4$oqUKR`lY6?&&63?&j}r)%7-QRUS?Hx=9wpT> zh}&7XKVM-;-_ddxepaJ3L-g$jWqASK{l`r3CD4aLg<6(LXQYFGmYDvr0vZ5vuFo`)Bx!Sa=G7%i4U8`i-4&cyl$E3HKpJ>#jS#qctewrnK66Aa~9Ed z>P!$Xge}zGp?Z5h{9wtAmMGj1WdD{#n1VXn8~YJM)m~*^VWMdA z^{_1z*1y8F=On#lUmELdQbZ#~F(gf$Y#MJ?j?$M~=lO|q`cg{4_Rk80sQuH0CVR%E z8yUewA;K};O|nN(hCnh(!xD;G);^FYE1=$~U2U!D9b`F+xn zOl!r@5&t)q_D-?^J>62NIs9V*#j>84>|X^U6ie4>D@Y@K`&e6TdedNWGo0%i`dht^ zX`&Gp`p$A1#UeT_*mTeCKWvePxN(uUhDks%vwM#m1T59&Q2AZSw!59SVO^(u7erSF z_J!aX2{j1j)=3_2cFD3^#TVW@rrzf+<494gwPOeu$eh1>xM1kB!w|!F7^}1(*%8$3 zYlkR`MxH^GA*4j6h~m@-+4LQiPF=F#m*zHZF&MkfmT^hOWQw%039f5$VYnnFS3oVsi z#VnN7_`c$MQb3jV73M{OxzR}=&1bDrw~I__n{>F=MuGQKyZ|(BQ;d&T`=#!a3w5lW z9S*EE3W+t7W0@HQ2niYDnL0eT4Eg3{y=X7wA{831;ouWUzSFOO!DP-LS}Sgd(C56~ z@_bs_{{qnHYSUviu=#O6OCs342{f%x+3tPhlMqXe55WYbb7N;Fcw>}qZWCqN*7u zPZTDDWXPU_2v)c6u@xCGc3N-i;dZ~ro3$8CHSm9#oG|oVPyDE`a>#n*Stj9Urx5iV zqpy%*wyY1(+HuR03Z`Bpp`3aar;?bhDYVB1UF&v4@0>sKvhQj=V>#=(Z)BO$O8W}R!jiP#dW?bk(&1ZVC@iUkM zK2z%_zntZhQ}k#E>7F%}E7L{lI>OO9ME(bI2x}yMZ}uaTPbUAmVJ=z@RWkAzWg(N> zF)?ZtFg;$)V<43S+33ZUSLjwGhS^6EinJ*x)S0IPru8c9$@83%yy5C(SyI*H`Q#OGNOG;5<0wsWN6!{YQb`w4oe7E5EUUPAsAalqxV_JX>QE8FRX)kLZH++Iux?m=eZu|j<*-JYVN`%$*kGD;b&k$VqE8tgeNAIv zn64_bQgS)rjqeEdI#!ZD6=E8ywWsAP$nrcQio~P%D!fpmo`sL-SwcXn<@Je~A11YV#J9T-$cqGfZF!t#i$u~=u zXW-9x%eZbmeVCqFn1z!jSXgC~C7gclTOlj37G++GtAB>hcc6|q0;*i+d6!`UJi ze1_W3`&VLd0znrw$JMWbbi$6UXhVg^e5S0QbYl?4H)%NPkLS!bgSuMf&ustE|{ z{F*<(SJ~Z>wGbO<_7)mC1C2Wfx4k`%ezC3~hU93pK{t0gmoGGQO7_k*^ZV$0v`ikG zleFH>WPbqFk!bTHLx%s^p(8|*h)=I_vQ2UMyR@C_g$ct#$H>am0L0!4pqbXa`R*P67^6yufm$ze@?;LG%*3gm2ypH13 zqw8^i8?VkFLAG(Tj}if6HZR)fKAxYm0csbq6!A4X4YgFjP1%&qiqoR$^+Na%Fvk$a zX+^9LOL`rz{;jIV@3m?y?x~61Vk+hOOKO(pz0HgW4w~ z&N_2{+RB>~#@UO-e2|eDa|XB+|~L%v&cr2ln*xAsS*>wYL3~*E8@GAgOL`n zlBCL8VjbCn3S@OV zf_0`HQf5(WTy*irH)N~;5gwSj8~VE<1r)gHzBh6GF(FNv%c*=F225%JQ{Ongxj~o1 z%ObqM(qYe>UDms~=u@+h)KEr z{uj_90qGMy*}aCOi2#)`#xYuDON=xgtm1T27Ry3ETB=QBl!! z#hTu+nmr2&*E%wm+omD6v5>p;Kb8fQC&_axdFteqT~p}%`oeRO3!kpbO|B!l!FGV& zfMS+72q448EObyxf9;8t?5drg_g4io1)l9$0eS0dup|kk5NSOImlpZH2<3iJ0 z9mFbCtlqroF&s@`(&6xq|9(E*;}2lMmoW)Ag0QW(qK*y^Snp~0mhEN(MyM>^X)~Hu zOyi3Ks=}Qa8k#v<_>3vT<(ybGp6_*XV*(5IBz}eJ*@nUcrl(Z0U!5?0Qfma>jh`uw zLVrndfs8IU)>PVCVDYFs>f<{I1rMH2>S|UK$QJ~D`rH@Q$ThDgA&}$wXS*s=CQ6Cb zNy0mPeawja_98@}Ar5uS^`%kP*Yz0?boscV|9eRn`YmAo5b5Q$DekSR4u-wj`NEb*#&{=zHWa7sX-1a z9S4Guh2aR3^U6X?$C>Ji4 zIBH+e-7f38zm2~YOq}r@L zZrKfgszI6FT>A*S0Y2u1-PgDouJg9yNovE{t7Xjb#Fd=0#qoUlETTwUd{$W=t1B*j zUc|qkW@pb;g8cwlw(gC(O>j?z;$HKl$hrz=`?&N0Y!J@YWJzwTOz}*wz2iaq}Qg6 z--5fBH)yJj#>8xqFm3h77r`iT^#9_`ewi?QJ3~uIZtnkL${6q&m^c{!YxFCxWME|b zuhDzKVPYIC(dv zia?QDJgrDYU>qo(;(=E^Iedaa4BqN=Bv6ZdPXI;M`G31JMLP$*;K5HUcto z>`#Sf$wmR8|KGo9b$`Lrk}@}u0~|uWuE~yB!#oNQ$cv`@@RfNC;GtJaLHqRsJjsde zHz!fxQGkT)#{WuA{Qdh!9|7UKH-KCYgCFJ~+8+2RIAD{U7+PkcI>PbwQJ9^>sLtox z7vwGPpMP0XQ_88Hg`IA6S3`Xq16@S}EHU!do+A9-KqamxfGQ5*EFSXxr`_Q6!p^mB74BX5Smf4~>+(cljvL=7GZcHo1lh5(@6csPOQw;0R~mPD+#oRvk|+xz3tna^wAm*8{g$zQg<`2A>CLBbydK>ykF zBZ!N=)v{oBZwZ)+2Zy0aYhA;EUJ`z_&O(F&5DNCg;9qGgdO~j2hAhcq5pGu4gv-FHrvNXqo|@6d4e{5HP($KL-omj5l_ zmopPHNQVM?`<8LGLV!RZe} z#RE=h*F~>_e3DnE!T-Us1o)Kd@T3QaE<@WT}g2q&MJQ-8$K!w2-0{#?Zf{J}n!__#C_sgD96 z@O%GGEBFKcy!lTIt1PvYOx3CP-9LNZ?z6SefL;$h$=MPRBpIex4QIz)x!imD^rTgw z?rr%dJB`OMlElUI)}&BgrTtK+zH3e5c%}Zfe)N&~a_?Z06HN*f0d12m;Jls@TB#Nb zVh=V_Fkq1Rf$Y*;hwjcTJ0*qd#ZX*~EOfecR$$s(C|zE|`<+#B}X7ik2Wabr_zs9Te3 z%0W|f_KxNA)S+APe&r0`{#FK=g75xi-{-QbYMw~-o6eMSghfDa8nB&(mqt2ibr&dv z#wl_5$XM*1{1ae)5A=qnP~x_~Tmg}MLeCogtb1^r@LaK>pP=nm$_*=myL(Ol_sZXl+I z!1JvIqQE7)3f2@4P7K+48N~edjcjC(I@fgB48+3A*{KS=qn(bd8+gyS#KrUhVTpF> z@x~bbl}7Gv5@SCRPjeJ!#quPhbE%o?1QQ>&T{d=-T+fNW%xd%8!7y zDRGzSjRx^fZ};u03cMV6Ayri7q(cNVC=}1KCq@$dijrH^&#!5^2!>V}%?c?ltFG7f z1gjT#mMrbfWzbl0r`-Bp`rq%7y!L3i76IttRZ=%{r^-cgtkxErIi9f6wF_Tu2f``U zX60~~^7&Va9gYec=+jYT_}&04Ggsm5B&tRrR*hvtbi!(N>OXbQIHr;E!5p_}(~lz& z3(i0DvaKt%2`LW6W`qf$iwg>GmDo{v*0!oqb}Kc z$!Iy2M(BZMHG`smQP15oQbUqptYXQdUt4|8KF0wF7CfOM2Pdg2>?_cT^kmDn3X9I^ zUZ1n|hV3J*H{`@Bx<6Ry&@pc7>v^JyQ)T|x;HmeF)6OgndV~qxIE~gL611$_;%0tl zE5$|18D?N;ryKP*1!$aP1olzt;@_HVK-YuBE4LsgA z8s)G`@NN|}ASjt8x>^g(b&-Oa?v6UGY0!Ac>dOYanhqWL{_Xdbc+ae);vRoFt(0QnFziKV4guZjRtL>WV=5}NMJsmVQWyb)s`Y-#KDXh?~l`)R~a^On!xlj zv-YM<;X*0`gK4nam5>?Z^NXv|P&9yX#1-(|kbe7xc74-=^gB?J=r;$PzV%BIuFa*# zef7p`-u)$AEyS}G>IPDIX9@*x`k=bGjond;EJUSd@00L^QQzJdUKTSSSRiedfScMp z#nI`%DPaGqocs+ffU>+@D*o`zkZFic@OtH4#|sLxM$QRubeegvH@DhKj15s`1j~Eu z{8_y|+~XzAk3rjNeqY~u?$6ve5q>VDyG+csK|6V1Ju*d(QhfacOGQ06^H0wvx)+xX zgbz1azwCsjd2VwIz;q!%;K-)99*lsyC0i(3h!8^9PQPi_TY~mPD#wZb*@>Ws~4_sGCTp+ z2}KG}g)$pRifojqLp-m;#fi@L;D>UIoPx?(sRr}8IcLr~Up(oiS9QzrSq<`=7}+2M}-C5P8t$4=^ybAOM)!;$PKIJnMbI# zq0n($!hR>a!oXEljX;WXRR}a_(KxWAETc%kQ;GF17bZAGspc-bE0YW}C?JtP428dh zx?>R8U@2Qr0|HP_9Dwwxa<+#hsVcyFQ50udWi0$w(6ju}?sK(kSrXObD!Ex0Pm#r1 zkuAs*xS@gUz~vw{?^C{m(nts6Li&B+H_xguoTzvQF0Kai^~!!E#I(9Aw9Davj^-!O z5Z7~}7}O?Y1L*fWSU?Ekv?J&=R=LGn7dy zsbPy@!iM<*$lPwlW=m)&CHf5$=S%ZKC<|#*C)xxNA30*hy-gw+^*B`%Xl+cJNZ6k2 z`{|ifmPq_u-BF^F_ZG^@gYFX_y z_L{_@iB{dmt5 zfZFu8_U2_ThljJ?1By{9%<^|o0L!eJ2)8IjuJ8@3Srqx@I(JyCmakgXbF)FD$P!+$ z->zT=MV2-1SoZPv-Ak5T(Xui_00*@Xf7%VDu<~of-EUf=FEH`JzFD=J30h?soAROU z2G@8aJ!10U>6?U1V#P8GQJ@?Vh5^Qg?uD}fxk$8?tZ^aYxsCbxLhxuU1-sx&C`&ar zmtZ@oV-HX!ovTZ#W@pSZjJQrUm&z=u(22=|A}X%Q1LzL6NZ1EYQEpsc2+d15 z3Q6N&ncQ+=7-+?C$s#!Q{u?u?NN&mwU`;T_n-a=X;>i6}s(h zD$GFJe5;&sLnP>B5wS!NX?Xm{W>_USY zDKr{4Jq~d{_s@6r-L@g7u7ETx;V={5Mltt#hVQT-(EZQ>PVnV;AlTT%NV+ZTl8+3*u#MKbAD$tHqwFwJr z-Om~Lgn^+SJ8NRk-mGBm&90Kk(~lyncm$bEdrXE*P8zsMW}6=MR$T25Vq?o#)X|2| zM2V@=>4Vv5pG`=TzTg5hHT9DLCh8@KN6P;Gv2W10D55Khy#8+TrpYAMym(nj&~*nZ z5{sD|YCcseoxR0%SeiEIgBys@WlhkI^;;FHSDgd-&c}1}5Q}3QPK5uVtKLsD5uXsd zn5d(rfn?Bse#7DnO5AxZ5XB=B*-P!2ldZBqSuXkzzizs$GrUBrjky_tEII^xrf<#) zG@?bGt!ydFG1`laV_VT5%YM>31~x*Pg6=~&te3>GDSKe``_x5;UiCyy*z0LmI`%K2 z1gUg_bfil{^T=}19Q#1W*S+xUXbe~_R~xN}A51UA_VW_>RFCn$%+K8c(dk@zJ6AkC zMIF8v(p2}&?@~Glq~2Y#V}-r{PL)5zWYEs``Ugb$eNiR!hDH~9Jjixy5 zR7_4$YHTHW!?F1+K+0WAC@7XNi_LcxctuRkKhMsv6X8H_$CJBJP>dE68he?e4rx}% z(mL~wb-HnQ;g0tYB%VQ4dvEJ(8xCRDKGd}f`vwnZD`bRo+w~+291M4i9Rul=Vm6s) zk+KFcWR5&*QIo`X+G^YVS`t7K!!AJ;U4a7m-cJ>j>or;~Ucg+6T`C(lcEXvZR#}PJ zg!Yy=qgevaLa|wXtm!>FBlF%0TxGQDY*^abIX*I@0vQ?CzJ`#Q8J<%{9~gbBTJ>qo zMwoTQ$CBGg{;2o?u88haij{Db@|P%@EV`1Px@}< zL^3?{cO`xVCpeS4=7?HJF0vvGMG~~MHL>Hp+qZC^4O0^A&4tJf5&M+UPMXy`fWSUZ zx3?^|@*l=cZa>oM=ZdA4YnFx>{*Uujv$-&9L-s{2E; zREah2svy3!;0v;cmalP5S#c%1TGe9D|L)wVskNmkG<0`HoT<-+={OSx)rN#92VA@y z#<$=v!xjFq+w)WN;YqcV_iZaY&2IC4Hou%5%Pu?m5bvlZ`N*QLb8owe`tRhPkT}OC zYl%C1ZE&T!p;QkJ^7!9{_bN_rcKV9Q$=!QSArHWpmz^38+Ci-QXOAmQpeK((GA;y`yy~ z6gd(iSw?IVr*9T0l~e7vJ5`JaF>JA|Qj;>APT7;_m-wwc3i>qeRg4y!Xti*o1kR{R zmW2{QOn>cWX=|@CA9i$)iylyddB;?|RN2;vL+7jH@KXZ(!=0wLk?xG#$wJ?8@lEa1 zCo0Ycbc%9ef{^KJrtbA-GXlEZLr?2&f2NAxdGT^~Wpnu^&yl+XJxm%aNr662nHv^Y zPG|q^6^NRGoBXwOFnfl8;kP!9&>}>=%IuPi9Pj0)9%Jz)Y?m5wU4-L-V%jrt0i=p9 zpQ6W^only|dZvumSu38XzA3+BDU+5G!z7H~QL*jp$nis|ji8!PYXsO*b8se8@r|T7 zLGPZc>izHGk2AszSURoVR}`B@RHXrD3jAF(lH!58H(eB*-t{_h94*GWh}M^9eXsuU zq8emK=*>C!1`$E@?3fN8R$Iz;dvz6WNN$P-A%OV}C>h`88_5aHeu=$=p11_ns66NZ z*~Y5}lxo|^Up!eU_uRGoRL@4Gz3zXL=n z?X5f(sB$(u9lk2sdc{kT?ximCa6%kcc8A{$-#!YAW&++7b%tJk2jau%<|{5QHJ8|O zCyY2yGEMhiqo}-;*dAWtVWr}kwiE(35O`ErGA ztwU~%grO(EC*WMK$3Qp6U-X^N=p<#6JoIFKx*ovXrxs=RH!y`Skd%-7YN0KtP#8Yd zOJ(xRwkys-#)wVW(}X7)Jv?epM6X<0Zs3nNp_vR9ydKs9HqL3a!WaguUXQ9A)}}5M z-`RPrLNacUrjdhyGgph<3a2GiySwNGopr71v3|a0Tb9CZBl?~6KXbP)Qia66E2=`; z-t@4kStfFYOtqBZ09wb%2Br~HFfWsspe9E;1M%SLE5V})eWpE95lA!-Tnj-qJkj_S zQA--fE2h!c-5<*qs=H!^kgyT?%Nuk^Ft`zgV|=$hENwbnE@^)9PW9NQ>8z|3p?EY% z^F+fZihcm9QO1liy$uA;hRWv6(giwx9hka>1wE4Xo#~^E_c1^agJF_DiMH$YpSYL{ zbFXYMkdt|H%qMP0=hHDAJnyiC+vPqqOZBt7TyER%O)56nqHdjKVDj+ji_|2G?%cy& z==hZrP)^ICnjHX3g6WCzt&U_19z7=&oyFIL>9s=;SXQ*Uu;gNW6;gu^o*fTr{pYBw zKoTy-ixqz*Mg1QtA>VrBbaNfC7f(lC)?s zFPv|gfxmoYxd0z5Rl}gGq)s4Vc^{F}CSHu{ppx@IcN+%fJLDZ)6ZF19^`GVxT zhf+;0a9?LziB$PIH`rXLXOKkP7!P<$X;1yDwCN?M*9R8*5xGWr9dShez^==bLHOG5 ziFlgBr(u^4OitZ6@HMqH9-=(L*!mJyx9F^=GFoL;*lM0nHQNm>Vd|dfTDeJe6rmq* zk)SI9||E}@LQ=@gT$aU8S7-}iqRSW@it{l{ckqgJm;kl+O>X4~P z(~_tnDEIPN7BH+3{?AFK6|=8y%rleeLCxm#`YL~tpMC34QI6Nq!&T#!KoWE@d3i0= zS23BZ#(FTl-MQUGvfWm7uuyp3T)f~3eW0ypewAM zw1IPn&XYhm+`D#N580=?cX?(~=@8#XVwGbp-qly7p+B7ivuDQvUE^!eU0%;@kdS;I zO1ukoQII;Z4~`G1h4R@nozH@Ze2p@P%URsTP1BDi`FR3p8mGvDN*#)1gQ9hJgG_vu5ktmwSua$2 zZXbivX3?C{xe$cu=_5A;IIa^x`b)jIX`c7Bg|Rv@dB!@w5NLKJ6`FY39ExsXj(XfR zjD44`JCzzXO$NFv-W$0*#0=h5U>8k|p|7?TX4sy)Buh4@>T|=^Uk|ni3>c;;QnH#1 zUba0%l$r4-bK-)p--gX3iF8*SF}%r24$Hj(D%?Zor&CLH^iGe>Ix!V^rvvonyB*}&ZHpSE1qxd11JTW81P<1dBgb#>uT z?Z|3Qy?32x@8RnwFp-SHF)(|1J^nE^LsQsXAker78+a@nqY!)YC@QV^lM8Uen@8m^ zr6z5v%)xhCZ>l@-g4Dlw{hi&J<|zF7LnYK5gv1gl1@}P-e=)TPwb>^$k6C_Ova=Jt z;6-md>`};c-`0eIp|`q_X(qH|`M__IU=8iSMy+Y|8&O!gZUQ5^KVTtJb^LYESJUfg zVkzTu#_OG*UdbcM*7`QloP0xZr@ypKev}a|-13xu{^dsX40=WkYh72NYtF zXwjpfYVXAdxQMV{P^d>l%I@k2{S%=G-MI_E)As64C!YIQ4Oe&m8rL_8BMiZdi0xBx z2aRawD?1aC=Q}?Tvi~*Z=DZKK$5)We)CJBSCB#<=FfKJ4z#oV6w3ZuI4;R-l7X}3R zlm&(+4#?9K5s|m7)`3%Mu1CN^+Aws2IMbjGytahXN2-HD(HHXbNA%BuUCR~lBle`m zAc(0zCcyTr0IYzQQTH@70n{W3R6>_Q6o3;of{MeU#19DXeU@ibK13!61i{vXggK19 zq1e;!BH^wBgR4Wa?jy#p)CVC2nF2&@A;eNpS4mVMUnnnxv|y1Z=})R-DK^lYPtOVL z_Wy+^P$)+#{xs@bPFH z7*fHTa6QxKac_2v*X7!S-kn&x1T@D@`MK5~9pv6V8#QUoelP60#G_=8WXrF^=ecfHw z%BmMv=Co|MQL|S0OlcqXZ*I&j$i$mX>2F-XTv@Q+kYH~iohULx_S(`ZLFt|qC5FOh zyX`8fIqDN62X2g9#KGC;>P7FI7PZ)m#;%it2WKd2!JJoTdhB^gMeNn5e~jGkin$Tv zhP0%)!~eQa^}q@V&}H$(cy3p$1#Yjgts>c;dn5Ooddfy0HC~ef_x6X6|4Lk*OZQ!v z4lV-j!Z<-`iqQ@4Ov*IGvQs9z6CHiqe}{wneO8mj`f9HT_F!f$^Nf!~PeauHts~oA zY8*H8RGb~daGH($aAsf2_C~`i9~?aH8}_{j=tpMSCrPWiv!!|8uk9Ttcmk3&FVn`e zweCWX=5QI;Ulc8n!ge97D&4u)FD(fsoG=Mk8s49f$eEq z5z#A?*w{rG~>?kpA~~l zYl@|sytkL@(ZQZ=|MF)4UP$arq_~R2sFZu)$DJ6(v+#TlcXb4WXp;MaO!s&2UnhVR z$ONsQ&%=wycIGmK>TUe3C){0OUXf^o%!c|p<5Fo;24XIYbJs4U7>b)ShbNX{TSzh` zJtl_%Km>he@{GpvjQ;R7qqK$7?gC}kGJp(xXKf;V^9@{R&0p@g811|`bj86B3(wr> ztVLW1MI7KshHq69>=K2Tf0lvX%v(tqB_5x>)6)aFmEcd#hQZr zQvD4k1Njx*85x*zu$YOD0J zUl)_9{^@0ebL0Qaa&lgE?PbNK)RJOkPS9X8^mfM0h`crAu=u(3d1kcy>K^J(47BP= z>9nn~ENYX9sH%CN)G4zWNP)Kc%6eJtsX0{HLRK#2K~rAhMk{^p!G+Pk=n9)RIuH7OgcNy4NDZONv0_+`O@RcY+|5M#gOExub4k{ z$i!btrPw(mnlv?@f1Nt0a^>4T4Px*CT;f@XVzaT!fSFa&_!#(3w7h{QRm`|Km6841 zs&OeEYnsK#8QG;}vd@eq$ zeF1_Hsfe>X#t2GQUXPV^bTCCX^krJJ9GOTLmz7DuxB}J`%1H?YL$+Z_$WGS5LqS{6 zr>#{{HKuF^3#dKCLWf=6DHCCW}Q9|jX+GRK|Oj$9MKyA42v+X6FFSYunPMA-dVG| zxQ*Yap8>}>0688rI`Nkp09nO-_HK+y!;`ta^Pl<$7jpYqx8*-h= z?niYiuT`6>OF6qMLZ|64`cx9`_;i){m!x4sr3L#phGsvM|Z4y&-R7ETq zAm*b{#WHcVgyhm^Y{d%3@goVPdBP(uDbBh&J5X6z?>;v$)9lodu=$EBN#CKZCx5CZ zBGNfm)s#~Z-Q825lw=>YJHT`sO62NyIQxSc--eV%!F2GX7x}<00o0LBo#NxfF@iZ)X3MHgo^v}dQLirGZf*qwq;1+sdW^% z{O)lQ#}uHL8P9`KLN3e8RL|9>oU$n%4JvLsiOkXJLLc?1zamnV^-=Jv9FYcG5D`BG zkHjFUoSZx5G+~XE(0@Uj3do>lcv9x&%6F$^ILQjINz1sHW=%-PBU>(QBoh(w2xFQ& z;$O%!MKd>Nldiju8Ec1Y9VOGf8qNs7=Bb^5m$*gGDW~cUCDLMiPYdZw+*v`irwJ6; zydS!zI8rf?rl_`q;>_GZTc=qwjA24QA}`K zp9;-HJR}sB9f_ghF11q$0Cw*viTHsW88IutVy z3#6417bt0!lw?f^ut{){Z|uCVVkXw80q5yQqoG!77{LLKOJgPaou5c)VXAI zi{U%$&X}U3y(J!sNG{{s?Nh*b6h_F(R2_43$-|`{ z(cJx#t~L};a6b%o$r_(Z`yJI^jDvQJ%`DO)cFfHus@zLX$g$5y{d&k){yj_$WHK>t zePZp9`ic8L&C+4TAhjj;T{f#kuBi(}Xe=}5wl1^J?(vp#gE_Fz^Tt>P*DTvGYk|)NY29Cb# zOWrp7#&bEU@uqk=>fuh5J`{Ts?M@KA>%tz@bH|r9q~so-?yGT&K0F#TB%3{G=lryB z*N!@p_m0JP#TjwLCpys39h>mr$jTn~I#QZBs``Po4+qwLx6^S(cRO`gtTj4cHi5o4cU#vb8glt-dDYwuhDcI!Go*!S8eRJ>P zIP~u_Fb7S> z{4AbUZ0+o2OhfoBG}+hd>Fiw z_c1<(6I#A5ZqKgK&)osNcCGeu8`wl7o^V+iXUK#n&4;nf_h5&$)x%~-o7-)QVA}&1;iS{M;CFo#t>1*(UwXVFJt-|bnGu>u zvy=whT*albA024XhHqa+Ol^7U0zaYgpN@hBzD$SmdwH5#q5cSA>%f&`a|WTK4>yI` zvGzR1^wrW)qMQ}x2Wi{miRR^&Xed`%)#VEK! zgVpkVo*7h75i6FxA29dWF#k;aT-|`ZQI>(-agE+@r=RICGivWq2UgNew+81^DJ`g5 z&S19^8t-P>f4rHrI48x+EGsFqj;P*3=3Zo@|32Au(A!s1t5C#2TD@E(?%*Fij%2sjq589%9d?0O#TFZH*_n{lqX+&_Y~H#d7Z z8+H4JCFpz-a09jaL9TAlYOY~8#-f6=d;|(SXk*d90i8H1%o?rP(FPfyjTuCNGiE>w zUHWg2R&;&VzP|Q2pmvgr*~esB1stykF2dqEKlSU3tsdIAJgUsN=-k|5@Mjg=WUo_B zw|M1uj*UwB>-Jn6II~nQfz&R5;XcrF`Owze8fztHe+mQm9MDH9JjJ4a(Datg@*dnXG!TVVrd6MS-EPDXkL4tfT9rr(x@k&T9)m5iRA z?024wo$>!~in61Dy}gMsKAot6wUY@XoxHM$I<4scY2?a-nohDX1`^ybh`<0Mhd)G= z(~y%>FaiOF2%?gpA`(adIg&uaeV<`Kt_g<+qH-*PT!M&*0xBSvBc~8i5o16|!_j{&~5`vxYTt+V9a_i|B@o-zNvMavC6zPEepEPL!yu zD@sD>Lw-JS9oY}U>ge~x=DAhH;X>DFST7}R+iojV zVoILPF-M&3o7kacccPMeWd)`dchC^qZ}8`s1BxlE?|qEi3R zc5O&?DHlxD%s^4HHF7)~AU!?z*j`xu5>(O7IVod&9I8}0vCpP*svT$6FViKnTdnHc zE}h>p_pq0jTFaCNpYxyYwS^VN$VY#OzgWWR^`G+u4z=7bbSRr=)jzqSyU4Nrx)NL; zuKhx3(6f7kky?WpcVG2wQY&UN?^i-njBRU(Assb(yufSUW`%d*CL~livsCsN)4YJ(R(R&U2=ZiZUJHnRmy6{ za!pzuePPdxE_MYxm4D-F)D5Dl%wZbLzkK)*h-wOWmCdlx+(=H!gw(S=M(GOY zJl3njRTQdSl1$bmS%P;{3-bfRY->Maq=JFO&58b5_M`7~y6tfOfGnZA}8ohi5485uDPN9 zNfJA;Bc{DJD4pc=Yids4wKUd9@vWs6A!o<{`^?HXpp$OBQxkVmZJ!bG@lfg*>2qgq zidMX~pp<+6!pRs6zg94{i8+1R5OFJD_M>t~Ih7ARP-I;JVKoLYHCa~Lx2r2@+0Lcg z!8RP0bb9`gx!6fHyk)v~q?{mVm+DLHy?2*73DqHOT|4)`)26xbOk8-nv6C3kkn@Fr zwBDYSTVwZ9n~hN})_ia3ov+W1O%QmVt8T_F>7U2$xx6#x={YV#mb{l#28{@q8-%B|Yqfq?{z*eT@IEJM zX3|u#?Py|BtR-Gf&;F)Ofj|b{uv|et=WmT|EXj5`8&&bZ^7ehwYufPAug#}t(Z|+M z*IkCQX$6yY&SsVK>?O0Prg(lcV$ACeez@pO@|UlEQTb)W@$WqMtLD5+(HfDH46*N0 zJ0B9%|5szc{G~DcfoRUhDV|W6EtO0O1HNe3w4KPSE z;QyNlwwppLiFr@#bIb%JYMpa7x?cIfWW#}0XsFZ*n( zdgbuX@n!nM5&cVq7iqrMFMSfO$d&JJz#h%6!rk4YXz9Noii0_R^A>vs@ba3A!Bk}F zYn!Xtb?TB<+8GrkDtGSXs?27X{B&|mG%MI{&WA3=jN8%3JaX!Q0$*h9aN`+T66BDZ zh-t9W%M&Y!Y2}A1rls{iU@i?Zx0{N?+BA2Ga@|1q_c#e&zEOzegWK^85xqPVo3GK{YCDy{62K9KGf}IX#3|nXO%f*Uu4kXeqEcSy8Gg zpHdUCdXxJPB~?r&dEQj8nfveyJ+k5nS0XKv=-3+9@(q#&QuY{bLWiw3L@hoqh`h^C hEwLT^?}N!;k^-5b!fOWIAe*u0V5q|&x literal 0 HcmV?d00001 diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/spec/fee_distribution/f1_fee_distr.tex b/copy-of-sdk-versioned_docs/version-0.47/build/spec/fee_distribution/f1_fee_distr.tex new file mode 100644 index 00000000..b6bb6b32 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/spec/fee_distribution/f1_fee_distr.tex @@ -0,0 +1,245 @@ +\documentclass[]{article} +\usepackage{hyperref} + +%opening +\title{F1 Fee Distribution Draft-02} +\author{Dev Ojha} + +\begin{document} + +\maketitle + +\begin{abstract} + In a proof of stake blockchain, validators need to split the rewards gained from transaction fees each block. Furthermore, these fees must be fairly distributed to each of a validator's constituent delegators. They accrue this reward throughout the entire time they are delegated, and they have a special operation to withdraw accrued rewards. + + The F1 fee distribution scheme works for any algorithm to split funds between validators each block, with minimal iteration, and the only approximations being due to finite decimal precision. Per block there is a single iteration over the validator set, to enable reward algorithms that differ by validator. No iteration is required to delegate, or withdraw. The state usage is one state update per validator per block, and one state entry per active delegation. It can optionally handle arbitrary inflation schemes, and auto-bonding of rewards. +\end{abstract} + +\section{F1 Fee Distribution} + +\subsection{Context} +In a proof of stake blockchain, each validator has an associated stake. +Transaction fees get rewarded to validators based on the incentive scheme of the underlying proof of stake model. +The fee distribution problem occurs in proof of stake blockchains supporting delegation, as there is a need to distribute a validator's fee rewards to its delegators. +The trivial solution of just giving the rewards to each delegator every block is too expensive to perform on-chain. +So instead fee distribution algorithms have delegators perform a withdraw action, which when performed yields the same total amount of fees as if they had received them at every block. + +This details F1, an approximation-free, slash-tolerant fee distribution algorithm which allows validator commission-rates, inflation rates, and fee proportions, which can all efficiently change per validator, every block. +The algorithm requires iterating over the bonded validators every block, and withdraws require no iteration. +This is cheap, due to staking logic already requiring iteration over all validators, which causes the expensive state-reads to be cached. + +The key point of how F1 works is that it tracks how much rewards a delegator with 1 stake for a given validator would be entitled to if it had bonded at block 0 until the latest block. +When a delegator bonds at block $b$, the amount of rewards a delegator with 1 stake would have if bonded at block 0 until block $b$ is also persisted to state. +When the delegator withdraws, they receive the difference of these two values. +Since rewards are distributed according to stake-weighting, this amount of rewards can be scaled by the amount of stake a delegator had. +Section 1.2 describes this in more detail, with an argument for it being approximation free. +Section 2 details how to adapt this algorithm to handle commission rates, slashing, and inflation. + +\subsection{Base algorithm} +In this section, we show that the F1 base algorithm gives each delegator rewards identical to that which they'd receive in the naive and correct fee distribution algorithm that iterated over all delegators every block. + +Even distribution of a validators rewards amongst its validators weighted by stake means the following: +Suppose a delegator delegates $x$ stake to a validator $v$ at block $h$. +Let the amount of stake the validator has at block $i$ be $s_i$ and the amount of fees they receive at this height be $f_i$. +Then if a delegator contributing $x$ stake decides to withdraw at block $n$, the rewards they receive are +$$\sum_{i = h}^{n} \frac{x}{s_i}f_i = x \sum_{i = h}^{n} \frac{f_i}{s_i}$$ + +Note that $s_i$ does not change every block, +it only changes if the validator gets slashed, +or if any delegator alters the amount they have delegated. +We'll relegate handling of slashes to \autoref{ssec:slashing}, +and only consider the case with no slashing here. +We can change the iteration from being over every block, to instead being over the set of blocks between two changes in validator $v$'s total stake. +Let each of these set of blocks be called a period. +A new period begins every time that validator's total stake changes. +Let the total amount of stake for the validator in period $p$ be $n_p$. +Let $T_p$ be the total fees that validator $v$ accrued in period $p$. +Let $h$ be the start of period $p_{init}$, and height $n$ be the end of $p_{final}$. +It follows that +$$x \sum_{i = h}^{n} \frac{f_i}{s_i} = x \sum_{p = p_{init}}^{p_{final}} \frac{T_p}{n_p}$$ + +Let $p_0$ represent the period which begins when the validator first bonds. +The central idea to the F1 model is that at the end of the $k$th period, +the following is stored at a state location indexable by $k$: $\sum_{i=0}^{k}\frac{T_i}{n_i}$. +Let the index of the current period be $f$. +When a delegator wants to delegate or withdraw their reward, they first create a new entry in state to end the current period. +Then this entry is created using the previous entry as follows: +$$Entry_f = \sum_{i=0}^{f}\frac{T_i}{n_i} = \sum_{i=0}^{f-1}\frac{T_i}{n_i} + \frac{T_f}{n_f} = Entry_{f-1} + \frac{T_f}{n_f}$$ +Where $T_f$ is the fees the validator has accrued in period $f$, and $n_f$ is the validators total amount of stake in period $f$. + +The withdrawer's delegation object has the index $k$ for the period which they ended by bonding. (They start receiving rewards for period $k + 1$) +The reward they should receive when withdrawing is: + +$$x \sum_{i = k + 1}^{f} \frac{T_i}{n_i} = x\left(\left(\sum_{i=0}^{f}\frac{T_i}{n_i}\right) - \left(\sum_{i=0}^{k}\frac{T_i}{n_i}\right)\right) = x\left(Entry_f - Entry_k\right)$$ + +It is clear from the equations that this payout mechanism maintains correctness, and requires no iterations. It just needed the two state reads for these entries. + +$T_f$ is a separate variable in state for the amount of fees this validator has accrued since the last update to its power. +This variable is incremented at every block by however much fees this validator received that block. +On the update to the validators power, this variable is used to create the entry in state at $f$, and is then reset to 0. + +This fee distribution proposal is agnostic to how all of the blocks fees are divied up between validators. +This creates many nice properties, for example it is possible to only rewarding validators who signed that block. + +\section{Additional add-ons} +\subsection{Commission Rates} +Commission rates are the idea that a validator can take a fixed $x\%$ cut of all of their received fees, before redistributing evenly to the constituent delegators. +This can easily be done as follows: + +In block $h$ a validator receives $f_h$ fees. +Instead of incrementing that validators ``total accrued fees this period variable" by $f_h$, it is instead incremented by $(1 - commission\_rate) * f_p$. +Then $commission\_rate * f_p$ is deposited directly to the validator's account. +This allows for efficient updates to a validator's commission rate every block if desired. +More generally, each validator could have a function which takes their fees as input, and outputs a set of outputs to pay these fees too. (i.e. x\% going to themselves, y\% to delegators, z\% burnt) + +\subsection{Slashing} +\label{ssec:slashing} +Slashing is distinct from withdrawals, since it lowers the stake of all of the delegator's by a fixed percentage. +Since no one is charged gas for slashes, a slash cannot iterate over all delegators. +Thus we can no longer just multiply by $x$ over the difference in stake. +This section describes a simple solution that should suffice for most chains needs. An asymptotically optimal solution is provided in section 2.4. +TODO: Consider removing this section in favor of just using the current section 2.4? + +The solution here is to instead store each period created by a slash in the validators state. +Then when withdrawing, you must iterate over all slashes between when you started and ended. +Suppose you delegated at period $0$, a y\% slash occured at period $2$, and your withdrawal creates period $4$. +Then you receive funds from periods $0$ to $2$ as normal. +The equations for funds you receive for periods $2$ to $4$ now uses $(1 - y)x$ for your stake instead of just $x$ stake. +When there are multiple slashes, you just account for the accumulated slash factor. + +In practice this will not really be an efficiency hit, as the number of slashes is expected to be 0 or 1 for most validators. +Validators that get slashed more will naturally lose their delegators. +A malicious validator that gets itself slashed many times would increase the gas to withdraw linearly, but the economic loss of funds due to the slashes is expected to far out-weigh the extra overhead the honest withdrawer must pay for due to the gas. +(TODO: frame that above sentence in terms of griefing factors, as thats more correct) + +\subsection{Inflation} +Inflation is the idea that we want every staked coin to create more staking tokens as time progresses. +The purpose being to drive down the relative worth of unstaked tokens. +Each block, every staked token should produce $x$ staking tokens as inflation, where $x$ is calculated from a function $inflation$ which takes state and the block information as input. +Let $x_i$ represent the evaluation of $inflation$ in the $i$th block. +The goal of this section is to auto-bond inflation in the fee distribution model without iteration. +This is done by preserving the invariant that every state entry contains the rewards one would have if they had bonded one stake at genesis until that corresponding block. + +In state a variable should be kept for the number of tokens one would have now due to inflation, +given that they bonded one token at genesis. +This is $\prod_{0}^{now} (1 + x_i)$. +Each period now stores this total inflation product along with what it already stores per-period. + +Let $R_i$ be the fee rewards in block $i$, and $n_i$ be the total amount bonded to that validator in that block. +The correct amount of rewards which 1 token at genesis should have now is: +$$Reward(now) = \sum_{i = 0}^{now}\left(\prod_{j = 0}^{i} 1 + x_j \right) * \frac{R_i}{n_i}$$ +The term in the sum is the amount of stake one stake becomes due to inflation, multiplied by the amount of fees per stake. + +Now we cast this into the period frame of view. +Recall that we build the rewards by creating a state entry for the rewards of the previous period, and keeping track of the rewards within this period. +Thus we first define the correct amount of rewards for each successive period, proving correctness of this via induction. +We then show that the state entry that gets efficiently built up block by block is equal to this value for the latest period. + +Let $start, end$ denote the start/end of a period. + +Suppose that $\forall f > 0$, $Reward(end(f))$ is correctly constructed as +$$Reward(end(f)) = Reward(end(f-1)) + \sum_{i = start(f)}^{end(f)}\left(\prod_{j = 0}^{i} 1 + x_j \right) \frac{R_i}{n_i}$$ +and that for $f = 0$, $Reward(end(0)) = 0$. +(With period 1 being defined as the period that has the first bond into it) +It must be shown that assuming the supposition $\forall f \leq f_0$, $$Reward(end(f_0 + 1)) = Reward(end(f_0)) + \sum_{i = start(f_0 + 1)}^{end(f_0 + 1)}\left(\prod_{j = 0}^{i} 1 + x_j \right) \frac{R_i}{n_i}$$ +Using the definition of $Reward$, it follows that: +$$\sum_{i = 0}^{end(f_0 + 1)}\left(\prod_{j = 0}^{i} 1 + x_j \right) * \frac{R_i}{n_i} = \sum_{i = 0}^{end(f_0)}\left(\prod_{j = 0}^{i} 1 + x_j \right) * \frac{R_i}{n_i} + \sum_{i = start(f_0 + 1)}^{end(f_0 + 1)}\left(\prod_{j = 0}^{i} 1 + x_j \right) \frac{R_i}{n_i}$$ + +Since the first summation on the right hand side is $Reward(end(f_0))$, the supposition is proven true. +Consequently, the reward for just period $f$ adjusted for the amount of inflation 1 token at genesis would produce, is: +$$\sum_{i = start(f)}^{end(f)}\left(\prod_{j = 0}^{i} 1 + x_j \right) \frac{R_i}{n_i}$$ + +TODO: make this proof + pre-amble less verbose, and just wrap up into a lemma. +Maybe just leave this proof or the last part to the reader, since it easily follows from summation bounds. + +Now note that +$$\sum_{i = start(f)}^{end(f)}\left(\prod_{j = 0}^{i} 1 + x_j \right) \frac{R_i}{n_i} = \left(\prod_{j = 0}^{end(f - 1)} 1 + x_j \right)\sum_{i = start(f)}^{end(f)}\left(\prod_{j = start(f)}^{i} 1 + x_j \right) \frac{R_i}{n_i}$$ +By definition of period, and inflation being applied every block, \\ +$n_i = n_{start(f)}\left(\prod_{j = start(f)}^{i} 1 + x_j \right)$. This cancels out the product in the summation, therefore +$$\sum_{i = start(f)}^{end(f)}\left(\prod_{j = 0}^{i} 1 + x_j \right) \frac{R_i}{n_i} = \left(\prod_{j = 0}^{end(f - 1)} 1 + x_j \right)\frac{\sum_{i = start(f)}^{end(f)}R_i}{n_{start(f)}}$$ + +Thus every block, each validator just has to add the total amount of fees (The $R_i$ term) that goes to delegates to some per-period term. +When creating a new period, $n_{start(f)}$ can be cached in state, and the product is already stored in the previous periods state entry. +You then get the next period's $n_{start(f)}$ from the consensus' power entry for this validator. +This is thus extremely efficient per block. + +When withdrawing, you take the difference as before, +which yields the amount of rewards you would have obtained with $(\prod_0^{begin\ bonding\ period}1 + x)$ stake from the block you began bonding at until now. +$(\prod_0^{begin\ bonding\ period}1 + x)$ is known, since its included in the state entry for when you bonded. +You then divide the entitled fees by $(\prod_0^{begin\ bonding\ period}1 + x)$ to normalize it to being the amount of rewards you're entitled to from 1 stake at that block to now. +Then as before, you multiply by the amount of stake you had initially bonded. +\\TODO: (Does the difference equating to that make sense, or should it be shown explicitly) +\\TODO: Does this need to explain how the originally bonded tokens are refunded, or is that clear? + +The inflation function could vary per block, +and per validator if ever a need rose. +If the inflation rate is the same for everyone then there can be a single global store for the entries corresponding to the product of inflations. +Inflation creation can trivially be epoched as long as inflation isn't required within the epoch, through changes to the $inflation$ function. + +\subsection{Withdrawing with no iteration over slashes} +Notice that a slash is the same as a negative inflation rate for a validator in one block. +For example a $20\%$ slash is equivalent to a $-20\%$ inflation for a validator in a block. +Given correctness of auto-bonding inflation with different inflation rates per-validator, +it follows that handling slashes can be correctly done by simply subtracting the validators inflation factor in that block to be the negative of the slash factor. +This significantly simplifies the withdrawal procedure. + +\subsection{Auto bonding fees} +TODO: Fill this out. +Core idea: you use the same mechanism as previously, but you just don't take that optimization with $n_{i}$ and the $n_{start}$ relation. +Fairly simple to do. + +\subsection{Delegation updates} +Updating your delegation amount is equivalent to withdrawing earned rewards and a fully independent new delegation occurring in the same block. +The same applies for redelegation. +From the view of fee distribution, partial redelegation is the same as a delegation update + a new delegation. + +\subsection{Jailing / being kicked out of the validator set} +This basically requires no change. +In each block you only iterate over the currently bonded validators. +So you simply don't update the "total accrued fees this period" variable for jailed / non-bonded validators. +Withdrawing requires \textit{no} special casing here! + +\section{State Requirements} +State entries can be pruned quite effectively. +Suppose for the sake of exposition that there is at most one delegation / withdrawal to a particular validator in any given block. +Then each delegation is responsible for one addition to state. +Only the next period, and this delegator's withdrawal could depend on this entry. Thus once this delegator withdraws, this state entry can be pruned. +For the entry created by the delegator's withdrawal, that is only required by the creation of the next period. +Thus once the next period is created, that withdrawal's period can be deleted. + +This can be easily adapted to the case where there are multiple delegations / withdrawals per block, by maintaining a reference count in each period starting state entry. + +The slash entries for a validator can only be pruned when all of that validator's delegators have their bonding period starting after the slash. +This seems ineffective to keep track of, thus it is not worth it. +Each slash should instead remain in state until the validator unbonds and all delegators have their fees withdrawn. + +\section{Implementers Considerations} +TODO: Convert this section into a proper conclusion + +This is an extremely simple scheme with many nice benefits. +\begin{itemize} + \item The overhead per block is a simple iteration over the bonded validator set, which occurs anyway. (Thus it can be implemented ``for-free" with an optimized code-base) + \item Withdrawing earned fees only requires iterating over slashes since when you bonded. (Which is a negligible iteration) + \item There are no approximations in any of the calculations. (modulo minor errata resulting from fixed precision decimals used in divisions) + \item Supports arbitrary inflation models. (Thus could even vary upon block signers) + \item Supports arbitrary fee distribution amongst the validator set. (Thus can account for things like only online validators get fees, which has important incentivization impacts) + \item The above two can change on a live chain with no issues. + \item Validator commission rates can be changed every block + \item The simplicity of this scheme lends itself well to implementation +\end{itemize} + +Thus this scheme has efficiency improvements, simplicity improvements, and expressiveness improvements over the currently proposed schemes. With a correct fee distribution amongst the validator set, this solves the existing problem where one could withhold their signature for risk-free gain. + +\section{TO DOs} + +\begin{itemize} + \item A global fee pool can be described. + \item Mention storage optimization for how to prune slashing entries in the uniform inflation and iteration over slashing case + \item Add equation numbers + \item perhaps re-organize so that the no iteration + \item Section on decimal precision considerations (would unums help?), and mitigating errors in calculation with floats and decimals. -- This probably belongs in a corrollary markdown file in the implementation + \item Consider indicating that the withdraw action need not be a tx type and could instead happen 'transparently' when more coins are needed, if a chain desired this for UX / p2p efficiency. +\end{itemize} + + +\end{document} diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/spec/ics/README.md b/copy-of-sdk-versioned_docs/version-0.47/build/spec/ics/README.md new file mode 100644 index 00000000..ce0cf31a --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/spec/ics/README.md @@ -0,0 +1,3 @@ +# Cosmos ICS + +* [ICS030 - Signed Messages](ics-030-signed-messages.md) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/spec/ics/ics-030-signed-messages.md b/copy-of-sdk-versioned_docs/version-0.47/build/spec/ics/ics-030-signed-messages.md new file mode 100644 index 00000000..a7c56715 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/spec/ics/ics-030-signed-messages.md @@ -0,0 +1,192 @@ +# ICS 030: Cosmos Signed Messages + +>TODO: Replace with valid ICS number and possibly move to new location. + +* [Changelog](#changelog) +* [Abstract](#abstract) +* [Preliminary](#preliminary) +* [Specification](#specification) +* [Future Adaptations](#future-adaptations) +* [API](#api) +* [References](#references) + +## Status + +Proposed. + +## Changelog + +## Abstract + +Having the ability to sign messages off-chain has proven to be a fundamental aspect +of nearly any blockchain. The notion of signing messages off-chain has many +added benefits such as saving on computational costs and reducing transaction +throughput and overhead. Within the context of the Cosmos, some of the major +applications of signing such data includes, but is not limited to, providing a +cryptographic secure and verifiable means of proving validator identity and +possibly associating it with some other framework or organization. In addition, +having the ability to sign Cosmos messages with a Ledger or similar HSM device. + +A standardized protocol for hashing, signing, and verifying messages that can be +implemented by the Cosmos SDK and other third-party organizations is needed. Such a +standardized protocol subscribes to the following: + +* Contains a specification of human-readable and machine-verifiable typed structured data +* Contains a framework for deterministic and injective encoding of structured data +* Utilizes cryptographic secure hashing and signing algorithms +* A framework for supporting extensions and domain separation +* Is invulnerable to chosen ciphertext attacks +* Has protection against potentially signing transactions a user did not intend to + +This specification is only concerned with the rationale and the standardized +implementation of Cosmos signed messages. It does **not** concern itself with the +concept of replay attacks as that will be left up to the higher-level application +implementation. If you view signed messages in the means of authorizing some +action or data, then such an application would have to either treat this as +idempotent or have mechanisms in place to reject known signed messages. + +## Preliminary + +The Cosmos message signing protocol will be parameterized with a cryptographic +secure hashing algorithm `SHA-256` and a signing algorithm `S` that contains +the operations `sign` and `verify` which provide a digital signature over a set +of bytes and verification of a signature respectively. + +Note, our goal here is not to provide context and reasoning about why necessarily +these algorithms were chosen apart from the fact they are the defacto algorithms +used in CometBFT and the Cosmos SDK and that they satisfy our needs for such +cryptographic algorithms such as having resistance to collision and second +pre-image attacks, as well as being [deterministic](https://en.wikipedia.org/wiki/Hash_function#Determinism) and [uniform](https://en.wikipedia.org/wiki/Hash_function#Uniformity). + +## Specification + +CometBFT has a well established protocol for signing messages using a canonical +JSON representation as defined [here](https://github.com/cometbft/cometbft/blob/master/types/canonical.go). + +An example of such a canonical JSON structure is CometBFT's vote structure: + +```go +type CanonicalJSONVote struct { + ChainID string `json:"@chain_id"` + Type string `json:"@type"` + BlockID CanonicalJSONBlockID `json:"block_id"` + Height int64 `json:"height"` + Round int `json:"round"` + Timestamp string `json:"timestamp"` + VoteType byte `json:"type"` +} +``` + +With such canonical JSON structures, the specification requires that they include +meta fields: `@chain_id` and `@type`. These meta fields are reserved and must be +included. They are both of type `string`. In addition, fields must be ordered +in lexicographically ascending order. + +For the purposes of signing Cosmos messages, the `@chain_id` field must correspond +to the Cosmos chain identifier. The user-agent should **refuse** signing if the +`@chain_id` field does not match the currently active chain! The `@type` field +must equal the constant `"message"`. The `@type` field corresponds to the type of +structure the user will be signing in an application. For now, a user is only +allowed to sign bytes of valid ASCII text ([see here](https://github.com/cometbft/cometbft/blob/v0.37.0/libs/strings/string.go#L35-L64)). +However, this will change and evolve to support additional application-specific +structures that are human-readable and machine-verifiable ([see Future Adaptations](#future-adaptations)). + +Thus, we can have a canonical JSON structure for signing Cosmos messages using +the [JSON schema](http://json-schema.org/) specification as such: + +```json +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$id": "cosmos/signing/typeData/schema", + "title": "The Cosmos signed message typed data schema.", + "type": "object", + "properties": { + "@chain_id": { + "type": "string", + "description": "The corresponding Cosmos chain identifier.", + "minLength": 1 + }, + "@type": { + "type": "string", + "description": "The message type. It must be 'message'.", + "enum": [ + "message" + ] + }, + "text": { + "type": "string", + "description": "The valid ASCII text to sign.", + "pattern": "^[\\x20-\\x7E]+$", + "minLength": 1 + } + }, + "required": [ + "@chain_id", + "@type", + "text" + ] +} +``` + +e.g. + +```json +{ + "@chain_id": "1", + "@type": "message", + "text": "Hello, you can identify me as XYZ on keybase." +} +``` + +## Future Adaptations + +As applications can vary greatly in domain, it will be vital to support both +domain separation and human-readable and machine-verifiable structures. + +Domain separation will allow for application developers to prevent collisions of +otherwise identical structures. It should be designed to be unique per application +use and should directly be used in the signature encoding itself. + +Human-readable and machine-verifiable structures will allow end users to sign +more complex structures, apart from just string messages, and still be able to +know exactly what they are signing (opposed to signing a bunch of arbitrary bytes). + +Thus, in the future, the Cosmos signing message specification will be expected +to expand upon it's canonical JSON structure to include such functionality. + +## API + +Application developers and designers should formalize a standard set of APIs that +adhere to the following specification: + +----- + +### **cosmosSignBytes** + +Params: + +* `data`: the Cosmos signed message canonical JSON structure +* `address`: the Bech32 Cosmos account address to sign data with + +Returns: + +* `signature`: the Cosmos signature derived using signing algorithm `S` + +----- + +### Examples + +Using the `secp256k1` as the DSA, `S`: + +```javascript +data = { + "@chain_id": "1", + "@type": "message", + "text": "I hereby claim I am ABC on Keybase!" +} + +cosmosSignBytes(data, "cosmos1pvsch6cddahhrn5e8ekw0us50dpnugwnlfngt3") +> "0x7fc4a495473045022100dec81a9820df0102381cdbf7e8b0f1e2cb64c58e0ecda1324543742e0388e41a02200df37905a6505c1b56a404e23b7473d2c0bc5bcda96771d2dda59df6ed2b98f8" +``` + +## References diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/tooling/00-protobuf.md b/copy-of-sdk-versioned_docs/version-0.47/build/tooling/00-protobuf.md new file mode 100644 index 00000000..ee1f444f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/tooling/00-protobuf.md @@ -0,0 +1,113 @@ +--- +sidebar_position: 1 +--- + +# Protocol Buffers + +It is known that Cosmos SDK uses protocol buffers extensively, this docuemnt is meant to provide a guide on how it is used in the cosmos-sdk. + +To generate the proto file, the Cosmos SDK uses a docker image, this image is provided to all to use as well. The latest version is `ghcr.io/cosmos/proto-builder:0.12.x` + +Below is the example of the Cosmos SDK's commands for generating, linting, and formatting protobuf files that can be reused in any applications makefile. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/Makefile#L411-L432 +``` + +The script used to generate the protobuf files can be found in the `scripts/` directory. + +```shell reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/scripts/protocgen.sh#L1-L37 +``` + +## Buf + +[Buf](https://buf.build) is a protobuf tool that abstracts the needs to use the complicated `protoc` toolchain on top of various other things that ensure you are using protobuf in accordance with the majority of the ecosystem. Within the cosmos-sdk repository there are a few files that have a buf prefix. Lets start with the top level and then dive into the various directories. + +### Workspace + +At the root level directory a workspace is defined using [buf workspaces](https://docs.buf.build/configuration/v1/buf-work-yaml). This helps if there are one or more protobuf containing directories in your project. + +Cosmos SDK example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/buf.work.yaml#L6-L9 +``` + +### Proto Directory + +Next is the `proto/` directory where all of our protobuf files live. In here there are many different buf files defined each serving a different purpose. + +```bash +├── 05-depinject.md +├── buf.gen.gogo.yaml +├── buf.gen.pulsar.yaml +├── buf.gen.swagger.yaml +├── buf.lock +├── buf.md +├── buf.yaml +├── cosmos +└── tendermint +``` + +The above diagram all the files and directories within the Cosmos SDK `proto/` directory. + +#### `buf.gen.gogo.yaml` + +`buf.gen.gogo.yaml` defines how the protobuf files should be generated for use with in the module. This file uses [gogoproto](https://github.com/gogo/protobuf), a separate generator from the google go-proto generator that makes working with various objects more ergonomic, and it has more performant encode and decode steps + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/buf.gen.gogo.yaml#L1-L9 +``` + +:::tip +Example of how to define `gen` files can be found [here](https://docs.buf.build/tour/generate-go-code) +::: + +#### `buf.gen.pulsar.yaml` + +`buf.gen.pulsar.yaml` defines how protobuf files should be generated using the [new golang apiv2 of protobuf](https://go.dev/blog/protobuf-apiv2). This generator is used instead of the google go-proto generator because it has some extra helpers for Cosmos SDK applications and will have more performant encode and decode than the google go-proto generator. You can follow the development of this generator [here](https://github.com/cosmos/cosmos-proto). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/buf.gen.pulsar.yaml#L1-L18 +``` + +:::tip +Example of how to define `gen` files can be found [here](https://docs.buf.build/tour/generate-go-code) +::: + +#### `buf.gen.swagger.yaml` + +`buf.gen.swagger.yaml` generates the swagger documentation for the query and messages of the chain. This will only define the REST API end points that were defined in the query and msg servers. You can find examples of this [here](https://github.com/cosmos/cosmos-sdk/blob/main/proto/cosmos/bank/v1beta1/query.proto#L19) + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/buf.gen.swagger.yaml#L1-L6 +``` + +:::tip +Example of how to define `gen` files can be found [here](https://docs.buf.build/tour/generate-go-code) +::: + +#### `buf.lock` + +This is a autogenerated file based off the dependencies required by the `.gen` files. There is no need to copy the current one. If you depend on cosmos-sdk proto definitions a new entry for the Cosmos SDK will need to be provided. The dependency you will need to use is `buf.build/cosmos/cosmos-sdk`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/buf.lock#L1-L16 +``` + +#### `buf.yaml` + +`buf.yaml` defines the [name of your package](https://github.com/cosmos/cosmos-sdk/blob/main/proto/buf.yaml#L3), which [breakage checker](https://docs.buf.build/tour/detect-breaking-changes) to use and how to [lint your protobuf files](https://docs.buf.build/tour/lint-your-api). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/buf.yaml#L1-L24 +``` + +We use a variety of linters for the Cosmos SDK protobuf files. The repo also checks this in ci. + +A reference to the github actions can be found [here](https://github.com/cosmos/cosmos-sdk/blob/main/.github/workflows/proto.yml#L1-L32) + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/.github/workflows/proto.yml#L1-L32 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/tooling/01-cosmovisor.md b/copy-of-sdk-versioned_docs/version-0.47/build/tooling/01-cosmovisor.md new file mode 100644 index 00000000..dae11c4b --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/tooling/01-cosmovisor.md @@ -0,0 +1,366 @@ +--- +sidebar_position: 1 +--- + +# Cosmovisor + +`cosmovisor` is a small process manager for Cosmos SDK application binaries that monitors the governance module for incoming chain upgrade proposals. If it sees a proposal that gets approved, `cosmovisor` can automatically download the new binary, stop the current binary, switch from the old binary to the new one, and finally restart the node with the new binary. + +* [Design](#design) +* [Contributing](#contributing) +* [Setup](#setup) + * [Installation](#installation) + * [Command Line Arguments And Environment Variables](#command-line-arguments-and-environment-variables) + * [Folder Layout](#folder-layout) +* [Usage](#usage) + * [Initialization](#initialization) + * [Detecting Upgrades](#detecting-upgrades) + * [Auto-Download](#auto-download) +* [Example: SimApp Upgrade](#example-simapp-upgrade) + * [Chain Setup](#chain-setup) + * [Prepare Cosmovisor and Start the Chain](#prepare-cosmovisor-and-start-the-chain) + * [Update App](#update-app) + +## Design + +Cosmovisor is designed to be used as a wrapper for a `Cosmos SDK` app: + +* it will pass arguments to the associated app (configured by `DAEMON_NAME` env variable). + Running `cosmovisor run arg1 arg2 ....` will run `app arg1 arg2 ...`; +* it will manage an app by restarting and upgrading if needed; +* it is configured using environment variables, not positional arguments. + +*Note: If new versions of the application are not set up to run in-place store migrations, migrations will need to be run manually before restarting `cosmovisor` with the new binary. For this reason, we recommend applications adopt in-place store migrations.* + +*Note: If validators would like to enable the auto-download option (which [we don't recommend](#auto-download)), and they are currently running an application using Cosmos SDK `v0.42`, they will need to use Cosmovisor [`v0.1`](https://github.com/cosmos/cosmos-sdk/releases/tag/cosmovisor%2Fv0.1.0). Later versions of Cosmovisor do not support Cosmos SDK `v0.44.3` or earlier if the auto-download option is enabled.* + +## Contributing + +Cosmovisor is part of the Cosmos SDK monorepo, but it's a separate module with it's own release schedule. + +Release branches have the following format `release/cosmovisor/vA.B.x`, where A and B are a number (e.g. `release/cosmovisor/v1.3.x`). Releases are tagged using the following format: `cosmovisor/vA.B.C`. + +## Setup + +### Installation + +You can download Cosmovisor from the [GitHub releases](https://github.com/cosmos/cosmos-sdk/releases/tag/cosmovisor%2Fv1.3.0). + +To install the latest version of `cosmovisor`, run the following command: + +```shell +go install cosmossdk.io/tools/cosmovisor/cmd/cosmovisor@latest +``` + +To install a previous version, you can specify the version. IMPORTANT: Chains that use Cosmos SDK v0.44.3 or earlier (eg v0.44.2) and want to use auto-download feature MUST use `cosmovisor v0.1.0` + +```shell +go install github.com/cosmos/cosmos-sdk/cosmovisor/cmd/cosmovisor@v0.1.0 +``` + +Run `cosmovisor version` to check the cosmovisor version. + +Alternatively, for building from source, simply run `make cosmovisor`. The binary will be located in `tools/cosmovisor`. + +:::warning +Building from source using `make cosmovisor` won't display the correct `cosmovisor` version. +::: + +### Command Line Arguments And Environment Variables + +The first argument passed to `cosmovisor` is the action for `cosmovisor` to take. Options are: + +* `help`, `--help`, or `-h` - Output `cosmovisor` help information and check your `cosmovisor` configuration. +* `run` - Run the configured binary using the rest of the provided arguments. +* `version` - Output the `cosmovisor` version and also run the binary with the `version` argument. + +All arguments passed to `cosmovisor run` will be passed to the application binary (as a subprocess). `cosmovisor` will return `/dev/stdout` and `/dev/stderr` of the subprocess as its own. For this reason, `cosmovisor run` cannot accept any command-line arguments other than those available to the application binary. + +*Note: Use of `cosmovisor` without one of the action arguments is deprecated. For backwards compatibility, if the first argument is not an action argument, `run` is assumed. However, this fallback might be removed in future versions, so it is recommended that you always provide `run`. + +`cosmovisor` reads its configuration from environment variables: + +* `DAEMON_HOME` is the location where the `cosmovisor/` directory is kept that contains the genesis binary, the upgrade binaries, and any additional auxiliary files associated with each binary (e.g. `$HOME/.gaiad`, `$HOME/.regend`, `$HOME/.simd`, etc.). +* `DAEMON_NAME` is the name of the binary itself (e.g. `gaiad`, `regend`, `simd`, etc.). +* `DAEMON_ALLOW_DOWNLOAD_BINARIES` (*optional*), if set to `true`, will enable auto-downloading of new binaries (for security reasons, this is intended for full nodes rather than validators). By default, `cosmovisor` will not auto-download new binaries. +* `DAEMON_RESTART_AFTER_UPGRADE` (*optional*, default = `true`), if `true`, restarts the subprocess with the same command-line arguments and flags (but with the new binary) after a successful upgrade. Otherwise (`false`), `cosmovisor` stops running after an upgrade and requires the system administrator to manually restart it. Note restart is only after the upgrade and does not auto-restart the subprocess after an error occurs. +* `DAEMON_RESTART_DELAY` (*optional*, default none), allow a node operator to define a delay between the node halt (for upgrade) and backup by the specified time. The value must be a duration (e.g. `1s`). +* `DAEMON_POLL_INTERVAL` (*optional*, default 300 milliseconds), is the interval length for polling the upgrade plan file. The value must be a duration (e.g. `1s`). +* `DAEMON_DATA_BACKUP_DIR` option to set a custom backup directory. If not set, `DAEMON_HOME` is used. +* `UNSAFE_SKIP_BACKUP` (defaults to `false`), if set to `true`, upgrades directly without performing a backup. Otherwise (`false`, default) backs up the data before trying the upgrade. The default value of false is useful and recommended in case of failures and when a backup needed to rollback. We recommend using the default backup option `UNSAFE_SKIP_BACKUP=false`. +* `DAEMON_PREUPGRADE_MAX_RETRIES` (defaults to `0`). The maximum number of times to call `pre-upgrade` in the application after exit status of `31`. After the maximum number of retries, Cosmovisor fails the upgrade. +* `COSMOVISOR_DISABLE_LOGS` (defaults to `false`). If set to true, this will disable Cosmovisor logs (but not the underlying process) completely. This may be useful, for example, when a Cosmovisor subcommand you are executing returns a valid JSON you are then parsing, as logs added by Cosmovisor make this output not a valid JSON. + +### Folder Layout + +`$DAEMON_HOME/cosmovisor` is expected to belong completely to `cosmovisor` and the subprocesses that are controlled by it. The folder content is organized as follows: + +```text +. +├── current -> genesis or upgrades/ +├── genesis +│   └── bin +│   └── $DAEMON_NAME +└── upgrades + └── + ├── bin + │   └── $DAEMON_NAME + └── upgrade-info.json +``` + +The `cosmovisor/` directory incudes a subdirectory for each version of the application (i.e. `genesis` or `upgrades/`). Within each subdirectory is the application binary (i.e. `bin/$DAEMON_NAME`) and any additional auxiliary files associated with each binary. `current` is a symbolic link to the currently active directory (i.e. `genesis` or `upgrades/`). The `name` variable in `upgrades/` is the lowercased URI-encoded name of the upgrade as specified in the upgrade module plan. Note that the upgrade name path are normalized to be lowercased: for instance, `MyUpgrade` is normalized to `myupgrade`, and its path is `upgrades/myupgrade`. + +Please note that `$DAEMON_HOME/cosmovisor` only stores the *application binaries*. The `cosmovisor` binary itself can be stored in any typical location (e.g. `/usr/local/bin`). The application will continue to store its data in the default data directory (e.g. `$HOME/.gaiad`) or the data directory specified with the `--home` flag. `$DAEMON_HOME` is independent of the data directory and can be set to any location. If you set `$DAEMON_HOME` to the same directory as the data directory, you will end up with a configuation like the following: + +```text +.gaiad +├── config +├── data +└── cosmovisor +``` + +## Usage + +The system administrator is responsible for: + +* installing the `cosmovisor` binary +* configuring the host's init system (e.g. `systemd`, `launchd`, etc.) +* appropriately setting the environmental variables +* creating the `/cosmovisor` directory +* creating the `/cosmovisor/genesis/bin` folder +* creating the `/cosmovisor/upgrades//bin` folders +* placing the different versions of the `` executable in the appropriate `bin` folders. + +`cosmovisor` will set the `current` link to point to `genesis` at first start (i.e. when no `current` link exists) and then handle switching binaries at the correct points in time so that the system administrator can prepare days in advance and relax at upgrade time. + +In order to support downloadable binaries, a tarball for each upgrade binary will need to be packaged up and made available through a canonical URL. Additionally, a tarball that includes the genesis binary and all available upgrade binaries can be packaged up and made available so that all the necessary binaries required to sync a fullnode from start can be easily downloaded. + +The `DAEMON` specific code and operations (e.g. cometBFT config, the application db, syncing blocks, etc.) all work as expected. The application binaries' directives such as command-line flags and environment variables also work as expected. + +### Initialization + +The `cosmovisor init ` command creates the folder structure required for using cosmovisor. + +It does the following: + +* creates the `/cosmovisor` folder if it doesn't yet exist +* creates the `/cosmovisor/genesis/bin` folder if it doesn't yet exist +* copies the provided executable file to `/cosmovisor/genesis/bin/` +* creates the `current` link, pointing to the `genesis` folder + +It uses the `DAEMON_HOME` and `DAEMON_NAME` environment variables for folder location and executable name. + +The `cosmovisor init` command is specifically for initializing cosmovisor, and should not be confused with a chain's `init` command (e.g. `cosmovisor run init`). + +### Detecting Upgrades + +`cosmovisor` is polling the `$DAEMON_HOME/data/upgrade-info.json` file for new upgrade instructions. The file is created by the x/upgrade module in `BeginBlocker` when an upgrade is detected and the blockchain reaches the upgrade height. +The following heuristic is applied to detect the upgrade: + +* When starting, `cosmovisor` doesn't know much about currently running upgrade, except the binary which is `current/bin/`. It tries to read the `current/update-info.json` file to get information about the current upgrade name. +* If neither `cosmovisor/current/upgrade-info.json` nor `data/upgrade-info.json` exist, then `cosmovisor` will wait for `data/upgrade-info.json` file to trigger an upgrade. +* If `cosmovisor/current/upgrade-info.json` doesn't exist but `data/upgrade-info.json` exists, then `cosmovisor` assumes that whatever is in `data/upgrade-info.json` is a valid upgrade request. In this case `cosmovisor` tries immediately to make an upgrade according to the `name` attribute in `data/upgrade-info.json`. +* Otherwise, `cosmovisor` waits for changes in `upgrade-info.json`. As soon as a new upgrade name is recorded in the file, `cosmovisor` will trigger an upgrade mechanism. + +When the upgrade mechanism is triggered, `cosmovisor` will: + +1. if `DAEMON_ALLOW_DOWNLOAD_BINARIES` is enabled, start by auto-downloading a new binary into `cosmovisor//bin` (where `` is the `upgrade-info.json:name` attribute); +2. update the `current` symbolic link to point to the new directory and save `data/upgrade-info.json` to `cosmovisor/current/upgrade-info.json`. + +### Auto-Download + +Generally, `cosmovisor` requires that the system administrator place all relevant binaries on disk before the upgrade happens. However, for people who don't need such control and want an automated setup (maybe they are syncing a non-validating fullnode and want to do little maintenance), there is another option. + +**NOTE: we don't recommend using auto-download** because it doesn't verify in advance if a binary is available. If there will be any issue with downloading a binary, the cosmovisor will stop and won't restart an App (which could lead to a chain halt). + +If `DAEMON_ALLOW_DOWNLOAD_BINARIES` is set to `true`, and no local binary can be found when an upgrade is triggered, `cosmovisor` will attempt to download and install the binary itself based on the instructions in the `info` attribute in the `data/upgrade-info.json` file. The files is constructed by the x/upgrade module and contains data from the upgrade `Plan` object. The `Plan` has an info field that is expected to have one of the following two valid formats to specify a download: + +1. Store an os/architecture -> binary URI map in the upgrade plan info field as JSON under the `"binaries"` key. For example: + + ```json + { + "binaries": { + "linux/amd64":"https://example.com/gaia.zip?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f" + } + } + ``` + + You can include multiple binaries at once to ensure more than one environment will receive the correct binaries: + + ```json + { + "binaries": { + "linux/amd64":"https://example.com/gaia.zip?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f", + "linux/arm64":"https://example.com/gaia.zip?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f", + "darwin/amd64":"https://example.com/gaia.zip?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f" + } + } + ``` + + When submitting this as a proposal ensure there are no spaces. An example command using `gaiad` could look like: + + ```shell + > gaiad tx upgrade software-upgrade Vega \ + --title Vega \ + --deposit 100uatom \ + --upgrade-height 7368420 \ + --upgrade-info '{"binaries":{"linux/amd64":"https://github.com/cosmos/gaia/releases/download/v6.0.0-rc1/gaiad-v6.0.0-rc1-linux-amd64","linux/arm64":"https://github.com/cosmos/gaia/releases/download/v6.0.0-rc1/gaiad-v6.0.0-rc1-linux-arm64","darwin/amd64":"https://github.com/cosmos/gaia/releases/download/v6.0.0-rc1/gaiad-v6.0.0-rc1-darwin-amd64"}}' \ + --summary "upgrade to Vega" \ + --gas 400000 \ + --from user \ + --chain-id test \ + --home test/val2 \ + --node tcp://localhost:36657 \ + --yes + ``` + +2. Store a link to a file that contains all information in the above format (e.g. if you want to specify lots of binaries, changelog info, etc. without filling up the blockchain). For example: + + ```text + https://example.com/testnet-1001-info.json?checksum=sha256:deaaa99fda9407c4dbe1d04bd49bab0cc3c1dd76fa392cd55a9425be074af01e + ``` + +When `cosmovisor` is triggered to download the new binary, `cosmovisor` will parse the `"binaries"` field, download the new binary with [go-getter](https://github.com/hashicorp/go-getter), and unpack the new binary in the `upgrades/` folder so that it can be run as if it was installed manually. + +Note that for this mechanism to provide strong security guarantees, all URLs should include a SHA 256/512 checksum. This ensures that no false binary is run, even if someone hacks the server or hijacks the DNS. `go-getter` will always ensure the downloaded file matches the checksum if it is provided. `go-getter` will also handle unpacking archives into directories (in this case the download link should point to a `zip` file of all data in the `bin` directory). + +To properly create a sha256 checksum on linux, you can use the `sha256sum` utility. For example: + +```shell +sha256sum ./testdata/repo/zip_directory/autod.zip +``` + +The result will look something like the following: `29139e1381b8177aec909fab9a75d11381cab5adf7d3af0c05ff1c9c117743a7`. + +You can also use `sha512sum` if you would prefer to use longer hashes, or `md5sum` if you would prefer to use broken hashes. Whichever you choose, make sure to set the hash algorithm properly in the checksum argument to the URL. + +## Example: SimApp Upgrade + +The following instructions provide a demonstration of `cosmovisor` using the simulation application (`simapp`) shipped with the Cosmos SDK's source code. The following commands are to be run from within the `cosmos-sdk` repository. + +### Chain Setup + +Let's create a new chain using the `v0.44` version of simapp (the Cosmos SDK demo app): + +```shell +git checkout v0.44.6 +make build +``` + +Clean `~/.simapp` (never do this in a production environment): + +```shell +./build/simd unsafe-reset-all +``` + +Set up app config: + +```shell +./build/simd config set client chain-id test +./build/simd config set client keyring-backend test +./build/simd config set client broadcast-mode sync +``` + +Initialize the node and overwrite any previous genesis file (never do this in a production environment): + + + +```shell +./build/simd init test --chain-id test --overwrite +``` + +Set the minimum gas price to `0stake` in `~/.simapp/config/app.toml`: + +```shell +minimum-gas-prices = "0stake" +``` + +For the sake of this demonstration, amend `voting_period` in `genesis.json` to a reduced time of 20 seconds (`20s`): + +```shell +cat <<< $(jq '.app_state.gov.voting_params.voting_period = "20s"' $HOME/.simapp/config/genesis.json) > $HOME/.simapp/config/genesis.json +``` + +Create a validator, and setup genesis transaction: + +```shell +./build/simd keys add validator +./build/simd genesis add-genesis-account validator 1000000000stake --keyring-backend test +./build/simd genesis gentx validator 1000000stake --chain-id test +./build/simd genesis collect-gentxs +``` + +#### Prepare Cosmovisor and Start the Chain + +Set the required environment variables: + +```shell +export DAEMON_NAME=simd +export DAEMON_HOME=$HOME/.simapp +``` + +Set the optional environment variable to trigger an automatic app restart: + +```shell +export DAEMON_RESTART_AFTER_UPGRADE=true +``` + +Create the folder for the genesis binary and copy the `simd` binary: + +```shell +mkdir -p $DAEMON_HOME/cosmovisor/genesis/bin +cp ./build/simd $DAEMON_HOME/cosmovisor/genesis/bin +``` + +Now you can run cosmovisor with simapp v0.44: + +```shell +cosmovisor run start +``` + +#### Update App + +Update app to the latest version (e.g. v0.45). + +Next, we can add a migration - which is defined using `x/upgrade` [upgrade plan](https://github.com/cosmos/cosmos-sdk/blob/main/docs/advanced/13-upgrade.md) (you may refer to a past version if you are using an older Cosmos SDK release). In a migration we can do any deterministic state change. + +Build the new version `simd` binary: + +```shell +make build +``` + +Create the folder for the upgrade binary and copy the `simd` binary: + +```shell +mkdir -p $DAEMON_HOME/cosmovisor/upgrades/test1/bin +cp ./build/simd $DAEMON_HOME/cosmovisor/upgrades/test1/bin +``` + +Open a new terminal window and submit an upgrade proposal along with a deposit and a vote (these commands must be run within 20 seconds of each other): + +**<= v0.45**: + +```shell +./build/simd tx gov submit-proposal software-upgrade test1 --title upgrade --description upgrade --upgrade-height 200 --from validator --yes +./build/simd tx gov deposit 1 10000000stake --from validator --yes +./build/simd tx gov vote 1 yes --from validator --yes +``` + +**v0.46, v0.47**: + +```shell +./build/simd tx gov submit-legacy-proposal software-upgrade test1 --title upgrade --description upgrade --upgrade-height 200 --from validator --yes +./build/simd tx gov deposit 1 10000000stake --from validator --yes +./build/simd tx gov vote 1 yes --from validator --yes +``` + +**>= v0.48+**: + +```shell +./build/simd tx upgrade software-upgrade test1 --title upgrade --summary upgrade --upgrade-height 200 --from validator --yes +./build/simd tx gov deposit 1 10000000stake --from validator --yes +./build/simd tx gov vote 1 yes --from validator --yes +``` + +The upgrade will occur automatically at height 200. Note: you may need to change the upgrade height in the snippet above if your test play takes more time. diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/tooling/02-confix.md b/copy-of-sdk-versioned_docs/version-0.47/build/tooling/02-confix.md new file mode 100644 index 00000000..19c637ba --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/tooling/02-confix.md @@ -0,0 +1,130 @@ +--- +sidebar_position: 1 +--- + +# Confix + +`Confix` is a configuration management tool that allows you to manage your configuration via CLI. + +It is based on the [CometBFT RFC 019](https://github.com/cometbft/cometbft/blob/5013bc3f4a6d64dcc2bf02ccc002ebc9881c62e4/docs/rfc/rfc-019-config-version.md). + +## Installation + +### Add Config Command + +To add the confix tool, it's required to add the `ConfigCommand` to your application's root command file (e.g. `simd/cmd/root.go`). + +Import the `confixCmd` package: + +```go +import "cosmossdk.io/tools/confix/cmd" +``` + +Find the following line: + +```go +initRootCmd(rootCmd, encodingConfig) +``` + +After that line, add the following: + +```go +rootCmd.AddCommand( + confixcmd.ConfigCommand(), +) +``` + +The `ConfixCommand` function builds the `config` root command and is defined in the `confixCmd` package (`cosmossdk.io/tools/confix/cmd`). +An implementation example can be found in `simapp`. + +The command will be available as `simd config`. + +### Using Confix Standalone + +To use Confix standalone, without having to add it in your application, install it with the following command: + +```bash +go install cosmossdk.io/tools/confix/cmd/confix@latest +``` + +:::warning +Currently, due to the replace directive in the Confix go.mod, it is not possible to use `go install`. +Building from source or importing in an application is required until that replace directive is removed. +::: + +Alternatively, for building from source, simply run `make confix`. The binary will be located in `tools/confix`. + +## Usage + +Use standalone: + +```shell +confix --help +``` + +Use in simd: + +```shell +simd config fix --help +``` + +### Get + +Get a configuration value, e.g.: + +```shell +simd config get app pruning # gets the value pruning from app.toml +simd config get client chain-id # gets the value chain-id from client.toml +``` + +```shell +confix get ~/.simapp/config/app.toml pruning # gets the value pruning from app.toml +confix get ~/.simapp/config/client.toml chain-id # gets the value chain-id from client.toml +``` + +### Set + +Set a configuration value, e.g.: + +```shell +simd config set app pruning "enabled" # sets the value pruning from app.toml +simd config set client chain-id "foo-1" # sets the value chain-id from client.toml +``` + +```shell +confix set ~/.simapp/config/app.toml pruning "enabled" # sets the value pruning from app.toml +confix set ~/.simapp/config/client.toml chain-id "foo-1" # sets the value chain-id from client.toml +``` + +### Migrate + +Migrate a configuration file to a new version, e.g.: + +```shell +simd config migrate v0.47 # migrates defaultHome/config/app.toml to the latest v0.47 config +``` + +```shell +confix migrate v0.47 ~/.simapp/config/app.toml # migrate ~/.simapp/config/app.toml to the latest v0.47 config +``` + +### Diff + +Get the diff between a given configuration file and the default configuration file, e.g.: + +```shell +simd config diff v0.47 # gets the diff between defaultHome/config/app.toml and the latest v0.47 config +``` + +```shell +confix diff v0.47 ~/.simapp/config/app.toml # gets the diff between ~/.simapp/config/app.toml and the latest v0.47 config +``` + +### Maintainer + +At each SDK modification of the default configuration, add the default SDK config under `data/v0.XX-app.toml`. +This allows users to use the tool standalone. + +## Credits + +This project is based on the [CometBFT RFC 019](https://github.com/cometbft/cometbft/blob/5013bc3f4a6d64dcc2bf02ccc002ebc9881c62e4/docs/rfc/rfc-019-config-version.md) and their own implementation of [confix](https://github.com/cometbft/cometbft/blob/v0.36.x/scripts/confix/confix.go). diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/tooling/03-autocli.md b/copy-of-sdk-versioned_docs/version-0.47/build/tooling/03-autocli.md new file mode 100644 index 00000000..5b50774c --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/tooling/03-autocli.md @@ -0,0 +1,157 @@ +--- +sidebar_position: 1 +--- + + +# AutoCLI + +:::note Synopsis +This document details how to build CLI and REST interfaces for a module. Examples from various Cosmos SDK modules are included. +::: + +:::note + +## Pre-requisite Readings + +* [Building Modules Intro](../building-modules/00-intro.md) + +::: + +The `autocli` package is a [Go library](https://pkg.go.dev/cosmossdk.io/client/v2/autocli) for generating CLI (command line interface) interfaces for Cosmos SDK-based applications. It provides a simple way to add CLI commands to your application by generating them automatically based on your gRPC service definitions. Autocli generates CLI commands and flags directly from your protobuf messages, including options, input parameters, and output parameters. This means that you can easily add a CLI interface to your application without having to manually create and manage commands. + +## Getting Started + +Here are the steps to use the `autocli` package: + +1. Define your app's modules that implement the `appmodule.AppModule` interface. +2. Configure how behave `autocli` command generation, by implementing the `func (am AppModule) AutoCLIOptions() *autocliv1.ModuleOptions` method on the module. Learn more [here](#advanced-usage). +3. Use the `autocli.AppOptions` struct to specifies the modules you defined. If you are using the `depinject` package to manage your app's dependencies, it can automatically create an instance of `autocli.AppOptions` based on your app's configuration. +4. Use the `EnhanceRootCommand()` method provided by `autocli` to add the CLI commands for the specified modules to your root command and can also be found in the `client/v2/autocli/app.go` file. Additionally, this method adds the `autocli` functionality to your app's root command. This method is additive only, meaning that it does not create commands if they are already registered for a module. Instead, it adds any missing commands to the root command. + +Here's an example of how to use `autocli`: + +``` go +// Define your app's modules +testModules := map[string]appmodule.AppModule{ + "testModule": &TestModule{}, +} + +// Define the autocli AppOptions +autoCliOpts := autocli.AppOptions{ + Modules: testModules, +} + +// Get the root command +rootCmd := &cobra.Command{ + Use: "app", +} + +// Enhance the root command with autocli +autocli.EnhanceRootCommand(rootCmd, autoCliOpts) + +// Run the root command +if err := rootCmd.Execute(); err != nil { + fmt.Println(err) +} +``` + +## Flags + +`autocli` generates flags for each field in a protobuf message. By default, the names of the flags are generated based on the names of the fields in the message. You can customise the flag names using the `namingOptions` parameter of the `Builder.AddMessageFlags()` method. + +To define flags for a message, you can use the `Builder.AddMessageFlags()` method. This method takes the `cobra.Command` instance and the message type as input, and generates flags for each field in the message. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/1ac260cb1c6f05666f47e67f8b2cfd6229a55c3b/client/v2/autocli/common.go#L44-L49 +``` + +The `binder` variable returned by the `AddMessageFlags()` method is used to bind the command-line arguments to the fields in the message. + +You can also customise the behavior of the flags using the `namingOptions` parameter of the `Builder.AddMessageFlags()` method. This parameter allows you to specify a custom prefix for the flags, and to specify whether to generate flags for repeated fields and whether to generate flags for fields with default values. + +## Commands and Queries + +The `autocli` package generates CLI commands and flags for each method defined in your gRPC service. By default, it generates commands for each RPC method that does not return a stream of messages. The commands are named based on the name of the service method. + +For example, given the following protobuf definition for a service: + +```protobuf +service MyService { + rpc MyMethod(MyRequest) returns (MyResponse) {} +} +``` + +`autocli` will generate a command named `my-method` for the `MyMethod` method. The command will have flags for each field in the `MyRequest` message. + +If you want to customise the behavior of a command, you can define a custom command by implementing the `autocli.Command` interface. You can then register the command with the `autocli.Builder` instance for your application. + +Similarly, you can define a custom query by implementing the `autocli.Query` interface. You can then register the query with the `autocli.Builder` instance for your application. + +To add a custom command or query, you can use the `Builder.AddCustomCommand` or `Builder.AddCustomQuery` methods, respectively. These methods take a `cobra.Command` or `cobra.Command` instance, respectively, which can be used to define the behavior of the command or query. + +## Advanced Usage + +### Specifying Subcommands + +By default, `autocli` generates a command for each method in your gRPC service. However, you can specify subcommands to group related commands together. To specify subcommands, you can use the `autocliv1.ServiceCommandDescriptor` struct. + +This example shows how to use the `autocliv1.ServiceCommandDescriptor` struct to group related commands together and specify subcommands in your gRPC service by defining an instance of `autocliv1.ModuleOptions` in your `autocli.go` file. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/bcdf81cbaf8d70c4e4fa763f51292d54aed689fd/x/gov/autocli.go#L9-L27 +``` + +The `AutoCLIOptions()` method in the autocli package allows you to specify the services and sub-commands to be mapped for your app. In the example code, an instance of the `autocliv1.ModuleOptions` struct is defined in the `appmodule.AppModule` implementation located in the `x/gov/autocli.go` file. This configuration groups related commands together and specifies subcommands for each service. + +### Positional Arguments + +Positional arguments are arguments that are passed to a command without being specified as a flag. They are typically used for providing additional context to a command, such as a filename or search query. + +To add positional arguments to a command, you can use the `autocliv1.PositionalArgDescriptor` struct, as seen in the example below. You need to specify the `ProtoField` parameter, which is the name of the protobuf field that should be used as the positional argument. In addition, if the parameter is a variable-length argument, you can specify the `Varargs` parameter as `true`. This can only be applied to the last positional parameter, and the `ProtoField` must be a repeated field. + +Here's an example of how to define a positional argument for the `Account` method of the `auth` service: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/bcdf81cbaf8d70c4e4fa763f51292d54aed689fd/x/auth/autocli.go#L8-L32 +``` + +Here are some example commands that use the positional arguments we defined above: + +To query an account by address: + +```bash + query auth account cosmos1abcd...xyz +``` + +To query an account address by account number: + +```bash + query auth address-by-acc-num 1 +``` + +In both of these commands, the `auth` service is being queried with the `query` subcommand, followed by the specific method being called (`account` or `address-by-acc-num`). The positional argument is included at the end of the command (`cosmos1abcd...xyz` or `1`) to specify the address or account number, respectively. + +### Customising Flag Names + +By default, `autocli` generates flag names based on the names of the fields in your protobuf message. However, you can customise the flag names by providing a `FlagOptions` parameter to the `Builder.AddMessageFlags()` method. This parameter allows you to specify custom names for flags based on the names of the message fields. For example, if you have a message with the fields `test` and `test1`, you can use the following naming options to customise the flags + +``` go +options := autocliv1.RpcCommandOptions{ + FlagOptions: map[string]*autocliv1.FlagOptions{ + "test": { Name: "custom_name", }, + "test1": { Name: "other_name", }, + }, +} + +builder.AddMessageFlags(message, options) +``` + +Note that `autocliv1.RpcCommandOptions` is a field of the `autocliv1.ServiceCommandDescriptor` struct, which is defined in the `autocliv1` package. To use this option, you can define an instance of `autocliv1.ModuleOptions` in your `appmodule.AppModule` implementation and specify the `FlagOptions` for the relevant service command descriptor. + +## Conclusion + +`autocli` is a powerful tool for adding CLI interfaces to your Cosmos SDK-based applications. It allows you to easily generate CLI commands and flags from your protobuf messages, and provides many options for customising the behavior of your CLI application. + +To further enhance your CLI experience with Cosmos SDK-based blockchains, you can use `Hubl`. `Hubl` is a tool that allows you to query any Cosmos SDK-based blockchain using the new AutoCLI feature of the Cosmos SDK. With hubl, you can easily configure a new chain and query modules with just a few simple commands. + +For more information on `Hubl`, including how to configure a new chain and query a module, see the [Hubl documentation](https://docs.cosmos.network/main/tooling/hubl). diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/tooling/04-hubl.md b/copy-of-sdk-versioned_docs/version-0.47/build/tooling/04-hubl.md new file mode 100644 index 00000000..97d02921 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/tooling/04-hubl.md @@ -0,0 +1,73 @@ +--- +sidebar_position: 1 +--- + +# Hubl + +`Hubl` is a tool that allows you to query any Cosmos SDK based blockchain. +It takes advantage of the new [AutoCLI](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/client/v2@v2.0.0-20220916140313-c5245716b516/cli) feature of the Cosmos SDK. + +## Installation + +Hubl can be installed using `go install`: + +```shell +go install cosmossdk.io/tools/hubl/cmd/hubl@latest +``` + +Or build from source: + +```shell +git clone --depth=1 https://github.com/cosmos/cosmos-sdk +make hubl +``` + +The binary will be located in `tools/hubl`. + +## Usage + +```shell +hubl --help +``` + +### Add chain + +To configure a new chain just run this command using the --init flag and the name of the chain as it's listed in the chain registry (). + +If the chain is not listed in the chain registry, you can use any unique name. + +```shell +hubl init [chain-name] +hubl init regen +``` + +The chain configuration is stored in `~/.hubl/config.toml`. + +:::tip + +When using an unsecure gRPC endpoint, change the `insecure` field to `true` in the config file. + +```toml +[chains] +[chains.regen] +[[chains.regen.trusted-grpc-endpoints]] +endpoint = 'localhost:9090' +insecure = true +``` + +Or use the `--insecure` flag: + +```shell +hubl init regen --insecure +``` + +::: + +### Query + +To query a chain, you can use the `query` command. +Then specify which module you want to query and the query itself. + +```shell +hubl regen query auth module-accounts +``` diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/tooling/05-depinject.md b/copy-of-sdk-versioned_docs/version-0.47/build/tooling/05-depinject.md new file mode 100644 index 00000000..17eb6287 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/tooling/05-depinject.md @@ -0,0 +1,169 @@ +--- +sidebar_position: 1 +--- + +# Depinject + +> **DISCLAIMER**: This is a **beta** package. The SDK team is actively working on this feature and we are looking for feedback from the community. Please try it out and let us know what you think. + +## Overview + +`depinject` is a dependency injection framework for the Cosmos SDK. This module together with `core/appconfig` are meant to simplify the definition of a blockchain by replacing most of `app.go`'s boilerplate code with a configuration file (Go, YAML or JSON). + +* [Go Doc](https://pkg.go.dev/cosmossdk.io/depinject) + +## Usage + +`depinject` includes an expressive and composable [Configuration API](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/depinject#Config). +A core configuration function is `Provide`. The example below demonstrates the registration of free **provider functions** via the `Provide` API. + + +```go +package main + +import ( + "fmt" + + "cosmossdk.io/depinject" +) + +type AnotherInt int + +func main() { + var ( + x int + y AnotherInt + ) + + fmt.Printf("Before (%v, %v)\n", x, y) + depinject.Inject( + depinject.Provide( + func() int { return 1 }, + func() AnotherInt { return AnotherInt(2) }, + ), + &x, + &y, + ) + fmt.Printf("After (%v, %v)\n", x, y) +} +``` + +Provider functions form the basis of the dependency tree, they are introspected then their inputs identified as dependencies and outputs as dependants, either for another provider function or state stored outside the DI container, as is the case of `&x` and `&y` above. + +### Interface type resolution + +`depinject` supports interface types as inputs to provider functions. In the SDK's case this pattern is used to decouple +`Keeper` dependencies between modules. For example `x/bank` expects an [AccountKeeper](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/x/bank/types#AccountKeeper) interface as [input to ProvideModule](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/bank/module.go#L208-L260). + +Concretely `SimApp` uses the implementation in `x/auth`, but this design allows for this loose coupling to change. + +Given the following types: + +```go +package duck + +type Duck interface { + quack() +} + +type AlsoDuck interface { + quack() +} + +type Mallard struct{} +type Canvasback struct{} + +func (duck Mallard) quack() {} +func (duck Canvasback) quack() {} + +type Pond struct { + Duck AlsoDuck +} +``` + +This usage + +```go +var pond Pond + +depinject.Inject( + depinject.Provide( + func() Mallard { return Mallard{} }, + func(duck Duck) Pond { + return Pond{Duck: duck} + }), + &pond) +``` + +results in an *implicit* binding of `Duck` to `Mallard`. This works because there is only one implementation of `Duck` in the container. +However, adding a second provider of `Duck` will result in an error: + +```go +var pond Pond + +depinject.Inject( + depinject.Provide( + func() Mallard { return Mallard{} }, + func() Canvasback { return Canvasback{} }, + func(duck Duck) Pond { + return Pond{Duck: duck} + }), + &pond) +``` + +A specific binding preference for `Duck` is required. + +#### `BindInterface` API + +In the above situation registering a binding for a given interface binding may look like + +```go +depinject.Inject( + depinject.Configs( + depinject.BindInterface( + "duck.Duck", + "duck.Mallard"), + depinject.Provide( + func() Mallard { return Mallard{} }, + func() Canvasback { return Canvasback{} }, + func(duck Duck) APond { + return Pond{Duck: duck} + })), + &pond) +``` + +Now `depinject` has enough information to provide `Mallard` as an input to `APond`. + +### Full example in real app + +:::warning +When using `depinject.Inject`, the injected types must be pointers. +::: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/app_v2.go#L219-L244 +``` + +## Debugging + +Issues with resolving dependencies in the container can be done with logs and [Graphviz](https://graphviz.org) renderings of the container tree. +By default, whenever there is an error, logs will be printed to stderr and a rendering of the dependency graph in Graphviz DOT format will be saved to `debug_container.dot`. + +Here is an example Graphviz rendering of a successful build of a dependency graph: +![Graphviz Example](https://raw.githubusercontent.com/cosmos/cosmos-sdk/ff39d243d421442b400befcd959ec3ccd2525154/depinject/testdata/example.svg) + +Rectangles represent functions, ovals represent types, rounded rectangles represent modules and the single hexagon +represents the function which called `Build`. Black-colored shapes mark functions and types that were called/resolved +without an error. Gray-colored nodes mark functions and types that could have been called/resolved in the container but +were left unused. + +Here is an example Graphviz rendering of a dependency graph build which failed: +![Graphviz Error Example](https://raw.githubusercontent.com/cosmos/cosmos-sdk/ff39d243d421442b400befcd959ec3ccd2525154/depinject/testdata/example_error.svg) + +Graphviz DOT files can be converted into SVG's for viewing in a web browser using the `dot` command-line tool, ex: + +```txt +dot -Tsvg debug_container.dot > debug_container.svg +``` + +Many other tools including some IDEs support working with DOT files. diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/tooling/README.md b/copy-of-sdk-versioned_docs/version-0.47/build/tooling/README.md new file mode 100644 index 00000000..5ecdef85 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/tooling/README.md @@ -0,0 +1,11 @@ +--- +sidebar_position: 0 +--- + +# Tools + +This section provides documentation on various tooling used in development of a Cosmos SDK chain, operating a node and testing. + +* [Protocol Buffers](./00-protobuf.md) +* [Cosmovisor](./01-cosmovisor.md) +* [Confix](./02-confix.md) diff --git a/copy-of-sdk-versioned_docs/version-0.47/build/tooling/_category_.json b/copy-of-sdk-versioned_docs/version-0.47/build/tooling/_category_.json new file mode 100644 index 00000000..a01a4fcc --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.47/build/tooling/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Tooling", + "position": 10, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/_category_.json b/copy-of-sdk-versioned_docs/version-0.50/build/_category_.json new file mode 100644 index 00000000..9f308823 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Build", + "position": 0, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/abci/00-introduction.md b/copy-of-sdk-versioned_docs/version-0.50/build/abci/00-introduction.md new file mode 100644 index 00000000..5eef47e1 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/abci/00-introduction.md @@ -0,0 +1,51 @@ +# Introduction + +## What is ABCI? + +ABC, Application Blockchain Interface is the interface between CometBFT and the application, more information about ABCI can be found [here](https://docs.cometbft.com/v0.38/spec/abci/). Within the release of ABCI 2.0 for the 0.38 CometBFT release there were additional methods introduced. + +The 5 methods introduced during ABCI 2.0 are: + +* `PrepareProposal` +* `ProcessProposal` +* `ExtendVote` +* `VerifyVoteExtension` +* `FinalizeBlock` + + +## The Flow + +## PrepareProposal + +Based on their voting power, CometBFT chooses a block proposer and calls `PrepareProposal` on the block proposer's application (Cosmos SDK). The selected block proposer is responsible for collecting outstanding transactions from the mempool, adhering to the application's specifications. The application can enforce custom transaction ordering and incorporate additional transactions, potentially generated from vote extensions in the previous block. + +To perform this manipulation on the application side, a custom handler must be implemented. By default, the Cosmos SDK provides `PrepareProposalHandler`, used in conjunction with an application specific mempool. A custom handler can be written by application developer, if a noop handler provided, all transactions are considered valid. Please see [this](https://github.com/fatal-fruit/abci-workshop) tutorial for more information on custom handlers. + +Please note that vote extensions will only be available on the following height in which vote extensions are enabled. More information about vote extensions can be found [here](https://docs.cosmos.network/main/build/abci/03-vote-extensions.md). + +After creating the proposal, the proposer returns it to CometBFT. + +PrepareProposal CAN be non-deterministic. + +## ProcessProposal + +This method allows validators to perform application-specific checks on the block proposal and is called on all validators. This is an important step in the consensus process, as it ensures that the block is valid and meets the requirements of the application. For example, validators could check that the block contains all the required transactions or that the block does not create any invalid state transitions. + +The implementation of `ProcessProposal` MUST be deterministic. + +## ExtendVote and VerifyVoteExtensions + +These methods allow applications to extend the voting process by requiring validators to perform additional actions beyond simply validating blocks. + +If vote extensions are enabled, `ExtendVote` will be called on every validator and each one will return its vote extension which is in practice a bunch of bytes. As mentioned above this data (vote extension) can only be retrieved in the next block height during `PrepareProposal`. Additionally, this data can be arbitrary, but in the provided tutorials, it serves as an oracle or proof of transactions in the mempool. Essentially, vote extensions are processed and injected as transactions. Examples of use-cases for vote extensions include prices for a price oracle or encryption shares for an encrypted transaction mempool. `ExtendVote` CAN be non-deterministic. + +`VerifyVoteExtensions` is performed on every validator multiple times in order to verify other validators' vote extensions. This check is submitted to validate the integrity and validity of the vote extensions preventing malicious or invalid vote extensions. + +Additionally, applications must keep the vote extension data concise as it can degrade the performance of their chain, see testing results [here](https://docs.cometbft.com/v0.38/qa/cometbft-qa-38#vote-extensions-testbed). + +`VerifyVoteExtensions` MUST be deterministic. + + +## FinalizeBlock + +`FinalizeBlock` is then called and is responsible for updating the state of the blockchain and making the block available to users diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/abci/01-prepare-proposal.md b/copy-of-sdk-versioned_docs/version-0.50/build/abci/01-prepare-proposal.md new file mode 100644 index 00000000..b3824350 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/abci/01-prepare-proposal.md @@ -0,0 +1,45 @@ +# Prepare Proposal + +`PrepareProposal` handles construction of the block, meaning that when a proposer +is preparing to propose a block, it requests the application to evaluate a +`RequestPrepareProposal`, which contains a series of transactions from CometBFT's +mempool. At this point, the application has complete control over the proposal. +It can modify, delete, and inject transactions from its own app-side mempool into +the proposal or even ignore all the transactions altogether. What the application +does with the transactions provided to it by `RequestPrepareProposal` has no +effect on CometBFT's mempool. + +Note, that the application defines the semantics of the `PrepareProposal` and it +MAY be non-deterministic and is only executed by the current block proposer. + +Now, reading mempool twice in the previous sentence is confusing, lets break it down. +CometBFT has a mempool that handles gossiping transactions to other nodes +in the network. The order of these transactions is determined by CometBFT's mempool, +using FIFO as the sole ordering mechanism. It's worth noting that the priority mempool +in Comet was removed or deprecated. +However, since the application is able to fully inspect +all transactions, it can provide greater control over transaction ordering. +Allowing the application to handle ordering enables the application to define how +it would like the block constructed. + +The Cosmos SDK defines the `DefaultProposalHandler` type, which provides applications with +`PrepareProposal` and `ProcessProposal` handlers. If you decide to implement your +own `PrepareProposal` handler, you must be sure to ensure that the transactions +selected DO NOT exceed the maximum block gas (if set) and the maximum bytes provided +by `req.MaxBytes`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/baseapp/abci_utils.go +``` + +This default implementation can be overridden by the application developer in +favor of a custom implementation in [`app.go`](./01-app-go-v2.md): + +```go +prepareOpt := func(app *baseapp.BaseApp) { +abciPropHandler := baseapp.NewDefaultProposalHandler(mempool, app) +app.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) +} + +baseAppOptions = append(baseAppOptions, prepareOpt) +``` \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/abci/02-process-proposal.md b/copy-of-sdk-versioned_docs/version-0.50/build/abci/02-process-proposal.md new file mode 100644 index 00000000..815c093f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/abci/02-process-proposal.md @@ -0,0 +1,32 @@ +# Process Proposal + +`ProcessProposal` handles the validation of a proposal from `PrepareProposal`, +which also includes a block header. Meaning, that after a block has been proposed +the other validators have the right to vote on a block. The validator in the +default implementation of `PrepareProposal` runs basic validity checks on each +transaction. + +Note, `ProcessProposal` MAY NOT be non-deterministic, i.e. it must be deterministic. +This means if `ProcessProposal` panics or fails and we reject, all honest validator +processes will prevote nil and the CometBFT round will proceed again until a valid +proposal is proposed. + +Here is the implementation of the default implementation: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/baseapp/abci_utils.go#L153-L159 +``` + +Like `PrepareProposal` this implementation is the default and can be modified by +the application developer in [`app.go`](./01-app-go-v2.md). If you decide to implement +your own `ProcessProposal` handler, you must be sure to ensure that the transactions +provided in the proposal DO NOT exceed the maximum block gas and `maxtxbytes` (if set). + +```go +processOpt := func(app *baseapp.BaseApp) { +abciPropHandler := baseapp.NewDefaultProposalHandler(mempool, app) +app.SetProcessProposal(abciPropHandler.ProcessProposalHandler()) +} + +baseAppOptions = append(baseAppOptions, processOpt) +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/abci/03-vote-extensions.md b/copy-of-sdk-versioned_docs/version-0.50/build/abci/03-vote-extensions.md new file mode 100644 index 00000000..758c1ae4 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/abci/03-vote-extensions.md @@ -0,0 +1,123 @@ +# Vote Extensions + +:::note Synopsis +This section describes how the application can define and use vote extensions +defined in ABCI++. +::: + +## Extend Vote + +ABCI++ allows an application to extend a pre-commit vote with arbitrary data. This +process does NOT have to be deterministic, and the data returned can be unique to the +validator process. The Cosmos SDK defines [`baseapp.ExtendVoteHandler`](https://github.com/cosmos/cosmos-sdk/blob/v0.50.1/types/abci.go#L26-L27): + +```go +type ExtendVoteHandler func(Context, *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) +``` + +An application can set this handler in `app.go` via the `baseapp.SetExtendVoteHandler` +`BaseApp` option function. The `sdk.ExtendVoteHandler`, if defined, is called during +the `ExtendVote` ABCI method. Note, if an application decides to implement +`baseapp.ExtendVoteHandler`, it MUST return a non-nil `VoteExtension`. However, the vote +extension can be empty. See [here](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/spec/abci/abci++_methods.md#extendvote) +for more details. + +There are many decentralized censorship-resistant use cases for vote extensions. +For example, a validator may want to submit prices for a price oracle or encryption +shares for an encrypted transaction mempool. Note, an application should be careful +to consider the size of the vote extensions as they could increase latency in block +production. See [here](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/docs/qa/CometBFT-QA-38.md#vote-extensions-testbed) +for more details. + +Click [here](https://docs.cosmos.network/main/user/tutorials/vote-extensions) if you would like a walkthrough of how to implement vote extensions. + + +## Verify Vote Extension + +Similar to extending a vote, an application can also verify vote extensions from +other validators when validating their pre-commits. For a given vote extension, +this process MUST be deterministic. The Cosmos SDK defines [`sdk.VerifyVoteExtensionHandler`](https://github.com/cosmos/cosmos-sdk/blob/v0.50.1/types/abci.go#L29-L31): + +```go +type VerifyVoteExtensionHandler func(Context, *abci.RequestVerifyVoteExtension) (*abci.ResponseVerifyVoteExtension, error) +``` + +An application can set this handler in `app.go` via the `baseapp.SetVerifyVoteExtensionHandler` +`BaseApp` option function. The `sdk.VerifyVoteExtensionHandler`, if defined, is called +during the `VerifyVoteExtension` ABCI method. If an application defines a vote +extension handler, it should also define a verification handler. Note, not all +validators will share the same view of what vote extensions they verify depending +on how votes are propagated. See [here](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/spec/abci/abci++_methods.md#verifyvoteextension) +for more details. + +Additionally, please keep in mind that performance can be degraded if vote extensions are too big (https://docs.cometbft.com/v0.38/qa/cometbft-qa-38#vote-extensions-testbed), so we highly recommend a size validation in `VerifyVoteExtensions`. + + +## Vote Extension Propagation + +The agreed upon vote extensions at height `H` are provided to the proposing validator +at height `H+1` during `PrepareProposal`. As a result, the vote extensions are +not natively provided or exposed to the remaining validators during `ProcessProposal`. +As a result, if an application requires that the agreed upon vote extensions from +height `H` are available to all validators at `H+1`, the application must propagate +these vote extensions manually in the block proposal itself. This can be done by +"injecting" them into the block proposal, since the `Txs` field in `PrepareProposal` +is just a slice of byte slices. + +`FinalizeBlock` will ignore any byte slice that doesn't implement an `sdk.Tx`, so +any injected vote extensions will safely be ignored in `FinalizeBlock`. For more +details on propagation, see the [ABCI++ 2.0 ADR](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-064-abci-2.0.md#vote-extension-propagation--verification). + +### Recovery of injected Vote Extensions + +As stated before, vote extensions can be injected into a block proposal (along with +other transactions in the `Txs` field). The Cosmos SDK provides a pre-FinalizeBlock +hook to allow applications to recover vote extensions, perform any necessary +computation on them, and then store the results in the cached store. These results +will be available to the application during the subsequent `FinalizeBlock` call. + +An example of how a pre-FinalizeBlock hook could look like is shown below: + +```go +app.SetPreBlocker(func(ctx sdk.Context, req *abci.RequestFinalizeBlock) error { + allVEs := []VE{} // store all parsed vote extensions here + for _, tx := range req.Txs { + // define a custom function that tries to parse the tx as a vote extension + ve, ok := parseVoteExtension(tx) + if !ok { + continue + } + + allVEs = append(allVEs, ve) + } + + // perform any necessary computation on the vote extensions and store the result + // in the cached store + result := compute(allVEs) + err := storeVEResult(ctx, result) + if err != nil { + return err + } + + return nil +}) + +``` + +Then, in an app's module, the application can retrieve the result of the computation +of vote extensions from the cached store: + +```go +func (k Keeper) BeginBlocker(ctx context.Context) error { + // retrieve the result of the computation of vote extensions from the cached store + result, err := k.GetVEResult(ctx) + if err != nil { + return err + } + + // use the result of the computation of vote extensions + k.setSomething(result) + + return nil +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/abci/_category_.json b/copy-of-sdk-versioned_docs/version-0.50/build/abci/_category_.json new file mode 100644 index 00000000..d4ebb80c --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/abci/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "ABCI", + "position": 2, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/PROCESS.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/PROCESS.md new file mode 100644 index 00000000..ff831473 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/PROCESS.md @@ -0,0 +1,58 @@ +# ADR Creation Process + +1. Copy the `adr-template.md` file. Use the following filename pattern: `adr-next_number-title.md` +2. Create a draft Pull Request if you want to get an early feedback. +3. Make sure the context and a solution is clear and well documented. +4. Add an entry to a list in the [README](./README.md) file. +5. Create a Pull Request to propose a new ADR. + +## What is an ADR? + +An ADR is a document to document an implementation and design that may or may not have been discussed in an RFC. While an RFC is meant to replace synchoronus communication in a distributed environment, an ADR is meant to document an already made decision. An ADR wont come with much of a communication overhead because the discussion was recorded in an RFC or a synchronous discussion. If the consensus came from a synchoronus discussion then a short excerpt should be added to the ADR to explain the goals. + +## ADR life cycle + +ADR creation is an **iterative** process. Instead of having a high amount of communication overhead, an ADR is used when there is already a decision made and implementation details need to be added. The ADR should document what the collective consensus for the specific issue is and how to solve it. + +1. Every ADR should start with either an RFC or discussion where consensus has been met. + +2. Once consensus is met, a GitHub Pull Request (PR) is created with a new document based on the `adr-template.md`. + +3. If a _proposed_ ADR is merged, then it should clearly document outstanding issues either in ADR document notes or in a GitHub Issue. + +4. The PR SHOULD always be merged. In the case of a faulty ADR, we still prefer to merge it with a _rejected_ status. The only time the ADR SHOULD NOT be merged is if the author abandons it. + +5. Merged ADRs SHOULD NOT be pruned. + +### ADR status + +Status has two components: + +```text +{CONSENSUS STATUS} {IMPLEMENTATION STATUS} +``` + +IMPLEMENTATION STATUS is either `Implemented` or `Not Implemented`. + +#### Consensus Status + +```text +DRAFT -> PROPOSED -> LAST CALL yyyy-mm-dd -> ACCEPTED | REJECTED -> SUPERSEDED by ADR-xxx + \ | + \ | + v v + ABANDONED +``` + +* `DRAFT`: [optional] an ADR which is work in progress, not being ready for a general review. This is to present an early work and get an early feedback in a Draft Pull Request form. +* `PROPOSED`: an ADR covering a full solution architecture and still in the review - project stakeholders haven't reached an agreed yet. +* `LAST CALL `: [optional] clear notify that we are close to accept updates. Changing a status to `LAST CALL` means that social consensus (of Cosmos SDK maintainers) has been reached and we still want to give it a time to let the community react or analyze. +* `ACCEPTED`: ADR which will represent a currently implemented or to be implemented architecture design. +* `REJECTED`: ADR can go from PROPOSED or ACCEPTED to rejected if the consensus among project stakeholders will decide so. +* `SUPERSEEDED by ADR-xxx`: ADR which has been superseded by a new ADR. +* `ABANDONED`: the ADR is no longer pursued by the original authors. + +## Language used in ADR + +* The context/background should be written in the present tense. +* Avoid using a first, personal form. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/README.md new file mode 100644 index 00000000..db466599 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/README.md @@ -0,0 +1,95 @@ +--- +sidebar_position: 1 +--- + +# Architecture Decision Records (ADR) + +This is a location to record all high-level architecture decisions in the Cosmos-SDK. + +An Architectural Decision (**AD**) is a software design choice that addresses a functional or non-functional requirement that is architecturally significant. +An Architecturally Significant Requirement (**ASR**) is a requirement that has a measurable effect on a software system’s architecture and quality. +An Architectural Decision Record (**ADR**) captures a single AD, such as often done when writing personal notes or meeting minutes; the collection of ADRs created and maintained in a project constitute its decision log. All these are within the topic of Architectural Knowledge Management (AKM). + +You can read more about the ADR concept in this [blog post](https://product.reverb.com/documenting-architecture-decisions-the-reverb-way-a3563bb24bd0#.78xhdix6t). + +## Rationale + +ADRs are intended to be the primary mechanism for proposing new feature designs and new processes, for collecting community input on an issue, and for documenting the design decisions. +An ADR should provide: + +* Context on the relevant goals and the current state +* Proposed changes to achieve the goals +* Summary of pros and cons +* References +* Changelog + +Note the distinction between an ADR and a spec. The ADR provides the context, intuition, reasoning, and +justification for a change in architecture, or for the architecture of something +new. The spec is much more compressed and streamlined summary of everything as +it stands today. + +If recorded decisions turned out to be lacking, convene a discussion, record the new decisions here, and then modify the code to match. + +## Creating new ADR + +Read about the [PROCESS](./PROCESS.md). + +### Use RFC 2119 Keywords + +When writing ADRs, follow the same best practices for writing RFCs. When writing RFCs, key words are used to signify the requirements in the specification. These words are often capitalized: "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL. They are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119). + +## ADR Table of Contents + +### Accepted + +* [ADR 002: SDK Documentation Structure](./adr-002-docs-structure.md) +* [ADR 004: Split Denomination Keys](./adr-004-split-denomination-keys.md) +* [ADR 006: Secret Store Replacement](./adr-006-secret-store-replacement.md) +* [ADR 009: Evidence Module](./adr-009-evidence-module.md) +* [ADR 010: Modular AnteHandler](./adr-010-modular-antehandler.md) +* [ADR 019: Protocol Buffer State Encoding](./adr-019-protobuf-state-encoding.md) +* [ADR 020: Protocol Buffer Transaction Encoding](./adr-020-protobuf-transaction-encoding.md) +* [ADR 021: Protocol Buffer Query Encoding](./adr-021-protobuf-query-encoding.md) +* [ADR 023: Protocol Buffer Naming and Versioning](./adr-023-protobuf-naming.md) +* [ADR 029: Fee Grant Module](./adr-029-fee-grant-module.md) +* [ADR 030: Message Authorization Module](./adr-030-authz-module.md) +* [ADR 031: Protobuf Msg Services](./adr-031-msg-service.md) +* [ADR 055: ORM](./adr-055-orm.md) +* [ADR 058: Auto-Generated CLI](./adr-058-auto-generated-cli.md) +* [ADR 060: ABCI 1.0 (Phase I)](adr-060-abci-1.0.md) +* [ADR 061: Liquid Staking](./adr-061-liquid-staking.md) + +### Proposed + +* [ADR 003: Dynamic Capability Store](./adr-003-dynamic-capability-store.md) +* [ADR 011: Generalize Genesis Accounts](./adr-011-generalize-genesis-accounts.md) +* [ADR 012: State Accessors](./adr-012-state-accessors.md) +* [ADR 013: Metrics](./adr-013-metrics.md) +* [ADR 016: Validator Consensus Key Rotation](./adr-016-validator-consensus-key-rotation.md) +* [ADR 017: Historical Header Module](./adr-017-historical-header-module.md) +* [ADR 018: Extendable Voting Periods](./adr-018-extendable-voting-period.md) +* [ADR 022: Custom baseapp panic handling](./adr-022-custom-panic-handling.md) +* [ADR 024: Coin Metadata](./adr-024-coin-metadata.md) +* [ADR 027: Deterministic Protobuf Serialization](./adr-027-deterministic-protobuf-serialization.md) +* [ADR 028: Public Key Addresses](./adr-028-public-key-addresses.md) +* [ADR 032: Typed Events](./adr-032-typed-events.md) +* [ADR 033: Inter-module RPC](./adr-033-protobuf-inter-module-comm.md) +* [ADR 035: Rosetta API Support](./adr-035-rosetta-api-support.md) +* [ADR 037: Governance Split Votes](./adr-037-gov-split-vote.md) +* [ADR 038: State Listening](./adr-038-state-listening.md) +* [ADR 039: Epoched Staking](./adr-039-epoched-staking.md) +* [ADR 040: Storage and SMT State Commitments](./adr-040-storage-and-smt-state-commitments.md) +* [ADR 046: Module Params](./adr-046-module-params.md) +* [ADR 054: Semver Compatible SDK Modules](./adr-054-semver-compatible-modules.md) +* [ADR 057: App Wiring](./adr-057-app-wiring.md) +* [ADR 059: Test Scopes](./adr-059-test-scopes.md) +* [ADR 062: Collections State Layer](./adr-062-collections-state-layer.md) +* [ADR 063: Core Module API](./adr-063-core-module-api.md) +* [ADR 065: Store V2](./adr-065-store-v2.md) + +### Draft + +* [ADR 044: Guidelines for Updating Protobuf Definitions](./adr-044-protobuf-updates-guidelines.md) +* [ADR 047: Extend Upgrade Plan](./adr-047-extend-upgrade-plan.md) +* [ADR 053: Go Module Refactoring](./adr-053-go-module-refactoring.md) +* [ADR 068: Preblock](./adr-068-preblock.md) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/_category_.json b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/_category_.json new file mode 100644 index 00000000..e0b1907a --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "ADRs", + "position": 6, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-002-docs-structure.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-002-docs-structure.md new file mode 100644 index 00000000..5819151f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-002-docs-structure.md @@ -0,0 +1,86 @@ +# ADR 002: SDK Documentation Structure + +## Context + +There is a need for a scalable structure of the Cosmos SDK documentation. Current documentation includes a lot of non-related Cosmos SDK material, is difficult to maintain and hard to follow as a user. + +Ideally, we would have: + +* All docs related to dev frameworks or tools live in their respective github repos (sdk repo would contain sdk docs, hub repo would contain hub docs, lotion repo would contain lotion docs, etc.) +* All other docs (faqs, whitepaper, high-level material about Cosmos) would live on the website. + +## Decision + +Re-structure the `/docs` folder of the Cosmos SDK github repo as follows: + +```text +docs/ +├── README +├── intro/ +├── concepts/ +│ ├── baseapp +│ ├── types +│ ├── store +│ ├── server +│ ├── modules/ +│ │ ├── keeper +│ │ ├── handler +│ │ ├── cli +│ ├── gas +│ └── commands +├── clients/ +│ ├── lite/ +│ ├── service-providers +├── modules/ +├── spec/ +├── translations/ +└── architecture/ +``` + +The files in each sub-folders do not matter and will likely change. What matters is the sectioning: + +* `README`: Landing page of the docs. +* `intro`: Introductory material. Goal is to have a short explainer of the Cosmos SDK and then channel people to the resource they need. The [Cosmos SDK tutorial](https://github.com/cosmos/sdk-application-tutorial/) will be highlighted, as well as the `godocs`. +* `concepts`: Contains high-level explanations of the abstractions of the Cosmos SDK. It does not contain specific code implementation and does not need to be updated often. **It is not an API specification of the interfaces**. API spec is the `godoc`. +* `clients`: Contains specs and info about the various Cosmos SDK clients. +* `spec`: Contains specs of modules, and others. +* `modules`: Contains links to `godocs` and the spec of the modules. +* `architecture`: Contains architecture-related docs like the present one. +* `translations`: Contains different translations of the documentation. + +Website docs sidebar will only include the following sections: + +* `README` +* `intro` +* `concepts` +* `clients` + +`architecture` need not be displayed on the website. + +## Status + +Accepted + +## Consequences + +### Positive + +* Much clearer organisation of the Cosmos SDK docs. +* The `/docs` folder now only contains Cosmos SDK and gaia related material. Later, it will only contain Cosmos SDK related material. +* Developers only have to update `/docs` folder when they open a PR (and not `/examples` for example). +* Easier for developers to find what they need to update in the docs thanks to reworked architecture. +* Cleaner vuepress build for website docs. +* Will help build an executable doc (cf https://github.com/cosmos/cosmos-sdk/issues/2611) + +### Neutral + +* We need to move a bunch of deprecated stuff to `/_attic` folder. +* We need to integrate content in `docs/sdk/docs/core` in `concepts`. +* We need to move all the content that currently lives in `docs` and does not fit in new structure (like `lotion`, intro material, whitepaper) to the website repository. +* Update `DOCS_README.md` + +## References + +* https://github.com/cosmos/cosmos-sdk/issues/1460 +* https://github.com/cosmos/cosmos-sdk/pull/2695 +* https://github.com/cosmos/cosmos-sdk/issues/2611 diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-003-dynamic-capability-store.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-003-dynamic-capability-store.md new file mode 100644 index 00000000..f9ddd364 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-003-dynamic-capability-store.md @@ -0,0 +1,344 @@ +# ADR 3: Dynamic Capability Store + +## Changelog + +* 12 December 2019: Initial version +* 02 April 2020: Memory Store Revisions + +## Context + +Full implementation of the [IBC specification](https://github.com/cosmos/ibc) requires the ability to create and authenticate object-capability keys at runtime (i.e., during transaction execution), +as described in [ICS 5](https://github.com/cosmos/ibc/tree/master/spec/core/ics-005-port-allocation#technical-specification). In the IBC specification, capability keys are created for each newly initialised +port & channel, and are used to authenticate future usage of the port or channel. Since channels and potentially ports can be initialised during transaction execution, the state machine must be able to create +object-capability keys at this time. + +At present, the Cosmos SDK does not have the ability to do this. Object-capability keys are currently pointers (memory addresses) of `StoreKey` structs created at application initialisation in `app.go` ([example](https://github.com/cosmos/gaia/blob/dcbddd9f04b3086c0ad07ee65de16e7adedc7da4/app/app.go#L132)) +and passed to Keepers as fixed arguments ([example](https://github.com/cosmos/gaia/blob/dcbddd9f04b3086c0ad07ee65de16e7adedc7da4/app/app.go#L160)). Keepers cannot create or store capability keys during transaction execution — although they could call `NewKVStoreKey` and take the memory address +of the returned struct, storing this in the Merklised store would result in a consensus fault, since the memory address will be different on each machine (this is intentional — were this not the case, the keys would be predictable and couldn't serve as object capabilities). + +Keepers need a way to keep a private map of store keys which can be altered during transaction execution, along with a suitable mechanism for regenerating the unique memory addresses (capability keys) in this map whenever the application is started or restarted, along with a mechanism to revert capability creation on tx failure. +This ADR proposes such an interface & mechanism. + +## Decision + +The Cosmos SDK will include a new `CapabilityKeeper` abstraction, which is responsible for provisioning, +tracking, and authenticating capabilities at runtime. During application initialisation in `app.go`, +the `CapabilityKeeper` will be hooked up to modules through unique function references +(by calling `ScopeToModule`, defined below) so that it can identify the calling module when later +invoked. + +When the initial state is loaded from disk, the `CapabilityKeeper`'s `Initialise` function will create +new capability keys for all previously allocated capability identifiers (allocated during execution of +past transactions and assigned to particular modes), and keep them in a memory-only store while the +chain is running. + +The `CapabilityKeeper` will include a persistent `KVStore`, a `MemoryStore`, and an in-memory map. +The persistent `KVStore` tracks which capability is owned by which modules. +The `MemoryStore` stores a forward mapping that map from module name, capability tuples to capability names and +a reverse mapping that map from module name, capability name to the capability index. +Since we cannot marshal the capability into a `KVStore` and unmarshal without changing the memory location of the capability, +the reverse mapping in the KVStore will simply map to an index. This index can then be used as a key in the ephemeral +go-map to retrieve the capability at the original memory location. + +The `CapabilityKeeper` will define the following types & functions: + +The `Capability` is similar to `StoreKey`, but has a globally unique `Index()` instead of +a name. A `String()` method is provided for debugging. + +A `Capability` is simply a struct, the address of which is taken for the actual capability. + +```go +type Capability struct { + index uint64 +} +``` + +A `CapabilityKeeper` contains a persistent store key, memory store key, and mapping of allocated module names. + +```go +type CapabilityKeeper struct { + persistentKey StoreKey + memKey StoreKey + capMap map[uint64]*Capability + moduleNames map[string]interface{} + sealed bool +} +``` + +The `CapabilityKeeper` provides the ability to create *scoped* sub-keepers which are tied to a +particular module name. These `ScopedCapabilityKeeper`s must be created at application initialisation +and passed to modules, which can then use them to claim capabilities they receive and retrieve +capabilities which they own by name, in addition to creating new capabilities & authenticating capabilities +passed by other modules. + +```go +type ScopedCapabilityKeeper struct { + persistentKey StoreKey + memKey StoreKey + capMap map[uint64]*Capability + moduleName string +} +``` + +`ScopeToModule` is used to create a scoped sub-keeper with a particular name, which must be unique. +It MUST be called before `InitialiseAndSeal`. + +```go +func (ck CapabilityKeeper) ScopeToModule(moduleName string) ScopedCapabilityKeeper { + if k.sealed { + panic("cannot scope to module via a sealed capability keeper") + } + + if _, ok := k.scopedModules[moduleName]; ok { + panic(fmt.Sprintf("cannot create multiple scoped keepers for the same module name: %s", moduleName)) + } + + k.scopedModules[moduleName] = struct{}{} + + return ScopedKeeper{ + cdc: k.cdc, + storeKey: k.storeKey, + memKey: k.memKey, + capMap: k.capMap, + module: moduleName, + } +} +``` + +`InitialiseAndSeal` MUST be called exactly once, after loading the initial state and creating all +necessary `ScopedCapabilityKeeper`s, in order to populate the memory store with newly-created +capability keys in accordance with the keys previously claimed by particular modules and prevent the +creation of any new `ScopedCapabilityKeeper`s. + +```go +func (ck CapabilityKeeper) InitialiseAndSeal(ctx Context) { + if ck.sealed { + panic("capability keeper is sealed") + } + + persistentStore := ctx.KVStore(ck.persistentKey) + map := ctx.KVStore(ck.memKey) + + // initialise memory store for all names in persistent store + for index, value := range persistentStore.Iter() { + capability = &CapabilityKey{index: index} + + for moduleAndCapability := range value { + moduleName, capabilityName := moduleAndCapability.Split("/") + memStore.Set(moduleName + "/fwd/" + capability, capabilityName) + memStore.Set(moduleName + "/rev/" + capabilityName, index) + + ck.capMap[index] = capability + } + } + + ck.sealed = true +} +``` + +`NewCapability` can be called by any module to create a new unique, unforgeable object-capability +reference. The newly created capability is automatically persisted; the calling module need not +call `ClaimCapability`. + +```go +func (sck ScopedCapabilityKeeper) NewCapability(ctx Context, name string) (Capability, error) { + // check name not taken in memory store + if capStore.Get("rev/" + name) != nil { + return nil, errors.New("name already taken") + } + + // fetch the current index + index := persistentStore.Get("index") + + // create a new capability + capability := &CapabilityKey{index: index} + + // set persistent store + persistentStore.Set(index, Set.singleton(sck.moduleName + "/" + name)) + + // update the index + index++ + persistentStore.Set("index", index) + + // set forward mapping in memory store from capability to name + memStore.Set(sck.moduleName + "/fwd/" + capability, name) + + // set reverse mapping in memory store from name to index + memStore.Set(sck.moduleName + "/rev/" + name, index) + + // set the in-memory mapping from index to capability pointer + capMap[index] = capability + + // return the newly created capability + return capability +} +``` + +`AuthenticateCapability` can be called by any module to check that a capability +does in fact correspond to a particular name (the name can be untrusted user input) +with which the calling module previously associated it. + +```go +func (sck ScopedCapabilityKeeper) AuthenticateCapability(name string, capability Capability) bool { + // return whether forward mapping in memory store matches name + return memStore.Get(sck.moduleName + "/fwd/" + capability) === name +} +``` + +`ClaimCapability` allows a module to claim a capability key which it has received from another module +so that future `GetCapability` calls will succeed. + +`ClaimCapability` MUST be called if a module which receives a capability wishes to access it by name +in the future. Capabilities are multi-owner, so if multiple modules have a single `Capability` reference, +they will all own it. + +```go +func (sck ScopedCapabilityKeeper) ClaimCapability(ctx Context, capability Capability, name string) error { + persistentStore := ctx.KVStore(sck.persistentKey) + + // set forward mapping in memory store from capability to name + memStore.Set(sck.moduleName + "/fwd/" + capability, name) + + // set reverse mapping in memory store from name to capability + memStore.Set(sck.moduleName + "/rev/" + name, capability) + + // update owner set in persistent store + owners := persistentStore.Get(capability.Index()) + owners.add(sck.moduleName + "/" + name) + persistentStore.Set(capability.Index(), owners) +} +``` + +`GetCapability` allows a module to fetch a capability which it has previously claimed by name. +The module is not allowed to retrieve capabilities which it does not own. + +```go +func (sck ScopedCapabilityKeeper) GetCapability(ctx Context, name string) (Capability, error) { + // fetch the index of capability using reverse mapping in memstore + index := memStore.Get(sck.moduleName + "/rev/" + name) + + // fetch capability from go-map using index + capability := capMap[index] + + // return the capability + return capability +} +``` + +`ReleaseCapability` allows a module to release a capability which it had previously claimed. If no +more owners exist, the capability will be deleted globally. + +```go +func (sck ScopedCapabilityKeeper) ReleaseCapability(ctx Context, capability Capability) err { + persistentStore := ctx.KVStore(sck.persistentKey) + + name := capStore.Get(sck.moduleName + "/fwd/" + capability) + if name == nil { + return error("capability not owned by module") + } + + // delete forward mapping in memory store + memoryStore.Delete(sck.moduleName + "/fwd/" + capability, name) + + // delete reverse mapping in memory store + memoryStore.Delete(sck.moduleName + "/rev/" + name, capability) + + // update owner set in persistent store + owners := persistentStore.Get(capability.Index()) + owners.remove(sck.moduleName + "/" + name) + if owners.size() > 0 { + // there are still other owners, keep the capability around + persistentStore.Set(capability.Index(), owners) + } else { + // no more owners, delete the capability + persistentStore.Delete(capability.Index()) + delete(capMap[capability.Index()]) + } +} +``` + +### Usage patterns + +#### Initialisation + +Any modules which use dynamic capabilities must be provided a `ScopedCapabilityKeeper` in `app.go`: + +```go +ck := NewCapabilityKeeper(persistentKey, memoryKey) +mod1Keeper := NewMod1Keeper(ck.ScopeToModule("mod1"), ....) +mod2Keeper := NewMod2Keeper(ck.ScopeToModule("mod2"), ....) + +// other initialisation logic ... + +// load initial state... + +ck.InitialiseAndSeal(initialContext) +``` + +#### Creating, passing, claiming and using capabilities + +Consider the case where `mod1` wants to create a capability, associate it with a resource (e.g. an IBC channel) by name, then pass it to `mod2` which will use it later: + +Module 1 would have the following code: + +```go +capability := scopedCapabilityKeeper.NewCapability(ctx, "resourceABC") +mod2Keeper.SomeFunction(ctx, capability, args...) +``` + +`SomeFunction`, running in module 2, could then claim the capability: + +```go +func (k Mod2Keeper) SomeFunction(ctx Context, capability Capability) { + k.sck.ClaimCapability(ctx, capability, "resourceABC") + // other logic... +} +``` + +Later on, module 2 can retrieve that capability by name and pass it to module 1, which will authenticate it against the resource: + +```go +func (k Mod2Keeper) SomeOtherFunction(ctx Context, name string) { + capability := k.sck.GetCapability(ctx, name) + mod1.UseResource(ctx, capability, "resourceABC") +} +``` + +Module 1 will then check that this capability key is authenticated to use the resource before allowing module 2 to use it: + +```go +func (k Mod1Keeper) UseResource(ctx Context, capability Capability, resource string) { + if !k.sck.AuthenticateCapability(name, capability) { + return errors.New("unauthenticated") + } + // do something with the resource +} +``` + +If module 2 passed the capability key to module 3, module 3 could then claim it and call module 1 just like module 2 did +(in which case module 1, module 2, and module 3 would all be able to use this capability). + +## Status + +Proposed. + +## Consequences + +### Positive + +* Dynamic capability support. +* Allows CapabilityKeeper to return same capability pointer from go-map while reverting any writes to the persistent `KVStore` and in-memory `MemoryStore` on tx failure. + +### Negative + +* Requires an additional keeper. +* Some overlap with existing `StoreKey` system (in the future they could be combined, since this is a superset functionality-wise). +* Requires an extra level of indirection in the reverse mapping, since MemoryStore must map to index which must then be used as key in a go map to retrieve the actual capability + +### Neutral + +(none known) + +## References + +* [Original discussion](https://github.com/cosmos/cosmos-sdk/pull/5230#discussion_r343978513) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-004-split-denomination-keys.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-004-split-denomination-keys.md new file mode 100644 index 00000000..8abf25fd --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-004-split-denomination-keys.md @@ -0,0 +1,120 @@ +# ADR 004: Split Denomination Keys + +## Changelog + +* 2020-01-08: Initial version +* 2020-01-09: Alterations to handle vesting accounts +* 2020-01-14: Updates from review feedback +* 2020-01-30: Updates from implementation + +### Glossary + +* denom / denomination key -- unique token identifier. + +## Context + +With permissionless IBC, anyone will be able to send arbitrary denominations to any other account. Currently, all non-zero balances are stored along with the account in an `sdk.Coins` struct, which creates a potential denial-of-service concern, as too many denominations will become expensive to load & store each time the account is modified. See issues [5467](https://github.com/cosmos/cosmos-sdk/issues/5467) and [4982](https://github.com/cosmos/cosmos-sdk/issues/4982) for additional context. + +Simply rejecting incoming deposits after a denomination count limit doesn't work, since it opens up a griefing vector: someone could send a user lots of nonsensical coins over IBC, and then prevent the user from receiving real denominations (such as staking rewards). + +## Decision + +Balances shall be stored per-account & per-denomination under a denomination- and account-unique key, thus enabling O(1) read & write access to the balance of a particular account in a particular denomination. + +### Account interface (x/auth) + +`GetCoins()` and `SetCoins()` will be removed from the account interface, since coin balances will +now be stored in & managed by the bank module. + +The vesting account interface will replace `SpendableCoins` in favor of `LockedCoins` which does +not require the account balance anymore. In addition, `TrackDelegation()` will now accept the +account balance of all tokens denominated in the vesting balance instead of loading the entire +account balance. + +Vesting accounts will continue to store original vesting, delegated free, and delegated +vesting coins (which is safe since these cannot contain arbitrary denominations). + +### Bank keeper (x/bank) + +The following APIs will be added to the `x/bank` keeper: + +* `GetAllBalances(ctx Context, addr AccAddress) Coins` +* `GetBalance(ctx Context, addr AccAddress, denom string) Coin` +* `SetBalance(ctx Context, addr AccAddress, coin Coin)` +* `LockedCoins(ctx Context, addr AccAddress) Coins` +* `SpendableCoins(ctx Context, addr AccAddress) Coins` + +Additional APIs may be added to facilitate iteration and auxiliary functionality not essential to +core functionality or persistence. + +Balances will be stored first by the address, then by the denomination (the reverse is also possible, +but retrieval of all balances for a single account is presumed to be more frequent): + +```go +var BalancesPrefix = []byte("balances") + +func (k Keeper) SetBalance(ctx Context, addr AccAddress, balance Coin) error { + if !balance.IsValid() { + return err + } + + store := ctx.KVStore(k.storeKey) + balancesStore := prefix.NewStore(store, BalancesPrefix) + accountStore := prefix.NewStore(balancesStore, addr.Bytes()) + + bz := Marshal(balance) + accountStore.Set([]byte(balance.Denom), bz) + + return nil +} +``` + +This will result in the balances being indexed by the byte representation of +`balances/{address}/{denom}`. + +`DelegateCoins()` and `UndelegateCoins()` will be altered to only load each individual +account balance by denomination found in the (un)delegation amount. As a result, +any mutations to the account balance by will made by denomination. + +`SubtractCoins()` and `AddCoins()` will be altered to read & write the balances +directly instead of calling `GetCoins()` / `SetCoins()` (which no longer exist). + +`trackDelegation()` and `trackUndelegation()` will be altered to no longer update +account balances. + +External APIs will need to scan all balances under an account to retain backwards-compatibility. It +is advised that these APIs use `GetBalance` and `SetBalance` instead of `GetAllBalances` when +possible as to not load the entire account balance. + +### Supply module + +The supply module, in order to implement the total supply invariant, will now need +to scan all accounts & call `GetAllBalances` using the `x/bank` Keeper, then sum +the balances and check that they match the expected total supply. + +## Status + +Accepted. + +## Consequences + +### Positive + +* O(1) reads & writes of balances (with respect to the number of denominations for +which an account has non-zero balances). Note, this does not relate to the actual +I/O cost, rather the total number of direct reads needed. + +### Negative + +* Slightly less efficient reads/writes when reading & writing all balances of a +single account in a transaction. + +### Neutral + +None in particular. + +## References + +* Ref: https://github.com/cosmos/cosmos-sdk/issues/4982 +* Ref: https://github.com/cosmos/cosmos-sdk/issues/5467 +* Ref: https://github.com/cosmos/cosmos-sdk/issues/5492 diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-006-secret-store-replacement.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-006-secret-store-replacement.md new file mode 100644 index 00000000..fe2e2546 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-006-secret-store-replacement.md @@ -0,0 +1,54 @@ +# ADR 006: Secret Store Replacement + +## Changelog + +* July 29th, 2019: Initial draft +* September 11th, 2019: Work has started +* November 4th: Cosmos SDK changes merged in +* November 18th: Gaia changes merged in + +## Context + +Currently, a Cosmos SDK application's CLI directory stores key material and metadata in a plain text database in the user’s home directory. Key material is encrypted by a passphrase, protected by bcrypt hashing algorithm. Metadata (e.g. addresses, public keys, key storage details) is available in plain text. + +This is not desirable for a number of reasons. Perhaps the biggest reason is insufficient security protection of key material and metadata. Leaking the plain text allows an attacker to surveil what keys a given computer controls via a number of techniques, like compromised dependencies without any privilege execution. This could be followed by a more targeted attack on a particular user/computer. + +All modern desktop computers OS (Ubuntu, Debian, MacOS, Windows) provide a built-in secret store that is designed to allow applications to store information that is isolated from all other applications and requires passphrase entry to access the data. + +We are seeking solution that provides a common abstraction layer to the many different backends and reasonable fallback for minimal platforms that don’t provide a native secret store. + +## Decision + +We recommend replacing the current Keybase backend based on LevelDB with [Keyring](https://github.com/99designs/keyring) by 99 designs. This application is designed to provide a common abstraction and uniform interface between many secret stores and is used by AWS Vault application by 99-designs application. + +This appears to fulfill the requirement of protecting both key material and metadata from rouge software on a user’s machine. + +## Status + +Accepted + +## Consequences + +### Positive + +Increased safety for users. + +### Negative + +Users must manually migrate. + +Testing against all supported backends is difficult. + +Running tests locally on a Mac require numerous repetitive password entries. + +### Neutral + +{neutral consequences} + +## References + +* #4754 Switch secret store to the keyring secret store (original PR by @poldsam) [__CLOSED__] +* #5029 Add support for github.com/99designs/keyring-backed keybases [__MERGED__] +* #5097 Add keys migrate command [__MERGED__] +* #5180 Drop on-disk keybase in favor of keyring [_PENDING_REVIEW_] +* cosmos/gaia#164 Drop on-disk keybase in favor of keyring (gaia's changes) [_PENDING_REVIEW_] diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-007-specialization-groups.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-007-specialization-groups.md new file mode 100644 index 00000000..58f78abf --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-007-specialization-groups.md @@ -0,0 +1,177 @@ +# ADR 007: Specialization Groups + +## Changelog + +* 2019 Jul 31: Initial Draft + +## Context + +This idea was first conceived of in order to fulfill the use case of the +creation of a decentralized Computer Emergency Response Team (dCERT), whose +members would be elected by a governing community and would fulfill the role of +coordinating the community under emergency situations. This thinking +can be further abstracted into the conception of "blockchain specialization +groups". + +The creation of these groups are the beginning of specialization capabilities +within a wider blockchain community which could be used to enable a certain +level of delegated responsibilities. Examples of specialization which could be +beneficial to a blockchain community include: code auditing, emergency response, +code development etc. This type of community organization paves the way for +individual stakeholders to delegate votes by issue type, if in the future +governance proposals include a field for issue type. + +## Decision + +A specialization group can be broadly broken down into the following functions +(herein containing examples): + +* Membership Admittance +* Membership Acceptance +* Membership Revocation + * (probably) Without Penalty + * member steps down (self-Revocation) + * replaced by new member from governance + * (probably) With Penalty + * due to breach of soft-agreement (determined through governance) + * due to breach of hard-agreement (determined by code) +* Execution of Duties + * Special transactions which only execute for members of a specialization + group (for example, dCERT members voting to turn off transaction routes in + an emergency scenario) +* Compensation + * Group compensation (further distribution decided by the specialization group) + * Individual compensation for all constituents of a group from the + greater community + +Membership admittance to a specialization group could take place over a wide +variety of mechanisms. The most obvious example is through a general vote among +the entire community, however in certain systems a community may want to allow +the members already in a specialization group to internally elect new members, +or maybe the community may assign a permission to a particular specialization +group to appoint members to other 3rd party groups. The sky is really the limit +as to how membership admittance can be structured. We attempt to capture +some of these possiblities in a common interface dubbed the `Electionator`. For +its initial implementation as a part of this ADR we recommend that the general +election abstraction (`Electionator`) is provided as well as a basic +implementation of that abstraction which allows for a continuous election of +members of a specialization group. + +``` golang +// The Electionator abstraction covers the concept space for +// a wide variety of election kinds. +type Electionator interface { + + // is the election object accepting votes. + Active() bool + + // functionality to execute for when a vote is cast in this election, here + // the vote field is anticipated to be marshalled into a vote type used + // by an election. + // + // NOTE There are no explicit ids here. Just votes which pertain specifically + // to one electionator. Anyone can create and send a vote to the electionator item + // which will presumably attempt to marshal those bytes into a particular struct + // and apply the vote information in some arbitrary way. There can be multiple + // Electionators within the Cosmos-Hub for multiple specialization groups, votes + // would need to be routed to the Electionator upstream of here. + Vote(addr sdk.AccAddress, vote []byte) + + // here lies all functionality to authenticate and execute changes for + // when a member accepts being elected + AcceptElection(sdk.AccAddress) + + // Register a revoker object + RegisterRevoker(Revoker) + + // No more revokers may be registered after this function is called + SealRevokers() + + // register hooks to call when an election actions occur + RegisterHooks(ElectionatorHooks) + + // query for the current winner(s) of this election based on arbitrary + // election ruleset + QueryElected() []sdk.AccAddress + + // query metadata for an address in the election this + // could include for example position that an address + // is being elected for within a group + // + // this metadata may be directly related to + // voting information and/or privileges enabled + // to members within a group. + QueryMetadata(sdk.AccAddress) []byte +} + +// ElectionatorHooks, once registered with an Electionator, +// trigger execution of relevant interface functions when +// Electionator events occur. +type ElectionatorHooks interface { + AfterVoteCast(addr sdk.AccAddress, vote []byte) + AfterMemberAccepted(addr sdk.AccAddress) + AfterMemberRevoked(addr sdk.AccAddress, cause []byte) +} + +// Revoker defines the function required for a membership revocation rule-set +// used by a specialization group. This could be used to create self revoking, +// and evidence based revoking, etc. Revokers types may be created and +// reused for different election types. +// +// When revoking the "cause" bytes may be arbitrarily marshalled into evidence, +// memos, etc. +type Revoker interface { + RevokeName() string // identifier for this revoker type + RevokeMember(addr sdk.AccAddress, cause []byte) error +} +``` + +Certain level of commonality likely exists between the existing code within +`x/governance` and required functionality of elections. This common +functionality should be abstracted during implementation. Similarly for each +vote implementation client CLI/REST functionality should be abstracted +to be reused for multiple elections. + +The specialization group abstraction firstly extends the `Electionator` +but also further defines traits of the group. + +``` golang +type SpecializationGroup interface { + Electionator + GetName() string + GetDescription() string + + // general soft contract the group is expected + // to fulfill with the greater community + GetContract() string + + // messages which can be executed by the members of the group + Handler(ctx sdk.Context, msg sdk.Msg) sdk.Result + + // logic to be executed at endblock, this may for instance + // include payment of a stipend to the group members + // for participation in the security group. + EndBlocker(ctx sdk.Context) +} +``` + +## Status + +> Proposed + +## Consequences + +### Positive + +* increases specialization capabilities of a blockchain +* improve abstractions in `x/gov/` such that they can be used with specialization groups + +### Negative + +* could be used to increase centralization within a community + +### Neutral + +## References + +* [dCERT ADR](./adr-008-dCERT-group.md) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-008-dCERT-group.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-008-dCERT-group.md new file mode 100644 index 00000000..2b2d2b82 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-008-dCERT-group.md @@ -0,0 +1,171 @@ +# ADR 008: Decentralized Computer Emergency Response Team (dCERT) Group + +## Changelog + +* 2019 Jul 31: Initial Draft + +## Context + +In order to reduce the number of parties involved with handling sensitive +information in an emergency scenario, we propose the creation of a +specialization group named The Decentralized Computer Emergency Response Team +(dCERT). Initially this group's role is intended to serve as coordinators +between various actors within a blockchain community such as validators, +bug-hunters, and developers. During a time of crisis, the dCERT group would +aggregate and relay input from a variety of stakeholders to the developers who +are actively devising a patch to the software, this way sensitive information +does not need to be publicly disclosed while some input from the community can +still be gained. + +Additionally, a special privilege is proposed for the dCERT group: the capacity +to "circuit-break" (aka. temporarily disable) a particular message path. Note +that this privilege should be enabled/disabled globally with a governance +parameter such that this privilege could start disabled and later be enabled +through a parameter change proposal, once a dCERT group has been established. + +In the future it is foreseeable that the community may wish to expand the roles +of dCERT with further responsibilities such as the capacity to "pre-approve" a +security update on behalf of the community prior to a full community +wide vote whereby the sensitive information would be revealed prior to a +vulnerability being patched on the live network. + +## Decision + +The dCERT group is proposed to include an implementation of a `SpecializationGroup` +as defined in [ADR 007](./adr-007-specialization-groups.md). This will include the +implementation of: + +* continuous voting +* slashing due to breach of soft contract +* revoking a member due to breach of soft contract +* emergency disband of the entire dCERT group (ex. for colluding maliciously) +* compensation stipend from the community pool or other means decided by + governance + +This system necessitates the following new parameters: + +* blockly stipend allowance per dCERT member +* maximum number of dCERT members +* required staked slashable tokens for each dCERT member +* quorum for suspending a particular member +* proposal wager for disbanding the dCERT group +* stabilization period for dCERT member transition +* circuit break dCERT privileges enabled + +These parameters are expected to be implemented through the param keeper such +that governance may change them at any given point. + +### Continuous Voting Electionator + +An `Electionator` object is to be implemented as continuous voting and with the +following specifications: + +* All delegation addresses may submit votes at any point which updates their + preferred representation on the dCERT group. +* Preferred representation may be arbitrarily split between addresses (ex. 50% + to John, 25% to Sally, 25% to Carol) +* In order for a new member to be added to the dCERT group they must + send a transaction accepting their admission at which point the validity of + their admission is to be confirmed. + * A sequence number is assigned when a member is added to dCERT group. + If a member leaves the dCERT group and then enters back, a new sequence number + is assigned. +* Addresses which control the greatest amount of preferred-representation are + eligible to join the dCERT group (up the _maximum number of dCERT members_). + If the dCERT group is already full and new member is admitted, the existing + dCERT member with the lowest amount of votes is kicked from the dCERT group. + * In the split situation where the dCERT group is full but a vying candidate + has the same amount of vote as an existing dCERT member, the existing + member should maintain its position. + * In the split situation where somebody must be kicked out but the two + addresses with the smallest number of votes have the same number of votes, + the address with the smallest sequence number maintains its position. +* A stabilization period can be optionally included to reduce the + "flip-flopping" of the dCERT membership tail members. If a stabilization + period is provided which is greater than 0, when members are kicked due to + insufficient support, a queue entry is created which documents which member is + to replace which other member. While this entry is in the queue, no new entries + to kick that same dCERT member can be made. When the entry matures at the + duration of the stabilization period, the new member is instantiated, and old + member kicked. + +### Staking/Slashing + +All members of the dCERT group must stake tokens _specifically_ to maintain +eligibility as a dCERT member. These tokens can be staked directly by the vying +dCERT member or out of the good will of a 3rd party (who shall gain no on-chain +benefits for doing so). This staking mechanism should use the existing global +unbonding time of tokens staked for network validator security. A dCERT member +can _only be_ a member if it has the required tokens staked under this +mechanism. If those tokens are unbonded then the dCERT member must be +automatically kicked from the group. + +Slashing of a particular dCERT member due to soft-contract breach should be +performed by governance on a per member basis based on the magnitude of the +breach. The process flow is anticipated to be that a dCERT member is suspended +by the dCERT group prior to being slashed by governance. + +Membership suspension by the dCERT group takes place through a voting procedure +by the dCERT group members. After this suspension has taken place, a governance +proposal to slash the dCERT member must be submitted, if the proposal is not +approved by the time the rescinding member has completed unbonding their +tokens, then the tokens are no longer staked and unable to be slashed. + +Additionally in the case of an emergency situation of a colluding and malicious +dCERT group, the community needs the capability to disband the entire dCERT +group and likely fully slash them. This could be achieved though a special new +proposal type (implemented as a general governance proposal) which would halt +the functionality of the dCERT group until the proposal was concluded. This +special proposal type would likely need to also have a fairly large wager which +could be slashed if the proposal creator was malicious. The reason a large +wager should be required is because as soon as the proposal is made, the +capability of the dCERT group to halt message routes is put on temporarily +suspended, meaning that a malicious actor who created such a proposal could +then potentially exploit a bug during this period of time, with no dCERT group +capable of shutting down the exploitable message routes. + +### dCERT membership transactions + +Active dCERT members + +* change of the description of the dCERT group +* circuit break a message route +* vote to suspend a dCERT member. + +Here circuit-breaking refers to the capability to disable a groups of messages, +This could for instance mean: "disable all staking-delegation messages", or +"disable all distribution messages". This could be accomplished by verifying +that the message route has not been "circuit-broken" at CheckTx time (in +`baseapp/baseapp.go`). + +"unbreaking" a circuit is anticipated only to occur during a hard fork upgrade +meaning that no capability to unbreak a message route on a live chain is +required. + +Note also, that if there was a problem with governance voting (for instance a +capability to vote many times) then governance would be broken and should be +halted with this mechanism, it would be then up to the validator set to +coordinate and hard-fork upgrade to a patched version of the software where +governance is re-enabled (and fixed). If the dCERT group abuses this privilege +they should all be severely slashed. + +## Status + +> Proposed + +## Consequences + +### Positive + +* Potential to reduces the number of parties to coordinate with during an emergency +* Reduction in possibility of disclosing sensitive information to malicious parties + +### Negative + +* Centralization risks + +### Neutral + +## References + + [Specialization Groups ADR](./adr-007-specialization-groups.md) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-009-evidence-module.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-009-evidence-module.md new file mode 100644 index 00000000..ded04a14 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-009-evidence-module.md @@ -0,0 +1,182 @@ +# ADR 009: Evidence Module + +## Changelog + +* 2019 July 31: Initial draft +* 2019 October 24: Initial implementation + +## Status + +Accepted + +## Context + +In order to support building highly secure, robust and interoperable blockchain +applications, it is vital for the Cosmos SDK to expose a mechanism in which arbitrary +evidence can be submitted, evaluated and verified resulting in some agreed upon +penalty for any misbehavior committed by a validator, such as equivocation (double-voting), +signing when unbonded, signing an incorrect state transition (in the future), etc. +Furthermore, such a mechanism is paramount for any +[IBC](https://github.com/cosmos/ics/blob/master/ibc/2_IBC_ARCHITECTURE.md) or +cross-chain validation protocol implementation in order to support the ability +for any misbehavior to be relayed back from a collateralized chain to a primary +chain so that the equivocating validator(s) can be slashed. + +## Decision + +We will implement an evidence module in the Cosmos SDK supporting the following +functionality: + +* Provide developers with the abstractions and interfaces necessary to define + custom evidence messages, message handlers, and methods to slash and penalize + accordingly for misbehavior. +* Support the ability to route evidence messages to handlers in any module to + determine the validity of submitted misbehavior. +* Support the ability, through governance, to modify slashing penalties of any + evidence type. +* Querier implementation to support querying params, evidence types, params, and + all submitted valid misbehavior. + +### Types + +First, we define the `Evidence` interface type. The `x/evidence` module may implement +its own types that can be used by many chains (e.g. `CounterFactualEvidence`). +In addition, other modules may implement their own `Evidence` types in a similar +manner in which governance is extensible. It is important to note any concrete +type implementing the `Evidence` interface may include arbitrary fields such as +an infraction time. We want the `Evidence` type to remain as flexible as possible. + +When submitting evidence to the `x/evidence` module, the concrete type must provide +the validator's consensus address, which should be known by the `x/slashing` +module (assuming the infraction is valid), the height at which the infraction +occurred and the validator's power at same height in which the infraction occurred. + +```go +type Evidence interface { + Route() string + Type() string + String() string + Hash() HexBytes + ValidateBasic() error + + // The consensus address of the malicious validator at time of infraction + GetConsensusAddress() ConsAddress + + // Height at which the infraction occurred + GetHeight() int64 + + // The total power of the malicious validator at time of infraction + GetValidatorPower() int64 + + // The total validator set power at time of infraction + GetTotalPower() int64 +} +``` + +### Routing & Handling + +Each `Evidence` type must map to a specific unique route and be registered with +the `x/evidence` module. It accomplishes this through the `Router` implementation. + +```go +type Router interface { + AddRoute(r string, h Handler) Router + HasRoute(r string) bool + GetRoute(path string) Handler + Seal() +} +``` + +Upon successful routing through the `x/evidence` module, the `Evidence` type +is passed through a `Handler`. This `Handler` is responsible for executing all +corresponding business logic necessary for verifying the evidence as valid. In +addition, the `Handler` may execute any necessary slashing and potential jailing. +Since slashing fractions will typically result from some form of static functions, +allow the `Handler` to do this provides the greatest flexibility. An example could +be `k * evidence.GetValidatorPower()` where `k` is an on-chain parameter controlled +by governance. The `Evidence` type should provide all the external information +necessary in order for the `Handler` to make the necessary state transitions. +If no error is returned, the `Evidence` is considered valid. + +```go +type Handler func(Context, Evidence) error +``` + +### Submission + +`Evidence` is submitted through a `MsgSubmitEvidence` message type which is internally +handled by the `x/evidence` module's `SubmitEvidence`. + +```go +type MsgSubmitEvidence struct { + Evidence +} + +func handleMsgSubmitEvidence(ctx Context, keeper Keeper, msg MsgSubmitEvidence) Result { + if err := keeper.SubmitEvidence(ctx, msg.Evidence); err != nil { + return err.Result() + } + + // emit events... + + return Result{ + // ... + } +} +``` + +The `x/evidence` module's keeper is responsible for matching the `Evidence` against +the module's router and invoking the corresponding `Handler` which may include +slashing and jailing the validator. Upon success, the submitted evidence is persisted. + +```go +func (k Keeper) SubmitEvidence(ctx Context, evidence Evidence) error { + handler := keeper.router.GetRoute(evidence.Route()) + if err := handler(ctx, evidence); err != nil { + return ErrInvalidEvidence(keeper.codespace, err) + } + + keeper.setEvidence(ctx, evidence) + return nil +} +``` + +### Genesis + +Finally, we need to represent the genesis state of the `x/evidence` module. The +module only needs a list of all submitted valid infractions and any necessary params +for which the module needs in order to handle submitted evidence. The `x/evidence` +module will naturally define and route native evidence types for which it'll most +likely need slashing penalty constants for. + +```go +type GenesisState struct { + Params Params + Infractions []Evidence +} +``` + +## Consequences + +### Positive + +* Allows the state machine to process misbehavior submitted on-chain and penalize + validators based on agreed upon slashing parameters. +* Allows evidence types to be defined and handled by any module. This further allows + slashing and jailing to be defined by more complex mechanisms. +* Does not solely rely on Tendermint to submit evidence. + +### Negative + +* No easy way to introduce new evidence types through governance on a live chain + due to the inability to introduce the new evidence type's corresponding handler + +### Neutral + +* Should we persist infractions indefinitely? Or should we rather rely on events? + +## References + +* [ICS](https://github.com/cosmos/ics) +* [IBC Architecture](https://github.com/cosmos/ics/blob/master/ibc/1_IBC_ARCHITECTURE.md) +* [Tendermint Fork Accountability](https://github.com/tendermint/spec/blob/7b3138e69490f410768d9b1ffc7a17abc23ea397/spec/consensus/fork-accountability.md) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-010-modular-antehandler.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-010-modular-antehandler.md new file mode 100644 index 00000000..386af1a7 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-010-modular-antehandler.md @@ -0,0 +1,290 @@ +# ADR 010: Modular AnteHandler + +## Changelog + +* 2019 Aug 31: Initial draft +* 2021 Sep 14: Superseded by ADR-045 + +## Status + +SUPERSEDED by ADR-045 + +## Context + +The current AnteHandler design allows users to either use the default AnteHandler provided in `x/auth` or to build their own AnteHandler from scratch. Ideally AnteHandler functionality is split into multiple, modular functions that can be chained together along with custom ante-functions so that users do not have to rewrite common antehandler logic when they want to implement custom behavior. + +For example, let's say a user wants to implement some custom signature verification logic. In the current codebase, the user would have to write their own Antehandler from scratch largely reimplementing much of the same code and then set their own custom, monolithic antehandler in the baseapp. Instead, we would like to allow users to specify custom behavior when necessary and combine them with default ante-handler functionality in a way that is as modular and flexible as possible. + +## Proposals + +### Per-Module AnteHandler + +One approach is to use the [ModuleManager](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/types/module) and have each module implement its own antehandler if it requires custom antehandler logic. The ModuleManager can then be passed in an AnteHandler order in the same way it has an order for BeginBlockers and EndBlockers. The ModuleManager returns a single AnteHandler function that will take in a tx and run each module's `AnteHandle` in the specified order. The module manager's AnteHandler is set as the baseapp's AnteHandler. + +Pros: + +1. Simple to implement +2. Utilizes the existing ModuleManager architecture + +Cons: + +1. Improves granularity but still cannot get more granular than a per-module basis. e.g. If auth's `AnteHandle` function is in charge of validating memo and signatures, users cannot swap the signature-checking functionality while keeping the rest of auth's `AnteHandle` functionality. +2. Module AnteHandler are run one after the other. There is no way for one AnteHandler to wrap or "decorate" another. + +### Decorator Pattern + +The [weave project](https://github.com/iov-one/weave) achieves AnteHandler modularity through the use of a decorator pattern. The interface is designed as follows: + +```go +// Decorator wraps a Handler to provide common functionality +// like authentication, or fee-handling, to many Handlers +type Decorator interface { + Check(ctx Context, store KVStore, tx Tx, next Checker) (*CheckResult, error) + Deliver(ctx Context, store KVStore, tx Tx, next Deliverer) (*DeliverResult, error) +} +``` + +Each decorator works like a modularized Cosmos SDK antehandler function, but it can take in a `next` argument that may be another decorator or a Handler (which does not take in a next argument). These decorators can be chained together, one decorator being passed in as the `next` argument of the previous decorator in the chain. The chain ends in a Router which can take a tx and route to the appropriate msg handler. + +A key benefit of this approach is that one Decorator can wrap its internal logic around the next Checker/Deliverer. A weave Decorator may do the following: + +```go +// Example Decorator's Deliver function +func (example Decorator) Deliver(ctx Context, store KVStore, tx Tx, next Deliverer) { + // Do some pre-processing logic + + res, err := next.Deliver(ctx, store, tx) + + // Do some post-processing logic given the result and error +} +``` + +Pros: + +1. Weave Decorators can wrap over the next decorator/handler in the chain. The ability to both pre-process and post-process may be useful in certain settings. +2. Provides a nested modular structure that isn't possible in the solution above, while also allowing for a linear one-after-the-other structure like the solution above. + +Cons: + +1. It is hard to understand at first glance the state updates that would occur after a Decorator runs given the `ctx`, `store`, and `tx`. A Decorator can have an arbitrary number of nested Decorators being called within its function body, each possibly doing some pre- and post-processing before calling the next decorator on the chain. Thus to understand what a Decorator is doing, one must also understand what every other decorator further along the chain is also doing. This can get quite complicated to understand. A linear, one-after-the-other approach while less powerful, may be much easier to reason about. + +### Chained Micro-Functions + +The benefit of Weave's approach is that the Decorators can be very concise, which when chained together allows for maximum customizability. However, the nested structure can get quite complex and thus hard to reason about. + +Another approach is to split the AnteHandler functionality into tightly scoped "micro-functions", while preserving the one-after-the-other ordering that would come from the ModuleManager approach. + +We can then have a way to chain these micro-functions so that they run one after the other. Modules may define multiple ante micro-functions and then also provide a default per-module AnteHandler that implements a default, suggested order for these micro-functions. + +Users can order the AnteHandlers easily by simply using the ModuleManager. The ModuleManager will take in a list of AnteHandlers and return a single AnteHandler that runs each AnteHandler in the order of the list provided. If the user is comfortable with the default ordering of each module, this is as simple as providing a list with each module's antehandler (exactly the same as BeginBlocker and EndBlocker). + +If however, users wish to change the order or add, modify, or delete ante micro-functions in anyway; they can always define their own ante micro-functions and add them explicitly to the list that gets passed into module manager. + +#### Default Workflow + +This is an example of a user's AnteHandler if they choose not to make any custom micro-functions. + +##### Cosmos SDK code + +```go +// Chains together a list of AnteHandler micro-functions that get run one after the other. +// Returned AnteHandler will abort on first error. +func Chainer(order []AnteHandler) AnteHandler { + return func(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + for _, ante := range order { + ctx, err := ante(ctx, tx, simulate) + if err != nil { + return ctx, err + } + } + return ctx, err + } +} +``` + +```go +// AnteHandler micro-function to verify signatures +func VerifySignatures(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + // verify signatures + // Returns InvalidSignature Result and abort=true if sigs invalid + // Return OK result and abort=false if sigs are valid +} + +// AnteHandler micro-function to validate memo +func ValidateMemo(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + // validate memo +} + +// Auth defines its own default ante-handler by chaining its micro-functions in a recommended order +AuthModuleAnteHandler := Chainer([]AnteHandler{VerifySignatures, ValidateMemo}) +``` + +```go +// Distribution micro-function to deduct fees from tx +func DeductFees(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + // Deduct fees from tx + // Abort if insufficient funds in account to pay for fees +} + +// Distribution micro-function to check if fees > mempool parameter +func CheckMempoolFees(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + // If CheckTx: Abort if the fees are less than the mempool's minFee parameter +} + +// Distribution defines its own default ante-handler by chaining its micro-functions in a recommended order +DistrModuleAnteHandler := Chainer([]AnteHandler{CheckMempoolFees, DeductFees}) +``` + +```go +type ModuleManager struct { + // other fields + AnteHandlerOrder []AnteHandler +} + +func (mm ModuleManager) GetAnteHandler() AnteHandler { + retun Chainer(mm.AnteHandlerOrder) +} +``` + +##### User Code + +```go +// Note: Since user is not making any custom modifications, we can just SetAnteHandlerOrder with the default AnteHandlers provided by each module in our preferred order +moduleManager.SetAnteHandlerOrder([]AnteHandler(AuthModuleAnteHandler, DistrModuleAnteHandler)) + +app.SetAnteHandler(mm.GetAnteHandler()) +``` + +#### Custom Workflow + +This is an example workflow for a user that wants to implement custom antehandler logic. In this example, the user wants to implement custom signature verification and change the order of antehandler so that validate memo runs before signature verification. + +##### User Code + +```go +// User can implement their own custom signature verification antehandler micro-function +func CustomSigVerify(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + // do some custom signature verification logic +} +``` + +```go +// Micro-functions allow users to change order of when they get executed, and swap out default ante-functionality with their own custom logic. +// Note that users can still chain the default distribution module handler, and auth micro-function along with their custom ante function +moduleManager.SetAnteHandlerOrder([]AnteHandler(ValidateMemo, CustomSigVerify, DistrModuleAnteHandler)) +``` + +Pros: + +1. Allows for ante functionality to be as modular as possible. +2. For users that do not need custom ante-functionality, there is little difference between how antehandlers work and how BeginBlock and EndBlock work in ModuleManager. +3. Still easy to understand + +Cons: + +1. Cannot wrap antehandlers with decorators like you can with Weave. + +### Simple Decorators + +This approach takes inspiration from Weave's decorator design while trying to minimize the number of breaking changes to the Cosmos SDK and maximizing simplicity. Like Weave decorators, this approach allows one `AnteDecorator` to wrap the next AnteHandler to do pre- and post-processing on the result. This is useful since decorators can do defer/cleanups after an AnteHandler returns as well as perform some setup beforehand. Unlike Weave decorators, these `AnteDecorator` functions can only wrap over the AnteHandler rather than the entire handler execution path. This is deliberate as we want decorators from different modules to perform authentication/validation on a `tx`. However, we do not want decorators being capable of wrapping and modifying the results of a `MsgHandler`. + +In addition, this approach will not break any core Cosmos SDK API's. Since we preserve the notion of an AnteHandler and still set a single AnteHandler in baseapp, the decorator is simply an additional approach available for users that desire more customization. The API of modules (namely `x/auth`) may break with this approach, but the core API remains untouched. + +Allow Decorator interface that can be chained together to create a Cosmos SDK AnteHandler. + +This allows users to choose between implementing an AnteHandler by themselves and setting it in the baseapp, or use the decorator pattern to chain their custom decorators with the Cosmos SDK provided decorators in the order they wish. + +```go +// An AnteDecorator wraps an AnteHandler, and can do pre- and post-processing on the next AnteHandler +type AnteDecorator interface { + AnteHandle(ctx Context, tx Tx, simulate bool, next AnteHandler) (newCtx Context, err error) +} +``` + +```go +// ChainAnteDecorators will recursively link all of the AnteDecorators in the chain and return a final AnteHandler function +// This is done to preserve the ability to set a single AnteHandler function in the baseapp. +func ChainAnteDecorators(chain ...AnteDecorator) AnteHandler { + if len(chain) == 1 { + return func(ctx Context, tx Tx, simulate bool) { + chain[0].AnteHandle(ctx, tx, simulate, nil) + } + } + return func(ctx Context, tx Tx, simulate bool) { + chain[0].AnteHandle(ctx, tx, simulate, ChainAnteDecorators(chain[1:])) + } +} +``` + +#### Example Code + +Define AnteDecorator functions + +```go +// Setup GasMeter, catch OutOfGasPanic and handle appropriately +type SetUpContextDecorator struct{} + +func (sud SetUpContextDecorator) AnteHandle(ctx Context, tx Tx, simulate bool, next AnteHandler) (newCtx Context, err error) { + ctx.GasMeter = NewGasMeter(tx.Gas) + + defer func() { + // recover from OutOfGas panic and handle appropriately + } + + return next(ctx, tx, simulate) +} + +// Signature Verification decorator. Verify Signatures and move on +type SigVerifyDecorator struct{} + +func (svd SigVerifyDecorator) AnteHandle(ctx Context, tx Tx, simulate bool, next AnteHandler) (newCtx Context, err error) { + // verify sigs. Return error if invalid + + // call next antehandler if sigs ok + return next(ctx, tx, simulate) +} + +// User-defined Decorator. Can choose to pre- and post-process on AnteHandler +type UserDefinedDecorator struct{ + // custom fields +} + +func (udd UserDefinedDecorator) AnteHandle(ctx Context, tx Tx, simulate bool, next AnteHandler) (newCtx Context, err error) { + // pre-processing logic + + ctx, err = next(ctx, tx, simulate) + + // post-processing logic +} +``` + +Link AnteDecorators to create a final AnteHandler. Set this AnteHandler in baseapp. + +```go +// Create final antehandler by chaining the decorators together +antehandler := ChainAnteDecorators(NewSetUpContextDecorator(), NewSigVerifyDecorator(), NewUserDefinedDecorator()) + +// Set chained Antehandler in the baseapp +bapp.SetAnteHandler(antehandler) +``` + +Pros: + +1. Allows one decorator to pre- and post-process the next AnteHandler, similar to the Weave design. +2. Do not need to break baseapp API. Users can still set a single AnteHandler if they choose. + +Cons: + +1. Decorator pattern may have a deeply nested structure that is hard to understand, this is mitigated by having the decorator order explicitly listed in the `ChainAnteDecorators` function. +2. Does not make use of the ModuleManager design. Since this is already being used for BeginBlocker/EndBlocker, this proposal seems unaligned with that design pattern. + +## Consequences + +Since pros and cons are written for each approach, it is omitted from this section + +## References + +* [#4572](https://github.com/cosmos/cosmos-sdk/issues/4572): Modular AnteHandler Issue +* [#4582](https://github.com/cosmos/cosmos-sdk/pull/4583): Initial Implementation of Per-Module AnteHandler Approach +* [Weave Decorator Code](https://github.com/iov-one/weave/blob/master/handler.go#L35) +* [Weave Design Videos](https://vimeo.com/showcase/6189877) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-011-generalize-genesis-accounts.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-011-generalize-genesis-accounts.md new file mode 100644 index 00000000..92a704ba --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-011-generalize-genesis-accounts.md @@ -0,0 +1,170 @@ +# ADR 011: Generalize Genesis Accounts + +## Changelog + +* 2019-08-30: initial draft + +## Context + +Currently, the Cosmos SDK allows for custom account types; the `auth` keeper stores any type fulfilling its `Account` interface. However `auth` does not handle exporting or loading accounts to/from a genesis file, this is done by `genaccounts`, which only handles one of 4 concrete account types (`BaseAccount`, `ContinuousVestingAccount`, `DelayedVestingAccount` and `ModuleAccount`). + +Projects desiring to use custom accounts (say custom vesting accounts) need to fork and modify `genaccounts`. + +## Decision + +In summary, we will (un)marshal all accounts (interface types) directly using amino, rather than converting to `genaccounts`’s `GenesisAccount` type. Since doing this removes the majority of `genaccounts`'s code, we will merge `genaccounts` into `auth`. Marshalled accounts will be stored in `auth`'s genesis state. + +Detailed changes: + +### 1) (Un)Marshal accounts directly using amino + +The `auth` module's `GenesisState` gains a new field `Accounts`. Note these aren't of type `exported.Account` for reasons outlined in section 3. + +```go +// GenesisState - all auth state that must be provided at genesis +type GenesisState struct { + Params Params `json:"params" yaml:"params"` + Accounts []GenesisAccount `json:"accounts" yaml:"accounts"` +} +``` + +Now `auth`'s `InitGenesis` and `ExportGenesis` (un)marshal accounts as well as the defined params. + +```go +// InitGenesis - Init store state from genesis data +func InitGenesis(ctx sdk.Context, ak AccountKeeper, data GenesisState) { + ak.SetParams(ctx, data.Params) + // load the accounts + for _, a := range data.Accounts { + acc := ak.NewAccount(ctx, a) // set account number + ak.SetAccount(ctx, acc) + } +} + +// ExportGenesis returns a GenesisState for a given context and keeper +func ExportGenesis(ctx sdk.Context, ak AccountKeeper) GenesisState { + params := ak.GetParams(ctx) + + var genAccounts []exported.GenesisAccount + ak.IterateAccounts(ctx, func(account exported.Account) bool { + genAccount := account.(exported.GenesisAccount) + genAccounts = append(genAccounts, genAccount) + return false + }) + + return NewGenesisState(params, genAccounts) +} +``` + +### 2) Register custom account types on the `auth` codec + +The `auth` codec must have all custom account types registered to marshal them. We will follow the pattern established in `gov` for proposals. + +An example custom account definition: + +```go +import authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + +// Register the module account type with the auth module codec so it can decode module accounts stored in a genesis file +func init() { + authtypes.RegisterAccountTypeCodec(ModuleAccount{}, "cosmos-sdk/ModuleAccount") +} + +type ModuleAccount struct { + ... +``` + +The `auth` codec definition: + +```go +var ModuleCdc *codec.LegacyAmino + +func init() { + ModuleCdc = codec.NewLegacyAmino() + // register module msg's and Account interface + ... + // leave the codec unsealed +} + +// RegisterAccountTypeCodec registers an external account type defined in another module for the internal ModuleCdc. +func RegisterAccountTypeCodec(o interface{}, name string) { + ModuleCdc.RegisterConcrete(o, name, nil) +} +``` + +### 3) Genesis validation for custom account types + +Modules implement a `ValidateGenesis` method. As `auth` does not know of account implementations, accounts will need to validate themselves. + +We will unmarshal accounts into a `GenesisAccount` interface that includes a `Validate` method. + +```go +type GenesisAccount interface { + exported.Account + Validate() error +} +``` + +Then the `auth` `ValidateGenesis` function becomes: + +```go +// ValidateGenesis performs basic validation of auth genesis data returning an +// error for any failed validation criteria. +func ValidateGenesis(data GenesisState) error { + // Validate params + ... + + // Validate accounts + addrMap := make(map[string]bool, len(data.Accounts)) + for _, acc := range data.Accounts { + + // check for duplicated accounts + addrStr := acc.GetAddress().String() + if _, ok := addrMap[addrStr]; ok { + return fmt.Errorf("duplicate account found in genesis state; address: %s", addrStr) + } + addrMap[addrStr] = true + + // check account specific validation + if err := acc.Validate(); err != nil { + return fmt.Errorf("invalid account found in genesis state; address: %s, error: %s", addrStr, err.Error()) + } + + } + return nil +} +``` + +### 4) Move add-genesis-account cli to `auth` + +The `genaccounts` module contains a cli command to add base or vesting accounts to a genesis file. + +This will be moved to `auth`. We will leave it to projects to write their own commands to add custom accounts. An extensible cli handler, similar to `gov`, could be created but it is not worth the complexity for this minor use case. + +### 5) Update module and vesting accounts + +Under the new scheme, module and vesting account types need some minor updates: + +* Type registration on `auth`'s codec (shown above) +* A `Validate` method for each `Account` concrete type + +## Status + +Proposed + +## Consequences + +### Positive + +* custom accounts can be used without needing to fork `genaccounts` +* reduction in lines of code + +### Negative + +### Neutral + +* `genaccounts` module no longer exists +* accounts in genesis files are stored under `accounts` in `auth` rather than in the `genaccounts` module. +-`add-genesis-account` cli command now in `auth` + +## References diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-012-state-accessors.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-012-state-accessors.md new file mode 100644 index 00000000..93600000 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-012-state-accessors.md @@ -0,0 +1,155 @@ +# ADR 012: State Accessors + +## Changelog + +* 2019 Sep 04: Initial draft + +## Context + +Cosmos SDK modules currently use the `KVStore` interface and `Codec` to access their respective state. While +this provides a large degree of freedom to module developers, it is hard to modularize and the UX is +mediocre. + +First, each time a module tries to access the state, it has to marshal the value and set or get the +value and finally unmarshal. Usually this is done by declaring `Keeper.GetXXX` and `Keeper.SetXXX` functions, +which are repetitive and hard to maintain. + +Second, this makes it harder to align with the object capability theorem: the right to access the +state is defined as a `StoreKey`, which gives full access on the entire Merkle tree, so a module cannot +send the access right to a specific key-value pair (or a set of key-value pairs) to another module safely. + +Finally, because the getter/setter functions are defined as methods of a module's `Keeper`, the reviewers +have to consider the whole Merkle tree space when they reviewing a function accessing any part of the state. +There is no static way to know which part of the state that the function is accessing (and which is not). + +## Decision + +We will define a type named `Value`: + +```go +type Value struct { + m Mapping + key []byte +} +``` + +The `Value` works as a reference for a key-value pair in the state, where `Value.m` defines the key-value +space it will access and `Value.key` defines the exact key for the reference. + +We will define a type named `Mapping`: + +```go +type Mapping struct { + storeKey sdk.StoreKey + cdc *codec.LegacyAmino + prefix []byte +} +``` + +The `Mapping` works as a reference for a key-value space in the state, where `Mapping.storeKey` defines +the IAVL (sub-)tree and `Mapping.prefix` defines the optional subspace prefix. + +We will define the following core methods for the `Value` type: + +```go +// Get and unmarshal stored data, noop if not exists, panic if cannot unmarshal +func (Value) Get(ctx Context, ptr interface{}) {} + +// Get and unmarshal stored data, return error if not exists or cannot unmarshal +func (Value) GetSafe(ctx Context, ptr interface{}) {} + +// Get stored data as raw byte slice +func (Value) GetRaw(ctx Context) []byte {} + +// Marshal and set a raw value +func (Value) Set(ctx Context, o interface{}) {} + +// Check if a raw value exists +func (Value) Exists(ctx Context) bool {} + +// Delete a raw value value +func (Value) Delete(ctx Context) {} +``` + +We will define the following core methods for the `Mapping` type: + +```go +// Constructs key-value pair reference corresponding to the key argument in the Mapping space +func (Mapping) Value(key []byte) Value {} + +// Get and unmarshal stored data, noop if not exists, panic if cannot unmarshal +func (Mapping) Get(ctx Context, key []byte, ptr interface{}) {} + +// Get and unmarshal stored data, return error if not exists or cannot unmarshal +func (Mapping) GetSafe(ctx Context, key []byte, ptr interface{}) + +// Get stored data as raw byte slice +func (Mapping) GetRaw(ctx Context, key []byte) []byte {} + +// Marshal and set a raw value +func (Mapping) Set(ctx Context, key []byte, o interface{}) {} + +// Check if a raw value exists +func (Mapping) Has(ctx Context, key []byte) bool {} + +// Delete a raw value value +func (Mapping) Delete(ctx Context, key []byte) {} +``` + +Each method of the `Mapping` type that is passed the arguments `ctx`, `key`, and `args...` will proxy +the call to `Mapping.Value(key)` with arguments `ctx` and `args...`. + +In addition, we will define and provide a common set of types derived from the `Value` type: + +```go +type Boolean struct { Value } +type Enum struct { Value } +type Integer struct { Value; enc IntEncoding } +type String struct { Value } +// ... +``` + +Where the encoding schemes can be different, `o` arguments in core methods are typed, and `ptr` arguments +in core methods are replaced by explicit return types. + +Finally, we will define a family of types derived from the `Mapping` type: + +```go +type Indexer struct { + m Mapping + enc IntEncoding +} +``` + +Where the `key` argument in core method is typed. + +Some of the properties of the accessor types are: + +* State access happens only when a function which takes a `Context` as an argument is invoked +* Accessor type structs give rights to access the state only that the struct is referring, no other +* Marshalling/Unmarshalling happens implicitly within the core methods + +## Status + +Proposed + +## Consequences + +### Positive + +* Serialization will be done automatically +* Shorter code size, less boilerplate, better UX +* References to the state can be transferred safely +* Explicit scope of accessing + +### Negative + +* Serialization format will be hidden +* Different architecture from the current, but the use of accessor types can be opt-in +* Type-specific types (e.g. `Boolean` and `Integer`) have to be defined manually + +### Neutral + +## References + +* [#4554](https://github.com/cosmos/cosmos-sdk/issues/4554) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-013-metrics.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-013-metrics.md new file mode 100644 index 00000000..b0808d46 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-013-metrics.md @@ -0,0 +1,157 @@ +# ADR 013: Observability + +## Changelog + +* 20-01-2020: Initial Draft + +## Status + +Proposed + +## Context + +Telemetry is paramount into debugging and understanding what the application is doing and how it is +performing. We aim to expose metrics from modules and other core parts of the Cosmos SDK. + +In addition, we should aim to support multiple configurable sinks that an operator may choose from. +By default, when telemetry is enabled, the application should track and expose metrics that are +stored in-memory. The operator may choose to enable additional sinks, where we support only +[Prometheus](https://prometheus.io/) for now, as it's battle-tested, simple to setup, open source, +and is rich with ecosystem tooling. + +We must also aim to integrate metrics into the Cosmos SDK in the most seamless way possible such that +metrics may be added or removed at will and without much friction. To do this, we will use the +[go-metrics](https://github.com/hashicorp/go-metrics) library. + +Finally, operators may enable telemetry along with specific configuration options. If enabled, metrics +will be exposed via `/metrics?format={text|prometheus}` via the API server. + +## Decision + +We will add an additional configuration block to `app.toml` that defines telemetry settings: + +```toml +############################################################################### +### Telemetry Configuration ### +############################################################################### + +[telemetry] + +# Prefixed with keys to separate services +service-name = {{ .Telemetry.ServiceName }} + +# Enabled enables the application telemetry functionality. When enabled, +# an in-memory sink is also enabled by default. Operators may also enabled +# other sinks such as Prometheus. +enabled = {{ .Telemetry.Enabled }} + +# Enable prefixing gauge values with hostname +enable-hostname = {{ .Telemetry.EnableHostname }} + +# Enable adding hostname to labels +enable-hostname-label = {{ .Telemetry.EnableHostnameLabel }} + +# Enable adding service to labels +enable-service-label = {{ .Telemetry.EnableServiceLabel }} + +# PrometheusRetentionTime, when positive, enables a Prometheus metrics sink. +prometheus-retention-time = {{ .Telemetry.PrometheusRetentionTime }} +``` + +The given configuration allows for two sinks -- in-memory and Prometheus. We create a `Metrics` +type that performs all the bootstrapping for the operator, so capturing metrics becomes seamless. + +```go +// Metrics defines a wrapper around application telemetry functionality. It allows +// metrics to be gathered at any point in time. When creating a Metrics object, +// internally, a global metrics is registered with a set of sinks as configured +// by the operator. In addition to the sinks, when a process gets a SIGUSR1, a +// dump of formatted recent metrics will be sent to STDERR. +type Metrics struct { + memSink *metrics.InmemSink + prometheusEnabled bool +} + +// Gather collects all registered metrics and returns a GatherResponse where the +// metrics are encoded depending on the type. Metrics are either encoded via +// Prometheus or JSON if in-memory. +func (m *Metrics) Gather(format string) (GatherResponse, error) { + switch format { + case FormatPrometheus: + return m.gatherPrometheus() + + case FormatText: + return m.gatherGeneric() + + case FormatDefault: + return m.gatherGeneric() + + default: + return GatherResponse{}, fmt.Errorf("unsupported metrics format: %s", format) + } +} +``` + +In addition, `Metrics` allows us to gather the current set of metrics at any given point in time. An +operator may also choose to send a signal, SIGUSR1, to dump and print formatted metrics to STDERR. + +During an application's bootstrapping and construction phase, if `Telemetry.Enabled` is `true`, the +API server will create an instance of a reference to `Metrics` object and will register a metrics +handler accordingly. + +```go +func (s *Server) Start(cfg config.Config) error { + // ... + + if cfg.Telemetry.Enabled { + m, err := telemetry.New(cfg.Telemetry) + if err != nil { + return err + } + + s.metrics = m + s.registerMetrics() + } + + // ... +} + +func (s *Server) registerMetrics() { + metricsHandler := func(w http.ResponseWriter, r *http.Request) { + format := strings.TrimSpace(r.FormValue("format")) + + gr, err := s.metrics.Gather(format) + if err != nil { + rest.WriteErrorResponse(w, http.StatusBadRequest, fmt.Sprintf("failed to gather metrics: %s", err)) + return + } + + w.Header().Set("Content-Type", gr.ContentType) + _, _ = w.Write(gr.Metrics) + } + + s.Router.HandleFunc("/metrics", metricsHandler).Methods("GET") +} +``` + +Application developers may track counters, gauges, summaries, and key/value metrics. There is no +additional lifting required by modules to leverage profiling metrics. To do so, it's as simple as: + +```go +func (k BaseKeeper) MintCoins(ctx sdk.Context, moduleName string, amt sdk.Coins) error { + defer metrics.MeasureSince(time.Now(), "MintCoins") + // ... +} +``` + +## Consequences + +### Positive + +* Exposure into the performance and behavior of an application + +### Negative + +### Neutral + +## References diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-014-proportional-slashing.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-014-proportional-slashing.md new file mode 100644 index 00000000..63cd04de --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-014-proportional-slashing.md @@ -0,0 +1,85 @@ +# ADR 14: Proportional Slashing + +## Changelog + +* 2019-10-15: Initial draft +* 2020-05-25: Removed correlation root slashing +* 2020-07-01: Updated to include S-curve function instead of linear + +## Context + +In Proof of Stake-based chains, centralization of consensus power amongst a small set of validators can cause harm to the network due to increased risk of censorship, liveness failure, fork attacks, etc. However, while this centralization causes a negative externality to the network, it is not directly felt by the delegators contributing towards delegating towards already large validators. We would like a way to pass on the negative externality cost of centralization onto those large validators and their delegators. + +## Decision + +### Design + +To solve this problem, we will implement a procedure called Proportional Slashing. The desire is that the larger a validator is, the more they should be slashed. The first naive attempt is to make a validator's slash percent proportional to their share of consensus voting power. + +```text +slash_amount = k * power // power is the faulting validator's voting power and k is some on-chain constant +``` + +However, this will incentivize validators with large amounts of stake to split up their voting power amongst accounts (sybil attack), so that if they fault, they all get slashed at a lower percent. The solution to this is to take into account not just a validator's own voting percentage, but also the voting percentage of all the other validators who get slashed in a specified time frame. + +```text +slash_amount = k * (power_1 + power_2 + ... + power_n) // where power_i is the voting power of the ith validator faulting in the specified time frame and k is some on-chain constant +``` + +Now, if someone splits a validator of 10% into two validators of 5% each which both fault, then they both fault in the same time frame, they both will get slashed at the sum 10% amount. + +However in practice, we likely don't want a linear relation between amount of stake at fault, and the percentage of stake to slash. In particular, solely 5% of stake double signing effectively did nothing to majorly threaten security, whereas 30% of stake being at fault clearly merits a large slashing factor, due to being very close to the point at which Tendermint security is threatened. A linear relation would require a factor of 6 gap between these two, whereas the difference in risk posed to the network is much larger. We propose using S-curves (formally [logistic functions](https://en.wikipedia.org/wiki/Logistic_function) to solve this). S-Curves capture the desired criterion quite well. They allow the slashing factor to be minimal for small values, and then grow very rapidly near some threshold point where the risk posed becomes notable. + +#### Parameterization + +This requires parameterizing a logistic function. It is very well understood how to parameterize this. It has four parameters: + +1) A minimum slashing factor +2) A maximum slashing factor +3) The inflection point of the S-curve (essentially where do you want to center the S) +4) The rate of growth of the S-curve (How elongated is the S) + +#### Correlation across non-sybil validators + +One will note, that this model doesn't differentiate between multiple validators run by the same operators vs validators run by different operators. This can be seen as an additional benefit in fact. It incentivizes validators to differentiate their setups from other validators, to avoid having correlated faults with them or else they risk a higher slash. So for example, operators should avoid using the same popular cloud hosting platforms or using the same Staking as a Service providers. This will lead to a more resilient and decentralized network. + +#### Griefing + +Griefing, the act of intentionally getting oneself slashed in order to make another's slash worse, could be a concern here. However, using the protocol described here, the attacker also gets equally impacted by the grief as the victim, so it would not provide much benefit to the griefer. + +### Implementation + +In the slashing module, we will add two queues that will track all of the recent slash events. For double sign faults, we will define "recent slashes" as ones that have occurred within the last `unbonding period`. For liveness faults, we will define "recent slashes" as ones that have occurred withing the last `jail period`. + +```go +type SlashEvent struct { + Address sdk.ValAddress + ValidatorVotingPercent sdk.Dec + SlashedSoFar sdk.Dec +} +``` + +These slash events will be pruned from the queue once they are older than their respective "recent slash period". + +Whenever a new slash occurs, a `SlashEvent` struct is created with the faulting validator's voting percent and a `SlashedSoFar` of 0. Because recent slash events are pruned before the unbonding period and unjail period expires, it should not be possible for the same validator to have multiple SlashEvents in the same Queue at the same time. + +We then will iterate over all the SlashEvents in the queue, adding their `ValidatorVotingPercent` to calculate the new percent to slash all the validators in the queue at, using the "Square of Sum of Roots" formula introduced above. + +Once we have the `NewSlashPercent`, we then iterate over all the `SlashEvent`s in the queue once again, and if `NewSlashPercent > SlashedSoFar` for that SlashEvent, we call the `staking.Slash(slashEvent.Address, slashEvent.Power, Math.Min(Math.Max(minSlashPercent, NewSlashPercent - SlashedSoFar), maxSlashPercent)` (we pass in the power of the validator before any slashes occurred, so that we slash the right amount of tokens). We then set `SlashEvent.SlashedSoFar` amount to `NewSlashPercent`. + +## Status + +Proposed + +## Consequences + +### Positive + +* Increases decentralization by disincentivizing delegating to large validators +* Incentivizes Decorrelation of Validators +* More severely punishes attacks than accidental faults +* More flexibility in slashing rates parameterization + +### Negative + +* More computationally expensive than current implementation. Will require more data about "recent slashing events" to be stored on chain. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-016-validator-consensus-key-rotation.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-016-validator-consensus-key-rotation.md new file mode 100644 index 00000000..1d91a8de --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-016-validator-consensus-key-rotation.md @@ -0,0 +1,125 @@ +# ADR 016: Validator Consensus Key Rotation + +## Changelog + +* 2019 Oct 23: Initial draft +* 2019 Nov 28: Add key rotation fee + +## Context + +Validator consensus key rotation feature has been discussed and requested for a long time, for the sake of safer validator key management policy (e.g. https://github.com/tendermint/tendermint/issues/1136). So, we suggest one of the simplest form of validator consensus key rotation implementation mostly onto Cosmos SDK. + +We don't need to make any update on consensus logic in Tendermint because Tendermint does not have any mapping information of consensus key and validator operator key, meaning that from Tendermint point of view, a consensus key rotation of a validator is simply a replacement of a consensus key to another. + +Also, it should be noted that this ADR includes only the simplest form of consensus key rotation without considering multiple consensus keys concept. Such multiple consensus keys concept shall remain a long term goal of Tendermint and Cosmos SDK. + +## Decision + +### Pseudo procedure for consensus key rotation + +* create new random consensus key. +* create and broadcast a transaction with a `MsgRotateConsPubKey` that states the new consensus key is now coupled with the validator operator with signature from the validator's operator key. +* old consensus key becomes unable to participate on consensus immediately after the update of key mapping state on-chain. +* start validating with new consensus key. +* validators using HSM and KMS should update the consensus key in HSM to use the new rotated key after the height `h` when `MsgRotateConsPubKey` committed to the blockchain. + +### Considerations + +* consensus key mapping information management strategy + * store history of each key mapping changes in the kvstore. + * the state machine can search corresponding consensus key paired with given validator operator for any arbitrary height in a recent unbonding period. + * the state machine does not need any historical mapping information which is past more than unbonding period. +* key rotation costs related to LCD and IBC + * LCD and IBC will have traffic/computation burden when there exists frequent power changes + * In current Tendermint design, consensus key rotations are seen as power changes from LCD or IBC perspective + * Therefore, to minimize unnecessary frequent key rotation behavior, we limited maximum number of rotation in recent unbonding period and also applied exponentially increasing rotation fee +* limits + * a validator cannot rotate its consensus key more than `MaxConsPubKeyRotations` time for any unbonding period, to prevent spam. + * parameters can be decided by governance and stored in genesis file. +* key rotation fee + * a validator should pay `KeyRotationFee` to rotate the consensus key which is calculated as below + * `KeyRotationFee` = (max(`VotingPowerPercentage` *100, 1)* `InitialKeyRotationFee`) * 2^(number of rotations in `ConsPubKeyRotationHistory` in recent unbonding period) +* evidence module + * evidence module can search corresponding consensus key for any height from slashing keeper so that it can decide which consensus key is supposed to be used for given height. +* abci.ValidatorUpdate + * tendermint already has ability to change a consensus key by ABCI communication(`ValidatorUpdate`). + * validator consensus key update can be done via creating new + delete old by change the power to zero. + * therefore, we expect we even do not need to change tendermint codebase at all to implement this feature. +* new genesis parameters in `staking` module + * `MaxConsPubKeyRotations` : maximum number of rotation can be executed by a validator in recent unbonding period. default value 10 is suggested(11th key rotation will be rejected) + * `InitialKeyRotationFee` : the initial key rotation fee when no key rotation has happened in recent unbonding period. default value 1atom is suggested(1atom fee for the first key rotation in recent unbonding period) + +### Workflow + +1. The validator generates a new consensus keypair. +2. The validator generates and signs a `MsgRotateConsPubKey` tx with their operator key and new ConsPubKey + + ```go + type MsgRotateConsPubKey struct { + ValidatorAddress sdk.ValAddress + NewPubKey crypto.PubKey + } + ``` + +3. `handleMsgRotateConsPubKey` gets `MsgRotateConsPubKey`, calls `RotateConsPubKey` with emits event +4. `RotateConsPubKey` + * checks if `NewPubKey` is not duplicated on `ValidatorsByConsAddr` + * checks if the validator is does not exceed parameter `MaxConsPubKeyRotations` by iterating `ConsPubKeyRotationHistory` + * checks if the signing account has enough balance to pay `KeyRotationFee` + * pays `KeyRotationFee` to community fund + * overwrites `NewPubKey` in `validator.ConsPubKey` + * deletes old `ValidatorByConsAddr` + * `SetValidatorByConsAddr` for `NewPubKey` + * Add `ConsPubKeyRotationHistory` for tracking rotation + + ```go + type ConsPubKeyRotationHistory struct { + OperatorAddress sdk.ValAddress + OldConsPubKey crypto.PubKey + NewConsPubKey crypto.PubKey + RotatedHeight int64 + } + ``` + +5. `ApplyAndReturnValidatorSetUpdates` checks if there is `ConsPubKeyRotationHistory` with `ConsPubKeyRotationHistory.RotatedHeight == ctx.BlockHeight()` and if so, generates 2 `ValidatorUpdate` , one for a remove validator and one for create new validator + + ```go + abci.ValidatorUpdate{ + PubKey: cmttypes.TM2PB.PubKey(OldConsPubKey), + Power: 0, + } + + abci.ValidatorUpdate{ + PubKey: cmttypes.TM2PB.PubKey(NewConsPubKey), + Power: v.ConsensusPower(), + } + ``` + +6. at `previousVotes` Iteration logic of `AllocateTokens`, `previousVote` using `OldConsPubKey` match up with `ConsPubKeyRotationHistory`, and replace validator for token allocation +7. Migrate `ValidatorSigningInfo` and `ValidatorMissedBlockBitArray` from `OldConsPubKey` to `NewConsPubKey` + +* Note : All above features shall be implemented in `staking` module. + +## Status + +Proposed + +## Consequences + +### Positive + +* Validators can immediately or periodically rotate their consensus key to have better security policy +* improved security against Long-Range attacks (https://nearprotocol.com/blog/long-range-attacks-and-a-new-fork-choice-rule) given a validator throws away the old consensus key(s) + +### Negative + +* Slash module needs more computation because it needs to lookup corresponding consensus key of validators for each height +* frequent key rotations will make light client bisection less efficient + +### Neutral + +## References + +* on tendermint repo : https://github.com/tendermint/tendermint/issues/1136 +* on cosmos-sdk repo : https://github.com/cosmos/cosmos-sdk/issues/5231 +* about multiple consensus keys : https://github.com/tendermint/tendermint/issues/1758#issuecomment-545291698 diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-017-historical-header-module.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-017-historical-header-module.md new file mode 100644 index 00000000..573c632c --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-017-historical-header-module.md @@ -0,0 +1,61 @@ +# ADR 17: Historical Header Module + +## Changelog + +* 26 November 2019: Start of first version +* 2 December 2019: Final draft of first version + +## Context + +In order for the Cosmos SDK to implement the [IBC specification](https://github.com/cosmos/ics), modules within the Cosmos SDK must have the ability to introspect recent consensus states (validator sets & commitment roots) as proofs of these values on other chains must be checked during the handshakes. + +## Decision + +The application MUST store the most recent `n` headers in a persistent store. At first, this store MAY be the current Merklised store. A non-Merklised store MAY be used later as no proofs are necessary. + +The application MUST store this information by storing new headers immediately when handling `abci.RequestBeginBlock`: + +```go +func BeginBlock(ctx sdk.Context, keeper HistoricalHeaderKeeper, req abci.RequestBeginBlock) abci.ResponseBeginBlock { + info := HistoricalInfo{ + Header: ctx.BlockHeader(), + ValSet: keeper.StakingKeeper.GetAllValidators(ctx), // note that this must be stored in a canonical order + } + keeper.SetHistoricalInfo(ctx, ctx.BlockHeight(), info) + n := keeper.GetParamRecentHeadersToStore() + keeper.PruneHistoricalInfo(ctx, ctx.BlockHeight() - n) + // continue handling request +} +``` + +Alternatively, the application MAY store only the hash of the validator set. + +The application MUST make these past `n` committed headers available for querying by Cosmos SDK modules through the `Keeper`'s `GetHistoricalInfo` function. This MAY be implemented in a new module, or it MAY also be integrated into an existing one (likely `x/staking` or `x/ibc`). + +`n` MAY be configured as a parameter store parameter, in which case it could be changed by `ParameterChangeProposal`s, although it will take some blocks for the stored information to catch up if `n` is increased. + +## Status + +Proposed. + +## Consequences + +Implementation of this ADR will require changes to the Cosmos SDK. It will not require changes to Tendermint. + +### Positive + +* Easy retrieval of headers & state roots for recent past heights by modules anywhere in the Cosmos SDK. +* No RPC calls to Tendermint required. +* No ABCI alterations required. + +### Negative + +* Duplicates `n` headers data in Tendermint & the application (additional disk usage) - in the long term, an approach such as [this](https://github.com/tendermint/tendermint/issues/4210) might be preferable. + +### Neutral + +(none known) + +## References + +* [ICS 2: "Consensus state introspection"](https://github.com/cosmos/ibc/tree/master/spec/core/ics-002-client-semantics#consensus-state-introspection) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-018-extendable-voting-period.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-018-extendable-voting-period.md new file mode 100644 index 00000000..5e8f058d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-018-extendable-voting-period.md @@ -0,0 +1,66 @@ +# ADR 18: Extendable Voting Periods + +## Changelog + +* 1 January 2020: Start of first version + +## Context + +Currently the voting period for all governance proposals is the same. However, this is suboptimal as all governance proposals do not require the same time period. For more non-contentious proposals, they can be dealt with more efficiently with a faster period, while more contentious or complex proposals may need a longer period for extended discussion/consideration. + +## Decision + +We would like to design a mechanism for making the voting period of a governance proposal variable based on the demand of voters. We would like it to be based on the view of the governance participants, rather than just the proposer of a governance proposal (thus, allowing the proposer to select the voting period length is not sufficient). + +However, we would like to avoid the creation of an entire second voting process to determine the length of the voting period, as it just pushed the problem to determining the length of that first voting period. + +Thus, we propose the following mechanism: + +### Params + +* The current gov param `VotingPeriod` is to be replaced by a `MinVotingPeriod` param. This is the default voting period that all governance proposal voting periods start with. +* There is a new gov param called `MaxVotingPeriodExtension`. + +### Mechanism + +There is a new `Msg` type called `MsgExtendVotingPeriod`, which can be sent by any staked account during a proposal's voting period. It allows the sender to unilaterally extend the length of the voting period by `MaxVotingPeriodExtension * sender's share of voting power`. Every address can only call `MsgExtendVotingPeriod` once per proposal. + +So for example, if the `MaxVotingPeriodExtension` is set to 100 Days, then anyone with 1% of voting power can extend the voting power by 1 day. If 33% of voting power has sent the message, the voting period will be extended by 33 days. Thus, if absolutely everyone chooses to extend the voting period, the absolute maximum voting period will be `MinVotingPeriod + MaxVotingPeriodExtension`. + +This system acts as a sort of distributed coordination, where individual stakers choosing to extend or not, allows the system the guage the conentiousness/complexity of the proposal. It is extremely unlikely that many stakers will choose to extend at the exact same time, it allows stakers to view how long others have already extended thus far, to decide whether or not to extend further. + +### Dealing with Unbonding/Redelegation + +There is one thing that needs to be addressed. How to deal with redelegation/unbonding during the voting period. If a staker of 5% calls `MsgExtendVotingPeriod` and then unbonds, does the voting period then decrease by 5 days again? This is not good as it can give people a false sense of how long they have to make their decision. For this reason, we want to design it such that the voting period length can only be extended, not shortened. To do this, the current extension amount is based on the highest percent that voted extension at any time. This is best explained by example: + +1. Let's say 2 stakers of voting power 4% and 3% respectively vote to extend. The voting period will be extended by 7 days. +2. Now the staker of 3% decides to unbond before the end of the voting period. The voting period extension remains 7 days. +3. Now, let's say another staker of 2% voting power decides to extend voting period. There is now 6% of active voting power choosing the extend. The voting power remains 7 days. +4. If a fourth staker of 10% chooses to extend now, there is a total of 16% of active voting power wishing to extend. The voting period will be extended to 16 days. + +### Delegators + +Just like votes in the actual voting period, delegators automatically inherit the extension of their validators. If their validator chooses to extend, their voting power will be used in the validator's extension. However, the delegator is unable to override their validator and "unextend" as that would contradict the "voting power length can only be ratcheted up" principle described in the previous section. However, a delegator may choose the extend using their personal voting power, if their validator has not done so. + +## Status + +Proposed + +## Consequences + +### Positive + +* More complex/contentious governance proposals will have more time to properly digest and deliberate + +### Negative + +* Governance process becomes more complex and requires more understanding to interact with effectively +* Can no longer predict when a governance proposal will end. Can't assume order in which governance proposals will end. + +### Neutral + +* The minimum voting period can be made shorter + +## References + +* [Cosmos Forum post where idea first originated](https://forum.cosmos.network/t/proposal-draft-reduce-governance-voting-period-to-7-days/3032/9) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-019-protobuf-state-encoding.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-019-protobuf-state-encoding.md new file mode 100644 index 00000000..5ad1b953 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-019-protobuf-state-encoding.md @@ -0,0 +1,379 @@ +# ADR 019: Protocol Buffer State Encoding + +## Changelog + +* 2020 Feb 15: Initial Draft +* 2020 Feb 24: Updates to handle messages with interface fields +* 2020 Apr 27: Convert usages of `oneof` for interfaces to `Any` +* 2020 May 15: Describe `cosmos_proto` extensions and amino compatibility +* 2020 Dec 4: Move and rename `MarshalAny` and `UnmarshalAny` into the `codec.Codec` interface. +* 2021 Feb 24: Remove mentions of `HybridCodec`, which has been abandoned in [#6843](https://github.com/cosmos/cosmos-sdk/pull/6843). + +## Status + +Accepted + +## Context + +Currently, the Cosmos SDK utilizes [go-amino](https://github.com/tendermint/go-amino/) for binary +and JSON object encoding over the wire bringing parity between logical objects and persistence objects. + +From the Amino docs: + +> Amino is an object encoding specification. It is a subset of Proto3 with an extension for interface +> support. See the [Proto3 spec](https://developers.google.com/protocol-buffers/docs/proto3) for more +> information on Proto3, which Amino is largely compatible with (but not with Proto2). +> +> The goal of the Amino encoding protocol is to bring parity into logic objects and persistence objects. + +Amino also aims to have the following goals (not a complete list): + +* Binary bytes must be decode-able with a schema. +* Schema must be upgradeable. +* The encoder and decoder logic must be reasonably simple. + +However, we believe that Amino does not fulfill these goals completely and does not fully meet the +needs of a truly flexible cross-language and multi-client compatible encoding protocol in the Cosmos SDK. +Namely, Amino has proven to be a big pain-point in regards to supporting object serialization across +clients written in various languages while providing virtually little in the way of true backwards +compatibility and upgradeability. Furthermore, through profiling and various benchmarks, Amino has +been shown to be an extremely large performance bottleneck in the Cosmos SDK 1. This is +largely reflected in the performance of simulations and application transaction throughput. + +Thus, we need to adopt an encoding protocol that meets the following criteria for state serialization: + +* Language agnostic +* Platform agnostic +* Rich client support and thriving ecosystem +* High performance +* Minimal encoded message size +* Codegen-based over reflection-based +* Supports backward and forward compatibility + +Note, migrating away from Amino should be viewed as a two-pronged approach, state and client encoding. +This ADR focuses on state serialization in the Cosmos SDK state machine. A corresponding ADR will be +made to address client-side encoding. + +## Decision + +We will adopt [Protocol Buffers](https://developers.google.com/protocol-buffers) for serializing +persisted structured data in the Cosmos SDK while providing a clean mechanism and developer UX for +applications wishing to continue to use Amino. We will provide this mechanism by updating modules to +accept a codec interface, `Marshaler`, instead of a concrete Amino codec. Furthermore, the Cosmos SDK +will provide two concrete implementations of the `Marshaler` interface: `AminoCodec` and `ProtoCodec`. + +* `AminoCodec`: Uses Amino for both binary and JSON encoding. +* `ProtoCodec`: Uses Protobuf for both binary and JSON encoding. + +Modules will use whichever codec that is instantiated in the app. By default, the Cosmos SDK's `simapp` +instantiates a `ProtoCodec` as the concrete implementation of `Marshaler`, inside the `MakeTestEncodingConfig` +function. This can be easily overwritten by app developers if they so desire. + +The ultimate goal will be to replace Amino JSON encoding with Protobuf encoding and thus have +modules accept and/or extend `ProtoCodec`. Until then, Amino JSON is still provided for legacy use-cases. +A handful of places in the Cosmos SDK still have Amino JSON hardcoded, such as the Legacy API REST endpoints +and the `x/params` store. They are planned to be converted to Protobuf in a gradual manner. + +### Module Codecs + +Modules that do not require the ability to work with and serialize interfaces, the path to Protobuf +migration is pretty straightforward. These modules are to simply migrate any existing types that +are encoded and persisted via their concrete Amino codec to Protobuf and have their keeper accept a +`Marshaler` that will be a `ProtoCodec`. This migration is simple as things will just work as-is. + +Note, any business logic that needs to encode primitive types like `bool` or `int64` should use +[gogoprotobuf](https://github.com/cosmos/gogoproto) Value types. + +Example: + +```go + ts, err := gogotypes.TimestampProto(completionTime) + if err != nil { + // ... + } + + bz := cdc.MustMarshal(ts) +``` + +However, modules can vary greatly in purpose and design and so we must support the ability for modules +to be able to encode and work with interfaces (e.g. `Account` or `Content`). For these modules, they +must define their own codec interface that extends `Marshaler`. These specific interfaces are unique +to the module and will contain method contracts that know how to serialize the needed interfaces. + +Example: + +```go +// x/auth/types/codec.go + +type Codec interface { + codec.Codec + + MarshalAccount(acc exported.Account) ([]byte, error) + UnmarshalAccount(bz []byte) (exported.Account, error) + + MarshalAccountJSON(acc exported.Account) ([]byte, error) + UnmarshalAccountJSON(bz []byte) (exported.Account, error) +} +``` + +### Usage of `Any` to encode interfaces + +In general, module-level .proto files should define messages which encode interfaces +using [`google.protobuf.Any`](https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/any.proto). +After [extension discussion](https://github.com/cosmos/cosmos-sdk/issues/6030), +this was chosen as the preferred alternative to application-level `oneof`s +as in our original protobuf design. The arguments in favor of `Any` can be +summarized as follows: + +* `Any` provides a simpler, more consistent client UX for dealing with +interfaces than app-level `oneof`s that will need to be coordinated more +carefully across applications. Creating a generic transaction +signing library using `oneof`s may be cumbersome and critical logic may need +to be reimplemented for each chain +* `Any` provides more resistance against human error than `oneof` +* `Any` is generally simpler to implement for both modules and apps + +The main counter-argument to using `Any` centers around its additional space +and possibly performance overhead. The space overhead could be dealt with using +compression at the persistence layer in the future and the performance impact +is likely to be small. Thus, not using `Any` is seem as a pre-mature optimization, +with user experience as the higher order concern. + +Note, that given the Cosmos SDK's decision to adopt the `Codec` interfaces described +above, apps can still choose to use `oneof` to encode state and transactions +but it is not the recommended approach. If apps do choose to use `oneof`s +instead of `Any` they will likely lose compatibility with client apps that +support multiple chains. Thus developers should think carefully about whether +they care more about what is possibly a pre-mature optimization or end-user +and client developer UX. + +### Safe usage of `Any` + +By default, the [gogo protobuf implementation of `Any`](https://pkg.go.dev/github.com/cosmos/gogoproto/types) +uses [global type registration]( https://github.com/cosmos/gogoproto/blob/master/proto/properties.go#L540) +to decode values packed in `Any` into concrete +go types. This introduces a vulnerability where any malicious module +in the dependency tree could register a type with the global protobuf registry +and cause it to be loaded and unmarshaled by a transaction that referenced +it in the `type_url` field. + +To prevent this, we introduce a type registration mechanism for decoding `Any` +values into concrete types through the `InterfaceRegistry` interface which +bears some similarity to type registration with Amino: + +```go +type InterfaceRegistry interface { + // RegisterInterface associates protoName as the public name for the + // interface passed in as iface + // Ex: + // registry.RegisterInterface("cosmos_sdk.Msg", (*sdk.Msg)(nil)) + RegisterInterface(protoName string, iface interface{}) + + // RegisterImplementations registers impls as a concrete implementations of + // the interface iface + // Ex: + // registry.RegisterImplementations((*sdk.Msg)(nil), &MsgSend{}, &MsgMultiSend{}) + RegisterImplementations(iface interface{}, impls ...proto.Message) + +} +``` + +In addition to serving as a whitelist, `InterfaceRegistry` can also serve +to communicate the list of concrete types that satisfy an interface to clients. + +In .proto files: + +* fields which accept interfaces should be annotated with `cosmos_proto.accepts_interface` +using the same full-qualified name passed as `protoName` to `InterfaceRegistry.RegisterInterface` +* interface implementations should be annotated with `cosmos_proto.implements_interface` +using the same full-qualified name passed as `protoName` to `InterfaceRegistry.RegisterInterface` + +In the future, `protoName`, `cosmos_proto.accepts_interface`, `cosmos_proto.implements_interface` +may be used via code generation, reflection &/or static linting. + +The same struct that implements `InterfaceRegistry` will also implement an +interface `InterfaceUnpacker` to be used for unpacking `Any`s: + +```go +type InterfaceUnpacker interface { + // UnpackAny unpacks the value in any to the interface pointer passed in as + // iface. Note that the type in any must have been registered with + // RegisterImplementations as a concrete type for that interface + // Ex: + // var msg sdk.Msg + // err := ctx.UnpackAny(any, &msg) + // ... + UnpackAny(any *Any, iface interface{}) error +} +``` + +Note that `InterfaceRegistry` usage does not deviate from standard protobuf +usage of `Any`, it just introduces a security and introspection layer for +golang usage. + +`InterfaceRegistry` will be a member of `ProtoCodec` +described above. In order for modules to register interface types, app modules +can optionally implement the following interface: + +```go +type InterfaceModule interface { + RegisterInterfaceTypes(InterfaceRegistry) +} +``` + +The module manager will include a method to call `RegisterInterfaceTypes` on +every module that implements it in order to populate the `InterfaceRegistry`. + +### Using `Any` to encode state + +The Cosmos SDK will provide support methods `MarshalInterface` and `UnmarshalInterface` to hide a complexity of wrapping interface types into `Any` and allow easy serialization. + +```go +import "github.com/cosmos/cosmos-sdk/codec" + +// note: eviexported.Evidence is an interface type +func MarshalEvidence(cdc codec.BinaryCodec, e eviexported.Evidence) ([]byte, error) { + return cdc.MarshalInterface(e) +} + +func UnmarshalEvidence(cdc codec.BinaryCodec, bz []byte) (eviexported.Evidence, error) { + var evi eviexported.Evidence + err := cdc.UnmarshalInterface(&evi, bz) + return err, nil +} +``` + +### Using `Any` in `sdk.Msg`s + +A similar concept is to be applied for messages that contain interfaces fields. +For example, we can define `MsgSubmitEvidence` as follows where `Evidence` is +an interface: + +```protobuf +// x/evidence/types/types.proto + +message MsgSubmitEvidence { + bytes submitter = 1 + [ + (gogoproto.casttype) = "github.com/cosmos/cosmos-sdk/types.AccAddress" + ]; + google.protobuf.Any evidence = 2; +} +``` + +Note that in order to unpack the evidence from `Any` we do need a reference to +`InterfaceRegistry`. In order to reference evidence in methods like +`ValidateBasic` which shouldn't have to know about the `InterfaceRegistry`, we +introduce an `UnpackInterfaces` phase to deserialization which unpacks +interfaces before they're needed. + +### Unpacking Interfaces + +To implement the `UnpackInterfaces` phase of deserialization which unpacks +interfaces wrapped in `Any` before they're needed, we create an interface +that `sdk.Msg`s and other types can implement: + +```go +type UnpackInterfacesMessage interface { + UnpackInterfaces(InterfaceUnpacker) error +} +``` + +We also introduce a private `cachedValue interface{}` field onto the `Any` +struct itself with a public getter `GetCachedValue() interface{}`. + +The `UnpackInterfaces` method is to be invoked during message deserialization right +after `Unmarshal` and any interface values packed in `Any`s will be decoded +and stored in `cachedValue` for reference later. + +Then unpacked interface values can safely be used in any code afterwards +without knowledge of the `InterfaceRegistry` +and messages can introduce a simple getter to cast the cached value to the +correct interface type. + +This has the added benefit that unmarshaling of `Any` values only happens once +during initial deserialization rather than every time the value is read. Also, +when `Any` values are first packed (for instance in a call to +`NewMsgSubmitEvidence`), the original interface value is cached so that +unmarshaling isn't needed to read it again. + +`MsgSubmitEvidence` could implement `UnpackInterfaces`, plus a convenience getter +`GetEvidence` as follows: + +```go +func (msg MsgSubmitEvidence) UnpackInterfaces(ctx sdk.InterfaceRegistry) error { + var evi eviexported.Evidence + return ctx.UnpackAny(msg.Evidence, *evi) +} + +func (msg MsgSubmitEvidence) GetEvidence() eviexported.Evidence { + return msg.Evidence.GetCachedValue().(eviexported.Evidence) +} +``` + +### Amino Compatibility + +Our custom implementation of `Any` can be used transparently with Amino if used +with the proper codec instance. What this means is that interfaces packed within +`Any`s will be amino marshaled like regular Amino interfaces (assuming they +have been registered properly with Amino). + +In order for this functionality to work: + +* **all legacy code must use `*codec.LegacyAmino` instead of `*amino.Codec` which is + now a wrapper which properly handles `Any`** +* **all new code should use `Marshaler` which is compatible with both amino and + protobuf** +* Also, before v0.39, `codec.LegacyAmino` will be renamed to `codec.LegacyAmino`. + +### Why Wasn't X Chosen Instead + +For a more complete comparison to alternative protocols, see [here](https://codeburst.io/json-vs-protocol-buffers-vs-flatbuffers-a4247f8bda6f). + +### Cap'n Proto + +While [Cap’n Proto](https://capnproto.org/) does seem like an advantageous alternative to Protobuf +due to it's native support for interfaces/generics and built in canonicalization, it does lack the +rich client ecosystem compared to Protobuf and is a bit less mature. + +### FlatBuffers + +[FlatBuffers](https://google.github.io/flatbuffers/) is also a potentially viable alternative, with the +primary difference being that FlatBuffers does not need a parsing/unpacking step to a secondary +representation before you can access data, often coupled with per-object memory allocation. + +However, it would require great efforts into research and full understanding the scope of the migration +and path forward -- which isn't immediately clear. In addition, FlatBuffers aren't designed for +untrusted inputs. + +## Future Improvements & Roadmap + +In the future we may consider a compression layer right above the persistence +layer which doesn't change tx or merkle tree hashes, but reduces the storage +overhead of `Any`. In addition, we may adopt protobuf naming conventions which +make type URLs a bit more concise while remaining descriptive. + +Additional code generation support around the usage of `Any` is something that +could also be explored in the future to make the UX for go developers more +seamless. + +## Consequences + +### Positive + +* Significant performance gains. +* Supports backward and forward type compatibility. +* Better support for cross-language clients. + +### Negative + +* Learning curve required to understand and implement Protobuf messages. +* Slightly larger message size due to use of `Any`, although this could be offset + by a compression layer in the future + +### Neutral + +## References + +1. https://github.com/cosmos/cosmos-sdk/issues/4977 +2. https://github.com/cosmos/cosmos-sdk/issues/5444 diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-020-protobuf-transaction-encoding.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-020-protobuf-transaction-encoding.md new file mode 100644 index 00000000..b26f394b --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-020-protobuf-transaction-encoding.md @@ -0,0 +1,464 @@ +# ADR 020: Protocol Buffer Transaction Encoding + +## Changelog + +* 2020 March 06: Initial Draft +* 2020 March 12: API Updates +* 2020 April 13: Added details on interface `oneof` handling +* 2020 April 30: Switch to `Any` +* 2020 May 14: Describe public key encoding +* 2020 June 08: Store `TxBody` and `AuthInfo` as bytes in `SignDoc`; Document `TxRaw` as broadcast and storage type. +* 2020 August 07: Use ADR 027 for serializing `SignDoc`. +* 2020 August 19: Move sequence field from `SignDoc` to `SignerInfo`, as discussed in [#6966](https://github.com/cosmos/cosmos-sdk/issues/6966). +* 2020 September 25: Remove `PublicKey` type in favor of `secp256k1.PubKey`, `ed25519.PubKey` and `multisig.LegacyAminoPubKey`. +* 2020 October 15: Add `GetAccount` and `GetAccountWithHeight` methods to the `AccountRetriever` interface. +* 2021 Feb 24: The Cosmos SDK does not use Tendermint's `PubKey` interface anymore, but its own `cryptotypes.PubKey`. Updates to reflect this. +* 2021 May 3: Rename `clientCtx.JSONMarshaler` to `clientCtx.JSONCodec`. +* 2021 June 10: Add `clientCtx.Codec: codec.Codec`. + +## Status + +Accepted + +## Context + +This ADR is a continuation of the motivation, design, and context established in +[ADR 019](./adr-019-protobuf-state-encoding.md), namely, we aim to design the +Protocol Buffer migration path for the client-side of the Cosmos SDK. + +Specifically, the client-side migration path primarily includes tx generation and +signing, message construction and routing, in addition to CLI & REST handlers and +business logic (i.e. queriers). + +With this in mind, we will tackle the migration path via two main areas, txs and +querying. However, this ADR solely focuses on transactions. Querying should be +addressed in a future ADR, but it should build off of these proposals. + +Based on detailed discussions ([\#6030](https://github.com/cosmos/cosmos-sdk/issues/6030) +and [\#6078](https://github.com/cosmos/cosmos-sdk/issues/6078)), the original +design for transactions was changed substantially from an `oneof` /JSON-signing +approach to the approach described below. + +## Decision + +### Transactions + +Since interface values are encoded with `google.protobuf.Any` in state (see [ADR 019](adr-019-protobuf-state-encoding.md)), +`sdk.Msg`s are encoding with `Any` in transactions. + +One of the main goals of using `Any` to encode interface values is to have a +core set of types which is reused by apps so that +clients can safely be compatible with as many chains as possible. + +It is one of the goals of this specification to provide a flexible cross-chain transaction +format that can serve a wide variety of use cases without breaking client +compatibility. + +In order to facilitate signing, transactions are separated into `TxBody`, +which will be re-used by `SignDoc` below, and `signatures`: + +```protobuf +// types/types.proto +package cosmos_sdk.v1; + +message Tx { + TxBody body = 1; + AuthInfo auth_info = 2; + // A list of signatures that matches the length and order of AuthInfo's signer_infos to + // allow connecting signature meta information like public key and signing mode by position. + repeated bytes signatures = 3; +} + +// A variant of Tx that pins the signer's exact binary represenation of body and +// auth_info. This is used for signing, broadcasting and verification. The binary +// `serialize(tx: TxRaw)` is stored in Tendermint and the hash `sha256(serialize(tx: TxRaw))` +// becomes the "txhash", commonly used as the transaction ID. +message TxRaw { + // A protobuf serialization of a TxBody that matches the representation in SignDoc. + bytes body = 1; + // A protobuf serialization of an AuthInfo that matches the representation in SignDoc. + bytes auth_info = 2; + // A list of signatures that matches the length and order of AuthInfo's signer_infos to + // allow connecting signature meta information like public key and signing mode by position. + repeated bytes signatures = 3; +} + +message TxBody { + // A list of messages to be executed. The required signers of those messages define + // the number and order of elements in AuthInfo's signer_infos and Tx's signatures. + // Each required signer address is added to the list only the first time it occurs. + // + // By convention, the first required signer (usually from the first message) is referred + // to as the primary signer and pays the fee for the whole transaction. + repeated google.protobuf.Any messages = 1; + string memo = 2; + int64 timeout_height = 3; + repeated google.protobuf.Any extension_options = 1023; +} + +message AuthInfo { + // This list defines the signing modes for the required signers. The number + // and order of elements must match the required signers from TxBody's messages. + // The first element is the primary signer and the one which pays the fee. + repeated SignerInfo signer_infos = 1; + // The fee can be calculated based on the cost of evaluating the body and doing signature verification of the signers. This can be estimated via simulation. + Fee fee = 2; +} + +message SignerInfo { + // The public key is optional for accounts that already exist in state. If unset, the + // verifier can use the required signer address for this position and lookup the public key. + google.protobuf.Any public_key = 1; + // ModeInfo describes the signing mode of the signer and is a nested + // structure to support nested multisig pubkey's + ModeInfo mode_info = 2; + // sequence is the sequence of the account, which describes the + // number of committed transactions signed by a given address. It is used to prevent + // replay attacks. + uint64 sequence = 3; +} + +message ModeInfo { + oneof sum { + Single single = 1; + Multi multi = 2; + } + + // Single is the mode info for a single signer. It is structured as a message + // to allow for additional fields such as locale for SIGN_MODE_TEXTUAL in the future + message Single { + SignMode mode = 1; + } + + // Multi is the mode info for a multisig public key + message Multi { + // bitarray specifies which keys within the multisig are signing + CompactBitArray bitarray = 1; + // mode_infos is the corresponding modes of the signers of the multisig + // which could include nested multisig public keys + repeated ModeInfo mode_infos = 2; + } +} + +enum SignMode { + SIGN_MODE_UNSPECIFIED = 0; + + SIGN_MODE_DIRECT = 1; + + SIGN_MODE_TEXTUAL = 2; + + SIGN_MODE_LEGACY_AMINO_JSON = 127; +} +``` + +As will be discussed below, in order to include as much of the `Tx` as possible +in the `SignDoc`, `SignerInfo` is separated from signatures so that only the +raw signatures themselves live outside of what is signed over. + +Because we are aiming for a flexible, extensible cross-chain transaction +format, new transaction processing options should be added to `TxBody` as soon +those use cases are discovered, even if they can't be implemented yet. + +Because there is coordination overhead in this, `TxBody` includes an +`extension_options` field which can be used for any transaction processing +options that are not already covered. App developers should, nevertheless, +attempt to upstream important improvements to `Tx`. + +### Signing + +All of the signing modes below aim to provide the following guarantees: + +* **No Malleability**: `TxBody` and `AuthInfo` cannot change once the transaction + is signed +* **Predictable Gas**: if I am signing a transaction where I am paying a fee, + the final gas is fully dependent on what I am signing + +These guarantees give the maximum amount confidence to message signers that +manipulation of `Tx`s by intermediaries can't result in any meaningful changes. + +#### `SIGN_MODE_DIRECT` + +The "direct" signing behavior is to sign the raw `TxBody` bytes as broadcast over +the wire. This has the advantages of: + +* requiring the minimum additional client capabilities beyond a standard protocol + buffers implementation +* leaving effectively zero holes for transaction malleability (i.e. there are no + subtle differences between the signing and encoding formats which could + potentially be exploited by an attacker) + +Signatures are structured using the `SignDoc` below which reuses the serialization of +`TxBody` and `AuthInfo` and only adds the fields which are needed for signatures: + +```protobuf +// types/types.proto +message SignDoc { + // A protobuf serialization of a TxBody that matches the representation in TxRaw. + bytes body = 1; + // A protobuf serialization of an AuthInfo that matches the representation in TxRaw. + bytes auth_info = 2; + string chain_id = 3; + uint64 account_number = 4; +} +``` + +In order to sign in the default mode, clients take the following steps: + +1. Serialize `TxBody` and `AuthInfo` using any valid protobuf implementation. +2. Create a `SignDoc` and serialize it using [ADR 027](./adr-027-deterministic-protobuf-serialization.md). +3. Sign the encoded `SignDoc` bytes. +4. Build a `TxRaw` and serialize it for broadcasting. + +Signature verification is based on comparing the raw `TxBody` and `AuthInfo` +bytes encoded in `TxRaw` not based on any ["canonicalization"](https://github.com/regen-network/canonical-proto3) +algorithm which creates added complexity for clients in addition to preventing +some forms of upgradeability (to be addressed later in this document). + +Signature verifiers do: + +1. Deserialize a `TxRaw` and pull out `body` and `auth_info`. +2. Create a list of required signer addresses from the messages. +3. For each required signer: + * Pull account number and sequence from the state. + * Obtain the public key either from state or `AuthInfo`'s `signer_infos`. + * Create a `SignDoc` and serialize it using [ADR 027](./adr-027-deterministic-protobuf-serialization.md). + * Verify the signature at the same list position against the serialized `SignDoc`. + +#### `SIGN_MODE_LEGACY_AMINO` + +In order to support legacy wallets and exchanges, Amino JSON will be temporarily +supported transaction signing. Once wallets and exchanges have had a +chance to upgrade to protobuf based signing, this option will be disabled. In +the meantime, it is foreseen that disabling the current Amino signing would cause +too much breakage to be feasible. Note that this is mainly a requirement of the +Cosmos Hub and other chains may choose to disable Amino signing immediately. + +Legacy clients will be able to sign a transaction using the current Amino +JSON format and have it encoded to protobuf using the REST `/tx/encode` +endpoint before broadcasting. + +#### `SIGN_MODE_TEXTUAL` + +As was discussed extensively in [\#6078](https://github.com/cosmos/cosmos-sdk/issues/6078), +there is a desire for a human-readable signing encoding, especially for hardware +wallets like the [Ledger](https://www.ledger.com) which display +transaction contents to users before signing. JSON was an attempt at this but +falls short of the ideal. + +`SIGN_MODE_TEXTUAL` is intended as a placeholder for a human-readable +encoding which will replace Amino JSON. This new encoding should be even more +focused on readability than JSON, possibly based on formatting strings like +[MessageFormat](http://userguide.icu-project.org/formatparse/messages). + +In order to ensure that the new human-readable format does not suffer from +transaction malleability issues, `SIGN_MODE_TEXTUAL` +requires that the _human-readable bytes are concatenated with the raw `SignDoc`_ +to generate sign bytes. + +Multiple human-readable formats (maybe even localized messages) may be supported +by `SIGN_MODE_TEXTUAL` when it is implemented. + +### Unknown Field Filtering + +Unknown fields in protobuf messages should generally be rejected by transaction +processors because: + +* important data may be present in the unknown fields, that if ignored, will + cause unexpected behavior for clients +* they present a malleability vulnerability where attackers can bloat tx size + by adding random uninterpreted data to unsigned content (i.e. the master `Tx`, + not `TxBody`) + +There are also scenarios where we may choose to safely ignore unknown fields +(https://github.com/cosmos/cosmos-sdk/issues/6078#issuecomment-624400188) to +provide graceful forwards compatibility with newer clients. + +We propose that field numbers with bit 11 set (for most use cases this is +the range of 1024-2047) be considered non-critical fields that can safely be +ignored if unknown. + +To handle this we will need an unknown field filter that: + +* always rejects unknown fields in unsigned content (i.e. top-level `Tx` and + unsigned parts of `AuthInfo` if present based on the signing mode) +* rejects unknown fields in all messages (including nested `Any`s) other than + fields with bit 11 set + +This will likely need to be a custom protobuf parser pass that takes message bytes +and `FileDescriptor`s and returns a boolean result. + +### Public Key Encoding + +Public keys in the Cosmos SDK implement the `cryptotypes.PubKey` interface. +We propose to use `Any` for protobuf encoding as we are doing with other interfaces (for example, in `BaseAccount.PubKey` and `SignerInfo.PublicKey`). +The following public keys are implemented: secp256k1, secp256r1, ed25519 and legacy-multisignature. + +Ex: + +```protobuf +message PubKey { + bytes key = 1; +} +``` + +`multisig.LegacyAminoPubKey` has an array of `Any`'s member to support any +protobuf public key type. + +Apps should only attempt to handle a registered set of public keys that they +have tested. The provided signature verification ante handler decorators will +enforce this. + +### CLI & REST + +Currently, the REST and CLI handlers encode and decode types and txs via Amino +JSON encoding using a concrete Amino codec. Being that some of the types dealt with +in the client can be interfaces, similar to how we described in [ADR 019](./adr-019-protobuf-state-encoding.md), +the client logic will now need to take a codec interface that knows not only how +to handle all the types, but also knows how to generate transactions, signatures, +and messages. + +```go +type AccountRetriever interface { + GetAccount(clientCtx Context, addr sdk.AccAddress) (client.Account, error) + GetAccountWithHeight(clientCtx Context, addr sdk.AccAddress) (client.Account, int64, error) + EnsureExists(clientCtx client.Context, addr sdk.AccAddress) error + GetAccountNumberSequence(clientCtx client.Context, addr sdk.AccAddress) (uint64, uint64, error) +} + +type Generator interface { + NewTx() TxBuilder + NewFee() ClientFee + NewSignature() ClientSignature + MarshalTx(tx types.Tx) ([]byte, error) +} + +type TxBuilder interface { + GetTx() sdk.Tx + + SetMsgs(...sdk.Msg) error + GetSignatures() []sdk.Signature + SetSignatures(...sdk.Signature) + GetFee() sdk.Fee + SetFee(sdk.Fee) + GetMemo() string + SetMemo(string) +} +``` + +We then update `Context` to have new fields: `Codec`, `TxGenerator`, +and `AccountRetriever`, and we update `AppModuleBasic.GetTxCmd` to take +a `Context` which should have all of these fields pre-populated. + +Each client method should then use one of the `Init` methods to re-initialize +the pre-populated `Context`. `tx.GenerateOrBroadcastTx` can be used to +generate or broadcast a transaction. For example: + +```go +import "github.com/spf13/cobra" +import "github.com/cosmos/cosmos-sdk/client" +import "github.com/cosmos/cosmos-sdk/client/tx" + +func NewCmdDoSomething(clientCtx client.Context) *cobra.Command { + return &cobra.Command{ + RunE: func(cmd *cobra.Command, args []string) error { + clientCtx := ctx.InitWithInput(cmd.InOrStdin()) + msg := NewSomeMsg{...} + tx.GenerateOrBroadcastTx(clientCtx, msg) + }, + } +} +``` + +## Future Improvements + +### `SIGN_MODE_TEXTUAL` specification + +A concrete specification and implementation of `SIGN_MODE_TEXTUAL` is intended +as a near-term future improvement so that the ledger app and other wallets +can gracefully transition away from Amino JSON. + +### `SIGN_MODE_DIRECT_AUX` + +(\*Documented as option (3) in https://github.com/cosmos/cosmos-sdk/issues/6078#issuecomment-628026933) + +We could add a mode `SIGN_MODE_DIRECT_AUX` +to support scenarios where multiple signatures +are being gathered into a single transaction but the message composer does not +yet know which signatures will be included in the final transaction. For instance, +I may have a 3/5 multisig wallet and want to send a `TxBody` to all 5 +signers to see who signs first. As soon as I have 3 signatures then I will go +ahead and build the full transaction. + +With `SIGN_MODE_DIRECT`, each signer needs +to sign the full `AuthInfo` which includes the full list of all signers and +their signing modes, making the above scenario very hard. + +`SIGN_MODE_DIRECT_AUX` would allow "auxiliary" signers to create their signature +using only `TxBody` and their own `PublicKey`. This allows the full list of +signers in `AuthInfo` to be delayed until signatures have been collected. + +An "auxiliary" signer is any signer besides the primary signer who is paying +the fee. For the primary signer, the full `AuthInfo` is actually needed to calculate gas and fees +because that is dependent on how many signers and which key types and signing +modes they are using. Auxiliary signers, however, do not need to worry about +fees or gas and thus can just sign `TxBody`. + +To generate a signature in `SIGN_MODE_DIRECT_AUX` these steps would be followed: + +1. Encode `SignDocAux` (with the same requirement that fields must be serialized + in order): + + ```protobuf + // types/types.proto + message SignDocAux { + bytes body_bytes = 1; + // PublicKey is included in SignDocAux : + // 1. as a special case for multisig public keys. For multisig public keys, + // the signer should use the top-level multisig public key they are signing + // against, not their own public key. This is to prevent against a form + // of malleability where a signature could be taken out of context of the + // multisig key that was intended to be signed for + // 2. to guard against scenario where configuration information is encoded + // in public keys (it has been proposed) such that two keys can generate + // the same signature but have different security properties + // + // By including it here, the composer of AuthInfo cannot reference the + // a public key variant the signer did not intend to use + PublicKey public_key = 2; + string chain_id = 3; + uint64 account_number = 4; + } + ``` + +2. Sign the encoded `SignDocAux` bytes +3. Send their signature and `SignerInfo` to primary signer who will then + sign and broadcast the final transaction (with `SIGN_MODE_DIRECT` and `AuthInfo` + added) once enough signatures have been collected + +### `SIGN_MODE_DIRECT_RELAXED` + +(_Documented as option (1)(a) in https://github.com/cosmos/cosmos-sdk/issues/6078#issuecomment-628026933_) + +This is a variation of `SIGN_MODE_DIRECT` where multiple signers wouldn't need to +coordinate public keys and signing modes in advance. It would involve an alternate +`SignDoc` similar to `SignDocAux` above with fee. This could be added in the future +if client developers found the burden of collecting public keys and modes in advance +too burdensome. + +## Consequences + +### Positive + +* Significant performance gains. +* Supports backward and forward type compatibility. +* Better support for cross-language clients. +* Multiple signing modes allow for greater protocol evolution + +### Negative + +* `google.protobuf.Any` type URLs increase transaction size although the effect + may be negligible or compression may be able to mitigate it. + +### Neutral + +## References diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-021-protobuf-query-encoding.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-021-protobuf-query-encoding.md new file mode 100644 index 00000000..a90e807d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-021-protobuf-query-encoding.md @@ -0,0 +1,256 @@ +# ADR 021: Protocol Buffer Query Encoding + +## Changelog + +* 2020 March 27: Initial Draft + +## Status + +Accepted + +## Context + +This ADR is a continuation of the motivation, design, and context established in +[ADR 019](./adr-019-protobuf-state-encoding.md) and +[ADR 020](./adr-020-protobuf-transaction-encoding.md), namely, we aim to design the +Protocol Buffer migration path for the client-side of the Cosmos SDK. + +This ADR continues from [ADD 020](./adr-020-protobuf-transaction-encoding.md) +to specify the encoding of queries. + +## Decision + +### Custom Query Definition + +Modules define custom queries through a protocol buffers `service` definition. +These `service` definitions are generally associated with and used by the +GRPC protocol. However, the protocol buffers specification indicates that +they can be used more generically by any request/response protocol that uses +protocol buffer encoding. Thus, we can use `service` definitions for specifying +custom ABCI queries and even reuse a substantial amount of the GRPC infrastructure. + +Each module with custom queries should define a service canonically named `Query`: + +```protobuf +// x/bank/types/types.proto + +service Query { + rpc QueryBalance(QueryBalanceParams) returns (cosmos_sdk.v1.Coin) { } + rpc QueryAllBalances(QueryAllBalancesParams) returns (QueryAllBalancesResponse) { } +} +``` + +#### Handling of Interface Types + +Modules that use interface types and need true polymorphism generally force a +`oneof` up to the app-level that provides the set of concrete implementations of +that interface that the app supports. While app's are welcome to do the same for +queries and implement an app-level query service, it is recommended that modules +provide query methods that expose these interfaces via `google.protobuf.Any`. +There is a concern on the transaction level that the overhead of `Any` is too +high to justify its usage. However for queries this is not a concern, and +providing generic module-level queries that use `Any` does not preclude apps +from also providing app-level queries that return use the app-level `oneof`s. + +A hypothetical example for the `gov` module would look something like: + +```protobuf +// x/gov/types/types.proto + +import "google/protobuf/any.proto"; + +service Query { + rpc GetProposal(GetProposalParams) returns (AnyProposal) { } +} + +message AnyProposal { + ProposalBase base = 1; + google.protobuf.Any content = 2; +} +``` + +### Custom Query Implementation + +In order to implement the query service, we can reuse the existing [gogo protobuf](https://github.com/cosmos/gogoproto) +grpc plugin, which for a service named `Query` generates an interface named +`QueryServer` as below: + +```go +type QueryServer interface { + QueryBalance(context.Context, *QueryBalanceParams) (*types.Coin, error) + QueryAllBalances(context.Context, *QueryAllBalancesParams) (*QueryAllBalancesResponse, error) +} +``` + +The custom queries for our module are implemented by implementing this interface. + +The first parameter in this generated interface is a generic `context.Context`, +whereas querier methods generally need an instance of `sdk.Context` to read +from the store. Since arbitrary values can be attached to `context.Context` +using the `WithValue` and `Value` methods, the Cosmos SDK should provide a function +`sdk.UnwrapSDKContext` to retrieve the `sdk.Context` from the provided +`context.Context`. + +An example implementation of `QueryBalance` for the bank module as above would +look something like: + +```go +type Querier struct { + Keeper +} + +func (q Querier) QueryBalance(ctx context.Context, params *types.QueryBalanceParams) (*sdk.Coin, error) { + balance := q.GetBalance(sdk.UnwrapSDKContext(ctx), params.Address, params.Denom) + return &balance, nil +} +``` + +### Custom Query Registration and Routing + +Query server implementations as above would be registered with `AppModule`s using +a new method `RegisterQueryService(grpc.Server)` which could be implemented simply +as below: + +```go +// x/bank/module.go +func (am AppModule) RegisterQueryService(server grpc.Server) { + types.RegisterQueryServer(server, keeper.Querier{am.keeper}) +} +``` + +Underneath the hood, a new method `RegisterService(sd *grpc.ServiceDesc, handler interface{})` +will be added to the existing `baseapp.QueryRouter` to add the queries to the custom +query routing table (with the routing method being described below). +The signature for this method matches the existing +`RegisterServer` method on the GRPC `Server` type where `handler` is the custom +query server implementation described above. + +GRPC-like requests are routed by the service name (ex. `cosmos_sdk.x.bank.v1.Query`) +and method name (ex. `QueryBalance`) combined with `/`s to form a full +method name (ex. `/cosmos_sdk.x.bank.v1.Query/QueryBalance`). This gets translated +into an ABCI query as `custom/cosmos_sdk.x.bank.v1.Query/QueryBalance`. Service handlers +registered with `QueryRouter.RegisterService` will be routed this way. + +Beyond the method name, GRPC requests carry a protobuf encoded payload, which maps naturally +to `RequestQuery.Data`, and receive a protobuf encoded response or error. Thus +there is a quite natural mapping of GRPC-like rpc methods to the existing +`sdk.Query` and `QueryRouter` infrastructure. + +This basic specification allows us to reuse protocol buffer `service` definitions +for ABCI custom queries substantially reducing the need for manual decoding and +encoding in query methods. + +### GRPC Protocol Support + +In addition to providing an ABCI query pathway, we can easily provide a GRPC +proxy server that routes requests in the GRPC protocol to ABCI query requests +under the hood. In this way, clients could use their host languages' existing +GRPC implementations to make direct queries against Cosmos SDK app's using +these `service` definitions. In order for this server to work, the `QueryRouter` +on `BaseApp` will need to expose the service handlers registered with +`QueryRouter.RegisterService` to the proxy server implementation. Nodes could +launch the proxy server on a separate port in the same process as the ABCI app +with a command-line flag. + +### REST Queries and Swagger Generation + +[grpc-gateway](https://github.com/grpc-ecosystem/grpc-gateway) is a project that +translates REST calls into GRPC calls using special annotations on service +methods. Modules that want to expose REST queries should add `google.api.http` +annotations to their `rpc` methods as in this example below. + +```protobuf +// x/bank/types/types.proto + +service Query { + rpc QueryBalance(QueryBalanceParams) returns (cosmos_sdk.v1.Coin) { + option (google.api.http) = { + get: "/x/bank/v1/balance/{address}/{denom}" + }; + } + rpc QueryAllBalances(QueryAllBalancesParams) returns (QueryAllBalancesResponse) { + option (google.api.http) = { + get: "/x/bank/v1/balances/{address}" + }; + } +} +``` + +grpc-gateway will work direcly against the GRPC proxy described above which will +translate requests to ABCI queries under the hood. grpc-gateway can also +generate Swagger definitions automatically. + +In the current implementation of REST queries, each module needs to implement +REST queries manually in addition to ABCI querier methods. Using the grpc-gateway +approach, there will be no need to generate separate REST query handlers, just +query servers as described above as grpc-gateway handles the translation of protobuf +to REST as well as Swagger definitions. + +The Cosmos SDK should provide CLI commands for apps to start GRPC gateway either in +a separate process or the same process as the ABCI app, as well as provide a +command for generating grpc-gateway proxy `.proto` files and the `swagger.json` +file. + +### Client Usage + +The gogo protobuf grpc plugin generates client interfaces in addition to server +interfaces. For the `Query` service defined above we would get a `QueryClient` +interface like: + +```go +type QueryClient interface { + QueryBalance(ctx context.Context, in *QueryBalanceParams, opts ...grpc.CallOption) (*types.Coin, error) + QueryAllBalances(ctx context.Context, in *QueryAllBalancesParams, opts ...grpc.CallOption) (*QueryAllBalancesResponse, error) +} +``` + +Via a small patch to gogo protobuf ([gogo/protobuf#675](https://github.com/gogo/protobuf/pull/675)) +we have tweaked the grpc codegen to use an interface rather than concrete type +for the generated client struct. This allows us to also reuse the GRPC infrastructure +for ABCI client queries. + +1Context`will receive a new method`QueryConn`that returns a`ClientConn` +that routes calls to ABCI queries + +Clients (such as CLI methods) will then be able to call query methods like this: + +```go +clientCtx := client.NewContext() +queryClient := types.NewQueryClient(clientCtx.QueryConn()) +params := &types.QueryBalanceParams{addr, denom} +result, err := queryClient.QueryBalance(gocontext.Background(), params) +``` + +### Testing + +Tests would be able to create a query client directly from keeper and `sdk.Context` +references using a `QueryServerTestHelper` as below: + +```go +queryHelper := baseapp.NewQueryServerTestHelper(ctx) +types.RegisterQueryServer(queryHelper, keeper.Querier{app.BankKeeper}) +queryClient := types.NewQueryClient(queryHelper) +``` + +## Future Improvements + +## Consequences + +### Positive + +* greatly simplified querier implementation (no manual encoding/decoding) +* easy query client generation (can use existing grpc and swagger tools) +* no need for REST query implementations +* type safe query methods (generated via grpc plugin) +* going forward, there will be less breakage of query methods because of the +backwards compatibility guarantees provided by buf + +### Negative + +* all clients using the existing ABCI/REST queries will need to be refactored +for both the new GRPC/REST query paths as well as protobuf/proto-json encoded +data, but this is more or less unavoidable in the protobuf refactoring + +### Neutral + +## References diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-022-custom-panic-handling.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-022-custom-panic-handling.md new file mode 100644 index 00000000..8cb5d968 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-022-custom-panic-handling.md @@ -0,0 +1,218 @@ +# ADR 022: Custom BaseApp panic handling + +## Changelog + +* 2020 Apr 24: Initial Draft +* 2021 Sep 14: Superseded by ADR-045 + +## Status + +SUPERSEDED by ADR-045 + +## Context + +The current implementation of BaseApp does not allow developers to write custom error handlers during panic recovery +[runTx()](https://github.com/cosmos/cosmos-sdk/blob/bad4ca75f58b182f600396ca350ad844c18fc80b/baseapp/baseapp.go#L539) +method. We think that this method can be more flexible and can give Cosmos SDK users more options for customizations without +the need to rewrite whole BaseApp. Also there's one special case for `sdk.ErrorOutOfGas` error handling, that case +might be handled in a "standard" way (middleware) alongside the others. + +We propose middleware-solution, which could help developers implement the following cases: + +* add external logging (let's say sending reports to external services like [Sentry](https://sentry.io)); +* call panic for specific error cases; + +It will also make `OutOfGas` case and `default` case one of the middlewares. +`Default` case wraps recovery object to an error and logs it ([example middleware implementation](#Recovery-middleware)). + +Our project has a sidecar service running alongside the blockchain node (smart contracts virtual machine). It is +essential that node <-> sidecar connectivity stays stable for TXs processing. So when the communication breaks we need +to crash the node and reboot it once the problem is solved. That behaviour makes node's state machine execution +deterministic. As all keeper panics are caught by runTx's `defer()` handler, we have to adjust the BaseApp code +in order to customize it. + +## Decision + +### Design + +#### Overview + +Instead of hardcoding custom error handling into BaseApp we suggest using set of middlewares which can be customized +externally and will allow developers use as many custom error handlers as they want. Implementation with tests +can be found [here](https://github.com/cosmos/cosmos-sdk/pull/6053). + +#### Implementation details + +##### Recovery handler + +New `RecoveryHandler` type added. `recoveryObj` input argument is an object returned by the standard Go function +`recover()` from the `builtin` package. + +```go +type RecoveryHandler func(recoveryObj interface{}) error +``` + +Handler should type assert (or other methods) an object to define if object should be handled. +`nil` should be returned if input object can't be handled by that `RecoveryHandler` (not a handler's target type). +Not `nil` error should be returned if input object was handled and middleware chain execution should be stopped. + +An example: + +```go +func exampleErrHandler(recoveryObj interface{}) error { + err, ok := recoveryObj.(error) + if !ok { return nil } + + if someSpecificError.Is(err) { + panic(customPanicMsg) + } else { + return nil + } +} +``` + +This example breaks the application execution, but it also might enrich the error's context like the `OutOfGas` handler. + +##### Recovery middleware + +We also add a middleware type (decorator). That function type wraps `RecoveryHandler` and returns the next middleware in +execution chain and handler's `error`. Type is used to separate actual `recovery()` object handling from middleware +chain processing. + +```go +type recoveryMiddleware func(recoveryObj interface{}) (recoveryMiddleware, error) + +func newRecoveryMiddleware(handler RecoveryHandler, next recoveryMiddleware) recoveryMiddleware { + return func(recoveryObj interface{}) (recoveryMiddleware, error) { + if err := handler(recoveryObj); err != nil { + return nil, err + } + return next, nil + } +} +``` + +Function receives a `recoveryObj` object and returns: + +* (next `recoveryMiddleware`, `nil`) if object wasn't handled (not a target type) by `RecoveryHandler`; +* (`nil`, not nil `error`) if input object was handled and other middlewares in the chain should not be executed; +* (`nil`, `nil`) in case of invalid behavior. Panic recovery might not have been properly handled; +this can be avoided by always using a `default` as a rightmost middleware in the chain (always returns an `error`'); + +`OutOfGas` middleware example: + +```go +func newOutOfGasRecoveryMiddleware(gasWanted uint64, ctx sdk.Context, next recoveryMiddleware) recoveryMiddleware { + handler := func(recoveryObj interface{}) error { + err, ok := recoveryObj.(sdk.ErrorOutOfGas) + if !ok { return nil } + + return errorsmod.Wrap( + sdkerrors.ErrOutOfGas, fmt.Sprintf( + "out of gas in location: %v; gasWanted: %d, gasUsed: %d", err.Descriptor, gasWanted, ctx.GasMeter().GasConsumed(), + ), + ) + } + + return newRecoveryMiddleware(handler, next) +} +``` + +`Default` middleware example: + +```go +func newDefaultRecoveryMiddleware() recoveryMiddleware { + handler := func(recoveryObj interface{}) error { + return errorsmod.Wrap( + sdkerrors.ErrPanic, fmt.Sprintf("recovered: %v\nstack:\n%v", recoveryObj, string(debug.Stack())), + ) + } + + return newRecoveryMiddleware(handler, nil) +} +``` + +##### Recovery processing + +Basic chain of middlewares processing would look like: + +```go +func processRecovery(recoveryObj interface{}, middleware recoveryMiddleware) error { + if middleware == nil { return nil } + + next, err := middleware(recoveryObj) + if err != nil { return err } + if next == nil { return nil } + + return processRecovery(recoveryObj, next) +} +``` + +That way we can create a middleware chain which is executed from left to right, the rightmost middleware is a +`default` handler which must return an `error`. + +##### BaseApp changes + +The `default` middleware chain must exist in a `BaseApp` object. `Baseapp` modifications: + +```go +type BaseApp struct { + // ... + runTxRecoveryMiddleware recoveryMiddleware +} + +func NewBaseApp(...) { + // ... + app.runTxRecoveryMiddleware = newDefaultRecoveryMiddleware() +} + +func (app *BaseApp) runTx(...) { + // ... + defer func() { + if r := recover(); r != nil { + recoveryMW := newOutOfGasRecoveryMiddleware(gasWanted, ctx, app.runTxRecoveryMiddleware) + err, result = processRecovery(r, recoveryMW), nil + } + + gInfo = sdk.GasInfo{GasWanted: gasWanted, GasUsed: ctx.GasMeter().GasConsumed()} + }() + // ... +} +``` + +Developers can add their custom `RecoveryHandler`s by providing `AddRunTxRecoveryHandler` as a BaseApp option parameter to the `NewBaseapp` constructor: + +```go +func (app *BaseApp) AddRunTxRecoveryHandler(handlers ...RecoveryHandler) { + for _, h := range handlers { + app.runTxRecoveryMiddleware = newRecoveryMiddleware(h, app.runTxRecoveryMiddleware) + } +} +``` + +This method would prepend handlers to an existing chain. + +## Consequences + +### Positive + +* Developers of Cosmos SDK based projects can add custom panic handlers to: + * add error context for custom panic sources (panic inside of custom keepers); + * emit `panic()`: passthrough recovery object to the Tendermint core; + * other necessary handling; +* Developers can use standard Cosmos SDK `BaseApp` implementation, rather that rewriting it in their projects; +* Proposed solution doesn't break the current "standard" `runTx()` flow; + +### Negative + +* Introduces changes to the execution model design. + +### Neutral + +* `OutOfGas` error handler becomes one of the middlewares; +* Default panic handler becomes one of the middlewares; + +## References + +* [PR-6053 with proposed solution](https://github.com/cosmos/cosmos-sdk/pull/6053) +* [Similar solution. ADR-010 Modular AnteHandler](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-010-modular-antehandler.md) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-023-protobuf-naming.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-023-protobuf-naming.md new file mode 100644 index 00000000..a192dfce --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-023-protobuf-naming.md @@ -0,0 +1,263 @@ +# ADR 023: Protocol Buffer Naming and Versioning Conventions + +## Changelog + +* 2020 April 27: Initial Draft +* 2020 August 5: Update guidelines + +## Status + +Accepted + +## Context + +Protocol Buffers provide a basic [style guide](https://developers.google.com/protocol-buffers/docs/style) +and [Buf](https://buf.build/docs/style-guide) builds upon that. To the +extent possible, we want to follow industry accepted guidelines and wisdom for +the effective usage of protobuf, deviating from those only when there is clear +rationale for our use case. + +### Adoption of `Any` + +The adoption of `google.protobuf.Any` as the recommended approach for encoding +interface types (as opposed to `oneof`) makes package naming a central part +of the encoding as fully-qualified message names now appear in encoded +messages. + +### Current Directory Organization + +Thus far we have mostly followed [Buf's](https://buf.build) [DEFAULT](https://buf.build/docs/lint-checkers#default) +recommendations, with the minor deviation of disabling [`PACKAGE_DIRECTORY_MATCH`](https://buf.build/docs/lint-checkers#file_layout) +which although being convenient for developing code comes with the warning +from Buf that: + +> you will have a very bad time with many Protobuf plugins across various languages if you do not do this + +### Adoption of gRPC Queries + +In [ADR 021](adr-021-protobuf-query-encoding.md), gRPC was adopted for Protobuf +native queries. The full gRPC service path thus becomes a key part of ABCI query +path. In the future, gRPC queries may be allowed from within persistent scripts +by technologies such as CosmWasm and these query routes would be stored within +script binaries. + +## Decision + +The goal of this ADR is to provide thoughtful naming conventions that: + +* encourage a good user experience for when users interact directly with +.proto files and fully-qualified protobuf names +* balance conciseness against the possibility of either over-optimizing (making +names too short and cryptic) or under-optimizing (just accepting bloated names +with lots of redundant information) + +These guidelines are meant to act as a style guide for both the Cosmos SDK and +third-party modules. + +As a starting point, we should adopt all of the [DEFAULT](https://buf.build/docs/lint-checkers#default) +checkers in [Buf's](https://buf.build) including [`PACKAGE_DIRECTORY_MATCH`](https://buf.build/docs/lint-checkers#file_layout), +except: + +* [PACKAGE_VERSION_SUFFIX](https://buf.build/docs/lint-checkers#package_version_suffix) +* [SERVICE_SUFFIX](https://buf.build/docs/lint-checkers#service_suffix) + +Further guidelines to be described below. + +### Principles + +#### Concise and Descriptive Names + +Names should be descriptive enough to convey their meaning and distinguish +them from other names. + +Given that we are using fully-qualifed names within +`google.protobuf.Any` as well as within gRPC query routes, we should aim to +keep names concise, without going overboard. The general rule of thumb should +be if a shorter name would convey more or else the same thing, pick the shorter +name. + +For instance, `cosmos.bank.MsgSend` (19 bytes) conveys roughly the same information +as `cosmos_sdk.x.bank.v1.MsgSend` (28 bytes) but is more concise. + +Such conciseness makes names both more pleasant to work with and take up less +space within transactions and on the wire. + +We should also resist the temptation to over-optimize, by making names +cryptically short with abbreviations. For instance, we shouldn't try to +reduce `cosmos.bank.MsgSend` to `csm.bk.MSnd` just to save a few bytes. + +The goal is to make names **_concise but not cryptic_**. + +#### Names are for Clients First + +Package and type names should be chosen for the benefit of users, not +necessarily because of legacy concerns related to the go code-base. + +#### Plan for Longevity + +In the interests of long-term support, we should plan on the names we do +choose to be in usage for a long time, so now is the opportunity to make +the best choices for the future. + +### Versioning + +#### Guidelines on Stable Package Versions + +In general, schema evolution is the way to update protobuf schemas. That means that new fields, +messages, and RPC methods are _added_ to existing schemas and old fields, messages and RPC methods +are maintained as long as possible. + +Breaking things is often unacceptable in a blockchain scenario. For instance, immutable smart contracts +may depend on certain data schemas on the host chain. If the host chain breaks those schemas, the smart +contract may be irreparably broken. Even when things can be fixed (for instance in client software), +this often comes at a high cost. + +Instead of breaking things, we should make every effort to evolve schemas rather than just breaking them. +[Buf](https://buf.build) breaking change detection should be used on all stable (non-alpha or beta) packages +to prevent such breakage. + +With that in mind, different stable versions (i.e. `v1` or `v2`) of a package should more or less be considered +different packages and this should be last resort approach for upgrading protobuf schemas. Scenarios where creating +a `v2` may make sense are: + +* we want to create a new module with similar functionality to an existing module and adding `v2` is the most natural +way to do this. In that case, there are really just two different, but similar modules with different APIs. +* we want to add a new revamped API for an existing module and it's just too cumbersome to add it to the existing package, +so putting it in `v2` is cleaner for users. In this case, care should be made to not deprecate support for +`v1` if it is actively used in immutable smart contracts. + +#### Guidelines on unstable (alpha and beta) package versions + +The following guidelines are recommended for marking packages as alpha or beta: + +* marking something as `alpha` or `beta` should be a last resort and just putting something in the +stable package (i.e. `v1` or `v2`) should be preferred +* a package _should_ be marked as `alpha` _if and only if_ there are active discussions to remove +or significantly alter the package in the near future +* a package _should_ be marked as `beta` _if and only if_ there is an active discussion to +significantly refactor/rework the functionality in the near future but not remove it +* modules _can and should_ have types in both stable (i.e. `v1` or `v2`) and unstable (`alpha` or `beta`) packages. + +_`alpha` and `beta` should not be used to avoid responsibility for maintaining compatibility._ +Whenever code is released into the wild, especially on a blockchain, there is a high cost to changing things. In some +cases, for instance with immutable smart contracts, a breaking change may be impossible to fix. + +When marking something as `alpha` or `beta`, maintainers should ask the questions: + +* what is the cost of asking others to change their code vs the benefit of us maintaining the optionality to change it? +* what is the plan for moving this to `v1` and how will that affect users? + +`alpha` or `beta` should really be used to communicate "changes are planned". + +As a case study, gRPC reflection is in the package `grpc.reflection.v1alpha`. It hasn't been changed since +2017 and it is now used in other widely used software like gRPCurl. Some folks probably use it in production services +and so if they actually went and changed the package to `grpc.reflection.v1`, some software would break and +they probably don't want to do that... So now the `v1alpha` package is more or less the de-facto `v1`. Let's not do that. + +The following are guidelines for working with non-stable packages: + +* [Buf's recommended version suffix](https://buf.build/docs/lint-checkers#package_version_suffix) +(ex. `v1alpha1`) _should_ be used for non-stable packages +* non-stable packages should generally be excluded from breaking change detection +* immutable smart contract modules (i.e. CosmWasm) _should_ block smart contracts/persistent +scripts from interacting with `alpha`/`beta` packages + +#### Omit v1 suffix + +Instead of using [Buf's recommended version suffix](https://buf.build/docs/lint-checkers#package_version_suffix), +we can omit `v1` for packages that don't actually have a second version. This +allows for more concise names for common use cases like `cosmos.bank.Send`. +Packages that do have a second or third version can indicate that with `.v2` +or `.v3`. + +### Package Naming + +#### Adopt a short, unique top-level package name + +Top-level packages should adopt a short name that is known to not collide with +other names in common usage within the Cosmos ecosystem. In the near future, a +registry should be created to reserve and index top-level package names used +within the Cosmos ecosystem. Because the Cosmos SDK is intended to provide +the top-level types for the Cosmos project, the top-level package name `cosmos` +is recommended for usage within the Cosmos SDK instead of the longer `cosmos_sdk`. +[ICS](https://github.com/cosmos/ics) specifications could consider a +short top-level package like `ics23` based upon the standard number. + +#### Limit sub-package depth + +Sub-package depth should be increased with caution. Generally a single +sub-package is needed for a module or a library. Even though `x` or `modules` +is used in source code to denote modules, this is often unnecessary for .proto +files as modules are the primary thing sub-packages are used for. Only items which +are known to be used infrequently should have deep sub-package depths. + +For the Cosmos SDK, it is recommended that we simply write `cosmos.bank`, +`cosmos.gov`, etc. rather than `cosmos.x.bank`. In practice, most non-module +types can go straight in the `cosmos` package or we can introduce a +`cosmos.base` package if needed. Note that this naming _will not_ change +go package names, i.e. the `cosmos.bank` protobuf package will still live in +`x/bank`. + +### Message Naming + +Message type names should be as concise possible without losing clarity. `sdk.Msg` +types which are used in transactions will retain the `Msg` prefix as that provides +helpful context. + +### Service and RPC Naming + +[ADR 021](adr-021-protobuf-query-encoding.md) specifies that modules should +implement a gRPC query service. We should consider the principle of conciseness +for query service and RPC names as these may be called from persistent script +modules such as CosmWasm. Also, users may use these query paths from tools like +[gRPCurl](https://github.com/fullstorydev/grpcurl). As an example, we can shorten +`/cosmos_sdk.x.bank.v1.QueryService/QueryBalance` to +`/cosmos.bank.Query/Balance` without losing much useful information. + +RPC request and response types _should_ follow the `ServiceNameMethodNameRequest`/ +`ServiceNameMethodNameResponse` naming convention. i.e. for an RPC method named `Balance` +on the `Query` service, the request and response types would be `QueryBalanceRequest` +and `QueryBalanceResponse`. This will be more self-explanatory than `BalanceRequest` +and `BalanceResponse`. + +#### Use just `Query` for the query service + +Instead of [Buf's default service suffix recommendation](https://github.com/cosmos/cosmos-sdk/pull/6033), +we should simply use the shorter `Query` for query services. + +For other types of gRPC services, we should consider sticking with Buf's +default recommendation. + +#### Omit `Get` and `Query` from query service RPC names + +`Get` and `Query` should be omitted from `Query` service names because they are +redundant in the fully-qualified name. For instance, `/cosmos.bank.Query/QueryBalance` +just says `Query` twice without any new information. + +## Future Improvements + +A registry of top-level package names should be created to coordinate naming +across the ecosystem, prevent collisions, and also help developers discover +useful schemas. A simple starting point would be a git repository with +community-based governance. + +## Consequences + +### Positive + +* names will be more concise and easier to read and type +* all transactions using `Any` will be at shorter (`_sdk.x` and `.v1` will be removed) +* `.proto` file imports will be more standard (without `"third_party/proto"` in +the path) +* code generation will be easier for clients because .proto files will be +in a single `proto/` directory which can be copied rather than scattered +throughout the Cosmos SDK + +### Negative + +### Neutral + +* `.proto` files will need to be reorganized and refactored +* some modules may need to be marked as alpha or beta + +## References diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-024-coin-metadata.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-024-coin-metadata.md new file mode 100644 index 00000000..71bedac5 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-024-coin-metadata.md @@ -0,0 +1,140 @@ +# ADR 024: Coin Metadata + +## Changelog + +* 05/19/2020: Initial draft + +## Status + +Proposed + +## Context + +Assets in the Cosmos SDK are represented via a `Coins` type that consists of an `amount` and a `denom`, +where the `amount` can be any arbitrarily large or small value. In addition, the Cosmos SDK uses an +account-based model where there are two types of primary accounts -- basic accounts and module accounts. +All account types have a set of balances that are composed of `Coins`. The `x/bank` module keeps +track of all balances for all accounts and also keeps track of the total supply of balances in an +application. + +With regards to a balance `amount`, the Cosmos SDK assumes a static and fixed unit of denomination, +regardless of the denomination itself. In other words, clients and apps built atop a Cosmos-SDK-based +chain may choose to define and use arbitrary units of denomination to provide a richer UX, however, by +the time a tx or operation reaches the Cosmos SDK state machine, the `amount` is treated as a single +unit. For example, for the Cosmos Hub (Gaia), clients assume 1 ATOM = 10^6 uatom, and so all txs and +operations in the Cosmos SDK work off of units of 10^6. + +This clearly provides a poor and limited UX especially as interoperability of networks increases and +as a result the total amount of asset types increases. We propose to have `x/bank` additionally keep +track of metadata per `denom` in order to help clients, wallet providers, and explorers improve their +UX and remove the requirement for making any assumptions on the unit of denomination. + +## Decision + +The `x/bank` module will be updated to store and index metadata by `denom`, specifically the "base" or +smallest unit -- the unit the Cosmos SDK state-machine works with. + +Metadata may also include a non-zero length list of denominations. Each entry contains the name of +the denomination `denom`, the exponent to the base and a list of aliases. An entry is to be +interpreted as `1 denom = 10^exponent base_denom` (e.g. `1 ETH = 10^18 wei` and `1 uatom = 10^0 uatom`). + +There are two denominations that are of high importance for clients: the `base`, which is the smallest +possible unit and the `display`, which is the unit that is commonly referred to in human communication +and on exchanges. The values in those fields link to an entry in the list of denominations. + +The list in `denom_units` and the `display` entry may be changed via governance. + +As a result, we can define the type as follows: + +```protobuf +message DenomUnit { + string denom = 1; + uint32 exponent = 2; + repeated string aliases = 3; +} + +message Metadata { + string description = 1; + repeated DenomUnit denom_units = 2; + string base = 3; + string display = 4; +} +``` + +As an example, the ATOM's metadata can be defined as follows: + +```json +{ + "name": "atom", + "description": "The native staking token of the Cosmos Hub.", + "denom_units": [ + { + "denom": "uatom", + "exponent": 0, + "aliases": [ + "microatom" + ], + }, + { + "denom": "matom", + "exponent": 3, + "aliases": [ + "milliatom" + ] + }, + { + "denom": "atom", + "exponent": 6, + } + ], + "base": "uatom", + "display": "atom", +} +``` + +Given the above metadata, a client may infer the following things: + +* 4.3atom = 4.3 * (10^6) = 4,300,000uatom +* The string "atom" can be used as a display name in a list of tokens. +* The balance 4300000 can be displayed as 4,300,000uatom or 4,300matom or 4.3atom. + The `display` denomination 4.3atom is a good default if the authors of the client don't make + an explicit decision to choose a different representation. + +A client should be able to query for metadata by denom both via the CLI and REST interfaces. In +addition, we will add handlers to these interfaces to convert from any unit to another given unit, +as the base framework for this already exists in the Cosmos SDK. + +Finally, we need to ensure metadata exists in the `GenesisState` of the `x/bank` module which is also +indexed by the base `denom`. + +```go +type GenesisState struct { + SendEnabled bool `json:"send_enabled" yaml:"send_enabled"` + Balances []Balance `json:"balances" yaml:"balances"` + Supply sdk.Coins `json:"supply" yaml:"supply"` + DenomMetadata []Metadata `json:"denom_metadata" yaml:"denom_metadata"` +} +``` + +## Future Work + +In order for clients to avoid having to convert assets to the base denomination -- either manually or +via an endpoint, we may consider supporting automatic conversion of a given unit input. + +## Consequences + +### Positive + +* Provides clients, wallet providers and block explorers with additional data on + asset denomination to improve UX and remove any need to make assumptions on + denomination units. + +### Negative + +* A small amount of required additional storage in the `x/bank` module. The amount + of additional storage should be minimal as the amount of total assets should not + be large. + +### Neutral + +## References diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-027-deterministic-protobuf-serialization.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-027-deterministic-protobuf-serialization.md new file mode 100644 index 00000000..66ce6e2b --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-027-deterministic-protobuf-serialization.md @@ -0,0 +1,314 @@ +# ADR 027: Deterministic Protobuf Serialization + +## Changelog + +* 2020-08-07: Initial Draft +* 2020-09-01: Further clarify rules + +## Status + +Proposed + +## Abstract + +Fully deterministic structure serialization, which works across many languages and clients, +is needed when signing messages. We need to be sure that whenever we serialize +a data structure, no matter in which supported language, the raw bytes +will stay the same. +[Protobuf](https://developers.google.com/protocol-buffers/docs/proto3) +serialization is not bijective (i.e. there exist a practically unlimited number of +valid binary representations for a given protobuf document)1. + +This document describes a deterministic serialization scheme for +a subset of protobuf documents, that covers this use case but can be reused in +other cases as well. + +### Context + +For signature verification in Cosmos SDK, the signer and verifier need to agree on +the same serialization of a `SignDoc` as defined in +[ADR-020](./adr-020-protobuf-transaction-encoding.md) without transmitting the +serialization. + +Currently, for block signatures we are using a workaround: we create a new [TxRaw](https://github.com/cosmos/cosmos-sdk/blob/9e85e81e0e8140067dd893421290c191529c148c/proto/cosmos/tx/v1beta1/tx.proto#L30) +instance (as defined in [adr-020-protobuf-transaction-encoding](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-020-protobuf-transaction-encoding.md#transactions)) +by converting all [Tx](https://github.com/cosmos/cosmos-sdk/blob/9e85e81e0e8140067dd893421290c191529c148c/proto/cosmos/tx/v1beta1/tx.proto#L13) +fields to bytes on the client side. This adds an additional manual +step when sending and signing transactions. + +### Decision + +The following encoding scheme is to be used by other ADRs, +and in particular for `SignDoc` serialization. + +## Specification + +### Scope + +This ADR defines a protobuf3 serializer. The output is a valid protobuf +serialization, such that every protobuf parser can parse it. + +No maps are supported in version 1 due to the complexity of defining a +deterministic serialization. This might change in future. Implementations must +reject documents containing maps as invalid input. + +### Background - Protobuf3 Encoding + +Most numeric types in protobuf3 are encoded as +[varints](https://developers.google.com/protocol-buffers/docs/encoding#varints). +Varints are at most 10 bytes, and since each varint byte has 7 bits of data, +varints are a representation of `uint70` (70-bit unsigned integer). When +encoding, numeric values are casted from their base type to `uint70`, and when +decoding, the parsed `uint70` is casted to the appropriate numeric type. + +The maximum valid value for a varint that complies with protobuf3 is +`FF FF FF FF FF FF FF FF FF 7F` (i.e. `2**70 -1`). If the field type is +`{,u,s}int64`, the highest 6 bits of the 70 are dropped during decoding, +introducing 6 bits of malleability. If the field type is `{,u,s}int32`, the +highest 38 bits of the 70 are dropped during decoding, introducing 38 bits of +malleability. + +Among other sources of non-determinism, this ADR eliminates the possibility of +encoding malleability. + +### Serialization rules + +The serialization is based on the +[protobuf3 encoding](https://developers.google.com/protocol-buffers/docs/encoding) +with the following additions: + +1. Fields must be serialized only once in ascending order +2. Extra fields or any extra data must not be added +3. [Default values](https://developers.google.com/protocol-buffers/docs/proto3#default) + must be omitted +4. `repeated` fields of scalar numeric types must use + [packed encoding](https://developers.google.com/protocol-buffers/docs/encoding#packed) +5. Varint encoding must not be longer than needed: + * No trailing zero bytes (in little endian, i.e. no leading zeroes in big + endian). Per rule 3 above, the default value of `0` must be omitted, so + this rule does not apply in such cases. + * The maximum value for a varint must be `FF FF FF FF FF FF FF FF FF 01`. + In other words, when decoded, the highest 6 bits of the 70-bit unsigned + integer must be `0`. (10-byte varints are 10 groups of 7 bits, i.e. + 70 bits, of which only the lowest 70-6=64 are useful.) + * The maximum value for 32-bit values in varint encoding must be `FF FF FF FF 0F` + with one exception (below). In other words, when decoded, the highest 38 + bits of the 70-bit unsigned integer must be `0`. + * The one exception to the above is _negative_ `int32`, which must be + encoded using the full 10 bytes for sign extension2. + * The maximum value for Boolean values in varint encoding must be `01` (i.e. + it must be `0` or `1`). Per rule 3 above, the default value of `0` must + be omitted, so if a Boolean is included it must have a value of `1`. + +While rule number 1. and 2. should be pretty straight forward and describe the +default behavior of all protobuf encoders the author is aware of, the 3rd rule +is more interesting. After a protobuf3 deserialization you cannot differentiate +between unset fields and fields set to the default value3. At +serialization level however, it is possible to set the fields with an empty +value or omitting them entirely. This is a significant difference to e.g. JSON +where a property can be empty (`""`, `0`), `null` or undefined, leading to 3 +different documents. + +Omitting fields set to default values is valid because the parser must assign +the default value to fields missing in the serialization4. For scalar +types, omitting defaults is required by the spec5. For `repeated` +fields, not serializing them is the only way to express empty lists. Enums must +have a first element of numeric value 0, which is the default6. And +message fields default to unset7. + +Omitting defaults allows for some amount of forward compatibility: users of +newer versions of a protobuf schema produce the same serialization as users of +older versions as long as newly added fields are not used (i.e. set to their +default value). + +### Implementation + +There are three main implementation strategies, ordered from the least to the +most custom development: + +* **Use a protobuf serializer that follows the above rules by default.** E.g. + [gogoproto](https://pkg.go.dev/github.com/cosmos/gogoproto/gogoproto) is known to + be compliant by in most cases, but not when certain annotations such as + `nullable = false` are used. It might also be an option to configure an + existing serializer accordingly. +* **Normalize default values before encoding them.** If your serializer follows + rule 1. and 2. and allows you to explicitly unset fields for serialization, + you can normalize default values to unset. This can be done when working with + [protobuf.js](https://www.npmjs.com/package/protobufjs): + + ```js + const bytes = SignDoc.encode({ + bodyBytes: body.length > 0 ? body : null, // normalize empty bytes to unset + authInfoBytes: authInfo.length > 0 ? authInfo : null, // normalize empty bytes to unset + chainId: chainId || null, // normalize "" to unset + accountNumber: accountNumber || null, // normalize 0 to unset + accountSequence: accountSequence || null, // normalize 0 to unset + }).finish(); + ``` + +* **Use a hand-written serializer for the types you need.** If none of the above + ways works for you, you can write a serializer yourself. For SignDoc this + would look something like this in Go, building on existing protobuf utilities: + + ```go + if !signDoc.body_bytes.empty() { + buf.WriteUVarInt64(0xA) // wire type and field number for body_bytes + buf.WriteUVarInt64(signDoc.body_bytes.length()) + buf.WriteBytes(signDoc.body_bytes) + } + + if !signDoc.auth_info.empty() { + buf.WriteUVarInt64(0x12) // wire type and field number for auth_info + buf.WriteUVarInt64(signDoc.auth_info.length()) + buf.WriteBytes(signDoc.auth_info) + } + + if !signDoc.chain_id.empty() { + buf.WriteUVarInt64(0x1a) // wire type and field number for chain_id + buf.WriteUVarInt64(signDoc.chain_id.length()) + buf.WriteBytes(signDoc.chain_id) + } + + if signDoc.account_number != 0 { + buf.WriteUVarInt64(0x20) // wire type and field number for account_number + buf.WriteUVarInt(signDoc.account_number) + } + + if signDoc.account_sequence != 0 { + buf.WriteUVarInt64(0x28) // wire type and field number for account_sequence + buf.WriteUVarInt(signDoc.account_sequence) + } + ``` + +### Test vectors + +Given the protobuf definition `Article.proto` + +```protobuf +package blog; +syntax = "proto3"; + +enum Type { + UNSPECIFIED = 0; + IMAGES = 1; + NEWS = 2; +}; + +enum Review { + UNSPECIFIED = 0; + ACCEPTED = 1; + REJECTED = 2; +}; + +message Article { + string title = 1; + string description = 2; + uint64 created = 3; + uint64 updated = 4; + bool public = 5; + bool promoted = 6; + Type type = 7; + Review review = 8; + repeated string comments = 9; + repeated string backlinks = 10; +}; +``` + +serializing the values + +```yaml +title: "The world needs change 🌳" +description: "" +created: 1596806111080 +updated: 0 +public: true +promoted: false +type: Type.NEWS +review: Review.UNSPECIFIED +comments: ["Nice one", "Thank you"] +backlinks: [] +``` + +must result in the serialization + +```text +0a1b54686520776f726c64206e65656473206368616e676520f09f8cb318e8bebec8bc2e280138024a084e696365206f6e654a095468616e6b20796f75 +``` + +When inspecting the serialized document, you see that every second field is +omitted: + +```shell +$ echo 0a1b54686520776f726c64206e65656473206368616e676520f09f8cb318e8bebec8bc2e280138024a084e696365206f6e654a095468616e6b20796f75 | xxd -r -p | protoc --decode_raw +1: "The world needs change \360\237\214\263" +3: 1596806111080 +5: 1 +7: 2 +9: "Nice one" +9: "Thank you" +``` + +## Consequences + +Having such an encoding available allows us to get deterministic serialization +for all protobuf documents we need in the context of Cosmos SDK signing. + +### Positive + +* Well defined rules that can be verified independent of a reference + implementation +* Simple enough to keep the barrier to implement transaction signing low +* It allows us to continue to use 0 and other empty values in SignDoc, avoiding + the need to work around 0 sequences. This does not imply the change from + https://github.com/cosmos/cosmos-sdk/pull/6949 should not be merged, but not + too important anymore. + +### Negative + +* When implementing transaction signing, the encoding rules above must be + understood and implemented. +* The need for rule number 3. adds some complexity to implementations. +* Some data structures may require custom code for serialization. Thus + the code is not very portable - it will require additional work for each + client implementing serialization to properly handle custom data structures. + +### Neutral + +### Usage in Cosmos SDK + +For the reasons mentioned above ("Negative" section) we prefer to keep workarounds +for shared data structure. Example: the aforementioned `TxRaw` is using raw bytes +as a workaround. This allows them to use any valid Protobuf library without +the need of implementing a custom serializer that adheres to this standard (and related risks of bugs). + +## References + +* 1 _When a message is serialized, there is no guaranteed order for + how its known or unknown fields should be written. Serialization order is an + implementation detail and the details of any particular implementation may + change in the future. Therefore, protocol buffer parsers must be able to parse + fields in any order._ from + https://developers.google.com/protocol-buffers/docs/encoding#order +* 2 https://developers.google.com/protocol-buffers/docs/encoding#signed_integers +* 3 _Note that for scalar message fields, once a message is parsed + there's no way of telling whether a field was explicitly set to the default + value (for example whether a boolean was set to false) or just not set at all: + you should bear this in mind when defining your message types. For example, + don't have a boolean that switches on some behavior when set to false if you + don't want that behavior to also happen by default._ from + https://developers.google.com/protocol-buffers/docs/proto3#default +* 4 _When a message is parsed, if the encoded message does not + contain a particular singular element, the corresponding field in the parsed + object is set to the default value for that field._ from + https://developers.google.com/protocol-buffers/docs/proto3#default +* 5 _Also note that if a scalar message field is set to its default, + the value will not be serialized on the wire._ from + https://developers.google.com/protocol-buffers/docs/proto3#default +* 6 _For enums, the default value is the first defined enum value, + which must be 0._ from + https://developers.google.com/protocol-buffers/docs/proto3#default +* 7 _For message fields, the field is not set. Its exact value is + language-dependent._ from + https://developers.google.com/protocol-buffers/docs/proto3#default +* Encoding rules and parts of the reasoning taken from + [canonical-proto3 Aaron Craelius](https://github.com/regen-network/canonical-proto3) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-028-public-key-addresses.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-028-public-key-addresses.md new file mode 100644 index 00000000..9f394f7a --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-028-public-key-addresses.md @@ -0,0 +1,342 @@ +# ADR 028: Public Key Addresses + +## Changelog + +* 2020/08/18: Initial version +* 2021/01/15: Analysis and algorithm update + +## Status + +Proposed + +## Abstract + +This ADR defines an address format for all addressable Cosmos SDK accounts. That includes: new public key algorithms, multisig public keys, and module accounts. + +## Context + +Issue [\#3685](https://github.com/cosmos/cosmos-sdk/issues/3685) identified that public key +address spaces are currently overlapping. We confirmed that it significantly decreases security of Cosmos SDK. + +### Problem + +An attacker can control an input for an address generation function. This leads to a birthday attack, which significantly decreases the security space. +To overcome this, we need to separate the inputs for different kind of account types: +a security break of one account type shouldn't impact the security of other account types. + +### Initial proposals + +One initial proposal was extending the address length and +adding prefixes for different types of addresses. + +@ethanfrey explained an alternate approach originally used in https://github.com/iov-one/weave: + +> I spent quite a bit of time thinking about this issue while building weave... The other cosmos Sdk. +> Basically I define a condition to be a type and format as human readable string with some binary data appended. This condition is hashed into an Address (again at 20 bytes). The use of this prefix makes it impossible to find a preimage for a given address with a different condition (eg ed25519 vs secp256k1). +> This is explained in depth here https://weave.readthedocs.io/en/latest/design/permissions.html +> And the code is here, look mainly at the top where we process conditions. https://github.com/iov-one/weave/blob/master/conditions.go + +And explained how this approach should be sufficiently collision resistant: + +> Yeah, AFAIK, 20 bytes should be collision resistance when the preimages are unique and not malleable. A space of 2^160 would expect some collision to be likely around 2^80 elements (birthday paradox). And if you want to find a collision for some existing element in the database, it is still 2^160. 2^80 only is if all these elements are written to state. +> The good example you brought up was eg. a public key bytes being a valid public key on two algorithms supported by the codec. Meaning if either was broken, you would break accounts even if they were secured with the safer variant. This is only as the issue when no differentiating type info is present in the preimage (before hashing into an address). +> I would like to hear an argument if the 20 bytes space is an actual issue for security, as I would be happy to increase my address sizes in weave. I just figured cosmos and ethereum and bitcoin all use 20 bytes, it should be good enough. And the arguments above which made me feel it was secure. But I have not done a deeper analysis. + +This led to the first proposal (which we proved to be not good enough): +we concatenate a key type with a public key, hash it and take the first 20 bytes of that hash, summarized as `sha256(keyTypePrefix || keybytes)[:20]`. + +### Review and Discussions + +In [\#5694](https://github.com/cosmos/cosmos-sdk/issues/5694) we discussed various solutions. +We agreed that 20 bytes it's not future proof, and extending the address length is the only way to allow addresses of different types, various signature types, etc. +This disqualifies the initial proposal. + +In the issue we discussed various modifications: + +* Choice of the hash function. +* Move the prefix out of the hash function: `keyTypePrefix + sha256(keybytes)[:20]` [post-hash-prefix-proposal]. +* Use double hashing: `sha256(keyTypePrefix + sha256(keybytes)[:20])`. +* Increase to keybytes hash slice from 20 byte to 32 or 40 bytes. We concluded that 32 bytes, produced by a good hash functions is future secure. + +### Requirements + +* Support currently used tools - we don't want to break an ecosystem, or add a long adaptation period. Ref: https://github.com/cosmos/cosmos-sdk/issues/8041 +* Try to keep the address length small - addresses are widely used in state, both as part of a key and object value. + +### Scope + +This ADR only defines a process for the generation of address bytes. For end-user interactions with addresses (through the API, or CLI, etc.), we still use bech32 to format these addresses as strings. This ADR doesn't change that. +Using Bech32 for string encoding gives us support for checksum error codes and handling of user typos. + +## Decision + +We define the following account types, for which we define the address function: + +1. simple accounts: represented by a regular public key (ie: secp256k1, sr25519) +2. naive multisig: accounts composed by other addressable objects (ie: naive multisig) +3. composed accounts with a native address key (ie: bls, group module accounts) +4. module accounts: basically any accounts which cannot sign transactions and which are managed internally by modules + +### Legacy Public Key Addresses Don't Change + +Currently (Jan 2021), the only officially supported Cosmos SDK user accounts are `secp256k1` basic accounts and legacy amino multisig. +They are used in existing Cosmos SDK zones. They use the following address formats: + +* secp256k1: `ripemd160(sha256(pk_bytes))[:20]` +* legacy amino multisig: `sha256(aminoCdc.Marshal(pk))[:20]` + +We don't want to change existing addresses. So the addresses for these two key types will remain the same. + +The current multisig public keys use amino serialization to generate the address. We will retain +those public keys and their address formatting, and call them "legacy amino" multisig public keys +in protobuf. We will also create multisig public keys without amino addresses to be described below. + +### Hash Function Choice + +As in other parts of the Cosmos SDK, we will use `sha256`. + +### Basic Address + +We start with defining a base algorithm for generating addresses which we will call `Hash`. Notably, it's used for accounts represented by a single key pair. For each public key schema we have to have an associated `typ` string, explained in the next section. `hash` is the cryptographic hash function defined in the previous section. + +```go +const A_LEN = 32 + +func Hash(typ string, key []byte) []byte { + return hash(hash(typ) + key)[:A_LEN] +} +``` + +The `+` is bytes concatenation, which doesn't use any separator. + +This algorithm is the outcome of a consultation session with a professional cryptographer. +Motivation: this algorithm keeps the address relatively small (length of the `typ` doesn't impact the length of the final address) +and it's more secure than [post-hash-prefix-proposal] (which uses the first 20 bytes of a pubkey hash, significantly reducing the address space). +Moreover the cryptographer motivated the choice of adding `typ` in the hash to protect against a switch table attack. + +`address.Hash` is a low level function to generate _base_ addresses for new key types. Example: + +* BLS: `address.Hash("bls", pubkey)` + +### Composed Addresses + +For simple composed accounts (like a new naive multisig) we generalize the `address.Hash`. The address is constructed by recursively creating addresses for the sub accounts, sorting the addresses and composing them into a single address. It ensures that the ordering of keys doesn't impact the resulting address. + +```go +// We don't need a PubKey interface - we need anything which is addressable. +type Addressable interface { + Address() []byte +} + +func Composed(typ string, subaccounts []Addressable) []byte { + addresses = map(subaccounts, \a -> LengthPrefix(a.Address())) + addresses = sort(addresses) + return address.Hash(typ, addresses[0] + ... + addresses[n]) +} +``` + +The `typ` parameter should be a schema descriptor, containing all significant attributes with deterministic serialization (eg: utf8 string). +`LengthPrefix` is a function which prepends 1 byte to the address. The value of that byte is the length of the address bits before prepending. The address must be at most 255 bits long. +We are using `LengthPrefix` to eliminate conflicts - it assures, that for 2 lists of addresses: `as = {a1, a2, ..., an}` and `bs = {b1, b2, ..., bm}` such that every `bi` and `ai` is at most 255 long, `concatenate(map(as, (a) => LengthPrefix(a))) = map(bs, (b) => LengthPrefix(b))` if `as = bs`. + +Implementation Tip: account implementations should cache addresses. + +#### Multisig Addresses + +For a new multisig public keys, we define the `typ` parameter not based on any encoding scheme (amino or protobuf). This avoids issues with non-determinism in the encoding scheme. + +Example: + +```protobuf +package cosmos.crypto.multisig; + +message PubKey { + uint32 threshold = 1; + repeated google.protobuf.Any pubkeys = 2; +} +``` + +```go +func (multisig PubKey) Address() { + // first gather all nested pub keys + var keys []address.Addressable // cryptotypes.PubKey implements Addressable + for _, _key := range multisig.Pubkeys { + keys = append(keys, key.GetCachedValue().(cryptotypes.PubKey)) + } + + // form the type from the message name (cosmos.crypto.multisig.PubKey) and the threshold joined together + prefix := fmt.Sprintf("%s/%d", proto.MessageName(multisig), multisig.Threshold) + + // use the Composed function defined above + return address.Composed(prefix, keys) +} +``` + + +### Derived Addresses + +We must be able to cryptographically derive one address from another one. The derivation process must guarantee hash properties, hence we use the already defined `Hash` function: + +```go +func Derive(address, derivationKey []byte) []byte { + return Hash(addres, derivationKey) +} +``` + +### Module Account Addresses + +A module account will have `"module"` type. Module accounts can have sub accounts. The submodule account will be created based on module name, and sequence of derivation keys. Typically, the first derivation key should be a class of the derived accounts. The derivation process has a defined order: module name, submodule key, subsubmodule key... An example module account is created using: + +```go +address.Module(moduleName, key) +``` + +An example sub-module account is created using: + +```go +groupPolicyAddresses := []byte{1} +address.Module(moduleName, groupPolicyAddresses, policyID) +``` + +The `address.Module` function is using `address.Hash` with `"module"` as the type argument, and byte representation of the module name concatenated with submodule key. The two last component must be uniquely separated to avoid potential clashes (example: modulename="ab" & submodulekey="bc" will have the same derivation key as modulename="a" & submodulekey="bbc"). +We use a null byte (`'\x00'`) to separate module name from the submodule key. This works, because null byte is not a part of a valid module name. Finally, the sub-submodule accounts are created by applying the `Derive` function recursively. +We could use `Derive` function also in the first step (rather than concatenating module name with zero byte and the submodule key). We decided to do concatenation to avoid one level of derivation and speed up computation. + +For backward compatibility with the existing `authtypes.NewModuleAddress`, we add a special case in `Module` function: when no derivation key is provided, we fallback to the "legacy" implementation. + +```go +func Module(moduleName string, derivationKeys ...[]byte) []byte{ + if len(derivationKeys) == 0 { + return authtypes.NewModuleAddress(modulenName) // legacy case + } + submoduleAddress := Hash("module", []byte(moduleName) + 0 + key) + return fold((a, k) => Derive(a, k), subsubKeys, submoduleAddress) +} +``` + +**Example 1** A lending BTC pool address would be: + +```go +btcPool := address.Module("lending", btc.Address()}) +``` + +If we want to create an address for a module account depending on more than one key, we can concatenate them: + +```go +btcAtomAMM := address.Module("amm", btc.Address() + atom.Address()}) +``` + +**Example 2** a smart-contract address could be constructed by: + +```go +smartContractAddr = Module("mySmartContractVM", smartContractsNamespace, smartContractKey}) + +// which equals to: +smartContractAddr = Derived( + Module("mySmartContractVM", smartContractsNamespace), + []{smartContractKey}) +``` + +### Schema Types + +A `typ` parameter used in `Hash` function SHOULD be unique for each account type. +Since all Cosmos SDK account types are serialized in the state, we propose to use the protobuf message name string. + +Example: all public key types have a unique protobuf message type similar to: + +```protobuf +package cosmos.crypto.sr25519; + +message PubKey { + bytes key = 1; +} +``` + +All protobuf messages have unique fully qualified names, in this example `cosmos.crypto.sr25519.PubKey`. +These names are derived directly from .proto files in a standardized way and used +in other places such as the type URL in `Any`s. We can easily obtain the name using +`proto.MessageName(msg)`. + +## Consequences + +### Backwards Compatibility + +This ADR is compatible with what was committed and directly supported in the Cosmos SDK repository. + +### Positive + +* a simple algorithm for generating addresses for new public keys, complex accounts and modules +* the algorithm generalizes _native composed keys_ +* increased security and collision resistance of addresses +* the approach is extensible for future use-cases - one can use other address types, as long as they don't conflict with the address length specified here (20 or 32 bytes). +* support new account types. + +### Negative + +* addresses do not communicate key type, a prefixed approach would have done this +* addresses are 60% longer and will consume more storage space +* requires a refactor of KVStore store keys to handle variable length addresses + +### Neutral + +* protobuf message names are used as key type prefixes + +## Further Discussions + +Some accounts can have a fixed name or may be constructed in other way (eg: modules). We were discussing an idea of an account with a predefined name (eg: `me.regen`), which could be used by institutions. +Without going into details, these kinds of addresses are compatible with the hash based addresses described here as long as they don't have the same length. +More specifically, any special account address must not have a length equal to 20 or 32 bytes. + +## Appendix: Consulting session + +End of Dec 2020 we had a session with [Alan Szepieniec](https://scholar.google.be/citations?user=4LyZn8oAAAAJ&hl=en) to consult the approach presented above. + +Alan general observations: + +* we don’t need 2-preimage resistance +* we need 32bytes address space for collision resistance +* when an attacker can control an input for object with an address then we have a problem with birthday attack +* there is an issue with smart-contracts for hashing +* sha2 mining can be use to breaking address pre-image + +Hashing algorithm + +* any attack breaking blake3 will break blake2 +* Alan is pretty confident about the current security analysis of the blake hash algorithm. It was a finalist, and the author is well known in security analysis. + +Algorithm: + +* Alan recommends to hash the prefix: `address(pub_key) = hash(hash(key_type) + pub_key)[:32]`, main benefits: + * we are free to user arbitrary long prefix names + * we still don’t risk collisions + * switch tables +* discussion about penalization -> about adding prefix post hash +* Aaron asked about post hash prefixes (`address(pub_key) = key_type + hash(pub_key)`) and differences. Alan noted that this approach has longer address space and it’s stronger. + +Algorithm for complex / composed keys: + +* merging tree like addresses with same algorithm are fine + +Module addresses: Should module addresses have different size to differentiate it? + +* we will need to set a pre-image prefix for module addresse to keept them in 32-byte space: `hash(hash('module') + module_key)` +* Aaron observation: we already need to deal with variable length (to not break secp256k1 keys). + +Discssion about arithmetic hash function for ZKP + +* Posseidon / Rescue +* Problem: much bigger risk because we don’t know much techniques and history of crypto-analysis of arithmetic constructions. It’s still a new ground and area of active research. + +Post quantum signature size + +* Alan suggestion: Falcon: speed / size ration - very good. +* Aaron - should we think about it? + Alan: based on early extrapolation this thing will get able to break EC cryptography in 2050 . But that’s a lot of uncertainty. But there is magic happening with recurions / linking / simulation and that can speedup the progress. + +Other ideas + +* Let’s say we use same key and two different address algorithms for 2 different use cases. Is it still safe to use it? Alan: if we want to hide the public key (which is not our use case), then it’s less secure but there are fixes. + +### References + +* [Notes](https://hackmd.io/_NGWI4xZSbKzj1BkCqyZMw) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-029-fee-grant-module.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-029-fee-grant-module.md new file mode 100644 index 00000000..6b52556f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-029-fee-grant-module.md @@ -0,0 +1,153 @@ +# ADR 029: Fee Grant Module + +## Changelog + +* 2020/08/18: Initial Draft +* 2021/05/05: Removed height based expiration support and simplified naming. + +## Status + +Accepted + +## Context + +In order to make blockchain transactions, the signing account must possess a sufficient balance of the right denomination +in order to pay fees. There are classes of transactions where needing to maintain a wallet with sufficient fees is a +barrier to adoption. + +For instance, when proper permissions are setup, someone may temporarily delegate the ability to vote on proposals to +a "burner" account that is stored on a mobile phone with only minimal security. + +Other use cases include workers tracking items in a supply chain or farmers submitting field data for analytics +or compliance purposes. + +For all of these use cases, UX would be significantly enhanced by obviating the need for these accounts to always +maintain the appropriate fee balance. This is especially true if we wanted to achieve enterprise adoption for something +like supply chain tracking. + +While one solution would be to have a service that fills up these accounts automatically with the appropriate fees, a better UX +would be provided by allowing these accounts to pull from a common fee pool account with proper spending limits. +A single pool would reduce the churn of making lots of small "fill up" transactions and also more effectively leverages +the resources of the organization setting up the pool. + +## Decision + +As a solution we propose a module, `x/feegrant` which allows one account, the "granter" to grant another account, the "grantee" +an allowance to spend the granter's account balance for fees within certain well-defined limits. + +Fee allowances are defined by the extensible `FeeAllowanceI` interface: + +```go +type FeeAllowanceI { + // Accept can use fee payment requested as well as timestamp of the current block + // to determine whether or not to process this. This is checked in + // Keeper.UseGrantedFees and the return values should match how it is handled there. + // + // If it returns an error, the fee payment is rejected, otherwise it is accepted. + // The FeeAllowance implementation is expected to update it's internal state + // and will be saved again after an acceptance. + // + // If remove is true (regardless of the error), the FeeAllowance will be deleted from storage + // (eg. when it is used up). (See call to RevokeFeeAllowance in Keeper.UseGrantedFees) + Accept(ctx sdk.Context, fee sdk.Coins, msgs []sdk.Msg) (remove bool, err error) + + // ValidateBasic should evaluate this FeeAllowance for internal consistency. + // Don't allow negative amounts, or negative periods for example. + ValidateBasic() error +} +``` + +Two basic fee allowance types, `BasicAllowance` and `PeriodicAllowance` are defined to support known use cases: + +```protobuf +// BasicAllowance implements FeeAllowanceI with a one-time grant of tokens +// that optionally expires. The delegatee can use up to SpendLimit to cover fees. +message BasicAllowance { + // spend_limit specifies the maximum amount of tokens that can be spent + // by this allowance and will be updated as tokens are spent. If it is + // empty, there is no spend limit and any amount of coins can be spent. + repeated cosmos_sdk.v1.Coin spend_limit = 1; + + // expiration specifies an optional time when this allowance expires + google.protobuf.Timestamp expiration = 2; +} + +// PeriodicAllowance extends FeeAllowanceI to allow for both a maximum cap, +// as well as a limit per time period. +message PeriodicAllowance { + BasicAllowance basic = 1; + + // period specifies the time duration in which period_spend_limit coins can + // be spent before that allowance is reset + google.protobuf.Duration period = 2; + + // period_spend_limit specifies the maximum number of coins that can be spent + // in the period + repeated cosmos_sdk.v1.Coin period_spend_limit = 3; + + // period_can_spend is the number of coins left to be spent before the period_reset time + repeated cosmos_sdk.v1.Coin period_can_spend = 4; + + // period_reset is the time at which this period resets and a new one begins, + // it is calculated from the start time of the first transaction after the + // last period ended + google.protobuf.Timestamp period_reset = 5; +} + +``` + +Allowances can be granted and revoked using `MsgGrantAllowance` and `MsgRevokeAllowance`: + +```protobuf +// MsgGrantAllowance adds permission for Grantee to spend up to Allowance +// of fees from the account of Granter. +message MsgGrantAllowance { + string granter = 1; + string grantee = 2; + google.protobuf.Any allowance = 3; + } + + // MsgRevokeAllowance removes any existing FeeAllowance from Granter to Grantee. + message MsgRevokeAllowance { + string granter = 1; + string grantee = 2; + } +``` + +In order to use allowances in transactions, we add a new field `granter` to the transaction `Fee` type: + +```protobuf +package cosmos.tx.v1beta1; + +message Fee { + repeated cosmos.base.v1beta1.Coin amount = 1; + uint64 gas_limit = 2; + string payer = 3; + string granter = 4; +} +``` + +`granter` must either be left empty or must correspond to an account which has granted +a fee allowance to fee payer (either the first signer or the value of the `payer` field). + +A new `AnteDecorator` named `DeductGrantedFeeDecorator` will be created in order to process transactions with `fee_payer` +set and correctly deduct fees based on fee allowances. + +## Consequences + +### Positive + +* improved UX for use cases where it is cumbersome to maintain an account balance just for fees + +### Negative + +### Neutral + +* a new field must be added to the transaction `Fee` message and a new `AnteDecorator` must be +created to use it + +## References + +* Blog article describing initial work: https://medium.com/regen-network/hacking-the-cosmos-cosmwasm-and-key-management-a08b9f561d1b +* Initial public specification: https://gist.github.com/aaronc/b60628017352df5983791cad30babe56 +* Original subkeys proposal from B-harvest which influenced this design: https://github.com/cosmos/cosmos-sdk/issues/4480 diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-030-authz-module.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-030-authz-module.md new file mode 100644 index 00000000..5aab72c5 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-030-authz-module.md @@ -0,0 +1,258 @@ +# ADR 030: Authorization Module + +## Changelog + +* 2019-11-06: Initial Draft +* 2020-10-12: Updated Draft +* 2020-11-13: Accepted +* 2020-05-06: proto API updates, use `sdk.Msg` instead of `sdk.ServiceMsg` (the latter concept was removed from Cosmos SDK) +* 2022-04-20: Updated the `SendAuthorization` proto docs to clarify the `SpendLimit` is a required field. (Generic authorization can be used with bank msg type url to create limit less bank authorization) + +## Status + +Accepted + +## Abstract + +This ADR defines the `x/authz` module which allows accounts to grant authorizations to perform actions +on behalf of that account to other accounts. + +## Context + +The concrete use cases which motivated this module include: + +* the desire to delegate the ability to vote on proposals to other accounts besides the account which one has +delegated stake +* "sub-keys" functionality, as originally proposed in [\#4480](https://github.com/cosmos/cosmos-sdk/issues/4480) which +is a term used to describe the functionality provided by this module together with +the `fee_grant` module from [ADR 029](./adr-029-fee-grant-module.md) and the [group module](https://github.com/cosmos/cosmos-sdk/tree/main/x/group). + +The "sub-keys" functionality roughly refers to the ability for one account to grant some subset of its capabilities to +other accounts with possibly less robust, but easier to use security measures. For instance, a master account representing +an organization could grant the ability to spend small amounts of the organization's funds to individual employee accounts. +Or an individual (or group) with a multisig wallet could grant the ability to vote on proposals to any one of the member +keys. + +The current implementation is based on work done by the [Gaian's team at Hackatom Berlin 2019](https://github.com/cosmos-gaians/cosmos-sdk/tree/hackatom/x/delegation). + +## Decision + +We will create a module named `authz` which provides functionality for +granting arbitrary privileges from one account (the _granter_) to another account (the _grantee_). Authorizations +must be granted for a particular `Msg` service methods one by one using an implementation +of `Authorization` interface. + +### Types + +Authorizations determine exactly what privileges are granted. They are extensible +and can be defined for any `Msg` service method even outside of the module where +the `Msg` method is defined. `Authorization`s reference `Msg`s using their TypeURL. + +#### Authorization + +```go +type Authorization interface { + proto.Message + + // MsgTypeURL returns the fully-qualified Msg TypeURL (as described in ADR 020), + // which will process and accept or reject a request. + MsgTypeURL() string + + // Accept determines whether this grant permits the provided sdk.Msg to be performed, and if + // so provides an upgraded authorization instance. + Accept(ctx sdk.Context, msg sdk.Msg) (AcceptResponse, error) + + // ValidateBasic does a simple validation check that + // doesn't require access to any other information. + ValidateBasic() error +} + +// AcceptResponse instruments the controller of an authz message if the request is accepted +// and if it should be updated or deleted. +type AcceptResponse struct { + // If Accept=true, the controller can accept and authorization and handle the update. + Accept bool + // If Delete=true, the controller must delete the authorization object and release + // storage resources. + Delete bool + // Controller, who is calling Authorization.Accept must check if `Updated != nil`. If yes, + // it must use the updated version and handle the update on the storage level. + Updated Authorization +} +``` + +For example a `SendAuthorization` like this is defined for `MsgSend` that takes +a `SpendLimit` and updates it down to zero: + +```go +type SendAuthorization struct { + // SpendLimit specifies the maximum amount of tokens that can be spent + // by this authorization and will be updated as tokens are spent. This field is required. (Generic authorization + // can be used with bank msg type url to create limit less bank authorization). + SpendLimit sdk.Coins +} + +func (a SendAuthorization) MsgTypeURL() string { + return sdk.MsgTypeURL(&MsgSend{}) +} + +func (a SendAuthorization) Accept(ctx sdk.Context, msg sdk.Msg) (authz.AcceptResponse, error) { + mSend, ok := msg.(*MsgSend) + if !ok { + return authz.AcceptResponse{}, sdkerrors.ErrInvalidType.Wrap("type mismatch") + } + limitLeft, isNegative := a.SpendLimit.SafeSub(mSend.Amount) + if isNegative { + return authz.AcceptResponse{}, sdkerrors.ErrInsufficientFunds.Wrapf("requested amount is more than spend limit") + } + if limitLeft.IsZero() { + return authz.AcceptResponse{Accept: true, Delete: true}, nil + } + + return authz.AcceptResponse{Accept: true, Delete: false, Updated: &SendAuthorization{SpendLimit: limitLeft}}, nil +} +``` + +A different type of capability for `MsgSend` could be implemented +using the `Authorization` interface with no need to change the underlying +`bank` module. + +##### Small notes on `AcceptResponse` + +* The `AcceptResponse.Accept` field will be set to `true` if the authorization is accepted. +However, if it is rejected, the function `Accept` will raise an error (without setting `AcceptResponse.Accept` to `false`). + +* The `AcceptResponse.Updated` field will be set to a non-nil value only if there is a real change to the authorization. +If authorization remains the same (as is, for instance, always the case for a [`GenericAuthorization`](#genericauthorization)), +the field will be `nil`. + +### `Msg` Service + +```protobuf +service Msg { + // Grant grants the provided authorization to the grantee on the granter's + // account with the provided expiration time. + rpc Grant(MsgGrant) returns (MsgGrantResponse); + + // Exec attempts to execute the provided messages using + // authorizations granted to the grantee. Each message should have only + // one signer corresponding to the granter of the authorization. + rpc Exec(MsgExec) returns (MsgExecResponse); + + // Revoke revokes any authorization corresponding to the provided method name on the + // granter's account that has been granted to the grantee. + rpc Revoke(MsgRevoke) returns (MsgRevokeResponse); +} + +// Grant gives permissions to execute +// the provided method with expiration time. +message Grant { + google.protobuf.Any authorization = 1 [(cosmos_proto.accepts_interface) = "cosmos.authz.v1beta1.Authorization"]; + google.protobuf.Timestamp expiration = 2 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false]; +} + +message MsgGrant { + string granter = 1; + string grantee = 2; + + Grant grant = 3 [(gogoproto.nullable) = false]; +} + +message MsgExecResponse { + cosmos.base.abci.v1beta1.Result result = 1; +} + +message MsgExec { + string grantee = 1; + // Authorization Msg requests to execute. Each msg must implement Authorization interface + repeated google.protobuf.Any msgs = 2 [(cosmos_proto.accepts_interface) = "cosmos.base.v1beta1.Msg"];; +} +``` + +### Router Middleware + +The `authz` `Keeper` will expose a `DispatchActions` method which allows other modules to send `Msg`s +to the router based on `Authorization` grants: + +```go +type Keeper interface { + // DispatchActions routes the provided msgs to their respective handlers if the grantee was granted an authorization + // to send those messages by the first (and only) signer of each msg. + DispatchActions(ctx sdk.Context, grantee sdk.AccAddress, msgs []sdk.Msg) sdk.Result` +} +``` + +### CLI + +#### `tx exec` Method + +When a CLI user wants to run a transaction on behalf of another account using `MsgExec`, they +can use the `exec` method. For instance `gaiacli tx gov vote 1 yes --from --generate-only | gaiacli tx authz exec --send-as --from ` +would send a transaction like this: + +```go +MsgExec { + Grantee: mykey, + Msgs: []sdk.Msg{ + MsgVote { + ProposalID: 1, + Voter: cosmos3thsdgh983egh823 + Option: Yes + } + } +} +``` + +#### `tx grant --from ` + +This CLI command will send a `MsgGrant` transaction. `authorization` should be encoded as +JSON on the CLI. + +#### `tx revoke --from ` + +This CLI command will send a `MsgRevoke` transaction. + +### Built-in Authorizations + +#### `SendAuthorization` + +```protobuf +// SendAuthorization allows the grantee to spend up to spend_limit coins from +// the granter's account. +message SendAuthorization { + repeated cosmos.base.v1beta1.Coin spend_limit = 1; +} +``` + +#### `GenericAuthorization` + +```protobuf +// GenericAuthorization gives the grantee unrestricted permissions to execute +// the provided method on behalf of the granter's account. +message GenericAuthorization { + option (cosmos_proto.implements_interface) = "Authorization"; + + // Msg, identified by it's type URL, to grant unrestricted permissions to execute + string msg = 1; +} +``` + +## Consequences + +### Positive + +* Users will be able to authorize arbitrary actions on behalf of their accounts to other +users, improving key management for many use cases +* The solution is more generic than previously considered approaches and the +`Authorization` interface approach can be extended to cover other use cases by +SDK users + +### Negative + +### Neutral + +## References + +* Initial Hackatom implementation: https://github.com/cosmos-gaians/cosmos-sdk/tree/hackatom/x/delegation +* Post-Hackatom spec: https://gist.github.com/aaronc/b60628017352df5983791cad30babe56#delegation-module +* B-Harvest subkeys spec: https://github.com/cosmos/cosmos-sdk/issues/4480 diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-031-msg-service.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-031-msg-service.md new file mode 100644 index 00000000..861f4b3f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-031-msg-service.md @@ -0,0 +1,202 @@ +# ADR 031: Protobuf Msg Services + +## Changelog + +* 2020-10-05: Initial Draft +* 2021-04-21: Remove `ServiceMsg`s to follow Protobuf `Any`'s spec, see [#9063](https://github.com/cosmos/cosmos-sdk/issues/9063). + +## Status + +Accepted + +## Abstract + +We want to leverage protobuf `service` definitions for defining `Msg`s which will give us significant developer UX +improvements in terms of the code that is generated and the fact that return types will now be well defined. + +## Context + +Currently `Msg` handlers in the Cosmos SDK do have return values that are placed in the `data` field of the response. +These return values, however, are not specified anywhere except in the golang handler code. + +In early conversations [it was proposed](https://docs.google.com/document/d/1eEgYgvgZqLE45vETjhwIw4VOqK-5hwQtZtjVbiXnIGc/edit) +that `Msg` return types be captured using a protobuf extension field, ex: + +```protobuf +package cosmos.gov; + +message MsgSubmitProposal + option (cosmos_proto.msg_return) = “uint64”; + string delegator_address = 1; + string validator_address = 2; + repeated sdk.Coin amount = 3; +} +``` + +This was never adopted, however. + +Having a well-specified return value for `Msg`s would improve client UX. For instance, +in `x/gov`, `MsgSubmitProposal` returns the proposal ID as a big-endian `uint64`. +This isn’t really documented anywhere and clients would need to know the internals +of the Cosmos SDK to parse that value and return it to users. + +Also, there may be cases where we want to use these return values programatically. +For instance, https://github.com/cosmos/cosmos-sdk/issues/7093 proposes a method for +doing inter-module Ocaps using the `Msg` router. A well-defined return type would +improve the developer UX for this approach. + +In addition, handler registration of `Msg` types tends to add a bit of +boilerplate on top of keepers and is usually done through manual type switches. +This isn't necessarily bad, but it does add overhead to creating modules. + +## Decision + +We decide to use protobuf `service` definitions for defining `Msg`s as well as +the code generated by them as a replacement for `Msg` handlers. + +Below we define how this will look for the `SubmitProposal` message from `x/gov` module. +We start with a `Msg` `service` definition: + +```protobuf +package cosmos.gov; + +service Msg { + rpc SubmitProposal(MsgSubmitProposal) returns (MsgSubmitProposalResponse); +} + +// Note that for backwards compatibility this uses MsgSubmitProposal as the request +// type instead of the more canonical MsgSubmitProposalRequest +message MsgSubmitProposal { + google.protobuf.Any content = 1; + string proposer = 2; +} + +message MsgSubmitProposalResponse { + uint64 proposal_id; +} +``` + +While this is most commonly used for gRPC, overloading protobuf `service` definitions like this does not violate +the intent of the [protobuf spec](https://developers.google.com/protocol-buffers/docs/proto3#services) which says: +> If you don’t want to use gRPC, it’s also possible to use protocol buffers with your own RPC implementation. +With this approach, we would get an auto-generated `MsgServer` interface: + +In addition to clearly specifying return types, this has the benefit of generating client and server code. On the server +side, this is almost like an automatically generated keeper method and could maybe be used intead of keepers eventually +(see [\#7093](https://github.com/cosmos/cosmos-sdk/issues/7093)): + +```go +package gov + +type MsgServer interface { + SubmitProposal(context.Context, *MsgSubmitProposal) (*MsgSubmitProposalResponse, error) +} +``` + +On the client side, developers could take advantage of this by creating RPC implementations that encapsulate transaction +logic. Protobuf libraries that use asynchronous callbacks, like [protobuf.js](https://github.com/protobufjs/protobuf.js#using-services) +could use this to register callbacks for specific messages even for transactions that include multiple `Msg`s. + +Each `Msg` service method should have exactly one request parameter: its corresponding `Msg` type. For example, the `Msg` service method `/cosmos.gov.v1beta1.Msg/SubmitProposal` above has exactly one request parameter, namely the `Msg` type `/cosmos.gov.v1beta1.MsgSubmitProposal`. It is important the reader understands clearly the nomenclature difference between a `Msg` service (a Protobuf service) and a `Msg` type (a Protobuf message), and the differences in their fully-qualified name. + +This convention has been decided over the more canonical `Msg...Request` names mainly for backwards compatibility, but also for better readability in `TxBody.messages` (see [Encoding section](#encoding) below): transactions containing `/cosmos.gov.MsgSubmitProposal` read better than those containing `/cosmos.gov.v1beta1.MsgSubmitProposalRequest`. + +One consequence of this convention is that each `Msg` type can be the request parameter of only one `Msg` service method. However, we consider this limitation a good practice in explicitness. + +### Encoding + +Encoding of transactions generated with `Msg` services do not differ from current Protobuf transaction encoding as defined in [ADR-020](./adr-020-protobuf-transaction-encoding.md). We are encoding `Msg` types (which are exactly `Msg` service methods' request parameters) as `Any` in `Tx`s which involves packing the +binary-encoded `Msg` with its type URL. + +### Decoding + +Since `Msg` types are packed into `Any`, decoding transactions messages are done by unpacking `Any`s into `Msg` types. For more information, please refer to [ADR-020](./adr-020-protobuf-transaction-encoding.md#transactions). + +### Routing + +We propose to add a `msg_service_router` in BaseApp. This router is a key/value map which maps `Msg` types' `type_url`s to their corresponding `Msg` service method handler. Since there is a 1-to-1 mapping between `Msg` types and `Msg` service method, the `msg_service_router` has exactly one entry per `Msg` service method. + +When a transaction is processed by BaseApp (in CheckTx or in DeliverTx), its `TxBody.messages` are decoded as `Msg`s. Each `Msg`'s `type_url` is matched against an entry in the `msg_service_router`, and the respective `Msg` service method handler is called. + +For backward compatability, the old handlers are not removed yet. If BaseApp receives a legacy `Msg` with no correspoding entry in the `msg_service_router`, it will be routed via its legacy `Route()` method into the legacy handler. + +### Module Configuration + +In [ADR 021](./adr-021-protobuf-query-encoding.md), we introduced a method `RegisterQueryService` +to `AppModule` which allows for modules to register gRPC queriers. + +To register `Msg` services, we attempt a more extensible approach by converting `RegisterQueryService` +to a more generic `RegisterServices` method: + +```go +type AppModule interface { + RegisterServices(Configurator) + ... +} + +type Configurator interface { + QueryServer() grpc.Server + MsgServer() grpc.Server +} + +// example module: +func (am AppModule) RegisterServices(cfg Configurator) { + types.RegisterQueryServer(cfg.QueryServer(), keeper) + types.RegisterMsgServer(cfg.MsgServer(), keeper) +} +``` + +The `RegisterServices` method and the `Configurator` interface are intended to +evolve to satisfy the use cases discussed in [\#7093](https://github.com/cosmos/cosmos-sdk/issues/7093) +and [\#7122](https://github.com/cosmos/cosmos-sdk/issues/7421). + +When `Msg` services are registered, the framework _should_ verify that all `Msg` types +implement the `sdk.Msg` interface and throw an error during initialization rather +than later when transactions are processed. + +### `Msg` Service Implementation + +Just like query services, `Msg` service methods can retrieve the `sdk.Context` +from the `context.Context` parameter method using the `sdk.UnwrapSDKContext` +method: + +```go +package gov + +func (k Keeper) SubmitProposal(goCtx context.Context, params *types.MsgSubmitProposal) (*MsgSubmitProposalResponse, error) { + ctx := sdk.UnwrapSDKContext(goCtx) + ... +} +``` + +The `sdk.Context` should have an `EventManager` already attached by BaseApp's `msg_service_router`. + +Separate handler definition is no longer needed with this approach. + +## Consequences + +This design changes how a module functionality is exposed and accessed. It deprecates the existing `Handler` interface and `AppModule.Route` in favor of [Protocol Buffer Services](https://developers.google.com/protocol-buffers/docs/proto3#services) and Service Routing described above. This dramatically simplifies the code. We don't need to create handlers and keepers any more. Use of Protocol Buffer auto-generated clients clearly separates the communication interfaces between the module and a modules user. The control logic (aka handlers and keepers) is not exposed any more. A module interface can be seen as a black box accessible through a client API. It's worth to note that the client interfaces are also generated by Protocol Buffers. + +This also allows us to change how we perform functional tests. Instead of mocking AppModules and Router, we will mock a client (server will stay hidden). More specifically: we will never mock `moduleA.MsgServer` in `moduleB`, but rather `moduleA.MsgClient`. One can think about it as working with external services (eg DBs, or online servers...). We assume that the transmission between clients and servers is correctly handled by generated Protocol Buffers. + +Finally, closing a module to client API opens desirable OCAP patterns discussed in ADR-033. Since server implementation and interface is hidden, nobody can hold "keepers"/servers and will be forced to relay on the client interface, which will drive developers for correct encapsulation and software engineering patterns. + +### Pros + +* communicates return type clearly +* manual handler registration and return type marshaling is no longer needed, just implement the interface and register it +* communication interface is automatically generated, the developer can now focus only on the state transition methods - this would improve the UX of [\#7093](https://github.com/cosmos/cosmos-sdk/issues/7093) approach (1) if we chose to adopt that +* generated client code could be useful for clients and tests +* dramatically reduces and simplifies the code + +### Cons + +* using `service` definitions outside the context of gRPC could be confusing (but doesn’t violate the proto3 spec) + +## References + +* [Initial Github Issue \#7122](https://github.com/cosmos/cosmos-sdk/issues/7122) +* [proto 3 Language Guide: Defining Services](https://developers.google.com/protocol-buffers/docs/proto3#services) +* [Initial pre-`Any` `Msg` designs](https://docs.google.com/document/d/1eEgYgvgZqLE45vETjhwIw4VOqK-5hwQtZtjVbiXnIGc) +* [ADR 020](./adr-020-protobuf-transaction-encoding.md) +* [ADR 021](./adr-021-protobuf-query-encoding.md) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-032-typed-events.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-032-typed-events.md new file mode 100644 index 00000000..c1dd0a73 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-032-typed-events.md @@ -0,0 +1,319 @@ +# ADR 032: Typed Events + +## Changelog + +* 28-Sept-2020: Initial Draft + +## Authors + +* Anil Kumar (@anilcse) +* Jack Zampolin (@jackzampolin) +* Adam Bozanich (@boz) + +## Status + +Proposed + +## Abstract + +Currently in the Cosmos SDK, events are defined in the handlers for each message as well as `BeginBlock` and `EndBlock`. Each module doesn't have types defined for each event, they are implemented as `map[string]string`. Above all else this makes these events difficult to consume as it requires a great deal of raw string matching and parsing. This proposal focuses on updating the events to use **typed events** defined in each module such that emiting and subscribing to events will be much easier. This workflow comes from the experience of the Akash Network team. + +## Context + +Currently in the Cosmos SDK, events are defined in the handlers for each message, meaning each module doesn't have a cannonical set of types for each event. Above all else this makes these events difficult to consume as it requires a great deal of raw string matching and parsing. This proposal focuses on updating the events to use **typed events** defined in each module such that emiting and subscribing to events will be much easier. This workflow comes from the experience of the Akash Network team. + +[Our platform](http://github.com/ovrclk/akash) requires a number of programatic on chain interactions both on the provider (datacenter - to bid on new orders and listen for leases created) and user (application developer - to send the app manifest to the provider) side. In addition the Akash team is now maintaining the IBC [`relayer`](https://github.com/ovrclk/relayer), another very event driven process. In working on these core pieces of infrastructure, and integrating lessons learned from Kubernetes developement, our team has developed a standard method for defining and consuming typed events in Cosmos SDK modules. We have found that it is extremely useful in building this type of event driven application. + +As the Cosmos SDK gets used more extensively for apps like `peggy`, other peg zones, IBC, DeFi, etc... there will be an exploding demand for event driven applications to support new features desired by users. We propose upstreaming our findings into the Cosmos SDK to enable all Cosmos SDK applications to quickly and easily build event driven apps to aid their core application. Wallets, exchanges, explorers, and defi protocols all stand to benefit from this work. + +If this proposal is accepted, users will be able to build event driven Cosmos SDK apps in go by just writing `EventHandler`s for their specific event types and passing them to `EventEmitters` that are defined in the Cosmos SDK. + +The end of this proposal contains a detailed example of how to consume events after this refactor. + +This proposal is specifically about how to consume these events as a client of the blockchain, not for intermodule communication. + +## Decision + +**Step-1**: Implement additional functionality in the `types` package: `EmitTypedEvent` and `ParseTypedEvent` functions + +```go +// types/events.go + +// EmitTypedEvent takes typed event and emits converting it into sdk.Event +func (em *EventManager) EmitTypedEvent(event proto.Message) error { + evtType := proto.MessageName(event) + evtJSON, err := codec.ProtoMarshalJSON(event) + if err != nil { + return err + } + + var attrMap map[string]json.RawMessage + err = json.Unmarshal(evtJSON, &attrMap) + if err != nil { + return err + } + + var attrs []abci.EventAttribute + for k, v := range attrMap { + attrs = append(attrs, abci.EventAttribute{ + Key: []byte(k), + Value: v, + }) + } + + em.EmitEvent(Event{ + Type: evtType, + Attributes: attrs, + }) + + return nil +} + +// ParseTypedEvent converts abci.Event back to typed event +func ParseTypedEvent(event abci.Event) (proto.Message, error) { + concreteGoType := proto.MessageType(event.Type) + if concreteGoType == nil { + return nil, fmt.Errorf("failed to retrieve the message of type %q", event.Type) + } + + var value reflect.Value + if concreteGoType.Kind() == reflect.Ptr { + value = reflect.New(concreteGoType.Elem()) + } else { + value = reflect.Zero(concreteGoType) + } + + protoMsg, ok := value.Interface().(proto.Message) + if !ok { + return nil, fmt.Errorf("%q does not implement proto.Message", event.Type) + } + + attrMap := make(map[string]json.RawMessage) + for _, attr := range event.Attributes { + attrMap[string(attr.Key)] = attr.Value + } + + attrBytes, err := json.Marshal(attrMap) + if err != nil { + return nil, err + } + + err = jsonpb.Unmarshal(strings.NewReader(string(attrBytes)), protoMsg) + if err != nil { + return nil, err + } + + return protoMsg, nil +} +``` + +Here, the `EmitTypedEvent` is a method on `EventManager` which takes typed event as input and apply json serialization on it. Then it maps the JSON key/value pairs to `event.Attributes` and emits it in form of `sdk.Event`. `Event.Type` will be the type URL of the proto message. + +When we subscribe to emitted events on the CometBFT websocket, they are emitted in the form of an `abci.Event`. `ParseTypedEvent` parses the event back to it's original proto message. + +**Step-2**: Add proto definitions for typed events for msgs in each module: + +For example, let's take `MsgSubmitProposal` of `gov` module and implement this event's type. + +```protobuf +// proto/cosmos/gov/v1beta1/gov.proto +// Add typed event definition + +package cosmos.gov.v1beta1; + +message EventSubmitProposal { + string from_address = 1; + uint64 proposal_id = 2; + TextProposal proposal = 3; +} +``` + +**Step-3**: Refactor event emission to use the typed event created and emit using `sdk.EmitTypedEvent`: + +```go +// x/gov/handler.go +func handleMsgSubmitProposal(ctx sdk.Context, keeper keeper.Keeper, msg types.MsgSubmitProposalI) (*sdk.Result, error) { + ... + types.Context.EventManager().EmitTypedEvent( + &EventSubmitProposal{ + FromAddress: fromAddress, + ProposalId: id, + Proposal: proposal, + }, + ) + ... +} +``` + +### How to subscribe to these typed events in `Client` + +> NOTE: Full code example below + +Users will be able to subscribe using `client.Context.Client.Subscribe` and consume events which are emitted using `EventHandler`s. + +Akash Network has built a simple [`pubsub`](https://github.com/ovrclk/akash/blob/90d258caeb933b611d575355b8df281208a214f8/pubsub/bus.go#L20). This can be used to subscribe to `abci.Events` and [publish](https://github.com/ovrclk/akash/blob/90d258caeb933b611d575355b8df281208a214f8/events/publish.go#L21) them as typed events. + +Please see the below code sample for more detail on this flow looks for clients. + +## Consequences + +### Positive + +* Improves consistency of implementation for the events currently in the Cosmos SDK +* Provides a much more ergonomic way to handle events and facilitates writing event driven applications +* This implementation will support a middleware ecosystem of `EventHandler`s + +### Negative + +## Detailed code example of publishing events + +This ADR also proposes adding affordances to emit and consume these events. This way developers will only need to write +`EventHandler`s which define the actions they desire to take. + +```go +// EventEmitter is a type that describes event emitter functions +// This should be defined in `types/events.go` +type EventEmitter func(context.Context, client.Context, ...EventHandler) error + +// EventHandler is a type of function that handles events coming out of the event bus +// This should be defined in `types/events.go` +type EventHandler func(proto.Message) error + +// Sample use of the functions below +func main() { + ctx, cancel := context.WithCancel(context.Background()) + + if err := TxEmitter(ctx, client.Context{}.WithNodeURI("tcp://localhost:26657"), SubmitProposalEventHandler); err != nil { + cancel() + panic(err) + } + + return +} + +// SubmitProposalEventHandler is an example of an event handler that prints proposal details +// when any EventSubmitProposal is emitted. +func SubmitProposalEventHandler(ev proto.Message) (err error) { + switch event := ev.(type) { + // Handle governance proposal events creation events + case govtypes.EventSubmitProposal: + // Users define business logic here e.g. + fmt.Println(ev.FromAddress, ev.ProposalId, ev.Proposal) + return nil + default: + return nil + } +} + +// TxEmitter is an example of an event emitter that emits just transaction events. This can and +// should be implemented somewhere in the Cosmos SDK. The Cosmos SDK can include an EventEmitters for tm.event='Tx' +// and/or tm.event='NewBlock' (the new block events may contain typed events) +func TxEmitter(ctx context.Context, cliCtx client.Context, ehs ...EventHandler) (err error) { + // Instantiate and start CometBFT RPC client + client, err := cliCtx.GetNode() + if err != nil { + return err + } + + if err = client.Start(); err != nil { + return err + } + + // Start the pubsub bus + bus := pubsub.NewBus() + defer bus.Close() + + // Initialize a new error group + eg, ctx := errgroup.WithContext(ctx) + + // Publish chain events to the pubsub bus + eg.Go(func() error { + return PublishChainTxEvents(ctx, client, bus, simapp.ModuleBasics) + }) + + // Subscribe to the bus events + subscriber, err := bus.Subscribe() + if err != nil { + return err + } + + // Handle all the events coming out of the bus + eg.Go(func() error { + var err error + for { + select { + case <-ctx.Done(): + return nil + case <-subscriber.Done(): + return nil + case ev := <-subscriber.Events(): + for _, eh := range ehs { + if err = eh(ev); err != nil { + break + } + } + } + } + return nil + }) + + return group.Wait() +} + +// PublishChainTxEvents events using cmtclient. Waits on context shutdown signals to exit. +func PublishChainTxEvents(ctx context.Context, client cmtclient.EventsClient, bus pubsub.Bus, mb module.BasicManager) (err error) { + // Subscribe to transaction events + txch, err := client.Subscribe(ctx, "txevents", "tm.event='Tx'", 100) + if err != nil { + return err + } + + // Unsubscribe from transaction events on function exit + defer func() { + err = client.UnsubscribeAll(ctx, "txevents") + }() + + // Use errgroup to manage concurrency + g, ctx := errgroup.WithContext(ctx) + + // Publish transaction events in a goroutine + g.Go(func() error { + var err error + for { + select { + case <-ctx.Done(): + break + case ed := <-ch: + switch evt := ed.Data.(type) { + case cmttypes.EventDataTx: + if !evt.Result.IsOK() { + continue + } + // range over events, parse them using the basic manager and + // send them to the pubsub bus + for _, abciEv := range events { + typedEvent, err := sdk.ParseTypedEvent(abciEv) + if err != nil { + return er + } + if err := bus.Publish(typedEvent); err != nil { + bus.Close() + return + } + continue + } + } + } + } + return err + }) + + // Exit on error or context cancelation + return g.Wait() +} +``` + +## References + +* [Publish Custom Events via a bus](https://github.com/ovrclk/akash/blob/90d258caeb933b611d575355b8df281208a214f8/events/publish.go#L19-L58) +* [Consuming the events in `Client`](https://github.com/ovrclk/deploy/blob/bf6c633ab6c68f3026df59efd9982d6ca1bf0561/cmd/event-handlers.go#L57) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-033-protobuf-inter-module-comm.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-033-protobuf-inter-module-comm.md new file mode 100644 index 00000000..28c69a91 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-033-protobuf-inter-module-comm.md @@ -0,0 +1,400 @@ +# ADR 033: Protobuf-based Inter-Module Communication + +## Changelog + +* 2020-10-05: Initial Draft + +## Status + +Proposed + +## Abstract + +This ADR introduces a system for permissioned inter-module communication leveraging the protobuf `Query` and `Msg` +service definitions defined in [ADR 021](./adr-021-protobuf-query-encoding.md) and +[ADR 031](./adr-031-msg-service.md) which provides: + +* stable protobuf based module interfaces to potentially later replace the keeper paradigm +* stronger inter-module object capabilities (OCAPs) guarantees +* module accounts and sub-account authorization + +## Context + +In the current Cosmos SDK documentation on the [Object-Capability Model](../../learn/advanced/10-ocap.md), it is stated that: + +> We assume that a thriving ecosystem of Cosmos SDK modules that are easy to compose into a blockchain application will contain faulty or malicious modules. + +There is currently not a thriving ecosystem of Cosmos SDK modules. We hypothesize that this is in part due to: + +1. lack of a stable v1.0 Cosmos SDK to build modules off of. Module interfaces are changing, sometimes dramatically, from +point release to point release, often for good reasons, but this does not create a stable foundation to build on. +2. lack of a properly implemented object capability or even object-oriented encapsulation system which makes refactors +of module keeper interfaces inevitable because the current interfaces are poorly constrained. + +### `x/bank` Case Study + +Currently the `x/bank` keeper gives pretty much unrestricted access to any module which references it. For instance, the +`SetBalance` method allows the caller to set the balance of any account to anything, bypassing even proper tracking of supply. + +There appears to have been some later attempts to implement some semblance of OCAPs using module-level minting, staking +and burning permissions. These permissions allow a module to mint, burn or delegate tokens with reference to the module’s +own account. These permissions are actually stored as a `[]string` array on the `ModuleAccount` type in state. + +However, these permissions don’t really do much. They control what modules can be referenced in the `MintCoins`, +`BurnCoins` and `DelegateCoins***` methods, but for one there is no unique object capability token that controls access — +just a simple string. So the `x/upgrade` module could mint tokens for the `x/staking` module simple by calling +`MintCoins(“staking”)`. Furthermore, all modules which have access to these keeper methods, also have access to +`SetBalance` negating any other attempt at OCAPs and breaking even basic object-oriented encapsulation. + +## Decision + +Based on [ADR-021](./adr-021-protobuf-query-encoding.md) and [ADR-031](./adr-031-msg-service.md), we introduce the +Inter-Module Communication framework for secure module authorization and OCAPs. +When implemented, this could also serve as an alternative to the existing paradigm of passing keepers between +modules. The approach outlined here-in is intended to form the basis of a Cosmos SDK v1.0 that provides the necessary +stability and encapsulation guarantees that allow a thriving module ecosystem to emerge. + +Of particular note — the decision is to _enable_ this functionality for modules to adopt at their own discretion. +Proposals to migrate existing modules to this new paradigm will have to be a separate conversation, potentially +addressed as amendments to this ADR. + +### New "Keeper" Paradigm + +In [ADR 021](./adr-021-protobuf-query-encoding.md), a mechanism for using protobuf service definitions to define queriers +was introduced and in [ADR 31](./adr-031-msg-service.md), a mechanism for using protobuf service to define `Msg`s was added. +Protobuf service definitions generate two golang interfaces representing the client and server sides of a service plus +some helper code. Here is a minimal example for the bank `cosmos.bank.Msg/Send` message type: + +```go +package bank + +type MsgClient interface { + Send(context.Context, *MsgSend, opts ...grpc.CallOption) (*MsgSendResponse, error) +} + +type MsgServer interface { + Send(context.Context, *MsgSend) (*MsgSendResponse, error) +} +``` + +[ADR 021](./adr-021-protobuf-query-encoding.md) and [ADR 31](./adr-031-msg-service.md) specifies how modules can implement the generated `QueryServer` +and `MsgServer` interfaces as replacements for the legacy queriers and `Msg` handlers respectively. + +In this ADR we explain how modules can make queries and send `Msg`s to other modules using the generated `QueryClient` +and `MsgClient` interfaces and propose this mechanism as a replacement for the existing `Keeper` paradigm. To be clear, +this ADR does not necessitate the creation of new protobuf definitions or services. Rather, it leverages the same proto +based service interfaces already used by clients for inter-module communication. + +Using this `QueryClient`/`MsgClient` approach has the following key benefits over exposing keepers to external modules: + +1. Protobuf types are checked for breaking changes using [buf](https://buf.build/docs/breaking-overview) and because of +the way protobuf is designed this will give us strong backwards compatibility guarantees while allowing for forward +evolution. +2. The separation between the client and server interfaces will allow us to insert permission checking code in between +the two which checks if one module is authorized to send the specified `Msg` to the other module providing a proper +object capability system (see below). +3. The router for inter-module communication gives us a convenient place to handle rollback of transactions, +enabling atomicy of operations ([currently a problem](https://github.com/cosmos/cosmos-sdk/issues/8030)). Any failure within a module-to-module call would result in a failure of the entire +transaction + +This mechanism has the added benefits of: + +* reducing boilerplate through code generation, and +* allowing for modules in other languages either via a VM like CosmWasm or sub-processes using gRPC + +### Inter-module Communication + +To use the `Client` generated by the protobuf compiler we need a `grpc.ClientConn` [interface](https://github.com/grpc/grpc-go/blob/v1.49.x/clientconn.go#L441-L450) +implementation. For this we introduce +a new type, `ModuleKey`, which implements the `grpc.ClientConn` interface. `ModuleKey` can be thought of as the "private +key" corresponding to a module account, where authentication is provided through use of a special `Invoker()` function, +described in more detail below. + +Blockchain users (external clients) use their account's private key to sign transactions containing `Msg`s where they are listed as signers (each +message specifies required signers with `Msg.GetSigner`). The authentication checks is performed by `AnteHandler`. + +Here, we extend this process, by allowing modules to be identified in `Msg.GetSigners`. When a module wants to trigger the execution a `Msg` in another module, +its `ModuleKey` acts as the sender (through the `ClientConn` interface we describe below) and is set as a sole "signer". It's worth to note +that we don't use any cryptographic signature in this case. +For example, module `A` could use its `A.ModuleKey` to create `MsgSend` object for `/cosmos.bank.Msg/Send` transaction. `MsgSend` validation +will assure that the `from` account (`A.ModuleKey` in this case) is the signer. + +Here's an example of a hypothetical module `foo` interacting with `x/bank`: + +```go +package foo + + +type FooMsgServer { + // ... + + bankQuery bank.QueryClient + bankMsg bank.MsgClient +} + +func NewFooMsgServer(moduleKey RootModuleKey, ...) FooMsgServer { + // ... + + return FooMsgServer { + // ... + modouleKey: moduleKey, + bankQuery: bank.NewQueryClient(moduleKey), + bankMsg: bank.NewMsgClient(moduleKey), + } +} + +func (foo *FooMsgServer) Bar(ctx context.Context, req *MsgBarRequest) (*MsgBarResponse, error) { + balance, err := foo.bankQuery.Balance(&bank.QueryBalanceRequest{Address: fooMsgServer.moduleKey.Address(), Denom: "foo"}) + + ... + + res, err := foo.bankMsg.Send(ctx, &bank.MsgSendRequest{FromAddress: fooMsgServer.moduleKey.Address(), ...}) + + ... +} +``` + +This design is also intended to be extensible to cover use cases of more fine grained permissioning like minting by +denom prefix being restricted to certain modules (as discussed in +[#7459](https://github.com/cosmos/cosmos-sdk/pull/7459#discussion_r529545528)). + +### `ModuleKey`s and `ModuleID`s + +A `ModuleKey` can be thought of as a "private key" for a module account and a `ModuleID` can be thought of as the +corresponding "public key". From the [ADR 028](./adr-028-public-key-addresses.md), modules can have both a root module account and any number of sub-accounts +or derived accounts that can be used for different pools (ex. staking pools) or managed accounts (ex. group +accounts). We can also think of module sub-accounts as similar to derived keys - there is a root key and then some +derivation path. `ModuleID` is a simple struct which contains the module name and optional "derivation" path, +and forms its address based on the `AddressHash` method from [the ADR-028](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-028-public-key-addresses.md): + +```go +type ModuleID struct { + ModuleName string + Path []byte +} + +func (key ModuleID) Address() []byte { + return AddressHash(key.ModuleName, key.Path) +} +``` + +In addition to being able to generate a `ModuleID` and address, a `ModuleKey` contains a special function called +`Invoker` which is the key to safe inter-module access. The `Invoker` creates an `InvokeFn` closure which is used as an `Invoke` method in +the `grpc.ClientConn` interface and under the hood is able to route messages to the appropriate `Msg` and `Query` handlers +performing appropriate security checks on `Msg`s. This allows for even safer inter-module access than keeper's whose +private member variables could be manipulated through reflection. Golang does not support reflection on a function +closure's captured variables and direct manipulation of memory would be needed for a truly malicious module to bypass +the `ModuleKey` security. + +The two `ModuleKey` types are `RootModuleKey` and `DerivedModuleKey`: + +```go +type Invoker func(callInfo CallInfo) func(ctx context.Context, request, response interface{}, opts ...interface{}) error + +type CallInfo { + Method string + Caller ModuleID +} + +type RootModuleKey struct { + moduleName string + invoker Invoker +} + +func (rm RootModuleKey) Derive(path []byte) DerivedModuleKey { /* ... */} + +type DerivedModuleKey struct { + moduleName string + path []byte + invoker Invoker +} +``` + +A module can get access to a `DerivedModuleKey`, using the `Derive(path []byte)` method on `RootModuleKey` and then +would use this key to authenticate `Msg`s from a sub-account. Ex: + +```go +package foo + +func (fooMsgServer *MsgServer) Bar(ctx context.Context, req *MsgBar) (*MsgBarResponse, error) { + derivedKey := fooMsgServer.moduleKey.Derive(req.SomePath) + bankMsgClient := bank.NewMsgClient(derivedKey) + res, err := bankMsgClient.Balance(ctx, &bank.MsgSend{FromAddress: derivedKey.Address(), ...}) + ... +} +``` + +In this way, a module can gain permissioned access to a root account and any number of sub-accounts and send +authenticated `Msg`s from these accounts. The `Invoker` `callInfo.Caller` parameter is used under the hood to +distinguish between different module accounts, but either way the function returned by `Invoker` only allows `Msg`s +from either the root or a derived module account to pass through. + +Note that `Invoker` itself returns a function closure based on the `CallInfo` passed in. This will allow client implementations +in the future that cache the invoke function for each method type avoiding the overhead of hash table lookup. +This would reduce the performance overhead of this inter-module communication method to the bare minimum required for +checking permissions. + +To re-iterate, the closure only allows access to authorized calls. There is no access to anything else regardless of any +name impersonation. + +Below is a rough sketch of the implementation of `grpc.ClientConn.Invoke` for `RootModuleKey`: + +```go +func (key RootModuleKey) Invoke(ctx context.Context, method string, args, reply interface{}, opts ...grpc.CallOption) error { + f := key.invoker(CallInfo {Method: method, Caller: ModuleID {ModuleName: key.moduleName}}) + return f(ctx, args, reply) +} +``` + +### `AppModule` Wiring and Requirements + +In [ADR 031](./adr-031-msg-service.md), the `AppModule.RegisterService(Configurator)` method was introduced. To support +inter-module communication, we extend the `Configurator` interface to pass in the `ModuleKey` and to allow modules to +specify their dependencies on other modules using `RequireServer()`: + +```go +type Configurator interface { + MsgServer() grpc.Server + QueryServer() grpc.Server + + ModuleKey() ModuleKey + RequireServer(msgServer interface{}) +} +``` + +The `ModuleKey` is passed to modules in the `RegisterService` method itself so that `RegisterServices` serves as a single +entry point for configuring module services. This is intended to also have the side-effect of greatly reducing boilerplate in +`app.go`. For now, `ModuleKey`s will be created based on `AppModuleBasic.Name()`, but a more flexible system may be +introduced in the future. The `ModuleManager` will handle creation of module accounts behind the scenes. + +Because modules do not get direct access to each other anymore, modules may have unfulfilled dependencies. To make sure +that module dependencies are resolved at startup, the `Configurator.RequireServer` method should be added. The `ModuleManager` +will make sure that all dependencies declared with `RequireServer` can be resolved before the app starts. An example +module `foo` could declare it's dependency on `x/bank` like this: + +```go +package foo + +func (am AppModule) RegisterServices(cfg Configurator) { + cfg.RequireServer((*bank.QueryServer)(nil)) + cfg.RequireServer((*bank.MsgServer)(nil)) +} +``` + +### Security Considerations + +In addition to checking for `ModuleKey` permissions, a few additional security precautions will need to be taken by +the underlying router infrastructure. + +#### Recursion and Re-entry + +Recursive or re-entrant method invocations pose a potential security threat. This can be a problem if Module A +calls Module B and Module B calls module A again in the same call. + +One basic way for the router system to deal with this is to maintain a call stack which prevents a module from +being referenced more than once in the call stack so that there is no re-entry. A `map[string]interface{}` table +in the router could be used to perform this security check. + +#### Queries + +Queries in Cosmos SDK are generally un-permissioned so allowing one module to query another module should not pose +any major security threats assuming basic precautions are taken. The basic precaution that the router system will +need to take is making sure that the `sdk.Context` passed to query methods does not allow writing to the store. This +can be done for now with a `CacheMultiStore` as is currently done for `BaseApp` queries. + +### Internal Methods + +In many cases, we may wish for modules to call methods on other modules which are not exposed to clients at all. For this +purpose, we add the `InternalServer` method to `Configurator`: + +```go +type Configurator interface { + MsgServer() grpc.Server + QueryServer() grpc.Server + InternalServer() grpc.Server +} +``` + +As an example, x/slashing's Slash must call x/staking's Slash, but we don't want to expose x/staking's Slash to end users +and clients. + +Internal protobuf services will be defined in a corresponding `internal.proto` file in the given module's +proto package. + +Services registered against `InternalServer` will be callable from other modules but not by external clients. + +An alternative solution to internal-only methods could involve hooks / plugins as discussed [here](https://github.com/cosmos/cosmos-sdk/pull/7459#issuecomment-733807753). +A more detailed evaluation of a hooks / plugin system will be addressed later in follow-ups to this ADR or as a separate +ADR. + +### Authorization + +By default, the inter-module router requires that messages are sent by the first signer returned by `GetSigners`. The +inter-module router should also accept authorization middleware such as that provided by [ADR 030](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-030-authz-module.md). +This middleware will allow accounts to otherwise specific module accounts to perform actions on their behalf. +Authorization middleware should take into account the need to grant certain modules effectively "admin" privileges to +other modules. This will be addressed in separate ADRs or updates to this ADR. + +### Future Work + +Other future improvements may include: + +* custom code generation that: + * simplifies interfaces (ex. generates code with `sdk.Context` instead of `context.Context`) + * optimizes inter-module calls - for instance caching resolved methods after first invocation +* combining `StoreKey`s and `ModuleKey`s into a single interface so that modules have a single OCAPs handle +* code generation which makes inter-module communication more performant +* decoupling `ModuleKey` creation from `AppModuleBasic.Name()` so that app's can override root module account names +* inter-module hooks and plugins + +## Alternatives + +### MsgServices vs `x/capability` + +The `x/capability` module does provide a proper object-capability implementation that can be used by any module in the +Cosmos SDK and could even be used for inter-module OCAPs as described in [\#5931](https://github.com/cosmos/cosmos-sdk/issues/5931). + +The advantages of the approach described in this ADR are mostly around how it integrates with other parts of the Cosmos SDK, +specifically: + +* protobuf so that: + * code generation of interfaces can be leveraged for a better dev UX + * module interfaces are versioned and checked for breakage using [buf](https://docs.buf.build/breaking-overview) +* sub-module accounts as per ADR 028 +* the general `Msg` passing paradigm and the way signers are specified by `GetSigners` + +Also, this is a complete replacement for keepers and could be applied to _all_ inter-module communication whereas the +`x/capability` approach in #5931 would need to be applied method by method. + +## Consequences + +### Backwards Compatibility + +This ADR is intended to provide a pathway to a scenario where there is greater long term compatibility between modules. +In the short-term, this will likely result in breaking certain `Keeper` interfaces which are too permissive and/or +replacing `Keeper` interfaces altogether. + +### Positive + +* an alternative to keepers which can more easily lead to stable inter-module interfaces +* proper inter-module OCAPs +* improved module developer DevX, as commented on by several particpants on + [Architecture Review Call, Dec 3](https://hackmd.io/E0wxxOvRQ5qVmTf6N_k84Q) +* lays the groundwork for what can be a greatly simplified `app.go` +* router can be setup to enforce atomic transactions for module-to-module calls + +### Negative + +* modules which adopt this will need significant refactoring + +### Neutral + +## Test Cases [optional] + +## References + +* [ADR 021](./adr-021-protobuf-query-encoding.md) +* [ADR 031](./adr-031-msg-service.md) +* [ADR 028](./adr-028-public-key-addresses.md) +* [ADR 030 draft](https://github.com/cosmos/cosmos-sdk/pull/7105) +* [Object-Capability Model](https://docs.network.com/main/core/ocap) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-034-account-rekeying.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-034-account-rekeying.md new file mode 100644 index 00000000..cd9b9146 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-034-account-rekeying.md @@ -0,0 +1,76 @@ +# ADR 034: Account Rekeying + +## Changelog + +* 30-09-2020: Initial Draft + +## Status + +PROPOSED + +## Abstract + +Account rekeying is a process hat allows an account to replace its authentication pubkey with a new one. + +## Context + +Currently, in the Cosmos SDK, the address of an auth `BaseAccount` is based on the hash of the public key. Once an account is created, the public key for the account is set in stone, and cannot be changed. This can be a problem for users, as key rotation is a useful security practice, but is not possible currently. Furthermore, as multisigs are a type of pubkey, once a multisig for an account is set, it can not be updated. This is problematic, as multisigs are often used by organizations or companies, who may need to change their set of multisig signers for internal reasons. + +Transferring all the assets of an account to a new account with the updated pubkey is not sufficient, because some "engagements" of an account are not easily transferable. For example, in staking, to transfer bonded Atoms, an account would have to unbond all delegations and wait the three week unbonding period. Even more significantly, for validator operators, ownership over a validator is not transferrable at all, meaning that the operator key for a validator can never be updated, leading to poor operational security for validators. + +## Decision + +We propose the addition of a new feature to `x/auth` that allows accounts to update the public key associated with their account, while keeping the address the same. + +This is possible because the Cosmos SDK `BaseAccount` stores the public key for an account in state, instead of making the assumption that the public key is included in the transaction (whether explicitly or implicitly through the signature) as in other blockchains such as Bitcoin and Ethereum. Because the public key is stored on chain, it is okay for the public key to not hash to the address of an account, as the address is not pertinent to the signature checking process. + +To build this system, we design a new Msg type as follows: + +```protobuf +service Msg { + rpc ChangePubKey(MsgChangePubKey) returns (MsgChangePubKeyResponse); +} + +message MsgChangePubKey { + string address = 1; + google.protobuf.Any pub_key = 2; +} + +message MsgChangePubKeyResponse {} +``` + +The MsgChangePubKey transaction needs to be signed by the existing pubkey in state. + +Once, approved, the handler for this message type, which takes in the AccountKeeper, will update the in-state pubkey for the account and replace it with the pubkey from the Msg. + +An account that has had its pubkey changed cannot be automatically pruned from state. This is because if pruned, the original pubkey of the account would be needed to recreate the same address, but the owner of the address may not have the original pubkey anymore. Currently, we do not automatically prune any accounts anyways, but we would like to keep this option open the road (this is the purpose of account numbers). To resolve this, we charge an additional gas fee for this operation to compensate for this this externality (this bound gas amount is configured as parameter `PubKeyChangeCost`). The bonus gas is charged inside the handler, using the `ConsumeGas` function. Furthermore, in the future, we can allow accounts that have rekeyed manually prune themselves using a new Msg type such as `MsgDeleteAccount`. Manually pruning accounts can give a gas refund as an incentive for performing the action. + +```go + amount := ak.GetParams(ctx).PubKeyChangeCost + ctx.GasMeter().ConsumeGas(amount, "pubkey change fee") +``` + +Everytime a key for an address is changed, we will store a log of this change in the state of the chain, thus creating a stack of all previous keys for an address and the time intervals for which they were active. This allows dapps and clients to easily query past keys for an account which may be useful for features such as verifying timestamped off-chain signed messages. + +## Consequences + +### Positive + +* Will allow users and validator operators to employ better operational security practices with key rotation. +* Will allow organizations or groups to easily change and add/remove multisig signers. + +### Negative + +Breaks the current assumed relationship between address and pubkeys as H(pubkey) = address. This has a couple of consequences. + +* This makes wallets that support this feature more complicated. For example, if an address on chain was updated, the corresponding key in the CLI wallet also needs to be updated. +* Cannot automatically prune accounts with 0 balance that have had their pubkey changed. + +### Neutral + +* While the purpose of this is intended to allow the owner of an account to update to a new pubkey they own, this could technically also be used to transfer ownership of an account to a new owner. For example, this could be use used to sell a staked position without unbonding or an account that has vesting tokens. However, the friction of this is very high as this would essentially have to be done as a very specific OTC trade. Furthermore, additional constraints could be added to prevent accouns with Vesting tokens to use this feature. +* Will require that PubKeys for an account are included in the genesis exports. + +## References + +* https://www.algorand.com/resources/blog/announcing-rekeying diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-035-rosetta-api-support.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-035-rosetta-api-support.md new file mode 100644 index 00000000..01a81048 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-035-rosetta-api-support.md @@ -0,0 +1,211 @@ +# ADR 035: Rosetta API Support + +## Authors + +* Jonathan Gimeno (@jgimeno) +* David Grierson (@senormonito) +* Alessio Treglia (@alessio) +* Frojdy Dymylja (@fdymylja) + +## Changelog + +* 2021-05-12: the external library [cosmos-rosetta-gateway](https://github.com/tendermint/cosmos-rosetta-gateway) has been moved within the Cosmos SDK. + +## Context + +[Rosetta API](https://www.rosetta-api.org/) is an open-source specification and set of tools developed by Coinbase to +standardise blockchain interactions. + +Through the use of a standard API for integrating blockchain applications it will + +* Be easier for a user to interact with a given blockchain +* Allow exchanges to integrate new blockchains quickly and easily +* Enable application developers to build cross-blockchain applications such as block explorers, wallets and dApps at + considerably lower cost and effort. + +## Decision + +It is clear that adding Rosetta API support to the Cosmos SDK will bring value to all the developers and +Cosmos SDK based chains in the ecosystem. How it is implemented is key. + +The driving principles of the proposed design are: + +1. **Extensibility:** it must be as riskless and painless as possible for application developers to set-up network + configurations to expose Rosetta API-compliant services. +2. **Long term support:** This proposal aims to provide support for all the supported Cosmos SDK release series. +3. **Cost-efficiency:** Backporting changes to Rosetta API specifications from `master` to the various stable + branches of Cosmos SDK is a cost that needs to be reduced. + +We will achieve these delivering on these principles by the following: + +1. There will be a package `rosetta/lib` + for the implementation of the core Rosetta API features, particularly: + a. The types and interfaces (`Client`, `OfflineClient`...), this separates design from implementation detail. + b. The `Server` functionality as this is independent of the Cosmos SDK version. + c. The `Online/OfflineNetwork`, which is not exported, and implements the rosetta API using the `Client` interface to query the node, build tx and so on. + d. The `errors` package to extend rosetta errors. +2. Due to differences between the Cosmos release series, each series will have its own specific implementation of `Client` interface. +3. There will be two options for starting an API service in applications: + a. API shares the application process + b. API-specific process. + +## Architecture + +### The External Repo + +As section will describe the proposed external library, including the service implementation, plus the defined types and interfaces. + +#### Server + +`Server` is a simple `struct` that is started and listens to the port specified in the settings. This is meant to be used across all the Cosmos SDK versions that are actively supported. + +The constructor follows: + +`func NewServer(settings Settings) (Server, error)` + +`Settings`, which are used to construct a new server, are the following: + +```go +// Settings define the rosetta server settings +type Settings struct { + // Network contains the information regarding the network + Network *types.NetworkIdentifier + // Client is the online API handler + Client crgtypes.Client + // Listen is the address the handler will listen at + Listen string + // Offline defines if the rosetta service should be exposed in offline mode + Offline bool + // Retries is the number of readiness checks that will be attempted when instantiating the handler + // valid only for online API + Retries int + // RetryWait is the time that will be waited between retries + RetryWait time.Duration +} +``` + +#### Types + +Package types uses a mixture of rosetta types and custom defined type wrappers, that the client must parse and return while executing operations. + +##### Interfaces + +Every SDK version uses a different format to connect (rpc, gRPC, etc), query and build transactions, we have abstracted this in what is the `Client` interface. +The client uses rosetta types, whilst the `Online/OfflineNetwork` takes care of returning correctly parsed rosetta responses and errors. + +Each Cosmos SDK release series will have their own `Client` implementations. +Developers can implement their own custom `Client`s as required. + +```go +// Client defines the API the client implementation should provide. +type Client interface { + // Needed if the client needs to perform some action before connecting. + Bootstrap() error + // Ready checks if the servicer constraints for queries are satisfied + // for example the node might still not be ready, it's useful in process + // when the rosetta instance might come up before the node itself + // the servicer must return nil if the node is ready + Ready() error + + // Data API + + // Balances fetches the balance of the given address + // if height is not nil, then the balance will be displayed + // at the provided height, otherwise last block balance will be returned + Balances(ctx context.Context, addr string, height *int64) ([]*types.Amount, error) + // BlockByHashAlt gets a block and its transaction at the provided height + BlockByHash(ctx context.Context, hash string) (BlockResponse, error) + // BlockByHeightAlt gets a block given its height, if height is nil then last block is returned + BlockByHeight(ctx context.Context, height *int64) (BlockResponse, error) + // BlockTransactionsByHash gets the block, parent block and transactions + // given the block hash. + BlockTransactionsByHash(ctx context.Context, hash string) (BlockTransactionsResponse, error) + // BlockTransactionsByHash gets the block, parent block and transactions + // given the block hash. + BlockTransactionsByHeight(ctx context.Context, height *int64) (BlockTransactionsResponse, error) + // GetTx gets a transaction given its hash + GetTx(ctx context.Context, hash string) (*types.Transaction, error) + // GetUnconfirmedTx gets an unconfirmed Tx given its hash + // NOTE(fdymylja): NOT IMPLEMENTED YET! + GetUnconfirmedTx(ctx context.Context, hash string) (*types.Transaction, error) + // Mempool returns the list of the current non confirmed transactions + Mempool(ctx context.Context) ([]*types.TransactionIdentifier, error) + // Peers gets the peers currently connected to the node + Peers(ctx context.Context) ([]*types.Peer, error) + // Status returns the node status, such as sync data, version etc + Status(ctx context.Context) (*types.SyncStatus, error) + + // Construction API + + // PostTx posts txBytes to the node and returns the transaction identifier plus metadata related + // to the transaction itself. + PostTx(txBytes []byte) (res *types.TransactionIdentifier, meta map[string]interface{}, err error) + // ConstructionMetadataFromOptions + ConstructionMetadataFromOptions(ctx context.Context, options map[string]interface{}) (meta map[string]interface{}, err error) + OfflineClient +} + +// OfflineClient defines the functionalities supported without having access to the node +type OfflineClient interface { + NetworkInformationProvider + // SignedTx returns the signed transaction given the tx bytes (msgs) plus the signatures + SignedTx(ctx context.Context, txBytes []byte, sigs []*types.Signature) (signedTxBytes []byte, err error) + // TxOperationsAndSignersAccountIdentifiers returns the operations related to a transaction and the account + // identifiers if the transaction is signed + TxOperationsAndSignersAccountIdentifiers(signed bool, hexBytes []byte) (ops []*types.Operation, signers []*types.AccountIdentifier, err error) + // ConstructionPayload returns the construction payload given the request + ConstructionPayload(ctx context.Context, req *types.ConstructionPayloadsRequest) (resp *types.ConstructionPayloadsResponse, err error) + // PreprocessOperationsToOptions returns the options given the preprocess operations + PreprocessOperationsToOptions(ctx context.Context, req *types.ConstructionPreprocessRequest) (options map[string]interface{}, err error) + // AccountIdentifierFromPublicKey returns the account identifier given the public key + AccountIdentifierFromPublicKey(pubKey *types.PublicKey) (*types.AccountIdentifier, error) +} +``` + +### 2. Cosmos SDK Implementation + +The Cosmos SDK implementation, based on version, takes care of satisfying the `Client` interface. +In Stargate, Launchpad and 0.37, we have introduced the concept of rosetta.Msg, this message is not in the shared repository as the sdk.Msg type differs between Cosmos SDK versions. + +The rosetta.Msg interface follows: + +```go +// Msg represents a cosmos-sdk message that can be converted from and to a rosetta operation. +type Msg interface { + sdk.Msg + ToOperations(withStatus, hasError bool) []*types.Operation + FromOperations(ops []*types.Operation) (sdk.Msg, error) +} +``` + +Hence developers who want to extend the rosetta set of supported operations just need to extend their module's sdk.Msgs with the `ToOperations` and `FromOperations` methods. + +### 3. API service invocation + +As stated at the start, application developers will have two methods for invocation of the Rosetta API service: + +1. Shared process for both application and API +2. Standalone API service + +#### Shared Process (Only Stargate) + +Rosetta API service could run within the same execution process as the application. This would be enabled via app.toml settings, and if gRPC is not enabled the rosetta instance would be spinned in offline mode (tx building capabilities only). + +#### Separate API service + +Client application developers can write a new command to launch a Rosetta API server as a separate process too, using the rosetta command contained in the `/server/rosetta` package. Construction of the command depends on Cosmos SDK version. Examples can be found inside `simd` for stargate, and `contrib/rosetta/simapp` for other release series. + +## Status + +Proposed + +## Consequences + +### Positive + +* Out-of-the-box Rosetta API support within Cosmos SDK. +* Blockchain interface standardisation + +## References + +* https://www.rosetta-api.org/ diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-036-arbitrary-signature.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-036-arbitrary-signature.md new file mode 100644 index 00000000..fe9dada5 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-036-arbitrary-signature.md @@ -0,0 +1,132 @@ +# ADR 036: Arbitrary Message Signature Specification + +## Changelog + +* 28/10/2020 - Initial draft + +## Authors + +* Antoine Herzog (@antoineherzog) +* Zaki Manian (@zmanian) +* Aleksandr Bezobchuk (alexanderbez) [1] +* Frojdi Dymylja (@fdymylja) + +## Status + +Draft + +## Abstract + +Currently, in the Cosmos SDK, there is no convention to sign arbitrary message like on Ethereum. We propose with this specification, for Cosmos SDK ecosystem, a way to sign and validate off-chain arbitrary messages. + +This specification serves the purpose of covering every use case, this means that cosmos-sdk applications developers decide how to serialize and represent `Data` to users. + +## Context + +Having the ability to sign messages off-chain has proven to be a fundamental aspect of nearly any blockchain. The notion of signing messages off-chain has many added benefits such as saving on computational costs and reducing transaction throughput and overhead. Within the context of the Cosmos, some of the major applications of signing such data includes, but is not limited to, providing a cryptographic secure and verifiable means of proving validator identity and possibly associating it with some other framework or organization. In addition, having the ability to sign Cosmos messages with a Ledger or similar HSM device. + +Further context and use cases can be found in the references links. + +## Decision + +The aim is being able to sign arbitrary messages, even using Ledger or similar HSM devices. + +As a result signed messages should look roughly like Cosmos SDK messages but **must not** be a valid on-chain transaction. `chain-id`, `account_number` and `sequence` can all be assigned invalid values. + +Cosmos SDK 0.40 also introduces a concept of “auth_info” this can specify SIGN_MODES. + +A spec should include an `auth_info` that supports SIGN_MODE_DIRECT and SIGN_MODE_LEGACY_AMINO. + +Create the `offchain` proto definitions, we extend the auth module with `offchain` package to offer functionalities to verify and sign offline messages. + +An offchain transaction follows these rules: + +* the memo must be empty +* nonce, sequence number must be equal to 0 +* chain-id must be equal to “” +* fee gas must be equal to 0 +* fee amount must be an empty array + +Verification of an offchain transaction follows the same rules as an onchain one, except for the spec differences highlighted above. + +The first message added to the `offchain` package is `MsgSignData`. + +`MsgSignData` allows developers to sign arbitrary bytes valid offchain only. Where `Signer` is the account address of the signer. `Data` is arbitrary bytes which can represent `text`, `files`, `object`s. It's applications developers decision how `Data` should be deserialized, serialized and the object it can represent in their context. + +It's applications developers decision how `Data` should be treated, by treated we mean the serialization and deserialization process and the Object `Data` should represent. + +Proto definition: + +```protobuf +// MsgSignData defines an arbitrary, general-purpose, off-chain message +message MsgSignData { + // Signer is the sdk.AccAddress of the message signer + bytes Signer = 1 [(gogoproto.jsontag) = "signer", (gogoproto.casttype) = "github.com/cosmos/cosmos-sdk/types.AccAddress"]; + // Data represents the raw bytes of the content that is signed (text, json, etc) + bytes Data = 2 [(gogoproto.jsontag) = "data"]; +} +``` + +Signed MsgSignData json example: + +```json +{ + "type": "cosmos-sdk/StdTx", + "value": { + "msg": [ + { + "type": "sign/MsgSignData", + "value": { + "signer": "cosmos1hftz5ugqmpg9243xeegsqqav62f8hnywsjr4xr", + "data": "cmFuZG9t" + } + } + ], + "fee": { + "amount": [], + "gas": "0" + }, + "signatures": [ + { + "pub_key": { + "type": "tendermint/PubKeySecp256k1", + "value": "AqnDSiRoFmTPfq97xxEb2VkQ/Hm28cPsqsZm9jEVsYK9" + }, + "signature": "8y8i34qJakkjse9pOD2De+dnlc4KvFgh0wQpes4eydN66D9kv7cmCEouRrkka9tlW9cAkIL52ErB+6ye7X5aEg==" + } + ], + "memo": "" + } +} +``` + +## Consequences + +There is a specification on how messages, that are not meant to be broadcast to a live chain, should be formed. + +### Backwards Compatibility + +Backwards compatibility is maintained as this is a new message spec definition. + +### Positive + +* A common format that can be used by multiple applications to sign and verify off-chain messages. +* The specification is primitive which means it can cover every use case without limiting what is possible to fit inside it. +* It gives room for other off-chain messages specifications that aim to target more specific and common use cases such as off-chain-based authN/authZ layers [2]. + +### Negative + +* Current proposal requires a fixed relationship between an account address and a public key. +* Doesn't work with multisig accounts. + +## Further discussion + +* Regarding security in `MsgSignData`, the developer using `MsgSignData` is in charge of making the content laying in `Data` non-replayable when, and if, needed. +* the offchain package will be further extended with extra messages that target specific use cases such as, but not limited to, authentication in applications, payment channels, L2 solutions in general. + +## References + +1. https://github.com/cosmos/ics/pull/33 +2. https://github.com/cosmos/cosmos-sdk/pull/7727#discussion_r515668204 +3. https://github.com/cosmos/cosmos-sdk/pull/7727#issuecomment-722478477 +4. https://github.com/cosmos/cosmos-sdk/pull/7727#issuecomment-721062923 diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-037-gov-split-vote.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-037-gov-split-vote.md new file mode 100644 index 00000000..0a3b9bc4 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-037-gov-split-vote.md @@ -0,0 +1,111 @@ +# ADR 037: Governance split votes + +## Changelog + +* 2020/10/28: Intial draft + +## Status + +Accepted + +## Abstract + +This ADR defines a modification to the governance module that would allow a staker to split their votes into several voting options. For example, it could use 70% of its voting power to vote Yes and 30% of its voting power to vote No. + +## Context + +Currently, an address can cast a vote with only one options (Yes/No/Abstain/NoWithVeto) and use their full voting power behind that choice. + +However, often times the entity owning that address might not be a single individual. For example, a company might have different stakeholders who want to vote differently, and so it makes sense to allow them to split their voting power. Another example use case is exchanges. Many centralized exchanges often stake a portion of their users' tokens in their custody. Currently, it is not possible for them to do "passthrough voting" and giving their users voting rights over their tokens. However, with this system, exchanges can poll their users for voting preferences, and then vote on-chain proportionally to the results of the poll. + +## Decision + +We modify the vote structs to be + +```go +type WeightedVoteOption struct { + Option string + Weight sdk.Dec +} + +type Vote struct { + ProposalID int64 + Voter sdk.Address + Options []WeightedVoteOption +} +``` + +And for backwards compatibility, we introduce `MsgVoteWeighted` while keeping `MsgVote`. + +```go +type MsgVote struct { + ProposalID int64 + Voter sdk.Address + Option Option +} + +type MsgVoteWeighted struct { + ProposalID int64 + Voter sdk.Address + Options []WeightedVoteOption +} +``` + +The `ValidateBasic` of a `MsgVoteWeighted` struct would require that + +1. The sum of all the Rates is equal to 1.0 +2. No Option is repeated + +The governance tally function will iterate over all the options in a vote and add to the tally the result of the voter's voting power * the rate for that option. + +```go +tally() { + results := map[types.VoteOption]sdk.Dec + + for _, vote := range votes { + for i, weightedOption := range vote.Options { + results[weightedOption.Option] += getVotingPower(vote.voter) * weightedOption.Weight + } + } +} +``` + +The CLI command for creating a multi-option vote would be as such: + +```shell +simd tx gov vote 1 "yes=0.6,no=0.3,abstain=0.05,no_with_veto=0.05" --from mykey +``` + +To create a single-option vote a user can do either + +```shell +simd tx gov vote 1 "yes=1" --from mykey +``` + +or + +```shell +simd tx gov vote 1 yes --from mykey +``` + +to maintain backwards compatibility. + +## Consequences + +### Backwards Compatibility + +* Previous VoteMsg types will remain the same and so clients will not have to update their procedure unless they want to support the WeightedVoteMsg feature. +* When querying a Vote struct from state, its structure will be different, and so clients wanting to display all voters and their respective votes will have to handle the new format and the fact that a single voter can have split votes. +* The result of querying the tally function should have the same API for clients. + +### Positive + +* Can make the voting process more accurate for addresses representing multiple stakeholders, often some of the largest addresses. + +### Negative + +* Is more complex than simple voting, and so may be harder to explain to users. However, this is mostly mitigated because the feature is opt-in. + +### Neutral + +* Relatively minor change to governance tally function. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-038-state-listening.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-038-state-listening.md new file mode 100644 index 00000000..319d872b --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-038-state-listening.md @@ -0,0 +1,724 @@ +# ADR 038: KVStore state listening + +## Changelog + +* 11/23/2020: Initial draft +* 10/06/2022: Introduce plugin system based on hashicorp/go-plugin +* 10/14/2022: + * Add `ListenCommit`, flatten the state writes in a block to a single batch. + * Remove listeners from cache stores, should only listen to `rootmulti.Store`. + * Remove `HaltAppOnDeliveryError()`, the errors are propagated by default, the implementations should return nil if don't want to propogate errors. +* 26/05/2023: Update with ABCI 2.0 + +## Status + +Proposed + +## Abstract + +This ADR defines a set of changes to enable listening to state changes of individual KVStores and exposing these data to consumers. + +## Context + +Currently, KVStore data can be remotely accessed through [Queries](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules/messages-and-queries.md#queries) +which proceed either through Tendermint and the ABCI, or through the gRPC server. +In addition to these request/response queries, it would be beneficial to have a means of listening to state changes as they occur in real time. + +## Decision + +We will modify the `CommitMultiStore` interface and its concrete (`rootmulti`) implementations and introduce a new `listenkv.Store` to allow listening to state changes in underlying KVStores. We don't need to listen to cache stores, because we can't be sure that the writes will be committed eventually, and the writes are duplicated in `rootmulti.Store` eventually, so we should only listen to `rootmulti.Store`. +We will introduce a plugin system for configuring and running streaming services that write these state changes and their surrounding ABCI message context to different destinations. + +### Listening + +In a new file, `store/types/listening.go`, we will create a `MemoryListener` struct for streaming out protobuf encoded KV pairs state changes from a KVStore. +The `MemoryListener` will be used internally by the concrete `rootmulti` implementation to collect state changes from KVStores. + +```go +// MemoryListener listens to the state writes and accumulate the records in memory. +type MemoryListener struct { + stateCache []StoreKVPair +} + +// NewMemoryListener creates a listener that accumulate the state writes in memory. +func NewMemoryListener() *MemoryListener { + return &MemoryListener{} +} + +// OnWrite writes state change events to the internal cache +func (fl *MemoryListener) OnWrite(storeKey StoreKey, key []byte, value []byte, delete bool) { + fl.stateCache = append(fl.stateCache, StoreKVPair{ + StoreKey: storeKey.Name(), + Delete: delete, + Key: key, + Value: value, + }) +} + +// PopStateCache returns the current state caches and set to nil +func (fl *MemoryListener) PopStateCache() []StoreKVPair { + res := fl.stateCache + fl.stateCache = nil + return res +} +``` + +We will also define a protobuf type for the KV pairs. In addition to the key and value fields this message +will include the StoreKey for the originating KVStore so that we can collect information from separate KVStores and determine the source of each KV pair. + +```protobuf +message StoreKVPair { + optional string store_key = 1; // the store key for the KVStore this pair originates from + required bool set = 2; // true indicates a set operation, false indicates a delete operation + required bytes key = 3; + required bytes value = 4; +} +``` + +### ListenKVStore + +We will create a new `Store` type `listenkv.Store` that the `rootmulti` store will use to wrap a `KVStore` to enable state listening. +We will configure the `Store` with a `MemoryListener` which will collect state changes for output to specific destinations. + +```go +// Store implements the KVStore interface with listening enabled. +// Operations are traced on each core KVStore call and written to any of the +// underlying listeners with the proper key and operation permissions +type Store struct { + parent types.KVStore + listener *types.MemoryListener + parentStoreKey types.StoreKey +} + +// NewStore returns a reference to a new traceKVStore given a parent +// KVStore implementation and a buffered writer. +func NewStore(parent types.KVStore, psk types.StoreKey, listener *types.MemoryListener) *Store { + return &Store{parent: parent, listener: listener, parentStoreKey: psk} +} + +// Set implements the KVStore interface. It traces a write operation and +// delegates the Set call to the parent KVStore. +func (s *Store) Set(key []byte, value []byte) { + types.AssertValidKey(key) + s.parent.Set(key, value) + s.listener.OnWrite(s.parentStoreKey, key, value, false) +} + +// Delete implements the KVStore interface. It traces a write operation and +// delegates the Delete call to the parent KVStore. +func (s *Store) Delete(key []byte) { + s.parent.Delete(key) + s.listener.OnWrite(s.parentStoreKey, key, nil, true) +} +``` + +### MultiStore interface updates + +We will update the `CommitMultiStore` interface to allow us to wrap a `Memorylistener` to a specific `KVStore`. +Note that the `MemoryListener` will be attached internally by the concrete `rootmulti` implementation. + +```go +type CommitMultiStore interface { + ... + + // AddListeners adds a listener for the KVStore belonging to the provided StoreKey + AddListeners(keys []StoreKey) + + // PopStateCache returns the accumulated state change messages from MemoryListener + PopStateCache() []StoreKVPair +} +``` + + +### MultiStore implementation updates + +We will adjust the `rootmulti` `GetKVStore` method to wrap the returned `KVStore` with a `listenkv.Store` if listening is turned on for that `Store`. + +```go +func (rs *Store) GetKVStore(key types.StoreKey) types.KVStore { + store := rs.stores[key].(types.KVStore) + + if rs.TracingEnabled() { + store = tracekv.NewStore(store, rs.traceWriter, rs.traceContext) + } + if rs.ListeningEnabled(key) { + store = listenkv.NewStore(store, key, rs.listeners[key]) + } + + return store +} +``` + +We will implement `AddListeners` to manage KVStore listeners internally and implement `PopStateCache` +for a means of retrieving the current state. + +```go +// AddListeners adds state change listener for a specific KVStore +func (rs *Store) AddListeners(keys []types.StoreKey) { + listener := types.NewMemoryListener() + for i := range keys { + rs.listeners[keys[i]] = listener + } +} +``` + +```go +func (rs *Store) PopStateCache() []types.StoreKVPair { + var cache []types.StoreKVPair + for _, ls := range rs.listeners { + cache = append(cache, ls.PopStateCache()...) + } + sort.SliceStable(cache, func(i, j int) bool { + return cache[i].StoreKey < cache[j].StoreKey + }) + return cache +} +``` + +We will also adjust the `rootmulti` `CacheMultiStore` and `CacheMultiStoreWithVersion` methods to enable listening in +the cache layer. + +```go +func (rs *Store) CacheMultiStore() types.CacheMultiStore { + stores := make(map[types.StoreKey]types.CacheWrapper) + for k, v := range rs.stores { + store := v.(types.KVStore) + // Wire the listenkv.Store to allow listeners to observe the writes from the cache store, + // set same listeners on cache store will observe duplicated writes. + if rs.ListeningEnabled(k) { + store = listenkv.NewStore(store, k, rs.listeners[k]) + } + stores[k] = store + } + return cachemulti.NewStore(rs.db, stores, rs.keysByName, rs.traceWriter, rs.getTracingContext()) +} +``` + +```go +func (rs *Store) CacheMultiStoreWithVersion(version int64) (types.CacheMultiStore, error) { + // ... + + // Wire the listenkv.Store to allow listeners to observe the writes from the cache store, + // set same listeners on cache store will observe duplicated writes. + if rs.ListeningEnabled(key) { + cacheStore = listenkv.NewStore(cacheStore, key, rs.listeners[key]) + } + + cachedStores[key] = cacheStore + } + + return cachemulti.NewStore(rs.db, cachedStores, rs.keysByName, rs.traceWriter, rs.getTracingContext()), nil +} +``` + +### Exposing the data + +#### Streaming Service + +We will introduce a new `ABCIListener` interface that plugs into the BaseApp and relays ABCI requests and responses +so that the service can group the state changes with the ABCI requests. + +```go +// baseapp/streaming.go + +// ABCIListener is the interface that we're exposing as a streaming service. +type ABCIListener interface { + // ListenFinalizeBlock updates the streaming service with the latest FinalizeBlock messages + ListenFinalizeBlock(ctx context.Context, req abci.RequestFinalizeBlock, res abci.ResponseFinalizeBlock) error + // ListenCommit updates the steaming service with the latest Commit messages and state changes + ListenCommit(ctx context.Context, res abci.ResponseCommit, changeSet []*StoreKVPair) error +} +``` + +#### BaseApp Registration + +We will add a new method to the `BaseApp` to enable the registration of `StreamingService`s: + + ```go + // SetStreamingService is used to set a streaming service into the BaseApp hooks and load the listeners into the multistore +func (app *BaseApp) SetStreamingService(s ABCIListener) { + // register the StreamingService within the BaseApp + // BaseApp will pass BeginBlock, DeliverTx, and EndBlock requests and responses to the streaming services to update their ABCI context + app.abciListeners = append(app.abciListeners, s) +} +``` + +We will add two new fields to the `BaseApp` struct: + +```go +type BaseApp struct { + + ... + + // abciListenersAsync for determining if abciListeners will run asynchronously. + // When abciListenersAsync=false and stopNodeOnABCIListenerErr=false listeners will run synchronized but will not stop the node. + // When abciListenersAsync=true stopNodeOnABCIListenerErr will be ignored. + abciListenersAsync bool + + // stopNodeOnABCIListenerErr halts the node when ABCI streaming service listening results in an error. + // stopNodeOnABCIListenerErr=true must be paired with abciListenersAsync=false. + stopNodeOnABCIListenerErr bool +} +``` + +#### ABCI Event Hooks + +We will modify the `FinalizeBlock` and `Commit` methods to pass ABCI requests and responses +to any streaming service hooks registered with the `BaseApp`. + +```go +func (app *BaseApp) FinalizeBlock(req abci.RequestFinalizeBlock) abci.ResponseFinalizeBlock { + + var abciRes abci.ResponseFinalizeBlock + defer func() { + // call the streaming service hook with the FinalizeBlock messages + for _, abciListener := range app.abciListeners { + ctx := app.finalizeState.ctx + blockHeight := ctx.BlockHeight() + if app.abciListenersAsync { + go func(req abci.RequestFinalizeBlock, res abci.ResponseFinalizeBlock) { + if err := app.abciListener.FinalizeBlock(blockHeight, req, res); err != nil { + app.logger.Error("FinalizeBlock listening hook failed", "height", blockHeight, "err", err) + } + }(req, abciRes) + } else { + if err := app.abciListener.ListenFinalizeBlock(blockHeight, req, res); err != nil { + app.logger.Error("FinalizeBlock listening hook failed", "height", blockHeight, "err", err) + if app.stopNodeOnABCIListenerErr { + os.Exit(1) + } + } + } + } + }() + + ... + + return abciRes +} +``` + +```go +func (app *BaseApp) Commit() abci.ResponseCommit { + + ... + + res := abci.ResponseCommit{ + Data: commitID.Hash, + RetainHeight: retainHeight, + } + + // call the streaming service hook with the Commit messages + for _, abciListener := range app.abciListeners { + ctx := app.deliverState.ctx + blockHeight := ctx.BlockHeight() + changeSet := app.cms.PopStateCache() + if app.abciListenersAsync { + go func(res abci.ResponseCommit, changeSet []store.StoreKVPair) { + if err := app.abciListener.ListenCommit(ctx, res, changeSet); err != nil { + app.logger.Error("ListenCommit listening hook failed", "height", blockHeight, "err", err) + } + }(res, changeSet) + } else { + if err := app.abciListener.ListenCommit(ctx, res, changeSet); err != nil { + app.logger.Error("ListenCommit listening hook failed", "height", blockHeight, "err", err) + if app.stopNodeOnABCIListenerErr { + os.Exit(1) + } + } + } + } + + ... + + return res +} +``` + +#### Go Plugin System + +We propose a plugin architecture to load and run `Streaming` plugins and other types of implementations. We will introduce a plugin +system over gRPC that is used to load and run Cosmos-SDK plugins. The plugin system uses [hashicorp/go-plugin](https://github.com/hashicorp/go-plugin). +Each plugin must have a struct that implements the `plugin.Plugin` interface and an `Impl` interface for processing messages over gRPC. +Each plugin must also have a message protocol defined for the gRPC service: + +```go +// streaming/plugins/abci/{plugin_version}/interface.go + +// Handshake is a common handshake that is shared by streaming and host. +// This prevents users from executing bad plugins or executing a plugin +// directory. It is a UX feature, not a security feature. +var Handshake = plugin.HandshakeConfig{ + ProtocolVersion: 1, + MagicCookieKey: "ABCI_LISTENER_PLUGIN", + MagicCookieValue: "ef78114d-7bdf-411c-868f-347c99a78345", +} + +// ListenerPlugin is the base struc for all kinds of go-plugin implementations +// It will be included in interfaces of different Plugins +type ABCIListenerPlugin struct { + // GRPCPlugin must still implement the Plugin interface + plugin.Plugin + // Concrete implementation, written in Go. This is only used for plugins + // that are written in Go. + Impl baseapp.ABCIListener +} + +func (p *ListenerGRPCPlugin) GRPCServer(_ *plugin.GRPCBroker, s *grpc.Server) error { + RegisterABCIListenerServiceServer(s, &GRPCServer{Impl: p.Impl}) + return nil +} + +func (p *ListenerGRPCPlugin) GRPCClient( + _ context.Context, + _ *plugin.GRPCBroker, + c *grpc.ClientConn, +) (interface{}, error) { + return &GRPCClient{client: NewABCIListenerServiceClient(c)}, nil +} +``` + +The `plugin.Plugin` interface has two methods `Client` and `Server`. For our GRPC service these are `GRPCClient` and `GRPCServer` +The `Impl` field holds the concrete implementation of our `baseapp.ABCIListener` interface written in Go. +Note: this is only used for plugin implementations written in Go. + +The advantage of having such a plugin system is that within each plugin authors can define the message protocol in a way that fits their use case. +For example, when state change listening is desired, the `ABCIListener` message protocol can be defined as below (*for illustrative purposes only*). +When state change listening is not desired than `ListenCommit` can be omitted from the protocol. + +```protobuf +syntax = "proto3"; + +... + +message Empty {} + +message ListenFinalizeBlockRequest { + RequestFinalizeBlock req = 1; + ResponseFinalizeBlock res = 2; +} +message ListenCommitRequest { + int64 block_height = 1; + ResponseCommit res = 2; + repeated StoreKVPair changeSet = 3; +} + +// plugin that listens to state changes +service ABCIListenerService { + rpc ListenFinalizeBlock(ListenFinalizeBlockRequest) returns (Empty); + rpc ListenCommit(ListenCommitRequest) returns (Empty); +} +``` + +```protobuf +... +// plugin that doesn't listen to state changes +service ABCIListenerService { + rpc ListenFinalizeBlock(ListenFinalizeBlockRequest) returns (Empty); + rpc ListenCommit(ListenCommitRequest) returns (Empty); +} +``` + +Implementing the service above: + +```go +// streaming/plugins/abci/{plugin_version}/grpc.go + +var ( + _ baseapp.ABCIListener = (*GRPCClient)(nil) +) + +// GRPCClient is an implementation of the ABCIListener and ABCIListenerPlugin interfaces that talks over RPC. +type GRPCClient struct { + client ABCIListenerServiceClient +} + +func (m *GRPCClient) ListenFinalizeBlock(goCtx context.Context, req abci.RequestFinalizeBlock, res abci.ResponseFinalizeBlock) error { + ctx := sdk.UnwrapSDKContext(goCtx) + _, err := m.client.ListenDeliverTx(ctx, &ListenDeliverTxRequest{BlockHeight: ctx.BlockHeight(), Req: req, Res: res}) + return err +} + +func (m *GRPCClient) ListenCommit(goCtx context.Context, res abci.ResponseCommit, changeSet []store.StoreKVPair) error { + ctx := sdk.UnwrapSDKContext(goCtx) + _, err := m.client.ListenCommit(ctx, &ListenCommitRequest{BlockHeight: ctx.BlockHeight(), Res: res, ChangeSet: changeSet}) + return err +} + +// GRPCServer is the gRPC server that GRPCClient talks to. +type GRPCServer struct { + // This is the real implementation + Impl baseapp.ABCIListener +} + +func (m *GRPCServer) ListenFinalizeBlock(ctx context.Context, req *ListenFinalizeBlockRequest) (*Empty, error) { + return &Empty{}, m.Impl.ListenFinalizeBlock(ctx, req.Req, req.Res) +} + +func (m *GRPCServer) ListenCommit(ctx context.Context, req *ListenCommitRequest) (*Empty, error) { + return &Empty{}, m.Impl.ListenCommit(ctx, req.Res, req.ChangeSet) +} + +``` + +And the pre-compiled Go plugin `Impl`(*this is only used for plugins that are written in Go*): + +```go +// streaming/plugins/abci/{plugin_version}/impl/plugin.go + +// Plugins are pre-compiled and loaded by the plugin system + +// ABCIListener is the implementation of the baseapp.ABCIListener interface +type ABCIListener struct{} + +func (m *ABCIListenerPlugin) ListenFinalizeBlock(ctx context.Context, req abci.RequestFinalizeBlock, res abci.ResponseFinalizeBlock) error { + // send data to external system +} + +func (m *ABCIListenerPlugin) ListenCommit(ctx context.Context, res abci.ResponseCommit, changeSet []store.StoreKVPair) error { + // send data to external system +} + +func main() { + plugin.Serve(&plugin.ServeConfig{ + HandshakeConfig: grpc_abci_v1.Handshake, + Plugins: map[string]plugin.Plugin{ + "grpc_plugin_v1": &grpc_abci_v1.ABCIListenerGRPCPlugin{Impl: &ABCIListenerPlugin{}}, + }, + + // A non-nil value here enables gRPC serving for this streaming... + GRPCServer: plugin.DefaultGRPCServer, + }) +} +``` + +We will introduce a plugin loading system that will return `(interface{}, error)`. +This provides the advantage of using versioned plugins where the plugin interface and gRPC protocol change over time. +In addition, it allows for building independent plugin that can expose different parts of the system over gRPC. + +```go +func NewStreamingPlugin(name string, logLevel string) (interface{}, error) { + logger := hclog.New(&hclog.LoggerOptions{ + Output: hclog.DefaultOutput, + Level: toHclogLevel(logLevel), + Name: fmt.Sprintf("plugin.%s", name), + }) + + // We're a host. Start by launching the streaming process. + env := os.Getenv(GetPluginEnvKey(name)) + client := plugin.NewClient(&plugin.ClientConfig{ + HandshakeConfig: HandshakeMap[name], + Plugins: PluginMap, + Cmd: exec.Command("sh", "-c", env), + Logger: logger, + AllowedProtocols: []plugin.Protocol{ + plugin.ProtocolNetRPC, plugin.ProtocolGRPC}, + }) + + // Connect via RPC + rpcClient, err := client.Client() + if err != nil { + return nil, err + } + + // Request streaming plugin + return rpcClient.Dispense(name) +} + +``` + +We propose a `RegisterStreamingPlugin` function for the App to register `NewStreamingPlugin`s with the App's BaseApp. +Streaming plugins can be of `Any` type; therefore, the function takes in an interface vs a concrete type. +For example, we could have plugins of `ABCIListener`, `WasmListener` or `IBCListener`. Note that `RegisterStreamingPluing` function +is helper function and not a requirement. Plugin registration can easily be moved from the App to the BaseApp directly. + +```go +// baseapp/streaming.go + +// RegisterStreamingPlugin registers streaming plugins with the App. +// This method returns an error if a plugin is not supported. +func RegisterStreamingPlugin( + bApp *BaseApp, + appOpts servertypes.AppOptions, + keys map[string]*types.KVStoreKey, + streamingPlugin interface{}, +) error { + switch t := streamingPlugin.(type) { + case ABCIListener: + registerABCIListenerPlugin(bApp, appOpts, keys, t) + default: + return fmt.Errorf("unexpected plugin type %T", t) + } + return nil +} +``` + +```go +func registerABCIListenerPlugin( + bApp *BaseApp, + appOpts servertypes.AppOptions, + keys map[string]*store.KVStoreKey, + abciListener ABCIListener, +) { + asyncKey := fmt.Sprintf("%s.%s.%s", StreamingTomlKey, StreamingABCITomlKey, StreamingABCIAsync) + async := cast.ToBool(appOpts.Get(asyncKey)) + stopNodeOnErrKey := fmt.Sprintf("%s.%s.%s", StreamingTomlKey, StreamingABCITomlKey, StreamingABCIStopNodeOnErrTomlKey) + stopNodeOnErr := cast.ToBool(appOpts.Get(stopNodeOnErrKey)) + keysKey := fmt.Sprintf("%s.%s.%s", StreamingTomlKey, StreamingABCITomlKey, StreamingABCIKeysTomlKey) + exposeKeysStr := cast.ToStringSlice(appOpts.Get(keysKey)) + exposedKeys := exposeStoreKeysSorted(exposeKeysStr, keys) + bApp.cms.AddListeners(exposedKeys) + app.SetStreamingManager( + storetypes.StreamingManager{ + ABCIListeners: []storetypes.ABCIListener{abciListener}, + StopNodeOnErr: stopNodeOnErr, + }, + ) +} +``` + +```go +func exposeAll(list []string) bool { + for _, ele := range list { + if ele == "*" { + return true + } + } + return false +} + +func exposeStoreKeys(keysStr []string, keys map[string]*types.KVStoreKey) []types.StoreKey { + var exposeStoreKeys []types.StoreKey + if exposeAll(keysStr) { + exposeStoreKeys = make([]types.StoreKey, 0, len(keys)) + for _, storeKey := range keys { + exposeStoreKeys = append(exposeStoreKeys, storeKey) + } + } else { + exposeStoreKeys = make([]types.StoreKey, 0, len(keysStr)) + for _, keyStr := range keysStr { + if storeKey, ok := keys[keyStr]; ok { + exposeStoreKeys = append(exposeStoreKeys, storeKey) + } + } + } + // sort storeKeys for deterministic output + sort.SliceStable(exposeStoreKeys, func(i, j int) bool { + return exposeStoreKeys[i].Name() < exposeStoreKeys[j].Name() + }) + + return exposeStoreKeys +} +``` + +The `NewStreamingPlugin` and `RegisterStreamingPlugin` functions are used to register a plugin with the App's BaseApp. + +e.g. in `NewSimApp`: + +```go +func NewSimApp( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), +) *SimApp { + + ... + + keys := sdk.NewKVStoreKeys( + authtypes.StoreKey, banktypes.StoreKey, stakingtypes.StoreKey, + minttypes.StoreKey, distrtypes.StoreKey, slashingtypes.StoreKey, + govtypes.StoreKey, paramstypes.StoreKey, ibchost.StoreKey, upgradetypes.StoreKey, + evidencetypes.StoreKey, ibctransfertypes.StoreKey, capabilitytypes.StoreKey, + ) + + ... + + // register streaming services + streamingCfg := cast.ToStringMap(appOpts.Get(baseapp.StreamingTomlKey)) + for service := range streamingCfg { + pluginKey := fmt.Sprintf("%s.%s.%s", baseapp.StreamingTomlKey, service, baseapp.StreamingPluginTomlKey) + pluginName := strings.TrimSpace(cast.ToString(appOpts.Get(pluginKey))) + if len(pluginName) > 0 { + logLevel := cast.ToString(appOpts.Get(flags.FlagLogLevel)) + plugin, err := streaming.NewStreamingPlugin(pluginName, logLevel) + if err != nil { + tmos.Exit(err.Error()) + } + if err := baseapp.RegisterStreamingPlugin(bApp, appOpts, keys, plugin); err != nil { + tmos.Exit(err.Error()) + } + } + } + + return app +``` + +#### Configuration + +The plugin system will be configured within an App's TOML configuration files. + +```toml +# gRPC streaming +[streaming] + +# ABCI streaming service +[streaming.abci] + +# The plugin version to use for ABCI listening +plugin = "abci_v1" + +# List of kv store keys to listen to for state changes. +# Set to ["*"] to expose all keys. +keys = ["*"] + +# Enable abciListeners to run asynchronously. +# When abciListenersAsync=false and stopNodeOnABCIListenerErr=false listeners will run synchronized but will not stop the node. +# When abciListenersAsync=true stopNodeOnABCIListenerErr will be ignored. +async = false + +# Whether to stop the node on message deliver error. +stop-node-on-err = true +``` + +There will be four parameters for configuring `ABCIListener` plugin: `streaming.abci.plugin`, `streaming.abci.keys`, `streaming.abci.async` and `streaming.abci.stop-node-on-err`. +`streaming.abci.plugin` is the name of the plugin we want to use for streaming, `streaming.abci.keys` is a set of store keys for stores it listens to, +`streaming.abci.async` is bool enabling asynchronous listening and `streaming.abci.stop-node-on-err` is a bool that stops the node when true and when operating +on synchronized mode `streaming.abci.async=false`. Note that `streaming.abci.stop-node-on-err=true` will be ignored if `streaming.abci.async=true`. + +The configuration above support additional streaming plugins by adding the plugin to the `[streaming]` configuration section +and registering the plugin with `RegisterStreamingPlugin` helper function. + +Note the that each plugin must include `streaming.{service}.plugin` property as it is a requirement for doing the lookup and registration of the plugin +with the App. All other properties are unique to the individual services. + +#### Encoding and decoding streams + +ADR-038 introduces the interfaces and types for streaming state changes out from KVStores, associating this +data with their related ABCI requests and responses, and registering a service for consuming this data and streaming it to some destination in a final format. +Instead of prescribing a final data format in this ADR, it is left to a specific plugin implementation to define and document this format. +We take this approach because flexibility in the final format is necessary to support a wide range of streaming service plugins. For example, +the data format for a streaming service that writes the data out to a set of files will differ from the data format that is written to a Kafka topic. + +## Consequences + +These changes will provide a means of subscribing to KVStore state changes in real time. + +### Backwards Compatibility + +* This ADR changes the `CommitMultiStore` interface, implementations supporting the previous version of this interface will not support the new one + +### Positive + +* Ability to listen to KVStore state changes in real time and expose these events to external consumers + +### Negative + +* Changes `CommitMultiStore` interface and its implementations + +### Neutral + +* Introduces additional- but optional- complexity to configuring and running a cosmos application +* If an application developer opts to use these features to expose data, they need to be aware of the ramifications/risks of that data exposure as it pertains to the specifics of their application diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-039-epoched-staking.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-039-epoched-staking.md new file mode 100644 index 00000000..29418fc8 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-039-epoched-staking.md @@ -0,0 +1,122 @@ +# ADR 039: Epoched Staking + +## Changelog + +* 10-Feb-2021: Initial Draft + +## Authors + +* Dev Ojha (@valardragon) +* Sunny Aggarwal (@sunnya97) + +## Status + +Proposed + +## Abstract + +This ADR updates the proof of stake module to buffer the staking weight updates for a number of blocks before updating the consensus' staking weights. The length of the buffer is dubbed an epoch. The prior functionality of the staking module is then a special case of the abstracted module, with the epoch being set to 1 block. + +## Context + +The current proof of stake module takes the design decision to apply staking weight changes to the consensus engine immediately. This means that delegations and unbonds get applied immediately to the validator set. This decision was primarily done as it was implementationally simplest, and because we at the time believed that this would lead to better UX for clients. + +An alternative design choice is to allow buffering staking updates (delegations, unbonds, validators joining) for a number of blocks. This 'epoch'd proof of stake consensus provides the guarantee that the consensus weights for validators will not change mid-epoch, except in the event of a slash condition. + +Additionally, the UX hurdle may not be as significant as was previously thought. This is because it is possible to provide users immediate acknowledgement that their bond was recorded and will be executed. + +Furthermore, it has become clearer over time that immediate execution of staking events comes with limitations, such as: + +* Threshold based cryptography. One of the main limitations is that because the validator set can change so regularly, it makes the running of multiparty computation by a fixed validator set difficult. Many threshold-based cryptographic features for blockchains such as randomness beacons and threshold decryption require a computationally-expensive DKG process (will take much longer than 1 block to create). To productively use these, we need to guarantee that the result of the DKG will be used for a reasonably long time. It wouldn't be feasible to rerun the DKG every block. By epoching staking, it guarantees we'll only need to run a new DKG once every epoch. + +* Light client efficiency. This would lessen the overhead for IBC when there is high churn in the validator set. In the Tendermint light client bisection algorithm, the number of headers you need to verify is related to bounding the difference in validator sets between a trusted header and the latest header. If the difference is too great, you verify more header in between the two. By limiting the frequency of validator set changes, we can reduce the worst case size of IBC lite client proofs, which occurs when a validator set has high churn. + +* Fairness of deterministic leader election. Currently we have no ways of reasoning of fairness of deterministic leader election in the presence of staking changes without epochs (tendermint/spec#217). Breaking fairness of leader election is profitable for validators, as they earn additional rewards from being the proposer. Adding epochs at least makes it easier for our deterministic leader election to match something we can prove secure. (Albeit, we still haven’t proven if our current algorithm is fair with > 2 validators in the presence of stake changes) + +* Staking derivative design. Currently, reward distribution is done lazily using the F1 fee distribution. While saving computational complexity, lazy accounting requires a more stateful staking implementation. Right now, each delegation entry has to track the time of last withdrawal. Handling this can be a challenge for some staking derivatives designs that seek to provide fungibility for all tokens staked to a single validator. Force-withdrawing rewards to users can help solve this, however it is infeasible to force-withdraw rewards to users on a per block basis. With epochs, a chain could more easily alter the design to have rewards be forcefully withdrawn (iterating over delegator accounts only once per-epoch), and can thus remove delegation timing from state. This may be useful for certain staking derivative designs. + +## Design considerations + +### Slashing + +There is a design consideration for whether to apply a slash immediately or at the end of an epoch. A slash event should apply to only members who are actually staked during the time of the infraction, namely during the epoch the slash event occured. + +Applying it immediately can be viewed as offering greater consensus layer security, at potential costs to the aforementioned usecases. The benefits of immediate slashing for consensus layer security can be all be obtained by executing the validator jailing immediately (thus removing it from the validator set), and delaying the actual slash change to the validator's weight until the epoch boundary. For the use cases mentioned above, workarounds can be integrated to avoid problems, as follows: + +* For threshold based cryptography, this setting will have the threshold cryptography use the original epoch weights, while consensus has an update that lets it more rapidly benefit from additional security. If the threshold based cryptography blocks liveness of the chain, then we have effectively raised the liveness threshold of the remaining validators for the rest of the epoch. (Alternatively, jailed nodes could still contribute shares) This plan will fail in the extreme case that more than 1/3rd of the validators have been jailed within a single epoch. For such an extreme scenario, the chain already have its own custom incident response plan, and defining how to handle the threshold cryptography should be a part of that. +* For light client efficiency, there can be a bit included in the header indicating an intra-epoch slash (ala https://github.com/tendermint/spec/issues/199). +* For fairness of deterministic leader election, applying a slash or jailing within an epoch would break the guarantee we were seeking to provide. This then re-introduces a new (but significantly simpler) problem for trying to provide fairness guarantees. Namely, that validators can adversarially elect to remove themself from the set of proposers. From a security perspective, this could potentially be handled by two different mechanisms (or prove to still be too difficult to achieve). One is making a security statement acknowledging the ability for an adversary to force an ahead-of-time fixed threshold of users to drop out of the proposer set within an epoch. The second method would be to parameterize such that the cost of a slash within the epoch far outweights benefits due to being a proposer. However, this latter criterion is quite dubious, since being a proposer can have many advantageous side-effects in chains with complex state machines. (Namely, DeFi games such as Fomo3D) +* For staking derivative design, there is no issue introduced. This does not increase the state size of staking records, since whether a slash has occured is fully queryable given the validator address. + +### Token lockup + +When someone makes a transaction to delegate, even though they are not immediately staked, their tokens should be moved into a pool managed by the staking module which will then be used at the end of an epoch. This prevents concerns where they stake, and then spend those tokens not realizing they were already allocated for staking, and thus having their staking tx fail. + +### Pipelining the epochs + +For threshold based cryptography in particular, we need a pipeline for epoch changes. This is because when we are in epoch N, we want the epoch N+1 weights to be fixed so that the validator set can do the DKG accordingly. So if we are currently in epoch N, the stake weights for epoch N+1 should already be fixed, and new stake changes should be getting applied to epoch N + 2. + +This can be handled by making a parameter for the epoch pipeline length. This parameter should not be alterable except during hard forks, to mitigate implementation complexity of switching the pipeline length. + +With pipeline length 1, if I redelegate during epoch N, then my redelegation is applied prior to the beginning of epoch N+1. +With pipeline length 2, if I redelegate during epoch N, then my redelegation is applied prior to the beginning of epoch N+2. + +### Rewards + +Even though all staking updates are applied at epoch boundaries, rewards can still be distributed immediately when they are claimed. This is because they do not affect the current stake weights, as we do not implement auto-bonding of rewards. If such a feature were to be implemented, it would have to be setup so that rewards are auto-bonded at the epoch boundary. + +### Parameterizing the epoch length + +When choosing the epoch length, there is a trade-off queued state/computation buildup, and countering the previously discussed limitations of immediate execution if they apply to a given chain. + +Until an ABCI mechanism for variable block times is introduced, it is ill-advised to be using high epoch lengths due to the computation buildup. This is because when a block's execution time is greater than the expected block time from Tendermint, rounds may increment. + +## Decision + +**Step-1**: Implement buffering of all staking and slashing messages. + +First we create a pool for storing tokens that are being bonded, but should be applied at the epoch boundary called the `EpochDelegationPool`. Then, we have two separate queues, one for staking, one for slashing. We describe what happens on each message being delivered below: + +### Staking messages + +* **MsgCreateValidator**: Move user's self-bond to `EpochDelegationPool` immediately. Queue a message for the epoch boundary to handle the self-bond, taking the funds from the `EpochDelegationPool`. If Epoch execution fail, return back funds from `EpochDelegationPool` to user's account. +* **MsgEditValidator**: Validate message and if valid queue the message for execution at the end of the Epoch. +* **MsgDelegate**: Move user's funds to `EpochDelegationPool` immediately. Queue a message for the epoch boundary to handle the delegation, taking the funds from the `EpochDelegationPool`. If Epoch execution fail, return back funds from `EpochDelegationPool` to user's account. +* **MsgBeginRedelegate**: Validate message and if valid queue the message for execution at the end of the Epoch. +* **MsgUndelegate**: Validate message and if valid queue the message for execution at the end of the Epoch. + +### Slashing messages + +* **MsgUnjail**: Validate message and if valid queue the message for execution at the end of the Epoch. +* **Slash Event**: Whenever a slash event is created, it gets queued in the slashing module to apply at the end of the epoch. The queues should be setup such that this slash applies immediately. + +### Evidence Messages + +* **MsgSubmitEvidence**: This gets executed immediately, and the validator gets jailed immediately. However in slashing, the actual slash event gets queued. + +Then we add methods to the end blockers, to ensure that at the epoch boundary the queues are cleared and delegation updates are applied. + +**Step-2**: Implement querying of queued staking txs. + +When querying the staking activity of a given address, the status should return not only the amount of tokens staked, but also if there are any queued stake events for that address. This will require more work to be done in the querying logic, to trace the queued upcoming staking events. + +As an initial implementation, this can be implemented as a linear search over all queued staking events. However, for chains that need long epochs, they should eventually build additional support for nodes that support querying to be able to produce results in constant time. (This is do-able by maintaining an auxilliary hashmap for indexing upcoming staking events by address) + +**Step-3**: Adjust gas + +Currently gas represents the cost of executing a transaction when its done immediately. (Merging together costs of p2p overhead, state access overhead, and computational overhead) However, now a transaction can cause computation in a future block, namely at the epoch boundary. + +To handle this, we should initially include parameters for estimating the amount of future computation (denominated in gas), and add that as a flat charge needed for the message. +We leave it as out of scope for how to weight future computation versus current computation in gas pricing, and have it set such that the are weighted equally for now. + +## Consequences + +### Positive + +* Abstracts the proof of stake module that allows retaining the existing functionality +* Enables new features such as validator-set based threshold cryptography + +### Negative + +* Increases complexity of integrating more complex gas pricing mechanisms, as they now have to consider future execution costs as well. +* When epoch > 1, validators can no longer leave the network immediately, and must wait until an epoch boundary. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-040-storage-and-smt-state-commitments.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-040-storage-and-smt-state-commitments.md new file mode 100644 index 00000000..f60e3adc --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-040-storage-and-smt-state-commitments.md @@ -0,0 +1,289 @@ +# ADR 040: Storage and SMT State Commitments + +## Changelog + +* 2020-01-15: Draft + +## Status + +DRAFT Not Implemented + +## Abstract + +Sparse Merkle Tree ([SMT](https://osf.io/8mcnh/)) is a version of a Merkle Tree with various storage and performance optimizations. This ADR defines a separation of state commitments from data storage and the Cosmos SDK transition from IAVL to SMT. + +## Context + +Currently, Cosmos SDK uses IAVL for both state [commitments](https://cryptography.fandom.com/wiki/Commitment_scheme) and data storage. + +IAVL has effectively become an orphaned project within the Cosmos ecosystem and it's proven to be an inefficient state commitment data structure. +In the current design, IAVL is used for both data storage and as a Merkle Tree for state commitments. IAVL is meant to be a standalone Merkelized key/value database, however it's using a KV DB engine to store all tree nodes. So, each node is stored in a separate record in the KV DB. This causes many inefficiencies and problems: + +* Each object query requires a tree traversal from the root. Subsequent queries for the same object are cached on the Cosmos SDK level. +* Each edge traversal requires a DB query. +* Creating snapshots is [expensive](https://github.com/cosmos/cosmos-sdk/issues/7215#issuecomment-684804950). It takes about 30 seconds to export less than 100 MB of state (as of March 2020). +* Updates in IAVL may trigger tree reorganization and possible O(log(n)) hashes re-computation, which can become a CPU bottleneck. +* The node structure is pretty expensive - it contains a standard tree node elements (key, value, left and right element) and additional metadata such as height, version (which is not required by the Cosmos SDK). The entire node is hashed, and that hash is used as the key in the underlying database, [ref](https://github.com/cosmos/iavl/blob/master/docs/node/node.md +). + +Moreover, the IAVL project lacks support and a maintainer and we already see better and well-established alternatives. Instead of optimizing the IAVL, we are looking into other solutions for both storage and state commitments. + +## Decision + +We propose to separate the concerns of state commitment (**SC**), needed for consensus, and state storage (**SS**), needed for state machine. Finally we replace IAVL with [Celestia's SMT](https://github.com/lazyledger/smt). Celestia SMT is based on Diem (called jellyfish) design [*] - it uses a compute-optimised SMT by replacing subtrees with only default values with a single node (same approach is used by Ethereum2) and implements compact proofs. + +The storage model presented here doesn't deal with data structure nor serialization. It's a Key-Value database, where both key and value are binaries. The storage user is responsible for data serialization. + +### Decouple state commitment from storage + +Separation of storage and commitment (by the SMT) will allow the optimization of different components according to their usage and access patterns. + +`SC` (SMT) is used to commit to a data and compute Merkle proofs. `SS` is used to directly access data. To avoid collisions, both `SS` and `SC` will use a separate storage namespace (they could use the same database underneath). `SS` will store each record directly (mapping `(key, value)` as `key → value`). + +SMT is a merkle tree structure: we don't store keys directly. For every `(key, value)` pair, `hash(key)` is used as leaf path (we hash a key to uniformly distribute leaves in the tree) and `hash(value)` as the leaf contents. The tree structure is specified in more depth [below](#smt-for-state-commitment). + +For data access we propose 2 additional KV buckets (implemented as namespaces for the key-value pairs, sometimes called [column family](https://github.com/facebook/rocksdb/wiki/Terminology)): + +1. B1: `key → value`: the principal object storage, used by a state machine, behind the Cosmos SDK `KVStore` interface: provides direct access by key and allows prefix iteration (KV DB backend must support it). +2. B2: `hash(key) → key`: a reverse index to get a key from an SMT path. Internally the SMT will store `(key, value)` as `prefix || hash(key) || hash(value)`. So, we can get an object value by composing `hash(key) → B2 → B1`. +3. We could use more buckets to optimize the app usage if needed. + +We propose to use a KV database for both `SS` and `SC`. The store interface will allow to use the same physical DB backend for both `SS` and `SC` as well two separate DBs. The latter option allows for the separation of `SS` and `SC` into different hardware units, providing support for more complex setup scenarios and improving overall performance: one can use different backends (eg RocksDB and Badger) as well as independently tuning the underlying DB configuration. + +### Requirements + +State Storage requirements: + +* range queries +* quick (key, value) access +* creating a snapshot +* historical versioning +* pruning (garbage collection) + +State Commitment requirements: + +* fast updates +* tree path should be short +* query historical commitment proofs using ICS-23 standard +* pruning (garbage collection) + +### SMT for State Commitment + +A Sparse Merkle tree is based on the idea of a complete Merkle tree of an intractable size. The assumption here is that as the size of the tree is intractable, there would only be a few leaf nodes with valid data blocks relative to the tree size, rendering a sparse tree. + +The full specification can be found at [Celestia](https://github.com/celestiaorg/celestia-specs/blob/ec98170398dfc6394423ee79b00b71038879e211/src/specs/data_structures.md#sparse-merkle-tree). In summary: + +* The SMT consists of a binary Merkle tree, constructed in the same fashion as described in [Certificate Transparency (RFC-6962)](https://tools.ietf.org/html/rfc6962), but using as the hashing function SHA-2-256 as defined in [FIPS 180-4](https://doi.org/10.6028/NIST.FIPS.180-4). +* Leaves and internal nodes are hashed differently: the one-byte `0x00` is prepended for leaf nodes while `0x01` is prepended for internal nodes. +* Default values are given to leaf nodes with empty leaves. +* While the above rule is sufficient to pre-compute the values of intermediate nodes that are roots of empty subtrees, a further simplification is to extend this default value to all nodes that are roots of empty subtrees. The 32-byte zero is used as the default value. This rule takes precedence over the above one. +* An internal node that is the root of a subtree that contains exactly one non-empty leaf is replaced by that leaf's leaf node. + +### Snapshots for storage sync and state versioning + +Below, with simple _snapshot_ we refer to a database snapshot mechanism, not to a _ABCI snapshot sync_. The latter will be referred as _snapshot sync_ (which will directly use DB snapshot as described below). + +Database snapshot is a view of DB state at a certain time or transaction. It's not a full copy of a database (it would be too big). Usually a snapshot mechanism is based on a _copy on write_ and it allows DB state to be efficiently delivered at a certain stage. +Some DB engines support snapshotting. Hence, we propose to reuse that functionality for the state sync and versioning (described below). We limit the supported DB engines to ones which efficiently implement snapshots. In a final section we discuss the evaluated DBs. + +One of the Stargate core features is a _snapshot sync_ delivered in the `/snapshot` package. It provides a way to trustlessly sync a blockchain without repeating all transactions from the genesis. This feature is implemented in Cosmos SDK and requires storage support. Currently IAVL is the only supported backend. It works by streaming to a client a snapshot of a `SS` at a certain version together with a header chain. + +A new database snapshot will be created in every `EndBlocker` and identified by a block height. The `root` store keeps track of the available snapshots to offer `SS` at a certain version. The `root` store implements the `RootStore` interface described below. In essence, `RootStore` encapsulates a `Committer` interface. `Committer` has a `Commit`, `SetPruning`, `GetPruning` functions which will be used for creating and removing snapshots. The `rootStore.Commit` function creates a new snapshot and increments the version on each call, and checks if it needs to remove old versions. We will need to update the SMT interface to implement the `Committer` interface. +NOTE: `Commit` must be called exactly once per block. Otherwise we risk going out of sync for the version number and block height. +NOTE: For the Cosmos SDK storage, we may consider splitting that interface into `Committer` and `PruningCommitter` - only the multiroot should implement `PruningCommitter` (cache and prefix store don't need pruning). + +Number of historical versions for `abci.RequestQuery` and state sync snapshots is part of a node configuration, not a chain configuration (configuration implied by the blockchain consensus). A configuration should allow to specify number of past blocks and number of past blocks modulo some number (eg: 100 past blocks and one snapshot every 100 blocks for past 2000 blocks). Archival nodes can keep all past versions. + +Pruning old snapshots is effectively done by a database. Whenever we update a record in `SC`, SMT won't update nodes - instead it creates new nodes on the update path, without removing the old one. Since we are snapshotting each block, we need to change that mechanism to immediately remove orphaned nodes from the database. This is a safe operation - snapshots will keep track of the records and make it available when accessing past versions. + +To manage the active snapshots we will either use a DB _max number of snapshots_ option (if available), or we will remove DB snapshots in the `EndBlocker`. The latter option can be done efficiently by identifying snapshots with block height and calling a store function to remove past versions. + +#### Accessing old state versions + +One of the functional requirements is to access old state. This is done through `abci.RequestQuery` structure. The version is specified by a block height (so we query for an object by a key `K` at block height `H`). The number of old versions supported for `abci.RequestQuery` is configurable. Accessing an old state is done by using available snapshots. +`abci.RequestQuery` doesn't need old state of `SC` unless the `prove=true` parameter is set. The SMT merkle proof must be included in the `abci.ResponseQuery` only if both `SC` and `SS` have a snapshot for requested version. + +Moreover, Cosmos SDK could provide a way to directly access a historical state. However, a state machine shouldn't do that - since the number of snapshots is configurable, it would lead to nondeterministic execution. + +We positively [validated](https://github.com/cosmos/cosmos-sdk/discussions/8297) a versioning and snapshot mechanism for querying old state with regards to the database we evaluated. + +### State Proofs + +For any object stored in State Store (SS), we have corresponding object in `SC`. A proof for object `V` identified by a key `K` is a branch of `SC`, where the path corresponds to the key `hash(K)`, and the leaf is `hash(K, V)`. + +### Rollbacks + +We need to be able to process transactions and roll-back state updates if a transaction fails. This can be done in the following way: during transaction processing, we keep all state change requests (writes) in a `CacheWrapper` abstraction (as it's done today). Once we finish the block processing, in the `Endblocker`, we commit a root store - at that time, all changes are written to the SMT and to the `SS` and a snapshot is created. + +### Committing to an object without saving it + +We identified use-cases, where modules will need to save an object commitment without storing an object itself. Sometimes clients are receiving complex objects, and they have no way to prove a correctness of that object without knowing the storage layout. For those use cases it would be easier to commit to the object without storing it directly. + +### Refactor MultiStore + +The Stargate `/store` implementation (store/v1) adds an additional layer in the SDK store construction - the `MultiStore` structure. The multistore exists to support the modularity of the Cosmos SDK - each module is using its own instance of IAVL, but in the current implementation, all instances share the same database. The latter indicates, however, that the implementation doesn't provide true modularity. Instead it causes problems related to race condition and atomic DB commits (see: [\#6370](https://github.com/cosmos/cosmos-sdk/issues/6370) and [discussion](https://github.com/cosmos/cosmos-sdk/discussions/8297#discussioncomment-757043)). + +We propose to reduce the multistore concept from the SDK, and to use a single instance of `SC` and `SS` in a `RootStore` object. To avoid confusion, we should rename the `MultiStore` interface to `RootStore`. The `RootStore` will have the following interface; the methods for configuring tracing and listeners are omitted for brevity. + +```go +// Used where read-only access to versions is needed. +type BasicRootStore interface { + Store + GetKVStore(StoreKey) KVStore + CacheRootStore() CacheRootStore +} + +// Used as the main app state, replacing CommitMultiStore. +type CommitRootStore interface { + BasicRootStore + Committer + Snapshotter + + GetVersion(uint64) (BasicRootStore, error) + SetInitialVersion(uint64) error + + ... // Trace and Listen methods +} + +// Replaces CacheMultiStore for branched state. +type CacheRootStore interface { + BasicRootStore + Write() + + ... // Trace and Listen methods +} + +// Example of constructor parameters for the concrete type. +type RootStoreConfig struct { + Upgrades *StoreUpgrades + InitialVersion uint64 + + ReservePrefix(StoreKey, StoreType) +} +``` + + + + +In contrast to `MultiStore`, `RootStore` doesn't allow to dynamically mount sub-stores or provide an arbitrary backing DB for individual sub-stores. + +NOTE: modules will be able to use a special commitment and their own DBs. For example: a module which will use ZK proofs for state can store and commit this proof in the `RootStore` (usually as a single record) and manage the specialized store privately or using the `SC` low level interface. + +#### Compatibility support + +To ease the transition to this new interface for users, we can create a shim which wraps a `CommitMultiStore` but provides a `CommitRootStore` interface, and expose functions to safely create and access the underlying `CommitMultiStore`. + +The new `RootStore` and supporting types can be implemented in a `store/v2alpha1` package to avoid breaking existing code. + +#### Merkle Proofs and IBC + +Currently, an IBC (v1.0) Merkle proof path consists of two elements (`["", ""]`), with each key corresponding to a separate proof. These are each verified according to individual [ICS-23 specs](https://github.com/cosmos/ibc-go/blob/f7051429e1cf833a6f65d51e6c3df1609290a549/modules/core/23-commitment/types/merkle.go#L17), and the result hash of each step is used as the committed value of the next step, until a root commitment hash is obtained. +The root hash of the proof for `""` is hashed with the `""` to validate against the App Hash. + +This is not compatible with the `RootStore`, which stores all records in a single Merkle tree structure, and won't produce separate proofs for the store- and record-key. Ideally, the store-key component of the proof could just be omitted, and updated to use a "no-op" spec, so only the record-key is used. However, because the IBC verification code hardcodes the `"ibc"` prefix and applies it to the SDK proof as a separate element of the proof path, this isn't possible without a breaking change. Breaking this behavior would severely impact the Cosmos ecosystem which already widely adopts the IBC module. Requesting an update of the IBC module across the chains is a time consuming effort and not easily feasible. + +As a workaround, the `RootStore` will have to use two separate SMTs (they could use the same underlying DB): one for IBC state and one for everything else. A simple Merkle map that reference these SMTs will act as a Merkle Tree to create a final App hash. The Merkle map is not stored in a DBs - it's constructed in the runtime. The IBC substore key must be `"ibc"`. + +The workaround can still guarantee atomic syncs: the [proposed DB backends](#evaluated-kv-databases) support atomic transactions and efficient rollbacks, which will be used in the commit phase. + +The presented workaround can be used until the IBC module is fully upgraded to supports single-element commitment proofs. + +### Optimization: compress module key prefixes + +We consider a compression of prefix keys by creating a mapping from module key to an integer, and serializing the integer using varint coding. Varint coding assures that different values don't have common byte prefix. For Merkle Proofs we can't use prefix compression - so it should only apply for the `SS` keys. Moreover, the prefix compression should be only applied for the module namespace. More precisely: + +* each module has it's own namespace; +* when accessing a module namespace we create a KVStore with embedded prefix; +* that prefix will be compressed only when accessing and managing `SS`. + +We need to assure that the codes won't change. We can fix the mapping in a static variable (provided by an app) or SS state under a special key. + +TODO: need to make decision about the key compression. + +## Optimization: SS key compression + +Some objects may be saved with key, which contains a Protobuf message type. Such keys are long. We could save a lot of space if we can map Protobuf message types in varints. + +TODO: finalize this or move to another ADR. + +## Migration + +Using the new store will require a migration. 2 Migrations are proposed: + +1. Genesis export -- it will reset the blockchain history. +2. In place migration: we can reuse `UpgradeKeeper.SetUpgradeHandler` to provide the migration logic: + +```go +app.UpgradeKeeper.SetUpgradeHandler("adr-40", func(ctx sdk.Context, plan upgradetypes.Plan, vm module.VersionMap) (module.VersionMap, error) { + + storev2.Migrate(iavlstore, v2.store) + + // RunMigrations returns the VersionMap + // with the updated module ConsensusVersions + return app.mm.RunMigrations(ctx, vm) +}) +``` + +The `Migrate` function will read all entries from a store/v1 DB and save them to the AD-40 combined KV store. +Cache layer should not be used and the operation must finish with a single Commit call. + +Inserting records to the `SC` (SMT) component is the bottleneck. Unfortunately SMT doesn't support batch transactions. +Adding batch transactions to `SC` layer is considered as a feature after the main release. + +## Consequences + +### Backwards Compatibility + +This ADR doesn't introduce any Cosmos SDK level API changes. + +We change the storage layout of the state machine, a storage hard fork and network upgrade is required to incorporate these changes. SMT provides a merkle proof functionality, however it is not compatible with ICS23. Updating the proofs for ICS23 compatibility is required. + +### Positive + +* Decoupling state from state commitment introduce better engineering opportunities for further optimizations and better storage patterns. +* Performance improvements. +* Joining SMT based camp which has wider and proven adoption than IAVL. Example projects which decided on SMT: Ethereum2, Diem (Libra), Trillan, Tezos, Celestia. +* Multistore removal fixes a longstanding issue with the current MultiStore design. +* Simplifies merkle proofs - all modules, except IBC, have only one pass for merkle proof. + +### Negative + +* Storage migration +* LL SMT doesn't support pruning - we will need to add and test that functionality. +* `SS` keys will have an overhead of a key prefix. This doesn't impact `SC` because all keys in `SC` have same size (they are hashed). + +### Neutral + +* Deprecating IAVL, which is one of the core proposals of Cosmos Whitepaper. + +## Alternative designs + +Most of the alternative designs were evaluated in [state commitments and storage report](https://paper.dropbox.com/published/State-commitments-and-storage-review--BDvA1MLwRtOx55KRihJ5xxLbBw-KeEB7eOd11pNrZvVtqUgL3h). + +Ethereum research published [Verkle Trie](https://dankradfeist.de/ethereum/2021/06/18/verkle-trie-for-eth1.html) - an idea of combining polynomial commitments with merkle tree in order to reduce the tree height. This concept has a very good potential, but we think it's too early to implement it. The current, SMT based design could be easily updated to the Verkle Trie once other research implement all necessary libraries. The main advantage of the design described in this ADR is the separation of state commitments from the data storage and designing a more powerful interface. + +## Further Discussions + +### Evaluated KV Databases + +We verified existing databases KV databases for evaluating snapshot support. The following databases provide efficient snapshot mechanism: Badger, RocksDB, [Pebble](https://github.com/cockroachdb/pebble). Databases which don't provide such support or are not production ready: boltdb, leveldb, goleveldb, membdb, lmdb. + +### RDBMS + +Use of RDBMS instead of simple KV store for state. Use of RDBMS will require a Cosmos SDK API breaking change (`KVStore` interface) and will allow better data extraction and indexing solutions. Instead of saving an object as a single blob of bytes, we could save it as record in a table in the state storage layer, and as a `hash(key, protobuf(object))` in the SMT as outlined above. To verify that an object registered in RDBMS is same as the one committed to SMT, one will need to load it from RDBMS, marshal using protobuf, hash and do SMT search. + +### Off Chain Store + +We were discussing use case where modules can use a support database, which is not automatically committed. Module will responsible for having a sound storage model and can optionally use the feature discussed in __Committing to an object without saving it_ section. + +## References + +* [IAVL What's Next?](https://github.com/cosmos/cosmos-sdk/issues/7100) +* [IAVL overview](https://docs.google.com/document/d/16Z_hW2rSAmoyMENO-RlAhQjAG3mSNKsQueMnKpmcBv0/edit#heading=h.yd2th7x3o1iv) of it's state v0.15 +* [State commitments and storage report](https://paper.dropbox.com/published/State-commitments-and-storage-review--BDvA1MLwRtOx55KRihJ5xxLbBw-KeEB7eOd11pNrZvVtqUgL3h) +* [Celestia (LazyLedger) SMT](https://github.com/lazyledger/smt) +* Facebook Diem (Libra) SMT [design](https://developers.diem.com/papers/jellyfish-merkle-tree/2021-01-14.pdf) +* [Trillian Revocation Transparency](https://github.com/google/trillian/blob/master/docs/papers/RevocationTransparency.pdf), [Trillian Verifiable Data Structures](https://github.com/google/trillian/blob/master/docs/papers/VerifiableDataStructures.pdf). +* Design and implementation [discussion](https://github.com/cosmos/cosmos-sdk/discussions/8297). +* [How to Upgrade IBC Chains and their Clients](https://github.com/cosmos/ibc-go/blob/main/docs/ibc/upgrades/quick-guide.md) +* [ADR-40 Effect on IBC](https://github.com/cosmos/ibc-go/discussions/256) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-041-in-place-store-migrations.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-041-in-place-store-migrations.md new file mode 100644 index 00000000..2237b610 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-041-in-place-store-migrations.md @@ -0,0 +1,167 @@ +# ADR 041: In-Place Store Migrations + +## Changelog + +* 17.02.2021: Initial Draft + +## Status + +Accepted + +## Abstract + +This ADR introduces a mechanism to perform in-place state store migrations during chain software upgrades. + +## Context + +When a chain upgrade introduces state-breaking changes inside modules, the current procedure consists of exporting the whole state into a JSON file (via the `simd export` command), running migration scripts on the JSON file (`simd genesis migrate` command), clearing the stores (`simd unsafe-reset-all` command), and starting a new chain with the migrated JSON file as new genesis (optionally with a custom initial block height). An example of such a procedure can be seen [in the Cosmos Hub 3->4 migration guide](https://github.com/cosmos/gaia/blob/v4.0.3/docs/migration/cosmoshub-3.md#upgrade-procedure). + +This procedure is cumbersome for multiple reasons: + +* The procedure takes time. It can take hours to run the `export` command, plus some additional hours to run `InitChain` on the fresh chain using the migrated JSON. +* The exported JSON file can be heavy (~100MB-1GB), making it difficult to view, edit and transfer, which in turn introduces additional work to solve these problems (such as [streaming genesis](https://github.com/cosmos/cosmos-sdk/issues/6936)). + +## Decision + +We propose a migration procedure based on modifying the KV store in-place without involving the JSON export-process-import flow described above. + +### Module `ConsensusVersion` + +We introduce a new method on the `AppModule` interface: + +```go +type AppModule interface { + // --snip-- + ConsensusVersion() uint64 +} +``` + +This methods returns an `uint64` which serves as state-breaking version of the module. It MUST be incremented on each consensus-breaking change introduced by the module. To avoid potential errors with default values, the initial version of a module MUST be set to 1. In the Cosmos SDK, version 1 corresponds to the modules in the v0.41 series. + +### Module-Specific Migration Functions + +For each consensus-breaking change introduced by the module, a migration script from ConsensusVersion `N` to version `N+1` MUST be registered in the `Configurator` using its newly-added `RegisterMigration` method. All modules receive a reference to the configurator in their `RegisterServices` method on `AppModule`, and this is where the migration functions should be registered. The migration functions should be registered in increasing order. + +```go +func (am AppModule) RegisterServices(cfg module.Configurator) { + // --snip-- + cfg.RegisterMigration(types.ModuleName, 1, func(ctx sdk.Context) error { + // Perform in-place store migrations from ConsensusVersion 1 to 2. + }) + cfg.RegisterMigration(types.ModuleName, 2, func(ctx sdk.Context) error { + // Perform in-place store migrations from ConsensusVersion 2 to 3. + }) + // etc. +} +``` + +For example, if the new ConsensusVersion of a module is `N` , then `N-1` migration functions MUST be registered in the configurator. + +In the Cosmos SDK, the migration functions are handled by each module's keeper, because the keeper holds the `sdk.StoreKey` used to perform in-place store migrations. To not overload the keeper, a `Migrator` wrapper is used by each module to handle the migration functions: + +```go +// Migrator is a struct for handling in-place store migrations. +type Migrator struct { + BaseKeeper +} +``` + +Migration functions should live inside the `migrations/` folder of each module, and be called by the Migrator's methods. We propose the format `Migrate{M}to{N}` for method names. + +```go +// Migrate1to2 migrates from version 1 to 2. +func (m Migrator) Migrate1to2(ctx sdk.Context) error { + return v2bank.MigrateStore(ctx, m.keeper.storeKey) // v043bank is package `x/bank/migrations/v2`. +} +``` + +Each module's migration functions are specific to the module's store evolutions, and are not described in this ADR. An example of x/bank store key migrations after the introduction of ADR-028 length-prefixed addresses can be seen in this [store.go code](https://github.com/cosmos/cosmos-sdk/blob/36f68eb9e041e20a5bb47e216ac5eb8b91f95471/x/bank/legacy/v043/store.go#L41-L62). + +### Tracking Module Versions in `x/upgrade` + +We introduce a new prefix store in `x/upgrade`'s store. This store will track each module's current version, it can be modelized as a `map[string]uint64` of module name to module ConsensusVersion, and will be used when running the migrations (see next section for details). The key prefix used is `0x1`, and the key/value format is: + +```text +0x2 | {bytes(module_name)} => BigEndian(module_consensus_version) +``` + +The initial state of the store is set from `app.go`'s `InitChainer` method. + +The UpgradeHandler signature needs to be updated to take a `VersionMap`, as well as return an upgraded `VersionMap` and an error: + +```diff +- type UpgradeHandler func(ctx sdk.Context, plan Plan) ++ type UpgradeHandler func(ctx sdk.Context, plan Plan, versionMap VersionMap) (VersionMap, error) +``` + +To apply an upgrade, we query the `VersionMap` from the `x/upgrade` store and pass it into the handler. The handler runs the actual migration functions (see next section), and if successful, returns an updated `VersionMap` to be stored in state. + +```diff +func (k UpgradeKeeper) ApplyUpgrade(ctx sdk.Context, plan types.Plan) { + // --snip-- +- handler(ctx, plan) ++ updatedVM, err := handler(ctx, plan, k.GetModuleVersionMap(ctx)) // k.GetModuleVersionMap() fetches the VersionMap stored in state. ++ if err != nil { ++ return err ++ } ++ ++ // Set the updated consensus versions to state ++ k.SetModuleVersionMap(ctx, updatedVM) +} +``` + +A gRPC query endpoint to query the `VersionMap` stored in `x/upgrade`'s state will also be added, so that app developers can double-check the `VersionMap` before the upgrade handler runs. + +### Running Migrations + +Once all the migration handlers are registered inside the configurator (which happens at startup), running migrations can happen by calling the `RunMigrations` method on `module.Manager`. This function will loop through all modules, and for each module: + +* Get the old ConsensusVersion of the module from its `VersionMap` argument (let's call it `M`). +* Fetch the new ConsensusVersion of the module from the `ConsensusVersion()` method on `AppModule` (call it `N`). +* If `N>M`, run all registered migrations for the module sequentially `M -> M+1 -> M+2...` until `N`. + * There is a special case where there is no ConsensusVersion for the module, as this means that the module has been newly added during the upgrade. In this case, no migration function is run, and the module's current ConsensusVersion is saved to `x/upgrade`'s store. + +If a required migration is missing (e.g. if it has not been registered in the `Configurator`), then the `RunMigrations` function will error. + +In practice, the `RunMigrations` method should be called from inside an `UpgradeHandler`. + +```go +app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, vm module.VersionMap) (module.VersionMap, error) { + return app.mm.RunMigrations(ctx, vm) +}) +``` + +Assuming a chain upgrades at block `n`, the procedure should run as follows: + +* the old binary will halt in `BeginBlock` when starting block `N`. In its store, the ConsensusVersions of the old binary's modules are stored. +* the new binary will start at block `N`. The UpgradeHandler is set in the new binary, so will run at `BeginBlock` of the new binary. Inside `x/upgrade`'s `ApplyUpgrade`, the `VersionMap` will be retrieved from the (old binary's) store, and passed into the `RunMigrations` functon, migrating all module stores in-place before the modules' own `BeginBlock`s. + +## Consequences + +### Backwards Compatibility + +This ADR introduces a new method `ConsensusVersion()` on `AppModule`, which all modules need to implement. It also alters the UpgradeHandler function signature. As such, it is not backwards-compatible. + +While modules MUST register their migration functions when bumping ConsensusVersions, running those scripts using an upgrade handler is optional. An application may perfectly well decide to not call the `RunMigrations` inside its upgrade handler, and continue using the legacy JSON migration path. + +### Positive + +* Perform chain upgrades without manipulating JSON files. +* While no benchmark has been made yet, it is probable that in-place store migrations will take less time than JSON migrations. The main reason supporting this claim is that both the `simd export` command on the old binary and the `InitChain` function on the new binary will be skipped. + +### Negative + +* Module developers MUST correctly track consensus-breaking changes in their modules. If a consensus-breaking change is introduced in a module without its corresponding `ConsensusVersion()` bump, then the `RunMigrations` function won't detect the migration, and the chain upgrade might be unsuccessful. Documentation should clearly reflect this. + +### Neutral + +* The Cosmos SDK will continue to support JSON migrations via the existing `simd export` and `simd genesis migrate` commands. +* The current ADR does not allow creating, renaming or deleting stores, only modifying existing store keys and values. The Cosmos SDK already has the `StoreLoader` for those operations. + +## Further Discussions + +## References + +* Initial discussion: https://github.com/cosmos/cosmos-sdk/discussions/8429 +* Implementation of `ConsensusVersion` and `RunMigrations`: https://github.com/cosmos/cosmos-sdk/pull/8485 +* Issue discussing `x/upgrade` design: https://github.com/cosmos/cosmos-sdk/issues/8514 diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-042-group-module.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-042-group-module.md new file mode 100644 index 00000000..52e94327 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-042-group-module.md @@ -0,0 +1,279 @@ +# ADR 042: Group Module + +## Changelog + +* 2020/04/09: Initial Draft + +## Status + +Draft + +## Abstract + +This ADR defines the `x/group` module which allows the creation and management of on-chain multi-signature accounts and enables voting for message execution based on configurable decision policies. + +## Context + +The legacy amino multi-signature mechanism of the Cosmos SDK has certain limitations: + +* Key rotation is not possible, although this can be solved with [account rekeying](adr-034-account-rekeying.md). +* Thresholds can't be changed. +* UX is cumbersome for non-technical users ([#5661](https://github.com/cosmos/cosmos-sdk/issues/5661)). +* It requires `legacy_amino` sign mode ([#8141](https://github.com/cosmos/cosmos-sdk/issues/8141)). + +While the group module is not meant to be a total replacement for the current multi-signature accounts, it provides a solution to the limitations described above, with a more flexible key management system where keys can be added, updated or removed, as well as configurable thresholds. +It's meant to be used with other access control modules such as [`x/feegrant`](./adr-029-fee-grant-module.md) ans [`x/authz`](adr-030-authz-module.md) to simplify key management for individuals and organizations. + +The proof of concept of the group module can be found in https://github.com/regen-network/regen-ledger/tree/master/proto/regen/group/v1alpha1 and https://github.com/regen-network/regen-ledger/tree/master/x/group. + +## Decision + +We propose merging the `x/group` module with its supporting [ORM/Table Store package](https://github.com/regen-network/regen-ledger/tree/master/orm) ([#7098](https://github.com/cosmos/cosmos-sdk/issues/7098)) into the Cosmos SDK and continuing development here. There will be a dedicated ADR for the ORM package. + +### Group + +A group is a composition of accounts with associated weights. It is not +an account and doesn't have a balance. It doesn't in and of itself have any +sort of voting or decision weight. +Group members can create proposals and vote on them through group accounts using different decision policies. + +It has an `admin` account which can manage members in the group, update the group +metadata and set a new admin. + +```protobuf +message GroupInfo { + + // group_id is the unique ID of this group. + uint64 group_id = 1; + + // admin is the account address of the group's admin. + string admin = 2; + + // metadata is any arbitrary metadata to attached to the group. + bytes metadata = 3; + + // version is used to track changes to a group's membership structure that + // would break existing proposals. Whenever a member weight has changed, + // or any member is added or removed, the version is incremented and will + // invalidate all proposals from older versions. + uint64 version = 4; + + // total_weight is the sum of the group members' weights. + string total_weight = 5; +} +``` + +```protobuf +message GroupMember { + + // group_id is the unique ID of the group. + uint64 group_id = 1; + + // member is the member data. + Member member = 2; +} + +// Member represents a group member with an account address, +// non-zero weight and metadata. +message Member { + + // address is the member's account address. + string address = 1; + + // weight is the member's voting weight that should be greater than 0. + string weight = 2; + + // metadata is any arbitrary metadata to attached to the member. + bytes metadata = 3; +} +``` + +### Group Account + +A group account is an account associated with a group and a decision policy. +A group account does have a balance. + +Group accounts are abstracted from groups because a single group may have +multiple decision policies for different types of actions. Managing group +membership separately from decision policies results in the least overhead +and keeps membership consistent across different policies. The pattern that +is recommended is to have a single master group account for a given group, +and then to create separate group accounts with different decision policies +and delegate the desired permissions from the master account to +those "sub-accounts" using the [`x/authz` module](adr-030-authz-module.md). + +```protobuf +message GroupAccountInfo { + + // address is the group account address. + string address = 1; + + // group_id is the ID of the Group the GroupAccount belongs to. + uint64 group_id = 2; + + // admin is the account address of the group admin. + string admin = 3; + + // metadata is any arbitrary metadata of this group account. + bytes metadata = 4; + + // version is used to track changes to a group's GroupAccountInfo structure that + // invalidates active proposal from old versions. + uint64 version = 5; + + // decision_policy specifies the group account's decision policy. + google.protobuf.Any decision_policy = 6 [(cosmos_proto.accepts_interface) = "cosmos.group.v1.DecisionPolicy"]; +} +``` + +Similarly to a group admin, a group account admin can update its metadata, decision policy or set a new group account admin. + +A group account can also be an admin or a member of a group. +For instance, a group admin could be another group account which could "elects" the members or it could be the same group that elects itself. + +### Decision Policy + +A decision policy is the mechanism by which members of a group can vote on +proposals. + +All decision policies should have a minimum and maximum voting window. +The minimum voting window is the minimum duration that must pass in order +for a proposal to potentially pass, and it may be set to 0. The maximum voting +window is the maximum time that a proposal may be voted on and executed if +it reached enough support before it is closed. +Both of these values must be less than a chain-wide max voting window parameter. + +We define the `DecisionPolicy` interface that all decision policies must implement: + +```go +type DecisionPolicy interface { + codec.ProtoMarshaler + + ValidateBasic() error + GetTimeout() types.Duration + Allow(tally Tally, totalPower string, votingDuration time.Duration) (DecisionPolicyResult, error) + Validate(g GroupInfo) error +} + +type DecisionPolicyResult struct { + Allow bool + Final bool +} +``` + +#### Threshold decision policy + +A threshold decision policy defines a minimum support votes (_yes_), based on a tally +of voter weights, for a proposal to pass. For +this decision policy, abstain and veto are treated as no support (_no_). + +```protobuf +message ThresholdDecisionPolicy { + + // threshold is the minimum weighted sum of support votes for a proposal to succeed. + string threshold = 1; + + // voting_period is the duration from submission of a proposal to the end of voting period + // Within this period, votes and exec messages can be submitted. + google.protobuf.Duration voting_period = 2 [(gogoproto.nullable) = false]; +} +``` + +### Proposal + +Any member of a group can submit a proposal for a group account to decide upon. +A proposal consists of a set of `sdk.Msg`s that will be executed if the proposal +passes as well as any metadata associated with the proposal. These `sdk.Msg`s get validated as part of the `Msg/CreateProposal` request validation. They should also have their signer set as the group account. + +Internally, a proposal also tracks: + +* its current `Status`: submitted, closed or aborted +* its `Result`: unfinalized, accepted or rejected +* its `VoteState` in the form of a `Tally`, which is calculated on new votes and when executing the proposal. + +```protobuf +// Tally represents the sum of weighted votes. +message Tally { + option (gogoproto.goproto_getters) = false; + + // yes_count is the weighted sum of yes votes. + string yes_count = 1; + + // no_count is the weighted sum of no votes. + string no_count = 2; + + // abstain_count is the weighted sum of abstainers. + string abstain_count = 3; + + // veto_count is the weighted sum of vetoes. + string veto_count = 4; +} +``` + +### Voting + +Members of a group can vote on proposals. There are four choices to choose while voting - yes, no, abstain and veto. Not +all decision policies will support them. Votes can contain some optional metadata. +In the current implementation, the voting window begins as soon as a proposal +is submitted. + +Voting internally updates the proposal `VoteState` as well as `Status` and `Result` if needed. + +### Executing Proposals + +Proposals will not be automatically executed by the chain in this current design, +but rather a user must submit a `Msg/Exec` transaction to attempt to execute the +proposal based on the current votes and decision policy. A future upgrade could +automate this and have the group account (or a fee granter) pay. + +#### Changing Group Membership + +In the current implementation, updating a group or a group account after submitting a proposal will make it invalid. It will simply fail if someone calls `Msg/Exec` and will eventually be garbage collected. + +### Notes on current implementation + +This section outlines the current implementation used in the proof of concept of the group module but this could be subject to changes and iterated on. + +#### ORM + +The [ORM package](https://github.com/cosmos/cosmos-sdk/discussions/9156) defines tables, sequences and secondary indexes which are used in the group module. + +Groups are stored in state as part of a `groupTable`, the `group_id` being an auto-increment integer. Group members are stored in a `groupMemberTable`. + +Group accounts are stored in a `groupAccountTable`. The group account address is generated based on an auto-increment integer which is used to derive the group module `RootModuleKey` into a `DerivedModuleKey`, as stated in [ADR-033](adr-033-protobuf-inter-module-comm.md#modulekeys-and-moduleids). The group account is added as a new `ModuleAccount` through `x/auth`. + +Proposals are stored as part of the `proposalTable` using the `Proposal` type. The `proposal_id` is an auto-increment integer. + +Votes are stored in the `voteTable`. The primary key is based on the vote's `proposal_id` and `voter` account address. + +#### ADR-033 to route proposal messages + +Inter-module communication introduced by [ADR-033](adr-033-protobuf-inter-module-comm.md) can be used to route a proposal's messages using the `DerivedModuleKey` corresponding to the proposal's group account. + +## Consequences + +### Positive + +* Improved UX for multi-signature accounts allowing key rotation and custom decision policies. + +### Negative + +### Neutral + +* It uses ADR 033 so it will need to be implemented within the Cosmos SDK, but this doesn't imply necessarily any large refactoring of existing Cosmos SDK modules. +* The current implementation of the group module uses the ORM package. + +## Further Discussions + +* Convergence of `/group` and `x/gov` as both support proposals and voting: https://github.com/cosmos/cosmos-sdk/discussions/9066 +* `x/group` possible future improvements: + * Execute proposals on submission (https://github.com/regen-network/regen-ledger/issues/288) + * Withdraw a proposal (https://github.com/regen-network/cosmos-modules/issues/41) + * Make `Tally` more flexible and support non-binary choices + +## References + +* Initial specification: + * https://gist.github.com/aaronc/b60628017352df5983791cad30babe56#group-module + * [#5236](https://github.com/cosmos/cosmos-sdk/pull/5236) +* Proposal to add `x/group` into the Cosmos SDK: [#7633](https://github.com/cosmos/cosmos-sdk/issues/7633) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-043-nft-module.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-043-nft-module.md new file mode 100644 index 00000000..87b4dbb5 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-043-nft-module.md @@ -0,0 +1,349 @@ +# ADR 43: NFT Module + +## Changelog + +* 2021-05-01: Initial Draft +* 2021-07-02: Review updates +* 2022-06-15: Add batch operation +* 2022-11-11: Remove strict validation of classID and tokenID + +## Status + +PROPOSED + +## Abstract + +This ADR defines the `x/nft` module which is a generic implementation of NFTs, roughly "compatible" with ERC721. **Applications using the `x/nft` module must implement the following functions**: + +* `MsgNewClass` - Receive the user's request to create a class, and call the `NewClass` of the `x/nft` module. +* `MsgUpdateClass` - Receive the user's request to update a class, and call the `UpdateClass` of the `x/nft` module. +* `MsgMintNFT` - Receive the user's request to mint a nft, and call the `MintNFT` of the `x/nft` module. +* `BurnNFT` - Receive the user's request to burn a nft, and call the `BurnNFT` of the `x/nft` module. +* `UpdateNFT` - Receive the user's request to update a nft, and call the `UpdateNFT` of the `x/nft` module. + +## Context + +NFTs are more than just crypto art, which is very helpful for accruing value to the Cosmos ecosystem. As a result, Cosmos Hub should implement NFT functions and enable a unified mechanism for storing and sending the ownership representative of NFTs as discussed in https://github.com/cosmos/cosmos-sdk/discussions/9065. + +As discussed in [#9065](https://github.com/cosmos/cosmos-sdk/discussions/9065), several potential solutions can be considered: + +* irismod/nft and modules/incubator/nft +* CW721 +* DID NFTs +* interNFT + +Since functions/use cases of NFTs are tightly connected with their logic, it is almost impossible to support all the NFTs' use cases in one Cosmos SDK module by defining and implementing different transaction types. + +Considering generic usage and compatibility of interchain protocols including IBC and Gravity Bridge, it is preferred to have a generic NFT module design which handles the generic NFTs logic. +This design idea can enable composability that application-specific functions should be managed by other modules on Cosmos Hub or on other Zones by importing the NFT module. + +The current design is based on the work done by [IRISnet team](https://github.com/irisnet/irismod/tree/master/modules/nft) and an older implementation in the [Cosmos repository](https://github.com/cosmos/modules/tree/master/incubator/nft). + +## Decision + +We create a `x/nft` module, which contains the following functionality: + +* Store NFTs and track their ownership. +* Expose `Keeper` interface for composing modules to transfer, mint and burn NFTs. +* Expose external `Message` interface for users to transfer ownership of their NFTs. +* Query NFTs and their supply information. + +The proposed module is a base module for NFT app logic. It's goal it to provide a common layer for storage, basic transfer functionality and IBC. The module should not be used as a standalone. +Instead an app should create a specialized module to handle app specific logic (eg: NFT ID construction, royalty), user level minting and burning. Moreover an app specialized module should handle auxiliary data to support the app logic (eg indexes, ORM, business data). + +All data carried over IBC must be part of the `NFT` or `Class` type described below. The app specific NFT data should be encoded in `NFT.data` for cross-chain integrity. Other objects related to NFT, which are not important for integrity can be part of the app specific module. + +### Types + +We propose two main types: + +* `Class` -- describes NFT class. We can think about it as a smart contract address. +* `NFT` -- object representing unique, non fungible asset. Each NFT is associated with a Class. + +#### Class + +NFT **Class** is comparable to an ERC-721 smart contract (provides description of a smart contract), under which a collection of NFTs can be created and managed. + +```protobuf +message Class { + string id = 1; + string name = 2; + string symbol = 3; + string description = 4; + string uri = 5; + string uri_hash = 6; + google.protobuf.Any data = 7; +} +``` + +* `id` is used as the primary index for storing the class; _required_ +* `name` is a descriptive name of the NFT class; _optional_ +* `symbol` is the symbol usually shown on exchanges for the NFT class; _optional_ +* `description` is a detailed description of the NFT class; _optional_ +* `uri` is a URI for the class metadata stored off chain. It should be a JSON file that contains metadata about the NFT class and NFT data schema ([OpenSea example](https://docs.opensea.io/docs/contract-level-metadata)); _optional_ +* `uri_hash` is a hash of the document pointed by uri; _optional_ +* `data` is app specific metadata of the class; _optional_ + +#### NFT + +We define a general model for `NFT` as follows. + +```protobuf +message NFT { + string class_id = 1; + string id = 2; + string uri = 3; + string uri_hash = 4; + google.protobuf.Any data = 10; +} +``` + +* `class_id` is the identifier of the NFT class where the NFT belongs; _required_ +* `id` is an identifier of the NFT, unique within the scope of its class. It is specified by the creator of the NFT and may be expanded to use DID in the future. `class_id` combined with `id` uniquely identifies an NFT and is used as the primary index for storing the NFT; _required_ + + ```text + {class_id}/{id} --> NFT (bytes) + ``` + +* `uri` is a URI for the NFT metadata stored off chain. Should point to a JSON file that contains metadata about this NFT (Ref: [ERC721 standard and OpenSea extension](https://docs.opensea.io/docs/metadata-standards)); _required_ +* `uri_hash` is a hash of the document pointed by uri; _optional_ +* `data` is an app specific data of the NFT. CAN be used by composing modules to specify additional properties of the NFT; _optional_ + +This ADR doesn't specify values that `data` can take; however, best practices recommend upper-level NFT modules clearly specify their contents. Although the value of this field doesn't provide the additional context required to manage NFT records, which means that the field can technically be removed from the specification, the field's existence allows basic informational/UI functionality. + +### `Keeper` Interface + +```go +type Keeper interface { + NewClass(ctx sdk.Context,class Class) + UpdateClass(ctx sdk.Context,class Class) + + Mint(ctx sdk.Context,nft NFT,receiver sdk.AccAddress) // updates totalSupply + BatchMint(ctx sdk.Context, tokens []NFT,receiver sdk.AccAddress) error + + Burn(ctx sdk.Context, classId string, nftId string) // updates totalSupply + BatchBurn(ctx sdk.Context, classID string, nftIDs []string) error + + Update(ctx sdk.Context, nft NFT) + BatchUpdate(ctx sdk.Context, tokens []NFT) error + + Transfer(ctx sdk.Context, classId string, nftId string, receiver sdk.AccAddress) + BatchTransfer(ctx sdk.Context, classID string, nftIDs []string, receiver sdk.AccAddress) error + + GetClass(ctx sdk.Context, classId string) Class + GetClasses(ctx sdk.Context) []Class + + GetNFT(ctx sdk.Context, classId string, nftId string) NFT + GetNFTsOfClassByOwner(ctx sdk.Context, classId string, owner sdk.AccAddress) []NFT + GetNFTsOfClass(ctx sdk.Context, classId string) []NFT + + GetOwner(ctx sdk.Context, classId string, nftId string) sdk.AccAddress + GetBalance(ctx sdk.Context, classId string, owner sdk.AccAddress) uint64 + GetTotalSupply(ctx sdk.Context, classId string) uint64 +} +``` + +Other business logic implementations should be defined in composing modules that import `x/nft` and use its `Keeper`. + +### `Msg` Service + +```protobuf +service Msg { + rpc Send(MsgSend) returns (MsgSendResponse); +} + +message MsgSend { + string class_id = 1; + string id = 2; + string sender = 3; + string reveiver = 4; +} +message MsgSendResponse {} +``` + +`MsgSend` can be used to transfer the ownership of an NFT to another address. + +The implementation outline of the server is as follows: + +```go +type msgServer struct{ + k Keeper +} + +func (m msgServer) Send(ctx context.Context, msg *types.MsgSend) (*types.MsgSendResponse, error) { + // check current ownership + assertEqual(msg.Sender, m.k.GetOwner(msg.ClassId, msg.Id)) + + // transfer ownership + m.k.Transfer(msg.ClassId, msg.Id, msg.Receiver) + + return &types.MsgSendResponse{}, nil +} +``` + +The query service methods for the `x/nft` module are: + +```protobuf +service Query { + // Balance queries the number of NFTs of a given class owned by the owner, same as balanceOf in ERC721 + rpc Balance(QueryBalanceRequest) returns (QueryBalanceResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/balance/{owner}/{class_id}"; + } + + // Owner queries the owner of the NFT based on its class and id, same as ownerOf in ERC721 + rpc Owner(QueryOwnerRequest) returns (QueryOwnerResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/owner/{class_id}/{id}"; + } + + // Supply queries the number of NFTs from the given class, same as totalSupply of ERC721. + rpc Supply(QuerySupplyRequest) returns (QuerySupplyResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/supply/{class_id}"; + } + + // NFTs queries all NFTs of a given class or owner,choose at least one of the two, similar to tokenByIndex in ERC721Enumerable + rpc NFTs(QueryNFTsRequest) returns (QueryNFTsResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/nfts"; + } + + // NFT queries an NFT based on its class and id. + rpc NFT(QueryNFTRequest) returns (QueryNFTResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/nfts/{class_id}/{id}"; + } + + // Class queries an NFT class based on its id + rpc Class(QueryClassRequest) returns (QueryClassResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/classes/{class_id}"; + } + + // Classes queries all NFT classes + rpc Classes(QueryClassesRequest) returns (QueryClassesResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/classes"; + } +} + +// QueryBalanceRequest is the request type for the Query/Balance RPC method +message QueryBalanceRequest { + string class_id = 1; + string owner = 2; +} + +// QueryBalanceResponse is the response type for the Query/Balance RPC method +message QueryBalanceResponse { + uint64 amount = 1; +} + +// QueryOwnerRequest is the request type for the Query/Owner RPC method +message QueryOwnerRequest { + string class_id = 1; + string id = 2; +} + +// QueryOwnerResponse is the response type for the Query/Owner RPC method +message QueryOwnerResponse { + string owner = 1; +} + +// QuerySupplyRequest is the request type for the Query/Supply RPC method +message QuerySupplyRequest { + string class_id = 1; +} + +// QuerySupplyResponse is the response type for the Query/Supply RPC method +message QuerySupplyResponse { + uint64 amount = 1; +} + +// QueryNFTstRequest is the request type for the Query/NFTs RPC method +message QueryNFTsRequest { + string class_id = 1; + string owner = 2; + cosmos.base.query.v1beta1.PageRequest pagination = 3; +} + +// QueryNFTsResponse is the response type for the Query/NFTs RPC methods +message QueryNFTsResponse { + repeated cosmos.nft.v1beta1.NFT nfts = 1; + cosmos.base.query.v1beta1.PageResponse pagination = 2; +} + +// QueryNFTRequest is the request type for the Query/NFT RPC method +message QueryNFTRequest { + string class_id = 1; + string id = 2; +} + +// QueryNFTResponse is the response type for the Query/NFT RPC method +message QueryNFTResponse { + cosmos.nft.v1beta1.NFT nft = 1; +} + +// QueryClassRequest is the request type for the Query/Class RPC method +message QueryClassRequest { + string class_id = 1; +} + +// QueryClassResponse is the response type for the Query/Class RPC method +message QueryClassResponse { + cosmos.nft.v1beta1.Class class = 1; +} + +// QueryClassesRequest is the request type for the Query/Classes RPC method +message QueryClassesRequest { + // pagination defines an optional pagination for the request. + cosmos.base.query.v1beta1.PageRequest pagination = 1; +} + +// QueryClassesResponse is the response type for the Query/Classes RPC method +message QueryClassesResponse { + repeated cosmos.nft.v1beta1.Class classes = 1; + cosmos.base.query.v1beta1.PageResponse pagination = 2; +} +``` + +### Interoperability + +Interoperability is all about reusing assets between modules and chains. The former one is achieved by ADR-33: Protobuf client - server communication. At the time of writing ADR-33 is not finalized. The latter is achieved by IBC. Here we will focus on the IBC side. +IBC is implemented per module. Here, we aligned that NFTs will be recorded and managed in the x/nft. This requires creation of a new IBC standard and implementation of it. + +For IBC interoperability, NFT custom modules MUST use the NFT object type understood by the IBC client. So, for x/nft interoperability, custom NFT implementations (example: x/cryptokitty) should use the canonical x/nft module and proxy all NFT balance keeping functionality to x/nft or else re-implement all functionality using the NFT object type understood by the IBC client. In other words: x/nft becomes the standard NFT registry for all Cosmos NFTs (example: x/cryptokitty will register a kitty NFT in x/nft and use x/nft for book keeping). This was [discussed](https://github.com/cosmos/cosmos-sdk/discussions/9065#discussioncomment-873206) in the context of using x/bank as a general asset balance book. Not using x/nft will require implementing another module for IBC. + +## Consequences + +### Backward Compatibility + +No backward incompatibilities. + +### Forward Compatibility + +This specification conforms to the ERC-721 smart contract specification for NFT identifiers. Note that ERC-721 defines uniqueness based on (contract address, uint256 tokenId), and we conform to this implicitly because a single module is currently aimed to track NFT identifiers. Note: use of the (mutable) data field to determine uniqueness is not safe.s + +### Positive + +* NFT identifiers available on Cosmos Hub. +* Ability to build different NFT modules for the Cosmos Hub, e.g., ERC-721. +* NFT module which supports interoperability with IBC and other cross-chain infrastructures like Gravity Bridge + +### Negative + +* New IBC app is required for x/nft +* CW721 adapter is required + +### Neutral + +* Other functions need more modules. For example, a custody module is needed for NFT trading function, a collectible module is needed for defining NFT properties. + +## Further Discussions + +For other kinds of applications on the Hub, more app-specific modules can be developed in the future: + +* `x/nft/custody`: custody of NFTs to support trading functionality. +* `x/nft/marketplace`: selling and buying NFTs using sdk.Coins. +* `x/fractional`: a module to split an ownership of an asset (NFT or other assets) for multiple stakeholder. `x/group` should work for most of the cases. + +Other networks in the Cosmos ecosystem could design and implement their own NFT modules for specific NFT applications and use cases. + +## References + +* Initial discussion: https://github.com/cosmos/cosmos-sdk/discussions/9065 +* x/nft: initialize module: https://github.com/cosmos/cosmos-sdk/pull/9174 +* [ADR 033](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-033-protobuf-inter-module-comm.md) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-044-protobuf-updates-guidelines.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-044-protobuf-updates-guidelines.md new file mode 100644 index 00000000..a5ea3131 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-044-protobuf-updates-guidelines.md @@ -0,0 +1,129 @@ +# ADR 044: Guidelines for Updating Protobuf Definitions + +## Changelog + +* 28.06.2021: Initial Draft +* 02.12.2021: Add `Since:` comment for new fields +* 21.07.2022: Remove the rule of no new `Msg` in the same proto version. + +## Status + +Draft + +## Abstract + +This ADR provides guidelines and recommended practices when updating Protobuf definitions. These guidelines are targeting module developers. + +## Context + +The Cosmos SDK maintains a set of [Protobuf definitions](https://github.com/cosmos/cosmos-sdk/tree/main/proto/cosmos). It is important to correctly design Protobuf definitions to avoid any breaking changes within the same version. The reasons are to not break tooling (including indexers and explorers), wallets and other third-party integrations. + +When making changes to these Protobuf definitions, the Cosmos SDK currently only follows [Buf's](https://docs.buf.build/) recommendations. We noticed however that Buf's recommendations might still result in breaking changes in the SDK in some cases. For example: + +* Adding fields to `Msg`s. Adding fields is a not a Protobuf spec-breaking operation. However, when adding new fields to `Msg`s, the unknown field rejection will throw an error when sending the new `Msg` to an older node. +* Marking fields as `reserved`. Protobuf proposes the `reserved` keyword for removing fields without the need to bump the package version. However, by doing so, client backwards compatibility is broken as Protobuf doesn't generate anything for `reserved` fields. See [#9446](https://github.com/cosmos/cosmos-sdk/issues/9446) for more details on this issue. + +Moreover, module developers often face other questions around Protobuf definitions such as "Can I rename a field?" or "Can I deprecate a field?" This ADR aims to answer all these questions by providing clear guidelines about allowed updates for Protobuf definitions. + +## Decision + +We decide to keep [Buf's](https://docs.buf.build/) recommendations with the following exceptions: + +* `UNARY_RPC`: the Cosmos SDK currently does not support streaming RPCs. +* `COMMENT_FIELD`: the Cosmos SDK allows fields with no comments. +* `SERVICE_SUFFIX`: we use the `Query` and `Msg` service naming convention, which doesn't use the `-Service` suffix. +* `PACKAGE_VERSION_SUFFIX`: some packages, such as `cosmos.crypto.ed25519`, don't use a version suffix. +* `RPC_REQUEST_STANDARD_NAME`: Requests for the `Msg` service don't have the `-Request` suffix to keep backwards compatibility. + +On top of Buf's recommendations we add the following guidelines that are specific to the Cosmos SDK. + +### Updating Protobuf Definition Without Bumping Version + +#### 1. Module developers MAY add new Protobuf definitions + +Module developers MAY add new `message`s, new `Service`s, new `rpc` endpoints, and new fields to existing messages. This recommendation follows the Protobuf specification, but is added in this document for clarity, as the SDK requires one additional change. + +The SDK requires the Protobuf comment of the new addition to contain one line with the following format: + +```protobuf +// Since: cosmos-sdk {, ...} +``` + +Where each `version` denotes a minor ("0.45") or patch ("0.44.5") version from which the field is available. This will greatly help client libraries, who can optionally use reflection or custom code generation to show/hide these fields depending on the targetted node version. + +As examples, the following comments are valid: + +```protobuf +// Since: cosmos-sdk 0.44 + +// Since: cosmos-sdk 0.42.11, 0.44.5 +``` + +and the following ones are NOT valid: + +```protobuf +// Since cosmos-sdk v0.44 + +// since: cosmos-sdk 0.44 + +// Since: cosmos-sdk 0.42.11 0.44.5 + +// Since: Cosmos SDK 0.42.11, 0.44.5 +``` + +#### 2. Fields MAY be marked as `deprecated`, and nodes MAY implement a protocol-breaking change for handling these fields + +Protobuf supports the [`deprecated` field option](https://developers.google.com/protocol-buffers/docs/proto#options), and this option MAY be used on any field, including `Msg` fields. If a node handles a Protobuf message with a non-empty deprecated field, the node MAY change its behavior upon processing it, even in a protocol-breaking way. When possible, the node MUST handle backwards compatibility without breaking the consensus (unless we increment the proto version). + +As an example, the Cosmos SDK v0.42 to v0.43 update contained two Protobuf-breaking changes, listed below. Instead of bumping the package versions from `v1beta1` to `v1`, the SDK team decided to follow this guideline, by reverting the breaking changes, marking those changes as deprecated, and modifying the node implementation when processing messages with deprecated fields. More specifically: + +* The Cosmos SDK recently removed support for [time-based software upgrades](https://github.com/cosmos/cosmos-sdk/pull/8849). As such, the `time` field has been marked as deprecated in `cosmos.upgrade.v1beta1.Plan`. Moreover, the node will reject any proposal containing an upgrade Plan whose `time` field is non-empty. +* The Cosmos SDK now supports [governance split votes](./adr-037-gov-split-vote.md). When querying for votes, the returned `cosmos.gov.v1beta1.Vote` message has its `option` field (used for 1 vote option) deprecated in favor of its `options` field (allowing multiple vote options). Whenever possible, the SDK still populates the deprecated `option` field, that is, if and only if the `len(options) == 1` and `options[0].Weight == 1.0`. + +#### 3. Fields MUST NOT be renamed + +Whereas the official Protobuf recommendations do not prohibit renaming fields, as it does not break the Protobuf binary representation, the SDK explicitly forbids renaming fields in Protobuf structs. The main reason for this choice is to avoid introducing breaking changes for clients, which often rely on hard-coded fields from generated types. Moreover, renaming fields will lead to client-breaking JSON representations of Protobuf definitions, used in REST endpoints and in the CLI. + +### Incrementing Protobuf Package Version + +TODO, needs architecture review. Some topics: + +* Bumping versions frequency +* When bumping versions, should the Cosmos SDK support both versions? + * i.e. v1beta1 -> v1, should we have two folders in the Cosmos SDK, and handlers for both versions? +* mention ADR-023 Protobuf naming + +## Consequences + +> This section describes the resulting context, after applying the decision. All consequences should be listed here, not just the "positive" ones. A particular decision may have positive, negative, and neutral consequences, but all of them affect the team and project in the future. + +### Backwards Compatibility + +> All ADRs that introduce backwards incompatibilities must include a section describing these incompatibilities and their severity. The ADR must explain how the author proposes to deal with these incompatibilities. ADR submissions without a sufficient backwards compatibility treatise may be rejected outright. + +### Positive + +* less pain to tool developers +* more compatibility in the ecosystem +* ... + +### Negative + +{negative consequences} + +### Neutral + +* more rigor in Protobuf review + +## Further Discussions + +This ADR is still in the DRAFT stage, and the "Incrementing Protobuf Package Version" will be filled in once we make a decision on how to correctly do it. + +## Test Cases [optional] + +Test cases for an implementation are mandatory for ADRs that are affecting consensus changes. Other ADRs can choose to include links to test cases if applicable. + +## References + +* [#9445](https://github.com/cosmos/cosmos-sdk/issues/9445) Release proto definitions v1 +* [#9446](https://github.com/cosmos/cosmos-sdk/issues/9446) Address v1beta1 proto breaking changes diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-045-check-delivertx-middlewares.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-045-check-delivertx-middlewares.md new file mode 100644 index 00000000..60172977 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-045-check-delivertx-middlewares.md @@ -0,0 +1,312 @@ +# ADR 045: BaseApp `{Check,Deliver}Tx` as Middlewares + +## Changelog + +* 20.08.2021: Initial draft. +* 07.12.2021: Update `tx.Handler` interface ([\#10693](https://github.com/cosmos/cosmos-sdk/pull/10693)). +* 17.05.2022: ADR is abandoned, as middlewares are deemed too hard to reason about. + +## Status + +ABANDONED. Replacement is being discussed in [#11955](https://github.com/cosmos/cosmos-sdk/issues/11955). + +## Abstract + +This ADR replaces the current BaseApp `runTx` and antehandlers design with a middleware-based design. + +## Context + +BaseApp's implementation of ABCI `{Check,Deliver}Tx()` and its own `Simulate()` method call the `runTx` method under the hood, which first runs antehandlers, then executes `Msg`s. However, the [transaction Tips](https://github.com/cosmos/cosmos-sdk/issues/9406) and [refunding unused gas](https://github.com/cosmos/cosmos-sdk/issues/2150) use cases require custom logic to be run after the `Msg`s execution. There is currently no way to achieve this. + +An naive solution would be to add post-`Msg` hooks to BaseApp. However, the Cosmos SDK team thinks in parallel about the bigger picture of making app wiring simpler ([#9181](https://github.com/cosmos/cosmos-sdk/discussions/9182)), which includes making BaseApp more lightweight and modular. + +## Decision + +We decide to transform Baseapp's implementation of ABCI `{Check,Deliver}Tx` and its own `Simulate` methods to use a middleware-based design. + +The two following interfaces are the base of the middleware design, and are defined in `types/tx`: + +```go +type Handler interface { + CheckTx(ctx context.Context, req Request, checkReq RequestCheckTx) (Response, ResponseCheckTx, error) + DeliverTx(ctx context.Context, req Request) (Response, error) + SimulateTx(ctx context.Context, req Request (Response, error) +} + +type Middleware func(Handler) Handler +``` + +where we define the following arguments and return types: + +```go +type Request struct { + Tx sdk.Tx + TxBytes []byte +} + +type Response struct { + GasWanted uint64 + GasUsed uint64 + // MsgResponses is an array containing each Msg service handler's response + // type, packed in an Any. This will get proto-serialized into the `Data` field + // in the ABCI Check/DeliverTx responses. + MsgResponses []*codectypes.Any + Log string + Events []abci.Event +} + +type RequestCheckTx struct { + Type abci.CheckTxType +} + +type ResponseCheckTx struct { + Priority int64 +} +``` + +Please note that because CheckTx handles separate logic related to mempool priotization, its signature is different than DeliverTx and SimulateTx. + +BaseApp holds a reference to a `tx.Handler`: + +```go +type BaseApp struct { + // other fields + txHandler tx.Handler +} +``` + +Baseapp's ABCI `{Check,Deliver}Tx()` and `Simulate()` methods simply call `app.txHandler.{Check,Deliver,Simulate}Tx()` with the relevant arguments. For example, for `DeliverTx`: + +```go +func (app *BaseApp) DeliverTx(req abci.RequestDeliverTx) abci.ResponseDeliverTx { + var abciRes abci.ResponseDeliverTx + ctx := app.getContextForTx(runTxModeDeliver, req.Tx) + res, err := app.txHandler.DeliverTx(ctx, tx.Request{TxBytes: req.Tx}) + if err != nil { + abciRes = sdkerrors.ResponseDeliverTx(err, uint64(res.GasUsed), uint64(res.GasWanted), app.trace) + return abciRes + } + + abciRes, err = convertTxResponseToDeliverTx(res) + if err != nil { + return sdkerrors.ResponseDeliverTx(err, uint64(res.GasUsed), uint64(res.GasWanted), app.trace) + } + + return abciRes +} + +// convertTxResponseToDeliverTx converts a tx.Response into a abci.ResponseDeliverTx. +func convertTxResponseToDeliverTx(txRes tx.Response) (abci.ResponseDeliverTx, error) { + data, err := makeABCIData(txRes) + if err != nil { + return abci.ResponseDeliverTx{}, nil + } + + return abci.ResponseDeliverTx{ + Data: data, + Log: txRes.Log, + Events: txRes.Events, + }, nil +} + +// makeABCIData generates the Data field to be sent to ABCI Check/DeliverTx. +func makeABCIData(txRes tx.Response) ([]byte, error) { + return proto.Marshal(&sdk.TxMsgData{MsgResponses: txRes.MsgResponses}) +} +``` + +The implementations are similar for `BaseApp.CheckTx` and `BaseApp.Simulate`. + +`baseapp.txHandler`'s three methods' implementations can obviously be monolithic functions, but for modularity we propose a middleware composition design, where a middleware is simply a function that takes a `tx.Handler`, and returns another `tx.Handler` wrapped around the previous one. + +### Implementing a Middleware + +In practice, middlewares are created by Go function that takes as arguments some parameters needed for the middleware, and returns a `tx.Middleware`. + +For example, for creating an arbitrary `MyMiddleware`, we can implement: + +```go +// myTxHandler is the tx.Handler of this middleware. Note that it holds a +// reference to the next tx.Handler in the stack. +type myTxHandler struct { + // next is the next tx.Handler in the middleware stack. + next tx.Handler + // some other fields that are relevant to the middleware can be added here +} + +// NewMyMiddleware returns a middleware that does this and that. +func NewMyMiddleware(arg1, arg2) tx.Middleware { + return func (txh tx.Handler) tx.Handler { + return myTxHandler{ + next: txh, + // optionally, set arg1, arg2... if they are needed in the middleware + } + } +} + +// Assert myTxHandler is a tx.Handler. +var _ tx.Handler = myTxHandler{} + +func (h myTxHandler) CheckTx(ctx context.Context, req Request, checkReq RequestcheckTx) (Response, ResponseCheckTx, error) { + // CheckTx specific pre-processing logic + + // run the next middleware + res, checkRes, err := txh.next.CheckTx(ctx, req, checkReq) + + // CheckTx specific post-processing logic + + return res, checkRes, err +} + +func (h myTxHandler) DeliverTx(ctx context.Context, req Request) (Response, error) { + // DeliverTx specific pre-processing logic + + // run the next middleware + res, err := txh.next.DeliverTx(ctx, tx, req) + + // DeliverTx specific post-processing logic + + return res, err +} + +func (h myTxHandler) SimulateTx(ctx context.Context, req Request) (Response, error) { + // SimulateTx specific pre-processing logic + + // run the next middleware + res, err := txh.next.SimulateTx(ctx, tx, req) + + // SimulateTx specific post-processing logic + + return res, err +} +``` + +### Composing Middlewares + +While BaseApp simply holds a reference to a `tx.Handler`, this `tx.Handler` itself is defined using a middleware stack. The Cosmos SDK exposes a base (i.e. innermost) `tx.Handler` called `RunMsgsTxHandler`, which executes messages. + +Then, the app developer can compose multiple middlewares on top on the base `tx.Handler`. Each middleware can run pre-and-post-processing logic around its next middleware, as described in the section above. Conceptually, as an example, given the middlewares `A`, `B`, and `C` and the base `tx.Handler` `H` the stack looks like: + +```text +A.pre + B.pre + C.pre + H # The base tx.handler, for example `RunMsgsTxHandler` + C.post + B.post +A.post +``` + +We define a `ComposeMiddlewares` function for composing middlewares. It takes the base handler as first argument, and middlewares in the "outer to inner" order. For the above stack, the final `tx.Handler` is: + +```go +txHandler := middleware.ComposeMiddlewares(H, A, B, C) +``` + +The middleware is set in BaseApp via its `SetTxHandler` setter: + +```go +// simapp/app.go + +txHandler := middleware.ComposeMiddlewares(...) +app.SetTxHandler(txHandler) +``` + +The app developer can define their own middlewares, or use the Cosmos SDK's pre-defined middlewares from `middleware.NewDefaultTxHandler()`. + +### Middlewares Maintained by the Cosmos SDK + +While the app developer can define and compose the middlewares of their choice, the Cosmos SDK provides a set of middlewares that caters for the ecosystem's most common use cases. These middlewares are: + +| Middleware | Description | +| ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| RunMsgsTxHandler | This is the base `tx.Handler`. It replaces the old baseapp's `runMsgs`, and executes a transaction's `Msg`s. | +| TxDecoderMiddleware | This middleware takes in transaction raw bytes, and decodes them into a `sdk.Tx`. It replaces the `baseapp.txDecoder` field, so that BaseApp stays as thin as possible. Since most middlewares read the contents of the `sdk.Tx`, the TxDecoderMiddleware should be run first in the middleware stack. | +| {Antehandlers} | Each antehandler is converted to its own middleware. These middlewares perform signature verification, fee deductions and other validations on the incoming transaction. | +| IndexEventsTxMiddleware | This is a simple middleware that chooses which events to index in Tendermint. Replaces `baseapp.indexEvents` (which unfortunately still exists in baseapp too, because it's used to index Begin/EndBlock events) | +| RecoveryTxMiddleware | This index recovers from panics. It replaces baseapp.runTx's panic recovery described in [ADR-022](./adr-022-custom-panic-handling.md). | +| GasTxMiddleware | This replaces the [`Setup`](https://github.com/cosmos/cosmos-sdk/blob/v0.43.0/x/auth/ante/setup.go) Antehandler. It sets a GasMeter on sdk.Context. Note that before, GasMeter was set on sdk.Context inside the antehandlers, and there was some mess around the fact that antehandlers had their own panic recovery system so that the GasMeter could be read by baseapp's recovery system. Now, this mess is all removed: one middleware sets GasMeter, another one handles recovery. | + +### Similarities and Differences between Antehandlers and Middlewares + +The middleware-based design builds upon the existing antehandlers design described in [ADR-010](./adr-010-modular-antehandler.md). Even though the final decision of ADR-010 was to go with the "Simple Decorators" approach, the middleware design is actually very similar to the other [Decorator Pattern](./adr-010-modular-antehandler.md#decorator-pattern) proposal, also used in [weave](https://github.com/iov-one/weave). + +#### Similarities with Antehandlers + +* Designed as chaining/composing small modular pieces. +* Allow code reuse for `{Check,Deliver}Tx` and for `Simulate`. +* Set up in `app.go`, and easily customizable by app developers. +* Order is important. + +#### Differences with Antehandlers + +* The Antehandlers are run before `Msg` execution, whereas middlewares can run before and after. +* The middleware approach uses separate methods for `{Check,Deliver,Simulate}Tx`, whereas the antehandlers pass a `simulate bool` flag and uses the `sdkCtx.Is{Check,Recheck}Tx()` flags to determine in which transaction mode we are. +* The middleware design lets each middleware hold a reference to the next middleware, whereas the antehandlers pass a `next` argument in the `AnteHandle` method. +* The middleware design use Go's standard `context.Context`, whereas the antehandlers use `sdk.Context`. + +## Consequences + +### Backwards Compatibility + +Since this refactor removes some logic away from BaseApp and into middlewares, it introduces API-breaking changes for app developers. Most notably, instead of creating an antehandler chain in `app.go`, app developers need to create a middleware stack: + +```diff +- anteHandler, err := ante.NewAnteHandler( +- ante.HandlerOptions{ +- AccountKeeper: app.AccountKeeper, +- BankKeeper: app.BankKeeper, +- SignModeHandler: encodingConfig.TxConfig.SignModeHandler(), +- FeegrantKeeper: app.FeeGrantKeeper, +- SigGasConsumer: ante.DefaultSigVerificationGasConsumer, +- }, +-) ++txHandler, err := authmiddleware.NewDefaultTxHandler(authmiddleware.TxHandlerOptions{ ++ Debug: app.Trace(), ++ IndexEvents: indexEvents, ++ LegacyRouter: app.legacyRouter, ++ MsgServiceRouter: app.msgSvcRouter, ++ LegacyAnteHandler: anteHandler, ++ TxDecoder: encodingConfig.TxConfig.TxDecoder, ++}) +if err != nil { + panic(err) +} +- app.SetAnteHandler(anteHandler) ++ app.SetTxHandler(txHandler) +``` + +Other more minor API breaking changes will also be provided in the CHANGELOG. As usual, the Cosmos SDK will provide a release migration document for app developers. + +This ADR does not introduce any state-machine-, client- or CLI-breaking changes. + +### Positive + +* Allow custom logic to be run before an after `Msg` execution. This enables the [tips](https://github.com/cosmos/cosmos-sdk/issues/9406) and [gas refund](https://github.com/cosmos/cosmos-sdk/issues/2150) uses cases, and possibly other ones. +* Make BaseApp more lightweight, and defer complex logic to small modular components. +* Separate paths for `{Check,Deliver,Simulate}Tx` with different returns types. This allows for improved readability (replace `if sdkCtx.IsRecheckTx() && !simulate {...}` with separate methods) and more flexibility (e.g. returning a `priority` in `ResponseCheckTx`). + +### Negative + +* It is hard to understand at first glance the state updates that would occur after a middleware runs given the `sdk.Context` and `tx`. A middleware can have an arbitrary number of nested middleware being called within its function body, each possibly doing some pre- and post-processing before calling the next middleware on the chain. Thus to understand what a middleware is doing, one must also understand what every other middleware further along the chain is also doing, and the order of middlewares matters. This can get quite complicated to understand. +* API-breaking changes for app developers. + +### Neutral + +No neutral consequences. + +## Further Discussions + +* [#9934](https://github.com/cosmos/cosmos-sdk/discussions/9934) Decomposing BaseApp's other ABCI methods into middlewares. +* Replace `sdk.Tx` interface with the concrete protobuf Tx type in the `tx.Handler` methods signature. + +## Test Cases + +We update the existing baseapp and antehandlers tests to use the new middleware API, but keep the same test cases and logic, to avoid introducing regressions. Existing CLI tests will also be left untouched. + +For new middlewares, we introduce unit tests. Since middlewares are purposefully small, unit tests suit well. + +## References + +* Initial discussion: https://github.com/cosmos/cosmos-sdk/issues/9585 +* Implementation: [#9920 BaseApp refactor](https://github.com/cosmos/cosmos-sdk/pull/9920) and [#10028 Antehandlers migration](https://github.com/cosmos/cosmos-sdk/pull/10028) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-046-module-params.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-046-module-params.md new file mode 100644 index 00000000..369cd043 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-046-module-params.md @@ -0,0 +1,184 @@ +# ADR 046: Module Params + +## Changelog + +* Sep 22, 2021: Initial Draft + +## Status + +Proposed + +## Abstract + +This ADR describes an alternative approach to how Cosmos SDK modules use, interact, +and store their respective parameters. + +## Context + +Currently, in the Cosmos SDK, modules that require the use of parameters use the +`x/params` module. The `x/params` works by having modules define parameters, +typically via a simple `Params` structure, and registering that structure in +the `x/params` module via a unique `Subspace` that belongs to the respective +registering module. The registering module then has unique access to its respective +`Subspace`. Through this `Subspace`, the module can get and set its `Params` +structure. + +In addition, the Cosmos SDK's `x/gov` module has direct support for changing +parameters on-chain via a `ParamChangeProposal` governance proposal type, where +stakeholders can vote on suggested parameter changes. + +There are various tradeoffs to using the `x/params` module to manage individual +module parameters. Namely, managing parameters essentially comes for "free" in +that developers only need to define the `Params` struct, the `Subspace`, and the +various auxiliary functions, e.g. `ParamSetPairs`, on the `Params` type. However, +there are some notable drawbacks. These drawbacks include the fact that parameters +are serialized in state via JSON which is extremely slow. In addition, parameter +changes via `ParamChangeProposal` governance proposals have no way of reading from +or writing to state. In other words, it is currently not possible to have any +state transitions in the application during an attempt to change param(s). + +## Decision + +We will build off of the alignment of `x/gov` and `x/authz` work per +[#9810](https://github.com/cosmos/cosmos-sdk/pull/9810). Namely, module developers +will create one or more unique parameter data structures that must be serialized +to state. The Param data structures must implement `sdk.Msg` interface with respective +Protobuf Msg service method which will validate and update the parameters with all +necessary changes. The `x/gov` module via the work done in +[#9810](https://github.com/cosmos/cosmos-sdk/pull/9810), will dispatch Param +messages, which will be handled by Protobuf Msg services. + +Note, it is up to developers to decide how to structure their parameters and +the respective `sdk.Msg` messages. Consider the parameters currently defined in +`x/auth` using the `x/params` module for parameter management: + +```protobuf +message Params { + uint64 max_memo_characters = 1; + uint64 tx_sig_limit = 2; + uint64 tx_size_cost_per_byte = 3; + uint64 sig_verify_cost_ed25519 = 4; + uint64 sig_verify_cost_secp256k1 = 5; +} +``` + +Developers can choose to either create a unique data structure for every field in +`Params` or they can create a single `Params` structure as outlined above in the +case of `x/auth`. + +In the former, `x/params`, approach, a `sdk.Msg` would need to be created for every single +field along with a handler. This can become burdensome if there are a lot of +parameter fields. In the latter case, there is only a single data structure and +thus only a single message handler, however, the message handler might have to be +more sophisticated in that it might need to understand what parameters are being +changed vs what parameters are untouched. + +Params change proposals are made using the `x/gov` module. Execution is done through +`x/authz` authorization to the root `x/gov` module's account. + +Continuing to use `x/auth`, we demonstrate a more complete example: + +```go +type Params struct { + MaxMemoCharacters uint64 + TxSigLimit uint64 + TxSizeCostPerByte uint64 + SigVerifyCostED25519 uint64 + SigVerifyCostSecp256k1 uint64 +} + +type MsgUpdateParams struct { + MaxMemoCharacters uint64 + TxSigLimit uint64 + TxSizeCostPerByte uint64 + SigVerifyCostED25519 uint64 + SigVerifyCostSecp256k1 uint64 +} + +type MsgUpdateParamsResponse struct {} + +func (ms msgServer) UpdateParams(goCtx context.Context, msg *types.MsgUpdateParams) (*types.MsgUpdateParamsResponse, error) { + ctx := sdk.UnwrapSDKContext(goCtx) + + // verification logic... + + // persist params + params := ParamsFromMsg(msg) + ms.SaveParams(ctx, params) + + return &types.MsgUpdateParamsResponse{}, nil +} + +func ParamsFromMsg(msg *types.MsgUpdateParams) Params { + // ... +} +``` + +A gRPC `Service` query should also be provided, for example: + +```protobuf +service Query { + // ... + + rpc Params(QueryParamsRequest) returns (QueryParamsResponse) { + option (google.api.http).get = "/cosmos//v1beta1/params"; + } +} + +message QueryParamsResponse { + Params params = 1 [(gogoproto.nullable) = false]; +} +``` + +## Consequences + +As a result of implementing the module parameter methodology, we gain the ability +for module parameter changes to be stateful and extensible to fit nearly every +application's use case. We will be able to emit events (and trigger hooks registered +to that events using the work proposed in [event hooks](https://github.com/cosmos/cosmos-sdk/discussions/9656)), +call other Msg service methods or perform migration. +In addition, there will be significant gains in performance when it comes to reading +and writing parameters from and to state, especially if a specific set of parameters +are read on a consistent basis. + +However, this methodology will require developers to implement more types and +Msg service metohds which can become burdensome if many parameters exist. In addition, +developers are required to implement persistance logics of module parameters. +However, this should be trivial. + +### Backwards Compatibility + +The new method for working with module parameters is naturally not backwards +compatible with the existing `x/params` module. However, the `x/params` will +remain in the Cosmos SDK and will be marked as deprecated with no additional +functionality being added apart from potential bug fixes. Note, the `x/params` +module may be removed entirely in a future release. + +### Positive + +* Module parameters are serialized more efficiently +* Modules are able to react on parameters changes and perform additional actions. +* Special events can be emitted, allowing hooks to be triggered. + +### Negative + +* Module parameters becomes slightly more burdensome for module developers: + * Modules are now responsible for persisting and retrieving parameter state + * Modules are now required to have unique message handlers to handle parameter + changes per unique parameter data structure. + +### Neutral + +* Requires [#9810](https://github.com/cosmos/cosmos-sdk/pull/9810) to be reviewed + and merged. + + + +## References + +* https://github.com/cosmos/cosmos-sdk/pull/9810 +* https://github.com/cosmos/cosmos-sdk/issues/9438 +* https://github.com/cosmos/cosmos-sdk/discussions/9913 diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-047-extend-upgrade-plan.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-047-extend-upgrade-plan.md new file mode 100644 index 00000000..3500bb33 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-047-extend-upgrade-plan.md @@ -0,0 +1,253 @@ +# ADR 047: Extend Upgrade Plan + +## Changelog + +* Nov, 23, 2021: Initial Draft +* May, 16, 2023: Proposal ABANDONED. `pre_run` and `post_run` are not necessary anymore and adding the `artifacts` brings minor benefits. + +## Status + +ABANDONED + +## Abstract + +This ADR expands the existing x/upgrade `Plan` proto message to include new fields for defining pre-run and post-run processes within upgrade tooling. +It also defines a structure for providing downloadable artifacts involved in an upgrade. + +## Context + +The `upgrade` module in conjunction with Cosmovisor are designed to facilitate and automate a blockchain's transition from one version to another. + +Users submit a software upgrade governance proposal containing an upgrade `Plan`. +The [Plan](https://github.com/cosmos/cosmos-sdk/blob/v0.44.5/proto/cosmos/upgrade/v1beta1/upgrade.proto#L12) currently contains the following fields: + +* `name`: A short string identifying the new version. +* `height`: The chain height at which the upgrade is to be performed. +* `info`: A string containing information about the upgrade. + +The `info` string can be anything. +However, Cosmovisor will try to use the `info` field to automatically download a new version of the blockchain executable. +For the auto-download to work, Cosmovisor expects it to be either a stringified JSON object (with a specific structure defined through documentation), or a URL that will return such JSON. +The JSON object identifies URLs used to download the new blockchain executable for different platforms (OS and Architecture, e.g. "linux/amd64"). +Such a URL can either return the executable file directly or can return an archive containing the executable and possibly other assets. + +If the URL returns an archive, it is decompressed into `{DAEMON_HOME}/cosmovisor/{upgrade name}`. +Then, if `{DAEMON_HOME}/cosmovisor/{upgrade name}/bin/{DAEMON_NAME}` does not exist, but `{DAEMON_HOME}/cosmovisor/{upgrade name}/{DAEMON_NAME}` does, the latter is copied to the former. +If the URL returns something other than an archive, it is downloaded to `{DAEMON_HOME}/cosmovisor/{upgrade name}/bin/{DAEMON_NAME}`. + +If an upgrade height is reached and the new version of the executable version isn't available, Cosmovisor will stop running. + +Both `DAEMON_HOME` and `DAEMON_NAME` are [environment variables used to configure Cosmovisor](https://github.com/cosmos/cosmos-sdk/blob/cosmovisor/v1.0.0/cosmovisor/README.md#command-line-arguments-and-environment-variables). + +Currently, there is no mechanism that makes Cosmovisor run a command after the upgraded chain has been restarted. + +The current upgrade process has this timeline: + +1. An upgrade governance proposal is submitted and approved. +1. The upgrade height is reached. +1. The `x/upgrade` module writes the `upgrade_info.json` file. +1. The chain halts. +1. Cosmovisor backs up the data directory (if set up to do so). +1. Cosmovisor downloads the new executable (if not already in place). +1. Cosmovisor executes the `${DAEMON_NAME} pre-upgrade`. +1. Cosmovisor restarts the app using the new version and same args originally provided. + +## Decision + +### Protobuf Updates + +We will update the `x/upgrade.Plan` message for providing upgrade instructions. +The upgrade instructions will contain a list of artifacts available for each platform. +It allows for the definition of a pre-run and post-run commands. +These commands are not consensus guaranteed; they will be executed by Cosmosvisor (or other) during its upgrade handling. + +```protobuf +message Plan { + // ... (existing fields) + + UpgradeInstructions instructions = 6; +} +``` + +The new `UpgradeInstructions instructions` field MUST be optional. + +```protobuf +message UpgradeInstructions { + string pre_run = 1; + string post_run = 2; + repeated Artifact artifacts = 3; + string description = 4; +} +``` + +All fields in the `UpgradeInstructions` are optional. + +* `pre_run` is a command to run prior to the upgraded chain restarting. + If defined, it will be executed after halting and downloading the new artifact but before restarting the upgraded chain. + The working directory this command runs from MUST be `{DAEMON_HOME}/cosmovisor/{upgrade name}`. + This command MUST behave the same as the current [pre-upgrade](https://github.com/cosmos/cosmos-sdk/blob/v0.44.5/docs/migrations/pre-upgrade.md) command. + It does not take in any command-line arguments and is expected to terminate with the following exit codes: + + | Exit status code | How it is handled in Cosmosvisor | + |------------------|---------------------------------------------------------------------------------------------------------------------| + | `0` | Assumes `pre-upgrade` command executed successfully and continues the upgrade. | + | `1` | Default exit code when `pre-upgrade` command has not been implemented. | + | `30` | `pre-upgrade` command was executed but failed. This fails the entire upgrade. | + | `31` | `pre-upgrade` command was executed but failed. But the command is retried until exit code `1` or `30` are returned. | + If defined, then the app supervisors (e.g. Cosmovisor) MUST NOT run `app pre-run`. +* `post_run` is a command to run after the upgraded chain has been started. If defined, this command MUST be only executed at most once by an upgrading node. + The output and exit code SHOULD be logged but SHOULD NOT affect the running of the upgraded chain. + The working directory this command runs from MUST be `{DAEMON_HOME}/cosmovisor/{upgrade name}`. +* `artifacts` define items to be downloaded. + It SHOULD have only one entry per platform. +* `description` contains human-readable information about the upgrade and might contain references to external resources. + It SHOULD NOT be used for structured processing information. + +```protobuf +message Artifact { + string platform = 1; + string url = 2; + string checksum = 3; + string checksum_algo = 4; +} +``` + +* `platform` is a required string that SHOULD be in the format `{OS}/{CPU}`, e.g. `"linux/amd64"`. + The string `"any"` SHOULD also be allowed. + An `Artifact` with a `platform` of `"any"` SHOULD be used as a fallback when a specific `{OS}/{CPU}` entry is not found. + That is, if an `Artifact` exists with a `platform` that matches the system's OS and CPU, that should be used; + otherwise, if an `Artifact` exists with a `platform` of `any`, that should be used; + otherwise no artifact should be downloaded. +* `url` is a required URL string that MUST conform to [RFC 1738: Uniform Resource Locators](https://www.ietf.org/rfc/rfc1738.txt). + A request to this `url` MUST return either an executable file or an archive containing either `bin/{DAEMON_NAME}` or `{DAEMON_NAME}`. + The URL should not contain checksum - it should be specified by the `checksum` attribute. +* `checksum` is a checksum of the expected result of a request to the `url`. + It is not required, but is recommended. + If provided, it MUST be a hex encoded checksum string. + Tools utilizing these `UpgradeInstructions` MUST fail if a `checksum` is provided but is different from the checksum of the result returned by the `url`. +* `checksum_algo` is a string identify the algorithm used to generate the `checksum`. + Recommended algorithms: `sha256`, `sha512`. + Algorithms also supported (but not recommended): `sha1`, `md5`. + If a `checksum` is provided, a `checksum_algo` MUST also be provided. + +A `url` is not required to contain a `checksum` query parameter. +If the `url` does contain a `checksum` query parameter, the `checksum` and `checksum_algo` fields MUST also be populated, and their values MUST match the value of the query parameter. +For example, if the `url` is `"https://example.com?checksum=md5:d41d8cd98f00b204e9800998ecf8427e"`, then the `checksum` field must be `"d41d8cd98f00b204e9800998ecf8427e"` and the `checksum_algo` field must be `"md5"`. + +### Upgrade Module Updates + +If an upgrade `Plan` does not use the new `UpgradeInstructions` field, existing functionality will be maintained. +The parsing of the `info` field as either a URL or `binaries` JSON will be deprecated. +During validation, if the `info` field is used as such, a warning will be issued, but not an error. + +We will update the creation of the `upgrade-info.json` file to include the `UpgradeInstructions`. + +We will update the optional validation available via CLI to account for the new `Plan` structure. +We will add the following validation: + +1. If `UpgradeInstructions` are provided: + 1. There MUST be at least one entry in `artifacts`. + 1. All of the `artifacts` MUST have a unique `platform`. + 1. For each `Artifact`, if the `url` contains a `checksum` query parameter: + 1. The `checksum` query parameter value MUST be in the format of `{checksum_algo}:{checksum}`. + 1. The `{checksum}` from the query parameter MUST equal the `checksum` provided in the `Artifact`. + 1. The `{checksum_algo}` from the query parameter MUST equal the `checksum_algo` provided in the `Artifact`. +1. The following validation is currently done using the `info` field. We will apply similar validation to the `UpgradeInstructions`. + For each `Artifact`: + 1. The `platform` MUST have the format `{OS}/{CPU}` or be `"any"`. + 1. The `url` field MUST NOT be empty. + 1. The `url` field MUST be a proper URL. + 1. A `checksum` MUST be provided either in the `checksum` field or as a query parameter in the `url`. + 1. If the `checksum` field has a value and the `url` also has a `checksum` query parameter, the two values MUST be equal. + 1. The `url` MUST return either a file or an archive containing either `bin/{DAEMON_NAME}` or `{DAEMON_NAME}`. + 1. If a `checksum` is provided (in the field or as a query param), the checksum of the result of the `url` MUST equal the provided checksum. + +Downloading of an `Artifact` will happen the same way that URLs from `info` are currently downloaded. + +### Cosmovisor Updates + +If the `upgrade-info.json` file does not contain any `UpgradeInstructions`, existing functionality will be maintained. + +We will update Cosmovisor to look for and handle the new `UpgradeInstructions` in `upgrade-info.json`. +If the `UpgradeInstructions` are provided, we will do the following: + +1. The `info` field will be ignored. +1. The `artifacts` field will be used to identify the artifact to download based on the `platform` that Cosmovisor is running in. +1. If a `checksum` is provided (either in the field or as a query param in the `url`), and the downloaded artifact has a different checksum, the upgrade process will be interrupted and Cosmovisor will exit with an error. +1. If a `pre_run` command is defined, it will be executed at the same point in the process where the `app pre-upgrade` command would have been executed. + It will be executed using the same environment as other commands run by Cosmovisor. +1. If a `post_run` command is defined, it will be executed after executing the command that restarts the chain. + It will be executed in a background process using the same environment as the other commands. + Any output generated by the command will be logged. + Once complete, the exit code will be logged. + +We will deprecate the use of the `info` field for anything other than human readable information. +A warning will be logged if the `info` field is used to define the assets (either by URL or JSON). + +The new upgrade timeline is very similar to the current one. Changes are in bold: + +1. An upgrade governance proposal is submitted and approved. +1. The upgrade height is reached. +1. The `x/upgrade` module writes the `upgrade_info.json` file **(now possibly with `UpgradeInstructions`)**. +1. The chain halts. +1. Cosmovisor backs up the data directory (if set up to do so). +1. Cosmovisor downloads the new executable (if not already in place). +1. Cosmovisor executes **the `pre_run` command if provided**, or else the `${DAEMON_NAME} pre-upgrade` command. +1. Cosmovisor restarts the app using the new version and same args originally provided. +1. **Cosmovisor immediately runs the `post_run` command in a detached process.** + +## Consequences + +### Backwards Compatibility + +Since the only change to existing definitions is the addition of the `instructions` field to the `Plan` message, and that field is optional, there are no backwards incompatibilities with respects to the proto messages. +Additionally, current behavior will be maintained when no `UpgradeInstructions` are provided, so there are no backwards incompatibilities with respects to either the upgrade module or Cosmovisor. + +### Forwards Compatibility + +In order to utilize the `UpgradeInstructions` as part of a software upgrade, both of the following must be true: + +1. The chain must already be using a sufficiently advanced version of the Cosmos SDK. +1. The chain's nodes must be using a sufficiently advanced version of Cosmovisor. + +### Positive + +1. The structure for defining artifacts is clearer since it is now defined in the proto instead of in documentation. +1. Availability of a pre-run command becomes more obvious. +1. A post-run command becomes possible. + +### Negative + +1. The `Plan` message becomes larger. This is negligible because A) the `x/upgrades` module only stores at most one upgrade plan, and B) upgrades are rare enough that the increased gas cost isn't a concern. +1. There is no option for providing a URL that will return the `UpgradeInstructions`. +1. The only way to provide multiple assets (executables and other files) for a platform is to use an archive as the platform's artifact. + +### Neutral + +1. Existing functionality of the `info` field is maintained when the `UpgradeInstructions` aren't provided. + +## Further Discussions + +1. [Draft PR #10032 Comment](https://github.com/cosmos/cosmos-sdk/pull/10032/files?authenticity_token=pLtzpnXJJB%2Fif2UWiTp9Td3MvRrBF04DvjSuEjf1azoWdLF%2BSNymVYw9Ic7VkqHgNLhNj6iq9bHQYnVLzMXd4g%3D%3D&file-filters%5B%5D=.go&file-filters%5B%5D=.proto#r698708349): + Consider different names for `UpgradeInstructions instructions` (either the message type or field name). +1. [Draft PR #10032 Comment](https://github.com/cosmos/cosmos-sdk/pull/10032/files?authenticity_token=pLtzpnXJJB%2Fif2UWiTp9Td3MvRrBF04DvjSuEjf1azoWdLF%2BSNymVYw9Ic7VkqHgNLhNj6iq9bHQYnVLzMXd4g%3D%3D&file-filters%5B%5D=.go&file-filters%5B%5D=.proto#r754655072): + 1. Consider putting the `string platform` field inside `UpgradeInstructions` and make `UpgradeInstructions` a repeated field in `Plan`. + 1. Consider using a `oneof` field in the `Plan` which could either be `UpgradeInstructions` or else a URL that should return the `UpgradeInstructions`. + 1. Consider allowing `info` to either be a JSON serialized version of `UpgradeInstructions` or else a URL that returns that. +1. [Draft PR #10032 Comment](https://github.com/cosmos/cosmos-sdk/pull/10032/files?authenticity_token=pLtzpnXJJB%2Fif2UWiTp9Td3MvRrBF04DvjSuEjf1azoWdLF%2BSNymVYw9Ic7VkqHgNLhNj6iq9bHQYnVLzMXd4g%3D%3D&file-filters%5B%5D=.go&file-filters%5B%5D=.proto#r755462876): + Consider not including the `UpgradeInstructions.description` field, using the `info` field for that purpose instead. +1. [Draft PR #10032 Comment](https://github.com/cosmos/cosmos-sdk/pull/10032/files?authenticity_token=pLtzpnXJJB%2Fif2UWiTp9Td3MvRrBF04DvjSuEjf1azoWdLF%2BSNymVYw9Ic7VkqHgNLhNj6iq9bHQYnVLzMXd4g%3D%3D&file-filters%5B%5D=.go&file-filters%5B%5D=.proto#r754643691): + Consider allowing multiple artifacts to be downloaded for any given `platform` by adding a `name` field to the `Artifact` message. +1. [PR #10502 Comment](https://github.com/cosmos/cosmos-sdk/pull/10602#discussion_r781438288) + Allow the new `UpgradeInstructions` to be provided via URL. +1. [PR #10502 Comment](https://github.com/cosmos/cosmos-sdk/pull/10602#discussion_r781438288) + Allow definition of a `signer` for assets (as an alternative to using a `checksum`). + +## References + +* [Current upgrade.proto](https://github.com/cosmos/cosmos-sdk/blob/v0.44.5/proto/cosmos/upgrade/v1beta1/upgrade.proto) +* [Upgrade Module README](https://github.com/cosmos/cosmos-sdk/blob/v0.44.5/x/upgrade/spec/README.md) +* [Cosmovisor README](https://github.com/cosmos/cosmos-sdk/blob/cosmovisor/v1.0.0/cosmovisor/README.md) +* [Pre-upgrade README](https://github.com/cosmos/cosmos-sdk/blob/v0.44.5/docs/migrations/pre-upgrade.md) +* [Draft/POC PR #10032](https://github.com/cosmos/cosmos-sdk/pull/10032) +* [RFC 1738: Uniform Resource Locators](https://www.ietf.org/rfc/rfc1738.txt) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-048-consensus-fees.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-048-consensus-fees.md new file mode 100644 index 00000000..f1c6065c --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-048-consensus-fees.md @@ -0,0 +1,204 @@ +# ADR 048: Multi Tire Gas Price System + +## Changelog + +* Dec 1, 2021: Initial Draft + +## Status + +Rejected + +## Abstract + +This ADR describes a flexible mechanism to maintain a consensus level gas prices, in which one can choose a multi-tier gas price system or EIP-1559 like one through configuration. + +## Context + +Currently, each validator configures it's own `minimal-gas-prices` in `app.yaml`. But setting a proper minimal gas price is critical to protect network from dos attack, and it's hard for all the validators to pick a sensible value, so we propose to maintain a gas price in consensus level. + +Since tendermint 0.34.20 has supported mempool prioritization, we can take advantage of that to implement more sophisticated gas fee system. + +## Multi-Tier Price System + +We propose a multi-tier price system on consensus to provide maximum flexibility: + +* Tier 1: a constant gas price, which could only be modified occasionally through governance proposal. +* Tier 2: a dynamic gas price which is adjusted according to previous block load. +* Tier 3: a dynamic gas price which is adjusted according to previous block load at a higher speed. + +The gas price of higher tier should bigger than the lower tier. + +The transaction fees are charged with the exact gas price calculated on consensus. + +The parameter schema is like this: + +```protobuf +message TierParams { + uint32 priority = 1 // priority in tendermint mempool + Coin initial_gas_price = 2 // + uint32 parent_gas_target = 3 // the target saturation of block + uint32 change_denominator = 4 // decides the change speed + Coin min_gas_price = 5 // optional lower bound of the price adjustment + Coin max_gas_price = 6 // optional upper bound of the price adjustment +} + +message Params { + repeated TierParams tiers = 1; +} +``` + +### Extension Options + +We need to allow user to specify the tier of service for the transaction, to support it in an extensible way, we add an extension option in `AuthInfo`: + +```protobuf +message ExtensionOptionsTieredTx { + uint32 fee_tier = 1 +} +``` + +The value of `fee_tier` is just the index to the `tiers` parameter list. + +We also change the semantic of existing `fee` field of `Tx`, instead of charging user the exact `fee` amount, we treat it as a fee cap, while the actual amount of fee charged is decided dynamically. If the `fee` is smaller than dynamic one, the transaction won't be included in current block and ideally should stay in the mempool until the consensus gas price drop. The mempool can eventually prune old transactions. + +### Tx Prioritization + +Transactions are prioritized based on the tier, the higher the tier, the higher the priority. + +Within the same tier, follow the default Tendermint order (currently FIFO). Be aware of that the mempool tx ordering logic is not part of consensus and can be modified by malicious validator. + +This mechanism can be easily composed with prioritization mechanisms: + +* we can add extra tiers out of a user control: + * Example 1: user can set tier 0, 10 or 20, but the protocol will create tiers 0, 1, 2 ... 29. For example IBC transactions will go to tier `user_tier + 5`: if user selected tier 1, then the transaction will go to tier 15. + * Example 2: we can reserve tier 4, 5, ... only for special transaction types. For example, tier 5 is reserved for evidence tx. So if submits a bank.Send transaction and set tier 5, it will be delegated to tier 3 (the max tier level available for any transaction). + * Example 3: we can enforce that all transactions of a sepecific type will go to specific tier. For example, tier 100 will be reserved for evidence transactions and all evidence transactions will always go to that tier. + +### `min-gas-prices` + +Deprecate the current per-validator `min-gas-prices` configuration, since it would confusing for it to work together with the consensus gas price. + +### Adjust For Block Load + +For tier 2 and tier 3 transactions, the gas price is adjusted according to previous block load, the logic could be similar to EIP-1559: + +```python +def adjust_gas_price(gas_price, parent_gas_used, tier): + if parent_gas_used == tier.parent_gas_target: + return gas_price + elif parent_gas_used > tier.parent_gas_target: + gas_used_delta = parent_gas_used - tier.parent_gas_target + gas_price_delta = max(gas_price * gas_used_delta // tier.parent_gas_target // tier.change_speed, 1) + return gas_price + gas_price_delta + else: + gas_used_delta = parent_gas_target - parent_gas_used + gas_price_delta = gas_price * gas_used_delta // parent_gas_target // tier.change_speed + return gas_price - gas_price_delta +``` + +### Block Segment Reservation + +Ideally we should reserve block segments for each tier, so the lower tiered transactions won't be completely squeezed out by higher tier transactions, which will force user to use higher tier, and the system degraded to a single tier. + +We need help from tendermint to implement this. + +## Implementation + +We can make each tier's gas price strategy fully configurable in protocol parameters, while providing a sensible default one. + +Pseudocode in python-like syntax: + +```python +interface TieredTx: + def tier(self) -> int: + pass + +def tx_tier(tx): + if isinstance(tx, TieredTx): + return tx.tier() + else: + # default tier for custom transactions + return 0 + # NOTE: we can add more rules here per "Tx Prioritization" section + +class TierParams: + 'gas price strategy parameters of one tier' + priority: int # priority in tendermint mempool + initial_gas_price: Coin + parent_gas_target: int + change_speed: Decimal # 0 means don't adjust for block load. + +class Params: + 'protocol parameters' + tiers: List[TierParams] + +class State: + 'consensus state' + # total gas used in last block, None when it's the first block + parent_gas_used: Optional[int] + # gas prices of last block for all tiers + gas_prices: List[Coin] + +def begin_block(): + 'Adjust gas prices' + for i, tier in enumerate(Params.tiers): + if State.parent_gas_used is None: + # initialized gas price for the first block + State.gas_prices[i] = tier.initial_gas_price + else: + # adjust gas price according to gas used in previous block + State.gas_prices[i] = adjust_gas_price(State.gas_prices[i], State.parent_gas_used, tier) + +def mempoolFeeTxHandler_checkTx(ctx, tx): + # the minimal-gas-price configured by validator, zero in deliver_tx context + validator_price = ctx.MinGasPrice() + consensus_price = State.gas_prices[tx_tier(tx)] + min_price = max(validator_price, consensus_price) + + # zero means infinity for gas price cap + if tx.gas_price() > 0 and tx.gas_price() < min_price: + return 'insufficient fees' + return next_CheckTx(ctx, tx) + +def txPriorityHandler_checkTx(ctx, tx): + res, err := next_CheckTx(ctx, tx) + # pass priority to tendermint + res.Priority = Params.tiers[tx_tier(tx)].priority + return res, err + +def end_block(): + 'Update block gas used' + State.parent_gas_used = block_gas_meter.consumed() +``` + +### Dos attack protection + +To fully saturate the blocks and prevent other transactions from executing, attacker need to use transactions of highest tier, the cost would be significantly higher than the default tier. + +If attacker spam with lower tier transactions, user can mitigate by sending higher tier transactions. + +## Consequences + +### Backwards Compatibility + +* New protocol parameters. +* New consensus states. +* New/changed fields in transaction body. + +### Positive + +* The default tier keeps the same predictable gas price experience for client. +* The higher tier's gas price can adapt to block load. +* No priority conflict with custom priority based on transaction types, since this proposal only occupy three priority levels. +* Possibility to compose different priority rules with tiers + +### Negative + +* Wallets & tools need to update to support the new `tier` parameter, and semantic of `fee` field is changed. + +### Neutral + +## References + +* https://eips.ethereum.org/EIPS/eip-1559 +* https://iohk.io/en/blog/posts/2021/11/26/network-traffic-and-tiered-pricing/ diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-049-state-sync-hooks.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-049-state-sync-hooks.md new file mode 100644 index 00000000..c7353aa3 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-049-state-sync-hooks.md @@ -0,0 +1,174 @@ +# ADR 049: State Sync Hooks + +## Changelog + +* Jan 19, 2022: Initial Draft +* Apr 29, 2022: Safer extension snapshotter interface + +## Status + +Implemented + +## Abstract + +This ADR outlines a hooks-based mechanism for application modules to provide additional state (outside of the IAVL tree) to be used +during state sync. + +## Context + +New clients use state-sync to download snapshots of module state from peers. Currently, the snapshot consists of a +stream of `SnapshotStoreItem` and `SnapshotIAVLItem`, which means that application modules that define their state outside of the IAVL +tree cannot include their state as part of the state-sync process. + +Note, Even though the module state data is outside of the tree, for determinism we require that the hash of the external data should +be posted in the IAVL tree. + +## Decision + +A simple proposal based on our existing implementation is that, we can add two new message types: `SnapshotExtensionMeta` +and `SnapshotExtensionPayload`, and they are appended to the existing multi-store stream with `SnapshotExtensionMeta` +acting as a delimiter between extensions. As the chunk hashes should be able to ensure data integrity, we don't need +a delimiter to mark the end of the snapshot stream. + +Besides, we provide `Snapshotter` and `ExtensionSnapshotter` interface for modules to implement snapshotters, which will handle both taking +snapshot and the restoration. Each module could have mutiple snapshotters, and for modules with additional state, they should +implement `ExtensionSnapshotter` as extension snapshotters. When setting up the application, the snapshot `Manager` should call +`RegisterExtensions([]ExtensionSnapshotter…)` to register all the extension snapshotters. + +```protobuf +// SnapshotItem is an item contained in a rootmulti.Store snapshot. +// On top of the exsiting SnapshotStoreItem and SnapshotIAVLItem, we add two new options for the item. +message SnapshotItem { + // item is the specific type of snapshot item. + oneof item { + SnapshotStoreItem store = 1; + SnapshotIAVLItem iavl = 2 [(gogoproto.customname) = "IAVL"]; + SnapshotExtensionMeta extension = 3; + SnapshotExtensionPayload extension_payload = 4; + } +} + +// SnapshotExtensionMeta contains metadata about an external snapshotter. +// One module may need multiple snapshotters, so each module may have multiple SnapshotExtensionMeta. +message SnapshotExtensionMeta { + // the name of the ExtensionSnapshotter, and it is registered to snapshotter manager when setting up the application + // name should be unique for each ExtensionSnapshotter as we need to alphabetically order their snapshots to get + // deterministic snapshot stream. + string name = 1; + // this is used by each ExtensionSnapshotter to decide the format of payloads included in SnapshotExtensionPayload message + // it is used within the snapshotter/namespace, not global one for all modules + uint32 format = 2; +} + +// SnapshotExtensionPayload contains payloads of an external snapshotter. +message SnapshotExtensionPayload { + bytes payload = 1; +} +``` + +When we create a snapshot stream, the `multistore` snapshot is always placed at the beginning of the binary stream, and other extension snapshots are alphabetically ordered by the name of the corresponding `ExtensionSnapshotter`. + +The snapshot stream would look like as follows: + +```go +// multi-store snapshot +{SnapshotStoreItem | SnapshotIAVLItem, ...} +// extension1 snapshot +SnapshotExtensionMeta +{SnapshotExtensionPayload, ...} +// extension2 snapshot +SnapshotExtensionMeta +{SnapshotExtensionPayload, ...} +``` + +We add an `extensions` field to snapshot `Manager` for extension snapshotters. The `multistore` snapshotter is a special one and it doesn't need a name because it is always placed at the beginning of the binary stream. + +```go +type Manager struct { + store *Store + multistore types.Snapshotter + extensions map[string]types.ExtensionSnapshotter + mtx sync.Mutex + operation operation + chRestore chan<- io.ReadCloser + chRestoreDone <-chan restoreDone + restoreChunkHashes [][]byte + restoreChunkIndex uint32 +} +``` + +For extension snapshotters that implement the `ExtensionSnapshotter` interface, their names should be registered to the snapshot `Manager` by +calling `RegisterExtensions` when setting up the application. The snapshotters will handle both taking snapshot and restoration. + +```go +// RegisterExtensions register extension snapshotters to manager +func (m *Manager) RegisterExtensions(extensions ...types.ExtensionSnapshotter) error +``` + +On top of the existing `Snapshotter` interface for the `multistore`, we add `ExtensionSnapshotter` interface for the extension snapshotters. Three more function signatures: `SnapshotFormat()`, `SupportedFormats()` and `SnapshotName()` are added to `ExtensionSnapshotter`. + +```go +// ExtensionPayloadReader read extension payloads, +// it returns io.EOF when reached either end of stream or the extension boundaries. +type ExtensionPayloadReader = func() ([]byte, error) + +// ExtensionPayloadWriter is a helper to write extension payloads to underlying stream. +type ExtensionPayloadWriter = func([]byte) error + +// ExtensionSnapshotter is an extension Snapshotter that is appended to the snapshot stream. +// ExtensionSnapshotter has an unique name and manages it's own internal formats. +type ExtensionSnapshotter interface { + // SnapshotName returns the name of snapshotter, it should be unique in the manager. + SnapshotName() string + + // SnapshotFormat returns the default format used to take a snapshot. + SnapshotFormat() uint32 + + // SupportedFormats returns a list of formats it can restore from. + SupportedFormats() []uint32 + + // SnapshotExtension writes extension payloads into the underlying protobuf stream. + SnapshotExtension(height uint64, payloadWriter ExtensionPayloadWriter) error + + // RestoreExtension restores an extension state snapshot, + // the payload reader returns `io.EOF` when reached the extension boundaries. + RestoreExtension(height uint64, format uint32, payloadReader ExtensionPayloadReader) error + +} +``` + +## Consequences + +As a result of this implementation, we are able to create snapshots of binary chunk stream for the state that we maintain outside of the IAVL Tree, CosmWasm blobs for example. And new clients are able to fetch sanpshots of state for all modules that have implemented the corresponding interface from peer nodes. + + +### Backwards Compatibility + +This ADR introduces new proto message types, add an `extensions` field in snapshot `Manager`, and add new `ExtensionSnapshotter` interface, so this is not backwards compatible if we have extensions. + +But for applications that does not have the state data outside of the IAVL tree for any module, the snapshot stream is backwards-compatible. + +### Positive + +* State maintained outside of IAVL tree like CosmWasm blobs can create snapshots by implementing extension snapshotters, and being fetched by new clients via state-sync. + +### Negative + +### Neutral + +* All modules that maintain state outside of IAVL tree need to implement `ExtensionSnapshotter` and the snapshot `Manager` need to call `RegisterExtensions` when setting up the application. + +## Further Discussions + +While an ADR is in the DRAFT or PROPOSED stage, this section should contain a summary of issues to be solved in future iterations (usually referencing comments from a pull-request discussion). +Later, this section can optionally list ideas or improvements the author or reviewers found during the analysis of this ADR. + +## Test Cases [optional] + +Test cases for an implementation are mandatory for ADRs that are affecting consensus changes. Other ADRs can choose to include links to test cases if applicable. + +## References + +* https://github.com/cosmos/cosmos-sdk/pull/10961 +* https://github.com/cosmos/cosmos-sdk/issues/7340 +* https://hackmd.io/gJoyev6DSmqqkO667WQlGw diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-050-sign-mode-textual-annex1.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-050-sign-mode-textual-annex1.md new file mode 100644 index 00000000..ff3acc8c --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-050-sign-mode-textual-annex1.md @@ -0,0 +1,358 @@ +# ADR 050: SIGN_MODE_TEXTUAL: Annex 1 Value Renderers + +## Changelog + +* Dec 06, 2021: Initial Draft +* Feb 07, 2022: Draft read and concept-ACKed by the Ledger team. +* Dec 01, 2022: Remove `Object: ` prefix on Any header screen. +* Dec 13, 2022: Sign over bytes hash when bytes length > 32. +* Mar 27, 2023: Update `Any` value renderer to omit message header screen. + +## Status + +Accepted. Implementation started. Small value renderers details still need to be polished. + +## Abstract + +This Annex describes value renderers, which are used for displaying Protobuf values in a human-friendly way using a string array. + +## Value Renderers + +Value Renderers describe how values of different Protobuf types should be encoded as a string array. Value renderers can be formalized as a set of bijective functions `func renderT(value T) []string`, where `T` is one of the below Protobuf types for which this spec is defined. + +### Protobuf `number` + +* Applies to: + * protobuf numeric integer types (`int{32,64}`, `uint{32,64}`, `sint{32,64}`, `fixed{32,64}`, `sfixed{32,64}`) + * strings whose `customtype` is `github.com/cosmos/cosmos-sdk/types.Int` or `github.com/cosmos/cosmos-sdk/types.Dec` + * bytes whose `customtype` is `github.com/cosmos/cosmos-sdk/types.Int` or `github.com/cosmos/cosmos-sdk/types.Dec` +* Trailing decimal zeroes are always removed +* Formatting with `'`s for every three integral digits. +* Usage of `.` to denote the decimal delimiter. + +#### Examples + +* `1000` (uint64) -> `1'000` +* `"1000000.00"` (string representing a Dec) -> `1'000'000` +* `"1000000.10"` (string representing a Dec) -> `1'000'000.1` + +### `coin` + +* Applies to `cosmos.base.v1beta1.Coin`. +* Denoms are converted to `display` denoms using `Metadata` (if available). **This requires a state query**. The definition of `Metadata` can be found in the [bank protobuf definition](https://buf.build/cosmos/cosmos-sdk/docs/main:cosmos.bank.v1beta1#cosmos.bank.v1beta1.Metadata). If the `display` field is empty or nil, then we do not perform any denom conversion. +* Amounts are converted to `display` denom amounts and rendered as `number`s above + * We do not change the capitalization of the denom. In practice, `display` denoms are stored in lowercase in state (e.g. `10 atom`), however they are often showed in UPPERCASE in everyday life (e.g. `10 ATOM`). Value renderers keep the case used in state, but we may recommend chains changing the denom metadata to be uppercase for better user display. +* One space between the denom and amount (e.g. `10 atom`). +* In the future, IBC denoms could maybe be converted to DID/IIDs, if we can find a robust way for doing this (ex. `cosmos:cosmos:hub:bank:denom:atom`) + +#### Examples + +* `1000000000uatom` -> `["1'000 atom"]`, because atom is the metadata's display denom. + +### `coins` + +* an array of `coin` is display as the concatenation of each `coin` encoded as the specification above, the joined together with the delimiter `", "` (a comma and a space, no quotes around). +* the list of coins is ordered by unicode code point of the display denom: `A-Z` < `a-z`. For example, the string `aAbBcC` would be sorted `ABCabc`. + * if the coins list had 0 items in it then it'll be rendered as `zero` + +### Example + +* `["3cosm", "2000000uatom"]` -> `2 atom, 3 COSM` (assuming the display denoms are `atom` and `COSM`) +* `["10atom", "20Acoin"]` -> `20 Acoin, 10 atom` (assuming the display denoms are `atom` and `Acoin`) +* `[]` -> `zero` + +### `repeated` + +* Applies to all `repeated` fields, except `cosmos.tx.v1beta1.TxBody#Messages`, which has a particular encoding (see [ADR-050](./adr-050-sign-mode-textual.md)). +* A repeated type has the following template: + +``` +: + (/): + + (/): + +End of . +``` + +where: + +* `field_name` is the Protobuf field name of the repeated field +* `field_kind`: + * if the type of the repeated field is a message, `field_kind` is the message name + * if the type of the repeated field is an enum, `field_kind` is the enum name + * in any other case, `field_kind` is the protobuf primitive type (e.g. "string" or "bytes") +* `int` is the length of the array +* `index` is one based index of the repeated field + +#### Examples + +Given the proto definition: + +```protobuf +message AllowedMsgAllowance { + repeated string allowed_messages = 1; +} +``` + +and initializing with: + +```go +x := []AllowedMsgAllowance{"cosmos.bank.v1beta1.MsgSend", "cosmos.gov.v1.MsgVote"} +``` + +we have the following value-rendered encoding: + +``` +Allowed messages: 2 strings +Allowed messages (1/2): cosmos.bank.v1beta1.MsgSend +Allowed messages (2/2): cosmos.gov.v1.MsgVote +End of Allowed messages +``` + +### `message` + +* Applies to all Protobuf messages that do not have a custom encoding. +* Field names follow [sentence case](https://en.wiktionary.org/wiki/sentence_case) + * replace each `_` with a space + * capitalize first letter of the sentence +* Field names are ordered by their Protobuf field number +* Screen title is the field name, and screen content is the value. +* Nesting: + * if a field contains a nested message, we value-render the underlying message using the template: + + ``` + : <1st line of value-rendered message> + > // Notice the `>` prefix. + ``` + + * `>` character is used to denote nesting. For each additional level of nesting, add `>`. + +#### Examples + +Given the following Protobuf messages: + +```protobuf +enum VoteOption { + VOTE_OPTION_UNSPECIFIED = 0; + VOTE_OPTION_YES = 1; + VOTE_OPTION_ABSTAIN = 2; + VOTE_OPTION_NO = 3; + VOTE_OPTION_NO_WITH_VETO = 4; +} + +message WeightedVoteOption { + VoteOption option = 1; + string weight = 2 [(cosmos_proto.scalar) = "cosmos.Dec"]; +} + +message Vote { + uint64 proposal_id = 1; + string voter = 2 [(cosmos_proto.scalar) = "cosmos.AddressString"]; + reserved 3; + repeated WeightedVoteOption options = 4; +} +``` + +we get the following encoding for the `Vote` message: + +``` +Vote object +> Proposal id: 4 +> Voter: cosmos1abc...def +> Options: 2 WeightedVoteOptions +> Options (1/2): WeightedVoteOption object +>> Option: VOTE_OPTION_YES +>> Weight: 0.7 +> Options (2/2): WeightedVoteOption object +>> Option: VOTE_OPTION_NO +>> Weight: 0.3 +> End of Options +``` + +### Enums + +* Show the enum variant name as string. + +#### Examples + +See example above with `message Vote{}`. + +### `google.protobuf.Any` + +* Applies to `google.protobuf.Any` +* Rendered as: + +``` + +> +``` + +There is however one exception: when the underlying message is a Protobuf message that does not have a custom encoding, then the message header screen is omitted, and one level of indentation is removed. + +Messages that have a custom encoding, including `google.protobuf.Timestamp`, `google.protobuf.Duration`, `google.protobuf.Any`, `cosmos.base.v1beta1.Coin`, and messages that have an app-defined custom encoding, will preserve their header and indentation level. + +#### Examples + +Message header screen is stripped, one-level of indentation removed: +``` +/cosmos.gov.v1.Vote +> Proposal id: 4 +> Vote: cosmos1abc...def +> Options: 2 WeightedVoteOptions +> Options (1/2): WeightedVoteOption object +>> Option: Yes +>> Weight: 0.7 +> Options (2/2): WeightedVoteOption object +>> Option: No +>> Weight: 0.3 +> End of Options +``` + +Message with custom encoding: +``` +/cosmos.base.v1beta1.Coin +> 10uatom +``` + +### `google.protobuf.Timestamp` + +Rendered using [RFC 3339](https://www.rfc-editor.org/rfc/rfc3339) (a +simplification of ISO 8601), which is the current recommendation for portable +time values. The rendering always uses "Z" (UTC) as the timezone. It uses only +the necessary fractional digits of a second, omitting the fractional part +entirely if the timestamp has no fractional seconds. (The resulting timestamps +are not automatically sortable by standard lexicographic order, but we favor +the legibility of the shorter string.) + +#### Examples + +The timestamp with 1136214245 seconds and 700000000 nanoseconds is rendered +as `2006-01-02T15:04:05.7Z`. +The timestamp with 1136214245 seconds and zero nanoseconds is rendered +as `2006-01-02T15:04:05Z`. + +### `google.protobuf.Duration` + +The duration proto expresses a raw number of seconds and nanoseconds. +This will be rendered as longer time units of days, hours, and minutes, +plus any remaining seconds, in that order. +Leading and trailing zero-quantity units will be omitted, but all +units in between nonzero units will be shown, e.g. ` 3 days, 0 hours, 0 minutes, 5 seconds`. + +Even longer time units such as months or years are imprecise. +Weeks are precise, but not commonly used - `91 days` is more immediately +legible than `13 weeks`. Although `days` can be problematic, +e.g. noon to noon on subsequent days can be 23 or 25 hours depending on +daylight savings transitions, there is significant advantage in using +strict 24-hour days over using only hours (e.g. `91 days` vs `2184 hours`). + +When nanoseconds are nonzero, they will be shown as fractional seconds, +with only the minimum number of digits, e.g `0.5 seconds`. + +A duration of exactly zero is shown as `0 seconds`. + +Units will be given as singular (no trailing `s`) when the quantity is exactly one, +and will be shown in plural otherwise. + +Negative durations will be indicated with a leading minus sign (`-`). + +Examples: + +* `1 day` +* `30 days` +* `-1 day, 12 hours` +* `3 hours, 0 minutes, 53.025 seconds` + +### bytes + +* Bytes of length shorter or equal to 35 are rendered in hexadecimal, all capital letters, without the `0x` prefix. +* Bytes of length greater than 35 are hashed using SHA256. The rendered text is `SHA-256=`, followed by the 32-byte hash, in hexadecimal, all capital letters, without the `0x` prefix. +* The hexadecimal string is finally separated into groups of 4 digits, with a space `' '` as separator. If the bytes length is odd, the 2 remaining hexadecimal characters are at the end. + +The number 35 was chosen because it is the longest length where the hashed-and-prefixed representation is longer than the original data directly formatted, using the 3 rules above. More specifically: +- a 35-byte array will have 70 hex characters, plus 17 space characters, resulting in 87 characters. +- byte arrays starting from length 36 will be be hashed to 32 bytes, which is 64 hex characters plus 15 spaces, and with the `SHA-256=` prefix, it takes 87 characters. +Also, secp256k1 public keys have length 33, so their Textual representation is not their hashed value, which we would like to avoid. + +Note: Data longer than 35 bytes are not rendered in a way that can be inverted. See ADR-050's [section about invertability](./adr-050-sign-mode-textual.md#invertible-rendering) for a discussion. + +#### Examples + +Inputs are displayed as byte arrays. + +* `[0]`: `00` +* `[0,1,2]`: `0001 02` +* `[0,1,2,..,34]`: `0001 0203 0405 0607 0809 0A0B 0C0D 0E0F 1011 1213 1415 1617 1819 1A1B 1C1D 1E1F 2021 22` +* `[0,1,2,..,35]`: `SHA-256=5D7E 2D9B 1DCB C85E 7C89 0036 A2CF 2F9F E7B6 6554 F2DF 08CE C6AA 9C0A 25C9 9C21` + +### address bytes + +We currently use `string` types in protobuf for addresses so this may not be needed, but if any address bytes are used in sign mode textual they should be rendered with bech32 formatting + +### strings + +Strings are rendered as-is. + +### Default Values + +* Default Protobuf values for each field are skipped. + +#### Example + +```protobuf +message TestData { + string signer = 1; + string metadata = 2; +} +``` + +```go +myTestData := TestData{ + Signer: "cosmos1abc" +} +``` + +We get the following encoding for the `TestData` message: + +``` +TestData object +> Signer: cosmos1abc +``` + +### bool + +Boolean values are rendered as `True` or `False`. + +### [ABANDONED] Custom `msg_title` instead of Msg `type_url` + +_This paragraph is in the Annex for informational purposes only, and will be removed in a next update of the ADR._ + +
    + Click to see abandoned idea. + +* all protobuf messages to be used with `SIGN_MODE_TEXTUAL` CAN have a short title associated with them that can be used in format strings whenever the type URL is explicitly referenced via the `cosmos.msg.v1.textual.msg_title` Protobuf message option. +* if this option is not specified for a Msg, then the Protobuf fully qualified name will be used. + +```protobuf +message MsgSend { + option (cosmos.msg.v1.textual.msg_title) = "bank send coins"; +} +``` + +* they MUST be unique per message, per chain + +#### Examples + +* `cosmos.gov.v1.MsgVote` -> `governance v1 vote` + +#### Best Pratices + +We recommend to use this option only for `Msg`s whose Protobuf fully qualified name can be hard to understand. As such, the two examples above (`MsgSend` and `MsgVote`) are not good examples to be used with `msg_title`. We still allow `msg_title` for chains who might have `Msg`s with complex or non-obvious names. + +In those cases, we recommend to drop the version (e.g. `v1`) in the string if there's only one version of the module on chain. This way, the bijective mapping can figure out which message each string corresponds to. If multiple Protobuf versions of the same module exist on the same chain, we recommend keeping the first `msg_title` with version, and the second `msg_title` with version (e.g. `v2`): + +* `mychain.mymodule.v1.MsgDo` -> `mymodule do something` +* `mychain.mymodule.v2.MsgDo` -> `mymodule v2 do something` + +
    diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-050-sign-mode-textual-annex2.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-050-sign-mode-textual-annex2.md new file mode 100644 index 00000000..9bd0f3f4 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-050-sign-mode-textual-annex2.md @@ -0,0 +1,122 @@ +# ADR 050: SIGN_MODE_TEXTUAL: Annex 2 XXX + +## Changelog + +* Oct 3, 2022: Initial Draft + +## Status + +DRAFT + +## Abstract + +This annex provides normative guidance on how devices should render a +`SIGN_MODE_TEXTUAL` document. + +## Context + +`SIGN_MODE_TEXTUAL` allows a legible version of a transaction to be signed +on a hardware security device, such as a Ledger. Early versions of the +design rendered transactions directly to lines of ASCII text, but this +proved awkward from its in-band signaling, and for the need to display +Unicode text within the transaction. + +## Decision + +`SIGN_MODE_TEXTUAL` renders to an abstract representation, leaving it +up to device-specific software how to present this representation given the +capabilities, limitations, and conventions of the deivce. + +We offer the following normative guidance: + +1. The presentation should be as legible as possible to the user, given +the capabilities of the device. If legibility could be sacrificed for other +properties, we would recommend just using some other signing mode. +Legibility should focus on the common case - it is okay for unusual cases +to be less legible. + +2. The presentation should be invertible if possible without substantial +sacrifice of legibility. Any change to the rendered data should result +in a visible change to the presentation. This extends the integrity of the +signing to user-visible presentation. + +3. The presentation should follow normal conventions of the device, +without sacrificing legibility or invertibility. + +As an illustration of these principles, here is an example algorithm +for presentation on a device which can display a single 80-character +line of printable ASCII characters: + +* The presentation is broken into lines, and each line is presented in +sequence, with user controls for going forward or backward a line. + +* Expert mode screens are only presented if the device is in expert mode. + +* Each line of the screen starts with a number of `>` characters equal +to the screen's indentation level, followed by a `+` character if this +isn't the first line of the screen, followed by a space if either a +`>` or a `+` has been emitted, +or if this header is followed by a `>`, `+`, or space. + +* If the line ends with whitespace or an `@` character, an additional `@` +character is appended to the line. + +* The following ASCII control characters or backslash (`\`) are converted +to a backslash followed by a letter code, in the manner of string literals +in many languages: + + * a: U+0007 alert or bell + * b: U+0008 backspace + * f: U+000C form feed + * n: U+000A line feed + * r: U+000D carriage return + * t: U+0009 horizontal tab + * v: U+000B vertical tab + * `\`: U+005C backslash + +* All other ASCII control characters, plus non-ASCII Unicode code points, +are shown as either: + + * `\u` followed by 4 uppercase hex chacters for code points + in the basic multilingual plane (BMP). + + * `\U` followed by 8 uppercase hex characters for other code points. + +* The screen will be broken into multiple lines to fit the 80-character +limit, considering the above transformations in a way that attempts to +minimize the number of lines generated. Expanded control or Unicode characters +are never split across lines. + +Example output: + +``` +An introductory line. +key1: 123456 +key2: a string that ends in whitespace @ +key3: a string that ends in a single ampersand - @@ + >tricky key4<: note the leading space in the presentation +introducing an aggregate +> key5: false +> key6: a very long line of text, please co\u00F6perate and break into +>+ multiple lines. +> Can we do further nesting? +>> You bet we can! +``` + +The inverse mapping gives us the only input which could have +generated this output (JSON notation for string data): + +``` +Indent Text +------ ---- +0 "An introductory line." +0 "key1: 123456" +0 "key2: a string that ends in whitespace " +0 "key3: a string that ends in a single ampersand - @" +0 ">tricky key4<: note the leading space in the presentation" +0 "introducing an aggregate" +1 "key5: false" +1 "key6: a very long line of text, please coöperate and break into multiple lines." +1 "Can we do further nesting?" +2 "You bet we can!" +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-050-sign-mode-textual.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-050-sign-mode-textual.md new file mode 100644 index 00000000..c5b51b22 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-050-sign-mode-textual.md @@ -0,0 +1,370 @@ +# ADR 050: SIGN_MODE_TEXTUAL + +## Changelog + +* Dec 06, 2021: Initial Draft. +* Feb 07, 2022: Draft read and concept-ACKed by the Ledger team. +* May 16, 2022: Change status to Accepted. +* Aug 11, 2022: Require signing over tx raw bytes. +* Sep 07, 2022: Add custom `Msg`-renderers. +* Sep 18, 2022: Structured format instead of lines of text +* Nov 23, 2022: Specify CBOR encoding. +* Dec 01, 2022: Link to examples in separate JSON file. +* Dec 06, 2022: Re-ordering of envelope screens. +* Dec 14, 2022: Mention exceptions for invertability. +* Jan 23, 2023: Switch Screen.Text to Title+Content. +* Mar 07, 2023: Change SignDoc from array to struct containing array. +* Mar 20, 2023: Introduce a spec version initialized to 0. + +## Status + +Accepted. Implementation started. Small value renderers details still need to be polished. + +Spec version: 0. + +## Abstract + +This ADR specifies SIGN_MODE_TEXTUAL, a new string-based sign mode that is targetted at signing with hardware devices. + +## Context + +Protobuf-based SIGN_MODE_DIRECT was introduced in [ADR-020](./adr-020-protobuf-transaction-encoding.md) and is intended to replace SIGN_MODE_LEGACY_AMINO_JSON in most situations, such as mobile wallets and CLI keyrings. However, the [Ledger](https://www.ledger.com/) hardware wallet is still using SIGN_MODE_LEGACY_AMINO_JSON for displaying the sign bytes to the user. Hardware wallets cannot transition to SIGN_MODE_DIRECT as: + +* SIGN_MODE_DIRECT is binary-based and thus not suitable for display to end-users. Technically, hardware wallets could simply display the sign bytes to the user. But this would be considered as blind signing, and is a security concern. +* hardware cannot decode the protobuf sign bytes due to memory constraints, as the Protobuf definitions would need to be embedded on the hardware device. + +In an effort to remove Amino from the SDK, a new sign mode needs to be created for hardware devices. [Initial discussions](https://github.com/cosmos/cosmos-sdk/issues/6513) propose a text-based sign mode, which this ADR formally specifies. + +## Decision + +In SIGN_MODE_TEXTUAL, a transaction is rendered into a textual representation, +which is then sent to a secure device or subsystem for the user to review and sign. +Unlike `SIGN_MODE_DIRECT`, the transmitted data can be simply decoded into legible text +even on devices with limited processing and display. + +The textual representation is a sequence of _screens_. +Each screen is meant to be displayed in its entirety (if possible) even on a small device like a Ledger. +A screen is roughly equivalent to a short line of text. +Large screens can be displayed in several pieces, +much as long lines of text are wrapped, +so no hard guidance is given, though 40 characters is a good target. +A screen is used to display a single key/value pair for scalar values +(or composite values with a compact notation, such as `Coins`) +or to introduce or conclude a larger grouping. + +The text can contain the full range of Unicode code points, including control characters and nul. +The device is responsible for deciding how to display characters it cannot render natively. +See [annex 2](./adr-050-sign-mode-textual-annex2.md) for guidance. + +Screens have a non-negative indentation level to signal composite or nested structures. +Indentation level zero is the top level. +Indentation is displayed via some device-specific mechanism. +Message quotation notation is an appropriate model, such as +leading `>` characters or vertical bars on more capable displays. + +Some screens are marked as _expert_ screens, +meant to be displayed only if the viewer chooses to opt in for the extra detail. +Expert screens are meant for information that is rarely useful, +or needs to be present only for signature integrity (see below). + +### Invertible Rendering + +We require that the rendering of the transaction be invertible: +there must be a parsing function such that for every transaction, +when rendered to the textual representation, +parsing that representation yeilds a proto message equivalent +to the original under proto equality. + +Note that this inverse function does not need to perform correct +parsing or error signaling for the whole domain of textual data. +Merely that the range of valid transactions be invertible under +the composition of rendering and parsing. + +Note that the existence of an inverse function ensures that the +rendered text contains the full information of the original transaction, +not a hash or subset. + +We make an exception for invertibility for data which are too large to +meaningfully display, such as byte strings longer than 32 bytes. We may then +selectively render them with a cryptographically-strong hash. In these cases, +it is still computationally infeasible to find a different transaction which +has the same rendering. However, we must ensure that the hash computation is +simple enough to be reliably executed independently, so at least the hash is +itself reasonably verifiable when the raw byte string is not. + +### Chain State + +The rendering function (and parsing function) may depend on the current chain state. +This is useful for reading parameters, such as coin display metadata, +or for reading user-specific preferences such as language or address aliases. +Note that if the observed state changes between signature generation +and the transaction's inclusion in a block, the delivery-time rendering +might differ. If so, the signature will be invalid and the transaction +will be rejected. + +### Signature and Security + +For security, transaction signatures should have three properties: + +1. Given the transaction, signatures, and chain state, it must be possible to validate that the signatures matches the transaction, +to verify that the signers must have known their respective secret keys. + +2. It must be computationally infeasible to find a substantially different transaction for which the given signatures are valid, given the same chain state. + +3. The user should be able to give informed consent to the signed data via a simple, secure device with limited display capabilities. + +The correctness and security of `SIGN_MODE_TEXTUAL` is guaranteed by demonstrating an inverse function from the rendering to transaction protos. +This means that it is impossible for a different protocol buffer message to render to the same text. + +### Transaction Hash Malleability + +When client software forms a transaction, the "raw" transaction (`TxRaw`) is serialized as a proto +and a hash of the resulting byte sequence is computed. +This is the `TxHash`, and is used by various services to track the submitted transaction through its lifecycle. +Various misbehavior is possible if one can generate a modified transaction with a different TxHash +but for which the signature still checks out. + +SIGN_MODE_TEXTUAL prevents this transaction malleability by including the TxHash as an expert screen +in the rendering. + +### SignDoc + +The SignDoc for `SIGN_MODE_TEXTUAL` is formed from a data structure like: + +```go +type Screen struct { + Title string // possibly size limited to, advised to 64 characters + Content string // possibly size limited to, advised to 255 characters + Indent uint8 // size limited to something small like 16 or 32 + Expert bool +} + +type SignDocTextual struct { + Screens []Screen +} +``` + +We do not plan to use protobuf serialization to form the sequence of bytes +that will be tranmitted and signed, in order to keep the decoder simple. +We will use [CBOR](https://cbor.io) ([RFC 8949](https://www.rfc-editor.org/rfc/rfc8949.html)) instead. +The encoding is defined by the following CDDL ([RFC 8610](https://www.rfc-editor.org/rfc/rfc8610)): + +``` +;;; CDDL (RFC 8610) Specification of SignDoc for SIGN_MODE_TEXTUAL. +;;; Must be encoded using CBOR deterministic encoding (RFC 8949, section 4.2.1). + +;; A Textual document is a struct containing one field: an array of screens. +sign_doc = { + screens_key: [* screen], +} + +;; The key is an integer to keep the encoding small. +screens_key = 1 + +;; A screen consists of a text string, an indentation, and the expert flag, +;; represented as an integer-keyed map. All entries are optional +;; and MUST be omitted from the encoding if empty, zero, or false. +;; Text defaults to the empty string, indent defaults to zero, +;; and expert defaults to false. +screen = { + ? title_key: tstr, + ? content_key: tstr, + ? indent_key: uint, + ? expert_key: bool, +} + +;; Keys are small integers to keep the encoding small. +title_key = 1 +content_key = 2 +indent_key = 3 +expert_key = 4 +``` + +Defining the sign_doc as directly an array of screens has also been considered. However, given the possibility of future iterations of this specification, using a single-keyed struct has been chosen over the former proposal, as structs allow for easier backwards-compatibility. + +## Details + +In the examples that follow, screens will be shown as lines of text, +indentation is indicated with a leading '>', +and expert screens are marked with a leading `*`. + +### Encoding of the Transaction Envelope + +We define "transaction envelope" as all data in a transaction that is not in the `TxBody.Messages` field. Transaction envelope includes fee, signer infos and memo, but don't include `Msg`s. `//` denotes comments and are not shown on the Ledger device. + +``` +Chain ID: +Account number: +Sequence: +Address: +*Public Key: +This transaction has Message(s) // Pluralize "Message" only when int>1 +> Message (/): // See value renderers for Any rendering. +End of Message +Memo: // Skipped if no memo set. +Fee: // See value renderers for coins rendering. +*Fee payer: // Skipped if no fee_payer set. +*Fee granter: // Skipped if no fee_granter set. +Tip: // Skippted if no tip. +Tipper: +*Gas Limit: +*Timeout Height: // Skipped if no timeout_height set. +*Other signer: SignerInfo // Skipped if the transaction only has 1 signer. +*> Other signer (/): +*End of other signers +*Extension options: Any: // Skipped if no body extension options +*> Extension options (/): +*End of extension options +*Non critical extension options: Any: // Skipped if no body non critical extension options +*> Non critical extension options (/): +*End of Non critical extension options +*Hash of raw bytes: // Hex encoding of bytes defined, to prevent tx hash malleability. +``` + +### Encoding of the Transaction Body + +Transaction Body is the `Tx.TxBody.Messages` field, which is an array of `Any`s, where each `Any` packs a `sdk.Msg`. Since `sdk.Msg`s are widely used, they have a slightly different encoding than usual array of `Any`s (Protobuf: `repeated google.protobuf.Any`) described in Annex 1. + +``` +This transaction has message: // Optional 's' for "message" if there's is >1 sdk.Msgs. +// For each Msg, print the following 2 lines: +Msg (/): // E.g. Msg (1/2): bank v1beta1 send coins + +End of transaction messages +``` + +#### Example + +Given the following Protobuf message: + +```protobuf +message Grant { + google.protobuf.Any authorization = 1 [(cosmos_proto.accepts_interface) = "cosmos.authz.v1beta1.Authorization"]; + google.protobuf.Timestamp expiration = 2 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false]; +} + +message MsgGrant { + option (cosmos.msg.v1.signer) = "granter"; + + string granter = 1 [(cosmos_proto.scalar) = "cosmos.AddressString"]; + string grantee = 2 [(cosmos_proto.scalar) = "cosmos.AddressString"]; +} +``` + +and a transaction containing 1 such `sdk.Msg`, we get the following encoding: + +``` +This transaction has 1 message: +Msg (1/1): authz v1beta1 grant +Granter: cosmos1abc...def +Grantee: cosmos1ghi...jkl +End of transaction messages +``` + +### Custom `Msg` Renderers + +Application developers may choose to not follow default renderer value output for their own `Msg`s. In this case, they can implement their own custom `Msg` renderer. This is similar to [EIP4430](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-4430.md), where the smart contract developer chooses the description string to be shown to the end user. + +This is done by setting the `cosmos.msg.textual.v1.expert_custom_renderer` Protobuf option to a non-empty string. This option CAN ONLY be set on a Protobuf message representing transaction message object (implementing `sdk.Msg` interface). + +```protobuf +message MsgFooBar { + // Optional comments to describe in human-readable language the formatting + // rules of the custom renderer. + option (cosmos.msg.textual.v1.expert_custom_renderer) = ""; + + // proto fields +} +``` + +When this option is set on a `Msg`, a registered function will transform the `Msg` into an array of one or more strings, which MAY use the key/value format (described in point #3) with the expert field prefix (described in point #5) and arbitrary indentation (point #6). These strings MAY be rendered from a `Msg` field using a default value renderer, or they may be generated from several fields using custom logic. + +The `` is a string convention chosen by the application developer and is used to identify the custom `Msg` renderer. For example, the documentation or specification of this custom algorithm can reference this identifier. This identifier CAN have a versioned suffix (e.g. `_v1`) to adapt for future changes (which would be consensus-breaking). We also recommend adding Protobuf comments to describe in human language the custom logic used. + +Moreover, the renderer must provide 2 functions: one for formatting from Protobuf to string, and one for parsing string to Protobuf. These 2 functions are provided by the application developer. To satisfy point #1, the parse function MUST be the inverse of the formatting function. This property will not be checked by the SDK at runtime. However, we strongly recommend the application developer to include a comprehensive suite in their app repo to test invertibility, as to not introduce security bugs. + +### Require signing over the `TxBody` and `AuthInfo` raw bytes + +Recall that the transaction bytes merklelized on chain are the Protobuf binary serialization of [TxRaw](hhttps://buf.build/cosmos/cosmos-sdk/docs/main:cosmos.tx.v1beta1#cosmos.tx.v1beta1.TxRaw), which contains the `body_bytes` and `auth_info_bytes`. Moreover, the transaction hash is defined as the SHA256 hash of the `TxRaw` bytes. We require that the user signs over these bytes in SIGN_MODE_TEXTUAL, more specifically over the following string: + +``` +*Hash of raw bytes: +``` + +where: + +* `++` denotes concatenation, +* `HEX` is the hexadecimal representation of the bytes, all in capital letters, no `0x` prefix, +* and `len()` is encoded as a Big-Endian uint64. + +This is to prevent transaction hash malleability. The point #1 about invertiblity assures that transaction `body` and `auth_info` values are not malleable, but the transaction hash still might be malleable with point #1 only, because the SIGN_MODE_TEXTUAL strings don't follow the byte ordering defined in `body_bytes` and `auth_info_bytes`. Without this hash, a malicious validator or exchange could intercept a transaction, modify its transaction hash _after_ the user signed it using SIGN_MODE_TEXTUAL (by tweaking the byte ordering inside `body_bytes` or `auth_info_bytes`), and then submit it to Tendermint. + +By including this hash in the SIGN_MODE_TEXTUAL signing payload, we keep the same level of guarantees as [SIGN_MODE_DIRECT](./adr-020-protobuf-transaction-encoding.md). + +These bytes are only shown in expert mode, hence the leading `*`. + +## Updates to the current specification + +The current specification is not set in stone, and future iterations are to be expected. We distinguish two categories of updates to this specification: + +1. Updates that require changes of the hardware device embedded application. +2. Updates that only modify the envelope and the value renderers. + +Updates in the 1st category include changes of the `Screen` struct or its corresponding CBOR encoding. This type of updates require a modification of the hardware signer application, to be able to decode and parse the new types. Backwards-compatibility must also be guaranteed, so that the new hardware application works with existing versions of the SDK. These updates require the coordination of multiple parties: SDK developers, hardware application developers (currently: Zondax), and client-side developers (e.g. CosmJS). Furthermore, a new submission of the hardware device application may be necessary, which, dependending on the vendor, can take some time. As such, we recommend to avoid this type of updates as much as possible. + +Updates in the 2nd category include changes to any of the value renderers or to the transaction envelope. For example, the ordering of fields in the envelope can be swapped, or the timestamp formatting can be modified. Since SIGN_MODE_TEXTUAL sends `Screen`s to the hardware device, this type of change do not need a hardware wallet application update. They are however state-machine-breaking, and must be documented as such. They require the coordination of SDK developers with client-side developers (e.g. CosmJS), so that the updates are released on both sides close to each other in time. + +We define a spec version, which is an integer that must be incremented on each update of either category. This spec version will be exposed by the SDK's implementation, and can be communicated to clients. For example, SDK v0.50 might use the spec version 1, and SDK v0.51 might use 2; thanks to this versioning, clients can know how to craft SIGN_MODE_TEXTUAL transactions based on the target SDK version. + +The current spec version is defined in the "Status" section, on the top of this document. It is initialized to `0` to allow flexibility in choosing how to define future versions, as it would allow adding a field either in the SignDoc Go struct or in Protobuf in a backwards-compatible way. + +## Additional Formatting by the Hardware Device + +See [annex 2](./adr-050-sign-mode-textual-annex2.md). + +## Examples + +1. A minimal MsgSend: [see transaction](https://github.com/cosmos/cosmos-sdk/blob/094abcd393379acbbd043996024d66cd65246fb1/tx/textual/internal/testdata/e2e.json#L2-L70). +2. A transaction with a bit of everything: [see transaction](https://github.com/cosmos/cosmos-sdk/blob/094abcd393379acbbd043996024d66cd65246fb1/tx/textual/internal/testdata/e2e.json#L71-L270). + +The examples below are stored in a JSON file with the following fields: + +* `proto`: the representation of the transaction in ProtoJSON, +* `screens`: the transaction rendered into SIGN_MODE_TEXTUAL screens, +* `cbor`: the sign bytes of the transaction, which is the CBOR encoding of the screens. + +## Consequences + +### Backwards Compatibility + +SIGN_MODE_TEXTUAL is purely additive, and doesn't break any backwards compatibility with other sign modes. + +### Positive + +* Human-friendly way of signing in hardware devices. +* Once SIGN_MODE_TEXTUAL is shipped, SIGN_MODE_LEGACY_AMINO_JSON can be deprecated and removed. On the longer term, once the ecosystem has totally migrated, Amino can be totally removed. + +### Negative + +* Some fields are still encoded in non-human-readable ways, such as public keys in hexadecimal. +* New ledger app needs to be released, still unclear + +### Neutral + +* If the transaction is complex, the string array can be arbitrarily long, and some users might just skip some screens and blind sign. + +## Further Discussions + +* Some details on value renderers need to be polished, see [Annex 1](./adr-050-sign-mode-textual-annex1.md). +* Are ledger apps able to support both SIGN_MODE_LEGACY_AMINO_JSON and SIGN_MODE_TEXTUAL at the same time? +* Open question: should we add a Protobuf field option to allow app developers to overwrite the textual representation of certain Protobuf fields and message? This would be similar to Ethereum's [EIP4430](https://github.com/ethereum/EIPs/pull/4430), where the contract developer decides on the textual representation. +* Internationalization. + +## References + +* [Annex 1](./adr-050-sign-mode-textual-annex1.md) + +* Initial discussion: https://github.com/cosmos/cosmos-sdk/issues/6513 +* Living document used in the working group: https://hackmd.io/fsZAO-TfT0CKmLDtfMcKeA?both +* Working group meeting notes: https://hackmd.io/7RkGfv_rQAaZzEigUYhcXw +* Ethereum's "Described Transactions" https://github.com/ethereum/EIPs/pull/4430 diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-053-go-module-refactoring.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-053-go-module-refactoring.md new file mode 100644 index 00000000..d15c3901 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-053-go-module-refactoring.md @@ -0,0 +1,110 @@ +# ADR 053: Go Module Refactoring + +## Changelog + +* 2022-04-27: First Draft + +## Status + +PROPOSED + +## Abstract + +The current SDK is built as a single monolithic go module. This ADR describes +how we refactor the SDK into smaller independently versioned go modules +for ease of maintenance. + +## Context + +Go modules impose certain requirements on software projects with respect to +stable version numbers (anything above 0.x) in that [any API breaking changes +necessitate a major version](https://go.dev/doc/modules/release-workflow#breaking) +increase which technically creates a new go module +(with a v2, v3, etc. suffix). + +[Keeping modules API compatible](https://go.dev/blog/module-compatibility) in +this way requires a fair amount of fair thought and discipline. + +The Cosmos SDK is a fairly large project which originated before go modules +came into existence and has always been under a v0.x release even though +it has been used in production for years now, not because it isn't production +quality software, but rather because the API compatibility guarantees required +by go modules are fairly complex to adhere to with such a large project. +Up to now, it has generally been deemed more important to be able to break the +API if needed rather than require all users update all package import paths +to accommodate breaking changes causing v2, v3, etc. releases. This is in +addition to the other complexities related to protobuf generated code that will +be addressed in a separate ADR. + +Nevertheless, the desire for semantic versioning has been [strong in the +community](https://github.com/cosmos/cosmos-sdk/discussions/10162) and the +single go module release process has made it very hard to +release small changes to isolated features in a timely manner. Release cycles +often exceed six months which means small improvements done in a day or +two get bottle-necked by everything else in the monolithic release cycle. + +## Decision + +To improve the current situation, the SDK is being refactored into multiple +go modules within the current repository. There has been a [fair amount of +debate](https://github.com/cosmos/cosmos-sdk/discussions/10582#discussioncomment-1813377) +as to how to do this, with some developers arguing for larger vs smaller +module scopes. There are pros and cons to both approaches (which will be +discussed below in the [Consequences](#consequences) section), but the +approach being adopted is the following: + +* a go module should generally be scoped to a specific coherent set of +functionality (such as math, errors, store, etc.) +* when code is removed from the core SDK and moved to a new module path, every +effort should be made to avoid API breaking changes in the existing code using +aliases and wrapper types (as done in https://github.com/cosmos/cosmos-sdk/pull/10779 +and https://github.com/cosmos/cosmos-sdk/pull/11788) +* new go modules should be moved to a standalone domain (`cosmossdk.io`) before +being tagged as `v1.0.0` to accommodate the possibility that they may be +better served by a standalone repository in the future +* all go modules should follow the guidelines in https://go.dev/blog/module-compatibility +before `v1.0.0` is tagged and should make use of `internal` packages to limit +the exposed API surface +* the new go module's API may deviate from the existing code where there are +clear improvements to be made or to remove legacy dependencies (for instance on +amino or gogo proto), as long the old package attempts +to avoid API breakage with aliases and wrappers +* care should be taken when simply trying to turn an existing package into a +new go module: https://github.com/golang/go/wiki/Modules#is-it-possible-to-add-a-module-to-a-multi-module-repository. +In general, it seems safer to just create a new module path (appending v2, v3, etc. +if necessary), rather than trying to make an old package a new module. + +## Consequences + +### Backwards Compatibility + +If the above guidelines are followed to use aliases or wrapper types pointing +in existing APIs that point back to the new go modules, there should be no or +very limited breaking changes to existing APIs. + +### Positive + +* standalone pieces of software will reach `v1.0.0` sooner +* new features to specific functionality will be released sooner + +### Negative + +* there will be more go module versions to update in the SDK itself and +per-project, although most of these will hopefully be indirect + +### Neutral + +## Further Discussions + +Further discussions are occurring in primarily in +https://github.com/cosmos/cosmos-sdk/discussions/10582 and within +the Cosmos SDK Framework Working Group. + +## References + +* https://go.dev/doc/modules/release-workflow +* https://go.dev/blog/module-compatibility +* https://github.com/cosmos/cosmos-sdk/discussions/10162 +* https://github.com/cosmos/cosmos-sdk/discussions/10582 +* https://github.com/cosmos/cosmos-sdk/pull/10779 +* https://github.com/cosmos/cosmos-sdk/pull/11788 diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-054-semver-compatible-modules.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-054-semver-compatible-modules.md new file mode 100644 index 00000000..be63e8db --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-054-semver-compatible-modules.md @@ -0,0 +1,728 @@ +# ADR 054: Semver Compatible SDK Modules + +## Changelog + +* 2022-04-27: First draft + +## Status + +DRAFT + +## Abstract + +In order to move the Cosmos SDK to a system of decoupled semantically versioned +modules which can be composed in different combinations (ex. staking v3 with +bank v1 and distribution v2), we need to reassess how we organize the API surface +of modules to avoid problems with go semantic import versioning and +circular dependencies. This ADR explores various approaches we can take to +addressing these issues. + +## Context + +There has been [a fair amount of desire](https://github.com/cosmos/cosmos-sdk/discussions/10162) +in the community for semantic versioning in the SDK and there has been significant +movement to splitting SDK modules into [standalone go modules](https://github.com/cosmos/cosmos-sdk/issues/11899). +Both of these will ideally allow the ecosystem to move faster because we won't +be waiting for all dependencies to update synchronously. For instance, we could +have 3 versions of the core SDK compatible with the latest 2 releases of +CosmWasm as well as 4 different versions of staking . This sort of setup would +allow early adopters to aggressively integrate new versions, while allowing +more conservative users to be selective about which versions they're ready for. + +In order to achieve this, we need to solve the following problems: + +1. because of the way [go semantic import versioning](https://research.swtch.com/vgo-import) (SIV) + works, moving to SIV naively will actually make it harder to achieve these goals +2. circular dependencies between modules need to be broken to actually release + many modules in the SDK independently +3. pernicious minor version incompatibilities introduced through correctly + [evolving protobuf schemas](https://developers.google.com/protocol-buffers/docs/proto3#updating) + without correct [unknown field filtering](./adr-020-protobuf-transaction-encoding.md#unknown-field-filtering) + +Note that all the following discussion assumes that the proto file versioning and state machine versioning of a module +are distinct in that: + +* proto files are maintained in a non-breaking way (using something + like [buf breaking](https://docs.buf.build/breaking/overview) + to ensure all changes are backwards compatible) +* proto file versions get bumped much less frequently, i.e. we might maintain `cosmos.bank.v1` through many versions + of the bank module state machine +* state machine breaking changes are more common and ideally this is what we'd want to semantically version with + go modules, ex. `x/bank/v2`, `x/bank/v3`, etc. + +### Problem 1: Semantic Import Versioning Compatibility + +Consider we have a module `foo` which defines the following `MsgDoSomething` and that we've released its state +machine in go module `example.com/foo`: + +```protobuf +package foo.v1; + +message MsgDoSomething { + string sender = 1; + uint64 amount = 2; +} + +service Msg { + DoSomething(MsgDoSomething) returns (MsgDoSomethingResponse); +} +``` + +Now consider that we make a revision to this module and add a new `condition` field to `MsgDoSomething` and also +add a new validation rule on `amount` requiring it to be non-zero, and that following go semantic versioning we +release the next state machine version of `foo` as `example.com/foo/v2`. + +```protobuf +// Revision 1 +package foo.v1; + +message MsgDoSomething { + string sender = 1; + + // amount must be a non-zero integer. + uint64 amount = 2; + + // condition is an optional condition on doing the thing. + // + // Since: Revision 1 + Condition condition = 3; +} +``` + +Approaching this naively, we would generate the protobuf types for the initial +version of `foo` in `example.com/foo/types` and we would generate the protobuf +types for the second version in `example.com/foo/v2/types`. + +Now let's say we have a module `bar` which talks to `foo` using this keeper +interface which `foo` provides: + +```go +type FooKeeper interface { + DoSomething(MsgDoSomething) error +} +``` + +#### Scenario A: Backward Compatibility: Newer Foo, Older Bar + +Imagine we have a chain which uses both `foo` and `bar` and wants to upgrade to +`foo/v2`, but the `bar` module has not upgraded to `foo/v2`. + +In this case, the chain will not be able to upgrade to `foo/v2` until `bar` +has upgraded its references to `example.com/foo/types.MsgDoSomething` to +`example.com/foo/v2/types.MsgDoSomething`. + +Even if `bar`'s usage of `MsgDoSomething` has not changed at all, the upgrade +will be impossible without this change because `example.com/foo/types.MsgDoSomething` +and `example.com/foo/v2/types.MsgDoSomething` are fundamentally different +incompatible structs in the go type system. + +#### Scenario B: Forward Compatibility: Older Foo, Newer Bar + +Now let's consider the reverse scenario, where `bar` upgrades to `foo/v2` +by changing the `MsgDoSomething` reference to `example.com/foo/v2/types.MsgDoSomething` +and releases that as `bar/v2` with some other changes that a chain wants. +The chain, however, has decided that it thinks the changes in `foo/v2` are too +risky and that it'd prefer to stay on the initial version of `foo`. + +In this scenario, it is impossible to upgrade to `bar/v2` without upgrading +to `foo/v2` even if `bar/v2` would have worked 100% fine with `foo` other +than changing the import path to `MsgDoSomething` (meaning that `bar/v2` +doesn't actually use any new features of `foo/v2`). + +Now because of the way go semantic import versioning works, we are locked +into either using `foo` and `bar` OR `foo/v2` and `bar/v2`. We cannot have +`foo` + `bar/v2` OR `foo/v2` + `bar`. The go type system doesn't allow this +even if both versions of these modules are otherwise compatible with each +other. + +#### Naive Mitigation + +A naive approach to fixing this would be to not regenerate the protobuf types +in `example.com/foo/v2/types` but instead just update `example.com/foo/types` +to reflect the changes needed for `v2` (adding `condition` and requiring +`amount` to be non-zero). Then we could release a patch of `example.com/foo/types` +with this update and use that for `foo/v2`. But this change is state machine +breaking for `v1`. It requires changing the `ValidateBasic` method to reject +the case where `amount` is zero, and it adds the `condition` field which +should be rejected based +on [ADR 020 unknown field filtering](./adr-020-protobuf-transaction-encoding.md#unknown-field-filtering). +So adding these changes as a patch on `v1` is actually incorrect based on semantic +versioning. Chains that want to stay on `v1` of `foo` should not +be importing these changes because they are incorrect for `v1.` + +### Problem 2: Circular dependencies + +None of the above approaches allow `foo` and `bar` to be separate modules +if for some reason `foo` and `bar` depend on each other in different ways. +For instance, we can't have `foo` import `bar/types` while `bar` imports +`foo/types`. + +We have several cases of circular module dependencies in the SDK +(ex. staking, distribution and slashing) that are legitimate from a state machine +perspective. Without separating the API types out somehow, there would be +no way to independently semantically version these modules without some other +mitigation. + +### Problem 3: Handling Minor Version Incompatibilities + +Imagine that we solve the first two problems but now have a scenario where +`bar/v2` wants the option to use `MsgDoSomething.condition` which only `foo/v2` +supports. If `bar/v2` works with `foo` `v1` and sets `condition` to some non-nil +value, then `foo` will silently ignore this field resulting in a silent logic +possibly dangerous logic error. If `bar/v2` were able to check whether `foo` was +on `v1` or `v2` and dynamically, it could choose to only use `condition` when +`foo/v2` is available. Even if `bar/v2` were able to perform this check, however, +how do we know that it is always performing the check properly. Without +some sort of +framework-level [unknown field filtering](./adr-020-protobuf-transaction-encoding.md#unknown-field-filtering), +it is hard to know whether these pernicious hard to detect bugs are getting into +our app and a client-server layer such as [ADR 033: Inter-Module Communication](./adr-033-protobuf-inter-module-comm.md) +may be needed to do this. + +## Solutions + +### Approach A) Separate API and State Machine Modules + +One solution (first proposed in https://github.com/cosmos/cosmos-sdk/discussions/10582) is to isolate all protobuf +generated code into a separate module +from the state machine module. This would mean that we could have state machine +go modules `foo` and `foo/v2` which could use a types or API go module say +`foo/api`. This `foo/api` go module would be perpetually on `v1.x` and only +accept non-breaking changes. This would then allow other modules to be +compatible with either `foo` or `foo/v2` as long as the inter-module API only +depends on the types in `foo/api`. It would also allow modules `foo` and `bar` +to depend on each other in that both of them could depend on `foo/api` and +`bar/api` without `foo` directly depending on `bar` and vice versa. + +This is similar to the naive mitigation described above except that it separates +the types into separate go modules which in and of itself could be used to +break circular module dependencies. It has the same problems as the naive solution, +otherwise, which we could rectify by: + +1. removing all state machine breaking code from the API module (ex. `ValidateBasic` and any other interface methods) +2. embedding the correct file descriptors for unknown field filtering in the binary + +#### Migrate all interface methods on API types to handlers + +To solve 1), we need to remove all interface implementations from generated +types and instead use a handler approach which essentially means that given +a type `X`, we have some sort of resolver which allows us to resolve interface +implementations for that type (ex. `sdk.Msg` or `authz.Authorization`). For +example: + +```go +func (k Keeper) DoSomething(msg MsgDoSomething) error { + var validateBasicHandler ValidateBasicHandler + err := k.resolver.Resolve(&validateBasic, msg) + if err != nil { + return err + } + + err = validateBasicHandler.ValidateBasic() + ... +} +``` + +In the case of some methods on `sdk.Msg`, we could replace them with declarative +annotations. For instance, `GetSigners` can already be replaced by the protobuf +annotation `cosmos.msg.v1.signer`. In the future, we may consider some sort +of protobuf validation framework (like https://github.com/bufbuild/protoc-gen-validate +but more Cosmos-specific) to replace `ValidateBasic`. + +#### Pinned FileDescriptor's + +To solve 2), state machine modules must be able to specify what the version of +the protobuf files was that they were built against. For instance if the API +module for `foo` upgrades to `foo/v2`, the original `foo` module still needs +a copy of the original protobuf files it was built with so that ADR 020 +unknown field filtering will reject `MsgDoSomething` when `condition` is +set. + +The simplest way to do this may be to embed the protobuf `FileDescriptor`s into +the module itself so that these `FileDescriptor`s are used at runtime rather +than the ones that are built into the `foo/api` which may be different. Using +[buf build](https://docs.buf.build/build/usage#output-format), [go embed](https://pkg.go.dev/embed), +and a build script we can probably come up with a solution for embedding +`FileDescriptor`s into modules that is fairly straightforward. + +#### Potential limitations to generated code + +One challenge with this approach is that it places heavy restrictions on what +can go in API modules and requires that most of this is state machine breaking. +All or most of the code in the API module would be generated from protobuf +files, so we can probably control this with how code generation is done, but +it is a risk to be aware of. + +For instance, we do code generation for the ORM that in the future could +contain optimizations that are state machine breaking. We +would either need to ensure very carefully that the optimizations aren't +actually state machine breaking in generated code or separate this generated code +out from the API module into the state machine module. Both of these mitigations +are potentially viable but the API module approach does require an extra level +of care to avoid these sorts of issues. + +#### Minor Version Incompatibilities + +This approach in and of itself does little to address any potential minor +version incompatibilities and the +requisite [unknown field filtering](./adr-020-protobuf-transaction-encoding.md#unknown-field-filtering). +Likely some sort of client-server routing layer which does this check such as +[ADR 033: Inter-Module communication](./adr-033-protobuf-inter-module-comm.md) +is required to make sure that this is done properly. We could then allow +modules to perform a runtime check given a `MsgClient`, ex: + +```go +func (k Keeper) CallFoo() error { + if k.interModuleClient.MinorRevision(k.fooMsgClient) >= 2 { + k.fooMsgClient.DoSomething(&MsgDoSomething{Condition: ...}) + } else { + ... + } +} +``` + +To do the unknown field filtering itself, the ADR 033 router would need to use +the [protoreflect API](https://pkg.go.dev/google.golang.org/protobuf/reflect/protoreflect) +to ensure that no fields unknown to the receiving module are set. This could +result in an undesirable performance hit depending on how complex this logic is. + +### Approach B) Changes to Generated Code + +An alternate approach to solving the versioning problem is to change how protobuf code is generated and move modules +mostly or completely in the direction of inter-module communication as described +in [ADR 033](./adr-033-protobuf-inter-module-comm.md). +In this paradigm, a module could generate all the types it needs internally - including the API types of other modules - +and talk to other modules via a client-server boundary. For instance, if `bar` needs to talk to `foo`, it could +generate its own version of `MsgDoSomething` as `bar/internal/foo/v1.MsgDoSomething` and just pass this to the +inter-module router which would somehow convert it to the version which foo needs (ex. `foo/internal.MsgDoSomething`). + +Currently, two generated structs for the same protobuf type cannot exist in the same go binary without special +build flags (see https://developers.google.com/protocol-buffers/docs/reference/go/faq#fix-namespace-conflict). +A relatively simple mitigation to this issue would be to set up the protobuf code to not register protobuf types +globally if they are generated in an `internal/` package. This will require modules to register their types manually +with the app-level level protobuf registry, this is similar to what modules already do with the `InterfaceRegistry` +and amino codec. + +If modules _only_ do ADR 033 message passing then a naive and non-performant solution for +converting `bar/internal/foo/v1.MsgDoSomething` +to `foo/internal.MsgDoSomething` would be marshaling and unmarshaling in the ADR 033 router. This would break down if +we needed to expose protobuf types in `Keeper` interfaces because the whole point is to try to keep these types +`internal/` so that we don't end up with all the import version incompatibilities we've described above. However, +because of the issue with minor version incompatibilities and the need +for [unknown field filtering](./adr-020-protobuf-transaction-encoding.md#unknown-field-filtering), +sticking with the `Keeper` paradigm instead of ADR 033 may be unviable to begin with. + +A more performant solution (that could maybe be adapted to work with `Keeper` interfaces) would be to only expose +getters and setters for generated types and internally store data in memory buffers which could be passed from +one implementation to another in a zero-copy way. + +For example, imagine this protobuf API with only getters and setters is exposed for `MsgSend`: + +```go +type MsgSend interface { + proto.Message + GetFromAddress() string + GetToAddress() string + GetAmount() []v1beta1.Coin + SetFromAddress(string) + SetToAddress(string) + SetAmount([]v1beta1.Coin) +} + +func NewMsgSend() MsgSend { return &msgSendImpl{memoryBuffers: ...} } +``` + +Under the hood, `MsgSend` could be implemented based on some raw memory buffer in the same way +that [Cap'n Proto](https://capnproto.org) +and [FlatBuffers](https://google.github.io/flatbuffers/) so that we could convert between one version of `MsgSend` +and another without serialization (i.e. zero-copy). This approach would have the added benefits of allowing zero-copy +message passing to modules written in other languages such as Rust and accessed through a VM or FFI. It could also make +unknown field filtering in inter-module communication simpler if we require that all new fields are added in sequential +order, ex. just checking that no field `> 5` is set. + +Also, we wouldn't have any issues with state machine breaking code on generated types because all the generated +code used in the state machine would actually live in the state machine module itself. Depending on how interface +types and protobuf `Any`s are used in other languages, however, it may still be desirable to take the handler +approach described in approach A. Either way, types implementing interfaces would still need to be registered +with an `InterfaceRegistry` as they are now because there would be no way to retrieve them via the global registry. + +In order to simplify access to other modules using ADR 033, a public API module (maybe even one +[remotely generated by Buf](https://docs.buf.build/bsr/remote-generation/go)) could be used by client modules instead +of requiring to generate all client types internally. + +The big downsides of this approach are that it requires big changes to how people use protobuf types and would be a +substantial rewrite of the protobuf code generator. This new generated code, however, could still be made compatible +with +the [`google.golang.org/protobuf/reflect/protoreflect`](https://pkg.go.dev/google.golang.org/protobuf/reflect/protoreflect) +API in order to work with all standard golang protobuf tooling. + +It is possible that the naive approach of marshaling/unmarshaling in the ADR 033 router is an acceptable intermediate +solution if the changes to the code generator are seen as too complex. However, since all modules would likely need +to migrate to ADR 033 anyway with this approach, it might be better to do this all at once. + +### Approach C) Don't address these issues + +If the above solutions are seen as too complex, we can also decide not to do anything explicit to enable better module +version compatibility, and break circular dependencies. + +In this case, when developers are confronted with the issues described above they can require dependencies to update in +sync (what we do now) or attempt some ad-hoc potentially hacky solution. + +One approach is to ditch go semantic import versioning (SIV) altogether. Some people have commented that go's SIV +(i.e. changing the import path to `foo/v2`, `foo/v3`, etc.) is too restrictive and that it should be optional. The +golang maintainers disagree and only officially support semantic import versioning. We could, however, take the +contrarian perspective and get more flexibility by using 0.x-based versioning basically forever. + +Module version compatibility could then be achieved using go.mod replace directives to pin dependencies to specific +compatible 0.x versions. For instance if we knew `foo` 0.2 and 0.3 were both compatible with `bar` 0.3 and 0.4, we +could use replace directives in our go.mod to stick to the versions of `foo` and `bar` we want. This would work as +long as the authors of `foo` and `bar` avoid incompatible breaking changes between these modules. + +Or, if developers choose to use semantic import versioning, they can attempt the naive solution described above +and would also need to use special tags and replace directives to make sure that modules are pinned to the correct +versions. + +Note, however, that all of these ad-hoc approaches, would be vulnerable to the minor version compatibility issues +described above unless [unknown field filtering](./adr-020-protobuf-transaction-encoding.md#unknown-field-filtering) +is properly addressed. + +### Approach D) Avoid protobuf generated code in public APIs + +An alternative approach would be to avoid protobuf generated code in public module APIs. This would help avoid the +discrepancy between state machine versions and client API versions at the module to module boundaries. It would mean +that we wouldn't do inter-module message passing based on ADR 033, but rather stick to the existing keeper approach +and take it one step further by avoiding any protobuf generated code in the keeper interface methods. + +Using this approach, our `foo.Keeper.DoSomething` method wouldn't have the generated `MsgDoSomething` struct (which +comes from the protobuf API), but instead positional parameters. Then in order for `foo/v2` to support the `foo/v1` +keeper it would simply need to implement both the v1 and v2 keeper APIs. The `DoSomething` method in v2 could have the +additional `condition` parameter, but this wouldn't be present in v1 at all so there would be no danger of a client +accidentally setting this when it isn't available. + +So this approach would avoid the challenge around minor version incompatibilities because the existing module keeper +API would not get new fields when they are added to protobuf files. + +Taking this approach, however, would likely require making all protobuf generated code internal in order to prevent +it from leaking into the keeper API. This means we would still need to modify the protobuf code generator to not +register `internal/` code with the global registry, and we would still need to manually register protobuf +`FileDescriptor`s (this is probably true in all scenarios). It may, however, be possible to avoid needing to refactor +interface methods on generated types to handlers. + +Also, this approach doesn't address what would be done in scenarios where modules still want to use the message router. +Either way, we probably still want a way to pass messages from one module to another router safely even if it's just for +use cases like `x/gov`, `x/authz`, CosmWasm, etc. That would still require most of the things outlined in approach (B), +although we could advise modules to prefer keepers for communicating with other modules. + +The biggest downside of this approach is probably that it requires a strict refactoring of keeper interfaces to avoid +generated code leaking into the API. This may result in cases where we need to duplicate types that are already defined +in proto files and then write methods for converting between the golang and protobuf version. This may end up in a lot +of unnecessary boilerplate and that may discourage modules from actually adopting it and achieving effective version +compatibility. Approaches (A) and (B), although heavy handed initially, aim to provide a system which once adopted +more or less gives the developer version compatibility for free with minimal boilerplate. Approach (D) may not be able +to provide such a straightforward system since it requires a golang API to be defined alongside a protobuf API in a +way that requires duplication and differing sets of design principles (protobuf APIs encourage additive changes +while golang APIs would forbid it). + +Other downsides to this approach are: +* no clear roadmap to supporting modules in other languages like Rust +* doesn't get us any closer to proper object capability security (one of the goals of ADR 033) +* ADR 033 needs to be done properly anyway for the set of use cases which do need it + +## Decision + +The latest **DRAFT** proposal is: + +1. we are alignment on adopting [ADR 033](./adr-033-protobuf-inter-module-comm.md) not just as an addition to the + framework, but as a core replacement to the keeper paradigm entirely. +2. the ADR 033 inter-module router will accommodate any variation of approach (A) or (B) given the following rules: + a. if the client type is the same as the server type then pass it directly through, + b. if both client and server use the zero-copy generated code wrappers (which still need to be defined), then pass + the memory buffers from one wrapper to the other, or + c. marshal/unmarshal types between client and server. + +This approach will allow for both maximal correctness and enable a clear path to enabling modules within in other +languages, possibly executed within a WASM VM. + +### Minor API Revisions + +To declare minor API revisions of proto files, we propose the following guidelines (which were already documented +in [cosmos.app.v1alpha module options](../proto/cosmos/app/v1alpha1/module.proto)): +* proto packages which are revised from their initial version (considered revision `0`) should include a `package` +* comment in some .proto file containing the test `Revision N` at the start of a comment line where `N` is the current +revision number. +* all fields, messages, etc. added in a version beyond the initial revision should add a comment at the start of a +comment line of the form `Since: Revision N` where `N` is the non-zero revision it was added. + +It is advised that there is a 1:1 correspondence between a state machine module and versioned set of proto files +which are versioned either as a buf module a go API module or both. If the buf schema registry is used, the version of +this buf module should always be `1.N` where `N` corresponds to the package revision. Patch releases should be used when +only documentation comments are updated. It is okay to include proto packages named `v2`, `v3`, etc. in this same +`1.N` versioned buf module (ex. `cosmos.bank.v2`) as long as all these proto packages consist of a single API intended +to be served by a single SDK module. + +### Introspecting Minor API Revisions + +In order for modules to introspect the minor API revision of peer modules, we propose adding the following method +to `cosmossdk.io/core/intermodule.Client`: + +```go +ServiceRevision(ctx context.Context, serviceName string) uint64 +``` + +Modules could all this using the service name statically generated by the go grpc code generator: + +```go +intermoduleClient.ServiceRevision(ctx, bankv1beta1.Msg_ServiceDesc.ServiceName) +``` + +In the future, we may decide to extend the code generator used for protobuf services to add a field +to client types which does this check more concisely, ex: + +```go +package bankv1beta1 + +type MsgClient interface { + Send(context.Context, MsgSend) (MsgSendResponse, error) + ServiceRevision(context.Context) uint64 +} +``` + +### Unknown Field Filtering + +To correctly perform [unknown field filtering](./adr-020-protobuf-transaction-encoding.md#unknown-field-filtering), +the inter-module router can do one of the following: + +* use the `protoreflect` API for messages which support that +* for gogo proto messages, marshal and use the existing `codec/unknownproto` code +* for zero-copy messages, do a simple check on the highest set field number (assuming we can require that fields are + adding consecutively in increasing order) + +### `FileDescriptor` Registration + +Because a single go binary may contain different versions of the same generated protobuf code, we cannot rely on the +global protobuf registry to contain the correct `FileDescriptor`s. Because `appconfig` module configuration is itself +written in protobuf, we would like to load the `FileDescriptor`s for a module before loading a module itself. So we +will provide ways to register `FileDescriptor`s at module registration time before instantiation. We propose the +following `cosmossdk.io/core/appmodule.Option` constructors for the various cases of how `FileDescriptor`s may be +packaged: + +```go +package appmodule + +// this can be used when we are using google.golang.org/protobuf compatible generated code +// Ex: +// ProtoFiles(bankv1beta1.File_cosmos_bank_v1beta1_module_proto) +func ProtoFiles(file []protoreflect.FileDescriptor) Option {} + +// this can be used when we are using gogo proto generated code. +func GzippedProtoFiles(file [][]byte) Option {} + +// this can be used when we are using buf build to generated a pinned file descriptor +func ProtoImage(protoImage []byte) Option {} +``` + +This approach allows us to support several ways protobuf files might be generated: +* proto files generated internally to a module (use `ProtoFiles`) +* the API module approach with pinned file descriptors (use `ProtoImage`) +* gogo proto (use `GzippedProtoFiles`) + +### Module Dependency Declaration + +One risk of ADR 033 is that dependencies are called at runtime which are not present in the loaded set of SDK modules. +Also we want modules to have a way to define a minimum dependency API revision that they require. Therefore, all +modules should declare their set of dependencies upfront. These dependencies could be defined when a module is +instantiated, but ideally we know what the dependencies are before instantiation and can statically look at an app +config and determine whether the set of modules. For example, if `bar` requires `foo` revision `>= 1`, then we +should be able to know this when creating an app config with two versions of `bar` and `foo`. + +We propose defining these dependencies in the proto options of the module config object itself. + +### Interface Registration + +We will also need to define how interface methods are defined on types that are serialized as `google.protobuf.Any`'s. +In light of the desire to support modules in other languages, we may want to think of solutions that will accommodate +other languages such as plugins described briefly in [ADR 033](./adr-033-protobuf-inter-module-comm.md#internal-methods). + +### Testing + +In order to ensure that modules are indeed with multiple versions of their dependencies, we plan to provide specialized +unit and integration testing infrastructure that automatically tests multiple versions of dependencies. + +#### Unit Testing + +Unit tests should be conducted inside SDK modules by mocking their dependencies. In a full ADR 033 scenario, +this means that all interaction with other modules is done via the inter-module router, so mocking of dependencies +means mocking their msg and query server implementations. We will provide both a test runner and fixture to make this +streamlined. The key thing that the test runner should do to test compatibility is to test all combinations of +dependency API revisions. This can be done by taking the file descriptors for the dependencies, parsing their comments +to determine the revisions various elements were added, and then created synthetic file descriptors for each revision +by subtracting elements that were added later. + +Here is a proposed API for the unit test runner and fixture: + +```go +package moduletesting + +import ( + "context" + "testing" + + "cosmossdk.io/core/intermodule" + "cosmossdk.io/depinject" + "google.golang.org/grpc" + "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/reflect/protodesc" +) + +type TestFixture interface { + context.Context + intermodule.Client // for making calls to the module we're testing + BeginBlock() + EndBlock() +} + +type UnitTestFixture interface { + TestFixture + grpc.ServiceRegistrar // for registering mock service implementations +} + +type UnitTestConfig struct { + ModuleConfig proto.Message // the module's config object + DepinjectConfig depinject.Config // optional additional depinject config options + DependencyFileDescriptors []protodesc.FileDescriptorProto // optional dependency file descriptors to use instead of the global registry +} + +// Run runs the test function for all combinations of dependency API revisions. +func (cfg UnitTestConfig) Run(t *testing.T, f func(t *testing.T, f UnitTestFixture)) { + // ... +} +``` + +Here is an example for testing bar calling foo which takes advantage of conditional service revisions in the expected +mock arguments: + +```go +func TestBar(t *testing.T) { + UnitTestConfig{ModuleConfig: &foomodulev1.Module{}}.Run(t, func (t *testing.T, f moduletesting.UnitTestFixture) { + ctrl := gomock.NewController(t) + mockFooMsgServer := footestutil.NewMockMsgServer() + foov1.RegisterMsgServer(f, mockFooMsgServer) + barMsgClient := barv1.NewMsgClient(f) + if f.ServiceRevision(foov1.Msg_ServiceDesc.ServiceName) >= 1 { + mockFooMsgServer.EXPECT().DoSomething(gomock.Any(), &foov1.MsgDoSomething{ + ..., + Condition: ..., // condition is expected in revision >= 1 + }).Return(&foov1.MsgDoSomethingResponse{}, nil) + } else { + mockFooMsgServer.EXPECT().DoSomething(gomock.Any(), &foov1.MsgDoSomething{...}).Return(&foov1.MsgDoSomethingResponse{}, nil) + } + res, err := barMsgClient.CallFoo(f, &MsgCallFoo{}) + ... + }) +} +``` + +The unit test runner would make sure that no dependency mocks return arguments which are invalid for the service +revision being tested to ensure that modules don't incorrectly depend on functionality not present in a given revision. + +#### Integration Testing + +An integration test runner and fixture would also be provided which instead of using mocks would test actual module +dependencies in various combinations. Here is the proposed API: + +```go +type IntegrationTestFixture interface { + TestFixture +} + +type IntegrationTestConfig struct { + ModuleConfig proto.Message // the module's config object + DependencyMatrix map[string][]proto.Message // all the dependent module configs +} + +// Run runs the test function for all combinations of dependency modules. +func (cfg IntegationTestConfig) Run(t *testing.T, f func (t *testing.T, f IntegrationTestFixture)) { + // ... +} +``` + +And here is an example with foo and bar: + +```go +func TestBarIntegration(t *testing.T) { + IntegrationTestConfig{ + ModuleConfig: &barmodulev1.Module{}, + DependencyMatrix: map[string][]proto.Message{ + "runtime": []proto.Message{ // test against two versions of runtime + &runtimev1.Module{}, + &runtimev2.Module{}, + }, + "foo": []proto.Message{ // test against three versions of foo + &foomodulev1.Module{}, + &foomodulev2.Module{}, + &foomodulev3.Module{}, + } + } + }.Run(t, func (t *testing.T, f moduletesting.IntegrationTestFixture) { + barMsgClient := barv1.NewMsgClient(f) + res, err := barMsgClient.CallFoo(f, &MsgCallFoo{}) + ... + }) +} +``` + +Unlike unit tests, integration tests actually pull in other module dependencies. So that modules can be written +without direct dependencies on other modules and because golang has no concept of development dependencies, integration +tests should be written in separate go modules, ex. `example.com/bar/v2/test`. Because this paradigm uses go semantic +versioning, it is possible to build a single go module which imports 3 versions of bar and 2 versions of runtime and +can test these all together in the six various combinations of dependencies. + +## Consequences + +### Backwards Compatibility + +Modules which migrate fully to ADR 033 will not be compatible with existing modules which use the keeper paradigm. +As a temporary workaround we may create some wrapper types that emulate the current keeper interface to minimize +the migration overhead. + +### Positive + +* we will be able to deliver interoperable semantically versioned modules which should dramatically increase the + ability of the Cosmos SDK ecosystem to iterate on new features +* it will be possible to write Cosmos SDK modules in other languages in the near future + +### Negative + +* all modules will need to be refactored somewhat dramatically + +### Neutral + +* the `cosmossdk.io/core/appconfig` framework will play a more central role in terms of how modules are defined, this + is likely generally a good thing but does mean additional changes for users wanting to stick to the pre-depinject way + of wiring up modules +* `depinject` is somewhat less needed or maybe even obviated because of the full ADR 033 approach. If we adopt the + core API proposed in https://github.com/cosmos/cosmos-sdk/pull/12239, then a module would probably always instantiate + itself with a method `ProvideModule(appmodule.Service) (appmodule.AppModule, error)`. There is no complex wiring of + keeper dependencies in this scenario and dependency injection may not have as much of (or any) use case. + +## Further Discussions + +The decision described above is considered in draft mode and is pending final buy-in from the team and key stakeholders. +Key outstanding discussions if we do adopt that direction are: + +* how do module clients introspect dependency module API revisions +* how do modules determine a minor dependency module API revision requirement +* how do modules appropriately test compatibility with different dependency versions +* how to register and resolve interface implementations +* how do modules register their protobuf file descriptors depending on the approach they take to generated code (the + API module approach may still be viable as a supported strategy and would need pinned file descriptors) + +## References + +* https://github.com/cosmos/cosmos-sdk/discussions/10162 +* https://github.com/cosmos/cosmos-sdk/discussions/10582 +* https://github.com/cosmos/cosmos-sdk/discussions/10368 +* https://github.com/cosmos/cosmos-sdk/pull/11340 +* https://github.com/cosmos/cosmos-sdk/issues/11899 +* [ADR 020](./adr-020-protobuf-transaction-encoding.md) +* [ADR 033](./adr-033-protobuf-inter-module-comm.md) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-055-orm.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-055-orm.md new file mode 100644 index 00000000..be7255f0 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-055-orm.md @@ -0,0 +1,113 @@ +# ADR 055: ORM + +## Changelog + +* 2022-04-27: First draft + +## Status + +ACCEPTED Implemented + +## Abstract + +In order to make it easier for developers to build Cosmos SDK modules and for clients to query, index and verify proofs +against state data, we have implemented an ORM (object-relational mapping) layer for the Cosmos SDK. + +## Context + +Historically modules in the Cosmos SDK have always used the key-value store directly and created various handwritten +functions for managing key format as well as constructing secondary indexes. This consumes a significant amount of +time when building a module and is error-prone. Because key formats are non-standard, sometimes poorly documented, +and subject to change, it is hard for clients to generically index, query and verify merkle proofs against state data. + +The known first instance of an "ORM" in the Cosmos ecosystem was in [weave](https://github.com/iov-one/weave/tree/master/orm). +A later version was built for [regen-ledger](https://github.com/regen-network/regen-ledger/tree/157181f955823149e1825263a317ad8e16096da4/orm) for +use in the group module and later [ported to the SDK](https://github.com/cosmos/cosmos-sdk/tree/35d3312c3be306591fcba39892223f1244c8d108/x/group/internal/orm) +just for that purpose. + +While these earlier designs made it significantly easier to write state machines, they still required a lot of manual +configuration, didn't expose state format directly to clients, and were limited in their support of different types +of index keys, composite keys, and range queries. + +Discussions about the design continued in https://github.com/cosmos/cosmos-sdk/discussions/9156 and more +sophisticated proofs of concept were created in https://github.com/allinbits/cosmos-sdk-poc/tree/master/runtime/orm +and https://github.com/cosmos/cosmos-sdk/pull/10454. + +## Decision + +These prior efforts culminated in the creation of the Cosmos SDK `orm` go module which uses protobuf annotations +for specifying ORM table definitions. This ORM is based on the new `google.golang.org/protobuf/reflect/protoreflect` +API and supports: + +* sorted indexes for all simple protobuf types (except `bytes`, `enum`, `float`, `double`) as well as `Timestamp` and `Duration` +* unsorted `bytes` and `enum` indexes +* composite primary and secondary keys +* unique indexes +* auto-incrementing `uint64` primary keys +* complex prefix and range queries +* paginated queries +* complete logical decoding of KV-store data + +Almost all the information needed to decode state directly is specified in .proto files. Each table definition specifies +an ID which is unique per .proto file and each index within a table is unique within that table. Clients then only need +to know the name of a module and the prefix ORM data for a specific .proto file within that module in order to decode +state data directly. This additional information will be exposed directly through app configs which will be explained +in a future ADR related to app wiring. + +The ORM makes optimizations around storage space by not repeating values in the primary key in the key value +when storing primary key records. For example, if the object `{"a":0,"b":1}` has the primary key `a`, it will +be stored in the key value store as `Key: '0', Value: {"b":1}` (with more efficient protobuf binary encoding). +Also, the generated code from https://github.com/cosmos/cosmos-proto does optimizations around the +`google.golang.org/protobuf/reflect/protoreflect` API to improve performance. + +A code generator is included with the ORM which creates type safe wrappers around the ORM's dynamic `Table` +implementation and is the recommended way for modules to use the ORM. + +The ORM tests provide a simplified bank module demonstration which illustrates: +* [ORM proto options](https://github.com/cosmos/cosmos-sdk/blob/0d846ae2f0424b2eb640f6679a703b52d407813d/orm/internal/testpb/bank.proto) +* [Generated Code](https://github.com/cosmos/cosmos-sdk/blob/0d846ae2f0424b2eb640f6679a703b52d407813d/orm/internal/testpb/bank.cosmos_orm.go) +* [Example Usage in a Module Keeper](https://github.com/cosmos/cosmos-sdk/blob/0d846ae2f0424b2eb640f6679a703b52d407813d/orm/model/ormdb/module_test.go) + +## Consequences + +### Backwards Compatibility + +State machine code that adopts the ORM will need migrations as the state layout is generally backwards incompatible. +These state machines will also need to migrate to https://github.com/cosmos/cosmos-proto at least for state data. + +### Positive + +* easier to build modules +* easier to add secondary indexes to state +* possible to write a generic indexer for ORM state +* easier to write clients that do state proofs +* possible to automatically write query layers rather than needing to manually implement gRPC queries + +### Negative + +* worse performance than handwritten keys (for now). See [Further Discussions](#further-discussions) +for potential improvements + +### Neutral + +## Further Discussions + +Further discussions will happen within the Cosmos SDK Framework Working Group. Current planned and ongoing work includes: + +* automatically generate client-facing query layer +* client-side query libraries that transparently verify light client proofs +* index ORM data to SQL databases +* improve performance by: + * optimizing existing reflection based code to avoid unnecessary gets when doing deletes & updates of simple tables + * more sophisticated code generation such as making fast path reflection even faster (avoiding `switch` statements), + or even fully generating code that equals handwritten performance + + +## References + +* https://github.com/iov-one/weave/tree/master/orm). +* https://github.com/regen-network/regen-ledger/tree/157181f955823149e1825263a317ad8e16096da4/orm +* https://github.com/cosmos/cosmos-sdk/tree/35d3312c3be306591fcba39892223f1244c8d108/x/group/internal/orm +* https://github.com/cosmos/cosmos-sdk/discussions/9156 +* https://github.com/allinbits/cosmos-sdk-poc/tree/master/runtime/orm +* https://github.com/cosmos/cosmos-sdk/pull/10454 diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-057-app-wiring.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-057-app-wiring.md new file mode 100644 index 00000000..2e37ced6 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-057-app-wiring.md @@ -0,0 +1,369 @@ +# ADR 057: App Wiring + +## Changelog + +* 2022-05-04: Initial Draft +* 2022-08-19: Updates + +## Status + +PROPOSED Implemented + +## Abstract + +In order to make it easier to build Cosmos SDK modules and apps, we propose a new app wiring system based on +dependency injection and declarative app configurations to replace the current `app.go` code. + +## Context + +A number of factors have made the SDK and SDK apps in their current state hard to maintain. A symptom of the current +state of complexity is [`simapp/app.go`](https://github.com/cosmos/cosmos-sdk/blob/c3edbb22cab8678c35e21fe0253919996b780c01/simapp/app.go) +which contains almost 100 lines of imports and is otherwise over 600 lines of mostly boilerplate code that is +generally copied to each new project. (Not to mention the additional boilerplate which gets copied in `simapp/simd`.) + +The large amount of boilerplate needed to bootstrap an app has made it hard to release independently versioned go +modules for Cosmos SDK modules as described in [ADR 053: Go Module Refactoring](./adr-053-go-module-refactoring.md). + +In addition to being very verbose and repetitive, `app.go` also exposes a large surface area for breaking changes +as most modules instantiate themselves with positional parameters which forces breaking changes anytime a new parameter +(even an optional one) is needed. + +Several attempts were made to improve the current situation including [ADR 033: Internal-Module Communication](./adr-033-protobuf-inter-module-comm.md) +and [a proof-of-concept of a new SDK](https://github.com/allinbits/cosmos-sdk-poc). The discussions around these +designs led to the current solution described here. + +## Decision + +In order to improve the current situation, a new "app wiring" paradigm has been designed to replace `app.go` which +involves: + +* declaration configuration of the modules in an app which can be serialized to JSON or YAML +* a dependency-injection (DI) framework for instantiating apps from the that configuration + +### Dependency Injection + +When examining the code in `app.go` most of the code simply instantiates modules with dependencies provided either +by the framework (such as store keys) or by other modules (such as keepers). It is generally pretty obvious given +the context what the correct dependencies actually should be, so dependency-injection is an obvious solution. Rather +than making developers manually resolve dependencies, a module will tell the DI container what dependency it needs +and the container will figure out how to provide it. + +We explored several existing DI solutions in golang and felt that the reflection-based approach in [uber/dig](https://github.com/uber-go/dig) +was closest to what we needed but not quite there. Assessing what we needed for the SDK, we designed and built +the Cosmos SDK [depinject module](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/depinject), which has the following +features: + +* dependency resolution and provision through functional constructors, ex: `func(need SomeDep) (AnotherDep, error)` +* dependency injection `In` and `Out` structs which support `optional` dependencies +* grouped-dependencies (many-per-container) through the `ManyPerContainerType` tag interface +* module-scoped dependencies via `ModuleKey`s (where each module gets a unique dependency) +* one-per-module dependencies through the `OnePerModuleType` tag interface +* sophisticated debugging information and container visualization via GraphViz + +Here are some examples of how these would be used in an SDK module: + +* `StoreKey` could be a module-scoped dependency which is unique per module +* a module's `AppModule` instance (or the equivalent) could be a `OnePerModuleType` +* CLI commands could be provided with `ManyPerContainerType`s + +Note that even though dependency resolution is dynamic and based on reflection, which could be considered a pitfall +of this approach, the entire dependency graph should be resolved immediately on app startup and only gets resolved +once (except in the case of dynamic config reloading which is a separate topic). This means that if there are any +errors in the dependency graph, they will get reported immediately on startup so this approach is only slightly worse +than fully static resolution in terms of error reporting and much better in terms of code complexity. + +### Declarative App Config + +In order to compose modules into an app, a declarative app configuration will be used. This configuration is based off +of protobuf and its basic structure is very simple: + +```protobuf +package cosmos.app.v1; + +message Config { + repeated ModuleConfig modules = 1; +} + +message ModuleConfig { + string name = 1; + google.protobuf.Any config = 2; +} +``` + +(See also https://github.com/cosmos/cosmos-sdk/blob/6e18f582bf69e3926a1e22a6de3c35ea327aadce/proto/cosmos/app/v1alpha1/config.proto) + +The configuration for every module is itself a protobuf message and modules will be identified and loaded based +on the protobuf type URL of their config object (ex. `cosmos.bank.module.v1.Module`). Modules are given a unique short `name` +to share resources across different versions of the same module which might have a different protobuf package +versions (ex. `cosmos.bank.module.v2.Module`). All module config objects should define the `cosmos.app.v1alpha1.module` +descriptor option which will provide additional useful metadata for the framework and which can also be indexed +in module registries. + +An example app config in YAML might look like this: + +```yaml +modules: + - name: baseapp + config: + "@type": cosmos.baseapp.module.v1.Module + begin_blockers: [staking, auth, bank] + end_blockers: [bank, auth, staking] + init_genesis: [bank, auth, staking] + - name: auth + config: + "@type": cosmos.auth.module.v1.Module + bech32_prefix: "foo" + - name: bank + config: + "@type": cosmos.bank.module.v1.Module + - name: staking + config: + "@type": cosmos.staking.module.v1.Module +``` + +In the above example, there is a hypothetical `baseapp` module which contains the information around ordering of +begin blockers, end blockers, and init genesis. Rather than lifting these concerns up to the module config layer, +they are themselves handled by a module which could allow a convenient way of swapping out different versions of +baseapp (for instance to target different versions of tendermint), without needing to change the rest of the config. +The `baseapp` module would then provide to the server framework (which sort of sits outside the ABCI app) an instance +of `abci.Application`. + +In this model, an app is *modules all the way down* and the dependency injection/app config layer is very much +protocol-agnostic and can adapt to even major breaking changes at the protocol layer. + +### Module & Protobuf Registration + +In order for the two components of dependency injection and declarative configuration to work together as described, +we need a way for modules to actually register themselves and provide dependencies to the container. + +One additional complexity that needs to be handled at this layer is protobuf registry initialization. Recall that +in both the current SDK `codec` and the proposed [ADR 054: Protobuf Semver Compatible Codegen](https://github.com/cosmos/cosmos-sdk/pull/11802), +protobuf types need to be explicitly registered. Given that the app config itself is based on protobuf and +uses protobuf `Any` types, protobuf registration needs to happen before the app config itself can be decoded. Because +we don't know which protobuf `Any` types will be needed a priori and modules themselves define those types, we need +to decode the app config in separate phases: + +1. parse app config JSON/YAML as raw JSON and collect required module type URLs (without doing proto JSON decoding) +2. build a [protobuf type registry](https://pkg.go.dev/google.golang.org/protobuf@v1.28.0/reflect/protoregistry) based + on file descriptors and types provided by each required module +3. decode the app config as proto JSON using the protobuf type registry + +Because in [ADR 054: Protobuf Semver Compatible Codegen](https://github.com/cosmos/cosmos-sdk/pull/11802), each module +might use `internal` generated code which is not registered with the global protobuf registry, this code should provide +an alternate way to register protobuf types with a type registry. In the same way that `.pb.go` files currently have a +`var File_foo_proto protoreflect.FileDescriptor` for the file `foo.proto`, generated code should have a new member +`var Types_foo_proto TypeInfo` where `TypeInfo` is an interface or struct with all the necessary info to register both +the protobuf generated types and file descriptor. + +So a module must provide dependency injection providers and protobuf types, and takes as input its module +config object which uniquely identifies the module based on its type URL. + +With this in mind, we define a global module register which allows module implementations to register themselves +with the following API: + +```go +// Register registers a module with the provided type name (ex. cosmos.bank.module.v1.Module) +// and the provided options. +func Register(configTypeName protoreflect.FullName, option ...Option) { ... } + +type Option { /* private methods */ } + +// Provide registers dependency injection provider functions which work with the +// cosmos-sdk container module. These functions can also accept an additional +// parameter for the module's config object. +func Provide(providers ...interface{}) Option { ... } + +// Types registers protobuf TypeInfo's with the protobuf registry. +func Types(types ...TypeInfo) Option { ... } +``` + +Ex: + +```go +func init() { + appmodule.Register("cosmos.bank.module.v1.Module", + appmodule.Types( + types.Types_tx_proto, + types.Types_query_proto, + types.Types_types_proto, + ), + appmodule.Provide( + provideBankModule, + ) + ) +} + +type Inputs struct { + container.In + + AuthKeeper auth.Keeper + DB ormdb.ModuleDB +} + +type Outputs struct { + Keeper bank.Keeper + AppModule appmodule.AppModule +} + +func ProvideBankModule(config *bankmodulev1.Module, Inputs) (Outputs, error) { ... } +``` + +Note that in this module, a module configuration object *cannot* register different dependency providers at runtime +based on the configuration. This is intentional because it allows us to know globally which modules provide which +dependencies, and it will also allow us to do code generation of the whole app initialization. This +can help us figure out issues with missing dependencies in an app config if the needed modules are loaded at runtime. +In cases where required modules are not loaded at runtime, it may be possible to guide users to the correct module if +through a global Cosmos SDK module registry. + +The `*appmodule.Handler` type referenced above is a replacement for the legacy `AppModule` framework, and +described in [ADR 063: Core Module API](./adr-063-core-module-api.md). + +### New `app.go` + +With this setup, `app.go` might now look something like this: + +```go +package main + +import ( + // Each go package which registers a module must be imported just for side-effects + // so that module implementations are registered. + _ "github.com/cosmos/cosmos-sdk/x/auth/module" + _ "github.com/cosmos/cosmos-sdk/x/bank/module" + _ "github.com/cosmos/cosmos-sdk/x/staking/module" + "github.com/cosmos/cosmos-sdk/core/app" +) + +// go:embed app.yaml +var appConfigYAML []byte + +func main() { + app.Run(app.LoadYAML(appConfigYAML)) +} +``` + +### Application to existing SDK modules + +So far we have described a system which is largely agnostic to the specifics of the SDK such as store keys, `AppModule`, +`BaseApp`, etc. Improvements to these parts of the framework that integrate with the general app wiring framework +defined here are described in [ADR 063: Core Module API](./adr-063-core-module-api.md). + +### Registration of Inter-Module Hooks + +### Registration of Inter-Module Hooks + +Some modules define a hooks interface (ex. `StakingHooks`) which allows one module to call back into another module +when certain events happen. + +With the app wiring framework, these hooks interfaces can be defined as a `OnePerModuleType`s and then the module +which consumes these hooks can collect these hooks as a map of module name to hook type (ex. `map[string]FooHooks`). Ex: + +```go +func init() { + appmodule.Register( + &foomodulev1.Module{}, + appmodule.Invoke(InvokeSetFooHooks), + ... + ) +} +func InvokeSetFooHooks( + keeper *keeper.Keeper, + fooHooks map[string]FooHooks, +) error { + for k in sort.Strings(maps.Keys(fooHooks)) { + keeper.AddFooHooks(fooHooks[k]) + } +} +``` + +Optionally, the module consuming hooks can allow app's to define an order for calling these hooks based on module name +in its config object. + +An alternative way for registering hooks via reflection was considered where all keeper types are inspected to see if +they implement the hook interface by the modules exposing hooks. This has the downsides of: + +* needing to expose all the keepers of all modules to the module providing hooks, +* not allowing for encapsulating hooks on a different type which doesn't expose all keeper methods, +* harder to know statically which module expose hooks or are checking for them. + +With the approach proposed here, hooks registration will be obviously observable in `app.go` if `depinject` codegen +(described below) is used. + +### Code Generation + +The `depinject` framework will optionally allow the app configuration and dependency injection wiring to be code +generated. This will allow: + +* dependency injection wiring to be inspected as regular go code just like the existing `app.go`, +* dependency injection to be opt-in with manual wiring 100% still possible. + +Code generation requires that all providers and invokers and their parameters are exported and in non-internal packages. + +### Module Semantic Versioning + +When we start creating semantically versioned SDK modules that are in standalone go modules, a state machine breaking +change to a module should be handled as follows: +- the semantic major version should be incremented, and +- a new semantically versioned module config protobuf type should be created. + +For instance, if we have the SDK module for bank in the go module `cosmossdk.io/x/bank` with the module config type +`cosmos.bank.module.v1.Module`, and we want to make a state machine breaking change to the module, we would: +- create a new go module `cosmossdk.io/x/bank/v2`, +- with the module config protobuf type `cosmos.bank.module.v2.Module`. + +This _does not_ mean that we need to increment the protobuf API version for bank. Both modules can support +`cosmos.bank.v1`, but `cosmossdk.io/x/bank/v2` will be a separate go module with a separate module config type. + +This practice will eventually allow us to use appconfig to load new versions of a module via a configuration change. + +Effectively, there should be a 1:1 correspondence between a semantically versioned go module and a +versioned module config protobuf type, and major versioning bumps should occur whenever state machine breaking changes +are made to a module. + +NOTE: SDK modules that are standalone go modules _should not_ adopt semantic versioning until the concerns described in +[ADR 054: Module Semantic Versioning](./adr-054-semver-compatible-modules.md) are +addressed. The short-term solution for this issue was left somewhat unresolved. However, the easiest tactic is +likely to use a standalone API go module and follow the guidelines described in this comment: https://github.com/cosmos/cosmos-sdk/pull/11802#issuecomment-1406815181. For the time-being, it is recommended that +Cosmos SDK modules continue to follow tried and true [0-based versioning](https://0ver.org) until an officially +recommended solution is provided. This section of the ADR will be updated when that happens and for now, this section +should be considered as a design recommendation for future adoption of semantic versioning. + +## Consequences + +### Backwards Compatibility + +Modules which work with the new app wiring system do not need to drop their existing `AppModule` and `NewKeeper` +registration paradigms. These two methods can live side-by-side for as long as is needed. + +### Positive + +* wiring up new apps will be simpler, more succinct and less error-prone +* it will be easier to develop and test standalone SDK modules without needing to replicate all of simapp +* it may be possible to dynamically load modules and upgrade chains without needing to do a coordinated stop and binary + upgrade using this mechanism +* easier plugin integration +* dependency injection framework provides more automated reasoning about dependencies in the project, with a graph visualization. + +### Negative + +* it may be confusing when a dependency is missing although error messages, the GraphViz visualization, and global + module registration may help with that + +### Neutral + +* it will require work and education + +## Further Discussions + +The protobuf type registration system described in this ADR has not been implemented and may need to be reconsidered in +light of code generation. It may be better to do this type registration with a DI provider. + +## References + +* https://github.com/cosmos/cosmos-sdk/blob/c3edbb22cab8678c35e21fe0253919996b780c01/simapp/app.go +* https://github.com/allinbits/cosmos-sdk-poc +* https://github.com/uber-go/dig +* https://github.com/google/wire +* https://pkg.go.dev/github.com/cosmos/cosmos-sdk/container +* https://github.com/cosmos/cosmos-sdk/pull/11802 +* [ADR 063: Core Module API](./adr-063-core-module-api.md) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-058-auto-generated-cli.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-058-auto-generated-cli.md new file mode 100644 index 00000000..b295ff4b --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-058-auto-generated-cli.md @@ -0,0 +1,98 @@ +# ADR 058: Auto-Generated CLI + +## Changelog + +* 2022-05-04: Initial Draft + +## Status + +ACCEPTED Partially Implemented + +## Abstract + +In order to make it easier for developers to write Cosmos SDK modules, we provide infrastructure which automatically +generates CLI commands based on protobuf definitions. + +## Context + +Current Cosmos SDK modules generally implement a CLI command for every transaction and every query supported by the +module. These are handwritten for each command and essentially amount to providing some CLI flags or positional +arguments for specific fields in protobuf messages. + +In order to make sure CLI commands are correctly implemented as well as to make sure that the application works +in end-to-end scenarios, we do integration tests using CLI commands. While these tests are valuable on some-level, +they can be hard to write and maintain, and run slowly. [Some teams have contemplated](https://github.com/regen-network/regen-ledger/issues/1041) +moving away from CLI-style integration tests (which are really end-to-end tests) towards narrower integration tests +which exercise `MsgClient` and `QueryClient` directly. This might involve replacing the current end-to-end CLI +tests with unit tests as there still needs to be some way to test these CLI commands for full quality assurance. + +## Decision + +To make module development simpler, we provide infrastructure - in the new [`client/v2`](https://github.com/cosmos/cosmos-sdk/tree/main/client/v2) +go module - for automatically generating CLI commands based on protobuf definitions to either replace or complement +handwritten CLI commands. This will mean that when developing a module, it will be possible to skip both writing and +testing CLI commands as that can all be taken care of by the framework. + +The basic design for automatically generating CLI commands is to: + +* create one CLI command for each `rpc` method in a protobuf `Query` or `Msg` service +* create a CLI flag for each field in the `rpc` request type +* for `query` commands call gRPC and print the response as protobuf JSON or YAML (via the `-o`/`--output` flag) +* for `tx` commands, create a transaction and apply common transaction flags + +In order to make the auto-generated CLI as easy to use (or easier) than handwritten CLI, we need to do custom handling +of specific protobuf field types so that the input format is easy for humans: + +* `Coin`, `Coins`, `DecCoin`, and `DecCoins` should be input using the existing format (i.e. `1000uatom`) +* it should be possible to specify an address using either the bech32 address string or a named key in the keyring +* `Timestamp` and `Duration` should accept strings like `2001-01-01T00:00:00Z` and `1h3m` respectively +* pagination should be handled with flags like `--page-limit`, `--page-offset`, etc. +* it should be possible to customize any other protobuf type either via its message name or a `cosmos_proto.scalar` annotation + +At a basic level it should be possible to generate a command for a single `rpc` method as well as all the commands for +a whole protobuf `service` definition. It should be possible to mix and match auto-generated and handwritten commands. + +## Consequences + +### Backwards Compatibility + +Existing modules can mix and match auto-generated and handwritten CLI commands so it is up to them as to whether they +make breaking changes by replacing handwritten commands with slightly different auto-generated ones. + +For now the SDK will maintain the existing set of CLI commands for backwards compatibility but new commands will use +this functionality. + +### Positive + +* module developers will not need to write CLI commands +* module developers will not need to test CLI commands +* [lens](https://github.com/strangelove-ventures/lens) may benefit from this + +### Negative + +### Neutral + +## Further Discussions + +We would like to be able to customize: + +* short and long usage strings for commands +* aliases for flags (ex. `-a` for `--amount`) +* which fields are positional parameters rather than flags + +It is an [open discussion](https://github.com/cosmos/cosmos-sdk/pull/11725#issuecomment-1108676129) +as to whether these customizations options should line in: + +* the .proto files themselves, +* separate config files (ex. YAML), or +* directly in code + +Providing the options in .proto files would allow a dynamic client to automatically generate +CLI commands on the fly. However, that may pollute the .proto files themselves with information that is only relevant +for a small subset of users. + +## References + +* https://github.com/regen-network/regen-ledger/issues/1041 +* https://github.com/cosmos/cosmos-sdk/tree/main/client/v2 +* https://github.com/cosmos/cosmos-sdk/pull/11725#issuecomment-1108676129 diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-059-test-scopes.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-059-test-scopes.md new file mode 100644 index 00000000..06034459 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-059-test-scopes.md @@ -0,0 +1,254 @@ +# ADR 059: Test Scopes + +## Changelog + +* 2022-08-02: Initial Draft +* 2023-03-02: Add precision for integration tests +* 2023-03-23: Add precision for E2E tests + +## Status + +PROPOSED Partially Implemented + +## Abstract + +Recent work in the SDK aimed at breaking apart the monolithic root go module has highlighted +shortcomings and inconsistencies in our testing paradigm. This ADR clarifies a common +language for talking about test scopes and proposes an ideal state of tests at each scope. + +## Context + +[ADR-053: Go Module Refactoring](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-053-go-module-refactoring.md) expresses our desire for an SDK composed of many +independently versioned Go modules, and [ADR-057: App Wiring](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-057-app-wiring.md) offers a methodology +for breaking apart inter-module dependencies through the use of dependency injection. As +described in [EPIC: Separate all SDK modules into standalone go modules](https://github.com/cosmos/cosmos-sdk/issues/11899), module +dependencies are particularly complected in the test phase, where simapp is used as +the key test fixture in setting up and running tests. It is clear that the successful +completion of Phases 3 and 4 in that EPIC require the resolution of this dependency problem. + +In [EPIC: Unit Testing of Modules via Mocks](https://github.com/cosmos/cosmos-sdk/issues/12398) it was thought this Gordian knot could be +unwound by mocking all dependencies in the test phase for each module, but seeing how these +refactors were complete rewrites of test suites discussions began around the fate of the +existing integration tests. One perspective is that they ought to be thrown out, another is +that integration tests have some utility of their own and a place in the SDK's testing story. + +Another point of confusion has been the current state of CLI test suites, [x/auth](https://github.com/cosmos/cosmos-sdk/blob/0f7e56c6f9102cda0ca9aba5b6f091dbca976b5a/x/auth/client/testutil/suite.go#L44-L49) for +example. In code these are called integration tests, but in reality function as end to end +tests by starting up a tendermint node and full application. [EPIC: Rewrite and simplify +CLI tests](https://github.com/cosmos/cosmos-sdk/issues/12696) identifies the ideal state of CLI tests using mocks, but does not address the +place end to end tests may have in the SDK. + +From here we identify three scopes of testing, **unit**, **integration**, **e2e** (end to +end), seek to define the boundaries of each, their shortcomings (real and imposed), and their +ideal state in the SDK. + +### Unit tests + +Unit tests exercise the code contained in a single module (e.g. `/x/bank`) or package +(e.g. `/client`) in isolation from the rest of the code base. Within this we identify two +levels of unit tests, *illustrative* and *journey*. The definitions below lean heavily on +[The BDD Books - Formulation](https://leanpub.com/bddbooks-formulation) section 1.3. + +*Illustrative* tests exercise an atomic part of a module in isolation - in this case we +might do fixture setup/mocking of other parts of the module. + +Tests which exercise a whole module's function with dependencies mocked, are *journeys*. +These are almost like integration tests in that they exercise many things together but still +use mocks. + +Example 1 journey vs illustrative tests - [depinject's BDD style tests](https://github.com/cosmos/cosmos-sdk/blob/main/depinject/features/bindings.feature), show how we can +rapidly build up many illustrative cases demonstrating behavioral rules without [very much code](https://github.com/cosmos/cosmos-sdk/blob/main/depinject/binding_test.go) while maintaining high level readability. + +Example 2 [depinject table driven tests](https://github.com/cosmos/cosmos-sdk/blob/main/depinject/provider_desc_test.go) + +Example 3 [Bank keeper tests](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/x/bank/keeper/keeper_test.go#L94-L105) - A mock implementation of `AccountKeeper` is supplied to the keeper constructor. + +#### Limitations + +Certain modules are tightly coupled beyond the test phase. A recent dependency report for +`bank -> auth` found 274 total usages of `auth` in `bank`, 50 of which are in +production code and 224 in test. This tight coupling may suggest that either the modules +should be merged, or refactoring is required to abstract references to the core types tying +the modules together. It could also indicate that these modules should be tested together +in integration tests beyond mocked unit tests. + +In some cases setting up a test case for a module with many mocked dependencies can be quite +cumbersome and the resulting test may only show that the mocking framework works as expected +rather than working as a functional test of interdependent module behavior. + +### Integration tests + +Integration tests define and exercise relationships between an arbitrary number of modules +and/or application subsystems. + +Wiring for integration tests is provided by `depinject` and some [helper code](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/testutil/sims/app_helpers.go#L95) starts up +a running application. A section of the running application may then be tested. Certain +inputs during different phases of the application life cycle are expected to produce +invariant outputs without too much concern for component internals. This type of black box +testing has a larger scope than unit testing. + +Example 1 [client/grpc_query_test/TestGRPCQuery](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/client/grpc_query_test.go#L111-L129) - This test is misplaced in `/client`, +but tests the life cycle of (at least) `runtime` and `bank` as they progress through +startup, genesis and query time. It also exercises the fitness of the client and query +server without putting bytes on the wire through the use of [QueryServiceTestHelper](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/baseapp/grpcrouter_helpers.go#L31). + +Example 2 `x/evidence` Keeper integration tests - Starts up an application composed of [8 +modules](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/x/evidence/testutil/app.yaml#L1) with [5 keepers](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/x/evidence/keeper/keeper_test.go#L101-L106) used in the integration test suite. One test in the suite +exercises [HandleEquivocationEvidence](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/x/evidence/keeper/infraction_test.go#L42) which contains many interactions with the staking +keeper. + +Example 3 - Integration suite app configurations may also be specified via golang (not +YAML as above) [statically](https://github.com/cosmos/cosmos-sdk/blob/main/x/nft/testutil/app_config.go) or [dynamically](https://github.com/cosmos/cosmos-sdk/blob/8c23f6f957d1c0bedd314806d1ac65bea59b084c/tests/integration/bank/keeper/keeper_test.go#L129-L134). + +#### Limitations + +Setting up a particular input state may be more challenging since the application is +starting from a zero state. Some of this may be addressed by good test fixture +abstractions with testing of their own. Tests may also be more brittle, and larger +refactors could impact application initialization in unexpected ways with harder to +understand errors. This could also be seen as a benefit, and indeed the SDK's current +integration tests were helpful in tracking down logic errors during earlier stages +of app-wiring refactors. + +### Simulations + +Simulations (also called generative testing) are a special case of integration tests where +deterministically random module operations are executed against a running simapp, building +blocks on the chain until a specified height is reached. No *specific* assertions are +made for the state transitions resulting from module operations but any error will halt and +fail the simulation. Since `crisis` is included in simapp and the simulation runs +EndBlockers at the end of each block any module invariant violations will also fail +the simulation. + +Modules must implement [AppModuleSimulation.WeightedOperations](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/types/module/simulation.go#L31) to define their +simulation operations. Note that not all modules implement this which may indicate a +gap in current simulation test coverage. + +Modules not returning simulation operations: + +* `auth` +* `evidence` +* `mint` +* `params` + +A separate binary, [runsim](https://github.com/cosmos/tools/tree/master/cmd/runsim), is responsible for kicking off some of these tests and +managing their life cycle. + +#### Limitations + +* [A success](https://github.com/cosmos/cosmos-sdk/runs/7606931983?check_suite_focus=true) may take a long time to run, 7-10 minutes per simulation in CI. +* [Timeouts](https://github.com/cosmos/cosmos-sdk/runs/7606932295?check_suite_focus=true) sometimes occur on apparent successes without any indication why. +* Useful error messages not provided on [failure](https://github.com/cosmos/cosmos-sdk/runs/7606932548?check_suite_focus=true) from CI, requiring a developer to run + the simulation locally to reproduce. + +### E2E tests + +End to end tests exercise the entire system as we understand it in as close an approximation +to a production environment as is practical. Presently these tests are located at +[tests/e2e](https://github.com/cosmos/cosmos-sdk/tree/main/tests/e2e) and rely on [testutil/network](https://github.com/cosmos/cosmos-sdk/tree/main/testutil/network) to start up an in-process Tendermint node. + +An application should be built as minimally as possible to exercise the desired functionality. +The SDK uses an application will only the required modules for the tests. The application developer is adviced to use its own application for e2e tests. + +#### Limitations + +In general the limitations of end to end tests are orchestration and compute cost. +Scaffolding is required to start up and run a prod-like environment and the this +process takes much longer to start and run than unit or integration tests. + +Global locks present in Tendermint code cause stateful starting/stopping to sometimes hang +or fail intermittently when run in a CI environment. + +The scope of e2e tests has been complected with command line interface testing. + +## Decision + +We accept these test scopes and identify the following decisions points for each. + +| Scope | App Type | Mocks? | +| ----------- | ------------------- | ------ | +| Unit | None | Yes | +| Integration | integration helpers | Some | +| Simulation | minimal app | No | +| E2E | minimal app | No | + +The decision above is valid for the SDK. An application developer should test their application with their full application instead of the minimal app. + +### Unit Tests + +All modules must have mocked unit test coverage. + +Illustrative tests should outnumber journeys in unit tests. + +Unit tests should outnumber integration tests. + +Unit tests must not introduce additional dependencies beyond those already present in +production code. + +When module unit test introduction as per [EPIC: Unit testing of modules via mocks](https://github.com/cosmos/cosmos-sdk/issues/12398) +results in a near complete rewrite of an integration test suite the test suite should be +retained and moved to `/tests/integration`. We accept the resulting test logic +duplication but recommend improving the unit test suite through the addition of +illustrative tests. + +### Integration Tests + +All integration tests shall be located in `/tests/integration`, even those which do not +introduce extra module dependencies. + +To help limit scope and complexity, it is recommended to use the smallest possible number of +modules in application startup, i.e. don't depend on simapp. + +Integration tests should outnumber e2e tests. + +### Simulations + +Simulations shall use a minimal application (usually via app wiring). They are located under `/x/{moduleName}/simulation`. + +### E2E Tests + +Existing e2e tests shall be migrated to integration tests by removing the dependency on the +test network and in-process Tendermint node to ensure we do not lose test coverage. + +The e2e rest runner shall transition from in process Tendermint to a runner powered by +Docker via [dockertest](https://github.com/ory/dockertest). + +E2E tests exercising a full network upgrade shall be written. + +The CLI testing aspect of existing e2e tests shall be rewritten using the network mocking +demonstrated in [PR#12706](https://github.com/cosmos/cosmos-sdk/pull/12706). + +## Consequences + +### Positive + +* test coverage is increased +* test organization is improved +* reduced dependency graph size in modules +* simapp removed as a dependency from modules +* inter-module dependencies introduced in test code are removed +* reduced CI run time after transitioning away from in process Tendermint + +### Negative + +* some test logic duplication between unit and integration tests during transition +* test written using dockertest DX may be a bit worse + +### Neutral + +* some discovery required for e2e transition to dockertest + +## Further Discussions + +It may be useful if test suites could be run in integration mode (with mocked tendermint) or +with e2e fixtures (with real tendermint and many nodes). Integration fixtures could be used +for quicker runs, e2e fixures could be used for more battle hardening. + +A PoC `x/gov` was completed in PR [#12847](https://github.com/cosmos/cosmos-sdk/pull/12847) +is in progress for unit tests demonstrating BDD [Rejected]. +Observing that a strength of BDD specifications is their readability, and a con is the +cognitive load while writing and maintaining, current consensus is to reserve BDD use +for places in the SDK where complex rules and module interactions are demonstrated. +More straightforward or low level test cases will continue to rely on go table tests. + +Levels are network mocking in integration and e2e tests are still being worked on and formalized. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-060-abci-1.0.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-060-abci-1.0.md new file mode 100644 index 00000000..3f29be78 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-060-abci-1.0.md @@ -0,0 +1,238 @@ +# ADR 60: ABCI 1.0 Integration (Phase I) + +## Changelog + +* 2022-08-10: Initial Draft (@alexanderbez, @tac0turtle) +* Nov 12, 2022: Update `PrepareProposal` and `ProcessProposal` semantics per the + initial implementation [PR](https://github.com/cosmos/cosmos-sdk/pull/13453) (@alexanderbez) + +## Status + +ACCEPTED + +## Abstract + +This ADR describes the initial adoption of [ABCI 1.0](https://github.com/tendermint/tendermint/blob/master/spec/abci%2B%2B/README.md), +the next evolution of ABCI, within the Cosmos SDK. ABCI 1.0 aims to provide +application developers with more flexibility and control over application and +consensus semantics, e.g. in-application mempools, in-process oracles, and +order-book style matching engines. + +## Context + +Tendermint will release ABCI 1.0. Notably, at the time of this writing, +Tendermint is releasing v0.37.0 which will include `PrepareProposal` and `ProcessProposal`. + +The `PrepareProposal` ABCI method is concerned with a block proposer requesting +the application to evaluate a series of transactions to be included in the next +block, defined as a slice of `TxRecord` objects. The application can either +accept, reject, or completely ignore some or all of these transactions. This is +an important consideration to make as the application can essentially define and +control its own mempool allowing it to define sophisticated transaction priority +and filtering mechanisms, by completely ignoring the `TxRecords` Tendermint +sends it, favoring its own transactions. This essentially means that the Tendermint +mempool acts more like a gossip data structure. + +The second ABCI method, `ProcessProposal`, is used to process the block proposer's +proposal as defined by `PrepareProposal`. It is important to note the following +with respect to `ProcessProposal`: + +* Execution of `ProcessProposal` must be deterministic. +* There must be coherence between `PrepareProposal` and `ProcessProposal`. In + other words, for any two correct processes *p* and *q*, if *q*'s Tendermint + calls `RequestProcessProposal` on *up*, *q*'s Application returns + ACCEPT in `ResponseProcessProposal`. + +It is important to note that in ABCI 1.0 integration, the application +is NOT responsible for locking semantics -- Tendermint will still be responsible +for that. In the future, however, the application will be responsible for locking, +which allows for parallel execution possibilities. + +## Decision + +We will integrate ABCI 1.0, which will be introduced in Tendermint +v0.37.0, in the next major release of the Cosmos SDK. We will integrate ABCI 1.0 +methods on the `BaseApp` type. We describe the implementations of the two methods +individually below. + +Prior to describing the implementation of the two new methods, it is important to +note that the existing ABCI methods, `CheckTx`, `DeliverTx`, etc, still exist and +serve the same functions as they do now. + +### `PrepareProposal` + +Prior to evaluating the decision for how to implement `PrepareProposal`, it is +important to note that `CheckTx` will still be executed and will be responsible +for evaluating transaction validity as it does now, with one very important +*additive* distinction. + +When executing transactions in `CheckTx`, the application will now add valid +transactions, i.e. passing the AnteHandler, to its own mempool data structure. +In order to provide a flexible approach to meet the varying needs of application +developers, we will define both a mempool interface and a data structure utilizing +Golang generics, allowing developers to focus only on transaction +ordering. Developers requiring absolute full control can implement their own +custom mempool implementation. + +We define the general mempool interface as follows (subject to change): + +```go +type Mempool interface { + // Insert attempts to insert a Tx into the app-side mempool returning + // an error upon failure. + Insert(sdk.Context, sdk.Tx) error + + // Select returns an Iterator over the app-side mempool. If txs are specified, + // then they shall be incorporated into the Iterator. The Iterator must + // closed by the caller. + Select(sdk.Context, [][]byte) Iterator + + // CountTx returns the number of transactions currently in the mempool. + CountTx() int + + // Remove attempts to remove a transaction from the mempool, returning an error + // upon failure. + Remove(sdk.Tx) error +} + +// Iterator defines an app-side mempool iterator interface that is as minimal as +// possible. The order of iteration is determined by the app-side mempool +// implementation. +type Iterator interface { + // Next returns the next transaction from the mempool. If there are no more + // transactions, it returns nil. + Next() Iterator + + // Tx returns the transaction at the current position of the iterator. + Tx() sdk.Tx +} +``` + +We will define an implementation of `Mempool`, defined by `nonceMempool`, that +will cover most basic application use-cases. Namely, it will prioritize transactions +by transaction sender, allowing for multiple transactions from the same sender. + +The default app-side mempool implementation, `nonceMempool`, will operate on a +single skip list data structure. Specifically, transactions with the lowest nonce +globally are prioritized. Transactions with the same nonce are prioritized by +sender address. + +```go +type nonceMempool struct { + txQueue *huandu.SkipList +} +``` + +Previous discussions1 have come to the agreement that Tendermint will +perform a request to the application, via `RequestPrepareProposal`, with a certain +amount of transactions reaped from Tendermint's local mempool. The exact amount +of transactions reaped will be determined by a local operator configuration. +This is referred to as the "one-shot approach" seen in discussions. + +When Tendermint reaps transactions from the local mempool and sends them to the +application via `RequestPrepareProposal`, the application will have to evaluate +the transactions. Specifically, it will need to inform Tendermint if it should +reject and or include each transaction. Note, the application can even *replace* +transactions entirely with other transactions. + +When evaluating transactions from `RequestPrepareProposal`, the application will +ignore *ALL* transactions sent to it in the request and instead reap up to +`RequestPrepareProposal.max_tx_bytes` from it's own mempool. + +Since an application can technically insert or inject transactions on `Insert` +during `CheckTx` execution, it is recommended that applications ensure transaction +validity when reaping transactions during `PrepareProposal`. However, what validity +exactly means is entirely determined by the application. + +The Cosmos SDK will provide a default `PrepareProposal` implementation that simply +select up to `MaxBytes` *valid* transactions. + +However, applications can override this default implementation with their own +implementation and set that on `BaseApp` via `SetPrepareProposal`. + + +### `ProcessProposal` + +The `ProcessProposal` ABCI method is relatively straightforward. It is responsible +for ensuring validity of the proposed block containing transactions that were +selected from the `PrepareProposal` step. However, how an application determines +validity of a proposed block depends on the application and its varying use cases. +For most applications, simply calling the `AnteHandler` chain would suffice, but +there could easily be other applications that need more control over the validation +process of the proposed block, such as ensuring txs are in a certain order or +that certain transactions are included. While this theoretically could be achieved +with a custom `AnteHandler` implementation, it's not the cleanest UX or the most +efficient solution. + +Instead, we will define an additional ABCI interface method on the existing +`Application` interface, similar to the existing ABCI methods such as `BeginBlock` +or `EndBlock`. This new interface method will be defined as follows: + +```go +ProcessProposal(sdk.Context, abci.RequestProcessProposal) error {} +``` + +Note, we must call `ProcessProposal` with a new internal branched state on the +`Context` argument as we cannot simply just use the existing `checkState` because +`BaseApp` already has a modified `checkState` at this point. So when executing +`ProcessProposal`, we create a similar branched state, `processProposalState`, +off of `deliverState`. Note, the `processProposalState` is never committed and +is completely discarded after `ProcessProposal` finishes execution. + +The Cosmos SDK will provide a default implementation of `ProcessProposal` in which +all transactions are validated using the CheckTx flow, i.e. the AnteHandler, and +will always return ACCEPT unless any transaction cannot be decoded. + +### `DeliverTx` + +Since transactions are not truly removed from the app-side mempool during +`PrepareProposal`, since `ProcessProposal` can fail or take multiple rounds and +we do not want to lose transactions, we need to finally remove the transaction +from the app-side mempool during `DeliverTx` since during this phase, the +transactions are being included in the proposed block. + +Alternatively, we can keep the transactions as truly being removed during the +reaping phase in `PrepareProposal` and add them back to the app-side mempool in +case `ProcessProposal` fails. + +## Consequences + +### Backwards Compatibility + +ABCI 1.0 is naturally not backwards compatible with prior versions of the Cosmos SDK +and Tendermint. For example, an application that requests `RequestPrepareProposal` +to the same application that does not speak ABCI 1.0 will naturally fail. + +However, in the first phase of the integration, the existing ABCI methods as we +know them today will still exist and function as they currently do. + +### Positive + +* Applications now have full control over transaction ordering and priority. +* Lays the groundwork for the full integration of ABCI 1.0, which will unlock more + app-side use cases around block construction and integration with the Tendermint + consensus engine. + +### Negative + +* Requires that the "mempool", as a general data structure that collects and stores + uncommitted transactions will be duplicated between both Tendermint and the + Cosmos SDK. +* Additional requests between Tendermint and the Cosmos SDK in the context of + block execution. Albeit, the overhead should be negligible. +* Not backwards compatible with previous versions of Tendermint and the Cosmos SDK. + +## Further Discussions + +It is possible to design the app-side implementation of the `Mempool[T MempoolTx]` +in many different ways using different data structures and implementations. All +of which have different tradeoffs. The proposed solution keeps things simple +and covers cases that would be required for most basic applications. There are +tradeoffs that can be made to improve performance of reaping and inserting into +the provided mempool implementation. + +## References + +* https://github.com/tendermint/tendermint/blob/master/spec/abci%2B%2B/README.md +* [1] https://github.com/tendermint/tendermint/issues/7750#issuecomment-1076806155 +* [2] https://github.com/tendermint/tendermint/issues/7750#issuecomment-1075717151 diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-061-liquid-staking.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-061-liquid-staking.md new file mode 100644 index 00000000..fcfeda0d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-061-liquid-staking.md @@ -0,0 +1,82 @@ +# ADR ADR-061: Liquid Staking + +## Changelog + +* 2022-09-10: Initial Draft (@zmanian) + +## Status + +ACCEPTED + +## Abstract + +Add a semi-fungible liquid staking primitive to the default Cosmos SDK staking module. This upgrades proof of stake to enable safe designs with lower overall monetary issuance and integration with numerous liquid staking protocols like Stride, Persistence, Quicksilver, Lido etc. + +## Context + +The original release of the Cosmos Hub featured the implementation of a ground breaking proof of stake mechanism featuring delegation, slashing, in protocol reward distribution and adaptive issuance. This design was state of the art for 2016 and has been deployed without major changes by many L1 blockchains. + +As both Proof of Stake and blockchain use cases have matured, this design has aged poorly and should no longer be considered a good baseline Proof of Stake issuance. In the world of application specific blockchains, there cannot be a one size fits all blockchain but the Cosmos SDK does endeavour to provide a good baseline implementation and one that is suitable for the Cosmos Hub. + +The most important deficiency of the legacy staking design is that it composes poorly with on chain protocols for trading, lending, derivatives that are referred to collectively as DeFi. The legacy staking implementation starves these applications of liquidity by increasing the risk free rate adaptively. It basically makes DeFi and staking security somewhat incompatible. + +The Osmosis team has adopted the idea of Superfluid and Interfluid staking where assets that are participating in DeFi appliactions can also be used in proof of stake. This requires tight integration with an enshrined set of DeFi applications and thus is unsuitable for the Cosmos SDK. + +It's also important to note that Interchain Accounts are available in the default IBC implementation and can be used to [rehypothecate](https://www.investopedia.com/terms/h/hypothecation.asp#toc-what-is-rehypothecation) delegations. Thus liquid staking is already possible and these changes merely improve the UX of liquid staking. Centralized exchanges also rehypothecate staked assets, posing challenges for decentralization. This ADR takes the position that adoption of in-protocol liquid staking is the preferable outcome and provides new levers to incentivize decentralization of stake. + +These changes to the staking module have been in development for more than a year and have seen substantial industry adoption who plan to build staking UX. The internal economics at Informal team has also done a review of the impacts of these changes and this review led to the development of the exempt delegation system. This system provides governance with a tuneable parameter for modulating the risks of principal agent problem called the exemption factor. + +## Decision + +We implement the semi-fungible liquid staking system and exemption factor system within the cosmos sdk. Though registered as fungible assets, these tokenized shares have extremely limited fungibility, only among the specific delegation record that was created when shares were tokenized. These assets can be used for OTC trades but composability with DeFi is limited. The primary expected use case is improving the user experience of liquid staking providers. + +A new governance parameter is introduced that defines the ratio of exempt to issued tokenized shares. This is called the exemption factor. A larger exemption factor allows more tokenized shares to be issued for a smaller amount of exempt delegations. If governance is comfortable with how the liquid staking market is evolving, it makes sense to increase this value. + +Min self delegation is removed from the staking system with the expectation that it will be replaced by the exempt delegations system. The exempt delegation system allows multiple accounts to demonstrate economic alignment with the validator operator as team members, partners etc. without co-mingling funds. Delegation exemption will likely be required to grow the validators' business under widespread adoption of liquid staking once governance has adjusted the exemption factor. + +When shares are tokenized, the underlying shares are transferred to a module account and rewards go to the module account for the TokenizedShareRecord. + +There is no longer a mechanism to override the validators vote for TokenizedShares. + + +### `MsgTokenizeShares` + +The MsgTokenizeShares message is used to create tokenize delegated tokens. This message can be executed by any delegator who has positive amount of delegation and after execution the specific amount of delegation disappear from the account and share tokens are provided. Share tokens are denominated in the validator and record id of the underlying delegation. + +A user may tokenize some or all of their delegation. + +They will receive shares with the denom of `cosmosvaloper1xxxx/5` where 5 is the record id for the validator operator. + +MsgTokenizeShares fails if the account is a VestingAccount. Users will have to move vested tokens to a new account and endure the unbonding period. We view this as an acceptable tradeoff vs. the complex book keeping required to track vested tokens. + +The total amount of outstanding tokenized shares for the validator is checked against the sum of exempt delegations multiplied by the exemption factor. If the tokenized shares exceeds this limit, execution fails. + +MsgTokenizeSharesResponse provides the number of tokens generated and their denom. + + +### `MsgRedeemTokensforShares` + +The MsgRedeemTokensforShares message is used to redeem the delegation from share tokens. This message can be executed by any user who owns share tokens. After execution delegations will appear to the user. + +### `MsgTransferTokenizeShareRecord` + +The MsgTransferTokenizeShareRecord message is used to transfer the ownership of rewards generated from the tokenized amount of delegation. The tokenize share record is created when a user tokenize his/her delegation and deleted when the full amount of share tokens are redeemed. + +This is designed to work with liquid staking designs that do not redeem the tokenized shares and may instead want to keep the shares tokenized. + + +### `MsgExemptDelegation` + +The MsgExemptDelegation message is used to exempt a delegation to a validator. If the exemption factor is greater than 0, this will allow more delegation shares to be issued from the validator. + +This design allows the chain to force an amount of self-delegation by validators participating in liquid staking schemes. + +## Consequences + +### Backwards Compatibility + +By setting the exemption factor to zero, this module works like legacy staking. The only substantial change is the removal of min-self-bond and without any tokenized shares, there is no incentive to exempt delegation. + +### Positive + +This approach should enable integration with liquid staking providers and improved user experience. It provides a pathway to security under non-exponential issuance policies in the baseline staking module. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-062-collections-state-layer.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-062-collections-state-layer.md new file mode 100644 index 00000000..8ebaddda --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-062-collections-state-layer.md @@ -0,0 +1,117 @@ +# ADR 062: Collections, a simplified storage layer for cosmos-sdk modules. + +## Changelog + +* 30/11/2022: PROPOSED + +## Status + +PROPOSED - Implemented + +## Abstract + +We propose a simplified module storage layer which leverages golang generics to allow module developers to handle module +storage in a simple and straightforward manner, whilst offering safety, extensibility and standardisation. + +## Context + +Module developers are forced into manually implementing storage functionalities in their modules, those functionalities include +but are not limited to: + +- Defining key to bytes formats. +- Defining value to bytes formats. +- Defining secondary indexes. +- Defining query methods to expose outside to deal with storage. +- Defining local methods to deal with storage writing. +- Dealing with genesis imports and exports. +- Writing tests for all the above. + + +This brings in a lot of problems: +- It blocks developers from focusing on the most important part: writing business logic. +- Key to bytes formats are complex and their definition is error-prone, for example: + - how do I format time to bytes in such a way that bytes are sorted? + - how do I ensure when I don't have namespace collisions when dealing with secondary indexes? +- The lack of standardisation makes life hard for clients, and the problem is exacerbated when it comes to providing proofs for objects present in state. Clients are forced to maintain a list of object paths to gather proofs. + +### Current Solution: ORM + +The current SDK proposed solution to this problem is [ORM](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-055-orm.md). +Whilst ORM offers a lot of good functionality aimed at solving these specific problems, it has some downsides: +- It requires migrations. +- It uses the newest protobuf golang API, whilst the SDK still mainly uses gogoproto. +- Integrating ORM into a module would require the developer to deal with two different golang frameworks (golang protobuf + gogoproto) representing the same API objects. +- It has a high learning curve, even for simple storage layers as it requires developers to have knowledge around protobuf options, custom cosmos-sdk storage extensions, and tooling download. Then after this they still need to learn the code-generated API. + +### CosmWasm Solution: cw-storage-plus + +The collections API takes inspiration from [cw-storage-plus](https://docs.cosmwasm.com/docs/1.0/smart-contracts/state/cw-plus/), +which has demonstrated to be a powerful tool for dealing with storage in CosmWasm contracts. +It's simple, does not require extra tooling, it makes it easy to deal with complex storage structures (indexes, snapshot, etc). +The API is straightforward and explicit. + +## Decision + +We propose to port the `collections` API, whose implementation lives in [NibiruChain/collections](https://github.com/NibiruChain/collections) to cosmos-sdk. + +Collections implements four different storage handlers types: + +- `Map`: which deals with simple `key=>object` mappings. +- `KeySet`: which acts as a `Set` and only retains keys and no object (usecase: allow-lists). +- `Item`: which always contains only one object (usecase: Params) +- `Sequence`: which implements a simple always increasing number (usecase: Nonces) +- `IndexedMap`: builds on top of `Map` and `KeySet` and allows to create relationships with `Objects` and `Objects` secondary keys. + +All the collection APIs build on top of the simple `Map` type. + +Collections is fully generic, meaning that anything can be used as `Key` and `Value`. It can be a protobuf object or not. + +Collections types, in fact, delegate the duty of serialisation of keys and values to a secondary collections API component called `ValueEncoders` and `KeyEncoders`. + +`ValueEncoders` take care of converting a value to bytes (relevant only for `Map`). And offers a plug and play layer which allows us to change how we encode objects, +which is relevant for swapping serialisation frameworks and enhancing performance. +`Collections` already comes in with default `ValueEncoders`, specifically for: protobuf objects, special SDK types (sdk.Int, sdk.Dec). + +`KeyEncoders` take care of converting keys to bytes, `collections` already comes in with some default `KeyEncoders` for some privimite golang types +(uint64, string, time.Time, ...) and some widely used sdk types (sdk.Acc/Val/ConsAddress, sdk.Int/Dec, ...). +These default implementations also offer safety around proper lexicographic ordering and namespace-collision. + +Examples of the collections API can be found here: +- introduction: https://github.com/NibiruChain/collections/tree/main/examples +- usage in nibiru: [x/oracle](https://github.com/NibiruChain/nibiru/blob/master/x/oracle/keeper/keeper.go#L32), [x/perp](https://github.com/NibiruChain/nibiru/blob/master/x/perp/keeper/keeper.go#L31) +- cosmos-sdk's x/staking migrated: https://github.com/testinginprod/cosmos-sdk/pull/22 + + +## Consequences + +### Backwards Compatibility + +The design of `ValueEncoders` and `KeyEncoders` allows modules to retain the same `byte(key)=>byte(value)` mappings, making +the upgrade to the new storage layer non-state breaking. + + +### Positive + +- ADR aimed at removing code from the SDK rather than adding it. Migrating just `x/staking` to collections would yield to a net decrease in LOC (even considering the addition of collections itself). +- Simplifies and standardises storage layers across modules in the SDK. +- Does not require to have to deal with protobuf. +- It's pure golang code. +- Generalisation over `KeyEncoders` and `ValueEncoders` allows us to not tie ourself to the data serialisation framework. +- `KeyEncoders` and `ValueEncoders` can be extended to provide schema reflection. + +### Negative + +- Golang generics are not as battle-tested as other Golang features, despite being used in production right now. +- Collection types instantiation needs to be improved. + +### Neutral + +{neutral consequences} + +## Further Discussions + +- Automatic genesis import/export (not implemented because of API breakage) +- Schema reflection + + +## References diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-063-core-module-api.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-063-core-module-api.md new file mode 100644 index 00000000..3159021d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-063-core-module-api.md @@ -0,0 +1,561 @@ +# ADR 063: Core Module API + +## Changelog + +* 2022-08-18 First Draft +* 2022-12-08 First Draft +* 2023-01-24 Updates + +## Status + +ACCEPTED Partially Implemented + +## Abstract + +A new core API is proposed as a way to develop cosmos-sdk applications that will eventually replace the existing +`AppModule` and `sdk.Context` frameworks a set of core services and extension interfaces. This core API aims to: + +* be simpler +* more extensible +* more stable than the current framework +* enable deterministic events and queries, +* support event listeners +* [ADR 033: Protobuf-based Inter-Module Communication](./adr-033-protobuf-inter-module-comm.md) clients. + +## Context + +Historically modules have exposed their functionality to the framework via the `AppModule` and `AppModuleBasic` +interfaces which have the following shortcomings: + +* both `AppModule` and `AppModuleBasic` need to be defined and registered which is counter-intuitive +* apps need to implement the full interfaces, even parts they don't need (although there are workarounds for this), +* interface methods depend heavily on unstable third party dependencies, in particular Comet, +* legacy required methods have littered these interfaces for far too long + +In order to interact with the state machine, modules have needed to do a combination of these things: + +* get store keys from the app +* call methods on `sdk.Context` which contains more or less the full set of capability available to modules. + +By isolating all the state machine functionality into `sdk.Context`, the set of functionalities available to +modules are tightly coupled to this type. If there are changes to upstream dependencies (such as Comet) +or new functionalities are desired (such as alternate store types), the changes need impact `sdk.Context` and all +consumers of it (basically all modules). Also, all modules now receive `context.Context` and need to convert these +to `sdk.Context`'s with a non-ergonomic unwrapping function. + +Any breaking changes to these interfaces, such as ones imposed by third-party dependencies like Comet, have the +side effect of forcing all modules in the ecosystem to update in lock-step. This means it is almost impossible to have +a version of the module which can be run with 2 or 3 different versions of the SDK or 2 or 3 different versions of +another module. This lock-step coupling slows down overall development within the ecosystem and causes updates to +components to be delayed longer than they would if things were more stable and loosely coupled. + +## Decision + +The `core` API proposes a set of core APIs that modules can rely on to interact with the state machine and expose their +functionalities to it that are designed in a principled way such that: + +* tight coupling of dependencies and unrelated functionalities is minimized or eliminated +* APIs can have long-term stability guarantees +* the SDK framework is extensible in a safe and straightforward way + +The design principles of the core API are as follows: + +* everything that a module wants to interact with in the state machine is a service +* all services coordinate state via `context.Context` and don't try to recreate the "bag of variables" approach of `sdk.Context` +* all independent services are isolated in independent packages with minimal APIs and minimal dependencies +* the core API should be minimalistic and designed for long-term support (LTS) +* a "runtime" module will implement all the "core services" defined by the core API and can handle all module + functionalities exposed by core extension interfaces +* other non-core and/or non-LTS services can be exposed by specific versions of runtime modules or other modules +following the same design principles, this includes functionality that interacts with specific non-stable versions of +third party dependencies such as Comet +* the core API doesn't implement *any* functionality, it just defines types +* go stable API compatibility guidelines are followed: https://go.dev/blog/module-compatibility + +A "runtime" module is any module which implements the core functionality of composing an ABCI app, which is currently +handled by `BaseApp` and the `ModuleManager`. Runtime modules which implement the core API are *intentionally* separate +from the core API in order to enable more parallel versions and forks of the runtime module than is possible with the +SDK's current tightly coupled `BaseApp` design while still allowing for a high degree of composability and +compatibility. + +Modules which are built only against the core API don't need to know anything about which version of runtime, +`BaseApp` or Comet in order to be compatible. Modules from the core mainline SDK could be easily composed +with a forked version of runtime with this pattern. + +This design is intended to enable matrices of compatible dependency versions. Ideally a given version of any module +is compatible with multiple versions of the runtime module and other compatible modules. This will allow dependencies +to be selectively updated based on battle-testing. More conservative projects may want to update some dependencies +slower than more fast moving projects. + +### Core Services + +The following "core services" are defined by the core API. All valid runtime module implementations should provide +implementations of these services to modules via both [dependency injection](./adr-057-app-wiring.md) and +manual wiring. The individual services described below are all bundled in a convenient `appmodule.Service` +"bundle service" so that for simplicity modules can declare a dependency on a single service. + +#### Store Services + +Store services will be defined in the `cosmossdk.io/core/store` package. + +The generic `store.KVStore` interface is the same as current SDK `KVStore` interface. Store keys have been refactored +into store services which, instead of expecting the context to know about stores, invert the pattern and allow +retrieving a store from a generic context. There are three store services for the three types of currently supported +stores - regular kv-store, memory, and transient: + +```go +type KVStoreService interface { + OpenKVStore(context.Context) KVStore +} + +type MemoryStoreService interface { + OpenMemoryStore(context.Context) KVStore +} +type TransientStoreService interface { + OpenTransientStore(context.Context) KVStore +} +``` + +Modules can use these services like this: + +```go +func (k msgServer) Send(ctx context.Context, msg *types.MsgSend) (*types.MsgSendResponse, error) { + store := k.kvStoreSvc.OpenKVStore(ctx) +} +``` + +Just as with the current runtime module implementation, modules will not need to explicitly name these store keys, +but rather the runtime module will choose an appropriate name for them and modules just need to request the +type of store they need in their dependency injection (or manual) constructors. + +#### Event Service + +The event `Service` will be defined in the `cosmossdk.io/core/event` package. + +The event `Service` allows modules to emit typed and legacy untyped events: + +```go +package event + +type Service interface { + // EmitProtoEvent emits events represented as a protobuf message (as described in ADR 032). + // + // Callers SHOULD assume that these events may be included in consensus. These events + // MUST be emitted deterministically and adding, removing or changing these events SHOULD + // be considered state-machine breaking. + EmitProtoEvent(ctx context.Context, event protoiface.MessageV1) error + + // EmitKVEvent emits an event based on an event and kv-pair attributes. + // + // These events will not be part of consensus and adding, removing or changing these events is + // not a state-machine breaking change. + EmitKVEvent(ctx context.Context, eventType string, attrs ...KVEventAttribute) error + + // EmitProtoEventNonConsensus emits events represented as a protobuf message (as described in ADR 032), without + // including it in blockchain consensus. + // + // These events will not be part of consensus and adding, removing or changing events is + // not a state-machine breaking change. + EmitProtoEventNonConsensus(ctx context.Context, event protoiface.MessageV1) error +} +``` + +Typed events emitted with `EmitProto` should be assumed to be part of blockchain consensus (whether they are part of +the block or app hash is left to the runtime to specify). + +Events emitted by `EmitKVEvent` and `EmitProtoEventNonConsensus` are not considered to be part of consensus and cannot be observed +by other modules. If there is a client-side need to add events in patch releases, these methods can be used. + +#### Logger + +A logger (`cosmossdk.io/log`) must be supplied using `depinject`, and will +be made available for modules to use via `depinject.In`. +Modules using it should follow the current pattern in the SDK by adding the module name before using it. + +```go +type ModuleInputs struct { + depinject.In + + Logger log.Logger +} + +func ProvideModule(in ModuleInputs) ModuleOutputs { + keeper := keeper.NewKeeper( + in.logger, + ) +} + +func NewKeeper(logger log.Logger) Keeper { + return Keeper{ + logger: logger.With(log.ModuleKey, "x/"+types.ModuleName), + } +} +``` + +### Core `AppModule` extension interfaces + + +Modules will provide their core services to the runtime module via extension interfaces built on top of the +`cosmossdk.io/core/appmodule.AppModule` tag interface. This tag interface requires only two empty methods which +allow `depinject` to identify implementors as `depinject.OnePerModule` types and as app module implementations: + +```go +type AppModule interface { + depinject.OnePerModuleType + + // IsAppModule is a dummy method to tag a struct as implementing an AppModule. + IsAppModule() +} +``` + +Other core extension interfaces will be defined in `cosmossdk.io/core` should be supported by valid runtime +implementations. + +#### `MsgServer` and `QueryServer` registration + +`MsgServer` and `QueryServer` registration is done by implementing the `HasServices` extension interface: + +```go +type HasServices interface { + AppModule + + RegisterServices(grpc.ServiceRegistrar) +} + +``` + +Because of the `cosmos.msg.v1.service` protobuf option, required for `Msg` services, the same `ServiceRegitrar` can be +used to register both `Msg` and query services. + +#### Genesis + +The genesis `Handler` functions - `DefaultGenesis`, `ValidateGenesis`, `InitGenesis` and `ExportGenesis` - are specified +against the `GenesisSource` and `GenesisTarget` interfaces which will abstract over genesis sources which may be a single +JSON object or collections of JSON objects that can be efficiently streamed. + +```go +// GenesisSource is a source for genesis data in JSON format. It may abstract over a +// single JSON object or separate files for each field in a JSON object that can +// be streamed over. Modules should open a separate io.ReadCloser for each field that +// is required. When fields represent arrays they can efficiently be streamed +// over. If there is no data for a field, this function should return nil, nil. It is +// important that the caller closes the reader when done with it. +type GenesisSource = func(field string) (io.ReadCloser, error) + +// GenesisTarget is a target for writing genesis data in JSON format. It may +// abstract over a single JSON object or JSON in separate files that can be +// streamed over. Modules should open a separate io.WriteCloser for each field +// and should prefer writing fields as arrays when possible to support efficient +// iteration. It is important the caller closers the writer AND checks the error +// when done with it. It is expected that a stream of JSON data is written +// to the writer. +type GenesisTarget = func(field string) (io.WriteCloser, error) +``` + +All genesis objects for a given module are expected to conform to the semantics of a JSON object. +Each field in the JSON object should be read and written separately to support streaming genesis. +The [ORM](./adr-055-orm.md) and [collections](./adr-062-collections-state-layer.md) both support +streaming genesis and modules using these frameworks generally do not need to write any manual +genesis code. + +To support genesis, modules should implement the `HasGenesis` extension interface: + +```go +type HasGenesis interface { + AppModule + + // DefaultGenesis writes the default genesis for this module to the target. + DefaultGenesis(GenesisTarget) error + + // ValidateGenesis validates the genesis data read from the source. + ValidateGenesis(GenesisSource) error + + // InitGenesis initializes module state from the genesis source. + InitGenesis(context.Context, GenesisSource) error + + // ExportGenesis exports module state to the genesis target. + ExportGenesis(context.Context, GenesisTarget) error +} +``` + +#### Pre Blockers + +Modules that have functionality that runs before BeginBlock and should implement the has `HasPreBlocker` interfaces: + +```go +type HasPreBlocker interface { + AppModule + PreBlock(context.Context) error +} +``` + +#### Begin and End Blockers + +Modules that have functionality that runs before transactions (begin blockers) or after transactions +(end blockers) should implement the has `HasBeginBlocker` and/or `HasEndBlocker` interfaces: + +```go +type HasBeginBlocker interface { + AppModule + BeginBlock(context.Context) error +} + +type HasEndBlocker interface { + AppModule + EndBlock(context.Context) error +} +``` + +The `BeginBlock` and `EndBlock` methods will take a `context.Context`, because: + +* most modules don't need Comet information other than `BlockInfo` so we can eliminate dependencies on specific +Comet versions +* for the few modules that need Comet block headers and/or return validator updates, specific versions of the +runtime module will provide specific functionality for interacting with the specific version(s) of Comet +supported + +In order for `BeginBlock`, `EndBlock` and `InitGenesis` to send back validator updates and retrieve full Comet +block headers, the runtime module for a specific version of Comet could provide services like this: + +```go +type ValidatorUpdateService interface { + SetValidatorUpdates(context.Context, []abci.ValidatorUpdate) +} +``` + +Header Service defines a way to get header information about a block. This information is generalized for all implementations: + +```go + +type Service interface { + GetHeaderInfo(context.Context) Info +} + +type Info struct { + Height int64 // Height returns the height of the block + Hash []byte // Hash returns the hash of the block header + Time time.Time // Time returns the time of the block + ChainID string // ChainId returns the chain ID of the block +} +``` + +Comet Service provides a way to get comet specific information: + +```go +type Service interface { + GetCometInfo(context.Context) Info +} + +type CometInfo struct { + Evidence []abci.Misbehavior // Misbehavior returns the misbehavior of the block + // ValidatorsHash returns the hash of the validators + // For Comet, it is the hash of the next validators + ValidatorsHash []byte + ProposerAddress []byte // ProposerAddress returns the address of the block proposer + DecidedLastCommit abci.CommitInfo // DecidedLastCommit returns the last commit info +} +``` + +If a user would like to provide a module other information they would need to implement another service like: + +```go +type RollKit Interface { + ... +} +``` + +We know these types will change at the Comet level and that also a very limited set of modules actually need this +functionality, so they are intentionally kept out of core to keep core limited to the necessary, minimal set of stable +APIs. + +#### Remaining Parts of AppModule + +The current `AppModule` framework handles a number of additional concerns which aren't addressed by this core API. +These include: + +* gas +* block headers +* upgrades +* registration of gogo proto and amino interface types +* cobra query and tx commands +* gRPC gateway +* crisis module invariants +* simulations + +Additional `AppModule` extension interfaces either inside or outside of core will need to be specified to handle +these concerns. + +In the case of gogo proto and amino interfaces, the registration of these generally should happen as early +as possible during initialization and in [ADR 057: App Wiring](./adr-057-app-wiring-1.md), protobuf type registration +happens before dependency injection (although this could alternatively be done dedicated DI providers). + +gRPC gateway registration should probably be handled by the runtime module, but the core API shouldn't depend on gRPC +gateway types as 1) we are already using an older version and 2) it's possible the framework can do this registration +automatically in the future. So for now, the runtime module should probably provide some sort of specific type for doing +this registration ex: + +```go +type GrpcGatewayInfo struct { + Handlers []GrpcGatewayHandler +} + +type GrpcGatewayHandler func(ctx context.Context, mux *runtime.ServeMux, client QueryClient) error +``` + +which modules can return in a provider: + +```go +func ProvideGrpcGateway() GrpcGatewayInfo { + return GrpcGatewayinfo { + Handlers: []Handler {types.RegisterQueryHandlerClient} + } +} +``` + +Crisis module invariants and simulations are subject to potential redesign and should be managed with types +defined in the crisis and simulation modules respectively. + +Extension interface for CLI commands will be provided via the `cosmossdk.io/client/v2` module and its +[autocli](./adr-058-auto-generated-cli.md) framework. + +#### Example Usage + +Here is an example of setting up a hypothetical `foo` v2 module which uses the [ORM](./adr-055-orm.md) for its state +management and genesis. + +```go + +type Keeper struct { + db orm.ModuleDB + evtSrv event.Service +} + +func (k Keeper) RegisterServices(r grpc.ServiceRegistrar) { + foov1.RegisterMsgServer(r, k) + foov1.RegisterQueryServer(r, k) +} + +func (k Keeper) BeginBlock(context.Context) error { + return nil +} + +func ProvideApp(config *foomodulev2.Module, evtSvc event.EventService, db orm.ModuleDB) (Keeper, appmodule.AppModule){ + k := &Keeper{db: db, evtSvc: evtSvc} + return k, k +} +``` + +### Runtime Compatibility Version + +The `core` module will define a static integer var, `cosmossdk.io/core.RuntimeCompatibilityVersion`, which is +a minor version indicator of the core module that is accessible at runtime. Correct runtime module implementations +should check this compatibility version and return an error if the current `RuntimeCompatibilityVersion` is higher +than the version of the core API that this runtime version can support. When new features are adding to the `core` +module API that runtime modules are required to support, this version should be incremented. + +### Runtime Modules + +The initial `runtime` module will simply be created within the existing `github.com/cosmos/cosmos-sdk` go module +under the `runtime` package. This module will be a small wrapper around the existing `BaseApp`, `sdk.Context` and +module manager and follow the Cosmos SDK's existing [0-based versioning](https://0ver.org). To move to semantic +versioning as well as runtime modularity, new officially supported runtime modules will be created under the +`cosmossdk.io/runtime` prefix. For each supported consensus engine a semantically-versioned go module should be created +with a runtime implementation for that consensus engine. For example: +- `cosmossdk.io/runtime/comet` +- `cosmossdk.io/runtime/comet/v2` +- `cosmossdk.io/runtime/rollkit` +- etc. + +These runtime modules should attempt to be semantically versioned even if the underlying consensus engine is not. Also, +because a runtime module is also a first class Cosmos SDK module, it should have a protobuf module config type. +A new semantically versioned module config type should be created for each of these runtime module such that there is a +1:1 correspondence between the go module and module config type. This is the same practice should be followed for every +semantically versioned Cosmos SDK module as described in [ADR 057: App Wiring](./adr-057-app-wiring.md). + +Currently, `github.com/cosmos/cosmos-sdk/runtime` uses the protobuf config type `cosmos.app.runtime.v1alpha1.Module`. +When we have a standalone v1 comet runtime, we should use a dedicated protobuf module config type such as +`cosmos.runtime.comet.v1.Module1`. When we release v2 of the comet runtime (`cosmossdk.io/runtime/comet/v2`) we should +have a corresponding `cosmos.runtime.comet.v2.Module` protobuf type. + +In order to make it easier to support different consensus engines that support the same core module functionality as +described in this ADR, a common go module should be created with shared runtime components. The easiest runtime components +to share initially are probably the message/query router, inter-module client, service register, and event router. +This common runtime module should be created initially as the `cosmossdk.io/runtime/common` go module. + +When this new architecture has been implemented, the main dependency for a Cosmos SDK module would be +`cosmossdk.io/core` and that module should be able to be used with any supported consensus engine (to the extent +that it does not explicitly depend on consensus engine specific functionality such as Comet's block headers). An +app developer would then be able to choose which consensus engine they want to use by importing the corresponding +runtime module. The current `BaseApp` would be refactored into the `cosmossdk.io/runtime/comet` module, the router +infrastructure in `baseapp/` would be refactored into `cosmossdk.io/runtime/common` and support ADR 033, and eventually +a dependency on `github.com/cosmos/cosmos-sdk` would no longer be required. + +In short, modules would depend primarily on `cosmossdk.io/core`, and each `cosmossdk.io/runtime/{consensus-engine}` +would implement the `cosmossdk.io/core` functionality for that consensus engine. + +On additional piece that would need to be resolved as part of this architecture is how runtimes relate to the server. +Likely it would make sense to modularize the current server architecture so that it can be used with any runtime even +if that is based on a consensus engine besides Comet. This means that eventually the Comet runtime would need to +encapsulate the logic for starting Comet and the ABCI app. + +### Testing + +A mock implementation of all services should be provided in core to allow for unit testing of modules +without needing to depend on any particular version of runtime. Mock services should +allow tests to observe service behavior or provide a non-production implementation - for instance memory +stores can be used to mock stores. + +For integration testing, a mock runtime implementation should be provided that allows composing different app modules +together for testing without a dependency on runtime or Comet. + +## Consequences + +### Backwards Compatibility + +Early versions of runtime modules should aim to support as much as possible modules built with the existing +`AppModule`/`sdk.Context` framework. As the core API is more widely adopted, later runtime versions may choose to +drop support and only support the core API plus any runtime module specific APIs (like specific versions of Comet). + +The core module itself should strive to remain at the go semantic version `v1` as long as possible and follow design +principles that allow for strong long-term support (LTS). + +Older versions of the SDK can support modules built against core with adaptors that convert wrap core `AppModule` +implementations in implementations of `AppModule` that conform to that version of the SDK's semantics as well +as by providing service implementations by wrapping `sdk.Context`. + +### Positive + +* better API encapsulation and separation of concerns +* more stable APIs +* more framework extensibility +* deterministic events and queries +* event listeners +* inter-module msg and query execution support +* more explicit support for forking and merging of module versions (including runtime) + +### Negative + +### Neutral + +* modules will need to be refactored to use this API +* some replacements for `AppModule` functionality still need to be defined in follow-ups + (type registration, commands, invariants, simulations) and this will take additional design work + +## Further Discussions + +* gas +* block headers +* upgrades +* registration of gogo proto and amino interface types +* cobra query and tx commands +* gRPC gateway +* crisis module invariants +* simulations + +## References + +* [ADR 033: Protobuf-based Inter-Module Communication](./adr-033-protobuf-inter-module-comm.md) +* [ADR 057: App Wiring](./adr-057-app-wiring-1.md) +* [ADR 055: ORM](./adr-055-orm.md) +* [ADR 028: Public Key Addresses](./adr-028-public-key-addresses.md) +* [Keeping Your Modules Compatible](https://go.dev/blog/module-compatibility) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-064-abci-2.0.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-064-abci-2.0.md new file mode 100644 index 00000000..c0dc7f74 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-064-abci-2.0.md @@ -0,0 +1,473 @@ +# ADR 64: ABCI 2.0 Integration (Phase II) + +## Changelog + +* 2023-01-17: Initial Draft (@alexanderbez) +* 2023-04-06: Add upgrading section (@alexanderbez) +* 2023-04-10: Simplify vote extension state persistence (@alexanderbez) +* 2023-07-07: Revise vote extension state persistence (@alexanderbez) +* 2023-08-24: Revise vote extension power calculations and staking interface (@davidterpay) + +## Status + +ACCEPTED + +## Abstract + +This ADR outlines the continuation of the efforts to implement ABCI++ in the Cosmos +SDK outlined in [ADR 060: ABCI 1.0 (Phase I)](adr-060-abci-1.0.md). + +Specifically, this ADR outlines the design and implementation of ABCI 2.0, which +includes `ExtendVote`, `VerifyVoteExtension` and `FinalizeBlock`. + +## Context + +ABCI 2.0 continues the promised updates from ABCI++, specifically three additional +ABCI methods that the application can implement in order to gain further control, +insight and customization of the consensus process, unlocking many novel use-cases +that previously not possible. We describe these three new methods below: + +### `ExtendVote` + +This method allows each validator process to extend the pre-commit phase of the +CometBFT consensus process. Specifically, it allows the application to perform +custom business logic that extends the pre-commit vote and supply additional data +as part of the vote, although they are signed separately by the same key. + +The data, called vote extension, will be broadcast and received together with the +vote it is extending, and will be made available to the application in the next +height. Specifically, the proposer of the next block will receive the vote extensions +in `RequestPrepareProposal.local_last_commit.votes`. + +If the application does not have vote extension information to provide, it +returns a 0-length byte array as its vote extension. + +**NOTE**: + +* Although each validator process submits its own vote extension, ONLY the *proposer* + of the *next* block will receive all the vote extensions included as part of the + pre-commit phase of the previous block. This means only the proposer will + implicitly have access to all the vote extensions, via `RequestPrepareProposal`, + and that not all vote extensions may be included, since a validator does not + have to wait for all pre-commits, only 2/3. +* The pre-commit vote is signed independently from the vote extension. + +### `VerifyVoteExtension` + +This method allows validators to validate the vote extension data attached to +each pre-commit message it receives. If the validation fails, the whole pre-commit +message will be deemed invalid and ignored by CometBFT. + +CometBFT uses `VerifyVoteExtension` when validating a pre-commit vote. Specifically, +for a pre-commit, CometBFT will: + +* Reject the message if it doesn't contain a signed vote AND a signed vote extension +* Reject the message if the vote's signature OR the vote extension's signature fails to verify +* Reject the message if `VerifyVoteExtension` was rejected by the app + +Otherwise, CometBFT will accept the pre-commit message. + +Note, this has important consequences on liveness, i.e., if vote extensions repeatedly +cannot be verified by correct validators, CometBFT may not be able to finalize +a block even if sufficiently many (+2/3) validators send pre-commit votes for +that block. Thus, `VerifyVoteExtension` should be used with special care. + +CometBFT recommends that an application that detects an invalid vote extension +SHOULD accept it in `ResponseVerifyVoteExtension` and ignore it in its own logic. + +### `FinalizeBlock` + +This method delivers a decided block to the application. The application must +execute the transactions in the block deterministically and update its state +accordingly. Cryptographic commitments to the block and transaction results, +returned via the corresponding parameters in `ResponseFinalizeBlock`, are +included in the header of the next block. CometBFT calls it when a new block +is decided. + +In other words, `FinalizeBlock` encapsulates the current ABCI execution flow of +`BeginBlock`, one or more `DeliverTx`, and `EndBlock` into a single ABCI method. +CometBFT will no longer execute requests for these legacy methods and instead +will just simply call `FinalizeBlock`. + +## Decision + +We will discuss changes to the Cosmos SDK to implement ABCI 2.0 in two distinct +phases, `VoteExtensions` and `FinalizeBlock`. + +### `VoteExtensions` + +Similarly for `PrepareProposal` and `ProcessProposal`, we propose to introduce +two new handlers that an application can implement in order to provide and verify +vote extensions. + +We propose the following new handlers for applications to implement: + +```go +type ExtendVoteHandler func(sdk.Context, abci.RequestExtendVote) abci.ResponseExtendVote +type VerifyVoteExtensionHandler func(sdk.Context, abci.RequestVerifyVoteExtension) abci.ResponseVerifyVoteExtension +``` + +An ephemeral context and state will be supplied to both handlers. The +context will contain relevant metadata such as the block height and block hash. +The state will be a cached version of the committed state of the application and +will be discarded after the execution of the handler, this means that both handlers +get a fresh state view and no changes made to it will be written. + +If an application decides to implement `ExtendVoteHandler`, it must return a +non-nil `ResponseExtendVote.VoteExtension`. + +Recall, an implementation of `ExtendVoteHandler` does NOT need to be deterministic, +however, given a set of vote extensions, `VerifyVoteExtensionHandler` must be +deterministic, otherwise the chain may suffer from liveness faults. In addition, +recall CometBFT proceeds in rounds for each height, so if a decision cannot be +made about about a block proposal at a given height, CometBFT will proceed to the +next round and thus will execute `ExtendVote` and `VerifyVoteExtension` again for +the new round for each validator until 2/3 valid pre-commits can be obtained. + +Given the broad scope of potential implementations and use-cases of vote extensions, +and how to verify them, most applications should choose to implement the handlers +through a single handler type, which can have any number of dependencies injected +such as keepers. In addition, this handler type could contain some notion of +volatile vote extension state management which would assist in vote extension +verification. This state management could be ephemeral or could be some form of +on-disk persistence. + +Example: + +```go +// VoteExtensionHandler implements an Oracle vote extension handler. +type VoteExtensionHandler struct { + cdc Codec + mk MyKeeper + state VoteExtState // This could be a map or a DB connection object +} + +// ExtendVoteHandler can do something with h.mk and possibly h.state to create +// a vote extension, such as fetching a series of prices for supported assets. +func (h VoteExtensionHandler) ExtendVoteHandler(ctx sdk.Context, req abci.RequestExtendVote) abci.ResponseExtendVote { + prices := GetPrices(ctx, h.mk.Assets()) + bz, err := EncodePrices(h.cdc, prices) + if err != nil { + panic(fmt.Errorf("failed to encode prices for vote extension: %w", err)) + } + + // store our vote extension at the given height + // + // NOTE: Vote extensions can be overridden since we can timeout in a round. + SetPrices(h.state, req, bz) + + return abci.ResponseExtendVote{VoteExtension: bz} +} + +// VerifyVoteExtensionHandler can do something with h.state and req to verify +// the req.VoteExtension field, such as ensuring the provided oracle prices are +// within some valid range of our prices. +func (h VoteExtensionHandler) VerifyVoteExtensionHandler(ctx sdk.Context, req abci.RequestVerifyVoteExtension) abci.ResponseVerifyVoteExtension { + prices, err := DecodePrices(h.cdc, req.VoteExtension) + if err != nil { + log("failed to decode vote extension", "err", err) + return abci.ResponseVerifyVoteExtension{Status: REJECT} + } + + if err := ValidatePrices(h.state, req, prices); err != nil { + log("failed to validate vote extension", "prices", prices, "err", err) + return abci.ResponseVerifyVoteExtension{Status: REJECT} + } + + // store updated vote extensions at the given height + // + // NOTE: Vote extensions can be overridden since we can timeout in a round. + SetPrices(h.state, req, req.VoteExtension) + + return abci.ResponseVerifyVoteExtension{Status: ACCEPT} +} +``` + +#### Vote Extension Propagation & Verification + +As mentioned previously, vote extensions for height `H` are only made available +to the proposer at height `H+1` during `PrepareProposal`. However, in order to +make vote extensions useful, all validators should have access to the agreed upon +vote extensions at height `H` during `H+1`. + +Since CometBFT includes all the vote extension signatures in `RequestPrepareProposal`, +we propose that the proposing validator manually "inject" the vote extensions +along with their respective signatures via a special transaction, `VoteExtsTx`, +into the block proposal during `PrepareProposal`. The `VoteExtsTx` will be +populated with a single `ExtendedCommitInfo` object which is received directly +from `RequestPrepareProposal`. + +For convention, the `VoteExtsTx` transaction should be the first transaction in +the block proposal, although chains can implement their own preferences. For +safety purposes, we also propose that the proposer itself verify all the vote +extension signatures it receives in `RequestPrepareProposal`. + +A validator, upon a `RequestProcessProposal`, will receive the injected `VoteExtsTx` +which includes the vote extensions along with their signatures. If no such transaction +exists, the validator MUST REJECT the proposal. + +When a validator inspects a `VoteExtsTx`, it will evaluate each `SignedVoteExtension`. +For each signed vote extension, the validator will generate the signed bytes and +verify the signature. At least 2/3 valid signatures, based on voting power, must +be received in order for the block proposal to be valid, otherwise the validator +MUST REJECT the proposal. + +In order to have the ability to validate signatures, `BaseApp` must have access +to the `x/staking` module, since this module stores an index from consensus +address to public key. However, we will avoid a direct dependency on `x/staking` +and instead rely on an interface instead. In addition, the Cosmos SDK will expose +a default signature verification method which applications can use: + +```go +type ValidatorStore interface { + GetPubKeyByConsAddr(context.Context, sdk.ConsAddress) (cmtprotocrypto.PublicKey, error) +} + +// ValidateVoteExtensions is a function that an application can execute in +// ProcessProposal to verify vote extension signatures. +func (app *BaseApp) ValidateVoteExtensions(ctx sdk.Context, currentHeight int64, extCommit abci.ExtendedCommitInfo) error { + votingPower := 0 + totalVotingPower := 0 + + for _, vote := range extCommit.Votes { + totalVotingPower += vote.Validator.Power + + if !vote.SignedLastBlock || len(vote.VoteExtension) == 0 { + continue + } + + valConsAddr := sdk.ConsAddress(vote.Validator.Address) + pubKeyProto, err := valStore.GetPubKeyByConsAddr(ctx, valConsAddr) + if err != nil { + return fmt.Errorf("failed to get public key for validator %s: %w", valConsAddr, err) + } + + if len(vote.ExtensionSignature) == 0 { + return fmt.Errorf("received a non-empty vote extension with empty signature for validator %s", valConsAddr) + } + + cmtPubKey, err := cryptoenc.PubKeyFromProto(pubKeyProto) + if err != nil { + return fmt.Errorf("failed to convert validator %X public key: %w", valConsAddr, err) + } + + cve := cmtproto.CanonicalVoteExtension{ + Extension: vote.VoteExtension, + Height: currentHeight - 1, // the vote extension was signed in the previous height + Round: int64(extCommit.Round), + ChainId: app.GetChainID(), + } + + extSignBytes, err := cosmosio.MarshalDelimited(&cve) + if err != nil { + return fmt.Errorf("failed to encode CanonicalVoteExtension: %w", err) + } + + if !cmtPubKey.VerifySignature(extSignBytes, vote.ExtensionSignature) { + return errors.New("received vote with invalid signature") + } + + votingPower += vote.Validator.Power + } + + if (votingPower / totalVotingPower) < threshold { + return errors.New("not enough voting power for the vote extensions") + } + + return nil +} +``` + +Once at least 2/3 signatures, by voting power, are received and verified, the +validator can use the vote extensions to derive additional data or come to some +decision based on the vote extensions. + +> NOTE: It is very important to state, that neither the vote propagation technique +> nor the vote extension verification mechanism described above is required for +> applications to implement. In other words, a proposer is not required to verify +> and propagate vote extensions along with their signatures nor are proposers +> required to verify those signatures. An application can implement it's own +> PKI mechanism and use that to sign and verify vote extensions. + +#### Vote Extension Persistence + +In certain contexts, it may be useful or necessary for applications to persist +data derived from vote extensions. In order to facilitate this use case, we propose +to allow app developers to define a pre-Blocker hook which will be called +at the very beginning of `FinalizeBlock`, i.e. before `BeginBlock` (see below). + +Note, we cannot allow applications to directly write to the application state +during `ProcessProposal` because during replay, CometBFT will NOT call `ProcessProposal`, +which would result in an incomplete state view. + +```go +func (a MyApp) PreBlocker(ctx sdk.Context, req *abci.RequestFinalizeBlock) error { + voteExts := GetVoteExtensions(ctx, req.Txs) + + // Process and perform some compute on vote extensions, storing any resulting + // state. + if err a.processVoteExtensions(ctx, voteExts); if err != nil { + return err + } +} +``` + +### `FinalizeBlock` + +The existing ABCI methods `BeginBlock`, `DeliverTx`, and `EndBlock` have existed +since the dawn of ABCI-based applications. Thus, applications, tooling, and developers +have grown used to these methods and their use-cases. Specifically, `BeginBlock` +and `EndBlock` have grown to be pretty integral and powerful within ABCI-based +applications. E.g. an application might want to run distribution and inflation +related operations prior to executing transactions and then have staking related +changes to happen after executing all transactions. + +We propose to keep `BeginBlock` and `EndBlock` within the SDK's core module +interfaces only so application developers can continue to build against existing +execution flows. However, we will remove `BeginBlock`, `DeliverTx` and `EndBlock` +from the SDK's `BaseApp` implementation and thus the ABCI surface area. + +What will then exist is a single `FinalizeBlock` execution flow. Specifically, in +`FinalizeBlock` we will execute the application's `BeginBlock`, followed by +execution of all the transactions, finally followed by execution of the application's +`EndBlock`. + +Note, we will still keep the existing transaction execution mechanics within +`BaseApp`, but all notions of `DeliverTx` will be removed, i.e. `deliverState` +will be replace with `finalizeState`, which will be committed on `Commit`. + +However, there are current parameters and fields that exist in the existing +`BeginBlock` and `EndBlock` ABCI types, such as votes that are used in distribution +and byzantine validators used in evidence handling. These parameters exist in the +`FinalizeBlock` request type, and will need to be passed to the application's +implementations of `BeginBlock` and `EndBlock`. + +This means the Cosmos SDK's core module interfaces will need to be updated to +reflect these parameters. The easiest and most straightforward way to achieve +this is to just pass `RequestFinalizeBlock` to `BeginBlock` and `EndBlock`. +Alternatively, we can create dedicated proxy types in the SDK that reflect these +legacy ABCI types, e.g. `LegacyBeginBlockRequest` and `LegacyEndBlockRequest`. Or, +we can come up with new types and names altogether. + +```go +func (app *BaseApp) FinalizeBlock(req abci.RequestFinalizeBlock) (*abci.ResponseFinalizeBlock, error) { + ctx := ... + + if app.preBlocker != nil { + ctx := app.finalizeBlockState.ctx + rsp, err := app.preBlocker(ctx, req) + if err != nil { + return nil, err + } + if rsp.ConsensusParamsChanged { + app.finalizeBlockState.ctx = ctx.WithConsensusParams(app.GetConsensusParams(ctx)) + } + } + beginBlockResp, err := app.beginBlock(req) + appendBlockEventAttr(beginBlockResp.Events, "begin_block") + + txExecResults := make([]abci.ExecTxResult, 0, len(req.Txs)) + for _, tx := range req.Txs { + result := app.runTx(runTxModeFinalize, tx) + txExecResults = append(txExecResults, result) + } + + endBlockResp, err := app.endBlock(app.finalizeBlockState.ctx) + appendBlockEventAttr(beginBlockResp.Events, "end_block") + + return abci.ResponseFinalizeBlock{ + TxResults: txExecResults, + Events: joinEvents(beginBlockResp.Events, endBlockResp.Events), + ValidatorUpdates: endBlockResp.ValidatorUpdates, + ConsensusParamUpdates: endBlockResp.ConsensusParamUpdates, + AppHash: nil, + } +} +``` + +#### Events + +Many tools, indexers and ecosystem libraries rely on the existence `BeginBlock` +and `EndBlock` events. Since CometBFT now only exposes `FinalizeBlockEvents`, we +find that it will still be useful for these clients and tools to still query for +and rely on existing events, especially since applications will still define +`BeginBlock` and `EndBlock` implementations. + +In order to facilitate existing event functionality, we propose that all `BeginBlock` +and `EndBlock` events have a dedicated `EventAttribute` with `key=block` and +`value=begin_block|end_block`. The `EventAttribute` will be appended to each event +in both `BeginBlock` and `EndBlock` events`. + + +### Upgrading + +CometBFT defines a consensus parameter, [`VoteExtensionsEnableHeight`](https://github.com/cometbft/cometbft/blob/v0.38.0-alpha.1/spec/abci/abci%2B%2B_app_requirements.md#abciparamsvoteextensionsenableheight), +which specifies the height at which vote extensions are enabled and **required**. +If the value is set to zero, which is the default, then vote extensions are +disabled and an application is not required to implement and use vote extensions. + +However, if the value `H` is positive, at all heights greater than the configured +height `H` vote extensions must be present (even if empty). When the configured +height `H` is reached, `PrepareProposal` will not include vote extensions yet, +but `ExtendVote` and `VerifyVoteExtension` will be called. Then, when reaching +height `H+1`, `PrepareProposal` will include the vote extensions from height `H`. + +It is very important to note, for all heights after H: + +* Vote extensions CANNOT be disabled +* They are mandatory, i.e. all pre-commit messages sent MUST have an extension + attached (even if empty) + +When an application updates to the Cosmos SDK version with CometBFT v0.38 support, +in the upgrade handler it must ensure to set the consensus parameter +`VoteExtensionsEnableHeight` to the correct value. E.g. if an application is set +to perform an upgrade at height `H`, then the value of `VoteExtensionsEnableHeight` +should be set to any value `>=H+1`. This means that at the upgrade height, `H`, +vote extensions will not be enabled yet, but at height `H+1` they will be enabled. + +## Consequences + +### Backwards Compatibility + +ABCI 2.0 is naturally not backwards compatible with prior versions of the Cosmos SDK +and CometBFT. For example, an application that requests `RequestFinalizeBlock` +to the same application that does not speak ABCI 2.0 will naturally fail. + +In addition, `BeginBlock`, `DeliverTx` and `EndBlock` will be removed from the +application ABCI interfaces and along with the inputs and outputs being modified +in the module interfaces. + +### Positive + +* `BeginBlock` and `EndBlock` semantics remain, so burden on application developers + should be limited. +* Less communication overhead as multiple ABCI requests are condensed into a single + request. +* Sets the groundwork for optimistic execution. +* Vote extensions allow for an entirely new set of application primitives to be + developed, such as in-process price oracles and encrypted mempools. + +### Negative + +* Some existing Cosmos SDK core APIs may need to be modified and thus broken. +* Signature verification in `ProcessProposal` of 100+ vote extension signatures + will add significant performance overhead to `ProcessProposal`. Granted, the + signature verification process can happen concurrently using an error group + with `GOMAXPROCS` goroutines. + +### Neutral + +* Having to manually "inject" vote extensions into the block proposal during + `PrepareProposal` is an awkward approach and takes up block space unnecessarily. +* The requirement of `ResetProcessProposalState` can create a footgun for + application developers if they're not careful, but this is necessary in order + for applications to be able to commit state from vote extension computation. + +## Further Discussions + +Future discussions include design and implementation of ABCI 3.0, which is a +continuation of ABCI++ and the general discussion of optimistic execution. + +## References + +* [ADR 060: ABCI 1.0 (Phase I)](adr-060-abci-1.0.md) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-065-store-v2.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-065-store-v2.md new file mode 100644 index 00000000..8faed046 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-065-store-v2.md @@ -0,0 +1,290 @@ +# ADR-065: Store V2 + +## Changelog + +* Feb 14, 2023: Initial Draft (@alexanderbez) + +## Status + +DRAFT + +## Abstract + +The storage and state primitives that Cosmos SDK based applications have used have +by and large not changed since the launch of the inaugural Cosmos Hub. The demands +and needs of Cosmos SDK based applications, from both developer and client UX +perspectives, have evolved and outgrown the ecosystem since these primitives +were first introduced. + +Over time as these applications have gained significant adoption, many critical +shortcomings and flaws have been exposed in the state and storage primitives of +the Cosmos SDK. + +In order to keep up with the evolving demands and needs of both clients and developers, +a major overhaul to these primitives are necessary. + +## Context + +The Cosmos SDK provides application developers with various storage primitives +for dealing with application state. Specifically, each module contains its own +merkle commitment data structure -- an IAVL tree. In this data structure, a module +can store and retrieve key-value pairs along with Merkle commitments, i.e. proofs, +to those key-value pairs indicating that they do or do not exist in the global +application state. This data structure is the base layer `KVStore`. + +In addition, the SDK provides abstractions on top of this Merkle data structure. +Namely, a root multi-store (RMS) is a collection of each module's `KVStore`. +Through the RMS, the application can serve queries and provide proofs to clients +in addition to provide a module access to its own unique `KVStore` though the use +of `StoreKey`, which is an OCAP primitive. + +There are further layers of abstraction that sit between the RMS and the underlying +IAVL `KVStore`. A `GasKVStore` is responsible for tracking gas IO consumption for +state machine reads and writes. A `CacheKVStore` is responsible for providing a +way to cache reads and buffer writes to make state transitions atomic, e.g. +transaction execution or governance proposal execution. + +There are a few critical drawbacks to these layers of abstraction and the overall +design of storage in the Cosmos SDK: + +* Since each module has its own IAVL `KVStore`, commitments are not [atomic](https://github.com/cosmos/cosmos-sdk/issues/14625) + * Note, we can still allow modules to have their own IAVL `KVStore`, but the + IAVL library will need to support the ability to pass a DB instance as an + argument to various IAVL APIs. +* Since IAVL is responsible for both state storage and commitment, running an + archive node becomes increasingly expensive as disk space grows exponentially. +* As the size of a network increases, various performance bottlenecks start to + emerge in many areas such as query performance, network upgrades, state + migrations, and general application performance. +* Developer UX is poor as it does not allow application developers to experiment + with different types of approaches to storage and commitments, along with the + complications of many layers of abstractions referenced above. + +See the [Storage Discussion](https://github.com/cosmos/cosmos-sdk/discussions/13545) for more information. + +## Alternatives + +There was a previous attempt to refactor the storage layer described in [ADR-040](./adr-040-storage-and-smt-state-commitments.md). +However, this approach mainly stems on the short comings of IAVL and various performance +issues around it. While there was a (partial) implementation of [ADR-040](./adr-040-storage-and-smt-state-commitments.md), +it was never adopted for a variety of reasons, such as the reliance on using an +SMT, which was more in a research phase, and some design choices that couldn't +be fully agreed upon, such as the snap-shotting mechanism that would result in +massive state bloat. + +## Decision + +We propose to build upon some of the great ideas introduced in [ADR-040](./adr-040-storage-and-smt-state-commitments.md), +while being a bit more flexible with the underlying implementations and overall +less intrusive. Specifically, we propose to: + +* Separate the concerns of state commitment (**SC**), needed for consensus, and + state storage (**SS**), needed for state machine and clients. +* Reduce layers of abstractions necessary between the RMS and underlying stores. +* Provide atomic module store commitments by providing a batch database object + to core IAVL APIs. +* Reduce complexities in the `CacheKVStore` implementation while also improving + performance[3]. + +Furthermore, we will keep the IAVL is the backing [commitment](https://cryptography.fandom.com/wiki/Commitment_scheme) +store for the time being. While we might not fully settle on the use of IAVL in +the long term, we do not have strong empirical evidence to suggest a better +alternative. Given that the SDK provides interfaces for stores, it should be sufficient +to change the backing commitment store in the future should evidence arise to +warrant a better alternative. However there is promising work being done to IAVL +that should result in significant performance improvement [1,2]. + +### Separating SS and SC + +By separating SS and SC, it will allow for us to optimize against primary use cases +and access patterns to state. Specifically, The SS layer will be responsible for +direct access to data in the form of (key, value) pairs, whereas the SC layer (IAVL) +will be responsible for committing to data and providing Merkle proofs. + +Note, the underlying physical storage database will be the same between both the +SS and SC layers. So to avoid collisions between (key, value) pairs, both layers +will be namespaced. + +#### State Commitment (SC) + +Given that the existing solution today acts as both SS and SC, we can simply +repurpose it to act solely as the SC layer without any significant changes to +access patterns or behavior. In other words, the entire collection of existing +IAVL-backed module `KVStore`s will act as the SC layer. + +However, in order for the SC layer to remain lightweight and not duplicate a +majority of the data held in the SS layer, we encourage node operators to keep +tight pruning strategies. + +#### State Storage (SS) + +In the RMS, we will expose a *single* `KVStore` backed by the same physical +database that backs the SC layer. This `KVStore` will be explicitly namespaced +to avoid collisions and will act as the primary storage for (key, value) pairs. + +While we most likely will continue the use of `cosmos-db`, or some local interface, +to allow for flexibility and iteration over preferred physical storage backends +as research and benchmarking continues. However, we propose to hardcode the use +of RocksDB as the primary physical storage backend. + +Since the SS layer will be implemented as a `KVStore`, it will support the +following functionality: + +* Range queries +* CRUD operations +* Historical queries and versioning +* Pruning + +The RMS will keep track of all buffered writes using a dedicated and internal +`MemoryListener` for each `StoreKey`. For each block height, upon `Commit`, the +SS layer will write all buffered (key, value) pairs under a [RocksDB user-defined timestamp](https://github.com/facebook/rocksdb/wiki/User-defined-Timestamp-%28Experimental%29) column +family using the block height as the timestamp, which is an unsigned integer. +This will allow a client to fetch (key, value) pairs at historical and current +heights along with making iteration and range queries relatively performant as +the timestamp is the key suffix. + +Note, we choose not to use a more general approach of allowing any embedded key/value +database, such as LevelDB or PebbleDB, using height key-prefixed keys to +effectively version state because most of these databases use variable length +keys which would effectively make actions likes iteration and range queries less +performant. + +Since operators might want pruning strategies to differ in SS compared to SC, +e.g. having a very tight pruning strategy in SC while having a looser pruning +strategy for SS, we propose to introduce an additional pruning configuration, +with parameters that are identical to what exists in the SDK today, and allow +operators to control the pruning strategy of the SS layer independently of the +SC layer. + +Note, the SC pruning strategy must be congruent with the operator's state sync +configuration. This is so as to allow state sync snapshots to execute successfully, +otherwise, a snapshot could be triggered on a height that is not available in SC. + +#### State Sync + +The state sync process should be largely unaffected by the separation of the SC +and SS layers. However, if a node syncs via state sync, the SS layer of the node +will not have the state synced height available, since the IAVL import process is +not setup in way to easily allow direct key/value insertion. A modification of +the IAVL import process would be necessary to facilitate having the state sync +height available. + +Note, this is not problematic for the state machine itself because when a query +is made, the RMS will automatically direct the query correctly (see [Queries](#queries)). + +#### Queries + +To consolidate the query routing between both the SC and SS layers, we propose to +have a notion of a "query router" that is constructed in the RMS. This query router +will be supplied to each `KVStore` implementation. The query router will route +queries to either the SC layer or the SS layer based on a few parameters. If +`prove: true`, then the query must be routed to the SC layer. Otherwise, if the +query height is available in the SS layer, the query will be served from the SS +layer. Otherwise, we fall back on the SC layer. + +If no height is provided, the SS layer will assume the latest height. The SS +layer will store a reverse index to lookup `LatestVersion -> timestamp(version)` +which is set on `Commit`. + +#### Proofs + +Since the SS layer is naturally a storage layer only, without any commitments +to (key, value) pairs, it cannot provide Merkle proofs to clients during queries. + +Since the pruning strategy against the SC layer is configured by the operator, +we can therefore have the RMS route the query SC layer if the version exists and +`prove: true`. Otherwise, the query will fall back to the SS layer without a proof. + +We could explore the idea of using state snapshots to rebuild an in-memory IAVL +tree in real time against a version closest to the one provided in the query. +However, it is not clear what the performance implications will be of this approach. + +### Atomic Commitment + +We propose to modify the existing IAVL APIs to accept a batch DB object instead +of relying on an internal batch object in `nodeDB`. Since each underlying IAVL +`KVStore` shares the same DB in the SC layer, this will allow commits to be +atomic. + +Specifically, we propose to: + +* Remove the `dbm.Batch` field from `nodeDB` +* Update the `SaveVersion` method of the `MutableTree` IAVL type to accept a batch object +* Update the `Commit` method of the `CommitKVStore` interface to accept a batch object +* Create a batch object in the RMS during `Commit` and pass this object to each + `KVStore` +* Write the database batch after all stores have committed successfully + +Note, this will require IAVL to be updated to not rely or assume on any batch +being present during `SaveVersion`. + +## Consequences + +As a result of a new store V2 package, we should expect to see improved performance +for queries and transactions due to the separation of concerns. We should also +expect to see improved developer UX around experimentation of commitment schemes +and storage backends for further performance, in addition to a reduced amount of +abstraction around KVStores making operations such as caching and state branching +more intuitive. + +However, due to the proposed design, there are drawbacks around providing state +proofs for historical queries. + +### Backwards Compatibility + +This ADR proposes changes to the storage implementation in the Cosmos SDK through +an entirely new package. Interfaces may be borrowed and extended from existing +types that exist in `store`, but no existing implementations or interfaces will +be broken or modified. + +### Positive + +* Improved performance of independent SS and SC layers +* Reduced layers of abstraction making storage primitives easier to understand +* Atomic commitments for SC +* Redesign of storage types and interfaces will allow for greater experimentation + such as different physical storage backends and different commitment schemes + for different application modules + +### Negative + +* Providing proofs for historical state is challenging + +### Neutral + +* Keeping IAVL as the primary commitment data structure, although drastic + performance improvements are being made + +## Further Discussions + +### Module Storage Control + +Many modules store secondary indexes that are typically solely used to support +client queries, but are actually not needed for the state machine's state +transitions. What this means is that these indexes technically have no reason to +exist in the SC layer at all, as they take up unnecessary space. It is worth +exploring what an API would look like to allow modules to indicate what (key, value) +pairs they want to be persisted in the SC layer, implicitly indicating the SS +layer as well, as opposed to just persisting the (key, value) pair only in the +SS layer. + +### Historical State Proofs + +It is not clear what the importance or demand is within the community of providing +commitment proofs for historical state. While solutions can be devised such as +rebuilding trees on the fly based on state snapshots, it is not clear what the +performance implications are for such solutions. + +### Physical DB Backends + +This ADR proposes usage of RocksDB to utilize user-defined timestamps as a +versioning mechanism. However, other physical DB backends are available that may +offer alternative ways to implement versioning while also providing performance +improvements over RocksDB. E.g. PebbleDB supports MVCC timestamps as well, but +we'll need to explore how PebbleDB handles compaction and state growth over time. + +## References + +* [1] https://github.com/cosmos/iavl/pull/676 +* [2] https://github.com/cosmos/iavl/pull/664 +* [3] https://github.com/cosmos/cosmos-sdk/issues/14990 diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-068-preblock.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-068-preblock.md new file mode 100644 index 00000000..86692c41 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-068-preblock.md @@ -0,0 +1,61 @@ +# ADR 068: Preblock + +## Changelog + +* Sept 13, 2023: Initial Draft + +## Status + +DRAFT + +## Abstract + +Introduce `PreBlock`, which runs before begin blocker other modules, and allows to modify consensus parameters, and the changes are visible to the following state machine logics. + +## Context + +When upgrading to sdk 0.47, the storage format for consensus parameters changed, but in the migration block, `ctx.ConsensusParams()` is always `nil`, because it fails to load the old format using new code, it's supposed to be migrated by the `x/upgrade` module first, but unfortunately, the migration happens in `BeginBlocker` handler, which runs after the `ctx` is initialized. +When we try to solve this, we find the `x/upgrade` module can't modify the context to make the consensus parameters visible for the other modules, the context is passed by value, and sdk team want to keep it that way, that's good for isolations between modules. + +## Alternatives + +The first alternative solution introduced a `MigrateModuleManager`, which only includes the `x/upgrade` module right now, and baseapp will run their `BeginBlocker`s before the other modules, and reload context's consensus parameters in between. + +## Decision + +Suggested this new lifecycle method. + +### `PreBlocker` + +There are two semantics around the new lifecycle method: + +- It runs before the `BeginBlocker` of all modules +- It can modify consensus parameters in storage, and signal the caller through the return value. + +When it returns `ConsensusParamsChanged=true`, the caller must refresh the consensus parameter in the finalize context: +``` +app.finalizeBlockState.ctx = app.finalizeBlockState.ctx.WithConsensusParams(app.GetConsensusParams()) +``` + +The new ctx must be passed to all the other lifecycle methods. + + +## Consequences + +### Backwards Compatibility + +### Positive + +### Negative + +### Neutral + +## Further Discussions + +## Test Cases + +## References +* [1] https://github.com/cosmos/cosmos-sdk/issues/16494 +* [2] https://github.com/cosmos/cosmos-sdk/pull/16583 +* [3] https://github.com/cosmos/cosmos-sdk/pull/17421 +* [4] https://github.com/cosmos/cosmos-sdk/pull/17713 diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-070-unordered-account.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-070-unordered-account.md new file mode 100644 index 00000000..d4c228d6 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-070-unordered-account.md @@ -0,0 +1,327 @@ +# ADR 070: Unordered Transactions + +## Changelog + +- Dec 4, 2023: Initial Draft (@yihuang, @tac0turtle, @alexanderbez) +- Jan 30, 2024: Include section on deterministic transaction encoding +- Mar 18, 2025: Revise implementation to use Cosmos SDK KV Store and require unique timeouts per-address (@technicallyty) +- Apr 25, 2025: Add note about rejecting unordered txs with sequence values. + +## Status + +ACCEPTED Not Implemented + +## Abstract + +We propose a way to do replay-attack protection without enforcing the order of +transactions and without requiring the use of monotonically increasing sequences. Instead, we propose +the use of a time-based, ephemeral sequence. + +## Context + +Account sequence values serve to prevent replay attacks and ensure transactions from the same sender are included into blocks and executed +in sequential order. Unfortunately, this makes it difficult to reliably send many concurrent transactions from the +same sender. Victims of such limitations include IBC relayers and crypto exchanges. + +## Decision + +We propose adding a boolean field `unordered` and a google.protobuf.Timestamp field `timeout_timestamp` to the transaction body. + +Unordered transactions will bypass the traditional account sequence rules and follow the rules described +below, without impacting traditional ordered transactions which will follow the same sequence rules as before. + +We will introduce new storage of time-based, ephemeral unordered sequences using the SDK's existing KV Store library. +Specifically, we will leverage the existing x/auth KV store to store the unordered sequences. + +When an unordered transaction is included in a block, a concatenation of the `timeout_timestamp` and sender’s address bytes +will be recorded to state (i.e. `542939323/`). In cases of multi-party signing, one entry per signer +will be recorded to state. + +New transactions will be checked against the state to prevent duplicate submissions. To prevent the state from growing indefinitely, we propose the following: + +- Define an upper bound for the value of `timeout_timestamp` (i.e. 10 minutes). +- Add PreBlocker method x/auth that removes state entries with a `timeout_timestamp` earlier than the current block time. + +### Transaction Format + +```protobuf +message TxBody { + ... + + bool unordered = 4; + google.protobuf.Timestamp timeout_timestamp = 5 +} +``` + +### Replay Protection + +We facilitate replay protection by storing the unordered sequence in the Cosmos SDK KV store. Upon transaction ingress, we check if the transaction's unordered +sequence exists in state, or if the TTL value is stale, i.e. before the current block time. If so, we reject it. Otherwise, +we add the unordered sequence to the state. This section of the state will belong to the `x/auth` module. + +The state is evaluated during x/auth's `PreBlocker`. All transactions with an unordered sequence earlier than the current block time +will be deleted. + +```go +func (am AppModule) PreBlock(ctx context.Context) (appmodule.ResponsePreBlock, error) { + err := am.accountKeeper.RemoveExpired(sdk.UnwrapSDKContext(ctx)) + if err != nil { + return nil, err + } + return &sdk.ResponsePreBlock{ConsensusParamsChanged: false}, nil +} +``` + +```golang +package keeper + +import ( + sdk "github.com/cosmos/cosmos-sdk/types" + + "cosmossdk.io/collections" + "cosmossdk.io/core/store" +) + +var ( + // just arbitrarily picking some upper bound number. + unorderedSequencePrefix = collections.NewPrefix(90) +) + +type AccountKeeper struct { + // ... + unorderedSequences collections.KeySet[collections.Pair[uint64, []byte]] +} + +func (m *AccountKeeper) Contains(ctx sdk.Context, sender []byte, timestamp uint64) (bool, error) { + return m.unorderedSequences.Has(ctx, collections.Join(timestamp, sender)) +} + +func (m *AccountKeeper) Add(ctx sdk.Context, sender []byte, timestamp uint64) error { + return m.unorderedSequences.Set(ctx, collections.Join(timestamp, sender)) +} + +func (m *AccountKeeper) RemoveExpired(ctx sdk.Context) error { + blkTime := ctx.BlockTime().UnixNano() + it, err := m.unorderedSequences.Iterate(ctx, collections.NewPrefixUntilPairRange[uint64, []byte](uint64(blkTime))) + if err != nil { + return err + } + defer it.Close() + + keys, err := it.Keys() + if err != nil { + return err + } + + for _, key := range keys { + if err := m.unorderedSequences.Remove(ctx, key); err != nil { + return err + } + } + + return nil +} + +``` + +### AnteHandler Decorator + +To facilitate bypassing nonce verification, we must modify the existing +`IncrementSequenceDecorator` AnteHandler decorator to skip the nonce verification +when the transaction is marked as unordered. + +```golang +func (isd IncrementSequenceDecorator) AnteHandle(ctx sdk.Context, tx sdk.Tx, simulate bool, next sdk.AnteHandler) (sdk.Context, error) { + if tx.UnOrdered() { + return next(ctx, tx, simulate) + } + + // ... +} +``` + +We also introduce a new decorator to perform the unordered transaction verification. + +```golang +package ante + +import ( + "slices" + "strings" + "time" + + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + authkeeper "github.com/cosmos/cosmos-sdk/x/auth/keeper" + authsigning "github.com/cosmos/cosmos-sdk/x/auth/signing" + + errorsmod "cosmossdk.io/errors" +) + +var _ sdk.AnteDecorator = (*UnorderedTxDecorator)(nil) + +// UnorderedTxDecorator defines an AnteHandler decorator that is responsible for +// checking if a transaction is intended to be unordered and, if so, evaluates +// the transaction accordingly. An unordered transaction will bypass having its +// nonce incremented, which allows fire-and-forget transaction broadcasting, +// removing the necessity of ordering on the sender-side. +// +// The transaction sender must ensure that unordered=true and a timeout_height +// is appropriately set. The AnteHandler will check that the transaction is not +// a duplicate and will evict it from state when the timeout is reached. +// +// The UnorderedTxDecorator should be placed as early as possible in the AnteHandler +// chain to ensure that during DeliverTx, the transaction is added to the unordered sequence state. +type UnorderedTxDecorator struct { + // maxUnOrderedTTL defines the maximum TTL a transaction can define. + maxTimeoutDuration time.Duration + txManager authkeeper.UnorderedTxManager +} + +func NewUnorderedTxDecorator( + utxm authkeeper.UnorderedTxManager, +) *UnorderedTxDecorator { + return &UnorderedTxDecorator{ + maxTimeoutDuration: 10 * time.Minute, + txManager: utxm, + } +} + +func (d *UnorderedTxDecorator) AnteHandle( + ctx sdk.Context, + tx sdk.Tx, + _ bool, + next sdk.AnteHandler, +) (sdk.Context, error) { + if err := d.ValidateTx(ctx, tx); err != nil { + return ctx, err + } + return next(ctx, tx, false) +} + +func (d *UnorderedTxDecorator) ValidateTx(ctx sdk.Context, tx sdk.Tx) error { + unorderedTx, ok := tx.(sdk.TxWithUnordered) + if !ok || !unorderedTx.GetUnordered() { + // If the transaction does not implement unordered capabilities or has the + // unordered value as false, we bypass. + return nil + } + + blockTime := ctx.BlockTime() + timeoutTimestamp := unorderedTx.GetTimeoutTimeStamp() + if timeoutTimestamp.IsZero() || timeoutTimestamp.Unix() == 0 { + return errorsmod.Wrap( + sdkerrors.ErrInvalidRequest, + "unordered transaction must have timeout_timestamp set", + ) + } + if timeoutTimestamp.Before(blockTime) { + return errorsmod.Wrap( + sdkerrors.ErrInvalidRequest, + "unordered transaction has a timeout_timestamp that has already passed", + ) + } + if timeoutTimestamp.After(blockTime.Add(d.maxTimeoutDuration)) { + return errorsmod.Wrapf( + sdkerrors.ErrInvalidRequest, + "unordered tx ttl exceeds %s", + d.maxTimeoutDuration.String(), + ) + } + + execMode := ctx.ExecMode() + if execMode == sdk.ExecModeSimulate { + return nil + } + + signerAddrs, err := getSigners(tx) + if err != nil { + return err + } + + for _, signer := range signerAddrs { + contains, err := d.txManager.Contains(ctx, signer, uint64(unorderedTx.GetTimeoutTimeStamp().Unix())) + if err != nil { + return errorsmod.Wrap( + sdkerrors.ErrIO, + "failed to check contains", + ) + } + if contains { + return errorsmod.Wrapf( + sdkerrors.ErrInvalidRequest, + "tx is duplicated for signer %x", signer, + ) + } + + if err := d.txManager.Add(ctx, signer, uint64(unorderedTx.GetTimeoutTimeStamp().Unix())); err != nil { + return errorsmod.Wrap( + sdkerrors.ErrIO, + "failed to add unordered sequence to state", + ) + } + } + + + return nil +} + +func getSigners(tx sdk.Tx) ([][]byte, error) { + sigTx, ok := tx.(authsigning.SigVerifiableTx) + if !ok { + return nil, errorsmod.Wrap(sdkerrors.ErrTxDecode, "invalid tx type") + } + return sigTx.GetSigners() +} + +``` + +### Unordered Sequences + +Unordered sequences provide a simple, straightforward mechanism to protect against both transaction malleability and +transaction duplication. It is important to note that the unordered sequence must still be unique. However, +the value is not required to be strictly increasing as with regular sequences, and the order in which the node receives +the transactions no longer matters. Clients can handle building unordered transactions similarly to the code below: + +```go +for _, tx := range txs { + tx.SetUnordered(true) + tx.SetTimeoutTimestamp(time.Now() + 1 * time.Nanosecond) +} +``` + +We will reject transactions that have both sequence and unordered timeouts set. We do this to avoid assuming the intent of the user. + +### State Management + +The storage of unordered sequences will be facilitated using the Cosmos SDK's KV Store service. + +## Note On Previous Design Iteration + +The previous iteration of unordered transactions worked by using an ad-hoc state-management system that posed severe +risks and a vector for duplicated tx processing. It relied on graceful app closure which would flush the current state +of the unordered sequence mapping. If the 2/3's of the network crashed, and the graceful closure did not trigger, +the system would lose track of all sequences in the mapping, allowing those transactions to be replayed. The +implementation proposed in the updated version of this ADR solves this by writing directly to the Cosmos KV Store. +While this is less performant, for the initial implementation, we opted to choose a safer path and postpone performance optimizations until we have more data on real-world impacts and a more battle-tested approach to optimization. + +Additionally, the previous iteration relied on using hashes to create what we call an "unordered sequence." There are known +issues with transaction malleability in Cosmos SDK signing modes. This ADR gets away from this problem by enforcing +single-use unordered nonces, instead of deriving nonces from bytes in the transaction. + +## Consequences + +### Positive + +* Support unordered transaction inclusion, enabling the ability to "fire and forget" many transactions at once. + +### Negative + +* Requires additional storage overhead. +* Requirement of unique timestamps per transaction causes a small amount of additional overhead for clients. Clients must ensure each transaction's timeout timestamp is different. However, nanosecond differentials suffice. +* Usage of Cosmos SDK KV store is slower in comparison to using a non-merklized store or ad-hoc methods, and block times may slow down as a result. + +## References + +* https://github.com/cosmos/cosmos-sdk/issues/13009 + diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-076-tx-malleability.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-076-tx-malleability.md new file mode 100644 index 00000000..49625d9d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-076-tx-malleability.md @@ -0,0 +1,165 @@ +# Cosmos SDK Transaction Malleability Risk Review and Recommendations + +## Changelog + +* 2025-03-10: Initial draft (@aaronc) + +## Status + +PROPOSED: Not Implemented + +## Abstract + +Several encoding and sign mode related issues have historically resulted in the possibility +that Cosmos SDK transactions may be re-encoded in such a way as to change their hash +(and in rare cases, their meaning) without invalidating the signature. +This document details these cases, their potential risks, the extent to which they have been +addressed, and provides recommendations for future improvements. + +## Review + +One naive assumption about Cosmos SDK transactions is that hashing the raw bytes of a submitted transaction creates a safe unique identifier for the transaction. In reality, there are multiple ways in which transactions could be manipulated to create different transaction bytes (and as a result different hashes) that still pass signature verification. + +This document attempts to enumerate the various potential transaction "malleability" risks that we have identified and the extent to which they have or have not been addressed in various sign modes. We also identify vulnerabilities that could be introduced if developers make changes in the future without careful consideration of the complexities involved with transaction encoding, sign modes and signatures. + +### Risks Associated with Malleability + +The malleability of transactions poses the following potential risks to end users: +* unsigned data could get added to transactions and be processed by state machines +* clients often rely on transaction hashes for checking transaction status, but whether or not submitted transaction hashes match processed transaction hashes depends primarily on good network actors rather than fundamental protocol guarantees +* transactions could potentially get executed more than once (faulty replay protection) + +If a client generates a transaction, keeps a record of its hash and then attempts to query nodes to check the transaction's status, this process may falsely conclude that the transaction had not been processed if an intermediary +processor decoded and re-encoded the transaction with different encoding rules (either maliciously or unintentionally). +As long as no malleability is present in the signature bytes themselves, clients _should_ query transactions by signature instead of hash. + +Not being cognizant of this risk may lead clients to submit the same transaction multiple times if they believe that +earlier transactions had failed or gotten lost in processing. +This could be an attack vector against users if wallets primarily query transactions by hash. + +If the state machine were to rely on transaction hashes as a replay mechanism itself, this would be faulty and not +provide the intended replay protection. Instead, the state machine should rely on deterministic representations of +transactions rather than the raw encoding, or other nonces, +if they want to provide some replay protection that doesn't rely on a monotonically +increasing account sequence number. + + +### Sources of Malleability + +#### Non-deterministic Protobuf Encoding + +Cosmos SDK transactions are encoded using protobuf binary encoding when they are submitted to the network. Protobuf binary is not inherently a deterministic encoding meaning that the same logical payload could have several valid bytes representations. In a basic sense, this means that protobuf in general can be decoded and re-encoded to produce a different byte stream (and thus different hash) without changing the logical meaning of the bytes. [ADR 027: Deterministic Protobuf Serialization](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-027-deterministic-protobuf-serialization.md) describes in detail what needs to be done to produce what we consider to be a "canonical", deterministic protobuf serialization. Briefly, the following sources of malleability at the encoding level have been identified and are addressed by this specification: +* fields can be emitted in any order +* default field values can be included or omitted, and this doesn't change meaning unless `optional` is used +* `repeated` fields of scalars may use packed or "regular" encoding +* `varint`s can include extra ignored bits +* extra fields may be added and are usually simply ignored by decoders. [ADR 020](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-020-protobuf-transaction-encoding.md#unknown-field-filtering) specifies that in general such extra fields should cause messages and transactions to be rejected) + +When using `SIGN_MODE_DIRECT` none of the above malleabilities will be tolerated because: +* signatures of messages and extensions must be done over the raw encoded bytes of those fields +* the outer tx envelope (`TxRaw`) must follow ADR 027 rules or be rejected + +Transactions signed with `SIGN_MODE_LEGACY_AMINO_JSON`, however, have no way of protecting against the above malleabilities because what is signed is a JSON representation of the logical contents of the transaction. These logical contents could have any number of valid protobuf binary encodings, so in general there are no guarantees regarding transaction hash with Amino JSON signing. + +In addition to being aware of the general non-determinism of protobuf binary, developers need to pay special attention to make sure that unknown protobuf fields get rejected when developing new capabilities related to protobuf transactions. The protobuf serialization format was designed with the assumption that unknown data known to encoders could safely be ignored by decoders. This assumption may have been fairly safe within the walled garden of Google's centralized infrastructure. However, in distributed blockchain systems, this assumption is generally unsafe. If a newer client encodes a protobuf message with data intended for a newer server, it is not safe for an older server to simply ignore and discard instructions that it does not understand. These instructions could include critical information that the transaction signer is relying upon and just assuming that it is unimportant is not safe. + +[ADR 020](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-020-protobuf-transaction-encoding.md#unknown-field-filtering) specifies some provisions for "non-critical" fields which can safely be ignored by older servers. In practice, I have not seen any valid usages of this. It is something in the design that maintainers should be aware of, but it may not be necessary or even 100% safe. + +#### Non-deterministic Value Encoding + +In addition to the non-determinism present in protobuf binary itself, some protobuf field data is encoded using a micro-format which itself may not be deterministic. Consider for instance integer or decimal encoding. Some decoders may allow for the presence of leading or trailing zeros without changing the logical meaning, ex. `00100` vs `100` or `100.00` vs `100`. So if a sign mode encodes numbers deterministically, but decoders accept multiple representations, +a user may sign over the value `100` while `0100` gets encoded. This would be possible with Amino JSON to the extent that the integer decoder accepts leading zeros. I believe the current `Int` implementation will reject this, however, it is +probably possible to encode a octal or hexadecimal representation in the transaction whereas the user signs over a decimal integer. + +#### Signature Encoding + +Signatures themselves are encoded using a micro-format specific to the signature algorithm being used and sometimes these +micro-formats can allow for non-determinism (multiple valid bytes for the same signature). +Most of the signature algorithms supported by the SDK should reject non-canonical bytes in their current implementation. +However, the `Multisignature` protobuf type uses normal protobuf encoding and there is no check as to whether the +decoded bytes followed canonical ADR 027 rules or not. Therefore, multisig transactions can have malleability in +their signatures. +Any new or custom signature algorithms must make sure that they reject any non-canonical bytes, otherwise even +with `SIGN_MODE_DIRECT` there can be transaction hash malleability by re-encoding signatures with a non-canonical +representation. + +#### Fields not covered by Amino JSON + +Another area that needs to be addressed carefully is the discrepancy between `AminoSignDoc`(see [`aminojson.proto`](../../x/tx/signing/aminojson/internal/aminojsonpb/aminojson.proto)) used for `SIGN_MODE_LEGACY_AMINO_JSON` and the actual contents of `TxBody` and `AuthInfo` (see [`tx.proto`](../../proto/cosmos/tx/v1beta1/tx.proto)). +If fields get added to `TxBody` or `AuthInfo`, they must either have a corresponding representing in `AminoSignDoc` or Amino JSON signatures must be rejected when those new fields are set. Making sure that this is done is a +highly manual process, and developers could easily make the mistake of updating `TxBody` or `AuthInfo` +without paying any attention to the implementation of `GetSignBytes` for Amino JSON. This is a critical +vulnerability in which unsigned content can now get into the transaction and signature verification will +pass. + +## Sign Mode Summary and Recommendations + +The sign modes officially supported by the SDK are `SIGN_MODE_DIRECT`, `SIGN_MODE_TEXTUAL`, `SIGN_MODE_DIRECT_AUX`, +and `SIGN_MODE_LEGACY_AMINO_JSON`. +`SIGN_MODE_LEGACY_AMINO_JSON` is used commonly by wallets and is currently the only sign mode supported on Nano Ledger hardware devices +(although `SIGN_MODE_TEXTUAL` was designed to also support hardware devices). +`SIGN_MODE_DIRECT` is the simplest sign mode and its usage is also fairly common. +`SIGN_MODE_DIRECT_AUX` is a variant of `SIGN_MODE_DIRECT` that can be used by auxiliary signers in a multi-signer +transaction by those signers who are not paying gas. +`SIGN_MODE_TEXTUAL` was intended as a replacement for `SIGN_MODE_LEGACY_AMINO_JSON`, but as far as we know it +has not been adopted by any clients yet and thus is not in active use. + +All known malleability concerns have been addressed in the current implementation of `SIGN_MODE_DIRECT`. +The only known malleability that could occur with a transaction signed with `SIGN_MODE_DIRECT` would +need to be in the signature bytes themselves. +Since signatures are not signed over, it is impossible for any sign mode to address this directly +and instead signature algorithms need to take care to reject any non-canonically encoded signature bytes +to prevent malleability. +For the known malleability of the `Multisignature` type, we should make sure that any valid signatures +were encoded following canonical ADR 027 rules when doing signature verification. + +`SIGN_MODE_DIRECT_AUX` provides the same level of safety as `SIGN_MODE_DIRECT` because +* the raw encoded `TxBody` bytes are signed over in `SignDocDirectAux`, and +* a transaction using `SIGN_MODE_DIRECT_AUX` still requires the primary signer to sign the transaction with `SIGN_MODE_DIRECT` + +`SIGN_MODE_TEXTUAL` also provides the same level of safety as `SIGN_MODE_DIRECT` because the hash of the raw encoded +`TxBody` and `AuthInfo` bytes are signed over. + +Unfortunately, the vast majority of unaddressed malleability risks affect `SIGN_MODE_LEGACY_AMINO_JSON` and this +sign mode is still commonly used. +It is recommended that the following improvements be made to Amino JSON signing: +* hashes of `TxBody` and `AuthInfo` should be added to `AminoSignDoc` so that encoding-level malleablity is addressed +* when constructing `AminoSignDoc`, [protoreflect](https://pkg.go.dev/google.golang.org/protobuf/reflect/protoreflect) API should be used to ensure that there no fields in `TxBody` or `AuthInfo` which do not have a mapping in `AminoSignDoc` have been set +* fields present in `TxBody` or `AuthInfo` that are not present in `AminoSignDoc` (such as extension options) should +be added to `AminoSignDoc` if possible + +## Testing + +To test that transactions are resistant to malleability, +we can develop a test suite to run against all sign modes that +attempts to manipulate transaction bytes in the following ways: +- changing protobuf encoding by + - reordering fields + - setting default values + - adding extra bits to varints, or + - setting new unknown fields +- modifying integer and decimal values encoded as strings with leading or trailing zeros + +Whenever any of these manipulations is done, we should observe that the sign doc bytes for the sign mode being +tested also change, meaning that the corresponding signatures will also have to change. + +In the case of Amino JSON, we should also develop tests which ensure that if any `TxBody` or `AuthInfo` +field not supported by Amino's `AminoSignDoc` is set that signing fails. + +In the general case of transaction decoding, we should have unit tests to ensure that +- any `TxRaw` bytes which do not follow ADR 027 canonical encoding cause decoding to fail, and +- any top-level transaction elements including `TxBody`, `AuthInfo`, public keys, and messages which +have unknown fields set cause the transaction to be rejected +(this ensures that ADR 020 unknown field filtering is properly applied) + +For each supported signature algorithm, +there should also be unit tests to ensure that signatures must be encoded canonically +or get rejected. + +## References + +* [ADR 027: Deterministic Protobuf Serialization](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-027-deterministic-protobuf-serialization.md) +* [ADR 020](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-020-protobuf-transaction-encoding.md#unknown-field-filtering) +* [`aminojson.proto`](../../x/tx/signing/aminojson/internal/aminojsonpb/aminojson.proto) +* [`tx.proto`](../../proto/cosmos/tx/v1beta1/tx.proto) + diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-template.md b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-template.md new file mode 100644 index 00000000..04b0450c --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/architecture/adr-template.md @@ -0,0 +1,83 @@ +# ADR {ADR-NUMBER}: {TITLE} + +## Changelog + +* {date}: {changelog} + +## Status + +{DRAFT | PROPOSED} Not Implemented + +> Please have a look at the [PROCESS](./PROCESS.md#adr-status) page. +> Use DRAFT if the ADR is in a draft stage (draft PR) or PROPOSED if it's in review. + +## Abstract + +> "If you can't explain it simply, you don't understand it well enough." Provide +> a simplified and layman-accessible explanation of the ADR. +> A short (~200 word) description of the issue being addressed. + +## Context + +> This section describes the forces at play, including technological, political, +> social, and project local. These forces are probably in tension, and should be +> called out as such. The language in this section is value-neutral. It is simply +> describing facts. It should clearly explain the problem and motivation that the +> proposal aims to resolve. +> {context body} + +## Alternatives + +> This section describes alternative designs to the chosen design. This section +> is important and if an adr does not have any alternatives then it should be +> considered that the ADR was not thought through. + +## Decision + +> This section describes our response to these forces. It is stated in full +> sentences, with active voice. "We will ..." +> {decision body} + +## Consequences + +> This section describes the resulting context, after applying the decision. All +> consequences should be listed here, not just the "positive" ones. A particular +> decision may have positive, negative, and neutral consequences, but all of them +> affect the team and project in the future. + +### Backwards Compatibility + +> All ADRs that introduce backwards incompatibilities must include a section +> describing these incompatibilities and their severity. The ADR must explain +> how the author proposes to deal with these incompatibilities. ADR submissions +> without a sufficient backwards compatibility treatise may be rejected outright. + +### Positive + +> {positive consequences} + +### Negative + +> {negative consequences} + +### Neutral + +> {neutral consequences} + +## Further Discussions + +> While an ADR is in the DRAFT or PROPOSED stage, this section should contain a +> summary of issues to be solved in future iterations (usually referencing comments +> from a pull-request discussion). +> +> Later, this section can optionally list ideas or improvements the author or +> reviewers found during the analysis of this ADR. + +## Test Cases [optional] + +Test cases for an implementation are mandatory for ADRs that are affecting consensus +changes. Other ADRs can choose to include links to test cases if applicable. + +## References + +* {reference link} diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/build.md b/copy-of-sdk-versioned_docs/version-0.50/build/build.md new file mode 100644 index 00000000..3b86eb47 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/build.md @@ -0,0 +1,13 @@ +--- +sidebar_position: 0 +--- + +# Build + +* [Building Apps](./building-apps/00-app-go.md) - The documentation in this section will guide you through the process of developing your dApp using the Cosmos SDK framework. +* [Modules](./modules/README.md) - Information about the various modules available in the Cosmos SDK: Auth, Authz, Bank, Crisis, Distribution, Evidence, Feegrant, Governance, Mint, Params, Slashing, Staking, Upgrade, NFT, Consensus, Circuit, Genutil. +* [Migrations](./migrations/01-intro.md) - See what has been updated in each release the process of the transition between versions. +* [Packages](./packages/README.md) - Explore a curated collection of pre-built modules and functionalities, streamlining the development process. +* [Tooling](./tooling/README.md) - A suite of utilities designed to enhance the development workflow, optimizing the efficiency of Cosmos SDK-based projects. +* [ADR's](./architecture/README.md) - Provides a structured repository of key decisions made during the development process, which have been documented and offers rationale behind key decisions being made. +* [REST API](https://docs.cosmos.network/api) - A comprehensive reference for the application programming interfaces (APIs) provided by the SDK. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-apps/00-app-go.md b/copy-of-sdk-versioned_docs/version-0.50/build/building-apps/00-app-go.md new file mode 100644 index 00000000..5a0524f3 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-apps/00-app-go.md @@ -0,0 +1,14 @@ +--- +sidebar_position: 1 +--- + +# Overview of `app.go` + +This section is intended to provide an overview of the `SimApp` `app.go` file and is still a work in progress. +For now please instead read the [tutorials](https://tutorials.cosmos.network) for a deep dive on how to build a chain. + +## Complete `app.go` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/app.go +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-apps/01-app-go-v2.md b/copy-of-sdk-versioned_docs/version-0.50/build/building-apps/01-app-go-v2.md new file mode 100644 index 00000000..8b64e55b --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-apps/01-app-go-v2.md @@ -0,0 +1,154 @@ +--- +sidebar_position: 1 +--- + +# Overview of `app_v2.go` + +:::note Synopsis + +The Cosmos SDK allows much easier wiring of an `app.go` thanks to App Wiring and [`depinject`](../packages/01-depinject.md). +Learn more about the rationale of App Wiring in [ADR-057](../architecture/adr-057-app-wiring.md). + +::: + +:::note Pre-requisite Readings + +* [ADR 057: App Wiring](../architecture/adr-057-app-wiring.md) +* [Depinject Documentation](../packages/01-depinject.md) +* [Modules depinject-ready](../building-modules/15-depinject.md) + +::: + +This section is intended to provide an overview of the `SimApp` `app_v2.go` file with App Wiring. + +## `app_config.go` + +The `app_config.go` file is the single place to configure all modules parameters. + +1. Create the `AppConfig` variable: + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/app_config.go#L103 + ``` + +2. Configure the `runtime` module: + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/app_config.go#L103-L167 + ``` + +3. Configure the modules defined in the `PreBlocker`, `BeginBlocker` and `EndBlocker` and the `tx` module: + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/app_config.go#L112-L129 + ``` + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/app_config.go#L200-L203 + ``` + +### Complete `app_config.go` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/app_config.go +``` + +### Alternative formats + +:::tip +The example above shows how to create an `AppConfig` using Go. However, it is also possible to create an `AppConfig` using YAML, or JSON. +The configuration can then be embed with `go:embed` and read with [`appconfig.LoadYAML`](https://pkg.go.dev/cosmossdk.io/core/appconfig#LoadYAML), or [`appconfig.LoadJSON`](https://pkg.go.dev/cosmossdk.io/core/appconfig#LoadJSON), in `app_v2.go`. + +```go +//go:embed app_config.yaml +var ( + appConfigYaml []byte + appConfig = appconfig.LoadYAML(appConfigYaml) +) +``` + +::: + +```yaml +modules: + - name: runtime + config: + "@type": cosmos.app.runtime.v1alpha1.Module + app_name: SimApp + begin_blockers: [staking, auth, bank] + end_blockers: [bank, auth, staking] + init_genesis: [bank, auth, staking] + - name: auth + config: + "@type": cosmos.auth.module.v1.Module + bech32_prefix: cosmos + - name: bank + config: + "@type": cosmos.bank.module.v1.Module + - name: staking + config: + "@type": cosmos.staking.module.v1.Module + - name: tx + config: + "@type": cosmos.tx.module.v1.Module +``` + +A more complete example of `app.yaml` can be found [here](https://github.com/cosmos/cosmos-sdk/blob/91b1d83f1339e235a1dfa929ecc00084101a19e3/simapp/app.yaml). + +## `app_v2.go` + +`app_v2.go` is the place where `SimApp` is constructed. `depinject.Inject` facilitates that by automatically wiring the app modules and keepers, provided an application configuration `AppConfig` is provided. `SimApp` is constructed, when calling the injected `*runtime.AppBuilder`, with `appBuilder.Build(...)`. +In short `depinject` and the [`runtime` package](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/runtime) abstract the wiring of the app, and the `AppBuilder` is the place where the app is constructed. [`runtime`](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/runtime) takes care of registering the codecs, KV store, subspaces and instantiating `baseapp`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/app_v2.go#L101-L245 +``` + +:::warning +When using `depinject.Inject`, the injected types must be pointers. +::: + +### Advanced Configuration + +In advanced cases, it is possible to inject extra (module) configuration in a way that is not (yet) supported by `AppConfig`. +In this case, use `depinject.Configs` for combining the extra configuration and `AppConfig`, and `depinject.Supply` to providing that extra configuration. +More information on how work `depinject.Configs` and `depinject.Supply` can be found in the [`depinject` documentation](https://pkg.go.dev/cosmossdk.io/depinject). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/app_v2.go#L114-L146 +``` + +### Registering non app wiring modules + +It is possible to combine app wiring / depinject enabled modules with non app wiring modules. +To do so, use the `app.RegisterModules` method to register the modules on your app, as well as `app.RegisterStores` for registering the extra stores needed. + +```go +// .... +app.App = appBuilder.Build(db, traceStore, baseAppOptions...) + +// register module manually +app.RegisterStores(storetypes.NewKVStoreKey(example.ModuleName)) +app.ExampleKeeper = examplekeeper.NewKeeper(app.appCodec, app.AccountKeeper.AddressCodec(), runtime.NewKVStoreService(app.GetKey(example.ModuleName)), authtypes.NewModuleAddress(govtypes.ModuleName).String()) +exampleAppModule := examplemodule.NewAppModule(app.ExampleKeeper) +if err := app.RegisterModules(&exampleAppModule); err != nil { + panic(err) +} + +// .... +``` + +:::warning +When using AutoCLI and combining app wiring and non app wiring modules. The AutoCLI options should be manually constructed instead of injected. +Otherwise it will miss the non depinject modules and not register their CLI. +::: + +### Complete `app_v2.go` + +:::tip +Note that in the complete `SimApp` `app_v2.go` file, testing utilities are also defined, but they could as well be defined in a separate file. +::: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/app_v2.go +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-apps/02-app-mempool.md b/copy-of-sdk-versioned_docs/version-0.50/build/building-apps/02-app-mempool.md new file mode 100644 index 00000000..630b94ba --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-apps/02-app-mempool.md @@ -0,0 +1,172 @@ +--- +sidebar_position: 1 +--- + +# Application Mempool + +:::note Synopsis +This sections describes how the app-side mempool can be used and replaced. +::: + +Since `v0.47` the application has its own mempool to allow much more granular +block building than previous versions. This change was enabled by +[ABCI 1.0](https://github.com/cometbft/cometbft/blob/v0.37.0/spec/abci). +Notably it introduces the `PrepareProposal` and `ProcessProposal` steps of ABCI++. + +:::note Pre-requisite Readings + +* [BaseApp](../../learn/advanced/00-baseapp.md) + +::: + +## Prepare Proposal + +`PrepareProposal` handles construction of the block, meaning that when a proposer +is preparing to propose a block, it requests the application to evaluate a +`RequestPrepareProposal`, which contains a series of transactions from CometBFT's +mempool. At this point, the application has complete control over the proposal. +It can modify, delete, and inject transactions from it's own app-side mempool into +the proposal or even ignore all the transactions altogether. What the application +does with the transactions provided to it by `RequestPrepareProposal` have no +effect on CometBFT's mempool. + +Note, that the application defines the semantics of the `PrepareProposal` and it +MAY be non-deterministic and is only executed by the current block proposer. + +Now, reading mempool twice in the previous sentence is confusing, lets break it down. +CometBFT has a mempool that handles gossiping transactions to other nodes +in the network. How these transactions are ordered is determined by CometBFT's +mempool, typically FIFO. However, since the application is able to fully inspect +all transactions, it can provide greater control over transaction ordering. +Allowing the application to handle ordering enables the application to define how +it would like the block constructed. + +The Cosmos SDK defines the `DefaultProposalHandler` type, which provides applications with +`PrepareProposal` and `ProcessProposal` handlers. If you decide to implement your +own `PrepareProposal` handler, you must be sure to ensure that the transactions +selected DO NOT exceed the maximum block gas (if set) and the maximum bytes provided +by `req.MaxBytes`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/baseapp/abci_utils.go +``` + +This default implementation can be overridden by the application developer in +favor of a custom implementation in [`app.go`](./01-app-go-v2.md): + +```go +prepareOpt := func(app *baseapp.BaseApp) { + abciPropHandler := baseapp.NewDefaultProposalHandler(mempool, app) + app.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) +} + +baseAppOptions = append(baseAppOptions, prepareOpt) +``` + +## Process Proposal + +`ProcessProposal` handles the validation of a proposal from `PrepareProposal`, +which also includes a block header. Meaning, that after a block has been proposed +the other validators have the right to vote on a block. The validator in the +default implementation of `PrepareProposal` runs basic validity checks on each +transaction. + +Note, `ProcessProposal` MAY NOT be non-deterministic, i.e. it must be deterministic. +This means if `ProcessProposal` panics or fails and we reject, all honest validator +processes will prevote nil and the CometBFT round will proceed again until a valid +proposal is proposed. + +Here is the implementation of the default implementation: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/baseapp/abci_utils.go#L153-L159 +``` + +Like `PrepareProposal` this implementation is the default and can be modified by +the application developer in [`app.go`](./01-app-go-v2.md). If you decide to implement +your own `ProcessProposal` handler, you must be sure to ensure that the transactions +provided in the proposal DO NOT exceed the maximum block gas (if set). + +```go +processOpt := func(app *baseapp.BaseApp) { + abciPropHandler := baseapp.NewDefaultProposalHandler(mempool, app) + app.SetProcessProposal(abciPropHandler.ProcessProposalHandler()) +} + +baseAppOptions = append(baseAppOptions, processOpt) +``` + +## Mempool + +Now that we have walked through the `PrepareProposal` & `ProcessProposal`, we can move on to walking through the mempool. + +There are countless designs that an application developer can write for a mempool, the SDK opted to provide only simple mempool implementations. +Namely, the SDK provides the following mempools: + +* [No-op Mempool](#no-op-mempool) +* [Sender Nonce Mempool](#sender-nonce-mempool) +* [Priority Nonce Mempool](#priority-nonce-mempool) + +The default SDK is a [No-op Mempool](#no-op-mempool), but it can be replaced by the application developer in [`app.go`](./01-app-go-v2.md): + +```go +nonceMempool := mempool.NewSenderNonceMempool() +mempoolOpt := baseapp.SetMempool(nonceMempool) +baseAppOptions = append(baseAppOptions, mempoolOpt) +``` + +### No-op Mempool + +A no-op mempool is a mempool where transactions are completely discarded and ignored when BaseApp interacts with the mempool. +When this mempool is used, it assumed that an application will rely on CometBFT's transaction ordering defined in `RequestPrepareProposal`, +which is FIFO-ordered by default. + +> Note: If a NoOp mempool is used, PrepareProposal and ProcessProposal both should be aware of this as +> PrepareProposal could include transactions that could fail verification in ProcessProposal. + +### Sender Nonce Mempool + +The nonce mempool is a mempool that keeps transactions from an sorted by nonce in order to avoid the issues with nonces. +It works by storing the transaction in a list sorted by the transaction nonce. When the proposer asks for transactions to be included in a block it randomly selects a sender and gets the first transaction in the list. It repeats this until the mempool is empty or the block is full. + +It is configurable with the following parameters: + +#### MaxTxs + +It is an integer value that sets the mempool in one of three modes, *bounded*, *unbounded*, or *disabled*. + +* **negative**: Disabled, mempool does not insert new transaction and return early. +* **zero**: Unbounded mempool has no transaction limit and will never fail with `ErrMempoolTxMaxCapacity`. +* **positive**: Bounded, it fails with `ErrMempoolTxMaxCapacity` when `maxTx` value is the same as `CountTx()` + +#### Seed + +Set the seed for the random number generator used to select transactions from the mempool. + +### Priority Nonce Mempool + +The [priority nonce mempool](https://github.com/cosmos/cosmos-sdk/blob/main/types/mempool/priority_nonce_spec.md) is a mempool implementation that stores txs in a partially ordered set by 2 dimensions: + +* priority +* sender-nonce (sequence number) + +Internally it uses one priority ordered [skip list](https://pkg.go.dev/github.com/huandu/skiplist) and one skip list per sender ordered by sender-nonce (sequence number). When there are multiple txs from the same sender, they are not always comparable by priority to other sender txs and must be partially ordered by both sender-nonce and priority. + +It is configurable with the following parameters: + +#### MaxTxs + +It is an integer value that sets the mempool in one of three modes, *bounded*, *unbounded*, or *disabled*. + +* **negative**: Disabled, mempool does not insert new transaction and return early. +* **zero**: Unbounded mempool has no transaction limit and will never fail with `ErrMempoolTxMaxCapacity`. +* **positive**: Bounded, it fails with `ErrMempoolTxMaxCapacity` when `maxTx` value is the same as `CountTx()` + +#### Callback + +The priority nonce mempool provides mempool options allowing the application sets callback(s). + +* **OnRead**: Set a callback to be called when a transaction is read from the mempool. +* **TxReplacement**: Sets a callback to be called when duplicated transaction nonce detected during mempool insert. Application can define a transaction replacement rule based on tx priority or certain transaction fields. + +More information on the SDK mempool implementation can be found in the [godocs](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/types/mempool). diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-apps/03-app-upgrade.md b/copy-of-sdk-versioned_docs/version-0.50/build/building-apps/03-app-upgrade.md new file mode 100644 index 00000000..ef4e4bae --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-apps/03-app-upgrade.md @@ -0,0 +1,218 @@ +--- +sidebar_position: 1 +--- + +# Application Upgrade + +:::note +This document describes how to upgrade your application. If you are looking specifically for the changes to perform between SDK versions, see the [SDK migrations documentation](https://docs.cosmos.network/main/migrations/intro). +::: + +:::warning +This section is currently incomplete. Track the progress of this document [here](https://github.com/cosmos/cosmos-sdk/issues/11504). +::: + +:::note Pre-requisite Readings + +* [`x/upgrade` Documentation](https://docs.cosmos.network/main/modules/upgrade) + +::: + +## General Workflow + +Let's assume we are running v0.38.0 of our software in our testnet and want to upgrade to v0.40.0. +How would this look in practice? First of all, we want to finalize the v0.40.0 release candidate +and there install a specially named upgrade handler (eg. "testnet-v2" or even "v0.40.0"). An upgrade +handler should be defined in a new version of the software to define what migrations +to run to migrate from the older version of the software. Naturally, this is app-specific rather +than module specific, and must be defined in `app.go`, even if it imports logic from various +modules to perform the actions. You can register them with `upgradeKeeper.SetUpgradeHandler` +during the app initialization (before starting the abci server), and they serve not only to +perform a migration, but also to identify if this is the old or new version (eg. presence of +a handler registered for the named upgrade). + +Once the release candidate along with an appropriate upgrade handler is frozen, +we can have a governance vote to approve this upgrade at some future block height (e.g. 200000). +This is known as an upgrade.Plan. The v0.38.0 code will not know of this handler, but will +continue to run until block 200000, when the plan kicks in at `BeginBlock`. It will check +for existence of the handler, and finding it missing, know that it is running the obsolete software, +and gracefully exit. + +Generally the application binary will restart on exit, but then will execute this BeginBlocker +again and exit, causing a restart loop. Either the operator can manually install the new software, +or you can make use of an external watcher daemon to possibly download and then switch binaries, +also potentially doing a backup. The SDK tool for doing such, is called [Cosmovisor](https://docs.cosmos.network/main/tooling/cosmovisor). + +When the binary restarts with the upgraded version (here v0.40.0), it will detect we have registered the +"testnet-v2" upgrade handler in the code, and realize it is the new version. It then will run the upgrade handler +and *migrate the database in-place*. Once finished, it marks the upgrade as done, and continues processing +the rest of the block as normal. Once 2/3 of the voting power has upgraded, the blockchain will immediately +resume the consensus mechanism. If the majority of operators add a custom `do-upgrade` script, this should +be a matter of minutes and not even require them to be awake at that time. + +## Integrating With An App + +:::tip +The following is not required for users using `depinject`, this is abstracted for them. +::: + +In addition to basic module wiring, setup the upgrade Keeper for the app and then define a `PreBlocker` that calls the upgrade +keeper's PreBlocker method: + +```go +func (app *myApp) PreBlocker(ctx sdk.Context, req req.RequestFinalizeBlock) (*sdk.ResponsePreBlock, error) { + // For demonstration sake, the app PreBlocker only returns the upgrade module pre-blocker. + // In a real app, the module manager should call all pre-blockers + // return return app.ModuleManager.PreBlock(ctx, req) + return app.upgradeKeeper.PreBlocker(ctx, req) +} +``` + +The app must then integrate the upgrade keeper with its governance module as appropriate. The governance module +should call ScheduleUpgrade to schedule an upgrade and ClearUpgradePlan to cancel a pending upgrade. + +## Performing Upgrades + +Upgrades can be scheduled at a predefined block height. Once this block height is reached, the +existing software will cease to process ABCI messages and a new version with code that handles the upgrade must be deployed. +All upgrades are coordinated by a unique upgrade name that cannot be reused on the same blockchain. In order for the upgrade +module to know that the upgrade has been safely applied, a handler with the name of the upgrade must be installed. +Here is an example handler for an upgrade named "my-fancy-upgrade": + +```go +app.upgradeKeeper.SetUpgradeHandler("my-fancy-upgrade", func(ctx context.Context, plan upgrade.Plan) { + // Perform any migrations of the state store needed for this upgrade +}) +``` + +This upgrade handler performs the dual function of alerting the upgrade module that the named upgrade has been applied, +as well as providing the opportunity for the upgraded software to perform any necessary state migrations. Both the halt +(with the old binary) and applying the migration (with the new binary) are enforced in the state machine. Actually +switching the binaries is an ops task and not handled inside the sdk / abci app. + +Here is a sample code to set store migrations with an upgrade: + +```go +// this configures a no-op upgrade handler for the "my-fancy-upgrade" upgrade +app.UpgradeKeeper.SetUpgradeHandler("my-fancy-upgrade", func(ctx context.Context, plan upgrade.Plan) { + // upgrade changes here +}) +upgradeInfo, err := app.UpgradeKeeper.ReadUpgradeInfoFromDisk() +if err != nil { + // handle error +} +if upgradeInfo.Name == "my-fancy-upgrade" && !app.UpgradeKeeper.IsSkipHeight(upgradeInfo.Height) { + storeUpgrades := store.StoreUpgrades{ + Renamed: []store.StoreRename{{ + OldKey: "foo", + NewKey: "bar", + }}, + Deleted: []string{}, + } + // configure store loader that checks if version == upgradeHeight and applies store upgrades + app.SetStoreLoader(upgrade.UpgradeStoreLoader(upgradeInfo.Height, &storeUpgrades)) +} +``` + +## Halt Behavior + +Before halting the ABCI state machine in the BeginBlocker method, the upgrade module will log an error +that looks like: + +```text + UPGRADE "" NEEDED at height : +``` + +where `Name` and `Info` are the values of the respective fields on the upgrade Plan. + +To perform the actual halt of the blockchain, the upgrade keeper simply panics which prevents the ABCI state machine +from proceeding but doesn't actually exit the process. Exiting the process can cause issues for other nodes that start +to lose connectivity with the exiting nodes, thus this module prefers to just halt but not exit. + +## Automation + +Read more about [Cosmovisor](https://docs.cosmos.network/main/tooling/cosmovisor), the tool for automating upgrades. + +## Canceling Upgrades + +There are two ways to cancel a planned upgrade - with on-chain governance or off-chain social consensus. +For the first one, there is a `CancelSoftwareUpgrade` governance proposal, which can be voted on and will +remove the scheduled upgrade plan. Of course this requires that the upgrade was known to be a bad idea +well before the upgrade itself, to allow time for a vote. If you want to allow such a possibility, you +should set the upgrade height to be `2 * (votingperiod + depositperiod) + (safety delta)` from the beginning of +the first upgrade proposal. Safety delta is the time available from the success of an upgrade proposal +and the realization it was a bad idea (due to external testing). You can also start a `CancelSoftwareUpgrade` +proposal while the original `SoftwareUpgrade` proposal is still being voted upon, as long as the voting +period ends after the `SoftwareUpgrade` proposal. + +However, let's assume that we don't realize the upgrade has a bug until shortly before it will occur +(or while we try it out - hitting some panic in the migration). It would seem the blockchain is stuck, +but we need to allow an escape for social consensus to overrule the planned upgrade. To do so, there's +a `--unsafe-skip-upgrades` flag to the start command, which will cause the node to mark the upgrade +as done upon hitting the planned upgrade height(s), without halting and without actually performing a migration. +If over two-thirds run their nodes with this flag on the old binary, it will allow the chain to continue through +the upgrade with a manual override. (This must be well-documented for anyone syncing from genesis later on). + +Example: + +```shell + start --unsafe-skip-upgrades ... +``` + +## Pre-Upgrade Handling + +Cosmovisor supports custom pre-upgrade handling. Use pre-upgrade handling when you need to implement application config changes that are required in the newer version before you perform the upgrade. + +Using Cosmovisor pre-upgrade handling is optional. If pre-upgrade handling is not implemented, the upgrade continues. + +For example, make the required new-version changes to `app.toml` settings during the pre-upgrade handling. The pre-upgrade handling process means that the file does not have to be manually updated after the upgrade. + +Before the application binary is upgraded, Cosmovisor calls a `pre-upgrade` command that can be implemented by the application. + +The `pre-upgrade` command does not take in any command-line arguments and is expected to terminate with the following exit codes: + +| Exit status code | How it is handled in Cosmosvisor | +|------------------|---------------------------------------------------------------------------------------------------------------------| +| `0` | Assumes `pre-upgrade` command executed successfully and continues the upgrade. | +| `1` | Default exit code when `pre-upgrade` command has not been implemented. | +| `30` | `pre-upgrade` command was executed but failed. This fails the entire upgrade. | +| `31` | `pre-upgrade` command was executed but failed. But the command is retried until exit code `1` or `30` are returned. | + +## Sample + +Here is a sample structure of the `pre-upgrade` command: + +```go +func preUpgradeCommand() *cobra.Command { + cmd := &cobra.Command{ + Use: "pre-upgrade", + Short: "Pre-upgrade command", + Long: "Pre-upgrade command to implement custom pre-upgrade handling", + Run: func(cmd *cobra.Command, args []string) { + + err := HandlePreUpgrade() + + if err != nil { + os.Exit(30) + } + + os.Exit(0) + + }, + } + + return cmd +} +``` + +Ensure that the pre-upgrade command has been registered in the application: + +```go +rootCmd.AddCommand( + // .. + preUpgradeCommand(), + // .. + ) +``` + +When not using Cosmovisor, ensure to run ` pre-upgrade` before starting the application binary. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-apps/04-vote-extensions.md b/copy-of-sdk-versioned_docs/version-0.50/build/building-apps/04-vote-extensions.md new file mode 100644 index 00000000..d2f33aa0 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-apps/04-vote-extensions.md @@ -0,0 +1,121 @@ +--- +sidebar_position: 1 +--- + +# Vote Extensions + +:::note Synopsis +This section describes how the application can define and use vote extensions +defined in ABCI++. +::: + +## Extend Vote + +ABCI++ allows an application to extend a pre-commit vote with arbitrary data. This +process does NOT have to be deterministic, and the data returned can be unique to the +validator process. The Cosmos SDK defines `baseapp.ExtendVoteHandler`: + +```go +type ExtendVoteHandler func(Context, *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) +``` + +An application can set this handler in `app.go` via the `baseapp.SetExtendVoteHandler` +`BaseApp` option function. The `sdk.ExtendVoteHandler`, if defined, is called during +the `ExtendVote` ABCI method. Note, if an application decides to implement +`baseapp.ExtendVoteHandler`, it MUST return a non-nil `VoteExtension`. However, the vote +extension can be empty. See [here](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/spec/abci/abci++_methods.md#extendvote) +for more details. + +There are many decentralized censorship-resistant use cases for vote extensions. +For example, a validator may want to submit prices for a price oracle or encryption +shares for an encrypted transaction mempool. Note, an application should be careful +to consider the size of the vote extensions as they could increase latency in block +production. See [here](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/docs/qa/CometBFT-QA-38.md#vote-extensions-testbed) +for more details. + +## Verify Vote Extension + +Similar to extending a vote, an application can also verify vote extensions from +other validators when validating their pre-commits. For a given vote extension, +this process MUST be deterministic. The Cosmos SDK defines `sdk.VerifyVoteExtensionHandler`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/abci.go#L26-L27 +``` + +An application can set this handler in `app.go` via the `baseapp.SetVerifyVoteExtensionHandler` +`BaseApp` option function. The `sdk.VerifyVoteExtensionHandler`, if defined, is called +during the `VerifyVoteExtension` ABCI method. If an application defines a vote +extension handler, it should also define a verification handler. Note, not all +validators will share the same view of what vote extensions they verify depending +on how votes are propagated. See [here](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/spec/abci/abci++_methods.md#verifyvoteextension) +for more details. + +## Vote Extension Propagation + +The agreed upon vote extensions at height `H` are provided to the proposing validator +at height `H+1` during `PrepareProposal`. As a result, the vote extensions are +not natively provided or exposed to the remaining validators during `ProcessProposal`. +As a result, if an application requires that the agreed upon vote extensions from +height `H` are available to all validators at `H+1`, the application must propagate +these vote extensions manually in the block proposal itself. This can be done by +"injecting" them into the block proposal, since the `Txs` field in `PrepareProposal` +is just a slice of byte slices. + +`FinalizeBlock` will ignore any byte slice that doesn't implement an `sdk.Tx`, so +any injected vote extensions will safely be ignored in `FinalizeBlock`. For more +details on propagation, see the [ABCI++ 2.0 ADR](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-064-abci-2.0.md#vote-extension-propagation--verification). + +### Recovery of injected Vote Extensions + +As stated before, vote extensions can be injected into a block proposal (along with +other transactions in the `Txs` field). The Cosmos SDK provides a pre-FinalizeBlock +hook to allow applications to recover vote extensions, perform any necessary +computation on them, and then store the results in the cached store. These results +will be available to the application during the subsequent `FinalizeBlock` call. + +An example of how a pre-FinalizeBlock hook could look like is shown below: + +```go +app.SetPreBlocker(func(ctx sdk.Context, req *abci.RequestFinalizeBlock) error { + allVEs := []VE{} // store all parsed vote extensions here + for _, tx := range req.Txs { + // define a custom function that tries to parse the tx as a vote extension + ve, ok := parseVoteExtension(tx) + if !ok { + continue + } + + allVEs = append(allVEs, ve) + } + + // perform any necessary computation on the vote extensions and store the result + // in the cached store + result := compute(allVEs) + err := storeVEResult(ctx, result) + if err != nil { + return err + } + + return nil +}) + +``` + +Then, in an app's module, the application can retrieve the result of the computation +of vote extensions from the cached store: + +```go +func (k Keeper) BeginBlocker(ctx context.Context) error { + // retrieve the result of the computation of vote extensions from the cached store + result, err := k.GetVEResult(ctx) + if err != nil { + return err + } + + // use the result of the computation of vote extensions + k.setSomething(result) + + return nil +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-apps/05-app-testnet.md b/copy-of-sdk-versioned_docs/version-0.50/build/building-apps/05-app-testnet.md new file mode 100644 index 00000000..c30ca0a6 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-apps/05-app-testnet.md @@ -0,0 +1,235 @@ +--- +sidebar_position: 1 +--- + +# Application Testnets + +Building an application is complicated and requires a lot of testing. The Cosmos SDK provides a way to test your application in a real-world environment: a testnet. + +We allow developers to take the state from their mainnet and run tests against the state. This is useful for testing upgrade migrations, or for testing the application in a real-world environment. + +## Testnet Setup + +We will be breaking down the steps to create a testnet from mainnet state. + +```go + // InitSimAppForTestnet is broken down into two sections: + // Required Changes: Changes that, if not made, will cause the testnet to halt or panic + // Optional Changes: Changes to customize the testnet to one's liking (lower vote times, fund accounts, etc) + func InitSimAppForTestnet(app *SimApp, newValAddr bytes.HexBytes, newValPubKey crypto.PubKey, newOperatorAddress, upgradeToTrigger string) *SimApp { + ... + } +``` + +### Required Changes + +#### Staking + +When creating a testnet the important part is migrate the validator set from many validators to one or a few. This allows developers to spin up the chain without needing to replace validator keys. + +```go + ctx := app.BaseApp.NewUncachedContext(true, tmproto.Header{}) + pubkey := &ed25519.PubKey{Key: newValPubKey.Bytes()} + pubkeyAny, err := types.NewAnyWithValue(pubkey) + if err != nil { + tmos.Exit(err.Error()) + } + + // STAKING + // + + // Create Validator struct for our new validator. + _, bz, err := bech32.DecodeAndConvert(newOperatorAddress) + if err != nil { + tmos.Exit(err.Error()) + } + bech32Addr, err := bech32.ConvertAndEncode("simvaloper", bz) + if err != nil { + tmos.Exit(err.Error()) + } + newVal := stakingtypes.Validator{ + OperatorAddress: bech32Addr, + ConsensusPubkey: pubkeyAny, + Jailed: false, + Status: stakingtypes.Bonded, + Tokens: sdk.NewInt(900000000000000), + DelegatorShares: sdk.MustNewDecFromStr("10000000"), + Description: stakingtypes.Description{ + Moniker: "Testnet Validator", + }, + Commission: stakingtypes.Commission{ + CommissionRates: stakingtypes.CommissionRates{ + Rate: sdk.MustNewDecFromStr("0.05"), + MaxRate: sdk.MustNewDecFromStr("0.1"), + MaxChangeRate: sdk.MustNewDecFromStr("0.05"), + }, + }, + MinSelfDelegation: sdk.OneInt(), + } + + // Remove all validators from power store + stakingKey := app.GetKey(stakingtypes.ModuleName) + stakingStore := ctx.KVStore(stakingKey) + iterator := app.StakingKeeper.ValidatorsPowerStoreIterator(ctx) + for ; iterator.Valid(); iterator.Next() { + stakingStore.Delete(iterator.Key()) + } + iterator.Close() + + // Remove all valdiators from last validators store + iterator = app.StakingKeeper.LastValidatorsIterator(ctx) + for ; iterator.Valid(); iterator.Next() { + app.StakingKeeper.LastValidatorPower.Delete(iterator.Key()) + } + iterator.Close() + + // Add our validator to power and last validators store + app.StakingKeeper.SetValidator(ctx, newVal) + err = app.StakingKeeper.SetValidatorByConsAddr(ctx, newVal) + if err != nil { + panic(err) + } + app.StakingKeeper.SetValidatorByPowerIndex(ctx, newVal) + app.StakingKeeper.SetLastValidatorPower(ctx, newVal.GetOperator(), 0) + if err := app.StakingKeeper.Hooks().AfterValidatorCreated(ctx, newVal.GetOperator()); err != nil { + panic(err) + } +``` + +#### Distribution + +Since the validator set has changed, we need to update the distribution records for the new validator. + + +```go + // Initialize records for this validator across all distribution stores + app.DistrKeeper.ValidatorHistoricalRewards.Set(ctx, newVal.GetOperator(), 0, distrtypes.NewValidatorHistoricalRewards(sdk.DecCoins{}, 1)) + app.DistrKeeper.ValidatorCurrentRewards.Set(ctx, newVal.GetOperator(), distrtypes.NewValidatorCurrentRewards(sdk.DecCoins{}, 1)) + app.DistrKeeper.ValidatorAccumulatedCommission.Set(ctx, newVal.GetOperator(), distrtypes.InitialValidatorAccumulatedCommission()) + app.DistrKeeper.ValidatorOutstandingRewards.Set(ctx, newVal.GetOperator(), distrtypes.ValidatorOutstandingRewards{Rewards: sdk.DecCoins{}}) +``` + +#### Slashing + +We also need to set the validator signing info for the new validator. + +```go + // SLASHING + // + + // Set validator signing info for our new validator. + newConsAddr := sdk.ConsAddress(newValAddr.Bytes()) + newValidatorSigningInfo := slashingtypes.ValidatorSigningInfo{ + Address: newConsAddr.String(), + StartHeight: app.LastBlockHeight() - 1, + Tombstoned: false, + } + app.SlashingKeeper.ValidatorSigningInfo.Set(ctx, newConsAddr, newValidatorSigningInfo) +``` + +#### Bank + +It is useful to create new accounts for your testing purposes. This avoids the need to have the same key as you may have on mainnet. + +```go + // BANK + // + + defaultCoins := sdk.NewCoins(sdk.NewInt64Coin("ustake", 1000000000000)) + + localSimAppAccounts := []sdk.AccAddress{ + sdk.MustAccAddressFromBech32("cosmos12smx2wdlyttvyzvzg54y2vnqwq2qjateuf7thj"), + sdk.MustAccAddressFromBech32("cosmos1cyyzpxplxdzkeea7kwsydadg87357qnahakaks"), + sdk.MustAccAddressFromBech32("cosmos18s5lynnmx37hq4wlrw9gdn68sg2uxp5rgk26vv"), + sdk.MustAccAddressFromBech32("cosmos1qwexv7c6sm95lwhzn9027vyu2ccneaqad4w8ka"), + sdk.MustAccAddressFromBech32("cosmos14hcxlnwlqtq75ttaxf674vk6mafspg8xwgnn53"), + sdk.MustAccAddressFromBech32("cosmos12rr534cer5c0vj53eq4y32lcwguyy7nndt0u2t"), + sdk.MustAccAddressFromBech32("cosmos1nt33cjd5auzh36syym6azgc8tve0jlvklnq7jq"), + sdk.MustAccAddressFromBech32("cosmos10qfrpash5g2vk3hppvu45x0g860czur8ff5yx0"), + sdk.MustAccAddressFromBech32("cosmos1f4tvsdukfwh6s9swrc24gkuz23tp8pd3e9r5fa"), + sdk.MustAccAddressFromBech32("cosmos1myv43sqgnj5sm4zl98ftl45af9cfzk7nhjxjqh"), + sdk.MustAccAddressFromBech32("cosmos14gs9zqh8m49yy9kscjqu9h72exyf295afg6kgk"), + sdk.MustAccAddressFromBech32("cosmos1jllfytsz4dryxhz5tl7u73v29exsf80vz52ucc")} + + // Fund localSimApp accounts + for _, account := range localSimAppAccounts { + err := app.BankKeeper.MintCoins(ctx, minttypes.ModuleName, defaultCoins) + if err != nil { + tmos.Exit(err.Error()) + } + err = app.BankKeeper.SendCoinsFromModuleToAccount(ctx, minttypes.ModuleName, account, defaultCoins) + if err != nil { + tmos.Exit(err.Error()) + } + } +``` + +#### Upgrade + +If you would like to schedule an upgrade the below can be used. + +```go + // UPGRADE + // + + if upgradeToTrigger != "" { + upgradePlan := upgradetypes.Plan{ + Name: upgradeToTrigger, + Height: app.LastBlockHeight(), + } + err = app.UpgradeKeeper.ScheduleUpgrade(ctx, upgradePlan) + if err != nil { + panic(err) + } + } +``` + +### Optional Changes + +If you have custom modules that rely on specific state from the above modules and/or you would like to test your custom module, you will need to update the state of your custom module to reflect your needs + +## Running the Testnet + +Before we can run the testnet we must plug everything together. + +in `root.go`, in the `initRootCmd` function we add: + +```diff + server.AddCommands(rootCmd, simapp.DefaultNodeHome, newApp, createSimAppAndExport, addModuleInitFlags) + ++ server.AddTestnetCreatorCommand(rootCmd, simapp.DefaultNodeHome, newTestnetApp, addModuleInitFlags) +``` + +Next we will add a newTestnetApp helper function: + +```diff +// newTestnetApp starts by running the normal newApp method. From there, the app interface returned is modified in order +// for a testnet to be created from the provided app. +func newTestnetApp(logger log.Logger, db cometbftdb.DB, traceStore io.Writer, appOpts servertypes.AppOptions) servertypes.Application { + // Create an app and type cast to an SimApp + app := newApp(logger, db, traceStore, appOpts) + simApp, ok := app.(*simapp.SimApp) + if !ok { + panic("app created from newApp is not of type simApp") + } + + newValAddr, ok := appOpts.Get(server.KeyNewValAddr).(bytes.HexBytes) + if !ok { + panic("newValAddr is not of type bytes.HexBytes") + } + newValPubKey, ok := appOpts.Get(server.KeyUserPubKey).(crypto.PubKey) + if !ok { + panic("newValPubKey is not of type crypto.PubKey") + } + newOperatorAddress, ok := appOpts.Get(server.KeyNewOpAddr).(string) + if !ok { + panic("newOperatorAddress is not of type string") + } + upgradeToTrigger, ok := appOpts.Get(server.KeyTriggerTestnetUpgrade).(string) + if !ok { + panic("upgradeToTrigger is not of type string") + } + + // Make modifications to the normal SimApp required to run the network locally + return simapp.InitSimAppForTestnet(simApp, newValAddr, newValPubKey, newOperatorAddress, upgradeToTrigger) +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-apps/_category_.json b/copy-of-sdk-versioned_docs/version-0.50/build/building-apps/_category_.json new file mode 100644 index 00000000..342732cc --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-apps/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Building Apps", + "position": 0, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/00-intro.md b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/00-intro.md new file mode 100644 index 00000000..4ac5462f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/00-intro.md @@ -0,0 +1,101 @@ +--- +sidebar_position: 1 +--- + +# Introduction to Cosmos SDK Modules + +:::note Synopsis +Modules define most of the logic of Cosmos SDK applications. Developers compose modules together using the Cosmos SDK to build their custom application-specific blockchains. This document outlines the basic concepts behind SDK modules and how to approach module management. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK application](../../learn/beginner/00-app-anatomy.md) +* [Lifecycle of a Cosmos SDK transaction](../../learn/beginner/01-tx-lifecycle.md) + +::: + +## Role of Modules in a Cosmos SDK Application + +The Cosmos SDK can be thought of as the Ruby-on-Rails of blockchain development. It comes with a core that provides the basic functionalities every blockchain application needs, like a [boilerplate implementation of the ABCI](../../learn/advanced/00-baseapp.md) to communicate with the underlying consensus engine, a [`multistore`](../../learn/advanced/04-store.md#multistore) to persist state, a [server](../../learn/advanced/03-node.md) to form a full-node and [interfaces](./09-module-interfaces.md) to handle queries. + +On top of this core, the Cosmos SDK enables developers to build modules that implement the business logic of their application. In other words, SDK modules implement the bulk of the logic of applications, while the core does the wiring and enables modules to be composed together. The end goal is to build a robust ecosystem of open-source Cosmos SDK modules, making it increasingly easier to build complex blockchain applications. + +Cosmos SDK modules can be seen as little state-machines within the state-machine. They generally define a subset of the state using one or more `KVStore`s in the [main multistore](../../learn/advanced/04-store.md), as well as a subset of [message types](./02-messages-and-queries.md#messages). These messages are routed by one of the main components of Cosmos SDK core, [`BaseApp`](../../learn/advanced/00-baseapp.md), to a module Protobuf [`Msg` service](./03-msg-services.md) that defines them. + +```text + + + | + | Transaction relayed from the full-node's consensus engine + | to the node's application via DeliverTx + | + | + | + +---------------------v--------------------------+ + | APPLICATION | + | | + | Using baseapp's methods: Decode the Tx, | + | extract and route the message(s) | + | | + +---------------------+--------------------------+ + | + | + | + +---------------------------+ + | + | + | + | Message routed to the correct + | module to be processed + | + | ++----------------+ +---------------+ +----------------+ +------v----------+ +| | | | | | | | +| AUTH MODULE | | BANK MODULE | | STAKING MODULE | | GOV MODULE | +| | | | | | | | +| | | | | | | Handles message,| +| | | | | | | Updates state | +| | | | | | | | ++----------------+ +---------------+ +----------------+ +------+----------+ + | + | + | + | + +--------------------------+ + | + | Return result to the underlying consensus engine (e.g. CometBFT) + | (0=Ok, 1=Err) + v +``` + +As a result of this architecture, building a Cosmos SDK application usually revolves around writing modules to implement the specialized logic of the application and composing them with existing modules to complete the application. Developers will generally work on modules that implement logic needed for their specific use case that do not exist yet, and will use existing modules for more generic functionalities like staking, accounts, or token management. + + +### Modules as Sudo + +Modules have the ability to perform actions that are not available to regular users. This is because modules are given sudo permissions by the state machine. Modules can reject another modules desire to execute a function but this logic must be explicit. Examples of this can be seen when modules create functions to modify parameters: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/61da5d1c29c16a1eb5bb5488719fde604ec07b10/x/bank/keeper/msg_server.go#L147-L149 +``` + +## How to Approach Building Modules as a Developer + +While there are no definitive guidelines for writing modules, here are some important design principles developers should keep in mind when building them: + +* **Composability**: Cosmos SDK applications are almost always composed of multiple modules. This means developers need to carefully consider the integration of their module not only with the core of the Cosmos SDK, but also with other modules. The former is achieved by following standard design patterns outlined [here](#main-components-of-sdk-modules), while the latter is achieved by properly exposing the store(s) of the module via the [`keeper`](./06-keeper.md). +* **Specialization**: A direct consequence of the **composability** feature is that modules should be **specialized**. Developers should carefully establish the scope of their module and not batch multiple functionalities into the same module. This separation of concerns enables modules to be re-used in other projects and improves the upgradability of the application. **Specialization** also plays an important role in the [object-capabilities model](../../learn/advanced/10-ocap.md) of the Cosmos SDK. +* **Capabilities**: Most modules need to read and/or write to the store(s) of other modules. However, in an open-source environment, it is possible for some modules to be malicious. That is why module developers need to carefully think not only about how their module interacts with other modules, but also about how to give access to the module's store(s). The Cosmos SDK takes a capabilities-oriented approach to inter-module security. This means that each store defined by a module is accessed by a `key`, which is held by the module's [`keeper`](./06-keeper.md). This `keeper` defines how to access the store(s) and under what conditions. Access to the module's store(s) is done by passing a reference to the module's `keeper`. + +## Main Components of Cosmos SDK Modules + +Modules are by convention defined in the `./x/` subfolder (e.g. the `bank` module will be defined in the `./x/bank` folder). They generally share the same core components: + +* A [`keeper`](./06-keeper.md), used to access the module's store(s) and update the state. +* A [`Msg` service](./02-messages-and-queries.md#messages), used to process messages when they are routed to the module by [`BaseApp`](../../learn/advanced/00-baseapp.md#message-routing) and trigger state-transitions. +* A [query service](./04-query-services.md), used to process user queries when they are routed to the module by [`BaseApp`](../../learn/advanced/00-baseapp.md#query-routing). +* Interfaces, for end users to query the subset of the state defined by the module and create `message`s of the custom types defined in the module. + +In addition to these components, modules implement the `AppModule` interface in order to be managed by the [`module manager`](./01-module-manager.md). + +Please refer to the [structure document](./11-structure.md) to learn about the recommended structure of a module's directory. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/01-module-manager.md b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/01-module-manager.md new file mode 100644 index 00000000..955c82ff --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/01-module-manager.md @@ -0,0 +1,330 @@ +--- +sidebar_position: 1 +--- + +# Module Manager + +:::note Synopsis +Cosmos SDK modules need to implement the [`AppModule` interfaces](#application-module-interfaces), in order to be managed by the application's [module manager](#module-manager). The module manager plays an important role in [`message` and `query` routing](../../learn/advanced/00-baseapp.md#routing), and allows application developers to set the order of execution of a variety of functions like [`PreBlocker`](../../learn/beginner/00-app-anatomy#preblocker) and [`BeginBlocker` and `EndBlocker`](../../learn/beginner/00-app-anatomy.md#begingblocker-and-endblocker). +::: + +:::note Pre-requisite Readings + +* [Introduction to Cosmos SDK Modules](./00-intro.md) + +::: + +## Application Module Interfaces + +Application module interfaces exist to facilitate the composition of modules together to form a functional Cosmos SDK application. + +:::note + +It is recommended to implement interfaces from the [Core API](https://docs.cosmos.network/main/architecture/adr-063-core-module-api) `appmodule` package. This makes modules less dependent on the SDK. +For legacy reason modules can still implement interfaces from the SDK `module` package. +::: + +There are 2 main application module interfaces: + +* [`appmodule.AppModule` / `module.AppModule`](#appmodule) for inter-dependent module functionalities (except genesis-related functionalities). +* (legacy) [`module.AppModuleBasic`](#appmodulebasic) for independent module functionalities. New modules can use `module.CoreAppModuleBasicAdaptor` instead. + +The above interfaces are mostly embedding smaller interfaces (extension interfaces), that defines specific functionalities: + +* (legacy) `module.HasName`: Allows the module to provide its own name for legacy purposes. +* (legacy) [`module.HasGenesisBasics`](#modulehasgenesisbasics): The legacy interface for stateless genesis methods. +* [`module.HasGenesis`](#modulehasgenesis) for inter-dependent genesis-related module functionalities. +* [`module.HasABCIGenesis`](#modulehasabcigenesis) for inter-dependent genesis-related module functionalities. +* [`appmodule.HasGenesis` / `module.HasGenesis`](#appmodulehasgenesis): The extension interface for stateful genesis methods. +* [`appmodule.HasPreBlocker`](#haspreblocker): The extension interface that contains information about the `AppModule` and `PreBlock`. +* [`appmodule.HasBeginBlocker`](#hasbeginblocker): The extension interface that contains information about the `AppModule` and `BeginBlock`. +* [`appmodule.HasEndBlocker`](#hasendblocker): The extension interface that contains information about the `AppModule` and `EndBlock`. +* [`appmodule.HasPrecommit`](#hasprecommit): The extension interface that contains information about the `AppModule` and `Precommit`. +* [`appmodule.HasPrepareCheckState`](#haspreparecheckstate): The extension interface that contains information about the `AppModule` and `PrepareCheckState`. +* [`appmodule.HasService` / `module.HasServices`](#hasservices): The extension interface for modules to register services. +* [`module.HasABCIEndBlock`](#hasabciendblock): The extension interface that contains information about the `AppModule`, `EndBlock` and returns an updated validator set. +* (legacy) [`module.HasInvariants`](#hasinvariants): The extension interface for registering invariants. +* (legacy) [`module.HasConsensusVersion`](#hasconsensusversion): The extension interface for declaring a module consensus version. + +The `AppModuleBasic` interface exists to define independent methods of the module, i.e. those that do not depend on other modules in the application. This allows for the construction of the basic application structure early in the application definition, generally in the `init()` function of the [main application file](../../learn/beginner/00-app-anatomy.md#core-application-file). + +The `AppModule` interface exists to define inter-dependent module methods. Many modules need to interact with other modules, typically through [`keeper`s](./06-keeper.md), which means there is a need for an interface where modules list their `keeper`s and other methods that require a reference to another module's object. `AppModule` interface extension, such as `HasBeginBlocker` and `HasEndBlocker`, also enables the module manager to set the order of execution between module's methods like `BeginBlock` and `EndBlock`, which is important in cases where the order of execution between modules matters in the context of the application. + +The usage of extension interfaces allows modules to define only the functionalities they need. For example, a module that does not need an `EndBlock` does not need to define the `HasEndBlocker` interface and thus the `EndBlock` method. `AppModule` and `AppModuleGenesis` are voluntarily small interfaces, that can take advantage of the `Module` patterns without having to define many placeholder functions. + +### `AppModuleBasic` + +:::note +Use `module.CoreAppModuleBasicAdaptor` instead for creating an `AppModuleBasic` from an `appmodule.AppModule`. +::: + +The `AppModuleBasic` interface defines the independent methods modules need to implement. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/module/module.go#L56-L66 +``` + +Let us go through the methods: + +* `RegisterLegacyAminoCodec(*codec.LegacyAmino)`: Registers the `amino` codec for the module, which is used to marshal and unmarshal structs to/from `[]byte` in order to persist them in the module's `KVStore`. +* `RegisterInterfaces(codectypes.InterfaceRegistry)`: Registers a module's interface types and their concrete implementations as `proto.Message`. +* `RegisterGRPCGatewayRoutes(client.Context, *runtime.ServeMux)`: Registers gRPC routes for the module. + +All the `AppModuleBasic` of an application are managed by the [`BasicManager`](#basicmanager). + +### `HasName` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/module/module.go#L71-L73 +``` + +* `HasName` is an interface that has a method `Name()`. This method returns the name of the module as a `string`. + +### Genesis + +:::tip +For easily creating an `AppModule` that only has genesis functionalities, use `module.GenesisOnlyAppModule`. +::: + +#### `module.HasGenesisBasics` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/module/module.go#L76-L79 +``` + +Let us go through the methods: + +* `DefaultGenesis(codec.JSONCodec)`: Returns a default [`GenesisState`](./08-genesis.md#genesisstate) for the module, marshalled to `json.RawMessage`. The default `GenesisState` need to be defined by the module developer and is primarily used for testing. +* `ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage)`: Used to validate the `GenesisState` defined by a module, given in its `json.RawMessage` form. It will usually unmarshall the `json` before running a custom [`ValidateGenesis`](./08-genesis.md#validategenesis) function defined by the module developer. + +#### `module.HasGenesis` + +`HasGenesis` is an extension interface for allowing modules to implement genesis functionalities. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/6ce2505/types/module/module.go#L184-L189 +``` + +#### `module.HasABCIGenesis` + +`HasABCIGenesis` is an extension interface for allowing modules to implement genesis functionalities and returns validator set updates. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/6ce2505/types/module/module.go#L191-L196 +``` + +#### `appmodule.HasGenesis` + +:::warning +`appmodule.HasGenesis` is experimental and should be considered unstable, it is recommended to not use this interface at this time. +::: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/6ce2505/core/appmodule/genesis.go#L8-L25 +``` + +### `AppModule` + +The `AppModule` interface defines a module. Modules can declare their functionalities by implementing extensions interfaces. +`AppModule`s are managed by the [module manager](#manager), which checks which extension interfaces are implemented by the module. + +#### `appmodule.AppModule` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/6afece6/core/appmodule/module.go#L11-L20 +``` + +#### `module.AppModule` + +:::note +Previously the `module.AppModule` interface was containing all the methods that are defined in the extensions interfaces. This was leading to much boilerplate for modules that did not need all the functionalities. +::: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/module/module.go#L195-L199 +``` + +### `HasInvariants` + +This interface defines one method. It allows to checks if a module can register invariants. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/module/module.go#L202-L205 +``` + +* `RegisterInvariants(sdk.InvariantRegistry)`: Registers the [`invariants`](./07-invariants.md) of the module. If an invariant deviates from its predicted value, the [`InvariantRegistry`](./07-invariants.md#registry) triggers appropriate logic (most often the chain will be halted). + +### `HasServices` + +This interface defines one method. It allows to checks if a module can register invariants. + +#### `appmodule.HasService` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/6afece6/core/appmodule/module.go#L22-L40 +``` + +#### `module.HasServices` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/module/module.go#L208-L211 +``` + +* `RegisterServices(Configurator)`: Allows a module to register services. + +### `HasConsensusVersion` + +This interface defines one method for checking a module consensus version. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/module/module.go#L214-L220 +``` + +* `ConsensusVersion() uint64`: Returns the consensus version of the module. + +### `HasPreBlocker` + +The `HasPreBlocker` is an extension interface from `appmodule.AppModule`. All modules that have an `PreBlock` method implement this interface. + +### `HasBeginBlocker` + +The `HasBeginBlocker` is an extension interface from `appmodule.AppModule`. All modules that have an `BeginBlock` method implement this interface. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/core/appmodule/module.go#L56-L63 +``` + +* `BeginBlock(context.Context) error`: This method gives module developers the option to implement logic that is automatically triggered at the beginning of each block. + +### `HasEndBlocker` + +The `HasEndBlocker` is an extension interface from `appmodule.AppModule`. All modules that have an `EndBlock` method implement this interface. If a module need to return validator set updates (staking), they can use `HasABCIEndBlock` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/core/appmodule/module.go#L66-L72 +``` + +* `EndBlock(context.Context) error`: This method gives module developers the option to implement logic that is automatically triggered at the end of each block. + +### `HasABCIEndBlock` + +The `HasABCIEndBlock` is an extension interface from `module.AppModule`. All modules that have an `EndBlock` which return validator set updates implement this interface. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/module/module.go#L222-L225 +``` + +* `EndBlock(context.Context) ([]abci.ValidatorUpdate, error)`: This method gives module developers the option to inform the underlying consensus engine of validator set changes (e.g. the `staking` module). + +### `HasPrecommit` + +`HasPrecommit` is an extension interface from `appmodule.AppModule`. All modules that have a `Precommit` method implement this interface. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/core/appmodule/module.go#L49-L52 +``` + +* `Precommit(context.Context)`: This method gives module developers the option to implement logic that is automatically triggered during [`Commit'](../../learn/advanced/00-baseapp.md#commit) of each block using the [`finalizeblockstate`](../../learn/advanced/00-baseapp.md#state-updates) of the block to be committed. Implement empty if no logic needs to be triggered during `Commit` of each block for this module. + +### `HasPrepareCheckState` + +`HasPrepareCheckState` is an extension interface from `appmodule.AppModule`. All modules that have a `PrepareCheckState` method implement this interface. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/core/appmodule/module.go#L49-L52 +``` + +* `PrepareCheckState(context.Context)`: This method gives module developers the option to implement logic that is automatically triggered during [`Commit'](../../learn/advanced/00-baseapp.md#commit) of each block using the [`checkState`](../../learn/advanced/00-baseapp.md#state-updates) of the next block. Implement empty if no logic needs to be triggered during `Commit` of each block for this module. + +### Implementing the Application Module Interfaces + +Typically, the various application module interfaces are implemented in a file called `module.go`, located in the module's folder (e.g. `./x/module/module.go`). + +Almost every module needs to implement the `AppModuleBasic` and `AppModule` interfaces. If the module is only used for genesis, it will implement `AppModuleGenesis` instead of `AppModule`. The concrete type that implements the interface can add parameters that are required for the implementation of the various methods of the interface. For example, the `Route()` function often calls a `NewMsgServerImpl(k keeper)` function defined in `keeper/msg_server.go` and therefore needs to pass the module's [`keeper`](./06-keeper.md) as a parameter. + +```go +// example +type AppModule struct { + AppModuleBasic + keeper Keeper +} +``` + +In the example above, you can see that the `AppModule` concrete type references an `AppModuleBasic`, and not an `AppModuleGenesis`. That is because `AppModuleGenesis` only needs to be implemented in modules that focus on genesis-related functionalities. In most modules, the concrete `AppModule` type will have a reference to an `AppModuleBasic` and implement the two added methods of `AppModuleGenesis` directly in the `AppModule` type. + +If no parameter is required (which is often the case for `AppModuleBasic`), just declare an empty concrete type like so: + +```go +type AppModuleBasic struct{} +``` + +## Module Managers + +Module managers are used to manage collections of `AppModuleBasic` and `AppModule`. + +### `BasicManager` + +The `BasicManager` is a structure that lists all the `AppModuleBasic` of an application: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/module/module.go#L82 +``` + +It implements the following methods: + +* `NewBasicManager(modules ...AppModuleBasic)`: Constructor function. It takes a list of the application's `AppModuleBasic` and builds a new `BasicManager`. This function is generally called in the `init()` function of [`app.go`](../../learn/beginner/00-app-anatomy.md#core-application-file) to quickly initialize the independent elements of the application's modules (click [here](https://github.com/cosmos/gaia/blob/main/app/app.go#L59-L74) to see an example). +* `NewBasicManagerFromManager(manager *Manager, customModuleBasics map[string]AppModuleBasic)`: Contructor function. It creates a new `BasicManager` from a `Manager`. The `BasicManager` will contain all `AppModuleBasic` from the `AppModule` manager using `CoreAppModuleBasicAdaptor` whenever possible. Module's `AppModuleBasic` can be overridden by passing a custom AppModuleBasic map +* `RegisterLegacyAminoCodec(cdc *codec.LegacyAmino)`: Registers the [`codec.LegacyAmino`s](../../learn/advanced/05-encoding.md#amino) of each of the application's `AppModuleBasic`. This function is usually called early on in the [application's construction](../../learn/beginner/00-app-anatomy.md#constructor). +* `RegisterInterfaces(registry codectypes.InterfaceRegistry)`: Registers interface types and implementations of each of the application's `AppModuleBasic`. +* `DefaultGenesis(cdc codec.JSONCodec)`: Provides default genesis information for modules in the application by calling the [`DefaultGenesis(cdc codec.JSONCodec)`](./08-genesis.md#defaultgenesis) function of each module. It only calls the modules that implements the `HasGenesisBasics` interfaces. +* `ValidateGenesis(cdc codec.JSONCodec, txEncCfg client.TxEncodingConfig, genesis map[string]json.RawMessage)`: Validates the genesis information modules by calling the [`ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage)`](./08-genesis.md#validategenesis) function of modules implementing the `HasGenesisBasics` interface. +* `RegisterGRPCGatewayRoutes(clientCtx client.Context, rtr *runtime.ServeMux)`: Registers gRPC routes for modules. +* `AddTxCommands(rootTxCmd *cobra.Command)`: Adds modules' transaction commands (defined as `GetTxCmd() *cobra.Command`) to the application's [`rootTxCommand`](../../learn/advanced/07-cli.md#transaction-commands). This function is usually called function from the `main.go` function of the [application's command-line interface](../../learn/advanced/07-cli.md). +* `AddQueryCommands(rootQueryCmd *cobra.Command)`: Adds modules' query commands (defined as `GetQueryCmd() *cobra.Command`) to the application's [`rootQueryCommand`](../../learn/advanced/07-cli.md#query-commands). This function is usually called function from the `main.go` function of the [application's command-line interface](../../learn/advanced/07-cli.md). + +### `Manager` + +The `Manager` is a structure that holds all the `AppModule` of an application, and defines the order of execution between several key components of these modules: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/module/module.go#L267-L276 +``` + +The module manager is used throughout the application whenever an action on a collection of modules is required. It implements the following methods: + +* `NewManager(modules ...AppModule)`: Constructor function. It takes a list of the application's `AppModule`s and builds a new `Manager`. It is generally called from the application's main [constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). +* `SetOrderInitGenesis(moduleNames ...string)`: Sets the order in which the [`InitGenesis`](./08-genesis.md#initgenesis) function of each module will be called when the application is first started. This function is generally called from the application's main [constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). + To initialize modules successfully, module dependencies should be considered. For example, the `genutil` module must occur after `staking` module so that the pools are properly initialized with tokens from genesis accounts, the `genutils` module must also occur after `auth` so that it can access the params from auth, IBC's `capability` module should be initialized before all other modules so that it can initialize any capabilities. +* `SetOrderExportGenesis(moduleNames ...string)`: Sets the order in which the [`ExportGenesis`](./08-genesis.md#exportgenesis) function of each module will be called in case of an export. This function is generally called from the application's main [constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). +* `SetOrderPreBlockers(moduleNames ...string)`: Sets the order in which the `PreBlock()` function of each module will be called before `BeginBlock()` of all modules. This function is generally called from the application's main [constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). +* `SetOrderBeginBlockers(moduleNames ...string)`: Sets the order in which the `BeginBlock()` function of each module will be called at the beginning of each block. This function is generally called from the application's main [constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). +* `SetOrderEndBlockers(moduleNames ...string)`: Sets the order in which the `EndBlock()` function of each module will be called at the end of each block. This function is generally called from the application's main [constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). +* `SetOrderPrecommiters(moduleNames ...string)`: Sets the order in which the `Precommit()` function of each module will be called during commit of each block. This function is generally called from the application's main [constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). +* `SetOrderPrepareCheckStaters(moduleNames ...string)`: Sets the order in which the `PrepareCheckState()` function of each module will be called during commit of each block. This function is generally called from the application's main [constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). +* `SetOrderMigrations(moduleNames ...string)`: Sets the order of migrations to be run. If not set then migrations will be run with an order defined in `DefaultMigrationsOrder`. +* `RegisterInvariants(ir sdk.InvariantRegistry)`: Registers the [invariants](./07-invariants.md) of module implementing the `HasInvariants` interface. +* `RegisterServices(cfg Configurator)`: Registers the services of modules implementing the `HasServices` interface. +* `InitGenesis(ctx context.Context, cdc codec.JSONCodec, genesisData map[string]json.RawMessage)`: Calls the [`InitGenesis`](./08-genesis.md#initgenesis) function of each module when the application is first started, in the order defined in `OrderInitGenesis`. Returns an `abci.ResponseInitChain` to the underlying consensus engine, which can contain validator updates. +* `ExportGenesis(ctx context.Context, cdc codec.JSONCodec)`: Calls the [`ExportGenesis`](./08-genesis.md#exportgenesis) function of each module, in the order defined in `OrderExportGenesis`. The export constructs a genesis file from a previously existing state, and is mainly used when a hard-fork upgrade of the chain is required. +* `ExportGenesisForModules(ctx context.Context, cdc codec.JSONCodec, modulesToExport []string)`: Behaves the same as `ExportGenesis`, except takes a list of modules to export. +* `BeginBlock(ctx context.Context) error`: At the beginning of each block, this function is called from [`BaseApp`](../../learn/advanced/00-baseapp.md#beginblock) and, in turn, calls the [`BeginBlock`](./06-beginblock-endblock.md) function of each modules implementing the `appmodule.HasBeginBlocker` interface, in the order defined in `OrderBeginBlockers`. It creates a child [context](../../learn/advanced/02-context.md) with an event manager to aggregate [events](../../learn/advanced/08-events.md) emitted from each modules. +* `EndBlock(ctx context.Context) error`: At the end of each block, this function is called from [`BaseApp`](../../learn/advanced/00-baseapp.md#endblock) and, in turn, calls the [`EndBlock`](./06-beginblock-endblock.md) function of each modules implementing the `appmodule.HasEndBlocker` interface, in the order defined in `OrderEndBlockers`. It creates a child [context](../../learn/advanced/02-context.md) with an event manager to aggregate [events](../../learn/advanced/08-events.md) emitted from all modules. The function returns an `abci` which contains the aforementioned events, as well as validator set updates (if any). +* `EndBlock(context.Context) ([]abci.ValidatorUpdate, error)`: At the end of each block, this function is called from [`BaseApp`](../../learn/advanced/00-baseapp.md#endblock) and, in turn, calls the [`EndBlock`](./06-beginblock-endblock.md) function of each modules implementing the `module.HasABCIEndBlock` interface, in the order defined in `OrderEndBlockers`. It creates a child [context](../../learn/advanced/02-context.md) with an event manager to aggregate [events](../../learn/advanced/08-events.md) emitted from all modules. The function returns an `abci` which contains the aforementioned events, as well as validator set updates (if any). +* `Precommit(ctx context.Context)`: During [`Commit`](../../learn/advanced/00-baseapp.md#commit), this function is called from `BaseApp` immediately before the [`deliverState`](../../learn/advanced/00-baseapp.md#state-updates) is written to the underlying [`rootMultiStore`](../../learn/advanced/04-store.md#commitmultistore) and, in turn calls the `Precommit` function of each modules implementing the `HasPrecommit` interface, in the order defined in `OrderPrecommiters`. It creates a child [context](../../learn/advanced/02-context.md) where the underlying `CacheMultiStore` is that of the newly committed block's [`finalizeblockstate`](../../learn/advanced/00-baseapp.md#state-updates). +* `PrepareCheckState(ctx context.Context)`: During [`Commit`](../../learn/advanced/00-baseapp.md#commit), this function is called from `BaseApp` immediately after the [`deliverState`](../../learn/advanced/00-baseapp.md#state-updates) is written to the underlying [`rootMultiStore`](../../learn/advanced/04-store.md#commitmultistore) and, in turn calls the `PrepareCheckState` function of each module implementing the `HasPrepareCheckState` interface, in the order defined in `OrderPrepareCheckStaters`. It creates a child [context](../../learn/advanced/02-context.md) where the underlying `CacheMultiStore` is that of the next block's [`checkState`](../../learn/advanced/00-baseapp.md#state-updates). Writes to this state will be present in the [`checkState`](../../learn/advanced/00-baseapp.md#state-updates) of the next block, and therefore this method can be used to prepare the `checkState` for the next block. + +Here's an example of a concrete integration within an `simapp`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/app.go#L411-L434 +``` + +This is the same example from `runtime` (the package that powers app di): + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/runtime/module.go#L61 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/runtime/module.go#L82 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/02-messages-and-queries.md b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/02-messages-and-queries.md new file mode 100644 index 00000000..a328ca72 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/02-messages-and-queries.md @@ -0,0 +1,124 @@ +--- +sidebar_position: 1 +--- + +# Messages and Queries + +:::note Synopsis +`Msg`s and `Queries` are the two primary objects handled by modules. Most of the core components defined in a module, like `Msg` services, `keeper`s and `Query` services, exist to process `message`s and `queries`. +::: + +:::note Pre-requisite Readings + +* [Introduction to Cosmos SDK Modules](./00-intro.md) + +::: + +## Messages + +`Msg`s are objects whose end-goal is to trigger state-transitions. They are wrapped in [transactions](../../learn/advanced/01-transactions.md), which may contain one or more of them. + +When a transaction is relayed from the underlying consensus engine to the Cosmos SDK application, it is first decoded by [`BaseApp`](../../learn/advanced/00-baseapp.md). Then, each message contained in the transaction is extracted and routed to the appropriate module via `BaseApp`'s `MsgServiceRouter` so that it can be processed by the module's [`Msg` service](./03-msg-services.md). For a more detailed explanation of the lifecycle of a transaction, click [here](../../learn/beginner/01-tx-lifecycle.md). + +### `Msg` Services + +Defining Protobuf `Msg` services is the recommended way to handle messages. A Protobuf `Msg` service should be created for each module, typically in `tx.proto` (see more info about [conventions and naming](../../learn/advanced/05-encoding.md#faq)). It must have an RPC service method defined for each message in the module. + +Each `Msg` service method must have exactly one argument, which must implement the `sdk.Msg` interface, and a Protobuf response. The naming convention is to call the RPC argument `Msg` and the RPC response `MsgResponse`. For example: + +```protobuf +rpc Send(MsgSend) returns (MsgSendResponse); +``` + +See an example of a `Msg` service definition from `x/bank` module: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/28fa3b8/x/bank/proto/cosmos/bank/v1beta1/tx.proto#L13-L41 +``` + +### `sdk.Msg` Interface + +`sdk.Msg` is a alias of `proto.Message`. + +To attach a `ValidateBasic()` method to a message then you must add methods to the type adhereing to the `HasValidateBasic`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/9c1e8b247cd47b5d3decda6e86fbc3bc996ee5d7/types/tx_msg.go#L84-L88 +``` + +Signers from the `GetSigners()` call is automated via a protobuf annotation. +Read more about the signer field [here](./05-protobuf-annotations.md). + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/e6848d99b55a65d014375b295bdd7f9641aac95e/proto/cosmos/bank/v1beta1/tx.proto#L40 +``` + +If there is a need for custom signers then there is an alternative path which can be taken. A function which returns `signing.CustomGetSigner` for a specific message can be defined. + +```go +func ProvideCustomMsgTransactionGetSigners() signing.CustomGetSigner { + // Extract the signer from the signature. + signer, err := coretypes.LatestSigner(Tx).Sender(ethTx) + if err != nil { + return nil, err + } + + // Return the signer in the required format. + return signing.CustomGetSigner{ + MsgType: protoreflect.FullName(gogoproto.MessageName(&types.CustomMsg{})), + Fn: func(msg proto.Message) ([][]byte, error) { + return [][]byte{signer}, nil + } + } +} +``` + +This can be provided to the application using depinject's `Provide` method in the module that defines the type: + +```diff +func init() { + appconfig.RegisterModule(&modulev1.Module{}, +- appconfig.Provide(ProvideModule), ++ appconfig.Provide(ProvideModule, ProvideCustomMsgTransactionGetSigners), + ) +} +``` + +The Cosmos SDK uses Protobuf definitions to generate client and server code: + +* `MsgServer` interface defines the server API for the `Msg` service and its implementation is described as part of the [`Msg` services](./03-msg-services.md) documentation. +* Structures are generated for all RPC request and response types. + +A `RegisterMsgServer` method is also generated and should be used to register the module's `MsgServer` implementation in `RegisterServices` method from the [`AppModule` interface](./01-module-manager.md#appmodule). + +In order for clients (CLI and gRPC-gateway) to have these URLs registered, the Cosmos SDK provides the function `RegisterMsgServiceDesc(registry codectypes.InterfaceRegistry, sd *grpc.ServiceDesc)` that should be called inside module's [`RegisterInterfaces`](01-module-manager.md#appmodulebasic) method, using the proto-generated `&_Msg_serviceDesc` as `*grpc.ServiceDesc` argument. + + +## Queries + +A `query` is a request for information made by end-users of applications through an interface and processed by a full-node. A `query` is received by a full-node through its consensus engine and relayed to the application via the ABCI. It is then routed to the appropriate module via `BaseApp`'s `QueryRouter` so that it can be processed by the module's query service (./04-query-services.md). For a deeper look at the lifecycle of a `query`, click [here](../../learn/beginner/02-query-lifecycle.md). + +### gRPC Queries + +Queries should be defined using [Protobuf services](https://protobuf.dev/programming-guides/proto2/). A `Query` service should be created per module in `query.proto`. This service lists endpoints starting with `rpc`. + +Here's an example of such a `Query` service definition: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/auth/v1beta1/query.proto#L14-L89 +``` + +As `proto.Message`s, generated `Response` types implement by default `String()` method of [`fmt.Stringer`](https://pkg.go.dev/fmt#Stringer). + +A `RegisterQueryServer` method is also generated and should be used to register the module's query server in the `RegisterServices` method from the [`AppModule` interface](./01-module-manager.md#appmodule). + + +### Store Queries + +Store queries query directly for store keys. They use `clientCtx.QueryABCI(req abci.RequestQuery)` to return the full `abci.ResponseQuery` with inclusion Merkle proofs. + +See following examples: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/baseapp/abci.go#L864-L894 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/03-msg-services.md b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/03-msg-services.md new file mode 100644 index 00000000..421e53de --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/03-msg-services.md @@ -0,0 +1,119 @@ +--- +sidebar_position: 1 +--- + +# `Msg` Services + +:::note Synopsis +A Protobuf `Msg` service processes [messages](./02-messages-and-queries.md#messages). Protobuf `Msg` services are specific to the module in which they are defined, and only process messages defined within the said module. They are called from `BaseApp` during [`DeliverTx`](../../learn/advanced/00-baseapp.md#delivertx). +::: + +:::note Pre-requisite Readings + +* [Module Manager](./01-module-manager.md) +* [Messages and Queries](./02-messages-and-queries.md) + +::: + +## Implementation of a module `Msg` service + +Each module should define a Protobuf `Msg` service, which will be responsible for processing requests (implementing `sdk.Msg`) and returning responses. + +As further described in [ADR 031](../architecture/adr-031-msg-service.md), this approach has the advantage of clearly specifying return types and generating server and client code. + +Protobuf generates a `MsgServer` interface based on a definition of `Msg` service. It is the role of the module developer to implement this interface, by implementing the state transition logic that should happen upon receival of each `sdk.Msg`. As an example, here is the generated `MsgServer` interface for `x/bank`, which exposes two `sdk.Msg`s: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/types/tx.pb.go#L550-L568 +``` + +When possible, the existing module's [`Keeper`](./06-keeper.md) should implement `MsgServer`, otherwise a `msgServer` struct that embeds the `Keeper` can be created, typically in `./keeper/msg_server.go`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/keeper/msg_server.go#L17-L19 +``` + +`msgServer` methods can retrieve the `context.Context` from the `context.Context` parameter method using the `sdk.UnwrapSDKContext`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/keeper/msg_server.go#L56 +``` + +`sdk.Msg` processing usually follows these 3 steps: + +### Validation + +The message server must perform all validation required (both *stateful* and *stateless*) to make sure the `message` is valid. +The `signer` is charged for the gas cost of this validation. + +For example, a `msgServer` method for a `transfer` message should check that the sending account has enough funds to actually perform the transfer. + +It is recommended to implement all validation checks in a separate function that passes state values as arguments. This implementation simplifies testing. As expected, expensive validation functions charge additional gas. Example: + +```go +ValidateMsgA(msg MsgA, now Time, gm GasMeter) error { + if now.Before(msg.Expire) { + return sdkerrrors.ErrInvalidRequest.Wrap("msg expired") + } + gm.ConsumeGas(1000, "signature verification") + return signatureVerificaton(msg.Prover, msg.Data) +} +``` + +:::warning +Previously, the `ValidateBasic` method was used to perform simple and stateless validation checks. +This way of validating is deprecated, this means the `msgServer` must perform all validation checks. +::: + +### State Transition + +After the validation is successful, the `msgServer` method uses the [`keeper`](./06-keeper.md) functions to access the state and perform a state transition. + +### Events + +Before returning, `msgServer` methods generally emit one or more [events](../../learn/advanced/08-events.md) by using the `EventManager` held in the `ctx`. Use the new `EmitTypedEvent` function that uses protobuf-based event types: + +```go +ctx.EventManager().EmitTypedEvent( + &group.EventABC{Key1: Value1, Key2, Value2}) +``` + +or the older `EmitEvent` function: + +```go +ctx.EventManager().EmitEvent( + sdk.NewEvent( + eventType, // e.g. sdk.EventTypeMessage for a message, types.CustomEventType for a custom event defined in the module + sdk.NewAttribute(key1, value1), + sdk.NewAttribute(key2, value2), + ), +) +``` + +These events are relayed back to the underlying consensus engine and can be used by service providers to implement services around the application. Click [here](../../learn/advanced/08-events.md) to learn more about events. + +The invoked `msgServer` method returns a `proto.Message` response and an `error`. These return values are then wrapped into an `*sdk.Result` or an `error` using `sdk.WrapServiceResult(ctx context.Context, res proto.Message, err error)`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/baseapp/msg_service_router.go#L160 +``` + +This method takes care of marshaling the `res` parameter to protobuf and attaching any events on the `ctx.EventManager()` to the `sdk.Result`. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/base/abci/v1beta1/abci.proto#L93-L113 +``` + +This diagram shows a typical structure of a Protobuf `Msg` service, and how the message propagates through the module. + +![Transaction flow](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/transaction_flow.svg) + +## Telemetry + +New [telemetry metrics](../../learn/advanced/09-telemetry.md) can be created from `msgServer` methods when handling messages. + +This is an example from the `x/auth/vesting` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/vesting/msg_server.go#L76-L88 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/04-query-services.md b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/04-query-services.md new file mode 100644 index 00000000..a787a0c2 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/04-query-services.md @@ -0,0 +1,57 @@ +--- +sidebar_position: 1 +--- + +# Query Services + +:::note Synopsis +A Protobuf Query service processes [`queries`](./02-messages-and-queries.md#queries). Query services are specific to the module in which they are defined, and only process `queries` defined within said module. They are called from `BaseApp`'s [`Query` method](../../learn/advanced/00-baseapp.md#query). +::: + +:::note Pre-requisite Readings + +* [Module Manager](./01-module-manager.md) +* [Messages and Queries](./02-messages-and-queries.md) + +::: + +## Implementation of a module query service + +### gRPC Service + +When defining a Protobuf `Query` service, a `QueryServer` interface is generated for each module with all the service methods: + +```go +type QueryServer interface { + QueryBalance(context.Context, *QueryBalanceParams) (*types.Coin, error) + QueryAllBalances(context.Context, *QueryAllBalancesParams) (*QueryAllBalancesResponse, error) +} +``` + +These custom queries methods should be implemented by a module's keeper, typically in `./keeper/grpc_query.go`. The first parameter of these methods is a generic `context.Context`. Therefore, the Cosmos SDK provides a function `sdk.UnwrapSDKContext` to retrieve the `context.Context` from the provided +`context.Context`. + +Here's an example implementation for the bank module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/keeper/grpc_query.go +``` + +### Calling queries from the State Machine + +The Cosmos SDK v0.47 introduces a new `cosmos.query.v1.module_query_safe` Protobuf annotation which is used to state that a query that is safe to be called from within the state machine, for example: + +* a Keeper's query function can be called from another module's Keeper, +* ADR-033 intermodule query calls, +* CosmWasm contracts can also directly interact with these queries. + +If the `module_query_safe` annotation set to `true`, it means: + +* The query is deterministic: given a block height it will return the same response upon multiple calls, and doesn't introduce any state-machine breaking changes across SDK patch versions. +* Gas consumption never fluctuates across calls and across patch versions. + +If you are a module developer and want to use `module_query_safe` annotation for your own query, you have to ensure the following things: + +* the query is deterministic and won't introduce state-machine-breaking changes without coordinated upgrades +* it has its gas tracked, to avoid the attack vector where no gas is accounted for + on potentially high-computation queries. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/05-protobuf-annotations.md b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/05-protobuf-annotations.md new file mode 100644 index 00000000..5240112e --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/05-protobuf-annotations.md @@ -0,0 +1,133 @@ +--- +sidebar_position: 1 +--- + +# ProtocolBuffer Annotations + +This document explains the various protobuf scalars that have been added to make working with protobuf easier for Cosmos SDK application developers + +## Signer + +Signer specifies which field should be used to determine the signer of a message for the Cosmos SDK. This field can be used for clients as well to infer which field should be used to determine the signer of a message. + +Read more about the signer field [here](./02-messages-and-queries.md). + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/e6848d99b55a65d014375b295bdd7f9641aac95e/proto/cosmos/bank/v1beta1/tx.proto#L40 +``` + +```proto +option (cosmos.msg.v1.signer) = "from_address"; +``` + +## Scalar + +The scalar type defines a way for clients to understand how to construct protobuf messages according to what is expected by the module and sdk. + +```proto +(cosmos_proto.scalar) = "cosmos.AddressString" +``` + +Example of account address string scalar: + +```proto reference +https://github.com/cosmos/cosmos-sdk/blob/e6848d99b55a65d014375b295bdd7f9641aac95e/proto/cosmos/bank/v1beta1/tx.proto#L46 +``` + +Example of validator address string scalar: + +```proto reference +https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/distribution/v1beta1/query.proto#L87 +``` + +Example of Decimals scalar: + +```proto reference +https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/distribution/v1beta1/distribution.proto#L26 +``` + +Example of Int scalar: + +```proto reference +https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/gov/v1/gov.proto#L137 +``` + +There are a few options for what can be provided as a scalar: `cosmos.AddressString`, `cosmos.ValidatorAddressString`, `cosmos.ConsensusAddressString`, `cosmos.Int`, `cosmos.Dec`. + +## Implements_Interface + +Implement interface is used to provide information to client tooling like [telescope](https://github.com/cosmology-tech/telescope) on how to encode and decode protobuf messages. + +```proto +option (cosmos_proto.implements_interface) = "cosmos.auth.v1beta1.AccountI"; +``` + +## Method,Field,Message Added In + +`method_added_in`, `field_added_in` and `message_added_in` are annotations to denotate to clients that a field has been supported in a later version. This is useful when new methods or fields are added in later versions and that the client needs to be aware of what it can call. + +The annotation should be worded as follow: + +```proto +option (cosmos_proto.method_added_in) = "cosmos-sdk v0.50.1"; +option (cosmos_proto.method_added_in) = "x/epochs v1.0.0"; +option (cosmos_proto.method_added_in) = "simapp v24.0.0"; +``` + +## Amino + +The amino codec was removed in `v0.50+`, this means there is not a need register `legacyAminoCodec`. To replace the amino codec, Amino protobuf annotations are used to provide information to the amino codec on how to encode and decode protobuf messages. + +:::note +Amino annotations are only used for backwards compatibility with amino. New modules are not required use amino annotations. +::: + +The below annotations are used to provide information to the amino codec on how to encode and decode protobuf messages in a backwards compatible manner. + +### Name + +Name specifies the amino name that would show up for the user in order for them see which message they are signing. + +```proto +option (amino.name) = "cosmos-sdk/BaseAccount"; +``` + +```proto reference +https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/bank/v1beta1/tx.proto#L41 +``` + +### Field_Name + +Field name specifies the amino name that would show up for the user in order for them see which field they are signing. + +```proto +uint64 height = 1 [(amino.field_name) = "public_key"]; +``` + +```proto reference +https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/distribution/v1beta1/distribution.proto#L166 +``` + +### Dont_OmitEmpty + +Dont omitempty specifies that the field should not be omitted when encoding to amino. + +```proto +repeated cosmos.base.v1beta1.Coin amount = 3 [(amino.dont_omitempty) = true]; +``` + +```proto reference +https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/bank/v1beta1/bank.proto#L56 +``` + +### Encoding + +Encoding instructs the amino json marshaler how to encode certain fields that may differ from the standard encoding behaviour. The most common example of this is how `repeated cosmos.base.v1beta1.Coin` is encoded when using the amino json encoding format. The `legacy_coins` option tells the json marshaler [how to encode a null slice](https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/x/tx/signing/aminojson/json_marshal.go#L65) of `cosmos.base.v1beta1.Coin`. + +```proto +(amino.encoding) = "legacy_coins", +``` + +```proto reference +https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/bank/v1beta1/genesis.proto#L23 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/06-beginblock-endblock.md b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/06-beginblock-endblock.md new file mode 100644 index 00000000..a8eafdf6 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/06-beginblock-endblock.md @@ -0,0 +1,47 @@ +--- +sidebar_position: 1 +--- + +# BeginBlocker and EndBlocker + +:::note Synopsis +`BeginBlocker` and `EndBlocker` are optional methods module developers can implement in their module. They will be triggered at the beginning and at the end of each block respectively, when the [`BeginBlock`](../../learn/advanced/00-baseapp.md#beginblock) and [`EndBlock`](../../learn/advanced/00-baseapp.md#endblock) ABCI messages are received from the underlying consensus engine. +::: + +:::note Pre-requisite Readings + +* [Module Manager](./01-module-manager.md) + +::: + +## BeginBlocker and EndBlocker + +`BeginBlocker` and `EndBlocker` are a way for module developers to add automatic execution of logic to their module. This is a powerful tool that should be used carefully, as complex automatic functions can slow down or even halt the chain. + +In 0.47.0, Prepare and Process Proposal were added that allow app developers to do arbitrary work at those phases, but they do not influence the work that will be done in BeginBlock. If an application required `BeginBlock` to execute prior to any sort of work is done then this is not possible today (0.50.0). + +When needed, `BeginBlocker` and `EndBlocker` are implemented as part of the [`HasBeginBlocker`, `HasABCIEndBlocker` and `EndBlocker` interfaces](./01-module-manager.md#appmodule). This means either can be left-out if not required. The `BeginBlock` and `EndBlock` methods of the interface implemented in `module.go` generally defer to `BeginBlocker` and `EndBlocker` methods respectively, which are usually implemented in `abci.go`. + +The actual implementation of `BeginBlocker` and `EndBlocker` in `abci.go` are very similar to that of a [`Msg` service](./03-msg-services.md): + +* They generally use the [`keeper`](./06-keeper.md) and [`ctx`](../../learn/advanced/02-context.md) to retrieve information about the latest state. +* If needed, they use the `keeper` and `ctx` to trigger state-transitions. +* If needed, they can emit [`events`](../../learn/advanced/08-events.md) via the `ctx`'s `EventManager`. + +A specific type of `EndBlocker` is available to return validator updates to the underlying consensus engine in the form of an [`[]abci.ValidatorUpdates`](https://docs.cometbft.com/v0.37/spec/abci/abci++_methods#endblock). This is the preferred way to implement custom validator changes. + +It is possible for developers to define the order of execution between the `BeginBlocker`/`EndBlocker` functions of each of their application's modules via the module's manager `SetOrderBeginBlocker`/`SetOrderEndBlocker` methods. For more on the module manager, click [here](./01-module-manager.md#manager). + +See an example implementation of `BeginBlocker` from the `distribution` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/distribution/abci.go#L14-L38 +``` + +and an example implementation of `EndBlocker` from the `staking` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/staking/keeper/abci.go#L22-L27 +``` + + diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/06-keeper.md b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/06-keeper.md new file mode 100644 index 00000000..399ec648 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/06-keeper.md @@ -0,0 +1,92 @@ +--- +sidebar_position: 1 +--- + +# Keepers + +:::note Synopsis +`Keeper`s refer to a Cosmos SDK abstraction whose role is to manage access to the subset of the state defined by various modules. `Keeper`s are module-specific, i.e. the subset of state defined by a module can only be accessed by a `keeper` defined in said module. If a module needs to access the subset of state defined by another module, a reference to the second module's internal `keeper` needs to be passed to the first one. This is done in `app.go` during the instantiation of module keepers. +::: + +:::note Pre-requisite Readings + +* [Introduction to Cosmos SDK Modules](./00-intro.md) + +::: + +## Motivation + +The Cosmos SDK is a framework that makes it easy for developers to build complex decentralized applications from scratch, mainly by composing modules together. As the ecosystem of open-source modules for the Cosmos SDK expands, it will become increasingly likely that some of these modules contain vulnerabilities, as a result of the negligence or malice of their developer. + +The Cosmos SDK adopts an [object-capabilities-based approach](../../learn/advanced/10-ocap.md) to help developers better protect their application from unwanted inter-module interactions, and `keeper`s are at the core of this approach. A `keeper` can be considered quite literally to be the gatekeeper of a module's store(s). Each store (typically an [`IAVL` Store](../../learn/advanced/04-store.md#iavl-store)) defined within a module comes with a `storeKey`, which grants unlimited access to it. The module's `keeper` holds this `storeKey` (which should otherwise remain unexposed), and defines [methods](#implementing-methods) for reading and writing to the store(s). + +The core idea behind the object-capabilities approach is to only reveal what is necessary to get the work done. In practice, this means that instead of handling permissions of modules through access-control lists, module `keeper`s are passed a reference to the specific instance of the other modules' `keeper`s that they need to access (this is done in the [application's constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function)). As a consequence, a module can only interact with the subset of state defined in another module via the methods exposed by the instance of the other module's `keeper`. This is a great way for developers to control the interactions that their own module can have with modules developed by external developers. + +## Type Definition + +`keeper`s are generally implemented in a `/keeper/keeper.go` file located in the module's folder. By convention, the type `keeper` of a module is simply named `Keeper` and usually follows the following structure: + +```go +type Keeper struct { + // External keepers, if any + + // Store key(s) + + // codec + + // authority +} +``` + +For example, here is the type definition of the `keeper` from the `staking` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/staking/keeper/keeper.go#L23-L31 +``` + +Let us go through the different parameters: + +* An expected `keeper` is a `keeper` external to a module that is required by the internal `keeper` of said module. External `keeper`s are listed in the internal `keeper`'s type definition as interfaces. These interfaces are themselves defined in an `expected_keepers.go` file in the root of the module's folder. In this context, interfaces are used to reduce the number of dependencies, as well as to facilitate the maintenance of the module itself. +* `storeKey`s grant access to the store(s) of the [multistore](../../learn/advanced/04-store.md) managed by the module. They should always remain unexposed to external modules. +* `cdc` is the [codec](../../learn/advanced/05-encoding.md) used to marshall and unmarshall structs to/from `[]byte`. The `cdc` can be any of `codec.BinaryCodec`, `codec.JSONCodec` or `codec.Codec` based on your requirements. It can be either a proto or amino codec as long as they implement these interfaces. +* The authority listed is a module account or user account that has the right to change module level parameters. Previously this was handled by the param module, which has been deprecated. + +Of course, it is possible to define different types of internal `keeper`s for the same module (e.g. a read-only `keeper`). Each type of `keeper` comes with its own constructor function, which is called from the [application's constructor function](../../learn/beginner/00-app-anatomy.md). This is where `keeper`s are instantiated, and where developers make sure to pass correct instances of modules' `keeper`s to other modules that require them. + +## Implementing Methods + +`Keeper`s primarily expose getter and setter methods for the store(s) managed by their module. These methods should remain as simple as possible and strictly be limited to getting or setting the requested value, as validity checks should have already been performed by the [`Msg` server](./03-msg-services.md) when `keeper`s' methods are called. + +Typically, a *getter* method will have the following signature + +```go +func (k Keeper) Get(ctx context.Context, key string) returnType +``` + +and the method will go through the following steps: + +1. Retrieve the appropriate store from the `ctx` using the `storeKey`. This is done through the `KVStore(storeKey sdk.StoreKey)` method of the `ctx`. Then it's preferred to use the `prefix.Store` to access only the desired limited subset of the store for convenience and safety. +2. If it exists, get the `[]byte` value stored at location `[]byte(key)` using the `Get(key []byte)` method of the store. +3. Unmarshall the retrieved value from `[]byte` to `returnType` using the codec `cdc`. Return the value. + +Similarly, a *setter* method will have the following signature + +```go +func (k Keeper) Set(ctx context.Context, key string, value valueType) +``` + +and the method will go through the following steps: + +1. Retrieve the appropriate store from the `ctx` using the `storeKey`. This is done through the `KVStore(storeKey sdk.StoreKey)` method of the `ctx`. It's preferred to use the `prefix.Store` to access only the desired limited subset of the store for convenience and safety. +2. Marshal `value` to `[]byte` using the codec `cdc`. +3. Set the encoded value in the store at location `key` using the `Set(key []byte, value []byte)` method of the store. + +For more, see an example of `keeper`'s [methods implementation from the `staking` module](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/staking/keeper/keeper.go). + +The [module `KVStore`](../../learn/advanced/04-store.md#kvstore-and-commitkvstore-interfaces) also provides an `Iterator()` method which returns an `Iterator` object to iterate over a domain of keys. + +This is an example from the `auth` module to iterate accounts: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/keeper/account.go +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/07-invariants.md b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/07-invariants.md new file mode 100644 index 00000000..018796f7 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/07-invariants.md @@ -0,0 +1,90 @@ +--- +sidebar_position: 1 +--- + +# Invariants + +:::note Synopsis +An invariant is a property of the application that should always be true. In the context of the Cosmos SDK, an `Invariant` is a function that checks for a particular invariant. These functions are useful to detect bugs early on and act upon them to limit their potential consequences (e.g. by halting the chain). They are also useful in the development process of the application to detect bugs via simulations. +::: + +:::note Pre-requisite Readings + +* [Keepers](./06-keeper.md) + +::: + +## Implementing `Invariant`s + +An `Invariant` is a function that checks for a particular invariant within a module. Module `Invariant`s must follow the `Invariant` type: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/invariant.go#L9 +``` + +The `string` return value is the invariant message, which can be used when printing logs, and the `bool` return value is the actual result of the invariant check. + +In practice, each module implements `Invariant`s in a `keeper/invariants.go` file within the module's folder. The standard is to implement one `Invariant` function per logical grouping of invariants with the following model: + +```go +// Example for an Invariant that checks balance-related invariants + +func BalanceInvariants(k Keeper) sdk.Invariant { + return func(ctx context.Context) (string, bool) { + // Implement checks for balance-related invariants + } +} +``` + +Additionally, module developers should generally implement an `AllInvariants` function that runs all the `Invariant`s functions of the module: + +```go +// AllInvariants runs all invariants of the module. +// In this example, the module implements two Invariants: BalanceInvariants and DepositsInvariants + +func AllInvariants(k Keeper) sdk.Invariant { + + return func(ctx context.Context) (string, bool) { + res, stop := BalanceInvariants(k)(ctx) + if stop { + return res, stop + } + + return DepositsInvariant(k)(ctx) + } +} +``` + +Finally, module developers need to implement the `RegisterInvariants` method as part of the [`AppModule` interface](./01-module-manager.md#appmodule). Indeed, the `RegisterInvariants` method of the module, implemented in the `module/module.go` file, typically only defers the call to a `RegisterInvariants` method implemented in the `keeper/invariants.go` file. The `RegisterInvariants` method registers a route for each `Invariant` function in the [`InvariantRegistry`](#invariant-registry): + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/staking/keeper/invariants.go#L12-L22 +``` + +For more, see an example of [`Invariant`s implementation from the `staking` module](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/staking/keeper/invariants.go). + +## Invariant Registry + +The `InvariantRegistry` is a registry where the `Invariant`s of all the modules of an application are registered. There is only one `InvariantRegistry` per **application**, meaning module developers need not implement their own `InvariantRegistry` when building a module. **All module developers need to do is to register their modules' invariants in the `InvariantRegistry`, as explained in the section above**. The rest of this section gives more information on the `InvariantRegistry` itself, and does not contain anything directly relevant to module developers. + +At its core, the `InvariantRegistry` is defined in the Cosmos SDK as an interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/invariant.go#L14-L17 +``` + +Typically, this interface is implemented in the `keeper` of a specific module. The most used implementation of an `InvariantRegistry` can be found in the `crisis` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/crisis/keeper/keeper.go#L48-L50 +``` + +The `InvariantRegistry` is therefore typically instantiated by instantiating the `keeper` of the `crisis` module in the [application's constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). + +`Invariant`s can be checked manually via [`message`s](./02-messages-and-queries.md), but most often they are checked automatically at the end of each block. Here is an example from the `crisis` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/crisis/abci.go#L13-L23 +``` + +In both cases, if one of the `Invariant`s returns false, the `InvariantRegistry` can trigger special logic (e.g. have the application panic and print the `Invariant`s message in the log). diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/08-genesis.md b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/08-genesis.md new file mode 100644 index 00000000..7abb21fb --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/08-genesis.md @@ -0,0 +1,78 @@ +--- +sidebar_position: 1 +--- + +# Module Genesis + +:::note Synopsis +Modules generally handle a subset of the state and, as such, they need to define the related subset of the genesis file as well as methods to initialize, verify and export it. +::: + +:::note Pre-requisite Readings + +* [Module Manager](./01-module-manager.md) +* [Keepers](./06-keeper.md) + +::: + +## Type Definition + +The subset of the genesis state defined from a given module is generally defined in a `genesis.proto` file ([more info](../../learn/advanced/05-encoding.md#gogoproto) on how to define protobuf messages). The struct defining the module's subset of the genesis state is usually called `GenesisState` and contains all the module-related values that need to be initialized during the genesis process. + +See an example of `GenesisState` protobuf message definition from the `auth` module: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/auth/v1beta1/genesis.proto +``` + +Next we present the main genesis-related methods that need to be implemented by module developers in order for their module to be used in Cosmos SDK applications. + +### `DefaultGenesis` + +The `DefaultGenesis()` method is a simple method that calls the constructor function for `GenesisState` with the default value for each parameter. See an example from the `auth` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/module.go#L63-L67 +``` + +### `ValidateGenesis` + +The `ValidateGenesis(data GenesisState)` method is called to verify that the provided `genesisState` is correct. It should perform validity checks on each of the parameters listed in `GenesisState`. See an example from the `auth` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/types/genesis.go#L62-L75 +``` + +## Other Genesis Methods + +Other than the methods related directly to `GenesisState`, module developers are expected to implement two other methods as part of the [`AppModuleGenesis` interface](./01-module-manager.md#appmodulegenesis) (only if the module needs to initialize a subset of state in genesis). These methods are [`InitGenesis`](#initgenesis) and [`ExportGenesis`](#exportgenesis). + +### `InitGenesis` + +The `InitGenesis` method is executed during [`InitChain`](../../learn/advanced/00-baseapp.md#initchain) when the application is first started. Given a `GenesisState`, it initializes the subset of the state managed by the module by using the module's [`keeper`](./06-keeper.md) setter function on each parameter within the `GenesisState`. + +The [module manager](./01-module-manager.md#manager) of the application is responsible for calling the `InitGenesis` method of each of the application's modules in order. This order is set by the application developer via the manager's `SetOrderGenesisMethod`, which is called in the [application's constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). + +See an example of `InitGenesis` from the `auth` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/keeper/genesis.go#L8-L35 +``` + +### `ExportGenesis` + +The `ExportGenesis` method is executed whenever an export of the state is made. It takes the latest known version of the subset of the state managed by the module and creates a new `GenesisState` out of it. This is mainly used when the chain needs to be upgraded via a hard fork. + +See an example of `ExportGenesis` from the `auth` module. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/keeper/genesis.go#L37-L49 +``` + +### GenesisTxHandler + +`GenesisTxHandler` is a way for modules to submit state transitions prior to the first block. This is used by `x/genutil` to submit the genesis transactions for the validators to be added to staking. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/core/genesis/txhandler.go#L3-L6 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/09-module-interfaces.md b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/09-module-interfaces.md new file mode 100644 index 00000000..4552baef --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/09-module-interfaces.md @@ -0,0 +1,164 @@ +--- +sidebar_position: 1 +--- + +# Module Interfaces + +:::note Synopsis +This document details how to build CLI and REST interfaces for a module. Examples from various Cosmos SDK modules are included. +::: + +:::note Pre-requisite Readings + +* [Building Modules Intro](./00-intro.md) + +::: + +## CLI + +One of the main interfaces for an application is the [command-line interface](../../learn/advanced/07-cli.md). This entrypoint adds commands from the application's modules enabling end-users to create [**messages**](./02-messages-and-queries.md#messages) wrapped in transactions and [**queries**](./02-messages-and-queries.md#queries). The CLI files are typically found in the module's `./client/cli` folder. + +### Transaction Commands + +In order to create messages that trigger state changes, end-users must create [transactions](../../learn/advanced/01-transactions.md) that wrap and deliver the messages. A transaction command creates a transaction that includes one or more messages. + +Transaction commands typically have their own `tx.go` file that lives within the module's `./client/cli` folder. The commands are specified in getter functions and the name of the function should include the name of the command. + +Here is an example from the `x/bank` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/client/cli/tx.go#L37-L76 +``` + +In the example, `NewSendTxCmd()` creates and returns the transaction command for a transaction that wraps and delivers `MsgSend`. `MsgSend` is the message used to send tokens from one account to another. + +In general, the getter function does the following: + +* **Constructs the command:** Read the [Cobra Documentation](https://pkg.go.dev/github.com/spf13/cobra) for more detailed information on how to create commands. + * **Use:** Specifies the format of the user input required to invoke the command. In the example above, `send` is the name of the transaction command and `[from_key_or_address]`, `[to_address]`, and `[amount]` are the arguments. + * **Args:** The number of arguments the user provides. In this case, there are exactly three: `[from_key_or_address]`, `[to_address]`, and `[amount]`. + * **Short and Long:** Descriptions for the command. A `Short` description is expected. A `Long` description can be used to provide additional information that is displayed when a user adds the `--help` flag. + * **RunE:** Defines a function that can return an error. This is the function that is called when the command is executed. This function encapsulates all of the logic to create a new transaction. + * The function typically starts by getting the `clientCtx`, which can be done with `client.GetClientTxContext(cmd)`. The `clientCtx` contains information relevant to transaction handling, including information about the user. In this example, the `clientCtx` is used to retrieve the address of the sender by calling `clientCtx.GetFromAddress()`. + * If applicable, the command's arguments are parsed. In this example, the arguments `[to_address]` and `[amount]` are both parsed. + * A [message](./02-messages-and-queries.md) is created using the parsed arguments and information from the `clientCtx`. The constructor function of the message type is called directly. In this case, `types.NewMsgSend(fromAddr, toAddr, amount)`. Its good practice to call, if possible, the necessary [message validation methods](../building-modules/03-msg-services.md#Validation) before broadcasting the message. + * Depending on what the user wants, the transaction is either generated offline or signed and broadcasted to the preconfigured node using `tx.GenerateOrBroadcastTxCLI(clientCtx, flags, msg)`. +* **Adds transaction flags:** All transaction commands must add a set of transaction [flags](#flags). The transaction flags are used to collect additional information from the user (e.g. the amount of fees the user is willing to pay). The transaction flags are added to the constructed command using `AddTxFlagsToCmd(cmd)`. +* **Returns the command:** Finally, the transaction command is returned. + +Each module can implement `NewTxCmd()`, which aggregates all of the transaction commands of the module. Here is an example from the `x/bank` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/client/cli/tx.go#L20-L35 +``` + +Each module then can also implement a `GetTxCmd()` method that simply returns `NewTxCmd()`. This allows the root command to easily aggregate all of the transaction commands for each module. Here is an example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/module.go#L84-L86 +``` + +### Query Commands + +:::warning +This section is being rewritten. Refer to [AutoCLI](https://docs.cosmos.network/main/core/autocli) while this section is being updated. +::: + + + +## gRPC + +[gRPC](https://grpc.io/) is a Remote Procedure Call (RPC) framework. RPC is the preferred way for external clients like wallets and exchanges to interact with a blockchain. + +In addition to providing an ABCI query pathway, the Cosmos SDK provides a gRPC proxy server that routes gRPC query requests to ABCI query requests. + +In order to do that, modules must implement `RegisterGRPCGatewayRoutes(clientCtx client.Context, mux *runtime.ServeMux)` on `AppModuleBasic` to wire the client gRPC requests to the correct handler inside the module. + +Here's an example from the `x/auth` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/module.go#L71-L76 +``` + +## gRPC-gateway REST + +Applications need to support web services that use HTTP requests (e.g. a web wallet like [Keplr](https://keplr.app)). [grpc-gateway](https://github.com/grpc-ecosystem/grpc-gateway) translates REST calls into gRPC calls, which might be useful for clients that do not use gRPC. + +Modules that want to expose REST queries should add `google.api.http` annotations to their `rpc` methods, such as in the example below from the `x/auth` module: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/auth/v1beta1/query.proto#L14-L89 +``` + +gRPC gateway is started in-process along with the application and CometBFT. It can be enabled or disabled by setting gRPC Configuration `enable` in [`app.toml`](../run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml). + +The Cosmos SDK provides a command for generating [Swagger](https://swagger.io/) documentation (`protoc-gen-swagger`). Setting `swagger` in [`app.toml`](../run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml) defines if swagger documentation should be automatically registered. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/11-structure.md b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/11-structure.md new file mode 100644 index 00000000..71a5b3cc --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/11-structure.md @@ -0,0 +1,95 @@ +--- +sidebar_position: 1 +--- + +# Recommended Folder Structure + +:::note Synopsis +This document outlines the recommended structure of Cosmos SDK modules. These ideas are meant to be applied as suggestions. Application developers are encouraged to improve upon and contribute to module structure and development design. +::: + +## Structure + +A typical Cosmos SDK module can be structured as follows: + +```shell +proto +└── {project_name} +    └── {module_name} +    └── {proto_version} +       ├── {module_name}.proto +       ├── event.proto +       ├── genesis.proto +       ├── query.proto +       └── tx.proto +``` + +* `{module_name}.proto`: The module's common message type definitions. +* `event.proto`: The module's message type definitions related to events. +* `genesis.proto`: The module's message type definitions related to genesis state. +* `query.proto`: The module's Query service and related message type definitions. +* `tx.proto`: The module's Msg service and related message type definitions. + +```shell +x/{module_name} +├── client +│   ├── cli +│   │ ├── query.go +│   │   └── tx.go +│   └── testutil +│   ├── cli_test.go +│   └── suite.go +├── exported +│   └── exported.go +├── keeper +│   ├── genesis.go +│   ├── grpc_query.go +│   ├── hooks.go +│   ├── invariants.go +│   ├── keeper.go +│   ├── keys.go +│   ├── msg_server.go +│   └── querier.go +├── module +│   └── module.go +│   └── abci.go +│   └── autocli.go +├── simulation +│   ├── decoder.go +│   ├── genesis.go +│   ├── operations.go +│   └── params.go +├── {module_name}.pb.go +├── codec.go +├── errors.go +├── events.go +├── events.pb.go +├── expected_keepers.go +├── genesis.go +├── genesis.pb.go +├── keys.go +├── msgs.go +├── params.go +├── query.pb.go +├── tx.pb.go +└── README.md +``` + +* `client/`: The module's CLI client functionality implementation and the module's CLI testing suite. +* `exported/`: The module's exported types - typically interface types. If a module relies on keepers from another module, it is expected to receive the keepers as interface contracts through the `expected_keepers.go` file (see below) in order to avoid a direct dependency on the module implementing the keepers. However, these interface contracts can define methods that operate on and/or return types that are specific to the module that is implementing the keepers and this is where `exported/` comes into play. The interface types that are defined in `exported/` use canonical types, allowing for the module to receive the keepers as interface contracts through the `expected_keepers.go` file. This pattern allows for code to remain DRY and also alleviates import cycle chaos. +* `keeper/`: The module's `Keeper` and `MsgServer` implementation. +* `module/`: The module's `AppModule` and `AppModuleBasic` implementation. + * `abci.go`: The module's `BeginBlocker` and `EndBlocker` implementations (this file is only required if `BeginBlocker` and/or `EndBlocker` need to be defined). + * `autocli.go`: The module [autocli](https://docs.cosmos.network/main/core/autocli) options. +* `simulation/`: The module's [simulation](./14-simulator.md) package defines functions used by the blockchain simulator application (`simapp`). +* `REAMDE.md`: The module's specification documents outlining important concepts, state storage structure, and message and event type definitions. Learn more how to write module specs in the [spec guidelines](../spec/SPEC_MODULE.md). +* The root directory includes type definitions for messages, events, and genesis state, including the type definitions generated by Protocol Buffers. + * `codec.go`: The module's registry methods for interface types. + * `errors.go`: The module's sentinel errors. + * `events.go`: The module's event types and constructors. + * `expected_keepers.go`: The module's [expected keeper](./06-keeper.md#type-definition) interfaces. + * `genesis.go`: The module's genesis state methods and helper functions. + * `keys.go`: The module's store keys and associated helper functions. + * `msgs.go`: The module's message type definitions and associated methods. + * `params.go`: The module's parameter type definitions and associated methods. + * `*.pb.go`: The module's type definitions generated by Protocol Buffers (as defined in the respective `*.proto` files above). diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/12-errors.md b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/12-errors.md new file mode 100644 index 00000000..214ab70e --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/12-errors.md @@ -0,0 +1,56 @@ +--- +sidebar_position: 1 +--- + +# Errors + +:::note Synopsis +This document outlines the recommended usage and APIs for error handling in Cosmos SDK modules. +::: + +Modules are encouraged to define and register their own errors to provide better +context on failed message or handler execution. Typically, these errors should be +common or general errors which can be further wrapped to provide additional specific +execution context. + +## Registration + +Modules should define and register their custom errors in `x/{module}/errors.go`. +Registration of errors is handled via the [`errors` package](https://github.com/cosmos/cosmos-sdk/blob/main/errors/errors.go). + +Example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/distribution/types/errors.go +``` + +Each custom module error must provide the codespace, which is typically the module name +(e.g. "distribution") and is unique per module, and a uint32 code. Together, the codespace and code +provide a globally unique Cosmos SDK error. Typically, the code is monotonically increasing but does not +necessarily have to be. The only restrictions on error codes are the following: + +* Must be greater than one, as a code value of one is reserved for internal errors. +* Must be unique within the module. + +Note, the Cosmos SDK provides a core set of *common* errors. These errors are defined in [`types/errors/errors.go`](https://github.com/cosmos/cosmos-sdk/blob/main/types/errors/errors.go). + +## Wrapping + +The custom module errors can be returned as their concrete type as they already fulfill the `error` +interface. However, module errors can be wrapped to provide further context and meaning to failed +execution. + +Example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/keeper/keeper.go#L141-L182 +``` + +Regardless if an error is wrapped or not, the Cosmos SDK's `errors` package provides a function to determine if +an error is of a particular kind via `Is`. + +## ABCI + +If a module error is registered, the Cosmos SDK `errors` package allows ABCI information to be extracted +through the `ABCIInfo` function. The package also provides `ResponseCheckTx` and `ResponseDeliverTx` as +auxiliary functions to automatically get `CheckTx` and `DeliverTx` responses from an error. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/13-upgrade.md b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/13-upgrade.md new file mode 100644 index 00000000..908a6a06 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/13-upgrade.md @@ -0,0 +1,63 @@ +--- +sidebar_position: 1 +--- + +# Upgrading Modules + +:::note Synopsis +[In-Place Store Migrations](../../learn/advanced/15-upgrade.md) allow your modules to upgrade to new versions that include breaking changes. This document outlines how to build modules to take advantage of this functionality. +::: + +:::note Pre-requisite Readings + +* [In-Place Store Migration](../../learn/advanced/15-upgrade.md) + +::: + +## Consensus Version + +Successful upgrades of existing modules require each `AppModule` to implement the function `ConsensusVersion() uint64`. + +* The versions must be hard-coded by the module developer. +* The initial version **must** be set to 1. + +Consensus versions serve as state-breaking versions of app modules and must be incremented when the module introduces breaking changes. + +## Registering Migrations + +To register the functionality that takes place during a module upgrade, you must register which migrations you want to take place. + +Migration registration takes place in the `Configurator` using the `RegisterMigration` method. The `AppModule` reference to the configurator is in the `RegisterServices` method. + +You can register one or more migrations. If you register more than one migration script, list the migrations in increasing order and ensure there are enough migrations that lead to the desired consensus version. For example, to migrate to version 3 of a module, register separate migrations for version 1 and version 2 as shown in the following example: + +```go +func (am AppModule) RegisterServices(cfg module.Configurator) { + // --snip-- + cfg.RegisterMigration(types.ModuleName, 1, func(ctx sdk.Context) error { + // Perform in-place store migrations from ConsensusVersion 1 to 2. + }) + cfg.RegisterMigration(types.ModuleName, 2, func(ctx sdk.Context) error { + // Perform in-place store migrations from ConsensusVersion 2 to 3. + }) +} +``` + +Since these migrations are functions that need access to a Keeper's store, use a wrapper around the keepers called `Migrator` as shown in this example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/keeper/migrations.go +``` + +## Writing Migration Scripts + +To define the functionality that takes place during an upgrade, write a migration script and place the functions in a `migrations/` directory. For example, to write migration scripts for the bank module, place the functions in `x/bank/migrations/`. Use the recommended naming convention for these functions. For example, `v2bank` is the script that migrates the package `x/bank/migrations/v2`: + +```go +// Migrating bank module from version 1 to 2 +func (m Migrator) Migrate1to2(ctx sdk.Context) error { + return v2bank.MigrateStore(ctx, m.keeper.storeKey) // v2bank is package `x/bank/migrations/v2`. +} +``` + +To see example code of changes that were implemented in a migration of balance keys, check out [migrateBalanceKeys](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/migrations/v2/store.go#L55-L76). For context, this code introduced migrations of the bank store that updated addresses to be prefixed by their length in bytes as outlined in [ADR-028](../architecture/adr-028-public-key-addresses.md). diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/14-simulator.md b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/14-simulator.md new file mode 100644 index 00000000..f7b9b845 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/14-simulator.md @@ -0,0 +1,132 @@ +--- +sidebar_position: 1 +--- + +# Module Simulation + +:::note Pre-requisite Readings + +* [Cosmos Blockchain Simulator](../../learn/advanced/12-simulation.md) +::: + +## Synopsis + +This document details how to define each module simulation functions to be +integrated with the application `SimulationManager`. + +* [Simulation package](#simulation-package) + * [Store decoders](#store-decoders) + * [Randomized genesis](#randomized-genesis) + * [Random weighted operations](#random-weighted-operations) + * [Random proposal contents](#random-proposal-contents) +* [Registering simulation functions](#registering-simulation-functions) +* [App Simulator manager](#app-simulator-manager) + +## Simulation package + +Every module that implements the Cosmos SDK simulator needs to have a `x//simulation` +package which contains the primary functions required by the fuzz tests: store +decoders, randomized genesis state and parameters, weighted operations and proposal +contents. + +### Store decoders + +Registering the store decoders is required for the `AppImportExport`. This allows +for the key-value pairs from the stores to be decoded (_i.e_ unmarshalled) +to their corresponding types. In particular, it matches the key to a concrete type +and then unmarshals the value from the `KVPair` to the type provided. + +You can use the example [here](https://github.com/cosmos/cosmos-sdk/blob/v/x/distribution/simulation/decoder.go) from the distribution module to implement your store decoders. + +### Randomized genesis + +The simulator tests different scenarios and values for genesis parameters +in order to fully test the edge cases of specific modules. The `simulator` package from each module must expose a `RandomizedGenState` function to generate the initial random `GenesisState` from a given seed. + +Once the module genesis parameter are generated randomly (or with the key and +values defined in a `params` file), they are marshaled to JSON format and added +to the app genesis JSON to use it on the simulations. + +You can check an example on how to create the randomized genesis [here](https://github.com/cosmos/cosmos-sdk/blob/v/x/staking/simulation/genesis.go). + +### Randomized parameter changes + +The simulator is able to test parameter changes at random. The simulator package from each module must contain a `RandomizedParams` func that will simulate parameter changes of the module throughout the simulations lifespan. + +You can see how an example of what is needed to fully test parameter changes [here](https://github.com/cosmos/cosmos-sdk/blob/v/x/staking/simulation/params.go) + +### Random weighted operations + +Operations are one of the crucial parts of the Cosmos SDK simulation. They are the transactions +(`Msg`) that are simulated with random field values. The sender of the operation +is also assigned randomly. + +Operations on the simulation are simulated using the full [transaction cycle](../../learn/advanced/01-transactions.md) of a +`ABCI` application that exposes the `BaseApp`. + +Shown below is how weights are set: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/release/v0.50.x/x/staking/simulation/operations.go#L19-L86 +``` + +As you can see, the weights are predefined in this case. Options exist to override this behavior with different weights. One option is to use `*rand.Rand` to define a random weight for the operation, or you can inject your own predefined weights. + +Here is how one can override the above package `simappparams`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/release/v0.50.x/Makefile#L293-L299 +``` + +For the last test a tool called [runsim](https://github.com/cosmos/tools/tree/master/cmd/runsim) is used, this is used to parallelize go test instances, provide info to Github and slack integrations to provide information to your team on how the simulations are running. + +### Random proposal contents + +Randomized governance proposals are also supported on the Cosmos SDK simulator. Each +module must define the governance proposal `Content`s that they expose and register +them to be used on the parameters. + +## Registering simulation functions + +Now that all the required functions are defined, we need to integrate them into the module pattern within the `module.go`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/release/v0.50.x/x/distribution/module.go#L180-L203 +``` + +## App Simulator manager + +The following step is setting up the `SimulatorManager` at the app level. This +is required for the simulation test files on the next step. + +```go +type CustomApp struct { + ... + sm *module.SimulationManager +} +``` + +Then at the instantiation of the application, we create the `SimulationManager` +instance in the same way we create the `ModuleManager` but this time we only pass +the modules that implement the simulation functions from the `AppModuleSimulation` +interface described above. + +```go +func NewCustomApp(...) { + // create the simulation manager and define the order of the modules for deterministic simulations + app.sm = module.NewSimulationManager( + auth.NewAppModule(app.accountKeeper), + bank.NewAppModule(app.bankKeeper, app.accountKeeper), + supply.NewAppModule(app.supplyKeeper, app.accountKeeper), + gov.NewAppModule(app.govKeeper, app.accountKeeper, app.supplyKeeper), + mint.NewAppModule(app.mintKeeper), + distr.NewAppModule(app.distrKeeper, app.accountKeeper, app.supplyKeeper, app.stakingKeeper), + staking.NewAppModule(app.stakingKeeper, app.accountKeeper, app.supplyKeeper), + slashing.NewAppModule(app.slashingKeeper, app.accountKeeper, app.stakingKeeper), + ) + + // register the store decoders for simulation tests + app.sm.RegisterStoreDecoders() + ... +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/15-depinject.md b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/15-depinject.md new file mode 100644 index 00000000..f277e5b1 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/15-depinject.md @@ -0,0 +1,124 @@ +--- +sidebar_position: 1 +--- + +# Modules depinject-ready + +:::note Pre-requisite Readings + +* [Depinject Documentation](../packages/01-depinject.md) + +::: + +[`depinject`](../packages/01-depinject.md) is used to wire any module in `app.go`. +All core modules are already configured to support dependency injection. + +To work with `depinject` a module must define its configuration and requirements so that `depinject` can provide the right dependencies. + +In brief, as a module developer, the following steps are required: + +1. Define the module configuration using Protobuf +2. Define the module dependencies in `x/{moduleName}/module.go` + +A chain developer can then use the module by following these two steps: + +1. Configure the module in `app_config.go` or `app.yaml` +2. Inject the module in `app.go` + +## Module Configuration + +The module available configuration is defined in a Protobuf file, located at `{moduleName}/module/v1/module.proto`. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/group/module/v1/module.proto +``` + +* `go_import` must point to the Go package of the custom module. +* Message fields define the module configuration. + That configuration can be set in the `app_config.go` / `app.yaml` file for a chain developer to configure the module. + Taking `group` as example, a chain developer is able to decide, thanks to `uint64 max_metadata_len`, what the maximum metadata length allowed for a group proposal is. + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/app_config.go#L228-L234 + ``` + +That message is generated using [`pulsar`](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/scripts/protocgen-pulsar.sh) (by running `make proto-gen`). +In the case of the `group` module, this file is generated here: https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/api/cosmos/group/module/v1/module.pulsar.go. + +The part that is relevant for the module configuration is: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/api/cosmos/group/module/v1/module.pulsar.go#L515-L527 +``` + +:::note +Pulsar is optional. The official [`protoc-gen-go`](https://developers.google.com/protocol-buffers/docs/reference/go-generated) can be used as well. +::: + +## Dependency Definition + +Once the configuration proto is defined, the module's `module.go` must define what dependencies are required by the module. +The boilerplate is similar for all modules. + +:::warning +All methods, structs and their fields must be public for `depinject`. +::: + +1. Import the module configuration generated package: + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/group/module/module.go#L12-L14 + ``` + + Define an `init()` function for defining the `providers` of the module configuration: + This registers the module configuration message and the wiring of the module. + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/group/module/module.go#L194-L199 + ``` + +2. Ensure that the module implements the `appmodule.AppModule` interface: + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.47.0/x/group/module/module.go#L58-L64 + ``` + +3. Define a struct that inherits `depinject.In` and define the module inputs (i.e. module dependencies): + * `depinject` provides the right dependencies to the module. + * `depinject` also checks that all dependencies are provided. + + :::tip + For making a dependency optional, add the `optional:"true"` struct tag. + ::: + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/group/module/module.go#L201-L211 + ``` + +4. Define the module outputs with a public struct that inherits `depinject.Out`: + The module outputs are the dependencies that the module provides to other modules. It is usually the module itself and its keeper. + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/group/module/module.go#L213-L218 + ``` + +5. Create a function named `ProvideModule` (as called in 1.) and use the inputs for instantiating the module outputs. + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/group/module/module.go#L220-L235 + ``` + +The `ProvideModule` function should return an instance of `cosmossdk.io/core/appmodule.AppModule` which implements +one or more app module extension interfaces for initializing the module. + +Following is the complete app wiring configuration for `group`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/group/module/module.go#L194-L235 +``` + +The module is now ready to be used with `depinject` by a chain developer. + +## Integrate in an application + +The App Wiring is done in `app_config.go` / `app.yaml` and `app_v2.go` and is explained in detail in the [overview of `app_v2.go`](../building-apps/01-app-go-v2.md). diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/16-testing.md b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/16-testing.md new file mode 100644 index 00000000..fee66b0d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/16-testing.md @@ -0,0 +1,124 @@ +--- +sidebar_position: 1 +--- + +# Testing + +The Cosmos SDK contains different types of [tests](https://martinfowler.com/articles/practical-test-pyramid.html). +These tests have different goals and are used at different stages of the development cycle. +We advice, as a general rule, to use tests at all stages of the development cycle. +It is adviced, as a chain developer, to test your application and modules in a similar way than the SDK. + +The rationale behind testing can be found in [ADR-59](https://docs.cosmos.network/main/architecture/adr-059-test-scopes.html). + +## Unit Tests + +Unit tests are the lowest test category of the [test pyramid](https://martinfowler.com/articles/practical-test-pyramid.html). +All packages and modules should have unit test coverage. Modules should have their dependencies mocked: this means mocking keepers. + +The SDK uses `mockgen` to generate mocks for keepers: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/scripts/mockgen.sh#L3-L6 +``` + +You can read more about mockgen [here](https://github.com/golang/mock). + +### Example + +As an example, we will walkthrough the [keeper tests](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/gov/keeper/keeper_test.go) of the `x/gov` module. + +The `x/gov` module has a `Keeper` type, which requires a few external dependencies (ie. imports outside `x/gov` to work properly). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/gov/keeper/keeper.go#L22-L24 +``` + +In order to only test `x/gov`, we mock the [expected keepers](https://docs.cosmos.network/v0.46/building-modules/keeper.html#type-definition) and instantiate the `Keeper` with the mocked dependencies. Note that we may need to configure the mocked dependencies to return the expected values: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/gov/keeper/common_test.go#L67-L81 +``` + +This allows us to test the `x/gov` module without having to import other modules. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/gov/keeper/keeper_test.go#L3-L42 +``` + +We can test then create unit tests using the newly created `Keeper` instance. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/gov/keeper/keeper_test.go#L83-L107 +``` + +## Integration Tests + +Integration tests are at the second level of the [test pyramid](https://martinfowler.com/articles/practical-test-pyramid.html). +In the SDK, we locate our integration tests under [`/tests/integrations`](https://github.com/cosmos/cosmos-sdk/tree/main/tests/integration). + +The goal of these integration tests is to test how a component interacts with other dependencies. Compared to unit tests, integration tests do not mock dependencies. Instead, they use the direct dependencies of the component. This differs as well from end-to-end tests, which test the component with a full application. + +Integration tests interact with the tested module via the defined `Msg` and `Query` services. The result of the test can be verified by checking the state of the application, by checking the emitted events or the response. It is adviced to combine two of these methods to verify the result of the test. + +The SDK provides small helpers for quickly setting up an integration tests. These helpers can be found at . + +### Example + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/a2f73a7dd37bea0ab303792c55fa1e4e1db3b898/testutil/integration/example_test.go#L30-L116 +``` + +## Deterministic and Regression tests + +Tests are written for queries in the Cosmos SDK which have `module_query_safe` Protobuf annotation. + +Each query is tested using 2 methods: + +* Use property-based testing with the [`rapid`](https://pkg.go.dev/pgregory.net/rapid@v0.5.3) library. The property that is tested is that the query response and gas consumption are the same upon 1000 query calls. +* Regression tests are written with hardcoded responses and gas, and verify they don't change upon 1000 calls and between SDK patch versions. + +Here's an example of regression tests: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/tests/integration/bank/keeper/deterministic_test.go#L134-L151 +``` + +## Simulations + +Simulations uses as well a minimal application, built with [`depinject`](../packages/01-depinject.md): + +:::note +You can as well use the `AppConfig` `configurator` for creating an `AppConfig` [inline](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/slashing/app_test.go#L54-L62). There is no difference between those two ways, use whichever you prefer. +::: + +Following is an example for `x/gov/` simulations: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/gov/simulation/operations_test.go#L406-L430 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/gov/simulation/operations_test.go#L90-L132 +``` + +## End-to-end Tests + +End-to-end tests are at the top of the [test pyramid](https://martinfowler.com/articles/practical-test-pyramid.html). +They must test the whole application flow, from the user perspective (for instance, CLI tests). They are located under [`/tests/e2e`](https://github.com/cosmos/cosmos-sdk/tree/main/tests/e2e). + + +For that, the SDK is using `simapp` but you should use your own application (`appd`). +Here are some examples: + +* SDK E2E tests: . +* Cosmos Hub E2E tests: . +* Osmosis E2E tests: . + +:::note warning +The SDK is in the process of creating its E2E tests, as defined in [ADR-59](https://docs.cosmos.network/main/architecture/adr-059-test-scopes.html). This page will eventually be updated with better examples. +::: + +## Learn More + +Learn more about testing scope in [ADR-59](https://docs.cosmos.network/main/architecture/adr-059-test-scopes.html). diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/17-preblock.md b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/17-preblock.md new file mode 100644 index 00000000..a79646bd --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/17-preblock.md @@ -0,0 +1,31 @@ +--- +sidebar_position: 1 +--- + +# PreBlocker + +:::note Synopsis +`PreBlocker` is optional method module developers can implement in their module. They will be triggered before [`BeginBlock`](../../learn/advanced/00-baseapp.md#beginblock). +::: + +:::note Pre-requisite Readings + +* [Module Manager](./01-module-manager.md) + +::: + +## PreBlocker + +There are two semantics around the new lifecycle method: + +- It runs before the `BeginBlocker` of all modules +- It can modify consensus parameters in storage, and signal the caller through the return value. + +When it returns `ConsensusParamsChanged=true`, the caller must refresh the consensus parameter in the deliver context: +``` +app.finalizeBlockState.ctx = app.finalizeBlockState.ctx.WithConsensusParams(app.GetConsensusParams()) +``` + +The new ctx must be passed to all the other lifecycle methods. + + diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/_category_.json b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/_category_.json new file mode 100644 index 00000000..2d50f8b3 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/building-modules/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Building Modules", + "position": 1, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/migrations/01-intro.md b/copy-of-sdk-versioned_docs/version-0.50/build/migrations/01-intro.md new file mode 100644 index 00000000..47c5c245 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/migrations/01-intro.md @@ -0,0 +1,15 @@ +--- +sidebar_position: 1 +--- + +# SDK Migrations + +To smoothen the update to the latest stable release, the SDK includes a CLI command for hard-fork migrations (under the ` genesis migrate` subcommand). +Additionally, the SDK includes in-place migrations for its core modules. These in-place migrations are useful to migrate between major releases. + +* Hard-fork migrations are supported from the last major release to the current one. +* [In-place module migrations](https://docs.cosmos.network/main/core/upgrade#overwriting-genesis-functions) are supported from the last two major releases to the current one. + +Migration from a version older than the last two major releases is not supported. + +When migrating from a previous version, refer to the [`UPGRADING.md`](./02-upgrading.md) and the `CHANGELOG.md` of the version you are migrating to. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/migrations/02-upgrade-reference.md b/copy-of-sdk-versioned_docs/version-0.50/build/migrations/02-upgrade-reference.md new file mode 100644 index 00000000..598dd519 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/migrations/02-upgrade-reference.md @@ -0,0 +1,227 @@ +# Upgrade Reference + +This document provides a quick reference for the upgrades from `v0.50.x` to `v0.53.x` of Cosmos SDK. + +Note, always read the **App Wiring Changes** section for more information on application wiring updates. + +🚨Upgrading to v0.53.x will require a **coordinated** chain upgrade.🚨 + +### TLDR; + +Unordered transactions, `x/protocolpool`, and `x/epoch` are the major new features added in v0.53.x. + +We also added the ability to add a `CheckTx` handler and enabled ed25519 signature verification. + +For a full list of changes, see the [Changelog](https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/CHANGELOG.md). + +### Unordered Transactions + +The Cosmos SDK now supports unordered transactions. _This is an opt-in feature_. + +Clients that use this feature may now submit their transactions in a fire-and-forget manner to chains that enabled unordered transactions. + +To submit an unordered transaction, clients must set the `unordered` flag to +`true` and ensure a reasonable `timeout_timestamp` is set. The `timeout_timestamp` is +used as a TTL for the transaction and provides replay protection. Each transaction's `timeout_timestamp` must be +unique to the account; however, the difference may be as small as a nanosecond. See [ADR-070](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-070-unordered-transactions.md) for more details. + +Note that unordered transactions require sequence values to be zero, and will **FAIL** if a non-zero sequence value is set. +Please ensure no sequence value is set when submitting an unordered transaction. +Services that rely on prior assumptions about sequence values should be updated to handle unordered transactions. +Services should be aware that when the transaction is unordered, the transaction sequence will always be zero. + +#### Enabling Unordered Transactions + +To enable unordered transactions, supply the `WithUnorderedTransactions` option to the `x/auth` keeper: + +```go + app.AccountKeeper = authkeeper.NewAccountKeeper( + appCodec, + runtime.NewKVStoreService(keys[authtypes.StoreKey]), + authtypes.ProtoBaseAccount, + maccPerms, + authcodec.NewBech32Codec(sdk.Bech32MainPrefix), + sdk.Bech32MainPrefix, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + authkeeper.WithUnorderedTransactions(true), // new option! + ) +``` + +If using dependency injection, update the auth module config. + +```go + { + Name: authtypes.ModuleName, + Config: appconfig.WrapAny(&authmodulev1.Module{ + Bech32Prefix: "cosmos", + ModuleAccountPermissions: moduleAccPerms, + EnableUnorderedTransactions: true, // remove this line if you do not want unordered transactions. + }), + }, +``` + +By default, unordered transactions use a transaction timeout duration of 10 minutes and a default gas charge of 2240 gas units. +To modify these default values, pass in the corresponding options to the new `SigVerifyOptions` field in `x/auth's` `ante.HandlerOptions`. + +```go +options := ante.HandlerOptions{ + SigVerifyOptions: []ante.SigVerificationDecoratorOption{ + // change below as needed. + ante.WithUnorderedTxGasCost(ante.DefaultUnorderedTxGasCost), + ante.WithMaxUnorderedTxTimeoutDuration(ante.DefaultMaxTimoutDuration), + }, +} +``` + +```go +anteDecorators := []sdk.AnteDecorator{ + // ... other decorators ... + ante.NewSigVerificationDecorator(options.AccountKeeper, options.SignModeHandler, options.SigVerifyOptions...), // supply new options +} +``` + +### App Wiring Changes + +In this section, we describe the required app wiring changes to run a v0.53.x Cosmos SDK application. + +**These changes are directly applicable to your application wiring.** + +The `x/auth` module now contains a `PreBlocker` that _must_ be set in the module manager's `SetOrderPreBlockers` method. + +```go +app.ModuleManager.SetOrderPreBlockers( + upgradetypes.ModuleName, + authtypes.ModuleName, // NEW +) +``` + +That's it. + +### New Modules + +Below are some **optional** new modules you can include in your chain. +To see a full example of wiring these modules, please check out the [SimApp](https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/simapp/app.go). + +#### Epochs + +⚠️Adding this module requires a `StoreUpgrade`⚠️ + +The new, supplemental `x/epochs` module provides Cosmos SDK modules functionality to register and execute custom logic at fixed time-intervals. + +Required wiring: +- Keeper Instantiation +- StoreKey addition +- Hooks Registration +- App Module Registration +- entry in SetOrderBeginBlockers +- entry in SetGenesisModuleOrder +- entry in SetExportModuleOrder + +#### ProtocolPool + +:::warning + +Using `protocolpool` will cause the following `x/distribution` handlers to return an error: + + +**QueryService** + +- `CommunityPool` + +**MsgService** + +- `CommunityPoolSpend` +- `FundCommunityPool` + +If you have services that rely on this functionality from `x/distribution`, please update them to use the `x/protocolpool` equivalents. + +::: + +⚠️Adding this module requires a `StoreUpgrade`⚠️ + +The new, supplemental `x/protocolpool` module provides extended functionality for managing and distributing block reward revenue. + +Required wiring: +- Module Account Permissions + - protocolpooltypes.ModuleName (nil) + - protocolpooltypes.ProtocolPoolEscrowAccount (nil) +- Keeper Instantiation +- StoreKey addition +- Passing the keeper to the Distribution Keeper + - `distrkeeper.WithExternalCommunityPool(app.ProtocolPoolKeeper)` +- App Module Registration +- entry in SetOrderBeginBlockers +- entry in SetOrderEndBlockers +- entry in SetGenesisModuleOrder +- entry in SetExportModuleOrder **before `x/bank`** + +## Custom Minting Function in `x/mint` + +This release introduces the ability to configure a custom mint function in `x/mint`. The minting logic is now abstracted as a `MintFn` with a default implementation that can be overridden. + +### What’s New + +- **Configurable Mint Function:** + A new `MintFn` abstraction is introduced. By default, the module uses `DefaultMintFn`, but you can supply your own implementation. + +- **Deprecated InflationCalculationFn Parameter:** + The `InflationCalculationFn` argument previously provided to `mint.NewAppModule()` is now ignored and must be `nil`. To customize the default minter’s inflation behavior, wrap your custom function with `mintkeeper.DefaultMintFn` and pass it via the `WithMintFn` option: + +```go + mintkeeper.WithMintFn(mintkeeper.DefaultMintFn(customInflationFn)) +``` + +### How to Upgrade + +1. **Using the Default Minting Function** + + No action is needed if you’re happy with the default behavior. Make sure your application wiring initializes the MintKeeper like this: + +```go + mintKeeper := mintkeeper.NewKeeper( + appCodec, + storeService, + stakingKeeper, + accountKeeper, + bankKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) +``` + +2. **Using a Custom Minting Function** + + To use a custom minting function, define it as follows and pass it you your mintKeeper when constructing it: + +```go +func myCustomMintFunc(ctx sdk.Context, k *mintkeeper.Keeper) { + // do minting... +} + +// ... + mintKeeper := mintkeeper.NewKeeper( + appCodec, + storeService, + stakingKeeper, + accountKeeper, + bankKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + mintkeeper.WithMintFn(myCustomMintFunc), // Use custom minting function + ) +``` + +### Misc Changes + +#### Testnet's init-files Command + +Some changes were made to `testnet`'s `init-files` command to support our new testing framework, `Systemtest`. + +##### Flag Changes + +- The flag for validator count was changed from `--v` to `--validator-count`(shorthand: `-v`). + +##### Flag Additions +- `--staking-denom` allows changing the default stake denom, `stake`. +- `--commit-timeout` enables changing the commit timeout of the chain. +- `--single-host` enables running a multi-node network on a single host. This bumps each subsequent node's network addresses by 1. For example, node1's gRPC address will be 9090, node2's 9091, etc... \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/migrations/02-upgrading.md b/copy-of-sdk-versioned_docs/version-0.50/build/migrations/02-upgrading.md new file mode 100644 index 00000000..c63f249d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/migrations/02-upgrading.md @@ -0,0 +1,522 @@ +# Upgrading Cosmos SDK + +This guide provides instructions for upgrading to specific versions of Cosmos SDK. +Note, always read the **SimApp** section for more information on application wiring updates. + +## [v0.50.x](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.50.0) + +### Migration to CometBFT (Part 2) + +The Cosmos SDK has migrated in its previous versions, to CometBFT. +Some functions have been renamed to reflect the naming change. + +Following an exhaustive list: + +* `client.TendermintRPC` -> `client.CometRPC` +* `clitestutil.MockTendermintRPC` -> `clitestutil.MockCometRPC` +* `clitestutilgenutil.CreateDefaultTendermintConfig` -> `clitestutilgenutil.CreateDefaultCometConfig` +* Package `client/grpc/tmservice` -> `client/grpc/cmtservice` + +Additionally, the commands and flags mentioning `tendermint` have been renamed to `comet`. +These commands and flags are still supported for backward compatibility. + +For backward compatibility, the `**/tendermint/**` gRPC services are still supported. + +Additionally, the SDK is starting its abstraction from CometBFT Go types through the codebase: + +* The usage of the CometBFT logger has been replaced by the Cosmos SDK logger interface (`cosmossdk.io/log.Logger`). +* The usage of `github.com/cometbft/cometbft/libs/bytes.HexByte` has been replaced by `[]byte`. +* Usage of an application genesis (see [genutil](#xgenutil)). + +#### Enable Vote Extensions + +:::tip +This is an optional feature that is disabled by default. +::: + +Once all the code changes required to implement Vote Extensions are in place, +they can be enabled by setting the consensus param `Abci.VoteExtensionsEnableHeight` +to a value greater than zero. + +In a new chain, this can be done in the `genesis.json` file. + +For existing chains this can be done in two ways: + +* During an upgrade the value is set in an upgrade handler. +* A governance proposal that changes the consensus param **after a coordinated upgrade has taken place**. + +### BaseApp + +All ABCI methods now accept a pointer to the request and response types defined +by CometBFT. In addition, they also return errors. An ABCI method should only +return errors in cases where a catastrophic failure has occurred and the application +should halt. However, this is abstracted away from the application developer. Any +handler that an application can define or set that returns an error, will gracefully +by handled by `BaseApp` on behalf of the application. + +BaseApp calls of `BeginBlock` & `Endblock` are now private but are still exposed +to the application to define via the `Manager` type. `FinalizeBlock` is public +and should be used in order to test and run operations. This means that although +`BeginBlock` & `Endblock` no longer exist in the ABCI interface, they are automatically +called by `BaseApp` during `FinalizeBlock`. Specifically, the order of operations +is `BeginBlock` -> `DeliverTx` (for all txs) -> `EndBlock`. + +ABCI++ 2.0 also brings `ExtendVote` and `VerifyVoteExtension` ABCI methods. These +methods allow applications to extend and verify pre-commit votes. The Cosmos SDK +allows an application to define handlers for these methods via `ExtendVoteHandler` +and `VerifyVoteExtensionHandler` respectively. Please see [here](https://docs.cosmos.network/v0.50/build/building-apps/vote-extensions) +for more info. + +#### Set PreBlocker + +A `SetPreBlocker` method has been added to BaseApp. This is essential for BaseApp to run `PreBlock` which runs before begin blocker other modules, and allows to modify consensus parameters, and the changes are visible to the following state machine logics. +Read more about other use cases [here](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-068-preblock.md). + +`depinject` / app di users need to add `x/upgrade` in their `app_config.go` / `app.yml`: + +```diff ++ PreBlockers: []string{ ++ upgradetypes.ModuleName, ++ }, +BeginBlockers: []string{ +- upgradetypes.ModuleName, + minttypes.ModuleName, +} +``` + +When using (legacy) application wiring, the following must be added to `app.go`: + +```diff ++app.ModuleManager.SetOrderPreBlockers( ++ upgradetypes.ModuleName, ++) + +app.ModuleManager.SetOrderBeginBlockers( +- upgradetypes.ModuleName, +) + ++ app.SetPreBlocker(app.PreBlocker) + +// ... // + ++func (app *SimApp) PreBlocker(ctx sdk.Context, req *abci.RequestFinalizeBlock) (*sdk.ResponsePreBlock, error) { ++ return app.ModuleManager.PreBlock(ctx, req) ++} +``` + +#### Events + +The log section of `abci.TxResult` is not populated in the case of successful +msg(s) execution. Instead a new attribute is added to all messages indicating +the `msg_index` which identifies which events and attributes relate the same +transaction. + +`BeginBlock` & `EndBlock` Events are now emitted through `FinalizeBlock` but have +an added attribute, `mode=BeginBlock|EndBlock`, to identify if the event belongs +to `BeginBlock` or `EndBlock`. + +### Config files + +Confix is a new SDK tool for modifying and migrating configuration of the SDK. +It is the replacement of the `config.Cmd` command from the `client/config` package. + +Use the following command to migrate your configuration: + +```bash +simd config migrate v0.50 +``` + +If you were using ` config [key]` or ` config [key] [value]` to set and get values from the `client.toml`, replace it with ` config get client [key]` and ` config set client [key] [value]`. The extra verbosity is due to the extra functionalities added in config. + +More information about [confix](https://docs.cosmos.network/main/tooling/confix) and how to add it in your application binary in the [documentation](https://docs.cosmos.network/main/tooling/confix). + +#### gRPC-Web + +gRPC-Web is now listening to the same address and port as the gRPC Gateway API server (default: `localhost:1317`). +The possibility to listen to a different address has been removed, as well as its settings. +Use `confix` to clean-up your `app.toml`. A nginx (or alike) reverse-proxy can be set to keep the previous behavior. + +#### Database Support + +ClevelDB, BoltDB and BadgerDB are not supported anymore. To migrate from a unsupported database to a supported database please use a database migration tool. + +### Protobuf + +With the deprecation of the Amino JSON codec defined in [cosmos/gogoproto](https://github.com/cosmos/gogoproto) in favor of the protoreflect powered x/tx/aminojson codec, module developers are encouraged verify that their messages have the correct protobuf annotations to deterministically produce identical output from both codecs. + +For core SDK types equivalence is asserted by generative testing of [SignableTypes](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-beta.0/tests/integration/rapidgen/rapidgen.go#L102) in [TestAminoJSON_Equivalence](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-beta.0/tests/integration/tx/aminojson/aminojson_test.go#L94). + +**TODO: summarize proto annotation requirements.** + +#### Stringer + +The `gogoproto.goproto_stringer = false` annotation has been removed from most proto files. This means that the `String()` method is being generated for types that previously had this annotation. The generated `String()` method uses `proto.CompactTextString` for _stringifying_ structs. +[Verify](https://github.com/cosmos/cosmos-sdk/pull/13850#issuecomment-1328889651) the usage of the modified `String()` methods and double-check that they are not used in state-machine code. + +### SimApp + +In this section we describe the changes made in Cosmos SDK' SimApp. +**These changes are directly applicable to your application wiring.** + +#### Module Assertions + +Previously, all modules were required to be set in `OrderBeginBlockers`, `OrderEndBlockers` and `OrderInitGenesis / OrderExportGenesis` in `app.go` / `app_config.go`. This is no longer the case, the assertion has been loosened to only require modules implementing, respectively, the `appmodule.HasBeginBlocker`, `appmodule.HasEndBlocker` and `appmodule.HasGenesis` / `module.HasGenesis` interfaces. + +#### Module wiring + +The following modules `NewKeeper` function now take a `KVStoreService` instead of a `StoreKey`: + +* `x/auth` +* `x/authz` +* `x/bank` +* `x/consensus` +* `x/crisis` +* `x/distribution` +* `x/evidence` +* `x/feegrant` +* `x/gov` +* `x/mint` +* `x/nft` +* `x/slashing` +* `x/upgrade` + +**Users using `depinject` / app di do not need any changes, this is abstracted for them.** + +Users manually wiring their chain need to use the `runtime.NewKVStoreService` method to create a `KVStoreService` from a `StoreKey`: + +```diff +app.ConsensusParamsKeeper = consensusparamkeeper.NewKeeper( + appCodec, +- keys[consensusparamtypes.StoreKey] ++ runtime.NewKVStoreService(keys[consensusparamtypes.StoreKey]), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), +) +``` + +#### Logger + +Replace all your CometBFT logger imports by `cosmossdk.io/log`. + +Additionally, `depinject` / app di users must now supply a logger through the main `depinject.Supply` function instead of passing it to `appBuilder.Build`. + +```diff +appConfig = depinject.Configs( + AppConfig, + depinject.Supply( + // supply the application options + appOpts, ++ logger, + ... +``` + +```diff +- app.App = appBuilder.Build(logger, db, traceStore, baseAppOptions...) ++ app.App = appBuilder.Build(db, traceStore, baseAppOptions...) +``` + +User manually wiring their chain need to add the logger argument when creating the `x/bank` keeper. + +#### Module Basics + +Previously, the `ModuleBasics` was a global variable that was used to register all modules' `AppModuleBasic` implementation. +The global variable has been removed and the basic module manager can be now created from the module manager. + +This is automatically done for `depinject` / app di users, however for supplying different app module implementation, pass them via `depinject.Supply` in the main `AppConfig` (`app_config.go`): + +```go +depinject.Supply( + // supply custom module basics + map[string]module.AppModuleBasic{ + genutiltypes.ModuleName: genutil.NewAppModuleBasic(genutiltypes.DefaultMessageValidator), + govtypes.ModuleName: gov.NewAppModuleBasic( + []govclient.ProposalHandler{ + paramsclient.ProposalHandler, + }, + ), + }, + ) +``` + +Users manually wiring their chain need to use the new `module.NewBasicManagerFromManager` function, after the module manager creation, and pass a `map[string]module.AppModuleBasic` as argument for optionally overriding some module's `AppModuleBasic`. + +#### AutoCLI + +[`AutoCLI`](https://docs.cosmos.network/main/core/autocli) has been implemented by the SDK for all its module CLI queries. This means chains must add the following in their `root.go` to enable `AutoCLI` in their application: + +```go +if err := autoCliOpts.EnhanceRootCommand(rootCmd); err != nil { + panic(err) +} +``` + +Where `autoCliOpts` is the autocli options of the app, containing all modules and codecs. +That value can injected by depinject ([see root_v2.go](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-beta.0/simapp/simd/cmd/root_v2.go#L49-L67)) or manually provided by the app ([see legacy app.go](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-beta.0/simapp/app.go#L636-L655)). + +:::warning +Not doing this will result in all core SDK modules queries not to be included in the binary. +::: + +Additionally `AutoCLI` automatically adds the custom modules commands to the root command for all modules implementing the [`appmodule.AppModule`](https://pkg.go.dev/cosmossdk.io/core/appmodule#AppModule) interface. +This means, after ensuring all the used modules implement this interface, the following can be removed from your `root.go`: + +```diff +func txCommand() *cobra.Command { + .... +- appd.ModuleBasics.AddTxCommands(cmd) +} +``` + +```diff +func queryCommand() *cobra.Command { + .... +- appd.ModuleBasics.AddQueryCommands(cmd) +} +``` + +### Packages + +#### Math + +References to `types/math.go` which contained aliases for math types aliasing the `cosmossdk.io/math` package have been removed. +Import directly the `cosmossdk.io/math` package instead. + +#### Store + +References to `types/store.go` which contained aliases for store types have been remapped to point to appropriate `store/types`, hence the `types/store.go` file is no longer needed and has been removed. + +##### Extract Store to a standalone module + +The `store` module is extracted to have a separate go.mod file which allows it be a standalone module. +All the store imports are now renamed to use `cosmossdk.io/store` instead of `github.com/cosmos/cosmos-sdk/store` across the SDK. + +##### Streaming + +[ADR-38](https://docs.cosmos.network/main/architecture/adr-038-state-listening) has been implemented in the SDK. + +To continue using state streaming, replace `streaming.LoadStreamingServices` by the following in your `app.go`: + +```go +if err := app.RegisterStreamingServices(appOpts, app.kvStoreKeys()); err != nil { + panic(err) +} +``` + +#### Client + +The return type of the interface method `TxConfig.SignModeHandler()` has been changed from `x/auth/signing.SignModeHandler` to `x/tx/signing.HandlerMap`. This change is transparent to most users as the `TxConfig` interface is typically implemented by private `x/auth/tx.config` struct (as returned by `auth.NewTxConfig`) which has been updated to return the new type. If users have implemented their own `TxConfig` interface, they will need to update their implementation to return the new type. + +##### Textual sign mode + +A new sign mode is available in the SDK that produces more human readable output, currently only available on Ledger +devices but soon to be implemented in other UIs. + +:::tip +This sign mode does not allow offline signing +::: + +When using (legacy) application wiring, the following must be added to `app.go` after setting the app's bank keeper: + +```go + enabledSignModes := append(tx.DefaultSignModes, sigtypes.SignMode_SIGN_MODE_TEXTUAL) + txConfigOpts := tx.ConfigOptions{ + EnabledSignModes: enabledSignModes, + TextualCoinMetadataQueryFn: txmodule.NewBankKeeperCoinMetadataQueryFn(app.BankKeeper), + } + txConfig, err := tx.NewTxConfigWithOptions( + appCodec, + txConfigOpts, + ) + if err != nil { + log.Fatalf("Failed to create new TxConfig with options: %v", err) + } + app.txConfig = txConfig +``` + +When using `depinject` / `app di`, **it's enabled by default** if there's a bank keeper present. + +And in the application client (usually `root.go`): + +```go + if !clientCtx.Offline { + txConfigOpts.EnabledSignModes = append(txConfigOpts.EnabledSignModes, signing.SignMode_SIGN_MODE_TEXTUAL) + txConfigOpts.TextualCoinMetadataQueryFn = txmodule.NewGRPCCoinMetadataQueryFn(clientCtx) + txConfigWithTextual, err := tx.NewTxConfigWithOptions( + codec.NewProtoCodec(clientCtx.InterfaceRegistry), + txConfigOpts, + ) + if err != nil { + return err + } + clientCtx = clientCtx.WithTxConfig(txConfigWithTextual) + } +``` + +When using `depinject` / `app di`, the a tx config should be recreated from the `txConfigOpts` to use `NewGRPCCoinMetadataQueryFn` instead of depending on the bank keeper (that is used in the server). + +To learn more see the [docs](https://docs.cosmos.network/main/learn/advanced/transactions#sign_mode_textual) and the [ADR-050](https://docs.cosmos.network/main/build/architecture/adr-050-sign-mode-textual). + +### Modules + +#### `**all**` + +* [RFC 001](https://docs.cosmos.network/main/rfc/rfc-001-tx-validation) has defined a simplification of the message validation process for modules. + The `sdk.Msg` interface has been updated to not require the implementation of the `ValidateBasic` method. + It is now recommended to validate message directly in the message server. When the validation is performed in the message server, the `ValidateBasic` method on a message is no longer required and can be removed. + +* Messages no longer need to implement the `LegacyMsg` interface and implementations of `GetSignBytes` can be deleted. Because of this change, global legacy Amino codec definitions and their registration in `init()` can safely be removed as well. + +* The `AppModuleBasic` interface has been simplified. Defining `GetTxCmd() *cobra.Command` and `GetQueryCmd() *cobra.Command` is no longer required. The module manager detects when module commands are defined. If AutoCLI is enabled, `EnhanceRootCommand()` will add the auto-generated commands to the root command, unless a custom module command is defined and register that one instead. + +* The following modules' `Keeper` methods now take in a `context.Context` instead of `sdk.Context`. Any module that has an interfaces for them (like "expected keepers") will need to update and re-generate mocks if needed: + + * `x/authz` + * `x/bank` + * `x/mint` + * `x/crisis` + * `x/distribution` + * `x/evidence` + * `x/gov` + * `x/slashing` + * `x/upgrade` + +* `BeginBlock` and `EndBlock` have changed their signature, so it is important that any module implementing them are updated accordingly. + +```diff +- BeginBlock(sdk.Context, abci.RequestBeginBlock) ++ BeginBlock(context.Context) error +``` + +```diff +- EndBlock(sdk.Context, abci.RequestEndBlock) []abci.ValidatorUpdate ++ EndBlock(context.Context) error +``` + +In case a module requires to return `abci.ValidatorUpdate` from `EndBlock`, it can use the `HasABCIEndBlock` interface instead. + +```diff +- EndBlock(sdk.Context, abci.RequestEndBlock) []abci.ValidatorUpdate ++ EndBlock(context.Context) ([]abci.ValidatorUpdate, error) +``` + +:::tip +It is possible to ensure that a module implements the correct interfaces by using compiler assertions in your `x/{moduleName}/module.go`: + +```go +var ( + _ module.AppModuleBasic = (*AppModule)(nil) + _ module.AppModuleSimulation = (*AppModule)(nil) + _ module.HasGenesis = (*AppModule)(nil) + + _ appmodule.AppModule = (*AppModule)(nil) + _ appmodule.HasBeginBlocker = (*AppModule)(nil) + _ appmodule.HasEndBlocker = (*AppModule)(nil) + ... +) +``` + +Read more on those interfaces [here](https://docs.cosmos.network/v0.50/building-modules/module-manager#application-module-interfaces). + +::: + +* `GetSigners()` is no longer required to be implemented on `Msg` types. The SDK will automatically infer the signers from the `Signer` field on the message. The signer field is required on all messages unless using a custom signer function. + +To find out more please read the [signer field](../../build/building-modules/05-protobuf-annotations.md#signer) & [here](https://github.com/cosmos/cosmos-sdk/blob/7352d0bce8e72121e824297df453eb1059c28da8/docs/docs/build/building-modules/02-messages-and-queries.md#L40) documentation. + + +#### `x/auth` + +For ante handler construction via `ante.NewAnteHandler`, the field `ante.HandlerOptions.SignModeHandler` has been updated to `x/tx/signing/HandlerMap` from `x/auth/signing/SignModeHandler`. Callers typically fetch this value from `client.TxConfig.SignModeHandler()` (which is also changed) so this change should be transparent to most users. + +#### `x/capability` + +The capability module has been moved to [cosmos/ibc-go](https://github.com/cosmos/ibc-go). IBC v8 will contain the necessary changes to incorporate the new module location. In your `app.go`, you must import the capability module from the new location: + +```diff ++ "github.com/cosmos/ibc-go/modules/capability" ++ capabilitykeeper "github.com/cosmos/ibc-go/modules/capability/keeper" ++ capabilitytypes "github.com/cosmos/ibc-go/modules/capability/types" +- "github.com/cosmos/cosmos-sdk/x/capability/types" +- capabilitykeeper "github.com/cosmos/cosmos-sdk/x/capability/keeper" +- capabilitytypes "github.com/cosmos/cosmos-sdk/x/capability/types" +``` + +Similar to previous versions, your module manager must include the capability module. + +```go +app.ModuleManager = module.NewManager( + capability.NewAppModule(encodingConfig.Codec, *app.CapabilityKeeper, true), + // remaining modules +) +``` + +#### `x/genutil` + +The Cosmos SDK has migrated from a CometBFT genesis to a application managed genesis file. +The genesis is now fully handled by `x/genutil`. This has no consequences for running chains: + +* Importing a CometBFT genesis is still supported. +* Exporting a genesis now exports the genesis as an application genesis. + +When needing to read an application genesis, use the following helpers from the `x/genutil/types` package: + +```go +// AppGenesisFromReader reads the AppGenesis from the reader. +func AppGenesisFromReader(reader io.Reader) (*AppGenesis, error) + +// AppGenesisFromFile reads the AppGenesis from the provided file. +func AppGenesisFromFile(genFile string) (*AppGenesis, error) +``` + +#### `x/gov` + +##### Expedited Proposals + +The `gov` v1 module now supports expedited governance proposals. When a proposal is expedited, the voting period will be shortened to `ExpeditedVotingPeriod` parameter. An expedited proposal must have an higher voting threshold than a classic proposal, that threshold is defined with the `ExpeditedThreshold` parameter. + +##### Cancelling Proposals + +The `gov` module now supports cancelling governance proposals. When a proposal is canceled, all the deposits of the proposal are either burnt or sent to `ProposalCancelDest` address. The deposits burn rate will be determined by a new parameter called `ProposalCancelRatio` parameter. + +```text +1. deposits * proposal_cancel_ratio will be burned or sent to `ProposalCancelDest` address , if `ProposalCancelDest` is empty then deposits will be burned. +2. deposits * (1 - proposal_cancel_ratio) will be sent to depositors. +``` + +By default, the new `ProposalCancelRatio` parameter is set to `0.5` during migration and `ProposalCancelDest` is set to empty string (i.e. burnt). + +#### `x/evidence` + +##### Extract evidence to a standalone module + +The `x/evidence` module is extracted to have a separate go.mod file which allows it be a standalone module. +All the evidence imports are now renamed to use `cosmossdk.io/x/evidence` instead of `github.com/cosmos/cosmos-sdk/x/evidence` across the SDK. + +#### `x/nft` + +##### Extract nft to a standalone module + +The `x/nft` module is extracted to have a separate go.mod file which allows it to be a standalone module. +All the evidence imports are now renamed to use `cosmossdk.io/x/nft` instead of `github.com/cosmos/cosmos-sdk/x/nft` across the SDK. + +#### x/feegrant + +##### Extract feegrant to a standalone module + +The `x/feegrant` module is extracted to have a separate go.mod file which allows it to be a standalone module. +All the feegrant imports are now renamed to use `cosmossdk.io/x/feegrant` instead of `github.com/cosmos/cosmos-sdk/x/feegrant` across the SDK. + +#### `x/upgrade` + +##### Extract upgrade to a standalone module + +The `x/upgrade` module is extracted to have a separate go.mod file which allows it to be a standalone module. +All the upgrade imports are now renamed to use `cosmossdk.io/x/upgrade` instead of `github.com/cosmos/cosmos-sdk/x/upgrade` across the SDK. + +### Tooling + +#### Rosetta + +Rosetta has moved to it's own [repo](https://github.com/cosmos/rosetta) and not imported by the Cosmos SDK SimApp by default. +Any user who is interested on using the tool can connect it standalone to any node without the need to add it as part of the node binary. + +The rosetta tool also allows multi chain connections. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/migrations/03-upgrade-guide.md b/copy-of-sdk-versioned_docs/version-0.50/build/migrations/03-upgrade-guide.md new file mode 100644 index 00000000..84ec6e7e --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/migrations/03-upgrade-guide.md @@ -0,0 +1,503 @@ +# Upgrade Guide + +This document provides a full guide for upgrading a Cosmos SDK chain from `v0.50.x` to `v0.53.x`. + +This guide includes one **required** change and three **optional** features. + +After completing this guide, applications will have: + +- The `x/protocolpool` module +- The `x/epochs` module +- Unordered Transaction support + +## Table of Contents + +- [App Wiring Changes (REQUIRED)](#app-wiring-changes-required) +- [Adding ProtocolPool Module (OPTIONAL)](#adding-protocolpool-module-optional) + - [ProtocolPool Manual Wiring](#protocolpool-manual-wiring) + - [ProtocolPool DI Wiring](#protocolpool-di-wiring) +- [Adding Epochs Module (OPTIONAL)](#adding-epochs-module-optional) + - [Epochs Manual Wiring](#epochs-manual-wiring) + - [Epochs DI Wiring](#epochs-di-wiring) +- [Enable Unordered Transactions (OPTIONAL)](#enable-unordered-transactions-optional) +- [Upgrade Handler](#upgrade-handler) + +## App Wiring Changes **REQUIRED** + +The `x/auth` module now contains a `PreBlocker` that _must_ be set in the module manager's `SetOrderPreBlockers` method. + +```go +app.ModuleManager.SetOrderPreBlockers( + upgradetypes.ModuleName, + authtypes.ModuleName, // NEW +) +``` + +## Adding ProtocolPool Module **OPTIONAL** + +:::warning + +Using an external community pool such as `x/protocolpool` will cause the following `x/distribution` handlers to return an error: + +**QueryService** + +- `CommunityPool` + +**MsgService** + +- `CommunityPoolSpend` +- `FundCommunityPool` + +If your services depend on this functionality from `x/distribution`, please update them to use either `x/protocolpool` or your custom external community pool alternatives. + +::: + +### Manual Wiring + +Import the following: + +```go +import ( + // ... + "github.com/cosmos/cosmos-sdk/x/protocolpool" + protocolpoolkeeper "github.com/cosmos/cosmos-sdk/x/protocolpool/keeper" + protocolpooltypes "github.com/cosmos/cosmos-sdk/x/protocolpool/types" +) +``` + +Set the module account permissions. + +```go +maccPerms = map[string][]string{ + // ... + protocolpooltypes.ModuleName: nil, + protocolpooltypes.ProtocolPoolEscrowAccount: nil, +} +``` + +Add the protocol pool keeper to your application struct. + +```go +ProtocolPoolKeeper protocolpoolkeeper.Keeper +``` + +Add the store key: + +```go +keys := storetypes.NewKVStoreKeys( + // ... + protocolpooltypes.StoreKey, +) +``` + +Instantiate the keeper. + +Make sure to do this before the distribution module instantiation, as you will pass the keeper there next. + +```go +app.ProtocolPoolKeeper = protocolpoolkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[protocolpooltypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), +) +``` + +Pass the protocolpool keeper to the distribution keeper: + +```go +app.DistrKeeper = distrkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[distrtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + app.StakingKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + distrkeeper.WithExternalCommunityPool(app.ProtocolPoolKeeper), // NEW +) +``` + +Add the protocolpool module to the module manager: + +```go +app.ModuleManager = module.NewManager( + // ... + protocolpool.NewAppModule(appCodec, app.ProtocolPoolKeeper, app.AccountKeeper, app.BankKeeper), +) +``` + +Add an entry for SetOrderBeginBlockers, SetOrderEndBlockers, SetOrderInitGenesis, and SetOrderExportGenesis. + +```go +app.ModuleManager.SetOrderBeginBlockers( + // must come AFTER distribution. + distrtypes.ModuleName, + protocolpooltypes.ModuleName, +) +``` + +```go +app.ModuleManager.SetOrderEndBlockers( + // order does not matter. + protocolpooltypes.ModuleName, +) +``` + +```go +app.ModuleManager.SetOrderInitGenesis( + // order does not matter. + protocolpooltypes.ModuleName, +) +``` + +```go +app.ModuleManager.SetOrderInitGenesis( + protocolpooltypes.ModuleName, // must be exported before bank. + banktypes.ModuleName, +) +``` + +### DI Wiring + +Note: _as long as an external community pool keeper (here, `x/protocolpool`) is wired in DI configs, `x/distribution` will automatically use it for its external pool._ + +First, set up the keeper for the application. + +Import the protocolpool keeper: + +```go +protocolpoolkeeper "github.com/cosmos/cosmos-sdk/x/protocolpool/keeper" +``` + +Add the keeper to your application struct: + +```go +ProtocolPoolKeeper protocolpoolkeeper.Keeper +``` + +Add the keeper to the depinject system: + +```go +depinject.Inject( + appConfig, + &appBuilder, + &app.appCodec, + &app.legacyAmino, + &app.txConfig, + &app.interfaceRegistry, + // ... other modules + &app.ProtocolPoolKeeper, // NEW MODULE! +) +``` + +Next, set up configuration for the module. + +Import the following: + +```go +import ( + protocolpoolmodulev1 "cosmossdk.io/api/cosmos/protocolpool/module/v1" + + _ "github.com/cosmos/cosmos-sdk/x/protocolpool" // import for side-effects + protocolpooltypes "github.com/cosmos/cosmos-sdk/x/protocolpool/types" +) +``` + +The protocolpool module has module accounts that handle funds. Add them to the module account permission configuration: + +```go +moduleAccPerms = []*authmodulev1.ModuleAccountPermission{ + // ... + {Account: protocolpooltypes.ModuleName}, + {Account: protocolpooltypes.ProtocolPoolEscrowAccount}, +} +``` + +Next, add an entry for BeginBlockers, EndBlockers, InitGenesis, and ExportGenesis. + +```go +BeginBlockers: []string{ + // ... + // must be AFTER distribution. + distrtypes.ModuleName, + protocolpooltypes.ModuleName, +}, +``` + +```go +EndBlockers: []string{ + // ... + // order for protocolpool does not matter. + protocolpooltypes.ModuleName, +}, +``` + +```go +InitGenesis: []string{ + // ... must be AFTER distribution. + distrtypes.ModuleName, + protocolpooltypes.ModuleName, +}, +``` + +```go +ExportGenesis: []string{ + // ... + // Must be exported before x/bank. + protocolpooltypes.ModuleName, + banktypes.ModuleName, +}, +``` + +Lastly, add an entry for protocolpool in the ModuleConfig. + +```go +{ + Name: protocolpooltypes.ModuleName, + Config: appconfig.WrapAny(&protocolpoolmodulev1.Module{}), +}, +``` + +## Adding Epochs Module **OPTIONAL** + +### Manual Wiring + +Import the following: + +```go +import ( + // ... + "github.com/cosmos/cosmos-sdk/x/epochs" + epochskeeper "github.com/cosmos/cosmos-sdk/x/epochs/keeper" + epochstypes "github.com/cosmos/cosmos-sdk/x/epochs/types" +) +``` + +Add the epochs keeper to your application struct: + +```go +EpochsKeeper epochskeeper.Keeper +``` + +Add the store key: + +```go +keys := storetypes.NewKVStoreKeys( + // ... + epochstypes.StoreKey, +) +``` + +Instantiate the keeper: + +```go +app.EpochsKeeper = epochskeeper.NewKeeper( + runtime.NewKVStoreService(keys[epochstypes.StoreKey]), + appCodec, +) +``` + +Set up hooks for the epochs keeper: + +To learn how to write hooks for the epoch keeper, see the [x/epoch README](https://github.com/cosmos/cosmos-sdk/blob/main/x/epochs/README.md) + +```go +app.EpochsKeeper.SetHooks( + epochstypes.NewMultiEpochHooks( + // insert epoch hooks receivers here + app.SomeOtherModule + ), +) +``` + +Add the epochs module to the module manager: + +```go +app.ModuleManager = module.NewManager( + // ... + epochs.NewAppModule(appCodec, app.EpochsKeeper), +) +``` + +Add entries for SetOrderBeginBlockers and SetOrderInitGenesis: + +```go +app.ModuleManager.SetOrderBeginBlockers( + // ... + epochstypes.ModuleName, +) +``` + +```go +app.ModuleManager.SetOrderInitGenesis( + // ... + epochstypes.ModuleName, +) +``` + +### DI Wiring + +First, set up the keeper for the application. + +Import the epochs keeper: + +```go +epochskeeper "github.com/cosmos/cosmos-sdk/x/epochs/keeper" +``` + +Add the keeper to your application struct: + +```go +EpochsKeeper epochskeeper.Keeper +``` + +Add the keeper to the depinject system: + +```go +depinject.Inject( + appConfig, + &appBuilder, + &app.appCodec, + &app.legacyAmino, + &app.txConfig, + &app.interfaceRegistry, + // ... other modules + &app.EpochsKeeper, // NEW MODULE! +) +``` + +Next, set up configuration for the module. + +Import the following: + +```go +import ( + epochsmodulev1 "cosmossdk.io/api/cosmos/epochs/module/v1" + + _ "github.com/cosmos/cosmos-sdk/x/epochs" // import for side-effects + epochstypes "github.com/cosmos/cosmos-sdk/x/epochs/types" +) +``` + +Add an entry for BeginBlockers and InitGenesis: + +```go +BeginBlockers: []string{ + // ... + epochstypes.ModuleName, +}, +``` + +```go +InitGenesis: []string{ + // ... + epochstypes.ModuleName, +}, +``` + +Lastly, add an entry for epochs in the ModuleConfig: + +```go +{ + Name: epochstypes.ModuleName, + Config: appconfig.WrapAny(&epochsmodulev1.Module{}), +}, +``` + +## Enable Unordered Transactions **OPTIONAL** + +To enable unordered transaction support on an application, the `x/auth` keeper must be supplied with the `WithUnorderedTransactions` option. + +Note that unordered transactions require sequence values to be zero, and will **FAIL** if a non-zero sequence value is set. +Please ensure no sequence value is set when submitting an unordered transaction. +Services that rely on prior assumptions about sequence values should be updated to handle unordered transactions. +Services should be aware that when the transaction is unordered, the transaction sequence will always be zero. + +```go + app.AccountKeeper = authkeeper.NewAccountKeeper( + appCodec, + runtime.NewKVStoreService(keys[authtypes.StoreKey]), + authtypes.ProtoBaseAccount, + maccPerms, + authcodec.NewBech32Codec(sdk.Bech32MainPrefix), + sdk.Bech32MainPrefix, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + authkeeper.WithUnorderedTransactions(true), // new option! + ) +``` + +If using dependency injection, update the auth module config. + +```go + { + Name: authtypes.ModuleName, + Config: appconfig.WrapAny(&authmodulev1.Module{ + Bech32Prefix: "cosmos", + ModuleAccountPermissions: moduleAccPerms, + EnableUnorderedTransactions: true, // remove this line if you do not want unordered transactions. + }), + }, +``` + +By default, unordered transactions use a transaction timeout duration of 10 minutes and a default gas charge of 2240 gas units. +To modify these default values, pass in the corresponding options to the new `SigVerifyOptions` field in `x/auth's` `ante.HandlerOptions`. + +```go +options := ante.HandlerOptions{ + SigVerifyOptions: []ante.SigVerificationDecoratorOption{ + // change below as needed. + ante.WithUnorderedTxGasCost(ante.DefaultUnorderedTxGasCost), + ante.WithMaxUnorderedTxTimeoutDuration(ante.DefaultMaxTimoutDuration), + }, +} +``` + +```go +anteDecorators := []sdk.AnteDecorator{ + // ... other decorators ... + ante.NewSigVerificationDecorator(options.AccountKeeper, options.SignModeHandler, options.SigVerifyOptions...), // supply new options +} +``` + +## Upgrade Handler + +The upgrade handler only requires adding the store upgrades for the modules added above. +If your application is not adding `x/protocolpool` or `x/epochs`, you do not need to add the store upgrade. + +```go +// UpgradeName defines the on-chain upgrade name for the sample SimApp upgrade +// from v050 to v053. +// +// NOTE: This upgrade defines a reference implementation of what an upgrade +// could look like when an application is migrating from Cosmos SDK version +// v0.50.x to v0.53.x. +const UpgradeName = "v050-to-v053" + +func (app SimApp) RegisterUpgradeHandlers() { + app.UpgradeKeeper.SetUpgradeHandler( + UpgradeName, + func(ctx context.Context, _ upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + return app.ModuleManager.RunMigrations(ctx, app.Configurator(), fromVM) + }, + ) + + upgradeInfo, err := app.UpgradeKeeper.ReadUpgradeInfoFromDisk() + if err != nil { + panic(err) + } + + if upgradeInfo.Name == UpgradeName && !app.UpgradeKeeper.IsSkipHeight(upgradeInfo.Height) { + storeUpgrades := storetypes.StoreUpgrades{ + Added: []string{ + epochstypes.ModuleName, // if not adding x/epochs to your chain, remove this line. + protocolpooltypes.ModuleName, // if not adding x/protocolpool to your chain, remove this line. + }, + } + + // configure store loader that checks if version == upgradeHeight and applies store upgrades + app.SetStoreLoader(upgradetypes.UpgradeStoreLoader(upgradeInfo.Height, &storeUpgrades)) + } +} +``` \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/migrations/_category_.json b/copy-of-sdk-versioned_docs/version-0.50/build/migrations/_category_.json new file mode 100644 index 00000000..5a06c3eb --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/migrations/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Migrations", + "position": 3, + "link": null +} diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/modules/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/modules/README.md new file mode 100644 index 00000000..979a544f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/modules/README.md @@ -0,0 +1,63 @@ +--- +sidebar_position: 0 +--- + +# List of Modules + +Here are some production-grade modules that can be used in Cosmos SDK applications, along with their respective documentation: + +## Essential Modules + +Essential modules include functionality that _must_ be included in your Cosmos SDK blockchain. +These modules provide the core behaviors that are needed for users and operators such as balance tracking, +proof-of-stake capabilities and governance. + +* [Auth](./auth/README.md) - Authentication of accounts and transactions for Cosmos SDK applications. +* [Bank](./bank/README.md) - Token transfer functionalities. +* [Circuit](./circuit/README.md) - Circuit breaker module for pausing messages. +* [Consensus](./consensus/README.md) - Consensus module for modifying CometBFT's ABCI consensus params. +* [Distribution](./distribution/README.md) - Fee distribution, and staking token provision distribution. +* [Evidence](./evidence/README.md) - Evidence handling for double signing, misbehaviour, etc. +* [Governance](./gov/README.md) - On-chain proposals and voting. +* [Genutil](./genutil/README.md) - Genesis utilities for the Cosmos SDK. +* [Mint](./mint/README.md) - Creation of new units of staking token. +* [Slashing](./slashing/README.md) - Validator punishment mechanisms. +* [Staking](./staking/README.md) - Proof-of-Stake layer for public blockchains. +* [Upgrade](./upgrade/README.md) - Software upgrades handling and coordination. + +## Supplementary Modules + +Supplementary modules are modules that are maintained in the Cosmos SDK but are not necessary for +the core functionality of your blockchain. They can be thought of as ways to extend the +capabilities of your blockchain or further specialize it. + +* [Authz](./authz/README.md) - Authorization for accounts to perform actions on behalf of other accounts. +* [Epochs](./epochs/README.md) - Registration so SDK modules can have logic to be executed at the timed tickers. +* [Feegrant](./feegrant/README.md) - Grant fee allowances for executing transactions. +* [Group](./group/README.md) - Allows for the creation and management of on-chain multisig accounts. +* [NFT](./nft/README.md) - NFT module implemented based on [ADR43](https://docs.cosmos.network/main/architecture/adr-043-nft-module.html). +* [ProtocolPool](./protocolpool/README.md) - Extended management of community pool functionality. + +## Deprecated Modules + +The following modules are deprecated. They will no longer be maintained and eventually will be removed +in an upcoming release of the Cosmos SDK per our [release process](https://github.com/cosmos/cosmos-sdk/blob/main/RELEASE_PROCESS.md). + +* [Crisis](./crisis/README.md) - *Deprecated* halting the blockchain under certain circumstances (e.g. if an invariant is broken). +* [Params](./params/README.md) - *Deprecated* Globally available parameter store. + +To learn more about the process of building modules, visit the [building modules reference documentation](https://docs.cosmos.network/main/building-modules/intro). + +## IBC + +The IBC module for the SDK is maintained by the IBC Go team in its [own repository](https://github.com/cosmos/ibc-go). + +Additionally, the [capability module](https://github.com/cosmos/ibc-go/tree/fdd664698d79864f1e00e147f9879e58497b5ef1/modules/capability) is from v0.50+ maintained by the IBC Go team in its [own repository](https://github.com/cosmos/ibc-go/tree/fdd664698d79864f1e00e147f9879e58497b5ef1/modules/capability). + +## CosmWasm + +The CosmWasm module enables smart contracts, learn more by going to their [documentation site](https://book.cosmwasm.com/), or visit [the repository](https://github.com/CosmWasm/cosmwasm). + +## EVM + +Read more about writing smart contracts with solidity at the official [`evm` documentation page](https://evm.cosmos.network/). diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/modules/_category_.json b/copy-of-sdk-versioned_docs/version-0.50/build/modules/_category_.json new file mode 100644 index 00000000..72d229c0 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/modules/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Modules", + "position": 2, + "link": null +} diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/modules/auth/1-vesting.md b/copy-of-sdk-versioned_docs/version-0.50/build/modules/auth/1-vesting.md new file mode 100644 index 00000000..62619ede --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/modules/auth/1-vesting.md @@ -0,0 +1,618 @@ +--- +sidebar_position: 1 +--- + +# `x/auth/vesting` + + +* [Intro and Requirements](#intro-and-requirements) +* [Note](#note) +* [Vesting Account Types](#vesting-account-types) + * [BaseVestingAccount](#basevestingaccount) + * [ContinuousVestingAccount](#continuousvestingaccount) + * [DelayedVestingAccount](#delayedvestingaccount) + * [Period](#period) + * [PeriodicVestingAccount](#periodicvestingaccount) + * [PermanentLockedAccount](#permanentlockedaccount) +* [Vesting Account Specification](#vesting-account-specification) + * [Determining Vesting & Vested Amounts](#determining-vesting--vested-amounts) + * [Periodic Vesting Accounts](#periodic-vesting-accounts) + * [Transferring/Sending](#transferringsending) + * [Delegating](#delegating) + * [Undelegating](#undelegating) +* [Keepers & Handlers](#keepers--handlers) +* [Genesis Initialization](#genesis-initialization) +* [Examples](#examples) + * [Simple](#simple) + * [Slashing](#slashing) + * [Periodic Vesting](#periodic-vesting) +* [Glossary](#glossary) + +## Intro and Requirements + +This specification defines the vesting account implementation that is used by the Cosmos Hub. The requirements for this vesting account is that it should be initialized during genesis with a starting balance `X` and a vesting end time `ET`. A vesting account may be initialized with a vesting start time `ST` and a number of vesting periods `P`. If a vesting start time is included, the vesting period does not begin until start time is reached. If vesting periods are included, the vesting occurs over the specified number of periods. + +For all vesting accounts, the owner of the vesting account is able to delegate and undelegate from validators, however they cannot transfer coins to another account until those coins are vested. This specification allows for four different kinds of vesting: + +* Delayed vesting, where all coins are vested once `ET` is reached. +* Continous vesting, where coins begin to vest at `ST` and vest linearly with respect to time until `ET` is reached +* Periodic vesting, where coins begin to vest at `ST` and vest periodically according to number of periods and the vesting amount per period. The number of periods, length per period, and amount per period are configurable. A periodic vesting account is distinguished from a continuous vesting account in that coins can be released in staggered tranches. For example, a periodic vesting account could be used for vesting arrangements where coins are relased quarterly, yearly, or over any other function of tokens over time. +* Permanent locked vesting, where coins are locked forever. Coins in this account can still be used for delegating and for governance votes even while locked. + +## Note + +Vesting accounts can be initialized with some vesting and non-vesting coins. The non-vesting coins would be immediately transferable. DelayedVesting ContinuousVesting, PeriodicVesting and PermenantVesting accounts can be created with normal messages after genesis. Other types of vesting accounts must be created at genesis, or as part of a manual network upgrade. The current specification only allows for _unconditional_ vesting (ie. there is no possibility of reaching `ET` and +having coins fail to vest). + +## Vesting Account Types + +```go +// VestingAccount defines an interface that any vesting account type must +// implement. +type VestingAccount interface { + Account + + GetVestedCoins(Time) Coins + GetVestingCoins(Time) Coins + + // TrackDelegation performs internal vesting accounting necessary when + // delegating from a vesting account. It accepts the current block time, the + // delegation amount and balance of all coins whose denomination exists in + // the account's original vesting balance. + TrackDelegation(Time, Coins, Coins) + + // TrackUndelegation performs internal vesting accounting necessary when a + // vesting account performs an undelegation. + TrackUndelegation(Coins) + + GetStartTime() int64 + GetEndTime() int64 +} +``` + +### BaseVestingAccount + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/vesting/v1beta1/vesting.proto#L11-L35 +``` + +### ContinuousVestingAccount + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/vesting/v1beta1/vesting.proto#L37-L46 +``` + +### DelayedVestingAccount + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/vesting/v1beta1/vesting.proto#L48-L57 +``` + +### Period + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/vesting/v1beta1/vesting.proto#L59-L69 +``` + +```go +// Stores all vesting periods passed as part of a PeriodicVestingAccount +type Periods []Period + +``` + +### PeriodicVestingAccount + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/vesting/v1beta1/vesting.proto#L71-L81 +``` + +In order to facilitate less ad-hoc type checking and assertions and to support flexibility in account balance usage, the existing `x/bank` `ViewKeeper` interface is updated to contain the following: + +```go +type ViewKeeper interface { + // ... + + // Calculates the total locked account balance. + LockedCoins(ctx sdk.Context, addr sdk.AccAddress) sdk.Coins + + // Calculates the total spendable balance that can be sent to other accounts. + SpendableCoins(ctx sdk.Context, addr sdk.AccAddress) sdk.Coins +} +``` + +### PermanentLockedAccount + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/vesting/v1beta1/vesting.proto#L83-L94 +``` + +## Vesting Account Specification + +Given a vesting account, we define the following in the proceeding operations: + +* `OV`: The original vesting coin amount. It is a constant value. +* `V`: The number of `OV` coins that are still _vesting_. It is derived by +`OV`, `StartTime` and `EndTime`. This value is computed on demand and not on a per-block basis. +* `V'`: The number of `OV` coins that are _vested_ (unlocked). This value is computed on demand and not a per-block basis. +* `DV`: The number of delegated _vesting_ coins. It is a variable value. It is stored and modified directly in the vesting account. +* `DF`: The number of delegated _vested_ (unlocked) coins. It is a variable value. It is stored and modified directly in the vesting account. +* `BC`: The number of `OV` coins less any coins that are transferred +(which can be negative or delegated). It is considered to be balance of the embedded base account. It is stored and modified directly in the vesting account. + +### Determining Vesting & Vested Amounts + +It is important to note that these values are computed on demand and not on a mandatory per-block basis (e.g. `BeginBlocker` or `EndBlocker`). + +#### Continuously Vesting Accounts + +To determine the amount of coins that are vested for a given block time `T`, the +following is performed: + +1. Compute `X := T - StartTime` +2. Compute `Y := EndTime - StartTime` +3. Compute `V' := OV * (X / Y)` +4. Compute `V := OV - V'` + +Thus, the total amount of _vested_ coins is `V'` and the remaining amount, `V`, +is _vesting_. + +```go +func (cva ContinuousVestingAccount) GetVestedCoins(t Time) Coins { + if t <= cva.StartTime { + // We must handle the case where the start time for a vesting account has + // been set into the future or when the start of the chain is not exactly + // known. + return ZeroCoins + } else if t >= cva.EndTime { + return cva.OriginalVesting + } + + x := t - cva.StartTime + y := cva.EndTime - cva.StartTime + + return cva.OriginalVesting * (x / y) +} + +func (cva ContinuousVestingAccount) GetVestingCoins(t Time) Coins { + return cva.OriginalVesting - cva.GetVestedCoins(t) +} +``` + +### Periodic Vesting Accounts + +Periodic vesting accounts require calculating the coins released during each period for a given block time `T`. Note that multiple periods could have passed when calling `GetVestedCoins`, so we must iterate over each period until the end of that period is after `T`. + +1. Set `CT := StartTime` +2. Set `V' := 0` + +For each Period P: + + 1. Compute `X := T - CT` + 2. IF `X >= P.Length` + 1. Compute `V' += P.Amount` + 2. Compute `CT += P.Length` + 3. ELSE break + 3. Compute `V := OV - V'` + +```go +func (pva PeriodicVestingAccount) GetVestedCoins(t Time) Coins { + if t < pva.StartTime { + return ZeroCoins + } + ct := pva.StartTime // The start of the vesting schedule + vested := 0 + periods = pva.GetPeriods() + for _, period := range periods { + if t - ct < period.Length { + break + } + vested += period.Amount + ct += period.Length // increment ct to the start of the next vesting period + } + return vested +} + +func (pva PeriodicVestingAccount) GetVestingCoins(t Time) Coins { + return pva.OriginalVesting - cva.GetVestedCoins(t) +} +``` + +#### Delayed/Discrete Vesting Accounts + +Delayed vesting accounts are easier to reason about as they only have the full amount vesting up until a certain time, then all the coins become vested (unlocked). This does not include any unlocked coins the account may have initially. + +```go +func (dva DelayedVestingAccount) GetVestedCoins(t Time) Coins { + if t >= dva.EndTime { + return dva.OriginalVesting + } + + return ZeroCoins +} + +func (dva DelayedVestingAccount) GetVestingCoins(t Time) Coins { + return dva.OriginalVesting - dva.GetVestedCoins(t) +} +``` + +### Transferring/Sending + +At any given time, a vesting account may transfer: `min((BC + DV) - V, BC)`. + +In other words, a vesting account may transfer the minimum of the base account balance and the base account balance plus the number of currently delegated vesting coins less the number of coins vested so far. + +However, given that account balances are tracked via the `x/bank` module and that we want to avoid loading the entire account balance, we can instead determine the locked balance, which can be defined as `max(V - DV, 0)`, and infer the spendable balance from that. + +```go +func (va VestingAccount) LockedCoins(t Time) Coins { + return max(va.GetVestingCoins(t) - va.DelegatedVesting, 0) +} +``` + +The `x/bank` `ViewKeeper` can then provide APIs to determine locked and spendable coins for any account: + +```go +func (k Keeper) LockedCoins(ctx Context, addr AccAddress) Coins { + acc := k.GetAccount(ctx, addr) + if acc != nil { + if acc.IsVesting() { + return acc.LockedCoins(ctx.BlockTime()) + } + } + + // non-vesting accounts do not have any locked coins + return NewCoins() +} +``` + +#### Keepers/Handlers + +The corresponding `x/bank` keeper should appropriately handle sending coins based on if the account is a vesting account or not. + +```go +func (k Keeper) SendCoins(ctx Context, from Account, to Account, amount Coins) { + bc := k.GetBalances(ctx, from) + v := k.LockedCoins(ctx, from) + + spendable := bc - v + newCoins := spendable - amount + assert(newCoins >= 0) + + from.SetBalance(newCoins) + to.AddBalance(amount) + + // save balances... +} +``` + +### Delegating + +For a vesting account attempting to delegate `D` coins, the following is performed: + +1. Verify `BC >= D > 0` +2. Compute `X := min(max(V - DV, 0), D)` (portion of `D` that is vesting) +3. Compute `Y := D - X` (portion of `D` that is free) +4. Set `DV += X` +5. Set `DF += Y` + +```go +func (va VestingAccount) TrackDelegation(t Time, balance Coins, amount Coins) { + assert(balance <= amount) + x := min(max(va.GetVestingCoins(t) - va.DelegatedVesting, 0), amount) + y := amount - x + + va.DelegatedVesting += x + va.DelegatedFree += y +} +``` + +**Note** `TrackDelegation` only modifies the `DelegatedVesting` and `DelegatedFree` fields, so upstream callers MUST modify the `Coins` field by subtracting `amount`. + +#### Keepers/Handlers + +```go +func DelegateCoins(t Time, from Account, amount Coins) { + if isVesting(from) { + from.TrackDelegation(t, amount) + } else { + from.SetBalance(sc - amount) + } + + // save account... +} +``` + +### Undelegating + +For a vesting account attempting to undelegate `D` coins, the following is performed: + +> NOTE: `DV < D` and `(DV + DF) < D` may be possible due to quirks in the rounding of delegation/undelegation logic. + +1. Verify `D > 0` +2. Compute `X := min(DF, D)` (portion of `D` that should become free, prioritizing free coins) +3. Compute `Y := min(DV, D - X)` (portion of `D` that should remain vesting) +4. Set `DF -= X` +5. Set `DV -= Y` + +```go +func (cva ContinuousVestingAccount) TrackUndelegation(amount Coins) { + x := min(cva.DelegatedFree, amount) + y := amount - x + + cva.DelegatedFree -= x + cva.DelegatedVesting -= y +} +``` + +**Note** `TrackUnDelegation` only modifies the `DelegatedVesting` and `DelegatedFree` fields, so upstream callers MUST modify the `Coins` field by adding `amount`. + +**Note**: If a delegation is slashed, the continuous vesting account ends up with an excess `DV` amount, even after all its coins have vested. This is because undelegating free coins are prioritized. + +**Note**: The undelegation (bond refund) amount may exceed the delegated vesting (bond) amount due to the way undelegation truncates the bond refund, which can increase the validator's exchange rate (tokens/shares) slightly if the undelegated tokens are non-integral. + +#### Keepers/Handlers + +```go +func UndelegateCoins(to Account, amount Coins) { + if isVesting(to) { + if to.DelegatedFree + to.DelegatedVesting >= amount { + to.TrackUndelegation(amount) + // save account ... + } + } else { + AddBalance(to, amount) + // save account... + } +} +``` + +## Keepers & Handlers + +The `VestingAccount` implementations reside in `x/auth`. However, any keeper in a module (e.g. staking in `x/staking`) wishing to potentially utilize any vesting coins, must call explicit methods on the `x/bank` keeper (e.g. `DelegateCoins`) opposed to `SendCoins` and `SubtractCoins`. + +In addition, the vesting account should also be able to spend any coins it receives from other users. Thus, the bank module's `MsgSend` handler should error if a vesting account is trying to send an amount that exceeds their unlocked coin amount. + +See the above specification for full implementation details. + +## Genesis Initialization + +To initialize both vesting and non-vesting accounts, the `GenesisAccount` struct includes new fields: `Vesting`, `StartTime`, and `EndTime`. Accounts meant to be of type `BaseAccount` or any non-vesting type have `Vesting = false`. The genesis initialization logic (e.g. `initFromGenesisState`) must parse and return the correct accounts accordingly based off of these fields. + +```go +type GenesisAccount struct { + // ... + + // vesting account fields + OriginalVesting sdk.Coins `json:"original_vesting"` + DelegatedFree sdk.Coins `json:"delegated_free"` + DelegatedVesting sdk.Coins `json:"delegated_vesting"` + StartTime int64 `json:"start_time"` + EndTime int64 `json:"end_time"` +} + +func ToAccount(gacc GenesisAccount) Account { + bacc := NewBaseAccount(gacc) + + if gacc.OriginalVesting > 0 { + if ga.StartTime != 0 && ga.EndTime != 0 { + // return a continuous vesting account + } else if ga.EndTime != 0 { + // return a delayed vesting account + } else { + // invalid genesis vesting account provided + panic() + } + } + + return bacc +} +``` + +## Examples + +### Simple + +Given a continuous vesting account with 10 vesting coins. + +```text +OV = 10 +DF = 0 +DV = 0 +BC = 10 +V = 10 +V' = 0 +``` + +1. Immediately receives 1 coin + + ```text + BC = 11 + ``` + +2. Time passes, 2 coins vest + + ```text + V = 8 + V' = 2 + ``` + +3. Delegates 4 coins to validator A + + ```text + DV = 4 + BC = 7 + ``` + +4. Sends 3 coins + + ```text + BC = 4 + ``` + +5. More time passes, 2 more coins vest + + ```text + V = 6 + V' = 4 + ``` + +6. Sends 2 coins. At this point the account cannot send anymore until further +coins vest or it receives additional coins. It can still however, delegate. + + ```text + BC = 2 + ``` + +### Slashing + +Same initial starting conditions as the simple example. + +1. Time passes, 5 coins vest + + ```text + V = 5 + V' = 5 + ``` + +2. Delegate 5 coins to validator A + + ```text + DV = 5 + BC = 5 + ``` + +3. Delegate 5 coins to validator B + + ```text + DF = 5 + BC = 0 + ``` + +4. Validator A gets slashed by 50%, making the delegation to A now worth 2.5 coins +5. Undelegate from validator A (2.5 coins) + + ```text + DF = 5 - 2.5 = 2.5 + BC = 0 + 2.5 = 2.5 + ``` + +6. Undelegate from validator B (5 coins). The account at this point can only +send 2.5 coins unless it receives more coins or until more coins vest. +It can still however, delegate. + + ```text + DV = 5 - 2.5 = 2.5 + DF = 2.5 - 2.5 = 0 + BC = 2.5 + 5 = 7.5 + ``` + + Notice how we have an excess amount of `DV`. + +### Periodic Vesting + +A vesting account is created where 100 tokens will be released over 1 year, with +1/4 of tokens vesting each quarter. The vesting schedule would be as follows: + +```yaml +Periods: +- amount: 25stake, length: 7884000 +- amount: 25stake, length: 7884000 +- amount: 25stake, length: 7884000 +- amount: 25stake, length: 7884000 +``` + +```text +OV = 100 +DF = 0 +DV = 0 +BC = 100 +V = 100 +V' = 0 +``` + +1. Immediately receives 1 coin + + ```text + BC = 101 + ``` + +2. Vesting period 1 passes, 25 coins vest + + ```text + V = 75 + V' = 25 + ``` + +3. During vesting period 2, 5 coins are transfered and 5 coins are delegated + + ```text + DV = 5 + BC = 91 + ``` + +4. Vesting period 2 passes, 25 coins vest + + ```text + V = 50 + V' = 50 + ``` + +## Glossary + +* OriginalVesting: The amount of coins (per denomination) that are initially +part of a vesting account. These coins are set at genesis. +* StartTime: The BFT time at which a vesting account starts to vest. +* EndTime: The BFT time at which a vesting account is fully vested. +* DelegatedFree: The tracked amount of coins (per denomination) that are +delegated from a vesting account that have been fully vested at time of delegation. +* DelegatedVesting: The tracked amount of coins (per denomination) that are +delegated from a vesting account that were vesting at time of delegation. +* ContinuousVestingAccount: A vesting account implementation that vests coins +linearly over time. +* DelayedVestingAccount: A vesting account implementation that only fully vests +all coins at a given time. +* PeriodicVestingAccount: A vesting account implementation that vests coins +according to a custom vesting schedule. +* PermanentLockedAccount: It does not ever release coins, locking them indefinitely. +Coins in this account can still be used for delegating and for governance votes even while locked. + + +## CLI + +A user can query and interact with the `vesting` module using the CLI. + +### Transactions + +The `tx` commands allow users to interact with the `vesting` module. + +```bash +simd tx vesting --help +``` + +#### create-periodic-vesting-account + +The `create-periodic-vesting-account` command creates a new vesting account funded with an allocation of tokens, where a sequence of coins and period length in seconds. Periods are sequential, in that the duration of of a period only starts at the end of the previous period. The duration of the first period starts upon account creation. + +```bash +simd tx vesting create-periodic-vesting-account [to_address] [periods_json_file] [flags] +``` + +Example: + +```bash +simd tx vesting create-periodic-vesting-account cosmos1.. periods.json +``` + +#### create-vesting-account + +The `create-vesting-account` command creates a new vesting account funded with an allocation of tokens. The account can either be a delayed or continuous vesting account, which is determined by the '--delayed' flag. All vesting accouts created will have their start time set by the committed block's time. The end_time must be provided as a UNIX epoch timestamp. + +```bash +simd tx vesting create-vesting-account [to_address] [amount] [end_time] [flags] +``` + +Example: + +```bash +simd tx vesting create-vesting-account cosmos1.. 100stake 2592000 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/modules/auth/2-tx.md b/copy-of-sdk-versioned_docs/version-0.50/build/modules/auth/2-tx.md new file mode 100644 index 00000000..1706690d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/modules/auth/2-tx.md @@ -0,0 +1,264 @@ +--- +sidebar_position: 1 +--- + +# `x/auth/tx` + +:::note Pre-requisite Readings + +* [Transactions](https://docs.cosmos.network/main/core/transactions#transaction-generation) +* [Encoding](https://docs.cosmos.network/main/core/encoding#transaction-encoding) + +::: + +## Abstract + +This document specifies the `x/auth/tx` package of the Cosmos SDK. + +This package represents the Cosmos SDK implementation of the `client.TxConfig`, `client.TxBuilder`, `client.TxEncoder` and `client.TxDecoder` interfaces. + +## Contents + +* [Transactions](#transactions) + * [`TxConfig`](#txconfig) + * [`TxBuilder`](#txbuilder) + * [`TxEncoder`/ `TxDecoder`](#txencoder-txdecoder) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + +## Transactions + +### `TxConfig` + +`client.TxConfig` defines an interface a client can utilize to generate an application-defined concrete transaction type. +The interface defines a set of methods for creating a `client.TxBuilder`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/client/tx_config.go#L25-L31 +``` + +The default implementation of `client.TxConfig` is instantiated by `NewTxConfig` in `x/auth/tx` module. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/tx/config.go#L22-L28 +``` + +### `TxBuilder` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/client/tx_config.go#L33-L50 +``` + +The [`client.TxBuilder`](https://docs.cosmos.network/main/core/transactions#transaction-generation) interface is as well implemented by `x/auth/tx`. +A `client.TxBuilder` can be accessed with `TxConfig.NewTxBuilder()`. + +### `TxEncoder`/ `TxDecoder` + +More information about `TxEncoder` and `TxDecoder` can be found [here](https://docs.cosmos.network/main/core/encoding#transaction-encoding). + +## Client + +### CLI + +#### Query + +The `x/auth/tx` module provides a CLI command to query any transaction, given its hash, transaction sequence or signature. + +Without any argument, the command will query the transaction using the transaction hash. + +```shell +simd query tx DFE87B78A630C0EFDF76C80CD24C997E252792E0317502AE1A02B9809F0D8685 +``` + +When querying a transaction from an account given its sequence, use the `--type=acc_seq` flag: + +```shell +simd query tx --type=acc_seq cosmos1u69uyr6v9qwe6zaaeaqly2h6wnedac0xpxq325/1 +``` + +When querying a transaction given its signature, use the `--type=signature` flag: + +```shell +simd query tx --type=signature Ofjvgrqi8twZfqVDmYIhqwRLQjZZ40XbxEamk/veH3gQpRF0hL2PH4ejRaDzAX+2WChnaWNQJQ41ekToIi5Wqw== +``` + +When querying a transaction given its events, use the `--type=events` flag: + +```shell +simd query txs --events 'message.sender=cosmos...' --page 1 --limit 30 +``` + +The `x/auth/block` module provides a CLI command to query any block, given its hash, height, or events. + +When querying a block by its hash, use the `--type=hash` flag: + +```shell +simd query block --type=hash DFE87B78A630C0EFDF76C80CD24C997E252792E0317502AE1A02B9809F0D8685 +``` + +When querying a block by its height, use the `--type=height` flag: + +```shell +simd query block --type=height 1357 +``` + +When querying a block by its events, use the `--query` flag: + +```shell +simd query blocks --query 'message.sender=cosmos...' --page 1 --limit 30 +``` + +#### Transactions + +The `x/auth/tx` module provides a convinient CLI command for decoding and encoding transactions. + +#### `encode` + +The `encode` command encodes a transaction created with the `--generate-only` flag or signed with the sign command. +The transaction is seralized it to Protobuf and returned as base64. + +```bash +$ simd tx encode tx.json +Co8BCowBChwvY29zbW9zLmJhbmsudjFiZXRhMS5Nc2dTZW5kEmwKLWNvc21vczFsNnZzcWhoN3Jud3N5cjJreXozampnM3FkdWF6OGd3Z3lsODI3NRItY29zbW9zMTU4c2FsZHlnOHBteHU3Znd2dDBkNng3amVzd3A0Z3d5a2xrNnkzGgwKBXN0YWtlEgMxMDASBhIEEMCaDA== +$ simd tx encode tx.signed.json +``` + +More information about the `encode` command can be found running `simd tx encode --help`. + +#### `decode` + +The `decode` commands decodes a transaction encoded with the `encode` command. + + +```bash +simd tx decode Co8BCowBChwvY29zbW9zLmJhbmsudjFiZXRhMS5Nc2dTZW5kEmwKLWNvc21vczFsNnZzcWhoN3Jud3N5cjJreXozampnM3FkdWF6OGd3Z3lsODI3NRItY29zbW9zMTU4c2FsZHlnOHBteHU3Znd2dDBkNng3amVzd3A0Z3d5a2xrNnkzGgwKBXN0YWtlEgMxMDASBhIEEMCaDA== +``` + +More information about the `decode` command can be found running `simd tx decode --help`. + +### gRPC + +A user can query the `x/auth/tx` module using gRPC endpoints. + +#### `TxDecode` + +The `TxDecode` endpoint allows to decode a transaction. + +```shell +cosmos.tx.v1beta1.Service/TxDecode +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"tx_bytes":"Co8BCowBChwvY29zbW9zLmJhbmsudjFiZXRhMS5Nc2dTZW5kEmwKLWNvc21vczFsNnZzcWhoN3Jud3N5cjJreXozampnM3FkdWF6OGd3Z3lsODI3NRItY29zbW9zMTU4c2FsZHlnOHBteHU3Znd2dDBkNng3amVzd3A0Z3d5a2xrNnkzGgwKBXN0YWtlEgMxMDASBhIEEMCaDA=="}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/TxDecode +``` + +Example Output: + +```json +{ + "tx": { + "body": { + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"100"}],"fromAddress":"cosmos1l6vsqhh7rnwsyr2kyz3jjg3qduaz8gwgyl8275","toAddress":"cosmos158saldyg8pmxu7fwvt0d6x7jeswp4gwyklk6y3"} + ] + }, + "authInfo": { + "fee": { + "gasLimit": "200000" + } + } + } +} +``` + +#### `TxEncode` + +The `TxEncode` endpoint allows to encode a transaction. + +```shell +cosmos.tx.v1beta1.Service/TxEncode +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"tx": { + "body": { + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"100"}],"fromAddress":"cosmos1l6vsqhh7rnwsyr2kyz3jjg3qduaz8gwgyl8275","toAddress":"cosmos158saldyg8pmxu7fwvt0d6x7jeswp4gwyklk6y3"} + ] + }, + "authInfo": { + "fee": { + "gasLimit": "200000" + } + } + }}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/TxEncode +``` + +Example Output: + +```json +{ + "txBytes": "Co8BCowBChwvY29zbW9zLmJhbmsudjFiZXRhMS5Nc2dTZW5kEmwKLWNvc21vczFsNnZzcWhoN3Jud3N5cjJreXozampnM3FkdWF6OGd3Z3lsODI3NRItY29zbW9zMTU4c2FsZHlnOHBteHU3Znd2dDBkNng3amVzd3A0Z3d5a2xrNnkzGgwKBXN0YWtlEgMxMDASBhIEEMCaDA==" +} +``` + +#### `TxDecodeAmino` + +The `TxDecode` endpoint allows to decode an amino transaction. + +```shell +cosmos.tx.v1beta1.Service/TxDecodeAmino +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"amino_binary": "KCgWqQpvqKNhmgotY29zbW9zMXRzeno3cDJ6Z2Q3dnZrYWh5ZnJlNHduNXh5dTgwcnB0ZzZ2OWg1Ei1jb3Ntb3MxdHN6ejdwMnpnZDd2dmthaHlmcmU0d241eHl1ODBycHRnNnY5aDUaCwoFc3Rha2USAjEwEhEKCwoFc3Rha2USAjEwEMCaDCIGZm9vYmFy"}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/TxDecodeAmino +``` + +Example Output: + +```json +{ + "aminoJson": "{\"type\":\"cosmos-sdk/StdTx\",\"value\":{\"msg\":[{\"type\":\"cosmos-sdk/MsgSend\",\"value\":{\"from_address\":\"cosmos1tszz7p2zgd7vvkahyfre4wn5xyu80rptg6v9h5\",\"to_address\":\"cosmos1tszz7p2zgd7vvkahyfre4wn5xyu80rptg6v9h5\",\"amount\":[{\"denom\":\"stake\",\"amount\":\"10\"}]}}],\"fee\":{\"amount\":[{\"denom\":\"stake\",\"amount\":\"10\"}],\"gas\":\"200000\"},\"signatures\":null,\"memo\":\"foobar\",\"timeout_height\":\"0\"}}" +} +``` + +#### `TxEncodeAmino` + +The `TxEncodeAmino` endpoint allows to encode an amino transaction. + +```shell +cosmos.tx.v1beta1.Service/TxEncodeAmino +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"amino_json":"{\"type\":\"cosmos-sdk/StdTx\",\"value\":{\"msg\":[{\"type\":\"cosmos-sdk/MsgSend\",\"value\":{\"from_address\":\"cosmos1tszz7p2zgd7vvkahyfre4wn5xyu80rptg6v9h5\",\"to_address\":\"cosmos1tszz7p2zgd7vvkahyfre4wn5xyu80rptg6v9h5\",\"amount\":[{\"denom\":\"stake\",\"amount\":\"10\"}]}}],\"fee\":{\"amount\":[{\"denom\":\"stake\",\"amount\":\"10\"}],\"gas\":\"200000\"},\"signatures\":null,\"memo\":\"foobar\",\"timeout_height\":\"0\"}}"}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/TxEncodeAmino +``` + +Example Output: + +```json +{ + "amino_binary": "KCgWqQpvqKNhmgotY29zbW9zMXRzeno3cDJ6Z2Q3dnZrYWh5ZnJlNHduNXh5dTgwcnB0ZzZ2OWg1Ei1jb3Ntb3MxdHN6ejdwMnpnZDd2dmthaHlmcmU0d241eHl1ODBycHRnNnY5aDUaCwoFc3Rha2USAjEwEhEKCwoFc3Rha2USAjEwEMCaDCIGZm9vYmFy" +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/modules/auth/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/modules/auth/README.md new file mode 100644 index 00000000..c51d1063 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/modules/auth/README.md @@ -0,0 +1,710 @@ +--- +sidebar_position: 1 +--- + +# `x/auth` + +## Abstract + +This document specifies the auth module of the Cosmos SDK. + +The auth module is responsible for specifying the base transaction and account types +for an application, since the SDK itself is agnostic to these particulars. It contains +the middlewares, where all basic transaction validity checks (signatures, nonces, auxiliary fields) +are performed, and exposes the account keeper, which allows other modules to read, write, and modify accounts. + +This module is used in the Cosmos Hub. + +## Contents + +* [Concepts](#concepts) + * [Gas & Fees](#gas--fees) +* [State](#state) + * [Accounts](#accounts) +* [AnteHandlers](#antehandlers) +* [Keepers](#keepers) + * [Account Keeper](#account-keeper) +* [Parameters](#parameters) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) + +## Concepts + +**Note:** The auth module is different from the [authz module](../modules/authz/). + +The differences are: + +* `auth` - authentication of accounts and transactions for Cosmos SDK applications and is responsible for specifying the base transaction and account types. +* `authz` - authorization for accounts to perform actions on behalf of other accounts and enables a granter to grant authorizations to a grantee that allows the grantee to execute messages on behalf of the granter. + +### Gas & Fees + +Fees serve two purposes for an operator of the network. + +Fees limit the growth of the state stored by every full node and allow for +general purpose censorship of transactions of little economic value. Fees +are best suited as an anti-spam mechanism where validators are disinterested in +the use of the network and identities of users. + +Fees are determined by the gas limits and gas prices transactions provide, where +`fees = ceil(gasLimit * gasPrices)`. Txs incur gas costs for all state reads/writes, +signature verification, as well as costs proportional to the tx size. Operators +should set minimum gas prices when starting their nodes. They must set the unit +costs of gas in each token denomination they wish to support: + +`simd start ... --minimum-gas-prices=0.00001stake;0.05photinos` + +When adding transactions to mempool or gossipping transactions, validators check +if the transaction's gas prices, which are determined by the provided fees, meet +any of the validator's minimum gas prices. In other words, a transaction must +provide a fee of at least one denomination that matches a validator's minimum +gas price. + +CometBFT does not currently provide fee based mempool prioritization, and fee +based mempool filtering is local to node and not part of consensus. But with +minimum gas prices set, such a mechanism could be implemented by node operators. + +Because the market value for tokens will fluctuate, validators are expected to +dynamically adjust their minimum gas prices to a level that would encourage the +use of the network. + +## State + +### Accounts + +Accounts contain authentication information for a uniquely identified external user of an SDK blockchain, +including public key, address, and account number / sequence number for replay protection. For efficiency, +since account balances must also be fetched to pay fees, account structs also store the balance of a user +as `sdk.Coins`. + +Accounts are exposed externally as an interface, and stored internally as +either a base account or vesting account. Module clients wishing to add more +account types may do so. + +* `0x01 | Address -> ProtocolBuffer(account)` + +#### Account Interface + +The account interface exposes methods to read and write standard account information. +Note that all of these methods operate on an account struct conforming to the +interface - in order to write the account to the store, the account keeper will +need to be used. + +```go +// AccountI is an interface used to store coins at a given address within state. +// It presumes a notion of sequence numbers for replay protection, +// a notion of account numbers for replay protection for previously pruned accounts, +// and a pubkey for authentication purposes. +// +// Many complex conditions can be used in the concrete struct which implements AccountI. +type AccountI interface { + proto.Message + + GetAddress() sdk.AccAddress + SetAddress(sdk.AccAddress) error // errors if already set. + + GetPubKey() crypto.PubKey // can return nil. + SetPubKey(crypto.PubKey) error + + GetAccountNumber() uint64 + SetAccountNumber(uint64) error + + GetSequence() uint64 + SetSequence(uint64) error + + // Ensure that account implements stringer + String() string +} +``` + +##### Base Account + +A base account is the simplest and most common account type, which just stores all requisite +fields directly in a struct. + +```protobuf +// BaseAccount defines a base account type. It contains all the necessary fields +// for basic account functionality. Any custom account type should extend this +// type for additional functionality (e.g. vesting). +message BaseAccount { + string address = 1; + google.protobuf.Any pub_key = 2; + uint64 account_number = 3; + uint64 sequence = 4; +} +``` + +### Vesting Account + +See [Vesting](https://docs.cosmos.network/main/modules/auth/vesting/). + +## AnteHandlers + +The `x/auth` module presently has no transaction handlers of its own, but does expose the special `AnteHandler`, used for performing basic validity checks on a transaction, such that it could be thrown out of the mempool. +The `AnteHandler` can be seen as a set of decorators that check transactions within the current context, per [ADR 010](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-010-modular-antehandler.md). + +Note that the `AnteHandler` is called on both `CheckTx` and `DeliverTx`, as CometBFT proposers presently have the ability to include in their proposed block transactions which fail `CheckTx`. + +### Decorators + +The auth module provides `AnteDecorator`s that are recursively chained together into a single `AnteHandler` in the following order: + +* `SetUpContextDecorator`: Sets the `GasMeter` in the `Context` and wraps the next `AnteHandler` with a defer clause to recover from any downstream `OutOfGas` panics in the `AnteHandler` chain to return an error with information on gas provided and gas used. + +* `RejectExtensionOptionsDecorator`: Rejects all extension options which can optionally be included in protobuf transactions. + +* `MempoolFeeDecorator`: Checks if the `tx` fee is above local mempool `minFee` parameter during `CheckTx`. + +* `ValidateBasicDecorator`: Calls `tx.ValidateBasic` and returns any non-nil error. + +* `TxTimeoutHeightDecorator`: Check for a `tx` height timeout. + +* `ValidateMemoDecorator`: Validates `tx` memo with application parameters and returns any non-nil error. + +* `ConsumeGasTxSizeDecorator`: Consumes gas proportional to the `tx` size based on application parameters. + +* `DeductFeeDecorator`: Deducts the `FeeAmount` from first signer of the `tx`. If the `x/feegrant` module is enabled and a fee granter is set, it deducts fees from the fee granter account. + +* `SetPubKeyDecorator`: Sets the pubkey from a `tx`'s signers that does not already have its corresponding pubkey saved in the state machine and in the current context. + +* `ValidateSigCountDecorator`: Validates the number of signatures in `tx` based on app-parameters. + +* `SigGasConsumeDecorator`: Consumes parameter-defined amount of gas for each signature. This requires pubkeys to be set in context for all signers as part of `SetPubKeyDecorator`. + +* `SigVerificationDecorator`: Verifies all signatures are valid. This requires pubkeys to be set in context for all signers as part of `SetPubKeyDecorator`. + +* `IncrementSequenceDecorator`: Increments the account sequence for each signer to prevent replay attacks. + +## Keepers + +The auth module only exposes one keeper, the account keeper, which can be used to read and write accounts. + +### Account Keeper + +Presently only one fully-permissioned account keeper is exposed, which has the ability to both read and write +all fields of all accounts, and to iterate over all stored accounts. + +```go +// AccountKeeperI is the interface contract that x/auth's keeper implements. +type AccountKeeperI interface { + // Return a new account with the next account number and the specified address. Does not save the new account to the store. + NewAccountWithAddress(sdk.Context, sdk.AccAddress) types.AccountI + + // Return a new account with the next account number. Does not save the new account to the store. + NewAccount(sdk.Context, types.AccountI) types.AccountI + + // Check if an account exists in the store. + HasAccount(sdk.Context, sdk.AccAddress) bool + + // Retrieve an account from the store. + GetAccount(sdk.Context, sdk.AccAddress) types.AccountI + + // Set an account in the store. + SetAccount(sdk.Context, types.AccountI) + + // Remove an account from the store. + RemoveAccount(sdk.Context, types.AccountI) + + // Iterate over all accounts, calling the provided function. Stop iteration when it returns true. + IterateAccounts(sdk.Context, func(types.AccountI) bool) + + // Fetch the public key of an account at a specified address + GetPubKey(sdk.Context, sdk.AccAddress) (crypto.PubKey, error) + + // Fetch the sequence of an account at a specified address. + GetSequence(sdk.Context, sdk.AccAddress) (uint64, error) + + // Fetch the next account number, and increment the internal counter. + NextAccountNumber(sdk.Context) uint64 +} +``` + +## Parameters + +The auth module contains the following parameters: + +| Key | Type | Example | +| ---------------------- | --------------- | ------- | +| MaxMemoCharacters | uint64 | 256 | +| TxSigLimit | uint64 | 7 | +| TxSizeCostPerByte | uint64 | 10 | +| SigVerifyCostED25519 | uint64 | 590 | +| SigVerifyCostSecp256k1 | uint64 | 1000 | + +## Client + +### CLI + +A user can query and interact with the `auth` module using the CLI. + +### Query + +The `query` commands allow users to query `auth` state. + +```bash +simd query auth --help +``` + +#### account + +The `account` command allow users to query for an account by it's address. + +```bash +simd query auth account [address] [flags] +``` + +Example: + +```bash +simd query auth account cosmos1... +``` + +Example Output: + +```bash +'@type': /cosmos.auth.v1beta1.BaseAccount +account_number: "0" +address: cosmos1zwg6tpl8aw4rawv8sgag9086lpw5hv33u5ctr2 +pub_key: + '@type': /cosmos.crypto.secp256k1.PubKey + key: ApDrE38zZdd7wLmFS9YmqO684y5DG6fjZ4rVeihF/AQD +sequence: "1" +``` + +#### accounts + +The `accounts` command allow users to query all the available accounts. + +```bash +simd query auth accounts [flags] +``` + +Example: + +```bash +simd query auth accounts +``` + +Example Output: + +```bash +accounts: +- '@type': /cosmos.auth.v1beta1.BaseAccount + account_number: "0" + address: cosmos1zwg6tpl8aw4rawv8sgag9086lpw5hv33u5ctr2 + pub_key: + '@type': /cosmos.crypto.secp256k1.PubKey + key: ApDrE38zZdd7wLmFS9YmqO684y5DG6fjZ4rVeihF/AQD + sequence: "1" +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "8" + address: cosmos1yl6hdjhmkf37639730gffanpzndzdpmhwlkfhr + pub_key: null + sequence: "0" + name: transfer + permissions: + - minter + - burner +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "4" + address: cosmos1fl48vsnmsdzcv85q5d2q4z5ajdha8yu34mf0eh + pub_key: null + sequence: "0" + name: bonded_tokens_pool + permissions: + - burner + - staking +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "5" + address: cosmos1tygms3xhhs3yv487phx3dw4a95jn7t7lpm470r + pub_key: null + sequence: "0" + name: not_bonded_tokens_pool + permissions: + - burner + - staking +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "6" + address: cosmos10d07y265gmmuvt4z0w9aw880jnsr700j6zn9kn + pub_key: null + sequence: "0" + name: gov + permissions: + - burner +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "3" + address: cosmos1jv65s3grqf6v6jl3dp4t6c9t9rk99cd88lyufl + pub_key: null + sequence: "0" + name: distribution + permissions: [] +- '@type': /cosmos.auth.v1beta1.BaseAccount + account_number: "1" + address: cosmos147k3r7v2tvwqhcmaxcfql7j8rmkrlsemxshd3j + pub_key: null + sequence: "0" +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "7" + address: cosmos1m3h30wlvsf8llruxtpukdvsy0km2kum8g38c8q + pub_key: null + sequence: "0" + name: mint + permissions: + - minter +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "2" + address: cosmos17xpfvakm2amg962yls6f84z3kell8c5lserqta + pub_key: null + sequence: "0" + name: fee_collector + permissions: [] +pagination: + next_key: null + total: "0" +``` + +#### params + +The `params` command allow users to query the current auth parameters. + +```bash +simd query auth params [flags] +``` + +Example: + +```bash +simd query auth params +``` + +Example Output: + +```bash +max_memo_characters: "256" +sig_verify_cost_ed25519: "590" +sig_verify_cost_secp256k1: "1000" +tx_sig_limit: "7" +tx_size_cost_per_byte: "10" +``` + +### Transactions + +The `auth` module supports transactions commands to help you with signing and more. Compared to other modules you can access directly the `auth` module transactions commands using the only `tx` command. + +Use directly the `--help` flag to get more information about the `tx` command. + +```bash +simd tx --help +``` + +#### `sign` + +The `sign` command allows users to sign transactions that was generated offline. + +```bash +simd tx sign tx.json --from $ALICE > tx.signed.json +``` + +The result is a signed transaction that can be broadcasted to the network thanks to the broadcast command. + +More information about the `sign` command can be found running `simd tx sign --help`. + +#### `sign-batch` + +The `sign-batch` command allows users to sign multiples offline generated transactions. +The transactions can be in one file, with one tx per line, or in multiple files. + +```bash +simd tx sign txs.json --from $ALICE > tx.signed.json +``` + +or + +```bash +simd tx sign tx1.json tx2.json tx3.json --from $ALICE > tx.signed.json +``` + +The result is multiples signed transactions. For combining the signed transactions into one transactions, use the `--append` flag. + +More information about the `sign-batch` command can be found running `simd tx sign-batch --help`. + +#### `multi-sign` + +The `multi-sign` command allows users to sign transactions that was generated offline by a multisig account. + +```bash +simd tx multisign transaction.json k1k2k3 k1sig.json k2sig.json k3sig.json +``` + +Where `k1k2k3` is the multisig account address, `k1sig.json` is the signature of the first signer, `k2sig.json` is the signature of the second signer, and `k3sig.json` is the signature of the third signer. + +##### Nested multisig transactions + +To allow transactions to be signed by nested multisigs, meaning that a participant of a multisig account can be another multisig account, the `--skip-signature-verification` flag must be used. + +```bash +# First aggregate signatures of the multisig participant +simd tx multi-sign transaction.json ms1 ms1p1sig.json ms1p2sig.json --signature-only --skip-signature-verification > ms1sig.json + +# Then use the aggregated signatures and the other signatures to sign the final transaction +simd tx multi-sign transaction.json k1ms1 k1sig.json ms1sig.json --skip-signature-verification +``` + +Where `ms1` is the nested multisig account address, `ms1p1sig.json` is the signature of the first participant of the nested multisig account, `ms1p2sig.json` is the signature of the second participant of the nested multisig account, and `ms1sig.json` is the aggregated signature of the nested multisig account. + +`k1ms1` is a multisig account comprised of an individual signer and another nested multisig account (`ms1`). `k1sig.json` is the signature of the first signer of the individual member. + +More information about the `multi-sign` command can be found running `simd tx multi-sign --help`. + +#### `multisign-batch` + +The `multisign-batch` works the same way as `sign-batch`, but for multisig accounts. +With the difference that the `multisign-batch` command requires all transactions to be in one file, and the `--append` flag does not exist. + +More information about the `multisign-batch` command can be found running `simd tx multisign-batch --help`. + +#### `validate-signatures` + +The `validate-signatures` command allows users to validate the signatures of a signed transaction. + +```bash +$ simd tx validate-signatures tx.signed.json +Signers: + 0: cosmos1l6vsqhh7rnwsyr2kyz3jjg3qduaz8gwgyl8275 + +Signatures: + 0: cosmos1l6vsqhh7rnwsyr2kyz3jjg3qduaz8gwgyl8275 [OK] +``` + +More information about the `validate-signatures` command can be found running `simd tx validate-signatures --help`. + +#### `broadcast` + +The `broadcast` command allows users to broadcast a signed transaction to the network. + +```bash +simd tx broadcast tx.signed.json +``` + +More information about the `broadcast` command can be found running `simd tx broadcast --help`. + + +### gRPC + +A user can query the `auth` module using gRPC endpoints. + +#### Account + +The `account` endpoint allow users to query for an account by it's address. + +```bash +cosmos.auth.v1beta1.Query/Account +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"address":"cosmos1.."}' \ + localhost:9090 \ + cosmos.auth.v1beta1.Query/Account +``` + +Example Output: + +```bash +{ + "account":{ + "@type":"/cosmos.auth.v1beta1.BaseAccount", + "address":"cosmos1zwg6tpl8aw4rawv8sgag9086lpw5hv33u5ctr2", + "pubKey":{ + "@type":"/cosmos.crypto.secp256k1.PubKey", + "key":"ApDrE38zZdd7wLmFS9YmqO684y5DG6fjZ4rVeihF/AQD" + }, + "sequence":"1" + } +} +``` + +#### Accounts + +The `accounts` endpoint allow users to query all the available accounts. + +```bash +cosmos.auth.v1beta1.Query/Accounts +``` + +Example: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + cosmos.auth.v1beta1.Query/Accounts +``` + +Example Output: + +```bash +{ + "accounts":[ + { + "@type":"/cosmos.auth.v1beta1.BaseAccount", + "address":"cosmos1zwg6tpl8aw4rawv8sgag9086lpw5hv33u5ctr2", + "pubKey":{ + "@type":"/cosmos.crypto.secp256k1.PubKey", + "key":"ApDrE38zZdd7wLmFS9YmqO684y5DG6fjZ4rVeihF/AQD" + }, + "sequence":"1" + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos1yl6hdjhmkf37639730gffanpzndzdpmhwlkfhr", + "accountNumber":"8" + }, + "name":"transfer", + "permissions":[ + "minter", + "burner" + ] + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos1fl48vsnmsdzcv85q5d2q4z5ajdha8yu34mf0eh", + "accountNumber":"4" + }, + "name":"bonded_tokens_pool", + "permissions":[ + "burner", + "staking" + ] + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos1tygms3xhhs3yv487phx3dw4a95jn7t7lpm470r", + "accountNumber":"5" + }, + "name":"not_bonded_tokens_pool", + "permissions":[ + "burner", + "staking" + ] + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos10d07y265gmmuvt4z0w9aw880jnsr700j6zn9kn", + "accountNumber":"6" + }, + "name":"gov", + "permissions":[ + "burner" + ] + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos1jv65s3grqf6v6jl3dp4t6c9t9rk99cd88lyufl", + "accountNumber":"3" + }, + "name":"distribution" + }, + { + "@type":"/cosmos.auth.v1beta1.BaseAccount", + "accountNumber":"1", + "address":"cosmos147k3r7v2tvwqhcmaxcfql7j8rmkrlsemxshd3j" + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos1m3h30wlvsf8llruxtpukdvsy0km2kum8g38c8q", + "accountNumber":"7" + }, + "name":"mint", + "permissions":[ + "minter" + ] + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos17xpfvakm2amg962yls6f84z3kell8c5lserqta", + "accountNumber":"2" + }, + "name":"fee_collector" + } + ], + "pagination":{ + "total":"9" + } +} +``` + +#### Params + +The `params` endpoint allow users to query the current auth parameters. + +```bash +cosmos.auth.v1beta1.Query/Params +``` + +Example: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + cosmos.auth.v1beta1.Query/Params +``` + +Example Output: + +```bash +{ + "params": { + "maxMemoCharacters": "256", + "txSigLimit": "7", + "txSizeCostPerByte": "10", + "sigVerifyCostEd25519": "590", + "sigVerifyCostSecp256k1": "1000" + } +} +``` + +### REST + +A user can query the `auth` module using REST endpoints. + +#### Account + +The `account` endpoint allow users to query for an account by it's address. + +```bash +/cosmos/auth/v1beta1/account?address={address} +``` + +#### Accounts + +The `accounts` endpoint allow users to query all the available accounts. + +```bash +/cosmos/auth/v1beta1/accounts +``` + +#### Params + +The `params` endpoint allow users to query the current auth parameters. + +```bash +/cosmos/auth/v1beta1/params +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/modules/authz/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/modules/authz/README.md new file mode 100644 index 00000000..c58326aa --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/modules/authz/README.md @@ -0,0 +1,372 @@ +--- +sidebar_position: 1 +--- + +# `x/authz` + +## Abstract + +`x/authz` is an implementation of a Cosmos SDK module, per [ADR 30](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-030-authz-module.md), that allows +granting arbitrary privileges from one account (the granter) to another account (the grantee). Authorizations must be granted for a particular Msg service method one by one using an implementation of the `Authorization` interface. + +## Contents + +* [Concepts](#concepts) + * [Authorization and Grant](#authorization-and-grant) + * [Built-in Authorizations](#built-in-authorizations) + * [Gas](#gas) +* [State](#state) + * [Grant](#grant) + * [GrantQueue](#grantqueue) +* [Messages](#messages) + * [MsgGrant](#msggrant) + * [MsgRevoke](#msgrevoke) + * [MsgExec](#msgexec) +* [Events](#events) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) + +## Concepts + +### Authorization and Grant + +The `x/authz` module defines interfaces and messages grant authorizations to perform actions +on behalf of one account to other accounts. The design is defined in the [ADR 030](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-030-authz-module.md). + +A *grant* is an allowance to execute a Msg by the grantee on behalf of the granter. +Authorization is an interface that must be implemented by a concrete authorization logic to validate and execute grants. Authorizations are extensible and can be defined for any Msg service method even outside of the module where the Msg method is defined. See the `SendAuthorization` example in the next section for more details. + +**Note:** The authz module is different from the [auth (authentication)](../modules/auth/) module that is responsible for specifying the base transaction and account types. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/authz/authorizations.go#L11-L25 +``` + +### Built-in Authorizations + +The Cosmos SDK `x/authz` module comes with following authorization types: + +#### GenericAuthorization + +`GenericAuthorization` implements the `Authorization` interface that gives unrestricted permission to execute the provided Msg on behalf of granter's account. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/authz.proto#L14-L22 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/authz/generic_authorization.go#L16-L29 +``` + +* `msg` stores Msg type URL. + +#### SendAuthorization + +`SendAuthorization` implements the `Authorization` interface for the `cosmos.bank.v1beta1.MsgSend` Msg. + +* It takes a (positive) `SpendLimit` that specifies the maximum amount of tokens the grantee can spend. The `SpendLimit` is updated as the tokens are spent. +* It takes an (optional) `AllowList` that specifies to which addresses a grantee can send token. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/authz.proto#L11-L30 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/bank/types/send_authorization.go#L29-L62 +``` + +* `spend_limit` keeps track of how many coins are left in the authorization. +* `allow_list` specifies an optional list of addresses to whom the grantee can send tokens on behalf of the granter. + +#### StakeAuthorization + +`StakeAuthorization` implements the `Authorization` interface for messages in the [staking module](https://docs.cosmos.network/v0.50/build/modules/staking). It takes an `AuthorizationType` to specify whether you want to authorise delegating, undelegating or redelegating (i.e. these have to be authorised separately). It also takes an optional `MaxTokens` that keeps track of a limit to the amount of tokens that can be delegated/undelegated/redelegated. If left empty, the amount is unlimited. Additionally, this Msg takes an `AllowList` or a `DenyList`, which allows you to select which validators you allow or deny grantees to stake with. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/authz.proto#L11-L35 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/staking/types/authz.go#L15-L35 +``` + +### Gas + +In order to prevent DoS attacks, granting `StakeAuthorization`s with `x/authz` incurs gas. `StakeAuthorization` allows you to authorize another account to delegate, undelegate, or redelegate to validators. The authorizer can define a list of validators they allow or deny delegations to. The Cosmos SDK iterates over these lists and charge 10 gas for each validator in both of the lists. + +Since the state maintaining a list for granter, grantee pair with same expiration, we are iterating over the list to remove the grant (incase of any revoke of paritcular `msgType`) from the list and we are charging 20 gas per iteration. + +## State + +### Grant + +Grants are identified by combining granter address (the address bytes of the granter), grantee address (the address bytes of the grantee) and Authorization type (its type URL). Hence we only allow one grant for the (granter, grantee, Authorization) triple. + +* Grant: `0x01 | granter_address_len (1 byte) | granter_address_bytes | grantee_address_len (1 byte) | grantee_address_bytes | msgType_bytes -> ProtocolBuffer(AuthorizationGrant)` + +The grant object encapsulates an `Authorization` type and an expiration timestamp: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/authz.proto#L24-L32 +``` + +### GrantQueue + +We are maintaining a queue for authz pruning. Whenever a grant is created, an item will be added to `GrantQueue` with a key of expiration, granter, grantee. + +In `EndBlock` (which runs for every block) we continuously check and prune the expired grants by forming a prefix key with current blocktime that passed the stored expiration in `GrantQueue`, we iterate through all the matched records from `GrantQueue` and delete them from the `GrantQueue` & `Grant`s store. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/5f4ddc6f80f9707320eec42182184207fff3833a/x/authz/keeper/keeper.go#L378-L403 +``` + +* GrantQueue: `0x02 | expiration_bytes | granter_address_len (1 byte) | granter_address_bytes | grantee_address_len (1 byte) | grantee_address_bytes -> ProtocalBuffer(GrantQueueItem)` + +The `expiration_bytes` are the expiration date in UTC with the format `"2006-01-02T15:04:05.000000000"`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/authz/keeper/keys.go#L77-L93 +``` + +The `GrantQueueItem` object contains the list of type urls between granter and grantee that expire at the time indicated in the key. + +## Messages + +In this section we describe the processing of messages for the authz module. + +### MsgGrant + +An authorization grant is created using the `MsgGrant` message. +If there is already a grant for the `(granter, grantee, Authorization)` triple, then the new grant overwrites the previous one. To update or extend an existing grant, a new grant with the same `(granter, grantee, Authorization)` triple should be created. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/tx.proto#L35-L45 +``` + +The message handling should fail if: + +* both granter and grantee have the same address. +* provided `Expiration` time is less than current unix timestamp (but a grant will be created if no `expiration` time is provided since `expiration` is optional). +* provided `Grant.Authorization` is not implemented. +* `Authorization.MsgTypeURL()` is not defined in the router (there is no defined handler in the app router to handle that Msg types). + +### MsgRevoke + +A grant can be removed with the `MsgRevoke` message. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/tx.proto#L69-L78 +``` + +The message handling should fail if: + +* both granter and grantee have the same address. +* provided `MsgTypeUrl` is empty. + +NOTE: The `MsgExec` message removes a grant if the grant has expired. + +### MsgExec + +When a grantee wants to execute a transaction on behalf of a granter, they must send `MsgExec`. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/tx.proto#L52-L63 +``` + +The message handling should fail if: + +* provided `Authorization` is not implemented. +* grantee doesn't have permission to run the transaction. +* if granted authorization is expired. + +## Events + +The authz module emits proto events defined in [the Protobuf reference](https://buf.build/cosmos/cosmos-sdk/docs/main/cosmos.authz.v1beta1#cosmos.authz.v1beta1.EventGrant). + +## Client + +### CLI + +A user can query and interact with the `authz` module using the CLI. + +#### Query + +The `query` commands allow users to query `authz` state. + +```bash +simd query authz --help +``` + +##### grants + +The `grants` command allows users to query grants for a granter-grantee pair. If the message type URL is set, it selects grants only for that message type. + +```bash +simd query authz grants [granter-addr] [grantee-addr] [msg-type-url]? [flags] +``` + +Example: + +```bash +simd query authz grants cosmos1.. cosmos1.. /cosmos.bank.v1beta1.MsgSend +``` + +Example Output: + +```bash +grants: +- authorization: + '@type': /cosmos.bank.v1beta1.SendAuthorization + spend_limit: + - amount: "100" + denom: stake + expiration: "2022-01-01T00:00:00Z" +pagination: null +``` + +#### Transactions + +The `tx` commands allow users to interact with the `authz` module. + +```bash +simd tx authz --help +``` + +##### exec + +The `exec` command allows a grantee to execute a transaction on behalf of granter. + +```bash + simd tx authz exec [tx-json-file] --from [grantee] [flags] +``` + +Example: + +```bash +simd tx authz exec tx.json --from=cosmos1.. +``` + +##### grant + +The `grant` command allows a granter to grant an authorization to a grantee. + +```bash +simd tx authz grant --from [flags] +``` +- The `send` authorization_type refers to the built-in `SendAuthorization` type. The custom flags available are `spend-limit` (required) and `allow-list` (optional) , documented [here](#SendAuthorization) + +Example: + +```bash + simd tx authz grant cosmos1.. send --spend-limit=100stake --allow-list=cosmos1...,cosmos2... --from=cosmos1.. +``` +- The `generic` authorization_type refers to the built-in `GenericAuthorization` type. The custom flag available is `msg-type` ( required) documented [here](#GenericAuthorization). + +> Note: `msg-type` is any valid Cosmos SDK `Msg` type url. + +Example: +```bash + simd tx authz grant cosmos1.. generic --msg-type=/cosmos.bank.v1beta1.MsgSend --from=cosmos1.. +``` +- The `delegate`,`unbond`,`redelegate` authorization_types refer to the built-in `StakeAuthorization` type. The custom flags available are `spend-limit` (optional), `allowed-validators` (optional) and `deny-validators` (optional) documented [here](#StakeAuthorization). +> Note: `allowed-validators` and `deny-validators` cannot both be empty. `spend-limit` represents the `MaxTokens` + +Example: + +```bash +simd tx authz grant cosmos1.. delegate --spend-limit=100stake --allowed-validators=cosmos...,cosmos... --deny-validators=cosmos... --from=cosmos1.. +``` + +##### revoke + +The `revoke` command allows a granter to revoke an authorization from a grantee. + +```bash +simd tx authz revoke [grantee] [msg-type-url] --from=[granter] [flags] +``` + +Example: + +```bash +simd tx authz revoke cosmos1.. /cosmos.bank.v1beta1.MsgSend --from=cosmos1.. +``` + +### gRPC + +A user can query the `authz` module using gRPC endpoints. + +#### Grants + +The `Grants` endpoint allows users to query grants for a granter-grantee pair. If the message type URL is set, it selects grants only for that message type. + +```bash +cosmos.authz.v1beta1.Query/Grants +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"granter":"cosmos1..","grantee":"cosmos1..","msg_type_url":"/cosmos.bank.v1beta1.MsgSend"}' \ + localhost:9090 \ + cosmos.authz.v1beta1.Query/Grants +``` + +Example Output: + +```bash +{ + "grants": [ + { + "authorization": { + "@type": "/cosmos.bank.v1beta1.SendAuthorization", + "spendLimit": [ + { + "denom":"stake", + "amount":"100" + } + ] + }, + "expiration": "2022-01-01T00:00:00Z" + } + ] +} +``` + +### REST + +A user can query the `authz` module using REST endpoints. + +```bash +/cosmos/authz/v1beta1/grants +``` + +Example: + +```bash +curl "localhost:1317/cosmos/authz/v1beta1/grants?granter=cosmos1..&grantee=cosmos1..&msg_type_url=/cosmos.bank.v1beta1.MsgSend" +``` + +Example Output: + +```bash +{ + "grants": [ + { + "authorization": { + "@type": "/cosmos.bank.v1beta1.SendAuthorization", + "spend_limit": [ + { + "denom": "stake", + "amount": "100" + } + ] + }, + "expiration": "2022-01-01T00:00:00Z" + } + ], + "pagination": null +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/modules/bank/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/modules/bank/README.md new file mode 100644 index 00000000..885a9f1f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/modules/bank/README.md @@ -0,0 +1,1039 @@ +--- +sidebar_position: 1 +--- + +# `x/bank` + +## Abstract + +This document specifies the bank module of the Cosmos SDK. + +The bank module is responsible for handling multi-asset coin transfers between +accounts and tracking special-case pseudo-transfers which must work differently +with particular kinds of accounts (notably delegating/undelegating for vesting +accounts). It exposes several interfaces with varying capabilities for secure +interaction with other modules which must alter user balances. + +In addition, the bank module tracks and provides query support for the total +supply of all assets used in the application. + +This module is used in the Cosmos Hub. + +## Contents + +* [Supply](#supply) + * [Total Supply](#total-supply) +* [Module Accounts](#module-accounts) + * [Permissions](#permissions) +* [State](#state) +* [Params](#params) +* [Keepers](#keepers) +* [Messages](#messages) +* [Events](#events) + * [Message Events](#message-events) + * [Keeper Events](#keeper-events) +* [Parameters](#parameters) + * [SendEnabled](#sendenabled) + * [DefaultSendEnabled](#defaultsendenabled) +* [Client](#client) + * [CLI](#cli) + * [Query](#query) + * [Transactions](#transactions) +* [gRPC](#grpc) + +## Supply + +The `supply` functionality: + +* passively tracks the total supply of coins within a chain, +* provides a pattern for modules to hold/interact with `Coins`, and +* introduces the invariant check to verify a chain's total supply. + +### Total Supply + +The total `Supply` of the network is equal to the sum of all coins from the +account. The total supply is updated every time a `Coin` is minted (eg: as part +of the inflation mechanism) or burned (eg: due to slashing or if a governance +proposal is vetoed). + +## Module Accounts + +The supply functionality introduces a new type of `auth.Account` which can be used by +modules to allocate tokens and in special cases mint or burn tokens. At a base +level these module accounts are capable of sending/receiving tokens to and from +`auth.Account`s and other module accounts. This design replaces previous +alternative designs where, to hold tokens, modules would burn the incoming +tokens from the sender account, and then track those tokens internally. Later, +in order to send tokens, the module would need to effectively mint tokens +within a destination account. The new design removes duplicate logic between +modules to perform this accounting. + +The `ModuleAccount` interface is defined as follows: + +```go +type ModuleAccount interface { + auth.Account // same methods as the Account interface + + GetName() string // name of the module; used to obtain the address + GetPermissions() []string // permissions of module account + HasPermission(string) bool +} +``` + +> **WARNING!** +> Any module or message handler that allows either direct or indirect sending of funds must explicitly guarantee those funds cannot be sent to module accounts (unless allowed). + +The supply `Keeper` also introduces new wrapper functions for the auth `Keeper` +and the bank `Keeper` that are related to `ModuleAccount`s in order to be able +to: + +* Get and set `ModuleAccount`s by providing the `Name`. +* Send coins from and to other `ModuleAccount`s or standard `Account`s + (`BaseAccount` or `VestingAccount`) by passing only the `Name`. +* `Mint` or `Burn` coins for a `ModuleAccount` (restricted to its permissions). + +### Permissions + +Each `ModuleAccount` has a different set of permissions that provide different +object capabilities to perform certain actions. Permissions need to be +registered upon the creation of the supply `Keeper` so that every time a +`ModuleAccount` calls the allowed functions, the `Keeper` can lookup the +permissions to that specific account and perform or not perform the action. + +The available permissions are: + +* `Minter`: allows for a module to mint a specific amount of coins. +* `Burner`: allows for a module to burn a specific amount of coins. +* `Staking`: allows for a module to delegate and undelegate a specific amount of coins. + +## State + +The `x/bank` module keeps state of the following primary objects: + +1. Account balances +2. Denomination metadata +3. The total supply of all balances +4. Information on which denominations are allowed to be sent. + +In addition, the `x/bank` module keeps the following indexes to manage the +aforementioned state: + +* Supply Index: `0x0 | byte(denom) -> byte(amount)` +* Denom Metadata Index: `0x1 | byte(denom) -> ProtocolBuffer(Metadata)` +* Balances Index: `0x2 | byte(address length) | []byte(address) | []byte(balance.Denom) -> ProtocolBuffer(balance)` +* Reverse Denomination to Address Index: `0x03 | byte(denom) | 0x00 | []byte(address) -> 0` + +## Params + +The bank module stores it's params in state with the prefix of `0x05`, +it can be updated with governance or the address with authority. + +* Params: `0x05 | ProtocolBuffer(Params)` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/bank.proto#L12-L23 +``` + +## Keepers + +The bank module provides these exported keeper interfaces that can be +passed to other modules that read or update account balances. Modules +should use the least-permissive interface that provides the functionality they +require. + +Best practices dictate careful review of `bank` module code to ensure that +permissions are limited in the way that you expect. + +### Denied Addresses + +The `x/bank` module accepts a map of addresses that are considered blocklisted +from directly and explicitly receiving funds through means such as `MsgSend` and +`MsgMultiSend` and direct API calls like `SendCoinsFromModuleToAccount`. + +Typically, these addresses are module accounts. If these addresses receive funds +outside the expected rules of the state machine, invariants are likely to be +broken and could result in a halted network. + +By providing the `x/bank` module with a blocklisted set of addresses, an error occurs for the operation if a user or client attempts to directly or indirectly send funds to a blocklisted account, for example, by using [IBC](https://ibc.cosmos.network). + +### Common Types + +#### Input + +An input of a multiparty transfer + +```protobuf +// Input models transaction input. +message Input { + string address = 1; + repeated cosmos.base.v1beta1.Coin coins = 2; +} +``` + +#### Output + +An output of a multiparty transfer. + +```protobuf +// Output models transaction outputs. +message Output { + string address = 1; + repeated cosmos.base.v1beta1.Coin coins = 2; +} +``` + +### BaseKeeper + +The base keeper provides full-permission access: the ability to arbitrary modify any account's balance and mint or burn coins. + +Restricted permission to mint per module could be achieved by using baseKeeper with `WithMintCoinsRestriction` to give specific restrictions to mint (e.g. only minting certain denom). + +```go +// Keeper defines a module interface that facilitates the transfer of coins +// between accounts. +type Keeper interface { + SendKeeper + WithMintCoinsRestriction(MintingRestrictionFn) BaseKeeper + + InitGenesis(context.Context, *types.GenesisState) + ExportGenesis(context.Context) *types.GenesisState + + GetSupply(ctx context.Context, denom string) sdk.Coin + HasSupply(ctx context.Context, denom string) bool + GetPaginatedTotalSupply(ctx context.Context, pagination *query.PageRequest) (sdk.Coins, *query.PageResponse, error) + IterateTotalSupply(ctx context.Context, cb func(sdk.Coin) bool) + GetDenomMetaData(ctx context.Context, denom string) (types.Metadata, bool) + HasDenomMetaData(ctx context.Context, denom string) bool + SetDenomMetaData(ctx context.Context, denomMetaData types.Metadata) + IterateAllDenomMetaData(ctx context.Context, cb func(types.Metadata) bool) + + SendCoinsFromModuleToAccount(ctx context.Context, senderModule string, recipientAddr sdk.AccAddress, amt sdk.Coins) error + SendCoinsFromModuleToModule(ctx context.Context, senderModule, recipientModule string, amt sdk.Coins) error + SendCoinsFromAccountToModule(ctx context.Context, senderAddr sdk.AccAddress, recipientModule string, amt sdk.Coins) error + DelegateCoinsFromAccountToModule(ctx context.Context, senderAddr sdk.AccAddress, recipientModule string, amt sdk.Coins) error + UndelegateCoinsFromModuleToAccount(ctx context.Context, senderModule string, recipientAddr sdk.AccAddress, amt sdk.Coins) error + MintCoins(ctx context.Context, moduleName string, amt sdk.Coins) error + BurnCoins(ctx context.Context, moduleName string, amt sdk.Coins) error + + DelegateCoins(ctx context.Context, delegatorAddr, moduleAccAddr sdk.AccAddress, amt sdk.Coins) error + UndelegateCoins(ctx context.Context, moduleAccAddr, delegatorAddr sdk.AccAddress, amt sdk.Coins) error + + // GetAuthority gets the address capable of executing governance proposal messages. Usually the gov module account. + GetAuthority() string + + types.QueryServer +} +``` + +### SendKeeper + +The send keeper provides access to account balances and the ability to transfer coins between +accounts. The send keeper does not alter the total supply (mint or burn coins). + +```go +// SendKeeper defines a module interface that facilitates the transfer of coins +// between accounts without the possibility of creating coins. +type SendKeeper interface { + ViewKeeper + + AppendSendRestriction(restriction SendRestrictionFn) + PrependSendRestriction(restriction SendRestrictionFn) + ClearSendRestriction() + + InputOutputCoins(ctx context.Context, input types.Input, outputs []types.Output) error + SendCoins(ctx context.Context, fromAddr, toAddr sdk.AccAddress, amt sdk.Coins) error + + GetParams(ctx context.Context) types.Params + SetParams(ctx context.Context, params types.Params) error + + IsSendEnabledDenom(ctx context.Context, denom string) bool + SetSendEnabled(ctx context.Context, denom string, value bool) + SetAllSendEnabled(ctx context.Context, sendEnableds []*types.SendEnabled) + DeleteSendEnabled(ctx context.Context, denom string) + IterateSendEnabledEntries(ctx context.Context, cb func(denom string, sendEnabled bool) (stop bool)) + GetAllSendEnabledEntries(ctx context.Context) []types.SendEnabled + + IsSendEnabledCoin(ctx context.Context, coin sdk.Coin) bool + IsSendEnabledCoins(ctx context.Context, coins ...sdk.Coin) error + + BlockedAddr(addr sdk.AccAddress) bool +} +``` + +#### Send Restrictions + +The `SendKeeper` applies a `SendRestrictionFn` before each transfer of funds. + +```golang +// A SendRestrictionFn can restrict sends and/or provide a new receiver address. +type SendRestrictionFn func(ctx context.Context, fromAddr, toAddr sdk.AccAddress, amt sdk.Coins) (newToAddr sdk.AccAddress, err error) +``` + +After the `SendKeeper` (or `BaseKeeper`) has been created, send restrictions can be added to it using the `AppendSendRestriction` or `PrependSendRestriction` functions. +Both functions compose the provided restriction with any previously provided restrictions. +`AppendSendRestriction` adds the provided restriction to be run after any previously provided send restrictions. +`PrependSendRestriction` adds the restriction to be run before any previously provided send restrictions. +The composition will short-circuit when an error is encountered. I.e. if the first one returns an error, the second is not run. + +During `SendCoins`, the send restriction is applied after coins are removed from the from address, but before adding them to the to address. +During `InputOutputCoins`, the send restriction is applied after the input coins are removed and once for each output before the funds are added. + +A send restriction function should make use of a custom value in the context to allow bypassing that specific restriction. + +Send Restrictions are not placed on `ModuleToAccount` or `ModuleToModule` transfers. This is done due to modules needing to move funds to user accounts and other module accounts. This is a design decision to allow for more flexibility in the state machine. The state machine should be able to move funds between module accounts and user accounts without restrictions. + +Secondly this limitation would limit the usage of the state machine even for itself. users would not be able to receive rewards, not be able to move funds between module accounts. In the case that a user sends funds from a user account to the community pool and then a governance proposal is used to get those tokens into the users account this would fall under the discretion of the app chain developer to what they would like to do here. We can not make strong assumptions here. +Thirdly, this issue could lead into a chain halt if a token is disabled and the token is moved in the begin/endblock. This is the last reason we see the current change and more damaging then beneficial for users. + +For example, in your module's keeper package, you'd define the send restriction function: + +```golang +var _ banktypes.SendRestrictionFn = Keeper{}.SendRestrictionFn + +func (k Keeper) SendRestrictionFn(ctx context.Context, fromAddr, toAddr sdk.AccAddress, amt sdk.Coins) (sdk.AccAddress, error) { + // Bypass if the context says to. + if mymodule.HasBypass(ctx) { + return toAddr, nil + } + + // Your custom send restriction logic goes here. + return nil, errors.New("not implemented") +} +``` + +The bank keeper should be provided to your keeper's constructor so the send restriction can be added to it: + +```golang +func NewKeeper(cdc codec.BinaryCodec, storeKey storetypes.StoreKey, bankKeeper mymodule.BankKeeper) Keeper { + rv := Keeper{/*...*/} + bankKeeper.AppendSendRestriction(rv.SendRestrictionFn) + return rv +} +``` + +Then, in the `mymodule` package, define the context helpers: + +```golang +const bypassKey = "bypass-mymodule-restriction" + +// WithBypass returns a new context that will cause the mymodule bank send restriction to be skipped. +func WithBypass(ctx context.Context) context.Context { + return sdk.UnwrapSDKContext(ctx).WithValue(bypassKey, true) +} + +// WithoutBypass returns a new context that will cause the mymodule bank send restriction to not be skipped. +func WithoutBypass(ctx context.Context) context.Context { + return sdk.UnwrapSDKContext(ctx).WithValue(bypassKey, false) +} + +// HasBypass checks the context to see if the mymodule bank send restriction should be skipped. +func HasBypass(ctx context.Context) bool { + bypassValue := ctx.Value(bypassKey) + if bypassValue == nil { + return false + } + bypass, isBool := bypassValue.(bool) + return isBool && bypass +} +``` + +Now, anywhere where you want to use `SendCoins` or `InputOutputCoins`, but you don't want your send restriction applied: + +```golang +func (k Keeper) DoThing(ctx context.Context, fromAddr, toAddr sdk.AccAddress, amt sdk.Coins) error { + return k.bankKeeper.SendCoins(mymodule.WithBypass(ctx), fromAddr, toAddr, amt) +} +``` + +### ViewKeeper + +The view keeper provides read-only access to account balances. The view keeper does not have balance alteration functionality. All balance lookups are `O(1)`. + +```go +// ViewKeeper defines a module interface that facilitates read only access to +// account balances. +type ViewKeeper interface { + ValidateBalance(ctx context.Context, addr sdk.AccAddress) error + HasBalance(ctx context.Context, addr sdk.AccAddress, amt sdk.Coin) bool + + GetAllBalances(ctx context.Context, addr sdk.AccAddress) sdk.Coins + GetAccountsBalances(ctx context.Context) []types.Balance + GetBalance(ctx context.Context, addr sdk.AccAddress, denom string) sdk.Coin + LockedCoins(ctx context.Context, addr sdk.AccAddress) sdk.Coins + SpendableCoins(ctx context.Context, addr sdk.AccAddress) sdk.Coins + SpendableCoin(ctx context.Context, addr sdk.AccAddress, denom string) sdk.Coin + + IterateAccountBalances(ctx context.Context, addr sdk.AccAddress, cb func(coin sdk.Coin) (stop bool)) + IterateAllBalances(ctx context.Context, cb func(address sdk.AccAddress, coin sdk.Coin) (stop bool)) +} +``` + +## Messages + +### MsgSend + +Send coins from one address to another. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/tx.proto#L38-L53 +``` + +The message will fail under the following conditions: + +* The coins do not have sending enabled +* The `to` address is restricted + +### MsgMultiSend + +Send coins from one sender and to a series of different address. If any of the receiving addresses do not correspond to an existing account, a new account is created. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/tx.proto#L58-L69 +``` + +The message will fail under the following conditions: + +* Any of the coins do not have sending enabled +* Any of the `to` addresses are restricted +* Any of the coins are locked +* The inputs and outputs do not correctly correspond to one another + +### MsgUpdateParams + +The `bank` module params can be updated through `MsgUpdateParams`, which can be done using governance proposal. The signer will always be the `gov` module account address. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/tx.proto#L74-L88 +``` + +The message handling can fail if: + +* signer is not the gov module account address. + +### MsgSetSendEnabled + +Used with the x/gov module to set create/edit SendEnabled entries. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/tx.proto#L96-L117 +``` + +The message will fail under the following conditions: + +* The authority is not a bech32 address. +* The authority is not x/gov module's address. +* There are multiple SendEnabled entries with the same Denom. +* One or more SendEnabled entries has an invalid Denom. + +## Events + +The bank module emits the following events: + +### Message Events + +#### MsgSend + +| Type | Attribute Key | Attribute Value | +| -------- | ------------- | ------------------ | +| transfer | recipient | {recipientAddress} | +| transfer | amount | {amount} | +| message | module | bank | +| message | action | send | +| message | sender | {senderAddress} | + +#### MsgMultiSend + +| Type | Attribute Key | Attribute Value | +| -------- | ------------- | ------------------ | +| transfer | recipient | {recipientAddress} | +| transfer | amount | {amount} | +| message | module | bank | +| message | action | multisend | +| message | sender | {senderAddress} | + +### Keeper Events + +In addition to message events, the bank keeper will produce events when the following methods are called (or any method which ends up calling them) + +#### MintCoins + +```json +{ + "type": "coinbase", + "attributes": [ + { + "key": "minter", + "value": "{{sdk.AccAddress of the module minting coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being minted}}", + "index": true + } + ] +} +``` + +```json +{ + "type": "coin_received", + "attributes": [ + { + "key": "receiver", + "value": "{{sdk.AccAddress of the module minting coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being received}}", + "index": true + } + ] +} +``` + +#### BurnCoins + +```json +{ + "type": "burn", + "attributes": [ + { + "key": "burner", + "value": "{{sdk.AccAddress of the module burning coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being burned}}", + "index": true + } + ] +} +``` + +```json +{ + "type": "coin_spent", + "attributes": [ + { + "key": "spender", + "value": "{{sdk.AccAddress of the module burning coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being burned}}", + "index": true + } + ] +} +``` + +#### addCoins + +```json +{ + "type": "coin_received", + "attributes": [ + { + "key": "receiver", + "value": "{{sdk.AccAddress of the address beneficiary of the coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being received}}", + "index": true + } + ] +} +``` + +#### subUnlockedCoins/DelegateCoins + +```json +{ + "type": "coin_spent", + "attributes": [ + { + "key": "spender", + "value": "{{sdk.AccAddress of the address which is spending coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being spent}}", + "index": true + } + ] +} +``` + +## Parameters + +The bank module contains the following parameters + +### SendEnabled + +The SendEnabled parameter is now deprecated and not to be use. It is replaced +with state store records. + + +### DefaultSendEnabled + +The default send enabled value controls send transfer capability for all +coin denominations unless specifically included in the array of `SendEnabled` +parameters. + +## Client + +### CLI + +A user can query and interact with the `bank` module using the CLI. + +#### Query + +The `query` commands allow users to query `bank` state. + +```shell +simd query bank --help +``` + +##### balances + +The `balances` command allows users to query account balances by address. + +```shell +simd query bank balances [address] [flags] +``` + +Example: + +```shell +simd query bank balances cosmos1.. +``` + +Example Output: + +```yml +balances: +- amount: "1000000000" + denom: stake +pagination: + next_key: null + total: "0" +``` + +##### denom-metadata + +The `denom-metadata` command allows users to query metadata for coin denominations. A user can query metadata for a single denomination using the `--denom` flag or all denominations without it. + +```shell +simd query bank denom-metadata [flags] +``` + +Example: + +```shell +simd query bank denom-metadata --denom stake +``` + +Example Output: + +```yml +metadata: + base: stake + denom_units: + - aliases: + - STAKE + denom: stake + description: native staking token of simulation app + display: stake + name: SimApp Token + symbol: STK +``` + +##### total + +The `total` command allows users to query the total supply of coins. A user can query the total supply for a single coin using the `--denom` flag or all coins without it. + +```shell +simd query bank total [flags] +``` + +Example: + +```shell +simd query bank total --denom stake +``` + +Example Output: + +```yml +amount: "10000000000" +denom: stake +``` + +##### send-enabled + +The `send-enabled` command allows users to query for all or some SendEnabled entries. + +```shell +simd query bank send-enabled [denom1 ...] [flags] +``` + +Example: + +```shell +simd query bank send-enabled +``` + +Example output: + +```yml +send_enabled: +- denom: foocoin + enabled: true +- denom: barcoin +pagination: + next-key: null + total: 2 +``` + +#### Transactions + +The `tx` commands allow users to interact with the `bank` module. + +```shell +simd tx bank --help +``` + +##### send + +The `send` command allows users to send funds from one account to another. + +```shell +simd tx bank send [from_key_or_address] [to_address] [amount] [flags] +``` + +Example: + +```shell +simd tx bank send cosmos1.. cosmos1.. 100stake +``` + +## gRPC + +A user can query the `bank` module using gRPC endpoints. + +### Balance + +The `Balance` endpoint allows users to query account balance by address for a given denomination. + +```shell +cosmos.bank.v1beta1.Query/Balance +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"address":"cosmos1..","denom":"stake"}' \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/Balance +``` + +Example Output: + +```json +{ + "balance": { + "denom": "stake", + "amount": "1000000000" + } +} +``` + +### AllBalances + +The `AllBalances` endpoint allows users to query account balance by address for all denominations. + +```shell +cosmos.bank.v1beta1.Query/AllBalances +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"address":"cosmos1.."}' \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/AllBalances +``` + +Example Output: + +```json +{ + "balances": [ + { + "denom": "stake", + "amount": "1000000000" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### DenomMetadata + +The `DenomMetadata` endpoint allows users to query metadata for a single coin denomination. + +```shell +cosmos.bank.v1beta1.Query/DenomMetadata +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"denom":"stake"}' \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/DenomMetadata +``` + +Example Output: + +```json +{ + "metadata": { + "description": "native staking token of simulation app", + "denomUnits": [ + { + "denom": "stake", + "aliases": [ + "STAKE" + ] + } + ], + "base": "stake", + "display": "stake", + "name": "SimApp Token", + "symbol": "STK" + } +} +``` + +### DenomsMetadata + +The `DenomsMetadata` endpoint allows users to query metadata for all coin denominations. + +```shell +cosmos.bank.v1beta1.Query/DenomsMetadata +``` + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/DenomsMetadata +``` + +Example Output: + +```json +{ + "metadatas": [ + { + "description": "native staking token of simulation app", + "denomUnits": [ + { + "denom": "stake", + "aliases": [ + "STAKE" + ] + } + ], + "base": "stake", + "display": "stake", + "name": "SimApp Token", + "symbol": "STK" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### DenomOwners + +The `DenomOwners` endpoint allows users to query metadata for a single coin denomination. + +```shell +cosmos.bank.v1beta1.Query/DenomOwners +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"denom":"stake"}' \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/DenomOwners +``` + +Example Output: + +```json +{ + "denomOwners": [ + { + "address": "cosmos1..", + "balance": { + "denom": "stake", + "amount": "5000000000" + } + }, + { + "address": "cosmos1..", + "balance": { + "denom": "stake", + "amount": "5000000000" + } + }, + ], + "pagination": { + "total": "2" + } +} +``` + +### TotalSupply + +The `TotalSupply` endpoint allows users to query the total supply of all coins. + +```shell +cosmos.bank.v1beta1.Query/TotalSupply +``` + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/TotalSupply +``` + +Example Output: + +```json +{ + "supply": [ + { + "denom": "stake", + "amount": "10000000000" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### SupplyOf + +The `SupplyOf` endpoint allows users to query the total supply of a single coin. + +```shell +cosmos.bank.v1beta1.Query/SupplyOf +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"denom":"stake"}' \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/SupplyOf +``` + +Example Output: + +```json +{ + "amount": { + "denom": "stake", + "amount": "10000000000" + } +} +``` + +### Params + +The `Params` endpoint allows users to query the parameters of the `bank` module. + +```shell +cosmos.bank.v1beta1.Query/Params +``` + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/Params +``` + +Example Output: + +```json +{ + "params": { + "defaultSendEnabled": true + } +} +``` + +### SendEnabled + +The `SendEnabled` enpoints allows users to query the SendEnabled entries of the `bank` module. + +Any denominations NOT returned, use the `Params.DefaultSendEnabled` value. + +```shell +cosmos.bank.v1beta1.Query/SendEnabled +``` + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/SendEnabled +``` + +Example Output: + +```json +{ + "send_enabled": [ + { + "denom": "foocoin", + "enabled": true + }, + { + "denom": "barcoin" + } + ], + "pagination": { + "next-key": null, + "total": 2 + } +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/modules/circuit/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/modules/circuit/README.md new file mode 100644 index 00000000..f3b75389 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/modules/circuit/README.md @@ -0,0 +1,170 @@ +# `x/circuit` + +## Concepts + +Circuit Breaker is a module that is meant to avoid a chain needing to halt/shut down in the presence of a vulnerability, instead the module will allow specific messages or all messages to be disabled. When operating a chain, if it is app specific then a halt of the chain is less detrimental, but if there are applications built on top of the chain then halting is expensive due to the disturbance to applications. + +Circuit Breaker works with the idea that an address or set of addresses have the right to block messages from being executed and/or included in the mempool. Any address with a permission is able to reset the circuit breaker for the message. + +The transactions are checked and can be rejected at two points: + +* In `CircuitBreakerDecorator` [ante handler](https://docs.cosmos.network/main/learn/advanced/baseapp#antehandler): + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/x/circuit/v0.1.0/x/circuit/ante/circuit.go#L27-L41 +``` + +* With a [message router check](https://docs.cosmos.network/main/learn/advanced/baseapp#msg-service-router): + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.1/baseapp/msg_service_router.go#L104-L115 +``` + +:::note +The `CircuitBreakerDecorator` works for most use cases, but [does not check the inner messages of a transaction](https://docs.cosmos.network/main/learn/beginner/tx-lifecycle#antehandler). This some transactions (such as `x/authz` transactions or some `x/gov` transactions) may pass the ante handler. **This does not affect the circuit breaker** as the message router check will still fail the transaction. +This tradeoff is to avoid introducing more dependencies in the `x/circuit` module. Chains can re-define the `CircuitBreakerDecorator` to check for inner messages if they wish to do so. +::: + +## State + +### Accounts + +* AccountPermissions `0x1 | account_address -> ProtocolBuffer(CircuitBreakerPermissions)` + +```go +type level int32 + +const ( + // LEVEL_NONE_UNSPECIFIED indicates that the account will have no circuit + // breaker permissions. + LEVEL_NONE_UNSPECIFIED = iota + // LEVEL_SOME_MSGS indicates that the account will have permission to + // trip or reset the circuit breaker for some Msg type URLs. If this level + // is chosen, a non-empty list of Msg type URLs must be provided in + // limit_type_urls. + LEVEL_SOME_MSGS + // LEVEL_ALL_MSGS indicates that the account can trip or reset the circuit + // breaker for Msg's of all type URLs. + LEVEL_ALL_MSGS + // LEVEL_SUPER_ADMIN indicates that the account can take all circuit breaker + // actions and can grant permissions to other accounts. + LEVEL_SUPER_ADMIN +) + +type Access struct { + level int32 + msgs []string // if full permission, msgs can be empty +} +``` + + +### Disable List + +List of type urls that are disabled. + +* DisableList `0x2 | msg_type_url -> []byte{}` + +## State Transitions + +### Authorize + +Authorize, is called by the module authority (default governance module account) or any account with `LEVEL_SUPER_ADMIN` to give permission to disable/enable messages to another account. There are three levels of permissions that can be granted. `LEVEL_SOME_MSGS` limits the number of messages that can be disabled. `LEVEL_ALL_MSGS` permits all messages to be disabled. `LEVEL_SUPER_ADMIN` allows an account to take all circuit breaker actions including authorizing and deauthorizing other accounts. + +```protobuf + // AuthorizeCircuitBreaker allows a super-admin to grant (or revoke) another + // account's circuit breaker permissions. + rpc AuthorizeCircuitBreaker(MsgAuthorizeCircuitBreaker) returns (MsgAuthorizeCircuitBreakerResponse); +``` + +### Trip + +Trip, is called by an authorized account to disable message execution for a specific msgURL. If empty, all the msgs will be disabled. + +```protobuf + // TripCircuitBreaker pauses processing of Msg's in the state machine. + rpc TripCircuitBreaker(MsgTripCircuitBreaker) returns (MsgTripCircuitBreakerResponse); +``` + +### Reset + +Reset is called by an authorized account to enable execution for a specific msgURL of previously disabled message. If empty, all the disabled messages will be enabled. + +```protobuf + // ResetCircuitBreaker resumes processing of Msg's in the state machine that + // have been been paused using TripCircuitBreaker. + rpc ResetCircuitBreaker(MsgResetCircuitBreaker) returns (MsgResetCircuitBreakerResponse); +``` + +## Messages + +### MsgAuthorizeCircuitBreaker + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/cosmos/circuit/v1/tx.proto#L25-L75 +``` + +This message is expected to fail if: + +* the granter is not an account with permission level `LEVEL_SUPER_ADMIN` or the module authority + +### MsgTripCircuitBreaker + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/cosmos/circuit/v1/tx.proto#L77-L93 +``` + +This message is expected to fail if: + +* if the signer does not have a permission level with the ability to disable the specified type url message + +### MsgResetCircuitBreaker + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/cosmos/circuit/v1/tx.proto#L95-109 +``` + +This message is expected to fail if: + +* if the type url is not disabled + +## Events - list and describe event tags + +The circuit module emits the following events: + +### Message Events + +#### MsgAuthorizeCircuitBreaker + +| Type | Attribute Key | Attribute Value | +|---------|---------------|---------------------------| +| string | granter | {granterAddress} | +| string | grantee | {granteeAddress} | +| string | permission | {granteePermissions} | +| message | module | circuit | +| message | action | authorize_circuit_breaker | + +#### MsgTripCircuitBreaker + +| Type | Attribute Key | Attribute Value | +|----------|---------------|--------------------| +| string | authority | {authorityAddress} | +| []string | msg_urls | []string{msg_urls} | +| message | module | circuit | +| message | action | trip_circuit_breaker | + +#### ResetCircuitBreaker + +| Type | Attribute Key | Attribute Value | +|----------|---------------|--------------------| +| string | authority | {authorityAddress} | +| []string | msg_urls | []string{msg_urls} | +| message | module | circuit | +| message | action | reset_circuit_breaker | + + +## Keys - list of key prefixes used by the circuit module + +* `AccountPermissionPrefix` - `0x01` +* `DisableListPrefix` - `0x02` + +## Client - list and describe CLI commands and gRPC and REST endpoints diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/modules/consensus/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/modules/consensus/README.md new file mode 100644 index 00000000..902280a6 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/modules/consensus/README.md @@ -0,0 +1,7 @@ +--- +sidebar_position: 1 +--- + +# `x/consensus` + +Functionality to modify CometBFT's ABCI consensus params. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/modules/crisis/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/modules/crisis/README.md new file mode 100644 index 00000000..e4e29d0a --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/modules/crisis/README.md @@ -0,0 +1,110 @@ +--- +sidebar_position: 1 +--- + +# `x/crisis` + +## Overview + +The crisis module halts the blockchain under the circumstance that a blockchain +invariant is broken. Invariants can be registered with the application during the +application initialization process. + +## Contents + +* [State](#state) +* [Messages](#messages) +* [Events](#events) +* [Parameters](#parameters) +* [Client](#client) + * [CLI](#cli) + +## State + +### ConstantFee + +Due to the anticipated large gas cost requirement to verify an invariant (and +potential to exceed the maximum allowable block gas limit) a constant fee is +used instead of the standard gas consumption method. The constant fee is +intended to be larger than the anticipated gas cost of running the invariant +with the standard gas consumption method. + +The ConstantFee param is stored in the module params state with the prefix of `0x01`, +it can be updated with governance or the address with authority. + +* Params: `mint/params -> legacy_amino(sdk.Coin)` + +## Messages + +In this section we describe the processing of the crisis messages and the +corresponding updates to the state. + +### MsgVerifyInvariant + +Blockchain invariants can be checked using the `MsgVerifyInvariant` message. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/crisis/v1beta1/tx.proto#L26-L42 +``` + +This message is expected to fail if: + +* the sender does not have enough coins for the constant fee +* the invariant route is not registered + +This message checks the invariant provided, and if the invariant is broken it +panics, halting the blockchain. If the invariant is broken, the constant fee is +never deducted as the transaction is never committed to a block (equivalent to +being refunded). However, if the invariant is not broken, the constant fee will +not be refunded. + +## Events + +The crisis module emits the following events: + +### Handlers + +#### MsgVerifyInvariance + +| Type | Attribute Key | Attribute Value | +|-----------|---------------|------------------| +| invariant | route | {invariantRoute} | +| message | module | crisis | +| message | action | verify_invariant | +| message | sender | {senderAddress} | + +## Parameters + +The crisis module contains the following parameters: + +| Key | Type | Example | +|-------------|---------------|-----------------------------------| +| ConstantFee | object (coin) | {"denom":"uatom","amount":"1000"} | + +## Client + +### CLI + +A user can query and interact with the `crisis` module using the CLI. + +#### Transactions + +The `tx` commands allow users to interact with the `crisis` module. + +```bash +simd tx crisis --help +``` + +##### invariant-broken + +The `invariant-broken` command submits proof when an invariant was broken to halt the chain + +```bash +simd tx crisis invariant-broken [module-name] [invariant-route] [flags] +``` + +Example: + +```bash +simd tx crisis invariant-broken bank total-supply --from=[keyname or address] +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/modules/distribution/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/modules/distribution/README.md new file mode 100644 index 00000000..32858fd6 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/modules/distribution/README.md @@ -0,0 +1,1049 @@ +--- +sidebar_position: 1 +--- + +# `x/distribution` + +## Overview + +This _simple_ distribution mechanism describes a functional way to passively +distribute rewards between validators and delegators. Note that this mechanism does +not distribute funds in as precisely as active reward distribution mechanisms and +will therefore be upgraded in the future. + +The mechanism operates as follows. Collected rewards are pooled globally and +divided out passively to validators and delegators. Each validator has the +opportunity to charge commission to the delegators on the rewards collected on +behalf of the delegators. Fees are collected directly into a global reward pool +and validator proposer-reward pool. Due to the nature of passive accounting, +whenever changes to parameters which affect the rate of reward distribution +occurs, withdrawal of rewards must also occur. + +* Whenever withdrawing, one must withdraw the maximum amount they are entitled + to, leaving nothing in the pool. +* Whenever bonding, unbonding, or re-delegating tokens to an existing account, a + full withdrawal of the rewards must occur (as the rules for lazy accounting + change). +* Whenever a validator chooses to change the commission on rewards, all accumulated + commission rewards must be simultaneously withdrawn. + +The above scenarios are covered in `hooks.md`. + +The distribution mechanism outlined herein is used to lazily distribute the +following rewards between validators and associated delegators: + +* multi-token fees to be socially distributed +* inflated staked asset provisions +* validator commission on all rewards earned by their delegators stake + +Fees are pooled within a global pool. The mechanisms used allow for validators +and delegators to independently and lazily withdraw their rewards. + +## Shortcomings + +As a part of the lazy computations, each delegator holds an accumulation term +specific to each validator which is used to estimate what their approximate +fair portion of tokens held in the global fee pool is owed to them. + +```text +entitlement = delegator-accumulation / all-delegators-accumulation +``` + +Under the circumstance that there was constant and equal flow of incoming +reward tokens every block, this distribution mechanism would be equal to the +active distribution (distribute individually to all delegators each block). +However, this is unrealistic so deviations from the active distribution will +occur based on fluctuations of incoming reward tokens as well as timing of +reward withdrawal by other delegators. + +If you happen to know that incoming rewards are about to significantly increase, +you are incentivized to not withdraw until after this event, increasing the +worth of your existing _accum_. See [#2764](https://github.com/cosmos/cosmos-sdk/issues/2764) +for further details. + +## Effect on Staking + +Charging commission on Atom provisions while also allowing for Atom-provisions +to be auto-bonded (distributed directly to the validators bonded stake) is +problematic within BPoS. Fundamentally, these two mechanisms are mutually +exclusive. If both commission and auto-bonding mechanisms are simultaneously +applied to the staking-token then the distribution of staking-tokens between +any validator and its delegators will change with each block. This then +necessitates a calculation for each delegation records for each block - +which is considered computationally expensive. + +In conclusion, we can only have Atom commission and unbonded atoms +provisions or bonded atom provisions with no Atom commission, and we elect to +implement the former. Stakeholders wishing to rebond their provisions may elect +to set up a script to periodically withdraw and rebond rewards. + +## Contents + +* [Concepts](#concepts) +* [State](#state) + * [FeePool](#feepool) + * [Validator Distribution](#validator-distribution) + * [Delegation Distribution](#delegation-distribution) + * [Params](#params) +* [Begin Block](#begin-block) +* [Messages](#messages) +* [Hooks](#hooks) +* [Events](#events) +* [Parameters](#parameters) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + +## Concepts + +In Proof of Stake (PoS) blockchains, rewards gained from transaction fees are paid to validators. The fee distribution module fairly distributes the rewards to the validators' constituent delegators. + +Rewards are calculated per period. The period is updated each time a validator's delegation changes, for example, when the validator receives a new delegation. +The rewards for a single validator can then be calculated by taking the total rewards for the period before the delegation started, minus the current total rewards. +To learn more, see the [F1 Fee Distribution paper](https://github.com/cosmos/cosmos-sdk/tree/main/docs/spec/fee_distribution/f1_fee_distr.pdf). + +The commission to the validator is paid when the validator is removed or when the validator requests a withdrawal. +The commission is calculated and incremented at every `BeginBlock` operation to update accumulated fee amounts. + +The rewards to a delegator are distributed when the delegation is changed or removed, or a withdrawal is requested. +Before rewards are distributed, all slashes to the validator that occurred during the current delegation are applied. + +### Reference Counting in F1 Fee Distribution + +In F1 fee distribution, the rewards a delegator receives are calculated when their delegation is withdrawn. This calculation must read the terms of the summation of rewards divided by the share of tokens from the period which they ended when they delegated, and the final period that was created for the withdrawal. + +Additionally, as slashes change the amount of tokens a delegation will have (but we calculate this lazily, +only when a delegator un-delegates), we must calculate rewards in separate periods before / after any slashes +which occurred in between when a delegator delegated and when they withdrew their rewards. Thus slashes, like +delegations, reference the period which was ended by the slash event. + +All stored historical rewards records for periods which are no longer referenced by any delegations +or any slashes can thus be safely removed, as they will never be read (future delegations and future +slashes will always reference future periods). This is implemented by tracking a `ReferenceCount` +along with each historical reward storage entry. Each time a new object (delegation or slash) +is created which might need to reference the historical record, the reference count is incremented. +Each time one object which previously needed to reference the historical record is deleted, the reference +count is decremented. If the reference count hits zero, the historical record is deleted. + +## State + +### FeePool + +All globally tracked parameters for distribution are stored within +`FeePool`. Rewards are collected and added to the reward pool and +distributed to validators/delegators from here. + +Note that the reward pool holds decimal coins (`DecCoins`) to allow +for fractions of coins to be received from operations like inflation. +When coins are distributed from the pool they are truncated back to +`sdk.Coins` which are non-decimal. + +* FeePool: `0x00 -> ProtocolBuffer(FeePool)` + +```go +// coins with decimal +type DecCoins []DecCoin + +type DecCoin struct { + Amount math.LegacyDec + Denom string +} +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/distribution/v1beta1/distribution.proto#L116-L123 +``` + +### Validator Distribution + +Validator distribution information for the relevant validator is updated each time: + +1. delegation amount to a validator is updated, +2. any delegator withdraws from a validator, or +3. the validator withdraws its commission. + +* ValidatorDistInfo: `0x02 | ValOperatorAddrLen (1 byte) | ValOperatorAddr -> ProtocolBuffer(validatorDistribution)` + +```go +type ValidatorDistInfo struct { + OperatorAddress sdk.AccAddress + SelfBondRewards sdkmath.DecCoins + ValidatorCommission types.ValidatorAccumulatedCommission +} +``` + +### Delegation Distribution + +Each delegation distribution only needs to record the height at which it last +withdrew fees. Because a delegation must withdraw fees each time it's +properties change (aka bonded tokens etc.) its properties will remain constant +and the delegator's _accumulation_ factor can be calculated passively knowing +only the height of the last withdrawal and its current properties. + +* DelegationDistInfo: `0x02 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValOperatorAddrLen (1 byte) | ValOperatorAddr -> ProtocolBuffer(delegatorDist)` + +```go +type DelegationDistInfo struct { + WithdrawalHeight int64 // last time this delegation withdrew rewards +} +``` + +### Params + +The distribution module stores it's params in state with the prefix of `0x09`, +it can be updated with governance or the address with authority. + +* Params: `0x09 | ProtocolBuffer(Params)` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/distribution/v1beta1/distribution.proto#L12-L42 +``` + +## Begin Block + +At each `BeginBlock`, all fees received in the previous block are transferred to +the distribution `ModuleAccount` account. When a delegator or validator +withdraws their rewards, they are taken out of the `ModuleAccount`. During begin +block, the different claims on the fees collected are updated as follows: + +* The reserve community tax is charged. +* The remainder is distributed proportionally by voting power to all bonded validators + +### The Distribution Scheme + +See [params](#params) for description of parameters. + +Let `fees` be the total fees collected in the previous block, including +inflationary rewards to the stake. All fees are collected in a specific module +account during the block. During `BeginBlock`, they are sent to the +`"distribution"` `ModuleAccount`. No other sending of tokens occurs. Instead, the +rewards each account is entitled to are stored, and withdrawals can be triggered +through the messages `FundCommunityPool`, `WithdrawValidatorCommission` and +`WithdrawDelegatorReward`. + +#### Reward to the Community Pool + +The community pool gets `community_tax * fees`, plus any remaining dust after +validators get their rewards that are always rounded down to the nearest +integer value. + +#### Reward To the Validators + +The proposer receives no extra rewards. All fees are distributed among all the +bonded validators, including the proposer, in proportion to their consensus power. + +```text +powFrac = validator power / total bonded validator power +voteMul = 1 - community_tax +``` + +All validators receive `fees * voteMul * powFrac`. + +#### Rewards to Delegators + +Each validator's rewards are distributed to its delegators. The validator also +has a self-delegation that is treated like a regular delegation in +distribution calculations. + +The validator sets a commission rate. The commission rate is flexible, but each +validator sets a maximum rate and a maximum daily increase. These maximums cannot be exceeded and protect delegators from sudden increases of validator commission rates to prevent validators from taking all of the rewards. + +The outstanding rewards that the operator is entitled to are stored in +`ValidatorAccumulatedCommission`, while the rewards the delegators are entitled +to are stored in `ValidatorCurrentRewards`. The [F1 fee distribution scheme](#concepts) is used to calculate the rewards per delegator as they +withdraw or update their delegation, and is thus not handled in `BeginBlock`. + +#### Example Distribution + +For this example distribution, the underlying consensus engine selects block proposers in +proportion to their power relative to the entire bonded power. + +All validators are equally performant at including pre-commits in their proposed +blocks. Then hold `(pre_commits included) / (total bonded validator power)` +constant so that the amortized block reward for the validator is `( validator power / total bonded power) * (1 - community tax rate)` of +the total rewards. Consequently, the reward for a single delegator is: + +```text +(delegator proportion of the validator power / validator power) * (validator power / total bonded power) + * (1 - community tax rate) * (1 - validator commission rate) += (delegator proportion of the validator power / total bonded power) * (1 - +community tax rate) * (1 - validator commission rate) +``` + +## Messages + +### MsgSetWithdrawAddress + +By default, the withdraw address is the delegator address. To change its withdraw address, a delegator must send a `MsgSetWithdrawAddress` message. +Changing the withdraw address is possible only if the parameter `WithdrawAddrEnabled` is set to `true`. + +The withdraw address cannot be any of the module accounts. These accounts are blocked from being withdraw addresses by being added to the distribution keeper's `blockedAddrs` array at initialization. + +Response: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/distribution/v1beta1/tx.proto#L49-L60 +``` + +```go +func (k Keeper) SetWithdrawAddr(ctx context.Context, delegatorAddr sdk.AccAddress, withdrawAddr sdk.AccAddress) error + if k.blockedAddrs[withdrawAddr.String()] { + fail with "`{withdrawAddr}` is not allowed to receive external funds" + } + + if !k.GetWithdrawAddrEnabled(ctx) { + fail with `ErrSetWithdrawAddrDisabled` + } + + k.SetDelegatorWithdrawAddr(ctx, delegatorAddr, withdrawAddr) +``` + +### MsgWithdrawDelegatorReward + +A delegator can withdraw its rewards. +Internally in the distribution module, this transaction simultaneously removes the previous delegation with associated rewards, the same as if the delegator simply started a new delegation of the same value. +The rewards are sent immediately from the distribution `ModuleAccount` to the withdraw address. +Any remainder (truncated decimals) are sent to the community pool. +The starting height of the delegation is set to the current validator period, and the reference count for the previous period is decremented. +The amount withdrawn is deducted from the `ValidatorOutstandingRewards` variable for the validator. + +In the F1 distribution, the total rewards are calculated per validator period, and a delegator receives a piece of those rewards in proportion to their stake in the validator. +In basic F1, the total rewards that all the delegators are entitled to between to periods is calculated the following way. +Let `R(X)` be the total accumulated rewards up to period `X` divided by the tokens staked at that time. The delegator allocation is `R(X) * delegator_stake`. +Then the rewards for all the delegators for staking between periods `A` and `B` are `(R(B) - R(A)) * total stake`. +However, these calculated rewards don't account for slashing. + +Taking the slashes into account requires iteration. +Let `F(X)` be the fraction a validator is to be slashed for a slashing event that happened at period `X`. +If the validator was slashed at periods `P1, ..., PN`, where `A < P1`, `PN < B`, the distribution module calculates the individual delegator's rewards, `T(A, B)`, as follows: + +```go +stake := initial stake +rewards := 0 +previous := A +for P in P1, ..., PN`: + rewards = (R(P) - previous) * stake + stake = stake * F(P) + previous = P +rewards = rewards + (R(B) - R(PN)) * stake +``` + +The historical rewards are calculated retroactively by playing back all the slashes and then attenuating the delegator's stake at each step. +The final calculated stake is equivalent to the actual staked coins in the delegation with a margin of error due to rounding errors. + +Response: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/distribution/v1beta1/tx.proto#L66-L77 +``` + +### WithdrawValidatorCommission + +The validator can send the WithdrawValidatorCommission message to withdraw their accumulated commission. +The commission is calculated in every block during `BeginBlock`, so no iteration is required to withdraw. +The amount withdrawn is deducted from the `ValidatorOutstandingRewards` variable for the validator. +Only integer amounts can be sent. If the accumulated awards have decimals, the amount is truncated before the withdrawal is sent, and the remainder is left to be withdrawn later. + +### FundCommunityPool + +This message sends coins directly from the sender to the community pool. + +The transaction fails if the amount cannot be transferred from the sender to the distribution module account. + +```go +func (k Keeper) FundCommunityPool(ctx context.Context, amount sdk.Coins, sender sdk.AccAddress) error { + if err := k.bankKeeper.SendCoinsFromAccountToModule(ctx, sender, types.ModuleName, amount); err != nil { + return err + } + + feePool, err := k.FeePool.Get(ctx) + if err != nil { + return err + } + + feePool.CommunityPool = feePool.CommunityPool.Add(sdk.NewDecCoinsFromCoins(amount...)...) + + if err := k.FeePool.Set(ctx, feePool); err != nil { + return err + } + + return nil +} +``` + +### Common distribution operations + +These operations take place during many different messages. + +#### Initialize delegation + +Each time a delegation is changed, the rewards are withdrawn and the delegation is reinitialized. +Initializing a delegation increments the validator period and keeps track of the starting period of the delegation. + +```go +// initialize starting info for a new delegation +func (k Keeper) initializeDelegation(ctx context.Context, val sdk.ValAddress, del sdk.AccAddress) { + // period has already been incremented - we want to store the period ended by this delegation action + previousPeriod := k.GetValidatorCurrentRewards(ctx, val).Period - 1 + + // increment reference count for the period we're going to track + k.incrementReferenceCount(ctx, val, previousPeriod) + + validator := k.stakingKeeper.Validator(ctx, val) + delegation := k.stakingKeeper.Delegation(ctx, del, val) + + // calculate delegation stake in tokens + // we don't store directly, so multiply delegation shares * (tokens per share) + // note: necessary to truncate so we don't allow withdrawing more rewards than owed + stake := validator.TokensFromSharesTruncated(delegation.GetShares()) + k.SetDelegatorStartingInfo(ctx, val, del, types.NewDelegatorStartingInfo(previousPeriod, stake, uint64(ctx.BlockHeight()))) +} +``` + +### MsgUpdateParams + +Distribution module params can be updated through `MsgUpdateParams`, which can be done using governance proposal and the signer will always be gov module account address. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/distribution/v1beta1/tx.proto#L133-L147 +``` + +The message handling can fail if: + +* signer is not the gov module account address. + +## Hooks + +Available hooks that can be called by and from this module. + +### Create or modify delegation distribution + +* triggered-by: `staking.MsgDelegate`, `staking.MsgBeginRedelegate`, `staking.MsgUndelegate` + +#### Before + +* The delegation rewards are withdrawn to the withdraw address of the delegator. + The rewards include the current period and exclude the starting period. +* The validator period is incremented. + The validator period is incremented because the validator's power and share distribution might have changed. +* The reference count for the delegator's starting period is decremented. + +#### After + +The starting height of the delegation is set to the previous period. +Because of the `Before`-hook, this period is the last period for which the delegator was rewarded. + +### Validator created + +* triggered-by: `staking.MsgCreateValidator` + +When a validator is created, the following validator variables are initialized: + +* Historical rewards +* Current accumulated rewards +* Accumulated commission +* Total outstanding rewards +* Period + +By default, all values are set to a `0`, except period, which is set to `1`. + +### Validator removed + +* triggered-by: `staking.RemoveValidator` + +Outstanding commission is sent to the validator's self-delegation withdrawal address. +Remaining delegator rewards get sent to the community fee pool. + +Note: The validator gets removed only when it has no remaining delegations. +At that time, all outstanding delegator rewards will have been withdrawn. +Any remaining rewards are dust amounts. + +### Validator is slashed + +* triggered-by: `staking.Slash` +* The current validator period reference count is incremented. + The reference count is incremented because the slash event has created a reference to it. +* The validator period is incremented. +* The slash event is stored for later use. + The slash event will be referenced when calculating delegator rewards. + +## Events + +The distribution module emits the following events: + +### BeginBlocker + +| Type | Attribute Key | Attribute Value | +|-----------------|---------------|--------------------| +| proposer_reward | validator | {validatorAddress} | +| proposer_reward | reward | {proposerReward} | +| commission | amount | {commissionAmount} | +| commission | validator | {validatorAddress} | +| rewards | amount | {rewardAmount} | +| rewards | validator | {validatorAddress} | + +### Handlers + +#### MsgSetWithdrawAddress + +| Type | Attribute Key | Attribute Value | +|----------------------|------------------|----------------------| +| set_withdraw_address | withdraw_address | {withdrawAddress} | +| message | module | distribution | +| message | action | set_withdraw_address | +| message | sender | {senderAddress} | + +#### MsgWithdrawDelegatorReward + +| Type | Attribute Key | Attribute Value | +|---------|---------------|---------------------------| +| withdraw_rewards | amount | {rewardAmount} | +| withdraw_rewards | validator | {validatorAddress} | +| message | module | distribution | +| message | action | withdraw_delegator_reward | +| message | sender | {senderAddress} | + +#### MsgWithdrawValidatorCommission + +| Type | Attribute Key | Attribute Value | +|------------|---------------|-------------------------------| +| withdraw_commission | amount | {commissionAmount} | +| message | module | distribution | +| message | action | withdraw_validator_commission | +| message | sender | {senderAddress} | + +## Parameters + +The distribution module contains the following parameters: + +| Key | Type | Example | +| ------------------- | ------------ | -------------------------- | +| communitytax | string (dec) | "0.020000000000000000" [0] | +| withdrawaddrenabled | bool | true | + +* [0] `communitytax` must be positive and cannot exceed 1.00. +* `baseproposerreward` and `bonusproposerreward` were parameters that are deprecated in v0.47 and are not used. + +:::note +The reserve pool is the pool of collected funds for use by governance taken via the `CommunityTax`. +Currently with the Cosmos SDK, tokens collected by the CommunityTax are accounted for but unspendable. +::: + +## Client + +## CLI + +A user can query and interact with the `distribution` module using the CLI. + +#### Query + +The `query` commands allow users to query `distribution` state. + +```shell +simd query distribution --help +``` + +##### commission + +The `commission` command allows users to query validator commission rewards by address. + +```shell +simd query distribution commission [address] [flags] +``` + +Example: + +```shell +simd query distribution commission cosmosvaloper1... +``` + +Example Output: + +```yml +commission: +- amount: "1000000.000000000000000000" + denom: stake +``` + +##### community-pool + +The `community-pool` command allows users to query all coin balances within the community pool. + +```shell +simd query distribution community-pool [flags] +``` + +Example: + +```shell +simd query distribution community-pool +``` + +Example Output: + +```yml +pool: +- amount: "1000000.000000000000000000" + denom: stake +``` + +##### params + +The `params` command allows users to query the parameters of the `distribution` module. + +```shell +simd query distribution params [flags] +``` + +Example: + +```shell +simd query distribution params +``` + +Example Output: + +```yml +base_proposer_reward: "0.000000000000000000" +bonus_proposer_reward: "0.000000000000000000" +community_tax: "0.020000000000000000" +withdraw_addr_enabled: true +``` + +##### rewards + +The `rewards` command allows users to query delegator rewards. Users can optionally include the validator address to query rewards earned from a specific validator. + +```shell +simd query distribution rewards [delegator-addr] [validator-addr] [flags] +``` + +Example: + +```shell +simd query distribution rewards cosmos1... +``` + +Example Output: + +```yml +rewards: +- reward: + - amount: "1000000.000000000000000000" + denom: stake + validator_address: cosmosvaloper1.. +total: +- amount: "1000000.000000000000000000" + denom: stake +``` + +##### slashes + +The `slashes` command allows users to query all slashes for a given block range. + +```shell +simd query distribution slashes [validator] [start-height] [end-height] [flags] +``` + +Example: + +```shell +simd query distribution slashes cosmosvaloper1... 1 1000 +``` + +Example Output: + +```yml +pagination: + next_key: null + total: "0" +slashes: +- validator_period: 20, + fraction: "0.009999999999999999" +``` + +##### validator-outstanding-rewards + +The `validator-outstanding-rewards` command allows users to query all outstanding (un-withdrawn) rewards for a validator and all their delegations. + +```shell +simd query distribution validator-outstanding-rewards [validator] [flags] +``` + +Example: + +```shell +simd query distribution validator-outstanding-rewards cosmosvaloper1... +``` + +Example Output: + +```yml +rewards: +- amount: "1000000.000000000000000000" + denom: stake +``` + +##### validator-distribution-info + +The `validator-distribution-info` command allows users to query validator commission and self-delegation rewards for validator. + +````shell +simd query distribution validator-distribution-info cosmosvaloper1... +``` + +Example Output: + +```yml +commission: +- amount: "100000.000000000000000000" + denom: stake +operator_address: cosmosvaloper1... +self_bond_rewards: +- amount: "100000.000000000000000000" + denom: stake +``` + +#### Transactions + +The `tx` commands allow users to interact with the `distribution` module. + +```shell +simd tx distribution --help +``` + +##### fund-community-pool + +The `fund-community-pool` command allows users to send funds to the community pool. + +```shell +simd tx distribution fund-community-pool [amount] [flags] +``` + +Example: + +```shell +simd tx distribution fund-community-pool 100stake --from cosmos1... +``` + +##### set-withdraw-addr + +The `set-withdraw-addr` command allows users to set the withdraw address for rewards associated with a delegator address. + +```shell +simd tx distribution set-withdraw-addr [withdraw-addr] [flags] +``` + +Example: + +```shell +simd tx distribution set-withdraw-addr cosmos1... --from cosmos1... +``` + +##### withdraw-all-rewards + +The `withdraw-all-rewards` command allows users to withdraw all rewards for a delegator. + +```shell +simd tx distribution withdraw-all-rewards [flags] +``` + +Example: + +```shell +simd tx distribution withdraw-all-rewards --from cosmos1... +``` + +##### withdraw-rewards + +The `withdraw-rewards` command allows users to withdraw all rewards from a given delegation address, +and optionally withdraw validator commission if the delegation address given is a validator operator and the user proves the `--commission` flag. + +```shell +simd tx distribution withdraw-rewards [validator-addr] [flags] +``` + +Example: + +```shell +simd tx distribution withdraw-rewards cosmosvaloper1... --from cosmos1... --commission +``` + +### gRPC + +A user can query the `distribution` module using gRPC endpoints. + +#### Params + +The `Params` endpoint allows users to query parameters of the `distribution` module. + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/Params +``` + +Example Output: + +```json +{ + "params": { + "communityTax": "20000000000000000", + "baseProposerReward": "00000000000000000", + "bonusProposerReward": "00000000000000000", + "withdrawAddrEnabled": true + } +} +``` + +#### ValidatorDistributionInfo + +The `ValidatorDistributionInfo` queries validator commission and self-delegation rewards for validator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"validator_address":"cosmosvalop1..."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/ValidatorDistributionInfo +``` + +Example Output: + +```json +{ + "commission": { + "commission": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] + }, + "self_bond_rewards": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ], + "validator_address": "cosmosvalop1..." +} +``` + +#### ValidatorOutstandingRewards + +The `ValidatorOutstandingRewards` endpoint allows users to query rewards of a validator address. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"validator_address":"cosmosvalop1.."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/ValidatorOutstandingRewards +``` + +Example Output: + +```json +{ + "rewards": { + "rewards": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] + } +} +``` + +#### ValidatorCommission + +The `ValidatorCommission` endpoint allows users to query accumulated commission for a validator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"validator_address":"cosmosvalop1.."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/ValidatorCommission +``` + +Example Output: + +```json +{ + "commission": { + "commission": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] + } +} +``` + +#### ValidatorSlashes + +The `ValidatorSlashes` endpoint allows users to query slash events of a validator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"validator_address":"cosmosvalop1.."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/ValidatorSlashes +``` + +Example Output: + +```json +{ + "slashes": [ + { + "validator_period": "20", + "fraction": "0.009999999999999999" + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### DelegationRewards + +The `DelegationRewards` endpoint allows users to query the total rewards accrued by a delegation. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"delegator_address":"cosmos1...","validator_address":"cosmosvalop1..."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/DelegationRewards +``` + +Example Output: + +```json +{ + "rewards": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] +} +``` + +#### DelegationTotalRewards + +The `DelegationTotalRewards` endpoint allows users to query the total rewards accrued by each validator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"delegator_address":"cosmos1..."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/DelegationTotalRewards +``` + +Example Output: + +```json +{ + "rewards": [ + { + "validatorAddress": "cosmosvaloper1...", + "reward": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] + } + ], + "total": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] +} +``` + +#### DelegatorValidators + +The `DelegatorValidators` endpoint allows users to query all validators for given delegator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"delegator_address":"cosmos1..."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/DelegatorValidators +``` + +Example Output: + +```json +{ + "validators": ["cosmosvaloper1..."] +} +``` + +#### DelegatorWithdrawAddress + +The `DelegatorWithdrawAddress` endpoint allows users to query the withdraw address of a delegator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"delegator_address":"cosmos1..."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/DelegatorWithdrawAddress +``` + +Example Output: + +```json +{ + "withdrawAddress": "cosmos1..." +} +``` + +#### CommunityPool + +The `CommunityPool` endpoint allows users to query the community pool coins. + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/CommunityPool +``` + +Example Output: + +```json +{ + "pool": [ + { + "denom": "stake", + "amount": "1000000000000000000" + } + ] +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/modules/epochs/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/modules/epochs/README.md new file mode 100644 index 00000000..7b0b0b28 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/modules/epochs/README.md @@ -0,0 +1,177 @@ +--- +sidebar_position: 1 +--- + +# `x/epochs` + +## Abstract + +Often in the SDK, we would like to run certain code every-so often. The +purpose of `epochs` module is to allow other modules to set that they +would like to be signaled once every period. So another module can +specify it wants to execute code once a week, starting at UTC-time = x. +`epochs` creates a generalized epoch interface to other modules so that +they can easily be signaled upon such events. + +## Contents + +1. **[Concept](#concepts)** +2. **[State](#state)** +3. **[Events](#events)** +4. **[Keeper](#keepers)** +5. **[Hooks](#hooks)** +6. **[Queries](#queries)** + +## Concepts + +The epochs module defines on-chain timers that execute at fixed time intervals. +Other SDK modules can then register logic to be executed at the timer ticks. +We refer to the period in between two timer ticks as an "epoch". + +Every timer has a unique identifier. +Every epoch will have a start time, and an end time, where `end time = start time + timer interval`. +On mainnet, we only utilize one identifier, with a time interval of `one day`. + +The timer will tick at the first block whose block time is greater than the timer end time, +and set the start as the prior timer end time. (Notably, it's not set to the block time!) +This means that if the chain has been down for a while, you will get one timer tick per block, +until the timer has caught up. + +## State + +The Epochs module keeps a single `EpochInfo` per identifier. +This contains the current state of the timer with the corresponding identifier. +Its fields are modified at every timer tick. +EpochInfos are initialized as part of genesis initialization or upgrade logic, +and are only modified on begin blockers. + +## Events + +The `epochs` module emits the following events: + +### BeginBlocker + +| Type | Attribute Key | Attribute Value | +| ----------- | ------------- | --------------- | +| epoch_start | epoch_number | {epoch_number} | +| epoch_start | start_time | {start_time} | + +### EndBlocker + +| Type | Attribute Key | Attribute Value | +| --------- | ------------- | --------------- | +| epoch_end | epoch_number | {epoch_number} | + +## Keepers + +### Keeper functions + +Epochs keeper module provides utility functions to manage epochs. + +## Hooks + +```go + // the first block whose timestamp is after the duration is counted as the end of the epoch + AfterEpochEnd(ctx sdk.Context, epochIdentifier string, epochNumber int64) + // new epoch is next block of epoch end block + BeforeEpochStart(ctx sdk.Context, epochIdentifier string, epochNumber int64) +``` + +### How modules receive hooks + +On hook receiver function of other modules, they need to filter +`epochIdentifier` and only do executions for only specific +epochIdentifier. Filtering epochIdentifier could be in `Params` of other +modules so that they can be modified by governance. + +This is the standard dev UX of this: + +```golang +func (k MyModuleKeeper) AfterEpochEnd(ctx sdk.Context, epochIdentifier string, epochNumber int64) { + params := k.GetParams(ctx) + if epochIdentifier == params.DistrEpochIdentifier { + // my logic + } +} +``` + +### Panic isolation + +If a given epoch hook panics, its state update is reverted, but we keep +proceeding through the remaining hooks. This allows more advanced epoch +logic to be used, without concern over state machine halting, or halting +subsequent modules. + +This does mean that if there is behavior you expect from a prior epoch +hook, and that epoch hook reverted, your hook may also have an issue. So +do keep in mind "what if a prior hook didn't get executed" in the safety +checks you consider for a new epoch hook. + +## Queries + +The Epochs module provides the following queries to check the module's state. + +```protobuf +service Query { + // EpochInfos provide running epochInfos + rpc EpochInfos(QueryEpochsInfoRequest) returns (QueryEpochsInfoResponse) {} + // CurrentEpoch provide current epoch of specified identifier + rpc CurrentEpoch(QueryCurrentEpochRequest) returns (QueryCurrentEpochResponse) {} +} +``` + +### Epoch Infos + +Query the currently running epochInfos + +```sh + query epochs epoch-infos +``` + +:::details Example + +An example output: + +```sh +epochs: +- current_epoch: "183" + current_epoch_start_height: "2438409" + current_epoch_start_time: "2021-12-18T17:16:09.898160996Z" + duration: 86400s + epoch_counting_started: true + identifier: day + start_time: "2021-06-18T17:00:00Z" +- current_epoch: "26" + current_epoch_start_height: "2424854" + current_epoch_start_time: "2021-12-17T17:02:07.229632445Z" + duration: 604800s + epoch_counting_started: true + identifier: week + start_time: "2021-06-18T17:00:00Z" +``` + +::: + +### Current Epoch + +Query the current epoch by the specified identifier + +```sh + query epochs current-epoch [identifier] +``` + +:::details Example + +Query the current `day` epoch: + +```sh + query epochs current-epoch day +``` + +Which in this example outputs: + +```sh +current_epoch: "183" +``` + +::: diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/modules/evidence/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/modules/evidence/README.md new file mode 100644 index 00000000..82cd03ba --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/modules/evidence/README.md @@ -0,0 +1,440 @@ +--- +sidebar_position: 1 +--- + +# `x/evidence` + +* [Concepts](#concepts) +* [State](#state) +* [Messages](#messages) +* [Events](#events) +* [Parameters](#parameters) +* [BeginBlock](#beginblock) +* [Client](#client) + * [CLI](#cli) + * [REST](#rest) + * [gRPC](#grpc) + +## Abstract + +`x/evidence` is an implementation of a Cosmos SDK module, per [ADR 009](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-009-evidence-module.md), +that allows for the submission and handling of arbitrary evidence of misbehavior such +as equivocation and counterfactual signing. + +The evidence module differs from standard evidence handling which typically expects the +underlying consensus engine, e.g. CometBFT, to automatically submit evidence when +it is discovered by allowing clients and foreign chains to submit more complex evidence +directly. + +All concrete evidence types must implement the `Evidence` interface contract. Submitted +`Evidence` is first routed through the evidence module's `Router` in which it attempts +to find a corresponding registered `Handler` for that specific `Evidence` type. +Each `Evidence` type must have a `Handler` registered with the evidence module's +keeper in order for it to be successfully routed and executed. + +Each corresponding handler must also fulfill the `Handler` interface contract. The +`Handler` for a given `Evidence` type can perform any arbitrary state transitions +such as slashing, jailing, and tombstoning. + +## Concepts + +### Evidence + +Any concrete type of evidence submitted to the `x/evidence` module must fulfill the +`Evidence` contract outlined below. Not all concrete types of evidence will fulfill +this contract in the same way and some data may be entirely irrelevant to certain +types of evidence. An additional `ValidatorEvidence`, which extends `Evidence`, +has also been created to define a contract for evidence against malicious validators. + +```go +// Evidence defines the contract which concrete evidence types of misbehavior +// must implement. +type Evidence interface { + proto.Message + + Route() string + String() string + Hash() []byte + ValidateBasic() error + + // Height at which the infraction occurred + GetHeight() int64 +} + +// ValidatorEvidence extends Evidence interface to define contract +// for evidence against malicious validators +type ValidatorEvidence interface { + Evidence + + // The consensus address of the malicious validator at time of infraction + GetConsensusAddress() sdk.ConsAddress + + // The total power of the malicious validator at time of infraction + GetValidatorPower() int64 + + // The total validator set power at time of infraction + GetTotalPower() int64 +} +``` + +### Registration & Handling + +The `x/evidence` module must first know about all types of evidence it is expected +to handle. This is accomplished by registering the `Route` method in the `Evidence` +contract with what is known as a `Router` (defined below). The `Router` accepts +`Evidence` and attempts to find the corresponding `Handler` for the `Evidence` +via the `Route` method. + +```go +type Router interface { + AddRoute(r string, h Handler) Router + HasRoute(r string) bool + GetRoute(path string) Handler + Seal() + Sealed() bool +} +``` + +The `Handler` (defined below) is responsible for executing the entirety of the +business logic for handling `Evidence`. This typically includes validating the +evidence, both stateless checks via `ValidateBasic` and stateful checks via any +keepers provided to the `Handler`. In addition, the `Handler` may also perform +capabilities such as slashing and jailing a validator. All `Evidence` handled +by the `Handler` should be persisted. + +```go +// Handler defines an agnostic Evidence handler. The handler is responsible +// for executing all corresponding business logic necessary for verifying the +// evidence as valid. In addition, the Handler may execute any necessary +// slashing and potential jailing. +type Handler func(context.Context, Evidence) error +``` + + +## State + +Currently the `x/evidence` module only stores valid submitted `Evidence` in state. +The evidence state is also stored and exported in the `x/evidence` module's `GenesisState`. + +```protobuf +// GenesisState defines the evidence module's genesis state. +message GenesisState { + // evidence defines all the evidence at genesis. + repeated google.protobuf.Any evidence = 1; +} + +``` + +All `Evidence` is retrieved and stored via a prefix `KVStore` using prefix `0x00` (`KeyPrefixEvidence`). + + +## Messages + +### MsgSubmitEvidence + +Evidence is submitted through a `MsgSubmitEvidence` message: + +```protobuf +// MsgSubmitEvidence represents a message that supports submitting arbitrary +// Evidence of misbehavior such as equivocation or counterfactual signing. +message MsgSubmitEvidence { + string submitter = 1; + google.protobuf.Any evidence = 2; +} +``` + +Note, the `Evidence` of a `MsgSubmitEvidence` message must have a corresponding +`Handler` registered with the `x/evidence` module's `Router` in order to be processed +and routed correctly. + +Given the `Evidence` is registered with a corresponding `Handler`, it is processed +as follows: + +```go +func SubmitEvidence(ctx Context, evidence Evidence) error { + if _, err := GetEvidence(ctx, evidence.Hash()); err == nil { + return errorsmod.Wrap(types.ErrEvidenceExists, strings.ToUpper(hex.EncodeToString(evidence.Hash()))) + } + if !router.HasRoute(evidence.Route()) { + return errorsmod.Wrap(types.ErrNoEvidenceHandlerExists, evidence.Route()) + } + + handler := router.GetRoute(evidence.Route()) + if err := handler(ctx, evidence); err != nil { + return errorsmod.Wrap(types.ErrInvalidEvidence, err.Error()) + } + + ctx.EventManager().EmitEvent( + sdk.NewEvent( + types.EventTypeSubmitEvidence, + sdk.NewAttribute(types.AttributeKeyEvidenceHash, strings.ToUpper(hex.EncodeToString(evidence.Hash()))), + ), + ) + + SetEvidence(ctx, evidence) + return nil +} +``` + +First, there must not already exist valid submitted `Evidence` of the exact same +type. Secondly, the `Evidence` is routed to the `Handler` and executed. Finally, +if there is no error in handling the `Evidence`, an event is emitted and it is persisted to state. + + +## Events + +The `x/evidence` module emits the following events: + +### Handlers + +#### MsgSubmitEvidence + +| Type | Attribute Key | Attribute Value | +| --------------- | ------------- | --------------- | +| submit_evidence | evidence_hash | {evidenceHash} | +| message | module | evidence | +| message | sender | {senderAddress} | +| message | action | submit_evidence | + + +## Parameters + +The evidence module does not contain any parameters. + + +## BeginBlock + +### Evidence Handling + +CometBFT blocks can include +[Evidence](https://github.com/cometbft/cometbft/blob/main/spec/abci/abci%2B%2B_basic_concepts.md#evidence) that indicates if a validator committed malicious behavior. The relevant information is forwarded to the application as ABCI Evidence in `abci.RequestBeginBlock` so that the validator can be punished accordingly. + +#### Equivocation + +The Cosmos SDK handles two types of evidence inside the ABCI `BeginBlock`: + +* `DuplicateVoteEvidence`, +* `LightClientAttackEvidence`. + +The evidence module handles these two evidence types the same way. First, the Cosmos SDK converts the CometBFT concrete evidence type to an SDK `Evidence` interface using `Equivocation` as the concrete type. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/evidence/v1beta1/evidence.proto#L12-L32 +``` + +For some `Equivocation` submitted in `block` to be valid, it must satisfy: + +`Evidence.Timestamp >= block.Timestamp - MaxEvidenceAge` + +Where: + +* `Evidence.Timestamp` is the timestamp in the block at height `Evidence.Height` +* `block.Timestamp` is the current block timestamp. + +If valid `Equivocation` evidence is included in a block, the validator's stake is +reduced (slashed) by `SlashFractionDoubleSign` as defined by the `x/slashing` module +of what their stake was when the infraction occurred, rather than when the evidence was discovered. +We want to "follow the stake", i.e., the stake that contributed to the infraction +should be slashed, even if it has since been redelegated or started unbonding. + +In addition, the validator is permanently jailed and tombstoned to make it impossible for that +validator to ever re-enter the validator set. + +The `Equivocation` evidence is handled as follows: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/evidence/keeper/infraction.go#L26-L140 +``` + +**Note:** The slashing, jailing, and tombstoning calls are delegated through the `x/slashing` module +that emits informative events and finally delegates calls to the `x/staking` module. See documentation +on slashing and jailing in [State Transitions](../staking/README.md#state-transitions). + +## Client + +### CLI + +A user can query and interact with the `evidence` module using the CLI. + +#### Query + +The `query` commands allows users to query `evidence` state. + +```bash +simd query evidence --help +``` + +#### evidence + +The `evidence` command allows users to list all evidence or evidence by hash. + +Usage: + +```bash +simd query evidence evidence [flags] +``` + +To query evidence by hash + +Example: + +```bash +simd query evidence evidence "DF0C23E8634E480F84B9D5674A7CDC9816466DEC28A3358F73260F68D28D7660" +``` + +Example Output: + +```bash +evidence: + consensus_address: cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h + height: 11 + power: 100 + time: "2021-10-20T16:08:38.194017624Z" +``` + +To get all evidence + +Example: + +```bash +simd query evidence list +``` + +Example Output: + +```bash +evidence: + consensus_address: cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h + height: 11 + power: 100 + time: "2021-10-20T16:08:38.194017624Z" +pagination: + next_key: null + total: "1" +``` + +### REST + +A user can query the `evidence` module using REST endpoints. + +#### Evidence + +Get evidence by hash + +```bash +/cosmos/evidence/v1beta1/evidence/{hash} +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/evidence/v1beta1/evidence/DF0C23E8634E480F84B9D5674A7CDC9816466DEC28A3358F73260F68D28D7660" +``` + +Example Output: + +```bash +{ + "evidence": { + "consensus_address": "cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h", + "height": "11", + "power": "100", + "time": "2021-10-20T16:08:38.194017624Z" + } +} +``` + +#### All evidence + +Get all evidence + +```bash +/cosmos/evidence/v1beta1/evidence +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/evidence/v1beta1/evidence" +``` + +Example Output: + +```bash +{ + "evidence": [ + { + "consensus_address": "cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h", + "height": "11", + "power": "100", + "time": "2021-10-20T16:08:38.194017624Z" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### gRPC + +A user can query the `evidence` module using gRPC endpoints. + +#### Evidence + +Get evidence by hash + +```bash +cosmos.evidence.v1beta1.Query/Evidence +``` + +Example: + +```bash +grpcurl -plaintext -d '{"evidence_hash":"DF0C23E8634E480F84B9D5674A7CDC9816466DEC28A3358F73260F68D28D7660"}' localhost:9090 cosmos.evidence.v1beta1.Query/Evidence +``` + +Example Output: + +```bash +{ + "evidence": { + "consensus_address": "cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h", + "height": "11", + "power": "100", + "time": "2021-10-20T16:08:38.194017624Z" + } +} +``` + +#### All evidence + +Get all evidence + +```bash +cosmos.evidence.v1beta1.Query/AllEvidence +``` + +Example: + +```bash +grpcurl -plaintext localhost:9090 cosmos.evidence.v1beta1.Query/AllEvidence +``` + +Example Output: + +```bash +{ + "evidence": [ + { + "consensus_address": "cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h", + "height": "11", + "power": "100", + "time": "2021-10-20T16:08:38.194017624Z" + } + ], + "pagination": { + "total": "1" + } +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/modules/feegrant/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/modules/feegrant/README.md new file mode 100644 index 00000000..07524449 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/modules/feegrant/README.md @@ -0,0 +1,396 @@ +--- +sidebar_position: 1 +--- + +# `x/feegrant` + +## Abstract + +This document specifies the fee grant module. For the full ADR, please see [Fee Grant ADR-029](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-029-fee-grant-module.md). + +This module allows accounts to grant fee allowances and to use fees from their accounts. Grantees can execute any transaction without the need to maintain sufficient fees. + +## Contents + +* [Concepts](#concepts) +* [State](#state) + * [FeeAllowance](#feeallowance) + * [FeeAllowanceQueue](#feeallowancequeue) +* [Messages](#messages) + * [Msg/GrantAllowance](#msggrantallowance) + * [Msg/RevokeAllowance](#msgrevokeallowance) +* [Events](#events) +* [Msg Server](#msg-server) + * [MsgGrantAllowance](#msggrantallowance-1) + * [MsgRevokeAllowance](#msgrevokeallowance-1) + * [Exec fee allowance](#exec-fee-allowance) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + +## Concepts + +### Grant + +`Grant` is stored in the KVStore to record a grant with full context. Every grant will contain `granter`, `grantee` and what kind of `allowance` is granted. `granter` is an account address who is giving permission to `grantee` (the beneficiary account address) to pay for some or all of `grantee`'s transaction fees. `allowance` defines what kind of fee allowance (`BasicAllowance` or `PeriodicAllowance`, see below) is granted to `grantee`. `allowance` accepts an interface which implements `FeeAllowanceI`, encoded as `Any` type. There can be only one existing fee grant allowed for a `grantee` and `granter`, self grants are not allowed. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/feegrant.proto#L83-L93 +``` + +`FeeAllowanceI` looks like: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/feegrant/fees.go#L9-L32 +``` + +### Fee Allowance types + +There are two types of fee allowances present at the moment: + +* `BasicAllowance` +* `PeriodicAllowance` +* `AllowedMsgAllowance` + +### BasicAllowance + +`BasicAllowance` is permission for `grantee` to use fee from a `granter`'s account. If any of the `spend_limit` or `expiration` reaches its limit, the grant will be removed from the state. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/feegrant.proto#L15-L28 +``` + +* `spend_limit` is the limit of coins that are allowed to be used from the `granter` account. If it is empty, it assumes there's no spend limit, `grantee` can use any number of available coins from `granter` account address before the expiration. + +* `expiration` specifies an optional time when this allowance expires. If the value is left empty, there is no expiry for the grant. + +* When a grant is created with empty values for `spend_limit` and `expiration`, it is still a valid grant. It won't restrict the `grantee` to use any number of coins from `granter` and it won't have any expiration. The only way to restrict the `grantee` is by revoking the grant. + +### PeriodicAllowance + +`PeriodicAllowance` is a repeating fee allowance for the mentioned period, we can mention when the grant can expire as well as when a period can reset. We can also define the maximum number of coins that can be used in a mentioned period of time. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/feegrant.proto#L34-L68 +``` + +* `basic` is the instance of `BasicAllowance` which is optional for periodic fee allowance. If empty, the grant will have no `expiration` and no `spend_limit`. + +* `period` is the specific period of time, after each period passes, `period_can_spend` will be reset. + +* `period_spend_limit` specifies the maximum number of coins that can be spent in the period. + +* `period_can_spend` is the number of coins left to be spent before the period_reset time. + +* `period_reset` keeps track of when a next period reset should happen. + +### AllowedMsgAllowance + +`AllowedMsgAllowance` is a fee allowance, it can be any of `BasicFeeAllowance`, `PeriodicAllowance` but restricted only to the allowed messages mentioned by the granter. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/feegrant.proto#L70-L81 +``` + +* `allowance` is either `BasicAllowance` or `PeriodicAllowance`. + +* `allowed_messages` is array of messages allowed to execute the given allowance. + +### FeeGranter flag + +`feegrant` module introduces a `FeeGranter` flag for CLI for the sake of executing transactions with fee granter. When this flag is set, `clientCtx` will append the granter account address for transactions generated through CLI. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/client/cmd.go#L249-L260 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/client/tx/tx.go#L109-L109 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/tx/builder.go#L275-L284 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/tx/v1beta1/tx.proto#L203-L224 +``` + +Example cmd: + +```go +./simd tx gov submit-proposal --title="Test Proposal" --description="My awesome proposal" --type="Text" --from validator-key --fee-granter=cosmos1xh44hxt7spr67hqaa7nyx5gnutrz5fraw6grxn --chain-id=testnet --fees="10stake" +``` + +### Granted Fee Deductions + +Fees are deducted from grants in the `x/auth` ante handler. To learn more about how ante handlers work, read the [Auth Module AnteHandlers Guide](../auth/README.md#antehandlers). + +### Gas + +In order to prevent DoS attacks, using a filtered `x/feegrant` incurs gas. The SDK must assure that the `grantee`'s transactions all conform to the filter set by the `granter`. The SDK does this by iterating over the allowed messages in the filter and charging 10 gas per filtered message. The SDK will then iterate over the messages being sent by the `grantee` to ensure the messages adhere to the filter, also charging 10 gas per message. The SDK will stop iterating and fail the transaction if it finds a message that does not conform to the filter. + +**WARNING**: The gas is charged against the granted allowance. Ensure your messages conform to the filter, if any, before sending transactions using your allowance. + +### Pruning + +A queue in the state maintained with the prefix of expiration of the grants and checks them on EndBlock with the current block time for every block to prune. + +## State + +### FeeAllowance + +Fee Allowances are identified by combining `Grantee` (the account address of fee allowance grantee) with the `Granter` (the account address of fee allowance granter). + +Fee allowance grants are stored in the state as follows: + +* Grant: `0x00 | grantee_addr_len (1 byte) | grantee_addr_bytes | granter_addr_len (1 byte) | granter_addr_bytes -> ProtocolBuffer(Grant)` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/feegrant/feegrant.pb.go#L222-L230 +``` + +### FeeAllowanceQueue + +Fee Allowances queue items are identified by combining the `FeeAllowancePrefixQueue` (i.e., 0x01), `expiration`, `grantee` (the account address of fee allowance grantee), `granter` (the account address of fee allowance granter). Endblocker checks `FeeAllowanceQueue` state for the expired grants and prunes them from `FeeAllowance` if there are any found. + +Fee allowance queue keys are stored in the state as follows: + +* Grant: `0x01 | expiration_bytes | grantee_addr_len (1 byte) | grantee_addr_bytes | granter_addr_len (1 byte) | granter_addr_bytes -> EmptyBytes` + +## Messages + +### Msg/GrantAllowance + +A fee allowance grant will be created with the `MsgGrantAllowance` message. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/tx.proto#L25-L39 +``` + +### Msg/RevokeAllowance + +An allowed grant fee allowance can be removed with the `MsgRevokeAllowance` message. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/tx.proto#L41-L54 +``` + +## Events + +The feegrant module emits the following events: + +## Msg Server + +### MsgGrantAllowance + +| Type | Attribute Key | Attribute Value | +| ------- | ------------- | ---------------- | +| message | action | set_feegrant | +| message | granter | {granterAddress} | +| message | grantee | {granteeAddress} | + +### MsgRevokeAllowance + +| Type | Attribute Key | Attribute Value | +| ------- | ------------- | ---------------- | +| message | action | revoke_feegrant | +| message | granter | {granterAddress} | +| message | grantee | {granteeAddress} | + +### Exec fee allowance + +| Type | Attribute Key | Attribute Value | +| ------- | ------------- | ---------------- | +| message | action | use_feegrant | +| message | granter | {granterAddress} | +| message | grantee | {granteeAddress} | + +### Prune fee allowances + +| Type | Attribute Key | Attribute Value | +| ------- | ------------- | ---------------- | +| message | action | prune_feegrant | +| message | pruner | {prunerAddress} | + + +## Client + +### CLI + +A user can query and interact with the `feegrant` module using the CLI. + +#### Query + +The `query` commands allow users to query `feegrant` state. + +```shell +simd query feegrant --help +``` + +##### grant + +The `grant` command allows users to query a grant for a given granter-grantee pair. + +```shell +simd query feegrant grant [granter] [grantee] [flags] +``` + +Example: + +```shell +simd query feegrant grant cosmos1.. cosmos1.. +``` + +Example Output: + +```yml +allowance: + '@type': /cosmos.feegrant.v1beta1.BasicAllowance + expiration: null + spend_limit: + - amount: "100" + denom: stake +grantee: cosmos1.. +granter: cosmos1.. +``` + +##### grants + +The `grants` command allows users to query all grants for a given grantee. + +```shell +simd query feegrant grants [grantee] [flags] +``` + +Example: + +```shell +simd query feegrant grants cosmos1.. +``` + +Example Output: + +```yml +allowances: +- allowance: + '@type': /cosmos.feegrant.v1beta1.BasicAllowance + expiration: null + spend_limit: + - amount: "100" + denom: stake + grantee: cosmos1.. + granter: cosmos1.. +pagination: + next_key: null + total: "0" +``` + +#### Transactions + +The `tx` commands allow users to interact with the `feegrant` module. + +```shell +simd tx feegrant --help +``` + +##### grant + +The `grant` command allows users to grant fee allowances to another account. The fee allowance can have an expiration date, a total spend limit, and/or a periodic spend limit. + +```shell +simd tx feegrant grant [granter] [grantee] [flags] +``` + +Example (one-time spend limit): + +```shell +simd tx feegrant grant cosmos1.. cosmos1.. --spend-limit 100stake +``` + +Example (periodic spend limit): + +```shell +simd tx feegrant grant cosmos1.. cosmos1.. --period 3600 --period-limit 10stake +``` + +##### revoke + +The `revoke` command allows users to revoke a granted fee allowance. + +```shell +simd tx feegrant revoke [granter] [grantee] [flags] +``` + +Example: + +```shell +simd tx feegrant revoke cosmos1.. cosmos1.. +``` + +### gRPC + +A user can query the `feegrant` module using gRPC endpoints. + +#### Allowance + +The `Allowance` endpoint allows users to query a granted fee allowance. + +```shell +cosmos.feegrant.v1beta1.Query/Allowance +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"grantee":"cosmos1..","granter":"cosmos1.."}' \ + localhost:9090 \ + cosmos.feegrant.v1beta1.Query/Allowance +``` + +Example Output: + +```json +{ + "allowance": { + "granter": "cosmos1..", + "grantee": "cosmos1..", + "allowance": {"@type":"/cosmos.feegrant.v1beta1.BasicAllowance","spendLimit":[{"denom":"stake","amount":"100"}]} + } +} +``` + +#### Allowances + +The `Allowances` endpoint allows users to query all granted fee allowances for a given grantee. + +```shell +cosmos.feegrant.v1beta1.Query/Allowances +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"address":"cosmos1.."}' \ + localhost:9090 \ + cosmos.feegrant.v1beta1.Query/Allowances +``` + +Example Output: + +```json +{ + "allowances": [ + { + "granter": "cosmos1..", + "grantee": "cosmos1..", + "allowance": {"@type":"/cosmos.feegrant.v1beta1.BasicAllowance","spendLimit":[{"denom":"stake","amount":"100"}]} + } + ], + "pagination": { + "total": "1" + } +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/modules/genutil/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/modules/genutil/README.md new file mode 100644 index 00000000..45cb4535 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/modules/genutil/README.md @@ -0,0 +1,89 @@ +# `x/genutil` + +## Concepts + +The `genutil` package contains a variety of genesis utility functionalities for usage within a blockchain application. Namely: + +* Genesis transactions related (gentx) +* Commands for collection and creation of gentxs +* `InitChain` processing of gentxs +* Genesis file creation +* Genesis file validation +* Genesis file migration +* CometBFT related initialization + * Translation of an app genesis to a CometBFT genesis + +## Genesis + +Genutil contains the data structure that defines an application genesis. +An application genesis consist of a consensus genesis (g.e. CometBFT genesis) and application related genesis data. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-rc.0/x/genutil/types/genesis.go#L24-L34 +``` + +The application genesis can then be translated to the consensus engine to the right format: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-rc.0/x/genutil/types/genesis.go#L126-L136 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-rc.0/server/start.go#L397-L407 +``` + +## Client + +### CLI + +The genutil commands are available under the `genesis` subcommand. + +#### add-genesis-account + +Add a genesis account to `genesis.json`. Learn more [here](https://docs.cosmos.network/main/run-node/run-node#adding-genesis-accounts). + +#### collect-gentxs + +Collect genesis txs and output a `genesis.json` file. + +```shell +simd genesis collect-gentxs +``` + +This will create a new `genesis.json` file that includes data from all the validators (we sometimes call it the "super genesis file" to distinguish it from single-validator genesis files). + +#### gentx + +Generate a genesis tx carrying a self delegation. + +```shell +simd genesis gentx [key_name] [amount] --chain-id [chain-id] +``` + +This will create the genesis transaction for your new chain. Here `amount` should be at least `1000000000stake`. +If you provide too much or too little, you will encounter an error when starting a node. + +#### migrate + +Migrate genesis to a specified target (SDK) version. + +```shell +simd genesis migrate [target-version] +``` + +:::tip +The `migrate` command is extensible and takes a `MigrationMap`. This map is a mapping of target versions to genesis migrations functions. +When not using the default `MigrationMap`, it is recommended to still call the default `MigrationMap` corresponding the SDK version of the chain and prepend/append your own genesis migrations. +::: + +#### validate-genesis + +Validates the genesis file at the default location or at the location passed as an argument. + +```shell +simd genesis validate-genesis +``` + +:::warning +Validate genesis only validates if the genesis is valid at the **current application binary**. For validating a genesis from a previous version of the application, use the `migrate` command to migrate the genesis to the current version. +::: diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/modules/gov/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/modules/gov/README.md new file mode 100644 index 00000000..87b2fc5f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/modules/gov/README.md @@ -0,0 +1,2547 @@ +--- +sidebar_position: 1 +--- + +# `x/gov` + +## Abstract + +This paper specifies the Governance module of the Cosmos SDK, which was first +described in the [Cosmos Whitepaper](https://cosmos.network/about/whitepaper) in +June 2016. + +The module enables Cosmos SDK based blockchain to support an on-chain governance +system. In this system, holders of the native staking token of the chain can vote +on proposals on a 1 token 1 vote basis. Next is a list of features the module +currently supports: + +* **Proposal submission:** Users can submit proposals with a deposit. Once the +minimum deposit is reached, the proposal enters voting period. The minimum deposit can be reached by collecting deposits from different users (including proposer) within deposit period. +* **Vote:** Participants can vote on proposals that reached MinDeposit and entered voting period. +* **Inheritance and penalties:** Delegators inherit their validator's vote if +they don't vote themselves. +* **Claiming deposit:** Users that deposited on proposals can recover their +deposits if the proposal was accepted or rejected. If the proposal was vetoed, or never entered voting period (minimum deposit not reached within deposit period), the deposit is burned. + +This module is in use on the Cosmos Hub (a.k.a [gaia](https://github.com/cosmos/gaia)). +Features that may be added in the future are described in [Future Improvements](#future-improvements). + +## Contents + +The following specification uses *ATOM* as the native staking token. The module +can be adapted to any Proof-Of-Stake blockchain by replacing *ATOM* with the native +staking token of the chain. + +* [Concepts](#concepts) + * [Proposal submission](#proposal-submission) + * [Deposit](#deposit) + * [Vote](#vote) + * [Software Upgrade](#software-upgrade) +* [State](#state) + * [Proposals](#proposals) + * [Parameters and base types](#parameters-and-base-types) + * [Deposit](#deposit-1) + * [ValidatorGovInfo](#validatorgovinfo) + * [Stores](#stores) + * [Proposal Processing Queue](#proposal-processing-queue) + * [Legacy Proposal](#legacy-proposal) +* [Messages](#messages) + * [Proposal Submission](#proposal-submission-1) + * [Deposit](#deposit-2) + * [Vote](#vote-1) +* [Events](#events) + * [EndBlocker](#endblocker) + * [Handlers](#handlers) +* [Parameters](#parameters) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) +* [Metadata](#metadata) + * [Proposal](#proposal-3) + * [Vote](#vote-5) +* [Future Improvements](#future-improvements) + +## Concepts + +*Disclaimer: This is work in progress. Mechanisms are susceptible to change.* + +The governance process is divided in a few steps that are outlined below: + +* **Proposal submission:** Proposal is submitted to the blockchain with a + deposit. +* **Vote:** Once deposit reaches a certain value (`MinDeposit`), proposal is + confirmed and vote opens. Bonded Atom holders can then send `TxGovVote` + transactions to vote on the proposal. +* **Execution** After a period of time, the votes are tallied and depending + on the result, the messages in the proposal will be executed. + +### Proposal submission + +#### Right to submit a proposal + +Every account can submit proposals by sending a `MsgSubmitProposal` transaction. +Once a proposal is submitted, it is identified by its unique `proposalID`. + +#### Proposal Messages + +A proposal includes an array of `sdk.Msg`s which are executed automatically if the +proposal passes. The messages are executed by the governance `ModuleAccount` itself. Modules +such as `x/upgrade`, that want to allow certain messages to be executed by governance +only should add a whitelist within the respective msg server, granting the governance +module the right to execute the message once a quorum has been reached. The governance +module uses the `MsgServiceRouter` to check that these messages are correctly constructed +and have a respective path to execute on but do not perform a full validity check. + +### Deposit + +To prevent spam, proposals must be submitted with a deposit in the coins defined by +the `MinDeposit` param. + +When a proposal is submitted, it has to be accompanied with a deposit that must be +strictly positive, but can be inferior to `MinDeposit`. The submitter doesn't need +to pay for the entire deposit on their own. The newly created proposal is stored in +an *inactive proposal queue* and stays there until its deposit passes the `MinDeposit`. +Other token holders can increase the proposal's deposit by sending a `Deposit` +transaction. If a proposal doesn't pass the `MinDeposit` before the deposit end time +(the time when deposits are no longer accepted), the proposal will be destroyed: the +proposal will be removed from state and the deposit will be burned (see x/gov `EndBlocker`). +When a proposal deposit passes the `MinDeposit` threshold (even during the proposal +submission) before the deposit end time, the proposal will be moved into the +*active proposal queue* and the voting period will begin. + +The deposit is kept in escrow and held by the governance `ModuleAccount` until the +proposal is finalized (passed or rejected). + +#### Deposit refund and burn + +When a proposal is finalized, the coins from the deposit are either refunded or burned +according to the final tally of the proposal: + +* If the proposal is approved or rejected but *not* vetoed, each deposit will be + automatically refunded to its respective depositor (transferred from the governance + `ModuleAccount`). +* When the proposal is vetoed with greater than 1/3, deposits will be burned from the + governance `ModuleAccount` and the proposal information along with its deposit + information will be removed from state. +* All refunded or burned deposits are removed from the state. Events are issued when + burning or refunding a deposit. + +### Vote + +#### Participants + +*Participants* are users that have the right to vote on proposals. On the +Cosmos Hub, participants are bonded Atom holders. Unbonded Atom holders and +other users do not get the right to participate in governance. However, they +can submit and deposit on proposals. + +Note that when *participants* have bonded and unbonded Atoms, their voting power is calculated from their bonded Atom holdings only. + +#### Voting period + +Once a proposal reaches `MinDeposit`, it immediately enters `Voting period`. We +define `Voting period` as the interval between the moment the vote opens and +the moment the vote closes. The initial value of `Voting period` is 2 weeks. + +#### Option set + +The option set of a proposal refers to the set of choices a participant can +choose from when casting its vote. + +The initial option set includes the following options: + +* `Yes` +* `No` +* `NoWithVeto` +* `Abstain` + +`NoWithVeto` counts as `No` but also adds a `Veto` vote. `Abstain` option +allows voters to signal that they do not intend to vote in favor or against the +proposal but accept the result of the vote. + +*Note: from the UI, for urgent proposals we should maybe add a ‘Not Urgent’ option that casts a `NoWithVeto` vote.* + +#### Weighted Votes + +[ADR-037](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-037-gov-split-vote.md) introduces the weighted vote feature which allows a staker to split their votes into several voting options. For example, it could use 70% of its voting power to vote Yes and 30% of its voting power to vote No. + +Often times the entity owning that address might not be a single individual. For example, a company might have different stakeholders who want to vote differently, and so it makes sense to allow them to split their voting power. Currently, it is not possible for them to do "passthrough voting" and giving their users voting rights over their tokens. However, with this system, exchanges can poll their users for voting preferences, and then vote on-chain proportionally to the results of the poll. + +To represent weighted vote on chain, we use the following Protobuf message. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1beta1/gov.proto#L34-L47 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1beta1/gov.proto#L181-L201 +``` + +For a weighted vote to be valid, the `options` field must not contain duplicate vote options, and the sum of weights of all options must be equal to 1. + +### Quorum + +Quorum is defined as the minimum percentage of voting power that needs to be +cast on a proposal for the result to be valid. + +### Expedited Proposals + +A proposal can be expedited, making the proposal use shorter voting duration and a higher tally threshold by its default. If an expedited proposal fails to meet the threshold within the scope of shorter voting duration, the expedited proposal is then converted to a regular proposal and restarts voting under regular voting conditions. + +#### Threshold + +Threshold is defined as the minimum proportion of `Yes` votes (excluding +`Abstain` votes) for the proposal to be accepted. + +Initially, the threshold is set at 50% of `Yes` votes, excluding `Abstain` +votes. A possibility to veto exists if more than 1/3rd of all votes are +`NoWithVeto` votes. Note, both of these values are derived from the `TallyParams` +on-chain parameter, which is modifiable by governance. +This means that proposals are accepted iff: + +* There exist bonded tokens. +* Quorum has been achieved. +* The proportion of `Abstain` votes is inferior to 1/1. +* The proportion of `NoWithVeto` votes is inferior to 1/3, including + `Abstain` votes. +* The proportion of `Yes` votes, excluding `Abstain` votes, at the end of + the voting period is superior to 1/2. + +For expedited proposals, by default, the threshold is higher than with a *normal proposal*, namely, 66.7%. + +#### Inheritance + +If a delegator does not vote, it will inherit its validator vote. + +* If the delegator votes before its validator, it will not inherit from the + validator's vote. +* If the delegator votes after its validator, it will override its validator + vote with its own. If the proposal is urgent, it is possible + that the vote will close before delegators have a chance to react and + override their validator's vote. This is not a problem, as proposals require more than 2/3rd of the total voting power to pass, when tallied at the end of the voting period. Because as little as 1/3 + 1 validation power could collude to censor transactions, non-collusion is already assumed for ranges exceeding this threshold. + +#### Validator’s punishment for non-voting + +At present, validators are not punished for failing to vote. + +#### Governance address + +Later, we may add permissioned keys that could only sign txs from certain modules. For the MVP, the `Governance address` will be the main validator address generated at account creation. This address corresponds to a different PrivKey than the CometBFT PrivKey which is responsible for signing consensus messages. Validators thus do not have to sign governance transactions with the sensitive CometBFT PrivKey. + +#### Burnable Params + +There are three parameters that define if the deposit of a proposal should be burned or returned to the depositors. + +* `BurnVoteVeto` burns the proposal deposit if the proposal gets vetoed. +* `BurnVoteQuorum` burns the proposal deposit if the proposal deposit if the vote does not reach quorum. +* `BurnProposalDepositPrevote` burns the proposal deposit if it does not enter the voting phase. + +> Note: These parameters are modifiable via governance. + +## State + +### Constitution + +`Constitution` is found in the genesis state. It is a string field intended to be used to descibe the purpose of a particular blockchain, and its expected norms. A few examples of how the constitution field can be used: + +* define the purpose of the chain, laying a foundation for its future development +* set expectations for delegators +* set expectations for validators +* define the chain's relationship to "meatspace" entities, like a foundation or corporation + +Since this is more of a social feature than a technical feature, we'll now get into some items that may have been useful to have in a genesis constitution: + +* What limitations on governance exist, if any? + * is it okay for the community to slash the wallet of a whale that they no longer feel that they want around? (viz: Juno Proposal 4 and 16) + * can governance "socially slash" a validator who is using unapproved MEV? (viz: commonwealth.im/osmosis) + * In the event of an economic emergency, what should validators do? + * Terra crash of May, 2022, saw validators choose to run a new binary with code that had not been approved by governance, because the governance token had been inflated to nothing. +* What is the purpose of the chain, specifically? + * best example of this is the Cosmos hub, where different founding groups, have different interpertations of the purpose of the network. + +This genesis entry, "constitution" hasn't been designed for existing chains, who should likely just ratify a constitution using their governance system. Instead, this is for new chains. It will allow for validators to have a much clearer idea of purpose and the expecations placed on them while operating thier nodes. Likewise, for community members, the constitution will give them some idea of what to expect from both the "chain team" and the validators, respectively. + +This constitution is designed to be immutable, and placed only in genesis, though that could change over time by a pull request to the cosmos-sdk that allows for the constitution to be changed by governance. Communities whishing to make amendments to their original constitution should use the governance mechanism and a "signaling proposal" to do exactly that. + +**Ideal use scenario for a cosmos chain constitution** + +As a chain developer, you decide that you'd like to provide clarity to your key user groups: + +* validators +* token holders +* developers (yourself) + +You use the constitution to immutably store some Markdown in genesis, so that when difficult questions come up, the constutituon can provide guidance to the community. + +### Proposals + +`Proposal` objects are used to tally votes and generally track the proposal's state. +They contain an array of arbitrary `sdk.Msg`'s which the governance module will attempt +to resolve and then execute if the proposal passes. `Proposal`'s are identified by a +unique id and contains a series of timestamps: `submit_time`, `deposit_end_time`, +`voting_start_time`, `voting_end_time` which track the lifecycle of a proposal + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/gov.proto#L51-L99 +``` + +A proposal will generally require more than just a set of messages to explain its +purpose but need some greater justification and allow a means for interested participants +to discuss and debate the proposal. +In most cases, **it is encouraged to have an off-chain system that supports the on-chain governance process**. +To accommodate for this, a proposal contains a special **`metadata`** field, a string, +which can be used to add context to the proposal. The `metadata` field allows custom use for networks, +however, it is expected that the field contains a URL or some form of CID using a system such as +[IPFS](https://docs.ipfs.io/concepts/content-addressing/). To support the case of +interoperability across networks, the SDK recommends that the `metadata` represents +the following `JSON` template: + +```json +{ + "title": "...", + "description": "...", + "forum": "...", // a link to the discussion platform (i.e. Discord) + "other": "..." // any extra data that doesn't correspond to the other fields +} +``` + +This makes it far easier for clients to support multiple networks. + +The metadata has a maximum length that is chosen by the app developer, and +passed into the gov keeper as a config. The default maximum length in the SDK is 255 characters. + +#### Writing a module that uses governance + +There are many aspects of a chain, or of the individual modules that you may want to +use governance to perform such as changing various parameters. This is very simple +to do. First, write out your message types and `MsgServer` implementation. Add an +`authority` field to the keeper which will be populated in the constructor with the +governance module account: `govKeeper.GetGovernanceAccount().GetAddress()`. Then for +the methods in the `msg_server.go`, perform a check on the message that the signer +matches `authority`. This will prevent any user from executing that message. + +### Parameters and base types + +`Parameters` define the rules according to which votes are run. There can only +be one active parameter set at any given time. If governance wants to change a +parameter set, either to modify a value or add/remove a parameter field, a new +parameter set has to be created and the previous one rendered inactive. + +#### DepositParams + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/gov.proto#L152-L162 +``` + +#### VotingParams + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/gov.proto#L164-L168 +``` + +#### TallyParams + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/gov.proto#L170-L182 +``` + +Parameters are stored in a global `GlobalParams` KVStore. + +Additionally, we introduce some basic types: + +```go +type Vote byte + +const ( + VoteYes = 0x1 + VoteNo = 0x2 + VoteNoWithVeto = 0x3 + VoteAbstain = 0x4 +) + +type ProposalType string + +const ( + ProposalTypePlainText = "Text" + ProposalTypeSoftwareUpgrade = "SoftwareUpgrade" +) + +type ProposalStatus byte + + +const ( + StatusNil ProposalStatus = 0x00 + StatusDepositPeriod ProposalStatus = 0x01 // Proposal is submitted. Participants can deposit on it but not vote + StatusVotingPeriod ProposalStatus = 0x02 // MinDeposit is reached, participants can vote + StatusPassed ProposalStatus = 0x03 // Proposal passed and successfully executed + StatusRejected ProposalStatus = 0x04 // Proposal has been rejected + StatusFailed ProposalStatus = 0x05 // Proposal passed but failed execution +) +``` + +### Deposit + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/gov.proto#L38-L49 +``` + +### ValidatorGovInfo + +This type is used in a temp map when tallying + +```go + type ValidatorGovInfo struct { + Minus sdk.Dec + Vote Vote + } +``` + +## Stores + +:::note +Stores are KVStores in the multi-store. The key to find the store is the first parameter in the list +::: + +We will use one KVStore `Governance` to store four mappings: + +* A mapping from `proposalID|'proposal'` to `Proposal`. +* A mapping from `proposalID|'addresses'|address` to `Vote`. This mapping allows + us to query all addresses that voted on the proposal along with their vote by + doing a range query on `proposalID:addresses`. +* A mapping from `ParamsKey|'Params'` to `Params`. This map allows to query all + x/gov params. +* A mapping from `VotingPeriodProposalKeyPrefix|proposalID` to a single byte. This allows + us to know if a proposal is in the voting period or not with very low gas cost. + +For pseudocode purposes, here are the two function we will use to read or write in stores: + +* `load(StoreKey, Key)`: Retrieve item stored at key `Key` in store found at key `StoreKey` in the multistore +* `store(StoreKey, Key, value)`: Write value `Value` at key `Key` in store found at key `StoreKey` in the multistore + +### Proposal Processing Queue + +**Store:** + +* `ProposalProcessingQueue`: A queue `queue[proposalID]` containing all the + `ProposalIDs` of proposals that reached `MinDeposit`. During each `EndBlock`, + all the proposals that have reached the end of their voting period are processed. + To process a finished proposal, the application tallies the votes, computes the + votes of each validator and checks if every validator in the validator set has + voted. If the proposal is accepted, deposits are refunded. Finally, the proposal + content `Handler` is executed. + +And the pseudocode for the `ProposalProcessingQueue`: + +```go + in EndBlock do + + for finishedProposalID in GetAllFinishedProposalIDs(block.Time) + proposal = load(Governance, ) // proposal is a const key + + validators = Keeper.getAllValidators() + tmpValMap := map(sdk.AccAddress)ValidatorGovInfo + + // Initiate mapping at 0. This is the amount of shares of the validator's vote that will be overridden by their delegator's votes + for each validator in validators + tmpValMap(validator.OperatorAddr).Minus = 0 + + // Tally + voterIterator = rangeQuery(Governance, ) //return all the addresses that voted on the proposal + for each (voterAddress, vote) in voterIterator + delegations = stakingKeeper.getDelegations(voterAddress) // get all delegations for current voter + + for each delegation in delegations + // make sure delegation.Shares does NOT include shares being unbonded + tmpValMap(delegation.ValidatorAddr).Minus += delegation.Shares + proposal.updateTally(vote, delegation.Shares) + + _, isVal = stakingKeeper.getValidator(voterAddress) + if (isVal) + tmpValMap(voterAddress).Vote = vote + + tallyingParam = load(GlobalParams, 'TallyingParam') + + // Update tally if validator voted + for each validator in validators + if tmpValMap(validator).HasVoted + proposal.updateTally(tmpValMap(validator).Vote, (validator.TotalShares - tmpValMap(validator).Minus)) + + + + // Check if proposal is accepted or rejected + totalNonAbstain := proposal.YesVotes + proposal.NoVotes + proposal.NoWithVetoVotes + if (proposal.Votes.YesVotes/totalNonAbstain > tallyingParam.Threshold AND proposal.Votes.NoWithVetoVotes/totalNonAbstain < tallyingParam.Veto) + // proposal was accepted at the end of the voting period + // refund deposits (non-voters already punished) + for each (amount, depositor) in proposal.Deposits + depositor.AtomBalance += amount + + stateWriter, err := proposal.Handler() + if err != nil + // proposal passed but failed during state execution + proposal.CurrentStatus = ProposalStatusFailed + else + // proposal pass and state is persisted + proposal.CurrentStatus = ProposalStatusAccepted + stateWriter.save() + else + // proposal was rejected + proposal.CurrentStatus = ProposalStatusRejected + + store(Governance, , proposal) +``` + +### Legacy Proposal + +:::warning +Legacy proposals are deprecated. Use the new proposal flow by granting the governance module the right to execute the message. +::: + +A legacy proposal is the old implementation of governance proposal. +Contrary to proposal that can contain any messages, a legacy proposal allows to submit a set of pre-defined proposals. +These proposals are defined by their types and handled by handlers that are registered in the gov v1beta1 router. + +More information on how to submit proposals in the [client section](#client). + +## Messages + +### Proposal Submission + +Proposals can be submitted by any account via a `MsgSubmitProposal` transaction. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/tx.proto#L42-L69 +``` + +All `sdk.Msgs` passed into the `messages` field of a `MsgSubmitProposal` message +must be registered in the app's `MsgServiceRouter`. Each of these messages must +have one signer, namely the gov module account. And finally, the metadata length +must not be larger than the `maxMetadataLen` config passed into the gov keeper. +The `initialDeposit` must be strictly positive and conform to the accepted denom of the `MinDeposit` param. + +**State modifications:** + +* Generate new `proposalID` +* Create new `Proposal` +* Initialise `Proposal`'s attributes +* Decrease balance of sender by `InitialDeposit` +* If `MinDeposit` is reached: + * Push `proposalID` in `ProposalProcessingQueue` +* Transfer `InitialDeposit` from the `Proposer` to the governance `ModuleAccount` + +### Deposit + +Once a proposal is submitted, if `Proposal.TotalDeposit < ActiveParam.MinDeposit`, Atom holders can send +`MsgDeposit` transactions to increase the proposal's deposit. + +A deposit is accepted iff: + +* The proposal exists +* The proposal is not in the voting period +* The deposited coins are conform to the accepted denom from the `MinDeposit` param + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/tx.proto#L134-L147 +``` + +**State modifications:** + +* Decrease balance of sender by `deposit` +* Add `deposit` of sender in `proposal.Deposits` +* Increase `proposal.TotalDeposit` by sender's `deposit` +* If `MinDeposit` is reached: + * Push `proposalID` in `ProposalProcessingQueueEnd` +* Transfer `Deposit` from the `proposer` to the governance `ModuleAccount` + +### Vote + +Once `ActiveParam.MinDeposit` is reached, voting period starts. From there, +bonded Atom holders are able to send `MsgVote` transactions to cast their +vote on the proposal. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/tx.proto#L92-L108 +``` + +**State modifications:** + +* Record `Vote` of sender + +:::note +Gas cost for this message has to take into account the future tallying of the vote in EndBlocker. +::: + +## Events + +The governance module emits the following events: + +### EndBlocker + +| Type | Attribute Key | Attribute Value | +|-------------------|-----------------|------------------| +| inactive_proposal | proposal_id | {proposalID} | +| inactive_proposal | proposal_result | {proposalResult} | +| active_proposal | proposal_id | {proposalID} | +| active_proposal | proposal_result | {proposalResult} | + +### Handlers + +#### MsgSubmitProposal + +| Type | Attribute Key | Attribute Value | +|---------------------|---------------------|-----------------| +| submit_proposal | proposal_id | {proposalID} | +| submit_proposal [0] | voting_period_start | {proposalID} | +| proposal_deposit | amount | {depositAmount} | +| proposal_deposit | proposal_id | {proposalID} | +| message | module | governance | +| message | action | submit_proposal | +| message | sender | {senderAddress} | + +* [0] Event only emitted if the voting period starts during the submission. + +#### MsgVote + +| Type | Attribute Key | Attribute Value | +|---------------|---------------|-----------------| +| proposal_vote | option | {voteOption} | +| proposal_vote | proposal_id | {proposalID} | +| message | module | governance | +| message | action | vote | +| message | sender | {senderAddress} | + +#### MsgVoteWeighted + +| Type | Attribute Key | Attribute Value | +|---------------|---------------|-----------------------| +| proposal_vote | option | {weightedVoteOptions} | +| proposal_vote | proposal_id | {proposalID} | +| message | module | governance | +| message | action | vote | +| message | sender | {senderAddress} | + +#### MsgDeposit + +| Type | Attribute Key | Attribute Value | +|----------------------|---------------------|-----------------| +| proposal_deposit | amount | {depositAmount} | +| proposal_deposit | proposal_id | {proposalID} | +| proposal_deposit [0] | voting_period_start | {proposalID} | +| message | module | governance | +| message | action | deposit | +| message | sender | {senderAddress} | + +* [0] Event only emitted if the voting period starts during the submission. + +## Parameters + +The governance module contains the following parameters: + +| Key | Type | Example | +|-------------------------------|------------------|-----------------------------------------| +| min_deposit | array (coins) | [{"denom":"uatom","amount":"10000000"}] | +| max_deposit_period | string (time ns) | "172800000000000" (17280s) | +| voting_period | string (time ns) | "172800000000000" (17280s) | +| quorum | string (dec) | "0.334000000000000000" | +| threshold | string (dec) | "0.500000000000000000" | +| veto | string (dec) | "0.334000000000000000" | +| expedited_threshold | string (time ns) | "0.667000000000000000" | +| expedited_voting_period | string (time ns) | "86400000000000" (8600s) | +| expedited_min_deposit | array (coins) | [{"denom":"uatom","amount":"50000000"}] | +| burn_proposal_deposit_prevote | bool | false | +| burn_vote_quorum | bool | false | +| burn_vote_veto | bool | true | +| min_initial_deposit_ratio | string | "0.1" | + + +**NOTE**: The governance module contains parameters that are objects unlike other +modules. If only a subset of parameters are desired to be changed, only they need +to be included and not the entire parameter object structure. + +## Client + +### CLI + +A user can query and interact with the `gov` module using the CLI. + +#### Query + +The `query` commands allow users to query `gov` state. + +```bash +simd query gov --help +``` + +##### deposit + +The `deposit` command allows users to query a deposit for a given proposal from a given depositor. + +```bash +simd query gov deposit [proposal-id] [depositer-addr] [flags] +``` + +Example: + +```bash +simd query gov deposit 1 cosmos1.. +``` + +Example Output: + +```bash +amount: +- amount: "100" + denom: stake +depositor: cosmos1.. +proposal_id: "1" +``` + +##### deposits + +The `deposits` command allows users to query all deposits for a given proposal. + +```bash +simd query gov deposits [proposal-id] [flags] +``` + +Example: + +```bash +simd query gov deposits 1 +``` + +Example Output: + +```bash +deposits: +- amount: + - amount: "100" + denom: stake + depositor: cosmos1.. + proposal_id: "1" +pagination: + next_key: null + total: "0" +``` + +##### param + +The `param` command allows users to query a given parameter for the `gov` module. + +```bash +simd query gov param [param-type] [flags] +``` + +Example: + +```bash +simd query gov param voting +``` + +Example Output: + +```bash +voting_period: "172800000000000" +``` + +##### params + +The `params` command allows users to query all parameters for the `gov` module. + +```bash +simd query gov params [flags] +``` + +Example: + +```bash +simd query gov params +``` + +Example Output: + +```bash +deposit_params: + max_deposit_period: 172800s + min_deposit: + - amount: "10000000" + denom: stake +params: + expedited_min_deposit: + - amount: "50000000" + denom: stake + expedited_threshold: "0.670000000000000000" + expedited_voting_period: 86400s + max_deposit_period: 172800s + min_deposit: + - amount: "10000000" + denom: stake + min_initial_deposit_ratio: "0.000000000000000000" + proposal_cancel_burn_rate: "0.500000000000000000" + quorum: "0.334000000000000000" + threshold: "0.500000000000000000" + veto_threshold: "0.334000000000000000" + voting_period: 172800s +tally_params: + quorum: "0.334000000000000000" + threshold: "0.500000000000000000" + veto_threshold: "0.334000000000000000" +voting_params: + voting_period: 172800s +``` + +##### proposal + +The `proposal` command allows users to query a given proposal. + +```bash +simd query gov proposal [proposal-id] [flags] +``` + +Example: + +```bash +simd query gov proposal 1 +``` + +Example Output: + +```bash +deposit_end_time: "2022-03-30T11:50:20.819676256Z" +final_tally_result: + abstain_count: "0" + no_count: "0" + no_with_veto_count: "0" + yes_count: "0" +id: "1" +messages: +- '@type': /cosmos.bank.v1beta1.MsgSend + amount: + - amount: "10" + denom: stake + from_address: cosmos1.. + to_address: cosmos1.. +metadata: AQ== +status: PROPOSAL_STATUS_DEPOSIT_PERIOD +submit_time: "2022-03-28T11:50:20.819676256Z" +total_deposit: +- amount: "10" + denom: stake +voting_end_time: null +voting_start_time: null +``` + +##### proposals + +The `proposals` command allows users to query all proposals with optional filters. + +```bash +simd query gov proposals [flags] +``` + +Example: + +```bash +simd query gov proposals +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "0" +proposals: +- deposit_end_time: "2022-03-30T11:50:20.819676256Z" + final_tally_result: + abstain_count: "0" + no_count: "0" + no_with_veto_count: "0" + yes_count: "0" + id: "1" + messages: + - '@type': /cosmos.bank.v1beta1.MsgSend + amount: + - amount: "10" + denom: stake + from_address: cosmos1.. + to_address: cosmos1.. + metadata: AQ== + status: PROPOSAL_STATUS_DEPOSIT_PERIOD + submit_time: "2022-03-28T11:50:20.819676256Z" + total_deposit: + - amount: "10" + denom: stake + voting_end_time: null + voting_start_time: null +- deposit_end_time: "2022-03-30T14:02:41.165025015Z" + final_tally_result: + abstain_count: "0" + no_count: "0" + no_with_veto_count: "0" + yes_count: "0" + id: "2" + messages: + - '@type': /cosmos.bank.v1beta1.MsgSend + amount: + - amount: "10" + denom: stake + from_address: cosmos1.. + to_address: cosmos1.. + metadata: AQ== + status: PROPOSAL_STATUS_DEPOSIT_PERIOD + submit_time: "2022-03-28T14:02:41.165025015Z" + total_deposit: + - amount: "10" + denom: stake + voting_end_time: null + voting_start_time: null +``` + +##### proposer + +The `proposer` command allows users to query the proposer for a given proposal. + +```bash +simd query gov proposer [proposal-id] [flags] +``` + +Example: + +```bash +simd query gov proposer 1 +``` + +Example Output: + +```bash +proposal_id: "1" +proposer: cosmos1.. +``` + +##### tally + +The `tally` command allows users to query the tally of a given proposal vote. + +```bash +simd query gov tally [proposal-id] [flags] +``` + +Example: + +```bash +simd query gov tally 1 +``` + +Example Output: + +```bash +abstain: "0" +"no": "0" +no_with_veto: "0" +"yes": "1" +``` + +##### vote + +The `vote` command allows users to query a vote for a given proposal. + +```bash +simd query gov vote [proposal-id] [voter-addr] [flags] +``` + +Example: + +```bash +simd query gov vote 1 cosmos1.. +``` + +Example Output: + +```bash +option: VOTE_OPTION_YES +options: +- option: VOTE_OPTION_YES + weight: "1.000000000000000000" +proposal_id: "1" +voter: cosmos1.. +``` + +##### votes + +The `votes` command allows users to query all votes for a given proposal. + +```bash +simd query gov votes [proposal-id] [flags] +``` + +Example: + +```bash +simd query gov votes 1 +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "0" +votes: +- option: VOTE_OPTION_YES + options: + - option: VOTE_OPTION_YES + weight: "1.000000000000000000" + proposal_id: "1" + voter: cosmos1.. +``` + +#### Transactions + +The `tx` commands allow users to interact with the `gov` module. + +```bash +simd tx gov --help +``` + +##### deposit + +The `deposit` command allows users to deposit tokens for a given proposal. + +```bash +simd tx gov deposit [proposal-id] [deposit] [flags] +``` + +Example: + +```bash +simd tx gov deposit 1 10000000stake --from cosmos1.. +``` + +##### draft-proposal + +The `draft-proposal` command allows users to draft any type of proposal. +The command returns a `draft_proposal.json`, to be used by `submit-proposal` after being completed. +The `draft_metadata.json` is meant to be uploaded to [IPFS](#metadata). + +```bash +simd tx gov draft-proposal +``` + +##### submit-proposal + +The `submit-proposal` command allows users to submit a governance proposal along with some messages and metadata. +Messages, metadata and deposit are defined in a JSON file. + +```bash +simd tx gov submit-proposal [path-to-proposal-json] [flags] +``` + +Example: + +```bash +simd tx gov submit-proposal /path/to/proposal.json --from cosmos1.. +``` + +where `proposal.json` contains: + +```json +{ + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1...", // The gov module module address + "to_address": "cosmos1...", + "amount":[{"denom": "stake","amount": "10"}] + } + ], + "metadata": "AQ==", + "deposit": "10stake", + "title": "Proposal Title", + "summary": "Proposal Summary" +} +``` + +:::note +By default the metadata, summary and title are both limited by 255 characters, this can be overridden by the application developer. +::: + +:::tip +When metadata is not specified, the title is limited to 255 characters and the summary 40x the title length. +::: + +##### submit-legacy-proposal + +The `submit-legacy-proposal` command allows users to submit a governance legacy proposal along with an initial deposit. + +```bash +simd tx gov submit-legacy-proposal [command] [flags] +``` + +Example: + +```bash +simd tx gov submit-legacy-proposal --title="Test Proposal" --description="testing" --type="Text" --deposit="100000000stake" --from cosmos1.. +``` + +Example (`param-change`): + +```bash +simd tx gov submit-legacy-proposal param-change proposal.json --from cosmos1.. +``` + +```json +{ + "title": "Test Proposal", + "description": "testing, testing, 1, 2, 3", + "changes": [ + { + "subspace": "staking", + "key": "MaxValidators", + "value": 100 + } + ], + "deposit": "10000000stake" +} +``` + +#### cancel-proposal + +Once proposal is canceled, from the deposits of proposal `deposits * proposal_cancel_ratio` will be burned or sent to `ProposalCancelDest` address , if `ProposalCancelDest` is empty then deposits will be burned. The `remaining deposits` will be sent to depositers. + +```bash +simd tx gov cancel-proposal [proposal-id] [flags] +``` + +Example: + +```bash +simd tx gov cancel-proposal 1 --from cosmos1... +``` + +##### vote + +The `vote` command allows users to submit a vote for a given governance proposal. + +```bash +simd tx gov vote [command] [flags] +``` + +Example: + +```bash +simd tx gov vote 1 yes --from cosmos1.. +``` + +##### weighted-vote + +The `weighted-vote` command allows users to submit a weighted vote for a given governance proposal. + +```bash +simd tx gov weighted-vote [proposal-id] [weighted-options] [flags] +``` + +Example: + +```bash +simd tx gov weighted-vote 1 yes=0.5,no=0.5 --from cosmos1.. +``` + +### gRPC + +A user can query the `gov` module using gRPC endpoints. + +#### Proposal + +The `Proposal` endpoint allows users to query a given proposal. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Proposal +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Proposal +``` + +Example Output: + +```bash +{ + "proposal": { + "proposalId": "1", + "content": {"@type":"/cosmos.gov.v1beta1.TextProposal","description":"testing, testing, 1, 2, 3","title":"Test Proposal"}, + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "finalTallyResult": { + "yes": "0", + "abstain": "0", + "no": "0", + "noWithVeto": "0" + }, + "submitTime": "2021-09-16T19:40:08.712440474Z", + "depositEndTime": "2021-09-18T19:40:08.712440474Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10000000" + } + ], + "votingStartTime": "2021-09-16T19:40:08.712440474Z", + "votingEndTime": "2021-09-18T19:40:08.712440474Z", + "title": "Test Proposal", + "summary": "testing, testing, 1, 2, 3" + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Proposal +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Proposal +``` + +Example Output: + +```bash +{ + "proposal": { + "id": "1", + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"10"}],"fromAddress":"cosmos1..","toAddress":"cosmos1.."} + ], + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "finalTallyResult": { + "yesCount": "0", + "abstainCount": "0", + "noCount": "0", + "noWithVetoCount": "0" + }, + "submitTime": "2022-03-28T11:50:20.819676256Z", + "depositEndTime": "2022-03-30T11:50:20.819676256Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10000000" + } + ], + "votingStartTime": "2022-03-28T14:25:26.644857113Z", + "votingEndTime": "2022-03-30T14:25:26.644857113Z", + "metadata": "AQ==", + "title": "Test Proposal", + "summary": "testing, testing, 1, 2, 3" + } +} +``` + +#### Proposals + +The `Proposals` endpoint allows users to query all proposals with optional filters. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Proposals +``` + +Example: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Proposals +``` + +Example Output: + +```bash +{ + "proposals": [ + { + "proposalId": "1", + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "finalTallyResult": { + "yes": "0", + "abstain": "0", + "no": "0", + "noWithVeto": "0" + }, + "submitTime": "2022-03-28T11:50:20.819676256Z", + "depositEndTime": "2022-03-30T11:50:20.819676256Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10000000010" + } + ], + "votingStartTime": "2022-03-28T14:25:26.644857113Z", + "votingEndTime": "2022-03-30T14:25:26.644857113Z" + }, + { + "proposalId": "2", + "status": "PROPOSAL_STATUS_DEPOSIT_PERIOD", + "finalTallyResult": { + "yes": "0", + "abstain": "0", + "no": "0", + "noWithVeto": "0" + }, + "submitTime": "2022-03-28T14:02:41.165025015Z", + "depositEndTime": "2022-03-30T14:02:41.165025015Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10" + } + ], + "votingStartTime": "0001-01-01T00:00:00Z", + "votingEndTime": "0001-01-01T00:00:00Z" + } + ], + "pagination": { + "total": "2" + } +} + +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Proposals +``` + +Example: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + cosmos.gov.v1.Query/Proposals +``` + +Example Output: + +```bash +{ + "proposals": [ + { + "id": "1", + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"10"}],"fromAddress":"cosmos1..","toAddress":"cosmos1.."} + ], + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "finalTallyResult": { + "yesCount": "0", + "abstainCount": "0", + "noCount": "0", + "noWithVetoCount": "0" + }, + "submitTime": "2022-03-28T11:50:20.819676256Z", + "depositEndTime": "2022-03-30T11:50:20.819676256Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10000000010" + } + ], + "votingStartTime": "2022-03-28T14:25:26.644857113Z", + "votingEndTime": "2022-03-30T14:25:26.644857113Z", + "metadata": "AQ==", + "title": "Proposal Title", + "summary": "Proposal Summary" + }, + { + "id": "2", + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"10"}],"fromAddress":"cosmos1..","toAddress":"cosmos1.."} + ], + "status": "PROPOSAL_STATUS_DEPOSIT_PERIOD", + "finalTallyResult": { + "yesCount": "0", + "abstainCount": "0", + "noCount": "0", + "noWithVetoCount": "0" + }, + "submitTime": "2022-03-28T14:02:41.165025015Z", + "depositEndTime": "2022-03-30T14:02:41.165025015Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10" + } + ], + "metadata": "AQ==", + "title": "Proposal Title", + "summary": "Proposal Summary" + } + ], + "pagination": { + "total": "2" + } +} +``` + +#### Vote + +The `Vote` endpoint allows users to query a vote for a given proposal. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Vote +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1","voter":"cosmos1.."}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Vote +``` + +Example Output: + +```bash +{ + "vote": { + "proposalId": "1", + "voter": "cosmos1..", + "option": "VOTE_OPTION_YES", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1000000000000000000" + } + ] + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Vote +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1","voter":"cosmos1.."}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Vote +``` + +Example Output: + +```bash +{ + "vote": { + "proposalId": "1", + "voter": "cosmos1..", + "option": "VOTE_OPTION_YES", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ] + } +} +``` + +#### Votes + +The `Votes` endpoint allows users to query all votes for a given proposal. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Votes +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Votes +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposalId": "1", + "voter": "cosmos1..", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1000000000000000000" + } + ] + } + ], + "pagination": { + "total": "1" + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Votes +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Votes +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposalId": "1", + "voter": "cosmos1..", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ] + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### Params + +The `Params` endpoint allows users to query all parameters for the `gov` module. + + + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Params +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"params_type":"voting"}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Params +``` + +Example Output: + +```bash +{ + "votingParams": { + "votingPeriod": "172800s" + }, + "depositParams": { + "maxDepositPeriod": "0s" + }, + "tallyParams": { + "quorum": "MA==", + "threshold": "MA==", + "vetoThreshold": "MA==" + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Params +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"params_type":"voting"}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Params +``` + +Example Output: + +```bash +{ + "votingParams": { + "votingPeriod": "172800s" + } +} +``` + +#### Deposit + +The `Deposit` endpoint allows users to query a deposit for a given proposal from a given depositor. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Deposit +``` + +Example: + +```bash +grpcurl -plaintext \ + '{"proposal_id":"1","depositor":"cosmos1.."}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Deposit +``` + +Example Output: + +```bash +{ + "deposit": { + "proposalId": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Deposit +``` + +Example: + +```bash +grpcurl -plaintext \ + '{"proposal_id":"1","depositor":"cosmos1.."}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Deposit +``` + +Example Output: + +```bash +{ + "deposit": { + "proposalId": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } +} +``` + +#### deposits + +The `Deposits` endpoint allows users to query all deposits for a given proposal. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Deposits +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Deposits +``` + +Example Output: + +```bash +{ + "deposits": [ + { + "proposalId": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } + ], + "pagination": { + "total": "1" + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Deposits +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Deposits +``` + +Example Output: + +```bash +{ + "deposits": [ + { + "proposalId": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### TallyResult + +The `TallyResult` endpoint allows users to query the tally of a given proposal. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/TallyResult +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/TallyResult +``` + +Example Output: + +```bash +{ + "tally": { + "yes": "1000000", + "abstain": "0", + "no": "0", + "noWithVeto": "0" + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/TallyResult +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1.Query/TallyResult +``` + +Example Output: + +```bash +{ + "tally": { + "yes": "1000000", + "abstain": "0", + "no": "0", + "noWithVeto": "0" + } +} +``` + +### REST + +A user can query the `gov` module using REST endpoints. + +#### proposal + +The `proposals` endpoint allows users to query a given proposal. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1 +``` + +Example Output: + +```bash +{ + "proposal": { + "proposal_id": "1", + "content": null, + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "final_tally_result": { + "yes": "0", + "abstain": "0", + "no": "0", + "no_with_veto": "0" + }, + "submit_time": "2022-03-28T11:50:20.819676256Z", + "deposit_end_time": "2022-03-30T11:50:20.819676256Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10000000010" + } + ], + "voting_start_time": "2022-03-28T14:25:26.644857113Z", + "voting_end_time": "2022-03-30T14:25:26.644857113Z" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1 +``` + +Example Output: + +```bash +{ + "proposal": { + "id": "1", + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1..", + "to_address": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10" + } + ] + } + ], + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "final_tally_result": { + "yes_count": "0", + "abstain_count": "0", + "no_count": "0", + "no_with_veto_count": "0" + }, + "submit_time": "2022-03-28T11:50:20.819676256Z", + "deposit_end_time": "2022-03-30T11:50:20.819676256Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10000000" + } + ], + "voting_start_time": "2022-03-28T14:25:26.644857113Z", + "voting_end_time": "2022-03-30T14:25:26.644857113Z", + "metadata": "AQ==", + "title": "Proposal Title", + "summary": "Proposal Summary" + } +} +``` + +#### proposals + +The `proposals` endpoint also allows users to query all proposals with optional filters. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals +``` + +Example Output: + +```bash +{ + "proposals": [ + { + "proposal_id": "1", + "content": null, + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "final_tally_result": { + "yes": "0", + "abstain": "0", + "no": "0", + "no_with_veto": "0" + }, + "submit_time": "2022-03-28T11:50:20.819676256Z", + "deposit_end_time": "2022-03-30T11:50:20.819676256Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10000000" + } + ], + "voting_start_time": "2022-03-28T14:25:26.644857113Z", + "voting_end_time": "2022-03-30T14:25:26.644857113Z" + }, + { + "proposal_id": "2", + "content": null, + "status": "PROPOSAL_STATUS_DEPOSIT_PERIOD", + "final_tally_result": { + "yes": "0", + "abstain": "0", + "no": "0", + "no_with_veto": "0" + }, + "submit_time": "2022-03-28T14:02:41.165025015Z", + "deposit_end_time": "2022-03-30T14:02:41.165025015Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10" + } + ], + "voting_start_time": "0001-01-01T00:00:00Z", + "voting_end_time": "0001-01-01T00:00:00Z" + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals +``` + +Example Output: + +```bash +{ + "proposals": [ + { + "id": "1", + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1..", + "to_address": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10" + } + ] + } + ], + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "final_tally_result": { + "yes_count": "0", + "abstain_count": "0", + "no_count": "0", + "no_with_veto_count": "0" + }, + "submit_time": "2022-03-28T11:50:20.819676256Z", + "deposit_end_time": "2022-03-30T11:50:20.819676256Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10000000010" + } + ], + "voting_start_time": "2022-03-28T14:25:26.644857113Z", + "voting_end_time": "2022-03-30T14:25:26.644857113Z", + "metadata": "AQ==", + "title": "Proposal Title", + "summary": "Proposal Summary" + }, + { + "id": "2", + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1..", + "to_address": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10" + } + ] + } + ], + "status": "PROPOSAL_STATUS_DEPOSIT_PERIOD", + "final_tally_result": { + "yes_count": "0", + "abstain_count": "0", + "no_count": "0", + "no_with_veto_count": "0" + }, + "submit_time": "2022-03-28T14:02:41.165025015Z", + "deposit_end_time": "2022-03-30T14:02:41.165025015Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10" + } + ], + "voting_start_time": null, + "voting_end_time": null, + "metadata": "AQ==", + "title": "Proposal Title", + "summary": "Proposal Summary" + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +#### voter vote + +The `votes` endpoint allows users to query a vote for a given proposal. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id}/votes/{voter} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1/votes/cosmos1.. +``` + +Example Output: + +```bash +{ + "vote": { + "proposal_id": "1", + "voter": "cosmos1..", + "option": "VOTE_OPTION_YES", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ] + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id}/votes/{voter} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1/votes/cosmos1.. +``` + +Example Output: + +```bash +{ + "vote": { + "proposal_id": "1", + "voter": "cosmos1..", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ], + "metadata": "" + } +} +``` + +#### votes + +The `votes` endpoint allows users to query all votes for a given proposal. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id}/votes +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1/votes +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposal_id": "1", + "voter": "cosmos1..", + "option": "VOTE_OPTION_YES", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id}/votes +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1/votes +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposal_id": "1", + "voter": "cosmos1..", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ], + "metadata": "" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### params + +The `params` endpoint allows users to query all parameters for the `gov` module. + + + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/params/{params_type} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/params/voting +``` + +Example Output: + +```bash +{ + "voting_params": { + "voting_period": "172800s" + }, + "deposit_params": { + "min_deposit": [ + ], + "max_deposit_period": "0s" + }, + "tally_params": { + "quorum": "0.000000000000000000", + "threshold": "0.000000000000000000", + "veto_threshold": "0.000000000000000000" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/params/{params_type} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/params/voting +``` + +Example Output: + +```bash +{ + "voting_params": { + "voting_period": "172800s" + }, + "deposit_params": { + "min_deposit": [ + ], + "max_deposit_period": "0s" + }, + "tally_params": { + "quorum": "0.000000000000000000", + "threshold": "0.000000000000000000", + "veto_threshold": "0.000000000000000000" + } +} +``` + +#### deposits + +The `deposits` endpoint allows users to query a deposit for a given proposal from a given depositor. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id}/deposits/{depositor} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1/deposits/cosmos1.. +``` + +Example Output: + +```bash +{ + "deposit": { + "proposal_id": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id}/deposits/{depositor} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1/deposits/cosmos1.. +``` + +Example Output: + +```bash +{ + "deposit": { + "proposal_id": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } +} +``` + +#### proposal deposits + +The `deposits` endpoint allows users to query all deposits for a given proposal. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id}/deposits +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1/deposits +``` + +Example Output: + +```bash +{ + "deposits": [ + { + "proposal_id": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id}/deposits +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1/deposits +``` + +Example Output: + +```bash +{ + "deposits": [ + { + "proposal_id": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### tally + +The `tally` endpoint allows users to query the tally of a given proposal. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id}/tally +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1/tally +``` + +Example Output: + +```bash +{ + "tally": { + "yes": "1000000", + "abstain": "0", + "no": "0", + "no_with_veto": "0" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id}/tally +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1/tally +``` + +Example Output: + +```bash +{ + "tally": { + "yes": "1000000", + "abstain": "0", + "no": "0", + "no_with_veto": "0" + } +} +``` + +## Metadata + +The gov module has two locations for metadata where users can provide further context about the on-chain actions they are taking. By default all metadata fields have a 255 character length field where metadata can be stored in json format, either on-chain or off-chain depending on the amount of data required. Here we provide a recommendation for the json structure and where the data should be stored. There are two important factors in making these recommendations. First, that the gov and group modules are consistent with one another, note the number of proposals made by all groups may be quite large. Second, that client applications such as block explorers and governance interfaces have confidence in the consistency of metadata structure accross chains. + +### Proposal + +Location: off-chain as json object stored on IPFS (mirrors [group proposal](../group/README.md#metadata)) + +```json +{ + "title": "", + "authors": [""], + "summary": "", + "details": "", + "proposal_forum_url": "", + "vote_option_context": "", +} +``` + +:::note +The `authors` field is an array of strings, this is to allow for multiple authors to be listed in the metadata. +In v0.46, the `authors` field is a comma-separated string. Frontends are encouraged to support both formats for backwards compatibility. +::: + +### Vote + +Location: on-chain as json within 255 character limit (mirrors [group vote](../group/README.md#metadata)) + +```json +{ + "justification": "", +} +``` + +## Future Improvements + +The current documentation only describes the minimum viable product for the +governance module. Future improvements may include: + +* **`BountyProposals`:** If accepted, a `BountyProposal` creates an open + bounty. The `BountyProposal` specifies how many Atoms will be given upon + completion. These Atoms will be taken from the `reserve pool`. After a + `BountyProposal` is accepted by governance, anybody can submit a + `SoftwareUpgradeProposal` with the code to claim the bounty. Note that once a + `BountyProposal` is accepted, the corresponding funds in the `reserve pool` + are locked so that payment can always be honored. In order to link a + `SoftwareUpgradeProposal` to an open bounty, the submitter of the + `SoftwareUpgradeProposal` will use the `Proposal.LinkedProposal` attribute. + If a `SoftwareUpgradeProposal` linked to an open bounty is accepted by + governance, the funds that were reserved are automatically transferred to the + submitter. +* **Complex delegation:** Delegators could choose other representatives than + their validators. Ultimately, the chain of representatives would always end + up to a validator, but delegators could inherit the vote of their chosen + representative before they inherit the vote of their validator. In other + words, they would only inherit the vote of their validator if their other + appointed representative did not vote. +* **Better process for proposal review:** There would be two parts to + `proposal.Deposit`, one for anti-spam (same as in MVP) and an other one to + reward third party auditors. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/modules/group/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/modules/group/README.md new file mode 100644 index 00000000..71d91ccb --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/modules/group/README.md @@ -0,0 +1,2166 @@ +--- +sidebar_position: 1 +--- + +# `x/group` + +## Abstract + +The following documents specify the group module. + +This module allows the creation and management of on-chain multisig accounts and enables voting for message execution based on configurable decision policies. + +## Contents + +* [Concepts](#concepts) + * [Group](#group) + * [Group Policy](#group-policy) + * [Decision Policy](#decision-policy) + * [Proposal](#proposal) + * [Pruning](#pruning) +* [State](#state) + * [Group Table](#group-table) + * [Group Member Table](#group-member-table) + * [Group Policy Table](#group-policy-table) + * [Proposal Table](#proposal-table) + * [Vote Table](#vote-table) +* [Msg Service](#msg-service) + * [Msg/CreateGroup](#msgcreategroup) + * [Msg/UpdateGroupMembers](#msgupdategroupmembers) + * [Msg/UpdateGroupAdmin](#msgupdategroupadmin) + * [Msg/UpdateGroupMetadata](#msgupdategroupmetadata) + * [Msg/CreateGroupPolicy](#msgcreategrouppolicy) + * [Msg/CreateGroupWithPolicy](#msgcreategroupwithpolicy) + * [Msg/UpdateGroupPolicyAdmin](#msgupdategrouppolicyadmin) + * [Msg/UpdateGroupPolicyDecisionPolicy](#msgupdategrouppolicydecisionpolicy) + * [Msg/UpdateGroupPolicyMetadata](#msgupdategrouppolicymetadata) + * [Msg/SubmitProposal](#msgsubmitproposal) + * [Msg/WithdrawProposal](#msgwithdrawproposal) + * [Msg/Vote](#msgvote) + * [Msg/Exec](#msgexec) + * [Msg/LeaveGroup](#msgleavegroup) +* [Events](#events) + * [EventCreateGroup](#eventcreategroup) + * [EventUpdateGroup](#eventupdategroup) + * [EventCreateGroupPolicy](#eventcreategrouppolicy) + * [EventUpdateGroupPolicy](#eventupdategrouppolicy) + * [EventCreateProposal](#eventcreateproposal) + * [EventWithdrawProposal](#eventwithdrawproposal) + * [EventVote](#eventvote) + * [EventExec](#eventexec) + * [EventLeaveGroup](#eventleavegroup) + * [EventProposalPruned](#eventproposalpruned) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) +* [Metadata](#metadata) + +## Concepts + +### Group + +A group is simply an aggregation of accounts with associated weights. It is not +an account and doesn't have a balance. It doesn't in and of itself have any +sort of voting or decision weight. It does have an "administrator" which has +the ability to add, remove and update members in the group. Note that a +group policy account could be an administrator of a group, and that the +administrator doesn't necessarily have to be a member of the group. + +### Group Policy + +A group policy is an account associated with a group and a decision policy. +Group policies are abstracted from groups because a single group may have +multiple decision policies for different types of actions. Managing group +membership separately from decision policies results in the least overhead +and keeps membership consistent across different policies. The pattern that +is recommended is to have a single master group policy for a given group, +and then to create separate group policies with different decision policies +and delegate the desired permissions from the master account to +those "sub-accounts" using the `x/authz` module. + +### Decision Policy + +A decision policy is the mechanism by which members of a group can vote on +proposals, as well as the rules that dictate whether a proposal should pass +or not based on its tally outcome. + +All decision policies generally would have a mininum execution period and a +maximum voting window. The minimum execution period is the minimum amount of time +that must pass after submission in order for a proposal to potentially be executed, and it may +be set to 0. The maximum voting window is the maximum time after submission that a proposal may +be voted on before it is tallied. + +The chain developer also defines an app-wide maximum execution period, which is +the maximum amount of time after a proposal's voting period end where users are +allowed to execute a proposal. + +The current group module comes shipped with two decision policies: threshold +and percentage. Any chain developer can extend upon these two, by creating +custom decision policies, as long as they adhere to the `DecisionPolicy` +interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/group/types.go#L27-L45 +``` + +#### Threshold decision policy + +A threshold decision policy defines a threshold of yes votes (based on a tally +of voter weights) that must be achieved in order for a proposal to pass. For +this decision policy, abstain and veto are simply treated as no's. + +This decision policy also has a VotingPeriod window and a MinExecutionPeriod +window. The former defines the duration after proposal submission where members +are allowed to vote, after which tallying is performed. The latter specifies +the minimum duration after proposal submission where the proposal can be +executed. If set to 0, then the proposal is allowed to be executed immediately +on submission (using the `TRY_EXEC` option). Obviously, MinExecutionPeriod +cannot be greater than VotingPeriod+MaxExecutionPeriod (where MaxExecution is +the app-defined duration that specifies the window after voting ended where a +proposal can be executed). + +#### Percentage decision policy + +A percentage decision policy is similar to a threshold decision policy, except +that the threshold is not defined as a constant weight, but as a percentage. +It's more suited for groups where the group members' weights can be updated, as +the percentage threshold stays the same, and doesn't depend on how those member +weights get updated. + +Same as the Threshold decision policy, the percentage decision policy has the +two VotingPeriod and MinExecutionPeriod parameters. + +### Proposal + +Any member(s) of a group can submit a proposal for a group policy account to decide upon. +A proposal consists of a set of messages that will be executed if the proposal +passes as well as any metadata associated with the proposal. + +#### Voting + +There are four choices to choose while voting - yes, no, abstain and veto. Not +all decision policies will take the four choices into account. Votes can contain some optional metadata. +In the current implementation, the voting window begins as soon as a proposal +is submitted, and the end is defined by the group policy's decision policy. + +#### Withdrawing Proposals + +Proposals can be withdrawn any time before the voting period end, either by the +admin of the group policy or by one of the proposers. Once withdrawn, it is +marked as `PROPOSAL_STATUS_WITHDRAWN`, and no more voting or execution is +allowed on it. + +#### Aborted Proposals + +If the group policy is updated during the voting period of the proposal, then +the proposal is marked as `PROPOSAL_STATUS_ABORTED`, and no more voting or +execution is allowed on it. This is because the group policy defines the rules +of proposal voting and execution, so if those rules change during the lifecycle +of a proposal, then the proposal should be marked as stale. + +#### Tallying + +Tallying is the counting of all votes on a proposal. It happens only once in +the lifecycle of a proposal, but can be triggered by two factors, whichever +happens first: + +* either someone tries to execute the proposal (see next section), which can + happen on a `Msg/Exec` transaction, or a `Msg/{SubmitProposal,Vote}` + transaction with the `Exec` field set. When a proposal execution is attempted, + a tally is done first to make sure the proposal passes. +* or on `EndBlock` when the proposal's voting period end just passed. + +If the tally result passes the decision policy's rules, then the proposal is +marked as `PROPOSAL_STATUS_ACCEPTED`, or else it is marked as +`PROPOSAL_STATUS_REJECTED`. In any case, no more voting is allowed anymore, and the tally +result is persisted to state in the proposal's `FinalTallyResult`. + +#### Executing Proposals + +Proposals are executed only when the tallying is done, and the group account's +decision policy allows the proposal to pass based on the tally outcome. They +are marked by the status `PROPOSAL_STATUS_ACCEPTED`. Execution must happen +before a duration of `MaxExecutionPeriod` (set by the chain developer) after +each proposal's voting period end. + +Proposals will not be automatically executed by the chain in this current design, +but rather a user must submit a `Msg/Exec` transaction to attempt to execute the +proposal based on the current votes and decision policy. Any user (not only the +group members) can execute proposals that have been accepted, and execution fees are +paid by the proposal executor. +It's also possible to try to execute a proposal immediately on creation or on +new votes using the `Exec` field of `Msg/SubmitProposal` and `Msg/Vote` requests. +In the former case, proposers signatures are considered as yes votes. +In these cases, if the proposal can't be executed (i.e. it didn't pass the +decision policy's rules), it will still be opened for new votes and +could be tallied and executed later on. + +A successful proposal execution will have its `ExecutorResult` marked as +`PROPOSAL_EXECUTOR_RESULT_SUCCESS`. The proposal will be automatically pruned +after execution. On the other hand, a failed proposal execution will be marked +as `PROPOSAL_EXECUTOR_RESULT_FAILURE`. Such a proposal can be re-executed +multiple times, until it expires after `MaxExecutionPeriod` after voting period +end. + +### Pruning + +Proposals and votes are automatically pruned to avoid state bloat. + +Votes are pruned: + +* either after a successful tally, i.e. a tally whose result passes the decision + policy's rules, which can be trigged by a `Msg/Exec` or a + `Msg/{SubmitProposal,Vote}` with the `Exec` field set, +* or on `EndBlock` right after the proposal's voting period end. This applies to proposals with status `aborted` or `withdrawn` too. + +whichever happens first. + +Proposals are pruned: + +* on `EndBlock` whose proposal status is `withdrawn` or `aborted` on proposal's voting period end before tallying, +* and either after a successful proposal execution, +* or on `EndBlock` right after the proposal's `voting_period_end` + + `max_execution_period` (defined as an app-wide configuration) is passed, + +whichever happens first. + +## State + +The `group` module uses the `orm` package which provides table storage with support for +primary keys and secondary indexes. `orm` also defines `Sequence` which is a persistent unique key generator based on a counter that can be used along with `Table`s. + +Here's the list of tables and associated sequences and indexes stored as part of the `group` module. + +### Group Table + +The `groupTable` stores `GroupInfo`: `0x0 | BigEndian(GroupId) -> ProtocolBuffer(GroupInfo)`. + +#### groupSeq + +The value of `groupSeq` is incremented when creating a new group and corresponds to the new `GroupId`: `0x1 | 0x1 -> BigEndian`. + +The second `0x1` corresponds to the ORM `sequenceStorageKey`. + +#### groupByAdminIndex + +`groupByAdminIndex` allows to retrieve groups by admin address: +`0x2 | len([]byte(group.Admin)) | []byte(group.Admin) | BigEndian(GroupId) -> []byte()`. + +### Group Member Table + +The `groupMemberTable` stores `GroupMember`s: `0x10 | BigEndian(GroupId) | []byte(member.Address) -> ProtocolBuffer(GroupMember)`. + +The `groupMemberTable` is a primary key table and its `PrimaryKey` is given by +`BigEndian(GroupId) | []byte(member.Address)` which is used by the following indexes. + +#### groupMemberByGroupIndex + +`groupMemberByGroupIndex` allows to retrieve group members by group id: +`0x11 | BigEndian(GroupId) | PrimaryKey -> []byte()`. + +#### groupMemberByMemberIndex + +`groupMemberByMemberIndex` allows to retrieve group members by member address: +`0x12 | len([]byte(member.Address)) | []byte(member.Address) | PrimaryKey -> []byte()`. + +### Group Policy Table + +The `groupPolicyTable` stores `GroupPolicyInfo`: `0x20 | len([]byte(Address)) | []byte(Address) -> ProtocolBuffer(GroupPolicyInfo)`. + +The `groupPolicyTable` is a primary key table and its `PrimaryKey` is given by +`len([]byte(Address)) | []byte(Address)` which is used by the following indexes. + +#### groupPolicySeq + +The value of `groupPolicySeq` is incremented when creating a new group policy and is used to generate the new group policy account `Address`: +`0x21 | 0x1 -> BigEndian`. + +The second `0x1` corresponds to the ORM `sequenceStorageKey`. + +#### groupPolicyByGroupIndex + +`groupPolicyByGroupIndex` allows to retrieve group policies by group id: +`0x22 | BigEndian(GroupId) | PrimaryKey -> []byte()`. + +#### groupPolicyByAdminIndex + +`groupPolicyByAdminIndex` allows to retrieve group policies by admin address: +`0x23 | len([]byte(Address)) | []byte(Address) | PrimaryKey -> []byte()`. + +### Proposal Table + +The `proposalTable` stores `Proposal`s: `0x30 | BigEndian(ProposalId) -> ProtocolBuffer(Proposal)`. + +#### proposalSeq + +The value of `proposalSeq` is incremented when creating a new proposal and corresponds to the new `ProposalId`: `0x31 | 0x1 -> BigEndian`. + +The second `0x1` corresponds to the ORM `sequenceStorageKey`. + +#### proposalByGroupPolicyIndex + +`proposalByGroupPolicyIndex` allows to retrieve proposals by group policy account address: +`0x32 | len([]byte(account.Address)) | []byte(account.Address) | BigEndian(ProposalId) -> []byte()`. + +#### ProposalsByVotingPeriodEndIndex + +`proposalsByVotingPeriodEndIndex` allows to retrieve proposals sorted by chronological `voting_period_end`: +`0x33 | sdk.FormatTimeBytes(proposal.VotingPeriodEnd) | BigEndian(ProposalId) -> []byte()`. + +This index is used when tallying the proposal votes at the end of the voting period, and for pruning proposals at `VotingPeriodEnd + MaxExecutionPeriod`. + +### Vote Table + +The `voteTable` stores `Vote`s: `0x40 | BigEndian(ProposalId) | []byte(voter.Address) -> ProtocolBuffer(Vote)`. + +The `voteTable` is a primary key table and its `PrimaryKey` is given by +`BigEndian(ProposalId) | []byte(voter.Address)` which is used by the following indexes. + +#### voteByProposalIndex + +`voteByProposalIndex` allows to retrieve votes by proposal id: +`0x41 | BigEndian(ProposalId) | PrimaryKey -> []byte()`. + +#### voteByVoterIndex + +`voteByVoterIndex` allows to retrieve votes by voter address: +`0x42 | len([]byte(voter.Address)) | []byte(voter.Address) | PrimaryKey -> []byte()`. + +## Msg Service + +### Msg/CreateGroup + +A new group can be created with the `MsgCreateGroup`, which has an admin address, a list of members and some optional metadata. + +The metadata has a maximum length that is chosen by the app developer, and +passed into the group keeper as a config. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L67-L80 +``` + +It's expected to fail if + +* metadata length is greater than `MaxMetadataLen` config +* members are not correctly set (e.g. wrong address format, duplicates, or with 0 weight). + +### Msg/UpdateGroupMembers + +Group members can be updated with the `UpdateGroupMembers`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L88-L102 +``` + +In the list of `MemberUpdates`, an existing member can be removed by setting its weight to 0. + +It's expected to fail if: + +* the signer is not the admin of the group. +* for any one of the associated group policies, if its decision policy's `Validate()` method fails against the updated group. + +### Msg/UpdateGroupAdmin + +The `UpdateGroupAdmin` can be used to update a group admin. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L107-L120 +``` + +It's expected to fail if the signer is not the admin of the group. + +### Msg/UpdateGroupMetadata + +The `UpdateGroupMetadata` can be used to update a group metadata. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L125-L138 +``` + +It's expected to fail if: + +* new metadata length is greater than `MaxMetadataLen` config. +* the signer is not the admin of the group. + +### Msg/CreateGroupPolicy + +A new group policy can be created with the `MsgCreateGroupPolicy`, which has an admin address, a group id, a decision policy and some optional metadata. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L147-L165 +``` + +It's expected to fail if: + +* the signer is not the admin of the group. +* metadata length is greater than `MaxMetadataLen` config. +* the decision policy's `Validate()` method doesn't pass against the group. + +### Msg/CreateGroupWithPolicy + +A new group with policy can be created with the `MsgCreateGroupWithPolicy`, which has an admin address, a list of members, a decision policy, a `group_policy_as_admin` field to optionally set group and group policy admin with group policy address and some optional metadata for group and group policy. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L191-L215 +``` + +It's expected to fail for the same reasons as `Msg/CreateGroup` and `Msg/CreateGroupPolicy`. + +### Msg/UpdateGroupPolicyAdmin + +The `UpdateGroupPolicyAdmin` can be used to update a group policy admin. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L173-L186 +``` + +It's expected to fail if the signer is not the admin of the group policy. + +### Msg/UpdateGroupPolicyDecisionPolicy + +The `UpdateGroupPolicyDecisionPolicy` can be used to update a decision policy. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L226-L241 +``` + +It's expected to fail if: + +* the signer is not the admin of the group policy. +* the new decision policy's `Validate()` method doesn't pass against the group. + +### Msg/UpdateGroupPolicyMetadata + +The `UpdateGroupPolicyMetadata` can be used to update a group policy metadata. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L246-L259 +``` + +It's expected to fail if: + +* new metadata length is greater than `MaxMetadataLen` config. +* the signer is not the admin of the group. + +### Msg/SubmitProposal + +A new proposal can be created with the `MsgSubmitProposal`, which has a group policy account address, a list of proposers addresses, a list of messages to execute if the proposal is accepted and some optional metadata. +An optional `Exec` value can be provided to try to execute the proposal immediately after proposal creation. Proposers signatures are considered as yes votes in this case. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L281-L315 +``` + +It's expected to fail if: + +* metadata, title, or summary length is greater than `MaxMetadataLen` config. +* if any of the proposers is not a group member. + +### Msg/WithdrawProposal + +A proposal can be withdrawn using `MsgWithdrawProposal` which has an `address` (can be either a proposer or the group policy admin) and a `proposal_id` (which has to be withdrawn). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L323-L333 +``` + +It's expected to fail if: + +* the signer is neither the group policy admin nor proposer of the proposal. +* the proposal is already closed or aborted. + +### Msg/Vote + +A new vote can be created with the `MsgVote`, given a proposal id, a voter address, a choice (yes, no, veto or abstain) and some optional metadata. +An optional `Exec` value can be provided to try to execute the proposal immediately after voting. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L338-L358 +``` + +It's expected to fail if: + +* metadata length is greater than `MaxMetadataLen` config. +* the proposal is not in voting period anymore. + +### Msg/Exec + +A proposal can be executed with the `MsgExec`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L363-L373 +``` + +The messages that are part of this proposal won't be executed if: + +* the proposal has not been accepted by the group policy. +* the proposal has already been successfully executed. + +### Msg/LeaveGroup + +The `MsgLeaveGroup` allows group member to leave a group. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/group/v1/tx.proto#L381-L391 +``` + +It's expected to fail if: + +* the group member is not part of the group. +* for any one of the associated group policies, if its decision policy's `Validate()` method fails against the updated group. + +## Events + +The group module emits the following events: + +### EventCreateGroup + +| Type | Attribute Key | Attribute Value | +| -------------------------------- | ------------- | -------------------------------- | +| message | action | /cosmos.group.v1.Msg/CreateGroup | +| cosmos.group.v1.EventCreateGroup | group_id | {groupId} | + +### EventUpdateGroup + +| Type | Attribute Key | Attribute Value | +| -------------------------------- | ------------- | ---------------------------------------------------------- | +| message | action | /cosmos.group.v1.Msg/UpdateGroup{Admin\|Metadata\|Members} | +| cosmos.group.v1.EventUpdateGroup | group_id | {groupId} | + +### EventCreateGroupPolicy + +| Type | Attribute Key | Attribute Value | +| -------------------------------------- | ------------- | -------------------------------------- | +| message | action | /cosmos.group.v1.Msg/CreateGroupPolicy | +| cosmos.group.v1.EventCreateGroupPolicy | address | {groupPolicyAddress} | + +### EventUpdateGroupPolicy + +| Type | Attribute Key | Attribute Value | +| -------------------------------------- | ------------- | ----------------------------------------------------------------------- | +| message | action | /cosmos.group.v1.Msg/UpdateGroupPolicy{Admin\|Metadata\|DecisionPolicy} | +| cosmos.group.v1.EventUpdateGroupPolicy | address | {groupPolicyAddress} | + +### EventCreateProposal + +| Type | Attribute Key | Attribute Value | +| ----------------------------------- | ------------- | ----------------------------------- | +| message | action | /cosmos.group.v1.Msg/CreateProposal | +| cosmos.group.v1.EventCreateProposal | proposal_id | {proposalId} | + +### EventWithdrawProposal + +| Type | Attribute Key | Attribute Value | +| ------------------------------------- | ------------- | ------------------------------------- | +| message | action | /cosmos.group.v1.Msg/WithdrawProposal | +| cosmos.group.v1.EventWithdrawProposal | proposal_id | {proposalId} | + +### EventVote + +| Type | Attribute Key | Attribute Value | +| ------------------------- | ------------- | ------------------------- | +| message | action | /cosmos.group.v1.Msg/Vote | +| cosmos.group.v1.EventVote | proposal_id | {proposalId} | + +## EventExec + +| Type | Attribute Key | Attribute Value | +| ------------------------- | ------------- | ------------------------- | +| message | action | /cosmos.group.v1.Msg/Exec | +| cosmos.group.v1.EventExec | proposal_id | {proposalId} | +| cosmos.group.v1.EventExec | logs | {logs_string} | + +### EventLeaveGroup + +| Type | Attribute Key | Attribute Value | +| ------------------------------- | ------------- | ------------------------------- | +| message | action | /cosmos.group.v1.Msg/LeaveGroup | +| cosmos.group.v1.EventLeaveGroup | proposal_id | {proposalId} | +| cosmos.group.v1.EventLeaveGroup | address | {address} | + +### EventProposalPruned + +| Type | Attribute Key | Attribute Value | +|-------------------------------------|---------------|---------------------------------| +| message | action | /cosmos.group.v1.Msg/LeaveGroup | +| cosmos.group.v1.EventProposalPruned | proposal_id | {proposalId} | +| cosmos.group.v1.EventProposalPruned | status | {ProposalStatus} | +| cosmos.group.v1.EventProposalPruned | tally_result | {TallyResult} | + + +## Client + +### CLI + +A user can query and interact with the `group` module using the CLI. + +#### Query + +The `query` commands allow users to query `group` state. + +```bash +simd query group --help +``` + +##### group-info + +The `group-info` command allows users to query for group info by given group id. + +```bash +simd query group group-info [id] [flags] +``` + +Example: + +```bash +simd query group group-info 1 +``` + +Example Output: + +```bash +admin: cosmos1.. +group_id: "1" +metadata: AQ== +total_weight: "3" +version: "1" +``` + +##### group-policy-info + +The `group-policy-info` command allows users to query for group policy info by account address of group policy . + +```bash +simd query group group-policy-info [group-policy-account] [flags] +``` + +Example: + +```bash +simd query group group-policy-info cosmos1.. +``` + +Example Output: + +```bash +address: cosmos1.. +admin: cosmos1.. +decision_policy: + '@type': /cosmos.group.v1.ThresholdDecisionPolicy + threshold: "1" + windows: + min_execution_period: 0s + voting_period: 432000s +group_id: "1" +metadata: AQ== +version: "1" +``` + +##### group-members + +The `group-members` command allows users to query for group members by group id with pagination flags. + +```bash +simd query group group-members [id] [flags] +``` + +Example: + +```bash +simd query group group-members 1 +``` + +Example Output: + +```bash +members: +- group_id: "1" + member: + address: cosmos1.. + metadata: AQ== + weight: "2" +- group_id: "1" + member: + address: cosmos1.. + metadata: AQ== + weight: "1" +pagination: + next_key: null + total: "2" +``` + +##### groups-by-admin + +The `groups-by-admin` command allows users to query for groups by admin account address with pagination flags. + +```bash +simd query group groups-by-admin [admin] [flags] +``` + +Example: + +```bash +simd query group groups-by-admin cosmos1.. +``` + +Example Output: + +```bash +groups: +- admin: cosmos1.. + group_id: "1" + metadata: AQ== + total_weight: "3" + version: "1" +- admin: cosmos1.. + group_id: "2" + metadata: AQ== + total_weight: "3" + version: "1" +pagination: + next_key: null + total: "2" +``` + +##### group-policies-by-group + +The `group-policies-by-group` command allows users to query for group policies by group id with pagination flags. + +```bash +simd query group group-policies-by-group [group-id] [flags] +``` + +Example: + +```bash +simd query group group-policies-by-group 1 +``` + +Example Output: + +```bash +group_policies: +- address: cosmos1.. + admin: cosmos1.. + decision_policy: + '@type': /cosmos.group.v1.ThresholdDecisionPolicy + threshold: "1" + windows: + min_execution_period: 0s + voting_period: 432000s + group_id: "1" + metadata: AQ== + version: "1" +- address: cosmos1.. + admin: cosmos1.. + decision_policy: + '@type': /cosmos.group.v1.ThresholdDecisionPolicy + threshold: "1" + windows: + min_execution_period: 0s + voting_period: 432000s + group_id: "1" + metadata: AQ== + version: "1" +pagination: + next_key: null + total: "2" +``` + +##### group-policies-by-admin + +The `group-policies-by-admin` command allows users to query for group policies by admin account address with pagination flags. + +```bash +simd query group group-policies-by-admin [admin] [flags] +``` + +Example: + +```bash +simd query group group-policies-by-admin cosmos1.. +``` + +Example Output: + +```bash +group_policies: +- address: cosmos1.. + admin: cosmos1.. + decision_policy: + '@type': /cosmos.group.v1.ThresholdDecisionPolicy + threshold: "1" + windows: + min_execution_period: 0s + voting_period: 432000s + group_id: "1" + metadata: AQ== + version: "1" +- address: cosmos1.. + admin: cosmos1.. + decision_policy: + '@type': /cosmos.group.v1.ThresholdDecisionPolicy + threshold: "1" + windows: + min_execution_period: 0s + voting_period: 432000s + group_id: "1" + metadata: AQ== + version: "1" +pagination: + next_key: null + total: "2" +``` + +##### proposal + +The `proposal` command allows users to query for proposal by id. + +```bash +simd query group proposal [id] [flags] +``` + +Example: + +```bash +simd query group proposal 1 +``` + +Example Output: + +```bash +proposal: + address: cosmos1.. + executor_result: EXECUTOR_RESULT_NOT_RUN + group_policy_version: "1" + group_version: "1" + metadata: AQ== + msgs: + - '@type': /cosmos.bank.v1beta1.MsgSend + amount: + - amount: "100000000" + denom: stake + from_address: cosmos1.. + to_address: cosmos1.. + proposal_id: "1" + proposers: + - cosmos1.. + result: RESULT_UNFINALIZED + status: STATUS_SUBMITTED + submitted_at: "2021-12-17T07:06:26.310638964Z" + windows: + min_execution_period: 0s + voting_period: 432000s + vote_state: + abstain_count: "0" + no_count: "0" + veto_count: "0" + yes_count: "0" + summary: "Summary" + title: "Title" +``` + +##### proposals-by-group-policy + +The `proposals-by-group-policy` command allows users to query for proposals by account address of group policy with pagination flags. + +```bash +simd query group proposals-by-group-policy [group-policy-account] [flags] +``` + +Example: + +```bash +simd query group proposals-by-group-policy cosmos1.. +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "1" +proposals: +- address: cosmos1.. + executor_result: EXECUTOR_RESULT_NOT_RUN + group_policy_version: "1" + group_version: "1" + metadata: AQ== + msgs: + - '@type': /cosmos.bank.v1beta1.MsgSend + amount: + - amount: "100000000" + denom: stake + from_address: cosmos1.. + to_address: cosmos1.. + proposal_id: "1" + proposers: + - cosmos1.. + result: RESULT_UNFINALIZED + status: STATUS_SUBMITTED + submitted_at: "2021-12-17T07:06:26.310638964Z" + windows: + min_execution_period: 0s + voting_period: 432000s + vote_state: + abstain_count: "0" + no_count: "0" + veto_count: "0" + yes_count: "0" + summary: "Summary" + title: "Title" +``` + +##### vote + +The `vote` command allows users to query for vote by proposal id and voter account address. + +```bash +simd query group vote [proposal-id] [voter] [flags] +``` + +Example: + +```bash +simd query group vote 1 cosmos1.. +``` + +Example Output: + +```bash +vote: + choice: CHOICE_YES + metadata: AQ== + proposal_id: "1" + submitted_at: "2021-12-17T08:05:02.490164009Z" + voter: cosmos1.. +``` + +##### votes-by-proposal + +The `votes-by-proposal` command allows users to query for votes by proposal id with pagination flags. + +```bash +simd query group votes-by-proposal [proposal-id] [flags] +``` + +Example: + +```bash +simd query group votes-by-proposal 1 +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "1" +votes: +- choice: CHOICE_YES + metadata: AQ== + proposal_id: "1" + submitted_at: "2021-12-17T08:05:02.490164009Z" + voter: cosmos1.. +``` + +##### votes-by-voter + +The `votes-by-voter` command allows users to query for votes by voter account address with pagination flags. + +```bash +simd query group votes-by-voter [voter] [flags] +``` + +Example: + +```bash +simd query group votes-by-voter cosmos1.. +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "1" +votes: +- choice: CHOICE_YES + metadata: AQ== + proposal_id: "1" + submitted_at: "2021-12-17T08:05:02.490164009Z" + voter: cosmos1.. +``` + +### Transactions + +The `tx` commands allow users to interact with the `group` module. + +```bash +simd tx group --help +``` + +#### create-group + +The `create-group` command allows users to create a group which is an aggregation of member accounts with associated weights and +an administrator account. + +```bash +simd tx group create-group [admin] [metadata] [members-json-file] +``` + +Example: + +```bash +simd tx group create-group cosmos1.. "AQ==" members.json +``` + +#### update-group-admin + +The `update-group-admin` command allows users to update a group's admin. + +```bash +simd tx group update-group-admin [admin] [group-id] [new-admin] [flags] +``` + +Example: + +```bash +simd tx group update-group-admin cosmos1.. 1 cosmos1.. +``` + +#### update-group-members + +The `update-group-members` command allows users to update a group's members. + +```bash +simd tx group update-group-members [admin] [group-id] [members-json-file] [flags] +``` + +Example: + +```bash +simd tx group update-group-members cosmos1.. 1 members.json +``` + +#### update-group-metadata + +The `update-group-metadata` command allows users to update a group's metadata. + +```bash +simd tx group update-group-metadata [admin] [group-id] [metadata] [flags] +``` + +Example: + +```bash +simd tx group update-group-metadata cosmos1.. 1 "AQ==" +``` + +#### create-group-policy + +The `create-group-policy` command allows users to create a group policy which is an account associated with a group and a decision policy. + +```bash +simd tx group create-group-policy [admin] [group-id] [metadata] [decision-policy] [flags] +``` + +Example: + +```bash +simd tx group create-group-policy cosmos1.. 1 "AQ==" '{"@type":"/cosmos.group.v1.ThresholdDecisionPolicy", "threshold":"1", "windows": {"voting_period": "120h", "min_execution_period": "0s"}}' +``` + +#### create-group-with-policy + +The `create-group-with-policy` command allows users to create a group which is an aggregation of member accounts with associated weights and an administrator account with decision policy. If the `--group-policy-as-admin` flag is set to `true`, the group policy address becomes the group and group policy admin. + +```bash +simd tx group create-group-with-policy [admin] [group-metadata] [group-policy-metadata] [members-json-file] [decision-policy] [flags] +``` + +Example: + +```bash +simd tx group create-group-with-policy cosmos1.. "AQ==" "AQ==" members.json '{"@type":"/cosmos.group.v1.ThresholdDecisionPolicy", "threshold":"1", "windows": {"voting_period": "120h", "min_execution_period": "0s"}}' +``` + +#### update-group-policy-admin + +The `update-group-policy-admin` command allows users to update a group policy admin. + +```bash +simd tx group update-group-policy-admin [admin] [group-policy-account] [new-admin] [flags] +``` + +Example: + +```bash +simd tx group update-group-policy-admin cosmos1.. cosmos1.. cosmos1.. +``` + +#### update-group-policy-metadata + +The `update-group-policy-metadata` command allows users to update a group policy metadata. + +```bash +simd tx group update-group-policy-metadata [admin] [group-policy-account] [new-metadata] [flags] +``` + +Example: + +```bash +simd tx group update-group-policy-metadata cosmos1.. cosmos1.. "AQ==" +``` + +#### update-group-policy-decision-policy + +The `update-group-policy-decision-policy` command allows users to update a group policy's decision policy. + +```bash +simd tx group update-group-policy-decision-policy [admin] [group-policy-account] [decision-policy] [flags] +``` + +Example: + +```bash +simd tx group update-group-policy-decision-policy cosmos1.. cosmos1.. '{"@type":"/cosmos.group.v1.ThresholdDecisionPolicy", "threshold":"2", "windows": {"voting_period": "120h", "min_execution_period": "0s"}}' +``` + +#### submit-proposal + +The `submit-proposal` command allows users to submit a new proposal. + +```bash +simd tx group submit-proposal [group-policy-account] [proposer[,proposer]*] [msg_tx_json_file] [metadata] [flags] +``` + +Example: + +```bash +simd tx group submit-proposal cosmos1.. cosmos1.. msg_tx.json "AQ==" +``` + +#### withdraw-proposal + +The `withdraw-proposal` command allows users to withdraw a proposal. + +```bash +simd tx group withdraw-proposal [proposal-id] [group-policy-admin-or-proposer] +``` + +Example: + +```bash +simd tx group withdraw-proposal 1 cosmos1.. +``` + +#### vote + +The `vote` command allows users to vote on a proposal. + +```bash +simd tx group vote proposal-id] [voter] [choice] [metadata] [flags] +``` + +Example: + +```bash +simd tx group vote 1 cosmos1.. CHOICE_YES "AQ==" +``` + +#### exec + +The `exec` command allows users to execute a proposal. + +```bash +simd tx group exec [proposal-id] [flags] +``` + +Example: + +```bash +simd tx group exec 1 +``` + +#### leave-group + +The `leave-group` command allows group member to leave the group. + +```bash +simd tx group leave-group [member-address] [group-id] +``` + +Example: + +```bash +simd tx group leave-group cosmos1... 1 +``` + +### gRPC + +A user can query the `group` module using gRPC endpoints. + +#### GroupInfo + +The `GroupInfo` endpoint allows users to query for group info by given group id. + +```bash +cosmos.group.v1.Query/GroupInfo +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"group_id":1}' localhost:9090 cosmos.group.v1.Query/GroupInfo +``` + +Example Output: + +```bash +{ + "info": { + "groupId": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "totalWeight": "3" + } +} +``` + +#### GroupPolicyInfo + +The `GroupPolicyInfo` endpoint allows users to query for group policy info by account address of group policy. + +```bash +cosmos.group.v1.Query/GroupPolicyInfo +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"address":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/GroupPolicyInfo +``` + +Example Output: + +```bash +{ + "info": { + "address": "cosmos1..", + "groupId": "1", + "admin": "cosmos1..", + "version": "1", + "decisionPolicy": {"@type":"/cosmos.group.v1.ThresholdDecisionPolicy","threshold":"1","windows": {"voting_period": "120h", "min_execution_period": "0s"}}, + } +} +``` + +#### GroupMembers + +The `GroupMembers` endpoint allows users to query for group members by group id with pagination flags. + +```bash +cosmos.group.v1.Query/GroupMembers +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"group_id":"1"}' localhost:9090 cosmos.group.v1.Query/GroupMembers +``` + +Example Output: + +```bash +{ + "members": [ + { + "groupId": "1", + "member": { + "address": "cosmos1..", + "weight": "1" + } + }, + { + "groupId": "1", + "member": { + "address": "cosmos1..", + "weight": "2" + } + } + ], + "pagination": { + "total": "2" + } +} +``` + +#### GroupsByAdmin + +The `GroupsByAdmin` endpoint allows users to query for groups by admin account address with pagination flags. + +```bash +cosmos.group.v1.Query/GroupsByAdmin +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"admin":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/GroupsByAdmin +``` + +Example Output: + +```bash +{ + "groups": [ + { + "groupId": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "totalWeight": "3" + }, + { + "groupId": "2", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "totalWeight": "3" + } + ], + "pagination": { + "total": "2" + } +} +``` + +#### GroupPoliciesByGroup + +The `GroupPoliciesByGroup` endpoint allows users to query for group policies by group id with pagination flags. + +```bash +cosmos.group.v1.Query/GroupPoliciesByGroup +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"group_id":"1"}' localhost:9090 cosmos.group.v1.Query/GroupPoliciesByGroup +``` + +Example Output: + +```bash +{ + "GroupPolicies": [ + { + "address": "cosmos1..", + "groupId": "1", + "admin": "cosmos1..", + "version": "1", + "decisionPolicy": {"@type":"/cosmos.group.v1.ThresholdDecisionPolicy","threshold":"1","windows":{"voting_period": "120h", "min_execution_period": "0s"}}, + }, + { + "address": "cosmos1..", + "groupId": "1", + "admin": "cosmos1..", + "version": "1", + "decisionPolicy": {"@type":"/cosmos.group.v1.ThresholdDecisionPolicy","threshold":"1","windows":{"voting_period": "120h", "min_execution_period": "0s"}}, + } + ], + "pagination": { + "total": "2" + } +} +``` + +#### GroupPoliciesByAdmin + +The `GroupPoliciesByAdmin` endpoint allows users to query for group policies by admin account address with pagination flags. + +```bash +cosmos.group.v1.Query/GroupPoliciesByAdmin +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"admin":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/GroupPoliciesByAdmin +``` + +Example Output: + +```bash +{ + "GroupPolicies": [ + { + "address": "cosmos1..", + "groupId": "1", + "admin": "cosmos1..", + "version": "1", + "decisionPolicy": {"@type":"/cosmos.group.v1.ThresholdDecisionPolicy","threshold":"1","windows":{"voting_period": "120h", "min_execution_period": "0s"}}, + }, + { + "address": "cosmos1..", + "groupId": "1", + "admin": "cosmos1..", + "version": "1", + "decisionPolicy": {"@type":"/cosmos.group.v1.ThresholdDecisionPolicy","threshold":"1","windows":{"voting_period": "120h", "min_execution_period": "0s"}}, + } + ], + "pagination": { + "total": "2" + } +} +``` + +#### Proposal + +The `Proposal` endpoint allows users to query for proposal by id. + +```bash +cosmos.group.v1.Query/Proposal +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' localhost:9090 cosmos.group.v1.Query/Proposal +``` + +Example Output: + +```bash +{ + "proposal": { + "proposalId": "1", + "address": "cosmos1..", + "proposers": [ + "cosmos1.." + ], + "submittedAt": "2021-12-17T07:06:26.310638964Z", + "groupVersion": "1", + "GroupPolicyVersion": "1", + "status": "STATUS_SUBMITTED", + "result": "RESULT_UNFINALIZED", + "voteState": { + "yesCount": "0", + "noCount": "0", + "abstainCount": "0", + "vetoCount": "0" + }, + "windows": { + "min_execution_period": "0s", + "voting_period": "432000s" + }, + "executorResult": "EXECUTOR_RESULT_NOT_RUN", + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"100000000"}],"fromAddress":"cosmos1..","toAddress":"cosmos1.."} + ], + "title": "Title", + "summary": "Summary", + } +} +``` + +#### ProposalsByGroupPolicy + +The `ProposalsByGroupPolicy` endpoint allows users to query for proposals by account address of group policy with pagination flags. + +```bash +cosmos.group.v1.Query/ProposalsByGroupPolicy +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"address":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/ProposalsByGroupPolicy +``` + +Example Output: + +```bash +{ + "proposals": [ + { + "proposalId": "1", + "address": "cosmos1..", + "proposers": [ + "cosmos1.." + ], + "submittedAt": "2021-12-17T08:03:27.099649352Z", + "groupVersion": "1", + "GroupPolicyVersion": "1", + "status": "STATUS_CLOSED", + "result": "RESULT_ACCEPTED", + "voteState": { + "yesCount": "1", + "noCount": "0", + "abstainCount": "0", + "vetoCount": "0" + }, + "windows": { + "min_execution_period": "0s", + "voting_period": "432000s" + }, + "executorResult": "EXECUTOR_RESULT_NOT_RUN", + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"100000000"}],"fromAddress":"cosmos1..","toAddress":"cosmos1.."} + ], + "title": "Title", + "summary": "Summary", + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### VoteByProposalVoter + +The `VoteByProposalVoter` endpoint allows users to query for vote by proposal id and voter account address. + +```bash +cosmos.group.v1.Query/VoteByProposalVoter +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1","voter":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/VoteByProposalVoter +``` + +Example Output: + +```bash +{ + "vote": { + "proposalId": "1", + "voter": "cosmos1..", + "choice": "CHOICE_YES", + "submittedAt": "2021-12-17T08:05:02.490164009Z" + } +} +``` + +#### VotesByProposal + +The `VotesByProposal` endpoint allows users to query for votes by proposal id with pagination flags. + +```bash +cosmos.group.v1.Query/VotesByProposal +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' localhost:9090 cosmos.group.v1.Query/VotesByProposal +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposalId": "1", + "voter": "cosmos1..", + "choice": "CHOICE_YES", + "submittedAt": "2021-12-17T08:05:02.490164009Z" + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### VotesByVoter + +The `VotesByVoter` endpoint allows users to query for votes by voter account address with pagination flags. + +```bash +cosmos.group.v1.Query/VotesByVoter +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"voter":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/VotesByVoter +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposalId": "1", + "voter": "cosmos1..", + "choice": "CHOICE_YES", + "submittedAt": "2021-12-17T08:05:02.490164009Z" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### REST + +A user can query the `group` module using REST endpoints. + +#### GroupInfo + +The `GroupInfo` endpoint allows users to query for group info by given group id. + +```bash +/cosmos/group/v1/group_info/{group_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/group_info/1 +``` + +Example Output: + +```bash +{ + "info": { + "id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "total_weight": "3" + } +} +``` + +#### GroupPolicyInfo + +The `GroupPolicyInfo` endpoint allows users to query for group policy info by account address of group policy. + +```bash +/cosmos/group/v1/group_policy_info/{address} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/group_policy_info/cosmos1.. +``` + +Example Output: + +```bash +{ + "info": { + "address": "cosmos1..", + "group_id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "decision_policy": { + "@type": "/cosmos.group.v1.ThresholdDecisionPolicy", + "threshold": "1", + "windows": { + "voting_period": "120h", + "min_execution_period": "0s" + } + }, + } +} +``` + +#### GroupMembers + +The `GroupMembers` endpoint allows users to query for group members by group id with pagination flags. + +```bash +/cosmos/group/v1/group_members/{group_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/group_members/1 +``` + +Example Output: + +```bash +{ + "members": [ + { + "group_id": "1", + "member": { + "address": "cosmos1..", + "weight": "1", + "metadata": "AQ==" + } + }, + { + "group_id": "1", + "member": { + "address": "cosmos1..", + "weight": "2", + "metadata": "AQ==" + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +#### GroupsByAdmin + +The `GroupsByAdmin` endpoint allows users to query for groups by admin account address with pagination flags. + +```bash +/cosmos/group/v1/groups_by_admin/{admin} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/groups_by_admin/cosmos1.. +``` + +Example Output: + +```bash +{ + "groups": [ + { + "id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "total_weight": "3" + }, + { + "id": "2", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "total_weight": "3" + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +#### GroupPoliciesByGroup + +The `GroupPoliciesByGroup` endpoint allows users to query for group policies by group id with pagination flags. + +```bash +/cosmos/group/v1/group_policies_by_group/{group_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/group_policies_by_group/1 +``` + +Example Output: + +```bash +{ + "group_policies": [ + { + "address": "cosmos1..", + "group_id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "decision_policy": { + "@type": "/cosmos.group.v1.ThresholdDecisionPolicy", + "threshold": "1", + "windows": { + "voting_period": "120h", + "min_execution_period": "0s" + } + }, + }, + { + "address": "cosmos1..", + "group_id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "decision_policy": { + "@type": "/cosmos.group.v1.ThresholdDecisionPolicy", + "threshold": "1", + "windows": { + "voting_period": "120h", + "min_execution_period": "0s" + } + }, + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +#### GroupPoliciesByAdmin + +The `GroupPoliciesByAdmin` endpoint allows users to query for group policies by admin account address with pagination flags. + +```bash +/cosmos/group/v1/group_policies_by_admin/{admin} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/group_policies_by_admin/cosmos1.. +``` + +Example Output: + +```bash +{ + "group_policies": [ + { + "address": "cosmos1..", + "group_id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "decision_policy": { + "@type": "/cosmos.group.v1.ThresholdDecisionPolicy", + "threshold": "1", + "windows": { + "voting_period": "120h", + "min_execution_period": "0s" + } + }, + }, + { + "address": "cosmos1..", + "group_id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "decision_policy": { + "@type": "/cosmos.group.v1.ThresholdDecisionPolicy", + "threshold": "1", + "windows": { + "voting_period": "120h", + "min_execution_period": "0s" + } + }, + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +``` + +#### Proposal + +The `Proposal` endpoint allows users to query for proposal by id. + +```bash +/cosmos/group/v1/proposal/{proposal_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/proposal/1 +``` + +Example Output: + +```bash +{ + "proposal": { + "proposal_id": "1", + "address": "cosmos1..", + "metadata": "AQ==", + "proposers": [ + "cosmos1.." + ], + "submitted_at": "2021-12-17T07:06:26.310638964Z", + "group_version": "1", + "group_policy_version": "1", + "status": "STATUS_SUBMITTED", + "result": "RESULT_UNFINALIZED", + "vote_state": { + "yes_count": "0", + "no_count": "0", + "abstain_count": "0", + "veto_count": "0" + }, + "windows": { + "min_execution_period": "0s", + "voting_period": "432000s" + }, + "executor_result": "EXECUTOR_RESULT_NOT_RUN", + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1..", + "to_address": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "100000000" + } + ] + } + ], + "title": "Title", + "summary": "Summary", + } +} +``` + +#### ProposalsByGroupPolicy + +The `ProposalsByGroupPolicy` endpoint allows users to query for proposals by account address of group policy with pagination flags. + +```bash +/cosmos/group/v1/proposals_by_group_policy/{address} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/proposals_by_group_policy/cosmos1.. +``` + +Example Output: + +```bash +{ + "proposals": [ + { + "id": "1", + "group_policy_address": "cosmos1..", + "metadata": "AQ==", + "proposers": [ + "cosmos1.." + ], + "submit_time": "2021-12-17T08:03:27.099649352Z", + "group_version": "1", + "group_policy_version": "1", + "status": "STATUS_CLOSED", + "result": "RESULT_ACCEPTED", + "vote_state": { + "yes_count": "1", + "no_count": "0", + "abstain_count": "0", + "veto_count": "0" + }, + "windows": { + "min_execution_period": "0s", + "voting_period": "432000s" + }, + "executor_result": "EXECUTOR_RESULT_NOT_RUN", + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1..", + "to_address": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "100000000" + } + ] + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### VoteByProposalVoter + +The `VoteByProposalVoter` endpoint allows users to query for vote by proposal id and voter account address. + +```bash +/cosmos/group/v1/vote_by_proposal_voter/{proposal_id}/{voter} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1beta1/vote_by_proposal_voter/1/cosmos1.. +``` + +Example Output: + +```bash +{ + "vote": { + "proposal_id": "1", + "voter": "cosmos1..", + "choice": "CHOICE_YES", + "metadata": "AQ==", + "submitted_at": "2021-12-17T08:05:02.490164009Z" + } +} +``` + +#### VotesByProposal + +The `VotesByProposal` endpoint allows users to query for votes by proposal id with pagination flags. + +```bash +/cosmos/group/v1/votes_by_proposal/{proposal_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/votes_by_proposal/1 +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposal_id": "1", + "voter": "cosmos1..", + "option": "CHOICE_YES", + "metadata": "AQ==", + "submit_time": "2021-12-17T08:05:02.490164009Z" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### VotesByVoter + +The `VotesByVoter` endpoint allows users to query for votes by voter account address with pagination flags. + +```bash +/cosmos/group/v1/votes_by_voter/{voter} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/votes_by_voter/cosmos1.. +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposal_id": "1", + "voter": "cosmos1..", + "choice": "CHOICE_YES", + "metadata": "AQ==", + "submitted_at": "2021-12-17T08:05:02.490164009Z" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +## Metadata + +The group module has four locations for metadata where users can provide further context about the on-chain actions they are taking. By default all metadata fields have a 255 character length field where metadata can be stored in json format, either on-chain or off-chain depending on the amount of data required. Here we provide a recommendation for the json structure and where the data should be stored. There are two important factors in making these recommendations. First, that the group and gov modules are consistent with one another, note the number of proposals made by all groups may be quite large. Second, that client applications such as block explorers and governance interfaces have confidence in the consistency of metadata structure across chains. + +### Proposal + +Location: off-chain as json object stored on IPFS (mirrors [gov proposal](../gov/README.md#metadata)) + +```json +{ + "title": "", + "authors": [""], + "summary": "", + "details": "", + "proposal_forum_url": "", + "vote_option_context": "", +} +``` + +:::note +The `authors` field is an array of strings, this is to allow for multiple authors to be listed in the metadata. +In v0.46, the `authors` field is a comma-separated string. Frontends are encouraged to support both formats for backwards compatibility. +::: + +### Vote + +Location: on-chain as json within 255 character limit (mirrors [gov vote](../gov/README.md#metadata)) + +```json +{ + "justification": "", +} +``` + +### Group + +Location: off-chain as json object stored on IPFS + +```json +{ + "name": "", + "description": "", + "group_website_url": "", + "group_forum_url": "", +} +``` + +### Decision policy + +Location: on-chain as json within 255 character limit + +```json +{ + "name": "", + "description": "", +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/modules/mint/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/modules/mint/README.md new file mode 100644 index 00000000..80198010 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/modules/mint/README.md @@ -0,0 +1,383 @@ +--- +sidebar_position: 1 +--- + +# `x/mint` + +## Contents + +* [State](#state) + * [Minter](#minter) + * [Params](#params) +* [Begin-Block](#begin-block) + * [NextInflationRate](#nextinflationrate) + * [NextAnnualProvisions](#nextannualprovisions) + * [BlockProvision](#blockprovision) +* [Parameters](#parameters) +* [Events](#events) + * [BeginBlocker](#beginblocker) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) + +## Concepts + +### The Minting Mechanism + +The minting mechanism was designed to: + +* allow for a flexible inflation rate determined by market demand targeting a particular bonded-stake ratio +* effect a balance between market liquidity and staked supply + +In order to best determine the appropriate market rate for inflation rewards, a +moving change rate is used. The moving change rate mechanism ensures that if +the % bonded is either over or under the goal %-bonded, the inflation rate will +adjust to further incentivize or disincentivize being bonded, respectively. Setting the goal +%-bonded at less than 100% encourages the network to maintain some non-staked tokens +which should help provide some liquidity. + +It can be broken down in the following way: + +* If the actual percentage of bonded tokens is below the goal %-bonded the inflation rate will + increase until a maximum value is reached +* If the goal % bonded (67% in Cosmos-Hub) is maintained, then the inflation + rate will stay constant +* If the actual percentage of bonded tokens is above the goal %-bonded the inflation rate will + decrease until a minimum value is reached + + +## State + +### Minter + +The minter is a space for holding current inflation information. + +* Minter: `0x00 -> ProtocolBuffer(minter)` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/mint/v1beta1/mint.proto#L10-L24 +``` + +### Params + +The mint module stores its params in state with the prefix of `0x01`, +it can be updated with governance or the address with authority. + +* Params: `mint/params -> legacy_amino(params)` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/mint/v1beta1/mint.proto#L26-L59 +``` + +## Begin-Block + +Minting parameters are recalculated and inflation paid at the beginning of each block. + +### Inflation rate calculation + +Inflation rate is calculated using an "inflation calculation function" that's +passed to the `NewAppModule` function. If no function is passed, then the SDK's +default inflation function will be used (`NextInflationRate`). In case a custom +inflation calculation logic is needed, this can be achieved by defining and +passing a function that matches `InflationCalculationFn`'s signature. + +```go +type InflationCalculationFn func(ctx sdk.Context, minter Minter, params Params, bondedRatio math.LegacyDec) math.LegacyDec +``` + +#### NextInflationRate + +The target annual inflation rate is recalculated each block. +The inflation is also subject to a rate change (positive or negative) +depending on the distance from the desired ratio (67%). The maximum rate change +possible is defined to be 13% per year, however, the annual inflation is capped +as between 7% and 20%. + +```go +NextInflationRate(params Params, bondedRatio math.LegacyDec) (inflation math.LegacyDec) { + inflationRateChangePerYear = (1 - bondedRatio/params.GoalBonded) * params.InflationRateChange + inflationRateChange = inflationRateChangePerYear/blocksPerYr + + // increase the new annual inflation for this next block + inflation += inflationRateChange + if inflation > params.InflationMax { + inflation = params.InflationMax + } + if inflation < params.InflationMin { + inflation = params.InflationMin + } + + return inflation +} +``` + +### NextAnnualProvisions + +Calculate the annual provisions based on current total supply and inflation +rate. This parameter is calculated once per block. + +```go +NextAnnualProvisions(params Params, totalSupply math.LegacyDec) (provisions math.LegacyDec) { + return Inflation * totalSupply +``` + +### BlockProvision + +Calculate the provisions generated for each block based on current annual provisions. The provisions are then minted by the `mint` module's `ModuleMinterAccount` and then transferred to the `auth`'s `FeeCollector` `ModuleAccount`. + +```go +BlockProvision(params Params) sdk.Coin { + provisionAmt = AnnualProvisions/ params.BlocksPerYear + return sdk.NewCoin(params.MintDenom, provisionAmt.Truncate()) +``` + + +## Parameters + +The minting module contains the following parameters: + +| Key | Type | Example | +|---------------------|-----------------|------------------------| +| MintDenom | string | "uatom" | +| InflationRateChange | string (dec) | "0.130000000000000000" | +| InflationMax | string (dec) | "0.200000000000000000" | +| InflationMin | string (dec) | "0.070000000000000000" | +| GoalBonded | string (dec) | "0.670000000000000000" | +| BlocksPerYear | string (uint64) | "6311520" | + + +## Events + +The minting module emits the following events: + +### BeginBlocker + +| Type | Attribute Key | Attribute Value | +|------|-------------------|--------------------| +| mint | bonded_ratio | {bondedRatio} | +| mint | inflation | {inflation} | +| mint | annual_provisions | {annualProvisions} | +| mint | amount | {amount} | + + +## Client + +### CLI + +A user can query and interact with the `mint` module using the CLI. + +#### Query + +The `query` commands allows users to query `mint` state. + +```shell +simd query mint --help +``` + +##### annual-provisions + +The `annual-provisions` command allows users to query the current minting annual provisions value + +```shell +simd query mint annual-provisions [flags] +``` + +Example: + +```shell +simd query mint annual-provisions +``` + +Example Output: + +```shell +22268504368893.612100895088410693 +``` + +##### inflation + +The `inflation` command allows users to query the current minting inflation value + +```shell +simd query mint inflation [flags] +``` + +Example: + +```shell +simd query mint inflation +``` + +Example Output: + +```shell +0.199200302563256955 +``` + +##### params + +The `params` command allows users to query the current minting parameters + +```shell +simd query mint params [flags] +``` + +Example: + +```yml +blocks_per_year: "4360000" +goal_bonded: "0.670000000000000000" +inflation_max: "0.200000000000000000" +inflation_min: "0.070000000000000000" +inflation_rate_change: "0.130000000000000000" +mint_denom: stake +``` + +### gRPC + +A user can query the `mint` module using gRPC endpoints. + +#### AnnualProvisions + +The `AnnualProvisions` endpoint allows users to query the current minting annual provisions value + +```shell +/cosmos.mint.v1beta1.Query/AnnualProvisions +``` + +Example: + +```shell +grpcurl -plaintext localhost:9090 cosmos.mint.v1beta1.Query/AnnualProvisions +``` + +Example Output: + +```json +{ + "annualProvisions": "1432452520532626265712995618" +} +``` + +#### Inflation + +The `Inflation` endpoint allows users to query the current minting inflation value + +```shell +/cosmos.mint.v1beta1.Query/Inflation +``` + +Example: + +```shell +grpcurl -plaintext localhost:9090 cosmos.mint.v1beta1.Query/Inflation +``` + +Example Output: + +```json +{ + "inflation": "130197115720711261" +} +``` + +#### Params + +The `Params` endpoint allows users to query the current minting parameters + +```shell +/cosmos.mint.v1beta1.Query/Params +``` + +Example: + +```shell +grpcurl -plaintext localhost:9090 cosmos.mint.v1beta1.Query/Params +``` + +Example Output: + +```json +{ + "params": { + "mintDenom": "stake", + "inflationRateChange": "130000000000000000", + "inflationMax": "200000000000000000", + "inflationMin": "70000000000000000", + "goalBonded": "670000000000000000", + "blocksPerYear": "6311520" + } +} +``` + +### REST + +A user can query the `mint` module using REST endpoints. + +#### annual-provisions + +```shell +/cosmos/mint/v1beta1/annual_provisions +``` + +Example: + +```shell +curl "localhost:1317/cosmos/mint/v1beta1/annual_provisions" +``` + +Example Output: + +```json +{ + "annualProvisions": "1432452520532626265712995618" +} +``` + +#### inflation + +```shell +/cosmos/mint/v1beta1/inflation +``` + +Example: + +```shell +curl "localhost:1317/cosmos/mint/v1beta1/inflation" +``` + +Example Output: + +```json +{ + "inflation": "130197115720711261" +} +``` + +#### params + +```shell +/cosmos/mint/v1beta1/params +``` + +Example: + +```shell +curl "localhost:1317/cosmos/mint/v1beta1/params" +``` + +Example Output: + +```json +{ + "params": { + "mintDenom": "stake", + "inflationRateChange": "130000000000000000", + "inflationMax": "200000000000000000", + "inflationMin": "70000000000000000", + "goalBonded": "670000000000000000", + "blocksPerYear": "6311520" + } +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/modules/nft/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/modules/nft/README.md new file mode 100644 index 00000000..34c1d406 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/modules/nft/README.md @@ -0,0 +1,89 @@ +--- +sidebar_position: 1 +--- + +# `x/nft` + +## Contents + +## Abstract + +`x/nft` is an implementation of a Cosmos SDK module, per [ADR 43](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-043-nft-module.md), that allows you to create nft classification, create nft, transfer nft, update nft, and support various queries by integrating the module. It is fully compatible with the ERC721 specification. + +* [Concepts](#concepts) + * [Class](#class) + * [NFT](#nft) +* [State](#state) + * [Class](#class-1) + * [NFT](#nft-1) + * [NFTOfClassByOwner](#nftofclassbyowner) + * [Owner](#owner) + * [TotalSupply](#totalsupply) +* [Messages](#messages) + * [MsgSend](#msgsend) +* [Events](#events) + +## Concepts + +### Class + +`x/nft` module defines a struct `Class` to describe the common characteristics of a class of nft, under this class, you can create a variety of nft, which is equivalent to an erc721 contract for Ethereum. The design is defined in the [ADR 043](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-043-nft-module.md). + +### NFT + +The full name of NFT is Non-Fungible Tokens. Because of the irreplaceable nature of NFT, it means that it can be used to represent unique things. The nft implemented by this module is fully compatible with Ethereum ERC721 standard. + +## State + +### Class + +Class is mainly composed of `id`, `name`, `symbol`, `description`, `uri`, `uri_hash`,`data` where `id` is the unique identifier of the class, similar to the Ethereum ERC721 contract address, the others are optional. + +* Class: `0x01 | classID | -> ProtocolBuffer(Class)` + +### NFT + +NFT is mainly composed of `class_id`, `id`, `uri`, `uri_hash` and `data`. Among them, `class_id` and `id` are two-tuples that identify the uniqueness of nft, `uri` and `uri_hash` is optional, which identifies the off-chain storage location of the nft, and `data` is an Any type. Use Any chain of `x/nft` modules can be customized by extending this field + +* NFT: `0x02 | classID | 0x00 | nftID |-> ProtocolBuffer(NFT)` + +### NFTOfClassByOwner + +NFTOfClassByOwner is mainly to realize the function of querying all nfts using classID and owner, without other redundant functions. + +* NFTOfClassByOwner: `0x03 | owner | 0x00 | classID | 0x00 | nftID |-> 0x01` + +### Owner + +Since there is no extra field in NFT to indicate the owner of nft, an additional key-value pair is used to save the ownership of nft. With the transfer of nft, the key-value pair is updated synchronously. + +* OwnerKey: `0x04 | classID | 0x00 | nftID |-> owner` + +### TotalSupply + +TotalSupply is responsible for tracking the number of all nfts under a certain class. Mint operation is performed under the changed class, supply increases by one, burn operation, and supply decreases by one. + +* OwnerKey: `0x05 | classID |-> totalSupply` + +## Messages + +In this section we describe the processing of messages for the NFT module. + +:::warning +The validation of `ClassID` and `NftID` is left to the app developer. +The SDK does not provide any validation for these fields. +::: + +### MsgSend + +You can use the `MsgSend` message to transfer the ownership of nft. This is a function provided by the `x/nft` module. Of course, you can use the `Transfer` method to implement your own transfer logic, but you need to pay extra attention to the transfer permissions. + +The message handling should fail if: + +* provided `ClassID` does not exist. +* provided `Id` does not exist. +* provided `Sender` does not the owner of nft. + +## Events + +The nft module emits proto events defined in [the Protobuf reference](https://buf.build/cosmos/cosmos-sdk/docs/main:cosmos.nft.v1beta1). diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/modules/params/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/modules/params/README.md new file mode 100644 index 00000000..f8d374d0 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/modules/params/README.md @@ -0,0 +1,79 @@ +--- +sidebar_position: 1 +--- + +# `x/params` + +> Note: The Params module has been depreacted in favour of each module housing its own parameters. + +## Abstract + +Package params provides a globally available parameter store. + +There are two main types, Keeper and Subspace. Subspace is an isolated namespace for a +paramstore, where keys are prefixed by preconfigured spacename. Keeper has a +permission to access all existing spaces. + +Subspace can be used by the individual keepers, which need a private parameter store +that the other keepers cannot modify. The params Keeper can be used to add a route to `x/gov` router in order to modify any parameter in case a proposal passes. + +The following contents explains how to use params module for master and user modules. + +## Contents + +* [Keeper](#keeper) +* [Subspace](#subspace) + * [Key](#key) + * [KeyTable](#keytable) + * [ParamSet](#paramset) + +## Keeper + +In the app initialization stage, [subspaces](#subspace) can be allocated for other modules' keeper using `Keeper.Subspace` and are stored in `Keeper.spaces`. Then, those modules can have a reference to their specific parameter store through `Keeper.GetSubspace`. + +Example: + +```go +type ExampleKeeper struct { + paramSpace paramtypes.Subspace +} + +func (k ExampleKeeper) SetParams(ctx sdk.Context, params types.Params) { + k.paramSpace.SetParamSet(ctx, ¶ms) +} +``` + +## Subspace + +`Subspace` is a prefixed subspace of the parameter store. Each module which uses the +parameter store will take a `Subspace` to isolate permission to access. + +### Key + +Parameter keys are human readable alphanumeric strings. A parameter for the key +`"ExampleParameter"` is stored under `[]byte("SubspaceName" + "/" + "ExampleParameter")`, + where `"SubspaceName"` is the name of the subspace. + +Subkeys are secondary parameter keys those are used along with a primary parameter key. +Subkeys can be used for grouping or dynamic parameter key generation during runtime. + +### KeyTable + +All of the parameter keys that will be used should be registered at the compile +time. `KeyTable` is essentially a `map[string]attribute`, where the `string` is a parameter key. + +Currently, `attribute` consists of a `reflect.Type`, which indicates the parameter +type to check that provided key and value are compatible and registered, as well as a function `ValueValidatorFn` to validate values. + +Only primary keys have to be registered on the `KeyTable`. Subkeys inherit the +attribute of the primary key. + +### ParamSet + +Modules often define parameters as a proto message. The generated struct can implement +`ParamSet` interface to be used with the following methods: + +* `KeyTable.RegisterParamSet()`: registers all parameters in the struct +* `Subspace.{Get, Set}ParamSet()`: Get to & Set from the struct + +The implementor should be a pointer in order to use `GetParamSet()`. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/modules/protocolpool/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/modules/protocolpool/README.md new file mode 100644 index 00000000..c7e379d6 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/modules/protocolpool/README.md @@ -0,0 +1,162 @@ +--- +sidebar_position: 1 +--- + +# `x/protocolpool` + +## Concepts + +`x/protocolpool` is a supplemental Cosmos SDK module that handles functionality for community pool funds. The module provides a separate module account for the community pool making it easier to track the pool assets. Starting with v0.53 of the Cosmos SDK, community funds can be tracked using this module instead of the `x/distribution` module. Funds are migrated from the `x/distribution` module's community pool to `x/protocolpool`'s module account automatically. + +This module is `supplemental`; it is not required to run a Cosmos SDK chain. `x/protocolpool` enhances the community pool functionality provided by `x/distribution` and enables custom modules to further extend the community pool. + +Note: _as long as an external commmunity pool keeper (here, `x/protocolpool`) is wired in DI configs, `x/distribution` will automatically use it for its external pool._ + +## Usage Limitations + +The following `x/distribution` handlers will now return an error when the `protocolpool` module is used with `x/distribution`: + +**QueryService** + +- `CommunityPool` + +**MsgService** + +- `CommunityPoolSpend` +- `FundCommunityPool` + +If you have services that rely on this functionality from `x/distribution`, please update them to use the `x/protocolpool` equivalents. + +## State Transitions + +### FundCommunityPool + +FundCommunityPool can be called by any valid account to send funds to the `x/protocolpool` module account. + +```protobuf + // FundCommunityPool defines a method to allow an account to directly + // fund the community pool. + rpc FundCommunityPool(MsgFundCommunityPool) returns (MsgFundCommunityPoolResponse); +``` + +### CommunityPoolSpend + +CommunityPoolSpend can be called by the module authority (default governance module account) or any account with authorization to spend funds from the `x/protocolpool` module account to a receiver address. + +```protobuf + // CommunityPoolSpend defines a governance operation for sending tokens from + // the community pool in the x/protocolpool module to another account, which + // could be the governance module itself. The authority is defined in the + // keeper. + rpc CommunityPoolSpend(MsgCommunityPoolSpend) returns (MsgCommunityPoolSpendResponse); +``` + +### CreateContinuousFund + +CreateContinuousFund is a message used to initiate a continuous fund for a specific recipient. The proposed percentage of funds will be distributed only on withdraw request for the recipient. The fund distribution continues until expiry time is reached or continuous fund request is canceled. +NOTE: This feature is designed to work with the SDK's default bond denom. + +```protobuf + // CreateContinuousFund defines a method to distribute a percentage of funds to an address continuously. + // This ContinuousFund can be indefinite or run until a given expiry time. + // Funds come from validator block rewards from x/distribution, but may also come from + // any user who funds the ProtocolPoolEscrow module account directly through x/bank. + rpc CreateContinuousFund(MsgCreateContinuousFund) returns (MsgCreateContinuousFundResponse); +``` + +### CancelContinuousFund + +CancelContinuousFund is a message used to cancel an existing continuous fund proposal for a specific recipient. Cancelling a continuous fund stops further distribution of funds, and the state object is removed from storage. + +```protobuf + // CancelContinuousFund defines a method for cancelling continuous fund. + rpc CancelContinuousFund(MsgCancelContinuousFund) returns (MsgCancelContinuousFundResponse); +``` + +## Messages + +### MsgFundCommunityPool + +This message sends coins directly from the sender to the community pool. + +:::tip +If you know the `x/protocolpool` module account address, you can directly use bank `send` transaction instead. +::: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/proto/cosmos/protocolpool/v1/tx.proto#L43-L53 +``` + +* The msg will fail if the amount cannot be transferred from the sender to the `x/protocolpool` module account. + +```go +func (k Keeper) FundCommunityPool(ctx context.Context, amount sdk.Coins, sender sdk.AccAddress) error { + return k.bankKeeper.SendCoinsFromAccountToModule(ctx, sender, types.ModuleName, amount) +} +``` + +### MsgCommunityPoolSpend + +This message distributes funds from the `x/protocolpool` module account to the recipient using `DistributeFromCommunityPool` keeper method. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/proto/cosmos/protocolpool/v1/tx.proto#L58-L69 +``` + +The message will fail under the following conditions: + +* The amount cannot be transferred to the recipient from the `x/protocolpool` module account. +* The `recipient` address is restricted + +```go +func (k Keeper) DistributeFromCommunityPool(ctx context.Context, amount sdk.Coins, receiveAddr sdk.AccAddress) error { + return k.bankKeeper.SendCoinsFromModuleToAccount(ctx, types.ModuleName, receiveAddr, amount) +} +``` + +### MsgCreateContinuousFund + +This message is used to create a continuous fund for a specific recipient. The proposed percentage of funds will be distributed only on withdraw request for the recipient. This fund distribution continues until expiry time is reached or continuous fund request is canceled. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/proto/cosmos/protocolpool/v1/tx.proto#L114-L130 +``` + +The message will fail under the following conditions: + +- The recipient address is empty or restricted. +- The percentage is zero/negative/greater than one. +- The Expiry time is less than the current block time. + +:::warning +If two continuous fund proposals to the same address are created, the previous ContinuousFund will be updated with the new ContinuousFund. +::: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/x/protocolpool/keeper/msg_server.go#L103-L166 +``` + +### MsgCancelContinuousFund + +This message is used to cancel an existing continuous fund proposal for a specific recipient. Once canceled, the continuous fund will no longer distribute funds at each begin block, and the state object will be removed. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/x/protocolpool/proto/cosmos/protocolpool/v1/tx.proto#L136-L161 +``` + +The message will fail under the following conditions: + +- The recipient address is empty or restricted. +- The ContinuousFund for the recipient does not exist. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/x/protocolpool/keeper/msg_server.go#L188-L226 +``` + +## Client + +It takes the advantage of `AutoCLI` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/x/protocolpool/autocli.go +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/modules/slashing/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/modules/slashing/README.md new file mode 100644 index 00000000..591a9a73 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/modules/slashing/README.md @@ -0,0 +1,813 @@ +--- +sidebar_position: 1 +--- + +# `x/slashing` + +## Abstract + +This section specifies the slashing module of the Cosmos SDK, which implements functionality +first outlined in the [Cosmos Whitepaper](https://cosmos.network/about/whitepaper) in June 2016. + +The slashing module enables Cosmos SDK-based blockchains to disincentivize any attributable action +by a protocol-recognized actor with value at stake by penalizing them ("slashing"). + +Penalties may include, but are not limited to: + +* Burning some amount of their stake +* Removing their ability to vote on future blocks for a period of time. + +This module will be used by the Cosmos Hub, the first hub in the Cosmos ecosystem. + +## Contents + +* [Concepts](#concepts) + * [States](#states) + * [Tombstone Caps](#tombstone-caps) + * [Infraction Timelines](#infraction-timelines) +* [State](#state) + * [Signing Info (Liveness)](#signing-info-liveness) + * [Params](#params) +* [Messages](#messages) + * [Unjail](#unjail) +* [BeginBlock](#beginblock) + * [Liveness Tracking](#liveness-tracking) +* [Hooks](#hooks) +* [Events](#events) +* [Staking Tombstone](#staking-tombstone) +* [Parameters](#parameters) +* [CLI](#cli) + * [Query](#query) + * [Transactions](#transactions) + * [gRPC](#grpc) + * [REST](#rest) + +## Concepts + +### States + +At any given time, there are any number of validators registered in the state +machine. Each block, the top `MaxValidators` (defined by `x/staking`) validators +who are not jailed become _bonded_, meaning that they may propose and vote on +blocks. Validators who are _bonded_ are _at stake_, meaning that part or all of +their stake and their delegators' stake is at risk if they commit a protocol fault. + +For each of these validators we keep a `ValidatorSigningInfo` record that contains +information partaining to validator's liveness and other infraction related +attributes. + +### Tombstone Caps + +In order to mitigate the impact of initially likely categories of non-malicious +protocol faults, the Cosmos Hub implements for each validator +a _tombstone_ cap, which only allows a validator to be slashed once for a double +sign fault. For example, if you misconfigure your HSM and double-sign a bunch of +old blocks, you'll only be punished for the first double-sign (and then immediately tombstombed). This will still be quite expensive and desirable to avoid, but tombstone caps +somewhat blunt the economic impact of unintentional misconfiguration. + +Liveness faults do not have caps, as they can't stack upon each other. Liveness bugs are "detected" as soon as the infraction occurs, and the validators are immediately put in jail, so it is not possible for them to commit multiple liveness faults without unjailing in between. + +### Infraction Timelines + +To illustrate how the `x/slashing` module handles submitted evidence through +CometBFT consensus, consider the following examples: + +**Definitions**: + +_[_ : timeline start +_]_ : timeline end +_Cn_ : infraction `n` committed +_Dn_ : infraction `n` discovered +_Vb_ : validator bonded +_Vu_ : validator unbonded + +#### Single Double Sign Infraction + +\[----------C1----D1,Vu-----\] + +A single infraction is committed then later discovered, at which point the +validator is unbonded and slashed at the full amount for the infraction. + +#### Multiple Double Sign Infractions + +\[----------C1--C2---C3---D1,D2,D3Vu-----\] + +Multiple infractions are committed and then later discovered, at which point the +validator is jailed and slashed for only one infraction. Because the validator +is also tombstoned, they can not rejoin the validator set. + +## State + +### Signing Info (Liveness) + +Every block includes a set of precommits by the validators for the previous block, +known as the `LastCommitInfo` provided by CometBFT. A `LastCommitInfo` is valid so +long as it contains precommits from +2/3 of total voting power. + +Proposers are incentivized to include precommits from all validators in the CometBFT `LastCommitInfo` +by receiving additional fees proportional to the difference between the voting +power included in the `LastCommitInfo` and +2/3 (see [fee distribution](../distribution/README.md#begin-block)). + +```go +type LastCommitInfo struct { + Round int32 + Votes []VoteInfo +} +``` + +Validators are penalized for failing to be included in the `LastCommitInfo` for some +number of blocks by being automatically jailed, potentially slashed, and unbonded. + +Information about validator's liveness activity is tracked through `ValidatorSigningInfo`. +It is indexed in the store as follows: + +* ValidatorSigningInfo: `0x01 | ConsAddrLen (1 byte) | ConsAddress -> ProtocolBuffer(ValSigningInfo)` +* MissedBlocksBitArray: `0x02 | ConsAddrLen (1 byte) | ConsAddress | LittleEndianUint64(signArrayIndex) -> VarInt(didMiss)` (varint is a number encoding format) + +The first mapping allows us to easily lookup the recent signing info for a +validator based on the validator's consensus address. + +The second mapping (`MissedBlocksBitArray`) acts +as a bit-array of size `SignedBlocksWindow` that tells us if the validator missed +the block for a given index in the bit-array. The index in the bit-array is given +as little endian uint64. +The result is a `varint` that takes on `0` or `1`, where `0` indicates the +validator did not miss (did sign) the corresponding block, and `1` indicates +they missed the block (did not sign). + +Note that the `MissedBlocksBitArray` is not explicitly initialized up-front. Keys +are added as we progress through the first `SignedBlocksWindow` blocks for a newly +bonded validator. The `SignedBlocksWindow` parameter defines the size +(number of blocks) of the sliding window used to track validator liveness. + +The information stored for tracking validator liveness is as follows: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/slashing/v1beta1/slashing.proto#L13-L35 +``` + +### Params + +The slashing module stores it's params in state with the prefix of `0x00`, +it can be updated with governance or the address with authority. + +* Params: `0x00 | ProtocolBuffer(Params)` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/slashing/v1beta1/slashing.proto#L37-L59 +``` + +## Messages + +In this section we describe the processing of messages for the `slashing` module. + +### Unjail + +If a validator was automatically unbonded due to downtime and wishes to come back online & +possibly rejoin the bonded set, it must send `MsgUnjail`: + +```protobuf +// MsgUnjail is an sdk.Msg used for unjailing a jailed validator, thus returning +// them into the bonded validator set, so they can begin receiving provisions +// and rewards again. +message MsgUnjail { + string validator_addr = 1; +} +``` + +Below is a pseudocode of the `MsgSrv/Unjail` RPC: + +```go +unjail(tx MsgUnjail) + validator = getValidator(tx.ValidatorAddr) + if validator == nil + fail with "No validator found" + + if getSelfDelegation(validator) == 0 + fail with "validator must self delegate before unjailing" + + if !validator.Jailed + fail with "Validator not jailed, cannot unjail" + + info = GetValidatorSigningInfo(operator) + if info.Tombstoned + fail with "Tombstoned validator cannot be unjailed" + if block time < info.JailedUntil + fail with "Validator still jailed, cannot unjail until period has expired" + + validator.Jailed = false + setValidator(validator) + + return +``` + +If the validator has enough stake to be in the top `n = MaximumBondedValidators`, it will be automatically rebonded, +and all delegators still delegated to the validator will be rebonded and begin to again collect +provisions and rewards. + +## BeginBlock + +### Liveness Tracking + +At the beginning of each block, we update the `ValidatorSigningInfo` for each +validator and check if they've crossed below the liveness threshold over a +sliding window. This sliding window is defined by `SignedBlocksWindow` and the +index in this window is determined by `IndexOffset` found in the validator's +`ValidatorSigningInfo`. For each block processed, the `IndexOffset` is incremented +regardless if the validator signed or not. Once the index is determined, the +`MissedBlocksBitArray` and `MissedBlocksCounter` are updated accordingly. + +Finally, in order to determine if a validator crosses below the liveness threshold, +we fetch the maximum number of blocks missed, `maxMissed`, which is +`SignedBlocksWindow - (MinSignedPerWindow * SignedBlocksWindow)` and the minimum +height at which we can determine liveness, `minHeight`. If the current block is +greater than `minHeight` and the validator's `MissedBlocksCounter` is greater than +`maxMissed`, they will be slashed by `SlashFractionDowntime`, will be jailed +for `DowntimeJailDuration`, and have the following values reset: +`MissedBlocksBitArray`, `MissedBlocksCounter`, and `IndexOffset`. + +**Note**: Liveness slashes do **NOT** lead to a tombstombing. + +```go +height := block.Height + +for vote in block.LastCommitInfo.Votes { + signInfo := GetValidatorSigningInfo(vote.Validator.Address) + + // This is a relative index, so we counts blocks the validator SHOULD have + // signed. We use the 0-value default signing info if not present, except for + // start height. + index := signInfo.IndexOffset % SignedBlocksWindow() + signInfo.IndexOffset++ + + // Update MissedBlocksBitArray and MissedBlocksCounter. The MissedBlocksCounter + // just tracks the sum of MissedBlocksBitArray. That way we avoid needing to + // read/write the whole array each time. + missedPrevious := GetValidatorMissedBlockBitArray(vote.Validator.Address, index) + missed := !signed + + switch { + case !missedPrevious && missed: + // array index has changed from not missed to missed, increment counter + SetValidatorMissedBlockBitArray(vote.Validator.Address, index, true) + signInfo.MissedBlocksCounter++ + + case missedPrevious && !missed: + // array index has changed from missed to not missed, decrement counter + SetValidatorMissedBlockBitArray(vote.Validator.Address, index, false) + signInfo.MissedBlocksCounter-- + + default: + // array index at this index has not changed; no need to update counter + } + + if missed { + // emit events... + } + + minHeight := signInfo.StartHeight + SignedBlocksWindow() + maxMissed := SignedBlocksWindow() - MinSignedPerWindow() + + // If we are past the minimum height and the validator has missed too many + // jail and slash them. + if height > minHeight && signInfo.MissedBlocksCounter > maxMissed { + validator := ValidatorByConsAddr(vote.Validator.Address) + + // emit events... + + // We need to retrieve the stake distribution which signed the block, so we + // subtract ValidatorUpdateDelay from the block height, and subtract an + // additional 1 since this is the LastCommit. + // + // Note, that this CAN result in a negative "distributionHeight" up to + // -ValidatorUpdateDelay-1, i.e. at the end of the pre-genesis block (none) = at the beginning of the genesis block. + // That's fine since this is just used to filter unbonding delegations & redelegations. + distributionHeight := height - sdk.ValidatorUpdateDelay - 1 + + SlashWithInfractionReason(vote.Validator.Address, distributionHeight, vote.Validator.Power, SlashFractionDowntime(), stakingtypes.Downtime) + Jail(vote.Validator.Address) + + signInfo.JailedUntil = block.Time.Add(DowntimeJailDuration()) + + // We need to reset the counter & array so that the validator won't be + // immediately slashed for downtime upon rebonding. + signInfo.MissedBlocksCounter = 0 + signInfo.IndexOffset = 0 + ClearValidatorMissedBlockBitArray(vote.Validator.Address) + } + + SetValidatorSigningInfo(vote.Validator.Address, signInfo) +} +``` + +## Hooks + +This section contains a description of the module's `hooks`. Hooks are operations that are executed automatically when events are raised. + +### Staking hooks + +The slashing module implements the `StakingHooks` defined in `x/staking` and are used as record-keeping of validators information. During the app initialization, these hooks should be registered in the staking module struct. + +The following hooks impact the slashing state: + +* `AfterValidatorBonded` creates a `ValidatorSigningInfo` instance as described in the following section. +* `AfterValidatorCreated` stores a validator's consensus key. +* `AfterValidatorRemoved` removes a validator's consensus key. + +### Validator Bonded + +Upon successful first-time bonding of a new validator, we create a new `ValidatorSigningInfo` structure for the +now-bonded validator, which `StartHeight` of the current block. + +If the validator was out of the validator set and gets bonded again, its new bonded height is set. + +```go +onValidatorBonded(address sdk.ValAddress) + + signingInfo, found = GetValidatorSigningInfo(address) + if !found { + signingInfo = ValidatorSigningInfo { + StartHeight : CurrentHeight, + IndexOffset : 0, + JailedUntil : time.Unix(0, 0), + Tombstone : false, + MissedBloskCounter : 0 + } else { + signingInfo.StartHeight = CurrentHeight + } + + setValidatorSigningInfo(signingInfo) + } + + return +``` + +## Events + +The slashing module emits the following events: + +### MsgServer + +#### MsgUnjail + +| Type | Attribute Key | Attribute Value | +| ------- | ------------- | ------------------ | +| message | module | slashing | +| message | sender | {validatorAddress} | + +### Keeper + +### BeginBlocker: HandleValidatorSignature + +| Type | Attribute Key | Attribute Value | +| ----- | ------------- | --------------------------- | +| slash | address | {validatorConsensusAddress} | +| slash | power | {validatorPower} | +| slash | reason | {slashReason} | +| slash | jailed [0] | {validatorConsensusAddress} | +| slash | burned coins | {math.Int} | + +* [0] Only included if the validator is jailed. + +| Type | Attribute Key | Attribute Value | +| -------- | ------------- | --------------------------- | +| liveness | address | {validatorConsensusAddress} | +| liveness | missed_blocks | {missedBlocksCounter} | +| liveness | height | {blockHeight} | + +#### Slash + +* same as `"slash"` event from `HandleValidatorSignature`, but without the `jailed` attribute. + +#### Jail + +| Type | Attribute Key | Attribute Value | +| ----- | ------------- | ------------------ | +| slash | jailed | {validatorAddress} | + +## Staking Tombstone + +### Abstract + +In the current implementation of the `slashing` module, when the consensus engine +informs the state machine of a validator's consensus fault, the validator is +partially slashed, and put into a "jail period", a period of time in which they +are not allowed to rejoin the validator set. However, because of the nature of +consensus faults and ABCI, there can be a delay between an infraction occurring, +and evidence of the infraction reaching the state machine (this is one of the +primary reasons for the existence of the unbonding period). + +> Note: The tombstone concept, only applies to faults that have a delay between +> the infraction occurring and evidence reaching the state machine. For example, +> evidence of a validator double signing may take a while to reach the state machine +> due to unpredictable evidence gossip layer delays and the ability of validators to +> selectively reveal double-signatures (e.g. to infrequently-online light clients). +> Liveness slashing, on the other hand, is detected immediately as soon as the +> infraction occurs, and therefore no slashing period is needed. A validator is +> immediately put into jail period, and they cannot commit another liveness fault +> until they unjail. In the future, there may be other types of byzantine faults +> that have delays (for example, submitting evidence of an invalid proposal as a transaction). +> When implemented, it will have to be decided whether these future types of +> byzantine faults will result in a tombstoning (and if not, the slash amounts +> will not be capped by a slashing period). + +In the current system design, once a validator is put in the jail for a consensus +fault, after the `JailPeriod` they are allowed to send a transaction to `unjail` +themselves, and thus rejoin the validator set. + +One of the "design desires" of the `slashing` module is that if multiple +infractions occur before evidence is executed (and a validator is put in jail), +they should only be punished for single worst infraction, but not cumulatively. +For example, if the sequence of events is: + +1. Validator A commits Infraction 1 (worth 30% slash) +2. Validator A commits Infraction 2 (worth 40% slash) +3. Validator A commits Infraction 3 (worth 35% slash) +4. Evidence for Infraction 1 reaches state machine (and validator is put in jail) +5. Evidence for Infraction 2 reaches state machine +6. Evidence for Infraction 3 reaches state machine + +Only Infraction 2 should have its slash take effect, as it is the highest. This +is done, so that in the case of the compromise of a validator's consensus key, +they will only be punished once, even if the hacker double-signs many blocks. +Because, the unjailing has to be done with the validator's operator key, they +have a chance to re-secure their consensus key, and then signal that they are +ready using their operator key. We call this period during which we track only +the max infraction, the "slashing period". + +Once, a validator rejoins by unjailing themselves, we begin a new slashing period; +if they commit a new infraction after unjailing, it gets slashed cumulatively on +top of the worst infraction from the previous slashing period. + +However, while infractions are grouped based off of the slashing periods, because +evidence can be submitted up to an `unbondingPeriod` after the infraction, we +still have to allow for evidence to be submitted for previous slashing periods. +For example, if the sequence of events is: + +1. Validator A commits Infraction 1 (worth 30% slash) +2. Validator A commits Infraction 2 (worth 40% slash) +3. Evidence for Infraction 1 reaches state machine (and Validator A is put in jail) +4. Validator A unjails + +We are now in a new slashing period, however we still have to keep the door open +for the previous infraction, as the evidence for Infraction 2 may still come in. +As the number of slashing periods increase, it creates more complexity as we have +to keep track of the highest infraction amount for every single slashing period. + +> Note: Currently, according to the `slashing` module spec, a new slashing period +> is created every time a validator is unbonded then rebonded. This should probably +> be changed to jailed/unjailed. See issue [#3205](https://github.com/cosmos/cosmos-sdk/issues/3205) +> for further details. For the remainder of this, I will assume that we only start +> a new slashing period when a validator gets unjailed. + +The maximum number of slashing periods is the `len(UnbondingPeriod) / len(JailPeriod)`. +The current defaults in Gaia for the `UnbondingPeriod` and `JailPeriod` are 3 weeks +and 2 days, respectively. This means there could potentially be up to 11 slashing +periods concurrently being tracked per validator. If we set the `JailPeriod >= UnbondingPeriod`, +we only have to track 1 slashing period (i.e not have to track slashing periods). + +Currently, in the jail period implementation, once a validator unjails, all of +their delegators who are delegated to them (haven't unbonded / redelegated away), +stay with them. Given that consensus safety faults are so egregious +(way more so than liveness faults), it is probably prudent to have delegators not +"auto-rebond" to the validator. + +#### Proposal: infinite jail + +We propose setting the "jail time" for a +validator who commits a consensus safety fault, to `infinite` (i.e. a tombstone state). +This essentially kicks the validator out of the validator set and does not allow +them to re-enter the validator set. All of their delegators (including the operator themselves) +have to either unbond or redelegate away. The validator operator can create a new +validator if they would like, with a new operator key and consensus key, but they +have to "re-earn" their delegations back. + +Implementing the tombstone system and getting rid of the slashing period tracking +will make the `slashing` module way simpler, especially because we can remove all +of the hooks defined in the `slashing` module consumed by the `staking` module +(the `slashing` module still consumes hooks defined in `staking`). + +#### Single slashing amount + +Another optimization that can be made is that if we assume that all ABCI faults +for CometBFT consensus are slashed at the same level, we don't have to keep +track of "max slash". Once an ABCI fault happens, we don't have to worry about +comparing potential future ones to find the max. + +Currently the only CometBFT ABCI fault is: + +* Unjustified precommits (double signs) + +It is currently planned to include the following fault in the near future: + +* Signing a precommit when you're in unbonding phase (needed to make light client bisection safe) + +Given that these faults are both attributable byzantine faults, we will likely +want to slash them equally, and thus we can enact the above change. + +> Note: This change may make sense for current CometBFT consensus, but maybe +> not for a different consensus algorithm or future versions of CometBFT that +> may want to punish at different levels (for example, partial slashing). + +## Parameters + +The slashing module contains the following parameters: + +| Key | Type | Example | +| ----------------------- | -------------- | ---------------------- | +| SignedBlocksWindow | string (int64) | "100" | +| MinSignedPerWindow | string (dec) | "0.500000000000000000" | +| DowntimeJailDuration | string (ns) | "600000000000" | +| SlashFractionDoubleSign | string (dec) | "0.050000000000000000" | +| SlashFractionDowntime | string (dec) | "0.010000000000000000" | + +## CLI + +A user can query and interact with the `slashing` module using the CLI. + +### Query + +The `query` commands allow users to query `slashing` state. + +```shell +simd query slashing --help +``` + +#### params + +The `params` command allows users to query genesis parameters for the slashing module. + +```shell +simd query slashing params [flags] +``` + +Example: + +```shell +simd query slashing params +``` + +Example Output: + +```yml +downtime_jail_duration: 600s +min_signed_per_window: "0.500000000000000000" +signed_blocks_window: "100" +slash_fraction_double_sign: "0.050000000000000000" +slash_fraction_downtime: "0.010000000000000000" +``` + +#### signing-info + +The `signing-info` command allows users to query signing-info of the validator using consensus public key. + +```shell +simd query slashing signing-infos [flags] +``` + +Example: + +```shell +simd query slashing signing-info '{"@type":"/cosmos.crypto.ed25519.PubKey","key":"Auxs3865HpB/EfssYOzfqNhEJjzys6jD5B6tPgC8="}' + +``` + +Example Output: + +```yml +address: cosmosvalcons1nrqsld3aw6lh6t082frdqc84uwxn0t958c +index_offset: "2068" +jailed_until: "1970-01-01T00:00:00Z" +missed_blocks_counter: "0" +start_height: "0" +tombstoned: false +``` + +#### signing-infos + +The `signing-infos` command allows users to query signing infos of all validators. + +```shell +simd query slashing signing-infos [flags] +``` + +Example: + +```shell +simd query slashing signing-infos +``` + +Example Output: + +```yml +info: +- address: cosmosvalcons1nrqsld3aw6lh6t082frdqc84uwxn0t958c + index_offset: "2075" + jailed_until: "1970-01-01T00:00:00Z" + missed_blocks_counter: "0" + start_height: "0" + tombstoned: false +pagination: + next_key: null + total: "0" +``` + +### Transactions + +The `tx` commands allow users to interact with the `slashing` module. + +```bash +simd tx slashing --help +``` + +#### unjail + +The `unjail` command allows users to unjail a validator previously jailed for downtime. + +```bash +simd tx slashing unjail --from mykey [flags] +``` + +Example: + +```bash +simd tx slashing unjail --from mykey +``` + +### gRPC + +A user can query the `slashing` module using gRPC endpoints. + +#### Params + +The `Params` endpoint allows users to query the parameters of slashing module. + +```shell +cosmos.slashing.v1beta1.Query/Params +``` + +Example: + +```shell +grpcurl -plaintext localhost:9090 cosmos.slashing.v1beta1.Query/Params +``` + +Example Output: + +```json +{ + "params": { + "signedBlocksWindow": "100", + "minSignedPerWindow": "NTAwMDAwMDAwMDAwMDAwMDAw", + "downtimeJailDuration": "600s", + "slashFractionDoubleSign": "NTAwMDAwMDAwMDAwMDAwMDA=", + "slashFractionDowntime": "MTAwMDAwMDAwMDAwMDAwMDA=" + } +} +``` + +#### SigningInfo + +The SigningInfo queries the signing info of given cons address. + +```shell +cosmos.slashing.v1beta1.Query/SigningInfo +``` + +Example: + +```shell +grpcurl -plaintext -d '{"cons_address":"cosmosvalcons1nrqsld3aw6lh6t082frdqc84uwxn0t958c"}' localhost:9090 cosmos.slashing.v1beta1.Query/SigningInfo +``` + +Example Output: + +```json +{ + "valSigningInfo": { + "address": "cosmosvalcons1nrqsld3aw6lh6t082frdqc84uwxn0t958c", + "indexOffset": "3493", + "jailedUntil": "1970-01-01T00:00:00Z" + } +} +``` + +#### SigningInfos + +The SigningInfos queries signing info of all validators. + +```shell +cosmos.slashing.v1beta1.Query/SigningInfos +``` + +Example: + +```shell +grpcurl -plaintext localhost:9090 cosmos.slashing.v1beta1.Query/SigningInfos +``` + +Example Output: + +```json +{ + "info": [ + { + "address": "cosmosvalcons1nrqslkwd3pz096lh6t082frdqc84uwxn0t958c", + "indexOffset": "2467", + "jailedUntil": "1970-01-01T00:00:00Z" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### REST + +A user can query the `slashing` module using REST endpoints. + +#### Params + +```shell +/cosmos/slashing/v1beta1/params +``` + +Example: + +```shell +curl "localhost:1317/cosmos/slashing/v1beta1/params" +``` + +Example Output: + +```json +{ + "params": { + "signed_blocks_window": "100", + "min_signed_per_window": "0.500000000000000000", + "downtime_jail_duration": "600s", + "slash_fraction_double_sign": "0.050000000000000000", + "slash_fraction_downtime": "0.010000000000000000" +} +``` + +#### signing_info + +```shell +/cosmos/slashing/v1beta1/signing_infos/%s +``` + +Example: + +```shell +curl "localhost:1317/cosmos/slashing/v1beta1/signing_infos/cosmosvalcons1nrqslkwd3pz096lh6t082frdqc84uwxn0t958c" +``` + +Example Output: + +```json +{ + "val_signing_info": { + "address": "cosmosvalcons1nrqslkwd3pz096lh6t082frdqc84uwxn0t958c", + "start_height": "0", + "index_offset": "4184", + "jailed_until": "1970-01-01T00:00:00Z", + "tombstoned": false, + "missed_blocks_counter": "0" + } +} +``` + +#### signing_infos + +```shell +/cosmos/slashing/v1beta1/signing_infos +``` + +Example: + +```shell +curl "localhost:1317/cosmos/slashing/v1beta1/signing_infos +``` + +Example Output: + +```json +{ + "info": [ + { + "address": "cosmosvalcons1nrqslkwd3pz096lh6t082frdqc84uwxn0t958c", + "start_height": "0", + "index_offset": "4169", + "jailed_until": "1970-01-01T00:00:00Z", + "tombstoned": false, + "missed_blocks_counter": "0" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/modules/staking/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/modules/staking/README.md new file mode 100644 index 00000000..c011a593 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/modules/staking/README.md @@ -0,0 +1,3058 @@ +--- +sidebar_position: 1 +--- + +# `x/staking` + +## Abstract + +This paper specifies the Staking module of the Cosmos SDK that was first +described in the [Cosmos Whitepaper](https://cosmos.network/about/whitepaper) +in June 2016. + +The module enables Cosmos SDK-based blockchain to support an advanced +Proof-of-Stake (PoS) system. In this system, holders of the native staking token of +the chain can become validators and can delegate tokens to validators, +ultimately determining the effective validator set for the system. + +This module is used in the Cosmos Hub, the first Hub in the Cosmos +network. + +## Contents + +* [State](#state) + * [Pool](#pool) + * [LastTotalPower](#lasttotalpower) + * [ValidatorUpdates](#validatorupdates) + * [UnbondingID](#unbondingid) + * [Params](#params) + * [Validator](#validator) + * [Delegation](#delegation) + * [UnbondingDelegation](#unbondingdelegation) + * [Redelegation](#redelegation) + * [Queues](#queues) + * [HistoricalInfo](#historicalinfo) +* [State Transitions](#state-transitions) + * [Validators](#validators) + * [Delegations](#delegations) + * [Slashing](#slashing) + * [How Shares are calculated](#how-shares-are-calculated) +* [Messages](#messages) + * [MsgCreateValidator](#msgcreatevalidator) + * [MsgEditValidator](#msgeditvalidator) + * [MsgDelegate](#msgdelegate) + * [MsgUndelegate](#msgundelegate) + * [MsgCancelUnbondingDelegation](#msgcancelunbondingdelegation) + * [MsgBeginRedelegate](#msgbeginredelegate) + * [MsgUpdateParams](#msgupdateparams) +* [Begin-Block](#begin-block) + * [Historical Info Tracking](#historical-info-tracking) +* [End-Block](#end-block) + * [Validator Set Changes](#validator-set-changes) + * [Queues](#queues-1) +* [Hooks](#hooks) +* [Events](#events) + * [EndBlocker](#endblocker) + * [Msg's](#msgs) +* [Parameters](#parameters) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) + +## State + +### Pool + +Pool is used for tracking bonded and not-bonded token supply of the bond denomination. + +### LastTotalPower + +LastTotalPower tracks the total amounts of bonded tokens recorded during the previous end block. +Store entries prefixed with "Last" must remain unchanged until EndBlock. + +* LastTotalPower: `0x12 -> ProtocolBuffer(math.Int)` + +### ValidatorUpdates + +ValidatorUpdates contains the validator updates returned to ABCI at the end of every block. +The values are overwritten in every block. + +* ValidatorUpdates `0x61 -> []abci.ValidatorUpdate` + +### UnbondingID + +UnbondingID stores the ID of the latest unbonding operation. It enables creating unique IDs for unbonding operations, i.e., UnbondingID is incremented every time a new unbonding operation (validator unbonding, unbonding delegation, redelegation) is initiated. + +* UnbondingID: `0x37 -> uint64` + +### Params + +The staking module stores its params in state with the prefix of `0x51`, +it can be updated with governance or the address with authority. + +* Params: `0x51 | ProtocolBuffer(Params)` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L310-L333 +``` + +### Validator + +Validators can have one of three statuses + +* `Unbonded`: The validator is not in the active set. They cannot sign blocks and do not earn + rewards. They can receive delegations. +* `Bonded`: Once the validator receives sufficient bonded tokens they automatically join the + active set during [`EndBlock`](#validator-set-changes) and their status is updated to `Bonded`. + They are signing blocks and receiving rewards. They can receive further delegations. + They can be slashed for misbehavior. Delegators to this validator who unbond their delegation + must wait the duration of the UnbondingTime, a chain-specific param, during which time + they are still slashable for offences of the source validator if those offences were committed + during the period of time that the tokens were bonded. +* `Unbonding`: When a validator leaves the active set, either by choice or due to slashing, jailing or + tombstoning, an unbonding of all their delegations begins. All delegations must then wait the UnbondingTime + before their tokens are moved to their accounts from the `BondedPool`. + +:::warning +Tombstoning is permanent, once tombstoned a validator's consensus key can not be reused within the chain where the tombstoning happened. +::: + +Validators objects should be primarily stored and accessed by the +`OperatorAddr`, an SDK validator address for the operator of the validator. Two +additional indices are maintained per validator object in order to fulfill +required lookups for slashing and validator-set updates. A third special index +(`LastValidatorPower`) is also maintained which however remains constant +throughout each block, unlike the first two indices which mirror the validator +records within a block. + +* Validators: `0x21 | OperatorAddrLen (1 byte) | OperatorAddr -> ProtocolBuffer(validator)` +* ValidatorsByConsAddr: `0x22 | ConsAddrLen (1 byte) | ConsAddr -> OperatorAddr` +* ValidatorsByPower: `0x23 | BigEndian(ConsensusPower) | OperatorAddrLen (1 byte) | OperatorAddr -> OperatorAddr` +* LastValidatorsPower: `0x11 | OperatorAddrLen (1 byte) | OperatorAddr -> ProtocolBuffer(ConsensusPower)` +* ValidatorsByUnbondingID: `0x38 | UnbondingID -> 0x21 | OperatorAddrLen (1 byte) | OperatorAddr` + +`Validators` is the primary index - it ensures that each operator can have only one +associated validator, where the public key of that validator can change in the +future. Delegators can refer to the immutable operator of the validator, without +concern for the changing public key. + +`ValidatorsByUnbondingID` is an additional index that enables lookups for + validators by the unbonding IDs corresponding to their current unbonding. + +`ValidatorByConsAddr` is an additional index that enables lookups for slashing. +When CometBFT reports evidence, it provides the validator address, so this +map is needed to find the operator. Note that the `ConsAddr` corresponds to the +address which can be derived from the validator's `ConsPubKey`. + +`ValidatorsByPower` is an additional index that provides a sorted list of +potential validators to quickly determine the current active set. Here +ConsensusPower is validator.Tokens/10^6 by default. Note that all validators +where `Jailed` is true are not stored within this index. + +`LastValidatorsPower` is a special index that provides a historical list of the +last-block's bonded validators. This index remains constant during a block but +is updated during the validator set update process which takes place in [`EndBlock`](#end-block). + +Each validator's state is stored in a `Validator` struct: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L82-L138 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L26-L80 +``` + +### Delegation + +Delegations are identified by combining `DelegatorAddr` (the address of the delegator) +with the `ValidatorAddr` Delegators are indexed in the store as follows: + +* Delegation: `0x31 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValidatorAddrLen (1 byte) | ValidatorAddr -> ProtocolBuffer(delegation)` + +Stake holders may delegate coins to validators; under this circumstance their +funds are held in a `Delegation` data structure. It is owned by one +delegator, and is associated with the shares for one validator. The sender of +the transaction is the owner of the bond. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L198-L216 +``` + +#### Delegator Shares + +When one delegates tokens to a Validator, they are issued a number of delegator shares based on a +dynamic exchange rate, calculated as follows from the total number of tokens delegated to the +validator and the number of shares issued so far: + +`Shares per Token = validator.TotalShares() / validator.Tokens()` + +Only the number of shares received is stored on the DelegationEntry. When a delegator then +Undelegates, the token amount they receive is calculated from the number of shares they currently +hold and the inverse exchange rate: + +`Tokens per Share = validator.Tokens() / validatorShares()` + +These `Shares` are simply an accounting mechanism. They are not a fungible asset. The reason for +this mechanism is to simplify the accounting around slashing. Rather than iteratively slashing the +tokens of every delegation entry, instead the Validator's total bonded tokens can be slashed, +effectively reducing the value of each issued delegator share. + +### UnbondingDelegation + +Shares in a `Delegation` can be unbonded, but they must for some time exist as +an `UnbondingDelegation`, where shares can be reduced if Byzantine behavior is +detected. + +`UnbondingDelegation` are indexed in the store as: + +* UnbondingDelegation: `0x32 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValidatorAddrLen (1 byte) | ValidatorAddr -> ProtocolBuffer(unbondingDelegation)` +* UnbondingDelegationsFromValidator: `0x33 | ValidatorAddrLen (1 byte) | ValidatorAddr | DelegatorAddrLen (1 byte) | DelegatorAddr -> nil` +* UnbondingDelegationByUnbondingId: `0x38 | UnbondingId -> 0x32 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValidatorAddrLen (1 byte) | ValidatorAddr` + `UnbondingDelegation` is used in queries, to lookup all unbonding delegations for + a given delegator. + +`UnbondingDelegationsFromValidator` is used in slashing, to lookup all + unbonding delegations associated with a given validator that need to be + slashed. + + `UnbondingDelegationByUnbondingId` is an additional index that enables + lookups for unbonding delegations by the unbonding IDs of the containing + unbonding delegation entries. + + +A UnbondingDelegation object is created every time an unbonding is initiated. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L218-L261 +``` + +### Redelegation + +The bonded tokens worth of a `Delegation` may be instantly redelegated from a +source validator to a different validator (destination validator). However when +this occurs they must be tracked in a `Redelegation` object, whereby their +shares can be slashed if their tokens have contributed to a Byzantine fault +committed by the source validator. + +`Redelegation` are indexed in the store as: + +* Redelegations: `0x34 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValidatorAddrLen (1 byte) | ValidatorSrcAddr | ValidatorDstAddr -> ProtocolBuffer(redelegation)` +* RedelegationsBySrc: `0x35 | ValidatorSrcAddrLen (1 byte) | ValidatorSrcAddr | ValidatorDstAddrLen (1 byte) | ValidatorDstAddr | DelegatorAddrLen (1 byte) | DelegatorAddr -> nil` +* RedelegationsByDst: `0x36 | ValidatorDstAddrLen (1 byte) | ValidatorDstAddr | ValidatorSrcAddrLen (1 byte) | ValidatorSrcAddr | DelegatorAddrLen (1 byte) | DelegatorAddr -> nil` +* RedelegationByUnbondingId: `0x38 | UnbondingId -> 0x34 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValidatorAddrLen (1 byte) | ValidatorSrcAddr | ValidatorDstAddr` + + `Redelegations` is used for queries, to lookup all redelegations for a given + delegator. + + `RedelegationsBySrc` is used for slashing based on the `ValidatorSrcAddr`. + + `RedelegationsByDst` is used for slashing based on the `ValidatorDstAddr` + +The first map here is used for queries, to lookup all redelegations for a given +delegator. The second map is used for slashing based on the `ValidatorSrcAddr`, +while the third map is for slashing based on the `ValidatorDstAddr`. + +`RedelegationByUnbondingId` is an additional index that enables + lookups for redelegations by the unbonding IDs of the containing + redelegation entries. + +A redelegation object is created every time a redelegation occurs. To prevent +"redelegation hopping" redelegations may not occur under the situation that: + +* the (re)delegator already has another immature redelegation in progress + with a destination to a validator (let's call it `Validator X`) +* and, the (re)delegator is attempting to create a _new_ redelegation + where the source validator for this new redelegation is `Validator X`. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L263-L308 +``` + +### Queues + +All queue objects are sorted by timestamp. The time used within any queue is +firstly converted to UTC, rounded to the nearest nanosecond then sorted. The sortable time format +used is a slight modification of the RFC3339Nano and uses the format string +`"2006-01-02T15:04:05.000000000"`. Notably this format: + +* right pads all zeros +* drops the time zone info (we already use UTC) + +In all cases, the stored timestamp represents the maturation time of the queue +element. + +#### UnbondingDelegationQueue + +For the purpose of tracking progress of unbonding delegations the unbonding +delegations queue is kept. + +* UnbondingDelegation: `0x41 | format(time) -> []DVPair` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L162-L172 +``` + +#### RedelegationQueue + +For the purpose of tracking progress of redelegations the redelegation queue is +kept. + +* RedelegationQueue: `0x42 | format(time) -> []DVVTriplet` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L179-L191 +``` + +#### ValidatorQueue + +For the purpose of tracking progress of unbonding validators the validator +queue is kept. + +* ValidatorQueueTime: `0x43 | format(time) -> []sdk.ValAddress` + +The stored object by each key is an array of validator operator addresses from +which the validator object can be accessed. Typically it is expected that only +a single validator record will be associated with a given timestamp however it is possible +that multiple validators exist in the queue at the same location. + +### HistoricalInfo + +HistoricalInfo objects are stored and pruned at each block such that the staking keeper persists +the `n` most recent historical info defined by staking module parameter: `HistoricalEntries`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L17-L24 +``` + +At each BeginBlock, the staking keeper will persist the current Header and the Validators that committed +the current block in a `HistoricalInfo` object. The Validators are sorted on their address to ensure that +they are in a deterministic order. +The oldest HistoricalEntries will be pruned to ensure that there only exist the parameter-defined number of +historical entries. + +## State Transitions + +### Validators + +State transitions in validators are performed on every [`EndBlock`](#validator-set-changes) +in order to check for changes in the active `ValidatorSet`. + +A validator can be `Unbonded`, `Unbonding` or `Bonded`. `Unbonded` +and `Unbonding` are collectively called `Not Bonded`. A validator can move +directly between all the states, except for from `Bonded` to `Unbonded`. + +#### Not bonded to Bonded + +The following transition occurs when a validator's ranking in the `ValidatorPowerIndex` surpasses +that of the `LastValidator`. + +* set `validator.Status` to `Bonded` +* send the `validator.Tokens` from the `NotBondedTokens` to the `BondedPool` `ModuleAccount` +* delete the existing record from `ValidatorByPowerIndex` +* add a new updated record to the `ValidatorByPowerIndex` +* update the `Validator` object for this validator +* if it exists, delete any `ValidatorQueue` record for this validator + +#### Bonded to Unbonding + +When a validator begins the unbonding process the following operations occur: + +* send the `validator.Tokens` from the `BondedPool` to the `NotBondedTokens` `ModuleAccount` +* set `validator.Status` to `Unbonding` +* delete the existing record from `ValidatorByPowerIndex` +* add a new updated record to the `ValidatorByPowerIndex` +* update the `Validator` object for this validator +* insert a new record into the `ValidatorQueue` for this validator + +#### Unbonding to Unbonded + +A validator moves from unbonding to unbonded when the `ValidatorQueue` object +moves from bonded to unbonded + +* update the `Validator` object for this validator +* set `validator.Status` to `Unbonded` + +#### Jail/Unjail + +when a validator is jailed it is effectively removed from the CometBFT set. +this process may be also be reversed. the following operations occur: + +* set `Validator.Jailed` and update object +* if jailed delete record from `ValidatorByPowerIndex` +* if unjailed add record to `ValidatorByPowerIndex` + +Jailed validators are not present in any of the following stores: + +* the power store (from consensus power to address) + +### Delegations + +#### Delegate + +When a delegation occurs both the validator and the delegation objects are affected + +* determine the delegators shares based on tokens delegated and the validator's exchange rate +* remove tokens from the sending account +* add shares the delegation object or add them to a created validator object +* add new delegator shares and update the `Validator` object +* transfer the `delegation.Amount` from the delegator's account to the `BondedPool` or the `NotBondedPool` `ModuleAccount` depending if the `validator.Status` is `Bonded` or not +* delete the existing record from `ValidatorByPowerIndex` +* add an new updated record to the `ValidatorByPowerIndex` + +#### Begin Unbonding + +As a part of the Undelegate and Complete Unbonding state transitions Unbond +Delegation may be called. + +* subtract the unbonded shares from delegator +* add the unbonded tokens to an `UnbondingDelegationEntry` +* update the delegation or remove the delegation if there are no more shares +* if the delegation is the operator of the validator and no more shares exist then trigger a jail validator +* update the validator with removed the delegator shares and associated coins +* if the validator state is `Bonded`, transfer the `Coins` worth of the unbonded + shares from the `BondedPool` to the `NotBondedPool` `ModuleAccount` +* remove the validator if it is unbonded and there are no more delegation shares. +* remove the validator if it is unbonded and there are no more delegation shares +* get a unique `unbondingId` and map it to the `UnbondingDelegationEntry` in `UnbondingDelegationByUnbondingId` +* call the `AfterUnbondingInitiated(unbondingId)` hook +* add the unbonding delegation to `UnbondingDelegationQueue` with the completion time set to `UnbondingTime` + +#### Cancel an `UnbondingDelegation` Entry + +When a `cancel unbond delegation` occurs both the `validator`, the `delegation` and an `UnbondingDelegationQueue` state will be updated. + +* if cancel unbonding delegation amount equals to the `UnbondingDelegation` entry `balance`, then the `UnbondingDelegation` entry deleted from `UnbondingDelegationQueue`. +* if the `cancel unbonding delegation amount is less than the `UnbondingDelegation` entry balance, then the `UnbondingDelegation` entry will be updated with new balance in the `UnbondingDelegationQueue`. +* cancel `amount` is [Delegated](#delegations) back to the original `validator`. + +#### Complete Unbonding + +For undelegations which do not complete immediately, the following operations +occur when the unbonding delegation queue element matures: + +* remove the entry from the `UnbondingDelegation` object +* transfer the tokens from the `NotBondedPool` `ModuleAccount` to the delegator `Account` + +#### Begin Redelegation + +Redelegations affect the delegation, source and destination validators. + +* perform an `unbond` delegation from the source validator to retrieve the tokens worth of the unbonded shares +* using the unbonded tokens, `Delegate` them to the destination validator +* if the `sourceValidator.Status` is `Bonded`, and the `destinationValidator` is not, + transfer the newly delegated tokens from the `BondedPool` to the `NotBondedPool` `ModuleAccount` +* otherwise, if the `sourceValidator.Status` is not `Bonded`, and the `destinationValidator` + is `Bonded`, transfer the newly delegated tokens from the `NotBondedPool` to the `BondedPool` `ModuleAccount` +* record the token amount in an new entry in the relevant `Redelegation` + +From when a redelegation begins until it completes, the delegator is in a state of "pseudo-unbonding", and can still be +slashed for infractions that occurred before the redelegation began. + +#### Complete Redelegation + +When a redelegations complete the following occurs: + +* remove the entry from the `Redelegation` object + +### Slashing + +#### Slash Validator + +When a Validator is slashed, the following occurs: + +* The total `slashAmount` is calculated as the `slashFactor` (a chain parameter) \* `TokensFromConsensusPower`, + the total number of tokens bonded to the validator at the time of the infraction. +* Every unbonding delegation and pseudo-unbonding redelegation such that the infraction occured before the unbonding or + redelegation began from the validator are slashed by the `slashFactor` percentage of the initialBalance. +* Each amount slashed from redelegations and unbonding delegations is subtracted from the + total slash amount. +* The `remaingSlashAmount` is then slashed from the validator's tokens in the `BondedPool` or + `NonBondedPool` depending on the validator's status. This reduces the total supply of tokens. + +In the case of a slash due to any infraction that requires evidence to submitted (for example double-sign), the slash +occurs at the block where the evidence is included, not at the block where the infraction occured. +Put otherwise, validators are not slashed retroactively, only when they are caught. + +#### Slash Unbonding Delegation + +When a validator is slashed, so are those unbonding delegations from the validator that began unbonding +after the time of the infraction. Every entry in every unbonding delegation from the validator +is slashed by `slashFactor`. The amount slashed is calculated from the `InitialBalance` of the +delegation and is capped to prevent a resulting negative balance. Completed (or mature) unbondings are not slashed. + +#### Slash Redelegation + +When a validator is slashed, so are all redelegations from the validator that began after the +infraction. Redelegations are slashed by `slashFactor`. +Redelegations that began before the infraction are not slashed. +The amount slashed is calculated from the `InitialBalance` of the delegation and is capped to +prevent a resulting negative balance. +Mature redelegations (that have completed pseudo-unbonding) are not slashed. + +### How Shares are calculated + +At any given point in time, each validator has a number of tokens, `T`, and has a number of shares issued, `S`. +Each delegator, `i`, holds a number of shares, `S_i`. +The number of tokens is the sum of all tokens delegated to the validator, plus the rewards, minus the slashes. + +The delegator is entitled to a portion of the underlying tokens proportional to their proportion of shares. +So delegator `i` is entitled to `T * S_i / S` of the validator's tokens. + +When a delegator delegates new tokens to the validator, they receive a number of shares proportional to their contribution. +So when delegator `j` delegates `T_j` tokens, they receive `S_j = S * T_j / T` shares. +The total number of tokens is now `T + T_j`, and the total number of shares is `S + S_j`. +`j`s proportion of the shares is the same as their proportion of the total tokens contributed: `(S + S_j) / S = (T + T_j) / T`. + +A special case is the initial delegation, when `T = 0` and `S = 0`, so `T_j / T` is undefined. +For the initial delegation, delegator `j` who delegates `T_j` tokens receive `S_j = T_j` shares. +So a validator that hasn't received any rewards and has not been slashed will have `T = S`. + +## Messages + +In this section we describe the processing of the staking messages and the corresponding updates to the state. All created/modified state objects specified by each message are defined within the [state](#state) section. + +### MsgCreateValidator + +A validator is created using the `MsgCreateValidator` message. +The validator must be created with an initial delegation from the operator. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L20-L21 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L50-L73 +``` + +This message is expected to fail if: + +* another validator with this operator address is already registered +* another validator with this pubkey is already registered +* the initial self-delegation tokens are of a denom not specified as the bonding denom +* the commission parameters are faulty, namely: + * `MaxRate` is either > 1 or < 0 + * the initial `Rate` is either negative or > `MaxRate` + * the initial `MaxChangeRate` is either negative or > `MaxRate` +* the description fields are too large + +This message creates and stores the `Validator` object at appropriate indexes. +Additionally a self-delegation is made with the initial tokens delegation +tokens `Delegation`. The validator always starts as unbonded but may be bonded +in the first end-block. + +### MsgEditValidator + +The `Description`, `CommissionRate` of a validator can be updated using the +`MsgEditValidator` message. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L23-L24 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L78-L97 +``` + +This message is expected to fail if: + +* the initial `CommissionRate` is either negative or > `MaxRate` +* the `CommissionRate` has already been updated within the previous 24 hours +* the `CommissionRate` is > `MaxChangeRate` +* the description fields are too large + +This message stores the updated `Validator` object. + +### MsgDelegate + +Within this message the delegator provides coins, and in return receives +some amount of their validator's (newly created) delegator-shares that are +assigned to `Delegation.Shares`. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L26-L28 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L102-L114 +``` + +This message is expected to fail if: + +* the validator does not exist +* the `Amount` `Coin` has a denomination different than one defined by `params.BondDenom` +* the exchange rate is invalid, meaning the validator has no tokens (due to slashing) but there are outstanding shares +* the amount delegated is less than the minimum allowed delegation + +If an existing `Delegation` object for provided addresses does not already +exist then it is created as part of this message otherwise the existing +`Delegation` is updated to include the newly received shares. + +The delegator receives newly minted shares at the current exchange rate. +The exchange rate is the number of existing shares in the validator divided by +the number of currently delegated tokens. + +The validator is updated in the `ValidatorByPower` index, and the delegation is +tracked in validator object in the `Validators` index. + +It is possible to delegate to a jailed validator, the only difference being it +will not be added to the power index until it is unjailed. + +![Delegation sequence](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/delegation_sequence.svg) + +### MsgUndelegate + +The `MsgUndelegate` message allows delegators to undelegate their tokens from +validator. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L34-L36 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L140-L152 +``` + +This message returns a response containing the completion time of the undelegation: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L154-L158 +``` + +This message is expected to fail if: + +* the delegation doesn't exist +* the validator doesn't exist +* the delegation has less shares than the ones worth of `Amount` +* existing `UnbondingDelegation` has maximum entries as defined by `params.MaxEntries` +* the `Amount` has a denomination different than one defined by `params.BondDenom` + +When this message is processed the following actions occur: + +* validator's `DelegatorShares` and the delegation's `Shares` are both reduced by the message `SharesAmount` +* calculate the token worth of the shares remove that amount tokens held within the validator +* with those removed tokens, if the validator is: + * `Bonded` - add them to an entry in `UnbondingDelegation` (create `UnbondingDelegation` if it doesn't exist) with a completion time a full unbonding period from the current time. Update pool shares to reduce BondedTokens and increase NotBondedTokens by token worth of the shares. + * `Unbonding` - add them to an entry in `UnbondingDelegation` (create `UnbondingDelegation` if it doesn't exist) with the same completion time as the validator (`UnbondingMinTime`). + * `Unbonded` - then send the coins the message `DelegatorAddr` +* if there are no more `Shares` in the delegation, then the delegation object is removed from the store + * under this situation if the delegation is the validator's self-delegation then also jail the validator. + +![Unbond sequence](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/unbond_sequence.svg) + +### MsgCancelUnbondingDelegation + +The `MsgCancelUnbondingDelegation` message allows delegators to cancel the `unbondingDelegation` entry and delegate back to a previous validator. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L38-L42 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L160-L175 +``` + +This message is expected to fail if: + +* the `unbondingDelegation` entry is already processed. +* the `cancel unbonding delegation` amount is greater than the `unbondingDelegation` entry balance. +* the `cancel unbonding delegation` height doesn't exist in the `unbondingDelegationQueue` of the delegator. + +When this message is processed the following actions occur: + +* if the `unbondingDelegation` Entry balance is zero + * in this condition `unbondingDelegation` entry will be removed from `unbondingDelegationQueue`. + * otherwise `unbondingDelegationQueue` will be updated with new `unbondingDelegation` entry balance and initial balance +* the validator's `DelegatorShares` and the delegation's `Shares` are both increased by the message `Amount`. + +### MsgBeginRedelegate + +The redelegation command allows delegators to instantly switch validators. Once +the unbonding period has passed, the redelegation is automatically completed in +the EndBlocker. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L30-L32 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L119-L132 +``` + +This message returns a response containing the completion time of the redelegation: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L133-L138 +``` + +This message is expected to fail if: + +* the delegation doesn't exist +* the source or destination validators don't exist +* the delegation has less shares than the ones worth of `Amount` +* the source validator has a receiving redelegation which is not matured (aka. the redelegation may be transitive) +* existing `Redelegation` has maximum entries as defined by `params.MaxEntries` +* the `Amount` `Coin` has a denomination different than one defined by `params.BondDenom` + +When this message is processed the following actions occur: + +* the source validator's `DelegatorShares` and the delegations `Shares` are both reduced by the message `SharesAmount` +* calculate the token worth of the shares remove that amount tokens held within the source validator. +* if the source validator is: + * `Bonded` - add an entry to the `Redelegation` (create `Redelegation` if it doesn't exist) with a completion time a full unbonding period from the current time. Update pool shares to reduce BondedTokens and increase NotBondedTokens by token worth of the shares (this may be effectively reversed in the next step however). + * `Unbonding` - add an entry to the `Redelegation` (create `Redelegation` if it doesn't exist) with the same completion time as the validator (`UnbondingMinTime`). + * `Unbonded` - no action required in this step +* Delegate the token worth to the destination validator, possibly moving tokens back to the bonded state. +* if there are no more `Shares` in the source delegation, then the source delegation object is removed from the store + * under this situation if the delegation is the validator's self-delegation then also jail the validator. + +![Begin redelegation sequence](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/begin_redelegation_sequence.svg) + + +### MsgUpdateParams + +The `MsgUpdateParams` update the staking module parameters. +The params are updated through a governance proposal where the signer is the gov module account address. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L182-L195 +``` + +The message handling can fail if: + +* signer is not the authority defined in the staking keeper (usually the gov module account). + +## Begin-Block + +Each abci begin block call, the historical info will get stored and pruned +according to the `HistoricalEntries` parameter. + +### Historical Info Tracking + +If the `HistoricalEntries` parameter is 0, then the `BeginBlock` performs a no-op. + +Otherwise, the latest historical info is stored under the key `historicalInfoKey|height`, while any entries older than `height - HistoricalEntries` is deleted. +In most cases, this results in a single entry being pruned per block. +However, if the parameter `HistoricalEntries` has changed to a lower value there will be multiple entries in the store that must be pruned. + +## End-Block + +Each abci end block call, the operations to update queues and validator set +changes are specified to execute. + +### Validator Set Changes + +The staking validator set is updated during this process by state transitions +that run at the end of every block. As a part of this process any updated +validators are also returned back to CometBFT for inclusion in the CometBFT +validator set which is responsible for validating CometBFT messages at the +consensus layer. Operations are as following: + +* the new validator set is taken as the top `params.MaxValidators` number of + validators retrieved from the `ValidatorsByPower` index +* the previous validator set is compared with the new validator set: + * missing validators begin unbonding and their `Tokens` are transferred from the + `BondedPool` to the `NotBondedPool` `ModuleAccount` + * new validators are instantly bonded and their `Tokens` are transferred from the + `NotBondedPool` to the `BondedPool` `ModuleAccount` + +In all cases, any validators leaving or entering the bonded validator set or +changing balances and staying within the bonded validator set incur an update +message reporting their new consensus power which is passed back to CometBFT. + +The `LastTotalPower` and `LastValidatorsPower` hold the state of the total power +and validator power from the end of the last block, and are used to check for +changes that have occurred in `ValidatorsByPower` and the total new power, which +is calculated during `EndBlock`. + +### Queues + +Within staking, certain state-transitions are not instantaneous but take place +over a duration of time (typically the unbonding period). When these +transitions are mature certain operations must take place in order to complete +the state operation. This is achieved through the use of queues which are +checked/processed at the end of each block. + +#### Unbonding Validators + +When a validator is kicked out of the bonded validator set (either through +being jailed, or not having sufficient bonded tokens) it begins the unbonding +process along with all its delegations begin unbonding (while still being +delegated to this validator). At this point the validator is said to be an +"unbonding validator", whereby it will mature to become an "unbonded validator" +after the unbonding period has passed. + +Each block the validator queue is to be checked for mature unbonding validators +(namely with a completion time <= current time and completion height <= current +block height). At this point any mature validators which do not have any +delegations remaining are deleted from state. For all other mature unbonding +validators that still have remaining delegations, the `validator.Status` is +switched from `types.Unbonding` to +`types.Unbonded`. + +Unbonding operations can be put on hold by external modules via the `PutUnbondingOnHold(unbondingId)` method. + As a result, an unbonding operation (e.g., an unbonding delegation) that is on hold, cannot complete + even if it reaches maturity. For an unbonding operation with `unbondingId` to eventually complete + (after it reaches maturity), every call to `PutUnbondingOnHold(unbondingId)` must be matched + by a call to `UnbondingCanComplete(unbondingId)`. + +#### Unbonding Delegations + +Complete the unbonding of all mature `UnbondingDelegations.Entries` within the +`UnbondingDelegations` queue with the following procedure: + +* transfer the balance coins to the delegator's wallet address +* remove the mature entry from `UnbondingDelegation.Entries` +* remove the `UnbondingDelegation` object from the store if there are no + remaining entries. + +#### Redelegations + +Complete the unbonding of all mature `Redelegation.Entries` within the +`Redelegations` queue with the following procedure: + +* remove the mature entry from `Redelegation.Entries` +* remove the `Redelegation` object from the store if there are no + remaining entries. + +## Hooks + +Other modules may register operations to execute when a certain event has +occurred within staking. These events can be registered to execute either +right `Before` or `After` the staking event (as per the hook name). The +following hooks can registered with staking: + +* `AfterValidatorCreated(Context, ValAddress) error` + * called when a validator is created +* `BeforeValidatorModified(Context, ValAddress) error` + * called when a validator's state is changed +* `AfterValidatorRemoved(Context, ConsAddress, ValAddress) error` + * called when a validator is deleted +* `AfterValidatorBonded(Context, ConsAddress, ValAddress) error` + * called when a validator is bonded +* `AfterValidatorBeginUnbonding(Context, ConsAddress, ValAddress) error` + * called when a validator begins unbonding +* `BeforeDelegationCreated(Context, AccAddress, ValAddress) error` + * called when a delegation is created +* `BeforeDelegationSharesModified(Context, AccAddress, ValAddress) error` + * called when a delegation's shares are modified +* `AfterDelegationModified(Context, AccAddress, ValAddress) error` + * called when a delegation is created or modified +* `BeforeDelegationRemoved(Context, AccAddress, ValAddress) error` + * called when a delegation is removed +* `AfterUnbondingInitiated(Context, UnbondingID)` + * called when an unbonding operation (validator unbonding, unbonding delegation, redelegation) was initiated + + +## Events + +The staking module emits the following events: + +### EndBlocker + +| Type | Attribute Key | Attribute Value | +| --------------------- | --------------------- | ------------------------- | +| complete_unbonding | amount | {totalUnbondingAmount} | +| complete_unbonding | validator | {validatorAddress} | +| complete_unbonding | delegator | {delegatorAddress} | +| complete_redelegation | amount | {totalRedelegationAmount} | +| complete_redelegation | source_validator | {srcValidatorAddress} | +| complete_redelegation | destination_validator | {dstValidatorAddress} | +| complete_redelegation | delegator | {delegatorAddress} | + +## Msg's + +### MsgCreateValidator + +| Type | Attribute Key | Attribute Value | +| ---------------- | ------------- | ------------------ | +| create_validator | validator | {validatorAddress} | +| create_validator | amount | {delegationAmount} | +| message | module | staking | +| message | action | create_validator | +| message | sender | {senderAddress} | + +### MsgEditValidator + +| Type | Attribute Key | Attribute Value | +| -------------- | ------------------- | ------------------- | +| edit_validator | commission_rate | {commissionRate} | +| edit_validator | min_self_delegation | {minSelfDelegation} | +| message | module | staking | +| message | action | edit_validator | +| message | sender | {senderAddress} | + +### MsgDelegate + +| Type | Attribute Key | Attribute Value | +| -------- | ------------- | ------------------ | +| delegate | validator | {validatorAddress} | +| delegate | amount | {delegationAmount} | +| message | module | staking | +| message | action | delegate | +| message | sender | {senderAddress} | + +### MsgUndelegate + +| Type | Attribute Key | Attribute Value | +| ------- | ------------------- | ------------------ | +| unbond | validator | {validatorAddress} | +| unbond | amount | {unbondAmount} | +| unbond | completion_time [0] | {completionTime} | +| message | module | staking | +| message | action | begin_unbonding | +| message | sender | {senderAddress} | + +* [0] Time is formatted in the RFC3339 standard + +### MsgCancelUnbondingDelegation + +| Type | Attribute Key | Attribute Value | +| ----------------------------- | ------------------ | ------------------------------------| +| cancel_unbonding_delegation | validator | {validatorAddress} | +| cancel_unbonding_delegation | delegator | {delegatorAddress} | +| cancel_unbonding_delegation | amount | {cancelUnbondingDelegationAmount} | +| cancel_unbonding_delegation | creation_height | {unbondingCreationHeight} | +| message | module | staking | +| message | action | cancel_unbond | +| message | sender | {senderAddress} | + +### MsgBeginRedelegate + +| Type | Attribute Key | Attribute Value | +| ---------- | --------------------- | --------------------- | +| redelegate | source_validator | {srcValidatorAddress} | +| redelegate | destination_validator | {dstValidatorAddress} | +| redelegate | amount | {unbondAmount} | +| redelegate | completion_time [0] | {completionTime} | +| message | module | staking | +| message | action | begin_redelegate | +| message | sender | {senderAddress} | + +* [0] Time is formatted in the RFC3339 standard + +## Parameters + +The staking module contains the following parameters: + +| Key | Type | Example | +|-------------------|------------------|------------------------| +| UnbondingTime | string (time ns) | "259200000000000" | +| MaxValidators | uint16 | 100 | +| KeyMaxEntries | uint16 | 7 | +| HistoricalEntries | uint16 | 3 | +| BondDenom | string | "stake" | +| MinCommissionRate | string | "0.000000000000000000" | + +## Client + +### CLI + +A user can query and interact with the `staking` module using the CLI. + +#### Query + +The `query` commands allows users to query `staking` state. + +```bash +simd query staking --help +``` + +##### delegation + +The `delegation` command allows users to query delegations for an individual delegator on an individual validator. + +Usage: + +```bash +simd query staking delegation [delegator-addr] [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking delegation cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +balance: + amount: "10000000000" + denom: stake +delegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + shares: "10000000000.000000000000000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +##### delegations + +The `delegations` command allows users to query delegations for an individual delegator on all validators. + +Usage: + +```bash +simd query staking delegations [delegator-addr] [flags] +``` + +Example: + +```bash +simd query staking delegations cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p +``` + +Example Output: + +```bash +delegation_responses: +- balance: + amount: "10000000000" + denom: stake + delegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + shares: "10000000000.000000000000000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +- balance: + amount: "10000000000" + denom: stake + delegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + shares: "10000000000.000000000000000000" + validator_address: cosmosvaloper1x20lytyf6zkcrv5edpkfkn8sz578qg5sqfyqnp +pagination: + next_key: null + total: "0" +``` + +##### delegations-to + +The `delegations-to` command allows users to query delegations on an individual validator. + +Usage: + +```bash +simd query staking delegations-to [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking delegations-to cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +- balance: + amount: "504000000" + denom: stake + delegation: + delegator_address: cosmos1q2qwwynhv8kh3lu5fkeex4awau9x8fwt45f5cp + shares: "504000000.000000000000000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +- balance: + amount: "78125000000" + denom: uixo + delegation: + delegator_address: cosmos1qvppl3479hw4clahe0kwdlfvf8uvjtcd99m2ca + shares: "78125000000.000000000000000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +pagination: + next_key: null + total: "0" +``` + +##### historical-info + +The `historical-info` command allows users to query historical information at given height. + +Usage: + +```bash +simd query staking historical-info [height] [flags] +``` + +Example: + +```bash +simd query staking historical-info 10 +``` + +Example Output: + +```bash +header: + app_hash: Lbx8cXpI868wz8sgp4qPYVrlaKjevR5WP/IjUxwp3oo= + chain_id: testnet + consensus_hash: BICRvH3cKD93v7+R1zxE2ljD34qcvIZ0Bdi389qtoi8= + data_hash: 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= + evidence_hash: 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= + height: "10" + last_block_id: + hash: RFbkpu6pWfSThXxKKl6EZVDnBSm16+U0l0xVjTX08Fk= + part_set_header: + hash: vpIvXD4rxD5GM4MXGz0Sad9I7//iVYLzZsEU4BVgWIU= + total: 1 + last_commit_hash: Ne4uXyx4QtNp4Zx89kf9UK7oG9QVbdB6e7ZwZkhy8K0= + last_results_hash: 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= + next_validators_hash: nGBgKeWBjoxeKFti00CxHsnULORgKY4LiuQwBuUrhCs= + proposer_address: mMEP2c2IRPLr99LedSRtBg9eONM= + time: "2021-10-01T06:00:49.785790894Z" + validators_hash: nGBgKeWBjoxeKFti00CxHsnULORgKY4LiuQwBuUrhCs= + version: + app: "0" + block: "11" +valset: +- commission: + commission_rates: + max_change_rate: "0.010000000000000000" + max_rate: "0.200000000000000000" + rate: "0.100000000000000000" + update_time: "2021-10-01T05:52:50.380144238Z" + consensus_pubkey: + '@type': /cosmos.crypto.ed25519.PubKey + key: Auxs3865HpB/EfssYOzfqNhEJjzys2Fo6jD5B8tPgC8= + delegator_shares: "10000000.000000000000000000" + description: + details: "" + identity: "" + moniker: myvalidator + security_contact: "" + website: "" + jailed: false + min_self_delegation: "1" + operator_address: cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc + status: BOND_STATUS_BONDED + tokens: "10000000" + unbonding_height: "0" + unbonding_time: "1970-01-01T00:00:00Z" +``` + +##### params + +The `params` command allows users to query values set as staking parameters. + +Usage: + +```bash +simd query staking params [flags] +``` + +Example: + +```bash +simd query staking params +``` + +Example Output: + +```bash +bond_denom: stake +historical_entries: 10000 +max_entries: 7 +max_validators: 50 +unbonding_time: 1814400s +``` + +##### pool + +The `pool` command allows users to query values for amounts stored in the staking pool. + +Usage: + +```bash +simd q staking pool [flags] +``` + +Example: + +```bash +simd q staking pool +``` + +Example Output: + +```bash +bonded_tokens: "10000000" +not_bonded_tokens: "0" +``` + +##### redelegation + +The `redelegation` command allows users to query a redelegation record based on delegator and a source and destination validator address. + +Usage: + +```bash +simd query staking redelegation [delegator-addr] [src-validator-addr] [dst-validator-addr] [flags] +``` + +Example: + +```bash +simd query staking redelegation cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p cosmosvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +pagination: null +redelegation_responses: +- entries: + - balance: "50000000" + redelegation_entry: + completion_time: "2021-10-24T20:33:21.960084845Z" + creation_height: 2.382847e+06 + initial_balance: "50000000" + shares_dst: "50000000.000000000000000000" + - balance: "5000000000" + redelegation_entry: + completion_time: "2021-10-25T21:33:54.446846862Z" + creation_height: 2.397271e+06 + initial_balance: "5000000000" + shares_dst: "5000000000.000000000000000000" + redelegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + entries: null + validator_dst_address: cosmosvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm + validator_src_address: cosmosvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm +``` + +##### redelegations + +The `redelegations` command allows users to query all redelegation records for an individual delegator. + +Usage: + +```bash +simd query staking redelegations [delegator-addr] [flags] +``` + +Example: + +```bash +simd query staking redelegation cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "0" +redelegation_responses: +- entries: + - balance: "50000000" + redelegation_entry: + completion_time: "2021-10-24T20:33:21.960084845Z" + creation_height: 2.382847e+06 + initial_balance: "50000000" + shares_dst: "50000000.000000000000000000" + - balance: "5000000000" + redelegation_entry: + completion_time: "2021-10-25T21:33:54.446846862Z" + creation_height: 2.397271e+06 + initial_balance: "5000000000" + shares_dst: "5000000000.000000000000000000" + redelegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + entries: null + validator_dst_address: cosmosvaloper1uccl5ugxrm7vqlzwqr04pjd320d2fz0z3hc6vm + validator_src_address: cosmosvaloper1zppjyal5emta5cquje8ndkpz0rs046m7zqxrpp +- entries: + - balance: "562770000000" + redelegation_entry: + completion_time: "2021-10-25T21:42:07.336911677Z" + creation_height: 2.39735e+06 + initial_balance: "562770000000" + shares_dst: "562770000000.000000000000000000" + redelegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + entries: null + validator_dst_address: cosmosvaloper1uccl5ugxrm7vqlzwqr04pjd320d2fz0z3hc6vm + validator_src_address: cosmosvaloper1zppjyal5emta5cquje8ndkpz0rs046m7zqxrpp +``` + +##### redelegations-from + +The `redelegations-from` command allows users to query delegations that are redelegating _from_ a validator. + +Usage: + +```bash +simd query staking redelegations-from [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking redelegations-from cosmosvaloper1y4rzzrgl66eyhzt6gse2k7ej3zgwmngeleucjy +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "0" +redelegation_responses: +- entries: + - balance: "50000000" + redelegation_entry: + completion_time: "2021-10-24T20:33:21.960084845Z" + creation_height: 2.382847e+06 + initial_balance: "50000000" + shares_dst: "50000000.000000000000000000" + - balance: "5000000000" + redelegation_entry: + completion_time: "2021-10-25T21:33:54.446846862Z" + creation_height: 2.397271e+06 + initial_balance: "5000000000" + shares_dst: "5000000000.000000000000000000" + redelegation: + delegator_address: cosmos1pm6e78p4pgn0da365plzl4t56pxy8hwtqp2mph + entries: null + validator_dst_address: cosmosvaloper1uccl5ugxrm7vqlzwqr04pjd320d2fz0z3hc6vm + validator_src_address: cosmosvaloper1y4rzzrgl66eyhzt6gse2k7ej3zgwmngeleucjy +- entries: + - balance: "221000000" + redelegation_entry: + completion_time: "2021-10-05T21:05:45.669420544Z" + creation_height: 2.120693e+06 + initial_balance: "221000000" + shares_dst: "221000000.000000000000000000" + redelegation: + delegator_address: cosmos1zqv8qxy2zgn4c58fz8jt8jmhs3d0attcussrf6 + entries: null + validator_dst_address: cosmosvaloper10mseqwnwtjaqfrwwp2nyrruwmjp6u5jhah4c3y + validator_src_address: cosmosvaloper1y4rzzrgl66eyhzt6gse2k7ej3zgwmngeleucjy +``` + +##### unbonding-delegation + +The `unbonding-delegation` command allows users to query unbonding delegations for an individual delegator on an individual validator. + +Usage: + +```bash +simd query staking unbonding-delegation [delegator-addr] [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking unbonding-delegation cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p +entries: +- balance: "52000000" + completion_time: "2021-11-02T11:35:55.391594709Z" + creation_height: "55078" + initial_balance: "52000000" +validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +##### unbonding-delegations + +The `unbonding-delegations` command allows users to query all unbonding-delegations records for one delegator. + +Usage: + +```bash +simd query staking unbonding-delegations [delegator-addr] [flags] +``` + +Example: + +```bash +simd query staking unbonding-delegations cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "0" +unbonding_responses: +- delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + entries: + - balance: "52000000" + completion_time: "2021-11-02T11:35:55.391594709Z" + creation_height: "55078" + initial_balance: "52000000" + validator_address: cosmosvaloper1t8ehvswxjfn3ejzkjtntcyrqwvmvuknzmvtaaa + +``` + +##### unbonding-delegations-from + +The `unbonding-delegations-from` command allows users to query delegations that are unbonding _from_ a validator. + +Usage: + +```bash +simd query staking unbonding-delegations-from [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking unbonding-delegations-from cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "0" +unbonding_responses: +- delegator_address: cosmos1qqq9txnw4c77sdvzx0tkedsafl5s3vk7hn53fn + entries: + - balance: "150000000" + completion_time: "2021-11-01T21:41:13.098141574Z" + creation_height: "46823" + initial_balance: "150000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +- delegator_address: cosmos1peteje73eklqau66mr7h7rmewmt2vt99y24f5z + entries: + - balance: "24000000" + completion_time: "2021-10-31T02:57:18.192280361Z" + creation_height: "21516" + initial_balance: "24000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +##### validator + +The `validator` command allows users to query details about an individual validator. + +Usage: + +```bash +simd query staking validator [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking validator cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +commission: + commission_rates: + max_change_rate: "0.020000000000000000" + max_rate: "0.200000000000000000" + rate: "0.050000000000000000" + update_time: "2021-10-01T19:24:52.663191049Z" +consensus_pubkey: + '@type': /cosmos.crypto.ed25519.PubKey + key: sIiexdJdYWn27+7iUHQJDnkp63gq/rzUq1Y+fxoGjXc= +delegator_shares: "32948270000.000000000000000000" +description: + details: Witval is the validator arm from Vitwit. Vitwit is into software consulting + and services business since 2015. We are working closely with Cosmos ecosystem + since 2018. We are also building tools for the ecosystem, Aneka is our explorer + for the cosmos ecosystem. + identity: 51468B615127273A + moniker: Witval + security_contact: "" + website: "" +jailed: false +min_self_delegation: "1" +operator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +status: BOND_STATUS_BONDED +tokens: "32948270000" +unbonding_height: "0" +unbonding_time: "1970-01-01T00:00:00Z" +``` + +##### validators + +The `validators` command allows users to query details about all validators on a network. + +Usage: + +```bash +simd query staking validators [flags] +``` + +Example: + +```bash +simd query staking validators +``` + +Example Output: + +```bash +pagination: + next_key: FPTi7TKAjN63QqZh+BaXn6gBmD5/ + total: "0" +validators: +commission: + commission_rates: + max_change_rate: "0.020000000000000000" + max_rate: "0.200000000000000000" + rate: "0.050000000000000000" + update_time: "2021-10-01T19:24:52.663191049Z" +consensus_pubkey: + '@type': /cosmos.crypto.ed25519.PubKey + key: sIiexdJdYWn27+7iUHQJDnkp63gq/rzUq1Y+fxoGjXc= +delegator_shares: "32948270000.000000000000000000" +description: + details: Witval is the validator arm from Vitwit. Vitwit is into software consulting + and services business since 2015. We are working closely with Cosmos ecosystem + since 2018. We are also building tools for the ecosystem, Aneka is our explorer + for the cosmos ecosystem. + identity: 51468B615127273A + moniker: Witval + security_contact: "" + website: "" + jailed: false + min_self_delegation: "1" + operator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj + status: BOND_STATUS_BONDED + tokens: "32948270000" + unbonding_height: "0" + unbonding_time: "1970-01-01T00:00:00Z" +- commission: + commission_rates: + max_change_rate: "0.100000000000000000" + max_rate: "0.200000000000000000" + rate: "0.050000000000000000" + update_time: "2021-10-04T18:02:21.446645619Z" + consensus_pubkey: + '@type': /cosmos.crypto.ed25519.PubKey + key: GDNpuKDmCg9GnhnsiU4fCWktuGUemjNfvpCZiqoRIYA= + delegator_shares: "559343421.000000000000000000" + description: + details: Noderunners is a professional validator in POS networks. We have a huge + node running experience, reliable soft and hardware. Our commissions are always + low, our support to delegators is always full. Stake with us and start receiving + your Cosmos rewards now! + identity: 812E82D12FEA3493 + moniker: Noderunners + security_contact: info@noderunners.biz + website: http://noderunners.biz + jailed: false + min_self_delegation: "1" + operator_address: cosmosvaloper1q5ku90atkhktze83j9xjaks2p7uruag5zp6wt7 + status: BOND_STATUS_BONDED + tokens: "559343421" + unbonding_height: "0" + unbonding_time: "1970-01-01T00:00:00Z" +``` + +#### Transactions + +The `tx` commands allows users to interact with the `staking` module. + +```bash +simd tx staking --help +``` + +##### create-validator + +The command `create-validator` allows users to create new validator initialized with a self-delegation to it. + +Usage: + +```bash +simd tx staking create-validator [path/to/validator.json] [flags] +``` + +Example: + +```bash +simd tx staking create-validator /path/to/validator.json \ + --chain-id="name_of_chain_id" \ + --gas="auto" \ + --gas-adjustment="1.2" \ + --gas-prices="0.025stake" \ + --from=mykey +``` + +where `validator.json` contains: + +```json +{ + "pubkey": {"@type":"/cosmos.crypto.ed25519.PubKey","key":"BnbwFpeONLqvWqJb3qaUbL5aoIcW3fSuAp9nT3z5f20="}, + "amount": "1000000stake", + "moniker": "my-moniker", + "website": "https://myweb.site", + "security": "security-contact@gmail.com", + "details": "description of your validator", + "commission-rate": "0.10", + "commission-max-rate": "0.20", + "commission-max-change-rate": "0.01", + "min-self-delegation": "1" +} +``` + +and pubkey can be obtained by using `simd tendermint show-validator` command. + +##### delegate + +The command `delegate` allows users to delegate liquid tokens to a validator. + +Usage: + +```bash +simd tx staking delegate [validator-addr] [amount] [flags] +``` + +Example: + +```bash +simd tx staking delegate cosmosvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm 1000stake --from mykey +``` + +##### edit-validator + +The command `edit-validator` allows users to edit an existing validator account. + +Usage: + +```bash +simd tx staking edit-validator [flags] +``` + +Example: + +```bash +simd tx staking edit-validator --moniker "new_moniker_name" --website "new_webiste_url" --from mykey +``` + +##### redelegate + +The command `redelegate` allows users to redelegate illiquid tokens from one validator to another. + +Usage: + +```bash +simd tx staking redelegate [src-validator-addr] [dst-validator-addr] [amount] [flags] +``` + +Example: + +```bash +simd tx staking redelegate cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj cosmosvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm 100stake --from mykey +``` + +##### unbond + +The command `unbond` allows users to unbond shares from a validator. + +Usage: + +```bash +simd tx staking unbond [validator-addr] [amount] [flags] +``` + +Example: + +```bash +simd tx staking unbond cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj 100stake --from mykey +``` + +##### cancel unbond + +The command `cancel-unbond` allow users to cancel the unbonding delegation entry and delegate back to the original validator. + +Usage: + +```bash +simd tx staking cancel-unbond [validator-addr] [amount] [creation-height] +``` + +Example: + +```bash +simd tx staking cancel-unbond cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj 100stake 123123 --from mykey +``` + + +### gRPC + +A user can query the `staking` module using gRPC endpoints. + +#### Validators + +The `Validators` endpoint queries all validators that match the given status. + +```bash +cosmos.staking.v1beta1.Query/Validators +``` + +Example: + +```bash +grpcurl -plaintext localhost:9090 cosmos.staking.v1beta1.Query/Validators +``` + +Example Output: + +```bash +{ + "validators": [ + { + "operatorAddress": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "consensusPubkey": {"@type":"/cosmos.crypto.ed25519.PubKey","key":"Auxs3865HpB/EfssYOzfqNhEJjzys2Fo6jD5B8tPgC8="}, + "status": "BOND_STATUS_BONDED", + "tokens": "10000000", + "delegatorShares": "10000000000000000000000000", + "description": { + "moniker": "myvalidator" + }, + "unbondingTime": "1970-01-01T00:00:00Z", + "commission": { + "commissionRates": { + "rate": "100000000000000000", + "maxRate": "200000000000000000", + "maxChangeRate": "10000000000000000" + }, + "updateTime": "2021-10-01T05:52:50.380144238Z" + }, + "minSelfDelegation": "1" + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### Validator + +The `Validator` endpoint queries validator information for given validator address. + +```bash +cosmos.staking.v1beta1.Query/Validator +``` + +Example: + +```bash +grpcurl -plaintext -d '{"validator_addr":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/Validator +``` + +Example Output: + +```bash +{ + "validator": { + "operatorAddress": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "consensusPubkey": {"@type":"/cosmos.crypto.ed25519.PubKey","key":"Auxs3865HpB/EfssYOzfqNhEJjzys2Fo6jD5B8tPgC8="}, + "status": "BOND_STATUS_BONDED", + "tokens": "10000000", + "delegatorShares": "10000000000000000000000000", + "description": { + "moniker": "myvalidator" + }, + "unbondingTime": "1970-01-01T00:00:00Z", + "commission": { + "commissionRates": { + "rate": "100000000000000000", + "maxRate": "200000000000000000", + "maxChangeRate": "10000000000000000" + }, + "updateTime": "2021-10-01T05:52:50.380144238Z" + }, + "minSelfDelegation": "1" + } +} +``` + +#### ValidatorDelegations + +The `ValidatorDelegations` endpoint queries delegate information for given validator. + +```bash +cosmos.staking.v1beta1.Query/ValidatorDelegations +``` + +Example: + +```bash +grpcurl -plaintext -d '{"validator_addr":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/ValidatorDelegations +``` + +Example Output: + +```bash +{ + "delegationResponses": [ + { + "delegation": { + "delegatorAddress": "cosmos1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgy3ua5t", + "validatorAddress": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "shares": "10000000000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "10000000" + } + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### ValidatorUnbondingDelegations + +The `ValidatorUnbondingDelegations` endpoint queries delegate information for given validator. + +```bash +cosmos.staking.v1beta1.Query/ValidatorUnbondingDelegations +``` + +Example: + +```bash +grpcurl -plaintext -d '{"validator_addr":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/ValidatorUnbondingDelegations +``` + +Example Output: + +```bash +{ + "unbonding_responses": [ + { + "delegator_address": "cosmos1z3pzzw84d6xn00pw9dy3yapqypfde7vg6965fy", + "validator_address": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "entries": [ + { + "creation_height": "25325", + "completion_time": "2021-10-31T09:24:36.797320636Z", + "initial_balance": "20000000", + "balance": "20000000" + } + ] + }, + { + "delegator_address": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", + "validator_address": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "entries": [ + { + "creation_height": "13100", + "completion_time": "2021-10-30T12:53:02.272266791Z", + "initial_balance": "1000000", + "balance": "1000000" + } + ] + }, + ], + "pagination": { + "next_key": null, + "total": "8" + } +} +``` + +#### Delegation + +The `Delegation` endpoint queries delegate information for given validator delegator pair. + +```bash +cosmos.staking.v1beta1.Query/Delegation +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", validator_addr":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/Delegation +``` + +Example Output: + +```bash +{ + "delegation_response": + { + "delegation": + { + "delegator_address":"cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", + "validator_address":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "shares":"25083119936.000000000000000000" + }, + "balance": + { + "denom":"stake", + "amount":"25083119936" + } + } +} +``` + +#### UnbondingDelegation + +The `UnbondingDelegation` endpoint queries unbonding information for given validator delegator. + +```bash +cosmos.staking.v1beta1.Query/UnbondingDelegation +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", validator_addr":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/UnbondingDelegation +``` + +Example Output: + +```bash +{ + "unbond": { + "delegator_address": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", + "validator_address": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "entries": [ + { + "creation_height": "136984", + "completion_time": "2021-11-08T05:38:47.505593891Z", + "initial_balance": "400000000", + "balance": "400000000" + }, + { + "creation_height": "137005", + "completion_time": "2021-11-08T05:40:53.526196312Z", + "initial_balance": "385000000", + "balance": "385000000" + } + ] + } +} +``` + +#### DelegatorDelegations + +The `DelegatorDelegations` endpoint queries all delegations of a given delegator address. + +```bash +cosmos.staking.v1beta1.Query/DelegatorDelegations +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/DelegatorDelegations +``` + +Example Output: + +```bash +{ + "delegation_responses": [ + {"delegation":{"delegator_address":"cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77","validator_address":"cosmosvaloper1eh5mwu044gd5ntkkc2xgfg8247mgc56fww3vc8","shares":"25083339023.000000000000000000"},"balance":{"denom":"stake","amount":"25083339023"}} + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### DelegatorUnbondingDelegations + +The `DelegatorUnbondingDelegations` endpoint queries all unbonding delegations of a given delegator address. + +```bash +cosmos.staking.v1beta1.Query/DelegatorUnbondingDelegations +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/DelegatorUnbondingDelegations +``` + +Example Output: + +```bash +{ + "unbonding_responses": [ + { + "delegator_address": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", + "validator_address": "cosmosvaloper1sjllsnramtg3ewxqwwrwjxfgc4n4ef9uxyejze", + "entries": [ + { + "creation_height": "136984", + "completion_time": "2021-11-08T05:38:47.505593891Z", + "initial_balance": "400000000", + "balance": "400000000" + }, + { + "creation_height": "137005", + "completion_time": "2021-11-08T05:40:53.526196312Z", + "initial_balance": "385000000", + "balance": "385000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### Redelegations + +The `Redelegations` endpoint queries redelegations of given address. + +```bash +cosmos.staking.v1beta1.Query/Redelegations +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1ld5p7hn43yuh8ht28gm9pfjgj2fctujp2tgwvf", "src_validator_addr" : "cosmosvaloper1j7euyj85fv2jugejrktj540emh9353ltgppc3g", "dst_validator_addr" : "cosmosvaloper1yy3tnegzmkdcm7czzcy3flw5z0zyr9vkkxrfse"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/Redelegations +``` + +Example Output: + +```bash +{ + "redelegation_responses": [ + { + "redelegation": { + "delegator_address": "cosmos1ld5p7hn43yuh8ht28gm9pfjgj2fctujp2tgwvf", + "validator_src_address": "cosmosvaloper1j7euyj85fv2jugejrktj540emh9353ltgppc3g", + "validator_dst_address": "cosmosvaloper1yy3tnegzmkdcm7czzcy3flw5z0zyr9vkkxrfse", + "entries": null + }, + "entries": [ + { + "redelegation_entry": { + "creation_height": 135932, + "completion_time": "2021-11-08T03:52:55.299147901Z", + "initial_balance": "2900000", + "shares_dst": "2900000.000000000000000000" + }, + "balance": "2900000" + } + ] + } + ], + "pagination": null +} +``` + +#### DelegatorValidators + +The `DelegatorValidators` endpoint queries all validators information for given delegator. + +```bash +cosmos.staking.v1beta1.Query/DelegatorValidators +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1ld5p7hn43yuh8ht28gm9pfjgj2fctujp2tgwvf"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/DelegatorValidators +``` + +Example Output: + +```bash +{ + "validators": [ + { + "operator_address": "cosmosvaloper1eh5mwu044gd5ntkkc2xgfg8247mgc56fww3vc8", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "UPwHWxH1zHJWGOa/m6JB3f5YjHMvPQPkVbDqqi+U7Uw=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "347260647559", + "delegator_shares": "347260647559.000000000000000000", + "description": { + "moniker": "BouBouNode", + "identity": "", + "website": "https://boubounode.com", + "security_contact": "", + "details": "AI-based Validator. #1 AI Validator on Game of Stakes. Fairly priced. Don't trust (humans), verify. Made with BouBou love." + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.061000000000000000", + "max_rate": "0.300000000000000000", + "max_change_rate": "0.150000000000000000" + }, + "update_time": "2021-10-01T15:00:00Z" + }, + "min_self_delegation": "1" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### DelegatorValidator + +The `DelegatorValidator` endpoint queries validator information for given delegator validator + +```bash +cosmos.staking.v1beta1.Query/DelegatorValidator +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1eh5mwu044gd5ntkkc2xgfg8247mgc56f3n8rr7", "validator_addr": "cosmosvaloper1eh5mwu044gd5ntkkc2xgfg8247mgc56fww3vc8"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/DelegatorValidator +``` + +Example Output: + +```bash +{ + "validator": { + "operator_address": "cosmosvaloper1eh5mwu044gd5ntkkc2xgfg8247mgc56fww3vc8", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "UPwHWxH1zHJWGOa/m6JB3f5YjHMvPQPkVbDqqi+U7Uw=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "347262754841", + "delegator_shares": "347262754841.000000000000000000", + "description": { + "moniker": "BouBouNode", + "identity": "", + "website": "https://boubounode.com", + "security_contact": "", + "details": "AI-based Validator. #1 AI Validator on Game of Stakes. Fairly priced. Don't trust (humans), verify. Made with BouBou love." + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.061000000000000000", + "max_rate": "0.300000000000000000", + "max_change_rate": "0.150000000000000000" + }, + "update_time": "2021-10-01T15:00:00Z" + }, + "min_self_delegation": "1" + } +} +``` + +#### HistoricalInfo + +```bash +cosmos.staking.v1beta1.Query/HistoricalInfo +``` + +Example: + +```bash +grpcurl -plaintext -d '{"height" : 1}' localhost:9090 cosmos.staking.v1beta1.Query/HistoricalInfo +``` + +Example Output: + +```bash +{ + "hist": { + "header": { + "version": { + "block": "11", + "app": "0" + }, + "chain_id": "simd-1", + "height": "140142", + "time": "2021-10-11T10:56:29.720079569Z", + "last_block_id": { + "hash": "9gri/4LLJUBFqioQ3NzZIP9/7YHR9QqaM6B2aJNQA7o=", + "part_set_header": { + "total": 1, + "hash": "Hk1+C864uQkl9+I6Zn7IurBZBKUevqlVtU7VqaZl1tc=" + } + }, + "last_commit_hash": "VxrcS27GtvGruS3I9+AlpT7udxIT1F0OrRklrVFSSKc=", + "data_hash": "80BjOrqNYUOkTnmgWyz9AQ8n7SoEmPVi4QmAe8RbQBY=", + "validators_hash": "95W49n2hw8RWpr1GPTAO5MSPi6w6Wjr3JjjS7AjpBho=", + "next_validators_hash": "95W49n2hw8RWpr1GPTAO5MSPi6w6Wjr3JjjS7AjpBho=", + "consensus_hash": "BICRvH3cKD93v7+R1zxE2ljD34qcvIZ0Bdi389qtoi8=", + "app_hash": "ZZaxnSY3E6Ex5Bvkm+RigYCK82g8SSUL53NymPITeOE=", + "last_results_hash": "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=", + "evidence_hash": "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=", + "proposer_address": "aH6dO428B+ItuoqPq70efFHrSMY=" + }, + "valset": [ + { + "operator_address": "cosmosvaloper196ax4vc0lwpxndu9dyhvca7jhxp70rmcqcnylw", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "/O7BtNW0pafwfvomgR4ZnfldwPXiFfJs9mHg3gwfv5Q=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "1426045203613", + "delegator_shares": "1426045203613.000000000000000000", + "description": { + "moniker": "SG-1", + "identity": "48608633F99D1B60", + "website": "https://sg-1.online", + "security_contact": "", + "details": "SG-1 - your favorite validator on Witval. We offer 100% Soft Slash protection." + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.037500000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.030000000000000000" + }, + "update_time": "2021-10-01T15:00:00Z" + }, + "min_self_delegation": "1" + } + ] + } +} + +``` + +#### Pool + +The `Pool` endpoint queries the pool information. + +```bash +cosmos.staking.v1beta1.Query/Pool +``` + +Example: + +```bash +grpcurl -plaintext -d localhost:9090 cosmos.staking.v1beta1.Query/Pool +``` + +Example Output: + +```bash +{ + "pool": { + "not_bonded_tokens": "369054400189", + "bonded_tokens": "15657192425623" + } +} +``` + +#### Params + +The `Params` endpoint queries the pool information. + +```bash +cosmos.staking.v1beta1.Query/Params +``` + +Example: + +```bash +grpcurl -plaintext localhost:9090 cosmos.staking.v1beta1.Query/Params +``` + +Example Output: + +```bash +{ + "params": { + "unbondingTime": "1814400s", + "maxValidators": 100, + "maxEntries": 7, + "historicalEntries": 10000, + "bondDenom": "stake" + } +} +``` + +### REST + +A user can query the `staking` module using REST endpoints. + +#### DelegatorDelegations + +The `DelegtaorDelegations` REST endpoint queries all delegations of a given delegator address. + +```bash +/cosmos/staking/v1beta1/delegations/{delegatorAddr} +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/delegations/cosmos1vcs68xf2tnqes5tg0khr0vyevm40ff6zdxatp5" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "delegation_responses": [ + { + "delegation": { + "delegator_address": "cosmos1vcs68xf2tnqes5tg0khr0vyevm40ff6zdxatp5", + "validator_address": "cosmosvaloper1quqxfrxkycr0uzt4yk0d57tcq3zk7srm7sm6r8", + "shares": "256250000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "256250000" + } + }, + { + "delegation": { + "delegator_address": "cosmos1vcs68xf2tnqes5tg0khr0vyevm40ff6zdxatp5", + "validator_address": "cosmosvaloper194v8uwee2fvs2s8fa5k7j03ktwc87h5ym39jfv", + "shares": "255150000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "255150000" + } + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +#### Redelegations + +The `Redelegations` REST endpoint queries redelegations of given address. + +```bash +/cosmos/staking/v1beta1/delegators/{delegatorAddr}/redelegations +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/delegators/cosmos1thfntksw0d35n2tkr0k8v54fr8wxtxwxl2c56e/redelegations?srcValidatorAddr=cosmosvaloper1lzhlnpahvznwfv4jmay2tgaha5kmz5qx4cuznf&dstValidatorAddr=cosmosvaloper1vq8tw77kp8lvxq9u3c8eeln9zymn68rng8pgt4" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "redelegation_responses": [ + { + "redelegation": { + "delegator_address": "cosmos1thfntksw0d35n2tkr0k8v54fr8wxtxwxl2c56e", + "validator_src_address": "cosmosvaloper1lzhlnpahvznwfv4jmay2tgaha5kmz5qx4cuznf", + "validator_dst_address": "cosmosvaloper1vq8tw77kp8lvxq9u3c8eeln9zymn68rng8pgt4", + "entries": null + }, + "entries": [ + { + "redelegation_entry": { + "creation_height": 151523, + "completion_time": "2021-11-09T06:03:25.640682116Z", + "initial_balance": "200000000", + "shares_dst": "200000000.000000000000000000" + }, + "balance": "200000000" + } + ] + } + ], + "pagination": null +} +``` + +#### DelegatorUnbondingDelegations + +The `DelegatorUnbondingDelegations` REST endpoint queries all unbonding delegations of a given delegator address. + +```bash +/cosmos/staking/v1beta1/delegators/{delegatorAddr}/unbonding_delegations +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/delegators/cosmos1nxv42u3lv642q0fuzu2qmrku27zgut3n3z7lll/unbonding_delegations" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "unbonding_responses": [ + { + "delegator_address": "cosmos1nxv42u3lv642q0fuzu2qmrku27zgut3n3z7lll", + "validator_address": "cosmosvaloper1e7mvqlz50ch6gw4yjfemsc069wfre4qwmw53kq", + "entries": [ + { + "creation_height": "2442278", + "completion_time": "2021-10-12T10:59:03.797335857Z", + "initial_balance": "50000000000", + "balance": "50000000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### DelegatorValidators + +The `DelegatorValidators` REST endpoint queries all validators information for given delegator address. + +```bash +/cosmos/staking/v1beta1/delegators/{delegatorAddr}/validators +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/delegators/cosmos1xwazl8ftks4gn00y5x3c47auquc62ssune9ppv/validators" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "validators": [ + { + "operator_address": "cosmosvaloper1xwazl8ftks4gn00y5x3c47auquc62ssuvynw64", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "5v4n3px3PkfNnKflSgepDnsMQR1hiNXnqOC11Y72/PQ=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "21592843799", + "delegator_shares": "21592843799.000000000000000000", + "description": { + "moniker": "jabbey", + "identity": "", + "website": "https://twitter.com/JoeAbbey", + "security_contact": "", + "details": "just another dad in the cosmos" + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.100000000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.100000000000000000" + }, + "update_time": "2021-10-09T19:03:54.984821705Z" + }, + "min_self_delegation": "1" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### DelegatorValidator + +The `DelegatorValidator` REST endpoint queries validator information for given delegator validator pair. + +```bash +/cosmos/staking/v1beta1/delegators/{delegatorAddr}/validators/{validatorAddr} +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/delegators/cosmos1xwazl8ftks4gn00y5x3c47auquc62ssune9ppv/validators/cosmosvaloper1xwazl8ftks4gn00y5x3c47auquc62ssuvynw64" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "validator": { + "operator_address": "cosmosvaloper1xwazl8ftks4gn00y5x3c47auquc62ssuvynw64", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "5v4n3px3PkfNnKflSgepDnsMQR1hiNXnqOC11Y72/PQ=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "21592843799", + "delegator_shares": "21592843799.000000000000000000", + "description": { + "moniker": "jabbey", + "identity": "", + "website": "https://twitter.com/JoeAbbey", + "security_contact": "", + "details": "just another dad in the cosmos" + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.100000000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.100000000000000000" + }, + "update_time": "2021-10-09T19:03:54.984821705Z" + }, + "min_self_delegation": "1" + } +} +``` + +#### HistoricalInfo + +The `HistoricalInfo` REST endpoint queries the historical information for given height. + +```bash +/cosmos/staking/v1beta1/historical_info/{height} +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/historical_info/153332" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "hist": { + "header": { + "version": { + "block": "11", + "app": "0" + }, + "chain_id": "cosmos-1", + "height": "153332", + "time": "2021-10-12T09:05:35.062230221Z", + "last_block_id": { + "hash": "NX8HevR5khb7H6NGKva+jVz7cyf0skF1CrcY9A0s+d8=", + "part_set_header": { + "total": 1, + "hash": "zLQ2FiKM5tooL3BInt+VVfgzjlBXfq0Hc8Iux/xrhdg=" + } + }, + "last_commit_hash": "P6IJrK8vSqU3dGEyRHnAFocoDGja0bn9euLuy09s350=", + "data_hash": "eUd+6acHWrNXYju8Js449RJ99lOYOs16KpqQl4SMrEM=", + "validators_hash": "mB4pravvMsJKgi+g8aYdSeNlt0kPjnRFyvtAQtaxcfw=", + "next_validators_hash": "mB4pravvMsJKgi+g8aYdSeNlt0kPjnRFyvtAQtaxcfw=", + "consensus_hash": "BICRvH3cKD93v7+R1zxE2ljD34qcvIZ0Bdi389qtoi8=", + "app_hash": "fuELArKRK+CptnZ8tu54h6xEleSWenHNmqC84W866fU=", + "last_results_hash": "p/BPexV4LxAzlVcPRvW+lomgXb6Yze8YLIQUo/4Kdgc=", + "evidence_hash": "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=", + "proposer_address": "G0MeY8xQx7ooOsni8KE/3R/Ib3Q=" + }, + "valset": [ + { + "operator_address": "cosmosvaloper196ax4vc0lwpxndu9dyhvca7jhxp70rmcqcnylw", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "/O7BtNW0pafwfvomgR4ZnfldwPXiFfJs9mHg3gwfv5Q=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "1416521659632", + "delegator_shares": "1416521659632.000000000000000000", + "description": { + "moniker": "SG-1", + "identity": "48608633F99D1B60", + "website": "https://sg-1.online", + "security_contact": "", + "details": "SG-1 - your favorite validator on cosmos. We offer 100% Soft Slash protection." + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.037500000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.030000000000000000" + }, + "update_time": "2021-10-01T15:00:00Z" + }, + "min_self_delegation": "1" + }, + { + "operator_address": "cosmosvaloper1t8ehvswxjfn3ejzkjtntcyrqwvmvuknzmvtaaa", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "uExZyjNLtr2+FFIhNDAMcQ8+yTrqE7ygYTsI7khkA5Y=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "1348298958808", + "delegator_shares": "1348298958808.000000000000000000", + "description": { + "moniker": "Cosmostation", + "identity": "AE4C403A6E7AA1AC", + "website": "https://www.cosmostation.io", + "security_contact": "admin@stamper.network", + "details": "Cosmostation validator node. Delegate your tokens and Start Earning Staking Rewards" + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.050000000000000000", + "max_rate": "1.000000000000000000", + "max_change_rate": "0.200000000000000000" + }, + "update_time": "2021-10-01T15:06:38.821314287Z" + }, + "min_self_delegation": "1" + } + ] + } +} +``` + +#### Parameters + +The `Parameters` REST endpoint queries the staking parameters. + +```bash +/cosmos/staking/v1beta1/params +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/params" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "params": { + "unbonding_time": "2419200s", + "max_validators": 100, + "max_entries": 7, + "historical_entries": 10000, + "bond_denom": "stake" + } +} +``` + +#### Pool + +The `Pool` REST endpoint queries the pool information. + +```bash +/cosmos/staking/v1beta1/pool +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/pool" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "pool": { + "not_bonded_tokens": "432805737458", + "bonded_tokens": "15783637712645" + } +} +``` + +#### Validators + +The `Validators` REST endpoint queries all validators that match the given status. + +```bash +/cosmos/staking/v1beta1/validators +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/validators" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "validators": [ + { + "operator_address": "cosmosvaloper1q3jsx9dpfhtyqqgetwpe5tmk8f0ms5qywje8tw", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "N7BPyek2aKuNZ0N/8YsrqSDhGZmgVaYUBuddY8pwKaE=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "383301887799", + "delegator_shares": "383301887799.000000000000000000", + "description": { + "moniker": "SmartNodes", + "identity": "D372724899D1EDC8", + "website": "https://smartnodes.co", + "security_contact": "", + "details": "Earn Rewards with Crypto Staking & Node Deployment" + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.050000000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.100000000000000000" + }, + "update_time": "2021-10-01T15:51:31.596618510Z" + }, + "min_self_delegation": "1" + }, + { + "operator_address": "cosmosvaloper1q5ku90atkhktze83j9xjaks2p7uruag5zp6wt7", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "GDNpuKDmCg9GnhnsiU4fCWktuGUemjNfvpCZiqoRIYA=" + }, + "jailed": false, + "status": "BOND_STATUS_UNBONDING", + "tokens": "1017819654", + "delegator_shares": "1017819654.000000000000000000", + "description": { + "moniker": "Noderunners", + "identity": "812E82D12FEA3493", + "website": "http://noderunners.biz", + "security_contact": "info@noderunners.biz", + "details": "Noderunners is a professional validator in POS networks. We have a huge node running experience, reliable soft and hardware. Our commissions are always low, our support to delegators is always full. Stake with us and start receiving your cosmos rewards now!" + }, + "unbonding_height": "147302", + "unbonding_time": "2021-11-08T22:58:53.718662452Z", + "commission": { + "commission_rates": { + "rate": "0.050000000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.100000000000000000" + }, + "update_time": "2021-10-04T18:02:21.446645619Z" + }, + "min_self_delegation": "1" + } + ], + "pagination": { + "next_key": "FONDBFkE4tEEf7yxWWKOD49jC2NK", + "total": "2" + } +} +``` + +#### Validator + +The `Validator` REST endpoint queries validator information for given validator address. + +```bash +/cosmos/staking/v1beta1/validators/{validatorAddr} +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/validators/cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "validator": { + "operator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "sIiexdJdYWn27+7iUHQJDnkp63gq/rzUq1Y+fxoGjXc=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "33027900000", + "delegator_shares": "33027900000.000000000000000000", + "description": { + "moniker": "Witval", + "identity": "51468B615127273A", + "website": "", + "security_contact": "", + "details": "Witval is the validator arm from Vitwit. Vitwit is into software consulting and services business since 2015. We are working closely with Cosmos ecosystem since 2018. We are also building tools for the ecosystem, Aneka is our explorer for the cosmos ecosystem." + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.050000000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.020000000000000000" + }, + "update_time": "2021-10-01T19:24:52.663191049Z" + }, + "min_self_delegation": "1" + } +} +``` + +#### ValidatorDelegations + +The `ValidatorDelegations` REST endpoint queries delegate information for given validator. + +```bash +/cosmos/staking/v1beta1/validators/{validatorAddr}/delegations +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/validators/cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q/delegations" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "delegation_responses": [ + { + "delegation": { + "delegator_address": "cosmos190g5j8aszqhvtg7cprmev8xcxs6csra7xnk3n3", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "31000000000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "31000000000" + } + }, + { + "delegation": { + "delegator_address": "cosmos1ddle9tczl87gsvmeva3c48nenyng4n56qwq4ee", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "628470000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "628470000" + } + }, + { + "delegation": { + "delegator_address": "cosmos10fdvkczl76m040smd33lh9xn9j0cf26kk4s2nw", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "838120000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "838120000" + } + }, + { + "delegation": { + "delegator_address": "cosmos1n8f5fknsv2yt7a8u6nrx30zqy7lu9jfm0t5lq8", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "500000000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "500000000" + } + }, + { + "delegation": { + "delegator_address": "cosmos16msryt3fqlxtvsy8u5ay7wv2p8mglfg9hrek2e", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "61310000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "61310000" + } + } + ], + "pagination": { + "next_key": null, + "total": "5" + } +} +``` + +#### Delegation + +The `Delegation` REST endpoint queries delegate information for given validator delegator pair. + +```bash +/cosmos/staking/v1beta1/validators/{validatorAddr}/delegations/{delegatorAddr} +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/validators/cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q/delegations/cosmos1n8f5fknsv2yt7a8u6nrx30zqy7lu9jfm0t5lq8" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "delegation_response": { + "delegation": { + "delegator_address": "cosmos1n8f5fknsv2yt7a8u6nrx30zqy7lu9jfm0t5lq8", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "500000000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "500000000" + } + } +} +``` + +#### UnbondingDelegation + +The `UnbondingDelegation` REST endpoint queries unbonding information for given validator delegator pair. + +```bash +/cosmos/staking/v1beta1/validators/{validatorAddr}/delegations/{delegatorAddr}/unbonding_delegation +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/validators/cosmosvaloper13v4spsah85ps4vtrw07vzea37gq5la5gktlkeu/delegations/cosmos1ze2ye5u5k3qdlexvt2e0nn0508p04094ya0qpm/unbonding_delegation" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "unbond": { + "delegator_address": "cosmos1ze2ye5u5k3qdlexvt2e0nn0508p04094ya0qpm", + "validator_address": "cosmosvaloper13v4spsah85ps4vtrw07vzea37gq5la5gktlkeu", + "entries": [ + { + "creation_height": "153687", + "completion_time": "2021-11-09T09:41:18.352401903Z", + "initial_balance": "525111", + "balance": "525111" + } + ] + } +} +``` + +#### ValidatorUnbondingDelegations + +The `ValidatorUnbondingDelegations` REST endpoint queries unbonding delegations of a validator. + +```bash +/cosmos/staking/v1beta1/validators/{validatorAddr}/unbonding_delegations +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/validators/cosmosvaloper13v4spsah85ps4vtrw07vzea37gq5la5gktlkeu/unbonding_delegations" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "unbonding_responses": [ + { + "delegator_address": "cosmos1q9snn84jfrd9ge8t46kdcggpe58dua82vnj7uy", + "validator_address": "cosmosvaloper13v4spsah85ps4vtrw07vzea37gq5la5gktlkeu", + "entries": [ + { + "creation_height": "90998", + "completion_time": "2021-11-05T00:14:37.005841058Z", + "initial_balance": "24000000", + "balance": "24000000" + } + ] + }, + { + "delegator_address": "cosmos1qf36e6wmq9h4twhdvs6pyq9qcaeu7ye0s3dqq2", + "validator_address": "cosmosvaloper13v4spsah85ps4vtrw07vzea37gq5la5gktlkeu", + "entries": [ + { + "creation_height": "47478", + "completion_time": "2021-11-01T22:47:26.714116854Z", + "initial_balance": "8000000", + "balance": "8000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/modules/upgrade/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/modules/upgrade/README.md new file mode 100644 index 00000000..0d98c160 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/modules/upgrade/README.md @@ -0,0 +1,619 @@ +--- +sidebar_position: 1 +--- + +# `x/upgrade` + +## Abstract + +`x/upgrade` is an implementation of a Cosmos SDK module that facilitates smoothly +upgrading a live Cosmos chain to a new (breaking) software version. It accomplishes this by +providing a `PreBlocker` hook that prevents the blockchain state machine from +proceeding once a pre-defined upgrade block height has been reached. + +The module does not prescribe anything regarding how governance decides to do an +upgrade, but just the mechanism for coordinating the upgrade safely. Without software +support for upgrades, upgrading a live chain is risky because all of the validators +need to pause their state machines at exactly the same point in the process. If +this is not done correctly, there can be state inconsistencies which are hard to +recover from. + +* [Concepts](#concepts) +* [State](#state) +* [Events](#events) +* [Client](#client) + * [CLI](#cli) + * [REST](#rest) + * [gRPC](#grpc) +* [Resources](#resources) + +## Concepts + +### Plan + +The `x/upgrade` module defines a `Plan` type in which a live upgrade is scheduled +to occur. A `Plan` can be scheduled at a specific block height. +A `Plan` is created once a (frozen) release candidate along with an appropriate upgrade +`Handler` (see below) is agreed upon, where the `Name` of a `Plan` corresponds to a +specific `Handler`. Typically, a `Plan` is created through a governance proposal +process, where if voted upon and passed, will be scheduled. The `Info` of a `Plan` +may contain various metadata about the upgrade, typically application specific +upgrade info to be included on-chain such as a git commit that validators could +automatically upgrade to. + +```go +type Plan struct { + Name string + Height int64 + Info string +} +``` + +#### Sidecar Process + +If an operator running the application binary also runs a sidecar process to assist +in the automatic download and upgrade of a binary, the `Info` allows this process to +be seamless. This tool is [Cosmovisor](https://github.com/cosmos/cosmos-sdk/tree/main/tools/cosmovisor#readme). + +### Handler + +The `x/upgrade` module facilitates upgrading from major version X to major version Y. To +accomplish this, node operators must first upgrade their current binary to a new +binary that has a corresponding `Handler` for the new version Y. It is assumed that +this version has fully been tested and approved by the community at large. This +`Handler` defines what state migrations need to occur before the new binary Y +can successfully run the chain. Naturally, this `Handler` is application specific +and not defined on a per-module basis. Registering a `Handler` is done via +`Keeper#SetUpgradeHandler` in the application. + +```go +type UpgradeHandler func(Context, Plan, VersionMap) (VersionMap, error) +``` + +During each `EndBlock` execution, the `x/upgrade` module checks if there exists a +`Plan` that should execute (is scheduled at that height). If so, the corresponding +`Handler` is executed. If the `Plan` is expected to execute but no `Handler` is registered +or if the binary was upgraded too early, the node will gracefully panic and exit. + +### StoreLoader + +The `x/upgrade` module also facilitates store migrations as part of the upgrade. The +`StoreLoader` sets the migrations that need to occur before the new binary can +successfully run the chain. This `StoreLoader` is also application specific and +not defined on a per-module basis. Registering this `StoreLoader` is done via +`app#SetStoreLoader` in the application. + +```go +func UpgradeStoreLoader (upgradeHeight int64, storeUpgrades *store.StoreUpgrades) baseapp.StoreLoader +``` + +If there's a planned upgrade and the upgrade height is reached, the old binary writes `Plan` to the disk before panicking. + +This information is critical to ensure the `StoreUpgrades` happens smoothly at correct height and +expected upgrade. It eliminiates the chances for the new binary to execute `StoreUpgrades` multiple +times everytime on restart. Also if there are multiple upgrades planned on same height, the `Name` +will ensure these `StoreUpgrades` takes place only in planned upgrade handler. + +### Proposal + +Typically, a `Plan` is proposed and submitted through governance via a proposal +containing a `MsgSoftwareUpgrade` message. +This proposal prescribes to the standard governance process. If the proposal passes, +the `Plan`, which targets a specific `Handler`, is persisted and scheduled. The +upgrade can be delayed or hastened by updating the `Plan.Height` in a new proposal. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/upgrade/v1beta1/tx.proto#L29-L41 +``` + +#### Cancelling Upgrade Proposals + +Upgrade proposals can be cancelled. There exists a gov-enabled `MsgCancelUpgrade` +message type, which can be embedded in a proposal, voted on and, if passed, will +remove the scheduled upgrade `Plan`. +Of course this requires that the upgrade was known to be a bad idea well before the +upgrade itself, to allow time for a vote. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/upgrade/v1beta1/tx.proto#L48-L57 +``` + +If such a possibility is desired, the upgrade height is to be +`2 * (VotingPeriod + DepositPeriod) + (SafetyDelta)` from the beginning of the +upgrade proposal. The `SafetyDelta` is the time available from the success of an +upgrade proposal and the realization it was a bad idea (due to external social consensus). + +A `MsgCancelUpgrade` proposal can also be made while the original +`MsgSoftwareUpgrade` proposal is still being voted upon, as long as the `VotingPeriod` +ends after the `MsgSoftwareUpgrade` proposal. + +## State + +The internal state of the `x/upgrade` module is relatively minimal and simple. The +state contains the currently active upgrade `Plan` (if one exists) by key +`0x0` and if a `Plan` is marked as "done" by key `0x1`. The state +contains the consensus versions of all app modules in the application. The versions +are stored as big endian `uint64`, and can be accessed with prefix `0x2` appended +by the corresponding module name of type `string`. The state maintains a +`Protocol Version` which can be accessed by key `0x3`. + +* Plan: `0x0 -> Plan` +* Done: `0x1 | byte(plan name) -> BigEndian(Block Height)` +* ConsensusVersion: `0x2 | byte(module name) -> BigEndian(Module Consensus Version)` +* ProtocolVersion: `0x3 -> BigEndian(Protocol Version)` + +The `x/upgrade` module contains no genesis state. + +## Events + +The `x/upgrade` does not emit any events by itself. Any and all proposal related +events are emitted through the `x/gov` module. + +## Client + +### CLI + +A user can query and interact with the `upgrade` module using the CLI. + +#### Query + +The `query` commands allow users to query `upgrade` state. + +```bash +simd query upgrade --help +``` + +##### applied + +The `applied` command allows users to query the block header for height at which a completed upgrade was applied. + +```bash +simd query upgrade applied [upgrade-name] [flags] +``` + +If upgrade-name was previously executed on the chain, this returns the header for the block at which it was applied. +This helps a client determine which binary was valid over a given range of blocks, as well as more context to understand past migrations. + +Example: + +```bash +simd query upgrade applied "test-upgrade" +``` + +Example Output: + +```bash +"block_id": { + "hash": "A769136351786B9034A5F196DC53F7E50FCEB53B48FA0786E1BFC45A0BB646B5", + "parts": { + "total": 1, + "hash": "B13CBD23011C7480E6F11BE4594EE316548648E6A666B3575409F8F16EC6939E" + } + }, + "block_size": "7213", + "header": { + "version": { + "block": "11" + }, + "chain_id": "testnet-2", + "height": "455200", + "time": "2021-04-10T04:37:57.085493838Z", + "last_block_id": { + "hash": "0E8AD9309C2DC411DF98217AF59E044A0E1CCEAE7C0338417A70338DF50F4783", + "parts": { + "total": 1, + "hash": "8FE572A48CD10BC2CBB02653CA04CA247A0F6830FF19DC972F64D339A355E77D" + } + }, + "last_commit_hash": "DE890239416A19E6164C2076B837CC1D7F7822FC214F305616725F11D2533140", + "data_hash": "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855", + "validators_hash": "A31047ADE54AE9072EE2A12FF260A8990BA4C39F903EAF5636B50D58DBA72582", + "next_validators_hash": "A31047ADE54AE9072EE2A12FF260A8990BA4C39F903EAF5636B50D58DBA72582", + "consensus_hash": "048091BC7DDC283F77BFBF91D73C44DA58C3DF8A9CBC867405D8B7F3DAADA22F", + "app_hash": "28ECC486AFC332BA6CC976706DBDE87E7D32441375E3F10FD084CD4BAF0DA021", + "last_results_hash": "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855", + "evidence_hash": "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855", + "proposer_address": "2ABC4854B1A1C5AA8403C4EA853A81ACA901CC76" + }, + "num_txs": "0" +} +``` + +##### module versions + +The `module_versions` command gets a list of module names and their respective consensus versions. + +Following the command with a specific module name will return only +that module's information. + +```bash +simd query upgrade module_versions [optional module_name] [flags] +``` + +Example: + +```bash +simd query upgrade module_versions +``` + +Example Output: + +```bash +module_versions: +- name: auth + version: "2" +- name: authz + version: "1" +- name: bank + version: "2" +- name: crisis + version: "1" +- name: distribution + version: "2" +- name: evidence + version: "1" +- name: feegrant + version: "1" +- name: genutil + version: "1" +- name: gov + version: "2" +- name: ibc + version: "2" +- name: mint + version: "1" +- name: params + version: "1" +- name: slashing + version: "2" +- name: staking + version: "2" +- name: transfer + version: "1" +- name: upgrade + version: "1" +- name: vesting + version: "1" +``` + +Example: + +```bash +regen query upgrade module_versions ibc +``` + +Example Output: + +```bash +module_versions: +- name: ibc + version: "2" +``` + +##### plan + +The `plan` command gets the currently scheduled upgrade plan, if one exists. + +```bash +regen query upgrade plan [flags] +``` + +Example: + +```bash +simd query upgrade plan +``` + +Example Output: + +```bash +height: "130" +info: "" +name: test-upgrade +time: "0001-01-01T00:00:00Z" +upgraded_client_state: null +``` + +#### Transactions + +The upgrade module supports the following transactions: + +* `software-proposal` - submits an upgrade proposal: + +```bash +simd tx upgrade software-upgrade v2 --title="Test Proposal" --summary="testing" --deposit="100000000stake" --upgrade-height 1000000 \ +--upgrade-info '{ "binaries": { "linux/amd64":"https://example.com/simd.zip?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f" } }' --from cosmos1.. +``` + +* `cancel-software-upgrade` - cancels a previously submitted upgrade proposal: + +```bash +simd tx upgrade cancel-software-upgrade --title="Test Proposal" --summary="testing" --deposit="100000000stake" --from cosmos1.. +``` + +### REST + +A user can query the `upgrade` module using REST endpoints. + +#### Applied Plan + +`AppliedPlan` queries a previously applied upgrade plan by its name. + +```bash +/cosmos/upgrade/v1beta1/applied_plan/{name} +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/upgrade/v1beta1/applied_plan/v2.0-upgrade" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "height": "30" +} +``` + +#### Current Plan + +`CurrentPlan` queries the current upgrade plan. + +```bash +/cosmos/upgrade/v1beta1/current_plan +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/upgrade/v1beta1/current_plan" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "plan": "v2.1-upgrade" +} +``` + +#### Module versions + +`ModuleVersions` queries the list of module versions from state. + +```bash +/cosmos/upgrade/v1beta1/module_versions +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/upgrade/v1beta1/module_versions" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "module_versions": [ + { + "name": "auth", + "version": "2" + }, + { + "name": "authz", + "version": "1" + }, + { + "name": "bank", + "version": "2" + }, + { + "name": "crisis", + "version": "1" + }, + { + "name": "distribution", + "version": "2" + }, + { + "name": "evidence", + "version": "1" + }, + { + "name": "feegrant", + "version": "1" + }, + { + "name": "genutil", + "version": "1" + }, + { + "name": "gov", + "version": "2" + }, + { + "name": "ibc", + "version": "2" + }, + { + "name": "mint", + "version": "1" + }, + { + "name": "params", + "version": "1" + }, + { + "name": "slashing", + "version": "2" + }, + { + "name": "staking", + "version": "2" + }, + { + "name": "transfer", + "version": "1" + }, + { + "name": "upgrade", + "version": "1" + }, + { + "name": "vesting", + "version": "1" + } + ] +} +``` + +### gRPC + +A user can query the `upgrade` module using gRPC endpoints. + +#### Applied Plan + +`AppliedPlan` queries a previously applied upgrade plan by its name. + +```bash +cosmos.upgrade.v1beta1.Query/AppliedPlan +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"name":"v2.0-upgrade"}' \ + localhost:9090 \ + cosmos.upgrade.v1beta1.Query/AppliedPlan +``` + +Example Output: + +```bash +{ + "height": "30" +} +``` + +#### Current Plan + +`CurrentPlan` queries the current upgrade plan. + +```bash +cosmos.upgrade.v1beta1.Query/CurrentPlan +``` + +Example: + +```bash +grpcurl -plaintext localhost:9090 cosmos.slashing.v1beta1.Query/CurrentPlan +``` + +Example Output: + +```bash +{ + "plan": "v2.1-upgrade" +} +``` + +#### Module versions + +`ModuleVersions` queries the list of module versions from state. + +```bash +cosmos.upgrade.v1beta1.Query/ModuleVersions +``` + +Example: + +```bash +grpcurl -plaintext localhost:9090 cosmos.slashing.v1beta1.Query/ModuleVersions +``` + +Example Output: + +```bash +{ + "module_versions": [ + { + "name": "auth", + "version": "2" + }, + { + "name": "authz", + "version": "1" + }, + { + "name": "bank", + "version": "2" + }, + { + "name": "crisis", + "version": "1" + }, + { + "name": "distribution", + "version": "2" + }, + { + "name": "evidence", + "version": "1" + }, + { + "name": "feegrant", + "version": "1" + }, + { + "name": "genutil", + "version": "1" + }, + { + "name": "gov", + "version": "2" + }, + { + "name": "ibc", + "version": "2" + }, + { + "name": "mint", + "version": "1" + }, + { + "name": "params", + "version": "1" + }, + { + "name": "slashing", + "version": "2" + }, + { + "name": "staking", + "version": "2" + }, + { + "name": "transfer", + "version": "1" + }, + { + "name": "upgrade", + "version": "1" + }, + { + "name": "vesting", + "version": "1" + } + ] +} +``` + +## Resources + +A list of (external) resources to learn more about the `x/upgrade` module. + +* [Cosmos Dev Series: Cosmos Blockchain Upgrade](https://medium.com/web3-surfers/cosmos-dev-series-cosmos-sdk-based-blockchain-upgrade-b5e99181554c) - The blog post that explains how software upgrades work in detail. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/packages/01-depinject.md b/copy-of-sdk-versioned_docs/version-0.50/build/packages/01-depinject.md new file mode 100644 index 00000000..258e1e0b --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/packages/01-depinject.md @@ -0,0 +1,187 @@ +--- +sidebar_position: 1 +--- + +# Depinject + +> **DISCLAIMER**: This is a **beta** package. The SDK team is actively working on this feature and we are looking for feedback from the community. Please try it out and let us know what you think. + +## Overview + +`depinject` is a dependency injection (DI) framework for the Cosmos SDK, designed to streamline the process of building and configuring blockchain applications. It works in conjunction with the `core/appconfig` module to replace the majority of boilerplate code in `app.go` with a configuration file in Go, YAML, or JSON format. + +`depinject` is particularly useful for developing blockchain applications: + +* With multiple interdependent components, modules, or services. Helping manage their dependencies effectively. +* That require decoupling of these components, making it easier to test, modify, or replace individual parts without affecting the entire system. +* That are wanting to simplify the setup and initialisation of modules and their dependencies by reducing boilerplate code and automating dependency management. + +By using `depinject`, developers can achieve: + +* Cleaner and more organised code. +* Improved modularity and maintainability. +* A more maintainable and modular structure for their blockchain applications, ultimately enhancing development velocity and code quality. + +* [Go Doc](https://pkg.go.dev/cosmossdk.io/depinject) + +## Usage + +The `depinject` framework, based on dependency injection concepts, streamlines the management of dependencies within your blockchain application using its Configuration API. This API offers a set of functions and methods to create easy to use configurations, making it simple to define, modify, and access dependencies and their relationships. + +A core component of the [Configuration API](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/depinject#Config) is the `Provide` function, which allows you to register provider functions that supply dependencies. Inspired by constructor injection, these provider functions form the basis of the dependency tree, enabling the management and resolution of dependencies in a structured and maintainable manner. Additionally, `depinject` supports interface types as inputs to provider functions, offering flexibility and decoupling between components, similar to interface injection concepts. + +By leveraging `depinject` and its Configuration API, you can efficiently handle dependencies in your blockchain application, ensuring a clean, modular, and well-organised codebase. + +Example: + +```go +package main + +import ( + "fmt" + + "cosmossdk.io/depinject" +) + +type AnotherInt int + +func main() { + var ( + x int + y AnotherInt + ) + + fmt.Printf("Before (%v, %v)\n", x, y) + depinject.Inject( + depinject.Provide( + func() int { return 1 }, + func() AnotherInt { return AnotherInt(2) }, + ), + &x, + &y, + ) + fmt.Printf("After (%v, %v)\n", x, y) +} +``` + +In this example, `depinject.Provide` registers two provider functions that return `int` and `AnotherInt` values. The `depinject.Inject` function is then used to inject these values into the variables `x` and `y`. + +Provider functions serve as the basis for the dependency tree. They are analysed to identify their inputs as dependencies and their outputs as dependents. These dependents can either be used by another provider function or be stored outside the DI container (e.g., `&x` and `&y` in the example above). + +### Interface type resolution + +`depinject` supports the use of interface types as inputs to provider functions, which helps decouple dependencies between modules. This approach is particularly useful for managing complex systems with multiple modules, such as the Cosmos SDK, where dependencies need to be flexible and maintainable. + +For example, `x/bank` expects an [AccountKeeper](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/x/bank/types#AccountKeeper) interface as [input to ProvideModule](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/bank/module.go#L208-L260). `SimApp` uses the implementation in `x/auth`, but the modular design allows for easy changes to the implementation if needed. + +Consider the following example: + +```go +package duck + +type Duck interface { + quack() +} + +type AlsoDuck interface { + quack() +} + +type Mallard struct{} +type Canvasback struct{} + +func (duck Mallard) quack() {} +func (duck Canvasback) quack() {} + +type Pond struct { + Duck AlsoDuck +} +``` + +In this example, there's a `Pond` struct that has a `Duck` field of type `AlsoDuck`. The `depinject` framework can automatically resolve the appropriate implementation when there's only one available, as shown below: + +```go +var pond Pond + +depinject.Inject( + depinject.Provide( + func() Mallard { return Mallard{} }, + func(duck Duck) Pond { + return Pond{Duck: duck} + }), + &pond) +``` + +This code snippet results in the `Duck` field of `Pond` being implicitly bound to the `Mallard` implementation because it's the only implementation of the `Duck` interface in the container. + +However, if there are multiple implementations of the `Duck` interface, as in the following example, you'll encounter an error: + +```go +var pond Pond + +depinject.Inject( + depinject.Provide( + func() Mallard { return Mallard{} }, + func() Canvasback { return Canvasback{} }, + func(duck Duck) Pond { + return Pond{Duck: duck} + }), + &pond) +``` + +A specific binding preference for `Duck` is required. + +#### `BindInterface` API + +In the above situation registering a binding for a given interface binding may look like: + +```go +depinject.Inject( + depinject.Configs( + depinject.BindInterface( + "duck.Duck", + "duck.Mallard"), + depinject.Provide( + func() Mallard { return Mallard{} }, + func() Canvasback { return Canvasback{} }, + func(duck Duck) APond { + return Pond{Duck: duck} + })), + &pond) +``` + +Now `depinject` has enough information to provide `Mallard` as an input to `APond`. + +### Full example in real app + +:::warning +When using `depinject.Inject`, the injected types must be pointers. +::: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/simapp/app_v2.go#L219-L244 +``` + +## Debugging + +Issues with resolving dependencies in the container can be done with logs and [Graphviz](https://graphviz.org) renderings of the container tree. +By default, whenever there is an error, logs will be printed to stderr and a rendering of the dependency graph in Graphviz DOT format will be saved to `debug_container.dot`. + +Here is an example Graphviz rendering of a successful build of a dependency graph: +![Graphviz Example](https://raw.githubusercontent.com/cosmos/cosmos-sdk/ff39d243d421442b400befcd959ec3ccd2525154/depinject/testdata/example.svg) + +Rectangles represent functions, ovals represent types, rounded rectangles represent modules and the single hexagon +represents the function which called `Build`. Black-colored shapes mark functions and types that were called/resolved +without an error. Gray-colored nodes mark functions and types that could have been called/resolved in the container but +were left unused. + +Here is an example Graphviz rendering of a dependency graph build which failed: +![Graphviz Error Example](https://raw.githubusercontent.com/cosmos/cosmos-sdk/ff39d243d421442b400befcd959ec3ccd2525154/depinject/testdata/example_error.svg) + +Graphviz DOT files can be converted into SVG's for viewing in a web browser using the `dot` command-line tool, ex: + +```txt +dot -Tsvg debug_container.dot > debug_container.svg +``` + +Many other tools including some IDEs support working with DOT files. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/packages/02-collections.md b/copy-of-sdk-versioned_docs/version-0.50/build/packages/02-collections.md new file mode 100644 index 00000000..7f827823 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/packages/02-collections.md @@ -0,0 +1,1119 @@ +# Collections + +Collections is a library meant to simplify the experience with respect to module state handling. + +Cosmos SDK modules handle their state using the `KVStore` interface. The problem with working with +`KVStore` is that it forces you to think of state as a bytes KV pairings when in reality the majority of +state comes from complex concrete golang objects (strings, ints, structs, etc.). + +Collections allows you to work with state as if they were normal golang objects and removes the need +for you to think of your state as raw bytes in your code. + +It also allows you to migrate your existing state without causing any state breakage that forces you into +tedious and complex chain state migrations. + +## Installation + +To install collections in your cosmos-sdk chain project, run the following command: + +```shell +go get cosmossdk.io/collections +``` + +## Core types + +Collections offers 5 different APIs to work with state, which will be explored in the next sections, these APIs are: +- ``Map``: to work with typed arbitrary KV pairings. +- ``KeySet``: to work with just typed keys +- ``Item``: to work with just one typed value +- ``Sequence``: which is a monotonically increasing number. +- ``IndexedMap``: which combines ``Map`` and `KeySet` to provide a `Map` with indexing capabilities. + +## Preliminary components + +Before exploring the different collections types and their capability it is necessary to introduce +the three components that every collection shares. In fact when instantiating a collection type by doing, for example, +```collections.NewMap/collections.NewItem/...``` you will find yourself having to pass them some common arguments. + +For example, in code: + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + sdk "github.com/cosmos/cosmos-sdk/types" +) + +var AllowListPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + AllowList collections.KeySet[string] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + + return Keeper{ + AllowList: collections.NewKeySet(sb, AllowListPrefix, "allow_list", collections.StringKey), + } +} + +``` + +Let's analyse the shared arguments, what they do, and why we need them. + +### SchemaBuilder + +The first argument passed is the ``SchemaBuilder`` + +`SchemaBuilder` is a structure that keeps track of all the state of a module, it is not required by the collections + to deal with state but it offers a dynamic and reflective way for clients to explore a module's state. + +We instantiate a ``SchemaBuilder`` by passing it a function that given the modules store key returns the module's specific store. + +We then need to pass the schema builder to every collection type we instantiate in our keeper, in our case the `AllowList`. + +### Prefix + +The second argument passed to our ``KeySet`` is a `collections.Prefix`, a prefix represents a partition of the module's `KVStore` +where all the state of a specific collection will be saved. + +Since a module can have multiple collections, the following is expected: +- module params will become a `collections.Item` +- the `AllowList` is a `collections.KeySet` + +We don't want a collection to write over the state of the other collection so we pass it a prefix, which defines a storage +partition owned by the collection. + +If you already built modules, the prefix translates to the items you were creating in your ``types/keys.go`` file, example: https://github.com/cosmos/cosmos-sdk/blob/main/x/feegrant/key.go#L27 + +your old: +```go +var ( + // FeeAllowanceKeyPrefix is the set of the kvstore for fee allowance data + // - 0x00: allowance + FeeAllowanceKeyPrefix = []byte{0x00} + + // FeeAllowanceQueueKeyPrefix is the set of the kvstore for fee allowance keys data + // - 0x01: + FeeAllowanceQueueKeyPrefix = []byte{0x01} +) +``` +becomes: +```go +var ( + // FeeAllowanceKeyPrefix is the set of the kvstore for fee allowance data + // - 0x00: allowance + FeeAllowanceKeyPrefix = collections.NewPrefix(0) + + // FeeAllowanceQueueKeyPrefix is the set of the kvstore for fee allowance keys data + // - 0x01: + FeeAllowanceQueueKeyPrefix = collections.NewPrefix(1) +) +``` + +#### Rules + +``collections.NewPrefix`` accepts either `uint8`, `string` or `[]bytes` it's good practice to use an always increasing `uint8`for disk space efficiency. + +A collection **MUST NOT** share the same prefix as another collection in the same module, and a collection prefix **MUST NEVER** start with the same prefix as another, examples: + +```go +prefix1 := collections.NewPrefix("prefix") +prefix2 := collections.NewPrefix("prefix") // THIS IS BAD! +``` + +```go +prefix1 := collections.NewPrefix("a") +prefix2 := collections.NewPrefix("aa") // prefix2 starts with the same as prefix1: BAD!!! +``` +### Human-Readable Name + +The third parameter we pass to a collection is a string, which is a human-readable name. +It is needed to make the role of a collection understandable by clients who have no clue about +what a module is storing in state. + +#### Rules + +Each collection in a module **MUST** have a unique humanised name. + +## Key and Value Codecs + +A collection is generic over the type you can use as keys or values. +This makes collections dumb, but also means that hypothetically we can store everything +that can be a go type into a collection. We are not bounded to any type of encoding (be it proto, json or whatever) + +So a collection needs to be given a way to understand how to convert your keys and values to bytes. +This is achieved through ``KeyCodec`` and `ValueCodec`, which are arguments that you pass to your +collections when you're instantiating them using the ```collections.NewMap/collections.NewItem/...``` +instantiation functions. + +NOTE: Generally speaking you will never be required to implement your own ``Key/ValueCodec`` as +the SDK and collections libraries already come with default, safe and fast implementation of those. +You might need to implement them only if you're migrating to collections and there are state layout incompatibilities. + +Let's explore an example: + +````go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + sdk "github.com/cosmos/cosmos-sdk/types" +) + +var IDsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + IDs collections.Map[string, uint64] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + + return Keeper{ + IDs: collections.NewMap(sb, IDsPrefix, "ids", collections.StringKey, collections.Uint64Value), + } +} +```` + +We're now instantiating a map where the key is string and the value is `uint64`. +We already know the first three arguments of the ``NewMap`` function. + +The fourth parameter is our `KeyCodec`, we know that the ``Map`` has `string` as key so we pass it a `KeyCodec` that handles strings as keys. + +The fifth parameter is our `ValueCodec`, we know that the `Map` as a `uint64` as value so we pass it a `ValueCodec` that handles uint64. + +Collections already comes with all the required implementations for golang primitive types. + +Let's make another example, this falls closer to what we build using cosmos SDK, let's say we want +to create a `collections.Map` that maps account addresses to their base account. So we want to map an `sdk.AccAddress` to an `auth.BaseAccount` (which is a proto): + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts collections.Map[sdk.AccAddress, authtypes.BaseAccount] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewMap(sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollValue[authtypes.BaseAccount](cdc)), + } +} +``` + +As we can see here since our `collections.Map` maps `sdk.AccAddress` to `authtypes.BaseAccount`, +we use the `sdk.AccAddressKey` which is the `KeyCodec` implementation for `AccAddress` and we use `codec.CollValue` to +encode our proto type `BaseAccount`. + +Generally speaking you will always find the respective key and value codecs for types in the `go.mod` path you're using +to import that type. If you want to encode proto values refer to the codec `codec.CollValue` function, which allows you +to encode any type implement the `proto.Message` interface. + +## Map + +We analyse the first and most important collection type, the ``collections.Map``. +This is the type that everything else builds on top of. + +### Use case + +A `collections.Map` is used to map arbitrary keys with arbitrary values. + +### Example + +It's easier to explain a `collections.Map` capabilities through an example: + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "fmt" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts collections.Map[sdk.AccAddress, authtypes.BaseAccount] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewMap(sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollValue[authtypes.BaseAccount](cdc)), + } +} + +func (k Keeper) CreateAccount(ctx sdk.Context, addr sdk.AccAddress, account authtypes.BaseAccount) error { + has, err := k.Accounts.Has(ctx, addr) + if err != nil { + return err + } + if has { + return fmt.Errorf("account already exists: %s", addr) + } + + err = k.Accounts.Set(ctx, addr, account) + if err != nil { + return err + } + return nil +} + +func (k Keeper) GetAccount(ctx sdk.Context, addr sdk.AccAddress) (authtypes.BaseAccount, error) { + acc, err := k.Accounts.Get(ctx, addr) + if err != nil { + return authtypes.BaseAccount{}, err + } + + return acc, nil +} + +func (k Keeper) RemoveAccount(ctx sdk.Context, addr sdk.AccAddress) error { + err := k.Accounts.Remove(ctx, addr) + if err != nil { + return err + } + return nil +} +``` + +#### Set method + +Set maps with the provided `AccAddress` (the key) to the `auth.BaseAccount` (the value). + +Under the hood the `collections.Map` will convert the key and value to bytes using the [key and value codec](README.md#key-and-value-codecs). +It will prepend to our bytes key the [prefix](README.md#prefix) and store it in the KVStore of the module. + +#### Has method + +The has method reports if the provided key exists in the store. + +#### Get method + +The get method accepts the `AccAddress` and returns the associated `auth.BaseAccount` if it exists, otherwise it errors. + +#### Remove method + +The remove method accepts the `AccAddress` and removes it from the store. It won't report errors +if it does not exist, to check for existence before removal use the ``Has`` method. + +#### Iteration + +Iteration has a separate section. + +## KeySet + +The second type of collection is `collections.KeySet`, as the word suggests it maintains +only a set of keys without values. + +#### Implementation curiosity + +A `collections.KeySet` is just a `collections.Map` with a `key` but no value. +The value internally is always the same and is represented as an empty byte slice ```[]byte{}```. + +### Example + +As always we explore the collection type through an example: + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "fmt" + sdk "github.com/cosmos/cosmos-sdk/types" +) + +var ValidatorsSetPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + ValidatorsSet collections.KeySet[sdk.ValAddress] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + ValidatorsSet: collections.NewKeySet(sb, ValidatorsSetPrefix, "validators_set", sdk.ValAddressKey), + } +} + +func (k Keeper) AddValidator(ctx sdk.Context, validator sdk.ValAddress) error { + has, err := k.ValidatorsSet.Has(ctx, validator) + if err != nil { + return err + } + if has { + return fmt.Errorf("validator already in set: %s", validator) + } + + err = k.ValidatorsSet.Set(ctx, validator) + if err != nil { + return err + } + + return nil +} + +func (k Keeper) RemoveValidator(ctx sdk.Context, validator sdk.ValAddress) error { + err := k.ValidatorsSet.Remove(ctx, validator) + if err != nil { + return err + } + return nil +} +``` +The first difference we notice is that `KeySet` needs use to specify only one type parameter: the key (`sdk.ValAddress` in this case). +The second difference we notice is that `KeySet` in its `NewKeySet` function does not require +us to specify a `ValueCodec` but only a `KeyCodec`. This is because a `KeySet` only saves keys and not values. + +Let's explore the methods. + +#### Has method + +Has allows us to understand if a key is present in the `collections.KeySet` or not, functions in the same way as `collections.Map.Has +` + +#### Set method + +Set inserts the provided key in the `KeySet`. + +#### Remove method + +Remove removes the provided key from the `KeySet`, it does not error if the key does not exist, +if existence check before removal is required it needs to be coupled with the `Has` method. + +## Item + +The third type of collection is the `collections.Item`. +It stores only one single item, it's useful for example for parameters, there's only one instance +of parameters in state always. + +#### implementation curiosity + +A `collections.Item` is just a `collections.Map` with no key but just a value. +The key is the prefix of the collection! + +### Example + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types" +) + +var ParamsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Params collections.Item[stakingtypes.Params] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Params: collections.NewItem(sb, ParamsPrefix, "params", codec.CollValue[stakingtypes.Params](cdc)), + } +} + +func (k Keeper) UpdateParams(ctx sdk.Context, params stakingtypes.Params) error { + err := k.Params.Set(ctx, params) + if err != nil { + return err + } + return nil +} + +func (k Keeper) GetParams(ctx sdk.Context) (stakingtypes.Params, error) { + return k.Params.Get(ctx) +} +``` + +The first key difference we notice is that we specify only one type parameter, which is the value we're storing. +The second key difference is that we don't specify the `KeyCodec`, since we store only one item we already know the key +and the fact that it is constant. + +## Iteration + +One of the key features of the ``KVStore`` is iterating over keys. + +Collections which deal with keys (so `Map`, `KeySet` and `IndexedMap`) allow you to iterate +over keys in a safe and typed way. They all share the same API, the only difference being +that ``KeySet`` returns a different type of `Iterator` because `KeySet` only deals with keys. + +:::note + +Every collection shares the same `Iterator` semantics. + +::: + +Let's have a look at the `Map.Iterate` method: + +```go +func (m Map[K, V]) Iterate(ctx context.Context, ranger Ranger[K]) (Iterator[K, V], error) +``` + +It accepts a `collections.Ranger[K]`, which is an API that instructs map on how to iterate over keys. +As always we don't need to implement anything here as `collections` already provides some generic `Ranger` implementers +that expose all you need to work with ranges. + +### Example + +We have a `collections.Map` that maps accounts using `uint64` IDs. + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts collections.Map[uint64, authtypes.BaseAccount] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewMap(sb, AccountsPrefix, "accounts", collections.Uint64Key, codec.CollValue[authtypes.BaseAccount](cdc)), + } +} + +func (k Keeper) GetAllAccounts(ctx sdk.Context) ([]authtypes.BaseAccount, error) { + // passing a nil Ranger equals to: iterate over every possible key + iter, err := k.Accounts.Iterate(ctx, nil) + if err != nil { + return nil, err + } + accounts, err := iter.Values() + if err != nil { + return nil, err + } + + return accounts, err +} + +func (k Keeper) IterateAccountsBetween(ctx sdk.Context, start, end uint64) ([]authtypes.BaseAccount, error) { + // The collections.Range API offers a lot of capabilities + // like defining where the iteration starts or ends. + rng := new(collections.Range[uint64]). + StartInclusive(start). + EndExclusive(end). + Descending() + + iter, err := k.Accounts.Iterate(ctx, rng) + if err != nil { + return nil, err + } + accounts, err := iter.Values() + if err != nil { + return nil, err + } + + return accounts, nil +} + +func (k Keeper) IterateAccounts(ctx sdk.Context, do func(id uint64, acc authtypes.BaseAccount) (stop bool)) error { + iter, err := k.Accounts.Iterate(ctx, nil) + if err != nil { + return err + } + defer iter.Close() + + for ; iter.Valid(); iter.Next() { + kv, err := iter.KeyValue() + if err != nil { + return err + } + + if do(kv.Key, kv.Value) { + break + } + } + return nil +} +``` + +Let's analyse each method in the example and how it makes use of the `Iterate` and the returned `Iterator` API. + +#### GetAllAccounts + +In `GetAllAccounts` we pass to our `Iterate` a nil `Ranger`. This means that the returned `Iterator` will include +all the existing keys within the collection. + +Then we use some the `Values` method from the returned `Iterator` API to collect all the values into a slice. + +`Iterator` offers other methods such as `Keys()` to collect only the keys and not the values and `KeyValues` to collect +all the keys and values. + + +#### IterateAccountsBetween + +Here we make use of the `collections.Range` helper to specialise our range. +We make it start in a point through `StartInclusive` and end in the other with `EndExclusive`, then +we instruct it to report us results in reverse order through `Descending` + +Then we pass the range instruction to `Iterate` and get an `Iterator`, which will contain only the results +we specified in the range. + +Then we use again th `Values` method of the `Iterator` to collect all the results. + +`collections.Range` also offers a `Prefix` API which is not appliable to all keys types, +for example uint64 cannot be prefix because it is of constant size, but a `string` key +can be prefixed. + +#### IterateAccounts + +Here we showcase how to lazily collect values from an Iterator. + +:::note + +`Keys/Values/KeyValues` fully consume and close the `Iterator`, here we need to explicitly do a `defer iterator.Close()` call. + +::: + +`Iterator` also exposes a `Value` and `Key` method to collect only the current value or key, if collecting both is not needed. + +:::note + +For this `callback` pattern, collections expose a `Walk` API. + +::: + +## Composite keys + +So far we've worked only with simple keys, like `uint64`, the account address, etc. +There are some more complex cases in, which we need to deal with composite keys. + +A key is composite when it is composed of multiple keys, for example bank balances as stored as the composite key +`(AccAddress, string)` where the first part is the address holding the coins and the second part is the denom. + +Example, let's say address `BOB` holds `10atom,15osmo`, this is how it is stored in state: + +``` +(bob, atom) => 10 +(bob, osmos) => 15 +``` + +Now this allows to efficiently get a specific denom balance of an address, by simply `getting` `(address, denom)`, or getting all the balances +of an address by prefixing over `(address)`. + +Let's see now how we can work with composite keys using collections. + +### Example + +In our example we will show-case how we can use collections when we are dealing with balances, similar to bank, +a balance is a mapping between `(address, denom) => math.Int` the composite key in our case is `(address, denom)`. + +## Instantiation of a composite key collection + +```go +package collections + +import ( + "cosmossdk.io/collections" + "cosmossdk.io/math" + storetypes "cosmossdk.io/store/types" + sdk "github.com/cosmos/cosmos-sdk/types" +) + + +var BalancesPrefix = collections.NewPrefix(1) + +type Keeper struct { + Schema collections.Schema + Balances collections.Map[collections.Pair[sdk.AccAddress, string], math.Int] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Balances: collections.NewMap( + sb, BalancesPrefix, "balances", + collections.PairKeyCodec(sdk.AccAddressKey, collections.StringKey), + math.IntValue, + ), + } +} +``` + +#### The Map Key definition + +First of all we can see that in order to define a composite key of two elements we use the `collections.Pair` type: +````go +collections.Map[collections.Pair[sdk.AccAddress, string], math.Int] +```` + +`collections.Pair` defines a key composed of two other keys, in our case the first part is `sdk.AccAddress`, the second +part is `string`. + +#### The Key Codec instantiation + +The arguments to instantiate are always the same, the only thing that changes is how we instantiate +the ``KeyCodec``, since this key is composed of two keys we use `collections.PairKeyCodec`, which generates +a `KeyCodec` composed of two key codecs. The first one will encode the first part of the key, the second one will +encode the second part of the key. + + +### Working with composite key collections + +Let's expand on the example we used before: + +````go +var BalancesPrefix = collections.NewPrefix(1) + +type Keeper struct { + Schema collections.Schema + Balances collections.Map[collections.Pair[sdk.AccAddress, string], math.Int] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Balances: collections.NewMap( + sb, BalancesPrefix, "balances", + collections.PairKeyCodec(sdk.AccAddressKey, collections.StringKey), + math.IntValue, + ), + } +} + +func (k Keeper) SetBalance(ctx sdk.Context, address sdk.AccAddress, denom string, amount math.Int) error { + key := collections.Join(address, denom) + return k.Balances.Set(ctx, key, amount) +} + +func (k Keeper) GetBalance(ctx sdk.Context, address sdk.AccAddress, denom string) (math.Int, error) { + return k.Balances.Get(ctx, collections.Join(address, denom)) +} + +func (k Keeper) GetAllAddressBalances(ctx sdk.Context, address sdk.AccAddress) (sdk.Coins, error) { + balances := sdk.NewCoins() + + rng := collections.NewPrefixedPairRange[sdk.AccAddress, string](address) + + iter, err := k.Balances.Iterate(ctx, rng) + if err != nil { + return nil, err + } + + kvs, err := iter.KeyValues() + if err != nil { + return nil, err + } + + for _, kv := range kvs { + balances = balances.Add(sdk.NewCoin(kv.Key.K2(), kv.Value)) + } + return balances, nil +} + +func (k Keeper) GetAllAddressBalancesBetween(ctx sdk.Context, address sdk.AccAddress, startDenom, endDenom string) (sdk.Coins, error) { + rng := collections.NewPrefixedPairRange[sdk.AccAddress, string](address). + StartInclusive(startDenom). + EndInclusive(endDenom) + + iter, err := k.Balances.Iterate(ctx, rng) + if err != nil { + return nil, err + } + ... +} +```` + +#### SetBalance + +As we can see here we're setting the balance of an address for a specific denom. +We use the `collections.Join` function to generate the composite key. +`collections.Join` returns a `collections.Pair` (which is the key of our `collections.Map`) + +`collections.Pair` contains the two keys we have joined, it also exposes two methods: `K1` to fetch the 1st part of the +key and `K2` to fetch the second part. + +As always, we use the `collections.Map.Set` method to map the composite key to our value (`math.Int`in this case) + +#### GetBalance + +To get a value in composite key collection, we simply use `collections.Join` to compose the key. + +#### GetAllAddressBalances + +We use `collections.PrefixedPairRange` to iterate over all the keys starting with the provided address. +Concretely the iteration will report all the balances belonging to the provided address. + +The first part is that we instantiate a `PrefixedPairRange`, which is a `Ranger` implementer aimed to help +in `Pair` keys iterations. + +```go + rng := collections.NewPrefixedPairRange[sdk.AccAddress, string](address) +``` + +As we can see here we're passing the type parameters of the `collections.Pair` because golang type inference +with respect to generics is not as permissive as other languages, so we need to explitly say what are the types of the pair key. + +#### GetAllAddressesBalancesBetween + +This showcases how we can further specialise our range to limit the results further, by specifying +the range between the second part of the key (in our case the denoms, which are strings). + +## IndexedMap + +`collections.IndexedMap` is a collection that uses under the hood a `collections.Map`, and has a struct, which contains the indexes that we need to define. + +### Example + +Let's say we have an `auth.BaseAccount` struct which looks like the following: + +```go +type BaseAccount struct { + AccountNumber uint64 `protobuf:"varint,3,opt,name=account_number,json=accountNumber,proto3" json:"account_number,omitempty"` + Sequence uint64 `protobuf:"varint,4,opt,name=sequence,proto3" json:"sequence,omitempty"` +} +``` + +First of all, when we save our accounts in state we map them using a primary key `sdk.AccAddress`. +If it were to be a `collections.Map` it would be `collections.Map[sdk.AccAddres, authtypes.BaseAccount]`. + +Then we also want to be able to get an account not only by its `sdk.AccAddress`, but also by its `AccountNumber`. + +So we can say we want to create an `Index` that maps our `BaseAccount` to its `AccountNumber`. + +We also know that this `Index` is unique. Unique means that there can only be one `BaseAccount` that maps to a specific +`AccountNumber`. + +First of all, we start by defining the object that contains our index: + +```go +var AccountsNumberIndexPrefix = collections.NewPrefix(1) + +type AccountsIndexes struct { + Number *indexes.Unique[uint64, sdk.AccAddress, authtypes.BaseAccount] +} + +func (a AccountsIndexes) IndexesList() []collections.Index[sdk.AccAddress, authtypes.BaseAccount] { + return []collections.Index[sdk.AccAddress, authtypes.BaseAccount]{a.Number} +} + +func NewAccountIndexes(sb *collections.SchemaBuilder) AccountsIndexes { + return AccountsIndexes{ + Number: indexes.NewUnique( + sb, AccountsNumberIndexPrefix, "accounts_by_number", + collections.Uint64Key, sdk.AccAddressKey, + func(_ sdk.AccAddress, v authtypes.BaseAccount) (uint64, error) { + return v.AccountNumber, nil + }, + ), + } +} +``` + +We create an `AccountIndexes` struct which contains a field: `Number`. This field represents our `AccountNumber` index. +`AccountNumber` is a field of `authtypes.BaseAccount` and it's a `uint64`. + +Then we can see in our `AccountIndexes` struct the `Number` field is defined as: + +```go +*indexes.Unique[uint64, sdk.AccAddress, authtypes.BaseAccount] +``` + +Where the first type parameter is `uint64`, which is the field type of our index. +The second type parameter is the primary key `sdk.AccAddress` +And the third type parameter is the actual object we're storing `authtypes.BaseAccount`. + +Then we implement a function called `IndexesList` on our `AccountIndexes` struct, this will be used +by the `IndexedMap` to keep the underlying map in sync with the indexes, in our case `Number`. +This function just needs to return the slice of indexes contained in the struct. + +Then we create a `NewAccountIndexes` function that instantiates and returns the `AccountsIndexes` struct. + +The function takes a `SchemaBuilder`. Then we instantiate our `indexes.Unique`, let's analyse the arguments we pass to +`indexes.NewUnique`. + +#### Instantiating a `indexes.Unique` + +The first three arguments, we already know them, they are: `SchemaBuilder`, `Prefix` which is our index prefix (the partition +where index keys relationship for the `Number` index will be maintained), and the human name for the `Number` index. + +The second argument is a `collections.Uint64Key` which is a key codec to deal with `uint64` keys, we pass that because +the key we're trying to index is a `uint64` key (the account number), and then we pass as fifth argument the primary key codec, +which in our case is `sdk.AccAddress` (remember: we're mapping `sdk.AccAddress` => `BaseAccount`). + +Then as last parameter we pass a function that: given the `BaseAccount` returns its `AccountNumber`. + +After this we can proceed instantiating our `IndexedMap`. + +```go +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts *collections.IndexedMap[sdk.AccAddress, authtypes.BaseAccount, AccountsIndexes] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewIndexedMap( + sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollValue[authtypes.BaseAccount](cdc), + NewAccountIndexes(sb), + ), + } +} +``` + +As we can see here what we do, for now, is the same thing as we did for `collections.Map`. +We pass it the `SchemaBuilder`, the `Prefix` where we plan to store the mapping between `sdk.AccAddress` and `authtypes.BaseAccount`, +the human name and the respective `sdk.AccAddress` key codec and `authtypes.BaseAccount` value codec. + +Then we pass the instantiation of our `AccountIndexes` through `NewAccountIndexes`. + +Full example: + +```go +package docs + +import ( + "cosmossdk.io/collections" + "cosmossdk.io/collections/indexes" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsNumberIndexPrefix = collections.NewPrefix(1) + +type AccountsIndexes struct { + Number *indexes.Unique[uint64, sdk.AccAddress, authtypes.BaseAccount] +} + +func (a AccountsIndexes) IndexesList() []collections.Index[sdk.AccAddress, authtypes.BaseAccount] { + return []collections.Index[sdk.AccAddress, authtypes.BaseAccount]{a.Number} +} + +func NewAccountIndexes(sb *collections.SchemaBuilder) AccountsIndexes { + return AccountsIndexes{ + Number: indexes.NewUnique( + sb, AccountsNumberIndexPrefix, "accounts_by_number", + collections.Uint64Key, sdk.AccAddressKey, + func(_ sdk.AccAddress, v authtypes.BaseAccount) (uint64, error) { + return v.AccountNumber, nil + }, + ), + } +} + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts *collections.IndexedMap[sdk.AccAddress, authtypes.BaseAccount, AccountsIndexes] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewIndexedMap( + sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollValue[authtypes.BaseAccount](cdc), + NewAccountIndexes(sb), + ), + } +} +``` + +### Working with IndexedMaps + +Whilst instantiating `collections.IndexedMap` is tedious, working with them is extremely smooth. + +Let's take the full example, and expand it with some use-cases. + +```go +package docs + +import ( + "cosmossdk.io/collections" + "cosmossdk.io/collections/indexes" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsNumberIndexPrefix = collections.NewPrefix(1) + +type AccountsIndexes struct { + Number *indexes.Unique[uint64, sdk.AccAddress, authtypes.BaseAccount] +} + +func (a AccountsIndexes) IndexesList() []collections.Index[sdk.AccAddress, authtypes.BaseAccount] { + return []collections.Index[sdk.AccAddress, authtypes.BaseAccount]{a.Number} +} + +func NewAccountIndexes(sb *collections.SchemaBuilder) AccountsIndexes { + return AccountsIndexes{ + Number: indexes.NewUnique( + sb, AccountsNumberIndexPrefix, "accounts_by_number", + collections.Uint64Key, sdk.AccAddressKey, + func(_ sdk.AccAddress, v authtypes.BaseAccount) (uint64, error) { + return v.AccountNumber, nil + }, + ), + } +} + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts *collections.IndexedMap[sdk.AccAddress, authtypes.BaseAccount, AccountsIndexes] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewIndexedMap( + sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollValue[authtypes.BaseAccount](cdc), + NewAccountIndexes(sb), + ), + } +} + +func (k Keeper) CreateAccount(ctx sdk.Context, addr sdk.AccAddress) error { + nextAccountNumber := k.getNextAccountNumber() + + newAcc := authtypes.BaseAccount{ + AccountNumber: nextAccountNumber, + Sequence: 0, + } + + return k.Accounts.Set(ctx, addr, newAcc) +} + +func (k Keeper) RemoveAccount(ctx sdk.Context, addr sdk.AccAddress) error { + return k.Accounts.Remove(ctx, addr) +} + +func (k Keeper) GetAccountByNumber(ctx sdk.Context, accNumber uint64) (sdk.AccAddress, authtypes.BaseAccount, error) { + accAddress, err := k.Accounts.Indexes.Number.MatchExact(ctx, accNumber) + if err != nil { + return nil, authtypes.BaseAccount{}, err + } + + acc, err := k.Accounts.Get(ctx, accAddress) + return accAddress, acc, nil +} + +func (k Keeper) GetAccountsByNumber(ctx sdk.Context, startAccNum, endAccNum uint64) ([]authtypes.BaseAccount, error) { + rng := new(collections.Range[uint64]). + StartInclusive(startAccNum). + EndInclusive(endAccNum) + + iter, err := k.Accounts.Indexes.Number.Iterate(ctx, rng) + if err != nil { + return nil, err + } + + return indexes.CollectValues(ctx, k.Accounts, iter) +} + + +func (k Keeper) getNextAccountNumber() uint64 { + return 0 +} +``` + +## Collections with interfaces as values + +Although cosmos-sdk is shifting away from the usage of interface registry, there are still some places where it is used. +In order to support old code, we have to support collections with interface values. + +The generic `codec.CollValue` is not able to handle interface values, so we need to use a special type `codec.CollValueInterface`. +`codec.CollValueInterface` takes a `codec.BinaryCodec` as an argument, and uses it to marshal and unmarshal values as interfaces. +The `codec.CollValueInterface` lives in the `codec` package, whose import path is `github.com/cosmos/cosmos-sdk/codec`. + +### Instantiating Collections with interface values + +In order to instantiate a collection with interface values, we need to use `codec.CollValueInterface` instead of `codec.CollValue`. + +```go +package example + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts *collections.Map[sdk.AccAddress, sdk.AccountI] +} + +func NewKeeper(cdc codec.BinaryCodec, storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewMap( + sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollInterfaceValue[sdk.AccountI](cdc), + ), + } +} + +func (k Keeper) SaveBaseAccount(ctx sdk.Context, account authtypes.BaseAccount) error { + return k.Accounts.Set(ctx, account.GetAddress(), account) +} + +func (k Keeper) SaveModuleAccount(ctx sdk.Context, account authtypes.ModuleAccount) error { + return k.Accounts.Set(ctx, account.GetAddress(), account) +} + +func (k Keeper) GetAccount(ctx sdk.context, addr sdk.AccAddress) (sdk.AccountI, error) { + return k.Accounts.Get(ctx, addr) +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/packages/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/packages/README.md new file mode 100644 index 00000000..d7a115b2 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/packages/README.md @@ -0,0 +1,39 @@ +--- +sidebar_position: 0 +--- + +# Packages + +The Cosmos SDK is a collection of Go modules. This section provides documentation on various packages that can used when developing a Cosmos SDK chain. +It lists all standalone Go modules that are part of the Cosmos SDK. + +:::tip +For more information on SDK modules, see the [SDK Modules](https://docs.cosmos.network/main/modules) section. +For more information on SDK tooling, see the [Tooling](https://docs.cosmos.network/main/tooling) section. +::: + +## Core + +* [Core](https://pkg.go.dev/cosmossdk.io/core) - Core library defining SDK interfaces ([ADR-063](https://docs.cosmos.network/main/architecture/adr-063-core-module-api)) +* [API](https://pkg.go.dev/cosmossdk.io/api) - API library containing generated SDK Pulsar API +* [Store](https://pkg.go.dev/cosmossdk.io/store) - Implementation of the Cosmos SDK store + +## State Management + +* [Collections](./02-collections.md) - State management library +* [ORM](./03-orm.md) - State management library + +## Automation + +* [Depinject](./01-depinject.md) - Dependency injection framework +* [Client/v2](https://pkg.go.dev/cosmossdk.io/client/v2) - Library powering [AutoCLI](https://docs.cosmos.network/main/core/autocli) + +## Utilities + +* [Log](https://pkg.go.dev/cosmossdk.io/log) - Logging library +* [Errors](https://pkg.go.dev/cosmossdk.io/errors) - Error handling library +* [Math](https://pkg.go.dev/cosmossdk.io/math) - Math library for SDK arithmetic operations + +## Example + +* [SimApp](https://pkg.go.dev/cosmossdk.io/simapp) - SimApp is **the** sample Cosmos SDK chain. This package should not be imported in your application. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/packages/_category_.json b/copy-of-sdk-versioned_docs/version-0.50/build/packages/_category_.json new file mode 100644 index 00000000..5ed885eb --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/packages/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Packages", + "position": 4, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/rfc/PROCESS.md b/copy-of-sdk-versioned_docs/version-0.50/build/rfc/PROCESS.md new file mode 100644 index 00000000..a34af226 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/rfc/PROCESS.md @@ -0,0 +1,62 @@ +# RFC Creation Process + +1. Copy the `rfc-template.md` file. Use the following filename pattern: `rfc-next_number-title.md` +2. Create a draft Pull Request if you want to get an early feedback. +3. Make sure the context and a solution is clear and well documented. +4. Add an entry to a list in the [README](./README.md) file. +5. Create a Pull Request to propose a new ADR. + +## What is an RFC? + +An RFC is a sort of async whiteboarding session. It is meant to replace the need for a distributed team to come together to make a decision. Currently, the Cosmos SDK team and contributors are distributed around the world. The team conducts working groups to have a synchronous discussion and an RFC can be used to capture the discussion for a wider audience to better understand the changes that are coming to the software. + +The main difference the Cosmos SDK is defining as a differentiation between RFC and ADRs is that one is to come to consensus and circulate information about a potential change or feature. An ADR is used if there is already consensus on a feature or change and there is not a need to articulate the change coming to the software. An ADR will articulate the changes and have a lower amount of communication . + +## RFC life cycle + +RFC creation is an **iterative** process. An RFC is meant as a distributed colloboration session, it may have many comments and is usually the bi-product of no working group or synchornous communication + +1. Proposals could start with a new GitHub Issue, be a result of existing Issues or a discussion. + +2. An RFC doesn't have to arrive to `main` with an _accepted_ status in a single PR. If the motivation is clear and the solution is sound, we SHOULD be able to merge it and keep a _proposed_ status. It's preferable to have an iterative approach rather than long, not merged Pull Requests. + +3. If a _proposed_ RFC is merged, then it should clearly document outstanding issues either in the RFC document notes or in a GitHub Issue. + +4. The PR SHOULD always be merged. In the case of a faulty RFC, we still prefer to merge it with a _rejected_ status. The only time the RFC SHOULD NOT be merged is if the author abandons it. + +5. Merged RFCs SHOULD NOT be pruned. + +6. If there is consensus and enough feedback then the RFC can be accepted. + +> Note: An RFC is written when there is no working group or team session on the problem. RFC's are meant as a distributed white boarding session. If there is a working group on the proposal there is no need to have an RFC as there is synchornous whiteboarding going on. + +### RFC status + +Status has two components: + +```text +{CONSENSUS STATUS} +``` + +#### Consensus Status + +```text +DRAFT -> PROPOSED -> LAST CALL yyyy-mm-dd -> ACCEPTED | REJECTED -> SUPERSEDED by ADR-xxx + \ | + \ | + v v + ABANDONED +``` + +* `DRAFT`: [optional] an ADR which is work in progress, not being ready for a general review. This is to present an early work and get an early feedback in a Draft Pull Request form. +* `PROPOSED`: an ADR covering a full solution architecture and still in the review - project stakeholders haven't reached an agreed yet. +* `LAST CALL `: [optional] clear notify that we are close to accept updates. Changing a status to `LAST CALL` means that social consensus (of Cosmos SDK maintainers) has been reached and we still want to give it a time to let the community react or analyze. +* `ACCEPTED`: ADR which will represent a currently implemented or to be implemented architecture design. +* `REJECTED`: ADR can go from PROPOSED or ACCEPTED to rejected if the consensus among project stakeholders will decide so. +* `SUPERSEEDED by ADR-xxx`: ADR which has been superseded by a new ADR. +* `ABANDONED`: the ADR is no longer pursued by the original authors. + +## Language used in RFC + +* The background/goal should be written in the present tense. +* Avoid using a first, personal form. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/rfc/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/rfc/README.md new file mode 100644 index 00000000..8b8ead24 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/rfc/README.md @@ -0,0 +1,38 @@ +--- +sidebar_position: 1 +--- + +# Requests for Comments + +A Request for Comments (RFC) is a record of discussion on an open-ended topic +related to the design and implementation of the Cosmos SDK, for which no +immediate decision is required. + +The purpose of an RFC is to serve as a historical record of a high-level +discussion that might otherwise only be recorded in an ad-hoc way (for example, +via gists or Google docs) that are difficult to discover for someone after the +fact. An RFC _may_ give rise to more specific architectural _decisions_ for +the Cosmos SDK, but those decisions must be recorded separately in +[Architecture Decision Records (ADR)](../architecture). + +As a rule of thumb, if you can articulate a specific question that needs to be +answered, write an ADR. If you need to explore the topic and get input from +others to know what questions need to be answered, an RFC may be appropriate. + +## RFC Content + +An RFC should provide: + +* A **changelog**, documenting when and how the RFC has changed. +* An **abstract**, briefly summarizing the topic so the reader can quickly tell + whether it is relevant to their interest. +* Any **background** a reader will need to understand and participate in the + substance of the discussion (links to other documents are fine here). +* The **discussion**, the primary content of the document. + +The [rfc-template.md](./rfc-template.md) file includes placeholders for these +sections. + +## Table of Contents + +* [RFC-001: Tx Validation](./rfc-001-tx-validation.md) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/rfc/_category_.json b/copy-of-sdk-versioned_docs/version-0.50/build/rfc/_category_.json new file mode 100644 index 00000000..a5712bda --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/rfc/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "RFC", + "position": 7, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc-001-tx-validation.md b/copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc-001-tx-validation.md new file mode 100644 index 00000000..923e1c72 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc-001-tx-validation.md @@ -0,0 +1,25 @@ +# RFC 001: Transaction Validation + +## Changelog + +* 2023-03-12: Proposed + +## Background + +Transation Validation is crucial to a functioning state machine. Within the Cosmos SDK there are two validation flows, one is outside the message server and the other within. The flow outside of the message server is the `ValidateBasic` function. It is called in the antehandler on both `CheckTx` and `DeliverTx`. There is an overhead and sometimes duplication of validation within these two flows. This extra validation provides an additional check before entering the mempool. + +With the deprecation of [`GetSigners`](https://github.com/cosmos/cosmos-sdk/issues/11275) we have the optionality to remove [sdk.Msg](https://github.com/cosmos/cosmos-sdk/blob/16a5404f8e00ddcf8857c8a55dca2f7c109c29bc/types/tx_msg.go#L16) and the `ValidateBasic` function. + +With the separation of CometBFT and Cosmos-SDK, there is a lack of control of what transactions get broadcasted and included in a block. This extra validation in the antehandler is meant to help in this case. In most cases the transaction is or should be simulated against a node for validation. With this flow transactions will be treated the same. + +## Proposal + +The acceptance of this RFC would move validation within `ValidateBasic` to the message server in modules, update tutorials and docs to remove mention of using `ValidateBasic` in favour of handling all validation for a message where it is executed. + +We can and will still support the `Validatebasic` function for users and provide an extension interface of the function once `sdk.Msg` is depreacted. + +> Note: This is how messages are handled in VMs like Ethereum and CosmWasm. + +### Consequences + +The consequence of updating the transaction flow is that transaction that may have failed before with the `ValidateBasic` flow will now be included in a block and fees charged. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc-template.md b/copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc-template.md new file mode 100644 index 00000000..417a795d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc-template.md @@ -0,0 +1,83 @@ +# RFC {RFC-NUMBER}: {TITLE} + +## Changelog + +* {date}: {changelog} + +## Background + +> The next section is the "Background" section. This section should be at least two paragraphs and can take up to a whole +> page in some cases. The guiding goal of the background section is: as a newcomer to this project (new employee, team +> transfer), can I read the background section and follow any links to get the full context of why this change is +> necessary? +> +> If you can't show a random engineer the background section and have them acquire nearly full context on the necessity +> for the RFC, then the background section is not full enough. To help achieve this, link to prior RFCs, discussions, and +> more here as necessary to provide context so you don't have to simply repeat yourself. + + +## Proposal + +> The next required section is "Proposal" or "Goal". Given the background above, this section proposes a solution. +> This should be an overview of the "how" for the solution, but for details further sections will be used. + + +## Abandoned Ideas (Optional) + +> As RFCs evolve, it is common that there are ideas that are abandoned. Rather than simply deleting them from the +> document, you should try to organize them into sections that make it clear they're abandoned while explaining why they +> were abandoned. +> +> When sharing your RFC with others or having someone look back on your RFC in the future, it is common to walk the same +> path and fall into the same pitfalls that we've since matured from. Abandoned ideas are a way to recognize that path +> and explain the pitfalls and why they were abandoned. + +## Descision + +> This section describes alternative designs to the chosen design. This section +> is important and if an adr does not have any alternatives then it should be +> considered that the ADR was not thought through. + +## Consequences (optional) + +> This section describes the resulting context, after applying the decision. All +> consequences should be listed here, not just the "positive" ones. A particular +> decision may have positive, negative, and neutral consequences, but all of them +> affect the team and project in the future. + +### Backwards Compatibility + +> All ADRs that introduce backwards incompatibilities must include a section +> describing these incompatibilities and their severity. The ADR must explain +> how the author proposes to deal with these incompatibilities. ADR submissions +> without a sufficient backwards compatibility treatise may be rejected outright. + +### Positive + +> {positive consequences} + +### Negative + +> {negative consequences} + +### Neutral + +> {neutral consequences} + + + +### References + +> Links to external materials needed to follow the discussion may be added here. +> +> In addition, if the discussion in a request for comments leads to any design +> decisions, it may be helpful to add links to the ADR documents here after the +> discussion has settled. + +## Discussion + +> This section contains the core of the discussion. +> +> There is no fixed format for this section, but ideally changes to this +> section should be updated before merging to reflect any discussion that took +> place on the PR that made those changes. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc/PROCESS.md b/copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc/PROCESS.md new file mode 100644 index 00000000..a34af226 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc/PROCESS.md @@ -0,0 +1,62 @@ +# RFC Creation Process + +1. Copy the `rfc-template.md` file. Use the following filename pattern: `rfc-next_number-title.md` +2. Create a draft Pull Request if you want to get an early feedback. +3. Make sure the context and a solution is clear and well documented. +4. Add an entry to a list in the [README](./README.md) file. +5. Create a Pull Request to propose a new ADR. + +## What is an RFC? + +An RFC is a sort of async whiteboarding session. It is meant to replace the need for a distributed team to come together to make a decision. Currently, the Cosmos SDK team and contributors are distributed around the world. The team conducts working groups to have a synchronous discussion and an RFC can be used to capture the discussion for a wider audience to better understand the changes that are coming to the software. + +The main difference the Cosmos SDK is defining as a differentiation between RFC and ADRs is that one is to come to consensus and circulate information about a potential change or feature. An ADR is used if there is already consensus on a feature or change and there is not a need to articulate the change coming to the software. An ADR will articulate the changes and have a lower amount of communication . + +## RFC life cycle + +RFC creation is an **iterative** process. An RFC is meant as a distributed colloboration session, it may have many comments and is usually the bi-product of no working group or synchornous communication + +1. Proposals could start with a new GitHub Issue, be a result of existing Issues or a discussion. + +2. An RFC doesn't have to arrive to `main` with an _accepted_ status in a single PR. If the motivation is clear and the solution is sound, we SHOULD be able to merge it and keep a _proposed_ status. It's preferable to have an iterative approach rather than long, not merged Pull Requests. + +3. If a _proposed_ RFC is merged, then it should clearly document outstanding issues either in the RFC document notes or in a GitHub Issue. + +4. The PR SHOULD always be merged. In the case of a faulty RFC, we still prefer to merge it with a _rejected_ status. The only time the RFC SHOULD NOT be merged is if the author abandons it. + +5. Merged RFCs SHOULD NOT be pruned. + +6. If there is consensus and enough feedback then the RFC can be accepted. + +> Note: An RFC is written when there is no working group or team session on the problem. RFC's are meant as a distributed white boarding session. If there is a working group on the proposal there is no need to have an RFC as there is synchornous whiteboarding going on. + +### RFC status + +Status has two components: + +```text +{CONSENSUS STATUS} +``` + +#### Consensus Status + +```text +DRAFT -> PROPOSED -> LAST CALL yyyy-mm-dd -> ACCEPTED | REJECTED -> SUPERSEDED by ADR-xxx + \ | + \ | + v v + ABANDONED +``` + +* `DRAFT`: [optional] an ADR which is work in progress, not being ready for a general review. This is to present an early work and get an early feedback in a Draft Pull Request form. +* `PROPOSED`: an ADR covering a full solution architecture and still in the review - project stakeholders haven't reached an agreed yet. +* `LAST CALL `: [optional] clear notify that we are close to accept updates. Changing a status to `LAST CALL` means that social consensus (of Cosmos SDK maintainers) has been reached and we still want to give it a time to let the community react or analyze. +* `ACCEPTED`: ADR which will represent a currently implemented or to be implemented architecture design. +* `REJECTED`: ADR can go from PROPOSED or ACCEPTED to rejected if the consensus among project stakeholders will decide so. +* `SUPERSEEDED by ADR-xxx`: ADR which has been superseded by a new ADR. +* `ABANDONED`: the ADR is no longer pursued by the original authors. + +## Language used in RFC + +* The background/goal should be written in the present tense. +* Avoid using a first, personal form. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc/README.md new file mode 100644 index 00000000..8b8ead24 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc/README.md @@ -0,0 +1,38 @@ +--- +sidebar_position: 1 +--- + +# Requests for Comments + +A Request for Comments (RFC) is a record of discussion on an open-ended topic +related to the design and implementation of the Cosmos SDK, for which no +immediate decision is required. + +The purpose of an RFC is to serve as a historical record of a high-level +discussion that might otherwise only be recorded in an ad-hoc way (for example, +via gists or Google docs) that are difficult to discover for someone after the +fact. An RFC _may_ give rise to more specific architectural _decisions_ for +the Cosmos SDK, but those decisions must be recorded separately in +[Architecture Decision Records (ADR)](../architecture). + +As a rule of thumb, if you can articulate a specific question that needs to be +answered, write an ADR. If you need to explore the topic and get input from +others to know what questions need to be answered, an RFC may be appropriate. + +## RFC Content + +An RFC should provide: + +* A **changelog**, documenting when and how the RFC has changed. +* An **abstract**, briefly summarizing the topic so the reader can quickly tell + whether it is relevant to their interest. +* Any **background** a reader will need to understand and participate in the + substance of the discussion (links to other documents are fine here). +* The **discussion**, the primary content of the document. + +The [rfc-template.md](./rfc-template.md) file includes placeholders for these +sections. + +## Table of Contents + +* [RFC-001: Tx Validation](./rfc-001-tx-validation.md) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc/_category_.json b/copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc/_category_.json new file mode 100644 index 00000000..a5712bda --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "RFC", + "position": 7, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc/rfc-001-tx-validation.md b/copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc/rfc-001-tx-validation.md new file mode 100644 index 00000000..923e1c72 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc/rfc-001-tx-validation.md @@ -0,0 +1,25 @@ +# RFC 001: Transaction Validation + +## Changelog + +* 2023-03-12: Proposed + +## Background + +Transation Validation is crucial to a functioning state machine. Within the Cosmos SDK there are two validation flows, one is outside the message server and the other within. The flow outside of the message server is the `ValidateBasic` function. It is called in the antehandler on both `CheckTx` and `DeliverTx`. There is an overhead and sometimes duplication of validation within these two flows. This extra validation provides an additional check before entering the mempool. + +With the deprecation of [`GetSigners`](https://github.com/cosmos/cosmos-sdk/issues/11275) we have the optionality to remove [sdk.Msg](https://github.com/cosmos/cosmos-sdk/blob/16a5404f8e00ddcf8857c8a55dca2f7c109c29bc/types/tx_msg.go#L16) and the `ValidateBasic` function. + +With the separation of CometBFT and Cosmos-SDK, there is a lack of control of what transactions get broadcasted and included in a block. This extra validation in the antehandler is meant to help in this case. In most cases the transaction is or should be simulated against a node for validation. With this flow transactions will be treated the same. + +## Proposal + +The acceptance of this RFC would move validation within `ValidateBasic` to the message server in modules, update tutorials and docs to remove mention of using `ValidateBasic` in favour of handling all validation for a message where it is executed. + +We can and will still support the `Validatebasic` function for users and provide an extension interface of the function once `sdk.Msg` is depreacted. + +> Note: This is how messages are handled in VMs like Ethereum and CosmWasm. + +### Consequences + +The consequence of updating the transaction flow is that transaction that may have failed before with the `ValidateBasic` flow will now be included in a block and fees charged. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc/rfc-template.md b/copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc/rfc-template.md new file mode 100644 index 00000000..417a795d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/rfc/rfc/rfc-template.md @@ -0,0 +1,83 @@ +# RFC {RFC-NUMBER}: {TITLE} + +## Changelog + +* {date}: {changelog} + +## Background + +> The next section is the "Background" section. This section should be at least two paragraphs and can take up to a whole +> page in some cases. The guiding goal of the background section is: as a newcomer to this project (new employee, team +> transfer), can I read the background section and follow any links to get the full context of why this change is +> necessary? +> +> If you can't show a random engineer the background section and have them acquire nearly full context on the necessity +> for the RFC, then the background section is not full enough. To help achieve this, link to prior RFCs, discussions, and +> more here as necessary to provide context so you don't have to simply repeat yourself. + + +## Proposal + +> The next required section is "Proposal" or "Goal". Given the background above, this section proposes a solution. +> This should be an overview of the "how" for the solution, but for details further sections will be used. + + +## Abandoned Ideas (Optional) + +> As RFCs evolve, it is common that there are ideas that are abandoned. Rather than simply deleting them from the +> document, you should try to organize them into sections that make it clear they're abandoned while explaining why they +> were abandoned. +> +> When sharing your RFC with others or having someone look back on your RFC in the future, it is common to walk the same +> path and fall into the same pitfalls that we've since matured from. Abandoned ideas are a way to recognize that path +> and explain the pitfalls and why they were abandoned. + +## Descision + +> This section describes alternative designs to the chosen design. This section +> is important and if an adr does not have any alternatives then it should be +> considered that the ADR was not thought through. + +## Consequences (optional) + +> This section describes the resulting context, after applying the decision. All +> consequences should be listed here, not just the "positive" ones. A particular +> decision may have positive, negative, and neutral consequences, but all of them +> affect the team and project in the future. + +### Backwards Compatibility + +> All ADRs that introduce backwards incompatibilities must include a section +> describing these incompatibilities and their severity. The ADR must explain +> how the author proposes to deal with these incompatibilities. ADR submissions +> without a sufficient backwards compatibility treatise may be rejected outright. + +### Positive + +> {positive consequences} + +### Negative + +> {negative consequences} + +### Neutral + +> {neutral consequences} + + + +### References + +> Links to external materials needed to follow the discussion may be added here. +> +> In addition, if the discussion in a request for comments leads to any design +> decisions, it may be helpful to add links to the ADR documents here after the +> discussion has settled. + +## Discussion + +> This section contains the core of the discussion. +> +> There is no fixed format for this section, but ideally changes to this +> section should be updated before merging to reflect any discussion that took +> place on the PR that made those changes. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/spec/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/spec/README.md new file mode 100644 index 00000000..91f347a8 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/spec/README.md @@ -0,0 +1,25 @@ +--- +sidebar_position: 1 +--- + +# Specifications + +This directory contains specifications for the modules of the Cosmos SDK as well as Interchain Standards (ICS) and other specifications. + +Cosmos SDK applications hold this state in a Merkle store. Updates to +the store may be made during transactions and at the beginning and end of every +block. + +## Cosmos SDK specifications + +* [Store](./store) - The core Merkle store that holds the state. +* [Bech32](./addresses/bech32.md) - Address format for Cosmos SDK applications. + +## Modules specifications + +Go the [module directory](https://docs.cosmos.network/main/modules) + +## CometBFT + +For details on the underlying blockchain and p2p protocols, see +the [CometBFT specification](https://github.com/cometbft/cometbft/tree/main/spec). diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/spec/SPEC_MODULE.md b/copy-of-sdk-versioned_docs/version-0.50/build/spec/SPEC_MODULE.md new file mode 100644 index 00000000..1b5e5d5d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/spec/SPEC_MODULE.md @@ -0,0 +1,60 @@ +# Specification of Modules + +This file intends to outline the common structure for specifications within +this directory. + +## Tense + +For consistency, specs should be written in passive present tense. + +## Pseudo-Code + +Generally, pseudo-code should be minimized throughout the spec. Often, simple +bulleted-lists which describe a function's operations are sufficient and should +be considered preferable. In certain instances, due to the complex nature of +the functionality being described pseudo-code may the most suitable form of +specification. In these cases use of pseudo-code is permissible, but should be +presented in a concise manner, ideally restricted to only the complex +element as a part of a larger description. + +## Common Layout + +The following generalized `README` structure should be used to breakdown +specifications for modules. The following list is nonbinding and all sections are optional. + +* `# {Module Name}` - overview of the module +* `## Concepts` - describe specialized concepts and definitions used throughout the spec +* `## State` - specify and describe structures expected to marshalled into the store, and their keys +* `## State Transitions` - standard state transition operations triggered by hooks, messages, etc. +* `## Messages` - specify message structure(s) and expected state machine behaviour(s) +* `## Begin Block` - specify any begin-block operations +* `## End Block` - specify any end-block operations +* `## Hooks` - describe available hooks to be called by/from this module +* `## Events` - list and describe event tags used +* `## Client` - list and describe CLI commands and gRPC and REST endpoints +* `## Params` - list all module parameters, their types (in JSON) and examples +* `## Future Improvements` - describe future improvements of this module +* `## Tests` - acceptance tests +* `## Appendix` - supplementary details referenced elsewhere within the spec + +### Notation for key-value mapping + +Within `## State` the following notation `->` should be used to describe key to +value mapping: + +```text +key -> value +``` + +to represent byte concatenation the `|` may be used. In addition, encoding +type may be specified, for example: + +```text +0x00 | addressBytes | address2Bytes -> amino(value_object) +``` + +Additionally, index mappings may be specified by mapping to the `nil` value, for example: + +```text +0x01 | address2Bytes | addressBytes -> nil +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/spec/SPEC_STANDARD.md b/copy-of-sdk-versioned_docs/version-0.50/build/spec/SPEC_STANDARD.md new file mode 100644 index 00000000..3608b365 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/spec/SPEC_STANDARD.md @@ -0,0 +1,121 @@ +# What is an SDK standard? + +An SDK standard is a design document describing a particular protocol, standard, or feature expected to be used by the Cosmos SDK. A SDK standard should list the desired properties of the standard, explain the design rationale, and provide a concise but comprehensive technical specification. The primary author is responsible for pushing the proposal through the standardization process, soliciting input and support from the community, and communicating with relevant stakeholders to ensure (social) consensus. + +## Sections + +A SDK standard consists of: + +* a synopsis, +* overview and basic concepts, +* technical specification, +* history log, and +* copyright notice. + +All top-level sections are required. References should be included inline as links, or tabulated at the bottom of the section if necessary. Included sub-sections should be listed in the order specified below. + +### Table Of Contents + +Provide a table of contents at the top of the file to assist readers. + +### Synopsis + +The document should include a brief (~200 word) synopsis providing a high-level description of and rationale for the specification. + +### Overview and basic concepts + +This section should include a motivation sub-section and a definitions sub-section if required: + +* *Motivation* - A rationale for the existence of the proposed feature, or the proposed changes to an existing feature. +* *Definitions* - A list of new terms or concepts utilized in the document or required to understand it. + +### System model and properties + +This section should include an assumptions sub-section if any, the mandatory properties sub-section, and a dependencies sub-section. Note that the first two sub-section are are tightly coupled: how to enforce a property will depend directly on the assumptions made. This sub-section is important to capture the interactions of the specified feature with the "rest-of-the-world", i.e., with other features of the ecosystem. + +* *Assumptions* - A list of any assumptions made by the feature designer. It should capture which features are used by the feature under specification, and what do we expect from them. +* *Properties* - A list of the desired properties or characteristics of the feature specified, and expected effects or failures when the properties are violated. In case it is relevant, it can also include a list of properties that the feature does not guarantee. +* *Dependencies* - A list of the features that use the feature under specification and how. + +### Technical specification + +This is the main section of the document, and should contain protocol documentation, design rationale, required references, and technical details where appropriate. +The section may have any or all of the following sub-sections, as appropriate to the particular specification. The API sub-section is especially encouraged when appropriate. + +* *API* - A detailed description of the features's API. +* *Technical Details* - All technical details including syntax, diagrams, semantics, protocols, data structures, algorithms, and pseudocode as appropriate. The technical specification should be detailed enough such that separate correct implementations of the specification without knowledge of each other are compatible. +* *Backwards Compatibility* - A discussion of compatibility (or lack thereof) with previous feature or protocol versions. +* *Known Issues* - A list of known issues. This sub-section is specially important for specifications of already in-use features. +* *Example Implementation* - A concrete example implementation or description of an expected implementation to serve as the primary reference for implementers. + +### History + +A specification should include a history section, listing any inspiring documents and a plaintext log of significant changes. + +See an example history section [below](#history-1). + +### Copyright + +A specification should include a copyright section waiving rights via [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0). + +## Formatting + +### General + +Specifications must be written in GitHub-flavoured Markdown. + +For a GitHub-flavoured Markdown cheat sheet, see [here](https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet). For a local Markdown renderer, see [here](https://github.com/joeyespo/grip). + +### Language + +Specifications should be written in Simple English, avoiding obscure terminology and unnecessary jargon. For excellent examples of Simple English, please see the [Simple English Wikipedia](https://simple.wikipedia.org/wiki/Main_Page). + +The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in specifications are to be interpreted as described in [RFC 2119](https://tools.ietf.org/html/rfc2119). + +### Pseudocode + +Pseudocode in specifications should be language-agnostic and formatted in a simple imperative standard, with line numbers, variables, simple conditional blocks, for loops, and +English fragments where necessary to explain further functionality such as scheduling timeouts. LaTeX images should be avoided because they are difficult to review in diff form. + +Pseudocode for structs can be written in a simple language like Typescript or golang, as interfaces. + +Example Golang pseudocode struct: + +```go +type CacheKVStore interface { + cache: map[Key]Value + parent: KVStore + deleted: Key +} +``` + +Pseudocode for algorithms should be written in simple Golang, as functions. + +Example pseudocode algorithm: + +```go +func get( + store CacheKVStore, + key Key) Value { + + value = store.cache.get(Key) + if (value !== null) { + return value + } else { + value = store.parent.get(key) + store.cache.set(key, value) + return value + } +} +``` + +## History + +This specification was significantly inspired by and derived from IBC's [ICS](https://github.com/cosmos/ibc/blob/main/spec/ics-001-ics-standard/README.md), which +was in turn derived from Ethereum's [EIP 1](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-1.md). + +Nov 24, 2022 - Initial draft finished and submitted as a PR + +## Copyright + +All content herein is licensed under [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0). diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/spec/_category_.json b/copy-of-sdk-versioned_docs/version-0.50/build/spec/_category_.json new file mode 100644 index 00000000..5c2ccf7d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/spec/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Specifications", + "position": 8, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/spec/_ics/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/spec/_ics/README.md new file mode 100644 index 00000000..803e0c89 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/spec/_ics/README.md @@ -0,0 +1,3 @@ +# Cosmos ICS + +* [ICS030 - Signed Messages](./ics-030-signed-messages.md) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/spec/_ics/ics-030-signed-messages.md b/copy-of-sdk-versioned_docs/version-0.50/build/spec/_ics/ics-030-signed-messages.md new file mode 100644 index 00000000..99131490 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/spec/_ics/ics-030-signed-messages.md @@ -0,0 +1,192 @@ +# ICS 030: Cosmos Signed Messages + +>TODO: Replace with valid ICS number and possibly move to new location. + +* [Changelog](#changelog) +* [Abstract](#abstract) +* [Preliminary](#preliminary) +* [Specification](#specification) +* [Future Adaptations](#future-adaptations) +* [API](#api) +* [References](#references) + +## Status + +Proposed. + +## Changelog + +## Abstract + +Having the ability to sign messages off-chain has proven to be a fundamental aspect +of nearly any blockchain. The notion of signing messages off-chain has many +added benefits such as saving on computational costs and reducing transaction +throughput and overhead. Within the context of the Cosmos, some of the major +applications of signing such data includes, but is not limited to, providing a +cryptographic secure and verifiable means of proving validator identity and +possibly associating it with some other framework or organization. In addition, +having the ability to sign Cosmos messages with a Ledger or similar HSM device. + +A standardized protocol for hashing, signing, and verifying messages that can be +implemented by the Cosmos SDK and other third-party organizations is needed. Such a +standardized protocol subscribes to the following: + +* Contains a specification of human-readable and machine-verifiable typed structured data +* Contains a framework for deterministic and injective encoding of structured data +* Utilizes cryptographic secure hashing and signing algorithms +* A framework for supporting extensions and domain separation +* Is invulnerable to chosen ciphertext attacks +* Has protection against potentially signing transactions a user did not intend to + +This specification is only concerned with the rationale and the standardized +implementation of Cosmos signed messages. It does **not** concern itself with the +concept of replay attacks as that will be left up to the higher-level application +implementation. If you view signed messages in the means of authorizing some +action or data, then such an application would have to either treat this as +idempotent or have mechanisms in place to reject known signed messages. + +## Preliminary + +The Cosmos message signing protocol will be parameterized with a cryptographic +secure hashing algorithm `SHA-256` and a signing algorithm `S` that contains +the operations `sign` and `verify` which provide a digital signature over a set +of bytes and verification of a signature respectively. + +Note, our goal here is not to provide context and reasoning about why necessarily +these algorithms were chosen apart from the fact they are the defacto algorithms +used in CometBFT and the Cosmos SDK and that they satisfy our needs for such +cryptographic algorithms such as having resistance to collision and second +pre-image attacks, as well as being [deterministic](https://en.wikipedia.org/wiki/Hash_function#Determinism) and [uniform](https://en.wikipedia.org/wiki/Hash_function#Uniformity). + +## Specification + +CometBFT has a well established protocol for signing messages using a canonical +JSON representation as defined [here](https://github.com/cometbft/cometbft/blob/master/types/canonical.go). + +An example of such a canonical JSON structure is CometBFT's vote structure: + +```go +type CanonicalJSONVote struct { + ChainID string `json:"@chain_id"` + Type string `json:"@type"` + BlockID CanonicalJSONBlockID `json:"block_id"` + Height int64 `json:"height"` + Round int `json:"round"` + Timestamp string `json:"timestamp"` + VoteType byte `json:"type"` +} +``` + +With such canonical JSON structures, the specification requires that they include +meta fields: `@chain_id` and `@type`. These meta fields are reserved and must be +included. They are both of type `string`. In addition, fields must be ordered +in lexicographically ascending order. + +For the purposes of signing Cosmos messages, the `@chain_id` field must correspond +to the Cosmos chain identifier. The user-agent should **refuse** signing if the +`@chain_id` field does not match the currently active chain! The `@type` field +must equal the constant `"message"`. The `@type` field corresponds to the type of +structure the user will be signing in an application. For now, a user is only +allowed to sign bytes of valid ASCII text ([see here](https://github.com/cometbft/cometbft/blob/v0.37.0/libs/strings/string.go#L35-L64)). +However, this will change and evolve to support additional application-specific +structures that are human-readable and machine-verifiable ([see Future Adaptations](#futureadaptations)). + +Thus, we can have a canonical JSON structure for signing Cosmos messages using +the [JSON schema](http://json-schema.org/) specification as such: + +```json +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$id": "cosmos/signing/typeData/schema", + "title": "The Cosmos signed message typed data schema.", + "type": "object", + "properties": { + "@chain_id": { + "type": "string", + "description": "The corresponding Cosmos chain identifier.", + "minLength": 1 + }, + "@type": { + "type": "string", + "description": "The message type. It must be 'message'.", + "enum": [ + "message" + ] + }, + "text": { + "type": "string", + "description": "The valid ASCII text to sign.", + "pattern": "^[\\x20-\\x7E]+$", + "minLength": 1 + } + }, + "required": [ + "@chain_id", + "@type", + "text" + ] +} +``` + +e.g. + +```json +{ + "@chain_id": "1", + "@type": "message", + "text": "Hello, you can identify me as XYZ on keybase." +} +``` + +## Future Adaptations + +As applications can vary greatly in domain, it will be vital to support both +domain separation and human-readable and machine-verifiable structures. + +Domain separation will allow for application developers to prevent collisions of +otherwise identical structures. It should be designed to be unique per application +use and should directly be used in the signature encoding itself. + +Human-readable and machine-verifiable structures will allow end users to sign +more complex structures, apart from just string messages, and still be able to +know exactly what they are signing (opposed to signing a bunch of arbitrary bytes). + +Thus, in the future, the Cosmos signing message specification will be expected +to expand upon it's canonical JSON structure to include such functionality. + +## API + +Application developers and designers should formalize a standard set of APIs that +adhere to the following specification: + +----- + +### **cosmosSignBytes** + +Params: + +* `data`: the Cosmos signed message canonical JSON structure +* `address`: the Bech32 Cosmos account address to sign data with + +Returns: + +* `signature`: the Cosmos signature derived using signing algorithm `S` + +----- + +### Examples + +Using the `secp256k1` as the DSA, `S`: + +```javascript +data = { + "@chain_id": "1", + "@type": "message", + "text": "I hereby claim I am ABC on Keybase!" +} + +cosmosSignBytes(data, "cosmos1pvsch6cddahhrn5e8ekw0us50dpnugwnlfngt3") +> "0x7fc4a495473045022100dec81a9820df0102381cdbf7e8b0f1e2cb64c58e0ecda1324543742e0388e41a02200df37905a6505c1b56a404e23b7473d2c0bc5bcda96771d2dda59df6ed2b98f8" +``` + +## References diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/spec/addresses/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/spec/addresses/README.md new file mode 100644 index 00000000..61db3aa9 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/spec/addresses/README.md @@ -0,0 +1,3 @@ +# Addresses spec + +* [Bech32](./bech32.md) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/spec/addresses/bech32.md b/copy-of-sdk-versioned_docs/version-0.50/build/spec/addresses/bech32.md new file mode 100644 index 00000000..2c15bac6 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/spec/addresses/bech32.md @@ -0,0 +1,21 @@ +# Bech32 on Cosmos + +The Cosmos network prefers to use the Bech32 address format wherever users must handle binary data. Bech32 encoding provides robust integrity checks on data and the human readable part (HRP) provides contextual hints that can assist UI developers with providing informative error messages. + +In the Cosmos network, keys and addresses may refer to a number of different roles in the network like accounts, validators etc. + +## HRP table + +| HRP | Definition | +| ---------------- | ------------------------------------- | +| cosmos | Cosmos Account Address | +| cosmosvalcons | Cosmos Validator Consensus Address | +| cosmosvaloper | Cosmos Validator Operator Address | + +## Encoding + +While all user facing interfaces to Cosmos software should exposed Bech32 interfaces, many internal interfaces encode binary value in hex or base64 encoded form. + +To covert between other binary representation of addresses and keys, it is important to first apply the Amino encoding process before Bech32 encoding. + +A complete implementation of the Amino serialization format is unnecessary in most cases. Simply prepending bytes from this [table](https://github.com/cometbft/cometbft/blob/main/spec/blockchain/encoding.md) to the byte string payload before Bech32 encoding will sufficient for compatible representation. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/spec/fee_distribution/f1_fee_distr.pdf b/copy-of-sdk-versioned_docs/version-0.50/build/spec/fee_distribution/f1_fee_distr.pdf new file mode 100644 index 0000000000000000000000000000000000000000..b9995386957cb1be5fe5c21551b0645009063045 GIT binary patch literal 185175 zcma&sQn3}=x^TW8fI-42U!FX=@Y09J=ww8$~idyB}M3W`R z=G`Jx?A{G!m=b1l!uMa#&{)1g|78A@xvgyW?^L*-r?G5pP{*!(2Otgzxi!foSI$4B zs%B`Z-VV1$S92rx4X`?Breh2V{B~+;H^ZioL|=gzQ!qy%H|^UFD9jw#Paq<56qv~# zm!{_}8*7NUDV<{%&zANq3QADW{Jet5+&C#;_!8q&Na3iF6<}T0N&KKgPDj%y zi%U_6Gjm}aHXtP4iZHW7das7MC56Lo7};FZs!qLjjyu2KYCe$0*u(en#%z%DF`7%| z9S3V@$L~SRD)1#qIvgcpTzqegqk80yQx8vL{5=Zw!t>^6Tj{%)N|bux&~q_QkT5NS zM#wlbnGyEkjrVwU4?1p>H@|+%{<RWHV~%3?+^)f8c>ss-2ysY?m{@lo#!h9?reBcV%`O}A;n9;X zAxG?kl|b-EX`1jlWNfyeT|jWPOgUS|SDpvX%3Zeu#-miSt*05X;*B-PtH%@1(tO>I zK-u-eGCEh2Y|nF*GP>{f`L#$ZykJj~=T}@wxZMM+HXM1?=^Rn-%|=0I@>QyMN`@v!zKhmw*6#Tk~EQ@(>#(q z4mcvaYU=YBfBr+I?Sq>`>RjWd7*Wb7i~kkl2dKWC0IpJFO1RWJ)yG}u)?7_8 zOcp>;Ad{E=@y_804n%{bpsk2$wV`;-!r+Bw>+^f4)-cPULm8gByfEh2o~;TqfV*)x z0+SCFBV;zn608Ht`b`k3XK*$_nOzgcqpTS}3-CyNmZF*$iQQ7E#LmXz2(jnLz;KTD zI52Oy7@KlFnMV6w&iAU0hqO6QYeMUB5-%_hU%a+bTtFB%-Uki+$58denPI!T=`><& z=imyj!izCY&E2W%Yf^k(8Nm8o_`4y+k7vh78;AmQS=yw@PO_Kti>SOSKO{p~mAJX%ie$CvD$wULu&o9AY$U^$?1{-AQUv z=vmeNL})5$zQBe^p~_QLjyf}%G{V#$-9XgTipnslz#?mDlcW{VV)DpW z#(B5b^p5ki@Jmj$J4cO1dpXQNRqmS_jvRrLC6LJ~FadAYxYRZYlmH%%6j_3Uh$VQ= z9hPZtyAlSUrui7JyyZxM)n`dDsI(@qgCP$WhkPM29r9uxs3Ss42MN2S_tGGP)kK ze>8(|&(WJbwE9KH=8h5LoARTRS8QK1E3=@nW#^d_T_f%4C$_c(fh+?CjI%V(9UmWD^QXuw1&uK=8! z4XqnS{QQ;4w9ll<@}kLIZ4E5)2uWQ2JXJZq-ieqbWd28l_P9DUkdn3-{sC)OTC71JF!BGTs=MlEZ@uFzplFA{%DjO zujBnI7ASs5l?)pBt+s%k!&t}1Rd>?ttq3IJX}WgL4Wx^Gw(ClG8*;>16<)58L0$7i zVlZEixF3Duya;LE5}y=6$wMNX+swZBiJPW(Rf#^`+{HpSaM(KFc4QclxD`%&esFSK8=+VVf*Apylv)eo9R z8VdP7DfEU1&WQR-Qk4@=(p4ojwV%Eqg@Pad_vZkH(rFnOGkeqjZ-@VR{a<%*u>Nm= zurPCS{G!;x_~X8)IOaHxZSEs8D`RSJA&6<|qiD;8aVep$OffgG ze@C8`imgzd!uM>fyj$N15+UE>gNA45}9+a9w$CybrKb%ojPn#F#4Na1(D3VK)+@$H)5p0zZ5IxqIvBSF-Eu1}`vRvB5FleY&uHHaNq^|Lp8n zmkyu56&Ld9&FKyj41|Yxr9Thndyepm;>x(#5YY2|u}zo?Be}S45w;$an>27tPn;xH zuE$kB06Mu|P+9dRL7cjufD6_L@Y!U+pu-Cf#M;d?q7<9m)xBm)y2wf9W3w$UNlC6YMVtzm~ z1(Xi@dibTnW4oajm&yM^#u(>Q;MHcMF300+1tvmb0!GTbe$&v!EVqHDKDnY>;(GyI z;hoJ){zL>8 z@H=agJ`Vm~^m^0|B=h}nyp>8 zz1c5-3}fY|$lhZR`Ixl|+M(9WWOrBKHV4^5_fH@)2s1Q)N9Tw_uMxGHp*AAoE;8}g z(yfgUcDr3S1o|coY9h!s8zYM`--6wPa_cFjKG_iIx!X5U2TT%YSC4@EHSH@e=r-!R z{ndzfge}0li~IJ?Zl49EFdyIh#G`lp?$Uq8I;6od`mGhRF*KQ4c_wyF=M#LtXbjvE zQeMGSN?BPtW9H798C?UWJ@PWkN6^>LoQD64w6J_?fuxA@GRy8RabJ2>SG}FI;~mVK zgYTau-dEwfmxSlRc_?JxUW`a$O?LLqPWnDb-sr}ntg?3#2DtT*ykeB7|2x^N<8!Os z1g>Y1*N^$!@g(0Nm`&3rCIW(6tG-F2U=|e6JvNXC!xn3^jWYw)0N56=h~jlH&9tAT zBHuc%LiSvTN3Z^!doOEK)!(->RG6}h{0}w+qEZ1^HB&XE(MaEgMWruGOhJvADd7ka z;=uLA2Ftr7;CG~o?Rs#?+!$S)eBgc8&O1nbyNI9Dk|sj2e{BVL1Yt2yK1&~i6WD4D zZ*qR;UYtPxbh7sFJa~>yP_edr;E+!rkB>nm21)-!(@=2)&K1e<_ObiXq*1#Fiy2=N zR$*NanLm*=mzG!f1W~&iOCL4k>ZxZvu{`)m?^Y>rCTXAkJbi>Z0qDj}wp|*{&dN_? zp8^9|LGtXtA&lsly~vlgB}yYcCFBHMQ1VBpT_@cZjx&Kgh#SBRG_5$udH6{Jgm_;=WgC$Jx^1;Y&Yx(=8S(dEHzu+BJ z;X#1}&=(A{82NKdMU~EmI57lcrSqhXiK^g{9z=;+JeR0C#m*gARzIXjyAF#G-Xgvc=Yl6pQpA6-A~-fVN@+Y%AAMFBNQYR z+-kMFBiqSSQG~P2?WVT%Ctfk)%?*LQ7nLQLC+-zdZw4taS*9K*meCmk5G_igcIOXi z>p|Uaom9jMM}E96EXvqQEPSSLZ{Ka#I9IU1`(T^GWFB-+s#Pp|h)DznlX8UNa-LhS zARiOufsxPJ;h-$Rt9wg4&#DYV{mQOw5dl`VH8UD}G)*?WlM@m)64!$xx@10rzo+?06C09A~KqD{($W z(!xrY(vR+fSE`=JxGD|h>bSBm$Ma6~>EVi$%%_-CBUJ`r$JvN+b>ry^_26*>PnShr zN4tomSZ$>UG1vUNz<^t!aq6WA>0=^b`?t8*&gO8X6SqjWPTATLqfEkK8zK>AKX}^| z2JR8FW43vvIwZ zIGkh%o{L!#W*PT0bT_4>EG=(bF_K9KKeQ+U!IlU_) z3~yO7e&%+n(Ru%Bj8sw72Dz+{6Lrq;UjX3sF=w#EaMrQ`L;l1vZ(3XqJ{vV^Z<69A zV;Yuz=4@4?Qx<#wV2kOCfS8Te^eZzw;V;zG^ecb;+_m$uB0ZaN!+ zF&>Msp;@p=;g$A0EF)aNgalkL%@?s~U5S}c6O**D=pXUonnSzQ45;>L?t9nFAXp>X zd}FHz8Utp$M+WNm?gQeyLuRBz>ICo64OAQ~5qm?6ASjc4zF(*VkTJ>wnsaA| z%IVrir?W!pfa0b@j8KGWC}SU&A-OL>@#9*7--GQKK^xa*wj4p@ft`zRBMsIzaXmRT zAp5`CF7KIN9cSLjPfrZY@d>O2L!yM3-l{WIAu{GKSA|7}RQkmo6s7xnRV(8gg~vWx zkh8sQz`1qd%_NA?N=?FtFI~sAGG2Ga-ZjEP%g>aYw%8EyPYNmsDhUMW$cLflAPhX7 z=~PnPZh0XBk6=>E{pZw{UPPcke-8wAXYhJ5uD4(nF*!bShNK&B00E1M)WUq>b8-x- zmf;TJz<#(PfAu9T$4S3Cld?Mf*$*4h+2o~{D5)ZH#pCgnK4MP#`J=;Jk{4_jSNd*z}!kTt~D(q+_1n%JjI zp^_W%KbE;dKD~>A`F>3%cQ7K@t?Fx-+!cQ~6fI%alpP_+x+=sPR!NPTZqA2hP0w=UsCyRyM5C5&^nq zLooWJ#@{r^8X016r_S|zlA~#mYHtoCN6@Rdk(lHogZsnc{TfS90ePzXQf}&Xc;&+mR1oSMZ}y z3?N?mMj_CJ(Jxm?!N0)Qj{w^L-ASDPp_7=o*x3KuPHNNEaoAzU@PBK_WI(EoU8i&C z2G^w9vWG1lB-xA$(kr|O;VtH~Wlg5FLg^XsUkF>3WQo3F{}W;A$wh{^5cikov10?% z;8)RBTFIPyTX)|+m5F2_S}y%eILFmR&%s~%r^ThO=j-F&L_>h0wYY8T;)OW#k{eNC zj%;cdbs`aZ*m@2vxvf>!WqQ?_1V%B{thxAc#0+gpj_D4U{SLQf<%#S2w^=s1+VPe3 zwKu_*ny6`tbAq3zp57&|(+>GZmc^99sWw`bm$rX<>{D=-dRCCySn`EUZ(*C*<4{6RcSGU=V#es8 z0c3ua-tleqk_Y`;PtFW2(m10%&m+(uQ10DDVw^-QP)ET=JNZS;r0h?Cfn%#^3za1ye$IhRo9){_}CpxHm#YBt{Jf zGG%D(M&(LjCR{{Xgz7(DFXJT0HgzcqzeM9MRFXe7B82Fh8Ty3Q>|w7j_KCM z03yqOE#3^Ki^Do&VU-HDo&{o0v`_i-z`!G7%(QuQ3GcdRJ zR^=pO_H0_w5IUauWs`1Vf3w8I6llIyqSv!fm_O;F^V|QqMCUt%@td)8qf@|&8i0}X zthOe@ylPh}Pd|NEx|Kh+O#&@POa{s8Wri{4SN4G2HW2xvov!?2Us(2d`1~g?kkAi5 z-v8Wk?z46Ibgskr@;%n|83Ls2TG&NUfDas<0tFaT_I2J!HdH!6oqJ0RK$GHmeKr=T zAB)nhw59&uMo$S#Ar794G=KHBZahnoH}IMtvM$pn$gj@S55A6pD{wBFzIW}%Ve)89 z&Aud&Ymck(Cg{HD;p?DM8rFKd3Q}$-j@K};9fQB6o%cT&xJ5F5vyY*^sJH$`YTwbw zZ_#*4L|KoAB$C0!XFS(ai!k9t4Pnycbj&Bqz~kvR zz1t;Puk}1lUU2!`ZX?r3H?Q{&#w`=mIz%i}y(L(!LFta8UI7~QHrQp2pMqi8A1l?ASPeCi z3!5HU4`O-C<{S%ZIyMkM=#6waVK_%k@eQJBN!&~xJ9`xcYvra3Z}I8yu(kHoI)hO( z;oNsp-xjF9_$fc^%@rKw>GVvOTLjwXSrm!jWnzZWdDtP~i2xF?B$LF@7HZb=rqIHQ z?qc6*JwtX^=Jp*znj~(c@!B2N!{<0-*6Tu--aKJ8*6a#>1WkCrXqkC|>UeTK>VxZ5 z2#1V0nl&=KXRK%ugtd)%aw)Old!%7No1C&Of_~GF`Uod{{i_a*^#!!W>7q)94;Uw) zcwP}7W$9!RcF#|Z&CuY>4>dNMUqgX)s(u9pi^~xioB+7(dk9s7rUN-r)mPtc*<%6M zE-UjQNq7vMXO&ucV&J1ga;^%6#E~da2@l|AM#sfryxtx^biUs4T}We?vcJy+V%iH_ zHm1=|VWeJdj0EZbQhm5g8}*+uhF6e4#~Cz-qZx17Vpp7c_B6iHTc5xn3@K_`+}&A zIfWkoTRkK(0w3#Cal2)BsHW+%%?2M4ad;{*vP`?F5dxgoYeGxR21>>z<=>GWlQE|1 zU*oxv0s}yp6XmPLQvrHpSd%)?FO>>hd?H8CG8>;3Q^R&AJ)U7Se($rkPxQk*iFwN{?LlgmHE*UcIRmHN33Yu(6Fg}@=^?j(9P#;1i&v!KT zjoe(-<^z)7_=CJrM?wn}Auf@9!<3q*A%1YqTe3(}05Po#;aLnQW)-bKX$O(I)FdDe z3lqJB`+Mmdudu<81MTyb5A4B4>oEt;4-_ET@@CV>lyaflqFIyv&fDWYcML2=FaX9& zZe&6~n0(|Cxw)x3N#dhC3j1Ki^-J&^kY+$^TRz{Y0c_P86BSN*T)~vU*%5Vy=piuZl95I%$1~S_feS;?xosC}RM4SMEz3P-*)O3fgQ5-{V^hAYU)R{SDM`CICNK5?fDE7=d6 zg`QrF0EDjLq!#3nDGVsm`56VB4C)uIb?hl&9(z_2RuLN_Di>(gneTSGe}|9kW-`Oh zWG{yXpdMhuE#tzH_V)?IW>NxenpOg(>>7nGNlt~rp%)7MnV?3dG7kIJG=uI0y`6QC z@O%K}0QN8ZI0Us&fvM5wy!>-=2#&hzrs9q3V%WLm?+6bYxs0Fb>&rC3YMx#K7Q7EK zG*@KN!VA&9&`1h=m-W!)&_Ny7*-m<=D>qxQ}l73;f+Hjxk(?riuK z#RYH!*%7)iJ~WpR%T?s=5fMAHO6rBq0P?2s8)7{5T?b3Gj3!Gx_{X!yrEpsf7%2kA z0i8~5wPT^ftsA5yIYdlJ^laaqv}0)Hx^)&l>6><@8&NDXIk-SPoN?RC z$E9DBs{G@6qqoD7dS5s;mTdm~Hs?)zR^o-+D@Wl6qMRyRQzhEdn=WO-1vhMeBV;lD z62BTqsv0jjx1)>3UtLwoL+ejum@qWv81mU^1bYyK+8;Dg-I#d1!zjye?2r6en;3%-LgYUU7=a+i? z8W0ovn@6m!4wF)*`xGmDa;vVVcW5+g9{ zWV@{Ls@b5R?I;8a7`rXv5t#n}47vGM_cdjmiP!l71wB=n-K__RDU~Oxq_Jw_HI1>K zv%}k%yJkItvnVNdLFYHvxBj!=XtE1bRYxAFViLo&;IIp*!&m z+ZYk-YTY%0?a%A|+phjLpaa9-Epx&-9P!Nw1x-#5eGszIh6S8%2;=aZe+DkU>2!&u zW0{w8Lw6qoeL zp2&VJdqE<7Try{QVl+;Q*T8%V*!2L34|+PAlWHqkLQkg)CO#bp^@}%8o@~qB5f@gq z-f1C>4wxCot13;qS;ny6p=k)Nf!$9jSjZNy+@q{U%a4i|omb8dd?tqs zG5_D~WXQ%i&wb+&VK1VjL#NKF#UbVkhh?)?f7#tgcL)tBb1>zwMCJx4t3 zQP{IA-F)IhmU|p*S{A)YlLMm@+Ll=gSNh*pd|W~|3Z&P-?arX6{c26Co$HvpRy}Wo zlyE2WAn>h!b;{C}&%rdXPdlF3m=v1-3OHHUb=M=>Uh@!x8kA>7Bo2A^5 z2Cg^`J}QdACa_T!bbekOTuTO*y@_gNwA^?VEdw81c3F3+{<(HU) zd}>^k*X!xSE)^3TLPgW_J{*+td_lBo{z9u#Dl_=qnuij}t8BiM=w2qDCW_;27+wyO zyQ2Ljk_CyoWRSzgnMmLSu5&*J;*Uz9d_D2UI3m>!MUa)^BZm3DT$c{TYWT11*?G}o zG)M{cj&Z)wX@U~6o;*8&h^oEqpk*xV6t?_kM-9=gneEDfrT`x^F~uWzTzd~7G)K}K zDp6fIInJRn9)0W{JZiS`C+pnDza)LT&FA;#WJg~Y>K9>rgt4y~2moUUPsMNo!NAs^LSw~ST@5cIB~(nc?|rO_Zf zeS`Fj1C7EeAu1-Ln}jCDtWIzsBUx+%nUT0JQb~qK5CgssWj@*&<9|q*(edcsFX;eF z7#krbl;9lt^=w8w&noo-2ssNx4gLw6x5A@C;A%N_QF3&~+hx8H|hXoCjQ7)C3iV3D9{ zw4LO}!BZ_@WnFrn4RNmWt-r%yXz6~QRi3ri)_)SvAO>P%I_FRd9S(T{TXm$dc=Vgd zo6Jb2V(V$!mG2*RUG5-)z=>@#Q@{#&X1Iz zd?1yq#3l(!2oZH8h){#bjI1NVd^trPB0$?w)4=xYos%ZQophs`0}?bfs8M{TjsJ?8 zcbRfCPBG<4Aso#xqhOfSSGnpKie~|0W@#Ns5SQpM9fz;%2(18fv;D>VK>DuMGcz|`!)j8Qo7fv` z^yi8r8c6G`rSjVz^IL!^mfyJ##f9lm#=d;Avm9O+x#|Yq`N@ot3OtNtkp3dT@OmP6 z>$wj>$W_@AAHnz9I3uKhN4B_ZcQM&}#5PC*#A~~fH@SA5yHsX{(l`|7lu}vI93P;I z&jW{oW|!X5+annF!rTFPXLiC7M6euu#!v?1P71@QV(!k9X^s>B;;)0qI=MXCyNqRRrL z{an%&PRisy3HqxeME7@H7c%G-`nu8M+V~UEG<^Xxojuoh*ZE#dc4NcEP)oSm6x-NQ zxE^xu9?~Cz2+ez}sW1<+oY?5V_Kws0B@IZF8-#s6*Qvx~^tMQo2t>QYKl|_!HUTgC zawRPp0Tv$wPP+h8ubC$pB>9<_XHc~507NR{a{RAQesoJ&ere2{P_UNH8iAE=&e0W@ z(k%->cC?31vYmyPE$7VvF_^s4qJ5Z}@`t}JWCR|Ouu{T4pFjybN z9;AV`mSO9hsZ~AlCK+a8CX{4o&?)$GJl@^yc6)y9VRIY}4Q#taac!(7iWm*u*DSh4fcc~@;A zf_Se|VD92Hoo2LxL7-D87qPO+toXZGu_;LG6`Tk+Zdm*a8x844f=fX5b^2dn82W`b zTKfhChbwQ6JQy~C?-|^43b?`wBb*;1MWEJ8Q_ANt%Hgk2>N1{@&s%Kbu~g@8Fm|@Y zWZ+O!zV-*DqLWCqe;PRzgR`Wz~ zMyca=fUJ}Jh~l9x?nXa>rx;8KlUegHxIE2a_3zMBI**}I2`lzxJ`$*NrkKX)6R6qS zfipyFr`njjNR+Mr!LIk!!@%jI*&O!Qx?c+y8wy(iDj~9JdT0yK-GMD~~s|q34m(2Ia?1~fPos|dPl6{F5 zK|ON|C0RfJY#%q~Mhz>+)-BhgVPtI{|YfwG-=_KRd|c))@2e%jpbyO% zEEqPbS;6t(DHpHa&liri8bcJ#aJ}Z;EXjmPz4Swmx!b=zgm?Wz6U#3zfo;x>W~k&v z(NDi~Ss>hjy*$7fkXoAgSEt*wWJ{XB$Gz!zdCAIn?BP-Da(vNcQ--*bjZlykk`g7!fxJ;FL0`O8fb0QDpIHWPV~A}J$MpTio;jWTz(U6DArwC;{T zOr$tGDr?N%b;z?hq`rfHo!fmcS*Gy}=-O_S4mYbh&9CcUUkwe9@nl9uACahcbfpj} zJ1r4dGJZJ@?g43KxZz#iQD{2Jv82L_P{5L=?{$r9%1!73rE^u{;EP4+aRRGj>uWVS zqDRVFKvLhq2_(-)QiyQ$9Yhysi9^S#(32<7!BC|TKynj{an?Yz#$M3ED8J?ssd0+M zeXtj<$wj!GJ~;<5brSE7e@fSw3xHa;5vcXDvC{O{yo=3ry~Z`TPoIyx@f>EANhRk~ z8^2waw=BlVqd6_R{WE-r9nD)eiV%;frjeMtWS_
    (w`o4Ytm1lYA76?R0$v(9S0DXBH~N+}MaOrH>-A@NWd5|js$K_H|Yh;rg5&4n<8 zvEd#8-TNNip_H&lahhS5h+3|bN+pasmZB@ib6yG8{gzV6MjfrAX0~YFRm`D7H)}6! zk9v*T1^bN-s4Ldyjk6(7q}qLcIvA@*TS8WZAYZ6D$oru%TO{osj*b(fqJ8;k>r;_B z=9JnQ8M~l_Q`LE=+?)2lubhrCV#19VVb7F~T2;!9)MGKUEWM1q2`t;f5gO4n_OSQ7 zs5Ll^)Q-8gTz`*sVBRT8oy);~I%7=AqqD~5FexNMcE6ye^nKsiL+3gWu{<-M09xE_ zU{`@kTZODgQl=U()TB9iio1M)QjOUD<(KUV8*G)Au}CQxCPLnN!P@qE! za=$M(vc0oXU$#@V4>DDA`y;4m&YJXG_y%Slk@T}E#RUEpn1I;OH2PzQP;v}Ab2ViQ zl(#!Sa`lZD-L0?xsn(8al~r4UzW%0t*qX&~23=JS6xq66hBzGoUSjm>&(bB^#D4JS zyGho#g{^#o7n(N(Z0WjR`ce}S9*^N18sMvT_kq~qEz6-ZY2=Y4f@&w0LC^rw*|NKp z2~^Ac&&sN(~QYX|-4vJaAsfGpi23>}q~{(_3a(v#=n(|gN>*H%|vc0PP|K5u&4im^Dqu~> z+GAHxNeY^|`vt5ll!|=3TSW2G?b(3U=%8lIwq5Y%xV`@k$1hD3K1c$DjRJD@tOB5} zFmd~7Oqz(f%dBU<6BX;~!iivx9SgDE*HpnmvgUtq(#>w2$h!KF)*w!14)Zue zgdOYXgPpUD90?1X4S{DM2i*~YoukV++y+h->{9mzOw@)RD0mA(P~7RUJ?6PO`}QOh zwLmh~!Ng{ZfYrD#x>`7fH7`H6YQQVW^lCS!JnX6QGHJR9QnciUSBxcN(l^NIPC!em3MA(eg{#d9xmNGe8Y#a7Fo>B z{wjauKUJ`NOMB2!p_c*CgH8K20+@E1&^0_%eVJ)NAiiGP80Mc7h}JGrVRI4JbKTV`Tp4WBApB`mJVAdhziO%p*JiJd&UEU|$iDHiG)D z5+@Swb!|H*;scBeTxYzgU*Y~SN5KCH9natF@rtAnq2CIKF@bejRJRGZ?O>*+y%P_E z-~Zi6J-k>;YolnsA}C@PD`9jLaCWHkgycBRja*i=Yp1poT5&4(z8dn<|uR$yNCi)W4zJ&f~EH72i1+D{r9fzxzZYx&tlUHu-q za;2I~lo;)#b;wN}*;rU*7-sc9HTZ%iszsvPeFmTQq1M)kAh@q&dCyjha5B}2Amv3} z{l)i;-hD~&TZi)G&5H=KNWDPbE4KfH4CzA&I>mT&5aZ-#J|(DYDU2>V0^|{l;*}YI z;U;&k;!><_v8qxw)EBb;`p1~XC0IrH!$iTzF{f$1iK`wHipZQ+WGU1@1a)4HQGgko zM^Wa1;5s*+8mZ;r0?mIh!i}tDAbxcOU4%^FEZrX&Wnu=)kIu&#ez(U28hX=N7Ue?8 z6H+9X*6#+w&&X+**CKbASI=@vqLhs{amZScd8!189@-C3lR(-UE({~!yAbMy*&tY3 z!91B(V8&O&>@5-f`Z$wKSgzJQqt-3z5bhFu2s`%NkjzOVnJdb{)0u|HB*h~2C>mZ88aZ=P z-zXIs-@RPVvdds8CDOD#5)AMkeusMW>o{fOHV)hEGIF#IRWU2z@UC=Aby5-))SPd_m~Y5M_6lnc&{pJrV5EV9m=9*|Vl@F0yln!|-HA$0m9hq^)rTfuc? z^ZQ3_l&lHtbowpZM{5a9o-c>IO{8k?Em^&v&SEo=Kvc=&VLv85XE=h;4k^b42Hwx? zQ1P`8^|;!GN}tR4MLF5T)!#>pld;eoo3DZtbH;@MHm2iFg>OHDrdu;Ulv9shrFyXJ zinEnx!;}x9l8a&D`)A-!@;1@j6(4u_D#hA4W*f5@xhMnk?62Y~bGC@z8y3l$Q!yfLg>P=vFO@(=a5&Hf7$p0a!ES{y86VW7+N z%DjDhMAw*SW0VM)miSqO7rM``qlwksVOJmG*ux@*@r62Z6A6bbZJ+sK2}vMJXmg!m z^iXso55B7o{^NuA{kpFp;QuRC^#}N9C)BEx9l2%?N~Tq6gk*)QnG8U~&Vz0)Hm_Ug z3|SDIz~aMxtnP(XH9GT2E?tbC#H}jrlRwgjv`9T?&WzSFOJ5L1GtJIYhM?yo-aaQk z!OiLgM^n=%d6r>ZOtsk|=aA!nP3SqlZrySJ6n)l#ztWH)v?3BC!2pAF;!V+Kn?goq zqY;!eQ*?7Mu51!q5jFISNQuTa4R>4BVxbdb_$gDm+?TSj1YKNqiPLW=mgZVFq5YAmB{aQ_W~Je;9y26K(3ik zt}{mH5UmCYR$mdMVo-3@fYBoI=a1`(rZ z!E|(0y;BJ7)fFU}nDKM%`P=i#M1g+-FE-b=#QZQ8s^k$|-rtTe-1O^!3Fm{}m{|HJ zc*^NPK`sMY;6-F&B_qaVAd!4a%Bl`8@&3?XWBGg_(29~Z#UJOYU4q_&x#O-VQau8> ziJ^&CZN7U;C^l%dLt~Sw>XAr!U>mBQQA@F6Dq=iSB&^mvo^FWiUNJ=S<=Itzyqv-$ z#I(qKvj7W3Qs;VZIoie97vC;hwbE-F9rplF%o4sN*ebAIpj+A?SZiF0!HrjcbD);w zQ>P#y%2SifkNjW@8O!%bQK}}nF=2CnbFzvFTNP4oGy&vK2je!j!&HFjyN8p`#;ZEg zJtAa+54a0s0whs)2}sN6r11GnOP-K@@MJN(grZ3W{v7KiZ#Uy9Y>EX*8`{#r?~8R2 z*ZPf%)^VN@j5W2#SQw*6F}|`dpQ~y(Ydfl*#pevjA0krn(vNu=O25rcLeHp2u-e($ z6_X=o?sp^e#x%u09_zR)9L{IFLTv}!2EN?D)1kwT#(p&{z#XVOoSi^2#dOfWZZZ>@ zROf|*+ykPeFLNV3abtRGJn@_M98p zClJSm>VZGk4e>m>#%#IXuOcB$LT)Hgsj71*mVB3&M%*K0vs-8qahotpqsPG%4Nh$8FYxnv1#0sg`W9=7-L@LPxtsqyl#h7j6K z!_&$_U(f1f4MvJ+8b=!&&3$#_^Y!J^=j;*`$)vxW2+0ryRY}>ss8p-Fe)Jd6@~kv4 z{9Hh;fX90zs~b)tIAE)Q@kUGVQDW5A9P(?~=&!A|qx7Z@-o&rU@-HlK3m&!UW~cA0 z4VjP3fWx|rDR*={{)Eu9l|N5VvOg@Z!Vn66iHFy05Ej96z(EEO9_|CtZ^U86?x$=V z%SNUBuh}`rCiT?5virEa@M_TxHK>S2lIvD=*TQRZkJmZ<-k+hozrMA?dE@_wv2zF# z1!%H$+qP}nwr$&X-?nYrwr|_EZQIt|iFmV`KjO`1rs5*Hn^UKFu_g1=gidz@} zG71EL86EP1ID2)4l%`F0_*!iBC4;_|-@LlggDQMm*?=?ZXAi<0>WM%4kBfc|V%5dh z3tZ27tM}EJ(yQyT_!*Mi3EQd7mO1h%+da394rkn0zkSTN^Xi2e+`;J+)IYdlBXNwW zZBp@>A@fi77@hU%crBNgoUcX5D>DgFzF|{zZgVf)GMVz>0cqYel<$CM{ww z?6bg5Y6K|@_^CX)JH2GLMq!9Qw`f;3_rrXi-|~P)#Q=-|*;sXAk<$1-4^R7k`WAbl z|66`BGBEuI{l&=ee=Y-U`KP}&*${e8)oq+3V5++dcWxSNfk@H-Vghh7@hl=**HcK< z3*C}_K4zj4yQ+#gi_x=i;KGik*y+C;y&PZ3sO*wAY!+EM)^Y7raO@wd|Bf$sBM+ZX z*LJ)UhqJv~)u<$c-8R?QI_uON^1$A_*~9x$F%ZA+q*4=X9mZ9pufWNHf&aLZ4+e#) zqJej`rnuRT7VrFB&g*n{w~x%aHp>#l)T8OrtTIAI*X~)kG4a}yOEReQ(!S{U30&kj zo7xS!j;3LwRi0E;0U_VUnKo;Y8)Wg=WC)t?B572kDmR2y@XsE^ws=K1u>?P{#P&;e zEnS>}!1Tns8+DP{CqLL1ZW{rg$CgmhmL|B%F}Pc3kz4H&OfzM_%W!mH$nOl9o>+dpiuc(n^@{L*M4qhHJS&+ltV7KX zCU}TieUW&qSK~$42K-F%%*MJjZ8D|JnC{J4&t(;~xxO+yX(XlW zqYZxwtEhut)DTR6qH;QLXjAJI>fLMxd^mzc(KQ-@o4<8ZK>}3ljKZnvCPRjhery4J z#jI=`&t5P>lHgZh!LZ=GOcFJ!Ls3VZDbya%yCoZL3MtvIpA?ap^^S( z1*g>#P3OP>aoC@Hp=ruaxG(yQn~Uh@z~e6A#>3Hd8l*X%U@6qy-#ushP(%O(IfXXd z$LM8bZEEN=mD~!+Sb_w}JtDXzyp>_alS`{&EN8vwx(*KCB_j0)cTHeiG;43YRrF1=PJdo4nQ;?0>H9(=TZg}|=d1sVs>M__Tk0~(Qq z%pFW!+GDZu5rkU@)Dik0Ww=xlz{P+76YE?jmmt73ww!%)BV5=8<`id2IIDyJvk_qq zbHx>T6zxuo8rrb+SoB`CxY_TXbsE*OeO28|3EdAgtdIs2RuB#fMZXXQV`>|7inA~E zfPW;G&Ck4bRm0QZcOEIY{k(21z1PYj62S{OYu^BVxfsT1eu?+z}lZy87x}9F&mes|7ih$wrzD9MAS;q~vBjeB~I& zoPJ?dKQNH11Ic@Xwki9gGfM)U!90|jwh=qElCW4OB<|T`QgAoF~wjo%U4C<3&R7x z&fIZy8dURWkr}?=PaP`5{qYZ*fn24tu*R~YV|{QGlH+Rl<0m*N;(jZ@}K zK%pMoK8cX$_vVrv!rM%r>ui&9MqD0kW~Bbp^$(BwSpQ=66VPbdJWS`c$n=Gmtq(;+ zY4rg1rNV=P*Xk#f_+WjRD`49Tzv{rUTd=Dj)3R;5ISWW6*d(>vDUA zoJU6Uj|8Xp_t?H|z3rdrX;Ir&>gdl#ei}!nO&ce}g|)3!M#{7=+XwRZo;mhSy)XRR zJ~nhRjxCzi<0iXRHtp*+!CkYdqQp92{BfEMs5EgD9utXBASD(hq_R;1dK*PVA;#^+ zar1E&eNt>IHjl-|@=%u&g~I778j64Em9&-mCUJU(H<>?atqIVIxG{51!?zjwIRC^h zO_mQ-RhPqDxJKe;P)>~VH#Inp^Q`lB>0g!Ag78L*wQ(7VzbUxy%{*lW!K0L6txZyF zHb{-;!*CbVQ5mo0d`6J_mx-DtBSr!D>&AHR7R`fbqq|O@qPspHcrQIAqCz>c1~7f-^+Lfj?M0M9T3@y8=f9psi)pet9MqG{#{O+ zr#|Cu*U}KW7(U^DCAkh6Ng^q2MG3JWzg=JBNrG_0ItL2@K|?UqY^|X2zckf6IdBi; zJtMI{`eGXHJ_&DM&}%{5Oo|GUlBE?X6Mp*ejl`-HhX}O=Gmi_9rR34zF;jg8`e=us z+DV**!H(w?J`X|v0bPQgS$L5!8oRvDhOU(@pftLD=h z6B-$BS~ct`(hCba?x)^)fk^HzR$%FKs*=@2_s}Oulm)CgK~wjy>M9@lL4LEPz8@@e zIOdw!qj*qNKCp8<4QL=1V$g6`2_Y!aY%-B!=TVsQT z$dDSYaF2x9VdFLsqX_>|#iL!)cvvXEdLQvaz`E!Dl%$HjiFu`|^;|Cn&~N*0QHLmD zQB6yUprEe6tO~H#<(I7Hmje#eb*Cq-7yx;N`}3S6@Y4BS)0a&2-l6X36pa|!lXlO25};1C2_mQ?`7 z`L1)-UNP3?>bYC(wHxnY^^PM0!GM$-M?a}Dm=!572yC?!GD7i6!(#@BAid`x{ntM) zlacYv#b^xi;&)|AFoesaXq;G)2WDKAwHf?+Ib>oER%J(~{>&7D$g*a*Ed^`AOR#Q2W zh1$SBrK-`&AW(JMYFgG#!S(U*=R{uvgC^rYTvtr2|0{N4{0H%4W%(bX9}@v1GbaP% z|4jd-e*DjnfRUB)|0R9=|5<-AFQ5uKn=7DDhX`A`Sb?3LAn-RxT>&Enj<7cYdk91eEnT%*fcx)cgWE zf-+e#xP227{ZkVYu@a&scIP(0A8|MdQpiVVCXlU%ziAO6lQ zA@W%Zfa~w??-_oM;SgFtIkhqYt^uF~%%S72t;LY@VFh4qj3Av}-trKd1JPz?UcP8( z?Ck8O1hmP`>WkVLaEbe-7uJFDp`3s?I|5|@dntiY0$TI^${C530GDWKa(>jx1E#aL z{bLFGs`^G2Kuk`bE)I;$p`1Xv%)raX$AFWs1l|0wCx31GAl}M20ocr1e?vbb{a?*2XY<-S_rW4&t4-B-m<8zvj4{kq5XmAC|>U>@e z-cKEBuKVoV^nL}+Qr$|;dM(pC)|xEVG`arzn~?l8c%l;iBxD3-1L{;)SMzLn1H=OZ z9N8K5KX3L;?2=%?yJX7$5Ed-#Ih@b^Wr(GR-~YacTU%O{`@E z0DAkSeQuQfCSQHb!p!|N5xDsO#*{$#=I9{!zs%-eHaIn8cKJ4Z`{BLz>iqo5zTZ;( z)&>3eQ71YzG`vg8f424i#^G65TOQuW4PPF0aP-;*0KK`QU;Wfopq})R`BeziO+NNgl3vU7mG-tp=R{!xxVV7)A^3L?NZjb?eNor0xUzybezJ`I zA?t8gUl%|gq^Gd|%zUCBK1Dk^fT%P3`Q32rKB5=!djO50UjjXVs3AW@cxr#q3-|+o z`mry;Yyh-%{&4ud!YBQqNjL+=?;ySJrJsCt{%8I(*3K0_#9eBjAHlj7j9uI##knFnc z=DYefk8ajqjjjorUr_xBjbG>z`EhzD6CEE5;?!}UonDJKgIn&tnPohQ-8AdQzDaK=f)58 z3H6e=ejPn(R@Vm*pUOs78O2xGV=fq%OI*bpHaKd_eE)M=%TMw+<^S)^O4Qe;MtTCUb^9-vYA z5^AY<4F>PkSRDU?``C&nzMO1BttYK2I^%j? ze&^=&yHIS+xkxrdOtYkH-sZ$;tAO#DJ5$RnP9mlm;O8YvjDI0lnG22Rwiy*n`ZnH0 zGI&`^*k?jn&O+5dY7YsX2rLu4A_&~`^JdLMOX+TgUv;mLIvr!1?Ap-haF2_DBTsJz zyquIa;0TppwY~=<>OW9G?(eksAhJL`QvtH)B}-T41V~S!S{O(a$4@OOII9{mVb|s4 zm(uixr-+jT5>SEryFcB>6tbe=E;{K1rAtdX^3TgvsD0P%xYHHe!{qJPm;cc>kz+rY zhoTupMzch9YSA6y3Z{YFJ8 z{@yctJ@W~~-X$=ri|SkcZuq9gv=ma~coJ-hgZ!GRw8f+TMPCx!TmhIK$Q79PH%+Pi zNbOX~n$R4R2cNNc(^-S?yu%xpKY7&eK)-qbk8M0;2vwMJd_Q46`_(T{cWrv*kENXQ zvUr93>1ELJyd-hMw?!a098^ujJw9Cgd=sowB%cZSD<&6Y+t4Loe5c7_6bB& zGeFYXN!`-xK~VjJ?H37EO(8Tak`@3{xLdH9Y24JWbepCu!342%K*UO#K*Ui$d7zQr zSYLvEC2;c}i(x@pWQ}$PpGoGNin!#LQ;qv0WfT%?b?=shN&rH<9O>J{rxpyKP-1xn zh90smyNNMuA&$*IrEniHIkmDgLN*h}AhM9SrIp1u6Um%4sO==5A5=$+Tcx2m_^xSr zpr_DM;w?5D4aY~XKSO+dELM0kUwuAnV}mUjGrk^T1!$r3O8@kI5^t<;?1f^Wpx&h~ zNtChh8Zt+gTDFhkKOY^|;KI&F;IPJMm0&`L{MS=1!4B%!BbD+uxdd`XC~`UJEePn- zy@-)+ROmCz|`nUW+EPjH%y#^sv zcSCwa%0?n|S9CAho_PNmM9`9eVeBBUZwFb!7=Zv9in-^tf`tM*a0#LIp}$Y(wIFDJ zP&#qOXn+mIC_NiGrn9CR*wPCD z_;m%1q`;duM+;|UTL>k~VOIT&%7k#;v|N^Z4-vW0BMnA=Qe2}s&U~VUAicA8S`%t> zB19C=C$^e47fhX2lFAEPb!9%hwvDB%E+;5vH&H}OJ>%uCjqolDyV%fgz~9_|n;G z(gLUGEH^U0UR-e(u%ZysnbC$cb;DVm{1S26l+$i%nIh$S9gPbO_Nq&C=n--)XXMfT zXhZ%X7q0_dCd1S_hB4-tBH7Gk2se>oNX2X4y)Pzl-}WWn zfb3u>($w0q*R1FhdZV&N`+EQLLea?)R1a+=s~;b z3X0wCH+)*?!P@!x^@E$&mgfV@cqaTL$#nTlGdu2hV>(K^D2^kRWNQlO)B@1-a>W4u zr^QP`<#y9S+EUhz-GG>62d(6K6+vClMIING2>AWoM{O9t60V}{sOpJlknTas7FlSd z=a8=~E_ByqmnQ;zEF8i~7p0G=g4l}-bvehQa}1l5lIA_dP2tXD!gY#BFz;u}zWWRB zA!bz=5@Fxf6Eo?TadSC5wmD3bC^$Wx*xZv|F_tL-fcth&RtnocVer-3YGI1KYzGFi zYh_wy7EfR~#OaH-rm@wdYm(lqzrYgc)bLwj>G$@A>av zA>`c~n$CkWFu(NbqQUjil+Ri<0|A{=XQQ&`me2MqZ11;isUxq03 zqTjf2<6>JAd@sa)WphIHYy%3o9&h>wQCB(vUZ2@A|25FxKJ9P(cy zobQIOml|FgQ1`Mea}`e})9ZOydE=!4njD0rjJzHCA95EJj|XWdGpQ?!U8?UkcEILH zXICsnRTM?0_ljTOUI0;v4Y@L0y%;~yYd9#Go_fp_=q_Z1td>t!2>H)3XoQW*m z49V#Rln8=j!Dv$ddGZmMfWxD8Yl=-H{_JOa9^j{q`vrr^Rb&-SB^=JjIJj5`R9{r` z{Tbn6TB-JTxSW8$7KKmrK9?>X$)l3jVFX2J=-5!WRU)Cu#{PnX7RV3xEHZN<-{DDQ z92g~t*8H5s-Ox*fkS~@>>Q05%9XoKC5W=FfCiHVA%q6V-Z#ADalH0C-DJd#ORU|pa z$>J&zT9&>q;GP2g9`|-@dv@kMru8Z$5wt7Lni-Lw9U@LP1xeBV8XmY!tfZGj4=(g`>ruQyJkS4ArYnWIRz)K8hXUEC?vMQW(l0KVt$Du`K_KrxO;*CDfO@eYK_qar7gla@(fyO{zLji0IKaQR;qNV)^HM6swFrzgl;_;f|M=)CYrQVC|5cg`( zF5F=%_L!u3*+L_xJ) zJ)NPA^`X3s4(|t1fj=&I`O@urRlGKR@3X`7bm{70bdWTFM^qsdIv8JXo2}1)|K5gd z9ZmY$#QGexhGoVwdmDoZOeu8Sr&L`!!YDA1Y8;r>Q0>YrXBpJsbjhJr_r2rz!zvP- z{Bi2)Ll$pyn8;{&P#*Ey1tBN9a+p4RCr=JG6``{$-wOtFnX|wIzSMJIiWAQOloQ2E zLugG`I*OB*RdGRA!U2IdJrCUowL)C(jM|l^78SJA)og=C z%5=p6J1PhwjVV`_uCYr|IxV`Du#S2Bzw;}d*nE|dfiG_O4 zjJb`Hq8qf*rP6@}4blqqCsI7*mf>ZqXEr5P_)~HmDx*ZkuAbl2F!inc4_3FAfo1QH z@VPJ2Hfx3{8c8v8nVeQ4*-&=RwcS5D8;!_Sn=cuDAiPOpC?v*J20Vp*1EgWK`kU#g^=GUOY|i18k?nP@IQG-_bs^I@Ao=E;3C znziUxo$x+-6JcLOuw0`&SoZ9Hmeqh#cd-v&w(#XzKIp*}{z0f@MoV@<{K}2AYJAw` z39o@+`a}Xdl(--?1`C%wH(M(6E=2T9OwOi66-%nlcyb%TrVn z-n}GrGX^Q-=pcxGeCho-AzsC$ZVy0{ZKIh^w4R%q4P;~nS!p6BHch?nbm!8Q>4d=h z2zh5-FcU0?-F5pgRDjA^86{6`7vnGon6sw6kvPU?HePycb1NKiI68hyTMV-gB+5AqvwA-c_PIS$M7Kes5Np19uvU+gOp-TdB z7f)79nO}leDqz6L+{ksAj>-mf$1cKnx0LdorVL(hAIa68GvNk^w9B9Lj~Y-+vK#1G zDX}KY;h|IFm?X=~edk!8=E5ecupueyec;6}N3iaaXDorlZ~BE7Ti8g9Szi zux)JkqYDnsjw<$k=%I0xxJn*Vp%Zeoch?dD$6MtjpT>dfDobnUsjIDq^w+uTUt6XP zmre`r|>_dw%?ip!(149y()^9g99x#=1Elhaxcr2Rsh(rYEuEw>iX#RNXMBA1b&KUgNlx_9eYhRxg~Feu*0FqUYtr zeocKBZL+twjewmOp0;1ObzB7PnP=rw_k&N8`|88;%bKt%>Wd&J5D00)!B`thXorSd zjM7rLpX$AAr_E$*)-Y;!w?+htyd_m~cz~&q>&(ce^743Q*P&MQD3b&5Qzv3=!A4sP zpW*Vt;zkk0al)k=WsJ{j?26MHi8~0a=j8qUUIesLYJ)*E*w`sZG&kfN(hiRCe%Z+e zwlIXFIuk{3PmgW3qEuV1s2sp;kYDxzh~0XYONponU+pVG0L^#8g;6R-4F{QG8F8Qy z;hKDp)RwAdPNbC#fB9nUJJj9)!iGuJh*g3ey*nJUj3A7MEtkMdAVj_?bpl z^A2qjk!bu9yJL;ngo+>GNg@fWwqE8%S8x3kW6MMlY!`RCX2>osMMEQj-3_BuB`QuU z@5D<)j)&MOv`c%AZ<|Zv{+=}t`lrd*IQ;42*=+cYGXRc?K?dHP*0+_(&au$Io>ZE7Izxi3 z&)lffZ}M;|T#9+>vX(;z<(E6}{XSpZP*Svh1qwt7VtNv|Urro11q#eZ4h1)w-^FtO zhG%_IqgHHne4Ei2U&QA4u+vp^#ifD_ikBfO(^}q4)Zy9OjhL?8ZDiLwEr9CpzT`Z} z+&WJ&a~>2HjXEi<7085>jqA}GBlVNoCG0~mdB(K$U?!Y(;O^ZNxeN zkK+gZY1Xho_7dX)5ATt%Yi;1n+c%0jY`-9O5}}yNW5#g!)ye#_OjzF))GIroZlbK) zQ3*%Ci`pjk9|r=2?s2J&Y)2!L+5Nk)teEc;Mg7%b);Y|~6!-2btc=j0j16 zMh^(D{c1um(Wu#-F7;hCzO0Xmt{ad-gN@rT#auzOI562zkH0?U&Aqd;UeNk*t@uUS zO{Yth_==SIpdI=zd~!*;DDCmjoCe_imnsU8R3GTm9!MNgdqX&iy7awg7DDHBq9`Co z@rqXF%A}Mc=^hk3HODQ5Rop!|?bY@kF@1=ZZo+CQ>x0(Lw5C9AVcr(7Kn{rsgSJZd1z|X4 zMA>4ljW|osEo(K*2X=?0_KerA+az2m?;PsxYS03JRmb(!$pqzA0%o(T9W+ph04-Kg z#iFA2rg)~#H9Uhn6+EECAQF}KmYC|T=DhKx+`#pYrA8!IPd><|gvkh^ryd=hw!7^$ z+jS(t-Nh9jfO99iIoYz$h;@!iAJKgd-hEIo65+pSvhDP1bA3<^gcA+j0&UKlM0o1o zP?Up&3b;xZDB8(RGun%X`cDv#(MtccJbf3O|PQG~cL;^e) z4D-q_C+A%79@%Q2|LF39epQGK3N%&L+%L$#FL~)awFy5(q=rgh%+J-NBiKt~Z9mW9>8@9$5 z&_zU?O`kw&2(gaQ#k8HbYfeT8>rWLY0gdh+sO*O><47!n`N&ocK|LO_<4|}YfRst2 zwIWOHns^MQf-_gVxW$${6VPwEeY2Xi6Py|J4n?^Y$k2M*stR~HL zlHtuyBhF#jr){1;J^Rn@}74}Mb_Ikx{A-d`Ew#HsxS?GgwSf@h2uaE74T*# z-N~G_lHOzr?8csVJ~lrw@r2Rq*ZtzeV@TFA+r63)xMhkbaxZ8!LMoFMX7mf_7xEL|Fz5exzEn=h;jXYAx}F}}EGYZ$ z`DjZ-v%^eNONkH}HpVam54|AXyEF$eVp^w|pDkuVKk#jjTD~G^oKGw~3d60wR?0r5 zA2yySjuo>88QtHM2viy@g{jZMcGGae8`DteLb%L1ev6bE*Zcg(lt$ic$cAG3nVqT+ ztnSxm>J%RhzuoKMFlZ{uQ;F?5f1|W}XTBtzoPL}N0!nBYiilkn3GOrK89a_?T6G0U zp=ica>@)w@B!Vn^g&B1_zXqSQx=R|^wf7u>HzI;&=aR3HnSk%um>Dp~f4`3n?kBW8 z<_S5*vt@#_Q6n+H16hf^2q5pKnyjW;w09qi;N7Uyk$C;Ld1kbqU`Vvz6g7v^muq=i&VJ zN;oshM0b|oJCyD#HKlp)YN#6vE`Rru!zig`2zGQXc|~&vfdo(+1XTt)oUvTVD-f2d zt#!g;s8JGo(JpR<0d9gWyJ){_{dLpM?Tgj(i4^ZGQ8wtiW{CZ6t!)fk{Jgx}gFt)x z%d|Q|9u))ivKp@dhg7Yxip_--i2goZz5}sSB|Td{wf@F8(n1D4r0tolD!0QQrg9hiE2CA`}^G$wq+ zHg6;$;i}Npd4KMMdxHHXK-}pJ5cEE4NhV^JufVJ;1piyYe2j&Z^&rO`VnEfB+R1=d z8+ueT3cEbwnE&%^nKy(y-KB@J!04ORf=AOo%%Cc4L8&yIPb!&|VhCl+5uFB#@kj{3 zh-U)3^wvEbWrQRI-T@9So{cPynSFu3%c*73Du!}mKcEpac~C@=eCn6=awHcqIzgYg zh_n*uCO4HU65f^8{61SlCtmYGfW(*S-Qg)JTZ7b@Pv%p|F{q?R+k8w=$}cjgHf&K_ zTNHa(G@7~;(>c{b9toG3N3dv!8c0QQP1&GPnUY`+X_Vtfk`K0oZsWQ$EiqNfcW3}` zpk8uq!j{>m!2{!kN)OZ%Tqen&c+2GG8xVzpNagx&RAs*wQVgo!j2DE@D<0k)A-Kb< zle*xUB(9f_QYv`Bi5x#Ww{F4$XUFmKnT)a4%q3ya*RevxVuL7v9~(=>nMilAOk8LP zblay#@!(Kw%>`(r4*&aIjwbIcakZfZqp0NpP|u>nYm9JT=zwoG?=*POCZY(97_A7< ztrX@)wVVU=y{XAY^p5Jfq>~2c2w_I!CpcBac2*?jXmHMc6vy(x_3eE>|e!T2Sk6jW*g zJ3R?eDU_$|7CpGVEECjJ`2~8uG;_(Ax2SU}(243vI#f~gj4$42+6P~oZ(x6_PGZw@ zLM680SWJ1@pXj(7yjMzb#`)CM45t8Jia~$208hCJr5~yI{h5R}R9f52s$BAw1qq*` z<8Y9Ik7imu9ZY5!b<>`9S8ZDR(Aj^y4}uY+-t$e!mL`VZ)1XSPaXOn}TuCjIw`Vk5 zZ;q#yY_kf3el?JDjF5>GhW;-aniIP;%n(l#<2pN_t|4@VB)NOD6*PUy+~wb}qcw#d znWEf>C?5R$erKl-JHc(jt2#dd^24SgpWq>n4OIX7zdy@Tt+~U!TbMtz|8m^QmrZee z;A%3G?6sbBaSn1lu1$ec6etuuL;9%Zz3GXaGake4xtz>LU{ghn)`xn%R4{9Uh+ zW}++Ea*pA~yjjX(J1ZVBKSgO6CvT_3Acw=ck+KM8I2}eE`*1o?$uoqX}jg+dLxynoJQLSmnksB8t7Sj4!p9;JbWSzv59`Q&M#W2vo)Tr6bm-*#G7 zV|M}XCT?^_@5+uSjEgBXR{qsUAS*MwD5llg(J&xXcAl**bL(F;;2rNur&Yl_@yG

    J&~cnA5tbZ)11zsq74WfTi9b=OlE{M?6pnVE|@`Dm1~{{X`#cjaZR+{!v} zZg(ajuBmW2QnP-P^r}-lupm^zl+|@+aqiUat{{3`T`!=S7*k*t?JSX6aIEAyYktvN z7%`=fl}a{3z@dsZK{^5tRv+Roe>J(4NL^ilAY`j6%kR3cG}CKuOpvUdVDiN3K5!}z zEA3$^g^MqG&?dO(E8soyCyadM;KrtisFY|u>E4QT@0$5*4Bv?%4S~LHh5EwbbUFKL2Fe z4=aZ$Wl>^A_>I(D;$hR;@xoRO=2xNcf*o;9btNAe7n(s6J};GHb|!^lIROeD}JLfX4|k7Y^`Mu;i(RsxHtPsoR8I~4Bg zs(UvHonPF2D@F#+-MAi`+sEC)b4k9!#|++^IxDfdz+CJ~pc#g6$n)It{Hz7_$a~0m zMcec;*s}CdQ1?x4b<09^YlFWPh#Xc*d7;!8D7^JOh`Rsz2pFr=}&duztSCf+H<4aR*oYQG=VdLS5O z$q%aKIlLp83r1U;O~jz0@16YghIT!)t4?t~3XOUBC3>Vx4Wk?;q?Hz?LgxdVd@L^a;~m) zrt+Ibxbvw0A;NW}lv{L*7NDvuYj_6U?W11=lMv`Bu@0uenQ;}^?w!q-;C-%g?!!^= zmw3b&8T<%1CaS1E(OLSaCtVMOSjvab00BTV`OTAnux`KWxoq5#7|-=-j3TB$hhJE- z-g65+4xIF>tZQ8^YGl%fcG6>&u7p9IMpXB^+D#<4uf+uHz+F^PySSWqiUziQ1@1>E z1G!#e`{C_O9nA5WhDQN4KBza8e0U<(!|7koqYtOXqe~9<2u|98v|$+<2&_26phs(| z!y?39xP$&p+(V%H89Bx)>7o(3xTmp08OkSvUR`Pa=o!N&z)|1@(|m8bW83mO$yy%Y)I>T_+iwNQVqE70Rpm~!hy`f_W+14E4N|m z*nJPal1O^~+Ew%l4XMy3q$ify&bloD+Fp-@G@|pYN0J22O0$yQ!8`Sn=S#GjONKE3 zBl=K!IniQ?mFLO0wPrL(3(9mJFEvjaP1j!g&o$8{F)YzJsM!^RPNVcYg_H#Bf_+yb zQOG!UkNAGl^4UTkzjnNJ)471(`>r-v$#q_zzn^YAkb5~sRc=4O;U-$CErdb#t%~_S56=adx zWenslD~QX9#EX9I)WyUUgw72PIA(|pGrDxp$MEsa{6DG(f>r^mD5+d8Yng9xe9jl=OXd4)vJf-yP~K$uZjTS?dVrVTuEKZrjJ_?*wc8!rUt z5Tfu@m3W5}zKePV>rKdDO53S+geH9*ogHz;#iCo+uC>|GP8{B^T{;b$jPefNjxG;I zMJ_p>D=;dtil~r4Ig}pq((rWY%eVnspFxj$Mp9MjWT`U2PF)$IJPLY=oHg#nfFLUfdS^LS)>~hiYziQVJn2 z^mH!Tt1?=+#n2J;FU=_1;nR6ye5OwYY`F&jWrWuD;?g_DOl9Y?eTCzrD?l|Y-#wp_ zHb=m08QTd_Rb9`>uR=qipe;0d4hE}@Ed3~X&;+yk6$Hu3bfT439kzcUqb z9`T(SU98hIi|%C773OE6ct1~T7?QO7oHPnP=)qCnA;4;?SEdtnipbeIFk_SAgjmzD z9w6VF@JIwTm_^d6O-!C>OT1Gb1yO$%Q|rV#IINi2P_=f`iS6ERM5?}QWZ);$>oRqrk zLs%Zpwl4hq9U=<`z}@C${gu@xUWu3&$85})hhfU0OPl}2+pdqPk)ZeK36tTkiIzqp z7mIa$Xfh_I+gdioCRZjn0D1QJu};(ijxoq*~qmUF9lOp?jp`du7KH)qWce zU#_Y0f*)%`JC*kxVh|qDfBG$U=zt`PLWF~Ux<;qE9EwS4#YTTc-r)o4c+#5Y<?o?RmULv)z0e&jM=y)!9LZE7l`7s zkFFd$eq8xE476b)I~a}H(A`uY!Q?)^xw!nZ(57(-r{XyN`5JvtP%fx?!45$UqHf@Q zNU1(K5* zSkA1!*B{aGp(1-Opve73^(7&qUDL;(k}n?(LR*@9@|UJc+%u|~>Z5!CRL_@pc`U8# zvFdwCl$%#5@Uc7x`NFPq*M>TivRl7(xhR_T4)ZG80)kv_5T+yDq0Z{U2L;RvIsTro?(w-(XJ>ur46)CLM%Jq}SqVT#HQSONWb%-V;VF`16<-Y!;}G49&=Bss3wU}Ac^UI|Pd z9&J+tA#?MpXWgP666RrFp7+5ej0}}ApqIrNw0FWGm(J{bI#Wxk^97EEd75^39b832^0ryBFgbF={KZJ!^*x2M!`vLDoJD7P|}WG)t=3V=lh!D&$IQLx=}wzQnw2+Y6K_ zVxc!k)h_PeWI%2`7DmNE4S#7Bq6-7Fl|`!%U4y8)^nheA?-0ilQtr@^M`qZ{zYDgm zAIFyo^4fW~^{WUah~8p`N{w*#{m}G~PE@N4FH!DIvOX4HydDl!LM#g_G+tl+7h~tp zoLd*D+t{{k?%1|%+jidAwr$(C?d;e)wtc_OsXC3*xXoGX2dr5&<`|DW2%oRKNzg2p zSrr9O)!sZDmx=(2kar8Dc?UtPkR+=)4u%81`O+6r9)mCbq96MB3wB03H^^KalW#il zDPemWrSg(w-ydT3NP%BdeC$iBQDRO?R2x0s&p*mx7NqvwO3t;==R+ZM{plhg2xF9| z#qeFBW8we!4WgPw1lAMJpAL)~pvavd2Ls-q!sw3%?9rQ5gGv5yhelF{hlvwq<}d$e zFA;n>RW)2Kf4?l#K~pl9rRG@nu9PwqEN{^859ckxTk1yYuK^tKyu?IM;*#EH%+I8U zif+No|5DBLVV$!fAVW+Wkr@XZb6rR^di}UD^jhYR1BR!Ag2V&5NRxg0WSEd+brx|S z233?!#CY4;K@n3*5Dk#;mGm&5b>+LdP*&76;a%>cM@8Y#3MoyZHI`mE+$0?wRAd#S zI8LP@*7DiywS5!f%2vIl0OZ1sgaO!1PQ=RImw;Mj5?|ldOKei z$F+|i|H*%mp+*KjQ)?VgBiWWcs)9TF)lO}s9EMBK8O0W9Z5S`E3e9meOk|+3nx$y2 z0c&}{tJTI*jbHO(J>(sfYPzqu#UHQCkbW;BR`|}e9rl!OMv}jTG!2JlfaU7kIOxc} zdX4k@2E0mF7%eh@81qG2nt(5c-t3K4$jGVRg39_=R#?9T$K1Q`Rn}v`2_el)An=9K z(#ee$<3_$9kUEsW-t76;j``oLTGb#UrTV?5y@kExg6Rw&r0;IfM}3x6Je%MjOhbRZ z9+fDCip!*fkkE3X@QH_zg@rBH)$W>UHI}yz&w|a1+Qm{2Ke~?f#ozW}PP^z{#<3x~z z@LU{(8nHBu{6)%TlinFTT(pNC#VGFqp-oi}&cx z;(`g(%+1}tdG`*zOeZ-G0sVJ?SH)vSg&h7xIe(G~$LnmmX9l*}kd*JNP{puua-qxv z)ze0EWJIV+SqyTIXihEL&m^KDRU%Pa;;@bLvDylm7nR7yrQ&pGl%0zMpfG$+XT;WaBsOr2Xv(5=h=I z4uPqqjJ-$H!k@`Eu~Xb%*!6P^iNEt-zAm#J|q|kj@5+2`K%}3da7>UbT`~hdxZaNTb&xc#} z^r6EIf>3JiJ0azTt9avU#OoKrMrESDd003R3ba&R-oGny^25X1G;}tBD+9HJnUk&;?A{Q=slW2k2u;m0Hv;tMAO!f` z=#W?Fgt5nyD9*TI6uY1KQ_UN>!xu!;(_Hj$hiKSCrnA4~8$>0?pEp?knN!{Nw%Uxk zlil7EN`k0JCfptsEA>AxAGLMUCLBRD+*fG75AZ*)$w8%w02aD&Xr}BFSPEYP+>Toz zO&4lfk1_(RXy)=c5Y-fEcZk{)rRm);OD{f9Ni=MIi8yBY$;XCC^Aq_`L5(7Uv6lj3 zJ_kg%v_;J){p^V&Hkx{>jO@F(og0>w0=_x^!q+4;=d=j2d8n%1*=a0M{#B+8b0=8e z6>wvg5g~=q;Wr0iftl94VUW_Me5x*fo5h3;VUGsvXr~Zwwem6omDNyG$j2c(P5AT{ zsT^OYmC}6q{CL}xcpp5q-7J*F)Q$oO=KlK$b*Y8Xlp(i#_iW z44EKMdLNuC?^;eU7_C$Xl~akosV;88N<&|^HiwjJMA>(l0W^z{PI|~3>OOG+^1BNX z+7W0}%mMrQNa3-;hEP&oAdXf!@WI;tB6shJi;z{K(U&Th6E!{nEk0vFb7`v5nOKl> zk$TAUby(+(VMTOMShtdCXE%t#h5L5$sJlz&-)ypvyoZ9Kcvv1SR*n+`Dmu5C7f1w}97yKgq9tAzzpr`Ts9bm*f8sb(vUM zIsZq;WhP?h6Cs7@2^#P^qTC!$c!~!vjHJ zVBE!~(FW@*dF04I3jRSr-a!Msg^a$7jtCI}2|$s(Fp7{#;}t-;hYJB^^#HMvfm{d= zlm)mx2oKs`>n?76*+B0%`~$m-jEr>rb%&hb5?1=o3v3N|A! zuHYWRzXyrB@D`_MpyC3c79fP?FcRGb0(&SZG;l!&gawsVAYS(%k{>LaFQ$EnuT@+i zLdL!R;qQ}gS|qspEo@u6SXWmN(jG%7od9?^1aMyUwSBi|*As{U|~neS?!u&0<6OI))yGKX3IYf&D`T-8CTrR7Cjrg-{xpK?d*C zLyC$vu3NnU{_<OU*NWeP!Y5BBt-V|f}mhC8}LA0DRm1 zeEI}RLxjb%v3C5ZemUg!@Ghb550jF?>>pr)0KdJBgaDD8h3*LqTLv5XmjZumX`mYg zgGGE#V(gUpn_c~20(1W0Ajl60m{<`n)`Ws^{!nycOG25({v3P?sC>6i|HdEm7kxR9 z{oaP8?Cjs|S;y^t{7S&PhYa@qFbgKH&7$)GWl26^5&dkfAbnU^o+LU>_+P5(4W2P2 zi2NP;-4V@*W}ZQXSq$sc-ugb6BJ3Qj#||DwQnV|9y;?5?**^dc{E-PKptFH|8a)W2 zICelsKiVXqc_c@aa5#;k%!2&uKBhp)B0CIKm z1HvVX+F$pAfdvk5?icM(%zy%d`oWC^2~hVZWdd6G*o%l)Kmro|h7=uldPk&!1M2z- z`<+clQ-6^;1LPH4ASb#^7-H4rbQ*yzJ5bAEW6 zDcsy^d^ghBhCs z_z*y|onC!m+FyP=o3?-ZaeeVcISyEj*(e-KJG!EfF3FYf`?pwqsI{fREr7@VC}#2B zB5&?pm1_{?8qpYCg=ZA~I*m)#KmIye#Nq33)6cvSm2t{s(+xuVj1_%H(l{1<(?^;3`Y60=gaLZbn03S0t<*Tmnf8u9PN@)9a}db+NOutDQ8rLI`4D>}{L zZ6->skDuWwK$e3-Fq(Aa`q=Pcjhp($@t$w+rCIxO!pTY$n!?vHAWLDtXu0n_d5WjY zQ$ezeq)IXDVzme1d@N8jr{V$7uMU$dYe4V}W#6AFN5^YrCl*9*RG3*^0yz3fL*fQC zVo+fzytkM;9-Mku!e(hD^Q?!l5x7s>bJdnyVG@AyD;mzB*GiwK(KS`5$)EnQ8rz2! zUmAs+0TQ$LrI8`+22Li1Lkx}z?atl`Gj$mvsc~2Mt6L3uJ(&^#WHI`v&qkbpPYs(72^h*Bdg_~C z0&0vaEg*C6DmHe=jNA^?|Bxo;Y?-D+RNFkKM za1jL1KSos&oU+luG!9QiLHHm>;X2}j)Ra{8T#+WrFS!p^36y*) z13o$VF<`W>rv4lptL^v}@JmGf-HaS)#6$h6NT$I+k)8mY?u=qB-1$g;niWKFTPSD_s8?sLVsl1O5hS$nNm6UYeZb6& zXvUpktj5Mrp+P8b~{ zQ-Y%R2JBM`{1>)qS8!KOCNyLI^AgxJLk%$Om}o0dS9VfMe$JtbNtB=v@VT5`4~=NP zW`5@(mn-n*AfuFY_)C=Rf3wxjD#hDXQ>z%k<9L%f<$4QD^rzB?E)PW}VIa2- zcf}CtK@k2D9CnE-ILL>&>D%TumPvJER8s4 z^4pJTs;PDWsQGNnNa@H&m*zNGRjc$jc?|$2{`@YI1_lbDc{Ae8G0#gTdY;5+$xFjW zz;{yDaChs(z+$3pBwK}y#e5yy98L4CCaq}?nVjK6b7bnNCbOOKHWBg!pk0JXplT3# zp3{sE34jdTv9d*_&Es3(DKP`L9Q;m6WV)nZMyvfV1cdNAYtEIJK@h&`RX%n(!L7$b zXH4tH`|&r2GmAv=W${r;852LndNVAOcKxuxQ3g_4E5OObYsn3?a+%L8CYbg_6hx8NgSj4FV zTx`6PZET2cGBUTPqd$To@w6eh423kmf79tA>?rvyOQ?cm*J`Vz?^uydGNFQGCCQ0K zvio;+9e@K>2W=ZJ4SC{oG(jgQ`F_QtR378JSi!yMh-Ze*XE^cD0y~uup>Up<@)Wq# z;k>DXp*LYjdbsrOSv((u-aS#dzdaVBd;qDmoZb!Z7ZX?>q}-a^lJEiR?7^_3?G7Y6ChBZMdjF+##oGsyBQ=|vbApX6qr!=Q9n28j^I@9}xM?R(cU`&wZQt)aArj@&>a)3ZL~lW4Ryim2ib`+K$2W{4`ugEhd zD3>?9mCFY%L>4jaZDtCp)e#>#KDj6l8%JT`{{9v>yST-(RTzeiL=#ME@p3-3w;>-) z;-IG^PnS%jZ!cyZ2jOt%8h^&HwoWmVln7?!Q>rDs{btWUzqK$AwPLClq`j6T$kPA7 zdg;cX3;V=ZYo3rlFlI3LJkS$D&`xsX40VAQrhxk>A>KuEv0YAqgvRRbIDs(p;q)&oB**4Z>Zgji8^tr{0&#o`}&^J}Iw+?a5(_mOu3G)>*W<5pG($p(9h7 za2jnwybhc@-KEyQ73$T`A!Lp&To2kZL@3AFuZ))~29v+VyojxQm;`Zv>(Oi? zk@4$-t)KP|60ghTaeWD1^IZAcrFNKD(;QQeFtq zqlc~)EV43JmrId0BNe_z9z7~QZEtr90pCmd9&;gEEX9Q$aBNj{RrsWn zg?K)u@14_x4g(D)s8Ac$s)93cB^_mP)`u*>0^;#| zj3J2KKyHt}32a< z5Ga(iaj91koqH0jgG?|e@ea0ckHh9%%jycmyrbY}ZD3sx3;%QTI6;wi<4P;@Y$Rdi z%q7@tzh5eqSh{8Jgl{(TNN~i@%L2s+f++f1p5%S%R`1l{AG&mz&B0c^c9A^$j9RtgwH^EYJiNBjeqIxR$E2Njov->Iy$2cD8H>+w3t1M;G6f~!O6C9MBs-KJ zt@t%YJ!EBAUmOB!GuL@)fifu~`;DAG&Yc`F*Z-*V>B!<=t>8zv|G9chbFdr1zfNnZ z7lH33W!Muhl$QM$bTRGFh4*R7>*n2C+}g*4mMl*zg+l;dhO7-Tjdv>8gWwGsYs``C zrF88_V6~H8U$b^P0nb6uXIA&)nvh7cyu%TnFmrKipcBjn)59>)^?I)7c+U|q)7Ax0 z1;Ot>F4Zj(ClU=WZ(}|l^rmZIF>D97?9}bA4&9b|cq{_~H9}`lw9VQJZajRo!DMMp(>0 zUgT%v+<$(hd?AQ|SWSPgvP%{+m|%K3x9&Nl%tU*qZA7J+eTF(}C6`pSmw4^y(daOF zQ3}bdid}!IXte@8a_uzrOlGm*_0jQOUoc{wS06TeXCPc4qDVfc9|&&TGqED~*1^v{ zyO)W7`-5tl?ey2JhoiOPTJfccO2FVk=}rkOa&jZmiRYZ&Lx{+cD&k0#3@RrV?eUlQa>%Y7pLiGdq`&MZF(y4gTK zbSo%?#Ll z6+idLduJ(%#Es_9t{Y`oQoxL9P1skp_pBBOLZeyLzG&@1&X^uldAgJz5L?OKjFYE0 zuSGdimeU0JA2?PEg#{pNuh$+3-hFQyF?MIe2lVHsWZtrt4^(xx2AN?tjMI~;pVJH#&yg`@XaEZ}D zG<*0b`QGVvu9|3at!SYY}vgfbD&Sw*6Sbw*)vsptU2wJ@Xj=MhZMP$U25_)ah_)M3lh!LGi0f==@;*dbCQLs5-3>*$8(E~@dX-|} zjJtp_o($mRDjVufUb+b}XgO9SKc(^^<8_f@w$pa4X~}NM>Fp;u+QI?W(Go$x6XtGu zD^j;t>Mj;Al~{h^Y%G5&eDl-Vcs)qPEbNGiJ7jB^)#2pdQ6;b^`&Bcwm}27WN3pvR z?-P-%2SQ}wOcf3WR5)BtC$g&6+}c(K$tucv+r)cPolZ5-J@rlos?@Yk9@lcw{ZB`G zx-_*xn#u9&ocx{+38}JDvWDFDCoXt?fp#LB^@rjN$S%!2}Sc z2{ys?pch7%#KoE{8Qz>|zKSuBCVe~jLNgoR9(nWy4~zYs>>d0^%N6C$9$tI)4|2hn z<>`eIWDb^svMM|Q@;pibzkfxtN^HGSO{JGlsUgbF@6R3_gHz7cc30W2ZKh2PehUYQ z(gM)}?IRg){`%>}pXXTs^CEMfh#Wz7pU+Y5(Y*PN_exdxJzWyYt4xcj>N3d648tt8 zu)p@3QT#vlwhdHJrqMQ=(ddb8_tWS3jMSA%nh9Z=Yt&-jSeK5MXz}WDjlBG-OxrSP zy!>~ZD`Pb6KOIb1)Rdbp3$9kSaK@guk$sP{`w>cUSh3A!*RaDs%!f4%cbu|6C#s!; zX<`k)7~lumuj?Ck+efTYC_m<*da|AaN2h!cXZ|QHaFqH?qI6L&jJNy+%T6@l1TAk> z>k*h)7$baJ;r!^xM6!rXR8)lJ7e4yDNR#InoXBx*UQyajqb)JJj*F%~vCXUS3E`wxyS#a5|R}vd$%M zTtr9b$YWsTrqTdT^7toH^B~q9J1616{$BnS^v{nhC@6C^p?^~^|22K}CJwnT43cRT z&{SI4JNnwkb@Tks(>Xg+eH@}2NoY5uQjcq=zH#(|Cl7|N(dRb2**2!;mpSa|O^o*R zYjn&_B(VLd=sRm2rO(4kU%o>JH6#`_5XD4LotH{a8liRZ-;!`(%p{y~Bx4$#9T_(7 z_rop;!@%{k7;agmvSB#b5E>bgZVg|#^!`x8Rb!$Zznrc!h;Gs~*r)~irDfqxu3Vlj za*0{(F%fV@LPOb~zIZR+`8IPilKSxms3c4jxGzW@v)lhS#3P&09Nv6VVh`eGSd8Z4U5P2THmLgUS0hj5gFRk12L8~q zIk1wEXxpn$dutR8QP4MrY4urL<8M&YcGs~ZlBK0Bvyd~cz`Pybl)$Lqb8%zp*n19yml1 z)ZCR0S7iGRk2swvH>`J#Nsl%*Xa9)upqTl(Lc^97XVQz6d)cLT7Pgz>l;;2&bQUG8ieH#G0e!#$L(2zm&sJd$7Z6gUy{}A0!5{&8;`5R zvLS&0A#=RF(%hYu{PHaNmuGp-056LQrz9-VJvmAe(sFpE0?)McqQy7ECc%#wFJQ$)UM7O#VM1W|^2;MM4-QX6xjc8u=7)4) zl420=idu>ZsLbQ*ZUFC3+{jg1nfR4`8h7O6B?o*jx@-CnTM)iz%^QTP)A6&o@-V-E ziC}r&-8dHNPXhSme*c47iRcH)ihQq7UxU@C?`;(D& zxK|cdE(IGCrn(P_z>kyHSUm-1T|&f<#SWa>bUst&tX<9}J5q-)X%=8|gUw=cH6fln zwk*(SoZm{_j&kyq^7V;PA~e@{Fk6wcXpFi`Lx|1wH}$ZR+V_ob%rR#;Q#oB)JH+O4 zH3F4O7p#+(m@*%QXm^I++TBhPotJY1=h1o(b)YCy-M550H>8O8GDW>h`r>@e1Ui(m zq;0YC3d@<_A^?ZTe- z&g99AHBtMA0{TdTL9#2QIjehiz@pt(31#KoXZ6~3I?jLq?APW=@H!7JufwCvGosA@}}Z`nn+1@1$b+QdYfyHyrdAiF>1>L( zT%rHYM6h&L(4As{1ZXT-Z`)OLYB@#u02UkqweLt7(@vMzK(1E-m~HTNsYihp@q>z>cQHeZw7<+Qm#Y zB>0rOL*Hv(x@het08DIk@7V)`%_oWN;XAF`yZ;NmDGfxP`+nlk^TN$Vf_UK%>Kqlc zDRUc|OK7<_ox?LEuQCe$*7ahpMNeFLz@#_Fr5NZqr_s$4_3;i`h>HUVym082cnRpv zofUb>HmydnBpLG~Q_w5cG?(&Fa}YU2{$n)Ke@k8BTB?MSgH?~){~T=TBq^-V9WAD@ z+#R&k6j2ysMd2VgOiX$Bx|-oTA?* zW?7di@t^_osT0Z!Ys9(cN``wp>tm;*qyS{wBn*e%6lEx3%NVgVkH&aFH(1Va8@u>W z?iWdL0pt~Du?!<`FC+7Z9Q=6aCHhTX>*9!DI|6i9rfv%*v>%?)X$g1}_6peN7aKQh z?5F%Qule6pBlmyq`;H;`DhminZI(iB{+T2K=i@>JjT`f|NFUSa998{7a*`v?{a@sq z>;EF>?Ck9S!^)Y7IM|uk{^#_+$vG!G`~UZ`x6tIx?ISLw5$gqMky>j3)uCDJUo` zFB=tLQin)xN38w6cpe}!5THnzV6u`x!GJ$VRL_JYc*O9Ez@NhSz}!IrpN?1~*#RQh zH`oCI+}%VDk6)*Z0b7BPKuJkS`@h!+icbMV1qg;%f{-z;fu7suu0Y+OG5ZLLP|W)V z#2vStM2UGz!oq%jenEza4nmwmT5;io`;cN?KybvnNFj_P$amFd0StdZA1rKw!0>=f zFe_dO1CY0&&mqMHf!ZNFDnP;h`CcA^x`Yq`wQm56XKe!UDL`EzHoXvn`3>X`0|$T! z`GUA43P9R$8PfDQu}G@1jVtl$AFC@-Urc#?Pk9r!bDAllH)@wG;H1sm2C zeC+_;F9Qj>f(8$?zlHF7HNOQ6{4DAX>n*b5|4j8nJ9C|(W)wH&h=>RUcP@8V&5uq6 za_GqO3REb-xDF5T8eI6};v6)Dm+RMhaCSs(3KH!7F376(bG)4e_0z^Bk^sb1kkSy+ z!3lH-9`MG~0rf3yh_?^@4j<%~=>UKd_8Q^?mT$Kc3@VUM*dhc;;rNRQB1qyxBvj!K z^2?7LAP6K;0g7UX=oB^t^%Li36UO=N)Yt0|wnAtK-IGcP1@!g&ewqJVJA`-e=QW`J zyuV&^Vn%R&MKJSrKJ6DIHD&(?C?%kQN>ET!8V?F6GAa^;j4T9L=og^`G3-ZcLLi6D zNZv7Eh46V7;X;7z^M@MbMt~y(^6pl%>rUrf7--v{b_a$E!nNZYi90gdVI4Pr4IAmZQ400fML^k(q)I*6-d zr;lj2z3B^H$o}>7mCL((nd}vIJ%29rFVh3HgWPj)R2Z1961lJzY=rfzZ9= z)WAJqB>!d4_)P;L@mKgKQS>T*L7-Xk8}&^BXVL%&Zbi7N8Js!v!Ve$Gg8H*#hoPom!+o>w!zAfMNAe!bia)>gGcEujR zVlO*x5s^v*fO$L#oh*UQ^QNa^?@mg-N<&*@b;MIQ+@lUEu zUPe3yH{qarCA>!lyC#oJDWp>mNuDnU#jK7E?KN21DQzw=8{#GQ7Z{9G-kj=DctloH zYExw%&AK}FDrRu-vc?N@eVjZ&DPAL8feh%2)r482=~bKhs}cmdED^DrJ#>$-YBnU@ z_l|zWoTEy6$!UGSY%K1gorzog*S9*7cNe6~QFWAzdnGtM8tQ#Wj1F?TC{LO!3htkh zjLXLvh8At@!CrX64mE!7OYhk!#V=kou@j+OvZkB@)Yfc}1oly;&flYfD#{)dGejSs z@4P+|X}bJqewTkaQWfl-yamT9l}svhxVl<-*2cRQ+PGP3^N;D&2MyxKiPR}|1xLGN zmuI+$`*}A8wjHniQ;KpQq4m2g z-AjN5!6*ZvYi#QuG^9utg=-DgCnvQ7rZSN=7Y4bi$nU58-s4eVJ0tjDUKw}(EOOH* zY}AgqJ3fSMRLy_hFg)Yr^zm(edbNMtu3$f%xA?R#=`yH)SLO-PVvu+0(o|G&VpZhI zl(?MX1>m+J=BHDJj2`aCP=^)0Yy(dh)$OVI{~q4MGC z4%5{|IghAYbFz%zvV!_sit^PXc4VvhUy~CMHxlVGKWsAsm6($=;31CmQRwR zGzZYn@xAp(MGNU?x{1nMIVKU)+(T*sr}>rB!RcJ zz5ftb%>%0`FL+#01_g`O(iKP26mRU|d z+1$f-sL4CW2de{YFHYyh+UJU;3KbofIIxHaZ= zgPb1P{Y6}_zL3>S{EqDE&UwvF7ZEGPbZpgqsA8L>MXhH&8(_~|+gZMFi6)$U>vr+d z-x*Hg`rk1p;TqtUYm#?6vP=fjn0Ioz6TPd1Cu_C0zK=E*ypHsKcq!<85It%o(|rS3&cWEtZQ2$CY;QBaV6e< ztjw>ow!sC5?m+doE7V&>4{6k2##2;#BDJ#kO_Vb^o^=3hK50dj(tBQuSS;T6J)*&8 zWH8yPK*kwL<_}on0^D2zQKqW0bog4<^|$#N|3MwcLKMblFWEf~NKESc(|`bsHQ6yt zspYAm6eMh|P(&1&hJ3d}FvN2h`LayRH?_$j7#+W`M|cnC72kGpbrPKGg#CY=sJ_T2 z3Z>*fWZz5G{sa3L2}8b0S!Ec%8#+Ao-<1LN3qiMS-sF6mC|fD{ZY`RC(TmPr56j#e z_-c@QZnm#9I`@;D>}i8o%l#B3+yG72|M2R%8QCqBkG3BPKDYX8Cuzb^EebGL8@@Uo zcPBN=fwFcO`ieQj+cG(W^W=xbYi6jW55Nx+M|NLMmq0<@P3;=fB`-yFsYGKF-?~c$ z7Z-dsvx~5{SNQXQQbHR7-xxGO`7i~^XpCD!g`bEK~)$K}gP{XSH;LdV3J&8Wu0WaBY_+5sXBAJJ} z7A|~i&5{Qh;CZOB$H)G4hl%&dJ^$H=wmf1{@9J1*^{zznw_5P-Xf5|a%C_t7Xd3f|NK3sht#P)(8`--n_oYqNR z4W^n)!N)>CW86STceQhOQO&v~j;fd!4bBsoj|mmKV*pcRl%lV5I!v5+xZ!*8YpIK7 zqb>m*hFe&Von2FOZCH}PPog@GmF@7g7S#aji;ffQrQ`Ds7V;!#d*t}km*5ELWOsIk znxidAf`l%`U_Tb7CyavdJ=tQ!Wc`MzA^IiyaD)7#x`*E<6d_$bS7?r<*p*~-qtv9S z$R=O=(~jXJ|Cowa{hx(nr#9xKzOH5Dm@y#>egzG}L>haHbpP^VHb{ToF^lir+QT#p z;75!C@ea=cz-zY|(V?0q=F|J^Xl0>cJ2K48^Y4JkOZoz=ah~N;u>6nG;n8 z?=fZ}YXDQ0Zx4cLMyQEDG$7#=`al`z65-_@_bDFLVXnXUKfAhkp|9z%pBCB&Fb{GK zmPZ%SLa6L~Q6Ru-sRunrc*9tCno+|Z<7+8a0k(R$dcp~}YerHhydm$rIe)@Ke8W^n z{AcKvIUpBKg%Gj#W8*E7h@hORUjs(aF+7+2UF?&|czef|Bc-c)7)~s?9O3o`KFIi8pCyTblHdafpI5O%Ks=IE z*YUQBngyPj^_P{`m5f2mh2A>o?0rh2YGlOC2Cqz^<=OWu!+OtOa@_`PwrsW|8@1BR z8Y>h}Q3!jFw&@-%s6M=Abx9K`0W`WA-8I0n3jCw32A-_YN#Rzg4*h zWqD&HJ2s&g*=~RlS+l8raW_s9n1GT;69A|8q}w=ORB>N4SLgy zCg3V~nTbHV*ln~oY>ZVJ0KW3sUK&Mr z79`#%>X3Vka=@t2Dx;4XX#q`d|5Ansr+j9$B8;XXW6}^7C$S+_s)x7+okf0=(u?Lm zY{Y5+;IcP4n+~zuO&hl_Tja}T%3aCHfCX#ieQcjx*4QS)`fDJKC-FSF4EB>A$RfZ*kot~GB{sZ zSRKD7iI*YozU7T0<;HI6?^O=swvgE#Ss3LR((CzsUar}HS@f`-IZAcHaO*g+0t$5) zCKa0HEoSIjA*NQQSyxInx0C4mn>H@bf39~sr4J6kLSy4(LiDUAJdfFof4suVg01gM zs)k2$k4YZ&MrM*;w-Qcr3Q+^w*vswxT8pE=t{nixYxJ4f1wWIKt2r_j3~29>XNr56 z_gI67-tW@7?q5O-&q&aX8t z>gug^GEoE5pcyo6D7fOeR*K|ht)9YUHd(nwSW5Xz1lUvs@j!KIiROt=rEr@l7YOYU z4Y=-|xVm^R8)#j~0mSv9N~rD7X>(8w#m~`RkQ7l^T@yu9u^Ej%F1+@9+A`;(Z%G?t zgLsd#xY~^rBdGQT%7l9BbvL+JSDd{t3I1ALBNzX>j)rec@?cf%IUrQZQ*yZ%Vb@`n z9WH`_D69RAj4zjU|A(scbcNyy?}aHLCF404>2Qhc9((Mm8T7vpiX(9105>2IbVh za?Z0$DY?Sy+vg8;n$mZzt))6ys^XN}2S4XVRm96vK}@;LrD*;eqf=UV&m8JGb_NSe zDnW|bpO-*(iFz-7HKz-mRL=1#9KUJuoau|rO{`YqquimT2F+6sM7*JKT<`8une%;R z5hiT)ir|T?;cNy>1cORc1~RsrBIsrmGcA|QK|=_O5rtOV`N7JjcWOVW=8)%|nzd!U z))%JMpoXh)MsPT3wb`yQHC0?t%8{PO4e(eeRl$<5fr-(#3yAaR?r0$&WT@S1oaU#5 zuN;-Dg;H(Q&s|+wn^hPChwX6ChfVvtu_e>q&8144vjlBr-5&ojsCH9bBFpETDJJ9n z@)AOZK0|`2iJjwOJw?K)h^9={%rC}6t zDE-w1h012Zw!^j1zd$pZMpt`O_vz@GgR0zgi!XbsxB(JuzFb(z9TX34>H%ti$0fv_ zZYBX%Qfa=hW_hs5@T;%$zWZ6_5CM#rri3x)@1;9iT&psXExmd*>PPLSn`f3$UEy0k z`Fa`J4h=Dhrb^m2-~do<+Cz-AFn3J%hwqTIXlFrorPN%HfPtBnl!k6a7qLA-=XCa` zw`ugU?G&93kM2eCA^F zP9+AhmUIV&eKCU7S*WkpZ~iM&>0v&agt!^eG4qyIrof8*MEAJsJi8C+mC*Dx;8(RC0IyvUJMQRpj*Bnu3$U~)@33$KGQf4~TPc)N| zN!7k?ebG?1Jzh{SLTjU(_y~)E@j2R5S0Z(5OLr>=xD<|e1m6BvJWY01u=(8p#SOYQ zJe<#={)claED|%LR5fiovoFzcir(gM>hFoyAX8kA10wl*9EZdu`P#B!G|V{Z%EPlL2i_3#81ie6xkC zs3LcV4})Xp1&`pB;<-TavzFrHdWx3sU9Ckj0jJgKrDPH9~E0~p;2k=Rd;1) z>J^4B67ktyGbUntS+7hDEUjYRz2`*fY-{E0QR+ZwTiix(r|XqqTE8Hp`2tsXthmV5 zVN?~IBKoG8Mh28V9Z_(ygn^}!i69!bAZ_TL)mHupD<#?piQ9m{_TG*VVBe9{k!bH! z@KjvBr;72XgjRGZ?!;Uc%{X8z@%P`T*J9SrmFMX~L1j-t;^6M05v>dyxb~>HcW>74 zGGK0z=e1m5J!6SvPMLzDR?p8zTTh$;a2fp-u=W2KJBR2@y0Bfxwr$(!*tYGYV|Q%Z z&KujdZQC8&=IL|R`p@Va{F7R{X0>)zO`d(<*Og+B5S~UCQIrQ;rSS(9z+Mm3X%S|U zN+#ObRO{MfUOgA!e&jx=x}-BC%q~eN>(uk?dl$ZP1AjBGrLLs?)5(q<3ShUt&LsQe zQ`}DA537qfj_fB;>eUD0 zCdv8>fVbWj4KJ)k@N+boB$ z*HGULrqh{HUQKoXsV(zyYZ7!yWS-WN5Qcn_5XMlv`w8xELtiP=N)OMU9Kg(o@1Eon zc*Mn{m=?*$RUiIM`Q5_xf~<2$MbQe8tRb)Tx$>Fd=e5I%>Kot6>*3c5Bdtio84E3P zlXyRZN1rj14b(XGQoB|<|BIcb?4B(eSC^Q0uxF%c?vzU>bO=OrRN;iiW2JwwgnJHkv{ny2Z zOUn$e79CZkAeeIPel@1NHORHsdjh|`i3gU&X9~+vLd86_Ps4q8Nags|5JG2(+-K?7 z0Z+Zg_-81LnUA8B^etZ^4DObS<-6kXC5jz7P3ew=CM!e45{XTSTU_~h7zMdmzKnhY z{DVMY?4UDQ^KY=Nvt9@pN}*H)fnF&FQFvc+N&EpUe))gRs&2b3xO^Y9{X)Zy0y4{7 zU*CcGk8h$00rrK*TlYnqiR1q4PokZ9Qrt~Il95o5?$tvRwTQs6=a+>R#ocpOCaseZ z^mTTTY>QoX4q0xSIm{Zg=v?a+%|-b+PcMQ}IT`~&5qEMB@*vcmM3|~unR`1l1t!5S zz*TNo(3b@RPrAglUlsoC*a98GxL5r`6H*b#44_eY`}y%Jld;EC_q;|t`*=vI z+gSuK4v@VsR|%bn&S98SRkY&G^LAFQBAkas@i121&nxkZD29(ECEQd}&pT76$BG)f z+XOlY3u$YaOr=EWa_XWaz;dwidRtI@!lGUlOp+$cK?6vCUnWL)I5QriRC)DO#%W$r zU3NYimX-NAf&H`$$=Y#?*3{)zeC@prQI3E);s9P;IKO4u`kFGS#L|-?Ng=o0-$VzI zF182S7h|z_S>Z#_G6&V-`Qv`0wK`0nG=3;(rnu_8@1k18=?^?sIEr1j5`qc%ey`D# zf6JaW#%GOfI31)rJ$41o=qO?mgxzh6F3vD%^N}x7exPm*#+7EYp8!3e+_}D^b9mX3 zKv!1bX~|mORfK*X@W~DWY2^AyKEUbZnfIuDQcf9LVOrQy$eEu7pl|=;hwd>g&Q(6o z&WPH~ngCwKKge}>9<09{Se@T}jY2$n)+03>-=9qEnzr=k7tfUgEuOo;(>C_n*iw-^ z%GnY67V9v`qAK^=>%@0U@Ki{pdT&y4uk6_9yv^rf7+|cz(SPC#oNj?b9BK+v#nw1z zC3Mk>lbW`3*?)hZpVvSeH<)@Z$2l_4)DyR^n+tXUfL7o{{Qqt(!>8bE>TZ zt?zQn28~^eidi)N_YXIuNU`IxC{-+*DR|Mw1v0O@!m*fY@%uc zeeeu_NMT~v(gTOb9*?x$d3nDMPldE$+Z!wj+l0X7fX0wWlOa7j50k(0tUiko{BkU4PCR#9ES#xSI2pX)+6nXaH;(=>G~&i=7Wi`3C(q zIWGs%rUXIA)+=;`K!dVc(43*a(!Svz4)HXZjD46rt@rn-lrQWpOqKiBdd39saC(It znGt#_{kNRxQuY0jWz};5gjwNbDiUI!w*ZgV1g%o5uwmAZFvuFdOvR*iTYAkKw{Vly ziv0J)s0^*!8h-)z)$N|13hOgwmE?~0;;-|UqjHk1XY?DLHrMK68#+|AUnZOWxqsY4 zCb#wxK`7+8glFxO$s~SJ9cU2n9b`#hPa;jGP+_L!+b>2iCA>EjndTbbHU%}`N-i`+ zWFMGruJx$(J?F^YBtAI)ib_SkUqxeg-i(yZkTPi;^Tiy#0vyVVX@?#>ZZ~^P+-ha< zWwVC{md3M#yQNZwwXz_6BwEt|F8yEaaJ~fxeQ3Th0ky;uN?ByG;H>Tpx9>2nm0I<1 zi^F!>Cwp4Hz0(AxqS{N5@pTr~_fUNPJOn#hO zHFZ>`Rv?2*S*Y%x=i0u3z>DXn(_{eo{F<;9WzBQ*+Zc-J@YZRn^7ShuzT~dbK7w`u zM5@kd;ypsiD&B$ld*j&SALl+eqmJi#l9i4hLz^FrJ#szh2tGXpLZM^Ey(+-gRc2CO zKpr&q`75u{g4@hZt)aijfpRlsI>mN8CE{)qSkC#@1xL91lM)k!Q33kG`W!sc3Q^r_ zv%d*vPO$ewicI;SdO}G>p_1V+Rd%AVi=tI-)iY(DW?Ma9!0}qC&Cmgr8WAh5V-Su` zmRH9vy1jM#yjzi(1b+vmWG^L@vLA7}92r+~M&K*6Hrh92rCcZH=~dV{*EO?|n1i8= zkhAgs{kd% z_yOLC+<*L!Gzly7f2Bz{Isd;Q{hu(MnTdntzv3j!EX-V-|BuA*zYwOsfGcKQtU$o2 zRJqqHXYc*fqhBks3HloXqv%G;IJ!~m=e1$JU_{EmqPbBuwLQ#tzi@Y+eEnqHWKEIH zHhXVhXut607cb43r!)m>`X3U>GpWmSAQ1aERaB5rLiz^&`)Nvc2Kv`gX22mmo0h>if>5<{197zjXL}20e+uK_0WlyT^#5Q9>xKZa z2)fmw3#P#5fjNQ*&HpYYp3$!{#MN0-$@$?0!J@+k&JGOxr1NVBCBql0F_g(e6-0+> z1n1^AYXbWP)I^+Wh%|NKC(IPSHefg-e0fPgKwu*%L4`ZCEFPTzz6Tt-4$>s37+=XV z26NkK=8rRn{HS1U^ScQMUx(?@K7?Zk=NR~(K0F5u!B8e1^>KW7dK~5u#(e@|PF)qa zj3+4jn?wC=(;xhH_Ae0EI@b^GHQ~)}K%cxHHz++laqNsBC1YI@d>_sw5J=f%d0juR z5gkxo(z3ls9w^%VA)*UpAih6_0)$@*0@#?86^OqA{`Vr`(gOM=Tu_5hKSHmU=@0(# zS-KgZs)#r?mWUDy?aIxE#ZV*uXtCX^{)bi9i!wYcY1S{EeQkW=-3?dWZsxK>-Vl>B zzFe6UYhJpO@Zt-H&qa&I#hH`0$h7_q>006nh`8&esa` z5V8e=?J6$h{Aíw? zSI+4u^xo^&+fC9q>R=U-Jc9mD<`28^A8dAV*WuNvpQcZP;$*a;e=LTHX>h}%{Uaa; zr&}nX*Ia_nZ_Zcg5XL;W$jUNJJhOZVPSinEHvheq!dPx3% z4N7pGZ=E#xeH_32jz0_-etv#`^Gy8EF8AP_Mu$wmv4A z&0fogR^6AE0d9YQAPy4M>kInB;c)+*pNoQyx#f>bj9_ltTPqBdk2d$3LC|N6kb=xp zuj|+^E#WF(dqPY`LZH)gm`7nRoNv^9@K*=^>T>k42gX03YwOuWb(ENWDzm;o*5R}p zH$o54AZuoRQQyKKx*6qM+GqTKxoORK+D-`z?t z)%^tJfp|_4Uz1nfd*g4Q*FSsob15Eb$5rTC`~>xZcwP}-RkOYbZ_ByD1ol+;Vt)oG za~gTRfOD+^K7n%^cz%F$@4uBGPE_}o?%b7+=NpEpbD zzMZT%(`z2&MP5KHQnzf$6-Yja4yF@VZEM0@FzY#l(MNB0l??IMCkwZ4@!X&0nd{63 z8*~t5q3%IfddH;M&?szutSK(W84F0pyXROX4zKUR*VLuj*bk8D((X!jWJ6?yWrc-c0m}7kmEFb4RA3va6 zXhjicyIXOZRd?zt&SkSfPE{s<1jgr>qq{UsolH-El(<5&(bH}Ww?$oA)bBb4N@rl9 zO^O<#8EvXHTWei*4;8)rkZMBO9TE{bbEKYQhg*GPU6;-lko^?ozEe^7w()9vOG;x4AS{z0kQe&DxvE);vx*bH2cn&AvR7L5NC~((iV*FeW zJm*qKe^O`}6-y*B>UUgqo4ht(!7{&Zx;he1+8xhNL_>NKlVN(`@^@i=>f*JlTAds= zh7)F~n1ywVGWXnS*CI#B(muRNT$s^qeK9hAnBM*DFHkPuT3TGTE*Bk=tK&J4Uqzh0 zZ8L~fDjzG(B|v*u+1MLE5ukCcJ3D7JNh@bom>F7dk_8<(&^w!)?8IV(Q!8{_6IeXS z3FPP{_?;j}1aVP~vlh%TEs|58XM78hAfklON6bmWJ8PpN19~0!c%6TF&2x17GJK!+ z6?^MrFB)0NbdEVXNl@|^RW2K!x`e-CkV7J3FU8{YN>*-l{Qey4JWk66`Usl;dUk^h zkh2de7Cq@`?5e^8m+qb{7ObS0C;>8}%?T6+>|^e_hiG!xZQYgAryQiG9tUT1j~eiE zhS!WdjWj`a(JW-^-(ewvcED-h+B%Lb%f zwyoj_IzI_N{gldP=l%=@ow!$xLa}=zCyC2hlZ7Mb%y)uaA=40m&)UIwQu?^5Gj`%8 zhkH833uc@TXe-lA25d`2;(*nwI1IYp_)mwm=RhGL2V8W&z6e-4)8+S(T3k0TmW+A| zSs*1H>kXpe3-lUEj;4S~2C?lXANn@LFD!6Q$FO>CcO&UwF*FqtHOeMAbpLE*X!xo=LWIXm((lCaigh4F4sd4xk6Z&r@ zza^K@904F3Sp-eHU+>iQ(>3B1%P5+5Ym@No%GTUMEq~Urq-t5|F^zJMbK-tttA@MB zfMRH^ky3qL?IFj+JCmlz8aMUGQ{$!xywh%zu`1Q<>LvMLMMc^@fy*aZDXJDIbK zX6*mCi?G!*gS8xzLIK@55zprHB*XmW?=y8Pu>0KerW&rv$6A`D+X=CTm&;?PkJ4TA z8upx$eO&)64*Tk{$L+C9Ni==*G=HzmgqE+>51LD| zw12PE6{3j2WMwsZUi7dXQrhP?OmtCACgxp?X=WE@h`kFGz3M;X+lc#>BO)}T7&{-# z65%Vf`wdB%RIu`~7L3a@lq%a0Doz-GuX0k&#)^7(Iym91F++H<;a|8|192N8o3DNI z%+|t{o5_TA%(a*T?u=)?@nV})ug-gqN83rzyPZJk#JY7{Hri=bai{qtM!5 zuvl$|PWQABY4PBQ?-l1Ys6e`MbnmB&+9@u3n9?skpi@G`og}M9q6p`a2*|>`+!?7E zxGHyUCNSGFUTgd?pQ%zou9cWkzF%8nR}>Wv$?3)vYl1$B` zxocVFEv5w58ZZ5X(~H<$nMB*b012 zbr3!6oX44pAYy(Ut6}Zbv#-3wzf0{t{E6Q;V$unf>PQl_(R7+{0sPeI#)$4*_gVe z6wQ&PyKvFB?3MId7bc@O2t~dVlSVUj6tKZ7YwFq?TYXmA|z&1CQ zN;yG2#5KTN)1}R@FJ2K`{o6L65$`wGZ@w$)n_|{r5U`g&QzM!J@9Q6xveK8IWtYQv z37A)$)pcJTv%d`h%P`{Tb?NeLiT;^A9rww8rZP|>9*%-#zSya6zs|>MJVg);EXsXA zl0qQd@nox-HJw45D83Ouqg%hp~oW$sD>2q`RQ{X)@K%Z6PNS6M zhC8*kw_I2IQ?{tp9m_7y2DUZ2-pAq8rJsqd8GQ%bl>Krz0t+2fU355v3OeXBuF@x6 zmYaJtsp0};g{n}RI`f#{yM4vm-tRBwK0A>FB)%^BRt#b)tP@Rk6rIaL47}|gTR-@J zM}hTdq5M-f@zcABFci=phIkg(*o$QjDlIis*LSrKH^LIN3o4nj!Vlh$*OfDH>Nm@n z4^F+^jg+&Ys0|l-X{b)NZ-XM}M!S3NOfQ6!t-CyMFzR5dmMxlwi)sc`(liyyZ{=6! z&!7;xJpjuWzTQWp1S_|-&B7c+e@)0w@h2M+qogJ_x!C(n_8c_^c5!CFjpIy?!bW_s zgx5K0(h(^{p`P)se4iQCX+5RQxlF_?`Y^^6|LFsUW;F9Kw!@W}*!*{xq&Tre@gs-5 zWN8I#6wP@fk3*o4A8zVV^1)ufu^<48f&U#Lia(Cf zDRRTJeU#)o%V>|fnd$o#A$mI8oLojU{q|rW0vXJvB|Gg6eZo1|Qo}ey9i&7pm@?2w zstK&}4r*hj{+)J@h}UptZBphSHu;_xs>DK zo>4W0ZNVtiu8S8(Fyy@6gF(x=tqb*$oqN%A4`vkRdh#@qQh|;)YgkL-wn13+tW)jz zOtmo)i2$A^j+RB1*#_c*()q=-8H*NV=V$8ZLs?NULWdwR<-SJ9BwQ^ek|o#V()nVw zybRN1AQtZDNox6tC#8HxUPnte)VeKbLSayA;%_wT<>9nDKiW;&q5waV%=u2ch=MCm zQTQjB3wc`>%UqywDl?^VRzzG!dn1@kc4)EA z33G-RI1R(EA{X_O*3*g6Z}tQXT#K#b0=tINOs{cEDmX|Ml7Xi`>|eQA_Ub*UQL~HUo!AJ!O`N-OYH1neEnDZo_7-p|y$*dOVM~p6u>5r&%pJ`mjINuv_Xay6ygu`aF zttnCs4X5WB3Z$@lF_vwLmeI$B>wG8K?L2=GR^VNC)jGgP*;)FtPC7w$45SPEBp1-J z@NoQxSh+=*C2N_@q8RZmW$4MW*)kL)LYh$u08Xf+?Oh{-70|*x>~9HvTWUKW6;-9E zvUVaIm1k7X67`T!O=3F*w2p z3gMg24{rsUObtZ~huayKHNDPj8LEmn@(=pw%`g~TJ5GEWOZ=``E|!4rIRF_pyd^t< z*+Iz-<>r3FQg2gs34==6^Xg@J?+Jih`uEB1D@{Hte-1SkX(G|VKaZP2`$gnrI1@y4 z5kVH3*)}GAvG-?&W_wQ;r2upAVp1^JYIeCuV`Z6V{V_Ut8ns~GV2$*#&f=CBfYNG4 zf;Sv2E*WTW2p6^PM;3u$O$?*HO@4gF+9$LnK?18^mVquZBZR8=^*E*#h@-cql2uO= zU#{ru?HDrxK6xbZkt)whP}KgM*86!jr%|zsy3+3FLScrSS@Qew6Ie>$vHh+O@x$NvcCHufq%rcw(CGe0=hLxdkqN*5gl=TJyGZ#3p7p83eD@7Jn6IgqP@^J z0^7Af4DFVAc{K=GV&3~{IE3>5cv{yA`U|F79|%qt6z#VWWw&T^Rg z=6?0(_nA)}27PT65|KmeoYMk}s`YE+aJTz|S6}wfYKfgxY*vfqgQ{r5SA$qjXIi)v znv8PXcMheST)wv0h=$dk(}IKK#k(Z-x8<2HyJFR>)MWYQVcL>8#SSX$<$ce>VzN+d zwS|LXC*ln=NdHF>VGgT&x?PHlpdRZsD3;m5lyeJKV^lymoZq|4i&cY;qZ}h!=ki>{ zRzdS2C*SE=PZfJA&009I1^lmYE)R*F??EoE+x0jy8qOi3Pu5|=!wdtrxI-zi)tauW z4NO}hqXJy`rN6aEw|=Mu3IP7*Uu#G43$%iF4G{%)d4%VbMVmO02 z-P_#D3wA0{fOVeb7OpHh_&@V%$AXH*H0)Ki*N3=qdKzc!=zeF(nDl|)b^5!oL_tZ5 z(M8S!07kCUlPc^?_&%-=Obg|?yf)`KY&j7*JY2oTwQ$i4zr!F{ zkOjKnHoS9hWcP^p##&NXL0O>IMaXiy_cb8T-f(Q4t26>cQeZ@>t6p)MEMc!DM?(0I z4o-fg$QP!#`Agyaa{f8jhRf_xg=o0fo^>y4%w7)=3hn=UkedED$b4BWGOqGb%OP3j5f~pl|T9 zY+C%X$GP=s0HzCd092RqhUf&ga-v`*m~i3?vQ3=kw>~{X8NBkg9GefyqbPFj+cVV@ zqWb*EzP+gd2Ruy+!Gm7?7R~wNT<|Dww1=4wtbnvpitsg{ks$!2I%um~f{(}~m2mMkeekAnAX>8X%@v0g7(coEi=*f_^eHUM!dPF+~ zwJQ23g;*BnojCU|A+yspKDOJ1rtTMI`c{2qX9@!?zjR2~bH*{p2=af^#$3b|MW>=x z8cCDC+WT7a~ik?x|5XiOd&$1ewITHd?v`nVT(a#POa~Dg3kt zGNfXhlUJr`DeTL)!!k>lK9H7_@D7E-3}B|}JY24b5v=b1Fl1KDtMts- zWX^3!+dprAio?O+NPs#)E&Uhd>&FV6J5W$?%Uha$MhF|HsZC++*MXUR502+QzTNvP zw1p=W z?jq0oH~+(*+8y>}Do(Y2SB3kjz|SrxpzVX!8`s53^T#^!Q1cK*^))8i%EGj#eqGP% z^aE;1T;)(1`Q_q7o7K#O?kxLS=h6g;#V}x~6s|Srrn7*#H%^XZVCdbi8pD zj`lu+g(PIQ>28MSPHm7Her^?beJ)a4w{yPs1$%G`f06pqccz8vWB;!(GdrpwZ5VY=SCkN2=^^6y8Pla^ zy2|5Kj<-a5tzJT}Lwu-r@3*fj*sfHCXOD9%h(W+0i%IiLPM{yx9%VjQJud8D&}2>W ztI=_rfmx)&+fnTWmV9!uW)BK4%@9aVMu%|V>te{7p4qev{Li%KswUJbkgzMDQB`h< zlp$_+%H0L7gK;Y_`MQcbt!K>8KwTJ%c?oGq^`1DXZBc1S)k%nqXZ6+a%+X5Xo=)D9 z2pfUjBk=XeyNFChS#STjnv9*QLS0KH5(cx846-NT(l%(DE=C*VDwk6lIIfmf`n!+A0WPIZbgJ~vqZyXFDgbR?*n z_5nNPIM$I^EQ%!S&H|m|uzAj|-S!enQt_fk^d|Jgb0YJQ0-pRcc;O0Io>kVJ2Ns(l ztb(Ox52T)G6|Hut*urVPiFB9}A6|WvfhD@r=Lg`0{I+fuW|bsHqdNZwV%fF`{DBu) zQndkfm!h}JK}ETc?}Ndu%kpKR%~5y^g9|N9Lmo`&InjSdgmmHjMDN79*6PWEb#W@e z{T?3(5Wp!-%A$_N98V{zFVa%=3E~J*T4Y+vPuSNN=MR+}UChmSM2a8{FF8v29W5R?b10)JU}bp>Nf z=lcB@brm4e$VUGp(nH)2JY#NL+F5_-*y=taIt*DC$e=9d>;`@u+D1wz6IZl$gIMRD z=En4FQ5xj2XT_&UwA@cMe7x!Zi_9TY*C`foO|bMh<@gG{Xa&rX4I|%ZZRg4JN6P&T zOEZ%!g6jT+3-97@_^#<%vwtIP^jgg`#s;CA$0eK}!G_O_(O6Cy4>MR{rS%_ItU*11 z-<~YYlDM7HEGi2;riDSl8}o&~|5&Uqz`*`Hb(9Bz2k7EP$64Q?6*^t`a6H2GV)G!U zqJ3r;-`j3!Ngl^cOQ$k6#~8Rc;wna2Ylr}D;T5ELArNXbhX1P=XV`m(cH%q=AvD#e zla#3(xTaI9IC8FJM=umi3Oi-QtZc@N>1fV;?q ztD{uD{znan5*gaUd2;Q&Xmm&>uEyS7)l2cWm#FsO6Rqeo7_KcCv6DV`)jF`!GK!n_ z5miiCGObe5y{5}|G?s~mq88pdJcSDqd_DRX8D|{5)R8?UQBc*ro%mnRooYt9T8Ew}q#5$lSafO7yG%)io3^5|23KXz`W0$FtlHwD)r` z@m;c<3d!E$J+g8YByRIR;ZVF?KiD2?uX=pCYl^4zfbBPzRqI1G|ApfPGw7sXDDOvD zg6Lqt*6~e2%4M&%Q-nh6<_u6v*zK8cW+JEM9B~w?_?Y3~USqbG3}*WW$uE*mbQ3KM zip6->l!bfyO%q~gPy%&iZ^%N%CJ7Nol5mi!VrjCGU;eQ!H7&SnAZ5*|3CAC_x&bo!rhKq^W)uR!nlx}H*y zoQ*eR+jBZf9Nn{PX?d#zeDn>Ake{QtyQM^tW;m@(zo+tYMPkFYp5V|rHqDfCqVuF2 z@j5YUteR$&HYW*jy8bZGWAb8yyyA4?og{h;QEIzxE$I{BFi81V9{pmV8-t@e9fpF2P(9iMS) zS}1vL{wOo24^kkxf1<}xWl|m{RY|WpI9+uVm!*2(atZ>|3p7KDxcsHe?Nq)Hreno% zPlHnTd@`fgpaLgF(P|NXBQ8W(yo(xz3E2-Mca%A#%tLmeZ{76Kv1%KLEnY0E?u6-rA@3((YOEG zL7!ChwC!mVuhfTOfvUz4f3apB^-li9JZ_3HG#{bDCxoA>VGEA9HpmmJt@h5*sSnEH zr$l}52^lv@B(5-IaG^)mz#n(4_W;>9X|lK{laF8Mff>qJtM|dq;G=OSI2~H!#y(1LB-A8Z8>M8%Ud z-sG&I>oF&Cr$)K>VXV*~HVyWwP8N=Z2=ncpo-~t>=T*sGhGmnQb<_{`PeJb+mAoOSM}Ea!}FxQ#KsiePKS6{8iUf z-pFJ$+<7-{|q!N?AB{ z41fL6zzHCkG*;^w$A~u@90oZzs3>Zljp-#rBy$WXyFYN+LsY&Y(M^M)?FA>VtYzpy z(}1-S^D}F8Lx${$=Tq=(=?TJk3My4q=Up82QOqJ%##bZ2_tk_b= z&VLP5$T+qsI3PUy+eAZj+i2@#NmQlY#L)kUvyI50CyZ*KTVtuNXxRtD>`ehjJaH1= zK6ifKsNZViG1nrADvHoqbEc}PjjKN3Jhe0b!J#jQad&*F_#`v@-B2Aq!HF@G(j2!t ze}6i!pL76DaODbHx9rEVqyN-~lF+qsaz7vj2q{B;Nv*J>S0ND`E-v;CE(Y=8}+9r5YU*V2q4Y%#+R3%H!g#)H9UCF`zWvPW7Qw7Fb@l<97Q* zR^GkmErzp&I8BGV4pz5R<(d}Th%~?L+`-+H{YU%h6WeJ%`FM)T!2R!zy{DBN&1d`hj zCSKiXy-uE!AlWTJ(YZI8?I+xX?~%~{bz@C48hd%4&H$XX3=|5x zt?OnS#f=PC8zlVZp)Lh0idc-eupVaoGh2?f#0WAO@j;(yAjWL33EANrdfbQsA2;?= zEWG_YzU?ANe6vw_%~|0+z1gxbRH}hm(+zF|{-$R!&69=ugh+Qmv8Dsj1oF*H*(5dj zB7#jquLhRRVnx~hl{-^V+Rq2C>)<%K9ZMXjx1P6WN_0qcfYu#Z?bB0~6L`44{~k7X zW#~Mi;-OaJay`?FfP!B5w~$m;#5l)>{(Lc`^>+`$fKHj++|~l?Tl8_gZp6Xx_sW+ zF#><37cGIfBc>p@FMNXTA&(;6gg#Td%pj;b-l>t5mN6!t1IKL5ZF0Uuaw;F+;g+F2 zNs|`bmAq;UA`1cf+cSpgUNgj|qD8vMzx(VBd5+b5XjaDVZ7?QdM09&L{3wW)gtxA? z_QD(K}3^ITnQA?;s`TWH7opiY6 zNMRi%dkW|^Qa4pfnuR-OOBm}wbbFnSzR=|q=;Am1WKYaS2yxY@W&PI&#a2}OTszFO zJUtgeBfTH$R;$%E{jC`JY1W<{oqRxxA(*38$s3Mx5#8d@>i|`-xxR2&ZTR(A=|}vl z;DVSqyeiz_mX02b5D*zIFZ1jX6v#4}dy6P)*=@U{i5xo=%V_SYF+^yTRT5wu1S-MR zU}1tqnn8OkwfGYUKdcFqhOh$_LaW+~gzc;b;!ONDaYk`CdYO^vUkBS1b@!uqY-WCvz|M1E$0dF2smEt=)Sa zlBDllSkbpj_}V&901Ps(Gfd0`g1Gx7BgJ4yK)o46 zZO@52Se1FVxsRHLj8tPd+Z#=*@gkN%;E*tc;h%PIO`OC1d+iO!<2KldH2qL)<8-NZ ziTYS_lvJwU2X8UiO7%{PsrIH(uLpd)D3iL(F!X;iKa1n6F#|p@C3r?(avgtr-5`zX z%O<6E;LBFs2x36V*&np-@m3X=7fF;n(DZEK@Ikq)tGg=S8U~?N?k12m%}bXJ9-JX; zfbQC|D9YK=lHa}|6<+5viK`_er_o|$O@Hs-4h}0pln%0w)ll4*(0@V7`AI*Za#^WIj7vy~X?yF;%b8 z_fzvvyLYw^jP?0&7Q9UJajQf9JAOMg$KTOZCZ(s{lVBPA^ z?Ikj7_sSM)kqyuXJp9d~I-}-%u{8qRsSOk07~`*UF54=uY3RffnTc?LHvv6U3kz`& z8OOxXJ8ftW(hi~&nasxael4S)A)FK4S_b^nE-SnW}@ ziy1S!G3)7eq2lp@QmY$Q>okx}v57Gh%vEB%wgRNnw2@rI-3~3KSrXiBa8xZXoXK5j zH1%jmOT763MG3VB{Z}X8A2X83-q;F;m-l~S|I9?pZ0y|sbN7!h$;|qnZbq(uoq+$f zoADoEa%ua$#wG0#5(HFob#8kbK9Qvlh?GeLjwr@OiW6jk1b-piCCEim+Ko!jZ|UZ< z*LkMfdb`uSdiV0A`m4uFV78=me#t1UAyCWz$Vick2NO~ei>R=qWC#)n#DmLU&`#FV zQx9s3;IkDwNuTiY5+pz<B=ZVcWST=4*iYB0|bQ`QqZy)cY*XawWCZMruVh(g93C@nr7X!FL!KN)ll z+ZZ|!WJ%CLr*7~dHkHWBA7KgwB-HCu0-8cehigkIJ!x@!8vuH^HvsJ1f^1<9+9tBs z0%ThUyS5H*1OCd+B#3_q^v#M5Nx>($im`t`S_9e`+8LDH?=KO=H-rM`>M`XIq8$JL zj>`gdNmd2Mi8VaUHCz?|w(;+sh3FgZf9gH@p7~aT0{H^KH8cfta|PxRAeH^=0~jMh z{2r@x>N6Nz2O=t4t`&^$hP`AaJcI~b3!)sr48I!RD7K{V^=F5pHW*tJl9{3AV z|HDplQp*xoN(b4T7{JZtpYMPd|G9ou2p%5>uM5;10LC!Hg+hDCJ&!Z5dm{XF zf18P41v1$qeQ5*gGwA)%%iv#_gn?*&d8Pb(`Eru3q_L8=Z1~Q2_48R+s9ObMBmf5D z;Uv6GsOb_03K$KU^;4e*6Z*aec~z)DS;B$X1NlCCzDxgJuHW1RGkn*!m%_ZFNSMO^*iT=pyd+{OB?ocM`4{MnB0s_g!<=UlY^`S}aMEqKZIjo?mJ zP5Y??WK}1DE%?K;1oSDL(u5o_jAv8KDlsx_vPSmctnUfcBEu;ySw@d8$@{Y znCmkpL~o?t>oPh$iU`Eb6U56zSo@892i(<00B!~D`<1m0B#%G^_ni*np1lrf2=6@d z={hY80wh1jxM)B0Z=)Twe{c^$9fZH(VL-U9egfiL{sw>J9zr?{_znJ?&Mhpjzc~i) z4td)A7`(o)0z>pd=ort)4bq7P>Z?IE>#9pDwKdvDhZo=#>-X%L6OMC=gt<+|^ykU|w~dE$3iC^iIT>hqqPm{U&o1=2k&A8~pgv zYdwfd|L(&1>YK=H?&lT`tsBJxt)Qe(s)qdK9fEzMAJDtNGuJ9OC$>)TCcaK@c<|~0 zl`SY=bdy2Hs2%bx%y4b{Ct*|nU4;=ATzH(X@;cG%_;AwdNoDhCkxvB&qqL^Vvw`99 z3q&o%efKf@G{AlQZ`%Z+BgJBI{v3J1sxGN5${ew2X8j$mK60QOyQl#@V%4+#ff8<) z1m;yz4fhE-YiZa3;S(lhn&MzkV8I0_8`^aS9t5=U+=3PV?V-jY;0;Bzh$|#dR5m#9 z#jRyx4saqvv3eN?KePg;?;16Haz_w^HIsYY(|mitAWe7L{)wZsu>K}RGoBIH?kBc) zJmR%AKO`tRqGM7Fclriex2Innq8?MvRSg(J`|Xg;*x#+#j)9Emhbi-n0v>VgT{Qm!L3;B@4+*L+WkK$qOV_MZmvqY5)Rh}! z2ToMX1Gq)8(lN?il?;!WRLeeWldIJp*<4YH3?)&BVRl2ivet#}LRVGon1?;+9a=ZD zPtYgEW!)nsh~;7idLiq@`cB3zR~6*FQVU;7=a2Yc)1)6q?J^f2NyRl4rO6d<$$F!3 zCfl=>>$vg966u4&$2>@B)AiN=E2M?XM5#3D>gHqcFSA6 zn7zWlHzsWlGX(B<-ww6oCV|b$*%Yr@v9MOCq&D+2rCAa`u-KVY1*ZU7kCV5(YK4b{CK8E4b2%&4AI3oJK7j2^Cim|`3=hnE`>E-`HCrY z{}?84!>!sqPVdGG50evkmvM8-%uAv)%}}E9H&oO3pzR$c2aM~!esFslKe!_>yFCLBfT_*b~eY%GSZNtcDNs zcBZKaN14eww0#}pa3%T@0D->bXQyf266OC0ZGtEM)rfABNlq`)o;Gss`W-~12pA9? z{aPGeQ3%#TYKcV|fS-ANkKb1+pl3nam9#eHcuDyvV@N9JjXnkc$MU$Hw~8O(1*n54 zSHPS2f#L{z`WUHJw6q*R`lvc%m3Eb{g)9hU%8CKGTfKoD`PcT}Kb4;KK~SjiB&~Qz zSj>Qn8Y$}|UiS2eky>?YF4=R$v_Zri^p>79_)@yjccLCKbRDUtx=z;f7KFtzN<;w4 zSYwJL3t8t@&`L5#Z?>AP3GEn7lQ19esL)R7kr5lhTUgJ4ywn@lN1e*ehG&eAbGd7~%1X>tk6MIvgq>yh*M7 zZ@syF^t2QR4u(XyyR0eb@>YnkcDU&L6M&K@-uA*1e4F-mi$A_QhB5TcpwVn2{7vq7 zE-#?;l9daojjwmN#)-Eb-$>U=+coPylNotUm+!I9Kfu|HU{!?Rh+oJ+{6t>ZcQq>u zbB09d*L_K8jA3d!Y(P`yb-0;FD`<>Fv_KE|PB<~kx#VFGF9E^0%@&w2TzT9Ua@l@% z^Sb#DU_^JpLocYCpSJr8?MyDYOXkh{PM10L42SRgk0zI_A5EO8VL;nI5h=co{S*Lu zAs#)&w@0S)O}hbqW=!UTv+_hSx`*SjNL`U!AuZBi(goOmYSDgNZ+{pM3xJaQ^5z{) z6vs$r4Hj1SIllbP9WZ%-@$2!!e9u13UIw}tAH#-^;fiP1q1Nwbu@;Rjr=n;oF&jS0 z#8q@=nRDXiK&KN8)_Q8}jX<8;Ruc|frAf#}z~<@i?Uro4LX#ci3p#w-BeZWLhdo_dq0+muMs(C>T%9b&h0 z5dOOKGHglz8;Lq-->c+!g}bGv3XOaq`L4WbhRao$aYiHi$752|?PQOizs|9HCJ7GV zDiZU<(W?J5eZ6afUu~FSd{w;0eG6S!&^}(Oyj>=>dyS8rGt8omN9yB2&rvA}PEqwl z%w@G`#%lp0iYxUCAgnt+o>H|ma$&)?ThDDn+ftXk4qlLrsCa}>)MN#HYI~?)aq8_x zh&4ZkLulfrTefsIOI-kU_bR6vJap-gK#2*lyUMMjf&e5$1(^qG`LEL6Czl*VaMu~E zu(@smmSQFb2Q@5B`C86YT}TQo$wZDHTx|fG@l-5v^{r)i;5u zpbtbie`7^Uh@a(PE%kBcdS9f9NSI7N?&nmqg{nmle0T6g$`~sx34>Bpj^bA8y9Kvh z{3Y9NG&#vs*KHFA5k_=7f~DUrEE=+y_G*Fg<-9B4c3J%)j`Aji%_)C3B$(*nOih0A1!cFVvQf(d-+Ete=L5ZAnS%yZoYL` zRh%aBC@A5nD^rMxQKM-}HWI4h?dgWq7=Q;Z?(ep3E{1=sf0veJX)96s>>+e09Vj@? zI%4|;3pWq$E0;%oZc;%kS0cLuF2j<6wP=OGpK)Ed9O1O0^%V$J<=YF?=uR4++D{Pc zS`m+3bQAq)}Dfos>8*%m)BjOAxP7(^lKE=XV;6J zS*sd)#p({xxEIgvepTau z(!C&!p?<3C4a4~9>g7Vf`l1TJLoZ_>U>^PbFxN%dFBO|!)wL?E2PSp4)cMw<{KgHf z2Ujh!C}z)j0APv$SRj>D3(O*+izj9K&4`re^n`|n%jX%9pZS(O<7j)@$}t?mPE4J-a^{1Sx}6I^${&kX639Tu%57ptfDWhHpkt55#~B1htSV)C z`vofzaw|n1$|-Yx?@+Q=P<$e(F{q;HI99sswLEXk6oX|juufyRF5x@d`|+K2Me&E| z(wGpHapScrazAQ%+}D?kMglliKFUH%8o1)JsfH!!|IGZBIio7D0XSH>2Ss8zznNgs zX1AzbT&;y1Ecxj(BAlADylE!&|EnJa)GyDLz5Dm0Sb2K=8U^zlL?zwlO0_JU1+UFP zRl`FxzH@UPvQmbu#G4!l7+ zs;(_J?hiu@+@yA`>-%|cVn$)0otnX*iFWl|S)2v}5MtSlmN}{rB|3{5@5LDwV)!Hr zGX%-N%cn1)Kj#g2hZc(efLXGh^%zc>U{|w&S1;Sehgi4LGI>r^-b?rZs~+v3DO*vV zl+Wj?&fj|Ctd=3f`_T!pGH-)cfoXVAebSn~i_hAQ=U;)wcSw_hsawMlFX2Osj$K0J2{e&Ey5?UuZm>)SdzY90aFxAim6!+^ zz=DidypH#rd4@GPmqYY93vXJe2Tj*hH;P-Yzc)9}a(ej3GL@F_Cdj;-Bn@jPUlh1A zm^D(;EO0)KYn*(muu`C&CWbw_&|*MZD?KD-&X+*yV2K;{^VOg*MfAbLi>J1AE{mrC znH=mJ9PmxQtbcYiHZ{vPCqY(O@YO;#3wD0tb{N+pOc~W*R9sF|Fz!CkT}i;%C3&H< ziVClCIOnkqiCVEl?2j?5lpt->IPhf*Y zhzYz^Ah29hty2xO70uTIJkBLp6&0a40jK@*6=T{>#C!P2i4R5YCWc97_Y|?` zb1M8Q)=%CFLCpyI1}o3ytuRiY94F&W&l588>s>0e4u>S}VWLX$_Vx-oRx>a1Rnsy? z`t%WPMy3dXrF}R#c-9p9ZuIg(xekI~e6fIFg!758d(3i4QcYR0^S?x;)ME;n&0Bxa z#wEh@e4hLd{ zRgbAGQJabXY}_H9Hp4Pl#QbrEUbeeGJ#= za11Epr9RRL`UuV8Wjr21AKfH|uA)L{^l zBGsCKT1m?L3F}4fZZ(c1*g^{7-F~4O`KD`dl4If^PO6OPF%WkyzFRha%DItdPkiMs z%g)(}0Z(bgDp!+?fjMUy&*=mKloyxt>Sx5eh1u|DJoaTi{_rc>3P3TP13syS74tMN zuZML1VDz}h_7;<%w0p?G(J&m1`ha?Xjscw%(MN54Oi>I+tJA;%5mXSfMQmAo7HC!# z5y^JS0HZtm?{56VR%0ATY}BQ*H8`f!EtjU+b-w9p{@i$>hxor&VJj3UnV!GF13n7K zbX~+>PK0sSwCY%KO-~N zUk@d28Q_CUGW8|w4$&p)9X-_q`c@(b@P|ye7SRyTs%Xvx%UO=FpltH2Wo*>rY`fDw2U*%57Q3@chyxTNUx%8D^x|j9X;!o2P zdyljjSo&V4c`TH$7P@Bs#^fJd>S~D}9{M|Q5HE3tkSALo6V9{Ay)s*!G8o9Uo~BJt zzTTw;LwFD>H5tmmxeERms^ixZmM7`Ow0cog+?KDTLy_z)m03f63H#&OzPz5TKts)3 zMS(Es#RifEysbnPR+=`xcm@Bk}ufT|tkRQ6z07)ITcUgFRXvoRE= z$8#>hG!!0LERM{ZUWxUw982~JI{!+`&4`iodavZX%h*TBDWb?U96)8qnrERHs^e%p zSaD*5aP?V_H!mx>XCMNTh_XwNq|wzDx8;GB$5a4RiqUo9R&6bw0d9GELbx7Lt`FBr zs-6hS)Hl=dUnK(?^IQaW(M%rvQ&=4G#B^FG7B}T)-&mLu!jfiob9k4g=UgvdlW5CF zFo(n=^$%jO`{TKw)re8^5ZySgS$cijps|~}pa8raSHQkxtcwi;zwiut$O|(2a0VW?f?pXUL2GUy52|h2{h${8=f3hZ9`fk6;WQot;u)*LrjR_6) zzf_=axwEQJY(=d%9Eqx`Sc9T}O&Xeq-0`SPVC#^edt$HNXio?Hn(@BBC0@8(_W zro&kQ{+z--R^Pn`lYFHU((!W~XHfYZ&|rrRH74ZcGi%M7At57i!Hcvj5o~ zjkGNrLn@6*Cqz)41*7vu@_`7t9s zWv^s3o~W~q|N6dTO%HJlyxXJY4H{!r8*mo#Ex8AR>DAlERto2UBOeH!UHe+8e z@|L1sGtU3az{n<8Gr0c}X-Jc<>vg8{jAob6+tehENRGO%jajdK!zACpEajHx?`3c@>rqZi5k5!G5d8m>+)ZsZ@_)j>$h=?XzqO2 zOkRNOaI}ciL<@>AOe_dTUGnuKnHU&c0TkhecbESY>IK|I`k)?7rb{4+*=-`_>CIZE zR21%FTtqt8Ta=t*OdUJ}fya2(QVkbmX7s_h-uz+@-F@JdbDhX{K951kn2-K<%-OY;v<%J#rb@++5jkPVN@2}`gPHk8P);F3* zH7E_3Byxr-UOL9LYaen`0&vc@T2ffn!TUbfTN5lA>0=g{8?C3xNN2zhtRtp|!uWqY zblUPi`q_53D9Rp$C7mdQHf$c(=c&)A_Nv8|AOB`+MkR9Y=_l*ZOc>5ZpOhw+`bQr2 zZ0Yo(v>F<1+bH(s^4jF52<6Qki)gxY@5uzjaqtsDbI$Mk9oHX6!M8oFPma264TCO& zkuU41L<|*xr9}eg-0KkiLPS=rdal7 z`87QX*$o~xY0mP!EW62?NraTaeS=mc2u%pxt26qDSdwkSLq%ns~0upD874l zr#_Am*^r1$%_8631PSP6EyXk!IXp_1_f~=XGVmG>Yz`S^E@y5Z2AP;Fa#9SM8m(bA z|GswHXs4KjtXpRsq#3Bto>mvgL*q(c6A0{>@^t?@n|yx<)-N25T>eJwk3N3KZ}3Vc z(lw?!`q#}26>DBg2$(TbQB_p)*TK_lhZWoifwA!iT&;)NioT>U{xaIaudkP(vfZ?| z@4r}DaqLHBQ?IaSdj9M!6{X!Wyu2D;A>m|%odccX!(mjCzy)A(>%Dx}7Pk`BJQ8sf zd1yG>iRm+R^e*JK0nj6rHEVzZ=_@yt2R>;DRsD~EC(P+Uk4?!2Xsx;VWkk-iv@ z_3T8NTDQq~9k{7Z5GY+^Fi%nca(1IAw65TemWBP1rZO2)(0Zg}Sr>q8i%o-!q;AKRF2jqTz zBE2i}4zbe9z2KT!Z5@*WBKf$Y^59@A9QqBX@5r|QTc%Ew9$Ou;$FeYlLi{e=hYOGr zp>YMNPmXTgk&zM)Xb{Hz^Rp~n8=jh-(P$h_JxR?JeQAbLMQxhKG$u@wbs5HW7y6cS zm8WB5l$!VFU6n}uGWvGW{clH)&NFCzZu#;u0YQHICNsR?^Cm22-9~a&0kwmS)@UVr z?2>&X{yS@6m&lUpl+ic0Qmn$Pi=~f&@TqzeX(ppHcyBw}b1K?cH(dFu=k7ziJ>05jO|d|HcRY?@3B#CQf#)|6fC}3H(p44hDU!=-eJc zTxTbkhX*tRJllfi;SEDSJ6OaXL%&{d=pGW0r6UwrhU85*Yf9E{y?1@b#U-HS7O*P7 zhGv~jcaR=`B7`l;6dD$iriVoIw}x&O($M16*v#Toth{I*MEEM`H!{h}HISi>NU~v% z5F(jDh;=MRZUXMXxZ(;5f~svDl&cL0uPYeOH~8ubNWtAbC;*$M0}7;cYD+jB$V@#j zm=xHr)QsLl@u z8^FWO_ny;*6LdW%s~77_tsPrPLKolgWnoY7x?Q_1Fqf#VrjF=ym%i~E;n8_=!BAFO z5)zUK>md58Q-C@VcJAPKqkHWqzXpG89`x!Fu>mBAzSf`9==@};93FzZ6Zp97huI66 z_*c>#J`~7v?ft#&jT>0V0%&e=ApF|Hlb(@s&p;-A_aFn|%QqJ<4@jL+9_U+0y)Q%1 zlu(1!g9zy00OINKUFCikDk}uk5V|oCXewxhi0L7qxHmFLJ>W27zcY{z7~+a?>kz2n z_vic5^htzKR>HlR%u_#;ThX?kkZ z>iO>YC8+YvnDHwZ{u}=gK>GfRL3U{F@SBnS!}$FxX?FtD`1&!r7uIB-m;wIB-B%0r z?l=1a&i1E#YS;OC zx7r*L1auisPq=qC9h1@h<#)dODkE%r@^k-VV6s=uypC}a;@u{;m-)^t@23;Nsv)f8 z__q7-XdgVYy)Dy=xHt9({2s`cOCMtiY(?l%w*h+~g15w*|!8S)6ELF*UTU}5bG*bB(EP>_f* zaQX%DO*w3v@U9H*^S2K(xiRQBkkO3m2iRc3@dLEy$nE`qp6~yjurFY6AX|cf{@)H` zSWe804D7FFY{u7L#;;XgNHA{@`oxSAeELukyGv1Cd+XsSeoc3Zuzf{V`zJ0fikR3W zqL2kviro}87ngK&!3jEe$1$u;_i8Dw-7W*2w!3wEB8R7g9%JH+cO!ZGe6C+#aQ>Vt z7kLrxgn5{>`Wy;j3e5`^s4@wh$Bxsq%ChG|3ixnFJ-=V$Mo4;vEVu#@%?KF{MLVr{ z6oRP0nfY>v(rI5Yn~2loKn90JVq#O;6($-z@)%{Mwo44|@sgA0k-N1qniC)^2f4&x zpSu}sH!d(0ZOc%xXxx7i7R^B4#Pv)6oiHaybun~A;`Ed*`il-{x23E~E01nAQz`q;RPsHif;E)(7Q+LPjkGYAYE>G7BGuaq>% zF~6M=E;{6W)w-XwaPe$^++C-nllNGb5RwX~4ux#5HX`FB^)V(NVi*-@kqpD8reSWz zydldSIBu+gfi3O1uxpPgUCq|QTxv4V#|6(Ds0q|*NZTNy2qI+q_P@4%NaXvBd0P0y zsknV2T#KgmTJd&o^J@Gfe3H_N`f#2WoX8>R^nIBW_tv$*oQ!?|!&#}TSXe$+w)}{W zHBl;`$SFRnYH&Bq+qK#6$yWOyzmKP=!C*#lt+Pq+*`OZcQ!ORqD>Mh`%kc|AmRCm= zaQe*G147&9)%+>ZNJ!9?FOf>TxdeJauDkO#P+iDrvUkOPba}c>+wziHrx_G@c>RL` zgb&*F4;5Zi)!z4e&H8;AtDFbVpveu0KSC_F1ESW%%*Ha%>{xPeDzV&+@UOat1CXl` z@J6zH?>c@nel;n_AmqbunsP0KBaVNJ7b|KIFvg#AiZdndZ?GdfF0y`vGA>_h~LvzY9y;kUTr1nW^xua zY&_Qwqcy@FG$4Hh5+6_|o@}^3KpuWjO0y$K@POzUhfk->fM|6p*lj#PprD6Qa{&iW z#ngu!=G`}SkMD+rqOW1Dli$kWOI>;S)9&P&_R!u)5Yo><8X(baB6w5e zyHY|;TL7|#flj&<*hWqBnI7ZP>kqgl3qyC(4+HBS(24@bVj;Cg;5 zlmasTO3HwN`H(uP%BS$MzjTJb*^R8)f%xr-9FdR#8?p?}6T2qHJwoSjY#WQ>KuDVQ zNnc@U!(W3Z+LE)wk?Cp9QH{ao*PZ0HB>kfRs=fEh;g>+lhqr?qU)vre=zAjSz&l)3 zSw#3*{Rx~gLH|Y8Tk&`gp>2)>Mx|**#JKF?Ga}aDx}pKhVvC009t?l?ooI_LpSmi#r$)>V#`&BLHLI(p zW!1=;s4XGE;+^DWg|bOemY|uuBFPBQv(J~@F$4$x@4SCl*h7$%62p^q`$8_Mb%!pbV zLGjnMEQR+lm_Q}Je$o;ek|E+~O3iPVoFuUk{&0;bZ2E@J)r&-v+6Ppkx_Sak5n!B7 z+v*`iTDJ0Ml-ANbow8~T%{QP@7`IUuXC_#>7iT`jG~T#mM1hD>5I}k+mWPtKpM_UQ zjIn#Z4y7M+hOkF#N4TA7_upA{7kTnm9~sz7!YDhAF)pF%?zTs0m*qs_b11feSsGg= z4Y=I$;!BOM?wD?uTzXn_G-2lT%vn@mM`9^>R2HdRg>2=b;%l#u!B@(=5atiq&0Jb= z)t9kC6q;1~lIo)BuB;>X!3hHXSvIdA>wTe*f5`p9h>kNl@~D=ESs1f}eOz*3gX+lj zt*WYS;B%<0)I_>?EX9k-d`~j9n!CD821rik)hmwL}Jbq z$TctKHDWK1bgf*UIOb>>Uz>7vwrlOU^Q7x)vc4W`W*-D7k6Ia#eIK0?hg?^dK{@J% z4G+koWXp>ZBIxS7FITgmUy60KU)2kaKfXVWC&nCXI{s#h_6IEQ3kqsU5SeC%m(tD+5}fv;&JTLyG;XR z`{=e9zkOs3KToEkQ+)=3;y-Slwh(Uh^MhiI;Q4>Zg&oZ`b_JtHP=LfKox+@+d3?Pn zA#+NILtmeYKP2`564x5@xh32l7My5!2KVV<9Jen!GQtD)ap46)V` zwR|S~lt4;Pw z;bW6n`wtbz1*gz#cbh`xPZ(s3d3=dmrhe!u!r3;j43U+KUA`-O+z9Bvf`6bIjR+jQ z;K$E3wJ=u>EY=F7ssroVozdT!vbKEGP8@_$0DfaXFP2FcDPHDNc`A9ZMeG`t^jR`I z*m_9uj;(*P)o&h7gjk%$e9{@c$rDEdy|AO#8W<|gOy@NY!69;wME&LHtf`J(dtVY# z)xk{N$HNUdYh8PW4KUrD5aWK1AkM&DDOXt7ODZ)&6ed}6OyY~nNP5B_UW#|qV~93Z$C-AOJgpYbWR!VCe3aS( zpunf-a&D6EDWee-d2DT9W(uT$pimtlMt(G}<-ylJ$z7gm@)r3lu#ALODQYYno*Ts5 zSVqRZnJNQe1HTu1Dhp{R?Wa_Jf4;EVzQ{>&IHWSst(bo|FZx4(dPdp!Hf~ra;p&wEz=WN7^5j{h=XI+owfIZaB>!VlU*nJlP5Fr#{X_pq^qPEB;rLe_bRD(-A= z&-D=M_wkEc*MIBIJZAw)#yD>d$tH70E1g3jnD33San{1HNtwDrex+u!_p_V4Nw)f- z>Jk=XkR+UQGb6m^(t;s37oY!SpTEy>oWBj_8Qb#ryk7%m7H;ibRHy0_KVPqXX06wv zeYV=va_&`xRY$Dz9u@a{3o{@vm3qVVW#Rk1D*k4()<)|%61~(_@s^*X-nU><{6!r7 zH)S|%G1T;f6mDsPJzOXx2)>eI#k|05?-2WJ7GIZ2Pt9PB#Vc|`^a4QH+PR|e0(kki zeZdTzZQ`ILd+aM%?=I`Cih!$kXY<&$#2{0ZHmi$3rS_m|#HwU@E-)-#)f-|o$N z`l(VA4s{PM;h2UYW@E>+3GqIkkpN7noL$CBgtO{t^)QWJC$W$|* z3%UdCh<&|7sGGllzeY!WI54aVCiYd8*o*)t{Ku!JJnUAwWJ`>EA%D;eovAJR1u(Zr z(n^uCBqWC_J>48|m!qrNXFo8oaOtQvgkPVmF|$coY_|7#zloO?Mb|fCbV3$PTsfcQ z@@Kkcb#@kymxz%mJ8#3=zSmC@xjYDqr~1(5&UR`_dcY_jovY~i{u4bc?WW50BkQBN z#@Rb%C7yhW?51tERD7L;%m>D?)WS_%U%WIh8pJ3>;(%QS$C#Zu*{xZ&sB>wZcD$uH z{Pt?-38LGUtRNmtTNP3ly*cTXVlR9p<*Iea1Mwy=FGu&26#uVP^*HW;1I`U{Kx{eu z@r^mOGd!$GdeSQU=2}CMZ7BNu0&+gbHE??%kY`Ae#6F1YVy2x-mz(UblDi)xF2u(_ z{vsF9qNc{!mJLQkK&FrW)B^5lE3OOAYsexg46xD}>S_pPq{n6zU9}vMwhtH-HdL}u zx2E7b+DmjM5urmm_kzP~m%iuWjG=YTMvN<$LwhcDc#r_}&SI9{{i^%iPv7B1Mwo(> z+7hIcyR)%0$3HZRGg>~#g_3VTpG)7L?&yaI$VXqVI@ zw0X|T2+>eWeGVm)f%4RD2rMj7Hl-}n$yF$a)DGC2YP9$?B;(PiQ zy&SWW^My8QcoH+J6;0E+IYcgNa)Z9FxR#wbtJ4|9L7VC?2_1b=k4((K7OVQ1-c)Hs zB+U|-E0aa|2n?Vprb`88Ypnz`%Y{^<0Zx1*Pi$|Maxs7CLSGl-!m`Ybc@PO^^D~vV zlZYeR@2et;8ynwBk!UQA(J3xUbk)B+H^Vv%_s@Kk@sGqX5459sY1U<#D!>Dh z3sJw&#BM);nCLeo8^TuhHzpibJh&>HORQtmS@i6b!WhthshpwF#3=HRT7A^94@U&; z88ou`cu6f=0e{?jqRL_sPAD15%n}U*q)=q5zL0ccuY`Wfrvh^}+sXUh>9aQ15IVD= zH#^G~MCZ+9T8~-|8%}0Oi2tog2u&Yt9oXx;YNM5LGj_{-0Sd|x=+C0xc#+{r;T6FZ zh*>XZ^o8Ws+Z2*Zmen%BtN$q7K1tiK!9=ao>&V5SPLJsa`mINtrfJ05r-Drs*x7rr zX0{T_M3y*uLas(Hi`&*RurtX9AX`1>Q(faDrZbdq8qa6t4?O&adDph;KWLcKemN^i1|LKha}*MuOw9(9lUu zBC-Wes}pkCvzAGNQZ)2)R${bC&@(ufI3d)mG`+_Kl<_{1wpf*htzRXDw%cY^`b9ot zueB9U76t6Vj;T1~5{`-xr^251B-w*G=DLv5)q7aVqL|>SbE8}2MvR?@-c^tKgiJ4J zI%UdHP;>lnSJFS;l+s)>2xdT>zpYwEk29c6wnYEa&c0T^E=j}mP}X$N&OiYF|Lqdt2l}! z26raZcRu$;m=|FegN}s=98*WLhL2e=@rUG^q`tILqF|Vm+D&vGG zW93&)mCgt-NZ@zLy4i((s?y-lf8e3Y)B|r5ijzWC2DA zo;kKH4j(llC?)p1QA2nTxLbh`&EIEAc)&H@>?^!U#ukJx{;BJKC#Ne7FJ1Be?z)X; zTg7EPir!MSs#CvlC-H#8_5Qey4T&koB5tg1-K;cqqoQWcvVEDyx%9Ut*CBa%(6A&F zkc+^f{$O1DZ^_XxAG-dlv*OU7@ytd)sLNPPJ+`jl4$p*C z(?~wpy#E^Dp~O*)6633j7!e&t^=G{HgLi?4p9P*qK1Td!SoYt6szWTok8NA7K=o%+ zKl}>E+D^˾_D-i^RkP!Ip-Hg-uf{(57>MVxu}v}=`*8zI}d7!L08AX!vMY+hB^ zMn%J8vf3|}NpjvX+&M1C+@=I_iz*>qrJvvB%;fAXNygzCa7^pld(h+Qj`v%7%iVd$ zfSQ^c_Q>7dDPuQ!L<}wvMEx>|Ml54vql3@T%pd&OY!G0CRBGc+_NK?+oPvJvA2$b3(zHD)0f$(5c~*|Zb0 z3gg$?lMbgWY!~Pvhns8zloAVfzOx5X928Xz`d*ZNMdCX9(?)}ia5Ozqm`^I-`SqcG z*qek5n&F=$MJ5|}+YMIl0MbjH9bMM$OK*#u>i#vQaakNcl$bh_H$(>STz?-BIEt@o z&`mN=HZ-^^1S;n3tKV;9vnc!P!ftXspfDgd?=0!gkvcnIX>403=Y$CDyp%TQ30Zd> z8vk=yVST>}Uh7Xc25ZqF)ls%VTAAfZPN?K_d_a5l_k&)eD*vGbnS{GSwWPH_rrywc zoxch8vkUpq`^kW_sQm6YKuzW3AJEHv87*gdPLWeTy=wfWOU( zyRoYdHq;!}c2C0Ag8~Io;qK-Lwzg+tH~}&664e45f#wttZT@YM4vRWt&E?{a{AVuQ(rPq*%@B55%&{HjYp8+`^bKE zr?kc|Up)$Cb4?(o?y=2WI?maozlc>A`x`E}I-sBb7EVNl#qf+iu0HCy;6eTnl#k9< z<`FLI%jvJ(NG}3hYtdn>nlHb2 zZcoLi6q+5a$4juIeDK(SDOm19i%tr5upUj%#WN4~EmN zP{u{x7puHqKu%tDx(F|PyhJF=A3jPul(rKN=QYYdwfWkl;158i%oG&7%gvkh>T20I z@HKAR7-;-Ga-_O>glaAvKd(A^s~T+LHZ)o{@IcXWiIu&G8S1yCVpEu944(~qiGq0b z+qZ?A>%P9ytz6En%M%q%e%vTK)_z7|?cP=UU{@@iUGD)-TRX;K=1MRreN}Vxq5J0C z@A3LC-`eqqwPPu6ucIrV?AYV?O^EV~d0WTOKk9Lz_#rJS;!dOYzn=1>GYOxY`N{!$ zNcnUOBL|b;(1tl}x1np)fEQWgtV|n0`e7wgQH&R`iG}`6=O3{5vdYVF=a-2k_c4f7 z8)n=SHt6Z3f$e4X6sV$<8ZD$G=_KoR0Ha40LGjM5X=)Y8yse89Nly1DgDfB1;Xk)M zL1^Kmbbv3*P+|(b2vae>-HuX2R-As`D$?51z5A_jpvY8B5G2vqtaW!jMwJK2o0t8B z`d{*is2*$%D_q99s76lsGR#Unx72;Nz4xrtfR3E;dr^#4+P3CggG1M;OJ>aXq@K`W z_=(A--~%_$)GD*iKnE9vOb#~xoZS6rNha^F7T<;A+4d|I$tOeAr#{o^svBr@JM8zftGBkLT# zzh`4{Nf~XF3*`QQDU>~DPpN_8|2Kxk%zW+B&~ei`&Y_HYJx|d3$?-D7MsI`2D=&5U zU^WNR!SMj*;tKyDhjLKak?k!TJmJ>r;cS32Ei`-jUuVgApMwNo^T^a#>|^0`LP>X& zd;^O&2Z4|tmzdNv|J`KF!E%yQU1MA!$@k$1N5UXdQNqOYgW+z}B(_r*^i5&Zf&Om} za;f!?bh-K!WcuuR6dz1WyrLBB$?biyuaDqSbCOrSmJ4={*<3~Go66%$_Yb&t2+36a zI@_e>pnq;vgEd+mZL`R^0$8{v<~3!?qD5jv^@Q3KrD#Y6VqthLRBdO8VG4I6o=r1N zS7Gt83a5Bd{w9eJm>`a9$G{W<^HnG$QJu<2=yEH}KZ5-)Ean#8FL!r|U%K#x?gsNo zgqJK>F8l4p|tm^b^Cf`L}D?%6W&#*$(tKC=zy?zx`2)11a%j*FYJ?6jw{ z!VbwyEv<#!az-&T46Wt*7>_qzR*8~WGm!opxA)a9){lu|O{f1V*C(PVHQ7!&D9KbG z;UhUDo_K?sUx~<9n$#wx)>#(B34f<9vrrcxt-)~<$s^Vzm>hB{5i$Zu+w&R<`c*K9 z`&n;p%sBApwC$6xG!8qpGuSX{o3V@`@hcUL2EF!Se(wFd+0D*zaBuJ`n5!YQ9u2;% zM8fk9_eOQJTP$Kqpc3>5V8cWBjB~WlQPEw@&^D9h{{SxIF6rB^Ady8y^YmN3DiENCCVY z>B-XJr>=)lN62YSEHf53r`J0x@S|2PDEK;Jv|YzK&i+|PU;2d}j%MVg^9umu)oS`X zQE5M2th_Ymn+TJk(zw|Pc>5-E+2{DP(d-oglx~T_ zC&Im8Y$$6n;RM|`w>ESJs{nG6xYo&PZWoT}C#xc`z0)We@QRI#6MT}k6X5wz&AbK(%M9Qa zDN`0PpsYZTOV&buzAavlCrL-8m&o8MDx48SLIG4O=MLfmg1+%YdTs|R* z%q13PJ?NDP^d0*xKX;}t4xDMUepekl=* z=1g$A{&`9~WK0o`iP&d0w;PG*cW`#NKF;>p8Nsgm@R+WWudu??*!u%M3s2@F9U{;b z!Cg-Axg!-bn;Bb#7-2mO$>G+ad&;~4?`VBQJ&5ke?e1cJYzv(VZ|dLf^0zRNoV@KZ zUPO31m_9FRzjGWE-uq+vNM!?}HicuH9%p2vxU4*-Cn3awfNqGopWqn(Et@>P;k`6) zO+3=L5~UB?R+2i}&es3X$Ob2|#ExfOoA;>tFhrL59^!86y@2kED<>)X?!?UuLCIBu z*a!E5{AmCx@M9rQ0an(SwvZ@g65Nd%VLMHIIo)V>z_wd-!-gAK>}4D!aKzbRH@Z%}><@ zl1|f75CDx5U)1>PA<$s9d9tC3zGOovXO8CCY;NCD z%lX&Gmg<=|sXZI40Qu!xyGYCc|M}i!6TZJrLg~P&p8L=WEh7M7iiVC7RdU_d*n||v z5FCcb2J4P@dakQ8{-cFn*l}f6Y6*Sr8h$YORh1YqLe0b-{?yt(raCrS1pIMz)O)eq zF=^hk1Xb=Z(R~ReVqqv9A?e-VUZSq*lt{B?lTXvJKc!B1qc^y{UKN}f|c3ud5iR3j2Q~GG`icX&&yJviVwA)x0TTh4pz+{&V-Gf1_oCXgC zgrDxI4@TCo5SekZ0+S2jZ?=Bm%PYs!|66^^`d{kPzs$@m|KY0s{-ys6w{{#~60LNyJlg z3%z3yxxWrAfE@lr>Z$AiOnhj~d@eaZc6TD9!&_TwzDY|H6A?p`b5Wp&<}^|>Ah-2S zEr6xKTfWuV|J$DW|Awp4y*^6A{zAaBjde~RDVo5BN7qKjP$0gbaLs6ZWURG8Aqgb2 zr~q(qv$6j`O4)$3zJ--P(fuHAZ?*we)mDElu6LGuaMn1!3@nZH0PP)F9PaC!>cLdk zH~;`C=fkP5x38rD7|AAfgc!kD5mvV+7bchcCb6Yn$s8Dc8&ffRVKjGpCL9`Uo1C0o z4D1@5UbP4>Y*=?`CE3*^e6ex-WUj5ndL9xQoj}!nH?9ZXYsS_&{W>#0zhNsav#6`Q z(e=*uCd-cuFZKZw6Fyl%sRiDN8o=6tTh~@sUEhA|Q*?mYjsD=L77uAWlU-hk=N)}p zP(bf#d=p>PRtR0+DpZ6|__3L(Nn{9HmnQ(Q*RQHqoxs6qxZ1`hTkuriDyyv6Z&&aL zKjokP-Mx-=cVL*+-i{GC-H)%A9UGC|r+N@}_Set6A4VNzNNEaCC-z|B z-I2*5Fx}%_W8m5!?Z4W$DZW2W1?I*dH%#C4Ne=ZufUiGEG_BGn9zyR+#>(A+r&!Ta3 zGaSzksc*{i0FEbs1pX}s+m}u`+^vpi1xRD#lkM;LYIYaKTY^w_HO|kLsAlW==50Pn zB@Gwo3?HkBo7gD2Or1Xh5A}>UXIOPs<#*@i0;fESc)S< z!1_-wee6vx07exRMm*x%*uK!;XN2n(mdt(Om4wkXvIA-hkOtVj2Le#WS1H^g1!S#9s0r7zLojn_XJQL;|;~@rF_yEoB-2J`VLqHto-YPK<2A-4G$zL_ZiTO znD~uv3v$E@fz5x^6B+~DTmB91=VkuMuL+<$#S5Vsw~Pl8UGfF)cX0N}zw6rWgTR)( z?SsghYW587mv-!fkZN|PGYGq^=8N46{23D%anUk3cNg<@Gghzu4cdnT^nC{~eWzpb zqyq%r%6D5iwQ2e7`1@)iz+VNviS|CF@0)Gu9X=-*TV<7f@K=Y==|-Qh*1u7~B7gX- zr*~!_Wc4q5Kz;V@eu@LQG=IXuNL7D8`@VmOCqZ!oqhcChXV2)sRG(EmS!|D-efVt` zu73P?r#U`B`>cK{6mA)#pXg?KBtgHzV2}NG+I-6T+BkpY1FW+8Zn(+7bC+_e9qN8G z&fj?lc0o*zU>revcE0oPKZzPZzc47#ThXWCaIJlYKqNK4CvRBq0ouPDE`GE~qIU#h zIcMiL_k8U44&Mu2dCzWtG#+~NpLYhnESN5LWq!tjK3IX=znP(|>9=4%!{2P)cPY29 zzqQ$%oo(ZMfP8bdDz90pdwZVIHicd2W_7@H@o;_kZ$G(y?|!iBd!4(s=|uWO!T7aCsWws-T#P0$binD;ej2a7M4br#6X4A+q0kFg5gvYiT< z$mLKc=bdx1vC0WDcf(G+Mac*-rYDq_mGWrtMU?8e7~SxB^J0d@oYB2WPXS%j?afB~ z(mLK(jug^TiOWVDTFEUKSw!?8CYTtacq+57&pU6&s|EOmppV}trEJ20WTnhQ;W(vGj-m(FGaUc(4PAJr9R;s zI)S0Xwo)mxipf9JAJ}P4&F6D6G+sH}BgyTnF82xmdX9qutDIvw6B@QsniNX578}y} zbz8g+>%ihK9hHMC9M+8}>`bOuVWeb zk#k2`;Y6sgVA7_w&y65c$$JsSwfNpDQcQKh+q0fWXUE}KM45n0d~mg^xEbFb-)YxR z{9L}F-LEejOTHa)k&GYxE|b*3ia@UR$HIUh-bTEvW=?1FQla=5d z&3L$lqFdVL-v_%QRX@0mN*!WKfi(1*0k|G{*hTX|j`5t2g5ap4gF=?kYRRN}Z85G^iR+ zi`6P{@h$=iq%x;awx@?MG7^_z4N{#cv(k7rqHx=h=49h<1Gu4nrg%bdkZ+TKOqj`v zt9_S86b9wJb^-{rkJLE`gbjh6Guz;cgMTwibxQ0-_Z0o9pgacide+@iVR>T(EA_p! zPb-q6vV5Z*DtxogZ+HD9x1J*TP|Mlp8RtCjJaivfY;S+ln>%jiLBOvWQo}Ff7hS~9Xefn7d~u!~X}pYas)ZUkD)MJP(p3RgL*ZV6 zXU1TtBO%l_W4K1uUoSl^Gyt;lfEYf|`Jovy1!K{c@CRF2@wO?pa#6tim9{=whdP(R zGS9IE_fZ!@uCt0&)+Qg@p*lLRQ;Hh$c)znm@XTcGya48FJ8q9Ol(R?b?h5)&tzs`I z>8&s4vt<+583?3fEZ;RjqsXJ9O;`vM5;hg`uwBEkpNCER~BB7)9bQDM8SRY zg$*w#!YK%O&PQi{^houy5>^iz_bm_<EU8tRXaWiq$dZ%hPTI*^JH8 zkJOnda7a-y@Lmrudn5Mx$O)i~$z1J^Up{ina1go``@@{2mQ{4*jTXiaLEna6dtnx< z!3>VQEXz22)PpxCr7A$9?B#5DHrfu3ot{;OM7voCMN%|8&WEsuW4EXxGKvysb^1ar zjhDZXEBzFk|ILi-wwQ5K`}KtLX`y`5{wO;B0$RZef{Ni6g`%HJf0PzM9FcOXUB(r@ z>cLAD)*GzSMm}w20+S{Zi2&0eStvaZ?~||`lCf+L>30SWauy@GLtTms)HgnfA@b$h z8WYZB6ngxijA9N>(U(eg?s(_Sa8`@)HTxk%KINt8Tjd(U{K+9+2D{g2>3j>#Y*Hdx zu_4%F&I(K}PKEY{Cz(OvP9K3jyW*yb!t*%v3V{8vW`dv8ZMv*~CE)|DTgW5AEs$OwG=Z®cJ;^V-pd>T?lQ>;=Q>%vyx5? zx8TEdoNs}Y_%z*wP+s+oWjvmG0{87Sa=*S52F_&N=Kf5aQkL0p4r zsVXxiH6?pSvlNb}XVQaV-iR0C-g27_?2dJ~f`knZx!8``aR#rq#N|9(w1ew`uGT_A zmnF|XoDPw>cAY!!rw`TvyqOncP4mlFCj&oUiEkS8tNrEqI(@$QjJmHHAl8XiDKe&= zL0pj6^ZqVEKR2WyY#o6Dw#f!4mBZ3~|8O~3qp@mJ5)5r`b9Uhk^mW5JVT*k{88|MU z*qbB7gCeDL+CUTpml(y72*v%uK?o6UqWGPv88(#JYv!%9D_W*`8fm^$YT2vcd1v%m zP$~dz2s=hqD@3alV=ja#htS^$_BHt3YsfI7=fqxs@U2$!&!L;on!1At`a@~;sE8d} zh9Sc)<)Z2#{mc8PDWEMK9fv#^65?vCSoBg20lZxCzgW;~MX0~`99U>>Zpiv)R%7@W zHFlCqku}$32l{b`>6PB%NoMU|cFqWo!BQ|od7vKefm@DAGXY2Q0e6NTVfT9qs<)A6 zSvO(_Ot46$UCu-^SnjD;2^tW`pY#ODa2<^=hhv-G>tMa_LktYfV;UPL?PeGb92xV! zLmXo9s}|QD^1+!imArzo`ta5jz%zyr^u7U`e*Ql)994D|ZJ%HRbsCC_16gq6t(N3NR;j>g3Vn^SZR z&cmQqG^e|s)O`$(`(jBZ2#_qy=0m_@PJtb`#{HbzJ~n>bTSP z`bN)05R(thwM6{N*Lc;jq=f`cg;3FSI{MSbr~(~51rx)wORSKB=M`Zxxf3*2?F%T^ zoyEpZSc!8F&kN4nM{81SMg^XvT(bok8Vna!%a@!b3r=3FEpgN5hWm*?G&QL)A(6MF zN+@OCbT=D{UScypdRdx4D)GN3<6KBkF^ z%3VA zVxlVCCHmAp3{7mm&;H$#3IoE0+>3Tm!IYO>6dfSH<>Er8?0Vk@B-3)>? zZ+;z4FxmuD4*(rqDtn7^wKXNe!}c;iwaS1f;1Y$qbhmN*5ns#p0Dih)rAd zO|+$7pqVo-Mb2>FQ#&-}oxt}y_HL*p-HA`~BV<~Ws>}Y6s*K1~^mRd$YEjB=TtP+`*a4^x9GM?8BsjsNok2(f>SB*B!wT`EJNMC5U!05-eTBVo8(l z3uD@LVr0vv?rRoqQ|3-F5`yr8;t*>O z;o#n3)X)|P#q@zTq|j6~Vi=QVGn6uX7#SMCw7Y5psF>1VmC9mj0A`LD&VuSb*+Jlk zSxv`dya_;}#GQ73^UvS#lfI5vg#KvZ)g8fgZZCh6U)%y~!6r2Jx*jPguHi#KLxkAq zY8zeGvSY7(KiIXVnDEQ+3{^Wjy{2mFcj#Y*n)4}op>$Od(z?cUX$Ju5tcLWB*oSd? zGfYz`isghFU#R)$d@)p4zcX=GF93HI{%dVOLy@2uOiL55iY=UGx>AJv>#L(Bbmq+8 z{X4#_T97M zvLdCL9*X5Z?55U!!`7am0?ijp>cY>cdWKxln}^-(>b5^#UxPy(gEVi-GoFp_x&=y< z#OEZhP>-k_kXUiL*N%Dgu>L0V&pJEj?$g2v6_E9ajFaV<0jYNLL)&UX!q{xSj`&zf z+nR#|Z32yn3RS7JQtW4MYgMWC@0@&Y@yn^rb7Sm>+&vqgQgs`zi9XyF>zwYFFLeMi z<QYOwTGwumyjGxwbocFw{U0jZi>Uxg{_tW&O&!{r#k;qG6dsTSZf+|sMLE|j`f{{ zW%{yW)Bp(IxNGOp354YRL?Z zvsDcWusqURahLnMuQG;T?Jh;+tpJSaU#F6bPNG6e zu{~;78KVjlS+Qs&e1bU?;nqN4dVqXFi3jSXex*Yl8MiNTYA+LwO;P57X~=EQ4blqc z1@X|^+bHO8UedRsN>UxR)1(7^T8*}sA$yUu)HacNAa|}m>0@x_R6K%`%DlXjMS#_> z_GmM)cWMARBg6BjyKjaGAifPK;v^hQ*N9xR8pB}HJs{-N9=}TQrl)5e86?3Jh+r(r z2j6l_5Rc&A)dQnHN!~StSiTZv}EWtqI z@me|S(%2+pAp>LLZBz$G{IcJfI8BtVG~HX~?$$Y+o(x}T90-b;ErBZT2Ur;Xo36dE z=%3J3Lu8FgXqCOQ4ju)Y!$VKJH_clS^-cbdr3K1F^Xya|egaUQaF{m9oWS{2Mn@e_ zJtpI7ki?Zq;zYUx`bqDC=e4p)Sy7swo8FNRR%55rKJ3)~&l9O_(wK21x*@Hm;hz_& zHgX{TC$*eLZ!NI=O*AqR={qRA1$Z>A;t39tL%yaYrHDHP+*fgtQs_GSR$eMt7_F_2 zt7H)F^@oWwZ4x!qWD{vYn=Tn1-oN^ENv9GxDaHCQ4cOngr`hKPhOs(xyTTX0U#dbF ze=UT&NrRuHC`%1#BSloN@)P6jNs<$2`S0?^h2qhtmO1W>J1n6z_awX`6$o>J8bX32>qv{&%T3`OO_LGIN!p*6+fCaFL+x;uC^d}%aeX!Yz>zk*s za?b(ci7jDyHXA=xjI_27iHQ7u=SKk!mSRo`oVflPXi%aWKVILAo<@?Ro{y5Irn7u- zsT7G;5!eHGbGQiD8zK!vEeT4fE1y!hSf)#O{-meW12-is*X(zpl&WENOWITEB}~z2H}Pr)QaL@7=r@a? z;w3E}#B3#3CY_@v;)q2h5AN2K*^Sa`Xw4A%uVpi9*#!Am!DntJ)>7yJT{<5Lb%X%% zwB|^-jb^U#+lG4en9ZQe&DSLqx0cZ2Ub;Eqvwxr5M=FM{uv^*8%`*Z@k5?=i91pgA zS(?f^g(Mo5`zoqvSWJ1RQOvp}X=D9aoj}=Xu|!Wv8b!7x#P~JlHgQj}21|N=(%oGS ztR|T_jKN}45!XH1+K=A08N&yX;OU0$FN47X7Dun53umOvuwC#8h{7xBBfD{eEX1<# z8ya1R-bjDuSlj|J5x=$jXYfbRd|5XP#m-tnBW%aZnl3qAdG_mwvW!5vn-x*KtJ>vR zBn0D6I=&J0}qA?UX~XAd=o9Op)S& z8ewccS&W)`))zfWb5P+s0KTAgSbuI~efzzKZlW+(<%fXyl~H$aI3+xW*klh*W|(5x z-*=Emr?Hq+o2f~8$4oG)S$5-;5;S+!u<4LNxVH*E2D}_@>J4&mCs8&Wyu$jc&a$iB z2(S}gE{zoMUqXaBO<{7R=6*oE->Fw?%qxYEdRg9fgIVEdWvj4nX|K%5BB~==-XJVlogq;(%){ z5aV8dx=h`0wfUoKlxh%+mMO3H&pEL7z~W@;BE`slVkM;wyf@7nT^CLk;<5V~A~i+P zAZS6P-W|L~+oCFh$O$%+fVqyhHRyL>Gs8E3vlqRy=1aA0=r7JaQ$M(7!4Zkl|J?T+ ziyhc|lm2_`_T=z`##eOU^uDTm?3u1}7hXEu7miulq)Fe%DPX=-166LWAsR{+G~#GC z#+*<-yep{Di@_it^OGC&FkLAOjUV%6sqXF8S$Q=FGqQ?2%{7 ze6+VdEDe7t+Ndub_JAz}Kze56B=heSKX{Ide zEu6Ck9JT9;;wfQg-*?610P%C;*>Q#p(g3(fo(;dG2Xqx;_xL%3__Z4#E*c|j6{0?qs3;vS2j=BQ2n0;y@g-d(kvTJ)W->`X4mkb6hkbP|0rxv z>KiJQ_%pU`%EbBGqPR9lbGGJ}AO~(a_5ss4~L4g!77_e_K^7QSz6lOubA~SsA{0G9&depXMp5I9v__dl#oBP&?JYM`Z@2 zjck@KW$K;VP1eJuY%BOO7M29CJ7h5FOc@5IAPOPuI&A!{vg*ZtY7iCX$Gh*`7uKwU$2d!vHA(Gv*DPDUt z8G$JY@6+n+19Zz_<B|GB7Uh z86<&WuLaloP*W+y+JG?HDv_tDHq#b_Dkvl)tPQzLFm`B)W;nQBp9e##*}Cp3Ug(5o zskFi3mj8C!6!1ZUCK$7`!|hB1vn9Z}8JI=z1B4b;&tFn**4#y?{<+IH;~Ag_C4LZ< z$ZY!l(8*K-Zk%k4i6MAg=v27-8_1M2E~pFgJ5Zd|r(rFr#)k54|8xo99c_(@u1uzq zfxrmyu?p$RBz#psOJJLgb0+G!Ms#s4T1Y2hxnGMxxlA}`z(wHUzCE$9uuJ$N9_7va zW5+Q`YqjYK#k1|v{;z}l3_p=0cRL^LjFbl!CCJ!R!bAM*A7$GaT~3YLBKCux4ay<^4DI6D@UI2NU|eUgCPsy34nxuowjrWvs7zI7V4Z88R1G74gp*V z2PtYc9F&kHFW#8pXjU08f;MB%NnNLVTB7+o3h zpSCWv%krB)cI61mT$_xt*6bS!Vd35@HMFwsiI*xZzay!LevVYZYqPa7UPis@Hch>W zW1m%};2l4$H0AiZ+043P*dn&DGFS~oNIm`%JbZ8364wusG4qI;cbr#smfTn2C{I#8 z&lZWq`RfTr4KmW^J7}2>gx>n)wVqZTz8kW9_+1}uni47m8k7d z3Ywx;t^f8WG@e)4_~h?Ta`4 zOQ{e*6|JUZ%%0LuLXC6_Z7$HtBN+bV8FUdz+31G5%o8<@b&G4Q8FSm@jNS8+=Jx5? zSO*b0XotMB%=jaa_?4IS=y6wn5zXqPo;a1)3y$#;o9KhJI!esLz-ID9iQY=SAYtq@= z&_?r-N`uie886rE6s?rE{7ZJrpF>q+V87Fkw(L*^i@%Cm2-y_Zgu+XgMF0dh>kG<> z(O5(sjJtZ~SG9{wFbp*t>FJgW*~>J<9G{82K|VItZ1){3l78NmP~-3N`5sl)QB*6* zRw$J&@=S86q#5CWsADKaHZJTGj1mw!cIUf)(u-Vb3yO0$-zi>}WOK!bFxg>}Nf3#L z@4Pd_xcn6IpJ#Nt$?&DD#Da5EdyKD_o4f>{2kBb#`zni)eii>mq$h-#6 zptm{Ab>7E6QhgSZV;i2@ex)-{VkJyD6j7cX{Ici9;>+}?%b>ty=bL}_O|n?x8(ElX zQf^p(>wa|X^Jy-PFF`NY(S*MQ!`JBK){2kJ`;uR9|BRu>h&RP|8Xi&yyo+g_NK@Zk zC7(=>wNBG6X$J=Pwu7j8r*Nc-ZcWy`9Tct0v`Ys3cZPL;D${QF#u(v~v~g0&4%{L- zlaFFsg1*Aef!+CO$7oK^jM)Vg?@`XFMtg0kKS`DkNGW6S^3*>J6%geO?_)*S&z=B= zH&pD0@btw!(S2Q`y!8FlRT>F@=dK!nTe8{{b=lx}-TJE4!saImi3mOCFbvK_ZXx5uTg^ zG>Q&K2^~K|>T;K=CF(3_D#u&>UU0d_TMDwP@<`<17;;QEFjg%_r)d;_a$7%b7W*_T zOvJ(A626Q-UfE@-QSyTDo}P;fZ*0jgs{qe%wf2$NTipa=r?>9DqT)MMAeXlsbz8$B zPEN=+s~2fCo)6LcVF<|j`(d@cHNELZw=eO>#iHTe*E^bT8$i5C=kw;V9W#zLNst1- z+#YuU&`wO%F>s_KMzXX#h!=!5t$nqqYg$26E-M3Ka~11z{sfJSqlTPQ04qa`5!d_v zpk-X$cq^AQ5F;qKJ)4pue(vgOrj%IGU}5zxpWg|43x8GP{4aMlCSmDGD)P>3{wZDR z*Cs+ccyZ@=)eQ6JxdQvC!IHrr%!|TY^kHWI)|w>`3TG7IC<3L^w#3h7!Rgyg=crCs z04QQSm?r`Apl0Td9ISBe0oy6gSSEv|n}@gPgCfR?3s z&J_clumUqC4U;E1k&=AjEL`+bAZMqNbPEARCMnXhzYIzJu(7y$wYNyL=T~KIUpVVh z9wn+lP{B#PvI}RAe+#5YUQuo)!JkFEcnnzS5E6n{B#0ApeiW1@zrj3dTD0pNClp>R z9>=0ry!3o1a27HzGd73TX5Od?img95phEVqDVz^r`2_aUE1nWvs)$NN96Xwp}=!=Kw%E&vC_5YvuWykupXOC>nANFj(-^L#kpS@ zJ*MIVNfNgAlRQID1`v1q zwawb;P&U;Yg&+@Q2<9V1v%8p;339)}Xu&7OzuU6HlG5tw;x_TWHEkf<&yMaM2qw9&>HKqU~Bk_F#2lxTz>>mR_c0 zZ7pU$q+t^^^hDx6DVNaZE8nr`8{AC<*A9`$jaYY0ce!>AuVPlAo4IR!lsKy|cgu;) z-p8p0bLPRs|I{ooJt|oH9NSdP_%EDtcFDE?sT|9j{J-EuuI_X4>vmS1`@r*l4bv?pDxRpb} z6cskV<2Vi6Kvby^+8SF_q8f)F>Ci-Ydq!dc33u0oL+`qVRENG*Bi6N8^a4Nl7YgD= zA(XyXsGYgX=gUaH%Q;LAiV4kNrN&%fp^Cu0yDG*x9>|WX4k7OSF#B~Srqo(JXK;wf z7lc#f3YJf@C1Ee)R6pir%iHShbX>00xqIg-8l(`N*tJd}L<^~o2pR3VGY1*UiyL~r z$#bHrDYg_AbV5g$Gc@Lk4u(j8Dk!%@ObD7JFuWICLo$^0?~mC@FDrIDTNKAvz+KHQ zP|t+*m0Nj#bMrwG9H~o`QR*i_9hnGPk9Xi#@EJ-7^t=S5?B$P4qgz_`O2!xLZVaWn zq(AaK$92m9;)Wp<4-154Hw*0Xg9!rh;2=o<42)d7n2Q$1xL%=E*V{vLeSHDi*LTZ@GG-B*pheX;D5ycJs#HFNL_)a2-&&iEves*X_< z;u}kCaYWqLdeTz(gH5Ja`&Ej{eAuxlvNSSTREtSF)Ja|12O?Z>TCwHj{er?pk?B$d z2TS#hn(A}P!39(^MC#vGSkCu>oV6BV##E#c^&_y9sU~TVFQuLJ2e(NaJwn>%aK>02 z@1>soU~TUwFFN(VL)u-3GJaP~My)l2nRa*F9?4c-CCkW2?~+{FLY03aP8AX5I%~4f zLkq@k)fRLP$ma@-3?SBxswBHbeAF=2#ELmo(Rny|FtnPR+yzYG=d*9jgr&}_4i{Zy zMrL_xJBr^Bg>*WNU)b>lL94R(+4GkZd&p_OxCZqFmcr}fT87SQ?OxwLa)l8-D0|G? zg0~e}H-yJl9J`AN1|3H_;Gm429hH_E&tmj9u&i;(1r_EAI=9J^Rznyu-5qquQZ)k7 z*QBJT6A+juF?Tt(9d=+KZjDg>p~|`oI{vi6EYq>95bd=*Rg!*xbE~wSlTMg*c4~ko z)XqftP3<~>9p`?txp31Q>7kGPn}Sz?OILvQA6dhr&^tj-Ful2ges2QM*h;iNVaN0Z zs%{aI6x|@jCpkOxMSae-#R-W*p#$t$mBBFomlwk;;iaxUC_GoZr9ARZu-J&6cr;1x zmYxWMMJd0>C|bj$hc(amhG3D4kF{}QXCxZMC_e)JkgVpQzkl5ZDa(g{x6>g}Cx zUhd%w>tuB)aCNB+2+qE5dZt_p<9jAp-8E1+NPetNyd6r`dWP_nn2-&hCNDeWPG}E6 z3*!Vj<{-xjedkPR5}9wWSJv+tBlx=}vnxYCk7hhFRk^inc+fz7DAmhLCdbOpgyj+B zeYi!@?D+kFZg8qBh^)0;CnEE#4N(`zaXGEOHDv~-Ju4cPeZt6X2T)iHsqI$WNfFOe z&9b=|mtVzhsXe+s|B{urN3N8IP!8r<#4S4(9(@V8IH$qR5$qqO((nL7Hi7Few)`SG z{z(YKxpyGC4#2B` zIH{5TjpK3pvcta@-7P$3GJGHcN55F0+tTjg9${4N7kDa9tWWTdw+G<;BkGaly!KK+4ZYRSP_jgYlhcldF7zl? z*j$Yr44#ejGfI6ma9_@Nn%6{J2BbA4zV_o)lL1EMEZ$&?`n_ik^`H5jotFyk{(g#} zF8z9uBUK=AsbN^CUgCTnDzb*N8?L5$Xq(o$S&zEVyF2_Gd+@40;&NK$^O6o*5=b<0 zU_*+fuxnQ)0lnK#CoGJ5zH@H+kpk~Yk8v#C4VQt%FV zeFWZTT^PPfG+(Psv-&7uxx{eAT09#|3NL0+)6A7Vz-HKfGr^;C^#mX0FR+*vz~vnT4DY!(OdBY;_g1!h~+n`0&rVY`cj}3su)4Hb^)dT#Y z!&q^jeXRtQ4E;Z5jmn#yI`L{?&`CgIA|>`@4xufSe6@d#n(+z zO5Vr~{W-B^Lw#_Uh-ptvOoW7814 znj*B8c{_hpvIkL0C6uFgy(-AOyHSQw>7mB)p<{+X^e+89F7!XJ)FAwiM`jkm@g9by z9qvN~a`yOq6f)8foO#-LB+gsBJ_OWDd28Ob#y`SP9*ZW5?zj(#{7Rj*yu18B^8$k9!fWTyT?jwomA>AE0*bZ(I6rn-)ng>=d^U z9|2Wu(pE~4;vg7pYmc{UJZ`2xZB?K`qGjj2(PWG*q8}ik7Ar<;JiXI9ughwKd!j4H z_5%6KBKy~nF zSsY+YQsCzu@8@LaxB%>X!DbFQBwU^GS&*O!UPY4>wI5C<(8IM*|0o`Dr6UOEZhNJ& z)6;9CbN~KZ9aQMW(P|+nDNM4+$wqI5^l}CJ36}jyL$-L(m?%P$6>hy-R4@={1@!M0 z3fMl9MFYda^P%&}+B+y9h1>RA>^E&)8c21B)FiieQ0-w&f&>}b(8~Q{UBJe4BGl>D zNU=4>Q#w;tz!Bh&)AU4)>r#HZQ=9Fu5TFFR))KINJ5rjW*75|)r(!@_7Gqp+r4Z>x zv@V?Sq<>od_e?FR4`L-XoUZy4KnCN}^EX*F7^R~~}grwgnw;xTdJ zI)sOnwKQj@jWtg=Ije*{hW~E1Dbn*)i#UgS5^r*BFS89bk^!-u?3d`?T4b?`{(X9M zK~^M!L^(o?7fq87kGBm!zhVLSmj!7LbP+vjxyh8_qG{>ak1NOBLIT}>?wOH=BMzT^ z_1{Anmbe2KL`J37x-kRpW}Q68=-EQ~0_o`X)n6DzvNmRf*RRmhwv#D-nz57{Pq9FY z!!Wj2uD+c_$S=17?N!%`btHcl1`Ix}c^xv+xmZ&clm<^)mg&Z8*k8~M{7K-rji+`r z-JyniebeEC#htr86}U&(M)ATT@`!#4)cvKQn`uMS-vl>fEYhnN+SkBsc3}Z>-yqLZ zh*N63zfU2$6Xr^-9HT@fkJC!p)cM83k@oron}sD~6RZ!%W#^$~7VCXor2+SP#x`Gu z%^+96J25nPHhZ6i*(GngJdHU6_%si?vU$NeJ8gqSEzJ@IuI#)<0LVhfj*ys4@F_fr zoxPH=I%gHjXYeD5y|LJ0r8ID>{|eOe_pL%1fpTuNLGecvuOQ z`z$sBFAry&Oke8*+0S~IfjBzJV+VhS6eC0mUe5Uo0rdjj7iMK`aHe8k7UNT)f?)B=F8wuP@LeZOI=|bVf~r8)U!o>$KB61<=@s zw3s&|+uy`;529vx;;Y3l79MN1A7XLd2Wv5C)RS;au%ZNJkpLl0EN+b`C|8U_*X-#y zI!h9rAS~0V0!&kH4K4NcWz^a*TgztoqN)CCJhy_W7d@{gggXd&uSWho_n^ z%T^8CzJo|KGx=aK2$|Z~xR0n>THG!DnJzf(8$dOt36mK;E`SYk=U;lU!eu_TravdI zq6ZzHy#>x)qyl*_+(R8#s7M7GC|r$gIU#-K;5f4%|01OhwNIKK!2&Z|koum6VkcSTW0C)L*~oWLEpMMGluJ#@l-0joQjQT@A}xmV zhf}`2dI;8B>_~t2hmn7p2_itHe%QCkx+RJsI6DUQVFEojO&-FLCmD_db9{dchYQ}Y zn$##N^lXga{8J**f)mTF=`M5n3}j}^&1P$;Hywnb!kA~5wx9!PPH1n ztL1yN9a+nV@L?4HEQoamETt)+mTs5zZ3R!vz~8t}$b+T)kVMxxwlc1;R{pOOkXM5< zUDoAc#?Y{=fnKKNKE>~v1ZX?j=<(rm-FgX^8P{&=F;AHl5s}rCsiUYso$iZ@-1)); z4iIwAs{l_zIE6gc({zI!6o>+=DDvwAs)D_RY}mk?R^W&xOr>bSKy4V{7jCt+;(P}C zgv{!CgYbF!T&KKQ&dl+zg(fQV>#-~vMcG8aWvR%Kt;2+IH9xI57d|PJxy1?W3FkPn z=B8$NSuo`4X`-Pr-GNFQL7ipp%}{L8a1o;@Ks;exnL*1pFAQ#)MY1-36oj+~d)1I; zChK~A7#o_`vmI2r%w(xRgwRyIdWI=9$kx3j*wb`jnzvAcdz2n;fU=tEo60pPHb~#rvO3(uER;)r z+uPy-cJki$*PVSKOdV9A1KRwDN&clyxh?H27mbfQdYj;F53w1<#UCxB?VD!$;2ib1 zKhmm}d1=fDI&AR6U*}sYO7`8L5BSW?9I}k9W)hcU4)eBU@+EX#?QX-q5(}y_dIJe+ zek#Ut@N2{8a_epnJ|lyZ+j71~Jlb>HJrmSBufiaDrj*D#B&yf$hZfJJz*O;lJ7*5n z_xzw@z#7|MFcH#@H&}7MH8bqVwI*WtbszX~?)sUi2X1porgoIfGj8>~yI;s!#T zl_BXbsfz|5YM(6)v=)p2?pfn>$J(MF{1qn9>FYp>2$Vg0DD;JpaCn0mCU|q~kZ%Fh zW8Q~v2wo-xO>D=5fo^lPS^py_QAI#WHS?+@nFVEGuWW#wT|`GNjutxFYVtnAqa92H z0fBHHE(n#i*vIj_5CCE_X!S{*%pVyef#o4!Ho(MWd#g4FNH8O!Ct-@wx_Df}%bt

    #-Q)Qd~0k!|-IzD88Bl zj8oGUFWaKYu;<}6`F#yxqKwjx7ItUVY3LT-T!#}`;sgM+GW`JjnXW{5D&$75I6O=&kw;qXsFQW7A7qeWkshE>Bhx7PY|bV>sg1_TZfi1c)J7(jvzy8CQvGyAZRbp-)2mG~L!@$`K|C zjp4zD*I~i#39%4`Gd=97)!jK+GTu(LE0Z$+a=Jv@+K-jY-AX4@2<0$^LClv`ei}2S zx!1$uY<8iv&#+eN7Qu+>#~E5xK6*<+JbuPnk~*Iqcc2~=CWgZP;g30dPwf%UQ`&rS z0cbY5uv8`05jx+umoo~~9UmGGx&<6tQsPT!jYR8E5+e`suxJMP0-Yww?3i62O^I$G z468GJz)ZIBbj5h6Q5vPew9Np3dNu@SoP#gnd%5TbMG>s`UESYKMVDtIcE%%1tR`&L z*nR$!@m*EP>@zMIS{F|+WNYJ;f{)@Gy&k#jq1wzD-|b(HotJDmo4xWsjNL<%AW*Ue z;IeI-UGB1N+qP}nwrzIVwr$%sr#3HQ7PEN&;BInpGxB_=s8(V`JW$5Q+o;&#gLtIg zACA_;&YU?SN>Vov^F{+_e=Cs>h6iyWpbYEpSZTMs|8T?5heqs1Nosa}BX-dzSY%`Y zQYYF&Ixz|=TjR#URcG23fnvAIdN+l^6yQ4R6YzMN5A|kSvSK`8v z2k+usk)1C=zU_*bk?A{9T9n04KNIw3y@LB^9)#JJY3kzrSn%-PLs->2KzID-hxp2|dJp$-AYef70)+2^c%S(-xujD#et>PpHH7D&1aiIbzfDmX6$HM( z1s0GUiAL>@C$q-4dIR%g-VacDrbzZSEON110BrggLf)ujlK0D; z8e!S4ZGJ2|FY?cT`N5Qyr#aL=gjzd8#Nda48QDIq%bc~zpqc1I#^76U-3PDo6EMrb zu2fZuGS{dznC(GKF_f&i$Zde*M9u$x2{4Gf%QZR|-`VvoFOuh=$Ks%WHGPa>6$ZUU z@PxHicFf)}UgPs%sV)|wuz2^4NO6{OYeG72Leyd%_tU+dQ|&DD<Y|0TZ5(kInAJ^R~r<*3V1yx%xmE0FxaYv1M~gsa7oqh%xCj6gWe?aKFSe= zj|c8D<=O7XezdaV>vh6@>CPr_Zhd;JSyD;|rpN^#1Ab?cztQ_O;%~ ze0o;`r7Pc{(BudKe78G7!pMc|v8i-n+n-MW=TJS^skr{C@pG9iG&Gi#+V@GOI85UE z{z8k?4$+hG8OGj0-Uaq&6=4aU)9l;bh`(KoD@eqWT_`OI%<4kxV6aG7(er?M!k!MZT+j|J-G#OW5J|LtXAktcSQkga`3qQzkSa(MNrtjjGP_l%0 zJ1uRaknsn~9W#C55H{u(_ zZ|Qj_HfuFGJ5c!sEs>7q15TnUfL-Pw_YIl6#@8 z#{!8^ASq4LvL8rLq>^PMnsk#4$$Np>EJ?a<0#x5(z@R-Qe2SM=dEB$EzR~pNCo-_v z3}EX3mxmwWXP1|5i9Mui=SB6#{+w8#ma=4gV8s~NU}`MObTX;6LZaW`*wQ~^H>@;M z6yQkd_(zYzzEP{zfDh{lZoG|p%`Fva31DO>Gnx+LVsi$264GT1(#MRhg+eYPaWnI? z3jEwfdV*1K*Y^%22xv4=+95fZ4yaBFMZv3d?tS|YN@qLg`Gnbu-&g6(MVG1TB%T9t z|2$yfQ3((CIrkoFYH~90x1xW9l;<7?&e&j5Y%Rx6UT`wNe~@ZLJJ2T&Y^S0yHzfpN zTTnK4upA#^!?<8rf>1$_j~&)fESqNxxWEDK9sWB6qmKMs5-U=;ugw6zTE$m4HRA<- zANse*COYdUNH+DVH71$rw-f=7omKUGWptwVEjm8*Hu9}Y6+z9U;^}~|6lxYuQe4Qg z)Vums;xU}Zlz$bEGbe5EF=$nD5OJSm-Mez3r=F_?tqRkIE7WmciBqRo6RxEzoS9n@ zQ7`2I!u~q2`!ez@-N!H?cZhJaB^K3-#?AYg#~BwDT8}je zsWj?zztT`nqG zdFx2#fR*^blX+92@xd^*JoYZ*6lXD?l^tU?I6bIaXuR6ad(w>seLhBft^*u+Jcs+c&@$y-n)rj7STpJfK{%DO8<*cnme=C}Ev>t5ev zIv|cp|8U{a!iUDQu8-*9;c5Sx$uwd_k z_GKN&$HjX_MT&L=_PyNqgf)gn94UcnGyjJO;2U=q2d|GK;B%VQj&iur5QEtlD>iFV zps+7N01zRoc26P8OFyA5!V}V@=I*O|8=~c{)!qxJU!)*zj;N=%w)2ywbCi;8=+P-j z(M!-;2PT38#)-<3Gw^+u)L3QtP;oScOEo(_91{g{MDAbY zdH7IxL@+@-Cp#)vs@YIvs+!_B)6JWYA}s1=0^N_sB#%$UYS_M+U0m;&#=)4Py0_1e zmQ{dZAUR}>_q@)9bvqdR9K~d_&INrmgqo0IMszT_eH#u^NAAiIw~WC(B(@OOh7Adg zy%qG|E;^rC_|bGvq$?~d5>f-vF(TY+MJA`@Pje{tS)xK)Zxgw}WGqI$CXu zwAf;7H4*ina%%D0oh#Q#G43w6cL{L~#y=l!sNWCUz>Yc&aW?`ZgPF~XwUP`8N26I| z@5#shs;o*IUudiZLxJ;|98d7+SDHZi*eK6#1rui^9urn2R+Q4tT`_c7#NUAVe2!>n z?lq$yDwT8wCCPU}-8}?qJp?*1B3i&ifWot;yDY?2#>i#w1f~-hwIRYR#sxr)Jo%ka zsFk)bH=HRpjZx8*GKSfsjQ`*t>Qo&8_eV@T!4iI!AKX&!9u2Q%%X<;oFVE3Yt@E-F zU^m|$2dYi??HSf19!NIG^Yxfg4r*H`fXfnJpR5uzvv)z{odNNvG0c_UmySwDkRsL8 zpbM8nu45sC?`X1mPH&ZG^5b5r&l7;+=sdnyMW&AXO%(@k3~|8Z_1w}69vBg#3eI=&q(+((Hj57dZbcPBE|;Ygr>AVB8<{{tD_HnHI>- zeD!d}fO}5&b&$OADQ;Xy$`KM`I#GFF)i;o1nqxZjUE8uU7ZM0a@yC?>T*kw?ynXRF z{>-mI3d4Nmy?@5HHX}5eS%PZe1M`E{N6y{I6@E;fl*m&hSpxB|1Mf8?F?!|ajZ@<7 zYf*>agK70P%c+qu5<>33%7zdNz!GD3iil(_fvP^S*5@#3;H|cXfT77_V<~_?8XEpQ z@1n7K{$A)z;A4)jHb}oI_k>q_C~xrwc7B*ur(Sj?QvPV^RT5bbOp1oGtE+@Nq-moD z-t&WnC*u&_O85I$6w|#}v3&xqbSbb9%?|_gr!*`q1vL-OejAxVsKF-0Js>d}t-q!< zAf*kS7)Bh+_c=zk)&Rxni~BLjo)vL4_Zx&JSeZvoJF`04|$hal_Gg{`A?vffF5^y>?Z^dwuT zg9Xd^YxDPVH}dRs9sOC<6idF~Uk}IqpA#s4o+DI_1WPMpKXf*IAsK~fiuDA>0kzS0X5 zBQJS!e*)EiG}I1n0lXuac&~eckqFE>2oVm7lX^nr!m(wwt)X!c)_Hg3f_w!FbE&9B zQqDNy^kUfrE<=NhjL&|L-TEU=fFYMsSkTy$7wbxgm=OykN5u7rW=WHuB&l}Z!?M;g zJe9VqV`gdeWH;r{Prl<}b(p)WNxUvBSU;D3Q4P@yztOYX)xE@{MuGEnTJ)IQ<>oX( zv7d>w9&?+kJ59!X~<=aa7_&7ICm4(y;p4w!dqP_K~*Ly@g$(3ovE? z=p=9vk`8JTS&-7A#vMWz`P-K9-&$0J0?BfO0CzZ4>8Yoyzqwb8GYv&eUbb4-B^y4) z7$UV@7i=f#%cC;Urq-F}A!?SFoGk>%n5qk!9UY1V?`&3e->kxnRKoDiyj5zCBK5e( zFkk}`DxMc-3*e98N3l^K01nayjoL$k8#;Tl@m`0Dcw7D?^Vo#XB5CP_O1g8Iqz)MQ zGBHWK_}?WMY3-$5rs?qc`Wn22nX16f^MoArwr|NxPR6;?@8x0%O$qnYnhV=MFlF z*V{nXYGfQ(J^06}+Y-xUc&%}aMHkF3-hUqtwwy+uotisFAX)%zr4DMhadA!sGNblJ zAkQv#J%EVLJS~IxSF{HOVA(K&gmGi45@ZwLD(HbosJ&SC{+lPp4pX@_6EU8KO5hgh z4L*uVvVKkpYpo7(dAMfVIXb#5I0QS=RVy@7vDA-=77a#Wh4c*w z@b1-p#l^Uwgd1d_&d7_pJk`uQl3WDm-4+4qEkW!eLyblAaGVw}uuu&fcQEaf@bC9u zjmL2^Bc3!6VN}g*W!pD|dgf}!VBe0k+H{R_I`ZV7#3n^mFRU8;(U?6F>XHR;B%+Q) zMq-{AdTPqENKi7sU-W4cDBNaGUs_1oMa>Z$?}D!9*T3-9+P`KU z?6edNrMIcx~ac#t7?OHX|e&CY`^7_k>08KxxSMo=vgOpgulaT|JI<;@SkX>6O*QMey!i!=17PT0#qyf#rWVwtngb2ukRc{n&2+1 zZT87)p6|S>r{JSvhV{=0sSl={AUuPN;Kl5-iGGa5F%C-KDFSwmg@a z@!$396IM_hWdn^lb+}EI!!E@*8d_GB-_ne#fkZ61e0eYljH@&-n7A`ygjk z!*)IkEkGEtwQe@zpjyaYPFhi3&@Z((o6DZ!k5;5LZoTU3h>t%{^Lp6CE`>OearRJO z6-GH+V{@T^XAJ;=pw0$_SQ|Nj^-0uoCQKBM;ezCMIh8R~B)t84^zkgkr?-^)zA~av zV{LdG8g|({)nVQn{%LxwTH{6f3owY^yM!il4keuzyZ17c+OD#2gkT$Yua^9G>_Gcu zfh>{)TFRs*0BZh=7OAWXM27MhKu)VOlsm0`QRg&oKWYs30s}lApy97d0E*n}&CY&W5}H=|a=S)CrkPF8%`>$_?fAvMW2KWd8*A zW^ADH&1y!o)<5~D>d>Q2FO!+6eL}?*rD!DPD}b+yegB6XjZR;8>m2yF{UWc4hcy{( zI7R~m?HiZNCnG2kiTXX(0Yg~JMB9I&Uq|*#<&lfVc+{HB8?kgChLIvY@zcK3bg+A@ z!Z<(9GPi7xPjgAhGo)(~!%?(Ce2NI^Y-OD>%;5&8|Gf0iP&h9E0L;I&ox;mVO{4DQ ze(m;XR40Tv^C>+dRMI!gN970k{W|3<=Y5O6(%fJqZ^C>X9b4WukW?K7X!-}i+V;g_ zs%>OSozS(PxZTp{RQXlz(H2@0;r?v5+B8H!rW28?V}` zg?|D1Y9-w4ah8A|kRdbqQLRIXcx_nQ!m8h2J0gBeNV@Qdho#2f^Hvsp$C_jS3&9)x zMFf$jdo?f3vV!N@v+R@9A`}Z^OUOWW9HjW-3O9ZEAFrH=%o&V)RTxJjOE^W=9Y(2k zLZpg0f763-ePP>$2#m+#T;R|Wpz>4{>kNL=225-lzTj9zq`osFpwJw=1ezGh(Tv+d zp9cuF(Vnaju%F7nYC#Ksvx;T|-?A-{Gyw4w6NLDK4&2_qa$QQ839O_u5$aQlu*i;KjmD;32hEf{VR1FWHpTd#zxoix<47u^;LDb8 zJN2PA+Ei*XF2{Mk8P9|d$c|Kl$&!2(mGt*L)jlnLpp(;GZaFtPz*1xf1S$h)V?XDO z04yYl5cI!8^B14j&+u`(iwXO8kuBpX+nw{t-gn)fxmRPkh=ey}d<=+E-ZxzdgfFmT zzWuS6DC*}6 zcIwMn);4>Tann^8i@Zl_DoZS?P#LzF(P9$hq>u_$+RpEOkrZeq9zk;a)QIN)Z6m1kw%qSy~H zKG28nFXS63=D~#$_sFV$QYrlD0VCQ4LmRXgP?(sh9odTpylyw+5u-3lW9|r8gGL8q zGB%x%OtL$aGg(&`pwyq(r+Q1(BLiSd&r^NpBrCbGgDqmS9K_}BtyOR_BhHpS!S_?$ zj*syko8Z|IrdKI3(EmPKbe;8kbo8r;W#=#vLff3XH0YIFP)^)Kzao(_ycVb5& z8q2Aj#q$kf@n|IOa=`nkXcN%;eoO^3)Y@%ZGtB)M0xD+Yy@8SwM>WFxsE8xC6UJA= ze1*De1{!LcXCMd6>5J%3`Z?w{ocQCgN^to29QJqxITMeXBx1BJle%VhM7%6v5l{Ci}i2w^h)2;5@9UgzSdY zW|a<>nS4GK%DKY-^k0R{tyt;lF+3}5j!F(TY@Lm<>r@>_zv)bQz~bTr>gd8 zQjvueqMKwP^L?OX^&p<_obl3GkzEGXMv$!q5;y|lnO9O--a~1h&Y>LK(i+|ntNcSz zc>;qH!7<-j+v-wJ3Yj3&V`SXJ|IA)gOH&m0tiL&WbZ1aTai8KmQbNu52{VMnd%;mw zpWFQUOrToeC&{4pMc)YlKRbspibgl9rWaE{adlqn(s*#0C#5}FV3PwQq6 zXywm^6raX)U{ZV>e@RL;z=-GZhPrKWeS{Pnk6}{CDK%63vDLF98iQ=im(oj;Ao= ze1klK-%#W!+Qy(#RV^qqmN5Nb8R6V}Ts~O%yJZ%@diZuJ89j{-rfbB=_v?Jh0rpx& zVvZHJuSp6_jEBM3ZcfuhPR~`qc8nQKo=K=%sT;N0#5g(y&NvpzI&RRA#4@ITOCzHG zedDuZ4NsMfitkL1nlt-68TH<7+wt@S6fEkWg1(l`S62Mpb5ip;m#B3c_5Jq@yfwkjCZ{28%{Vmy+6kyKbXf;X^axbVLPYCZW5=xuFr{DkJ!hB4cOi3Pt z1AepmD2wuQkuWU57Li!877%aT&7r)sWSrxxtTI$b2&1s?6*VuJyIyWVgs=G+<<^ub z@JLW;DhTQq$gF{m;|4R;U`$nwSU}!-DzHc##3UUoHUOx`6e}~^SX*9j?7xL4^&}XN z*o&jqz?0Ftd(E=_CZsh`4rIRK-(M1@E_loMO^<4FF9T>$~ zJJl;nz>hG>G$svb(tGL%er`?saotAL_26#|s-96S;*42U86*RZ2M51wdadS%`($dbgbST>Z5C}v7h>#6sW&fI%MsBkhC6!1xqD3vA4|HYz{*?VB$MO2> zr)gVLoobBrVQMmGZO2N*L>pKK)U%aF4HZuC9_kj56i`Cr9Vh^RKrRd(0%g$Hm^p|b zf466{wQ5)|2pj}1@e`dN5)h2=#(JFKkXsfS4%o~?01!w308m~WkU^XPfdB$T;xiON zR17GIUkAa{4-KCW84lQUxBgGxmKP#|DEXmx`p+k*-Ksqh2norc+cyL_MQZ>e0w)4Y z9;g6^zxEB)x_=%3a4RlI)ZSi0eFb}rl?#0WgkSZx4obL zFtT3^HpVmg+gL6LUaxKgAjB=?XZCgN=}tI79d7{tFH5Y-iZF=|59QUm`-Wh42lg7wuGJO@ z2f`j;=V$lb)337^fTSN8=k&*R#FtnL5YUf%5Du~qlv6;j^~b1(H4yiE@Fg|Y?-d{i z=%$Gr0O0%k^K0f_N9WlNWAO$59sgybR^O)JPA&CgCg$gv@=w1vz;~xWKY$KDBA{PT zD;u8_2n59E4Rt%gsBS61H*y7_qaQHIH`nD?(zl~tZO?V?LG9Kq$fql<^=p?|A3%&R zlMNsW;QE#?rHS8Uu5um8{Vz3;;751!Z(GSt_=)LrP$&jDDQKwh^m;x+R{c;`wF z+NTe+-j5_R;7?nFhMs3w>BWx+b6nmBx11llzz-hrpdji#aPvwq!By5b%0#Y9;f^F& zaBpwB9sKBxDrhei0LXXjjZed+*0nBNtf%nz9?%Zmv~Q}C|61RbuWedh7zIEOpP!e# z|BC<;3L@Yu^k!`V_v#5eEb!}_p5380#BO&NpC2%e|Hp@j@DSkVc#pI%0fRn3&oQqU zP;c!6YXSoBZQ!>^|I6gZlgrl#kzK8f&uz~x_rRI197^xaCp-!O(5t?$VEo5s-G|SQ zxUVkOHyt&BT`ue${7*N^JS59q#o#(5B3v%{GS4j|v_C=}cEs36mJ-5t7Kn z6<^G`19!o&>}mB>^!AumIWhbTa-9v8J+@R`{r9t<;zCT$3P$DH3(?+c=lbtS8T9LU z&hfpodO9d+K^V5j&XD^KK;A9jC_$}RPB~9z^~g=`AxLM*(V9;1C9jN-3Keo9beBh$ z3nBc2EtRSJVeBFGAf@RBw2kAQQlGHkLu0pIVUI&WCSM;0Q4Kclk)rg;XzW*JowCgx zFG2df_pY5#EJ6NQRwinu<3*U$lOkkBtM3R;%nYT-Z@TdnMC9}vN>4IY?FEoLPaGf4 z^>@{NG`gW%g`$Lvr-f1XoEA$Tjkmd?0 zh~*CqE_a`1jC=Gp;RilU`pB}E2=j3)^Os3s*K6CJRMIjy-fyqp|X_%I}4- zmD13Z;!ZyE?mwcy!bD!yW?1R&{xb8418w^th#XYm$AI^`3CXdXZS=t1mHQzfJ8$rV z04fCmm1s(C%jQr%t*(XgW6x~B)qlOajhN11zYJJ$SAWnN@evnb^ZW1<3+|Zl7q~^6 z4Xsl1IhHKh#a$oA_ zg{>q#8=z6#gR(TtsXUXLhfxtu?#f|VuzTCRC*gZii{;*@j=py%Slx0eoQDT7+x~Db zqrGfhlwM~k-V&PwMvHPRbK>ETw}Xi))8TSofH(KZuiLQIIuQROs=ZcFjEMC?Kxsc$ zaeS}au_CXBjCkK@Wv6CC9Fo(P*+DWK5v2Fwz+*I1meq7JH(bd=!ee9^#XRXuE51*k zVg~hXDRc}}isBu%hqBW!OgA`DRm zLfX++ofgb=A2oua=Ek#~X*=dgYyQzIZ_VZBktASE*jIzRx8_zVGt2t-zNlgxnCwQ& zpHAH00xy077wK6Yex?{ox2D?O!QyR(R`%n*Zf_*IufEmceaN$T8qy!zHlDx@Mff5Z zGvROk^@rf>YY0X(d^}xa$F7#k1f2(RlJq5g2k&)5;!>`BI{318#Cj^Al`L3bI-tDj zysY#$kgLsn$POdI0Q{Gi!5jXdTzHytb3SJM2|Ai~Lw0mk#BVE`ZZtt)jnR$OL6;>W zv3Q1n`5MKml}tjNC4B`a{c)~*DG*lfw6gf|BTByex2eoG*)T+9(2{0l5`rV)?6Uek zUK9f^qF7<4(L=Tr%zoTCFO`a0jc%O2nH0TY-C>Nz&AoKI!`#FSlg z)@BPpMdl#hMPQ|Hdg$B>OhEy&*#_bI1Z$jeDhM#P%FZ%mK72UIN@^!4&v+fc_iHx6 zZLaUPUPfwYQi#DcT2kW@p`vVej=E23Jy)9GK5aun<+Fp@ok5@LjT0pTSU(2k-G&Eq z@y1V_EHglz+@&RB&Dti{saAZUcT}Y91ewGFT7YC6CLujvr8=Bu$T3)4%L=!D#6~iV zCiiti8j+sEP`)4;S-vLn^Pm5dP(NHE(&9LjC6Qfm@`|=Vx1$NJ*9)R(cm9PcsEfQN zUsa0=HPKRxmVtI^z=5KFW276pOSY0n@@g1|uZ4N0UCDO@hjZ%ag{otp8Z@T}4N4?e z#Uo&%mZiS^-l-AuKY|k677T%NdTZcMSK0J69sLB-xf_^&AfTN+PR7EC%$Mmd8o|)b4X|5j9KoLknDd!eiF`y8|X$XbOU1s?8(eIL45a1v8;1) zJi8IM#uYT&rX@IyOx&hxe9>41F1R8UAaoJ*W-9_fdESyoqaBj|ls{Ak`}Q9z@LWD< z?P>MHfkF+X*?9^$Hj&Zlw-S9ngv+N`FwTB>I78tC9}j2L0 z2>m-*O5q(NKG>2bJ}_b(LE2&})A_gTNS~48UL1Q90Sd(=nI}+*dX87S2v+zvJSCB9 zbhJ+DiuicCZOzP&ELS~JA*A+Tv4(o5<=SGn*H-qbpyea)21O-0Pxt4gi$UEzD-iOjvxlSkny$LU`Y zFALXhDW})IdI--#V(lcIMb6gDTiVhe7-Z*Ie?v#(Hv0!{HV(n5NQ5XEvGzeqc0%z! zhr|23dOGZE3zmkK$6(F{!o8MvT4kPUb^+h>)Jz3-D8AKbYl-Tt6@v8iXOtF`<69Tp zwKxh*#EF$neDQg=?jrEm%`n>1i#h#9ebebDuaMmNJGtq?vX|8g@q$6uW9Toeko%?G zIV4-MV|)$yu6DR(a$4eta434yW-KC)t7;$(C$qFKo@Frmu8Bx=w336C>ZR_FahXhS z|8KV@U9-~A!&jpo!Xk|ka}7m(63)_c&E<*&rT$7g+OgC~xJ>N<)HNPeD)ZW}Q+mcm zrmHcWEn2aiQZqmH{pFlCQG9r28deI9(%_3$2&$rcUxWd5tTdhYazc>wDO8p*Hd zyE`$XWYoWcY_sAZS)cOSoLCHH-x7scqNT8!N#2E7CXN{(8uNoF>56i`k%iIf4aHNRO|@qnGBeO76C6E5%x}Wo%e$#7D6d322683t$co9i zOp$8DDNC-;x^0{xD$93_L_De?NH^><%V+f^JTHKYtN4#5op+QOs;}lR#uS#Fj_s|7 z%ah;0qHL)~eW+a9+hpxULi`sZD=b{J3Fs;*I8C~tgJS=@78URqVVsSyGl6?Xy@VT6 z^{EVGSq6#=1BerZX7!9todh2M&zGp?giWWyJ-B5V`}RwcG8sRE{nI=H3bm;KPrP3u zuHg?(C^>9~4v57#Ni(Nkgf)9NgZhSdHSFWD7(rtQpTCmK0H<)cWW3fn>Kob9?bEU% zGzI#}Mzf1ZmJ6=m{jwjbn{NLOT=b5Z3^{MoJVV#3xZp?UM#3cmDNlyRa~1NAjhV4o z5}=>%68OO>E>yM&AYzDv;tFZWAEK{Z+qsp@fK`d+l*=B0XVhP3TbUxJ1#2C6Jyj}m zTD`$S%v4FF>{ql79?gkVw`k>V^qM?u8J+jeNE=D=kPe(-j7tHnio&oS0 zXOcUsd=DmgmNU1JtC%N`)*j%9?8p9tU;MF9+W2^7i^&PS@*W-M!By-6y}GR|YLdN? z0Lh_PR+UZUng3i2TX%Roeq8Cb=M2O~MU68+;*0rfjFm4gk?^TD`5AsMC};kjK2Q_V z3+>V7Zh8ptk=9DWE1D(ZuVKFj#ez2O7HM_~0Vb`4=I?~zYJVU(2)g@crd02jx~-OS za+K3f6}pMp@f)@@iHg`$0fAJL?pRUUkR~J(#F!Wzm{%ERz)WVyc?mx}X_fSe$Vgs? zWc@p8>v1|TbV}wVKEf2;lLhk`1Dzm>9mDw22$qS?*H^w95T>74p3uGA4rY9>7GB=b_ zTSY_EOF9r5$wt!mw4$Fs(k2g|@RV4Pz-T{&fJmEv@yMnRCM+ZqS|UNMe7mtZuq>2rWuzgvi!h^ zc`ZoAk6vtVk7KgYXkRT4v`LZ;C(#Kk85 zHX&6RW(-7B`-yO#4fP9x5P{V0Z~}p`a6n~z6wgGpiXSf%GPs9f3rK=yx#9_zA9Zh7 z&luX*q&Xbd2BI&9?>s>)-?rWj8JE}R1SrM+#6|mP&B1u2S6s}DhaolDf`Dd$nB7ae zeJki$Pp4{Qz!bBw26!ebcK%)gugqf(8y+~#01uz$4$)AvE;CsRhCC}hbQmpRh;dMe z4&*XHqE7$h2?o)}i7yP%x*6=knK!WM4k#yV@HGC~>%bQ)a#>LJi;0;@O>_rYOWc{N zqmYFyTJ<{ALGh&Oqd8_|?a)yStN2@@x>T)!vu~w_%2buY#>gs0j__d}F&c!3^b^{e z3&b>cb=XlZt4%&AxOoijV5lix{<(U(b+Ms$30>%lMD@9T?_Xgf{4gZ>-x|m?98O(B z!vcY5n?0Q)UPI_M@eI84fA3>3^_}zr{7*?Xg|jG2suP_UwmO+%_YPmL<>3)epB{OY zb>=CX^&%pwl=Po2QyO;GM%zax?Ch8usrpQv-jsHM8LI|RCT$|a%3APpGx@PSjBh~X z&)~>Y@A@`?X={2^eDs9MPuWVJ0!UFrYGU_VQ|y%I2@mO#9@B&MXdV3z(t zG?l&B6Jj6a5jj^l+vxQ8CpW254EuS{(y&`5xVq0|HsLnidZ>SvOpUIwOQ!4pF{zR12C&oo@EgcglLgGXzgW4hdL z1`Q_kzk{fWPkAWUnUfF4Pa^X85B* zPPFv*8!=T-QW#G4;OjhMe3eelb3q0>2xpba*I&9d2F7{mVP1#n3^OKdwpt#_iM!^t zg(B0MO*(=Vy8`zOH9^acX@AQuCauO?AkY45$E%2BCzG7+(IWI(SDKX=v^fQX$0zd; zzA}4pP#zMAYen(0k^(^?MCosIurDYktFRyPC()^X88;lnGGV6}!I^gZA>9XB5^6l5 zN2!DfU3(Cpsp9VFwPL2pfxm+b}PXIe!_iED-c!TYa zgHdbTh3{H73^A6HOaJz4yW9~KI4HpV4obu&$L8@#z?V4Fe7S1gjob8KMLeX$3RpA_?ae0F= z+13_if-M2i&ngV%m#YH$gC@|5dX-*{PfnT#&$!1EipUPlGjwbW_}a2GU@IqsG@rY) zB?g$1NSncGraelNFAx1}jrlD~>-hf~54NG<(!(!cY=;k_uzPIEx8@3fU7SR9(C9Rz zV!rzW;2EoP$gQVOQu-_POhnu?7AeE!?IYCi|h3DIAQH)b}1FW3LfHqqU zFB|A1d2M7MuNDesV4do%@NRR#CN0i(8t>Kz=d2g^dXkW~mf9gP{@~boxgdF&gWXnn ztOIcG`MJ{V=ud^R&71rVTenAPbJGh=kR$jAXj}GLEmOL{7;>^SclxL#)Z#4%hBau@ zY;P@ui$QB|WTff^!k4ll{vBL!mlSFmpm}>Rk1&Huylu(&CYijL4X=lbFGlvmV|9KI zz*D}B1!+Nz^V{S+y`J4La@tjkegUfGt$GO$CF&Q7Na(vii`6pe3&+cf-Y4*_7uSr= z=k5m;S@1mQ(kE%EiH~OF!&R3ET{L`ZhoPCZ+v$);5x%(WgM2dfF}#d#tCqV_65Ckw z@v0CBdceN!`LZLIqsdZrv=u&XB5A+1JfnXJFJyYW;KX$7`=W!Bw!Qxy;Tx%@ZdKw5 zJCr7TA&>}3k3{7bj~!J*X?MujNSjbA1| zj*4@xf}&x32Z;?udr%PkD%^yE@AQsrIUsk1;1P`}4f>#*s<`B$wl)5b%)B zjjLAbEmL|Tc59I(_A4yboXE$VQ6m`%kThma%{jF7HU)%(W$2o(d+Skf!Jmjihn)Mz zxY#l`i)k%QPNno1{f-~TL}X@REpq_mv$=zrdZLDzHz77W+ikhYF$Y7@5PN9Xx9(J5 z{yRiQ-o5Poj~m&kwDpdKX?qI{H)|X5{dvRrgjn*#^a(0=V4a)`Y)e8R`%87PtOL5r zF3Y~g;OyG{9{alcwOj2h1cIHS{dGC~STJGqOKm3deh`-|03rIGbmcmqZ;@N#)us#b z`&f=Avz`><@~)3AXRfwJ(HaPCIj>8DhlZOd$&(Kfi^Y$vp$pKF@e=W%7|9YD8MMId zlbqzByI_n%J^NUNu?EDaK{8F4X|?XL7G`xi6WY0Nwd-anK&)3dDSNTY5HcS>=c&C4 zijf1>4*eTSLXy}ESxhmPX^mzsV1&>gE?{Ik z&qy+^s;c2!O;d1?ZgVnVvLY963$gk}Ze7;SKvCqM?hY0?H@dj+#oJx8m0Scgi}{3u zf!xK@)Y&tQZC&fl;YLwN^s?>_rtxp6x6*b$4FTuv6C_lR2*uvz;4}vNA&s1m;qH1KHfl-h%mknE%`K6z%!Iy*?({Pzsw^YZH04~SAbD3`9Qr>ji#u7Cj z0%1>`jtp+r1ABB-nGoC)eiR^3cV6S{Lx4*(BXId6I<5*+0hI{gDvj#XLY!Ft{RVdd z{+;s#c)XwPFmOZ5dkL-a8e72%rP*~N_&80jz8IE8gPr*J5@Uulk)@$^g~$3?#4WRpLQ4A-Ob{e z1ehjGs{upZffgnkNNydt2X7>)j&%M=0F;U;JSzjURm1ElFXOPuP22n3(I7rblJaiB zPzy`njA}eCMcq~j28j9H&u-{}9UG2y)CbDsVykRWoK7Ku$^M}@hpSDHVZ{z$wn3ss zy*;HJUK#0c2T`L=XCppe}i_!OHwSxMe{$(;P4!PaDH!GhF}6M?JdAjuDSuO)!$69qeidpOaVX3N;* zP1)VzCBZ-s)f2HGxY#NeXePto8Uh*rFg|3Zu|V}YD2j4I;+Dp@dD8?y?-#bVez%8m zXT~vTT8H*=yt&QF)wg2&err$6A=Gm>a=_=bT-dHKk$TsJs%m`aF`lBMmU_QJ>v(H< zM+-#qq%z_ei;p%TmavEMBoZ9Tk5V4lVhIc1yDnzP>WnVW<=jJd?rTgmTCMhuQQk&> zadi;-vTCVX7J9}R`sC*9>a8M=7Rs^#@{9y3e3eJJ=GMCMv@iQ6ahHI2*3R;~k;rV? zOC_~caK^E6W=q%;DsOxkl~6~ah5Z-7Q){ohj{+?s@6!?%R{qB(=CPPP)pBOrAb(Q} zs$s6RKO(mvkVh9TnP;zscIHokvOcv%YVccbvTc7illv;3gl6KIWz&dWF?|Z;+BVQ- zc!wkrf5zMr4Mxl<2b6!&Lu3W@0M$ro45QRH?|$4Ek?cB|#_Ed5#4?r2faBq5ljd)E zJVh8N)-sGC64A4~vzT2Z#-gSB;h$tJulzlu1h@<3I5$%eW0`}bMR;l=t3(X#qFTGI zLAR5ZB0z2#%FVE&BQvlhfPD zc%{%z>V#y~gvi42CEKCU{PdUfkKd&r^kWuSa|te+v%wB1}kYK zQaDeOPtMHWu_dm0DjH9mk9)9R!p~yk^va3zvy#B~owPqQqyX9v;LM z!Ka_+j;XvOxKXVZwTlZFug~OQ7ewJ;{gLoW_O)S-c4|-EJE7UR4ZV4ay9Ncu<_qW) z9KarmMkgOO--*0_p*00F+0CY#Og2m5A<4c3V@STKtl?{Q-9L%Z_k=_>24)yn!+qiM z-*|S2N|y7F9xyx_Gb*n?MiNTw6OR9ixA*2PM~7>>l5Kd%rtoF%tJ|%2&c`3C_*gBv zQ6!OjFE<^gNX4!&es7t|OSdxP-k3#+I{fA;RwJpebbH$8UhU8hf=E8wVbuBi#G<3p zv+Zz(=>Z*Zz^}z6XE3FGo4pIN&_lhmu>=;dS}h3p>5oV~Tcyr6k%};!{1XZD;%R=i zV3!L*AaPs|tnd%i*ks~$l8GaTvIE}I=A#)*%3YM$dU!4f(0|6 zXqK=_&oak|ud+{FD~+Vt4Pd=0J7L(f9FgBv6u>+`Rt3Le%X@uzV)(t(-?vBplItg9Y^Jg=7+zd0)>< zZ}1r+2oH7so3(_C2Vbmxo>L^~Vzsgw)#9B2;h&fd`2Df|Qp#yxd4R{;)hb6AI^y5t z5^Th$T&~xxt;MhbDKj-O{T*pu8n2y)DpuREu)?0x6c#yPamBg!P`O{$ScWHgZlS+;$K@L%WJ zL!gAY&34h=JEO=*QC}LpCYR(ZS}T=G*o6B3#;|K=Nq%*dI8cDJSPeyBQD+{$6A

    Z_eF*iBN_ZbQUbl_9G*%`jcU4qH2|n5y_LXI({VD zR;sX>&|chheswJb{OeX1Vn7MKSe4yP(>Q9`cm`&3QS$C(vE|M6bn#60mr1b?-1l+U zR~`7Vq+QO7X;6?*2Y4kP4h(!CNGamy)_AI35+|}rYZCHOh%0O%@kR5ty(grn& zBb0FnzgGN1%hT{zSA2^j9%?Vg2yLd64Qbxfpk-RP!-6Kga750q;K9bu&!Ago$5)1yX&y?QyBtJZP>thdS79bRE{w^o8D^y zlSs;g^cqd>`W2fxxaNnszWr#V`2IQSMziP59>OM5(;@BbOa(! z_W6>weZ-Sm`2 z{j*EUz-qlS4`(A#>)V=)wNeQ_lqIztht*{!OUE%=(=MS%QdR<{{2&Lzem@N`6;pYm00*K_2G6YKA> zEP3dD0Ww4|`)O`9*I7SSMhfD>_H+14lj;Eg9O+Kc8U1XbEoAR7=U#7k#ndi*gu|QR z1CJzb>Nfv7yqjoN!-@?Qv98Yn8C}|God%~j=6LbTxPpqT1YK&w8g(#Z|3Uo@#D?yL zLUVPY2*u=W{`ng&>EiGUyZ>?xH=B77C5M|#`{dnVmUwoF)^^sirS=$KkJl^Ate~^0 ziqVpi9bvdtGLzVv!a3zHO_WZU>6sN++8Jtr&A)ZLM%6aaf<#RW=CBNFaC{B2%?kWJ z-ri+lA|;g7baqH56z#2VSf}V2Sxd$X7XAs&e4J>pE%>n+oL8*5z{0lBv4=zlVyb*P!kSAtobESD1zETsKX6GlgYy0gk?B8x(?+oW3RpaF8 zYjTpKLxT}YP6s%z%_g#c(ef4h`&$IWd30uN)4ryyEHFqR)CLEu$-B7igJUXp$EK>d zWiI;~Qen>=myJu|hvEj)=wf3!w(~X?MlYNrNy9-0dmO!XQbY|-xd@vu=G3@DlR0Ks zd5#pyGNV~{IJaIUo@5$GBZ~F_Scb%xTP8el*{#|`s8sj@4cy#0g>+pa>(kQ3%WY*M z8isXFVevj)%mCQVb*N zg?|FT>gw4XfyKr1aAY9wU)==b9|PR~5*Zhh1qT9DAH?7NOE8H225>M+3(w@wO~sE2 z2Fg{q5IJzQg@ccpDjPTTb&AAqHwmDBczkU7g98iS0LsNL9a8|{VMHcXe|;EPI?4*5 zl1}ljU*|`U;!IDAlVklJFrc=!wtBQRwwfONj{umdKh^LAVm^>72v@uR3_u?g7&-c8 z;IHy%r05^{reOA;hN{8o9PJpKet)qbm|5M(98fFfVe1NWs@BM)mPhfo`lTWT~y@ftRf&9Lp7#SIZR@YH^H;82*eb@#-U}Tcrdd?0G2H@xd)4uRg z*4X+ncOx{T@R)`PqW#y|7{ElrNr1yKpkK$c{e5}- z{Lc9%r=Y=F9Dc)oKD`4bFA^y=9i{y!e>TY|p`3u-8}01@)Ym%r0d!?)0ocgs`ak=c z$T5U|HbBqv5QOoIULb~}*u;|f86&wdx$al`)@f4mL7 z{8m5h68!oB{igg&W!?X7#}_xn%-FGg+x`BI*;xN+aQKb7E7ve96Z@VT!Yu>%=u?)t z%gaas&l1SC`CX+tH2z`-CzSt_)wc=ZkR03|Fq4cgTbk-O{4iGgV>ND#FJF&1jqq@( z3Rqts!2f&bl})X5IhHkauaMBEvo|*IeoI1*j` z3BdXFhxf$s3(Xr8fb$y$PYcx9G30ydTRrTNuLJM$4uI?H{#T7oCI<%_*Dh(-($D(I z@9wth540{wPnyoU8RV)wnpn1sHu4yixRpzHyRFSwjF&gDWkFpNHvFc zI5F(AK8>B^eBK{Ag)Og}mSsK|n;13QuIEmsXqAi&TcJ;8iFrPSdNRdTu~5m$Lej6l zmpeOBL%Wy-pg%#>HnBZSaG{F0Hz`(i$yz#k=cfzt?>5JEDs@Nmw~}QVJC$PR?`SiN zCz-~x2nqyT4eaKLs!W#WR!qRZiG#$(kdhPD$~- z3-+|oAJ-E7P0;s56sb_Hc_w*Z+#KAMwav+4q_$;?p*Ae**yaY7~qCKs)$9F|lj3|VfqfM5h%12DQrhBeqlARW zz^w`%`8jv~-fw%_wj9u7)0~|kQyaer>UerAd}MY73b~O#bb@4hESet==N2oR=D1fu)~<#`m2(Rc zK344xmeEp_hT>aAr+|jseKzyP;mR=ArF-jyPQ9Na;ej^Mb_(Uo_=Mc`)p>oaX)p50 z!LHFDSuemNRN`@15p(>8@}hLyT1asu6v%`SOGr@jbOGc5XjY-2O8@2W!qMHppGujN&JloWxWSE*M|Q_M=*FCxM$F0O*YsOD5OIa4pp*Ro1i$emOs3)B?$9ZwA=|&Z8cJhGrw0jso0#lkpgKad%fJTB zbqb02q3eehvTc6x_@~2XW?sI@)hp1GICZ`Jfn*Ry+Uzwy;K^|};mv^0^kJ{uFvGHO zs1jGg>c=dN(pdXZYVnxMQDt@(_}uzEdtEmQ+ei^(PwGds=~x6A=(H$+9zsk zdr8u^HAmww>`~X79-#-RzvhtT@Y@y+r9dISS+`lOn&#C{8gJ$hW&(@<3V)E4l*9Oq zh0iOvJy-~)U&DLQ9{q}>p25oJlrSTs)kQ;QrKNRPY^^gpnziv@XZBowz)zlq} zb*m8yqu~rg9vj0ZYG^Lfyno*%XF3rmd#$;IAs}!smTq>D)yHo7wBXl$Zho3G{zc`7 z_!nI{wDEuG!v}v)PM|m{$!9#1pAXJlwZ3?G%G1q5l+>mA?IMSsny(E)%3Og9m{Rf7QRO)t?C+^c=ceU~i9vl$+jWdP z+Ad(C$p?I=vru||*swGy9(vx06d=IR%Fh=q1bZ=D=FVPZK{GHqvBMZ+wGMf3wX82q zbTTtd>h|MTYb3~(oO}P6LRC8HH^%mh=hSF>rbic~z|fJ|Z+FHgT)pOW4e$$7-~ZG-IV^ zD{(R@p2cZYqY6;Jj+t(lJt9qvwfmhAE#4wRfL~?B%h`ezBc5Xc5QHmdBEOHR@s$mzc0k;e}fEtQTJ(QcGw|hyX|mih^V1 zO?EkASjvH}p%FXFYiA8YsPTblWi(exx5%I$6Q?P}cwHim$m@@RinOCRS1i&rcA4Sr zikLVFmc7YQQdp_e$yZtx#l{NbP|-l z>;BCjiUcx^L7B!>Ag*p`AxJUA#Ajx{|Ih?Is_7cc;Z2gd(0UfBE7?KOUe0h8 zIgR>2bEVK8#@I~|$go3>d^z0+h=@X&5*;{G`$AW;V5MVJ?D(UH(Kz+T9I-d~vE)8e zJKx9xON*KZIe1FGB7oywzX(@|yyhxCy)~1!p0KsIcH+XjpgZgZa@h&Bl<-c$G_gv# zO=R0O&!_5bkp#*er>ZIi8{vURWmJTN7bT2jE`J}(3QfqX+dnr%QB=S~a4CXo$QKxu zz>?^&iJo9vHVUpe={}FBVo(lHig%9CdX!Jiy?a0g-Fk$*=P^~_1^F>uL4 zp4e2g4tv`W8ThmWL(vS9)2j^sf%Z|;mttQ_L_!nHdA2Am(YmS=3; za}Otrf`HWVy&AW2I1b6aUOL_T8)-YorRx)NrTYC(%vT56_{^oXh&jX$phr}*-gpy> z(e{h4Sqi`X_Rcz^=)F)X2RIAkQ{b#w78|rAZfo<~q4AYYp1QjbO&* z2vJndLy4RFFfDbK6qpL*-k=3)Vj0Ab%!HueGv?gRMzX}YqDgGT{gU(h2`W(x06H91yWy<#%V_v&0uM`sw3fysug%Gkx#zfaLXyk~l<~}*pf_&+aJyvBW z{54O8U#;=_QBl__e7Ia^aLa@IVzbL}Mw6VF?IGQHdi$eN;NF%A7;_qfO6IQN%bcTu zh%OkW?(~eCZ9N%O><&0C-F|oFl=Lnqop0bZ2POa%uiezLpN3d=az4V55-;y|iA}3? zHGatDTmZX2utdM5iCqkryPC=B%Chlly>>3ARWhzruX+QSKRZd=dx-|}shBn>a)w&3 z+lkeNK>@~v_bpYB4^p7bU97501J^B!3)t6ktPMM(giS{<_F8=_xmY#!9Ya=0B<^gQ zth2{64lA|NsZAo&Gk4qJKTu}On>2Xf=+YN#0vL>!_+hh{dVd6hy6qxgcq6%hSM8Fa z(XJ)^jl_x_QltQ~G&}_*X50*dobWlY$7#Zx^35Z_f;XreXMw=5(&j;jrRH?kJt&pl zH9p?BzE8mhy0IPfFEN8drJzShm-D&{jcp zL#;q@O2x=1@2N1Q@Rj?5T-@B&)!=0cNp9^4?I9+Q+?!^qwSZ26uLMMn^H!C&teFXU z@`BZ6;lW50=U+Y~tolSA8MfOOk2P*eTAa1euka?tlayQ&A>1XO65*^975@$+V)Vj5 z<@;aA`e(^b3j5rsc1FvXsz}?15eS-wtwpqXp;aoY%U1Xe97kXrbb!7m5a1iV+bWby z8+mg&okh*a|`r-M~_kE3y>s0spY|C zP{xNf?Lo{W=beuNd8P{WrR0#p{0w*J_SlnoTMJAZi%E${s_ZZR?3ReAo9@-mT$`yX3;9*h!7pAByG0CA?^t+)yjRBs1q^ zDp3~lv$Qsk6q@vmV4+5iQqTLMcSY`ga?cb`8e@RjrtpD%Yf?Pin2s}xg5F6CV}rBI>h6N+=F`o z{$BG5u^hCT+eK)w*-qz$m=*k^La7F{`XZT|aDGRYhl8K?7IVx`fe5qjrSZ0D4QSG@ zQ6}fpVPS<9?womqP4VvW71Ggyu-mMzW%Jgm;iJ>3)CO@$-fk;GZSkyy{wP6%i(#E%T|OAuNW%$vLo#8$I9qrX4lMp5bj zYROs3V6*OKWc-`NLWL&Sw|!8!>}jh2d%O7R{9??fDZ>z|$l5E6f2^~&_C?;qk@t#1 zYHShNWxA}HJLFy*|GHgyo(^+ zRzFF^eTI%Bja8)4XEFM>4yHGL4&Q$ctHqeF}|+wr&r{TwJH<%tT!$ zauQ4NvFW8LE=~2KlnUMDULmj}law)cav89X-!l8%seuey?{)?M_BTV-)rCCB1ooMs z%&yVms50|196@A4zM@IhVUF4F#v&J4Q{8qdovUm|Cl1gB zuh>@u=nJ=)K`2?^43EBF7bz4?VjEC_LFDL;P9{Du=+TVuoG_(C7R-?q$7rCY^w)NJ zY4S5t$h-3;NVY?lhy?dkqO;AbZwT`y%Ztw-3S`Muwa8E9UAns}N_jsgc2~(d z=`Ih7y}pBC;m4z`qu3@DC~i(YHYD|?rgHLp!_x5Ax}hm>KK)}_9En>95gI7^v2Cqm zBIB2F07uyR+|PNa^`ddl&Q%0n4}YkTCN*mYMnqDEM2q`;sIq_uLcp?N-Hpf4bZV>Z z&Ct_rJ*8?@XGcmsGaIZXMdwaO=L`VYbY^L|MmOY`DD_q-80j8l_=?G+#6~2tk)UG3 za@kAzdG4ejvco0bPHh{eusfebtC4$T`c&z%UT!d9$KZ>0`boTN9~qjn2A4`- z(yn!yg#<^-0EYc$tg@~|d5Fic{s=9q`4T?+OVe-uy3 zOqg&G^u;uf$pmcrSkNPRpUPt^CBAdaR+ir4sx^L|M(Z=@@vs7p0PUh_%fcbRL!I@Z zsjA>3YLS7NhV}d9;BOY>*|&zF+(3?1C|w8h^U>1O#lInq3Hm z8eamnFK6Z3)1J9v+UG<}3Fw#T+%BgQt5QSQoDEM)$uPAZc&z_m0Mi~Ea@^Ax(i^T$CCnM zOAe#eE7ovl5;c3VKPc%cz}Yg(xutf?A~ST|g88Y!eYaTRkKCW&7p7ryWSDS_VcM<* z+c_ID-%(K(Hd;=4qgp(u76!!a>0}5qqRqx#459}#&GhlN55Jm7YnpO%AM!cia-4F& z-x14<3*!8#-;>&j4-hxrfP=O*bH!Njty)9TnpR)x@qHx-n>&31jsz(W-rG5e_!DW# z&FAFet8Rw4@>?0gP0l1t6zGLcYI2#rWcrQIR;k>qc8jV4meST8OPa`jU@OrTvU_fo z6-YDZz|}yYEtAS@?hPf4hOJ)A*btPq+tfm%*i`{Pxl25CNJ68!HyCs6$p_&lR@osr2 z-?m?LMn4Gk2n(TLYLV6N5;KtuN2~Tw&~hHe*QTRUKw_WZMTx2CU3%+o8D<~Xt1inm zVU>arGDBl6!jXW3y-zY}lx|gCO&c-i_0y0Q4d|17T0#J6v3sNvUnUDIT7i?XmPrxI z{*(v_ioHka1)CO9QSb`rYGBQ|Q)7!R9O74(KX~#Iyae+=ijp5h{$5yr15NRYjrd3sT5k-w;#nnCdz;ewnhr^8e<`v|6}C&+ z5PpE6x>#MKa5EiFw}iRh7PnE}`e-T@$K#9Z5q6R3NuAs&b++dYT$FKpEH>DP$hsoNYH$^xZ(3vDQkn8=E+iI+ku6wd-P!DHPhC?z;iVBB$+NN2B zavXjI90qpctR}7d2NCAkHTg%#P&E-i~m8(;Ynq6n}ag1XVK2G5q#=k|K5SoXR0D#y_ z!`H%Q7!_ncY1mc`50*7B2O={Ib~P9M2(`M)A|r_ev#?X`p63}&6!hmTs0Y>(i}Xcv zSE}QxTiMRZ+vNGdi$V9;a}l9l|2=ooR_`1(3+sod{~X zUHU#-_S+hjW1U|4Uc4uKv5=!QrU4iw$!g~^f~=5B#~Ib|q4E}DUpKWFqWTRBv1QJ{ zer0*Y&YUU9hC^6PmVt_V%6>~s) zSLT<%1fkB5T54ENs05N;Pj1o{BHqK(ij)Ubv3ZTDX^wLLO1XkBu#~lND~j5_qxv~_ zQaR9&DAQp5VDBmDDmUS$n}Q0~-}DisT9b02(|W;vy-j!0znv+vr=`RD`R+nXc9taY zDDKpuDPZ4vxi)I=o`pKn(RTi`ZQM=%!+rr`qF_Xj*v@*qWBQjhteg8~snt#7J;NFN`+90bevJOo4 zWP6`C$*=@TyRo*L#Z^60@0PAYkKw2R-UJGJUsvKsnBRkhnike7jDihTmLgW9!q})= zlDz0x#4&e=x<2tD3gE2-K13!mSGXzX;_R(Tw0u1+A7sM>XNMl?&>*(crY6VjUtWqE zN1kW8@HWw zE7d~2RcQh@jxeZ-GdtP$IA;Lww}(Vt+}GgIX4LybvM1;EOPGA(F^NazQ`;jd3tlJ3 zaR*uVQf)U|$0*`BdaN-dRDutdX;j8)L*8!t!>YO*9bkmhkCZfbh&5~;nRsv#3eYDL zRG~NtqD-m9WabiTV_EJyS%*+&76L*v8z6lXJX3vq5%NHF3(6MaSU|j9=5bCm8g=&? z2G$%{+q+Ly9HN)0P5yaGjHTpACW39-%KyTOY{Jq!Pm;y}uXB3y4`^p)~=z@eBk?MAGl9~lkH z4xnvEVQH)tk3beuzl@07XMNjNk`Jdpy6HDx4FOAlQVqVxukDmcjV6k$ zm7uL3pEL1F`Q!rD<(7Zq6P$=Lb%NrWy%tUq0`MBGE&I|8yesJl5aUk@byCF>jZg_s)z_xI6?jz(pxYDh8(1(y0rSx4?F%VGAml(Q`hwTT5s=SCTDXL)bzMdF>TD1{a!tRhRa0j2SF z6)cgG?bN@Y4gKQ#!6gl+VMIKxn|mL`D1JZOP8V!Q+O_x0 zuK%hW(;J!=$)r(Awpin*y$P$~ryKPs#RMtw`SLR31BR{T9Q<}**(e&J2Do4=Gm@It zoe^ffQ04iYr~XbO`(i<}52G4ac*z!^=FtCiUgE;@lunK)X2sxvZ74t%;l$u(W=Cc8 zwx|)aDhNw`cXK85N@3HJ4{_o*UfK?_$=NALEq_4$;#2(4Q#>JX339y%hK3TZp-}sGdy_>` z<5t!%R2f%z-u~F?LKct)g3D0f==>XT#Ao-_U2`Uh{UC44 z*bug{`1L z)b+ADH?$}4Hl|o+ESRu7dH4UdIpwdHuwWa~tjyiE49N0*C*W$Wn-q=uDHf<(g6@^u zO2zV5Ys#ztbGs^E#BO!s~uWW8$e&!y*L=2`E< z{FMI@3pU1byZw{q{-@rQ`FK-OX~q+q7n|lp3xh#I{kOFeWo& z4=bohOu}QG@~u1Ou}G8h&{8fy70JP#6V1K=zYsD;P6w578c^B)bjN}fm#)40!87Vk zY5Pym);|mj-_Fnyiktg?Ff9gr1}2vOb*C}nvv4r~M`(+corB^3iq!sppe( z2GIC6>$-YzoTQ6My_~c}e-CKMALM#x- zCh#FZPW^v3Ba~+W_X>($cx?#ZeAlmdFEyla;bt)~aA#)+NS`ek0O;H~E(~rDMo0({ z3?3Qe9Ml2e%M$Gl;0o-0I~{-mULPc+;3pjhA=ccE9ucS?Q`_JLo*fEn57NyaA8@S+ zFcfnGK*tT@E3WAU51hAOPYoCz5&pxiv#-#PByhkFJm~rw!S+VKoeug2#6Gw~5TLVi z1IQeY84m#3?d=%CRfM4aUZ0MB8pS%y<8+*=?*nIJ=>i zKgb|9!5UfxAJi2nV17bwJpb=6?3a@mB{7J-|9TOiD?Ax`_S5Z^I@9p|94?m!@ie$T z;2@$L1i;7hmzPP%aVjv-&BbTi=j}e!#V(t|>iquq_FW$V2}v+qf1Vx$$Q~Lhut5hD zBB;1NTEOpgA$aJw3h3FbI!rqe5dL$S`W4N0)jyM3>D+f3y*t3~^fN$!2{lOnKk}VM zz!2Z-DsKKa>!eTUht2hO^1%=Oi|1s7aYnpsN>@&#OVDZV$@L&JU|8D zi%&;}!0)IM*umeU^P8+P0L+LbAHvP?`;}x+zLFjYR^p(~B@cUFSQO`(@4V z+Aj(n=ssXAX;zlt%49I7YDi0#3Pq#)olW$J7l=(-@9yq%j!=t-0a;_*ZiT8~Ua>Y0f+UE>~t-k^0h*q+`;q_`Xwr zh?u`b_#a;)+b&Z2%^{^kLAtP)BZp@y}5{x-1%r_QM;@w?uk+=8t;$6dv1p3OLbJ!#f zBB~#RnR)cGzD3hW(xGNQg&)D&Xt^TmpBlB*cSW?f3J}&1J=K2b+=0to6%Ux1R!E;o zS+HQIhNnee$!f~lvL=DX%bjxbRu9prT11C{dfQeG%9#Z%OzCY@arVi{U604!7*srQ zOtX0;G@3W=JFo1ly(Be`$jACq62hd%=uN=m5Zia&4BzunIhfKN#!;b@op`r8&KYVA zLR$_1R!H7jufM6ht3?XRJe=2HhLPftkF_;E-0bXl_Ya$7m^cFZXToQPZ(8IlePQAu zIVcQVt!mTgCm07-^*)ST1)-4_gElH|gN`f1!0FCthh-WgBO>Wt3vyLbTX_z=bk?py0Q2&6BA-%==&jHwgxZxVDIdIS1{3iyp25F(%U`;}o)FeflHSyKF06%ViC zTuXs~_QfCpyKr0oKH=0lIoe^OJZHqg;f=yjW{qs=aNrCn&sC$zcXh&)haSBvkJ65= zmUuasf@qS)G037!QGzISx;wgX+Si%R4@`!;xlfDwW{8Lm_=3h1q(0h`_;7=E3&?rBts8wnl#@vRRWodgqhX9d$hFF zK-8!4GEdCD08T(9DY$!u1vAxXj-MCz#twPptkFLmobmpS=_)$?yf#)hh-G4s-Y>C0 zeuI;mh8OmLUfLnak|g)mWmDcMMTi#NG!1Lk{tb?Z7E!Q-!@IAApSg3~hik3WL8EDZ zPVC!bY%T67kzx$pig8o*D>`g9PNoTnfRVDX_}qBWLgPu zyQnGdRe!h@L78*)^CQnp*KIYAPum1{-Q3* z^piAlFRNv$IVTy)K%x)fGw1-!9WvY+0%Wx-2f84$<;RG^y#Gjp8dlD&ck(;TGGJ5o z$i3q(!V?x%|3N)%GP5AQfy=-7oK&oW!@{7sYSMXCFk47LwY9YR6I8K$Xbb-elBCN} zn7;unI@##+VtxO*D#U7K*osOQr@^?mtqJ)M9$mb9d-T%d#+6J#SFZ|tXpm@YMQ9oD z$;t=gM0DD^xVB)3)l(pJ9RKGhmjWFQi~HYL`+N(4vZ%4Xbp;vxPd zOKKDxDy2okyrEd>gKMGZu7$avY+Qg*kuV)8a{TkTxg zq=TG?vPtEH7{yby?q=wJLTXpul2H>iWDwhPq)Dh265q76>v;<1MtlWqU$ z#d4H4Lu=B(;Mn*)<)62d1R<`a#KQ=g=qU0Giorp$t!Tw94vwJ7sZ5)AJWM7}&TbYx z-m;KG!Jq1Uq~o~tRWj_m_RJe6r7$gZhJ5$-wb?bjEJwdicSDQ6!dW1fmeF+0sh~a@ z=e849gG}e%ZJ;aS=&}Z}NEhI`Zlg1j=^&rSMt4^r0p_|c(5I0lk2jrn{>LpNIIp80 z^0s$`KJw7K0~s`detMtIbfSl;-RHLGQF2QLqY4!(K1WhZ*!%c_WU!Vo<1PE~Z>{R{ z0WcjAq5ojF*{MUqK)R;U6qbJz=+?kM#&8e{qemttPqtyoYjUvOUoFRTYSloBCnAHJ zj*8QXFUXGEjcJj78B@lQvVH8=@=Hp4T7xJ_E(jf+V-aOOCG5oWX3v;wP|DJZ(gC^C ziI~hWG3bN$?646H-?x27g9UKJ32zu(=6`hLEqSQ0#+Tf_FYzBX+w9^l$t*F$k3Aee)sJvY0fiSLE8Mc54vQjnW)+3_ zk!wO$;*INQ?MK&{rTw#xqBDvJX`YuFw4B57gipY8lNe;>7mQJ6IJ{{DNN(;Bpv&3h zF?0E$c4wO8MLf}}!*(e<*E)+fWi0L+$zR7ojjkS#keuk3V zmN=6)aQJv>F{eHzWAW`oo&%3FN_ta4PYW3{UN1vRHu}^ouZlF;qEdYyC76c4WkuC% zydbN^%c&}D=R}-lI&Dc!jb9U|V`(>+CwN4pcFQ~k_2JElyRVlwz5A<7?unf0RMm0Sk2}kD&noeYVqetPzPQyA4T)9x#ml`T&o|<= zyR1P8crBuU9n>f0Y9sUiIFJuap`?!_!-xN~tFR)F1@5yT9 z$)b-ptG2k;K^e-e4}qb`7+RLJA7zBwY@}p$7F)@%XfWv3WGAvA1$%H|TRu1K=B$<- z6t7_q?hRVqMp#9KiTZ!LVR&RgNUmjlByx8yq%PiDImg}3RNO<_I2`6}7w|B%bAs~S zmA-$jdtjH*TrXareyI@qoR>gAZB&C~>CE3-#OBE{QWhq$q$x&~6Rw>sr6YWJ5M`{e z*#8xsMizo^T_|l;V?F<+l?fPvQE=Oq@o5CBk)9L62oQYC zqD9P^Sgf8w;riUNb@PkNK(G={JHgBd-D{P%?pCek@h}RSgtB92H4c%i5ckkAo!t&J zZTEc#t%e~!It}kBL0MkhAvp6?`GjQKEl$%yl?{{e)dO%0oXX4O#gXP6P9D&!CFe;>3L>QP7nyi7E$^v`bmRjE7u}i>F&3S<)>p_?{a9<7O4V+S z;3pBZO=agFi%^dWpX?9r93%T#OP<3G8MKLoM~_x~mZnOp%6nnqa*#O*OKv(oo#J{$ z+*sdXciu#Lhf(t@!2b1UXeKF>QKuhfI}rshs^=ab65*{nisr**k)fo&E}x)zk)2Yk+q@*(1F1^prW|_O>*`kxj7L&v-;O^^8pN)!L`{P9 zs^o;O`~^;R*3JycwIb2~DjQ8}`~bVoUrGhLaaSitY@k zpu)kcT~ZY7MdG*TetLTVgEGYs=({K7x$T$EaicTW8`#IR;YjXaAo0}=w{%p;3^v-r zdhJ1=nW>%7pZ+Wfqp3+ev)UmKt*7m=C6Ah2Z9zHEZ%}XJe7*bJ9;xC>ATdr78;?kO z#}lMvP#r6Sh=f+^Xzp}gH{UcxL4&1Q)v^uM5p=cP1TS5$8f!fTtIj^UO&?koTH+I9 zcP9u%%CNOJAM!Ydrob5vAJTj7d=EdsmYlSo-O+(HcX>!~=yn5)R zV+Co$U53DGIZh_~t#<<$$|OsA#*=%6TfBs#?YtJ|Yf!}-Ds0jwd$_Ha0%}Z>Nn+D_ zmmXI_jA-x}5|U9&Sc=$nIn3$ z*6c^FUHB1ujjY+9tqKE=j4ke#Ubc&s`Ua|V7Z|%@0zVkfJaLlppYn3i7Fb=e0>r{CLXWf`}TN6v~+oQN}uATUY@ahv~R&RVnA`# zC?VtLY6T5h9M+*4NK1N4=MSm6o=okGwcL2a7QFqbr28bi>#b?<(1`A{B=MPiX5#4C znf>6dQ7lUDYZM91`+6I;^~+!)7nFEx|E85^BrUY0w{&&gu4n1=tF#Ja+Q?wH)cid$ zKvIUhx|jsal+O{>(o~O8@T+;cW4D>z77J+?XUB zFSud8VRq6@{Cy!jn??WB6c?d#7^+u9353Zz%}lk6K_c)fNL}|Hhg29}-K#i-VGzU6zTQ0gs(Zg9Sb!GA1OQw8B#nN59XKd6P%?&@sS!%NnJRj&0SWk<| zgL>U$aP9gizIS5+4E?;lL5#qs;(kCnPq*k1~Js(WT!CXnSrfgw6P{gK8o~a5B zKnl(5Axg)2S5A)abgZ~9BBW;E*+m_ETDXP~=3{vkpbIFYgNWm;z5+lgBPld?Xm;}{ z`p9Z*m3^_iwSim9*2@6Cm6ZQ<0;^g*HMp`VoH22_buF#|sg7sI zOp&rOdC9X=tX@x<$^6sz(3R!f=xPCdrOq2ZQ)Hue)b{+O0saKJHn z^Ua3SkcYa_x5-t$bMHOXmFBi;e;_pL zdNwwd=6 zSXBI^)OkBOvzFJR;AGEycV3dndquBeBz#)|*Vjw$bn$(|5!=edD5n%7-xNxlpq$eLc3g7<;_l~+5ozmKQH~&iZj}m*Ft;o3- zaRPn@{w?$h#ch^z(~F2^od*ZZxh+eypc*i=4D+m0R2NoUg(znEO=)guP@_@&i*Bem zyeV8%@aV58qV7V}`e3^}r-u))g%_SRSRl3g#k@(U*UsgG1?1XltW(wnl+jDn0vcV^qW+=$s0-il zn}G)RI`7|ONKR9xY&kt|oLM!8+Oqx624@jE9r$w+|Dd7p^tgXH!(G5yEGA=#gfuMpbjvDZ)C zU-=C8@*LgV*W(AWkZ@h&wh@5VAoT~%#}U4Ix=mYo`Tkcz>VasOnAh(y$eQ9cpT#xh z6N@rx10vy{f|e!25Mf-$qp7D5^*Rr96+p+bQ%bCazD?R!zvoo;= z%8(g)4su?Dw`O~UN-%gnJZ*w&h*_uFR#aR{n}zC&c$Hc*Z@02o)x<5-eDjhxSqd%z z)N}9{g1%Kz*<6PCp|&G-{fozJ3C_7gsIL;2&ia9T3L;s+cb~GUW)HTFF>$Mb-$vA) zFL9^S87VTEv2R#tsnf?dL=;&4B^JEN<>>0uuNOxbeI_Ob=ak{W7VWgkJ9iDe9J_y~HoevDN{`GZ$u&+QLZa(ZzKNzYQJ`4< zlb^vm9y!`(t*0D2qF0_0Ru%V{-JNS+`PPefbST8!Ah>=WG8m0arNZMLqFP^oI?C&x zb=Q=^Y$xqP>6`$iTU+uaQGIaEuM?7z*F50@4h6^K5(X=L2V}NXWHhv#8_1zwbhG@? zwn!k=K&51KJr#In0Kl3{=9m8ov9bLp#P)9>_kV#KGa)-0^M6Ea9BfSgf5henuA*YQ zK~KiyA~_);!NO9M?;`1b!U)IM3&!{xp0FUfjIf-NsyduFoDd#_n2d-hM~a$gO5psX z>*mMrq{?-A-TLZ_cLi?-Z{@3s&SPy*M|cYU3T8#Dunq-DvW{3`U{(en3PM^suulm{ zNC*~e8S)zv97?P2>l4``dH*NT`n9h>1Ed6c2xSp&jxryA8WJi2LiiAs=swbbQ2_={ z?KO^gT^_j%8eXs!7@jP^%K~+ifUqoJ80>?Hm-lb5@^=Fm%z%hL5;(Z$-OjNf8|fw@ zaL^zBP=zWATuDx3h$rC8LPID{_E&xS;975^znG#(l#GlDD3On8A|IZVQQ@GV$Qttb zSepdb7(niz-~S@3V50p13UX*9Ff9+_&!6673wImBMMMNrAbu!J+#`9$-h$0tKf(Sr zL1$gid?tw4_d=UnaUtASbxVIF$KwZfwKM`{7j+V zk3tnp=#sM_up@#C>%RTFLn34^byPa{!1#rM;RiAB$DMbblOS(LX-|Lu=Qqqh0ZZUd;;+}p0hCtzaB>--^B&de zJ;3l1(sgJr(T{dTR0xWhApFtZgF76>vy`-+d~|-_X%~px-&^!^py8?BMpLp7&riQ zP-wB*q^(zL*Tqw&asZR8ajuMwqEkPOn$R2f!L}QFN;xm0#~Yh@x1lb5VQ2bUpHJ3V z%H8K3sqg)fN!(07)cDQ$ILNhT<4}&z$nJ3G`?J8-RDpm`Z3hjzbTq5HqfjYfKi@Ja z>lN76-CF5F{x%62aK$a8if5WcU@VpB|P z-Krgb!`w%5&!w*pw1!geU797KQ111VH|6umK;(WYjas)TEsgKkujU`Eea;_r-KQp> z&!f+aOxvmIjUT12&GvtBYPVyy*%$X5Pq)&$W6R-9S>g2fig(qc=NFFqVJ=Oa&sCtl zY2L|+0Ma{x*2~e2eT|U_I$FXM_|6Y@*ANn^${F}!NED9P^7OQSTb_l&Mp2;sy7@^39s+7B3ahl zRU2MP%Tp=B`{}Wa2iY;07O1qwaE|jgRvLLsPLiN)U}AG}ZREF>i0euRoi7*Bl<7gu z)&obmZT{BBu}tIQ*`F?I%cVmO!vfT(a_MC}{L|sXslx^2X+*SI9c?6azP)eAn3R&o z@Ivh^S7zdM&#|yc;3k4+0@3tY4O{vY9b9RvVZzQNYu(Ofv1Sb2%!Uf>#&J5)+2pL9 zit3i~uEm(mn?@P-6|pQAZPM6;6*S*KZde;%QxCa~m<1Q(2&|-TbE&qxf@wqZYy9Y> z0?jFUXsaB$imWUwR_;!})FddZgLl?EbC#1F@)`D`tS2?i_zM#@n^STF84IVe{k=8` zOU_FF8iSp-n@iANy5H2$ze|$8RVxW^_}iEBV_lcd+y|24GOo-X4|z$Nb7$l!Ju75Y zrXPJt)lDq+<%K(9Ar@sD{w<^-ly-JJdg2ULd*bo#CSNbXdNU?roD;nwO#8SK7iR=v zb4c{JQ00gVzp{^>n5nk#Pu&{e^bE63!5DWGp;X(AeHSrESyS}~%8|hnQdJ&nu_vsH zO;hafySmWB%-Glyww!ZrUT{*1p8tuX>aP|)RLW5FGbAI63i@NZTyR}?uG2(dZ@@p(ekmQEpn1_!;pzl zZ&Kp^w2}MI?=}H?ISDF`d)d;OZ6%+DNGRdIpRiXUi|!SG6~;aVqde&HbB1FrI`{<#`2{s zN0=(JWR%5Yo7oYQSG`9>~ollZ}U(nZV^WFG;lXGwpT@RD%6iAQm@GwTg~xh z6TiUmo9sBWyX^T(g@cW`Ni!`MnMxt0bd3;v~en^f2G@S+^B<5;iiZ>Qe)2 zp8*ApkuKqp(Nfm^Oz)g$9@wsTu?dy^65D7~JV}DDcoqI@~`Iw_)P>oQ& z#574nwA2=fT8iph8$+#>CVZm+*}8A>>Yd+2qzHM%O$06UTvq78tciPN54oD?W<)S1 z(_R-O@a()Mlq9y}89KSnv&2%nW%r=jwTYd%1wO4|TwA9@c3|>~j??)ZrzwcQgRlE6 zWzNG<9LFD1bf!SwQ(;GmXIZO4y2CPV)diul`}pS`BcmPHc;Yl_JJe!IzROPt2@-yKi~$1x}WK--dy1bO4~x$?$L6hO=C zQ0JxQnU0)!*P>F1K_CB%@chZ9EOsu*PK84;Tx?gk@I07UNr@TaFpEed^bWW}+`rWV zZ?lJf@6jNQ8T<6nIklO1 z5V@fBLrOb(CLEZNanRG5ZkhhqSVBRlD%%aB?#|7OkX$5{YN}=v%MM}7G#gfW$~Ur? zOk$J}KiI<(2D?`KSnZ;Z-Qj6{Oa0ikR1$4Jd*|%;EaowX(yz~DcHWjeTf70yg;^VP<)Uqe$^#I?z_ zuw*QeB;vi@_m`UxqXU@8RNfd}Rd% zI`H!pmD+tiYj?@kwVkg++$TI8xcIUA%3jL$5T(`0#asxivp58(j&cxIeFO%S)v@le zzXKSAG*-gj=q4tilbYi_pK+`q$FYa9e%vk^>UN1j4$1 z?&Cg@xgCbiGarG=?SV8yi`+t3;$pPCa@|(H@ieWU3@A`S>qM-N_K3=n4p?_g>-YDw zx>M%BBXoS$dN<7d+PC($^gX~MQ@+xuN;sZjMj8BRY*nQZF50C`;-u8Ews&1|u457? zSpaa|btq3TeED}?R(zT2vQp)mUkauTySlJ>nz+Vf`9lM3+Ps~|ucfs`YLrMJ->Z3s zMDFkfMoGKxisW8a9B?1Ma<_cM#^soK9lwY32~fJ-$cB2SYB+4vsfWENq73C8qVzlpDt~Gx*N8~Mp&s*tnX!<{TaN!TnD21J}F%uLW z$t3{1^Cus2M3Y#=hX&t#V0rwfFSh37C8U`pkOEW4F1z-K*0W09`}uxlc|(p(8_Cs7 z&J*8}Iz|hyzTrF(s%e_I)p8qCO7~4Ct-b1 zksJOKo&nD%Aa6To*ezTD2%mJ%^5|Cota*40D1vyk!BmWP3!ZZ({=>x}RZ#U3(N+RI zFt*zAu^FbMlSfCcu$PsHb2QhhEz754SztPimzLhLW}av@)AwpLa;}bFYQGWTH8RL25rrF zvur;0I@32HMewi9w35ia^?>h7(2EzcZQLEOL}GUKB&W(vHU*OvUDA)a)JQy<_C^Q>h|=}Y}qIW<~Dbq8aoE)6#-b6?i*Vz2S@)hpjL zmfcB50O1Z~*V%5x<;f<#{Il}#$r2W5VpFOqBrnMr+#mJlv;&cPApg8{BH_dEXDGa$ z^7*82ugkRc9jq%&FCg>l5-H@0-j~AKGsxL!?_6GXn?tSk-F4GMdj*J0?~>HLq*M3X z)nSjBMRuSXGh93?4EA=4V&w+I%Hd3fZRA1C&LXO1`bZ0eX^5#;h#ZtBrb%MO-lYM~ z_a$jnH1f^S{5Ei@Tr*O2?&1wj;y#v<{{BJQ@Xozvr_uWhLiokzg>Xu-o7@<<$?JpF zwk<*~LWtfE0FUk$v2(wjSbZ`?z66L$^@hB z3qudjle!UTTK-K-oG$+*P#Vw9G$Eg`;%+rI@&KkQB9_M~jC@CC?uQ(@z z%{82y?aM`8y1=+IJ<=Nc49Di0!{hRFaDc$GT0BU^0*$l7=M+H;Z(v}$SU(1Or>TU2>p`3pT+f2Cqh_3j1ILhk@eGDNgR-=mwt6y|5S;~X@ ze_IX_{*efABXep}W(FTOEKr13=Rpb)p3~$#kMwsJ=L+^*2i#su{hN)7A6+FAgOi4L zIjkQLW4ZA+C%N0$+J7*~k&+P|#z}^D1!h9r<;Mi;(B9RtIxfwwH@$@jCJv`)>Fdcg&gM zGScv&%=*N8&|&9wPY>Zwzc|1%eLCZ^cP&r&4Qv?GKYSFSl$pyVpkK>%_|;EOBmKFioWqEu!c!x|=S( z_`-5Iu!0|??0b*{nR&VFEp3=I)Q4(}I4_=i zB<}%E4pZ~}M^2sMwtr#yr;BX(P-jvUeg5kbpl|Ih8Zz;AepQ=%aF5m@ zDw+4n*KaHJs6<9-nyT{fW?5GF$tTwOY;P-Y{e;PVD&9p+w*ZsTdi`Eei!0Uj3zr$6 zXNGL}G4eLf8GruA!~>;>E-A6G9jowB?HcRdbd05$AWUBTl-gr6%sWRp(Pl-fmz_fj z+?0910P2$W+r05pQmU5qkh0Ku2oZJlCUXkZCeE+^1nY@V`H1Db!K2|xkAsdirm zg6*uIhE;#6+PLeG5D>BWK$miqkDh>A*vf4MTKU%qd0<7V=kZtC5^zRQO{D*a{1|Lf5rR*SAA9r;T1FfXtPD$ zyK!sEx*~67V8O20-|5dEjJ1S?U3A+@Z)YsBcZNHJ$h$~dzWxM~#g8+ZgUlr{O^?uB z>$G3vPbH)$n-~vkSa*40^g{SH98cBu=ODF5%AF!GO4V9IFUc$?;-ahQo?&WZ1LBf6{4O<&@lXJE-2|@%3so3b*8_jM7h6l7 zZ^J%nI+#_|l!JuwRj#i(1bXW)HnlwO&BBAYkbtBAgDKy7pV@u!5X$vDoi zDV+XZQcw+p5So8MWpaQ&aXn%;1J3HIWPBoM62A7x?8jA!Ju6ms6TA5;o2}KfyxZM0auv+=+vDbj5LTjEj$ABWqr zS_ZFyseLQmWO_4zr>W=LQA?J>VQs%3NK2@CiIO?iOBBS<9~@`TuXy^3!M<;?Iqs!I zz!R`yO8Gb{cG`*>fB1gAqOqrzQnj=d#8LZTWrpZy^D49MpQil%9XWD9k)w)rvphMf zBlA?-edx-$x}7Z%o@tvynwT>|*8-QT z$ja4lT7iQ|EG-KS7tP-7#qlv9dnZvO; zuH8_!WO~u=e6JhMWzFso;lzlxt;LSu(J}FnKRlWgvjIo~VN_IMh1xvC0nFC``$DH5 z{?QYm{s08BW`eerIb2^bGBm|7w`H4MYIvpN=GaPfu)H1TXxeM`NbC-NTJz}D zoyAB8DJ#h!Uafl#>7bC?_Vc+^CJw&~qg-gurqOSuLgh+M3=Xw7fKMjtglw0mN@PN# z{$``k*bUmWd@V>lni{DqE?!0g8s|I8%ud4^2wFUk|6dM_S7{T38iICx7Tvq;h8Pz$ zYu9sL0~)jmvuQ;!n3QxqE?R-Gin{%TrDfEWD!QE!(uWyq$>r?cP+mWB^ip5rBaw*? zEqz?7Gh|v#g1@eshlJ<_4l&tn!dqt>Op&r+ONlp4)D$`bykDP5qD$k6m4i)dyvuK~ z%v49S9SKBpE$nZa91_H(dG;xKXnH2;RYXmnZvU{nG^tjTqJ+2G+XMA}P#?#nbzaW- zu`u{IF~K=~OFG|pL1&=Ch+BtQfaus>g(KeL$BW26d(Xr%*YaVe{Lbc`{ zP?RcLU9(2T6b6T<$(bB4!;xvafhC*%@rn1%HjZ`mSg2BeaCfO4d2s_NyDhtJs#RA9 zt>Sx(Po&S$Y9_Lx@Ok;lYgb39noCg-SNUiSlUkak75VqIyL+K}`mhT=&2q{%R@~W= z1=CC>ME{PqMbrt>iLJW!uQ>YORZs_BfI-`-gRQ-{jfspPrfl(mdn@UTm!k(^E@HYN zb5GQwf2BnN6&UNX>^v5}NdJ*gZ2WRZsDAm1aUvlB z^qG7~r-nH5*4|7$s4g`@YLTkpQ=rX=e>yYl1C(Vd@F{)t)<93;l$NbY*O3BW5jl4s zvj-YT^5?1Wr;LTAl(1Jp?0m!QCrku~B%1<&)T)+)i>rRT+FV`)|E!47#ngDw@XX_xp|5_!dxnY+pw64Qr8*8|e2mcXh%*iir@xR%@ zkhyuOEjsuob8n`wDnEz>NPZ;$3FmVBC!EX0_ndV|L@K{6Dt=N>;H5n z{~tT|jo=D7+Rb#)+79mQ*Z=)Y53jXq$M4Gd@755tLIg@XtnBt}>Ed&3walD-{HWfb zsb<;BXggQ29T$I6bZcOyqfX9ts#g2&X}T5F>0>?{sRp&Z`=KMG@DX^aR) zDNV)L=Gn#sBqM|l0Fk}Y#oKw1<&&|!l%3iJ{kGafB_ykWVe~zDv3ILEre~M4tC6W; ze+FPO|4=>njU^JoI*LO=5{^!x?a2dB*y#lyUbJ7#zArSd1Y>gvcL2WH>;AN~KMHjY z?ncXCYn&aRrexoEcXq8?*eQ zp4*R!j#UrfN6qb!5g3EFhnGBt0e4$X&cMsAAB3L^#|%?aR+B^5(;wnbg0%GXLX6(D zgdB|C(cv)=15?8j5QiSX>yJAcnsOGvz3<+=hIVuwx%Z>iY{&i#fc^aXaayw*CZf@!U`@_gFYR%M-iz=a1^UH&*nu-7QD>j}c5 z;cz%#03?s}-KGRU&Fn!zDmdHMKQ$?V#MIDJe~!HKsGU1riuc}YMtXF5UkcuCNXUea zW6=R6Q87ud2Iu=m=P|e6gE!&7b|>EXL(v6mdr;vF%s{x>yGnt!&)z_3@pO^CJ1IC| z{WZ_y&h*3adTBp6_JJ8`z98>9#VbBzIDsaye}pTlqknda|~U(@b~ zS0-QGYu~XREnkJW6FhVsfL?dKpQ>-U$vuLcu7y|ea)BJ~Z{Jn#%a7-uu#Yb1(w;4y zn^Rv@+#g3oz$oVrWH%y1Lqo?w2jkED&W_?uw$8u9pmDXt_O?EwI>3-}u!n zmfV}LmUFOILW4IDz;gZnBEHeqOcfnx;LMT!6orvXjWlK|Ddq&@EmKU$?iD zq`Hy&nH%$Ksl;s^37z6EBza`4$i+v*E;JUKh})N5_E%%zC82g7&k^NA_LgV7Dh%T_ z-$zl``3H?(Oz6~2*|nPU7{H?@-7I=3nhAO>-F;OE4Z9@^$b@Pd;X2mE7wwGnEXnNN=yOUxd;c{pQ#^xmJi7ciV-O=Q~6&ulo zOq*6~SN!5iMeJP{{BfC zWT?MiZO)QU^;ndcY|j2rY!J8;*r0r%9{~TjxreNoGfZTmcBW>zfWmF|upY z-eLRt%eGi>A2a#4J2fGs3%f90b)FERHx{Bs*rC!*LrHBP6h9Z?*Q-l58@Ty`$}4T-(C|DnZwW``kI% z>>LqJ7!!IXA?zW@9HNmD(;#+2s-kwd-nHe-EX4 z%OU#AXiz6$d$2h@4mAo~!+Y-1o%nsHRa6)p zli1!_BuWD@VcV1u)803QW8ta237RoJimXRpy3FUim18Ta(}@AJkSJ9m!6PN^@G;V; zeRfN0eMz@GWnoGcfhFX&qK1q!V~?lAuN2YJNtx93rvj|Ln3TMJ{@0UJ95N*VLVCdW zSOl+rbayYn@XdH*fe-yj&{j7hvt3b-={b5_!nobCb#Y1vo>o>|&<)RSfR35V$y(jh z;*{F#sCIfbQj{r^N>i9xBLTm0b8E+VgY-KgI!pi6$Guauk5UWw^|~OCq&)0P+DwYc zCI${+=e-;D%guKUwB)<-eCIKM+*HF-$MpNsZ(C**YI@`FI!^^o#wPhGG}j^1(y5p* zvSF3vy)D0JoR@1rn@TV}ir3a@ImW~WCG)zsXL2vsz$zB@=;%JC(HTun2u`uHlCLiZ zjtduFU2mUJ4t$BpwPNeDPrO%dpqoVvlfil+{?U@ncP~xB`C|QMMQDF@s6?T1b|!=+ z&jvgMO4AxtV1oOWKQWW{O!3J2xX`ft!mK=&6J*ZKZ@G`b<(i~kA`J>y&x$4FEjEMR z4Hg(u3LW$OyvZrUq_R_y0o zzKm;YS?6*VEI0@F@|FKke9-C-ZYFT1^?CE_@-TbS{la86J89afJfr4pcR*C8_GxFJ zIbceqw~jTnC)J*tOV=kN$rz+1F6K$#>W*C7t?Znbja;Api8-s=d0%B7P^|pmCi@}d zIA}iXqr?C*D~o}b3JC7MZKBoILVWGlW&7;}`2*BKl`OiUE7t(U9~mB1zK%$+W;!Uk zNKMB+Cqffzoxx`C@5K@^r=|xG`h(IAhKA-Rp5bf+?r-Ls1x1~Omsb^WDV(g8WCCp7 zUYxMY=XohXxf6Y6W>%;)e0vV57JhU}ot>b@Pckgz(~>oA9p=GixzZ7xb?F|j_b z4CsD>F(XeAYwv;H10(L`L;bnx7#yocbMuxR~jR!eKBypZ`c}E#P)aylHY{O}YVdGyflDV$XqJDOP zj&+JTeR#;@iXJo*dh~zt#x}i=*ISi1UZz{%ppLtHTHn3gw=V z2dC3Hpa}nNUv%p`H3|7*0(%x3Q#Xu=>lQ0}DSnN_uXm?qdnyT$XR$j(PkkPJcM{2W zS+ezH0{XL>il)d`8kw*qz*ih^A_@wuyp=PDgb{g-yET|rz!Wc5X<2W}5NFaAY`9if z(7=%#ob2bOH&b_*c^oVQiE6j-TNCfTO~w6IN>ZV}BV|hjcm$6;5)V+|dg$49MQ&BQ z?voJ5;voTw)X3&8CA#onm@JkSfpsEQt31KLotdlcLcN+-2-18;(!cO7M6)jzlNbZspd4ySuv`^O6A&RG7+|+x_?mA8?Mk|YMsL{VfGI015?gHlV|X#w?(?;F#Mj`|lvx}!>IwSM8K{We-NvYJ)6Www ze)vou%IP97Q3JmOGXvFFP#Ql12F_va^x;rInL=y{?Q4qh=D1Ee86TC#&P+^}2Ea=< zdShE42*xK^ou*SBX(P!V3Rc||R0n!5uW9E5dd^wqUaH!Il|pmXBv9#acv^PjUp>CMp>iy*X!~-IS$1i!13l zvY{98&2>y<6Uuk;xO6B+7XyW)u--iy*&AK2MyW2L(8QTzT)B<9Vy+(J1>XA>(eQV( z!ra)i48KOh9`OnFcX2kxN8QA>T$~U}b@*-B)oWU4y)0?fVb@<4IqS&`tTJ90-NmEA zUr#ZFXW-#T{*~{_K>sfF9MPPi+H@YIqK$gg(R~G$$PGh6hQ&)hMJ_G_I6H_5d$)kkG5_=xx}xXa_;DsP!sG6;?qC!pN2tarTL>&KvbK_W~Mczu)u7Y`_fp zs7~5Hw^{nsVpkERi+8N^)(LG$m~5Z5;G%jg1BB49=tjJ;-hfL|31 zd+RO{VrnmGVm(fPTXFFJDXBh4z09`KqniN`X9_B+o6pfUC0%{01TLvj;+ zb$eTGe}!f)*g2E4*h!ui%Oid7aCaM4=+8@_PsNOZ%SeF{S7!L$2XZihg0s)(h%Xi` z4sb{p;vpAvMb0fB8Ho`(8z+#Lhv81AM)%ZYaT3D}-1Do5rfPj$OAf8yMHUcI)~Rjb z`98Q6DGsH`6&XnCmob_Ai1|VF<pRxS-!@$!Qu^(-EmqtFmXSw`x&5NO|y%~?_AIx zH{EQw9y=iNj3dxZqLe?TXzOnLDb6O^roe8^GGyOD)55`6*1$hjiK5;5&TFswqXv?R z2%9HfjmWD1RSW27WEH|@qF$d9kEspJ_^NS-sryMe9UBYY)SR%6thfWE*E7j&KDB0G z^1`=-toRGg#_*|w$5BI-C`9;z(?*zQa)>3*dDgPdQ6O}pmVxBHQV}9(<@TN1mlQl$ zlz`i$OU8k%5Qqc6%Ewgr;@kPlZRy%)}{>|H*vLA9n4uW{}T>G`|e z?_t@ozzw3gReU5j4(u9V-4TZEEp|$TUas$unl%ottNy9VH;PECWuKQuJ`v`WWgjO0 zM*XHk!sGtZYZ&eDWcDp-fl3G4l%#X_6`BO#HmG{ba#fH+7I5wp&JZ@6QLrE0hyiig zS|_cZ$8WqQ6bfk%Zr$<(R4lk?dUX?@VI(k=_T8>nKcUbWRNPs9ah_4P0yDRhVEle$ zC+tLi+6(SswR00|?8=-(yoNF3)XKpbczu@zexwTHyv$p(f)ctFj5gt3F%qt>tt{9_ z#56h>X&LY-JsdTGO|#418y6$<&IouZSmTwuc(!=()Hc}%sqM;x`EQZDYmANOeP`A! z-cOS@M0Gqmp%gP2!dt1JLEnee^5hD^uNxnu z=J`zzzv?j%j4LUOjx3%c&z|0zkfJA?R&m6JoUkG+kI8hwm`kw9yN3KQg3P71cT?5M zf9w7B5&TFwUA&;Z8tcltY<5?3G;oFpfI<)!>d&GywSj;gMTf%JCPf;d7cvM}3Xnmf zlOP4~YZsiz)0j214MKYAj{}Bs5fR30Jkk$@|Ng-|Dvym*O1Q!4r)!)Wo!$D{n4Z&zNu3?*qtPi@+UwA||g?4^fl;GT5M1Oba;{ zXz#CouHMCF+6_>mHoO*Tg?e|0%fuc(?C209$y5v% z=X7{8fvA1lDy3oFG@Q5UX!(Y4u^=&esLg zF9+F@EIIJA3=kTNhH6WBUfmT z$dLs+T4IBN4v6uoiBS1c+rF50MNz%Lth8gDYExpp)$~H4o6+NW?%Y)2YU&9JtKvZ9 z@$1OmpwT>cLh&Sh(Q$<`if0X|W4<7FTa0DBh@`?F7@)%RERpuy-AM)Uk|32J@u!6; z?av&tG7nwN7h`)JycPR?OoDK6P3Q1-?ppGLx5%P`O4^E-?7oSb6w1RY>U;trn3|1l zqv`g6&}I*+nAF;KqX~L(M@5PPjx=_>Ruc7WSGjX0M*WVVi;Mg0H>5x!PtPv@W5!S` zmTvz2rue;`kgk-T${Cicd3%faEZ&JZHn4>hRjQ6?x?5iZ(<<>~D(&a>QqfFHuZZyU{@DRT=TG;0iyiHL51{i}B3qWrru?AWojw7KxW@ z10!E~R?QKbZZ>~1gn3kgiNsthKRm4Xl><{P5+KVPU(}laRE{m`?U@--qk}Bj3$sT&qJ#$F;}h#eO?A2so)+xtq{%s6c2a5QI3n%q8d4hG#>$z z4}mjyCKUmOgA)b#3rmYoX@vwIJIvz-u`y^$X5+xVbo}JQow+k3lEnNTkgdhS@!4sE za|@@u<%-~};kkM2lx(h5^wWxpzaHRy$dC)iShQrM4o?Q7{))`+D~a{o=?;gP-e)a+c6|;wkIOXI57A@h#g+;unz`lxK{yF66Tfb3pQQG z#2w~ChS^TC9bt#B6f^3~;LDr3a~Jn{oA59)Jd|BNa#Z)P*=1~_52t+C&e1gM#&*LOkp%nOo0{>nD*HJ&!xbh$go4g#ElUgU^Ew7nKd$4hJ zpe|&~0+opJHymEB?qi?c2ZK#r#Db?`q@qkAFl56Z;v-$VaBV#XEPj=@doTiFKQn6T zbE?9w7Obb?sq)X`GR^Fq4J0%6rwfrPmxSMSB&@+1Fa^52BW{a3K3QO}QQUx0O`}Nu z_}}(~rPlr%se40H^|KFKTcb!cfPo#|AoI}O$3azPz!aou18)NU--W2Z4wM4iwHTf& zc!pA!oVEh%Ld1}*7D7W-(NsA5;BWD%AgBh^t$ z)J3)YR7%!6z52^uCPBQ}No|fxew$A2h4^U!xY;fW#@0!?vG~$G;`cJjDeD2hj%u`? zDa$5CRVTUifb_XeH+TxPTVDvv3xN;qSDsgZ^L(=DCF@PY_+i{+d*`oyI_s^EJi9PL z0k4DORPo3wZ7(!5pd)Lm6$h`}TXic6)PGq~eS{K~*?BR_KhoPmdzU%SF&5p~h7NX= zY6N&!i~Uxe)v)sW=v&9JC8Ao={26#S)GrO+g?Id(rV2jjW_7Okc?c`=%9S6KwL#hn zW3nhADo_tAw=Vq%*0^(1yk>mApZ(>B#?a#o4mIwcI?USC5-D|@?wt!XJM28iDPYZ8qZyM~{|Fbt4oYkjIA+(<*b%Zk| zO5f2iG>CLmR7QdNUMt;c64cZAo)YNQ+@Uz|4*p~WlSiG}yc$f+-+9`N&}uWkG^Y&e zIgCI#w*V8^S`hLgqYw%b%e&>NYt-Pn!t9t^9;HgF#8)cmr4MO!!_Nfmm3>%**4j>S zc=Uk-BM!+3UrHcq;Ol!=rtLNOWje9h7-@Lq4xB{*+SP$OXnhs`ZDTdm{vv?r&02;n z#Z&tNqgp6^cyzgBs7iSvW9LJk|8fzmv)cU|aUAKXlTro;WZ5fz5GN6-}IIa&<2>4J=6}alK#6G?e4(#4%l7G-R$H*q-q2LGg#kLP=nU=@(s2`Vl&T zSdV^y;2$m1A5jcDL$5WFdrKJ?+m(_+LC;cWI1L4-%)^1rGp5by2Mlui#6mjCg?(FF zMVGsa0I?N9zHXi~xQ;@WOyRk4z6%AEDCNB4ymITS}%J zJR$u)vzfls{orR8z8d{dcJov|Vth-G92>KNdsoC>BeMsI$*gmTRxpqNx0rOQxHN$d zLnXBTV(c9jE8)U!-PpEWv9)5`wr$(CS+Q-~cEz@B>wKrN(fAwtD&~C0GmyJ8>W$c* z3WuG=c)AhL(6%pJawFa97eo3u7xd#-rDxk{>|JDFZT$eQo&A-HIb{44xLgyhdt`WM z*Q9S5u2j&VCgUK)IyCQxLtd>sd8iC83Mn0cXz0Vl~f^s3$5IkI(A7n zb*4Ga*8I~svk;ZQ^yN^#=y=qOMM-aFJ`j83lZE5?bI{JPKeM9vd3ht_jV>(d05Snu z?LGmNX`&^*&GDjDMret2i8X4_3g#I%ak*9_-_aOq@qS$2$!d`cJD!fySK`6H`#A&e zV|mB;hDVGT-0^!xbE0g9JNEojlw4=^&Vbo`WXR3P6j=zqDK`{p`7WMGYgE8Vn<4F4 z$bHBpw(Z1vK8WP@FUe?5I&B}h5Tl@PYCZL{oTPemk+#x)RQ$ju6q&^4R?gnX+QUY& zHPlg!x@_w)0V5$?U{t%$$D+!7U1JKF_fw4d=rtBs!fTdQ^VtFOL&nsc#&y^pvlZT* zDQllPBA=PwLk7YMp?h=RI9i>obpBpaQM+nMwH-SyAN7-Ny(P8q3o{lMOs0{SE1t}h zDO#~4L-66v#cA#HeRE@lV|ruWR`3}`o_BVx3ox7!TbI|tGE)?MzhVS;XHeocXocn@ z!p$}_vDTGwQu2z)L9bk(0lDzK;z113!{CXBw;_dut2h@6<_xD5bI&x)(vnQaWuWQ9 zo)TMiS#)8Beth+UiU4eh<-`q(udO%f2_(^AFRk!dRIuoQ(1)!Kh%6 zO*q-^RWFia-xu;=Td2Lg{ENKm4PI4zL>uYX43zyr_BpFn#DX>?c+lemLpLa*%Z7IL zo3h|D3!KB z)1iyy?DWnn2?ng@!#HQ(aC@4VG;b$$0?jIeFyd7oF9FJePQx$TuM*S0>XV)n($PK` zXGMOPR~iBLx(=#q>DD@mOs3mWKE8II=#R-n#_WRLA6NHycQ2-}d0>7&vBFx>TxC2( z>n_$$BlwPZXpCjP5(Br)W>MgZIG94N*aP!kFvmimdam9O)D}yDBe=pQlf^?O?suWr z9l84pQ1|mVRRhy82Jfm~Bg3bTPiaxCL;}S2f44b9-J}nR10L!6@{1R`$P!#|4Cl{r z6ui34Vw#9;%>R{tXUMN&LDarLHks3XVU;|#Kwp=@eeki<1-ftiBY->^JUpXDQ0zHG1;6>J`@RpyAW+HcKzD0il=ttS6VQ$9_AuKi!vJCX|VZ~Gq|GL*^L zZuh@V?I3&IpFfFFDXB!I)@p*sYT)z0;4EXWM~jdxB)qTS^R-zFDrV67b>FYM*)1Mj zwl>SK?0&)VWT}YF+NBMT)@vXz$lsA$FC|oKYM~~foGUya_C2&fGaX*`UZ%UJN&E(x zMPP+2paNWMBtcX^ea1`K%6TX#9I4w<%1!C6CSvDs>)zoMf8am`Mw-_O4ULLAcS9d@ zQv){^g+=v1pO>(qy72?0p|>2#M_)Uy>;|7CpnE%6FA=_9A<4*mO{kNgu50pxw@H^x zmH&bU5A3xq2xQLV#feDkk?l_wFCtCv3o^5Wv;j%MEV`i6YPp$7*>AF@*O-H?ptI@xSisEL8B(m^G-7PWTv^em-%OjfZy?wp9#}6T) z`;+AMs6603uu06qR0r7)Wy>A?o653l}b_(1f{ zXQsSrML|q{{NjQpf36uqd`lNcwrx1m8ENCh^D(@xf1i78rgqKj?PrgxP`5(EoFM^7 zYSRs5WWti#gq)jLggWJsBr#(bQU0lpXjF$ZC{5>-PsP1xpjajKFn)Lj^5tp)DEGXh zZ5X0o4D#C;^`S$i4O>#Ac~Z`FW8K-m>vBd87&%WN#}_gwzLo zqaDuU7M~6&Cw3IlpgJWZe3sJ$O3;#nwfGzGdLMW$Cw3b$jF7&O!Y?BvE?@ z1-9dv*OOpVbby7(Zay_{?Opsdtuy^(B^Ar}Ex-V+`Xi>B)i>FPD6sNLZ?%vAEg~IF z=2|{no`5bMl>BAS@LNBL2Kt%FoKE~z54TNzhe2iy96o&7y-*1+Y*2EnunS>DEm*I& z66u@5<13zC#lub=E!<2a&Rs0vD$;byk}Je?d9u~?&TDr3!P0gLbDnh(Ev8z<2^vEG zChos54E={ZWn}QacvYa@f|Pnc%#Sbb|D|ogbbNDYk5+KP1GWvd9^cJ?zKr?CY`){W z`wWv>Nhx%Cvl@QkLh`TF-ht0=!Q&s2pkWrEx)-R;KvL6Lrz}m|-oUu?2YHUN*fz$k zo!7)WQ-FS0ld#D?Qwswn(WW~hXj7N$xK#boQb0N8J;F=t92gQeRY<85{S%k|yDVPC z`G+}*a{AD2Q&=_$S;1Ey6{0&uL^|H6oc=BtyWXjly;^C&ncymOsyY9f^Q0)+(1)fB zHm!nROF1WGgWPnVo~`@e2F~B-Ugn_cAkwmk);UN+l!5ez_s>a3prq&r^$66@sE7dU=I+0pXCFsqo{c~Et07KHXaIS8y#&C zZe4ofEB%(3iE{2C3y{Bb|5?{DiL1D9M=jWCOLer&?9ac6yQ^Cf+~m(%a0e7t&G^4y z@1U+c4A9w6)*xz(EL5L}nKO0z+jZgl?6&$IHYb=A`A^;HBkNY?TDGdM-mzZeZG85Q4Sz5hP4x9fFO}Os2UTgiiXDXvaWXm;ilCbT8z1<_Kg<1{lzMZe0#qd@EjgorE%)^M_wwr@1d#8hp~b3{<4JAP4AiR;HQMzg|Nm-b#9EnSipB699IbEv%) z-taJHRRE#T$@_>QsRd>S!WrQwduXz|&AqZb0q?$g^gW?VtLzAUw zCApcPA;x@zfh%-9uwGTrxI;eq3B_r3<#$_;oN!NKx17H^@Trc?Z`zP0%c;u<+l9-M zm~CR=91WobmbYDGWy#j?S*(}A zH)|>fbkzxhC5L=^QnK$G4rwTVayVyQnp z_kkahrZdL-^u38L2w%P4R2sU3Er2K9WVg{t=qx21WJMZZ)1KttC@MJOZ)`d@Yuy{@ zFh%N$B)m4rF9I?Du4)leStGYSpHwlls47aRVtRx26X||t>d?=d$1kN>gl7BfI3n5M zkY=SC3q0p`HK9+K{eRY`HoOnkbDF9&*Fh&Fq^>wYeGXCV*MXAy6fm2&JlDUCQ-cb` z=3N>LCQD$wsqC&Z3^USkf=>7G1!Iq&Zf3mBrXH{P?QMHGazdyXs0cfoJck>Tc9Y%9 zEwN=O|Gg-vL_m*H)YDy{#;0Zci^BPo*W4NkEZ zEii*&-0uc4fj8?( za|tp8Fs>=a8&_a-Ps=!7iH0((giep(f{rUU$Ci$bknG7;i2p!+emFm;s+(w^M;X0R z+|YgSA|%v(7x7hB@@A$1V!Q51rq1&Hg4Y=fAn0!Ei_t8h`PWvQ0?s;7hfJ*Wc~)6) zVD)TwTlc7_-3&7AG2J=Z9x{B7ldm{}q*t)&WppA|EhN})L3eH&ScW#p8?=#&(qO#K zg$K+^qH-QP?8f5BT#!UjLKYBo*ox{VpyT`O>fB){KV!BlQpvX9oFM;x)xEaE+>sT{ zOKOt%0^|N@tXzYI*ANZdF~siKQb4IHEZAQy9~xM0?oCixA=VH?ylpo%Vu1;whm0QV zu2Q5fgD#>5S^S}}pdjO*UCBsfAa|17RWPPRcL1?(4)L9>URgd``cm1q{xb$DfhWV- zlecVdhRDQbpbt;jR$KcqD4}x=dI2d?1UrOicC=PjQRj9hr6G1hdtnffIU)YJ=9yea zdv)6^K{mhdAGRv_`uYePyF}lht3>!ogOhy67Dn^lz06)~xEDS<0KXxu9_5~f)XWlg zz;PZ*I~!5CmF_(gQS2$H*8$GU!8mJd2+ANh5U(;i^xzm*o_6D@7n$jK})`bSg{17)xK^hOhy; zp4B?M>DyM>!~lNNT)s}9Fj}ihYnq%~L{{tejgtww&%)}wHEx$^5=#@=>Rwlp_z0x*7MHGl7uQ#(=!H6^-%>(cNr3bEgOnnjGFGI=@& z@}`z-qQRNC;w=KlkGXV!w&etH($Iv#Nj7!n29cKe>Y?goVV^ExGO}zO6xOE=w%(1` z>N1WwvLilvh4cXZa1S+%Yd4XlzCq+EhO1ahmM2afsW151LpHv=a|!{}a<0~I9)oT(?q9yC%BG&iEt<`Niwf}WhMOyUgG zLo-@;q~PJN<(^~S%Z>|vZ-sM3$FGe!amQ${62eq^_RSa)_p#lgn{M>bz-lZlcQ-?u z*&HuaU8=anwMywy9Cz)&^wI?MOGgil9Jj5Z5SXV`AAKr8NH+yV#VJ!37dj~lgOo46 z7i-KiBA@3Bg;-AYvJ)GAq{vtQI_ZwGB-W6``M?=_l148}F?EdX&N?f)eP3 zkH&4I`#P-1%cxm0`q3(~MwQ0YQ~Qk5HnVPQqmHTRT~C~l+m~tl9#%T8yPuS~Gi$<1 z9JW52knY{{Uc@b{*?)bx2Ft8|Iy8eBzb3W_81+*HI_-=dn`WpVMC(yRHcI8q{6;8z zr?B+swmVlaC@$*_`9R}@Xt}uf@7 zA8*xaTJjAh_$>wpWaCudm%17EU*{Df0hiA?$3>>>$ z#%wxey2@SuGLjH()un8^x(2<{^8ussI=YpFfy~ef%aVUG?K0J_+XpOAYB_stDs}%Q zj>AzR2_I=N10S}HD5b?;iqniYD+xR#s5B*9P@b#>&^puG=hS<*);Q+mynml=nCM`Z zk?i_CX@;c$3&A)IqrfpB3-)a)**eF%wJu#?H`5A#qBm^b7;bigg1wqW(NFMX8^h4L z&8cP;kH(&gv+%s@P44(O;|Ybv9sDU5tgN7GR#Z(yI}e-&lsZCNo@`jZ&`?INf&xkC z%|oug%k^uQ>U{oS=G?|_HNvo;B$f^9;T+D7)@&xwfD~gJafe5z`GhGLP?(trlCl_c za8gK$&1uV#-KEUxFe3+#;Ijw9t>*YK$0>sY}i#>B|wR;rvSqD|Y>ph<`&1hsuPgmLHK z7*BjzM~*GR&Z6B{7NsZCtr$Mc6sZqzl_SHacm-nnFeRG!PuGBZzO|nIQ*LdcEmoA* zp?Rn|(GFbwn1VuRhcLz#vhC3GNP{=K7$HJt4_8+y zysA~EbcLLK&8;$Z7xg294kV1m^k>1h(~d|fC7PBq9ty(Og$MzV2Ee$?;4BG6O3Q`! z#-=f1z~Qi3hbvkkiV@=Gcc1bp0bSx)U?~6Y+C(j0jtky>gF5Ul*enA+J{$>97uRLF z7_2pk5)g86EGTgd$y%)P;O5!=d8hqq_>=9d`P-X>TPL5Fe{&Wa_;a$N)vQfc0JOh! zsQcL1J+D`*Ge)B_FvCFTF}iGfz>qexd0vDMleoopv(f4{0;3DXif9nXjcauLRXKl9NHU(8Z@jAH}s<4MgPHm{%#1}+?e8@$oB|D zXO7u{9vw^r*MVNDPIP4!J7`i@^oE~Cq+Tm~8o`j&Kr`^PH0-lq>NkXb+HcB)tbr=6 z#pa*T`pdq#zi1j1LUz`E%XXD$1mn*oi_OT$E;kPP?DHOLx|OFY5r+LWefCUdbq!xB zCNkzCe7b+=ViGQp9-d8&=qd8MMMEL}&L zJ%b2$V15J>1{T@6dhbp~!*4Hn-qU_Nm_TNIBa!Nc--jHDa%j*+0k&UcHyEYGD#rsC4N%cDu-lV{#jl(KMOG%(5; z)d{-dJ7I==Pd%<|vcz@_=FKR~k>WuM34nqbU~frY%TU7nb8+2du}}NwsXdO5z#=#b zJ`FRd1Va9J9V3N6)QlGG6*L%Neki80Tup;sgf6B5NWwvj?)?vl7m7AR;!1sw{LAOk zidi<|ZWm87LdgJBvAvTL6YJy@kL)PBY4p&L_O-i%0RJoi+Zp~hRdt!SN2~8Ie>I!M z1iLx+At+c=O6rZ=x0P4Fwk+~7`nd#4d>vO}nyY-@}#YBXonZ3G~z*tSXggd0NR9X1^KAA!&fcJQHuWen|s@Ja-PPvsuPuIOuOz2fX8k zVPgJ3Cvmw;1qZKWWn<1TrxVvY)5xE4zNtX)PfUfeRR!JJK<%F@@Qz%`9%giQ?y>kl z;zVP|LGJ}cG&^KD>k))pVm`HYdULFrx2q@x(5GrX-?h6LJvcRS73v4a;%fKDcHt~7 zUiiOx@zAH;e!Fgc3E3<{ET-i&MHhAy7MoWVoGubtQ+aGdylJ9UGf>`4Ur)1{7*#FP>FvElU1D zlP|h`#UD$lCf7SHj>CGy`IaOkD$|bFtAo^<9m=I9naS=bNTbD2T^?SruM{LW`66IV zVm#*Waj2^YaC1T%x^i>s?3X7fT7MQV|j<7hC#|OS$RV~#| zX+^=L{RzC;Qhk;tup-RAkKLgG5pWDDt5wB!iV{dCr!#wvZZ=_B`_p#2fEjX`R|u&6 z>@OqW0Q`tJ`I6Zp2OGmsSPE4vZ4&7%lePJQ#*?{|?6f-$_^i8z<-g^LVHS zq)PJU0y_u@NsknwL>+Lk^lcBIf*2fx7#M|1qHe((73@4B;Hg&STowsTFe(VG0tDkJ znqaQyb?aCE@>6X^YUg{JrOEt-rzsho-i=h5*c56Kx-wA6C`2SQun|brSJ_&T2nY%d z69Qx;qN9C!4-4$cKKt(!$VF&aQ9|SIfWmW75Tk|+e8>RGv!X;m8~}uf8UZOa1wAzh z90b@%Ab)ySBqg0z0R9Lx9Ox+&n2VAOO?J8@>f!D+h`Y<6{`2b_Y7hJoSj5z%7|g#5 zG-bO$&w&vN`X8jBPX5gr{s0kJKN@(LFw@U3)PVOYc<_A!I`aMVGde^^QK+KcER0VO zkUqyKxB-Z$aF0(uQh!|%Fa(kNS>8fOWCxHLy~C3}gfbf3A?!mCNIeh;LKw-s2Btk3 z*adk14Fcox3MiJBK%#%*^A8CW$PXTZfQrVG{{D~0FASLYj~hhb0Hr%3(gIX%x({;; z(ExOKQXUQH>-l3f8DGs12@Pfc*Z$)cBie%M^0FKk`itsaUkn{Rg^)-=LI#3}j1(Fy zBI>_6&EjG*pn=~QW3Zs#i9>#$mPAH0fs;CyhSMkaNj`tp{!ep(H=y4b(||#0Oqjjz zwtu#PC<2TxvQNLXueaj)W6>ca0{*RK?ppwC2zC6h z{SOOKfRHJ!)(t~{0b~$h5k&PJ0=zv9+aI_iK{pP?fDe5jc6elavafWNpMO7zjBA@y zu-rX;si8F|x6ij#ATZCtL6PYg3I-h#tLBNi>Cclgy+XGXP%A6m2TIkD#(x;M>IlI* z&yY_nXT2&pgslFniNU2)6P=?4W4ib6%zkR}RYYpdEKv;^P$b+^;Y6V(cz603#GZr^ zWa5&SG##^5A}GaaO5onu+q^5*ruT_Yx z+UKh`JJlJB(b`lZQ}kRv^2oBxlGokm3!u;~clpEUbHCdxIf?K4`C>Zo&!F{9GSbdJ z$HbPE4OBJ&!Fyk0gAvr$Do~CFCtO?fK&OS8B{aBTnm5xMeNNHpc~fUX!Th4W-My(P z&}vO~=<|?nCzdi2{C%)@8PzPj#;1vaq_}Nk;XnuMvWZi*{ep<&w1_j@^&q0q&xcD5 zNYHrhLH?UlMf5ndh2SPD4Q%ie`QU}H)Lxg1{G=o*YTa~_v^ad1S1plMsNO4PfOglX zFAF-~?5L1^VU)$dUH6rsi;nW^{hp|MG>Q)2vvu*M(Yl%81Zw0xGSrQocBGQq-rfMv zqN;uHgq)}-Bf-}#%csnR=Hc)8ah92R@5d}UbRv7$%dmQ_oZTHK zG8}Q`8trw{!J&qAcV=)?+^_wj)O%a5F&Bm}Nmq?g@x_Sfm|xp%uMH;smG>Y7o(Ye@+pFqbSq@x2?uk)kG7PYO z7VaFGb3uC?AfISof)T>w@(KMD^Nr|J$zM_0OLkW z=6a1vz6;uUKj7W018!nw@W8T0<+(PIc%^huG3U#waYE(Bj$4!mK$xJEmZiA`JlCBF z85GHy5N!z1iGi{@RrCAY`&Y1h0u@Xk9_vP(d@5TInLHl`YBzYjq7Tr!NtD_)98B0F zbwAApn>x&QTkU<>3%>RPGMZARuJQS2v0u~*Ae^AK>7c^xu(@LC7^{>NpNI!9-m(K}{EAfk1kul0guT1me2ESQHdPm{d zJ7R($-W$-t2gVC#qB04z<1!iOGCZGH$RSsKWmH%&r|w{5mUSYq$4^r5z+l7AM`6ah zw#&~@attDDO|PX%y|*q#b#_a5E}SA>BGdwK8Qz3=25+@ttiL4Ide6%{65U8?72F%G zKxVK+A1ntuYpdP_Om!Pj7oZRY9h{DD!Z!0cqF;v$I^s-lup6J zIkGr(rfHtg=Wt%pRu_5SFiA>$#`PAb7;qyCg8^(4i>XrZ3uIUE!z_o>I{>L6u0r6L zpV4C`MA>5b03~NavySmXI}xj-6hB!OXb%}*FPKj(EEZe&ijzhsH}@(sMu5BU zA7>kP;>f)>izFqT%8=vXEBzs?S3qstI)S+@v+~9$V`ogav9>cuf7E+Bc9OQzbDE{&PQE4>+O`|j5>~Trf+v% zI7%IdCs8OmlBge2rvC7aAL}&97H(`Eg;mhUm1jg#TX7=?K^G+K^{-_VAeR(&&;~+I zdpa~)tE(FPD~5D3@ociZ+4eDDs}NM>m@RNa~z>bdkJ&{%h;w=8luA2*FtABr8wXNas;r=HvrkCn4Oc%dfTOga#0G17UPpjf^h z+4d?2lva{Js(Tg(iM9w3ehOfA-=WW-$iFGC~*)!av2zul`_1&7H zSlJVMQiYKYvO?`~$-%^FUYJU0=oC;m5=K{cz2-RPi^R)#UA(U=k$7A+d%}n|g?y6n z>C0DLsfOQ7u3JhI>(81C%?SmrP8nGLP7g%RHWq$a4=*8n973zd2}#9<2vEZY(U9jh z1yzKdKT^k79!pShirm``u$CN7Fee0y(Dk>0ft=yB(0pB>9Vgb%^Jm=-sGq8#4Os3ToqOUi~I;QS!dWBH}I= z^na%;kgNp4J)1c!RGCYASbhk5*NIxqX`a0>Mk{*kw&Z)xON&*?68ggN**aTDK_sW# zCi{`lQa4*;(5aQmd*&t(BQ@*JbuHU5`FCT~X}*IIqu0V3Hx@%{JX1SyB>a|6Adf5i zn$vDb5h~1XdROr`5q~5Q3z(ENm{J+2)&1(3D0pXYu&oqu3mxgN1YSTA(A~$p%JjA7 zP$Slj@eoJZ`gF|Jua$PE&i@qR2A^5}UFxK69bkfe6qdh8uNT1{xd-qD2~{Oc86NX; z^xD}Q*)`}{MLtL(tCA0KqLh6i4siz3M)MD5T7A%=?f0mtI0Bb#E(iw;_L#yX3s?^O}5N_3A|=+%(b)&zl9ME43`8XTYL{T87KK&`-Eif6x{Rj+}B5A zkP?$!R9_Zno!&INzTyC@Sm>)9CD9g0P}2tL>mInVlby7q{dXi-lxfxUzk|vjiUqKI zy3qa_t3b|fxvsvc3qkA-B9Kp#TPad3OayoKj?UVn^1{4{URO*EhGHHV6Ux0@vn8Bq z4sY{&zdwGKa8tp9uu58ui8e7zE8hHF&^*3dYDb^N8*D$m|MFpsbWKS>$_b;{XRtv} zj2YwMzE8P*19gtnya$$h=M+(CD<7^YHRIWNwv~{DMn*-!640-CPchAzVX0;FL{u@g z{7R%Da=J;IZF&){QW{O-bBt-_cgR0&VEoy-ZWqjY+AN_(wrX3}4=wZbShBoZRq?aa zn7QYCV$KehAt^}!NK={L8!#h(xypR1HRgG@qK9=on7mV{J!=@WqeeD=Gh1%uv#N6f zrwMGx8BD|Xo&zQ=XTP62zq$<7I(^%xFz9%IrC;U7QZ;w(wgvpS@;cW!>{n6+*YmO( zs{tKirA_W05A%BPdY-1req_#-l-bmfcc z_o8o`1RwZOAL{$eKgi&MV?LnW{&_Nwp;t=|Xx}crM{0s)^QH)cUxMq8Lw2l0NGepu zg-9R!=Tb;=Pgh#c>Y0>6A^%VoDozZuF7QFnP7MAd zWc>H)l>^!l@+O)wN^#n;Gs=yq`ro(Z;Wd@Ux_qUJH%}HnHnFLOS3jp?Q3h)cM>&)E zTk@#_`D&#KS6&VrQwB1cY>vIFmWBU;x~5*z_j7RU9$!-3d8kd~qiF}J4_0n>U zO-IK&4od{y=1TL7>tNkwj@j#5Z7}k)z>Dg|Q^^{cPulb~!DL-f+2Z`J@R5r9?Q`+m z^^*<`u~VE6H@Mw6c_X<0P#~-mBdEMCKr3{GEt>V;gq|)OVb9MWPl;&DiSWD?P3dv7 z(K`{4psgd%8!5j}vb24b+*^Y`cn`7KyB*r%K{vIs2x(^ePxZ5m1WU@_Te_7P<3P#F zVXa$qy|;6Rz45(S);~-#qruw+kZptQmoukyxlX}8Go?e%mz*#r?ZK(2bGp}=58kJISIwIk%75Sax2|1c+v}B+=yOc6PWgkCrAyIh03lu7mI3cz#BKLF&*;wODXMVjdSZ zPN>O%8IjeKo?XSZiHqm$&iZ{8+7FGR{#Y^Xj&1s})qjS;y0@ZkS8!_!OY(yAXlPpr z;8oE1qPGQ9CVETIIlnqR&dr#Lu)WNr>Tjv?CLnNTXsg=r9()B6J9m;UhL_WsJUNwW_5}`3HFa?dg$%bIfz&8gX(_M5|F& zp0GySx`89I6kzXS1rOQ!E(VviragDWlmLywf3Q^UlUh>J>S8ode4#-F?`XWTql zLcEK;1K=q}5q9Wx(W|cLvN&4s*v+3Ph1d69G6b-zq@In(&>Og7xEX(rZg*72gxngg z;@ukbr7nwNx_ETfuIxH-L1b+a5g}6epc-joOLZ6$oj}k4=M;9k77r7KDO|DVyj9=6 zI&WJE-*^?nXm7-}!_Zuq7#6wO za*mL=H7#fa+|8)5Zu9MQbZoCIMzFqPSG^Ge>K4c{bH~EHLNAQbzK$;o-vL9}D)(MD zo5^m*5E&^wI8n$vbm_sz8N2dz>$$qL7_p3(q5C(YXt*WL(uRyj?Wa4Lz)qdB?mOAD zWQ~(8UXPAGHYuN-MwuDQr;EI9Pv1=!-(n+rIT3P+tndhu&ih{ZgY3XJ8U0bU_c~+= zfyOSiW@3H}S6JVU&qRZWCB|((oteH{uU*Ca+WUKup#^_?8jzqTi%_Ct8!E*DDN;;p zSS;fOod3DQi9(Misxf0|o)Kc=P?{ycaJcqIk0)&jRSvbkL1G&rjIywNk zXMQKzGZ!_Y=Yvdxxt6RyZO0tQ^Xk>#VY}wWtdEuOuN1av@!22iS^nk1VQjziN+;Pa@m2 zTm-%FH1DX~&z1w4WA2uPL{D2$i{fE4h(vnS1rkj}3VG6SiJi@s?TQ&=UHG~RY8vRO z*1{(=WQZBr0NG%Oi5*cDotr5=RZJ;LP|i(X7iwxs%dy;Ms$;14SE$mQy1<;aySk52 z=5_FCCC>^-tENxZ%#Kl5;7MDXGBIPCELa3pGEg-!0i7yCi31qGiu7cHTn_(k$Od}8 z3nbu%W(tg>24`0#n@y3#2*V&(+ULPmG*9{0d=v?m%n6;>otGhF2&6123+-g#+i?=7 zY_gY}j`|$r)Fb`>GIF+?JW-v?$c^l9tk+ZP{>)3W_{+ z(;0U~ES|{xM)rn6TvI9>oE8UUy?8T8V}om`IjGVE7=1Y9AIspOE-F1X6|J>!b$0Vd z6cwHit(T>M|Cgac#@*oT@kl4xBD1F65bG8FuYU#idL#a6Q-?T2%d(XtNdAjFc=n&G zMPD#;&0rT!XG)efQ}ikYf)2G^>uz#(FM8-9eLL5o5w(eDJaq<~z0xU$y!H1;xzF)R zRNcU5cr1}fiw)jsNx^XDyjrn+-;hf-7h|rjyDE>JSIp4Q_cW&Y93gW*#NQ93x@^es zuXshQw-$%qEb2F+HD$D9^~DR@Eg_; zHkzW+I*vRXf8!j*Wo{ZyS=*w=sr#P$+Oq6FQbo3Gzg&QG-?(wQXP3~(vwRFrai0f4 zlstQ#bQ}ANX&Z!oSTMKneT6L#gc%!WvDM)goFIwcH`18+-R^3@Fh}a_XKo+p3=0dC zxYx5WMc_4N*t}bG1XrIsPf{;MR+8GB3YFKgizYlYw%&06gJ({v&$YoZMu)L4dl&KR zD~bqPua8L!g*wKor<1YA5aX_SYg~uuRVE^|WB=-_nQfK+Sb(&>Wwu@3seaQ0;$5Cp z*6DC~6rZMBR{D6@U&>qV2Lv%H@X~Sp*EW?i-l%P*w@j_J>$)eyJM*sh5B0)bf2t?z z3HV^prnsArDh^3i;?5b1I_X1B+$`wP2Ch@{_o?l&zP>+GEAHvO>UpXBLZwLl66CSpj|2}3 zTYnqrfg!U`N9R*_=3$yf6TmT!i&geO$-tn3K-cj$Bs?*qw4mp} zdA7^8Oykfz#$5cl6snSBb--Bw2Gkg+01*^n#OiF+m)_878%P^8^Wbg#`Zf#G<)SMj zC`$phK~u`p*9(n}FjnC&g2&o{Zp9UC(R^yP;O^8bvLsQaY?azhfb4AqD6ITv#*PB%)CkyS)#Mhxh{v!smARu~w`s zNR@{5*=r5EROPL(uA*=Eku#MK<%m$zTpY)NzCie?IdUvjp^>F))@ z;U?FPO&%YmvGhUHvvTIJ-w-`x>a+jIbF+myF+`6`2=)ry^_OReRI&W zqKOYzF=!#vE-VD9v(wVi793Zho8dCk3$fC^VY6?_@8~u9Qvy4xfTzI?!=T^o~ zMu6t7q|WoBJbF5Z?tD?C-Z&eH-DhZTDt$~oz1Cj4_MNb}#LxbwiI-(ewHHiI7>1l| zwaoq$mTmVg2I0&8f71p_|{#ol{rc3Aggu@64#@2F*U5I zsyoWzT1JAyHrVw$aJ1fP-^?!KQz2Et4k$5y(+!q(IO3vR!thfXg6!fv;Bm&4J%bWk z2aR)%#TL+{N`}^4SoBCwP~;Hh{!zmCn#tJt??KUzg}KGTm`N|8ghJ{Fp;wHW^>l=K zN;;fC_ReGk1y4|~;r_tbGN`4$#dOs~L!eq0Ao_%lNcfm_b=nrFFBJeQyq>F6cz)$q z1*lwiFV6{LVVthe~9@u^mNik5GYD}u_{Kx~-YefJw z;u7;FnM>=Nxc~$BhuK|z$#+Oi7sl%=^{crn&-RnMJh;j2!akcRju_>9=$ds)*Vd*A z)iq1;M*EqhVChU1Gx@FpQ*M8T;*aG^RFFrGVfHzA?=q#(vKuUdr`1Mj|K1rlgPp%Fbz91ph4r33tM+fMF;d%0aIl&qBj>vc%w{Byyd*+Z8X0hsUW zKa~S|`0#S*iDL{O5?0YW*Cd0rRRiR5T%2NrS(_w5CX$mC+9<36U!v^xp3(#(=FxeR zYI2y;=YUl>>;g6w?mng~UGpvIYvClTf-YXrb4vmSDQU*-<1;K%s%X^)U%ZgavL51} zVB9`!>J{O>QCw&CRkgqo1eet93@tkqhOVmZQKHaNrGO9S}To&vbyZ*48iR zNqGIq|A2|vnEoeB%mQHgKbV+}lktDg;r`#4n4N=_qeuOetpBlk$nthBAOR4dgnBFqk(hYI{<*Q&Gkp;-B{(8Tw_r`+ zB~M^#D2}Dj2w9B%qsWl;wZea!Uzh0p!24hU1iUDoZ`}Aq*HEH^LyF7EE9;M|>eBnj+E*@(b5j45;ikQX4Loq{z$eGm{9 z0r&;}lJP$AlYHHPr=fn>qi^im)%h=JhRK19K| z+ll_Y8vq!mfo&qmzi#m06cSb-0_H(~@aMpTLO2U_Jai2Z`ozF~sDt@TJ=;@h2j`Jt z#5<6_FXR!zLWKT}-9UdiH@!H7aBqFy4&p$xHU6-Lq*kHcQQ@6j!KkKvN(%~${0`XU zQwAXIk{TKcDgrHG13d?KIy`xZaC25}1p zQIJqCuY3JP_;MBn0|Bl!Ktk(Bu>uW7{VwCe3Df%3EMg#pegyh^SI`0pa`*l5{W$|i z$3O$NHSoy)wEGIX#GIn2qICGfa^Gjn%nXGX06>(0>VK4g0t31)A|xsN0^0RYn+F;C zX&rdY(=lyl1GzhsZ#y&oP#?4N2k*aM#mf%xUs({ySA_+4_!2)V^%3$xdIEj=rF-6` z`UQmkRzCcqy!!)+_b&GCxTo*AfBZuR;us<4`oNkkbQLW?%Sr#S2mAt-fj-8XFBEA0 zRvr3_rz#pWBNy+pTQEHafO)=y{q8Yhg8zkFl7bBjTKh?yCj2^QsN(G3Q=kihy;^Mp z&lwqe)n{t%BYHWz4TsfA?-N#N_WkLo6WXdd!|1?su(Tj{%o z3-uBp7FkS&8b3tpnoJnIJzjvj;kgv{h@P66JB;Zh2~oIGuIsj4zFR~e%Qnr`Ox?nk znE!ZSw{ckr54_y_tPi);Hro?wR6>9e?zL7uiJ)k^J+RJ#Pg#c%v}Ykndhkj8V${nz ze_=tzONNYuNahz7-2i8o20YYd>axcYUW4EPhwhGRBw;HsEv(OUX()=(R!^1tkt#Q8 zz!XbXR^>h{Cel<>YFu^57_)ANo>ofQX#IZq*qgblNA*uwFUK+OCoxKKQ8S>YT?K{^ za9zB~q-tTpxnURBH`*s3+{~kMgf%c2aI47$U}0+-bDzKA0gJ}CfiBcTO@kGm*rq04 zgpJM%`n~8mrse77dep6vh1s!@JSVXZXzb}BYd}MqY&Mni_j(q+zjYWre;lYJZ94SR zuSKxYD7BrQ&G!3ohuh2s8KyiYF3`cxOpTY!v^H~;K|rt7uj^hb5qBsaVsC4#(9)`m4++SVZ(Wt(qmzxN%|YvJ;D$B>d=qJMA5F+!@KnxMW)rD;~r^0`?P__ z@%p?N2?F|U-6F#ehQxox#1DE@WD){(JK7s#+9b!S7Wz8)(FNo=EoG!zDYtVW-puiX z_Wjt8<@4H!8U{6@==kx;wz)2le9t<-059sMC#yFrT{MkonR1^5V+9dp_F&QNHp!D# z2hBvM?CEDg*^{3yTYS!641_6}IOT*ck~s5e{FUtkI#ih}sM8x6@QJ` zW)lM$dul8l{sE3%G@)f2FR+ARhqqNyc?Ia#7UJIGQl>KC>fgi+M`|nnn(5Bbv3E|F zFR49$O<`mW#ZfLtY=65)+}T=d=j-689$zA&&YxNwT{pwAcf}=mlk zlSC&Rf01v!iWLKe+9D>xXatehD1!^wkTJbG%uX=sx;#ExZH7gX30ZPs;AwO>l{zx_RfMOHA88$=A?QE&xe=3SLf8SCTz#(a~D%a z7W_^rq$hnQd4n+4GqXpfy)ynJ*-o3;n7kCGRBX--NVCkiNnjZ`D-Z<%h;rsV$0N4# z@IVhm>ShqOckKH_G4|PV{ALJdrVj5U;Hd_LX#0 z+@F~1REgL0@N+0@jU5+*Z#qPr>qN}^g&hs@Z~ad?!sxn&x|Ycaar&oGd#G$A_#>U( zj-0~~C7|SYhbEF-(_c68Sv5jckQCH>l8eYkV+7ahz8~`lY&G9Zt279JW-9upooS;( zV(jZj*!SGZ1_gkIX#)obeQ`5Qu7#cJXlgQs$xZAkosM@*AW3UJTioJeem0>aEFW=mb>;%I3aaykun}DRXPz4XgoE*pMa~$ zV?1`vhfmtp#x)4yTf3r4I84aYF}Q}fQL1c61nb60{CpD~P^>vwzSYR0dbt?KIxvGQUVh$xIhyPX)DZb->(&H?mTn7Pc- zd}@dBeh=eFd($b&C9qw+cYu<>c$w$A5goF5!$t&wY^_@-2APICy;-Q9(K#8dUN!0S z{7PTNGIsspI5*6t5gdkP_e+y(6dpThJVqg%pO~qr>Xy|~)2dNIGptYa&_QRfH9TsR z+*e?J5QJ1*GqIW~Qz-U%ILW+3IiXmkPRV z^{-&^#*h48%6f1qu(~913?*5G@82#OZ6TH_JWgiUkbQC4raJpb~@$*NK>kx18sbEqkgXRmQX$B^sZ2tvn`P(@W9)dv`!Py=omwY}3aX8+= zJ-?e_vVaE@AImQHXwAd6m00}^KKT1y|J-$l(3OHe2jHvAti5MEyruY^^(zjG%43nO zdz~~)B#TD-WFVFiy$Alaq704>@u4$oqUKR`lY6?&&63?&j}r)%7-QRUS?Hx=9wpT> zh}&7XKVM-;-_ddxepaJ3L-g$jWqASK{l`r3CD4aLg<6(LXQYFGmYDvr0vZ5vuFo`)Bx!Sa=G7%i4U8`i-4&cyl$E3HKpJ>#jS#qctewrnK66Aa~9Ed z>P!$Xge}zGp?Z5h{9wtAmMGj1WdD{#n1VXn8~YJM)m~*^VWMdA z^{_1z*1y8F=On#lUmELdQbZ#~F(gf$Y#MJ?j?$M~=lO|q`cg{4_Rk80sQuH0CVR%E z8yUewA;K};O|nN(hCnh(!xD;G);^FYE1=$~U2U!D9b`F+xn zOl!r@5&t)q_D-?^J>62NIs9V*#j>84>|X^U6ie4>D@Y@K`&e6TdedNWGo0%i`dht^ zX`&Gp`p$A1#UeT_*mTeCKWvePxN(uUhDks%vwM#m1T59&Q2AZSw!59SVO^(u7erSF z_J!aX2{j1j)=3_2cFD3^#TVW@rrzf+<494gwPOeu$eh1>xM1kB!w|!F7^}1(*%8$3 zYlkR`MxH^GA*4j6h~m@-+4LQiPF=F#m*zHZF&MkfmT^hOWQw%039f5$VYnnFS3oVsi z#VnN7_`c$MQb3jV73M{OxzR}=&1bDrw~I__n{>F=MuGQKyZ|(BQ;d&T`=#!a3w5lW z9S*EE3W+t7W0@HQ2niYDnL0eT4Eg3{y=X7wA{831;ouWUzSFOO!DP-LS}Sgd(C56~ z@_bs_{{qnHYSUviu=#O6OCs342{f%x+3tPhlMqXe55WYbb7N;Fcw>}qZWCqN*7u zPZTDDWXPU_2v)c6u@xCGc3N-i;dZ~ro3$8CHSm9#oG|oVPyDE`a>#n*Stj9Urx5iV zqpy%*wyY1(+HuR03Z`Bpp`3aar;?bhDYVB1UF&v4@0>sKvhQj=V>#=(Z)BO$O8W}R!jiP#dW?bk(&1ZVC@iUkM zK2z%_zntZhQ}k#E>7F%}E7L{lI>OO9ME(bI2x}yMZ}uaTPbUAmVJ=z@RWkAzWg(N> zF)?ZtFg;$)V<43S+33ZUSLjwGhS^6EinJ*x)S0IPru8c9$@83%yy5C(SyI*H`Q#OGNOG;5<0wsWN6!{YQb`w4oe7E5EUUPAsAalqxV_JX>QE8FRX)kLZH++Iux?m=eZu|j<*-JYVN`%$*kGD;b&k$VqE8tgeNAIv zn64_bQgS)rjqeEdI#!ZD6=E8ywWsAP$nrcQio~P%D!fpmo`sL-SwcXn<@Je~A11YV#J9T-$cqGfZF!t#i$u~=u zXW-9x%eZbmeVCqFn1z!jSXgC~C7gclTOlj37G++GtAB>hcc6|q0;*i+d6!`UJi ze1_W3`&VLd0znrw$JMWbbi$6UXhVg^e5S0QbYl?4H)%NPkLS!bgSuMf&ustE|{ z{F*<(SJ~Z>wGbO<_7)mC1C2Wfx4k`%ezC3~hU93pK{t0gmoGGQO7_k*^ZV$0v`ikG zleFH>WPbqFk!bTHLx%s^p(8|*h)=I_vQ2UMyR@C_g$ct#$H>am0L0!4pqbXa`R*P67^6yufm$ze@?;LG%*3gm2ypH13 zqw8^i8?VkFLAG(Tj}if6HZR)fKAxYm0csbq6!A4X4YgFjP1%&qiqoR$^+Na%Fvk$a zX+^9LOL`rz{;jIV@3m?y?x~61Vk+hOOKO(pz0HgW4w~ z&N_2{+RB>~#@UO-e2|eDa|XB+|~L%v&cr2ln*xAsS*>wYL3~*E8@GAgOL`n zlBCL8VjbCn3S@OV zf_0`HQf5(WTy*irH)N~;5gwSj8~VE<1r)gHzBh6GF(FNv%c*=F225%JQ{Ongxj~o1 z%ObqM(qYe>UDms~=u@+h)KEr z{uj_90qGMy*}aCOi2#)`#xYuDON=xgtm1T27Ry3ETB=QBl!! z#hTu+nmr2&*E%wm+omD6v5>p;Kb8fQC&_axdFteqT~p}%`oeRO3!kpbO|B!l!FGV& zfMS+72q448EObyxf9;8t?5drg_g4io1)l9$0eS0dup|kk5NSOImlpZH2<3iJ0 z9mFbCtlqroF&s@`(&6xq|9(E*;}2lMmoW)Ag0QW(qK*y^Snp~0mhEN(MyM>^X)~Hu zOyi3Ks=}Qa8k#v<_>3vT<(ybGp6_*XV*(5IBz}eJ*@nUcrl(Z0U!5?0Qfma>jh`uw zLVrndfs8IU)>PVCVDYFs>f<{I1rMH2>S|UK$QJ~D`rH@Q$ThDgA&}$wXS*s=CQ6Cb zNy0mPeawja_98@}Ar5uS^`%kP*Yz0?boscV|9eRn`YmAo5b5Q$DekSR4u-wj`NEb*#&{=zHWa7sX-1a z9S4Guh2aR3^U6X?$C>Ji4 zIBH+e-7f38zm2~YOq}r@L zZrKfgszI6FT>A*S0Y2u1-PgDouJg9yNovE{t7Xjb#Fd=0#qoUlETTwUd{$W=t1B*j zUc|qkW@pb;g8cwlw(gC(O>j?z;$HKl$hrz=`?&N0Y!J@YWJzwTOz}*wz2iaq}Qg6 z--5fBH)yJj#>8xqFm3h77r`iT^#9_`ewi?QJ3~uIZtnkL${6q&m^c{!YxFCxWME|b zuhDzKVPYIC(dv zia?QDJgrDYU>qo(;(=E^Iedaa4BqN=Bv6ZdPXI;M`G31JMLP$*;K5HUcto z>`#Sf$wmR8|KGo9b$`Lrk}@}u0~|uWuE~yB!#oNQ$cv`@@RfNC;GtJaLHqRsJjsde zHz!fxQGkT)#{WuA{Qdh!9|7UKH-KCYgCFJ~+8+2RIAD{U7+PkcI>PbwQJ9^>sLtox z7vwGPpMP0XQ_88Hg`IA6S3`Xq16@S}EHU!do+A9-KqamxfGQ5*EFSXxr`_Q6!p^mB74BX5Smf4~>+(cljvL=7GZcHo1lh5(@6csPOQw;0R~mPD+#oRvk|+xz3tna^wAm*8{g$zQg<`2A>CLBbydK>ykF zBZ!N=)v{oBZwZ)+2Zy0aYhA;EUJ`z_&O(F&5DNCg;9qGgdO~j2hAhcq5pGu4gv-FHrvNXqo|@6d4e{5HP($KL-omj5l_ zmopPHNQVM?`<8LGLV!RZe} z#RE=h*F~>_e3DnE!T-Us1o)Kd@T3QaE<@WT}g2q&MJQ-8$K!w2-0{#?Zf{J}n!__#C_sgD96 z@O%GGEBFKcy!lTIt1PvYOx3CP-9LNZ?z6SefL;$h$=MPRBpIex4QIz)x!imD^rTgw z?rr%dJB`OMlElUI)}&BgrTtK+zH3e5c%}Zfe)N&~a_?Z06HN*f0d12m;Jls@TB#Nb zVh=V_Fkq1Rf$Y*;hwjcTJ0*qd#ZX*~EOfecR$$s(C|zE|`<+#B}X7ik2Wabr_zs9Te3 z%0W|f_KxNA)S+APe&r0`{#FK=g75xi-{-QbYMw~-o6eMSghfDa8nB&(mqt2ibr&dv z#wl_5$XM*1{1ae)5A=qnP~x_~Tmg}MLeCogtb1^r@LaK>pP=nm$_*=myL(Ol_sZXl+I z!1JvIqQE7)3f2@4P7K+48N~edjcjC(I@fgB48+3A*{KS=qn(bd8+gyS#KrUhVTpF> z@x~bbl}7Gv5@SCRPjeJ!#quPhbE%o?1QQ>&T{d=-T+fNW%xd%8!7y zDRGzSjRx^fZ};u03cMV6Ayri7q(cNVC=}1KCq@$dijrH^&#!5^2!>V}%?c?ltFG7f z1gjT#mMrbfWzbl0r`-Bp`rq%7y!L3i76IttRZ=%{r^-cgtkxErIi9f6wF_Tu2f``U zX60~~^7&Va9gYec=+jYT_}&04Ggsm5B&tRrR*hvtbi!(N>OXbQIHr;E!5p_}(~lz& z3(i0DvaKt%2`LW6W`qf$iwg>GmDo{v*0!oqb}Kc z$!Iy2M(BZMHG`smQP15oQbUqptYXQdUt4|8KF0wF7CfOM2Pdg2>?_cT^kmDn3X9I^ zUZ1n|hV3J*H{`@Bx<6Ry&@pc7>v^JyQ)T|x;HmeF)6OgndV~qxIE~gL611$_;%0tl zE5$|18D?N;ryKP*1!$aP1olzt;@_HVK-YuBE4LsgA z8s)G`@NN|}ASjt8x>^g(b&-Oa?v6UGY0!Ac>dOYanhqWL{_Xdbc+ae);vRoFt(0QnFziKV4guZjRtL>WV=5}NMJsmVQWyb)s`Y-#KDXh?~l`)R~a^On!xlj zv-YM<;X*0`gK4nam5>?Z^NXv|P&9yX#1-(|kbe7xc74-=^gB?J=r;$PzV%BIuFa*# zef7p`-u)$AEyS}G>IPDIX9@*x`k=bGjond;EJUSd@00L^QQzJdUKTSSSRiedfScMp z#nI`%DPaGqocs+ffU>+@D*o`zkZFic@OtH4#|sLxM$QRubeegvH@DhKj15s`1j~Eu z{8_y|+~XzAk3rjNeqY~u?$6ve5q>VDyG+csK|6V1Ju*d(QhfacOGQ06^H0wvx)+xX zgbz1azwCsjd2VwIz;q!%;K-)99*lsyC0i(3h!8^9PQPi_TY~mPD#wZb*@>Ws~4_sGCTp+ z2}KG}g)$pRifojqLp-m;#fi@L;D>UIoPx?(sRr}8IcLr~Up(oiS9QzrSq<`=7}+2M}-C5P8t$4=^ybAOM)!;$PKIJnMbI# zq0n($!hR>a!oXEljX;WXRR}a_(KxWAETc%kQ;GF17bZAGspc-bE0YW}C?JtP428dh zx?>R8U@2Qr0|HP_9Dwwxa<+#hsVcyFQ50udWi0$w(6ju}?sK(kSrXObD!Ex0Pm#r1 zkuAs*xS@gUz~vw{?^C{m(nts6Li&B+H_xguoTzvQF0Kai^~!!E#I(9Aw9Davj^-!O z5Z7~}7}O?Y1L*fWSU?Ekv?J&=R=LGn7dy zsbPy@!iM<*$lPwlW=m)&CHf5$=S%ZKC<|#*C)xxNA30*hy-gw+^*B`%Xl+cJNZ6k2 z`{|ifmPq_u-BF^F_ZG^@gYFX_y z_L{_@iB{dmt5 zfZFu8_U2_ThljJ?1By{9%<^|o0L!eJ2)8IjuJ8@3Srqx@I(JyCmakgXbF)FD$P!+$ z->zT=MV2-1SoZPv-Ak5T(Xui_00*@Xf7%VDu<~of-EUf=FEH`JzFD=J30h?soAROU z2G@8aJ!10U>6?U1V#P8GQJ@?Vh5^Qg?uD}fxk$8?tZ^aYxsCbxLhxuU1-sx&C`&ar zmtZ@oV-HX!ovTZ#W@pSZjJQrUm&z=u(22=|A}X%Q1LzL6NZ1EYQEpsc2+d15 z3Q6N&ncQ+=7-+?C$s#!Q{u?u?NN&mwU`;T_n-a=X;>i6}s(h zD$GFJe5;&sLnP>B5wS!NX?Xm{W>_USY zDKr{4Jq~d{_s@6r-L@g7u7ETx;V={5Mltt#hVQT-(EZQ>PVnV;AlTT%NV+ZTl8+3*u#MKbAD$tHqwFwJr z-Om~Lgn^+SJ8NRk-mGBm&90Kk(~lyncm$bEdrXE*P8zsMW}6=MR$T25Vq?o#)X|2| zM2V@=>4Vv5pG`=TzTg5hHT9DLCh8@KN6P;Gv2W10D55Khy#8+TrpYAMym(nj&~*nZ z5{sD|YCcseoxR0%SeiEIgBys@WlhkI^;;FHSDgd-&c}1}5Q}3QPK5uVtKLsD5uXsd zn5d(rfn?Bse#7DnO5AxZ5XB=B*-P!2ldZBqSuXkzzizs$GrUBrjky_tEII^xrf<#) zG@?bGt!ydFG1`laV_VT5%YM>31~x*Pg6=~&te3>GDSKe``_x5;UiCyy*z0LmI`%K2 z1gUg_bfil{^T=}19Q#1W*S+xUXbe~_R~xN}A51UA_VW_>RFCn$%+K8c(dk@zJ6AkC zMIF8v(p2}&?@~Glq~2Y#V}-r{PL)5zWYEs``Ugb$eNiR!hDH~9Jjixy5 zR7_4$YHTHW!?F1+K+0WAC@7XNi_LcxctuRkKhMsv6X8H_$CJBJP>dE68he?e4rx}% z(mL~wb-HnQ;g0tYB%VQ4dvEJ(8xCRDKGd}f`vwnZD`bRo+w~+291M4i9Rul=Vm6s) zk+KFcWR5&*QIo`X+G^YVS`t7K!!AJ;U4a7m-cJ>j>or;~Ucg+6T`C(lcEXvZR#}PJ zg!Yy=qgevaLa|wXtm!>FBlF%0TxGQDY*^abIX*I@0vQ?CzJ`#Q8J<%{9~gbBTJ>qo zMwoTQ$CBGg{;2o?u88haij{Db@|P%@EV`1Px@}< zL^3?{cO`xVCpeS4=7?HJF0vvGMG~~MHL>Hp+qZC^4O0^A&4tJf5&M+UPMXy`fWSUZ zx3?^|@*l=cZa>oM=ZdA4YnFx>{*Uujv$-&9L-s{2E; zREah2svy3!;0v;cmalP5S#c%1TGe9D|L)wVskNmkG<0`HoT<-+={OSx)rN#92VA@y z#<$=v!xjFq+w)WN;YqcV_iZaY&2IC4Hou%5%Pu?m5bvlZ`N*QLb8owe`tRhPkT}OC zYl%C1ZE&T!p;QkJ^7!9{_bN_rcKV9Q$=!QSArHWpmz^38+Ci-QXOAmQpeK((GA;y`yy~ z6gd(iSw?IVr*9T0l~e7vJ5`JaF>JA|Qj;>APT7;_m-wwc3i>qeRg4y!Xti*o1kR{R zmW2{QOn>cWX=|@CA9i$)iylyddB;?|RN2;vL+7jH@KXZ(!=0wLk?xG#$wJ?8@lEa1 zCo0Ycbc%9ef{^KJrtbA-GXlEZLr?2&f2NAxdGT^~Wpnu^&yl+XJxm%aNr662nHv^Y zPG|q^6^NRGoBXwOFnfl8;kP!9&>}>=%IuPi9Pj0)9%Jz)Y?m5wU4-L-V%jrt0i=p9 zpQ6W^only|dZvumSu38XzA3+BDU+5G!z7H~QL*jp$nis|ji8!PYXsO*b8se8@r|T7 zLGPZc>izHGk2AszSURoVR}`B@RHXrD3jAF(lH!58H(eB*-t{_h94*GWh}M^9eXsuU zq8emK=*>C!1`$E@?3fN8R$Iz;dvz6WNN$P-A%OV}C>h`88_5aHeu=$=p11_ns66NZ z*~Y5}lxo|^Up!eU_uRGoRL@4Gz3zXL=n z?X5f(sB$(u9lk2sdc{kT?ximCa6%kcc8A{$-#!YAW&++7b%tJk2jau%<|{5QHJ8|O zCyY2yGEMhiqo}-;*dAWtVWr}kwiE(35O`ErGA ztwU~%grO(EC*WMK$3Qp6U-X^N=p<#6JoIFKx*ovXrxs=RH!y`Skd%-7YN0KtP#8Yd zOJ(xRwkys-#)wVW(}X7)Jv?epM6X<0Zs3nNp_vR9ydKs9HqL3a!WaguUXQ9A)}}5M z-`RPrLNacUrjdhyGgph<3a2GiySwNGopr71v3|a0Tb9CZBl?~6KXbP)Qia66E2=`; z-t@4kStfFYOtqBZ09wb%2Br~HFfWsspe9E;1M%SLE5V})eWpE95lA!-Tnj-qJkj_S zQA--fE2h!c-5<*qs=H!^kgyT?%Nuk^Ft`zgV|=$hENwbnE@^)9PW9NQ>8z|3p?EY% z^F+fZihcm9QO1liy$uA;hRWv6(giwx9hka>1wE4Xo#~^E_c1^agJF_DiMH$YpSYL{ zbFXYMkdt|H%qMP0=hHDAJnyiC+vPqqOZBt7TyER%O)56nqHdjKVDj+ji_|2G?%cy& z==hZrP)^ICnjHX3g6WCzt&U_19z7=&oyFIL>9s=;SXQ*Uu;gNW6;gu^o*fTr{pYBw zKoTy-ixqz*Mg1QtA>VrBbaNfC7f(lC)?s zFPv|gfxmoYxd0z5Rl}gGq)s4Vc^{F}CSHu{ppx@IcN+%fJLDZ)6ZF19^`GVxT zhf+;0a9?LziB$PIH`rXLXOKkP7!P<$X;1yDwCN?M*9R8*5xGWr9dShez^==bLHOG5 ziFlgBr(u^4OitZ6@HMqH9-=(L*!mJyx9F^=GFoL;*lM0nHQNm>Vd|dfTDeJe6rmq* zk)SI9||E}@LQ=@gT$aU8S7-}iqRSW@it{l{ckqgJm;kl+O>X4~P z(~_tnDEIPN7BH+3{?AFK6|=8y%rleeLCxm#`YL~tpMC34QI6Nq!&T#!KoWE@d3i0= zS23BZ#(FTl-MQUGvfWm7uuyp3T)f~3eW0ypewAM zw1IPn&XYhm+`D#N580=?cX?(~=@8#XVwGbp-qly7p+B7ivuDQvUE^!eU0%;@kdS;I zO1ukoQII;Z4~`G1h4R@nozH@Ze2p@P%URsTP1BDi`FR3p8mGvDN*#)1gQ9hJgG_vu5ktmwSua$2 zZXbivX3?C{xe$cu=_5A;IIa^x`b)jIX`c7Bg|Rv@dB!@w5NLKJ6`FY39ExsXj(XfR zjD44`JCzzXO$NFv-W$0*#0=h5U>8k|p|7?TX4sy)Buh4@>T|=^Uk|ni3>c;;QnH#1 zUba0%l$r4-bK-)p--gX3iF8*SF}%r24$Hj(D%?Zor&CLH^iGe>Ix!V^rvvonyB*}&ZHpSE1qxd11JTW81P<1dBgb#>uT z?Z|3Qy?32x@8RnwFp-SHF)(|1J^nE^LsQsXAker78+a@nqY!)YC@QV^lM8Uen@8m^ zr6z5v%)xhCZ>l@-g4Dlw{hi&J<|zF7LnYK5gv1gl1@}P-e=)TPwb>^$k6C_Ova=Jt z;6-md>`};c-`0eIp|`q_X(qH|`M__IU=8iSMy+Y|8&O!gZUQ5^KVTtJb^LYESJUfg zVkzTu#_OG*UdbcM*7`QloP0xZr@ypKev}a|-13xu{^dsX40=WkYh72NYtF zXwjpfYVXAdxQMV{P^d>l%I@k2{S%=G-MI_E)As64C!YIQ4Oe&m8rL_8BMiZdi0xBx z2aRawD?1aC=Q}?Tvi~*Z=DZKK$5)We)CJBSCB#<=FfKJ4z#oV6w3ZuI4;R-l7X}3R zlm&(+4#?9K5s|m7)`3%Mu1CN^+Aws2IMbjGytahXN2-HD(HHXbNA%BuUCR~lBle`m zAc(0zCcyTr0IYzQQTH@70n{W3R6>_Q6o3;of{MeU#19DXeU@ibK13!61i{vXggK19 zq1e;!BH^wBgR4Wa?jy#p)CVC2nF2&@A;eNpS4mVMUnnnxv|y1Z=})R-DK^lYPtOVL z_Wy+^P$)+#{xs@bPFH z7*fHTa6QxKac_2v*X7!S-kn&x1T@D@`MK5~9pv6V8#QUoelP60#G_=8WXrF^=ecfHw z%BmMv=Co|MQL|S0OlcqXZ*I&j$i$mX>2F-XTv@Q+kYH~iohULx_S(`ZLFt|qC5FOh zyX`8fIqDN62X2g9#KGC;>P7FI7PZ)m#;%it2WKd2!JJoTdhB^gMeNn5e~jGkin$Tv zhP0%)!~eQa^}q@V&}H$(cy3p$1#Yjgts>c;dn5Ooddfy0HC~ef_x6X6|4Lk*OZQ!v z4lV-j!Z<-`iqQ@4Ov*IGvQs9z6CHiqe}{wneO8mj`f9HT_F!f$^Nf!~PeauHts~oA zY8*H8RGb~daGH($aAsf2_C~`i9~?aH8}_{j=tpMSCrPWiv!!|8uk9Ttcmk3&FVn`e zweCWX=5QI;Ulc8n!ge97D&4u)FD(fsoG=Mk8s49f$eEq z5z#A?*w{rG~>?kpA~~l zYl@|sytkL@(ZQZ=|MF)4UP$arq_~R2sFZu)$DJ6(v+#TlcXb4WXp;MaO!s&2UnhVR z$ONsQ&%=wycIGmK>TUe3C){0OUXf^o%!c|p<5Fo;24XIYbJs4U7>b)ShbNX{TSzh` zJtl_%Km>he@{GpvjQ;R7qqK$7?gC}kGJp(xXKf;V^9@{R&0p@g811|`bj86B3(wr> ztVLW1MI7KshHq69>=K2Tf0lvX%v(tqB_5x>)6)aFmEcd#hQZr zQvD4k1Njx*85x*zu$YOD0J zUl)_9{^@0ebL0Qaa&lgE?PbNK)RJOkPS9X8^mfM0h`crAu=u(3d1kcy>K^J(47BP= z>9nn~ENYX9sH%CN)G4zWNP)Kc%6eJtsX0{HLRK#2K~rAhMk{^p!G+Pk=n9)RIuH7OgcNy4NDZONv0_+`O@RcY+|5M#gOExub4k{ z$i!btrPw(mnlv?@f1Nt0a^>4T4Px*CT;f@XVzaT!fSFa&_!#(3w7h{QRm`|Km6841 zs&OeEYnsK#8QG;}vd@eq$ zeF1_Hsfe>X#t2GQUXPV^bTCCX^krJJ9GOTLmz7DuxB}J`%1H?YL$+Z_$WGS5LqS{6 zr>#{{HKuF^3#dKCLWf=6DHCCW}Q9|jX+GRK|Oj$9MKyA42v+X6FFSYunPMA-dVG| zxQ*Yap8>}>0688rI`Nkp09nO-_HK+y!;`ta^Pl<$7jpYqx8*-h= z?niYiuT`6>OF6qMLZ|64`cx9`_;i){m!x4sr3L#phGsvM|Z4y&-R7ETq zAm*b{#WHcVgyhm^Y{d%3@goVPdBP(uDbBh&J5X6z?>;v$)9lodu=$EBN#CKZCx5CZ zBGNfm)s#~Z-Q825lw=>YJHT`sO62NyIQxSc--eV%!F2GX7x}<00o0LBo#NxfF@iZ)X3MHgo^v}dQLirGZf*qwq;1+sdW^% z{O)lQ#}uHL8P9`KLN3e8RL|9>oU$n%4JvLsiOkXJLLc?1zamnV^-=Jv9FYcG5D`BG zkHjFUoSZx5G+~XE(0@Uj3do>lcv9x&%6F$^ILQjINz1sHW=%-PBU>(QBoh(w2xFQ& z;$O%!MKd>Nldiju8Ec1Y9VOGf8qNs7=Bb^5m$*gGDW~cUCDLMiPYdZw+*v`irwJ6; zydS!zI8rf?rl_`q;>_GZTc=qwjA24QA}`K zp9;-HJR}sB9f_ghF11q$0Cw*viTHsW88IutVy z3#6417bt0!lw?f^ut{){Z|uCVVkXw80q5yQqoG!77{LLKOJgPaou5c)VXAI zi{U%$&X}U3y(J!sNG{{s?Nh*b6h_F(R2_43$-|`{ z(cJx#t~L};a6b%o$r_(Z`yJI^jDvQJ%`DO)cFfHus@zLX$g$5y{d&k){yj_$WHK>t zePZp9`ic8L&C+4TAhjj;T{f#kuBi(}Xe=}5wl1^J?(vp#gE_Fz^Tt>P*DTvGYk|)NY29Cb# zOWrp7#&bEU@uqk=>fuh5J`{Ts?M@KA>%tz@bH|r9q~so-?yGT&K0F#TB%3{G=lryB z*N!@p_m0JP#TjwLCpys39h>mr$jTn~I#QZBs``Po4+qwLx6^S(cRO`gtTj4cHi5o4cU#vb8glt-dDYwuhDcI!Go*!S8eRJ>P zIP~u_Fb7S> z{4AbUZ0+o2OhfoBG}+hd>Fiw z_c1<(6I#A5ZqKgK&)osNcCGeu8`wl7o^V+iXUK#n&4;nf_h5&$)x%~-o7-)QVA}&1;iS{M;CFo#t>1*(UwXVFJt-|bnGu>u zvy=whT*albA024XhHqa+Ol^7U0zaYgpN@hBzD$SmdwH5#q5cSA>%f&`a|WTK4>yI` zvGzR1^wrW)qMQ}x2Wi{miRR^&Xed`%)#VEK! zgVpkVo*7h75i6FxA29dWF#k;aT-|`ZQI>(-agE+@r=RICGivWq2UgNew+81^DJ`g5 z&S19^8t-P>f4rHrI48x+EGsFqj;P*3=3Zo@|32Au(A!s1t5C#2TD@E(?%*Fij%2sjq589%9d?0O#TFZH*_n{lqX+&_Y~H#d7Z z8+H4JCFpz-a09jaL9TAlYOY~8#-f6=d;|(SXk*d90i8H1%o?rP(FPfyjTuCNGiE>w zUHWg2R&;&VzP|Q2pmvgr*~esB1stykF2dqEKlSU3tsdIAJgUsN=-k|5@Mjg=WUo_B zw|M1uj*UwB>-Jn6II~nQfz&R5;XcrF`Owze8fztHe+mQm9MDH9JjJ4a(Datg@*dnXG!TVVrd6MS-EPDXkL4tfT9rr(x@k&T9)m5iRA z?024wo$>!~in61Dy}gMsKAot6wUY@XoxHM$I<4scY2?a-nohDX1`^ybh`<0Mhd)G= z(~y%>FaiOF2%?gpA`(adIg&uaeV<`Kt_g<+qH-*PT!M&*0xBSvBc~8i5o16|!_j{&~5`vxYTt+V9a_i|B@o-zNvMavC6zPEepEPL!yu zD@sD>Lw-JS9oY}U>ge~x=DAhH;X>DFST7}R+iojV zVoILPF-M&3o7kacccPMeWd)`dchC^qZ}8`s1BxlE?|qEi3R zc5O&?DHlxD%s^4HHF7)~AU!?z*j`xu5>(O7IVod&9I8}0vCpP*svT$6FViKnTdnHc zE}h>p_pq0jTFaCNpYxyYwS^VN$VY#OzgWWR^`G+u4z=7bbSRr=)jzqSyU4Nrx)NL; zuKhx3(6f7kky?WpcVG2wQY&UN?^i-njBRU(Assb(yufSUW`%d*CL~livsCsN)4YJ(R(R&U2=ZiZUJHnRmy6{ za!pzuePPdxE_MYxm4D-F)D5Dl%wZbLzkK)*h-wOWmCdlx+(=H!gw(S=M(GOY zJl3njRTQdSl1$bmS%P;{3-bfRY->Maq=JFO&58b5_M`7~y6tfOfGnZA}8ohi5485uDPN9 zNfJA;Bc{DJD4pc=Yids4wKUd9@vWs6A!o<{`^?HXpp$OBQxkVmZJ!bG@lfg*>2qgq zidMX~pp<+6!pRs6zg94{i8+1R5OFJD_M>t~Ih7ARP-I;JVKoLYHCa~Lx2r2@+0Lcg z!8RP0bb9`gx!6fHyk)v~q?{mVm+DLHy?2*73DqHOT|4)`)26xbOk8-nv6C3kkn@Fr zwBDYSTVwZ9n~hN})_ia3ov+W1O%QmVt8T_F>7U2$xx6#x={YV#mb{l#28{@q8-%B|Yqfq?{z*eT@IEJM zX3|u#?Py|BtR-Gf&;F)Ofj|b{uv|et=WmT|EXj5`8&&bZ^7ehwYufPAug#}t(Z|+M z*IkCQX$6yY&SsVK>?O0Prg(lcV$ACeez@pO@|UlEQTb)W@$WqMtLD5+(HfDH46*N0 zJ0B9%|5szc{G~DcfoRUhDV|W6EtO0O1HNe3w4KPSE z;QyNlwwppLiFr@#bIb%JYMpa7x?cIfWW#}0XsFZ*n( zdgbuX@n!nM5&cVq7iqrMFMSfO$d&JJz#h%6!rk4YXz9Noii0_R^A>vs@ba3A!Bk}F zYn!Xtb?TB<+8GrkDtGSXs?27X{B&|mG%MI{&WA3=jN8%3JaX!Q0$*h9aN`+T66BDZ zh-t9W%M&Y!Y2}A1rls{iU@i?Zx0{N?+BA2Ga@|1q_c#e&zEOzegWK^85xqPVo3GK{YCDy{62K9KGf}IX#3|nXO%f*Uu4kXeqEcSy8Gg zpHdUCdXxJPB~?r&dEQj8nfveyJ+k5nS0XKv=-3+9@(q#&QuY{bLWiw3L@hoqh`h^C hEwLT^?}N!;k^-5b!fOWIAe*u0V5q|&x literal 0 HcmV?d00001 diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/spec/fee_distribution/f1_fee_distr.tex b/copy-of-sdk-versioned_docs/version-0.50/build/spec/fee_distribution/f1_fee_distr.tex new file mode 100644 index 00000000..b6bb6b32 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/spec/fee_distribution/f1_fee_distr.tex @@ -0,0 +1,245 @@ +\documentclass[]{article} +\usepackage{hyperref} + +%opening +\title{F1 Fee Distribution Draft-02} +\author{Dev Ojha} + +\begin{document} + +\maketitle + +\begin{abstract} + In a proof of stake blockchain, validators need to split the rewards gained from transaction fees each block. Furthermore, these fees must be fairly distributed to each of a validator's constituent delegators. They accrue this reward throughout the entire time they are delegated, and they have a special operation to withdraw accrued rewards. + + The F1 fee distribution scheme works for any algorithm to split funds between validators each block, with minimal iteration, and the only approximations being due to finite decimal precision. Per block there is a single iteration over the validator set, to enable reward algorithms that differ by validator. No iteration is required to delegate, or withdraw. The state usage is one state update per validator per block, and one state entry per active delegation. It can optionally handle arbitrary inflation schemes, and auto-bonding of rewards. +\end{abstract} + +\section{F1 Fee Distribution} + +\subsection{Context} +In a proof of stake blockchain, each validator has an associated stake. +Transaction fees get rewarded to validators based on the incentive scheme of the underlying proof of stake model. +The fee distribution problem occurs in proof of stake blockchains supporting delegation, as there is a need to distribute a validator's fee rewards to its delegators. +The trivial solution of just giving the rewards to each delegator every block is too expensive to perform on-chain. +So instead fee distribution algorithms have delegators perform a withdraw action, which when performed yields the same total amount of fees as if they had received them at every block. + +This details F1, an approximation-free, slash-tolerant fee distribution algorithm which allows validator commission-rates, inflation rates, and fee proportions, which can all efficiently change per validator, every block. +The algorithm requires iterating over the bonded validators every block, and withdraws require no iteration. +This is cheap, due to staking logic already requiring iteration over all validators, which causes the expensive state-reads to be cached. + +The key point of how F1 works is that it tracks how much rewards a delegator with 1 stake for a given validator would be entitled to if it had bonded at block 0 until the latest block. +When a delegator bonds at block $b$, the amount of rewards a delegator with 1 stake would have if bonded at block 0 until block $b$ is also persisted to state. +When the delegator withdraws, they receive the difference of these two values. +Since rewards are distributed according to stake-weighting, this amount of rewards can be scaled by the amount of stake a delegator had. +Section 1.2 describes this in more detail, with an argument for it being approximation free. +Section 2 details how to adapt this algorithm to handle commission rates, slashing, and inflation. + +\subsection{Base algorithm} +In this section, we show that the F1 base algorithm gives each delegator rewards identical to that which they'd receive in the naive and correct fee distribution algorithm that iterated over all delegators every block. + +Even distribution of a validators rewards amongst its validators weighted by stake means the following: +Suppose a delegator delegates $x$ stake to a validator $v$ at block $h$. +Let the amount of stake the validator has at block $i$ be $s_i$ and the amount of fees they receive at this height be $f_i$. +Then if a delegator contributing $x$ stake decides to withdraw at block $n$, the rewards they receive are +$$\sum_{i = h}^{n} \frac{x}{s_i}f_i = x \sum_{i = h}^{n} \frac{f_i}{s_i}$$ + +Note that $s_i$ does not change every block, +it only changes if the validator gets slashed, +or if any delegator alters the amount they have delegated. +We'll relegate handling of slashes to \autoref{ssec:slashing}, +and only consider the case with no slashing here. +We can change the iteration from being over every block, to instead being over the set of blocks between two changes in validator $v$'s total stake. +Let each of these set of blocks be called a period. +A new period begins every time that validator's total stake changes. +Let the total amount of stake for the validator in period $p$ be $n_p$. +Let $T_p$ be the total fees that validator $v$ accrued in period $p$. +Let $h$ be the start of period $p_{init}$, and height $n$ be the end of $p_{final}$. +It follows that +$$x \sum_{i = h}^{n} \frac{f_i}{s_i} = x \sum_{p = p_{init}}^{p_{final}} \frac{T_p}{n_p}$$ + +Let $p_0$ represent the period which begins when the validator first bonds. +The central idea to the F1 model is that at the end of the $k$th period, +the following is stored at a state location indexable by $k$: $\sum_{i=0}^{k}\frac{T_i}{n_i}$. +Let the index of the current period be $f$. +When a delegator wants to delegate or withdraw their reward, they first create a new entry in state to end the current period. +Then this entry is created using the previous entry as follows: +$$Entry_f = \sum_{i=0}^{f}\frac{T_i}{n_i} = \sum_{i=0}^{f-1}\frac{T_i}{n_i} + \frac{T_f}{n_f} = Entry_{f-1} + \frac{T_f}{n_f}$$ +Where $T_f$ is the fees the validator has accrued in period $f$, and $n_f$ is the validators total amount of stake in period $f$. + +The withdrawer's delegation object has the index $k$ for the period which they ended by bonding. (They start receiving rewards for period $k + 1$) +The reward they should receive when withdrawing is: + +$$x \sum_{i = k + 1}^{f} \frac{T_i}{n_i} = x\left(\left(\sum_{i=0}^{f}\frac{T_i}{n_i}\right) - \left(\sum_{i=0}^{k}\frac{T_i}{n_i}\right)\right) = x\left(Entry_f - Entry_k\right)$$ + +It is clear from the equations that this payout mechanism maintains correctness, and requires no iterations. It just needed the two state reads for these entries. + +$T_f$ is a separate variable in state for the amount of fees this validator has accrued since the last update to its power. +This variable is incremented at every block by however much fees this validator received that block. +On the update to the validators power, this variable is used to create the entry in state at $f$, and is then reset to 0. + +This fee distribution proposal is agnostic to how all of the blocks fees are divied up between validators. +This creates many nice properties, for example it is possible to only rewarding validators who signed that block. + +\section{Additional add-ons} +\subsection{Commission Rates} +Commission rates are the idea that a validator can take a fixed $x\%$ cut of all of their received fees, before redistributing evenly to the constituent delegators. +This can easily be done as follows: + +In block $h$ a validator receives $f_h$ fees. +Instead of incrementing that validators ``total accrued fees this period variable" by $f_h$, it is instead incremented by $(1 - commission\_rate) * f_p$. +Then $commission\_rate * f_p$ is deposited directly to the validator's account. +This allows for efficient updates to a validator's commission rate every block if desired. +More generally, each validator could have a function which takes their fees as input, and outputs a set of outputs to pay these fees too. (i.e. x\% going to themselves, y\% to delegators, z\% burnt) + +\subsection{Slashing} +\label{ssec:slashing} +Slashing is distinct from withdrawals, since it lowers the stake of all of the delegator's by a fixed percentage. +Since no one is charged gas for slashes, a slash cannot iterate over all delegators. +Thus we can no longer just multiply by $x$ over the difference in stake. +This section describes a simple solution that should suffice for most chains needs. An asymptotically optimal solution is provided in section 2.4. +TODO: Consider removing this section in favor of just using the current section 2.4? + +The solution here is to instead store each period created by a slash in the validators state. +Then when withdrawing, you must iterate over all slashes between when you started and ended. +Suppose you delegated at period $0$, a y\% slash occured at period $2$, and your withdrawal creates period $4$. +Then you receive funds from periods $0$ to $2$ as normal. +The equations for funds you receive for periods $2$ to $4$ now uses $(1 - y)x$ for your stake instead of just $x$ stake. +When there are multiple slashes, you just account for the accumulated slash factor. + +In practice this will not really be an efficiency hit, as the number of slashes is expected to be 0 or 1 for most validators. +Validators that get slashed more will naturally lose their delegators. +A malicious validator that gets itself slashed many times would increase the gas to withdraw linearly, but the economic loss of funds due to the slashes is expected to far out-weigh the extra overhead the honest withdrawer must pay for due to the gas. +(TODO: frame that above sentence in terms of griefing factors, as thats more correct) + +\subsection{Inflation} +Inflation is the idea that we want every staked coin to create more staking tokens as time progresses. +The purpose being to drive down the relative worth of unstaked tokens. +Each block, every staked token should produce $x$ staking tokens as inflation, where $x$ is calculated from a function $inflation$ which takes state and the block information as input. +Let $x_i$ represent the evaluation of $inflation$ in the $i$th block. +The goal of this section is to auto-bond inflation in the fee distribution model without iteration. +This is done by preserving the invariant that every state entry contains the rewards one would have if they had bonded one stake at genesis until that corresponding block. + +In state a variable should be kept for the number of tokens one would have now due to inflation, +given that they bonded one token at genesis. +This is $\prod_{0}^{now} (1 + x_i)$. +Each period now stores this total inflation product along with what it already stores per-period. + +Let $R_i$ be the fee rewards in block $i$, and $n_i$ be the total amount bonded to that validator in that block. +The correct amount of rewards which 1 token at genesis should have now is: +$$Reward(now) = \sum_{i = 0}^{now}\left(\prod_{j = 0}^{i} 1 + x_j \right) * \frac{R_i}{n_i}$$ +The term in the sum is the amount of stake one stake becomes due to inflation, multiplied by the amount of fees per stake. + +Now we cast this into the period frame of view. +Recall that we build the rewards by creating a state entry for the rewards of the previous period, and keeping track of the rewards within this period. +Thus we first define the correct amount of rewards for each successive period, proving correctness of this via induction. +We then show that the state entry that gets efficiently built up block by block is equal to this value for the latest period. + +Let $start, end$ denote the start/end of a period. + +Suppose that $\forall f > 0$, $Reward(end(f))$ is correctly constructed as +$$Reward(end(f)) = Reward(end(f-1)) + \sum_{i = start(f)}^{end(f)}\left(\prod_{j = 0}^{i} 1 + x_j \right) \frac{R_i}{n_i}$$ +and that for $f = 0$, $Reward(end(0)) = 0$. +(With period 1 being defined as the period that has the first bond into it) +It must be shown that assuming the supposition $\forall f \leq f_0$, $$Reward(end(f_0 + 1)) = Reward(end(f_0)) + \sum_{i = start(f_0 + 1)}^{end(f_0 + 1)}\left(\prod_{j = 0}^{i} 1 + x_j \right) \frac{R_i}{n_i}$$ +Using the definition of $Reward$, it follows that: +$$\sum_{i = 0}^{end(f_0 + 1)}\left(\prod_{j = 0}^{i} 1 + x_j \right) * \frac{R_i}{n_i} = \sum_{i = 0}^{end(f_0)}\left(\prod_{j = 0}^{i} 1 + x_j \right) * \frac{R_i}{n_i} + \sum_{i = start(f_0 + 1)}^{end(f_0 + 1)}\left(\prod_{j = 0}^{i} 1 + x_j \right) \frac{R_i}{n_i}$$ + +Since the first summation on the right hand side is $Reward(end(f_0))$, the supposition is proven true. +Consequently, the reward for just period $f$ adjusted for the amount of inflation 1 token at genesis would produce, is: +$$\sum_{i = start(f)}^{end(f)}\left(\prod_{j = 0}^{i} 1 + x_j \right) \frac{R_i}{n_i}$$ + +TODO: make this proof + pre-amble less verbose, and just wrap up into a lemma. +Maybe just leave this proof or the last part to the reader, since it easily follows from summation bounds. + +Now note that +$$\sum_{i = start(f)}^{end(f)}\left(\prod_{j = 0}^{i} 1 + x_j \right) \frac{R_i}{n_i} = \left(\prod_{j = 0}^{end(f - 1)} 1 + x_j \right)\sum_{i = start(f)}^{end(f)}\left(\prod_{j = start(f)}^{i} 1 + x_j \right) \frac{R_i}{n_i}$$ +By definition of period, and inflation being applied every block, \\ +$n_i = n_{start(f)}\left(\prod_{j = start(f)}^{i} 1 + x_j \right)$. This cancels out the product in the summation, therefore +$$\sum_{i = start(f)}^{end(f)}\left(\prod_{j = 0}^{i} 1 + x_j \right) \frac{R_i}{n_i} = \left(\prod_{j = 0}^{end(f - 1)} 1 + x_j \right)\frac{\sum_{i = start(f)}^{end(f)}R_i}{n_{start(f)}}$$ + +Thus every block, each validator just has to add the total amount of fees (The $R_i$ term) that goes to delegates to some per-period term. +When creating a new period, $n_{start(f)}$ can be cached in state, and the product is already stored in the previous periods state entry. +You then get the next period's $n_{start(f)}$ from the consensus' power entry for this validator. +This is thus extremely efficient per block. + +When withdrawing, you take the difference as before, +which yields the amount of rewards you would have obtained with $(\prod_0^{begin\ bonding\ period}1 + x)$ stake from the block you began bonding at until now. +$(\prod_0^{begin\ bonding\ period}1 + x)$ is known, since its included in the state entry for when you bonded. +You then divide the entitled fees by $(\prod_0^{begin\ bonding\ period}1 + x)$ to normalize it to being the amount of rewards you're entitled to from 1 stake at that block to now. +Then as before, you multiply by the amount of stake you had initially bonded. +\\TODO: (Does the difference equating to that make sense, or should it be shown explicitly) +\\TODO: Does this need to explain how the originally bonded tokens are refunded, or is that clear? + +The inflation function could vary per block, +and per validator if ever a need rose. +If the inflation rate is the same for everyone then there can be a single global store for the entries corresponding to the product of inflations. +Inflation creation can trivially be epoched as long as inflation isn't required within the epoch, through changes to the $inflation$ function. + +\subsection{Withdrawing with no iteration over slashes} +Notice that a slash is the same as a negative inflation rate for a validator in one block. +For example a $20\%$ slash is equivalent to a $-20\%$ inflation for a validator in a block. +Given correctness of auto-bonding inflation with different inflation rates per-validator, +it follows that handling slashes can be correctly done by simply subtracting the validators inflation factor in that block to be the negative of the slash factor. +This significantly simplifies the withdrawal procedure. + +\subsection{Auto bonding fees} +TODO: Fill this out. +Core idea: you use the same mechanism as previously, but you just don't take that optimization with $n_{i}$ and the $n_{start}$ relation. +Fairly simple to do. + +\subsection{Delegation updates} +Updating your delegation amount is equivalent to withdrawing earned rewards and a fully independent new delegation occurring in the same block. +The same applies for redelegation. +From the view of fee distribution, partial redelegation is the same as a delegation update + a new delegation. + +\subsection{Jailing / being kicked out of the validator set} +This basically requires no change. +In each block you only iterate over the currently bonded validators. +So you simply don't update the "total accrued fees this period" variable for jailed / non-bonded validators. +Withdrawing requires \textit{no} special casing here! + +\section{State Requirements} +State entries can be pruned quite effectively. +Suppose for the sake of exposition that there is at most one delegation / withdrawal to a particular validator in any given block. +Then each delegation is responsible for one addition to state. +Only the next period, and this delegator's withdrawal could depend on this entry. Thus once this delegator withdraws, this state entry can be pruned. +For the entry created by the delegator's withdrawal, that is only required by the creation of the next period. +Thus once the next period is created, that withdrawal's period can be deleted. + +This can be easily adapted to the case where there are multiple delegations / withdrawals per block, by maintaining a reference count in each period starting state entry. + +The slash entries for a validator can only be pruned when all of that validator's delegators have their bonding period starting after the slash. +This seems ineffective to keep track of, thus it is not worth it. +Each slash should instead remain in state until the validator unbonds and all delegators have their fees withdrawn. + +\section{Implementers Considerations} +TODO: Convert this section into a proper conclusion + +This is an extremely simple scheme with many nice benefits. +\begin{itemize} + \item The overhead per block is a simple iteration over the bonded validator set, which occurs anyway. (Thus it can be implemented ``for-free" with an optimized code-base) + \item Withdrawing earned fees only requires iterating over slashes since when you bonded. (Which is a negligible iteration) + \item There are no approximations in any of the calculations. (modulo minor errata resulting from fixed precision decimals used in divisions) + \item Supports arbitrary inflation models. (Thus could even vary upon block signers) + \item Supports arbitrary fee distribution amongst the validator set. (Thus can account for things like only online validators get fees, which has important incentivization impacts) + \item The above two can change on a live chain with no issues. + \item Validator commission rates can be changed every block + \item The simplicity of this scheme lends itself well to implementation +\end{itemize} + +Thus this scheme has efficiency improvements, simplicity improvements, and expressiveness improvements over the currently proposed schemes. With a correct fee distribution amongst the validator set, this solves the existing problem where one could withhold their signature for risk-free gain. + +\section{TO DOs} + +\begin{itemize} + \item A global fee pool can be described. + \item Mention storage optimization for how to prune slashing entries in the uniform inflation and iteration over slashing case + \item Add equation numbers + \item perhaps re-organize so that the no iteration + \item Section on decimal precision considerations (would unums help?), and mitigating errors in calculation with floats and decimals. -- This probably belongs in a corrollary markdown file in the implementation + \item Consider indicating that the withdraw action need not be a tx type and could instead happen 'transparently' when more coins are needed, if a chain desired this for UX / p2p efficiency. +\end{itemize} + + +\end{document} diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/spec/store/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/spec/store/README.md new file mode 100644 index 00000000..c53d69c6 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/spec/store/README.md @@ -0,0 +1,235 @@ +# Store + +The store package defines the interfaces, types and abstractions for Cosmos SDK +modules to read and write to Merkleized state within a Cosmos SDK application. +The store package provides many primitives for developers to use in order to +work with both state storage and state commitment. Below we describe the various +abstractions. + +## Types + +### `Store` + +The bulk of the store interfaces are defined [here](https://github.com/cosmos/cosmos-sdk/blob/main/store/types/store.go), +where the base primitive interface, for which other interfaces build off of, is +the `Store` type. The `Store` interface defines the ability to tell the type of +the implementing store and the ability to cache wrap via the `CacheWrapper` interface. + +### `CacheWrapper` & `CacheWrap` + +One of the most important features a store has the ability to perform is the +ability to cache wrap. Cache wrapping is essentially the underlying store wrapping +itself within another store type that performs caching for both reads and writes +with the ability to flush writes via `Write()`. + +### `KVStore` & `CacheKVStore` + +One of the most important interfaces that both developers and modules interface +with, which also provides the basis of most state storage and commitment operations, +is the `KVStore`. The `KVStore` interface provides basic CRUD abilities and +prefix-based iteration, including reverse iteration. + +Typically, each module has it's own dedicated `KVStore` instance, which it can +get access to via the `sdk.Context` and the use of a pointer-based named key -- +`KVStoreKey`. The `KVStoreKey` provides pseudo-OCAP. How a exactly a `KVStoreKey` +maps to a `KVStore` will be illustrated below through the `CommitMultiStore`. + +Note, a `KVStore` cannot directly commit state. Instead, a `KVStore` can be wrapped +by a `CacheKVStore` which extends a `KVStore` and provides the ability for the +caller to execute `Write()` which commits state to the underlying state storage. +Note, this doesn't actually flush writes to disk as writes are held in memory +until `Commit()` is called on the `CommitMultiStore`. + +### `CommitMultiStore` + +The `CommitMultiStore` interface exposes the the top-level interface that is used +to manage state commitment and storage by an SDK application and abstracts the +concept of multiple `KVStore`s which are used by multiple modules. Specifically, +it supports the following high-level primitives: + +* Allows for a caller to retrieve a `KVStore` by providing a `KVStoreKey`. +* Exposes pruning mechanisms to remove state pinned against a specific height/version + in the past. +* Allows for loading state storage at a particular height/version in the past to + provide current head and historical queries. +* Provides the ability to rollback state to a previous height/version. +* Provides the ability to to load state storage at a particular height/version + while also performing store upgrades, which are used during live hard-fork + application state migrations. +* Provides the ability to commit all current accumulated state to disk and performs + Merkle commitment. + +## Implementation Details + +While there are many interfaces that the `store` package provides, there is +typically a core implementation for each main interface that modules and +developers interact with that are defined in the Cosmos SDK. + +### `iavl.Store` + +The `iavl.Store` provides the core implementation for state storage and commitment +by implementing the following interfaces: + +* `KVStore` +* `CommitStore` +* `CommitKVStore` +* `Queryable` +* `StoreWithInitialVersion` + +It allows for all CRUD operations to be performed along with allowing current +and historical state queries, prefix iteration, and state commitment along with +Merkle proof operations. The `iavl.Store` also provides the ability to remove +historical state from the state commitment layer. + +An overview of the IAVL implementation can be found [here](https://github.com/cosmos/iavl/blob/master/docs/overview.md). +It is important to note that the IAVL store provides both state commitment and +logical storage operations, which comes with drawbacks as there are various +performance impacts, some of which are very drastic, when it comes to the +operations mentioned above. + +When dealing with state management in modules and clients, the Cosmos SDK provides +various layers of abstractions or "store wrapping", where the `iavl.Store` is the +bottom most layer. When requesting a store to perform reads or writes in a module, +the typical abstraction layer in order is defined as follows: + +```text +iavl.Store <- cachekv.Store <- gaskv.Store <- cachemulti.Store <- rootmulti.Store +``` + +### Concurrent use of IAVL store + +The tree under `iavl.Store` is not safe for concurrent use. It is the +responsibility of the caller to ensure that concurrent access to the store is +not performed. + +The main issue with concurrent use is when data is written at the same time as +it's being iterated over. Doing so will cause a irrecoverable fatal error because +of concurrent reads and writes to an internal map. + +Although it's not recommended, you can iterate through values while writing to +it by disabling "FastNode" **without guarantees that the values being written will +be returned during the iteration** (if you need this, you might want to reconsider +the design of your application). This is done by setting `iavl-disable-fastnode` +to `true` in the config TOML file. + +### `cachekv.Store` + +The `cachekv.Store` store wraps an underlying `KVStore`, typically a `iavl.Store` +and contains an in-memory cache for storing pending writes to underlying `KVStore`. +`Set` and `Delete` calls are executed on the in-memory cache, whereas `Has` calls +are proxied to the underlying `KVStore`. + +One of the most important calls to a `cachekv.Store` is `Write()`, which ensures +that key-value pairs are written to the underlying `KVStore` in a deterministic +and ordered manner by sorting the keys first. The store keeps track of "dirty" +keys and uses these to determine what keys to sort. In addition, it also keeps +track of deleted keys and ensures these are also removed from the underlying +`KVStore`. + +The `cachekv.Store` also provides the ability to perform iteration and reverse +iteration. Iteration is performed through the `cacheMergeIterator` type and uses +both the dirty cache and underlying `KVStore` to iterate over key-value pairs. + +Note, all calls to CRUD and iteration operations on a `cachekv.Store` are thread-safe. + +### `gaskv.Store` + +The `gaskv.Store` store provides a simple implementation of a `KVStore`. +Specifically, it just wraps an existing `KVStore`, such as a cache-wrapped +`iavl.Store`, and incurs configurable gas costs for CRUD operations via +`ConsumeGas()` calls defined on the `GasMeter` which exists in a `sdk.Context` +and then proxies the underlying CRUD call to the underlying store. Note, the +`GasMeter` is reset on each block. + +### `cachemulti.Store` & `rootmulti.Store` + +The `rootmulti.Store` acts as an abstraction around a series of stores. Namely, +it implements the `CommitMultiStore` an `Queryable` interfaces. Through the +`rootmulti.Store`, an SDK module can request access to a `KVStore` to perform +state CRUD operations and queries by holding access to a unique `KVStoreKey`. + +The `rootmulti.Store` ensures these queries and state operations are performed +through cached-wrapped instances of `cachekv.Store` which is described above. The +`rootmulti.Store` implementation is also responsible for committing all accumulated +state from each `KVStore` to disk and returning an application state Merkle root. + +Queries can be performed to return state data along with associated state +commitment proofs for both previous heights/versions and the current state root. +Queries are routed based on store name, i.e. a module, along with other parameters +which are defined in `abci.RequestQuery`. + +The `rootmulti.Store` also provides primitives for pruning data at a given +height/version from state storage. When a height is committed, the `rootmulti.Store` +will determine if other previous heights should be considered for removal based +on the operator's pruning settings defined by `PruningOptions`, which defines +how many recent versions to keep on disk and the interval at which to remove +"staged" pruned heights from disk. During each interval, the staged heights are +removed from each `KVStore`. Note, it is up to the underlying `KVStore` +implementation to determine how pruning is actually performed. The `PruningOptions` +are defined as follows: + +```go +type PruningOptions struct { + // KeepRecent defines how many recent heights to keep on disk. + KeepRecent uint64 + + // Interval defines when the pruned heights are removed from disk. + Interval uint64 + + // Strategy defines the kind of pruning strategy. See below for more information on each. + Strategy PruningStrategy +} +``` + +The Cosmos SDK defines a preset number of pruning "strategies": `default`, `everything` +`nothing`, and `custom`. + +It is important to note that the `rootmulti.Store` considers each `KVStore` as a +separate logical store. In other words, they do not share a Merkle tree or +comparable data structure. This means that when state is committed via +`rootmulti.Store`, each store is committed in sequence and thus is not atomic. + +In terms of store construction and wiring, each Cosmos SDK application contains +a `BaseApp` instance which internally has a reference to a `CommitMultiStore` +that is implemented by a `rootmulti.Store`. The application then registers one or +more `KVStoreKey` that pertain to a unique module and thus a `KVStore`. Through +the use of an `sdk.Context` and a `KVStoreKey`, each module can get direct access +to it's respective `KVStore` instance. + +Example: + +```go +func NewApp(...) Application { + // ... + + bApp := baseapp.NewBaseApp(appName, logger, db, txConfig.TxDecoder(), baseAppOptions...) + bApp.SetCommitMultiStoreTracer(traceStore) + bApp.SetVersion(version.Version) + bApp.SetInterfaceRegistry(interfaceRegistry) + + // ... + + keys := sdk.NewKVStoreKeys(...) + transientKeys := sdk.NewTransientStoreKeys(...) + memKeys := sdk.NewMemoryStoreKeys(...) + + // ... + + // initialize stores + app.MountKVStores(keys) + app.MountTransientStores(transientKeys) + app.MountMemoryStores(memKeys) + + // ... +} +``` + +The `rootmulti.Store` itself can be cache-wrapped which returns an instance of a +`cachemulti.Store`. For each block, `BaseApp` ensures that the proper abstractions +are created on the `CommitMultiStore`, i.e. ensuring that the `rootmulti.Store` +is cached-wrapped and uses the resulting `cachemulti.Store` to be set on the +`sdk.Context` which is then used for block and transaction execution. As a result, +all state mutations due to block and transaction execution are actually held +ephemerally until `Commit()` is called by the ABCI client. This concept is further +expanded upon when the AnteHandler is executed per transaction to ensure state +is not committed for transactions that failed CheckTx. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/spec/store/interblock-cache.md b/copy-of-sdk-versioned_docs/version-0.50/build/spec/store/interblock-cache.md new file mode 100644 index 00000000..f2153a64 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/spec/store/interblock-cache.md @@ -0,0 +1,289 @@ +# Inter-block Cache + +* [Inter-block Cache](#inter-block-cache) + * [Synopsis](#synopsis) + * [Overview and basic concepts](#overview-and-basic-concepts) + * [Motivation](#motivation) + * [Definitions](#definitions) + * [System model and properties](#system-model-and-properties) + * [Assumptions](#assumptions) + * [Properties](#properties) + * [Thread safety](#thread-safety) + * [Crash recovery](#crash-recovery) + * [Iteration](#iteration) + * [Technical specification](#technical-specification) + * [General design](#general-design) + * [API](#api) + * [CommitKVCacheManager](#commitkvcachemanager) + * [CommitKVStoreCache](#commitkvstorecache) + * [Implementation details](#implementation-details) + * [History](#history) + * [Copyright](#copyright) + +## Synopsis + +The inter-block cache is an in-memory cache storing (in-most-cases) immutable state that modules need to read in between blocks. When enabled, all sub-stores of a multi store, e.g., `rootmulti`, are wrapped. + +## Overview and basic concepts + +### Motivation + +The goal of the inter-block cache is to allow SDK modules to have fast access to data that it is typically queried during the execution of every block. This is data that do not change often, e.g. module parameters. The inter-block cache wraps each `CommitKVStore` of a multi store such as `rootmulti` with a fixed size, write-through cache. Caches are not cleared after a block is committed, as opposed to other caching layers such as `cachekv`. + +### Definitions + +* `Store key` uniquely identifies a store. +* `KVCache` is a `CommitKVStore` wrapped with a cache. +* `Cache manager` is a key component of the inter-block cache responsible for maintaining a map from `store keys` to `KVCaches`. + +## System model and properties + +### Assumptions + +This specification assumes that there exists a cache implementation accessible to the inter-block cache feature. + +> The implementation uses adaptive replacement cache (ARC), an enhancement over the standard last-recently-used (LRU) cache in that tracks both frequency and recency of use. + +The inter-block cache requires that the cache implementation to provide methods to create a cache, add a key/value pair, remove a key/value pair and retrieve the value associated to a key. In this specification, we assume that a `Cache` feature offers this functionality through the following methods: + +* `NewCache(size int)` creates a new cache with `size` capacity and returns it. +* `Get(key string)` attempts to retrieve a key/value pair from `Cache.` It returns `(value []byte, success bool)`. If `Cache` contains the key, it `value` contains the associated value and `success=true`. Otherwise, `success=false` and `value` should be ignored. +* `Add(key string, value []byte)` inserts a key/value pair into the `Cache`. +* `Remove(key string)` removes the key/value pair identified by `key` from `Cache`. + +The specification also assumes that `CommitKVStore` offers the following API: + +* `Get(key string)` attempts to retrieve a key/value pair from `CommitKVStore`. +* `Set(key, string, value []byte)` inserts a key/value pair into the `CommitKVStore`. +* `Delete(key string)` removes the key/value pair identified by `key` from `CommitKVStore`. + +> Ideally, both `Cache` and `CommitKVStore` should be specified in a different document and referenced here. + +### Properties + +#### Thread safety + +Accessing the `cache manager` or a `KVCache` is not thread-safe: no method is guarded with a lock. +Note that this is true even if the cache implementation is thread-safe. + +> For instance, assume that two `Set` operations are executed concurrently on the same key, each writing a different value. After both are executed, the cache and the underlying store may be inconsistent, each storing a different value under the same key. + +#### Crash recovery + +The inter-block cache transparently delegates `Commit()` to its aggregate `CommitKVStore`. If the +aggregate `CommitKVStore` supports atomic writes and use them to guarantee that the store is always in a consistent state in disk, the inter-block cache can be transparently moved to a consistent state when a failure occurs. + +> Note that this is the case for `IAVLStore`, the preferred `CommitKVStore`. On commit, it calls `SaveVersion()` on the underlying `MutableTree`. `SaveVersion` writes to disk are atomic via batching. This means that only consistent versions of the store (the tree) are written to the disk. Thus, in case of a failure during a `SaveVersion` call, on recovery from disk, the version of the store will be consistent. + +#### Iteration + +Iteration over each wrapped store is supported via the embedded `CommitKVStore` interface. + +## Technical specification + +### General design + +The inter-block cache feature is composed by two components: `CommitKVCacheManager` and `CommitKVCache`. + +`CommitKVCacheManager` implements the cache manager. It maintains a mapping from a store key to a `KVStore`. + +```go +type CommitKVStoreCacheManager interface{ + cacheSize uint + caches map[string]CommitKVStore +} +``` + +`CommitKVStoreCache` implements a `KVStore`: a write-through cache that wraps a `CommitKVStore`. This means that deletes and writes always happen to both the cache and the underlying `CommitKVStore`. Reads on the other hand first hit the internal cache. During a cache miss, the read is delegated to the underlying `CommitKVStore` and cached. + +```go +type CommitKVStoreCache interface{ + store CommitKVStore + cache Cache +} +``` + +To enable inter-block cache on `rootmulti`, one needs to instantiate a `CommitKVCacheManager` and set it by calling `SetInterBlockCache()` before calling one of `LoadLatestVersion()`, `LoadLatestVersionAndUpgrade(...)`, `LoadVersionAndUpgrade(...)` and `LoadVersion(version)`. + +### API + +#### CommitKVCacheManager + +The method `NewCommitKVStoreCacheManager` creates a new cache manager and returns it. + +| Name | Type | Description | +| ------------- | ---------|------- | +| size | integer | Determines the capacity of each of the KVCache maintained by the manager | + +```go +func NewCommitKVStoreCacheManager(size uint) CommitKVStoreCacheManager { + manager = CommitKVStoreCacheManager{size, make(map[string]CommitKVStore)} + return manager +} +``` + +`GetStoreCache` returns a cache from the CommitStoreCacheManager for a given store key. If no cache exists for the store key, then one is created and set. + +| Name | Type | Description | +| ------------- | ---------|------- | +| manager | `CommitKVStoreCacheManager` | The cache manager | +| storeKey | string | The store key of the store being retrieved | +| store | `CommitKVStore` | The store that it is cached in case the manager does not have any in its map of caches | + +```go +func GetStoreCache( + manager CommitKVStoreCacheManager, + storeKey string, + store CommitKVStore) CommitKVStore { + + if manager.caches.has(storeKey) { + return manager.caches.get(storeKey) + } else { + cache = CommitKVStoreCacheManager{store, manager.cacheSize} + manager.set(storeKey, cache) + return cache + } +} +``` + +`Unwrap` returns the underlying CommitKVStore for a given store key. + +| Name | Type | Description | +| ------------- | ---------|------- | +| manager | `CommitKVStoreCacheManager` | The cache manager | +| storeKey | string | The store key of the store being unwrapped | + +```go +func Unwrap( + manager CommitKVStoreCacheManager, + storeKey string) CommitKVStore { + + if manager.caches.has(storeKey) { + cache = manager.caches.get(storeKey) + return cache.store + } else { + return nil + } +} +``` + +`Reset` resets the manager's map of caches. + +| Name | Type | Description | +| ------------- | ---------|------- | +| manager | `CommitKVStoreCacheManager` | The cache manager | + +```go +function Reset(manager CommitKVStoreCacheManager) { + + for (let storeKey of manager.caches.keys()) { + manager.caches.delete(storeKey) + } +} +``` + +#### CommitKVStoreCache + +`NewCommitKVStoreCache` creates a new `CommitKVStoreCache` and returns it. + +| Name | Type | Description | +| ------------- | ---------|------- | +| store | CommitKVStore | The store to be cached | +| size | string | Determines the capacity of the cache being created | + +```go +func NewCommitKVStoreCache( + store CommitKVStore, + size uint) CommitKVStoreCache { + KVCache = CommitKVStoreCache{store, NewCache(size)} + return KVCache +} +``` + +`Get` retrieves a value by key. It first looks in the cache. If the key is not in the cache, the query is delegated to the underlying `CommitKVStore`. In the latter case, the key/value pair is cached. The method returns the value. + +| Name | Type | Description | +| ------------- | ---------|------- | +| KVCache | `CommitKVStoreCache` | The `CommitKVStoreCache` from which the key/value pair is retrieved | +| key | string | Key of the key/value pair being retrieved | + +```go +func Get( + KVCache CommitKVStoreCache, + key string) []byte { + valueCache, success := KVCache.cache.Get(key) + if success { + // cache hit + return valueCache + } else { + // cache miss + valueStore = KVCache.store.Get(key) + KVCache.cache.Add(key, valueStore) + return valueStore + } +} +``` + +`Set` inserts a key/value pair into both the write-through cache and the underlying `CommitKVStore`. + +| Name | Type | Description | +| ------------- | ---------|------- | +| KVCache | `CommitKVStoreCache` | The `CommitKVStoreCache` to which the key/value pair is inserted | +| key | string | Key of the key/value pair being inserted | +| value | []byte | Value of the key/value pair being inserted | + +```go +func Set( + KVCache CommitKVStoreCache, + key string, + value []byte) { + + KVCache.cache.Add(key, value) + KVCache.store.Set(key, value) +} +``` + +`Delete` removes a key/value pair from both the write-through cache and the underlying `CommitKVStore`. + +| Name | Type | Description | +| ------------- | ---------|------- | +| KVCache | `CommitKVStoreCache` | The `CommitKVStoreCache` from which the key/value pair is deleted | +| key | string | Key of the key/value pair being deleted | + +```go +func Delete( + KVCache CommitKVStoreCache, + key string) { + + KVCache.cache.Remove(key) + KVCache.store.Delete(key) +} +``` + +`CacheWrap` wraps a `CommitKVStoreCache` with another caching layer (`CacheKV`). + +> It is unclear whether there is a use case for `CacheWrap`. + +| Name | Type | Description | +| ------------- | ---------|------- | +| KVCache | `CommitKVStoreCache` | The `CommitKVStoreCache` being wrapped | + +```go +func CacheWrap( + KVCache CommitKVStoreCache) { + + return CacheKV.NewStore(KVCache) +} +``` + +### Implementation details + +The inter-block cache implementation uses a fixed-sized adaptive replacement cache (ARC) as cache. [The ARC implementation](https://github.com/hashicorp/golang-lru/blob/master/arc.go) is thread-safe. ARC is an enhancement over the standard LRU cache in that tracks both frequency and recency of use. This avoids a burst in access to new entries from evicting the frequently used older entries. It adds some additional tracking overhead to a standard LRU cache, computationally it is roughly `2x` the cost, and the extra memory overhead is linear with the size of the cache. The default cache size is `1000`. + +## History + +Dec 20, 2022 - Initial draft finished and submitted as a PR + +## Copyright + +All content herein is licensed under [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0). diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/tooling/00-protobuf.md b/copy-of-sdk-versioned_docs/version-0.50/build/tooling/00-protobuf.md new file mode 100644 index 00000000..7f9e3315 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/tooling/00-protobuf.md @@ -0,0 +1,113 @@ +--- +sidebar_position: 1 +--- + +# Protocol Buffers + +It is known that Cosmos SDK uses protocol buffers extensively, this document is meant to provide a guide on how it is used in the cosmos-sdk. + +To generate the proto file, the Cosmos SDK uses a docker image, this image is provided to all to use as well. The latest version is `ghcr.io/cosmos/proto-builder:0.12.x` + +Below is the example of the Cosmos SDK's commands for generating, linting, and formatting protobuf files that can be reused in any applications makefile. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/Makefile#L411-L432 +``` + +The script used to generate the protobuf files can be found in the `scripts/` directory. + +```shell reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/scripts/protocgen.sh +``` + +## Buf + +[Buf](https://buf.build) is a protobuf tool that abstracts the needs to use the complicated `protoc` toolchain on top of various other things that ensure you are using protobuf in accordance with the majority of the ecosystem. Within the cosmos-sdk repository there are a few files that have a buf prefix. Lets start with the top level and then dive into the various directories. + +### Workspace + +At the root level directory a workspace is defined using [buf workspaces](https://docs.buf.build/configuration/v1/buf-work-yaml). This helps if there are one or more protobuf containing directories in your project. + +Cosmos SDK example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/buf.work.yaml#L6-L9 +``` + +### Proto Directory + +Next is the `proto/` directory where all of our protobuf files live. In here there are many different buf files defined each serving a different purpose. + +```bash +├── README.md +├── buf.gen.gogo.yaml +├── buf.gen.pulsar.yaml +├── buf.gen.swagger.yaml +├── buf.lock +├── buf.md +├── buf.yaml +├── cosmos +└── tendermint +``` + +The above diagram all the files and directories within the Cosmos SDK `proto/` directory. + +#### `buf.gen.gogo.yaml` + +`buf.gen.gogo.yaml` defines how the protobuf files should be generated for use with in the module. This file uses [gogoproto](https://github.com/gogo/protobuf), a separate generator from the google go-proto generator that makes working with various objects more ergonomic, and it has more performant encode and decode steps + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/buf.gen.gogo.yaml#L1-L9 +``` + +:::tip +Example of how to define `gen` files can be found [here](https://docs.buf.build/tour/generate-go-code) +::: + +#### `buf.gen.pulsar.yaml` + +`buf.gen.pulsar.yaml` defines how protobuf files should be generated using the [new golang apiv2 of protobuf](https://go.dev/blog/protobuf-apiv2). This generator is used instead of the google go-proto generator because it has some extra helpers for Cosmos SDK applications and will have more performant encode and decode than the google go-proto generator. You can follow the development of this generator [here](https://github.com/cosmos/cosmos-proto). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/buf.gen.pulsar.yaml#L1-L18 +``` + +:::tip +Example of how to define `gen` files can be found [here](https://docs.buf.build/tour/generate-go-code) +::: + +#### `buf.gen.swagger.yaml` + +`buf.gen.swagger.yaml` generates the swagger documentation for the query and messages of the chain. This will only define the REST API end points that were defined in the query and msg servers. You can find examples of this [here](https://github.com/cosmos/cosmos-sdk/blob/main/proto/cosmos/bank/v1beta1/query.proto#L19) + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/buf.gen.swagger.yaml#L1-L6 +``` + +:::tip +Example of how to define `gen` files can be found [here](https://docs.buf.build/tour/generate-go-code) +::: + +#### `buf.lock` + +This is an autogenerated file based off the dependencies required by the `.gen` files. There is no need to copy the current one. If you depend on cosmos-sdk proto definitions a new entry for the Cosmos SDK will need to be provided. The dependency you will need to use is `buf.build/cosmos/cosmos-sdk`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/buf.lock#L1-L16 +``` + +#### `buf.yaml` + +`buf.yaml` defines the [name of your package](https://github.com/cosmos/cosmos-sdk/blob/main/proto/buf.yaml#L3), which [breakage checker](https://docs.buf.build/tour/detect-breaking-changes) to use and how to [lint your protobuf files](https://buf.build/docs/tutorials/getting-started-with-buf-cli#lint-your-api). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/buf.yaml#L1-L24 +``` + +We use a variety of linters for the Cosmos SDK protobuf files. The repo also checks this in ci. + +A reference to the github actions can be found [here](https://github.com/cosmos/cosmos-sdk/blob/main/.github/workflows/proto.yml#L1-L32) + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/.github/workflows/proto.yml#L1-L32 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/tooling/01-cosmovisor.md b/copy-of-sdk-versioned_docs/version-0.50/build/tooling/01-cosmovisor.md new file mode 100644 index 00000000..ffd6d83c --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/tooling/01-cosmovisor.md @@ -0,0 +1,382 @@ +--- +sidebar_position: 1 +--- + +# Cosmovisor + +`cosmovisor` is a process manager for Cosmos SDK application binaries that automates application binary switch at chain upgrades. +It polls the `upgrade-info.json` file that is created by the x/upgrade module at upgrade height, and then can automatically download the new binary, stop the current binary, switch from the old binary to the new one, and finally restart the node with the new binary. + +* [Cosmovisor](#cosmovisor) + * [Design](#design) + * [Contributing](#contributing) + * [Setup](#setup) + * [Installation](#installation) + * [Command Line Arguments And Environment Variables](#command-line-arguments-and-environment-variables) + * [Folder Layout](#folder-layout) + * [Usage](#usage) + * [Initialization](#initialization) + * [Detecting Upgrades](#detecting-upgrades) + * [Auto-Download](#auto-download) + * [Example: SimApp Upgrade](#example-simapp-upgrade) + * [Chain Setup](#chain-setup) + * [Prepare Cosmovisor and Start the Chain](#prepare-cosmovisor-and-start-the-chain) + * [Update App](#update-app) + +## Design + +Cosmovisor is designed to be used as a wrapper for a `Cosmos SDK` app: + +* it will pass arguments to the associated app (configured by `DAEMON_NAME` env variable). + Running `cosmovisor run arg1 arg2 ....` will run `app arg1 arg2 ...`; +* it will manage an app by restarting and upgrading if needed; +* it is configured using environment variables, not positional arguments. + +*Note: If new versions of the application are not set up to run in-place store migrations, migrations will need to be run manually before restarting `cosmovisor` with the new binary. For this reason, we recommend applications adopt in-place store migrations.* + +:::tip +Only the lastest version of cosmovisor is actively developed/maintained. +::: + +:::warning +Versions prior to v1.0.0 have a vulnerability that could lead to a DOS. Please upgrade to the latest version. +::: + +## Contributing + +Cosmovisor is part of the Cosmos SDK monorepo, but it's a separate module with it's own release schedule. + +Release branches have the following format `release/cosmovisor/vA.B.x`, where A and B are a number (e.g. `release/cosmovisor/v1.3.x`). Releases are tagged using the following format: `cosmovisor/vA.B.C`. + +## Setup + +### Installation + +You can download Cosmovisor from the [GitHub releases](https://github.com/cosmos/cosmos-sdk/releases/tag/cosmovisor%2Fv1.3.0). + +To install the latest version of `cosmovisor`, run the following command: + +```shell +go install cosmossdk.io/tools/cosmovisor/cmd/cosmovisor@latest +``` + +To install a previous version, you can specify the version. IMPORTANT: Chains that use Cosmos SDK v0.44.3 or earlier (eg v0.44.2) and want to use auto-download feature MUST use `cosmovisor v0.1.0` + +```shell +go install github.com/cosmos/cosmos-sdk/cosmovisor/cmd/cosmovisor@v0.1.0 +``` + +Run `cosmovisor version` to check the cosmovisor version. + +Alternatively, for building from source, simply run `make cosmovisor`. The binary will be located in `tools/cosmovisor`. + +:::warning +Building from source using `make cosmovisor` won't display the correct `cosmovisor` version. +::: + +### Command Line Arguments And Environment Variables + +The first argument passed to `cosmovisor` is the action for `cosmovisor` to take. Options are: + +* `help`, `--help`, or `-h` - Output `cosmovisor` help information and check your `cosmovisor` configuration. +* `run` - Run the configured binary using the rest of the provided arguments. +* `version` - Output the `cosmovisor` version and also run the binary with the `version` argument. +* `config` - Display the current `cosmovisor` configuration, that means displaying the environment variables value that `cosmovisor` is using. +* `add-upgrade` - Add an upgrade manually to `cosmovisor`. + +All arguments passed to `cosmovisor run` will be passed to the application binary (as a subprocess). `cosmovisor` will return `/dev/stdout` and `/dev/stderr` of the subprocess as its own. For this reason, `cosmovisor run` cannot accept any command-line arguments other than those available to the application binary. + +:::warning +Use of `cosmovisor` without one of the action arguments is deprecated. For backwards compatibility, if the first argument is not an action argument, `run` is assumed. However, this fallback might be removed in future versions, so it is recommended that you always provide `run`. +::: + +`cosmovisor` reads its configuration from environment variables: + +* `DAEMON_HOME` is the location where the `cosmovisor/` directory is kept that contains the genesis binary, the upgrade binaries, and any additional auxiliary files associated with each binary (e.g. `$HOME/.gaiad`, `$HOME/.regend`, `$HOME/.simd`, etc.). +* `DAEMON_NAME` is the name of the binary itself (e.g. `gaiad`, `regend`, `simd`, etc.). +* `DAEMON_ALLOW_DOWNLOAD_BINARIES` (*optional*), if set to `true`, will enable auto-downloading of new binaries (for security reasons, this is intended for full nodes rather than validators). By default, `cosmovisor` will not auto-download new binaries. +* `DAEMON_RESTART_AFTER_UPGRADE` (*optional*, default = `true`), if `true`, restarts the subprocess with the same command-line arguments and flags (but with the new binary) after a successful upgrade. Otherwise (`false`), `cosmovisor` stops running after an upgrade and requires the system administrator to manually restart it. Note restart is only after the upgrade and does not auto-restart the subprocess after an error occurs. +* `DAEMON_RESTART_DELAY` (*optional*, default none), allow a node operator to define a delay between the node halt (for upgrade) and backup by the specified time. The value must be a duration (e.g. `1s`). +* `DAEMON_POLL_INTERVAL` (*optional*, default 300 milliseconds), is the interval length for polling the upgrade plan file. The value must be a duration (e.g. `1s`). +* `DAEMON_DATA_BACKUP_DIR` option to set a custom backup directory. If not set, `DAEMON_HOME` is used. +* `UNSAFE_SKIP_BACKUP` (defaults to `false`), if set to `true`, upgrades directly without performing a backup. Otherwise (`false`, default) backs up the data before trying the upgrade. The default value of false is useful and recommended in case of failures and when a backup needed to rollback. We recommend using the default backup option `UNSAFE_SKIP_BACKUP=false`. +* `DAEMON_PREUPGRADE_MAX_RETRIES` (defaults to `0`). The maximum number of times to call [`pre-upgrade`](https://docs.cosmos.network/main/building-apps/app-upgrade#pre-upgrade-handling) in the application after exit status of `31`. After the maximum number of retries, Cosmovisor fails the upgrade. +* `COSMOVISOR_DISABLE_LOGS` (defaults to `false`). If set to true, this will disable Cosmovisor logs (but not the underlying process) completely. This may be useful, for example, when a Cosmovisor subcommand you are executing returns a valid JSON you are then parsing, as logs added by Cosmovisor make this output not a valid JSON. + +### Folder Layout + +`$DAEMON_HOME/cosmovisor` is expected to belong completely to `cosmovisor` and the subprocesses that are controlled by it. The folder content is organized as follows: + +```text +. +├── current -> genesis or upgrades/ +├── genesis +│   └── bin +│   └── $DAEMON_NAME +└── upgrades + └── + ├── bin + │   └── $DAEMON_NAME + └── upgrade-info.json +``` + +The `cosmovisor/` directory incudes a subdirectory for each version of the application (i.e. `genesis` or `upgrades/`). Within each subdirectory is the application binary (i.e. `bin/$DAEMON_NAME`) and any additional auxiliary files associated with each binary. `current` is a symbolic link to the currently active directory (i.e. `genesis` or `upgrades/`). The `name` variable in `upgrades/` is the lowercased URI-encoded name of the upgrade as specified in the upgrade module plan. Note that the upgrade name path are normalized to be lowercased: for instance, `MyUpgrade` is normalized to `myupgrade`, and its path is `upgrades/myupgrade`. + +Please note that `$DAEMON_HOME/cosmovisor` only stores the *application binaries*. The `cosmovisor` binary itself can be stored in any typical location (e.g. `/usr/local/bin`). The application will continue to store its data in the default data directory (e.g. `$HOME/.simapp`) or the data directory specified with the `--home` flag. `$DAEMON_HOME` is independent of the data directory and can be set to any location. If you set `$DAEMON_HOME` to the same directory as the data directory, you will end up with a configuation like the following: + +```text +.simapp +├── config +├── data +└── cosmovisor +``` + +## Usage + +The system administrator is responsible for: + +* installing the `cosmovisor` binary +* configuring the host's init system (e.g. `systemd`, `launchd`, etc.) +* appropriately setting the environmental variables +* creating the `/cosmovisor` directory +* creating the `/cosmovisor/genesis/bin` folder +* creating the `/cosmovisor/upgrades//bin` folders +* placing the different versions of the `` executable in the appropriate `bin` folders. + +`cosmovisor` will set the `current` link to point to `genesis` at first start (i.e. when no `current` link exists) and then handle switching binaries at the correct points in time so that the system administrator can prepare days in advance and relax at upgrade time. + +In order to support downloadable binaries, a tarball for each upgrade binary will need to be packaged up and made available through a canonical URL. Additionally, a tarball that includes the genesis binary and all available upgrade binaries can be packaged up and made available so that all the necessary binaries required to sync a fullnode from start can be easily downloaded. + +The `DAEMON` specific code and operations (e.g. cometBFT config, the application db, syncing blocks, etc.) all work as expected. The application binaries' directives such as command-line flags and environment variables also work as expected. + +### Initialization + +The `cosmovisor init ` command creates the folder structure required for using cosmovisor. + +It does the following: + +* creates the `/cosmovisor` folder if it doesn't yet exist +* creates the `/cosmovisor/genesis/bin` folder if it doesn't yet exist +* copies the provided executable file to `/cosmovisor/genesis/bin/` +* creates the `current` link, pointing to the `genesis` folder + +It uses the `DAEMON_HOME` and `DAEMON_NAME` environment variables for folder location and executable name. + +The `cosmovisor init` command is specifically for initializing cosmovisor, and should not be confused with a chain's `init` command (e.g. `cosmovisor run init`). + +### Detecting Upgrades + +`cosmovisor` is polling the `$DAEMON_HOME/data/upgrade-info.json` file for new upgrade instructions. The file is created by the x/upgrade module in `BeginBlocker` when an upgrade is detected and the blockchain reaches the upgrade height. +The following heuristic is applied to detect the upgrade: + +* When starting, `cosmovisor` doesn't know much about currently running upgrade, except the binary which is `current/bin/`. It tries to read the `current/update-info.json` file to get information about the current upgrade name. +* If neither `cosmovisor/current/upgrade-info.json` nor `data/upgrade-info.json` exist, then `cosmovisor` will wait for `data/upgrade-info.json` file to trigger an upgrade. +* If `cosmovisor/current/upgrade-info.json` doesn't exist but `data/upgrade-info.json` exists, then `cosmovisor` assumes that whatever is in `data/upgrade-info.json` is a valid upgrade request. In this case `cosmovisor` tries immediately to make an upgrade according to the `name` attribute in `data/upgrade-info.json`. +* Otherwise, `cosmovisor` waits for changes in `upgrade-info.json`. As soon as a new upgrade name is recorded in the file, `cosmovisor` will trigger an upgrade mechanism. + +When the upgrade mechanism is triggered, `cosmovisor` will: + +1. if `DAEMON_ALLOW_DOWNLOAD_BINARIES` is enabled, start by auto-downloading a new binary into `cosmovisor//bin` (where `` is the `upgrade-info.json:name` attribute); +2. update the `current` symbolic link to point to the new directory and save `data/upgrade-info.json` to `cosmovisor/current/upgrade-info.json`. + +### Auto-Download + +Generally, `cosmovisor` requires that the system administrator place all relevant binaries on disk before the upgrade happens. However, for people who don't need such control and want an automated setup (maybe they are syncing a non-validating fullnode and want to do little maintenance), there is another option. + +**NOTE: we don't recommend using auto-download** because it doesn't verify in advance if a binary is available. If there will be any issue with downloading a binary, the cosmovisor will stop and won't restart an App (which could lead to a chain halt). + +If `DAEMON_ALLOW_DOWNLOAD_BINARIES` is set to `true`, and no local binary can be found when an upgrade is triggered, `cosmovisor` will attempt to download and install the binary itself based on the instructions in the `info` attribute in the `data/upgrade-info.json` file. The files is constructed by the x/upgrade module and contains data from the upgrade `Plan` object. The `Plan` has an info field that is expected to have one of the following two valid formats to specify a download: + +1. Store an os/architecture -> binary URI map in the upgrade plan info field as JSON under the `"binaries"` key. For example: + + ```json + { + "binaries": { + "linux/amd64":"https://example.com/gaia.zip?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f" + } + } + ``` + + You can include multiple binaries at once to ensure more than one environment will receive the correct binaries: + + ```json + { + "binaries": { + "linux/amd64":"https://example.com/gaia.zip?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f", + "linux/arm64":"https://example.com/gaia.zip?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f", + "darwin/amd64":"https://example.com/gaia.zip?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f" + } + } + ``` + + When submitting this as a proposal ensure there are no spaces. An example command using `gaiad` could look like: + + ```shell + > gaiad tx upgrade software-upgrade Vega \ + --title Vega \ + --deposit 100uatom \ + --upgrade-height 7368420 \ + --upgrade-info '{"binaries":{"linux/amd64":"https://github.com/cosmos/gaia/releases/download/v6.0.0-rc1/gaiad-v6.0.0-rc1-linux-amd64","linux/arm64":"https://github.com/cosmos/gaia/releases/download/v6.0.0-rc1/gaiad-v6.0.0-rc1-linux-arm64","darwin/amd64":"https://github.com/cosmos/gaia/releases/download/v6.0.0-rc1/gaiad-v6.0.0-rc1-darwin-amd64"}}' \ + --summary "upgrade to Vega" \ + --gas 400000 \ + --from user \ + --chain-id test \ + --home test/val2 \ + --node tcp://localhost:36657 \ + --yes + ``` + +2. Store a link to a file that contains all information in the above format (e.g. if you want to specify lots of binaries, changelog info, etc. without filling up the blockchain). For example: + + ```text + https://example.com/testnet-1001-info.json?checksum=sha256:deaaa99fda9407c4dbe1d04bd49bab0cc3c1dd76fa392cd55a9425be074af01e + ``` + +When `cosmovisor` is triggered to download the new binary, `cosmovisor` will parse the `"binaries"` field, download the new binary with [go-getter](https://github.com/hashicorp/go-getter), and unpack the new binary in the `upgrades/` folder so that it can be run as if it was installed manually. + +Note that for this mechanism to provide strong security guarantees, all URLs should include a SHA 256/512 checksum. This ensures that no false binary is run, even if someone hacks the server or hijacks the DNS. `go-getter` will always ensure the downloaded file matches the checksum if it is provided. `go-getter` will also handle unpacking archives into directories (in this case the download link should point to a `zip` file of all data in the `bin` directory). + +To properly create a sha256 checksum on linux, you can use the `sha256sum` utility. For example: + +```shell +sha256sum ./testdata/repo/zip_directory/autod.zip +``` + +The result will look something like the following: `29139e1381b8177aec909fab9a75d11381cab5adf7d3af0c05ff1c9c117743a7`. + +You can also use `sha512sum` if you would prefer to use longer hashes, or `md5sum` if you would prefer to use broken hashes. Whichever you choose, make sure to set the hash algorithm properly in the checksum argument to the URL. + +## Example: SimApp Upgrade + +The following instructions provide a demonstration of `cosmovisor` using the simulation application (`simapp`) shipped with the Cosmos SDK's source code. The following commands are to be run from within the `cosmos-sdk` repository. + +### Chain Setup + +Let's create a new chain using the `v0.44` version of simapp (the Cosmos SDK demo app): + +```shell +git checkout v0.44.6 +make build +``` + +Clean `~/.simapp` (never do this in a production environment): + +```shell +./build/simd unsafe-reset-all +``` + +Set up app config: + +```shell +./build/simd config set client chain-id test +./build/simd config set client keyring-backend test +./build/simd config set client broadcast-mode sync +``` + +Initialize the node and overwrite any previous genesis file (never do this in a production environment): + +```shell +./build/simd init test --chain-id test --overwrite +``` + +Set the minimum gas price to `0stake` in `~/.simapp/config/app.toml`: + +```shell +minimum-gas-prices = "0stake" +``` + +For the sake of this demonstration, amend `voting_period` in `genesis.json` to a reduced time of 20 seconds (`20s`): + +```shell +cat <<< $(jq '.app_state.gov.voting_params.voting_period = "20s"' $HOME/.simapp/config/genesis.json) > $HOME/.simapp/config/genesis.json +``` + +Create a validator, and setup genesis transaction: + +```shell +./build/simd keys add validator +./build/simd genesis add-genesis-account validator 1000000000stake --keyring-backend test +./build/simd genesis gentx validator 1000000stake --chain-id test +./build/simd genesis collect-gentxs +``` + +#### Prepare Cosmovisor and Start the Chain + +Set the required environment variables: + +```shell +export DAEMON_NAME=simd +export DAEMON_HOME=$HOME/.simapp +``` + +Set the optional environment variable to trigger an automatic app restart: + +```shell +export DAEMON_RESTART_AFTER_UPGRADE=true +``` + +Create the folder for the genesis binary and copy the `simd` binary: + +```shell +mkdir -p $DAEMON_HOME/cosmovisor/genesis/bin +cp ./build/simd $DAEMON_HOME/cosmovisor/genesis/bin +``` + +Now you can run cosmovisor with simapp v0.44: + +```shell +cosmovisor run start +``` + +#### Update App + +Update app to the latest version (e.g. v0.45). + +Next, we can add a migration - which is defined using `x/upgrade` [upgrade plan](https://github.com/cosmos/cosmos-sdk/blob/main/docs/core/upgrade.md) (you may refer to a past version if you are using an older Cosmos SDK release). In a migration we can do any deterministic state change. + +Build the new version `simd` binary: + +```shell +make build +``` + +Add the new `simd` binary and the upgrade name: + +:::warning + +The migration name must match the one defined in the migration plan. + +::: + +```shell +mkdir -p $DAEMON_HOME/cosmovisor/upgrades/test1/bin +cp ./build/simd $DAEMON_HOME/cosmovisor/upgrades/test1/bin +``` + +Open a new terminal window and submit an upgrade proposal along with a deposit and a vote (these commands must be run within 20 seconds of each other): + +**<= v0.45**: + +```shell +./build/simd tx gov submit-proposal software-upgrade test1 --title upgrade --description upgrade --upgrade-height 200 --from validator --yes +./build/simd tx gov deposit 1 10000000stake --from validator --yes +./build/simd tx gov vote 1 yes --from validator --yes +``` + +**v0.46, v0.47**: + +```shell +./build/simd tx gov submit-legacy-proposal software-upgrade test1 --title upgrade --description upgrade --upgrade-height 200 --from validator --yes +./build/simd tx gov deposit 1 10000000stake --from validator --yes +./build/simd tx gov vote 1 yes --from validator --yes +``` + +**>= v0.50+**: + +```shell +./build/simd tx upgrade software-upgrade test1 --title upgrade --summary upgrade --upgrade-height 200 --from validator --yes +./build/simd tx gov deposit 1 10000000stake --from validator --yes +./build/simd tx gov vote 1 yes --from validator --yes +``` + +The upgrade will occur automatically at height 200. Note: you may need to change the upgrade height in the snippet above if your test play takes more time. diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/tooling/02-confix.md b/copy-of-sdk-versioned_docs/version-0.50/build/tooling/02-confix.md new file mode 100644 index 00000000..f6badd49 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/tooling/02-confix.md @@ -0,0 +1,137 @@ +--- +sidebar_position: 1 +--- + +# Confix + +`Confix` is a configuration management tool that allows you to manage your configuration via CLI. + +It is based on the [CometBFT RFC 019](https://github.com/cometbft/cometbft/blob/5013bc3f4a6d64dcc2bf02ccc002ebc9881c62e4/docs/rfc/rfc-019-config-version.md). + +## Installation + +### Add Config Command + +To add the confix tool, it's required to add the `ConfigCommand` to your application's root command file (e.g. `/cmd/root.go`). + +Import the `confixCmd` package: + +```go +import "cosmossdk.io/tools/confix/cmd" +``` + +Find the following line: + +```go +initRootCmd(rootCmd, encodingConfig) +``` + +After that line, add the following: + +```go +rootCmd.AddCommand( + confixcmd.ConfigCommand(), +) +``` + +The `ConfixCommand` function builds the `config` root command and is defined in the `confixCmd` package (`cosmossdk.io/tools/confix/cmd`). +An implementation example can be found in `simapp`. + +The command will be available as `simd config`. + +### Using Confix Standalone + +To use Confix standalone, without having to add it in your application, install it with the following command: + +```bash +go install cosmossdk.io/tools/confix/cmd/confix@latest +``` + +Alternatively, for building from source, simply run `make confix`. The binary will be located in `tools/confix`. + +## Usage + +Use standalone: + +```shell +confix --help +``` + +Use in simd: + +```shell +simd config fix --help +``` + +### Get + +Get a configuration value, e.g.: + +```shell +simd config get app pruning # gets the value pruning from app.toml +simd config get client chain-id # gets the value chain-id from client.toml +``` + +```shell +confix get ~/.simapp/config/app.toml pruning # gets the value pruning from app.toml +confix get ~/.simapp/config/client.toml chain-id # gets the value chain-id from client.toml +``` + +### Set + +Set a configuration value, e.g.: + +```shell +simd config set app pruning "enabled" # sets the value pruning from app.toml +simd config set client chain-id "foo-1" # sets the value chain-id from client.toml +``` + +```shell +confix set ~/.simapp/config/app.toml pruning "enabled" # sets the value pruning from app.toml +confix set ~/.simapp/config/client.toml chain-id "foo-1" # sets the value chain-id from client.toml +``` + +### Migrate + +Migrate a configuration file to a new version, e.g.: + +```shell +simd config migrate v0.47 # migrates defaultHome/config/app.toml to the latest v0.47 config +``` + +```shell +confix migrate v0.47 ~/.simapp/config/app.toml # migrate ~/.simapp/config/app.toml to the latest v0.47 config +``` + +### Diff + +Get the diff between a given configuration file and the default configuration file, e.g.: + +```shell +simd config diff v0.47 # gets the diff between defaultHome/config/app.toml and the latest v0.47 config +``` + +```shell +confix diff v0.47 ~/.simapp/config/app.toml # gets the diff between ~/.simapp/config/app.toml and the latest v0.47 config +``` + +### View + +View a configuration file, e.g: + +```shell +simd config view client # views the current app client config +``` + +```shell +confix view ~/.simapp/config/client.toml # views the current app client conf +``` + +### Maintainer + +At each SDK modification of the default configuration, add the default SDK config under `data/v0.XX-app.toml`. +This allows users to use the tool standalone. + +## Credits + +This project is based on the [CometBFT RFC 019](https://github.com/cometbft/cometbft/blob/5013bc3f4a6d64dcc2bf02ccc002ebc9881c62e4/docs/rfc/rfc-019-config-version.md) and their own implementation of [confix](https://github.com/cometbft/cometbft/blob/v0.36.x/scripts/confix/confix.go). diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/tooling/03-hubl.md b/copy-of-sdk-versioned_docs/version-0.50/build/tooling/03-hubl.md new file mode 100644 index 00000000..97d02921 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/tooling/03-hubl.md @@ -0,0 +1,73 @@ +--- +sidebar_position: 1 +--- + +# Hubl + +`Hubl` is a tool that allows you to query any Cosmos SDK based blockchain. +It takes advantage of the new [AutoCLI](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/client/v2@v2.0.0-20220916140313-c5245716b516/cli) feature of the Cosmos SDK. + +## Installation + +Hubl can be installed using `go install`: + +```shell +go install cosmossdk.io/tools/hubl/cmd/hubl@latest +``` + +Or build from source: + +```shell +git clone --depth=1 https://github.com/cosmos/cosmos-sdk +make hubl +``` + +The binary will be located in `tools/hubl`. + +## Usage + +```shell +hubl --help +``` + +### Add chain + +To configure a new chain just run this command using the --init flag and the name of the chain as it's listed in the chain registry (). + +If the chain is not listed in the chain registry, you can use any unique name. + +```shell +hubl init [chain-name] +hubl init regen +``` + +The chain configuration is stored in `~/.hubl/config.toml`. + +:::tip + +When using an unsecure gRPC endpoint, change the `insecure` field to `true` in the config file. + +```toml +[chains] +[chains.regen] +[[chains.regen.trusted-grpc-endpoints]] +endpoint = 'localhost:9090' +insecure = true +``` + +Or use the `--insecure` flag: + +```shell +hubl init regen --insecure +``` + +::: + +### Query + +To query a chain, you can use the `query` command. +Then specify which module you want to query and the query itself. + +```shell +hubl regen query auth module-accounts +``` diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/tooling/README.md b/copy-of-sdk-versioned_docs/version-0.50/build/tooling/README.md new file mode 100644 index 00000000..27bc94e2 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/tooling/README.md @@ -0,0 +1,19 @@ +--- +sidebar_position: 0 +--- + +# Tools + +This section provides documentation on various tooling maintained by the SDK team. +This includes tools for development, operating a node, and ease of use of a Cosmos SDK chain. + +## CLI Tools + +* [Cosmovisor](./01-cosmovisor.md) +* [Confix](./02-confix.md) +* [Hubl](./03-hubl.md) +* [Rosetta](https://docs.cosmos.network/main/run-node/rosetta) + +## Other Tools + +* [Protocol Buffers](./00-protobuf.md) diff --git a/copy-of-sdk-versioned_docs/version-0.50/build/tooling/_category_.json b/copy-of-sdk-versioned_docs/version-0.50/build/tooling/_category_.json new file mode 100644 index 00000000..eb57cb8a --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.50/build/tooling/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Tooling", + "position": 5, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/_category_.json b/copy-of-sdk-versioned_docs/version-0.53/build/_category_.json new file mode 100644 index 00000000..9f308823 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Build", + "position": 0, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/abci/00-introduction.md b/copy-of-sdk-versioned_docs/version-0.53/build/abci/00-introduction.md new file mode 100644 index 00000000..cec8a740 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/abci/00-introduction.md @@ -0,0 +1,51 @@ +# Introduction + +## What is ABCI? + +ABCI, Application Blockchain Interface is the interface between CometBFT and the application. More information about ABCI can be found [here](https://docs.cometbft.com/v0.38/spec/abci/). CometBFT version 0.38 included a new version of ABCI (called ABCI 2.0) which added several new methods. + +The 5 methods introduced in ABCI 2.0 are: + +* `PrepareProposal` +* `ProcessProposal` +* `ExtendVote` +* `VerifyVoteExtension` +* `FinalizeBlock` + + +## The Flow + +## PrepareProposal + +Based on validator voting power, CometBFT chooses a block proposer and calls `PrepareProposal` on the block proposer's application (Cosmos SDK). The selected block proposer is responsible for collecting outstanding transactions from the mempool, adhering to the application's specifications. The application can enforce custom transaction ordering and incorporate additional transactions, potentially generated from vote extensions in the previous block. + +To perform this manipulation on the application side, a custom handler must be implemented. By default, the Cosmos SDK provides `PrepareProposalHandler`, used in conjunction with an application specific mempool. A custom handler can be written by application developer, if a noop handler provided, all transactions are considered valid. + +Please note that vote extensions will only be available on the following height in which vote extensions are enabled. More information about vote extensions can be found [here](https://docs.cosmos.network/main/build/abci/vote-extensions). + +After creating the proposal, the proposer returns it to CometBFT. + +PrepareProposal CAN be non-deterministic. + +## ProcessProposal + +This method allows validators to perform application-specific checks on the block proposal and is called on all validators. This is an important step in the consensus process, as it ensures that the block is valid and meets the requirements of the application. For example, validators could check that the block contains all the required transactions or that the block does not create any invalid state transitions. + +The implementation of `ProcessProposal` MUST be deterministic. + +## ExtendVote and VerifyVoteExtensions + +These methods allow applications to extend the voting process by requiring validators to perform additional actions beyond simply validating blocks. + +If vote extensions are enabled, `ExtendVote` will be called on every validator and each one will return its vote extension which is in practice a bunch of bytes. As mentioned above this data (vote extension) can only be retrieved in the next block height during `PrepareProposal`. Additionally, this data can be arbitrary, but in the provided tutorials, it serves as an oracle or proof of transactions in the mempool. Essentially, vote extensions are processed and injected as transactions. Examples of use-cases for vote extensions include prices for a price oracle or encryption shares for an encrypted transaction mempool. `ExtendVote` CAN be non-deterministic. + +`VerifyVoteExtensions` is performed on every validator multiple times in order to verify other validators' vote extensions. This check is submitted to validate the integrity and validity of the vote extensions preventing malicious or invalid vote extensions. + +Additionally, applications must keep the vote extension data concise as it can degrade the performance of their chain, see testing results [here](https://docs.cometbft.com/v0.38/qa/cometbft-qa-38#vote-extensions-testbed). + +`VerifyVoteExtensions` MUST be deterministic. + + +## FinalizeBlock + +`FinalizeBlock` is then called and is responsible for updating the state of the blockchain and making the block available to users. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/abci/01-prepare-proposal.md b/copy-of-sdk-versioned_docs/version-0.53/build/abci/01-prepare-proposal.md new file mode 100644 index 00000000..b1c6eb8a --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/abci/01-prepare-proposal.md @@ -0,0 +1,45 @@ +# Prepare Proposal + +`PrepareProposal` handles construction of the block, meaning that when a proposer +is preparing to propose a block, it requests the application to evaluate a +`RequestPrepareProposal`, which contains a series of transactions from CometBFT's +mempool. At this point, the application has complete control over the proposal. +It can modify, delete, and inject transactions from its own app-side mempool into +the proposal or even ignore all the transactions altogether. What the application +does with the transactions provided to it by `RequestPrepareProposal` has no +effect on CometBFT's mempool. + +Note, that the application defines the semantics of the `PrepareProposal` and it +MAY be non-deterministic and is only executed by the current block proposer. + +Now, reading mempool twice in the previous sentence is confusing, lets break it down. +CometBFT has a mempool that handles gossiping transactions to other nodes +in the network. The order of these transactions is determined by CometBFT's mempool, +using FIFO as the sole ordering mechanism. It's worth noting that the priority mempool +in Comet was removed or deprecated. +However, since the application is able to fully inspect +all transactions, it can provide greater control over transaction ordering. +Allowing the application to handle ordering enables the application to define how +it would like the block constructed. + +The Cosmos SDK defines the `DefaultProposalHandler` type, which provides applications with +`PrepareProposal` and `ProcessProposal` handlers. If you decide to implement your +own `PrepareProposal` handler, you must ensure that the transactions +selected DO NOT exceed the maximum block gas (if set) and the maximum bytes provided +by `req.MaxBytes`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/abci_utils.go +``` + +This default implementation can be overridden by the application developer in +favor of a custom implementation in [`app_di.go`](../building-apps/01-app-go-di.md): + +```go +prepareOpt := func(app *baseapp.BaseApp) { + abciPropHandler := baseapp.NewDefaultProposalHandler(mempool, app) + app.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) +} + +baseAppOptions = append(baseAppOptions, prepareOpt) +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/abci/02-process-proposal.md b/copy-of-sdk-versioned_docs/version-0.53/build/abci/02-process-proposal.md new file mode 100644 index 00000000..c1faf9f4 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/abci/02-process-proposal.md @@ -0,0 +1,32 @@ +# Process Proposal + +`ProcessProposal` handles the validation of a proposal from `PrepareProposal`, +which also includes a block header. After a block has been proposed, +the other validators have the right to accept or reject that block. The validator in the +default implementation of `PrepareProposal` runs basic validity checks on each +transaction. + +Note, `ProcessProposal` MUST be deterministic. Non-deterministic behaviors will cause apphash mismatches. +This means if `ProcessProposal` panics or fails and we reject, all honest validator +processes should reject (i.e., prevote nil). If so, CometBFT will start a new round with a new block proposal and the same cycle will happen with `PrepareProposal` +and `ProcessProposal` for the new proposal. + +Here is the implementation of the default implementation: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/abci_utils.go#L219-L226 +``` + +Like `PrepareProposal`, this implementation is the default and can be modified by +the application developer in [`app_di.go`](../building-apps/01-app-go-di.md). If you decide to implement +your own `ProcessProposal` handler, you must ensure that the transactions +provided in the proposal DO NOT exceed the maximum block gas and `maxtxbytes` (if set). + +```go +processOpt := func(app *baseapp.BaseApp) { + abciPropHandler := baseapp.NewDefaultProposalHandler(mempool, app) + app.SetProcessProposal(abciPropHandler.ProcessProposalHandler()) +} + +baseAppOptions = append(baseAppOptions, processOpt) +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/abci/03-vote-extensions.md b/copy-of-sdk-versioned_docs/version-0.53/build/abci/03-vote-extensions.md new file mode 100644 index 00000000..f3744660 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/abci/03-vote-extensions.md @@ -0,0 +1,122 @@ +# Vote Extensions + +:::note Synopsis +This section describes how the application can define and use vote extensions +defined in ABCI++. +::: + +## Extend Vote + +ABCI 2.0 (colloquially called ABCI++) allows an application to extend a pre-commit vote with arbitrary data. This process does NOT have to be deterministic, and the data returned can be unique to the +validator process. The Cosmos SDK defines [`baseapp.ExtendVoteHandler`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/abci.go#L32): + +```go +type ExtendVoteHandler func(Context, *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) +``` + +An application can set this handler in `app.go` via the `baseapp.SetExtendVoteHandler` +`BaseApp` option function. The `sdk.ExtendVoteHandler`, if defined, is called during +the `ExtendVote` ABCI method. Note, if an application decides to implement +`baseapp.ExtendVoteHandler`, it MUST return a non-nil `VoteExtension`. However, the vote +extension can be empty. See [here](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/spec/abci/abci++_methods.md#extendvote) +for more details. + +There are many decentralized censorship-resistant use cases for vote extensions. +For example, a validator may want to submit prices for a price oracle or encryption +shares for an encrypted transaction mempool. Note, an application should be careful +to consider the size of the vote extensions as they could increase latency in block +production. See [here](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/docs/qa/CometBFT-QA-38.md#vote-extensions-testbed) +for more details. + +Click [here](https://docs.cosmos.network/main/build/abci/vote-extensions) if you would like a walkthrough of how to implement vote extensions. + + +## Verify Vote Extension + +Similar to extending a vote, an application can also verify vote extensions from +other validators when validating their pre-commits. For a given vote extension, +this process MUST be deterministic. The Cosmos SDK defines [`sdk.VerifyVoteExtensionHandler`](https://github.com/cosmos/cosmos-sdk/blob/v0.50.1/types/abci.go#L29-L31): + +```go +type VerifyVoteExtensionHandler func(Context, *abci.RequestVerifyVoteExtension) (*abci.ResponseVerifyVoteExtension, error) +``` + +An application can set this handler in `app.go` via the `baseapp.SetVerifyVoteExtensionHandler` +`BaseApp` option function. The `sdk.VerifyVoteExtensionHandler`, if defined, is called +during the `VerifyVoteExtension` ABCI method. If an application defines a vote +extension handler, it should also define a verification handler. Note, not all +validators will share the same view of what vote extensions they verify depending +on how votes are propagated. See [here](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/spec/abci/abci++_methods.md#verifyvoteextension) +for more details. + +Additionally, please keep in mind that performance can be degraded if vote extensions are too big (https://docs.cometbft.com/v0.38/qa/cometbft-qa-38#vote-extensions-testbed), so we highly recommend a size validation in `VerifyVoteExtensions`. + + +## Vote Extension Propagation + +The agreed upon vote extensions at height `H` are provided to the proposing validator +at height `H+1` during `PrepareProposal`. As a result, the vote extensions are +not natively provided or exposed to the remaining validators during `ProcessProposal`. +As a result, if an application requires that the agreed upon vote extensions from +height `H` are available to all validators at `H+1`, the application must propagate +these vote extensions manually in the block proposal itself. This can be done by +"injecting" them into the block proposal, since the `Txs` field in `PrepareProposal` +is just a slice of byte slices. + +`FinalizeBlock` will ignore any byte slice that doesn't implement an `sdk.Tx`, so +any injected vote extensions will safely be ignored in `FinalizeBlock`. For more +details on propagation, see the [ABCI++ 2.0 ADR](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-064-abci-2.0.md#vote-extension-propagation--verification). + +### Recovery of injected Vote Extensions + +As stated before, vote extensions can be injected into a block proposal (along with +other transactions in the `Txs` field). The Cosmos SDK provides a pre-FinalizeBlock +hook to allow applications to recover vote extensions, perform any necessary +computation on them, and then store the results in the cached store. These results +will be available to the application during the subsequent `FinalizeBlock` call. + +An example of how a pre-FinalizeBlock hook could look like is shown below: + +```go +app.SetPreBlocker(func(ctx sdk.Context, req *abci.RequestFinalizeBlock) error { + allVEs := []VE{} // store all parsed vote extensions here + for _, tx := range req.Txs { + // define a custom function that tries to parse the tx as a vote extension + ve, ok := parseVoteExtension(tx) + if !ok { + continue + } + + allVEs = append(allVEs, ve) + } + + // perform any necessary computation on the vote extensions and store the result + // in the cached store + result := compute(allVEs) + err := storeVEResult(ctx, result) + if err != nil { + return err + } + + return nil +}) + +``` + +Then, in an app's module, the application can retrieve the result of the computation +of vote extensions from the cached store: + +```go +func (k Keeper) BeginBlocker(ctx context.Context) error { + // retrieve the result of the computation of vote extensions from the cached store + result, err := k.GetVEResult(ctx) + if err != nil { + return err + } + + // use the result of the computation of vote extensions + k.setSomething(result) + + return nil +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/abci/04-checktx.md b/copy-of-sdk-versioned_docs/version-0.53/build/abci/04-checktx.md new file mode 100644 index 00000000..081d6fd2 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/abci/04-checktx.md @@ -0,0 +1,50 @@ +# CheckTx + +CheckTx is called by the `BaseApp` when comet receives a transaction from a client, over the p2p network or RPC. The CheckTx method is responsible for validating the transaction and returning an error if the transaction is invalid. + +```mermaid +graph TD + subgraph SDK[Cosmos SDK] + B[Baseapp] + A[AnteHandlers] + B <-->|Validate TX| A + end + C[CometBFT] <-->|CheckTx|SDK + U((User)) -->|Submit TX| C + N[P2P] -->|Receive TX| C +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/31c604762a434c7b676b6a89897ecbd7c4653a23/baseapp/abci.go#L350-L390 +``` + +## CheckTx Handler + +`CheckTxHandler` allows users to extend the logic of `CheckTx`. `CheckTxHandler` is called by passing context and the transaction bytes received through ABCI. It is required that the handler returns deterministic results given the same transaction bytes. + +:::note +we return the raw decoded transaction here to avoid decoding it twice. +::: + +```go +type CheckTxHandler func(ctx sdk.Context, tx []byte) (Tx, error) +``` + +Setting a custom `CheckTxHandler` is optional. It can be done from your app.go file: + +```go +func NewSimApp( + logger log.Logger, + db corestore.KVStoreWithBatch, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), +) *SimApp { + ... + // Create ChecktxHandler + checktxHandler := abci.NewCustomCheckTxHandler(...) + app.SetCheckTxHandler(checktxHandler) + ... +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/abci/_category_.json b/copy-of-sdk-versioned_docs/version-0.53/build/abci/_category_.json new file mode 100644 index 00000000..d4ebb80c --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/abci/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "ABCI", + "position": 2, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/PROCESS.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/PROCESS.md new file mode 100644 index 00000000..0e9a34eb --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/PROCESS.md @@ -0,0 +1,58 @@ +# ADR Creation Process + +1. Copy the `adr-template.md` file. Use the following filename pattern: `adr-next_number-title.md` +2. Create a draft Pull Request if you want to get early feedback. +3. Make sure the context and solution are clear and well documented. +4. Add an entry to the list in the [README](./README.md) file. +5. Create a Pull Request to propose a new ADR. + +## What is an ADR? + +An ADR is a document to document an implementation and design that may or may not have been discussed in an RFC. While an RFC is meant to replace synchronous communication in a distributed environment, an ADR is meant to document an already made decision. An ADR won't come with much of a communication overhead because the discussion was recorded in an RFC or a synchronous discussion. If the consensus came from a synchronous discussion, then a short excerpt should be added to the ADR to explain the goals. + +## ADR life cycle + +ADR creation is an **iterative** process. Instead of having a high amount of communication overhead, an ADR is used when there is already a decision made and implementation details need to be added. The ADR should document what the collective consensus for the specific issue is and how to solve it. + +1. Every ADR should start with either an RFC or a discussion where consensus has been met. + +2. Once consensus is met, a GitHub Pull Request (PR) is created with a new document based on the `adr-template.md`. + +3. If a _proposed_ ADR is merged, then it should clearly document outstanding issues either in ADR document notes or in a GitHub Issue. + +4. The PR SHOULD always be merged. In the case of a faulty ADR, we still prefer to merge it with a _rejected_ status. The only time the ADR SHOULD NOT be merged is if the author abandons it. + +5. Merged ADRs SHOULD NOT be pruned. + +### ADR status + +Status has two components: + +```text +{CONSENSUS STATUS} {IMPLEMENTATION STATUS} +``` + +IMPLEMENTATION STATUS is either `Implemented` or `Not Implemented`. + +#### Consensus Status + +```text +DRAFT -> PROPOSED -> LAST CALL yyyy-mm-dd -> ACCEPTED | REJECTED -> SUPERSEDED by ADR-xxx + \ | + \ | + v v + ABANDONED +``` + +* `DRAFT`: [optional] an ADR which is a work in progress, not being ready for a general review. This is to present an early work and get early feedback in a Draft Pull Request form. +* `PROPOSED`: an ADR covering a full solution architecture and still in the review - project stakeholders haven't reached an agreement yet. +* `LAST CALL `: [optional] Notify that we are close to accepting updates. Changing a status to `LAST CALL` means that social consensus (of Cosmos SDK maintainers) has been reached, and we still want to give it a time to let the community react or analyze. +* `ACCEPTED`: ADR which will represent a currently implemented or to be implemented architecture design. +* `REJECTED`: ADR can go from PROPOSED or ACCEPTED to rejected if the consensus among project stakeholders will decide so. +* `SUPERSEDED by ADR-xxx`: ADR which has been superseded by a new ADR. +* `ABANDONED`: the ADR is no longer pursued by the original authors. + +## Language used in ADR + +* The context/background should be written in the present tense. +* Avoid using a first, personal form. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/README.md new file mode 100644 index 00000000..fa4ca022 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/README.md @@ -0,0 +1,96 @@ +--- +sidebar_position: 1 +--- + +# Architecture Decision Records (ADR) + +This is a location to record all high-level architecture decisions in the Cosmos-SDK. + +An Architectural Decision (**AD**) is a software design choice that addresses a functional or non-functional requirement that is architecturally significant. +An Architecturally Significant Requirement (**ASR**) is a requirement that has a measurable effect on a software system’s architecture and quality. +An Architectural Decision Record (**ADR**) captures a single AD, such as often done when writing personal notes or meeting minutes; the collection of ADRs created and maintained in a project constitute its decision log. All these are within the topic of Architectural Knowledge Management (AKM). + +You can read more about the ADR concept in this [blog post](https://product.reverb.com/documenting-architecture-decisions-the-reverb-way-a3563bb24bd0#.78xhdix6t). + +## Rationale + +ADRs are intended to be the primary mechanism for proposing new feature designs and new processes, for collecting community input on an issue, and for documenting the design decisions. +An ADR should provide: + +* Context on the relevant goals and the current state +* Proposed changes to achieve the goals +* Summary of pros and cons +* References +* Changelog + +Note the distinction between an ADR and a spec. The ADR provides the context, intuition, reasoning, and +justification for a change in architecture, or for the architecture of something +new. The spec is much more compressed and streamlined summary of everything as +it stands today. + +If recorded decisions turned out to be lacking, convene a discussion, record the new decisions here, and then modify the code to match. + +## Creating new ADR + +Read about the [PROCESS](./PROCESS.md). + +### Use RFC 2119 Keywords + +When writing ADRs, follow the same best practices for writing RFCs. When writing RFCs, key words are used to signify the requirements in the specification. These words are often capitalized: "MUST," "MUST NOT," "REQUIRED," "SHALL," "SHALL NOT," "SHOULD," "SHOULD NOT," "RECOMMENDED," "MAY," and "OPTIONAL." They are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119). + +## ADR Table of Contents + +### Accepted + +* [ADR 002: SDK Documentation Structure](./adr-002-docs-structure.md) +* [ADR 004: Split Denomination Keys](./adr-004-split-denomination-keys.md) +* [ADR 006: Secret Store Replacement](./adr-006-secret-store-replacement.md) +* [ADR 009: Evidence Module](./adr-009-evidence-module.md) +* [ADR 010: Modular AnteHandler](./adr-010-modular-antehandler.md) +* [ADR 019: Protocol Buffer State Encoding](./adr-019-protobuf-state-encoding.md) +* [ADR 020: Protocol Buffer Transaction Encoding](./adr-020-protobuf-transaction-encoding.md) +* [ADR 021: Protocol Buffer Query Encoding](./adr-021-protobuf-query-encoding.md) +* [ADR 023: Protocol Buffer Naming and Versioning](./adr-023-protobuf-naming.md) +* [ADR 029: Fee Grant Module](./adr-029-fee-grant-module.md) +* [ADR 030: Message Authorization Module](./adr-030-authz-module.md) +* [ADR 031: Protobuf Msg Services](./adr-031-msg-service.md) +* [ADR 055: ORM](./adr-055-orm.md) +* [ADR 058: Auto-Generated CLI](./adr-058-auto-generated-cli.md) +* [ADR 060: ABCI 1.0 (Phase I)](adr-060-abci-1.0.md) +* [ADR 061: Liquid Staking](./adr-061-liquid-staking.md) + +### Proposed + +* [ADR 003: Dynamic Capability Store](./adr-003-dynamic-capability-store.md) +* [ADR 011: Generalize Genesis Accounts](./adr-011-generalize-genesis-accounts.md) +* [ADR 012: State Accessors](./adr-012-state-accessors.md) +* [ADR 013: Metrics](./adr-013-metrics.md) +* [ADR 016: Validator Consensus Key Rotation](./adr-016-validator-consensus-key-rotation.md) +* [ADR 017: Historical Header Module](./adr-017-historical-header-module.md) +* [ADR 018: Extendable Voting Periods](./adr-018-extendable-voting-period.md) +* [ADR 022: Custom baseapp panic handling](./adr-022-custom-panic-handling.md) +* [ADR 024: Coin Metadata](./adr-024-coin-metadata.md) +* [ADR 027: Deterministic Protobuf Serialization](./adr-027-deterministic-protobuf-serialization.md) +* [ADR 028: Public Key Addresses](./adr-028-public-key-addresses.md) +* [ADR 032: Typed Events](./adr-032-typed-events.md) +* [ADR 033: Inter-module RPC](./adr-033-protobuf-inter-module-comm.md) +* [ADR 035: Rosetta API Support](./adr-035-rosetta-api-support.md) +* [ADR 037: Governance Split Votes](./adr-037-gov-split-vote.md) +* [ADR 038: State Listening](./adr-038-state-listening.md) +* [ADR 039: Epoched Staking](./adr-039-epoched-staking.md) +* [ADR 040: Storage and SMT State Commitments](./adr-040-storage-and-smt-state-commitments.md) +* [ADR 046: Module Params](./adr-046-module-params.md) +* [ADR 054: Semver Compatible SDK Modules](./adr-054-semver-compatible-modules.md) +* [ADR 057: App Wiring](./adr-057-app-wiring.md) +* [ADR 059: Test Scopes](./adr-059-test-scopes.md) +* [ADR 062: Collections State Layer](./adr-062-collections-state-layer.md) +* [ADR 063: Core Module API](./adr-063-core-module-api.md) +* [ADR 065: Store V2](./adr-065-store-v2.md) +* [ADR 076: Transaction Malleability Risk Review and Recommendations](./adr-076-tx-malleability.md) + +### Draft + +* [ADR 044: Guidelines for Updating Protobuf Definitions](./adr-044-protobuf-updates-guidelines.md) +* [ADR 047: Extend Upgrade Plan](./adr-047-extend-upgrade-plan.md) +* [ADR 053: Go Module Refactoring](./adr-053-go-module-refactoring.md) +* [ADR 068: Preblock](./adr-068-preblock.md) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/_category_.json b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/_category_.json new file mode 100644 index 00000000..e0b1907a --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "ADRs", + "position": 6, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-002-docs-structure.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-002-docs-structure.md new file mode 100644 index 00000000..5819151f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-002-docs-structure.md @@ -0,0 +1,86 @@ +# ADR 002: SDK Documentation Structure + +## Context + +There is a need for a scalable structure of the Cosmos SDK documentation. Current documentation includes a lot of non-related Cosmos SDK material, is difficult to maintain and hard to follow as a user. + +Ideally, we would have: + +* All docs related to dev frameworks or tools live in their respective github repos (sdk repo would contain sdk docs, hub repo would contain hub docs, lotion repo would contain lotion docs, etc.) +* All other docs (faqs, whitepaper, high-level material about Cosmos) would live on the website. + +## Decision + +Re-structure the `/docs` folder of the Cosmos SDK github repo as follows: + +```text +docs/ +├── README +├── intro/ +├── concepts/ +│ ├── baseapp +│ ├── types +│ ├── store +│ ├── server +│ ├── modules/ +│ │ ├── keeper +│ │ ├── handler +│ │ ├── cli +│ ├── gas +│ └── commands +├── clients/ +│ ├── lite/ +│ ├── service-providers +├── modules/ +├── spec/ +├── translations/ +└── architecture/ +``` + +The files in each sub-folders do not matter and will likely change. What matters is the sectioning: + +* `README`: Landing page of the docs. +* `intro`: Introductory material. Goal is to have a short explainer of the Cosmos SDK and then channel people to the resource they need. The [Cosmos SDK tutorial](https://github.com/cosmos/sdk-application-tutorial/) will be highlighted, as well as the `godocs`. +* `concepts`: Contains high-level explanations of the abstractions of the Cosmos SDK. It does not contain specific code implementation and does not need to be updated often. **It is not an API specification of the interfaces**. API spec is the `godoc`. +* `clients`: Contains specs and info about the various Cosmos SDK clients. +* `spec`: Contains specs of modules, and others. +* `modules`: Contains links to `godocs` and the spec of the modules. +* `architecture`: Contains architecture-related docs like the present one. +* `translations`: Contains different translations of the documentation. + +Website docs sidebar will only include the following sections: + +* `README` +* `intro` +* `concepts` +* `clients` + +`architecture` need not be displayed on the website. + +## Status + +Accepted + +## Consequences + +### Positive + +* Much clearer organisation of the Cosmos SDK docs. +* The `/docs` folder now only contains Cosmos SDK and gaia related material. Later, it will only contain Cosmos SDK related material. +* Developers only have to update `/docs` folder when they open a PR (and not `/examples` for example). +* Easier for developers to find what they need to update in the docs thanks to reworked architecture. +* Cleaner vuepress build for website docs. +* Will help build an executable doc (cf https://github.com/cosmos/cosmos-sdk/issues/2611) + +### Neutral + +* We need to move a bunch of deprecated stuff to `/_attic` folder. +* We need to integrate content in `docs/sdk/docs/core` in `concepts`. +* We need to move all the content that currently lives in `docs` and does not fit in new structure (like `lotion`, intro material, whitepaper) to the website repository. +* Update `DOCS_README.md` + +## References + +* https://github.com/cosmos/cosmos-sdk/issues/1460 +* https://github.com/cosmos/cosmos-sdk/pull/2695 +* https://github.com/cosmos/cosmos-sdk/issues/2611 diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-003-dynamic-capability-store.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-003-dynamic-capability-store.md new file mode 100644 index 00000000..f9ddd364 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-003-dynamic-capability-store.md @@ -0,0 +1,344 @@ +# ADR 3: Dynamic Capability Store + +## Changelog + +* 12 December 2019: Initial version +* 02 April 2020: Memory Store Revisions + +## Context + +Full implementation of the [IBC specification](https://github.com/cosmos/ibc) requires the ability to create and authenticate object-capability keys at runtime (i.e., during transaction execution), +as described in [ICS 5](https://github.com/cosmos/ibc/tree/master/spec/core/ics-005-port-allocation#technical-specification). In the IBC specification, capability keys are created for each newly initialised +port & channel, and are used to authenticate future usage of the port or channel. Since channels and potentially ports can be initialised during transaction execution, the state machine must be able to create +object-capability keys at this time. + +At present, the Cosmos SDK does not have the ability to do this. Object-capability keys are currently pointers (memory addresses) of `StoreKey` structs created at application initialisation in `app.go` ([example](https://github.com/cosmos/gaia/blob/dcbddd9f04b3086c0ad07ee65de16e7adedc7da4/app/app.go#L132)) +and passed to Keepers as fixed arguments ([example](https://github.com/cosmos/gaia/blob/dcbddd9f04b3086c0ad07ee65de16e7adedc7da4/app/app.go#L160)). Keepers cannot create or store capability keys during transaction execution — although they could call `NewKVStoreKey` and take the memory address +of the returned struct, storing this in the Merklised store would result in a consensus fault, since the memory address will be different on each machine (this is intentional — were this not the case, the keys would be predictable and couldn't serve as object capabilities). + +Keepers need a way to keep a private map of store keys which can be altered during transaction execution, along with a suitable mechanism for regenerating the unique memory addresses (capability keys) in this map whenever the application is started or restarted, along with a mechanism to revert capability creation on tx failure. +This ADR proposes such an interface & mechanism. + +## Decision + +The Cosmos SDK will include a new `CapabilityKeeper` abstraction, which is responsible for provisioning, +tracking, and authenticating capabilities at runtime. During application initialisation in `app.go`, +the `CapabilityKeeper` will be hooked up to modules through unique function references +(by calling `ScopeToModule`, defined below) so that it can identify the calling module when later +invoked. + +When the initial state is loaded from disk, the `CapabilityKeeper`'s `Initialise` function will create +new capability keys for all previously allocated capability identifiers (allocated during execution of +past transactions and assigned to particular modes), and keep them in a memory-only store while the +chain is running. + +The `CapabilityKeeper` will include a persistent `KVStore`, a `MemoryStore`, and an in-memory map. +The persistent `KVStore` tracks which capability is owned by which modules. +The `MemoryStore` stores a forward mapping that map from module name, capability tuples to capability names and +a reverse mapping that map from module name, capability name to the capability index. +Since we cannot marshal the capability into a `KVStore` and unmarshal without changing the memory location of the capability, +the reverse mapping in the KVStore will simply map to an index. This index can then be used as a key in the ephemeral +go-map to retrieve the capability at the original memory location. + +The `CapabilityKeeper` will define the following types & functions: + +The `Capability` is similar to `StoreKey`, but has a globally unique `Index()` instead of +a name. A `String()` method is provided for debugging. + +A `Capability` is simply a struct, the address of which is taken for the actual capability. + +```go +type Capability struct { + index uint64 +} +``` + +A `CapabilityKeeper` contains a persistent store key, memory store key, and mapping of allocated module names. + +```go +type CapabilityKeeper struct { + persistentKey StoreKey + memKey StoreKey + capMap map[uint64]*Capability + moduleNames map[string]interface{} + sealed bool +} +``` + +The `CapabilityKeeper` provides the ability to create *scoped* sub-keepers which are tied to a +particular module name. These `ScopedCapabilityKeeper`s must be created at application initialisation +and passed to modules, which can then use them to claim capabilities they receive and retrieve +capabilities which they own by name, in addition to creating new capabilities & authenticating capabilities +passed by other modules. + +```go +type ScopedCapabilityKeeper struct { + persistentKey StoreKey + memKey StoreKey + capMap map[uint64]*Capability + moduleName string +} +``` + +`ScopeToModule` is used to create a scoped sub-keeper with a particular name, which must be unique. +It MUST be called before `InitialiseAndSeal`. + +```go +func (ck CapabilityKeeper) ScopeToModule(moduleName string) ScopedCapabilityKeeper { + if k.sealed { + panic("cannot scope to module via a sealed capability keeper") + } + + if _, ok := k.scopedModules[moduleName]; ok { + panic(fmt.Sprintf("cannot create multiple scoped keepers for the same module name: %s", moduleName)) + } + + k.scopedModules[moduleName] = struct{}{} + + return ScopedKeeper{ + cdc: k.cdc, + storeKey: k.storeKey, + memKey: k.memKey, + capMap: k.capMap, + module: moduleName, + } +} +``` + +`InitialiseAndSeal` MUST be called exactly once, after loading the initial state and creating all +necessary `ScopedCapabilityKeeper`s, in order to populate the memory store with newly-created +capability keys in accordance with the keys previously claimed by particular modules and prevent the +creation of any new `ScopedCapabilityKeeper`s. + +```go +func (ck CapabilityKeeper) InitialiseAndSeal(ctx Context) { + if ck.sealed { + panic("capability keeper is sealed") + } + + persistentStore := ctx.KVStore(ck.persistentKey) + map := ctx.KVStore(ck.memKey) + + // initialise memory store for all names in persistent store + for index, value := range persistentStore.Iter() { + capability = &CapabilityKey{index: index} + + for moduleAndCapability := range value { + moduleName, capabilityName := moduleAndCapability.Split("/") + memStore.Set(moduleName + "/fwd/" + capability, capabilityName) + memStore.Set(moduleName + "/rev/" + capabilityName, index) + + ck.capMap[index] = capability + } + } + + ck.sealed = true +} +``` + +`NewCapability` can be called by any module to create a new unique, unforgeable object-capability +reference. The newly created capability is automatically persisted; the calling module need not +call `ClaimCapability`. + +```go +func (sck ScopedCapabilityKeeper) NewCapability(ctx Context, name string) (Capability, error) { + // check name not taken in memory store + if capStore.Get("rev/" + name) != nil { + return nil, errors.New("name already taken") + } + + // fetch the current index + index := persistentStore.Get("index") + + // create a new capability + capability := &CapabilityKey{index: index} + + // set persistent store + persistentStore.Set(index, Set.singleton(sck.moduleName + "/" + name)) + + // update the index + index++ + persistentStore.Set("index", index) + + // set forward mapping in memory store from capability to name + memStore.Set(sck.moduleName + "/fwd/" + capability, name) + + // set reverse mapping in memory store from name to index + memStore.Set(sck.moduleName + "/rev/" + name, index) + + // set the in-memory mapping from index to capability pointer + capMap[index] = capability + + // return the newly created capability + return capability +} +``` + +`AuthenticateCapability` can be called by any module to check that a capability +does in fact correspond to a particular name (the name can be untrusted user input) +with which the calling module previously associated it. + +```go +func (sck ScopedCapabilityKeeper) AuthenticateCapability(name string, capability Capability) bool { + // return whether forward mapping in memory store matches name + return memStore.Get(sck.moduleName + "/fwd/" + capability) === name +} +``` + +`ClaimCapability` allows a module to claim a capability key which it has received from another module +so that future `GetCapability` calls will succeed. + +`ClaimCapability` MUST be called if a module which receives a capability wishes to access it by name +in the future. Capabilities are multi-owner, so if multiple modules have a single `Capability` reference, +they will all own it. + +```go +func (sck ScopedCapabilityKeeper) ClaimCapability(ctx Context, capability Capability, name string) error { + persistentStore := ctx.KVStore(sck.persistentKey) + + // set forward mapping in memory store from capability to name + memStore.Set(sck.moduleName + "/fwd/" + capability, name) + + // set reverse mapping in memory store from name to capability + memStore.Set(sck.moduleName + "/rev/" + name, capability) + + // update owner set in persistent store + owners := persistentStore.Get(capability.Index()) + owners.add(sck.moduleName + "/" + name) + persistentStore.Set(capability.Index(), owners) +} +``` + +`GetCapability` allows a module to fetch a capability which it has previously claimed by name. +The module is not allowed to retrieve capabilities which it does not own. + +```go +func (sck ScopedCapabilityKeeper) GetCapability(ctx Context, name string) (Capability, error) { + // fetch the index of capability using reverse mapping in memstore + index := memStore.Get(sck.moduleName + "/rev/" + name) + + // fetch capability from go-map using index + capability := capMap[index] + + // return the capability + return capability +} +``` + +`ReleaseCapability` allows a module to release a capability which it had previously claimed. If no +more owners exist, the capability will be deleted globally. + +```go +func (sck ScopedCapabilityKeeper) ReleaseCapability(ctx Context, capability Capability) err { + persistentStore := ctx.KVStore(sck.persistentKey) + + name := capStore.Get(sck.moduleName + "/fwd/" + capability) + if name == nil { + return error("capability not owned by module") + } + + // delete forward mapping in memory store + memoryStore.Delete(sck.moduleName + "/fwd/" + capability, name) + + // delete reverse mapping in memory store + memoryStore.Delete(sck.moduleName + "/rev/" + name, capability) + + // update owner set in persistent store + owners := persistentStore.Get(capability.Index()) + owners.remove(sck.moduleName + "/" + name) + if owners.size() > 0 { + // there are still other owners, keep the capability around + persistentStore.Set(capability.Index(), owners) + } else { + // no more owners, delete the capability + persistentStore.Delete(capability.Index()) + delete(capMap[capability.Index()]) + } +} +``` + +### Usage patterns + +#### Initialisation + +Any modules which use dynamic capabilities must be provided a `ScopedCapabilityKeeper` in `app.go`: + +```go +ck := NewCapabilityKeeper(persistentKey, memoryKey) +mod1Keeper := NewMod1Keeper(ck.ScopeToModule("mod1"), ....) +mod2Keeper := NewMod2Keeper(ck.ScopeToModule("mod2"), ....) + +// other initialisation logic ... + +// load initial state... + +ck.InitialiseAndSeal(initialContext) +``` + +#### Creating, passing, claiming and using capabilities + +Consider the case where `mod1` wants to create a capability, associate it with a resource (e.g. an IBC channel) by name, then pass it to `mod2` which will use it later: + +Module 1 would have the following code: + +```go +capability := scopedCapabilityKeeper.NewCapability(ctx, "resourceABC") +mod2Keeper.SomeFunction(ctx, capability, args...) +``` + +`SomeFunction`, running in module 2, could then claim the capability: + +```go +func (k Mod2Keeper) SomeFunction(ctx Context, capability Capability) { + k.sck.ClaimCapability(ctx, capability, "resourceABC") + // other logic... +} +``` + +Later on, module 2 can retrieve that capability by name and pass it to module 1, which will authenticate it against the resource: + +```go +func (k Mod2Keeper) SomeOtherFunction(ctx Context, name string) { + capability := k.sck.GetCapability(ctx, name) + mod1.UseResource(ctx, capability, "resourceABC") +} +``` + +Module 1 will then check that this capability key is authenticated to use the resource before allowing module 2 to use it: + +```go +func (k Mod1Keeper) UseResource(ctx Context, capability Capability, resource string) { + if !k.sck.AuthenticateCapability(name, capability) { + return errors.New("unauthenticated") + } + // do something with the resource +} +``` + +If module 2 passed the capability key to module 3, module 3 could then claim it and call module 1 just like module 2 did +(in which case module 1, module 2, and module 3 would all be able to use this capability). + +## Status + +Proposed. + +## Consequences + +### Positive + +* Dynamic capability support. +* Allows CapabilityKeeper to return same capability pointer from go-map while reverting any writes to the persistent `KVStore` and in-memory `MemoryStore` on tx failure. + +### Negative + +* Requires an additional keeper. +* Some overlap with existing `StoreKey` system (in the future they could be combined, since this is a superset functionality-wise). +* Requires an extra level of indirection in the reverse mapping, since MemoryStore must map to index which must then be used as key in a go map to retrieve the actual capability + +### Neutral + +(none known) + +## References + +* [Original discussion](https://github.com/cosmos/cosmos-sdk/pull/5230#discussion_r343978513) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-004-split-denomination-keys.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-004-split-denomination-keys.md new file mode 100644 index 00000000..8abf25fd --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-004-split-denomination-keys.md @@ -0,0 +1,120 @@ +# ADR 004: Split Denomination Keys + +## Changelog + +* 2020-01-08: Initial version +* 2020-01-09: Alterations to handle vesting accounts +* 2020-01-14: Updates from review feedback +* 2020-01-30: Updates from implementation + +### Glossary + +* denom / denomination key -- unique token identifier. + +## Context + +With permissionless IBC, anyone will be able to send arbitrary denominations to any other account. Currently, all non-zero balances are stored along with the account in an `sdk.Coins` struct, which creates a potential denial-of-service concern, as too many denominations will become expensive to load & store each time the account is modified. See issues [5467](https://github.com/cosmos/cosmos-sdk/issues/5467) and [4982](https://github.com/cosmos/cosmos-sdk/issues/4982) for additional context. + +Simply rejecting incoming deposits after a denomination count limit doesn't work, since it opens up a griefing vector: someone could send a user lots of nonsensical coins over IBC, and then prevent the user from receiving real denominations (such as staking rewards). + +## Decision + +Balances shall be stored per-account & per-denomination under a denomination- and account-unique key, thus enabling O(1) read & write access to the balance of a particular account in a particular denomination. + +### Account interface (x/auth) + +`GetCoins()` and `SetCoins()` will be removed from the account interface, since coin balances will +now be stored in & managed by the bank module. + +The vesting account interface will replace `SpendableCoins` in favor of `LockedCoins` which does +not require the account balance anymore. In addition, `TrackDelegation()` will now accept the +account balance of all tokens denominated in the vesting balance instead of loading the entire +account balance. + +Vesting accounts will continue to store original vesting, delegated free, and delegated +vesting coins (which is safe since these cannot contain arbitrary denominations). + +### Bank keeper (x/bank) + +The following APIs will be added to the `x/bank` keeper: + +* `GetAllBalances(ctx Context, addr AccAddress) Coins` +* `GetBalance(ctx Context, addr AccAddress, denom string) Coin` +* `SetBalance(ctx Context, addr AccAddress, coin Coin)` +* `LockedCoins(ctx Context, addr AccAddress) Coins` +* `SpendableCoins(ctx Context, addr AccAddress) Coins` + +Additional APIs may be added to facilitate iteration and auxiliary functionality not essential to +core functionality or persistence. + +Balances will be stored first by the address, then by the denomination (the reverse is also possible, +but retrieval of all balances for a single account is presumed to be more frequent): + +```go +var BalancesPrefix = []byte("balances") + +func (k Keeper) SetBalance(ctx Context, addr AccAddress, balance Coin) error { + if !balance.IsValid() { + return err + } + + store := ctx.KVStore(k.storeKey) + balancesStore := prefix.NewStore(store, BalancesPrefix) + accountStore := prefix.NewStore(balancesStore, addr.Bytes()) + + bz := Marshal(balance) + accountStore.Set([]byte(balance.Denom), bz) + + return nil +} +``` + +This will result in the balances being indexed by the byte representation of +`balances/{address}/{denom}`. + +`DelegateCoins()` and `UndelegateCoins()` will be altered to only load each individual +account balance by denomination found in the (un)delegation amount. As a result, +any mutations to the account balance by will made by denomination. + +`SubtractCoins()` and `AddCoins()` will be altered to read & write the balances +directly instead of calling `GetCoins()` / `SetCoins()` (which no longer exist). + +`trackDelegation()` and `trackUndelegation()` will be altered to no longer update +account balances. + +External APIs will need to scan all balances under an account to retain backwards-compatibility. It +is advised that these APIs use `GetBalance` and `SetBalance` instead of `GetAllBalances` when +possible as to not load the entire account balance. + +### Supply module + +The supply module, in order to implement the total supply invariant, will now need +to scan all accounts & call `GetAllBalances` using the `x/bank` Keeper, then sum +the balances and check that they match the expected total supply. + +## Status + +Accepted. + +## Consequences + +### Positive + +* O(1) reads & writes of balances (with respect to the number of denominations for +which an account has non-zero balances). Note, this does not relate to the actual +I/O cost, rather the total number of direct reads needed. + +### Negative + +* Slightly less efficient reads/writes when reading & writing all balances of a +single account in a transaction. + +### Neutral + +None in particular. + +## References + +* Ref: https://github.com/cosmos/cosmos-sdk/issues/4982 +* Ref: https://github.com/cosmos/cosmos-sdk/issues/5467 +* Ref: https://github.com/cosmos/cosmos-sdk/issues/5492 diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-006-secret-store-replacement.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-006-secret-store-replacement.md new file mode 100644 index 00000000..fe2e2546 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-006-secret-store-replacement.md @@ -0,0 +1,54 @@ +# ADR 006: Secret Store Replacement + +## Changelog + +* July 29th, 2019: Initial draft +* September 11th, 2019: Work has started +* November 4th: Cosmos SDK changes merged in +* November 18th: Gaia changes merged in + +## Context + +Currently, a Cosmos SDK application's CLI directory stores key material and metadata in a plain text database in the user’s home directory. Key material is encrypted by a passphrase, protected by bcrypt hashing algorithm. Metadata (e.g. addresses, public keys, key storage details) is available in plain text. + +This is not desirable for a number of reasons. Perhaps the biggest reason is insufficient security protection of key material and metadata. Leaking the plain text allows an attacker to surveil what keys a given computer controls via a number of techniques, like compromised dependencies without any privilege execution. This could be followed by a more targeted attack on a particular user/computer. + +All modern desktop computers OS (Ubuntu, Debian, MacOS, Windows) provide a built-in secret store that is designed to allow applications to store information that is isolated from all other applications and requires passphrase entry to access the data. + +We are seeking solution that provides a common abstraction layer to the many different backends and reasonable fallback for minimal platforms that don’t provide a native secret store. + +## Decision + +We recommend replacing the current Keybase backend based on LevelDB with [Keyring](https://github.com/99designs/keyring) by 99 designs. This application is designed to provide a common abstraction and uniform interface between many secret stores and is used by AWS Vault application by 99-designs application. + +This appears to fulfill the requirement of protecting both key material and metadata from rouge software on a user’s machine. + +## Status + +Accepted + +## Consequences + +### Positive + +Increased safety for users. + +### Negative + +Users must manually migrate. + +Testing against all supported backends is difficult. + +Running tests locally on a Mac require numerous repetitive password entries. + +### Neutral + +{neutral consequences} + +## References + +* #4754 Switch secret store to the keyring secret store (original PR by @poldsam) [__CLOSED__] +* #5029 Add support for github.com/99designs/keyring-backed keybases [__MERGED__] +* #5097 Add keys migrate command [__MERGED__] +* #5180 Drop on-disk keybase in favor of keyring [_PENDING_REVIEW_] +* cosmos/gaia#164 Drop on-disk keybase in favor of keyring (gaia's changes) [_PENDING_REVIEW_] diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-007-specialization-groups.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-007-specialization-groups.md new file mode 100644 index 00000000..58f78abf --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-007-specialization-groups.md @@ -0,0 +1,177 @@ +# ADR 007: Specialization Groups + +## Changelog + +* 2019 Jul 31: Initial Draft + +## Context + +This idea was first conceived of in order to fulfill the use case of the +creation of a decentralized Computer Emergency Response Team (dCERT), whose +members would be elected by a governing community and would fulfill the role of +coordinating the community under emergency situations. This thinking +can be further abstracted into the conception of "blockchain specialization +groups". + +The creation of these groups are the beginning of specialization capabilities +within a wider blockchain community which could be used to enable a certain +level of delegated responsibilities. Examples of specialization which could be +beneficial to a blockchain community include: code auditing, emergency response, +code development etc. This type of community organization paves the way for +individual stakeholders to delegate votes by issue type, if in the future +governance proposals include a field for issue type. + +## Decision + +A specialization group can be broadly broken down into the following functions +(herein containing examples): + +* Membership Admittance +* Membership Acceptance +* Membership Revocation + * (probably) Without Penalty + * member steps down (self-Revocation) + * replaced by new member from governance + * (probably) With Penalty + * due to breach of soft-agreement (determined through governance) + * due to breach of hard-agreement (determined by code) +* Execution of Duties + * Special transactions which only execute for members of a specialization + group (for example, dCERT members voting to turn off transaction routes in + an emergency scenario) +* Compensation + * Group compensation (further distribution decided by the specialization group) + * Individual compensation for all constituents of a group from the + greater community + +Membership admittance to a specialization group could take place over a wide +variety of mechanisms. The most obvious example is through a general vote among +the entire community, however in certain systems a community may want to allow +the members already in a specialization group to internally elect new members, +or maybe the community may assign a permission to a particular specialization +group to appoint members to other 3rd party groups. The sky is really the limit +as to how membership admittance can be structured. We attempt to capture +some of these possiblities in a common interface dubbed the `Electionator`. For +its initial implementation as a part of this ADR we recommend that the general +election abstraction (`Electionator`) is provided as well as a basic +implementation of that abstraction which allows for a continuous election of +members of a specialization group. + +``` golang +// The Electionator abstraction covers the concept space for +// a wide variety of election kinds. +type Electionator interface { + + // is the election object accepting votes. + Active() bool + + // functionality to execute for when a vote is cast in this election, here + // the vote field is anticipated to be marshalled into a vote type used + // by an election. + // + // NOTE There are no explicit ids here. Just votes which pertain specifically + // to one electionator. Anyone can create and send a vote to the electionator item + // which will presumably attempt to marshal those bytes into a particular struct + // and apply the vote information in some arbitrary way. There can be multiple + // Electionators within the Cosmos-Hub for multiple specialization groups, votes + // would need to be routed to the Electionator upstream of here. + Vote(addr sdk.AccAddress, vote []byte) + + // here lies all functionality to authenticate and execute changes for + // when a member accepts being elected + AcceptElection(sdk.AccAddress) + + // Register a revoker object + RegisterRevoker(Revoker) + + // No more revokers may be registered after this function is called + SealRevokers() + + // register hooks to call when an election actions occur + RegisterHooks(ElectionatorHooks) + + // query for the current winner(s) of this election based on arbitrary + // election ruleset + QueryElected() []sdk.AccAddress + + // query metadata for an address in the election this + // could include for example position that an address + // is being elected for within a group + // + // this metadata may be directly related to + // voting information and/or privileges enabled + // to members within a group. + QueryMetadata(sdk.AccAddress) []byte +} + +// ElectionatorHooks, once registered with an Electionator, +// trigger execution of relevant interface functions when +// Electionator events occur. +type ElectionatorHooks interface { + AfterVoteCast(addr sdk.AccAddress, vote []byte) + AfterMemberAccepted(addr sdk.AccAddress) + AfterMemberRevoked(addr sdk.AccAddress, cause []byte) +} + +// Revoker defines the function required for a membership revocation rule-set +// used by a specialization group. This could be used to create self revoking, +// and evidence based revoking, etc. Revokers types may be created and +// reused for different election types. +// +// When revoking the "cause" bytes may be arbitrarily marshalled into evidence, +// memos, etc. +type Revoker interface { + RevokeName() string // identifier for this revoker type + RevokeMember(addr sdk.AccAddress, cause []byte) error +} +``` + +Certain level of commonality likely exists between the existing code within +`x/governance` and required functionality of elections. This common +functionality should be abstracted during implementation. Similarly for each +vote implementation client CLI/REST functionality should be abstracted +to be reused for multiple elections. + +The specialization group abstraction firstly extends the `Electionator` +but also further defines traits of the group. + +``` golang +type SpecializationGroup interface { + Electionator + GetName() string + GetDescription() string + + // general soft contract the group is expected + // to fulfill with the greater community + GetContract() string + + // messages which can be executed by the members of the group + Handler(ctx sdk.Context, msg sdk.Msg) sdk.Result + + // logic to be executed at endblock, this may for instance + // include payment of a stipend to the group members + // for participation in the security group. + EndBlocker(ctx sdk.Context) +} +``` + +## Status + +> Proposed + +## Consequences + +### Positive + +* increases specialization capabilities of a blockchain +* improve abstractions in `x/gov/` such that they can be used with specialization groups + +### Negative + +* could be used to increase centralization within a community + +### Neutral + +## References + +* [dCERT ADR](./adr-008-dCERT-group.md) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-008-dCERT-group.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-008-dCERT-group.md new file mode 100644 index 00000000..2b2d2b82 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-008-dCERT-group.md @@ -0,0 +1,171 @@ +# ADR 008: Decentralized Computer Emergency Response Team (dCERT) Group + +## Changelog + +* 2019 Jul 31: Initial Draft + +## Context + +In order to reduce the number of parties involved with handling sensitive +information in an emergency scenario, we propose the creation of a +specialization group named The Decentralized Computer Emergency Response Team +(dCERT). Initially this group's role is intended to serve as coordinators +between various actors within a blockchain community such as validators, +bug-hunters, and developers. During a time of crisis, the dCERT group would +aggregate and relay input from a variety of stakeholders to the developers who +are actively devising a patch to the software, this way sensitive information +does not need to be publicly disclosed while some input from the community can +still be gained. + +Additionally, a special privilege is proposed for the dCERT group: the capacity +to "circuit-break" (aka. temporarily disable) a particular message path. Note +that this privilege should be enabled/disabled globally with a governance +parameter such that this privilege could start disabled and later be enabled +through a parameter change proposal, once a dCERT group has been established. + +In the future it is foreseeable that the community may wish to expand the roles +of dCERT with further responsibilities such as the capacity to "pre-approve" a +security update on behalf of the community prior to a full community +wide vote whereby the sensitive information would be revealed prior to a +vulnerability being patched on the live network. + +## Decision + +The dCERT group is proposed to include an implementation of a `SpecializationGroup` +as defined in [ADR 007](./adr-007-specialization-groups.md). This will include the +implementation of: + +* continuous voting +* slashing due to breach of soft contract +* revoking a member due to breach of soft contract +* emergency disband of the entire dCERT group (ex. for colluding maliciously) +* compensation stipend from the community pool or other means decided by + governance + +This system necessitates the following new parameters: + +* blockly stipend allowance per dCERT member +* maximum number of dCERT members +* required staked slashable tokens for each dCERT member +* quorum for suspending a particular member +* proposal wager for disbanding the dCERT group +* stabilization period for dCERT member transition +* circuit break dCERT privileges enabled + +These parameters are expected to be implemented through the param keeper such +that governance may change them at any given point. + +### Continuous Voting Electionator + +An `Electionator` object is to be implemented as continuous voting and with the +following specifications: + +* All delegation addresses may submit votes at any point which updates their + preferred representation on the dCERT group. +* Preferred representation may be arbitrarily split between addresses (ex. 50% + to John, 25% to Sally, 25% to Carol) +* In order for a new member to be added to the dCERT group they must + send a transaction accepting their admission at which point the validity of + their admission is to be confirmed. + * A sequence number is assigned when a member is added to dCERT group. + If a member leaves the dCERT group and then enters back, a new sequence number + is assigned. +* Addresses which control the greatest amount of preferred-representation are + eligible to join the dCERT group (up the _maximum number of dCERT members_). + If the dCERT group is already full and new member is admitted, the existing + dCERT member with the lowest amount of votes is kicked from the dCERT group. + * In the split situation where the dCERT group is full but a vying candidate + has the same amount of vote as an existing dCERT member, the existing + member should maintain its position. + * In the split situation where somebody must be kicked out but the two + addresses with the smallest number of votes have the same number of votes, + the address with the smallest sequence number maintains its position. +* A stabilization period can be optionally included to reduce the + "flip-flopping" of the dCERT membership tail members. If a stabilization + period is provided which is greater than 0, when members are kicked due to + insufficient support, a queue entry is created which documents which member is + to replace which other member. While this entry is in the queue, no new entries + to kick that same dCERT member can be made. When the entry matures at the + duration of the stabilization period, the new member is instantiated, and old + member kicked. + +### Staking/Slashing + +All members of the dCERT group must stake tokens _specifically_ to maintain +eligibility as a dCERT member. These tokens can be staked directly by the vying +dCERT member or out of the good will of a 3rd party (who shall gain no on-chain +benefits for doing so). This staking mechanism should use the existing global +unbonding time of tokens staked for network validator security. A dCERT member +can _only be_ a member if it has the required tokens staked under this +mechanism. If those tokens are unbonded then the dCERT member must be +automatically kicked from the group. + +Slashing of a particular dCERT member due to soft-contract breach should be +performed by governance on a per member basis based on the magnitude of the +breach. The process flow is anticipated to be that a dCERT member is suspended +by the dCERT group prior to being slashed by governance. + +Membership suspension by the dCERT group takes place through a voting procedure +by the dCERT group members. After this suspension has taken place, a governance +proposal to slash the dCERT member must be submitted, if the proposal is not +approved by the time the rescinding member has completed unbonding their +tokens, then the tokens are no longer staked and unable to be slashed. + +Additionally in the case of an emergency situation of a colluding and malicious +dCERT group, the community needs the capability to disband the entire dCERT +group and likely fully slash them. This could be achieved though a special new +proposal type (implemented as a general governance proposal) which would halt +the functionality of the dCERT group until the proposal was concluded. This +special proposal type would likely need to also have a fairly large wager which +could be slashed if the proposal creator was malicious. The reason a large +wager should be required is because as soon as the proposal is made, the +capability of the dCERT group to halt message routes is put on temporarily +suspended, meaning that a malicious actor who created such a proposal could +then potentially exploit a bug during this period of time, with no dCERT group +capable of shutting down the exploitable message routes. + +### dCERT membership transactions + +Active dCERT members + +* change of the description of the dCERT group +* circuit break a message route +* vote to suspend a dCERT member. + +Here circuit-breaking refers to the capability to disable a groups of messages, +This could for instance mean: "disable all staking-delegation messages", or +"disable all distribution messages". This could be accomplished by verifying +that the message route has not been "circuit-broken" at CheckTx time (in +`baseapp/baseapp.go`). + +"unbreaking" a circuit is anticipated only to occur during a hard fork upgrade +meaning that no capability to unbreak a message route on a live chain is +required. + +Note also, that if there was a problem with governance voting (for instance a +capability to vote many times) then governance would be broken and should be +halted with this mechanism, it would be then up to the validator set to +coordinate and hard-fork upgrade to a patched version of the software where +governance is re-enabled (and fixed). If the dCERT group abuses this privilege +they should all be severely slashed. + +## Status + +> Proposed + +## Consequences + +### Positive + +* Potential to reduces the number of parties to coordinate with during an emergency +* Reduction in possibility of disclosing sensitive information to malicious parties + +### Negative + +* Centralization risks + +### Neutral + +## References + + [Specialization Groups ADR](./adr-007-specialization-groups.md) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-009-evidence-module.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-009-evidence-module.md new file mode 100644 index 00000000..ded04a14 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-009-evidence-module.md @@ -0,0 +1,182 @@ +# ADR 009: Evidence Module + +## Changelog + +* 2019 July 31: Initial draft +* 2019 October 24: Initial implementation + +## Status + +Accepted + +## Context + +In order to support building highly secure, robust and interoperable blockchain +applications, it is vital for the Cosmos SDK to expose a mechanism in which arbitrary +evidence can be submitted, evaluated and verified resulting in some agreed upon +penalty for any misbehavior committed by a validator, such as equivocation (double-voting), +signing when unbonded, signing an incorrect state transition (in the future), etc. +Furthermore, such a mechanism is paramount for any +[IBC](https://github.com/cosmos/ics/blob/master/ibc/2_IBC_ARCHITECTURE.md) or +cross-chain validation protocol implementation in order to support the ability +for any misbehavior to be relayed back from a collateralized chain to a primary +chain so that the equivocating validator(s) can be slashed. + +## Decision + +We will implement an evidence module in the Cosmos SDK supporting the following +functionality: + +* Provide developers with the abstractions and interfaces necessary to define + custom evidence messages, message handlers, and methods to slash and penalize + accordingly for misbehavior. +* Support the ability to route evidence messages to handlers in any module to + determine the validity of submitted misbehavior. +* Support the ability, through governance, to modify slashing penalties of any + evidence type. +* Querier implementation to support querying params, evidence types, params, and + all submitted valid misbehavior. + +### Types + +First, we define the `Evidence` interface type. The `x/evidence` module may implement +its own types that can be used by many chains (e.g. `CounterFactualEvidence`). +In addition, other modules may implement their own `Evidence` types in a similar +manner in which governance is extensible. It is important to note any concrete +type implementing the `Evidence` interface may include arbitrary fields such as +an infraction time. We want the `Evidence` type to remain as flexible as possible. + +When submitting evidence to the `x/evidence` module, the concrete type must provide +the validator's consensus address, which should be known by the `x/slashing` +module (assuming the infraction is valid), the height at which the infraction +occurred and the validator's power at same height in which the infraction occurred. + +```go +type Evidence interface { + Route() string + Type() string + String() string + Hash() HexBytes + ValidateBasic() error + + // The consensus address of the malicious validator at time of infraction + GetConsensusAddress() ConsAddress + + // Height at which the infraction occurred + GetHeight() int64 + + // The total power of the malicious validator at time of infraction + GetValidatorPower() int64 + + // The total validator set power at time of infraction + GetTotalPower() int64 +} +``` + +### Routing & Handling + +Each `Evidence` type must map to a specific unique route and be registered with +the `x/evidence` module. It accomplishes this through the `Router` implementation. + +```go +type Router interface { + AddRoute(r string, h Handler) Router + HasRoute(r string) bool + GetRoute(path string) Handler + Seal() +} +``` + +Upon successful routing through the `x/evidence` module, the `Evidence` type +is passed through a `Handler`. This `Handler` is responsible for executing all +corresponding business logic necessary for verifying the evidence as valid. In +addition, the `Handler` may execute any necessary slashing and potential jailing. +Since slashing fractions will typically result from some form of static functions, +allow the `Handler` to do this provides the greatest flexibility. An example could +be `k * evidence.GetValidatorPower()` where `k` is an on-chain parameter controlled +by governance. The `Evidence` type should provide all the external information +necessary in order for the `Handler` to make the necessary state transitions. +If no error is returned, the `Evidence` is considered valid. + +```go +type Handler func(Context, Evidence) error +``` + +### Submission + +`Evidence` is submitted through a `MsgSubmitEvidence` message type which is internally +handled by the `x/evidence` module's `SubmitEvidence`. + +```go +type MsgSubmitEvidence struct { + Evidence +} + +func handleMsgSubmitEvidence(ctx Context, keeper Keeper, msg MsgSubmitEvidence) Result { + if err := keeper.SubmitEvidence(ctx, msg.Evidence); err != nil { + return err.Result() + } + + // emit events... + + return Result{ + // ... + } +} +``` + +The `x/evidence` module's keeper is responsible for matching the `Evidence` against +the module's router and invoking the corresponding `Handler` which may include +slashing and jailing the validator. Upon success, the submitted evidence is persisted. + +```go +func (k Keeper) SubmitEvidence(ctx Context, evidence Evidence) error { + handler := keeper.router.GetRoute(evidence.Route()) + if err := handler(ctx, evidence); err != nil { + return ErrInvalidEvidence(keeper.codespace, err) + } + + keeper.setEvidence(ctx, evidence) + return nil +} +``` + +### Genesis + +Finally, we need to represent the genesis state of the `x/evidence` module. The +module only needs a list of all submitted valid infractions and any necessary params +for which the module needs in order to handle submitted evidence. The `x/evidence` +module will naturally define and route native evidence types for which it'll most +likely need slashing penalty constants for. + +```go +type GenesisState struct { + Params Params + Infractions []Evidence +} +``` + +## Consequences + +### Positive + +* Allows the state machine to process misbehavior submitted on-chain and penalize + validators based on agreed upon slashing parameters. +* Allows evidence types to be defined and handled by any module. This further allows + slashing and jailing to be defined by more complex mechanisms. +* Does not solely rely on Tendermint to submit evidence. + +### Negative + +* No easy way to introduce new evidence types through governance on a live chain + due to the inability to introduce the new evidence type's corresponding handler + +### Neutral + +* Should we persist infractions indefinitely? Or should we rather rely on events? + +## References + +* [ICS](https://github.com/cosmos/ics) +* [IBC Architecture](https://github.com/cosmos/ics/blob/master/ibc/1_IBC_ARCHITECTURE.md) +* [Tendermint Fork Accountability](https://github.com/tendermint/spec/blob/7b3138e69490f410768d9b1ffc7a17abc23ea397/spec/consensus/fork-accountability.md) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-010-modular-antehandler.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-010-modular-antehandler.md new file mode 100644 index 00000000..386af1a7 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-010-modular-antehandler.md @@ -0,0 +1,290 @@ +# ADR 010: Modular AnteHandler + +## Changelog + +* 2019 Aug 31: Initial draft +* 2021 Sep 14: Superseded by ADR-045 + +## Status + +SUPERSEDED by ADR-045 + +## Context + +The current AnteHandler design allows users to either use the default AnteHandler provided in `x/auth` or to build their own AnteHandler from scratch. Ideally AnteHandler functionality is split into multiple, modular functions that can be chained together along with custom ante-functions so that users do not have to rewrite common antehandler logic when they want to implement custom behavior. + +For example, let's say a user wants to implement some custom signature verification logic. In the current codebase, the user would have to write their own Antehandler from scratch largely reimplementing much of the same code and then set their own custom, monolithic antehandler in the baseapp. Instead, we would like to allow users to specify custom behavior when necessary and combine them with default ante-handler functionality in a way that is as modular and flexible as possible. + +## Proposals + +### Per-Module AnteHandler + +One approach is to use the [ModuleManager](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/types/module) and have each module implement its own antehandler if it requires custom antehandler logic. The ModuleManager can then be passed in an AnteHandler order in the same way it has an order for BeginBlockers and EndBlockers. The ModuleManager returns a single AnteHandler function that will take in a tx and run each module's `AnteHandle` in the specified order. The module manager's AnteHandler is set as the baseapp's AnteHandler. + +Pros: + +1. Simple to implement +2. Utilizes the existing ModuleManager architecture + +Cons: + +1. Improves granularity but still cannot get more granular than a per-module basis. e.g. If auth's `AnteHandle` function is in charge of validating memo and signatures, users cannot swap the signature-checking functionality while keeping the rest of auth's `AnteHandle` functionality. +2. Module AnteHandler are run one after the other. There is no way for one AnteHandler to wrap or "decorate" another. + +### Decorator Pattern + +The [weave project](https://github.com/iov-one/weave) achieves AnteHandler modularity through the use of a decorator pattern. The interface is designed as follows: + +```go +// Decorator wraps a Handler to provide common functionality +// like authentication, or fee-handling, to many Handlers +type Decorator interface { + Check(ctx Context, store KVStore, tx Tx, next Checker) (*CheckResult, error) + Deliver(ctx Context, store KVStore, tx Tx, next Deliverer) (*DeliverResult, error) +} +``` + +Each decorator works like a modularized Cosmos SDK antehandler function, but it can take in a `next` argument that may be another decorator or a Handler (which does not take in a next argument). These decorators can be chained together, one decorator being passed in as the `next` argument of the previous decorator in the chain. The chain ends in a Router which can take a tx and route to the appropriate msg handler. + +A key benefit of this approach is that one Decorator can wrap its internal logic around the next Checker/Deliverer. A weave Decorator may do the following: + +```go +// Example Decorator's Deliver function +func (example Decorator) Deliver(ctx Context, store KVStore, tx Tx, next Deliverer) { + // Do some pre-processing logic + + res, err := next.Deliver(ctx, store, tx) + + // Do some post-processing logic given the result and error +} +``` + +Pros: + +1. Weave Decorators can wrap over the next decorator/handler in the chain. The ability to both pre-process and post-process may be useful in certain settings. +2. Provides a nested modular structure that isn't possible in the solution above, while also allowing for a linear one-after-the-other structure like the solution above. + +Cons: + +1. It is hard to understand at first glance the state updates that would occur after a Decorator runs given the `ctx`, `store`, and `tx`. A Decorator can have an arbitrary number of nested Decorators being called within its function body, each possibly doing some pre- and post-processing before calling the next decorator on the chain. Thus to understand what a Decorator is doing, one must also understand what every other decorator further along the chain is also doing. This can get quite complicated to understand. A linear, one-after-the-other approach while less powerful, may be much easier to reason about. + +### Chained Micro-Functions + +The benefit of Weave's approach is that the Decorators can be very concise, which when chained together allows for maximum customizability. However, the nested structure can get quite complex and thus hard to reason about. + +Another approach is to split the AnteHandler functionality into tightly scoped "micro-functions", while preserving the one-after-the-other ordering that would come from the ModuleManager approach. + +We can then have a way to chain these micro-functions so that they run one after the other. Modules may define multiple ante micro-functions and then also provide a default per-module AnteHandler that implements a default, suggested order for these micro-functions. + +Users can order the AnteHandlers easily by simply using the ModuleManager. The ModuleManager will take in a list of AnteHandlers and return a single AnteHandler that runs each AnteHandler in the order of the list provided. If the user is comfortable with the default ordering of each module, this is as simple as providing a list with each module's antehandler (exactly the same as BeginBlocker and EndBlocker). + +If however, users wish to change the order or add, modify, or delete ante micro-functions in anyway; they can always define their own ante micro-functions and add them explicitly to the list that gets passed into module manager. + +#### Default Workflow + +This is an example of a user's AnteHandler if they choose not to make any custom micro-functions. + +##### Cosmos SDK code + +```go +// Chains together a list of AnteHandler micro-functions that get run one after the other. +// Returned AnteHandler will abort on first error. +func Chainer(order []AnteHandler) AnteHandler { + return func(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + for _, ante := range order { + ctx, err := ante(ctx, tx, simulate) + if err != nil { + return ctx, err + } + } + return ctx, err + } +} +``` + +```go +// AnteHandler micro-function to verify signatures +func VerifySignatures(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + // verify signatures + // Returns InvalidSignature Result and abort=true if sigs invalid + // Return OK result and abort=false if sigs are valid +} + +// AnteHandler micro-function to validate memo +func ValidateMemo(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + // validate memo +} + +// Auth defines its own default ante-handler by chaining its micro-functions in a recommended order +AuthModuleAnteHandler := Chainer([]AnteHandler{VerifySignatures, ValidateMemo}) +``` + +```go +// Distribution micro-function to deduct fees from tx +func DeductFees(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + // Deduct fees from tx + // Abort if insufficient funds in account to pay for fees +} + +// Distribution micro-function to check if fees > mempool parameter +func CheckMempoolFees(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + // If CheckTx: Abort if the fees are less than the mempool's minFee parameter +} + +// Distribution defines its own default ante-handler by chaining its micro-functions in a recommended order +DistrModuleAnteHandler := Chainer([]AnteHandler{CheckMempoolFees, DeductFees}) +``` + +```go +type ModuleManager struct { + // other fields + AnteHandlerOrder []AnteHandler +} + +func (mm ModuleManager) GetAnteHandler() AnteHandler { + retun Chainer(mm.AnteHandlerOrder) +} +``` + +##### User Code + +```go +// Note: Since user is not making any custom modifications, we can just SetAnteHandlerOrder with the default AnteHandlers provided by each module in our preferred order +moduleManager.SetAnteHandlerOrder([]AnteHandler(AuthModuleAnteHandler, DistrModuleAnteHandler)) + +app.SetAnteHandler(mm.GetAnteHandler()) +``` + +#### Custom Workflow + +This is an example workflow for a user that wants to implement custom antehandler logic. In this example, the user wants to implement custom signature verification and change the order of antehandler so that validate memo runs before signature verification. + +##### User Code + +```go +// User can implement their own custom signature verification antehandler micro-function +func CustomSigVerify(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + // do some custom signature verification logic +} +``` + +```go +// Micro-functions allow users to change order of when they get executed, and swap out default ante-functionality with their own custom logic. +// Note that users can still chain the default distribution module handler, and auth micro-function along with their custom ante function +moduleManager.SetAnteHandlerOrder([]AnteHandler(ValidateMemo, CustomSigVerify, DistrModuleAnteHandler)) +``` + +Pros: + +1. Allows for ante functionality to be as modular as possible. +2. For users that do not need custom ante-functionality, there is little difference between how antehandlers work and how BeginBlock and EndBlock work in ModuleManager. +3. Still easy to understand + +Cons: + +1. Cannot wrap antehandlers with decorators like you can with Weave. + +### Simple Decorators + +This approach takes inspiration from Weave's decorator design while trying to minimize the number of breaking changes to the Cosmos SDK and maximizing simplicity. Like Weave decorators, this approach allows one `AnteDecorator` to wrap the next AnteHandler to do pre- and post-processing on the result. This is useful since decorators can do defer/cleanups after an AnteHandler returns as well as perform some setup beforehand. Unlike Weave decorators, these `AnteDecorator` functions can only wrap over the AnteHandler rather than the entire handler execution path. This is deliberate as we want decorators from different modules to perform authentication/validation on a `tx`. However, we do not want decorators being capable of wrapping and modifying the results of a `MsgHandler`. + +In addition, this approach will not break any core Cosmos SDK API's. Since we preserve the notion of an AnteHandler and still set a single AnteHandler in baseapp, the decorator is simply an additional approach available for users that desire more customization. The API of modules (namely `x/auth`) may break with this approach, but the core API remains untouched. + +Allow Decorator interface that can be chained together to create a Cosmos SDK AnteHandler. + +This allows users to choose between implementing an AnteHandler by themselves and setting it in the baseapp, or use the decorator pattern to chain their custom decorators with the Cosmos SDK provided decorators in the order they wish. + +```go +// An AnteDecorator wraps an AnteHandler, and can do pre- and post-processing on the next AnteHandler +type AnteDecorator interface { + AnteHandle(ctx Context, tx Tx, simulate bool, next AnteHandler) (newCtx Context, err error) +} +``` + +```go +// ChainAnteDecorators will recursively link all of the AnteDecorators in the chain and return a final AnteHandler function +// This is done to preserve the ability to set a single AnteHandler function in the baseapp. +func ChainAnteDecorators(chain ...AnteDecorator) AnteHandler { + if len(chain) == 1 { + return func(ctx Context, tx Tx, simulate bool) { + chain[0].AnteHandle(ctx, tx, simulate, nil) + } + } + return func(ctx Context, tx Tx, simulate bool) { + chain[0].AnteHandle(ctx, tx, simulate, ChainAnteDecorators(chain[1:])) + } +} +``` + +#### Example Code + +Define AnteDecorator functions + +```go +// Setup GasMeter, catch OutOfGasPanic and handle appropriately +type SetUpContextDecorator struct{} + +func (sud SetUpContextDecorator) AnteHandle(ctx Context, tx Tx, simulate bool, next AnteHandler) (newCtx Context, err error) { + ctx.GasMeter = NewGasMeter(tx.Gas) + + defer func() { + // recover from OutOfGas panic and handle appropriately + } + + return next(ctx, tx, simulate) +} + +// Signature Verification decorator. Verify Signatures and move on +type SigVerifyDecorator struct{} + +func (svd SigVerifyDecorator) AnteHandle(ctx Context, tx Tx, simulate bool, next AnteHandler) (newCtx Context, err error) { + // verify sigs. Return error if invalid + + // call next antehandler if sigs ok + return next(ctx, tx, simulate) +} + +// User-defined Decorator. Can choose to pre- and post-process on AnteHandler +type UserDefinedDecorator struct{ + // custom fields +} + +func (udd UserDefinedDecorator) AnteHandle(ctx Context, tx Tx, simulate bool, next AnteHandler) (newCtx Context, err error) { + // pre-processing logic + + ctx, err = next(ctx, tx, simulate) + + // post-processing logic +} +``` + +Link AnteDecorators to create a final AnteHandler. Set this AnteHandler in baseapp. + +```go +// Create final antehandler by chaining the decorators together +antehandler := ChainAnteDecorators(NewSetUpContextDecorator(), NewSigVerifyDecorator(), NewUserDefinedDecorator()) + +// Set chained Antehandler in the baseapp +bapp.SetAnteHandler(antehandler) +``` + +Pros: + +1. Allows one decorator to pre- and post-process the next AnteHandler, similar to the Weave design. +2. Do not need to break baseapp API. Users can still set a single AnteHandler if they choose. + +Cons: + +1. Decorator pattern may have a deeply nested structure that is hard to understand, this is mitigated by having the decorator order explicitly listed in the `ChainAnteDecorators` function. +2. Does not make use of the ModuleManager design. Since this is already being used for BeginBlocker/EndBlocker, this proposal seems unaligned with that design pattern. + +## Consequences + +Since pros and cons are written for each approach, it is omitted from this section + +## References + +* [#4572](https://github.com/cosmos/cosmos-sdk/issues/4572): Modular AnteHandler Issue +* [#4582](https://github.com/cosmos/cosmos-sdk/pull/4583): Initial Implementation of Per-Module AnteHandler Approach +* [Weave Decorator Code](https://github.com/iov-one/weave/blob/master/handler.go#L35) +* [Weave Design Videos](https://vimeo.com/showcase/6189877) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-011-generalize-genesis-accounts.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-011-generalize-genesis-accounts.md new file mode 100644 index 00000000..92a704ba --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-011-generalize-genesis-accounts.md @@ -0,0 +1,170 @@ +# ADR 011: Generalize Genesis Accounts + +## Changelog + +* 2019-08-30: initial draft + +## Context + +Currently, the Cosmos SDK allows for custom account types; the `auth` keeper stores any type fulfilling its `Account` interface. However `auth` does not handle exporting or loading accounts to/from a genesis file, this is done by `genaccounts`, which only handles one of 4 concrete account types (`BaseAccount`, `ContinuousVestingAccount`, `DelayedVestingAccount` and `ModuleAccount`). + +Projects desiring to use custom accounts (say custom vesting accounts) need to fork and modify `genaccounts`. + +## Decision + +In summary, we will (un)marshal all accounts (interface types) directly using amino, rather than converting to `genaccounts`’s `GenesisAccount` type. Since doing this removes the majority of `genaccounts`'s code, we will merge `genaccounts` into `auth`. Marshalled accounts will be stored in `auth`'s genesis state. + +Detailed changes: + +### 1) (Un)Marshal accounts directly using amino + +The `auth` module's `GenesisState` gains a new field `Accounts`. Note these aren't of type `exported.Account` for reasons outlined in section 3. + +```go +// GenesisState - all auth state that must be provided at genesis +type GenesisState struct { + Params Params `json:"params" yaml:"params"` + Accounts []GenesisAccount `json:"accounts" yaml:"accounts"` +} +``` + +Now `auth`'s `InitGenesis` and `ExportGenesis` (un)marshal accounts as well as the defined params. + +```go +// InitGenesis - Init store state from genesis data +func InitGenesis(ctx sdk.Context, ak AccountKeeper, data GenesisState) { + ak.SetParams(ctx, data.Params) + // load the accounts + for _, a := range data.Accounts { + acc := ak.NewAccount(ctx, a) // set account number + ak.SetAccount(ctx, acc) + } +} + +// ExportGenesis returns a GenesisState for a given context and keeper +func ExportGenesis(ctx sdk.Context, ak AccountKeeper) GenesisState { + params := ak.GetParams(ctx) + + var genAccounts []exported.GenesisAccount + ak.IterateAccounts(ctx, func(account exported.Account) bool { + genAccount := account.(exported.GenesisAccount) + genAccounts = append(genAccounts, genAccount) + return false + }) + + return NewGenesisState(params, genAccounts) +} +``` + +### 2) Register custom account types on the `auth` codec + +The `auth` codec must have all custom account types registered to marshal them. We will follow the pattern established in `gov` for proposals. + +An example custom account definition: + +```go +import authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + +// Register the module account type with the auth module codec so it can decode module accounts stored in a genesis file +func init() { + authtypes.RegisterAccountTypeCodec(ModuleAccount{}, "cosmos-sdk/ModuleAccount") +} + +type ModuleAccount struct { + ... +``` + +The `auth` codec definition: + +```go +var ModuleCdc *codec.LegacyAmino + +func init() { + ModuleCdc = codec.NewLegacyAmino() + // register module msg's and Account interface + ... + // leave the codec unsealed +} + +// RegisterAccountTypeCodec registers an external account type defined in another module for the internal ModuleCdc. +func RegisterAccountTypeCodec(o interface{}, name string) { + ModuleCdc.RegisterConcrete(o, name, nil) +} +``` + +### 3) Genesis validation for custom account types + +Modules implement a `ValidateGenesis` method. As `auth` does not know of account implementations, accounts will need to validate themselves. + +We will unmarshal accounts into a `GenesisAccount` interface that includes a `Validate` method. + +```go +type GenesisAccount interface { + exported.Account + Validate() error +} +``` + +Then the `auth` `ValidateGenesis` function becomes: + +```go +// ValidateGenesis performs basic validation of auth genesis data returning an +// error for any failed validation criteria. +func ValidateGenesis(data GenesisState) error { + // Validate params + ... + + // Validate accounts + addrMap := make(map[string]bool, len(data.Accounts)) + for _, acc := range data.Accounts { + + // check for duplicated accounts + addrStr := acc.GetAddress().String() + if _, ok := addrMap[addrStr]; ok { + return fmt.Errorf("duplicate account found in genesis state; address: %s", addrStr) + } + addrMap[addrStr] = true + + // check account specific validation + if err := acc.Validate(); err != nil { + return fmt.Errorf("invalid account found in genesis state; address: %s, error: %s", addrStr, err.Error()) + } + + } + return nil +} +``` + +### 4) Move add-genesis-account cli to `auth` + +The `genaccounts` module contains a cli command to add base or vesting accounts to a genesis file. + +This will be moved to `auth`. We will leave it to projects to write their own commands to add custom accounts. An extensible cli handler, similar to `gov`, could be created but it is not worth the complexity for this minor use case. + +### 5) Update module and vesting accounts + +Under the new scheme, module and vesting account types need some minor updates: + +* Type registration on `auth`'s codec (shown above) +* A `Validate` method for each `Account` concrete type + +## Status + +Proposed + +## Consequences + +### Positive + +* custom accounts can be used without needing to fork `genaccounts` +* reduction in lines of code + +### Negative + +### Neutral + +* `genaccounts` module no longer exists +* accounts in genesis files are stored under `accounts` in `auth` rather than in the `genaccounts` module. +-`add-genesis-account` cli command now in `auth` + +## References diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-012-state-accessors.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-012-state-accessors.md new file mode 100644 index 00000000..93600000 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-012-state-accessors.md @@ -0,0 +1,155 @@ +# ADR 012: State Accessors + +## Changelog + +* 2019 Sep 04: Initial draft + +## Context + +Cosmos SDK modules currently use the `KVStore` interface and `Codec` to access their respective state. While +this provides a large degree of freedom to module developers, it is hard to modularize and the UX is +mediocre. + +First, each time a module tries to access the state, it has to marshal the value and set or get the +value and finally unmarshal. Usually this is done by declaring `Keeper.GetXXX` and `Keeper.SetXXX` functions, +which are repetitive and hard to maintain. + +Second, this makes it harder to align with the object capability theorem: the right to access the +state is defined as a `StoreKey`, which gives full access on the entire Merkle tree, so a module cannot +send the access right to a specific key-value pair (or a set of key-value pairs) to another module safely. + +Finally, because the getter/setter functions are defined as methods of a module's `Keeper`, the reviewers +have to consider the whole Merkle tree space when they reviewing a function accessing any part of the state. +There is no static way to know which part of the state that the function is accessing (and which is not). + +## Decision + +We will define a type named `Value`: + +```go +type Value struct { + m Mapping + key []byte +} +``` + +The `Value` works as a reference for a key-value pair in the state, where `Value.m` defines the key-value +space it will access and `Value.key` defines the exact key for the reference. + +We will define a type named `Mapping`: + +```go +type Mapping struct { + storeKey sdk.StoreKey + cdc *codec.LegacyAmino + prefix []byte +} +``` + +The `Mapping` works as a reference for a key-value space in the state, where `Mapping.storeKey` defines +the IAVL (sub-)tree and `Mapping.prefix` defines the optional subspace prefix. + +We will define the following core methods for the `Value` type: + +```go +// Get and unmarshal stored data, noop if not exists, panic if cannot unmarshal +func (Value) Get(ctx Context, ptr interface{}) {} + +// Get and unmarshal stored data, return error if not exists or cannot unmarshal +func (Value) GetSafe(ctx Context, ptr interface{}) {} + +// Get stored data as raw byte slice +func (Value) GetRaw(ctx Context) []byte {} + +// Marshal and set a raw value +func (Value) Set(ctx Context, o interface{}) {} + +// Check if a raw value exists +func (Value) Exists(ctx Context) bool {} + +// Delete a raw value value +func (Value) Delete(ctx Context) {} +``` + +We will define the following core methods for the `Mapping` type: + +```go +// Constructs key-value pair reference corresponding to the key argument in the Mapping space +func (Mapping) Value(key []byte) Value {} + +// Get and unmarshal stored data, noop if not exists, panic if cannot unmarshal +func (Mapping) Get(ctx Context, key []byte, ptr interface{}) {} + +// Get and unmarshal stored data, return error if not exists or cannot unmarshal +func (Mapping) GetSafe(ctx Context, key []byte, ptr interface{}) + +// Get stored data as raw byte slice +func (Mapping) GetRaw(ctx Context, key []byte) []byte {} + +// Marshal and set a raw value +func (Mapping) Set(ctx Context, key []byte, o interface{}) {} + +// Check if a raw value exists +func (Mapping) Has(ctx Context, key []byte) bool {} + +// Delete a raw value value +func (Mapping) Delete(ctx Context, key []byte) {} +``` + +Each method of the `Mapping` type that is passed the arguments `ctx`, `key`, and `args...` will proxy +the call to `Mapping.Value(key)` with arguments `ctx` and `args...`. + +In addition, we will define and provide a common set of types derived from the `Value` type: + +```go +type Boolean struct { Value } +type Enum struct { Value } +type Integer struct { Value; enc IntEncoding } +type String struct { Value } +// ... +``` + +Where the encoding schemes can be different, `o` arguments in core methods are typed, and `ptr` arguments +in core methods are replaced by explicit return types. + +Finally, we will define a family of types derived from the `Mapping` type: + +```go +type Indexer struct { + m Mapping + enc IntEncoding +} +``` + +Where the `key` argument in core method is typed. + +Some of the properties of the accessor types are: + +* State access happens only when a function which takes a `Context` as an argument is invoked +* Accessor type structs give rights to access the state only that the struct is referring, no other +* Marshalling/Unmarshalling happens implicitly within the core methods + +## Status + +Proposed + +## Consequences + +### Positive + +* Serialization will be done automatically +* Shorter code size, less boilerplate, better UX +* References to the state can be transferred safely +* Explicit scope of accessing + +### Negative + +* Serialization format will be hidden +* Different architecture from the current, but the use of accessor types can be opt-in +* Type-specific types (e.g. `Boolean` and `Integer`) have to be defined manually + +### Neutral + +## References + +* [#4554](https://github.com/cosmos/cosmos-sdk/issues/4554) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-013-metrics.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-013-metrics.md new file mode 100644 index 00000000..b0808d46 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-013-metrics.md @@ -0,0 +1,157 @@ +# ADR 013: Observability + +## Changelog + +* 20-01-2020: Initial Draft + +## Status + +Proposed + +## Context + +Telemetry is paramount into debugging and understanding what the application is doing and how it is +performing. We aim to expose metrics from modules and other core parts of the Cosmos SDK. + +In addition, we should aim to support multiple configurable sinks that an operator may choose from. +By default, when telemetry is enabled, the application should track and expose metrics that are +stored in-memory. The operator may choose to enable additional sinks, where we support only +[Prometheus](https://prometheus.io/) for now, as it's battle-tested, simple to setup, open source, +and is rich with ecosystem tooling. + +We must also aim to integrate metrics into the Cosmos SDK in the most seamless way possible such that +metrics may be added or removed at will and without much friction. To do this, we will use the +[go-metrics](https://github.com/hashicorp/go-metrics) library. + +Finally, operators may enable telemetry along with specific configuration options. If enabled, metrics +will be exposed via `/metrics?format={text|prometheus}` via the API server. + +## Decision + +We will add an additional configuration block to `app.toml` that defines telemetry settings: + +```toml +############################################################################### +### Telemetry Configuration ### +############################################################################### + +[telemetry] + +# Prefixed with keys to separate services +service-name = {{ .Telemetry.ServiceName }} + +# Enabled enables the application telemetry functionality. When enabled, +# an in-memory sink is also enabled by default. Operators may also enabled +# other sinks such as Prometheus. +enabled = {{ .Telemetry.Enabled }} + +# Enable prefixing gauge values with hostname +enable-hostname = {{ .Telemetry.EnableHostname }} + +# Enable adding hostname to labels +enable-hostname-label = {{ .Telemetry.EnableHostnameLabel }} + +# Enable adding service to labels +enable-service-label = {{ .Telemetry.EnableServiceLabel }} + +# PrometheusRetentionTime, when positive, enables a Prometheus metrics sink. +prometheus-retention-time = {{ .Telemetry.PrometheusRetentionTime }} +``` + +The given configuration allows for two sinks -- in-memory and Prometheus. We create a `Metrics` +type that performs all the bootstrapping for the operator, so capturing metrics becomes seamless. + +```go +// Metrics defines a wrapper around application telemetry functionality. It allows +// metrics to be gathered at any point in time. When creating a Metrics object, +// internally, a global metrics is registered with a set of sinks as configured +// by the operator. In addition to the sinks, when a process gets a SIGUSR1, a +// dump of formatted recent metrics will be sent to STDERR. +type Metrics struct { + memSink *metrics.InmemSink + prometheusEnabled bool +} + +// Gather collects all registered metrics and returns a GatherResponse where the +// metrics are encoded depending on the type. Metrics are either encoded via +// Prometheus or JSON if in-memory. +func (m *Metrics) Gather(format string) (GatherResponse, error) { + switch format { + case FormatPrometheus: + return m.gatherPrometheus() + + case FormatText: + return m.gatherGeneric() + + case FormatDefault: + return m.gatherGeneric() + + default: + return GatherResponse{}, fmt.Errorf("unsupported metrics format: %s", format) + } +} +``` + +In addition, `Metrics` allows us to gather the current set of metrics at any given point in time. An +operator may also choose to send a signal, SIGUSR1, to dump and print formatted metrics to STDERR. + +During an application's bootstrapping and construction phase, if `Telemetry.Enabled` is `true`, the +API server will create an instance of a reference to `Metrics` object and will register a metrics +handler accordingly. + +```go +func (s *Server) Start(cfg config.Config) error { + // ... + + if cfg.Telemetry.Enabled { + m, err := telemetry.New(cfg.Telemetry) + if err != nil { + return err + } + + s.metrics = m + s.registerMetrics() + } + + // ... +} + +func (s *Server) registerMetrics() { + metricsHandler := func(w http.ResponseWriter, r *http.Request) { + format := strings.TrimSpace(r.FormValue("format")) + + gr, err := s.metrics.Gather(format) + if err != nil { + rest.WriteErrorResponse(w, http.StatusBadRequest, fmt.Sprintf("failed to gather metrics: %s", err)) + return + } + + w.Header().Set("Content-Type", gr.ContentType) + _, _ = w.Write(gr.Metrics) + } + + s.Router.HandleFunc("/metrics", metricsHandler).Methods("GET") +} +``` + +Application developers may track counters, gauges, summaries, and key/value metrics. There is no +additional lifting required by modules to leverage profiling metrics. To do so, it's as simple as: + +```go +func (k BaseKeeper) MintCoins(ctx sdk.Context, moduleName string, amt sdk.Coins) error { + defer metrics.MeasureSince(time.Now(), "MintCoins") + // ... +} +``` + +## Consequences + +### Positive + +* Exposure into the performance and behavior of an application + +### Negative + +### Neutral + +## References diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-014-proportional-slashing.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-014-proportional-slashing.md new file mode 100644 index 00000000..63cd04de --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-014-proportional-slashing.md @@ -0,0 +1,85 @@ +# ADR 14: Proportional Slashing + +## Changelog + +* 2019-10-15: Initial draft +* 2020-05-25: Removed correlation root slashing +* 2020-07-01: Updated to include S-curve function instead of linear + +## Context + +In Proof of Stake-based chains, centralization of consensus power amongst a small set of validators can cause harm to the network due to increased risk of censorship, liveness failure, fork attacks, etc. However, while this centralization causes a negative externality to the network, it is not directly felt by the delegators contributing towards delegating towards already large validators. We would like a way to pass on the negative externality cost of centralization onto those large validators and their delegators. + +## Decision + +### Design + +To solve this problem, we will implement a procedure called Proportional Slashing. The desire is that the larger a validator is, the more they should be slashed. The first naive attempt is to make a validator's slash percent proportional to their share of consensus voting power. + +```text +slash_amount = k * power // power is the faulting validator's voting power and k is some on-chain constant +``` + +However, this will incentivize validators with large amounts of stake to split up their voting power amongst accounts (sybil attack), so that if they fault, they all get slashed at a lower percent. The solution to this is to take into account not just a validator's own voting percentage, but also the voting percentage of all the other validators who get slashed in a specified time frame. + +```text +slash_amount = k * (power_1 + power_2 + ... + power_n) // where power_i is the voting power of the ith validator faulting in the specified time frame and k is some on-chain constant +``` + +Now, if someone splits a validator of 10% into two validators of 5% each which both fault, then they both fault in the same time frame, they both will get slashed at the sum 10% amount. + +However in practice, we likely don't want a linear relation between amount of stake at fault, and the percentage of stake to slash. In particular, solely 5% of stake double signing effectively did nothing to majorly threaten security, whereas 30% of stake being at fault clearly merits a large slashing factor, due to being very close to the point at which Tendermint security is threatened. A linear relation would require a factor of 6 gap between these two, whereas the difference in risk posed to the network is much larger. We propose using S-curves (formally [logistic functions](https://en.wikipedia.org/wiki/Logistic_function) to solve this). S-Curves capture the desired criterion quite well. They allow the slashing factor to be minimal for small values, and then grow very rapidly near some threshold point where the risk posed becomes notable. + +#### Parameterization + +This requires parameterizing a logistic function. It is very well understood how to parameterize this. It has four parameters: + +1) A minimum slashing factor +2) A maximum slashing factor +3) The inflection point of the S-curve (essentially where do you want to center the S) +4) The rate of growth of the S-curve (How elongated is the S) + +#### Correlation across non-sybil validators + +One will note, that this model doesn't differentiate between multiple validators run by the same operators vs validators run by different operators. This can be seen as an additional benefit in fact. It incentivizes validators to differentiate their setups from other validators, to avoid having correlated faults with them or else they risk a higher slash. So for example, operators should avoid using the same popular cloud hosting platforms or using the same Staking as a Service providers. This will lead to a more resilient and decentralized network. + +#### Griefing + +Griefing, the act of intentionally getting oneself slashed in order to make another's slash worse, could be a concern here. However, using the protocol described here, the attacker also gets equally impacted by the grief as the victim, so it would not provide much benefit to the griefer. + +### Implementation + +In the slashing module, we will add two queues that will track all of the recent slash events. For double sign faults, we will define "recent slashes" as ones that have occurred within the last `unbonding period`. For liveness faults, we will define "recent slashes" as ones that have occurred withing the last `jail period`. + +```go +type SlashEvent struct { + Address sdk.ValAddress + ValidatorVotingPercent sdk.Dec + SlashedSoFar sdk.Dec +} +``` + +These slash events will be pruned from the queue once they are older than their respective "recent slash period". + +Whenever a new slash occurs, a `SlashEvent` struct is created with the faulting validator's voting percent and a `SlashedSoFar` of 0. Because recent slash events are pruned before the unbonding period and unjail period expires, it should not be possible for the same validator to have multiple SlashEvents in the same Queue at the same time. + +We then will iterate over all the SlashEvents in the queue, adding their `ValidatorVotingPercent` to calculate the new percent to slash all the validators in the queue at, using the "Square of Sum of Roots" formula introduced above. + +Once we have the `NewSlashPercent`, we then iterate over all the `SlashEvent`s in the queue once again, and if `NewSlashPercent > SlashedSoFar` for that SlashEvent, we call the `staking.Slash(slashEvent.Address, slashEvent.Power, Math.Min(Math.Max(minSlashPercent, NewSlashPercent - SlashedSoFar), maxSlashPercent)` (we pass in the power of the validator before any slashes occurred, so that we slash the right amount of tokens). We then set `SlashEvent.SlashedSoFar` amount to `NewSlashPercent`. + +## Status + +Proposed + +## Consequences + +### Positive + +* Increases decentralization by disincentivizing delegating to large validators +* Incentivizes Decorrelation of Validators +* More severely punishes attacks than accidental faults +* More flexibility in slashing rates parameterization + +### Negative + +* More computationally expensive than current implementation. Will require more data about "recent slashing events" to be stored on chain. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-016-validator-consensus-key-rotation.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-016-validator-consensus-key-rotation.md new file mode 100644 index 00000000..1d91a8de --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-016-validator-consensus-key-rotation.md @@ -0,0 +1,125 @@ +# ADR 016: Validator Consensus Key Rotation + +## Changelog + +* 2019 Oct 23: Initial draft +* 2019 Nov 28: Add key rotation fee + +## Context + +Validator consensus key rotation feature has been discussed and requested for a long time, for the sake of safer validator key management policy (e.g. https://github.com/tendermint/tendermint/issues/1136). So, we suggest one of the simplest form of validator consensus key rotation implementation mostly onto Cosmos SDK. + +We don't need to make any update on consensus logic in Tendermint because Tendermint does not have any mapping information of consensus key and validator operator key, meaning that from Tendermint point of view, a consensus key rotation of a validator is simply a replacement of a consensus key to another. + +Also, it should be noted that this ADR includes only the simplest form of consensus key rotation without considering multiple consensus keys concept. Such multiple consensus keys concept shall remain a long term goal of Tendermint and Cosmos SDK. + +## Decision + +### Pseudo procedure for consensus key rotation + +* create new random consensus key. +* create and broadcast a transaction with a `MsgRotateConsPubKey` that states the new consensus key is now coupled with the validator operator with signature from the validator's operator key. +* old consensus key becomes unable to participate on consensus immediately after the update of key mapping state on-chain. +* start validating with new consensus key. +* validators using HSM and KMS should update the consensus key in HSM to use the new rotated key after the height `h` when `MsgRotateConsPubKey` committed to the blockchain. + +### Considerations + +* consensus key mapping information management strategy + * store history of each key mapping changes in the kvstore. + * the state machine can search corresponding consensus key paired with given validator operator for any arbitrary height in a recent unbonding period. + * the state machine does not need any historical mapping information which is past more than unbonding period. +* key rotation costs related to LCD and IBC + * LCD and IBC will have traffic/computation burden when there exists frequent power changes + * In current Tendermint design, consensus key rotations are seen as power changes from LCD or IBC perspective + * Therefore, to minimize unnecessary frequent key rotation behavior, we limited maximum number of rotation in recent unbonding period and also applied exponentially increasing rotation fee +* limits + * a validator cannot rotate its consensus key more than `MaxConsPubKeyRotations` time for any unbonding period, to prevent spam. + * parameters can be decided by governance and stored in genesis file. +* key rotation fee + * a validator should pay `KeyRotationFee` to rotate the consensus key which is calculated as below + * `KeyRotationFee` = (max(`VotingPowerPercentage` *100, 1)* `InitialKeyRotationFee`) * 2^(number of rotations in `ConsPubKeyRotationHistory` in recent unbonding period) +* evidence module + * evidence module can search corresponding consensus key for any height from slashing keeper so that it can decide which consensus key is supposed to be used for given height. +* abci.ValidatorUpdate + * tendermint already has ability to change a consensus key by ABCI communication(`ValidatorUpdate`). + * validator consensus key update can be done via creating new + delete old by change the power to zero. + * therefore, we expect we even do not need to change tendermint codebase at all to implement this feature. +* new genesis parameters in `staking` module + * `MaxConsPubKeyRotations` : maximum number of rotation can be executed by a validator in recent unbonding period. default value 10 is suggested(11th key rotation will be rejected) + * `InitialKeyRotationFee` : the initial key rotation fee when no key rotation has happened in recent unbonding period. default value 1atom is suggested(1atom fee for the first key rotation in recent unbonding period) + +### Workflow + +1. The validator generates a new consensus keypair. +2. The validator generates and signs a `MsgRotateConsPubKey` tx with their operator key and new ConsPubKey + + ```go + type MsgRotateConsPubKey struct { + ValidatorAddress sdk.ValAddress + NewPubKey crypto.PubKey + } + ``` + +3. `handleMsgRotateConsPubKey` gets `MsgRotateConsPubKey`, calls `RotateConsPubKey` with emits event +4. `RotateConsPubKey` + * checks if `NewPubKey` is not duplicated on `ValidatorsByConsAddr` + * checks if the validator is does not exceed parameter `MaxConsPubKeyRotations` by iterating `ConsPubKeyRotationHistory` + * checks if the signing account has enough balance to pay `KeyRotationFee` + * pays `KeyRotationFee` to community fund + * overwrites `NewPubKey` in `validator.ConsPubKey` + * deletes old `ValidatorByConsAddr` + * `SetValidatorByConsAddr` for `NewPubKey` + * Add `ConsPubKeyRotationHistory` for tracking rotation + + ```go + type ConsPubKeyRotationHistory struct { + OperatorAddress sdk.ValAddress + OldConsPubKey crypto.PubKey + NewConsPubKey crypto.PubKey + RotatedHeight int64 + } + ``` + +5. `ApplyAndReturnValidatorSetUpdates` checks if there is `ConsPubKeyRotationHistory` with `ConsPubKeyRotationHistory.RotatedHeight == ctx.BlockHeight()` and if so, generates 2 `ValidatorUpdate` , one for a remove validator and one for create new validator + + ```go + abci.ValidatorUpdate{ + PubKey: cmttypes.TM2PB.PubKey(OldConsPubKey), + Power: 0, + } + + abci.ValidatorUpdate{ + PubKey: cmttypes.TM2PB.PubKey(NewConsPubKey), + Power: v.ConsensusPower(), + } + ``` + +6. at `previousVotes` Iteration logic of `AllocateTokens`, `previousVote` using `OldConsPubKey` match up with `ConsPubKeyRotationHistory`, and replace validator for token allocation +7. Migrate `ValidatorSigningInfo` and `ValidatorMissedBlockBitArray` from `OldConsPubKey` to `NewConsPubKey` + +* Note : All above features shall be implemented in `staking` module. + +## Status + +Proposed + +## Consequences + +### Positive + +* Validators can immediately or periodically rotate their consensus key to have better security policy +* improved security against Long-Range attacks (https://nearprotocol.com/blog/long-range-attacks-and-a-new-fork-choice-rule) given a validator throws away the old consensus key(s) + +### Negative + +* Slash module needs more computation because it needs to lookup corresponding consensus key of validators for each height +* frequent key rotations will make light client bisection less efficient + +### Neutral + +## References + +* on tendermint repo : https://github.com/tendermint/tendermint/issues/1136 +* on cosmos-sdk repo : https://github.com/cosmos/cosmos-sdk/issues/5231 +* about multiple consensus keys : https://github.com/tendermint/tendermint/issues/1758#issuecomment-545291698 diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-017-historical-header-module.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-017-historical-header-module.md new file mode 100644 index 00000000..573c632c --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-017-historical-header-module.md @@ -0,0 +1,61 @@ +# ADR 17: Historical Header Module + +## Changelog + +* 26 November 2019: Start of first version +* 2 December 2019: Final draft of first version + +## Context + +In order for the Cosmos SDK to implement the [IBC specification](https://github.com/cosmos/ics), modules within the Cosmos SDK must have the ability to introspect recent consensus states (validator sets & commitment roots) as proofs of these values on other chains must be checked during the handshakes. + +## Decision + +The application MUST store the most recent `n` headers in a persistent store. At first, this store MAY be the current Merklised store. A non-Merklised store MAY be used later as no proofs are necessary. + +The application MUST store this information by storing new headers immediately when handling `abci.RequestBeginBlock`: + +```go +func BeginBlock(ctx sdk.Context, keeper HistoricalHeaderKeeper, req abci.RequestBeginBlock) abci.ResponseBeginBlock { + info := HistoricalInfo{ + Header: ctx.BlockHeader(), + ValSet: keeper.StakingKeeper.GetAllValidators(ctx), // note that this must be stored in a canonical order + } + keeper.SetHistoricalInfo(ctx, ctx.BlockHeight(), info) + n := keeper.GetParamRecentHeadersToStore() + keeper.PruneHistoricalInfo(ctx, ctx.BlockHeight() - n) + // continue handling request +} +``` + +Alternatively, the application MAY store only the hash of the validator set. + +The application MUST make these past `n` committed headers available for querying by Cosmos SDK modules through the `Keeper`'s `GetHistoricalInfo` function. This MAY be implemented in a new module, or it MAY also be integrated into an existing one (likely `x/staking` or `x/ibc`). + +`n` MAY be configured as a parameter store parameter, in which case it could be changed by `ParameterChangeProposal`s, although it will take some blocks for the stored information to catch up if `n` is increased. + +## Status + +Proposed. + +## Consequences + +Implementation of this ADR will require changes to the Cosmos SDK. It will not require changes to Tendermint. + +### Positive + +* Easy retrieval of headers & state roots for recent past heights by modules anywhere in the Cosmos SDK. +* No RPC calls to Tendermint required. +* No ABCI alterations required. + +### Negative + +* Duplicates `n` headers data in Tendermint & the application (additional disk usage) - in the long term, an approach such as [this](https://github.com/tendermint/tendermint/issues/4210) might be preferable. + +### Neutral + +(none known) + +## References + +* [ICS 2: "Consensus state introspection"](https://github.com/cosmos/ibc/tree/master/spec/core/ics-002-client-semantics#consensus-state-introspection) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-018-extendable-voting-period.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-018-extendable-voting-period.md new file mode 100644 index 00000000..5e8f058d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-018-extendable-voting-period.md @@ -0,0 +1,66 @@ +# ADR 18: Extendable Voting Periods + +## Changelog + +* 1 January 2020: Start of first version + +## Context + +Currently the voting period for all governance proposals is the same. However, this is suboptimal as all governance proposals do not require the same time period. For more non-contentious proposals, they can be dealt with more efficiently with a faster period, while more contentious or complex proposals may need a longer period for extended discussion/consideration. + +## Decision + +We would like to design a mechanism for making the voting period of a governance proposal variable based on the demand of voters. We would like it to be based on the view of the governance participants, rather than just the proposer of a governance proposal (thus, allowing the proposer to select the voting period length is not sufficient). + +However, we would like to avoid the creation of an entire second voting process to determine the length of the voting period, as it just pushed the problem to determining the length of that first voting period. + +Thus, we propose the following mechanism: + +### Params + +* The current gov param `VotingPeriod` is to be replaced by a `MinVotingPeriod` param. This is the default voting period that all governance proposal voting periods start with. +* There is a new gov param called `MaxVotingPeriodExtension`. + +### Mechanism + +There is a new `Msg` type called `MsgExtendVotingPeriod`, which can be sent by any staked account during a proposal's voting period. It allows the sender to unilaterally extend the length of the voting period by `MaxVotingPeriodExtension * sender's share of voting power`. Every address can only call `MsgExtendVotingPeriod` once per proposal. + +So for example, if the `MaxVotingPeriodExtension` is set to 100 Days, then anyone with 1% of voting power can extend the voting power by 1 day. If 33% of voting power has sent the message, the voting period will be extended by 33 days. Thus, if absolutely everyone chooses to extend the voting period, the absolute maximum voting period will be `MinVotingPeriod + MaxVotingPeriodExtension`. + +This system acts as a sort of distributed coordination, where individual stakers choosing to extend or not, allows the system the guage the conentiousness/complexity of the proposal. It is extremely unlikely that many stakers will choose to extend at the exact same time, it allows stakers to view how long others have already extended thus far, to decide whether or not to extend further. + +### Dealing with Unbonding/Redelegation + +There is one thing that needs to be addressed. How to deal with redelegation/unbonding during the voting period. If a staker of 5% calls `MsgExtendVotingPeriod` and then unbonds, does the voting period then decrease by 5 days again? This is not good as it can give people a false sense of how long they have to make their decision. For this reason, we want to design it such that the voting period length can only be extended, not shortened. To do this, the current extension amount is based on the highest percent that voted extension at any time. This is best explained by example: + +1. Let's say 2 stakers of voting power 4% and 3% respectively vote to extend. The voting period will be extended by 7 days. +2. Now the staker of 3% decides to unbond before the end of the voting period. The voting period extension remains 7 days. +3. Now, let's say another staker of 2% voting power decides to extend voting period. There is now 6% of active voting power choosing the extend. The voting power remains 7 days. +4. If a fourth staker of 10% chooses to extend now, there is a total of 16% of active voting power wishing to extend. The voting period will be extended to 16 days. + +### Delegators + +Just like votes in the actual voting period, delegators automatically inherit the extension of their validators. If their validator chooses to extend, their voting power will be used in the validator's extension. However, the delegator is unable to override their validator and "unextend" as that would contradict the "voting power length can only be ratcheted up" principle described in the previous section. However, a delegator may choose the extend using their personal voting power, if their validator has not done so. + +## Status + +Proposed + +## Consequences + +### Positive + +* More complex/contentious governance proposals will have more time to properly digest and deliberate + +### Negative + +* Governance process becomes more complex and requires more understanding to interact with effectively +* Can no longer predict when a governance proposal will end. Can't assume order in which governance proposals will end. + +### Neutral + +* The minimum voting period can be made shorter + +## References + +* [Cosmos Forum post where idea first originated](https://forum.cosmos.network/t/proposal-draft-reduce-governance-voting-period-to-7-days/3032/9) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-019-protobuf-state-encoding.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-019-protobuf-state-encoding.md new file mode 100644 index 00000000..5ad1b953 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-019-protobuf-state-encoding.md @@ -0,0 +1,379 @@ +# ADR 019: Protocol Buffer State Encoding + +## Changelog + +* 2020 Feb 15: Initial Draft +* 2020 Feb 24: Updates to handle messages with interface fields +* 2020 Apr 27: Convert usages of `oneof` for interfaces to `Any` +* 2020 May 15: Describe `cosmos_proto` extensions and amino compatibility +* 2020 Dec 4: Move and rename `MarshalAny` and `UnmarshalAny` into the `codec.Codec` interface. +* 2021 Feb 24: Remove mentions of `HybridCodec`, which has been abandoned in [#6843](https://github.com/cosmos/cosmos-sdk/pull/6843). + +## Status + +Accepted + +## Context + +Currently, the Cosmos SDK utilizes [go-amino](https://github.com/tendermint/go-amino/) for binary +and JSON object encoding over the wire bringing parity between logical objects and persistence objects. + +From the Amino docs: + +> Amino is an object encoding specification. It is a subset of Proto3 with an extension for interface +> support. See the [Proto3 spec](https://developers.google.com/protocol-buffers/docs/proto3) for more +> information on Proto3, which Amino is largely compatible with (but not with Proto2). +> +> The goal of the Amino encoding protocol is to bring parity into logic objects and persistence objects. + +Amino also aims to have the following goals (not a complete list): + +* Binary bytes must be decode-able with a schema. +* Schema must be upgradeable. +* The encoder and decoder logic must be reasonably simple. + +However, we believe that Amino does not fulfill these goals completely and does not fully meet the +needs of a truly flexible cross-language and multi-client compatible encoding protocol in the Cosmos SDK. +Namely, Amino has proven to be a big pain-point in regards to supporting object serialization across +clients written in various languages while providing virtually little in the way of true backwards +compatibility and upgradeability. Furthermore, through profiling and various benchmarks, Amino has +been shown to be an extremely large performance bottleneck in the Cosmos SDK 1. This is +largely reflected in the performance of simulations and application transaction throughput. + +Thus, we need to adopt an encoding protocol that meets the following criteria for state serialization: + +* Language agnostic +* Platform agnostic +* Rich client support and thriving ecosystem +* High performance +* Minimal encoded message size +* Codegen-based over reflection-based +* Supports backward and forward compatibility + +Note, migrating away from Amino should be viewed as a two-pronged approach, state and client encoding. +This ADR focuses on state serialization in the Cosmos SDK state machine. A corresponding ADR will be +made to address client-side encoding. + +## Decision + +We will adopt [Protocol Buffers](https://developers.google.com/protocol-buffers) for serializing +persisted structured data in the Cosmos SDK while providing a clean mechanism and developer UX for +applications wishing to continue to use Amino. We will provide this mechanism by updating modules to +accept a codec interface, `Marshaler`, instead of a concrete Amino codec. Furthermore, the Cosmos SDK +will provide two concrete implementations of the `Marshaler` interface: `AminoCodec` and `ProtoCodec`. + +* `AminoCodec`: Uses Amino for both binary and JSON encoding. +* `ProtoCodec`: Uses Protobuf for both binary and JSON encoding. + +Modules will use whichever codec that is instantiated in the app. By default, the Cosmos SDK's `simapp` +instantiates a `ProtoCodec` as the concrete implementation of `Marshaler`, inside the `MakeTestEncodingConfig` +function. This can be easily overwritten by app developers if they so desire. + +The ultimate goal will be to replace Amino JSON encoding with Protobuf encoding and thus have +modules accept and/or extend `ProtoCodec`. Until then, Amino JSON is still provided for legacy use-cases. +A handful of places in the Cosmos SDK still have Amino JSON hardcoded, such as the Legacy API REST endpoints +and the `x/params` store. They are planned to be converted to Protobuf in a gradual manner. + +### Module Codecs + +Modules that do not require the ability to work with and serialize interfaces, the path to Protobuf +migration is pretty straightforward. These modules are to simply migrate any existing types that +are encoded and persisted via their concrete Amino codec to Protobuf and have their keeper accept a +`Marshaler` that will be a `ProtoCodec`. This migration is simple as things will just work as-is. + +Note, any business logic that needs to encode primitive types like `bool` or `int64` should use +[gogoprotobuf](https://github.com/cosmos/gogoproto) Value types. + +Example: + +```go + ts, err := gogotypes.TimestampProto(completionTime) + if err != nil { + // ... + } + + bz := cdc.MustMarshal(ts) +``` + +However, modules can vary greatly in purpose and design and so we must support the ability for modules +to be able to encode and work with interfaces (e.g. `Account` or `Content`). For these modules, they +must define their own codec interface that extends `Marshaler`. These specific interfaces are unique +to the module and will contain method contracts that know how to serialize the needed interfaces. + +Example: + +```go +// x/auth/types/codec.go + +type Codec interface { + codec.Codec + + MarshalAccount(acc exported.Account) ([]byte, error) + UnmarshalAccount(bz []byte) (exported.Account, error) + + MarshalAccountJSON(acc exported.Account) ([]byte, error) + UnmarshalAccountJSON(bz []byte) (exported.Account, error) +} +``` + +### Usage of `Any` to encode interfaces + +In general, module-level .proto files should define messages which encode interfaces +using [`google.protobuf.Any`](https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/any.proto). +After [extension discussion](https://github.com/cosmos/cosmos-sdk/issues/6030), +this was chosen as the preferred alternative to application-level `oneof`s +as in our original protobuf design. The arguments in favor of `Any` can be +summarized as follows: + +* `Any` provides a simpler, more consistent client UX for dealing with +interfaces than app-level `oneof`s that will need to be coordinated more +carefully across applications. Creating a generic transaction +signing library using `oneof`s may be cumbersome and critical logic may need +to be reimplemented for each chain +* `Any` provides more resistance against human error than `oneof` +* `Any` is generally simpler to implement for both modules and apps + +The main counter-argument to using `Any` centers around its additional space +and possibly performance overhead. The space overhead could be dealt with using +compression at the persistence layer in the future and the performance impact +is likely to be small. Thus, not using `Any` is seem as a pre-mature optimization, +with user experience as the higher order concern. + +Note, that given the Cosmos SDK's decision to adopt the `Codec` interfaces described +above, apps can still choose to use `oneof` to encode state and transactions +but it is not the recommended approach. If apps do choose to use `oneof`s +instead of `Any` they will likely lose compatibility with client apps that +support multiple chains. Thus developers should think carefully about whether +they care more about what is possibly a pre-mature optimization or end-user +and client developer UX. + +### Safe usage of `Any` + +By default, the [gogo protobuf implementation of `Any`](https://pkg.go.dev/github.com/cosmos/gogoproto/types) +uses [global type registration]( https://github.com/cosmos/gogoproto/blob/master/proto/properties.go#L540) +to decode values packed in `Any` into concrete +go types. This introduces a vulnerability where any malicious module +in the dependency tree could register a type with the global protobuf registry +and cause it to be loaded and unmarshaled by a transaction that referenced +it in the `type_url` field. + +To prevent this, we introduce a type registration mechanism for decoding `Any` +values into concrete types through the `InterfaceRegistry` interface which +bears some similarity to type registration with Amino: + +```go +type InterfaceRegistry interface { + // RegisterInterface associates protoName as the public name for the + // interface passed in as iface + // Ex: + // registry.RegisterInterface("cosmos_sdk.Msg", (*sdk.Msg)(nil)) + RegisterInterface(protoName string, iface interface{}) + + // RegisterImplementations registers impls as a concrete implementations of + // the interface iface + // Ex: + // registry.RegisterImplementations((*sdk.Msg)(nil), &MsgSend{}, &MsgMultiSend{}) + RegisterImplementations(iface interface{}, impls ...proto.Message) + +} +``` + +In addition to serving as a whitelist, `InterfaceRegistry` can also serve +to communicate the list of concrete types that satisfy an interface to clients. + +In .proto files: + +* fields which accept interfaces should be annotated with `cosmos_proto.accepts_interface` +using the same full-qualified name passed as `protoName` to `InterfaceRegistry.RegisterInterface` +* interface implementations should be annotated with `cosmos_proto.implements_interface` +using the same full-qualified name passed as `protoName` to `InterfaceRegistry.RegisterInterface` + +In the future, `protoName`, `cosmos_proto.accepts_interface`, `cosmos_proto.implements_interface` +may be used via code generation, reflection &/or static linting. + +The same struct that implements `InterfaceRegistry` will also implement an +interface `InterfaceUnpacker` to be used for unpacking `Any`s: + +```go +type InterfaceUnpacker interface { + // UnpackAny unpacks the value in any to the interface pointer passed in as + // iface. Note that the type in any must have been registered with + // RegisterImplementations as a concrete type for that interface + // Ex: + // var msg sdk.Msg + // err := ctx.UnpackAny(any, &msg) + // ... + UnpackAny(any *Any, iface interface{}) error +} +``` + +Note that `InterfaceRegistry` usage does not deviate from standard protobuf +usage of `Any`, it just introduces a security and introspection layer for +golang usage. + +`InterfaceRegistry` will be a member of `ProtoCodec` +described above. In order for modules to register interface types, app modules +can optionally implement the following interface: + +```go +type InterfaceModule interface { + RegisterInterfaceTypes(InterfaceRegistry) +} +``` + +The module manager will include a method to call `RegisterInterfaceTypes` on +every module that implements it in order to populate the `InterfaceRegistry`. + +### Using `Any` to encode state + +The Cosmos SDK will provide support methods `MarshalInterface` and `UnmarshalInterface` to hide a complexity of wrapping interface types into `Any` and allow easy serialization. + +```go +import "github.com/cosmos/cosmos-sdk/codec" + +// note: eviexported.Evidence is an interface type +func MarshalEvidence(cdc codec.BinaryCodec, e eviexported.Evidence) ([]byte, error) { + return cdc.MarshalInterface(e) +} + +func UnmarshalEvidence(cdc codec.BinaryCodec, bz []byte) (eviexported.Evidence, error) { + var evi eviexported.Evidence + err := cdc.UnmarshalInterface(&evi, bz) + return err, nil +} +``` + +### Using `Any` in `sdk.Msg`s + +A similar concept is to be applied for messages that contain interfaces fields. +For example, we can define `MsgSubmitEvidence` as follows where `Evidence` is +an interface: + +```protobuf +// x/evidence/types/types.proto + +message MsgSubmitEvidence { + bytes submitter = 1 + [ + (gogoproto.casttype) = "github.com/cosmos/cosmos-sdk/types.AccAddress" + ]; + google.protobuf.Any evidence = 2; +} +``` + +Note that in order to unpack the evidence from `Any` we do need a reference to +`InterfaceRegistry`. In order to reference evidence in methods like +`ValidateBasic` which shouldn't have to know about the `InterfaceRegistry`, we +introduce an `UnpackInterfaces` phase to deserialization which unpacks +interfaces before they're needed. + +### Unpacking Interfaces + +To implement the `UnpackInterfaces` phase of deserialization which unpacks +interfaces wrapped in `Any` before they're needed, we create an interface +that `sdk.Msg`s and other types can implement: + +```go +type UnpackInterfacesMessage interface { + UnpackInterfaces(InterfaceUnpacker) error +} +``` + +We also introduce a private `cachedValue interface{}` field onto the `Any` +struct itself with a public getter `GetCachedValue() interface{}`. + +The `UnpackInterfaces` method is to be invoked during message deserialization right +after `Unmarshal` and any interface values packed in `Any`s will be decoded +and stored in `cachedValue` for reference later. + +Then unpacked interface values can safely be used in any code afterwards +without knowledge of the `InterfaceRegistry` +and messages can introduce a simple getter to cast the cached value to the +correct interface type. + +This has the added benefit that unmarshaling of `Any` values only happens once +during initial deserialization rather than every time the value is read. Also, +when `Any` values are first packed (for instance in a call to +`NewMsgSubmitEvidence`), the original interface value is cached so that +unmarshaling isn't needed to read it again. + +`MsgSubmitEvidence` could implement `UnpackInterfaces`, plus a convenience getter +`GetEvidence` as follows: + +```go +func (msg MsgSubmitEvidence) UnpackInterfaces(ctx sdk.InterfaceRegistry) error { + var evi eviexported.Evidence + return ctx.UnpackAny(msg.Evidence, *evi) +} + +func (msg MsgSubmitEvidence) GetEvidence() eviexported.Evidence { + return msg.Evidence.GetCachedValue().(eviexported.Evidence) +} +``` + +### Amino Compatibility + +Our custom implementation of `Any` can be used transparently with Amino if used +with the proper codec instance. What this means is that interfaces packed within +`Any`s will be amino marshaled like regular Amino interfaces (assuming they +have been registered properly with Amino). + +In order for this functionality to work: + +* **all legacy code must use `*codec.LegacyAmino` instead of `*amino.Codec` which is + now a wrapper which properly handles `Any`** +* **all new code should use `Marshaler` which is compatible with both amino and + protobuf** +* Also, before v0.39, `codec.LegacyAmino` will be renamed to `codec.LegacyAmino`. + +### Why Wasn't X Chosen Instead + +For a more complete comparison to alternative protocols, see [here](https://codeburst.io/json-vs-protocol-buffers-vs-flatbuffers-a4247f8bda6f). + +### Cap'n Proto + +While [Cap’n Proto](https://capnproto.org/) does seem like an advantageous alternative to Protobuf +due to it's native support for interfaces/generics and built in canonicalization, it does lack the +rich client ecosystem compared to Protobuf and is a bit less mature. + +### FlatBuffers + +[FlatBuffers](https://google.github.io/flatbuffers/) is also a potentially viable alternative, with the +primary difference being that FlatBuffers does not need a parsing/unpacking step to a secondary +representation before you can access data, often coupled with per-object memory allocation. + +However, it would require great efforts into research and full understanding the scope of the migration +and path forward -- which isn't immediately clear. In addition, FlatBuffers aren't designed for +untrusted inputs. + +## Future Improvements & Roadmap + +In the future we may consider a compression layer right above the persistence +layer which doesn't change tx or merkle tree hashes, but reduces the storage +overhead of `Any`. In addition, we may adopt protobuf naming conventions which +make type URLs a bit more concise while remaining descriptive. + +Additional code generation support around the usage of `Any` is something that +could also be explored in the future to make the UX for go developers more +seamless. + +## Consequences + +### Positive + +* Significant performance gains. +* Supports backward and forward type compatibility. +* Better support for cross-language clients. + +### Negative + +* Learning curve required to understand and implement Protobuf messages. +* Slightly larger message size due to use of `Any`, although this could be offset + by a compression layer in the future + +### Neutral + +## References + +1. https://github.com/cosmos/cosmos-sdk/issues/4977 +2. https://github.com/cosmos/cosmos-sdk/issues/5444 diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-020-protobuf-transaction-encoding.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-020-protobuf-transaction-encoding.md new file mode 100644 index 00000000..b26f394b --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-020-protobuf-transaction-encoding.md @@ -0,0 +1,464 @@ +# ADR 020: Protocol Buffer Transaction Encoding + +## Changelog + +* 2020 March 06: Initial Draft +* 2020 March 12: API Updates +* 2020 April 13: Added details on interface `oneof` handling +* 2020 April 30: Switch to `Any` +* 2020 May 14: Describe public key encoding +* 2020 June 08: Store `TxBody` and `AuthInfo` as bytes in `SignDoc`; Document `TxRaw` as broadcast and storage type. +* 2020 August 07: Use ADR 027 for serializing `SignDoc`. +* 2020 August 19: Move sequence field from `SignDoc` to `SignerInfo`, as discussed in [#6966](https://github.com/cosmos/cosmos-sdk/issues/6966). +* 2020 September 25: Remove `PublicKey` type in favor of `secp256k1.PubKey`, `ed25519.PubKey` and `multisig.LegacyAminoPubKey`. +* 2020 October 15: Add `GetAccount` and `GetAccountWithHeight` methods to the `AccountRetriever` interface. +* 2021 Feb 24: The Cosmos SDK does not use Tendermint's `PubKey` interface anymore, but its own `cryptotypes.PubKey`. Updates to reflect this. +* 2021 May 3: Rename `clientCtx.JSONMarshaler` to `clientCtx.JSONCodec`. +* 2021 June 10: Add `clientCtx.Codec: codec.Codec`. + +## Status + +Accepted + +## Context + +This ADR is a continuation of the motivation, design, and context established in +[ADR 019](./adr-019-protobuf-state-encoding.md), namely, we aim to design the +Protocol Buffer migration path for the client-side of the Cosmos SDK. + +Specifically, the client-side migration path primarily includes tx generation and +signing, message construction and routing, in addition to CLI & REST handlers and +business logic (i.e. queriers). + +With this in mind, we will tackle the migration path via two main areas, txs and +querying. However, this ADR solely focuses on transactions. Querying should be +addressed in a future ADR, but it should build off of these proposals. + +Based on detailed discussions ([\#6030](https://github.com/cosmos/cosmos-sdk/issues/6030) +and [\#6078](https://github.com/cosmos/cosmos-sdk/issues/6078)), the original +design for transactions was changed substantially from an `oneof` /JSON-signing +approach to the approach described below. + +## Decision + +### Transactions + +Since interface values are encoded with `google.protobuf.Any` in state (see [ADR 019](adr-019-protobuf-state-encoding.md)), +`sdk.Msg`s are encoding with `Any` in transactions. + +One of the main goals of using `Any` to encode interface values is to have a +core set of types which is reused by apps so that +clients can safely be compatible with as many chains as possible. + +It is one of the goals of this specification to provide a flexible cross-chain transaction +format that can serve a wide variety of use cases without breaking client +compatibility. + +In order to facilitate signing, transactions are separated into `TxBody`, +which will be re-used by `SignDoc` below, and `signatures`: + +```protobuf +// types/types.proto +package cosmos_sdk.v1; + +message Tx { + TxBody body = 1; + AuthInfo auth_info = 2; + // A list of signatures that matches the length and order of AuthInfo's signer_infos to + // allow connecting signature meta information like public key and signing mode by position. + repeated bytes signatures = 3; +} + +// A variant of Tx that pins the signer's exact binary represenation of body and +// auth_info. This is used for signing, broadcasting and verification. The binary +// `serialize(tx: TxRaw)` is stored in Tendermint and the hash `sha256(serialize(tx: TxRaw))` +// becomes the "txhash", commonly used as the transaction ID. +message TxRaw { + // A protobuf serialization of a TxBody that matches the representation in SignDoc. + bytes body = 1; + // A protobuf serialization of an AuthInfo that matches the representation in SignDoc. + bytes auth_info = 2; + // A list of signatures that matches the length and order of AuthInfo's signer_infos to + // allow connecting signature meta information like public key and signing mode by position. + repeated bytes signatures = 3; +} + +message TxBody { + // A list of messages to be executed. The required signers of those messages define + // the number and order of elements in AuthInfo's signer_infos and Tx's signatures. + // Each required signer address is added to the list only the first time it occurs. + // + // By convention, the first required signer (usually from the first message) is referred + // to as the primary signer and pays the fee for the whole transaction. + repeated google.protobuf.Any messages = 1; + string memo = 2; + int64 timeout_height = 3; + repeated google.protobuf.Any extension_options = 1023; +} + +message AuthInfo { + // This list defines the signing modes for the required signers. The number + // and order of elements must match the required signers from TxBody's messages. + // The first element is the primary signer and the one which pays the fee. + repeated SignerInfo signer_infos = 1; + // The fee can be calculated based on the cost of evaluating the body and doing signature verification of the signers. This can be estimated via simulation. + Fee fee = 2; +} + +message SignerInfo { + // The public key is optional for accounts that already exist in state. If unset, the + // verifier can use the required signer address for this position and lookup the public key. + google.protobuf.Any public_key = 1; + // ModeInfo describes the signing mode of the signer and is a nested + // structure to support nested multisig pubkey's + ModeInfo mode_info = 2; + // sequence is the sequence of the account, which describes the + // number of committed transactions signed by a given address. It is used to prevent + // replay attacks. + uint64 sequence = 3; +} + +message ModeInfo { + oneof sum { + Single single = 1; + Multi multi = 2; + } + + // Single is the mode info for a single signer. It is structured as a message + // to allow for additional fields such as locale for SIGN_MODE_TEXTUAL in the future + message Single { + SignMode mode = 1; + } + + // Multi is the mode info for a multisig public key + message Multi { + // bitarray specifies which keys within the multisig are signing + CompactBitArray bitarray = 1; + // mode_infos is the corresponding modes of the signers of the multisig + // which could include nested multisig public keys + repeated ModeInfo mode_infos = 2; + } +} + +enum SignMode { + SIGN_MODE_UNSPECIFIED = 0; + + SIGN_MODE_DIRECT = 1; + + SIGN_MODE_TEXTUAL = 2; + + SIGN_MODE_LEGACY_AMINO_JSON = 127; +} +``` + +As will be discussed below, in order to include as much of the `Tx` as possible +in the `SignDoc`, `SignerInfo` is separated from signatures so that only the +raw signatures themselves live outside of what is signed over. + +Because we are aiming for a flexible, extensible cross-chain transaction +format, new transaction processing options should be added to `TxBody` as soon +those use cases are discovered, even if they can't be implemented yet. + +Because there is coordination overhead in this, `TxBody` includes an +`extension_options` field which can be used for any transaction processing +options that are not already covered. App developers should, nevertheless, +attempt to upstream important improvements to `Tx`. + +### Signing + +All of the signing modes below aim to provide the following guarantees: + +* **No Malleability**: `TxBody` and `AuthInfo` cannot change once the transaction + is signed +* **Predictable Gas**: if I am signing a transaction where I am paying a fee, + the final gas is fully dependent on what I am signing + +These guarantees give the maximum amount confidence to message signers that +manipulation of `Tx`s by intermediaries can't result in any meaningful changes. + +#### `SIGN_MODE_DIRECT` + +The "direct" signing behavior is to sign the raw `TxBody` bytes as broadcast over +the wire. This has the advantages of: + +* requiring the minimum additional client capabilities beyond a standard protocol + buffers implementation +* leaving effectively zero holes for transaction malleability (i.e. there are no + subtle differences between the signing and encoding formats which could + potentially be exploited by an attacker) + +Signatures are structured using the `SignDoc` below which reuses the serialization of +`TxBody` and `AuthInfo` and only adds the fields which are needed for signatures: + +```protobuf +// types/types.proto +message SignDoc { + // A protobuf serialization of a TxBody that matches the representation in TxRaw. + bytes body = 1; + // A protobuf serialization of an AuthInfo that matches the representation in TxRaw. + bytes auth_info = 2; + string chain_id = 3; + uint64 account_number = 4; +} +``` + +In order to sign in the default mode, clients take the following steps: + +1. Serialize `TxBody` and `AuthInfo` using any valid protobuf implementation. +2. Create a `SignDoc` and serialize it using [ADR 027](./adr-027-deterministic-protobuf-serialization.md). +3. Sign the encoded `SignDoc` bytes. +4. Build a `TxRaw` and serialize it for broadcasting. + +Signature verification is based on comparing the raw `TxBody` and `AuthInfo` +bytes encoded in `TxRaw` not based on any ["canonicalization"](https://github.com/regen-network/canonical-proto3) +algorithm which creates added complexity for clients in addition to preventing +some forms of upgradeability (to be addressed later in this document). + +Signature verifiers do: + +1. Deserialize a `TxRaw` and pull out `body` and `auth_info`. +2. Create a list of required signer addresses from the messages. +3. For each required signer: + * Pull account number and sequence from the state. + * Obtain the public key either from state or `AuthInfo`'s `signer_infos`. + * Create a `SignDoc` and serialize it using [ADR 027](./adr-027-deterministic-protobuf-serialization.md). + * Verify the signature at the same list position against the serialized `SignDoc`. + +#### `SIGN_MODE_LEGACY_AMINO` + +In order to support legacy wallets and exchanges, Amino JSON will be temporarily +supported transaction signing. Once wallets and exchanges have had a +chance to upgrade to protobuf based signing, this option will be disabled. In +the meantime, it is foreseen that disabling the current Amino signing would cause +too much breakage to be feasible. Note that this is mainly a requirement of the +Cosmos Hub and other chains may choose to disable Amino signing immediately. + +Legacy clients will be able to sign a transaction using the current Amino +JSON format and have it encoded to protobuf using the REST `/tx/encode` +endpoint before broadcasting. + +#### `SIGN_MODE_TEXTUAL` + +As was discussed extensively in [\#6078](https://github.com/cosmos/cosmos-sdk/issues/6078), +there is a desire for a human-readable signing encoding, especially for hardware +wallets like the [Ledger](https://www.ledger.com) which display +transaction contents to users before signing. JSON was an attempt at this but +falls short of the ideal. + +`SIGN_MODE_TEXTUAL` is intended as a placeholder for a human-readable +encoding which will replace Amino JSON. This new encoding should be even more +focused on readability than JSON, possibly based on formatting strings like +[MessageFormat](http://userguide.icu-project.org/formatparse/messages). + +In order to ensure that the new human-readable format does not suffer from +transaction malleability issues, `SIGN_MODE_TEXTUAL` +requires that the _human-readable bytes are concatenated with the raw `SignDoc`_ +to generate sign bytes. + +Multiple human-readable formats (maybe even localized messages) may be supported +by `SIGN_MODE_TEXTUAL` when it is implemented. + +### Unknown Field Filtering + +Unknown fields in protobuf messages should generally be rejected by transaction +processors because: + +* important data may be present in the unknown fields, that if ignored, will + cause unexpected behavior for clients +* they present a malleability vulnerability where attackers can bloat tx size + by adding random uninterpreted data to unsigned content (i.e. the master `Tx`, + not `TxBody`) + +There are also scenarios where we may choose to safely ignore unknown fields +(https://github.com/cosmos/cosmos-sdk/issues/6078#issuecomment-624400188) to +provide graceful forwards compatibility with newer clients. + +We propose that field numbers with bit 11 set (for most use cases this is +the range of 1024-2047) be considered non-critical fields that can safely be +ignored if unknown. + +To handle this we will need an unknown field filter that: + +* always rejects unknown fields in unsigned content (i.e. top-level `Tx` and + unsigned parts of `AuthInfo` if present based on the signing mode) +* rejects unknown fields in all messages (including nested `Any`s) other than + fields with bit 11 set + +This will likely need to be a custom protobuf parser pass that takes message bytes +and `FileDescriptor`s and returns a boolean result. + +### Public Key Encoding + +Public keys in the Cosmos SDK implement the `cryptotypes.PubKey` interface. +We propose to use `Any` for protobuf encoding as we are doing with other interfaces (for example, in `BaseAccount.PubKey` and `SignerInfo.PublicKey`). +The following public keys are implemented: secp256k1, secp256r1, ed25519 and legacy-multisignature. + +Ex: + +```protobuf +message PubKey { + bytes key = 1; +} +``` + +`multisig.LegacyAminoPubKey` has an array of `Any`'s member to support any +protobuf public key type. + +Apps should only attempt to handle a registered set of public keys that they +have tested. The provided signature verification ante handler decorators will +enforce this. + +### CLI & REST + +Currently, the REST and CLI handlers encode and decode types and txs via Amino +JSON encoding using a concrete Amino codec. Being that some of the types dealt with +in the client can be interfaces, similar to how we described in [ADR 019](./adr-019-protobuf-state-encoding.md), +the client logic will now need to take a codec interface that knows not only how +to handle all the types, but also knows how to generate transactions, signatures, +and messages. + +```go +type AccountRetriever interface { + GetAccount(clientCtx Context, addr sdk.AccAddress) (client.Account, error) + GetAccountWithHeight(clientCtx Context, addr sdk.AccAddress) (client.Account, int64, error) + EnsureExists(clientCtx client.Context, addr sdk.AccAddress) error + GetAccountNumberSequence(clientCtx client.Context, addr sdk.AccAddress) (uint64, uint64, error) +} + +type Generator interface { + NewTx() TxBuilder + NewFee() ClientFee + NewSignature() ClientSignature + MarshalTx(tx types.Tx) ([]byte, error) +} + +type TxBuilder interface { + GetTx() sdk.Tx + + SetMsgs(...sdk.Msg) error + GetSignatures() []sdk.Signature + SetSignatures(...sdk.Signature) + GetFee() sdk.Fee + SetFee(sdk.Fee) + GetMemo() string + SetMemo(string) +} +``` + +We then update `Context` to have new fields: `Codec`, `TxGenerator`, +and `AccountRetriever`, and we update `AppModuleBasic.GetTxCmd` to take +a `Context` which should have all of these fields pre-populated. + +Each client method should then use one of the `Init` methods to re-initialize +the pre-populated `Context`. `tx.GenerateOrBroadcastTx` can be used to +generate or broadcast a transaction. For example: + +```go +import "github.com/spf13/cobra" +import "github.com/cosmos/cosmos-sdk/client" +import "github.com/cosmos/cosmos-sdk/client/tx" + +func NewCmdDoSomething(clientCtx client.Context) *cobra.Command { + return &cobra.Command{ + RunE: func(cmd *cobra.Command, args []string) error { + clientCtx := ctx.InitWithInput(cmd.InOrStdin()) + msg := NewSomeMsg{...} + tx.GenerateOrBroadcastTx(clientCtx, msg) + }, + } +} +``` + +## Future Improvements + +### `SIGN_MODE_TEXTUAL` specification + +A concrete specification and implementation of `SIGN_MODE_TEXTUAL` is intended +as a near-term future improvement so that the ledger app and other wallets +can gracefully transition away from Amino JSON. + +### `SIGN_MODE_DIRECT_AUX` + +(\*Documented as option (3) in https://github.com/cosmos/cosmos-sdk/issues/6078#issuecomment-628026933) + +We could add a mode `SIGN_MODE_DIRECT_AUX` +to support scenarios where multiple signatures +are being gathered into a single transaction but the message composer does not +yet know which signatures will be included in the final transaction. For instance, +I may have a 3/5 multisig wallet and want to send a `TxBody` to all 5 +signers to see who signs first. As soon as I have 3 signatures then I will go +ahead and build the full transaction. + +With `SIGN_MODE_DIRECT`, each signer needs +to sign the full `AuthInfo` which includes the full list of all signers and +their signing modes, making the above scenario very hard. + +`SIGN_MODE_DIRECT_AUX` would allow "auxiliary" signers to create their signature +using only `TxBody` and their own `PublicKey`. This allows the full list of +signers in `AuthInfo` to be delayed until signatures have been collected. + +An "auxiliary" signer is any signer besides the primary signer who is paying +the fee. For the primary signer, the full `AuthInfo` is actually needed to calculate gas and fees +because that is dependent on how many signers and which key types and signing +modes they are using. Auxiliary signers, however, do not need to worry about +fees or gas and thus can just sign `TxBody`. + +To generate a signature in `SIGN_MODE_DIRECT_AUX` these steps would be followed: + +1. Encode `SignDocAux` (with the same requirement that fields must be serialized + in order): + + ```protobuf + // types/types.proto + message SignDocAux { + bytes body_bytes = 1; + // PublicKey is included in SignDocAux : + // 1. as a special case for multisig public keys. For multisig public keys, + // the signer should use the top-level multisig public key they are signing + // against, not their own public key. This is to prevent against a form + // of malleability where a signature could be taken out of context of the + // multisig key that was intended to be signed for + // 2. to guard against scenario where configuration information is encoded + // in public keys (it has been proposed) such that two keys can generate + // the same signature but have different security properties + // + // By including it here, the composer of AuthInfo cannot reference the + // a public key variant the signer did not intend to use + PublicKey public_key = 2; + string chain_id = 3; + uint64 account_number = 4; + } + ``` + +2. Sign the encoded `SignDocAux` bytes +3. Send their signature and `SignerInfo` to primary signer who will then + sign and broadcast the final transaction (with `SIGN_MODE_DIRECT` and `AuthInfo` + added) once enough signatures have been collected + +### `SIGN_MODE_DIRECT_RELAXED` + +(_Documented as option (1)(a) in https://github.com/cosmos/cosmos-sdk/issues/6078#issuecomment-628026933_) + +This is a variation of `SIGN_MODE_DIRECT` where multiple signers wouldn't need to +coordinate public keys and signing modes in advance. It would involve an alternate +`SignDoc` similar to `SignDocAux` above with fee. This could be added in the future +if client developers found the burden of collecting public keys and modes in advance +too burdensome. + +## Consequences + +### Positive + +* Significant performance gains. +* Supports backward and forward type compatibility. +* Better support for cross-language clients. +* Multiple signing modes allow for greater protocol evolution + +### Negative + +* `google.protobuf.Any` type URLs increase transaction size although the effect + may be negligible or compression may be able to mitigate it. + +### Neutral + +## References diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-021-protobuf-query-encoding.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-021-protobuf-query-encoding.md new file mode 100644 index 00000000..a90e807d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-021-protobuf-query-encoding.md @@ -0,0 +1,256 @@ +# ADR 021: Protocol Buffer Query Encoding + +## Changelog + +* 2020 March 27: Initial Draft + +## Status + +Accepted + +## Context + +This ADR is a continuation of the motivation, design, and context established in +[ADR 019](./adr-019-protobuf-state-encoding.md) and +[ADR 020](./adr-020-protobuf-transaction-encoding.md), namely, we aim to design the +Protocol Buffer migration path for the client-side of the Cosmos SDK. + +This ADR continues from [ADD 020](./adr-020-protobuf-transaction-encoding.md) +to specify the encoding of queries. + +## Decision + +### Custom Query Definition + +Modules define custom queries through a protocol buffers `service` definition. +These `service` definitions are generally associated with and used by the +GRPC protocol. However, the protocol buffers specification indicates that +they can be used more generically by any request/response protocol that uses +protocol buffer encoding. Thus, we can use `service` definitions for specifying +custom ABCI queries and even reuse a substantial amount of the GRPC infrastructure. + +Each module with custom queries should define a service canonically named `Query`: + +```protobuf +// x/bank/types/types.proto + +service Query { + rpc QueryBalance(QueryBalanceParams) returns (cosmos_sdk.v1.Coin) { } + rpc QueryAllBalances(QueryAllBalancesParams) returns (QueryAllBalancesResponse) { } +} +``` + +#### Handling of Interface Types + +Modules that use interface types and need true polymorphism generally force a +`oneof` up to the app-level that provides the set of concrete implementations of +that interface that the app supports. While app's are welcome to do the same for +queries and implement an app-level query service, it is recommended that modules +provide query methods that expose these interfaces via `google.protobuf.Any`. +There is a concern on the transaction level that the overhead of `Any` is too +high to justify its usage. However for queries this is not a concern, and +providing generic module-level queries that use `Any` does not preclude apps +from also providing app-level queries that return use the app-level `oneof`s. + +A hypothetical example for the `gov` module would look something like: + +```protobuf +// x/gov/types/types.proto + +import "google/protobuf/any.proto"; + +service Query { + rpc GetProposal(GetProposalParams) returns (AnyProposal) { } +} + +message AnyProposal { + ProposalBase base = 1; + google.protobuf.Any content = 2; +} +``` + +### Custom Query Implementation + +In order to implement the query service, we can reuse the existing [gogo protobuf](https://github.com/cosmos/gogoproto) +grpc plugin, which for a service named `Query` generates an interface named +`QueryServer` as below: + +```go +type QueryServer interface { + QueryBalance(context.Context, *QueryBalanceParams) (*types.Coin, error) + QueryAllBalances(context.Context, *QueryAllBalancesParams) (*QueryAllBalancesResponse, error) +} +``` + +The custom queries for our module are implemented by implementing this interface. + +The first parameter in this generated interface is a generic `context.Context`, +whereas querier methods generally need an instance of `sdk.Context` to read +from the store. Since arbitrary values can be attached to `context.Context` +using the `WithValue` and `Value` methods, the Cosmos SDK should provide a function +`sdk.UnwrapSDKContext` to retrieve the `sdk.Context` from the provided +`context.Context`. + +An example implementation of `QueryBalance` for the bank module as above would +look something like: + +```go +type Querier struct { + Keeper +} + +func (q Querier) QueryBalance(ctx context.Context, params *types.QueryBalanceParams) (*sdk.Coin, error) { + balance := q.GetBalance(sdk.UnwrapSDKContext(ctx), params.Address, params.Denom) + return &balance, nil +} +``` + +### Custom Query Registration and Routing + +Query server implementations as above would be registered with `AppModule`s using +a new method `RegisterQueryService(grpc.Server)` which could be implemented simply +as below: + +```go +// x/bank/module.go +func (am AppModule) RegisterQueryService(server grpc.Server) { + types.RegisterQueryServer(server, keeper.Querier{am.keeper}) +} +``` + +Underneath the hood, a new method `RegisterService(sd *grpc.ServiceDesc, handler interface{})` +will be added to the existing `baseapp.QueryRouter` to add the queries to the custom +query routing table (with the routing method being described below). +The signature for this method matches the existing +`RegisterServer` method on the GRPC `Server` type where `handler` is the custom +query server implementation described above. + +GRPC-like requests are routed by the service name (ex. `cosmos_sdk.x.bank.v1.Query`) +and method name (ex. `QueryBalance`) combined with `/`s to form a full +method name (ex. `/cosmos_sdk.x.bank.v1.Query/QueryBalance`). This gets translated +into an ABCI query as `custom/cosmos_sdk.x.bank.v1.Query/QueryBalance`. Service handlers +registered with `QueryRouter.RegisterService` will be routed this way. + +Beyond the method name, GRPC requests carry a protobuf encoded payload, which maps naturally +to `RequestQuery.Data`, and receive a protobuf encoded response or error. Thus +there is a quite natural mapping of GRPC-like rpc methods to the existing +`sdk.Query` and `QueryRouter` infrastructure. + +This basic specification allows us to reuse protocol buffer `service` definitions +for ABCI custom queries substantially reducing the need for manual decoding and +encoding in query methods. + +### GRPC Protocol Support + +In addition to providing an ABCI query pathway, we can easily provide a GRPC +proxy server that routes requests in the GRPC protocol to ABCI query requests +under the hood. In this way, clients could use their host languages' existing +GRPC implementations to make direct queries against Cosmos SDK app's using +these `service` definitions. In order for this server to work, the `QueryRouter` +on `BaseApp` will need to expose the service handlers registered with +`QueryRouter.RegisterService` to the proxy server implementation. Nodes could +launch the proxy server on a separate port in the same process as the ABCI app +with a command-line flag. + +### REST Queries and Swagger Generation + +[grpc-gateway](https://github.com/grpc-ecosystem/grpc-gateway) is a project that +translates REST calls into GRPC calls using special annotations on service +methods. Modules that want to expose REST queries should add `google.api.http` +annotations to their `rpc` methods as in this example below. + +```protobuf +// x/bank/types/types.proto + +service Query { + rpc QueryBalance(QueryBalanceParams) returns (cosmos_sdk.v1.Coin) { + option (google.api.http) = { + get: "/x/bank/v1/balance/{address}/{denom}" + }; + } + rpc QueryAllBalances(QueryAllBalancesParams) returns (QueryAllBalancesResponse) { + option (google.api.http) = { + get: "/x/bank/v1/balances/{address}" + }; + } +} +``` + +grpc-gateway will work direcly against the GRPC proxy described above which will +translate requests to ABCI queries under the hood. grpc-gateway can also +generate Swagger definitions automatically. + +In the current implementation of REST queries, each module needs to implement +REST queries manually in addition to ABCI querier methods. Using the grpc-gateway +approach, there will be no need to generate separate REST query handlers, just +query servers as described above as grpc-gateway handles the translation of protobuf +to REST as well as Swagger definitions. + +The Cosmos SDK should provide CLI commands for apps to start GRPC gateway either in +a separate process or the same process as the ABCI app, as well as provide a +command for generating grpc-gateway proxy `.proto` files and the `swagger.json` +file. + +### Client Usage + +The gogo protobuf grpc plugin generates client interfaces in addition to server +interfaces. For the `Query` service defined above we would get a `QueryClient` +interface like: + +```go +type QueryClient interface { + QueryBalance(ctx context.Context, in *QueryBalanceParams, opts ...grpc.CallOption) (*types.Coin, error) + QueryAllBalances(ctx context.Context, in *QueryAllBalancesParams, opts ...grpc.CallOption) (*QueryAllBalancesResponse, error) +} +``` + +Via a small patch to gogo protobuf ([gogo/protobuf#675](https://github.com/gogo/protobuf/pull/675)) +we have tweaked the grpc codegen to use an interface rather than concrete type +for the generated client struct. This allows us to also reuse the GRPC infrastructure +for ABCI client queries. + +1Context`will receive a new method`QueryConn`that returns a`ClientConn` +that routes calls to ABCI queries + +Clients (such as CLI methods) will then be able to call query methods like this: + +```go +clientCtx := client.NewContext() +queryClient := types.NewQueryClient(clientCtx.QueryConn()) +params := &types.QueryBalanceParams{addr, denom} +result, err := queryClient.QueryBalance(gocontext.Background(), params) +``` + +### Testing + +Tests would be able to create a query client directly from keeper and `sdk.Context` +references using a `QueryServerTestHelper` as below: + +```go +queryHelper := baseapp.NewQueryServerTestHelper(ctx) +types.RegisterQueryServer(queryHelper, keeper.Querier{app.BankKeeper}) +queryClient := types.NewQueryClient(queryHelper) +``` + +## Future Improvements + +## Consequences + +### Positive + +* greatly simplified querier implementation (no manual encoding/decoding) +* easy query client generation (can use existing grpc and swagger tools) +* no need for REST query implementations +* type safe query methods (generated via grpc plugin) +* going forward, there will be less breakage of query methods because of the +backwards compatibility guarantees provided by buf + +### Negative + +* all clients using the existing ABCI/REST queries will need to be refactored +for both the new GRPC/REST query paths as well as protobuf/proto-json encoded +data, but this is more or less unavoidable in the protobuf refactoring + +### Neutral + +## References diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-022-custom-panic-handling.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-022-custom-panic-handling.md new file mode 100644 index 00000000..8cb5d968 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-022-custom-panic-handling.md @@ -0,0 +1,218 @@ +# ADR 022: Custom BaseApp panic handling + +## Changelog + +* 2020 Apr 24: Initial Draft +* 2021 Sep 14: Superseded by ADR-045 + +## Status + +SUPERSEDED by ADR-045 + +## Context + +The current implementation of BaseApp does not allow developers to write custom error handlers during panic recovery +[runTx()](https://github.com/cosmos/cosmos-sdk/blob/bad4ca75f58b182f600396ca350ad844c18fc80b/baseapp/baseapp.go#L539) +method. We think that this method can be more flexible and can give Cosmos SDK users more options for customizations without +the need to rewrite whole BaseApp. Also there's one special case for `sdk.ErrorOutOfGas` error handling, that case +might be handled in a "standard" way (middleware) alongside the others. + +We propose middleware-solution, which could help developers implement the following cases: + +* add external logging (let's say sending reports to external services like [Sentry](https://sentry.io)); +* call panic for specific error cases; + +It will also make `OutOfGas` case and `default` case one of the middlewares. +`Default` case wraps recovery object to an error and logs it ([example middleware implementation](#Recovery-middleware)). + +Our project has a sidecar service running alongside the blockchain node (smart contracts virtual machine). It is +essential that node <-> sidecar connectivity stays stable for TXs processing. So when the communication breaks we need +to crash the node and reboot it once the problem is solved. That behaviour makes node's state machine execution +deterministic. As all keeper panics are caught by runTx's `defer()` handler, we have to adjust the BaseApp code +in order to customize it. + +## Decision + +### Design + +#### Overview + +Instead of hardcoding custom error handling into BaseApp we suggest using set of middlewares which can be customized +externally and will allow developers use as many custom error handlers as they want. Implementation with tests +can be found [here](https://github.com/cosmos/cosmos-sdk/pull/6053). + +#### Implementation details + +##### Recovery handler + +New `RecoveryHandler` type added. `recoveryObj` input argument is an object returned by the standard Go function +`recover()` from the `builtin` package. + +```go +type RecoveryHandler func(recoveryObj interface{}) error +``` + +Handler should type assert (or other methods) an object to define if object should be handled. +`nil` should be returned if input object can't be handled by that `RecoveryHandler` (not a handler's target type). +Not `nil` error should be returned if input object was handled and middleware chain execution should be stopped. + +An example: + +```go +func exampleErrHandler(recoveryObj interface{}) error { + err, ok := recoveryObj.(error) + if !ok { return nil } + + if someSpecificError.Is(err) { + panic(customPanicMsg) + } else { + return nil + } +} +``` + +This example breaks the application execution, but it also might enrich the error's context like the `OutOfGas` handler. + +##### Recovery middleware + +We also add a middleware type (decorator). That function type wraps `RecoveryHandler` and returns the next middleware in +execution chain and handler's `error`. Type is used to separate actual `recovery()` object handling from middleware +chain processing. + +```go +type recoveryMiddleware func(recoveryObj interface{}) (recoveryMiddleware, error) + +func newRecoveryMiddleware(handler RecoveryHandler, next recoveryMiddleware) recoveryMiddleware { + return func(recoveryObj interface{}) (recoveryMiddleware, error) { + if err := handler(recoveryObj); err != nil { + return nil, err + } + return next, nil + } +} +``` + +Function receives a `recoveryObj` object and returns: + +* (next `recoveryMiddleware`, `nil`) if object wasn't handled (not a target type) by `RecoveryHandler`; +* (`nil`, not nil `error`) if input object was handled and other middlewares in the chain should not be executed; +* (`nil`, `nil`) in case of invalid behavior. Panic recovery might not have been properly handled; +this can be avoided by always using a `default` as a rightmost middleware in the chain (always returns an `error`'); + +`OutOfGas` middleware example: + +```go +func newOutOfGasRecoveryMiddleware(gasWanted uint64, ctx sdk.Context, next recoveryMiddleware) recoveryMiddleware { + handler := func(recoveryObj interface{}) error { + err, ok := recoveryObj.(sdk.ErrorOutOfGas) + if !ok { return nil } + + return errorsmod.Wrap( + sdkerrors.ErrOutOfGas, fmt.Sprintf( + "out of gas in location: %v; gasWanted: %d, gasUsed: %d", err.Descriptor, gasWanted, ctx.GasMeter().GasConsumed(), + ), + ) + } + + return newRecoveryMiddleware(handler, next) +} +``` + +`Default` middleware example: + +```go +func newDefaultRecoveryMiddleware() recoveryMiddleware { + handler := func(recoveryObj interface{}) error { + return errorsmod.Wrap( + sdkerrors.ErrPanic, fmt.Sprintf("recovered: %v\nstack:\n%v", recoveryObj, string(debug.Stack())), + ) + } + + return newRecoveryMiddleware(handler, nil) +} +``` + +##### Recovery processing + +Basic chain of middlewares processing would look like: + +```go +func processRecovery(recoveryObj interface{}, middleware recoveryMiddleware) error { + if middleware == nil { return nil } + + next, err := middleware(recoveryObj) + if err != nil { return err } + if next == nil { return nil } + + return processRecovery(recoveryObj, next) +} +``` + +That way we can create a middleware chain which is executed from left to right, the rightmost middleware is a +`default` handler which must return an `error`. + +##### BaseApp changes + +The `default` middleware chain must exist in a `BaseApp` object. `Baseapp` modifications: + +```go +type BaseApp struct { + // ... + runTxRecoveryMiddleware recoveryMiddleware +} + +func NewBaseApp(...) { + // ... + app.runTxRecoveryMiddleware = newDefaultRecoveryMiddleware() +} + +func (app *BaseApp) runTx(...) { + // ... + defer func() { + if r := recover(); r != nil { + recoveryMW := newOutOfGasRecoveryMiddleware(gasWanted, ctx, app.runTxRecoveryMiddleware) + err, result = processRecovery(r, recoveryMW), nil + } + + gInfo = sdk.GasInfo{GasWanted: gasWanted, GasUsed: ctx.GasMeter().GasConsumed()} + }() + // ... +} +``` + +Developers can add their custom `RecoveryHandler`s by providing `AddRunTxRecoveryHandler` as a BaseApp option parameter to the `NewBaseapp` constructor: + +```go +func (app *BaseApp) AddRunTxRecoveryHandler(handlers ...RecoveryHandler) { + for _, h := range handlers { + app.runTxRecoveryMiddleware = newRecoveryMiddleware(h, app.runTxRecoveryMiddleware) + } +} +``` + +This method would prepend handlers to an existing chain. + +## Consequences + +### Positive + +* Developers of Cosmos SDK based projects can add custom panic handlers to: + * add error context for custom panic sources (panic inside of custom keepers); + * emit `panic()`: passthrough recovery object to the Tendermint core; + * other necessary handling; +* Developers can use standard Cosmos SDK `BaseApp` implementation, rather that rewriting it in their projects; +* Proposed solution doesn't break the current "standard" `runTx()` flow; + +### Negative + +* Introduces changes to the execution model design. + +### Neutral + +* `OutOfGas` error handler becomes one of the middlewares; +* Default panic handler becomes one of the middlewares; + +## References + +* [PR-6053 with proposed solution](https://github.com/cosmos/cosmos-sdk/pull/6053) +* [Similar solution. ADR-010 Modular AnteHandler](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-010-modular-antehandler.md) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-023-protobuf-naming.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-023-protobuf-naming.md new file mode 100644 index 00000000..a192dfce --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-023-protobuf-naming.md @@ -0,0 +1,263 @@ +# ADR 023: Protocol Buffer Naming and Versioning Conventions + +## Changelog + +* 2020 April 27: Initial Draft +* 2020 August 5: Update guidelines + +## Status + +Accepted + +## Context + +Protocol Buffers provide a basic [style guide](https://developers.google.com/protocol-buffers/docs/style) +and [Buf](https://buf.build/docs/style-guide) builds upon that. To the +extent possible, we want to follow industry accepted guidelines and wisdom for +the effective usage of protobuf, deviating from those only when there is clear +rationale for our use case. + +### Adoption of `Any` + +The adoption of `google.protobuf.Any` as the recommended approach for encoding +interface types (as opposed to `oneof`) makes package naming a central part +of the encoding as fully-qualified message names now appear in encoded +messages. + +### Current Directory Organization + +Thus far we have mostly followed [Buf's](https://buf.build) [DEFAULT](https://buf.build/docs/lint-checkers#default) +recommendations, with the minor deviation of disabling [`PACKAGE_DIRECTORY_MATCH`](https://buf.build/docs/lint-checkers#file_layout) +which although being convenient for developing code comes with the warning +from Buf that: + +> you will have a very bad time with many Protobuf plugins across various languages if you do not do this + +### Adoption of gRPC Queries + +In [ADR 021](adr-021-protobuf-query-encoding.md), gRPC was adopted for Protobuf +native queries. The full gRPC service path thus becomes a key part of ABCI query +path. In the future, gRPC queries may be allowed from within persistent scripts +by technologies such as CosmWasm and these query routes would be stored within +script binaries. + +## Decision + +The goal of this ADR is to provide thoughtful naming conventions that: + +* encourage a good user experience for when users interact directly with +.proto files and fully-qualified protobuf names +* balance conciseness against the possibility of either over-optimizing (making +names too short and cryptic) or under-optimizing (just accepting bloated names +with lots of redundant information) + +These guidelines are meant to act as a style guide for both the Cosmos SDK and +third-party modules. + +As a starting point, we should adopt all of the [DEFAULT](https://buf.build/docs/lint-checkers#default) +checkers in [Buf's](https://buf.build) including [`PACKAGE_DIRECTORY_MATCH`](https://buf.build/docs/lint-checkers#file_layout), +except: + +* [PACKAGE_VERSION_SUFFIX](https://buf.build/docs/lint-checkers#package_version_suffix) +* [SERVICE_SUFFIX](https://buf.build/docs/lint-checkers#service_suffix) + +Further guidelines to be described below. + +### Principles + +#### Concise and Descriptive Names + +Names should be descriptive enough to convey their meaning and distinguish +them from other names. + +Given that we are using fully-qualifed names within +`google.protobuf.Any` as well as within gRPC query routes, we should aim to +keep names concise, without going overboard. The general rule of thumb should +be if a shorter name would convey more or else the same thing, pick the shorter +name. + +For instance, `cosmos.bank.MsgSend` (19 bytes) conveys roughly the same information +as `cosmos_sdk.x.bank.v1.MsgSend` (28 bytes) but is more concise. + +Such conciseness makes names both more pleasant to work with and take up less +space within transactions and on the wire. + +We should also resist the temptation to over-optimize, by making names +cryptically short with abbreviations. For instance, we shouldn't try to +reduce `cosmos.bank.MsgSend` to `csm.bk.MSnd` just to save a few bytes. + +The goal is to make names **_concise but not cryptic_**. + +#### Names are for Clients First + +Package and type names should be chosen for the benefit of users, not +necessarily because of legacy concerns related to the go code-base. + +#### Plan for Longevity + +In the interests of long-term support, we should plan on the names we do +choose to be in usage for a long time, so now is the opportunity to make +the best choices for the future. + +### Versioning + +#### Guidelines on Stable Package Versions + +In general, schema evolution is the way to update protobuf schemas. That means that new fields, +messages, and RPC methods are _added_ to existing schemas and old fields, messages and RPC methods +are maintained as long as possible. + +Breaking things is often unacceptable in a blockchain scenario. For instance, immutable smart contracts +may depend on certain data schemas on the host chain. If the host chain breaks those schemas, the smart +contract may be irreparably broken. Even when things can be fixed (for instance in client software), +this often comes at a high cost. + +Instead of breaking things, we should make every effort to evolve schemas rather than just breaking them. +[Buf](https://buf.build) breaking change detection should be used on all stable (non-alpha or beta) packages +to prevent such breakage. + +With that in mind, different stable versions (i.e. `v1` or `v2`) of a package should more or less be considered +different packages and this should be last resort approach for upgrading protobuf schemas. Scenarios where creating +a `v2` may make sense are: + +* we want to create a new module with similar functionality to an existing module and adding `v2` is the most natural +way to do this. In that case, there are really just two different, but similar modules with different APIs. +* we want to add a new revamped API for an existing module and it's just too cumbersome to add it to the existing package, +so putting it in `v2` is cleaner for users. In this case, care should be made to not deprecate support for +`v1` if it is actively used in immutable smart contracts. + +#### Guidelines on unstable (alpha and beta) package versions + +The following guidelines are recommended for marking packages as alpha or beta: + +* marking something as `alpha` or `beta` should be a last resort and just putting something in the +stable package (i.e. `v1` or `v2`) should be preferred +* a package _should_ be marked as `alpha` _if and only if_ there are active discussions to remove +or significantly alter the package in the near future +* a package _should_ be marked as `beta` _if and only if_ there is an active discussion to +significantly refactor/rework the functionality in the near future but not remove it +* modules _can and should_ have types in both stable (i.e. `v1` or `v2`) and unstable (`alpha` or `beta`) packages. + +_`alpha` and `beta` should not be used to avoid responsibility for maintaining compatibility._ +Whenever code is released into the wild, especially on a blockchain, there is a high cost to changing things. In some +cases, for instance with immutable smart contracts, a breaking change may be impossible to fix. + +When marking something as `alpha` or `beta`, maintainers should ask the questions: + +* what is the cost of asking others to change their code vs the benefit of us maintaining the optionality to change it? +* what is the plan for moving this to `v1` and how will that affect users? + +`alpha` or `beta` should really be used to communicate "changes are planned". + +As a case study, gRPC reflection is in the package `grpc.reflection.v1alpha`. It hasn't been changed since +2017 and it is now used in other widely used software like gRPCurl. Some folks probably use it in production services +and so if they actually went and changed the package to `grpc.reflection.v1`, some software would break and +they probably don't want to do that... So now the `v1alpha` package is more or less the de-facto `v1`. Let's not do that. + +The following are guidelines for working with non-stable packages: + +* [Buf's recommended version suffix](https://buf.build/docs/lint-checkers#package_version_suffix) +(ex. `v1alpha1`) _should_ be used for non-stable packages +* non-stable packages should generally be excluded from breaking change detection +* immutable smart contract modules (i.e. CosmWasm) _should_ block smart contracts/persistent +scripts from interacting with `alpha`/`beta` packages + +#### Omit v1 suffix + +Instead of using [Buf's recommended version suffix](https://buf.build/docs/lint-checkers#package_version_suffix), +we can omit `v1` for packages that don't actually have a second version. This +allows for more concise names for common use cases like `cosmos.bank.Send`. +Packages that do have a second or third version can indicate that with `.v2` +or `.v3`. + +### Package Naming + +#### Adopt a short, unique top-level package name + +Top-level packages should adopt a short name that is known to not collide with +other names in common usage within the Cosmos ecosystem. In the near future, a +registry should be created to reserve and index top-level package names used +within the Cosmos ecosystem. Because the Cosmos SDK is intended to provide +the top-level types for the Cosmos project, the top-level package name `cosmos` +is recommended for usage within the Cosmos SDK instead of the longer `cosmos_sdk`. +[ICS](https://github.com/cosmos/ics) specifications could consider a +short top-level package like `ics23` based upon the standard number. + +#### Limit sub-package depth + +Sub-package depth should be increased with caution. Generally a single +sub-package is needed for a module or a library. Even though `x` or `modules` +is used in source code to denote modules, this is often unnecessary for .proto +files as modules are the primary thing sub-packages are used for. Only items which +are known to be used infrequently should have deep sub-package depths. + +For the Cosmos SDK, it is recommended that we simply write `cosmos.bank`, +`cosmos.gov`, etc. rather than `cosmos.x.bank`. In practice, most non-module +types can go straight in the `cosmos` package or we can introduce a +`cosmos.base` package if needed. Note that this naming _will not_ change +go package names, i.e. the `cosmos.bank` protobuf package will still live in +`x/bank`. + +### Message Naming + +Message type names should be as concise possible without losing clarity. `sdk.Msg` +types which are used in transactions will retain the `Msg` prefix as that provides +helpful context. + +### Service and RPC Naming + +[ADR 021](adr-021-protobuf-query-encoding.md) specifies that modules should +implement a gRPC query service. We should consider the principle of conciseness +for query service and RPC names as these may be called from persistent script +modules such as CosmWasm. Also, users may use these query paths from tools like +[gRPCurl](https://github.com/fullstorydev/grpcurl). As an example, we can shorten +`/cosmos_sdk.x.bank.v1.QueryService/QueryBalance` to +`/cosmos.bank.Query/Balance` without losing much useful information. + +RPC request and response types _should_ follow the `ServiceNameMethodNameRequest`/ +`ServiceNameMethodNameResponse` naming convention. i.e. for an RPC method named `Balance` +on the `Query` service, the request and response types would be `QueryBalanceRequest` +and `QueryBalanceResponse`. This will be more self-explanatory than `BalanceRequest` +and `BalanceResponse`. + +#### Use just `Query` for the query service + +Instead of [Buf's default service suffix recommendation](https://github.com/cosmos/cosmos-sdk/pull/6033), +we should simply use the shorter `Query` for query services. + +For other types of gRPC services, we should consider sticking with Buf's +default recommendation. + +#### Omit `Get` and `Query` from query service RPC names + +`Get` and `Query` should be omitted from `Query` service names because they are +redundant in the fully-qualified name. For instance, `/cosmos.bank.Query/QueryBalance` +just says `Query` twice without any new information. + +## Future Improvements + +A registry of top-level package names should be created to coordinate naming +across the ecosystem, prevent collisions, and also help developers discover +useful schemas. A simple starting point would be a git repository with +community-based governance. + +## Consequences + +### Positive + +* names will be more concise and easier to read and type +* all transactions using `Any` will be at shorter (`_sdk.x` and `.v1` will be removed) +* `.proto` file imports will be more standard (without `"third_party/proto"` in +the path) +* code generation will be easier for clients because .proto files will be +in a single `proto/` directory which can be copied rather than scattered +throughout the Cosmos SDK + +### Negative + +### Neutral + +* `.proto` files will need to be reorganized and refactored +* some modules may need to be marked as alpha or beta + +## References diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-024-coin-metadata.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-024-coin-metadata.md new file mode 100644 index 00000000..71bedac5 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-024-coin-metadata.md @@ -0,0 +1,140 @@ +# ADR 024: Coin Metadata + +## Changelog + +* 05/19/2020: Initial draft + +## Status + +Proposed + +## Context + +Assets in the Cosmos SDK are represented via a `Coins` type that consists of an `amount` and a `denom`, +where the `amount` can be any arbitrarily large or small value. In addition, the Cosmos SDK uses an +account-based model where there are two types of primary accounts -- basic accounts and module accounts. +All account types have a set of balances that are composed of `Coins`. The `x/bank` module keeps +track of all balances for all accounts and also keeps track of the total supply of balances in an +application. + +With regards to a balance `amount`, the Cosmos SDK assumes a static and fixed unit of denomination, +regardless of the denomination itself. In other words, clients and apps built atop a Cosmos-SDK-based +chain may choose to define and use arbitrary units of denomination to provide a richer UX, however, by +the time a tx or operation reaches the Cosmos SDK state machine, the `amount` is treated as a single +unit. For example, for the Cosmos Hub (Gaia), clients assume 1 ATOM = 10^6 uatom, and so all txs and +operations in the Cosmos SDK work off of units of 10^6. + +This clearly provides a poor and limited UX especially as interoperability of networks increases and +as a result the total amount of asset types increases. We propose to have `x/bank` additionally keep +track of metadata per `denom` in order to help clients, wallet providers, and explorers improve their +UX and remove the requirement for making any assumptions on the unit of denomination. + +## Decision + +The `x/bank` module will be updated to store and index metadata by `denom`, specifically the "base" or +smallest unit -- the unit the Cosmos SDK state-machine works with. + +Metadata may also include a non-zero length list of denominations. Each entry contains the name of +the denomination `denom`, the exponent to the base and a list of aliases. An entry is to be +interpreted as `1 denom = 10^exponent base_denom` (e.g. `1 ETH = 10^18 wei` and `1 uatom = 10^0 uatom`). + +There are two denominations that are of high importance for clients: the `base`, which is the smallest +possible unit and the `display`, which is the unit that is commonly referred to in human communication +and on exchanges. The values in those fields link to an entry in the list of denominations. + +The list in `denom_units` and the `display` entry may be changed via governance. + +As a result, we can define the type as follows: + +```protobuf +message DenomUnit { + string denom = 1; + uint32 exponent = 2; + repeated string aliases = 3; +} + +message Metadata { + string description = 1; + repeated DenomUnit denom_units = 2; + string base = 3; + string display = 4; +} +``` + +As an example, the ATOM's metadata can be defined as follows: + +```json +{ + "name": "atom", + "description": "The native staking token of the Cosmos Hub.", + "denom_units": [ + { + "denom": "uatom", + "exponent": 0, + "aliases": [ + "microatom" + ], + }, + { + "denom": "matom", + "exponent": 3, + "aliases": [ + "milliatom" + ] + }, + { + "denom": "atom", + "exponent": 6, + } + ], + "base": "uatom", + "display": "atom", +} +``` + +Given the above metadata, a client may infer the following things: + +* 4.3atom = 4.3 * (10^6) = 4,300,000uatom +* The string "atom" can be used as a display name in a list of tokens. +* The balance 4300000 can be displayed as 4,300,000uatom or 4,300matom or 4.3atom. + The `display` denomination 4.3atom is a good default if the authors of the client don't make + an explicit decision to choose a different representation. + +A client should be able to query for metadata by denom both via the CLI and REST interfaces. In +addition, we will add handlers to these interfaces to convert from any unit to another given unit, +as the base framework for this already exists in the Cosmos SDK. + +Finally, we need to ensure metadata exists in the `GenesisState` of the `x/bank` module which is also +indexed by the base `denom`. + +```go +type GenesisState struct { + SendEnabled bool `json:"send_enabled" yaml:"send_enabled"` + Balances []Balance `json:"balances" yaml:"balances"` + Supply sdk.Coins `json:"supply" yaml:"supply"` + DenomMetadata []Metadata `json:"denom_metadata" yaml:"denom_metadata"` +} +``` + +## Future Work + +In order for clients to avoid having to convert assets to the base denomination -- either manually or +via an endpoint, we may consider supporting automatic conversion of a given unit input. + +## Consequences + +### Positive + +* Provides clients, wallet providers and block explorers with additional data on + asset denomination to improve UX and remove any need to make assumptions on + denomination units. + +### Negative + +* A small amount of required additional storage in the `x/bank` module. The amount + of additional storage should be minimal as the amount of total assets should not + be large. + +### Neutral + +## References diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-027-deterministic-protobuf-serialization.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-027-deterministic-protobuf-serialization.md new file mode 100644 index 00000000..66ce6e2b --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-027-deterministic-protobuf-serialization.md @@ -0,0 +1,314 @@ +# ADR 027: Deterministic Protobuf Serialization + +## Changelog + +* 2020-08-07: Initial Draft +* 2020-09-01: Further clarify rules + +## Status + +Proposed + +## Abstract + +Fully deterministic structure serialization, which works across many languages and clients, +is needed when signing messages. We need to be sure that whenever we serialize +a data structure, no matter in which supported language, the raw bytes +will stay the same. +[Protobuf](https://developers.google.com/protocol-buffers/docs/proto3) +serialization is not bijective (i.e. there exist a practically unlimited number of +valid binary representations for a given protobuf document)1. + +This document describes a deterministic serialization scheme for +a subset of protobuf documents, that covers this use case but can be reused in +other cases as well. + +### Context + +For signature verification in Cosmos SDK, the signer and verifier need to agree on +the same serialization of a `SignDoc` as defined in +[ADR-020](./adr-020-protobuf-transaction-encoding.md) without transmitting the +serialization. + +Currently, for block signatures we are using a workaround: we create a new [TxRaw](https://github.com/cosmos/cosmos-sdk/blob/9e85e81e0e8140067dd893421290c191529c148c/proto/cosmos/tx/v1beta1/tx.proto#L30) +instance (as defined in [adr-020-protobuf-transaction-encoding](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-020-protobuf-transaction-encoding.md#transactions)) +by converting all [Tx](https://github.com/cosmos/cosmos-sdk/blob/9e85e81e0e8140067dd893421290c191529c148c/proto/cosmos/tx/v1beta1/tx.proto#L13) +fields to bytes on the client side. This adds an additional manual +step when sending and signing transactions. + +### Decision + +The following encoding scheme is to be used by other ADRs, +and in particular for `SignDoc` serialization. + +## Specification + +### Scope + +This ADR defines a protobuf3 serializer. The output is a valid protobuf +serialization, such that every protobuf parser can parse it. + +No maps are supported in version 1 due to the complexity of defining a +deterministic serialization. This might change in future. Implementations must +reject documents containing maps as invalid input. + +### Background - Protobuf3 Encoding + +Most numeric types in protobuf3 are encoded as +[varints](https://developers.google.com/protocol-buffers/docs/encoding#varints). +Varints are at most 10 bytes, and since each varint byte has 7 bits of data, +varints are a representation of `uint70` (70-bit unsigned integer). When +encoding, numeric values are casted from their base type to `uint70`, and when +decoding, the parsed `uint70` is casted to the appropriate numeric type. + +The maximum valid value for a varint that complies with protobuf3 is +`FF FF FF FF FF FF FF FF FF 7F` (i.e. `2**70 -1`). If the field type is +`{,u,s}int64`, the highest 6 bits of the 70 are dropped during decoding, +introducing 6 bits of malleability. If the field type is `{,u,s}int32`, the +highest 38 bits of the 70 are dropped during decoding, introducing 38 bits of +malleability. + +Among other sources of non-determinism, this ADR eliminates the possibility of +encoding malleability. + +### Serialization rules + +The serialization is based on the +[protobuf3 encoding](https://developers.google.com/protocol-buffers/docs/encoding) +with the following additions: + +1. Fields must be serialized only once in ascending order +2. Extra fields or any extra data must not be added +3. [Default values](https://developers.google.com/protocol-buffers/docs/proto3#default) + must be omitted +4. `repeated` fields of scalar numeric types must use + [packed encoding](https://developers.google.com/protocol-buffers/docs/encoding#packed) +5. Varint encoding must not be longer than needed: + * No trailing zero bytes (in little endian, i.e. no leading zeroes in big + endian). Per rule 3 above, the default value of `0` must be omitted, so + this rule does not apply in such cases. + * The maximum value for a varint must be `FF FF FF FF FF FF FF FF FF 01`. + In other words, when decoded, the highest 6 bits of the 70-bit unsigned + integer must be `0`. (10-byte varints are 10 groups of 7 bits, i.e. + 70 bits, of which only the lowest 70-6=64 are useful.) + * The maximum value for 32-bit values in varint encoding must be `FF FF FF FF 0F` + with one exception (below). In other words, when decoded, the highest 38 + bits of the 70-bit unsigned integer must be `0`. + * The one exception to the above is _negative_ `int32`, which must be + encoded using the full 10 bytes for sign extension2. + * The maximum value for Boolean values in varint encoding must be `01` (i.e. + it must be `0` or `1`). Per rule 3 above, the default value of `0` must + be omitted, so if a Boolean is included it must have a value of `1`. + +While rule number 1. and 2. should be pretty straight forward and describe the +default behavior of all protobuf encoders the author is aware of, the 3rd rule +is more interesting. After a protobuf3 deserialization you cannot differentiate +between unset fields and fields set to the default value3. At +serialization level however, it is possible to set the fields with an empty +value or omitting them entirely. This is a significant difference to e.g. JSON +where a property can be empty (`""`, `0`), `null` or undefined, leading to 3 +different documents. + +Omitting fields set to default values is valid because the parser must assign +the default value to fields missing in the serialization4. For scalar +types, omitting defaults is required by the spec5. For `repeated` +fields, not serializing them is the only way to express empty lists. Enums must +have a first element of numeric value 0, which is the default6. And +message fields default to unset7. + +Omitting defaults allows for some amount of forward compatibility: users of +newer versions of a protobuf schema produce the same serialization as users of +older versions as long as newly added fields are not used (i.e. set to their +default value). + +### Implementation + +There are three main implementation strategies, ordered from the least to the +most custom development: + +* **Use a protobuf serializer that follows the above rules by default.** E.g. + [gogoproto](https://pkg.go.dev/github.com/cosmos/gogoproto/gogoproto) is known to + be compliant by in most cases, but not when certain annotations such as + `nullable = false` are used. It might also be an option to configure an + existing serializer accordingly. +* **Normalize default values before encoding them.** If your serializer follows + rule 1. and 2. and allows you to explicitly unset fields for serialization, + you can normalize default values to unset. This can be done when working with + [protobuf.js](https://www.npmjs.com/package/protobufjs): + + ```js + const bytes = SignDoc.encode({ + bodyBytes: body.length > 0 ? body : null, // normalize empty bytes to unset + authInfoBytes: authInfo.length > 0 ? authInfo : null, // normalize empty bytes to unset + chainId: chainId || null, // normalize "" to unset + accountNumber: accountNumber || null, // normalize 0 to unset + accountSequence: accountSequence || null, // normalize 0 to unset + }).finish(); + ``` + +* **Use a hand-written serializer for the types you need.** If none of the above + ways works for you, you can write a serializer yourself. For SignDoc this + would look something like this in Go, building on existing protobuf utilities: + + ```go + if !signDoc.body_bytes.empty() { + buf.WriteUVarInt64(0xA) // wire type and field number for body_bytes + buf.WriteUVarInt64(signDoc.body_bytes.length()) + buf.WriteBytes(signDoc.body_bytes) + } + + if !signDoc.auth_info.empty() { + buf.WriteUVarInt64(0x12) // wire type and field number for auth_info + buf.WriteUVarInt64(signDoc.auth_info.length()) + buf.WriteBytes(signDoc.auth_info) + } + + if !signDoc.chain_id.empty() { + buf.WriteUVarInt64(0x1a) // wire type and field number for chain_id + buf.WriteUVarInt64(signDoc.chain_id.length()) + buf.WriteBytes(signDoc.chain_id) + } + + if signDoc.account_number != 0 { + buf.WriteUVarInt64(0x20) // wire type and field number for account_number + buf.WriteUVarInt(signDoc.account_number) + } + + if signDoc.account_sequence != 0 { + buf.WriteUVarInt64(0x28) // wire type and field number for account_sequence + buf.WriteUVarInt(signDoc.account_sequence) + } + ``` + +### Test vectors + +Given the protobuf definition `Article.proto` + +```protobuf +package blog; +syntax = "proto3"; + +enum Type { + UNSPECIFIED = 0; + IMAGES = 1; + NEWS = 2; +}; + +enum Review { + UNSPECIFIED = 0; + ACCEPTED = 1; + REJECTED = 2; +}; + +message Article { + string title = 1; + string description = 2; + uint64 created = 3; + uint64 updated = 4; + bool public = 5; + bool promoted = 6; + Type type = 7; + Review review = 8; + repeated string comments = 9; + repeated string backlinks = 10; +}; +``` + +serializing the values + +```yaml +title: "The world needs change 🌳" +description: "" +created: 1596806111080 +updated: 0 +public: true +promoted: false +type: Type.NEWS +review: Review.UNSPECIFIED +comments: ["Nice one", "Thank you"] +backlinks: [] +``` + +must result in the serialization + +```text +0a1b54686520776f726c64206e65656473206368616e676520f09f8cb318e8bebec8bc2e280138024a084e696365206f6e654a095468616e6b20796f75 +``` + +When inspecting the serialized document, you see that every second field is +omitted: + +```shell +$ echo 0a1b54686520776f726c64206e65656473206368616e676520f09f8cb318e8bebec8bc2e280138024a084e696365206f6e654a095468616e6b20796f75 | xxd -r -p | protoc --decode_raw +1: "The world needs change \360\237\214\263" +3: 1596806111080 +5: 1 +7: 2 +9: "Nice one" +9: "Thank you" +``` + +## Consequences + +Having such an encoding available allows us to get deterministic serialization +for all protobuf documents we need in the context of Cosmos SDK signing. + +### Positive + +* Well defined rules that can be verified independent of a reference + implementation +* Simple enough to keep the barrier to implement transaction signing low +* It allows us to continue to use 0 and other empty values in SignDoc, avoiding + the need to work around 0 sequences. This does not imply the change from + https://github.com/cosmos/cosmos-sdk/pull/6949 should not be merged, but not + too important anymore. + +### Negative + +* When implementing transaction signing, the encoding rules above must be + understood and implemented. +* The need for rule number 3. adds some complexity to implementations. +* Some data structures may require custom code for serialization. Thus + the code is not very portable - it will require additional work for each + client implementing serialization to properly handle custom data structures. + +### Neutral + +### Usage in Cosmos SDK + +For the reasons mentioned above ("Negative" section) we prefer to keep workarounds +for shared data structure. Example: the aforementioned `TxRaw` is using raw bytes +as a workaround. This allows them to use any valid Protobuf library without +the need of implementing a custom serializer that adheres to this standard (and related risks of bugs). + +## References + +* 1 _When a message is serialized, there is no guaranteed order for + how its known or unknown fields should be written. Serialization order is an + implementation detail and the details of any particular implementation may + change in the future. Therefore, protocol buffer parsers must be able to parse + fields in any order._ from + https://developers.google.com/protocol-buffers/docs/encoding#order +* 2 https://developers.google.com/protocol-buffers/docs/encoding#signed_integers +* 3 _Note that for scalar message fields, once a message is parsed + there's no way of telling whether a field was explicitly set to the default + value (for example whether a boolean was set to false) or just not set at all: + you should bear this in mind when defining your message types. For example, + don't have a boolean that switches on some behavior when set to false if you + don't want that behavior to also happen by default._ from + https://developers.google.com/protocol-buffers/docs/proto3#default +* 4 _When a message is parsed, if the encoded message does not + contain a particular singular element, the corresponding field in the parsed + object is set to the default value for that field._ from + https://developers.google.com/protocol-buffers/docs/proto3#default +* 5 _Also note that if a scalar message field is set to its default, + the value will not be serialized on the wire._ from + https://developers.google.com/protocol-buffers/docs/proto3#default +* 6 _For enums, the default value is the first defined enum value, + which must be 0._ from + https://developers.google.com/protocol-buffers/docs/proto3#default +* 7 _For message fields, the field is not set. Its exact value is + language-dependent._ from + https://developers.google.com/protocol-buffers/docs/proto3#default +* Encoding rules and parts of the reasoning taken from + [canonical-proto3 Aaron Craelius](https://github.com/regen-network/canonical-proto3) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-028-public-key-addresses.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-028-public-key-addresses.md new file mode 100644 index 00000000..9f394f7a --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-028-public-key-addresses.md @@ -0,0 +1,342 @@ +# ADR 028: Public Key Addresses + +## Changelog + +* 2020/08/18: Initial version +* 2021/01/15: Analysis and algorithm update + +## Status + +Proposed + +## Abstract + +This ADR defines an address format for all addressable Cosmos SDK accounts. That includes: new public key algorithms, multisig public keys, and module accounts. + +## Context + +Issue [\#3685](https://github.com/cosmos/cosmos-sdk/issues/3685) identified that public key +address spaces are currently overlapping. We confirmed that it significantly decreases security of Cosmos SDK. + +### Problem + +An attacker can control an input for an address generation function. This leads to a birthday attack, which significantly decreases the security space. +To overcome this, we need to separate the inputs for different kind of account types: +a security break of one account type shouldn't impact the security of other account types. + +### Initial proposals + +One initial proposal was extending the address length and +adding prefixes for different types of addresses. + +@ethanfrey explained an alternate approach originally used in https://github.com/iov-one/weave: + +> I spent quite a bit of time thinking about this issue while building weave... The other cosmos Sdk. +> Basically I define a condition to be a type and format as human readable string with some binary data appended. This condition is hashed into an Address (again at 20 bytes). The use of this prefix makes it impossible to find a preimage for a given address with a different condition (eg ed25519 vs secp256k1). +> This is explained in depth here https://weave.readthedocs.io/en/latest/design/permissions.html +> And the code is here, look mainly at the top where we process conditions. https://github.com/iov-one/weave/blob/master/conditions.go + +And explained how this approach should be sufficiently collision resistant: + +> Yeah, AFAIK, 20 bytes should be collision resistance when the preimages are unique and not malleable. A space of 2^160 would expect some collision to be likely around 2^80 elements (birthday paradox). And if you want to find a collision for some existing element in the database, it is still 2^160. 2^80 only is if all these elements are written to state. +> The good example you brought up was eg. a public key bytes being a valid public key on two algorithms supported by the codec. Meaning if either was broken, you would break accounts even if they were secured with the safer variant. This is only as the issue when no differentiating type info is present in the preimage (before hashing into an address). +> I would like to hear an argument if the 20 bytes space is an actual issue for security, as I would be happy to increase my address sizes in weave. I just figured cosmos and ethereum and bitcoin all use 20 bytes, it should be good enough. And the arguments above which made me feel it was secure. But I have not done a deeper analysis. + +This led to the first proposal (which we proved to be not good enough): +we concatenate a key type with a public key, hash it and take the first 20 bytes of that hash, summarized as `sha256(keyTypePrefix || keybytes)[:20]`. + +### Review and Discussions + +In [\#5694](https://github.com/cosmos/cosmos-sdk/issues/5694) we discussed various solutions. +We agreed that 20 bytes it's not future proof, and extending the address length is the only way to allow addresses of different types, various signature types, etc. +This disqualifies the initial proposal. + +In the issue we discussed various modifications: + +* Choice of the hash function. +* Move the prefix out of the hash function: `keyTypePrefix + sha256(keybytes)[:20]` [post-hash-prefix-proposal]. +* Use double hashing: `sha256(keyTypePrefix + sha256(keybytes)[:20])`. +* Increase to keybytes hash slice from 20 byte to 32 or 40 bytes. We concluded that 32 bytes, produced by a good hash functions is future secure. + +### Requirements + +* Support currently used tools - we don't want to break an ecosystem, or add a long adaptation period. Ref: https://github.com/cosmos/cosmos-sdk/issues/8041 +* Try to keep the address length small - addresses are widely used in state, both as part of a key and object value. + +### Scope + +This ADR only defines a process for the generation of address bytes. For end-user interactions with addresses (through the API, or CLI, etc.), we still use bech32 to format these addresses as strings. This ADR doesn't change that. +Using Bech32 for string encoding gives us support for checksum error codes and handling of user typos. + +## Decision + +We define the following account types, for which we define the address function: + +1. simple accounts: represented by a regular public key (ie: secp256k1, sr25519) +2. naive multisig: accounts composed by other addressable objects (ie: naive multisig) +3. composed accounts with a native address key (ie: bls, group module accounts) +4. module accounts: basically any accounts which cannot sign transactions and which are managed internally by modules + +### Legacy Public Key Addresses Don't Change + +Currently (Jan 2021), the only officially supported Cosmos SDK user accounts are `secp256k1` basic accounts and legacy amino multisig. +They are used in existing Cosmos SDK zones. They use the following address formats: + +* secp256k1: `ripemd160(sha256(pk_bytes))[:20]` +* legacy amino multisig: `sha256(aminoCdc.Marshal(pk))[:20]` + +We don't want to change existing addresses. So the addresses for these two key types will remain the same. + +The current multisig public keys use amino serialization to generate the address. We will retain +those public keys and their address formatting, and call them "legacy amino" multisig public keys +in protobuf. We will also create multisig public keys without amino addresses to be described below. + +### Hash Function Choice + +As in other parts of the Cosmos SDK, we will use `sha256`. + +### Basic Address + +We start with defining a base algorithm for generating addresses which we will call `Hash`. Notably, it's used for accounts represented by a single key pair. For each public key schema we have to have an associated `typ` string, explained in the next section. `hash` is the cryptographic hash function defined in the previous section. + +```go +const A_LEN = 32 + +func Hash(typ string, key []byte) []byte { + return hash(hash(typ) + key)[:A_LEN] +} +``` + +The `+` is bytes concatenation, which doesn't use any separator. + +This algorithm is the outcome of a consultation session with a professional cryptographer. +Motivation: this algorithm keeps the address relatively small (length of the `typ` doesn't impact the length of the final address) +and it's more secure than [post-hash-prefix-proposal] (which uses the first 20 bytes of a pubkey hash, significantly reducing the address space). +Moreover the cryptographer motivated the choice of adding `typ` in the hash to protect against a switch table attack. + +`address.Hash` is a low level function to generate _base_ addresses for new key types. Example: + +* BLS: `address.Hash("bls", pubkey)` + +### Composed Addresses + +For simple composed accounts (like a new naive multisig) we generalize the `address.Hash`. The address is constructed by recursively creating addresses for the sub accounts, sorting the addresses and composing them into a single address. It ensures that the ordering of keys doesn't impact the resulting address. + +```go +// We don't need a PubKey interface - we need anything which is addressable. +type Addressable interface { + Address() []byte +} + +func Composed(typ string, subaccounts []Addressable) []byte { + addresses = map(subaccounts, \a -> LengthPrefix(a.Address())) + addresses = sort(addresses) + return address.Hash(typ, addresses[0] + ... + addresses[n]) +} +``` + +The `typ` parameter should be a schema descriptor, containing all significant attributes with deterministic serialization (eg: utf8 string). +`LengthPrefix` is a function which prepends 1 byte to the address. The value of that byte is the length of the address bits before prepending. The address must be at most 255 bits long. +We are using `LengthPrefix` to eliminate conflicts - it assures, that for 2 lists of addresses: `as = {a1, a2, ..., an}` and `bs = {b1, b2, ..., bm}` such that every `bi` and `ai` is at most 255 long, `concatenate(map(as, (a) => LengthPrefix(a))) = map(bs, (b) => LengthPrefix(b))` if `as = bs`. + +Implementation Tip: account implementations should cache addresses. + +#### Multisig Addresses + +For a new multisig public keys, we define the `typ` parameter not based on any encoding scheme (amino or protobuf). This avoids issues with non-determinism in the encoding scheme. + +Example: + +```protobuf +package cosmos.crypto.multisig; + +message PubKey { + uint32 threshold = 1; + repeated google.protobuf.Any pubkeys = 2; +} +``` + +```go +func (multisig PubKey) Address() { + // first gather all nested pub keys + var keys []address.Addressable // cryptotypes.PubKey implements Addressable + for _, _key := range multisig.Pubkeys { + keys = append(keys, key.GetCachedValue().(cryptotypes.PubKey)) + } + + // form the type from the message name (cosmos.crypto.multisig.PubKey) and the threshold joined together + prefix := fmt.Sprintf("%s/%d", proto.MessageName(multisig), multisig.Threshold) + + // use the Composed function defined above + return address.Composed(prefix, keys) +} +``` + + +### Derived Addresses + +We must be able to cryptographically derive one address from another one. The derivation process must guarantee hash properties, hence we use the already defined `Hash` function: + +```go +func Derive(address, derivationKey []byte) []byte { + return Hash(addres, derivationKey) +} +``` + +### Module Account Addresses + +A module account will have `"module"` type. Module accounts can have sub accounts. The submodule account will be created based on module name, and sequence of derivation keys. Typically, the first derivation key should be a class of the derived accounts. The derivation process has a defined order: module name, submodule key, subsubmodule key... An example module account is created using: + +```go +address.Module(moduleName, key) +``` + +An example sub-module account is created using: + +```go +groupPolicyAddresses := []byte{1} +address.Module(moduleName, groupPolicyAddresses, policyID) +``` + +The `address.Module` function is using `address.Hash` with `"module"` as the type argument, and byte representation of the module name concatenated with submodule key. The two last component must be uniquely separated to avoid potential clashes (example: modulename="ab" & submodulekey="bc" will have the same derivation key as modulename="a" & submodulekey="bbc"). +We use a null byte (`'\x00'`) to separate module name from the submodule key. This works, because null byte is not a part of a valid module name. Finally, the sub-submodule accounts are created by applying the `Derive` function recursively. +We could use `Derive` function also in the first step (rather than concatenating module name with zero byte and the submodule key). We decided to do concatenation to avoid one level of derivation and speed up computation. + +For backward compatibility with the existing `authtypes.NewModuleAddress`, we add a special case in `Module` function: when no derivation key is provided, we fallback to the "legacy" implementation. + +```go +func Module(moduleName string, derivationKeys ...[]byte) []byte{ + if len(derivationKeys) == 0 { + return authtypes.NewModuleAddress(modulenName) // legacy case + } + submoduleAddress := Hash("module", []byte(moduleName) + 0 + key) + return fold((a, k) => Derive(a, k), subsubKeys, submoduleAddress) +} +``` + +**Example 1** A lending BTC pool address would be: + +```go +btcPool := address.Module("lending", btc.Address()}) +``` + +If we want to create an address for a module account depending on more than one key, we can concatenate them: + +```go +btcAtomAMM := address.Module("amm", btc.Address() + atom.Address()}) +``` + +**Example 2** a smart-contract address could be constructed by: + +```go +smartContractAddr = Module("mySmartContractVM", smartContractsNamespace, smartContractKey}) + +// which equals to: +smartContractAddr = Derived( + Module("mySmartContractVM", smartContractsNamespace), + []{smartContractKey}) +``` + +### Schema Types + +A `typ` parameter used in `Hash` function SHOULD be unique for each account type. +Since all Cosmos SDK account types are serialized in the state, we propose to use the protobuf message name string. + +Example: all public key types have a unique protobuf message type similar to: + +```protobuf +package cosmos.crypto.sr25519; + +message PubKey { + bytes key = 1; +} +``` + +All protobuf messages have unique fully qualified names, in this example `cosmos.crypto.sr25519.PubKey`. +These names are derived directly from .proto files in a standardized way and used +in other places such as the type URL in `Any`s. We can easily obtain the name using +`proto.MessageName(msg)`. + +## Consequences + +### Backwards Compatibility + +This ADR is compatible with what was committed and directly supported in the Cosmos SDK repository. + +### Positive + +* a simple algorithm for generating addresses for new public keys, complex accounts and modules +* the algorithm generalizes _native composed keys_ +* increased security and collision resistance of addresses +* the approach is extensible for future use-cases - one can use other address types, as long as they don't conflict with the address length specified here (20 or 32 bytes). +* support new account types. + +### Negative + +* addresses do not communicate key type, a prefixed approach would have done this +* addresses are 60% longer and will consume more storage space +* requires a refactor of KVStore store keys to handle variable length addresses + +### Neutral + +* protobuf message names are used as key type prefixes + +## Further Discussions + +Some accounts can have a fixed name or may be constructed in other way (eg: modules). We were discussing an idea of an account with a predefined name (eg: `me.regen`), which could be used by institutions. +Without going into details, these kinds of addresses are compatible with the hash based addresses described here as long as they don't have the same length. +More specifically, any special account address must not have a length equal to 20 or 32 bytes. + +## Appendix: Consulting session + +End of Dec 2020 we had a session with [Alan Szepieniec](https://scholar.google.be/citations?user=4LyZn8oAAAAJ&hl=en) to consult the approach presented above. + +Alan general observations: + +* we don’t need 2-preimage resistance +* we need 32bytes address space for collision resistance +* when an attacker can control an input for object with an address then we have a problem with birthday attack +* there is an issue with smart-contracts for hashing +* sha2 mining can be use to breaking address pre-image + +Hashing algorithm + +* any attack breaking blake3 will break blake2 +* Alan is pretty confident about the current security analysis of the blake hash algorithm. It was a finalist, and the author is well known in security analysis. + +Algorithm: + +* Alan recommends to hash the prefix: `address(pub_key) = hash(hash(key_type) + pub_key)[:32]`, main benefits: + * we are free to user arbitrary long prefix names + * we still don’t risk collisions + * switch tables +* discussion about penalization -> about adding prefix post hash +* Aaron asked about post hash prefixes (`address(pub_key) = key_type + hash(pub_key)`) and differences. Alan noted that this approach has longer address space and it’s stronger. + +Algorithm for complex / composed keys: + +* merging tree like addresses with same algorithm are fine + +Module addresses: Should module addresses have different size to differentiate it? + +* we will need to set a pre-image prefix for module addresse to keept them in 32-byte space: `hash(hash('module') + module_key)` +* Aaron observation: we already need to deal with variable length (to not break secp256k1 keys). + +Discssion about arithmetic hash function for ZKP + +* Posseidon / Rescue +* Problem: much bigger risk because we don’t know much techniques and history of crypto-analysis of arithmetic constructions. It’s still a new ground and area of active research. + +Post quantum signature size + +* Alan suggestion: Falcon: speed / size ration - very good. +* Aaron - should we think about it? + Alan: based on early extrapolation this thing will get able to break EC cryptography in 2050 . But that’s a lot of uncertainty. But there is magic happening with recurions / linking / simulation and that can speedup the progress. + +Other ideas + +* Let’s say we use same key and two different address algorithms for 2 different use cases. Is it still safe to use it? Alan: if we want to hide the public key (which is not our use case), then it’s less secure but there are fixes. + +### References + +* [Notes](https://hackmd.io/_NGWI4xZSbKzj1BkCqyZMw) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-029-fee-grant-module.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-029-fee-grant-module.md new file mode 100644 index 00000000..6b52556f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-029-fee-grant-module.md @@ -0,0 +1,153 @@ +# ADR 029: Fee Grant Module + +## Changelog + +* 2020/08/18: Initial Draft +* 2021/05/05: Removed height based expiration support and simplified naming. + +## Status + +Accepted + +## Context + +In order to make blockchain transactions, the signing account must possess a sufficient balance of the right denomination +in order to pay fees. There are classes of transactions where needing to maintain a wallet with sufficient fees is a +barrier to adoption. + +For instance, when proper permissions are setup, someone may temporarily delegate the ability to vote on proposals to +a "burner" account that is stored on a mobile phone with only minimal security. + +Other use cases include workers tracking items in a supply chain or farmers submitting field data for analytics +or compliance purposes. + +For all of these use cases, UX would be significantly enhanced by obviating the need for these accounts to always +maintain the appropriate fee balance. This is especially true if we wanted to achieve enterprise adoption for something +like supply chain tracking. + +While one solution would be to have a service that fills up these accounts automatically with the appropriate fees, a better UX +would be provided by allowing these accounts to pull from a common fee pool account with proper spending limits. +A single pool would reduce the churn of making lots of small "fill up" transactions and also more effectively leverages +the resources of the organization setting up the pool. + +## Decision + +As a solution we propose a module, `x/feegrant` which allows one account, the "granter" to grant another account, the "grantee" +an allowance to spend the granter's account balance for fees within certain well-defined limits. + +Fee allowances are defined by the extensible `FeeAllowanceI` interface: + +```go +type FeeAllowanceI { + // Accept can use fee payment requested as well as timestamp of the current block + // to determine whether or not to process this. This is checked in + // Keeper.UseGrantedFees and the return values should match how it is handled there. + // + // If it returns an error, the fee payment is rejected, otherwise it is accepted. + // The FeeAllowance implementation is expected to update it's internal state + // and will be saved again after an acceptance. + // + // If remove is true (regardless of the error), the FeeAllowance will be deleted from storage + // (eg. when it is used up). (See call to RevokeFeeAllowance in Keeper.UseGrantedFees) + Accept(ctx sdk.Context, fee sdk.Coins, msgs []sdk.Msg) (remove bool, err error) + + // ValidateBasic should evaluate this FeeAllowance for internal consistency. + // Don't allow negative amounts, or negative periods for example. + ValidateBasic() error +} +``` + +Two basic fee allowance types, `BasicAllowance` and `PeriodicAllowance` are defined to support known use cases: + +```protobuf +// BasicAllowance implements FeeAllowanceI with a one-time grant of tokens +// that optionally expires. The delegatee can use up to SpendLimit to cover fees. +message BasicAllowance { + // spend_limit specifies the maximum amount of tokens that can be spent + // by this allowance and will be updated as tokens are spent. If it is + // empty, there is no spend limit and any amount of coins can be spent. + repeated cosmos_sdk.v1.Coin spend_limit = 1; + + // expiration specifies an optional time when this allowance expires + google.protobuf.Timestamp expiration = 2; +} + +// PeriodicAllowance extends FeeAllowanceI to allow for both a maximum cap, +// as well as a limit per time period. +message PeriodicAllowance { + BasicAllowance basic = 1; + + // period specifies the time duration in which period_spend_limit coins can + // be spent before that allowance is reset + google.protobuf.Duration period = 2; + + // period_spend_limit specifies the maximum number of coins that can be spent + // in the period + repeated cosmos_sdk.v1.Coin period_spend_limit = 3; + + // period_can_spend is the number of coins left to be spent before the period_reset time + repeated cosmos_sdk.v1.Coin period_can_spend = 4; + + // period_reset is the time at which this period resets and a new one begins, + // it is calculated from the start time of the first transaction after the + // last period ended + google.protobuf.Timestamp period_reset = 5; +} + +``` + +Allowances can be granted and revoked using `MsgGrantAllowance` and `MsgRevokeAllowance`: + +```protobuf +// MsgGrantAllowance adds permission for Grantee to spend up to Allowance +// of fees from the account of Granter. +message MsgGrantAllowance { + string granter = 1; + string grantee = 2; + google.protobuf.Any allowance = 3; + } + + // MsgRevokeAllowance removes any existing FeeAllowance from Granter to Grantee. + message MsgRevokeAllowance { + string granter = 1; + string grantee = 2; + } +``` + +In order to use allowances in transactions, we add a new field `granter` to the transaction `Fee` type: + +```protobuf +package cosmos.tx.v1beta1; + +message Fee { + repeated cosmos.base.v1beta1.Coin amount = 1; + uint64 gas_limit = 2; + string payer = 3; + string granter = 4; +} +``` + +`granter` must either be left empty or must correspond to an account which has granted +a fee allowance to fee payer (either the first signer or the value of the `payer` field). + +A new `AnteDecorator` named `DeductGrantedFeeDecorator` will be created in order to process transactions with `fee_payer` +set and correctly deduct fees based on fee allowances. + +## Consequences + +### Positive + +* improved UX for use cases where it is cumbersome to maintain an account balance just for fees + +### Negative + +### Neutral + +* a new field must be added to the transaction `Fee` message and a new `AnteDecorator` must be +created to use it + +## References + +* Blog article describing initial work: https://medium.com/regen-network/hacking-the-cosmos-cosmwasm-and-key-management-a08b9f561d1b +* Initial public specification: https://gist.github.com/aaronc/b60628017352df5983791cad30babe56 +* Original subkeys proposal from B-harvest which influenced this design: https://github.com/cosmos/cosmos-sdk/issues/4480 diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-030-authz-module.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-030-authz-module.md new file mode 100644 index 00000000..5aab72c5 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-030-authz-module.md @@ -0,0 +1,258 @@ +# ADR 030: Authorization Module + +## Changelog + +* 2019-11-06: Initial Draft +* 2020-10-12: Updated Draft +* 2020-11-13: Accepted +* 2020-05-06: proto API updates, use `sdk.Msg` instead of `sdk.ServiceMsg` (the latter concept was removed from Cosmos SDK) +* 2022-04-20: Updated the `SendAuthorization` proto docs to clarify the `SpendLimit` is a required field. (Generic authorization can be used with bank msg type url to create limit less bank authorization) + +## Status + +Accepted + +## Abstract + +This ADR defines the `x/authz` module which allows accounts to grant authorizations to perform actions +on behalf of that account to other accounts. + +## Context + +The concrete use cases which motivated this module include: + +* the desire to delegate the ability to vote on proposals to other accounts besides the account which one has +delegated stake +* "sub-keys" functionality, as originally proposed in [\#4480](https://github.com/cosmos/cosmos-sdk/issues/4480) which +is a term used to describe the functionality provided by this module together with +the `fee_grant` module from [ADR 029](./adr-029-fee-grant-module.md) and the [group module](https://github.com/cosmos/cosmos-sdk/tree/main/x/group). + +The "sub-keys" functionality roughly refers to the ability for one account to grant some subset of its capabilities to +other accounts with possibly less robust, but easier to use security measures. For instance, a master account representing +an organization could grant the ability to spend small amounts of the organization's funds to individual employee accounts. +Or an individual (or group) with a multisig wallet could grant the ability to vote on proposals to any one of the member +keys. + +The current implementation is based on work done by the [Gaian's team at Hackatom Berlin 2019](https://github.com/cosmos-gaians/cosmos-sdk/tree/hackatom/x/delegation). + +## Decision + +We will create a module named `authz` which provides functionality for +granting arbitrary privileges from one account (the _granter_) to another account (the _grantee_). Authorizations +must be granted for a particular `Msg` service methods one by one using an implementation +of `Authorization` interface. + +### Types + +Authorizations determine exactly what privileges are granted. They are extensible +and can be defined for any `Msg` service method even outside of the module where +the `Msg` method is defined. `Authorization`s reference `Msg`s using their TypeURL. + +#### Authorization + +```go +type Authorization interface { + proto.Message + + // MsgTypeURL returns the fully-qualified Msg TypeURL (as described in ADR 020), + // which will process and accept or reject a request. + MsgTypeURL() string + + // Accept determines whether this grant permits the provided sdk.Msg to be performed, and if + // so provides an upgraded authorization instance. + Accept(ctx sdk.Context, msg sdk.Msg) (AcceptResponse, error) + + // ValidateBasic does a simple validation check that + // doesn't require access to any other information. + ValidateBasic() error +} + +// AcceptResponse instruments the controller of an authz message if the request is accepted +// and if it should be updated or deleted. +type AcceptResponse struct { + // If Accept=true, the controller can accept and authorization and handle the update. + Accept bool + // If Delete=true, the controller must delete the authorization object and release + // storage resources. + Delete bool + // Controller, who is calling Authorization.Accept must check if `Updated != nil`. If yes, + // it must use the updated version and handle the update on the storage level. + Updated Authorization +} +``` + +For example a `SendAuthorization` like this is defined for `MsgSend` that takes +a `SpendLimit` and updates it down to zero: + +```go +type SendAuthorization struct { + // SpendLimit specifies the maximum amount of tokens that can be spent + // by this authorization and will be updated as tokens are spent. This field is required. (Generic authorization + // can be used with bank msg type url to create limit less bank authorization). + SpendLimit sdk.Coins +} + +func (a SendAuthorization) MsgTypeURL() string { + return sdk.MsgTypeURL(&MsgSend{}) +} + +func (a SendAuthorization) Accept(ctx sdk.Context, msg sdk.Msg) (authz.AcceptResponse, error) { + mSend, ok := msg.(*MsgSend) + if !ok { + return authz.AcceptResponse{}, sdkerrors.ErrInvalidType.Wrap("type mismatch") + } + limitLeft, isNegative := a.SpendLimit.SafeSub(mSend.Amount) + if isNegative { + return authz.AcceptResponse{}, sdkerrors.ErrInsufficientFunds.Wrapf("requested amount is more than spend limit") + } + if limitLeft.IsZero() { + return authz.AcceptResponse{Accept: true, Delete: true}, nil + } + + return authz.AcceptResponse{Accept: true, Delete: false, Updated: &SendAuthorization{SpendLimit: limitLeft}}, nil +} +``` + +A different type of capability for `MsgSend` could be implemented +using the `Authorization` interface with no need to change the underlying +`bank` module. + +##### Small notes on `AcceptResponse` + +* The `AcceptResponse.Accept` field will be set to `true` if the authorization is accepted. +However, if it is rejected, the function `Accept` will raise an error (without setting `AcceptResponse.Accept` to `false`). + +* The `AcceptResponse.Updated` field will be set to a non-nil value only if there is a real change to the authorization. +If authorization remains the same (as is, for instance, always the case for a [`GenericAuthorization`](#genericauthorization)), +the field will be `nil`. + +### `Msg` Service + +```protobuf +service Msg { + // Grant grants the provided authorization to the grantee on the granter's + // account with the provided expiration time. + rpc Grant(MsgGrant) returns (MsgGrantResponse); + + // Exec attempts to execute the provided messages using + // authorizations granted to the grantee. Each message should have only + // one signer corresponding to the granter of the authorization. + rpc Exec(MsgExec) returns (MsgExecResponse); + + // Revoke revokes any authorization corresponding to the provided method name on the + // granter's account that has been granted to the grantee. + rpc Revoke(MsgRevoke) returns (MsgRevokeResponse); +} + +// Grant gives permissions to execute +// the provided method with expiration time. +message Grant { + google.protobuf.Any authorization = 1 [(cosmos_proto.accepts_interface) = "cosmos.authz.v1beta1.Authorization"]; + google.protobuf.Timestamp expiration = 2 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false]; +} + +message MsgGrant { + string granter = 1; + string grantee = 2; + + Grant grant = 3 [(gogoproto.nullable) = false]; +} + +message MsgExecResponse { + cosmos.base.abci.v1beta1.Result result = 1; +} + +message MsgExec { + string grantee = 1; + // Authorization Msg requests to execute. Each msg must implement Authorization interface + repeated google.protobuf.Any msgs = 2 [(cosmos_proto.accepts_interface) = "cosmos.base.v1beta1.Msg"];; +} +``` + +### Router Middleware + +The `authz` `Keeper` will expose a `DispatchActions` method which allows other modules to send `Msg`s +to the router based on `Authorization` grants: + +```go +type Keeper interface { + // DispatchActions routes the provided msgs to their respective handlers if the grantee was granted an authorization + // to send those messages by the first (and only) signer of each msg. + DispatchActions(ctx sdk.Context, grantee sdk.AccAddress, msgs []sdk.Msg) sdk.Result` +} +``` + +### CLI + +#### `tx exec` Method + +When a CLI user wants to run a transaction on behalf of another account using `MsgExec`, they +can use the `exec` method. For instance `gaiacli tx gov vote 1 yes --from --generate-only | gaiacli tx authz exec --send-as --from ` +would send a transaction like this: + +```go +MsgExec { + Grantee: mykey, + Msgs: []sdk.Msg{ + MsgVote { + ProposalID: 1, + Voter: cosmos3thsdgh983egh823 + Option: Yes + } + } +} +``` + +#### `tx grant --from ` + +This CLI command will send a `MsgGrant` transaction. `authorization` should be encoded as +JSON on the CLI. + +#### `tx revoke --from ` + +This CLI command will send a `MsgRevoke` transaction. + +### Built-in Authorizations + +#### `SendAuthorization` + +```protobuf +// SendAuthorization allows the grantee to spend up to spend_limit coins from +// the granter's account. +message SendAuthorization { + repeated cosmos.base.v1beta1.Coin spend_limit = 1; +} +``` + +#### `GenericAuthorization` + +```protobuf +// GenericAuthorization gives the grantee unrestricted permissions to execute +// the provided method on behalf of the granter's account. +message GenericAuthorization { + option (cosmos_proto.implements_interface) = "Authorization"; + + // Msg, identified by it's type URL, to grant unrestricted permissions to execute + string msg = 1; +} +``` + +## Consequences + +### Positive + +* Users will be able to authorize arbitrary actions on behalf of their accounts to other +users, improving key management for many use cases +* The solution is more generic than previously considered approaches and the +`Authorization` interface approach can be extended to cover other use cases by +SDK users + +### Negative + +### Neutral + +## References + +* Initial Hackatom implementation: https://github.com/cosmos-gaians/cosmos-sdk/tree/hackatom/x/delegation +* Post-Hackatom spec: https://gist.github.com/aaronc/b60628017352df5983791cad30babe56#delegation-module +* B-Harvest subkeys spec: https://github.com/cosmos/cosmos-sdk/issues/4480 diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-031-msg-service.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-031-msg-service.md new file mode 100644 index 00000000..861f4b3f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-031-msg-service.md @@ -0,0 +1,202 @@ +# ADR 031: Protobuf Msg Services + +## Changelog + +* 2020-10-05: Initial Draft +* 2021-04-21: Remove `ServiceMsg`s to follow Protobuf `Any`'s spec, see [#9063](https://github.com/cosmos/cosmos-sdk/issues/9063). + +## Status + +Accepted + +## Abstract + +We want to leverage protobuf `service` definitions for defining `Msg`s which will give us significant developer UX +improvements in terms of the code that is generated and the fact that return types will now be well defined. + +## Context + +Currently `Msg` handlers in the Cosmos SDK do have return values that are placed in the `data` field of the response. +These return values, however, are not specified anywhere except in the golang handler code. + +In early conversations [it was proposed](https://docs.google.com/document/d/1eEgYgvgZqLE45vETjhwIw4VOqK-5hwQtZtjVbiXnIGc/edit) +that `Msg` return types be captured using a protobuf extension field, ex: + +```protobuf +package cosmos.gov; + +message MsgSubmitProposal + option (cosmos_proto.msg_return) = “uint64”; + string delegator_address = 1; + string validator_address = 2; + repeated sdk.Coin amount = 3; +} +``` + +This was never adopted, however. + +Having a well-specified return value for `Msg`s would improve client UX. For instance, +in `x/gov`, `MsgSubmitProposal` returns the proposal ID as a big-endian `uint64`. +This isn’t really documented anywhere and clients would need to know the internals +of the Cosmos SDK to parse that value and return it to users. + +Also, there may be cases where we want to use these return values programatically. +For instance, https://github.com/cosmos/cosmos-sdk/issues/7093 proposes a method for +doing inter-module Ocaps using the `Msg` router. A well-defined return type would +improve the developer UX for this approach. + +In addition, handler registration of `Msg` types tends to add a bit of +boilerplate on top of keepers and is usually done through manual type switches. +This isn't necessarily bad, but it does add overhead to creating modules. + +## Decision + +We decide to use protobuf `service` definitions for defining `Msg`s as well as +the code generated by them as a replacement for `Msg` handlers. + +Below we define how this will look for the `SubmitProposal` message from `x/gov` module. +We start with a `Msg` `service` definition: + +```protobuf +package cosmos.gov; + +service Msg { + rpc SubmitProposal(MsgSubmitProposal) returns (MsgSubmitProposalResponse); +} + +// Note that for backwards compatibility this uses MsgSubmitProposal as the request +// type instead of the more canonical MsgSubmitProposalRequest +message MsgSubmitProposal { + google.protobuf.Any content = 1; + string proposer = 2; +} + +message MsgSubmitProposalResponse { + uint64 proposal_id; +} +``` + +While this is most commonly used for gRPC, overloading protobuf `service` definitions like this does not violate +the intent of the [protobuf spec](https://developers.google.com/protocol-buffers/docs/proto3#services) which says: +> If you don’t want to use gRPC, it’s also possible to use protocol buffers with your own RPC implementation. +With this approach, we would get an auto-generated `MsgServer` interface: + +In addition to clearly specifying return types, this has the benefit of generating client and server code. On the server +side, this is almost like an automatically generated keeper method and could maybe be used intead of keepers eventually +(see [\#7093](https://github.com/cosmos/cosmos-sdk/issues/7093)): + +```go +package gov + +type MsgServer interface { + SubmitProposal(context.Context, *MsgSubmitProposal) (*MsgSubmitProposalResponse, error) +} +``` + +On the client side, developers could take advantage of this by creating RPC implementations that encapsulate transaction +logic. Protobuf libraries that use asynchronous callbacks, like [protobuf.js](https://github.com/protobufjs/protobuf.js#using-services) +could use this to register callbacks for specific messages even for transactions that include multiple `Msg`s. + +Each `Msg` service method should have exactly one request parameter: its corresponding `Msg` type. For example, the `Msg` service method `/cosmos.gov.v1beta1.Msg/SubmitProposal` above has exactly one request parameter, namely the `Msg` type `/cosmos.gov.v1beta1.MsgSubmitProposal`. It is important the reader understands clearly the nomenclature difference between a `Msg` service (a Protobuf service) and a `Msg` type (a Protobuf message), and the differences in their fully-qualified name. + +This convention has been decided over the more canonical `Msg...Request` names mainly for backwards compatibility, but also for better readability in `TxBody.messages` (see [Encoding section](#encoding) below): transactions containing `/cosmos.gov.MsgSubmitProposal` read better than those containing `/cosmos.gov.v1beta1.MsgSubmitProposalRequest`. + +One consequence of this convention is that each `Msg` type can be the request parameter of only one `Msg` service method. However, we consider this limitation a good practice in explicitness. + +### Encoding + +Encoding of transactions generated with `Msg` services do not differ from current Protobuf transaction encoding as defined in [ADR-020](./adr-020-protobuf-transaction-encoding.md). We are encoding `Msg` types (which are exactly `Msg` service methods' request parameters) as `Any` in `Tx`s which involves packing the +binary-encoded `Msg` with its type URL. + +### Decoding + +Since `Msg` types are packed into `Any`, decoding transactions messages are done by unpacking `Any`s into `Msg` types. For more information, please refer to [ADR-020](./adr-020-protobuf-transaction-encoding.md#transactions). + +### Routing + +We propose to add a `msg_service_router` in BaseApp. This router is a key/value map which maps `Msg` types' `type_url`s to their corresponding `Msg` service method handler. Since there is a 1-to-1 mapping between `Msg` types and `Msg` service method, the `msg_service_router` has exactly one entry per `Msg` service method. + +When a transaction is processed by BaseApp (in CheckTx or in DeliverTx), its `TxBody.messages` are decoded as `Msg`s. Each `Msg`'s `type_url` is matched against an entry in the `msg_service_router`, and the respective `Msg` service method handler is called. + +For backward compatability, the old handlers are not removed yet. If BaseApp receives a legacy `Msg` with no correspoding entry in the `msg_service_router`, it will be routed via its legacy `Route()` method into the legacy handler. + +### Module Configuration + +In [ADR 021](./adr-021-protobuf-query-encoding.md), we introduced a method `RegisterQueryService` +to `AppModule` which allows for modules to register gRPC queriers. + +To register `Msg` services, we attempt a more extensible approach by converting `RegisterQueryService` +to a more generic `RegisterServices` method: + +```go +type AppModule interface { + RegisterServices(Configurator) + ... +} + +type Configurator interface { + QueryServer() grpc.Server + MsgServer() grpc.Server +} + +// example module: +func (am AppModule) RegisterServices(cfg Configurator) { + types.RegisterQueryServer(cfg.QueryServer(), keeper) + types.RegisterMsgServer(cfg.MsgServer(), keeper) +} +``` + +The `RegisterServices` method and the `Configurator` interface are intended to +evolve to satisfy the use cases discussed in [\#7093](https://github.com/cosmos/cosmos-sdk/issues/7093) +and [\#7122](https://github.com/cosmos/cosmos-sdk/issues/7421). + +When `Msg` services are registered, the framework _should_ verify that all `Msg` types +implement the `sdk.Msg` interface and throw an error during initialization rather +than later when transactions are processed. + +### `Msg` Service Implementation + +Just like query services, `Msg` service methods can retrieve the `sdk.Context` +from the `context.Context` parameter method using the `sdk.UnwrapSDKContext` +method: + +```go +package gov + +func (k Keeper) SubmitProposal(goCtx context.Context, params *types.MsgSubmitProposal) (*MsgSubmitProposalResponse, error) { + ctx := sdk.UnwrapSDKContext(goCtx) + ... +} +``` + +The `sdk.Context` should have an `EventManager` already attached by BaseApp's `msg_service_router`. + +Separate handler definition is no longer needed with this approach. + +## Consequences + +This design changes how a module functionality is exposed and accessed. It deprecates the existing `Handler` interface and `AppModule.Route` in favor of [Protocol Buffer Services](https://developers.google.com/protocol-buffers/docs/proto3#services) and Service Routing described above. This dramatically simplifies the code. We don't need to create handlers and keepers any more. Use of Protocol Buffer auto-generated clients clearly separates the communication interfaces between the module and a modules user. The control logic (aka handlers and keepers) is not exposed any more. A module interface can be seen as a black box accessible through a client API. It's worth to note that the client interfaces are also generated by Protocol Buffers. + +This also allows us to change how we perform functional tests. Instead of mocking AppModules and Router, we will mock a client (server will stay hidden). More specifically: we will never mock `moduleA.MsgServer` in `moduleB`, but rather `moduleA.MsgClient`. One can think about it as working with external services (eg DBs, or online servers...). We assume that the transmission between clients and servers is correctly handled by generated Protocol Buffers. + +Finally, closing a module to client API opens desirable OCAP patterns discussed in ADR-033. Since server implementation and interface is hidden, nobody can hold "keepers"/servers and will be forced to relay on the client interface, which will drive developers for correct encapsulation and software engineering patterns. + +### Pros + +* communicates return type clearly +* manual handler registration and return type marshaling is no longer needed, just implement the interface and register it +* communication interface is automatically generated, the developer can now focus only on the state transition methods - this would improve the UX of [\#7093](https://github.com/cosmos/cosmos-sdk/issues/7093) approach (1) if we chose to adopt that +* generated client code could be useful for clients and tests +* dramatically reduces and simplifies the code + +### Cons + +* using `service` definitions outside the context of gRPC could be confusing (but doesn’t violate the proto3 spec) + +## References + +* [Initial Github Issue \#7122](https://github.com/cosmos/cosmos-sdk/issues/7122) +* [proto 3 Language Guide: Defining Services](https://developers.google.com/protocol-buffers/docs/proto3#services) +* [Initial pre-`Any` `Msg` designs](https://docs.google.com/document/d/1eEgYgvgZqLE45vETjhwIw4VOqK-5hwQtZtjVbiXnIGc) +* [ADR 020](./adr-020-protobuf-transaction-encoding.md) +* [ADR 021](./adr-021-protobuf-query-encoding.md) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-032-typed-events.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-032-typed-events.md new file mode 100644 index 00000000..c1dd0a73 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-032-typed-events.md @@ -0,0 +1,319 @@ +# ADR 032: Typed Events + +## Changelog + +* 28-Sept-2020: Initial Draft + +## Authors + +* Anil Kumar (@anilcse) +* Jack Zampolin (@jackzampolin) +* Adam Bozanich (@boz) + +## Status + +Proposed + +## Abstract + +Currently in the Cosmos SDK, events are defined in the handlers for each message as well as `BeginBlock` and `EndBlock`. Each module doesn't have types defined for each event, they are implemented as `map[string]string`. Above all else this makes these events difficult to consume as it requires a great deal of raw string matching and parsing. This proposal focuses on updating the events to use **typed events** defined in each module such that emiting and subscribing to events will be much easier. This workflow comes from the experience of the Akash Network team. + +## Context + +Currently in the Cosmos SDK, events are defined in the handlers for each message, meaning each module doesn't have a cannonical set of types for each event. Above all else this makes these events difficult to consume as it requires a great deal of raw string matching and parsing. This proposal focuses on updating the events to use **typed events** defined in each module such that emiting and subscribing to events will be much easier. This workflow comes from the experience of the Akash Network team. + +[Our platform](http://github.com/ovrclk/akash) requires a number of programatic on chain interactions both on the provider (datacenter - to bid on new orders and listen for leases created) and user (application developer - to send the app manifest to the provider) side. In addition the Akash team is now maintaining the IBC [`relayer`](https://github.com/ovrclk/relayer), another very event driven process. In working on these core pieces of infrastructure, and integrating lessons learned from Kubernetes developement, our team has developed a standard method for defining and consuming typed events in Cosmos SDK modules. We have found that it is extremely useful in building this type of event driven application. + +As the Cosmos SDK gets used more extensively for apps like `peggy`, other peg zones, IBC, DeFi, etc... there will be an exploding demand for event driven applications to support new features desired by users. We propose upstreaming our findings into the Cosmos SDK to enable all Cosmos SDK applications to quickly and easily build event driven apps to aid their core application. Wallets, exchanges, explorers, and defi protocols all stand to benefit from this work. + +If this proposal is accepted, users will be able to build event driven Cosmos SDK apps in go by just writing `EventHandler`s for their specific event types and passing them to `EventEmitters` that are defined in the Cosmos SDK. + +The end of this proposal contains a detailed example of how to consume events after this refactor. + +This proposal is specifically about how to consume these events as a client of the blockchain, not for intermodule communication. + +## Decision + +**Step-1**: Implement additional functionality in the `types` package: `EmitTypedEvent` and `ParseTypedEvent` functions + +```go +// types/events.go + +// EmitTypedEvent takes typed event and emits converting it into sdk.Event +func (em *EventManager) EmitTypedEvent(event proto.Message) error { + evtType := proto.MessageName(event) + evtJSON, err := codec.ProtoMarshalJSON(event) + if err != nil { + return err + } + + var attrMap map[string]json.RawMessage + err = json.Unmarshal(evtJSON, &attrMap) + if err != nil { + return err + } + + var attrs []abci.EventAttribute + for k, v := range attrMap { + attrs = append(attrs, abci.EventAttribute{ + Key: []byte(k), + Value: v, + }) + } + + em.EmitEvent(Event{ + Type: evtType, + Attributes: attrs, + }) + + return nil +} + +// ParseTypedEvent converts abci.Event back to typed event +func ParseTypedEvent(event abci.Event) (proto.Message, error) { + concreteGoType := proto.MessageType(event.Type) + if concreteGoType == nil { + return nil, fmt.Errorf("failed to retrieve the message of type %q", event.Type) + } + + var value reflect.Value + if concreteGoType.Kind() == reflect.Ptr { + value = reflect.New(concreteGoType.Elem()) + } else { + value = reflect.Zero(concreteGoType) + } + + protoMsg, ok := value.Interface().(proto.Message) + if !ok { + return nil, fmt.Errorf("%q does not implement proto.Message", event.Type) + } + + attrMap := make(map[string]json.RawMessage) + for _, attr := range event.Attributes { + attrMap[string(attr.Key)] = attr.Value + } + + attrBytes, err := json.Marshal(attrMap) + if err != nil { + return nil, err + } + + err = jsonpb.Unmarshal(strings.NewReader(string(attrBytes)), protoMsg) + if err != nil { + return nil, err + } + + return protoMsg, nil +} +``` + +Here, the `EmitTypedEvent` is a method on `EventManager` which takes typed event as input and apply json serialization on it. Then it maps the JSON key/value pairs to `event.Attributes` and emits it in form of `sdk.Event`. `Event.Type` will be the type URL of the proto message. + +When we subscribe to emitted events on the CometBFT websocket, they are emitted in the form of an `abci.Event`. `ParseTypedEvent` parses the event back to it's original proto message. + +**Step-2**: Add proto definitions for typed events for msgs in each module: + +For example, let's take `MsgSubmitProposal` of `gov` module and implement this event's type. + +```protobuf +// proto/cosmos/gov/v1beta1/gov.proto +// Add typed event definition + +package cosmos.gov.v1beta1; + +message EventSubmitProposal { + string from_address = 1; + uint64 proposal_id = 2; + TextProposal proposal = 3; +} +``` + +**Step-3**: Refactor event emission to use the typed event created and emit using `sdk.EmitTypedEvent`: + +```go +// x/gov/handler.go +func handleMsgSubmitProposal(ctx sdk.Context, keeper keeper.Keeper, msg types.MsgSubmitProposalI) (*sdk.Result, error) { + ... + types.Context.EventManager().EmitTypedEvent( + &EventSubmitProposal{ + FromAddress: fromAddress, + ProposalId: id, + Proposal: proposal, + }, + ) + ... +} +``` + +### How to subscribe to these typed events in `Client` + +> NOTE: Full code example below + +Users will be able to subscribe using `client.Context.Client.Subscribe` and consume events which are emitted using `EventHandler`s. + +Akash Network has built a simple [`pubsub`](https://github.com/ovrclk/akash/blob/90d258caeb933b611d575355b8df281208a214f8/pubsub/bus.go#L20). This can be used to subscribe to `abci.Events` and [publish](https://github.com/ovrclk/akash/blob/90d258caeb933b611d575355b8df281208a214f8/events/publish.go#L21) them as typed events. + +Please see the below code sample for more detail on this flow looks for clients. + +## Consequences + +### Positive + +* Improves consistency of implementation for the events currently in the Cosmos SDK +* Provides a much more ergonomic way to handle events and facilitates writing event driven applications +* This implementation will support a middleware ecosystem of `EventHandler`s + +### Negative + +## Detailed code example of publishing events + +This ADR also proposes adding affordances to emit and consume these events. This way developers will only need to write +`EventHandler`s which define the actions they desire to take. + +```go +// EventEmitter is a type that describes event emitter functions +// This should be defined in `types/events.go` +type EventEmitter func(context.Context, client.Context, ...EventHandler) error + +// EventHandler is a type of function that handles events coming out of the event bus +// This should be defined in `types/events.go` +type EventHandler func(proto.Message) error + +// Sample use of the functions below +func main() { + ctx, cancel := context.WithCancel(context.Background()) + + if err := TxEmitter(ctx, client.Context{}.WithNodeURI("tcp://localhost:26657"), SubmitProposalEventHandler); err != nil { + cancel() + panic(err) + } + + return +} + +// SubmitProposalEventHandler is an example of an event handler that prints proposal details +// when any EventSubmitProposal is emitted. +func SubmitProposalEventHandler(ev proto.Message) (err error) { + switch event := ev.(type) { + // Handle governance proposal events creation events + case govtypes.EventSubmitProposal: + // Users define business logic here e.g. + fmt.Println(ev.FromAddress, ev.ProposalId, ev.Proposal) + return nil + default: + return nil + } +} + +// TxEmitter is an example of an event emitter that emits just transaction events. This can and +// should be implemented somewhere in the Cosmos SDK. The Cosmos SDK can include an EventEmitters for tm.event='Tx' +// and/or tm.event='NewBlock' (the new block events may contain typed events) +func TxEmitter(ctx context.Context, cliCtx client.Context, ehs ...EventHandler) (err error) { + // Instantiate and start CometBFT RPC client + client, err := cliCtx.GetNode() + if err != nil { + return err + } + + if err = client.Start(); err != nil { + return err + } + + // Start the pubsub bus + bus := pubsub.NewBus() + defer bus.Close() + + // Initialize a new error group + eg, ctx := errgroup.WithContext(ctx) + + // Publish chain events to the pubsub bus + eg.Go(func() error { + return PublishChainTxEvents(ctx, client, bus, simapp.ModuleBasics) + }) + + // Subscribe to the bus events + subscriber, err := bus.Subscribe() + if err != nil { + return err + } + + // Handle all the events coming out of the bus + eg.Go(func() error { + var err error + for { + select { + case <-ctx.Done(): + return nil + case <-subscriber.Done(): + return nil + case ev := <-subscriber.Events(): + for _, eh := range ehs { + if err = eh(ev); err != nil { + break + } + } + } + } + return nil + }) + + return group.Wait() +} + +// PublishChainTxEvents events using cmtclient. Waits on context shutdown signals to exit. +func PublishChainTxEvents(ctx context.Context, client cmtclient.EventsClient, bus pubsub.Bus, mb module.BasicManager) (err error) { + // Subscribe to transaction events + txch, err := client.Subscribe(ctx, "txevents", "tm.event='Tx'", 100) + if err != nil { + return err + } + + // Unsubscribe from transaction events on function exit + defer func() { + err = client.UnsubscribeAll(ctx, "txevents") + }() + + // Use errgroup to manage concurrency + g, ctx := errgroup.WithContext(ctx) + + // Publish transaction events in a goroutine + g.Go(func() error { + var err error + for { + select { + case <-ctx.Done(): + break + case ed := <-ch: + switch evt := ed.Data.(type) { + case cmttypes.EventDataTx: + if !evt.Result.IsOK() { + continue + } + // range over events, parse them using the basic manager and + // send them to the pubsub bus + for _, abciEv := range events { + typedEvent, err := sdk.ParseTypedEvent(abciEv) + if err != nil { + return er + } + if err := bus.Publish(typedEvent); err != nil { + bus.Close() + return + } + continue + } + } + } + } + return err + }) + + // Exit on error or context cancelation + return g.Wait() +} +``` + +## References + +* [Publish Custom Events via a bus](https://github.com/ovrclk/akash/blob/90d258caeb933b611d575355b8df281208a214f8/events/publish.go#L19-L58) +* [Consuming the events in `Client`](https://github.com/ovrclk/deploy/blob/bf6c633ab6c68f3026df59efd9982d6ca1bf0561/cmd/event-handlers.go#L57) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-033-protobuf-inter-module-comm.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-033-protobuf-inter-module-comm.md new file mode 100644 index 00000000..28c69a91 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-033-protobuf-inter-module-comm.md @@ -0,0 +1,400 @@ +# ADR 033: Protobuf-based Inter-Module Communication + +## Changelog + +* 2020-10-05: Initial Draft + +## Status + +Proposed + +## Abstract + +This ADR introduces a system for permissioned inter-module communication leveraging the protobuf `Query` and `Msg` +service definitions defined in [ADR 021](./adr-021-protobuf-query-encoding.md) and +[ADR 031](./adr-031-msg-service.md) which provides: + +* stable protobuf based module interfaces to potentially later replace the keeper paradigm +* stronger inter-module object capabilities (OCAPs) guarantees +* module accounts and sub-account authorization + +## Context + +In the current Cosmos SDK documentation on the [Object-Capability Model](../../learn/advanced/10-ocap.md), it is stated that: + +> We assume that a thriving ecosystem of Cosmos SDK modules that are easy to compose into a blockchain application will contain faulty or malicious modules. + +There is currently not a thriving ecosystem of Cosmos SDK modules. We hypothesize that this is in part due to: + +1. lack of a stable v1.0 Cosmos SDK to build modules off of. Module interfaces are changing, sometimes dramatically, from +point release to point release, often for good reasons, but this does not create a stable foundation to build on. +2. lack of a properly implemented object capability or even object-oriented encapsulation system which makes refactors +of module keeper interfaces inevitable because the current interfaces are poorly constrained. + +### `x/bank` Case Study + +Currently the `x/bank` keeper gives pretty much unrestricted access to any module which references it. For instance, the +`SetBalance` method allows the caller to set the balance of any account to anything, bypassing even proper tracking of supply. + +There appears to have been some later attempts to implement some semblance of OCAPs using module-level minting, staking +and burning permissions. These permissions allow a module to mint, burn or delegate tokens with reference to the module’s +own account. These permissions are actually stored as a `[]string` array on the `ModuleAccount` type in state. + +However, these permissions don’t really do much. They control what modules can be referenced in the `MintCoins`, +`BurnCoins` and `DelegateCoins***` methods, but for one there is no unique object capability token that controls access — +just a simple string. So the `x/upgrade` module could mint tokens for the `x/staking` module simple by calling +`MintCoins(“staking”)`. Furthermore, all modules which have access to these keeper methods, also have access to +`SetBalance` negating any other attempt at OCAPs and breaking even basic object-oriented encapsulation. + +## Decision + +Based on [ADR-021](./adr-021-protobuf-query-encoding.md) and [ADR-031](./adr-031-msg-service.md), we introduce the +Inter-Module Communication framework for secure module authorization and OCAPs. +When implemented, this could also serve as an alternative to the existing paradigm of passing keepers between +modules. The approach outlined here-in is intended to form the basis of a Cosmos SDK v1.0 that provides the necessary +stability and encapsulation guarantees that allow a thriving module ecosystem to emerge. + +Of particular note — the decision is to _enable_ this functionality for modules to adopt at their own discretion. +Proposals to migrate existing modules to this new paradigm will have to be a separate conversation, potentially +addressed as amendments to this ADR. + +### New "Keeper" Paradigm + +In [ADR 021](./adr-021-protobuf-query-encoding.md), a mechanism for using protobuf service definitions to define queriers +was introduced and in [ADR 31](./adr-031-msg-service.md), a mechanism for using protobuf service to define `Msg`s was added. +Protobuf service definitions generate two golang interfaces representing the client and server sides of a service plus +some helper code. Here is a minimal example for the bank `cosmos.bank.Msg/Send` message type: + +```go +package bank + +type MsgClient interface { + Send(context.Context, *MsgSend, opts ...grpc.CallOption) (*MsgSendResponse, error) +} + +type MsgServer interface { + Send(context.Context, *MsgSend) (*MsgSendResponse, error) +} +``` + +[ADR 021](./adr-021-protobuf-query-encoding.md) and [ADR 31](./adr-031-msg-service.md) specifies how modules can implement the generated `QueryServer` +and `MsgServer` interfaces as replacements for the legacy queriers and `Msg` handlers respectively. + +In this ADR we explain how modules can make queries and send `Msg`s to other modules using the generated `QueryClient` +and `MsgClient` interfaces and propose this mechanism as a replacement for the existing `Keeper` paradigm. To be clear, +this ADR does not necessitate the creation of new protobuf definitions or services. Rather, it leverages the same proto +based service interfaces already used by clients for inter-module communication. + +Using this `QueryClient`/`MsgClient` approach has the following key benefits over exposing keepers to external modules: + +1. Protobuf types are checked for breaking changes using [buf](https://buf.build/docs/breaking-overview) and because of +the way protobuf is designed this will give us strong backwards compatibility guarantees while allowing for forward +evolution. +2. The separation between the client and server interfaces will allow us to insert permission checking code in between +the two which checks if one module is authorized to send the specified `Msg` to the other module providing a proper +object capability system (see below). +3. The router for inter-module communication gives us a convenient place to handle rollback of transactions, +enabling atomicy of operations ([currently a problem](https://github.com/cosmos/cosmos-sdk/issues/8030)). Any failure within a module-to-module call would result in a failure of the entire +transaction + +This mechanism has the added benefits of: + +* reducing boilerplate through code generation, and +* allowing for modules in other languages either via a VM like CosmWasm or sub-processes using gRPC + +### Inter-module Communication + +To use the `Client` generated by the protobuf compiler we need a `grpc.ClientConn` [interface](https://github.com/grpc/grpc-go/blob/v1.49.x/clientconn.go#L441-L450) +implementation. For this we introduce +a new type, `ModuleKey`, which implements the `grpc.ClientConn` interface. `ModuleKey` can be thought of as the "private +key" corresponding to a module account, where authentication is provided through use of a special `Invoker()` function, +described in more detail below. + +Blockchain users (external clients) use their account's private key to sign transactions containing `Msg`s where they are listed as signers (each +message specifies required signers with `Msg.GetSigner`). The authentication checks is performed by `AnteHandler`. + +Here, we extend this process, by allowing modules to be identified in `Msg.GetSigners`. When a module wants to trigger the execution a `Msg` in another module, +its `ModuleKey` acts as the sender (through the `ClientConn` interface we describe below) and is set as a sole "signer". It's worth to note +that we don't use any cryptographic signature in this case. +For example, module `A` could use its `A.ModuleKey` to create `MsgSend` object for `/cosmos.bank.Msg/Send` transaction. `MsgSend` validation +will assure that the `from` account (`A.ModuleKey` in this case) is the signer. + +Here's an example of a hypothetical module `foo` interacting with `x/bank`: + +```go +package foo + + +type FooMsgServer { + // ... + + bankQuery bank.QueryClient + bankMsg bank.MsgClient +} + +func NewFooMsgServer(moduleKey RootModuleKey, ...) FooMsgServer { + // ... + + return FooMsgServer { + // ... + modouleKey: moduleKey, + bankQuery: bank.NewQueryClient(moduleKey), + bankMsg: bank.NewMsgClient(moduleKey), + } +} + +func (foo *FooMsgServer) Bar(ctx context.Context, req *MsgBarRequest) (*MsgBarResponse, error) { + balance, err := foo.bankQuery.Balance(&bank.QueryBalanceRequest{Address: fooMsgServer.moduleKey.Address(), Denom: "foo"}) + + ... + + res, err := foo.bankMsg.Send(ctx, &bank.MsgSendRequest{FromAddress: fooMsgServer.moduleKey.Address(), ...}) + + ... +} +``` + +This design is also intended to be extensible to cover use cases of more fine grained permissioning like minting by +denom prefix being restricted to certain modules (as discussed in +[#7459](https://github.com/cosmos/cosmos-sdk/pull/7459#discussion_r529545528)). + +### `ModuleKey`s and `ModuleID`s + +A `ModuleKey` can be thought of as a "private key" for a module account and a `ModuleID` can be thought of as the +corresponding "public key". From the [ADR 028](./adr-028-public-key-addresses.md), modules can have both a root module account and any number of sub-accounts +or derived accounts that can be used for different pools (ex. staking pools) or managed accounts (ex. group +accounts). We can also think of module sub-accounts as similar to derived keys - there is a root key and then some +derivation path. `ModuleID` is a simple struct which contains the module name and optional "derivation" path, +and forms its address based on the `AddressHash` method from [the ADR-028](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-028-public-key-addresses.md): + +```go +type ModuleID struct { + ModuleName string + Path []byte +} + +func (key ModuleID) Address() []byte { + return AddressHash(key.ModuleName, key.Path) +} +``` + +In addition to being able to generate a `ModuleID` and address, a `ModuleKey` contains a special function called +`Invoker` which is the key to safe inter-module access. The `Invoker` creates an `InvokeFn` closure which is used as an `Invoke` method in +the `grpc.ClientConn` interface and under the hood is able to route messages to the appropriate `Msg` and `Query` handlers +performing appropriate security checks on `Msg`s. This allows for even safer inter-module access than keeper's whose +private member variables could be manipulated through reflection. Golang does not support reflection on a function +closure's captured variables and direct manipulation of memory would be needed for a truly malicious module to bypass +the `ModuleKey` security. + +The two `ModuleKey` types are `RootModuleKey` and `DerivedModuleKey`: + +```go +type Invoker func(callInfo CallInfo) func(ctx context.Context, request, response interface{}, opts ...interface{}) error + +type CallInfo { + Method string + Caller ModuleID +} + +type RootModuleKey struct { + moduleName string + invoker Invoker +} + +func (rm RootModuleKey) Derive(path []byte) DerivedModuleKey { /* ... */} + +type DerivedModuleKey struct { + moduleName string + path []byte + invoker Invoker +} +``` + +A module can get access to a `DerivedModuleKey`, using the `Derive(path []byte)` method on `RootModuleKey` and then +would use this key to authenticate `Msg`s from a sub-account. Ex: + +```go +package foo + +func (fooMsgServer *MsgServer) Bar(ctx context.Context, req *MsgBar) (*MsgBarResponse, error) { + derivedKey := fooMsgServer.moduleKey.Derive(req.SomePath) + bankMsgClient := bank.NewMsgClient(derivedKey) + res, err := bankMsgClient.Balance(ctx, &bank.MsgSend{FromAddress: derivedKey.Address(), ...}) + ... +} +``` + +In this way, a module can gain permissioned access to a root account and any number of sub-accounts and send +authenticated `Msg`s from these accounts. The `Invoker` `callInfo.Caller` parameter is used under the hood to +distinguish between different module accounts, but either way the function returned by `Invoker` only allows `Msg`s +from either the root or a derived module account to pass through. + +Note that `Invoker` itself returns a function closure based on the `CallInfo` passed in. This will allow client implementations +in the future that cache the invoke function for each method type avoiding the overhead of hash table lookup. +This would reduce the performance overhead of this inter-module communication method to the bare minimum required for +checking permissions. + +To re-iterate, the closure only allows access to authorized calls. There is no access to anything else regardless of any +name impersonation. + +Below is a rough sketch of the implementation of `grpc.ClientConn.Invoke` for `RootModuleKey`: + +```go +func (key RootModuleKey) Invoke(ctx context.Context, method string, args, reply interface{}, opts ...grpc.CallOption) error { + f := key.invoker(CallInfo {Method: method, Caller: ModuleID {ModuleName: key.moduleName}}) + return f(ctx, args, reply) +} +``` + +### `AppModule` Wiring and Requirements + +In [ADR 031](./adr-031-msg-service.md), the `AppModule.RegisterService(Configurator)` method was introduced. To support +inter-module communication, we extend the `Configurator` interface to pass in the `ModuleKey` and to allow modules to +specify their dependencies on other modules using `RequireServer()`: + +```go +type Configurator interface { + MsgServer() grpc.Server + QueryServer() grpc.Server + + ModuleKey() ModuleKey + RequireServer(msgServer interface{}) +} +``` + +The `ModuleKey` is passed to modules in the `RegisterService` method itself so that `RegisterServices` serves as a single +entry point for configuring module services. This is intended to also have the side-effect of greatly reducing boilerplate in +`app.go`. For now, `ModuleKey`s will be created based on `AppModuleBasic.Name()`, but a more flexible system may be +introduced in the future. The `ModuleManager` will handle creation of module accounts behind the scenes. + +Because modules do not get direct access to each other anymore, modules may have unfulfilled dependencies. To make sure +that module dependencies are resolved at startup, the `Configurator.RequireServer` method should be added. The `ModuleManager` +will make sure that all dependencies declared with `RequireServer` can be resolved before the app starts. An example +module `foo` could declare it's dependency on `x/bank` like this: + +```go +package foo + +func (am AppModule) RegisterServices(cfg Configurator) { + cfg.RequireServer((*bank.QueryServer)(nil)) + cfg.RequireServer((*bank.MsgServer)(nil)) +} +``` + +### Security Considerations + +In addition to checking for `ModuleKey` permissions, a few additional security precautions will need to be taken by +the underlying router infrastructure. + +#### Recursion and Re-entry + +Recursive or re-entrant method invocations pose a potential security threat. This can be a problem if Module A +calls Module B and Module B calls module A again in the same call. + +One basic way for the router system to deal with this is to maintain a call stack which prevents a module from +being referenced more than once in the call stack so that there is no re-entry. A `map[string]interface{}` table +in the router could be used to perform this security check. + +#### Queries + +Queries in Cosmos SDK are generally un-permissioned so allowing one module to query another module should not pose +any major security threats assuming basic precautions are taken. The basic precaution that the router system will +need to take is making sure that the `sdk.Context` passed to query methods does not allow writing to the store. This +can be done for now with a `CacheMultiStore` as is currently done for `BaseApp` queries. + +### Internal Methods + +In many cases, we may wish for modules to call methods on other modules which are not exposed to clients at all. For this +purpose, we add the `InternalServer` method to `Configurator`: + +```go +type Configurator interface { + MsgServer() grpc.Server + QueryServer() grpc.Server + InternalServer() grpc.Server +} +``` + +As an example, x/slashing's Slash must call x/staking's Slash, but we don't want to expose x/staking's Slash to end users +and clients. + +Internal protobuf services will be defined in a corresponding `internal.proto` file in the given module's +proto package. + +Services registered against `InternalServer` will be callable from other modules but not by external clients. + +An alternative solution to internal-only methods could involve hooks / plugins as discussed [here](https://github.com/cosmos/cosmos-sdk/pull/7459#issuecomment-733807753). +A more detailed evaluation of a hooks / plugin system will be addressed later in follow-ups to this ADR or as a separate +ADR. + +### Authorization + +By default, the inter-module router requires that messages are sent by the first signer returned by `GetSigners`. The +inter-module router should also accept authorization middleware such as that provided by [ADR 030](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-030-authz-module.md). +This middleware will allow accounts to otherwise specific module accounts to perform actions on their behalf. +Authorization middleware should take into account the need to grant certain modules effectively "admin" privileges to +other modules. This will be addressed in separate ADRs or updates to this ADR. + +### Future Work + +Other future improvements may include: + +* custom code generation that: + * simplifies interfaces (ex. generates code with `sdk.Context` instead of `context.Context`) + * optimizes inter-module calls - for instance caching resolved methods after first invocation +* combining `StoreKey`s and `ModuleKey`s into a single interface so that modules have a single OCAPs handle +* code generation which makes inter-module communication more performant +* decoupling `ModuleKey` creation from `AppModuleBasic.Name()` so that app's can override root module account names +* inter-module hooks and plugins + +## Alternatives + +### MsgServices vs `x/capability` + +The `x/capability` module does provide a proper object-capability implementation that can be used by any module in the +Cosmos SDK and could even be used for inter-module OCAPs as described in [\#5931](https://github.com/cosmos/cosmos-sdk/issues/5931). + +The advantages of the approach described in this ADR are mostly around how it integrates with other parts of the Cosmos SDK, +specifically: + +* protobuf so that: + * code generation of interfaces can be leveraged for a better dev UX + * module interfaces are versioned and checked for breakage using [buf](https://docs.buf.build/breaking-overview) +* sub-module accounts as per ADR 028 +* the general `Msg` passing paradigm and the way signers are specified by `GetSigners` + +Also, this is a complete replacement for keepers and could be applied to _all_ inter-module communication whereas the +`x/capability` approach in #5931 would need to be applied method by method. + +## Consequences + +### Backwards Compatibility + +This ADR is intended to provide a pathway to a scenario where there is greater long term compatibility between modules. +In the short-term, this will likely result in breaking certain `Keeper` interfaces which are too permissive and/or +replacing `Keeper` interfaces altogether. + +### Positive + +* an alternative to keepers which can more easily lead to stable inter-module interfaces +* proper inter-module OCAPs +* improved module developer DevX, as commented on by several particpants on + [Architecture Review Call, Dec 3](https://hackmd.io/E0wxxOvRQ5qVmTf6N_k84Q) +* lays the groundwork for what can be a greatly simplified `app.go` +* router can be setup to enforce atomic transactions for module-to-module calls + +### Negative + +* modules which adopt this will need significant refactoring + +### Neutral + +## Test Cases [optional] + +## References + +* [ADR 021](./adr-021-protobuf-query-encoding.md) +* [ADR 031](./adr-031-msg-service.md) +* [ADR 028](./adr-028-public-key-addresses.md) +* [ADR 030 draft](https://github.com/cosmos/cosmos-sdk/pull/7105) +* [Object-Capability Model](https://docs.network.com/main/core/ocap) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-034-account-rekeying.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-034-account-rekeying.md new file mode 100644 index 00000000..cd9b9146 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-034-account-rekeying.md @@ -0,0 +1,76 @@ +# ADR 034: Account Rekeying + +## Changelog + +* 30-09-2020: Initial Draft + +## Status + +PROPOSED + +## Abstract + +Account rekeying is a process hat allows an account to replace its authentication pubkey with a new one. + +## Context + +Currently, in the Cosmos SDK, the address of an auth `BaseAccount` is based on the hash of the public key. Once an account is created, the public key for the account is set in stone, and cannot be changed. This can be a problem for users, as key rotation is a useful security practice, but is not possible currently. Furthermore, as multisigs are a type of pubkey, once a multisig for an account is set, it can not be updated. This is problematic, as multisigs are often used by organizations or companies, who may need to change their set of multisig signers for internal reasons. + +Transferring all the assets of an account to a new account with the updated pubkey is not sufficient, because some "engagements" of an account are not easily transferable. For example, in staking, to transfer bonded Atoms, an account would have to unbond all delegations and wait the three week unbonding period. Even more significantly, for validator operators, ownership over a validator is not transferrable at all, meaning that the operator key for a validator can never be updated, leading to poor operational security for validators. + +## Decision + +We propose the addition of a new feature to `x/auth` that allows accounts to update the public key associated with their account, while keeping the address the same. + +This is possible because the Cosmos SDK `BaseAccount` stores the public key for an account in state, instead of making the assumption that the public key is included in the transaction (whether explicitly or implicitly through the signature) as in other blockchains such as Bitcoin and Ethereum. Because the public key is stored on chain, it is okay for the public key to not hash to the address of an account, as the address is not pertinent to the signature checking process. + +To build this system, we design a new Msg type as follows: + +```protobuf +service Msg { + rpc ChangePubKey(MsgChangePubKey) returns (MsgChangePubKeyResponse); +} + +message MsgChangePubKey { + string address = 1; + google.protobuf.Any pub_key = 2; +} + +message MsgChangePubKeyResponse {} +``` + +The MsgChangePubKey transaction needs to be signed by the existing pubkey in state. + +Once, approved, the handler for this message type, which takes in the AccountKeeper, will update the in-state pubkey for the account and replace it with the pubkey from the Msg. + +An account that has had its pubkey changed cannot be automatically pruned from state. This is because if pruned, the original pubkey of the account would be needed to recreate the same address, but the owner of the address may not have the original pubkey anymore. Currently, we do not automatically prune any accounts anyways, but we would like to keep this option open the road (this is the purpose of account numbers). To resolve this, we charge an additional gas fee for this operation to compensate for this this externality (this bound gas amount is configured as parameter `PubKeyChangeCost`). The bonus gas is charged inside the handler, using the `ConsumeGas` function. Furthermore, in the future, we can allow accounts that have rekeyed manually prune themselves using a new Msg type such as `MsgDeleteAccount`. Manually pruning accounts can give a gas refund as an incentive for performing the action. + +```go + amount := ak.GetParams(ctx).PubKeyChangeCost + ctx.GasMeter().ConsumeGas(amount, "pubkey change fee") +``` + +Everytime a key for an address is changed, we will store a log of this change in the state of the chain, thus creating a stack of all previous keys for an address and the time intervals for which they were active. This allows dapps and clients to easily query past keys for an account which may be useful for features such as verifying timestamped off-chain signed messages. + +## Consequences + +### Positive + +* Will allow users and validator operators to employ better operational security practices with key rotation. +* Will allow organizations or groups to easily change and add/remove multisig signers. + +### Negative + +Breaks the current assumed relationship between address and pubkeys as H(pubkey) = address. This has a couple of consequences. + +* This makes wallets that support this feature more complicated. For example, if an address on chain was updated, the corresponding key in the CLI wallet also needs to be updated. +* Cannot automatically prune accounts with 0 balance that have had their pubkey changed. + +### Neutral + +* While the purpose of this is intended to allow the owner of an account to update to a new pubkey they own, this could technically also be used to transfer ownership of an account to a new owner. For example, this could be use used to sell a staked position without unbonding or an account that has vesting tokens. However, the friction of this is very high as this would essentially have to be done as a very specific OTC trade. Furthermore, additional constraints could be added to prevent accouns with Vesting tokens to use this feature. +* Will require that PubKeys for an account are included in the genesis exports. + +## References + +* https://www.algorand.com/resources/blog/announcing-rekeying diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-035-rosetta-api-support.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-035-rosetta-api-support.md new file mode 100644 index 00000000..01a81048 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-035-rosetta-api-support.md @@ -0,0 +1,211 @@ +# ADR 035: Rosetta API Support + +## Authors + +* Jonathan Gimeno (@jgimeno) +* David Grierson (@senormonito) +* Alessio Treglia (@alessio) +* Frojdy Dymylja (@fdymylja) + +## Changelog + +* 2021-05-12: the external library [cosmos-rosetta-gateway](https://github.com/tendermint/cosmos-rosetta-gateway) has been moved within the Cosmos SDK. + +## Context + +[Rosetta API](https://www.rosetta-api.org/) is an open-source specification and set of tools developed by Coinbase to +standardise blockchain interactions. + +Through the use of a standard API for integrating blockchain applications it will + +* Be easier for a user to interact with a given blockchain +* Allow exchanges to integrate new blockchains quickly and easily +* Enable application developers to build cross-blockchain applications such as block explorers, wallets and dApps at + considerably lower cost and effort. + +## Decision + +It is clear that adding Rosetta API support to the Cosmos SDK will bring value to all the developers and +Cosmos SDK based chains in the ecosystem. How it is implemented is key. + +The driving principles of the proposed design are: + +1. **Extensibility:** it must be as riskless and painless as possible for application developers to set-up network + configurations to expose Rosetta API-compliant services. +2. **Long term support:** This proposal aims to provide support for all the supported Cosmos SDK release series. +3. **Cost-efficiency:** Backporting changes to Rosetta API specifications from `master` to the various stable + branches of Cosmos SDK is a cost that needs to be reduced. + +We will achieve these delivering on these principles by the following: + +1. There will be a package `rosetta/lib` + for the implementation of the core Rosetta API features, particularly: + a. The types and interfaces (`Client`, `OfflineClient`...), this separates design from implementation detail. + b. The `Server` functionality as this is independent of the Cosmos SDK version. + c. The `Online/OfflineNetwork`, which is not exported, and implements the rosetta API using the `Client` interface to query the node, build tx and so on. + d. The `errors` package to extend rosetta errors. +2. Due to differences between the Cosmos release series, each series will have its own specific implementation of `Client` interface. +3. There will be two options for starting an API service in applications: + a. API shares the application process + b. API-specific process. + +## Architecture + +### The External Repo + +As section will describe the proposed external library, including the service implementation, plus the defined types and interfaces. + +#### Server + +`Server` is a simple `struct` that is started and listens to the port specified in the settings. This is meant to be used across all the Cosmos SDK versions that are actively supported. + +The constructor follows: + +`func NewServer(settings Settings) (Server, error)` + +`Settings`, which are used to construct a new server, are the following: + +```go +// Settings define the rosetta server settings +type Settings struct { + // Network contains the information regarding the network + Network *types.NetworkIdentifier + // Client is the online API handler + Client crgtypes.Client + // Listen is the address the handler will listen at + Listen string + // Offline defines if the rosetta service should be exposed in offline mode + Offline bool + // Retries is the number of readiness checks that will be attempted when instantiating the handler + // valid only for online API + Retries int + // RetryWait is the time that will be waited between retries + RetryWait time.Duration +} +``` + +#### Types + +Package types uses a mixture of rosetta types and custom defined type wrappers, that the client must parse and return while executing operations. + +##### Interfaces + +Every SDK version uses a different format to connect (rpc, gRPC, etc), query and build transactions, we have abstracted this in what is the `Client` interface. +The client uses rosetta types, whilst the `Online/OfflineNetwork` takes care of returning correctly parsed rosetta responses and errors. + +Each Cosmos SDK release series will have their own `Client` implementations. +Developers can implement their own custom `Client`s as required. + +```go +// Client defines the API the client implementation should provide. +type Client interface { + // Needed if the client needs to perform some action before connecting. + Bootstrap() error + // Ready checks if the servicer constraints for queries are satisfied + // for example the node might still not be ready, it's useful in process + // when the rosetta instance might come up before the node itself + // the servicer must return nil if the node is ready + Ready() error + + // Data API + + // Balances fetches the balance of the given address + // if height is not nil, then the balance will be displayed + // at the provided height, otherwise last block balance will be returned + Balances(ctx context.Context, addr string, height *int64) ([]*types.Amount, error) + // BlockByHashAlt gets a block and its transaction at the provided height + BlockByHash(ctx context.Context, hash string) (BlockResponse, error) + // BlockByHeightAlt gets a block given its height, if height is nil then last block is returned + BlockByHeight(ctx context.Context, height *int64) (BlockResponse, error) + // BlockTransactionsByHash gets the block, parent block and transactions + // given the block hash. + BlockTransactionsByHash(ctx context.Context, hash string) (BlockTransactionsResponse, error) + // BlockTransactionsByHash gets the block, parent block and transactions + // given the block hash. + BlockTransactionsByHeight(ctx context.Context, height *int64) (BlockTransactionsResponse, error) + // GetTx gets a transaction given its hash + GetTx(ctx context.Context, hash string) (*types.Transaction, error) + // GetUnconfirmedTx gets an unconfirmed Tx given its hash + // NOTE(fdymylja): NOT IMPLEMENTED YET! + GetUnconfirmedTx(ctx context.Context, hash string) (*types.Transaction, error) + // Mempool returns the list of the current non confirmed transactions + Mempool(ctx context.Context) ([]*types.TransactionIdentifier, error) + // Peers gets the peers currently connected to the node + Peers(ctx context.Context) ([]*types.Peer, error) + // Status returns the node status, such as sync data, version etc + Status(ctx context.Context) (*types.SyncStatus, error) + + // Construction API + + // PostTx posts txBytes to the node and returns the transaction identifier plus metadata related + // to the transaction itself. + PostTx(txBytes []byte) (res *types.TransactionIdentifier, meta map[string]interface{}, err error) + // ConstructionMetadataFromOptions + ConstructionMetadataFromOptions(ctx context.Context, options map[string]interface{}) (meta map[string]interface{}, err error) + OfflineClient +} + +// OfflineClient defines the functionalities supported without having access to the node +type OfflineClient interface { + NetworkInformationProvider + // SignedTx returns the signed transaction given the tx bytes (msgs) plus the signatures + SignedTx(ctx context.Context, txBytes []byte, sigs []*types.Signature) (signedTxBytes []byte, err error) + // TxOperationsAndSignersAccountIdentifiers returns the operations related to a transaction and the account + // identifiers if the transaction is signed + TxOperationsAndSignersAccountIdentifiers(signed bool, hexBytes []byte) (ops []*types.Operation, signers []*types.AccountIdentifier, err error) + // ConstructionPayload returns the construction payload given the request + ConstructionPayload(ctx context.Context, req *types.ConstructionPayloadsRequest) (resp *types.ConstructionPayloadsResponse, err error) + // PreprocessOperationsToOptions returns the options given the preprocess operations + PreprocessOperationsToOptions(ctx context.Context, req *types.ConstructionPreprocessRequest) (options map[string]interface{}, err error) + // AccountIdentifierFromPublicKey returns the account identifier given the public key + AccountIdentifierFromPublicKey(pubKey *types.PublicKey) (*types.AccountIdentifier, error) +} +``` + +### 2. Cosmos SDK Implementation + +The Cosmos SDK implementation, based on version, takes care of satisfying the `Client` interface. +In Stargate, Launchpad and 0.37, we have introduced the concept of rosetta.Msg, this message is not in the shared repository as the sdk.Msg type differs between Cosmos SDK versions. + +The rosetta.Msg interface follows: + +```go +// Msg represents a cosmos-sdk message that can be converted from and to a rosetta operation. +type Msg interface { + sdk.Msg + ToOperations(withStatus, hasError bool) []*types.Operation + FromOperations(ops []*types.Operation) (sdk.Msg, error) +} +``` + +Hence developers who want to extend the rosetta set of supported operations just need to extend their module's sdk.Msgs with the `ToOperations` and `FromOperations` methods. + +### 3. API service invocation + +As stated at the start, application developers will have two methods for invocation of the Rosetta API service: + +1. Shared process for both application and API +2. Standalone API service + +#### Shared Process (Only Stargate) + +Rosetta API service could run within the same execution process as the application. This would be enabled via app.toml settings, and if gRPC is not enabled the rosetta instance would be spinned in offline mode (tx building capabilities only). + +#### Separate API service + +Client application developers can write a new command to launch a Rosetta API server as a separate process too, using the rosetta command contained in the `/server/rosetta` package. Construction of the command depends on Cosmos SDK version. Examples can be found inside `simd` for stargate, and `contrib/rosetta/simapp` for other release series. + +## Status + +Proposed + +## Consequences + +### Positive + +* Out-of-the-box Rosetta API support within Cosmos SDK. +* Blockchain interface standardisation + +## References + +* https://www.rosetta-api.org/ diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-036-arbitrary-signature.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-036-arbitrary-signature.md new file mode 100644 index 00000000..fe9dada5 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-036-arbitrary-signature.md @@ -0,0 +1,132 @@ +# ADR 036: Arbitrary Message Signature Specification + +## Changelog + +* 28/10/2020 - Initial draft + +## Authors + +* Antoine Herzog (@antoineherzog) +* Zaki Manian (@zmanian) +* Aleksandr Bezobchuk (alexanderbez) [1] +* Frojdi Dymylja (@fdymylja) + +## Status + +Draft + +## Abstract + +Currently, in the Cosmos SDK, there is no convention to sign arbitrary message like on Ethereum. We propose with this specification, for Cosmos SDK ecosystem, a way to sign and validate off-chain arbitrary messages. + +This specification serves the purpose of covering every use case, this means that cosmos-sdk applications developers decide how to serialize and represent `Data` to users. + +## Context + +Having the ability to sign messages off-chain has proven to be a fundamental aspect of nearly any blockchain. The notion of signing messages off-chain has many added benefits such as saving on computational costs and reducing transaction throughput and overhead. Within the context of the Cosmos, some of the major applications of signing such data includes, but is not limited to, providing a cryptographic secure and verifiable means of proving validator identity and possibly associating it with some other framework or organization. In addition, having the ability to sign Cosmos messages with a Ledger or similar HSM device. + +Further context and use cases can be found in the references links. + +## Decision + +The aim is being able to sign arbitrary messages, even using Ledger or similar HSM devices. + +As a result signed messages should look roughly like Cosmos SDK messages but **must not** be a valid on-chain transaction. `chain-id`, `account_number` and `sequence` can all be assigned invalid values. + +Cosmos SDK 0.40 also introduces a concept of “auth_info” this can specify SIGN_MODES. + +A spec should include an `auth_info` that supports SIGN_MODE_DIRECT and SIGN_MODE_LEGACY_AMINO. + +Create the `offchain` proto definitions, we extend the auth module with `offchain` package to offer functionalities to verify and sign offline messages. + +An offchain transaction follows these rules: + +* the memo must be empty +* nonce, sequence number must be equal to 0 +* chain-id must be equal to “” +* fee gas must be equal to 0 +* fee amount must be an empty array + +Verification of an offchain transaction follows the same rules as an onchain one, except for the spec differences highlighted above. + +The first message added to the `offchain` package is `MsgSignData`. + +`MsgSignData` allows developers to sign arbitrary bytes valid offchain only. Where `Signer` is the account address of the signer. `Data` is arbitrary bytes which can represent `text`, `files`, `object`s. It's applications developers decision how `Data` should be deserialized, serialized and the object it can represent in their context. + +It's applications developers decision how `Data` should be treated, by treated we mean the serialization and deserialization process and the Object `Data` should represent. + +Proto definition: + +```protobuf +// MsgSignData defines an arbitrary, general-purpose, off-chain message +message MsgSignData { + // Signer is the sdk.AccAddress of the message signer + bytes Signer = 1 [(gogoproto.jsontag) = "signer", (gogoproto.casttype) = "github.com/cosmos/cosmos-sdk/types.AccAddress"]; + // Data represents the raw bytes of the content that is signed (text, json, etc) + bytes Data = 2 [(gogoproto.jsontag) = "data"]; +} +``` + +Signed MsgSignData json example: + +```json +{ + "type": "cosmos-sdk/StdTx", + "value": { + "msg": [ + { + "type": "sign/MsgSignData", + "value": { + "signer": "cosmos1hftz5ugqmpg9243xeegsqqav62f8hnywsjr4xr", + "data": "cmFuZG9t" + } + } + ], + "fee": { + "amount": [], + "gas": "0" + }, + "signatures": [ + { + "pub_key": { + "type": "tendermint/PubKeySecp256k1", + "value": "AqnDSiRoFmTPfq97xxEb2VkQ/Hm28cPsqsZm9jEVsYK9" + }, + "signature": "8y8i34qJakkjse9pOD2De+dnlc4KvFgh0wQpes4eydN66D9kv7cmCEouRrkka9tlW9cAkIL52ErB+6ye7X5aEg==" + } + ], + "memo": "" + } +} +``` + +## Consequences + +There is a specification on how messages, that are not meant to be broadcast to a live chain, should be formed. + +### Backwards Compatibility + +Backwards compatibility is maintained as this is a new message spec definition. + +### Positive + +* A common format that can be used by multiple applications to sign and verify off-chain messages. +* The specification is primitive which means it can cover every use case without limiting what is possible to fit inside it. +* It gives room for other off-chain messages specifications that aim to target more specific and common use cases such as off-chain-based authN/authZ layers [2]. + +### Negative + +* Current proposal requires a fixed relationship between an account address and a public key. +* Doesn't work with multisig accounts. + +## Further discussion + +* Regarding security in `MsgSignData`, the developer using `MsgSignData` is in charge of making the content laying in `Data` non-replayable when, and if, needed. +* the offchain package will be further extended with extra messages that target specific use cases such as, but not limited to, authentication in applications, payment channels, L2 solutions in general. + +## References + +1. https://github.com/cosmos/ics/pull/33 +2. https://github.com/cosmos/cosmos-sdk/pull/7727#discussion_r515668204 +3. https://github.com/cosmos/cosmos-sdk/pull/7727#issuecomment-722478477 +4. https://github.com/cosmos/cosmos-sdk/pull/7727#issuecomment-721062923 diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-037-gov-split-vote.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-037-gov-split-vote.md new file mode 100644 index 00000000..0a3b9bc4 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-037-gov-split-vote.md @@ -0,0 +1,111 @@ +# ADR 037: Governance split votes + +## Changelog + +* 2020/10/28: Intial draft + +## Status + +Accepted + +## Abstract + +This ADR defines a modification to the governance module that would allow a staker to split their votes into several voting options. For example, it could use 70% of its voting power to vote Yes and 30% of its voting power to vote No. + +## Context + +Currently, an address can cast a vote with only one options (Yes/No/Abstain/NoWithVeto) and use their full voting power behind that choice. + +However, often times the entity owning that address might not be a single individual. For example, a company might have different stakeholders who want to vote differently, and so it makes sense to allow them to split their voting power. Another example use case is exchanges. Many centralized exchanges often stake a portion of their users' tokens in their custody. Currently, it is not possible for them to do "passthrough voting" and giving their users voting rights over their tokens. However, with this system, exchanges can poll their users for voting preferences, and then vote on-chain proportionally to the results of the poll. + +## Decision + +We modify the vote structs to be + +```go +type WeightedVoteOption struct { + Option string + Weight sdk.Dec +} + +type Vote struct { + ProposalID int64 + Voter sdk.Address + Options []WeightedVoteOption +} +``` + +And for backwards compatibility, we introduce `MsgVoteWeighted` while keeping `MsgVote`. + +```go +type MsgVote struct { + ProposalID int64 + Voter sdk.Address + Option Option +} + +type MsgVoteWeighted struct { + ProposalID int64 + Voter sdk.Address + Options []WeightedVoteOption +} +``` + +The `ValidateBasic` of a `MsgVoteWeighted` struct would require that + +1. The sum of all the Rates is equal to 1.0 +2. No Option is repeated + +The governance tally function will iterate over all the options in a vote and add to the tally the result of the voter's voting power * the rate for that option. + +```go +tally() { + results := map[types.VoteOption]sdk.Dec + + for _, vote := range votes { + for i, weightedOption := range vote.Options { + results[weightedOption.Option] += getVotingPower(vote.voter) * weightedOption.Weight + } + } +} +``` + +The CLI command for creating a multi-option vote would be as such: + +```shell +simd tx gov vote 1 "yes=0.6,no=0.3,abstain=0.05,no_with_veto=0.05" --from mykey +``` + +To create a single-option vote a user can do either + +```shell +simd tx gov vote 1 "yes=1" --from mykey +``` + +or + +```shell +simd tx gov vote 1 yes --from mykey +``` + +to maintain backwards compatibility. + +## Consequences + +### Backwards Compatibility + +* Previous VoteMsg types will remain the same and so clients will not have to update their procedure unless they want to support the WeightedVoteMsg feature. +* When querying a Vote struct from state, its structure will be different, and so clients wanting to display all voters and their respective votes will have to handle the new format and the fact that a single voter can have split votes. +* The result of querying the tally function should have the same API for clients. + +### Positive + +* Can make the voting process more accurate for addresses representing multiple stakeholders, often some of the largest addresses. + +### Negative + +* Is more complex than simple voting, and so may be harder to explain to users. However, this is mostly mitigated because the feature is opt-in. + +### Neutral + +* Relatively minor change to governance tally function. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-038-state-listening.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-038-state-listening.md new file mode 100644 index 00000000..319d872b --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-038-state-listening.md @@ -0,0 +1,724 @@ +# ADR 038: KVStore state listening + +## Changelog + +* 11/23/2020: Initial draft +* 10/06/2022: Introduce plugin system based on hashicorp/go-plugin +* 10/14/2022: + * Add `ListenCommit`, flatten the state writes in a block to a single batch. + * Remove listeners from cache stores, should only listen to `rootmulti.Store`. + * Remove `HaltAppOnDeliveryError()`, the errors are propagated by default, the implementations should return nil if don't want to propogate errors. +* 26/05/2023: Update with ABCI 2.0 + +## Status + +Proposed + +## Abstract + +This ADR defines a set of changes to enable listening to state changes of individual KVStores and exposing these data to consumers. + +## Context + +Currently, KVStore data can be remotely accessed through [Queries](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules/messages-and-queries.md#queries) +which proceed either through Tendermint and the ABCI, or through the gRPC server. +In addition to these request/response queries, it would be beneficial to have a means of listening to state changes as they occur in real time. + +## Decision + +We will modify the `CommitMultiStore` interface and its concrete (`rootmulti`) implementations and introduce a new `listenkv.Store` to allow listening to state changes in underlying KVStores. We don't need to listen to cache stores, because we can't be sure that the writes will be committed eventually, and the writes are duplicated in `rootmulti.Store` eventually, so we should only listen to `rootmulti.Store`. +We will introduce a plugin system for configuring and running streaming services that write these state changes and their surrounding ABCI message context to different destinations. + +### Listening + +In a new file, `store/types/listening.go`, we will create a `MemoryListener` struct for streaming out protobuf encoded KV pairs state changes from a KVStore. +The `MemoryListener` will be used internally by the concrete `rootmulti` implementation to collect state changes from KVStores. + +```go +// MemoryListener listens to the state writes and accumulate the records in memory. +type MemoryListener struct { + stateCache []StoreKVPair +} + +// NewMemoryListener creates a listener that accumulate the state writes in memory. +func NewMemoryListener() *MemoryListener { + return &MemoryListener{} +} + +// OnWrite writes state change events to the internal cache +func (fl *MemoryListener) OnWrite(storeKey StoreKey, key []byte, value []byte, delete bool) { + fl.stateCache = append(fl.stateCache, StoreKVPair{ + StoreKey: storeKey.Name(), + Delete: delete, + Key: key, + Value: value, + }) +} + +// PopStateCache returns the current state caches and set to nil +func (fl *MemoryListener) PopStateCache() []StoreKVPair { + res := fl.stateCache + fl.stateCache = nil + return res +} +``` + +We will also define a protobuf type for the KV pairs. In addition to the key and value fields this message +will include the StoreKey for the originating KVStore so that we can collect information from separate KVStores and determine the source of each KV pair. + +```protobuf +message StoreKVPair { + optional string store_key = 1; // the store key for the KVStore this pair originates from + required bool set = 2; // true indicates a set operation, false indicates a delete operation + required bytes key = 3; + required bytes value = 4; +} +``` + +### ListenKVStore + +We will create a new `Store` type `listenkv.Store` that the `rootmulti` store will use to wrap a `KVStore` to enable state listening. +We will configure the `Store` with a `MemoryListener` which will collect state changes for output to specific destinations. + +```go +// Store implements the KVStore interface with listening enabled. +// Operations are traced on each core KVStore call and written to any of the +// underlying listeners with the proper key and operation permissions +type Store struct { + parent types.KVStore + listener *types.MemoryListener + parentStoreKey types.StoreKey +} + +// NewStore returns a reference to a new traceKVStore given a parent +// KVStore implementation and a buffered writer. +func NewStore(parent types.KVStore, psk types.StoreKey, listener *types.MemoryListener) *Store { + return &Store{parent: parent, listener: listener, parentStoreKey: psk} +} + +// Set implements the KVStore interface. It traces a write operation and +// delegates the Set call to the parent KVStore. +func (s *Store) Set(key []byte, value []byte) { + types.AssertValidKey(key) + s.parent.Set(key, value) + s.listener.OnWrite(s.parentStoreKey, key, value, false) +} + +// Delete implements the KVStore interface. It traces a write operation and +// delegates the Delete call to the parent KVStore. +func (s *Store) Delete(key []byte) { + s.parent.Delete(key) + s.listener.OnWrite(s.parentStoreKey, key, nil, true) +} +``` + +### MultiStore interface updates + +We will update the `CommitMultiStore` interface to allow us to wrap a `Memorylistener` to a specific `KVStore`. +Note that the `MemoryListener` will be attached internally by the concrete `rootmulti` implementation. + +```go +type CommitMultiStore interface { + ... + + // AddListeners adds a listener for the KVStore belonging to the provided StoreKey + AddListeners(keys []StoreKey) + + // PopStateCache returns the accumulated state change messages from MemoryListener + PopStateCache() []StoreKVPair +} +``` + + +### MultiStore implementation updates + +We will adjust the `rootmulti` `GetKVStore` method to wrap the returned `KVStore` with a `listenkv.Store` if listening is turned on for that `Store`. + +```go +func (rs *Store) GetKVStore(key types.StoreKey) types.KVStore { + store := rs.stores[key].(types.KVStore) + + if rs.TracingEnabled() { + store = tracekv.NewStore(store, rs.traceWriter, rs.traceContext) + } + if rs.ListeningEnabled(key) { + store = listenkv.NewStore(store, key, rs.listeners[key]) + } + + return store +} +``` + +We will implement `AddListeners` to manage KVStore listeners internally and implement `PopStateCache` +for a means of retrieving the current state. + +```go +// AddListeners adds state change listener for a specific KVStore +func (rs *Store) AddListeners(keys []types.StoreKey) { + listener := types.NewMemoryListener() + for i := range keys { + rs.listeners[keys[i]] = listener + } +} +``` + +```go +func (rs *Store) PopStateCache() []types.StoreKVPair { + var cache []types.StoreKVPair + for _, ls := range rs.listeners { + cache = append(cache, ls.PopStateCache()...) + } + sort.SliceStable(cache, func(i, j int) bool { + return cache[i].StoreKey < cache[j].StoreKey + }) + return cache +} +``` + +We will also adjust the `rootmulti` `CacheMultiStore` and `CacheMultiStoreWithVersion` methods to enable listening in +the cache layer. + +```go +func (rs *Store) CacheMultiStore() types.CacheMultiStore { + stores := make(map[types.StoreKey]types.CacheWrapper) + for k, v := range rs.stores { + store := v.(types.KVStore) + // Wire the listenkv.Store to allow listeners to observe the writes from the cache store, + // set same listeners on cache store will observe duplicated writes. + if rs.ListeningEnabled(k) { + store = listenkv.NewStore(store, k, rs.listeners[k]) + } + stores[k] = store + } + return cachemulti.NewStore(rs.db, stores, rs.keysByName, rs.traceWriter, rs.getTracingContext()) +} +``` + +```go +func (rs *Store) CacheMultiStoreWithVersion(version int64) (types.CacheMultiStore, error) { + // ... + + // Wire the listenkv.Store to allow listeners to observe the writes from the cache store, + // set same listeners on cache store will observe duplicated writes. + if rs.ListeningEnabled(key) { + cacheStore = listenkv.NewStore(cacheStore, key, rs.listeners[key]) + } + + cachedStores[key] = cacheStore + } + + return cachemulti.NewStore(rs.db, cachedStores, rs.keysByName, rs.traceWriter, rs.getTracingContext()), nil +} +``` + +### Exposing the data + +#### Streaming Service + +We will introduce a new `ABCIListener` interface that plugs into the BaseApp and relays ABCI requests and responses +so that the service can group the state changes with the ABCI requests. + +```go +// baseapp/streaming.go + +// ABCIListener is the interface that we're exposing as a streaming service. +type ABCIListener interface { + // ListenFinalizeBlock updates the streaming service with the latest FinalizeBlock messages + ListenFinalizeBlock(ctx context.Context, req abci.RequestFinalizeBlock, res abci.ResponseFinalizeBlock) error + // ListenCommit updates the steaming service with the latest Commit messages and state changes + ListenCommit(ctx context.Context, res abci.ResponseCommit, changeSet []*StoreKVPair) error +} +``` + +#### BaseApp Registration + +We will add a new method to the `BaseApp` to enable the registration of `StreamingService`s: + + ```go + // SetStreamingService is used to set a streaming service into the BaseApp hooks and load the listeners into the multistore +func (app *BaseApp) SetStreamingService(s ABCIListener) { + // register the StreamingService within the BaseApp + // BaseApp will pass BeginBlock, DeliverTx, and EndBlock requests and responses to the streaming services to update their ABCI context + app.abciListeners = append(app.abciListeners, s) +} +``` + +We will add two new fields to the `BaseApp` struct: + +```go +type BaseApp struct { + + ... + + // abciListenersAsync for determining if abciListeners will run asynchronously. + // When abciListenersAsync=false and stopNodeOnABCIListenerErr=false listeners will run synchronized but will not stop the node. + // When abciListenersAsync=true stopNodeOnABCIListenerErr will be ignored. + abciListenersAsync bool + + // stopNodeOnABCIListenerErr halts the node when ABCI streaming service listening results in an error. + // stopNodeOnABCIListenerErr=true must be paired with abciListenersAsync=false. + stopNodeOnABCIListenerErr bool +} +``` + +#### ABCI Event Hooks + +We will modify the `FinalizeBlock` and `Commit` methods to pass ABCI requests and responses +to any streaming service hooks registered with the `BaseApp`. + +```go +func (app *BaseApp) FinalizeBlock(req abci.RequestFinalizeBlock) abci.ResponseFinalizeBlock { + + var abciRes abci.ResponseFinalizeBlock + defer func() { + // call the streaming service hook with the FinalizeBlock messages + for _, abciListener := range app.abciListeners { + ctx := app.finalizeState.ctx + blockHeight := ctx.BlockHeight() + if app.abciListenersAsync { + go func(req abci.RequestFinalizeBlock, res abci.ResponseFinalizeBlock) { + if err := app.abciListener.FinalizeBlock(blockHeight, req, res); err != nil { + app.logger.Error("FinalizeBlock listening hook failed", "height", blockHeight, "err", err) + } + }(req, abciRes) + } else { + if err := app.abciListener.ListenFinalizeBlock(blockHeight, req, res); err != nil { + app.logger.Error("FinalizeBlock listening hook failed", "height", blockHeight, "err", err) + if app.stopNodeOnABCIListenerErr { + os.Exit(1) + } + } + } + } + }() + + ... + + return abciRes +} +``` + +```go +func (app *BaseApp) Commit() abci.ResponseCommit { + + ... + + res := abci.ResponseCommit{ + Data: commitID.Hash, + RetainHeight: retainHeight, + } + + // call the streaming service hook with the Commit messages + for _, abciListener := range app.abciListeners { + ctx := app.deliverState.ctx + blockHeight := ctx.BlockHeight() + changeSet := app.cms.PopStateCache() + if app.abciListenersAsync { + go func(res abci.ResponseCommit, changeSet []store.StoreKVPair) { + if err := app.abciListener.ListenCommit(ctx, res, changeSet); err != nil { + app.logger.Error("ListenCommit listening hook failed", "height", blockHeight, "err", err) + } + }(res, changeSet) + } else { + if err := app.abciListener.ListenCommit(ctx, res, changeSet); err != nil { + app.logger.Error("ListenCommit listening hook failed", "height", blockHeight, "err", err) + if app.stopNodeOnABCIListenerErr { + os.Exit(1) + } + } + } + } + + ... + + return res +} +``` + +#### Go Plugin System + +We propose a plugin architecture to load and run `Streaming` plugins and other types of implementations. We will introduce a plugin +system over gRPC that is used to load and run Cosmos-SDK plugins. The plugin system uses [hashicorp/go-plugin](https://github.com/hashicorp/go-plugin). +Each plugin must have a struct that implements the `plugin.Plugin` interface and an `Impl` interface for processing messages over gRPC. +Each plugin must also have a message protocol defined for the gRPC service: + +```go +// streaming/plugins/abci/{plugin_version}/interface.go + +// Handshake is a common handshake that is shared by streaming and host. +// This prevents users from executing bad plugins or executing a plugin +// directory. It is a UX feature, not a security feature. +var Handshake = plugin.HandshakeConfig{ + ProtocolVersion: 1, + MagicCookieKey: "ABCI_LISTENER_PLUGIN", + MagicCookieValue: "ef78114d-7bdf-411c-868f-347c99a78345", +} + +// ListenerPlugin is the base struc for all kinds of go-plugin implementations +// It will be included in interfaces of different Plugins +type ABCIListenerPlugin struct { + // GRPCPlugin must still implement the Plugin interface + plugin.Plugin + // Concrete implementation, written in Go. This is only used for plugins + // that are written in Go. + Impl baseapp.ABCIListener +} + +func (p *ListenerGRPCPlugin) GRPCServer(_ *plugin.GRPCBroker, s *grpc.Server) error { + RegisterABCIListenerServiceServer(s, &GRPCServer{Impl: p.Impl}) + return nil +} + +func (p *ListenerGRPCPlugin) GRPCClient( + _ context.Context, + _ *plugin.GRPCBroker, + c *grpc.ClientConn, +) (interface{}, error) { + return &GRPCClient{client: NewABCIListenerServiceClient(c)}, nil +} +``` + +The `plugin.Plugin` interface has two methods `Client` and `Server`. For our GRPC service these are `GRPCClient` and `GRPCServer` +The `Impl` field holds the concrete implementation of our `baseapp.ABCIListener` interface written in Go. +Note: this is only used for plugin implementations written in Go. + +The advantage of having such a plugin system is that within each plugin authors can define the message protocol in a way that fits their use case. +For example, when state change listening is desired, the `ABCIListener` message protocol can be defined as below (*for illustrative purposes only*). +When state change listening is not desired than `ListenCommit` can be omitted from the protocol. + +```protobuf +syntax = "proto3"; + +... + +message Empty {} + +message ListenFinalizeBlockRequest { + RequestFinalizeBlock req = 1; + ResponseFinalizeBlock res = 2; +} +message ListenCommitRequest { + int64 block_height = 1; + ResponseCommit res = 2; + repeated StoreKVPair changeSet = 3; +} + +// plugin that listens to state changes +service ABCIListenerService { + rpc ListenFinalizeBlock(ListenFinalizeBlockRequest) returns (Empty); + rpc ListenCommit(ListenCommitRequest) returns (Empty); +} +``` + +```protobuf +... +// plugin that doesn't listen to state changes +service ABCIListenerService { + rpc ListenFinalizeBlock(ListenFinalizeBlockRequest) returns (Empty); + rpc ListenCommit(ListenCommitRequest) returns (Empty); +} +``` + +Implementing the service above: + +```go +// streaming/plugins/abci/{plugin_version}/grpc.go + +var ( + _ baseapp.ABCIListener = (*GRPCClient)(nil) +) + +// GRPCClient is an implementation of the ABCIListener and ABCIListenerPlugin interfaces that talks over RPC. +type GRPCClient struct { + client ABCIListenerServiceClient +} + +func (m *GRPCClient) ListenFinalizeBlock(goCtx context.Context, req abci.RequestFinalizeBlock, res abci.ResponseFinalizeBlock) error { + ctx := sdk.UnwrapSDKContext(goCtx) + _, err := m.client.ListenDeliverTx(ctx, &ListenDeliverTxRequest{BlockHeight: ctx.BlockHeight(), Req: req, Res: res}) + return err +} + +func (m *GRPCClient) ListenCommit(goCtx context.Context, res abci.ResponseCommit, changeSet []store.StoreKVPair) error { + ctx := sdk.UnwrapSDKContext(goCtx) + _, err := m.client.ListenCommit(ctx, &ListenCommitRequest{BlockHeight: ctx.BlockHeight(), Res: res, ChangeSet: changeSet}) + return err +} + +// GRPCServer is the gRPC server that GRPCClient talks to. +type GRPCServer struct { + // This is the real implementation + Impl baseapp.ABCIListener +} + +func (m *GRPCServer) ListenFinalizeBlock(ctx context.Context, req *ListenFinalizeBlockRequest) (*Empty, error) { + return &Empty{}, m.Impl.ListenFinalizeBlock(ctx, req.Req, req.Res) +} + +func (m *GRPCServer) ListenCommit(ctx context.Context, req *ListenCommitRequest) (*Empty, error) { + return &Empty{}, m.Impl.ListenCommit(ctx, req.Res, req.ChangeSet) +} + +``` + +And the pre-compiled Go plugin `Impl`(*this is only used for plugins that are written in Go*): + +```go +// streaming/plugins/abci/{plugin_version}/impl/plugin.go + +// Plugins are pre-compiled and loaded by the plugin system + +// ABCIListener is the implementation of the baseapp.ABCIListener interface +type ABCIListener struct{} + +func (m *ABCIListenerPlugin) ListenFinalizeBlock(ctx context.Context, req abci.RequestFinalizeBlock, res abci.ResponseFinalizeBlock) error { + // send data to external system +} + +func (m *ABCIListenerPlugin) ListenCommit(ctx context.Context, res abci.ResponseCommit, changeSet []store.StoreKVPair) error { + // send data to external system +} + +func main() { + plugin.Serve(&plugin.ServeConfig{ + HandshakeConfig: grpc_abci_v1.Handshake, + Plugins: map[string]plugin.Plugin{ + "grpc_plugin_v1": &grpc_abci_v1.ABCIListenerGRPCPlugin{Impl: &ABCIListenerPlugin{}}, + }, + + // A non-nil value here enables gRPC serving for this streaming... + GRPCServer: plugin.DefaultGRPCServer, + }) +} +``` + +We will introduce a plugin loading system that will return `(interface{}, error)`. +This provides the advantage of using versioned plugins where the plugin interface and gRPC protocol change over time. +In addition, it allows for building independent plugin that can expose different parts of the system over gRPC. + +```go +func NewStreamingPlugin(name string, logLevel string) (interface{}, error) { + logger := hclog.New(&hclog.LoggerOptions{ + Output: hclog.DefaultOutput, + Level: toHclogLevel(logLevel), + Name: fmt.Sprintf("plugin.%s", name), + }) + + // We're a host. Start by launching the streaming process. + env := os.Getenv(GetPluginEnvKey(name)) + client := plugin.NewClient(&plugin.ClientConfig{ + HandshakeConfig: HandshakeMap[name], + Plugins: PluginMap, + Cmd: exec.Command("sh", "-c", env), + Logger: logger, + AllowedProtocols: []plugin.Protocol{ + plugin.ProtocolNetRPC, plugin.ProtocolGRPC}, + }) + + // Connect via RPC + rpcClient, err := client.Client() + if err != nil { + return nil, err + } + + // Request streaming plugin + return rpcClient.Dispense(name) +} + +``` + +We propose a `RegisterStreamingPlugin` function for the App to register `NewStreamingPlugin`s with the App's BaseApp. +Streaming plugins can be of `Any` type; therefore, the function takes in an interface vs a concrete type. +For example, we could have plugins of `ABCIListener`, `WasmListener` or `IBCListener`. Note that `RegisterStreamingPluing` function +is helper function and not a requirement. Plugin registration can easily be moved from the App to the BaseApp directly. + +```go +// baseapp/streaming.go + +// RegisterStreamingPlugin registers streaming plugins with the App. +// This method returns an error if a plugin is not supported. +func RegisterStreamingPlugin( + bApp *BaseApp, + appOpts servertypes.AppOptions, + keys map[string]*types.KVStoreKey, + streamingPlugin interface{}, +) error { + switch t := streamingPlugin.(type) { + case ABCIListener: + registerABCIListenerPlugin(bApp, appOpts, keys, t) + default: + return fmt.Errorf("unexpected plugin type %T", t) + } + return nil +} +``` + +```go +func registerABCIListenerPlugin( + bApp *BaseApp, + appOpts servertypes.AppOptions, + keys map[string]*store.KVStoreKey, + abciListener ABCIListener, +) { + asyncKey := fmt.Sprintf("%s.%s.%s", StreamingTomlKey, StreamingABCITomlKey, StreamingABCIAsync) + async := cast.ToBool(appOpts.Get(asyncKey)) + stopNodeOnErrKey := fmt.Sprintf("%s.%s.%s", StreamingTomlKey, StreamingABCITomlKey, StreamingABCIStopNodeOnErrTomlKey) + stopNodeOnErr := cast.ToBool(appOpts.Get(stopNodeOnErrKey)) + keysKey := fmt.Sprintf("%s.%s.%s", StreamingTomlKey, StreamingABCITomlKey, StreamingABCIKeysTomlKey) + exposeKeysStr := cast.ToStringSlice(appOpts.Get(keysKey)) + exposedKeys := exposeStoreKeysSorted(exposeKeysStr, keys) + bApp.cms.AddListeners(exposedKeys) + app.SetStreamingManager( + storetypes.StreamingManager{ + ABCIListeners: []storetypes.ABCIListener{abciListener}, + StopNodeOnErr: stopNodeOnErr, + }, + ) +} +``` + +```go +func exposeAll(list []string) bool { + for _, ele := range list { + if ele == "*" { + return true + } + } + return false +} + +func exposeStoreKeys(keysStr []string, keys map[string]*types.KVStoreKey) []types.StoreKey { + var exposeStoreKeys []types.StoreKey + if exposeAll(keysStr) { + exposeStoreKeys = make([]types.StoreKey, 0, len(keys)) + for _, storeKey := range keys { + exposeStoreKeys = append(exposeStoreKeys, storeKey) + } + } else { + exposeStoreKeys = make([]types.StoreKey, 0, len(keysStr)) + for _, keyStr := range keysStr { + if storeKey, ok := keys[keyStr]; ok { + exposeStoreKeys = append(exposeStoreKeys, storeKey) + } + } + } + // sort storeKeys for deterministic output + sort.SliceStable(exposeStoreKeys, func(i, j int) bool { + return exposeStoreKeys[i].Name() < exposeStoreKeys[j].Name() + }) + + return exposeStoreKeys +} +``` + +The `NewStreamingPlugin` and `RegisterStreamingPlugin` functions are used to register a plugin with the App's BaseApp. + +e.g. in `NewSimApp`: + +```go +func NewSimApp( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), +) *SimApp { + + ... + + keys := sdk.NewKVStoreKeys( + authtypes.StoreKey, banktypes.StoreKey, stakingtypes.StoreKey, + minttypes.StoreKey, distrtypes.StoreKey, slashingtypes.StoreKey, + govtypes.StoreKey, paramstypes.StoreKey, ibchost.StoreKey, upgradetypes.StoreKey, + evidencetypes.StoreKey, ibctransfertypes.StoreKey, capabilitytypes.StoreKey, + ) + + ... + + // register streaming services + streamingCfg := cast.ToStringMap(appOpts.Get(baseapp.StreamingTomlKey)) + for service := range streamingCfg { + pluginKey := fmt.Sprintf("%s.%s.%s", baseapp.StreamingTomlKey, service, baseapp.StreamingPluginTomlKey) + pluginName := strings.TrimSpace(cast.ToString(appOpts.Get(pluginKey))) + if len(pluginName) > 0 { + logLevel := cast.ToString(appOpts.Get(flags.FlagLogLevel)) + plugin, err := streaming.NewStreamingPlugin(pluginName, logLevel) + if err != nil { + tmos.Exit(err.Error()) + } + if err := baseapp.RegisterStreamingPlugin(bApp, appOpts, keys, plugin); err != nil { + tmos.Exit(err.Error()) + } + } + } + + return app +``` + +#### Configuration + +The plugin system will be configured within an App's TOML configuration files. + +```toml +# gRPC streaming +[streaming] + +# ABCI streaming service +[streaming.abci] + +# The plugin version to use for ABCI listening +plugin = "abci_v1" + +# List of kv store keys to listen to for state changes. +# Set to ["*"] to expose all keys. +keys = ["*"] + +# Enable abciListeners to run asynchronously. +# When abciListenersAsync=false and stopNodeOnABCIListenerErr=false listeners will run synchronized but will not stop the node. +# When abciListenersAsync=true stopNodeOnABCIListenerErr will be ignored. +async = false + +# Whether to stop the node on message deliver error. +stop-node-on-err = true +``` + +There will be four parameters for configuring `ABCIListener` plugin: `streaming.abci.plugin`, `streaming.abci.keys`, `streaming.abci.async` and `streaming.abci.stop-node-on-err`. +`streaming.abci.plugin` is the name of the plugin we want to use for streaming, `streaming.abci.keys` is a set of store keys for stores it listens to, +`streaming.abci.async` is bool enabling asynchronous listening and `streaming.abci.stop-node-on-err` is a bool that stops the node when true and when operating +on synchronized mode `streaming.abci.async=false`. Note that `streaming.abci.stop-node-on-err=true` will be ignored if `streaming.abci.async=true`. + +The configuration above support additional streaming plugins by adding the plugin to the `[streaming]` configuration section +and registering the plugin with `RegisterStreamingPlugin` helper function. + +Note the that each plugin must include `streaming.{service}.plugin` property as it is a requirement for doing the lookup and registration of the plugin +with the App. All other properties are unique to the individual services. + +#### Encoding and decoding streams + +ADR-038 introduces the interfaces and types for streaming state changes out from KVStores, associating this +data with their related ABCI requests and responses, and registering a service for consuming this data and streaming it to some destination in a final format. +Instead of prescribing a final data format in this ADR, it is left to a specific plugin implementation to define and document this format. +We take this approach because flexibility in the final format is necessary to support a wide range of streaming service plugins. For example, +the data format for a streaming service that writes the data out to a set of files will differ from the data format that is written to a Kafka topic. + +## Consequences + +These changes will provide a means of subscribing to KVStore state changes in real time. + +### Backwards Compatibility + +* This ADR changes the `CommitMultiStore` interface, implementations supporting the previous version of this interface will not support the new one + +### Positive + +* Ability to listen to KVStore state changes in real time and expose these events to external consumers + +### Negative + +* Changes `CommitMultiStore` interface and its implementations + +### Neutral + +* Introduces additional- but optional- complexity to configuring and running a cosmos application +* If an application developer opts to use these features to expose data, they need to be aware of the ramifications/risks of that data exposure as it pertains to the specifics of their application diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-039-epoched-staking.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-039-epoched-staking.md new file mode 100644 index 00000000..9b5ce9af --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-039-epoched-staking.md @@ -0,0 +1,122 @@ +# ADR 039: Epoched Staking + +## Changelog + +* 10-Feb-2021: Initial Draft + +## Authors + +* Dev Ojha (@valardragon) +* Sunny Aggarwal (@sunnya97) + +## Status + +Proposed + +## Abstract + +This ADR updates the proof of stake module to buffer the staking weight updates for a number of blocks before updating the consensus' staking weights. The length of the buffer is dubbed an epoch. The prior functionality of the staking module is then a special case of the abstracted module, with the epoch being set to 1 block. + +## Context + +The current proof of stake module takes the design decision to apply staking weight changes to the consensus engine immediately. This means that delegations and unbonds get applied immediately to the validator set. This decision was primarily done as it was implementationally simplest, and because we at the time believed that this would lead to better UX for clients. + +An alternative design choice is to allow buffering staking updates (delegations, unbonds, validators joining) for a number of blocks. This 'epoch'd proof of stake consensus provides the guarantee that the consensus weights for validators will not change mid-epoch, except in the event of a slash condition. + +Additionally, the UX hurdle may not be as significant as was previously thought. This is because it is possible to provide users immediate acknowledgement that their bond was recorded and will be executed. + +Furthermore, it has become clearer over time that immediate execution of staking events comes with limitations, such as: + +* Threshold based cryptography. One of the main limitations is that because the validator set can change so regularly, it makes the running of multiparty computation by a fixed validator set difficult. Many threshold-based cryptographic features for blockchains such as randomness beacons and threshold decryption require a computationally-expensive DKG process (will take much longer than 1 block to create). To productively use these, we need to guarantee that the result of the DKG will be used for a reasonably long time. It wouldn't be feasible to rerun the DKG every block. By epoching staking, it guarantees we'll only need to run a new DKG once every epoch. + +* Light client efficiency. This would lessen the overhead for IBC when there is high churn in the validator set. In the Tendermint light client bisection algorithm, the number of headers you need to verify is related to bounding the difference in validator sets between a trusted header and the latest header. If the difference is too great, you verify more header in between the two. By limiting the frequency of validator set changes, we can reduce the worst case size of IBC lite client proofs, which occurs when a validator set has high churn. + +* Fairness of deterministic leader election. Currently we have no ways of reasoning of fairness of deterministic leader election in the presence of staking changes without epochs (tendermint/spec#217). Breaking fairness of leader election is profitable for validators, as they earn additional rewards from being the proposer. Adding epochs at least makes it easier for our deterministic leader election to match something we can prove secure. (Albeit, we still haven’t proven if our current algorithm is fair with > 2 validators in the presence of stake changes) + +* Staking derivative design. Currently, reward distribution is done lazily using the F1 fee distribution. While saving computational complexity, lazy accounting requires a more stateful staking implementation. Right now, each delegation entry has to track the time of last withdrawal. Handling this can be a challenge for some staking derivatives designs that seek to provide fungibility for all tokens staked to a single validator. Force-withdrawing rewards to users can help solve this, however it is infeasible to force-withdraw rewards to users on a per block basis. With epochs, a chain could more easily alter the design to have rewards be forcefully withdrawn (iterating over delegator accounts only once per-epoch), and can thus remove delegation timing from state. This may be useful for certain staking derivative designs. + +## Design considerations + +### Slashing + +There is a design consideration for whether to apply a slash immediately or at the end of an epoch. A slash event should apply to only members who are actually staked during the time of the infraction, namely during the epoch the slash event occurred. + +Applying it immediately can be viewed as offering greater consensus layer security, at potential costs to the aforementioned usecases. The benefits of immediate slashing for consensus layer security can be all be obtained by executing the validator jailing immediately (thus removing it from the validator set), and delaying the actual slash change to the validator's weight until the epoch boundary. For the use cases mentioned above, workarounds can be integrated to avoid problems, as follows: + +* For threshold based cryptography, this setting will have the threshold cryptography use the original epoch weights, while consensus has an update that lets it more rapidly benefit from additional security. If the threshold based cryptography blocks liveness of the chain, then we have effectively raised the liveness threshold of the remaining validators for the rest of the epoch. (Alternatively, jailed nodes could still contribute shares) This plan will fail in the extreme case that more than 1/3rd of the validators have been jailed within a single epoch. For such an extreme scenario, the chain already have its own custom incident response plan, and defining how to handle the threshold cryptography should be a part of that. +* For light client efficiency, there can be a bit included in the header indicating an intra-epoch slash (ala https://github.com/tendermint/spec/issues/199). +* For fairness of deterministic leader election, applying a slash or jailing within an epoch would break the guarantee we were seeking to provide. This then re-introduces a new (but significantly simpler) problem for trying to provide fairness guarantees. Namely, that validators can adversarially elect to remove themself from the set of proposers. From a security perspective, this could potentially be handled by two different mechanisms (or prove to still be too difficult to achieve). One is making a security statement acknowledging the ability for an adversary to force an ahead-of-time fixed threshold of users to drop out of the proposer set within an epoch. The second method would be to parameterize such that the cost of a slash within the epoch far outweights benefits due to being a proposer. However, this latter criterion is quite dubious, since being a proposer can have many advantageous side-effects in chains with complex state machines. (Namely, DeFi games such as Fomo3D) +* For staking derivative design, there is no issue introduced. This does not increase the state size of staking records, since whether a slash has occurred is fully queryable given the validator address. + +### Token lockup + +When someone makes a transaction to delegate, even though they are not immediately staked, their tokens should be moved into a pool managed by the staking module which will then be used at the end of an epoch. This prevents concerns where they stake, and then spend those tokens not realizing they were already allocated for staking, and thus having their staking tx fail. + +### Pipelining the epochs + +For threshold based cryptography in particular, we need a pipeline for epoch changes. This is because when we are in epoch N, we want the epoch N+1 weights to be fixed so that the validator set can do the DKG accordingly. So if we are currently in epoch N, the stake weights for epoch N+1 should already be fixed, and new stake changes should be getting applied to epoch N + 2. + +This can be handled by making a parameter for the epoch pipeline length. This parameter should not be alterable except during hard forks, to mitigate implementation complexity of switching the pipeline length. + +With pipeline length 1, if I redelegate during epoch N, then my redelegation is applied prior to the beginning of epoch N+1. +With pipeline length 2, if I redelegate during epoch N, then my redelegation is applied prior to the beginning of epoch N+2. + +### Rewards + +Even though all staking updates are applied at epoch boundaries, rewards can still be distributed immediately when they are claimed. This is because they do not affect the current stake weights, as we do not implement auto-bonding of rewards. If such a feature were to be implemented, it would have to be setup so that rewards are auto-bonded at the epoch boundary. + +### Parameterizing the epoch length + +When choosing the epoch length, there is a trade-off queued state/computation buildup, and countering the previously discussed limitations of immediate execution if they apply to a given chain. + +Until an ABCI mechanism for variable block times is introduced, it is ill-advised to be using high epoch lengths due to the computation buildup. This is because when a block's execution time is greater than the expected block time from Tendermint, rounds may increment. + +## Decision + +**Step-1**: Implement buffering of all staking and slashing messages. + +First we create a pool for storing tokens that are being bonded, but should be applied at the epoch boundary called the `EpochDelegationPool`. Then, we have two separate queues, one for staking, one for slashing. We describe what happens on each message being delivered below: + +### Staking messages + +* **MsgCreateValidator**: Move user's self-bond to `EpochDelegationPool` immediately. Queue a message for the epoch boundary to handle the self-bond, taking the funds from the `EpochDelegationPool`. If Epoch execution fail, return back funds from `EpochDelegationPool` to user's account. +* **MsgEditValidator**: Validate message and if valid queue the message for execution at the end of the Epoch. +* **MsgDelegate**: Move user's funds to `EpochDelegationPool` immediately. Queue a message for the epoch boundary to handle the delegation, taking the funds from the `EpochDelegationPool`. If Epoch execution fail, return back funds from `EpochDelegationPool` to user's account. +* **MsgBeginRedelegate**: Validate message and if valid queue the message for execution at the end of the Epoch. +* **MsgUndelegate**: Validate message and if valid queue the message for execution at the end of the Epoch. + +### Slashing messages + +* **MsgUnjail**: Validate message and if valid queue the message for execution at the end of the Epoch. +* **Slash Event**: Whenever a slash event is created, it gets queued in the slashing module to apply at the end of the epoch. The queues should be setup such that this slash applies immediately. + +### Evidence Messages + +* **MsgSubmitEvidence**: This gets executed immediately, and the validator gets jailed immediately. However in slashing, the actual slash event gets queued. + +Then we add methods to the end blockers, to ensure that at the epoch boundary the queues are cleared and delegation updates are applied. + +**Step-2**: Implement querying of queued staking txs. + +When querying the staking activity of a given address, the status should return not only the amount of tokens staked, but also if there are any queued stake events for that address. This will require more work to be done in the querying logic, to trace the queued upcoming staking events. + +As an initial implementation, this can be implemented as a linear search over all queued staking events. However, for chains that need long epochs, they should eventually build additional support for nodes that support querying to be able to produce results in constant time. (This is do-able by maintaining an auxilliary hashmap for indexing upcoming staking events by address) + +**Step-3**: Adjust gas + +Currently gas represents the cost of executing a transaction when its done immediately. (Merging together costs of p2p overhead, state access overhead, and computational overhead) However, now a transaction can cause computation in a future block, namely at the epoch boundary. + +To handle this, we should initially include parameters for estimating the amount of future computation (denominated in gas), and add that as a flat charge needed for the message. +We leave it as out of scope for how to weight future computation versus current computation in gas pricing, and have it set such that the are weighted equally for now. + +## Consequences + +### Positive + +* Abstracts the proof of stake module that allows retaining the existing functionality +* Enables new features such as validator-set based threshold cryptography + +### Negative + +* Increases complexity of integrating more complex gas pricing mechanisms, as they now have to consider future execution costs as well. +* When epoch > 1, validators can no longer leave the network immediately, and must wait until an epoch boundary. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-040-storage-and-smt-state-commitments.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-040-storage-and-smt-state-commitments.md new file mode 100644 index 00000000..f60e3adc --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-040-storage-and-smt-state-commitments.md @@ -0,0 +1,289 @@ +# ADR 040: Storage and SMT State Commitments + +## Changelog + +* 2020-01-15: Draft + +## Status + +DRAFT Not Implemented + +## Abstract + +Sparse Merkle Tree ([SMT](https://osf.io/8mcnh/)) is a version of a Merkle Tree with various storage and performance optimizations. This ADR defines a separation of state commitments from data storage and the Cosmos SDK transition from IAVL to SMT. + +## Context + +Currently, Cosmos SDK uses IAVL for both state [commitments](https://cryptography.fandom.com/wiki/Commitment_scheme) and data storage. + +IAVL has effectively become an orphaned project within the Cosmos ecosystem and it's proven to be an inefficient state commitment data structure. +In the current design, IAVL is used for both data storage and as a Merkle Tree for state commitments. IAVL is meant to be a standalone Merkelized key/value database, however it's using a KV DB engine to store all tree nodes. So, each node is stored in a separate record in the KV DB. This causes many inefficiencies and problems: + +* Each object query requires a tree traversal from the root. Subsequent queries for the same object are cached on the Cosmos SDK level. +* Each edge traversal requires a DB query. +* Creating snapshots is [expensive](https://github.com/cosmos/cosmos-sdk/issues/7215#issuecomment-684804950). It takes about 30 seconds to export less than 100 MB of state (as of March 2020). +* Updates in IAVL may trigger tree reorganization and possible O(log(n)) hashes re-computation, which can become a CPU bottleneck. +* The node structure is pretty expensive - it contains a standard tree node elements (key, value, left and right element) and additional metadata such as height, version (which is not required by the Cosmos SDK). The entire node is hashed, and that hash is used as the key in the underlying database, [ref](https://github.com/cosmos/iavl/blob/master/docs/node/node.md +). + +Moreover, the IAVL project lacks support and a maintainer and we already see better and well-established alternatives. Instead of optimizing the IAVL, we are looking into other solutions for both storage and state commitments. + +## Decision + +We propose to separate the concerns of state commitment (**SC**), needed for consensus, and state storage (**SS**), needed for state machine. Finally we replace IAVL with [Celestia's SMT](https://github.com/lazyledger/smt). Celestia SMT is based on Diem (called jellyfish) design [*] - it uses a compute-optimised SMT by replacing subtrees with only default values with a single node (same approach is used by Ethereum2) and implements compact proofs. + +The storage model presented here doesn't deal with data structure nor serialization. It's a Key-Value database, where both key and value are binaries. The storage user is responsible for data serialization. + +### Decouple state commitment from storage + +Separation of storage and commitment (by the SMT) will allow the optimization of different components according to their usage and access patterns. + +`SC` (SMT) is used to commit to a data and compute Merkle proofs. `SS` is used to directly access data. To avoid collisions, both `SS` and `SC` will use a separate storage namespace (they could use the same database underneath). `SS` will store each record directly (mapping `(key, value)` as `key → value`). + +SMT is a merkle tree structure: we don't store keys directly. For every `(key, value)` pair, `hash(key)` is used as leaf path (we hash a key to uniformly distribute leaves in the tree) and `hash(value)` as the leaf contents. The tree structure is specified in more depth [below](#smt-for-state-commitment). + +For data access we propose 2 additional KV buckets (implemented as namespaces for the key-value pairs, sometimes called [column family](https://github.com/facebook/rocksdb/wiki/Terminology)): + +1. B1: `key → value`: the principal object storage, used by a state machine, behind the Cosmos SDK `KVStore` interface: provides direct access by key and allows prefix iteration (KV DB backend must support it). +2. B2: `hash(key) → key`: a reverse index to get a key from an SMT path. Internally the SMT will store `(key, value)` as `prefix || hash(key) || hash(value)`. So, we can get an object value by composing `hash(key) → B2 → B1`. +3. We could use more buckets to optimize the app usage if needed. + +We propose to use a KV database for both `SS` and `SC`. The store interface will allow to use the same physical DB backend for both `SS` and `SC` as well two separate DBs. The latter option allows for the separation of `SS` and `SC` into different hardware units, providing support for more complex setup scenarios and improving overall performance: one can use different backends (eg RocksDB and Badger) as well as independently tuning the underlying DB configuration. + +### Requirements + +State Storage requirements: + +* range queries +* quick (key, value) access +* creating a snapshot +* historical versioning +* pruning (garbage collection) + +State Commitment requirements: + +* fast updates +* tree path should be short +* query historical commitment proofs using ICS-23 standard +* pruning (garbage collection) + +### SMT for State Commitment + +A Sparse Merkle tree is based on the idea of a complete Merkle tree of an intractable size. The assumption here is that as the size of the tree is intractable, there would only be a few leaf nodes with valid data blocks relative to the tree size, rendering a sparse tree. + +The full specification can be found at [Celestia](https://github.com/celestiaorg/celestia-specs/blob/ec98170398dfc6394423ee79b00b71038879e211/src/specs/data_structures.md#sparse-merkle-tree). In summary: + +* The SMT consists of a binary Merkle tree, constructed in the same fashion as described in [Certificate Transparency (RFC-6962)](https://tools.ietf.org/html/rfc6962), but using as the hashing function SHA-2-256 as defined in [FIPS 180-4](https://doi.org/10.6028/NIST.FIPS.180-4). +* Leaves and internal nodes are hashed differently: the one-byte `0x00` is prepended for leaf nodes while `0x01` is prepended for internal nodes. +* Default values are given to leaf nodes with empty leaves. +* While the above rule is sufficient to pre-compute the values of intermediate nodes that are roots of empty subtrees, a further simplification is to extend this default value to all nodes that are roots of empty subtrees. The 32-byte zero is used as the default value. This rule takes precedence over the above one. +* An internal node that is the root of a subtree that contains exactly one non-empty leaf is replaced by that leaf's leaf node. + +### Snapshots for storage sync and state versioning + +Below, with simple _snapshot_ we refer to a database snapshot mechanism, not to a _ABCI snapshot sync_. The latter will be referred as _snapshot sync_ (which will directly use DB snapshot as described below). + +Database snapshot is a view of DB state at a certain time or transaction. It's not a full copy of a database (it would be too big). Usually a snapshot mechanism is based on a _copy on write_ and it allows DB state to be efficiently delivered at a certain stage. +Some DB engines support snapshotting. Hence, we propose to reuse that functionality for the state sync and versioning (described below). We limit the supported DB engines to ones which efficiently implement snapshots. In a final section we discuss the evaluated DBs. + +One of the Stargate core features is a _snapshot sync_ delivered in the `/snapshot` package. It provides a way to trustlessly sync a blockchain without repeating all transactions from the genesis. This feature is implemented in Cosmos SDK and requires storage support. Currently IAVL is the only supported backend. It works by streaming to a client a snapshot of a `SS` at a certain version together with a header chain. + +A new database snapshot will be created in every `EndBlocker` and identified by a block height. The `root` store keeps track of the available snapshots to offer `SS` at a certain version. The `root` store implements the `RootStore` interface described below. In essence, `RootStore` encapsulates a `Committer` interface. `Committer` has a `Commit`, `SetPruning`, `GetPruning` functions which will be used for creating and removing snapshots. The `rootStore.Commit` function creates a new snapshot and increments the version on each call, and checks if it needs to remove old versions. We will need to update the SMT interface to implement the `Committer` interface. +NOTE: `Commit` must be called exactly once per block. Otherwise we risk going out of sync for the version number and block height. +NOTE: For the Cosmos SDK storage, we may consider splitting that interface into `Committer` and `PruningCommitter` - only the multiroot should implement `PruningCommitter` (cache and prefix store don't need pruning). + +Number of historical versions for `abci.RequestQuery` and state sync snapshots is part of a node configuration, not a chain configuration (configuration implied by the blockchain consensus). A configuration should allow to specify number of past blocks and number of past blocks modulo some number (eg: 100 past blocks and one snapshot every 100 blocks for past 2000 blocks). Archival nodes can keep all past versions. + +Pruning old snapshots is effectively done by a database. Whenever we update a record in `SC`, SMT won't update nodes - instead it creates new nodes on the update path, without removing the old one. Since we are snapshotting each block, we need to change that mechanism to immediately remove orphaned nodes from the database. This is a safe operation - snapshots will keep track of the records and make it available when accessing past versions. + +To manage the active snapshots we will either use a DB _max number of snapshots_ option (if available), or we will remove DB snapshots in the `EndBlocker`. The latter option can be done efficiently by identifying snapshots with block height and calling a store function to remove past versions. + +#### Accessing old state versions + +One of the functional requirements is to access old state. This is done through `abci.RequestQuery` structure. The version is specified by a block height (so we query for an object by a key `K` at block height `H`). The number of old versions supported for `abci.RequestQuery` is configurable. Accessing an old state is done by using available snapshots. +`abci.RequestQuery` doesn't need old state of `SC` unless the `prove=true` parameter is set. The SMT merkle proof must be included in the `abci.ResponseQuery` only if both `SC` and `SS` have a snapshot for requested version. + +Moreover, Cosmos SDK could provide a way to directly access a historical state. However, a state machine shouldn't do that - since the number of snapshots is configurable, it would lead to nondeterministic execution. + +We positively [validated](https://github.com/cosmos/cosmos-sdk/discussions/8297) a versioning and snapshot mechanism for querying old state with regards to the database we evaluated. + +### State Proofs + +For any object stored in State Store (SS), we have corresponding object in `SC`. A proof for object `V` identified by a key `K` is a branch of `SC`, where the path corresponds to the key `hash(K)`, and the leaf is `hash(K, V)`. + +### Rollbacks + +We need to be able to process transactions and roll-back state updates if a transaction fails. This can be done in the following way: during transaction processing, we keep all state change requests (writes) in a `CacheWrapper` abstraction (as it's done today). Once we finish the block processing, in the `Endblocker`, we commit a root store - at that time, all changes are written to the SMT and to the `SS` and a snapshot is created. + +### Committing to an object without saving it + +We identified use-cases, where modules will need to save an object commitment without storing an object itself. Sometimes clients are receiving complex objects, and they have no way to prove a correctness of that object without knowing the storage layout. For those use cases it would be easier to commit to the object without storing it directly. + +### Refactor MultiStore + +The Stargate `/store` implementation (store/v1) adds an additional layer in the SDK store construction - the `MultiStore` structure. The multistore exists to support the modularity of the Cosmos SDK - each module is using its own instance of IAVL, but in the current implementation, all instances share the same database. The latter indicates, however, that the implementation doesn't provide true modularity. Instead it causes problems related to race condition and atomic DB commits (see: [\#6370](https://github.com/cosmos/cosmos-sdk/issues/6370) and [discussion](https://github.com/cosmos/cosmos-sdk/discussions/8297#discussioncomment-757043)). + +We propose to reduce the multistore concept from the SDK, and to use a single instance of `SC` and `SS` in a `RootStore` object. To avoid confusion, we should rename the `MultiStore` interface to `RootStore`. The `RootStore` will have the following interface; the methods for configuring tracing and listeners are omitted for brevity. + +```go +// Used where read-only access to versions is needed. +type BasicRootStore interface { + Store + GetKVStore(StoreKey) KVStore + CacheRootStore() CacheRootStore +} + +// Used as the main app state, replacing CommitMultiStore. +type CommitRootStore interface { + BasicRootStore + Committer + Snapshotter + + GetVersion(uint64) (BasicRootStore, error) + SetInitialVersion(uint64) error + + ... // Trace and Listen methods +} + +// Replaces CacheMultiStore for branched state. +type CacheRootStore interface { + BasicRootStore + Write() + + ... // Trace and Listen methods +} + +// Example of constructor parameters for the concrete type. +type RootStoreConfig struct { + Upgrades *StoreUpgrades + InitialVersion uint64 + + ReservePrefix(StoreKey, StoreType) +} +``` + + + + +In contrast to `MultiStore`, `RootStore` doesn't allow to dynamically mount sub-stores or provide an arbitrary backing DB for individual sub-stores. + +NOTE: modules will be able to use a special commitment and their own DBs. For example: a module which will use ZK proofs for state can store and commit this proof in the `RootStore` (usually as a single record) and manage the specialized store privately or using the `SC` low level interface. + +#### Compatibility support + +To ease the transition to this new interface for users, we can create a shim which wraps a `CommitMultiStore` but provides a `CommitRootStore` interface, and expose functions to safely create and access the underlying `CommitMultiStore`. + +The new `RootStore` and supporting types can be implemented in a `store/v2alpha1` package to avoid breaking existing code. + +#### Merkle Proofs and IBC + +Currently, an IBC (v1.0) Merkle proof path consists of two elements (`["", ""]`), with each key corresponding to a separate proof. These are each verified according to individual [ICS-23 specs](https://github.com/cosmos/ibc-go/blob/f7051429e1cf833a6f65d51e6c3df1609290a549/modules/core/23-commitment/types/merkle.go#L17), and the result hash of each step is used as the committed value of the next step, until a root commitment hash is obtained. +The root hash of the proof for `""` is hashed with the `""` to validate against the App Hash. + +This is not compatible with the `RootStore`, which stores all records in a single Merkle tree structure, and won't produce separate proofs for the store- and record-key. Ideally, the store-key component of the proof could just be omitted, and updated to use a "no-op" spec, so only the record-key is used. However, because the IBC verification code hardcodes the `"ibc"` prefix and applies it to the SDK proof as a separate element of the proof path, this isn't possible without a breaking change. Breaking this behavior would severely impact the Cosmos ecosystem which already widely adopts the IBC module. Requesting an update of the IBC module across the chains is a time consuming effort and not easily feasible. + +As a workaround, the `RootStore` will have to use two separate SMTs (they could use the same underlying DB): one for IBC state and one for everything else. A simple Merkle map that reference these SMTs will act as a Merkle Tree to create a final App hash. The Merkle map is not stored in a DBs - it's constructed in the runtime. The IBC substore key must be `"ibc"`. + +The workaround can still guarantee atomic syncs: the [proposed DB backends](#evaluated-kv-databases) support atomic transactions and efficient rollbacks, which will be used in the commit phase. + +The presented workaround can be used until the IBC module is fully upgraded to supports single-element commitment proofs. + +### Optimization: compress module key prefixes + +We consider a compression of prefix keys by creating a mapping from module key to an integer, and serializing the integer using varint coding. Varint coding assures that different values don't have common byte prefix. For Merkle Proofs we can't use prefix compression - so it should only apply for the `SS` keys. Moreover, the prefix compression should be only applied for the module namespace. More precisely: + +* each module has it's own namespace; +* when accessing a module namespace we create a KVStore with embedded prefix; +* that prefix will be compressed only when accessing and managing `SS`. + +We need to assure that the codes won't change. We can fix the mapping in a static variable (provided by an app) or SS state under a special key. + +TODO: need to make decision about the key compression. + +## Optimization: SS key compression + +Some objects may be saved with key, which contains a Protobuf message type. Such keys are long. We could save a lot of space if we can map Protobuf message types in varints. + +TODO: finalize this or move to another ADR. + +## Migration + +Using the new store will require a migration. 2 Migrations are proposed: + +1. Genesis export -- it will reset the blockchain history. +2. In place migration: we can reuse `UpgradeKeeper.SetUpgradeHandler` to provide the migration logic: + +```go +app.UpgradeKeeper.SetUpgradeHandler("adr-40", func(ctx sdk.Context, plan upgradetypes.Plan, vm module.VersionMap) (module.VersionMap, error) { + + storev2.Migrate(iavlstore, v2.store) + + // RunMigrations returns the VersionMap + // with the updated module ConsensusVersions + return app.mm.RunMigrations(ctx, vm) +}) +``` + +The `Migrate` function will read all entries from a store/v1 DB and save them to the AD-40 combined KV store. +Cache layer should not be used and the operation must finish with a single Commit call. + +Inserting records to the `SC` (SMT) component is the bottleneck. Unfortunately SMT doesn't support batch transactions. +Adding batch transactions to `SC` layer is considered as a feature after the main release. + +## Consequences + +### Backwards Compatibility + +This ADR doesn't introduce any Cosmos SDK level API changes. + +We change the storage layout of the state machine, a storage hard fork and network upgrade is required to incorporate these changes. SMT provides a merkle proof functionality, however it is not compatible with ICS23. Updating the proofs for ICS23 compatibility is required. + +### Positive + +* Decoupling state from state commitment introduce better engineering opportunities for further optimizations and better storage patterns. +* Performance improvements. +* Joining SMT based camp which has wider and proven adoption than IAVL. Example projects which decided on SMT: Ethereum2, Diem (Libra), Trillan, Tezos, Celestia. +* Multistore removal fixes a longstanding issue with the current MultiStore design. +* Simplifies merkle proofs - all modules, except IBC, have only one pass for merkle proof. + +### Negative + +* Storage migration +* LL SMT doesn't support pruning - we will need to add and test that functionality. +* `SS` keys will have an overhead of a key prefix. This doesn't impact `SC` because all keys in `SC` have same size (they are hashed). + +### Neutral + +* Deprecating IAVL, which is one of the core proposals of Cosmos Whitepaper. + +## Alternative designs + +Most of the alternative designs were evaluated in [state commitments and storage report](https://paper.dropbox.com/published/State-commitments-and-storage-review--BDvA1MLwRtOx55KRihJ5xxLbBw-KeEB7eOd11pNrZvVtqUgL3h). + +Ethereum research published [Verkle Trie](https://dankradfeist.de/ethereum/2021/06/18/verkle-trie-for-eth1.html) - an idea of combining polynomial commitments with merkle tree in order to reduce the tree height. This concept has a very good potential, but we think it's too early to implement it. The current, SMT based design could be easily updated to the Verkle Trie once other research implement all necessary libraries. The main advantage of the design described in this ADR is the separation of state commitments from the data storage and designing a more powerful interface. + +## Further Discussions + +### Evaluated KV Databases + +We verified existing databases KV databases for evaluating snapshot support. The following databases provide efficient snapshot mechanism: Badger, RocksDB, [Pebble](https://github.com/cockroachdb/pebble). Databases which don't provide such support or are not production ready: boltdb, leveldb, goleveldb, membdb, lmdb. + +### RDBMS + +Use of RDBMS instead of simple KV store for state. Use of RDBMS will require a Cosmos SDK API breaking change (`KVStore` interface) and will allow better data extraction and indexing solutions. Instead of saving an object as a single blob of bytes, we could save it as record in a table in the state storage layer, and as a `hash(key, protobuf(object))` in the SMT as outlined above. To verify that an object registered in RDBMS is same as the one committed to SMT, one will need to load it from RDBMS, marshal using protobuf, hash and do SMT search. + +### Off Chain Store + +We were discussing use case where modules can use a support database, which is not automatically committed. Module will responsible for having a sound storage model and can optionally use the feature discussed in __Committing to an object without saving it_ section. + +## References + +* [IAVL What's Next?](https://github.com/cosmos/cosmos-sdk/issues/7100) +* [IAVL overview](https://docs.google.com/document/d/16Z_hW2rSAmoyMENO-RlAhQjAG3mSNKsQueMnKpmcBv0/edit#heading=h.yd2th7x3o1iv) of it's state v0.15 +* [State commitments and storage report](https://paper.dropbox.com/published/State-commitments-and-storage-review--BDvA1MLwRtOx55KRihJ5xxLbBw-KeEB7eOd11pNrZvVtqUgL3h) +* [Celestia (LazyLedger) SMT](https://github.com/lazyledger/smt) +* Facebook Diem (Libra) SMT [design](https://developers.diem.com/papers/jellyfish-merkle-tree/2021-01-14.pdf) +* [Trillian Revocation Transparency](https://github.com/google/trillian/blob/master/docs/papers/RevocationTransparency.pdf), [Trillian Verifiable Data Structures](https://github.com/google/trillian/blob/master/docs/papers/VerifiableDataStructures.pdf). +* Design and implementation [discussion](https://github.com/cosmos/cosmos-sdk/discussions/8297). +* [How to Upgrade IBC Chains and their Clients](https://github.com/cosmos/ibc-go/blob/main/docs/ibc/upgrades/quick-guide.md) +* [ADR-40 Effect on IBC](https://github.com/cosmos/ibc-go/discussions/256) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-041-in-place-store-migrations.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-041-in-place-store-migrations.md new file mode 100644 index 00000000..2237b610 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-041-in-place-store-migrations.md @@ -0,0 +1,167 @@ +# ADR 041: In-Place Store Migrations + +## Changelog + +* 17.02.2021: Initial Draft + +## Status + +Accepted + +## Abstract + +This ADR introduces a mechanism to perform in-place state store migrations during chain software upgrades. + +## Context + +When a chain upgrade introduces state-breaking changes inside modules, the current procedure consists of exporting the whole state into a JSON file (via the `simd export` command), running migration scripts on the JSON file (`simd genesis migrate` command), clearing the stores (`simd unsafe-reset-all` command), and starting a new chain with the migrated JSON file as new genesis (optionally with a custom initial block height). An example of such a procedure can be seen [in the Cosmos Hub 3->4 migration guide](https://github.com/cosmos/gaia/blob/v4.0.3/docs/migration/cosmoshub-3.md#upgrade-procedure). + +This procedure is cumbersome for multiple reasons: + +* The procedure takes time. It can take hours to run the `export` command, plus some additional hours to run `InitChain` on the fresh chain using the migrated JSON. +* The exported JSON file can be heavy (~100MB-1GB), making it difficult to view, edit and transfer, which in turn introduces additional work to solve these problems (such as [streaming genesis](https://github.com/cosmos/cosmos-sdk/issues/6936)). + +## Decision + +We propose a migration procedure based on modifying the KV store in-place without involving the JSON export-process-import flow described above. + +### Module `ConsensusVersion` + +We introduce a new method on the `AppModule` interface: + +```go +type AppModule interface { + // --snip-- + ConsensusVersion() uint64 +} +``` + +This methods returns an `uint64` which serves as state-breaking version of the module. It MUST be incremented on each consensus-breaking change introduced by the module. To avoid potential errors with default values, the initial version of a module MUST be set to 1. In the Cosmos SDK, version 1 corresponds to the modules in the v0.41 series. + +### Module-Specific Migration Functions + +For each consensus-breaking change introduced by the module, a migration script from ConsensusVersion `N` to version `N+1` MUST be registered in the `Configurator` using its newly-added `RegisterMigration` method. All modules receive a reference to the configurator in their `RegisterServices` method on `AppModule`, and this is where the migration functions should be registered. The migration functions should be registered in increasing order. + +```go +func (am AppModule) RegisterServices(cfg module.Configurator) { + // --snip-- + cfg.RegisterMigration(types.ModuleName, 1, func(ctx sdk.Context) error { + // Perform in-place store migrations from ConsensusVersion 1 to 2. + }) + cfg.RegisterMigration(types.ModuleName, 2, func(ctx sdk.Context) error { + // Perform in-place store migrations from ConsensusVersion 2 to 3. + }) + // etc. +} +``` + +For example, if the new ConsensusVersion of a module is `N` , then `N-1` migration functions MUST be registered in the configurator. + +In the Cosmos SDK, the migration functions are handled by each module's keeper, because the keeper holds the `sdk.StoreKey` used to perform in-place store migrations. To not overload the keeper, a `Migrator` wrapper is used by each module to handle the migration functions: + +```go +// Migrator is a struct for handling in-place store migrations. +type Migrator struct { + BaseKeeper +} +``` + +Migration functions should live inside the `migrations/` folder of each module, and be called by the Migrator's methods. We propose the format `Migrate{M}to{N}` for method names. + +```go +// Migrate1to2 migrates from version 1 to 2. +func (m Migrator) Migrate1to2(ctx sdk.Context) error { + return v2bank.MigrateStore(ctx, m.keeper.storeKey) // v043bank is package `x/bank/migrations/v2`. +} +``` + +Each module's migration functions are specific to the module's store evolutions, and are not described in this ADR. An example of x/bank store key migrations after the introduction of ADR-028 length-prefixed addresses can be seen in this [store.go code](https://github.com/cosmos/cosmos-sdk/blob/36f68eb9e041e20a5bb47e216ac5eb8b91f95471/x/bank/legacy/v043/store.go#L41-L62). + +### Tracking Module Versions in `x/upgrade` + +We introduce a new prefix store in `x/upgrade`'s store. This store will track each module's current version, it can be modelized as a `map[string]uint64` of module name to module ConsensusVersion, and will be used when running the migrations (see next section for details). The key prefix used is `0x1`, and the key/value format is: + +```text +0x2 | {bytes(module_name)} => BigEndian(module_consensus_version) +``` + +The initial state of the store is set from `app.go`'s `InitChainer` method. + +The UpgradeHandler signature needs to be updated to take a `VersionMap`, as well as return an upgraded `VersionMap` and an error: + +```diff +- type UpgradeHandler func(ctx sdk.Context, plan Plan) ++ type UpgradeHandler func(ctx sdk.Context, plan Plan, versionMap VersionMap) (VersionMap, error) +``` + +To apply an upgrade, we query the `VersionMap` from the `x/upgrade` store and pass it into the handler. The handler runs the actual migration functions (see next section), and if successful, returns an updated `VersionMap` to be stored in state. + +```diff +func (k UpgradeKeeper) ApplyUpgrade(ctx sdk.Context, plan types.Plan) { + // --snip-- +- handler(ctx, plan) ++ updatedVM, err := handler(ctx, plan, k.GetModuleVersionMap(ctx)) // k.GetModuleVersionMap() fetches the VersionMap stored in state. ++ if err != nil { ++ return err ++ } ++ ++ // Set the updated consensus versions to state ++ k.SetModuleVersionMap(ctx, updatedVM) +} +``` + +A gRPC query endpoint to query the `VersionMap` stored in `x/upgrade`'s state will also be added, so that app developers can double-check the `VersionMap` before the upgrade handler runs. + +### Running Migrations + +Once all the migration handlers are registered inside the configurator (which happens at startup), running migrations can happen by calling the `RunMigrations` method on `module.Manager`. This function will loop through all modules, and for each module: + +* Get the old ConsensusVersion of the module from its `VersionMap` argument (let's call it `M`). +* Fetch the new ConsensusVersion of the module from the `ConsensusVersion()` method on `AppModule` (call it `N`). +* If `N>M`, run all registered migrations for the module sequentially `M -> M+1 -> M+2...` until `N`. + * There is a special case where there is no ConsensusVersion for the module, as this means that the module has been newly added during the upgrade. In this case, no migration function is run, and the module's current ConsensusVersion is saved to `x/upgrade`'s store. + +If a required migration is missing (e.g. if it has not been registered in the `Configurator`), then the `RunMigrations` function will error. + +In practice, the `RunMigrations` method should be called from inside an `UpgradeHandler`. + +```go +app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, vm module.VersionMap) (module.VersionMap, error) { + return app.mm.RunMigrations(ctx, vm) +}) +``` + +Assuming a chain upgrades at block `n`, the procedure should run as follows: + +* the old binary will halt in `BeginBlock` when starting block `N`. In its store, the ConsensusVersions of the old binary's modules are stored. +* the new binary will start at block `N`. The UpgradeHandler is set in the new binary, so will run at `BeginBlock` of the new binary. Inside `x/upgrade`'s `ApplyUpgrade`, the `VersionMap` will be retrieved from the (old binary's) store, and passed into the `RunMigrations` functon, migrating all module stores in-place before the modules' own `BeginBlock`s. + +## Consequences + +### Backwards Compatibility + +This ADR introduces a new method `ConsensusVersion()` on `AppModule`, which all modules need to implement. It also alters the UpgradeHandler function signature. As such, it is not backwards-compatible. + +While modules MUST register their migration functions when bumping ConsensusVersions, running those scripts using an upgrade handler is optional. An application may perfectly well decide to not call the `RunMigrations` inside its upgrade handler, and continue using the legacy JSON migration path. + +### Positive + +* Perform chain upgrades without manipulating JSON files. +* While no benchmark has been made yet, it is probable that in-place store migrations will take less time than JSON migrations. The main reason supporting this claim is that both the `simd export` command on the old binary and the `InitChain` function on the new binary will be skipped. + +### Negative + +* Module developers MUST correctly track consensus-breaking changes in their modules. If a consensus-breaking change is introduced in a module without its corresponding `ConsensusVersion()` bump, then the `RunMigrations` function won't detect the migration, and the chain upgrade might be unsuccessful. Documentation should clearly reflect this. + +### Neutral + +* The Cosmos SDK will continue to support JSON migrations via the existing `simd export` and `simd genesis migrate` commands. +* The current ADR does not allow creating, renaming or deleting stores, only modifying existing store keys and values. The Cosmos SDK already has the `StoreLoader` for those operations. + +## Further Discussions + +## References + +* Initial discussion: https://github.com/cosmos/cosmos-sdk/discussions/8429 +* Implementation of `ConsensusVersion` and `RunMigrations`: https://github.com/cosmos/cosmos-sdk/pull/8485 +* Issue discussing `x/upgrade` design: https://github.com/cosmos/cosmos-sdk/issues/8514 diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-042-group-module.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-042-group-module.md new file mode 100644 index 00000000..52e94327 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-042-group-module.md @@ -0,0 +1,279 @@ +# ADR 042: Group Module + +## Changelog + +* 2020/04/09: Initial Draft + +## Status + +Draft + +## Abstract + +This ADR defines the `x/group` module which allows the creation and management of on-chain multi-signature accounts and enables voting for message execution based on configurable decision policies. + +## Context + +The legacy amino multi-signature mechanism of the Cosmos SDK has certain limitations: + +* Key rotation is not possible, although this can be solved with [account rekeying](adr-034-account-rekeying.md). +* Thresholds can't be changed. +* UX is cumbersome for non-technical users ([#5661](https://github.com/cosmos/cosmos-sdk/issues/5661)). +* It requires `legacy_amino` sign mode ([#8141](https://github.com/cosmos/cosmos-sdk/issues/8141)). + +While the group module is not meant to be a total replacement for the current multi-signature accounts, it provides a solution to the limitations described above, with a more flexible key management system where keys can be added, updated or removed, as well as configurable thresholds. +It's meant to be used with other access control modules such as [`x/feegrant`](./adr-029-fee-grant-module.md) ans [`x/authz`](adr-030-authz-module.md) to simplify key management for individuals and organizations. + +The proof of concept of the group module can be found in https://github.com/regen-network/regen-ledger/tree/master/proto/regen/group/v1alpha1 and https://github.com/regen-network/regen-ledger/tree/master/x/group. + +## Decision + +We propose merging the `x/group` module with its supporting [ORM/Table Store package](https://github.com/regen-network/regen-ledger/tree/master/orm) ([#7098](https://github.com/cosmos/cosmos-sdk/issues/7098)) into the Cosmos SDK and continuing development here. There will be a dedicated ADR for the ORM package. + +### Group + +A group is a composition of accounts with associated weights. It is not +an account and doesn't have a balance. It doesn't in and of itself have any +sort of voting or decision weight. +Group members can create proposals and vote on them through group accounts using different decision policies. + +It has an `admin` account which can manage members in the group, update the group +metadata and set a new admin. + +```protobuf +message GroupInfo { + + // group_id is the unique ID of this group. + uint64 group_id = 1; + + // admin is the account address of the group's admin. + string admin = 2; + + // metadata is any arbitrary metadata to attached to the group. + bytes metadata = 3; + + // version is used to track changes to a group's membership structure that + // would break existing proposals. Whenever a member weight has changed, + // or any member is added or removed, the version is incremented and will + // invalidate all proposals from older versions. + uint64 version = 4; + + // total_weight is the sum of the group members' weights. + string total_weight = 5; +} +``` + +```protobuf +message GroupMember { + + // group_id is the unique ID of the group. + uint64 group_id = 1; + + // member is the member data. + Member member = 2; +} + +// Member represents a group member with an account address, +// non-zero weight and metadata. +message Member { + + // address is the member's account address. + string address = 1; + + // weight is the member's voting weight that should be greater than 0. + string weight = 2; + + // metadata is any arbitrary metadata to attached to the member. + bytes metadata = 3; +} +``` + +### Group Account + +A group account is an account associated with a group and a decision policy. +A group account does have a balance. + +Group accounts are abstracted from groups because a single group may have +multiple decision policies for different types of actions. Managing group +membership separately from decision policies results in the least overhead +and keeps membership consistent across different policies. The pattern that +is recommended is to have a single master group account for a given group, +and then to create separate group accounts with different decision policies +and delegate the desired permissions from the master account to +those "sub-accounts" using the [`x/authz` module](adr-030-authz-module.md). + +```protobuf +message GroupAccountInfo { + + // address is the group account address. + string address = 1; + + // group_id is the ID of the Group the GroupAccount belongs to. + uint64 group_id = 2; + + // admin is the account address of the group admin. + string admin = 3; + + // metadata is any arbitrary metadata of this group account. + bytes metadata = 4; + + // version is used to track changes to a group's GroupAccountInfo structure that + // invalidates active proposal from old versions. + uint64 version = 5; + + // decision_policy specifies the group account's decision policy. + google.protobuf.Any decision_policy = 6 [(cosmos_proto.accepts_interface) = "cosmos.group.v1.DecisionPolicy"]; +} +``` + +Similarly to a group admin, a group account admin can update its metadata, decision policy or set a new group account admin. + +A group account can also be an admin or a member of a group. +For instance, a group admin could be another group account which could "elects" the members or it could be the same group that elects itself. + +### Decision Policy + +A decision policy is the mechanism by which members of a group can vote on +proposals. + +All decision policies should have a minimum and maximum voting window. +The minimum voting window is the minimum duration that must pass in order +for a proposal to potentially pass, and it may be set to 0. The maximum voting +window is the maximum time that a proposal may be voted on and executed if +it reached enough support before it is closed. +Both of these values must be less than a chain-wide max voting window parameter. + +We define the `DecisionPolicy` interface that all decision policies must implement: + +```go +type DecisionPolicy interface { + codec.ProtoMarshaler + + ValidateBasic() error + GetTimeout() types.Duration + Allow(tally Tally, totalPower string, votingDuration time.Duration) (DecisionPolicyResult, error) + Validate(g GroupInfo) error +} + +type DecisionPolicyResult struct { + Allow bool + Final bool +} +``` + +#### Threshold decision policy + +A threshold decision policy defines a minimum support votes (_yes_), based on a tally +of voter weights, for a proposal to pass. For +this decision policy, abstain and veto are treated as no support (_no_). + +```protobuf +message ThresholdDecisionPolicy { + + // threshold is the minimum weighted sum of support votes for a proposal to succeed. + string threshold = 1; + + // voting_period is the duration from submission of a proposal to the end of voting period + // Within this period, votes and exec messages can be submitted. + google.protobuf.Duration voting_period = 2 [(gogoproto.nullable) = false]; +} +``` + +### Proposal + +Any member of a group can submit a proposal for a group account to decide upon. +A proposal consists of a set of `sdk.Msg`s that will be executed if the proposal +passes as well as any metadata associated with the proposal. These `sdk.Msg`s get validated as part of the `Msg/CreateProposal` request validation. They should also have their signer set as the group account. + +Internally, a proposal also tracks: + +* its current `Status`: submitted, closed or aborted +* its `Result`: unfinalized, accepted or rejected +* its `VoteState` in the form of a `Tally`, which is calculated on new votes and when executing the proposal. + +```protobuf +// Tally represents the sum of weighted votes. +message Tally { + option (gogoproto.goproto_getters) = false; + + // yes_count is the weighted sum of yes votes. + string yes_count = 1; + + // no_count is the weighted sum of no votes. + string no_count = 2; + + // abstain_count is the weighted sum of abstainers. + string abstain_count = 3; + + // veto_count is the weighted sum of vetoes. + string veto_count = 4; +} +``` + +### Voting + +Members of a group can vote on proposals. There are four choices to choose while voting - yes, no, abstain and veto. Not +all decision policies will support them. Votes can contain some optional metadata. +In the current implementation, the voting window begins as soon as a proposal +is submitted. + +Voting internally updates the proposal `VoteState` as well as `Status` and `Result` if needed. + +### Executing Proposals + +Proposals will not be automatically executed by the chain in this current design, +but rather a user must submit a `Msg/Exec` transaction to attempt to execute the +proposal based on the current votes and decision policy. A future upgrade could +automate this and have the group account (or a fee granter) pay. + +#### Changing Group Membership + +In the current implementation, updating a group or a group account after submitting a proposal will make it invalid. It will simply fail if someone calls `Msg/Exec` and will eventually be garbage collected. + +### Notes on current implementation + +This section outlines the current implementation used in the proof of concept of the group module but this could be subject to changes and iterated on. + +#### ORM + +The [ORM package](https://github.com/cosmos/cosmos-sdk/discussions/9156) defines tables, sequences and secondary indexes which are used in the group module. + +Groups are stored in state as part of a `groupTable`, the `group_id` being an auto-increment integer. Group members are stored in a `groupMemberTable`. + +Group accounts are stored in a `groupAccountTable`. The group account address is generated based on an auto-increment integer which is used to derive the group module `RootModuleKey` into a `DerivedModuleKey`, as stated in [ADR-033](adr-033-protobuf-inter-module-comm.md#modulekeys-and-moduleids). The group account is added as a new `ModuleAccount` through `x/auth`. + +Proposals are stored as part of the `proposalTable` using the `Proposal` type. The `proposal_id` is an auto-increment integer. + +Votes are stored in the `voteTable`. The primary key is based on the vote's `proposal_id` and `voter` account address. + +#### ADR-033 to route proposal messages + +Inter-module communication introduced by [ADR-033](adr-033-protobuf-inter-module-comm.md) can be used to route a proposal's messages using the `DerivedModuleKey` corresponding to the proposal's group account. + +## Consequences + +### Positive + +* Improved UX for multi-signature accounts allowing key rotation and custom decision policies. + +### Negative + +### Neutral + +* It uses ADR 033 so it will need to be implemented within the Cosmos SDK, but this doesn't imply necessarily any large refactoring of existing Cosmos SDK modules. +* The current implementation of the group module uses the ORM package. + +## Further Discussions + +* Convergence of `/group` and `x/gov` as both support proposals and voting: https://github.com/cosmos/cosmos-sdk/discussions/9066 +* `x/group` possible future improvements: + * Execute proposals on submission (https://github.com/regen-network/regen-ledger/issues/288) + * Withdraw a proposal (https://github.com/regen-network/cosmos-modules/issues/41) + * Make `Tally` more flexible and support non-binary choices + +## References + +* Initial specification: + * https://gist.github.com/aaronc/b60628017352df5983791cad30babe56#group-module + * [#5236](https://github.com/cosmos/cosmos-sdk/pull/5236) +* Proposal to add `x/group` into the Cosmos SDK: [#7633](https://github.com/cosmos/cosmos-sdk/issues/7633) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-043-nft-module.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-043-nft-module.md new file mode 100644 index 00000000..87b4dbb5 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-043-nft-module.md @@ -0,0 +1,349 @@ +# ADR 43: NFT Module + +## Changelog + +* 2021-05-01: Initial Draft +* 2021-07-02: Review updates +* 2022-06-15: Add batch operation +* 2022-11-11: Remove strict validation of classID and tokenID + +## Status + +PROPOSED + +## Abstract + +This ADR defines the `x/nft` module which is a generic implementation of NFTs, roughly "compatible" with ERC721. **Applications using the `x/nft` module must implement the following functions**: + +* `MsgNewClass` - Receive the user's request to create a class, and call the `NewClass` of the `x/nft` module. +* `MsgUpdateClass` - Receive the user's request to update a class, and call the `UpdateClass` of the `x/nft` module. +* `MsgMintNFT` - Receive the user's request to mint a nft, and call the `MintNFT` of the `x/nft` module. +* `BurnNFT` - Receive the user's request to burn a nft, and call the `BurnNFT` of the `x/nft` module. +* `UpdateNFT` - Receive the user's request to update a nft, and call the `UpdateNFT` of the `x/nft` module. + +## Context + +NFTs are more than just crypto art, which is very helpful for accruing value to the Cosmos ecosystem. As a result, Cosmos Hub should implement NFT functions and enable a unified mechanism for storing and sending the ownership representative of NFTs as discussed in https://github.com/cosmos/cosmos-sdk/discussions/9065. + +As discussed in [#9065](https://github.com/cosmos/cosmos-sdk/discussions/9065), several potential solutions can be considered: + +* irismod/nft and modules/incubator/nft +* CW721 +* DID NFTs +* interNFT + +Since functions/use cases of NFTs are tightly connected with their logic, it is almost impossible to support all the NFTs' use cases in one Cosmos SDK module by defining and implementing different transaction types. + +Considering generic usage and compatibility of interchain protocols including IBC and Gravity Bridge, it is preferred to have a generic NFT module design which handles the generic NFTs logic. +This design idea can enable composability that application-specific functions should be managed by other modules on Cosmos Hub or on other Zones by importing the NFT module. + +The current design is based on the work done by [IRISnet team](https://github.com/irisnet/irismod/tree/master/modules/nft) and an older implementation in the [Cosmos repository](https://github.com/cosmos/modules/tree/master/incubator/nft). + +## Decision + +We create a `x/nft` module, which contains the following functionality: + +* Store NFTs and track their ownership. +* Expose `Keeper` interface for composing modules to transfer, mint and burn NFTs. +* Expose external `Message` interface for users to transfer ownership of their NFTs. +* Query NFTs and their supply information. + +The proposed module is a base module for NFT app logic. It's goal it to provide a common layer for storage, basic transfer functionality and IBC. The module should not be used as a standalone. +Instead an app should create a specialized module to handle app specific logic (eg: NFT ID construction, royalty), user level minting and burning. Moreover an app specialized module should handle auxiliary data to support the app logic (eg indexes, ORM, business data). + +All data carried over IBC must be part of the `NFT` or `Class` type described below. The app specific NFT data should be encoded in `NFT.data` for cross-chain integrity. Other objects related to NFT, which are not important for integrity can be part of the app specific module. + +### Types + +We propose two main types: + +* `Class` -- describes NFT class. We can think about it as a smart contract address. +* `NFT` -- object representing unique, non fungible asset. Each NFT is associated with a Class. + +#### Class + +NFT **Class** is comparable to an ERC-721 smart contract (provides description of a smart contract), under which a collection of NFTs can be created and managed. + +```protobuf +message Class { + string id = 1; + string name = 2; + string symbol = 3; + string description = 4; + string uri = 5; + string uri_hash = 6; + google.protobuf.Any data = 7; +} +``` + +* `id` is used as the primary index for storing the class; _required_ +* `name` is a descriptive name of the NFT class; _optional_ +* `symbol` is the symbol usually shown on exchanges for the NFT class; _optional_ +* `description` is a detailed description of the NFT class; _optional_ +* `uri` is a URI for the class metadata stored off chain. It should be a JSON file that contains metadata about the NFT class and NFT data schema ([OpenSea example](https://docs.opensea.io/docs/contract-level-metadata)); _optional_ +* `uri_hash` is a hash of the document pointed by uri; _optional_ +* `data` is app specific metadata of the class; _optional_ + +#### NFT + +We define a general model for `NFT` as follows. + +```protobuf +message NFT { + string class_id = 1; + string id = 2; + string uri = 3; + string uri_hash = 4; + google.protobuf.Any data = 10; +} +``` + +* `class_id` is the identifier of the NFT class where the NFT belongs; _required_ +* `id` is an identifier of the NFT, unique within the scope of its class. It is specified by the creator of the NFT and may be expanded to use DID in the future. `class_id` combined with `id` uniquely identifies an NFT and is used as the primary index for storing the NFT; _required_ + + ```text + {class_id}/{id} --> NFT (bytes) + ``` + +* `uri` is a URI for the NFT metadata stored off chain. Should point to a JSON file that contains metadata about this NFT (Ref: [ERC721 standard and OpenSea extension](https://docs.opensea.io/docs/metadata-standards)); _required_ +* `uri_hash` is a hash of the document pointed by uri; _optional_ +* `data` is an app specific data of the NFT. CAN be used by composing modules to specify additional properties of the NFT; _optional_ + +This ADR doesn't specify values that `data` can take; however, best practices recommend upper-level NFT modules clearly specify their contents. Although the value of this field doesn't provide the additional context required to manage NFT records, which means that the field can technically be removed from the specification, the field's existence allows basic informational/UI functionality. + +### `Keeper` Interface + +```go +type Keeper interface { + NewClass(ctx sdk.Context,class Class) + UpdateClass(ctx sdk.Context,class Class) + + Mint(ctx sdk.Context,nft NFT,receiver sdk.AccAddress) // updates totalSupply + BatchMint(ctx sdk.Context, tokens []NFT,receiver sdk.AccAddress) error + + Burn(ctx sdk.Context, classId string, nftId string) // updates totalSupply + BatchBurn(ctx sdk.Context, classID string, nftIDs []string) error + + Update(ctx sdk.Context, nft NFT) + BatchUpdate(ctx sdk.Context, tokens []NFT) error + + Transfer(ctx sdk.Context, classId string, nftId string, receiver sdk.AccAddress) + BatchTransfer(ctx sdk.Context, classID string, nftIDs []string, receiver sdk.AccAddress) error + + GetClass(ctx sdk.Context, classId string) Class + GetClasses(ctx sdk.Context) []Class + + GetNFT(ctx sdk.Context, classId string, nftId string) NFT + GetNFTsOfClassByOwner(ctx sdk.Context, classId string, owner sdk.AccAddress) []NFT + GetNFTsOfClass(ctx sdk.Context, classId string) []NFT + + GetOwner(ctx sdk.Context, classId string, nftId string) sdk.AccAddress + GetBalance(ctx sdk.Context, classId string, owner sdk.AccAddress) uint64 + GetTotalSupply(ctx sdk.Context, classId string) uint64 +} +``` + +Other business logic implementations should be defined in composing modules that import `x/nft` and use its `Keeper`. + +### `Msg` Service + +```protobuf +service Msg { + rpc Send(MsgSend) returns (MsgSendResponse); +} + +message MsgSend { + string class_id = 1; + string id = 2; + string sender = 3; + string reveiver = 4; +} +message MsgSendResponse {} +``` + +`MsgSend` can be used to transfer the ownership of an NFT to another address. + +The implementation outline of the server is as follows: + +```go +type msgServer struct{ + k Keeper +} + +func (m msgServer) Send(ctx context.Context, msg *types.MsgSend) (*types.MsgSendResponse, error) { + // check current ownership + assertEqual(msg.Sender, m.k.GetOwner(msg.ClassId, msg.Id)) + + // transfer ownership + m.k.Transfer(msg.ClassId, msg.Id, msg.Receiver) + + return &types.MsgSendResponse{}, nil +} +``` + +The query service methods for the `x/nft` module are: + +```protobuf +service Query { + // Balance queries the number of NFTs of a given class owned by the owner, same as balanceOf in ERC721 + rpc Balance(QueryBalanceRequest) returns (QueryBalanceResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/balance/{owner}/{class_id}"; + } + + // Owner queries the owner of the NFT based on its class and id, same as ownerOf in ERC721 + rpc Owner(QueryOwnerRequest) returns (QueryOwnerResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/owner/{class_id}/{id}"; + } + + // Supply queries the number of NFTs from the given class, same as totalSupply of ERC721. + rpc Supply(QuerySupplyRequest) returns (QuerySupplyResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/supply/{class_id}"; + } + + // NFTs queries all NFTs of a given class or owner,choose at least one of the two, similar to tokenByIndex in ERC721Enumerable + rpc NFTs(QueryNFTsRequest) returns (QueryNFTsResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/nfts"; + } + + // NFT queries an NFT based on its class and id. + rpc NFT(QueryNFTRequest) returns (QueryNFTResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/nfts/{class_id}/{id}"; + } + + // Class queries an NFT class based on its id + rpc Class(QueryClassRequest) returns (QueryClassResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/classes/{class_id}"; + } + + // Classes queries all NFT classes + rpc Classes(QueryClassesRequest) returns (QueryClassesResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/classes"; + } +} + +// QueryBalanceRequest is the request type for the Query/Balance RPC method +message QueryBalanceRequest { + string class_id = 1; + string owner = 2; +} + +// QueryBalanceResponse is the response type for the Query/Balance RPC method +message QueryBalanceResponse { + uint64 amount = 1; +} + +// QueryOwnerRequest is the request type for the Query/Owner RPC method +message QueryOwnerRequest { + string class_id = 1; + string id = 2; +} + +// QueryOwnerResponse is the response type for the Query/Owner RPC method +message QueryOwnerResponse { + string owner = 1; +} + +// QuerySupplyRequest is the request type for the Query/Supply RPC method +message QuerySupplyRequest { + string class_id = 1; +} + +// QuerySupplyResponse is the response type for the Query/Supply RPC method +message QuerySupplyResponse { + uint64 amount = 1; +} + +// QueryNFTstRequest is the request type for the Query/NFTs RPC method +message QueryNFTsRequest { + string class_id = 1; + string owner = 2; + cosmos.base.query.v1beta1.PageRequest pagination = 3; +} + +// QueryNFTsResponse is the response type for the Query/NFTs RPC methods +message QueryNFTsResponse { + repeated cosmos.nft.v1beta1.NFT nfts = 1; + cosmos.base.query.v1beta1.PageResponse pagination = 2; +} + +// QueryNFTRequest is the request type for the Query/NFT RPC method +message QueryNFTRequest { + string class_id = 1; + string id = 2; +} + +// QueryNFTResponse is the response type for the Query/NFT RPC method +message QueryNFTResponse { + cosmos.nft.v1beta1.NFT nft = 1; +} + +// QueryClassRequest is the request type for the Query/Class RPC method +message QueryClassRequest { + string class_id = 1; +} + +// QueryClassResponse is the response type for the Query/Class RPC method +message QueryClassResponse { + cosmos.nft.v1beta1.Class class = 1; +} + +// QueryClassesRequest is the request type for the Query/Classes RPC method +message QueryClassesRequest { + // pagination defines an optional pagination for the request. + cosmos.base.query.v1beta1.PageRequest pagination = 1; +} + +// QueryClassesResponse is the response type for the Query/Classes RPC method +message QueryClassesResponse { + repeated cosmos.nft.v1beta1.Class classes = 1; + cosmos.base.query.v1beta1.PageResponse pagination = 2; +} +``` + +### Interoperability + +Interoperability is all about reusing assets between modules and chains. The former one is achieved by ADR-33: Protobuf client - server communication. At the time of writing ADR-33 is not finalized. The latter is achieved by IBC. Here we will focus on the IBC side. +IBC is implemented per module. Here, we aligned that NFTs will be recorded and managed in the x/nft. This requires creation of a new IBC standard and implementation of it. + +For IBC interoperability, NFT custom modules MUST use the NFT object type understood by the IBC client. So, for x/nft interoperability, custom NFT implementations (example: x/cryptokitty) should use the canonical x/nft module and proxy all NFT balance keeping functionality to x/nft or else re-implement all functionality using the NFT object type understood by the IBC client. In other words: x/nft becomes the standard NFT registry for all Cosmos NFTs (example: x/cryptokitty will register a kitty NFT in x/nft and use x/nft for book keeping). This was [discussed](https://github.com/cosmos/cosmos-sdk/discussions/9065#discussioncomment-873206) in the context of using x/bank as a general asset balance book. Not using x/nft will require implementing another module for IBC. + +## Consequences + +### Backward Compatibility + +No backward incompatibilities. + +### Forward Compatibility + +This specification conforms to the ERC-721 smart contract specification for NFT identifiers. Note that ERC-721 defines uniqueness based on (contract address, uint256 tokenId), and we conform to this implicitly because a single module is currently aimed to track NFT identifiers. Note: use of the (mutable) data field to determine uniqueness is not safe.s + +### Positive + +* NFT identifiers available on Cosmos Hub. +* Ability to build different NFT modules for the Cosmos Hub, e.g., ERC-721. +* NFT module which supports interoperability with IBC and other cross-chain infrastructures like Gravity Bridge + +### Negative + +* New IBC app is required for x/nft +* CW721 adapter is required + +### Neutral + +* Other functions need more modules. For example, a custody module is needed for NFT trading function, a collectible module is needed for defining NFT properties. + +## Further Discussions + +For other kinds of applications on the Hub, more app-specific modules can be developed in the future: + +* `x/nft/custody`: custody of NFTs to support trading functionality. +* `x/nft/marketplace`: selling and buying NFTs using sdk.Coins. +* `x/fractional`: a module to split an ownership of an asset (NFT or other assets) for multiple stakeholder. `x/group` should work for most of the cases. + +Other networks in the Cosmos ecosystem could design and implement their own NFT modules for specific NFT applications and use cases. + +## References + +* Initial discussion: https://github.com/cosmos/cosmos-sdk/discussions/9065 +* x/nft: initialize module: https://github.com/cosmos/cosmos-sdk/pull/9174 +* [ADR 033](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-033-protobuf-inter-module-comm.md) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-044-protobuf-updates-guidelines.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-044-protobuf-updates-guidelines.md new file mode 100644 index 00000000..a5ea3131 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-044-protobuf-updates-guidelines.md @@ -0,0 +1,129 @@ +# ADR 044: Guidelines for Updating Protobuf Definitions + +## Changelog + +* 28.06.2021: Initial Draft +* 02.12.2021: Add `Since:` comment for new fields +* 21.07.2022: Remove the rule of no new `Msg` in the same proto version. + +## Status + +Draft + +## Abstract + +This ADR provides guidelines and recommended practices when updating Protobuf definitions. These guidelines are targeting module developers. + +## Context + +The Cosmos SDK maintains a set of [Protobuf definitions](https://github.com/cosmos/cosmos-sdk/tree/main/proto/cosmos). It is important to correctly design Protobuf definitions to avoid any breaking changes within the same version. The reasons are to not break tooling (including indexers and explorers), wallets and other third-party integrations. + +When making changes to these Protobuf definitions, the Cosmos SDK currently only follows [Buf's](https://docs.buf.build/) recommendations. We noticed however that Buf's recommendations might still result in breaking changes in the SDK in some cases. For example: + +* Adding fields to `Msg`s. Adding fields is a not a Protobuf spec-breaking operation. However, when adding new fields to `Msg`s, the unknown field rejection will throw an error when sending the new `Msg` to an older node. +* Marking fields as `reserved`. Protobuf proposes the `reserved` keyword for removing fields without the need to bump the package version. However, by doing so, client backwards compatibility is broken as Protobuf doesn't generate anything for `reserved` fields. See [#9446](https://github.com/cosmos/cosmos-sdk/issues/9446) for more details on this issue. + +Moreover, module developers often face other questions around Protobuf definitions such as "Can I rename a field?" or "Can I deprecate a field?" This ADR aims to answer all these questions by providing clear guidelines about allowed updates for Protobuf definitions. + +## Decision + +We decide to keep [Buf's](https://docs.buf.build/) recommendations with the following exceptions: + +* `UNARY_RPC`: the Cosmos SDK currently does not support streaming RPCs. +* `COMMENT_FIELD`: the Cosmos SDK allows fields with no comments. +* `SERVICE_SUFFIX`: we use the `Query` and `Msg` service naming convention, which doesn't use the `-Service` suffix. +* `PACKAGE_VERSION_SUFFIX`: some packages, such as `cosmos.crypto.ed25519`, don't use a version suffix. +* `RPC_REQUEST_STANDARD_NAME`: Requests for the `Msg` service don't have the `-Request` suffix to keep backwards compatibility. + +On top of Buf's recommendations we add the following guidelines that are specific to the Cosmos SDK. + +### Updating Protobuf Definition Without Bumping Version + +#### 1. Module developers MAY add new Protobuf definitions + +Module developers MAY add new `message`s, new `Service`s, new `rpc` endpoints, and new fields to existing messages. This recommendation follows the Protobuf specification, but is added in this document for clarity, as the SDK requires one additional change. + +The SDK requires the Protobuf comment of the new addition to contain one line with the following format: + +```protobuf +// Since: cosmos-sdk {, ...} +``` + +Where each `version` denotes a minor ("0.45") or patch ("0.44.5") version from which the field is available. This will greatly help client libraries, who can optionally use reflection or custom code generation to show/hide these fields depending on the targetted node version. + +As examples, the following comments are valid: + +```protobuf +// Since: cosmos-sdk 0.44 + +// Since: cosmos-sdk 0.42.11, 0.44.5 +``` + +and the following ones are NOT valid: + +```protobuf +// Since cosmos-sdk v0.44 + +// since: cosmos-sdk 0.44 + +// Since: cosmos-sdk 0.42.11 0.44.5 + +// Since: Cosmos SDK 0.42.11, 0.44.5 +``` + +#### 2. Fields MAY be marked as `deprecated`, and nodes MAY implement a protocol-breaking change for handling these fields + +Protobuf supports the [`deprecated` field option](https://developers.google.com/protocol-buffers/docs/proto#options), and this option MAY be used on any field, including `Msg` fields. If a node handles a Protobuf message with a non-empty deprecated field, the node MAY change its behavior upon processing it, even in a protocol-breaking way. When possible, the node MUST handle backwards compatibility without breaking the consensus (unless we increment the proto version). + +As an example, the Cosmos SDK v0.42 to v0.43 update contained two Protobuf-breaking changes, listed below. Instead of bumping the package versions from `v1beta1` to `v1`, the SDK team decided to follow this guideline, by reverting the breaking changes, marking those changes as deprecated, and modifying the node implementation when processing messages with deprecated fields. More specifically: + +* The Cosmos SDK recently removed support for [time-based software upgrades](https://github.com/cosmos/cosmos-sdk/pull/8849). As such, the `time` field has been marked as deprecated in `cosmos.upgrade.v1beta1.Plan`. Moreover, the node will reject any proposal containing an upgrade Plan whose `time` field is non-empty. +* The Cosmos SDK now supports [governance split votes](./adr-037-gov-split-vote.md). When querying for votes, the returned `cosmos.gov.v1beta1.Vote` message has its `option` field (used for 1 vote option) deprecated in favor of its `options` field (allowing multiple vote options). Whenever possible, the SDK still populates the deprecated `option` field, that is, if and only if the `len(options) == 1` and `options[0].Weight == 1.0`. + +#### 3. Fields MUST NOT be renamed + +Whereas the official Protobuf recommendations do not prohibit renaming fields, as it does not break the Protobuf binary representation, the SDK explicitly forbids renaming fields in Protobuf structs. The main reason for this choice is to avoid introducing breaking changes for clients, which often rely on hard-coded fields from generated types. Moreover, renaming fields will lead to client-breaking JSON representations of Protobuf definitions, used in REST endpoints and in the CLI. + +### Incrementing Protobuf Package Version + +TODO, needs architecture review. Some topics: + +* Bumping versions frequency +* When bumping versions, should the Cosmos SDK support both versions? + * i.e. v1beta1 -> v1, should we have two folders in the Cosmos SDK, and handlers for both versions? +* mention ADR-023 Protobuf naming + +## Consequences + +> This section describes the resulting context, after applying the decision. All consequences should be listed here, not just the "positive" ones. A particular decision may have positive, negative, and neutral consequences, but all of them affect the team and project in the future. + +### Backwards Compatibility + +> All ADRs that introduce backwards incompatibilities must include a section describing these incompatibilities and their severity. The ADR must explain how the author proposes to deal with these incompatibilities. ADR submissions without a sufficient backwards compatibility treatise may be rejected outright. + +### Positive + +* less pain to tool developers +* more compatibility in the ecosystem +* ... + +### Negative + +{negative consequences} + +### Neutral + +* more rigor in Protobuf review + +## Further Discussions + +This ADR is still in the DRAFT stage, and the "Incrementing Protobuf Package Version" will be filled in once we make a decision on how to correctly do it. + +## Test Cases [optional] + +Test cases for an implementation are mandatory for ADRs that are affecting consensus changes. Other ADRs can choose to include links to test cases if applicable. + +## References + +* [#9445](https://github.com/cosmos/cosmos-sdk/issues/9445) Release proto definitions v1 +* [#9446](https://github.com/cosmos/cosmos-sdk/issues/9446) Address v1beta1 proto breaking changes diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-045-check-delivertx-middlewares.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-045-check-delivertx-middlewares.md new file mode 100644 index 00000000..60172977 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-045-check-delivertx-middlewares.md @@ -0,0 +1,312 @@ +# ADR 045: BaseApp `{Check,Deliver}Tx` as Middlewares + +## Changelog + +* 20.08.2021: Initial draft. +* 07.12.2021: Update `tx.Handler` interface ([\#10693](https://github.com/cosmos/cosmos-sdk/pull/10693)). +* 17.05.2022: ADR is abandoned, as middlewares are deemed too hard to reason about. + +## Status + +ABANDONED. Replacement is being discussed in [#11955](https://github.com/cosmos/cosmos-sdk/issues/11955). + +## Abstract + +This ADR replaces the current BaseApp `runTx` and antehandlers design with a middleware-based design. + +## Context + +BaseApp's implementation of ABCI `{Check,Deliver}Tx()` and its own `Simulate()` method call the `runTx` method under the hood, which first runs antehandlers, then executes `Msg`s. However, the [transaction Tips](https://github.com/cosmos/cosmos-sdk/issues/9406) and [refunding unused gas](https://github.com/cosmos/cosmos-sdk/issues/2150) use cases require custom logic to be run after the `Msg`s execution. There is currently no way to achieve this. + +An naive solution would be to add post-`Msg` hooks to BaseApp. However, the Cosmos SDK team thinks in parallel about the bigger picture of making app wiring simpler ([#9181](https://github.com/cosmos/cosmos-sdk/discussions/9182)), which includes making BaseApp more lightweight and modular. + +## Decision + +We decide to transform Baseapp's implementation of ABCI `{Check,Deliver}Tx` and its own `Simulate` methods to use a middleware-based design. + +The two following interfaces are the base of the middleware design, and are defined in `types/tx`: + +```go +type Handler interface { + CheckTx(ctx context.Context, req Request, checkReq RequestCheckTx) (Response, ResponseCheckTx, error) + DeliverTx(ctx context.Context, req Request) (Response, error) + SimulateTx(ctx context.Context, req Request (Response, error) +} + +type Middleware func(Handler) Handler +``` + +where we define the following arguments and return types: + +```go +type Request struct { + Tx sdk.Tx + TxBytes []byte +} + +type Response struct { + GasWanted uint64 + GasUsed uint64 + // MsgResponses is an array containing each Msg service handler's response + // type, packed in an Any. This will get proto-serialized into the `Data` field + // in the ABCI Check/DeliverTx responses. + MsgResponses []*codectypes.Any + Log string + Events []abci.Event +} + +type RequestCheckTx struct { + Type abci.CheckTxType +} + +type ResponseCheckTx struct { + Priority int64 +} +``` + +Please note that because CheckTx handles separate logic related to mempool priotization, its signature is different than DeliverTx and SimulateTx. + +BaseApp holds a reference to a `tx.Handler`: + +```go +type BaseApp struct { + // other fields + txHandler tx.Handler +} +``` + +Baseapp's ABCI `{Check,Deliver}Tx()` and `Simulate()` methods simply call `app.txHandler.{Check,Deliver,Simulate}Tx()` with the relevant arguments. For example, for `DeliverTx`: + +```go +func (app *BaseApp) DeliverTx(req abci.RequestDeliverTx) abci.ResponseDeliverTx { + var abciRes abci.ResponseDeliverTx + ctx := app.getContextForTx(runTxModeDeliver, req.Tx) + res, err := app.txHandler.DeliverTx(ctx, tx.Request{TxBytes: req.Tx}) + if err != nil { + abciRes = sdkerrors.ResponseDeliverTx(err, uint64(res.GasUsed), uint64(res.GasWanted), app.trace) + return abciRes + } + + abciRes, err = convertTxResponseToDeliverTx(res) + if err != nil { + return sdkerrors.ResponseDeliverTx(err, uint64(res.GasUsed), uint64(res.GasWanted), app.trace) + } + + return abciRes +} + +// convertTxResponseToDeliverTx converts a tx.Response into a abci.ResponseDeliverTx. +func convertTxResponseToDeliverTx(txRes tx.Response) (abci.ResponseDeliverTx, error) { + data, err := makeABCIData(txRes) + if err != nil { + return abci.ResponseDeliverTx{}, nil + } + + return abci.ResponseDeliverTx{ + Data: data, + Log: txRes.Log, + Events: txRes.Events, + }, nil +} + +// makeABCIData generates the Data field to be sent to ABCI Check/DeliverTx. +func makeABCIData(txRes tx.Response) ([]byte, error) { + return proto.Marshal(&sdk.TxMsgData{MsgResponses: txRes.MsgResponses}) +} +``` + +The implementations are similar for `BaseApp.CheckTx` and `BaseApp.Simulate`. + +`baseapp.txHandler`'s three methods' implementations can obviously be monolithic functions, but for modularity we propose a middleware composition design, where a middleware is simply a function that takes a `tx.Handler`, and returns another `tx.Handler` wrapped around the previous one. + +### Implementing a Middleware + +In practice, middlewares are created by Go function that takes as arguments some parameters needed for the middleware, and returns a `tx.Middleware`. + +For example, for creating an arbitrary `MyMiddleware`, we can implement: + +```go +// myTxHandler is the tx.Handler of this middleware. Note that it holds a +// reference to the next tx.Handler in the stack. +type myTxHandler struct { + // next is the next tx.Handler in the middleware stack. + next tx.Handler + // some other fields that are relevant to the middleware can be added here +} + +// NewMyMiddleware returns a middleware that does this and that. +func NewMyMiddleware(arg1, arg2) tx.Middleware { + return func (txh tx.Handler) tx.Handler { + return myTxHandler{ + next: txh, + // optionally, set arg1, arg2... if they are needed in the middleware + } + } +} + +// Assert myTxHandler is a tx.Handler. +var _ tx.Handler = myTxHandler{} + +func (h myTxHandler) CheckTx(ctx context.Context, req Request, checkReq RequestcheckTx) (Response, ResponseCheckTx, error) { + // CheckTx specific pre-processing logic + + // run the next middleware + res, checkRes, err := txh.next.CheckTx(ctx, req, checkReq) + + // CheckTx specific post-processing logic + + return res, checkRes, err +} + +func (h myTxHandler) DeliverTx(ctx context.Context, req Request) (Response, error) { + // DeliverTx specific pre-processing logic + + // run the next middleware + res, err := txh.next.DeliverTx(ctx, tx, req) + + // DeliverTx specific post-processing logic + + return res, err +} + +func (h myTxHandler) SimulateTx(ctx context.Context, req Request) (Response, error) { + // SimulateTx specific pre-processing logic + + // run the next middleware + res, err := txh.next.SimulateTx(ctx, tx, req) + + // SimulateTx specific post-processing logic + + return res, err +} +``` + +### Composing Middlewares + +While BaseApp simply holds a reference to a `tx.Handler`, this `tx.Handler` itself is defined using a middleware stack. The Cosmos SDK exposes a base (i.e. innermost) `tx.Handler` called `RunMsgsTxHandler`, which executes messages. + +Then, the app developer can compose multiple middlewares on top on the base `tx.Handler`. Each middleware can run pre-and-post-processing logic around its next middleware, as described in the section above. Conceptually, as an example, given the middlewares `A`, `B`, and `C` and the base `tx.Handler` `H` the stack looks like: + +```text +A.pre + B.pre + C.pre + H # The base tx.handler, for example `RunMsgsTxHandler` + C.post + B.post +A.post +``` + +We define a `ComposeMiddlewares` function for composing middlewares. It takes the base handler as first argument, and middlewares in the "outer to inner" order. For the above stack, the final `tx.Handler` is: + +```go +txHandler := middleware.ComposeMiddlewares(H, A, B, C) +``` + +The middleware is set in BaseApp via its `SetTxHandler` setter: + +```go +// simapp/app.go + +txHandler := middleware.ComposeMiddlewares(...) +app.SetTxHandler(txHandler) +``` + +The app developer can define their own middlewares, or use the Cosmos SDK's pre-defined middlewares from `middleware.NewDefaultTxHandler()`. + +### Middlewares Maintained by the Cosmos SDK + +While the app developer can define and compose the middlewares of their choice, the Cosmos SDK provides a set of middlewares that caters for the ecosystem's most common use cases. These middlewares are: + +| Middleware | Description | +| ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| RunMsgsTxHandler | This is the base `tx.Handler`. It replaces the old baseapp's `runMsgs`, and executes a transaction's `Msg`s. | +| TxDecoderMiddleware | This middleware takes in transaction raw bytes, and decodes them into a `sdk.Tx`. It replaces the `baseapp.txDecoder` field, so that BaseApp stays as thin as possible. Since most middlewares read the contents of the `sdk.Tx`, the TxDecoderMiddleware should be run first in the middleware stack. | +| {Antehandlers} | Each antehandler is converted to its own middleware. These middlewares perform signature verification, fee deductions and other validations on the incoming transaction. | +| IndexEventsTxMiddleware | This is a simple middleware that chooses which events to index in Tendermint. Replaces `baseapp.indexEvents` (which unfortunately still exists in baseapp too, because it's used to index Begin/EndBlock events) | +| RecoveryTxMiddleware | This index recovers from panics. It replaces baseapp.runTx's panic recovery described in [ADR-022](./adr-022-custom-panic-handling.md). | +| GasTxMiddleware | This replaces the [`Setup`](https://github.com/cosmos/cosmos-sdk/blob/v0.43.0/x/auth/ante/setup.go) Antehandler. It sets a GasMeter on sdk.Context. Note that before, GasMeter was set on sdk.Context inside the antehandlers, and there was some mess around the fact that antehandlers had their own panic recovery system so that the GasMeter could be read by baseapp's recovery system. Now, this mess is all removed: one middleware sets GasMeter, another one handles recovery. | + +### Similarities and Differences between Antehandlers and Middlewares + +The middleware-based design builds upon the existing antehandlers design described in [ADR-010](./adr-010-modular-antehandler.md). Even though the final decision of ADR-010 was to go with the "Simple Decorators" approach, the middleware design is actually very similar to the other [Decorator Pattern](./adr-010-modular-antehandler.md#decorator-pattern) proposal, also used in [weave](https://github.com/iov-one/weave). + +#### Similarities with Antehandlers + +* Designed as chaining/composing small modular pieces. +* Allow code reuse for `{Check,Deliver}Tx` and for `Simulate`. +* Set up in `app.go`, and easily customizable by app developers. +* Order is important. + +#### Differences with Antehandlers + +* The Antehandlers are run before `Msg` execution, whereas middlewares can run before and after. +* The middleware approach uses separate methods for `{Check,Deliver,Simulate}Tx`, whereas the antehandlers pass a `simulate bool` flag and uses the `sdkCtx.Is{Check,Recheck}Tx()` flags to determine in which transaction mode we are. +* The middleware design lets each middleware hold a reference to the next middleware, whereas the antehandlers pass a `next` argument in the `AnteHandle` method. +* The middleware design use Go's standard `context.Context`, whereas the antehandlers use `sdk.Context`. + +## Consequences + +### Backwards Compatibility + +Since this refactor removes some logic away from BaseApp and into middlewares, it introduces API-breaking changes for app developers. Most notably, instead of creating an antehandler chain in `app.go`, app developers need to create a middleware stack: + +```diff +- anteHandler, err := ante.NewAnteHandler( +- ante.HandlerOptions{ +- AccountKeeper: app.AccountKeeper, +- BankKeeper: app.BankKeeper, +- SignModeHandler: encodingConfig.TxConfig.SignModeHandler(), +- FeegrantKeeper: app.FeeGrantKeeper, +- SigGasConsumer: ante.DefaultSigVerificationGasConsumer, +- }, +-) ++txHandler, err := authmiddleware.NewDefaultTxHandler(authmiddleware.TxHandlerOptions{ ++ Debug: app.Trace(), ++ IndexEvents: indexEvents, ++ LegacyRouter: app.legacyRouter, ++ MsgServiceRouter: app.msgSvcRouter, ++ LegacyAnteHandler: anteHandler, ++ TxDecoder: encodingConfig.TxConfig.TxDecoder, ++}) +if err != nil { + panic(err) +} +- app.SetAnteHandler(anteHandler) ++ app.SetTxHandler(txHandler) +``` + +Other more minor API breaking changes will also be provided in the CHANGELOG. As usual, the Cosmos SDK will provide a release migration document for app developers. + +This ADR does not introduce any state-machine-, client- or CLI-breaking changes. + +### Positive + +* Allow custom logic to be run before an after `Msg` execution. This enables the [tips](https://github.com/cosmos/cosmos-sdk/issues/9406) and [gas refund](https://github.com/cosmos/cosmos-sdk/issues/2150) uses cases, and possibly other ones. +* Make BaseApp more lightweight, and defer complex logic to small modular components. +* Separate paths for `{Check,Deliver,Simulate}Tx` with different returns types. This allows for improved readability (replace `if sdkCtx.IsRecheckTx() && !simulate {...}` with separate methods) and more flexibility (e.g. returning a `priority` in `ResponseCheckTx`). + +### Negative + +* It is hard to understand at first glance the state updates that would occur after a middleware runs given the `sdk.Context` and `tx`. A middleware can have an arbitrary number of nested middleware being called within its function body, each possibly doing some pre- and post-processing before calling the next middleware on the chain. Thus to understand what a middleware is doing, one must also understand what every other middleware further along the chain is also doing, and the order of middlewares matters. This can get quite complicated to understand. +* API-breaking changes for app developers. + +### Neutral + +No neutral consequences. + +## Further Discussions + +* [#9934](https://github.com/cosmos/cosmos-sdk/discussions/9934) Decomposing BaseApp's other ABCI methods into middlewares. +* Replace `sdk.Tx` interface with the concrete protobuf Tx type in the `tx.Handler` methods signature. + +## Test Cases + +We update the existing baseapp and antehandlers tests to use the new middleware API, but keep the same test cases and logic, to avoid introducing regressions. Existing CLI tests will also be left untouched. + +For new middlewares, we introduce unit tests. Since middlewares are purposefully small, unit tests suit well. + +## References + +* Initial discussion: https://github.com/cosmos/cosmos-sdk/issues/9585 +* Implementation: [#9920 BaseApp refactor](https://github.com/cosmos/cosmos-sdk/pull/9920) and [#10028 Antehandlers migration](https://github.com/cosmos/cosmos-sdk/pull/10028) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-046-module-params.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-046-module-params.md new file mode 100644 index 00000000..369cd043 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-046-module-params.md @@ -0,0 +1,184 @@ +# ADR 046: Module Params + +## Changelog + +* Sep 22, 2021: Initial Draft + +## Status + +Proposed + +## Abstract + +This ADR describes an alternative approach to how Cosmos SDK modules use, interact, +and store their respective parameters. + +## Context + +Currently, in the Cosmos SDK, modules that require the use of parameters use the +`x/params` module. The `x/params` works by having modules define parameters, +typically via a simple `Params` structure, and registering that structure in +the `x/params` module via a unique `Subspace` that belongs to the respective +registering module. The registering module then has unique access to its respective +`Subspace`. Through this `Subspace`, the module can get and set its `Params` +structure. + +In addition, the Cosmos SDK's `x/gov` module has direct support for changing +parameters on-chain via a `ParamChangeProposal` governance proposal type, where +stakeholders can vote on suggested parameter changes. + +There are various tradeoffs to using the `x/params` module to manage individual +module parameters. Namely, managing parameters essentially comes for "free" in +that developers only need to define the `Params` struct, the `Subspace`, and the +various auxiliary functions, e.g. `ParamSetPairs`, on the `Params` type. However, +there are some notable drawbacks. These drawbacks include the fact that parameters +are serialized in state via JSON which is extremely slow. In addition, parameter +changes via `ParamChangeProposal` governance proposals have no way of reading from +or writing to state. In other words, it is currently not possible to have any +state transitions in the application during an attempt to change param(s). + +## Decision + +We will build off of the alignment of `x/gov` and `x/authz` work per +[#9810](https://github.com/cosmos/cosmos-sdk/pull/9810). Namely, module developers +will create one or more unique parameter data structures that must be serialized +to state. The Param data structures must implement `sdk.Msg` interface with respective +Protobuf Msg service method which will validate and update the parameters with all +necessary changes. The `x/gov` module via the work done in +[#9810](https://github.com/cosmos/cosmos-sdk/pull/9810), will dispatch Param +messages, which will be handled by Protobuf Msg services. + +Note, it is up to developers to decide how to structure their parameters and +the respective `sdk.Msg` messages. Consider the parameters currently defined in +`x/auth` using the `x/params` module for parameter management: + +```protobuf +message Params { + uint64 max_memo_characters = 1; + uint64 tx_sig_limit = 2; + uint64 tx_size_cost_per_byte = 3; + uint64 sig_verify_cost_ed25519 = 4; + uint64 sig_verify_cost_secp256k1 = 5; +} +``` + +Developers can choose to either create a unique data structure for every field in +`Params` or they can create a single `Params` structure as outlined above in the +case of `x/auth`. + +In the former, `x/params`, approach, a `sdk.Msg` would need to be created for every single +field along with a handler. This can become burdensome if there are a lot of +parameter fields. In the latter case, there is only a single data structure and +thus only a single message handler, however, the message handler might have to be +more sophisticated in that it might need to understand what parameters are being +changed vs what parameters are untouched. + +Params change proposals are made using the `x/gov` module. Execution is done through +`x/authz` authorization to the root `x/gov` module's account. + +Continuing to use `x/auth`, we demonstrate a more complete example: + +```go +type Params struct { + MaxMemoCharacters uint64 + TxSigLimit uint64 + TxSizeCostPerByte uint64 + SigVerifyCostED25519 uint64 + SigVerifyCostSecp256k1 uint64 +} + +type MsgUpdateParams struct { + MaxMemoCharacters uint64 + TxSigLimit uint64 + TxSizeCostPerByte uint64 + SigVerifyCostED25519 uint64 + SigVerifyCostSecp256k1 uint64 +} + +type MsgUpdateParamsResponse struct {} + +func (ms msgServer) UpdateParams(goCtx context.Context, msg *types.MsgUpdateParams) (*types.MsgUpdateParamsResponse, error) { + ctx := sdk.UnwrapSDKContext(goCtx) + + // verification logic... + + // persist params + params := ParamsFromMsg(msg) + ms.SaveParams(ctx, params) + + return &types.MsgUpdateParamsResponse{}, nil +} + +func ParamsFromMsg(msg *types.MsgUpdateParams) Params { + // ... +} +``` + +A gRPC `Service` query should also be provided, for example: + +```protobuf +service Query { + // ... + + rpc Params(QueryParamsRequest) returns (QueryParamsResponse) { + option (google.api.http).get = "/cosmos//v1beta1/params"; + } +} + +message QueryParamsResponse { + Params params = 1 [(gogoproto.nullable) = false]; +} +``` + +## Consequences + +As a result of implementing the module parameter methodology, we gain the ability +for module parameter changes to be stateful and extensible to fit nearly every +application's use case. We will be able to emit events (and trigger hooks registered +to that events using the work proposed in [event hooks](https://github.com/cosmos/cosmos-sdk/discussions/9656)), +call other Msg service methods or perform migration. +In addition, there will be significant gains in performance when it comes to reading +and writing parameters from and to state, especially if a specific set of parameters +are read on a consistent basis. + +However, this methodology will require developers to implement more types and +Msg service metohds which can become burdensome if many parameters exist. In addition, +developers are required to implement persistance logics of module parameters. +However, this should be trivial. + +### Backwards Compatibility + +The new method for working with module parameters is naturally not backwards +compatible with the existing `x/params` module. However, the `x/params` will +remain in the Cosmos SDK and will be marked as deprecated with no additional +functionality being added apart from potential bug fixes. Note, the `x/params` +module may be removed entirely in a future release. + +### Positive + +* Module parameters are serialized more efficiently +* Modules are able to react on parameters changes and perform additional actions. +* Special events can be emitted, allowing hooks to be triggered. + +### Negative + +* Module parameters becomes slightly more burdensome for module developers: + * Modules are now responsible for persisting and retrieving parameter state + * Modules are now required to have unique message handlers to handle parameter + changes per unique parameter data structure. + +### Neutral + +* Requires [#9810](https://github.com/cosmos/cosmos-sdk/pull/9810) to be reviewed + and merged. + + + +## References + +* https://github.com/cosmos/cosmos-sdk/pull/9810 +* https://github.com/cosmos/cosmos-sdk/issues/9438 +* https://github.com/cosmos/cosmos-sdk/discussions/9913 diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-047-extend-upgrade-plan.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-047-extend-upgrade-plan.md new file mode 100644 index 00000000..3500bb33 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-047-extend-upgrade-plan.md @@ -0,0 +1,253 @@ +# ADR 047: Extend Upgrade Plan + +## Changelog + +* Nov, 23, 2021: Initial Draft +* May, 16, 2023: Proposal ABANDONED. `pre_run` and `post_run` are not necessary anymore and adding the `artifacts` brings minor benefits. + +## Status + +ABANDONED + +## Abstract + +This ADR expands the existing x/upgrade `Plan` proto message to include new fields for defining pre-run and post-run processes within upgrade tooling. +It also defines a structure for providing downloadable artifacts involved in an upgrade. + +## Context + +The `upgrade` module in conjunction with Cosmovisor are designed to facilitate and automate a blockchain's transition from one version to another. + +Users submit a software upgrade governance proposal containing an upgrade `Plan`. +The [Plan](https://github.com/cosmos/cosmos-sdk/blob/v0.44.5/proto/cosmos/upgrade/v1beta1/upgrade.proto#L12) currently contains the following fields: + +* `name`: A short string identifying the new version. +* `height`: The chain height at which the upgrade is to be performed. +* `info`: A string containing information about the upgrade. + +The `info` string can be anything. +However, Cosmovisor will try to use the `info` field to automatically download a new version of the blockchain executable. +For the auto-download to work, Cosmovisor expects it to be either a stringified JSON object (with a specific structure defined through documentation), or a URL that will return such JSON. +The JSON object identifies URLs used to download the new blockchain executable for different platforms (OS and Architecture, e.g. "linux/amd64"). +Such a URL can either return the executable file directly or can return an archive containing the executable and possibly other assets. + +If the URL returns an archive, it is decompressed into `{DAEMON_HOME}/cosmovisor/{upgrade name}`. +Then, if `{DAEMON_HOME}/cosmovisor/{upgrade name}/bin/{DAEMON_NAME}` does not exist, but `{DAEMON_HOME}/cosmovisor/{upgrade name}/{DAEMON_NAME}` does, the latter is copied to the former. +If the URL returns something other than an archive, it is downloaded to `{DAEMON_HOME}/cosmovisor/{upgrade name}/bin/{DAEMON_NAME}`. + +If an upgrade height is reached and the new version of the executable version isn't available, Cosmovisor will stop running. + +Both `DAEMON_HOME` and `DAEMON_NAME` are [environment variables used to configure Cosmovisor](https://github.com/cosmos/cosmos-sdk/blob/cosmovisor/v1.0.0/cosmovisor/README.md#command-line-arguments-and-environment-variables). + +Currently, there is no mechanism that makes Cosmovisor run a command after the upgraded chain has been restarted. + +The current upgrade process has this timeline: + +1. An upgrade governance proposal is submitted and approved. +1. The upgrade height is reached. +1. The `x/upgrade` module writes the `upgrade_info.json` file. +1. The chain halts. +1. Cosmovisor backs up the data directory (if set up to do so). +1. Cosmovisor downloads the new executable (if not already in place). +1. Cosmovisor executes the `${DAEMON_NAME} pre-upgrade`. +1. Cosmovisor restarts the app using the new version and same args originally provided. + +## Decision + +### Protobuf Updates + +We will update the `x/upgrade.Plan` message for providing upgrade instructions. +The upgrade instructions will contain a list of artifacts available for each platform. +It allows for the definition of a pre-run and post-run commands. +These commands are not consensus guaranteed; they will be executed by Cosmosvisor (or other) during its upgrade handling. + +```protobuf +message Plan { + // ... (existing fields) + + UpgradeInstructions instructions = 6; +} +``` + +The new `UpgradeInstructions instructions` field MUST be optional. + +```protobuf +message UpgradeInstructions { + string pre_run = 1; + string post_run = 2; + repeated Artifact artifacts = 3; + string description = 4; +} +``` + +All fields in the `UpgradeInstructions` are optional. + +* `pre_run` is a command to run prior to the upgraded chain restarting. + If defined, it will be executed after halting and downloading the new artifact but before restarting the upgraded chain. + The working directory this command runs from MUST be `{DAEMON_HOME}/cosmovisor/{upgrade name}`. + This command MUST behave the same as the current [pre-upgrade](https://github.com/cosmos/cosmos-sdk/blob/v0.44.5/docs/migrations/pre-upgrade.md) command. + It does not take in any command-line arguments and is expected to terminate with the following exit codes: + + | Exit status code | How it is handled in Cosmosvisor | + |------------------|---------------------------------------------------------------------------------------------------------------------| + | `0` | Assumes `pre-upgrade` command executed successfully and continues the upgrade. | + | `1` | Default exit code when `pre-upgrade` command has not been implemented. | + | `30` | `pre-upgrade` command was executed but failed. This fails the entire upgrade. | + | `31` | `pre-upgrade` command was executed but failed. But the command is retried until exit code `1` or `30` are returned. | + If defined, then the app supervisors (e.g. Cosmovisor) MUST NOT run `app pre-run`. +* `post_run` is a command to run after the upgraded chain has been started. If defined, this command MUST be only executed at most once by an upgrading node. + The output and exit code SHOULD be logged but SHOULD NOT affect the running of the upgraded chain. + The working directory this command runs from MUST be `{DAEMON_HOME}/cosmovisor/{upgrade name}`. +* `artifacts` define items to be downloaded. + It SHOULD have only one entry per platform. +* `description` contains human-readable information about the upgrade and might contain references to external resources. + It SHOULD NOT be used for structured processing information. + +```protobuf +message Artifact { + string platform = 1; + string url = 2; + string checksum = 3; + string checksum_algo = 4; +} +``` + +* `platform` is a required string that SHOULD be in the format `{OS}/{CPU}`, e.g. `"linux/amd64"`. + The string `"any"` SHOULD also be allowed. + An `Artifact` with a `platform` of `"any"` SHOULD be used as a fallback when a specific `{OS}/{CPU}` entry is not found. + That is, if an `Artifact` exists with a `platform` that matches the system's OS and CPU, that should be used; + otherwise, if an `Artifact` exists with a `platform` of `any`, that should be used; + otherwise no artifact should be downloaded. +* `url` is a required URL string that MUST conform to [RFC 1738: Uniform Resource Locators](https://www.ietf.org/rfc/rfc1738.txt). + A request to this `url` MUST return either an executable file or an archive containing either `bin/{DAEMON_NAME}` or `{DAEMON_NAME}`. + The URL should not contain checksum - it should be specified by the `checksum` attribute. +* `checksum` is a checksum of the expected result of a request to the `url`. + It is not required, but is recommended. + If provided, it MUST be a hex encoded checksum string. + Tools utilizing these `UpgradeInstructions` MUST fail if a `checksum` is provided but is different from the checksum of the result returned by the `url`. +* `checksum_algo` is a string identify the algorithm used to generate the `checksum`. + Recommended algorithms: `sha256`, `sha512`. + Algorithms also supported (but not recommended): `sha1`, `md5`. + If a `checksum` is provided, a `checksum_algo` MUST also be provided. + +A `url` is not required to contain a `checksum` query parameter. +If the `url` does contain a `checksum` query parameter, the `checksum` and `checksum_algo` fields MUST also be populated, and their values MUST match the value of the query parameter. +For example, if the `url` is `"https://example.com?checksum=md5:d41d8cd98f00b204e9800998ecf8427e"`, then the `checksum` field must be `"d41d8cd98f00b204e9800998ecf8427e"` and the `checksum_algo` field must be `"md5"`. + +### Upgrade Module Updates + +If an upgrade `Plan` does not use the new `UpgradeInstructions` field, existing functionality will be maintained. +The parsing of the `info` field as either a URL or `binaries` JSON will be deprecated. +During validation, if the `info` field is used as such, a warning will be issued, but not an error. + +We will update the creation of the `upgrade-info.json` file to include the `UpgradeInstructions`. + +We will update the optional validation available via CLI to account for the new `Plan` structure. +We will add the following validation: + +1. If `UpgradeInstructions` are provided: + 1. There MUST be at least one entry in `artifacts`. + 1. All of the `artifacts` MUST have a unique `platform`. + 1. For each `Artifact`, if the `url` contains a `checksum` query parameter: + 1. The `checksum` query parameter value MUST be in the format of `{checksum_algo}:{checksum}`. + 1. The `{checksum}` from the query parameter MUST equal the `checksum` provided in the `Artifact`. + 1. The `{checksum_algo}` from the query parameter MUST equal the `checksum_algo` provided in the `Artifact`. +1. The following validation is currently done using the `info` field. We will apply similar validation to the `UpgradeInstructions`. + For each `Artifact`: + 1. The `platform` MUST have the format `{OS}/{CPU}` or be `"any"`. + 1. The `url` field MUST NOT be empty. + 1. The `url` field MUST be a proper URL. + 1. A `checksum` MUST be provided either in the `checksum` field or as a query parameter in the `url`. + 1. If the `checksum` field has a value and the `url` also has a `checksum` query parameter, the two values MUST be equal. + 1. The `url` MUST return either a file or an archive containing either `bin/{DAEMON_NAME}` or `{DAEMON_NAME}`. + 1. If a `checksum` is provided (in the field or as a query param), the checksum of the result of the `url` MUST equal the provided checksum. + +Downloading of an `Artifact` will happen the same way that URLs from `info` are currently downloaded. + +### Cosmovisor Updates + +If the `upgrade-info.json` file does not contain any `UpgradeInstructions`, existing functionality will be maintained. + +We will update Cosmovisor to look for and handle the new `UpgradeInstructions` in `upgrade-info.json`. +If the `UpgradeInstructions` are provided, we will do the following: + +1. The `info` field will be ignored. +1. The `artifacts` field will be used to identify the artifact to download based on the `platform` that Cosmovisor is running in. +1. If a `checksum` is provided (either in the field or as a query param in the `url`), and the downloaded artifact has a different checksum, the upgrade process will be interrupted and Cosmovisor will exit with an error. +1. If a `pre_run` command is defined, it will be executed at the same point in the process where the `app pre-upgrade` command would have been executed. + It will be executed using the same environment as other commands run by Cosmovisor. +1. If a `post_run` command is defined, it will be executed after executing the command that restarts the chain. + It will be executed in a background process using the same environment as the other commands. + Any output generated by the command will be logged. + Once complete, the exit code will be logged. + +We will deprecate the use of the `info` field for anything other than human readable information. +A warning will be logged if the `info` field is used to define the assets (either by URL or JSON). + +The new upgrade timeline is very similar to the current one. Changes are in bold: + +1. An upgrade governance proposal is submitted and approved. +1. The upgrade height is reached. +1. The `x/upgrade` module writes the `upgrade_info.json` file **(now possibly with `UpgradeInstructions`)**. +1. The chain halts. +1. Cosmovisor backs up the data directory (if set up to do so). +1. Cosmovisor downloads the new executable (if not already in place). +1. Cosmovisor executes **the `pre_run` command if provided**, or else the `${DAEMON_NAME} pre-upgrade` command. +1. Cosmovisor restarts the app using the new version and same args originally provided. +1. **Cosmovisor immediately runs the `post_run` command in a detached process.** + +## Consequences + +### Backwards Compatibility + +Since the only change to existing definitions is the addition of the `instructions` field to the `Plan` message, and that field is optional, there are no backwards incompatibilities with respects to the proto messages. +Additionally, current behavior will be maintained when no `UpgradeInstructions` are provided, so there are no backwards incompatibilities with respects to either the upgrade module or Cosmovisor. + +### Forwards Compatibility + +In order to utilize the `UpgradeInstructions` as part of a software upgrade, both of the following must be true: + +1. The chain must already be using a sufficiently advanced version of the Cosmos SDK. +1. The chain's nodes must be using a sufficiently advanced version of Cosmovisor. + +### Positive + +1. The structure for defining artifacts is clearer since it is now defined in the proto instead of in documentation. +1. Availability of a pre-run command becomes more obvious. +1. A post-run command becomes possible. + +### Negative + +1. The `Plan` message becomes larger. This is negligible because A) the `x/upgrades` module only stores at most one upgrade plan, and B) upgrades are rare enough that the increased gas cost isn't a concern. +1. There is no option for providing a URL that will return the `UpgradeInstructions`. +1. The only way to provide multiple assets (executables and other files) for a platform is to use an archive as the platform's artifact. + +### Neutral + +1. Existing functionality of the `info` field is maintained when the `UpgradeInstructions` aren't provided. + +## Further Discussions + +1. [Draft PR #10032 Comment](https://github.com/cosmos/cosmos-sdk/pull/10032/files?authenticity_token=pLtzpnXJJB%2Fif2UWiTp9Td3MvRrBF04DvjSuEjf1azoWdLF%2BSNymVYw9Ic7VkqHgNLhNj6iq9bHQYnVLzMXd4g%3D%3D&file-filters%5B%5D=.go&file-filters%5B%5D=.proto#r698708349): + Consider different names for `UpgradeInstructions instructions` (either the message type or field name). +1. [Draft PR #10032 Comment](https://github.com/cosmos/cosmos-sdk/pull/10032/files?authenticity_token=pLtzpnXJJB%2Fif2UWiTp9Td3MvRrBF04DvjSuEjf1azoWdLF%2BSNymVYw9Ic7VkqHgNLhNj6iq9bHQYnVLzMXd4g%3D%3D&file-filters%5B%5D=.go&file-filters%5B%5D=.proto#r754655072): + 1. Consider putting the `string platform` field inside `UpgradeInstructions` and make `UpgradeInstructions` a repeated field in `Plan`. + 1. Consider using a `oneof` field in the `Plan` which could either be `UpgradeInstructions` or else a URL that should return the `UpgradeInstructions`. + 1. Consider allowing `info` to either be a JSON serialized version of `UpgradeInstructions` or else a URL that returns that. +1. [Draft PR #10032 Comment](https://github.com/cosmos/cosmos-sdk/pull/10032/files?authenticity_token=pLtzpnXJJB%2Fif2UWiTp9Td3MvRrBF04DvjSuEjf1azoWdLF%2BSNymVYw9Ic7VkqHgNLhNj6iq9bHQYnVLzMXd4g%3D%3D&file-filters%5B%5D=.go&file-filters%5B%5D=.proto#r755462876): + Consider not including the `UpgradeInstructions.description` field, using the `info` field for that purpose instead. +1. [Draft PR #10032 Comment](https://github.com/cosmos/cosmos-sdk/pull/10032/files?authenticity_token=pLtzpnXJJB%2Fif2UWiTp9Td3MvRrBF04DvjSuEjf1azoWdLF%2BSNymVYw9Ic7VkqHgNLhNj6iq9bHQYnVLzMXd4g%3D%3D&file-filters%5B%5D=.go&file-filters%5B%5D=.proto#r754643691): + Consider allowing multiple artifacts to be downloaded for any given `platform` by adding a `name` field to the `Artifact` message. +1. [PR #10502 Comment](https://github.com/cosmos/cosmos-sdk/pull/10602#discussion_r781438288) + Allow the new `UpgradeInstructions` to be provided via URL. +1. [PR #10502 Comment](https://github.com/cosmos/cosmos-sdk/pull/10602#discussion_r781438288) + Allow definition of a `signer` for assets (as an alternative to using a `checksum`). + +## References + +* [Current upgrade.proto](https://github.com/cosmos/cosmos-sdk/blob/v0.44.5/proto/cosmos/upgrade/v1beta1/upgrade.proto) +* [Upgrade Module README](https://github.com/cosmos/cosmos-sdk/blob/v0.44.5/x/upgrade/spec/README.md) +* [Cosmovisor README](https://github.com/cosmos/cosmos-sdk/blob/cosmovisor/v1.0.0/cosmovisor/README.md) +* [Pre-upgrade README](https://github.com/cosmos/cosmos-sdk/blob/v0.44.5/docs/migrations/pre-upgrade.md) +* [Draft/POC PR #10032](https://github.com/cosmos/cosmos-sdk/pull/10032) +* [RFC 1738: Uniform Resource Locators](https://www.ietf.org/rfc/rfc1738.txt) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-048-consensus-fees.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-048-consensus-fees.md new file mode 100644 index 00000000..f1c6065c --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-048-consensus-fees.md @@ -0,0 +1,204 @@ +# ADR 048: Multi Tire Gas Price System + +## Changelog + +* Dec 1, 2021: Initial Draft + +## Status + +Rejected + +## Abstract + +This ADR describes a flexible mechanism to maintain a consensus level gas prices, in which one can choose a multi-tier gas price system or EIP-1559 like one through configuration. + +## Context + +Currently, each validator configures it's own `minimal-gas-prices` in `app.yaml`. But setting a proper minimal gas price is critical to protect network from dos attack, and it's hard for all the validators to pick a sensible value, so we propose to maintain a gas price in consensus level. + +Since tendermint 0.34.20 has supported mempool prioritization, we can take advantage of that to implement more sophisticated gas fee system. + +## Multi-Tier Price System + +We propose a multi-tier price system on consensus to provide maximum flexibility: + +* Tier 1: a constant gas price, which could only be modified occasionally through governance proposal. +* Tier 2: a dynamic gas price which is adjusted according to previous block load. +* Tier 3: a dynamic gas price which is adjusted according to previous block load at a higher speed. + +The gas price of higher tier should bigger than the lower tier. + +The transaction fees are charged with the exact gas price calculated on consensus. + +The parameter schema is like this: + +```protobuf +message TierParams { + uint32 priority = 1 // priority in tendermint mempool + Coin initial_gas_price = 2 // + uint32 parent_gas_target = 3 // the target saturation of block + uint32 change_denominator = 4 // decides the change speed + Coin min_gas_price = 5 // optional lower bound of the price adjustment + Coin max_gas_price = 6 // optional upper bound of the price adjustment +} + +message Params { + repeated TierParams tiers = 1; +} +``` + +### Extension Options + +We need to allow user to specify the tier of service for the transaction, to support it in an extensible way, we add an extension option in `AuthInfo`: + +```protobuf +message ExtensionOptionsTieredTx { + uint32 fee_tier = 1 +} +``` + +The value of `fee_tier` is just the index to the `tiers` parameter list. + +We also change the semantic of existing `fee` field of `Tx`, instead of charging user the exact `fee` amount, we treat it as a fee cap, while the actual amount of fee charged is decided dynamically. If the `fee` is smaller than dynamic one, the transaction won't be included in current block and ideally should stay in the mempool until the consensus gas price drop. The mempool can eventually prune old transactions. + +### Tx Prioritization + +Transactions are prioritized based on the tier, the higher the tier, the higher the priority. + +Within the same tier, follow the default Tendermint order (currently FIFO). Be aware of that the mempool tx ordering logic is not part of consensus and can be modified by malicious validator. + +This mechanism can be easily composed with prioritization mechanisms: + +* we can add extra tiers out of a user control: + * Example 1: user can set tier 0, 10 or 20, but the protocol will create tiers 0, 1, 2 ... 29. For example IBC transactions will go to tier `user_tier + 5`: if user selected tier 1, then the transaction will go to tier 15. + * Example 2: we can reserve tier 4, 5, ... only for special transaction types. For example, tier 5 is reserved for evidence tx. So if submits a bank.Send transaction and set tier 5, it will be delegated to tier 3 (the max tier level available for any transaction). + * Example 3: we can enforce that all transactions of a sepecific type will go to specific tier. For example, tier 100 will be reserved for evidence transactions and all evidence transactions will always go to that tier. + +### `min-gas-prices` + +Deprecate the current per-validator `min-gas-prices` configuration, since it would confusing for it to work together with the consensus gas price. + +### Adjust For Block Load + +For tier 2 and tier 3 transactions, the gas price is adjusted according to previous block load, the logic could be similar to EIP-1559: + +```python +def adjust_gas_price(gas_price, parent_gas_used, tier): + if parent_gas_used == tier.parent_gas_target: + return gas_price + elif parent_gas_used > tier.parent_gas_target: + gas_used_delta = parent_gas_used - tier.parent_gas_target + gas_price_delta = max(gas_price * gas_used_delta // tier.parent_gas_target // tier.change_speed, 1) + return gas_price + gas_price_delta + else: + gas_used_delta = parent_gas_target - parent_gas_used + gas_price_delta = gas_price * gas_used_delta // parent_gas_target // tier.change_speed + return gas_price - gas_price_delta +``` + +### Block Segment Reservation + +Ideally we should reserve block segments for each tier, so the lower tiered transactions won't be completely squeezed out by higher tier transactions, which will force user to use higher tier, and the system degraded to a single tier. + +We need help from tendermint to implement this. + +## Implementation + +We can make each tier's gas price strategy fully configurable in protocol parameters, while providing a sensible default one. + +Pseudocode in python-like syntax: + +```python +interface TieredTx: + def tier(self) -> int: + pass + +def tx_tier(tx): + if isinstance(tx, TieredTx): + return tx.tier() + else: + # default tier for custom transactions + return 0 + # NOTE: we can add more rules here per "Tx Prioritization" section + +class TierParams: + 'gas price strategy parameters of one tier' + priority: int # priority in tendermint mempool + initial_gas_price: Coin + parent_gas_target: int + change_speed: Decimal # 0 means don't adjust for block load. + +class Params: + 'protocol parameters' + tiers: List[TierParams] + +class State: + 'consensus state' + # total gas used in last block, None when it's the first block + parent_gas_used: Optional[int] + # gas prices of last block for all tiers + gas_prices: List[Coin] + +def begin_block(): + 'Adjust gas prices' + for i, tier in enumerate(Params.tiers): + if State.parent_gas_used is None: + # initialized gas price for the first block + State.gas_prices[i] = tier.initial_gas_price + else: + # adjust gas price according to gas used in previous block + State.gas_prices[i] = adjust_gas_price(State.gas_prices[i], State.parent_gas_used, tier) + +def mempoolFeeTxHandler_checkTx(ctx, tx): + # the minimal-gas-price configured by validator, zero in deliver_tx context + validator_price = ctx.MinGasPrice() + consensus_price = State.gas_prices[tx_tier(tx)] + min_price = max(validator_price, consensus_price) + + # zero means infinity for gas price cap + if tx.gas_price() > 0 and tx.gas_price() < min_price: + return 'insufficient fees' + return next_CheckTx(ctx, tx) + +def txPriorityHandler_checkTx(ctx, tx): + res, err := next_CheckTx(ctx, tx) + # pass priority to tendermint + res.Priority = Params.tiers[tx_tier(tx)].priority + return res, err + +def end_block(): + 'Update block gas used' + State.parent_gas_used = block_gas_meter.consumed() +``` + +### Dos attack protection + +To fully saturate the blocks and prevent other transactions from executing, attacker need to use transactions of highest tier, the cost would be significantly higher than the default tier. + +If attacker spam with lower tier transactions, user can mitigate by sending higher tier transactions. + +## Consequences + +### Backwards Compatibility + +* New protocol parameters. +* New consensus states. +* New/changed fields in transaction body. + +### Positive + +* The default tier keeps the same predictable gas price experience for client. +* The higher tier's gas price can adapt to block load. +* No priority conflict with custom priority based on transaction types, since this proposal only occupy three priority levels. +* Possibility to compose different priority rules with tiers + +### Negative + +* Wallets & tools need to update to support the new `tier` parameter, and semantic of `fee` field is changed. + +### Neutral + +## References + +* https://eips.ethereum.org/EIPS/eip-1559 +* https://iohk.io/en/blog/posts/2021/11/26/network-traffic-and-tiered-pricing/ diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-049-state-sync-hooks.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-049-state-sync-hooks.md new file mode 100644 index 00000000..c7353aa3 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-049-state-sync-hooks.md @@ -0,0 +1,174 @@ +# ADR 049: State Sync Hooks + +## Changelog + +* Jan 19, 2022: Initial Draft +* Apr 29, 2022: Safer extension snapshotter interface + +## Status + +Implemented + +## Abstract + +This ADR outlines a hooks-based mechanism for application modules to provide additional state (outside of the IAVL tree) to be used +during state sync. + +## Context + +New clients use state-sync to download snapshots of module state from peers. Currently, the snapshot consists of a +stream of `SnapshotStoreItem` and `SnapshotIAVLItem`, which means that application modules that define their state outside of the IAVL +tree cannot include their state as part of the state-sync process. + +Note, Even though the module state data is outside of the tree, for determinism we require that the hash of the external data should +be posted in the IAVL tree. + +## Decision + +A simple proposal based on our existing implementation is that, we can add two new message types: `SnapshotExtensionMeta` +and `SnapshotExtensionPayload`, and they are appended to the existing multi-store stream with `SnapshotExtensionMeta` +acting as a delimiter between extensions. As the chunk hashes should be able to ensure data integrity, we don't need +a delimiter to mark the end of the snapshot stream. + +Besides, we provide `Snapshotter` and `ExtensionSnapshotter` interface for modules to implement snapshotters, which will handle both taking +snapshot and the restoration. Each module could have mutiple snapshotters, and for modules with additional state, they should +implement `ExtensionSnapshotter` as extension snapshotters. When setting up the application, the snapshot `Manager` should call +`RegisterExtensions([]ExtensionSnapshotter…)` to register all the extension snapshotters. + +```protobuf +// SnapshotItem is an item contained in a rootmulti.Store snapshot. +// On top of the exsiting SnapshotStoreItem and SnapshotIAVLItem, we add two new options for the item. +message SnapshotItem { + // item is the specific type of snapshot item. + oneof item { + SnapshotStoreItem store = 1; + SnapshotIAVLItem iavl = 2 [(gogoproto.customname) = "IAVL"]; + SnapshotExtensionMeta extension = 3; + SnapshotExtensionPayload extension_payload = 4; + } +} + +// SnapshotExtensionMeta contains metadata about an external snapshotter. +// One module may need multiple snapshotters, so each module may have multiple SnapshotExtensionMeta. +message SnapshotExtensionMeta { + // the name of the ExtensionSnapshotter, and it is registered to snapshotter manager when setting up the application + // name should be unique for each ExtensionSnapshotter as we need to alphabetically order their snapshots to get + // deterministic snapshot stream. + string name = 1; + // this is used by each ExtensionSnapshotter to decide the format of payloads included in SnapshotExtensionPayload message + // it is used within the snapshotter/namespace, not global one for all modules + uint32 format = 2; +} + +// SnapshotExtensionPayload contains payloads of an external snapshotter. +message SnapshotExtensionPayload { + bytes payload = 1; +} +``` + +When we create a snapshot stream, the `multistore` snapshot is always placed at the beginning of the binary stream, and other extension snapshots are alphabetically ordered by the name of the corresponding `ExtensionSnapshotter`. + +The snapshot stream would look like as follows: + +```go +// multi-store snapshot +{SnapshotStoreItem | SnapshotIAVLItem, ...} +// extension1 snapshot +SnapshotExtensionMeta +{SnapshotExtensionPayload, ...} +// extension2 snapshot +SnapshotExtensionMeta +{SnapshotExtensionPayload, ...} +``` + +We add an `extensions` field to snapshot `Manager` for extension snapshotters. The `multistore` snapshotter is a special one and it doesn't need a name because it is always placed at the beginning of the binary stream. + +```go +type Manager struct { + store *Store + multistore types.Snapshotter + extensions map[string]types.ExtensionSnapshotter + mtx sync.Mutex + operation operation + chRestore chan<- io.ReadCloser + chRestoreDone <-chan restoreDone + restoreChunkHashes [][]byte + restoreChunkIndex uint32 +} +``` + +For extension snapshotters that implement the `ExtensionSnapshotter` interface, their names should be registered to the snapshot `Manager` by +calling `RegisterExtensions` when setting up the application. The snapshotters will handle both taking snapshot and restoration. + +```go +// RegisterExtensions register extension snapshotters to manager +func (m *Manager) RegisterExtensions(extensions ...types.ExtensionSnapshotter) error +``` + +On top of the existing `Snapshotter` interface for the `multistore`, we add `ExtensionSnapshotter` interface for the extension snapshotters. Three more function signatures: `SnapshotFormat()`, `SupportedFormats()` and `SnapshotName()` are added to `ExtensionSnapshotter`. + +```go +// ExtensionPayloadReader read extension payloads, +// it returns io.EOF when reached either end of stream or the extension boundaries. +type ExtensionPayloadReader = func() ([]byte, error) + +// ExtensionPayloadWriter is a helper to write extension payloads to underlying stream. +type ExtensionPayloadWriter = func([]byte) error + +// ExtensionSnapshotter is an extension Snapshotter that is appended to the snapshot stream. +// ExtensionSnapshotter has an unique name and manages it's own internal formats. +type ExtensionSnapshotter interface { + // SnapshotName returns the name of snapshotter, it should be unique in the manager. + SnapshotName() string + + // SnapshotFormat returns the default format used to take a snapshot. + SnapshotFormat() uint32 + + // SupportedFormats returns a list of formats it can restore from. + SupportedFormats() []uint32 + + // SnapshotExtension writes extension payloads into the underlying protobuf stream. + SnapshotExtension(height uint64, payloadWriter ExtensionPayloadWriter) error + + // RestoreExtension restores an extension state snapshot, + // the payload reader returns `io.EOF` when reached the extension boundaries. + RestoreExtension(height uint64, format uint32, payloadReader ExtensionPayloadReader) error + +} +``` + +## Consequences + +As a result of this implementation, we are able to create snapshots of binary chunk stream for the state that we maintain outside of the IAVL Tree, CosmWasm blobs for example. And new clients are able to fetch sanpshots of state for all modules that have implemented the corresponding interface from peer nodes. + + +### Backwards Compatibility + +This ADR introduces new proto message types, add an `extensions` field in snapshot `Manager`, and add new `ExtensionSnapshotter` interface, so this is not backwards compatible if we have extensions. + +But for applications that does not have the state data outside of the IAVL tree for any module, the snapshot stream is backwards-compatible. + +### Positive + +* State maintained outside of IAVL tree like CosmWasm blobs can create snapshots by implementing extension snapshotters, and being fetched by new clients via state-sync. + +### Negative + +### Neutral + +* All modules that maintain state outside of IAVL tree need to implement `ExtensionSnapshotter` and the snapshot `Manager` need to call `RegisterExtensions` when setting up the application. + +## Further Discussions + +While an ADR is in the DRAFT or PROPOSED stage, this section should contain a summary of issues to be solved in future iterations (usually referencing comments from a pull-request discussion). +Later, this section can optionally list ideas or improvements the author or reviewers found during the analysis of this ADR. + +## Test Cases [optional] + +Test cases for an implementation are mandatory for ADRs that are affecting consensus changes. Other ADRs can choose to include links to test cases if applicable. + +## References + +* https://github.com/cosmos/cosmos-sdk/pull/10961 +* https://github.com/cosmos/cosmos-sdk/issues/7340 +* https://hackmd.io/gJoyev6DSmqqkO667WQlGw diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-050-sign-mode-textual-annex1.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-050-sign-mode-textual-annex1.md new file mode 100644 index 00000000..ff3acc8c --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-050-sign-mode-textual-annex1.md @@ -0,0 +1,358 @@ +# ADR 050: SIGN_MODE_TEXTUAL: Annex 1 Value Renderers + +## Changelog + +* Dec 06, 2021: Initial Draft +* Feb 07, 2022: Draft read and concept-ACKed by the Ledger team. +* Dec 01, 2022: Remove `Object: ` prefix on Any header screen. +* Dec 13, 2022: Sign over bytes hash when bytes length > 32. +* Mar 27, 2023: Update `Any` value renderer to omit message header screen. + +## Status + +Accepted. Implementation started. Small value renderers details still need to be polished. + +## Abstract + +This Annex describes value renderers, which are used for displaying Protobuf values in a human-friendly way using a string array. + +## Value Renderers + +Value Renderers describe how values of different Protobuf types should be encoded as a string array. Value renderers can be formalized as a set of bijective functions `func renderT(value T) []string`, where `T` is one of the below Protobuf types for which this spec is defined. + +### Protobuf `number` + +* Applies to: + * protobuf numeric integer types (`int{32,64}`, `uint{32,64}`, `sint{32,64}`, `fixed{32,64}`, `sfixed{32,64}`) + * strings whose `customtype` is `github.com/cosmos/cosmos-sdk/types.Int` or `github.com/cosmos/cosmos-sdk/types.Dec` + * bytes whose `customtype` is `github.com/cosmos/cosmos-sdk/types.Int` or `github.com/cosmos/cosmos-sdk/types.Dec` +* Trailing decimal zeroes are always removed +* Formatting with `'`s for every three integral digits. +* Usage of `.` to denote the decimal delimiter. + +#### Examples + +* `1000` (uint64) -> `1'000` +* `"1000000.00"` (string representing a Dec) -> `1'000'000` +* `"1000000.10"` (string representing a Dec) -> `1'000'000.1` + +### `coin` + +* Applies to `cosmos.base.v1beta1.Coin`. +* Denoms are converted to `display` denoms using `Metadata` (if available). **This requires a state query**. The definition of `Metadata` can be found in the [bank protobuf definition](https://buf.build/cosmos/cosmos-sdk/docs/main:cosmos.bank.v1beta1#cosmos.bank.v1beta1.Metadata). If the `display` field is empty or nil, then we do not perform any denom conversion. +* Amounts are converted to `display` denom amounts and rendered as `number`s above + * We do not change the capitalization of the denom. In practice, `display` denoms are stored in lowercase in state (e.g. `10 atom`), however they are often showed in UPPERCASE in everyday life (e.g. `10 ATOM`). Value renderers keep the case used in state, but we may recommend chains changing the denom metadata to be uppercase for better user display. +* One space between the denom and amount (e.g. `10 atom`). +* In the future, IBC denoms could maybe be converted to DID/IIDs, if we can find a robust way for doing this (ex. `cosmos:cosmos:hub:bank:denom:atom`) + +#### Examples + +* `1000000000uatom` -> `["1'000 atom"]`, because atom is the metadata's display denom. + +### `coins` + +* an array of `coin` is display as the concatenation of each `coin` encoded as the specification above, the joined together with the delimiter `", "` (a comma and a space, no quotes around). +* the list of coins is ordered by unicode code point of the display denom: `A-Z` < `a-z`. For example, the string `aAbBcC` would be sorted `ABCabc`. + * if the coins list had 0 items in it then it'll be rendered as `zero` + +### Example + +* `["3cosm", "2000000uatom"]` -> `2 atom, 3 COSM` (assuming the display denoms are `atom` and `COSM`) +* `["10atom", "20Acoin"]` -> `20 Acoin, 10 atom` (assuming the display denoms are `atom` and `Acoin`) +* `[]` -> `zero` + +### `repeated` + +* Applies to all `repeated` fields, except `cosmos.tx.v1beta1.TxBody#Messages`, which has a particular encoding (see [ADR-050](./adr-050-sign-mode-textual.md)). +* A repeated type has the following template: + +``` +: + (/): + + (/): + +End of . +``` + +where: + +* `field_name` is the Protobuf field name of the repeated field +* `field_kind`: + * if the type of the repeated field is a message, `field_kind` is the message name + * if the type of the repeated field is an enum, `field_kind` is the enum name + * in any other case, `field_kind` is the protobuf primitive type (e.g. "string" or "bytes") +* `int` is the length of the array +* `index` is one based index of the repeated field + +#### Examples + +Given the proto definition: + +```protobuf +message AllowedMsgAllowance { + repeated string allowed_messages = 1; +} +``` + +and initializing with: + +```go +x := []AllowedMsgAllowance{"cosmos.bank.v1beta1.MsgSend", "cosmos.gov.v1.MsgVote"} +``` + +we have the following value-rendered encoding: + +``` +Allowed messages: 2 strings +Allowed messages (1/2): cosmos.bank.v1beta1.MsgSend +Allowed messages (2/2): cosmos.gov.v1.MsgVote +End of Allowed messages +``` + +### `message` + +* Applies to all Protobuf messages that do not have a custom encoding. +* Field names follow [sentence case](https://en.wiktionary.org/wiki/sentence_case) + * replace each `_` with a space + * capitalize first letter of the sentence +* Field names are ordered by their Protobuf field number +* Screen title is the field name, and screen content is the value. +* Nesting: + * if a field contains a nested message, we value-render the underlying message using the template: + + ``` + : <1st line of value-rendered message> + > // Notice the `>` prefix. + ``` + + * `>` character is used to denote nesting. For each additional level of nesting, add `>`. + +#### Examples + +Given the following Protobuf messages: + +```protobuf +enum VoteOption { + VOTE_OPTION_UNSPECIFIED = 0; + VOTE_OPTION_YES = 1; + VOTE_OPTION_ABSTAIN = 2; + VOTE_OPTION_NO = 3; + VOTE_OPTION_NO_WITH_VETO = 4; +} + +message WeightedVoteOption { + VoteOption option = 1; + string weight = 2 [(cosmos_proto.scalar) = "cosmos.Dec"]; +} + +message Vote { + uint64 proposal_id = 1; + string voter = 2 [(cosmos_proto.scalar) = "cosmos.AddressString"]; + reserved 3; + repeated WeightedVoteOption options = 4; +} +``` + +we get the following encoding for the `Vote` message: + +``` +Vote object +> Proposal id: 4 +> Voter: cosmos1abc...def +> Options: 2 WeightedVoteOptions +> Options (1/2): WeightedVoteOption object +>> Option: VOTE_OPTION_YES +>> Weight: 0.7 +> Options (2/2): WeightedVoteOption object +>> Option: VOTE_OPTION_NO +>> Weight: 0.3 +> End of Options +``` + +### Enums + +* Show the enum variant name as string. + +#### Examples + +See example above with `message Vote{}`. + +### `google.protobuf.Any` + +* Applies to `google.protobuf.Any` +* Rendered as: + +``` + +> +``` + +There is however one exception: when the underlying message is a Protobuf message that does not have a custom encoding, then the message header screen is omitted, and one level of indentation is removed. + +Messages that have a custom encoding, including `google.protobuf.Timestamp`, `google.protobuf.Duration`, `google.protobuf.Any`, `cosmos.base.v1beta1.Coin`, and messages that have an app-defined custom encoding, will preserve their header and indentation level. + +#### Examples + +Message header screen is stripped, one-level of indentation removed: +``` +/cosmos.gov.v1.Vote +> Proposal id: 4 +> Vote: cosmos1abc...def +> Options: 2 WeightedVoteOptions +> Options (1/2): WeightedVoteOption object +>> Option: Yes +>> Weight: 0.7 +> Options (2/2): WeightedVoteOption object +>> Option: No +>> Weight: 0.3 +> End of Options +``` + +Message with custom encoding: +``` +/cosmos.base.v1beta1.Coin +> 10uatom +``` + +### `google.protobuf.Timestamp` + +Rendered using [RFC 3339](https://www.rfc-editor.org/rfc/rfc3339) (a +simplification of ISO 8601), which is the current recommendation for portable +time values. The rendering always uses "Z" (UTC) as the timezone. It uses only +the necessary fractional digits of a second, omitting the fractional part +entirely if the timestamp has no fractional seconds. (The resulting timestamps +are not automatically sortable by standard lexicographic order, but we favor +the legibility of the shorter string.) + +#### Examples + +The timestamp with 1136214245 seconds and 700000000 nanoseconds is rendered +as `2006-01-02T15:04:05.7Z`. +The timestamp with 1136214245 seconds and zero nanoseconds is rendered +as `2006-01-02T15:04:05Z`. + +### `google.protobuf.Duration` + +The duration proto expresses a raw number of seconds and nanoseconds. +This will be rendered as longer time units of days, hours, and minutes, +plus any remaining seconds, in that order. +Leading and trailing zero-quantity units will be omitted, but all +units in between nonzero units will be shown, e.g. ` 3 days, 0 hours, 0 minutes, 5 seconds`. + +Even longer time units such as months or years are imprecise. +Weeks are precise, but not commonly used - `91 days` is more immediately +legible than `13 weeks`. Although `days` can be problematic, +e.g. noon to noon on subsequent days can be 23 or 25 hours depending on +daylight savings transitions, there is significant advantage in using +strict 24-hour days over using only hours (e.g. `91 days` vs `2184 hours`). + +When nanoseconds are nonzero, they will be shown as fractional seconds, +with only the minimum number of digits, e.g `0.5 seconds`. + +A duration of exactly zero is shown as `0 seconds`. + +Units will be given as singular (no trailing `s`) when the quantity is exactly one, +and will be shown in plural otherwise. + +Negative durations will be indicated with a leading minus sign (`-`). + +Examples: + +* `1 day` +* `30 days` +* `-1 day, 12 hours` +* `3 hours, 0 minutes, 53.025 seconds` + +### bytes + +* Bytes of length shorter or equal to 35 are rendered in hexadecimal, all capital letters, without the `0x` prefix. +* Bytes of length greater than 35 are hashed using SHA256. The rendered text is `SHA-256=`, followed by the 32-byte hash, in hexadecimal, all capital letters, without the `0x` prefix. +* The hexadecimal string is finally separated into groups of 4 digits, with a space `' '` as separator. If the bytes length is odd, the 2 remaining hexadecimal characters are at the end. + +The number 35 was chosen because it is the longest length where the hashed-and-prefixed representation is longer than the original data directly formatted, using the 3 rules above. More specifically: +- a 35-byte array will have 70 hex characters, plus 17 space characters, resulting in 87 characters. +- byte arrays starting from length 36 will be be hashed to 32 bytes, which is 64 hex characters plus 15 spaces, and with the `SHA-256=` prefix, it takes 87 characters. +Also, secp256k1 public keys have length 33, so their Textual representation is not their hashed value, which we would like to avoid. + +Note: Data longer than 35 bytes are not rendered in a way that can be inverted. See ADR-050's [section about invertability](./adr-050-sign-mode-textual.md#invertible-rendering) for a discussion. + +#### Examples + +Inputs are displayed as byte arrays. + +* `[0]`: `00` +* `[0,1,2]`: `0001 02` +* `[0,1,2,..,34]`: `0001 0203 0405 0607 0809 0A0B 0C0D 0E0F 1011 1213 1415 1617 1819 1A1B 1C1D 1E1F 2021 22` +* `[0,1,2,..,35]`: `SHA-256=5D7E 2D9B 1DCB C85E 7C89 0036 A2CF 2F9F E7B6 6554 F2DF 08CE C6AA 9C0A 25C9 9C21` + +### address bytes + +We currently use `string` types in protobuf for addresses so this may not be needed, but if any address bytes are used in sign mode textual they should be rendered with bech32 formatting + +### strings + +Strings are rendered as-is. + +### Default Values + +* Default Protobuf values for each field are skipped. + +#### Example + +```protobuf +message TestData { + string signer = 1; + string metadata = 2; +} +``` + +```go +myTestData := TestData{ + Signer: "cosmos1abc" +} +``` + +We get the following encoding for the `TestData` message: + +``` +TestData object +> Signer: cosmos1abc +``` + +### bool + +Boolean values are rendered as `True` or `False`. + +### [ABANDONED] Custom `msg_title` instead of Msg `type_url` + +_This paragraph is in the Annex for informational purposes only, and will be removed in a next update of the ADR._ + +
    + Click to see abandoned idea. + +* all protobuf messages to be used with `SIGN_MODE_TEXTUAL` CAN have a short title associated with them that can be used in format strings whenever the type URL is explicitly referenced via the `cosmos.msg.v1.textual.msg_title` Protobuf message option. +* if this option is not specified for a Msg, then the Protobuf fully qualified name will be used. + +```protobuf +message MsgSend { + option (cosmos.msg.v1.textual.msg_title) = "bank send coins"; +} +``` + +* they MUST be unique per message, per chain + +#### Examples + +* `cosmos.gov.v1.MsgVote` -> `governance v1 vote` + +#### Best Pratices + +We recommend to use this option only for `Msg`s whose Protobuf fully qualified name can be hard to understand. As such, the two examples above (`MsgSend` and `MsgVote`) are not good examples to be used with `msg_title`. We still allow `msg_title` for chains who might have `Msg`s with complex or non-obvious names. + +In those cases, we recommend to drop the version (e.g. `v1`) in the string if there's only one version of the module on chain. This way, the bijective mapping can figure out which message each string corresponds to. If multiple Protobuf versions of the same module exist on the same chain, we recommend keeping the first `msg_title` with version, and the second `msg_title` with version (e.g. `v2`): + +* `mychain.mymodule.v1.MsgDo` -> `mymodule do something` +* `mychain.mymodule.v2.MsgDo` -> `mymodule v2 do something` + +
    diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-050-sign-mode-textual-annex2.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-050-sign-mode-textual-annex2.md new file mode 100644 index 00000000..9bd0f3f4 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-050-sign-mode-textual-annex2.md @@ -0,0 +1,122 @@ +# ADR 050: SIGN_MODE_TEXTUAL: Annex 2 XXX + +## Changelog + +* Oct 3, 2022: Initial Draft + +## Status + +DRAFT + +## Abstract + +This annex provides normative guidance on how devices should render a +`SIGN_MODE_TEXTUAL` document. + +## Context + +`SIGN_MODE_TEXTUAL` allows a legible version of a transaction to be signed +on a hardware security device, such as a Ledger. Early versions of the +design rendered transactions directly to lines of ASCII text, but this +proved awkward from its in-band signaling, and for the need to display +Unicode text within the transaction. + +## Decision + +`SIGN_MODE_TEXTUAL` renders to an abstract representation, leaving it +up to device-specific software how to present this representation given the +capabilities, limitations, and conventions of the deivce. + +We offer the following normative guidance: + +1. The presentation should be as legible as possible to the user, given +the capabilities of the device. If legibility could be sacrificed for other +properties, we would recommend just using some other signing mode. +Legibility should focus on the common case - it is okay for unusual cases +to be less legible. + +2. The presentation should be invertible if possible without substantial +sacrifice of legibility. Any change to the rendered data should result +in a visible change to the presentation. This extends the integrity of the +signing to user-visible presentation. + +3. The presentation should follow normal conventions of the device, +without sacrificing legibility or invertibility. + +As an illustration of these principles, here is an example algorithm +for presentation on a device which can display a single 80-character +line of printable ASCII characters: + +* The presentation is broken into lines, and each line is presented in +sequence, with user controls for going forward or backward a line. + +* Expert mode screens are only presented if the device is in expert mode. + +* Each line of the screen starts with a number of `>` characters equal +to the screen's indentation level, followed by a `+` character if this +isn't the first line of the screen, followed by a space if either a +`>` or a `+` has been emitted, +or if this header is followed by a `>`, `+`, or space. + +* If the line ends with whitespace or an `@` character, an additional `@` +character is appended to the line. + +* The following ASCII control characters or backslash (`\`) are converted +to a backslash followed by a letter code, in the manner of string literals +in many languages: + + * a: U+0007 alert or bell + * b: U+0008 backspace + * f: U+000C form feed + * n: U+000A line feed + * r: U+000D carriage return + * t: U+0009 horizontal tab + * v: U+000B vertical tab + * `\`: U+005C backslash + +* All other ASCII control characters, plus non-ASCII Unicode code points, +are shown as either: + + * `\u` followed by 4 uppercase hex chacters for code points + in the basic multilingual plane (BMP). + + * `\U` followed by 8 uppercase hex characters for other code points. + +* The screen will be broken into multiple lines to fit the 80-character +limit, considering the above transformations in a way that attempts to +minimize the number of lines generated. Expanded control or Unicode characters +are never split across lines. + +Example output: + +``` +An introductory line. +key1: 123456 +key2: a string that ends in whitespace @ +key3: a string that ends in a single ampersand - @@ + >tricky key4<: note the leading space in the presentation +introducing an aggregate +> key5: false +> key6: a very long line of text, please co\u00F6perate and break into +>+ multiple lines. +> Can we do further nesting? +>> You bet we can! +``` + +The inverse mapping gives us the only input which could have +generated this output (JSON notation for string data): + +``` +Indent Text +------ ---- +0 "An introductory line." +0 "key1: 123456" +0 "key2: a string that ends in whitespace " +0 "key3: a string that ends in a single ampersand - @" +0 ">tricky key4<: note the leading space in the presentation" +0 "introducing an aggregate" +1 "key5: false" +1 "key6: a very long line of text, please coöperate and break into multiple lines." +1 "Can we do further nesting?" +2 "You bet we can!" +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-050-sign-mode-textual.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-050-sign-mode-textual.md new file mode 100644 index 00000000..c5b51b22 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-050-sign-mode-textual.md @@ -0,0 +1,370 @@ +# ADR 050: SIGN_MODE_TEXTUAL + +## Changelog + +* Dec 06, 2021: Initial Draft. +* Feb 07, 2022: Draft read and concept-ACKed by the Ledger team. +* May 16, 2022: Change status to Accepted. +* Aug 11, 2022: Require signing over tx raw bytes. +* Sep 07, 2022: Add custom `Msg`-renderers. +* Sep 18, 2022: Structured format instead of lines of text +* Nov 23, 2022: Specify CBOR encoding. +* Dec 01, 2022: Link to examples in separate JSON file. +* Dec 06, 2022: Re-ordering of envelope screens. +* Dec 14, 2022: Mention exceptions for invertability. +* Jan 23, 2023: Switch Screen.Text to Title+Content. +* Mar 07, 2023: Change SignDoc from array to struct containing array. +* Mar 20, 2023: Introduce a spec version initialized to 0. + +## Status + +Accepted. Implementation started. Small value renderers details still need to be polished. + +Spec version: 0. + +## Abstract + +This ADR specifies SIGN_MODE_TEXTUAL, a new string-based sign mode that is targetted at signing with hardware devices. + +## Context + +Protobuf-based SIGN_MODE_DIRECT was introduced in [ADR-020](./adr-020-protobuf-transaction-encoding.md) and is intended to replace SIGN_MODE_LEGACY_AMINO_JSON in most situations, such as mobile wallets and CLI keyrings. However, the [Ledger](https://www.ledger.com/) hardware wallet is still using SIGN_MODE_LEGACY_AMINO_JSON for displaying the sign bytes to the user. Hardware wallets cannot transition to SIGN_MODE_DIRECT as: + +* SIGN_MODE_DIRECT is binary-based and thus not suitable for display to end-users. Technically, hardware wallets could simply display the sign bytes to the user. But this would be considered as blind signing, and is a security concern. +* hardware cannot decode the protobuf sign bytes due to memory constraints, as the Protobuf definitions would need to be embedded on the hardware device. + +In an effort to remove Amino from the SDK, a new sign mode needs to be created for hardware devices. [Initial discussions](https://github.com/cosmos/cosmos-sdk/issues/6513) propose a text-based sign mode, which this ADR formally specifies. + +## Decision + +In SIGN_MODE_TEXTUAL, a transaction is rendered into a textual representation, +which is then sent to a secure device or subsystem for the user to review and sign. +Unlike `SIGN_MODE_DIRECT`, the transmitted data can be simply decoded into legible text +even on devices with limited processing and display. + +The textual representation is a sequence of _screens_. +Each screen is meant to be displayed in its entirety (if possible) even on a small device like a Ledger. +A screen is roughly equivalent to a short line of text. +Large screens can be displayed in several pieces, +much as long lines of text are wrapped, +so no hard guidance is given, though 40 characters is a good target. +A screen is used to display a single key/value pair for scalar values +(or composite values with a compact notation, such as `Coins`) +or to introduce or conclude a larger grouping. + +The text can contain the full range of Unicode code points, including control characters and nul. +The device is responsible for deciding how to display characters it cannot render natively. +See [annex 2](./adr-050-sign-mode-textual-annex2.md) for guidance. + +Screens have a non-negative indentation level to signal composite or nested structures. +Indentation level zero is the top level. +Indentation is displayed via some device-specific mechanism. +Message quotation notation is an appropriate model, such as +leading `>` characters or vertical bars on more capable displays. + +Some screens are marked as _expert_ screens, +meant to be displayed only if the viewer chooses to opt in for the extra detail. +Expert screens are meant for information that is rarely useful, +or needs to be present only for signature integrity (see below). + +### Invertible Rendering + +We require that the rendering of the transaction be invertible: +there must be a parsing function such that for every transaction, +when rendered to the textual representation, +parsing that representation yeilds a proto message equivalent +to the original under proto equality. + +Note that this inverse function does not need to perform correct +parsing or error signaling for the whole domain of textual data. +Merely that the range of valid transactions be invertible under +the composition of rendering and parsing. + +Note that the existence of an inverse function ensures that the +rendered text contains the full information of the original transaction, +not a hash or subset. + +We make an exception for invertibility for data which are too large to +meaningfully display, such as byte strings longer than 32 bytes. We may then +selectively render them with a cryptographically-strong hash. In these cases, +it is still computationally infeasible to find a different transaction which +has the same rendering. However, we must ensure that the hash computation is +simple enough to be reliably executed independently, so at least the hash is +itself reasonably verifiable when the raw byte string is not. + +### Chain State + +The rendering function (and parsing function) may depend on the current chain state. +This is useful for reading parameters, such as coin display metadata, +or for reading user-specific preferences such as language or address aliases. +Note that if the observed state changes between signature generation +and the transaction's inclusion in a block, the delivery-time rendering +might differ. If so, the signature will be invalid and the transaction +will be rejected. + +### Signature and Security + +For security, transaction signatures should have three properties: + +1. Given the transaction, signatures, and chain state, it must be possible to validate that the signatures matches the transaction, +to verify that the signers must have known their respective secret keys. + +2. It must be computationally infeasible to find a substantially different transaction for which the given signatures are valid, given the same chain state. + +3. The user should be able to give informed consent to the signed data via a simple, secure device with limited display capabilities. + +The correctness and security of `SIGN_MODE_TEXTUAL` is guaranteed by demonstrating an inverse function from the rendering to transaction protos. +This means that it is impossible for a different protocol buffer message to render to the same text. + +### Transaction Hash Malleability + +When client software forms a transaction, the "raw" transaction (`TxRaw`) is serialized as a proto +and a hash of the resulting byte sequence is computed. +This is the `TxHash`, and is used by various services to track the submitted transaction through its lifecycle. +Various misbehavior is possible if one can generate a modified transaction with a different TxHash +but for which the signature still checks out. + +SIGN_MODE_TEXTUAL prevents this transaction malleability by including the TxHash as an expert screen +in the rendering. + +### SignDoc + +The SignDoc for `SIGN_MODE_TEXTUAL` is formed from a data structure like: + +```go +type Screen struct { + Title string // possibly size limited to, advised to 64 characters + Content string // possibly size limited to, advised to 255 characters + Indent uint8 // size limited to something small like 16 or 32 + Expert bool +} + +type SignDocTextual struct { + Screens []Screen +} +``` + +We do not plan to use protobuf serialization to form the sequence of bytes +that will be tranmitted and signed, in order to keep the decoder simple. +We will use [CBOR](https://cbor.io) ([RFC 8949](https://www.rfc-editor.org/rfc/rfc8949.html)) instead. +The encoding is defined by the following CDDL ([RFC 8610](https://www.rfc-editor.org/rfc/rfc8610)): + +``` +;;; CDDL (RFC 8610) Specification of SignDoc for SIGN_MODE_TEXTUAL. +;;; Must be encoded using CBOR deterministic encoding (RFC 8949, section 4.2.1). + +;; A Textual document is a struct containing one field: an array of screens. +sign_doc = { + screens_key: [* screen], +} + +;; The key is an integer to keep the encoding small. +screens_key = 1 + +;; A screen consists of a text string, an indentation, and the expert flag, +;; represented as an integer-keyed map. All entries are optional +;; and MUST be omitted from the encoding if empty, zero, or false. +;; Text defaults to the empty string, indent defaults to zero, +;; and expert defaults to false. +screen = { + ? title_key: tstr, + ? content_key: tstr, + ? indent_key: uint, + ? expert_key: bool, +} + +;; Keys are small integers to keep the encoding small. +title_key = 1 +content_key = 2 +indent_key = 3 +expert_key = 4 +``` + +Defining the sign_doc as directly an array of screens has also been considered. However, given the possibility of future iterations of this specification, using a single-keyed struct has been chosen over the former proposal, as structs allow for easier backwards-compatibility. + +## Details + +In the examples that follow, screens will be shown as lines of text, +indentation is indicated with a leading '>', +and expert screens are marked with a leading `*`. + +### Encoding of the Transaction Envelope + +We define "transaction envelope" as all data in a transaction that is not in the `TxBody.Messages` field. Transaction envelope includes fee, signer infos and memo, but don't include `Msg`s. `//` denotes comments and are not shown on the Ledger device. + +``` +Chain ID: +Account number: +Sequence: +Address: +*Public Key: +This transaction has Message(s) // Pluralize "Message" only when int>1 +> Message (/): // See value renderers for Any rendering. +End of Message +Memo: // Skipped if no memo set. +Fee: // See value renderers for coins rendering. +*Fee payer: // Skipped if no fee_payer set. +*Fee granter: // Skipped if no fee_granter set. +Tip: // Skippted if no tip. +Tipper: +*Gas Limit: +*Timeout Height: // Skipped if no timeout_height set. +*Other signer: SignerInfo // Skipped if the transaction only has 1 signer. +*> Other signer (/): +*End of other signers +*Extension options: Any: // Skipped if no body extension options +*> Extension options (/): +*End of extension options +*Non critical extension options: Any: // Skipped if no body non critical extension options +*> Non critical extension options (/): +*End of Non critical extension options +*Hash of raw bytes: // Hex encoding of bytes defined, to prevent tx hash malleability. +``` + +### Encoding of the Transaction Body + +Transaction Body is the `Tx.TxBody.Messages` field, which is an array of `Any`s, where each `Any` packs a `sdk.Msg`. Since `sdk.Msg`s are widely used, they have a slightly different encoding than usual array of `Any`s (Protobuf: `repeated google.protobuf.Any`) described in Annex 1. + +``` +This transaction has message: // Optional 's' for "message" if there's is >1 sdk.Msgs. +// For each Msg, print the following 2 lines: +Msg (/): // E.g. Msg (1/2): bank v1beta1 send coins + +End of transaction messages +``` + +#### Example + +Given the following Protobuf message: + +```protobuf +message Grant { + google.protobuf.Any authorization = 1 [(cosmos_proto.accepts_interface) = "cosmos.authz.v1beta1.Authorization"]; + google.protobuf.Timestamp expiration = 2 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false]; +} + +message MsgGrant { + option (cosmos.msg.v1.signer) = "granter"; + + string granter = 1 [(cosmos_proto.scalar) = "cosmos.AddressString"]; + string grantee = 2 [(cosmos_proto.scalar) = "cosmos.AddressString"]; +} +``` + +and a transaction containing 1 such `sdk.Msg`, we get the following encoding: + +``` +This transaction has 1 message: +Msg (1/1): authz v1beta1 grant +Granter: cosmos1abc...def +Grantee: cosmos1ghi...jkl +End of transaction messages +``` + +### Custom `Msg` Renderers + +Application developers may choose to not follow default renderer value output for their own `Msg`s. In this case, they can implement their own custom `Msg` renderer. This is similar to [EIP4430](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-4430.md), where the smart contract developer chooses the description string to be shown to the end user. + +This is done by setting the `cosmos.msg.textual.v1.expert_custom_renderer` Protobuf option to a non-empty string. This option CAN ONLY be set on a Protobuf message representing transaction message object (implementing `sdk.Msg` interface). + +```protobuf +message MsgFooBar { + // Optional comments to describe in human-readable language the formatting + // rules of the custom renderer. + option (cosmos.msg.textual.v1.expert_custom_renderer) = ""; + + // proto fields +} +``` + +When this option is set on a `Msg`, a registered function will transform the `Msg` into an array of one or more strings, which MAY use the key/value format (described in point #3) with the expert field prefix (described in point #5) and arbitrary indentation (point #6). These strings MAY be rendered from a `Msg` field using a default value renderer, or they may be generated from several fields using custom logic. + +The `` is a string convention chosen by the application developer and is used to identify the custom `Msg` renderer. For example, the documentation or specification of this custom algorithm can reference this identifier. This identifier CAN have a versioned suffix (e.g. `_v1`) to adapt for future changes (which would be consensus-breaking). We also recommend adding Protobuf comments to describe in human language the custom logic used. + +Moreover, the renderer must provide 2 functions: one for formatting from Protobuf to string, and one for parsing string to Protobuf. These 2 functions are provided by the application developer. To satisfy point #1, the parse function MUST be the inverse of the formatting function. This property will not be checked by the SDK at runtime. However, we strongly recommend the application developer to include a comprehensive suite in their app repo to test invertibility, as to not introduce security bugs. + +### Require signing over the `TxBody` and `AuthInfo` raw bytes + +Recall that the transaction bytes merklelized on chain are the Protobuf binary serialization of [TxRaw](hhttps://buf.build/cosmos/cosmos-sdk/docs/main:cosmos.tx.v1beta1#cosmos.tx.v1beta1.TxRaw), which contains the `body_bytes` and `auth_info_bytes`. Moreover, the transaction hash is defined as the SHA256 hash of the `TxRaw` bytes. We require that the user signs over these bytes in SIGN_MODE_TEXTUAL, more specifically over the following string: + +``` +*Hash of raw bytes: +``` + +where: + +* `++` denotes concatenation, +* `HEX` is the hexadecimal representation of the bytes, all in capital letters, no `0x` prefix, +* and `len()` is encoded as a Big-Endian uint64. + +This is to prevent transaction hash malleability. The point #1 about invertiblity assures that transaction `body` and `auth_info` values are not malleable, but the transaction hash still might be malleable with point #1 only, because the SIGN_MODE_TEXTUAL strings don't follow the byte ordering defined in `body_bytes` and `auth_info_bytes`. Without this hash, a malicious validator or exchange could intercept a transaction, modify its transaction hash _after_ the user signed it using SIGN_MODE_TEXTUAL (by tweaking the byte ordering inside `body_bytes` or `auth_info_bytes`), and then submit it to Tendermint. + +By including this hash in the SIGN_MODE_TEXTUAL signing payload, we keep the same level of guarantees as [SIGN_MODE_DIRECT](./adr-020-protobuf-transaction-encoding.md). + +These bytes are only shown in expert mode, hence the leading `*`. + +## Updates to the current specification + +The current specification is not set in stone, and future iterations are to be expected. We distinguish two categories of updates to this specification: + +1. Updates that require changes of the hardware device embedded application. +2. Updates that only modify the envelope and the value renderers. + +Updates in the 1st category include changes of the `Screen` struct or its corresponding CBOR encoding. This type of updates require a modification of the hardware signer application, to be able to decode and parse the new types. Backwards-compatibility must also be guaranteed, so that the new hardware application works with existing versions of the SDK. These updates require the coordination of multiple parties: SDK developers, hardware application developers (currently: Zondax), and client-side developers (e.g. CosmJS). Furthermore, a new submission of the hardware device application may be necessary, which, dependending on the vendor, can take some time. As such, we recommend to avoid this type of updates as much as possible. + +Updates in the 2nd category include changes to any of the value renderers or to the transaction envelope. For example, the ordering of fields in the envelope can be swapped, or the timestamp formatting can be modified. Since SIGN_MODE_TEXTUAL sends `Screen`s to the hardware device, this type of change do not need a hardware wallet application update. They are however state-machine-breaking, and must be documented as such. They require the coordination of SDK developers with client-side developers (e.g. CosmJS), so that the updates are released on both sides close to each other in time. + +We define a spec version, which is an integer that must be incremented on each update of either category. This spec version will be exposed by the SDK's implementation, and can be communicated to clients. For example, SDK v0.50 might use the spec version 1, and SDK v0.51 might use 2; thanks to this versioning, clients can know how to craft SIGN_MODE_TEXTUAL transactions based on the target SDK version. + +The current spec version is defined in the "Status" section, on the top of this document. It is initialized to `0` to allow flexibility in choosing how to define future versions, as it would allow adding a field either in the SignDoc Go struct or in Protobuf in a backwards-compatible way. + +## Additional Formatting by the Hardware Device + +See [annex 2](./adr-050-sign-mode-textual-annex2.md). + +## Examples + +1. A minimal MsgSend: [see transaction](https://github.com/cosmos/cosmos-sdk/blob/094abcd393379acbbd043996024d66cd65246fb1/tx/textual/internal/testdata/e2e.json#L2-L70). +2. A transaction with a bit of everything: [see transaction](https://github.com/cosmos/cosmos-sdk/blob/094abcd393379acbbd043996024d66cd65246fb1/tx/textual/internal/testdata/e2e.json#L71-L270). + +The examples below are stored in a JSON file with the following fields: + +* `proto`: the representation of the transaction in ProtoJSON, +* `screens`: the transaction rendered into SIGN_MODE_TEXTUAL screens, +* `cbor`: the sign bytes of the transaction, which is the CBOR encoding of the screens. + +## Consequences + +### Backwards Compatibility + +SIGN_MODE_TEXTUAL is purely additive, and doesn't break any backwards compatibility with other sign modes. + +### Positive + +* Human-friendly way of signing in hardware devices. +* Once SIGN_MODE_TEXTUAL is shipped, SIGN_MODE_LEGACY_AMINO_JSON can be deprecated and removed. On the longer term, once the ecosystem has totally migrated, Amino can be totally removed. + +### Negative + +* Some fields are still encoded in non-human-readable ways, such as public keys in hexadecimal. +* New ledger app needs to be released, still unclear + +### Neutral + +* If the transaction is complex, the string array can be arbitrarily long, and some users might just skip some screens and blind sign. + +## Further Discussions + +* Some details on value renderers need to be polished, see [Annex 1](./adr-050-sign-mode-textual-annex1.md). +* Are ledger apps able to support both SIGN_MODE_LEGACY_AMINO_JSON and SIGN_MODE_TEXTUAL at the same time? +* Open question: should we add a Protobuf field option to allow app developers to overwrite the textual representation of certain Protobuf fields and message? This would be similar to Ethereum's [EIP4430](https://github.com/ethereum/EIPs/pull/4430), where the contract developer decides on the textual representation. +* Internationalization. + +## References + +* [Annex 1](./adr-050-sign-mode-textual-annex1.md) + +* Initial discussion: https://github.com/cosmos/cosmos-sdk/issues/6513 +* Living document used in the working group: https://hackmd.io/fsZAO-TfT0CKmLDtfMcKeA?both +* Working group meeting notes: https://hackmd.io/7RkGfv_rQAaZzEigUYhcXw +* Ethereum's "Described Transactions" https://github.com/ethereum/EIPs/pull/4430 diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-053-go-module-refactoring.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-053-go-module-refactoring.md new file mode 100644 index 00000000..d15c3901 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-053-go-module-refactoring.md @@ -0,0 +1,110 @@ +# ADR 053: Go Module Refactoring + +## Changelog + +* 2022-04-27: First Draft + +## Status + +PROPOSED + +## Abstract + +The current SDK is built as a single monolithic go module. This ADR describes +how we refactor the SDK into smaller independently versioned go modules +for ease of maintenance. + +## Context + +Go modules impose certain requirements on software projects with respect to +stable version numbers (anything above 0.x) in that [any API breaking changes +necessitate a major version](https://go.dev/doc/modules/release-workflow#breaking) +increase which technically creates a new go module +(with a v2, v3, etc. suffix). + +[Keeping modules API compatible](https://go.dev/blog/module-compatibility) in +this way requires a fair amount of fair thought and discipline. + +The Cosmos SDK is a fairly large project which originated before go modules +came into existence and has always been under a v0.x release even though +it has been used in production for years now, not because it isn't production +quality software, but rather because the API compatibility guarantees required +by go modules are fairly complex to adhere to with such a large project. +Up to now, it has generally been deemed more important to be able to break the +API if needed rather than require all users update all package import paths +to accommodate breaking changes causing v2, v3, etc. releases. This is in +addition to the other complexities related to protobuf generated code that will +be addressed in a separate ADR. + +Nevertheless, the desire for semantic versioning has been [strong in the +community](https://github.com/cosmos/cosmos-sdk/discussions/10162) and the +single go module release process has made it very hard to +release small changes to isolated features in a timely manner. Release cycles +often exceed six months which means small improvements done in a day or +two get bottle-necked by everything else in the monolithic release cycle. + +## Decision + +To improve the current situation, the SDK is being refactored into multiple +go modules within the current repository. There has been a [fair amount of +debate](https://github.com/cosmos/cosmos-sdk/discussions/10582#discussioncomment-1813377) +as to how to do this, with some developers arguing for larger vs smaller +module scopes. There are pros and cons to both approaches (which will be +discussed below in the [Consequences](#consequences) section), but the +approach being adopted is the following: + +* a go module should generally be scoped to a specific coherent set of +functionality (such as math, errors, store, etc.) +* when code is removed from the core SDK and moved to a new module path, every +effort should be made to avoid API breaking changes in the existing code using +aliases and wrapper types (as done in https://github.com/cosmos/cosmos-sdk/pull/10779 +and https://github.com/cosmos/cosmos-sdk/pull/11788) +* new go modules should be moved to a standalone domain (`cosmossdk.io`) before +being tagged as `v1.0.0` to accommodate the possibility that they may be +better served by a standalone repository in the future +* all go modules should follow the guidelines in https://go.dev/blog/module-compatibility +before `v1.0.0` is tagged and should make use of `internal` packages to limit +the exposed API surface +* the new go module's API may deviate from the existing code where there are +clear improvements to be made or to remove legacy dependencies (for instance on +amino or gogo proto), as long the old package attempts +to avoid API breakage with aliases and wrappers +* care should be taken when simply trying to turn an existing package into a +new go module: https://github.com/golang/go/wiki/Modules#is-it-possible-to-add-a-module-to-a-multi-module-repository. +In general, it seems safer to just create a new module path (appending v2, v3, etc. +if necessary), rather than trying to make an old package a new module. + +## Consequences + +### Backwards Compatibility + +If the above guidelines are followed to use aliases or wrapper types pointing +in existing APIs that point back to the new go modules, there should be no or +very limited breaking changes to existing APIs. + +### Positive + +* standalone pieces of software will reach `v1.0.0` sooner +* new features to specific functionality will be released sooner + +### Negative + +* there will be more go module versions to update in the SDK itself and +per-project, although most of these will hopefully be indirect + +### Neutral + +## Further Discussions + +Further discussions are occurring in primarily in +https://github.com/cosmos/cosmos-sdk/discussions/10582 and within +the Cosmos SDK Framework Working Group. + +## References + +* https://go.dev/doc/modules/release-workflow +* https://go.dev/blog/module-compatibility +* https://github.com/cosmos/cosmos-sdk/discussions/10162 +* https://github.com/cosmos/cosmos-sdk/discussions/10582 +* https://github.com/cosmos/cosmos-sdk/pull/10779 +* https://github.com/cosmos/cosmos-sdk/pull/11788 diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-054-semver-compatible-modules.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-054-semver-compatible-modules.md new file mode 100644 index 00000000..be63e8db --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-054-semver-compatible-modules.md @@ -0,0 +1,728 @@ +# ADR 054: Semver Compatible SDK Modules + +## Changelog + +* 2022-04-27: First draft + +## Status + +DRAFT + +## Abstract + +In order to move the Cosmos SDK to a system of decoupled semantically versioned +modules which can be composed in different combinations (ex. staking v3 with +bank v1 and distribution v2), we need to reassess how we organize the API surface +of modules to avoid problems with go semantic import versioning and +circular dependencies. This ADR explores various approaches we can take to +addressing these issues. + +## Context + +There has been [a fair amount of desire](https://github.com/cosmos/cosmos-sdk/discussions/10162) +in the community for semantic versioning in the SDK and there has been significant +movement to splitting SDK modules into [standalone go modules](https://github.com/cosmos/cosmos-sdk/issues/11899). +Both of these will ideally allow the ecosystem to move faster because we won't +be waiting for all dependencies to update synchronously. For instance, we could +have 3 versions of the core SDK compatible with the latest 2 releases of +CosmWasm as well as 4 different versions of staking . This sort of setup would +allow early adopters to aggressively integrate new versions, while allowing +more conservative users to be selective about which versions they're ready for. + +In order to achieve this, we need to solve the following problems: + +1. because of the way [go semantic import versioning](https://research.swtch.com/vgo-import) (SIV) + works, moving to SIV naively will actually make it harder to achieve these goals +2. circular dependencies between modules need to be broken to actually release + many modules in the SDK independently +3. pernicious minor version incompatibilities introduced through correctly + [evolving protobuf schemas](https://developers.google.com/protocol-buffers/docs/proto3#updating) + without correct [unknown field filtering](./adr-020-protobuf-transaction-encoding.md#unknown-field-filtering) + +Note that all the following discussion assumes that the proto file versioning and state machine versioning of a module +are distinct in that: + +* proto files are maintained in a non-breaking way (using something + like [buf breaking](https://docs.buf.build/breaking/overview) + to ensure all changes are backwards compatible) +* proto file versions get bumped much less frequently, i.e. we might maintain `cosmos.bank.v1` through many versions + of the bank module state machine +* state machine breaking changes are more common and ideally this is what we'd want to semantically version with + go modules, ex. `x/bank/v2`, `x/bank/v3`, etc. + +### Problem 1: Semantic Import Versioning Compatibility + +Consider we have a module `foo` which defines the following `MsgDoSomething` and that we've released its state +machine in go module `example.com/foo`: + +```protobuf +package foo.v1; + +message MsgDoSomething { + string sender = 1; + uint64 amount = 2; +} + +service Msg { + DoSomething(MsgDoSomething) returns (MsgDoSomethingResponse); +} +``` + +Now consider that we make a revision to this module and add a new `condition` field to `MsgDoSomething` and also +add a new validation rule on `amount` requiring it to be non-zero, and that following go semantic versioning we +release the next state machine version of `foo` as `example.com/foo/v2`. + +```protobuf +// Revision 1 +package foo.v1; + +message MsgDoSomething { + string sender = 1; + + // amount must be a non-zero integer. + uint64 amount = 2; + + // condition is an optional condition on doing the thing. + // + // Since: Revision 1 + Condition condition = 3; +} +``` + +Approaching this naively, we would generate the protobuf types for the initial +version of `foo` in `example.com/foo/types` and we would generate the protobuf +types for the second version in `example.com/foo/v2/types`. + +Now let's say we have a module `bar` which talks to `foo` using this keeper +interface which `foo` provides: + +```go +type FooKeeper interface { + DoSomething(MsgDoSomething) error +} +``` + +#### Scenario A: Backward Compatibility: Newer Foo, Older Bar + +Imagine we have a chain which uses both `foo` and `bar` and wants to upgrade to +`foo/v2`, but the `bar` module has not upgraded to `foo/v2`. + +In this case, the chain will not be able to upgrade to `foo/v2` until `bar` +has upgraded its references to `example.com/foo/types.MsgDoSomething` to +`example.com/foo/v2/types.MsgDoSomething`. + +Even if `bar`'s usage of `MsgDoSomething` has not changed at all, the upgrade +will be impossible without this change because `example.com/foo/types.MsgDoSomething` +and `example.com/foo/v2/types.MsgDoSomething` are fundamentally different +incompatible structs in the go type system. + +#### Scenario B: Forward Compatibility: Older Foo, Newer Bar + +Now let's consider the reverse scenario, where `bar` upgrades to `foo/v2` +by changing the `MsgDoSomething` reference to `example.com/foo/v2/types.MsgDoSomething` +and releases that as `bar/v2` with some other changes that a chain wants. +The chain, however, has decided that it thinks the changes in `foo/v2` are too +risky and that it'd prefer to stay on the initial version of `foo`. + +In this scenario, it is impossible to upgrade to `bar/v2` without upgrading +to `foo/v2` even if `bar/v2` would have worked 100% fine with `foo` other +than changing the import path to `MsgDoSomething` (meaning that `bar/v2` +doesn't actually use any new features of `foo/v2`). + +Now because of the way go semantic import versioning works, we are locked +into either using `foo` and `bar` OR `foo/v2` and `bar/v2`. We cannot have +`foo` + `bar/v2` OR `foo/v2` + `bar`. The go type system doesn't allow this +even if both versions of these modules are otherwise compatible with each +other. + +#### Naive Mitigation + +A naive approach to fixing this would be to not regenerate the protobuf types +in `example.com/foo/v2/types` but instead just update `example.com/foo/types` +to reflect the changes needed for `v2` (adding `condition` and requiring +`amount` to be non-zero). Then we could release a patch of `example.com/foo/types` +with this update and use that for `foo/v2`. But this change is state machine +breaking for `v1`. It requires changing the `ValidateBasic` method to reject +the case where `amount` is zero, and it adds the `condition` field which +should be rejected based +on [ADR 020 unknown field filtering](./adr-020-protobuf-transaction-encoding.md#unknown-field-filtering). +So adding these changes as a patch on `v1` is actually incorrect based on semantic +versioning. Chains that want to stay on `v1` of `foo` should not +be importing these changes because they are incorrect for `v1.` + +### Problem 2: Circular dependencies + +None of the above approaches allow `foo` and `bar` to be separate modules +if for some reason `foo` and `bar` depend on each other in different ways. +For instance, we can't have `foo` import `bar/types` while `bar` imports +`foo/types`. + +We have several cases of circular module dependencies in the SDK +(ex. staking, distribution and slashing) that are legitimate from a state machine +perspective. Without separating the API types out somehow, there would be +no way to independently semantically version these modules without some other +mitigation. + +### Problem 3: Handling Minor Version Incompatibilities + +Imagine that we solve the first two problems but now have a scenario where +`bar/v2` wants the option to use `MsgDoSomething.condition` which only `foo/v2` +supports. If `bar/v2` works with `foo` `v1` and sets `condition` to some non-nil +value, then `foo` will silently ignore this field resulting in a silent logic +possibly dangerous logic error. If `bar/v2` were able to check whether `foo` was +on `v1` or `v2` and dynamically, it could choose to only use `condition` when +`foo/v2` is available. Even if `bar/v2` were able to perform this check, however, +how do we know that it is always performing the check properly. Without +some sort of +framework-level [unknown field filtering](./adr-020-protobuf-transaction-encoding.md#unknown-field-filtering), +it is hard to know whether these pernicious hard to detect bugs are getting into +our app and a client-server layer such as [ADR 033: Inter-Module Communication](./adr-033-protobuf-inter-module-comm.md) +may be needed to do this. + +## Solutions + +### Approach A) Separate API and State Machine Modules + +One solution (first proposed in https://github.com/cosmos/cosmos-sdk/discussions/10582) is to isolate all protobuf +generated code into a separate module +from the state machine module. This would mean that we could have state machine +go modules `foo` and `foo/v2` which could use a types or API go module say +`foo/api`. This `foo/api` go module would be perpetually on `v1.x` and only +accept non-breaking changes. This would then allow other modules to be +compatible with either `foo` or `foo/v2` as long as the inter-module API only +depends on the types in `foo/api`. It would also allow modules `foo` and `bar` +to depend on each other in that both of them could depend on `foo/api` and +`bar/api` without `foo` directly depending on `bar` and vice versa. + +This is similar to the naive mitigation described above except that it separates +the types into separate go modules which in and of itself could be used to +break circular module dependencies. It has the same problems as the naive solution, +otherwise, which we could rectify by: + +1. removing all state machine breaking code from the API module (ex. `ValidateBasic` and any other interface methods) +2. embedding the correct file descriptors for unknown field filtering in the binary + +#### Migrate all interface methods on API types to handlers + +To solve 1), we need to remove all interface implementations from generated +types and instead use a handler approach which essentially means that given +a type `X`, we have some sort of resolver which allows us to resolve interface +implementations for that type (ex. `sdk.Msg` or `authz.Authorization`). For +example: + +```go +func (k Keeper) DoSomething(msg MsgDoSomething) error { + var validateBasicHandler ValidateBasicHandler + err := k.resolver.Resolve(&validateBasic, msg) + if err != nil { + return err + } + + err = validateBasicHandler.ValidateBasic() + ... +} +``` + +In the case of some methods on `sdk.Msg`, we could replace them with declarative +annotations. For instance, `GetSigners` can already be replaced by the protobuf +annotation `cosmos.msg.v1.signer`. In the future, we may consider some sort +of protobuf validation framework (like https://github.com/bufbuild/protoc-gen-validate +but more Cosmos-specific) to replace `ValidateBasic`. + +#### Pinned FileDescriptor's + +To solve 2), state machine modules must be able to specify what the version of +the protobuf files was that they were built against. For instance if the API +module for `foo` upgrades to `foo/v2`, the original `foo` module still needs +a copy of the original protobuf files it was built with so that ADR 020 +unknown field filtering will reject `MsgDoSomething` when `condition` is +set. + +The simplest way to do this may be to embed the protobuf `FileDescriptor`s into +the module itself so that these `FileDescriptor`s are used at runtime rather +than the ones that are built into the `foo/api` which may be different. Using +[buf build](https://docs.buf.build/build/usage#output-format), [go embed](https://pkg.go.dev/embed), +and a build script we can probably come up with a solution for embedding +`FileDescriptor`s into modules that is fairly straightforward. + +#### Potential limitations to generated code + +One challenge with this approach is that it places heavy restrictions on what +can go in API modules and requires that most of this is state machine breaking. +All or most of the code in the API module would be generated from protobuf +files, so we can probably control this with how code generation is done, but +it is a risk to be aware of. + +For instance, we do code generation for the ORM that in the future could +contain optimizations that are state machine breaking. We +would either need to ensure very carefully that the optimizations aren't +actually state machine breaking in generated code or separate this generated code +out from the API module into the state machine module. Both of these mitigations +are potentially viable but the API module approach does require an extra level +of care to avoid these sorts of issues. + +#### Minor Version Incompatibilities + +This approach in and of itself does little to address any potential minor +version incompatibilities and the +requisite [unknown field filtering](./adr-020-protobuf-transaction-encoding.md#unknown-field-filtering). +Likely some sort of client-server routing layer which does this check such as +[ADR 033: Inter-Module communication](./adr-033-protobuf-inter-module-comm.md) +is required to make sure that this is done properly. We could then allow +modules to perform a runtime check given a `MsgClient`, ex: + +```go +func (k Keeper) CallFoo() error { + if k.interModuleClient.MinorRevision(k.fooMsgClient) >= 2 { + k.fooMsgClient.DoSomething(&MsgDoSomething{Condition: ...}) + } else { + ... + } +} +``` + +To do the unknown field filtering itself, the ADR 033 router would need to use +the [protoreflect API](https://pkg.go.dev/google.golang.org/protobuf/reflect/protoreflect) +to ensure that no fields unknown to the receiving module are set. This could +result in an undesirable performance hit depending on how complex this logic is. + +### Approach B) Changes to Generated Code + +An alternate approach to solving the versioning problem is to change how protobuf code is generated and move modules +mostly or completely in the direction of inter-module communication as described +in [ADR 033](./adr-033-protobuf-inter-module-comm.md). +In this paradigm, a module could generate all the types it needs internally - including the API types of other modules - +and talk to other modules via a client-server boundary. For instance, if `bar` needs to talk to `foo`, it could +generate its own version of `MsgDoSomething` as `bar/internal/foo/v1.MsgDoSomething` and just pass this to the +inter-module router which would somehow convert it to the version which foo needs (ex. `foo/internal.MsgDoSomething`). + +Currently, two generated structs for the same protobuf type cannot exist in the same go binary without special +build flags (see https://developers.google.com/protocol-buffers/docs/reference/go/faq#fix-namespace-conflict). +A relatively simple mitigation to this issue would be to set up the protobuf code to not register protobuf types +globally if they are generated in an `internal/` package. This will require modules to register their types manually +with the app-level level protobuf registry, this is similar to what modules already do with the `InterfaceRegistry` +and amino codec. + +If modules _only_ do ADR 033 message passing then a naive and non-performant solution for +converting `bar/internal/foo/v1.MsgDoSomething` +to `foo/internal.MsgDoSomething` would be marshaling and unmarshaling in the ADR 033 router. This would break down if +we needed to expose protobuf types in `Keeper` interfaces because the whole point is to try to keep these types +`internal/` so that we don't end up with all the import version incompatibilities we've described above. However, +because of the issue with minor version incompatibilities and the need +for [unknown field filtering](./adr-020-protobuf-transaction-encoding.md#unknown-field-filtering), +sticking with the `Keeper` paradigm instead of ADR 033 may be unviable to begin with. + +A more performant solution (that could maybe be adapted to work with `Keeper` interfaces) would be to only expose +getters and setters for generated types and internally store data in memory buffers which could be passed from +one implementation to another in a zero-copy way. + +For example, imagine this protobuf API with only getters and setters is exposed for `MsgSend`: + +```go +type MsgSend interface { + proto.Message + GetFromAddress() string + GetToAddress() string + GetAmount() []v1beta1.Coin + SetFromAddress(string) + SetToAddress(string) + SetAmount([]v1beta1.Coin) +} + +func NewMsgSend() MsgSend { return &msgSendImpl{memoryBuffers: ...} } +``` + +Under the hood, `MsgSend` could be implemented based on some raw memory buffer in the same way +that [Cap'n Proto](https://capnproto.org) +and [FlatBuffers](https://google.github.io/flatbuffers/) so that we could convert between one version of `MsgSend` +and another without serialization (i.e. zero-copy). This approach would have the added benefits of allowing zero-copy +message passing to modules written in other languages such as Rust and accessed through a VM or FFI. It could also make +unknown field filtering in inter-module communication simpler if we require that all new fields are added in sequential +order, ex. just checking that no field `> 5` is set. + +Also, we wouldn't have any issues with state machine breaking code on generated types because all the generated +code used in the state machine would actually live in the state machine module itself. Depending on how interface +types and protobuf `Any`s are used in other languages, however, it may still be desirable to take the handler +approach described in approach A. Either way, types implementing interfaces would still need to be registered +with an `InterfaceRegistry` as they are now because there would be no way to retrieve them via the global registry. + +In order to simplify access to other modules using ADR 033, a public API module (maybe even one +[remotely generated by Buf](https://docs.buf.build/bsr/remote-generation/go)) could be used by client modules instead +of requiring to generate all client types internally. + +The big downsides of this approach are that it requires big changes to how people use protobuf types and would be a +substantial rewrite of the protobuf code generator. This new generated code, however, could still be made compatible +with +the [`google.golang.org/protobuf/reflect/protoreflect`](https://pkg.go.dev/google.golang.org/protobuf/reflect/protoreflect) +API in order to work with all standard golang protobuf tooling. + +It is possible that the naive approach of marshaling/unmarshaling in the ADR 033 router is an acceptable intermediate +solution if the changes to the code generator are seen as too complex. However, since all modules would likely need +to migrate to ADR 033 anyway with this approach, it might be better to do this all at once. + +### Approach C) Don't address these issues + +If the above solutions are seen as too complex, we can also decide not to do anything explicit to enable better module +version compatibility, and break circular dependencies. + +In this case, when developers are confronted with the issues described above they can require dependencies to update in +sync (what we do now) or attempt some ad-hoc potentially hacky solution. + +One approach is to ditch go semantic import versioning (SIV) altogether. Some people have commented that go's SIV +(i.e. changing the import path to `foo/v2`, `foo/v3`, etc.) is too restrictive and that it should be optional. The +golang maintainers disagree and only officially support semantic import versioning. We could, however, take the +contrarian perspective and get more flexibility by using 0.x-based versioning basically forever. + +Module version compatibility could then be achieved using go.mod replace directives to pin dependencies to specific +compatible 0.x versions. For instance if we knew `foo` 0.2 and 0.3 were both compatible with `bar` 0.3 and 0.4, we +could use replace directives in our go.mod to stick to the versions of `foo` and `bar` we want. This would work as +long as the authors of `foo` and `bar` avoid incompatible breaking changes between these modules. + +Or, if developers choose to use semantic import versioning, they can attempt the naive solution described above +and would also need to use special tags and replace directives to make sure that modules are pinned to the correct +versions. + +Note, however, that all of these ad-hoc approaches, would be vulnerable to the minor version compatibility issues +described above unless [unknown field filtering](./adr-020-protobuf-transaction-encoding.md#unknown-field-filtering) +is properly addressed. + +### Approach D) Avoid protobuf generated code in public APIs + +An alternative approach would be to avoid protobuf generated code in public module APIs. This would help avoid the +discrepancy between state machine versions and client API versions at the module to module boundaries. It would mean +that we wouldn't do inter-module message passing based on ADR 033, but rather stick to the existing keeper approach +and take it one step further by avoiding any protobuf generated code in the keeper interface methods. + +Using this approach, our `foo.Keeper.DoSomething` method wouldn't have the generated `MsgDoSomething` struct (which +comes from the protobuf API), but instead positional parameters. Then in order for `foo/v2` to support the `foo/v1` +keeper it would simply need to implement both the v1 and v2 keeper APIs. The `DoSomething` method in v2 could have the +additional `condition` parameter, but this wouldn't be present in v1 at all so there would be no danger of a client +accidentally setting this when it isn't available. + +So this approach would avoid the challenge around minor version incompatibilities because the existing module keeper +API would not get new fields when they are added to protobuf files. + +Taking this approach, however, would likely require making all protobuf generated code internal in order to prevent +it from leaking into the keeper API. This means we would still need to modify the protobuf code generator to not +register `internal/` code with the global registry, and we would still need to manually register protobuf +`FileDescriptor`s (this is probably true in all scenarios). It may, however, be possible to avoid needing to refactor +interface methods on generated types to handlers. + +Also, this approach doesn't address what would be done in scenarios where modules still want to use the message router. +Either way, we probably still want a way to pass messages from one module to another router safely even if it's just for +use cases like `x/gov`, `x/authz`, CosmWasm, etc. That would still require most of the things outlined in approach (B), +although we could advise modules to prefer keepers for communicating with other modules. + +The biggest downside of this approach is probably that it requires a strict refactoring of keeper interfaces to avoid +generated code leaking into the API. This may result in cases where we need to duplicate types that are already defined +in proto files and then write methods for converting between the golang and protobuf version. This may end up in a lot +of unnecessary boilerplate and that may discourage modules from actually adopting it and achieving effective version +compatibility. Approaches (A) and (B), although heavy handed initially, aim to provide a system which once adopted +more or less gives the developer version compatibility for free with minimal boilerplate. Approach (D) may not be able +to provide such a straightforward system since it requires a golang API to be defined alongside a protobuf API in a +way that requires duplication and differing sets of design principles (protobuf APIs encourage additive changes +while golang APIs would forbid it). + +Other downsides to this approach are: +* no clear roadmap to supporting modules in other languages like Rust +* doesn't get us any closer to proper object capability security (one of the goals of ADR 033) +* ADR 033 needs to be done properly anyway for the set of use cases which do need it + +## Decision + +The latest **DRAFT** proposal is: + +1. we are alignment on adopting [ADR 033](./adr-033-protobuf-inter-module-comm.md) not just as an addition to the + framework, but as a core replacement to the keeper paradigm entirely. +2. the ADR 033 inter-module router will accommodate any variation of approach (A) or (B) given the following rules: + a. if the client type is the same as the server type then pass it directly through, + b. if both client and server use the zero-copy generated code wrappers (which still need to be defined), then pass + the memory buffers from one wrapper to the other, or + c. marshal/unmarshal types between client and server. + +This approach will allow for both maximal correctness and enable a clear path to enabling modules within in other +languages, possibly executed within a WASM VM. + +### Minor API Revisions + +To declare minor API revisions of proto files, we propose the following guidelines (which were already documented +in [cosmos.app.v1alpha module options](../proto/cosmos/app/v1alpha1/module.proto)): +* proto packages which are revised from their initial version (considered revision `0`) should include a `package` +* comment in some .proto file containing the test `Revision N` at the start of a comment line where `N` is the current +revision number. +* all fields, messages, etc. added in a version beyond the initial revision should add a comment at the start of a +comment line of the form `Since: Revision N` where `N` is the non-zero revision it was added. + +It is advised that there is a 1:1 correspondence between a state machine module and versioned set of proto files +which are versioned either as a buf module a go API module or both. If the buf schema registry is used, the version of +this buf module should always be `1.N` where `N` corresponds to the package revision. Patch releases should be used when +only documentation comments are updated. It is okay to include proto packages named `v2`, `v3`, etc. in this same +`1.N` versioned buf module (ex. `cosmos.bank.v2`) as long as all these proto packages consist of a single API intended +to be served by a single SDK module. + +### Introspecting Minor API Revisions + +In order for modules to introspect the minor API revision of peer modules, we propose adding the following method +to `cosmossdk.io/core/intermodule.Client`: + +```go +ServiceRevision(ctx context.Context, serviceName string) uint64 +``` + +Modules could all this using the service name statically generated by the go grpc code generator: + +```go +intermoduleClient.ServiceRevision(ctx, bankv1beta1.Msg_ServiceDesc.ServiceName) +``` + +In the future, we may decide to extend the code generator used for protobuf services to add a field +to client types which does this check more concisely, ex: + +```go +package bankv1beta1 + +type MsgClient interface { + Send(context.Context, MsgSend) (MsgSendResponse, error) + ServiceRevision(context.Context) uint64 +} +``` + +### Unknown Field Filtering + +To correctly perform [unknown field filtering](./adr-020-protobuf-transaction-encoding.md#unknown-field-filtering), +the inter-module router can do one of the following: + +* use the `protoreflect` API for messages which support that +* for gogo proto messages, marshal and use the existing `codec/unknownproto` code +* for zero-copy messages, do a simple check on the highest set field number (assuming we can require that fields are + adding consecutively in increasing order) + +### `FileDescriptor` Registration + +Because a single go binary may contain different versions of the same generated protobuf code, we cannot rely on the +global protobuf registry to contain the correct `FileDescriptor`s. Because `appconfig` module configuration is itself +written in protobuf, we would like to load the `FileDescriptor`s for a module before loading a module itself. So we +will provide ways to register `FileDescriptor`s at module registration time before instantiation. We propose the +following `cosmossdk.io/core/appmodule.Option` constructors for the various cases of how `FileDescriptor`s may be +packaged: + +```go +package appmodule + +// this can be used when we are using google.golang.org/protobuf compatible generated code +// Ex: +// ProtoFiles(bankv1beta1.File_cosmos_bank_v1beta1_module_proto) +func ProtoFiles(file []protoreflect.FileDescriptor) Option {} + +// this can be used when we are using gogo proto generated code. +func GzippedProtoFiles(file [][]byte) Option {} + +// this can be used when we are using buf build to generated a pinned file descriptor +func ProtoImage(protoImage []byte) Option {} +``` + +This approach allows us to support several ways protobuf files might be generated: +* proto files generated internally to a module (use `ProtoFiles`) +* the API module approach with pinned file descriptors (use `ProtoImage`) +* gogo proto (use `GzippedProtoFiles`) + +### Module Dependency Declaration + +One risk of ADR 033 is that dependencies are called at runtime which are not present in the loaded set of SDK modules. +Also we want modules to have a way to define a minimum dependency API revision that they require. Therefore, all +modules should declare their set of dependencies upfront. These dependencies could be defined when a module is +instantiated, but ideally we know what the dependencies are before instantiation and can statically look at an app +config and determine whether the set of modules. For example, if `bar` requires `foo` revision `>= 1`, then we +should be able to know this when creating an app config with two versions of `bar` and `foo`. + +We propose defining these dependencies in the proto options of the module config object itself. + +### Interface Registration + +We will also need to define how interface methods are defined on types that are serialized as `google.protobuf.Any`'s. +In light of the desire to support modules in other languages, we may want to think of solutions that will accommodate +other languages such as plugins described briefly in [ADR 033](./adr-033-protobuf-inter-module-comm.md#internal-methods). + +### Testing + +In order to ensure that modules are indeed with multiple versions of their dependencies, we plan to provide specialized +unit and integration testing infrastructure that automatically tests multiple versions of dependencies. + +#### Unit Testing + +Unit tests should be conducted inside SDK modules by mocking their dependencies. In a full ADR 033 scenario, +this means that all interaction with other modules is done via the inter-module router, so mocking of dependencies +means mocking their msg and query server implementations. We will provide both a test runner and fixture to make this +streamlined. The key thing that the test runner should do to test compatibility is to test all combinations of +dependency API revisions. This can be done by taking the file descriptors for the dependencies, parsing their comments +to determine the revisions various elements were added, and then created synthetic file descriptors for each revision +by subtracting elements that were added later. + +Here is a proposed API for the unit test runner and fixture: + +```go +package moduletesting + +import ( + "context" + "testing" + + "cosmossdk.io/core/intermodule" + "cosmossdk.io/depinject" + "google.golang.org/grpc" + "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/reflect/protodesc" +) + +type TestFixture interface { + context.Context + intermodule.Client // for making calls to the module we're testing + BeginBlock() + EndBlock() +} + +type UnitTestFixture interface { + TestFixture + grpc.ServiceRegistrar // for registering mock service implementations +} + +type UnitTestConfig struct { + ModuleConfig proto.Message // the module's config object + DepinjectConfig depinject.Config // optional additional depinject config options + DependencyFileDescriptors []protodesc.FileDescriptorProto // optional dependency file descriptors to use instead of the global registry +} + +// Run runs the test function for all combinations of dependency API revisions. +func (cfg UnitTestConfig) Run(t *testing.T, f func(t *testing.T, f UnitTestFixture)) { + // ... +} +``` + +Here is an example for testing bar calling foo which takes advantage of conditional service revisions in the expected +mock arguments: + +```go +func TestBar(t *testing.T) { + UnitTestConfig{ModuleConfig: &foomodulev1.Module{}}.Run(t, func (t *testing.T, f moduletesting.UnitTestFixture) { + ctrl := gomock.NewController(t) + mockFooMsgServer := footestutil.NewMockMsgServer() + foov1.RegisterMsgServer(f, mockFooMsgServer) + barMsgClient := barv1.NewMsgClient(f) + if f.ServiceRevision(foov1.Msg_ServiceDesc.ServiceName) >= 1 { + mockFooMsgServer.EXPECT().DoSomething(gomock.Any(), &foov1.MsgDoSomething{ + ..., + Condition: ..., // condition is expected in revision >= 1 + }).Return(&foov1.MsgDoSomethingResponse{}, nil) + } else { + mockFooMsgServer.EXPECT().DoSomething(gomock.Any(), &foov1.MsgDoSomething{...}).Return(&foov1.MsgDoSomethingResponse{}, nil) + } + res, err := barMsgClient.CallFoo(f, &MsgCallFoo{}) + ... + }) +} +``` + +The unit test runner would make sure that no dependency mocks return arguments which are invalid for the service +revision being tested to ensure that modules don't incorrectly depend on functionality not present in a given revision. + +#### Integration Testing + +An integration test runner and fixture would also be provided which instead of using mocks would test actual module +dependencies in various combinations. Here is the proposed API: + +```go +type IntegrationTestFixture interface { + TestFixture +} + +type IntegrationTestConfig struct { + ModuleConfig proto.Message // the module's config object + DependencyMatrix map[string][]proto.Message // all the dependent module configs +} + +// Run runs the test function for all combinations of dependency modules. +func (cfg IntegationTestConfig) Run(t *testing.T, f func (t *testing.T, f IntegrationTestFixture)) { + // ... +} +``` + +And here is an example with foo and bar: + +```go +func TestBarIntegration(t *testing.T) { + IntegrationTestConfig{ + ModuleConfig: &barmodulev1.Module{}, + DependencyMatrix: map[string][]proto.Message{ + "runtime": []proto.Message{ // test against two versions of runtime + &runtimev1.Module{}, + &runtimev2.Module{}, + }, + "foo": []proto.Message{ // test against three versions of foo + &foomodulev1.Module{}, + &foomodulev2.Module{}, + &foomodulev3.Module{}, + } + } + }.Run(t, func (t *testing.T, f moduletesting.IntegrationTestFixture) { + barMsgClient := barv1.NewMsgClient(f) + res, err := barMsgClient.CallFoo(f, &MsgCallFoo{}) + ... + }) +} +``` + +Unlike unit tests, integration tests actually pull in other module dependencies. So that modules can be written +without direct dependencies on other modules and because golang has no concept of development dependencies, integration +tests should be written in separate go modules, ex. `example.com/bar/v2/test`. Because this paradigm uses go semantic +versioning, it is possible to build a single go module which imports 3 versions of bar and 2 versions of runtime and +can test these all together in the six various combinations of dependencies. + +## Consequences + +### Backwards Compatibility + +Modules which migrate fully to ADR 033 will not be compatible with existing modules which use the keeper paradigm. +As a temporary workaround we may create some wrapper types that emulate the current keeper interface to minimize +the migration overhead. + +### Positive + +* we will be able to deliver interoperable semantically versioned modules which should dramatically increase the + ability of the Cosmos SDK ecosystem to iterate on new features +* it will be possible to write Cosmos SDK modules in other languages in the near future + +### Negative + +* all modules will need to be refactored somewhat dramatically + +### Neutral + +* the `cosmossdk.io/core/appconfig` framework will play a more central role in terms of how modules are defined, this + is likely generally a good thing but does mean additional changes for users wanting to stick to the pre-depinject way + of wiring up modules +* `depinject` is somewhat less needed or maybe even obviated because of the full ADR 033 approach. If we adopt the + core API proposed in https://github.com/cosmos/cosmos-sdk/pull/12239, then a module would probably always instantiate + itself with a method `ProvideModule(appmodule.Service) (appmodule.AppModule, error)`. There is no complex wiring of + keeper dependencies in this scenario and dependency injection may not have as much of (or any) use case. + +## Further Discussions + +The decision described above is considered in draft mode and is pending final buy-in from the team and key stakeholders. +Key outstanding discussions if we do adopt that direction are: + +* how do module clients introspect dependency module API revisions +* how do modules determine a minor dependency module API revision requirement +* how do modules appropriately test compatibility with different dependency versions +* how to register and resolve interface implementations +* how do modules register their protobuf file descriptors depending on the approach they take to generated code (the + API module approach may still be viable as a supported strategy and would need pinned file descriptors) + +## References + +* https://github.com/cosmos/cosmos-sdk/discussions/10162 +* https://github.com/cosmos/cosmos-sdk/discussions/10582 +* https://github.com/cosmos/cosmos-sdk/discussions/10368 +* https://github.com/cosmos/cosmos-sdk/pull/11340 +* https://github.com/cosmos/cosmos-sdk/issues/11899 +* [ADR 020](./adr-020-protobuf-transaction-encoding.md) +* [ADR 033](./adr-033-protobuf-inter-module-comm.md) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-055-orm.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-055-orm.md new file mode 100644 index 00000000..be7255f0 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-055-orm.md @@ -0,0 +1,113 @@ +# ADR 055: ORM + +## Changelog + +* 2022-04-27: First draft + +## Status + +ACCEPTED Implemented + +## Abstract + +In order to make it easier for developers to build Cosmos SDK modules and for clients to query, index and verify proofs +against state data, we have implemented an ORM (object-relational mapping) layer for the Cosmos SDK. + +## Context + +Historically modules in the Cosmos SDK have always used the key-value store directly and created various handwritten +functions for managing key format as well as constructing secondary indexes. This consumes a significant amount of +time when building a module and is error-prone. Because key formats are non-standard, sometimes poorly documented, +and subject to change, it is hard for clients to generically index, query and verify merkle proofs against state data. + +The known first instance of an "ORM" in the Cosmos ecosystem was in [weave](https://github.com/iov-one/weave/tree/master/orm). +A later version was built for [regen-ledger](https://github.com/regen-network/regen-ledger/tree/157181f955823149e1825263a317ad8e16096da4/orm) for +use in the group module and later [ported to the SDK](https://github.com/cosmos/cosmos-sdk/tree/35d3312c3be306591fcba39892223f1244c8d108/x/group/internal/orm) +just for that purpose. + +While these earlier designs made it significantly easier to write state machines, they still required a lot of manual +configuration, didn't expose state format directly to clients, and were limited in their support of different types +of index keys, composite keys, and range queries. + +Discussions about the design continued in https://github.com/cosmos/cosmos-sdk/discussions/9156 and more +sophisticated proofs of concept were created in https://github.com/allinbits/cosmos-sdk-poc/tree/master/runtime/orm +and https://github.com/cosmos/cosmos-sdk/pull/10454. + +## Decision + +These prior efforts culminated in the creation of the Cosmos SDK `orm` go module which uses protobuf annotations +for specifying ORM table definitions. This ORM is based on the new `google.golang.org/protobuf/reflect/protoreflect` +API and supports: + +* sorted indexes for all simple protobuf types (except `bytes`, `enum`, `float`, `double`) as well as `Timestamp` and `Duration` +* unsorted `bytes` and `enum` indexes +* composite primary and secondary keys +* unique indexes +* auto-incrementing `uint64` primary keys +* complex prefix and range queries +* paginated queries +* complete logical decoding of KV-store data + +Almost all the information needed to decode state directly is specified in .proto files. Each table definition specifies +an ID which is unique per .proto file and each index within a table is unique within that table. Clients then only need +to know the name of a module and the prefix ORM data for a specific .proto file within that module in order to decode +state data directly. This additional information will be exposed directly through app configs which will be explained +in a future ADR related to app wiring. + +The ORM makes optimizations around storage space by not repeating values in the primary key in the key value +when storing primary key records. For example, if the object `{"a":0,"b":1}` has the primary key `a`, it will +be stored in the key value store as `Key: '0', Value: {"b":1}` (with more efficient protobuf binary encoding). +Also, the generated code from https://github.com/cosmos/cosmos-proto does optimizations around the +`google.golang.org/protobuf/reflect/protoreflect` API to improve performance. + +A code generator is included with the ORM which creates type safe wrappers around the ORM's dynamic `Table` +implementation and is the recommended way for modules to use the ORM. + +The ORM tests provide a simplified bank module demonstration which illustrates: +* [ORM proto options](https://github.com/cosmos/cosmos-sdk/blob/0d846ae2f0424b2eb640f6679a703b52d407813d/orm/internal/testpb/bank.proto) +* [Generated Code](https://github.com/cosmos/cosmos-sdk/blob/0d846ae2f0424b2eb640f6679a703b52d407813d/orm/internal/testpb/bank.cosmos_orm.go) +* [Example Usage in a Module Keeper](https://github.com/cosmos/cosmos-sdk/blob/0d846ae2f0424b2eb640f6679a703b52d407813d/orm/model/ormdb/module_test.go) + +## Consequences + +### Backwards Compatibility + +State machine code that adopts the ORM will need migrations as the state layout is generally backwards incompatible. +These state machines will also need to migrate to https://github.com/cosmos/cosmos-proto at least for state data. + +### Positive + +* easier to build modules +* easier to add secondary indexes to state +* possible to write a generic indexer for ORM state +* easier to write clients that do state proofs +* possible to automatically write query layers rather than needing to manually implement gRPC queries + +### Negative + +* worse performance than handwritten keys (for now). See [Further Discussions](#further-discussions) +for potential improvements + +### Neutral + +## Further Discussions + +Further discussions will happen within the Cosmos SDK Framework Working Group. Current planned and ongoing work includes: + +* automatically generate client-facing query layer +* client-side query libraries that transparently verify light client proofs +* index ORM data to SQL databases +* improve performance by: + * optimizing existing reflection based code to avoid unnecessary gets when doing deletes & updates of simple tables + * more sophisticated code generation such as making fast path reflection even faster (avoiding `switch` statements), + or even fully generating code that equals handwritten performance + + +## References + +* https://github.com/iov-one/weave/tree/master/orm). +* https://github.com/regen-network/regen-ledger/tree/157181f955823149e1825263a317ad8e16096da4/orm +* https://github.com/cosmos/cosmos-sdk/tree/35d3312c3be306591fcba39892223f1244c8d108/x/group/internal/orm +* https://github.com/cosmos/cosmos-sdk/discussions/9156 +* https://github.com/allinbits/cosmos-sdk-poc/tree/master/runtime/orm +* https://github.com/cosmos/cosmos-sdk/pull/10454 diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-057-app-wiring.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-057-app-wiring.md new file mode 100644 index 00000000..5ccd9c2a --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-057-app-wiring.md @@ -0,0 +1,369 @@ +# ADR 057: App Wiring + +## Changelog + +* 2022-05-04: Initial Draft +* 2022-08-19: Updates + +## Status + +PROPOSED Implemented + +## Abstract + +In order to make it easier to build Cosmos SDK modules and apps, we propose a new app wiring system based on +dependency injection and declarative app configurations to replace the current `app.go` code. + +## Context + +A number of factors have made the SDK and SDK apps in their current state hard to maintain. A symptom of the current +state of complexity is [`simapp/app.go`](https://github.com/cosmos/cosmos-sdk/blob/c3edbb22cab8678c35e21fe0253919996b780c01/simapp/app.go) +which contains almost 100 lines of imports and is otherwise over 600 lines of mostly boilerplate code that is +generally copied to each new project. (Not to mention the additional boilerplate which gets copied in `simapp/simd`.) + +The large amount of boilerplate needed to bootstrap an app has made it hard to release independently versioned go +modules for Cosmos SDK modules as described in [ADR 053: Go Module Refactoring](./adr-053-go-module-refactoring.md). + +In addition to being very verbose and repetitive, `app.go` also exposes a large surface area for breaking changes +as most modules instantiate themselves with positional parameters which forces breaking changes anytime a new parameter +(even an optional one) is needed. + +Several attempts were made to improve the current situation including [ADR 033: Internal-Module Communication](./adr-033-protobuf-inter-module-comm.md) +and [a proof-of-concept of a new SDK](https://github.com/allinbits/cosmos-sdk-poc). The discussions around these +designs led to the current solution described here. + +## Decision + +In order to improve the current situation, a new "app wiring" paradigm has been designed to replace `app.go` which +involves: + +* declaration configuration of the modules in an app which can be serialized to JSON or YAML +* a dependency-injection (DI) framework for instantiating apps from the that configuration + +### Dependency Injection + +When examining the code in `app.go` most of the code simply instantiates modules with dependencies provided either +by the framework (such as store keys) or by other modules (such as keepers). It is generally pretty obvious given +the context what the correct dependencies actually should be, so dependency-injection is an obvious solution. Rather +than making developers manually resolve dependencies, a module will tell the DI container what dependency it needs +and the container will figure out how to provide it. + +We explored several existing DI solutions in golang and felt that the reflection-based approach in [uber/dig](https://github.com/uber-go/dig) +was closest to what we needed but not quite there. Assessing what we needed for the SDK, we designed and built +the Cosmos SDK [depinject module](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/depinject), which has the following +features: + +* dependency resolution and provision through functional constructors, ex: `func(need SomeDep) (AnotherDep, error)` +* dependency injection `In` and `Out` structs which support `optional` dependencies +* grouped-dependencies (many-per-container) through the `ManyPerContainerType` tag interface +* module-scoped dependencies via `ModuleKey`s (where each module gets a unique dependency) +* one-per-module dependencies through the `OnePerModuleType` tag interface +* sophisticated debugging information and container visualization via GraphViz + +Here are some examples of how these would be used in an SDK module: + +* `StoreKey` could be a module-scoped dependency which is unique per module +* a module's `AppModule` instance (or the equivalent) could be a `OnePerModuleType` +* CLI commands could be provided with `ManyPerContainerType`s + +Note that even though dependency resolution is dynamic and based on reflection, which could be considered a pitfall +of this approach, the entire dependency graph should be resolved immediately on app startup and only gets resolved +once (except in the case of dynamic config reloading which is a separate topic). This means that if there are any +errors in the dependency graph, they will get reported immediately on startup so this approach is only slightly worse +than fully static resolution in terms of error reporting and much better in terms of code complexity. + +### Declarative App Config + +In order to compose modules into an app, a declarative app configuration will be used. This configuration is based off +of protobuf and its basic structure is very simple: + +```protobuf +package cosmos.app.v1; + +message Config { + repeated ModuleConfig modules = 1; +} + +message ModuleConfig { + string name = 1; + google.protobuf.Any config = 2; +} +``` + +(See also https://github.com/cosmos/cosmos-sdk/blob/6e18f582bf69e3926a1e22a6de3c35ea327aadce/proto/cosmos/app/v1alpha1/config.proto) + +The configuration for every module is itself a protobuf message and modules will be identified and loaded based +on the protobuf type URL of their config object (ex. `cosmos.bank.module.v1.Module`). Modules are given a unique short `name` +to share resources across different versions of the same module which might have a different protobuf package +versions (ex. `cosmos.bank.module.v2.Module`). All module config objects should define the `cosmos.app.v1alpha1.module` +descriptor option which will provide additional useful metadata for the framework and which can also be indexed +in module registries. + +An example app config in YAML might look like this: + +```yaml +modules: + - name: baseapp + config: + "@type": cosmos.baseapp.module.v1.Module + begin_blockers: [staking, auth, bank] + end_blockers: [bank, auth, staking] + init_genesis: [bank, auth, staking] + - name: auth + config: + "@type": cosmos.auth.module.v1.Module + bech32_prefix: "foo" + - name: bank + config: + "@type": cosmos.bank.module.v1.Module + - name: staking + config: + "@type": cosmos.staking.module.v1.Module +``` + +In the above example, there is a hypothetical `baseapp` module which contains the information around ordering of +begin blockers, end blockers, and init genesis. Rather than lifting these concerns up to the module config layer, +they are themselves handled by a module which could allow a convenient way of swapping out different versions of +baseapp (for instance to target different versions of tendermint), without needing to change the rest of the config. +The `baseapp` module would then provide to the server framework (which sort of sits outside the ABCI app) an instance +of `abci.Application`. + +In this model, an app is *modules all the way down* and the dependency injection/app config layer is very much +protocol-agnostic and can adapt to even major breaking changes at the protocol layer. + +### Module & Protobuf Registration + +In order for the two components of dependency injection and declarative configuration to work together as described, +we need a way for modules to actually register themselves and provide dependencies to the container. + +One additional complexity that needs to be handled at this layer is protobuf registry initialization. Recall that +in both the current SDK `codec` and the proposed [ADR 054: Protobuf Semver Compatible Codegen](https://github.com/cosmos/cosmos-sdk/pull/11802), +protobuf types need to be explicitly registered. Given that the app config itself is based on protobuf and +uses protobuf `Any` types, protobuf registration needs to happen before the app config itself can be decoded. Because +we don't know which protobuf `Any` types will be needed a priori and modules themselves define those types, we need +to decode the app config in separate phases: + +1. parse app config JSON/YAML as raw JSON and collect required module type URLs (without doing proto JSON decoding) +2. build a [protobuf type registry](https://pkg.go.dev/google.golang.org/protobuf@v1.28.0/reflect/protoregistry) based + on file descriptors and types provided by each required module +3. decode the app config as proto JSON using the protobuf type registry + +Because in [ADR 054: Protobuf Semver Compatible Codegen](https://github.com/cosmos/cosmos-sdk/pull/11802), each module +might use `internal` generated code which is not registered with the global protobuf registry, this code should provide +an alternate way to register protobuf types with a type registry. In the same way that `.pb.go` files currently have a +`var File_foo_proto protoreflect.FileDescriptor` for the file `foo.proto`, generated code should have a new member +`var Types_foo_proto TypeInfo` where `TypeInfo` is an interface or struct with all the necessary info to register both +the protobuf generated types and file descriptor. + +So a module must provide dependency injection providers and protobuf types, and takes as input its module +config object which uniquely identifies the module based on its type URL. + +With this in mind, we define a global module register which allows module implementations to register themselves +with the following API: + +```go +// Register registers a module with the provided type name (ex. cosmos.bank.module.v1.Module) +// and the provided options. +func Register(configTypeName protoreflect.FullName, option ...Option) { ... } + +type Option { /* private methods */ } + +// Provide registers dependency injection provider functions which work with the +// cosmos-sdk container module. These functions can also accept an additional +// parameter for the module's config object. +func Provide(providers ...interface{}) Option { ... } + +// Types registers protobuf TypeInfo's with the protobuf registry. +func Types(types ...TypeInfo) Option { ... } +``` + +Ex: + +```go +func init() { + appmodule.Register("cosmos.bank.module.v1.Module", + appmodule.Types( + types.Types_tx_proto, + types.Types_query_proto, + types.Types_types_proto, + ), + appmodule.Provide( + provideBankModule, + ) + ) +} + +type Inputs struct { + container.In + + AuthKeeper auth.Keeper + DB ormdb.ModuleDB +} + +type Outputs struct { + Keeper bank.Keeper + AppModule appmodule.AppModule +} + +func ProvideBankModule(config *bankmodulev1.Module, Inputs) (Outputs, error) { ... } +``` + +Note that in this module, a module configuration object *cannot* register different dependency providers at runtime +based on the configuration. This is intentional because it allows us to know globally which modules provide which +dependencies, and it will also allow us to do code generation of the whole app initialization. This +can help us figure out issues with missing dependencies in an app config if the needed modules are loaded at runtime. +In cases where required modules are not loaded at runtime, it may be possible to guide users to the correct module if +through a global Cosmos SDK module registry. + +The `*appmodule.Handler` type referenced above is a replacement for the legacy `AppModule` framework, and +described in [ADR 063: Core Module API](./adr-063-core-module-api.md). + +### New `app.go` + +With this setup, `app.go` might now look something like this: + +```go +package main + +import ( + // Each go package which registers a module must be imported just for side-effects + // so that module implementations are registered. + _ "github.com/cosmos/cosmos-sdk/x/auth/module" + _ "github.com/cosmos/cosmos-sdk/x/bank/module" + _ "github.com/cosmos/cosmos-sdk/x/staking/module" + "github.com/cosmos/cosmos-sdk/core/app" +) + +// go:embed app.yaml +var appConfigYAML []byte + +func main() { + app.Run(app.LoadYAML(appConfigYAML)) +} +``` + +### Application to existing SDK modules + +So far we have described a system which is largely agnostic to the specifics of the SDK such as store keys, `AppModule`, +`BaseApp`, etc. Improvements to these parts of the framework that integrate with the general app wiring framework +defined here are described in [ADR 063: Core Module API](./adr-063-core-module-api.md). + +### Registration of Inter-Module Hooks + +### Registration of Inter-Module Hooks + +Some modules define a hooks interface (ex. `StakingHooks`) which allows one module to call back into another module +when certain events happen. + +With the app wiring framework, these hooks interfaces can be defined as a `OnePerModuleType`s and then the module +which consumes these hooks can collect these hooks as a map of module name to hook type (ex. `map[string]FooHooks`). Ex: + +```go +func init() { + appmodule.Register( + &foomodulev1.Module{}, + appmodule.Invoke(InvokeSetFooHooks), + ... + ) +} +func InvokeSetFooHooks( + keeper *keeper.Keeper, + fooHooks map[string]FooHooks, +) error { + for k in sort.Strings(maps.Keys(fooHooks)) { + keeper.AddFooHooks(fooHooks[k]) + } +} +``` + +Optionally, the module consuming hooks can allow app's to define an order for calling these hooks based on module name +in its config object. + +An alternative way for registering hooks via reflection was considered where all keeper types are inspected to see if +they implement the hook interface by the modules exposing hooks. This has the downsides of: + +* needing to expose all the keepers of all modules to the module providing hooks, +* not allowing for encapsulating hooks on a different type which doesn't expose all keeper methods, +* harder to know statically which module expose hooks or are checking for them. + +With the approach proposed here, hooks registration will be obviously observable in `app.go` if `depinject` codegen +(described below) is used. + +### Code Generation + +The `depinject` framework will optionally allow the app configuration and dependency injection wiring to be code +generated. This will allow: + +* dependency injection wiring to be inspected as regular go code just like the existing `app.go`, +* dependency injection to be opt-in with manual wiring 100% still possible. + +Code generation requires that all providers and invokers and their parameters are exported and in non-internal packages. + +### Module Semantic Versioning + +When we start creating semantically versioned SDK modules that are in standalone go modules, a state machine breaking +change to a module should be handled as follows: +- the semantic major version should be incremented, and +- a new semantically versioned module config protobuf type should be created. + +For instance, if we have the SDK module for bank in the go module `github.com/cosmos/cosmos-sdk/x/bank` with the module config type +`cosmos.bank.module.v1.Module`, and we want to make a state machine breaking change to the module, we would: +- create a new go module `github.com/cosmos/cosmos-sdk/x/bank/v2`, +- with the module config protobuf type `cosmos.bank.module.v2.Module`. + +This _does not_ mean that we need to increment the protobuf API version for bank. Both modules can support +`cosmos.bank.v1`, but `github.com/cosmos/cosmos-sdk/x/bank/v2` will be a separate go module with a separate module config type. + +This practice will eventually allow us to use appconfig to load new versions of a module via a configuration change. + +Effectively, there should be a 1:1 correspondence between a semantically versioned go module and a +versioned module config protobuf type, and major versioning bumps should occur whenever state machine breaking changes +are made to a module. + +NOTE: SDK modules that are standalone go modules _should not_ adopt semantic versioning until the concerns described in +[ADR 054: Module Semantic Versioning](./adr-054-semver-compatible-modules.md) are +addressed. The short-term solution for this issue was left somewhat unresolved. However, the easiest tactic is +likely to use a standalone API go module and follow the guidelines described in this comment: https://github.com/cosmos/cosmos-sdk/pull/11802#issuecomment-1406815181. For the time-being, it is recommended that +Cosmos SDK modules continue to follow tried and true [0-based versioning](https://0ver.org) until an officially +recommended solution is provided. This section of the ADR will be updated when that happens and for now, this section +should be considered as a design recommendation for future adoption of semantic versioning. + +## Consequences + +### Backwards Compatibility + +Modules which work with the new app wiring system do not need to drop their existing `AppModule` and `NewKeeper` +registration paradigms. These two methods can live side-by-side for as long as is needed. + +### Positive + +* wiring up new apps will be simpler, more succinct and less error-prone +* it will be easier to develop and test standalone SDK modules without needing to replicate all of simapp +* it may be possible to dynamically load modules and upgrade chains without needing to do a coordinated stop and binary + upgrade using this mechanism +* easier plugin integration +* dependency injection framework provides more automated reasoning about dependencies in the project, with a graph visualization. + +### Negative + +* it may be confusing when a dependency is missing although error messages, the GraphViz visualization, and global + module registration may help with that + +### Neutral + +* it will require work and education + +## Further Discussions + +The protobuf type registration system described in this ADR has not been implemented and may need to be reconsidered in +light of code generation. It may be better to do this type registration with a DI provider. + +## References + +* https://github.com/cosmos/cosmos-sdk/blob/c3edbb22cab8678c35e21fe0253919996b780c01/simapp/app.go +* https://github.com/allinbits/cosmos-sdk-poc +* https://github.com/uber-go/dig +* https://github.com/google/wire +* https://pkg.go.dev/github.com/cosmos/cosmos-sdk/container +* https://github.com/cosmos/cosmos-sdk/pull/11802 +* [ADR 063: Core Module API](./adr-063-core-module-api.md) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-058-auto-generated-cli.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-058-auto-generated-cli.md new file mode 100644 index 00000000..b295ff4b --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-058-auto-generated-cli.md @@ -0,0 +1,98 @@ +# ADR 058: Auto-Generated CLI + +## Changelog + +* 2022-05-04: Initial Draft + +## Status + +ACCEPTED Partially Implemented + +## Abstract + +In order to make it easier for developers to write Cosmos SDK modules, we provide infrastructure which automatically +generates CLI commands based on protobuf definitions. + +## Context + +Current Cosmos SDK modules generally implement a CLI command for every transaction and every query supported by the +module. These are handwritten for each command and essentially amount to providing some CLI flags or positional +arguments for specific fields in protobuf messages. + +In order to make sure CLI commands are correctly implemented as well as to make sure that the application works +in end-to-end scenarios, we do integration tests using CLI commands. While these tests are valuable on some-level, +they can be hard to write and maintain, and run slowly. [Some teams have contemplated](https://github.com/regen-network/regen-ledger/issues/1041) +moving away from CLI-style integration tests (which are really end-to-end tests) towards narrower integration tests +which exercise `MsgClient` and `QueryClient` directly. This might involve replacing the current end-to-end CLI +tests with unit tests as there still needs to be some way to test these CLI commands for full quality assurance. + +## Decision + +To make module development simpler, we provide infrastructure - in the new [`client/v2`](https://github.com/cosmos/cosmos-sdk/tree/main/client/v2) +go module - for automatically generating CLI commands based on protobuf definitions to either replace or complement +handwritten CLI commands. This will mean that when developing a module, it will be possible to skip both writing and +testing CLI commands as that can all be taken care of by the framework. + +The basic design for automatically generating CLI commands is to: + +* create one CLI command for each `rpc` method in a protobuf `Query` or `Msg` service +* create a CLI flag for each field in the `rpc` request type +* for `query` commands call gRPC and print the response as protobuf JSON or YAML (via the `-o`/`--output` flag) +* for `tx` commands, create a transaction and apply common transaction flags + +In order to make the auto-generated CLI as easy to use (or easier) than handwritten CLI, we need to do custom handling +of specific protobuf field types so that the input format is easy for humans: + +* `Coin`, `Coins`, `DecCoin`, and `DecCoins` should be input using the existing format (i.e. `1000uatom`) +* it should be possible to specify an address using either the bech32 address string or a named key in the keyring +* `Timestamp` and `Duration` should accept strings like `2001-01-01T00:00:00Z` and `1h3m` respectively +* pagination should be handled with flags like `--page-limit`, `--page-offset`, etc. +* it should be possible to customize any other protobuf type either via its message name or a `cosmos_proto.scalar` annotation + +At a basic level it should be possible to generate a command for a single `rpc` method as well as all the commands for +a whole protobuf `service` definition. It should be possible to mix and match auto-generated and handwritten commands. + +## Consequences + +### Backwards Compatibility + +Existing modules can mix and match auto-generated and handwritten CLI commands so it is up to them as to whether they +make breaking changes by replacing handwritten commands with slightly different auto-generated ones. + +For now the SDK will maintain the existing set of CLI commands for backwards compatibility but new commands will use +this functionality. + +### Positive + +* module developers will not need to write CLI commands +* module developers will not need to test CLI commands +* [lens](https://github.com/strangelove-ventures/lens) may benefit from this + +### Negative + +### Neutral + +## Further Discussions + +We would like to be able to customize: + +* short and long usage strings for commands +* aliases for flags (ex. `-a` for `--amount`) +* which fields are positional parameters rather than flags + +It is an [open discussion](https://github.com/cosmos/cosmos-sdk/pull/11725#issuecomment-1108676129) +as to whether these customizations options should line in: + +* the .proto files themselves, +* separate config files (ex. YAML), or +* directly in code + +Providing the options in .proto files would allow a dynamic client to automatically generate +CLI commands on the fly. However, that may pollute the .proto files themselves with information that is only relevant +for a small subset of users. + +## References + +* https://github.com/regen-network/regen-ledger/issues/1041 +* https://github.com/cosmos/cosmos-sdk/tree/main/client/v2 +* https://github.com/cosmos/cosmos-sdk/pull/11725#issuecomment-1108676129 diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-059-test-scopes.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-059-test-scopes.md new file mode 100644 index 00000000..06034459 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-059-test-scopes.md @@ -0,0 +1,254 @@ +# ADR 059: Test Scopes + +## Changelog + +* 2022-08-02: Initial Draft +* 2023-03-02: Add precision for integration tests +* 2023-03-23: Add precision for E2E tests + +## Status + +PROPOSED Partially Implemented + +## Abstract + +Recent work in the SDK aimed at breaking apart the monolithic root go module has highlighted +shortcomings and inconsistencies in our testing paradigm. This ADR clarifies a common +language for talking about test scopes and proposes an ideal state of tests at each scope. + +## Context + +[ADR-053: Go Module Refactoring](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-053-go-module-refactoring.md) expresses our desire for an SDK composed of many +independently versioned Go modules, and [ADR-057: App Wiring](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-057-app-wiring.md) offers a methodology +for breaking apart inter-module dependencies through the use of dependency injection. As +described in [EPIC: Separate all SDK modules into standalone go modules](https://github.com/cosmos/cosmos-sdk/issues/11899), module +dependencies are particularly complected in the test phase, where simapp is used as +the key test fixture in setting up and running tests. It is clear that the successful +completion of Phases 3 and 4 in that EPIC require the resolution of this dependency problem. + +In [EPIC: Unit Testing of Modules via Mocks](https://github.com/cosmos/cosmos-sdk/issues/12398) it was thought this Gordian knot could be +unwound by mocking all dependencies in the test phase for each module, but seeing how these +refactors were complete rewrites of test suites discussions began around the fate of the +existing integration tests. One perspective is that they ought to be thrown out, another is +that integration tests have some utility of their own and a place in the SDK's testing story. + +Another point of confusion has been the current state of CLI test suites, [x/auth](https://github.com/cosmos/cosmos-sdk/blob/0f7e56c6f9102cda0ca9aba5b6f091dbca976b5a/x/auth/client/testutil/suite.go#L44-L49) for +example. In code these are called integration tests, but in reality function as end to end +tests by starting up a tendermint node and full application. [EPIC: Rewrite and simplify +CLI tests](https://github.com/cosmos/cosmos-sdk/issues/12696) identifies the ideal state of CLI tests using mocks, but does not address the +place end to end tests may have in the SDK. + +From here we identify three scopes of testing, **unit**, **integration**, **e2e** (end to +end), seek to define the boundaries of each, their shortcomings (real and imposed), and their +ideal state in the SDK. + +### Unit tests + +Unit tests exercise the code contained in a single module (e.g. `/x/bank`) or package +(e.g. `/client`) in isolation from the rest of the code base. Within this we identify two +levels of unit tests, *illustrative* and *journey*. The definitions below lean heavily on +[The BDD Books - Formulation](https://leanpub.com/bddbooks-formulation) section 1.3. + +*Illustrative* tests exercise an atomic part of a module in isolation - in this case we +might do fixture setup/mocking of other parts of the module. + +Tests which exercise a whole module's function with dependencies mocked, are *journeys*. +These are almost like integration tests in that they exercise many things together but still +use mocks. + +Example 1 journey vs illustrative tests - [depinject's BDD style tests](https://github.com/cosmos/cosmos-sdk/blob/main/depinject/features/bindings.feature), show how we can +rapidly build up many illustrative cases demonstrating behavioral rules without [very much code](https://github.com/cosmos/cosmos-sdk/blob/main/depinject/binding_test.go) while maintaining high level readability. + +Example 2 [depinject table driven tests](https://github.com/cosmos/cosmos-sdk/blob/main/depinject/provider_desc_test.go) + +Example 3 [Bank keeper tests](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/x/bank/keeper/keeper_test.go#L94-L105) - A mock implementation of `AccountKeeper` is supplied to the keeper constructor. + +#### Limitations + +Certain modules are tightly coupled beyond the test phase. A recent dependency report for +`bank -> auth` found 274 total usages of `auth` in `bank`, 50 of which are in +production code and 224 in test. This tight coupling may suggest that either the modules +should be merged, or refactoring is required to abstract references to the core types tying +the modules together. It could also indicate that these modules should be tested together +in integration tests beyond mocked unit tests. + +In some cases setting up a test case for a module with many mocked dependencies can be quite +cumbersome and the resulting test may only show that the mocking framework works as expected +rather than working as a functional test of interdependent module behavior. + +### Integration tests + +Integration tests define and exercise relationships between an arbitrary number of modules +and/or application subsystems. + +Wiring for integration tests is provided by `depinject` and some [helper code](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/testutil/sims/app_helpers.go#L95) starts up +a running application. A section of the running application may then be tested. Certain +inputs during different phases of the application life cycle are expected to produce +invariant outputs without too much concern for component internals. This type of black box +testing has a larger scope than unit testing. + +Example 1 [client/grpc_query_test/TestGRPCQuery](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/client/grpc_query_test.go#L111-L129) - This test is misplaced in `/client`, +but tests the life cycle of (at least) `runtime` and `bank` as they progress through +startup, genesis and query time. It also exercises the fitness of the client and query +server without putting bytes on the wire through the use of [QueryServiceTestHelper](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/baseapp/grpcrouter_helpers.go#L31). + +Example 2 `x/evidence` Keeper integration tests - Starts up an application composed of [8 +modules](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/x/evidence/testutil/app.yaml#L1) with [5 keepers](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/x/evidence/keeper/keeper_test.go#L101-L106) used in the integration test suite. One test in the suite +exercises [HandleEquivocationEvidence](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/x/evidence/keeper/infraction_test.go#L42) which contains many interactions with the staking +keeper. + +Example 3 - Integration suite app configurations may also be specified via golang (not +YAML as above) [statically](https://github.com/cosmos/cosmos-sdk/blob/main/x/nft/testutil/app_config.go) or [dynamically](https://github.com/cosmos/cosmos-sdk/blob/8c23f6f957d1c0bedd314806d1ac65bea59b084c/tests/integration/bank/keeper/keeper_test.go#L129-L134). + +#### Limitations + +Setting up a particular input state may be more challenging since the application is +starting from a zero state. Some of this may be addressed by good test fixture +abstractions with testing of their own. Tests may also be more brittle, and larger +refactors could impact application initialization in unexpected ways with harder to +understand errors. This could also be seen as a benefit, and indeed the SDK's current +integration tests were helpful in tracking down logic errors during earlier stages +of app-wiring refactors. + +### Simulations + +Simulations (also called generative testing) are a special case of integration tests where +deterministically random module operations are executed against a running simapp, building +blocks on the chain until a specified height is reached. No *specific* assertions are +made for the state transitions resulting from module operations but any error will halt and +fail the simulation. Since `crisis` is included in simapp and the simulation runs +EndBlockers at the end of each block any module invariant violations will also fail +the simulation. + +Modules must implement [AppModuleSimulation.WeightedOperations](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/types/module/simulation.go#L31) to define their +simulation operations. Note that not all modules implement this which may indicate a +gap in current simulation test coverage. + +Modules not returning simulation operations: + +* `auth` +* `evidence` +* `mint` +* `params` + +A separate binary, [runsim](https://github.com/cosmos/tools/tree/master/cmd/runsim), is responsible for kicking off some of these tests and +managing their life cycle. + +#### Limitations + +* [A success](https://github.com/cosmos/cosmos-sdk/runs/7606931983?check_suite_focus=true) may take a long time to run, 7-10 minutes per simulation in CI. +* [Timeouts](https://github.com/cosmos/cosmos-sdk/runs/7606932295?check_suite_focus=true) sometimes occur on apparent successes without any indication why. +* Useful error messages not provided on [failure](https://github.com/cosmos/cosmos-sdk/runs/7606932548?check_suite_focus=true) from CI, requiring a developer to run + the simulation locally to reproduce. + +### E2E tests + +End to end tests exercise the entire system as we understand it in as close an approximation +to a production environment as is practical. Presently these tests are located at +[tests/e2e](https://github.com/cosmos/cosmos-sdk/tree/main/tests/e2e) and rely on [testutil/network](https://github.com/cosmos/cosmos-sdk/tree/main/testutil/network) to start up an in-process Tendermint node. + +An application should be built as minimally as possible to exercise the desired functionality. +The SDK uses an application will only the required modules for the tests. The application developer is adviced to use its own application for e2e tests. + +#### Limitations + +In general the limitations of end to end tests are orchestration and compute cost. +Scaffolding is required to start up and run a prod-like environment and the this +process takes much longer to start and run than unit or integration tests. + +Global locks present in Tendermint code cause stateful starting/stopping to sometimes hang +or fail intermittently when run in a CI environment. + +The scope of e2e tests has been complected with command line interface testing. + +## Decision + +We accept these test scopes and identify the following decisions points for each. + +| Scope | App Type | Mocks? | +| ----------- | ------------------- | ------ | +| Unit | None | Yes | +| Integration | integration helpers | Some | +| Simulation | minimal app | No | +| E2E | minimal app | No | + +The decision above is valid for the SDK. An application developer should test their application with their full application instead of the minimal app. + +### Unit Tests + +All modules must have mocked unit test coverage. + +Illustrative tests should outnumber journeys in unit tests. + +Unit tests should outnumber integration tests. + +Unit tests must not introduce additional dependencies beyond those already present in +production code. + +When module unit test introduction as per [EPIC: Unit testing of modules via mocks](https://github.com/cosmos/cosmos-sdk/issues/12398) +results in a near complete rewrite of an integration test suite the test suite should be +retained and moved to `/tests/integration`. We accept the resulting test logic +duplication but recommend improving the unit test suite through the addition of +illustrative tests. + +### Integration Tests + +All integration tests shall be located in `/tests/integration`, even those which do not +introduce extra module dependencies. + +To help limit scope and complexity, it is recommended to use the smallest possible number of +modules in application startup, i.e. don't depend on simapp. + +Integration tests should outnumber e2e tests. + +### Simulations + +Simulations shall use a minimal application (usually via app wiring). They are located under `/x/{moduleName}/simulation`. + +### E2E Tests + +Existing e2e tests shall be migrated to integration tests by removing the dependency on the +test network and in-process Tendermint node to ensure we do not lose test coverage. + +The e2e rest runner shall transition from in process Tendermint to a runner powered by +Docker via [dockertest](https://github.com/ory/dockertest). + +E2E tests exercising a full network upgrade shall be written. + +The CLI testing aspect of existing e2e tests shall be rewritten using the network mocking +demonstrated in [PR#12706](https://github.com/cosmos/cosmos-sdk/pull/12706). + +## Consequences + +### Positive + +* test coverage is increased +* test organization is improved +* reduced dependency graph size in modules +* simapp removed as a dependency from modules +* inter-module dependencies introduced in test code are removed +* reduced CI run time after transitioning away from in process Tendermint + +### Negative + +* some test logic duplication between unit and integration tests during transition +* test written using dockertest DX may be a bit worse + +### Neutral + +* some discovery required for e2e transition to dockertest + +## Further Discussions + +It may be useful if test suites could be run in integration mode (with mocked tendermint) or +with e2e fixtures (with real tendermint and many nodes). Integration fixtures could be used +for quicker runs, e2e fixures could be used for more battle hardening. + +A PoC `x/gov` was completed in PR [#12847](https://github.com/cosmos/cosmos-sdk/pull/12847) +is in progress for unit tests demonstrating BDD [Rejected]. +Observing that a strength of BDD specifications is their readability, and a con is the +cognitive load while writing and maintaining, current consensus is to reserve BDD use +for places in the SDK where complex rules and module interactions are demonstrated. +More straightforward or low level test cases will continue to rely on go table tests. + +Levels are network mocking in integration and e2e tests are still being worked on and formalized. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-060-abci-1.0.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-060-abci-1.0.md new file mode 100644 index 00000000..3f29be78 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-060-abci-1.0.md @@ -0,0 +1,238 @@ +# ADR 60: ABCI 1.0 Integration (Phase I) + +## Changelog + +* 2022-08-10: Initial Draft (@alexanderbez, @tac0turtle) +* Nov 12, 2022: Update `PrepareProposal` and `ProcessProposal` semantics per the + initial implementation [PR](https://github.com/cosmos/cosmos-sdk/pull/13453) (@alexanderbez) + +## Status + +ACCEPTED + +## Abstract + +This ADR describes the initial adoption of [ABCI 1.0](https://github.com/tendermint/tendermint/blob/master/spec/abci%2B%2B/README.md), +the next evolution of ABCI, within the Cosmos SDK. ABCI 1.0 aims to provide +application developers with more flexibility and control over application and +consensus semantics, e.g. in-application mempools, in-process oracles, and +order-book style matching engines. + +## Context + +Tendermint will release ABCI 1.0. Notably, at the time of this writing, +Tendermint is releasing v0.37.0 which will include `PrepareProposal` and `ProcessProposal`. + +The `PrepareProposal` ABCI method is concerned with a block proposer requesting +the application to evaluate a series of transactions to be included in the next +block, defined as a slice of `TxRecord` objects. The application can either +accept, reject, or completely ignore some or all of these transactions. This is +an important consideration to make as the application can essentially define and +control its own mempool allowing it to define sophisticated transaction priority +and filtering mechanisms, by completely ignoring the `TxRecords` Tendermint +sends it, favoring its own transactions. This essentially means that the Tendermint +mempool acts more like a gossip data structure. + +The second ABCI method, `ProcessProposal`, is used to process the block proposer's +proposal as defined by `PrepareProposal`. It is important to note the following +with respect to `ProcessProposal`: + +* Execution of `ProcessProposal` must be deterministic. +* There must be coherence between `PrepareProposal` and `ProcessProposal`. In + other words, for any two correct processes *p* and *q*, if *q*'s Tendermint + calls `RequestProcessProposal` on *up*, *q*'s Application returns + ACCEPT in `ResponseProcessProposal`. + +It is important to note that in ABCI 1.0 integration, the application +is NOT responsible for locking semantics -- Tendermint will still be responsible +for that. In the future, however, the application will be responsible for locking, +which allows for parallel execution possibilities. + +## Decision + +We will integrate ABCI 1.0, which will be introduced in Tendermint +v0.37.0, in the next major release of the Cosmos SDK. We will integrate ABCI 1.0 +methods on the `BaseApp` type. We describe the implementations of the two methods +individually below. + +Prior to describing the implementation of the two new methods, it is important to +note that the existing ABCI methods, `CheckTx`, `DeliverTx`, etc, still exist and +serve the same functions as they do now. + +### `PrepareProposal` + +Prior to evaluating the decision for how to implement `PrepareProposal`, it is +important to note that `CheckTx` will still be executed and will be responsible +for evaluating transaction validity as it does now, with one very important +*additive* distinction. + +When executing transactions in `CheckTx`, the application will now add valid +transactions, i.e. passing the AnteHandler, to its own mempool data structure. +In order to provide a flexible approach to meet the varying needs of application +developers, we will define both a mempool interface and a data structure utilizing +Golang generics, allowing developers to focus only on transaction +ordering. Developers requiring absolute full control can implement their own +custom mempool implementation. + +We define the general mempool interface as follows (subject to change): + +```go +type Mempool interface { + // Insert attempts to insert a Tx into the app-side mempool returning + // an error upon failure. + Insert(sdk.Context, sdk.Tx) error + + // Select returns an Iterator over the app-side mempool. If txs are specified, + // then they shall be incorporated into the Iterator. The Iterator must + // closed by the caller. + Select(sdk.Context, [][]byte) Iterator + + // CountTx returns the number of transactions currently in the mempool. + CountTx() int + + // Remove attempts to remove a transaction from the mempool, returning an error + // upon failure. + Remove(sdk.Tx) error +} + +// Iterator defines an app-side mempool iterator interface that is as minimal as +// possible. The order of iteration is determined by the app-side mempool +// implementation. +type Iterator interface { + // Next returns the next transaction from the mempool. If there are no more + // transactions, it returns nil. + Next() Iterator + + // Tx returns the transaction at the current position of the iterator. + Tx() sdk.Tx +} +``` + +We will define an implementation of `Mempool`, defined by `nonceMempool`, that +will cover most basic application use-cases. Namely, it will prioritize transactions +by transaction sender, allowing for multiple transactions from the same sender. + +The default app-side mempool implementation, `nonceMempool`, will operate on a +single skip list data structure. Specifically, transactions with the lowest nonce +globally are prioritized. Transactions with the same nonce are prioritized by +sender address. + +```go +type nonceMempool struct { + txQueue *huandu.SkipList +} +``` + +Previous discussions1 have come to the agreement that Tendermint will +perform a request to the application, via `RequestPrepareProposal`, with a certain +amount of transactions reaped from Tendermint's local mempool. The exact amount +of transactions reaped will be determined by a local operator configuration. +This is referred to as the "one-shot approach" seen in discussions. + +When Tendermint reaps transactions from the local mempool and sends them to the +application via `RequestPrepareProposal`, the application will have to evaluate +the transactions. Specifically, it will need to inform Tendermint if it should +reject and or include each transaction. Note, the application can even *replace* +transactions entirely with other transactions. + +When evaluating transactions from `RequestPrepareProposal`, the application will +ignore *ALL* transactions sent to it in the request and instead reap up to +`RequestPrepareProposal.max_tx_bytes` from it's own mempool. + +Since an application can technically insert or inject transactions on `Insert` +during `CheckTx` execution, it is recommended that applications ensure transaction +validity when reaping transactions during `PrepareProposal`. However, what validity +exactly means is entirely determined by the application. + +The Cosmos SDK will provide a default `PrepareProposal` implementation that simply +select up to `MaxBytes` *valid* transactions. + +However, applications can override this default implementation with their own +implementation and set that on `BaseApp` via `SetPrepareProposal`. + + +### `ProcessProposal` + +The `ProcessProposal` ABCI method is relatively straightforward. It is responsible +for ensuring validity of the proposed block containing transactions that were +selected from the `PrepareProposal` step. However, how an application determines +validity of a proposed block depends on the application and its varying use cases. +For most applications, simply calling the `AnteHandler` chain would suffice, but +there could easily be other applications that need more control over the validation +process of the proposed block, such as ensuring txs are in a certain order or +that certain transactions are included. While this theoretically could be achieved +with a custom `AnteHandler` implementation, it's not the cleanest UX or the most +efficient solution. + +Instead, we will define an additional ABCI interface method on the existing +`Application` interface, similar to the existing ABCI methods such as `BeginBlock` +or `EndBlock`. This new interface method will be defined as follows: + +```go +ProcessProposal(sdk.Context, abci.RequestProcessProposal) error {} +``` + +Note, we must call `ProcessProposal` with a new internal branched state on the +`Context` argument as we cannot simply just use the existing `checkState` because +`BaseApp` already has a modified `checkState` at this point. So when executing +`ProcessProposal`, we create a similar branched state, `processProposalState`, +off of `deliverState`. Note, the `processProposalState` is never committed and +is completely discarded after `ProcessProposal` finishes execution. + +The Cosmos SDK will provide a default implementation of `ProcessProposal` in which +all transactions are validated using the CheckTx flow, i.e. the AnteHandler, and +will always return ACCEPT unless any transaction cannot be decoded. + +### `DeliverTx` + +Since transactions are not truly removed from the app-side mempool during +`PrepareProposal`, since `ProcessProposal` can fail or take multiple rounds and +we do not want to lose transactions, we need to finally remove the transaction +from the app-side mempool during `DeliverTx` since during this phase, the +transactions are being included in the proposed block. + +Alternatively, we can keep the transactions as truly being removed during the +reaping phase in `PrepareProposal` and add them back to the app-side mempool in +case `ProcessProposal` fails. + +## Consequences + +### Backwards Compatibility + +ABCI 1.0 is naturally not backwards compatible with prior versions of the Cosmos SDK +and Tendermint. For example, an application that requests `RequestPrepareProposal` +to the same application that does not speak ABCI 1.0 will naturally fail. + +However, in the first phase of the integration, the existing ABCI methods as we +know them today will still exist and function as they currently do. + +### Positive + +* Applications now have full control over transaction ordering and priority. +* Lays the groundwork for the full integration of ABCI 1.0, which will unlock more + app-side use cases around block construction and integration with the Tendermint + consensus engine. + +### Negative + +* Requires that the "mempool", as a general data structure that collects and stores + uncommitted transactions will be duplicated between both Tendermint and the + Cosmos SDK. +* Additional requests between Tendermint and the Cosmos SDK in the context of + block execution. Albeit, the overhead should be negligible. +* Not backwards compatible with previous versions of Tendermint and the Cosmos SDK. + +## Further Discussions + +It is possible to design the app-side implementation of the `Mempool[T MempoolTx]` +in many different ways using different data structures and implementations. All +of which have different tradeoffs. The proposed solution keeps things simple +and covers cases that would be required for most basic applications. There are +tradeoffs that can be made to improve performance of reaping and inserting into +the provided mempool implementation. + +## References + +* https://github.com/tendermint/tendermint/blob/master/spec/abci%2B%2B/README.md +* [1] https://github.com/tendermint/tendermint/issues/7750#issuecomment-1076806155 +* [2] https://github.com/tendermint/tendermint/issues/7750#issuecomment-1075717151 diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-061-liquid-staking.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-061-liquid-staking.md new file mode 100644 index 00000000..fcfeda0d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-061-liquid-staking.md @@ -0,0 +1,82 @@ +# ADR ADR-061: Liquid Staking + +## Changelog + +* 2022-09-10: Initial Draft (@zmanian) + +## Status + +ACCEPTED + +## Abstract + +Add a semi-fungible liquid staking primitive to the default Cosmos SDK staking module. This upgrades proof of stake to enable safe designs with lower overall monetary issuance and integration with numerous liquid staking protocols like Stride, Persistence, Quicksilver, Lido etc. + +## Context + +The original release of the Cosmos Hub featured the implementation of a ground breaking proof of stake mechanism featuring delegation, slashing, in protocol reward distribution and adaptive issuance. This design was state of the art for 2016 and has been deployed without major changes by many L1 blockchains. + +As both Proof of Stake and blockchain use cases have matured, this design has aged poorly and should no longer be considered a good baseline Proof of Stake issuance. In the world of application specific blockchains, there cannot be a one size fits all blockchain but the Cosmos SDK does endeavour to provide a good baseline implementation and one that is suitable for the Cosmos Hub. + +The most important deficiency of the legacy staking design is that it composes poorly with on chain protocols for trading, lending, derivatives that are referred to collectively as DeFi. The legacy staking implementation starves these applications of liquidity by increasing the risk free rate adaptively. It basically makes DeFi and staking security somewhat incompatible. + +The Osmosis team has adopted the idea of Superfluid and Interfluid staking where assets that are participating in DeFi appliactions can also be used in proof of stake. This requires tight integration with an enshrined set of DeFi applications and thus is unsuitable for the Cosmos SDK. + +It's also important to note that Interchain Accounts are available in the default IBC implementation and can be used to [rehypothecate](https://www.investopedia.com/terms/h/hypothecation.asp#toc-what-is-rehypothecation) delegations. Thus liquid staking is already possible and these changes merely improve the UX of liquid staking. Centralized exchanges also rehypothecate staked assets, posing challenges for decentralization. This ADR takes the position that adoption of in-protocol liquid staking is the preferable outcome and provides new levers to incentivize decentralization of stake. + +These changes to the staking module have been in development for more than a year and have seen substantial industry adoption who plan to build staking UX. The internal economics at Informal team has also done a review of the impacts of these changes and this review led to the development of the exempt delegation system. This system provides governance with a tuneable parameter for modulating the risks of principal agent problem called the exemption factor. + +## Decision + +We implement the semi-fungible liquid staking system and exemption factor system within the cosmos sdk. Though registered as fungible assets, these tokenized shares have extremely limited fungibility, only among the specific delegation record that was created when shares were tokenized. These assets can be used for OTC trades but composability with DeFi is limited. The primary expected use case is improving the user experience of liquid staking providers. + +A new governance parameter is introduced that defines the ratio of exempt to issued tokenized shares. This is called the exemption factor. A larger exemption factor allows more tokenized shares to be issued for a smaller amount of exempt delegations. If governance is comfortable with how the liquid staking market is evolving, it makes sense to increase this value. + +Min self delegation is removed from the staking system with the expectation that it will be replaced by the exempt delegations system. The exempt delegation system allows multiple accounts to demonstrate economic alignment with the validator operator as team members, partners etc. without co-mingling funds. Delegation exemption will likely be required to grow the validators' business under widespread adoption of liquid staking once governance has adjusted the exemption factor. + +When shares are tokenized, the underlying shares are transferred to a module account and rewards go to the module account for the TokenizedShareRecord. + +There is no longer a mechanism to override the validators vote for TokenizedShares. + + +### `MsgTokenizeShares` + +The MsgTokenizeShares message is used to create tokenize delegated tokens. This message can be executed by any delegator who has positive amount of delegation and after execution the specific amount of delegation disappear from the account and share tokens are provided. Share tokens are denominated in the validator and record id of the underlying delegation. + +A user may tokenize some or all of their delegation. + +They will receive shares with the denom of `cosmosvaloper1xxxx/5` where 5 is the record id for the validator operator. + +MsgTokenizeShares fails if the account is a VestingAccount. Users will have to move vested tokens to a new account and endure the unbonding period. We view this as an acceptable tradeoff vs. the complex book keeping required to track vested tokens. + +The total amount of outstanding tokenized shares for the validator is checked against the sum of exempt delegations multiplied by the exemption factor. If the tokenized shares exceeds this limit, execution fails. + +MsgTokenizeSharesResponse provides the number of tokens generated and their denom. + + +### `MsgRedeemTokensforShares` + +The MsgRedeemTokensforShares message is used to redeem the delegation from share tokens. This message can be executed by any user who owns share tokens. After execution delegations will appear to the user. + +### `MsgTransferTokenizeShareRecord` + +The MsgTransferTokenizeShareRecord message is used to transfer the ownership of rewards generated from the tokenized amount of delegation. The tokenize share record is created when a user tokenize his/her delegation and deleted when the full amount of share tokens are redeemed. + +This is designed to work with liquid staking designs that do not redeem the tokenized shares and may instead want to keep the shares tokenized. + + +### `MsgExemptDelegation` + +The MsgExemptDelegation message is used to exempt a delegation to a validator. If the exemption factor is greater than 0, this will allow more delegation shares to be issued from the validator. + +This design allows the chain to force an amount of self-delegation by validators participating in liquid staking schemes. + +## Consequences + +### Backwards Compatibility + +By setting the exemption factor to zero, this module works like legacy staking. The only substantial change is the removal of min-self-bond and without any tokenized shares, there is no incentive to exempt delegation. + +### Positive + +This approach should enable integration with liquid staking providers and improved user experience. It provides a pathway to security under non-exponential issuance policies in the baseline staking module. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-062-collections-state-layer.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-062-collections-state-layer.md new file mode 100644 index 00000000..8ebaddda --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-062-collections-state-layer.md @@ -0,0 +1,117 @@ +# ADR 062: Collections, a simplified storage layer for cosmos-sdk modules. + +## Changelog + +* 30/11/2022: PROPOSED + +## Status + +PROPOSED - Implemented + +## Abstract + +We propose a simplified module storage layer which leverages golang generics to allow module developers to handle module +storage in a simple and straightforward manner, whilst offering safety, extensibility and standardisation. + +## Context + +Module developers are forced into manually implementing storage functionalities in their modules, those functionalities include +but are not limited to: + +- Defining key to bytes formats. +- Defining value to bytes formats. +- Defining secondary indexes. +- Defining query methods to expose outside to deal with storage. +- Defining local methods to deal with storage writing. +- Dealing with genesis imports and exports. +- Writing tests for all the above. + + +This brings in a lot of problems: +- It blocks developers from focusing on the most important part: writing business logic. +- Key to bytes formats are complex and their definition is error-prone, for example: + - how do I format time to bytes in such a way that bytes are sorted? + - how do I ensure when I don't have namespace collisions when dealing with secondary indexes? +- The lack of standardisation makes life hard for clients, and the problem is exacerbated when it comes to providing proofs for objects present in state. Clients are forced to maintain a list of object paths to gather proofs. + +### Current Solution: ORM + +The current SDK proposed solution to this problem is [ORM](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-055-orm.md). +Whilst ORM offers a lot of good functionality aimed at solving these specific problems, it has some downsides: +- It requires migrations. +- It uses the newest protobuf golang API, whilst the SDK still mainly uses gogoproto. +- Integrating ORM into a module would require the developer to deal with two different golang frameworks (golang protobuf + gogoproto) representing the same API objects. +- It has a high learning curve, even for simple storage layers as it requires developers to have knowledge around protobuf options, custom cosmos-sdk storage extensions, and tooling download. Then after this they still need to learn the code-generated API. + +### CosmWasm Solution: cw-storage-plus + +The collections API takes inspiration from [cw-storage-plus](https://docs.cosmwasm.com/docs/1.0/smart-contracts/state/cw-plus/), +which has demonstrated to be a powerful tool for dealing with storage in CosmWasm contracts. +It's simple, does not require extra tooling, it makes it easy to deal with complex storage structures (indexes, snapshot, etc). +The API is straightforward and explicit. + +## Decision + +We propose to port the `collections` API, whose implementation lives in [NibiruChain/collections](https://github.com/NibiruChain/collections) to cosmos-sdk. + +Collections implements four different storage handlers types: + +- `Map`: which deals with simple `key=>object` mappings. +- `KeySet`: which acts as a `Set` and only retains keys and no object (usecase: allow-lists). +- `Item`: which always contains only one object (usecase: Params) +- `Sequence`: which implements a simple always increasing number (usecase: Nonces) +- `IndexedMap`: builds on top of `Map` and `KeySet` and allows to create relationships with `Objects` and `Objects` secondary keys. + +All the collection APIs build on top of the simple `Map` type. + +Collections is fully generic, meaning that anything can be used as `Key` and `Value`. It can be a protobuf object or not. + +Collections types, in fact, delegate the duty of serialisation of keys and values to a secondary collections API component called `ValueEncoders` and `KeyEncoders`. + +`ValueEncoders` take care of converting a value to bytes (relevant only for `Map`). And offers a plug and play layer which allows us to change how we encode objects, +which is relevant for swapping serialisation frameworks and enhancing performance. +`Collections` already comes in with default `ValueEncoders`, specifically for: protobuf objects, special SDK types (sdk.Int, sdk.Dec). + +`KeyEncoders` take care of converting keys to bytes, `collections` already comes in with some default `KeyEncoders` for some privimite golang types +(uint64, string, time.Time, ...) and some widely used sdk types (sdk.Acc/Val/ConsAddress, sdk.Int/Dec, ...). +These default implementations also offer safety around proper lexicographic ordering and namespace-collision. + +Examples of the collections API can be found here: +- introduction: https://github.com/NibiruChain/collections/tree/main/examples +- usage in nibiru: [x/oracle](https://github.com/NibiruChain/nibiru/blob/master/x/oracle/keeper/keeper.go#L32), [x/perp](https://github.com/NibiruChain/nibiru/blob/master/x/perp/keeper/keeper.go#L31) +- cosmos-sdk's x/staking migrated: https://github.com/testinginprod/cosmos-sdk/pull/22 + + +## Consequences + +### Backwards Compatibility + +The design of `ValueEncoders` and `KeyEncoders` allows modules to retain the same `byte(key)=>byte(value)` mappings, making +the upgrade to the new storage layer non-state breaking. + + +### Positive + +- ADR aimed at removing code from the SDK rather than adding it. Migrating just `x/staking` to collections would yield to a net decrease in LOC (even considering the addition of collections itself). +- Simplifies and standardises storage layers across modules in the SDK. +- Does not require to have to deal with protobuf. +- It's pure golang code. +- Generalisation over `KeyEncoders` and `ValueEncoders` allows us to not tie ourself to the data serialisation framework. +- `KeyEncoders` and `ValueEncoders` can be extended to provide schema reflection. + +### Negative + +- Golang generics are not as battle-tested as other Golang features, despite being used in production right now. +- Collection types instantiation needs to be improved. + +### Neutral + +{neutral consequences} + +## Further Discussions + +- Automatic genesis import/export (not implemented because of API breakage) +- Schema reflection + + +## References diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-063-core-module-api.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-063-core-module-api.md new file mode 100644 index 00000000..ad150654 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-063-core-module-api.md @@ -0,0 +1,558 @@ +# ADR 063: Core Module API + +## Changelog + +* 2022-08-18 First Draft +* 2022-12-08 First Draft +* 2023-01-24 Updates + +## Status + +ACCEPTED Partially Implemented + +## Abstract + +A new core API is proposed as a way to develop cosmos-sdk applications that will eventually replace the existing +`AppModule` and `sdk.Context` frameworks a set of core services and extension interfaces. This core API aims to: + +* be simpler +* more extensible +* more stable than the current framework +* enable deterministic events and queries, +* support event listeners +* [ADR 033: Protobuf-based Inter-Module Communication](./adr-033-protobuf-inter-module-comm.md) clients. + +## Context + +Historically modules have exposed their functionality to the framework via the `AppModule` and `AppModuleBasic` +interfaces which have the following shortcomings: + +* both `AppModule` and `AppModuleBasic` need to be defined and registered which is counter-intuitive +* apps need to implement the full interfaces, even parts they don't need (although there are workarounds for this), +* interface methods depend heavily on unstable third party dependencies, in particular Comet, +* legacy required methods have littered these interfaces for far too long + +In order to interact with the state machine, modules have needed to do a combination of these things: + +* get store keys from the app +* call methods on `sdk.Context` which contains more or less the full set of capability available to modules. + +By isolating all the state machine functionality into `sdk.Context`, the set of functionalities available to +modules are tightly coupled to this type. If there are changes to upstream dependencies (such as Comet) +or new functionalities are desired (such as alternate store types), the changes need impact `sdk.Context` and all +consumers of it (basically all modules). Also, all modules now receive `context.Context` and need to convert these +to `sdk.Context`'s with a non-ergonomic unwrapping function. + +Any breaking changes to these interfaces, such as ones imposed by third-party dependencies like Comet, have the +side effect of forcing all modules in the ecosystem to update in lock-step. This means it is almost impossible to have +a version of the module which can be run with 2 or 3 different versions of the SDK or 2 or 3 different versions of +another module. This lock-step coupling slows down overall development within the ecosystem and causes updates to +components to be delayed longer than they would if things were more stable and loosely coupled. + +## Decision + +The `core` API proposes a set of core APIs that modules can rely on to interact with the state machine and expose their +functionalities to it that are designed in a principled way such that: + +* tight coupling of dependencies and unrelated functionalities is minimized or eliminated +* APIs can have long-term stability guarantees +* the SDK framework is extensible in a safe and straightforward way + +The design principles of the core API are as follows: + +* everything that a module wants to interact with in the state machine is a service +* all services coordinate state via `context.Context` and don't try to recreate the "bag of variables" approach of `sdk.Context` +* all independent services are isolated in independent packages with minimal APIs and minimal dependencies +* the core API should be minimalistic and designed for long-term support (LTS) +* a "runtime" module will implement all the "core services" defined by the core API and can handle all module + functionalities exposed by core extension interfaces +* other non-core and/or non-LTS services can be exposed by specific versions of runtime modules or other modules +following the same design principles, this includes functionality that interacts with specific non-stable versions of +third party dependencies such as Comet +* the core API doesn't implement *any* functionality, it just defines types +* go stable API compatibility guidelines are followed: https://go.dev/blog/module-compatibility + +A "runtime" module is any module which implements the core functionality of composing an ABCI app, which is currently +handled by `BaseApp` and the `ModuleManager`. Runtime modules which implement the core API are *intentionally* separate +from the core API in order to enable more parallel versions and forks of the runtime module than is possible with the +SDK's current tightly coupled `BaseApp` design while still allowing for a high degree of composability and +compatibility. + +Modules which are built only against the core API don't need to know anything about which version of runtime, +`BaseApp` or Comet in order to be compatible. Modules from the core mainline SDK could be easily composed +with a forked version of runtime with this pattern. + +This design is intended to enable matrices of compatible dependency versions. Ideally a given version of any module +is compatible with multiple versions of the runtime module and other compatible modules. This will allow dependencies +to be selectively updated based on battle-testing. More conservative projects may want to update some dependencies +slower than more fast moving projects. + +### Core Services + +The following "core services" are defined by the core API. All valid runtime module implementations should provide +implementations of these services to modules via both [dependency injection](./adr-057-app-wiring.md) and +manual wiring. The individual services described below are all bundled in a convenient `appmodule.Service` +"bundle service" so that for simplicity modules can declare a dependency on a single service. + +#### Store Services + +Store services will be defined in the `cosmossdk.io/core/store` package. + +The generic `store.KVStore` interface is the same as current SDK `KVStore` interface. Store keys have been refactored +into store services which, instead of expecting the context to know about stores, invert the pattern and allow +retrieving a store from a generic context. There are three store services for the three types of currently supported +stores - regular kv-store, memory, and transient: + +```go +type KVStoreService interface { + OpenKVStore(context.Context) KVStore +} + +type MemoryStoreService interface { + OpenMemoryStore(context.Context) KVStore +} +type TransientStoreService interface { + OpenTransientStore(context.Context) KVStore +} +``` + +Modules can use these services like this: + +```go +func (k msgServer) Send(ctx context.Context, msg *types.MsgSend) (*types.MsgSendResponse, error) { + store := k.kvStoreSvc.OpenKVStore(ctx) +} +``` + +Just as with the current runtime module implementation, modules will not need to explicitly name these store keys, +but rather the runtime module will choose an appropriate name for them and modules just need to request the +type of store they need in their dependency injection (or manual) constructors. + +#### Event Service + +The event `Service` will be defined in the `cosmossdk.io/core/event` package. + +The event `Service` allows modules to emit typed and legacy untyped events: + +```go +package event + +type Service interface { + // EmitProtoEvent emits events represented as a protobuf message (as described in ADR 032). + // + // Callers SHOULD assume that these events may be included in consensus. These events + // MUST be emitted deterministically and adding, removing or changing these events SHOULD + // be considered state-machine breaking. + EmitProtoEvent(ctx context.Context, event protoiface.MessageV1) error + + // EmitKVEvent emits an event based on an event and kv-pair attributes. + // + // These events will not be part of consensus and adding, removing or changing these events is + // not a state-machine breaking change. + EmitKVEvent(ctx context.Context, eventType string, attrs ...KVEventAttribute) error + + // EmitProtoEventNonConsensus emits events represented as a protobuf message (as described in ADR 032), without + // including it in blockchain consensus. + // + // These events will not be part of consensus and adding, removing or changing events is + // not a state-machine breaking change. + EmitProtoEventNonConsensus(ctx context.Context, event protoiface.MessageV1) error +} +``` + +Typed events emitted with `EmitProto` should be assumed to be part of blockchain consensus (whether they are part of +the block or app hash is left to the runtime to specify). + +Events emitted by `EmitKVEvent` and `EmitProtoEventNonConsensus` are not considered to be part of consensus and cannot be observed +by other modules. If there is a client-side need to add events in patch releases, these methods can be used. + +#### Logger + +A logger (`cosmossdk.io/log`) must be supplied using `depinject`, and will +be made available for modules to use via `depinject.In`. +Modules using it should follow the current pattern in the SDK by adding the module name before using it. + +```go +type ModuleInputs struct { + depinject.In + + Logger log.Logger +} + +func ProvideModule(in ModuleInputs) ModuleOutputs { + keeper := keeper.NewKeeper( + in.logger, + ) +} + +func NewKeeper(logger log.Logger) Keeper { + return Keeper{ + logger: logger.With(log.ModuleKey, "x/"+types.ModuleName), + } +} +``` + +### Core `AppModule` extension interfaces + + +Modules will provide their core services to the runtime module via extension interfaces built on top of the +`cosmossdk.io/core/appmodule.AppModule` tag interface. This tag interface requires only two empty methods which +allow `depinject` to identify implementors as `depinject.OnePerModule` types and as app module implementations: + +```go +type AppModule interface { + depinject.OnePerModuleType + + // IsAppModule is a dummy method to tag a struct as implementing an AppModule. + IsAppModule() +} +``` + +Other core extension interfaces will be defined in `cosmossdk.io/core` should be supported by valid runtime +implementations. + +#### `MsgServer` and `QueryServer` registration + +`MsgServer` and `QueryServer` registration is done by implementing the `HasServices` extension interface: + +```go +type HasServices interface { + AppModule + + RegisterServices(grpc.ServiceRegistrar) +} +``` + +Because of the `cosmos.msg.v1.service` protobuf option, required for `Msg` services, the same `ServiceRegitrar` can be +used to register both `Msg` and query services. + +#### Genesis + +The genesis `Handler` functions - `DefaultGenesis`, `ValidateGenesis`, `InitGenesis` and `ExportGenesis` - are specified +against the `GenesisSource` and `GenesisTarget` interfaces which will abstract over genesis sources which may be a single +JSON object or collections of JSON objects that can be efficiently streamed. + +```go +// GenesisSource is a source for genesis data in JSON format. It may abstract over a +// single JSON object or separate files for each field in a JSON object that can +// be streamed over. Modules should open a separate io.ReadCloser for each field that +// is required. When fields represent arrays they can efficiently be streamed +// over. If there is no data for a field, this function should return nil, nil. It is +// important that the caller closes the reader when done with it. +type GenesisSource = func(field string) (io.ReadCloser, error) + +// GenesisTarget is a target for writing genesis data in JSON format. It may +// abstract over a single JSON object or JSON in separate files that can be +// streamed over. Modules should open a separate io.WriteCloser for each field +// and should prefer writing fields as arrays when possible to support efficient +// iteration. It is important the caller closers the writer AND checks the error +// when done with it. It is expected that a stream of JSON data is written +// to the writer. +type GenesisTarget = func(field string) (io.WriteCloser, error) +``` + +All genesis objects for a given module are expected to conform to the semantics of a JSON object. +Each field in the JSON object should be read and written separately to support streaming genesis. +The [ORM](./adr-055-orm.md) and [collections](./adr-062-collections-state-layer.md) both support +streaming genesis and modules using these frameworks generally do not need to write any manual +genesis code. + +To support genesis, modules should implement the `HasGenesis` extension interface: + +```go +type HasGenesis interface { + AppModule + + // DefaultGenesis writes the default genesis for this module to the target. + DefaultGenesis(GenesisTarget) error + + // ValidateGenesis validates the genesis data read from the source. + ValidateGenesis(GenesisSource) error + + // InitGenesis initializes module state from the genesis source. + InitGenesis(context.Context, GenesisSource) error + + // ExportGenesis exports module state to the genesis target. + ExportGenesis(context.Context, GenesisTarget) error +} +``` + +#### Pre Blockers + +Modules that have functionality that runs before BeginBlock and should implement the has `HasPreBlocker` interfaces: + +```go +type HasPreBlocker interface { + AppModule + PreBlock(context.Context) error +} +``` + +#### Begin and End Blockers + +Modules that have functionality that runs before transactions (begin blockers) or after transactions +(end blockers) should implement the has `HasBeginBlocker` and/or `HasEndBlocker` interfaces: + +```go +type HasBeginBlocker interface { + AppModule + BeginBlock(context.Context) error +} + +type HasEndBlocker interface { + AppModule + EndBlock(context.Context) error +} +``` + +The `BeginBlock` and `EndBlock` methods will take a `context.Context`, because: + +* most modules don't need Comet information other than `BlockInfo` so we can eliminate dependencies on specific +Comet versions +* for the few modules that need Comet block headers and/or return validator updates, specific versions of the +runtime module will provide specific functionality for interacting with the specific version(s) of Comet +supported + +In order for `BeginBlock`, `EndBlock` and `InitGenesis` to send back validator updates and retrieve full Comet +block headers, the runtime module for a specific version of Comet could provide services like this: + +```go +type ValidatorUpdateService interface { + SetValidatorUpdates(context.Context, []abci.ValidatorUpdate) +} +``` + +Header Service defines a way to get header information about a block. This information is generalized for all implementations: + +```go +type Service interface { + GetHeaderInfo(context.Context) Info +} + +type Info struct { + Height int64 // Height returns the height of the block + Hash []byte // Hash returns the hash of the block header + Time time.Time // Time returns the time of the block + ChainID string // ChainId returns the chain ID of the block +} +``` + +Comet Service provides a way to get comet specific information: + +```go +type Service interface { + GetCometInfo(context.Context) Info +} + +type CometInfo struct { + Evidence []abci.Misbehavior // Misbehavior returns the misbehavior of the block + // ValidatorsHash returns the hash of the validators + // For Comet, it is the hash of the next validators + ValidatorsHash []byte + ProposerAddress []byte // ProposerAddress returns the address of the block proposer + DecidedLastCommit abci.CommitInfo // DecidedLastCommit returns the last commit info +} +``` + +If a user would like to provide a module other information they would need to implement another service like: + +```go +type RollKit Interface { + ... +} +``` + +We know these types will change at the Comet level and that also a very limited set of modules actually need this +functionality, so they are intentionally kept out of core to keep core limited to the necessary, minimal set of stable +APIs. + +#### Remaining Parts of AppModule + +The current `AppModule` framework handles a number of additional concerns which aren't addressed by this core API. +These include: + +* gas +* block headers +* upgrades +* registration of gogo proto and amino interface types +* cobra query and tx commands +* gRPC gateway +* crisis module invariants +* simulations + +Additional `AppModule` extension interfaces either inside or outside of core will need to be specified to handle +these concerns. + +In the case of gogo proto and amino interfaces, the registration of these generally should happen as early +as possible during initialization and in [ADR 057: App Wiring](./adr-057-app-wiring-1.md), protobuf type registration +happens before dependency injection (although this could alternatively be done dedicated DI providers). + +gRPC gateway registration should probably be handled by the runtime module, but the core API shouldn't depend on gRPC +gateway types as 1) we are already using an older version and 2) it's possible the framework can do this registration +automatically in the future. So for now, the runtime module should probably provide some sort of specific type for doing +this registration ex: + +```go +type GrpcGatewayInfo struct { + Handlers []GrpcGatewayHandler +} + +type GrpcGatewayHandler func(ctx context.Context, mux *runtime.ServeMux, client QueryClient) error +``` + +which modules can return in a provider: + +```go +func ProvideGrpcGateway() GrpcGatewayInfo { + return GrpcGatewayinfo { + Handlers: []Handler {types.RegisterQueryHandlerClient} + } +} +``` + +Crisis module invariants and simulations are subject to potential redesign and should be managed with types +defined in the crisis and simulation modules respectively. + +Extension interface for CLI commands will be provided via the `cosmossdk.io/client/v2` module and its +[autocli](./adr-058-auto-generated-cli.md) framework. + +#### Example Usage + +Here is an example of setting up a hypothetical `foo` v2 module which uses the [ORM](./adr-055-orm.md) for its state +management and genesis. + +```go +type Keeper struct { + db orm.ModuleDB + evtSrv event.Service +} + +func (k Keeper) RegisterServices(r grpc.ServiceRegistrar) { + foov1.RegisterMsgServer(r, k) + foov1.RegisterQueryServer(r, k) +} + +func (k Keeper) BeginBlock(context.Context) error { + return nil +} + +func ProvideApp(config *foomodulev2.Module, evtSvc event.EventService, db orm.ModuleDB) (Keeper, appmodule.AppModule){ + k := &Keeper{db: db, evtSvc: evtSvc} + return k, k +} +``` + +### Runtime Compatibility Version + +The `core` module will define a static integer var, `cosmossdk.io/core.RuntimeCompatibilityVersion`, which is +a minor version indicator of the core module that is accessible at runtime. Correct runtime module implementations +should check this compatibility version and return an error if the current `RuntimeCompatibilityVersion` is higher +than the version of the core API that this runtime version can support. When new features are adding to the `core` +module API that runtime modules are required to support, this version should be incremented. + +### Runtime Modules + +The initial `runtime` module will simply be created within the existing `github.com/cosmos/cosmos-sdk` go module +under the `runtime` package. This module will be a small wrapper around the existing `BaseApp`, `sdk.Context` and +module manager and follow the Cosmos SDK's existing [0-based versioning](https://0ver.org). To move to semantic +versioning as well as runtime modularity, new officially supported runtime modules will be created under the +`cosmossdk.io/runtime` prefix. For each supported consensus engine a semantically-versioned go module should be created +with a runtime implementation for that consensus engine. For example: +- `cosmossdk.io/runtime/comet` +- `cosmossdk.io/runtime/comet/v2` +- `cosmossdk.io/runtime/rollkit` +- etc. + +These runtime modules should attempt to be semantically versioned even if the underlying consensus engine is not. Also, +because a runtime module is also a first class Cosmos SDK module, it should have a protobuf module config type. +A new semantically versioned module config type should be created for each of these runtime module such that there is a +1:1 correspondence between the go module and module config type. This is the same practice should be followed for every +semantically versioned Cosmos SDK module as described in [ADR 057: App Wiring](./adr-057-app-wiring.md). + +Currently, `github.com/cosmos/cosmos-sdk/runtime` uses the protobuf config type `cosmos.app.runtime.v1alpha1.Module`. +When we have a standalone v1 comet runtime, we should use a dedicated protobuf module config type such as +`cosmos.runtime.comet.v1.Module1`. When we release v2 of the comet runtime (`cosmossdk.io/runtime/comet/v2`) we should +have a corresponding `cosmos.runtime.comet.v2.Module` protobuf type. + +In order to make it easier to support different consensus engines that support the same core module functionality as +described in this ADR, a common go module should be created with shared runtime components. The easiest runtime components +to share initially are probably the message/query router, inter-module client, service register, and event router. +This common runtime module should be created initially as the `cosmossdk.io/runtime/common` go module. + +When this new architecture has been implemented, the main dependency for a Cosmos SDK module would be +`cosmossdk.io/core` and that module should be able to be used with any supported consensus engine (to the extent +that it does not explicitly depend on consensus engine specific functionality such as Comet's block headers). An +app developer would then be able to choose which consensus engine they want to use by importing the corresponding +runtime module. The current `BaseApp` would be refactored into the `cosmossdk.io/runtime/comet` module, the router +infrastructure in `baseapp/` would be refactored into `cosmossdk.io/runtime/common` and support ADR 033, and eventually +a dependency on `github.com/cosmos/cosmos-sdk` would no longer be required. + +In short, modules would depend primarily on `cosmossdk.io/core`, and each `cosmossdk.io/runtime/{consensus-engine}` +would implement the `cosmossdk.io/core` functionality for that consensus engine. + +On additional piece that would need to be resolved as part of this architecture is how runtimes relate to the server. +Likely it would make sense to modularize the current server architecture so that it can be used with any runtime even +if that is based on a consensus engine besides Comet. This means that eventually the Comet runtime would need to +encapsulate the logic for starting Comet and the ABCI app. + +### Testing + +A mock implementation of all services should be provided in core to allow for unit testing of modules +without needing to depend on any particular version of runtime. Mock services should +allow tests to observe service behavior or provide a non-production implementation - for instance memory +stores can be used to mock stores. + +For integration testing, a mock runtime implementation should be provided that allows composing different app modules +together for testing without a dependency on runtime or Comet. + +## Consequences + +### Backwards Compatibility + +Early versions of runtime modules should aim to support as much as possible modules built with the existing +`AppModule`/`sdk.Context` framework. As the core API is more widely adopted, later runtime versions may choose to +drop support and only support the core API plus any runtime module specific APIs (like specific versions of Comet). + +The core module itself should strive to remain at the go semantic version `v1` as long as possible and follow design +principles that allow for strong long-term support (LTS). + +Older versions of the SDK can support modules built against core with adaptors that convert wrap core `AppModule` +implementations in implementations of `AppModule` that conform to that version of the SDK's semantics as well +as by providing service implementations by wrapping `sdk.Context`. + +### Positive + +* better API encapsulation and separation of concerns +* more stable APIs +* more framework extensibility +* deterministic events and queries +* event listeners +* inter-module msg and query execution support +* more explicit support for forking and merging of module versions (including runtime) + +### Negative + +### Neutral + +* modules will need to be refactored to use this API +* some replacements for `AppModule` functionality still need to be defined in follow-ups + (type registration, commands, invariants, simulations) and this will take additional design work + +## Further Discussions + +* gas +* block headers +* upgrades +* registration of gogo proto and amino interface types +* cobra query and tx commands +* gRPC gateway +* crisis module invariants +* simulations + +## References + +* [ADR 033: Protobuf-based Inter-Module Communication](./adr-033-protobuf-inter-module-comm.md) +* [ADR 057: App Wiring](./adr-057-app-wiring-1.md) +* [ADR 055: ORM](./adr-055-orm.md) +* [ADR 028: Public Key Addresses](./adr-028-public-key-addresses.md) +* [Keeping Your Modules Compatible](https://go.dev/blog/module-compatibility) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-064-abci-2.0.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-064-abci-2.0.md new file mode 100644 index 00000000..c0dc7f74 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-064-abci-2.0.md @@ -0,0 +1,473 @@ +# ADR 64: ABCI 2.0 Integration (Phase II) + +## Changelog + +* 2023-01-17: Initial Draft (@alexanderbez) +* 2023-04-06: Add upgrading section (@alexanderbez) +* 2023-04-10: Simplify vote extension state persistence (@alexanderbez) +* 2023-07-07: Revise vote extension state persistence (@alexanderbez) +* 2023-08-24: Revise vote extension power calculations and staking interface (@davidterpay) + +## Status + +ACCEPTED + +## Abstract + +This ADR outlines the continuation of the efforts to implement ABCI++ in the Cosmos +SDK outlined in [ADR 060: ABCI 1.0 (Phase I)](adr-060-abci-1.0.md). + +Specifically, this ADR outlines the design and implementation of ABCI 2.0, which +includes `ExtendVote`, `VerifyVoteExtension` and `FinalizeBlock`. + +## Context + +ABCI 2.0 continues the promised updates from ABCI++, specifically three additional +ABCI methods that the application can implement in order to gain further control, +insight and customization of the consensus process, unlocking many novel use-cases +that previously not possible. We describe these three new methods below: + +### `ExtendVote` + +This method allows each validator process to extend the pre-commit phase of the +CometBFT consensus process. Specifically, it allows the application to perform +custom business logic that extends the pre-commit vote and supply additional data +as part of the vote, although they are signed separately by the same key. + +The data, called vote extension, will be broadcast and received together with the +vote it is extending, and will be made available to the application in the next +height. Specifically, the proposer of the next block will receive the vote extensions +in `RequestPrepareProposal.local_last_commit.votes`. + +If the application does not have vote extension information to provide, it +returns a 0-length byte array as its vote extension. + +**NOTE**: + +* Although each validator process submits its own vote extension, ONLY the *proposer* + of the *next* block will receive all the vote extensions included as part of the + pre-commit phase of the previous block. This means only the proposer will + implicitly have access to all the vote extensions, via `RequestPrepareProposal`, + and that not all vote extensions may be included, since a validator does not + have to wait for all pre-commits, only 2/3. +* The pre-commit vote is signed independently from the vote extension. + +### `VerifyVoteExtension` + +This method allows validators to validate the vote extension data attached to +each pre-commit message it receives. If the validation fails, the whole pre-commit +message will be deemed invalid and ignored by CometBFT. + +CometBFT uses `VerifyVoteExtension` when validating a pre-commit vote. Specifically, +for a pre-commit, CometBFT will: + +* Reject the message if it doesn't contain a signed vote AND a signed vote extension +* Reject the message if the vote's signature OR the vote extension's signature fails to verify +* Reject the message if `VerifyVoteExtension` was rejected by the app + +Otherwise, CometBFT will accept the pre-commit message. + +Note, this has important consequences on liveness, i.e., if vote extensions repeatedly +cannot be verified by correct validators, CometBFT may not be able to finalize +a block even if sufficiently many (+2/3) validators send pre-commit votes for +that block. Thus, `VerifyVoteExtension` should be used with special care. + +CometBFT recommends that an application that detects an invalid vote extension +SHOULD accept it in `ResponseVerifyVoteExtension` and ignore it in its own logic. + +### `FinalizeBlock` + +This method delivers a decided block to the application. The application must +execute the transactions in the block deterministically and update its state +accordingly. Cryptographic commitments to the block and transaction results, +returned via the corresponding parameters in `ResponseFinalizeBlock`, are +included in the header of the next block. CometBFT calls it when a new block +is decided. + +In other words, `FinalizeBlock` encapsulates the current ABCI execution flow of +`BeginBlock`, one or more `DeliverTx`, and `EndBlock` into a single ABCI method. +CometBFT will no longer execute requests for these legacy methods and instead +will just simply call `FinalizeBlock`. + +## Decision + +We will discuss changes to the Cosmos SDK to implement ABCI 2.0 in two distinct +phases, `VoteExtensions` and `FinalizeBlock`. + +### `VoteExtensions` + +Similarly for `PrepareProposal` and `ProcessProposal`, we propose to introduce +two new handlers that an application can implement in order to provide and verify +vote extensions. + +We propose the following new handlers for applications to implement: + +```go +type ExtendVoteHandler func(sdk.Context, abci.RequestExtendVote) abci.ResponseExtendVote +type VerifyVoteExtensionHandler func(sdk.Context, abci.RequestVerifyVoteExtension) abci.ResponseVerifyVoteExtension +``` + +An ephemeral context and state will be supplied to both handlers. The +context will contain relevant metadata such as the block height and block hash. +The state will be a cached version of the committed state of the application and +will be discarded after the execution of the handler, this means that both handlers +get a fresh state view and no changes made to it will be written. + +If an application decides to implement `ExtendVoteHandler`, it must return a +non-nil `ResponseExtendVote.VoteExtension`. + +Recall, an implementation of `ExtendVoteHandler` does NOT need to be deterministic, +however, given a set of vote extensions, `VerifyVoteExtensionHandler` must be +deterministic, otherwise the chain may suffer from liveness faults. In addition, +recall CometBFT proceeds in rounds for each height, so if a decision cannot be +made about about a block proposal at a given height, CometBFT will proceed to the +next round and thus will execute `ExtendVote` and `VerifyVoteExtension` again for +the new round for each validator until 2/3 valid pre-commits can be obtained. + +Given the broad scope of potential implementations and use-cases of vote extensions, +and how to verify them, most applications should choose to implement the handlers +through a single handler type, which can have any number of dependencies injected +such as keepers. In addition, this handler type could contain some notion of +volatile vote extension state management which would assist in vote extension +verification. This state management could be ephemeral or could be some form of +on-disk persistence. + +Example: + +```go +// VoteExtensionHandler implements an Oracle vote extension handler. +type VoteExtensionHandler struct { + cdc Codec + mk MyKeeper + state VoteExtState // This could be a map or a DB connection object +} + +// ExtendVoteHandler can do something with h.mk and possibly h.state to create +// a vote extension, such as fetching a series of prices for supported assets. +func (h VoteExtensionHandler) ExtendVoteHandler(ctx sdk.Context, req abci.RequestExtendVote) abci.ResponseExtendVote { + prices := GetPrices(ctx, h.mk.Assets()) + bz, err := EncodePrices(h.cdc, prices) + if err != nil { + panic(fmt.Errorf("failed to encode prices for vote extension: %w", err)) + } + + // store our vote extension at the given height + // + // NOTE: Vote extensions can be overridden since we can timeout in a round. + SetPrices(h.state, req, bz) + + return abci.ResponseExtendVote{VoteExtension: bz} +} + +// VerifyVoteExtensionHandler can do something with h.state and req to verify +// the req.VoteExtension field, such as ensuring the provided oracle prices are +// within some valid range of our prices. +func (h VoteExtensionHandler) VerifyVoteExtensionHandler(ctx sdk.Context, req abci.RequestVerifyVoteExtension) abci.ResponseVerifyVoteExtension { + prices, err := DecodePrices(h.cdc, req.VoteExtension) + if err != nil { + log("failed to decode vote extension", "err", err) + return abci.ResponseVerifyVoteExtension{Status: REJECT} + } + + if err := ValidatePrices(h.state, req, prices); err != nil { + log("failed to validate vote extension", "prices", prices, "err", err) + return abci.ResponseVerifyVoteExtension{Status: REJECT} + } + + // store updated vote extensions at the given height + // + // NOTE: Vote extensions can be overridden since we can timeout in a round. + SetPrices(h.state, req, req.VoteExtension) + + return abci.ResponseVerifyVoteExtension{Status: ACCEPT} +} +``` + +#### Vote Extension Propagation & Verification + +As mentioned previously, vote extensions for height `H` are only made available +to the proposer at height `H+1` during `PrepareProposal`. However, in order to +make vote extensions useful, all validators should have access to the agreed upon +vote extensions at height `H` during `H+1`. + +Since CometBFT includes all the vote extension signatures in `RequestPrepareProposal`, +we propose that the proposing validator manually "inject" the vote extensions +along with their respective signatures via a special transaction, `VoteExtsTx`, +into the block proposal during `PrepareProposal`. The `VoteExtsTx` will be +populated with a single `ExtendedCommitInfo` object which is received directly +from `RequestPrepareProposal`. + +For convention, the `VoteExtsTx` transaction should be the first transaction in +the block proposal, although chains can implement their own preferences. For +safety purposes, we also propose that the proposer itself verify all the vote +extension signatures it receives in `RequestPrepareProposal`. + +A validator, upon a `RequestProcessProposal`, will receive the injected `VoteExtsTx` +which includes the vote extensions along with their signatures. If no such transaction +exists, the validator MUST REJECT the proposal. + +When a validator inspects a `VoteExtsTx`, it will evaluate each `SignedVoteExtension`. +For each signed vote extension, the validator will generate the signed bytes and +verify the signature. At least 2/3 valid signatures, based on voting power, must +be received in order for the block proposal to be valid, otherwise the validator +MUST REJECT the proposal. + +In order to have the ability to validate signatures, `BaseApp` must have access +to the `x/staking` module, since this module stores an index from consensus +address to public key. However, we will avoid a direct dependency on `x/staking` +and instead rely on an interface instead. In addition, the Cosmos SDK will expose +a default signature verification method which applications can use: + +```go +type ValidatorStore interface { + GetPubKeyByConsAddr(context.Context, sdk.ConsAddress) (cmtprotocrypto.PublicKey, error) +} + +// ValidateVoteExtensions is a function that an application can execute in +// ProcessProposal to verify vote extension signatures. +func (app *BaseApp) ValidateVoteExtensions(ctx sdk.Context, currentHeight int64, extCommit abci.ExtendedCommitInfo) error { + votingPower := 0 + totalVotingPower := 0 + + for _, vote := range extCommit.Votes { + totalVotingPower += vote.Validator.Power + + if !vote.SignedLastBlock || len(vote.VoteExtension) == 0 { + continue + } + + valConsAddr := sdk.ConsAddress(vote.Validator.Address) + pubKeyProto, err := valStore.GetPubKeyByConsAddr(ctx, valConsAddr) + if err != nil { + return fmt.Errorf("failed to get public key for validator %s: %w", valConsAddr, err) + } + + if len(vote.ExtensionSignature) == 0 { + return fmt.Errorf("received a non-empty vote extension with empty signature for validator %s", valConsAddr) + } + + cmtPubKey, err := cryptoenc.PubKeyFromProto(pubKeyProto) + if err != nil { + return fmt.Errorf("failed to convert validator %X public key: %w", valConsAddr, err) + } + + cve := cmtproto.CanonicalVoteExtension{ + Extension: vote.VoteExtension, + Height: currentHeight - 1, // the vote extension was signed in the previous height + Round: int64(extCommit.Round), + ChainId: app.GetChainID(), + } + + extSignBytes, err := cosmosio.MarshalDelimited(&cve) + if err != nil { + return fmt.Errorf("failed to encode CanonicalVoteExtension: %w", err) + } + + if !cmtPubKey.VerifySignature(extSignBytes, vote.ExtensionSignature) { + return errors.New("received vote with invalid signature") + } + + votingPower += vote.Validator.Power + } + + if (votingPower / totalVotingPower) < threshold { + return errors.New("not enough voting power for the vote extensions") + } + + return nil +} +``` + +Once at least 2/3 signatures, by voting power, are received and verified, the +validator can use the vote extensions to derive additional data or come to some +decision based on the vote extensions. + +> NOTE: It is very important to state, that neither the vote propagation technique +> nor the vote extension verification mechanism described above is required for +> applications to implement. In other words, a proposer is not required to verify +> and propagate vote extensions along with their signatures nor are proposers +> required to verify those signatures. An application can implement it's own +> PKI mechanism and use that to sign and verify vote extensions. + +#### Vote Extension Persistence + +In certain contexts, it may be useful or necessary for applications to persist +data derived from vote extensions. In order to facilitate this use case, we propose +to allow app developers to define a pre-Blocker hook which will be called +at the very beginning of `FinalizeBlock`, i.e. before `BeginBlock` (see below). + +Note, we cannot allow applications to directly write to the application state +during `ProcessProposal` because during replay, CometBFT will NOT call `ProcessProposal`, +which would result in an incomplete state view. + +```go +func (a MyApp) PreBlocker(ctx sdk.Context, req *abci.RequestFinalizeBlock) error { + voteExts := GetVoteExtensions(ctx, req.Txs) + + // Process and perform some compute on vote extensions, storing any resulting + // state. + if err a.processVoteExtensions(ctx, voteExts); if err != nil { + return err + } +} +``` + +### `FinalizeBlock` + +The existing ABCI methods `BeginBlock`, `DeliverTx`, and `EndBlock` have existed +since the dawn of ABCI-based applications. Thus, applications, tooling, and developers +have grown used to these methods and their use-cases. Specifically, `BeginBlock` +and `EndBlock` have grown to be pretty integral and powerful within ABCI-based +applications. E.g. an application might want to run distribution and inflation +related operations prior to executing transactions and then have staking related +changes to happen after executing all transactions. + +We propose to keep `BeginBlock` and `EndBlock` within the SDK's core module +interfaces only so application developers can continue to build against existing +execution flows. However, we will remove `BeginBlock`, `DeliverTx` and `EndBlock` +from the SDK's `BaseApp` implementation and thus the ABCI surface area. + +What will then exist is a single `FinalizeBlock` execution flow. Specifically, in +`FinalizeBlock` we will execute the application's `BeginBlock`, followed by +execution of all the transactions, finally followed by execution of the application's +`EndBlock`. + +Note, we will still keep the existing transaction execution mechanics within +`BaseApp`, but all notions of `DeliverTx` will be removed, i.e. `deliverState` +will be replace with `finalizeState`, which will be committed on `Commit`. + +However, there are current parameters and fields that exist in the existing +`BeginBlock` and `EndBlock` ABCI types, such as votes that are used in distribution +and byzantine validators used in evidence handling. These parameters exist in the +`FinalizeBlock` request type, and will need to be passed to the application's +implementations of `BeginBlock` and `EndBlock`. + +This means the Cosmos SDK's core module interfaces will need to be updated to +reflect these parameters. The easiest and most straightforward way to achieve +this is to just pass `RequestFinalizeBlock` to `BeginBlock` and `EndBlock`. +Alternatively, we can create dedicated proxy types in the SDK that reflect these +legacy ABCI types, e.g. `LegacyBeginBlockRequest` and `LegacyEndBlockRequest`. Or, +we can come up with new types and names altogether. + +```go +func (app *BaseApp) FinalizeBlock(req abci.RequestFinalizeBlock) (*abci.ResponseFinalizeBlock, error) { + ctx := ... + + if app.preBlocker != nil { + ctx := app.finalizeBlockState.ctx + rsp, err := app.preBlocker(ctx, req) + if err != nil { + return nil, err + } + if rsp.ConsensusParamsChanged { + app.finalizeBlockState.ctx = ctx.WithConsensusParams(app.GetConsensusParams(ctx)) + } + } + beginBlockResp, err := app.beginBlock(req) + appendBlockEventAttr(beginBlockResp.Events, "begin_block") + + txExecResults := make([]abci.ExecTxResult, 0, len(req.Txs)) + for _, tx := range req.Txs { + result := app.runTx(runTxModeFinalize, tx) + txExecResults = append(txExecResults, result) + } + + endBlockResp, err := app.endBlock(app.finalizeBlockState.ctx) + appendBlockEventAttr(beginBlockResp.Events, "end_block") + + return abci.ResponseFinalizeBlock{ + TxResults: txExecResults, + Events: joinEvents(beginBlockResp.Events, endBlockResp.Events), + ValidatorUpdates: endBlockResp.ValidatorUpdates, + ConsensusParamUpdates: endBlockResp.ConsensusParamUpdates, + AppHash: nil, + } +} +``` + +#### Events + +Many tools, indexers and ecosystem libraries rely on the existence `BeginBlock` +and `EndBlock` events. Since CometBFT now only exposes `FinalizeBlockEvents`, we +find that it will still be useful for these clients and tools to still query for +and rely on existing events, especially since applications will still define +`BeginBlock` and `EndBlock` implementations. + +In order to facilitate existing event functionality, we propose that all `BeginBlock` +and `EndBlock` events have a dedicated `EventAttribute` with `key=block` and +`value=begin_block|end_block`. The `EventAttribute` will be appended to each event +in both `BeginBlock` and `EndBlock` events`. + + +### Upgrading + +CometBFT defines a consensus parameter, [`VoteExtensionsEnableHeight`](https://github.com/cometbft/cometbft/blob/v0.38.0-alpha.1/spec/abci/abci%2B%2B_app_requirements.md#abciparamsvoteextensionsenableheight), +which specifies the height at which vote extensions are enabled and **required**. +If the value is set to zero, which is the default, then vote extensions are +disabled and an application is not required to implement and use vote extensions. + +However, if the value `H` is positive, at all heights greater than the configured +height `H` vote extensions must be present (even if empty). When the configured +height `H` is reached, `PrepareProposal` will not include vote extensions yet, +but `ExtendVote` and `VerifyVoteExtension` will be called. Then, when reaching +height `H+1`, `PrepareProposal` will include the vote extensions from height `H`. + +It is very important to note, for all heights after H: + +* Vote extensions CANNOT be disabled +* They are mandatory, i.e. all pre-commit messages sent MUST have an extension + attached (even if empty) + +When an application updates to the Cosmos SDK version with CometBFT v0.38 support, +in the upgrade handler it must ensure to set the consensus parameter +`VoteExtensionsEnableHeight` to the correct value. E.g. if an application is set +to perform an upgrade at height `H`, then the value of `VoteExtensionsEnableHeight` +should be set to any value `>=H+1`. This means that at the upgrade height, `H`, +vote extensions will not be enabled yet, but at height `H+1` they will be enabled. + +## Consequences + +### Backwards Compatibility + +ABCI 2.0 is naturally not backwards compatible with prior versions of the Cosmos SDK +and CometBFT. For example, an application that requests `RequestFinalizeBlock` +to the same application that does not speak ABCI 2.0 will naturally fail. + +In addition, `BeginBlock`, `DeliverTx` and `EndBlock` will be removed from the +application ABCI interfaces and along with the inputs and outputs being modified +in the module interfaces. + +### Positive + +* `BeginBlock` and `EndBlock` semantics remain, so burden on application developers + should be limited. +* Less communication overhead as multiple ABCI requests are condensed into a single + request. +* Sets the groundwork for optimistic execution. +* Vote extensions allow for an entirely new set of application primitives to be + developed, such as in-process price oracles and encrypted mempools. + +### Negative + +* Some existing Cosmos SDK core APIs may need to be modified and thus broken. +* Signature verification in `ProcessProposal` of 100+ vote extension signatures + will add significant performance overhead to `ProcessProposal`. Granted, the + signature verification process can happen concurrently using an error group + with `GOMAXPROCS` goroutines. + +### Neutral + +* Having to manually "inject" vote extensions into the block proposal during + `PrepareProposal` is an awkward approach and takes up block space unnecessarily. +* The requirement of `ResetProcessProposalState` can create a footgun for + application developers if they're not careful, but this is necessary in order + for applications to be able to commit state from vote extension computation. + +## Further Discussions + +Future discussions include design and implementation of ABCI 3.0, which is a +continuation of ABCI++ and the general discussion of optimistic execution. + +## References + +* [ADR 060: ABCI 1.0 (Phase I)](adr-060-abci-1.0.md) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-065-store-v2.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-065-store-v2.md new file mode 100644 index 00000000..8faed046 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-065-store-v2.md @@ -0,0 +1,290 @@ +# ADR-065: Store V2 + +## Changelog + +* Feb 14, 2023: Initial Draft (@alexanderbez) + +## Status + +DRAFT + +## Abstract + +The storage and state primitives that Cosmos SDK based applications have used have +by and large not changed since the launch of the inaugural Cosmos Hub. The demands +and needs of Cosmos SDK based applications, from both developer and client UX +perspectives, have evolved and outgrown the ecosystem since these primitives +were first introduced. + +Over time as these applications have gained significant adoption, many critical +shortcomings and flaws have been exposed in the state and storage primitives of +the Cosmos SDK. + +In order to keep up with the evolving demands and needs of both clients and developers, +a major overhaul to these primitives are necessary. + +## Context + +The Cosmos SDK provides application developers with various storage primitives +for dealing with application state. Specifically, each module contains its own +merkle commitment data structure -- an IAVL tree. In this data structure, a module +can store and retrieve key-value pairs along with Merkle commitments, i.e. proofs, +to those key-value pairs indicating that they do or do not exist in the global +application state. This data structure is the base layer `KVStore`. + +In addition, the SDK provides abstractions on top of this Merkle data structure. +Namely, a root multi-store (RMS) is a collection of each module's `KVStore`. +Through the RMS, the application can serve queries and provide proofs to clients +in addition to provide a module access to its own unique `KVStore` though the use +of `StoreKey`, which is an OCAP primitive. + +There are further layers of abstraction that sit between the RMS and the underlying +IAVL `KVStore`. A `GasKVStore` is responsible for tracking gas IO consumption for +state machine reads and writes. A `CacheKVStore` is responsible for providing a +way to cache reads and buffer writes to make state transitions atomic, e.g. +transaction execution or governance proposal execution. + +There are a few critical drawbacks to these layers of abstraction and the overall +design of storage in the Cosmos SDK: + +* Since each module has its own IAVL `KVStore`, commitments are not [atomic](https://github.com/cosmos/cosmos-sdk/issues/14625) + * Note, we can still allow modules to have their own IAVL `KVStore`, but the + IAVL library will need to support the ability to pass a DB instance as an + argument to various IAVL APIs. +* Since IAVL is responsible for both state storage and commitment, running an + archive node becomes increasingly expensive as disk space grows exponentially. +* As the size of a network increases, various performance bottlenecks start to + emerge in many areas such as query performance, network upgrades, state + migrations, and general application performance. +* Developer UX is poor as it does not allow application developers to experiment + with different types of approaches to storage and commitments, along with the + complications of many layers of abstractions referenced above. + +See the [Storage Discussion](https://github.com/cosmos/cosmos-sdk/discussions/13545) for more information. + +## Alternatives + +There was a previous attempt to refactor the storage layer described in [ADR-040](./adr-040-storage-and-smt-state-commitments.md). +However, this approach mainly stems on the short comings of IAVL and various performance +issues around it. While there was a (partial) implementation of [ADR-040](./adr-040-storage-and-smt-state-commitments.md), +it was never adopted for a variety of reasons, such as the reliance on using an +SMT, which was more in a research phase, and some design choices that couldn't +be fully agreed upon, such as the snap-shotting mechanism that would result in +massive state bloat. + +## Decision + +We propose to build upon some of the great ideas introduced in [ADR-040](./adr-040-storage-and-smt-state-commitments.md), +while being a bit more flexible with the underlying implementations and overall +less intrusive. Specifically, we propose to: + +* Separate the concerns of state commitment (**SC**), needed for consensus, and + state storage (**SS**), needed for state machine and clients. +* Reduce layers of abstractions necessary between the RMS and underlying stores. +* Provide atomic module store commitments by providing a batch database object + to core IAVL APIs. +* Reduce complexities in the `CacheKVStore` implementation while also improving + performance[3]. + +Furthermore, we will keep the IAVL is the backing [commitment](https://cryptography.fandom.com/wiki/Commitment_scheme) +store for the time being. While we might not fully settle on the use of IAVL in +the long term, we do not have strong empirical evidence to suggest a better +alternative. Given that the SDK provides interfaces for stores, it should be sufficient +to change the backing commitment store in the future should evidence arise to +warrant a better alternative. However there is promising work being done to IAVL +that should result in significant performance improvement [1,2]. + +### Separating SS and SC + +By separating SS and SC, it will allow for us to optimize against primary use cases +and access patterns to state. Specifically, The SS layer will be responsible for +direct access to data in the form of (key, value) pairs, whereas the SC layer (IAVL) +will be responsible for committing to data and providing Merkle proofs. + +Note, the underlying physical storage database will be the same between both the +SS and SC layers. So to avoid collisions between (key, value) pairs, both layers +will be namespaced. + +#### State Commitment (SC) + +Given that the existing solution today acts as both SS and SC, we can simply +repurpose it to act solely as the SC layer without any significant changes to +access patterns or behavior. In other words, the entire collection of existing +IAVL-backed module `KVStore`s will act as the SC layer. + +However, in order for the SC layer to remain lightweight and not duplicate a +majority of the data held in the SS layer, we encourage node operators to keep +tight pruning strategies. + +#### State Storage (SS) + +In the RMS, we will expose a *single* `KVStore` backed by the same physical +database that backs the SC layer. This `KVStore` will be explicitly namespaced +to avoid collisions and will act as the primary storage for (key, value) pairs. + +While we most likely will continue the use of `cosmos-db`, or some local interface, +to allow for flexibility and iteration over preferred physical storage backends +as research and benchmarking continues. However, we propose to hardcode the use +of RocksDB as the primary physical storage backend. + +Since the SS layer will be implemented as a `KVStore`, it will support the +following functionality: + +* Range queries +* CRUD operations +* Historical queries and versioning +* Pruning + +The RMS will keep track of all buffered writes using a dedicated and internal +`MemoryListener` for each `StoreKey`. For each block height, upon `Commit`, the +SS layer will write all buffered (key, value) pairs under a [RocksDB user-defined timestamp](https://github.com/facebook/rocksdb/wiki/User-defined-Timestamp-%28Experimental%29) column +family using the block height as the timestamp, which is an unsigned integer. +This will allow a client to fetch (key, value) pairs at historical and current +heights along with making iteration and range queries relatively performant as +the timestamp is the key suffix. + +Note, we choose not to use a more general approach of allowing any embedded key/value +database, such as LevelDB or PebbleDB, using height key-prefixed keys to +effectively version state because most of these databases use variable length +keys which would effectively make actions likes iteration and range queries less +performant. + +Since operators might want pruning strategies to differ in SS compared to SC, +e.g. having a very tight pruning strategy in SC while having a looser pruning +strategy for SS, we propose to introduce an additional pruning configuration, +with parameters that are identical to what exists in the SDK today, and allow +operators to control the pruning strategy of the SS layer independently of the +SC layer. + +Note, the SC pruning strategy must be congruent with the operator's state sync +configuration. This is so as to allow state sync snapshots to execute successfully, +otherwise, a snapshot could be triggered on a height that is not available in SC. + +#### State Sync + +The state sync process should be largely unaffected by the separation of the SC +and SS layers. However, if a node syncs via state sync, the SS layer of the node +will not have the state synced height available, since the IAVL import process is +not setup in way to easily allow direct key/value insertion. A modification of +the IAVL import process would be necessary to facilitate having the state sync +height available. + +Note, this is not problematic for the state machine itself because when a query +is made, the RMS will automatically direct the query correctly (see [Queries](#queries)). + +#### Queries + +To consolidate the query routing between both the SC and SS layers, we propose to +have a notion of a "query router" that is constructed in the RMS. This query router +will be supplied to each `KVStore` implementation. The query router will route +queries to either the SC layer or the SS layer based on a few parameters. If +`prove: true`, then the query must be routed to the SC layer. Otherwise, if the +query height is available in the SS layer, the query will be served from the SS +layer. Otherwise, we fall back on the SC layer. + +If no height is provided, the SS layer will assume the latest height. The SS +layer will store a reverse index to lookup `LatestVersion -> timestamp(version)` +which is set on `Commit`. + +#### Proofs + +Since the SS layer is naturally a storage layer only, without any commitments +to (key, value) pairs, it cannot provide Merkle proofs to clients during queries. + +Since the pruning strategy against the SC layer is configured by the operator, +we can therefore have the RMS route the query SC layer if the version exists and +`prove: true`. Otherwise, the query will fall back to the SS layer without a proof. + +We could explore the idea of using state snapshots to rebuild an in-memory IAVL +tree in real time against a version closest to the one provided in the query. +However, it is not clear what the performance implications will be of this approach. + +### Atomic Commitment + +We propose to modify the existing IAVL APIs to accept a batch DB object instead +of relying on an internal batch object in `nodeDB`. Since each underlying IAVL +`KVStore` shares the same DB in the SC layer, this will allow commits to be +atomic. + +Specifically, we propose to: + +* Remove the `dbm.Batch` field from `nodeDB` +* Update the `SaveVersion` method of the `MutableTree` IAVL type to accept a batch object +* Update the `Commit` method of the `CommitKVStore` interface to accept a batch object +* Create a batch object in the RMS during `Commit` and pass this object to each + `KVStore` +* Write the database batch after all stores have committed successfully + +Note, this will require IAVL to be updated to not rely or assume on any batch +being present during `SaveVersion`. + +## Consequences + +As a result of a new store V2 package, we should expect to see improved performance +for queries and transactions due to the separation of concerns. We should also +expect to see improved developer UX around experimentation of commitment schemes +and storage backends for further performance, in addition to a reduced amount of +abstraction around KVStores making operations such as caching and state branching +more intuitive. + +However, due to the proposed design, there are drawbacks around providing state +proofs for historical queries. + +### Backwards Compatibility + +This ADR proposes changes to the storage implementation in the Cosmos SDK through +an entirely new package. Interfaces may be borrowed and extended from existing +types that exist in `store`, but no existing implementations or interfaces will +be broken or modified. + +### Positive + +* Improved performance of independent SS and SC layers +* Reduced layers of abstraction making storage primitives easier to understand +* Atomic commitments for SC +* Redesign of storage types and interfaces will allow for greater experimentation + such as different physical storage backends and different commitment schemes + for different application modules + +### Negative + +* Providing proofs for historical state is challenging + +### Neutral + +* Keeping IAVL as the primary commitment data structure, although drastic + performance improvements are being made + +## Further Discussions + +### Module Storage Control + +Many modules store secondary indexes that are typically solely used to support +client queries, but are actually not needed for the state machine's state +transitions. What this means is that these indexes technically have no reason to +exist in the SC layer at all, as they take up unnecessary space. It is worth +exploring what an API would look like to allow modules to indicate what (key, value) +pairs they want to be persisted in the SC layer, implicitly indicating the SS +layer as well, as opposed to just persisting the (key, value) pair only in the +SS layer. + +### Historical State Proofs + +It is not clear what the importance or demand is within the community of providing +commitment proofs for historical state. While solutions can be devised such as +rebuilding trees on the fly based on state snapshots, it is not clear what the +performance implications are for such solutions. + +### Physical DB Backends + +This ADR proposes usage of RocksDB to utilize user-defined timestamps as a +versioning mechanism. However, other physical DB backends are available that may +offer alternative ways to implement versioning while also providing performance +improvements over RocksDB. E.g. PebbleDB supports MVCC timestamps as well, but +we'll need to explore how PebbleDB handles compaction and state growth over time. + +## References + +* [1] https://github.com/cosmos/iavl/pull/676 +* [2] https://github.com/cosmos/iavl/pull/664 +* [3] https://github.com/cosmos/cosmos-sdk/issues/14990 diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-068-preblock.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-068-preblock.md new file mode 100644 index 00000000..86692c41 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-068-preblock.md @@ -0,0 +1,61 @@ +# ADR 068: Preblock + +## Changelog + +* Sept 13, 2023: Initial Draft + +## Status + +DRAFT + +## Abstract + +Introduce `PreBlock`, which runs before begin blocker other modules, and allows to modify consensus parameters, and the changes are visible to the following state machine logics. + +## Context + +When upgrading to sdk 0.47, the storage format for consensus parameters changed, but in the migration block, `ctx.ConsensusParams()` is always `nil`, because it fails to load the old format using new code, it's supposed to be migrated by the `x/upgrade` module first, but unfortunately, the migration happens in `BeginBlocker` handler, which runs after the `ctx` is initialized. +When we try to solve this, we find the `x/upgrade` module can't modify the context to make the consensus parameters visible for the other modules, the context is passed by value, and sdk team want to keep it that way, that's good for isolations between modules. + +## Alternatives + +The first alternative solution introduced a `MigrateModuleManager`, which only includes the `x/upgrade` module right now, and baseapp will run their `BeginBlocker`s before the other modules, and reload context's consensus parameters in between. + +## Decision + +Suggested this new lifecycle method. + +### `PreBlocker` + +There are two semantics around the new lifecycle method: + +- It runs before the `BeginBlocker` of all modules +- It can modify consensus parameters in storage, and signal the caller through the return value. + +When it returns `ConsensusParamsChanged=true`, the caller must refresh the consensus parameter in the finalize context: +``` +app.finalizeBlockState.ctx = app.finalizeBlockState.ctx.WithConsensusParams(app.GetConsensusParams()) +``` + +The new ctx must be passed to all the other lifecycle methods. + + +## Consequences + +### Backwards Compatibility + +### Positive + +### Negative + +### Neutral + +## Further Discussions + +## Test Cases + +## References +* [1] https://github.com/cosmos/cosmos-sdk/issues/16494 +* [2] https://github.com/cosmos/cosmos-sdk/pull/16583 +* [3] https://github.com/cosmos/cosmos-sdk/pull/17421 +* [4] https://github.com/cosmos/cosmos-sdk/pull/17713 diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-070-unordered-account.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-070-unordered-account.md new file mode 100644 index 00000000..d4c228d6 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-070-unordered-account.md @@ -0,0 +1,327 @@ +# ADR 070: Unordered Transactions + +## Changelog + +- Dec 4, 2023: Initial Draft (@yihuang, @tac0turtle, @alexanderbez) +- Jan 30, 2024: Include section on deterministic transaction encoding +- Mar 18, 2025: Revise implementation to use Cosmos SDK KV Store and require unique timeouts per-address (@technicallyty) +- Apr 25, 2025: Add note about rejecting unordered txs with sequence values. + +## Status + +ACCEPTED Not Implemented + +## Abstract + +We propose a way to do replay-attack protection without enforcing the order of +transactions and without requiring the use of monotonically increasing sequences. Instead, we propose +the use of a time-based, ephemeral sequence. + +## Context + +Account sequence values serve to prevent replay attacks and ensure transactions from the same sender are included into blocks and executed +in sequential order. Unfortunately, this makes it difficult to reliably send many concurrent transactions from the +same sender. Victims of such limitations include IBC relayers and crypto exchanges. + +## Decision + +We propose adding a boolean field `unordered` and a google.protobuf.Timestamp field `timeout_timestamp` to the transaction body. + +Unordered transactions will bypass the traditional account sequence rules and follow the rules described +below, without impacting traditional ordered transactions which will follow the same sequence rules as before. + +We will introduce new storage of time-based, ephemeral unordered sequences using the SDK's existing KV Store library. +Specifically, we will leverage the existing x/auth KV store to store the unordered sequences. + +When an unordered transaction is included in a block, a concatenation of the `timeout_timestamp` and sender’s address bytes +will be recorded to state (i.e. `542939323/`). In cases of multi-party signing, one entry per signer +will be recorded to state. + +New transactions will be checked against the state to prevent duplicate submissions. To prevent the state from growing indefinitely, we propose the following: + +- Define an upper bound for the value of `timeout_timestamp` (i.e. 10 minutes). +- Add PreBlocker method x/auth that removes state entries with a `timeout_timestamp` earlier than the current block time. + +### Transaction Format + +```protobuf +message TxBody { + ... + + bool unordered = 4; + google.protobuf.Timestamp timeout_timestamp = 5 +} +``` + +### Replay Protection + +We facilitate replay protection by storing the unordered sequence in the Cosmos SDK KV store. Upon transaction ingress, we check if the transaction's unordered +sequence exists in state, or if the TTL value is stale, i.e. before the current block time. If so, we reject it. Otherwise, +we add the unordered sequence to the state. This section of the state will belong to the `x/auth` module. + +The state is evaluated during x/auth's `PreBlocker`. All transactions with an unordered sequence earlier than the current block time +will be deleted. + +```go +func (am AppModule) PreBlock(ctx context.Context) (appmodule.ResponsePreBlock, error) { + err := am.accountKeeper.RemoveExpired(sdk.UnwrapSDKContext(ctx)) + if err != nil { + return nil, err + } + return &sdk.ResponsePreBlock{ConsensusParamsChanged: false}, nil +} +``` + +```golang +package keeper + +import ( + sdk "github.com/cosmos/cosmos-sdk/types" + + "cosmossdk.io/collections" + "cosmossdk.io/core/store" +) + +var ( + // just arbitrarily picking some upper bound number. + unorderedSequencePrefix = collections.NewPrefix(90) +) + +type AccountKeeper struct { + // ... + unorderedSequences collections.KeySet[collections.Pair[uint64, []byte]] +} + +func (m *AccountKeeper) Contains(ctx sdk.Context, sender []byte, timestamp uint64) (bool, error) { + return m.unorderedSequences.Has(ctx, collections.Join(timestamp, sender)) +} + +func (m *AccountKeeper) Add(ctx sdk.Context, sender []byte, timestamp uint64) error { + return m.unorderedSequences.Set(ctx, collections.Join(timestamp, sender)) +} + +func (m *AccountKeeper) RemoveExpired(ctx sdk.Context) error { + blkTime := ctx.BlockTime().UnixNano() + it, err := m.unorderedSequences.Iterate(ctx, collections.NewPrefixUntilPairRange[uint64, []byte](uint64(blkTime))) + if err != nil { + return err + } + defer it.Close() + + keys, err := it.Keys() + if err != nil { + return err + } + + for _, key := range keys { + if err := m.unorderedSequences.Remove(ctx, key); err != nil { + return err + } + } + + return nil +} + +``` + +### AnteHandler Decorator + +To facilitate bypassing nonce verification, we must modify the existing +`IncrementSequenceDecorator` AnteHandler decorator to skip the nonce verification +when the transaction is marked as unordered. + +```golang +func (isd IncrementSequenceDecorator) AnteHandle(ctx sdk.Context, tx sdk.Tx, simulate bool, next sdk.AnteHandler) (sdk.Context, error) { + if tx.UnOrdered() { + return next(ctx, tx, simulate) + } + + // ... +} +``` + +We also introduce a new decorator to perform the unordered transaction verification. + +```golang +package ante + +import ( + "slices" + "strings" + "time" + + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + authkeeper "github.com/cosmos/cosmos-sdk/x/auth/keeper" + authsigning "github.com/cosmos/cosmos-sdk/x/auth/signing" + + errorsmod "cosmossdk.io/errors" +) + +var _ sdk.AnteDecorator = (*UnorderedTxDecorator)(nil) + +// UnorderedTxDecorator defines an AnteHandler decorator that is responsible for +// checking if a transaction is intended to be unordered and, if so, evaluates +// the transaction accordingly. An unordered transaction will bypass having its +// nonce incremented, which allows fire-and-forget transaction broadcasting, +// removing the necessity of ordering on the sender-side. +// +// The transaction sender must ensure that unordered=true and a timeout_height +// is appropriately set. The AnteHandler will check that the transaction is not +// a duplicate and will evict it from state when the timeout is reached. +// +// The UnorderedTxDecorator should be placed as early as possible in the AnteHandler +// chain to ensure that during DeliverTx, the transaction is added to the unordered sequence state. +type UnorderedTxDecorator struct { + // maxUnOrderedTTL defines the maximum TTL a transaction can define. + maxTimeoutDuration time.Duration + txManager authkeeper.UnorderedTxManager +} + +func NewUnorderedTxDecorator( + utxm authkeeper.UnorderedTxManager, +) *UnorderedTxDecorator { + return &UnorderedTxDecorator{ + maxTimeoutDuration: 10 * time.Minute, + txManager: utxm, + } +} + +func (d *UnorderedTxDecorator) AnteHandle( + ctx sdk.Context, + tx sdk.Tx, + _ bool, + next sdk.AnteHandler, +) (sdk.Context, error) { + if err := d.ValidateTx(ctx, tx); err != nil { + return ctx, err + } + return next(ctx, tx, false) +} + +func (d *UnorderedTxDecorator) ValidateTx(ctx sdk.Context, tx sdk.Tx) error { + unorderedTx, ok := tx.(sdk.TxWithUnordered) + if !ok || !unorderedTx.GetUnordered() { + // If the transaction does not implement unordered capabilities or has the + // unordered value as false, we bypass. + return nil + } + + blockTime := ctx.BlockTime() + timeoutTimestamp := unorderedTx.GetTimeoutTimeStamp() + if timeoutTimestamp.IsZero() || timeoutTimestamp.Unix() == 0 { + return errorsmod.Wrap( + sdkerrors.ErrInvalidRequest, + "unordered transaction must have timeout_timestamp set", + ) + } + if timeoutTimestamp.Before(blockTime) { + return errorsmod.Wrap( + sdkerrors.ErrInvalidRequest, + "unordered transaction has a timeout_timestamp that has already passed", + ) + } + if timeoutTimestamp.After(blockTime.Add(d.maxTimeoutDuration)) { + return errorsmod.Wrapf( + sdkerrors.ErrInvalidRequest, + "unordered tx ttl exceeds %s", + d.maxTimeoutDuration.String(), + ) + } + + execMode := ctx.ExecMode() + if execMode == sdk.ExecModeSimulate { + return nil + } + + signerAddrs, err := getSigners(tx) + if err != nil { + return err + } + + for _, signer := range signerAddrs { + contains, err := d.txManager.Contains(ctx, signer, uint64(unorderedTx.GetTimeoutTimeStamp().Unix())) + if err != nil { + return errorsmod.Wrap( + sdkerrors.ErrIO, + "failed to check contains", + ) + } + if contains { + return errorsmod.Wrapf( + sdkerrors.ErrInvalidRequest, + "tx is duplicated for signer %x", signer, + ) + } + + if err := d.txManager.Add(ctx, signer, uint64(unorderedTx.GetTimeoutTimeStamp().Unix())); err != nil { + return errorsmod.Wrap( + sdkerrors.ErrIO, + "failed to add unordered sequence to state", + ) + } + } + + + return nil +} + +func getSigners(tx sdk.Tx) ([][]byte, error) { + sigTx, ok := tx.(authsigning.SigVerifiableTx) + if !ok { + return nil, errorsmod.Wrap(sdkerrors.ErrTxDecode, "invalid tx type") + } + return sigTx.GetSigners() +} + +``` + +### Unordered Sequences + +Unordered sequences provide a simple, straightforward mechanism to protect against both transaction malleability and +transaction duplication. It is important to note that the unordered sequence must still be unique. However, +the value is not required to be strictly increasing as with regular sequences, and the order in which the node receives +the transactions no longer matters. Clients can handle building unordered transactions similarly to the code below: + +```go +for _, tx := range txs { + tx.SetUnordered(true) + tx.SetTimeoutTimestamp(time.Now() + 1 * time.Nanosecond) +} +``` + +We will reject transactions that have both sequence and unordered timeouts set. We do this to avoid assuming the intent of the user. + +### State Management + +The storage of unordered sequences will be facilitated using the Cosmos SDK's KV Store service. + +## Note On Previous Design Iteration + +The previous iteration of unordered transactions worked by using an ad-hoc state-management system that posed severe +risks and a vector for duplicated tx processing. It relied on graceful app closure which would flush the current state +of the unordered sequence mapping. If the 2/3's of the network crashed, and the graceful closure did not trigger, +the system would lose track of all sequences in the mapping, allowing those transactions to be replayed. The +implementation proposed in the updated version of this ADR solves this by writing directly to the Cosmos KV Store. +While this is less performant, for the initial implementation, we opted to choose a safer path and postpone performance optimizations until we have more data on real-world impacts and a more battle-tested approach to optimization. + +Additionally, the previous iteration relied on using hashes to create what we call an "unordered sequence." There are known +issues with transaction malleability in Cosmos SDK signing modes. This ADR gets away from this problem by enforcing +single-use unordered nonces, instead of deriving nonces from bytes in the transaction. + +## Consequences + +### Positive + +* Support unordered transaction inclusion, enabling the ability to "fire and forget" many transactions at once. + +### Negative + +* Requires additional storage overhead. +* Requirement of unique timestamps per transaction causes a small amount of additional overhead for clients. Clients must ensure each transaction's timeout timestamp is different. However, nanosecond differentials suffice. +* Usage of Cosmos SDK KV store is slower in comparison to using a non-merklized store or ad-hoc methods, and block times may slow down as a result. + +## References + +* https://github.com/cosmos/cosmos-sdk/issues/13009 + diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-076-tx-malleability.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-076-tx-malleability.md new file mode 100644 index 00000000..49625d9d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-076-tx-malleability.md @@ -0,0 +1,165 @@ +# Cosmos SDK Transaction Malleability Risk Review and Recommendations + +## Changelog + +* 2025-03-10: Initial draft (@aaronc) + +## Status + +PROPOSED: Not Implemented + +## Abstract + +Several encoding and sign mode related issues have historically resulted in the possibility +that Cosmos SDK transactions may be re-encoded in such a way as to change their hash +(and in rare cases, their meaning) without invalidating the signature. +This document details these cases, their potential risks, the extent to which they have been +addressed, and provides recommendations for future improvements. + +## Review + +One naive assumption about Cosmos SDK transactions is that hashing the raw bytes of a submitted transaction creates a safe unique identifier for the transaction. In reality, there are multiple ways in which transactions could be manipulated to create different transaction bytes (and as a result different hashes) that still pass signature verification. + +This document attempts to enumerate the various potential transaction "malleability" risks that we have identified and the extent to which they have or have not been addressed in various sign modes. We also identify vulnerabilities that could be introduced if developers make changes in the future without careful consideration of the complexities involved with transaction encoding, sign modes and signatures. + +### Risks Associated with Malleability + +The malleability of transactions poses the following potential risks to end users: +* unsigned data could get added to transactions and be processed by state machines +* clients often rely on transaction hashes for checking transaction status, but whether or not submitted transaction hashes match processed transaction hashes depends primarily on good network actors rather than fundamental protocol guarantees +* transactions could potentially get executed more than once (faulty replay protection) + +If a client generates a transaction, keeps a record of its hash and then attempts to query nodes to check the transaction's status, this process may falsely conclude that the transaction had not been processed if an intermediary +processor decoded and re-encoded the transaction with different encoding rules (either maliciously or unintentionally). +As long as no malleability is present in the signature bytes themselves, clients _should_ query transactions by signature instead of hash. + +Not being cognizant of this risk may lead clients to submit the same transaction multiple times if they believe that +earlier transactions had failed or gotten lost in processing. +This could be an attack vector against users if wallets primarily query transactions by hash. + +If the state machine were to rely on transaction hashes as a replay mechanism itself, this would be faulty and not +provide the intended replay protection. Instead, the state machine should rely on deterministic representations of +transactions rather than the raw encoding, or other nonces, +if they want to provide some replay protection that doesn't rely on a monotonically +increasing account sequence number. + + +### Sources of Malleability + +#### Non-deterministic Protobuf Encoding + +Cosmos SDK transactions are encoded using protobuf binary encoding when they are submitted to the network. Protobuf binary is not inherently a deterministic encoding meaning that the same logical payload could have several valid bytes representations. In a basic sense, this means that protobuf in general can be decoded and re-encoded to produce a different byte stream (and thus different hash) without changing the logical meaning of the bytes. [ADR 027: Deterministic Protobuf Serialization](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-027-deterministic-protobuf-serialization.md) describes in detail what needs to be done to produce what we consider to be a "canonical", deterministic protobuf serialization. Briefly, the following sources of malleability at the encoding level have been identified and are addressed by this specification: +* fields can be emitted in any order +* default field values can be included or omitted, and this doesn't change meaning unless `optional` is used +* `repeated` fields of scalars may use packed or "regular" encoding +* `varint`s can include extra ignored bits +* extra fields may be added and are usually simply ignored by decoders. [ADR 020](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-020-protobuf-transaction-encoding.md#unknown-field-filtering) specifies that in general such extra fields should cause messages and transactions to be rejected) + +When using `SIGN_MODE_DIRECT` none of the above malleabilities will be tolerated because: +* signatures of messages and extensions must be done over the raw encoded bytes of those fields +* the outer tx envelope (`TxRaw`) must follow ADR 027 rules or be rejected + +Transactions signed with `SIGN_MODE_LEGACY_AMINO_JSON`, however, have no way of protecting against the above malleabilities because what is signed is a JSON representation of the logical contents of the transaction. These logical contents could have any number of valid protobuf binary encodings, so in general there are no guarantees regarding transaction hash with Amino JSON signing. + +In addition to being aware of the general non-determinism of protobuf binary, developers need to pay special attention to make sure that unknown protobuf fields get rejected when developing new capabilities related to protobuf transactions. The protobuf serialization format was designed with the assumption that unknown data known to encoders could safely be ignored by decoders. This assumption may have been fairly safe within the walled garden of Google's centralized infrastructure. However, in distributed blockchain systems, this assumption is generally unsafe. If a newer client encodes a protobuf message with data intended for a newer server, it is not safe for an older server to simply ignore and discard instructions that it does not understand. These instructions could include critical information that the transaction signer is relying upon and just assuming that it is unimportant is not safe. + +[ADR 020](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-020-protobuf-transaction-encoding.md#unknown-field-filtering) specifies some provisions for "non-critical" fields which can safely be ignored by older servers. In practice, I have not seen any valid usages of this. It is something in the design that maintainers should be aware of, but it may not be necessary or even 100% safe. + +#### Non-deterministic Value Encoding + +In addition to the non-determinism present in protobuf binary itself, some protobuf field data is encoded using a micro-format which itself may not be deterministic. Consider for instance integer or decimal encoding. Some decoders may allow for the presence of leading or trailing zeros without changing the logical meaning, ex. `00100` vs `100` or `100.00` vs `100`. So if a sign mode encodes numbers deterministically, but decoders accept multiple representations, +a user may sign over the value `100` while `0100` gets encoded. This would be possible with Amino JSON to the extent that the integer decoder accepts leading zeros. I believe the current `Int` implementation will reject this, however, it is +probably possible to encode a octal or hexadecimal representation in the transaction whereas the user signs over a decimal integer. + +#### Signature Encoding + +Signatures themselves are encoded using a micro-format specific to the signature algorithm being used and sometimes these +micro-formats can allow for non-determinism (multiple valid bytes for the same signature). +Most of the signature algorithms supported by the SDK should reject non-canonical bytes in their current implementation. +However, the `Multisignature` protobuf type uses normal protobuf encoding and there is no check as to whether the +decoded bytes followed canonical ADR 027 rules or not. Therefore, multisig transactions can have malleability in +their signatures. +Any new or custom signature algorithms must make sure that they reject any non-canonical bytes, otherwise even +with `SIGN_MODE_DIRECT` there can be transaction hash malleability by re-encoding signatures with a non-canonical +representation. + +#### Fields not covered by Amino JSON + +Another area that needs to be addressed carefully is the discrepancy between `AminoSignDoc`(see [`aminojson.proto`](../../x/tx/signing/aminojson/internal/aminojsonpb/aminojson.proto)) used for `SIGN_MODE_LEGACY_AMINO_JSON` and the actual contents of `TxBody` and `AuthInfo` (see [`tx.proto`](../../proto/cosmos/tx/v1beta1/tx.proto)). +If fields get added to `TxBody` or `AuthInfo`, they must either have a corresponding representing in `AminoSignDoc` or Amino JSON signatures must be rejected when those new fields are set. Making sure that this is done is a +highly manual process, and developers could easily make the mistake of updating `TxBody` or `AuthInfo` +without paying any attention to the implementation of `GetSignBytes` for Amino JSON. This is a critical +vulnerability in which unsigned content can now get into the transaction and signature verification will +pass. + +## Sign Mode Summary and Recommendations + +The sign modes officially supported by the SDK are `SIGN_MODE_DIRECT`, `SIGN_MODE_TEXTUAL`, `SIGN_MODE_DIRECT_AUX`, +and `SIGN_MODE_LEGACY_AMINO_JSON`. +`SIGN_MODE_LEGACY_AMINO_JSON` is used commonly by wallets and is currently the only sign mode supported on Nano Ledger hardware devices +(although `SIGN_MODE_TEXTUAL` was designed to also support hardware devices). +`SIGN_MODE_DIRECT` is the simplest sign mode and its usage is also fairly common. +`SIGN_MODE_DIRECT_AUX` is a variant of `SIGN_MODE_DIRECT` that can be used by auxiliary signers in a multi-signer +transaction by those signers who are not paying gas. +`SIGN_MODE_TEXTUAL` was intended as a replacement for `SIGN_MODE_LEGACY_AMINO_JSON`, but as far as we know it +has not been adopted by any clients yet and thus is not in active use. + +All known malleability concerns have been addressed in the current implementation of `SIGN_MODE_DIRECT`. +The only known malleability that could occur with a transaction signed with `SIGN_MODE_DIRECT` would +need to be in the signature bytes themselves. +Since signatures are not signed over, it is impossible for any sign mode to address this directly +and instead signature algorithms need to take care to reject any non-canonically encoded signature bytes +to prevent malleability. +For the known malleability of the `Multisignature` type, we should make sure that any valid signatures +were encoded following canonical ADR 027 rules when doing signature verification. + +`SIGN_MODE_DIRECT_AUX` provides the same level of safety as `SIGN_MODE_DIRECT` because +* the raw encoded `TxBody` bytes are signed over in `SignDocDirectAux`, and +* a transaction using `SIGN_MODE_DIRECT_AUX` still requires the primary signer to sign the transaction with `SIGN_MODE_DIRECT` + +`SIGN_MODE_TEXTUAL` also provides the same level of safety as `SIGN_MODE_DIRECT` because the hash of the raw encoded +`TxBody` and `AuthInfo` bytes are signed over. + +Unfortunately, the vast majority of unaddressed malleability risks affect `SIGN_MODE_LEGACY_AMINO_JSON` and this +sign mode is still commonly used. +It is recommended that the following improvements be made to Amino JSON signing: +* hashes of `TxBody` and `AuthInfo` should be added to `AminoSignDoc` so that encoding-level malleablity is addressed +* when constructing `AminoSignDoc`, [protoreflect](https://pkg.go.dev/google.golang.org/protobuf/reflect/protoreflect) API should be used to ensure that there no fields in `TxBody` or `AuthInfo` which do not have a mapping in `AminoSignDoc` have been set +* fields present in `TxBody` or `AuthInfo` that are not present in `AminoSignDoc` (such as extension options) should +be added to `AminoSignDoc` if possible + +## Testing + +To test that transactions are resistant to malleability, +we can develop a test suite to run against all sign modes that +attempts to manipulate transaction bytes in the following ways: +- changing protobuf encoding by + - reordering fields + - setting default values + - adding extra bits to varints, or + - setting new unknown fields +- modifying integer and decimal values encoded as strings with leading or trailing zeros + +Whenever any of these manipulations is done, we should observe that the sign doc bytes for the sign mode being +tested also change, meaning that the corresponding signatures will also have to change. + +In the case of Amino JSON, we should also develop tests which ensure that if any `TxBody` or `AuthInfo` +field not supported by Amino's `AminoSignDoc` is set that signing fails. + +In the general case of transaction decoding, we should have unit tests to ensure that +- any `TxRaw` bytes which do not follow ADR 027 canonical encoding cause decoding to fail, and +- any top-level transaction elements including `TxBody`, `AuthInfo`, public keys, and messages which +have unknown fields set cause the transaction to be rejected +(this ensures that ADR 020 unknown field filtering is properly applied) + +For each supported signature algorithm, +there should also be unit tests to ensure that signatures must be encoded canonically +or get rejected. + +## References + +* [ADR 027: Deterministic Protobuf Serialization](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-027-deterministic-protobuf-serialization.md) +* [ADR 020](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-020-protobuf-transaction-encoding.md#unknown-field-filtering) +* [`aminojson.proto`](../../x/tx/signing/aminojson/internal/aminojsonpb/aminojson.proto) +* [`tx.proto`](../../proto/cosmos/tx/v1beta1/tx.proto) + diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-template.md b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-template.md new file mode 100644 index 00000000..04b0450c --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/architecture/adr-template.md @@ -0,0 +1,83 @@ +# ADR {ADR-NUMBER}: {TITLE} + +## Changelog + +* {date}: {changelog} + +## Status + +{DRAFT | PROPOSED} Not Implemented + +> Please have a look at the [PROCESS](./PROCESS.md#adr-status) page. +> Use DRAFT if the ADR is in a draft stage (draft PR) or PROPOSED if it's in review. + +## Abstract + +> "If you can't explain it simply, you don't understand it well enough." Provide +> a simplified and layman-accessible explanation of the ADR. +> A short (~200 word) description of the issue being addressed. + +## Context + +> This section describes the forces at play, including technological, political, +> social, and project local. These forces are probably in tension, and should be +> called out as such. The language in this section is value-neutral. It is simply +> describing facts. It should clearly explain the problem and motivation that the +> proposal aims to resolve. +> {context body} + +## Alternatives + +> This section describes alternative designs to the chosen design. This section +> is important and if an adr does not have any alternatives then it should be +> considered that the ADR was not thought through. + +## Decision + +> This section describes our response to these forces. It is stated in full +> sentences, with active voice. "We will ..." +> {decision body} + +## Consequences + +> This section describes the resulting context, after applying the decision. All +> consequences should be listed here, not just the "positive" ones. A particular +> decision may have positive, negative, and neutral consequences, but all of them +> affect the team and project in the future. + +### Backwards Compatibility + +> All ADRs that introduce backwards incompatibilities must include a section +> describing these incompatibilities and their severity. The ADR must explain +> how the author proposes to deal with these incompatibilities. ADR submissions +> without a sufficient backwards compatibility treatise may be rejected outright. + +### Positive + +> {positive consequences} + +### Negative + +> {negative consequences} + +### Neutral + +> {neutral consequences} + +## Further Discussions + +> While an ADR is in the DRAFT or PROPOSED stage, this section should contain a +> summary of issues to be solved in future iterations (usually referencing comments +> from a pull-request discussion). +> +> Later, this section can optionally list ideas or improvements the author or +> reviewers found during the analysis of this ADR. + +## Test Cases [optional] + +Test cases for an implementation are mandatory for ADRs that are affecting consensus +changes. Other ADRs can choose to include links to test cases if applicable. + +## References + +* {reference link} diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/build.md b/copy-of-sdk-versioned_docs/version-0.53/build/build.md new file mode 100644 index 00000000..60fe4c3b --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/build.md @@ -0,0 +1,13 @@ +--- +sidebar_position: 0 +--- + +# Build + +* [Building Apps](./building-apps/00-app-go.md) - The documentation in this section will guide you through the process of developing your dApp using the Cosmos SDK framework. +* [Modules](./modules/README.md) - Information about the various modules available in the Cosmos SDK: Auth, Authz, Bank, Circuit, Consensus, Distribution, Epochs, Evidence, Feegrant, Governance, Group, Mint, NFT, Protocolpool, Slashing, Staking, Upgrade, Genutil. +* [Migrations](./migrations/01-intro.md) - See what has been updated in each release the process of the transition between versions. +* [Packages](./packages/README.md) - Explore a curated collection of pre-built modules and functionalities, streamlining the development process. +* [Tooling](./tooling/README.md) - A suite of utilities designed to enhance the development workflow, optimizing the efficiency of Cosmos SDK-based projects. +* [ADR's](./architecture/README.md) - Provides a structured repository of key decisions made during the development process, which have been documented and offers rationale behind key decisions being made. +* [REST API](https://docs.cosmos.network/api) - A comprehensive reference for the application programming interfaces (APIs) provided by the SDK. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-apps/00-app-go.md b/copy-of-sdk-versioned_docs/version-0.53/build/building-apps/00-app-go.md new file mode 100644 index 00000000..5a0524f3 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-apps/00-app-go.md @@ -0,0 +1,14 @@ +--- +sidebar_position: 1 +--- + +# Overview of `app.go` + +This section is intended to provide an overview of the `SimApp` `app.go` file and is still a work in progress. +For now please instead read the [tutorials](https://tutorials.cosmos.network) for a deep dive on how to build a chain. + +## Complete `app.go` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/app.go +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-apps/00-runtime.md b/copy-of-sdk-versioned_docs/version-0.53/build/building-apps/00-runtime.md new file mode 100644 index 00000000..44a25a67 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-apps/00-runtime.md @@ -0,0 +1,152 @@ +--- +sidebar_position: 1 +--- + +# What is `runtime`? + +The `runtime` package in the Cosmos SDK provides a flexible framework for configuring and managing blockchain applications. It serves as the foundation for creating modular blockchain applications using a declarative configuration approach. + +## Overview + +The runtime package acts as a wrapper around the `BaseApp` and `ModuleManager`, offering a hybrid approach where applications can be configured both declaratively through configuration files and programmatically through traditional methods. +It is a layer of abstraction between `baseapp` and the application modules that simplifies the process of building a Cosmos SDK application. + +## Core Components + +### App Structure + +The runtime App struct contains several key components: + +```go +type App struct { + *baseapp.BaseApp + ModuleManager *module.Manager + configurator module.Configurator + config *runtimev1alpha1.Module + storeKeys []storetypes.StoreKey + // ... other fields +} +``` + +Cosmos SDK applications should embed the `*runtime.App` struct to leverage the runtime module. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/app_di.go#L60-L61 +``` + +### Configuration + +The runtime module is configured using App Wiring. The main configuration object is the [`Module` message](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/proto/cosmos/app/runtime/v1alpha1/module.proto), which supports the following key settings: + +* `app_name`: The name of the application +* `begin_blockers`: List of module names to call during BeginBlock +* `end_blockers`: List of module names to call during EndBlock +* `init_genesis`: Order of module initialization during genesis +* `export_genesis`: Order for exporting module genesis data +* `pre_blockers`: Modules to execute before block processing + +Learn more about wiring `runtime` in the [next section](./01-app-go-di.md). + +#### Store Configuration + +By default, the runtime module uses the module name as the store key. +However it provides a flexible store key configuration through: + +* `override_store_keys`: Allows customizing module store keys +* `skip_store_keys`: Specifies store keys to skip during keeper construction + +Example configuration: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/app_config.go#L133-L138 +``` + +## Key Features + +### 1. BaseApp and other Core SDK components integration + +The runtime module integrates with the `BaseApp` and other core SDK components to provide a seamless experience for developers. + +The developer only needs to embed the `runtime.App` struct in their application to leverage the runtime module. +The configuration of the module manager and other core components is handled internally via the [`AppBuilder`](#4-application-building). + +### 2. Module Registration + +Runtime has built-in support for [`depinject`-enabled modules](../building-modules/15-depinject.md). +Such modules can be registered through the configuration file (often named `app_config.go`), with no additional code required. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/app_config.go#L210-L216 +``` + +Additionally, the runtime package facilitates manual module registration through the `RegisterModules` method. This is the primary integration point for modules not registered via configuration. + +:::warning +Even when using manual registration, the module should still be configured in the `Module` message in AppConfig. +::: + +```go +func (a *App) RegisterModules(modules ...module.AppModule) error +``` + +The SDK recommends using the declarative approach with `depinject` for module registration whenever possible. + +### 3. Service Registration + +Runtime registers all [core services](https://pkg.go.dev/cosmossdk.io/core) required by modules. +These services include `store`, `event manager`, `context`, and `logger`. +Runtime ensures that services are scoped to their respective modules during the wiring process. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/runtime/module.go#L201-L235 +``` + +Additionally, runtime provides automatic registration of other essential (i.e., gRPC routes) services available to the App: + +* AutoCLI Query Service +* Reflection Service +* Custom module services + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/runtime/builder.go#L52-L54 +``` + +### 4. Application Building + +The `AppBuilder` type provides a structured way to build applications: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/runtime/builder.go#L14-L19 +``` + +Key building steps: + +1. Configuration loading +2. Module registration +3. Service setup +4. Store mounting +5. Router configuration + +An application only needs to call `AppBuilder.Build` to create a fully configured application (`runtime.App`). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/runtime/builder.go#L26-L57 +``` + +More information on building applications can be found in the [next section](./02-app-building.md). + +## Best Practices + +1. **Module Order**: Carefully consider the order of modules in begin_blockers, end_blockers, and pre_blockers. +2. **Store Keys**: Use override_store_keys only when necessary to maintain clarity +3. **Genesis Order**: Maintain correct initialization order in init_genesis +4. **Migration Management**: Use order_migrations to control upgrade paths + +### Migration Considerations + +When upgrading between versions: + +1. Review the migration order specified in `order_migrations` +2. Ensure all required modules are included in the configuration +3. Validate store key configurations +4. Test the upgrade path thoroughly diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-apps/01-app-go-di.md b/copy-of-sdk-versioned_docs/version-0.53/build/building-apps/01-app-go-di.md new file mode 100644 index 00000000..34b27da5 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-apps/01-app-go-di.md @@ -0,0 +1,164 @@ +--- +sidebar_position: 1 +--- + +# Overview of `app_di.go` + +:::note Synopsis + +The Cosmos SDK allows much easier wiring of an `app.go` thanks to [runtime](./00-runtime.md) and app wiring. +Learn more about the rationale of App Wiring in [ADR-057](../architecture/adr-057-app-wiring.md). + +::: + +:::note Pre-requisite Readings + +* [What is `runtime`?](./00-runtime.md) +* [Depinject documentation](../packages/01-depinject.md) +* [Modules depinject-ready](../building-modules/15-depinject.md) +* [ADR 057: App Wiring](../architecture/adr-057-app-wiring.md) + +::: + +This section is intended to provide an overview of the `SimApp` `app_di.go` file with App Wiring. + +## `app_config.go` + +The `app_config.go` file is the single place to configure all modules parameters. + +1. Create the `AppConfig` variable: + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/simapp/app_config.go#L289-L303 + ``` + + Where the `appConfig` combines the [runtime](./00-runtime.md) configuration and the (extra) modules configuration. + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/simapp/app_di.go#L113-L161 + ``` + +2. Configure the `runtime` module: + + In this configuration, the order at which the modules are defined in PreBlockers, BeginBlocks, and EndBlockers is important. + They are named in the order they should be executed by the module manager. + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/simapp/app_config.go#L103-L188 + ``` + +3. Wire the other modules: + + Next to runtime, the other (depinject-enabled) modules are wired in the `AppConfig`: + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/simapp/app_config.go#L103-L286 + ``` + + Note: the `tx` isn't a module, but a configuration. It should be wired in the `AppConfig` as well. + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/simapp/app_config.go#L222-L227 + ``` + +See the complete `app_config.go` file for `SimApp` [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/simapp/app_config.go). + +### Alternative formats + +:::tip +The example above shows how to create an `AppConfig` using Go. However, it is also possible to create an `AppConfig` using YAML, or JSON. +The configuration can then be embed with `go:embed` and read with [`appconfig.LoadYAML`](https://pkg.go.dev/cosmossdk.io/core/appconfig#LoadYAML), or [`appconfig.LoadJSON`](https://pkg.go.dev/cosmossdk.io/core/appconfig#LoadJSON), in `app_di.go`. + +```go +//go:embed app_config.yaml +var ( + appConfigYaml []byte + appConfig = appconfig.LoadYAML(appConfigYaml) +) +``` + +::: + +```yaml +modules: + - name: runtime + config: + "@type": cosmos.app.runtime.v1alpha1.Module + app_name: SimApp + begin_blockers: [staking, auth, bank] + end_blockers: [bank, auth, staking] + init_genesis: [bank, auth, staking] + - name: auth + config: + "@type": cosmos.auth.module.v1.Module + bech32_prefix: cosmos + - name: bank + config: + "@type": cosmos.bank.module.v1.Module + - name: staking + config: + "@type": cosmos.staking.module.v1.Module + - name: tx + config: + "@type": cosmos.tx.module.v1.Module +``` + +A more complete example of `app.yaml` can be found [here](https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/simapp/example_app.yaml). + +## `app_di.go` + +`app_di.go` is the place where `SimApp` is constructed. `depinject.Inject` automatically wires the app modules and keepers when provided with an application configuration (`AppConfig`). `SimApp` is constructed upon calling the injected `*runtime.AppBuilder` with `appBuilder.Build(...)`. +In short `depinject` and the [`runtime` package](./00-runtime.md) abstract the wiring of the app, and the `AppBuilder` is the place where the app is constructed. [`runtime`](./00-runtime.md) takes care of registering the codecs, KV store, subspaces and instantiating `baseapp`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/simapp/app_di.go#L100-L270 +``` + +:::warning +When using `depinject.Inject`, the injected types must be pointers. +::: + +### Advanced Configuration + +In advanced cases, it is possible to inject extra (module) configuration in a way that is not (yet) supported by `AppConfig`. +In this case, use `depinject.Configs` for combining the extra configuration, and `AppConfig` and `depinject.Supply` for providing the extra configuration. +More information on how `depinject.Configs` and `depinject.Supply` function can be found in the [`depinject` documentation](https://pkg.go.dev/cosmossdk.io/depinject). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/simapp/app_di.go#L114-L162 +``` + +### Registering non app wiring modules + +It is possible to combine app wiring / depinject enabled modules with non-app wiring modules. +To do so, use the `app.RegisterModules` method to register the modules on your app, as well as `app.RegisterStores` for registering the extra stores needed. + +```go +// .... +app.App = appBuilder.Build(db, traceStore, baseAppOptions...) + +// register module manually +app.RegisterStores(storetypes.NewKVStoreKey(example.ModuleName)) +app.ExampleKeeper = examplekeeper.NewKeeper(app.appCodec, app.AccountKeeper.AddressCodec(), runtime.NewKVStoreService(app.GetKey(example.ModuleName)), authtypes.NewModuleAddress(govtypes.ModuleName).String()) +exampleAppModule := examplemodule.NewAppModule(app.ExampleKeeper) +if err := app.RegisterModules(&exampleAppModule); err != nil { + panic(err) +} + +// .... +``` + +:::warning +When using AutoCLI and combining app wiring and non-app wiring modules. The AutoCLI options should be manually constructed instead of injected. +Otherwise it will miss the non depinject modules and not register their CLI. +::: + +### Complete `app_di.go` + +:::tip +Note that in the complete `SimApp` `app_di.go` file, testing utilities are also defined, but they could as well be defined in a separate file. +::: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/simapp/app_di.go +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-apps/02-app-mempool.md b/copy-of-sdk-versioned_docs/version-0.53/build/building-apps/02-app-mempool.md new file mode 100644 index 00000000..c2256edf --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-apps/02-app-mempool.md @@ -0,0 +1,94 @@ +--- +sidebar_position: 1 +--- + +# Application Mempool + +:::note Synopsis +This section describes how the app-side mempool can be used and replaced. +::: + +Since `v0.47` the application has its own mempool to allow much more granular +block building than previous versions. This change was enabled by +[ABCI 1.0](https://github.com/cometbft/cometbft/blob/v0.37.0/spec/abci). +Notably it introduces the `PrepareProposal` and `ProcessProposal` steps of ABCI++. + +:::note Pre-requisite Readings + +* [BaseApp](../../learn/advanced/00-baseapp.md) +* [ABCI](../abci/00-introduction.md) + +::: + +## Mempool + +There are countless designs that an application developer can write for a mempool, the SDK opted to provide only simple mempool implementations. +Namely, the SDK provides the following mempools: + +* [No-op Mempool](#no-op-mempool) +* [Sender Nonce Mempool](#sender-nonce-mempool) +* [Priority Nonce Mempool](#priority-nonce-mempool) + +By default, the SDK uses the [No-op Mempool](#no-op-mempool), but it can be replaced by the application developer in [`app.go`](./01-app-go-di.md): + +```go +nonceMempool := mempool.NewSenderNonceMempool() +mempoolOpt := baseapp.SetMempool(nonceMempool) +baseAppOptions = append(baseAppOptions, mempoolOpt) +``` + +### No-op Mempool + +A no-op mempool is a mempool where transactions are completely discarded and ignored when BaseApp interacts with the mempool. +When this mempool is used, it is assumed that an application will rely on CometBFT's transaction ordering defined in `RequestPrepareProposal`, +which is FIFO-ordered by default. + +> Note: If a NoOp mempool is used, PrepareProposal and ProcessProposal both should be aware of this as +> PrepareProposal could include transactions that could fail verification in ProcessProposal. + +### Sender Nonce Mempool + +The nonce mempool is a mempool that keeps transactions from an sorted by nonce in order to avoid the issues with nonces. +It works by storing the transaction in a list sorted by the transaction nonce. When the proposer asks for transactions to be included in a block it randomly selects a sender and gets the first transaction in the list. It repeats this until the mempool is empty or the block is full. + +It is configurable with the following parameters: + +#### MaxTxs + +It is an integer value that sets the mempool in one of three modes, *bounded*, *unbounded*, or *disabled*. + +* **negative**: Disabled, mempool does not insert new transaction and return early. +* **zero**: Unbounded mempool has no transaction limit and will never fail with `ErrMempoolTxMaxCapacity`. +* **positive**: Bounded, it fails with `ErrMempoolTxMaxCapacity` when `maxTx` value is the same as `CountTx()` + +#### Seed + +Set the seed for the random number generator used to select transactions from the mempool. + +### Priority Nonce Mempool + +The [priority nonce mempool](https://github.com/cosmos/cosmos-sdk/blob/main/types/mempool/priority_nonce_spec.md) is a mempool implementation that stores txs in a partially ordered set by 2 dimensions: + +* priority +* sender-nonce (sequence number) + +Internally it uses one priority ordered [skip list](https://pkg.go.dev/github.com/huandu/skiplist) and one skip list per sender ordered by sender-nonce (sequence number). When there are multiple txs from the same sender, they are not always comparable by priority to other sender txs and must be partially ordered by both sender-nonce and priority. + +It is configurable with the following parameters: + +#### MaxTxs + +It is an integer value that sets the mempool in one of three modes, *bounded*, *unbounded*, or *disabled*. + +* **negative**: Disabled, mempool does not insert new transaction and return early. +* **zero**: Unbounded mempool has no transaction limit and will never fail with `ErrMempoolTxMaxCapacity`. +* **positive**: Bounded, it fails with `ErrMempoolTxMaxCapacity` when `maxTx` value is the same as `CountTx()` + +#### Callback + +The priority nonce mempool provides mempool options allowing the application sets callback(s). + +* **OnRead**: Set a callback to be called when a transaction is read from the mempool. +* **TxReplacement**: Sets a callback to be called when duplicated transaction nonce detected during mempool insert. Application can define a transaction replacement rule based on tx priority or certain transaction fields. + +More information on the SDK mempool implementation can be found in the [godocs](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/types/mempool). diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-apps/03-app-upgrade.md b/copy-of-sdk-versioned_docs/version-0.53/build/building-apps/03-app-upgrade.md new file mode 100644 index 00000000..bafe968d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-apps/03-app-upgrade.md @@ -0,0 +1,218 @@ +--- +sidebar_position: 1 +--- + +# Application Upgrade + +:::note +This document describes how to upgrade your application. If you are looking specifically for the changes to perform between SDK versions, see the [SDK migrations documentation](https://docs.cosmos.network/main/migrations/intro). +::: + +:::warning +This section is currently incomplete. Track the progress of this document [here](https://github.com/cosmos/cosmos-sdk/issues/11504). +::: + +:::note Pre-requisite Readings + +* [`x/upgrade` Documentation](https://docs.cosmos.network/main/modules/upgrade) + +::: + +## General Workflow + +Let's assume we are running v0.38.0 of our software in our testnet and want to upgrade to v0.40.0. +How would this look in practice? First, we want to finalize the v0.40.0 release candidate +and then install a specially named upgrade handler (eg. "testnet-v2" or even "v0.40.0"). An upgrade +handler should be defined in a new version of the software to define what migrations +to run to migrate from the older version of the software. Naturally, this is app-specific rather +than module specific, and must be defined in `app.go`, even if it imports logic from various +modules to perform the actions. You can register them with `upgradeKeeper.SetUpgradeHandler` +during the app initialization (before starting the abci server), and they serve not only to +perform a migration, but also to identify if this is the old or new version (eg. presence of +a handler registered for the named upgrade). + +Once the release candidate along with an appropriate upgrade handler is frozen, +we can have a governance vote to approve this upgrade at some future block height (e.g. 200000). +This is known as an upgrade.Plan. The v0.38.0 code will not know of this handler, but will +continue to run until block 200000, when the plan kicks in at `BeginBlock`. It will check +for the existence of the handler, and finding it missing, know that it is running the obsolete software, +and gracefully exit. + +Generally the application binary will restart on exit, but then will execute this BeginBlocker +again and exit, causing a restart loop. Either the operator can manually install the new software, +or you can make use of an external watcher daemon to possibly download and then switch binaries, +also potentially doing a backup. The SDK tool for doing such, is called [Cosmovisor](https://docs.cosmos.network/main/tooling/cosmovisor). + +When the binary restarts with the upgraded version (here v0.40.0), it will detect we have registered the +"testnet-v2" upgrade handler in the code, and realize it is the new version. It then will run the upgrade handler +and *migrate the database in-place*. Once finished, it marks the upgrade as done, and continues processing +the rest of the block as normal. Once 2/3 of the voting power has upgraded, the blockchain will immediately +resume the consensus mechanism. If the majority of operators add a custom `do-upgrade` script, this should +be a matter of minutes and not even require them to be awake at that time. + +## Integrating With An App + +:::tip +The following is not required for users using `depinject`, this is abstracted for them. +::: + +In addition to basic module wiring, setup the upgrade Keeper for the app and then define a `PreBlocker` that calls the upgrade +keeper's PreBlocker method: + +```go +func (app *myApp) PreBlocker(ctx sdk.Context, req req.RequestFinalizeBlock) (*sdk.ResponsePreBlock, error) { + // For demonstration sake, the app PreBlocker only returns the upgrade module pre-blocker. + // In a real app, the module manager should call all pre-blockers + // return app.ModuleManager.PreBlock(ctx, req) + return app.upgradeKeeper.PreBlocker(ctx, req) +} +``` + +The app must then integrate the upgrade keeper with its governance module as appropriate. The governance module +should call ScheduleUpgrade to schedule an upgrade and ClearUpgradePlan to cancel a pending upgrade. + +## Performing Upgrades + +Upgrades can be scheduled at a predefined block height. Once this block height is reached, the +existing software will cease to process ABCI messages and a new version with code that handles the upgrade must be deployed. +All upgrades are coordinated by a unique upgrade name that cannot be reused on the same blockchain. In order for the upgrade +module to know that the upgrade has been safely applied, a handler with the name of the upgrade must be installed. +Here is an example handler for an upgrade named "my-fancy-upgrade": + +```go +app.upgradeKeeper.SetUpgradeHandler("my-fancy-upgrade", func(ctx context.Context, plan upgrade.Plan) { + // Perform any migrations of the state store needed for this upgrade +}) +``` + +This upgrade handler performs the dual function of alerting the upgrade module that the named upgrade has been applied, +as well as providing the opportunity for the upgraded software to perform any necessary state migrations. Both the halt +(with the old binary) and applying the migration (with the new binary) are enforced in the state machine. Actually +switching the binaries is an ops task and not handled inside the sdk / abci app. + +Here is a sample code to set store migrations with an upgrade: + +```go +// this configures a no-op upgrade handler for the "my-fancy-upgrade" upgrade +app.UpgradeKeeper.SetUpgradeHandler("my-fancy-upgrade", func(ctx context.Context, plan upgrade.Plan) { + // upgrade changes here +}) +upgradeInfo, err := app.UpgradeKeeper.ReadUpgradeInfoFromDisk() +if err != nil { + // handle error +} +if upgradeInfo.Name == "my-fancy-upgrade" && !app.UpgradeKeeper.IsSkipHeight(upgradeInfo.Height) { + storeUpgrades := store.StoreUpgrades{ + Renamed: []store.StoreRename{{ + OldKey: "foo", + NewKey: "bar", + }}, + Deleted: []string{}, + } + // configure store loader that checks if version == upgradeHeight and applies store upgrades + app.SetStoreLoader(upgrade.UpgradeStoreLoader(upgradeInfo.Height, &storeUpgrades)) +} +``` + +## Halt Behavior + +Before halting the ABCI state machine in the BeginBlocker method, the upgrade module will log an error +that looks like: + +```text + UPGRADE "" NEEDED at height : +``` + +where `Name` and `Info` are the values of the respective fields on the upgrade Plan. + +To perform the actual halt of the blockchain, the upgrade keeper simply panics which prevents the ABCI state machine +from proceeding but doesn't actually exit the process. Exiting the process can cause issues for other nodes that start +to lose connectivity with the exiting nodes, thus this module prefers to just halt but not exit. + +## Automation + +Read more about [Cosmovisor](https://docs.cosmos.network/main/tooling/cosmovisor), the tool for automating upgrades. + +## Canceling Upgrades + +There are two ways to cancel a planned upgrade - with on-chain governance or off-chain social consensus. +For the first one, there is a `CancelSoftwareUpgrade` governance proposal, which can be voted on and will +remove the scheduled upgrade plan. Of course this requires that the upgrade was known to be a bad idea +well before the upgrade itself, to allow time for a vote. If you want to allow such a possibility, you +should set the upgrade height to be `2 * (votingperiod + depositperiod) + (safety delta)` from the beginning of +the first upgrade proposal. Safety delta is the time available from the success of an upgrade proposal +and the realization it was a bad idea (due to external testing). You can also start a `CancelSoftwareUpgrade` +proposal while the original `SoftwareUpgrade` proposal is still being voted upon, as long as the voting +period ends after the `SoftwareUpgrade` proposal. + +However, let's assume that we don't realize the upgrade has a bug until shortly before it will occur +(or while we try it out - hitting some panic in the migration). It would seem the blockchain is stuck, +but we need to allow an escape for social consensus to overrule the planned upgrade. To do so, there's +a `--unsafe-skip-upgrades` flag to the start command, which will cause the node to mark the upgrade +as done upon hitting the planned upgrade height(s), without halting and without actually performing a migration. +If over two-thirds run their nodes with this flag on the old binary, it will allow the chain to continue through +the upgrade with a manual override. (This must be well-documented for anyone syncing from genesis later on). + +Example: + +```shell + start --unsafe-skip-upgrades ... +``` + +## Pre-Upgrade Handling + +Cosmovisor supports custom pre-upgrade handling. Use pre-upgrade handling when you need to implement application config changes that are required in the newer version before you perform the upgrade. + +Using Cosmovisor pre-upgrade handling is optional. If pre-upgrade handling is not implemented, the upgrade continues. + +For example, make the required new-version changes to `app.toml` settings during the pre-upgrade handling. The pre-upgrade handling process means that the file does not have to be manually updated after the upgrade. + +Before the application binary is upgraded, Cosmovisor calls a `pre-upgrade` command that can be implemented by the application. + +The `pre-upgrade` command does not take in any command-line arguments and is expected to terminate with the following exit codes: + +| Exit status code | How it is handled in Cosmosvisor | +|------------------|---------------------------------------------------------------------------------------------------------------------| +| `0` | Assumes `pre-upgrade` command executed successfully and continues the upgrade. | +| `1` | Default exit code when `pre-upgrade` command has not been implemented. | +| `30` | `pre-upgrade` command was executed but failed. This fails the entire upgrade. | +| `31` | `pre-upgrade` command was executed but failed. But the command is retried until exit code `1` or `30` are returned. | + +## Sample + +Here is a sample structure of the `pre-upgrade` command: + +```go +func preUpgradeCommand() *cobra.Command { + cmd := &cobra.Command{ + Use: "pre-upgrade", + Short: "Pre-upgrade command", + Long: "Pre-upgrade command to implement custom pre-upgrade handling", + Run: func(cmd *cobra.Command, args []string) { + + err := HandlePreUpgrade() + + if err != nil { + os.Exit(30) + } + + os.Exit(0) + + }, + } + + return cmd +} +``` + +Ensure that the pre-upgrade command has been registered in the application: + +```go +rootCmd.AddCommand( + // .. + preUpgradeCommand(), + // .. + ) +``` + +When not using Cosmovisor, ensure to run ` pre-upgrade` before starting the application binary. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-apps/04-vote-extensions.md b/copy-of-sdk-versioned_docs/version-0.53/build/building-apps/04-vote-extensions.md new file mode 100644 index 00000000..d2f33aa0 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-apps/04-vote-extensions.md @@ -0,0 +1,121 @@ +--- +sidebar_position: 1 +--- + +# Vote Extensions + +:::note Synopsis +This section describes how the application can define and use vote extensions +defined in ABCI++. +::: + +## Extend Vote + +ABCI++ allows an application to extend a pre-commit vote with arbitrary data. This +process does NOT have to be deterministic, and the data returned can be unique to the +validator process. The Cosmos SDK defines `baseapp.ExtendVoteHandler`: + +```go +type ExtendVoteHandler func(Context, *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) +``` + +An application can set this handler in `app.go` via the `baseapp.SetExtendVoteHandler` +`BaseApp` option function. The `sdk.ExtendVoteHandler`, if defined, is called during +the `ExtendVote` ABCI method. Note, if an application decides to implement +`baseapp.ExtendVoteHandler`, it MUST return a non-nil `VoteExtension`. However, the vote +extension can be empty. See [here](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/spec/abci/abci++_methods.md#extendvote) +for more details. + +There are many decentralized censorship-resistant use cases for vote extensions. +For example, a validator may want to submit prices for a price oracle or encryption +shares for an encrypted transaction mempool. Note, an application should be careful +to consider the size of the vote extensions as they could increase latency in block +production. See [here](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/docs/qa/CometBFT-QA-38.md#vote-extensions-testbed) +for more details. + +## Verify Vote Extension + +Similar to extending a vote, an application can also verify vote extensions from +other validators when validating their pre-commits. For a given vote extension, +this process MUST be deterministic. The Cosmos SDK defines `sdk.VerifyVoteExtensionHandler`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/abci.go#L26-L27 +``` + +An application can set this handler in `app.go` via the `baseapp.SetVerifyVoteExtensionHandler` +`BaseApp` option function. The `sdk.VerifyVoteExtensionHandler`, if defined, is called +during the `VerifyVoteExtension` ABCI method. If an application defines a vote +extension handler, it should also define a verification handler. Note, not all +validators will share the same view of what vote extensions they verify depending +on how votes are propagated. See [here](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/spec/abci/abci++_methods.md#verifyvoteextension) +for more details. + +## Vote Extension Propagation + +The agreed upon vote extensions at height `H` are provided to the proposing validator +at height `H+1` during `PrepareProposal`. As a result, the vote extensions are +not natively provided or exposed to the remaining validators during `ProcessProposal`. +As a result, if an application requires that the agreed upon vote extensions from +height `H` are available to all validators at `H+1`, the application must propagate +these vote extensions manually in the block proposal itself. This can be done by +"injecting" them into the block proposal, since the `Txs` field in `PrepareProposal` +is just a slice of byte slices. + +`FinalizeBlock` will ignore any byte slice that doesn't implement an `sdk.Tx`, so +any injected vote extensions will safely be ignored in `FinalizeBlock`. For more +details on propagation, see the [ABCI++ 2.0 ADR](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-064-abci-2.0.md#vote-extension-propagation--verification). + +### Recovery of injected Vote Extensions + +As stated before, vote extensions can be injected into a block proposal (along with +other transactions in the `Txs` field). The Cosmos SDK provides a pre-FinalizeBlock +hook to allow applications to recover vote extensions, perform any necessary +computation on them, and then store the results in the cached store. These results +will be available to the application during the subsequent `FinalizeBlock` call. + +An example of how a pre-FinalizeBlock hook could look like is shown below: + +```go +app.SetPreBlocker(func(ctx sdk.Context, req *abci.RequestFinalizeBlock) error { + allVEs := []VE{} // store all parsed vote extensions here + for _, tx := range req.Txs { + // define a custom function that tries to parse the tx as a vote extension + ve, ok := parseVoteExtension(tx) + if !ok { + continue + } + + allVEs = append(allVEs, ve) + } + + // perform any necessary computation on the vote extensions and store the result + // in the cached store + result := compute(allVEs) + err := storeVEResult(ctx, result) + if err != nil { + return err + } + + return nil +}) + +``` + +Then, in an app's module, the application can retrieve the result of the computation +of vote extensions from the cached store: + +```go +func (k Keeper) BeginBlocker(ctx context.Context) error { + // retrieve the result of the computation of vote extensions from the cached store + result, err := k.GetVEResult(ctx) + if err != nil { + return err + } + + // use the result of the computation of vote extensions + k.setSomething(result) + + return nil +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-apps/05-app-testnet.md b/copy-of-sdk-versioned_docs/version-0.53/build/building-apps/05-app-testnet.md new file mode 100644 index 00000000..f79ae551 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-apps/05-app-testnet.md @@ -0,0 +1,235 @@ +--- +sidebar_position: 1 +--- + +# Application Testnets + +Building an application is complicated and requires a lot of testing. The Cosmos SDK provides a way to test your application in a real-world environment: a testnet. + +We allow developers to take the state from their mainnet and run tests against the state. This is useful for testing upgrade migrations, or for testing the application in a real-world environment. + +## Testnet Setup + +We will be breaking down the steps to create a testnet from mainnet state. + +```go + // InitSimAppForTestnet is broken down into two sections: + // Required Changes: Changes that, if not made, will cause the testnet to halt or panic + // Optional Changes: Changes to customize the testnet to one's liking (lower vote times, fund accounts, etc) + func InitSimAppForTestnet(app *SimApp, newValAddr bytes.HexBytes, newValPubKey crypto.PubKey, newOperatorAddress, upgradeToTrigger string) *SimApp { + ... + } +``` + +### Required Changes + +#### Staking + +When creating a testnet the important part is migrate the validator set from many validators to one or a few. This allows developers to spin up the chain without needing to replace validator keys. + +```go + ctx := app.BaseApp.NewUncachedContext(true, tmproto.Header{}) + pubkey := &ed25519.PubKey{Key: newValPubKey.Bytes()} + pubkeyAny, err := types.NewAnyWithValue(pubkey) + if err != nil { + tmos.Exit(err.Error()) + } + + // STAKING + // + + // Create Validator struct for our new validator. + _, bz, err := bech32.DecodeAndConvert(newOperatorAddress) + if err != nil { + tmos.Exit(err.Error()) + } + bech32Addr, err := bech32.ConvertAndEncode("simvaloper", bz) + if err != nil { + tmos.Exit(err.Error()) + } + newVal := stakingtypes.Validator{ + OperatorAddress: bech32Addr, + ConsensusPubkey: pubkeyAny, + Jailed: false, + Status: stakingtypes.Bonded, + Tokens: sdk.NewInt(900000000000000), + DelegatorShares: sdk.MustNewDecFromStr("10000000"), + Description: stakingtypes.Description{ + Moniker: "Testnet Validator", + }, + Commission: stakingtypes.Commission{ + CommissionRates: stakingtypes.CommissionRates{ + Rate: sdk.MustNewDecFromStr("0.05"), + MaxRate: sdk.MustNewDecFromStr("0.1"), + MaxChangeRate: sdk.MustNewDecFromStr("0.05"), + }, + }, + MinSelfDelegation: sdk.OneInt(), + } + + // Remove all validators from power store + stakingKey := app.GetKey(stakingtypes.ModuleName) + stakingStore := ctx.KVStore(stakingKey) + iterator := app.StakingKeeper.ValidatorsPowerStoreIterator(ctx) + for ; iterator.Valid(); iterator.Next() { + stakingStore.Delete(iterator.Key()) + } + iterator.Close() + + // Remove all validators from last validators store + iterator = app.StakingKeeper.LastValidatorsIterator(ctx) + for ; iterator.Valid(); iterator.Next() { + app.StakingKeeper.LastValidatorPower.Delete(iterator.Key()) + } + iterator.Close() + + // Add our validator to power and last validators store + app.StakingKeeper.SetValidator(ctx, newVal) + err = app.StakingKeeper.SetValidatorByConsAddr(ctx, newVal) + if err != nil { + panic(err) + } + app.StakingKeeper.SetValidatorByPowerIndex(ctx, newVal) + app.StakingKeeper.SetLastValidatorPower(ctx, newVal.GetOperator(), 0) + if err := app.StakingKeeper.Hooks().AfterValidatorCreated(ctx, newVal.GetOperator()); err != nil { + panic(err) + } +``` + +#### Distribution + +Since the validator set has changed, we need to update the distribution records for the new validator. + + +```go + // Initialize records for this validator across all distribution stores + app.DistrKeeper.ValidatorHistoricalRewards.Set(ctx, newVal.GetOperator(), 0, distrtypes.NewValidatorHistoricalRewards(sdk.DecCoins{}, 1)) + app.DistrKeeper.ValidatorCurrentRewards.Set(ctx, newVal.GetOperator(), distrtypes.NewValidatorCurrentRewards(sdk.DecCoins{}, 1)) + app.DistrKeeper.ValidatorAccumulatedCommission.Set(ctx, newVal.GetOperator(), distrtypes.InitialValidatorAccumulatedCommission()) + app.DistrKeeper.ValidatorOutstandingRewards.Set(ctx, newVal.GetOperator(), distrtypes.ValidatorOutstandingRewards{Rewards: sdk.DecCoins{}}) +``` + +#### Slashing + +We also need to set the validator signing info for the new validator. + +```go + // SLASHING + // + + // Set validator signing info for our new validator. + newConsAddr := sdk.ConsAddress(newValAddr.Bytes()) + newValidatorSigningInfo := slashingtypes.ValidatorSigningInfo{ + Address: newConsAddr.String(), + StartHeight: app.LastBlockHeight() - 1, + Tombstoned: false, + } + app.SlashingKeeper.ValidatorSigningInfo.Set(ctx, newConsAddr, newValidatorSigningInfo) +``` + +#### Bank + +It is useful to create new accounts for your testing purposes. This avoids the need to have the same key as you may have on mainnet. + +```go + // BANK + // + + defaultCoins := sdk.NewCoins(sdk.NewInt64Coin("ustake", 1000000000000)) + + localSimAppAccounts := []sdk.AccAddress{ + sdk.MustAccAddressFromBech32("cosmos12smx2wdlyttvyzvzg54y2vnqwq2qjateuf7thj"), + sdk.MustAccAddressFromBech32("cosmos1cyyzpxplxdzkeea7kwsydadg87357qnahakaks"), + sdk.MustAccAddressFromBech32("cosmos18s5lynnmx37hq4wlrw9gdn68sg2uxp5rgk26vv"), + sdk.MustAccAddressFromBech32("cosmos1qwexv7c6sm95lwhzn9027vyu2ccneaqad4w8ka"), + sdk.MustAccAddressFromBech32("cosmos14hcxlnwlqtq75ttaxf674vk6mafspg8xwgnn53"), + sdk.MustAccAddressFromBech32("cosmos12rr534cer5c0vj53eq4y32lcwguyy7nndt0u2t"), + sdk.MustAccAddressFromBech32("cosmos1nt33cjd5auzh36syym6azgc8tve0jlvklnq7jq"), + sdk.MustAccAddressFromBech32("cosmos10qfrpash5g2vk3hppvu45x0g860czur8ff5yx0"), + sdk.MustAccAddressFromBech32("cosmos1f4tvsdukfwh6s9swrc24gkuz23tp8pd3e9r5fa"), + sdk.MustAccAddressFromBech32("cosmos1myv43sqgnj5sm4zl98ftl45af9cfzk7nhjxjqh"), + sdk.MustAccAddressFromBech32("cosmos14gs9zqh8m49yy9kscjqu9h72exyf295afg6kgk"), + sdk.MustAccAddressFromBech32("cosmos1jllfytsz4dryxhz5tl7u73v29exsf80vz52ucc")} + + // Fund localSimApp accounts + for _, account := range localSimAppAccounts { + err := app.BankKeeper.MintCoins(ctx, minttypes.ModuleName, defaultCoins) + if err != nil { + tmos.Exit(err.Error()) + } + err = app.BankKeeper.SendCoinsFromModuleToAccount(ctx, minttypes.ModuleName, account, defaultCoins) + if err != nil { + tmos.Exit(err.Error()) + } + } +``` + +#### Upgrade + +If you would like to schedule an upgrade the below can be used. + +```go + // UPGRADE + // + + if upgradeToTrigger != "" { + upgradePlan := upgradetypes.Plan{ + Name: upgradeToTrigger, + Height: app.LastBlockHeight(), + } + err = app.UpgradeKeeper.ScheduleUpgrade(ctx, upgradePlan) + if err != nil { + panic(err) + } + } +``` + +### Optional Changes + +If you have custom modules that rely on specific state from the above modules and/or you would like to test your custom module, you will need to update the state of your custom module to reflect your needs + +## Running the Testnet + +Before we can run the testnet we must plug everything together. + +in `root.go`, in the `initRootCmd` function we add: + +```diff + server.AddCommands(rootCmd, simapp.DefaultNodeHome, newApp, createSimAppAndExport, addModuleInitFlags) + ++ server.AddTestnetCreatorCommand(rootCmd, simapp.DefaultNodeHome, newTestnetApp, addModuleInitFlags) +``` + +Next we will add a newTestnetApp helper function: + +```diff +// newTestnetApp starts by running the normal newApp method. From there, the app interface returned is modified in order +// for a testnet to be created from the provided app. +func newTestnetApp(logger log.Logger, db cometbftdb.DB, traceStore io.Writer, appOpts servertypes.AppOptions) servertypes.Application { + // Create an app and type cast to an SimApp + app := newApp(logger, db, traceStore, appOpts) + simApp, ok := app.(*simapp.SimApp) + if !ok { + panic("app created from newApp is not of type simApp") + } + + newValAddr, ok := appOpts.Get(server.KeyNewValAddr).(bytes.HexBytes) + if !ok { + panic("newValAddr is not of type bytes.HexBytes") + } + newValPubKey, ok := appOpts.Get(server.KeyUserPubKey).(crypto.PubKey) + if !ok { + panic("newValPubKey is not of type crypto.PubKey") + } + newOperatorAddress, ok := appOpts.Get(server.KeyNewOpAddr).(string) + if !ok { + panic("newOperatorAddress is not of type string") + } + upgradeToTrigger, ok := appOpts.Get(server.KeyTriggerTestnetUpgrade).(string) + if !ok { + panic("upgradeToTrigger is not of type string") + } + + // Make modifications to the normal SimApp required to run the network locally + return simapp.InitSimAppForTestnet(simApp, newValAddr, newValPubKey, newOperatorAddress, upgradeToTrigger) +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-apps/_category_.json b/copy-of-sdk-versioned_docs/version-0.53/build/building-apps/_category_.json new file mode 100644 index 00000000..342732cc --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-apps/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Building Apps", + "position": 0, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/00-intro.md b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/00-intro.md new file mode 100644 index 00000000..ab28445c --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/00-intro.md @@ -0,0 +1,73 @@ +--- +sidebar_position: 1 +--- + +# Introduction to Cosmos SDK Modules + +:::note Synopsis +Modules define most of the logic of Cosmos SDK applications. Developers compose modules together using the Cosmos SDK to build their custom application-specific blockchains. This document outlines the basic concepts behind SDK modules and how to approach module management. +::: + +:::note Pre-requisite Readings + +* [Anatomy of a Cosmos SDK application](../../learn/beginner/00-app-anatomy.md) +* [Lifecycle of a Cosmos SDK transaction](../../learn/beginner/01-tx-lifecycle.md) + +::: + +## Role of Modules in a Cosmos SDK Application + +The Cosmos SDK can be thought of as the Ruby-on-Rails of blockchain development. It comes with a core that provides the basic functionalities every blockchain application needs, like a [boilerplate implementation of the ABCI](../../learn/advanced/00-baseapp.md) to communicate with the underlying consensus engine, a [`multistore`](../../learn/advanced/04-store.md#multistore) to persist state, a [server](../../learn/advanced/03-node.md) to form a full-node and [interfaces](./09-module-interfaces.md) to handle queries. + +On top of this core, the Cosmos SDK enables developers to build modules that implement the business logic of their application. In other words, SDK modules implement the bulk of the logic of applications, while the core does the wiring and enables modules to be composed together. The end goal is to build a robust ecosystem of open-source Cosmos SDK modules, making it increasingly easier to build complex blockchain applications. + +Cosmos SDK modules can be seen as little state-machines within the state-machine. They generally define a subset of the state using one or more `KVStore`s in the [main multistore](../../learn/advanced/04-store.md), as well as a subset of [message types](./02-messages-and-queries.md#messages). These messages are routed by one of the main components of Cosmos SDK core, [`BaseApp`](../../learn/advanced/00-baseapp.md), to a module Protobuf [`Msg` service](./03-msg-services.md) that defines them. + +```mermaid +flowchart TD + A[Transaction relayed from the full-node's consensus engine to the node's application via DeliverTx] + A --> B[APPLICATION] + B --> C["Using baseapp's methods: Decode the Tx, extract and route the message(s)"] + C --> D[Message routed to the correct module to be processed] + D --> E[AUTH MODULE] + D --> F[BANK MODULE] + D --> G[STAKING MODULE] + D --> H[GOV MODULE] + H --> I[Handles message, Updates state] + E --> I + F --> I + G --> I + I --> J["Return result to the underlying consensus engine (e.g. CometBFT) (0=Ok, 1=Err)"] +``` + +As a result of this architecture, building a Cosmos SDK application usually revolves around writing modules to implement the specialized logic of the application and composing them with existing modules to complete the application. Developers will generally work on modules that implement logic needed for their specific use case that do not exist yet, and will use existing modules for more generic functionalities like staking, accounts, or token management. + + +### Modules as super-users + +Modules have the ability to perform actions that are not available to regular users. This is because modules are given sudo permissions by the state machine. Modules can reject another modules desire to execute a function but this logic must be explicit. Examples of this can be seen when modules create functions to modify parameters: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/61da5d1c29c16a1eb5bb5488719fde604ec07b10/x/bank/keeper/msg_server.go#L147-L149 +``` + +## How to Approach Building Modules as a Developer + +While there are no definitive guidelines for writing modules, here are some important design principles developers should keep in mind when building them: + +* **Composability**: Cosmos SDK applications are almost always composed of multiple modules. This means developers need to carefully consider the integration of their module not only with the core of the Cosmos SDK, but also with other modules. The former is achieved by following standard design patterns outlined [here](#main-components-of-cosmos-sdk-modules), while the latter is achieved by properly exposing the store(s) of the module via the [`keeper`](./06-keeper.md). +* **Specialization**: A direct consequence of the **composability** feature is that modules should be **specialized**. Developers should carefully establish the scope of their module and not batch multiple functionalities into the same module. This separation of concerns enables modules to be re-used in other projects and improves the upgradability of the application. **Specialization** also plays an important role in the [object-capabilities model](../../learn/advanced/10-ocap.md) of the Cosmos SDK. +* **Capabilities**: Most modules need to read and/or write to the store(s) of other modules. However, in an open-source environment, it is possible for some modules to be malicious. That is why module developers need to carefully think not only about how their module interacts with other modules, but also about how to give access to the module's store(s). The Cosmos SDK takes a capabilities-oriented approach to inter-module security. This means that each store defined by a module is accessed by a `key`, which is held by the module's [`keeper`](./06-keeper.md). This `keeper` defines how to access the store(s) and under what conditions. Access to the module's store(s) is done by passing a reference to the module's `keeper`. + +## Main Components of Cosmos SDK Modules + +Modules are by convention defined in the `./x/` subfolder (e.g. the `bank` module will be defined in the `./x/bank` folder). They generally share the same core components: + +* A [`keeper`](./06-keeper.md), used to access the module's store(s) and update the state. +* A [`Msg` service](./02-messages-and-queries.md#messages), used to process messages when they are routed to the module by [`BaseApp`](../../learn/advanced/00-baseapp.md#message-routing) and trigger state-transitions. +* A [query service](./04-query-services.md), used to process user queries when they are routed to the module by [`BaseApp`](../../learn/advanced/00-baseapp.md#query-routing). +* Interfaces, for end users to query the subset of the state defined by the module and create `message`s of the custom types defined in the module. + +In addition to these components, modules implement the `AppModule` interface in order to be managed by the [`module manager`](./01-module-manager.md). + +Please refer to the [structure document](./11-structure.md) to learn about the recommended structure of a module's directory. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/01-module-manager.md b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/01-module-manager.md new file mode 100644 index 00000000..02d7520a --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/01-module-manager.md @@ -0,0 +1,328 @@ +--- +sidebar_position: 1 +--- + +# Module Manager + +:::note Synopsis +Cosmos SDK modules need to implement the [`AppModule` interfaces](#application-module-interfaces), in order to be managed by the application's [module manager](#module-manager). The module manager plays an important role in [`message` and `query` routing](../../learn/advanced/00-baseapp.md#routing), and allows application developers to set the order of execution of a variety of functions like [`PreBlocker`](../../learn/beginner/00-app-anatomy#preblocker) and [`BeginBlocker` and `EndBlocker`](../../learn/beginner/00-app-anatomy.md#begingblocker-and-endblocker). +::: + +:::note Pre-requisite Readings + +* [Introduction to Cosmos SDK Modules](./00-intro.md) + +::: + +## Application Module Interfaces + +Application module interfaces exist to facilitate the composition of modules together to form a functional Cosmos SDK application. + +:::note + +It is recommended to implement interfaces from the [Core API](https://docs.cosmos.network/main/architecture/adr-063-core-module-api) `appmodule` package. This makes modules less dependent on the SDK. +For legacy reason modules can still implement interfaces from the SDK `module` package. +::: + +There are 2 main application module interfaces: + +* [`appmodule.AppModule` / `module.AppModule`](#appmodule) for inter-dependent module functionalities (except genesis-related functionalities). +* (legacy) [`module.AppModuleBasic`](#appmodulebasic) for independent module functionalities. New modules can use `module.CoreAppModuleBasicAdaptor` instead. + +The above interfaces are mostly embedding smaller interfaces (extension interfaces), that defines specific functionalities: + +* (legacy) `module.HasName`: Allows the module to provide its own name for legacy purposes. +* (legacy) [`module.HasGenesisBasics`](#modulehasgenesisbasics): The legacy interface for stateless genesis methods. +* [`module.HasGenesis`](#modulehasgenesis) for inter-dependent genesis-related module functionalities. +* [`module.HasABCIGenesis`](#modulehasabcigenesis) for inter-dependent genesis-related module functionalities. +* [`appmodule.HasGenesis` / `module.HasGenesis`](#appmodulehasgenesis): The extension interface for stateful genesis methods. +* [`appmodule.HasPreBlocker`](#haspreblocker): The extension interface that contains information about the `AppModule` and `PreBlock`. +* [`appmodule.HasBeginBlocker`](#hasbeginblocker): The extension interface that contains information about the `AppModule` and `BeginBlock`. +* [`appmodule.HasEndBlocker`](#hasendblocker): The extension interface that contains information about the `AppModule` and `EndBlock`. +* [`appmodule.HasPrecommit`](#hasprecommit): The extension interface that contains information about the `AppModule` and `Precommit`. +* [`appmodule.HasPrepareCheckState`](#haspreparecheckstate): The extension interface that contains information about the `AppModule` and `PrepareCheckState`. +* [`appmodule.HasService` / `module.HasServices`](#hasservices): The extension interface for modules to register services. +* [`module.HasABCIEndBlock`](#hasabciendblock): The extension interface that contains information about the `AppModule`, `EndBlock` and returns an updated validator set. +* (legacy) [`module.HasInvariants`](#hasinvariants): The extension interface for registering invariants. +* (legacy) [`module.HasConsensusVersion`](#hasconsensusversion): The extension interface for declaring a module consensus version. + +The `AppModuleBasic` interface exists to define independent methods of the module, i.e. those that do not depend on other modules in the application. This allows for the construction of the basic application structure early in the application definition, generally in the `init()` function of the [main application file](../../learn/beginner/00-app-anatomy.md#core-application-file). + +The `AppModule` interface exists to define inter-dependent module methods. Many modules need to interact with other modules, typically through [`keeper`s](./06-keeper.md), which means there is a need for an interface where modules list their `keeper`s and other methods that require a reference to another module's object. `AppModule` interface extension, such as `HasBeginBlocker` and `HasEndBlocker`, also enables the module manager to set the order of execution between module's methods like `BeginBlock` and `EndBlock`, which is important in cases where the order of execution between modules matters in the context of the application. + +The usage of extension interfaces allows modules to define only the functionalities they need. For example, a module that does not need an `EndBlock` does not need to define the `HasEndBlocker` interface and thus the `EndBlock` method. `AppModule` and `AppModuleGenesis` are voluntarily small interfaces, that can take advantage of the `Module` patterns without having to define many placeholder functions. + +### `AppModuleBasic` + +:::note +Use `module.CoreAppModuleBasicAdaptor` instead for creating an `AppModuleBasic` from an `appmodule.AppModule`. +::: + +The `AppModuleBasic` interface defines the independent methods modules need to implement. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/module/module.go#L56-L61 +``` + +* `RegisterLegacyAminoCodec(*codec.LegacyAmino)`: Registers the `amino` codec for the module, which is used to marshal and unmarshal structs to/from `[]byte` in order to persist them in the module's `KVStore`. +* `RegisterInterfaces(codectypes.InterfaceRegistry)`: Registers a module's interface types and their concrete implementations as `proto.Message`. +* `RegisterGRPCGatewayRoutes(client.Context, *runtime.ServeMux)`: Registers gRPC routes for the module. + +All the `AppModuleBasic` of an application are managed by the [`BasicManager`](#basicmanager). + +### `HasName` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/module/module.go#L66-L68 +``` + +* `HasName` is an interface that has a method `Name()`. This method returns the name of the module as a `string`. + +### Genesis + +:::tip +For easily creating an `AppModule` that only has genesis functionalities, use `module.GenesisOnlyAppModule`. +::: + +#### `module.HasGenesisBasics` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/module/module.go#L71-L74 +``` + +Let us go through the methods: + +* `DefaultGenesis(codec.JSONCodec)`: Returns a default [`GenesisState`](./08-genesis.md#genesisstate) for the module, marshalled to `json.RawMessage`. The default `GenesisState` need to be defined by the module developer and is primarily used for testing. +* `ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage)`: Used to validate the `GenesisState` defined by a module, given in its `json.RawMessage` form. It will usually unmarshall the `json` before running a custom [`ValidateGenesis`](./08-genesis.md#validategenesis) function defined by the module developer. + +#### `module.HasGenesis` + +`HasGenesis` is an extension interface for allowing modules to implement genesis functionalities. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/6ce2505/types/module/module.go#L184-L189 +``` + +#### `module.HasABCIGenesis` + +`HasABCIGenesis` is an extension interface for allowing modules to implement genesis functionalities and returns validator set updates. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/6ce2505/types/module/module.go#L191-L196 +``` + +#### `appmodule.HasGenesis` + +:::warning +`appmodule.HasGenesis` is experimental and should be considered unstable, it is recommended to not use this interface at this time. +::: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/6ce2505/core/appmodule/genesis.go#L8-L25 +``` + +### `AppModule` + +The `AppModule` interface defines a module. Modules can declare their functionalities by implementing extensions interfaces. +`AppModule`s are managed by the [module manager](#manager), which checks which extension interfaces are implemented by the module. + +#### `appmodule.AppModule` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/6afece6/core/appmodule/module.go#L11-L20 +``` + +#### `module.AppModule` + +:::note +Previously the `module.AppModule` interface was containing all the methods that are defined in the extensions interfaces. This was leading to much boilerplate for modules that did not need all the functionalities. +::: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/module/module.go#L199-L206 +``` + +### `HasInvariants` + +This interface defines one method. It allows to checks if a module can register invariants. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/module/module.go#L211-L214 +``` + +* `RegisterInvariants(sdk.InvariantRegistry)`: Registers the [`invariants`](./07-invariants.md) of the module. If an invariant deviates from its predicted value, the [`InvariantRegistry`](./07-invariants.md#registry) triggers appropriate logic (most often the chain will be halted). + +### `HasServices` + +This interface defines one method. It allows to checks if a module can register invariants. + +#### `appmodule.HasService` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/6afece6/core/appmodule/module.go#L22-L40 +``` + +#### `module.HasServices` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/module/module.go#L217-L220 +``` + +* `RegisterServices(Configurator)`: Allows a module to register services. + +### `HasConsensusVersion` + +This interface defines one method for checking a module consensus version. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/module/module.go#L223-L229 +``` + +* `ConsensusVersion() uint64`: Returns the consensus version of the module. + +### `HasPreBlocker` + +The `HasPreBlocker` is an extension interface from `appmodule.AppModule`. All modules that have an `PreBlock` method implement this interface. + +### `HasBeginBlocker` + +The `HasBeginBlocker` is an extension interface from `appmodule.AppModule`. All modules that have an `BeginBlock` method implement this interface. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/core/appmodule/module.go#L73-L80 +``` + +* `BeginBlock(context.Context) error`: This method gives module developers the option to implement logic that is automatically triggered at the beginning of each block. + +### `HasEndBlocker` + +The `HasEndBlocker` is an extension interface from `appmodule.AppModule`. All modules that have an `EndBlock` method implement this interface. If a module need to return validator set updates (staking), they can use `HasABCIEndBlock` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/core/appmodule/module.go#L83-L89 +``` + +* `EndBlock(context.Context) error`: This method gives module developers the option to implement logic that is automatically triggered at the end of each block. + +### `HasABCIEndBlock` + +The `HasABCIEndBlock` is an extension interface from `module.AppModule`. All modules that have an `EndBlock` which return validator set updates implement this interface. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/module/module.go#L236-L239 +``` + +* `EndBlock(context.Context) ([]abci.ValidatorUpdate, error)`: This method gives module developers the option to inform the underlying consensus engine of validator set changes (e.g. the `staking` module). + +### `HasPrecommit` + +`HasPrecommit` is an extension interface from `appmodule.AppModule`. All modules that have a `Precommit` method implement this interface. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/core/appmodule/module.go#L50-L53 +``` + +* `Precommit(context.Context)`: This method gives module developers the option to implement logic that is automatically triggered during [`Commit'](../../learn/advanced/00-baseapp.md#commit) of each block using the [`finalizeblockstate`](../../learn/advanced/00-baseapp.md#state-updates) of the block to be committed. Implement empty if no logic needs to be triggered during `Commit` of each block for this module. + +### `HasPrepareCheckState` + +`HasPrepareCheckState` is an extension interface from `appmodule.AppModule`. All modules that have a `PrepareCheckState` method implement this interface. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/core/appmodule/module.go#L44-L47 +``` + +* `PrepareCheckState(context.Context)`: This method gives module developers the option to implement logic that is automatically triggered during [`Commit'](../../learn/advanced/00-baseapp.md#commit) of each block using the [`checkState`](../../learn/advanced/00-baseapp.md#state-updates) of the next block. Implement empty if no logic needs to be triggered during `Commit` of each block for this module. + +### Implementing the Application Module Interfaces + +Typically, the various application module interfaces are implemented in a file called `module.go`, located in the module's folder (e.g. `./x/module/module.go`). + +Almost every module needs to implement the `AppModuleBasic` and `AppModule` interfaces. If the module is only used for genesis, it will implement `AppModuleGenesis` instead of `AppModule`. The concrete type that implements the interface can add parameters that are required for the implementation of the various methods of the interface. For example, the `Route()` function often calls a `NewMsgServerImpl(k keeper)` function defined in `keeper/msg_server.go` and therefore needs to pass the module's [`keeper`](./06-keeper.md) as a parameter. + +```go +// example +type AppModule struct { + AppModuleBasic + keeper Keeper +} +``` + +In the example above, you can see that the `AppModule` concrete type references an `AppModuleBasic`, and not an `AppModuleGenesis`. That is because `AppModuleGenesis` only needs to be implemented in modules that focus on genesis-related functionalities. In most modules, the concrete `AppModule` type will have a reference to an `AppModuleBasic` and implement the two added methods of `AppModuleGenesis` directly in the `AppModule` type. + +If no parameter is required (which is often the case for `AppModuleBasic`), just declare an empty concrete type like so: + +```go +type AppModuleBasic struct{} +``` + +## Module Managers + +Module managers are used to manage collections of `AppModuleBasic` and `AppModule`. + +### `BasicManager` + +The `BasicManager` is a structure that lists all the `AppModuleBasic` of an application: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/module/module.go#L77 +``` + +It implements the following methods: + +* `NewBasicManager(modules ...AppModuleBasic)`: Constructor function. It takes a list of the application's `AppModuleBasic` and builds a new `BasicManager`. This function is generally called in the `init()` function of [`app.go`](../../learn/beginner/00-app-anatomy.md#core-application-file) to quickly initialize the independent elements of the application's modules (click [here](https://github.com/cosmos/gaia/blob/main/app/app.go#L59-L74) to see an example). +* `NewBasicManagerFromManager(manager *Manager, customModuleBasics map[string]AppModuleBasic)`: Contructor function. It creates a new `BasicManager` from a `Manager`. The `BasicManager` will contain all `AppModuleBasic` from the `AppModule` manager using `CoreAppModuleBasicAdaptor` whenever possible. Module's `AppModuleBasic` can be overridden by passing a custom AppModuleBasic map +* `RegisterLegacyAminoCodec(cdc *codec.LegacyAmino)`: Registers the [`codec.LegacyAmino`s](../../learn/advanced/05-encoding.md#amino) of each of the application's `AppModuleBasic`. This function is usually called early on in the [application's construction](../../learn/beginner/00-app-anatomy.md#constructor). +* `RegisterInterfaces(registry codectypes.InterfaceRegistry)`: Registers interface types and implementations of each of the application's `AppModuleBasic`. +* `DefaultGenesis(cdc codec.JSONCodec)`: Provides default genesis information for modules in the application by calling the [`DefaultGenesis(cdc codec.JSONCodec)`](./08-genesis.md#defaultgenesis) function of each module. It only calls the modules that implements the `HasGenesisBasics` interfaces. +* `ValidateGenesis(cdc codec.JSONCodec, txEncCfg client.TxEncodingConfig, genesis map[string]json.RawMessage)`: Validates the genesis information modules by calling the [`ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage)`](./08-genesis.md#validategenesis) function of modules implementing the `HasGenesisBasics` interface. +* `RegisterGRPCGatewayRoutes(clientCtx client.Context, rtr *runtime.ServeMux)`: Registers gRPC routes for modules. +* `AddTxCommands(rootTxCmd *cobra.Command)`: Adds modules' transaction commands (defined as `GetTxCmd() *cobra.Command`) to the application's [`rootTxCommand`](../../learn/advanced/07-cli.md#transaction-commands). This function is usually called function from the `main.go` function of the [application's command-line interface](../../learn/advanced/07-cli.md). +* `AddQueryCommands(rootQueryCmd *cobra.Command)`: Adds modules' query commands (defined as `GetQueryCmd() *cobra.Command`) to the application's [`rootQueryCommand`](../../learn/advanced/07-cli.md#query-commands). This function is usually called function from the `main.go` function of the [application's command-line interface](../../learn/advanced/07-cli.md). + +### `Manager` + +The `Manager` is a structure that holds all the `AppModule` of an application, and defines the order of execution between several key components of these modules: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/module/module.go#L278-L288 +``` + +The module manager is used throughout the application whenever an action on a collection of modules is required. It implements the following methods: + +* `NewManager(modules ...AppModule)`: Constructor function. It takes a list of the application's `AppModule`s and builds a new `Manager`. It is generally called from the application's main [constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). +* `SetOrderInitGenesis(moduleNames ...string)`: Sets the order in which the [`InitGenesis`](./08-genesis.md#initgenesis) function of each module will be called when the application is first started. This function is generally called from the application's main [constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). + To initialize modules successfully, module dependencies should be considered. For example, the `genutil` module must occur after `staking` module so that the pools are properly initialized with tokens from genesis accounts, the `genutils` module must also occur after `auth` so that it can access the params from auth, IBC's `capability` module should be initialized before all other modules so that it can initialize any capabilities. +* `SetOrderExportGenesis(moduleNames ...string)`: Sets the order in which the [`ExportGenesis`](./08-genesis.md#exportgenesis) function of each module will be called in case of an export. This function is generally called from the application's main [constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). +* `SetOrderPreBlockers(moduleNames ...string)`: Sets the order in which the `PreBlock()` function of each module will be called before `BeginBlock()` of all modules. This function is generally called from the application's main [constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). +* `SetOrderBeginBlockers(moduleNames ...string)`: Sets the order in which the `BeginBlock()` function of each module will be called at the beginning of each block. This function is generally called from the application's main [constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). +* `SetOrderEndBlockers(moduleNames ...string)`: Sets the order in which the `EndBlock()` function of each module will be called at the end of each block. This function is generally called from the application's main [constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). +* `SetOrderPrecommiters(moduleNames ...string)`: Sets the order in which the `Precommit()` function of each module will be called during commit of each block. This function is generally called from the application's main [constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). +* `SetOrderPrepareCheckStaters(moduleNames ...string)`: Sets the order in which the `PrepareCheckState()` function of each module will be called during commit of each block. This function is generally called from the application's main [constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). +* `SetOrderMigrations(moduleNames ...string)`: Sets the order of migrations to be run. If not set then migrations will be run with an order defined in `DefaultMigrationsOrder`. +* `RegisterInvariants(ir sdk.InvariantRegistry)`: Registers the [invariants](./07-invariants.md) of module implementing the `HasInvariants` interface. +* `RegisterServices(cfg Configurator)`: Registers the services of modules implementing the `HasServices` interface. +* `InitGenesis(ctx context.Context, cdc codec.JSONCodec, genesisData map[string]json.RawMessage)`: Calls the [`InitGenesis`](./08-genesis.md#initgenesis) function of each module when the application is first started, in the order defined in `OrderInitGenesis`. Returns an `abci.ResponseInitChain` to the underlying consensus engine, which can contain validator updates. +* `ExportGenesis(ctx context.Context, cdc codec.JSONCodec)`: Calls the [`ExportGenesis`](./08-genesis.md#exportgenesis) function of each module, in the order defined in `OrderExportGenesis`. The export constructs a genesis file from a previously existing state, and is mainly used when a hard-fork upgrade of the chain is required. +* `ExportGenesisForModules(ctx context.Context, cdc codec.JSONCodec, modulesToExport []string)`: Behaves the same as `ExportGenesis`, except takes a list of modules to export. +* `BeginBlock(ctx context.Context) error`: At the beginning of each block, this function is called from [`BaseApp`](../../learn/advanced/00-baseapp.md#beginblock) and, in turn, calls the [`BeginBlock`](./06-beginblock-endblock.md) function of each modules implementing the `appmodule.HasBeginBlocker` interface, in the order defined in `OrderBeginBlockers`. It creates a child [context](../../learn/advanced/02-context.md) with an event manager to aggregate [events](../../learn/advanced/08-events.md) emitted from each modules. +* `EndBlock(ctx context.Context) error`: At the end of each block, this function is called from [`BaseApp`](../../learn/advanced/00-baseapp.md#endblock) and, in turn, calls the [`EndBlock`](./06-beginblock-endblock.md) function of each modules implementing the `appmodule.HasEndBlocker` interface, in the order defined in `OrderEndBlockers`. It creates a child [context](../../learn/advanced/02-context.md) with an event manager to aggregate [events](../../learn/advanced/08-events.md) emitted from all modules. The function returns an `abci` which contains the aforementioned events, as well as validator set updates (if any). +* `EndBlock(context.Context) ([]abci.ValidatorUpdate, error)`: At the end of each block, this function is called from [`BaseApp`](../../learn/advanced/00-baseapp.md#endblock) and, in turn, calls the [`EndBlock`](./06-beginblock-endblock.md) function of each modules implementing the `module.HasABCIEndBlock` interface, in the order defined in `OrderEndBlockers`. It creates a child [context](../../learn/advanced/02-context.md) with an event manager to aggregate [events](../../learn/advanced/08-events.md) emitted from all modules. The function returns an `abci` which contains the aforementioned events, as well as validator set updates (if any). +* `Precommit(ctx context.Context)`: During [`Commit`](../../learn/advanced/00-baseapp.md#commit), this function is called from `BaseApp` immediately before the [`deliverState`](../../learn/advanced/00-baseapp.md#state-updates) is written to the underlying [`rootMultiStore`](../../learn/advanced/04-store.md#commitmultistore) and, in turn calls the `Precommit` function of each modules implementing the `HasPrecommit` interface, in the order defined in `OrderPrecommiters`. It creates a child [context](../../learn/advanced/02-context.md) where the underlying `CacheMultiStore` is that of the newly committed block's [`finalizeblockstate`](../../learn/advanced/00-baseapp.md#state-updates). +* `PrepareCheckState(ctx context.Context)`: During [`Commit`](../../learn/advanced/00-baseapp.md#commit), this function is called from `BaseApp` immediately after the [`deliverState`](../../learn/advanced/00-baseapp.md#state-updates) is written to the underlying [`rootMultiStore`](../../learn/advanced/04-store.md#commitmultistore) and, in turn calls the `PrepareCheckState` function of each module implementing the `HasPrepareCheckState` interface, in the order defined in `OrderPrepareCheckStaters`. It creates a child [context](../../learn/advanced/02-context.md) where the underlying `CacheMultiStore` is that of the next block's [`checkState`](../../learn/advanced/00-baseapp.md#state-updates). Writes to this state will be present in the [`checkState`](../../learn/advanced/00-baseapp.md#state-updates) of the next block, and therefore this method can be used to prepare the `checkState` for the next block. + +Here's an example of a concrete integration within an `simapp`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/app.go#L510-L533 +``` + +This is the same example from `runtime` (the package that powers app di): + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/runtime/module.go#L63 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/runtime/module.go#L85 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/02-messages-and-queries.md b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/02-messages-and-queries.md new file mode 100644 index 00000000..573c35cd --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/02-messages-and-queries.md @@ -0,0 +1,137 @@ +--- +sidebar_position: 1 +--- + +# Messages and Queries + +:::note Synopsis +`Msg`s and `Queries` are the two primary objects handled by modules. Most of the core components defined in a module, like `Msg` services, `keeper`s and `Query` services, exist to process `message`s and `queries`. +::: + +:::note Pre-requisite Readings + +* [Introduction to Cosmos SDK Modules](./00-intro.md) + +::: + +## Messages + +`Msg`s are objects whose end-goal is to trigger state-transitions. They are wrapped in [transactions](../../learn/advanced/01-transactions.md), which may contain one or more of them. + +When a transaction is relayed from the underlying consensus engine to the Cosmos SDK application, it is first decoded by [`BaseApp`](../../learn/advanced/00-baseapp.md). Then, each message contained in the transaction is extracted and routed to the appropriate module via `BaseApp`'s `MsgServiceRouter` so that it can be processed by the module's [`Msg` service](./03-msg-services.md). For a more detailed explanation of the lifecycle of a transaction, click [here](../../learn/beginner/01-tx-lifecycle.md). + +### `Msg` Services + +Defining Protobuf `Msg` services is the recommended way to handle messages. A Protobuf `Msg` service should be created for each module, typically in `tx.proto` (see more info about [conventions and naming](../../learn/advanced/05-encoding.md#faq)). It must have an RPC service method defined for each message in the module. + + +Each `Msg` service method must have exactly one argument, which must implement the `sdk.Msg` interface, and a Protobuf response. The naming convention is to call the RPC argument `Msg` and the RPC response `MsgResponse`. For example: + +```protobuf + rpc Send(MsgSend) returns (MsgSendResponse); +``` + +See an example of a `Msg` service definition from `x/bank` module: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/bank/v1beta1/tx.proto#L13-L36 +``` + +### `sdk.Msg` Interface + +`sdk.Msg` is a alias of `proto.Message`. + +To attach a `ValidateBasic()` method to a message then you must add methods to the type adhereing to the `HasValidateBasic`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/9c1e8b247cd47b5d3decda6e86fbc3bc996ee5d7/types/tx_msg.go#L84-L88 +``` + +In 0.50+ signers from the `GetSigners()` call is automated via a protobuf annotation. + +Read more about the signer field [here](./05-protobuf-annotations.md). + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/e6848d99b55a65d014375b295bdd7f9641aac95e/proto/cosmos/bank/v1beta1/tx.proto#L40 +``` + +If there is a need for custom signers then there is an alternative path which can be taken. A function which returns `signing.CustomGetSigner` for a specific message can be defined. + +```go +func ProvideBankSendTransactionGetSigners() signing.CustomGetSigner { + + // Extract the signer from the signature. + signer, err := coretypes.LatestSigner(Tx).Sender(ethTx) + if err != nil { + return nil, err + } + + // Return the signer in the required format. + return [][]byte{signer.Bytes()}, nil +} +``` + +When using dependency injection (depinject) this can be provided to the application via the provide method. + +```go +depinject.Provide(banktypes.ProvideBankSendTransactionGetSigners) +``` + +The Cosmos SDK uses Protobuf definitions to generate client and server code: + +* `MsgServer` interface defines the server API for the `Msg` service and its implementation is described as part of the [`Msg` services](./03-msg-services.md) documentation. +* Structures are generated for all RPC request and response types. + +A `RegisterMsgServer` method is also generated and should be used to register the module's `MsgServer` implementation in `RegisterServices` method from the [`AppModule` interface](./01-module-manager.md#appmodule). + +In order for clients (CLI and grpc-gateway) to have these URLs registered, the Cosmos SDK provides the function `RegisterMsgServiceDesc(registry codectypes.InterfaceRegistry, sd *grpc.ServiceDesc)` that should be called inside module's [`RegisterInterfaces`](01-module-manager.md#appmodulebasic) method, using the proto-generated `&_Msg_serviceDesc` as `*grpc.ServiceDesc` argument. + + +## Queries + +A `query` is a request for information made by end-users of applications through an interface and processed by a full-node. A `query` is received by a full-node through its consensus engine and relayed to the application via the ABCI. It is then routed to the appropriate module via `BaseApp`'s `QueryRouter` so that it can be processed by the module's query service (./04-query-services.md). For a deeper look at the lifecycle of a `query`, click [here](../../learn/beginner/02-query-lifecycle.md). + +### gRPC Queries + +Queries should be defined using [Protobuf services](https://developers.google.com/protocol-buffers/docs/proto#services). A `Query` service should be created per module in `query.proto`. This service lists endpoints starting with `rpc`. + +Here's an example of such a `Query` service definition: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/auth/v1beta1/query.proto#L14-L89 +``` + +As `proto.Message`s, generated `Response` types implement by default `String()` method of [`fmt.Stringer`](https://pkg.go.dev/fmt#Stringer). + +A `RegisterQueryServer` method is also generated and should be used to register the module's query server in the `RegisterServices` method from the [`AppModule` interface](./01-module-manager.md#appmodule). + +### Legacy Queries + +Before the introduction of Protobuf and gRPC in the Cosmos SDK, there was usually no specific `query` object defined by module developers, contrary to `message`s. Instead, the Cosmos SDK took the simpler approach of using a simple `path` to define each `query`. The `path` contains the `query` type and all the arguments needed to process it. For most module queries, the `path` should look like the following: + +```text +queryCategory/queryRoute/queryType/arg1/arg2/... +``` + +where: + +* `queryCategory` is the category of the `query`, typically `custom` for module queries. It is used to differentiate between different kinds of queries within `BaseApp`'s [`Query` method](../../learn/advanced/00-baseapp.md#query). +* `queryRoute` is used by `BaseApp`'s [`queryRouter`](../../learn/advanced/00-baseapp.md#query-routing) to map the `query` to its module. Usually, `queryRoute` should be the name of the module. +* `queryType` is used by the module's [`querier`](./04-query-services.md#legacy-queriers) to map the `query` to the appropriate `querier function` within the module. +* `args` are the actual arguments needed to process the `query`. They are filled out by the end-user. Note that for bigger queries, you might prefer passing arguments in the `Data` field of the request `req` instead of the `path`. + +The `path` for each `query` must be defined by the module developer in the module's [command-line interface file](./09-module-interfaces.md#query-commands).Overall, there are 3 mains components module developers need to implement in order to make the subset of the state defined by their module queryable: + +* A [`querier`](./04-query-services.md#legacy-queriers), to process the `query` once it has been [routed to the module](../../learn/advanced/00-baseapp.md#query-routing). +* [Query commands](./09-module-interfaces.md#query-commands) in the module's CLI file, where the `path` for each `query` is specified. +* `query` return types. Typically defined in a file `types/querier.go`, they specify the result type of each of the module's `queries`. These custom types must implement the `String()` method of [`fmt.Stringer`](https://pkg.go.dev/fmt#Stringer). + +### Store Queries + +Store queries query directly for store keys. They use `clientCtx.QueryABCI(req abci.RequestQuery)` to return the full `abci.ResponseQuery` with inclusion Merkle proofs. + +See following examples: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/baseapp/abci.go#L864-L894 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/03-msg-services.md b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/03-msg-services.md new file mode 100644 index 00000000..421e53de --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/03-msg-services.md @@ -0,0 +1,119 @@ +--- +sidebar_position: 1 +--- + +# `Msg` Services + +:::note Synopsis +A Protobuf `Msg` service processes [messages](./02-messages-and-queries.md#messages). Protobuf `Msg` services are specific to the module in which they are defined, and only process messages defined within the said module. They are called from `BaseApp` during [`DeliverTx`](../../learn/advanced/00-baseapp.md#delivertx). +::: + +:::note Pre-requisite Readings + +* [Module Manager](./01-module-manager.md) +* [Messages and Queries](./02-messages-and-queries.md) + +::: + +## Implementation of a module `Msg` service + +Each module should define a Protobuf `Msg` service, which will be responsible for processing requests (implementing `sdk.Msg`) and returning responses. + +As further described in [ADR 031](../architecture/adr-031-msg-service.md), this approach has the advantage of clearly specifying return types and generating server and client code. + +Protobuf generates a `MsgServer` interface based on a definition of `Msg` service. It is the role of the module developer to implement this interface, by implementing the state transition logic that should happen upon receival of each `sdk.Msg`. As an example, here is the generated `MsgServer` interface for `x/bank`, which exposes two `sdk.Msg`s: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/types/tx.pb.go#L550-L568 +``` + +When possible, the existing module's [`Keeper`](./06-keeper.md) should implement `MsgServer`, otherwise a `msgServer` struct that embeds the `Keeper` can be created, typically in `./keeper/msg_server.go`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/keeper/msg_server.go#L17-L19 +``` + +`msgServer` methods can retrieve the `context.Context` from the `context.Context` parameter method using the `sdk.UnwrapSDKContext`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/keeper/msg_server.go#L56 +``` + +`sdk.Msg` processing usually follows these 3 steps: + +### Validation + +The message server must perform all validation required (both *stateful* and *stateless*) to make sure the `message` is valid. +The `signer` is charged for the gas cost of this validation. + +For example, a `msgServer` method for a `transfer` message should check that the sending account has enough funds to actually perform the transfer. + +It is recommended to implement all validation checks in a separate function that passes state values as arguments. This implementation simplifies testing. As expected, expensive validation functions charge additional gas. Example: + +```go +ValidateMsgA(msg MsgA, now Time, gm GasMeter) error { + if now.Before(msg.Expire) { + return sdkerrrors.ErrInvalidRequest.Wrap("msg expired") + } + gm.ConsumeGas(1000, "signature verification") + return signatureVerificaton(msg.Prover, msg.Data) +} +``` + +:::warning +Previously, the `ValidateBasic` method was used to perform simple and stateless validation checks. +This way of validating is deprecated, this means the `msgServer` must perform all validation checks. +::: + +### State Transition + +After the validation is successful, the `msgServer` method uses the [`keeper`](./06-keeper.md) functions to access the state and perform a state transition. + +### Events + +Before returning, `msgServer` methods generally emit one or more [events](../../learn/advanced/08-events.md) by using the `EventManager` held in the `ctx`. Use the new `EmitTypedEvent` function that uses protobuf-based event types: + +```go +ctx.EventManager().EmitTypedEvent( + &group.EventABC{Key1: Value1, Key2, Value2}) +``` + +or the older `EmitEvent` function: + +```go +ctx.EventManager().EmitEvent( + sdk.NewEvent( + eventType, // e.g. sdk.EventTypeMessage for a message, types.CustomEventType for a custom event defined in the module + sdk.NewAttribute(key1, value1), + sdk.NewAttribute(key2, value2), + ), +) +``` + +These events are relayed back to the underlying consensus engine and can be used by service providers to implement services around the application. Click [here](../../learn/advanced/08-events.md) to learn more about events. + +The invoked `msgServer` method returns a `proto.Message` response and an `error`. These return values are then wrapped into an `*sdk.Result` or an `error` using `sdk.WrapServiceResult(ctx context.Context, res proto.Message, err error)`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/baseapp/msg_service_router.go#L160 +``` + +This method takes care of marshaling the `res` parameter to protobuf and attaching any events on the `ctx.EventManager()` to the `sdk.Result`. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/base/abci/v1beta1/abci.proto#L93-L113 +``` + +This diagram shows a typical structure of a Protobuf `Msg` service, and how the message propagates through the module. + +![Transaction flow](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/transaction_flow.svg) + +## Telemetry + +New [telemetry metrics](../../learn/advanced/09-telemetry.md) can be created from `msgServer` methods when handling messages. + +This is an example from the `x/auth/vesting` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/vesting/msg_server.go#L76-L88 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/04-query-services.md b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/04-query-services.md new file mode 100644 index 00000000..a787a0c2 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/04-query-services.md @@ -0,0 +1,57 @@ +--- +sidebar_position: 1 +--- + +# Query Services + +:::note Synopsis +A Protobuf Query service processes [`queries`](./02-messages-and-queries.md#queries). Query services are specific to the module in which they are defined, and only process `queries` defined within said module. They are called from `BaseApp`'s [`Query` method](../../learn/advanced/00-baseapp.md#query). +::: + +:::note Pre-requisite Readings + +* [Module Manager](./01-module-manager.md) +* [Messages and Queries](./02-messages-and-queries.md) + +::: + +## Implementation of a module query service + +### gRPC Service + +When defining a Protobuf `Query` service, a `QueryServer` interface is generated for each module with all the service methods: + +```go +type QueryServer interface { + QueryBalance(context.Context, *QueryBalanceParams) (*types.Coin, error) + QueryAllBalances(context.Context, *QueryAllBalancesParams) (*QueryAllBalancesResponse, error) +} +``` + +These custom queries methods should be implemented by a module's keeper, typically in `./keeper/grpc_query.go`. The first parameter of these methods is a generic `context.Context`. Therefore, the Cosmos SDK provides a function `sdk.UnwrapSDKContext` to retrieve the `context.Context` from the provided +`context.Context`. + +Here's an example implementation for the bank module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/keeper/grpc_query.go +``` + +### Calling queries from the State Machine + +The Cosmos SDK v0.47 introduces a new `cosmos.query.v1.module_query_safe` Protobuf annotation which is used to state that a query that is safe to be called from within the state machine, for example: + +* a Keeper's query function can be called from another module's Keeper, +* ADR-033 intermodule query calls, +* CosmWasm contracts can also directly interact with these queries. + +If the `module_query_safe` annotation set to `true`, it means: + +* The query is deterministic: given a block height it will return the same response upon multiple calls, and doesn't introduce any state-machine breaking changes across SDK patch versions. +* Gas consumption never fluctuates across calls and across patch versions. + +If you are a module developer and want to use `module_query_safe` annotation for your own query, you have to ensure the following things: + +* the query is deterministic and won't introduce state-machine-breaking changes without coordinated upgrades +* it has its gas tracked, to avoid the attack vector where no gas is accounted for + on potentially high-computation queries. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/05-protobuf-annotations.md b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/05-protobuf-annotations.md new file mode 100644 index 00000000..5240112e --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/05-protobuf-annotations.md @@ -0,0 +1,133 @@ +--- +sidebar_position: 1 +--- + +# ProtocolBuffer Annotations + +This document explains the various protobuf scalars that have been added to make working with protobuf easier for Cosmos SDK application developers + +## Signer + +Signer specifies which field should be used to determine the signer of a message for the Cosmos SDK. This field can be used for clients as well to infer which field should be used to determine the signer of a message. + +Read more about the signer field [here](./02-messages-and-queries.md). + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/e6848d99b55a65d014375b295bdd7f9641aac95e/proto/cosmos/bank/v1beta1/tx.proto#L40 +``` + +```proto +option (cosmos.msg.v1.signer) = "from_address"; +``` + +## Scalar + +The scalar type defines a way for clients to understand how to construct protobuf messages according to what is expected by the module and sdk. + +```proto +(cosmos_proto.scalar) = "cosmos.AddressString" +``` + +Example of account address string scalar: + +```proto reference +https://github.com/cosmos/cosmos-sdk/blob/e6848d99b55a65d014375b295bdd7f9641aac95e/proto/cosmos/bank/v1beta1/tx.proto#L46 +``` + +Example of validator address string scalar: + +```proto reference +https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/distribution/v1beta1/query.proto#L87 +``` + +Example of Decimals scalar: + +```proto reference +https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/distribution/v1beta1/distribution.proto#L26 +``` + +Example of Int scalar: + +```proto reference +https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/gov/v1/gov.proto#L137 +``` + +There are a few options for what can be provided as a scalar: `cosmos.AddressString`, `cosmos.ValidatorAddressString`, `cosmos.ConsensusAddressString`, `cosmos.Int`, `cosmos.Dec`. + +## Implements_Interface + +Implement interface is used to provide information to client tooling like [telescope](https://github.com/cosmology-tech/telescope) on how to encode and decode protobuf messages. + +```proto +option (cosmos_proto.implements_interface) = "cosmos.auth.v1beta1.AccountI"; +``` + +## Method,Field,Message Added In + +`method_added_in`, `field_added_in` and `message_added_in` are annotations to denotate to clients that a field has been supported in a later version. This is useful when new methods or fields are added in later versions and that the client needs to be aware of what it can call. + +The annotation should be worded as follow: + +```proto +option (cosmos_proto.method_added_in) = "cosmos-sdk v0.50.1"; +option (cosmos_proto.method_added_in) = "x/epochs v1.0.0"; +option (cosmos_proto.method_added_in) = "simapp v24.0.0"; +``` + +## Amino + +The amino codec was removed in `v0.50+`, this means there is not a need register `legacyAminoCodec`. To replace the amino codec, Amino protobuf annotations are used to provide information to the amino codec on how to encode and decode protobuf messages. + +:::note +Amino annotations are only used for backwards compatibility with amino. New modules are not required use amino annotations. +::: + +The below annotations are used to provide information to the amino codec on how to encode and decode protobuf messages in a backwards compatible manner. + +### Name + +Name specifies the amino name that would show up for the user in order for them see which message they are signing. + +```proto +option (amino.name) = "cosmos-sdk/BaseAccount"; +``` + +```proto reference +https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/bank/v1beta1/tx.proto#L41 +``` + +### Field_Name + +Field name specifies the amino name that would show up for the user in order for them see which field they are signing. + +```proto +uint64 height = 1 [(amino.field_name) = "public_key"]; +``` + +```proto reference +https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/distribution/v1beta1/distribution.proto#L166 +``` + +### Dont_OmitEmpty + +Dont omitempty specifies that the field should not be omitted when encoding to amino. + +```proto +repeated cosmos.base.v1beta1.Coin amount = 3 [(amino.dont_omitempty) = true]; +``` + +```proto reference +https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/bank/v1beta1/bank.proto#L56 +``` + +### Encoding + +Encoding instructs the amino json marshaler how to encode certain fields that may differ from the standard encoding behaviour. The most common example of this is how `repeated cosmos.base.v1beta1.Coin` is encoded when using the amino json encoding format. The `legacy_coins` option tells the json marshaler [how to encode a null slice](https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/x/tx/signing/aminojson/json_marshal.go#L65) of `cosmos.base.v1beta1.Coin`. + +```proto +(amino.encoding) = "legacy_coins", +``` + +```proto reference +https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/bank/v1beta1/genesis.proto#L23 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/06-beginblock-endblock.md b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/06-beginblock-endblock.md new file mode 100644 index 00000000..a8eafdf6 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/06-beginblock-endblock.md @@ -0,0 +1,47 @@ +--- +sidebar_position: 1 +--- + +# BeginBlocker and EndBlocker + +:::note Synopsis +`BeginBlocker` and `EndBlocker` are optional methods module developers can implement in their module. They will be triggered at the beginning and at the end of each block respectively, when the [`BeginBlock`](../../learn/advanced/00-baseapp.md#beginblock) and [`EndBlock`](../../learn/advanced/00-baseapp.md#endblock) ABCI messages are received from the underlying consensus engine. +::: + +:::note Pre-requisite Readings + +* [Module Manager](./01-module-manager.md) + +::: + +## BeginBlocker and EndBlocker + +`BeginBlocker` and `EndBlocker` are a way for module developers to add automatic execution of logic to their module. This is a powerful tool that should be used carefully, as complex automatic functions can slow down or even halt the chain. + +In 0.47.0, Prepare and Process Proposal were added that allow app developers to do arbitrary work at those phases, but they do not influence the work that will be done in BeginBlock. If an application required `BeginBlock` to execute prior to any sort of work is done then this is not possible today (0.50.0). + +When needed, `BeginBlocker` and `EndBlocker` are implemented as part of the [`HasBeginBlocker`, `HasABCIEndBlocker` and `EndBlocker` interfaces](./01-module-manager.md#appmodule). This means either can be left-out if not required. The `BeginBlock` and `EndBlock` methods of the interface implemented in `module.go` generally defer to `BeginBlocker` and `EndBlocker` methods respectively, which are usually implemented in `abci.go`. + +The actual implementation of `BeginBlocker` and `EndBlocker` in `abci.go` are very similar to that of a [`Msg` service](./03-msg-services.md): + +* They generally use the [`keeper`](./06-keeper.md) and [`ctx`](../../learn/advanced/02-context.md) to retrieve information about the latest state. +* If needed, they use the `keeper` and `ctx` to trigger state-transitions. +* If needed, they can emit [`events`](../../learn/advanced/08-events.md) via the `ctx`'s `EventManager`. + +A specific type of `EndBlocker` is available to return validator updates to the underlying consensus engine in the form of an [`[]abci.ValidatorUpdates`](https://docs.cometbft.com/v0.37/spec/abci/abci++_methods#endblock). This is the preferred way to implement custom validator changes. + +It is possible for developers to define the order of execution between the `BeginBlocker`/`EndBlocker` functions of each of their application's modules via the module's manager `SetOrderBeginBlocker`/`SetOrderEndBlocker` methods. For more on the module manager, click [here](./01-module-manager.md#manager). + +See an example implementation of `BeginBlocker` from the `distribution` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/distribution/abci.go#L14-L38 +``` + +and an example implementation of `EndBlocker` from the `staking` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/staking/keeper/abci.go#L22-L27 +``` + + diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/06-keeper.md b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/06-keeper.md new file mode 100644 index 00000000..399ec648 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/06-keeper.md @@ -0,0 +1,92 @@ +--- +sidebar_position: 1 +--- + +# Keepers + +:::note Synopsis +`Keeper`s refer to a Cosmos SDK abstraction whose role is to manage access to the subset of the state defined by various modules. `Keeper`s are module-specific, i.e. the subset of state defined by a module can only be accessed by a `keeper` defined in said module. If a module needs to access the subset of state defined by another module, a reference to the second module's internal `keeper` needs to be passed to the first one. This is done in `app.go` during the instantiation of module keepers. +::: + +:::note Pre-requisite Readings + +* [Introduction to Cosmos SDK Modules](./00-intro.md) + +::: + +## Motivation + +The Cosmos SDK is a framework that makes it easy for developers to build complex decentralized applications from scratch, mainly by composing modules together. As the ecosystem of open-source modules for the Cosmos SDK expands, it will become increasingly likely that some of these modules contain vulnerabilities, as a result of the negligence or malice of their developer. + +The Cosmos SDK adopts an [object-capabilities-based approach](../../learn/advanced/10-ocap.md) to help developers better protect their application from unwanted inter-module interactions, and `keeper`s are at the core of this approach. A `keeper` can be considered quite literally to be the gatekeeper of a module's store(s). Each store (typically an [`IAVL` Store](../../learn/advanced/04-store.md#iavl-store)) defined within a module comes with a `storeKey`, which grants unlimited access to it. The module's `keeper` holds this `storeKey` (which should otherwise remain unexposed), and defines [methods](#implementing-methods) for reading and writing to the store(s). + +The core idea behind the object-capabilities approach is to only reveal what is necessary to get the work done. In practice, this means that instead of handling permissions of modules through access-control lists, module `keeper`s are passed a reference to the specific instance of the other modules' `keeper`s that they need to access (this is done in the [application's constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function)). As a consequence, a module can only interact with the subset of state defined in another module via the methods exposed by the instance of the other module's `keeper`. This is a great way for developers to control the interactions that their own module can have with modules developed by external developers. + +## Type Definition + +`keeper`s are generally implemented in a `/keeper/keeper.go` file located in the module's folder. By convention, the type `keeper` of a module is simply named `Keeper` and usually follows the following structure: + +```go +type Keeper struct { + // External keepers, if any + + // Store key(s) + + // codec + + // authority +} +``` + +For example, here is the type definition of the `keeper` from the `staking` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/staking/keeper/keeper.go#L23-L31 +``` + +Let us go through the different parameters: + +* An expected `keeper` is a `keeper` external to a module that is required by the internal `keeper` of said module. External `keeper`s are listed in the internal `keeper`'s type definition as interfaces. These interfaces are themselves defined in an `expected_keepers.go` file in the root of the module's folder. In this context, interfaces are used to reduce the number of dependencies, as well as to facilitate the maintenance of the module itself. +* `storeKey`s grant access to the store(s) of the [multistore](../../learn/advanced/04-store.md) managed by the module. They should always remain unexposed to external modules. +* `cdc` is the [codec](../../learn/advanced/05-encoding.md) used to marshall and unmarshall structs to/from `[]byte`. The `cdc` can be any of `codec.BinaryCodec`, `codec.JSONCodec` or `codec.Codec` based on your requirements. It can be either a proto or amino codec as long as they implement these interfaces. +* The authority listed is a module account or user account that has the right to change module level parameters. Previously this was handled by the param module, which has been deprecated. + +Of course, it is possible to define different types of internal `keeper`s for the same module (e.g. a read-only `keeper`). Each type of `keeper` comes with its own constructor function, which is called from the [application's constructor function](../../learn/beginner/00-app-anatomy.md). This is where `keeper`s are instantiated, and where developers make sure to pass correct instances of modules' `keeper`s to other modules that require them. + +## Implementing Methods + +`Keeper`s primarily expose getter and setter methods for the store(s) managed by their module. These methods should remain as simple as possible and strictly be limited to getting or setting the requested value, as validity checks should have already been performed by the [`Msg` server](./03-msg-services.md) when `keeper`s' methods are called. + +Typically, a *getter* method will have the following signature + +```go +func (k Keeper) Get(ctx context.Context, key string) returnType +``` + +and the method will go through the following steps: + +1. Retrieve the appropriate store from the `ctx` using the `storeKey`. This is done through the `KVStore(storeKey sdk.StoreKey)` method of the `ctx`. Then it's preferred to use the `prefix.Store` to access only the desired limited subset of the store for convenience and safety. +2. If it exists, get the `[]byte` value stored at location `[]byte(key)` using the `Get(key []byte)` method of the store. +3. Unmarshall the retrieved value from `[]byte` to `returnType` using the codec `cdc`. Return the value. + +Similarly, a *setter* method will have the following signature + +```go +func (k Keeper) Set(ctx context.Context, key string, value valueType) +``` + +and the method will go through the following steps: + +1. Retrieve the appropriate store from the `ctx` using the `storeKey`. This is done through the `KVStore(storeKey sdk.StoreKey)` method of the `ctx`. It's preferred to use the `prefix.Store` to access only the desired limited subset of the store for convenience and safety. +2. Marshal `value` to `[]byte` using the codec `cdc`. +3. Set the encoded value in the store at location `key` using the `Set(key []byte, value []byte)` method of the store. + +For more, see an example of `keeper`'s [methods implementation from the `staking` module](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/staking/keeper/keeper.go). + +The [module `KVStore`](../../learn/advanced/04-store.md#kvstore-and-commitkvstore-interfaces) also provides an `Iterator()` method which returns an `Iterator` object to iterate over a domain of keys. + +This is an example from the `auth` module to iterate accounts: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/keeper/account.go +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/07-invariants.md b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/07-invariants.md new file mode 100644 index 00000000..018796f7 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/07-invariants.md @@ -0,0 +1,90 @@ +--- +sidebar_position: 1 +--- + +# Invariants + +:::note Synopsis +An invariant is a property of the application that should always be true. In the context of the Cosmos SDK, an `Invariant` is a function that checks for a particular invariant. These functions are useful to detect bugs early on and act upon them to limit their potential consequences (e.g. by halting the chain). They are also useful in the development process of the application to detect bugs via simulations. +::: + +:::note Pre-requisite Readings + +* [Keepers](./06-keeper.md) + +::: + +## Implementing `Invariant`s + +An `Invariant` is a function that checks for a particular invariant within a module. Module `Invariant`s must follow the `Invariant` type: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/invariant.go#L9 +``` + +The `string` return value is the invariant message, which can be used when printing logs, and the `bool` return value is the actual result of the invariant check. + +In practice, each module implements `Invariant`s in a `keeper/invariants.go` file within the module's folder. The standard is to implement one `Invariant` function per logical grouping of invariants with the following model: + +```go +// Example for an Invariant that checks balance-related invariants + +func BalanceInvariants(k Keeper) sdk.Invariant { + return func(ctx context.Context) (string, bool) { + // Implement checks for balance-related invariants + } +} +``` + +Additionally, module developers should generally implement an `AllInvariants` function that runs all the `Invariant`s functions of the module: + +```go +// AllInvariants runs all invariants of the module. +// In this example, the module implements two Invariants: BalanceInvariants and DepositsInvariants + +func AllInvariants(k Keeper) sdk.Invariant { + + return func(ctx context.Context) (string, bool) { + res, stop := BalanceInvariants(k)(ctx) + if stop { + return res, stop + } + + return DepositsInvariant(k)(ctx) + } +} +``` + +Finally, module developers need to implement the `RegisterInvariants` method as part of the [`AppModule` interface](./01-module-manager.md#appmodule). Indeed, the `RegisterInvariants` method of the module, implemented in the `module/module.go` file, typically only defers the call to a `RegisterInvariants` method implemented in the `keeper/invariants.go` file. The `RegisterInvariants` method registers a route for each `Invariant` function in the [`InvariantRegistry`](#invariant-registry): + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/staking/keeper/invariants.go#L12-L22 +``` + +For more, see an example of [`Invariant`s implementation from the `staking` module](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/staking/keeper/invariants.go). + +## Invariant Registry + +The `InvariantRegistry` is a registry where the `Invariant`s of all the modules of an application are registered. There is only one `InvariantRegistry` per **application**, meaning module developers need not implement their own `InvariantRegistry` when building a module. **All module developers need to do is to register their modules' invariants in the `InvariantRegistry`, as explained in the section above**. The rest of this section gives more information on the `InvariantRegistry` itself, and does not contain anything directly relevant to module developers. + +At its core, the `InvariantRegistry` is defined in the Cosmos SDK as an interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/types/invariant.go#L14-L17 +``` + +Typically, this interface is implemented in the `keeper` of a specific module. The most used implementation of an `InvariantRegistry` can be found in the `crisis` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/crisis/keeper/keeper.go#L48-L50 +``` + +The `InvariantRegistry` is therefore typically instantiated by instantiating the `keeper` of the `crisis` module in the [application's constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). + +`Invariant`s can be checked manually via [`message`s](./02-messages-and-queries.md), but most often they are checked automatically at the end of each block. Here is an example from the `crisis` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/crisis/abci.go#L13-L23 +``` + +In both cases, if one of the `Invariant`s returns false, the `InvariantRegistry` can trigger special logic (e.g. have the application panic and print the `Invariant`s message in the log). diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/08-genesis.md b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/08-genesis.md new file mode 100644 index 00000000..7abb21fb --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/08-genesis.md @@ -0,0 +1,78 @@ +--- +sidebar_position: 1 +--- + +# Module Genesis + +:::note Synopsis +Modules generally handle a subset of the state and, as such, they need to define the related subset of the genesis file as well as methods to initialize, verify and export it. +::: + +:::note Pre-requisite Readings + +* [Module Manager](./01-module-manager.md) +* [Keepers](./06-keeper.md) + +::: + +## Type Definition + +The subset of the genesis state defined from a given module is generally defined in a `genesis.proto` file ([more info](../../learn/advanced/05-encoding.md#gogoproto) on how to define protobuf messages). The struct defining the module's subset of the genesis state is usually called `GenesisState` and contains all the module-related values that need to be initialized during the genesis process. + +See an example of `GenesisState` protobuf message definition from the `auth` module: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/auth/v1beta1/genesis.proto +``` + +Next we present the main genesis-related methods that need to be implemented by module developers in order for their module to be used in Cosmos SDK applications. + +### `DefaultGenesis` + +The `DefaultGenesis()` method is a simple method that calls the constructor function for `GenesisState` with the default value for each parameter. See an example from the `auth` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/module.go#L63-L67 +``` + +### `ValidateGenesis` + +The `ValidateGenesis(data GenesisState)` method is called to verify that the provided `genesisState` is correct. It should perform validity checks on each of the parameters listed in `GenesisState`. See an example from the `auth` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/types/genesis.go#L62-L75 +``` + +## Other Genesis Methods + +Other than the methods related directly to `GenesisState`, module developers are expected to implement two other methods as part of the [`AppModuleGenesis` interface](./01-module-manager.md#appmodulegenesis) (only if the module needs to initialize a subset of state in genesis). These methods are [`InitGenesis`](#initgenesis) and [`ExportGenesis`](#exportgenesis). + +### `InitGenesis` + +The `InitGenesis` method is executed during [`InitChain`](../../learn/advanced/00-baseapp.md#initchain) when the application is first started. Given a `GenesisState`, it initializes the subset of the state managed by the module by using the module's [`keeper`](./06-keeper.md) setter function on each parameter within the `GenesisState`. + +The [module manager](./01-module-manager.md#manager) of the application is responsible for calling the `InitGenesis` method of each of the application's modules in order. This order is set by the application developer via the manager's `SetOrderGenesisMethod`, which is called in the [application's constructor function](../../learn/beginner/00-app-anatomy.md#constructor-function). + +See an example of `InitGenesis` from the `auth` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/keeper/genesis.go#L8-L35 +``` + +### `ExportGenesis` + +The `ExportGenesis` method is executed whenever an export of the state is made. It takes the latest known version of the subset of the state managed by the module and creates a new `GenesisState` out of it. This is mainly used when the chain needs to be upgraded via a hard fork. + +See an example of `ExportGenesis` from the `auth` module. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/keeper/genesis.go#L37-L49 +``` + +### GenesisTxHandler + +`GenesisTxHandler` is a way for modules to submit state transitions prior to the first block. This is used by `x/genutil` to submit the genesis transactions for the validators to be added to staking. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/core/genesis/txhandler.go#L3-L6 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/09-module-interfaces.md b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/09-module-interfaces.md new file mode 100644 index 00000000..4552baef --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/09-module-interfaces.md @@ -0,0 +1,164 @@ +--- +sidebar_position: 1 +--- + +# Module Interfaces + +:::note Synopsis +This document details how to build CLI and REST interfaces for a module. Examples from various Cosmos SDK modules are included. +::: + +:::note Pre-requisite Readings + +* [Building Modules Intro](./00-intro.md) + +::: + +## CLI + +One of the main interfaces for an application is the [command-line interface](../../learn/advanced/07-cli.md). This entrypoint adds commands from the application's modules enabling end-users to create [**messages**](./02-messages-and-queries.md#messages) wrapped in transactions and [**queries**](./02-messages-and-queries.md#queries). The CLI files are typically found in the module's `./client/cli` folder. + +### Transaction Commands + +In order to create messages that trigger state changes, end-users must create [transactions](../../learn/advanced/01-transactions.md) that wrap and deliver the messages. A transaction command creates a transaction that includes one or more messages. + +Transaction commands typically have their own `tx.go` file that lives within the module's `./client/cli` folder. The commands are specified in getter functions and the name of the function should include the name of the command. + +Here is an example from the `x/bank` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/client/cli/tx.go#L37-L76 +``` + +In the example, `NewSendTxCmd()` creates and returns the transaction command for a transaction that wraps and delivers `MsgSend`. `MsgSend` is the message used to send tokens from one account to another. + +In general, the getter function does the following: + +* **Constructs the command:** Read the [Cobra Documentation](https://pkg.go.dev/github.com/spf13/cobra) for more detailed information on how to create commands. + * **Use:** Specifies the format of the user input required to invoke the command. In the example above, `send` is the name of the transaction command and `[from_key_or_address]`, `[to_address]`, and `[amount]` are the arguments. + * **Args:** The number of arguments the user provides. In this case, there are exactly three: `[from_key_or_address]`, `[to_address]`, and `[amount]`. + * **Short and Long:** Descriptions for the command. A `Short` description is expected. A `Long` description can be used to provide additional information that is displayed when a user adds the `--help` flag. + * **RunE:** Defines a function that can return an error. This is the function that is called when the command is executed. This function encapsulates all of the logic to create a new transaction. + * The function typically starts by getting the `clientCtx`, which can be done with `client.GetClientTxContext(cmd)`. The `clientCtx` contains information relevant to transaction handling, including information about the user. In this example, the `clientCtx` is used to retrieve the address of the sender by calling `clientCtx.GetFromAddress()`. + * If applicable, the command's arguments are parsed. In this example, the arguments `[to_address]` and `[amount]` are both parsed. + * A [message](./02-messages-and-queries.md) is created using the parsed arguments and information from the `clientCtx`. The constructor function of the message type is called directly. In this case, `types.NewMsgSend(fromAddr, toAddr, amount)`. Its good practice to call, if possible, the necessary [message validation methods](../building-modules/03-msg-services.md#Validation) before broadcasting the message. + * Depending on what the user wants, the transaction is either generated offline or signed and broadcasted to the preconfigured node using `tx.GenerateOrBroadcastTxCLI(clientCtx, flags, msg)`. +* **Adds transaction flags:** All transaction commands must add a set of transaction [flags](#flags). The transaction flags are used to collect additional information from the user (e.g. the amount of fees the user is willing to pay). The transaction flags are added to the constructed command using `AddTxFlagsToCmd(cmd)`. +* **Returns the command:** Finally, the transaction command is returned. + +Each module can implement `NewTxCmd()`, which aggregates all of the transaction commands of the module. Here is an example from the `x/bank` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/client/cli/tx.go#L20-L35 +``` + +Each module then can also implement a `GetTxCmd()` method that simply returns `NewTxCmd()`. This allows the root command to easily aggregate all of the transaction commands for each module. Here is an example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/module.go#L84-L86 +``` + +### Query Commands + +:::warning +This section is being rewritten. Refer to [AutoCLI](https://docs.cosmos.network/main/core/autocli) while this section is being updated. +::: + + + +## gRPC + +[gRPC](https://grpc.io/) is a Remote Procedure Call (RPC) framework. RPC is the preferred way for external clients like wallets and exchanges to interact with a blockchain. + +In addition to providing an ABCI query pathway, the Cosmos SDK provides a gRPC proxy server that routes gRPC query requests to ABCI query requests. + +In order to do that, modules must implement `RegisterGRPCGatewayRoutes(clientCtx client.Context, mux *runtime.ServeMux)` on `AppModuleBasic` to wire the client gRPC requests to the correct handler inside the module. + +Here's an example from the `x/auth` module: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/auth/module.go#L71-L76 +``` + +## gRPC-gateway REST + +Applications need to support web services that use HTTP requests (e.g. a web wallet like [Keplr](https://keplr.app)). [grpc-gateway](https://github.com/grpc-ecosystem/grpc-gateway) translates REST calls into gRPC calls, which might be useful for clients that do not use gRPC. + +Modules that want to expose REST queries should add `google.api.http` annotations to their `rpc` methods, such as in the example below from the `x/auth` module: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/auth/v1beta1/query.proto#L14-L89 +``` + +gRPC gateway is started in-process along with the application and CometBFT. It can be enabled or disabled by setting gRPC Configuration `enable` in [`app.toml`](../run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml). + +The Cosmos SDK provides a command for generating [Swagger](https://swagger.io/) documentation (`protoc-gen-swagger`). Setting `swagger` in [`app.toml`](../run-node/01-run-node.md#configuring-the-node-using-apptoml-and-configtoml) defines if swagger documentation should be automatically registered. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/11-structure.md b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/11-structure.md new file mode 100644 index 00000000..71a5b3cc --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/11-structure.md @@ -0,0 +1,95 @@ +--- +sidebar_position: 1 +--- + +# Recommended Folder Structure + +:::note Synopsis +This document outlines the recommended structure of Cosmos SDK modules. These ideas are meant to be applied as suggestions. Application developers are encouraged to improve upon and contribute to module structure and development design. +::: + +## Structure + +A typical Cosmos SDK module can be structured as follows: + +```shell +proto +└── {project_name} +    └── {module_name} +    └── {proto_version} +       ├── {module_name}.proto +       ├── event.proto +       ├── genesis.proto +       ├── query.proto +       └── tx.proto +``` + +* `{module_name}.proto`: The module's common message type definitions. +* `event.proto`: The module's message type definitions related to events. +* `genesis.proto`: The module's message type definitions related to genesis state. +* `query.proto`: The module's Query service and related message type definitions. +* `tx.proto`: The module's Msg service and related message type definitions. + +```shell +x/{module_name} +├── client +│   ├── cli +│   │ ├── query.go +│   │   └── tx.go +│   └── testutil +│   ├── cli_test.go +│   └── suite.go +├── exported +│   └── exported.go +├── keeper +│   ├── genesis.go +│   ├── grpc_query.go +│   ├── hooks.go +│   ├── invariants.go +│   ├── keeper.go +│   ├── keys.go +│   ├── msg_server.go +│   └── querier.go +├── module +│   └── module.go +│   └── abci.go +│   └── autocli.go +├── simulation +│   ├── decoder.go +│   ├── genesis.go +│   ├── operations.go +│   └── params.go +├── {module_name}.pb.go +├── codec.go +├── errors.go +├── events.go +├── events.pb.go +├── expected_keepers.go +├── genesis.go +├── genesis.pb.go +├── keys.go +├── msgs.go +├── params.go +├── query.pb.go +├── tx.pb.go +└── README.md +``` + +* `client/`: The module's CLI client functionality implementation and the module's CLI testing suite. +* `exported/`: The module's exported types - typically interface types. If a module relies on keepers from another module, it is expected to receive the keepers as interface contracts through the `expected_keepers.go` file (see below) in order to avoid a direct dependency on the module implementing the keepers. However, these interface contracts can define methods that operate on and/or return types that are specific to the module that is implementing the keepers and this is where `exported/` comes into play. The interface types that are defined in `exported/` use canonical types, allowing for the module to receive the keepers as interface contracts through the `expected_keepers.go` file. This pattern allows for code to remain DRY and also alleviates import cycle chaos. +* `keeper/`: The module's `Keeper` and `MsgServer` implementation. +* `module/`: The module's `AppModule` and `AppModuleBasic` implementation. + * `abci.go`: The module's `BeginBlocker` and `EndBlocker` implementations (this file is only required if `BeginBlocker` and/or `EndBlocker` need to be defined). + * `autocli.go`: The module [autocli](https://docs.cosmos.network/main/core/autocli) options. +* `simulation/`: The module's [simulation](./14-simulator.md) package defines functions used by the blockchain simulator application (`simapp`). +* `REAMDE.md`: The module's specification documents outlining important concepts, state storage structure, and message and event type definitions. Learn more how to write module specs in the [spec guidelines](../spec/SPEC_MODULE.md). +* The root directory includes type definitions for messages, events, and genesis state, including the type definitions generated by Protocol Buffers. + * `codec.go`: The module's registry methods for interface types. + * `errors.go`: The module's sentinel errors. + * `events.go`: The module's event types and constructors. + * `expected_keepers.go`: The module's [expected keeper](./06-keeper.md#type-definition) interfaces. + * `genesis.go`: The module's genesis state methods and helper functions. + * `keys.go`: The module's store keys and associated helper functions. + * `msgs.go`: The module's message type definitions and associated methods. + * `params.go`: The module's parameter type definitions and associated methods. + * `*.pb.go`: The module's type definitions generated by Protocol Buffers (as defined in the respective `*.proto` files above). diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/12-errors.md b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/12-errors.md new file mode 100644 index 00000000..214ab70e --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/12-errors.md @@ -0,0 +1,56 @@ +--- +sidebar_position: 1 +--- + +# Errors + +:::note Synopsis +This document outlines the recommended usage and APIs for error handling in Cosmos SDK modules. +::: + +Modules are encouraged to define and register their own errors to provide better +context on failed message or handler execution. Typically, these errors should be +common or general errors which can be further wrapped to provide additional specific +execution context. + +## Registration + +Modules should define and register their custom errors in `x/{module}/errors.go`. +Registration of errors is handled via the [`errors` package](https://github.com/cosmos/cosmos-sdk/blob/main/errors/errors.go). + +Example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/distribution/types/errors.go +``` + +Each custom module error must provide the codespace, which is typically the module name +(e.g. "distribution") and is unique per module, and a uint32 code. Together, the codespace and code +provide a globally unique Cosmos SDK error. Typically, the code is monotonically increasing but does not +necessarily have to be. The only restrictions on error codes are the following: + +* Must be greater than one, as a code value of one is reserved for internal errors. +* Must be unique within the module. + +Note, the Cosmos SDK provides a core set of *common* errors. These errors are defined in [`types/errors/errors.go`](https://github.com/cosmos/cosmos-sdk/blob/main/types/errors/errors.go). + +## Wrapping + +The custom module errors can be returned as their concrete type as they already fulfill the `error` +interface. However, module errors can be wrapped to provide further context and meaning to failed +execution. + +Example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/keeper/keeper.go#L141-L182 +``` + +Regardless if an error is wrapped or not, the Cosmos SDK's `errors` package provides a function to determine if +an error is of a particular kind via `Is`. + +## ABCI + +If a module error is registered, the Cosmos SDK `errors` package allows ABCI information to be extracted +through the `ABCIInfo` function. The package also provides `ResponseCheckTx` and `ResponseDeliverTx` as +auxiliary functions to automatically get `CheckTx` and `DeliverTx` responses from an error. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/13-upgrade.md b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/13-upgrade.md new file mode 100644 index 00000000..908a6a06 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/13-upgrade.md @@ -0,0 +1,63 @@ +--- +sidebar_position: 1 +--- + +# Upgrading Modules + +:::note Synopsis +[In-Place Store Migrations](../../learn/advanced/15-upgrade.md) allow your modules to upgrade to new versions that include breaking changes. This document outlines how to build modules to take advantage of this functionality. +::: + +:::note Pre-requisite Readings + +* [In-Place Store Migration](../../learn/advanced/15-upgrade.md) + +::: + +## Consensus Version + +Successful upgrades of existing modules require each `AppModule` to implement the function `ConsensusVersion() uint64`. + +* The versions must be hard-coded by the module developer. +* The initial version **must** be set to 1. + +Consensus versions serve as state-breaking versions of app modules and must be incremented when the module introduces breaking changes. + +## Registering Migrations + +To register the functionality that takes place during a module upgrade, you must register which migrations you want to take place. + +Migration registration takes place in the `Configurator` using the `RegisterMigration` method. The `AppModule` reference to the configurator is in the `RegisterServices` method. + +You can register one or more migrations. If you register more than one migration script, list the migrations in increasing order and ensure there are enough migrations that lead to the desired consensus version. For example, to migrate to version 3 of a module, register separate migrations for version 1 and version 2 as shown in the following example: + +```go +func (am AppModule) RegisterServices(cfg module.Configurator) { + // --snip-- + cfg.RegisterMigration(types.ModuleName, 1, func(ctx sdk.Context) error { + // Perform in-place store migrations from ConsensusVersion 1 to 2. + }) + cfg.RegisterMigration(types.ModuleName, 2, func(ctx sdk.Context) error { + // Perform in-place store migrations from ConsensusVersion 2 to 3. + }) +} +``` + +Since these migrations are functions that need access to a Keeper's store, use a wrapper around the keepers called `Migrator` as shown in this example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/keeper/migrations.go +``` + +## Writing Migration Scripts + +To define the functionality that takes place during an upgrade, write a migration script and place the functions in a `migrations/` directory. For example, to write migration scripts for the bank module, place the functions in `x/bank/migrations/`. Use the recommended naming convention for these functions. For example, `v2bank` is the script that migrates the package `x/bank/migrations/v2`: + +```go +// Migrating bank module from version 1 to 2 +func (m Migrator) Migrate1to2(ctx sdk.Context) error { + return v2bank.MigrateStore(ctx, m.keeper.storeKey) // v2bank is package `x/bank/migrations/v2`. +} +``` + +To see example code of changes that were implemented in a migration of balance keys, check out [migrateBalanceKeys](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/migrations/v2/store.go#L55-L76). For context, this code introduced migrations of the bank store that updated addresses to be prefixed by their length in bytes as outlined in [ADR-028](../architecture/adr-028-public-key-addresses.md). diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/14-simulator.md b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/14-simulator.md new file mode 100644 index 00000000..78a186bc --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/14-simulator.md @@ -0,0 +1,176 @@ +--- +sidebar_position: 1 +--- + +# Module Simulation + +:::note Pre-requisite Readings + +* [Cosmos Blockchain Simulator](../../learn/advanced/12-simulation.md) + +::: + +## Synopsis + +This document guides developers on integrating their custom modules with the Cosmos SDK `Simulations`. +Simulations are useful for testing edge cases in module implementations. + +* [Simulation Package](#simulation-package) +* [Simulation App Module](#simulation-app-module) +* [SimsX](#simsx) + * [Example Implementations](#example-implementations) +* [Store decoders](#store-decoders) +* [Randomized genesis](#randomized-genesis) +* [Random weighted operations](#random-weighted-operations) + * [Using Simsx](#using-simsx) +* [App Simulator manager](#app-simulator-manager) +* [Running Simulations](#running-simulations) + + + +## Simulation Package + +The Cosmos SDK suggests organizing your simulation related code in a `x//simulation` package. + +## Simulation App Module + +To integrate with the Cosmos SDK `SimulationManager`, app modules must implement the `AppModuleSimulation` interface. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/3c6deab626648e47de752c33dac5d06af83e3ee3/types/module/simulation.go#L16-L27 +``` + +See an example implementation of these methods from `x/distribution` [here](https://github.com/cosmos/cosmos-sdk/blob/b55b9e14fb792cc8075effb373be9d26327fddea/x/distribution/module.go#L170-L194). + +## SimsX + +Cosmos SDK v0.53.0 introduced a new package, `simsx`, providing improved DevX for writing simulation code. + +It exposes the following extension interfaces that modules may implement to integrate with the new `simsx` runner. +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/testutil/simsx/runner.go#L223-L234 +``` + +These methods allow constructing randomized messages and/or proposal messages. + +:::tip +Note that modules should **not** implement both `HasWeightedOperationsX` and `HasWeightedOperationsXWithProposals`. +See the runner code [here](https://github.com/cosmos/cosmos-sdk/blob/main/testutil/simsx/runner.go#L330-L339) for details + +If the module does **not** have message handlers or governance proposal handlers, these interface methods do **not** need to be implemented. +::: + +### Example Implementations + +- `HasWeightedOperationsXWithProposals`: [x/gov](https://github.com/cosmos/cosmos-sdk/blob/main/x/gov/module.go#L242-L261) +- `HasWeightedOperationsX`: [x/bank](https://github.com/cosmos/cosmos-sdk/blob/main/x/bank/module.go#L199-L203) +- `HasProposalMsgsX`: [x/bank](https://github.com/cosmos/cosmos-sdk/blob/main/x/bank/module.go#L194-L197) + +## Store decoders + +Registering the store decoders is required for the `AppImportExport` simulation. This allows +for the key-value pairs from the stores to be decoded to their corresponding types. +In particular, it matches the key to a concrete type and then unmarshalls the value from the `KVPair` to the type provided. + +Modules using [collections](https://github.com/cosmos/cosmos-sdk/blob/main/collections/README.md) can use the `NewStoreDecoderFuncFromCollectionsSchema` function that builds the decoder for you: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/x/bank/module.go#L181-L184 +``` + +Modules not using collections must manually build the store decoder. +See the implementation [here](https://github.com/cosmos/cosmos-sdk/blob/main/x/distribution/simulation/decoder.go) from the distribution module for an example. + +## Randomized genesis + +The simulator tests different scenarios and values for genesis parameters. +App modules must implement a `GenerateGenesisState` method to generate the initial random `GenesisState` from a given seed. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/types/module/simulation.go#L20 +``` + +See an example from `x/auth` [here](https://github.com/cosmos/cosmos-sdk/blob/main/x/auth/module.go#L169-L172). + +Once the module's genesis parameters are generated randomly (or with the key and +values defined in a `params` file), they are marshaled to JSON format and added +to the app genesis JSON for the simulation. + +## Random weighted operations + +Operations are one of the crucial parts of the Cosmos SDK simulation. They are the transactions +(`Msg`) that are simulated with random field values. The sender of the operation +is also assigned randomly. + +Operations on the simulation are simulated using the full [transaction cycle](../../learn/advanced/01-transactions.md) of a +`ABCI` application that exposes the `BaseApp`. + +### Using Simsx + +Simsx introduces the ability to define a `MsgFactory` for each of a module's messages. + +These factories are registered in `WeightedOperationsX` and/or `ProposalMsgsX`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/x/distribution/module.go#L196-L206 +``` + +Note that the name passed in to `weights.Get` must match the name of the operation set in the `WeightedOperations`. + +For example, if the module contains an operation `op_weight_msg_set_withdraw_address`, the name passed to `weights.Get` should be `msg_set_withdraw_address`. + +See the `x/distribution` for an example of implementing message factories [here](https://github.com/cosmos/cosmos-sdk/blob/main/x/distribution/simulation/msg_factory.go) + +## App Simulator manager + +The following step is setting up the `SimulatorManager` at the app level. This +is required for the simulation test files in the next step. + +```go +type CoolApp struct { +... +sm *module.SimulationManager +} +``` + +Within the constructor of the application, construct the simulation manager using the modules from `ModuleManager` and call the `RegisterStoreDecoders` method. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/simapp/app.go#L650-L660 +``` + +Note that you may override some modules. +This is useful if the existing module configuration in the `ModuleManager` should be different in the `SimulationManager`. + +Finally, the application should expose the `SimulationManager` via the following method defined in the `Runtime` interface: + +```go +// SimulationManager implements the SimulationApp interface +func (app *SimApp) SimulationManager() *module.SimulationManager { +return app.sm +} +``` + +## Running Simulations + +To run the simulation, use the `simsx` runner. + +Call the following function from the `simsx` package to begin simulating with a default seed: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/testutil/simsx/runner.go#L69-L88 +``` + +If a custom seed is desired, tests should use `RunWithSeed`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/b55b9e14fb792cc8075effb373be9d26327fddea/testutil/simsx/runner.go#L151-L168 +``` + +These functions should be called in tests (i.e., app_test.go, app_sim_test.go, etc.) + +Example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/simapp/sim_test.go#L53-L65 +``` \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/15-depinject.md b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/15-depinject.md new file mode 100644 index 00000000..31603638 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/15-depinject.md @@ -0,0 +1,124 @@ +--- +sidebar_position: 1 +--- + +# Modules depinject-ready + +:::note Pre-requisite Readings + +* [Depinject Documentation](../packages/01-depinject.md) + +::: + +[`depinject`](../packages/01-depinject.md) is used to wire any module in `app.go`. +All core modules are already configured to support dependency injection. + +To work with `depinject` a module must define its configuration and requirements so that `depinject` can provide the right dependencies. + +In brief, as a module developer, the following steps are required: + +1. Define the module configuration using Protobuf +2. Define the module dependencies in `x/{moduleName}/module.go` + +A chain developer can then use the module by following these two steps: + +1. Configure the module in `app_config.go` or `app.yaml` +2. Inject the module in `app.go` + +## Module Configuration + +The module available configuration is defined in a Protobuf file, located at `{moduleName}/module/v1/module.proto`. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/group/module/v1/module.proto +``` + +* `go_import` must point to the Go package of the custom module. +* Message fields define the module configuration. + That configuration can be set in the `app_config.go` / `app.yaml` file for a chain developer to configure the module. + Taking `group` as example, a chain developer is able to decide, thanks to `uint64 max_metadata_len`, what the maximum metadata length allowed for a group proposal is. + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/simapp/app_config.go#L228-L234 + ``` + +That message is generated using [`pulsar`](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/scripts/protocgen-pulsar.sh) (by running `make proto-gen`). +In the case of the `group` module, this file is generated here: https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/api/cosmos/group/module/v1/module.pulsar.go. + +The part that is relevant for the module configuration is: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/api/cosmos/group/module/v1/module.pulsar.go#L515-L527 +``` + +:::note +Pulsar is optional. The official [`protoc-gen-go`](https://developers.google.com/protocol-buffers/docs/reference/go-generated) can be used as well. +::: + +## Dependency Definition + +Once the configuration proto is defined, the module's `module.go` must define what dependencies are required by the module. +The boilerplate is similar for all modules. + +:::warning +All methods, structs and their fields must be public for `depinject`. +::: + +1. Import the module configuration generated package: + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/group/module/module.go#L12-L14 + ``` + + Define an `init()` function for defining the `providers` of the module configuration: + This registers the module configuration message and the wiring of the module. + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/group/module/module.go#L194-L199 + ``` + +2. Ensure that the module implements the `appmodule.AppModule` interface: + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.47.0/x/group/module/module.go#L58-L64 + ``` + +3. Define a struct that inherits `depinject.In` and define the module inputs (i.e. module dependencies): + * `depinject` provides the right dependencies to the module. + * `depinject` also checks that all dependencies are provided. + + :::tip + For making a dependency optional, add the `optional:"true"` struct tag. + ::: + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/group/module/module.go#L201-L211 + ``` + +4. Define the module outputs with a public struct that inherits `depinject.Out`: + The module outputs are the dependencies that the module provides to other modules. It is usually the module itself and its keeper. + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/group/module/module.go#L213-L218 + ``` + +5. Create a function named `ProvideModule` (as called in 1.) and use the inputs for instantiating the module outputs. + + ```go reference + https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/group/module/module.go#L220-L235 + ``` + +The `ProvideModule` function should return an instance of `cosmossdk.io/core/appmodule.AppModule` which implements +one or more app module extension interfaces for initializing the module. + +Following is the complete app wiring configuration for `group`: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/group/module/module.go#L194-L235 +``` + +The module is now ready to be used with `depinject` by a chain developer. + +## Integrate in an application + +The App Wiring is done in `app_config.go` / `app.yaml` and `app_di.go` and is explained in detail in the [overview of `app_di.go`](../building-apps/01-app-go-di.md). diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/16-testing.md b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/16-testing.md new file mode 100644 index 00000000..3dc4c341 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/16-testing.md @@ -0,0 +1,124 @@ +--- +sidebar_position: 1 +--- + +# Testing + +The Cosmos SDK contains different types of [tests](https://martinfowler.com/articles/practical-test-pyramid.html). +These tests have different goals and are used at different stages of the development cycle. +We advice, as a general rule, to use tests at all stages of the development cycle. +It is adviced, as a chain developer, to test your application and modules in a similar way than the SDK. + +The rationale behind testing can be found in [ADR-59](https://docs.cosmos.network/main/build/architecture/adr-059-test-scopes). + +## Unit Tests + +Unit tests are the lowest test category of the [test pyramid](https://martinfowler.com/articles/practical-test-pyramid.html). +All packages and modules should have unit test coverage. Modules should have their dependencies mocked: this means mocking keepers. + +The SDK uses `mockgen` to generate mocks for keepers: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/scripts/mockgen.sh#L3-L6 +``` + +You can read more about mockgen [here](https://go.uber.org/mock). + +### Example + +As an example, we will walkthrough the [keeper tests](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/gov/keeper/keeper_test.go) of the `x/gov` module. + +The `x/gov` module has a `Keeper` type, which requires a few external dependencies (ie. imports outside `x/gov` to work properly). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/gov/keeper/keeper.go#L22-L24 +``` + +In order to only test `x/gov`, we mock the [expected keepers](https://docs.cosmos.network/v0.46/building-modules/keeper.html#type-definition) and instantiate the `Keeper` with the mocked dependencies. Note that we may need to configure the mocked dependencies to return the expected values: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/gov/keeper/common_test.go#L68-L82 +``` + +This allows us to test the `x/gov` module without having to import other modules. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/gov/keeper/keeper_test.go#L3-L42 +``` + +We can test then create unit tests using the newly created `Keeper` instance. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/gov/keeper/keeper_test.go#L83-L107 +``` + +## Integration Tests + +Integration tests are at the second level of the [test pyramid](https://martinfowler.com/articles/practical-test-pyramid.html). +In the SDK, we locate our integration tests under [`/tests/integrations`](https://github.com/cosmos/cosmos-sdk/tree/main/tests/integration). + +The goal of these integration tests is to test how a component interacts with other dependencies. Compared to unit tests, integration tests do not mock dependencies. Instead, they use the direct dependencies of the component. This differs as well from end-to-end tests, which test the component with a full application. + +Integration tests interact with the tested module via the defined `Msg` and `Query` services. The result of the test can be verified by checking the state of the application, by checking the emitted events or the response. It is adviced to combine two of these methods to verify the result of the test. + +The SDK provides small helpers for quickly setting up an integration tests. These helpers can be found at . + +### Example + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/a2f73a7dd37bea0ab303792c55fa1e4e1db3b898/testutil/integration/example_test.go#L30-L116 +``` + +## Deterministic and Regression tests + +Tests are written for queries in the Cosmos SDK which have `module_query_safe` Protobuf annotation. + +Each query is tested using 2 methods: + +* Use property-based testing with the [`rapid`](https://pkg.go.dev/pgregory.net/rapid@v0.5.3) library. The property that is tested is that the query response and gas consumption are the same upon 1000 query calls. +* Regression tests are written with hardcoded responses and gas, and verify they don't change upon 1000 calls and between SDK patch versions. + +Here's an example of regression tests: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/tests/integration/bank/keeper/deterministic_test.go#L143-L160 +``` + +## Simulations + +Simulations uses as well a minimal application, built with [`depinject`](../packages/01-depinject.md): + +:::note +You can as well use the `AppConfig` `configurator` for creating an `AppConfig` [inline](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/slashing/app_test.go#L54-L62). There is no difference between those two ways, use whichever you prefer. +::: + +Following is an example for `x/gov/` simulations: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/gov/simulation/operations_test.go#L415-L441 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/gov/simulation/operations_test.go#L94-L136 +``` + +## End-to-end Tests + +End-to-end tests are at the top of the [test pyramid](https://martinfowler.com/articles/practical-test-pyramid.html). +They must test the whole application flow, from the user perspective (for instance, CLI tests). They are located under [`/tests/e2e`](https://github.com/cosmos/cosmos-sdk/tree/main/tests/e2e). + + +For that, the SDK is using `simapp` but you should use your own application (`appd`). +Here are some examples: + +* SDK E2E tests: . +* Cosmos Hub E2E tests: . +* Osmosis E2E tests: . + +:::note warning +The SDK is in the process of creating its E2E tests, as defined in [ADR-59](https://docs.cosmos.network/main/architecture/adr-059-test-scopes.html). This page will eventually be updated with better examples. +::: + +## Learn More + +Learn more about testing scope in [ADR-59](https://docs.cosmos.network/main/architecture/adr-059-test-scopes.html). diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/17-preblock.md b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/17-preblock.md new file mode 100644 index 00000000..a79646bd --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/17-preblock.md @@ -0,0 +1,31 @@ +--- +sidebar_position: 1 +--- + +# PreBlocker + +:::note Synopsis +`PreBlocker` is optional method module developers can implement in their module. They will be triggered before [`BeginBlock`](../../learn/advanced/00-baseapp.md#beginblock). +::: + +:::note Pre-requisite Readings + +* [Module Manager](./01-module-manager.md) + +::: + +## PreBlocker + +There are two semantics around the new lifecycle method: + +- It runs before the `BeginBlocker` of all modules +- It can modify consensus parameters in storage, and signal the caller through the return value. + +When it returns `ConsensusParamsChanged=true`, the caller must refresh the consensus parameter in the deliver context: +``` +app.finalizeBlockState.ctx = app.finalizeBlockState.ctx.WithConsensusParams(app.GetConsensusParams()) +``` + +The new ctx must be passed to all the other lifecycle methods. + + diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/_category_.json b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/_category_.json new file mode 100644 index 00000000..2d50f8b3 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/building-modules/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Building Modules", + "position": 1, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/migrations/01-intro.md b/copy-of-sdk-versioned_docs/version-0.53/build/migrations/01-intro.md new file mode 100644 index 00000000..47c5c245 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/migrations/01-intro.md @@ -0,0 +1,15 @@ +--- +sidebar_position: 1 +--- + +# SDK Migrations + +To smoothen the update to the latest stable release, the SDK includes a CLI command for hard-fork migrations (under the ` genesis migrate` subcommand). +Additionally, the SDK includes in-place migrations for its core modules. These in-place migrations are useful to migrate between major releases. + +* Hard-fork migrations are supported from the last major release to the current one. +* [In-place module migrations](https://docs.cosmos.network/main/core/upgrade#overwriting-genesis-functions) are supported from the last two major releases to the current one. + +Migration from a version older than the last two major releases is not supported. + +When migrating from a previous version, refer to the [`UPGRADING.md`](./02-upgrading.md) and the `CHANGELOG.md` of the version you are migrating to. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/migrations/02-upgrade-reference.md b/copy-of-sdk-versioned_docs/version-0.53/build/migrations/02-upgrade-reference.md new file mode 100644 index 00000000..598dd519 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/migrations/02-upgrade-reference.md @@ -0,0 +1,227 @@ +# Upgrade Reference + +This document provides a quick reference for the upgrades from `v0.50.x` to `v0.53.x` of Cosmos SDK. + +Note, always read the **App Wiring Changes** section for more information on application wiring updates. + +🚨Upgrading to v0.53.x will require a **coordinated** chain upgrade.🚨 + +### TLDR; + +Unordered transactions, `x/protocolpool`, and `x/epoch` are the major new features added in v0.53.x. + +We also added the ability to add a `CheckTx` handler and enabled ed25519 signature verification. + +For a full list of changes, see the [Changelog](https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/CHANGELOG.md). + +### Unordered Transactions + +The Cosmos SDK now supports unordered transactions. _This is an opt-in feature_. + +Clients that use this feature may now submit their transactions in a fire-and-forget manner to chains that enabled unordered transactions. + +To submit an unordered transaction, clients must set the `unordered` flag to +`true` and ensure a reasonable `timeout_timestamp` is set. The `timeout_timestamp` is +used as a TTL for the transaction and provides replay protection. Each transaction's `timeout_timestamp` must be +unique to the account; however, the difference may be as small as a nanosecond. See [ADR-070](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-070-unordered-transactions.md) for more details. + +Note that unordered transactions require sequence values to be zero, and will **FAIL** if a non-zero sequence value is set. +Please ensure no sequence value is set when submitting an unordered transaction. +Services that rely on prior assumptions about sequence values should be updated to handle unordered transactions. +Services should be aware that when the transaction is unordered, the transaction sequence will always be zero. + +#### Enabling Unordered Transactions + +To enable unordered transactions, supply the `WithUnorderedTransactions` option to the `x/auth` keeper: + +```go + app.AccountKeeper = authkeeper.NewAccountKeeper( + appCodec, + runtime.NewKVStoreService(keys[authtypes.StoreKey]), + authtypes.ProtoBaseAccount, + maccPerms, + authcodec.NewBech32Codec(sdk.Bech32MainPrefix), + sdk.Bech32MainPrefix, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + authkeeper.WithUnorderedTransactions(true), // new option! + ) +``` + +If using dependency injection, update the auth module config. + +```go + { + Name: authtypes.ModuleName, + Config: appconfig.WrapAny(&authmodulev1.Module{ + Bech32Prefix: "cosmos", + ModuleAccountPermissions: moduleAccPerms, + EnableUnorderedTransactions: true, // remove this line if you do not want unordered transactions. + }), + }, +``` + +By default, unordered transactions use a transaction timeout duration of 10 minutes and a default gas charge of 2240 gas units. +To modify these default values, pass in the corresponding options to the new `SigVerifyOptions` field in `x/auth's` `ante.HandlerOptions`. + +```go +options := ante.HandlerOptions{ + SigVerifyOptions: []ante.SigVerificationDecoratorOption{ + // change below as needed. + ante.WithUnorderedTxGasCost(ante.DefaultUnorderedTxGasCost), + ante.WithMaxUnorderedTxTimeoutDuration(ante.DefaultMaxTimoutDuration), + }, +} +``` + +```go +anteDecorators := []sdk.AnteDecorator{ + // ... other decorators ... + ante.NewSigVerificationDecorator(options.AccountKeeper, options.SignModeHandler, options.SigVerifyOptions...), // supply new options +} +``` + +### App Wiring Changes + +In this section, we describe the required app wiring changes to run a v0.53.x Cosmos SDK application. + +**These changes are directly applicable to your application wiring.** + +The `x/auth` module now contains a `PreBlocker` that _must_ be set in the module manager's `SetOrderPreBlockers` method. + +```go +app.ModuleManager.SetOrderPreBlockers( + upgradetypes.ModuleName, + authtypes.ModuleName, // NEW +) +``` + +That's it. + +### New Modules + +Below are some **optional** new modules you can include in your chain. +To see a full example of wiring these modules, please check out the [SimApp](https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/simapp/app.go). + +#### Epochs + +⚠️Adding this module requires a `StoreUpgrade`⚠️ + +The new, supplemental `x/epochs` module provides Cosmos SDK modules functionality to register and execute custom logic at fixed time-intervals. + +Required wiring: +- Keeper Instantiation +- StoreKey addition +- Hooks Registration +- App Module Registration +- entry in SetOrderBeginBlockers +- entry in SetGenesisModuleOrder +- entry in SetExportModuleOrder + +#### ProtocolPool + +:::warning + +Using `protocolpool` will cause the following `x/distribution` handlers to return an error: + + +**QueryService** + +- `CommunityPool` + +**MsgService** + +- `CommunityPoolSpend` +- `FundCommunityPool` + +If you have services that rely on this functionality from `x/distribution`, please update them to use the `x/protocolpool` equivalents. + +::: + +⚠️Adding this module requires a `StoreUpgrade`⚠️ + +The new, supplemental `x/protocolpool` module provides extended functionality for managing and distributing block reward revenue. + +Required wiring: +- Module Account Permissions + - protocolpooltypes.ModuleName (nil) + - protocolpooltypes.ProtocolPoolEscrowAccount (nil) +- Keeper Instantiation +- StoreKey addition +- Passing the keeper to the Distribution Keeper + - `distrkeeper.WithExternalCommunityPool(app.ProtocolPoolKeeper)` +- App Module Registration +- entry in SetOrderBeginBlockers +- entry in SetOrderEndBlockers +- entry in SetGenesisModuleOrder +- entry in SetExportModuleOrder **before `x/bank`** + +## Custom Minting Function in `x/mint` + +This release introduces the ability to configure a custom mint function in `x/mint`. The minting logic is now abstracted as a `MintFn` with a default implementation that can be overridden. + +### What’s New + +- **Configurable Mint Function:** + A new `MintFn` abstraction is introduced. By default, the module uses `DefaultMintFn`, but you can supply your own implementation. + +- **Deprecated InflationCalculationFn Parameter:** + The `InflationCalculationFn` argument previously provided to `mint.NewAppModule()` is now ignored and must be `nil`. To customize the default minter’s inflation behavior, wrap your custom function with `mintkeeper.DefaultMintFn` and pass it via the `WithMintFn` option: + +```go + mintkeeper.WithMintFn(mintkeeper.DefaultMintFn(customInflationFn)) +``` + +### How to Upgrade + +1. **Using the Default Minting Function** + + No action is needed if you’re happy with the default behavior. Make sure your application wiring initializes the MintKeeper like this: + +```go + mintKeeper := mintkeeper.NewKeeper( + appCodec, + storeService, + stakingKeeper, + accountKeeper, + bankKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) +``` + +2. **Using a Custom Minting Function** + + To use a custom minting function, define it as follows and pass it you your mintKeeper when constructing it: + +```go +func myCustomMintFunc(ctx sdk.Context, k *mintkeeper.Keeper) { + // do minting... +} + +// ... + mintKeeper := mintkeeper.NewKeeper( + appCodec, + storeService, + stakingKeeper, + accountKeeper, + bankKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + mintkeeper.WithMintFn(myCustomMintFunc), // Use custom minting function + ) +``` + +### Misc Changes + +#### Testnet's init-files Command + +Some changes were made to `testnet`'s `init-files` command to support our new testing framework, `Systemtest`. + +##### Flag Changes + +- The flag for validator count was changed from `--v` to `--validator-count`(shorthand: `-v`). + +##### Flag Additions +- `--staking-denom` allows changing the default stake denom, `stake`. +- `--commit-timeout` enables changing the commit timeout of the chain. +- `--single-host` enables running a multi-node network on a single host. This bumps each subsequent node's network addresses by 1. For example, node1's gRPC address will be 9090, node2's 9091, etc... \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/migrations/03-upgrade-guide.md b/copy-of-sdk-versioned_docs/version-0.53/build/migrations/03-upgrade-guide.md new file mode 100644 index 00000000..84ec6e7e --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/migrations/03-upgrade-guide.md @@ -0,0 +1,503 @@ +# Upgrade Guide + +This document provides a full guide for upgrading a Cosmos SDK chain from `v0.50.x` to `v0.53.x`. + +This guide includes one **required** change and three **optional** features. + +After completing this guide, applications will have: + +- The `x/protocolpool` module +- The `x/epochs` module +- Unordered Transaction support + +## Table of Contents + +- [App Wiring Changes (REQUIRED)](#app-wiring-changes-required) +- [Adding ProtocolPool Module (OPTIONAL)](#adding-protocolpool-module-optional) + - [ProtocolPool Manual Wiring](#protocolpool-manual-wiring) + - [ProtocolPool DI Wiring](#protocolpool-di-wiring) +- [Adding Epochs Module (OPTIONAL)](#adding-epochs-module-optional) + - [Epochs Manual Wiring](#epochs-manual-wiring) + - [Epochs DI Wiring](#epochs-di-wiring) +- [Enable Unordered Transactions (OPTIONAL)](#enable-unordered-transactions-optional) +- [Upgrade Handler](#upgrade-handler) + +## App Wiring Changes **REQUIRED** + +The `x/auth` module now contains a `PreBlocker` that _must_ be set in the module manager's `SetOrderPreBlockers` method. + +```go +app.ModuleManager.SetOrderPreBlockers( + upgradetypes.ModuleName, + authtypes.ModuleName, // NEW +) +``` + +## Adding ProtocolPool Module **OPTIONAL** + +:::warning + +Using an external community pool such as `x/protocolpool` will cause the following `x/distribution` handlers to return an error: + +**QueryService** + +- `CommunityPool` + +**MsgService** + +- `CommunityPoolSpend` +- `FundCommunityPool` + +If your services depend on this functionality from `x/distribution`, please update them to use either `x/protocolpool` or your custom external community pool alternatives. + +::: + +### Manual Wiring + +Import the following: + +```go +import ( + // ... + "github.com/cosmos/cosmos-sdk/x/protocolpool" + protocolpoolkeeper "github.com/cosmos/cosmos-sdk/x/protocolpool/keeper" + protocolpooltypes "github.com/cosmos/cosmos-sdk/x/protocolpool/types" +) +``` + +Set the module account permissions. + +```go +maccPerms = map[string][]string{ + // ... + protocolpooltypes.ModuleName: nil, + protocolpooltypes.ProtocolPoolEscrowAccount: nil, +} +``` + +Add the protocol pool keeper to your application struct. + +```go +ProtocolPoolKeeper protocolpoolkeeper.Keeper +``` + +Add the store key: + +```go +keys := storetypes.NewKVStoreKeys( + // ... + protocolpooltypes.StoreKey, +) +``` + +Instantiate the keeper. + +Make sure to do this before the distribution module instantiation, as you will pass the keeper there next. + +```go +app.ProtocolPoolKeeper = protocolpoolkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[protocolpooltypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), +) +``` + +Pass the protocolpool keeper to the distribution keeper: + +```go +app.DistrKeeper = distrkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[distrtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + app.StakingKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + distrkeeper.WithExternalCommunityPool(app.ProtocolPoolKeeper), // NEW +) +``` + +Add the protocolpool module to the module manager: + +```go +app.ModuleManager = module.NewManager( + // ... + protocolpool.NewAppModule(appCodec, app.ProtocolPoolKeeper, app.AccountKeeper, app.BankKeeper), +) +``` + +Add an entry for SetOrderBeginBlockers, SetOrderEndBlockers, SetOrderInitGenesis, and SetOrderExportGenesis. + +```go +app.ModuleManager.SetOrderBeginBlockers( + // must come AFTER distribution. + distrtypes.ModuleName, + protocolpooltypes.ModuleName, +) +``` + +```go +app.ModuleManager.SetOrderEndBlockers( + // order does not matter. + protocolpooltypes.ModuleName, +) +``` + +```go +app.ModuleManager.SetOrderInitGenesis( + // order does not matter. + protocolpooltypes.ModuleName, +) +``` + +```go +app.ModuleManager.SetOrderInitGenesis( + protocolpooltypes.ModuleName, // must be exported before bank. + banktypes.ModuleName, +) +``` + +### DI Wiring + +Note: _as long as an external community pool keeper (here, `x/protocolpool`) is wired in DI configs, `x/distribution` will automatically use it for its external pool._ + +First, set up the keeper for the application. + +Import the protocolpool keeper: + +```go +protocolpoolkeeper "github.com/cosmos/cosmos-sdk/x/protocolpool/keeper" +``` + +Add the keeper to your application struct: + +```go +ProtocolPoolKeeper protocolpoolkeeper.Keeper +``` + +Add the keeper to the depinject system: + +```go +depinject.Inject( + appConfig, + &appBuilder, + &app.appCodec, + &app.legacyAmino, + &app.txConfig, + &app.interfaceRegistry, + // ... other modules + &app.ProtocolPoolKeeper, // NEW MODULE! +) +``` + +Next, set up configuration for the module. + +Import the following: + +```go +import ( + protocolpoolmodulev1 "cosmossdk.io/api/cosmos/protocolpool/module/v1" + + _ "github.com/cosmos/cosmos-sdk/x/protocolpool" // import for side-effects + protocolpooltypes "github.com/cosmos/cosmos-sdk/x/protocolpool/types" +) +``` + +The protocolpool module has module accounts that handle funds. Add them to the module account permission configuration: + +```go +moduleAccPerms = []*authmodulev1.ModuleAccountPermission{ + // ... + {Account: protocolpooltypes.ModuleName}, + {Account: protocolpooltypes.ProtocolPoolEscrowAccount}, +} +``` + +Next, add an entry for BeginBlockers, EndBlockers, InitGenesis, and ExportGenesis. + +```go +BeginBlockers: []string{ + // ... + // must be AFTER distribution. + distrtypes.ModuleName, + protocolpooltypes.ModuleName, +}, +``` + +```go +EndBlockers: []string{ + // ... + // order for protocolpool does not matter. + protocolpooltypes.ModuleName, +}, +``` + +```go +InitGenesis: []string{ + // ... must be AFTER distribution. + distrtypes.ModuleName, + protocolpooltypes.ModuleName, +}, +``` + +```go +ExportGenesis: []string{ + // ... + // Must be exported before x/bank. + protocolpooltypes.ModuleName, + banktypes.ModuleName, +}, +``` + +Lastly, add an entry for protocolpool in the ModuleConfig. + +```go +{ + Name: protocolpooltypes.ModuleName, + Config: appconfig.WrapAny(&protocolpoolmodulev1.Module{}), +}, +``` + +## Adding Epochs Module **OPTIONAL** + +### Manual Wiring + +Import the following: + +```go +import ( + // ... + "github.com/cosmos/cosmos-sdk/x/epochs" + epochskeeper "github.com/cosmos/cosmos-sdk/x/epochs/keeper" + epochstypes "github.com/cosmos/cosmos-sdk/x/epochs/types" +) +``` + +Add the epochs keeper to your application struct: + +```go +EpochsKeeper epochskeeper.Keeper +``` + +Add the store key: + +```go +keys := storetypes.NewKVStoreKeys( + // ... + epochstypes.StoreKey, +) +``` + +Instantiate the keeper: + +```go +app.EpochsKeeper = epochskeeper.NewKeeper( + runtime.NewKVStoreService(keys[epochstypes.StoreKey]), + appCodec, +) +``` + +Set up hooks for the epochs keeper: + +To learn how to write hooks for the epoch keeper, see the [x/epoch README](https://github.com/cosmos/cosmos-sdk/blob/main/x/epochs/README.md) + +```go +app.EpochsKeeper.SetHooks( + epochstypes.NewMultiEpochHooks( + // insert epoch hooks receivers here + app.SomeOtherModule + ), +) +``` + +Add the epochs module to the module manager: + +```go +app.ModuleManager = module.NewManager( + // ... + epochs.NewAppModule(appCodec, app.EpochsKeeper), +) +``` + +Add entries for SetOrderBeginBlockers and SetOrderInitGenesis: + +```go +app.ModuleManager.SetOrderBeginBlockers( + // ... + epochstypes.ModuleName, +) +``` + +```go +app.ModuleManager.SetOrderInitGenesis( + // ... + epochstypes.ModuleName, +) +``` + +### DI Wiring + +First, set up the keeper for the application. + +Import the epochs keeper: + +```go +epochskeeper "github.com/cosmos/cosmos-sdk/x/epochs/keeper" +``` + +Add the keeper to your application struct: + +```go +EpochsKeeper epochskeeper.Keeper +``` + +Add the keeper to the depinject system: + +```go +depinject.Inject( + appConfig, + &appBuilder, + &app.appCodec, + &app.legacyAmino, + &app.txConfig, + &app.interfaceRegistry, + // ... other modules + &app.EpochsKeeper, // NEW MODULE! +) +``` + +Next, set up configuration for the module. + +Import the following: + +```go +import ( + epochsmodulev1 "cosmossdk.io/api/cosmos/epochs/module/v1" + + _ "github.com/cosmos/cosmos-sdk/x/epochs" // import for side-effects + epochstypes "github.com/cosmos/cosmos-sdk/x/epochs/types" +) +``` + +Add an entry for BeginBlockers and InitGenesis: + +```go +BeginBlockers: []string{ + // ... + epochstypes.ModuleName, +}, +``` + +```go +InitGenesis: []string{ + // ... + epochstypes.ModuleName, +}, +``` + +Lastly, add an entry for epochs in the ModuleConfig: + +```go +{ + Name: epochstypes.ModuleName, + Config: appconfig.WrapAny(&epochsmodulev1.Module{}), +}, +``` + +## Enable Unordered Transactions **OPTIONAL** + +To enable unordered transaction support on an application, the `x/auth` keeper must be supplied with the `WithUnorderedTransactions` option. + +Note that unordered transactions require sequence values to be zero, and will **FAIL** if a non-zero sequence value is set. +Please ensure no sequence value is set when submitting an unordered transaction. +Services that rely on prior assumptions about sequence values should be updated to handle unordered transactions. +Services should be aware that when the transaction is unordered, the transaction sequence will always be zero. + +```go + app.AccountKeeper = authkeeper.NewAccountKeeper( + appCodec, + runtime.NewKVStoreService(keys[authtypes.StoreKey]), + authtypes.ProtoBaseAccount, + maccPerms, + authcodec.NewBech32Codec(sdk.Bech32MainPrefix), + sdk.Bech32MainPrefix, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + authkeeper.WithUnorderedTransactions(true), // new option! + ) +``` + +If using dependency injection, update the auth module config. + +```go + { + Name: authtypes.ModuleName, + Config: appconfig.WrapAny(&authmodulev1.Module{ + Bech32Prefix: "cosmos", + ModuleAccountPermissions: moduleAccPerms, + EnableUnorderedTransactions: true, // remove this line if you do not want unordered transactions. + }), + }, +``` + +By default, unordered transactions use a transaction timeout duration of 10 minutes and a default gas charge of 2240 gas units. +To modify these default values, pass in the corresponding options to the new `SigVerifyOptions` field in `x/auth's` `ante.HandlerOptions`. + +```go +options := ante.HandlerOptions{ + SigVerifyOptions: []ante.SigVerificationDecoratorOption{ + // change below as needed. + ante.WithUnorderedTxGasCost(ante.DefaultUnorderedTxGasCost), + ante.WithMaxUnorderedTxTimeoutDuration(ante.DefaultMaxTimoutDuration), + }, +} +``` + +```go +anteDecorators := []sdk.AnteDecorator{ + // ... other decorators ... + ante.NewSigVerificationDecorator(options.AccountKeeper, options.SignModeHandler, options.SigVerifyOptions...), // supply new options +} +``` + +## Upgrade Handler + +The upgrade handler only requires adding the store upgrades for the modules added above. +If your application is not adding `x/protocolpool` or `x/epochs`, you do not need to add the store upgrade. + +```go +// UpgradeName defines the on-chain upgrade name for the sample SimApp upgrade +// from v050 to v053. +// +// NOTE: This upgrade defines a reference implementation of what an upgrade +// could look like when an application is migrating from Cosmos SDK version +// v0.50.x to v0.53.x. +const UpgradeName = "v050-to-v053" + +func (app SimApp) RegisterUpgradeHandlers() { + app.UpgradeKeeper.SetUpgradeHandler( + UpgradeName, + func(ctx context.Context, _ upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + return app.ModuleManager.RunMigrations(ctx, app.Configurator(), fromVM) + }, + ) + + upgradeInfo, err := app.UpgradeKeeper.ReadUpgradeInfoFromDisk() + if err != nil { + panic(err) + } + + if upgradeInfo.Name == UpgradeName && !app.UpgradeKeeper.IsSkipHeight(upgradeInfo.Height) { + storeUpgrades := storetypes.StoreUpgrades{ + Added: []string{ + epochstypes.ModuleName, // if not adding x/epochs to your chain, remove this line. + protocolpooltypes.ModuleName, // if not adding x/protocolpool to your chain, remove this line. + }, + } + + // configure store loader that checks if version == upgradeHeight and applies store upgrades + app.SetStoreLoader(upgradetypes.UpgradeStoreLoader(upgradeInfo.Height, &storeUpgrades)) + } +} +``` \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/migrations/_category_.json b/copy-of-sdk-versioned_docs/version-0.53/build/migrations/_category_.json new file mode 100644 index 00000000..5a06c3eb --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/migrations/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Migrations", + "position": 3, + "link": null +} diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/modules/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/modules/README.md new file mode 100644 index 00000000..979a544f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/modules/README.md @@ -0,0 +1,63 @@ +--- +sidebar_position: 0 +--- + +# List of Modules + +Here are some production-grade modules that can be used in Cosmos SDK applications, along with their respective documentation: + +## Essential Modules + +Essential modules include functionality that _must_ be included in your Cosmos SDK blockchain. +These modules provide the core behaviors that are needed for users and operators such as balance tracking, +proof-of-stake capabilities and governance. + +* [Auth](./auth/README.md) - Authentication of accounts and transactions for Cosmos SDK applications. +* [Bank](./bank/README.md) - Token transfer functionalities. +* [Circuit](./circuit/README.md) - Circuit breaker module for pausing messages. +* [Consensus](./consensus/README.md) - Consensus module for modifying CometBFT's ABCI consensus params. +* [Distribution](./distribution/README.md) - Fee distribution, and staking token provision distribution. +* [Evidence](./evidence/README.md) - Evidence handling for double signing, misbehaviour, etc. +* [Governance](./gov/README.md) - On-chain proposals and voting. +* [Genutil](./genutil/README.md) - Genesis utilities for the Cosmos SDK. +* [Mint](./mint/README.md) - Creation of new units of staking token. +* [Slashing](./slashing/README.md) - Validator punishment mechanisms. +* [Staking](./staking/README.md) - Proof-of-Stake layer for public blockchains. +* [Upgrade](./upgrade/README.md) - Software upgrades handling and coordination. + +## Supplementary Modules + +Supplementary modules are modules that are maintained in the Cosmos SDK but are not necessary for +the core functionality of your blockchain. They can be thought of as ways to extend the +capabilities of your blockchain or further specialize it. + +* [Authz](./authz/README.md) - Authorization for accounts to perform actions on behalf of other accounts. +* [Epochs](./epochs/README.md) - Registration so SDK modules can have logic to be executed at the timed tickers. +* [Feegrant](./feegrant/README.md) - Grant fee allowances for executing transactions. +* [Group](./group/README.md) - Allows for the creation and management of on-chain multisig accounts. +* [NFT](./nft/README.md) - NFT module implemented based on [ADR43](https://docs.cosmos.network/main/architecture/adr-043-nft-module.html). +* [ProtocolPool](./protocolpool/README.md) - Extended management of community pool functionality. + +## Deprecated Modules + +The following modules are deprecated. They will no longer be maintained and eventually will be removed +in an upcoming release of the Cosmos SDK per our [release process](https://github.com/cosmos/cosmos-sdk/blob/main/RELEASE_PROCESS.md). + +* [Crisis](./crisis/README.md) - *Deprecated* halting the blockchain under certain circumstances (e.g. if an invariant is broken). +* [Params](./params/README.md) - *Deprecated* Globally available parameter store. + +To learn more about the process of building modules, visit the [building modules reference documentation](https://docs.cosmos.network/main/building-modules/intro). + +## IBC + +The IBC module for the SDK is maintained by the IBC Go team in its [own repository](https://github.com/cosmos/ibc-go). + +Additionally, the [capability module](https://github.com/cosmos/ibc-go/tree/fdd664698d79864f1e00e147f9879e58497b5ef1/modules/capability) is from v0.50+ maintained by the IBC Go team in its [own repository](https://github.com/cosmos/ibc-go/tree/fdd664698d79864f1e00e147f9879e58497b5ef1/modules/capability). + +## CosmWasm + +The CosmWasm module enables smart contracts, learn more by going to their [documentation site](https://book.cosmwasm.com/), or visit [the repository](https://github.com/CosmWasm/cosmwasm). + +## EVM + +Read more about writing smart contracts with solidity at the official [`evm` documentation page](https://evm.cosmos.network/). diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/modules/_category_.json b/copy-of-sdk-versioned_docs/version-0.53/build/modules/_category_.json new file mode 100644 index 00000000..72d229c0 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/modules/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Modules", + "position": 2, + "link": null +} diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/modules/auth/1-vesting.md b/copy-of-sdk-versioned_docs/version-0.53/build/modules/auth/1-vesting.md new file mode 100644 index 00000000..89201306 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/modules/auth/1-vesting.md @@ -0,0 +1,618 @@ +--- +sidebar_position: 1 +--- + +# `x/auth/vesting` + + +* [Intro and Requirements](#intro-and-requirements) +* [Note](#note) +* [Vesting Account Types](#vesting-account-types) + * [BaseVestingAccount](#basevestingaccount) + * [ContinuousVestingAccount](#continuousvestingaccount) + * [DelayedVestingAccount](#delayedvestingaccount) + * [Period](#period) + * [PeriodicVestingAccount](#periodicvestingaccount) + * [PermanentLockedAccount](#permanentlockedaccount) +* [Vesting Account Specification](#vesting-account-specification) + * [Determining Vesting & Vested Amounts](#determining-vesting--vested-amounts) + * [Periodic Vesting Accounts](#periodic-vesting-accounts) + * [Transferring/Sending](#transferringsending) + * [Delegating](#delegating) + * [Undelegating](#undelegating) +* [Keepers & Handlers](#keepers--handlers) +* [Genesis Initialization](#genesis-initialization) +* [Examples](#examples) + * [Simple](#simple) + * [Slashing](#slashing) + * [Periodic Vesting](#periodic-vesting) +* [Glossary](#glossary) + +## Intro and Requirements + +This specification defines the vesting account implementation that is used by the Cosmos Hub. The requirements for this vesting account is that it should be initialized during genesis with a starting balance `X` and a vesting end time `ET`. A vesting account may be initialized with a vesting start time `ST` and a number of vesting periods `P`. If a vesting start time is included, the vesting period does not begin until start time is reached. If vesting periods are included, the vesting occurs over the specified number of periods. + +For all vesting accounts, the owner of the vesting account is able to delegate and undelegate from validators, however they cannot transfer coins to another account until those coins are vested. This specification allows for four different kinds of vesting: + +* Delayed vesting, where all coins are vested once `ET` is reached. +* Continous vesting, where coins begin to vest at `ST` and vest linearly with respect to time until `ET` is reached +* Periodic vesting, where coins begin to vest at `ST` and vest periodically according to number of periods and the vesting amount per period. The number of periods, length per period, and amount per period are configurable. A periodic vesting account is distinguished from a continuous vesting account in that coins can be released in staggered tranches. For example, a periodic vesting account could be used for vesting arrangements where coins are relased quarterly, yearly, or over any other function of tokens over time. +* Permanent locked vesting, where coins are locked forever. Coins in this account can still be used for delegating and for governance votes even while locked. + +## Note + +Vesting accounts can be initialized with some vesting and non-vesting coins. The non-vesting coins would be immediately transferable. DelayedVesting ContinuousVesting, PeriodicVesting and PermenantVesting accounts can be created with normal messages after genesis. Other types of vesting accounts must be created at genesis, or as part of a manual network upgrade. The current specification only allows for _unconditional_ vesting (ie. there is no possibility of reaching `ET` and +having coins fail to vest). + +## Vesting Account Types + +```go +// VestingAccount defines an interface that any vesting account type must +// implement. +type VestingAccount interface { + Account + + GetVestedCoins(Time) Coins + GetVestingCoins(Time) Coins + + // TrackDelegation performs internal vesting accounting necessary when + // delegating from a vesting account. It accepts the current block time, the + // delegation amount and balance of all coins whose denomination exists in + // the account's original vesting balance. + TrackDelegation(Time, Coins, Coins) + + // TrackUndelegation performs internal vesting accounting necessary when a + // vesting account performs an undelegation. + TrackUndelegation(Coins) + + GetStartTime() int64 + GetEndTime() int64 +} +``` + +### BaseVestingAccount + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/vesting/v1beta1/vesting.proto#L11-L35 +``` + +### ContinuousVestingAccount + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/vesting/v1beta1/vesting.proto#L37-L46 +``` + +### DelayedVestingAccount + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/vesting/v1beta1/vesting.proto#L48-L57 +``` + +### Period + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/vesting/v1beta1/vesting.proto#L59-L69 +``` + +```go +// Stores all vesting periods passed as part of a PeriodicVestingAccount +type Periods []Period + +``` + +### PeriodicVestingAccount + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/vesting/v1beta1/vesting.proto#L71-L81 +``` + +In order to facilitate less ad-hoc type checking and assertions and to support flexibility in account balance usage, the existing `x/bank` `ViewKeeper` interface is updated to contain the following: + +```go +type ViewKeeper interface { + // ... + + // Calculates the total locked account balance. + LockedCoins(ctx sdk.Context, addr sdk.AccAddress) sdk.Coins + + // Calculates the total spendable balance that can be sent to other accounts. + SpendableCoins(ctx sdk.Context, addr sdk.AccAddress) sdk.Coins +} +``` + +### PermanentLockedAccount + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/vesting/v1beta1/vesting.proto#L83-L94 +``` + +## Vesting Account Specification + +Given a vesting account, we define the following in the proceeding operations: + +* `OV`: The original vesting coin amount. It is a constant value. +* `V`: The number of `OV` coins that are still _vesting_. It is derived by +`OV`, `StartTime` and `EndTime`. This value is computed on demand and not on a per-block basis. +* `V'`: The number of `OV` coins that are _vested_ (unlocked). This value is computed on demand and not a per-block basis. +* `DV`: The number of delegated _vesting_ coins. It is a variable value. It is stored and modified directly in the vesting account. +* `DF`: The number of delegated _vested_ (unlocked) coins. It is a variable value. It is stored and modified directly in the vesting account. +* `BC`: The number of `OV` coins less any coins that are transferred +(which can be negative or delegated). It is considered to be balance of the embedded base account. It is stored and modified directly in the vesting account. + +### Determining Vesting & Vested Amounts + +It is important to note that these values are computed on demand and not on a mandatory per-block basis (e.g. `BeginBlocker` or `EndBlocker`). + +#### Continuously Vesting Accounts + +To determine the amount of coins that are vested for a given block time `T`, the +following is performed: + +1. Compute `X := T - StartTime` +2. Compute `Y := EndTime - StartTime` +3. Compute `V' := OV * (X / Y)` +4. Compute `V := OV - V'` + +Thus, the total amount of _vested_ coins is `V'` and the remaining amount, `V`, +is _vesting_. + +```go +func (cva ContinuousVestingAccount) GetVestedCoins(t Time) Coins { + if t <= cva.StartTime { + // We must handle the case where the start time for a vesting account has + // been set into the future or when the start of the chain is not exactly + // known. + return ZeroCoins + } else if t >= cva.EndTime { + return cva.OriginalVesting + } + + x := t - cva.StartTime + y := cva.EndTime - cva.StartTime + + return cva.OriginalVesting * (x / y) +} + +func (cva ContinuousVestingAccount) GetVestingCoins(t Time) Coins { + return cva.OriginalVesting - cva.GetVestedCoins(t) +} +``` + +### Periodic Vesting Accounts + +Periodic vesting accounts require calculating the coins released during each period for a given block time `T`. Note that multiple periods could have passed when calling `GetVestedCoins`, so we must iterate over each period until the end of that period is after `T`. + +1. Set `CT := StartTime` +2. Set `V' := 0` + +For each Period P: + + 1. Compute `X := T - CT` + 2. IF `X >= P.Length` + 1. Compute `V' += P.Amount` + 2. Compute `CT += P.Length` + 3. ELSE break + 3. Compute `V := OV - V'` + +```go +func (pva PeriodicVestingAccount) GetVestedCoins(t Time) Coins { + if t < pva.StartTime { + return ZeroCoins + } + ct := pva.StartTime // The start of the vesting schedule + vested := 0 + periods = pva.GetPeriods() + for _, period := range periods { + if t - ct < period.Length { + break + } + vested += period.Amount + ct += period.Length // increment ct to the start of the next vesting period + } + return vested +} + +func (pva PeriodicVestingAccount) GetVestingCoins(t Time) Coins { + return pva.OriginalVesting - cva.GetVestedCoins(t) +} +``` + +#### Delayed/Discrete Vesting Accounts + +Delayed vesting accounts are easier to reason about as they only have the full amount vesting up until a certain time, then all the coins become vested (unlocked). This does not include any unlocked coins the account may have initially. + +```go +func (dva DelayedVestingAccount) GetVestedCoins(t Time) Coins { + if t >= dva.EndTime { + return dva.OriginalVesting + } + + return ZeroCoins +} + +func (dva DelayedVestingAccount) GetVestingCoins(t Time) Coins { + return dva.OriginalVesting - dva.GetVestedCoins(t) +} +``` + +### Transferring/Sending + +At any given time, a vesting account may transfer: `min((BC + DV) - V, BC)`. + +In other words, a vesting account may transfer the minimum of the base account balance and the base account balance plus the number of currently delegated vesting coins less the number of coins vested so far. + +However, given that account balances are tracked via the `x/bank` module and that we want to avoid loading the entire account balance, we can instead determine the locked balance, which can be defined as `max(V - DV, 0)`, and infer the spendable balance from that. + +```go +func (va VestingAccount) LockedCoins(t Time) Coins { + return max(va.GetVestingCoins(t) - va.DelegatedVesting, 0) +} +``` + +The `x/bank` `ViewKeeper` can then provide APIs to determine locked and spendable coins for any account: + +```go +func (k Keeper) LockedCoins(ctx Context, addr AccAddress) Coins { + acc := k.GetAccount(ctx, addr) + if acc != nil { + if acc.IsVesting() { + return acc.LockedCoins(ctx.BlockTime()) + } + } + + // non-vesting accounts do not have any locked coins + return NewCoins() +} +``` + +#### Keepers/Handlers + +The corresponding `x/bank` keeper should appropriately handle sending coins based on if the account is a vesting account or not. + +```go +func (k Keeper) SendCoins(ctx Context, from Account, to Account, amount Coins) { + bc := k.GetBalances(ctx, from) + v := k.LockedCoins(ctx, from) + + spendable := bc - v + newCoins := spendable - amount + assert(newCoins >= 0) + + from.SetBalance(newCoins) + to.AddBalance(amount) + + // save balances... +} +``` + +### Delegating + +For a vesting account attempting to delegate `D` coins, the following is performed: + +1. Verify `BC >= D > 0` +2. Compute `X := min(max(V - DV, 0), D)` (portion of `D` that is vesting) +3. Compute `Y := D - X` (portion of `D` that is free) +4. Set `DV += X` +5. Set `DF += Y` + +```go +func (va VestingAccount) TrackDelegation(t Time, balance Coins, amount Coins) { + assert(balance <= amount) + x := min(max(va.GetVestingCoins(t) - va.DelegatedVesting, 0), amount) + y := amount - x + + va.DelegatedVesting += x + va.DelegatedFree += y +} +``` + +**Note** `TrackDelegation` only modifies the `DelegatedVesting` and `DelegatedFree` fields, so upstream callers MUST modify the `Coins` field by subtracting `amount`. + +#### Keepers/Handlers + +```go +func DelegateCoins(t Time, from Account, amount Coins) { + if isVesting(from) { + from.TrackDelegation(t, amount) + } else { + from.SetBalance(sc - amount) + } + + // save account... +} +``` + +### Undelegating + +For a vesting account attempting to undelegate `D` coins, the following is performed: + +> NOTE: `DV < D` and `(DV + DF) < D` may be possible due to quirks in the rounding of delegation/undelegation logic. + +1. Verify `D > 0` +2. Compute `X := min(DF, D)` (portion of `D` that should become free, prioritizing free coins) +3. Compute `Y := min(DV, D - X)` (portion of `D` that should remain vesting) +4. Set `DF -= X` +5. Set `DV -= Y` + +```go +func (cva ContinuousVestingAccount) TrackUndelegation(amount Coins) { + x := min(cva.DelegatedFree, amount) + y := amount - x + + cva.DelegatedFree -= x + cva.DelegatedVesting -= y +} +``` + +**Note** `TrackUnDelegation` only modifies the `DelegatedVesting` and `DelegatedFree` fields, so upstream callers MUST modify the `Coins` field by adding `amount`. + +**Note**: If a delegation is slashed, the continuous vesting account ends up with an excess `DV` amount, even after all its coins have vested. This is because undelegating free coins are prioritized. + +**Note**: The undelegation (bond refund) amount may exceed the delegated vesting (bond) amount due to the way undelegation truncates the bond refund, which can increase the validator's exchange rate (tokens/shares) slightly if the undelegated tokens are non-integral. + +#### Keepers/Handlers + +```go +func UndelegateCoins(to Account, amount Coins) { + if isVesting(to) { + if to.DelegatedFree + to.DelegatedVesting >= amount { + to.TrackUndelegation(amount) + // save account ... + } + } else { + AddBalance(to, amount) + // save account... + } +} +``` + +## Keepers & Handlers + +The `VestingAccount` implementations reside in `x/auth`. However, any keeper in a module (e.g. staking in `x/staking`) wishing to potentially utilize any vesting coins, must call explicit methods on the `x/bank` keeper (e.g. `DelegateCoins`) opposed to `SendCoins` and `SubtractCoins`. + +In addition, the vesting account should also be able to spend any coins it receives from other users. Thus, the bank module's `MsgSend` handler should error if a vesting account is trying to send an amount that exceeds their unlocked coin amount. + +See the above specification for full implementation details. + +## Genesis Initialization + +To initialize both vesting and non-vesting accounts, the `GenesisAccount` struct includes new fields: `Vesting`, `StartTime`, and `EndTime`. Accounts meant to be of type `BaseAccount` or any non-vesting type have `Vesting = false`. The genesis initialization logic (e.g. `initFromGenesisState`) must parse and return the correct accounts accordingly based off of these fields. + +```go +type GenesisAccount struct { + // ... + + // vesting account fields + OriginalVesting sdk.Coins `json:"original_vesting"` + DelegatedFree sdk.Coins `json:"delegated_free"` + DelegatedVesting sdk.Coins `json:"delegated_vesting"` + StartTime int64 `json:"start_time"` + EndTime int64 `json:"end_time"` +} + +func ToAccount(gacc GenesisAccount) Account { + bacc := NewBaseAccount(gacc) + + if gacc.OriginalVesting > 0 { + if ga.StartTime != 0 && ga.EndTime != 0 { + // return a continuous vesting account + } else if ga.EndTime != 0 { + // return a delayed vesting account + } else { + // invalid genesis vesting account provided + panic() + } + } + + return bacc +} +``` + +## Examples + +### Simple + +Given a continuous vesting account with 10 vesting coins. + +```text +OV = 10 +DF = 0 +DV = 0 +BC = 10 +V = 10 +V' = 0 +``` + +1. Immediately receives 1 coin + + ```text + BC = 11 + ``` + +2. Time passes, 2 coins vest + + ```text + V = 8 + V' = 2 + ``` + +3. Delegates 4 coins to validator A + + ```text + DV = 4 + BC = 7 + ``` + +4. Sends 3 coins + + ```text + BC = 4 + ``` + +5. More time passes, 2 more coins vest + + ```text + V = 6 + V' = 4 + ``` + +6. Sends 2 coins. At this point the account cannot send anymore until further +coins vest or it receives additional coins. It can still however, delegate. + + ```text + BC = 2 + ``` + +### Slashing + +Same initial starting conditions as the simple example. + +1. Time passes, 5 coins vest + + ```text + V = 5 + V' = 5 + ``` + +2. Delegate 5 coins to validator A + + ```text + DV = 5 + BC = 5 + ``` + +3. Delegate 5 coins to validator B + + ```text + DF = 5 + BC = 0 + ``` + +4. Validator A gets slashed by 50%, making the delegation to A now worth 2.5 coins +5. Undelegate from validator A (2.5 coins) + + ```text + DF = 5 - 2.5 = 2.5 + BC = 0 + 2.5 = 2.5 + ``` + +6. Undelegate from validator B (5 coins). The account at this point can only +send 2.5 coins unless it receives more coins or until more coins vest. +It can still however, delegate. + + ```text + DV = 5 - 2.5 = 2.5 + DF = 2.5 - 2.5 = 0 + BC = 2.5 + 5 = 7.5 + ``` + + Notice how we have an excess amount of `DV`. + +### Periodic Vesting + +A vesting account is created where 100 tokens will be released over 1 year, with +1/4 of tokens vesting each quarter. The vesting schedule would be as follows: + +```yaml +Periods: +- amount: 25stake, length: 7884000 +- amount: 25stake, length: 7884000 +- amount: 25stake, length: 7884000 +- amount: 25stake, length: 7884000 +``` + +```text +OV = 100 +DF = 0 +DV = 0 +BC = 100 +V = 100 +V' = 0 +``` + +1. Immediately receives 1 coin + + ```text + BC = 101 + ``` + +2. Vesting period 1 passes, 25 coins vest + + ```text + V = 75 + V' = 25 + ``` + +3. During vesting period 2, 5 coins are transfered and 5 coins are delegated + + ```text + DV = 5 + BC = 91 + ``` + +4. Vesting period 2 passes, 25 coins vest + + ```text + V = 50 + V' = 50 + ``` + +## Glossary + +* OriginalVesting: The amount of coins (per denomination) that are initially +part of a vesting account. These coins are set at genesis. +* StartTime: The BFT time at which a vesting account starts to vest. +* EndTime: The BFT time at which a vesting account is fully vested. +* DelegatedFree: The tracked amount of coins (per denomination) that are +delegated from a vesting account that have been fully vested at time of delegation. +* DelegatedVesting: The tracked amount of coins (per denomination) that are +delegated from a vesting account that were vesting at time of delegation. +* ContinuousVestingAccount: A vesting account implementation that vests coins +linearly over time. +* DelayedVestingAccount: A vesting account implementation that only fully vests +all coins at a given time. +* PeriodicVestingAccount: A vesting account implementation that vests coins +according to a custom vesting schedule. +* PermanentLockedAccount: It does not ever release coins, locking them indefinitely. +Coins in this account can still be used for delegating and for governance votes even while locked. + + +## CLI + +A user can query and interact with the `vesting` module using the CLI. + +### Transactions + +The `tx` commands allow users to interact with the `vesting` module. + +```bash +simd tx vesting --help +``` + +#### create-periodic-vesting-account + +The `create-periodic-vesting-account` command creates a new vesting account funded with an allocation of tokens, where a sequence of coins and period length in seconds. Periods are sequential, in that the duration of of a period only starts at the end of the previous period. The duration of the first period starts upon account creation. + +```bash +simd tx vesting create-periodic-vesting-account [to_address] [periods_json_file] [flags] +``` + +Example: + +```bash +simd tx vesting create-periodic-vesting-account cosmos1.. periods.json +``` + +#### create-vesting-account + +The `create-vesting-account` command creates a new vesting account funded with an allocation of tokens. The account can either be a delayed or continuous vesting account, which is determined by the '--delayed' flag. All vesting accouts created will have their start time set by the committed block's time. The end_time must be provided as a UNIX epoch timestamp. + +```bash +simd tx vesting create-vesting-account [to_address] [amount] [end_time] [flags] +``` + +Example: + +```bash +simd tx vesting create-vesting-account cosmos1.. 100stake 2592000 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/modules/auth/2-tx.md b/copy-of-sdk-versioned_docs/version-0.53/build/modules/auth/2-tx.md new file mode 100644 index 00000000..378b60e5 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/modules/auth/2-tx.md @@ -0,0 +1,264 @@ +--- +sidebar_position: 1 +--- + +# `x/auth/tx` + +:::note Pre-requisite Readings + +* [Transactions](https://docs.cosmos.network/main/core/transactions#transaction-generation) +* [Encoding](https://docs.cosmos.network/main/core/encoding#transaction-encoding) + +::: + +## Abstract + +This document specifies the `x/auth/tx` package of the Cosmos SDK. + +This package represents the Cosmos SDK implementation of the `client.TxConfig`, `client.TxBuilder`, `client.TxEncoder` and `client.TxDecoder` interfaces. + +## Contents + +* [Transactions](#transactions) + * [`TxConfig`](#txconfig) + * [`TxBuilder`](#txbuilder) + * [`TxEncoder`/ `TxDecoder`](#txencoder-txdecoder) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + +## Transactions + +### `TxConfig` + +`client.TxConfig` defines an interface a client can utilize to generate an application-defined concrete transaction type. +The interface defines a set of methods for creating a `client.TxBuilder`. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/client/tx_config.go#L25-L31 +``` + +The default implementation of `client.TxConfig` is instantiated by `NewTxConfig` in `x/auth/tx` module. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/x/auth/tx/config.go#L22-L28 +``` + +### `TxBuilder` + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/client/tx_config.go#L33-L50 +``` + +The [`client.TxBuilder`](https://docs.cosmos.network/main/core/transactions#transaction-generation) interface is as well implemented by `x/auth/tx`. +A `client.TxBuilder` can be accessed with `TxConfig.NewTxBuilder()`. + +### `TxEncoder`/ `TxDecoder` + +More information about `TxEncoder` and `TxDecoder` can be found [here](https://docs.cosmos.network/main/core/encoding#transaction-encoding). + +## Client + +### CLI + +#### Query + +The `x/auth/tx` module provides a CLI command to query any transaction, given its hash, transaction sequence or signature. + +Without any argument, the command will query the transaction using the transaction hash. + +```shell +simd query tx DFE87B78A630C0EFDF76C80CD24C997E252792E0317502AE1A02B9809F0D8685 +``` + +When querying a transaction from an account given its sequence, use the `--type=acc_seq` flag: + +```shell +simd query tx --type=acc_seq cosmos1u69uyr6v9qwe6zaaeaqly2h6wnedac0xpxq325/1 +``` + +When querying a transaction given its signature, use the `--type=signature` flag: + +```shell +simd query tx --type=signature Ofjvgrqi8twZfqVDmYIhqwRLQjZZ40XbxEamk/veH3gQpRF0hL2PH4ejRaDzAX+2WChnaWNQJQ41ekToIi5Wqw== +``` + +When querying a transaction given its events, use the `--type=events` flag: + +```shell +simd query txs --events 'message.sender=cosmos...' --page 1 --limit 30 +``` + +The `x/auth/block` module provides a CLI command to query any block, given its hash, height, or events. + +When querying a block by its hash, use the `--type=hash` flag: + +```shell +simd query block --type=hash DFE87B78A630C0EFDF76C80CD24C997E252792E0317502AE1A02B9809F0D8685 +``` + +When querying a block by its height, use the `--type=height` flag: + +```shell +simd query block --type=height 1357 +``` + +When querying a block by its events, use the `--query` flag: + +```shell +simd query blocks --query 'message.sender=cosmos...' --page 1 --limit 30 +``` + +#### Transactions + +The `x/auth/tx` module provides a convinient CLI command for decoding and encoding transactions. + +#### `encode` + +The `encode` command encodes a transaction created with the `--generate-only` flag or signed with the sign command. +The transaction is seralized it to Protobuf and returned as base64. + +```bash +$ simd tx encode tx.json +Co8BCowBChwvY29zbW9zLmJhbmsudjFiZXRhMS5Nc2dTZW5kEmwKLWNvc21vczFsNnZzcWhoN3Jud3N5cjJreXozampnM3FkdWF6OGd3Z3lsODI3NRItY29zbW9zMTU4c2FsZHlnOHBteHU3Znd2dDBkNng3amVzd3A0Z3d5a2xrNnkzGgwKBXN0YWtlEgMxMDASBhIEEMCaDA== +$ simd tx encode tx.signed.json +``` + +More information about the `encode` command can be found running `simd tx encode --help`. + +#### `decode` + +The `decode` commands decodes a transaction encoded with the `encode` command. + + +```bash +simd tx decode Co8BCowBChwvY29zbW9zLmJhbmsudjFiZXRhMS5Nc2dTZW5kEmwKLWNvc21vczFsNnZzcWhoN3Jud3N5cjJreXozampnM3FkdWF6OGd3Z3lsODI3NRItY29zbW9zMTU4c2FsZHlnOHBteHU3Znd2dDBkNng3amVzd3A0Z3d5a2xrNnkzGgwKBXN0YWtlEgMxMDASBhIEEMCaDA== +``` + +More information about the `decode` command can be found running `simd tx decode --help`. + +### gRPC + +A user can query the `x/auth/tx` module using gRPC endpoints. + +#### `TxDecode` + +The `TxDecode` endpoint allows to decode a transaction. + +```shell +cosmos.tx.v1beta1.Service/TxDecode +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"tx_bytes":"Co8BCowBChwvY29zbW9zLmJhbmsudjFiZXRhMS5Nc2dTZW5kEmwKLWNvc21vczFsNnZzcWhoN3Jud3N5cjJreXozampnM3FkdWF6OGd3Z3lsODI3NRItY29zbW9zMTU4c2FsZHlnOHBteHU3Znd2dDBkNng3amVzd3A0Z3d5a2xrNnkzGgwKBXN0YWtlEgMxMDASBhIEEMCaDA=="}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/TxDecode +``` + +Example Output: + +```json +{ + "tx": { + "body": { + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"100"}],"fromAddress":"cosmos1l6vsqhh7rnwsyr2kyz3jjg3qduaz8gwgyl8275","toAddress":"cosmos158saldyg8pmxu7fwvt0d6x7jeswp4gwyklk6y3"} + ] + }, + "authInfo": { + "fee": { + "gasLimit": "200000" + } + } + } +} +``` + +#### `TxEncode` + +The `TxEncode` endpoint allows to encode a transaction. + +```shell +cosmos.tx.v1beta1.Service/TxEncode +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"tx": { + "body": { + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"100"}],"fromAddress":"cosmos1l6vsqhh7rnwsyr2kyz3jjg3qduaz8gwgyl8275","toAddress":"cosmos158saldyg8pmxu7fwvt0d6x7jeswp4gwyklk6y3"} + ] + }, + "authInfo": { + "fee": { + "gasLimit": "200000" + } + } + }}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/TxEncode +``` + +Example Output: + +```json +{ + "txBytes": "Co8BCowBChwvY29zbW9zLmJhbmsudjFiZXRhMS5Nc2dTZW5kEmwKLWNvc21vczFsNnZzcWhoN3Jud3N5cjJreXozampnM3FkdWF6OGd3Z3lsODI3NRItY29zbW9zMTU4c2FsZHlnOHBteHU3Znd2dDBkNng3amVzd3A0Z3d5a2xrNnkzGgwKBXN0YWtlEgMxMDASBhIEEMCaDA==" +} +``` + +#### `TxDecodeAmino` + +The `TxDecode` endpoint allows to decode an amino transaction. + +```shell +cosmos.tx.v1beta1.Service/TxDecodeAmino +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"amino_binary": "KCgWqQpvqKNhmgotY29zbW9zMXRzeno3cDJ6Z2Q3dnZrYWh5ZnJlNHduNXh5dTgwcnB0ZzZ2OWg1Ei1jb3Ntb3MxdHN6ejdwMnpnZDd2dmthaHlmcmU0d241eHl1ODBycHRnNnY5aDUaCwoFc3Rha2USAjEwEhEKCwoFc3Rha2USAjEwEMCaDCIGZm9vYmFy"}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/TxDecodeAmino +``` + +Example Output: + +```json +{ + "aminoJson": "{\"type\":\"cosmos-sdk/StdTx\",\"value\":{\"msg\":[{\"type\":\"cosmos-sdk/MsgSend\",\"value\":{\"from_address\":\"cosmos1tszz7p2zgd7vvkahyfre4wn5xyu80rptg6v9h5\",\"to_address\":\"cosmos1tszz7p2zgd7vvkahyfre4wn5xyu80rptg6v9h5\",\"amount\":[{\"denom\":\"stake\",\"amount\":\"10\"}]}}],\"fee\":{\"amount\":[{\"denom\":\"stake\",\"amount\":\"10\"}],\"gas\":\"200000\"},\"signatures\":null,\"memo\":\"foobar\",\"timeout_height\":\"0\"}}" +} +``` + +#### `TxEncodeAmino` + +The `TxEncodeAmino` endpoint allows to encode an amino transaction. + +```shell +cosmos.tx.v1beta1.Service/TxEncodeAmino +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"amino_json":"{\"type\":\"cosmos-sdk/StdTx\",\"value\":{\"msg\":[{\"type\":\"cosmos-sdk/MsgSend\",\"value\":{\"from_address\":\"cosmos1tszz7p2zgd7vvkahyfre4wn5xyu80rptg6v9h5\",\"to_address\":\"cosmos1tszz7p2zgd7vvkahyfre4wn5xyu80rptg6v9h5\",\"amount\":[{\"denom\":\"stake\",\"amount\":\"10\"}]}}],\"fee\":{\"amount\":[{\"denom\":\"stake\",\"amount\":\"10\"}],\"gas\":\"200000\"},\"signatures\":null,\"memo\":\"foobar\",\"timeout_height\":\"0\"}}"}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/TxEncodeAmino +``` + +Example Output: + +```json +{ + "amino_binary": "KCgWqQpvqKNhmgotY29zbW9zMXRzeno3cDJ6Z2Q3dnZrYWh5ZnJlNHduNXh5dTgwcnB0ZzZ2OWg1Ei1jb3Ntb3MxdHN6ejdwMnpnZDd2dmthaHlmcmU0d241eHl1ODBycHRnNnY5aDUaCwoFc3Rha2USAjEwEhEKCwoFc3Rha2USAjEwEMCaDCIGZm9vYmFy" +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/modules/auth/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/modules/auth/README.md new file mode 100644 index 00000000..c51d1063 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/modules/auth/README.md @@ -0,0 +1,710 @@ +--- +sidebar_position: 1 +--- + +# `x/auth` + +## Abstract + +This document specifies the auth module of the Cosmos SDK. + +The auth module is responsible for specifying the base transaction and account types +for an application, since the SDK itself is agnostic to these particulars. It contains +the middlewares, where all basic transaction validity checks (signatures, nonces, auxiliary fields) +are performed, and exposes the account keeper, which allows other modules to read, write, and modify accounts. + +This module is used in the Cosmos Hub. + +## Contents + +* [Concepts](#concepts) + * [Gas & Fees](#gas--fees) +* [State](#state) + * [Accounts](#accounts) +* [AnteHandlers](#antehandlers) +* [Keepers](#keepers) + * [Account Keeper](#account-keeper) +* [Parameters](#parameters) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) + +## Concepts + +**Note:** The auth module is different from the [authz module](../modules/authz/). + +The differences are: + +* `auth` - authentication of accounts and transactions for Cosmos SDK applications and is responsible for specifying the base transaction and account types. +* `authz` - authorization for accounts to perform actions on behalf of other accounts and enables a granter to grant authorizations to a grantee that allows the grantee to execute messages on behalf of the granter. + +### Gas & Fees + +Fees serve two purposes for an operator of the network. + +Fees limit the growth of the state stored by every full node and allow for +general purpose censorship of transactions of little economic value. Fees +are best suited as an anti-spam mechanism where validators are disinterested in +the use of the network and identities of users. + +Fees are determined by the gas limits and gas prices transactions provide, where +`fees = ceil(gasLimit * gasPrices)`. Txs incur gas costs for all state reads/writes, +signature verification, as well as costs proportional to the tx size. Operators +should set minimum gas prices when starting their nodes. They must set the unit +costs of gas in each token denomination they wish to support: + +`simd start ... --minimum-gas-prices=0.00001stake;0.05photinos` + +When adding transactions to mempool or gossipping transactions, validators check +if the transaction's gas prices, which are determined by the provided fees, meet +any of the validator's minimum gas prices. In other words, a transaction must +provide a fee of at least one denomination that matches a validator's minimum +gas price. + +CometBFT does not currently provide fee based mempool prioritization, and fee +based mempool filtering is local to node and not part of consensus. But with +minimum gas prices set, such a mechanism could be implemented by node operators. + +Because the market value for tokens will fluctuate, validators are expected to +dynamically adjust their minimum gas prices to a level that would encourage the +use of the network. + +## State + +### Accounts + +Accounts contain authentication information for a uniquely identified external user of an SDK blockchain, +including public key, address, and account number / sequence number for replay protection. For efficiency, +since account balances must also be fetched to pay fees, account structs also store the balance of a user +as `sdk.Coins`. + +Accounts are exposed externally as an interface, and stored internally as +either a base account or vesting account. Module clients wishing to add more +account types may do so. + +* `0x01 | Address -> ProtocolBuffer(account)` + +#### Account Interface + +The account interface exposes methods to read and write standard account information. +Note that all of these methods operate on an account struct conforming to the +interface - in order to write the account to the store, the account keeper will +need to be used. + +```go +// AccountI is an interface used to store coins at a given address within state. +// It presumes a notion of sequence numbers for replay protection, +// a notion of account numbers for replay protection for previously pruned accounts, +// and a pubkey for authentication purposes. +// +// Many complex conditions can be used in the concrete struct which implements AccountI. +type AccountI interface { + proto.Message + + GetAddress() sdk.AccAddress + SetAddress(sdk.AccAddress) error // errors if already set. + + GetPubKey() crypto.PubKey // can return nil. + SetPubKey(crypto.PubKey) error + + GetAccountNumber() uint64 + SetAccountNumber(uint64) error + + GetSequence() uint64 + SetSequence(uint64) error + + // Ensure that account implements stringer + String() string +} +``` + +##### Base Account + +A base account is the simplest and most common account type, which just stores all requisite +fields directly in a struct. + +```protobuf +// BaseAccount defines a base account type. It contains all the necessary fields +// for basic account functionality. Any custom account type should extend this +// type for additional functionality (e.g. vesting). +message BaseAccount { + string address = 1; + google.protobuf.Any pub_key = 2; + uint64 account_number = 3; + uint64 sequence = 4; +} +``` + +### Vesting Account + +See [Vesting](https://docs.cosmos.network/main/modules/auth/vesting/). + +## AnteHandlers + +The `x/auth` module presently has no transaction handlers of its own, but does expose the special `AnteHandler`, used for performing basic validity checks on a transaction, such that it could be thrown out of the mempool. +The `AnteHandler` can be seen as a set of decorators that check transactions within the current context, per [ADR 010](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-010-modular-antehandler.md). + +Note that the `AnteHandler` is called on both `CheckTx` and `DeliverTx`, as CometBFT proposers presently have the ability to include in their proposed block transactions which fail `CheckTx`. + +### Decorators + +The auth module provides `AnteDecorator`s that are recursively chained together into a single `AnteHandler` in the following order: + +* `SetUpContextDecorator`: Sets the `GasMeter` in the `Context` and wraps the next `AnteHandler` with a defer clause to recover from any downstream `OutOfGas` panics in the `AnteHandler` chain to return an error with information on gas provided and gas used. + +* `RejectExtensionOptionsDecorator`: Rejects all extension options which can optionally be included in protobuf transactions. + +* `MempoolFeeDecorator`: Checks if the `tx` fee is above local mempool `minFee` parameter during `CheckTx`. + +* `ValidateBasicDecorator`: Calls `tx.ValidateBasic` and returns any non-nil error. + +* `TxTimeoutHeightDecorator`: Check for a `tx` height timeout. + +* `ValidateMemoDecorator`: Validates `tx` memo with application parameters and returns any non-nil error. + +* `ConsumeGasTxSizeDecorator`: Consumes gas proportional to the `tx` size based on application parameters. + +* `DeductFeeDecorator`: Deducts the `FeeAmount` from first signer of the `tx`. If the `x/feegrant` module is enabled and a fee granter is set, it deducts fees from the fee granter account. + +* `SetPubKeyDecorator`: Sets the pubkey from a `tx`'s signers that does not already have its corresponding pubkey saved in the state machine and in the current context. + +* `ValidateSigCountDecorator`: Validates the number of signatures in `tx` based on app-parameters. + +* `SigGasConsumeDecorator`: Consumes parameter-defined amount of gas for each signature. This requires pubkeys to be set in context for all signers as part of `SetPubKeyDecorator`. + +* `SigVerificationDecorator`: Verifies all signatures are valid. This requires pubkeys to be set in context for all signers as part of `SetPubKeyDecorator`. + +* `IncrementSequenceDecorator`: Increments the account sequence for each signer to prevent replay attacks. + +## Keepers + +The auth module only exposes one keeper, the account keeper, which can be used to read and write accounts. + +### Account Keeper + +Presently only one fully-permissioned account keeper is exposed, which has the ability to both read and write +all fields of all accounts, and to iterate over all stored accounts. + +```go +// AccountKeeperI is the interface contract that x/auth's keeper implements. +type AccountKeeperI interface { + // Return a new account with the next account number and the specified address. Does not save the new account to the store. + NewAccountWithAddress(sdk.Context, sdk.AccAddress) types.AccountI + + // Return a new account with the next account number. Does not save the new account to the store. + NewAccount(sdk.Context, types.AccountI) types.AccountI + + // Check if an account exists in the store. + HasAccount(sdk.Context, sdk.AccAddress) bool + + // Retrieve an account from the store. + GetAccount(sdk.Context, sdk.AccAddress) types.AccountI + + // Set an account in the store. + SetAccount(sdk.Context, types.AccountI) + + // Remove an account from the store. + RemoveAccount(sdk.Context, types.AccountI) + + // Iterate over all accounts, calling the provided function. Stop iteration when it returns true. + IterateAccounts(sdk.Context, func(types.AccountI) bool) + + // Fetch the public key of an account at a specified address + GetPubKey(sdk.Context, sdk.AccAddress) (crypto.PubKey, error) + + // Fetch the sequence of an account at a specified address. + GetSequence(sdk.Context, sdk.AccAddress) (uint64, error) + + // Fetch the next account number, and increment the internal counter. + NextAccountNumber(sdk.Context) uint64 +} +``` + +## Parameters + +The auth module contains the following parameters: + +| Key | Type | Example | +| ---------------------- | --------------- | ------- | +| MaxMemoCharacters | uint64 | 256 | +| TxSigLimit | uint64 | 7 | +| TxSizeCostPerByte | uint64 | 10 | +| SigVerifyCostED25519 | uint64 | 590 | +| SigVerifyCostSecp256k1 | uint64 | 1000 | + +## Client + +### CLI + +A user can query and interact with the `auth` module using the CLI. + +### Query + +The `query` commands allow users to query `auth` state. + +```bash +simd query auth --help +``` + +#### account + +The `account` command allow users to query for an account by it's address. + +```bash +simd query auth account [address] [flags] +``` + +Example: + +```bash +simd query auth account cosmos1... +``` + +Example Output: + +```bash +'@type': /cosmos.auth.v1beta1.BaseAccount +account_number: "0" +address: cosmos1zwg6tpl8aw4rawv8sgag9086lpw5hv33u5ctr2 +pub_key: + '@type': /cosmos.crypto.secp256k1.PubKey + key: ApDrE38zZdd7wLmFS9YmqO684y5DG6fjZ4rVeihF/AQD +sequence: "1" +``` + +#### accounts + +The `accounts` command allow users to query all the available accounts. + +```bash +simd query auth accounts [flags] +``` + +Example: + +```bash +simd query auth accounts +``` + +Example Output: + +```bash +accounts: +- '@type': /cosmos.auth.v1beta1.BaseAccount + account_number: "0" + address: cosmos1zwg6tpl8aw4rawv8sgag9086lpw5hv33u5ctr2 + pub_key: + '@type': /cosmos.crypto.secp256k1.PubKey + key: ApDrE38zZdd7wLmFS9YmqO684y5DG6fjZ4rVeihF/AQD + sequence: "1" +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "8" + address: cosmos1yl6hdjhmkf37639730gffanpzndzdpmhwlkfhr + pub_key: null + sequence: "0" + name: transfer + permissions: + - minter + - burner +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "4" + address: cosmos1fl48vsnmsdzcv85q5d2q4z5ajdha8yu34mf0eh + pub_key: null + sequence: "0" + name: bonded_tokens_pool + permissions: + - burner + - staking +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "5" + address: cosmos1tygms3xhhs3yv487phx3dw4a95jn7t7lpm470r + pub_key: null + sequence: "0" + name: not_bonded_tokens_pool + permissions: + - burner + - staking +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "6" + address: cosmos10d07y265gmmuvt4z0w9aw880jnsr700j6zn9kn + pub_key: null + sequence: "0" + name: gov + permissions: + - burner +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "3" + address: cosmos1jv65s3grqf6v6jl3dp4t6c9t9rk99cd88lyufl + pub_key: null + sequence: "0" + name: distribution + permissions: [] +- '@type': /cosmos.auth.v1beta1.BaseAccount + account_number: "1" + address: cosmos147k3r7v2tvwqhcmaxcfql7j8rmkrlsemxshd3j + pub_key: null + sequence: "0" +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "7" + address: cosmos1m3h30wlvsf8llruxtpukdvsy0km2kum8g38c8q + pub_key: null + sequence: "0" + name: mint + permissions: + - minter +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "2" + address: cosmos17xpfvakm2amg962yls6f84z3kell8c5lserqta + pub_key: null + sequence: "0" + name: fee_collector + permissions: [] +pagination: + next_key: null + total: "0" +``` + +#### params + +The `params` command allow users to query the current auth parameters. + +```bash +simd query auth params [flags] +``` + +Example: + +```bash +simd query auth params +``` + +Example Output: + +```bash +max_memo_characters: "256" +sig_verify_cost_ed25519: "590" +sig_verify_cost_secp256k1: "1000" +tx_sig_limit: "7" +tx_size_cost_per_byte: "10" +``` + +### Transactions + +The `auth` module supports transactions commands to help you with signing and more. Compared to other modules you can access directly the `auth` module transactions commands using the only `tx` command. + +Use directly the `--help` flag to get more information about the `tx` command. + +```bash +simd tx --help +``` + +#### `sign` + +The `sign` command allows users to sign transactions that was generated offline. + +```bash +simd tx sign tx.json --from $ALICE > tx.signed.json +``` + +The result is a signed transaction that can be broadcasted to the network thanks to the broadcast command. + +More information about the `sign` command can be found running `simd tx sign --help`. + +#### `sign-batch` + +The `sign-batch` command allows users to sign multiples offline generated transactions. +The transactions can be in one file, with one tx per line, or in multiple files. + +```bash +simd tx sign txs.json --from $ALICE > tx.signed.json +``` + +or + +```bash +simd tx sign tx1.json tx2.json tx3.json --from $ALICE > tx.signed.json +``` + +The result is multiples signed transactions. For combining the signed transactions into one transactions, use the `--append` flag. + +More information about the `sign-batch` command can be found running `simd tx sign-batch --help`. + +#### `multi-sign` + +The `multi-sign` command allows users to sign transactions that was generated offline by a multisig account. + +```bash +simd tx multisign transaction.json k1k2k3 k1sig.json k2sig.json k3sig.json +``` + +Where `k1k2k3` is the multisig account address, `k1sig.json` is the signature of the first signer, `k2sig.json` is the signature of the second signer, and `k3sig.json` is the signature of the third signer. + +##### Nested multisig transactions + +To allow transactions to be signed by nested multisigs, meaning that a participant of a multisig account can be another multisig account, the `--skip-signature-verification` flag must be used. + +```bash +# First aggregate signatures of the multisig participant +simd tx multi-sign transaction.json ms1 ms1p1sig.json ms1p2sig.json --signature-only --skip-signature-verification > ms1sig.json + +# Then use the aggregated signatures and the other signatures to sign the final transaction +simd tx multi-sign transaction.json k1ms1 k1sig.json ms1sig.json --skip-signature-verification +``` + +Where `ms1` is the nested multisig account address, `ms1p1sig.json` is the signature of the first participant of the nested multisig account, `ms1p2sig.json` is the signature of the second participant of the nested multisig account, and `ms1sig.json` is the aggregated signature of the nested multisig account. + +`k1ms1` is a multisig account comprised of an individual signer and another nested multisig account (`ms1`). `k1sig.json` is the signature of the first signer of the individual member. + +More information about the `multi-sign` command can be found running `simd tx multi-sign --help`. + +#### `multisign-batch` + +The `multisign-batch` works the same way as `sign-batch`, but for multisig accounts. +With the difference that the `multisign-batch` command requires all transactions to be in one file, and the `--append` flag does not exist. + +More information about the `multisign-batch` command can be found running `simd tx multisign-batch --help`. + +#### `validate-signatures` + +The `validate-signatures` command allows users to validate the signatures of a signed transaction. + +```bash +$ simd tx validate-signatures tx.signed.json +Signers: + 0: cosmos1l6vsqhh7rnwsyr2kyz3jjg3qduaz8gwgyl8275 + +Signatures: + 0: cosmos1l6vsqhh7rnwsyr2kyz3jjg3qduaz8gwgyl8275 [OK] +``` + +More information about the `validate-signatures` command can be found running `simd tx validate-signatures --help`. + +#### `broadcast` + +The `broadcast` command allows users to broadcast a signed transaction to the network. + +```bash +simd tx broadcast tx.signed.json +``` + +More information about the `broadcast` command can be found running `simd tx broadcast --help`. + + +### gRPC + +A user can query the `auth` module using gRPC endpoints. + +#### Account + +The `account` endpoint allow users to query for an account by it's address. + +```bash +cosmos.auth.v1beta1.Query/Account +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"address":"cosmos1.."}' \ + localhost:9090 \ + cosmos.auth.v1beta1.Query/Account +``` + +Example Output: + +```bash +{ + "account":{ + "@type":"/cosmos.auth.v1beta1.BaseAccount", + "address":"cosmos1zwg6tpl8aw4rawv8sgag9086lpw5hv33u5ctr2", + "pubKey":{ + "@type":"/cosmos.crypto.secp256k1.PubKey", + "key":"ApDrE38zZdd7wLmFS9YmqO684y5DG6fjZ4rVeihF/AQD" + }, + "sequence":"1" + } +} +``` + +#### Accounts + +The `accounts` endpoint allow users to query all the available accounts. + +```bash +cosmos.auth.v1beta1.Query/Accounts +``` + +Example: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + cosmos.auth.v1beta1.Query/Accounts +``` + +Example Output: + +```bash +{ + "accounts":[ + { + "@type":"/cosmos.auth.v1beta1.BaseAccount", + "address":"cosmos1zwg6tpl8aw4rawv8sgag9086lpw5hv33u5ctr2", + "pubKey":{ + "@type":"/cosmos.crypto.secp256k1.PubKey", + "key":"ApDrE38zZdd7wLmFS9YmqO684y5DG6fjZ4rVeihF/AQD" + }, + "sequence":"1" + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos1yl6hdjhmkf37639730gffanpzndzdpmhwlkfhr", + "accountNumber":"8" + }, + "name":"transfer", + "permissions":[ + "minter", + "burner" + ] + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos1fl48vsnmsdzcv85q5d2q4z5ajdha8yu34mf0eh", + "accountNumber":"4" + }, + "name":"bonded_tokens_pool", + "permissions":[ + "burner", + "staking" + ] + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos1tygms3xhhs3yv487phx3dw4a95jn7t7lpm470r", + "accountNumber":"5" + }, + "name":"not_bonded_tokens_pool", + "permissions":[ + "burner", + "staking" + ] + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos10d07y265gmmuvt4z0w9aw880jnsr700j6zn9kn", + "accountNumber":"6" + }, + "name":"gov", + "permissions":[ + "burner" + ] + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos1jv65s3grqf6v6jl3dp4t6c9t9rk99cd88lyufl", + "accountNumber":"3" + }, + "name":"distribution" + }, + { + "@type":"/cosmos.auth.v1beta1.BaseAccount", + "accountNumber":"1", + "address":"cosmos147k3r7v2tvwqhcmaxcfql7j8rmkrlsemxshd3j" + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos1m3h30wlvsf8llruxtpukdvsy0km2kum8g38c8q", + "accountNumber":"7" + }, + "name":"mint", + "permissions":[ + "minter" + ] + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos17xpfvakm2amg962yls6f84z3kell8c5lserqta", + "accountNumber":"2" + }, + "name":"fee_collector" + } + ], + "pagination":{ + "total":"9" + } +} +``` + +#### Params + +The `params` endpoint allow users to query the current auth parameters. + +```bash +cosmos.auth.v1beta1.Query/Params +``` + +Example: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + cosmos.auth.v1beta1.Query/Params +``` + +Example Output: + +```bash +{ + "params": { + "maxMemoCharacters": "256", + "txSigLimit": "7", + "txSizeCostPerByte": "10", + "sigVerifyCostEd25519": "590", + "sigVerifyCostSecp256k1": "1000" + } +} +``` + +### REST + +A user can query the `auth` module using REST endpoints. + +#### Account + +The `account` endpoint allow users to query for an account by it's address. + +```bash +/cosmos/auth/v1beta1/account?address={address} +``` + +#### Accounts + +The `accounts` endpoint allow users to query all the available accounts. + +```bash +/cosmos/auth/v1beta1/accounts +``` + +#### Params + +The `params` endpoint allow users to query the current auth parameters. + +```bash +/cosmos/auth/v1beta1/params +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/modules/authz/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/modules/authz/README.md new file mode 100644 index 00000000..a863472a --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/modules/authz/README.md @@ -0,0 +1,372 @@ +--- +sidebar_position: 1 +--- + +# `x/authz` + +## Abstract + +`x/authz` is an implementation of a Cosmos SDK module, per [ADR 30](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-030-authz-module.md), that allows +granting arbitrary privileges from one account (the granter) to another account (the grantee). Authorizations must be granted for a particular Msg service method one by one using an implementation of the `Authorization` interface. + +## Contents + +* [Concepts](#concepts) + * [Authorization and Grant](#authorization-and-grant) + * [Built-in Authorizations](#built-in-authorizations) + * [Gas](#gas) +* [State](#state) + * [Grant](#grant) + * [GrantQueue](#grantqueue) +* [Messages](#messages) + * [MsgGrant](#msggrant) + * [MsgRevoke](#msgrevoke) + * [MsgExec](#msgexec) +* [Events](#events) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) + +## Concepts + +### Authorization and Grant + +The `x/authz` module defines interfaces and messages grant authorizations to perform actions +on behalf of one account to other accounts. The design is defined in the [ADR 030](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-030-authz-module.md). + +A *grant* is an allowance to execute a Msg by the grantee on behalf of the granter. +Authorization is an interface that must be implemented by a concrete authorization logic to validate and execute grants. Authorizations are extensible and can be defined for any Msg service method even outside of the module where the Msg method is defined. See the `SendAuthorization` example in the next section for more details. + +**Note:** The authz module is different from the [auth (authentication)](../modules/auth/) module that is responsible for specifying the base transaction and account types. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/authz/authorizations.go#L11-L25 +``` + +### Built-in Authorizations + +The Cosmos SDK `x/authz` module comes with following authorization types: + +#### GenericAuthorization + +`GenericAuthorization` implements the `Authorization` interface that gives unrestricted permission to execute the provided Msg on behalf of granter's account. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/authz.proto#L14-L22 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/authz/generic_authorization.go#L16-L29 +``` + +* `msg` stores Msg type URL. + +#### SendAuthorization + +`SendAuthorization` implements the `Authorization` interface for the `cosmos.bank.v1beta1.MsgSend` Msg. + +* It takes a (positive) `SpendLimit` that specifies the maximum amount of tokens the grantee can spend. The `SpendLimit` is updated as the tokens are spent. +* It takes an (optional) `AllowList` that specifies to which addresses a grantee can send token. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/authz.proto#L11-L30 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/bank/types/send_authorization.go#L29-L62 +``` + +* `spend_limit` keeps track of how many coins are left in the authorization. +* `allow_list` specifies an optional list of addresses to whom the grantee can send tokens on behalf of the granter. + +#### StakeAuthorization + +`StakeAuthorization` implements the `Authorization` interface for messages in the [staking module](https://docs.cosmos.network/v0.53/build/modules/staking). It takes an `AuthorizationType` to specify whether you want to authorise delegating, undelegating or redelegating (i.e. these have to be authorised separately). It also takes an optional `MaxTokens` that keeps track of a limit to the amount of tokens that can be delegated/undelegated/redelegated. If left empty, the amount is unlimited. Additionally, this Msg takes an `AllowList` or a `DenyList`, which allows you to select which validators you allow or deny grantees to stake with. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/authz.proto#L11-L35 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/staking/types/authz.go#L15-L35 +``` + +### Gas + +In order to prevent DoS attacks, granting `StakeAuthorization`s with `x/authz` incurs gas. `StakeAuthorization` allows you to authorize another account to delegate, undelegate, or redelegate to validators. The authorizer can define a list of validators they allow or deny delegations to. The Cosmos SDK iterates over these lists and charge 10 gas for each validator in both of the lists. + +Since the state maintaining a list for granter, grantee pair with same expiration, we are iterating over the list to remove the grant (incase of any revoke of paritcular `msgType`) from the list and we are charging 20 gas per iteration. + +## State + +### Grant + +Grants are identified by combining granter address (the address bytes of the granter), grantee address (the address bytes of the grantee) and Authorization type (its type URL). Hence we only allow one grant for the (granter, grantee, Authorization) triple. + +* Grant: `0x01 | granter_address_len (1 byte) | granter_address_bytes | grantee_address_len (1 byte) | grantee_address_bytes | msgType_bytes -> ProtocolBuffer(AuthorizationGrant)` + +The grant object encapsulates an `Authorization` type and an expiration timestamp: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/authz.proto#L24-L32 +``` + +### GrantQueue + +We are maintaining a queue for authz pruning. Whenever a grant is created, an item will be added to `GrantQueue` with a key of expiration, granter, grantee. + +In `EndBlock` (which runs for every block) we continuously check and prune the expired grants by forming a prefix key with current blocktime that passed the stored expiration in `GrantQueue`, we iterate through all the matched records from `GrantQueue` and delete them from the `GrantQueue` & `Grant`s store. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/5f4ddc6f80f9707320eec42182184207fff3833a/x/authz/keeper/keeper.go#L378-L403 +``` + +* GrantQueue: `0x02 | expiration_bytes | granter_address_len (1 byte) | granter_address_bytes | grantee_address_len (1 byte) | grantee_address_bytes -> ProtocalBuffer(GrantQueueItem)` + +The `expiration_bytes` are the expiration date in UTC with the format `"2006-01-02T15:04:05.000000000"`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/authz/keeper/keys.go#L77-L93 +``` + +The `GrantQueueItem` object contains the list of type urls between granter and grantee that expire at the time indicated in the key. + +## Messages + +In this section we describe the processing of messages for the authz module. + +### MsgGrant + +An authorization grant is created using the `MsgGrant` message. +If there is already a grant for the `(granter, grantee, Authorization)` triple, then the new grant overwrites the previous one. To update or extend an existing grant, a new grant with the same `(granter, grantee, Authorization)` triple should be created. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/tx.proto#L35-L45 +``` + +The message handling should fail if: + +* both granter and grantee have the same address. +* provided `Expiration` time is less than current unix timestamp (but a grant will be created if no `expiration` time is provided since `expiration` is optional). +* provided `Grant.Authorization` is not implemented. +* `Authorization.MsgTypeURL()` is not defined in the router (there is no defined handler in the app router to handle that Msg types). + +### MsgRevoke + +A grant can be removed with the `MsgRevoke` message. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/tx.proto#L69-L78 +``` + +The message handling should fail if: + +* both granter and grantee have the same address. +* provided `MsgTypeUrl` is empty. + +NOTE: The `MsgExec` message removes a grant if the grant has expired. + +### MsgExec + +When a grantee wants to execute a transaction on behalf of a granter, they must send `MsgExec`. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/tx.proto#L52-L63 +``` + +The message handling should fail if: + +* provided `Authorization` is not implemented. +* grantee doesn't have permission to run the transaction. +* if granted authorization is expired. + +## Events + +The authz module emits proto events defined in [the Protobuf reference](https://buf.build/cosmos/cosmos-sdk/docs/main/cosmos.authz.v1beta1#cosmos.authz.v1beta1.EventGrant). + +## Client + +### CLI + +A user can query and interact with the `authz` module using the CLI. + +#### Query + +The `query` commands allow users to query `authz` state. + +```bash +simd query authz --help +``` + +##### grants + +The `grants` command allows users to query grants for a granter-grantee pair. If the message type URL is set, it selects grants only for that message type. + +```bash +simd query authz grants [granter-addr] [grantee-addr] [msg-type-url]? [flags] +``` + +Example: + +```bash +simd query authz grants cosmos1.. cosmos1.. /cosmos.bank.v1beta1.MsgSend +``` + +Example Output: + +```bash +grants: +- authorization: + '@type': /cosmos.bank.v1beta1.SendAuthorization + spend_limit: + - amount: "100" + denom: stake + expiration: "2022-01-01T00:00:00Z" +pagination: null +``` + +#### Transactions + +The `tx` commands allow users to interact with the `authz` module. + +```bash +simd tx authz --help +``` + +##### exec + +The `exec` command allows a grantee to execute a transaction on behalf of granter. + +```bash + simd tx authz exec [tx-json-file] --from [grantee] [flags] +``` + +Example: + +```bash +simd tx authz exec tx.json --from=cosmos1.. +``` + +##### grant + +The `grant` command allows a granter to grant an authorization to a grantee. + +```bash +simd tx authz grant --from [flags] +``` +- The `send` authorization_type refers to the built-in `SendAuthorization` type. The custom flags available are `spend-limit` (required) and `allow-list` (optional) , documented [here](#SendAuthorization) + +Example: + +```bash + simd tx authz grant cosmos1.. send --spend-limit=100stake --allow-list=cosmos1...,cosmos2... --from=cosmos1.. +``` +- The `generic` authorization_type refers to the built-in `GenericAuthorization` type. The custom flag available is `msg-type` ( required) documented [here](#GenericAuthorization). + +> Note: `msg-type` is any valid Cosmos SDK `Msg` type url. + +Example: +```bash + simd tx authz grant cosmos1.. generic --msg-type=/cosmos.bank.v1beta1.MsgSend --from=cosmos1.. +``` +- The `delegate`,`unbond`,`redelegate` authorization_types refer to the built-in `StakeAuthorization` type. The custom flags available are `spend-limit` (optional), `allowed-validators` (optional) and `deny-validators` (optional) documented [here](#StakeAuthorization). +> Note: `allowed-validators` and `deny-validators` cannot both be empty. `spend-limit` represents the `MaxTokens` + +Example: + +```bash +simd tx authz grant cosmos1.. delegate --spend-limit=100stake --allowed-validators=cosmos...,cosmos... --deny-validators=cosmos... --from=cosmos1.. +``` + +##### revoke + +The `revoke` command allows a granter to revoke an authorization from a grantee. + +```bash +simd tx authz revoke [grantee] [msg-type-url] --from=[granter] [flags] +``` + +Example: + +```bash +simd tx authz revoke cosmos1.. /cosmos.bank.v1beta1.MsgSend --from=cosmos1.. +``` + +### gRPC + +A user can query the `authz` module using gRPC endpoints. + +#### Grants + +The `Grants` endpoint allows users to query grants for a granter-grantee pair. If the message type URL is set, it selects grants only for that message type. + +```bash +cosmos.authz.v1beta1.Query/Grants +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"granter":"cosmos1..","grantee":"cosmos1..","msg_type_url":"/cosmos.bank.v1beta1.MsgSend"}' \ + localhost:9090 \ + cosmos.authz.v1beta1.Query/Grants +``` + +Example Output: + +```bash +{ + "grants": [ + { + "authorization": { + "@type": "/cosmos.bank.v1beta1.SendAuthorization", + "spendLimit": [ + { + "denom":"stake", + "amount":"100" + } + ] + }, + "expiration": "2022-01-01T00:00:00Z" + } + ] +} +``` + +### REST + +A user can query the `authz` module using REST endpoints. + +```bash +/cosmos/authz/v1beta1/grants +``` + +Example: + +```bash +curl "localhost:1317/cosmos/authz/v1beta1/grants?granter=cosmos1..&grantee=cosmos1..&msg_type_url=/cosmos.bank.v1beta1.MsgSend" +``` + +Example Output: + +```bash +{ + "grants": [ + { + "authorization": { + "@type": "/cosmos.bank.v1beta1.SendAuthorization", + "spend_limit": [ + { + "denom": "stake", + "amount": "100" + } + ] + }, + "expiration": "2022-01-01T00:00:00Z" + } + ], + "pagination": null +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/modules/bank/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/modules/bank/README.md new file mode 100644 index 00000000..6f0a701b --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/modules/bank/README.md @@ -0,0 +1,1039 @@ +--- +sidebar_position: 1 +--- + +# `x/bank` + +## Abstract + +This document specifies the bank module of the Cosmos SDK. + +The bank module is responsible for handling multi-asset coin transfers between +accounts and tracking special-case pseudo-transfers which must work differently +with particular kinds of accounts (notably delegating/undelegating for vesting +accounts). It exposes several interfaces with varying capabilities for secure +interaction with other modules which must alter user balances. + +In addition, the bank module tracks and provides query support for the total +supply of all assets used in the application. + +This module is used in the Cosmos Hub. + +## Contents + +* [Supply](#supply) + * [Total Supply](#total-supply) +* [Module Accounts](#module-accounts) + * [Permissions](#permissions) +* [State](#state) +* [Params](#params) +* [Keepers](#keepers) +* [Messages](#messages) +* [Events](#events) + * [Message Events](#message-events) + * [Keeper Events](#keeper-events) +* [Parameters](#parameters) + * [SendEnabled](#sendenabled) + * [DefaultSendEnabled](#defaultsendenabled) +* [Client](#client) + * [CLI](#cli) + * [Query](#query) + * [Transactions](#transactions) +* [gRPC](#grpc) + +## Supply + +The `supply` functionality: + +* passively tracks the total supply of coins within a chain, +* provides a pattern for modules to hold/interact with `Coins`, and +* introduces the invariant check to verify a chain's total supply. + +### Total Supply + +The total `Supply` of the network is equal to the sum of all coins from the +account. The total supply is updated every time a `Coin` is minted (eg: as part +of the inflation mechanism) or burned (eg: due to slashing or if a governance +proposal is vetoed). + +## Module Accounts + +The supply functionality introduces a new type of `auth.Account` which can be used by +modules to allocate tokens and in special cases mint or burn tokens. At a base +level these module accounts are capable of sending/receiving tokens to and from +`auth.Account`s and other module accounts. This design replaces previous +alternative designs where, to hold tokens, modules would burn the incoming +tokens from the sender account, and then track those tokens internally. Later, +in order to send tokens, the module would need to effectively mint tokens +within a destination account. The new design removes duplicate logic between +modules to perform this accounting. + +The `ModuleAccount` interface is defined as follows: + +```go +type ModuleAccount interface { + auth.Account // same methods as the Account interface + + GetName() string // name of the module; used to obtain the address + GetPermissions() []string // permissions of module account + HasPermission(string) bool +} +``` + +> **WARNING!** +> Any module or message handler that allows either direct or indirect sending of funds must explicitly guarantee those funds cannot be sent to module accounts (unless allowed). + +The supply `Keeper` also introduces new wrapper functions for the auth `Keeper` +and the bank `Keeper` that are related to `ModuleAccount`s in order to be able +to: + +* Get and set `ModuleAccount`s by providing the `Name`. +* Send coins from and to other `ModuleAccount`s or standard `Account`s + (`BaseAccount` or `VestingAccount`) by passing only the `Name`. +* `Mint` or `Burn` coins for a `ModuleAccount` (restricted to its permissions). + +### Permissions + +Each `ModuleAccount` has a different set of permissions that provide different +object capabilities to perform certain actions. Permissions need to be +registered upon the creation of the supply `Keeper` so that every time a +`ModuleAccount` calls the allowed functions, the `Keeper` can lookup the +permissions to that specific account and perform or not perform the action. + +The available permissions are: + +* `Minter`: allows for a module to mint a specific amount of coins. +* `Burner`: allows for a module to burn a specific amount of coins. +* `Staking`: allows for a module to delegate and undelegate a specific amount of coins. + +## State + +The `x/bank` module keeps state of the following primary objects: + +1. Account balances +2. Denomination metadata +3. The total supply of all balances +4. Information on which denominations are allowed to be sent. + +In addition, the `x/bank` module keeps the following indexes to manage the +aforementioned state: + +* Supply Index: `0x0 | byte(denom) -> byte(amount)` +* Denom Metadata Index: `0x1 | byte(denom) -> ProtocolBuffer(Metadata)` +* Balances Index: `0x2 | byte(address length) | []byte(address) | []byte(balance.Denom) -> ProtocolBuffer(balance)` +* Reverse Denomination to Address Index: `0x03 | byte(denom) | 0x00 | []byte(address) -> 0` + +## Params + +The bank module stores it's params in state with the prefix of `0x05`, +it can be updated with governance or the address with authority. + +* Params: `0x05 | ProtocolBuffer(Params)` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/bank.proto#L12-L23 +``` + +## Keepers + +The bank module provides these exported keeper interfaces that can be +passed to other modules that read or update account balances. Modules +should use the least-permissive interface that provides the functionality they +require. + +Best practices dictate careful review of `bank` module code to ensure that +permissions are limited in the way that you expect. + +### Denied Addresses + +The `x/bank` module accepts a map of addresses that are considered blocklisted +from directly and explicitly receiving funds through means such as `MsgSend` and +`MsgMultiSend` and direct API calls like `SendCoinsFromModuleToAccount`. + +Typically, these addresses are module accounts. If these addresses receive funds +outside the expected rules of the state machine, invariants are likely to be +broken and could result in a halted network. + +By providing the `x/bank` module with a blocklisted set of addresses, an error occurs for the operation if a user or client attempts to directly or indirectly send funds to a blocklisted account, for example, by using [IBC](https://ibc.cosmos.network). + +### Common Types + +#### Input + +An input of a multiparty transfer + +```protobuf +// Input models transaction input. +message Input { + string address = 1; + repeated cosmos.base.v1beta1.Coin coins = 2; +} +``` + +#### Output + +An output of a multiparty transfer. + +```protobuf +// Output models transaction outputs. +message Output { + string address = 1; + repeated cosmos.base.v1beta1.Coin coins = 2; +} +``` + +### BaseKeeper + +The base keeper provides full-permission access: the ability to arbitrary modify any account's balance and mint or burn coins. + +Restricted permission to mint per module could be achieved by using baseKeeper with `WithMintCoinsRestriction` to give specific restrictions to mint (e.g. only minting certain denom). + +```go +// Keeper defines a module interface that facilitates the transfer of coins +// between accounts. +type Keeper interface { + SendKeeper + WithMintCoinsRestriction(MintingRestrictionFn) BaseKeeper + + InitGenesis(context.Context, *types.GenesisState) + ExportGenesis(context.Context) *types.GenesisState + + GetSupply(ctx context.Context, denom string) sdk.Coin + HasSupply(ctx context.Context, denom string) bool + GetPaginatedTotalSupply(ctx context.Context, pagination *query.PageRequest) (sdk.Coins, *query.PageResponse, error) + IterateTotalSupply(ctx context.Context, cb func(sdk.Coin) bool) + GetDenomMetaData(ctx context.Context, denom string) (types.Metadata, bool) + HasDenomMetaData(ctx context.Context, denom string) bool + SetDenomMetaData(ctx context.Context, denomMetaData types.Metadata) + IterateAllDenomMetaData(ctx context.Context, cb func(types.Metadata) bool) + + SendCoinsFromModuleToAccount(ctx context.Context, senderModule string, recipientAddr sdk.AccAddress, amt sdk.Coins) error + SendCoinsFromModuleToModule(ctx context.Context, senderModule, recipientModule string, amt sdk.Coins) error + SendCoinsFromAccountToModule(ctx context.Context, senderAddr sdk.AccAddress, recipientModule string, amt sdk.Coins) error + DelegateCoinsFromAccountToModule(ctx context.Context, senderAddr sdk.AccAddress, recipientModule string, amt sdk.Coins) error + UndelegateCoinsFromModuleToAccount(ctx context.Context, senderModule string, recipientAddr sdk.AccAddress, amt sdk.Coins) error + MintCoins(ctx context.Context, moduleName string, amt sdk.Coins) error + BurnCoins(ctx context.Context, moduleName string, amt sdk.Coins) error + + DelegateCoins(ctx context.Context, delegatorAddr, moduleAccAddr sdk.AccAddress, amt sdk.Coins) error + UndelegateCoins(ctx context.Context, moduleAccAddr, delegatorAddr sdk.AccAddress, amt sdk.Coins) error + + // GetAuthority gets the address capable of executing governance proposal messages. Usually the gov module account. + GetAuthority() string + + types.QueryServer +} +``` + +### SendKeeper + +The send keeper provides access to account balances and the ability to transfer coins between +accounts. The send keeper does not alter the total supply (mint or burn coins). + +```go +// SendKeeper defines a module interface that facilitates the transfer of coins +// between accounts without the possibility of creating coins. +type SendKeeper interface { + ViewKeeper + + AppendSendRestriction(restriction SendRestrictionFn) + PrependSendRestriction(restriction SendRestrictionFn) + ClearSendRestriction() + + InputOutputCoins(ctx context.Context, input types.Input, outputs []types.Output) error + SendCoins(ctx context.Context, fromAddr, toAddr sdk.AccAddress, amt sdk.Coins) error + + GetParams(ctx context.Context) types.Params + SetParams(ctx context.Context, params types.Params) error + + IsSendEnabledDenom(ctx context.Context, denom string) bool + SetSendEnabled(ctx context.Context, denom string, value bool) + SetAllSendEnabled(ctx context.Context, sendEnableds []*types.SendEnabled) + DeleteSendEnabled(ctx context.Context, denom string) + IterateSendEnabledEntries(ctx context.Context, cb func(denom string, sendEnabled bool) (stop bool)) + GetAllSendEnabledEntries(ctx context.Context) []types.SendEnabled + + IsSendEnabledCoin(ctx context.Context, coin sdk.Coin) bool + IsSendEnabledCoins(ctx context.Context, coins ...sdk.Coin) error + + BlockedAddr(addr sdk.AccAddress) bool +} +``` + +#### Send Restrictions + +The `SendKeeper` applies a `SendRestrictionFn` before each transfer of funds. + +```golang +// A SendRestrictionFn can restrict sends and/or provide a new receiver address. +type SendRestrictionFn func(ctx context.Context, fromAddr, toAddr sdk.AccAddress, amt sdk.Coins) (newToAddr sdk.AccAddress, err error) +``` + +After the `SendKeeper` (or `BaseKeeper`) has been created, send restrictions can be added to it using the `AppendSendRestriction` or `PrependSendRestriction` functions. +Both functions compose the provided restriction with any previously provided restrictions. +`AppendSendRestriction` adds the provided restriction to be run after any previously provided send restrictions. +`PrependSendRestriction` adds the restriction to be run before any previously provided send restrictions. +The composition will short-circuit when an error is encountered. I.e. if the first one returns an error, the second is not run. + +During `SendCoins`, the send restriction is applied before coins are removed from the from address and adding them to the to address. +During `InputOutputCoins`, the send restriction is applied after the input coins are removed and once for each output before the funds are added. + +A send restriction function should make use of a custom value in the context to allow bypassing that specific restriction. + +Send Restrictions are not placed on `ModuleToAccount` or `ModuleToModule` transfers. This is done due to modules needing to move funds to user accounts and other module accounts. This is a design decision to allow for more flexibility in the state machine. The state machine should be able to move funds between module accounts and user accounts without restrictions. + +Secondly this limitation would limit the usage of the state machine even for itself. users would not be able to receive rewards, not be able to move funds between module accounts. In the case that a user sends funds from a user account to the community pool and then a governance proposal is used to get those tokens into the users account this would fall under the discretion of the app chain developer to what they would like to do here. We can not make strong assumptions here. +Thirdly, this issue could lead into a chain halt if a token is disabled and the token is moved in the begin/endblock. This is the last reason we see the current change and more damaging then beneficial for users. + +For example, in your module's keeper package, you'd define the send restriction function: + +```golang +var _ banktypes.SendRestrictionFn = Keeper{}.SendRestrictionFn + +func (k Keeper) SendRestrictionFn(ctx context.Context, fromAddr, toAddr sdk.AccAddress, amt sdk.Coins) (sdk.AccAddress, error) { + // Bypass if the context says to. + if mymodule.HasBypass(ctx) { + return toAddr, nil + } + + // Your custom send restriction logic goes here. + return nil, errors.New("not implemented") +} +``` + +The bank keeper should be provided to your keeper's constructor so the send restriction can be added to it: + +```golang +func NewKeeper(cdc codec.BinaryCodec, storeKey storetypes.StoreKey, bankKeeper mymodule.BankKeeper) Keeper { + rv := Keeper{/*...*/} + bankKeeper.AppendSendRestriction(rv.SendRestrictionFn) + return rv +} +``` + +Then, in the `mymodule` package, define the context helpers: + +```golang +const bypassKey = "bypass-mymodule-restriction" + +// WithBypass returns a new context that will cause the mymodule bank send restriction to be skipped. +func WithBypass(ctx context.Context) context.Context { + return sdk.UnwrapSDKContext(ctx).WithValue(bypassKey, true) +} + +// WithoutBypass returns a new context that will cause the mymodule bank send restriction to not be skipped. +func WithoutBypass(ctx context.Context) context.Context { + return sdk.UnwrapSDKContext(ctx).WithValue(bypassKey, false) +} + +// HasBypass checks the context to see if the mymodule bank send restriction should be skipped. +func HasBypass(ctx context.Context) bool { + bypassValue := ctx.Value(bypassKey) + if bypassValue == nil { + return false + } + bypass, isBool := bypassValue.(bool) + return isBool && bypass +} +``` + +Now, anywhere where you want to use `SendCoins` or `InputOutputCoins`, but you don't want your send restriction applied: + +```golang +func (k Keeper) DoThing(ctx context.Context, fromAddr, toAddr sdk.AccAddress, amt sdk.Coins) error { + return k.bankKeeper.SendCoins(mymodule.WithBypass(ctx), fromAddr, toAddr, amt) +} +``` + +### ViewKeeper + +The view keeper provides read-only access to account balances. The view keeper does not have balance alteration functionality. All balance lookups are `O(1)`. + +```go +// ViewKeeper defines a module interface that facilitates read only access to +// account balances. +type ViewKeeper interface { + ValidateBalance(ctx context.Context, addr sdk.AccAddress) error + HasBalance(ctx context.Context, addr sdk.AccAddress, amt sdk.Coin) bool + + GetAllBalances(ctx context.Context, addr sdk.AccAddress) sdk.Coins + GetAccountsBalances(ctx context.Context) []types.Balance + GetBalance(ctx context.Context, addr sdk.AccAddress, denom string) sdk.Coin + LockedCoins(ctx context.Context, addr sdk.AccAddress) sdk.Coins + SpendableCoins(ctx context.Context, addr sdk.AccAddress) sdk.Coins + SpendableCoin(ctx context.Context, addr sdk.AccAddress, denom string) sdk.Coin + + IterateAccountBalances(ctx context.Context, addr sdk.AccAddress, cb func(coin sdk.Coin) (stop bool)) + IterateAllBalances(ctx context.Context, cb func(address sdk.AccAddress, coin sdk.Coin) (stop bool)) +} +``` + +## Messages + +### MsgSend + +Send coins from one address to another. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/tx.proto#L38-L53 +``` + +The message will fail under the following conditions: + +* The coins do not have sending enabled +* The `to` address is restricted + +### MsgMultiSend + +Send coins from one sender and to a series of different address. If any of the receiving addresses do not correspond to an existing account, a new account is created. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/tx.proto#L58-L69 +``` + +The message will fail under the following conditions: + +* Any of the coins do not have sending enabled +* Any of the `to` addresses are restricted +* Any of the coins are locked +* The inputs and outputs do not correctly correspond to one another + +### MsgUpdateParams + +The `bank` module params can be updated through `MsgUpdateParams`, which can be done using governance proposal. The signer will always be the `gov` module account address. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/tx.proto#L74-L88 +``` + +The message handling can fail if: + +* signer is not the gov module account address. + +### MsgSetSendEnabled + +Used with the x/gov module to set create/edit SendEnabled entries. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/tx.proto#L96-L117 +``` + +The message will fail under the following conditions: + +* The authority is not a bech32 address. +* The authority is not x/gov module's address. +* There are multiple SendEnabled entries with the same Denom. +* One or more SendEnabled entries has an invalid Denom. + +## Events + +The bank module emits the following events: + +### Message Events + +#### MsgSend + +| Type | Attribute Key | Attribute Value | +| -------- | ------------- | ------------------ | +| transfer | recipient | {recipientAddress} | +| transfer | amount | {amount} | +| message | module | bank | +| message | action | send | +| message | sender | {senderAddress} | + +#### MsgMultiSend + +| Type | Attribute Key | Attribute Value | +| -------- | ------------- | ------------------ | +| transfer | recipient | {recipientAddress} | +| transfer | amount | {amount} | +| message | module | bank | +| message | action | multisend | +| message | sender | {senderAddress} | + +### Keeper Events + +In addition to message events, the bank keeper will produce events when the following methods are called (or any method which ends up calling them) + +#### MintCoins + +```json +{ + "type": "coinbase", + "attributes": [ + { + "key": "minter", + "value": "{{sdk.AccAddress of the module minting coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being minted}}", + "index": true + } + ] +} +``` + +```json +{ + "type": "coin_received", + "attributes": [ + { + "key": "receiver", + "value": "{{sdk.AccAddress of the module minting coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being received}}", + "index": true + } + ] +} +``` + +#### BurnCoins + +```json +{ + "type": "burn", + "attributes": [ + { + "key": "burner", + "value": "{{sdk.AccAddress of the module burning coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being burned}}", + "index": true + } + ] +} +``` + +```json +{ + "type": "coin_spent", + "attributes": [ + { + "key": "spender", + "value": "{{sdk.AccAddress of the module burning coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being burned}}", + "index": true + } + ] +} +``` + +#### addCoins + +```json +{ + "type": "coin_received", + "attributes": [ + { + "key": "receiver", + "value": "{{sdk.AccAddress of the address beneficiary of the coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being received}}", + "index": true + } + ] +} +``` + +#### subUnlockedCoins/DelegateCoins + +```json +{ + "type": "coin_spent", + "attributes": [ + { + "key": "spender", + "value": "{{sdk.AccAddress of the address which is spending coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being spent}}", + "index": true + } + ] +} +``` + +## Parameters + +The bank module contains the following parameters + +### SendEnabled + +The SendEnabled parameter is now deprecated and not to be use. It is replaced +with state store records. + + +### DefaultSendEnabled + +The default send enabled value controls send transfer capability for all +coin denominations unless specifically included in the array of `SendEnabled` +parameters. + +## Client + +### CLI + +A user can query and interact with the `bank` module using the CLI. + +#### Query + +The `query` commands allow users to query `bank` state. + +```shell +simd query bank --help +``` + +##### balances + +The `balances` command allows users to query account balances by address. + +```shell +simd query bank balances [address] [flags] +``` + +Example: + +```shell +simd query bank balances cosmos1.. +``` + +Example Output: + +```yml +balances: +- amount: "1000000000" + denom: stake +pagination: + next_key: null + total: "0" +``` + +##### denom-metadata + +The `denom-metadata` command allows users to query metadata for coin denominations. A user can query metadata for a single denomination using the `--denom` flag or all denominations without it. + +```shell +simd query bank denom-metadata [flags] +``` + +Example: + +```shell +simd query bank denom-metadata --denom stake +``` + +Example Output: + +```yml +metadata: + base: stake + denom_units: + - aliases: + - STAKE + denom: stake + description: native staking token of simulation app + display: stake + name: SimApp Token + symbol: STK +``` + +##### total + +The `total` command allows users to query the total supply of coins. A user can query the total supply for a single coin using the `--denom` flag or all coins without it. + +```shell +simd query bank total [flags] +``` + +Example: + +```shell +simd query bank total --denom stake +``` + +Example Output: + +```yml +amount: "10000000000" +denom: stake +``` + +##### send-enabled + +The `send-enabled` command allows users to query for all or some SendEnabled entries. + +```shell +simd query bank send-enabled [denom1 ...] [flags] +``` + +Example: + +```shell +simd query bank send-enabled +``` + +Example output: + +```yml +send_enabled: +- denom: foocoin + enabled: true +- denom: barcoin +pagination: + next-key: null + total: 2 +``` + +#### Transactions + +The `tx` commands allow users to interact with the `bank` module. + +```shell +simd tx bank --help +``` + +##### send + +The `send` command allows users to send funds from one account to another. + +```shell +simd tx bank send [from_key_or_address] [to_address] [amount] [flags] +``` + +Example: + +```shell +simd tx bank send cosmos1.. cosmos1.. 100stake +``` + +## gRPC + +A user can query the `bank` module using gRPC endpoints. + +### Balance + +The `Balance` endpoint allows users to query account balance by address for a given denomination. + +```shell +cosmos.bank.v1beta1.Query/Balance +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"address":"cosmos1..","denom":"stake"}' \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/Balance +``` + +Example Output: + +```json +{ + "balance": { + "denom": "stake", + "amount": "1000000000" + } +} +``` + +### AllBalances + +The `AllBalances` endpoint allows users to query account balance by address for all denominations. + +```shell +cosmos.bank.v1beta1.Query/AllBalances +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"address":"cosmos1.."}' \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/AllBalances +``` + +Example Output: + +```json +{ + "balances": [ + { + "denom": "stake", + "amount": "1000000000" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### DenomMetadata + +The `DenomMetadata` endpoint allows users to query metadata for a single coin denomination. + +```shell +cosmos.bank.v1beta1.Query/DenomMetadata +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"denom":"stake"}' \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/DenomMetadata +``` + +Example Output: + +```json +{ + "metadata": { + "description": "native staking token of simulation app", + "denomUnits": [ + { + "denom": "stake", + "aliases": [ + "STAKE" + ] + } + ], + "base": "stake", + "display": "stake", + "name": "SimApp Token", + "symbol": "STK" + } +} +``` + +### DenomsMetadata + +The `DenomsMetadata` endpoint allows users to query metadata for all coin denominations. + +```shell +cosmos.bank.v1beta1.Query/DenomsMetadata +``` + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/DenomsMetadata +``` + +Example Output: + +```json +{ + "metadatas": [ + { + "description": "native staking token of simulation app", + "denomUnits": [ + { + "denom": "stake", + "aliases": [ + "STAKE" + ] + } + ], + "base": "stake", + "display": "stake", + "name": "SimApp Token", + "symbol": "STK" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### DenomOwners + +The `DenomOwners` endpoint allows users to query metadata for a single coin denomination. + +```shell +cosmos.bank.v1beta1.Query/DenomOwners +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"denom":"stake"}' \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/DenomOwners +``` + +Example Output: + +```json +{ + "denomOwners": [ + { + "address": "cosmos1..", + "balance": { + "denom": "stake", + "amount": "5000000000" + } + }, + { + "address": "cosmos1..", + "balance": { + "denom": "stake", + "amount": "5000000000" + } + }, + ], + "pagination": { + "total": "2" + } +} +``` + +### TotalSupply + +The `TotalSupply` endpoint allows users to query the total supply of all coins. + +```shell +cosmos.bank.v1beta1.Query/TotalSupply +``` + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/TotalSupply +``` + +Example Output: + +```json +{ + "supply": [ + { + "denom": "stake", + "amount": "10000000000" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### SupplyOf + +The `SupplyOf` endpoint allows users to query the total supply of a single coin. + +```shell +cosmos.bank.v1beta1.Query/SupplyOf +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"denom":"stake"}' \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/SupplyOf +``` + +Example Output: + +```json +{ + "amount": { + "denom": "stake", + "amount": "10000000000" + } +} +``` + +### Params + +The `Params` endpoint allows users to query the parameters of the `bank` module. + +```shell +cosmos.bank.v1beta1.Query/Params +``` + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/Params +``` + +Example Output: + +```json +{ + "params": { + "defaultSendEnabled": true + } +} +``` + +### SendEnabled + +The `SendEnabled` enpoints allows users to query the SendEnabled entries of the `bank` module. + +Any denominations NOT returned, use the `Params.DefaultSendEnabled` value. + +```shell +cosmos.bank.v1beta1.Query/SendEnabled +``` + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/SendEnabled +``` + +Example Output: + +```json +{ + "send_enabled": [ + { + "denom": "foocoin", + "enabled": true + }, + { + "denom": "barcoin" + } + ], + "pagination": { + "next-key": null, + "total": 2 + } +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/modules/circuit/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/modules/circuit/README.md new file mode 100644 index 00000000..f0cbe574 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/modules/circuit/README.md @@ -0,0 +1,257 @@ +# `x/circuit` + +## Concepts + +Circuit Breaker is a module that is meant to avoid a chain needing to halt/shut down in the presence of a vulnerability, instead the module will allow specific messages or all messages to be disabled. When operating a chain, if it is app specific then a halt of the chain is less detrimental, but if there are applications built on top of the chain then halting is expensive due to the disturbance to applications. + +Circuit Breaker works with the idea that an address or set of addresses have the right to block messages from being executed and/or included in the mempool. Any address with a permission is able to reset the circuit breaker for the message. + +The transactions are checked and can be rejected at two points: + +* In `CircuitBreakerDecorator` [ante handler](https://docs.cosmos.network/main/learn/advanced/baseapp#antehandler): + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/x/circuit/v0.1.0/x/circuit/ante/circuit.go#L27-L41 +``` + +* With a [message router check](https://docs.cosmos.network/main/learn/advanced/baseapp#msg-service-router): + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.1/baseapp/msg_service_router.go#L104-L115 +``` + +:::note +The `CircuitBreakerDecorator` works for most use cases, but [does not check the inner messages of a transaction](https://docs.cosmos.network/main/learn/beginner/tx-lifecycle#antehandler). This some transactions (such as `x/authz` transactions or some `x/gov` transactions) may pass the ante handler. **This does not affect the circuit breaker** as the message router check will still fail the transaction. +This tradeoff is to avoid introducing more dependencies in the `x/circuit` module. Chains can re-define the `CircuitBreakerDecorator` to check for inner messages if they wish to do so. +::: + +## State + +### Accounts + +* AccountPermissions `0x1 | account_address -> ProtocolBuffer(CircuitBreakerPermissions)` + +```go +type level int32 + +const ( + // LEVEL_NONE_UNSPECIFIED indicates that the account will have no circuit + // breaker permissions. + LEVEL_NONE_UNSPECIFIED = iota + // LEVEL_SOME_MSGS indicates that the account will have permission to + // trip or reset the circuit breaker for some Msg type URLs. If this level + // is chosen, a non-empty list of Msg type URLs must be provided in + // limit_type_urls. + LEVEL_SOME_MSGS + // LEVEL_ALL_MSGS indicates that the account can trip or reset the circuit + // breaker for Msg's of all type URLs. + LEVEL_ALL_MSGS + // LEVEL_SUPER_ADMIN indicates that the account can take all circuit breaker + // actions and can grant permissions to other accounts. + LEVEL_SUPER_ADMIN +) + +type Access struct { + level int32 + msgs []string // if full permission, msgs can be empty +} +``` + + +### Disable List + +List of type urls that are disabled. + +* DisableList `0x2 | msg_type_url -> []byte{}` + +## State Transitions + +### Authorize + +Authorize, is called by the module authority (default governance module account) or any account with `LEVEL_SUPER_ADMIN` to give permission to disable/enable messages to another account. There are three levels of permissions that can be granted. `LEVEL_SOME_MSGS` limits the number of messages that can be disabled. `LEVEL_ALL_MSGS` permits all messages to be disabled. `LEVEL_SUPER_ADMIN` allows an account to take all circuit breaker actions including authorizing and deauthorizing other accounts. + +```protobuf + // AuthorizeCircuitBreaker allows a super-admin to grant (or revoke) another + // account's circuit breaker permissions. + rpc AuthorizeCircuitBreaker(MsgAuthorizeCircuitBreaker) returns (MsgAuthorizeCircuitBreakerResponse); +``` + +### Trip + +Trip, is called by an authorized account to disable message execution for a specific msgURL. If empty, all the msgs will be disabled. + +```protobuf + // TripCircuitBreaker pauses processing of Msg's in the state machine. + rpc TripCircuitBreaker(MsgTripCircuitBreaker) returns (MsgTripCircuitBreakerResponse); +``` + +### Reset + +Reset is called by an authorized account to enable execution for a specific msgURL of previously disabled message. If empty, all the disabled messages will be enabled. + +```protobuf + // ResetCircuitBreaker resumes processing of Msg's in the state machine that + // have been been paused using TripCircuitBreaker. + rpc ResetCircuitBreaker(MsgResetCircuitBreaker) returns (MsgResetCircuitBreakerResponse); +``` + +## Messages + +### MsgAuthorizeCircuitBreaker + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/cosmos/circuit/v1/tx.proto#L25-L75 +``` + +This message is expected to fail if: + +* the granter is not an account with permission level `LEVEL_SUPER_ADMIN` or the module authority + +### MsgTripCircuitBreaker + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/cosmos/circuit/v1/tx.proto#L77-L93 +``` + +This message is expected to fail if: + +* if the signer does not have a permission level with the ability to disable the specified type url message + +### MsgResetCircuitBreaker + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/cosmos/circuit/v1/tx.proto#L95-109 +``` + +This message is expected to fail if: + +* if the type url is not disabled + +## Events - list and describe event tags + +The circuit module emits the following events: + +### Message Events + +#### MsgAuthorizeCircuitBreaker + +| Type | Attribute Key | Attribute Value | +|---------|---------------|---------------------------| +| string | granter | {granterAddress} | +| string | grantee | {granteeAddress} | +| string | permission | {granteePermissions} | +| message | module | circuit | +| message | action | authorize_circuit_breaker | + +#### MsgTripCircuitBreaker + +| Type | Attribute Key | Attribute Value | +|----------|---------------|--------------------| +| string | authority | {authorityAddress} | +| []string | msg_urls | []string{msg_urls} | +| message | module | circuit | +| message | action | trip_circuit_breaker | + +#### ResetCircuitBreaker + +| Type | Attribute Key | Attribute Value | +|----------|---------------|--------------------| +| string | authority | {authorityAddress} | +| []string | msg_urls | []string{msg_urls} | +| message | module | circuit | +| message | action | reset_circuit_breaker | + + +## Keys - list of key prefixes used by the circuit module + +* `AccountPermissionPrefix` - `0x01` +* `DisableListPrefix` - `0x02` + +## Client - list and describe CLI commands and gRPC and REST endpoints + +## Examples: Using Circuit Breaker CLI Commands + +This section provides practical examples for using the Circuit Breaker module through the command-line interface (CLI). These examples demonstrate how to authorize accounts, disable (trip) specific message types, and re-enable (reset) them when needed. + +### Querying Circuit Breaker Permissions + +Check an account's current circuit breaker permissions: + +```bash +# Query permissions for a specific account + query circuit account-permissions + +# Example: +simd query circuit account-permissions cosmos1... +``` + +Check which message types are currently disabled: + +```bash +# Query all disabled message types + query circuit disabled-list + +# Example: +simd query circuit disabled-list +``` + +### Authorizing an Account as Circuit Breaker + +Only a super-admin or the module authority (typically the governance module account) can grant circuit breaker permissions to other accounts: + +```bash +# Grant LEVEL_ALL_MSGS permission (can disable any message type) + tx circuit authorize --level=ALL_MSGS --from= --gas=auto --gas-adjustment=1.5 + +# Grant LEVEL_SOME_MSGS permission (can only disable specific message types) + tx circuit authorize --level=SOME_MSGS --limit-type-urls="/cosmos.bank.v1beta1.MsgSend,/cosmos.staking.v1beta1.MsgDelegate" --from= --gas=auto --gas-adjustment=1.5 + +# Grant LEVEL_SUPER_ADMIN permission (can disable messages and authorize other accounts) + tx circuit authorize --level=SUPER_ADMIN --from= --gas=auto --gas-adjustment=1.5 +``` + +### Disabling Message Processing (Trip) + +Disable specific message types to prevent their execution (requires authorization): + +```bash +# Disable a single message type + tx circuit trip --type-urls="/cosmos.bank.v1beta1.MsgSend" --from= --gas=auto --gas-adjustment=1.5 + +# Disable multiple message types + tx circuit trip --type-urls="/cosmos.bank.v1beta1.MsgSend,/cosmos.staking.v1beta1.MsgDelegate" --from= --gas=auto --gas-adjustment=1.5 + +# Disable all message types (emergency measure) + tx circuit trip --from= --gas=auto --gas-adjustment=1.5 +``` + +### Re-enabling Message Processing (Reset) + +Re-enable previously disabled message types (requires authorization): + +```bash +# Re-enable a single message type + tx circuit reset --type-urls="/cosmos.bank.v1beta1.MsgSend" --from= --gas=auto --gas-adjustment=1.5 + +# Re-enable multiple message types + tx circuit reset --type-urls="/cosmos.bank.v1beta1.MsgSend,/cosmos.staking.v1beta1.MsgDelegate" --from= --gas=auto --gas-adjustment=1.5 + +# Re-enable all disabled message types + tx circuit reset --from= --gas=auto --gas-adjustment=1.5 +``` + +### Usage in Emergency Scenarios + +In case of a critical vulnerability in a specific message type: + +1. Quickly disable the vulnerable message type: + ```bash + tx circuit trip --type-urls="/cosmos.vulnerable.v1beta1.MsgVulnerable" --from= --gas=auto --gas-adjustment=1.5 + ``` + +2. After a fix is deployed, re-enable the message type: + ```bash + tx circuit reset --type-urls="/cosmos.vulnerable.v1beta1.MsgVulnerable" --from= --gas=auto --gas-adjustment=1.5 + ``` + +This allows chains to surgically disable problematic functionality without halting the entire chain, providing time for developers to implement and deploy fixes. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/modules/consensus/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/modules/consensus/README.md new file mode 100644 index 00000000..902280a6 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/modules/consensus/README.md @@ -0,0 +1,7 @@ +--- +sidebar_position: 1 +--- + +# `x/consensus` + +Functionality to modify CometBFT's ABCI consensus params. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/modules/crisis/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/modules/crisis/README.md new file mode 100644 index 00000000..b75a5ab6 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/modules/crisis/README.md @@ -0,0 +1,112 @@ +--- +sidebar_position: 1 +--- + +# `x/crisis` + +NOTE: `x/crisis` is deprecated as of Cosmos SDK v0.53 and will be removed in the next release. + +## Overview + +The crisis module halts the blockchain under the circumstance that a blockchain +invariant is broken. Invariants can be registered with the application during the +application initialization process. + +## Contents + +* [State](#state) +* [Messages](#messages) +* [Events](#events) +* [Parameters](#parameters) +* [Client](#client) + * [CLI](#cli) + +## State + +### ConstantFee + +Due to the anticipated large gas cost requirement to verify an invariant (and +potential to exceed the maximum allowable block gas limit) a constant fee is +used instead of the standard gas consumption method. The constant fee is +intended to be larger than the anticipated gas cost of running the invariant +with the standard gas consumption method. + +The ConstantFee param is stored in the module params state with the prefix of `0x01`, +it can be updated with governance or the address with authority. + +* Params: `mint/params -> legacy_amino(sdk.Coin)` + +## Messages + +In this section we describe the processing of the crisis messages and the +corresponding updates to the state. + +### MsgVerifyInvariant + +Blockchain invariants can be checked using the `MsgVerifyInvariant` message. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/crisis/v1beta1/tx.proto#L26-L42 +``` + +This message is expected to fail if: + +* the sender does not have enough coins for the constant fee +* the invariant route is not registered + +This message checks the invariant provided, and if the invariant is broken it +panics, halting the blockchain. If the invariant is broken, the constant fee is +never deducted as the transaction is never committed to a block (equivalent to +being refunded). However, if the invariant is not broken, the constant fee will +not be refunded. + +## Events + +The crisis module emits the following events: + +### Handlers + +#### MsgVerifyInvariance + +| Type | Attribute Key | Attribute Value | +|-----------|---------------|------------------| +| invariant | route | {invariantRoute} | +| message | module | crisis | +| message | action | verify_invariant | +| message | sender | {senderAddress} | + +## Parameters + +The crisis module contains the following parameters: + +| Key | Type | Example | +|-------------|---------------|-----------------------------------| +| ConstantFee | object (coin) | {"denom":"uatom","amount":"1000"} | + +## Client + +### CLI + +A user can query and interact with the `crisis` module using the CLI. + +#### Transactions + +The `tx` commands allow users to interact with the `crisis` module. + +```bash +simd tx crisis --help +``` + +##### invariant-broken + +The `invariant-broken` command submits proof when an invariant was broken to halt the chain + +```bash +simd tx crisis invariant-broken [module-name] [invariant-route] [flags] +``` + +Example: + +```bash +simd tx crisis invariant-broken bank total-supply --from=[keyname or address] +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/modules/distribution/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/modules/distribution/README.md new file mode 100644 index 00000000..8259b60e --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/modules/distribution/README.md @@ -0,0 +1,1128 @@ +--- +sidebar_position: 1 +--- + +# `x/distribution` + +## Overview + +This _simple_ distribution mechanism describes a functional way to passively +distribute rewards between validators and delegators. Note that this mechanism does +not distribute funds in as precisely as active reward distribution mechanisms and +will therefore be upgraded in the future. + +The mechanism operates as follows. Collected rewards are pooled globally and +divided out passively to validators and delegators. Each validator has the +opportunity to charge commission to the delegators on the rewards collected on +behalf of the delegators. Fees are collected directly into a global reward pool +and validator proposer-reward pool. Due to the nature of passive accounting, +whenever changes to parameters which affect the rate of reward distribution +occurs, withdrawal of rewards must also occur. + +* Whenever withdrawing, one must withdraw the maximum amount they are entitled + to, leaving nothing in the pool. +* Whenever bonding, unbonding, or re-delegating tokens to an existing account, a + full withdrawal of the rewards must occur (as the rules for lazy accounting + change). +* Whenever a validator chooses to change the commission on rewards, all accumulated + commission rewards must be simultaneously withdrawn. + +The above scenarios are covered in `hooks.md`. + +The distribution mechanism outlined herein is used to lazily distribute the +following rewards between validators and associated delegators: + +* multi-token fees to be socially distributed +* inflated staked asset provisions +* validator commission on all rewards earned by their delegators stake + +Fees are pooled within a global pool. The mechanisms used allow for validators +and delegators to independently and lazily withdraw their rewards. + +## Shortcomings + +As a part of the lazy computations, each delegator holds an accumulation term +specific to each validator which is used to estimate what their approximate +fair portion of tokens held in the global fee pool is owed to them. + +```text +entitlement = delegator-accumulation / all-delegators-accumulation +``` + +Under the circumstance that there was constant and equal flow of incoming +reward tokens every block, this distribution mechanism would be equal to the +active distribution (distribute individually to all delegators each block). +However, this is unrealistic so deviations from the active distribution will +occur based on fluctuations of incoming reward tokens as well as timing of +reward withdrawal by other delegators. + +If you happen to know that incoming rewards are about to significantly increase, +you are incentivized to not withdraw until after this event, increasing the +worth of your existing _accum_. See [#2764](https://github.com/cosmos/cosmos-sdk/issues/2764) +for further details. + +## Effect on Staking + +Charging commission on Atom provisions while also allowing for Atom-provisions +to be auto-bonded (distributed directly to the validators bonded stake) is +problematic within BPoS. Fundamentally, these two mechanisms are mutually +exclusive. If both commission and auto-bonding mechanisms are simultaneously +applied to the staking-token then the distribution of staking-tokens between +any validator and its delegators will change with each block. This then +necessitates a calculation for each delegation records for each block - +which is considered computationally expensive. + +In conclusion, we can only have Atom commission and unbonded atoms +provisions or bonded atom provisions with no Atom commission, and we elect to +implement the former. Stakeholders wishing to rebond their provisions may elect +to set up a script to periodically withdraw and rebond rewards. + +## Contents + +* [Concepts](#concepts) +* [State](#state) + * [FeePool](#feepool) + * [Validator Distribution](#validator-distribution) + * [Delegation Distribution](#delegation-distribution) + * [Params](#params) +* [Begin Block](#begin-block) +* [Messages](#messages) +* [Hooks](#hooks) +* [Events](#events) +* [Parameters](#parameters) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + +## Concepts + +In Proof of Stake (PoS) blockchains, rewards gained from transaction fees are paid to validators. The fee distribution module fairly distributes the rewards to the validators' constituent delegators. + +Rewards are calculated per period. The period is updated each time a validator's delegation changes, for example, when the validator receives a new delegation. +The rewards for a single validator can then be calculated by taking the total rewards for the period before the delegation started, minus the current total rewards. +To learn more, see the [F1 Fee Distribution paper](https://github.com/cosmos/cosmos-sdk/tree/main/docs/spec/fee_distribution/f1_fee_distr.pdf). + +The commission to the validator is paid when the validator is removed or when the validator requests a withdrawal. +The commission is calculated and incremented at every `BeginBlock` operation to update accumulated fee amounts. + +The rewards to a delegator are distributed when the delegation is changed or removed, or a withdrawal is requested. +Before rewards are distributed, all slashes to the validator that occurred during the current delegation are applied. + +### Reference Counting in F1 Fee Distribution + +In F1 fee distribution, the rewards a delegator receives are calculated when their delegation is withdrawn. This calculation must read the terms of the summation of rewards divided by the share of tokens from the period which they ended when they delegated, and the final period that was created for the withdrawal. + +Additionally, as slashes change the amount of tokens a delegation will have (but we calculate this lazily, +only when a delegator un-delegates), we must calculate rewards in separate periods before / after any slashes +which occurred in between when a delegator delegated and when they withdrew their rewards. Thus slashes, like +delegations, reference the period which was ended by the slash event. + +All stored historical rewards records for periods which are no longer referenced by any delegations +or any slashes can thus be safely removed, as they will never be read (future delegations and future +slashes will always reference future periods). This is implemented by tracking a `ReferenceCount` +along with each historical reward storage entry. Each time a new object (delegation or slash) +is created which might need to reference the historical record, the reference count is incremented. +Each time one object which previously needed to reference the historical record is deleted, the reference +count is decremented. If the reference count hits zero, the historical record is deleted. + +### External Community Pool Keepers + +An external pool community keeper is defined as: + +```go +// ExternalCommunityPoolKeeper is the interface that an external community pool module keeper must fulfill +// for x/distribution to properly accept it as a community pool fund destination. +type ExternalCommunityPoolKeeper interface { + // GetCommunityPoolModule gets the module name that funds should be sent to for the community pool. + // This is the address that x/distribution will send funds to for external management. + GetCommunityPoolModule() string + // FundCommunityPool allows an account to directly fund the community fund pool. + FundCommunityPool(ctx sdk.Context, amount sdk.Coins, senderAddr sdk.AccAddress) error + // DistributeFromCommunityPool distributes funds from the community pool module account to + // a receiver address. + DistributeFromCommunityPool(ctx sdk.Context, amount sdk.Coins, receiveAddr sdk.AccAddress) error +} +``` + +By default, the distribution module will use a community pool implementation that is internal. An external community pool +can be provided to the module which will have funds be diverted to it instead of the internal implementation. The reference +external community pool maintained by the Cosmos SDK is [`x/protocolpool`](../protocolpool/README.md). + +## State + +### FeePool + +All globally tracked parameters for distribution are stored within +`FeePool`. Rewards are collected and added to the reward pool and +distributed to validators/delegators from here. + +Note that the reward pool holds decimal coins (`DecCoins`) to allow +for fractions of coins to be received from operations like inflation. +When coins are distributed from the pool they are truncated back to +`sdk.Coins` which are non-decimal. + +* FeePool: `0x00 -> ProtocolBuffer(FeePool)` + +```go +// coins with decimal +type DecCoins []DecCoin + +type DecCoin struct { + Amount math.LegacyDec + Denom string +} +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/distribution/v1beta1/distribution.proto#L116-L123 +``` + +### Validator Distribution + +Validator distribution information for the relevant validator is updated each time: + +1. delegation amount to a validator is updated, +2. any delegator withdraws from a validator, or +3. the validator withdraws its commission. + +* ValidatorDistInfo: `0x02 | ValOperatorAddrLen (1 byte) | ValOperatorAddr -> ProtocolBuffer(validatorDistribution)` + +```go +type ValidatorDistInfo struct { + OperatorAddress sdk.AccAddress + SelfBondRewards sdkmath.DecCoins + ValidatorCommission types.ValidatorAccumulatedCommission +} +``` + +### Delegation Distribution + +Each delegation distribution only needs to record the height at which it last +withdrew fees. Because a delegation must withdraw fees each time it's +properties change (aka bonded tokens etc.) its properties will remain constant +and the delegator's _accumulation_ factor can be calculated passively knowing +only the height of the last withdrawal and its current properties. + +* DelegationDistInfo: `0x02 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValOperatorAddrLen (1 byte) | ValOperatorAddr -> ProtocolBuffer(delegatorDist)` + +```go +type DelegationDistInfo struct { + WithdrawalHeight int64 // last time this delegation withdrew rewards +} +``` + +### Params + +The distribution module stores it's params in state with the prefix of `0x09`, +it can be updated with governance or the address with authority. + +* Params: `0x09 | ProtocolBuffer(Params)` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/distribution/v1beta1/distribution.proto#L12-L42 +``` + +## Begin Block + +At each `BeginBlock`, all fees received in the previous block are transferred to +the distribution `ModuleAccount` account. When a delegator or validator +withdraws their rewards, they are taken out of the `ModuleAccount`. During begin +block, the different claims on the fees collected are updated as follows: + +* The reserve community tax is charged. +* The remainder is distributed proportionally by voting power to all bonded validators + +### The Distribution Scheme + +See [params](#params) for description of parameters. + +Let `fees` be the total fees collected in the previous block, including +inflationary rewards to the stake. All fees are collected in a specific module +account during the block. During `BeginBlock`, they are sent to the +`"distribution"` `ModuleAccount`. No other sending of tokens occurs. Instead, the +rewards each account is entitled to are stored, and withdrawals can be triggered +through the messages `FundCommunityPool`, `WithdrawValidatorCommission` and +`WithdrawDelegatorReward`. + +#### Reward to the Community Pool + +The community pool gets `community_tax * fees`, plus any remaining dust after +validators get their rewards that are always rounded down to the nearest +integer value. + +#### Using an External Community Pool + +Starting with Cosmos SDK v0.53.0, an external community pool, such as `x/protocolpool`, can be used in place of the `x/distribution` managed community pool. + + +Please view the warning in the next section before deciding to use an external community pool. + +```go +// ExternalCommunityPoolKeeper is the interface that an external community pool module keeper must fulfill +// for x/distribution to properly accept it as a community pool fund destination. +type ExternalCommunityPoolKeeper interface { + // GetCommunityPoolModule gets the module name that funds should be sent to for the community pool. + // This is the address that x/distribution will send funds to for external management. + GetCommunityPoolModule() string + // FundCommunityPool allows an account to directly fund the community fund pool. + FundCommunityPool(ctx sdk.Context, amount sdk.Coins, senderAddr sdk.AccAddress) error + // DistributeFromCommunityPool distributes funds from the community pool module account to + // a receiver address. + DistributeFromCommunityPool(ctx sdk.Context, amount sdk.Coins, receiveAddr sdk.AccAddress) error +} +``` + +```go +app.DistrKeeper = distrkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[distrtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + app.StakingKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + distrkeeper.WithExternalCommunityPool(app.ProtocolPoolKeeper), // New option. +) +``` + +#### External Community Pool Usage Warning + +When using an external community pool with `x/distribution`, the following handlers will return an error: + +**QueryService** + +- `CommunityPool` + +**MsgService** + +- `CommunityPoolSpend` +- `FundCommunityPool` + +If you have services that rely on this functionality from `x/distribution`, please update them to use the `x/protocolpool` equivalents. + +#### Reward To the Validators + +The proposer receives no extra rewards. All fees are distributed among all the +bonded validators, including the proposer, in proportion to their consensus power. + +```text +powFrac = validator power / total bonded validator power +voteMul = 1 - community_tax +``` + +All validators receive `fees * voteMul * powFrac`. + +#### Rewards to Delegators + +Each validator's rewards are distributed to its delegators. The validator also +has a self-delegation that is treated like a regular delegation in +distribution calculations. + +The validator sets a commission rate. The commission rate is flexible, but each +validator sets a maximum rate and a maximum daily increase. These maximums cannot be exceeded and protect delegators from sudden increases of validator commission rates to prevent validators from taking all of the rewards. + +The outstanding rewards that the operator is entitled to are stored in +`ValidatorAccumulatedCommission`, while the rewards the delegators are entitled +to are stored in `ValidatorCurrentRewards`. The [F1 fee distribution scheme](#concepts) is used to calculate the rewards per delegator as they +withdraw or update their delegation, and is thus not handled in `BeginBlock`. + +#### Example Distribution + +For this example distribution, the underlying consensus engine selects block proposers in +proportion to their power relative to the entire bonded power. + +All validators are equally performant at including pre-commits in their proposed +blocks. Then hold `(pre_commits included) / (total bonded validator power)` +constant so that the amortized block reward for the validator is `( validator power / total bonded power) * (1 - community tax rate)` of +the total rewards. Consequently, the reward for a single delegator is: + +```text +(delegator proportion of the validator power / validator power) * (validator power / total bonded power) + * (1 - community tax rate) * (1 - validator commission rate) += (delegator proportion of the validator power / total bonded power) * (1 - +community tax rate) * (1 - validator commission rate) +``` + +## Messages + +### MsgSetWithdrawAddress + +By default, the withdraw address is the delegator address. To change its withdraw address, a delegator must send a `MsgSetWithdrawAddress` message. +Changing the withdraw address is possible only if the parameter `WithdrawAddrEnabled` is set to `true`. + +The withdraw address cannot be any of the module accounts. These accounts are blocked from being withdraw addresses by being added to the distribution keeper's `blockedAddrs` array at initialization. + +Response: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/distribution/v1beta1/tx.proto#L49-L60 +``` + +```go +func (k Keeper) SetWithdrawAddr(ctx context.Context, delegatorAddr sdk.AccAddress, withdrawAddr sdk.AccAddress) error + if k.blockedAddrs[withdrawAddr.String()] { + fail with "`{withdrawAddr}` is not allowed to receive external funds" + } + + if !k.GetWithdrawAddrEnabled(ctx) { + fail with `ErrSetWithdrawAddrDisabled` + } + + k.SetDelegatorWithdrawAddr(ctx, delegatorAddr, withdrawAddr) +``` + +### MsgWithdrawDelegatorReward + +A delegator can withdraw its rewards. +Internally in the distribution module, this transaction simultaneously removes the previous delegation with associated rewards, the same as if the delegator simply started a new delegation of the same value. +The rewards are sent immediately from the distribution `ModuleAccount` to the withdraw address. +Any remainder (truncated decimals) are sent to the community pool. +The starting height of the delegation is set to the current validator period, and the reference count for the previous period is decremented. +The amount withdrawn is deducted from the `ValidatorOutstandingRewards` variable for the validator. + +In the F1 distribution, the total rewards are calculated per validator period, and a delegator receives a piece of those rewards in proportion to their stake in the validator. +In basic F1, the total rewards that all the delegators are entitled to between to periods is calculated the following way. +Let `R(X)` be the total accumulated rewards up to period `X` divided by the tokens staked at that time. The delegator allocation is `R(X) * delegator_stake`. +Then the rewards for all the delegators for staking between periods `A` and `B` are `(R(B) - R(A)) * total stake`. +However, these calculated rewards don't account for slashing. + +Taking the slashes into account requires iteration. +Let `F(X)` be the fraction a validator is to be slashed for a slashing event that happened at period `X`. +If the validator was slashed at periods `P1, ..., PN`, where `A < P1`, `PN < B`, the distribution module calculates the individual delegator's rewards, `T(A, B)`, as follows: + +```go +stake := initial stake +rewards := 0 +previous := A +for P in P1, ..., PN`: + rewards = (R(P) - previous) * stake + stake = stake * F(P) + previous = P +rewards = rewards + (R(B) - R(PN)) * stake +``` + +The historical rewards are calculated retroactively by playing back all the slashes and then attenuating the delegator's stake at each step. +The final calculated stake is equivalent to the actual staked coins in the delegation with a margin of error due to rounding errors. + +Response: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/distribution/v1beta1/tx.proto#L66-L77 +``` + +### WithdrawValidatorCommission + +The validator can send the WithdrawValidatorCommission message to withdraw their accumulated commission. +The commission is calculated in every block during `BeginBlock`, so no iteration is required to withdraw. +The amount withdrawn is deducted from the `ValidatorOutstandingRewards` variable for the validator. +Only integer amounts can be sent. If the accumulated awards have decimals, the amount is truncated before the withdrawal is sent, and the remainder is left to be withdrawn later. + +### FundCommunityPool + +:::warning + +This handler will return an error if an `ExternalCommunityPool` is used. + +::: + +This message sends coins directly from the sender to the community pool. + +The transaction fails if the amount cannot be transferred from the sender to the distribution module account. + +```go +func (k Keeper) FundCommunityPool(ctx context.Context, amount sdk.Coins, sender sdk.AccAddress) error { + if err := k.bankKeeper.SendCoinsFromAccountToModule(ctx, sender, types.ModuleName, amount); err != nil { + return err + } + + feePool, err := k.FeePool.Get(ctx) + if err != nil { + return err + } + + feePool.CommunityPool = feePool.CommunityPool.Add(sdk.NewDecCoinsFromCoins(amount...)...) + + if err := k.FeePool.Set(ctx, feePool); err != nil { + return err + } + + return nil +} +``` + +### Common distribution operations + +These operations take place during many different messages. + +#### Initialize delegation + +Each time a delegation is changed, the rewards are withdrawn and the delegation is reinitialized. +Initializing a delegation increments the validator period and keeps track of the starting period of the delegation. + +```go +// initialize starting info for a new delegation +func (k Keeper) initializeDelegation(ctx context.Context, val sdk.ValAddress, del sdk.AccAddress) { + // period has already been incremented - we want to store the period ended by this delegation action + previousPeriod := k.GetValidatorCurrentRewards(ctx, val).Period - 1 + + // increment reference count for the period we're going to track + k.incrementReferenceCount(ctx, val, previousPeriod) + + validator := k.stakingKeeper.Validator(ctx, val) + delegation := k.stakingKeeper.Delegation(ctx, del, val) + + // calculate delegation stake in tokens + // we don't store directly, so multiply delegation shares * (tokens per share) + // note: necessary to truncate so we don't allow withdrawing more rewards than owed + stake := validator.TokensFromSharesTruncated(delegation.GetShares()) + k.SetDelegatorStartingInfo(ctx, val, del, types.NewDelegatorStartingInfo(previousPeriod, stake, uint64(ctx.BlockHeight()))) +} +``` + +### MsgUpdateParams + +Distribution module params can be updated through `MsgUpdateParams`, which can be done using governance proposal and the signer will always be gov module account address. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/distribution/v1beta1/tx.proto#L133-L147 +``` + +The message handling can fail if: + +* signer is not the gov module account address. + +## Hooks + +Available hooks that can be called by and from this module. + +### Create or modify delegation distribution + +* triggered-by: `staking.MsgDelegate`, `staking.MsgBeginRedelegate`, `staking.MsgUndelegate` + +#### Before + +* The delegation rewards are withdrawn to the withdraw address of the delegator. + The rewards include the current period and exclude the starting period. +* The validator period is incremented. + The validator period is incremented because the validator's power and share distribution might have changed. +* The reference count for the delegator's starting period is decremented. + +#### After + +The starting height of the delegation is set to the previous period. +Because of the `Before`-hook, this period is the last period for which the delegator was rewarded. + +### Validator created + +* triggered-by: `staking.MsgCreateValidator` + +When a validator is created, the following validator variables are initialized: + +* Historical rewards +* Current accumulated rewards +* Accumulated commission +* Total outstanding rewards +* Period + +By default, all values are set to a `0`, except period, which is set to `1`. + +### Validator removed + +* triggered-by: `staking.RemoveValidator` + +Outstanding commission is sent to the validator's self-delegation withdrawal address. +Remaining delegator rewards get sent to the community fee pool. + +Note: The validator gets removed only when it has no remaining delegations. +At that time, all outstanding delegator rewards will have been withdrawn. +Any remaining rewards are dust amounts. + +### Validator is slashed + +* triggered-by: `staking.Slash` +* The current validator period reference count is incremented. + The reference count is incremented because the slash event has created a reference to it. +* The validator period is incremented. +* The slash event is stored for later use. + The slash event will be referenced when calculating delegator rewards. + +## Events + +The distribution module emits the following events: + +### BeginBlocker + +| Type | Attribute Key | Attribute Value | +|-----------------|---------------|--------------------| +| proposer_reward | validator | {validatorAddress} | +| proposer_reward | reward | {proposerReward} | +| commission | amount | {commissionAmount} | +| commission | validator | {validatorAddress} | +| rewards | amount | {rewardAmount} | +| rewards | validator | {validatorAddress} | + +### Handlers + +#### MsgSetWithdrawAddress + +| Type | Attribute Key | Attribute Value | +|----------------------|------------------|----------------------| +| set_withdraw_address | withdraw_address | {withdrawAddress} | +| message | module | distribution | +| message | action | set_withdraw_address | +| message | sender | {senderAddress} | + +#### MsgWithdrawDelegatorReward + +| Type | Attribute Key | Attribute Value | +|---------|---------------|---------------------------| +| withdraw_rewards | amount | {rewardAmount} | +| withdraw_rewards | validator | {validatorAddress} | +| message | module | distribution | +| message | action | withdraw_delegator_reward | +| message | sender | {senderAddress} | + +#### MsgWithdrawValidatorCommission + +| Type | Attribute Key | Attribute Value | +|------------|---------------|-------------------------------| +| withdraw_commission | amount | {commissionAmount} | +| message | module | distribution | +| message | action | withdraw_validator_commission | +| message | sender | {senderAddress} | + +## Parameters + +The distribution module contains the following parameters: + +| Key | Type | Example | +| ------------------- | ------------ | -------------------------- | +| communitytax | string (dec) | "0.020000000000000000" [0] | +| withdrawaddrenabled | bool | true | + +* [0] `communitytax` must be positive and cannot exceed 1.00. +* `baseproposerreward` and `bonusproposerreward` were parameters that are deprecated in v0.47 and are not used. + +:::note +The reserve pool is the pool of collected funds for use by governance taken via the `CommunityTax`. +Currently with the Cosmos SDK, tokens collected by the CommunityTax are accounted for but unspendable. +::: + +## Client + +## CLI + +A user can query and interact with the `distribution` module using the CLI. + +#### Query + +The `query` commands allow users to query `distribution` state. + +```shell +simd query distribution --help +``` + +##### commission + +The `commission` command allows users to query validator commission rewards by address. + +```shell +simd query distribution commission [address] [flags] +``` + +Example: + +```shell +simd query distribution commission cosmosvaloper1... +``` + +Example Output: + +```yml +commission: +- amount: "1000000.000000000000000000" + denom: stake +``` + +##### community-pool + +The `community-pool` command allows users to query all coin balances within the community pool. + +```shell +simd query distribution community-pool [flags] +``` + +Example: + +```shell +simd query distribution community-pool +``` + +Example Output: + +```yml +pool: +- amount: "1000000.000000000000000000" + denom: stake +``` + +##### params + +The `params` command allows users to query the parameters of the `distribution` module. + +```shell +simd query distribution params [flags] +``` + +Example: + +```shell +simd query distribution params +``` + +Example Output: + +```yml +base_proposer_reward: "0.000000000000000000" +bonus_proposer_reward: "0.000000000000000000" +community_tax: "0.020000000000000000" +withdraw_addr_enabled: true +``` + +##### rewards + +The `rewards` command allows users to query delegator rewards. Users can optionally include the validator address to query rewards earned from a specific validator. + +```shell +simd query distribution rewards [delegator-addr] [validator-addr] [flags] +``` + +Example: + +```shell +simd query distribution rewards cosmos1... +``` + +Example Output: + +```yml +rewards: +- reward: + - amount: "1000000.000000000000000000" + denom: stake + validator_address: cosmosvaloper1.. +total: +- amount: "1000000.000000000000000000" + denom: stake +``` + +##### slashes + +The `slashes` command allows users to query all slashes for a given block range. + +```shell +simd query distribution slashes [validator] [start-height] [end-height] [flags] +``` + +Example: + +```shell +simd query distribution slashes cosmosvaloper1... 1 1000 +``` + +Example Output: + +```yml +pagination: + next_key: null + total: "0" +slashes: +- validator_period: 20, + fraction: "0.009999999999999999" +``` + +##### validator-outstanding-rewards + +The `validator-outstanding-rewards` command allows users to query all outstanding (un-withdrawn) rewards for a validator and all their delegations. + +```shell +simd query distribution validator-outstanding-rewards [validator] [flags] +``` + +Example: + +```shell +simd query distribution validator-outstanding-rewards cosmosvaloper1... +``` + +Example Output: + +```yml +rewards: +- amount: "1000000.000000000000000000" + denom: stake +``` + +##### validator-distribution-info + +The `validator-distribution-info` command allows users to query validator commission and self-delegation rewards for validator. + +````shell +simd query distribution validator-distribution-info cosmosvaloper1... +``` + +Example Output: + +```yml +commission: +- amount: "100000.000000000000000000" + denom: stake +operator_address: cosmosvaloper1... +self_bond_rewards: +- amount: "100000.000000000000000000" + denom: stake +``` + +#### Transactions + +The `tx` commands allow users to interact with the `distribution` module. + +```shell +simd tx distribution --help +``` + +##### fund-community-pool + +The `fund-community-pool` command allows users to send funds to the community pool. + +```shell +simd tx distribution fund-community-pool [amount] [flags] +``` + +Example: + +```shell +simd tx distribution fund-community-pool 100stake --from cosmos1... +``` + +##### set-withdraw-addr + +The `set-withdraw-addr` command allows users to set the withdraw address for rewards associated with a delegator address. + +```shell +simd tx distribution set-withdraw-addr [withdraw-addr] [flags] +``` + +Example: + +```shell +simd tx distribution set-withdraw-addr cosmos1... --from cosmos1... +``` + +##### withdraw-all-rewards + +The `withdraw-all-rewards` command allows users to withdraw all rewards for a delegator. + +```shell +simd tx distribution withdraw-all-rewards [flags] +``` + +Example: + +```shell +simd tx distribution withdraw-all-rewards --from cosmos1... +``` + +##### withdraw-rewards + +The `withdraw-rewards` command allows users to withdraw all rewards from a given delegation address, +and optionally withdraw validator commission if the delegation address given is a validator operator and the user proves the `--commission` flag. + +```shell +simd tx distribution withdraw-rewards [validator-addr] [flags] +``` + +Example: + +```shell +simd tx distribution withdraw-rewards cosmosvaloper1... --from cosmos1... --commission +``` + +### gRPC + +A user can query the `distribution` module using gRPC endpoints. + +#### Params + +The `Params` endpoint allows users to query parameters of the `distribution` module. + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/Params +``` + +Example Output: + +```json +{ + "params": { + "communityTax": "20000000000000000", + "baseProposerReward": "00000000000000000", + "bonusProposerReward": "00000000000000000", + "withdrawAddrEnabled": true + } +} +``` + +#### ValidatorDistributionInfo + +The `ValidatorDistributionInfo` queries validator commission and self-delegation rewards for validator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"validator_address":"cosmosvalop1..."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/ValidatorDistributionInfo +``` + +Example Output: + +```json +{ + "commission": { + "commission": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] + }, + "self_bond_rewards": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ], + "validator_address": "cosmosvalop1..." +} +``` + +#### ValidatorOutstandingRewards + +The `ValidatorOutstandingRewards` endpoint allows users to query rewards of a validator address. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"validator_address":"cosmosvalop1.."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/ValidatorOutstandingRewards +``` + +Example Output: + +```json +{ + "rewards": { + "rewards": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] + } +} +``` + +#### ValidatorCommission + +The `ValidatorCommission` endpoint allows users to query accumulated commission for a validator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"validator_address":"cosmosvalop1.."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/ValidatorCommission +``` + +Example Output: + +```json +{ + "commission": { + "commission": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] + } +} +``` + +#### ValidatorSlashes + +The `ValidatorSlashes` endpoint allows users to query slash events of a validator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"validator_address":"cosmosvalop1.."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/ValidatorSlashes +``` + +Example Output: + +```json +{ + "slashes": [ + { + "validator_period": "20", + "fraction": "0.009999999999999999" + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### DelegationRewards + +The `DelegationRewards` endpoint allows users to query the total rewards accrued by a delegation. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"delegator_address":"cosmos1...","validator_address":"cosmosvalop1..."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/DelegationRewards +``` + +Example Output: + +```json +{ + "rewards": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] +} +``` + +#### DelegationTotalRewards + +The `DelegationTotalRewards` endpoint allows users to query the total rewards accrued by each validator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"delegator_address":"cosmos1..."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/DelegationTotalRewards +``` + +Example Output: + +```json +{ + "rewards": [ + { + "validatorAddress": "cosmosvaloper1...", + "reward": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] + } + ], + "total": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] +} +``` + +#### DelegatorValidators + +The `DelegatorValidators` endpoint allows users to query all validators for given delegator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"delegator_address":"cosmos1..."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/DelegatorValidators +``` + +Example Output: + +```json +{ + "validators": ["cosmosvaloper1..."] +} +``` + +#### DelegatorWithdrawAddress + +The `DelegatorWithdrawAddress` endpoint allows users to query the withdraw address of a delegator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"delegator_address":"cosmos1..."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/DelegatorWithdrawAddress +``` + +Example Output: + +```json +{ + "withdrawAddress": "cosmos1..." +} +``` + +#### CommunityPool + +The `CommunityPool` endpoint allows users to query the community pool coins. + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/CommunityPool +``` + +Example Output: + +```json +{ + "pool": [ + { + "denom": "stake", + "amount": "1000000000000000000" + } + ] +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/modules/epochs/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/modules/epochs/README.md new file mode 100644 index 00000000..7b0b0b28 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/modules/epochs/README.md @@ -0,0 +1,177 @@ +--- +sidebar_position: 1 +--- + +# `x/epochs` + +## Abstract + +Often in the SDK, we would like to run certain code every-so often. The +purpose of `epochs` module is to allow other modules to set that they +would like to be signaled once every period. So another module can +specify it wants to execute code once a week, starting at UTC-time = x. +`epochs` creates a generalized epoch interface to other modules so that +they can easily be signaled upon such events. + +## Contents + +1. **[Concept](#concepts)** +2. **[State](#state)** +3. **[Events](#events)** +4. **[Keeper](#keepers)** +5. **[Hooks](#hooks)** +6. **[Queries](#queries)** + +## Concepts + +The epochs module defines on-chain timers that execute at fixed time intervals. +Other SDK modules can then register logic to be executed at the timer ticks. +We refer to the period in between two timer ticks as an "epoch". + +Every timer has a unique identifier. +Every epoch will have a start time, and an end time, where `end time = start time + timer interval`. +On mainnet, we only utilize one identifier, with a time interval of `one day`. + +The timer will tick at the first block whose block time is greater than the timer end time, +and set the start as the prior timer end time. (Notably, it's not set to the block time!) +This means that if the chain has been down for a while, you will get one timer tick per block, +until the timer has caught up. + +## State + +The Epochs module keeps a single `EpochInfo` per identifier. +This contains the current state of the timer with the corresponding identifier. +Its fields are modified at every timer tick. +EpochInfos are initialized as part of genesis initialization or upgrade logic, +and are only modified on begin blockers. + +## Events + +The `epochs` module emits the following events: + +### BeginBlocker + +| Type | Attribute Key | Attribute Value | +| ----------- | ------------- | --------------- | +| epoch_start | epoch_number | {epoch_number} | +| epoch_start | start_time | {start_time} | + +### EndBlocker + +| Type | Attribute Key | Attribute Value | +| --------- | ------------- | --------------- | +| epoch_end | epoch_number | {epoch_number} | + +## Keepers + +### Keeper functions + +Epochs keeper module provides utility functions to manage epochs. + +## Hooks + +```go + // the first block whose timestamp is after the duration is counted as the end of the epoch + AfterEpochEnd(ctx sdk.Context, epochIdentifier string, epochNumber int64) + // new epoch is next block of epoch end block + BeforeEpochStart(ctx sdk.Context, epochIdentifier string, epochNumber int64) +``` + +### How modules receive hooks + +On hook receiver function of other modules, they need to filter +`epochIdentifier` and only do executions for only specific +epochIdentifier. Filtering epochIdentifier could be in `Params` of other +modules so that they can be modified by governance. + +This is the standard dev UX of this: + +```golang +func (k MyModuleKeeper) AfterEpochEnd(ctx sdk.Context, epochIdentifier string, epochNumber int64) { + params := k.GetParams(ctx) + if epochIdentifier == params.DistrEpochIdentifier { + // my logic + } +} +``` + +### Panic isolation + +If a given epoch hook panics, its state update is reverted, but we keep +proceeding through the remaining hooks. This allows more advanced epoch +logic to be used, without concern over state machine halting, or halting +subsequent modules. + +This does mean that if there is behavior you expect from a prior epoch +hook, and that epoch hook reverted, your hook may also have an issue. So +do keep in mind "what if a prior hook didn't get executed" in the safety +checks you consider for a new epoch hook. + +## Queries + +The Epochs module provides the following queries to check the module's state. + +```protobuf +service Query { + // EpochInfos provide running epochInfos + rpc EpochInfos(QueryEpochsInfoRequest) returns (QueryEpochsInfoResponse) {} + // CurrentEpoch provide current epoch of specified identifier + rpc CurrentEpoch(QueryCurrentEpochRequest) returns (QueryCurrentEpochResponse) {} +} +``` + +### Epoch Infos + +Query the currently running epochInfos + +```sh + query epochs epoch-infos +``` + +:::details Example + +An example output: + +```sh +epochs: +- current_epoch: "183" + current_epoch_start_height: "2438409" + current_epoch_start_time: "2021-12-18T17:16:09.898160996Z" + duration: 86400s + epoch_counting_started: true + identifier: day + start_time: "2021-06-18T17:00:00Z" +- current_epoch: "26" + current_epoch_start_height: "2424854" + current_epoch_start_time: "2021-12-17T17:02:07.229632445Z" + duration: 604800s + epoch_counting_started: true + identifier: week + start_time: "2021-06-18T17:00:00Z" +``` + +::: + +### Current Epoch + +Query the current epoch by the specified identifier + +```sh + query epochs current-epoch [identifier] +``` + +:::details Example + +Query the current `day` epoch: + +```sh + query epochs current-epoch day +``` + +Which in this example outputs: + +```sh +current_epoch: "183" +``` + +::: diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/modules/evidence/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/modules/evidence/README.md new file mode 100644 index 00000000..00c4abf4 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/modules/evidence/README.md @@ -0,0 +1,440 @@ +--- +sidebar_position: 1 +--- + +# `x/evidence` + +* [Concepts](#concepts) +* [State](#state) +* [Messages](#messages) +* [Events](#events) +* [Parameters](#parameters) +* [BeginBlock](#beginblock) +* [Client](#client) + * [CLI](#cli) + * [REST](#rest) + * [gRPC](#grpc) + +## Abstract + +`x/evidence` is an implementation of a Cosmos SDK module, per [ADR 009](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-009-evidence-module.md), +that allows for the submission and handling of arbitrary evidence of misbehavior such +as equivocation and counterfactual signing. + +The evidence module differs from standard evidence handling which typically expects the +underlying consensus engine, e.g. CometBFT, to automatically submit evidence when +it is discovered by allowing clients and foreign chains to submit more complex evidence +directly. + +All concrete evidence types must implement the `Evidence` interface contract. Submitted +`Evidence` is first routed through the evidence module's `Router` in which it attempts +to find a corresponding registered `Handler` for that specific `Evidence` type. +Each `Evidence` type must have a `Handler` registered with the evidence module's +keeper in order for it to be successfully routed and executed. + +Each corresponding handler must also fulfill the `Handler` interface contract. The +`Handler` for a given `Evidence` type can perform any arbitrary state transitions +such as slashing, jailing, and tombstoning. + +## Concepts + +### Evidence + +Any concrete type of evidence submitted to the `x/evidence` module must fulfill the +`Evidence` contract outlined below. Not all concrete types of evidence will fulfill +this contract in the same way and some data may be entirely irrelevant to certain +types of evidence. An additional `ValidatorEvidence`, which extends `Evidence`, +has also been created to define a contract for evidence against malicious validators. + +```go +// Evidence defines the contract which concrete evidence types of misbehavior +// must implement. +type Evidence interface { + proto.Message + + Route() string + String() string + Hash() []byte + ValidateBasic() error + + // Height at which the infraction occurred + GetHeight() int64 +} + +// ValidatorEvidence extends Evidence interface to define contract +// for evidence against malicious validators +type ValidatorEvidence interface { + Evidence + + // The consensus address of the malicious validator at time of infraction + GetConsensusAddress() sdk.ConsAddress + + // The total power of the malicious validator at time of infraction + GetValidatorPower() int64 + + // The total validator set power at time of infraction + GetTotalPower() int64 +} +``` + +### Registration & Handling + +The `x/evidence` module must first know about all types of evidence it is expected +to handle. This is accomplished by registering the `Route` method in the `Evidence` +contract with what is known as a `Router` (defined below). The `Router` accepts +`Evidence` and attempts to find the corresponding `Handler` for the `Evidence` +via the `Route` method. + +```go +type Router interface { + AddRoute(r string, h Handler) Router + HasRoute(r string) bool + GetRoute(path string) Handler + Seal() + Sealed() bool +} +``` + +The `Handler` (defined below) is responsible for executing the entirety of the +business logic for handling `Evidence`. This typically includes validating the +evidence, both stateless checks via `ValidateBasic` and stateful checks via any +keepers provided to the `Handler`. In addition, the `Handler` may also perform +capabilities such as slashing and jailing a validator. All `Evidence` handled +by the `Handler` should be persisted. + +```go +// Handler defines an agnostic Evidence handler. The handler is responsible +// for executing all corresponding business logic necessary for verifying the +// evidence as valid. In addition, the Handler may execute any necessary +// slashing and potential jailing. +type Handler func(context.Context, Evidence) error +``` + + +## State + +Currently the `x/evidence` module only stores valid submitted `Evidence` in state. +The evidence state is also stored and exported in the `x/evidence` module's `GenesisState`. + +```protobuf +// GenesisState defines the evidence module's genesis state. +message GenesisState { + // evidence defines all the evidence at genesis. + repeated google.protobuf.Any evidence = 1; +} + +``` + +All `Evidence` is retrieved and stored via a prefix `KVStore` using prefix `0x00` (`KeyPrefixEvidence`). + + +## Messages + +### MsgSubmitEvidence + +Evidence is submitted through a `MsgSubmitEvidence` message: + +```protobuf +// MsgSubmitEvidence represents a message that supports submitting arbitrary +// Evidence of misbehavior such as equivocation or counterfactual signing. +message MsgSubmitEvidence { + string submitter = 1; + google.protobuf.Any evidence = 2; +} +``` + +Note, the `Evidence` of a `MsgSubmitEvidence` message must have a corresponding +`Handler` registered with the `x/evidence` module's `Router` in order to be processed +and routed correctly. + +Given the `Evidence` is registered with a corresponding `Handler`, it is processed +as follows: + +```go +func SubmitEvidence(ctx Context, evidence Evidence) error { + if _, err := GetEvidence(ctx, evidence.Hash()); err == nil { + return errorsmod.Wrap(types.ErrEvidenceExists, strings.ToUpper(hex.EncodeToString(evidence.Hash()))) + } + if !router.HasRoute(evidence.Route()) { + return errorsmod.Wrap(types.ErrNoEvidenceHandlerExists, evidence.Route()) + } + + handler := router.GetRoute(evidence.Route()) + if err := handler(ctx, evidence); err != nil { + return errorsmod.Wrap(types.ErrInvalidEvidence, err.Error()) + } + + ctx.EventManager().EmitEvent( + sdk.NewEvent( + types.EventTypeSubmitEvidence, + sdk.NewAttribute(types.AttributeKeyEvidenceHash, strings.ToUpper(hex.EncodeToString(evidence.Hash()))), + ), + ) + + SetEvidence(ctx, evidence) + return nil +} +``` + +First, there must not already exist valid submitted `Evidence` of the exact same +type. Secondly, the `Evidence` is routed to the `Handler` and executed. Finally, +if there is no error in handling the `Evidence`, an event is emitted and it is persisted to state. + + +## Events + +The `x/evidence` module emits the following events: + +### Handlers + +#### MsgSubmitEvidence + +| Type | Attribute Key | Attribute Value | +| --------------- | ------------- | --------------- | +| submit_evidence | evidence_hash | {evidenceHash} | +| message | module | evidence | +| message | sender | {senderAddress} | +| message | action | submit_evidence | + + +## Parameters + +The evidence module does not contain any parameters. + + +## BeginBlock + +### Evidence Handling + +CometBFT blocks can include +[Evidence](https://github.com/cometbft/cometbft/blob/main/spec/abci/abci%2B%2B_basic_concepts.md#evidence) that indicates if a validator committed malicious behavior. The relevant information is forwarded to the application as ABCI Evidence in `abci.RequestBeginBlock` so that the validator can be punished accordingly. + +#### Equivocation + +The Cosmos SDK handles two types of evidence inside the ABCI `BeginBlock`: + +* `DuplicateVoteEvidence`, +* `LightClientAttackEvidence`. + +The evidence module handles these two evidence types the same way. First, the Cosmos SDK converts the CometBFT concrete evidence type to an SDK `Evidence` interface using `Equivocation` as the concrete type. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/evidence/v1beta1/evidence.proto#L12-L32 +``` + +For some `Equivocation` submitted in `block` to be valid, it must satisfy: + +`Evidence.Timestamp >= block.Timestamp - MaxEvidenceAge` + +Where: + +* `Evidence.Timestamp` is the timestamp in the block at height `Evidence.Height` +* `block.Timestamp` is the current block timestamp. + +If valid `Equivocation` evidence is included in a block, the validator's stake is +reduced (slashed) by `SlashFractionDoubleSign` as defined by the `x/slashing` module +of what their stake was when the infraction occurred, rather than when the evidence was discovered. +We want to "follow the stake", i.e., the stake that contributed to the infraction +should be slashed, even if it has since been redelegated or started unbonding. + +In addition, the validator is permanently jailed and tombstoned to make it impossible for that +validator to ever re-enter the validator set. + +The `Equivocation` evidence is handled as follows: + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/x/evidence/keeper/infraction.go#L26-L140 +``` + +**Note:** The slashing, jailing, and tombstoning calls are delegated through the `x/slashing` module +that emits informative events and finally delegates calls to the `x/staking` module. See documentation +on slashing and jailing in [State Transitions](../staking/README.md#state-transitions). + +## Client + +### CLI + +A user can query and interact with the `evidence` module using the CLI. + +#### Query + +The `query` commands allows users to query `evidence` state. + +```bash +simd query evidence --help +``` + +#### evidence + +The `evidence` command allows users to list all evidence or evidence by hash. + +Usage: + +```bash +simd query evidence evidence [flags] +``` + +To query evidence by hash + +Example: + +```bash +simd query evidence evidence "DF0C23E8634E480F84B9D5674A7CDC9816466DEC28A3358F73260F68D28D7660" +``` + +Example Output: + +```bash +evidence: + consensus_address: cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h + height: 11 + power: 100 + time: "2021-10-20T16:08:38.194017624Z" +``` + +To get all evidence + +Example: + +```bash +simd query evidence list +``` + +Example Output: + +```bash +evidence: + consensus_address: cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h + height: 11 + power: 100 + time: "2021-10-20T16:08:38.194017624Z" +pagination: + next_key: null + total: "1" +``` + +### REST + +A user can query the `evidence` module using REST endpoints. + +#### Evidence + +Get evidence by hash + +```bash +/cosmos/evidence/v1beta1/evidence/{hash} +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/evidence/v1beta1/evidence/DF0C23E8634E480F84B9D5674A7CDC9816466DEC28A3358F73260F68D28D7660" +``` + +Example Output: + +```bash +{ + "evidence": { + "consensus_address": "cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h", + "height": "11", + "power": "100", + "time": "2021-10-20T16:08:38.194017624Z" + } +} +``` + +#### All evidence + +Get all evidence + +```bash +/cosmos/evidence/v1beta1/evidence +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/evidence/v1beta1/evidence" +``` + +Example Output: + +```bash +{ + "evidence": [ + { + "consensus_address": "cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h", + "height": "11", + "power": "100", + "time": "2021-10-20T16:08:38.194017624Z" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### gRPC + +A user can query the `evidence` module using gRPC endpoints. + +#### Evidence + +Get evidence by hash + +```bash +cosmos.evidence.v1beta1.Query/Evidence +``` + +Example: + +```bash +grpcurl -plaintext -d '{"evidence_hash":"DF0C23E8634E480F84B9D5674A7CDC9816466DEC28A3358F73260F68D28D7660"}' localhost:9090 cosmos.evidence.v1beta1.Query/Evidence +``` + +Example Output: + +```bash +{ + "evidence": { + "consensus_address": "cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h", + "height": "11", + "power": "100", + "time": "2021-10-20T16:08:38.194017624Z" + } +} +``` + +#### All evidence + +Get all evidence + +```bash +cosmos.evidence.v1beta1.Query/AllEvidence +``` + +Example: + +```bash +grpcurl -plaintext localhost:9090 cosmos.evidence.v1beta1.Query/AllEvidence +``` + +Example Output: + +```bash +{ + "evidence": [ + { + "consensus_address": "cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h", + "height": "11", + "power": "100", + "time": "2021-10-20T16:08:38.194017624Z" + } + ], + "pagination": { + "total": "1" + } +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/modules/feegrant/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/modules/feegrant/README.md new file mode 100644 index 00000000..07524449 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/modules/feegrant/README.md @@ -0,0 +1,396 @@ +--- +sidebar_position: 1 +--- + +# `x/feegrant` + +## Abstract + +This document specifies the fee grant module. For the full ADR, please see [Fee Grant ADR-029](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-029-fee-grant-module.md). + +This module allows accounts to grant fee allowances and to use fees from their accounts. Grantees can execute any transaction without the need to maintain sufficient fees. + +## Contents + +* [Concepts](#concepts) +* [State](#state) + * [FeeAllowance](#feeallowance) + * [FeeAllowanceQueue](#feeallowancequeue) +* [Messages](#messages) + * [Msg/GrantAllowance](#msggrantallowance) + * [Msg/RevokeAllowance](#msgrevokeallowance) +* [Events](#events) +* [Msg Server](#msg-server) + * [MsgGrantAllowance](#msggrantallowance-1) + * [MsgRevokeAllowance](#msgrevokeallowance-1) + * [Exec fee allowance](#exec-fee-allowance) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + +## Concepts + +### Grant + +`Grant` is stored in the KVStore to record a grant with full context. Every grant will contain `granter`, `grantee` and what kind of `allowance` is granted. `granter` is an account address who is giving permission to `grantee` (the beneficiary account address) to pay for some or all of `grantee`'s transaction fees. `allowance` defines what kind of fee allowance (`BasicAllowance` or `PeriodicAllowance`, see below) is granted to `grantee`. `allowance` accepts an interface which implements `FeeAllowanceI`, encoded as `Any` type. There can be only one existing fee grant allowed for a `grantee` and `granter`, self grants are not allowed. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/feegrant.proto#L83-L93 +``` + +`FeeAllowanceI` looks like: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/feegrant/fees.go#L9-L32 +``` + +### Fee Allowance types + +There are two types of fee allowances present at the moment: + +* `BasicAllowance` +* `PeriodicAllowance` +* `AllowedMsgAllowance` + +### BasicAllowance + +`BasicAllowance` is permission for `grantee` to use fee from a `granter`'s account. If any of the `spend_limit` or `expiration` reaches its limit, the grant will be removed from the state. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/feegrant.proto#L15-L28 +``` + +* `spend_limit` is the limit of coins that are allowed to be used from the `granter` account. If it is empty, it assumes there's no spend limit, `grantee` can use any number of available coins from `granter` account address before the expiration. + +* `expiration` specifies an optional time when this allowance expires. If the value is left empty, there is no expiry for the grant. + +* When a grant is created with empty values for `spend_limit` and `expiration`, it is still a valid grant. It won't restrict the `grantee` to use any number of coins from `granter` and it won't have any expiration. The only way to restrict the `grantee` is by revoking the grant. + +### PeriodicAllowance + +`PeriodicAllowance` is a repeating fee allowance for the mentioned period, we can mention when the grant can expire as well as when a period can reset. We can also define the maximum number of coins that can be used in a mentioned period of time. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/feegrant.proto#L34-L68 +``` + +* `basic` is the instance of `BasicAllowance` which is optional for periodic fee allowance. If empty, the grant will have no `expiration` and no `spend_limit`. + +* `period` is the specific period of time, after each period passes, `period_can_spend` will be reset. + +* `period_spend_limit` specifies the maximum number of coins that can be spent in the period. + +* `period_can_spend` is the number of coins left to be spent before the period_reset time. + +* `period_reset` keeps track of when a next period reset should happen. + +### AllowedMsgAllowance + +`AllowedMsgAllowance` is a fee allowance, it can be any of `BasicFeeAllowance`, `PeriodicAllowance` but restricted only to the allowed messages mentioned by the granter. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/feegrant.proto#L70-L81 +``` + +* `allowance` is either `BasicAllowance` or `PeriodicAllowance`. + +* `allowed_messages` is array of messages allowed to execute the given allowance. + +### FeeGranter flag + +`feegrant` module introduces a `FeeGranter` flag for CLI for the sake of executing transactions with fee granter. When this flag is set, `clientCtx` will append the granter account address for transactions generated through CLI. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/client/cmd.go#L249-L260 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/client/tx/tx.go#L109-L109 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/auth/tx/builder.go#L275-L284 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/tx/v1beta1/tx.proto#L203-L224 +``` + +Example cmd: + +```go +./simd tx gov submit-proposal --title="Test Proposal" --description="My awesome proposal" --type="Text" --from validator-key --fee-granter=cosmos1xh44hxt7spr67hqaa7nyx5gnutrz5fraw6grxn --chain-id=testnet --fees="10stake" +``` + +### Granted Fee Deductions + +Fees are deducted from grants in the `x/auth` ante handler. To learn more about how ante handlers work, read the [Auth Module AnteHandlers Guide](../auth/README.md#antehandlers). + +### Gas + +In order to prevent DoS attacks, using a filtered `x/feegrant` incurs gas. The SDK must assure that the `grantee`'s transactions all conform to the filter set by the `granter`. The SDK does this by iterating over the allowed messages in the filter and charging 10 gas per filtered message. The SDK will then iterate over the messages being sent by the `grantee` to ensure the messages adhere to the filter, also charging 10 gas per message. The SDK will stop iterating and fail the transaction if it finds a message that does not conform to the filter. + +**WARNING**: The gas is charged against the granted allowance. Ensure your messages conform to the filter, if any, before sending transactions using your allowance. + +### Pruning + +A queue in the state maintained with the prefix of expiration of the grants and checks them on EndBlock with the current block time for every block to prune. + +## State + +### FeeAllowance + +Fee Allowances are identified by combining `Grantee` (the account address of fee allowance grantee) with the `Granter` (the account address of fee allowance granter). + +Fee allowance grants are stored in the state as follows: + +* Grant: `0x00 | grantee_addr_len (1 byte) | grantee_addr_bytes | granter_addr_len (1 byte) | granter_addr_bytes -> ProtocolBuffer(Grant)` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/x/feegrant/feegrant.pb.go#L222-L230 +``` + +### FeeAllowanceQueue + +Fee Allowances queue items are identified by combining the `FeeAllowancePrefixQueue` (i.e., 0x01), `expiration`, `grantee` (the account address of fee allowance grantee), `granter` (the account address of fee allowance granter). Endblocker checks `FeeAllowanceQueue` state for the expired grants and prunes them from `FeeAllowance` if there are any found. + +Fee allowance queue keys are stored in the state as follows: + +* Grant: `0x01 | expiration_bytes | grantee_addr_len (1 byte) | grantee_addr_bytes | granter_addr_len (1 byte) | granter_addr_bytes -> EmptyBytes` + +## Messages + +### Msg/GrantAllowance + +A fee allowance grant will be created with the `MsgGrantAllowance` message. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/tx.proto#L25-L39 +``` + +### Msg/RevokeAllowance + +An allowed grant fee allowance can be removed with the `MsgRevokeAllowance` message. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/tx.proto#L41-L54 +``` + +## Events + +The feegrant module emits the following events: + +## Msg Server + +### MsgGrantAllowance + +| Type | Attribute Key | Attribute Value | +| ------- | ------------- | ---------------- | +| message | action | set_feegrant | +| message | granter | {granterAddress} | +| message | grantee | {granteeAddress} | + +### MsgRevokeAllowance + +| Type | Attribute Key | Attribute Value | +| ------- | ------------- | ---------------- | +| message | action | revoke_feegrant | +| message | granter | {granterAddress} | +| message | grantee | {granteeAddress} | + +### Exec fee allowance + +| Type | Attribute Key | Attribute Value | +| ------- | ------------- | ---------------- | +| message | action | use_feegrant | +| message | granter | {granterAddress} | +| message | grantee | {granteeAddress} | + +### Prune fee allowances + +| Type | Attribute Key | Attribute Value | +| ------- | ------------- | ---------------- | +| message | action | prune_feegrant | +| message | pruner | {prunerAddress} | + + +## Client + +### CLI + +A user can query and interact with the `feegrant` module using the CLI. + +#### Query + +The `query` commands allow users to query `feegrant` state. + +```shell +simd query feegrant --help +``` + +##### grant + +The `grant` command allows users to query a grant for a given granter-grantee pair. + +```shell +simd query feegrant grant [granter] [grantee] [flags] +``` + +Example: + +```shell +simd query feegrant grant cosmos1.. cosmos1.. +``` + +Example Output: + +```yml +allowance: + '@type': /cosmos.feegrant.v1beta1.BasicAllowance + expiration: null + spend_limit: + - amount: "100" + denom: stake +grantee: cosmos1.. +granter: cosmos1.. +``` + +##### grants + +The `grants` command allows users to query all grants for a given grantee. + +```shell +simd query feegrant grants [grantee] [flags] +``` + +Example: + +```shell +simd query feegrant grants cosmos1.. +``` + +Example Output: + +```yml +allowances: +- allowance: + '@type': /cosmos.feegrant.v1beta1.BasicAllowance + expiration: null + spend_limit: + - amount: "100" + denom: stake + grantee: cosmos1.. + granter: cosmos1.. +pagination: + next_key: null + total: "0" +``` + +#### Transactions + +The `tx` commands allow users to interact with the `feegrant` module. + +```shell +simd tx feegrant --help +``` + +##### grant + +The `grant` command allows users to grant fee allowances to another account. The fee allowance can have an expiration date, a total spend limit, and/or a periodic spend limit. + +```shell +simd tx feegrant grant [granter] [grantee] [flags] +``` + +Example (one-time spend limit): + +```shell +simd tx feegrant grant cosmos1.. cosmos1.. --spend-limit 100stake +``` + +Example (periodic spend limit): + +```shell +simd tx feegrant grant cosmos1.. cosmos1.. --period 3600 --period-limit 10stake +``` + +##### revoke + +The `revoke` command allows users to revoke a granted fee allowance. + +```shell +simd tx feegrant revoke [granter] [grantee] [flags] +``` + +Example: + +```shell +simd tx feegrant revoke cosmos1.. cosmos1.. +``` + +### gRPC + +A user can query the `feegrant` module using gRPC endpoints. + +#### Allowance + +The `Allowance` endpoint allows users to query a granted fee allowance. + +```shell +cosmos.feegrant.v1beta1.Query/Allowance +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"grantee":"cosmos1..","granter":"cosmos1.."}' \ + localhost:9090 \ + cosmos.feegrant.v1beta1.Query/Allowance +``` + +Example Output: + +```json +{ + "allowance": { + "granter": "cosmos1..", + "grantee": "cosmos1..", + "allowance": {"@type":"/cosmos.feegrant.v1beta1.BasicAllowance","spendLimit":[{"denom":"stake","amount":"100"}]} + } +} +``` + +#### Allowances + +The `Allowances` endpoint allows users to query all granted fee allowances for a given grantee. + +```shell +cosmos.feegrant.v1beta1.Query/Allowances +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"address":"cosmos1.."}' \ + localhost:9090 \ + cosmos.feegrant.v1beta1.Query/Allowances +``` + +Example Output: + +```json +{ + "allowances": [ + { + "granter": "cosmos1..", + "grantee": "cosmos1..", + "allowance": {"@type":"/cosmos.feegrant.v1beta1.BasicAllowance","spendLimit":[{"denom":"stake","amount":"100"}]} + } + ], + "pagination": { + "total": "1" + } +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/modules/genutil/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/modules/genutil/README.md new file mode 100644 index 00000000..45cb4535 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/modules/genutil/README.md @@ -0,0 +1,89 @@ +# `x/genutil` + +## Concepts + +The `genutil` package contains a variety of genesis utility functionalities for usage within a blockchain application. Namely: + +* Genesis transactions related (gentx) +* Commands for collection and creation of gentxs +* `InitChain` processing of gentxs +* Genesis file creation +* Genesis file validation +* Genesis file migration +* CometBFT related initialization + * Translation of an app genesis to a CometBFT genesis + +## Genesis + +Genutil contains the data structure that defines an application genesis. +An application genesis consist of a consensus genesis (g.e. CometBFT genesis) and application related genesis data. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-rc.0/x/genutil/types/genesis.go#L24-L34 +``` + +The application genesis can then be translated to the consensus engine to the right format: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-rc.0/x/genutil/types/genesis.go#L126-L136 +``` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-rc.0/server/start.go#L397-L407 +``` + +## Client + +### CLI + +The genutil commands are available under the `genesis` subcommand. + +#### add-genesis-account + +Add a genesis account to `genesis.json`. Learn more [here](https://docs.cosmos.network/main/run-node/run-node#adding-genesis-accounts). + +#### collect-gentxs + +Collect genesis txs and output a `genesis.json` file. + +```shell +simd genesis collect-gentxs +``` + +This will create a new `genesis.json` file that includes data from all the validators (we sometimes call it the "super genesis file" to distinguish it from single-validator genesis files). + +#### gentx + +Generate a genesis tx carrying a self delegation. + +```shell +simd genesis gentx [key_name] [amount] --chain-id [chain-id] +``` + +This will create the genesis transaction for your new chain. Here `amount` should be at least `1000000000stake`. +If you provide too much or too little, you will encounter an error when starting a node. + +#### migrate + +Migrate genesis to a specified target (SDK) version. + +```shell +simd genesis migrate [target-version] +``` + +:::tip +The `migrate` command is extensible and takes a `MigrationMap`. This map is a mapping of target versions to genesis migrations functions. +When not using the default `MigrationMap`, it is recommended to still call the default `MigrationMap` corresponding the SDK version of the chain and prepend/append your own genesis migrations. +::: + +#### validate-genesis + +Validates the genesis file at the default location or at the location passed as an argument. + +```shell +simd genesis validate-genesis +``` + +:::warning +Validate genesis only validates if the genesis is valid at the **current application binary**. For validating a genesis from a previous version of the application, use the `migrate` command to migrate the genesis to the current version. +::: diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/modules/gov/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/modules/gov/README.md new file mode 100644 index 00000000..66979627 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/modules/gov/README.md @@ -0,0 +1,2588 @@ +--- +sidebar_position: 1 +--- + +# `x/gov` + +## Abstract + +This paper specifies the Governance module of the Cosmos SDK, which was first +described in the [Cosmos Whitepaper](https://cosmos.network/about/whitepaper) in +June 2016. + +The module enables Cosmos SDK based blockchain to support an on-chain governance +system. In this system, holders of the native staking token of the chain can vote +on proposals on a 1 token 1 vote basis. Next is a list of features the module +currently supports: + +* **Proposal submission:** Users can submit proposals with a deposit. Once the +minimum deposit is reached, the proposal enters voting period. The minimum deposit can be reached by collecting deposits from different users (including proposer) within deposit period. +* **Vote:** Participants can vote on proposals that reached MinDeposit and entered voting period. +* **Inheritance and penalties:** Delegators inherit their validator's vote if +they don't vote themselves. +* **Claiming deposit:** Users that deposited on proposals can recover their +deposits if the proposal was accepted or rejected. If the proposal was vetoed, or never entered voting period (minimum deposit not reached within deposit period), the deposit is burned. + +This module is in use on the Cosmos Hub (a.k.a [gaia](https://github.com/cosmos/gaia)). +Features that may be added in the future are described in [Future Improvements](#future-improvements). + +## Contents + +The following specification uses *ATOM* as the native staking token. The module +can be adapted to any Proof-Of-Stake blockchain by replacing *ATOM* with the native +staking token of the chain. + +* [Concepts](#concepts) + * [Proposal submission](#proposal-submission) + * [Deposit](#deposit) + * [Vote](#vote) + * [Software Upgrade](#software-upgrade) +* [State](#state) + * [Proposals](#proposals) + * [Parameters and base types](#parameters-and-base-types) + * [Deposit](#deposit-1) + * [ValidatorGovInfo](#validatorgovinfo) + * [Stores](#stores) + * [Proposal Processing Queue](#proposal-processing-queue) + * [Legacy Proposal](#legacy-proposal) +* [Messages](#messages) + * [Proposal Submission](#proposal-submission-1) + * [Deposit](#deposit-2) + * [Vote](#vote-1) +* [Events](#events) + * [EndBlocker](#endblocker) + * [Handlers](#handlers) +* [Parameters](#parameters) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) +* [Metadata](#metadata) + * [Proposal](#proposal-3) + * [Vote](#vote-5) +* [Future Improvements](#future-improvements) + +## Concepts + +*Disclaimer: This is work in progress. Mechanisms are susceptible to change.* + +The governance process is divided in a few steps that are outlined below: + +* **Proposal submission:** Proposal is submitted to the blockchain with a + deposit. +* **Vote:** Once deposit reaches a certain value (`MinDeposit`), proposal is + confirmed and vote opens. Bonded Atom holders can then send `TxGovVote` + transactions to vote on the proposal. +* **Execution** After a period of time, the votes are tallied and depending + on the result, the messages in the proposal will be executed. + +### Proposal submission + +#### Right to submit a proposal + +Every account can submit proposals by sending a `MsgSubmitProposal` transaction. +Once a proposal is submitted, it is identified by its unique `proposalID`. + +#### Proposal Messages + +A proposal includes an array of `sdk.Msg`s which are executed automatically if the +proposal passes. The messages are executed by the governance `ModuleAccount` itself. Modules +such as `x/upgrade`, that want to allow certain messages to be executed by governance +only should add a whitelist within the respective msg server, granting the governance +module the right to execute the message once a quorum has been reached. The governance +module uses the `MsgServiceRouter` to check that these messages are correctly constructed +and have a respective path to execute on but do not perform a full validity check. + +### Deposit + +To prevent spam, proposals must be submitted with a deposit in the coins defined by +the `MinDeposit` param. + +When a proposal is submitted, it has to be accompanied with a deposit that must be +strictly positive, but can be inferior to `MinDeposit`. The submitter doesn't need +to pay for the entire deposit on their own. The newly created proposal is stored in +an *inactive proposal queue* and stays there until its deposit passes the `MinDeposit`. +Other token holders can increase the proposal's deposit by sending a `Deposit` +transaction. If a proposal doesn't pass the `MinDeposit` before the deposit end time +(the time when deposits are no longer accepted), the proposal will be destroyed: the +proposal will be removed from state and the deposit will be burned (see x/gov `EndBlocker`). +When a proposal deposit passes the `MinDeposit` threshold (even during the proposal +submission) before the deposit end time, the proposal will be moved into the +*active proposal queue* and the voting period will begin. + +The deposit is kept in escrow and held by the governance `ModuleAccount` until the +proposal is finalized (passed or rejected). + +#### Deposit refund and burn + +When a proposal is finalized, the coins from the deposit are either refunded or burned +according to the final tally of the proposal: + +* If the proposal is approved or rejected but *not* vetoed, each deposit will be + automatically refunded to its respective depositor (transferred from the governance + `ModuleAccount`). +* When the proposal is vetoed with greater than 1/3, deposits will be burned from the + governance `ModuleAccount` and the proposal information along with its deposit + information will be removed from state. +* All refunded or burned deposits are removed from the state. Events are issued when + burning or refunding a deposit. + +### Vote + +#### Participants + +*Participants* are users that have the right to vote on proposals. On the +Cosmos Hub, participants are bonded Atom holders. Unbonded Atom holders and +other users do not get the right to participate in governance. However, they +can submit and deposit on proposals. + +Note that when *participants* have bonded and unbonded Atoms, their voting power is calculated from their bonded Atom holdings only. + +#### Voting period + +Once a proposal reaches `MinDeposit`, it immediately enters `Voting period`. We +define `Voting period` as the interval between the moment the vote opens and +the moment the vote closes. The initial value of `Voting period` is 2 weeks. + +#### Option set + +The option set of a proposal refers to the set of choices a participant can +choose from when casting its vote. + +The initial option set includes the following options: + +* `Yes` +* `No` +* `NoWithVeto` +* `Abstain` + +`NoWithVeto` counts as `No` but also adds a `Veto` vote. `Abstain` option +allows voters to signal that they do not intend to vote in favor or against the +proposal but accept the result of the vote. + +*Note: from the UI, for urgent proposals we should maybe add a ‘Not Urgent’ option that casts a `NoWithVeto` vote.* + +#### Weighted Votes + +[ADR-037](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-037-gov-split-vote.md) introduces the weighted vote feature which allows a staker to split their votes into several voting options. For example, it could use 70% of its voting power to vote Yes and 30% of its voting power to vote No. + +Often times the entity owning that address might not be a single individual. For example, a company might have different stakeholders who want to vote differently, and so it makes sense to allow them to split their voting power. Currently, it is not possible for them to do "passthrough voting" and giving their users voting rights over their tokens. However, with this system, exchanges can poll their users for voting preferences, and then vote on-chain proportionally to the results of the poll. + +To represent weighted vote on chain, we use the following Protobuf message. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1beta1/gov.proto#L34-L47 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1beta1/gov.proto#L181-L201 +``` + +For a weighted vote to be valid, the `options` field must not contain duplicate vote options, and the sum of weights of all options must be equal to 1. + +#### Custom Vote Calculation + +Cosmos SDK v0.53.0 introduced an option for developers to define a custom vote result and voting power calculation function. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/x/gov/keeper/tally.go#L15-L24 +``` + +This gives developers a more expressive way to handle governance on their appchains. +Developers can now build systems with: + +- Quadratic Voting +- Time-weighted Voting +- Reputation-Based voting + +##### Example + +```go +func myCustomVotingFunction( + ctx context.Context, + k Keeper, + proposal v1.Proposal, + validators map[string]v1.ValidatorGovInfo, +) (totalVoterPower math.LegacyDec, results map[v1.VoteOption]math.LegacyDec, err error) { + // ... tally logic +} + +govKeeper := govkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[govtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + app.StakingKeeper, + app.DistrKeeper, + app.MsgServiceRouter(), + govConfig, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + govkeeper.WithCustomCalculateVoteResultsAndVotingPowerFn(myCustomVotingFunction), +) +``` + +### Quorum + +Quorum is defined as the minimum percentage of voting power that needs to be +cast on a proposal for the result to be valid. + +### Expedited Proposals + +A proposal can be expedited, making the proposal use shorter voting duration and a higher tally threshold by its default. If an expedited proposal fails to meet the threshold within the scope of shorter voting duration, the expedited proposal is then converted to a regular proposal and restarts voting under regular voting conditions. + +#### Threshold + +Threshold is defined as the minimum proportion of `Yes` votes (excluding +`Abstain` votes) for the proposal to be accepted. + +Initially, the threshold is set at 50% of `Yes` votes, excluding `Abstain` +votes. A possibility to veto exists if more than 1/3rd of all votes are +`NoWithVeto` votes. Note, both of these values are derived from the `TallyParams` +on-chain parameter, which is modifiable by governance. +This means that proposals are accepted iff: + +* There exist bonded tokens. +* Quorum has been achieved. +* The proportion of `Abstain` votes is inferior to 1/1. +* The proportion of `NoWithVeto` votes is inferior to 1/3, including + `Abstain` votes. +* The proportion of `Yes` votes, excluding `Abstain` votes, at the end of + the voting period is superior to 1/2. + +For expedited proposals, by default, the threshold is higher than with a *normal proposal*, namely, 66.7%. + +#### Inheritance + +If a delegator does not vote, it will inherit its validator vote. + +* If the delegator votes before its validator, it will not inherit from the + validator's vote. +* If the delegator votes after its validator, it will override its validator + vote with its own. If the proposal is urgent, it is possible + that the vote will close before delegators have a chance to react and + override their validator's vote. This is not a problem, as proposals require more than 2/3rd of the total voting power to pass, when tallied at the end of the voting period. Because as little as 1/3 + 1 validation power could collude to censor transactions, non-collusion is already assumed for ranges exceeding this threshold. + +#### Validator’s punishment for non-voting + +At present, validators are not punished for failing to vote. + +#### Governance address + +Later, we may add permissioned keys that could only sign txs from certain modules. For the MVP, the `Governance address` will be the main validator address generated at account creation. This address corresponds to a different PrivKey than the CometBFT PrivKey which is responsible for signing consensus messages. Validators thus do not have to sign governance transactions with the sensitive CometBFT PrivKey. + +#### Burnable Params + +There are three parameters that define if the deposit of a proposal should be burned or returned to the depositors. + +* `BurnVoteVeto` burns the proposal deposit if the proposal gets vetoed. +* `BurnVoteQuorum` burns the proposal deposit if the proposal deposit if the vote does not reach quorum. +* `BurnProposalDepositPrevote` burns the proposal deposit if it does not enter the voting phase. + +> Note: These parameters are modifiable via governance. + +## State + +### Constitution + +`Constitution` is found in the genesis state. It is a string field intended to be used to descibe the purpose of a particular blockchain, and its expected norms. A few examples of how the constitution field can be used: + +* define the purpose of the chain, laying a foundation for its future development +* set expectations for delegators +* set expectations for validators +* define the chain's relationship to "meatspace" entities, like a foundation or corporation + +Since this is more of a social feature than a technical feature, we'll now get into some items that may have been useful to have in a genesis constitution: + +* What limitations on governance exist, if any? + * is it okay for the community to slash the wallet of a whale that they no longer feel that they want around? (viz: Juno Proposal 4 and 16) + * can governance "socially slash" a validator who is using unapproved MEV? (viz: commonwealth.im/osmosis) + * In the event of an economic emergency, what should validators do? + * Terra crash of May, 2022, saw validators choose to run a new binary with code that had not been approved by governance, because the governance token had been inflated to nothing. +* What is the purpose of the chain, specifically? + * best example of this is the Cosmos hub, where different founding groups, have different interpertations of the purpose of the network. + +This genesis entry, "constitution" hasn't been designed for existing chains, who should likely just ratify a constitution using their governance system. Instead, this is for new chains. It will allow for validators to have a much clearer idea of purpose and the expecations placed on them while operating thier nodes. Likewise, for community members, the constitution will give them some idea of what to expect from both the "chain team" and the validators, respectively. + +This constitution is designed to be immutable, and placed only in genesis, though that could change over time by a pull request to the cosmos-sdk that allows for the constitution to be changed by governance. Communities whishing to make amendments to their original constitution should use the governance mechanism and a "signaling proposal" to do exactly that. + +**Ideal use scenario for a cosmos chain constitution** + +As a chain developer, you decide that you'd like to provide clarity to your key user groups: + +* validators +* token holders +* developers (yourself) + +You use the constitution to immutably store some Markdown in genesis, so that when difficult questions come up, the constutituon can provide guidance to the community. + +### Proposals + +`Proposal` objects are used to tally votes and generally track the proposal's state. +They contain an array of arbitrary `sdk.Msg`'s which the governance module will attempt +to resolve and then execute if the proposal passes. `Proposal`'s are identified by a +unique id and contains a series of timestamps: `submit_time`, `deposit_end_time`, +`voting_start_time`, `voting_end_time` which track the lifecycle of a proposal + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/gov.proto#L51-L99 +``` + +A proposal will generally require more than just a set of messages to explain its +purpose but need some greater justification and allow a means for interested participants +to discuss and debate the proposal. +In most cases, **it is encouraged to have an off-chain system that supports the on-chain governance process**. +To accommodate for this, a proposal contains a special **`metadata`** field, a string, +which can be used to add context to the proposal. The `metadata` field allows custom use for networks, +however, it is expected that the field contains a URL or some form of CID using a system such as +[IPFS](https://docs.ipfs.io/concepts/content-addressing/). To support the case of +interoperability across networks, the SDK recommends that the `metadata` represents +the following `JSON` template: + +```json +{ + "title": "...", + "description": "...", + "forum": "...", // a link to the discussion platform (i.e. Discord) + "other": "..." // any extra data that doesn't correspond to the other fields +} +``` + +This makes it far easier for clients to support multiple networks. + +The metadata has a maximum length that is chosen by the app developer, and +passed into the gov keeper as a config. The default maximum length in the SDK is 255 characters. + +#### Writing a module that uses governance + +There are many aspects of a chain, or of the individual modules that you may want to +use governance to perform such as changing various parameters. This is very simple +to do. First, write out your message types and `MsgServer` implementation. Add an +`authority` field to the keeper which will be populated in the constructor with the +governance module account: `govKeeper.GetGovernanceAccount().GetAddress()`. Then for +the methods in the `msg_server.go`, perform a check on the message that the signer +matches `authority`. This will prevent any user from executing that message. + +### Parameters and base types + +`Parameters` define the rules according to which votes are run. There can only +be one active parameter set at any given time. If governance wants to change a +parameter set, either to modify a value or add/remove a parameter field, a new +parameter set has to be created and the previous one rendered inactive. + +#### DepositParams + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/gov.proto#L152-L162 +``` + +#### VotingParams + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/gov.proto#L164-L168 +``` + +#### TallyParams + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/gov.proto#L170-L182 +``` + +Parameters are stored in a global `GlobalParams` KVStore. + +Additionally, we introduce some basic types: + +```go +type Vote byte + +const ( + VoteYes = 0x1 + VoteNo = 0x2 + VoteNoWithVeto = 0x3 + VoteAbstain = 0x4 +) + +type ProposalType string + +const ( + ProposalTypePlainText = "Text" + ProposalTypeSoftwareUpgrade = "SoftwareUpgrade" +) + +type ProposalStatus byte + + +const ( + StatusNil ProposalStatus = 0x00 + StatusDepositPeriod ProposalStatus = 0x01 // Proposal is submitted. Participants can deposit on it but not vote + StatusVotingPeriod ProposalStatus = 0x02 // MinDeposit is reached, participants can vote + StatusPassed ProposalStatus = 0x03 // Proposal passed and successfully executed + StatusRejected ProposalStatus = 0x04 // Proposal has been rejected + StatusFailed ProposalStatus = 0x05 // Proposal passed but failed execution +) +``` + +### Deposit + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/gov.proto#L38-L49 +``` + +### ValidatorGovInfo + +This type is used in a temp map when tallying + +```go + type ValidatorGovInfo struct { + Minus sdk.Dec + Vote Vote + } +``` + +## Stores + +:::note +Stores are KVStores in the multi-store. The key to find the store is the first parameter in the list +::: + +We will use one KVStore `Governance` to store four mappings: + +* A mapping from `proposalID|'proposal'` to `Proposal`. +* A mapping from `proposalID|'addresses'|address` to `Vote`. This mapping allows + us to query all addresses that voted on the proposal along with their vote by + doing a range query on `proposalID:addresses`. +* A mapping from `ParamsKey|'Params'` to `Params`. This map allows to query all + x/gov params. +* A mapping from `VotingPeriodProposalKeyPrefix|proposalID` to a single byte. This allows + us to know if a proposal is in the voting period or not with very low gas cost. + +For pseudocode purposes, here are the two function we will use to read or write in stores: + +* `load(StoreKey, Key)`: Retrieve item stored at key `Key` in store found at key `StoreKey` in the multistore +* `store(StoreKey, Key, value)`: Write value `Value` at key `Key` in store found at key `StoreKey` in the multistore + +### Proposal Processing Queue + +**Store:** + +* `ProposalProcessingQueue`: A queue `queue[proposalID]` containing all the + `ProposalIDs` of proposals that reached `MinDeposit`. During each `EndBlock`, + all the proposals that have reached the end of their voting period are processed. + To process a finished proposal, the application tallies the votes, computes the + votes of each validator and checks if every validator in the validator set has + voted. If the proposal is accepted, deposits are refunded. Finally, the proposal + content `Handler` is executed. + +And the pseudocode for the `ProposalProcessingQueue`: + +```go + in EndBlock do + + for finishedProposalID in GetAllFinishedProposalIDs(block.Time) + proposal = load(Governance, ) // proposal is a const key + + validators = Keeper.getAllValidators() + tmpValMap := map(sdk.AccAddress)ValidatorGovInfo + + // Initiate mapping at 0. This is the amount of shares of the validator's vote that will be overridden by their delegator's votes + for each validator in validators + tmpValMap(validator.OperatorAddr).Minus = 0 + + // Tally + voterIterator = rangeQuery(Governance, ) //return all the addresses that voted on the proposal + for each (voterAddress, vote) in voterIterator + delegations = stakingKeeper.getDelegations(voterAddress) // get all delegations for current voter + + for each delegation in delegations + // make sure delegation.Shares does NOT include shares being unbonded + tmpValMap(delegation.ValidatorAddr).Minus += delegation.Shares + proposal.updateTally(vote, delegation.Shares) + + _, isVal = stakingKeeper.getValidator(voterAddress) + if (isVal) + tmpValMap(voterAddress).Vote = vote + + tallyingParam = load(GlobalParams, 'TallyingParam') + + // Update tally if validator voted + for each validator in validators + if tmpValMap(validator).HasVoted + proposal.updateTally(tmpValMap(validator).Vote, (validator.TotalShares - tmpValMap(validator).Minus)) + + + + // Check if proposal is accepted or rejected + totalNonAbstain := proposal.YesVotes + proposal.NoVotes + proposal.NoWithVetoVotes + if (proposal.Votes.YesVotes/totalNonAbstain > tallyingParam.Threshold AND proposal.Votes.NoWithVetoVotes/totalNonAbstain < tallyingParam.Veto) + // proposal was accepted at the end of the voting period + // refund deposits (non-voters already punished) + for each (amount, depositor) in proposal.Deposits + depositor.AtomBalance += amount + + stateWriter, err := proposal.Handler() + if err != nil + // proposal passed but failed during state execution + proposal.CurrentStatus = ProposalStatusFailed + else + // proposal pass and state is persisted + proposal.CurrentStatus = ProposalStatusAccepted + stateWriter.save() + else + // proposal was rejected + proposal.CurrentStatus = ProposalStatusRejected + + store(Governance, , proposal) +``` + +### Legacy Proposal + +:::warning +Legacy proposals are deprecated. Use the new proposal flow by granting the governance module the right to execute the message. +::: + +A legacy proposal is the old implementation of governance proposal. +Contrary to proposal that can contain any messages, a legacy proposal allows to submit a set of pre-defined proposals. +These proposals are defined by their types and handled by handlers that are registered in the gov v1beta1 router. + +More information on how to submit proposals in the [client section](#client). + +## Messages + +### Proposal Submission + +Proposals can be submitted by any account via a `MsgSubmitProposal` transaction. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/tx.proto#L42-L69 +``` + +All `sdk.Msgs` passed into the `messages` field of a `MsgSubmitProposal` message +must be registered in the app's `MsgServiceRouter`. Each of these messages must +have one signer, namely the gov module account. And finally, the metadata length +must not be larger than the `maxMetadataLen` config passed into the gov keeper. +The `initialDeposit` must be strictly positive and conform to the accepted denom of the `MinDeposit` param. + +**State modifications:** + +* Generate new `proposalID` +* Create new `Proposal` +* Initialise `Proposal`'s attributes +* Decrease balance of sender by `InitialDeposit` +* If `MinDeposit` is reached: + * Push `proposalID` in `ProposalProcessingQueue` +* Transfer `InitialDeposit` from the `Proposer` to the governance `ModuleAccount` + +### Deposit + +Once a proposal is submitted, if `Proposal.TotalDeposit < ActiveParam.MinDeposit`, Atom holders can send +`MsgDeposit` transactions to increase the proposal's deposit. + +A deposit is accepted iff: + +* The proposal exists +* The proposal is not in the voting period +* The deposited coins are conform to the accepted denom from the `MinDeposit` param + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/tx.proto#L134-L147 +``` + +**State modifications:** + +* Decrease balance of sender by `deposit` +* Add `deposit` of sender in `proposal.Deposits` +* Increase `proposal.TotalDeposit` by sender's `deposit` +* If `MinDeposit` is reached: + * Push `proposalID` in `ProposalProcessingQueueEnd` +* Transfer `Deposit` from the `proposer` to the governance `ModuleAccount` + +### Vote + +Once `ActiveParam.MinDeposit` is reached, voting period starts. From there, +bonded Atom holders are able to send `MsgVote` transactions to cast their +vote on the proposal. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/tx.proto#L92-L108 +``` + +**State modifications:** + +* Record `Vote` of sender + +:::note +Gas cost for this message has to take into account the future tallying of the vote in EndBlocker. +::: + +## Events + +The governance module emits the following events: + +### EndBlocker + +| Type | Attribute Key | Attribute Value | +|-------------------|-----------------|------------------| +| inactive_proposal | proposal_id | {proposalID} | +| inactive_proposal | proposal_result | {proposalResult} | +| active_proposal | proposal_id | {proposalID} | +| active_proposal | proposal_result | {proposalResult} | + +### Handlers + +#### MsgSubmitProposal + +| Type | Attribute Key | Attribute Value | +|---------------------|---------------------|-----------------| +| submit_proposal | proposal_id | {proposalID} | +| submit_proposal [0] | voting_period_start | {proposalID} | +| proposal_deposit | amount | {depositAmount} | +| proposal_deposit | proposal_id | {proposalID} | +| message | module | governance | +| message | action | submit_proposal | +| message | sender | {senderAddress} | + +* [0] Event only emitted if the voting period starts during the submission. + +#### MsgVote + +| Type | Attribute Key | Attribute Value | +|---------------|---------------|-----------------| +| proposal_vote | option | {voteOption} | +| proposal_vote | proposal_id | {proposalID} | +| message | module | governance | +| message | action | vote | +| message | sender | {senderAddress} | + +#### MsgVoteWeighted + +| Type | Attribute Key | Attribute Value | +|---------------|---------------|-----------------------| +| proposal_vote | option | {weightedVoteOptions} | +| proposal_vote | proposal_id | {proposalID} | +| message | module | governance | +| message | action | vote | +| message | sender | {senderAddress} | + +#### MsgDeposit + +| Type | Attribute Key | Attribute Value | +|----------------------|---------------------|-----------------| +| proposal_deposit | amount | {depositAmount} | +| proposal_deposit | proposal_id | {proposalID} | +| proposal_deposit [0] | voting_period_start | {proposalID} | +| message | module | governance | +| message | action | deposit | +| message | sender | {senderAddress} | + +* [0] Event only emitted if the voting period starts during the submission. + +## Parameters + +The governance module contains the following parameters: + +| Key | Type | Example | +|-------------------------------|------------------|-----------------------------------------| +| min_deposit | array (coins) | [{"denom":"uatom","amount":"10000000"}] | +| max_deposit_period | string (time ns) | "172800000000000" (17280s) | +| voting_period | string (time ns) | "172800000000000" (17280s) | +| quorum | string (dec) | "0.334000000000000000" | +| threshold | string (dec) | "0.500000000000000000" | +| veto | string (dec) | "0.334000000000000000" | +| expedited_threshold | string (time ns) | "0.667000000000000000" | +| expedited_voting_period | string (time ns) | "86400000000000" (8600s) | +| expedited_min_deposit | array (coins) | [{"denom":"uatom","amount":"50000000"}] | +| burn_proposal_deposit_prevote | bool | false | +| burn_vote_quorum | bool | false | +| burn_vote_veto | bool | true | +| min_initial_deposit_ratio | string | "0.1" | + + +**NOTE**: The governance module contains parameters that are objects unlike other +modules. If only a subset of parameters are desired to be changed, only they need +to be included and not the entire parameter object structure. + +## Client + +### CLI + +A user can query and interact with the `gov` module using the CLI. + +#### Query + +The `query` commands allow users to query `gov` state. + +```bash +simd query gov --help +``` + +##### deposit + +The `deposit` command allows users to query a deposit for a given proposal from a given depositor. + +```bash +simd query gov deposit [proposal-id] [depositer-addr] [flags] +``` + +Example: + +```bash +simd query gov deposit 1 cosmos1.. +``` + +Example Output: + +```bash +amount: +- amount: "100" + denom: stake +depositor: cosmos1.. +proposal_id: "1" +``` + +##### deposits + +The `deposits` command allows users to query all deposits for a given proposal. + +```bash +simd query gov deposits [proposal-id] [flags] +``` + +Example: + +```bash +simd query gov deposits 1 +``` + +Example Output: + +```bash +deposits: +- amount: + - amount: "100" + denom: stake + depositor: cosmos1.. + proposal_id: "1" +pagination: + next_key: null + total: "0" +``` + +##### param + +The `param` command allows users to query a given parameter for the `gov` module. + +```bash +simd query gov param [param-type] [flags] +``` + +Example: + +```bash +simd query gov param voting +``` + +Example Output: + +```bash +voting_period: "172800000000000" +``` + +##### params + +The `params` command allows users to query all parameters for the `gov` module. + +```bash +simd query gov params [flags] +``` + +Example: + +```bash +simd query gov params +``` + +Example Output: + +```bash +deposit_params: + max_deposit_period: 172800s + min_deposit: + - amount: "10000000" + denom: stake +params: + expedited_min_deposit: + - amount: "50000000" + denom: stake + expedited_threshold: "0.670000000000000000" + expedited_voting_period: 86400s + max_deposit_period: 172800s + min_deposit: + - amount: "10000000" + denom: stake + min_initial_deposit_ratio: "0.000000000000000000" + proposal_cancel_burn_rate: "0.500000000000000000" + quorum: "0.334000000000000000" + threshold: "0.500000000000000000" + veto_threshold: "0.334000000000000000" + voting_period: 172800s +tally_params: + quorum: "0.334000000000000000" + threshold: "0.500000000000000000" + veto_threshold: "0.334000000000000000" +voting_params: + voting_period: 172800s +``` + +##### proposal + +The `proposal` command allows users to query a given proposal. + +```bash +simd query gov proposal [proposal-id] [flags] +``` + +Example: + +```bash +simd query gov proposal 1 +``` + +Example Output: + +```bash +deposit_end_time: "2022-03-30T11:50:20.819676256Z" +final_tally_result: + abstain_count: "0" + no_count: "0" + no_with_veto_count: "0" + yes_count: "0" +id: "1" +messages: +- '@type': /cosmos.bank.v1beta1.MsgSend + amount: + - amount: "10" + denom: stake + from_address: cosmos1.. + to_address: cosmos1.. +metadata: AQ== +status: PROPOSAL_STATUS_DEPOSIT_PERIOD +submit_time: "2022-03-28T11:50:20.819676256Z" +total_deposit: +- amount: "10" + denom: stake +voting_end_time: null +voting_start_time: null +``` + +##### proposals + +The `proposals` command allows users to query all proposals with optional filters. + +```bash +simd query gov proposals [flags] +``` + +Example: + +```bash +simd query gov proposals +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "0" +proposals: +- deposit_end_time: "2022-03-30T11:50:20.819676256Z" + final_tally_result: + abstain_count: "0" + no_count: "0" + no_with_veto_count: "0" + yes_count: "0" + id: "1" + messages: + - '@type': /cosmos.bank.v1beta1.MsgSend + amount: + - amount: "10" + denom: stake + from_address: cosmos1.. + to_address: cosmos1.. + metadata: AQ== + status: PROPOSAL_STATUS_DEPOSIT_PERIOD + submit_time: "2022-03-28T11:50:20.819676256Z" + total_deposit: + - amount: "10" + denom: stake + voting_end_time: null + voting_start_time: null +- deposit_end_time: "2022-03-30T14:02:41.165025015Z" + final_tally_result: + abstain_count: "0" + no_count: "0" + no_with_veto_count: "0" + yes_count: "0" + id: "2" + messages: + - '@type': /cosmos.bank.v1beta1.MsgSend + amount: + - amount: "10" + denom: stake + from_address: cosmos1.. + to_address: cosmos1.. + metadata: AQ== + status: PROPOSAL_STATUS_DEPOSIT_PERIOD + submit_time: "2022-03-28T14:02:41.165025015Z" + total_deposit: + - amount: "10" + denom: stake + voting_end_time: null + voting_start_time: null +``` + +##### proposer + +The `proposer` command allows users to query the proposer for a given proposal. + +```bash +simd query gov proposer [proposal-id] [flags] +``` + +Example: + +```bash +simd query gov proposer 1 +``` + +Example Output: + +```bash +proposal_id: "1" +proposer: cosmos1.. +``` + +##### tally + +The `tally` command allows users to query the tally of a given proposal vote. + +```bash +simd query gov tally [proposal-id] [flags] +``` + +Example: + +```bash +simd query gov tally 1 +``` + +Example Output: + +```bash +abstain: "0" +"no": "0" +no_with_veto: "0" +"yes": "1" +``` + +##### vote + +The `vote` command allows users to query a vote for a given proposal. + +```bash +simd query gov vote [proposal-id] [voter-addr] [flags] +``` + +Example: + +```bash +simd query gov vote 1 cosmos1.. +``` + +Example Output: + +```bash +option: VOTE_OPTION_YES +options: +- option: VOTE_OPTION_YES + weight: "1.000000000000000000" +proposal_id: "1" +voter: cosmos1.. +``` + +##### votes + +The `votes` command allows users to query all votes for a given proposal. + +```bash +simd query gov votes [proposal-id] [flags] +``` + +Example: + +```bash +simd query gov votes 1 +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "0" +votes: +- option: VOTE_OPTION_YES + options: + - option: VOTE_OPTION_YES + weight: "1.000000000000000000" + proposal_id: "1" + voter: cosmos1.. +``` + +#### Transactions + +The `tx` commands allow users to interact with the `gov` module. + +```bash +simd tx gov --help +``` + +##### deposit + +The `deposit` command allows users to deposit tokens for a given proposal. + +```bash +simd tx gov deposit [proposal-id] [deposit] [flags] +``` + +Example: + +```bash +simd tx gov deposit 1 10000000stake --from cosmos1.. +``` + +##### draft-proposal + +The `draft-proposal` command allows users to draft any type of proposal. +The command returns a `draft_proposal.json`, to be used by `submit-proposal` after being completed. +The `draft_metadata.json` is meant to be uploaded to [IPFS](#metadata). + +```bash +simd tx gov draft-proposal +``` + +##### submit-proposal + +The `submit-proposal` command allows users to submit a governance proposal along with some messages and metadata. +Messages, metadata and deposit are defined in a JSON file. + +```bash +simd tx gov submit-proposal [path-to-proposal-json] [flags] +``` + +Example: + +```bash +simd tx gov submit-proposal /path/to/proposal.json --from cosmos1.. +``` + +where `proposal.json` contains: + +```json +{ + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1...", // The gov module module address + "to_address": "cosmos1...", + "amount":[{"denom": "stake","amount": "10"}] + } + ], + "metadata": "AQ==", + "deposit": "10stake", + "title": "Proposal Title", + "summary": "Proposal Summary" +} +``` + +:::note +By default the metadata, summary and title are both limited by 255 characters, this can be overridden by the application developer. +::: + +:::tip +When metadata is not specified, the title is limited to 255 characters and the summary 40x the title length. +::: + +##### submit-legacy-proposal + +The `submit-legacy-proposal` command allows users to submit a governance legacy proposal along with an initial deposit. + +```bash +simd tx gov submit-legacy-proposal [command] [flags] +``` + +Example: + +```bash +simd tx gov submit-legacy-proposal --title="Test Proposal" --description="testing" --type="Text" --deposit="100000000stake" --from cosmos1.. +``` + +Example (`param-change`): + +```bash +simd tx gov submit-legacy-proposal param-change proposal.json --from cosmos1.. +``` + +```json +{ + "title": "Test Proposal", + "description": "testing, testing, 1, 2, 3", + "changes": [ + { + "subspace": "staking", + "key": "MaxValidators", + "value": 100 + } + ], + "deposit": "10000000stake" +} +``` + +#### cancel-proposal + +Once proposal is canceled, from the deposits of proposal `deposits * proposal_cancel_ratio` will be burned or sent to `ProposalCancelDest` address , if `ProposalCancelDest` is empty then deposits will be burned. The `remaining deposits` will be sent to depositers. + +```bash +simd tx gov cancel-proposal [proposal-id] [flags] +``` + +Example: + +```bash +simd tx gov cancel-proposal 1 --from cosmos1... +``` + +##### vote + +The `vote` command allows users to submit a vote for a given governance proposal. + +```bash +simd tx gov vote [command] [flags] +``` + +Example: + +```bash +simd tx gov vote 1 yes --from cosmos1.. +``` + +##### weighted-vote + +The `weighted-vote` command allows users to submit a weighted vote for a given governance proposal. + +```bash +simd tx gov weighted-vote [proposal-id] [weighted-options] [flags] +``` + +Example: + +```bash +simd tx gov weighted-vote 1 yes=0.5,no=0.5 --from cosmos1.. +``` + +### gRPC + +A user can query the `gov` module using gRPC endpoints. + +#### Proposal + +The `Proposal` endpoint allows users to query a given proposal. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Proposal +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Proposal +``` + +Example Output: + +```bash +{ + "proposal": { + "proposalId": "1", + "content": {"@type":"/cosmos.gov.v1beta1.TextProposal","description":"testing, testing, 1, 2, 3","title":"Test Proposal"}, + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "finalTallyResult": { + "yes": "0", + "abstain": "0", + "no": "0", + "noWithVeto": "0" + }, + "submitTime": "2021-09-16T19:40:08.712440474Z", + "depositEndTime": "2021-09-18T19:40:08.712440474Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10000000" + } + ], + "votingStartTime": "2021-09-16T19:40:08.712440474Z", + "votingEndTime": "2021-09-18T19:40:08.712440474Z", + "title": "Test Proposal", + "summary": "testing, testing, 1, 2, 3" + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Proposal +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Proposal +``` + +Example Output: + +```bash +{ + "proposal": { + "id": "1", + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"10"}],"fromAddress":"cosmos1..","toAddress":"cosmos1.."} + ], + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "finalTallyResult": { + "yesCount": "0", + "abstainCount": "0", + "noCount": "0", + "noWithVetoCount": "0" + }, + "submitTime": "2022-03-28T11:50:20.819676256Z", + "depositEndTime": "2022-03-30T11:50:20.819676256Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10000000" + } + ], + "votingStartTime": "2022-03-28T14:25:26.644857113Z", + "votingEndTime": "2022-03-30T14:25:26.644857113Z", + "metadata": "AQ==", + "title": "Test Proposal", + "summary": "testing, testing, 1, 2, 3" + } +} +``` + +#### Proposals + +The `Proposals` endpoint allows users to query all proposals with optional filters. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Proposals +``` + +Example: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Proposals +``` + +Example Output: + +```bash +{ + "proposals": [ + { + "proposalId": "1", + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "finalTallyResult": { + "yes": "0", + "abstain": "0", + "no": "0", + "noWithVeto": "0" + }, + "submitTime": "2022-03-28T11:50:20.819676256Z", + "depositEndTime": "2022-03-30T11:50:20.819676256Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10000000010" + } + ], + "votingStartTime": "2022-03-28T14:25:26.644857113Z", + "votingEndTime": "2022-03-30T14:25:26.644857113Z" + }, + { + "proposalId": "2", + "status": "PROPOSAL_STATUS_DEPOSIT_PERIOD", + "finalTallyResult": { + "yes": "0", + "abstain": "0", + "no": "0", + "noWithVeto": "0" + }, + "submitTime": "2022-03-28T14:02:41.165025015Z", + "depositEndTime": "2022-03-30T14:02:41.165025015Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10" + } + ], + "votingStartTime": "0001-01-01T00:00:00Z", + "votingEndTime": "0001-01-01T00:00:00Z" + } + ], + "pagination": { + "total": "2" + } +} + +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Proposals +``` + +Example: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + cosmos.gov.v1.Query/Proposals +``` + +Example Output: + +```bash +{ + "proposals": [ + { + "id": "1", + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"10"}],"fromAddress":"cosmos1..","toAddress":"cosmos1.."} + ], + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "finalTallyResult": { + "yesCount": "0", + "abstainCount": "0", + "noCount": "0", + "noWithVetoCount": "0" + }, + "submitTime": "2022-03-28T11:50:20.819676256Z", + "depositEndTime": "2022-03-30T11:50:20.819676256Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10000000010" + } + ], + "votingStartTime": "2022-03-28T14:25:26.644857113Z", + "votingEndTime": "2022-03-30T14:25:26.644857113Z", + "metadata": "AQ==", + "title": "Proposal Title", + "summary": "Proposal Summary" + }, + { + "id": "2", + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"10"}],"fromAddress":"cosmos1..","toAddress":"cosmos1.."} + ], + "status": "PROPOSAL_STATUS_DEPOSIT_PERIOD", + "finalTallyResult": { + "yesCount": "0", + "abstainCount": "0", + "noCount": "0", + "noWithVetoCount": "0" + }, + "submitTime": "2022-03-28T14:02:41.165025015Z", + "depositEndTime": "2022-03-30T14:02:41.165025015Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10" + } + ], + "metadata": "AQ==", + "title": "Proposal Title", + "summary": "Proposal Summary" + } + ], + "pagination": { + "total": "2" + } +} +``` + +#### Vote + +The `Vote` endpoint allows users to query a vote for a given proposal. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Vote +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1","voter":"cosmos1.."}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Vote +``` + +Example Output: + +```bash +{ + "vote": { + "proposalId": "1", + "voter": "cosmos1..", + "option": "VOTE_OPTION_YES", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1000000000000000000" + } + ] + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Vote +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1","voter":"cosmos1.."}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Vote +``` + +Example Output: + +```bash +{ + "vote": { + "proposalId": "1", + "voter": "cosmos1..", + "option": "VOTE_OPTION_YES", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ] + } +} +``` + +#### Votes + +The `Votes` endpoint allows users to query all votes for a given proposal. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Votes +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Votes +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposalId": "1", + "voter": "cosmos1..", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1000000000000000000" + } + ] + } + ], + "pagination": { + "total": "1" + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Votes +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Votes +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposalId": "1", + "voter": "cosmos1..", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ] + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### Params + +The `Params` endpoint allows users to query all parameters for the `gov` module. + + + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Params +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"params_type":"voting"}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Params +``` + +Example Output: + +```bash +{ + "votingParams": { + "votingPeriod": "172800s" + }, + "depositParams": { + "maxDepositPeriod": "0s" + }, + "tallyParams": { + "quorum": "MA==", + "threshold": "MA==", + "vetoThreshold": "MA==" + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Params +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"params_type":"voting"}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Params +``` + +Example Output: + +```bash +{ + "votingParams": { + "votingPeriod": "172800s" + } +} +``` + +#### Deposit + +The `Deposit` endpoint allows users to query a deposit for a given proposal from a given depositor. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Deposit +``` + +Example: + +```bash +grpcurl -plaintext \ + '{"proposal_id":"1","depositor":"cosmos1.."}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Deposit +``` + +Example Output: + +```bash +{ + "deposit": { + "proposalId": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Deposit +``` + +Example: + +```bash +grpcurl -plaintext \ + '{"proposal_id":"1","depositor":"cosmos1.."}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Deposit +``` + +Example Output: + +```bash +{ + "deposit": { + "proposalId": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } +} +``` + +#### deposits + +The `Deposits` endpoint allows users to query all deposits for a given proposal. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Deposits +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Deposits +``` + +Example Output: + +```bash +{ + "deposits": [ + { + "proposalId": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } + ], + "pagination": { + "total": "1" + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Deposits +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Deposits +``` + +Example Output: + +```bash +{ + "deposits": [ + { + "proposalId": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### TallyResult + +The `TallyResult` endpoint allows users to query the tally of a given proposal. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/TallyResult +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/TallyResult +``` + +Example Output: + +```bash +{ + "tally": { + "yes": "1000000", + "abstain": "0", + "no": "0", + "noWithVeto": "0" + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/TallyResult +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1.Query/TallyResult +``` + +Example Output: + +```bash +{ + "tally": { + "yes": "1000000", + "abstain": "0", + "no": "0", + "noWithVeto": "0" + } +} +``` + +### REST + +A user can query the `gov` module using REST endpoints. + +#### proposal + +The `proposals` endpoint allows users to query a given proposal. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1 +``` + +Example Output: + +```bash +{ + "proposal": { + "proposal_id": "1", + "content": null, + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "final_tally_result": { + "yes": "0", + "abstain": "0", + "no": "0", + "no_with_veto": "0" + }, + "submit_time": "2022-03-28T11:50:20.819676256Z", + "deposit_end_time": "2022-03-30T11:50:20.819676256Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10000000010" + } + ], + "voting_start_time": "2022-03-28T14:25:26.644857113Z", + "voting_end_time": "2022-03-30T14:25:26.644857113Z" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1 +``` + +Example Output: + +```bash +{ + "proposal": { + "id": "1", + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1..", + "to_address": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10" + } + ] + } + ], + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "final_tally_result": { + "yes_count": "0", + "abstain_count": "0", + "no_count": "0", + "no_with_veto_count": "0" + }, + "submit_time": "2022-03-28T11:50:20.819676256Z", + "deposit_end_time": "2022-03-30T11:50:20.819676256Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10000000" + } + ], + "voting_start_time": "2022-03-28T14:25:26.644857113Z", + "voting_end_time": "2022-03-30T14:25:26.644857113Z", + "metadata": "AQ==", + "title": "Proposal Title", + "summary": "Proposal Summary" + } +} +``` + +#### proposals + +The `proposals` endpoint also allows users to query all proposals with optional filters. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals +``` + +Example Output: + +```bash +{ + "proposals": [ + { + "proposal_id": "1", + "content": null, + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "final_tally_result": { + "yes": "0", + "abstain": "0", + "no": "0", + "no_with_veto": "0" + }, + "submit_time": "2022-03-28T11:50:20.819676256Z", + "deposit_end_time": "2022-03-30T11:50:20.819676256Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10000000" + } + ], + "voting_start_time": "2022-03-28T14:25:26.644857113Z", + "voting_end_time": "2022-03-30T14:25:26.644857113Z" + }, + { + "proposal_id": "2", + "content": null, + "status": "PROPOSAL_STATUS_DEPOSIT_PERIOD", + "final_tally_result": { + "yes": "0", + "abstain": "0", + "no": "0", + "no_with_veto": "0" + }, + "submit_time": "2022-03-28T14:02:41.165025015Z", + "deposit_end_time": "2022-03-30T14:02:41.165025015Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10" + } + ], + "voting_start_time": "0001-01-01T00:00:00Z", + "voting_end_time": "0001-01-01T00:00:00Z" + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals +``` + +Example Output: + +```bash +{ + "proposals": [ + { + "id": "1", + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1..", + "to_address": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10" + } + ] + } + ], + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "final_tally_result": { + "yes_count": "0", + "abstain_count": "0", + "no_count": "0", + "no_with_veto_count": "0" + }, + "submit_time": "2022-03-28T11:50:20.819676256Z", + "deposit_end_time": "2022-03-30T11:50:20.819676256Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10000000010" + } + ], + "voting_start_time": "2022-03-28T14:25:26.644857113Z", + "voting_end_time": "2022-03-30T14:25:26.644857113Z", + "metadata": "AQ==", + "title": "Proposal Title", + "summary": "Proposal Summary" + }, + { + "id": "2", + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1..", + "to_address": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10" + } + ] + } + ], + "status": "PROPOSAL_STATUS_DEPOSIT_PERIOD", + "final_tally_result": { + "yes_count": "0", + "abstain_count": "0", + "no_count": "0", + "no_with_veto_count": "0" + }, + "submit_time": "2022-03-28T14:02:41.165025015Z", + "deposit_end_time": "2022-03-30T14:02:41.165025015Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10" + } + ], + "voting_start_time": null, + "voting_end_time": null, + "metadata": "AQ==", + "title": "Proposal Title", + "summary": "Proposal Summary" + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +#### voter vote + +The `votes` endpoint allows users to query a vote for a given proposal. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id}/votes/{voter} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1/votes/cosmos1.. +``` + +Example Output: + +```bash +{ + "vote": { + "proposal_id": "1", + "voter": "cosmos1..", + "option": "VOTE_OPTION_YES", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ] + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id}/votes/{voter} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1/votes/cosmos1.. +``` + +Example Output: + +```bash +{ + "vote": { + "proposal_id": "1", + "voter": "cosmos1..", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ], + "metadata": "" + } +} +``` + +#### votes + +The `votes` endpoint allows users to query all votes for a given proposal. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id}/votes +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1/votes +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposal_id": "1", + "voter": "cosmos1..", + "option": "VOTE_OPTION_YES", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id}/votes +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1/votes +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposal_id": "1", + "voter": "cosmos1..", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ], + "metadata": "" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### params + +The `params` endpoint allows users to query all parameters for the `gov` module. + + + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/params/{params_type} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/params/voting +``` + +Example Output: + +```bash +{ + "voting_params": { + "voting_period": "172800s" + }, + "deposit_params": { + "min_deposit": [ + ], + "max_deposit_period": "0s" + }, + "tally_params": { + "quorum": "0.000000000000000000", + "threshold": "0.000000000000000000", + "veto_threshold": "0.000000000000000000" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/params/{params_type} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/params/voting +``` + +Example Output: + +```bash +{ + "voting_params": { + "voting_period": "172800s" + }, + "deposit_params": { + "min_deposit": [ + ], + "max_deposit_period": "0s" + }, + "tally_params": { + "quorum": "0.000000000000000000", + "threshold": "0.000000000000000000", + "veto_threshold": "0.000000000000000000" + } +} +``` + +#### deposits + +The `deposits` endpoint allows users to query a deposit for a given proposal from a given depositor. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id}/deposits/{depositor} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1/deposits/cosmos1.. +``` + +Example Output: + +```bash +{ + "deposit": { + "proposal_id": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id}/deposits/{depositor} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1/deposits/cosmos1.. +``` + +Example Output: + +```bash +{ + "deposit": { + "proposal_id": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } +} +``` + +#### proposal deposits + +The `deposits` endpoint allows users to query all deposits for a given proposal. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id}/deposits +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1/deposits +``` + +Example Output: + +```bash +{ + "deposits": [ + { + "proposal_id": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id}/deposits +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1/deposits +``` + +Example Output: + +```bash +{ + "deposits": [ + { + "proposal_id": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### tally + +The `tally` endpoint allows users to query the tally of a given proposal. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id}/tally +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1/tally +``` + +Example Output: + +```bash +{ + "tally": { + "yes": "1000000", + "abstain": "0", + "no": "0", + "no_with_veto": "0" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id}/tally +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1/tally +``` + +Example Output: + +```bash +{ + "tally": { + "yes": "1000000", + "abstain": "0", + "no": "0", + "no_with_veto": "0" + } +} +``` + +## Metadata + +The gov module has two locations for metadata where users can provide further context about the on-chain actions they are taking. By default all metadata fields have a 255 character length field where metadata can be stored in json format, either on-chain or off-chain depending on the amount of data required. Here we provide a recommendation for the json structure and where the data should be stored. There are two important factors in making these recommendations. First, that the gov and group modules are consistent with one another, note the number of proposals made by all groups may be quite large. Second, that client applications such as block explorers and governance interfaces have confidence in the consistency of metadata structure accross chains. + +### Proposal + +Location: off-chain as json object stored on IPFS (mirrors [group proposal](../group/README.md#metadata)) + +```json +{ + "title": "", + "authors": [""], + "summary": "", + "details": "", + "proposal_forum_url": "", + "vote_option_context": "", +} +``` + +:::note +The `authors` field is an array of strings, this is to allow for multiple authors to be listed in the metadata. +In v0.46, the `authors` field is a comma-separated string. Frontends are encouraged to support both formats for backwards compatibility. +::: + +### Vote + +Location: on-chain as json within 255 character limit (mirrors [group vote](../group/README.md#metadata)) + +```json +{ + "justification": "", +} +``` + +## Future Improvements + +The current documentation only describes the minimum viable product for the +governance module. Future improvements may include: + +* **`BountyProposals`:** If accepted, a `BountyProposal` creates an open + bounty. The `BountyProposal` specifies how many Atoms will be given upon + completion. These Atoms will be taken from the `reserve pool`. After a + `BountyProposal` is accepted by governance, anybody can submit a + `SoftwareUpgradeProposal` with the code to claim the bounty. Note that once a + `BountyProposal` is accepted, the corresponding funds in the `reserve pool` + are locked so that payment can always be honored. In order to link a + `SoftwareUpgradeProposal` to an open bounty, the submitter of the + `SoftwareUpgradeProposal` will use the `Proposal.LinkedProposal` attribute. + If a `SoftwareUpgradeProposal` linked to an open bounty is accepted by + governance, the funds that were reserved are automatically transferred to the + submitter. +* **Complex delegation:** Delegators could choose other representatives than + their validators. Ultimately, the chain of representatives would always end + up to a validator, but delegators could inherit the vote of their chosen + representative before they inherit the vote of their validator. In other + words, they would only inherit the vote of their validator if their other + appointed representative did not vote. +* **Better process for proposal review:** There would be two parts to + `proposal.Deposit`, one for anti-spam (same as in MVP) and an other one to + reward third party auditors. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/modules/group/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/modules/group/README.md new file mode 100644 index 00000000..8327e7ef --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/modules/group/README.md @@ -0,0 +1,2166 @@ +--- +sidebar_position: 1 +--- + +# `x/group` + +## Abstract + +The following documents specify the group module. + +This module allows the creation and management of on-chain multisig accounts and enables voting for message execution based on configurable decision policies. + +## Contents + +* [Concepts](#concepts) + * [Group](#group) + * [Group Policy](#group-policy) + * [Decision Policy](#decision-policy) + * [Proposal](#proposal) + * [Pruning](#pruning) +* [State](#state) + * [Group Table](#group-table) + * [Group Member Table](#group-member-table) + * [Group Policy Table](#group-policy-table) + * [Proposal Table](#proposal-table) + * [Vote Table](#vote-table) +* [Msg Service](#msg-service) + * [Msg/CreateGroup](#msgcreategroup) + * [Msg/UpdateGroupMembers](#msgupdategroupmembers) + * [Msg/UpdateGroupAdmin](#msgupdategroupadmin) + * [Msg/UpdateGroupMetadata](#msgupdategroupmetadata) + * [Msg/CreateGroupPolicy](#msgcreategrouppolicy) + * [Msg/CreateGroupWithPolicy](#msgcreategroupwithpolicy) + * [Msg/UpdateGroupPolicyAdmin](#msgupdategrouppolicyadmin) + * [Msg/UpdateGroupPolicyDecisionPolicy](#msgupdategrouppolicydecisionpolicy) + * [Msg/UpdateGroupPolicyMetadata](#msgupdategrouppolicymetadata) + * [Msg/SubmitProposal](#msgsubmitproposal) + * [Msg/WithdrawProposal](#msgwithdrawproposal) + * [Msg/Vote](#msgvote) + * [Msg/Exec](#msgexec) + * [Msg/LeaveGroup](#msgleavegroup) +* [Events](#events) + * [EventCreateGroup](#eventcreategroup) + * [EventUpdateGroup](#eventupdategroup) + * [EventCreateGroupPolicy](#eventcreategrouppolicy) + * [EventUpdateGroupPolicy](#eventupdategrouppolicy) + * [EventCreateProposal](#eventcreateproposal) + * [EventWithdrawProposal](#eventwithdrawproposal) + * [EventVote](#eventvote) + * [EventExec](#eventexec) + * [EventLeaveGroup](#eventleavegroup) + * [EventProposalPruned](#eventproposalpruned) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) +* [Metadata](#metadata) + +## Concepts + +### Group + +A group is simply an aggregation of accounts with associated weights. It is not +an account and doesn't have a balance. It doesn't in and of itself have any +sort of voting or decision weight. It does have an "administrator" which has +the ability to add, remove and update members in the group. Note that a +group policy account could be an administrator of a group, and that the +administrator doesn't necessarily have to be a member of the group. + +### Group Policy + +A group policy is an account associated with a group and a decision policy. +Group policies are abstracted from groups because a single group may have +multiple decision policies for different types of actions. Managing group +membership separately from decision policies results in the least overhead +and keeps membership consistent across different policies. The pattern that +is recommended is to have a single master group policy for a given group, +and then to create separate group policies with different decision policies +and delegate the desired permissions from the master account to +those "sub-accounts" using the `x/authz` module. + +### Decision Policy + +A decision policy is the mechanism by which members of a group can vote on +proposals, as well as the rules that dictate whether a proposal should pass +or not based on its tally outcome. + +All decision policies generally would have a mininum execution period and a +maximum voting window. The minimum execution period is the minimum amount of time +that must pass after submission in order for a proposal to potentially be executed, and it may +be set to 0. The maximum voting window is the maximum time after submission that a proposal may +be voted on before it is tallied. + +The chain developer also defines an app-wide maximum execution period, which is +the maximum amount of time after a proposal's voting period end where users are +allowed to execute a proposal. + +The current group module comes shipped with two decision policies: threshold +and percentage. Any chain developer can extend upon these two, by creating +custom decision policies, as long as they adhere to the `DecisionPolicy` +interface: + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/x/group/types.go#L27-L45 +``` + +#### Threshold decision policy + +A threshold decision policy defines a threshold of yes votes (based on a tally +of voter weights) that must be achieved in order for a proposal to pass. For +this decision policy, abstain and veto are simply treated as no's. + +This decision policy also has a VotingPeriod window and a MinExecutionPeriod +window. The former defines the duration after proposal submission where members +are allowed to vote, after which tallying is performed. The latter specifies +the minimum duration after proposal submission where the proposal can be +executed. If set to 0, then the proposal is allowed to be executed immediately +on submission (using the `TRY_EXEC` option). Obviously, MinExecutionPeriod +cannot be greater than VotingPeriod+MaxExecutionPeriod (where MaxExecution is +the app-defined duration that specifies the window after voting ended where a +proposal can be executed). + +#### Percentage decision policy + +A percentage decision policy is similar to a threshold decision policy, except +that the threshold is not defined as a constant weight, but as a percentage. +It's more suited for groups where the group members' weights can be updated, as +the percentage threshold stays the same, and doesn't depend on how those member +weights get updated. + +Same as the Threshold decision policy, the percentage decision policy has the +two VotingPeriod and MinExecutionPeriod parameters. + +### Proposal + +Any member(s) of a group can submit a proposal for a group policy account to decide upon. +A proposal consists of a set of messages that will be executed if the proposal +passes as well as any metadata associated with the proposal. + +#### Voting + +There are four choices to choose while voting - yes, no, abstain and veto. Not +all decision policies will take the four choices into account. Votes can contain some optional metadata. +In the current implementation, the voting window begins as soon as a proposal +is submitted, and the end is defined by the group policy's decision policy. + +#### Withdrawing Proposals + +Proposals can be withdrawn any time before the voting period end, either by the +admin of the group policy or by one of the proposers. Once withdrawn, it is +marked as `PROPOSAL_STATUS_WITHDRAWN`, and no more voting or execution is +allowed on it. + +#### Aborted Proposals + +If the group policy is updated during the voting period of the proposal, then +the proposal is marked as `PROPOSAL_STATUS_ABORTED`, and no more voting or +execution is allowed on it. This is because the group policy defines the rules +of proposal voting and execution, so if those rules change during the lifecycle +of a proposal, then the proposal should be marked as stale. + +#### Tallying + +Tallying is the counting of all votes on a proposal. It happens only once in +the lifecycle of a proposal, but can be triggered by two factors, whichever +happens first: + +* either someone tries to execute the proposal (see next section), which can + happen on a `Msg/Exec` transaction, or a `Msg/{SubmitProposal,Vote}` + transaction with the `Exec` field set. When a proposal execution is attempted, + a tally is done first to make sure the proposal passes. +* or on `EndBlock` when the proposal's voting period end just passed. + +If the tally result passes the decision policy's rules, then the proposal is +marked as `PROPOSAL_STATUS_ACCEPTED`, or else it is marked as +`PROPOSAL_STATUS_REJECTED`. In any case, no more voting is allowed anymore, and the tally +result is persisted to state in the proposal's `FinalTallyResult`. + +#### Executing Proposals + +Proposals are executed only when the tallying is done, and the group account's +decision policy allows the proposal to pass based on the tally outcome. They +are marked by the status `PROPOSAL_STATUS_ACCEPTED`. Execution must happen +before a duration of `MaxExecutionPeriod` (set by the chain developer) after +each proposal's voting period end. + +Proposals will not be automatically executed by the chain in this current design, +but rather a user must submit a `Msg/Exec` transaction to attempt to execute the +proposal based on the current votes and decision policy. Any user (not only the +group members) can execute proposals that have been accepted, and execution fees are +paid by the proposal executor. +It's also possible to try to execute a proposal immediately on creation or on +new votes using the `Exec` field of `Msg/SubmitProposal` and `Msg/Vote` requests. +In the former case, proposers signatures are considered as yes votes. +In these cases, if the proposal can't be executed (i.e. it didn't pass the +decision policy's rules), it will still be opened for new votes and +could be tallied and executed later on. + +A successful proposal execution will have its `ExecutorResult` marked as +`PROPOSAL_EXECUTOR_RESULT_SUCCESS`. The proposal will be automatically pruned +after execution. On the other hand, a failed proposal execution will be marked +as `PROPOSAL_EXECUTOR_RESULT_FAILURE`. Such a proposal can be re-executed +multiple times, until it expires after `MaxExecutionPeriod` after voting period +end. + +### Pruning + +Proposals and votes are automatically pruned to avoid state bloat. + +Votes are pruned: + +* either after a successful tally, i.e. a tally whose result passes the decision + policy's rules, which can be trigged by a `Msg/Exec` or a + `Msg/{SubmitProposal,Vote}` with the `Exec` field set, +* or on `EndBlock` right after the proposal's voting period end. This applies to proposals with status `aborted` or `withdrawn` too. + +whichever happens first. + +Proposals are pruned: + +* on `EndBlock` whose proposal status is `withdrawn` or `aborted` on proposal's voting period end before tallying, +* and either after a successful proposal execution, +* or on `EndBlock` right after the proposal's `voting_period_end` + + `max_execution_period` (defined as an app-wide configuration) is passed, + +whichever happens first. + +## State + +The `group` module uses the `orm` package which provides table storage with support for +primary keys and secondary indexes. `orm` also defines `Sequence` which is a persistent unique key generator based on a counter that can be used along with `Table`s. + +Here's the list of tables and associated sequences and indexes stored as part of the `group` module. + +### Group Table + +The `groupTable` stores `GroupInfo`: `0x0 | BigEndian(GroupId) -> ProtocolBuffer(GroupInfo)`. + +#### groupSeq + +The value of `groupSeq` is incremented when creating a new group and corresponds to the new `GroupId`: `0x1 | 0x1 -> BigEndian`. + +The second `0x1` corresponds to the ORM `sequenceStorageKey`. + +#### groupByAdminIndex + +`groupByAdminIndex` allows to retrieve groups by admin address: +`0x2 | len([]byte(group.Admin)) | []byte(group.Admin) | BigEndian(GroupId) -> []byte()`. + +### Group Member Table + +The `groupMemberTable` stores `GroupMember`s: `0x10 | BigEndian(GroupId) | []byte(member.Address) -> ProtocolBuffer(GroupMember)`. + +The `groupMemberTable` is a primary key table and its `PrimaryKey` is given by +`BigEndian(GroupId) | []byte(member.Address)` which is used by the following indexes. + +#### groupMemberByGroupIndex + +`groupMemberByGroupIndex` allows to retrieve group members by group id: +`0x11 | BigEndian(GroupId) | PrimaryKey -> []byte()`. + +#### groupMemberByMemberIndex + +`groupMemberByMemberIndex` allows to retrieve group members by member address: +`0x12 | len([]byte(member.Address)) | []byte(member.Address) | PrimaryKey -> []byte()`. + +### Group Policy Table + +The `groupPolicyTable` stores `GroupPolicyInfo`: `0x20 | len([]byte(Address)) | []byte(Address) -> ProtocolBuffer(GroupPolicyInfo)`. + +The `groupPolicyTable` is a primary key table and its `PrimaryKey` is given by +`len([]byte(Address)) | []byte(Address)` which is used by the following indexes. + +#### groupPolicySeq + +The value of `groupPolicySeq` is incremented when creating a new group policy and is used to generate the new group policy account `Address`: +`0x21 | 0x1 -> BigEndian`. + +The second `0x1` corresponds to the ORM `sequenceStorageKey`. + +#### groupPolicyByGroupIndex + +`groupPolicyByGroupIndex` allows to retrieve group policies by group id: +`0x22 | BigEndian(GroupId) | PrimaryKey -> []byte()`. + +#### groupPolicyByAdminIndex + +`groupPolicyByAdminIndex` allows to retrieve group policies by admin address: +`0x23 | len([]byte(Address)) | []byte(Address) | PrimaryKey -> []byte()`. + +### Proposal Table + +The `proposalTable` stores `Proposal`s: `0x30 | BigEndian(ProposalId) -> ProtocolBuffer(Proposal)`. + +#### proposalSeq + +The value of `proposalSeq` is incremented when creating a new proposal and corresponds to the new `ProposalId`: `0x31 | 0x1 -> BigEndian`. + +The second `0x1` corresponds to the ORM `sequenceStorageKey`. + +#### proposalByGroupPolicyIndex + +`proposalByGroupPolicyIndex` allows to retrieve proposals by group policy account address: +`0x32 | len([]byte(account.Address)) | []byte(account.Address) | BigEndian(ProposalId) -> []byte()`. + +#### ProposalsByVotingPeriodEndIndex + +`proposalsByVotingPeriodEndIndex` allows to retrieve proposals sorted by chronological `voting_period_end`: +`0x33 | sdk.FormatTimeBytes(proposal.VotingPeriodEnd) | BigEndian(ProposalId) -> []byte()`. + +This index is used when tallying the proposal votes at the end of the voting period, and for pruning proposals at `VotingPeriodEnd + MaxExecutionPeriod`. + +### Vote Table + +The `voteTable` stores `Vote`s: `0x40 | BigEndian(ProposalId) | []byte(voter.Address) -> ProtocolBuffer(Vote)`. + +The `voteTable` is a primary key table and its `PrimaryKey` is given by +`BigEndian(ProposalId) | []byte(voter.Address)` which is used by the following indexes. + +#### voteByProposalIndex + +`voteByProposalIndex` allows to retrieve votes by proposal id: +`0x41 | BigEndian(ProposalId) | PrimaryKey -> []byte()`. + +#### voteByVoterIndex + +`voteByVoterIndex` allows to retrieve votes by voter address: +`0x42 | len([]byte(voter.Address)) | []byte(voter.Address) | PrimaryKey -> []byte()`. + +## Msg Service + +### Msg/CreateGroup + +A new group can be created with the `MsgCreateGroup`, which has an admin address, a list of members and some optional metadata. + +The metadata has a maximum length that is chosen by the app developer, and +passed into the group keeper as a config. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L67-L80 +``` + +It's expected to fail if + +* metadata length is greater than `MaxMetadataLen` config +* members are not correctly set (e.g. wrong address format, duplicates, or with 0 weight). + +### Msg/UpdateGroupMembers + +Group members can be updated with the `UpdateGroupMembers`. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L88-L102 +``` + +In the list of `MemberUpdates`, an existing member can be removed by setting its weight to 0. + +It's expected to fail if: + +* the signer is not the admin of the group. +* for any one of the associated group policies, if its decision policy's `Validate()` method fails against the updated group. + +### Msg/UpdateGroupAdmin + +The `UpdateGroupAdmin` can be used to update a group admin. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L107-L120 +``` + +It's expected to fail if the signer is not the admin of the group. + +### Msg/UpdateGroupMetadata + +The `UpdateGroupMetadata` can be used to update a group metadata. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L125-L138 +``` + +It's expected to fail if: + +* new metadata length is greater than `MaxMetadataLen` config. +* the signer is not the admin of the group. + +### Msg/CreateGroupPolicy + +A new group policy can be created with the `MsgCreateGroupPolicy`, which has an admin address, a group id, a decision policy and some optional metadata. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L147-L165 +``` + +It's expected to fail if: + +* the signer is not the admin of the group. +* metadata length is greater than `MaxMetadataLen` config. +* the decision policy's `Validate()` method doesn't pass against the group. + +### Msg/CreateGroupWithPolicy + +A new group with policy can be created with the `MsgCreateGroupWithPolicy`, which has an admin address, a list of members, a decision policy, a `group_policy_as_admin` field to optionally set group and group policy admin with group policy address and some optional metadata for group and group policy. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L191-L215 +``` + +It's expected to fail for the same reasons as `Msg/CreateGroup` and `Msg/CreateGroupPolicy`. + +### Msg/UpdateGroupPolicyAdmin + +The `UpdateGroupPolicyAdmin` can be used to update a group policy admin. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L173-L186 +``` + +It's expected to fail if the signer is not the admin of the group policy. + +### Msg/UpdateGroupPolicyDecisionPolicy + +The `UpdateGroupPolicyDecisionPolicy` can be used to update a decision policy. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L226-L241 +``` + +It's expected to fail if: + +* the signer is not the admin of the group policy. +* the new decision policy's `Validate()` method doesn't pass against the group. + +### Msg/UpdateGroupPolicyMetadata + +The `UpdateGroupPolicyMetadata` can be used to update a group policy metadata. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L246-L259 +``` + +It's expected to fail if: + +* new metadata length is greater than `MaxMetadataLen` config. +* the signer is not the admin of the group. + +### Msg/SubmitProposal + +A new proposal can be created with the `MsgSubmitProposal`, which has a group policy account address, a list of proposers addresses, a list of messages to execute if the proposal is accepted and some optional metadata. +An optional `Exec` value can be provided to try to execute the proposal immediately after proposal creation. Proposers signatures are considered as yes votes in this case. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L281-L315 +``` + +It's expected to fail if: + +* metadata, title, or summary length is greater than `MaxMetadataLen` config. +* if any of the proposers is not a group member. + +### Msg/WithdrawProposal + +A proposal can be withdrawn using `MsgWithdrawProposal` which has an `address` (can be either a proposer or the group policy admin) and a `proposal_id` (which has to be withdrawn). + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L323-L333 +``` + +It's expected to fail if: + +* the signer is neither the group policy admin nor proposer of the proposal. +* the proposal is already closed or aborted. + +### Msg/Vote + +A new vote can be created with the `MsgVote`, given a proposal id, a voter address, a choice (yes, no, veto or abstain) and some optional metadata. +An optional `Exec` value can be provided to try to execute the proposal immediately after voting. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L338-L358 +``` + +It's expected to fail if: + +* metadata length is greater than `MaxMetadataLen` config. +* the proposal is not in voting period anymore. + +### Msg/Exec + +A proposal can be executed with the `MsgExec`. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L363-L373 +``` + +The messages that are part of this proposal won't be executed if: + +* the proposal has not been accepted by the group policy. +* the proposal has already been successfully executed. + +### Msg/LeaveGroup + +The `MsgLeaveGroup` allows group member to leave a group. + +```go reference +https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L381-L391 +``` + +It's expected to fail if: + +* the group member is not part of the group. +* for any one of the associated group policies, if its decision policy's `Validate()` method fails against the updated group. + +## Events + +The group module emits the following events: + +### EventCreateGroup + +| Type | Attribute Key | Attribute Value | +| -------------------------------- | ------------- | -------------------------------- | +| message | action | /cosmos.group.v1.Msg/CreateGroup | +| cosmos.group.v1.EventCreateGroup | group_id | {groupId} | + +### EventUpdateGroup + +| Type | Attribute Key | Attribute Value | +| -------------------------------- | ------------- | ---------------------------------------------------------- | +| message | action | /cosmos.group.v1.Msg/UpdateGroup{Admin\|Metadata\|Members} | +| cosmos.group.v1.EventUpdateGroup | group_id | {groupId} | + +### EventCreateGroupPolicy + +| Type | Attribute Key | Attribute Value | +| -------------------------------------- | ------------- | -------------------------------------- | +| message | action | /cosmos.group.v1.Msg/CreateGroupPolicy | +| cosmos.group.v1.EventCreateGroupPolicy | address | {groupPolicyAddress} | + +### EventUpdateGroupPolicy + +| Type | Attribute Key | Attribute Value | +| -------------------------------------- | ------------- | ----------------------------------------------------------------------- | +| message | action | /cosmos.group.v1.Msg/UpdateGroupPolicy{Admin\|Metadata\|DecisionPolicy} | +| cosmos.group.v1.EventUpdateGroupPolicy | address | {groupPolicyAddress} | + +### EventCreateProposal + +| Type | Attribute Key | Attribute Value | +| ----------------------------------- | ------------- | ----------------------------------- | +| message | action | /cosmos.group.v1.Msg/CreateProposal | +| cosmos.group.v1.EventCreateProposal | proposal_id | {proposalId} | + +### EventWithdrawProposal + +| Type | Attribute Key | Attribute Value | +| ------------------------------------- | ------------- | ------------------------------------- | +| message | action | /cosmos.group.v1.Msg/WithdrawProposal | +| cosmos.group.v1.EventWithdrawProposal | proposal_id | {proposalId} | + +### EventVote + +| Type | Attribute Key | Attribute Value | +| ------------------------- | ------------- | ------------------------- | +| message | action | /cosmos.group.v1.Msg/Vote | +| cosmos.group.v1.EventVote | proposal_id | {proposalId} | + +## EventExec + +| Type | Attribute Key | Attribute Value | +| ------------------------- | ------------- | ------------------------- | +| message | action | /cosmos.group.v1.Msg/Exec | +| cosmos.group.v1.EventExec | proposal_id | {proposalId} | +| cosmos.group.v1.EventExec | logs | {logs_string} | + +### EventLeaveGroup + +| Type | Attribute Key | Attribute Value | +| ------------------------------- | ------------- | ------------------------------- | +| message | action | /cosmos.group.v1.Msg/LeaveGroup | +| cosmos.group.v1.EventLeaveGroup | proposal_id | {proposalId} | +| cosmos.group.v1.EventLeaveGroup | address | {address} | + +### EventProposalPruned + +| Type | Attribute Key | Attribute Value | +|-------------------------------------|---------------|---------------------------------| +| message | action | /cosmos.group.v1.Msg/LeaveGroup | +| cosmos.group.v1.EventProposalPruned | proposal_id | {proposalId} | +| cosmos.group.v1.EventProposalPruned | status | {ProposalStatus} | +| cosmos.group.v1.EventProposalPruned | tally_result | {TallyResult} | + + +## Client + +### CLI + +A user can query and interact with the `group` module using the CLI. + +#### Query + +The `query` commands allow users to query `group` state. + +```bash +simd query group --help +``` + +##### group-info + +The `group-info` command allows users to query for group info by given group id. + +```bash +simd query group group-info [id] [flags] +``` + +Example: + +```bash +simd query group group-info 1 +``` + +Example Output: + +```bash +admin: cosmos1.. +group_id: "1" +metadata: AQ== +total_weight: "3" +version: "1" +``` + +##### group-policy-info + +The `group-policy-info` command allows users to query for group policy info by account address of group policy . + +```bash +simd query group group-policy-info [group-policy-account] [flags] +``` + +Example: + +```bash +simd query group group-policy-info cosmos1.. +``` + +Example Output: + +```bash +address: cosmos1.. +admin: cosmos1.. +decision_policy: + '@type': /cosmos.group.v1.ThresholdDecisionPolicy + threshold: "1" + windows: + min_execution_period: 0s + voting_period: 432000s +group_id: "1" +metadata: AQ== +version: "1" +``` + +##### group-members + +The `group-members` command allows users to query for group members by group id with pagination flags. + +```bash +simd query group group-members [id] [flags] +``` + +Example: + +```bash +simd query group group-members 1 +``` + +Example Output: + +```bash +members: +- group_id: "1" + member: + address: cosmos1.. + metadata: AQ== + weight: "2" +- group_id: "1" + member: + address: cosmos1.. + metadata: AQ== + weight: "1" +pagination: + next_key: null + total: "2" +``` + +##### groups-by-admin + +The `groups-by-admin` command allows users to query for groups by admin account address with pagination flags. + +```bash +simd query group groups-by-admin [admin] [flags] +``` + +Example: + +```bash +simd query group groups-by-admin cosmos1.. +``` + +Example Output: + +```bash +groups: +- admin: cosmos1.. + group_id: "1" + metadata: AQ== + total_weight: "3" + version: "1" +- admin: cosmos1.. + group_id: "2" + metadata: AQ== + total_weight: "3" + version: "1" +pagination: + next_key: null + total: "2" +``` + +##### group-policies-by-group + +The `group-policies-by-group` command allows users to query for group policies by group id with pagination flags. + +```bash +simd query group group-policies-by-group [group-id] [flags] +``` + +Example: + +```bash +simd query group group-policies-by-group 1 +``` + +Example Output: + +```bash +group_policies: +- address: cosmos1.. + admin: cosmos1.. + decision_policy: + '@type': /cosmos.group.v1.ThresholdDecisionPolicy + threshold: "1" + windows: + min_execution_period: 0s + voting_period: 432000s + group_id: "1" + metadata: AQ== + version: "1" +- address: cosmos1.. + admin: cosmos1.. + decision_policy: + '@type': /cosmos.group.v1.ThresholdDecisionPolicy + threshold: "1" + windows: + min_execution_period: 0s + voting_period: 432000s + group_id: "1" + metadata: AQ== + version: "1" +pagination: + next_key: null + total: "2" +``` + +##### group-policies-by-admin + +The `group-policies-by-admin` command allows users to query for group policies by admin account address with pagination flags. + +```bash +simd query group group-policies-by-admin [admin] [flags] +``` + +Example: + +```bash +simd query group group-policies-by-admin cosmos1.. +``` + +Example Output: + +```bash +group_policies: +- address: cosmos1.. + admin: cosmos1.. + decision_policy: + '@type': /cosmos.group.v1.ThresholdDecisionPolicy + threshold: "1" + windows: + min_execution_period: 0s + voting_period: 432000s + group_id: "1" + metadata: AQ== + version: "1" +- address: cosmos1.. + admin: cosmos1.. + decision_policy: + '@type': /cosmos.group.v1.ThresholdDecisionPolicy + threshold: "1" + windows: + min_execution_period: 0s + voting_period: 432000s + group_id: "1" + metadata: AQ== + version: "1" +pagination: + next_key: null + total: "2" +``` + +##### proposal + +The `proposal` command allows users to query for proposal by id. + +```bash +simd query group proposal [id] [flags] +``` + +Example: + +```bash +simd query group proposal 1 +``` + +Example Output: + +```bash +proposal: + address: cosmos1.. + executor_result: EXECUTOR_RESULT_NOT_RUN + group_policy_version: "1" + group_version: "1" + metadata: AQ== + msgs: + - '@type': /cosmos.bank.v1beta1.MsgSend + amount: + - amount: "100000000" + denom: stake + from_address: cosmos1.. + to_address: cosmos1.. + proposal_id: "1" + proposers: + - cosmos1.. + result: RESULT_UNFINALIZED + status: STATUS_SUBMITTED + submitted_at: "2021-12-17T07:06:26.310638964Z" + windows: + min_execution_period: 0s + voting_period: 432000s + vote_state: + abstain_count: "0" + no_count: "0" + veto_count: "0" + yes_count: "0" + summary: "Summary" + title: "Title" +``` + +##### proposals-by-group-policy + +The `proposals-by-group-policy` command allows users to query for proposals by account address of group policy with pagination flags. + +```bash +simd query group proposals-by-group-policy [group-policy-account] [flags] +``` + +Example: + +```bash +simd query group proposals-by-group-policy cosmos1.. +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "1" +proposals: +- address: cosmos1.. + executor_result: EXECUTOR_RESULT_NOT_RUN + group_policy_version: "1" + group_version: "1" + metadata: AQ== + msgs: + - '@type': /cosmos.bank.v1beta1.MsgSend + amount: + - amount: "100000000" + denom: stake + from_address: cosmos1.. + to_address: cosmos1.. + proposal_id: "1" + proposers: + - cosmos1.. + result: RESULT_UNFINALIZED + status: STATUS_SUBMITTED + submitted_at: "2021-12-17T07:06:26.310638964Z" + windows: + min_execution_period: 0s + voting_period: 432000s + vote_state: + abstain_count: "0" + no_count: "0" + veto_count: "0" + yes_count: "0" + summary: "Summary" + title: "Title" +``` + +##### vote + +The `vote` command allows users to query for vote by proposal id and voter account address. + +```bash +simd query group vote [proposal-id] [voter] [flags] +``` + +Example: + +```bash +simd query group vote 1 cosmos1.. +``` + +Example Output: + +```bash +vote: + choice: CHOICE_YES + metadata: AQ== + proposal_id: "1" + submitted_at: "2021-12-17T08:05:02.490164009Z" + voter: cosmos1.. +``` + +##### votes-by-proposal + +The `votes-by-proposal` command allows users to query for votes by proposal id with pagination flags. + +```bash +simd query group votes-by-proposal [proposal-id] [flags] +``` + +Example: + +```bash +simd query group votes-by-proposal 1 +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "1" +votes: +- choice: CHOICE_YES + metadata: AQ== + proposal_id: "1" + submitted_at: "2021-12-17T08:05:02.490164009Z" + voter: cosmos1.. +``` + +##### votes-by-voter + +The `votes-by-voter` command allows users to query for votes by voter account address with pagination flags. + +```bash +simd query group votes-by-voter [voter] [flags] +``` + +Example: + +```bash +simd query group votes-by-voter cosmos1.. +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "1" +votes: +- choice: CHOICE_YES + metadata: AQ== + proposal_id: "1" + submitted_at: "2021-12-17T08:05:02.490164009Z" + voter: cosmos1.. +``` + +### Transactions + +The `tx` commands allow users to interact with the `group` module. + +```bash +simd tx group --help +``` + +#### create-group + +The `create-group` command allows users to create a group which is an aggregation of member accounts with associated weights and +an administrator account. + +```bash +simd tx group create-group [admin] [metadata] [members-json-file] +``` + +Example: + +```bash +simd tx group create-group cosmos1.. "AQ==" members.json +``` + +#### update-group-admin + +The `update-group-admin` command allows users to update a group's admin. + +```bash +simd tx group update-group-admin [admin] [group-id] [new-admin] [flags] +``` + +Example: + +```bash +simd tx group update-group-admin cosmos1.. 1 cosmos1.. +``` + +#### update-group-members + +The `update-group-members` command allows users to update a group's members. + +```bash +simd tx group update-group-members [admin] [group-id] [members-json-file] [flags] +``` + +Example: + +```bash +simd tx group update-group-members cosmos1.. 1 members.json +``` + +#### update-group-metadata + +The `update-group-metadata` command allows users to update a group's metadata. + +```bash +simd tx group update-group-metadata [admin] [group-id] [metadata] [flags] +``` + +Example: + +```bash +simd tx group update-group-metadata cosmos1.. 1 "AQ==" +``` + +#### create-group-policy + +The `create-group-policy` command allows users to create a group policy which is an account associated with a group and a decision policy. + +```bash +simd tx group create-group-policy [admin] [group-id] [metadata] [decision-policy] [flags] +``` + +Example: + +```bash +simd tx group create-group-policy cosmos1.. 1 "AQ==" '{"@type":"/cosmos.group.v1.ThresholdDecisionPolicy", "threshold":"1", "windows": {"voting_period": "120h", "min_execution_period": "0s"}}' +``` + +#### create-group-with-policy + +The `create-group-with-policy` command allows users to create a group which is an aggregation of member accounts with associated weights and an administrator account with decision policy. If the `--group-policy-as-admin` flag is set to `true`, the group policy address becomes the group and group policy admin. + +```bash +simd tx group create-group-with-policy [admin] [group-metadata] [group-policy-metadata] [members-json-file] [decision-policy] [flags] +``` + +Example: + +```bash +simd tx group create-group-with-policy cosmos1.. "AQ==" "AQ==" members.json '{"@type":"/cosmos.group.v1.ThresholdDecisionPolicy", "threshold":"1", "windows": {"voting_period": "120h", "min_execution_period": "0s"}}' +``` + +#### update-group-policy-admin + +The `update-group-policy-admin` command allows users to update a group policy admin. + +```bash +simd tx group update-group-policy-admin [admin] [group-policy-account] [new-admin] [flags] +``` + +Example: + +```bash +simd tx group update-group-policy-admin cosmos1.. cosmos1.. cosmos1.. +``` + +#### update-group-policy-metadata + +The `update-group-policy-metadata` command allows users to update a group policy metadata. + +```bash +simd tx group update-group-policy-metadata [admin] [group-policy-account] [new-metadata] [flags] +``` + +Example: + +```bash +simd tx group update-group-policy-metadata cosmos1.. cosmos1.. "AQ==" +``` + +#### update-group-policy-decision-policy + +The `update-group-policy-decision-policy` command allows users to update a group policy's decision policy. + +```bash +simd tx group update-group-policy-decision-policy [admin] [group-policy-account] [decision-policy] [flags] +``` + +Example: + +```bash +simd tx group update-group-policy-decision-policy cosmos1.. cosmos1.. '{"@type":"/cosmos.group.v1.ThresholdDecisionPolicy", "threshold":"2", "windows": {"voting_period": "120h", "min_execution_period": "0s"}}' +``` + +#### submit-proposal + +The `submit-proposal` command allows users to submit a new proposal. + +```bash +simd tx group submit-proposal [group-policy-account] [proposer[,proposer]*] [msg_tx_json_file] [metadata] [flags] +``` + +Example: + +```bash +simd tx group submit-proposal cosmos1.. cosmos1.. msg_tx.json "AQ==" +``` + +#### withdraw-proposal + +The `withdraw-proposal` command allows users to withdraw a proposal. + +```bash +simd tx group withdraw-proposal [proposal-id] [group-policy-admin-or-proposer] +``` + +Example: + +```bash +simd tx group withdraw-proposal 1 cosmos1.. +``` + +#### vote + +The `vote` command allows users to vote on a proposal. + +```bash +simd tx group vote proposal-id] [voter] [choice] [metadata] [flags] +``` + +Example: + +```bash +simd tx group vote 1 cosmos1.. CHOICE_YES "AQ==" +``` + +#### exec + +The `exec` command allows users to execute a proposal. + +```bash +simd tx group exec [proposal-id] [flags] +``` + +Example: + +```bash +simd tx group exec 1 +``` + +#### leave-group + +The `leave-group` command allows group member to leave the group. + +```bash +simd tx group leave-group [member-address] [group-id] +``` + +Example: + +```bash +simd tx group leave-group cosmos1... 1 +``` + +### gRPC + +A user can query the `group` module using gRPC endpoints. + +#### GroupInfo + +The `GroupInfo` endpoint allows users to query for group info by given group id. + +```bash +cosmos.group.v1.Query/GroupInfo +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"group_id":1}' localhost:9090 cosmos.group.v1.Query/GroupInfo +``` + +Example Output: + +```bash +{ + "info": { + "groupId": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "totalWeight": "3" + } +} +``` + +#### GroupPolicyInfo + +The `GroupPolicyInfo` endpoint allows users to query for group policy info by account address of group policy. + +```bash +cosmos.group.v1.Query/GroupPolicyInfo +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"address":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/GroupPolicyInfo +``` + +Example Output: + +```bash +{ + "info": { + "address": "cosmos1..", + "groupId": "1", + "admin": "cosmos1..", + "version": "1", + "decisionPolicy": {"@type":"/cosmos.group.v1.ThresholdDecisionPolicy","threshold":"1","windows": {"voting_period": "120h", "min_execution_period": "0s"}}, + } +} +``` + +#### GroupMembers + +The `GroupMembers` endpoint allows users to query for group members by group id with pagination flags. + +```bash +cosmos.group.v1.Query/GroupMembers +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"group_id":"1"}' localhost:9090 cosmos.group.v1.Query/GroupMembers +``` + +Example Output: + +```bash +{ + "members": [ + { + "groupId": "1", + "member": { + "address": "cosmos1..", + "weight": "1" + } + }, + { + "groupId": "1", + "member": { + "address": "cosmos1..", + "weight": "2" + } + } + ], + "pagination": { + "total": "2" + } +} +``` + +#### GroupsByAdmin + +The `GroupsByAdmin` endpoint allows users to query for groups by admin account address with pagination flags. + +```bash +cosmos.group.v1.Query/GroupsByAdmin +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"admin":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/GroupsByAdmin +``` + +Example Output: + +```bash +{ + "groups": [ + { + "groupId": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "totalWeight": "3" + }, + { + "groupId": "2", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "totalWeight": "3" + } + ], + "pagination": { + "total": "2" + } +} +``` + +#### GroupPoliciesByGroup + +The `GroupPoliciesByGroup` endpoint allows users to query for group policies by group id with pagination flags. + +```bash +cosmos.group.v1.Query/GroupPoliciesByGroup +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"group_id":"1"}' localhost:9090 cosmos.group.v1.Query/GroupPoliciesByGroup +``` + +Example Output: + +```bash +{ + "GroupPolicies": [ + { + "address": "cosmos1..", + "groupId": "1", + "admin": "cosmos1..", + "version": "1", + "decisionPolicy": {"@type":"/cosmos.group.v1.ThresholdDecisionPolicy","threshold":"1","windows":{"voting_period": "120h", "min_execution_period": "0s"}}, + }, + { + "address": "cosmos1..", + "groupId": "1", + "admin": "cosmos1..", + "version": "1", + "decisionPolicy": {"@type":"/cosmos.group.v1.ThresholdDecisionPolicy","threshold":"1","windows":{"voting_period": "120h", "min_execution_period": "0s"}}, + } + ], + "pagination": { + "total": "2" + } +} +``` + +#### GroupPoliciesByAdmin + +The `GroupPoliciesByAdmin` endpoint allows users to query for group policies by admin account address with pagination flags. + +```bash +cosmos.group.v1.Query/GroupPoliciesByAdmin +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"admin":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/GroupPoliciesByAdmin +``` + +Example Output: + +```bash +{ + "GroupPolicies": [ + { + "address": "cosmos1..", + "groupId": "1", + "admin": "cosmos1..", + "version": "1", + "decisionPolicy": {"@type":"/cosmos.group.v1.ThresholdDecisionPolicy","threshold":"1","windows":{"voting_period": "120h", "min_execution_period": "0s"}}, + }, + { + "address": "cosmos1..", + "groupId": "1", + "admin": "cosmos1..", + "version": "1", + "decisionPolicy": {"@type":"/cosmos.group.v1.ThresholdDecisionPolicy","threshold":"1","windows":{"voting_period": "120h", "min_execution_period": "0s"}}, + } + ], + "pagination": { + "total": "2" + } +} +``` + +#### Proposal + +The `Proposal` endpoint allows users to query for proposal by id. + +```bash +cosmos.group.v1.Query/Proposal +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' localhost:9090 cosmos.group.v1.Query/Proposal +``` + +Example Output: + +```bash +{ + "proposal": { + "proposalId": "1", + "address": "cosmos1..", + "proposers": [ + "cosmos1.." + ], + "submittedAt": "2021-12-17T07:06:26.310638964Z", + "groupVersion": "1", + "GroupPolicyVersion": "1", + "status": "STATUS_SUBMITTED", + "result": "RESULT_UNFINALIZED", + "voteState": { + "yesCount": "0", + "noCount": "0", + "abstainCount": "0", + "vetoCount": "0" + }, + "windows": { + "min_execution_period": "0s", + "voting_period": "432000s" + }, + "executorResult": "EXECUTOR_RESULT_NOT_RUN", + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"100000000"}],"fromAddress":"cosmos1..","toAddress":"cosmos1.."} + ], + "title": "Title", + "summary": "Summary", + } +} +``` + +#### ProposalsByGroupPolicy + +The `ProposalsByGroupPolicy` endpoint allows users to query for proposals by account address of group policy with pagination flags. + +```bash +cosmos.group.v1.Query/ProposalsByGroupPolicy +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"address":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/ProposalsByGroupPolicy +``` + +Example Output: + +```bash +{ + "proposals": [ + { + "proposalId": "1", + "address": "cosmos1..", + "proposers": [ + "cosmos1.." + ], + "submittedAt": "2021-12-17T08:03:27.099649352Z", + "groupVersion": "1", + "GroupPolicyVersion": "1", + "status": "STATUS_CLOSED", + "result": "RESULT_ACCEPTED", + "voteState": { + "yesCount": "1", + "noCount": "0", + "abstainCount": "0", + "vetoCount": "0" + }, + "windows": { + "min_execution_period": "0s", + "voting_period": "432000s" + }, + "executorResult": "EXECUTOR_RESULT_NOT_RUN", + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"100000000"}],"fromAddress":"cosmos1..","toAddress":"cosmos1.."} + ], + "title": "Title", + "summary": "Summary", + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### VoteByProposalVoter + +The `VoteByProposalVoter` endpoint allows users to query for vote by proposal id and voter account address. + +```bash +cosmos.group.v1.Query/VoteByProposalVoter +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1","voter":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/VoteByProposalVoter +``` + +Example Output: + +```bash +{ + "vote": { + "proposalId": "1", + "voter": "cosmos1..", + "choice": "CHOICE_YES", + "submittedAt": "2021-12-17T08:05:02.490164009Z" + } +} +``` + +#### VotesByProposal + +The `VotesByProposal` endpoint allows users to query for votes by proposal id with pagination flags. + +```bash +cosmos.group.v1.Query/VotesByProposal +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' localhost:9090 cosmos.group.v1.Query/VotesByProposal +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposalId": "1", + "voter": "cosmos1..", + "choice": "CHOICE_YES", + "submittedAt": "2021-12-17T08:05:02.490164009Z" + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### VotesByVoter + +The `VotesByVoter` endpoint allows users to query for votes by voter account address with pagination flags. + +```bash +cosmos.group.v1.Query/VotesByVoter +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"voter":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/VotesByVoter +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposalId": "1", + "voter": "cosmos1..", + "choice": "CHOICE_YES", + "submittedAt": "2021-12-17T08:05:02.490164009Z" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### REST + +A user can query the `group` module using REST endpoints. + +#### GroupInfo + +The `GroupInfo` endpoint allows users to query for group info by given group id. + +```bash +/cosmos/group/v1/group_info/{group_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/group_info/1 +``` + +Example Output: + +```bash +{ + "info": { + "id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "total_weight": "3" + } +} +``` + +#### GroupPolicyInfo + +The `GroupPolicyInfo` endpoint allows users to query for group policy info by account address of group policy. + +```bash +/cosmos/group/v1/group_policy_info/{address} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/group_policy_info/cosmos1.. +``` + +Example Output: + +```bash +{ + "info": { + "address": "cosmos1..", + "group_id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "decision_policy": { + "@type": "/cosmos.group.v1.ThresholdDecisionPolicy", + "threshold": "1", + "windows": { + "voting_period": "120h", + "min_execution_period": "0s" + } + }, + } +} +``` + +#### GroupMembers + +The `GroupMembers` endpoint allows users to query for group members by group id with pagination flags. + +```bash +/cosmos/group/v1/group_members/{group_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/group_members/1 +``` + +Example Output: + +```bash +{ + "members": [ + { + "group_id": "1", + "member": { + "address": "cosmos1..", + "weight": "1", + "metadata": "AQ==" + } + }, + { + "group_id": "1", + "member": { + "address": "cosmos1..", + "weight": "2", + "metadata": "AQ==" + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +#### GroupsByAdmin + +The `GroupsByAdmin` endpoint allows users to query for groups by admin account address with pagination flags. + +```bash +/cosmos/group/v1/groups_by_admin/{admin} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/groups_by_admin/cosmos1.. +``` + +Example Output: + +```bash +{ + "groups": [ + { + "id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "total_weight": "3" + }, + { + "id": "2", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "total_weight": "3" + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +#### GroupPoliciesByGroup + +The `GroupPoliciesByGroup` endpoint allows users to query for group policies by group id with pagination flags. + +```bash +/cosmos/group/v1/group_policies_by_group/{group_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/group_policies_by_group/1 +``` + +Example Output: + +```bash +{ + "group_policies": [ + { + "address": "cosmos1..", + "group_id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "decision_policy": { + "@type": "/cosmos.group.v1.ThresholdDecisionPolicy", + "threshold": "1", + "windows": { + "voting_period": "120h", + "min_execution_period": "0s" + } + }, + }, + { + "address": "cosmos1..", + "group_id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "decision_policy": { + "@type": "/cosmos.group.v1.ThresholdDecisionPolicy", + "threshold": "1", + "windows": { + "voting_period": "120h", + "min_execution_period": "0s" + } + }, + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +#### GroupPoliciesByAdmin + +The `GroupPoliciesByAdmin` endpoint allows users to query for group policies by admin account address with pagination flags. + +```bash +/cosmos/group/v1/group_policies_by_admin/{admin} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/group_policies_by_admin/cosmos1.. +``` + +Example Output: + +```bash +{ + "group_policies": [ + { + "address": "cosmos1..", + "group_id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "decision_policy": { + "@type": "/cosmos.group.v1.ThresholdDecisionPolicy", + "threshold": "1", + "windows": { + "voting_period": "120h", + "min_execution_period": "0s" + } + }, + }, + { + "address": "cosmos1..", + "group_id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "decision_policy": { + "@type": "/cosmos.group.v1.ThresholdDecisionPolicy", + "threshold": "1", + "windows": { + "voting_period": "120h", + "min_execution_period": "0s" + } + }, + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +``` + +#### Proposal + +The `Proposal` endpoint allows users to query for proposal by id. + +```bash +/cosmos/group/v1/proposal/{proposal_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/proposal/1 +``` + +Example Output: + +```bash +{ + "proposal": { + "proposal_id": "1", + "address": "cosmos1..", + "metadata": "AQ==", + "proposers": [ + "cosmos1.." + ], + "submitted_at": "2021-12-17T07:06:26.310638964Z", + "group_version": "1", + "group_policy_version": "1", + "status": "STATUS_SUBMITTED", + "result": "RESULT_UNFINALIZED", + "vote_state": { + "yes_count": "0", + "no_count": "0", + "abstain_count": "0", + "veto_count": "0" + }, + "windows": { + "min_execution_period": "0s", + "voting_period": "432000s" + }, + "executor_result": "EXECUTOR_RESULT_NOT_RUN", + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1..", + "to_address": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "100000000" + } + ] + } + ], + "title": "Title", + "summary": "Summary", + } +} +``` + +#### ProposalsByGroupPolicy + +The `ProposalsByGroupPolicy` endpoint allows users to query for proposals by account address of group policy with pagination flags. + +```bash +/cosmos/group/v1/proposals_by_group_policy/{address} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/proposals_by_group_policy/cosmos1.. +``` + +Example Output: + +```bash +{ + "proposals": [ + { + "id": "1", + "group_policy_address": "cosmos1..", + "metadata": "AQ==", + "proposers": [ + "cosmos1.." + ], + "submit_time": "2021-12-17T08:03:27.099649352Z", + "group_version": "1", + "group_policy_version": "1", + "status": "STATUS_CLOSED", + "result": "RESULT_ACCEPTED", + "vote_state": { + "yes_count": "1", + "no_count": "0", + "abstain_count": "0", + "veto_count": "0" + }, + "windows": { + "min_execution_period": "0s", + "voting_period": "432000s" + }, + "executor_result": "EXECUTOR_RESULT_NOT_RUN", + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1..", + "to_address": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "100000000" + } + ] + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### VoteByProposalVoter + +The `VoteByProposalVoter` endpoint allows users to query for vote by proposal id and voter account address. + +```bash +/cosmos/group/v1/vote_by_proposal_voter/{proposal_id}/{voter} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1beta1/vote_by_proposal_voter/1/cosmos1.. +``` + +Example Output: + +```bash +{ + "vote": { + "proposal_id": "1", + "voter": "cosmos1..", + "choice": "CHOICE_YES", + "metadata": "AQ==", + "submitted_at": "2021-12-17T08:05:02.490164009Z" + } +} +``` + +#### VotesByProposal + +The `VotesByProposal` endpoint allows users to query for votes by proposal id with pagination flags. + +```bash +/cosmos/group/v1/votes_by_proposal/{proposal_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/votes_by_proposal/1 +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposal_id": "1", + "voter": "cosmos1..", + "option": "CHOICE_YES", + "metadata": "AQ==", + "submit_time": "2021-12-17T08:05:02.490164009Z" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### VotesByVoter + +The `VotesByVoter` endpoint allows users to query for votes by voter account address with pagination flags. + +```bash +/cosmos/group/v1/votes_by_voter/{voter} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/votes_by_voter/cosmos1.. +``` + +Example Output: + +```bash +{ + "votes": [ + { + "proposal_id": "1", + "voter": "cosmos1..", + "choice": "CHOICE_YES", + "metadata": "AQ==", + "submitted_at": "2021-12-17T08:05:02.490164009Z" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +## Metadata + +The group module has four locations for metadata where users can provide further context about the on-chain actions they are taking. By default all metadata fields have a 255 character length field where metadata can be stored in json format, either on-chain or off-chain depending on the amount of data required. Here we provide a recommendation for the json structure and where the data should be stored. There are two important factors in making these recommendations. First, that the group and gov modules are consistent with one another, note the number of proposals made by all groups may be quite large. Second, that client applications such as block explorers and governance interfaces have confidence in the consistency of metadata structure across chains. + +### Proposal + +Location: off-chain as json object stored on IPFS (mirrors [gov proposal](../gov/README.md#metadata)) + +```json +{ + "title": "", + "authors": [""], + "summary": "", + "details": "", + "proposal_forum_url": "", + "vote_option_context": "", +} +``` + +:::note +The `authors` field is an array of strings, this is to allow for multiple authors to be listed in the metadata. +In v0.46, the `authors` field is a comma-separated string. Frontends are encouraged to support both formats for backwards compatibility. +::: + +### Vote + +Location: on-chain as json within 255 character limit (mirrors [gov vote](../gov/README.md#metadata)) + +```json +{ + "justification": "", +} +``` + +### Group + +Location: off-chain as json object stored on IPFS + +```json +{ + "name": "", + "description": "", + "group_website_url": "", + "group_forum_url": "", +} +``` + +### Decision policy + +Location: on-chain as json within 255 character limit + +```json +{ + "name": "", + "description": "", +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/modules/mint/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/modules/mint/README.md new file mode 100644 index 00000000..89dab770 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/modules/mint/README.md @@ -0,0 +1,460 @@ +--- +sidebar_position: 1 +--- + +# `x/mint` + +The `x/mint` module handles the regular minting of new tokens in a configurable manner. + +## Contents + +* [State](#state) + * [Minter](#minter) + * [Params](#params) +* [Begin-Block](#begin-block) + * [NextInflationRate](#nextinflationrate) + * [NextAnnualProvisions](#nextannualprovisions) + * [BlockProvision](#blockprovision) +* [Parameters](#parameters) +* [Events](#events) + * [BeginBlocker](#beginblocker) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) + +## Concepts + +### The Minting Mechanism + +The default minting mechanism was designed to: + +* allow for a flexible inflation rate determined by market demand targeting a particular bonded-stake ratio +* effect a balance between market liquidity and staked supply + +In order to best determine the appropriate market rate for inflation rewards, a +moving change rate is used. The moving change rate mechanism ensures that if +the % bonded is either over or under the goal %-bonded, the inflation rate will +adjust to further incentivize or disincentivize being bonded, respectively. Setting the goal +%-bonded at less than 100% encourages the network to maintain some non-staked tokens +which should help provide some liquidity. + +It can be broken down in the following way: + +* If the actual percentage of bonded tokens is below the goal %-bonded the inflation rate will + increase until a maximum value is reached +* If the goal % bonded (67% in Cosmos-Hub) is maintained, then the inflation + rate will stay constant +* If the actual percentage of bonded tokens is above the goal %-bonded the inflation rate will + decrease until a minimum value is reached + +### Custom Minters + +As of Cosmos SDK v0.53.0, developers can set a custom `MintFn` for the module for specialized token minting logic. + +The function signature that a `MintFn` must implement is as follows: + +```go +// MintFn defines the function that needs to be implemented in order to customize the minting process. +type MintFn func(ctx sdk.Context, k *Keeper) error +``` + +This can be passed to the `Keeper` upon creation with an additional `Option`: + +```go +app.MintKeeper = mintkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[minttypes.StoreKey]), + app.StakingKeeper, + app.AccountKeeper, + app.BankKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + // mintkeeper.WithMintFn(CUSTOM_MINT_FN), // custom mintFn can be added here + ) +``` + +#### Custom Minter DI Example + +Below is a simple approach to creating a custom mint function with extra dependencies in DI configurations. +For this basic example, we will make the minter simply double the supply of `foo` coin. + +First, we will define a function that takes our required dependencies, and returns a `MintFn`. + +```go +// MyCustomMintFunction is a custom mint function that doubles the supply of `foo` coin. +func MyCustomMintFunction(bank bankkeeper.BaseKeeper) mintkeeper.MintFn { + return func(ctx sdk.Context, k *mintkeeper.Keeper) error { + supply := bank.GetSupply(ctx, "foo") + err := k.MintCoins(ctx, sdk.NewCoins(supply.Add(supply))) + if err != nil { + return err + } + return nil + } +} +``` + +Then, pass the function defined above into the `depinject.Supply` function with the required dependencies. + +```go +// NewSimApp returns a reference to an initialized SimApp. +func NewSimApp( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), +) *SimApp { + var ( + app = &SimApp{} + appBuilder *runtime.AppBuilder + appConfig = depinject.Configs( + AppConfig, + depinject.Supply( + appOpts, + logger, + // our custom mint function with the necessary dependency passed in. + MyCustomMintFunction(app.BankKeeper), + ), + ) + ) + // ... +} +``` + +## State + +### Minter + +The minter is a space for holding current inflation information. + +* Minter: `0x00 -> ProtocolBuffer(minter)` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/mint/v1beta1/mint.proto#L10-L24 +``` + +### Params + +The mint module stores its params in state with the prefix of `0x01`, +it can be updated with governance or the address with authority. + +* Params: `mint/params -> legacy_amino(params)` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/mint/v1beta1/mint.proto#L26-L59 +``` + +## Begin-Block + +Minting parameters are recalculated and inflation paid at the beginning of each block. + +### Inflation rate calculation + +Inflation rate is calculated using an "inflation calculation function" that's +passed to the `NewAppModule` function. If no function is passed, then the SDK's +default inflation function will be used (`NextInflationRate`). In case a custom +inflation calculation logic is needed, this can be achieved by defining and +passing a function that matches `InflationCalculationFn`'s signature. + +```go +type InflationCalculationFn func(ctx sdk.Context, minter Minter, params Params, bondedRatio math.LegacyDec) math.LegacyDec +``` + +#### NextInflationRate + +The target annual inflation rate is recalculated each block. +The inflation is also subject to a rate change (positive or negative) +depending on the distance from the desired ratio (67%). The maximum rate change +possible is defined to be 13% per year, however, the annual inflation is capped +as between 7% and 20%. + +```go +NextInflationRate(params Params, bondedRatio math.LegacyDec) (inflation math.LegacyDec) { + inflationRateChangePerYear = (1 - bondedRatio/params.GoalBonded) * params.InflationRateChange + inflationRateChange = inflationRateChangePerYear/blocksPerYr + + // increase the new annual inflation for this next block + inflation += inflationRateChange + if inflation > params.InflationMax { + inflation = params.InflationMax + } + if inflation < params.InflationMin { + inflation = params.InflationMin + } + + return inflation +} +``` + +### NextAnnualProvisions + +Calculate the annual provisions based on current total supply and inflation +rate. This parameter is calculated once per block. + +```go +NextAnnualProvisions(params Params, totalSupply math.LegacyDec) (provisions math.LegacyDec) { + return Inflation * totalSupply +``` + +### BlockProvision + +Calculate the provisions generated for each block based on current annual provisions. The provisions are then minted by the `mint` module's `ModuleMinterAccount` and then transferred to the `auth`'s `FeeCollector` `ModuleAccount`. + +```go +BlockProvision(params Params) sdk.Coin { + provisionAmt = AnnualProvisions/ params.BlocksPerYear + return sdk.NewCoin(params.MintDenom, provisionAmt.Truncate()) +``` + + +## Parameters + +The minting module contains the following parameters: + +| Key | Type | Example | +|---------------------|-----------------|------------------------| +| MintDenom | string | "uatom" | +| InflationRateChange | string (dec) | "0.130000000000000000" | +| InflationMax | string (dec) | "0.200000000000000000" | +| InflationMin | string (dec) | "0.070000000000000000" | +| GoalBonded | string (dec) | "0.670000000000000000" | +| BlocksPerYear | string (uint64) | "6311520" | + + +## Events + +The minting module emits the following events: + +### BeginBlocker + +| Type | Attribute Key | Attribute Value | +|------|-------------------|--------------------| +| mint | bonded_ratio | {bondedRatio} | +| mint | inflation | {inflation} | +| mint | annual_provisions | {annualProvisions} | +| mint | amount | {amount} | + + +## Client + +### CLI + +A user can query and interact with the `mint` module using the CLI. + +#### Query + +The `query` commands allows users to query `mint` state. + +```shell +simd query mint --help +``` + +##### annual-provisions + +The `annual-provisions` command allows users to query the current minting annual provisions value + +```shell +simd query mint annual-provisions [flags] +``` + +Example: + +```shell +simd query mint annual-provisions +``` + +Example Output: + +```shell +22268504368893.612100895088410693 +``` + +##### inflation + +The `inflation` command allows users to query the current minting inflation value + +```shell +simd query mint inflation [flags] +``` + +Example: + +```shell +simd query mint inflation +``` + +Example Output: + +```shell +0.199200302563256955 +``` + +##### params + +The `params` command allows users to query the current minting parameters + +```shell +simd query mint params [flags] +``` + +Example: + +```yml +blocks_per_year: "4360000" +goal_bonded: "0.670000000000000000" +inflation_max: "0.200000000000000000" +inflation_min: "0.070000000000000000" +inflation_rate_change: "0.130000000000000000" +mint_denom: stake +``` + +### gRPC + +A user can query the `mint` module using gRPC endpoints. + +#### AnnualProvisions + +The `AnnualProvisions` endpoint allows users to query the current minting annual provisions value + +```shell +/cosmos.mint.v1beta1.Query/AnnualProvisions +``` + +Example: + +```shell +grpcurl -plaintext localhost:9090 cosmos.mint.v1beta1.Query/AnnualProvisions +``` + +Example Output: + +```json +{ + "annualProvisions": "1432452520532626265712995618" +} +``` + +#### Inflation + +The `Inflation` endpoint allows users to query the current minting inflation value + +```shell +/cosmos.mint.v1beta1.Query/Inflation +``` + +Example: + +```shell +grpcurl -plaintext localhost:9090 cosmos.mint.v1beta1.Query/Inflation +``` + +Example Output: + +```json +{ + "inflation": "130197115720711261" +} +``` + +#### Params + +The `Params` endpoint allows users to query the current minting parameters + +```shell +/cosmos.mint.v1beta1.Query/Params +``` + +Example: + +```shell +grpcurl -plaintext localhost:9090 cosmos.mint.v1beta1.Query/Params +``` + +Example Output: + +```json +{ + "params": { + "mintDenom": "stake", + "inflationRateChange": "130000000000000000", + "inflationMax": "200000000000000000", + "inflationMin": "70000000000000000", + "goalBonded": "670000000000000000", + "blocksPerYear": "6311520" + } +} +``` + +### REST + +A user can query the `mint` module using REST endpoints. + +#### annual-provisions + +```shell +/cosmos/mint/v1beta1/annual_provisions +``` + +Example: + +```shell +curl "localhost:1317/cosmos/mint/v1beta1/annual_provisions" +``` + +Example Output: + +```json +{ + "annualProvisions": "1432452520532626265712995618" +} +``` + +#### inflation + +```shell +/cosmos/mint/v1beta1/inflation +``` + +Example: + +```shell +curl "localhost:1317/cosmos/mint/v1beta1/inflation" +``` + +Example Output: + +```json +{ + "inflation": "130197115720711261" +} +``` + +#### params + +```shell +/cosmos/mint/v1beta1/params +``` + +Example: + +```shell +curl "localhost:1317/cosmos/mint/v1beta1/params" +``` + +Example Output: + +```json +{ + "params": { + "mintDenom": "stake", + "inflationRateChange": "130000000000000000", + "inflationMax": "200000000000000000", + "inflationMin": "70000000000000000", + "goalBonded": "670000000000000000", + "blocksPerYear": "6311520" + } +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/modules/nft/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/modules/nft/README.md new file mode 100644 index 00000000..34c1d406 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/modules/nft/README.md @@ -0,0 +1,89 @@ +--- +sidebar_position: 1 +--- + +# `x/nft` + +## Contents + +## Abstract + +`x/nft` is an implementation of a Cosmos SDK module, per [ADR 43](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-043-nft-module.md), that allows you to create nft classification, create nft, transfer nft, update nft, and support various queries by integrating the module. It is fully compatible with the ERC721 specification. + +* [Concepts](#concepts) + * [Class](#class) + * [NFT](#nft) +* [State](#state) + * [Class](#class-1) + * [NFT](#nft-1) + * [NFTOfClassByOwner](#nftofclassbyowner) + * [Owner](#owner) + * [TotalSupply](#totalsupply) +* [Messages](#messages) + * [MsgSend](#msgsend) +* [Events](#events) + +## Concepts + +### Class + +`x/nft` module defines a struct `Class` to describe the common characteristics of a class of nft, under this class, you can create a variety of nft, which is equivalent to an erc721 contract for Ethereum. The design is defined in the [ADR 043](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-043-nft-module.md). + +### NFT + +The full name of NFT is Non-Fungible Tokens. Because of the irreplaceable nature of NFT, it means that it can be used to represent unique things. The nft implemented by this module is fully compatible with Ethereum ERC721 standard. + +## State + +### Class + +Class is mainly composed of `id`, `name`, `symbol`, `description`, `uri`, `uri_hash`,`data` where `id` is the unique identifier of the class, similar to the Ethereum ERC721 contract address, the others are optional. + +* Class: `0x01 | classID | -> ProtocolBuffer(Class)` + +### NFT + +NFT is mainly composed of `class_id`, `id`, `uri`, `uri_hash` and `data`. Among them, `class_id` and `id` are two-tuples that identify the uniqueness of nft, `uri` and `uri_hash` is optional, which identifies the off-chain storage location of the nft, and `data` is an Any type. Use Any chain of `x/nft` modules can be customized by extending this field + +* NFT: `0x02 | classID | 0x00 | nftID |-> ProtocolBuffer(NFT)` + +### NFTOfClassByOwner + +NFTOfClassByOwner is mainly to realize the function of querying all nfts using classID and owner, without other redundant functions. + +* NFTOfClassByOwner: `0x03 | owner | 0x00 | classID | 0x00 | nftID |-> 0x01` + +### Owner + +Since there is no extra field in NFT to indicate the owner of nft, an additional key-value pair is used to save the ownership of nft. With the transfer of nft, the key-value pair is updated synchronously. + +* OwnerKey: `0x04 | classID | 0x00 | nftID |-> owner` + +### TotalSupply + +TotalSupply is responsible for tracking the number of all nfts under a certain class. Mint operation is performed under the changed class, supply increases by one, burn operation, and supply decreases by one. + +* OwnerKey: `0x05 | classID |-> totalSupply` + +## Messages + +In this section we describe the processing of messages for the NFT module. + +:::warning +The validation of `ClassID` and `NftID` is left to the app developer. +The SDK does not provide any validation for these fields. +::: + +### MsgSend + +You can use the `MsgSend` message to transfer the ownership of nft. This is a function provided by the `x/nft` module. Of course, you can use the `Transfer` method to implement your own transfer logic, but you need to pay extra attention to the transfer permissions. + +The message handling should fail if: + +* provided `ClassID` does not exist. +* provided `Id` does not exist. +* provided `Sender` does not the owner of nft. + +## Events + +The nft module emits proto events defined in [the Protobuf reference](https://buf.build/cosmos/cosmos-sdk/docs/main:cosmos.nft.v1beta1). diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/modules/params/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/modules/params/README.md new file mode 100644 index 00000000..372f0ce6 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/modules/params/README.md @@ -0,0 +1,79 @@ +--- +sidebar_position: 1 +--- + +# `x/params` + +NOTE: `x/params` is deprecated as of Cosmos SDK v0.53 and will be removed in the next release. + +## Abstract + +Package params provides a globally available parameter store. + +There are two main types, Keeper and Subspace. Subspace is an isolated namespace for a +paramstore, where keys are prefixed by preconfigured spacename. Keeper has a +permission to access all existing spaces. + +Subspace can be used by the individual keepers, which need a private parameter store +that the other keepers cannot modify. The params Keeper can be used to add a route to `x/gov` router in order to modify any parameter in case a proposal passes. + +The following contents explains how to use params module for master and user modules. + +## Contents + +* [Keeper](#keeper) +* [Subspace](#subspace) + * [Key](#key) + * [KeyTable](#keytable) + * [ParamSet](#paramset) + +## Keeper + +In the app initialization stage, [subspaces](#subspace) can be allocated for other modules' keeper using `Keeper.Subspace` and are stored in `Keeper.spaces`. Then, those modules can have a reference to their specific parameter store through `Keeper.GetSubspace`. + +Example: + +```go +type ExampleKeeper struct { + paramSpace paramtypes.Subspace +} + +func (k ExampleKeeper) SetParams(ctx sdk.Context, params types.Params) { + k.paramSpace.SetParamSet(ctx, ¶ms) +} +``` + +## Subspace + +`Subspace` is a prefixed subspace of the parameter store. Each module which uses the +parameter store will take a `Subspace` to isolate permission to access. + +### Key + +Parameter keys are human readable alphanumeric strings. A parameter for the key +`"ExampleParameter"` is stored under `[]byte("SubspaceName" + "/" + "ExampleParameter")`, + where `"SubspaceName"` is the name of the subspace. + +Subkeys are secondary parameter keys those are used along with a primary parameter key. +Subkeys can be used for grouping or dynamic parameter key generation during runtime. + +### KeyTable + +All of the parameter keys that will be used should be registered at the compile +time. `KeyTable` is essentially a `map[string]attribute`, where the `string` is a parameter key. + +Currently, `attribute` consists of a `reflect.Type`, which indicates the parameter +type to check that provided key and value are compatible and registered, as well as a function `ValueValidatorFn` to validate values. + +Only primary keys have to be registered on the `KeyTable`. Subkeys inherit the +attribute of the primary key. + +### ParamSet + +Modules often define parameters as a proto message. The generated struct can implement +`ParamSet` interface to be used with the following methods: + +* `KeyTable.RegisterParamSet()`: registers all parameters in the struct +* `Subspace.{Get, Set}ParamSet()`: Get to & Set from the struct + +The implementor should be a pointer in order to use `GetParamSet()`. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/modules/protocolpool/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/modules/protocolpool/README.md new file mode 100644 index 00000000..c7e379d6 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/modules/protocolpool/README.md @@ -0,0 +1,162 @@ +--- +sidebar_position: 1 +--- + +# `x/protocolpool` + +## Concepts + +`x/protocolpool` is a supplemental Cosmos SDK module that handles functionality for community pool funds. The module provides a separate module account for the community pool making it easier to track the pool assets. Starting with v0.53 of the Cosmos SDK, community funds can be tracked using this module instead of the `x/distribution` module. Funds are migrated from the `x/distribution` module's community pool to `x/protocolpool`'s module account automatically. + +This module is `supplemental`; it is not required to run a Cosmos SDK chain. `x/protocolpool` enhances the community pool functionality provided by `x/distribution` and enables custom modules to further extend the community pool. + +Note: _as long as an external commmunity pool keeper (here, `x/protocolpool`) is wired in DI configs, `x/distribution` will automatically use it for its external pool._ + +## Usage Limitations + +The following `x/distribution` handlers will now return an error when the `protocolpool` module is used with `x/distribution`: + +**QueryService** + +- `CommunityPool` + +**MsgService** + +- `CommunityPoolSpend` +- `FundCommunityPool` + +If you have services that rely on this functionality from `x/distribution`, please update them to use the `x/protocolpool` equivalents. + +## State Transitions + +### FundCommunityPool + +FundCommunityPool can be called by any valid account to send funds to the `x/protocolpool` module account. + +```protobuf + // FundCommunityPool defines a method to allow an account to directly + // fund the community pool. + rpc FundCommunityPool(MsgFundCommunityPool) returns (MsgFundCommunityPoolResponse); +``` + +### CommunityPoolSpend + +CommunityPoolSpend can be called by the module authority (default governance module account) or any account with authorization to spend funds from the `x/protocolpool` module account to a receiver address. + +```protobuf + // CommunityPoolSpend defines a governance operation for sending tokens from + // the community pool in the x/protocolpool module to another account, which + // could be the governance module itself. The authority is defined in the + // keeper. + rpc CommunityPoolSpend(MsgCommunityPoolSpend) returns (MsgCommunityPoolSpendResponse); +``` + +### CreateContinuousFund + +CreateContinuousFund is a message used to initiate a continuous fund for a specific recipient. The proposed percentage of funds will be distributed only on withdraw request for the recipient. The fund distribution continues until expiry time is reached or continuous fund request is canceled. +NOTE: This feature is designed to work with the SDK's default bond denom. + +```protobuf + // CreateContinuousFund defines a method to distribute a percentage of funds to an address continuously. + // This ContinuousFund can be indefinite or run until a given expiry time. + // Funds come from validator block rewards from x/distribution, but may also come from + // any user who funds the ProtocolPoolEscrow module account directly through x/bank. + rpc CreateContinuousFund(MsgCreateContinuousFund) returns (MsgCreateContinuousFundResponse); +``` + +### CancelContinuousFund + +CancelContinuousFund is a message used to cancel an existing continuous fund proposal for a specific recipient. Cancelling a continuous fund stops further distribution of funds, and the state object is removed from storage. + +```protobuf + // CancelContinuousFund defines a method for cancelling continuous fund. + rpc CancelContinuousFund(MsgCancelContinuousFund) returns (MsgCancelContinuousFundResponse); +``` + +## Messages + +### MsgFundCommunityPool + +This message sends coins directly from the sender to the community pool. + +:::tip +If you know the `x/protocolpool` module account address, you can directly use bank `send` transaction instead. +::: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/proto/cosmos/protocolpool/v1/tx.proto#L43-L53 +``` + +* The msg will fail if the amount cannot be transferred from the sender to the `x/protocolpool` module account. + +```go +func (k Keeper) FundCommunityPool(ctx context.Context, amount sdk.Coins, sender sdk.AccAddress) error { + return k.bankKeeper.SendCoinsFromAccountToModule(ctx, sender, types.ModuleName, amount) +} +``` + +### MsgCommunityPoolSpend + +This message distributes funds from the `x/protocolpool` module account to the recipient using `DistributeFromCommunityPool` keeper method. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/proto/cosmos/protocolpool/v1/tx.proto#L58-L69 +``` + +The message will fail under the following conditions: + +* The amount cannot be transferred to the recipient from the `x/protocolpool` module account. +* The `recipient` address is restricted + +```go +func (k Keeper) DistributeFromCommunityPool(ctx context.Context, amount sdk.Coins, receiveAddr sdk.AccAddress) error { + return k.bankKeeper.SendCoinsFromModuleToAccount(ctx, types.ModuleName, receiveAddr, amount) +} +``` + +### MsgCreateContinuousFund + +This message is used to create a continuous fund for a specific recipient. The proposed percentage of funds will be distributed only on withdraw request for the recipient. This fund distribution continues until expiry time is reached or continuous fund request is canceled. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/proto/cosmos/protocolpool/v1/tx.proto#L114-L130 +``` + +The message will fail under the following conditions: + +- The recipient address is empty or restricted. +- The percentage is zero/negative/greater than one. +- The Expiry time is less than the current block time. + +:::warning +If two continuous fund proposals to the same address are created, the previous ContinuousFund will be updated with the new ContinuousFund. +::: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/x/protocolpool/keeper/msg_server.go#L103-L166 +``` + +### MsgCancelContinuousFund + +This message is used to cancel an existing continuous fund proposal for a specific recipient. Once canceled, the continuous fund will no longer distribute funds at each begin block, and the state object will be removed. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/x/protocolpool/proto/cosmos/protocolpool/v1/tx.proto#L136-L161 +``` + +The message will fail under the following conditions: + +- The recipient address is empty or restricted. +- The ContinuousFund for the recipient does not exist. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/x/protocolpool/keeper/msg_server.go#L188-L226 +``` + +## Client + +It takes the advantage of `AutoCLI` + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/x/protocolpool/autocli.go +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/modules/slashing/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/modules/slashing/README.md new file mode 100644 index 00000000..591a9a73 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/modules/slashing/README.md @@ -0,0 +1,813 @@ +--- +sidebar_position: 1 +--- + +# `x/slashing` + +## Abstract + +This section specifies the slashing module of the Cosmos SDK, which implements functionality +first outlined in the [Cosmos Whitepaper](https://cosmos.network/about/whitepaper) in June 2016. + +The slashing module enables Cosmos SDK-based blockchains to disincentivize any attributable action +by a protocol-recognized actor with value at stake by penalizing them ("slashing"). + +Penalties may include, but are not limited to: + +* Burning some amount of their stake +* Removing their ability to vote on future blocks for a period of time. + +This module will be used by the Cosmos Hub, the first hub in the Cosmos ecosystem. + +## Contents + +* [Concepts](#concepts) + * [States](#states) + * [Tombstone Caps](#tombstone-caps) + * [Infraction Timelines](#infraction-timelines) +* [State](#state) + * [Signing Info (Liveness)](#signing-info-liveness) + * [Params](#params) +* [Messages](#messages) + * [Unjail](#unjail) +* [BeginBlock](#beginblock) + * [Liveness Tracking](#liveness-tracking) +* [Hooks](#hooks) +* [Events](#events) +* [Staking Tombstone](#staking-tombstone) +* [Parameters](#parameters) +* [CLI](#cli) + * [Query](#query) + * [Transactions](#transactions) + * [gRPC](#grpc) + * [REST](#rest) + +## Concepts + +### States + +At any given time, there are any number of validators registered in the state +machine. Each block, the top `MaxValidators` (defined by `x/staking`) validators +who are not jailed become _bonded_, meaning that they may propose and vote on +blocks. Validators who are _bonded_ are _at stake_, meaning that part or all of +their stake and their delegators' stake is at risk if they commit a protocol fault. + +For each of these validators we keep a `ValidatorSigningInfo` record that contains +information partaining to validator's liveness and other infraction related +attributes. + +### Tombstone Caps + +In order to mitigate the impact of initially likely categories of non-malicious +protocol faults, the Cosmos Hub implements for each validator +a _tombstone_ cap, which only allows a validator to be slashed once for a double +sign fault. For example, if you misconfigure your HSM and double-sign a bunch of +old blocks, you'll only be punished for the first double-sign (and then immediately tombstombed). This will still be quite expensive and desirable to avoid, but tombstone caps +somewhat blunt the economic impact of unintentional misconfiguration. + +Liveness faults do not have caps, as they can't stack upon each other. Liveness bugs are "detected" as soon as the infraction occurs, and the validators are immediately put in jail, so it is not possible for them to commit multiple liveness faults without unjailing in between. + +### Infraction Timelines + +To illustrate how the `x/slashing` module handles submitted evidence through +CometBFT consensus, consider the following examples: + +**Definitions**: + +_[_ : timeline start +_]_ : timeline end +_Cn_ : infraction `n` committed +_Dn_ : infraction `n` discovered +_Vb_ : validator bonded +_Vu_ : validator unbonded + +#### Single Double Sign Infraction + +\[----------C1----D1,Vu-----\] + +A single infraction is committed then later discovered, at which point the +validator is unbonded and slashed at the full amount for the infraction. + +#### Multiple Double Sign Infractions + +\[----------C1--C2---C3---D1,D2,D3Vu-----\] + +Multiple infractions are committed and then later discovered, at which point the +validator is jailed and slashed for only one infraction. Because the validator +is also tombstoned, they can not rejoin the validator set. + +## State + +### Signing Info (Liveness) + +Every block includes a set of precommits by the validators for the previous block, +known as the `LastCommitInfo` provided by CometBFT. A `LastCommitInfo` is valid so +long as it contains precommits from +2/3 of total voting power. + +Proposers are incentivized to include precommits from all validators in the CometBFT `LastCommitInfo` +by receiving additional fees proportional to the difference between the voting +power included in the `LastCommitInfo` and +2/3 (see [fee distribution](../distribution/README.md#begin-block)). + +```go +type LastCommitInfo struct { + Round int32 + Votes []VoteInfo +} +``` + +Validators are penalized for failing to be included in the `LastCommitInfo` for some +number of blocks by being automatically jailed, potentially slashed, and unbonded. + +Information about validator's liveness activity is tracked through `ValidatorSigningInfo`. +It is indexed in the store as follows: + +* ValidatorSigningInfo: `0x01 | ConsAddrLen (1 byte) | ConsAddress -> ProtocolBuffer(ValSigningInfo)` +* MissedBlocksBitArray: `0x02 | ConsAddrLen (1 byte) | ConsAddress | LittleEndianUint64(signArrayIndex) -> VarInt(didMiss)` (varint is a number encoding format) + +The first mapping allows us to easily lookup the recent signing info for a +validator based on the validator's consensus address. + +The second mapping (`MissedBlocksBitArray`) acts +as a bit-array of size `SignedBlocksWindow` that tells us if the validator missed +the block for a given index in the bit-array. The index in the bit-array is given +as little endian uint64. +The result is a `varint` that takes on `0` or `1`, where `0` indicates the +validator did not miss (did sign) the corresponding block, and `1` indicates +they missed the block (did not sign). + +Note that the `MissedBlocksBitArray` is not explicitly initialized up-front. Keys +are added as we progress through the first `SignedBlocksWindow` blocks for a newly +bonded validator. The `SignedBlocksWindow` parameter defines the size +(number of blocks) of the sliding window used to track validator liveness. + +The information stored for tracking validator liveness is as follows: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/slashing/v1beta1/slashing.proto#L13-L35 +``` + +### Params + +The slashing module stores it's params in state with the prefix of `0x00`, +it can be updated with governance or the address with authority. + +* Params: `0x00 | ProtocolBuffer(Params)` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/slashing/v1beta1/slashing.proto#L37-L59 +``` + +## Messages + +In this section we describe the processing of messages for the `slashing` module. + +### Unjail + +If a validator was automatically unbonded due to downtime and wishes to come back online & +possibly rejoin the bonded set, it must send `MsgUnjail`: + +```protobuf +// MsgUnjail is an sdk.Msg used for unjailing a jailed validator, thus returning +// them into the bonded validator set, so they can begin receiving provisions +// and rewards again. +message MsgUnjail { + string validator_addr = 1; +} +``` + +Below is a pseudocode of the `MsgSrv/Unjail` RPC: + +```go +unjail(tx MsgUnjail) + validator = getValidator(tx.ValidatorAddr) + if validator == nil + fail with "No validator found" + + if getSelfDelegation(validator) == 0 + fail with "validator must self delegate before unjailing" + + if !validator.Jailed + fail with "Validator not jailed, cannot unjail" + + info = GetValidatorSigningInfo(operator) + if info.Tombstoned + fail with "Tombstoned validator cannot be unjailed" + if block time < info.JailedUntil + fail with "Validator still jailed, cannot unjail until period has expired" + + validator.Jailed = false + setValidator(validator) + + return +``` + +If the validator has enough stake to be in the top `n = MaximumBondedValidators`, it will be automatically rebonded, +and all delegators still delegated to the validator will be rebonded and begin to again collect +provisions and rewards. + +## BeginBlock + +### Liveness Tracking + +At the beginning of each block, we update the `ValidatorSigningInfo` for each +validator and check if they've crossed below the liveness threshold over a +sliding window. This sliding window is defined by `SignedBlocksWindow` and the +index in this window is determined by `IndexOffset` found in the validator's +`ValidatorSigningInfo`. For each block processed, the `IndexOffset` is incremented +regardless if the validator signed or not. Once the index is determined, the +`MissedBlocksBitArray` and `MissedBlocksCounter` are updated accordingly. + +Finally, in order to determine if a validator crosses below the liveness threshold, +we fetch the maximum number of blocks missed, `maxMissed`, which is +`SignedBlocksWindow - (MinSignedPerWindow * SignedBlocksWindow)` and the minimum +height at which we can determine liveness, `minHeight`. If the current block is +greater than `minHeight` and the validator's `MissedBlocksCounter` is greater than +`maxMissed`, they will be slashed by `SlashFractionDowntime`, will be jailed +for `DowntimeJailDuration`, and have the following values reset: +`MissedBlocksBitArray`, `MissedBlocksCounter`, and `IndexOffset`. + +**Note**: Liveness slashes do **NOT** lead to a tombstombing. + +```go +height := block.Height + +for vote in block.LastCommitInfo.Votes { + signInfo := GetValidatorSigningInfo(vote.Validator.Address) + + // This is a relative index, so we counts blocks the validator SHOULD have + // signed. We use the 0-value default signing info if not present, except for + // start height. + index := signInfo.IndexOffset % SignedBlocksWindow() + signInfo.IndexOffset++ + + // Update MissedBlocksBitArray and MissedBlocksCounter. The MissedBlocksCounter + // just tracks the sum of MissedBlocksBitArray. That way we avoid needing to + // read/write the whole array each time. + missedPrevious := GetValidatorMissedBlockBitArray(vote.Validator.Address, index) + missed := !signed + + switch { + case !missedPrevious && missed: + // array index has changed from not missed to missed, increment counter + SetValidatorMissedBlockBitArray(vote.Validator.Address, index, true) + signInfo.MissedBlocksCounter++ + + case missedPrevious && !missed: + // array index has changed from missed to not missed, decrement counter + SetValidatorMissedBlockBitArray(vote.Validator.Address, index, false) + signInfo.MissedBlocksCounter-- + + default: + // array index at this index has not changed; no need to update counter + } + + if missed { + // emit events... + } + + minHeight := signInfo.StartHeight + SignedBlocksWindow() + maxMissed := SignedBlocksWindow() - MinSignedPerWindow() + + // If we are past the minimum height and the validator has missed too many + // jail and slash them. + if height > minHeight && signInfo.MissedBlocksCounter > maxMissed { + validator := ValidatorByConsAddr(vote.Validator.Address) + + // emit events... + + // We need to retrieve the stake distribution which signed the block, so we + // subtract ValidatorUpdateDelay from the block height, and subtract an + // additional 1 since this is the LastCommit. + // + // Note, that this CAN result in a negative "distributionHeight" up to + // -ValidatorUpdateDelay-1, i.e. at the end of the pre-genesis block (none) = at the beginning of the genesis block. + // That's fine since this is just used to filter unbonding delegations & redelegations. + distributionHeight := height - sdk.ValidatorUpdateDelay - 1 + + SlashWithInfractionReason(vote.Validator.Address, distributionHeight, vote.Validator.Power, SlashFractionDowntime(), stakingtypes.Downtime) + Jail(vote.Validator.Address) + + signInfo.JailedUntil = block.Time.Add(DowntimeJailDuration()) + + // We need to reset the counter & array so that the validator won't be + // immediately slashed for downtime upon rebonding. + signInfo.MissedBlocksCounter = 0 + signInfo.IndexOffset = 0 + ClearValidatorMissedBlockBitArray(vote.Validator.Address) + } + + SetValidatorSigningInfo(vote.Validator.Address, signInfo) +} +``` + +## Hooks + +This section contains a description of the module's `hooks`. Hooks are operations that are executed automatically when events are raised. + +### Staking hooks + +The slashing module implements the `StakingHooks` defined in `x/staking` and are used as record-keeping of validators information. During the app initialization, these hooks should be registered in the staking module struct. + +The following hooks impact the slashing state: + +* `AfterValidatorBonded` creates a `ValidatorSigningInfo` instance as described in the following section. +* `AfterValidatorCreated` stores a validator's consensus key. +* `AfterValidatorRemoved` removes a validator's consensus key. + +### Validator Bonded + +Upon successful first-time bonding of a new validator, we create a new `ValidatorSigningInfo` structure for the +now-bonded validator, which `StartHeight` of the current block. + +If the validator was out of the validator set and gets bonded again, its new bonded height is set. + +```go +onValidatorBonded(address sdk.ValAddress) + + signingInfo, found = GetValidatorSigningInfo(address) + if !found { + signingInfo = ValidatorSigningInfo { + StartHeight : CurrentHeight, + IndexOffset : 0, + JailedUntil : time.Unix(0, 0), + Tombstone : false, + MissedBloskCounter : 0 + } else { + signingInfo.StartHeight = CurrentHeight + } + + setValidatorSigningInfo(signingInfo) + } + + return +``` + +## Events + +The slashing module emits the following events: + +### MsgServer + +#### MsgUnjail + +| Type | Attribute Key | Attribute Value | +| ------- | ------------- | ------------------ | +| message | module | slashing | +| message | sender | {validatorAddress} | + +### Keeper + +### BeginBlocker: HandleValidatorSignature + +| Type | Attribute Key | Attribute Value | +| ----- | ------------- | --------------------------- | +| slash | address | {validatorConsensusAddress} | +| slash | power | {validatorPower} | +| slash | reason | {slashReason} | +| slash | jailed [0] | {validatorConsensusAddress} | +| slash | burned coins | {math.Int} | + +* [0] Only included if the validator is jailed. + +| Type | Attribute Key | Attribute Value | +| -------- | ------------- | --------------------------- | +| liveness | address | {validatorConsensusAddress} | +| liveness | missed_blocks | {missedBlocksCounter} | +| liveness | height | {blockHeight} | + +#### Slash + +* same as `"slash"` event from `HandleValidatorSignature`, but without the `jailed` attribute. + +#### Jail + +| Type | Attribute Key | Attribute Value | +| ----- | ------------- | ------------------ | +| slash | jailed | {validatorAddress} | + +## Staking Tombstone + +### Abstract + +In the current implementation of the `slashing` module, when the consensus engine +informs the state machine of a validator's consensus fault, the validator is +partially slashed, and put into a "jail period", a period of time in which they +are not allowed to rejoin the validator set. However, because of the nature of +consensus faults and ABCI, there can be a delay between an infraction occurring, +and evidence of the infraction reaching the state machine (this is one of the +primary reasons for the existence of the unbonding period). + +> Note: The tombstone concept, only applies to faults that have a delay between +> the infraction occurring and evidence reaching the state machine. For example, +> evidence of a validator double signing may take a while to reach the state machine +> due to unpredictable evidence gossip layer delays and the ability of validators to +> selectively reveal double-signatures (e.g. to infrequently-online light clients). +> Liveness slashing, on the other hand, is detected immediately as soon as the +> infraction occurs, and therefore no slashing period is needed. A validator is +> immediately put into jail period, and they cannot commit another liveness fault +> until they unjail. In the future, there may be other types of byzantine faults +> that have delays (for example, submitting evidence of an invalid proposal as a transaction). +> When implemented, it will have to be decided whether these future types of +> byzantine faults will result in a tombstoning (and if not, the slash amounts +> will not be capped by a slashing period). + +In the current system design, once a validator is put in the jail for a consensus +fault, after the `JailPeriod` they are allowed to send a transaction to `unjail` +themselves, and thus rejoin the validator set. + +One of the "design desires" of the `slashing` module is that if multiple +infractions occur before evidence is executed (and a validator is put in jail), +they should only be punished for single worst infraction, but not cumulatively. +For example, if the sequence of events is: + +1. Validator A commits Infraction 1 (worth 30% slash) +2. Validator A commits Infraction 2 (worth 40% slash) +3. Validator A commits Infraction 3 (worth 35% slash) +4. Evidence for Infraction 1 reaches state machine (and validator is put in jail) +5. Evidence for Infraction 2 reaches state machine +6. Evidence for Infraction 3 reaches state machine + +Only Infraction 2 should have its slash take effect, as it is the highest. This +is done, so that in the case of the compromise of a validator's consensus key, +they will only be punished once, even if the hacker double-signs many blocks. +Because, the unjailing has to be done with the validator's operator key, they +have a chance to re-secure their consensus key, and then signal that they are +ready using their operator key. We call this period during which we track only +the max infraction, the "slashing period". + +Once, a validator rejoins by unjailing themselves, we begin a new slashing period; +if they commit a new infraction after unjailing, it gets slashed cumulatively on +top of the worst infraction from the previous slashing period. + +However, while infractions are grouped based off of the slashing periods, because +evidence can be submitted up to an `unbondingPeriod` after the infraction, we +still have to allow for evidence to be submitted for previous slashing periods. +For example, if the sequence of events is: + +1. Validator A commits Infraction 1 (worth 30% slash) +2. Validator A commits Infraction 2 (worth 40% slash) +3. Evidence for Infraction 1 reaches state machine (and Validator A is put in jail) +4. Validator A unjails + +We are now in a new slashing period, however we still have to keep the door open +for the previous infraction, as the evidence for Infraction 2 may still come in. +As the number of slashing periods increase, it creates more complexity as we have +to keep track of the highest infraction amount for every single slashing period. + +> Note: Currently, according to the `slashing` module spec, a new slashing period +> is created every time a validator is unbonded then rebonded. This should probably +> be changed to jailed/unjailed. See issue [#3205](https://github.com/cosmos/cosmos-sdk/issues/3205) +> for further details. For the remainder of this, I will assume that we only start +> a new slashing period when a validator gets unjailed. + +The maximum number of slashing periods is the `len(UnbondingPeriod) / len(JailPeriod)`. +The current defaults in Gaia for the `UnbondingPeriod` and `JailPeriod` are 3 weeks +and 2 days, respectively. This means there could potentially be up to 11 slashing +periods concurrently being tracked per validator. If we set the `JailPeriod >= UnbondingPeriod`, +we only have to track 1 slashing period (i.e not have to track slashing periods). + +Currently, in the jail period implementation, once a validator unjails, all of +their delegators who are delegated to them (haven't unbonded / redelegated away), +stay with them. Given that consensus safety faults are so egregious +(way more so than liveness faults), it is probably prudent to have delegators not +"auto-rebond" to the validator. + +#### Proposal: infinite jail + +We propose setting the "jail time" for a +validator who commits a consensus safety fault, to `infinite` (i.e. a tombstone state). +This essentially kicks the validator out of the validator set and does not allow +them to re-enter the validator set. All of their delegators (including the operator themselves) +have to either unbond or redelegate away. The validator operator can create a new +validator if they would like, with a new operator key and consensus key, but they +have to "re-earn" their delegations back. + +Implementing the tombstone system and getting rid of the slashing period tracking +will make the `slashing` module way simpler, especially because we can remove all +of the hooks defined in the `slashing` module consumed by the `staking` module +(the `slashing` module still consumes hooks defined in `staking`). + +#### Single slashing amount + +Another optimization that can be made is that if we assume that all ABCI faults +for CometBFT consensus are slashed at the same level, we don't have to keep +track of "max slash". Once an ABCI fault happens, we don't have to worry about +comparing potential future ones to find the max. + +Currently the only CometBFT ABCI fault is: + +* Unjustified precommits (double signs) + +It is currently planned to include the following fault in the near future: + +* Signing a precommit when you're in unbonding phase (needed to make light client bisection safe) + +Given that these faults are both attributable byzantine faults, we will likely +want to slash them equally, and thus we can enact the above change. + +> Note: This change may make sense for current CometBFT consensus, but maybe +> not for a different consensus algorithm or future versions of CometBFT that +> may want to punish at different levels (for example, partial slashing). + +## Parameters + +The slashing module contains the following parameters: + +| Key | Type | Example | +| ----------------------- | -------------- | ---------------------- | +| SignedBlocksWindow | string (int64) | "100" | +| MinSignedPerWindow | string (dec) | "0.500000000000000000" | +| DowntimeJailDuration | string (ns) | "600000000000" | +| SlashFractionDoubleSign | string (dec) | "0.050000000000000000" | +| SlashFractionDowntime | string (dec) | "0.010000000000000000" | + +## CLI + +A user can query and interact with the `slashing` module using the CLI. + +### Query + +The `query` commands allow users to query `slashing` state. + +```shell +simd query slashing --help +``` + +#### params + +The `params` command allows users to query genesis parameters for the slashing module. + +```shell +simd query slashing params [flags] +``` + +Example: + +```shell +simd query slashing params +``` + +Example Output: + +```yml +downtime_jail_duration: 600s +min_signed_per_window: "0.500000000000000000" +signed_blocks_window: "100" +slash_fraction_double_sign: "0.050000000000000000" +slash_fraction_downtime: "0.010000000000000000" +``` + +#### signing-info + +The `signing-info` command allows users to query signing-info of the validator using consensus public key. + +```shell +simd query slashing signing-infos [flags] +``` + +Example: + +```shell +simd query slashing signing-info '{"@type":"/cosmos.crypto.ed25519.PubKey","key":"Auxs3865HpB/EfssYOzfqNhEJjzys6jD5B6tPgC8="}' + +``` + +Example Output: + +```yml +address: cosmosvalcons1nrqsld3aw6lh6t082frdqc84uwxn0t958c +index_offset: "2068" +jailed_until: "1970-01-01T00:00:00Z" +missed_blocks_counter: "0" +start_height: "0" +tombstoned: false +``` + +#### signing-infos + +The `signing-infos` command allows users to query signing infos of all validators. + +```shell +simd query slashing signing-infos [flags] +``` + +Example: + +```shell +simd query slashing signing-infos +``` + +Example Output: + +```yml +info: +- address: cosmosvalcons1nrqsld3aw6lh6t082frdqc84uwxn0t958c + index_offset: "2075" + jailed_until: "1970-01-01T00:00:00Z" + missed_blocks_counter: "0" + start_height: "0" + tombstoned: false +pagination: + next_key: null + total: "0" +``` + +### Transactions + +The `tx` commands allow users to interact with the `slashing` module. + +```bash +simd tx slashing --help +``` + +#### unjail + +The `unjail` command allows users to unjail a validator previously jailed for downtime. + +```bash +simd tx slashing unjail --from mykey [flags] +``` + +Example: + +```bash +simd tx slashing unjail --from mykey +``` + +### gRPC + +A user can query the `slashing` module using gRPC endpoints. + +#### Params + +The `Params` endpoint allows users to query the parameters of slashing module. + +```shell +cosmos.slashing.v1beta1.Query/Params +``` + +Example: + +```shell +grpcurl -plaintext localhost:9090 cosmos.slashing.v1beta1.Query/Params +``` + +Example Output: + +```json +{ + "params": { + "signedBlocksWindow": "100", + "minSignedPerWindow": "NTAwMDAwMDAwMDAwMDAwMDAw", + "downtimeJailDuration": "600s", + "slashFractionDoubleSign": "NTAwMDAwMDAwMDAwMDAwMDA=", + "slashFractionDowntime": "MTAwMDAwMDAwMDAwMDAwMDA=" + } +} +``` + +#### SigningInfo + +The SigningInfo queries the signing info of given cons address. + +```shell +cosmos.slashing.v1beta1.Query/SigningInfo +``` + +Example: + +```shell +grpcurl -plaintext -d '{"cons_address":"cosmosvalcons1nrqsld3aw6lh6t082frdqc84uwxn0t958c"}' localhost:9090 cosmos.slashing.v1beta1.Query/SigningInfo +``` + +Example Output: + +```json +{ + "valSigningInfo": { + "address": "cosmosvalcons1nrqsld3aw6lh6t082frdqc84uwxn0t958c", + "indexOffset": "3493", + "jailedUntil": "1970-01-01T00:00:00Z" + } +} +``` + +#### SigningInfos + +The SigningInfos queries signing info of all validators. + +```shell +cosmos.slashing.v1beta1.Query/SigningInfos +``` + +Example: + +```shell +grpcurl -plaintext localhost:9090 cosmos.slashing.v1beta1.Query/SigningInfos +``` + +Example Output: + +```json +{ + "info": [ + { + "address": "cosmosvalcons1nrqslkwd3pz096lh6t082frdqc84uwxn0t958c", + "indexOffset": "2467", + "jailedUntil": "1970-01-01T00:00:00Z" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### REST + +A user can query the `slashing` module using REST endpoints. + +#### Params + +```shell +/cosmos/slashing/v1beta1/params +``` + +Example: + +```shell +curl "localhost:1317/cosmos/slashing/v1beta1/params" +``` + +Example Output: + +```json +{ + "params": { + "signed_blocks_window": "100", + "min_signed_per_window": "0.500000000000000000", + "downtime_jail_duration": "600s", + "slash_fraction_double_sign": "0.050000000000000000", + "slash_fraction_downtime": "0.010000000000000000" +} +``` + +#### signing_info + +```shell +/cosmos/slashing/v1beta1/signing_infos/%s +``` + +Example: + +```shell +curl "localhost:1317/cosmos/slashing/v1beta1/signing_infos/cosmosvalcons1nrqslkwd3pz096lh6t082frdqc84uwxn0t958c" +``` + +Example Output: + +```json +{ + "val_signing_info": { + "address": "cosmosvalcons1nrqslkwd3pz096lh6t082frdqc84uwxn0t958c", + "start_height": "0", + "index_offset": "4184", + "jailed_until": "1970-01-01T00:00:00Z", + "tombstoned": false, + "missed_blocks_counter": "0" + } +} +``` + +#### signing_infos + +```shell +/cosmos/slashing/v1beta1/signing_infos +``` + +Example: + +```shell +curl "localhost:1317/cosmos/slashing/v1beta1/signing_infos +``` + +Example Output: + +```json +{ + "info": [ + { + "address": "cosmosvalcons1nrqslkwd3pz096lh6t082frdqc84uwxn0t958c", + "start_height": "0", + "index_offset": "4169", + "jailed_until": "1970-01-01T00:00:00Z", + "tombstoned": false, + "missed_blocks_counter": "0" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/modules/staking/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/modules/staking/README.md new file mode 100644 index 00000000..dd3c6d56 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/modules/staking/README.md @@ -0,0 +1,3058 @@ +--- +sidebar_position: 1 +--- + +# `x/staking` + +## Abstract + +This paper specifies the Staking module of the Cosmos SDK that was first +described in the [Cosmos Whitepaper](https://cosmos.network/about/whitepaper) +in June 2016. + +The module enables Cosmos SDK-based blockchain to support an advanced +Proof-of-Stake (PoS) system. In this system, holders of the native staking token of +the chain can become validators and can delegate tokens to validators, +ultimately determining the effective validator set for the system. + +This module is used in the Cosmos Hub, the first Hub in the Cosmos +network. + +## Contents + +* [State](#state) + * [Pool](#pool) + * [LastTotalPower](#lasttotalpower) + * [ValidatorUpdates](#validatorupdates) + * [UnbondingID](#unbondingid) + * [Params](#params) + * [Validator](#validator) + * [Delegation](#delegation) + * [UnbondingDelegation](#unbondingdelegation) + * [Redelegation](#redelegation) + * [Queues](#queues) + * [HistoricalInfo](#historicalinfo) +* [State Transitions](#state-transitions) + * [Validators](#validators) + * [Delegations](#delegations) + * [Slashing](#slashing) + * [How Shares are calculated](#how-shares-are-calculated) +* [Messages](#messages) + * [MsgCreateValidator](#msgcreatevalidator) + * [MsgEditValidator](#msgeditvalidator) + * [MsgDelegate](#msgdelegate) + * [MsgUndelegate](#msgundelegate) + * [MsgCancelUnbondingDelegation](#msgcancelunbondingdelegation) + * [MsgBeginRedelegate](#msgbeginredelegate) + * [MsgUpdateParams](#msgupdateparams) +* [Begin-Block](#begin-block) + * [Historical Info Tracking](#historical-info-tracking) +* [End-Block](#end-block) + * [Validator Set Changes](#validator-set-changes) + * [Queues](#queues-1) +* [Hooks](#hooks) +* [Events](#events) + * [EndBlocker](#endblocker) + * [Msg's](#msgs) +* [Parameters](#parameters) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) + +## State + +### Pool + +Pool is used for tracking bonded and not-bonded token supply of the bond denomination. + +### LastTotalPower + +LastTotalPower tracks the total amounts of bonded tokens recorded during the previous end block. +Store entries prefixed with "Last" must remain unchanged until EndBlock. + +* LastTotalPower: `0x12 -> ProtocolBuffer(math.Int)` + +### ValidatorUpdates + +ValidatorUpdates contains the validator updates returned to ABCI at the end of every block. +The values are overwritten in every block. + +* ValidatorUpdates `0x61 -> []abci.ValidatorUpdate` + +### UnbondingID + +UnbondingID stores the ID of the latest unbonding operation. It enables creating unique IDs for unbonding operations, i.e., UnbondingID is incremented every time a new unbonding operation (validator unbonding, unbonding delegation, redelegation) is initiated. + +* UnbondingID: `0x37 -> uint64` + +### Params + +The staking module stores its params in state with the prefix of `0x51`, +it can be updated with governance or the address with authority. + +* Params: `0x51 | ProtocolBuffer(Params)` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L310-L333 +``` + +### Validator + +Validators can have one of three statuses + +* `Unbonded`: The validator is not in the active set. They cannot sign blocks and do not earn + rewards. They can receive delegations. +* `Bonded`: Once the validator receives sufficient bonded tokens they automatically join the + active set during [`EndBlock`](#validator-set-changes) and their status is updated to `Bonded`. + They are signing blocks and receiving rewards. They can receive further delegations. + They can be slashed for misbehavior. Delegators to this validator who unbond their delegation + must wait the duration of the UnbondingTime, a chain-specific param, during which time + they are still slashable for offences of the source validator if those offences were committed + during the period of time that the tokens were bonded. +* `Unbonding`: When a validator leaves the active set, either by choice or due to slashing, jailing or + tombstoning, an unbonding of all their delegations begins. All delegations must then wait the UnbondingTime + before their tokens are moved to their accounts from the `BondedPool`. + +:::warning +Tombstoning is permanent, once tombstoned a validator's consensus key can not be reused within the chain where the tombstoning happened. +::: + +Validators objects should be primarily stored and accessed by the +`OperatorAddr`, an SDK validator address for the operator of the validator. Two +additional indices are maintained per validator object in order to fulfill +required lookups for slashing and validator-set updates. A third special index +(`LastValidatorPower`) is also maintained which however remains constant +throughout each block, unlike the first two indices which mirror the validator +records within a block. + +* Validators: `0x21 | OperatorAddrLen (1 byte) | OperatorAddr -> ProtocolBuffer(validator)` +* ValidatorsByConsAddr: `0x22 | ConsAddrLen (1 byte) | ConsAddr -> OperatorAddr` +* ValidatorsByPower: `0x23 | BigEndian(ConsensusPower) | OperatorAddrLen (1 byte) | OperatorAddr -> OperatorAddr` +* LastValidatorsPower: `0x11 | OperatorAddrLen (1 byte) | OperatorAddr -> ProtocolBuffer(ConsensusPower)` +* ValidatorsByUnbondingID: `0x38 | UnbondingID -> 0x21 | OperatorAddrLen (1 byte) | OperatorAddr` + +`Validators` is the primary index - it ensures that each operator can have only one +associated validator, where the public key of that validator can change in the +future. Delegators can refer to the immutable operator of the validator, without +concern for the changing public key. + +`ValidatorsByUnbondingID` is an additional index that enables lookups for + validators by the unbonding IDs corresponding to their current unbonding. + +`ValidatorByConsAddr` is an additional index that enables lookups for slashing. +When CometBFT reports evidence, it provides the validator address, so this +map is needed to find the operator. Note that the `ConsAddr` corresponds to the +address which can be derived from the validator's `ConsPubKey`. + +`ValidatorsByPower` is an additional index that provides a sorted list of +potential validators to quickly determine the current active set. Here +ConsensusPower is validator.Tokens/10^6 by default. Note that all validators +where `Jailed` is true are not stored within this index. + +`LastValidatorsPower` is a special index that provides a historical list of the +last-block's bonded validators. This index remains constant during a block but +is updated during the validator set update process which takes place in [`EndBlock`](#end-block). + +Each validator's state is stored in a `Validator` struct: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L82-L138 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L26-L80 +``` + +### Delegation + +Delegations are identified by combining `DelegatorAddr` (the address of the delegator) +with the `ValidatorAddr` Delegators are indexed in the store as follows: + +* Delegation: `0x31 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValidatorAddrLen (1 byte) | ValidatorAddr -> ProtocolBuffer(delegation)` + +Stake holders may delegate coins to validators; under this circumstance their +funds are held in a `Delegation` data structure. It is owned by one +delegator, and is associated with the shares for one validator. The sender of +the transaction is the owner of the bond. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L198-L216 +``` + +#### Delegator Shares + +When one delegates tokens to a Validator, they are issued a number of delegator shares based on a +dynamic exchange rate, calculated as follows from the total number of tokens delegated to the +validator and the number of shares issued so far: + +`Shares per Token = validator.TotalShares() / validator.Tokens()` + +Only the number of shares received is stored on the DelegationEntry. When a delegator then +Undelegates, the token amount they receive is calculated from the number of shares they currently +hold and the inverse exchange rate: + +`Tokens per Share = validator.Tokens() / validatorShares()` + +These `Shares` are simply an accounting mechanism. They are not a fungible asset. The reason for +this mechanism is to simplify the accounting around slashing. Rather than iteratively slashing the +tokens of every delegation entry, instead the Validator's total bonded tokens can be slashed, +effectively reducing the value of each issued delegator share. + +### UnbondingDelegation + +Shares in a `Delegation` can be unbonded, but they must for some time exist as +an `UnbondingDelegation`, where shares can be reduced if Byzantine behavior is +detected. + +`UnbondingDelegation` are indexed in the store as: + +* UnbondingDelegation: `0x32 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValidatorAddrLen (1 byte) | ValidatorAddr -> ProtocolBuffer(unbondingDelegation)` +* UnbondingDelegationsFromValidator: `0x33 | ValidatorAddrLen (1 byte) | ValidatorAddr | DelegatorAddrLen (1 byte) | DelegatorAddr -> nil` +* UnbondingDelegationByUnbondingId: `0x38 | UnbondingId -> 0x32 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValidatorAddrLen (1 byte) | ValidatorAddr` + `UnbondingDelegation` is used in queries, to lookup all unbonding delegations for + a given delegator. + +`UnbondingDelegationsFromValidator` is used in slashing, to lookup all + unbonding delegations associated with a given validator that need to be + slashed. + + `UnbondingDelegationByUnbondingId` is an additional index that enables + lookups for unbonding delegations by the unbonding IDs of the containing + unbonding delegation entries. + + +A UnbondingDelegation object is created every time an unbonding is initiated. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L218-L261 +``` + +### Redelegation + +The bonded tokens worth of a `Delegation` may be instantly redelegated from a +source validator to a different validator (destination validator). However when +this occurs they must be tracked in a `Redelegation` object, whereby their +shares can be slashed if their tokens have contributed to a Byzantine fault +committed by the source validator. + +`Redelegation` are indexed in the store as: + +* Redelegations: `0x34 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValidatorAddrLen (1 byte) | ValidatorSrcAddr | ValidatorDstAddr -> ProtocolBuffer(redelegation)` +* RedelegationsBySrc: `0x35 | ValidatorSrcAddrLen (1 byte) | ValidatorSrcAddr | ValidatorDstAddrLen (1 byte) | ValidatorDstAddr | DelegatorAddrLen (1 byte) | DelegatorAddr -> nil` +* RedelegationsByDst: `0x36 | ValidatorDstAddrLen (1 byte) | ValidatorDstAddr | ValidatorSrcAddrLen (1 byte) | ValidatorSrcAddr | DelegatorAddrLen (1 byte) | DelegatorAddr -> nil` +* RedelegationByUnbondingId: `0x38 | UnbondingId -> 0x34 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValidatorAddrLen (1 byte) | ValidatorSrcAddr | ValidatorDstAddr` + + `Redelegations` is used for queries, to lookup all redelegations for a given + delegator. + + `RedelegationsBySrc` is used for slashing based on the `ValidatorSrcAddr`. + + `RedelegationsByDst` is used for slashing based on the `ValidatorDstAddr` + +The first map here is used for queries, to lookup all redelegations for a given +delegator. The second map is used for slashing based on the `ValidatorSrcAddr`, +while the third map is for slashing based on the `ValidatorDstAddr`. + +`RedelegationByUnbondingId` is an additional index that enables + lookups for redelegations by the unbonding IDs of the containing + redelegation entries. + +A redelegation object is created every time a redelegation occurs. To prevent +"redelegation hopping" redelegations may not occur under the situation that: + +* the (re)delegator already has another immature redelegation in progress + with a destination to a validator (let's call it `Validator X`) +* and, the (re)delegator is attempting to create a _new_ redelegation + where the source validator for this new redelegation is `Validator X`. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L263-L308 +``` + +### Queues + +All queue objects are sorted by timestamp. The time used within any queue is +firstly converted to UTC, rounded to the nearest nanosecond then sorted. The sortable time format +used is a slight modification of the RFC3339Nano and uses the format string +`"2006-01-02T15:04:05.000000000"`. Notably this format: + +* right pads all zeros +* drops the time zone info (we already use UTC) + +In all cases, the stored timestamp represents the maturation time of the queue +element. + +#### UnbondingDelegationQueue + +For the purpose of tracking progress of unbonding delegations the unbonding +delegations queue is kept. + +* UnbondingDelegation: `0x41 | format(time) -> []DVPair` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L162-L172 +``` + +#### RedelegationQueue + +For the purpose of tracking progress of redelegations the redelegation queue is +kept. + +* RedelegationQueue: `0x42 | format(time) -> []DVVTriplet` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L179-L191 +``` + +#### ValidatorQueue + +For the purpose of tracking progress of unbonding validators the validator +queue is kept. + +* ValidatorQueueTime: `0x43 | format(time) -> []sdk.ValAddress` + +The stored object by each key is an array of validator operator addresses from +which the validator object can be accessed. Typically it is expected that only +a single validator record will be associated with a given timestamp however it is possible +that multiple validators exist in the queue at the same location. + +### HistoricalInfo + +HistoricalInfo objects are stored and pruned at each block such that the staking keeper persists +the `n` most recent historical info defined by staking module parameter: `HistoricalEntries`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L17-L24 +``` + +At each BeginBlock, the staking keeper will persist the current Header and the Validators that committed +the current block in a `HistoricalInfo` object. The Validators are sorted on their address to ensure that +they are in a deterministic order. +The oldest HistoricalEntries will be pruned to ensure that there only exist the parameter-defined number of +historical entries. + +## State Transitions + +### Validators + +State transitions in validators are performed on every [`EndBlock`](#validator-set-changes) +in order to check for changes in the active `ValidatorSet`. + +A validator can be `Unbonded`, `Unbonding` or `Bonded`. `Unbonded` +and `Unbonding` are collectively called `Not Bonded`. A validator can move +directly between all the states, except for from `Bonded` to `Unbonded`. + +#### Not bonded to Bonded + +The following transition occurs when a validator's ranking in the `ValidatorPowerIndex` surpasses +that of the `LastValidator`. + +* set `validator.Status` to `Bonded` +* send the `validator.Tokens` from the `NotBondedTokens` to the `BondedPool` `ModuleAccount` +* delete the existing record from `ValidatorByPowerIndex` +* add a new updated record to the `ValidatorByPowerIndex` +* update the `Validator` object for this validator +* if it exists, delete any `ValidatorQueue` record for this validator + +#### Bonded to Unbonding + +When a validator begins the unbonding process the following operations occur: + +* send the `validator.Tokens` from the `BondedPool` to the `NotBondedTokens` `ModuleAccount` +* set `validator.Status` to `Unbonding` +* delete the existing record from `ValidatorByPowerIndex` +* add a new updated record to the `ValidatorByPowerIndex` +* update the `Validator` object for this validator +* insert a new record into the `ValidatorQueue` for this validator + +#### Unbonding to Unbonded + +A validator moves from unbonding to unbonded when the `ValidatorQueue` object +moves from bonded to unbonded + +* update the `Validator` object for this validator +* set `validator.Status` to `Unbonded` + +#### Jail/Unjail + +when a validator is jailed it is effectively removed from the CometBFT set. +this process may be also be reversed. the following operations occur: + +* set `Validator.Jailed` and update object +* if jailed delete record from `ValidatorByPowerIndex` +* if unjailed add record to `ValidatorByPowerIndex` + +Jailed validators are not present in any of the following stores: + +* the power store (from consensus power to address) + +### Delegations + +#### Delegate + +When a delegation occurs both the validator and the delegation objects are affected + +* determine the delegators shares based on tokens delegated and the validator's exchange rate +* remove tokens from the sending account +* add shares the delegation object or add them to a created validator object +* add new delegator shares and update the `Validator` object +* transfer the `delegation.Amount` from the delegator's account to the `BondedPool` or the `NotBondedPool` `ModuleAccount` depending if the `validator.Status` is `Bonded` or not +* delete the existing record from `ValidatorByPowerIndex` +* add an new updated record to the `ValidatorByPowerIndex` + +#### Begin Unbonding + +As a part of the Undelegate and Complete Unbonding state transitions Unbond +Delegation may be called. + +* subtract the unbonded shares from delegator +* add the unbonded tokens to an `UnbondingDelegationEntry` +* update the delegation or remove the delegation if there are no more shares +* if the delegation is the operator of the validator and no more shares exist then trigger a jail validator +* update the validator with removed the delegator shares and associated coins +* if the validator state is `Bonded`, transfer the `Coins` worth of the unbonded + shares from the `BondedPool` to the `NotBondedPool` `ModuleAccount` +* remove the validator if it is unbonded and there are no more delegation shares. +* remove the validator if it is unbonded and there are no more delegation shares +* get a unique `unbondingId` and map it to the `UnbondingDelegationEntry` in `UnbondingDelegationByUnbondingId` +* call the `AfterUnbondingInitiated(unbondingId)` hook +* add the unbonding delegation to `UnbondingDelegationQueue` with the completion time set to `UnbondingTime` + +#### Cancel an `UnbondingDelegation` Entry + +When a `cancel unbond delegation` occurs both the `validator`, the `delegation` and an `UnbondingDelegationQueue` state will be updated. + +* if cancel unbonding delegation amount equals to the `UnbondingDelegation` entry `balance`, then the `UnbondingDelegation` entry deleted from `UnbondingDelegationQueue`. +* if the `cancel unbonding delegation amount is less than the `UnbondingDelegation` entry balance, then the `UnbondingDelegation` entry will be updated with new balance in the `UnbondingDelegationQueue`. +* cancel `amount` is [Delegated](#delegations) back to the original `validator`. + +#### Complete Unbonding + +For undelegations which do not complete immediately, the following operations +occur when the unbonding delegation queue element matures: + +* remove the entry from the `UnbondingDelegation` object +* transfer the tokens from the `NotBondedPool` `ModuleAccount` to the delegator `Account` + +#### Begin Redelegation + +Redelegations affect the delegation, source and destination validators. + +* perform an `unbond` delegation from the source validator to retrieve the tokens worth of the unbonded shares +* using the unbonded tokens, `Delegate` them to the destination validator +* if the `sourceValidator.Status` is `Bonded`, and the `destinationValidator` is not, + transfer the newly delegated tokens from the `BondedPool` to the `NotBondedPool` `ModuleAccount` +* otherwise, if the `sourceValidator.Status` is not `Bonded`, and the `destinationValidator` + is `Bonded`, transfer the newly delegated tokens from the `NotBondedPool` to the `BondedPool` `ModuleAccount` +* record the token amount in an new entry in the relevant `Redelegation` + +From when a redelegation begins until it completes, the delegator is in a state of "pseudo-unbonding", and can still be +slashed for infractions that occurred before the redelegation began. + +#### Complete Redelegation + +When a redelegations complete the following occurs: + +* remove the entry from the `Redelegation` object + +### Slashing + +#### Slash Validator + +When a Validator is slashed, the following occurs: + +* The total `slashAmount` is calculated as the `slashFactor` (a chain parameter) \* `TokensFromConsensusPower`, + the total number of tokens bonded to the validator at the time of the infraction. +* Every unbonding delegation and pseudo-unbonding redelegation such that the infraction occurred before the unbonding or + redelegation began from the validator are slashed by the `slashFactor` percentage of the initialBalance. +* Each amount slashed from redelegations and unbonding delegations is subtracted from the + total slash amount. +* The `remaingSlashAmount` is then slashed from the validator's tokens in the `BondedPool` or + `NonBondedPool` depending on the validator's status. This reduces the total supply of tokens. + +In the case of a slash due to any infraction that requires evidence to submitted (for example double-sign), the slash +occurs at the block where the evidence is included, not at the block where the infraction occurred. +Put otherwise, validators are not slashed retroactively, only when they are caught. + +#### Slash Unbonding Delegation + +When a validator is slashed, so are those unbonding delegations from the validator that began unbonding +after the time of the infraction. Every entry in every unbonding delegation from the validator +is slashed by `slashFactor`. The amount slashed is calculated from the `InitialBalance` of the +delegation and is capped to prevent a resulting negative balance. Completed (or mature) unbondings are not slashed. + +#### Slash Redelegation + +When a validator is slashed, so are all redelegations from the validator that began after the +infraction. Redelegations are slashed by `slashFactor`. +Redelegations that began before the infraction are not slashed. +The amount slashed is calculated from the `InitialBalance` of the delegation and is capped to +prevent a resulting negative balance. +Mature redelegations (that have completed pseudo-unbonding) are not slashed. + +### How Shares are calculated + +At any given point in time, each validator has a number of tokens, `T`, and has a number of shares issued, `S`. +Each delegator, `i`, holds a number of shares, `S_i`. +The number of tokens is the sum of all tokens delegated to the validator, plus the rewards, minus the slashes. + +The delegator is entitled to a portion of the underlying tokens proportional to their proportion of shares. +So delegator `i` is entitled to `T * S_i / S` of the validator's tokens. + +When a delegator delegates new tokens to the validator, they receive a number of shares proportional to their contribution. +So when delegator `j` delegates `T_j` tokens, they receive `S_j = S * T_j / T` shares. +The total number of tokens is now `T + T_j`, and the total number of shares is `S + S_j`. +`j`s proportion of the shares is the same as their proportion of the total tokens contributed: `(S + S_j) / S = (T + T_j) / T`. + +A special case is the initial delegation, when `T = 0` and `S = 0`, so `T_j / T` is undefined. +For the initial delegation, delegator `j` who delegates `T_j` tokens receive `S_j = T_j` shares. +So a validator that hasn't received any rewards and has not been slashed will have `T = S`. + +## Messages + +In this section we describe the processing of the staking messages and the corresponding updates to the state. All created/modified state objects specified by each message are defined within the [state](#state) section. + +### MsgCreateValidator + +A validator is created using the `MsgCreateValidator` message. +The validator must be created with an initial delegation from the operator. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L20-L21 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L50-L73 +``` + +This message is expected to fail if: + +* another validator with this operator address is already registered +* another validator with this pubkey is already registered +* the initial self-delegation tokens are of a denom not specified as the bonding denom +* the commission parameters are faulty, namely: + * `MaxRate` is either > 1 or < 0 + * the initial `Rate` is either negative or > `MaxRate` + * the initial `MaxChangeRate` is either negative or > `MaxRate` +* the description fields are too large + +This message creates and stores the `Validator` object at appropriate indexes. +Additionally a self-delegation is made with the initial tokens delegation +tokens `Delegation`. The validator always starts as unbonded but may be bonded +in the first end-block. + +### MsgEditValidator + +The `Description`, `CommissionRate` of a validator can be updated using the +`MsgEditValidator` message. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L23-L24 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L78-L97 +``` + +This message is expected to fail if: + +* the initial `CommissionRate` is either negative or > `MaxRate` +* the `CommissionRate` has already been updated within the previous 24 hours +* the `CommissionRate` is > `MaxChangeRate` +* the description fields are too large + +This message stores the updated `Validator` object. + +### MsgDelegate + +Within this message the delegator provides coins, and in return receives +some amount of their validator's (newly created) delegator-shares that are +assigned to `Delegation.Shares`. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L26-L28 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L102-L114 +``` + +This message is expected to fail if: + +* the validator does not exist +* the `Amount` `Coin` has a denomination different than one defined by `params.BondDenom` +* the exchange rate is invalid, meaning the validator has no tokens (due to slashing) but there are outstanding shares +* the amount delegated is less than the minimum allowed delegation + +If an existing `Delegation` object for provided addresses does not already +exist then it is created as part of this message otherwise the existing +`Delegation` is updated to include the newly received shares. + +The delegator receives newly minted shares at the current exchange rate. +The exchange rate is the number of existing shares in the validator divided by +the number of currently delegated tokens. + +The validator is updated in the `ValidatorByPower` index, and the delegation is +tracked in validator object in the `Validators` index. + +It is possible to delegate to a jailed validator, the only difference being it +will not be added to the power index until it is unjailed. + +![Delegation sequence](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/delegation_sequence.svg) + +### MsgUndelegate + +The `MsgUndelegate` message allows delegators to undelegate their tokens from +validator. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L34-L36 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L140-L152 +``` + +This message returns a response containing the completion time of the undelegation: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L154-L158 +``` + +This message is expected to fail if: + +* the delegation doesn't exist +* the validator doesn't exist +* the delegation has less shares than the ones worth of `Amount` +* existing `UnbondingDelegation` has maximum entries as defined by `params.MaxEntries` +* the `Amount` has a denomination different than one defined by `params.BondDenom` + +When this message is processed the following actions occur: + +* validator's `DelegatorShares` and the delegation's `Shares` are both reduced by the message `SharesAmount` +* calculate the token worth of the shares remove that amount tokens held within the validator +* with those removed tokens, if the validator is: + * `Bonded` - add them to an entry in `UnbondingDelegation` (create `UnbondingDelegation` if it doesn't exist) with a completion time a full unbonding period from the current time. Update pool shares to reduce BondedTokens and increase NotBondedTokens by token worth of the shares. + * `Unbonding` - add them to an entry in `UnbondingDelegation` (create `UnbondingDelegation` if it doesn't exist) with the same completion time as the validator (`UnbondingMinTime`). + * `Unbonded` - then send the coins the message `DelegatorAddr` +* if there are no more `Shares` in the delegation, then the delegation object is removed from the store + * under this situation if the delegation is the validator's self-delegation then also jail the validator. + +![Unbond sequence](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/unbond_sequence.svg) + +### MsgCancelUnbondingDelegation + +The `MsgCancelUnbondingDelegation` message allows delegators to cancel the `unbondingDelegation` entry and delegate back to a previous validator. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L38-L42 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L160-L175 +``` + +This message is expected to fail if: + +* the `unbondingDelegation` entry is already processed. +* the `cancel unbonding delegation` amount is greater than the `unbondingDelegation` entry balance. +* the `cancel unbonding delegation` height doesn't exist in the `unbondingDelegationQueue` of the delegator. + +When this message is processed the following actions occur: + +* if the `unbondingDelegation` Entry balance is zero + * in this condition `unbondingDelegation` entry will be removed from `unbondingDelegationQueue`. + * otherwise `unbondingDelegationQueue` will be updated with new `unbondingDelegation` entry balance and initial balance +* the validator's `DelegatorShares` and the delegation's `Shares` are both increased by the message `Amount`. + +### MsgBeginRedelegate + +The redelegation command allows delegators to instantly switch validators. Once +the unbonding period has passed, the redelegation is automatically completed in +the EndBlocker. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L30-L32 +``` + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L119-L132 +``` + +This message returns a response containing the completion time of the redelegation: + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L133-L138 +``` + +This message is expected to fail if: + +* the delegation doesn't exist +* the source or destination validators don't exist +* the delegation has less shares than the ones worth of `Amount` +* the source validator has a receiving redelegation which is not matured (aka. the redelegation may be transitive) +* existing `Redelegation` has maximum entries as defined by `params.MaxEntries` +* the `Amount` `Coin` has a denomination different than one defined by `params.BondDenom` + +When this message is processed the following actions occur: + +* the source validator's `DelegatorShares` and the delegations `Shares` are both reduced by the message `SharesAmount` +* calculate the token worth of the shares remove that amount tokens held within the source validator. +* if the source validator is: + * `Bonded` - add an entry to the `Redelegation` (create `Redelegation` if it doesn't exist) with a completion time a full unbonding period from the current time. Update pool shares to reduce BondedTokens and increase NotBondedTokens by token worth of the shares (this may be effectively reversed in the next step however). + * `Unbonding` - add an entry to the `Redelegation` (create `Redelegation` if it doesn't exist) with the same completion time as the validator (`UnbondingMinTime`). + * `Unbonded` - no action required in this step +* Delegate the token worth to the destination validator, possibly moving tokens back to the bonded state. +* if there are no more `Shares` in the source delegation, then the source delegation object is removed from the store + * under this situation if the delegation is the validator's self-delegation then also jail the validator. + +![Begin redelegation sequence](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/begin_redelegation_sequence.svg) + + +### MsgUpdateParams + +The `MsgUpdateParams` update the staking module parameters. +The params are updated through a governance proposal where the signer is the gov module account address. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L182-L195 +``` + +The message handling can fail if: + +* signer is not the authority defined in the staking keeper (usually the gov module account). + +## Begin-Block + +Each abci begin block call, the historical info will get stored and pruned +according to the `HistoricalEntries` parameter. + +### Historical Info Tracking + +If the `HistoricalEntries` parameter is 0, then the `BeginBlock` performs a no-op. + +Otherwise, the latest historical info is stored under the key `historicalInfoKey|height`, while any entries older than `height - HistoricalEntries` is deleted. +In most cases, this results in a single entry being pruned per block. +However, if the parameter `HistoricalEntries` has changed to a lower value there will be multiple entries in the store that must be pruned. + +## End-Block + +Each abci end block call, the operations to update queues and validator set +changes are specified to execute. + +### Validator Set Changes + +The staking validator set is updated during this process by state transitions +that run at the end of every block. As a part of this process any updated +validators are also returned back to CometBFT for inclusion in the CometBFT +validator set which is responsible for validating CometBFT messages at the +consensus layer. Operations are as following: + +* the new validator set is taken as the top `params.MaxValidators` number of + validators retrieved from the `ValidatorsByPower` index +* the previous validator set is compared with the new validator set: + * missing validators begin unbonding and their `Tokens` are transferred from the + `BondedPool` to the `NotBondedPool` `ModuleAccount` + * new validators are instantly bonded and their `Tokens` are transferred from the + `NotBondedPool` to the `BondedPool` `ModuleAccount` + +In all cases, any validators leaving or entering the bonded validator set or +changing balances and staying within the bonded validator set incur an update +message reporting their new consensus power which is passed back to CometBFT. + +The `LastTotalPower` and `LastValidatorsPower` hold the state of the total power +and validator power from the end of the last block, and are used to check for +changes that have occurred in `ValidatorsByPower` and the total new power, which +is calculated during `EndBlock`. + +### Queues + +Within staking, certain state-transitions are not instantaneous but take place +over a duration of time (typically the unbonding period). When these +transitions are mature certain operations must take place in order to complete +the state operation. This is achieved through the use of queues which are +checked/processed at the end of each block. + +#### Unbonding Validators + +When a validator is kicked out of the bonded validator set (either through +being jailed, or not having sufficient bonded tokens) it begins the unbonding +process along with all its delegations begin unbonding (while still being +delegated to this validator). At this point the validator is said to be an +"unbonding validator", whereby it will mature to become an "unbonded validator" +after the unbonding period has passed. + +Each block the validator queue is to be checked for mature unbonding validators +(namely with a completion time <= current time and completion height <= current +block height). At this point any mature validators which do not have any +delegations remaining are deleted from state. For all other mature unbonding +validators that still have remaining delegations, the `validator.Status` is +switched from `types.Unbonding` to +`types.Unbonded`. + +Unbonding operations can be put on hold by external modules via the `PutUnbondingOnHold(unbondingId)` method. + As a result, an unbonding operation (e.g., an unbonding delegation) that is on hold, cannot complete + even if it reaches maturity. For an unbonding operation with `unbondingId` to eventually complete + (after it reaches maturity), every call to `PutUnbondingOnHold(unbondingId)` must be matched + by a call to `UnbondingCanComplete(unbondingId)`. + +#### Unbonding Delegations + +Complete the unbonding of all mature `UnbondingDelegations.Entries` within the +`UnbondingDelegations` queue with the following procedure: + +* transfer the balance coins to the delegator's wallet address +* remove the mature entry from `UnbondingDelegation.Entries` +* remove the `UnbondingDelegation` object from the store if there are no + remaining entries. + +#### Redelegations + +Complete the unbonding of all mature `Redelegation.Entries` within the +`Redelegations` queue with the following procedure: + +* remove the mature entry from `Redelegation.Entries` +* remove the `Redelegation` object from the store if there are no + remaining entries. + +## Hooks + +Other modules may register operations to execute when a certain event has +occurred within staking. These events can be registered to execute either +right `Before` or `After` the staking event (as per the hook name). The +following hooks can registered with staking: + +* `AfterValidatorCreated(Context, ValAddress) error` + * called when a validator is created +* `BeforeValidatorModified(Context, ValAddress) error` + * called when a validator's state is changed +* `AfterValidatorRemoved(Context, ConsAddress, ValAddress) error` + * called when a validator is deleted +* `AfterValidatorBonded(Context, ConsAddress, ValAddress) error` + * called when a validator is bonded +* `AfterValidatorBeginUnbonding(Context, ConsAddress, ValAddress) error` + * called when a validator begins unbonding +* `BeforeDelegationCreated(Context, AccAddress, ValAddress) error` + * called when a delegation is created +* `BeforeDelegationSharesModified(Context, AccAddress, ValAddress) error` + * called when a delegation's shares are modified +* `AfterDelegationModified(Context, AccAddress, ValAddress) error` + * called when a delegation is created or modified +* `BeforeDelegationRemoved(Context, AccAddress, ValAddress) error` + * called when a delegation is removed +* `AfterUnbondingInitiated(Context, UnbondingID)` + * called when an unbonding operation (validator unbonding, unbonding delegation, redelegation) was initiated + + +## Events + +The staking module emits the following events: + +### EndBlocker + +| Type | Attribute Key | Attribute Value | +| --------------------- | --------------------- | ------------------------- | +| complete_unbonding | amount | {totalUnbondingAmount} | +| complete_unbonding | validator | {validatorAddress} | +| complete_unbonding | delegator | {delegatorAddress} | +| complete_redelegation | amount | {totalRedelegationAmount} | +| complete_redelegation | source_validator | {srcValidatorAddress} | +| complete_redelegation | destination_validator | {dstValidatorAddress} | +| complete_redelegation | delegator | {delegatorAddress} | + +## Msg's + +### MsgCreateValidator + +| Type | Attribute Key | Attribute Value | +| ---------------- | ------------- | ------------------ | +| create_validator | validator | {validatorAddress} | +| create_validator | amount | {delegationAmount} | +| message | module | staking | +| message | action | create_validator | +| message | sender | {senderAddress} | + +### MsgEditValidator + +| Type | Attribute Key | Attribute Value | +| -------------- | ------------------- | ------------------- | +| edit_validator | commission_rate | {commissionRate} | +| edit_validator | min_self_delegation | {minSelfDelegation} | +| message | module | staking | +| message | action | edit_validator | +| message | sender | {senderAddress} | + +### MsgDelegate + +| Type | Attribute Key | Attribute Value | +| -------- | ------------- | ------------------ | +| delegate | validator | {validatorAddress} | +| delegate | amount | {delegationAmount} | +| message | module | staking | +| message | action | delegate | +| message | sender | {senderAddress} | + +### MsgUndelegate + +| Type | Attribute Key | Attribute Value | +| ------- | ------------------- | ------------------ | +| unbond | validator | {validatorAddress} | +| unbond | amount | {unbondAmount} | +| unbond | completion_time [0] | {completionTime} | +| message | module | staking | +| message | action | begin_unbonding | +| message | sender | {senderAddress} | + +* [0] Time is formatted in the RFC3339 standard + +### MsgCancelUnbondingDelegation + +| Type | Attribute Key | Attribute Value | +| ----------------------------- | ------------------ | ------------------------------------| +| cancel_unbonding_delegation | validator | {validatorAddress} | +| cancel_unbonding_delegation | delegator | {delegatorAddress} | +| cancel_unbonding_delegation | amount | {cancelUnbondingDelegationAmount} | +| cancel_unbonding_delegation | creation_height | {unbondingCreationHeight} | +| message | module | staking | +| message | action | cancel_unbond | +| message | sender | {senderAddress} | + +### MsgBeginRedelegate + +| Type | Attribute Key | Attribute Value | +| ---------- | --------------------- | --------------------- | +| redelegate | source_validator | {srcValidatorAddress} | +| redelegate | destination_validator | {dstValidatorAddress} | +| redelegate | amount | {unbondAmount} | +| redelegate | completion_time [0] | {completionTime} | +| message | module | staking | +| message | action | begin_redelegate | +| message | sender | {senderAddress} | + +* [0] Time is formatted in the RFC3339 standard + +## Parameters + +The staking module contains the following parameters: + +| Key | Type | Example | +|-------------------|------------------|------------------------| +| UnbondingTime | string (time ns) | "259200000000000" | +| MaxValidators | uint16 | 100 | +| KeyMaxEntries | uint16 | 7 | +| HistoricalEntries | uint16 | 3 | +| BondDenom | string | "stake" | +| MinCommissionRate | string | "0.000000000000000000" | + +## Client + +### CLI + +A user can query and interact with the `staking` module using the CLI. + +#### Query + +The `query` commands allows users to query `staking` state. + +```bash +simd query staking --help +``` + +##### delegation + +The `delegation` command allows users to query delegations for an individual delegator on an individual validator. + +Usage: + +```bash +simd query staking delegation [delegator-addr] [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking delegation cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +balance: + amount: "10000000000" + denom: stake +delegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + shares: "10000000000.000000000000000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +##### delegations + +The `delegations` command allows users to query delegations for an individual delegator on all validators. + +Usage: + +```bash +simd query staking delegations [delegator-addr] [flags] +``` + +Example: + +```bash +simd query staking delegations cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p +``` + +Example Output: + +```bash +delegation_responses: +- balance: + amount: "10000000000" + denom: stake + delegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + shares: "10000000000.000000000000000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +- balance: + amount: "10000000000" + denom: stake + delegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + shares: "10000000000.000000000000000000" + validator_address: cosmosvaloper1x20lytyf6zkcrv5edpkfkn8sz578qg5sqfyqnp +pagination: + next_key: null + total: "0" +``` + +##### delegations-to + +The `delegations-to` command allows users to query delegations on an individual validator. + +Usage: + +```bash +simd query staking delegations-to [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking delegations-to cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +- balance: + amount: "504000000" + denom: stake + delegation: + delegator_address: cosmos1q2qwwynhv8kh3lu5fkeex4awau9x8fwt45f5cp + shares: "504000000.000000000000000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +- balance: + amount: "78125000000" + denom: uixo + delegation: + delegator_address: cosmos1qvppl3479hw4clahe0kwdlfvf8uvjtcd99m2ca + shares: "78125000000.000000000000000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +pagination: + next_key: null + total: "0" +``` + +##### historical-info + +The `historical-info` command allows users to query historical information at given height. + +Usage: + +```bash +simd query staking historical-info [height] [flags] +``` + +Example: + +```bash +simd query staking historical-info 10 +``` + +Example Output: + +```bash +header: + app_hash: Lbx8cXpI868wz8sgp4qPYVrlaKjevR5WP/IjUxwp3oo= + chain_id: testnet + consensus_hash: BICRvH3cKD93v7+R1zxE2ljD34qcvIZ0Bdi389qtoi8= + data_hash: 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= + evidence_hash: 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= + height: "10" + last_block_id: + hash: RFbkpu6pWfSThXxKKl6EZVDnBSm16+U0l0xVjTX08Fk= + part_set_header: + hash: vpIvXD4rxD5GM4MXGz0Sad9I7//iVYLzZsEU4BVgWIU= + total: 1 + last_commit_hash: Ne4uXyx4QtNp4Zx89kf9UK7oG9QVbdB6e7ZwZkhy8K0= + last_results_hash: 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= + next_validators_hash: nGBgKeWBjoxeKFti00CxHsnULORgKY4LiuQwBuUrhCs= + proposer_address: mMEP2c2IRPLr99LedSRtBg9eONM= + time: "2021-10-01T06:00:49.785790894Z" + validators_hash: nGBgKeWBjoxeKFti00CxHsnULORgKY4LiuQwBuUrhCs= + version: + app: "0" + block: "11" +valset: +- commission: + commission_rates: + max_change_rate: "0.010000000000000000" + max_rate: "0.200000000000000000" + rate: "0.100000000000000000" + update_time: "2021-10-01T05:52:50.380144238Z" + consensus_pubkey: + '@type': /cosmos.crypto.ed25519.PubKey + key: Auxs3865HpB/EfssYOzfqNhEJjzys2Fo6jD5B8tPgC8= + delegator_shares: "10000000.000000000000000000" + description: + details: "" + identity: "" + moniker: myvalidator + security_contact: "" + website: "" + jailed: false + min_self_delegation: "1" + operator_address: cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc + status: BOND_STATUS_BONDED + tokens: "10000000" + unbonding_height: "0" + unbonding_time: "1970-01-01T00:00:00Z" +``` + +##### params + +The `params` command allows users to query values set as staking parameters. + +Usage: + +```bash +simd query staking params [flags] +``` + +Example: + +```bash +simd query staking params +``` + +Example Output: + +```bash +bond_denom: stake +historical_entries: 10000 +max_entries: 7 +max_validators: 50 +unbonding_time: 1814400s +``` + +##### pool + +The `pool` command allows users to query values for amounts stored in the staking pool. + +Usage: + +```bash +simd q staking pool [flags] +``` + +Example: + +```bash +simd q staking pool +``` + +Example Output: + +```bash +bonded_tokens: "10000000" +not_bonded_tokens: "0" +``` + +##### redelegation + +The `redelegation` command allows users to query a redelegation record based on delegator and a source and destination validator address. + +Usage: + +```bash +simd query staking redelegation [delegator-addr] [src-validator-addr] [dst-validator-addr] [flags] +``` + +Example: + +```bash +simd query staking redelegation cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p cosmosvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +pagination: null +redelegation_responses: +- entries: + - balance: "50000000" + redelegation_entry: + completion_time: "2021-10-24T20:33:21.960084845Z" + creation_height: 2.382847e+06 + initial_balance: "50000000" + shares_dst: "50000000.000000000000000000" + - balance: "5000000000" + redelegation_entry: + completion_time: "2021-10-25T21:33:54.446846862Z" + creation_height: 2.397271e+06 + initial_balance: "5000000000" + shares_dst: "5000000000.000000000000000000" + redelegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + entries: null + validator_dst_address: cosmosvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm + validator_src_address: cosmosvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm +``` + +##### redelegations + +The `redelegations` command allows users to query all redelegation records for an individual delegator. + +Usage: + +```bash +simd query staking redelegations [delegator-addr] [flags] +``` + +Example: + +```bash +simd query staking redelegation cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "0" +redelegation_responses: +- entries: + - balance: "50000000" + redelegation_entry: + completion_time: "2021-10-24T20:33:21.960084845Z" + creation_height: 2.382847e+06 + initial_balance: "50000000" + shares_dst: "50000000.000000000000000000" + - balance: "5000000000" + redelegation_entry: + completion_time: "2021-10-25T21:33:54.446846862Z" + creation_height: 2.397271e+06 + initial_balance: "5000000000" + shares_dst: "5000000000.000000000000000000" + redelegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + entries: null + validator_dst_address: cosmosvaloper1uccl5ugxrm7vqlzwqr04pjd320d2fz0z3hc6vm + validator_src_address: cosmosvaloper1zppjyal5emta5cquje8ndkpz0rs046m7zqxrpp +- entries: + - balance: "562770000000" + redelegation_entry: + completion_time: "2021-10-25T21:42:07.336911677Z" + creation_height: 2.39735e+06 + initial_balance: "562770000000" + shares_dst: "562770000000.000000000000000000" + redelegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + entries: null + validator_dst_address: cosmosvaloper1uccl5ugxrm7vqlzwqr04pjd320d2fz0z3hc6vm + validator_src_address: cosmosvaloper1zppjyal5emta5cquje8ndkpz0rs046m7zqxrpp +``` + +##### redelegations-from + +The `redelegations-from` command allows users to query delegations that are redelegating _from_ a validator. + +Usage: + +```bash +simd query staking redelegations-from [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking redelegations-from cosmosvaloper1y4rzzrgl66eyhzt6gse2k7ej3zgwmngeleucjy +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "0" +redelegation_responses: +- entries: + - balance: "50000000" + redelegation_entry: + completion_time: "2021-10-24T20:33:21.960084845Z" + creation_height: 2.382847e+06 + initial_balance: "50000000" + shares_dst: "50000000.000000000000000000" + - balance: "5000000000" + redelegation_entry: + completion_time: "2021-10-25T21:33:54.446846862Z" + creation_height: 2.397271e+06 + initial_balance: "5000000000" + shares_dst: "5000000000.000000000000000000" + redelegation: + delegator_address: cosmos1pm6e78p4pgn0da365plzl4t56pxy8hwtqp2mph + entries: null + validator_dst_address: cosmosvaloper1uccl5ugxrm7vqlzwqr04pjd320d2fz0z3hc6vm + validator_src_address: cosmosvaloper1y4rzzrgl66eyhzt6gse2k7ej3zgwmngeleucjy +- entries: + - balance: "221000000" + redelegation_entry: + completion_time: "2021-10-05T21:05:45.669420544Z" + creation_height: 2.120693e+06 + initial_balance: "221000000" + shares_dst: "221000000.000000000000000000" + redelegation: + delegator_address: cosmos1zqv8qxy2zgn4c58fz8jt8jmhs3d0attcussrf6 + entries: null + validator_dst_address: cosmosvaloper10mseqwnwtjaqfrwwp2nyrruwmjp6u5jhah4c3y + validator_src_address: cosmosvaloper1y4rzzrgl66eyhzt6gse2k7ej3zgwmngeleucjy +``` + +##### unbonding-delegation + +The `unbonding-delegation` command allows users to query unbonding delegations for an individual delegator on an individual validator. + +Usage: + +```bash +simd query staking unbonding-delegation [delegator-addr] [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking unbonding-delegation cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p +entries: +- balance: "52000000" + completion_time: "2021-11-02T11:35:55.391594709Z" + creation_height: "55078" + initial_balance: "52000000" +validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +##### unbonding-delegations + +The `unbonding-delegations` command allows users to query all unbonding-delegations records for one delegator. + +Usage: + +```bash +simd query staking unbonding-delegations [delegator-addr] [flags] +``` + +Example: + +```bash +simd query staking unbonding-delegations cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "0" +unbonding_responses: +- delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + entries: + - balance: "52000000" + completion_time: "2021-11-02T11:35:55.391594709Z" + creation_height: "55078" + initial_balance: "52000000" + validator_address: cosmosvaloper1t8ehvswxjfn3ejzkjtntcyrqwvmvuknzmvtaaa + +``` + +##### unbonding-delegations-from + +The `unbonding-delegations-from` command allows users to query delegations that are unbonding _from_ a validator. + +Usage: + +```bash +simd query staking unbonding-delegations-from [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking unbonding-delegations-from cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "0" +unbonding_responses: +- delegator_address: cosmos1qqq9txnw4c77sdvzx0tkedsafl5s3vk7hn53fn + entries: + - balance: "150000000" + completion_time: "2021-11-01T21:41:13.098141574Z" + creation_height: "46823" + initial_balance: "150000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +- delegator_address: cosmos1peteje73eklqau66mr7h7rmewmt2vt99y24f5z + entries: + - balance: "24000000" + completion_time: "2021-10-31T02:57:18.192280361Z" + creation_height: "21516" + initial_balance: "24000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +##### validator + +The `validator` command allows users to query details about an individual validator. + +Usage: + +```bash +simd query staking validator [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking validator cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +commission: + commission_rates: + max_change_rate: "0.020000000000000000" + max_rate: "0.200000000000000000" + rate: "0.050000000000000000" + update_time: "2021-10-01T19:24:52.663191049Z" +consensus_pubkey: + '@type': /cosmos.crypto.ed25519.PubKey + key: sIiexdJdYWn27+7iUHQJDnkp63gq/rzUq1Y+fxoGjXc= +delegator_shares: "32948270000.000000000000000000" +description: + details: Witval is the validator arm from Vitwit. Vitwit is into software consulting + and services business since 2015. We are working closely with Cosmos ecosystem + since 2018. We are also building tools for the ecosystem, Aneka is our explorer + for the cosmos ecosystem. + identity: 51468B615127273A + moniker: Witval + security_contact: "" + website: "" +jailed: false +min_self_delegation: "1" +operator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +status: BOND_STATUS_BONDED +tokens: "32948270000" +unbonding_height: "0" +unbonding_time: "1970-01-01T00:00:00Z" +``` + +##### validators + +The `validators` command allows users to query details about all validators on a network. + +Usage: + +```bash +simd query staking validators [flags] +``` + +Example: + +```bash +simd query staking validators +``` + +Example Output: + +```bash +pagination: + next_key: FPTi7TKAjN63QqZh+BaXn6gBmD5/ + total: "0" +validators: +commission: + commission_rates: + max_change_rate: "0.020000000000000000" + max_rate: "0.200000000000000000" + rate: "0.050000000000000000" + update_time: "2021-10-01T19:24:52.663191049Z" +consensus_pubkey: + '@type': /cosmos.crypto.ed25519.PubKey + key: sIiexdJdYWn27+7iUHQJDnkp63gq/rzUq1Y+fxoGjXc= +delegator_shares: "32948270000.000000000000000000" +description: + details: Witval is the validator arm from Vitwit. Vitwit is into software consulting + and services business since 2015. We are working closely with Cosmos ecosystem + since 2018. We are also building tools for the ecosystem, Aneka is our explorer + for the cosmos ecosystem. + identity: 51468B615127273A + moniker: Witval + security_contact: "" + website: "" + jailed: false + min_self_delegation: "1" + operator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj + status: BOND_STATUS_BONDED + tokens: "32948270000" + unbonding_height: "0" + unbonding_time: "1970-01-01T00:00:00Z" +- commission: + commission_rates: + max_change_rate: "0.100000000000000000" + max_rate: "0.200000000000000000" + rate: "0.050000000000000000" + update_time: "2021-10-04T18:02:21.446645619Z" + consensus_pubkey: + '@type': /cosmos.crypto.ed25519.PubKey + key: GDNpuKDmCg9GnhnsiU4fCWktuGUemjNfvpCZiqoRIYA= + delegator_shares: "559343421.000000000000000000" + description: + details: Noderunners is a professional validator in POS networks. We have a huge + node running experience, reliable soft and hardware. Our commissions are always + low, our support to delegators is always full. Stake with us and start receiving + your Cosmos rewards now! + identity: 812E82D12FEA3493 + moniker: Noderunners + security_contact: info@noderunners.biz + website: http://noderunners.biz + jailed: false + min_self_delegation: "1" + operator_address: cosmosvaloper1q5ku90atkhktze83j9xjaks2p7uruag5zp6wt7 + status: BOND_STATUS_BONDED + tokens: "559343421" + unbonding_height: "0" + unbonding_time: "1970-01-01T00:00:00Z" +``` + +#### Transactions + +The `tx` commands allows users to interact with the `staking` module. + +```bash +simd tx staking --help +``` + +##### create-validator + +The command `create-validator` allows users to create new validator initialized with a self-delegation to it. + +Usage: + +```bash +simd tx staking create-validator [path/to/validator.json] [flags] +``` + +Example: + +```bash +simd tx staking create-validator /path/to/validator.json \ + --chain-id="name_of_chain_id" \ + --gas="auto" \ + --gas-adjustment="1.2" \ + --gas-prices="0.025stake" \ + --from=mykey +``` + +where `validator.json` contains: + +```json +{ + "pubkey": {"@type":"/cosmos.crypto.ed25519.PubKey","key":"BnbwFpeONLqvWqJb3qaUbL5aoIcW3fSuAp9nT3z5f20="}, + "amount": "1000000stake", + "moniker": "my-moniker", + "website": "https://myweb.site", + "security": "security-contact@gmail.com", + "details": "description of your validator", + "commission-rate": "0.10", + "commission-max-rate": "0.20", + "commission-max-change-rate": "0.01", + "min-self-delegation": "1" +} +``` + +and pubkey can be obtained by using `simd tendermint show-validator` command. + +##### delegate + +The command `delegate` allows users to delegate liquid tokens to a validator. + +Usage: + +```bash +simd tx staking delegate [validator-addr] [amount] [flags] +``` + +Example: + +```bash +simd tx staking delegate cosmosvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm 1000stake --from mykey +``` + +##### edit-validator + +The command `edit-validator` allows users to edit an existing validator account. + +Usage: + +```bash +simd tx staking edit-validator [flags] +``` + +Example: + +```bash +simd tx staking edit-validator --moniker "new_moniker_name" --website "new_webiste_url" --from mykey +``` + +##### redelegate + +The command `redelegate` allows users to redelegate illiquid tokens from one validator to another. + +Usage: + +```bash +simd tx staking redelegate [src-validator-addr] [dst-validator-addr] [amount] [flags] +``` + +Example: + +```bash +simd tx staking redelegate cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj cosmosvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm 100stake --from mykey +``` + +##### unbond + +The command `unbond` allows users to unbond shares from a validator. + +Usage: + +```bash +simd tx staking unbond [validator-addr] [amount] [flags] +``` + +Example: + +```bash +simd tx staking unbond cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj 100stake --from mykey +``` + +##### cancel unbond + +The command `cancel-unbond` allow users to cancel the unbonding delegation entry and delegate back to the original validator. + +Usage: + +```bash +simd tx staking cancel-unbond [validator-addr] [amount] [creation-height] +``` + +Example: + +```bash +simd tx staking cancel-unbond cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj 100stake 123123 --from mykey +``` + + +### gRPC + +A user can query the `staking` module using gRPC endpoints. + +#### Validators + +The `Validators` endpoint queries all validators that match the given status. + +```bash +cosmos.staking.v1beta1.Query/Validators +``` + +Example: + +```bash +grpcurl -plaintext localhost:9090 cosmos.staking.v1beta1.Query/Validators +``` + +Example Output: + +```bash +{ + "validators": [ + { + "operatorAddress": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "consensusPubkey": {"@type":"/cosmos.crypto.ed25519.PubKey","key":"Auxs3865HpB/EfssYOzfqNhEJjzys2Fo6jD5B8tPgC8="}, + "status": "BOND_STATUS_BONDED", + "tokens": "10000000", + "delegatorShares": "10000000000000000000000000", + "description": { + "moniker": "myvalidator" + }, + "unbondingTime": "1970-01-01T00:00:00Z", + "commission": { + "commissionRates": { + "rate": "100000000000000000", + "maxRate": "200000000000000000", + "maxChangeRate": "10000000000000000" + }, + "updateTime": "2021-10-01T05:52:50.380144238Z" + }, + "minSelfDelegation": "1" + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### Validator + +The `Validator` endpoint queries validator information for given validator address. + +```bash +cosmos.staking.v1beta1.Query/Validator +``` + +Example: + +```bash +grpcurl -plaintext -d '{"validator_addr":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/Validator +``` + +Example Output: + +```bash +{ + "validator": { + "operatorAddress": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "consensusPubkey": {"@type":"/cosmos.crypto.ed25519.PubKey","key":"Auxs3865HpB/EfssYOzfqNhEJjzys2Fo6jD5B8tPgC8="}, + "status": "BOND_STATUS_BONDED", + "tokens": "10000000", + "delegatorShares": "10000000000000000000000000", + "description": { + "moniker": "myvalidator" + }, + "unbondingTime": "1970-01-01T00:00:00Z", + "commission": { + "commissionRates": { + "rate": "100000000000000000", + "maxRate": "200000000000000000", + "maxChangeRate": "10000000000000000" + }, + "updateTime": "2021-10-01T05:52:50.380144238Z" + }, + "minSelfDelegation": "1" + } +} +``` + +#### ValidatorDelegations + +The `ValidatorDelegations` endpoint queries delegate information for given validator. + +```bash +cosmos.staking.v1beta1.Query/ValidatorDelegations +``` + +Example: + +```bash +grpcurl -plaintext -d '{"validator_addr":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/ValidatorDelegations +``` + +Example Output: + +```bash +{ + "delegationResponses": [ + { + "delegation": { + "delegatorAddress": "cosmos1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgy3ua5t", + "validatorAddress": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "shares": "10000000000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "10000000" + } + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### ValidatorUnbondingDelegations + +The `ValidatorUnbondingDelegations` endpoint queries delegate information for given validator. + +```bash +cosmos.staking.v1beta1.Query/ValidatorUnbondingDelegations +``` + +Example: + +```bash +grpcurl -plaintext -d '{"validator_addr":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/ValidatorUnbondingDelegations +``` + +Example Output: + +```bash +{ + "unbonding_responses": [ + { + "delegator_address": "cosmos1z3pzzw84d6xn00pw9dy3yapqypfde7vg6965fy", + "validator_address": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "entries": [ + { + "creation_height": "25325", + "completion_time": "2021-10-31T09:24:36.797320636Z", + "initial_balance": "20000000", + "balance": "20000000" + } + ] + }, + { + "delegator_address": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", + "validator_address": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "entries": [ + { + "creation_height": "13100", + "completion_time": "2021-10-30T12:53:02.272266791Z", + "initial_balance": "1000000", + "balance": "1000000" + } + ] + }, + ], + "pagination": { + "next_key": null, + "total": "8" + } +} +``` + +#### Delegation + +The `Delegation` endpoint queries delegate information for given validator delegator pair. + +```bash +cosmos.staking.v1beta1.Query/Delegation +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", validator_addr":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/Delegation +``` + +Example Output: + +```bash +{ + "delegation_response": + { + "delegation": + { + "delegator_address":"cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", + "validator_address":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "shares":"25083119936.000000000000000000" + }, + "balance": + { + "denom":"stake", + "amount":"25083119936" + } + } +} +``` + +#### UnbondingDelegation + +The `UnbondingDelegation` endpoint queries unbonding information for given validator delegator. + +```bash +cosmos.staking.v1beta1.Query/UnbondingDelegation +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", validator_addr":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/UnbondingDelegation +``` + +Example Output: + +```bash +{ + "unbond": { + "delegator_address": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", + "validator_address": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "entries": [ + { + "creation_height": "136984", + "completion_time": "2021-11-08T05:38:47.505593891Z", + "initial_balance": "400000000", + "balance": "400000000" + }, + { + "creation_height": "137005", + "completion_time": "2021-11-08T05:40:53.526196312Z", + "initial_balance": "385000000", + "balance": "385000000" + } + ] + } +} +``` + +#### DelegatorDelegations + +The `DelegatorDelegations` endpoint queries all delegations of a given delegator address. + +```bash +cosmos.staking.v1beta1.Query/DelegatorDelegations +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/DelegatorDelegations +``` + +Example Output: + +```bash +{ + "delegation_responses": [ + {"delegation":{"delegator_address":"cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77","validator_address":"cosmosvaloper1eh5mwu044gd5ntkkc2xgfg8247mgc56fww3vc8","shares":"25083339023.000000000000000000"},"balance":{"denom":"stake","amount":"25083339023"}} + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### DelegatorUnbondingDelegations + +The `DelegatorUnbondingDelegations` endpoint queries all unbonding delegations of a given delegator address. + +```bash +cosmos.staking.v1beta1.Query/DelegatorUnbondingDelegations +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/DelegatorUnbondingDelegations +``` + +Example Output: + +```bash +{ + "unbonding_responses": [ + { + "delegator_address": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", + "validator_address": "cosmosvaloper1sjllsnramtg3ewxqwwrwjxfgc4n4ef9uxyejze", + "entries": [ + { + "creation_height": "136984", + "completion_time": "2021-11-08T05:38:47.505593891Z", + "initial_balance": "400000000", + "balance": "400000000" + }, + { + "creation_height": "137005", + "completion_time": "2021-11-08T05:40:53.526196312Z", + "initial_balance": "385000000", + "balance": "385000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### Redelegations + +The `Redelegations` endpoint queries redelegations of given address. + +```bash +cosmos.staking.v1beta1.Query/Redelegations +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1ld5p7hn43yuh8ht28gm9pfjgj2fctujp2tgwvf", "src_validator_addr" : "cosmosvaloper1j7euyj85fv2jugejrktj540emh9353ltgppc3g", "dst_validator_addr" : "cosmosvaloper1yy3tnegzmkdcm7czzcy3flw5z0zyr9vkkxrfse"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/Redelegations +``` + +Example Output: + +```bash +{ + "redelegation_responses": [ + { + "redelegation": { + "delegator_address": "cosmos1ld5p7hn43yuh8ht28gm9pfjgj2fctujp2tgwvf", + "validator_src_address": "cosmosvaloper1j7euyj85fv2jugejrktj540emh9353ltgppc3g", + "validator_dst_address": "cosmosvaloper1yy3tnegzmkdcm7czzcy3flw5z0zyr9vkkxrfse", + "entries": null + }, + "entries": [ + { + "redelegation_entry": { + "creation_height": 135932, + "completion_time": "2021-11-08T03:52:55.299147901Z", + "initial_balance": "2900000", + "shares_dst": "2900000.000000000000000000" + }, + "balance": "2900000" + } + ] + } + ], + "pagination": null +} +``` + +#### DelegatorValidators + +The `DelegatorValidators` endpoint queries all validators information for given delegator. + +```bash +cosmos.staking.v1beta1.Query/DelegatorValidators +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1ld5p7hn43yuh8ht28gm9pfjgj2fctujp2tgwvf"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/DelegatorValidators +``` + +Example Output: + +```bash +{ + "validators": [ + { + "operator_address": "cosmosvaloper1eh5mwu044gd5ntkkc2xgfg8247mgc56fww3vc8", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "UPwHWxH1zHJWGOa/m6JB3f5YjHMvPQPkVbDqqi+U7Uw=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "347260647559", + "delegator_shares": "347260647559.000000000000000000", + "description": { + "moniker": "BouBouNode", + "identity": "", + "website": "https://boubounode.com", + "security_contact": "", + "details": "AI-based Validator. #1 AI Validator on Game of Stakes. Fairly priced. Don't trust (humans), verify. Made with BouBou love." + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.061000000000000000", + "max_rate": "0.300000000000000000", + "max_change_rate": "0.150000000000000000" + }, + "update_time": "2021-10-01T15:00:00Z" + }, + "min_self_delegation": "1" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### DelegatorValidator + +The `DelegatorValidator` endpoint queries validator information for given delegator validator + +```bash +cosmos.staking.v1beta1.Query/DelegatorValidator +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1eh5mwu044gd5ntkkc2xgfg8247mgc56f3n8rr7", "validator_addr": "cosmosvaloper1eh5mwu044gd5ntkkc2xgfg8247mgc56fww3vc8"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/DelegatorValidator +``` + +Example Output: + +```bash +{ + "validator": { + "operator_address": "cosmosvaloper1eh5mwu044gd5ntkkc2xgfg8247mgc56fww3vc8", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "UPwHWxH1zHJWGOa/m6JB3f5YjHMvPQPkVbDqqi+U7Uw=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "347262754841", + "delegator_shares": "347262754841.000000000000000000", + "description": { + "moniker": "BouBouNode", + "identity": "", + "website": "https://boubounode.com", + "security_contact": "", + "details": "AI-based Validator. #1 AI Validator on Game of Stakes. Fairly priced. Don't trust (humans), verify. Made with BouBou love." + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.061000000000000000", + "max_rate": "0.300000000000000000", + "max_change_rate": "0.150000000000000000" + }, + "update_time": "2021-10-01T15:00:00Z" + }, + "min_self_delegation": "1" + } +} +``` + +#### HistoricalInfo + +```bash +cosmos.staking.v1beta1.Query/HistoricalInfo +``` + +Example: + +```bash +grpcurl -plaintext -d '{"height" : 1}' localhost:9090 cosmos.staking.v1beta1.Query/HistoricalInfo +``` + +Example Output: + +```bash +{ + "hist": { + "header": { + "version": { + "block": "11", + "app": "0" + }, + "chain_id": "simd-1", + "height": "140142", + "time": "2021-10-11T10:56:29.720079569Z", + "last_block_id": { + "hash": "9gri/4LLJUBFqioQ3NzZIP9/7YHR9QqaM6B2aJNQA7o=", + "part_set_header": { + "total": 1, + "hash": "Hk1+C864uQkl9+I6Zn7IurBZBKUevqlVtU7VqaZl1tc=" + } + }, + "last_commit_hash": "VxrcS27GtvGruS3I9+AlpT7udxIT1F0OrRklrVFSSKc=", + "data_hash": "80BjOrqNYUOkTnmgWyz9AQ8n7SoEmPVi4QmAe8RbQBY=", + "validators_hash": "95W49n2hw8RWpr1GPTAO5MSPi6w6Wjr3JjjS7AjpBho=", + "next_validators_hash": "95W49n2hw8RWpr1GPTAO5MSPi6w6Wjr3JjjS7AjpBho=", + "consensus_hash": "BICRvH3cKD93v7+R1zxE2ljD34qcvIZ0Bdi389qtoi8=", + "app_hash": "ZZaxnSY3E6Ex5Bvkm+RigYCK82g8SSUL53NymPITeOE=", + "last_results_hash": "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=", + "evidence_hash": "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=", + "proposer_address": "aH6dO428B+ItuoqPq70efFHrSMY=" + }, + "valset": [ + { + "operator_address": "cosmosvaloper196ax4vc0lwpxndu9dyhvca7jhxp70rmcqcnylw", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "/O7BtNW0pafwfvomgR4ZnfldwPXiFfJs9mHg3gwfv5Q=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "1426045203613", + "delegator_shares": "1426045203613.000000000000000000", + "description": { + "moniker": "SG-1", + "identity": "48608633F99D1B60", + "website": "https://sg-1.online", + "security_contact": "", + "details": "SG-1 - your favorite validator on Witval. We offer 100% Soft Slash protection." + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.037500000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.030000000000000000" + }, + "update_time": "2021-10-01T15:00:00Z" + }, + "min_self_delegation": "1" + } + ] + } +} + +``` + +#### Pool + +The `Pool` endpoint queries the pool information. + +```bash +cosmos.staking.v1beta1.Query/Pool +``` + +Example: + +```bash +grpcurl -plaintext -d localhost:9090 cosmos.staking.v1beta1.Query/Pool +``` + +Example Output: + +```bash +{ + "pool": { + "not_bonded_tokens": "369054400189", + "bonded_tokens": "15657192425623" + } +} +``` + +#### Params + +The `Params` endpoint queries the pool information. + +```bash +cosmos.staking.v1beta1.Query/Params +``` + +Example: + +```bash +grpcurl -plaintext localhost:9090 cosmos.staking.v1beta1.Query/Params +``` + +Example Output: + +```bash +{ + "params": { + "unbondingTime": "1814400s", + "maxValidators": 100, + "maxEntries": 7, + "historicalEntries": 10000, + "bondDenom": "stake" + } +} +``` + +### REST + +A user can query the `staking` module using REST endpoints. + +#### DelegatorDelegations + +The `DelegtaorDelegations` REST endpoint queries all delegations of a given delegator address. + +```bash +/cosmos/staking/v1beta1/delegations/{delegatorAddr} +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/delegations/cosmos1vcs68xf2tnqes5tg0khr0vyevm40ff6zdxatp5" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "delegation_responses": [ + { + "delegation": { + "delegator_address": "cosmos1vcs68xf2tnqes5tg0khr0vyevm40ff6zdxatp5", + "validator_address": "cosmosvaloper1quqxfrxkycr0uzt4yk0d57tcq3zk7srm7sm6r8", + "shares": "256250000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "256250000" + } + }, + { + "delegation": { + "delegator_address": "cosmos1vcs68xf2tnqes5tg0khr0vyevm40ff6zdxatp5", + "validator_address": "cosmosvaloper194v8uwee2fvs2s8fa5k7j03ktwc87h5ym39jfv", + "shares": "255150000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "255150000" + } + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +#### Redelegations + +The `Redelegations` REST endpoint queries redelegations of given address. + +```bash +/cosmos/staking/v1beta1/delegators/{delegatorAddr}/redelegations +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/delegators/cosmos1thfntksw0d35n2tkr0k8v54fr8wxtxwxl2c56e/redelegations?srcValidatorAddr=cosmosvaloper1lzhlnpahvznwfv4jmay2tgaha5kmz5qx4cuznf&dstValidatorAddr=cosmosvaloper1vq8tw77kp8lvxq9u3c8eeln9zymn68rng8pgt4" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "redelegation_responses": [ + { + "redelegation": { + "delegator_address": "cosmos1thfntksw0d35n2tkr0k8v54fr8wxtxwxl2c56e", + "validator_src_address": "cosmosvaloper1lzhlnpahvznwfv4jmay2tgaha5kmz5qx4cuznf", + "validator_dst_address": "cosmosvaloper1vq8tw77kp8lvxq9u3c8eeln9zymn68rng8pgt4", + "entries": null + }, + "entries": [ + { + "redelegation_entry": { + "creation_height": 151523, + "completion_time": "2021-11-09T06:03:25.640682116Z", + "initial_balance": "200000000", + "shares_dst": "200000000.000000000000000000" + }, + "balance": "200000000" + } + ] + } + ], + "pagination": null +} +``` + +#### DelegatorUnbondingDelegations + +The `DelegatorUnbondingDelegations` REST endpoint queries all unbonding delegations of a given delegator address. + +```bash +/cosmos/staking/v1beta1/delegators/{delegatorAddr}/unbonding_delegations +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/delegators/cosmos1nxv42u3lv642q0fuzu2qmrku27zgut3n3z7lll/unbonding_delegations" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "unbonding_responses": [ + { + "delegator_address": "cosmos1nxv42u3lv642q0fuzu2qmrku27zgut3n3z7lll", + "validator_address": "cosmosvaloper1e7mvqlz50ch6gw4yjfemsc069wfre4qwmw53kq", + "entries": [ + { + "creation_height": "2442278", + "completion_time": "2021-10-12T10:59:03.797335857Z", + "initial_balance": "50000000000", + "balance": "50000000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### DelegatorValidators + +The `DelegatorValidators` REST endpoint queries all validators information for given delegator address. + +```bash +/cosmos/staking/v1beta1/delegators/{delegatorAddr}/validators +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/delegators/cosmos1xwazl8ftks4gn00y5x3c47auquc62ssune9ppv/validators" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "validators": [ + { + "operator_address": "cosmosvaloper1xwazl8ftks4gn00y5x3c47auquc62ssuvynw64", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "5v4n3px3PkfNnKflSgepDnsMQR1hiNXnqOC11Y72/PQ=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "21592843799", + "delegator_shares": "21592843799.000000000000000000", + "description": { + "moniker": "jabbey", + "identity": "", + "website": "https://twitter.com/JoeAbbey", + "security_contact": "", + "details": "just another dad in the cosmos" + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.100000000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.100000000000000000" + }, + "update_time": "2021-10-09T19:03:54.984821705Z" + }, + "min_self_delegation": "1" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### DelegatorValidator + +The `DelegatorValidator` REST endpoint queries validator information for given delegator validator pair. + +```bash +/cosmos/staking/v1beta1/delegators/{delegatorAddr}/validators/{validatorAddr} +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/delegators/cosmos1xwazl8ftks4gn00y5x3c47auquc62ssune9ppv/validators/cosmosvaloper1xwazl8ftks4gn00y5x3c47auquc62ssuvynw64" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "validator": { + "operator_address": "cosmosvaloper1xwazl8ftks4gn00y5x3c47auquc62ssuvynw64", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "5v4n3px3PkfNnKflSgepDnsMQR1hiNXnqOC11Y72/PQ=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "21592843799", + "delegator_shares": "21592843799.000000000000000000", + "description": { + "moniker": "jabbey", + "identity": "", + "website": "https://twitter.com/JoeAbbey", + "security_contact": "", + "details": "just another dad in the cosmos" + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.100000000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.100000000000000000" + }, + "update_time": "2021-10-09T19:03:54.984821705Z" + }, + "min_self_delegation": "1" + } +} +``` + +#### HistoricalInfo + +The `HistoricalInfo` REST endpoint queries the historical information for given height. + +```bash +/cosmos/staking/v1beta1/historical_info/{height} +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/historical_info/153332" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "hist": { + "header": { + "version": { + "block": "11", + "app": "0" + }, + "chain_id": "cosmos-1", + "height": "153332", + "time": "2021-10-12T09:05:35.062230221Z", + "last_block_id": { + "hash": "NX8HevR5khb7H6NGKva+jVz7cyf0skF1CrcY9A0s+d8=", + "part_set_header": { + "total": 1, + "hash": "zLQ2FiKM5tooL3BInt+VVfgzjlBXfq0Hc8Iux/xrhdg=" + } + }, + "last_commit_hash": "P6IJrK8vSqU3dGEyRHnAFocoDGja0bn9euLuy09s350=", + "data_hash": "eUd+6acHWrNXYju8Js449RJ99lOYOs16KpqQl4SMrEM=", + "validators_hash": "mB4pravvMsJKgi+g8aYdSeNlt0kPjnRFyvtAQtaxcfw=", + "next_validators_hash": "mB4pravvMsJKgi+g8aYdSeNlt0kPjnRFyvtAQtaxcfw=", + "consensus_hash": "BICRvH3cKD93v7+R1zxE2ljD34qcvIZ0Bdi389qtoi8=", + "app_hash": "fuELArKRK+CptnZ8tu54h6xEleSWenHNmqC84W866fU=", + "last_results_hash": "p/BPexV4LxAzlVcPRvW+lomgXb6Yze8YLIQUo/4Kdgc=", + "evidence_hash": "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=", + "proposer_address": "G0MeY8xQx7ooOsni8KE/3R/Ib3Q=" + }, + "valset": [ + { + "operator_address": "cosmosvaloper196ax4vc0lwpxndu9dyhvca7jhxp70rmcqcnylw", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "/O7BtNW0pafwfvomgR4ZnfldwPXiFfJs9mHg3gwfv5Q=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "1416521659632", + "delegator_shares": "1416521659632.000000000000000000", + "description": { + "moniker": "SG-1", + "identity": "48608633F99D1B60", + "website": "https://sg-1.online", + "security_contact": "", + "details": "SG-1 - your favorite validator on cosmos. We offer 100% Soft Slash protection." + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.037500000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.030000000000000000" + }, + "update_time": "2021-10-01T15:00:00Z" + }, + "min_self_delegation": "1" + }, + { + "operator_address": "cosmosvaloper1t8ehvswxjfn3ejzkjtntcyrqwvmvuknzmvtaaa", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "uExZyjNLtr2+FFIhNDAMcQ8+yTrqE7ygYTsI7khkA5Y=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "1348298958808", + "delegator_shares": "1348298958808.000000000000000000", + "description": { + "moniker": "Cosmostation", + "identity": "AE4C403A6E7AA1AC", + "website": "https://www.cosmostation.io", + "security_contact": "admin@stamper.network", + "details": "Cosmostation validator node. Delegate your tokens and Start Earning Staking Rewards" + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.050000000000000000", + "max_rate": "1.000000000000000000", + "max_change_rate": "0.200000000000000000" + }, + "update_time": "2021-10-01T15:06:38.821314287Z" + }, + "min_self_delegation": "1" + } + ] + } +} +``` + +#### Parameters + +The `Parameters` REST endpoint queries the staking parameters. + +```bash +/cosmos/staking/v1beta1/params +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/params" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "params": { + "unbonding_time": "2419200s", + "max_validators": 100, + "max_entries": 7, + "historical_entries": 10000, + "bond_denom": "stake" + } +} +``` + +#### Pool + +The `Pool` REST endpoint queries the pool information. + +```bash +/cosmos/staking/v1beta1/pool +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/pool" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "pool": { + "not_bonded_tokens": "432805737458", + "bonded_tokens": "15783637712645" + } +} +``` + +#### Validators + +The `Validators` REST endpoint queries all validators that match the given status. + +```bash +/cosmos/staking/v1beta1/validators +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/validators" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "validators": [ + { + "operator_address": "cosmosvaloper1q3jsx9dpfhtyqqgetwpe5tmk8f0ms5qywje8tw", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "N7BPyek2aKuNZ0N/8YsrqSDhGZmgVaYUBuddY8pwKaE=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "383301887799", + "delegator_shares": "383301887799.000000000000000000", + "description": { + "moniker": "SmartNodes", + "identity": "D372724899D1EDC8", + "website": "https://smartnodes.co", + "security_contact": "", + "details": "Earn Rewards with Crypto Staking & Node Deployment" + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.050000000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.100000000000000000" + }, + "update_time": "2021-10-01T15:51:31.596618510Z" + }, + "min_self_delegation": "1" + }, + { + "operator_address": "cosmosvaloper1q5ku90atkhktze83j9xjaks2p7uruag5zp6wt7", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "GDNpuKDmCg9GnhnsiU4fCWktuGUemjNfvpCZiqoRIYA=" + }, + "jailed": false, + "status": "BOND_STATUS_UNBONDING", + "tokens": "1017819654", + "delegator_shares": "1017819654.000000000000000000", + "description": { + "moniker": "Noderunners", + "identity": "812E82D12FEA3493", + "website": "http://noderunners.biz", + "security_contact": "info@noderunners.biz", + "details": "Noderunners is a professional validator in POS networks. We have a huge node running experience, reliable soft and hardware. Our commissions are always low, our support to delegators is always full. Stake with us and start receiving your cosmos rewards now!" + }, + "unbonding_height": "147302", + "unbonding_time": "2021-11-08T22:58:53.718662452Z", + "commission": { + "commission_rates": { + "rate": "0.050000000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.100000000000000000" + }, + "update_time": "2021-10-04T18:02:21.446645619Z" + }, + "min_self_delegation": "1" + } + ], + "pagination": { + "next_key": "FONDBFkE4tEEf7yxWWKOD49jC2NK", + "total": "2" + } +} +``` + +#### Validator + +The `Validator` REST endpoint queries validator information for given validator address. + +```bash +/cosmos/staking/v1beta1/validators/{validatorAddr} +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/validators/cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "validator": { + "operator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "sIiexdJdYWn27+7iUHQJDnkp63gq/rzUq1Y+fxoGjXc=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "33027900000", + "delegator_shares": "33027900000.000000000000000000", + "description": { + "moniker": "Witval", + "identity": "51468B615127273A", + "website": "", + "security_contact": "", + "details": "Witval is the validator arm from Vitwit. Vitwit is into software consulting and services business since 2015. We are working closely with Cosmos ecosystem since 2018. We are also building tools for the ecosystem, Aneka is our explorer for the cosmos ecosystem." + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.050000000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.020000000000000000" + }, + "update_time": "2021-10-01T19:24:52.663191049Z" + }, + "min_self_delegation": "1" + } +} +``` + +#### ValidatorDelegations + +The `ValidatorDelegations` REST endpoint queries delegate information for given validator. + +```bash +/cosmos/staking/v1beta1/validators/{validatorAddr}/delegations +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/validators/cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q/delegations" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "delegation_responses": [ + { + "delegation": { + "delegator_address": "cosmos190g5j8aszqhvtg7cprmev8xcxs6csra7xnk3n3", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "31000000000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "31000000000" + } + }, + { + "delegation": { + "delegator_address": "cosmos1ddle9tczl87gsvmeva3c48nenyng4n56qwq4ee", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "628470000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "628470000" + } + }, + { + "delegation": { + "delegator_address": "cosmos10fdvkczl76m040smd33lh9xn9j0cf26kk4s2nw", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "838120000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "838120000" + } + }, + { + "delegation": { + "delegator_address": "cosmos1n8f5fknsv2yt7a8u6nrx30zqy7lu9jfm0t5lq8", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "500000000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "500000000" + } + }, + { + "delegation": { + "delegator_address": "cosmos16msryt3fqlxtvsy8u5ay7wv2p8mglfg9hrek2e", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "61310000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "61310000" + } + } + ], + "pagination": { + "next_key": null, + "total": "5" + } +} +``` + +#### Delegation + +The `Delegation` REST endpoint queries delegate information for given validator delegator pair. + +```bash +/cosmos/staking/v1beta1/validators/{validatorAddr}/delegations/{delegatorAddr} +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/validators/cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q/delegations/cosmos1n8f5fknsv2yt7a8u6nrx30zqy7lu9jfm0t5lq8" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "delegation_response": { + "delegation": { + "delegator_address": "cosmos1n8f5fknsv2yt7a8u6nrx30zqy7lu9jfm0t5lq8", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "500000000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "500000000" + } + } +} +``` + +#### UnbondingDelegation + +The `UnbondingDelegation` REST endpoint queries unbonding information for given validator delegator pair. + +```bash +/cosmos/staking/v1beta1/validators/{validatorAddr}/delegations/{delegatorAddr}/unbonding_delegation +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/validators/cosmosvaloper13v4spsah85ps4vtrw07vzea37gq5la5gktlkeu/delegations/cosmos1ze2ye5u5k3qdlexvt2e0nn0508p04094ya0qpm/unbonding_delegation" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "unbond": { + "delegator_address": "cosmos1ze2ye5u5k3qdlexvt2e0nn0508p04094ya0qpm", + "validator_address": "cosmosvaloper13v4spsah85ps4vtrw07vzea37gq5la5gktlkeu", + "entries": [ + { + "creation_height": "153687", + "completion_time": "2021-11-09T09:41:18.352401903Z", + "initial_balance": "525111", + "balance": "525111" + } + ] + } +} +``` + +#### ValidatorUnbondingDelegations + +The `ValidatorUnbondingDelegations` REST endpoint queries unbonding delegations of a validator. + +```bash +/cosmos/staking/v1beta1/validators/{validatorAddr}/unbonding_delegations +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/validators/cosmosvaloper13v4spsah85ps4vtrw07vzea37gq5la5gktlkeu/unbonding_delegations" \ +-H "accept: application/json" +``` + +Example Output: + +```bash +{ + "unbonding_responses": [ + { + "delegator_address": "cosmos1q9snn84jfrd9ge8t46kdcggpe58dua82vnj7uy", + "validator_address": "cosmosvaloper13v4spsah85ps4vtrw07vzea37gq5la5gktlkeu", + "entries": [ + { + "creation_height": "90998", + "completion_time": "2021-11-05T00:14:37.005841058Z", + "initial_balance": "24000000", + "balance": "24000000" + } + ] + }, + { + "delegator_address": "cosmos1qf36e6wmq9h4twhdvs6pyq9qcaeu7ye0s3dqq2", + "validator_address": "cosmosvaloper13v4spsah85ps4vtrw07vzea37gq5la5gktlkeu", + "entries": [ + { + "creation_height": "47478", + "completion_time": "2021-11-01T22:47:26.714116854Z", + "initial_balance": "8000000", + "balance": "8000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/modules/upgrade/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/modules/upgrade/README.md new file mode 100644 index 00000000..46e4061a --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/modules/upgrade/README.md @@ -0,0 +1,609 @@ +--- +sidebar_position: 1 +--- + +# `x/upgrade` + +## Abstract + +`x/upgrade` is an implementation of a Cosmos SDK module that facilitates smoothly +upgrading a live Cosmos chain to a new (breaking) software version. It accomplishes this by +providing a `PreBlocker` hook that prevents the blockchain state machine from +proceeding once a pre-defined upgrade block height has been reached. + +The module does not prescribe anything regarding how governance decides to do an +upgrade, but just the mechanism for coordinating the upgrade safely. Without software +support for upgrades, upgrading a live chain is risky because all of the validators +need to pause their state machines at exactly the same point in the process. If +this is not done correctly, there can be state inconsistencies which are hard to +recover from. + +* [Concepts](#concepts) +* [State](#state) +* [Events](#events) +* [Client](#client) + * [CLI](#cli) + * [REST](#rest) + * [gRPC](#grpc) +* [Resources](#resources) + +## Concepts + +### Plan + +The `x/upgrade` module defines a `Plan` type in which a live upgrade is scheduled +to occur. A `Plan` can be scheduled at a specific block height. +A `Plan` is created once a (frozen) release candidate along with an appropriate upgrade +`Handler` (see below) is agreed upon, where the `Name` of a `Plan` corresponds to a +specific `Handler`. Typically, a `Plan` is created through a governance proposal +process, where if voted upon and passed, will be scheduled. The `Info` of a `Plan` +may contain various metadata about the upgrade, typically application specific +upgrade info to be included on-chain such as a git commit that validators could +automatically upgrade to. + +```go +type Plan struct { + Name string + Height int64 + Info string +} +``` + +#### Sidecar Process + +If an operator running the application binary also runs a sidecar process to assist +in the automatic download and upgrade of a binary, the `Info` allows this process to +be seamless. This tool is [Cosmovisor](https://github.com/cosmos/cosmos-sdk/tree/main/tools/cosmovisor#readme). + +### Handler + +The `x/upgrade` module facilitates upgrading from major version X to major version Y. To +accomplish this, node operators must first upgrade their current binary to a new +binary that has a corresponding `Handler` for the new version Y. It is assumed that +this version has fully been tested and approved by the community at large. This +`Handler` defines what state migrations need to occur before the new binary Y +can successfully run the chain. Naturally, this `Handler` is application specific +and not defined on a per-module basis. Registering a `Handler` is done via +`Keeper#SetUpgradeHandler` in the application. + +```go +type UpgradeHandler func(Context, Plan, VersionMap) (VersionMap, error) +``` + +During each `EndBlock` execution, the `x/upgrade` module checks if there exists a +`Plan` that should execute (is scheduled at that height). If so, the corresponding +`Handler` is executed. If the `Plan` is expected to execute but no `Handler` is registered +or if the binary was upgraded too early, the node will gracefully panic and exit. + +### StoreLoader + +The `x/upgrade` module also facilitates store migrations as part of the upgrade. The +`StoreLoader` sets the migrations that need to occur before the new binary can +successfully run the chain. This `StoreLoader` is also application specific and +not defined on a per-module basis. Registering this `StoreLoader` is done via +`app#SetStoreLoader` in the application. + +```go +func UpgradeStoreLoader (upgradeHeight int64, storeUpgrades *store.StoreUpgrades) baseapp.StoreLoader +``` + +If there's a planned upgrade and the upgrade height is reached, the old binary writes `Plan` to the disk before panicking. + +This information is critical to ensure the `StoreUpgrades` happens smoothly at correct height and +expected upgrade. It eliminiates the chances for the new binary to execute `StoreUpgrades` multiple +times everytime on restart. Also if there are multiple upgrades planned on same height, the `Name` +will ensure these `StoreUpgrades` takes place only in planned upgrade handler. + +### Proposal + +Typically, a `Plan` is proposed and submitted through governance via a proposal +containing a `MsgSoftwareUpgrade` message. +This proposal prescribes to the standard governance process. If the proposal passes, +the `Plan`, which targets a specific `Handler`, is persisted and scheduled. The +upgrade can be delayed or hastened by updating the `Plan.Height` in a new proposal. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/upgrade/v1beta1/tx.proto#L29-L41 +``` + +#### Cancelling Upgrade Proposals + +Upgrade proposals can be cancelled. There exists a gov-enabled `MsgCancelUpgrade` +message type, which can be embedded in a proposal, voted on and, if passed, will +remove the scheduled upgrade `Plan`. +Of course this requires that the upgrade was known to be a bad idea well before the +upgrade itself, to allow time for a vote. + +```protobuf reference +https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/upgrade/v1beta1/tx.proto#L48-L57 +``` + +If such a possibility is desired, the upgrade height is to be +`2 * (VotingPeriod + DepositPeriod) + (SafetyDelta)` from the beginning of the +upgrade proposal. The `SafetyDelta` is the time available from the success of an +upgrade proposal and the realization it was a bad idea (due to external social consensus). + +A `MsgCancelUpgrade` proposal can also be made while the original +`MsgSoftwareUpgrade` proposal is still being voted upon, as long as the `VotingPeriod` +ends after the `MsgSoftwareUpgrade` proposal. + +## State + +The internal state of the `x/upgrade` module is relatively minimal and simple. The +state contains the currently active upgrade `Plan` (if one exists) by key +`0x0` and if a `Plan` is marked as "done" by key `0x1`. The state +contains the consensus versions of all app modules in the application. The versions +are stored as big endian `uint64`, and can be accessed with prefix `0x2` appended +by the corresponding module name of type `string`. The state maintains a +`Protocol Version` which can be accessed by key `0x3`. + +* Plan: `0x0 -> Plan` +* Done: `0x1 | byte(plan name) -> BigEndian(Block Height)` +* ConsensusVersion: `0x2 | byte(module name) -> BigEndian(Module Consensus Version)` +* ProtocolVersion: `0x3 -> BigEndian(Protocol Version)` + +The `x/upgrade` module contains no genesis state. + +## Events + +The `x/upgrade` does not emit any events by itself. Any and all proposal related +events are emitted through the `x/gov` module. + +## Client + +### CLI + +A user can query and interact with the `upgrade` module using the CLI. + +#### Query + +The `query` commands allow users to query `upgrade` state. + +```bash +simd query upgrade --help +``` + +##### applied + +The `applied` command allows users to query the block header for height at which a completed upgrade was applied. + +```bash +simd query upgrade applied [upgrade-name] [flags] +``` + +If upgrade-name was previously executed on the chain, this returns the header for the block at which it was applied. +This helps a client determine which binary was valid over a given range of blocks, as well as more context to understand past migrations. + +Example: + +```bash +simd query upgrade applied "test-upgrade" +``` + +Example Output: + +```bash +"block_id": { + "hash": "A769136351786B9034A5F196DC53F7E50FCEB53B48FA0786E1BFC45A0BB646B5", + "parts": { + "total": 1, + "hash": "B13CBD23011C7480E6F11BE4594EE316548648E6A666B3575409F8F16EC6939E" + } + }, + "block_size": "7213", + "header": { + "version": { + "block": "11" + }, + "chain_id": "testnet-2", + "height": "455200", + "time": "2021-04-10T04:37:57.085493838Z", + "last_block_id": { + "hash": "0E8AD9309C2DC411DF98217AF59E044A0E1CCEAE7C0338417A70338DF50F4783", + "parts": { + "total": 1, + "hash": "8FE572A48CD10BC2CBB02653CA04CA247A0F6830FF19DC972F64D339A355E77D" + } + }, + "last_commit_hash": "DE890239416A19E6164C2076B837CC1D7F7822FC214F305616725F11D2533140", + "data_hash": "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855", + "validators_hash": "A31047ADE54AE9072EE2A12FF260A8990BA4C39F903EAF5636B50D58DBA72582", + "next_validators_hash": "A31047ADE54AE9072EE2A12FF260A8990BA4C39F903EAF5636B50D58DBA72582", + "consensus_hash": "048091BC7DDC283F77BFBF91D73C44DA58C3DF8A9CBC867405D8B7F3DAADA22F", + "app_hash": "28ECC486AFC332BA6CC976706DBDE87E7D32441375E3F10FD084CD4BAF0DA021", + "last_results_hash": "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855", + "evidence_hash": "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855", + "proposer_address": "2ABC4854B1A1C5AA8403C4EA853A81ACA901CC76" + }, + "num_txs": "0" +} +``` + +##### module versions + +The `module_versions` command gets a list of module names and their respective consensus versions. + +Following the command with a specific module name will return only +that module's information. + +```bash +simd query upgrade module_versions [optional module_name] [flags] +``` + +Example: + +```bash +simd query upgrade module_versions +``` + +Example Output: + +```bash +module_versions: +- name: auth + version: "2" +- name: authz + version: "1" +- name: bank + version: "2" +- name: distribution + version: "2" +- name: evidence + version: "1" +- name: feegrant + version: "1" +- name: genutil + version: "1" +- name: gov + version: "2" +- name: ibc + version: "2" +- name: mint + version: "1" +- name: params + version: "1" +- name: slashing + version: "2" +- name: staking + version: "2" +- name: transfer + version: "1" +- name: upgrade + version: "1" +- name: vesting + version: "1" +``` + +Example: + +```bash +regen query upgrade module_versions ibc +``` + +Example Output: + +```bash +module_versions: +- name: ibc + version: "2" +``` + +##### plan + +The `plan` command gets the currently scheduled upgrade plan, if one exists. + +```bash +regen query upgrade plan [flags] +``` + +Example: + +```bash +simd query upgrade plan +``` + +Example Output: + +```bash +height: "130" +info: "" +name: test-upgrade +time: "0001-01-01T00:00:00Z" +upgraded_client_state: null +``` + +#### Transactions + +The upgrade module supports the following transactions: + +* `software-proposal` - submits an upgrade proposal: + +```bash +simd tx upgrade software-upgrade v2 --title="Test Proposal" --summary="testing" --deposit="100000000stake" --upgrade-height 1000000 \ +--upgrade-info '{ "binaries": { "linux/amd64":"https://example.com/simd.zip?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f" } }' --from cosmos1.. +``` + +* `cancel-software-upgrade` - cancels a previously submitted upgrade proposal: + +```bash +simd tx upgrade cancel-software-upgrade --title="Test Proposal" --summary="testing" --deposit="100000000stake" --from cosmos1.. +``` + +### REST + +A user can query the `upgrade` module using REST endpoints. + +#### Applied Plan + +`AppliedPlan` queries a previously applied upgrade plan by its name. + +```bash +/cosmos/upgrade/v1beta1/applied_plan/{name} +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/upgrade/v1beta1/applied_plan/v2.0-upgrade" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "height": "30" +} +``` + +#### Current Plan + +`CurrentPlan` queries the current upgrade plan. + +```bash +/cosmos/upgrade/v1beta1/current_plan +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/upgrade/v1beta1/current_plan" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "plan": "v2.1-upgrade" +} +``` + +#### Module versions + +`ModuleVersions` queries the list of module versions from state. + +```bash +/cosmos/upgrade/v1beta1/module_versions +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/upgrade/v1beta1/module_versions" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "module_versions": [ + { + "name": "auth", + "version": "2" + }, + { + "name": "authz", + "version": "1" + }, + { + "name": "bank", + "version": "2" + }, + { + "name": "distribution", + "version": "2" + }, + { + "name": "evidence", + "version": "1" + }, + { + "name": "feegrant", + "version": "1" + }, + { + "name": "genutil", + "version": "1" + }, + { + "name": "gov", + "version": "2" + }, + { + "name": "ibc", + "version": "2" + }, + { + "name": "mint", + "version": "1" + }, + { + "name": "params", + "version": "1" + }, + { + "name": "slashing", + "version": "2" + }, + { + "name": "staking", + "version": "2" + }, + { + "name": "transfer", + "version": "1" + }, + { + "name": "upgrade", + "version": "1" + }, + { + "name": "vesting", + "version": "1" + } + ] +} +``` + +### gRPC + +A user can query the `upgrade` module using gRPC endpoints. + +#### Applied Plan + +`AppliedPlan` queries a previously applied upgrade plan by its name. + +```bash +cosmos.upgrade.v1beta1.Query/AppliedPlan +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"name":"v2.0-upgrade"}' \ + localhost:9090 \ + cosmos.upgrade.v1beta1.Query/AppliedPlan +``` + +Example Output: + +```bash +{ + "height": "30" +} +``` + +#### Current Plan + +`CurrentPlan` queries the current upgrade plan. + +```bash +cosmos.upgrade.v1beta1.Query/CurrentPlan +``` + +Example: + +```bash +grpcurl -plaintext localhost:9090 cosmos.slashing.v1beta1.Query/CurrentPlan +``` + +Example Output: + +```bash +{ + "plan": "v2.1-upgrade" +} +``` + +#### Module versions + +`ModuleVersions` queries the list of module versions from state. + +```bash +cosmos.upgrade.v1beta1.Query/ModuleVersions +``` + +Example: + +```bash +grpcurl -plaintext localhost:9090 cosmos.slashing.v1beta1.Query/ModuleVersions +``` + +Example Output: + +```bash +{ + "module_versions": [ + { + "name": "auth", + "version": "2" + }, + { + "name": "authz", + "version": "1" + }, + { + "name": "bank", + "version": "2" + }, + { + "name": "distribution", + "version": "2" + }, + { + "name": "evidence", + "version": "1" + }, + { + "name": "feegrant", + "version": "1" + }, + { + "name": "genutil", + "version": "1" + }, + { + "name": "gov", + "version": "2" + }, + { + "name": "ibc", + "version": "2" + }, + { + "name": "mint", + "version": "1" + }, + { + "name": "params", + "version": "1" + }, + { + "name": "slashing", + "version": "2" + }, + { + "name": "staking", + "version": "2" + }, + { + "name": "transfer", + "version": "1" + }, + { + "name": "upgrade", + "version": "1" + }, + { + "name": "vesting", + "version": "1" + } + ] +} +``` + +## Resources + +A list of (external) resources to learn more about the `x/upgrade` module. + +* [Cosmos Dev Series: Cosmos Blockchain Upgrade](https://medium.com/web3-surfers/cosmos-dev-series-cosmos-sdk-based-blockchain-upgrade-b5e99181554c) - The blog post that explains how software upgrades work in detail. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/packages/01-depinject.md b/copy-of-sdk-versioned_docs/version-0.53/build/packages/01-depinject.md new file mode 100644 index 00000000..4fa96325 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/packages/01-depinject.md @@ -0,0 +1,205 @@ +--- +sidebar_position: 1 +--- + +# Depinject + +> **DISCLAIMER**: This is a **beta** package. The SDK team is actively working on this feature and we are looking for feedback from the community. Please try it out and let us know what you think. + +## Overview + +`depinject` is a dependency injection (DI) framework for the Cosmos SDK, designed to streamline the process of building and configuring blockchain applications. It works in conjunction with the `core/appconfig` module to replace the majority of boilerplate code in `app.go` with a configuration file in Go, YAML, or JSON format. + +`depinject` is particularly useful for developing blockchain applications: + +* With multiple interdependent components, modules, or services. Helping manage their dependencies effectively. +* That require decoupling of these components, making it easier to test, modify, or replace individual parts without affecting the entire system. +* That are wanting to simplify the setup and initialisation of modules and their dependencies by reducing boilerplate code and automating dependency management. + +By using `depinject`, developers can achieve: + +* Cleaner and more organised code. +* Improved modularity and maintainability. +* A more maintainable and modular structure for their blockchain applications, ultimately enhancing development velocity and code quality. + +* [Go Doc](https://pkg.go.dev/cosmossdk.io/depinject) + +## Usage + +The `depinject` framework, based on dependency injection concepts, streamlines the management of dependencies within your blockchain application using its Configuration API. This API offers a set of functions and methods to create easy to use configurations, making it simple to define, modify, and access dependencies and their relationships. + +A core component of the [Configuration API](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/depinject#Config) is the `Provide` function, which allows you to register provider functions that supply dependencies. Inspired by constructor injection, these provider functions form the basis of the dependency tree, enabling the management and resolution of dependencies in a structured and maintainable manner. Additionally, `depinject` supports interface types as inputs to provider functions, offering flexibility and decoupling between components, similar to interface injection concepts. + +By leveraging `depinject` and its Configuration API, you can efficiently handle dependencies in your blockchain application, ensuring a clean, modular, and well-organised codebase. + +Example: + +```go +package main + +import ( + "fmt" + + "cosmossdk.io/depinject" +) + +type AnotherInt int + +func GetInt() int { return 1 } +func GetAnotherInt() AnotherInt { return 2 } + +func main() { + var ( + x int + y AnotherInt + ) + + fmt.Printf("Before (%v, %v)\n", x, y) + depinject.Inject( + depinject.Provide( + GetInt, + GetAnotherInt, + ), + &x, + &y, + ) + fmt.Printf("After (%v, %v)\n", x, y) +} +``` + +In this example, `depinject.Provide` registers two provider functions that return `int` and `AnotherInt` values. The `depinject.Inject` function is then used to inject these values into the variables `x` and `y`. + +Provider functions serve as the basis for the dependency tree. They are analysed to identify their inputs as dependencies and their outputs as dependents. These dependents can either be used by another provider function or be stored outside the DI container (e.g., `&x` and `&y` in the example above). Provider functions must be exported. + +### Interface type resolution + +`depinject` supports the use of interface types as inputs to provider functions, which helps decouple dependencies between modules. This approach is particularly useful for managing complex systems with multiple modules, such as the Cosmos SDK, where dependencies need to be flexible and maintainable. + +For example, `x/bank` expects an [AccountKeeper](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/x/bank/types#AccountKeeper) interface as [input to ProvideModule](https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/x/bank/module.go#L208-L260). `SimApp` uses the implementation in `x/auth`, but the modular design allows for easy changes to the implementation if needed. + +Consider the following example: + +```go +package duck + +type Duck interface { + quack() +} + +type AlsoDuck interface { + quack() +} + +type Mallard struct{} +type Canvasback struct{} + +func (duck Mallard) quack() {} +func (duck Canvasback) quack() {} + +type Pond struct { + Duck AlsoDuck +} +``` + +And the following provider functions: + +```go +func GetMallard() duck.Mallard { + return Mallard{} +} + +func GetPond(duck Duck) Pond { + return Pond{Duck: duck} +} + +func GetCanvasback() Canvasback { + return Canvasback{} +} +``` + +In this example, there's a `Pond` struct that has a `Duck` field of type `AlsoDuck`. The `depinject` framework can automatically resolve the appropriate implementation when there's only one available, as shown below: + +```go +var pond Pond + +depinject.Inject( + depinject.Provide( + GetMallard, + GetPond, + ), + &pond) +``` + +This code snippet results in the `Duck` field of `Pond` being implicitly bound to the `Mallard` implementation because it's the only implementation of the `Duck` interface in the container. + +However, if there are multiple implementations of the `Duck` interface, as in the following example, you'll encounter an error: + +```go +var pond Pond + +depinject.Inject( + depinject.Provide( + GetMallard, + GetCanvasback, + GetPond, + ), + &pond) +``` + +A specific binding preference for `Duck` is required. + +#### `BindInterface` API + +In the above situation registering a binding for a given interface binding may look like: + +```go +depinject.Inject( + depinject.Configs( + depinject.BindInterface( + "duck/duck.Duck", + "duck/duck.Mallard", + ), + depinject.Provide( + GetMallard, + GetCanvasback, + GetPond, + ), + ), + &pond) +``` + +Now `depinject` has enough information to provide `Mallard` as an input to `APond`. + +### Full example in real app + +:::warning +When using `depinject.Inject`, the injected types must be pointers. +::: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/app_di.go#L165-L188 +``` + +## Debugging + +Issues with resolving dependencies in the container can be done with logs and [Graphviz](https://graphviz.org) renderings of the container tree. +By default, whenever there is an error, logs will be printed to stderr and a rendering of the dependency graph in Graphviz DOT format will be saved to `debug_container.dot`. + +Here is an example Graphviz rendering of a successful build of a dependency graph: +![Graphviz Example](https://raw.githubusercontent.com/cosmos/cosmos-sdk/ff39d243d421442b400befcd959ec3ccd2525154/depinject/testdata/example.svg) + +Rectangles represent functions, ovals represent types, rounded rectangles represent modules and the single hexagon +represents the function which called `Build`. Black-colored shapes mark functions and types that were called/resolved +without an error. Gray-colored nodes mark functions and types that could have been called/resolved in the container but +were left unused. + +Here is an example Graphviz rendering of a dependency graph build which failed: +![Graphviz Error Example](https://raw.githubusercontent.com/cosmos/cosmos-sdk/ff39d243d421442b400befcd959ec3ccd2525154/depinject/testdata/example_error.svg) + +Graphviz DOT files can be converted into SVG's for viewing in a web browser using the `dot` command-line tool, ex: + +```txt +dot -Tsvg debug_container.dot > debug_container.svg +``` + +Many other tools including some IDEs support working with DOT files. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/packages/02-collections.md b/copy-of-sdk-versioned_docs/version-0.53/build/packages/02-collections.md new file mode 100644 index 00000000..b8d8a62f --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/packages/02-collections.md @@ -0,0 +1,1210 @@ +# Collections + +Collections is a library meant to simplify the experience with respect to module state handling. + +Cosmos SDK modules handle their state using the `KVStore` interface. The problem with working with +`KVStore` is that it forces you to think of state as a bytes KV pairings when in reality the majority of +state comes from complex concrete golang objects (strings, ints, structs, etc.). + +Collections allows you to work with state as if they were normal golang objects and removes the need +for you to think of your state as raw bytes in your code. + +It also allows you to migrate your existing state without causing any state breakage that forces you into +tedious and complex chain state migrations. + +## Installation + +To install collections in your cosmos-sdk chain project, run the following command: + +```shell +go get cosmossdk.io/collections +``` + +## Core types + +Collections offers 5 different APIs to work with state, which will be explored in the next sections, these APIs are: + +* ``Map``: to work with typed arbitrary KV pairings. +* ``KeySet``: to work with just typed keys +* ``Item``: to work with just one typed value +* ``Sequence``: which is a monotonically increasing number. +* ``IndexedMap``: which combines ``Map`` and `KeySet` to provide a `Map` with indexing capabilities. + +## Preliminary components + +Before exploring the different collections types and their capability it is necessary to introduce +the three components that every collection shares. In fact when instantiating a collection type by doing, for example, +```collections.NewMap/collections.NewItem/...``` you will find yourself having to pass them some common arguments. + +For example, in code: + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + sdk "github.com/cosmos/cosmos-sdk/types" +) + +var AllowListPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + AllowList collections.KeySet[string] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + + return Keeper{ + AllowList: collections.NewKeySet(sb, AllowListPrefix, "allow_list", collections.StringKey), + } +} + +``` + +Let's analyse the shared arguments, what they do, and why we need them. + +### SchemaBuilder + +The first argument passed is the ``SchemaBuilder`` + +`SchemaBuilder` is a structure that keeps track of all the state of a module, it is not required by the collections + to deal with state but it offers a dynamic and reflective way for clients to explore a module's state. + +We instantiate a ``SchemaBuilder`` by passing it a function that given the modules store key returns the module's specific store. + +We then need to pass the schema builder to every collection type we instantiate in our keeper, in our case the `AllowList`. + +### Prefix + +The second argument passed to our ``KeySet`` is a `collections.Prefix`, a prefix represents a partition of the module's `KVStore` +where all the state of a specific collection will be saved. + +Since a module can have multiple collections, the following is expected: + +* module params will become a `collections.Item` +* the `AllowList` is a `collections.KeySet` + +We don't want a collection to write over the state of the other collection so we pass it a prefix, which defines a storage +partition owned by the collection. + +If you already built modules, the prefix translates to the items you were creating in your ``types/keys.go`` file, example: https://github.com/cosmos/cosmos-sdk/blob/v0.52.0-rc.1/x/feegrant/key.go#L16~L22 + +your old: + +```go +var ( + // FeeAllowanceKeyPrefix is the set of the kvstore for fee allowance data + // - 0x00: allowance + FeeAllowanceKeyPrefix = []byte{0x00} + + // FeeAllowanceQueueKeyPrefix is the set of the kvstore for fee allowance keys data + // - 0x01: + FeeAllowanceQueueKeyPrefix = []byte{0x01} +) +``` + +becomes: + +```go +var ( + // FeeAllowanceKeyPrefix is the set of the kvstore for fee allowance data + // - 0x00: allowance + FeeAllowanceKeyPrefix = collections.NewPrefix(0) + + // FeeAllowanceQueueKeyPrefix is the set of the kvstore for fee allowance keys data + // - 0x01: + FeeAllowanceQueueKeyPrefix = collections.NewPrefix(1) +) +``` + +#### Rules + +``collections.NewPrefix`` accepts either `uint8`, `string` or `[]bytes` it's good practice to use an always increasing `uint8`for disk space efficiency. + +A collection **MUST NOT** share the same prefix as another collection in the same module, and a collection prefix **MUST NEVER** start with the same prefix as another, examples: + +```go +prefix1 := collections.NewPrefix("prefix") +prefix2 := collections.NewPrefix("prefix") // THIS IS BAD! +``` + +```go +prefix1 := collections.NewPrefix("a") +prefix2 := collections.NewPrefix("aa") // prefix2 starts with the same as prefix1: BAD!!! +``` + +### Human-Readable Name + +The third parameter we pass to a collection is a string, which is a human-readable name. +It is needed to make the role of a collection understandable by clients who have no clue about +what a module is storing in state. + +#### Rules + +Each collection in a module **MUST** have a unique humanised name. + +## Key and Value Codecs + +A collection is generic over the type you can use as keys or values. +This makes collections dumb, but also means that hypothetically we can store everything +that can be a go type into a collection. We are not bounded to any type of encoding (be it proto, json or whatever) + +So a collection needs to be given a way to understand how to convert your keys and values to bytes. +This is achieved through ``KeyCodec`` and `ValueCodec`, which are arguments that you pass to your +collections when you're instantiating them using the ```collections.NewMap/collections.NewItem/...``` +instantiation functions. + +NOTE: Generally speaking you will never be required to implement your own ``Key/ValueCodec`` as +the SDK and collections libraries already come with default, safe and fast implementation of those. +You might need to implement them only if you're migrating to collections and there are state layout incompatibilities. + +Let's explore an example: + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + sdk "github.com/cosmos/cosmos-sdk/types" +) + +var IDsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + IDs collections.Map[string, uint64] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + + return Keeper{ + IDs: collections.NewMap(sb, IDsPrefix, "ids", collections.StringKey, collections.Uint64Value), + } +} +``` + +We're now instantiating a map where the key is string and the value is `uint64`. +We already know the first three arguments of the ``NewMap`` function. + +The fourth parameter is our `KeyCodec`, we know that the ``Map`` has `string` as key so we pass it a `KeyCodec` that handles strings as keys. + +The fifth parameter is our `ValueCodec`, we know that the `Map` has a `uint64` as value so we pass it a `ValueCodec` that handles uint64. + +Collections already comes with all the required implementations for golang primitive types. + +Let's make another example, this falls closer to what we build using cosmos SDK, let's say we want +to create a `collections.Map` that maps account addresses to their base account. So we want to map an `sdk.AccAddress` to an `auth.BaseAccount` (which is a proto): + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts collections.Map[sdk.AccAddress, authtypes.BaseAccount] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewMap(sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollValue[authtypes.BaseAccount](cdc)), + } +} +``` + +As we can see here since our `collections.Map` maps `sdk.AccAddress` to `authtypes.BaseAccount`, +we use the `sdk.AccAddressKey` which is the `KeyCodec` implementation for `AccAddress` and we use `codec.CollValue` to +encode our proto type `BaseAccount`. + +Generally speaking you will always find the respective key and value codecs for types in the `go.mod` path you're using +to import that type. If you want to encode proto values refer to the codec `codec.CollValue` function, which allows you +to encode any type implement the `proto.Message` interface. + +## Map + +We analyse the first and most important collection type, the ``collections.Map``. +This is the type that everything else builds on top of. + +### Use case + +A `collections.Map` is used to map arbitrary keys with arbitrary values. + +### Example + +It's easier to explain a `collections.Map` capabilities through an example: + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "fmt" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts collections.Map[sdk.AccAddress, authtypes.BaseAccount] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewMap(sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollValue[authtypes.BaseAccount](cdc)), + } +} + +func (k Keeper) CreateAccount(ctx sdk.Context, addr sdk.AccAddress, account authtypes.BaseAccount) error { + has, err := k.Accounts.Has(ctx, addr) + if err != nil { + return err + } + if has { + return fmt.Errorf("account already exists: %s", addr) + } + + err = k.Accounts.Set(ctx, addr, account) + if err != nil { + return err + } + return nil +} + +func (k Keeper) GetAccount(ctx sdk.Context, addr sdk.AccAddress) (authtypes.BaseAccount, error) { + acc, err := k.Accounts.Get(ctx, addr) + if err != nil { + return authtypes.BaseAccount{}, err + } + + return acc, nil +} + +func (k Keeper) RemoveAccount(ctx sdk.Context, addr sdk.AccAddress) error { + err := k.Accounts.Remove(ctx, addr) + if err != nil { + return err + } + return nil +} +``` + +#### Set method + +Set maps with the provided `AccAddress` (the key) to the `auth.BaseAccount` (the value). + +Under the hood the `collections.Map` will convert the key and value to bytes using the [key and value codec](README.md#key-and-value-codecs). +It will prepend to our bytes key the [prefix](README.md#prefix) and store it in the KVStore of the module. + +#### Has method + +The has method reports if the provided key exists in the store. + +#### Get method + +The get method accepts the `AccAddress` and returns the associated `auth.BaseAccount` if it exists, otherwise it errors. + +#### Remove method + +The remove method accepts the `AccAddress` and removes it from the store. It won't report errors +if it does not exist, to check for existence before removal use the ``Has`` method. + +#### Iteration + +Iteration has a separate section. + +## KeySet + +The second type of collection is `collections.KeySet`, as the word suggests it maintains +only a set of keys without values. + +#### Implementation curiosity + +A `collections.KeySet` is just a `collections.Map` with a `key` but no value. +The value internally is always the same and is represented as an empty byte slice ```[]byte{}```. + +### Example + +As always we explore the collection type through an example: + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "fmt" + sdk "github.com/cosmos/cosmos-sdk/types" +) + +var ValidatorsSetPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + ValidatorsSet collections.KeySet[sdk.ValAddress] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + ValidatorsSet: collections.NewKeySet(sb, ValidatorsSetPrefix, "validators_set", sdk.ValAddressKey), + } +} + +func (k Keeper) AddValidator(ctx sdk.Context, validator sdk.ValAddress) error { + has, err := k.ValidatorsSet.Has(ctx, validator) + if err != nil { + return err + } + if has { + return fmt.Errorf("validator already in set: %s", validator) + } + + err = k.ValidatorsSet.Set(ctx, validator) + if err != nil { + return err + } + + return nil +} + +func (k Keeper) RemoveValidator(ctx sdk.Context, validator sdk.ValAddress) error { + err := k.ValidatorsSet.Remove(ctx, validator) + if err != nil { + return err + } + return nil +} +``` + +The first difference we notice is that `KeySet` needs use to specify only one type parameter: the key (`sdk.ValAddress` in this case). +The second difference we notice is that `KeySet` in its `NewKeySet` function does not require +us to specify a `ValueCodec` but only a `KeyCodec`. This is because a `KeySet` only saves keys and not values. + +Let's explore the methods. + +#### Has method + +Has allows us to understand if a key is present in the `collections.KeySet` or not, functions in the same way as `collections.Map.Has +` + +#### Set method + +Set inserts the provided key in the `KeySet`. + +#### Remove method + +Remove removes the provided key from the `KeySet`, it does not error if the key does not exist, +if existence check before removal is required it needs to be coupled with the `Has` method. + +## Item + +The third type of collection is the `collections.Item`. +It stores only one single item, it's useful for example for parameters, there's only one instance +of parameters in state always. + +#### implementation curiosity + +A `collections.Item` is just a `collections.Map` with no key but just a value. +The key is the prefix of the collection! + +### Example + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + stakingtypes "cosmossdk.io/x/staking/types" +) + +var ParamsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Params collections.Item[stakingtypes.Params] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Params: collections.NewItem(sb, ParamsPrefix, "params", codec.CollValue[stakingtypes.Params](cdc)), + } +} + +func (k Keeper) UpdateParams(ctx sdk.Context, params stakingtypes.Params) error { + err := k.Params.Set(ctx, params) + if err != nil { + return err + } + return nil +} + +func (k Keeper) GetParams(ctx sdk.Context) (stakingtypes.Params, error) { + return k.Params.Get(ctx) +} +``` + +The first key difference we notice is that we specify only one type parameter, which is the value we're storing. +The second key difference is that we don't specify the `KeyCodec`, since we store only one item we already know the key +and the fact that it is constant. + +## Iteration + +One of the key features of the ``KVStore`` is iterating over keys. + +Collections which deal with keys (so `Map`, `KeySet` and `IndexedMap`) allow you to iterate +over keys in a safe and typed way. They all share the same API, the only difference being +that ``KeySet`` returns a different type of `Iterator` because `KeySet` only deals with keys. + +:::note + +Every collection shares the same `Iterator` semantics. + +::: + +Let's have a look at the `Map.Iterate` method: + +```go +func (m Map[K, V]) Iterate(ctx context.Context, ranger Ranger[K]) (Iterator[K, V], error) +``` + +It accepts a `collections.Ranger[K]`, which is an API that instructs map on how to iterate over keys. +As always we don't need to implement anything here as `collections` already provides some generic `Ranger` implementers +that expose all you need to work with ranges. + +### Example + +We have a `collections.Map` that maps accounts using `uint64` IDs. + +```go +package collections + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts collections.Map[uint64, authtypes.BaseAccount] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewMap(sb, AccountsPrefix, "accounts", collections.Uint64Key, codec.CollValue[authtypes.BaseAccount](cdc)), + } +} + +func (k Keeper) GetAllAccounts(ctx sdk.Context) ([]authtypes.BaseAccount, error) { + // passing a nil Ranger equals to: iterate over every possible key + iter, err := k.Accounts.Iterate(ctx, nil) + if err != nil { + return nil, err + } + accounts, err := iter.Values() + if err != nil { + return nil, err + } + + return accounts, err +} + +func (k Keeper) IterateAccountsBetween(ctx sdk.Context, start, end uint64) ([]authtypes.BaseAccount, error) { + // The collections.Range API offers a lot of capabilities + // like defining where the iteration starts or ends. + rng := new(collections.Range[uint64]). + StartInclusive(start). + EndExclusive(end). + Descending() + + iter, err := k.Accounts.Iterate(ctx, rng) + if err != nil { + return nil, err + } + accounts, err := iter.Values() + if err != nil { + return nil, err + } + + return accounts, nil +} + +func (k Keeper) IterateAccounts(ctx sdk.Context, do func(id uint64, acc authtypes.BaseAccount) (stop bool)) error { + iter, err := k.Accounts.Iterate(ctx, nil) + if err != nil { + return err + } + defer iter.Close() + + for ; iter.Valid(); iter.Next() { + kv, err := iter.KeyValue() + if err != nil { + return err + } + + if do(kv.Key, kv.Value) { + break + } + } + return nil +} +``` + +Let's analyse each method in the example and how it makes use of the `Iterate` and the returned `Iterator` API. + +#### GetAllAccounts + +In `GetAllAccounts` we pass to our `Iterate` a nil `Ranger`. This means that the returned `Iterator` will include +all the existing keys within the collection. + +Then we use the `Values` method from the returned `Iterator` API to collect all the values into a slice. + +`Iterator` offers other methods such as `Keys()` to collect only the keys and not the values and `KeyValues` to collect +all the keys and values. + + +#### IterateAccountsBetween + +Here we make use of the `collections.Range` helper to specialise our range. +We make it start in a point through `StartInclusive` and end in the other with `EndExclusive`, then +we instruct it to report us results in reverse order through `Descending` + +Then we pass the range instruction to `Iterate` and get an `Iterator`, which will contain only the results +we specified in the range. + +Then we use again the `Values` method of the `Iterator` to collect all the results. + +`collections.Range` also offers a `Prefix` API which is not applicable to all keys types, +for example uint64 cannot be prefix because it is of constant size, but a `string` key +can be prefixed. + +#### IterateAccounts + +Here we showcase how to lazily collect values from an Iterator. + +:::note + +`Keys/Values/KeyValues` fully consume and close the `Iterator`, here we need to explicitly do a `defer iterator.Close()` call. + +::: + +`Iterator` also exposes a `Value` and `Key` method to collect only the current value or key, if collecting both is not needed. + +:::note + +For this `callback` pattern, collections expose a `Walk` API. + +::: + +## Composite keys + +So far we've worked only with simple keys, like `uint64`, the account address, etc. +There are some more complex cases in, which we need to deal with composite keys. + +A key is composite when it is composed of multiple keys, for example bank balances as stored as the composite key +`(AccAddress, string)` where the first part is the address holding the coins and the second part is the denom. + +Example, let's say address `BOB` holds `10atom,15osmo`, this is how it is stored in state: + +``` +(bob, atom) => 10 +(bob, osmos) => 15 +``` + +Now this allows to efficiently get a specific denom balance of an address, by simply `getting` `(address, denom)`, or getting all the balances +of an address by prefixing over `(address)`. + +Let's see now how we can work with composite keys using collections. + +### Example + +In our example we will show-case how we can use collections when we are dealing with balances, similar to bank, +a balance is a mapping between `(address, denom) => math.Int` the composite key in our case is `(address, denom)`. + +## Instantiation of a composite key collection + +```go +package collections + +import ( + "cosmossdk.io/collections" + "cosmossdk.io/math" + storetypes "cosmossdk.io/store/types" + sdk "github.com/cosmos/cosmos-sdk/types" +) + + +var BalancesPrefix = collections.NewPrefix(1) + +type Keeper struct { + Schema collections.Schema + Balances collections.Map[collections.Pair[sdk.AccAddress, string], math.Int] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Balances: collections.NewMap( + sb, BalancesPrefix, "balances", + collections.PairKeyCodec(sdk.AccAddressKey, collections.StringKey), + sdk.IntValue, + ), + } +} +``` + +#### The Map Key definition + +First of all we can see that in order to define a composite key of two elements we use the `collections.Pair` type: + +```go +collections.Map[collections.Pair[sdk.AccAddress, string], math.Int] +``` + +`collections.Pair` defines a key composed of two other keys, in our case the first part is `sdk.AccAddress`, the second +part is `string`. + +#### The Key Codec instantiation + +The arguments to instantiate are always the same, the only thing that changes is how we instantiate +the ``KeyCodec``, since this key is composed of two keys we use `collections.PairKeyCodec`, which generates +a `KeyCodec` composed of two key codecs. The first one will encode the first part of the key, the second one will +encode the second part of the key. + + +### Working with composite key collections + +Let's expand on the example we used before: + +```go +var BalancesPrefix = collections.NewPrefix(1) + +type Keeper struct { + Schema collections.Schema + Balances collections.Map[collections.Pair[sdk.AccAddress, string], math.Int] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Balances: collections.NewMap( + sb, BalancesPrefix, "balances", + collections.PairKeyCodec(sdk.AccAddressKey, collections.StringKey), + sdk.IntValue, + ), + } +} + +func (k Keeper) SetBalance(ctx sdk.Context, address sdk.AccAddress, denom string, amount math.Int) error { + key := collections.Join(address, denom) + return k.Balances.Set(ctx, key, amount) +} + +func (k Keeper) GetBalance(ctx sdk.Context, address sdk.AccAddress, denom string) (math.Int, error) { + return k.Balances.Get(ctx, collections.Join(address, denom)) +} + +func (k Keeper) GetAllAddressBalances(ctx sdk.Context, address sdk.AccAddress) (sdk.Coins, error) { + balances := sdk.NewCoins() + + rng := collections.NewPrefixedPairRange[sdk.AccAddress, string](address) + + iter, err := k.Balances.Iterate(ctx, rng) + if err != nil { + return nil, err + } + + kvs, err := iter.KeyValues() + if err != nil { + return nil, err + } + + for _, kv := range kvs { + balances = balances.Add(sdk.NewCoin(kv.Key.K2(), kv.Value)) + } + return balances, nil +} + +func (k Keeper) GetAllAddressBalancesBetween(ctx sdk.Context, address sdk.AccAddress, startDenom, endDenom string) (sdk.Coins, error) { + rng := collections.NewPrefixedPairRange[sdk.AccAddress, string](address). + StartInclusive(startDenom). + EndInclusive(endDenom) + + iter, err := k.Balances.Iterate(ctx, rng) + if err != nil { + return nil, err + } + ... +} +``` + +#### SetBalance + +As we can see here we're setting the balance of an address for a specific denom. +We use the `collections.Join` function to generate the composite key. +`collections.Join` returns a `collections.Pair` (which is the key of our `collections.Map`) + +`collections.Pair` contains the two keys we have joined, it also exposes two methods: `K1` to fetch the 1st part of the +key and `K2` to fetch the second part. + +As always, we use the `collections.Map.Set` method to map the composite key to our value (`math.Int` in this case) + +#### GetBalance + +To get a value in composite key collection, we simply use `collections.Join` to compose the key. + +#### GetAllAddressBalances + +We use `collections.PrefixedPairRange` to iterate over all the keys starting with the provided address. +Concretely the iteration will report all the balances belonging to the provided address. + +The first part is that we instantiate a `PrefixedPairRange`, which is a `Ranger` implementer aimed to help +in `Pair` keys iterations. + +```go + rng := collections.NewPrefixedPairRange[sdk.AccAddress, string](address) +``` + +As we can see here we're passing the type parameters of the `collections.Pair` because golang type inference +with respect to generics is not as permissive as other languages, so we need to explicitly say what are the types of the pair key. + +#### GetAllAddressesBalancesBetween + +This showcases how we can further specialise our range to limit the results further, by specifying +the range between the second part of the key (in our case the denoms, which are strings). + +## IndexedMap + +`collections.IndexedMap` is a collection that uses under the hood a `collections.Map`, and has a struct, which contains the indexes that we need to define. + +### Example + +Let's say we have an `auth.BaseAccount` struct which looks like the following: + +```go +type BaseAccount struct { + AccountNumber uint64 `protobuf:"varint,3,opt,name=account_number,json=accountNumber,proto3" json:"account_number,omitempty"` + Sequence uint64 `protobuf:"varint,4,opt,name=sequence,proto3" json:"sequence,omitempty"` +} +``` + +First of all, when we save our accounts in state we map them using a primary key `sdk.AccAddress`. +If it were to be a `collections.Map` it would be `collections.Map[sdk.AccAddress, authtypes.BaseAccount]`. + +Then we also want to be able to get an account not only by its `sdk.AccAddress`, but also by its `AccountNumber`. + +So we can say we want to create an `Index` that maps our `BaseAccount` to its `AccountNumber`. + +We also know that this `Index` is unique. Unique means that there can only be one `BaseAccount` that maps to a specific +`AccountNumber`. + +First of all, we start by defining the object that contains our index: + +```go +var AccountsNumberIndexPrefix = collections.NewPrefix(1) + +type AccountsIndexes struct { + Number *indexes.Unique[uint64, sdk.AccAddress, authtypes.BaseAccount] +} + +func NewAccountIndexes(sb *collections.SchemaBuilder) AccountsIndexes { + return AccountsIndexes{ + Number: indexes.NewUnique( + sb, AccountsNumberIndexPrefix, "accounts_by_number", + collections.Uint64Key, sdk.AccAddressKey, + func(_ sdk.AccAddress, v authtypes.BaseAccount) (uint64, error) { + return v.AccountNumber, nil + }, + ), + } +} +``` + +We create an `AccountIndexes` struct which contains a field: `Number`. This field represents our `AccountNumber` index. +`AccountNumber` is a field of `authtypes.BaseAccount` and it's a `uint64`. + +Then we can see in our `AccountIndexes` struct the `Number` field is defined as: + +```go +*indexes.Unique[uint64, sdk.AccAddress, authtypes.BaseAccount] +``` + +Where the first type parameter is `uint64`, which is the field type of our index. +The second type parameter is the primary key `sdk.AccAddress`. +And the third type parameter is the actual object we're storing `authtypes.BaseAccount`. + +Then we create a `NewAccountIndexes` function that instantiates and returns the `AccountsIndexes` struct. + +The function takes a `SchemaBuilder`. Then we instantiate our `indexes.Unique`, let's analyse the arguments we pass to +`indexes.NewUnique`. + +#### NOTE: indexes list + +The `AccountsIndexes` struct contains the indexes, the `NewIndexedMap` function will infer the indexes form that struct +using reflection, this happens only at init and is not computationally expensive. In case you want to explicitly declare +indexes: implement the `Indexes` interface in the `AccountsIndexes` struct: + +```go +func (a AccountsIndexes) IndexesList() []collections.Index[sdk.AccAddress, authtypes.BaseAccount] { + return []collections.Index[sdk.AccAddress, authtypes.BaseAccount]{a.Number} +} +``` + +#### Instantiating a `indexes.Unique` + +The first three arguments, we already know them, they are: `SchemaBuilder`, `Prefix` which is our index prefix (the partition +where index keys relationship for the `Number` index will be maintained), and the human name for the `Number` index. + +The second argument is a `collections.Uint64Key` which is a key codec to deal with `uint64` keys, we pass that because +the key we're trying to index is a `uint64` key (the account number), and then we pass as fifth argument the primary key codec, +which in our case is `sdk.AccAddress` (remember: we're mapping `sdk.AccAddress` => `BaseAccount`). + +Then as last parameter we pass a function that: given the `BaseAccount` returns its `AccountNumber`. + +After this we can proceed instantiating our `IndexedMap`. + +```go +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts *collections.IndexedMap[sdk.AccAddress, authtypes.BaseAccount, AccountsIndexes] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewIndexedMap( + sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollValue[authtypes.BaseAccount](cdc), + NewAccountIndexes(sb), + ), + } +} +``` + +As we can see here what we do, for now, is the same thing as we did for `collections.Map`. +We pass it the `SchemaBuilder`, the `Prefix` where we plan to store the mapping between `sdk.AccAddress` and `authtypes.BaseAccount`, +the human name and the respective `sdk.AccAddress` key codec and `authtypes.BaseAccount` value codec. + +Then we pass the instantiation of our `AccountIndexes` through `NewAccountIndexes`. + +Full example: + +```go +package docs + +import ( + "cosmossdk.io/collections" + "cosmossdk.io/collections/indexes" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsNumberIndexPrefix = collections.NewPrefix(1) + +type AccountsIndexes struct { + Number *indexes.Unique[uint64, sdk.AccAddress, authtypes.BaseAccount] +} + +func (a AccountsIndexes) IndexesList() []collections.Index[sdk.AccAddress, authtypes.BaseAccount] { + return []collections.Index[sdk.AccAddress, authtypes.BaseAccount]{a.Number} +} + +func NewAccountIndexes(sb *collections.SchemaBuilder) AccountsIndexes { + return AccountsIndexes{ + Number: indexes.NewUnique( + sb, AccountsNumberIndexPrefix, "accounts_by_number", + collections.Uint64Key, sdk.AccAddressKey, + func(_ sdk.AccAddress, v authtypes.BaseAccount) (uint64, error) { + return v.AccountNumber, nil + }, + ), + } +} + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts *collections.IndexedMap[sdk.AccAddress, authtypes.BaseAccount, AccountsIndexes] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewIndexedMap( + sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollValue[authtypes.BaseAccount](cdc), + NewAccountIndexes(sb), + ), + } +} +``` + +### Working with IndexedMaps + +Whilst instantiating `collections.IndexedMap` is tedious, working with them is extremely smooth. + +Let's take the full example, and expand it with some use-cases. + +```go +package docs + +import ( + "cosmossdk.io/collections" + "cosmossdk.io/collections/indexes" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsNumberIndexPrefix = collections.NewPrefix(1) + +type AccountsIndexes struct { + Number *indexes.Unique[uint64, sdk.AccAddress, authtypes.BaseAccount] +} + +func (a AccountsIndexes) IndexesList() []collections.Index[sdk.AccAddress, authtypes.BaseAccount] { + return []collections.Index[sdk.AccAddress, authtypes.BaseAccount]{a.Number} +} + +func NewAccountIndexes(sb *collections.SchemaBuilder) AccountsIndexes { + return AccountsIndexes{ + Number: indexes.NewUnique( + sb, AccountsNumberIndexPrefix, "accounts_by_number", + collections.Uint64Key, sdk.AccAddressKey, + func(_ sdk.AccAddress, v authtypes.BaseAccount) (uint64, error) { + return v.AccountNumber, nil + }, + ), + } +} + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts *collections.IndexedMap[sdk.AccAddress, authtypes.BaseAccount, AccountsIndexes] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewIndexedMap( + sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollValue[authtypes.BaseAccount](cdc), + NewAccountIndexes(sb), + ), + } +} + +func (k Keeper) CreateAccount(ctx sdk.Context, addr sdk.AccAddress) error { + nextAccountNumber := k.getNextAccountNumber() + + newAcc := authtypes.BaseAccount{ + AccountNumber: nextAccountNumber, + Sequence: 0, + } + + return k.Accounts.Set(ctx, addr, newAcc) +} + +func (k Keeper) RemoveAccount(ctx sdk.Context, addr sdk.AccAddress) error { + return k.Accounts.Remove(ctx, addr) +} + +func (k Keeper) GetAccountByNumber(ctx sdk.Context, accNumber uint64) (sdk.AccAddress, authtypes.BaseAccount, error) { + accAddress, err := k.Accounts.Indexes.Number.MatchExact(ctx, accNumber) + if err != nil { + return nil, authtypes.BaseAccount{}, err + } + + acc, err := k.Accounts.Get(ctx, accAddress) + return accAddress, acc, nil +} + +func (k Keeper) GetAccountsByNumber(ctx sdk.Context, startAccNum, endAccNum uint64) ([]authtypes.BaseAccount, error) { + rng := new(collections.Range[uint64]). + StartInclusive(startAccNum). + EndInclusive(endAccNum) + + iter, err := k.Accounts.Indexes.Number.Iterate(ctx, rng) + if err != nil { + return nil, err + } + + return indexes.CollectValues(ctx, k.Accounts, iter) +} + + +func (k Keeper) getNextAccountNumber() uint64 { + return 0 +} +``` + +## Collections with interfaces as values + +Although cosmos-sdk is shifting away from the usage of interface registry, there are still some places where it is used. +In order to support old code, we have to support collections with interface values. + +The generic `codec.CollValue` is not able to handle interface values, so we need to use a special type `codec.CollValueInterface`. +`codec.CollValueInterface` takes a `codec.BinaryCodec` as an argument, and uses it to marshal and unmarshal values as interfaces. +The `codec.CollValueInterface` lives in the `codec` package, whose import path is `github.com/cosmos/cosmos-sdk/codec`. + +### Instantiating Collections with interface values + +In order to instantiate a collection with interface values, we need to use `codec.CollValueInterface` instead of `codec.CollValue`. + +```go +package example + +import ( + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts *collections.Map[sdk.AccAddress, sdk.AccountI] +} + +func NewKeeper(cdc codec.BinaryCodec, storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Accounts: collections.NewMap( + sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollInterfaceValue[sdk.AccountI](cdc), + ), + } +} + +func (k Keeper) SaveBaseAccount(ctx sdk.Context, account authtypes.BaseAccount) error { + return k.Accounts.Set(ctx, account.GetAddress(), account) +} + +func (k Keeper) SaveModuleAccount(ctx sdk.Context, account authtypes.ModuleAccount) error { + return k.Accounts.Set(ctx, account.GetAddress(), account) +} + +func (k Keeper) GetAccount(ctx sdk.context, addr sdk.AccAddress) (sdk.AccountI, error) { + return k.Accounts.Get(ctx, addr) +} +``` + +## Triple key + +The `collections.Triple` is a special type of key composed of three keys, it's identical to `collections.Pair`. + +Let's see an example. + +```go +package example + +import ( + "context" + + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" +) + +type AccAddress = string +type ValAddress = string + +type Keeper struct { + // let's simulate we have redelegations which are stored as a triple key composed of + // the delegator, the source validator and the destination validator. + Redelegations collections.KeySet[collections.Triple[AccAddress, ValAddress, ValAddress]] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + return Keeper{ + Redelegations: collections.NewKeySet(sb, collections.NewPrefix(0), "redelegations", collections.TripleKeyCodec(collections.StringKey, collections.StringKey, collections.StringKey) + } +} + +// RedelegationsByDelegator iterates over all the redelegations of a given delegator and calls onResult providing +// each redelegation from source validator towards the destination validator. +func (k Keeper) RedelegationsByDelegator(ctx context.Context, delegator AccAddress, onResult func(src, dst ValAddress) (stop bool, err error)) error { + rng := collections.NewPrefixedTripleRange[AccAddress, ValAddress, ValAddress](delegator) + return k.Redelegations.Walk(ctx, rng, func(key collections.Triple[AccAddress, ValAddress, ValAddress]) (stop bool, err error) { + return onResult(key.K2(), key.K3()) + }) +} + +// RedelegationsByDelegatorAndValidator iterates over all the redelegations of a given delegator and its source validator and calls onResult for each +// destination validator. +func (k Keeper) RedelegationsByDelegatorAndValidator(ctx context.Context, delegator AccAddress, validator ValAddress, onResult func(dst ValAddress) (stop bool, err error)) error { + rng := collections.NewSuperPrefixedTripleRange[AccAddress, ValAddress, ValAddress](delegator, validator) + return k.Redelegations.Walk(ctx, rng, func(key collections.Triple[AccAddress, ValAddress, ValAddress]) (stop bool, err error) { + return onResult(key.K3()) + }) +} +``` + +## Advanced Usages + +### Alternative Value Codec + +The `codec.AltValueCodec` allows a collection to decode values using a different codec than the one used to encode them. +Basically it enables to decode two different byte representations of the same concrete value. +It can be used to lazily migrate values from one bytes representation to another, as long as the new representation is +not able to decode the old one. + +A concrete example can be found in `x/bank` where the balance was initially stored as `Coin` and then migrated to `Int`. + +```go + +var BankBalanceValueCodec = codec.NewAltValueCodec(sdk.IntValue, func(b []byte) (sdk.Int, error) { + coin := sdk.Coin{} + err := coin.Unmarshal(b) + if err != nil { + return sdk.Int{}, err + } + return coin.Amount, nil +}) +``` + +The above example shows how to create an `AltValueCodec` that can decode both `sdk.Int` and `sdk.Coin` values. The provided +decoder function will be used as a fallback in case the default decoder fails. When the value will be encoded back into state +it will use the default encoder. This allows to lazily migrate values to a new bytes representation. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/packages/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/packages/README.md new file mode 100644 index 00000000..65324dc5 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/packages/README.md @@ -0,0 +1,38 @@ +--- +sidebar_position: 0 +--- + +# Packages + +The Cosmos SDK is a collection of Go modules. This section provides documentation on various packages that can used when developing a Cosmos SDK chain. +It lists all standalone Go modules that are part of the Cosmos SDK. + +:::tip +For more information on SDK modules, see the [SDK Modules](https://docs.cosmos.network/main/modules) section. +For more information on SDK tooling, see the [Tooling](https://docs.cosmos.network/main/tooling) section. +::: + +## Core + +* [Core](https://pkg.go.dev/cosmossdk.io/core) - Core library defining SDK interfaces ([ADR-063](https://docs.cosmos.network/main/architecture/adr-063-core-module-api)) +* [API](https://pkg.go.dev/cosmossdk.io/api) - API library containing generated SDK Pulsar API +* [Store](https://pkg.go.dev/cosmossdk.io/store) - Implementation of the Cosmos SDK store + +## State Management + +* [Collections](./02-collections.md) - State management library + +## Automation + +* [Depinject](./01-depinject.md) - Dependency injection framework +* [Client/v2](https://pkg.go.dev/cosmossdk.io/client/v2) - Library powering [AutoCLI](https://docs.cosmos.network/main/core/autocli) + +## Utilities + +* [Log](https://pkg.go.dev/cosmossdk.io/log) - Logging library +* [Errors](https://pkg.go.dev/cosmossdk.io/errors) - Error handling library +* [Math](https://pkg.go.dev/cosmossdk.io/math) - Math library for SDK arithmetic operations + +## Example + +* [SimApp](https://pkg.go.dev/cosmossdk.io/simapp) - SimApp is **the** sample Cosmos SDK chain. This package should not be imported in your application. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/packages/_category_.json b/copy-of-sdk-versioned_docs/version-0.53/build/packages/_category_.json new file mode 100644 index 00000000..5ed885eb --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/packages/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Packages", + "position": 4, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/rfc/PROCESS.md b/copy-of-sdk-versioned_docs/version-0.53/build/rfc/PROCESS.md new file mode 100644 index 00000000..a34af226 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/rfc/PROCESS.md @@ -0,0 +1,62 @@ +# RFC Creation Process + +1. Copy the `rfc-template.md` file. Use the following filename pattern: `rfc-next_number-title.md` +2. Create a draft Pull Request if you want to get an early feedback. +3. Make sure the context and a solution is clear and well documented. +4. Add an entry to a list in the [README](./README.md) file. +5. Create a Pull Request to propose a new ADR. + +## What is an RFC? + +An RFC is a sort of async whiteboarding session. It is meant to replace the need for a distributed team to come together to make a decision. Currently, the Cosmos SDK team and contributors are distributed around the world. The team conducts working groups to have a synchronous discussion and an RFC can be used to capture the discussion for a wider audience to better understand the changes that are coming to the software. + +The main difference the Cosmos SDK is defining as a differentiation between RFC and ADRs is that one is to come to consensus and circulate information about a potential change or feature. An ADR is used if there is already consensus on a feature or change and there is not a need to articulate the change coming to the software. An ADR will articulate the changes and have a lower amount of communication . + +## RFC life cycle + +RFC creation is an **iterative** process. An RFC is meant as a distributed colloboration session, it may have many comments and is usually the bi-product of no working group or synchornous communication + +1. Proposals could start with a new GitHub Issue, be a result of existing Issues or a discussion. + +2. An RFC doesn't have to arrive to `main` with an _accepted_ status in a single PR. If the motivation is clear and the solution is sound, we SHOULD be able to merge it and keep a _proposed_ status. It's preferable to have an iterative approach rather than long, not merged Pull Requests. + +3. If a _proposed_ RFC is merged, then it should clearly document outstanding issues either in the RFC document notes or in a GitHub Issue. + +4. The PR SHOULD always be merged. In the case of a faulty RFC, we still prefer to merge it with a _rejected_ status. The only time the RFC SHOULD NOT be merged is if the author abandons it. + +5. Merged RFCs SHOULD NOT be pruned. + +6. If there is consensus and enough feedback then the RFC can be accepted. + +> Note: An RFC is written when there is no working group or team session on the problem. RFC's are meant as a distributed white boarding session. If there is a working group on the proposal there is no need to have an RFC as there is synchornous whiteboarding going on. + +### RFC status + +Status has two components: + +```text +{CONSENSUS STATUS} +``` + +#### Consensus Status + +```text +DRAFT -> PROPOSED -> LAST CALL yyyy-mm-dd -> ACCEPTED | REJECTED -> SUPERSEDED by ADR-xxx + \ | + \ | + v v + ABANDONED +``` + +* `DRAFT`: [optional] an ADR which is work in progress, not being ready for a general review. This is to present an early work and get an early feedback in a Draft Pull Request form. +* `PROPOSED`: an ADR covering a full solution architecture and still in the review - project stakeholders haven't reached an agreed yet. +* `LAST CALL `: [optional] clear notify that we are close to accept updates. Changing a status to `LAST CALL` means that social consensus (of Cosmos SDK maintainers) has been reached and we still want to give it a time to let the community react or analyze. +* `ACCEPTED`: ADR which will represent a currently implemented or to be implemented architecture design. +* `REJECTED`: ADR can go from PROPOSED or ACCEPTED to rejected if the consensus among project stakeholders will decide so. +* `SUPERSEEDED by ADR-xxx`: ADR which has been superseded by a new ADR. +* `ABANDONED`: the ADR is no longer pursued by the original authors. + +## Language used in RFC + +* The background/goal should be written in the present tense. +* Avoid using a first, personal form. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/rfc/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/rfc/README.md new file mode 100644 index 00000000..8b8ead24 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/rfc/README.md @@ -0,0 +1,38 @@ +--- +sidebar_position: 1 +--- + +# Requests for Comments + +A Request for Comments (RFC) is a record of discussion on an open-ended topic +related to the design and implementation of the Cosmos SDK, for which no +immediate decision is required. + +The purpose of an RFC is to serve as a historical record of a high-level +discussion that might otherwise only be recorded in an ad-hoc way (for example, +via gists or Google docs) that are difficult to discover for someone after the +fact. An RFC _may_ give rise to more specific architectural _decisions_ for +the Cosmos SDK, but those decisions must be recorded separately in +[Architecture Decision Records (ADR)](../architecture). + +As a rule of thumb, if you can articulate a specific question that needs to be +answered, write an ADR. If you need to explore the topic and get input from +others to know what questions need to be answered, an RFC may be appropriate. + +## RFC Content + +An RFC should provide: + +* A **changelog**, documenting when and how the RFC has changed. +* An **abstract**, briefly summarizing the topic so the reader can quickly tell + whether it is relevant to their interest. +* Any **background** a reader will need to understand and participate in the + substance of the discussion (links to other documents are fine here). +* The **discussion**, the primary content of the document. + +The [rfc-template.md](./rfc-template.md) file includes placeholders for these +sections. + +## Table of Contents + +* [RFC-001: Tx Validation](./rfc-001-tx-validation.md) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/rfc/_category_.json b/copy-of-sdk-versioned_docs/version-0.53/build/rfc/_category_.json new file mode 100644 index 00000000..a5712bda --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/rfc/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "RFC", + "position": 7, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/rfc/rfc-001-tx-validation.md b/copy-of-sdk-versioned_docs/version-0.53/build/rfc/rfc-001-tx-validation.md new file mode 100644 index 00000000..923e1c72 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/rfc/rfc-001-tx-validation.md @@ -0,0 +1,25 @@ +# RFC 001: Transaction Validation + +## Changelog + +* 2023-03-12: Proposed + +## Background + +Transation Validation is crucial to a functioning state machine. Within the Cosmos SDK there are two validation flows, one is outside the message server and the other within. The flow outside of the message server is the `ValidateBasic` function. It is called in the antehandler on both `CheckTx` and `DeliverTx`. There is an overhead and sometimes duplication of validation within these two flows. This extra validation provides an additional check before entering the mempool. + +With the deprecation of [`GetSigners`](https://github.com/cosmos/cosmos-sdk/issues/11275) we have the optionality to remove [sdk.Msg](https://github.com/cosmos/cosmos-sdk/blob/16a5404f8e00ddcf8857c8a55dca2f7c109c29bc/types/tx_msg.go#L16) and the `ValidateBasic` function. + +With the separation of CometBFT and Cosmos-SDK, there is a lack of control of what transactions get broadcasted and included in a block. This extra validation in the antehandler is meant to help in this case. In most cases the transaction is or should be simulated against a node for validation. With this flow transactions will be treated the same. + +## Proposal + +The acceptance of this RFC would move validation within `ValidateBasic` to the message server in modules, update tutorials and docs to remove mention of using `ValidateBasic` in favour of handling all validation for a message where it is executed. + +We can and will still support the `Validatebasic` function for users and provide an extension interface of the function once `sdk.Msg` is depreacted. + +> Note: This is how messages are handled in VMs like Ethereum and CosmWasm. + +### Consequences + +The consequence of updating the transaction flow is that transaction that may have failed before with the `ValidateBasic` flow will now be included in a block and fees charged. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/rfc/rfc-template.md b/copy-of-sdk-versioned_docs/version-0.53/build/rfc/rfc-template.md new file mode 100644 index 00000000..417a795d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/rfc/rfc-template.md @@ -0,0 +1,83 @@ +# RFC {RFC-NUMBER}: {TITLE} + +## Changelog + +* {date}: {changelog} + +## Background + +> The next section is the "Background" section. This section should be at least two paragraphs and can take up to a whole +> page in some cases. The guiding goal of the background section is: as a newcomer to this project (new employee, team +> transfer), can I read the background section and follow any links to get the full context of why this change is +> necessary? +> +> If you can't show a random engineer the background section and have them acquire nearly full context on the necessity +> for the RFC, then the background section is not full enough. To help achieve this, link to prior RFCs, discussions, and +> more here as necessary to provide context so you don't have to simply repeat yourself. + + +## Proposal + +> The next required section is "Proposal" or "Goal". Given the background above, this section proposes a solution. +> This should be an overview of the "how" for the solution, but for details further sections will be used. + + +## Abandoned Ideas (Optional) + +> As RFCs evolve, it is common that there are ideas that are abandoned. Rather than simply deleting them from the +> document, you should try to organize them into sections that make it clear they're abandoned while explaining why they +> were abandoned. +> +> When sharing your RFC with others or having someone look back on your RFC in the future, it is common to walk the same +> path and fall into the same pitfalls that we've since matured from. Abandoned ideas are a way to recognize that path +> and explain the pitfalls and why they were abandoned. + +## Descision + +> This section describes alternative designs to the chosen design. This section +> is important and if an adr does not have any alternatives then it should be +> considered that the ADR was not thought through. + +## Consequences (optional) + +> This section describes the resulting context, after applying the decision. All +> consequences should be listed here, not just the "positive" ones. A particular +> decision may have positive, negative, and neutral consequences, but all of them +> affect the team and project in the future. + +### Backwards Compatibility + +> All ADRs that introduce backwards incompatibilities must include a section +> describing these incompatibilities and their severity. The ADR must explain +> how the author proposes to deal with these incompatibilities. ADR submissions +> without a sufficient backwards compatibility treatise may be rejected outright. + +### Positive + +> {positive consequences} + +### Negative + +> {negative consequences} + +### Neutral + +> {neutral consequences} + + + +### References + +> Links to external materials needed to follow the discussion may be added here. +> +> In addition, if the discussion in a request for comments leads to any design +> decisions, it may be helpful to add links to the ADR documents here after the +> discussion has settled. + +## Discussion + +> This section contains the core of the discussion. +> +> There is no fixed format for this section, but ideally changes to this +> section should be updated before merging to reflect any discussion that took +> place on the PR that made those changes. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/spec/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/spec/README.md new file mode 100644 index 00000000..91f347a8 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/spec/README.md @@ -0,0 +1,25 @@ +--- +sidebar_position: 1 +--- + +# Specifications + +This directory contains specifications for the modules of the Cosmos SDK as well as Interchain Standards (ICS) and other specifications. + +Cosmos SDK applications hold this state in a Merkle store. Updates to +the store may be made during transactions and at the beginning and end of every +block. + +## Cosmos SDK specifications + +* [Store](./store) - The core Merkle store that holds the state. +* [Bech32](./addresses/bech32.md) - Address format for Cosmos SDK applications. + +## Modules specifications + +Go the [module directory](https://docs.cosmos.network/main/modules) + +## CometBFT + +For details on the underlying blockchain and p2p protocols, see +the [CometBFT specification](https://github.com/cometbft/cometbft/tree/main/spec). diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/spec/SPEC_MODULE.md b/copy-of-sdk-versioned_docs/version-0.53/build/spec/SPEC_MODULE.md new file mode 100644 index 00000000..bb9ee251 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/spec/SPEC_MODULE.md @@ -0,0 +1,60 @@ +# Specification of Modules + +This file intends to outline the common structure for specifications within +this directory. + +## Tense + +For consistency, specs should be written in passive present tense. + +## Pseudo-Code + +Generally, pseudo-code should be minimized throughout the spec. Often, simple +bulleted-lists which describe a function's operations are sufficient and should +be considered preferable. In certain instances, due to the complex nature of +the functionality being described pseudo-code may the most suitable form of +specification. In these cases use of pseudo-code is permissible, but should be +presented in a concise manner, ideally restricted to only the complex +element as a part of a larger description. + +## Common Layout + +The following generalized `README` structure should be used to breakdown +specifications for modules. The following list is nonbinding and all sections are optional. + +* `# {Module Name}` - overview of the module +* `## Concepts` - describe specialized concepts and definitions used throughout the spec +* `## State` - specify and describe structures expected to be marshaled into the store, and their keys +* `## State Transitions` - standard state transition operations triggered by hooks, messages, etc. +* `## Messages` - specify message structure(s) and expected state machine behavior(s) +* `## Begin Block` - specify any begin-block operations +* `## End Block` - specify any end-block operations +* `## Hooks` - describe available hooks to be called by/from this module +* `## Events` - list and describe event tags used +* `## Client` - list and describe CLI commands and gRPC and REST endpoints +* `## Params` - list all module parameters, their types (in JSON) and examples +* `## Future Improvements` - describe future improvements of this module +* `## Tests` - acceptance tests +* `## Appendix` - supplementary details referenced elsewhere within the spec + +### Notation for key-value mapping + +Within `## State` the following notation `->` should be used to describe key to +value mapping: + +```text +key -> value +``` + +to represent byte concatenation the `|` may be used. In addition, encoding +type may be specified, for example: + +```text +0x00 | addressBytes | address2Bytes -> amino(value_object) +``` + +Additionally, index mappings may be specified by mapping to the `nil` value, for example: + +```text +0x01 | address2Bytes | addressBytes -> nil +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/spec/SPEC_STANDARD.md b/copy-of-sdk-versioned_docs/version-0.53/build/spec/SPEC_STANDARD.md new file mode 100644 index 00000000..c08fbf04 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/spec/SPEC_STANDARD.md @@ -0,0 +1,121 @@ +# What is an SDK standard? + +An SDK standard is a design document describing a particular protocol, standard, or feature expected to be used by the Cosmos SDK. An SDK standard should list the desired properties of the standard, explain the design rationale, and provide a concise but comprehensive technical specification. The primary author is responsible for pushing the proposal through the standardization process, soliciting input and support from the community, and communicating with relevant stakeholders to ensure (social) consensus. + +## Sections + +An SDK standard consists of: + +* a synopsis, +* overview and basic concepts, +* technical specification, +* history log, and +* copyright notice. + +All top-level sections are required. References should be included inline as links, or tabulated at the bottom of the section if necessary. Included subsections should be listed in the order specified below. + +### Table Of Contents + +Provide a table of contents at the top of the file to help readers. + +### Synopsis + +The document should include a brief (~200 word) synopsis providing a high-level description of and rationale for the specification. + +### Overview and basic concepts + +This section should include a motivation subsection and a definition subsection if required: + +* *Motivation* - A rationale for the existence of the proposed feature, or the proposed changes to an existing feature. +* *Definitions* - A list of new terms or concepts used in the document or required to understand it. + +### System model and properties + +This section should include an assumption subsection if any, the mandatory properties subsection, and a dependency subsection. Note that the first two subsections are tightly coupled: how to enforce a property will depend directly on the assumptions made. This subsection is important to capture the interactions of the specified feature with the "rest-of-the-world," i.e., with other features of the ecosystem. + +* *Assumptions* - A list of any assumptions made by the feature designer. It should capture which features are used by the feature under specification, and what do we expect from them. +* *Properties* - A list of the desired properties or characteristics of the feature specified, and expected effects or failures when the properties are violated. In case it is relevant, it can also include a list of properties that the feature does not guarantee. +* *Dependencies* - A list of the features that use the feature under specification and how. + +### Technical specification + +This is the main section of the document, and should contain protocol documentation, design rationale, required references, and technical details where appropriate. +The section may have any or all of the following subsections, as appropriate to the particular specification. The API subsection is especially encouraged when appropriate. + +* *API* - A detailed description of the feature's API. +* *Technical Details* - All technical details including syntax, diagrams, semantics, protocols, data structures, algorithms, and pseudocode as appropriate. The technical specification should be detailed enough such that separate correct implementations of the specification without knowledge of each other are compatible. +* *Backwards Compatibility* - A discussion of compatibility (or lack thereof) with previous feature or protocol versions. +* *Known Issues* - A list of known issues. This subsection is specially important for specifications of already in-use features. +* *Example Implementation* - A concrete example implementation or description of an expected implementation to serve as the primary reference for implementers. + +### History + +A specification should include a history section, listing any inspiring documents and a plaintext log of significant changes. + +See an example history section [below](#history-1). + +### Copyright + +A specification should include a copyright section waiving rights via [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0). + +## Formatting + +### General + +Specifications must be written in GitHub-flavored Markdown. + +For a GitHub-flavored Markdown cheat sheet, see [here](https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet). For a local Markdown renderer, see [here](https://github.com/joeyespo/grip). + +### Language + +Specifications should be written in Simple English, avoiding obscure terminology and unnecessary jargon. For excellent examples of Simple English, please see the [Simple English Wikipedia](https://simple.wikipedia.org/wiki/Main_Page). + +The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in specifications are to be interpreted as described in [RFC 2119](https://tools.ietf.org/html/rfc2119). + +### Pseudocode + +Pseudocode in specifications should be language-agnostic and formatted in a simple imperative standard, with line numbers, variables, simple conditional blocks, for loops, and +English fragments where necessary to explain further functionality such as scheduling timeouts. LaTeX images should be avoided because they are challenging to review in diff form. + +Pseudocode for structs can be written in a simple language like TypeScript or golang, as interfaces. + +Example Golang pseudocode struct: + +```go +type CacheKVStore interface { + cache: map[Key]Value + parent: KVStore + deleted: Key +} +``` + +Pseudocode for algorithms should be written in simple Golang, as functions. + +Example pseudocode algorithm: + +```go +func get( + store CacheKVStore, + key Key) Value { + + value = store.cache.get(Key) + if (value !== null) { + return value + } else { + value = store.parent.get(key) + store.cache.set(key, value) + return value + } +} +``` + +## History + +This specification was significantly inspired by and derived from IBC's [ICS](https://github.com/cosmos/ibc/blob/main/spec/ics-001-ics-standard/README.md), which +was in turn derived from Ethereum's [EIP 1](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-1.md). + +Nov 24, 2022 - Initial draft finished and submitted as a PR + +## Copyright + +All content herein is licensed under [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0). diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/spec/_category_.json b/copy-of-sdk-versioned_docs/version-0.53/build/spec/_category_.json new file mode 100644 index 00000000..5c2ccf7d --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/spec/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Specifications", + "position": 8, + "link": null +} \ No newline at end of file diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/spec/_ics/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/spec/_ics/README.md new file mode 100644 index 00000000..803e0c89 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/spec/_ics/README.md @@ -0,0 +1,3 @@ +# Cosmos ICS + +* [ICS030 - Signed Messages](./ics-030-signed-messages.md) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/spec/_ics/ics-030-signed-messages.md b/copy-of-sdk-versioned_docs/version-0.53/build/spec/_ics/ics-030-signed-messages.md new file mode 100644 index 00000000..a7c56715 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/spec/_ics/ics-030-signed-messages.md @@ -0,0 +1,192 @@ +# ICS 030: Cosmos Signed Messages + +>TODO: Replace with valid ICS number and possibly move to new location. + +* [Changelog](#changelog) +* [Abstract](#abstract) +* [Preliminary](#preliminary) +* [Specification](#specification) +* [Future Adaptations](#future-adaptations) +* [API](#api) +* [References](#references) + +## Status + +Proposed. + +## Changelog + +## Abstract + +Having the ability to sign messages off-chain has proven to be a fundamental aspect +of nearly any blockchain. The notion of signing messages off-chain has many +added benefits such as saving on computational costs and reducing transaction +throughput and overhead. Within the context of the Cosmos, some of the major +applications of signing such data includes, but is not limited to, providing a +cryptographic secure and verifiable means of proving validator identity and +possibly associating it with some other framework or organization. In addition, +having the ability to sign Cosmos messages with a Ledger or similar HSM device. + +A standardized protocol for hashing, signing, and verifying messages that can be +implemented by the Cosmos SDK and other third-party organizations is needed. Such a +standardized protocol subscribes to the following: + +* Contains a specification of human-readable and machine-verifiable typed structured data +* Contains a framework for deterministic and injective encoding of structured data +* Utilizes cryptographic secure hashing and signing algorithms +* A framework for supporting extensions and domain separation +* Is invulnerable to chosen ciphertext attacks +* Has protection against potentially signing transactions a user did not intend to + +This specification is only concerned with the rationale and the standardized +implementation of Cosmos signed messages. It does **not** concern itself with the +concept of replay attacks as that will be left up to the higher-level application +implementation. If you view signed messages in the means of authorizing some +action or data, then such an application would have to either treat this as +idempotent or have mechanisms in place to reject known signed messages. + +## Preliminary + +The Cosmos message signing protocol will be parameterized with a cryptographic +secure hashing algorithm `SHA-256` and a signing algorithm `S` that contains +the operations `sign` and `verify` which provide a digital signature over a set +of bytes and verification of a signature respectively. + +Note, our goal here is not to provide context and reasoning about why necessarily +these algorithms were chosen apart from the fact they are the defacto algorithms +used in CometBFT and the Cosmos SDK and that they satisfy our needs for such +cryptographic algorithms such as having resistance to collision and second +pre-image attacks, as well as being [deterministic](https://en.wikipedia.org/wiki/Hash_function#Determinism) and [uniform](https://en.wikipedia.org/wiki/Hash_function#Uniformity). + +## Specification + +CometBFT has a well established protocol for signing messages using a canonical +JSON representation as defined [here](https://github.com/cometbft/cometbft/blob/master/types/canonical.go). + +An example of such a canonical JSON structure is CometBFT's vote structure: + +```go +type CanonicalJSONVote struct { + ChainID string `json:"@chain_id"` + Type string `json:"@type"` + BlockID CanonicalJSONBlockID `json:"block_id"` + Height int64 `json:"height"` + Round int `json:"round"` + Timestamp string `json:"timestamp"` + VoteType byte `json:"type"` +} +``` + +With such canonical JSON structures, the specification requires that they include +meta fields: `@chain_id` and `@type`. These meta fields are reserved and must be +included. They are both of type `string`. In addition, fields must be ordered +in lexicographically ascending order. + +For the purposes of signing Cosmos messages, the `@chain_id` field must correspond +to the Cosmos chain identifier. The user-agent should **refuse** signing if the +`@chain_id` field does not match the currently active chain! The `@type` field +must equal the constant `"message"`. The `@type` field corresponds to the type of +structure the user will be signing in an application. For now, a user is only +allowed to sign bytes of valid ASCII text ([see here](https://github.com/cometbft/cometbft/blob/v0.37.0/libs/strings/string.go#L35-L64)). +However, this will change and evolve to support additional application-specific +structures that are human-readable and machine-verifiable ([see Future Adaptations](#future-adaptations)). + +Thus, we can have a canonical JSON structure for signing Cosmos messages using +the [JSON schema](http://json-schema.org/) specification as such: + +```json +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$id": "cosmos/signing/typeData/schema", + "title": "The Cosmos signed message typed data schema.", + "type": "object", + "properties": { + "@chain_id": { + "type": "string", + "description": "The corresponding Cosmos chain identifier.", + "minLength": 1 + }, + "@type": { + "type": "string", + "description": "The message type. It must be 'message'.", + "enum": [ + "message" + ] + }, + "text": { + "type": "string", + "description": "The valid ASCII text to sign.", + "pattern": "^[\\x20-\\x7E]+$", + "minLength": 1 + } + }, + "required": [ + "@chain_id", + "@type", + "text" + ] +} +``` + +e.g. + +```json +{ + "@chain_id": "1", + "@type": "message", + "text": "Hello, you can identify me as XYZ on keybase." +} +``` + +## Future Adaptations + +As applications can vary greatly in domain, it will be vital to support both +domain separation and human-readable and machine-verifiable structures. + +Domain separation will allow for application developers to prevent collisions of +otherwise identical structures. It should be designed to be unique per application +use and should directly be used in the signature encoding itself. + +Human-readable and machine-verifiable structures will allow end users to sign +more complex structures, apart from just string messages, and still be able to +know exactly what they are signing (opposed to signing a bunch of arbitrary bytes). + +Thus, in the future, the Cosmos signing message specification will be expected +to expand upon it's canonical JSON structure to include such functionality. + +## API + +Application developers and designers should formalize a standard set of APIs that +adhere to the following specification: + +----- + +### **cosmosSignBytes** + +Params: + +* `data`: the Cosmos signed message canonical JSON structure +* `address`: the Bech32 Cosmos account address to sign data with + +Returns: + +* `signature`: the Cosmos signature derived using signing algorithm `S` + +----- + +### Examples + +Using the `secp256k1` as the DSA, `S`: + +```javascript +data = { + "@chain_id": "1", + "@type": "message", + "text": "I hereby claim I am ABC on Keybase!" +} + +cosmosSignBytes(data, "cosmos1pvsch6cddahhrn5e8ekw0us50dpnugwnlfngt3") +> "0x7fc4a495473045022100dec81a9820df0102381cdbf7e8b0f1e2cb64c58e0ecda1324543742e0388e41a02200df37905a6505c1b56a404e23b7473d2c0bc5bcda96771d2dda59df6ed2b98f8" +``` + +## References diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/spec/addresses/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/spec/addresses/README.md new file mode 100644 index 00000000..61db3aa9 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/spec/addresses/README.md @@ -0,0 +1,3 @@ +# Addresses spec + +* [Bech32](./bech32.md) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/spec/addresses/bech32.md b/copy-of-sdk-versioned_docs/version-0.53/build/spec/addresses/bech32.md new file mode 100644 index 00000000..626dfd11 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/spec/addresses/bech32.md @@ -0,0 +1,21 @@ +# Bech32 on Cosmos + +The Cosmos network prefers to use the Bech32 address format wherever users must handle binary data. Bech32 encoding provides robust integrity checks on data and the human readable part (HRP) provides contextual hints that can assist UI developers with providing informative error messages. + +In the Cosmos network, keys and addresses may refer to a number of different roles in the network like accounts, validators etc. + +## HRP table + +| HRP | Definition | +| ---------------- | ------------------------------------- | +| cosmos | Cosmos Account Address | +| cosmosvalcons | Cosmos Validator Consensus Address | +| cosmosvaloper | Cosmos Validator Operator Address | + +## Encoding + +While all user facing interfaces to Cosmos software should exposed Bech32 interfaces, many internal interfaces encode binary value in hex or base64 encoded form. + +To convert between other binary representation of addresses and keys, it is important to first apply the Amino encoding process before Bech32 encoding. + +A complete implementation of the Amino serialization format is unnecessary in most cases. Simply prepending bytes from this [table](https://github.com/cometbft/cometbft/blob/main/spec/blockchain/encoding.md) to the byte string payload before Bech32 encoding will sufficient for compatible representation. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/spec/fee_distribution/f1_fee_distr.pdf b/copy-of-sdk-versioned_docs/version-0.53/build/spec/fee_distribution/f1_fee_distr.pdf new file mode 100644 index 0000000000000000000000000000000000000000..b9995386957cb1be5fe5c21551b0645009063045 GIT binary patch literal 185175 zcma&sQn3}=x^TW8fI-42U!FX=@Y09J=ww8$~idyB}M3W`R z=G`Jx?A{G!m=b1l!uMa#&{)1g|78A@xvgyW?^L*-r?G5pP{*!(2Otgzxi!foSI$4B zs%B`Z-VV1$S92rx4X`?Breh2V{B~+;H^ZioL|=gzQ!qy%H|^UFD9jw#Paq<56qv~# zm!{_}8*7NUDV<{%&zANq3QADW{Jet5+&C#;_!8q&Na3iF6<}T0N&KKgPDj%y zi%U_6Gjm}aHXtP4iZHW7das7MC56Lo7};FZs!qLjjyu2KYCe$0*u(en#%z%DF`7%| z9S3V@$L~SRD)1#qIvgcpTzqegqk80yQx8vL{5=Zw!t>^6Tj{%)N|bux&~q_QkT5NS zM#wlbnGyEkjrVwU4?1p>H@|+%{<RWHV~%3?+^)f8c>ss-2ysY?m{@lo#!h9?reBcV%`O}A;n9;X zAxG?kl|b-EX`1jlWNfyeT|jWPOgUS|SDpvX%3Zeu#-miSt*05X;*B-PtH%@1(tO>I zK-u-eGCEh2Y|nF*GP>{f`L#$ZykJj~=T}@wxZMM+HXM1?=^Rn-%|=0I@>QyMN`@v!zKhmw*6#Tk~EQ@(>#(q z4mcvaYU=YBfBr+I?Sq>`>RjWd7*Wb7i~kkl2dKWC0IpJFO1RWJ)yG}u)?7_8 zOcp>;Ad{E=@y_804n%{bpsk2$wV`;-!r+Bw>+^f4)-cPULm8gByfEh2o~;TqfV*)x z0+SCFBV;zn608Ht`b`k3XK*$_nOzgcqpTS}3-CyNmZF*$iQQ7E#LmXz2(jnLz;KTD zI52Oy7@KlFnMV6w&iAU0hqO6QYeMUB5-%_hU%a+bTtFB%-Uki+$58denPI!T=`><& z=imyj!izCY&E2W%Yf^k(8Nm8o_`4y+k7vh78;AmQS=yw@PO_Kti>SOSKO{p~mAJX%ie$CvD$wULu&o9AY$U^$?1{-AQUv z=vmeNL})5$zQBe^p~_QLjyf}%G{V#$-9XgTipnslz#?mDlcW{VV)DpW z#(B5b^p5ki@Jmj$J4cO1dpXQNRqmS_jvRrLC6LJ~FadAYxYRZYlmH%%6j_3Uh$VQ= z9hPZtyAlSUrui7JyyZxM)n`dDsI(@qgCP$WhkPM29r9uxs3Ss42MN2S_tGGP)kK ze>8(|&(WJbwE9KH=8h5LoARTRS8QK1E3=@nW#^d_T_f%4C$_c(fh+?CjI%V(9UmWD^QXuw1&uK=8! z4XqnS{QQ;4w9ll<@}kLIZ4E5)2uWQ2JXJZq-ieqbWd28l_P9DUkdn3-{sC)OTC71JF!BGTs=MlEZ@uFzplFA{%DjO zujBnI7ASs5l?)pBt+s%k!&t}1Rd>?ttq3IJX}WgL4Wx^Gw(ClG8*;>16<)58L0$7i zVlZEixF3Duya;LE5}y=6$wMNX+swZBiJPW(Rf#^`+{HpSaM(KFc4QclxD`%&esFSK8=+VVf*Apylv)eo9R z8VdP7DfEU1&WQR-Qk4@=(p4ojwV%Eqg@Pad_vZkH(rFnOGkeqjZ-@VR{a<%*u>Nm= zurPCS{G!;x_~X8)IOaHxZSEs8D`RSJA&6<|qiD;8aVep$OffgG ze@C8`imgzd!uM>fyj$N15+UE>gNA45}9+a9w$CybrKb%ojPn#F#4Na1(D3VK)+@$H)5p0zZ5IxqIvBSF-Eu1}`vRvB5FleY&uHHaNq^|Lp8n zmkyu56&Ld9&FKyj41|Yxr9Thndyepm;>x(#5YY2|u}zo?Be}S45w;$an>27tPn;xH zuE$kB06Mu|P+9dRL7cjufD6_L@Y!U+pu-Cf#M;d?q7<9m)xBm)y2wf9W3w$UNlC6YMVtzm~ z1(Xi@dibTnW4oajm&yM^#u(>Q;MHcMF300+1tvmb0!GTbe$&v!EVqHDKDnY>;(GyI z;hoJ){zL>8 z@H=agJ`Vm~^m^0|B=h}nyp>8 zz1c5-3}fY|$lhZR`Ixl|+M(9WWOrBKHV4^5_fH@)2s1Q)N9Tw_uMxGHp*AAoE;8}g z(yfgUcDr3S1o|coY9h!s8zYM`--6wPa_cFjKG_iIx!X5U2TT%YSC4@EHSH@e=r-!R z{ndzfge}0li~IJ?Zl49EFdyIh#G`lp?$Uq8I;6od`mGhRF*KQ4c_wyF=M#LtXbjvE zQeMGSN?BPtW9H798C?UWJ@PWkN6^>LoQD64w6J_?fuxA@GRy8RabJ2>SG}FI;~mVK zgYTau-dEwfmxSlRc_?JxUW`a$O?LLqPWnDb-sr}ntg?3#2DtT*ykeB7|2x^N<8!Os z1g>Y1*N^$!@g(0Nm`&3rCIW(6tG-F2U=|e6JvNXC!xn3^jWYw)0N56=h~jlH&9tAT zBHuc%LiSvTN3Z^!doOEK)!(->RG6}h{0}w+qEZ1^HB&XE(MaEgMWruGOhJvADd7ka z;=uLA2Ftr7;CG~o?Rs#?+!$S)eBgc8&O1nbyNI9Dk|sj2e{BVL1Yt2yK1&~i6WD4D zZ*qR;UYtPxbh7sFJa~>yP_edr;E+!rkB>nm21)-!(@=2)&K1e<_ObiXq*1#Fiy2=N zR$*NanLm*=mzG!f1W~&iOCL4k>ZxZvu{`)m?^Y>rCTXAkJbi>Z0qDj}wp|*{&dN_? zp8^9|LGtXtA&lsly~vlgB}yYcCFBHMQ1VBpT_@cZjx&Kgh#SBRG_5$udH6{Jgm_;=WgC$Jx^1;Y&Yx(=8S(dEHzu+BJ z;X#1}&=(A{82NKdMU~EmI57lcrSqhXiK^g{9z=;+JeR0C#m*gARzIXjyAF#G-Xgvc=Yl6pQpA6-A~-fVN@+Y%AAMFBNQYR z+-kMFBiqSSQG~P2?WVT%Ctfk)%?*LQ7nLQLC+-zdZw4taS*9K*meCmk5G_igcIOXi z>p|Uaom9jMM}E96EXvqQEPSSLZ{Ka#I9IU1`(T^GWFB-+s#Pp|h)DznlX8UNa-LhS zARiOufsxPJ;h-$Rt9wg4&#DYV{mQOw5dl`VH8UD}G)*?WlM@m)64!$xx@10rzo+?06C09A~KqD{($W z(!xrY(vR+fSE`=JxGD|h>bSBm$Ma6~>EVi$%%_-CBUJ`r$JvN+b>ry^_26*>PnShr zN4tomSZ$>UG1vUNz<^t!aq6WA>0=^b`?t8*&gO8X6SqjWPTATLqfEkK8zK>AKX}^| z2JR8FW43vvIwZ zIGkh%o{L!#W*PT0bT_4>EG=(bF_K9KKeQ+U!IlU_) z3~yO7e&%+n(Ru%Bj8sw72Dz+{6Lrq;UjX3sF=w#EaMrQ`L;l1vZ(3XqJ{vV^Z<69A zV;Yuz=4@4?Qx<#wV2kOCfS8Te^eZzw;V;zG^ecb;+_m$uB0ZaN!+ zF&>Msp;@p=;g$A0EF)aNgalkL%@?s~U5S}c6O**D=pXUonnSzQ45;>L?t9nFAXp>X zd}FHz8Utp$M+WNm?gQeyLuRBz>ICo64OAQ~5qm?6ASjc4zF(*VkTJ>wnsaA| z%IVrir?W!pfa0b@j8KGWC}SU&A-OL>@#9*7--GQKK^xa*wj4p@ft`zRBMsIzaXmRT zAp5`CF7KIN9cSLjPfrZY@d>O2L!yM3-l{WIAu{GKSA|7}RQkmo6s7xnRV(8gg~vWx zkh8sQz`1qd%_NA?N=?FtFI~sAGG2Ga-ZjEP%g>aYw%8EyPYNmsDhUMW$cLflAPhX7 z=~PnPZh0XBk6=>E{pZw{UPPcke-8wAXYhJ5uD4(nF*!bShNK&B00E1M)WUq>b8-x- zmf;TJz<#(PfAu9T$4S3Cld?Mf*$*4h+2o~{D5)ZH#pCgnK4MP#`J=;Jk{4_jSNd*z}!kTt~D(q+_1n%JjI zp^_W%KbE;dKD~>A`F>3%cQ7K@t?Fx-+!cQ~6fI%alpP_+x+=sPR!NPTZqA2hP0w=UsCyRyM5C5&^nq zLooWJ#@{r^8X016r_S|zlA~#mYHtoCN6@Rdk(lHogZsnc{TfS90ePzXQf}&Xc;&+mR1oSMZ}y z3?N?mMj_CJ(Jxm?!N0)Qj{w^L-ASDPp_7=o*x3KuPHNNEaoAzU@PBK_WI(EoU8i&C z2G^w9vWG1lB-xA$(kr|O;VtH~Wlg5FLg^XsUkF>3WQo3F{}W;A$wh{^5cikov10?% z;8)RBTFIPyTX)|+m5F2_S}y%eILFmR&%s~%r^ThO=j-F&L_>h0wYY8T;)OW#k{eNC zj%;cdbs`aZ*m@2vxvf>!WqQ?_1V%B{thxAc#0+gpj_D4U{SLQf<%#S2w^=s1+VPe3 zwKu_*ny6`tbAq3zp57&|(+>GZmc^99sWw`bm$rX<>{D=-dRCCySn`EUZ(*C*<4{6RcSGU=V#es8 z0c3ua-tleqk_Y`;PtFW2(m10%&m+(uQ10DDVw^-QP)ET=JNZS;r0h?Cfn%#^3za1ye$IhRo9){_}CpxHm#YBt{Jf zGG%D(M&(LjCR{{Xgz7(DFXJT0HgzcqzeM9MRFXe7B82Fh8Ty3Q>|w7j_KCM z03yqOE#3^Ki^Do&VU-HDo&{o0v`_i-z`!G7%(QuQ3GcdRJ zR^=pO_H0_w5IUauWs`1Vf3w8I6llIyqSv!fm_O;F^V|QqMCUt%@td)8qf@|&8i0}X zthOe@ylPh}Pd|NEx|Kh+O#&@POa{s8Wri{4SN4G2HW2xvov!?2Us(2d`1~g?kkAi5 z-v8Wk?z46Ibgskr@;%n|83Ls2TG&NUfDas<0tFaT_I2J!HdH!6oqJ0RK$GHmeKr=T zAB)nhw59&uMo$S#Ar794G=KHBZahnoH}IMtvM$pn$gj@S55A6pD{wBFzIW}%Ve)89 z&Aud&Ymck(Cg{HD;p?DM8rFKd3Q}$-j@K};9fQB6o%cT&xJ5F5vyY*^sJH$`YTwbw zZ_#*4L|KoAB$C0!XFS(ai!k9t4Pnycbj&Bqz~kvR zz1t;Puk}1lUU2!`ZX?r3H?Q{&#w`=mIz%i}y(L(!LFta8UI7~QHrQp2pMqi8A1l?ASPeCi z3!5HU4`O-C<{S%ZIyMkM=#6waVK_%k@eQJBN!&~xJ9`xcYvra3Z}I8yu(kHoI)hO( z;oNsp-xjF9_$fc^%@rKw>GVvOTLjwXSrm!jWnzZWdDtP~i2xF?B$LF@7HZb=rqIHQ z?qc6*JwtX^=Jp*znj~(c@!B2N!{<0-*6Tu--aKJ8*6a#>1WkCrXqkC|>UeTK>VxZ5 z2#1V0nl&=KXRK%ugtd)%aw)Old!%7No1C&Of_~GF`Uod{{i_a*^#!!W>7q)94;Uw) zcwP}7W$9!RcF#|Z&CuY>4>dNMUqgX)s(u9pi^~xioB+7(dk9s7rUN-r)mPtc*<%6M zE-UjQNq7vMXO&ucV&J1ga;^%6#E~da2@l|AM#sfryxtx^biUs4T}We?vcJy+V%iH_ zHm1=|VWeJdj0EZbQhm5g8}*+uhF6e4#~Cz-qZx17Vpp7c_B6iHTc5xn3@K_`+}&A zIfWkoTRkK(0w3#Cal2)BsHW+%%?2M4ad;{*vP`?F5dxgoYeGxR21>>z<=>GWlQE|1 zU*oxv0s}yp6XmPLQvrHpSd%)?FO>>hd?H8CG8>;3Q^R&AJ)U7Se($rkPxQk*iFwN{?LlgmHE*UcIRmHN33Yu(6Fg}@=^?j(9P#;1i&v!KT zjoe(-<^z)7_=CJrM?wn}Auf@9!<3q*A%1YqTe3(}05Po#;aLnQW)-bKX$O(I)FdDe z3lqJB`+Mmdudu<81MTyb5A4B4>oEt;4-_ET@@CV>lyaflqFIyv&fDWYcML2=FaX9& zZe&6~n0(|Cxw)x3N#dhC3j1Ki^-J&^kY+$^TRz{Y0c_P86BSN*T)~vU*%5Vy=piuZl95I%$1~S_feS;?xosC}RM4SMEz3P-*)O3fgQ5-{V^hAYU)R{SDM`CICNK5?fDE7=d6 zg`QrF0EDjLq!#3nDGVsm`56VB4C)uIb?hl&9(z_2RuLN_Di>(gneTSGe}|9kW-`Oh zWG{yXpdMhuE#tzH_V)?IW>NxenpOg(>>7nGNlt~rp%)7MnV?3dG7kIJG=uI0y`6QC z@O%K}0QN8ZI0Us&fvM5wy!>-=2#&hzrs9q3V%WLm?+6bYxs0Fb>&rC3YMx#K7Q7EK zG*@KN!VA&9&`1h=m-W!)&_Ny7*-m<=D>qxQ}l73;f+Hjxk(?riuK z#RYH!*%7)iJ~WpR%T?s=5fMAHO6rBq0P?2s8)7{5T?b3Gj3!Gx_{X!yrEpsf7%2kA z0i8~5wPT^ftsA5yIYdlJ^laaqv}0)Hx^)&l>6><@8&NDXIk-SPoN?RC z$E9DBs{G@6qqoD7dS5s;mTdm~Hs?)zR^o-+D@Wl6qMRyRQzhEdn=WO-1vhMeBV;lD z62BTqsv0jjx1)>3UtLwoL+ejum@qWv81mU^1bYyK+8;Dg-I#d1!zjye?2r6en;3%-LgYUU7=a+i? z8W0ovn@6m!4wF)*`xGmDa;vVVcW5+g9{ zWV@{Ls@b5R?I;8a7`rXv5t#n}47vGM_cdjmiP!l71wB=n-K__RDU~Oxq_Jw_HI1>K zv%}k%yJkItvnVNdLFYHvxBj!=XtE1bRYxAFViLo&;IIp*!&m z+ZYk-YTY%0?a%A|+phjLpaa9-Epx&-9P!Nw1x-#5eGszIh6S8%2;=aZe+DkU>2!&u zW0{w8Lw6qoeL zp2&VJdqE<7Try{QVl+;Q*T8%V*!2L34|+PAlWHqkLQkg)CO#bp^@}%8o@~qB5f@gq z-f1C>4wxCot13;qS;ny6p=k)Nf!$9jSjZNy+@q{U%a4i|omb8dd?tqs zG5_D~WXQ%i&wb+&VK1VjL#NKF#UbVkhh?)?f7#tgcL)tBb1>zwMCJx4t3 zQP{IA-F)IhmU|p*S{A)YlLMm@+Ll=gSNh*pd|W~|3Z&P-?arX6{c26Co$HvpRy}Wo zlyE2WAn>h!b;{C}&%rdXPdlF3m=v1-3OHHUb=M=>Uh@!x8kA>7Bo2A^5 z2Cg^`J}QdACa_T!bbekOTuTO*y@_gNwA^?VEdw81c3F3+{<(HU) zd}>^k*X!xSE)^3TLPgW_J{*+td_lBo{z9u#Dl_=qnuij}t8BiM=w2qDCW_;27+wyO zyQ2Ljk_CyoWRSzgnMmLSu5&*J;*Uz9d_D2UI3m>!MUa)^BZm3DT$c{TYWT11*?G}o zG)M{cj&Z)wX@U~6o;*8&h^oEqpk*xV6t?_kM-9=gneEDfrT`x^F~uWzTzd~7G)K}K zDp6fIInJRn9)0W{JZiS`C+pnDza)LT&FA;#WJg~Y>K9>rgt4y~2moUUPsMNo!NAs^LSw~ST@5cIB~(nc?|rO_Zf zeS`Fj1C7EeAu1-Ln}jCDtWIzsBUx+%nUT0JQb~qK5CgssWj@*&<9|q*(edcsFX;eF z7#krbl;9lt^=w8w&noo-2ssNx4gLw6x5A@C;A%N_QF3&~+hx8H|hXoCjQ7)C3iV3D9{ zw4LO}!BZ_@WnFrn4RNmWt-r%yXz6~QRi3ri)_)SvAO>P%I_FRd9S(T{TXm$dc=Vgd zo6Jb2V(V$!mG2*RUG5-)z=>@#Q@{#&X1Iz zd?1yq#3l(!2oZH8h){#bjI1NVd^trPB0$?w)4=xYos%ZQophs`0}?bfs8M{TjsJ?8 zcbRfCPBG<4Aso#xqhOfSSGnpKie~|0W@#Ns5SQpM9fz;%2(18fv;D>VK>DuMGcz|`!)j8Qo7fv` z^yi8r8c6G`rSjVz^IL!^mfyJ##f9lm#=d;Avm9O+x#|Yq`N@ot3OtNtkp3dT@OmP6 z>$wj>$W_@AAHnz9I3uKhN4B_ZcQM&}#5PC*#A~~fH@SA5yHsX{(l`|7lu}vI93P;I z&jW{oW|!X5+annF!rTFPXLiC7M6euu#!v?1P71@QV(!k9X^s>B;;)0qI=MXCyNqRRrL z{an%&PRisy3HqxeME7@H7c%G-`nu8M+V~UEG<^Xxojuoh*ZE#dc4NcEP)oSm6x-NQ zxE^xu9?~Cz2+ez}sW1<+oY?5V_Kws0B@IZF8-#s6*Qvx~^tMQo2t>QYKl|_!HUTgC zawRPp0Tv$wPP+h8ubC$pB>9<_XHc~507NR{a{RAQesoJ&ere2{P_UNH8iAE=&e0W@ z(k%->cC?31vYmyPE$7VvF_^s4qJ5Z}@`t}JWCR|Ouu{T4pFjybN z9;AV`mSO9hsZ~AlCK+a8CX{4o&?)$GJl@^yc6)y9VRIY}4Q#taac!(7iWm*u*DSh4fcc~@;A zf_Se|VD92Hoo2LxL7-D87qPO+toXZGu_;LG6`Tk+Zdm*a8x844f=fX5b^2dn82W`b zTKfhChbwQ6JQy~C?-|^43b?`wBb*;1MWEJ8Q_ANt%Hgk2>N1{@&s%Kbu~g@8Fm|@Y zWZ+O!zV-*DqLWCqe;PRzgR`Wz~ zMyca=fUJ}Jh~l9x?nXa>rx;8KlUegHxIE2a_3zMBI**}I2`lzxJ`$*NrkKX)6R6qS zfipyFr`njjNR+Mr!LIk!!@%jI*&O!Qx?c+y8wy(iDj~9JdT0yK-GMD~~s|q34m(2Ia?1~fPos|dPl6{F5 zK|ON|C0RfJY#%q~Mhz>+)-BhgVPtI{|YfwG-=_KRd|c))@2e%jpbyO% zEEqPbS;6t(DHpHa&liri8bcJ#aJ}Z;EXjmPz4Swmx!b=zgm?Wz6U#3zfo;x>W~k&v z(NDi~Ss>hjy*$7fkXoAgSEt*wWJ{XB$Gz!zdCAIn?BP-Da(vNcQ--*bjZlykk`g7!fxJ;FL0`O8fb0QDpIHWPV~A}J$MpTio;jWTz(U6DArwC;{T zOr$tGDr?N%b;z?hq`rfHo!fmcS*Gy}=-O_S4mYbh&9CcUUkwe9@nl9uACahcbfpj} zJ1r4dGJZJ@?g43KxZz#iQD{2Jv82L_P{5L=?{$r9%1!73rE^u{;EP4+aRRGj>uWVS zqDRVFKvLhq2_(-)QiyQ$9Yhysi9^S#(32<7!BC|TKynj{an?Yz#$M3ED8J?ssd0+M zeXtj<$wj!GJ~;<5brSE7e@fSw3xHa;5vcXDvC{O{yo=3ry~Z`TPoIyx@f>EANhRk~ z8^2waw=BlVqd6_R{WE-r9nD)eiV%;frjeMtWS_
    (w`o4Ytm1lYA76?R0$v(9S0DXBH~N+}MaOrH>-A@NWd5|js$K_H|Yh;rg5&4n<8 zvEd#8-TNNip_H&lahhS5h+3|bN+pasmZB@ib6yG8{gzV6MjfrAX0~YFRm`D7H)}6! zk9v*T1^bN-s4Ldyjk6(7q}qLcIvA@*TS8WZAYZ6D$oru%TO{osj*b(fqJ8;k>r;_B z=9JnQ8M~l_Q`LE=+?)2lubhrCV#19VVb7F~T2;!9)MGKUEWM1q2`t;f5gO4n_OSQ7 zs5Ll^)Q-8gTz`*sVBRT8oy);~I%7=AqqD~5FexNMcE6ye^nKsiL+3gWu{<-M09xE_ zU{`@kTZODgQl=U()TB9iio1M)QjOUD<(KUV8*G)Au}CQxCPLnN!P@qE! za=$M(vc0oXU$#@V4>DDA`y;4m&YJXG_y%Slk@T}E#RUEpn1I;OH2PzQP;v}Ab2ViQ zl(#!Sa`lZD-L0?xsn(8al~r4UzW%0t*qX&~23=JS6xq66hBzGoUSjm>&(bB^#D4JS zyGho#g{^#o7n(N(Z0WjR`ce}S9*^N18sMvT_kq~qEz6-ZY2=Y4f@&w0LC^rw*|NKp z2~^Ac&&sN(~QYX|-4vJaAsfGpi23>}q~{(_3a(v#=n(|gN>*H%|vc0PP|K5u&4im^Dqu~> z+GAHxNeY^|`vt5ll!|=3TSW2G?b(3U=%8lIwq5Y%xV`@k$1hD3K1c$DjRJD@tOB5} zFmd~7Oqz(f%dBU<6BX;~!iivx9SgDE*HpnmvgUtq(#>w2$h!KF)*w!14)Zue zgdOYXgPpUD90?1X4S{DM2i*~YoukV++y+h->{9mzOw@)RD0mA(P~7RUJ?6PO`}QOh zwLmh~!Ng{ZfYrD#x>`7fH7`H6YQQVW^lCS!JnX6QGHJR9QnciUSBxcN(l^NIPC!em3MA(eg{#d9xmNGe8Y#a7Fo>B z{wjauKUJ`NOMB2!p_c*CgH8K20+@E1&^0_%eVJ)NAiiGP80Mc7h}JGrVRI4JbKTV`Tp4WBApB`mJVAdhziO%p*JiJd&UEU|$iDHiG)D z5+@Swb!|H*;scBeTxYzgU*Y~SN5KCH9natF@rtAnq2CIKF@bejRJRGZ?O>*+y%P_E z-~Zi6J-k>;YolnsA}C@PD`9jLaCWHkgycBRja*i=Yp1poT5&4(z8dn<|uR$yNCi)W4zJ&f~EH72i1+D{r9fzxzZYx&tlUHu-q za;2I~lo;)#b;wN}*;rU*7-sc9HTZ%iszsvPeFmTQq1M)kAh@q&dCyjha5B}2Amv3} z{l)i;-hD~&TZi)G&5H=KNWDPbE4KfH4CzA&I>mT&5aZ-#J|(DYDU2>V0^|{l;*}YI z;U;&k;!><_v8qxw)EBb;`p1~XC0IrH!$iTzF{f$1iK`wHipZQ+WGU1@1a)4HQGgko zM^Wa1;5s*+8mZ;r0?mIh!i}tDAbxcOU4%^FEZrX&Wnu=)kIu&#ez(U28hX=N7Ue?8 z6H+9X*6#+w&&X+**CKbASI=@vqLhs{amZScd8!189@-C3lR(-UE({~!yAbMy*&tY3 z!91B(V8&O&>@5-f`Z$wKSgzJQqt-3z5bhFu2s`%NkjzOVnJdb{)0u|HB*h~2C>mZ88aZ=P z-zXIs-@RPVvdds8CDOD#5)AMkeusMW>o{fOHV)hEGIF#IRWU2z@UC=Aby5-))SPd_m~Y5M_6lnc&{pJrV5EV9m=9*|Vl@F0yln!|-HA$0m9hq^)rTfuc? z^ZQ3_l&lHtbowpZM{5a9o-c>IO{8k?Em^&v&SEo=Kvc=&VLv85XE=h;4k^b42Hwx? zQ1P`8^|;!GN}tR4MLF5T)!#>pld;eoo3DZtbH;@MHm2iFg>OHDrdu;Ulv9shrFyXJ zinEnx!;}x9l8a&D`)A-!@;1@j6(4u_D#hA4W*f5@xhMnk?62Y~bGC@z8y3l$Q!yfLg>P=vFO@(=a5&Hf7$p0a!ES{y86VW7+N z%DjDhMAw*SW0VM)miSqO7rM``qlwksVOJmG*ux@*@r62Z6A6bbZJ+sK2}vMJXmg!m z^iXso55B7o{^NuA{kpFp;QuRC^#}N9C)BEx9l2%?N~Tq6gk*)QnG8U~&Vz0)Hm_Ug z3|SDIz~aMxtnP(XH9GT2E?tbC#H}jrlRwgjv`9T?&WzSFOJ5L1GtJIYhM?yo-aaQk z!OiLgM^n=%d6r>ZOtsk|=aA!nP3SqlZrySJ6n)l#ztWH)v?3BC!2pAF;!V+Kn?goq zqY;!eQ*?7Mu51!q5jFISNQuTa4R>4BVxbdb_$gDm+?TSj1YKNqiPLW=mgZVFq5YAmB{aQ_W~Je;9y26K(3ik zt}{mH5UmCYR$mdMVo-3@fYBoI=a1`(rZ z!E|(0y;BJ7)fFU}nDKM%`P=i#M1g+-FE-b=#QZQ8s^k$|-rtTe-1O^!3Fm{}m{|HJ zc*^NPK`sMY;6-F&B_qaVAd!4a%Bl`8@&3?XWBGg_(29~Z#UJOYU4q_&x#O-VQau8> ziJ^&CZN7U;C^l%dLt~Sw>XAr!U>mBQQA@F6Dq=iSB&^mvo^FWiUNJ=S<=Itzyqv-$ z#I(qKvj7W3Qs;VZIoie97vC;hwbE-F9rplF%o4sN*ebAIpj+A?SZiF0!HrjcbD);w zQ>P#y%2SifkNjW@8O!%bQK}}nF=2CnbFzvFTNP4oGy&vK2je!j!&HFjyN8p`#;ZEg zJtAa+54a0s0whs)2}sN6r11GnOP-K@@MJN(grZ3W{v7KiZ#Uy9Y>EX*8`{#r?~8R2 z*ZPf%)^VN@j5W2#SQw*6F}|`dpQ~y(Ydfl*#pevjA0krn(vNu=O25rcLeHp2u-e($ z6_X=o?sp^e#x%u09_zR)9L{IFLTv}!2EN?D)1kwT#(p&{z#XVOoSi^2#dOfWZZZ>@ zROf|*+ykPeFLNV3abtRGJn@_M98p zClJSm>VZGk4e>m>#%#IXuOcB$LT)Hgsj71*mVB3&M%*K0vs-8qahotpqsPG%4Nh$8FYxnv1#0sg`W9=7-L@LPxtsqyl#h7j6K z!_&$_U(f1f4MvJ+8b=!&&3$#_^Y!J^=j;*`$)vxW2+0ryRY}>ss8p-Fe)Jd6@~kv4 z{9Hh;fX90zs~b)tIAE)Q@kUGVQDW5A9P(?~=&!A|qx7Z@-o&rU@-HlK3m&!UW~cA0 z4VjP3fWx|rDR*={{)Eu9l|N5VvOg@Z!Vn66iHFy05Ej96z(EEO9_|CtZ^U86?x$=V z%SNUBuh}`rCiT?5virEa@M_TxHK>S2lIvD=*TQRZkJmZ<-k+hozrMA?dE@_wv2zF# z1!%H$+qP}nwr$&X-?nYrwr|_EZQIt|iFmV`KjO`1rs5*Hn^UKFu_g1=gidz@} zG71EL86EP1ID2)4l%`F0_*!iBC4;_|-@LlggDQMm*?=?ZXAi<0>WM%4kBfc|V%5dh z3tZ27tM}EJ(yQyT_!*Mi3EQd7mO1h%+da394rkn0zkSTN^Xi2e+`;J+)IYdlBXNwW zZBp@>A@fi77@hU%crBNgoUcX5D>DgFzF|{zZgVf)GMVz>0cqYel<$CM{ww z?6bg5Y6K|@_^CX)JH2GLMq!9Qw`f;3_rrXi-|~P)#Q=-|*;sXAk<$1-4^R7k`WAbl z|66`BGBEuI{l&=ee=Y-U`KP}&*${e8)oq+3V5++dcWxSNfk@H-Vghh7@hl=**HcK< z3*C}_K4zj4yQ+#gi_x=i;KGik*y+C;y&PZ3sO*wAY!+EM)^Y7raO@wd|Bf$sBM+ZX z*LJ)UhqJv~)u<$c-8R?QI_uON^1$A_*~9x$F%ZA+q*4=X9mZ9pufWNHf&aLZ4+e#) zqJej`rnuRT7VrFB&g*n{w~x%aHp>#l)T8OrtTIAI*X~)kG4a}yOEReQ(!S{U30&kj zo7xS!j;3LwRi0E;0U_VUnKo;Y8)Wg=WC)t?B572kDmR2y@XsE^ws=K1u>?P{#P&;e zEnS>}!1Tns8+DP{CqLL1ZW{rg$CgmhmL|B%F}Pc3kz4H&OfzM_%W!mH$nOl9o>+dpiuc(n^@{L*M4qhHJS&+ltV7KX zCU}TieUW&qSK~$42K-F%%*MJjZ8D|JnC{J4&t(;~xxO+yX(XlW zqYZxwtEhut)DTR6qH;QLXjAJI>fLMxd^mzc(KQ-@o4<8ZK>}3ljKZnvCPRjhery4J z#jI=`&t5P>lHgZh!LZ=GOcFJ!Ls3VZDbya%yCoZL3MtvIpA?ap^^S( z1*g>#P3OP>aoC@Hp=ruaxG(yQn~Uh@z~e6A#>3Hd8l*X%U@6qy-#ushP(%O(IfXXd z$LM8bZEEN=mD~!+Sb_w}JtDXzyp>_alS`{&EN8vwx(*KCB_j0)cTHeiG;43YRrF1=PJdo4nQ;?0>H9(=TZg}|=d1sVs>M__Tk0~(Qq z%pFW!+GDZu5rkU@)Dik0Ww=xlz{P+76YE?jmmt73ww!%)BV5=8<`id2IIDyJvk_qq zbHx>T6zxuo8rrb+SoB`CxY_TXbsE*OeO28|3EdAgtdIs2RuB#fMZXXQV`>|7inA~E zfPW;G&Ck4bRm0QZcOEIY{k(21z1PYj62S{OYu^BVxfsT1eu?+z}lZy87x}9F&mes|7ih$wrzD9MAS;q~vBjeB~I& zoPJ?dKQNH11Ic@Xwki9gGfM)U!90|jwh=qElCW4OB<|T`QgAoF~wjo%U4C<3&R7x z&fIZy8dURWkr}?=PaP`5{qYZ*fn24tu*R~YV|{QGlH+Rl<0m*N;(jZ@}K zK%pMoK8cX$_vVrv!rM%r>ui&9MqD0kW~Bbp^$(BwSpQ=66VPbdJWS`c$n=Gmtq(;+ zY4rg1rNV=P*Xk#f_+WjRD`49Tzv{rUTd=Dj)3R;5ISWW6*d(>vDUA zoJU6Uj|8Xp_t?H|z3rdrX;Ir&>gdl#ei}!nO&ce}g|)3!M#{7=+XwRZo;mhSy)XRR zJ~nhRjxCzi<0iXRHtp*+!CkYdqQp92{BfEMs5EgD9utXBASD(hq_R;1dK*PVA;#^+ zar1E&eNt>IHjl-|@=%u&g~I778j64Em9&-mCUJU(H<>?atqIVIxG{51!?zjwIRC^h zO_mQ-RhPqDxJKe;P)>~VH#Inp^Q`lB>0g!Ag78L*wQ(7VzbUxy%{*lW!K0L6txZyF zHb{-;!*CbVQ5mo0d`6J_mx-DtBSr!D>&AHR7R`fbqq|O@qPspHcrQIAqCz>c1~7f-^+Lfj?M0M9T3@y8=f9psi)pet9MqG{#{O+ zr#|Cu*U}KW7(U^DCAkh6Ng^q2MG3JWzg=JBNrG_0ItL2@K|?UqY^|X2zckf6IdBi; zJtMI{`eGXHJ_&DM&}%{5Oo|GUlBE?X6Mp*ejl`-HhX}O=Gmi_9rR34zF;jg8`e=us z+DV**!H(w?J`X|v0bPQgS$L5!8oRvDhOU(@pftLD=h z6B-$BS~ct`(hCba?x)^)fk^HzR$%FKs*=@2_s}Oulm)CgK~wjy>M9@lL4LEPz8@@e zIOdw!qj*qNKCp8<4QL=1V$g6`2_Y!aY%-B!=TVsQT z$dDSYaF2x9VdFLsqX_>|#iL!)cvvXEdLQvaz`E!Dl%$HjiFu`|^;|Cn&~N*0QHLmD zQB6yUprEe6tO~H#<(I7Hmje#eb*Cq-7yx;N`}3S6@Y4BS)0a&2-l6X36pa|!lXlO25};1C2_mQ?`7 z`L1)-UNP3?>bYC(wHxnY^^PM0!GM$-M?a}Dm=!572yC?!GD7i6!(#@BAid`x{ntM) zlacYv#b^xi;&)|AFoesaXq;G)2WDKAwHf?+Ib>oER%J(~{>&7D$g*a*Ed^`AOR#Q2W zh1$SBrK-`&AW(JMYFgG#!S(U*=R{uvgC^rYTvtr2|0{N4{0H%4W%(bX9}@v1GbaP% z|4jd-e*DjnfRUB)|0R9=|5<-AFQ5uKn=7DDhX`A`Sb?3LAn-RxT>&Enj<7cYdk91eEnT%*fcx)cgWE zf-+e#xP227{ZkVYu@a&scIP(0A8|MdQpiVVCXlU%ziAO6lQ zA@W%Zfa~w??-_oM;SgFtIkhqYt^uF~%%S72t;LY@VFh4qj3Av}-trKd1JPz?UcP8( z?Ck8O1hmP`>WkVLaEbe-7uJFDp`3s?I|5|@dntiY0$TI^${C530GDWKa(>jx1E#aL z{bLFGs`^G2Kuk`bE)I;$p`1Xv%)raX$AFWs1l|0wCx31GAl}M20ocr1e?vbb{a?*2XY<-S_rW4&t4-B-m<8zvj4{kq5XmAC|>U>@e z-cKEBuKVoV^nL}+Qr$|;dM(pC)|xEVG`arzn~?l8c%l;iBxD3-1L{;)SMzLn1H=OZ z9N8K5KX3L;?2=%?yJX7$5Ed-#Ih@b^Wr(GR-~YacTU%O{`@E z0DAkSeQuQfCSQHb!p!|N5xDsO#*{$#=I9{!zs%-eHaIn8cKJ4Z`{BLz>iqo5zTZ;( z)&>3eQ71YzG`vg8f424i#^G65TOQuW4PPF0aP-;*0KK`QU;Wfopq})R`BeziO+NNgl3vU7mG-tp=R{!xxVV7)A^3L?NZjb?eNor0xUzybezJ`I zA?t8gUl%|gq^Gd|%zUCBK1Dk^fT%P3`Q32rKB5=!djO50UjjXVs3AW@cxr#q3-|+o z`mry;Yyh-%{&4ud!YBQqNjL+=?;ySJrJsCt{%8I(*3K0_#9eBjAHlj7j9uI##knFnc z=DYefk8ajqjjjorUr_xBjbG>z`EhzD6CEE5;?!}UonDJKgIn&tnPohQ-8AdQzDaK=f)58 z3H6e=ejPn(R@Vm*pUOs78O2xGV=fq%OI*bpHaKd_eE)M=%TMw+<^S)^O4Qe;MtTCUb^9-vYA z5^AY<4F>PkSRDU?``C&nzMO1BttYK2I^%j? ze&^=&yHIS+xkxrdOtYkH-sZ$;tAO#DJ5$RnP9mlm;O8YvjDI0lnG22Rwiy*n`ZnH0 zGI&`^*k?jn&O+5dY7YsX2rLu4A_&~`^JdLMOX+TgUv;mLIvr!1?Ap-haF2_DBTsJz zyquIa;0TppwY~=<>OW9G?(eksAhJL`QvtH)B}-T41V~S!S{O(a$4@OOII9{mVb|s4 zm(uixr-+jT5>SEryFcB>6tbe=E;{K1rAtdX^3TgvsD0P%xYHHe!{qJPm;cc>kz+rY zhoTupMzch9YSA6y3Z{YFJ8 z{@yctJ@W~~-X$=ri|SkcZuq9gv=ma~coJ-hgZ!GRw8f+TMPCx!TmhIK$Q79PH%+Pi zNbOX~n$R4R2cNNc(^-S?yu%xpKY7&eK)-qbk8M0;2vwMJd_Q46`_(T{cWrv*kENXQ zvUr93>1ELJyd-hMw?!a098^ujJw9Cgd=sowB%cZSD<&6Y+t4Loe5c7_6bB& zGeFYXN!`-xK~VjJ?H37EO(8Tak`@3{xLdH9Y24JWbepCu!342%K*UO#K*Ui$d7zQr zSYLvEC2;c}i(x@pWQ}$PpGoGNin!#LQ;qv0WfT%?b?=shN&rH<9O>J{rxpyKP-1xn zh90smyNNMuA&$*IrEniHIkmDgLN*h}AhM9SrIp1u6Um%4sO==5A5=$+Tcx2m_^xSr zpr_DM;w?5D4aY~XKSO+dELM0kUwuAnV}mUjGrk^T1!$r3O8@kI5^t<;?1f^Wpx&h~ zNtChh8Zt+gTDFhkKOY^|;KI&F;IPJMm0&`L{MS=1!4B%!BbD+uxdd`XC~`UJEePn- zy@-)+ROmCz|`nUW+EPjH%y#^sv zcSCwa%0?n|S9CAho_PNmM9`9eVeBBUZwFb!7=Zv9in-^tf`tM*a0#LIp}$Y(wIFDJ zP&#qOXn+mIC_NiGrn9CR*wPCD z_;m%1q`;duM+;|UTL>k~VOIT&%7k#;v|N^Z4-vW0BMnA=Qe2}s&U~VUAicA8S`%t> zB19C=C$^e47fhX2lFAEPb!9%hwvDB%E+;5vH&H}OJ>%uCjqolDyV%fgz~9_|n;G z(gLUGEH^U0UR-e(u%ZysnbC$cb;DVm{1S26l+$i%nIh$S9gPbO_Nq&C=n--)XXMfT zXhZ%X7q0_dCd1S_hB4-tBH7Gk2se>oNX2X4y)Pzl-}WWn zfb3u>($w0q*R1FhdZV&N`+EQLLea?)R1a+=s~;b z3X0wCH+)*?!P@!x^@E$&mgfV@cqaTL$#nTlGdu2hV>(K^D2^kRWNQlO)B@1-a>W4u zr^QP`<#y9S+EUhz-GG>62d(6K6+vClMIING2>AWoM{O9t60V}{sOpJlknTas7FlSd z=a8=~E_ByqmnQ;zEF8i~7p0G=g4l}-bvehQa}1l5lIA_dP2tXD!gY#BFz;u}zWWRB zA!bz=5@Fxf6Eo?TadSC5wmD3bC^$Wx*xZv|F_tL-fcth&RtnocVer-3YGI1KYzGFi zYh_wy7EfR~#OaH-rm@wdYm(lqzrYgc)bLwj>G$@A>av zA>`c~n$CkWFu(NbqQUjil+Ri<0|A{=XQQ&`me2MqZ11;isUxq03 zqTjf2<6>JAd@sa)WphIHYy%3o9&h>wQCB(vUZ2@A|25FxKJ9P(cy zobQIOml|FgQ1`Mea}`e})9ZOydE=!4njD0rjJzHCA95EJj|XWdGpQ?!U8?UkcEILH zXICsnRTM?0_ljTOUI0;v4Y@L0y%;~yYd9#Go_fp_=q_Z1td>t!2>H)3XoQW*m z49V#Rln8=j!Dv$ddGZmMfWxD8Yl=-H{_JOa9^j{q`vrr^Rb&-SB^=JjIJj5`R9{r` z{Tbn6TB-JTxSW8$7KKmrK9?>X$)l3jVFX2J=-5!WRU)Cu#{PnX7RV3xEHZN<-{DDQ z92g~t*8H5s-Ox*fkS~@>>Q05%9XoKC5W=FfCiHVA%q6V-Z#ADalH0C-DJd#ORU|pa z$>J&zT9&>q;GP2g9`|-@dv@kMru8Z$5wt7Lni-Lw9U@LP1xeBV8XmY!tfZGj4=(g`>ruQyJkS4ArYnWIRz)K8hXUEC?vMQW(l0KVt$Du`K_KrxO;*CDfO@eYK_qar7gla@(fyO{zLji0IKaQR;qNV)^HM6swFrzgl;_;f|M=)CYrQVC|5cg`( zF5F=%_L!u3*+L_xJ) zJ)NPA^`X3s4(|t1fj=&I`O@urRlGKR@3X`7bm{70bdWTFM^qsdIv8JXo2}1)|K5gd z9ZmY$#QGexhGoVwdmDoZOeu8Sr&L`!!YDA1Y8;r>Q0>YrXBpJsbjhJr_r2rz!zvP- z{Bi2)Ll$pyn8;{&P#*Ey1tBN9a+p4RCr=JG6``{$-wOtFnX|wIzSMJIiWAQOloQ2E zLugG`I*OB*RdGRA!U2IdJrCUowL)C(jM|l^78SJA)og=C z%5=p6J1PhwjVV`_uCYr|IxV`Du#S2Bzw;}d*nE|dfiG_O4 zjJb`Hq8qf*rP6@}4blqqCsI7*mf>ZqXEr5P_)~HmDx*ZkuAbl2F!inc4_3FAfo1QH z@VPJ2Hfx3{8c8v8nVeQ4*-&=RwcS5D8;!_Sn=cuDAiPOpC?v*J20Vp*1EgWK`kU#g^=GUOY|i18k?nP@IQG-_bs^I@Ao=E;3C znziUxo$x+-6JcLOuw0`&SoZ9Hmeqh#cd-v&w(#XzKIp*}{z0f@MoV@<{K}2AYJAw` z39o@+`a}Xdl(--?1`C%wH(M(6E=2T9OwOi66-%nlcyb%TrVn z-n}GrGX^Q-=pcxGeCho-AzsC$ZVy0{ZKIh^w4R%q4P;~nS!p6BHch?nbm!8Q>4d=h z2zh5-FcU0?-F5pgRDjA^86{6`7vnGon6sw6kvPU?HePycb1NKiI68hyTMV-gB+5AqvwA-c_PIS$M7Kes5Np19uvU+gOp-TdB z7f)79nO}leDqz6L+{ksAj>-mf$1cKnx0LdorVL(hAIa68GvNk^w9B9Lj~Y-+vK#1G zDX}KY;h|IFm?X=~edk!8=E5ecupueyec;6}N3iaaXDorlZ~BE7Ti8g9Szi zux)JkqYDnsjw<$k=%I0xxJn*Vp%Zeoch?dD$6MtjpT>dfDobnUsjIDq^w+uTUt6XP zmre`r|>_dw%?ip!(149y()^9g99x#=1Elhaxcr2Rsh(rYEuEw>iX#RNXMBA1b&KUgNlx_9eYhRxg~Feu*0FqUYtr zeocKBZL+twjewmOp0;1ObzB7PnP=rw_k&N8`|88;%bKt%>Wd&J5D00)!B`thXorSd zjM7rLpX$AAr_E$*)-Y;!w?+htyd_m~cz~&q>&(ce^743Q*P&MQD3b&5Qzv3=!A4sP zpW*Vt;zkk0al)k=WsJ{j?26MHi8~0a=j8qUUIesLYJ)*E*w`sZG&kfN(hiRCe%Z+e zwlIXFIuk{3PmgW3qEuV1s2sp;kYDxzh~0XYONponU+pVG0L^#8g;6R-4F{QG8F8Qy z;hKDp)RwAdPNbC#fB9nUJJj9)!iGuJh*g3ey*nJUj3A7MEtkMdAVj_?bpl z^A2qjk!bu9yJL;ngo+>GNg@fWwqE8%S8x3kW6MMlY!`RCX2>osMMEQj-3_BuB`QuU z@5D<)j)&MOv`c%AZ<|Zv{+=}t`lrd*IQ;42*=+cYGXRc?K?dHP*0+_(&au$Io>ZE7Izxi3 z&)lffZ}M;|T#9+>vX(;z<(E6}{XSpZP*Svh1qwt7VtNv|Urro11q#eZ4h1)w-^FtO zhG%_IqgHHne4Ei2U&QA4u+vp^#ifD_ikBfO(^}q4)Zy9OjhL?8ZDiLwEr9CpzT`Z} z+&WJ&a~>2HjXEi<7085>jqA}GBlVNoCG0~mdB(K$U?!Y(;O^ZNxeN zkK+gZY1Xho_7dX)5ATt%Yi;1n+c%0jY`-9O5}}yNW5#g!)ye#_OjzF))GIroZlbK) zQ3*%Ci`pjk9|r=2?s2J&Y)2!L+5Nk)teEc;Mg7%b);Y|~6!-2btc=j0j16 zMh^(D{c1um(Wu#-F7;hCzO0Xmt{ad-gN@rT#auzOI562zkH0?U&Aqd;UeNk*t@uUS zO{Yth_==SIpdI=zd~!*;DDCmjoCe_imnsU8R3GTm9!MNgdqX&iy7awg7DDHBq9`Co z@rqXF%A}Mc=^hk3HODQ5Rop!|?bY@kF@1=ZZo+CQ>x0(Lw5C9AVcr(7Kn{rsgSJZd1z|X4 zMA>4ljW|osEo(K*2X=?0_KerA+az2m?;PsxYS03JRmb(!$pqzA0%o(T9W+ph04-Kg z#iFA2rg)~#H9Uhn6+EECAQF}KmYC|T=DhKx+`#pYrA8!IPd><|gvkh^ryd=hw!7^$ z+jS(t-Nh9jfO99iIoYz$h;@!iAJKgd-hEIo65+pSvhDP1bA3<^gcA+j0&UKlM0o1o zP?Up&3b;xZDB8(RGun%X`cDv#(MtccJbf3O|PQG~cL;^e) z4D-q_C+A%79@%Q2|LF39epQGK3N%&L+%L$#FL~)awFy5(q=rgh%+J-NBiKt~Z9mW9>8@9$5 z&_zU?O`kw&2(gaQ#k8HbYfeT8>rWLY0gdh+sO*O><47!n`N&ocK|LO_<4|}YfRst2 zwIWOHns^MQf-_gVxW$${6VPwEeY2Xi6Py|J4n?^Y$k2M*stR~HL zlHtuyBhF#jr){1;J^Rn@}74}Mb_Ikx{A-d`Ew#HsxS?GgwSf@h2uaE74T*# z-N~G_lHOzr?8csVJ~lrw@r2Rq*ZtzeV@TFA+r63)xMhkbaxZ8!LMoFMX7mf_7xEL|Fz5exzEn=h;jXYAx}F}}EGYZ$ z`DjZ-v%^eNONkH}HpVam54|AXyEF$eVp^w|pDkuVKk#jjTD~G^oKGw~3d60wR?0r5 zA2yySjuo>88QtHM2viy@g{jZMcGGae8`DteLb%L1ev6bE*Zcg(lt$ic$cAG3nVqT+ ztnSxm>J%RhzuoKMFlZ{uQ;F?5f1|W}XTBtzoPL}N0!nBYiilkn3GOrK89a_?T6G0U zp=ica>@)w@B!Vn^g&B1_zXqSQx=R|^wf7u>HzI;&=aR3HnSk%um>Dp~f4`3n?kBW8 z<_S5*vt@#_Q6n+H16hf^2q5pKnyjW;w09qi;N7Uyk$C;Ld1kbqU`Vvz6g7v^muq=i&VJ zN;oshM0b|oJCyD#HKlp)YN#6vE`Rru!zig`2zGQXc|~&vfdo(+1XTt)oUvTVD-f2d zt#!g;s8JGo(JpR<0d9gWyJ){_{dLpM?Tgj(i4^ZGQ8wtiW{CZ6t!)fk{Jgx}gFt)x z%d|Q|9u))ivKp@dhg7Yxip_--i2goZz5}sSB|Td{wf@F8(n1D4r0tolD!0QQrg9hiE2CA`}^G$wq+ zHg6;$;i}Npd4KMMdxHHXK-}pJ5cEE4NhV^JufVJ;1piyYe2j&Z^&rO`VnEfB+R1=d z8+ueT3cEbwnE&%^nKy(y-KB@J!04ORf=AOo%%Cc4L8&yIPb!&|VhCl+5uFB#@kj{3 zh-U)3^wvEbWrQRI-T@9So{cPynSFu3%c*73Du!}mKcEpac~C@=eCn6=awHcqIzgYg zh_n*uCO4HU65f^8{61SlCtmYGfW(*S-Qg)JTZ7b@Pv%p|F{q?R+k8w=$}cjgHf&K_ zTNHa(G@7~;(>c{b9toG3N3dv!8c0QQP1&GPnUY`+X_Vtfk`K0oZsWQ$EiqNfcW3}` zpk8uq!j{>m!2{!kN)OZ%Tqen&c+2GG8xVzpNagx&RAs*wQVgo!j2DE@D<0k)A-Kb< zle*xUB(9f_QYv`Bi5x#Ww{F4$XUFmKnT)a4%q3ya*RevxVuL7v9~(=>nMilAOk8LP zblay#@!(Kw%>`(r4*&aIjwbIcakZfZqp0NpP|u>nYm9JT=zwoG?=*POCZY(97_A7< ztrX@)wVVU=y{XAY^p5Jfq>~2c2w_I!CpcBac2*?jXmHMc6vy(x_3eE>|e!T2Sk6jW*g zJ3R?eDU_$|7CpGVEECjJ`2~8uG;_(Ax2SU}(243vI#f~gj4$42+6P~oZ(x6_PGZw@ zLM680SWJ1@pXj(7yjMzb#`)CM45t8Jia~$208hCJr5~yI{h5R}R9f52s$BAw1qq*` z<8Y9Ik7imu9ZY5!b<>`9S8ZDR(Aj^y4}uY+-t$e!mL`VZ)1XSPaXOn}TuCjIw`Vk5 zZ;q#yY_kf3el?JDjF5>GhW;-aniIP;%n(l#<2pN_t|4@VB)NOD6*PUy+~wb}qcw#d znWEf>C?5R$erKl-JHc(jt2#dd^24SgpWq>n4OIX7zdy@Tt+~U!TbMtz|8m^QmrZee z;A%3G?6sbBaSn1lu1$ec6etuuL;9%Zz3GXaGake4xtz>LU{ghn)`xn%R4{9Uh+ zW}++Ea*pA~yjjX(J1ZVBKSgO6CvT_3Acw=ck+KM8I2}eE`*1o?$uoqX}jg+dLxynoJQLSmnksB8t7Sj4!p9;JbWSzv59`Q&M#W2vo)Tr6bm-*#G7 zV|M}XCT?^_@5+uSjEgBXR{qsUAS*MwD5llg(J&xXcAl**bL(F;;2rNur&Yl_@yG

    J&~cnA5tbZ)11zsq74WfTi9b=OlE{M?6pnVE|@`Dm1~{{X`#cjaZR+{!v} zZg(ajuBmW2QnP-P^r}-lupm^zl+|@+aqiUat{{3`T`!=S7*k*t?JSX6aIEAyYktvN z7%`=fl}a{3z@dsZK{^5tRv+Roe>J(4NL^ilAY`j6%kR3cG}CKuOpvUdVDiN3K5!}z zEA3$^g^MqG&?dO(E8soyCyadM;KrtisFY|u>E4QT@0$5*4Bv?%4S~LHh5EwbbUFKL2Fe z4=aZ$Wl>^A_>I(D;$hR;@xoRO=2xNcf*o;9btNAe7n(s6J};GHb|!^lIROeD}JLfX4|k7Y^`Mu;i(RsxHtPsoR8I~4Bg zs(UvHonPF2D@F#+-MAi`+sEC)b4k9!#|++^IxDfdz+CJ~pc#g6$n)It{Hz7_$a~0m zMcec;*s}CdQ1?x4b<09^YlFWPh#Xc*d7;!8D7^JOh`Rsz2pFr=}&duztSCf+H<4aR*oYQG=VdLS5O z$q%aKIlLp83r1U;O~jz0@16YghIT!)t4?t~3XOUBC3>Vx4Wk?;q?Hz?LgxdVd@L^a;~m) zrt+Ibxbvw0A;NW}lv{L*7NDvuYj_6U?W11=lMv`Bu@0uenQ;}^?w!q-;C-%g?!!^= zmw3b&8T<%1CaS1E(OLSaCtVMOSjvab00BTV`OTAnux`KWxoq5#7|-=-j3TB$hhJE- z-g65+4xIF>tZQ8^YGl%fcG6>&u7p9IMpXB^+D#<4uf+uHz+F^PySSWqiUziQ1@1>E z1G!#e`{C_O9nA5WhDQN4KBza8e0U<(!|7koqYtOXqe~9<2u|98v|$+<2&_26phs(| z!y?39xP$&p+(V%H89Bx)>7o(3xTmp08OkSvUR`Pa=o!N&z)|1@(|m8bW83mO$yy%Y)I>T_+iwNQVqE70Rpm~!hy`f_W+14E4N|m z*nJPal1O^~+Ew%l4XMy3q$ify&bloD+Fp-@G@|pYN0J22O0$yQ!8`Sn=S#GjONKE3 zBl=K!IniQ?mFLO0wPrL(3(9mJFEvjaP1j!g&o$8{F)YzJsM!^RPNVcYg_H#Bf_+yb zQOG!UkNAGl^4UTkzjnNJ)471(`>r-v$#q_zzn^YAkb5~sRc=4O;U-$CErdb#t%~_S56=adx zWenslD~QX9#EX9I)WyUUgw72PIA(|pGrDxp$MEsa{6DG(f>r^mD5+d8Yng9xe9jl=OXd4)vJf-yP~K$uZjTS?dVrVTuEKZrjJ_?*wc8!rUt z5Tfu@m3W5}zKePV>rKdDO53S+geH9*ogHz;#iCo+uC>|GP8{B^T{;b$jPefNjxG;I zMJ_p>D=;dtil~r4Ig}pq((rWY%eVnspFxj$Mp9MjWT`U2PF)$IJPLY=oHg#nfFLUfdS^LS)>~hiYziQVJn2 z^mH!Tt1?=+#n2J;FU=_1;nR6ye5OwYY`F&jWrWuD;?g_DOl9Y?eTCzrD?l|Y-#wp_ zHb=m08QTd_Rb9`>uR=qipe;0d4hE}@Ed3~X&;+yk6$Hu3bfT439kzcUqb z9`T(SU98hIi|%C773OE6ct1~T7?QO7oHPnP=)qCnA;4;?SEdtnipbeIFk_SAgjmzD z9w6VF@JIwTm_^d6O-!C>OT1Gb1yO$%Q|rV#IINi2P_=f`iS6ERM5?}QWZ);$>oRqrk zLs%Zpwl4hq9U=<`z}@C${gu@xUWu3&$85})hhfU0OPl}2+pdqPk)ZeK36tTkiIzqp z7mIa$Xfh_I+gdioCRZjn0D1QJu};(ijxoq*~qmUF9lOp?jp`du7KH)qWce zU#_Y0f*)%`JC*kxVh|qDfBG$U=zt`PLWF~Ux<;qE9EwS4#YTTc-r)o4c+#5Y<?o?RmULv)z0e&jM=y)!9LZE7l`7s zkFFd$eq8xE476b)I~a}H(A`uY!Q?)^xw!nZ(57(-r{XyN`5JvtP%fx?!45$UqHf@Q zNU1(K5* zSkA1!*B{aGp(1-Opve73^(7&qUDL;(k}n?(LR*@9@|UJc+%u|~>Z5!CRL_@pc`U8# zvFdwCl$%#5@Uc7x`NFPq*M>TivRl7(xhR_T4)ZG80)kv_5T+yDq0Z{U2L;RvIsTro?(w-(XJ>ur46)CLM%Jq}SqVT#HQSONWb%-V;VF`16<-Y!;}G49&=Bss3wU}Ac^UI|Pd z9&J+tA#?MpXWgP666RrFp7+5ej0}}ApqIrNw0FWGm(J{bI#Wxk^97EEd75^39b832^0ryBFgbF={KZJ!^*x2M!`vLDoJD7P|}WG)t=3V=lh!D&$IQLx=}wzQnw2+Y6K_ zVxc!k)h_PeWI%2`7DmNE4S#7Bq6-7Fl|`!%U4y8)^nheA?-0ilQtr@^M`qZ{zYDgm zAIFyo^4fW~^{WUah~8p`N{w*#{m}G~PE@N4FH!DIvOX4HydDl!LM#g_G+tl+7h~tp zoLd*D+t{{k?%1|%+jidAwr$(C?d;e)wtc_OsXC3*xXoGX2dr5&<`|DW2%oRKNzg2p zSrr9O)!sZDmx=(2kar8Dc?UtPkR+=)4u%81`O+6r9)mCbq96MB3wB03H^^KalW#il zDPemWrSg(w-ydT3NP%BdeC$iBQDRO?R2x0s&p*mx7NqvwO3t;==R+ZM{plhg2xF9| z#qeFBW8we!4WgPw1lAMJpAL)~pvavd2Ls-q!sw3%?9rQ5gGv5yhelF{hlvwq<}d$e zFA;n>RW)2Kf4?l#K~pl9rRG@nu9PwqEN{^859ckxTk1yYuK^tKyu?IM;*#EH%+I8U zif+No|5DBLVV$!fAVW+Wkr@XZb6rR^di}UD^jhYR1BR!Ag2V&5NRxg0WSEd+brx|S z233?!#CY4;K@n3*5Dk#;mGm&5b>+LdP*&76;a%>cM@8Y#3MoyZHI`mE+$0?wRAd#S zI8LP@*7DiywS5!f%2vIl0OZ1sgaO!1PQ=RImw;Mj5?|ldOKei z$F+|i|H*%mp+*KjQ)?VgBiWWcs)9TF)lO}s9EMBK8O0W9Z5S`E3e9meOk|+3nx$y2 z0c&}{tJTI*jbHO(J>(sfYPzqu#UHQCkbW;BR`|}e9rl!OMv}jTG!2JlfaU7kIOxc} zdX4k@2E0mF7%eh@81qG2nt(5c-t3K4$jGVRg39_=R#?9T$K1Q`Rn}v`2_el)An=9K z(#ee$<3_$9kUEsW-t76;j``oLTGb#UrTV?5y@kExg6Rw&r0;IfM}3x6Je%MjOhbRZ z9+fDCip!*fkkE3X@QH_zg@rBH)$W>UHI}yz&w|a1+Qm{2Ke~?f#ozW}PP^z{#<3x~z z@LU{(8nHBu{6)%TlinFTT(pNC#VGFqp-oi}&cx z;(`g(%+1}tdG`*zOeZ-G0sVJ?SH)vSg&h7xIe(G~$LnmmX9l*}kd*JNP{puua-qxv z)ze0EWJIV+SqyTIXihEL&m^KDRU%Pa;;@bLvDylm7nR7yrQ&pGl%0zMpfG$+XT;WaBsOr2Xv(5=h=I z4uPqqjJ-$H!k@`Eu~Xb%*!6P^iNEt-zAm#J|q|kj@5+2`K%}3da7>UbT`~hdxZaNTb&xc#} z^r6EIf>3JiJ0azTt9avU#OoKrMrESDd003R3ba&R-oGny^25X1G;}tBD+9HJnUk&;?A{Q=slW2k2u;m0Hv;tMAO!f` z=#W?Fgt5nyD9*TI6uY1KQ_UN>!xu!;(_Hj$hiKSCrnA4~8$>0?pEp?knN!{Nw%Uxk zlil7EN`k0JCfptsEA>AxAGLMUCLBRD+*fG75AZ*)$w8%w02aD&Xr}BFSPEYP+>Toz zO&4lfk1_(RXy)=c5Y-fEcZk{)rRm);OD{f9Ni=MIi8yBY$;XCC^Aq_`L5(7Uv6lj3 zJ_kg%v_;J){p^V&Hkx{>jO@F(og0>w0=_x^!q+4;=d=j2d8n%1*=a0M{#B+8b0=8e z6>wvg5g~=q;Wr0iftl94VUW_Me5x*fo5h3;VUGsvXr~Zwwem6omDNyG$j2c(P5AT{ zsT^OYmC}6q{CL}xcpp5q-7J*F)Q$oO=KlK$b*Y8Xlp(i#_iW z44EKMdLNuC?^;eU7_C$Xl~akosV;88N<&|^HiwjJMA>(l0W^z{PI|~3>OOG+^1BNX z+7W0}%mMrQNa3-;hEP&oAdXf!@WI;tB6shJi;z{K(U&Th6E!{nEk0vFb7`v5nOKl> zk$TAUby(+(VMTOMShtdCXE%t#h5L5$sJlz&-)ypvyoZ9Kcvv1SR*n+`Dmu5C7f1w}97yKgq9tAzzpr`Ts9bm*f8sb(vUM zIsZq;WhP?h6Cs7@2^#P^qTC!$c!~!vjHJ zVBE!~(FW@*dF04I3jRSr-a!Msg^a$7jtCI}2|$s(Fp7{#;}t-;hYJB^^#HMvfm{d= zlm)mx2oKs`>n?76*+B0%`~$m-jEr>rb%&hb5?1=o3v3N|A! zuHYWRzXyrB@D`_MpyC3c79fP?FcRGb0(&SZG;l!&gawsVAYS(%k{>LaFQ$EnuT@+i zLdL!R;qQ}gS|qspEo@u6SXWmN(jG%7od9?^1aMyUwSBi|*As{U|~neS?!u&0<6OI))yGKX3IYf&D`T-8CTrR7Cjrg-{xpK?d*C zLyC$vu3NnU{_<OU*NWeP!Y5BBt-V|f}mhC8}LA0DRm1 zeEI}RLxjb%v3C5ZemUg!@Ghb550jF?>>pr)0KdJBgaDD8h3*LqTLv5XmjZumX`mYg zgGGE#V(gUpn_c~20(1W0Ajl60m{<`n)`Ws^{!nycOG25({v3P?sC>6i|HdEm7kxR9 z{oaP8?Cjs|S;y^t{7S&PhYa@qFbgKH&7$)GWl26^5&dkfAbnU^o+LU>_+P5(4W2P2 zi2NP;-4V@*W}ZQXSq$sc-ugb6BJ3Qj#||DwQnV|9y;?5?**^dc{E-PKptFH|8a)W2 zICelsKiVXqc_c@aa5#;k%!2&uKBhp)B0CIKm z1HvVX+F$pAfdvk5?icM(%zy%d`oWC^2~hVZWdd6G*o%l)Kmro|h7=uldPk&!1M2z- z`<+clQ-6^;1LPH4ASb#^7-H4rbQ*yzJ5bAEW6 zDcsy^d^ghBhCs z_z*y|onC!m+FyP=o3?-ZaeeVcISyEj*(e-KJG!EfF3FYf`?pwqsI{fREr7@VC}#2B zB5&?pm1_{?8qpYCg=ZA~I*m)#KmIye#Nq33)6cvSm2t{s(+xuVj1_%H(l{1<(?^;3`Y60=gaLZbn03S0t<*Tmnf8u9PN@)9a}db+NOutDQ8rLI`4D>}{L zZ6->skDuWwK$e3-Fq(Aa`q=Pcjhp($@t$w+rCIxO!pTY$n!?vHAWLDtXu0n_d5WjY zQ$ezeq)IXDVzme1d@N8jr{V$7uMU$dYe4V}W#6AFN5^YrCl*9*RG3*^0yz3fL*fQC zVo+fzytkM;9-Mku!e(hD^Q?!l5x7s>bJdnyVG@AyD;mzB*GiwK(KS`5$)EnQ8rz2! zUmAs+0TQ$LrI8`+22Li1Lkx}z?atl`Gj$mvsc~2Mt6L3uJ(&^#WHI`v&qkbpPYs(72^h*Bdg_~C z0&0vaEg*C6DmHe=jNA^?|Bxo;Y?-D+RNFkKM za1jL1KSos&oU+luG!9QiLHHm>;X2}j)Ra{8T#+WrFS!p^36y*) z13o$VF<`W>rv4lptL^v}@JmGf-HaS)#6$h6NT$I+k)8mY?u=qB-1$g;niWKFTPSD_s8?sLVsl1O5hS$nNm6UYeZb6& zXvUpktj5Mrp+P8b~{ zQ-Y%R2JBM`{1>)qS8!KOCNyLI^AgxJLk%$Om}o0dS9VfMe$JtbNtB=v@VT5`4~=NP zW`5@(mn-n*AfuFY_)C=Rf3wxjD#hDXQ>z%k<9L%f<$4QD^rzB?E)PW}VIa2- zcf}CtK@k2D9CnE-ILL>&>D%TumPvJER8s4 z^4pJTs;PDWsQGNnNa@H&m*zNGRjc$jc?|$2{`@YI1_lbDc{Ae8G0#gTdY;5+$xFjW zz;{yDaChs(z+$3pBwK}y#e5yy98L4CCaq}?nVjK6b7bnNCbOOKHWBg!pk0JXplT3# zp3{sE34jdTv9d*_&Es3(DKP`L9Q;m6WV)nZMyvfV1cdNAYtEIJK@h&`RX%n(!L7$b zXH4tH`|&r2GmAv=W${r;852LndNVAOcKxuxQ3g_4E5OObYsn3?a+%L8CYbg_6hx8NgSj4FV zTx`6PZET2cGBUTPqd$To@w6eh423kmf79tA>?rvyOQ?cm*J`Vz?^uydGNFQGCCQ0K zvio;+9e@K>2W=ZJ4SC{oG(jgQ`F_QtR378JSi!yMh-Ze*XE^cD0y~uup>Up<@)Wq# z;k>DXp*LYjdbsrOSv((u-aS#dzdaVBd;qDmoZb!Z7ZX?>q}-a^lJEiR?7^_3?G7Y6ChBZMdjF+##oGsyBQ=|vbApX6qr!=Q9n28j^I@9}xM?R(cU`&wZQt)aArj@&>a)3ZL~lW4Ryim2ib`+K$2W{4`ugEhd zD3>?9mCFY%L>4jaZDtCp)e#>#KDj6l8%JT`{{9v>yST-(RTzeiL=#ME@p3-3w;>-) z;-IG^PnS%jZ!cyZ2jOt%8h^&HwoWmVln7?!Q>rDs{btWUzqK$AwPLClq`j6T$kPA7 zdg;cX3;V=ZYo3rlFlI3LJkS$D&`xsX40VAQrhxk>A>KuEv0YAqgvRRbIDs(p;q)&oB**4Z>Zgji8^tr{0&#o`}&^J}Iw+?a5(_mOu3G)>*W<5pG($p(9h7 za2jnwybhc@-KEyQ73$T`A!Lp&To2kZL@3AFuZ))~29v+VyojxQm;`Zv>(Oi? zk@4$-t)KP|60ghTaeWD1^IZAcrFNKD(;QQeFtq zqlc~)EV43JmrId0BNe_z9z7~QZEtr90pCmd9&;gEEX9Q$aBNj{RrsWn zg?K)u@14_x4g(D)s8Ac$s)93cB^_mP)`u*>0^;#| zj3J2KKyHt}32a< z5Ga(iaj91koqH0jgG?|e@ea0ckHh9%%jycmyrbY}ZD3sx3;%QTI6;wi<4P;@Y$Rdi z%q7@tzh5eqSh{8Jgl{(TNN~i@%L2s+f++f1p5%S%R`1l{AG&mz&B0c^c9A^$j9RtgwH^EYJiNBjeqIxR$E2Njov->Iy$2cD8H>+w3t1M;G6f~!O6C9MBs-KJ zt@t%YJ!EBAUmOB!GuL@)fifu~`;DAG&Yc`F*Z-*V>B!<=t>8zv|G9chbFdr1zfNnZ z7lH33W!Muhl$QM$bTRGFh4*R7>*n2C+}g*4mMl*zg+l;dhO7-Tjdv>8gWwGsYs``C zrF88_V6~H8U$b^P0nb6uXIA&)nvh7cyu%TnFmrKipcBjn)59>)^?I)7c+U|q)7Ax0 z1;Ot>F4Zj(ClU=WZ(}|l^rmZIF>D97?9}bA4&9b|cq{_~H9}`lw9VQJZajRo!DMMp(>0 zUgT%v+<$(hd?AQ|SWSPgvP%{+m|%K3x9&Nl%tU*qZA7J+eTF(}C6`pSmw4^y(daOF zQ3}bdid}!IXte@8a_uzrOlGm*_0jQOUoc{wS06TeXCPc4qDVfc9|&&TGqED~*1^v{ zyO)W7`-5tl?ey2JhoiOPTJfccO2FVk=}rkOa&jZmiRYZ&Lx{+cD&k0#3@RrV?eUlQa>%Y7pLiGdq`&MZF(y4gTK zbSo%?#Ll z6+idLduJ(%#Es_9t{Y`oQoxL9P1skp_pBBOLZeyLzG&@1&X^uldAgJz5L?OKjFYE0 zuSGdimeU0JA2?PEg#{pNuh$+3-hFQyF?MIe2lVHsWZtrt4^(xx2AN?tjMI~;pVJH#&yg`@XaEZ}D zG<*0b`QGVvu9|3at!SYY}vgfbD&Sw*6Sbw*)vsptU2wJ@Xj=MhZMP$U25_)ah_)M3lh!LGi0f==@;*dbCQLs5-3>*$8(E~@dX-|} zjJtp_o($mRDjVufUb+b}XgO9SKc(^^<8_f@w$pa4X~}NM>Fp;u+QI?W(Go$x6XtGu zD^j;t>Mj;Al~{h^Y%G5&eDl-Vcs)qPEbNGiJ7jB^)#2pdQ6;b^`&Bcwm}27WN3pvR z?-P-%2SQ}wOcf3WR5)BtC$g&6+}c(K$tucv+r)cPolZ5-J@rlos?@Yk9@lcw{ZB`G zx-_*xn#u9&ocx{+38}JDvWDFDCoXt?fp#LB^@rjN$S%!2}Sc z2{ys?pch7%#KoE{8Qz>|zKSuBCVe~jLNgoR9(nWy4~zYs>>d0^%N6C$9$tI)4|2hn z<>`eIWDb^svMM|Q@;pibzkfxtN^HGSO{JGlsUgbF@6R3_gHz7cc30W2ZKh2PehUYQ z(gM)}?IRg){`%>}pXXTs^CEMfh#Wz7pU+Y5(Y*PN_exdxJzWyYt4xcj>N3d648tt8 zu)p@3QT#vlwhdHJrqMQ=(ddb8_tWS3jMSA%nh9Z=Yt&-jSeK5MXz}WDjlBG-OxrSP zy!>~ZD`Pb6KOIb1)Rdbp3$9kSaK@guk$sP{`w>cUSh3A!*RaDs%!f4%cbu|6C#s!; zX<`k)7~lumuj?Ck+efTYC_m<*da|AaN2h!cXZ|QHaFqH?qI6L&jJNy+%T6@l1TAk> z>k*h)7$baJ;r!^xM6!rXR8)lJ7e4yDNR#InoXBx*UQyajqb)JJj*F%~vCXUS3E`wxyS#a5|R}vd$%M zTtr9b$YWsTrqTdT^7toH^B~q9J1616{$BnS^v{nhC@6C^p?^~^|22K}CJwnT43cRT z&{SI4JNnwkb@Tks(>Xg+eH@}2NoY5uQjcq=zH#(|Cl7|N(dRb2**2!;mpSa|O^o*R zYjn&_B(VLd=sRm2rO(4kU%o>JH6#`_5XD4LotH{a8liRZ-;!`(%p{y~Bx4$#9T_(7 z_rop;!@%{k7;agmvSB#b5E>bgZVg|#^!`x8Rb!$Zznrc!h;Gs~*r)~irDfqxu3Vlj za*0{(F%fV@LPOb~zIZR+`8IPilKSxms3c4jxGzW@v)lhS#3P&09Nv6VVh`eGSd8Z4U5P2THmLgUS0hj5gFRk12L8~q zIk1wEXxpn$dutR8QP4MrY4urL<8M&YcGs~ZlBK0Bvyd~cz`Pybl)$Lqb8%zp*n19yml1 z)ZCR0S7iGRk2swvH>`J#Nsl%*Xa9)upqTl(Lc^97XVQz6d)cLT7Pgz>l;;2&bQUG8ieH#G0e!#$L(2zm&sJd$7Z6gUy{}A0!5{&8;`5R zvLS&0A#=RF(%hYu{PHaNmuGp-056LQrz9-VJvmAe(sFpE0?)McqQy7ECc%#wFJQ$)UM7O#VM1W|^2;MM4-QX6xjc8u=7)4) zl420=idu>ZsLbQ*ZUFC3+{jg1nfR4`8h7O6B?o*jx@-CnTM)iz%^QTP)A6&o@-V-E ziC}r&-8dHNPXhSme*c47iRcH)ihQq7UxU@C?`;(D& zxK|cdE(IGCrn(P_z>kyHSUm-1T|&f<#SWa>bUst&tX<9}J5q-)X%=8|gUw=cH6fln zwk*(SoZm{_j&kyq^7V;PA~e@{Fk6wcXpFi`Lx|1wH}$ZR+V_ob%rR#;Q#oB)JH+O4 zH3F4O7p#+(m@*%QXm^I++TBhPotJY1=h1o(b)YCy-M550H>8O8GDW>h`r>@e1Ui(m zq;0YC3d@<_A^?ZTe- z&g99AHBtMA0{TdTL9#2QIjehiz@pt(31#KoXZ6~3I?jLq?APW=@H!7JufwCvGosA@}}Z`nn+1@1$b+QdYfyHyrdAiF>1>L( zT%rHYM6h&L(4As{1ZXT-Z`)OLYB@#u02UkqweLt7(@vMzK(1E-m~HTNsYihp@q>z>cQHeZw7<+Qm#Y zB>0rOL*Hv(x@het08DIk@7V)`%_oWN;XAF`yZ;NmDGfxP`+nlk^TN$Vf_UK%>Kqlc zDRUc|OK7<_ox?LEuQCe$*7ahpMNeFLz@#_Fr5NZqr_s$4_3;i`h>HUVym082cnRpv zofUb>HmydnBpLG~Q_w5cG?(&Fa}YU2{$n)Ke@k8BTB?MSgH?~){~T=TBq^-V9WAD@ z+#R&k6j2ysMd2VgOiX$Bx|-oTA?* zW?7di@t^_osT0Z!Ys9(cN``wp>tm;*qyS{wBn*e%6lEx3%NVgVkH&aFH(1Va8@u>W z?iWdL0pt~Du?!<`FC+7Z9Q=6aCHhTX>*9!DI|6i9rfv%*v>%?)X$g1}_6peN7aKQh z?5F%Qule6pBlmyq`;H;`DhminZI(iB{+T2K=i@>JjT`f|NFUSa998{7a*`v?{a@sq z>;EF>?Ck9S!^)Y7IM|uk{^#_+$vG!G`~UZ`x6tIx?ISLw5$gqMky>j3)uCDJUo` zFB=tLQin)xN38w6cpe}!5THnzV6u`x!GJ$VRL_JYc*O9Ez@NhSz}!IrpN?1~*#RQh zH`oCI+}%VDk6)*Z0b7BPKuJkS`@h!+icbMV1qg;%f{-z;fu7suu0Y+OG5ZLLP|W)V z#2vStM2UGz!oq%jenEza4nmwmT5;io`;cN?KybvnNFj_P$amFd0StdZA1rKw!0>=f zFe_dO1CY0&&mqMHf!ZNFDnP;h`CcA^x`Yq`wQm56XKe!UDL`EzHoXvn`3>X`0|$T! z`GUA43P9R$8PfDQu}G@1jVtl$AFC@-Urc#?Pk9r!bDAllH)@wG;H1sm2C zeC+_;F9Qj>f(8$?zlHF7HNOQ6{4DAX>n*b5|4j8nJ9C|(W)wH&h=>RUcP@8V&5uq6 za_GqO3REb-xDF5T8eI6};v6)Dm+RMhaCSs(3KH!7F376(bG)4e_0z^Bk^sb1kkSy+ z!3lH-9`MG~0rf3yh_?^@4j<%~=>UKd_8Q^?mT$Kc3@VUM*dhc;;rNRQB1qyxBvj!K z^2?7LAP6K;0g7UX=oB^t^%Li36UO=N)Yt0|wnAtK-IGcP1@!g&ewqJVJA`-e=QW`J zyuV&^Vn%R&MKJSrKJ6DIHD&(?C?%kQN>ET!8V?F6GAa^;j4T9L=og^`G3-ZcLLi6D zNZv7Eh46V7;X;7z^M@MbMt~y(^6pl%>rUrf7--v{b_a$E!nNZYi90gdVI4Pr4IAmZQ400fML^k(q)I*6-d zr;lj2z3B^H$o}>7mCL((nd}vIJ%29rFVh3HgWPj)R2Z1961lJzY=rfzZ9= z)WAJqB>!d4_)P;L@mKgKQS>T*L7-Xk8}&^BXVL%&Zbi7N8Js!v!Ve$Gg8H*#hoPom!+o>w!zAfMNAe!bia)>gGcEujR zVlO*x5s^v*fO$L#oh*UQ^QNa^?@mg-N<&*@b;MIQ+@lUEu zUPe3yH{qarCA>!lyC#oJDWp>mNuDnU#jK7E?KN21DQzw=8{#GQ7Z{9G-kj=DctloH zYExw%&AK}FDrRu-vc?N@eVjZ&DPAL8feh%2)r482=~bKhs}cmdED^DrJ#>$-YBnU@ z_l|zWoTEy6$!UGSY%K1gorzog*S9*7cNe6~QFWAzdnGtM8tQ#Wj1F?TC{LO!3htkh zjLXLvh8At@!CrX64mE!7OYhk!#V=kou@j+OvZkB@)Yfc}1oly;&flYfD#{)dGejSs z@4P+|X}bJqewTkaQWfl-yamT9l}svhxVl<-*2cRQ+PGP3^N;D&2MyxKiPR}|1xLGN zmuI+$`*}A8wjHniQ;KpQq4m2g z-AjN5!6*ZvYi#QuG^9utg=-DgCnvQ7rZSN=7Y4bi$nU58-s4eVJ0tjDUKw}(EOOH* zY}AgqJ3fSMRLy_hFg)Yr^zm(edbNMtu3$f%xA?R#=`yH)SLO-PVvu+0(o|G&VpZhI zl(?MX1>m+J=BHDJj2`aCP=^)0Yy(dh)$OVI{~q4MGC z4%5{|IghAYbFz%zvV!_sit^PXc4VvhUy~CMHxlVGKWsAsm6($=;31CmQRwR zGzZYn@xAp(MGNU?x{1nMIVKU)+(T*sr}>rB!RcJ zz5ftb%>%0`FL+#01_g`O(iKP26mRU|d z+1$f-sL4CW2de{YFHYyh+UJU;3KbofIIxHaZ= zgPb1P{Y6}_zL3>S{EqDE&UwvF7ZEGPbZpgqsA8L>MXhH&8(_~|+gZMFi6)$U>vr+d z-x*Hg`rk1p;TqtUYm#?6vP=fjn0Ioz6TPd1Cu_C0zK=E*ypHsKcq!<85It%o(|rS3&cWEtZQ2$CY;QBaV6e< ztjw>ow!sC5?m+doE7V&>4{6k2##2;#BDJ#kO_Vb^o^=3hK50dj(tBQuSS;T6J)*&8 zWH8yPK*kwL<_}on0^D2zQKqW0bog4<^|$#N|3MwcLKMblFWEf~NKESc(|`bsHQ6yt zspYAm6eMh|P(&1&hJ3d}FvN2h`LayRH?_$j7#+W`M|cnC72kGpbrPKGg#CY=sJ_T2 z3Z>*fWZz5G{sa3L2}8b0S!Ec%8#+Ao-<1LN3qiMS-sF6mC|fD{ZY`RC(TmPr56j#e z_-c@QZnm#9I`@;D>}i8o%l#B3+yG72|M2R%8QCqBkG3BPKDYX8Cuzb^EebGL8@@Uo zcPBN=fwFcO`ieQj+cG(W^W=xbYi6jW55Nx+M|NLMmq0<@P3;=fB`-yFsYGKF-?~c$ z7Z-dsvx~5{SNQXQQbHR7-xxGO`7i~^XpCD!g`bEK~)$K}gP{XSH;LdV3J&8Wu0WaBY_+5sXBAJJ} z7A|~i&5{Qh;CZOB$H)G4hl%&dJ^$H=wmf1{@9J1*^{zznw_5P-Xf5|a%C_t7Xd3f|NK3sht#P)(8`--n_oYqNR z4W^n)!N)>CW86STceQhOQO&v~j;fd!4bBsoj|mmKV*pcRl%lV5I!v5+xZ!*8YpIK7 zqb>m*hFe&Von2FOZCH}PPog@GmF@7g7S#aji;ffQrQ`Ds7V;!#d*t}km*5ELWOsIk znxidAf`l%`U_Tb7CyavdJ=tQ!Wc`MzA^IiyaD)7#x`*E<6d_$bS7?r<*p*~-qtv9S z$R=O=(~jXJ|Cowa{hx(nr#9xKzOH5Dm@y#>egzG}L>haHbpP^VHb{ToF^lir+QT#p z;75!C@ea=cz-zY|(V?0q=F|J^Xl0>cJ2K48^Y4JkOZoz=ah~N;u>6nG;n8 z?=fZ}YXDQ0Zx4cLMyQEDG$7#=`al`z65-_@_bDFLVXnXUKfAhkp|9z%pBCB&Fb{GK zmPZ%SLa6L~Q6Ru-sRunrc*9tCno+|Z<7+8a0k(R$dcp~}YerHhydm$rIe)@Ke8W^n z{AcKvIUpBKg%Gj#W8*E7h@hORUjs(aF+7+2UF?&|czef|Bc-c)7)~s?9O3o`KFIi8pCyTblHdafpI5O%Ks=IE z*YUQBngyPj^_P{`m5f2mh2A>o?0rh2YGlOC2Cqz^<=OWu!+OtOa@_`PwrsW|8@1BR z8Y>h}Q3!jFw&@-%s6M=Abx9K`0W`WA-8I0n3jCw32A-_YN#Rzg4*h zWqD&HJ2s&g*=~RlS+l8raW_s9n1GT;69A|8q}w=ORB>N4SLgy zCg3V~nTbHV*ln~oY>ZVJ0KW3sUK&Mr z79`#%>X3Vka=@t2Dx;4XX#q`d|5Ansr+j9$B8;XXW6}^7C$S+_s)x7+okf0=(u?Lm zY{Y5+;IcP4n+~zuO&hl_Tja}T%3aCHfCX#ieQcjx*4QS)`fDJKC-FSF4EB>A$RfZ*kot~GB{sZ zSRKD7iI*YozU7T0<;HI6?^O=swvgE#Ss3LR((CzsUar}HS@f`-IZAcHaO*g+0t$5) zCKa0HEoSIjA*NQQSyxInx0C4mn>H@bf39~sr4J6kLSy4(LiDUAJdfFof4suVg01gM zs)k2$k4YZ&MrM*;w-Qcr3Q+^w*vswxT8pE=t{nixYxJ4f1wWIKt2r_j3~29>XNr56 z_gI67-tW@7?q5O-&q&aX8t z>gug^GEoE5pcyo6D7fOeR*K|ht)9YUHd(nwSW5Xz1lUvs@j!KIiROt=rEr@l7YOYU z4Y=-|xVm^R8)#j~0mSv9N~rD7X>(8w#m~`RkQ7l^T@yu9u^Ej%F1+@9+A`;(Z%G?t zgLsd#xY~^rBdGQT%7l9BbvL+JSDd{t3I1ALBNzX>j)rec@?cf%IUrQZQ*yZ%Vb@`n z9WH`_D69RAj4zjU|A(scbcNyy?}aHLCF404>2Qhc9((Mm8T7vpiX(9105>2IbVh za?Z0$DY?Sy+vg8;n$mZzt))6ys^XN}2S4XVRm96vK}@;LrD*;eqf=UV&m8JGb_NSe zDnW|bpO-*(iFz-7HKz-mRL=1#9KUJuoau|rO{`YqquimT2F+6sM7*JKT<`8une%;R z5hiT)ir|T?;cNy>1cORc1~RsrBIsrmGcA|QK|=_O5rtOV`N7JjcWOVW=8)%|nzd!U z))%JMpoXh)MsPT3wb`yQHC0?t%8{PO4e(eeRl$<5fr-(#3yAaR?r0$&WT@S1oaU#5 zuN;-Dg;H(Q&s|+wn^hPChwX6ChfVvtu_e>q&8144vjlBr-5&ojsCH9bBFpETDJJ9n z@)AOZK0|`2iJjwOJw?K)h^9={%rC}6t zDE-w1h012Zw!^j1zd$pZMpt`O_vz@GgR0zgi!XbsxB(JuzFb(z9TX34>H%ti$0fv_ zZYBX%Qfa=hW_hs5@T;%$zWZ6_5CM#rri3x)@1;9iT&psXExmd*>PPLSn`f3$UEy0k z`Fa`J4h=Dhrb^m2-~do<+Cz-AFn3J%hwqTIXlFrorPN%HfPtBnl!k6a7qLA-=XCa` zw`ugU?G&93kM2eCA^F zP9+AhmUIV&eKCU7S*WkpZ~iM&>0v&agt!^eG4qyIrof8*MEAJsJi8C+mC*Dx;8(RC0IyvUJMQRpj*Bnu3$U~)@33$KGQf4~TPc)N| zN!7k?ebG?1Jzh{SLTjU(_y~)E@j2R5S0Z(5OLr>=xD<|e1m6BvJWY01u=(8p#SOYQ zJe<#={)claED|%LR5fiovoFzcir(gM>hFoyAX8kA10wl*9EZdu`P#B!G|V{Z%EPlL2i_3#81ie6xkC zs3LcV4})Xp1&`pB;<-TavzFrHdWx3sU9Ckj0jJgKrDPH9~E0~p;2k=Rd;1) z>J^4B67ktyGbUntS+7hDEUjYRz2`*fY-{E0QR+ZwTiix(r|XqqTE8Hp`2tsXthmV5 zVN?~IBKoG8Mh28V9Z_(ygn^}!i69!bAZ_TL)mHupD<#?piQ9m{_TG*VVBe9{k!bH! z@KjvBr;72XgjRGZ?!;Uc%{X8z@%P`T*J9SrmFMX~L1j-t;^6M05v>dyxb~>HcW>74 zGGK0z=e1m5J!6SvPMLzDR?p8zTTh$;a2fp-u=W2KJBR2@y0Bfxwr$(!*tYGYV|Q%Z z&KujdZQC8&=IL|R`p@Va{F7R{X0>)zO`d(<*Og+B5S~UCQIrQ;rSS(9z+Mm3X%S|U zN+#ObRO{MfUOgA!e&jx=x}-BC%q~eN>(uk?dl$ZP1AjBGrLLs?)5(q<3ShUt&LsQe zQ`}DA537qfj_fB;>eUD0 zCdv8>fVbWj4KJ)k@N+boB$ z*HGULrqh{HUQKoXsV(zyYZ7!yWS-WN5Qcn_5XMlv`w8xELtiP=N)OMU9Kg(o@1Eon zc*Mn{m=?*$RUiIM`Q5_xf~<2$MbQe8tRb)Tx$>Fd=e5I%>Kot6>*3c5Bdtio84E3P zlXyRZN1rj14b(XGQoB|<|BIcb?4B(eSC^Q0uxF%c?vzU>bO=OrRN;iiW2JwwgnJHkv{ny2Z zOUn$e79CZkAeeIPel@1NHORHsdjh|`i3gU&X9~+vLd86_Ps4q8Nags|5JG2(+-K?7 z0Z+Zg_-81LnUA8B^etZ^4DObS<-6kXC5jz7P3ew=CM!e45{XTSTU_~h7zMdmzKnhY z{DVMY?4UDQ^KY=Nvt9@pN}*H)fnF&FQFvc+N&EpUe))gRs&2b3xO^Y9{X)Zy0y4{7 zU*CcGk8h$00rrK*TlYnqiR1q4PokZ9Qrt~Il95o5?$tvRwTQs6=a+>R#ocpOCaseZ z^mTTTY>QoX4q0xSIm{Zg=v?a+%|-b+PcMQ}IT`~&5qEMB@*vcmM3|~unR`1l1t!5S zz*TNo(3b@RPrAglUlsoC*a98GxL5r`6H*b#44_eY`}y%Jld;EC_q;|t`*=vI z+gSuK4v@VsR|%bn&S98SRkY&G^LAFQBAkas@i121&nxkZD29(ECEQd}&pT76$BG)f z+XOlY3u$YaOr=EWa_XWaz;dwidRtI@!lGUlOp+$cK?6vCUnWL)I5QriRC)DO#%W$r zU3NYimX-NAf&H`$$=Y#?*3{)zeC@prQI3E);s9P;IKO4u`kFGS#L|-?Ng=o0-$VzI zF182S7h|z_S>Z#_G6&V-`Qv`0wK`0nG=3;(rnu_8@1k18=?^?sIEr1j5`qc%ey`D# zf6JaW#%GOfI31)rJ$41o=qO?mgxzh6F3vD%^N}x7exPm*#+7EYp8!3e+_}D^b9mX3 zKv!1bX~|mORfK*X@W~DWY2^AyKEUbZnfIuDQcf9LVOrQy$eEu7pl|=;hwd>g&Q(6o z&WPH~ngCwKKge}>9<09{Se@T}jY2$n)+03>-=9qEnzr=k7tfUgEuOo;(>C_n*iw-^ z%GnY67V9v`qAK^=>%@0U@Ki{pdT&y4uk6_9yv^rf7+|cz(SPC#oNj?b9BK+v#nw1z zC3Mk>lbW`3*?)hZpVvSeH<)@Z$2l_4)DyR^n+tXUfL7o{{Qqt(!>8bE>TZ zt?zQn28~^eidi)N_YXIuNU`IxC{-+*DR|Mw1v0O@!m*fY@%uc zeeeu_NMT~v(gTOb9*?x$d3nDMPldE$+Z!wj+l0X7fX0wWlOa7j50k(0tUiko{BkU4PCR#9ES#xSI2pX)+6nXaH;(=>G~&i=7Wi`3C(q zIWGs%rUXIA)+=;`K!dVc(43*a(!Svz4)HXZjD46rt@rn-lrQWpOqKiBdd39saC(It znGt#_{kNRxQuY0jWz};5gjwNbDiUI!w*ZgV1g%o5uwmAZFvuFdOvR*iTYAkKw{Vly ziv0J)s0^*!8h-)z)$N|13hOgwmE?~0;;-|UqjHk1XY?DLHrMK68#+|AUnZOWxqsY4 zCb#wxK`7+8glFxO$s~SJ9cU2n9b`#hPa;jGP+_L!+b>2iCA>EjndTbbHU%}`N-i`+ zWFMGruJx$(J?F^YBtAI)ib_SkUqxeg-i(yZkTPi;^Tiy#0vyVVX@?#>ZZ~^P+-ha< zWwVC{md3M#yQNZwwXz_6BwEt|F8yEaaJ~fxeQ3Th0ky;uN?ByG;H>Tpx9>2nm0I<1 zi^F!>Cwp4Hz0(AxqS{N5@pTr~_fUNPJOn#hO zHFZ>`Rv?2*S*Y%x=i0u3z>DXn(_{eo{F<;9WzBQ*+Zc-J@YZRn^7ShuzT~dbK7w`u zM5@kd;ypsiD&B$ld*j&SALl+eqmJi#l9i4hLz^FrJ#szh2tGXpLZM^Ey(+-gRc2CO zKpr&q`75u{g4@hZt)aijfpRlsI>mN8CE{)qSkC#@1xL91lM)k!Q33kG`W!sc3Q^r_ zv%d*vPO$ewicI;SdO}G>p_1V+Rd%AVi=tI-)iY(DW?Ma9!0}qC&Cmgr8WAh5V-Su` zmRH9vy1jM#yjzi(1b+vmWG^L@vLA7}92r+~M&K*6Hrh92rCcZH=~dV{*EO?|n1i8= zkhAgs{kd% z_yOLC+<*L!Gzly7f2Bz{Isd;Q{hu(MnTdntzv3j!EX-V-|BuA*zYwOsfGcKQtU$o2 zRJqqHXYc*fqhBks3HloXqv%G;IJ!~m=e1$JU_{EmqPbBuwLQ#tzi@Y+eEnqHWKEIH zHhXVhXut607cb43r!)m>`X3U>GpWmSAQ1aERaB5rLiz^&`)Nvc2Kv`gX22mmo0h>if>5<{197zjXL}20e+uK_0WlyT^#5Q9>xKZa z2)fmw3#P#5fjNQ*&HpYYp3$!{#MN0-$@$?0!J@+k&JGOxr1NVBCBql0F_g(e6-0+> z1n1^AYXbWP)I^+Wh%|NKC(IPSHefg-e0fPgKwu*%L4`ZCEFPTzz6Tt-4$>s37+=XV z26NkK=8rRn{HS1U^ScQMUx(?@K7?Zk=NR~(K0F5u!B8e1^>KW7dK~5u#(e@|PF)qa zj3+4jn?wC=(;xhH_Ae0EI@b^GHQ~)}K%cxHHz++laqNsBC1YI@d>_sw5J=f%d0juR z5gkxo(z3ls9w^%VA)*UpAih6_0)$@*0@#?86^OqA{`Vr`(gOM=Tu_5hKSHmU=@0(# zS-KgZs)#r?mWUDy?aIxE#ZV*uXtCX^{)bi9i!wYcY1S{EeQkW=-3?dWZsxK>-Vl>B zzFe6UYhJpO@Zt-H&qa&I#hH`0$h7_q>006nh`8&esa` z5V8e=?J6$h{Aíw? zSI+4u^xo^&+fC9q>R=U-Jc9mD<`28^A8dAV*WuNvpQcZP;$*a;e=LTHX>h}%{Uaa; zr&}nX*Ia_nZ_Zcg5XL;W$jUNJJhOZVPSinEHvheq!dPx3% z4N7pGZ=E#xeH_32jz0_-etv#`^Gy8EF8AP_Mu$wmv4A z&0fogR^6AE0d9YQAPy4M>kInB;c)+*pNoQyx#f>bj9_ltTPqBdk2d$3LC|N6kb=xp zuj|+^E#WF(dqPY`LZH)gm`7nRoNv^9@K*=^>T>k42gX03YwOuWb(ENWDzm;o*5R}p zH$o54AZuoRQQyKKx*6qM+GqTKxoORK+D-`z?t z)%^tJfp|_4Uz1nfd*g4Q*FSsob15Eb$5rTC`~>xZcwP}-RkOYbZ_ByD1ol+;Vt)oG za~gTRfOD+^K7n%^cz%F$@4uBGPE_}o?%b7+=NpEpbD zzMZT%(`z2&MP5KHQnzf$6-Yja4yF@VZEM0@FzY#l(MNB0l??IMCkwZ4@!X&0nd{63 z8*~t5q3%IfddH;M&?szutSK(W84F0pyXROX4zKUR*VLuj*bk8D((X!jWJ6?yWrc-c0m}7kmEFb4RA3va6 zXhjicyIXOZRd?zt&SkSfPE{s<1jgr>qq{UsolH-El(<5&(bH}Ww?$oA)bBb4N@rl9 zO^O<#8EvXHTWei*4;8)rkZMBO9TE{bbEKYQhg*GPU6;-lko^?ozEe^7w()9vOG;x4AS{z0kQe&DxvE);vx*bH2cn&AvR7L5NC~((iV*FeW zJm*qKe^O`}6-y*B>UUgqo4ht(!7{&Zx;he1+8xhNL_>NKlVN(`@^@i=>f*JlTAds= zh7)F~n1ywVGWXnS*CI#B(muRNT$s^qeK9hAnBM*DFHkPuT3TGTE*Bk=tK&J4Uqzh0 zZ8L~fDjzG(B|v*u+1MLE5ukCcJ3D7JNh@bom>F7dk_8<(&^w!)?8IV(Q!8{_6IeXS z3FPP{_?;j}1aVP~vlh%TEs|58XM78hAfklON6bmWJ8PpN19~0!c%6TF&2x17GJK!+ z6?^MrFB)0NbdEVXNl@|^RW2K!x`e-CkV7J3FU8{YN>*-l{Qey4JWk66`Usl;dUk^h zkh2de7Cq@`?5e^8m+qb{7ObS0C;>8}%?T6+>|^e_hiG!xZQYgAryQiG9tUT1j~eiE zhS!WdjWj`a(JW-^-(ewvcED-h+B%Lb%f zwyoj_IzI_N{gldP=l%=@ow!$xLa}=zCyC2hlZ7Mb%y)uaA=40m&)UIwQu?^5Gj`%8 zhkH833uc@TXe-lA25d`2;(*nwI1IYp_)mwm=RhGL2V8W&z6e-4)8+S(T3k0TmW+A| zSs*1H>kXpe3-lUEj;4S~2C?lXANn@LFD!6Q$FO>CcO&UwF*FqtHOeMAbpLE*X!xo=LWIXm((lCaigh4F4sd4xk6Z&r@ zza^K@904F3Sp-eHU+>iQ(>3B1%P5+5Ym@No%GTUMEq~Urq-t5|F^zJMbK-tttA@MB zfMRH^ky3qL?IFj+JCmlz8aMUGQ{$!xywh%zu`1Q<>LvMLMMc^@fy*aZDXJDIbK zX6*mCi?G!*gS8xzLIK@55zprHB*XmW?=y8Pu>0KerW&rv$6A`D+X=CTm&;?PkJ4TA z8upx$eO&)64*Tk{$L+C9Ni==*G=HzmgqE+>51LD| zw12PE6{3j2WMwsZUi7dXQrhP?OmtCACgxp?X=WE@h`kFGz3M;X+lc#>BO)}T7&{-# z65%Vf`wdB%RIu`~7L3a@lq%a0Doz-GuX0k&#)^7(Iym91F++H<;a|8|192N8o3DNI z%+|t{o5_TA%(a*T?u=)?@nV})ug-gqN83rzyPZJk#JY7{Hri=bai{qtM!5 zuvl$|PWQABY4PBQ?-l1Ys6e`MbnmB&+9@u3n9?skpi@G`og}M9q6p`a2*|>`+!?7E zxGHyUCNSGFUTgd?pQ%zou9cWkzF%8nR}>Wv$?3)vYl1$B` zxocVFEv5w58ZZ5X(~H<$nMB*b012 zbr3!6oX44pAYy(Ut6}Zbv#-3wzf0{t{E6Q;V$unf>PQl_(R7+{0sPeI#)$4*_gVe z6wQ&PyKvFB?3MId7bc@O2t~dVlSVUj6tKZ7YwFq?TYXmA|z&1CQ zN;yG2#5KTN)1}R@FJ2K`{o6L65$`wGZ@w$)n_|{r5U`g&QzM!J@9Q6xveK8IWtYQv z37A)$)pcJTv%d`h%P`{Tb?NeLiT;^A9rww8rZP|>9*%-#zSya6zs|>MJVg);EXsXA zl0qQd@nox-HJw45D83Ouqg%hp~oW$sD>2q`RQ{X)@K%Z6PNS6M zhC8*kw_I2IQ?{tp9m_7y2DUZ2-pAq8rJsqd8GQ%bl>Krz0t+2fU355v3OeXBuF@x6 zmYaJtsp0};g{n}RI`f#{yM4vm-tRBwK0A>FB)%^BRt#b)tP@Rk6rIaL47}|gTR-@J zM}hTdq5M-f@zcABFci=phIkg(*o$QjDlIis*LSrKH^LIN3o4nj!Vlh$*OfDH>Nm@n z4^F+^jg+&Ys0|l-X{b)NZ-XM}M!S3NOfQ6!t-CyMFzR5dmMxlwi)sc`(liyyZ{=6! z&!7;xJpjuWzTQWp1S_|-&B7c+e@)0w@h2M+qogJ_x!C(n_8c_^c5!CFjpIy?!bW_s zgx5K0(h(^{p`P)se4iQCX+5RQxlF_?`Y^^6|LFsUW;F9Kw!@W}*!*{xq&Tre@gs-5 zWN8I#6wP@fk3*o4A8zVV^1)ufu^<48f&U#Lia(Cf zDRRTJeU#)o%V>|fnd$o#A$mI8oLojU{q|rW0vXJvB|Gg6eZo1|Qo}ey9i&7pm@?2w zstK&}4r*hj{+)J@h}UptZBphSHu;_xs>DK zo>4W0ZNVtiu8S8(Fyy@6gF(x=tqb*$oqN%A4`vkRdh#@qQh|;)YgkL-wn13+tW)jz zOtmo)i2$A^j+RB1*#_c*()q=-8H*NV=V$8ZLs?NULWdwR<-SJ9BwQ^ek|o#V()nVw zybRN1AQtZDNox6tC#8HxUPnte)VeKbLSayA;%_wT<>9nDKiW;&q5waV%=u2ch=MCm zQTQjB3wc`>%UqywDl?^VRzzG!dn1@kc4)EA z33G-RI1R(EA{X_O*3*g6Z}tQXT#K#b0=tINOs{cEDmX|Ml7Xi`>|eQA_Ub*UQL~HUo!AJ!O`N-OYH1neEnDZo_7-p|y$*dOVM~p6u>5r&%pJ`mjINuv_Xay6ygu`aF zttnCs4X5WB3Z$@lF_vwLmeI$B>wG8K?L2=GR^VNC)jGgP*;)FtPC7w$45SPEBp1-J z@NoQxSh+=*C2N_@q8RZmW$4MW*)kL)LYh$u08Xf+?Oh{-70|*x>~9HvTWUKW6;-9E zvUVaIm1k7X67`T!O=3F*w2p z3gMg24{rsUObtZ~huayKHNDPj8LEmn@(=pw%`g~TJ5GEWOZ=``E|!4rIRF_pyd^t< z*+Iz-<>r3FQg2gs34==6^Xg@J?+Jih`uEB1D@{Hte-1SkX(G|VKaZP2`$gnrI1@y4 z5kVH3*)}GAvG-?&W_wQ;r2upAVp1^JYIeCuV`Z6V{V_Ut8ns~GV2$*#&f=CBfYNG4 zf;Sv2E*WTW2p6^PM;3u$O$?*HO@4gF+9$LnK?18^mVquZBZR8=^*E*#h@-cql2uO= zU#{ru?HDrxK6xbZkt)whP}KgM*86!jr%|zsy3+3FLScrSS@Qew6Ie>$vHh+O@x$NvcCHufq%rcw(CGe0=hLxdkqN*5gl=TJyGZ#3p7p83eD@7Jn6IgqP@^J z0^7Af4DFVAc{K=GV&3~{IE3>5cv{yA`U|F79|%qt6z#VWWw&T^Rg z=6?0(_nA)}27PT65|KmeoYMk}s`YE+aJTz|S6}wfYKfgxY*vfqgQ{r5SA$qjXIi)v znv8PXcMheST)wv0h=$dk(}IKK#k(Z-x8<2HyJFR>)MWYQVcL>8#SSX$<$ce>VzN+d zwS|LXC*ln=NdHF>VGgT&x?PHlpdRZsD3;m5lyeJKV^lymoZq|4i&cY;qZ}h!=ki>{ zRzdS2C*SE=PZfJA&009I1^lmYE)R*F??EoE+x0jy8qOi3Pu5|=!wdtrxI-zi)tauW z4NO}hqXJy`rN6aEw|=Mu3IP7*Uu#G43$%iF4G{%)d4%VbMVmO02 z-P_#D3wA0{fOVeb7OpHh_&@V%$AXH*H0)Ki*N3=qdKzc!=zeF(nDl|)b^5!oL_tZ5 z(M8S!07kCUlPc^?_&%-=Obg|?yf)`KY&j7*JY2oTwQ$i4zr!F{ zkOjKnHoS9hWcP^p##&NXL0O>IMaXiy_cb8T-f(Q4t26>cQeZ@>t6p)MEMc!DM?(0I z4o-fg$QP!#`Agyaa{f8jhRf_xg=o0fo^>y4%w7)=3hn=UkedED$b4BWGOqGb%OP3j5f~pl|T9 zY+C%X$GP=s0HzCd092RqhUf&ga-v`*m~i3?vQ3=kw>~{X8NBkg9GefyqbPFj+cVV@ zqWb*EzP+gd2Ruy+!Gm7?7R~wNT<|Dww1=4wtbnvpitsg{ks$!2I%um~f{(}~m2mMkeekAnAX>8X%@v0g7(coEi=*f_^eHUM!dPF+~ zwJQ23g;*BnojCU|A+yspKDOJ1rtTMI`c{2qX9@!?zjR2~bH*{p2=af^#$3b|MW>=x z8cCDC+WT7a~ik?x|5XiOd&$1ewITHd?v`nVT(a#POa~Dg3kt zGNfXhlUJr`DeTL)!!k>lK9H7_@D7E-3}B|}JY24b5v=b1Fl1KDtMts- zWX^3!+dprAio?O+NPs#)E&Uhd>&FV6J5W$?%Uha$MhF|HsZC++*MXUR502+QzTNvP zw1p=W z?jq0oH~+(*+8y>}Do(Y2SB3kjz|SrxpzVX!8`s53^T#^!Q1cK*^))8i%EGj#eqGP% z^aE;1T;)(1`Q_q7o7K#O?kxLS=h6g;#V}x~6s|Srrn7*#H%^XZVCdbi8pD zj`lu+g(PIQ>28MSPHm7Her^?beJ)a4w{yPs1$%G`f06pqccz8vWB;!(GdrpwZ5VY=SCkN2=^^6y8Pla^ zy2|5Kj<-a5tzJT}Lwu-r@3*fj*sfHCXOD9%h(W+0i%IiLPM{yx9%VjQJud8D&}2>W ztI=_rfmx)&+fnTWmV9!uW)BK4%@9aVMu%|V>te{7p4qev{Li%KswUJbkgzMDQB`h< zlp$_+%H0L7gK;Y_`MQcbt!K>8KwTJ%c?oGq^`1DXZBc1S)k%nqXZ6+a%+X5Xo=)D9 z2pfUjBk=XeyNFChS#STjnv9*QLS0KH5(cx846-NT(l%(DE=C*VDwk6lIIfmf`n!+A0WPIZbgJ~vqZyXFDgbR?*n z_5nNPIM$I^EQ%!S&H|m|uzAj|-S!enQt_fk^d|Jgb0YJQ0-pRcc;O0Io>kVJ2Ns(l ztb(Ox52T)G6|Hut*urVPiFB9}A6|WvfhD@r=Lg`0{I+fuW|bsHqdNZwV%fF`{DBu) zQndkfm!h}JK}ETc?}Ndu%kpKR%~5y^g9|N9Lmo`&InjSdgmmHjMDN79*6PWEb#W@e z{T?3(5Wp!-%A$_N98V{zFVa%=3E~J*T4Y+vPuSNN=MR+}UChmSM2a8{FF8v29W5R?b10)JU}bp>Nf z=lcB@brm4e$VUGp(nH)2JY#NL+F5_-*y=taIt*DC$e=9d>;`@u+D1wz6IZl$gIMRD z=En4FQ5xj2XT_&UwA@cMe7x!Zi_9TY*C`foO|bMh<@gG{Xa&rX4I|%ZZRg4JN6P&T zOEZ%!g6jT+3-97@_^#<%vwtIP^jgg`#s;CA$0eK}!G_O_(O6Cy4>MR{rS%_ItU*11 z-<~YYlDM7HEGi2;riDSl8}o&~|5&Uqz`*`Hb(9Bz2k7EP$64Q?6*^t`a6H2GV)G!U zqJ3r;-`j3!Ngl^cOQ$k6#~8Rc;wna2Ylr}D;T5ELArNXbhX1P=XV`m(cH%q=AvD#e zla#3(xTaI9IC8FJM=umi3Oi-QtZc@N>1fV;?q ztD{uD{znan5*gaUd2;Q&Xmm&>uEyS7)l2cWm#FsO6Rqeo7_KcCv6DV`)jF`!GK!n_ z5miiCGObe5y{5}|G?s~mq88pdJcSDqd_DRX8D|{5)R8?UQBc*ro%mnRooYt9T8Ew}q#5$lSafO7yG%)io3^5|23KXz`W0$FtlHwD)r` z@m;c<3d!E$J+g8YByRIR;ZVF?KiD2?uX=pCYl^4zfbBPzRqI1G|ApfPGw7sXDDOvD zg6Lqt*6~e2%4M&%Q-nh6<_u6v*zK8cW+JEM9B~w?_?Y3~USqbG3}*WW$uE*mbQ3KM zip6->l!bfyO%q~gPy%&iZ^%N%CJ7Nol5mi!VrjCGU;eQ!H7&SnAZ5*|3CAC_x&bo!rhKq^W)uR!nlx}H*y zoQ*eR+jBZf9Nn{PX?d#zeDn>Ake{QtyQM^tW;m@(zo+tYMPkFYp5V|rHqDfCqVuF2 z@j5YUteR$&HYW*jy8bZGWAb8yyyA4?og{h;QEIzxE$I{BFi81V9{pmV8-t@e9fpF2P(9iMS) zS}1vL{wOo24^kkxf1<}xWl|m{RY|WpI9+uVm!*2(atZ>|3p7KDxcsHe?Nq)Hreno% zPlHnTd@`fgpaLgF(P|NXBQ8W(yo(xz3E2-Mca%A#%tLmeZ{76Kv1%KLEnY0E?u6-rA@3((YOEG zL7!ChwC!mVuhfTOfvUz4f3apB^-li9JZ_3HG#{bDCxoA>VGEA9HpmmJt@h5*sSnEH zr$l}52^lv@B(5-IaG^)mz#n(4_W;>9X|lK{laF8Mff>qJtM|dq;G=OSI2~H!#y(1LB-A8Z8>M8%Ud z-sG&I>oF&Cr$)K>VXV*~HVyWwP8N=Z2=ncpo-~t>=T*sGhGmnQb<_{`PeJb+mAoOSM}Ea!}FxQ#KsiePKS6{8iUf z-pFJ$+<7-{|q!N?AB{ z41fL6zzHCkG*;^w$A~u@90oZzs3>Zljp-#rBy$WXyFYN+LsY&Y(M^M)?FA>VtYzpy z(}1-S^D}F8Lx${$=Tq=(=?TJk3My4q=Up82QOqJ%##bZ2_tk_b= z&VLP5$T+qsI3PUy+eAZj+i2@#NmQlY#L)kUvyI50CyZ*KTVtuNXxRtD>`ehjJaH1= zK6ifKsNZViG1nrADvHoqbEc}PjjKN3Jhe0b!J#jQad&*F_#`v@-B2Aq!HF@G(j2!t ze}6i!pL76DaODbHx9rEVqyN-~lF+qsaz7vj2q{B;Nv*J>S0ND`E-v;CE(Y=8}+9r5YU*V2q4Y%#+R3%H!g#)H9UCF`zWvPW7Qw7Fb@l<97Q* zR^GkmErzp&I8BGV4pz5R<(d}Th%~?L+`-+H{YU%h6WeJ%`FM)T!2R!zy{DBN&1d`hj zCSKiXy-uE!AlWTJ(YZI8?I+xX?~%~{bz@C48hd%4&H$XX3=|5x zt?OnS#f=PC8zlVZp)Lh0idc-eupVaoGh2?f#0WAO@j;(yAjWL33EANrdfbQsA2;?= zEWG_YzU?ANe6vw_%~|0+z1gxbRH}hm(+zF|{-$R!&69=ugh+Qmv8Dsj1oF*H*(5dj zB7#jquLhRRVnx~hl{-^V+Rq2C>)<%K9ZMXjx1P6WN_0qcfYu#Z?bB0~6L`44{~k7X zW#~Mi;-OaJay`?FfP!B5w~$m;#5l)>{(Lc`^>+`$fKHj++|~l?Tl8_gZp6Xx_sW+ zF#><37cGIfBc>p@FMNXTA&(;6gg#Td%pj;b-l>t5mN6!t1IKL5ZF0Uuaw;F+;g+F2 zNs|`bmAq;UA`1cf+cSpgUNgj|qD8vMzx(VBd5+b5XjaDVZ7?QdM09&L{3wW)gtxA? z_QD(K}3^ITnQA?;s`TWH7opiY6 zNMRi%dkW|^Qa4pfnuR-OOBm}wbbFnSzR=|q=;Am1WKYaS2yxY@W&PI&#a2}OTszFO zJUtgeBfTH$R;$%E{jC`JY1W<{oqRxxA(*38$s3Mx5#8d@>i|`-xxR2&ZTR(A=|}vl z;DVSqyeiz_mX02b5D*zIFZ1jX6v#4}dy6P)*=@U{i5xo=%V_SYF+^yTRT5wu1S-MR zU}1tqnn8OkwfGYUKdcFqhOh$_LaW+~gzc;b;!ONDaYk`CdYO^vUkBS1b@!uqY-WCvz|M1E$0dF2smEt=)Sa zlBDllSkbpj_}V&901Ps(Gfd0`g1Gx7BgJ4yK)o46 zZO@52Se1FVxsRHLj8tPd+Z#=*@gkN%;E*tc;h%PIO`OC1d+iO!<2KldH2qL)<8-NZ ziTYS_lvJwU2X8UiO7%{PsrIH(uLpd)D3iL(F!X;iKa1n6F#|p@C3r?(avgtr-5`zX z%O<6E;LBFs2x36V*&np-@m3X=7fF;n(DZEK@Ikq)tGg=S8U~?N?k12m%}bXJ9-JX; zfbQC|D9YK=lHa}|6<+5viK`_er_o|$O@Hs-4h}0pln%0w)ll4*(0@V7`AI*Za#^WIj7vy~X?yF;%b8 z_fzvvyLYw^jP?0&7Q9UJajQf9JAOMg$KTOZCZ(s{lVBPA^ z?Ikj7_sSM)kqyuXJp9d~I-}-%u{8qRsSOk07~`*UF54=uY3RffnTc?LHvv6U3kz`& z8OOxXJ8ftW(hi~&nasxael4S)A)FK4S_b^nE-SnW}@ ziy1S!G3)7eq2lp@QmY$Q>okx}v57Gh%vEB%wgRNnw2@rI-3~3KSrXiBa8xZXoXK5j zH1%jmOT763MG3VB{Z}X8A2X83-q;F;m-l~S|I9?pZ0y|sbN7!h$;|qnZbq(uoq+$f zoADoEa%ua$#wG0#5(HFob#8kbK9Qvlh?GeLjwr@OiW6jk1b-piCCEim+Ko!jZ|UZ< z*LkMfdb`uSdiV0A`m4uFV78=me#t1UAyCWz$Vick2NO~ei>R=qWC#)n#DmLU&`#FV zQx9s3;IkDwNuTiY5+pz<B=ZVcWST=4*iYB0|bQ`QqZy)cY*XawWCZMruVh(g93C@nr7X!FL!KN)ll z+ZZ|!WJ%CLr*7~dHkHWBA7KgwB-HCu0-8cehigkIJ!x@!8vuH^HvsJ1f^1<9+9tBs z0%ThUyS5H*1OCd+B#3_q^v#M5Nx>($im`t`S_9e`+8LDH?=KO=H-rM`>M`XIq8$JL zj>`gdNmd2Mi8VaUHCz?|w(;+sh3FgZf9gH@p7~aT0{H^KH8cfta|PxRAeH^=0~jMh z{2r@x>N6Nz2O=t4t`&^$hP`AaJcI~b3!)sr48I!RD7K{V^=F5pHW*tJl9{3AV z|HDplQp*xoN(b4T7{JZtpYMPd|G9ou2p%5>uM5;10LC!Hg+hDCJ&!Z5dm{XF zf18P41v1$qeQ5*gGwA)%%iv#_gn?*&d8Pb(`Eru3q_L8=Z1~Q2_48R+s9ObMBmf5D z;Uv6GsOb_03K$KU^;4e*6Z*aec~z)DS;B$X1NlCCzDxgJuHW1RGkn*!m%_ZFNSMO^*iT=pyd+{OB?ocM`4{MnB0s_g!<=UlY^`S}aMEqKZIjo?mJ zP5Y??WK}1DE%?K;1oSDL(u5o_jAv8KDlsx_vPSmctnUfcBEu;ySw@d8$@{Y znCmkpL~o?t>oPh$iU`Eb6U56zSo@892i(<00B!~D`<1m0B#%G^_ni*np1lrf2=6@d z={hY80wh1jxM)B0Z=)Twe{c^$9fZH(VL-U9egfiL{sw>J9zr?{_znJ?&Mhpjzc~i) z4td)A7`(o)0z>pd=ort)4bq7P>Z?IE>#9pDwKdvDhZo=#>-X%L6OMC=gt<+|^ykU|w~dE$3iC^iIT>hqqPm{U&o1=2k&A8~pgv zYdwfd|L(&1>YK=H?&lT`tsBJxt)Qe(s)qdK9fEzMAJDtNGuJ9OC$>)TCcaK@c<|~0 zl`SY=bdy2Hs2%bx%y4b{Ct*|nU4;=ATzH(X@;cG%_;AwdNoDhCkxvB&qqL^Vvw`99 z3q&o%efKf@G{AlQZ`%Z+BgJBI{v3J1sxGN5${ew2X8j$mK60QOyQl#@V%4+#ff8<) z1m;yz4fhE-YiZa3;S(lhn&MzkV8I0_8`^aS9t5=U+=3PV?V-jY;0;Bzh$|#dR5m#9 z#jRyx4saqvv3eN?KePg;?;16Haz_w^HIsYY(|mitAWe7L{)wZsu>K}RGoBIH?kBc) zJmR%AKO`tRqGM7Fclriex2Innq8?MvRSg(J`|Xg;*x#+#j)9Emhbi-n0v>VgT{Qm!L3;B@4+*L+WkK$qOV_MZmvqY5)Rh}! z2ToMX1Gq)8(lN?il?;!WRLeeWldIJp*<4YH3?)&BVRl2ivet#}LRVGon1?;+9a=ZD zPtYgEW!)nsh~;7idLiq@`cB3zR~6*FQVU;7=a2Yc)1)6q?J^f2NyRl4rO6d<$$F!3 zCfl=>>$vg966u4&$2>@B)AiN=E2M?XM5#3D>gHqcFSA6 zn7zWlHzsWlGX(B<-ww6oCV|b$*%Yr@v9MOCq&D+2rCAa`u-KVY1*ZU7kCV5(YK4b{CK8E4b2%&4AI3oJK7j2^Cim|`3=hnE`>E-`HCrY z{}?84!>!sqPVdGG50evkmvM8-%uAv)%}}E9H&oO3pzR$c2aM~!esFslKe!_>yFCLBfT_*b~eY%GSZNtcDNs zcBZKaN14eww0#}pa3%T@0D->bXQyf266OC0ZGtEM)rfABNlq`)o;Gss`W-~12pA9? z{aPGeQ3%#TYKcV|fS-ANkKb1+pl3nam9#eHcuDyvV@N9JjXnkc$MU$Hw~8O(1*n54 zSHPS2f#L{z`WUHJw6q*R`lvc%m3Eb{g)9hU%8CKGTfKoD`PcT}Kb4;KK~SjiB&~Qz zSj>Qn8Y$}|UiS2eky>?YF4=R$v_Zri^p>79_)@yjccLCKbRDUtx=z;f7KFtzN<;w4 zSYwJL3t8t@&`L5#Z?>AP3GEn7lQ19esL)R7kr5lhTUgJ4ywn@lN1e*ehG&eAbGd7~%1X>tk6MIvgq>yh*M7 zZ@syF^t2QR4u(XyyR0eb@>YnkcDU&L6M&K@-uA*1e4F-mi$A_QhB5TcpwVn2{7vq7 zE-#?;l9daojjwmN#)-Eb-$>U=+coPylNotUm+!I9Kfu|HU{!?Rh+oJ+{6t>ZcQq>u zbB09d*L_K8jA3d!Y(P`yb-0;FD`<>Fv_KE|PB<~kx#VFGF9E^0%@&w2TzT9Ua@l@% z^Sb#DU_^JpLocYCpSJr8?MyDYOXkh{PM10L42SRgk0zI_A5EO8VL;nI5h=co{S*Lu zAs#)&w@0S)O}hbqW=!UTv+_hSx`*SjNL`U!AuZBi(goOmYSDgNZ+{pM3xJaQ^5z{) z6vs$r4Hj1SIllbP9WZ%-@$2!!e9u13UIw}tAH#-^;fiP1q1Nwbu@;Rjr=n;oF&jS0 z#8q@=nRDXiK&KN8)_Q8}jX<8;Ruc|frAf#}z~<@i?Uro4LX#ci3p#w-BeZWLhdo_dq0+muMs(C>T%9b&h0 z5dOOKGHglz8;Lq-->c+!g}bGv3XOaq`L4WbhRao$aYiHi$752|?PQOizs|9HCJ7GV zDiZU<(W?J5eZ6afUu~FSd{w;0eG6S!&^}(Oyj>=>dyS8rGt8omN9yB2&rvA}PEqwl z%w@G`#%lp0iYxUCAgnt+o>H|ma$&)?ThDDn+ftXk4qlLrsCa}>)MN#HYI~?)aq8_x zh&4ZkLulfrTefsIOI-kU_bR6vJap-gK#2*lyUMMjf&e5$1(^qG`LEL6Czl*VaMu~E zu(@smmSQFb2Q@5B`C86YT}TQo$wZDHTx|fG@l-5v^{r)i;5u zpbtbie`7^Uh@a(PE%kBcdS9f9NSI7N?&nmqg{nmle0T6g$`~sx34>Bpj^bA8y9Kvh z{3Y9NG&#vs*KHFA5k_=7f~DUrEE=+y_G*Fg<-9B4c3J%)j`Aji%_)C3B$(*nOih0A1!cFVvQf(d-+Ete=L5ZAnS%yZoYL` zRh%aBC@A5nD^rMxQKM-}HWI4h?dgWq7=Q;Z?(ep3E{1=sf0veJX)96s>>+e09Vj@? zI%4|;3pWq$E0;%oZc;%kS0cLuF2j<6wP=OGpK)Ed9O1O0^%V$J<=YF?=uR4++D{Pc zS`m+3bQAq)}Dfos>8*%m)BjOAxP7(^lKE=XV;6J zS*sd)#p({xxEIgvepTau z(!C&!p?<3C4a4~9>g7Vf`l1TJLoZ_>U>^PbFxN%dFBO|!)wL?E2PSp4)cMw<{KgHf z2Ujh!C}z)j0APv$SRj>D3(O*+izj9K&4`re^n`|n%jX%9pZS(O<7j)@$}t?mPE4J-a^{1Sx}6I^${&kX639Tu%57ptfDWhHpkt55#~B1htSV)C z`vofzaw|n1$|-Yx?@+Q=P<$e(F{q;HI99sswLEXk6oX|juufyRF5x@d`|+K2Me&E| z(wGpHapScrazAQ%+}D?kMglliKFUH%8o1)JsfH!!|IGZBIio7D0XSH>2Ss8zznNgs zX1AzbT&;y1Ecxj(BAlADylE!&|EnJa)GyDLz5Dm0Sb2K=8U^zlL?zwlO0_JU1+UFP zRl`FxzH@UPvQmbu#G4!l7+ zs;(_J?hiu@+@yA`>-%|cVn$)0otnX*iFWl|S)2v}5MtSlmN}{rB|3{5@5LDwV)!Hr zGX%-N%cn1)Kj#g2hZc(efLXGh^%zc>U{|w&S1;Sehgi4LGI>r^-b?rZs~+v3DO*vV zl+Wj?&fj|Ctd=3f`_T!pGH-)cfoXVAebSn~i_hAQ=U;)wcSw_hsawMlFX2Osj$K0J2{e&Ey5?UuZm>)SdzY90aFxAim6!+^ zz=DidypH#rd4@GPmqYY93vXJe2Tj*hH;P-Yzc)9}a(ej3GL@F_Cdj;-Bn@jPUlh1A zm^D(;EO0)KYn*(muu`C&CWbw_&|*MZD?KD-&X+*yV2K;{^VOg*MfAbLi>J1AE{mrC znH=mJ9PmxQtbcYiHZ{vPCqY(O@YO;#3wD0tb{N+pOc~W*R9sF|Fz!CkT}i;%C3&H< ziVClCIOnkqiCVEl?2j?5lpt->IPhf*Y zhzYz^Ah29hty2xO70uTIJkBLp6&0a40jK@*6=T{>#C!P2i4R5YCWc97_Y|?` zb1M8Q)=%CFLCpyI1}o3ytuRiY94F&W&l588>s>0e4u>S}VWLX$_Vx-oRx>a1Rnsy? z`t%WPMy3dXrF}R#c-9p9ZuIg(xekI~e6fIFg!758d(3i4QcYR0^S?x;)ME;n&0Bxa z#wEh@e4hLd{ zRgbAGQJabXY}_H9Hp4Pl#QbrEUbeeGJ#= za11Epr9RRL`UuV8Wjr21AKfH|uA)L{^l zBGsCKT1m?L3F}4fZZ(c1*g^{7-F~4O`KD`dl4If^PO6OPF%WkyzFRha%DItdPkiMs z%g)(}0Z(bgDp!+?fjMUy&*=mKloyxt>Sx5eh1u|DJoaTi{_rc>3P3TP13syS74tMN zuZML1VDz}h_7;<%w0p?G(J&m1`ha?Xjscw%(MN54Oi>I+tJA;%5mXSfMQmAo7HC!# z5y^JS0HZtm?{56VR%0ATY}BQ*H8`f!EtjU+b-w9p{@i$>hxor&VJj3UnV!GF13n7K zbX~+>PK0sSwCY%KO-~N zUk@d28Q_CUGW8|w4$&p)9X-_q`c@(b@P|ye7SRyTs%Xvx%UO=FpltH2Wo*>rY`fDw2U*%57Q3@chyxTNUx%8D^x|j9X;!o2P zdyljjSo&V4c`TH$7P@Bs#^fJd>S~D}9{M|Q5HE3tkSALo6V9{Ay)s*!G8o9Uo~BJt zzTTw;LwFD>H5tmmxeERms^ixZmM7`Ow0cog+?KDTLy_z)m03f63H#&OzPz5TKts)3 zMS(Es#RifEysbnPR+=`xcm@Bk}ufT|tkRQ6z07)ITcUgFRXvoRE= z$8#>hG!!0LERM{ZUWxUw982~JI{!+`&4`iodavZX%h*TBDWb?U96)8qnrERHs^e%p zSaD*5aP?V_H!mx>XCMNTh_XwNq|wzDx8;GB$5a4RiqUo9R&6bw0d9GELbx7Lt`FBr zs-6hS)Hl=dUnK(?^IQaW(M%rvQ&=4G#B^FG7B}T)-&mLu!jfiob9k4g=UgvdlW5CF zFo(n=^$%jO`{TKw)re8^5ZySgS$cijps|~}pa8raSHQkxtcwi;zwiut$O|(2a0VW?f?pXUL2GUy52|h2{h${8=f3hZ9`fk6;WQot;u)*LrjR_6) zzf_=axwEQJY(=d%9Eqx`Sc9T}O&Xeq-0`SPVC#^edt$HNXio?Hn(@BBC0@8(_W zro&kQ{+z--R^Pn`lYFHU((!W~XHfYZ&|rrRH74ZcGi%M7At57i!Hcvj5o~ zjkGNrLn@6*Cqz)41*7vu@_`7t9s zWv^s3o~W~q|N6dTO%HJlyxXJY4H{!r8*mo#Ex8AR>DAlERto2UBOeH!UHe+8e z@|L1sGtU3az{n<8Gr0c}X-Jc<>vg8{jAob6+tehENRGO%jajdK!zACpEajHx?`3c@>rqZi5k5!G5d8m>+)ZsZ@_)j>$h=?XzqO2 zOkRNOaI}ciL<@>AOe_dTUGnuKnHU&c0TkhecbESY>IK|I`k)?7rb{4+*=-`_>CIZE zR21%FTtqt8Ta=t*OdUJ}fya2(QVkbmX7s_h-uz+@-F@JdbDhX{K951kn2-K<%-OY;v<%J#rb@++5jkPVN@2}`gPHk8P);F3* zH7E_3Byxr-UOL9LYaen`0&vc@T2ffn!TUbfTN5lA>0=g{8?C3xNN2zhtRtp|!uWqY zblUPi`q_53D9Rp$C7mdQHf$c(=c&)A_Nv8|AOB`+MkR9Y=_l*ZOc>5ZpOhw+`bQr2 zZ0Yo(v>F<1+bH(s^4jF52<6Qki)gxY@5uzjaqtsDbI$Mk9oHX6!M8oFPma264TCO& zkuU41L<|*xr9}eg-0KkiLPS=rdal7 z`87QX*$o~xY0mP!EW62?NraTaeS=mc2u%pxt26qDSdwkSLq%ns~0upD874l zr#_Am*^r1$%_8631PSP6EyXk!IXp_1_f~=XGVmG>Yz`S^E@y5Z2AP;Fa#9SM8m(bA z|GswHXs4KjtXpRsq#3Bto>mvgL*q(c6A0{>@^t?@n|yx<)-N25T>eJwk3N3KZ}3Vc z(lw?!`q#}26>DBg2$(TbQB_p)*TK_lhZWoifwA!iT&;)NioT>U{xaIaudkP(vfZ?| z@4r}DaqLHBQ?IaSdj9M!6{X!Wyu2D;A>m|%odccX!(mjCzy)A(>%Dx}7Pk`BJQ8sf zd1yG>iRm+R^e*JK0nj6rHEVzZ=_@yt2R>;DRsD~EC(P+Uk4?!2Xsx;VWkk-iv@ z_3T8NTDQq~9k{7Z5GY+^Fi%nca(1IAw65TemWBP1rZO2)(0Zg}Sr>q8i%o-!q;AKRF2jqTz zBE2i}4zbe9z2KT!Z5@*WBKf$Y^59@A9QqBX@5r|QTc%Ew9$Ou;$FeYlLi{e=hYOGr zp>YMNPmXTgk&zM)Xb{Hz^Rp~n8=jh-(P$h_JxR?JeQAbLMQxhKG$u@wbs5HW7y6cS zm8WB5l$!VFU6n}uGWvGW{clH)&NFCzZu#;u0YQHICNsR?^Cm22-9~a&0kwmS)@UVr z?2>&X{yS@6m&lUpl+ic0Qmn$Pi=~f&@TqzeX(ppHcyBw}b1K?cH(dFu=k7ziJ>05jO|d|HcRY?@3B#CQf#)|6fC}3H(p44hDU!=-eJc zTxTbkhX*tRJllfi;SEDSJ6OaXL%&{d=pGW0r6UwrhU85*Yf9E{y?1@b#U-HS7O*P7 zhGv~jcaR=`B7`l;6dD$iriVoIw}x&O($M16*v#Toth{I*MEEM`H!{h}HISi>NU~v% z5F(jDh;=MRZUXMXxZ(;5f~svDl&cL0uPYeOH~8ubNWtAbC;*$M0}7;cYD+jB$V@#j zm=xHr)QsLl@u z8^FWO_ny;*6LdW%s~77_tsPrPLKolgWnoY7x?Q_1Fqf#VrjF=ym%i~E;n8_=!BAFO z5)zUK>md58Q-C@VcJAPKqkHWqzXpG89`x!Fu>mBAzSf`9==@};93FzZ6Zp97huI66 z_*c>#J`~7v?ft#&jT>0V0%&e=ApF|Hlb(@s&p;-A_aFn|%QqJ<4@jL+9_U+0y)Q%1 zlu(1!g9zy00OINKUFCikDk}uk5V|oCXewxhi0L7qxHmFLJ>W27zcY{z7~+a?>kz2n z_vic5^htzKR>HlR%u_#;ThX?kkZ z>iO>YC8+YvnDHwZ{u}=gK>GfRL3U{F@SBnS!}$FxX?FtD`1&!r7uIB-m;wIB-B%0r z?l=1a&i1E#YS;OC zx7r*L1auisPq=qC9h1@h<#)dODkE%r@^k-VV6s=uypC}a;@u{;m-)^t@23;Nsv)f8 z__q7-XdgVYy)Dy=xHt9({2s`cOCMtiY(?l%w*h+~g15w*|!8S)6ELF*UTU}5bG*bB(EP>_f* zaQX%DO*w3v@U9H*^S2K(xiRQBkkO3m2iRc3@dLEy$nE`qp6~yjurFY6AX|cf{@)H` zSWe804D7FFY{u7L#;;XgNHA{@`oxSAeELukyGv1Cd+XsSeoc3Zuzf{V`zJ0fikR3W zqL2kviro}87ngK&!3jEe$1$u;_i8Dw-7W*2w!3wEB8R7g9%JH+cO!ZGe6C+#aQ>Vt z7kLrxgn5{>`Wy;j3e5`^s4@wh$Bxsq%ChG|3ixnFJ-=V$Mo4;vEVu#@%?KF{MLVr{ z6oRP0nfY>v(rI5Yn~2loKn90JVq#O;6($-z@)%{Mwo44|@sgA0k-N1qniC)^2f4&x zpSu}sH!d(0ZOc%xXxx7i7R^B4#Pv)6oiHaybun~A;`Ed*`il-{x23E~E01nAQz`q;RPsHif;E)(7Q+LPjkGYAYE>G7BGuaq>% zF~6M=E;{6W)w-XwaPe$^++C-nllNGb5RwX~4ux#5HX`FB^)V(NVi*-@kqpD8reSWz zydldSIBu+gfi3O1uxpPgUCq|QTxv4V#|6(Ds0q|*NZTNy2qI+q_P@4%NaXvBd0P0y zsknV2T#KgmTJd&o^J@Gfe3H_N`f#2WoX8>R^nIBW_tv$*oQ!?|!&#}TSXe$+w)}{W zHBl;`$SFRnYH&Bq+qK#6$yWOyzmKP=!C*#lt+Pq+*`OZcQ!ORqD>Mh`%kc|AmRCm= zaQe*G147&9)%+>ZNJ!9?FOf>TxdeJauDkO#P+iDrvUkOPba}c>+wziHrx_G@c>RL` zgb&*F4;5Zi)!z4e&H8;AtDFbVpveu0KSC_F1ESW%%*Ha%>{xPeDzV&+@UOat1CXl` z@J6zH?>c@nel;n_AmqbunsP0KBaVNJ7b|KIFvg#AiZdndZ?GdfF0y`vGA>_h~LvzY9y;kUTr1nW^xua zY&_Qwqcy@FG$4Hh5+6_|o@}^3KpuWjO0y$K@POzUhfk->fM|6p*lj#PprD6Qa{&iW z#ngu!=G`}SkMD+rqOW1Dli$kWOI>;S)9&P&_R!u)5Yo><8X(baB6w5e zyHY|;TL7|#flj&<*hWqBnI7ZP>kqgl3qyC(4+HBS(24@bVj;Cg;5 zlmasTO3HwN`H(uP%BS$MzjTJb*^R8)f%xr-9FdR#8?p?}6T2qHJwoSjY#WQ>KuDVQ zNnc@U!(W3Z+LE)wk?Cp9QH{ao*PZ0HB>kfRs=fEh;g>+lhqr?qU)vre=zAjSz&l)3 zSw#3*{Rx~gLH|Y8Tk&`gp>2)>Mx|**#JKF?Ga}aDx}pKhVvC009t?l?ooI_LpSmi#r$)>V#`&BLHLI(p zW!1=;s4XGE;+^DWg|bOemY|uuBFPBQv(J~@F$4$x@4SCl*h7$%62p^q`$8_Mb%!pbV zLGjnMEQR+lm_Q}Je$o;ek|E+~O3iPVoFuUk{&0;bZ2E@J)r&-v+6Ppkx_Sak5n!B7 z+v*`iTDJ0Ml-ANbow8~T%{QP@7`IUuXC_#>7iT`jG~T#mM1hD>5I}k+mWPtKpM_UQ zjIn#Z4y7M+hOkF#N4TA7_upA{7kTnm9~sz7!YDhAF)pF%?zTs0m*qs_b11feSsGg= z4Y=I$;!BOM?wD?uTzXn_G-2lT%vn@mM`9^>R2HdRg>2=b;%l#u!B@(=5atiq&0Jb= z)t9kC6q;1~lIo)BuB;>X!3hHXSvIdA>wTe*f5`p9h>kNl@~D=ESs1f}eOz*3gX+lj zt*WYS;B%<0)I_>?EX9k-d`~j9n!CD821rik)hmwL}Jbq z$TctKHDWK1bgf*UIOb>>Uz>7vwrlOU^Q7x)vc4W`W*-D7k6Ia#eIK0?hg?^dK{@J% z4G+koWXp>ZBIxS7FITgmUy60KU)2kaKfXVWC&nCXI{s#h_6IEQ3kqsU5SeC%m(tD+5}fv;&JTLyG;XR z`{=e9zkOs3KToEkQ+)=3;y-Slwh(Uh^MhiI;Q4>Zg&oZ`b_JtHP=LfKox+@+d3?Pn zA#+NILtmeYKP2`564x5@xh32l7My5!2KVV<9Jen!GQtD)ap46)V` zwR|S~lt4;Pw z;bW6n`wtbz1*gz#cbh`xPZ(s3d3=dmrhe!u!r3;j43U+KUA`-O+z9Bvf`6bIjR+jQ z;K$E3wJ=u>EY=F7ssroVozdT!vbKEGP8@_$0DfaXFP2FcDPHDNc`A9ZMeG`t^jR`I z*m_9uj;(*P)o&h7gjk%$e9{@c$rDEdy|AO#8W<|gOy@NY!69;wME&LHtf`J(dtVY# z)xk{N$HNUdYh8PW4KUrD5aWK1AkM&DDOXt7ODZ)&6ed}6OyY~nNP5B_UW#|qV~93Z$C-AOJgpYbWR!VCe3aS( zpunf-a&D6EDWee-d2DT9W(uT$pimtlMt(G}<-ylJ$z7gm@)r3lu#ALODQYYno*Ts5 zSVqRZnJNQe1HTu1Dhp{R?Wa_Jf4;EVzQ{>&IHWSst(bo|FZx4(dPdp!Hf~ra;p&wEz=WN7^5j{h=XI+owfIZaB>!VlU*nJlP5Fr#{X_pq^qPEB;rLe_bRD(-A= z&-D=M_wkEc*MIBIJZAw)#yD>d$tH70E1g3jnD33San{1HNtwDrex+u!_p_V4Nw)f- z>Jk=XkR+UQGb6m^(t;s37oY!SpTEy>oWBj_8Qb#ryk7%m7H;ibRHy0_KVPqXX06wv zeYV=va_&`xRY$Dz9u@a{3o{@vm3qVVW#Rk1D*k4()<)|%61~(_@s^*X-nU><{6!r7 zH)S|%G1T;f6mDsPJzOXx2)>eI#k|05?-2WJ7GIZ2Pt9PB#Vc|`^a4QH+PR|e0(kki zeZdTzZQ`ILd+aM%?=I`Cih!$kXY<&$#2{0ZHmi$3rS_m|#HwU@E-)-#)f-|o$N z`l(VA4s{PM;h2UYW@E>+3GqIkkpN7noL$CBgtO{t^)QWJC$W$|* z3%UdCh<&|7sGGllzeY!WI54aVCiYd8*o*)t{Ku!JJnUAwWJ`>EA%D;eovAJR1u(Zr z(n^uCBqWC_J>48|m!qrNXFo8oaOtQvgkPVmF|$coY_|7#zloO?Mb|fCbV3$PTsfcQ z@@Kkcb#@kymxz%mJ8#3=zSmC@xjYDqr~1(5&UR`_dcY_jovY~i{u4bc?WW50BkQBN z#@Rb%C7yhW?51tERD7L;%m>D?)WS_%U%WIh8pJ3>;(%QS$C#Zu*{xZ&sB>wZcD$uH z{Pt?-38LGUtRNmtTNP3ly*cTXVlR9p<*Iea1Mwy=FGu&26#uVP^*HW;1I`U{Kx{eu z@r^mOGd!$GdeSQU=2}CMZ7BNu0&+gbHE??%kY`Ae#6F1YVy2x-mz(UblDi)xF2u(_ z{vsF9qNc{!mJLQkK&FrW)B^5lE3OOAYsexg46xD}>S_pPq{n6zU9}vMwhtH-HdL}u zx2E7b+DmjM5urmm_kzP~m%iuWjG=YTMvN<$LwhcDc#r_}&SI9{{i^%iPv7B1Mwo(> z+7hIcyR)%0$3HZRGg>~#g_3VTpG)7L?&yaI$VXqVI@ zw0X|T2+>eWeGVm)f%4RD2rMj7Hl-}n$yF$a)DGC2YP9$?B;(PiQ zy&SWW^My8QcoH+J6;0E+IYcgNa)Z9FxR#wbtJ4|9L7VC?2_1b=k4((K7OVQ1-c)Hs zB+U|-E0aa|2n?Vprb`88Ypnz`%Y{^<0Zx1*Pi$|Maxs7CLSGl-!m`Ybc@PO^^D~vV zlZYeR@2et;8ynwBk!UQA(J3xUbk)B+H^Vv%_s@Kk@sGqX5459sY1U<#D!>Dh z3sJw&#BM);nCLeo8^TuhHzpibJh&>HORQtmS@i6b!WhthshpwF#3=HRT7A^94@U&; z88ou`cu6f=0e{?jqRL_sPAD15%n}U*q)=q5zL0ccuY`Wfrvh^}+sXUh>9aQ15IVD= zH#^G~MCZ+9T8~-|8%}0Oi2tog2u&Yt9oXx;YNM5LGj_{-0Sd|x=+C0xc#+{r;T6FZ zh*>XZ^o8Ws+Z2*Zmen%BtN$q7K1tiK!9=ao>&V5SPLJsa`mINtrfJ05r-Drs*x7rr zX0{T_M3y*uLas(Hi`&*RurtX9AX`1>Q(faDrZbdq8qa6t4?O&adDph;KWLcKemN^i1|LKha}*MuOw9(9lUu zBC-Wes}pkCvzAGNQZ)2)R${bC&@(ufI3d)mG`+_Kl<_{1wpf*htzRXDw%cY^`b9ot zueB9U76t6Vj;T1~5{`-xr^251B-w*G=DLv5)q7aVqL|>SbE8}2MvR?@-c^tKgiJ4J zI%UdHP;>lnSJFS;l+s)>2xdT>zpYwEk29c6wnYEa&c0T^E=j}mP}X$N&OiYF|Lqdt2l}! z26raZcRu$;m=|FegN}s=98*WLhL2e=@rUG^q`tILqF|Vm+D&vGG zW93&)mCgt-NZ@zLy4i((s?y-lf8e3Y)B|r5ijzWC2DA zo;kKH4j(llC?)p1QA2nTxLbh`&EIEAc)&H@>?^!U#ukJx{;BJKC#Ne7FJ1Be?z)X; zTg7EPir!MSs#CvlC-H#8_5Qey4T&koB5tg1-K;cqqoQWcvVEDyx%9Ut*CBa%(6A&F zkc+^f{$O1DZ^_XxAG-dlv*OU7@ytd)sLNPPJ+`jl4$p*C z(?~wpy#E^Dp~O*)6633j7!e&t^=G{HgLi?4p9P*qK1Td!SoYt6szWTok8NA7K=o%+ zKl}>E+D^˾_D-i^RkP!Ip-Hg-uf{(57>MVxu}v}=`*8zI}d7!L08AX!vMY+hB^ zMn%J8vf3|}NpjvX+&M1C+@=I_iz*>qrJvvB%;fAXNygzCa7^pld(h+Qj`v%7%iVd$ zfSQ^c_Q>7dDPuQ!L<}wvMEx>|Ml54vql3@T%pd&OY!G0CRBGc+_NK?+oPvJvA2$b3(zHD)0f$(5c~*|Zb0 z3gg$?lMbgWY!~Pvhns8zloAVfzOx5X928Xz`d*ZNMdCX9(?)}ia5Ozqm`^I-`SqcG z*qek5n&F=$MJ5|}+YMIl0MbjH9bMM$OK*#u>i#vQaakNcl$bh_H$(>STz?-BIEt@o z&`mN=HZ-^^1S;n3tKV;9vnc!P!ftXspfDgd?=0!gkvcnIX>403=Y$CDyp%TQ30Zd> z8vk=yVST>}Uh7Xc25ZqF)ls%VTAAfZPN?K_d_a5l_k&)eD*vGbnS{GSwWPH_rrywc zoxch8vkUpq`^kW_sQm6YKuzW3AJEHv87*gdPLWeTy=wfWOU( zyRoYdHq;!}c2C0Ag8~Io;qK-Lwzg+tH~}&664e45f#wttZT@YM4vRWt&E?{a{AVuQ(rPq*%@B55%&{HjYp8+`^bKE zr?kc|Up)$Cb4?(o?y=2WI?maozlc>A`x`E}I-sBb7EVNl#qf+iu0HCy;6eTnl#k9< z<`FLI%jvJ(NG}3hYtdn>nlHb2 zZcoLi6q+5a$4juIeDK(SDOm19i%tr5upUj%#WN4~EmN zP{u{x7puHqKu%tDx(F|PyhJF=A3jPul(rKN=QYYdwfWkl;158i%oG&7%gvkh>T20I z@HKAR7-;-Ga-_O>glaAvKd(A^s~T+LHZ)o{@IcXWiIu&G8S1yCVpEu944(~qiGq0b z+qZ?A>%P9ytz6En%M%q%e%vTK)_z7|?cP=UU{@@iUGD)-TRX;K=1MRreN}Vxq5J0C z@A3LC-`eqqwPPu6ucIrV?AYV?O^EV~d0WTOKk9Lz_#rJS;!dOYzn=1>GYOxY`N{!$ zNcnUOBL|b;(1tl}x1np)fEQWgtV|n0`e7wgQH&R`iG}`6=O3{5vdYVF=a-2k_c4f7 z8)n=SHt6Z3f$e4X6sV$<8ZD$G=_KoR0Ha40LGjM5X=)Y8yse89Nly1DgDfB1;Xk)M zL1^Kmbbv3*P+|(b2vae>-HuX2R-As`D$?51z5A_jpvY8B5G2vqtaW!jMwJK2o0t8B z`d{*is2*$%D_q99s76lsGR#Unx72;Nz4xrtfR3E;dr^#4+P3CggG1M;OJ>aXq@K`W z_=(A--~%_$)GD*iKnE9vOb#~xoZS6rNha^F7T<;A+4d|I$tOeAr#{o^svBr@JM8zftGBkLT# zzh`4{Nf~XF3*`QQDU>~DPpN_8|2Kxk%zW+B&~ei`&Y_HYJx|d3$?-D7MsI`2D=&5U zU^WNR!SMj*;tKyDhjLKak?k!TJmJ>r;cS32Ei`-jUuVgApMwNo^T^a#>|^0`LP>X& zd;^O&2Z4|tmzdNv|J`KF!E%yQU1MA!$@k$1N5UXdQNqOYgW+z}B(_r*^i5&Zf&Om} za;f!?bh-K!WcuuR6dz1WyrLBB$?biyuaDqSbCOrSmJ4={*<3~Go66%$_Yb&t2+36a zI@_e>pnq;vgEd+mZL`R^0$8{v<~3!?qD5jv^@Q3KrD#Y6VqthLRBdO8VG4I6o=r1N zS7Gt83a5Bd{w9eJm>`a9$G{W<^HnG$QJu<2=yEH}KZ5-)Ean#8FL!r|U%K#x?gsNo zgqJK>F8l4p|tm^b^Cf`L}D?%6W&#*$(tKC=zy?zx`2)11a%j*FYJ?6jw{ z!VbwyEv<#!az-&T46Wt*7>_qzR*8~WGm!opxA)a9){lu|O{f1V*C(PVHQ7!&D9KbG z;UhUDo_K?sUx~<9n$#wx)>#(B34f<9vrrcxt-)~<$s^Vzm>hB{5i$Zu+w&R<`c*K9 z`&n;p%sBApwC$6xG!8qpGuSX{o3V@`@hcUL2EF!Se(wFd+0D*zaBuJ`n5!YQ9u2;% zM8fk9_eOQJTP$Kqpc3>5V8cWBjB~WlQPEw@&^D9h{{SxIF6rB^Ady8y^YmN3DiENCCVY z>B-XJr>=)lN62YSEHf53r`J0x@S|2PDEK;Jv|YzK&i+|PU;2d}j%MVg^9umu)oS`X zQE5M2th_Ymn+TJk(zw|Pc>5-E+2{DP(d-oglx~T_ zC&Im8Y$$6n;RM|`w>ESJs{nG6xYo&PZWoT}C#xc`z0)We@QRI#6MT}k6X5wz&AbK(%M9Qa zDN`0PpsYZTOV&buzAavlCrL-8m&o8MDx48SLIG4O=MLfmg1+%YdTs|R* z%q13PJ?NDP^d0*xKX;}t4xDMUepekl=* z=1g$A{&`9~WK0o`iP&d0w;PG*cW`#NKF;>p8Nsgm@R+WWudu??*!u%M3s2@F9U{;b z!Cg-Axg!-bn;Bb#7-2mO$>G+ad&;~4?`VBQJ&5ke?e1cJYzv(VZ|dLf^0zRNoV@KZ zUPO31m_9FRzjGWE-uq+vNM!?}HicuH9%p2vxU4*-Cn3awfNqGopWqn(Et@>P;k`6) zO+3=L5~UB?R+2i}&es3X$Ob2|#ExfOoA;>tFhrL59^!86y@2kED<>)X?!?UuLCIBu z*a!E5{AmCx@M9rQ0an(SwvZ@g65Nd%VLMHIIo)V>z_wd-!-gAK>}4D!aKzbRH@Z%}><@ zl1|f75CDx5U)1>PA<$s9d9tC3zGOovXO8CCY;NCD z%lX&Gmg<=|sXZI40Qu!xyGYCc|M}i!6TZJrLg~P&p8L=WEh7M7iiVC7RdU_d*n||v z5FCcb2J4P@dakQ8{-cFn*l}f6Y6*Sr8h$YORh1YqLe0b-{?yt(raCrS1pIMz)O)eq zF=^hk1Xb=Z(R~ReVqqv9A?e-VUZSq*lt{B?lTXvJKc!B1qc^y{UKN}f|c3ud5iR3j2Q~GG`icX&&yJviVwA)x0TTh4pz+{&V-Gf1_oCXgC zgrDxI4@TCo5SekZ0+S2jZ?=Bm%PYs!|66^^`d{kPzs$@m|KY0s{-ys6w{{#~60LNyJlg z3%z3yxxWrAfE@lr>Z$AiOnhj~d@eaZc6TD9!&_TwzDY|H6A?p`b5Wp&<}^|>Ah-2S zEr6xKTfWuV|J$DW|Awp4y*^6A{zAaBjde~RDVo5BN7qKjP$0gbaLs6ZWURG8Aqgb2 zr~q(qv$6j`O4)$3zJ--P(fuHAZ?*we)mDElu6LGuaMn1!3@nZH0PP)F9PaC!>cLdk zH~;`C=fkP5x38rD7|AAfgc!kD5mvV+7bchcCb6Yn$s8Dc8&ffRVKjGpCL9`Uo1C0o z4D1@5UbP4>Y*=?`CE3*^e6ex-WUj5ndL9xQoj}!nH?9ZXYsS_&{W>#0zhNsav#6`Q z(e=*uCd-cuFZKZw6Fyl%sRiDN8o=6tTh~@sUEhA|Q*?mYjsD=L77uAWlU-hk=N)}p zP(bf#d=p>PRtR0+DpZ6|__3L(Nn{9HmnQ(Q*RQHqoxs6qxZ1`hTkuriDyyv6Z&&aL zKjokP-Mx-=cVL*+-i{GC-H)%A9UGC|r+N@}_Set6A4VNzNNEaCC-z|B z-I2*5Fx}%_W8m5!?Z4W$DZW2W1?I*dH%#C4Ne=ZufUiGEG_BGn9zyR+#>(A+r&!Ta3 zGaSzksc*{i0FEbs1pX}s+m}u`+^vpi1xRD#lkM;LYIYaKTY^w_HO|kLsAlW==50Pn zB@Gwo3?HkBo7gD2Or1Xh5A}>UXIOPs<#*@i0;fESc)S< z!1_-wee6vx07exRMm*x%*uK!;XN2n(mdt(Om4wkXvIA-hkOtVj2Le#WS1H^g1!S#9s0r7zLojn_XJQL;|;~@rF_yEoB-2J`VLqHto-YPK<2A-4G$zL_ZiTO znD~uv3v$E@fz5x^6B+~DTmB91=VkuMuL+<$#S5Vsw~Pl8UGfF)cX0N}zw6rWgTR)( z?SsghYW587mv-!fkZN|PGYGq^=8N46{23D%anUk3cNg<@Gghzu4cdnT^nC{~eWzpb zqyq%r%6D5iwQ2e7`1@)iz+VNviS|CF@0)Gu9X=-*TV<7f@K=Y==|-Qh*1u7~B7gX- zr*~!_Wc4q5Kz;V@eu@LQG=IXuNL7D8`@VmOCqZ!oqhcChXV2)sRG(EmS!|D-efVt` zu73P?r#U`B`>cK{6mA)#pXg?KBtgHzV2}NG+I-6T+BkpY1FW+8Zn(+7bC+_e9qN8G z&fj?lc0o*zU>revcE0oPKZzPZzc47#ThXWCaIJlYKqNK4CvRBq0ouPDE`GE~qIU#h zIcMiL_k8U44&Mu2dCzWtG#+~NpLYhnESN5LWq!tjK3IX=znP(|>9=4%!{2P)cPY29 zzqQ$%oo(ZMfP8bdDz90pdwZVIHicd2W_7@H@o;_kZ$G(y?|!iBd!4(s=|uWO!T7aCsWws-T#P0$binD;ej2a7M4br#6X4A+q0kFg5gvYiT< z$mLKc=bdx1vC0WDcf(G+Mac*-rYDq_mGWrtMU?8e7~SxB^J0d@oYB2WPXS%j?afB~ z(mLK(jug^TiOWVDTFEUKSw!?8CYTtacq+57&pU6&s|EOmppV}trEJ20WTnhQ;W(vGj-m(FGaUc(4PAJr9R;s zI)S0Xwo)mxipf9JAJ}P4&F6D6G+sH}BgyTnF82xmdX9qutDIvw6B@QsniNX578}y} zbz8g+>%ihK9hHMC9M+8}>`bOuVWeb zk#k2`;Y6sgVA7_w&y65c$$JsSwfNpDQcQKh+q0fWXUE}KM45n0d~mg^xEbFb-)YxR z{9L}F-LEejOTHa)k&GYxE|b*3ia@UR$HIUh-bTEvW=?1FQla=5d z&3L$lqFdVL-v_%QRX@0mN*!WKfi(1*0k|G{*hTX|j`5t2g5ap4gF=?kYRRN}Z85G^iR+ zi`6P{@h$=iq%x;awx@?MG7^_z4N{#cv(k7rqHx=h=49h<1Gu4nrg%bdkZ+TKOqj`v zt9_S86b9wJb^-{rkJLE`gbjh6Guz;cgMTwibxQ0-_Z0o9pgacide+@iVR>T(EA_p! zPb-q6vV5Z*DtxogZ+HD9x1J*TP|Mlp8RtCjJaivfY;S+ln>%jiLBOvWQo}Ff7hS~9Xefn7d~u!~X}pYas)ZUkD)MJP(p3RgL*ZV6 zXU1TtBO%l_W4K1uUoSl^Gyt;lfEYf|`Jovy1!K{c@CRF2@wO?pa#6tim9{=whdP(R zGS9IE_fZ!@uCt0&)+Qg@p*lLRQ;Hh$c)znm@XTcGya48FJ8q9Ol(R?b?h5)&tzs`I z>8&s4vt<+583?3fEZ;RjqsXJ9O;`vM5;hg`uwBEkpNCER~BB7)9bQDM8SRY zg$*w#!YK%O&PQi{^houy5>^iz_bm_<EU8tRXaWiq$dZ%hPTI*^JH8 zkJOnda7a-y@Lmrudn5Mx$O)i~$z1J^Up{ina1go``@@{2mQ{4*jTXiaLEna6dtnx< z!3>VQEXz22)PpxCr7A$9?B#5DHrfu3ot{;OM7voCMN%|8&WEsuW4EXxGKvysb^1ar zjhDZXEBzFk|ILi-wwQ5K`}KtLX`y`5{wO;B0$RZef{Ni6g`%HJf0PzM9FcOXUB(r@ z>cLAD)*GzSMm}w20+S{Zi2&0eStvaZ?~||`lCf+L>30SWauy@GLtTms)HgnfA@b$h z8WYZB6ngxijA9N>(U(eg?s(_Sa8`@)HTxk%KINt8Tjd(U{K+9+2D{g2>3j>#Y*Hdx zu_4%F&I(K}PKEY{Cz(OvP9K3jyW*yb!t*%v3V{8vW`dv8ZMv*~CE)|DTgW5AEs$OwG=Z®cJ;^V-pd>T?lQ>;=Q>%vyx5? zx8TEdoNs}Y_%z*wP+s+oWjvmG0{87Sa=*S52F_&N=Kf5aQkL0p4r zsVXxiH6?pSvlNb}XVQaV-iR0C-g27_?2dJ~f`knZx!8``aR#rq#N|9(w1ew`uGT_A zmnF|XoDPw>cAY!!rw`TvyqOncP4mlFCj&oUiEkS8tNrEqI(@$QjJmHHAl8XiDKe&= zL0pj6^ZqVEKR2WyY#o6Dw#f!4mBZ3~|8O~3qp@mJ5)5r`b9Uhk^mW5JVT*k{88|MU z*qbB7gCeDL+CUTpml(y72*v%uK?o6UqWGPv88(#JYv!%9D_W*`8fm^$YT2vcd1v%m zP$~dz2s=hqD@3alV=ja#htS^$_BHt3YsfI7=fqxs@U2$!&!L;on!1At`a@~;sE8d} zh9Sc)<)Z2#{mc8PDWEMK9fv#^65?vCSoBg20lZxCzgW;~MX0~`99U>>Zpiv)R%7@W zHFlCqku}$32l{b`>6PB%NoMU|cFqWo!BQ|od7vKefm@DAGXY2Q0e6NTVfT9qs<)A6 zSvO(_Ot46$UCu-^SnjD;2^tW`pY#ODa2<^=hhv-G>tMa_LktYfV;UPL?PeGb92xV! zLmXo9s}|QD^1+!imArzo`ta5jz%zyr^u7U`e*Ql)994D|ZJ%HRbsCC_16gq6t(N3NR;j>g3Vn^SZR z&cmQqG^e|s)O`$(`(jBZ2#_qy=0m_@PJtb`#{HbzJ~n>bTSP z`bN)05R(thwM6{N*Lc;jq=f`cg;3FSI{MSbr~(~51rx)wORSKB=M`Zxxf3*2?F%T^ zoyEpZSc!8F&kN4nM{81SMg^XvT(bok8Vna!%a@!b3r=3FEpgN5hWm*?G&QL)A(6MF zN+@OCbT=D{UScypdRdx4D)GN3<6KBkF^ z%3VA zVxlVCCHmAp3{7mm&;H$#3IoE0+>3Tm!IYO>6dfSH<>Er8?0Vk@B-3)>? zZ+;z4FxmuD4*(rqDtn7^wKXNe!}c;iwaS1f;1Y$qbhmN*5ns#p0Dih)rAd zO|+$7pqVo-Mb2>FQ#&-}oxt}y_HL*p-HA`~BV<~Ws>}Y6s*K1~^mRd$YEjB=TtP+`*a4^x9GM?8BsjsNok2(f>SB*B!wT`EJNMC5U!05-eTBVo8(l z3uD@LVr0vv?rRoqQ|3-F5`yr8;t*>O z;o#n3)X)|P#q@zTq|j6~Vi=QVGn6uX7#SMCw7Y5psF>1VmC9mj0A`LD&VuSb*+Jlk zSxv`dya_;}#GQ73^UvS#lfI5vg#KvZ)g8fgZZCh6U)%y~!6r2Jx*jPguHi#KLxkAq zY8zeGvSY7(KiIXVnDEQ+3{^Wjy{2mFcj#Y*n)4}op>$Od(z?cUX$Ju5tcLWB*oSd? zGfYz`isghFU#R)$d@)p4zcX=GF93HI{%dVOLy@2uOiL55iY=UGx>AJv>#L(Bbmq+8 z{X4#_T97M zvLdCL9*X5Z?55U!!`7am0?ijp>cY>cdWKxln}^-(>b5^#UxPy(gEVi-GoFp_x&=y< z#OEZhP>-k_kXUiL*N%Dgu>L0V&pJEj?$g2v6_E9ajFaV<0jYNLL)&UX!q{xSj`&zf z+nR#|Z32yn3RS7JQtW4MYgMWC@0@&Y@yn^rb7Sm>+&vqgQgs`zi9XyF>zwYFFLeMi z<QYOwTGwumyjGxwbocFw{U0jZi>Uxg{_tW&O&!{r#k;qG6dsTSZf+|sMLE|j`f{{ zW%{yW)Bp(IxNGOp354YRL?Z zvsDcWusqURahLnMuQG;T?Jh;+tpJSaU#F6bPNG6e zu{~;78KVjlS+Qs&e1bU?;nqN4dVqXFi3jSXex*Yl8MiNTYA+LwO;P57X~=EQ4blqc z1@X|^+bHO8UedRsN>UxR)1(7^T8*}sA$yUu)HacNAa|}m>0@x_R6K%`%DlXjMS#_> z_GmM)cWMARBg6BjyKjaGAifPK;v^hQ*N9xR8pB}HJs{-N9=}TQrl)5e86?3Jh+r(r z2j6l_5Rc&A)dQnHN!~StSiTZv}EWtqI z@me|S(%2+pAp>LLZBz$G{IcJfI8BtVG~HX~?$$Y+o(x}T90-b;ErBZT2Ur;Xo36dE z=%3J3Lu8FgXqCOQ4ju)Y!$VKJH_clS^-cbdr3K1F^Xya|egaUQaF{m9oWS{2Mn@e_ zJtpI7ki?Zq;zYUx`bqDC=e4p)Sy7swo8FNRR%55rKJ3)~&l9O_(wK21x*@Hm;hz_& zHgX{TC$*eLZ!NI=O*AqR={qRA1$Z>A;t39tL%yaYrHDHP+*fgtQs_GSR$eMt7_F_2 zt7H)F^@oWwZ4x!qWD{vYn=Tn1-oN^ENv9GxDaHCQ4cOngr`hKPhOs(xyTTX0U#dbF ze=UT&NrRuHC`%1#BSloN@)P6jNs<$2`S0?^h2qhtmO1W>J1n6z_awX`6$o>J8bX32>qv{&%T3`OO_LGIN!p*6+fCaFL+x;uC^d}%aeX!Yz>zk*s za?b(ci7jDyHXA=xjI_27iHQ7u=SKk!mSRo`oVflPXi%aWKVILAo<@?Ro{y5Irn7u- zsT7G;5!eHGbGQiD8zK!vEeT4fE1y!hSf)#O{-meW12-is*X(zpl&WENOWITEB}~z2H}Pr)QaL@7=r@a? z;w3E}#B3#3CY_@v;)q2h5AN2K*^Sa`Xw4A%uVpi9*#!Am!DntJ)>7yJT{<5Lb%X%% zwB|^-jb^U#+lG4en9ZQe&DSLqx0cZ2Ub;Eqvwxr5M=FM{uv^*8%`*Z@k5?=i91pgA zS(?f^g(Mo5`zoqvSWJ1RQOvp}X=D9aoj}=Xu|!Wv8b!7x#P~JlHgQj}21|N=(%oGS ztR|T_jKN}45!XH1+K=A08N&yX;OU0$FN47X7Dun53umOvuwC#8h{7xBBfD{eEX1<# z8ya1R-bjDuSlj|J5x=$jXYfbRd|5XP#m-tnBW%aZnl3qAdG_mwvW!5vn-x*KtJ>vR zBn0D6I=&J0}qA?UX~XAd=o9Op)S& z8ewccS&W)`))zfWb5P+s0KTAgSbuI~efzzKZlW+(<%fXyl~H$aI3+xW*klh*W|(5x z-*=Emr?Hq+o2f~8$4oG)S$5-;5;S+!u<4LNxVH*E2D}_@>J4&mCs8&Wyu$jc&a$iB z2(S}gE{zoMUqXaBO<{7R=6*oE->Fw?%qxYEdRg9fgIVEdWvj4nX|K%5BB~==-XJVlogq;(%){ z5aV8dx=h`0wfUoKlxh%+mMO3H&pEL7z~W@;BE`slVkM;wyf@7nT^CLk;<5V~A~i+P zAZS6P-W|L~+oCFh$O$%+fVqyhHRyL>Gs8E3vlqRy=1aA0=r7JaQ$M(7!4Zkl|J?T+ ziyhc|lm2_`_T=z`##eOU^uDTm?3u1}7hXEu7miulq)Fe%DPX=-166LWAsR{+G~#GC z#+*<-yep{Di@_it^OGC&FkLAOjUV%6sqXF8S$Q=FGqQ?2%{7 ze6+VdEDe7t+Ndub_JAz}Kze56B=heSKX{Ide zEu6Ck9JT9;;wfQg-*?610P%C;*>Q#p(g3(fo(;dG2Xqx;_xL%3__Z4#E*c|j6{0?qs3;vS2j=BQ2n0;y@g-d(kvTJ)W->`X4mkb6hkbP|0rxv z>KiJQ_%pU`%EbBGqPR9lbGGJ}AO~(a_5ss4~L4g!77_e_K^7QSz6lOubA~SsA{0G9&depXMp5I9v__dl#oBP&?JYM`Z@2 zjck@KW$K;VP1eJuY%BOO7M29CJ7h5FOc@5IAPOPuI&A!{vg*ZtY7iCX$Gh*`7uKwU$2d!vHA(Gv*DPDUt z8G$JY@6+n+19Zz_<B|GB7Uh z86<&WuLaloP*W+y+JG?HDv_tDHq#b_Dkvl)tPQzLFm`B)W;nQBp9e##*}Cp3Ug(5o zskFi3mj8C!6!1ZUCK$7`!|hB1vn9Z}8JI=z1B4b;&tFn**4#y?{<+IH;~Ag_C4LZ< z$ZY!l(8*K-Zk%k4i6MAg=v27-8_1M2E~pFgJ5Zd|r(rFr#)k54|8xo99c_(@u1uzq zfxrmyu?p$RBz#psOJJLgb0+G!Ms#s4T1Y2hxnGMxxlA}`z(wHUzCE$9uuJ$N9_7va zW5+Q`YqjYK#k1|v{;z}l3_p=0cRL^LjFbl!CCJ!R!bAM*A7$GaT~3YLBKCux4ay<^4DI6D@UI2NU|eUgCPsy34nxuowjrWvs7zI7V4Z88R1G74gp*V z2PtYc9F&kHFW#8pXjU08f;MB%NnNLVTB7+o3h zpSCWv%krB)cI61mT$_xt*6bS!Vd35@HMFwsiI*xZzay!LevVYZYqPa7UPis@Hch>W zW1m%};2l4$H0AiZ+043P*dn&DGFS~oNIm`%JbZ8364wusG4qI;cbr#smfTn2C{I#8 z&lZWq`RfTr4KmW^J7}2>gx>n)wVqZTz8kW9_+1}uni47m8k7d z3Ywx;t^f8WG@e)4_~h?Ta`4 zOQ{e*6|JUZ%%0LuLXC6_Z7$HtBN+bV8FUdz+31G5%o8<@b&G4Q8FSm@jNS8+=Jx5? zSO*b0XotMB%=jaa_?4IS=y6wn5zXqPo;a1)3y$#;o9KhJI!esLz-ID9iQY=SAYtq@= z&_?r-N`uie886rE6s?rE{7ZJrpF>q+V87Fkw(L*^i@%Cm2-y_Zgu+XgMF0dh>kG<> z(O5(sjJtZ~SG9{wFbp*t>FJgW*~>J<9G{82K|VItZ1){3l78NmP~-3N`5sl)QB*6* zRw$J&@=S86q#5CWsADKaHZJTGj1mw!cIUf)(u-Vb3yO0$-zi>}WOK!bFxg>}Nf3#L z@4Pd_xcn6IpJ#Nt$?&DD#Da5EdyKD_o4f>{2kBb#`zni)eii>mq$h-#6 zptm{Ab>7E6QhgSZV;i2@ex)-{VkJyD6j7cX{Ici9;>+}?%b>ty=bL}_O|n?x8(ElX zQf^p(>wa|X^Jy-PFF`NY(S*MQ!`JBK){2kJ`;uR9|BRu>h&RP|8Xi&yyo+g_NK@Zk zC7(=>wNBG6X$J=Pwu7j8r*Nc-ZcWy`9Tct0v`Ys3cZPL;D${QF#u(v~v~g0&4%{L- zlaFFsg1*Aef!+CO$7oK^jM)Vg?@`XFMtg0kKS`DkNGW6S^3*>J6%geO?_)*S&z=B= zH&pD0@btw!(S2Q`y!8FlRT>F@=dK!nTe8{{b=lx}-TJE4!saImi3mOCFbvK_ZXx5uTg^ zG>Q&K2^~K|>T;K=CF(3_D#u&>UU0d_TMDwP@<`<17;;QEFjg%_r)d;_a$7%b7W*_T zOvJ(A626Q-UfE@-QSyTDo}P;fZ*0jgs{qe%wf2$NTipa=r?>9DqT)MMAeXlsbz8$B zPEN=+s~2fCo)6LcVF<|j`(d@cHNELZw=eO>#iHTe*E^bT8$i5C=kw;V9W#zLNst1- z+#YuU&`wO%F>s_KMzXX#h!=!5t$nqqYg$26E-M3Ka~11z{sfJSqlTPQ04qa`5!d_v zpk-X$cq^AQ5F;qKJ)4pue(vgOrj%IGU}5zxpWg|43x8GP{4aMlCSmDGD)P>3{wZDR z*Cs+ccyZ@=)eQ6JxdQvC!IHrr%!|TY^kHWI)|w>`3TG7IC<3L^w#3h7!Rgyg=crCs z04QQSm?r`Apl0Td9ISBe0oy6gSSEv|n}@gPgCfR?3s z&J_clumUqC4U;E1k&=AjEL`+bAZMqNbPEARCMnXhzYIzJu(7y$wYNyL=T~KIUpVVh z9wn+lP{B#PvI}RAe+#5YUQuo)!JkFEcnnzS5E6n{B#0ApeiW1@zrj3dTD0pNClp>R z9>=0ry!3o1a27HzGd73TX5Od?img95phEVqDVz^r`2_aUE1nWvs)$NN96Xwp}=!=Kw%E&vC_5YvuWykupXOC>nANFj(-^L#kpS@ zJ*MIVNfNgAlRQID1`v1q zwawb;P&U;Yg&+@Q2<9V1v%8p;339)}Xu&7OzuU6HlG5tw;x_TWHEkf<&yMaM2qw9&>HKqU~Bk_F#2lxTz>>mR_c0 zZ7pU$q+t^^^hDx6DVNaZE8nr`8{AC<*A9`$jaYY0ce!>AuVPlAo4IR!lsKy|cgu;) z-p8p0bLPRs|I{ooJt|oH9NSdP_%EDtcFDE?sT|9j{J-EuuI_X4>vmS1`@r*l4bv?pDxRpb} z6cskV<2Vi6Kvby^+8SF_q8f)F>Ci-Ydq!dc33u0oL+`qVRENG*Bi6N8^a4Nl7YgD= zA(XyXsGYgX=gUaH%Q;LAiV4kNrN&%fp^Cu0yDG*x9>|WX4k7OSF#B~Srqo(JXK;wf z7lc#f3YJf@C1Ee)R6pir%iHShbX>00xqIg-8l(`N*tJd}L<^~o2pR3VGY1*UiyL~r z$#bHrDYg_AbV5g$Gc@Lk4u(j8Dk!%@ObD7JFuWICLo$^0?~mC@FDrIDTNKAvz+KHQ zP|t+*m0Nj#bMrwG9H~o`QR*i_9hnGPk9Xi#@EJ-7^t=S5?B$P4qgz_`O2!xLZVaWn zq(AaK$92m9;)Wp<4-154Hw*0Xg9!rh;2=o<42)d7n2Q$1xL%=E*V{vLeSHDi*LTZ@GG-B*pheX;D5ycJs#HFNL_)a2-&&iEves*X_< z;u}kCaYWqLdeTz(gH5Ja`&Ej{eAuxlvNSSTREtSF)Ja|12O?Z>TCwHj{er?pk?B$d z2TS#hn(A}P!39(^MC#vGSkCu>oV6BV##E#c^&_y9sU~TVFQuLJ2e(NaJwn>%aK>02 z@1>soU~TUwFFN(VL)u-3GJaP~My)l2nRa*F9?4c-CCkW2?~+{FLY03aP8AX5I%~4f zLkq@k)fRLP$ma@-3?SBxswBHbeAF=2#ELmo(Rny|FtnPR+yzYG=d*9jgr&}_4i{Zy zMrL_xJBr^Bg>*WNU)b>lL94R(+4GkZd&p_OxCZqFmcr}fT87SQ?OxwLa)l8-D0|G? zg0~e}H-yJl9J`AN1|3H_;Gm429hH_E&tmj9u&i;(1r_EAI=9J^Rznyu-5qquQZ)k7 z*QBJT6A+juF?Tt(9d=+KZjDg>p~|`oI{vi6EYq>95bd=*Rg!*xbE~wSlTMg*c4~ko z)XqftP3<~>9p`?txp31Q>7kGPn}Sz?OILvQA6dhr&^tj-Ful2ges2QM*h;iNVaN0Z zs%{aI6x|@jCpkOxMSae-#R-W*p#$t$mBBFomlwk;;iaxUC_GoZr9ARZu-J&6cr;1x zmYxWMMJd0>C|bj$hc(amhG3D4kF{}QXCxZMC_e)JkgVpQzkl5ZDa(g{x6>g}Cx zUhd%w>tuB)aCNB+2+qE5dZt_p<9jAp-8E1+NPetNyd6r`dWP_nn2-&hCNDeWPG}E6 z3*!Vj<{-xjedkPR5}9wWSJv+tBlx=}vnxYCk7hhFRk^inc+fz7DAmhLCdbOpgyj+B zeYi!@?D+kFZg8qBh^)0;CnEE#4N(`zaXGEOHDv~-Ju4cPeZt6X2T)iHsqI$WNfFOe z&9b=|mtVzhsXe+s|B{urN3N8IP!8r<#4S4(9(@V8IH$qR5$qqO((nL7Hi7Few)`SG z{z(YKxpyGC4#2B` zIH{5TjpK3pvcta@-7P$3GJGHcN55F0+tTjg9${4N7kDa9tWWTdw+G<;BkGaly!KK+4ZYRSP_jgYlhcldF7zl? z*j$Yr44#ejGfI6ma9_@Nn%6{J2BbA4zV_o)lL1EMEZ$&?`n_ik^`H5jotFyk{(g#} zF8z9uBUK=AsbN^CUgCTnDzb*N8?L5$Xq(o$S&zEVyF2_Gd+@40;&NK$^O6o*5=b<0 zU_*+fuxnQ)0lnK#CoGJ5zH@H+kpk~Yk8v#C4VQt%FV zeFWZTT^PPfG+(Psv-&7uxx{eAT09#|3NL0+)6A7Vz-HKfGr^;C^#mX0FR+*vz~vnT4DY!(OdBY;_g1!h~+n`0&rVY`cj}3su)4Hb^)dT#Y z!&q^jeXRtQ4E;Z5jmn#yI`L{?&`CgIA|>`@4xufSe6@d#n(+z zO5Vr~{W-B^Lw#_Uh-ptvOoW7814 znj*B8c{_hpvIkL0C6uFgy(-AOyHSQw>7mB)p<{+X^e+89F7!XJ)FAwiM`jkm@g9by z9qvN~a`yOq6f)8foO#-LB+gsBJ_OWDd28Ob#y`SP9*ZW5?zj(#{7Rj*yu18B^8$k9!fWTyT?jwomA>AE0*bZ(I6rn-)ng>=d^U z9|2Wu(pE~4;vg7pYmc{UJZ`2xZB?K`qGjj2(PWG*q8}ik7Ar<;JiXI9ughwKd!j4H z_5%6KBKy~nF zSsY+YQsCzu@8@LaxB%>X!DbFQBwU^GS&*O!UPY4>wI5C<(8IM*|0o`Dr6UOEZhNJ& z)6;9CbN~KZ9aQMW(P|+nDNM4+$wqI5^l}CJ36}jyL$-L(m?%P$6>hy-R4@={1@!M0 z3fMl9MFYda^P%&}+B+y9h1>RA>^E&)8c21B)FiieQ0-w&f&>}b(8~Q{UBJe4BGl>D zNU=4>Q#w;tz!Bh&)AU4)>r#HZQ=9Fu5TFFR))KINJ5rjW*75|)r(!@_7Gqp+r4Z>x zv@V?Sq<>od_e?FR4`L-XoUZy4KnCN}^EX*F7^R~~}grwgnw;xTdJ zI)sOnwKQj@jWtg=Ije*{hW~E1Dbn*)i#UgS5^r*BFS89bk^!-u?3d`?T4b?`{(X9M zK~^M!L^(o?7fq87kGBm!zhVLSmj!7LbP+vjxyh8_qG{>ak1NOBLIT}>?wOH=BMzT^ z_1{Anmbe2KL`J37x-kRpW}Q68=-EQ~0_o`X)n6DzvNmRf*RRmhwv#D-nz57{Pq9FY z!!Wj2uD+c_$S=17?N!%`btHcl1`Ix}c^xv+xmZ&clm<^)mg&Z8*k8~M{7K-rji+`r z-JyniebeEC#htr86}U&(M)ATT@`!#4)cvKQn`uMS-vl>fEYhnN+SkBsc3}Z>-yqLZ zh*N63zfU2$6Xr^-9HT@fkJC!p)cM83k@oron}sD~6RZ!%W#^$~7VCXor2+SP#x`Gu z%^+96J25nPHhZ6i*(GngJdHU6_%si?vU$NeJ8gqSEzJ@IuI#)<0LVhfj*ys4@F_fr zoxPH=I%gHjXYeD5y|LJ0r8ID>{|eOe_pL%1fpTuNLGecvuOQ z`z$sBFAry&Oke8*+0S~IfjBzJV+VhS6eC0mUe5Uo0rdjj7iMK`aHe8k7UNT)f?)B=F8wuP@LeZOI=|bVf~r8)U!o>$KB61<=@s zw3s&|+uy`;529vx;;Y3l79MN1A7XLd2Wv5C)RS;au%ZNJkpLl0EN+b`C|8U_*X-#y zI!h9rAS~0V0!&kH4K4NcWz^a*TgztoqN)CCJhy_W7d@{gggXd&uSWho_n^ z%T^8CzJo|KGx=aK2$|Z~xR0n>THG!DnJzf(8$dOt36mK;E`SYk=U;lU!eu_TravdI zq6ZzHy#>x)qyl*_+(R8#s7M7GC|r$gIU#-K;5f4%|01OhwNIKK!2&Z|koum6VkcSTW0C)L*~oWLEpMMGluJ#@l-0joQjQT@A}xmV zhf}`2dI;8B>_~t2hmn7p2_itHe%QCkx+RJsI6DUQVFEojO&-FLCmD_db9{dchYQ}Y zn$##N^lXga{8J**f)mTF=`M5n3}j}^&1P$;Hywnb!kA~5wx9!PPH1n ztL1yN9a+nV@L?4HEQoamETt)+mTs5zZ3R!vz~8t}$b+T)kVMxxwlc1;R{pOOkXM5< zUDoAc#?Y{=fnKKNKE>~v1ZX?j=<(rm-FgX^8P{&=F;AHl5s}rCsiUYso$iZ@-1)); z4iIwAs{l_zIE6gc({zI!6o>+=DDvwAs)D_RY}mk?R^W&xOr>bSKy4V{7jCt+;(P}C zgv{!CgYbF!T&KKQ&dl+zg(fQV>#-~vMcG8aWvR%Kt;2+IH9xI57d|PJxy1?W3FkPn z=B8$NSuo`4X`-Pr-GNFQL7ipp%}{L8a1o;@Ks;exnL*1pFAQ#)MY1-36oj+~d)1I; zChK~A7#o_`vmI2r%w(xRgwRyIdWI=9$kx3j*wb`jnzvAcdz2n;fU=tEo60pPHb~#rvO3(uER;)r z+uPy-cJki$*PVSKOdV9A1KRwDN&clyxh?H27mbfQdYj;F53w1<#UCxB?VD!$;2ib1 zKhmm}d1=fDI&AR6U*}sYO7`8L5BSW?9I}k9W)hcU4)eBU@+EX#?QX-q5(}y_dIJe+ zek#Ut@N2{8a_epnJ|lyZ+j71~Jlb>HJrmSBufiaDrj*D#B&yf$hZfJJz*O;lJ7*5n z_xzw@z#7|MFcH#@H&}7MH8bqVwI*WtbszX~?)sUi2X1porgoIfGj8>~yI;s!#T zl_BXbsfz|5YM(6)v=)p2?pfn>$J(MF{1qn9>FYp>2$Vg0DD;JpaCn0mCU|q~kZ%Fh zW8Q~v2wo-xO>D=5fo^lPS^py_QAI#WHS?+@nFVEGuWW#wT|`GNjutxFYVtnAqa92H z0fBHHE(n#i*vIj_5CCE_X!S{*%pVyef#o4!Ho(MWd#g4FNH8O!Ct-@wx_Df}%bt

    #-Q)Qd~0k!|-IzD88Bl zj8oGUFWaKYu;<}6`F#yxqKwjx7ItUVY3LT-T!#}`;sgM+GW`JjnXW{5D&$75I6O=&kw;qXsFQW7A7qeWkshE>Bhx7PY|bV>sg1_TZfi1c)J7(jvzy8CQvGyAZRbp-)2mG~L!@$`K|C zjp4zD*I~i#39%4`Gd=97)!jK+GTu(LE0Z$+a=Jv@+K-jY-AX4@2<0$^LClv`ei}2S zx!1$uY<8iv&#+eN7Qu+>#~E5xK6*<+JbuPnk~*Iqcc2~=CWgZP;g30dPwf%UQ`&rS z0cbY5uv8`05jx+umoo~~9UmGGx&<6tQsPT!jYR8E5+e`suxJMP0-Yww?3i62O^I$G z468GJz)ZIBbj5h6Q5vPew9Np3dNu@SoP#gnd%5TbMG>s`UESYKMVDtIcE%%1tR`&L z*nR$!@m*EP>@zMIS{F|+WNYJ;f{)@Gy&k#jq1wzD-|b(HotJDmo4xWsjNL<%AW*Ue z;IeI-UGB1N+qP}nwrzIVwr$%sr#3HQ7PEN&;BInpGxB_=s8(V`JW$5Q+o;&#gLtIg zACA_;&YU?SN>Vov^F{+_e=Cs>h6iyWpbYEpSZTMs|8T?5heqs1Nosa}BX-dzSY%`Y zQYYF&Ixz|=TjR#URcG23fnvAIdN+l^6yQ4R6YzMN5A|kSvSK`8v z2k+usk)1C=zU_*bk?A{9T9n04KNIw3y@LB^9)#JJY3kzrSn%-PLs->2KzID-hxp2|dJp$-AYef70)+2^c%S(-xujD#et>PpHH7D&1aiIbzfDmX6$HM( z1s0GUiAL>@C$q-4dIR%g-VacDrbzZSEON110BrggLf)ujlK0D; z8e!S4ZGJ2|FY?cT`N5Qyr#aL=gjzd8#Nda48QDIq%bc~zpqc1I#^76U-3PDo6EMrb zu2fZuGS{dznC(GKF_f&i$Zde*M9u$x2{4Gf%QZR|-`VvoFOuh=$Ks%WHGPa>6$ZUU z@PxHicFf)}UgPs%sV)|wuz2^4NO6{OYeG72Leyd%_tU+dQ|&DD<Y|0TZ5(kInAJ^R~r<*3V1yx%xmE0FxaYv1M~gsa7oqh%xCj6gWe?aKFSe= zj|c8D<=O7XezdaV>vh6@>CPr_Zhd;JSyD;|rpN^#1Ab?cztQ_O;%~ ze0o;`r7Pc{(BudKe78G7!pMc|v8i-n+n-MW=TJS^skr{C@pG9iG&Gi#+V@GOI85UE z{z8k?4$+hG8OGj0-Uaq&6=4aU)9l;bh`(KoD@eqWT_`OI%<4kxV6aG7(er?M!k!MZT+j|J-G#OW5J|LtXAktcSQkga`3qQzkSa(MNrtjjGP_l%0 zJ1uRaknsn~9W#C55H{u(_ zZ|Qj_HfuFGJ5c!sEs>7q15TnUfL-Pw_YIl6#@8 z#{!8^ASq4LvL8rLq>^PMnsk#4$$Np>EJ?a<0#x5(z@R-Qe2SM=dEB$EzR~pNCo-_v z3}EX3mxmwWXP1|5i9Mui=SB6#{+w8#ma=4gV8s~NU}`MObTX;6LZaW`*wQ~^H>@;M z6yQkd_(zYzzEP{zfDh{lZoG|p%`Fva31DO>Gnx+LVsi$264GT1(#MRhg+eYPaWnI? z3jEwfdV*1K*Y^%22xv4=+95fZ4yaBFMZv3d?tS|YN@qLg`Gnbu-&g6(MVG1TB%T9t z|2$yfQ3((CIrkoFYH~90x1xW9l;<7?&e&j5Y%Rx6UT`wNe~@ZLJJ2T&Y^S0yHzfpN zTTnK4upA#^!?<8rf>1$_j~&)fESqNxxWEDK9sWB6qmKMs5-U=;ugw6zTE$m4HRA<- zANse*COYdUNH+DVH71$rw-f=7omKUGWptwVEjm8*Hu9}Y6+z9U;^}~|6lxYuQe4Qg z)Vums;xU}Zlz$bEGbe5EF=$nD5OJSm-Mez3r=F_?tqRkIE7WmciBqRo6RxEzoS9n@ zQ7`2I!u~q2`!ez@-N!H?cZhJaB^K3-#?AYg#~BwDT8}je zsWj?zztT`nqG zdFx2#fR*^blX+92@xd^*JoYZ*6lXD?l^tU?I6bIaXuR6ad(w>seLhBft^*u+Jcs+c&@$y-n)rj7STpJfK{%DO8<*cnme=C}Ev>t5ev zIv|cp|8U{a!iUDQu8-*9;c5Sx$uwd_k z_GKN&$HjX_MT&L=_PyNqgf)gn94UcnGyjJO;2U=q2d|GK;B%VQj&iur5QEtlD>iFV zps+7N01zRoc26P8OFyA5!V}V@=I*O|8=~c{)!qxJU!)*zj;N=%w)2ywbCi;8=+P-j z(M!-;2PT38#)-<3Gw^+u)L3QtP;oScOEo(_91{g{MDAbY zdH7IxL@+@-Cp#)vs@YIvs+!_B)6JWYA}s1=0^N_sB#%$UYS_M+U0m;&#=)4Py0_1e zmQ{dZAUR}>_q@)9bvqdR9K~d_&INrmgqo0IMszT_eH#u^NAAiIw~WC(B(@OOh7Adg zy%qG|E;^rC_|bGvq$?~d5>f-vF(TY+MJA`@Pje{tS)xK)Zxgw}WGqI$CXu zwAf;7H4*ina%%D0oh#Q#G43w6cL{L~#y=l!sNWCUz>Yc&aW?`ZgPF~XwUP`8N26I| z@5#shs;o*IUudiZLxJ;|98d7+SDHZi*eK6#1rui^9urn2R+Q4tT`_c7#NUAVe2!>n z?lq$yDwT8wCCPU}-8}?qJp?*1B3i&ifWot;yDY?2#>i#w1f~-hwIRYR#sxr)Jo%ka zsFk)bH=HRpjZx8*GKSfsjQ`*t>Qo&8_eV@T!4iI!AKX&!9u2Q%%X<;oFVE3Yt@E-F zU^m|$2dYi??HSf19!NIG^Yxfg4r*H`fXfnJpR5uzvv)z{odNNvG0c_UmySwDkRsL8 zpbM8nu45sC?`X1mPH&ZG^5b5r&l7;+=sdnyMW&AXO%(@k3~|8Z_1w}69vBg#3eI=&q(+((Hj57dZbcPBE|;Ygr>AVB8<{{tD_HnHI>- zeD!d}fO}5&b&$OADQ;Xy$`KM`I#GFF)i;o1nqxZjUE8uU7ZM0a@yC?>T*kw?ynXRF z{>-mI3d4Nmy?@5HHX}5eS%PZe1M`E{N6y{I6@E;fl*m&hSpxB|1Mf8?F?!|ajZ@<7 zYf*>agK70P%c+qu5<>33%7zdNz!GD3iil(_fvP^S*5@#3;H|cXfT77_V<~_?8XEpQ z@1n7K{$A)z;A4)jHb}oI_k>q_C~xrwc7B*ur(Sj?QvPV^RT5bbOp1oGtE+@Nq-moD z-t&WnC*u&_O85I$6w|#}v3&xqbSbb9%?|_gr!*`q1vL-OejAxVsKF-0Js>d}t-q!< zAf*kS7)Bh+_c=zk)&Rxni~BLjo)vL4_Zx&JSeZvoJF`04|$hal_Gg{`A?vffF5^y>?Z^dwuT zg9Xd^YxDPVH}dRs9sOC<6idF~Uk}IqpA#s4o+DI_1WPMpKXf*IAsK~fiuDA>0kzS0X5 zBQJS!e*)EiG}I1n0lXuac&~eckqFE>2oVm7lX^nr!m(wwt)X!c)_Hg3f_w!FbE&9B zQqDNy^kUfrE<=NhjL&|L-TEU=fFYMsSkTy$7wbxgm=OykN5u7rW=WHuB&l}Z!?M;g zJe9VqV`gdeWH;r{Prl<}b(p)WNxUvBSU;D3Q4P@yztOYX)xE@{MuGEnTJ)IQ<>oX( zv7d>w9&?+kJ59!X~<=aa7_&7ICm4(y;p4w!dqP_K~*Ly@g$(3ovE? z=p=9vk`8JTS&-7A#vMWz`P-K9-&$0J0?BfO0CzZ4>8Yoyzqwb8GYv&eUbb4-B^y4) z7$UV@7i=f#%cC;Urq-F}A!?SFoGk>%n5qk!9UY1V?`&3e->kxnRKoDiyj5zCBK5e( zFkk}`DxMc-3*e98N3l^K01nayjoL$k8#;Tl@m`0Dcw7D?^Vo#XB5CP_O1g8Iqz)MQ zGBHWK_}?WMY3-$5rs?qc`Wn22nX16f^MoArwr|NxPR6;?@8x0%O$qnYnhV=MFlF z*V{nXYGfQ(J^06}+Y-xUc&%}aMHkF3-hUqtwwy+uotisFAX)%zr4DMhadA!sGNblJ zAkQv#J%EVLJS~IxSF{HOVA(K&gmGi45@ZwLD(HbosJ&SC{+lPp4pX@_6EU8KO5hgh z4L*uVvVKkpYpo7(dAMfVIXb#5I0QS=RVy@7vDA-=77a#Wh4c*w z@b1-p#l^Uwgd1d_&d7_pJk`uQl3WDm-4+4qEkW!eLyblAaGVw}uuu&fcQEaf@bC9u zjmL2^Bc3!6VN}g*W!pD|dgf}!VBe0k+H{R_I`ZV7#3n^mFRU8;(U?6F>XHR;B%+Q) zMq-{AdTPqENKi7sU-W4cDBNaGUs_1oMa>Z$?}D!9*T3-9+P`KU z?6edNrMIcx~ac#t7?OHX|e&CY`^7_k>08KxxSMo=vgOpgulaT|JI<;@SkX>6O*QMey!i!=17PT0#qyf#rWVwtngb2ukRc{n&2+1 zZT87)p6|S>r{JSvhV{=0sSl={AUuPN;Kl5-iGGa5F%C-KDFSwmg@a z@!$396IM_hWdn^lb+}EI!!E@*8d_GB-_ne#fkZ61e0eYljH@&-n7A`ygjk z!*)IkEkGEtwQe@zpjyaYPFhi3&@Z((o6DZ!k5;5LZoTU3h>t%{^Lp6CE`>OearRJO z6-GH+V{@T^XAJ;=pw0$_SQ|Nj^-0uoCQKBM;ezCMIh8R~B)t84^zkgkr?-^)zA~av zV{LdG8g|({)nVQn{%LxwTH{6f3owY^yM!il4keuzyZ17c+OD#2gkT$Yua^9G>_Gcu zfh>{)TFRs*0BZh=7OAWXM27MhKu)VOlsm0`QRg&oKWYs30s}lApy97d0E*n}&CY&W5}H=|a=S)CrkPF8%`>$_?fAvMW2KWd8*A zW^ADH&1y!o)<5~D>d>Q2FO!+6eL}?*rD!DPD}b+yegB6XjZR;8>m2yF{UWc4hcy{( zI7R~m?HiZNCnG2kiTXX(0Yg~JMB9I&Uq|*#<&lfVc+{HB8?kgChLIvY@zcK3bg+A@ z!Z<(9GPi7xPjgAhGo)(~!%?(Ce2NI^Y-OD>%;5&8|Gf0iP&h9E0L;I&ox;mVO{4DQ ze(m;XR40Tv^C>+dRMI!gN970k{W|3<=Y5O6(%fJqZ^C>X9b4WukW?K7X!-}i+V;g_ zs%>OSozS(PxZTp{RQXlz(H2@0;r?v5+B8H!rW28?V}` zg?|D1Y9-w4ah8A|kRdbqQLRIXcx_nQ!m8h2J0gBeNV@Qdho#2f^Hvsp$C_jS3&9)x zMFf$jdo?f3vV!N@v+R@9A`}Z^OUOWW9HjW-3O9ZEAFrH=%o&V)RTxJjOE^W=9Y(2k zLZpg0f763-ePP>$2#m+#T;R|Wpz>4{>kNL=225-lzTj9zq`osFpwJw=1ezGh(Tv+d zp9cuF(Vnaju%F7nYC#Ksvx;T|-?A-{Gyw4w6NLDK4&2_qa$QQ839O_u5$aQlu*i;KjmD;32hEf{VR1FWHpTd#zxoix<47u^;LDb8 zJN2PA+Ei*XF2{Mk8P9|d$c|Kl$&!2(mGt*L)jlnLpp(;GZaFtPz*1xf1S$h)V?XDO z04yYl5cI!8^B14j&+u`(iwXO8kuBpX+nw{t-gn)fxmRPkh=ey}d<=+E-ZxzdgfFmT zzWuS6DC*}6 zcIwMn);4>Tann^8i@Zl_DoZS?P#LzF(P9$hq>u_$+RpEOkrZeq9zk;a)QIN)Z6m1kw%qSy~H zKG28nFXS63=D~#$_sFV$QYrlD0VCQ4LmRXgP?(sh9odTpylyw+5u-3lW9|r8gGL8q zGB%x%OtL$aGg(&`pwyq(r+Q1(BLiSd&r^NpBrCbGgDqmS9K_}BtyOR_BhHpS!S_?$ zj*syko8Z|IrdKI3(EmPKbe;8kbo8r;W#=#vLff3XH0YIFP)^)Kzao(_ycVb5& z8q2Aj#q$kf@n|IOa=`nkXcN%;eoO^3)Y@%ZGtB)M0xD+Yy@8SwM>WFxsE8xC6UJA= ze1*De1{!LcXCMd6>5J%3`Z?w{ocQCgN^to29QJqxITMeXBx1BJle%VhM7%6v5l{Ci}i2w^h)2;5@9UgzSdY zW|a<>nS4GK%DKY-^k0R{tyt;lF+3}5j!F(TY@Lm<>r@>_zv)bQz~bTr>gd8 zQjvueqMKwP^L?OX^&p<_obl3GkzEGXMv$!q5;y|lnO9O--a~1h&Y>LK(i+|ntNcSz zc>;qH!7<-j+v-wJ3Yj3&V`SXJ|IA)gOH&m0tiL&WbZ1aTai8KmQbNu52{VMnd%;mw zpWFQUOrToeC&{4pMc)YlKRbspibgl9rWaE{adlqn(s*#0C#5}FV3PwQq6 zXywm^6raX)U{ZV>e@RL;z=-GZhPrKWeS{Pnk6}{CDK%63vDLF98iQ=im(oj;Ao= ze1klK-%#W!+Qy(#RV^qqmN5Nb8R6V}Ts~O%yJZ%@diZuJ89j{-rfbB=_v?Jh0rpx& zVvZHJuSp6_jEBM3ZcfuhPR~`qc8nQKo=K=%sT;N0#5g(y&NvpzI&RRA#4@ITOCzHG zedDuZ4NsMfitkL1nlt-68TH<7+wt@S6fEkWg1(l`S62Mpb5ip;m#B3c_5Jq@yfwkjCZ{28%{Vmy+6kyKbXf;X^axbVLPYCZW5=xuFr{DkJ!hB4cOi3Pt z1AepmD2wuQkuWU57Li!877%aT&7r)sWSrxxtTI$b2&1s?6*VuJyIyWVgs=G+<<^ub z@JLW;DhTQq$gF{m;|4R;U`$nwSU}!-DzHc##3UUoHUOx`6e}~^SX*9j?7xL4^&}XN z*o&jqz?0Ftd(E=_CZsh`4rIRK-(M1@E_loMO^<4FF9T>$~ zJJl;nz>hG>G$svb(tGL%er`?saotAL_26#|s-96S;*42U86*RZ2M51wdadS%`($dbgbST>Z5C}v7h>#6sW&fI%MsBkhC6!1xqD3vA4|HYz{*?VB$MO2> zr)gVLoobBrVQMmGZO2N*L>pKK)U%aF4HZuC9_kj56i`Cr9Vh^RKrRd(0%g$Hm^p|b zf466{wQ5)|2pj}1@e`dN5)h2=#(JFKkXsfS4%o~?01!w308m~WkU^XPfdB$T;xiON zR17GIUkAa{4-KCW84lQUxBgGxmKP#|DEXmx`p+k*-Ksqh2norc+cyL_MQZ>e0w)4Y z9;g6^zxEB)x_=%3a4RlI)ZSi0eFb}rl?#0WgkSZx4obL zFtT3^HpVmg+gL6LUaxKgAjB=?XZCgN=}tI79d7{tFH5Y-iZF=|59QUm`-Wh42lg7wuGJO@ z2f`j;=V$lb)337^fTSN8=k&*R#FtnL5YUf%5Du~qlv6;j^~b1(H4yiE@Fg|Y?-d{i z=%$Gr0O0%k^K0f_N9WlNWAO$59sgybR^O)JPA&CgCg$gv@=w1vz;~xWKY$KDBA{PT zD;u8_2n59E4Rt%gsBS61H*y7_qaQHIH`nD?(zl~tZO?V?LG9Kq$fql<^=p?|A3%&R zlMNsW;QE#?rHS8Uu5um8{Vz3;;751!Z(GSt_=)LrP$&jDDQKwh^m;x+R{c;`wF z+NTe+-j5_R;7?nFhMs3w>BWx+b6nmBx11llzz-hrpdji#aPvwq!By5b%0#Y9;f^F& zaBpwB9sKBxDrhei0LXXjjZed+*0nBNtf%nz9?%Zmv~Q}C|61RbuWedh7zIEOpP!e# z|BC<;3L@Yu^k!`V_v#5eEb!}_p5380#BO&NpC2%e|Hp@j@DSkVc#pI%0fRn3&oQqU zP;c!6YXSoBZQ!>^|I6gZlgrl#kzK8f&uz~x_rRI197^xaCp-!O(5t?$VEo5s-G|SQ zxUVkOHyt&BT`ue${7*N^JS59q#o#(5B3v%{GS4j|v_C=}cEs36mJ-5t7Kn z6<^G`19!o&>}mB>^!AumIWhbTa-9v8J+@R`{r9t<;zCT$3P$DH3(?+c=lbtS8T9LU z&hfpodO9d+K^V5j&XD^KK;A9jC_$}RPB~9z^~g=`AxLM*(V9;1C9jN-3Keo9beBh$ z3nBc2EtRSJVeBFGAf@RBw2kAQQlGHkLu0pIVUI&WCSM;0Q4Kclk)rg;XzW*JowCgx zFG2df_pY5#EJ6NQRwinu<3*U$lOkkBtM3R;%nYT-Z@TdnMC9}vN>4IY?FEoLPaGf4 z^>@{NG`gW%g`$Lvr-f1XoEA$Tjkmd?0 zh~*CqE_a`1jC=Gp;RilU`pB}E2=j3)^Os3s*K6CJRMIjy-fyqp|X_%I}4- zmD13Z;!ZyE?mwcy!bD!yW?1R&{xb8418w^th#XYm$AI^`3CXdXZS=t1mHQzfJ8$rV z04fCmm1s(C%jQr%t*(XgW6x~B)qlOajhN11zYJJ$SAWnN@evnb^ZW1<3+|Zl7q~^6 z4Xsl1IhHKh#a$oA_ zg{>q#8=z6#gR(TtsXUXLhfxtu?#f|VuzTCRC*gZii{;*@j=py%Slx0eoQDT7+x~Db zqrGfhlwM~k-V&PwMvHPRbK>ETw}Xi))8TSofH(KZuiLQIIuQROs=ZcFjEMC?Kxsc$ zaeS}au_CXBjCkK@Wv6CC9Fo(P*+DWK5v2Fwz+*I1meq7JH(bd=!ee9^#XRXuE51*k zVg~hXDRc}}isBu%hqBW!OgA`DRm zLfX++ofgb=A2oua=Ek#~X*=dgYyQzIZ_VZBktASE*jIzRx8_zVGt2t-zNlgxnCwQ& zpHAH00xy077wK6Yex?{ox2D?O!QyR(R`%n*Zf_*IufEmceaN$T8qy!zHlDx@Mff5Z zGvROk^@rf>YY0X(d^}xa$F7#k1f2(RlJq5g2k&)5;!>`BI{318#Cj^Al`L3bI-tDj zysY#$kgLsn$POdI0Q{Gi!5jXdTzHytb3SJM2|Ai~Lw0mk#BVE`ZZtt)jnR$OL6;>W zv3Q1n`5MKml}tjNC4B`a{c)~*DG*lfw6gf|BTByex2eoG*)T+9(2{0l5`rV)?6Uek zUK9f^qF7<4(L=Tr%zoTCFO`a0jc%O2nH0TY-C>Nz&AoKI!`#FSlg z)@BPpMdl#hMPQ|Hdg$B>OhEy&*#_bI1Z$jeDhM#P%FZ%mK72UIN@^!4&v+fc_iHx6 zZLaUPUPfwYQi#DcT2kW@p`vVej=E23Jy)9GK5aun<+Fp@ok5@LjT0pTSU(2k-G&Eq z@y1V_EHglz+@&RB&Dti{saAZUcT}Y91ewGFT7YC6CLujvr8=Bu$T3)4%L=!D#6~iV zCiiti8j+sEP`)4;S-vLn^Pm5dP(NHE(&9LjC6Qfm@`|=Vx1$NJ*9)R(cm9PcsEfQN zUsa0=HPKRxmVtI^z=5KFW276pOSY0n@@g1|uZ4N0UCDO@hjZ%ag{otp8Z@T}4N4?e z#Uo&%mZiS^-l-AuKY|k677T%NdTZcMSK0J69sLB-xf_^&AfTN+PR7EC%$Mmd8o|)b4X|5j9KoLknDd!eiF`y8|X$XbOU1s?8(eIL45a1v8;1) zJi8IM#uYT&rX@IyOx&hxe9>41F1R8UAaoJ*W-9_fdESyoqaBj|ls{Ak`}Q9z@LWD< z?P>MHfkF+X*?9^$Hj&Zlw-S9ngv+N`FwTB>I78tC9}j2L0 z2>m-*O5q(NKG>2bJ}_b(LE2&})A_gTNS~48UL1Q90Sd(=nI}+*dX87S2v+zvJSCB9 zbhJ+DiuicCZOzP&ELS~JA*A+Tv4(o5<=SGn*H-qbpyea)21O-0Pxt4gi$UEzD-iOjvxlSkny$LU`Y zFALXhDW})IdI--#V(lcIMb6gDTiVhe7-Z*Ie?v#(Hv0!{HV(n5NQ5XEvGzeqc0%z! zhr|23dOGZE3zmkK$6(F{!o8MvT4kPUb^+h>)Jz3-D8AKbYl-Tt6@v8iXOtF`<69Tp zwKxh*#EF$neDQg=?jrEm%`n>1i#h#9ebebDuaMmNJGtq?vX|8g@q$6uW9Toeko%?G zIV4-MV|)$yu6DR(a$4eta434yW-KC)t7;$(C$qFKo@Frmu8Bx=w336C>ZR_FahXhS z|8KV@U9-~A!&jpo!Xk|ka}7m(63)_c&E<*&rT$7g+OgC~xJ>N<)HNPeD)ZW}Q+mcm zrmHcWEn2aiQZqmH{pFlCQG9r28deI9(%_3$2&$rcUxWd5tTdhYazc>wDO8p*Hd zyE`$XWYoWcY_sAZS)cOSoLCHH-x7scqNT8!N#2E7CXN{(8uNoF>56i`k%iIf4aHNRO|@qnGBeO76C6E5%x}Wo%e$#7D6d322683t$co9i zOp$8DDNC-;x^0{xD$93_L_De?NH^><%V+f^JTHKYtN4#5op+QOs;}lR#uS#Fj_s|7 z%ah;0qHL)~eW+a9+hpxULi`sZD=b{J3Fs;*I8C~tgJS=@78URqVVsSyGl6?Xy@VT6 z^{EVGSq6#=1BerZX7!9todh2M&zGp?giWWyJ-B5V`}RwcG8sRE{nI=H3bm;KPrP3u zuHg?(C^>9~4v57#Ni(Nkgf)9NgZhSdHSFWD7(rtQpTCmK0H<)cWW3fn>Kob9?bEU% zGzI#}Mzf1ZmJ6=m{jwjbn{NLOT=b5Z3^{MoJVV#3xZp?UM#3cmDNlyRa~1NAjhV4o z5}=>%68OO>E>yM&AYzDv;tFZWAEK{Z+qsp@fK`d+l*=B0XVhP3TbUxJ1#2C6Jyj}m zTD`$S%v4FF>{ql79?gkVw`k>V^qM?u8J+jeNE=D=kPe(-j7tHnio&oS0 zXOcUsd=DmgmNU1JtC%N`)*j%9?8p9tU;MF9+W2^7i^&PS@*W-M!By-6y}GR|YLdN? z0Lh_PR+UZUng3i2TX%Roeq8Cb=M2O~MU68+;*0rfjFm4gk?^TD`5AsMC};kjK2Q_V z3+>V7Zh8ptk=9DWE1D(ZuVKFj#ez2O7HM_~0Vb`4=I?~zYJVU(2)g@crd02jx~-OS za+K3f6}pMp@f)@@iHg`$0fAJL?pRUUkR~J(#F!Wzm{%ERz)WVyc?mx}X_fSe$Vgs? zWc@p8>v1|TbV}wVKEf2;lLhk`1Dzm>9mDw22$qS?*H^w95T>74p3uGA4rY9>7GB=b_ zTSY_EOF9r5$wt!mw4$Fs(k2g|@RV4Pz-T{&fJmEv@yMnRCM+ZqS|UNMe7mtZuq>2rWuzgvi!h^ zc`ZoAk6vtVk7KgYXkRT4v`LZ;C(#Kk85 zHX&6RW(-7B`-yO#4fP9x5P{V0Z~}p`a6n~z6wgGpiXSf%GPs9f3rK=yx#9_zA9Zh7 z&luX*q&Xbd2BI&9?>s>)-?rWj8JE}R1SrM+#6|mP&B1u2S6s}DhaolDf`Dd$nB7ae zeJki$Pp4{Qz!bBw26!ebcK%)gugqf(8y+~#01uz$4$)AvE;CsRhCC}hbQmpRh;dMe z4&*XHqE7$h2?o)}i7yP%x*6=knK!WM4k#yV@HGC~>%bQ)a#>LJi;0;@O>_rYOWc{N zqmYFyTJ<{ALGh&Oqd8_|?a)yStN2@@x>T)!vu~w_%2buY#>gs0j__d}F&c!3^b^{e z3&b>cb=XlZt4%&AxOoijV5lix{<(U(b+Ms$30>%lMD@9T?_Xgf{4gZ>-x|m?98O(B z!vcY5n?0Q)UPI_M@eI84fA3>3^_}zr{7*?Xg|jG2suP_UwmO+%_YPmL<>3)epB{OY zb>=CX^&%pwl=Po2QyO;GM%zax?Ch8usrpQv-jsHM8LI|RCT$|a%3APpGx@PSjBh~X z&)~>Y@A@`?X={2^eDs9MPuWVJ0!UFrYGU_VQ|y%I2@mO#9@B&MXdV3z(t zG?l&B6Jj6a5jj^l+vxQ8CpW254EuS{(y&`5xVq0|HsLnidZ>SvOpUIwOQ!4pF{zR12C&oo@EgcglLgGXzgW4hdL z1`Q_kzk{fWPkAWUnUfF4Pa^X85B* zPPFv*8!=T-QW#G4;OjhMe3eelb3q0>2xpba*I&9d2F7{mVP1#n3^OKdwpt#_iM!^t zg(B0MO*(=Vy8`zOH9^acX@AQuCauO?AkY45$E%2BCzG7+(IWI(SDKX=v^fQX$0zd; zzA}4pP#zMAYen(0k^(^?MCosIurDYktFRyPC()^X88;lnGGV6}!I^gZA>9XB5^6l5 zN2!DfU3(Cpsp9VFwPL2pfxm+b}PXIe!_iED-c!TYa zgHdbTh3{H73^A6HOaJz4yW9~KI4HpV4obu&$L8@#z?V4Fe7S1gjob8KMLeX$3RpA_?ae0F= z+13_if-M2i&ngV%m#YH$gC@|5dX-*{PfnT#&$!1EipUPlGjwbW_}a2GU@IqsG@rY) zB?g$1NSncGraelNFAx1}jrlD~>-hf~54NG<(!(!cY=;k_uzPIEx8@3fU7SR9(C9Rz zV!rzW;2EoP$gQVOQu-_POhnu?7AeE!?IYCi|h3DIAQH)b}1FW3LfHqqU zFB|A1d2M7MuNDesV4do%@NRR#CN0i(8t>Kz=d2g^dXkW~mf9gP{@~boxgdF&gWXnn ztOIcG`MJ{V=ud^R&71rVTenAPbJGh=kR$jAXj}GLEmOL{7;>^SclxL#)Z#4%hBau@ zY;P@ui$QB|WTff^!k4ll{vBL!mlSFmpm}>Rk1&Huylu(&CYijL4X=lbFGlvmV|9KI zz*D}B1!+Nz^V{S+y`J4La@tjkegUfGt$GO$CF&Q7Na(vii`6pe3&+cf-Y4*_7uSr= z=k5m;S@1mQ(kE%EiH~OF!&R3ET{L`ZhoPCZ+v$);5x%(WgM2dfF}#d#tCqV_65Ckw z@v0CBdceN!`LZLIqsdZrv=u&XB5A+1JfnXJFJyYW;KX$7`=W!Bw!Qxy;Tx%@ZdKw5 zJCr7TA&>}3k3{7bj~!J*X?MujNSjbA1| zj*4@xf}&x32Z;?udr%PkD%^yE@AQsrIUsk1;1P`}4f>#*s<`B$wl)5b%)B zjjLAbEmL|Tc59I(_A4yboXE$VQ6m`%kThma%{jF7HU)%(W$2o(d+Skf!Jmjihn)Mz zxY#l`i)k%QPNno1{f-~TL}X@REpq_mv$=zrdZLDzHz77W+ikhYF$Y7@5PN9Xx9(J5 z{yRiQ-o5Poj~m&kwDpdKX?qI{H)|X5{dvRrgjn*#^a(0=V4a)`Y)e8R`%87PtOL5r zF3Y~g;OyG{9{alcwOj2h1cIHS{dGC~STJGqOKm3deh`-|03rIGbmcmqZ;@N#)us#b z`&f=Avz`><@~)3AXRfwJ(HaPCIj>8DhlZOd$&(Kfi^Y$vp$pKF@e=W%7|9YD8MMId zlbqzByI_n%J^NUNu?EDaK{8F4X|?XL7G`xi6WY0Nwd-anK&)3dDSNTY5HcS>=c&C4 zijf1>4*eTSLXy}ESxhmPX^mzsV1&>gE?{Ik z&qy+^s;c2!O;d1?ZgVnVvLY963$gk}Ze7;SKvCqM?hY0?H@dj+#oJx8m0Scgi}{3u zf!xK@)Y&tQZC&fl;YLwN^s?>_rtxp6x6*b$4FTuv6C_lR2*uvz;4}vNA&s1m;qH1KHfl-h%mknE%`K6z%!Iy*?({Pzsw^YZH04~SAbD3`9Qr>ji#u7Cj z0%1>`jtp+r1ABB-nGoC)eiR^3cV6S{Lx4*(BXId6I<5*+0hI{gDvj#XLY!Ft{RVdd z{+;s#c)XwPFmOZ5dkL-a8e72%rP*~N_&80jz8IE8gPr*J5@Uulk)@$^g~$3?#4WRpLQ4A-Ob{e z1ehjGs{upZffgnkNNydt2X7>)j&%M=0F;U;JSzjURm1ElFXOPuP22n3(I7rblJaiB zPzy`njA}eCMcq~j28j9H&u-{}9UG2y)CbDsVykRWoK7Ku$^M}@hpSDHVZ{z$wn3ss zy*;HJUK#0c2T`L=XCppe}i_!OHwSxMe{$(;P4!PaDH!GhF}6M?JdAjuDSuO)!$69qeidpOaVX3N;* zP1)VzCBZ-s)f2HGxY#NeXePto8Uh*rFg|3Zu|V}YD2j4I;+Dp@dD8?y?-#bVez%8m zXT~vTT8H*=yt&QF)wg2&err$6A=Gm>a=_=bT-dHKk$TsJs%m`aF`lBMmU_QJ>v(H< zM+-#qq%z_ei;p%TmavEMBoZ9Tk5V4lVhIc1yDnzP>WnVW<=jJd?rTgmTCMhuQQk&> zadi;-vTCVX7J9}R`sC*9>a8M=7Rs^#@{9y3e3eJJ=GMCMv@iQ6ahHI2*3R;~k;rV? zOC_~caK^E6W=q%;DsOxkl~6~ah5Z-7Q){ohj{+?s@6!?%R{qB(=CPPP)pBOrAb(Q} zs$s6RKO(mvkVh9TnP;zscIHokvOcv%YVccbvTc7illv;3gl6KIWz&dWF?|Z;+BVQ- zc!wkrf5zMr4Mxl<2b6!&Lu3W@0M$ro45QRH?|$4Ek?cB|#_Ed5#4?r2faBq5ljd)E zJVh8N)-sGC64A4~vzT2Z#-gSB;h$tJulzlu1h@<3I5$%eW0`}bMR;l=t3(X#qFTGI zLAR5ZB0z2#%FVE&BQvlhfPD zc%{%z>V#y~gvi42CEKCU{PdUfkKd&r^kWuSa|te+v%wB1}kYK zQaDeOPtMHWu_dm0DjH9mk9)9R!p~yk^va3zvy#B~owPqQqyX9v;LM z!Ka_+j;XvOxKXVZwTlZFug~OQ7ewJ;{gLoW_O)S-c4|-EJE7UR4ZV4ay9Ncu<_qW) z9KarmMkgOO--*0_p*00F+0CY#Og2m5A<4c3V@STKtl?{Q-9L%Z_k=_>24)yn!+qiM z-*|S2N|y7F9xyx_Gb*n?MiNTw6OR9ixA*2PM~7>>l5Kd%rtoF%tJ|%2&c`3C_*gBv zQ6!OjFE<^gNX4!&es7t|OSdxP-k3#+I{fA;RwJpebbH$8UhU8hf=E8wVbuBi#G<3p zv+Zz(=>Z*Zz^}z6XE3FGo4pIN&_lhmu>=;dS}h3p>5oV~Tcyr6k%};!{1XZD;%R=i zV3!L*AaPs|tnd%i*ks~$l8GaTvIE}I=A#)*%3YM$dU!4f(0|6 zXqK=_&oak|ud+{FD~+Vt4Pd=0J7L(f9FgBv6u>+`Rt3Le%X@uzV)(t(-?vBplItg9Y^Jg=7+zd0)>< zZ}1r+2oH7so3(_C2Vbmxo>L^~Vzsgw)#9B2;h&fd`2Df|Qp#yxd4R{;)hb6AI^y5t z5^Th$T&~xxt;MhbDKj-O{T*pu8n2y)DpuREu)?0x6c#yPamBg!P`O{$ScWHgZlS+;$K@L%WJ zL!gAY&34h=JEO=*QC}LpCYR(ZS}T=G*o6B3#;|K=Nq%*dI8cDJSPeyBQD+{$6A

    Z_eF*iBN_ZbQUbl_9G*%`jcU4qH2|n5y_LXI({VD zR;sX>&|chheswJb{OeX1Vn7MKSe4yP(>Q9`cm`&3QS$C(vE|M6bn#60mr1b?-1l+U zR~`7Vq+QO7X;6?*2Y4kP4h(!CNGamy)_AI35+|}rYZCHOh%0O%@kR5ty(grn& zBb0FnzgGN1%hT{zSA2^j9%?Vg2yLd64Qbxfpk-RP!-6Kga750q;K9bu&!Ago$5)1yX&y?QyBtJZP>thdS79bRE{w^o8D^y zlSs;g^cqd>`W2fxxaNnszWr#V`2IQSMziP59>OM5(;@BbOa(! z_W6>weZ-Sm`2 z{j*EUz-qlS4`(A#>)V=)wNeQ_lqIztht*{!OUE%=(=MS%QdR<{{2&Lzem@N`6;pYm00*K_2G6YKA> zEP3dD0Ww4|`)O`9*I7SSMhfD>_H+14lj;Eg9O+Kc8U1XbEoAR7=U#7k#ndi*gu|QR z1CJzb>Nfv7yqjoN!-@?Qv98Yn8C}|God%~j=6LbTxPpqT1YK&w8g(#Z|3Uo@#D?yL zLUVPY2*u=W{`ng&>EiGUyZ>?xH=B77C5M|#`{dnVmUwoF)^^sirS=$KkJl^Ate~^0 ziqVpi9bvdtGLzVv!a3zHO_WZU>6sN++8Jtr&A)ZLM%6aaf<#RW=CBNFaC{B2%?kWJ z-ri+lA|;g7baqH56z#2VSf}V2Sxd$X7XAs&e4J>pE%>n+oL8*5z{0lBv4=zlVyb*P!kSAtobESD1zETsKX6GlgYy0gk?B8x(?+oW3RpaF8 zYjTpKLxT}YP6s%z%_g#c(ef4h`&$IWd30uN)4ryyEHFqR)CLEu$-B7igJUXp$EK>d zWiI;~Qen>=myJu|hvEj)=wf3!w(~X?MlYNrNy9-0dmO!XQbY|-xd@vu=G3@DlR0Ks zd5#pyGNV~{IJaIUo@5$GBZ~F_Scb%xTP8el*{#|`s8sj@4cy#0g>+pa>(kQ3%WY*M z8isXFVevj)%mCQVb*N zg?|FT>gw4XfyKr1aAY9wU)==b9|PR~5*Zhh1qT9DAH?7NOE8H225>M+3(w@wO~sE2 z2Fg{q5IJzQg@ccpDjPTTb&AAqHwmDBczkU7g98iS0LsNL9a8|{VMHcXe|;EPI?4*5 zl1}ljU*|`U;!IDAlVklJFrc=!wtBQRwwfONj{umdKh^LAVm^>72v@uR3_u?g7&-c8 z;IHy%r05^{reOA;hN{8o9PJpKet)qbm|5M(98fFfVe1NWs@BM)mPhfo`lTWT~y@ftRf&9Lp7#SIZR@YH^H;82*eb@#-U}Tcrdd?0G2H@xd)4uRg z*4X+ncOx{T@R)`PqW#y|7{ElrNr1yKpkK$c{e5}- z{Lc9%r=Y=F9Dc)oKD`4bFA^y=9i{y!e>TY|p`3u-8}01@)Ym%r0d!?)0ocgs`ak=c z$T5U|HbBqv5QOoIULb~}*u;|f86&wdx$al`)@f4mL7 z{8m5h68!oB{igg&W!?X7#}_xn%-FGg+x`BI*;xN+aQKb7E7ve96Z@VT!Yu>%=u?)t z%gaas&l1SC`CX+tH2z`-CzSt_)wc=ZkR03|Fq4cgTbk-O{4iGgV>ND#FJF&1jqq@( z3Rqts!2f&bl})X5IhHkauaMBEvo|*IeoI1*j` z3BdXFhxf$s3(Xr8fb$y$PYcx9G30ydTRrTNuLJM$4uI?H{#T7oCI<%_*Dh(-($D(I z@9wth540{wPnyoU8RV)wnpn1sHu4yixRpzHyRFSwjF&gDWkFpNHvFc zI5F(AK8>B^eBK{Ag)Og}mSsK|n;13QuIEmsXqAi&TcJ;8iFrPSdNRdTu~5m$Lej6l zmpeOBL%Wy-pg%#>HnBZSaG{F0Hz`(i$yz#k=cfzt?>5JEDs@Nmw~}QVJC$PR?`SiN zCz-~x2nqyT4eaKLs!W#WR!qRZiG#$(kdhPD$~- z3-+|oAJ-E7P0;s56sb_Hc_w*Z+#KAMwav+4q_$;?p*Ae**yaY7~qCKs)$9F|lj3|VfqfM5h%12DQrhBeqlARW zz^w`%`8jv~-fw%_wj9u7)0~|kQyaer>UerAd}MY73b~O#bb@4hESet==N2oR=D1fu)~<#`m2(Rc zK344xmeEp_hT>aAr+|jseKzyP;mR=ArF-jyPQ9Na;ej^Mb_(Uo_=Mc`)p>oaX)p50 z!LHFDSuemNRN`@15p(>8@}hLyT1asu6v%`SOGr@jbOGc5XjY-2O8@2W!qMHppGujN&JloWxWSE*M|Q_M=*FCxM$F0O*YsOD5OIa4pp*Ro1i$emOs3)B?$9ZwA=|&Z8cJhGrw0jso0#lkpgKad%fJTB zbqb02q3eehvTc6x_@~2XW?sI@)hp1GICZ`Jfn*Ry+Uzwy;K^|};mv^0^kJ{uFvGHO zs1jGg>c=dN(pdXZYVnxMQDt@(_}uzEdtEmQ+ei^(PwGds=~x6A=(H$+9zsk zdr8u^HAmww>`~X79-#-RzvhtT@Y@y+r9dISS+`lOn&#C{8gJ$hW&(@<3V)E4l*9Oq zh0iOvJy-~)U&DLQ9{q}>p25oJlrSTs)kQ;QrKNRPY^^gpnziv@XZBowz)zlq} zb*m8yqu~rg9vj0ZYG^Lfyno*%XF3rmd#$;IAs}!smTq>D)yHo7wBXl$Zho3G{zc`7 z_!nI{wDEuG!v}v)PM|m{$!9#1pAXJlwZ3?G%G1q5l+>mA?IMSsny(E)%3Og9m{Rf7QRO)t?C+^c=ceU~i9vl$+jWdP z+Ad(C$p?I=vru||*swGy9(vx06d=IR%Fh=q1bZ=D=FVPZK{GHqvBMZ+wGMf3wX82q zbTTtd>h|MTYb3~(oO}P6LRC8HH^%mh=hSF>rbic~z|fJ|Z+FHgT)pOW4e$$7-~ZG-IV^ zD{(R@p2cZYqY6;Jj+t(lJt9qvwfmhAE#4wRfL~?B%h`ezBc5Xc5QHmdBEOHR@s$mzc0k;e}fEtQTJ(QcGw|hyX|mih^V1 zO?EkASjvH}p%FXFYiA8YsPTblWi(exx5%I$6Q?P}cwHim$m@@RinOCRS1i&rcA4Sr zikLVFmc7YQQdp_e$yZtx#l{NbP|-l z>;BCjiUcx^L7B!>Ag*p`AxJUA#Ajx{|Ih?Is_7cc;Z2gd(0UfBE7?KOUe0h8 zIgR>2bEVK8#@I~|$go3>d^z0+h=@X&5*;{G`$AW;V5MVJ?D(UH(Kz+T9I-d~vE)8e zJKx9xON*KZIe1FGB7oywzX(@|yyhxCy)~1!p0KsIcH+XjpgZgZa@h&Bl<-c$G_gv# zO=R0O&!_5bkp#*er>ZIi8{vURWmJTN7bT2jE`J}(3QfqX+dnr%QB=S~a4CXo$QKxu zz>?^&iJo9vHVUpe={}FBVo(lHig%9CdX!Jiy?a0g-Fk$*=P^~_1^F>uL4 zp4e2g4tv`W8ThmWL(vS9)2j^sf%Z|;mttQ_L_!nHdA2Am(YmS=3; za}Otrf`HWVy&AW2I1b6aUOL_T8)-YorRx)NrTYC(%vT56_{^oXh&jX$phr}*-gpy> z(e{h4Sqi`X_Rcz^=)F)X2RIAkQ{b#w78|rAZfo<~q4AYYp1QjbO&* z2vJndLy4RFFfDbK6qpL*-k=3)Vj0Ab%!HueGv?gRMzX}YqDgGT{gU(h2`W(x06H91yWy<#%V_v&0uM`sw3fysug%Gkx#zfaLXyk~l<~}*pf_&+aJyvBW z{54O8U#;=_QBl__e7Ia^aLa@IVzbL}Mw6VF?IGQHdi$eN;NF%A7;_qfO6IQN%bcTu zh%OkW?(~eCZ9N%O><&0C-F|oFl=Lnqop0bZ2POa%uiezLpN3d=az4V55-;y|iA}3? zHGatDTmZX2utdM5iCqkryPC=B%Chlly>>3ARWhzruX+QSKRZd=dx-|}shBn>a)w&3 z+lkeNK>@~v_bpYB4^p7bU97501J^B!3)t6ktPMM(giS{<_F8=_xmY#!9Ya=0B<^gQ zth2{64lA|NsZAo&Gk4qJKTu}On>2Xf=+YN#0vL>!_+hh{dVd6hy6qxgcq6%hSM8Fa z(XJ)^jl_x_QltQ~G&}_*X50*dobWlY$7#Zx^35Z_f;XreXMw=5(&j;jrRH?kJt&pl zH9p?BzE8mhy0IPfFEN8drJzShm-D&{jcp zL#;q@O2x=1@2N1Q@Rj?5T-@B&)!=0cNp9^4?I9+Q+?!^qwSZ26uLMMn^H!C&teFXU z@`BZ6;lW50=U+Y~tolSA8MfOOk2P*eTAa1euka?tlayQ&A>1XO65*^975@$+V)Vj5 z<@;aA`e(^b3j5rsc1FvXsz}?15eS-wtwpqXp;aoY%U1Xe97kXrbb!7m5a1iV+bWby z8+mg&okh*a|`r-M~_kE3y>s0spY|C zP{xNf?Lo{W=beuNd8P{WrR0#p{0w*J_SlnoTMJAZi%E${s_ZZR?3ReAo9@-mT$`yX3;9*h!7pAByG0CA?^t+)yjRBs1q^ zDp3~lv$Qsk6q@vmV4+5iQqTLMcSY`ga?cb`8e@RjrtpD%Yf?Pin2s}xg5F6CV}rBI>h6N+=F`o z{$BG5u^hCT+eK)w*-qz$m=*k^La7F{`XZT|aDGRYhl8K?7IVx`fe5qjrSZ0D4QSG@ zQ6}fpVPS<9?womqP4VvW71Ggyu-mMzW%Jgm;iJ>3)CO@$-fk;GZSkyy{wP6%i(#E%T|OAuNW%$vLo#8$I9qrX4lMp5bj zYROs3V6*OKWc-`NLWL&Sw|!8!>}jh2d%O7R{9??fDZ>z|$l5E6f2^~&_C?;qk@t#1 zYHShNWxA}HJLFy*|GHgyo(^+ zRzFF^eTI%Bja8)4XEFM>4yHGL4&Q$ctHqeF}|+wr&r{TwJH<%tT!$ zauQ4NvFW8LE=~2KlnUMDULmj}law)cav89X-!l8%seuey?{)?M_BTV-)rCCB1ooMs z%&yVms50|196@A4zM@IhVUF4F#v&J4Q{8qdovUm|Cl1gB zuh>@u=nJ=)K`2?^43EBF7bz4?VjEC_LFDL;P9{Du=+TVuoG_(C7R-?q$7rCY^w)NJ zY4S5t$h-3;NVY?lhy?dkqO;AbZwT`y%Ztw-3S`Muwa8E9UAns}N_jsgc2~(d z=`Ih7y}pBC;m4z`qu3@DC~i(YHYD|?rgHLp!_x5Ax}hm>KK)}_9En>95gI7^v2Cqm zBIB2F07uyR+|PNa^`ddl&Q%0n4}YkTCN*mYMnqDEM2q`;sIq_uLcp?N-Hpf4bZV>Z z&Ct_rJ*8?@XGcmsGaIZXMdwaO=L`VYbY^L|MmOY`DD_q-80j8l_=?G+#6~2tk)UG3 za@kAzdG4ejvco0bPHh{eusfebtC4$T`c&z%UT!d9$KZ>0`boTN9~qjn2A4`- z(yn!yg#<^-0EYc$tg@~|d5Fic{s=9q`4T?+OVe-uy3 zOqg&G^u;uf$pmcrSkNPRpUPt^CBAdaR+ir4sx^L|M(Z=@@vs7p0PUh_%fcbRL!I@Z zsjA>3YLS7NhV}d9;BOY>*|&zF+(3?1C|w8h^U>1O#lInq3Hm z8eamnFK6Z3)1J9v+UG<}3Fw#T+%BgQt5QSQoDEM)$uPAZc&z_m0Mi~Ea@^Ax(i^T$CCnM zOAe#eE7ovl5;c3VKPc%cz}Yg(xutf?A~ST|g88Y!eYaTRkKCW&7p7ryWSDS_VcM<* z+c_ID-%(K(Hd;=4qgp(u76!!a>0}5qqRqx#459}#&GhlN55Jm7YnpO%AM!cia-4F& z-x14<3*!8#-;>&j4-hxrfP=O*bH!Njty)9TnpR)x@qHx-n>&31jsz(W-rG5e_!DW# z&FAFet8Rw4@>?0gP0l1t6zGLcYI2#rWcrQIR;k>qc8jV4meST8OPa`jU@OrTvU_fo z6-YDZz|}yYEtAS@?hPf4hOJ)A*btPq+tfm%*i`{Pxl25CNJ68!HyCs6$p_&lR@osr2 z-?m?LMn4Gk2n(TLYLV6N5;KtuN2~Tw&~hHe*QTRUKw_WZMTx2CU3%+o8D<~Xt1inm zVU>arGDBl6!jXW3y-zY}lx|gCO&c-i_0y0Q4d|17T0#J6v3sNvUnUDIT7i?XmPrxI z{*(v_ioHka1)CO9QSb`rYGBQ|Q)7!R9O74(KX~#Iyae+=ijp5h{$5yr15NRYjrd3sT5k-w;#nnCdz;ewnhr^8e<`v|6}C&+ z5PpE6x>#MKa5EiFw}iRh7PnE}`e-T@$K#9Z5q6R3NuAs&b++dYT$FKpEH>DP$hsoNYH$^xZ(3vDQkn8=E+iI+ku6wd-P!DHPhC?z;iVBB$+NN2B zavXjI90qpctR}7d2NCAkHTg%#P&E-i~m8(;Ynq6n}ag1XVK2G5q#=k|K5SoXR0D#y_ z!`H%Q7!_ncY1mc`50*7B2O={Ib~P9M2(`M)A|r_ev#?X`p63}&6!hmTs0Y>(i}Xcv zSE}QxTiMRZ+vNGdi$V9;a}l9l|2=ooR_`1(3+sod{~X zUHU#-_S+hjW1U|4Uc4uKv5=!QrU4iw$!g~^f~=5B#~Ib|q4E}DUpKWFqWTRBv1QJ{ zer0*Y&YUU9hC^6PmVt_V%6>~s) zSLT<%1fkB5T54ENs05N;Pj1o{BHqK(ij)Ubv3ZTDX^wLLO1XkBu#~lND~j5_qxv~_ zQaR9&DAQp5VDBmDDmUS$n}Q0~-}DisT9b02(|W;vy-j!0znv+vr=`RD`R+nXc9taY zDDKpuDPZ4vxi)I=o`pKn(RTi`ZQM=%!+rr`qF_Xj*v@*qWBQjhteg8~snt#7J;NFN`+90bevJOo4 zWP6`C$*=@TyRo*L#Z^60@0PAYkKw2R-UJGJUsvKsnBRkhnike7jDihTmLgW9!q})= zlDz0x#4&e=x<2tD3gE2-K13!mSGXzX;_R(Tw0u1+A7sM>XNMl?&>*(crY6VjUtWqE zN1kW8@HWw zE7d~2RcQh@jxeZ-GdtP$IA;Lww}(Vt+}GgIX4LybvM1;EOPGA(F^NazQ`;jd3tlJ3 zaR*uVQf)U|$0*`BdaN-dRDutdX;j8)L*8!t!>YO*9bkmhkCZfbh&5~;nRsv#3eYDL zRG~NtqD-m9WabiTV_EJyS%*+&76L*v8z6lXJX3vq5%NHF3(6MaSU|j9=5bCm8g=&? z2G$%{+q+Ly9HN)0P5yaGjHTpACW39-%KyTOY{Jq!Pm;y}uXB3y4`^p)~=z@eBk?MAGl9~lkH z4xnvEVQH)tk3beuzl@07XMNjNk`Jdpy6HDx4FOAlQVqVxukDmcjV6k$ zm7uL3pEL1F`Q!rD<(7Zq6P$=Lb%NrWy%tUq0`MBGE&I|8yesJl5aUk@byCF>jZg_s)z_xI6?jz(pxYDh8(1(y0rSx4?F%VGAml(Q`hwTT5s=SCTDXL)bzMdF>TD1{a!tRhRa0j2SF z6)cgG?bN@Y4gKQ#!6gl+VMIKxn|mL`D1JZOP8V!Q+O_x0 zuK%hW(;J!=$)r(Awpin*y$P$~ryKPs#RMtw`SLR31BR{T9Q<}**(e&J2Do4=Gm@It zoe^ffQ04iYr~XbO`(i<}52G4ac*z!^=FtCiUgE;@lunK)X2sxvZ74t%;l$u(W=Cc8 zwx|)aDhNw`cXK85N@3HJ4{_o*UfK?_$=NALEq_4$;#2(4Q#>JX339y%hK3TZp-}sGdy_>` z<5t!%R2f%z-u~F?LKct)g3D0f==>XT#Ao-_U2`Uh{UC44 z*bug{`1L z)b+ADH?$}4Hl|o+ESRu7dH4UdIpwdHuwWa~tjyiE49N0*C*W$Wn-q=uDHf<(g6@^u zO2zV5Ys#ztbGs^E#BO!s~uWW8$e&!y*L=2`E< z{FMI@3pU1byZw{q{-@rQ`FK-OX~q+q7n|lp3xh#I{kOFeWo& z4=bohOu}QG@~u1Ou}G8h&{8fy70JP#6V1K=zYsD;P6w578c^B)bjN}fm#)40!87Vk zY5Pym);|mj-_Fnyiktg?Ff9gr1}2vOb*C}nvv4r~M`(+corB^3iq!sppe( z2GIC6>$-YzoTQ6My_~c}e-CKMALM#x- zCh#FZPW^v3Ba~+W_X>($cx?#ZeAlmdFEyla;bt)~aA#)+NS`ek0O;H~E(~rDMo0({ z3?3Qe9Ml2e%M$Gl;0o-0I~{-mULPc+;3pjhA=ccE9ucS?Q`_JLo*fEn57NyaA8@S+ zFcfnGK*tT@E3WAU51hAOPYoCz5&pxiv#-#PByhkFJm~rw!S+VKoeug2#6Gw~5TLVi z1IQeY84m#3?d=%CRfM4aUZ0MB8pS%y<8+*=?*nIJ=>i zKgb|9!5UfxAJi2nV17bwJpb=6?3a@mB{7J-|9TOiD?Ax`_S5Z^I@9p|94?m!@ie$T z;2@$L1i;7hmzPP%aVjv-&BbTi=j}e!#V(t|>iquq_FW$V2}v+qf1Vx$$Q~Lhut5hD zBB;1NTEOpgA$aJw3h3FbI!rqe5dL$S`W4N0)jyM3>D+f3y*t3~^fN$!2{lOnKk}VM zz!2Z-DsKKa>!eTUht2hO^1%=Oi|1s7aYnpsN>@&#OVDZV$@L&JU|8D zi%&;}!0)IM*umeU^P8+P0L+LbAHvP?`;}x+zLFjYR^p(~B@cUFSQO`(@4V z+Aj(n=ssXAX;zlt%49I7YDi0#3Pq#)olW$J7l=(-@9yq%j!=t-0a;_*ZiT8~Ua>Y0f+UE>~t-k^0h*q+`;q_`Xwr zh?u`b_#a;)+b&Z2%^{^kLAtP)BZp@y}5{x-1%r_QM;@w?uk+=8t;$6dv1p3OLbJ!#f zBB~#RnR)cGzD3hW(xGNQg&)D&Xt^TmpBlB*cSW?f3J}&1J=K2b+=0to6%Ux1R!E;o zS+HQIhNnee$!f~lvL=DX%bjxbRu9prT11C{dfQeG%9#Z%OzCY@arVi{U604!7*srQ zOtX0;G@3W=JFo1ly(Be`$jACq62hd%=uN=m5Zia&4BzunIhfKN#!;b@op`r8&KYVA zLR$_1R!H7jufM6ht3?XRJe=2HhLPftkF_;E-0bXl_Ya$7m^cFZXToQPZ(8IlePQAu zIVcQVt!mTgCm07-^*)ST1)-4_gElH|gN`f1!0FCthh-WgBO>Wt3vyLbTX_z=bk?py0Q2&6BA-%==&jHwgxZxVDIdIS1{3iyp25F(%U`;}o)FeflHSyKF06%ViC zTuXs~_QfCpyKr0oKH=0lIoe^OJZHqg;f=yjW{qs=aNrCn&sC$zcXh&)haSBvkJ65= zmUuasf@qS)G037!QGzISx;wgX+Si%R4@`!;xlfDwW{8Lm_=3h1q(0h`_;7=E3&?rBts8wnl#@vRRWodgqhX9d$hFF zK-8!4GEdCD08T(9DY$!u1vAxXj-MCz#twPptkFLmobmpS=_)$?yf#)hh-G4s-Y>C0 zeuI;mh8OmLUfLnak|g)mWmDcMMTi#NG!1Lk{tb?Z7E!Q-!@IAApSg3~hik3WL8EDZ zPVC!bY%T67kzx$pig8o*D>`g9PNoTnfRVDX_}qBWLgPu zyQnGdRe!h@L78*)^CQnp*KIYAPum1{-Q3* z^piAlFRNv$IVTy)K%x)fGw1-!9WvY+0%Wx-2f84$<;RG^y#Gjp8dlD&ck(;TGGJ5o z$i3q(!V?x%|3N)%GP5AQfy=-7oK&oW!@{7sYSMXCFk47LwY9YR6I8K$Xbb-elBCN} zn7;unI@##+VtxO*D#U7K*osOQr@^?mtqJ)M9$mb9d-T%d#+6J#SFZ|tXpm@YMQ9oD z$;t=gM0DD^xVB)3)l(pJ9RKGhmjWFQi~HYL`+N(4vZ%4Xbp;vxPd zOKKDxDy2okyrEd>gKMGZu7$avY+Qg*kuV)8a{TkTxg zq=TG?vPtEH7{yby?q=wJLTXpul2H>iWDwhPq)Dh265q76>v;<1MtlWqU$ z#d4H4Lu=B(;Mn*)<)62d1R<`a#KQ=g=qU0Giorp$t!Tw94vwJ7sZ5)AJWM7}&TbYx z-m;KG!Jq1Uq~o~tRWj_m_RJe6r7$gZhJ5$-wb?bjEJwdicSDQ6!dW1fmeF+0sh~a@ z=e849gG}e%ZJ;aS=&}Z}NEhI`Zlg1j=^&rSMt4^r0p_|c(5I0lk2jrn{>LpNIIp80 z^0s$`KJw7K0~s`detMtIbfSl;-RHLGQF2QLqY4!(K1WhZ*!%c_WU!Vo<1PE~Z>{R{ z0WcjAq5ojF*{MUqK)R;U6qbJz=+?kM#&8e{qemttPqtyoYjUvOUoFRTYSloBCnAHJ zj*8QXFUXGEjcJj78B@lQvVH8=@=Hp4T7xJ_E(jf+V-aOOCG5oWX3v;wP|DJZ(gC^C ziI~hWG3bN$?646H-?x27g9UKJ32zu(=6`hLEqSQ0#+Tf_FYzBX+w9^l$t*F$k3Aee)sJvY0fiSLE8Mc54vQjnW)+3_ zk!wO$;*INQ?MK&{rTw#xqBDvJX`YuFw4B57gipY8lNe;>7mQJ6IJ{{DNN(;Bpv&3h zF?0E$c4wO8MLf}}!*(e<*E)+fWi0L+$zR7ojjkS#keuk3V zmN=6)aQJv>F{eHzWAW`oo&%3FN_ta4PYW3{UN1vRHu}^ouZlF;qEdYyC76c4WkuC% zydbN^%c&}D=R}-lI&Dc!jb9U|V`(>+CwN4pcFQ~k_2JElyRVlwz5A<7?unf0RMm0Sk2}kD&noeYVqetPzPQyA4T)9x#ml`T&o|<= zyR1P8crBuU9n>f0Y9sUiIFJuap`?!_!-xN~tFR)F1@5yT9 z$)b-ptG2k;K^e-e4}qb`7+RLJA7zBwY@}p$7F)@%XfWv3WGAvA1$%H|TRu1K=B$<- z6t7_q?hRVqMp#9KiTZ!LVR&RgNUmjlByx8yq%PiDImg}3RNO<_I2`6}7w|B%bAs~S zmA-$jdtjH*TrXareyI@qoR>gAZB&C~>CE3-#OBE{QWhq$q$x&~6Rw>sr6YWJ5M`{e z*#8xsMizo^T_|l;V?F<+l?fPvQE=Oq@o5CBk)9L62oQYC zqD9P^Sgf8w;riUNb@PkNK(G={JHgBd-D{P%?pCek@h}RSgtB92H4c%i5ckkAo!t&J zZTEc#t%e~!It}kBL0MkhAvp6?`GjQKEl$%yl?{{e)dO%0oXX4O#gXP6P9D&!CFe;>3L>QP7nyi7E$^v`bmRjE7u}i>F&3S<)>p_?{a9<7O4V+S z;3pBZO=agFi%^dWpX?9r93%T#OP<3G8MKLoM~_x~mZnOp%6nnqa*#O*OKv(oo#J{$ z+*sdXciu#Lhf(t@!2b1UXeKF>QKuhfI}rshs^=ab65*{nisr**k)fo&E}x)zk)2Yk+q@*(1F1^prW|_O>*`kxj7L&v-;O^^8pN)!L`{P9 zs^o;O`~^;R*3JycwIb2~DjQ8}`~bVoUrGhLaaSitY@k zpu)kcT~ZY7MdG*TetLTVgEGYs=({K7x$T$EaicTW8`#IR;YjXaAo0}=w{%p;3^v-r zdhJ1=nW>%7pZ+Wfqp3+ev)UmKt*7m=C6Ah2Z9zHEZ%}XJe7*bJ9;xC>ATdr78;?kO z#}lMvP#r6Sh=f+^Xzp}gH{UcxL4&1Q)v^uM5p=cP1TS5$8f!fTtIj^UO&?koTH+I9 zcP9u%%CNOJAM!Ydrob5vAJTj7d=EdsmYlSo-O+(HcX>!~=yn5)R zV+Co$U53DGIZh_~t#<<$$|OsA#*=%6TfBs#?YtJ|Yf!}-Ds0jwd$_Ha0%}Z>Nn+D_ zmmXI_jA-x}5|U9&Sc=$nIn3$ z*6c^FUHB1ujjY+9tqKE=j4ke#Ubc&s`Ua|V7Z|%@0zVkfJaLlppYn3i7Fb=e0>r{CLXWf`}TN6v~+oQN}uATUY@ahv~R&RVnA`# zC?VtLY6T5h9M+*4NK1N4=MSm6o=okGwcL2a7QFqbr28bi>#b?<(1`A{B=MPiX5#4C znf>6dQ7lUDYZM91`+6I;^~+!)7nFEx|E85^BrUY0w{&&gu4n1=tF#Ja+Q?wH)cid$ zKvIUhx|jsal+O{>(o~O8@T+;cW4D>z77J+?XUB zFSud8VRq6@{Cy!jn??WB6c?d#7^+u9353Zz%}lk6K_c)fNL}|Hhg29}-K#i-VGzU6zTQ0gs(Zg9Sb!GA1OQw8B#nN59XKd6P%?&@sS!%NnJRj&0SWk<| zgL>U$aP9gizIS5+4E?;lL5#qs;(kCnPq*k1~Js(WT!CXnSrfgw6P{gK8o~a5B zKnl(5Axg)2S5A)abgZ~9BBW;E*+m_ETDXP~=3{vkpbIFYgNWm;z5+lgBPld?Xm;}{ z`p9Z*m3^_iwSim9*2@6Cm6ZQ<0;^g*HMp`VoH22_buF#|sg7sI zOp&rOdC9X=tX@x<$^6sz(3R!f=xPCdrOq2ZQ)Hue)b{+O0saKJHn z^Ua3SkcYa_x5-t$bMHOXmFBi;e;_pL zdNwwd=6 zSXBI^)OkBOvzFJR;AGEycV3dndquBeBz#)|*Vjw$bn$(|5!=edD5n%7-xNxlpq$eLc3g7<;_l~+5ozmKQH~&iZj}m*Ft;o3- zaRPn@{w?$h#ch^z(~F2^od*ZZxh+eypc*i=4D+m0R2NoUg(znEO=)guP@_@&i*Bem zyeV8%@aV58qV7V}`e3^}r-u))g%_SRSRl3g#k@(U*UsgG1?1XltW(wnl+jDn0vcV^qW+=$s0-il zn}G)RI`7|ONKR9xY&kt|oLM!8+Oqx624@jE9r$w+|Dd7p^tgXH!(G5yEGA=#gfuMpbjvDZ)C zU-=C8@*LgV*W(AWkZ@h&wh@5VAoT~%#}U4Ix=mYo`Tkcz>VasOnAh(y$eQ9cpT#xh z6N@rx10vy{f|e!25Mf-$qp7D5^*Rr96+p+bQ%bCazD?R!zvoo;= z%8(g)4su?Dw`O~UN-%gnJZ*w&h*_uFR#aR{n}zC&c$Hc*Z@02o)x<5-eDjhxSqd%z z)N}9{g1%Kz*<6PCp|&G-{fozJ3C_7gsIL;2&ia9T3L;s+cb~GUW)HTFF>$Mb-$vA) zFL9^S87VTEv2R#tsnf?dL=;&4B^JEN<>>0uuNOxbeI_Ob=ak{W7VWgkJ9iDe9J_y~HoevDN{`GZ$u&+QLZa(ZzKNzYQJ`4< zlb^vm9y!`(t*0D2qF0_0Ru%V{-JNS+`PPefbST8!Ah>=WG8m0arNZMLqFP^oI?C&x zb=Q=^Y$xqP>6`$iTU+uaQGIaEuM?7z*F50@4h6^K5(X=L2V}NXWHhv#8_1zwbhG@? zwn!k=K&51KJr#In0Kl3{=9m8ov9bLp#P)9>_kV#KGa)-0^M6Ea9BfSgf5henuA*YQ zK~KiyA~_);!NO9M?;`1b!U)IM3&!{xp0FUfjIf-NsyduFoDd#_n2d-hM~a$gO5psX z>*mMrq{?-A-TLZ_cLi?-Z{@3s&SPy*M|cYU3T8#Dunq-DvW{3`U{(en3PM^suulm{ zNC*~e8S)zv97?P2>l4``dH*NT`n9h>1Ed6c2xSp&jxryA8WJi2LiiAs=swbbQ2_={ z?KO^gT^_j%8eXs!7@jP^%K~+ifUqoJ80>?Hm-lb5@^=Fm%z%hL5;(Z$-OjNf8|fw@ zaL^zBP=zWATuDx3h$rC8LPID{_E&xS;975^znG#(l#GlDD3On8A|IZVQQ@GV$Qttb zSepdb7(niz-~S@3V50p13UX*9Ff9+_&!6673wImBMMMNrAbu!J+#`9$-h$0tKf(Sr zL1$gid?tw4_d=UnaUtASbxVIF$KwZfwKM`{7j+V zk3tnp=#sM_up@#C>%RTFLn34^byPa{!1#rM;RiAB$DMbblOS(LX-|Lu=Qqqh0ZZUd;;+}p0hCtzaB>--^B&de zJ;3l1(sgJr(T{dTR0xWhApFtZgF76>vy`-+d~|-_X%~px-&^!^py8?BMpLp7&riQ zP-wB*q^(zL*Tqw&asZR8ajuMwqEkPOn$R2f!L}QFN;xm0#~Yh@x1lb5VQ2bUpHJ3V z%H8K3sqg)fN!(07)cDQ$ILNhT<4}&z$nJ3G`?J8-RDpm`Z3hjzbTq5HqfjYfKi@Ja z>lN76-CF5F{x%62aK$a8if5WcU@VpB|P z-Krgb!`w%5&!w*pw1!geU797KQ111VH|6umK;(WYjas)TEsgKkujU`Eea;_r-KQp> z&!f+aOxvmIjUT12&GvtBYPVyy*%$X5Pq)&$W6R-9S>g2fig(qc=NFFqVJ=Oa&sCtl zY2L|+0Ma{x*2~e2eT|U_I$FXM_|6Y@*ANn^${F}!NED9P^7OQSTb_l&Mp2;sy7@^39s+7B3ahl zRU2MP%Tp=B`{}Wa2iY;07O1qwaE|jgRvLLsPLiN)U}AG}ZREF>i0euRoi7*Bl<7gu z)&obmZT{BBu}tIQ*`F?I%cVmO!vfT(a_MC}{L|sXslx^2X+*SI9c?6azP)eAn3R&o z@Ivh^S7zdM&#|yc;3k4+0@3tY4O{vY9b9RvVZzQNYu(Ofv1Sb2%!Uf>#&J5)+2pL9 zit3i~uEm(mn?@P-6|pQAZPM6;6*S*KZde;%QxCa~m<1Q(2&|-TbE&qxf@wqZYy9Y> z0?jFUXsaB$imWUwR_;!})FddZgLl?EbC#1F@)`D`tS2?i_zM#@n^STF84IVe{k=8` zOU_FF8iSp-n@iANy5H2$ze|$8RVxW^_}iEBV_lcd+y|24GOo-X4|z$Nb7$l!Ju75Y zrXPJt)lDq+<%K(9Ar@sD{w<^-ly-JJdg2ULd*bo#CSNbXdNU?roD;nwO#8SK7iR=v zb4c{JQ00gVzp{^>n5nk#Pu&{e^bE63!5DWGp;X(AeHSrESyS}~%8|hnQdJ&nu_vsH zO;hafySmWB%-Glyww!ZrUT{*1p8tuX>aP|)RLW5FGbAI63i@NZTyR}?uG2(dZ@@p(ekmQEpn1_!;pzl zZ&Kp^w2}MI?=}H?ISDF`d)d;OZ6%+DNGRdIpRiXUi|!SG6~;aVqde&HbB1FrI`{<#`2{s zN0=(JWR%5Yo7oYQSG`9>~ollZ}U(nZV^WFG;lXGwpT@RD%6iAQm@GwTg~xh z6TiUmo9sBWyX^T(g@cW`Ni!`MnMxt0bd3;v~en^f2G@S+^B<5;iiZ>Qe)2 zp8*ApkuKqp(Nfm^Oz)g$9@wsTu?dy^65D7~JV}DDcoqI@~`Iw_)P>oQ& z#574nwA2=fT8iph8$+#>CVZm+*}8A>>Yd+2qzHM%O$06UTvq78tciPN54oD?W<)S1 z(_R-O@a()Mlq9y}89KSnv&2%nW%r=jwTYd%1wO4|TwA9@c3|>~j??)ZrzwcQgRlE6 zWzNG<9LFD1bf!SwQ(;GmXIZO4y2CPV)diul`}pS`BcmPHc;Yl_JJe!IzROPt2@-yKi~$1x}WK--dy1bO4~x$?$L6hO=C zQ0JxQnU0)!*P>F1K_CB%@chZ9EOsu*PK84;Tx?gk@I07UNr@TaFpEed^bWW}+`rWV zZ?lJf@6jNQ8T<6nIklO1 z5V@fBLrOb(CLEZNanRG5ZkhhqSVBRlD%%aB?#|7OkX$5{YN}=v%MM}7G#gfW$~Ur? zOk$J}KiI<(2D?`KSnZ;Z-Qj6{Oa0ikR1$4Jd*|%;EaowX(yz~DcHWjeTf70yg;^VP<)Uqe$^#I?z_ zuw*QeB;vi@_m`UxqXU@8RNfd}Rd% zI`H!pmD+tiYj?@kwVkg++$TI8xcIUA%3jL$5T(`0#asxivp58(j&cxIeFO%S)v@le zzXKSAG*-gj=q4tilbYi_pK+`q$FYa9e%vk^>UN1j4$1 z?&Cg@xgCbiGarG=?SV8yi`+t3;$pPCa@|(H@ieWU3@A`S>qM-N_K3=n4p?_g>-YDw zx>M%BBXoS$dN<7d+PC($^gX~MQ@+xuN;sZjMj8BRY*nQZF50C`;-u8Ews&1|u457? zSpaa|btq3TeED}?R(zT2vQp)mUkauTySlJ>nz+Vf`9lM3+Ps~|ucfs`YLrMJ->Z3s zMDFkfMoGKxisW8a9B?1Ma<_cM#^soK9lwY32~fJ-$cB2SYB+4vsfWENq73C8qVzlpDt~Gx*N8~Mp&s*tnX!<{TaN!TnD21J}F%uLW z$t3{1^Cus2M3Y#=hX&t#V0rwfFSh37C8U`pkOEW4F1z-K*0W09`}uxlc|(p(8_Cs7 z&J*8}Iz|hyzTrF(s%e_I)p8qCO7~4Ct-b1 zksJOKo&nD%Aa6To*ezTD2%mJ%^5|Cota*40D1vyk!BmWP3!ZZ({=>x}RZ#U3(N+RI zFt*zAu^FbMlSfCcu$PsHb2QhhEz754SztPimzLhLW}av@)AwpLa;}bFYQGWTH8RL25rrF zvur;0I@32HMewi9w35ia^?>h7(2EzcZQLEOL}GUKB&W(vHU*OvUDA)a)JQy<_C^Q>h|=}Y}qIW<~Dbq8aoE)6#-b6?i*Vz2S@)hpjL zmfcB50O1Z~*V%5x<;f<#{Il}#$r2W5VpFOqBrnMr+#mJlv;&cPApg8{BH_dEXDGa$ z^7*82ugkRc9jq%&FCg>l5-H@0-j~AKGsxL!?_6GXn?tSk-F4GMdj*J0?~>HLq*M3X z)nSjBMRuSXGh93?4EA=4V&w+I%Hd3fZRA1C&LXO1`bZ0eX^5#;h#ZtBrb%MO-lYM~ z_a$jnH1f^S{5Ei@Tr*O2?&1wj;y#v<{{BJQ@Xozvr_uWhLiokzg>Xu-o7@<<$?JpF zwk<*~LWtfE0FUk$v2(wjSbZ`?z66L$^@hB z3qudjle!UTTK-K-oG$+*P#Vw9G$Eg`;%+rI@&KkQB9_M~jC@CC?uQ(@z z%{82y?aM`8y1=+IJ<=Nc49Di0!{hRFaDc$GT0BU^0*$l7=M+H;Z(v}$SU(1Or>TU2>p`3pT+f2Cqh_3j1ILhk@eGDNgR-=mwt6y|5S;~X@ ze_IX_{*efABXep}W(FTOEKr13=Rpb)p3~$#kMwsJ=L+^*2i#su{hN)7A6+FAgOi4L zIjkQLW4ZA+C%N0$+J7*~k&+P|#z}^D1!h9r<;Mi;(B9RtIxfwwH@$@jCJv`)>Fdcg&gM zGScv&%=*N8&|&9wPY>Zwzc|1%eLCZ^cP&r&4Qv?GKYSFSl$pyVpkK>%_|;EOBmKFioWqEu!c!x|=S( z_`-5Iu!0|??0b*{nR&VFEp3=I)Q4(}I4_=i zB<}%E4pZ~}M^2sMwtr#yr;BX(P-jvUeg5kbpl|Ih8Zz;AepQ=%aF5m@ zDw+4n*KaHJs6<9-nyT{fW?5GF$tTwOY;P-Y{e;PVD&9p+w*ZsTdi`Eei!0Uj3zr$6 zXNGL}G4eLf8GruA!~>;>E-A6G9jowB?HcRdbd05$AWUBTl-gr6%sWRp(Pl-fmz_fj z+?0910P2$W+r05pQmU5qkh0Ku2oZJlCUXkZCeE+^1nY@V`H1Db!K2|xkAsdirm zg6*uIhE;#6+PLeG5D>BWK$miqkDh>A*vf4MTKU%qd0<7V=kZtC5^zRQO{D*a{1|Lf5rR*SAA9r;T1FfXtPD$ zyK!sEx*~67V8O20-|5dEjJ1S?U3A+@Z)YsBcZNHJ$h$~dzWxM~#g8+ZgUlr{O^?uB z>$G3vPbH)$n-~vkSa*40^g{SH98cBu=ODF5%AF!GO4V9IFUc$?;-ahQo?&WZ1LBf6{4O<&@lXJE-2|@%3so3b*8_jM7h6l7 zZ^J%nI+#_|l!JuwRj#i(1bXW)HnlwO&BBAYkbtBAgDKy7pV@u!5X$vDoi zDV+XZQcw+p5So8MWpaQ&aXn%;1J3HIWPBoM62A7x?8jA!Ju6ms6TA5;o2}KfyxZM0auv+=+vDbj5LTjEj$ABWqr zS_ZFyseLQmWO_4zr>W=LQA?J>VQs%3NK2@CiIO?iOBBS<9~@`TuXy^3!M<;?Iqs!I zz!R`yO8Gb{cG`*>fB1gAqOqrzQnj=d#8LZTWrpZy^D49MpQil%9XWD9k)w)rvphMf zBlA?-edx-$x}7Z%o@tvynwT>|*8-QT z$ja4lT7iQ|EG-KS7tP-7#qlv9dnZvO; zuH8_!WO~u=e6JhMWzFso;lzlxt;LSu(J}FnKRlWgvjIo~VN_IMh1xvC0nFC``$DH5 z{?QYm{s08BW`eerIb2^bGBm|7w`H4MYIvpN=GaPfu)H1TXxeM`NbC-NTJz}D zoyAB8DJ#h!Uafl#>7bC?_Vc+^CJw&~qg-gurqOSuLgh+M3=Xw7fKMjtglw0mN@PN# z{$``k*bUmWd@V>lni{DqE?!0g8s|I8%ud4^2wFUk|6dM_S7{T38iICx7Tvq;h8Pz$ zYu9sL0~)jmvuQ;!n3QxqE?R-Gin{%TrDfEWD!QE!(uWyq$>r?cP+mWB^ip5rBaw*? zEqz?7Gh|v#g1@eshlJ<_4l&tn!dqt>Op&r+ONlp4)D$`bykDP5qD$k6m4i)dyvuK~ z%v49S9SKBpE$nZa91_H(dG;xKXnH2;RYXmnZvU{nG^tjTqJ+2G+XMA}P#?#nbzaW- zu`u{IF~K=~OFG|pL1&=Ch+BtQfaus>g(KeL$BW26d(Xr%*YaVe{Lbc`{ zP?RcLU9(2T6b6T<$(bB4!;xvafhC*%@rn1%HjZ`mSg2BeaCfO4d2s_NyDhtJs#RA9 zt>Sx(Po&S$Y9_Lx@Ok;lYgb39noCg-SNUiSlUkak75VqIyL+K}`mhT=&2q{%R@~W= z1=CC>ME{PqMbrt>iLJW!uQ>YORZs_BfI-`-gRQ-{jfspPrfl(mdn@UTm!k(^E@HYN zb5GQwf2BnN6&UNX>^v5}NdJ*gZ2WRZsDAm1aUvlB z^qG7~r-nH5*4|7$s4g`@YLTkpQ=rX=e>yYl1C(Vd@F{)t)<93;l$NbY*O3BW5jl4s zvj-YT^5?1Wr;LTAl(1Jp?0m!QCrku~B%1<&)T)+)i>rRT+FV`)|E!47#ngDw@XX_xp|5_!dxnY+pw64Qr8*8|e2mcXh%*iir@xR%@ zkhyuOEjsuob8n`wDnEz>NPZ;$3FmVBC!EX0_ndV|L@K{6Dt=N>;H5n z{~tT|jo=D7+Rb#)+79mQ*Z=)Y53jXq$M4Gd@755tLIg@XtnBt}>Ed&3walD-{HWfb zsb<;BXggQ29T$I6bZcOyqfX9ts#g2&X}T5F>0>?{sRp&Z`=KMG@DX^aR) zDNV)L=Gn#sBqM|l0Fk}Y#oKw1<&&|!l%3iJ{kGafB_ykWVe~zDv3ILEre~M4tC6W; ze+FPO|4=>njU^JoI*LO=5{^!x?a2dB*y#lyUbJ7#zArSd1Y>gvcL2WH>;AN~KMHjY z?ncXCYn&aRrexoEcXq8?*eQ zp4*R!j#UrfN6qb!5g3EFhnGBt0e4$X&cMsAAB3L^#|%?aR+B^5(;wnbg0%GXLX6(D zgdB|C(cv)=15?8j5QiSX>yJAcnsOGvz3<+=hIVuwx%Z>iY{&i#fc^aXaayw*CZf@!U`@_gFYR%M-iz=a1^UH&*nu-7QD>j}c5 z;cz%#03?s}-KGRU&Fn!zDmdHMKQ$?V#MIDJe~!HKsGU1riuc}YMtXF5UkcuCNXUea zW6=R6Q87ud2Iu=m=P|e6gE!&7b|>EXL(v6mdr;vF%s{x>yGnt!&)z_3@pO^CJ1IC| z{WZ_y&h*3adTBp6_JJ8`z98>9#VbBzIDsaye}pTlqknda|~U(@b~ zS0-QGYu~XREnkJW6FhVsfL?dKpQ>-U$vuLcu7y|ea)BJ~Z{Jn#%a7-uu#Yb1(w;4y zn^Rv@+#g3oz$oVrWH%y1Lqo?w2jkED&W_?uw$8u9pmDXt_O?EwI>3-}u!n zmfV}LmUFOILW4IDz;gZnBEHeqOcfnx;LMT!6orvXjWlK|Ddq&@EmKU$?iD zq`Hy&nH%$Ksl;s^37z6EBza`4$i+v*E;JUKh})N5_E%%zC82g7&k^NA_LgV7Dh%T_ z-$zl``3H?(Oz6~2*|nPU7{H?@-7I=3nhAO>-F;OE4Z9@^$b@Pd;X2mE7wwGnEXnNN=yOUxd;c{pQ#^xmJi7ciV-O=Q~6&ulo zOq*6~SN!5iMeJP{{BfC zWT?MiZO)QU^;ndcY|j2rY!J8;*r0r%9{~TjxreNoGfZTmcBW>zfWmF|upY z-eLRt%eGi>A2a#4J2fGs3%f90b)FERHx{Bs*rC!*LrHBP6h9Z?*Q-l58@Ty`$}4T-(C|DnZwW``kI% z>>LqJ7!!IXA?zW@9HNmD(;#+2s-kwd-nHe-EX4 z%OU#AXiz6$d$2h@4mAo~!+Y-1o%nsHRa6)p zli1!_BuWD@VcV1u)803QW8ta237RoJimXRpy3FUim18Ta(}@AJkSJ9m!6PN^@G;V; zeRfN0eMz@GWnoGcfhFX&qK1q!V~?lAuN2YJNtx93rvj|Ln3TMJ{@0UJ95N*VLVCdW zSOl+rbayYn@XdH*fe-yj&{j7hvt3b-={b5_!nobCb#Y1vo>o>|&<)RSfR35V$y(jh z;*{F#sCIfbQj{r^N>i9xBLTm0b8E+VgY-KgI!pi6$Guauk5UWw^|~OCq&)0P+DwYc zCI${+=e-;D%guKUwB)<-eCIKM+*HF-$MpNsZ(C**YI@`FI!^^o#wPhGG}j^1(y5p* zvSF3vy)D0JoR@1rn@TV}ir3a@ImW~WCG)zsXL2vsz$zB@=;%JC(HTun2u`uHlCLiZ zjtduFU2mUJ4t$BpwPNeDPrO%dpqoVvlfil+{?U@ncP~xB`C|QMMQDF@s6?T1b|!=+ z&jvgMO4AxtV1oOWKQWW{O!3J2xX`ft!mK=&6J*ZKZ@G`b<(i~kA`J>y&x$4FEjEMR z4Hg(u3LW$OyvZrUq_R_y0o zzKm;YS?6*VEI0@F@|FKke9-C-ZYFT1^?CE_@-TbS{la86J89afJfr4pcR*C8_GxFJ zIbceqw~jTnC)J*tOV=kN$rz+1F6K$#>W*C7t?Znbja;Api8-s=d0%B7P^|pmCi@}d zIA}iXqr?C*D~o}b3JC7MZKBoILVWGlW&7;}`2*BKl`OiUE7t(U9~mB1zK%$+W;!Uk zNKMB+Cqffzoxx`C@5K@^r=|xG`h(IAhKA-Rp5bf+?r-Ls1x1~Omsb^WDV(g8WCCp7 zUYxMY=XohXxf6Y6W>%;)e0vV57JhU}ot>b@Pckgz(~>oA9p=GixzZ7xb?F|j_b z4CsD>F(XeAYwv;H10(L`L;bnx7#yocbMuxR~jR!eKBypZ`c}E#P)aylHY{O}YVdGyflDV$XqJDOP zj&+JTeR#;@iXJo*dh~zt#x}i=*ISi1UZz{%ppLtHTHn3gw=V z2dC3Hpa}nNUv%p`H3|7*0(%x3Q#Xu=>lQ0}DSnN_uXm?qdnyT$XR$j(PkkPJcM{2W zS+ezH0{XL>il)d`8kw*qz*ih^A_@wuyp=PDgb{g-yET|rz!Wc5X<2W}5NFaAY`9if z(7=%#ob2bOH&b_*c^oVQiE6j-TNCfTO~w6IN>ZV}BV|hjcm$6;5)V+|dg$49MQ&BQ z?voJ5;voTw)X3&8CA#onm@JkSfpsEQt31KLotdlcLcN+-2-18;(!cO7M6)jzlNbZspd4ySuv`^O6A&RG7+|+x_?mA8?Mk|YMsL{VfGI015?gHlV|X#w?(?;F#Mj`|lvx}!>IwSM8K{We-NvYJ)6Www ze)vou%IP97Q3JmOGXvFFP#Ql12F_va^x;rInL=y{?Q4qh=D1Ee86TC#&P+^}2Ea=< zdShE42*xK^ou*SBX(P!V3Rc||R0n!5uW9E5dd^wqUaH!Il|pmXBv9#acv^PjUp>CMp>iy*X!~-IS$1i!13l zvY{98&2>y<6Uuk;xO6B+7XyW)u--iy*&AK2MyW2L(8QTzT)B<9Vy+(J1>XA>(eQV( z!ra)i48KOh9`OnFcX2kxN8QA>T$~U}b@*-B)oWU4y)0?fVb@<4IqS&`tTJ90-NmEA zUr#ZFXW-#T{*~{_K>sfF9MPPi+H@YIqK$gg(R~G$$PGh6hQ&)hMJ_G_I6H_5d$)kkG5_=xx}xXa_;DsP!sG6;?qC!pN2tarTL>&KvbK_W~Mczu)u7Y`_fp zs7~5Hw^{nsVpkERi+8N^)(LG$m~5Z5;G%jg1BB49=tjJ;-hfL|31 zd+RO{VrnmGVm(fPTXFFJDXBh4z09`KqniN`X9_B+o6pfUC0%{01TLvj;+ zb$eTGe}!f)*g2E4*h!ui%Oid7aCaM4=+8@_PsNOZ%SeF{S7!L$2XZihg0s)(h%Xi` z4sb{p;vpAvMb0fB8Ho`(8z+#Lhv81AM)%ZYaT3D}-1Do5rfPj$OAf8yMHUcI)~Rjb z`98Q6DGsH`6&XnCmob_Ai1|VF<pRxS-!@$!Qu^(-EmqtFmXSw`x&5NO|y%~?_AIx zH{EQw9y=iNj3dxZqLe?TXzOnLDb6O^roe8^GGyOD)55`6*1$hjiK5;5&TFswqXv?R z2%9HfjmWD1RSW27WEH|@qF$d9kEspJ_^NS-sryMe9UBYY)SR%6thfWE*E7j&KDB0G z^1`=-toRGg#_*|w$5BI-C`9;z(?*zQa)>3*dDgPdQ6O}pmVxBHQV}9(<@TN1mlQl$ zlz`i$OU8k%5Qqc6%Ewgr;@kPlZRy%)}{>|H*vLA9n4uW{}T>G`|e z?_t@ozzw3gReU5j4(u9V-4TZEEp|$TUas$unl%ottNy9VH;PECWuKQuJ`v`WWgjO0 zM*XHk!sGtZYZ&eDWcDp-fl3G4l%#X_6`BO#HmG{ba#fH+7I5wp&JZ@6QLrE0hyiig zS|_cZ$8WqQ6bfk%Zr$<(R4lk?dUX?@VI(k=_T8>nKcUbWRNPs9ah_4P0yDRhVEle$ zC+tLi+6(SswR00|?8=-(yoNF3)XKpbczu@zexwTHyv$p(f)ctFj5gt3F%qt>tt{9_ z#56h>X&LY-JsdTGO|#418y6$<&IouZSmTwuc(!=()Hc}%sqM;x`EQZDYmANOeP`A! z-cOS@M0Gqmp%gP2!dt1JLEnee^5hD^uNxnu z=J`zzzv?j%j4LUOjx3%c&z|0zkfJA?R&m6JoUkG+kI8hwm`kw9yN3KQg3P71cT?5M zf9w7B5&TFwUA&;Z8tcltY<5?3G;oFpfI<)!>d&GywSj;gMTf%JCPf;d7cvM}3Xnmf zlOP4~YZsiz)0j214MKYAj{}Bs5fR30Jkk$@|Ng-|Dvym*O1Q!4r)!)Wo!$D{n4Z&zNu3?*qtPi@+UwA||g?4^fl;GT5M1Oba;{ zXz#CouHMCF+6_>mHoO*Tg?e|0%fuc(?C209$y5v% z=X7{8fvA1lDy3oFG@Q5UX!(Y4u^=&esLg zF9+F@EIIJA3=kTNhH6WBUfmT z$dLs+T4IBN4v6uoiBS1c+rF50MNz%Lth8gDYExpp)$~H4o6+NW?%Y)2YU&9JtKvZ9 z@$1OmpwT>cLh&Sh(Q$<`if0X|W4<7FTa0DBh@`?F7@)%RERpuy-AM)Uk|32J@u!6; z?av&tG7nwN7h`)JycPR?OoDK6P3Q1-?ppGLx5%P`O4^E-?7oSb6w1RY>U;trn3|1l zqv`g6&}I*+nAF;KqX~L(M@5PPjx=_>Ruc7WSGjX0M*WVVi;Mg0H>5x!PtPv@W5!S` zmTvz2rue;`kgk-T${Cicd3%faEZ&JZHn4>hRjQ6?x?5iZ(<<>~D(&a>QqfFHuZZyU{@DRT=TG;0iyiHL51{i}B3qWrru?AWojw7KxW@ z10!E~R?QKbZZ>~1gn3kgiNsthKRm4Xl><{P5+KVPU(}laRE{m`?U@--qk}Bj3$sT&qJ#$F;}h#eO?A2so)+xtq{%s6c2a5QI3n%q8d4hG#>$z z4}mjyCKUmOgA)b#3rmYoX@vwIJIvz-u`y^$X5+xVbo}JQow+k3lEnNTkgdhS@!4sE za|@@u<%-~};kkM2lx(h5^wWxpzaHRy$dC)iShQrM4o?Q7{))`+D~a{o=?;gP-e)a+c6|;wkIOXI57A@h#g+;unz`lxK{yF66Tfb3pQQG z#2w~ChS^TC9bt#B6f^3~;LDr3a~Jn{oA59)Jd|BNa#Z)P*=1~_52t+C&e1gM#&*LOkp%nOo0{>nD*HJ&!xbh$go4g#ElUgU^Ew7nKd$4hJ zpe|&~0+opJHymEB?qi?c2ZK#r#Db?`q@qkAFl56Z;v-$VaBV#XEPj=@doTiFKQn6T zbE?9w7Obb?sq)X`GR^Fq4J0%6rwfrPmxSMSB&@+1Fa^52BW{a3K3QO}QQUx0O`}Nu z_}}(~rPlr%se40H^|KFKTcb!cfPo#|AoI}O$3azPz!aou18)NU--W2Z4wM4iwHTf& zc!pA!oVEh%Ld1}*7D7W-(NsA5;BWD%AgBh^t$ z)J3)YR7%!6z52^uCPBQ}No|fxew$A2h4^U!xY;fW#@0!?vG~$G;`cJjDeD2hj%u`? zDa$5CRVTUifb_XeH+TxPTVDvv3xN;qSDsgZ^L(=DCF@PY_+i{+d*`oyI_s^EJi9PL z0k4DORPo3wZ7(!5pd)Lm6$h`}TXic6)PGq~eS{K~*?BR_KhoPmdzU%SF&5p~h7NX= zY6N&!i~Uxe)v)sW=v&9JC8Ao={26#S)GrO+g?Id(rV2jjW_7Okc?c`=%9S6KwL#hn zW3nhADo_tAw=Vq%*0^(1yk>mApZ(>B#?a#o4mIwcI?USC5-D|@?wt!XJM28iDPYZ8qZyM~{|Fbt4oYkjIA+(<*b%Zk| zO5f2iG>CLmR7QdNUMt;c64cZAo)YNQ+@Uz|4*p~WlSiG}yc$f+-+9`N&}uWkG^Y&e zIgCI#w*V8^S`hLgqYw%b%e&>NYt-Pn!t9t^9;HgF#8)cmr4MO!!_Nfmm3>%**4j>S zc=Uk-BM!+3UrHcq;Ol!=rtLNOWje9h7-@Lq4xB{*+SP$OXnhs`ZDTdm{vv?r&02;n z#Z&tNqgp6^cyzgBs7iSvW9LJk|8fzmv)cU|aUAKXlTro;WZ5fz5GN6-}IIa&<2>4J=6}alK#6G?e4(#4%l7G-R$H*q-q2LGg#kLP=nU=@(s2`Vl&T zSdV^y;2$m1A5jcDL$5WFdrKJ?+m(_+LC;cWI1L4-%)^1rGp5by2Mlui#6mjCg?(FF zMVGsa0I?N9zHXi~xQ;@WOyRk4z6%AEDCNB4ymITS}%J zJR$u)vzfls{orR8z8d{dcJov|Vth-G92>KNdsoC>BeMsI$*gmTRxpqNx0rOQxHN$d zLnXBTV(c9jE8)U!-PpEWv9)5`wr$(CS+Q-~cEz@B>wKrN(fAwtD&~C0GmyJ8>W$c* z3WuG=c)AhL(6%pJawFa97eo3u7xd#-rDxk{>|JDFZT$eQo&A-HIb{44xLgyhdt`WM z*Q9S5u2j&VCgUK)IyCQxLtd>sd8iC83Mn0cXz0Vl~f^s3$5IkI(A7n zb*4Ga*8I~svk;ZQ^yN^#=y=qOMM-aFJ`j83lZE5?bI{JPKeM9vd3ht_jV>(d05Snu z?LGmNX`&^*&GDjDMret2i8X4_3g#I%ak*9_-_aOq@qS$2$!d`cJD!fySK`6H`#A&e zV|mB;hDVGT-0^!xbE0g9JNEojlw4=^&Vbo`WXR3P6j=zqDK`{p`7WMGYgE8Vn<4F4 z$bHBpw(Z1vK8WP@FUe?5I&B}h5Tl@PYCZL{oTPemk+#x)RQ$ju6q&^4R?gnX+QUY& zHPlg!x@_w)0V5$?U{t%$$D+!7U1JKF_fw4d=rtBs!fTdQ^VtFOL&nsc#&y^pvlZT* zDQllPBA=PwLk7YMp?h=RI9i>obpBpaQM+nMwH-SyAN7-Ny(P8q3o{lMOs0{SE1t}h zDO#~4L-66v#cA#HeRE@lV|ruWR`3}`o_BVx3ox7!TbI|tGE)?MzhVS;XHeocXocn@ z!p$}_vDTGwQu2z)L9bk(0lDzK;z113!{CXBw;_dut2h@6<_xD5bI&x)(vnQaWuWQ9 zo)TMiS#)8Beth+UiU4eh<-`q(udO%f2_(^AFRk!dRIuoQ(1)!Kh%6 zO*q-^RWFia-xu;=Td2Lg{ENKm4PI4zL>uYX43zyr_BpFn#DX>?c+lemLpLa*%Z7IL zo3h|D3!KB z)1iyy?DWnn2?ng@!#HQ(aC@4VG;b$$0?jIeFyd7oF9FJePQx$TuM*S0>XV)n($PK` zXGMOPR~iBLx(=#q>DD@mOs3mWKE8II=#R-n#_WRLA6NHycQ2-}d0>7&vBFx>TxC2( z>n_$$BlwPZXpCjP5(Br)W>MgZIG94N*aP!kFvmimdam9O)D}yDBe=pQlf^?O?suWr z9l84pQ1|mVRRhy82Jfm~Bg3bTPiaxCL;}S2f44b9-J}nR10L!6@{1R`$P!#|4Cl{r z6ui34Vw#9;%>R{tXUMN&LDarLHks3XVU;|#Kwp=@eeki<1-ftiBY->^JUpXDQ0zHG1;6>J`@RpyAW+HcKzD0il=ttS6VQ$9_AuKi!vJCX|VZ~Gq|GL*^L zZuh@V?I3&IpFfFFDXB!I)@p*sYT)z0;4EXWM~jdxB)qTS^R-zFDrV67b>FYM*)1Mj zwl>SK?0&)VWT}YF+NBMT)@vXz$lsA$FC|oKYM~~foGUya_C2&fGaX*`UZ%UJN&E(x zMPP+2paNWMBtcX^ea1`K%6TX#9I4w<%1!C6CSvDs>)zoMf8am`Mw-_O4ULLAcS9d@ zQv){^g+=v1pO>(qy72?0p|>2#M_)Uy>;|7CpnE%6FA=_9A<4*mO{kNgu50pxw@H^x zmH&bU5A3xq2xQLV#feDkk?l_wFCtCv3o^5Wv;j%MEV`i6YPp$7*>AF@*O-H?ptI@xSisEL8B(m^G-7PWTv^em-%OjfZy?wp9#}6T) z`;+AMs6603uu06qR0r7)Wy>A?o653l}b_(1f{ zXQsSrML|q{{NjQpf36uqd`lNcwrx1m8ENCh^D(@xf1i78rgqKj?PrgxP`5(EoFM^7 zYSRs5WWti#gq)jLggWJsBr#(bQU0lpXjF$ZC{5>-PsP1xpjajKFn)Lj^5tp)DEGXh zZ5X0o4D#C;^`S$i4O>#Ac~Z`FW8K-m>vBd87&%WN#}_gwzLo zqaDuU7M~6&Cw3IlpgJWZe3sJ$O3;#nwfGzGdLMW$Cw3b$jF7&O!Y?BvE?@ z1-9dv*OOpVbby7(Zay_{?Opsdtuy^(B^Ar}Ex-V+`Xi>B)i>FPD6sNLZ?%vAEg~IF z=2|{no`5bMl>BAS@LNBL2Kt%FoKE~z54TNzhe2iy96o&7y-*1+Y*2EnunS>DEm*I& z66u@5<13zC#lub=E!<2a&Rs0vD$;byk}Je?d9u~?&TDr3!P0gLbDnh(Ev8z<2^vEG zChos54E={ZWn}QacvYa@f|Pnc%#Sbb|D|ogbbNDYk5+KP1GWvd9^cJ?zKr?CY`){W z`wWv>Nhx%Cvl@QkLh`TF-ht0=!Q&s2pkWrEx)-R;KvL6Lrz}m|-oUu?2YHUN*fz$k zo!7)WQ-FS0ld#D?Qwswn(WW~hXj7N$xK#boQb0N8J;F=t92gQeRY<85{S%k|yDVPC z`G+}*a{AD2Q&=_$S;1Ey6{0&uL^|H6oc=BtyWXjly;^C&ncymOsyY9f^Q0)+(1)fB zHm!nROF1WGgWPnVo~`@e2F~B-Ugn_cAkwmk);UN+l!5ez_s>a3prq&r^$66@sE7dU=I+0pXCFsqo{c~Et07KHXaIS8y#&C zZe4ofEB%(3iE{2C3y{Bb|5?{DiL1D9M=jWCOLer&?9ac6yQ^Cf+~m(%a0e7t&G^4y z@1U+c4A9w6)*xz(EL5L}nKO0z+jZgl?6&$IHYb=A`A^;HBkNY?TDGdM-mzZeZG85Q4Sz5hP4x9fFO}Os2UTgiiXDXvaWXm;ilCbT8z1<_Kg<1{lzMZe0#qd@EjgorE%)^M_wwr@1d#8hp~b3{<4JAP4AiR;HQMzg|Nm-b#9EnSipB699IbEv%) z-taJHRRE#T$@_>QsRd>S!WrQwduXz|&AqZb0q?$g^gW?VtLzAUw zCApcPA;x@zfh%-9uwGTrxI;eq3B_r3<#$_;oN!NKx17H^@Trc?Z`zP0%c;u<+l9-M zm~CR=91WobmbYDGWy#j?S*(}A zH)|>fbkzxhC5L=^QnK$G4rwTVayVyQnp z_kkahrZdL-^u38L2w%P4R2sU3Er2K9WVg{t=qx21WJMZZ)1KttC@MJOZ)`d@Yuy{@ zFh%N$B)m4rF9I?Du4)leStGYSpHwlls47aRVtRx26X||t>d?=d$1kN>gl7BfI3n5M zkY=SC3q0p`HK9+K{eRY`HoOnkbDF9&*Fh&Fq^>wYeGXCV*MXAy6fm2&JlDUCQ-cb` z=3N>LCQD$wsqC&Z3^USkf=>7G1!Iq&Zf3mBrXH{P?QMHGazdyXs0cfoJck>Tc9Y%9 zEwN=O|Gg-vL_m*H)YDy{#;0Zci^BPo*W4NkEZ zEii*&-0uc4fj8?( za|tp8Fs>=a8&_a-Ps=!7iH0((giep(f{rUU$Ci$bknG7;i2p!+emFm;s+(w^M;X0R z+|YgSA|%v(7x7hB@@A$1V!Q51rq1&Hg4Y=fAn0!Ei_t8h`PWvQ0?s;7hfJ*Wc~)6) zVD)TwTlc7_-3&7AG2J=Z9x{B7ldm{}q*t)&WppA|EhN})L3eH&ScW#p8?=#&(qO#K zg$K+^qH-QP?8f5BT#!UjLKYBo*ox{VpyT`O>fB){KV!BlQpvX9oFM;x)xEaE+>sT{ zOKOt%0^|N@tXzYI*ANZdF~siKQb4IHEZAQy9~xM0?oCixA=VH?ylpo%Vu1;whm0QV zu2Q5fgD#>5S^S}}pdjO*UCBsfAa|17RWPPRcL1?(4)L9>URgd``cm1q{xb$DfhWV- zlecVdhRDQbpbt;jR$KcqD4}x=dI2d?1UrOicC=PjQRj9hr6G1hdtnffIU)YJ=9yea zdv)6^K{mhdAGRv_`uYePyF}lht3>!ogOhy67Dn^lz06)~xEDS<0KXxu9_5~f)XWlg zz;PZ*I~!5CmF_(gQS2$H*8$GU!8mJd2+ANh5U(;i^xzm*o_6D@7n$jK})`bSg{17)xK^hOhy; zp4B?M>DyM>!~lNNT)s}9Fj}ihYnq%~L{{tejgtww&%)}wHEx$^5=#@=>Rwlp_z0x*7MHGl7uQ#(=!H6^-%>(cNr3bEgOnnjGFGI=@& z@}`z-qQRNC;w=KlkGXV!w&etH($Iv#Nj7!n29cKe>Y?goVV^ExGO}zO6xOE=w%(1` z>N1WwvLilvh4cXZa1S+%Yd4XlzCq+EhO1ahmM2afsW151LpHv=a|!{}a<0~I9)oT(?q9yC%BG&iEt<`Niwf}WhMOyUgG zLo-@;q~PJN<(^~S%Z>|vZ-sM3$FGe!amQ${62eq^_RSa)_p#lgn{M>bz-lZlcQ-?u z*&HuaU8=anwMywy9Cz)&^wI?MOGgil9Jj5Z5SXV`AAKr8NH+yV#VJ!37dj~lgOo46 z7i-KiBA@3Bg;-AYvJ)GAq{vtQI_ZwGB-W6``M?=_l148}F?EdX&N?f)eP3 zkH&4I`#P-1%cxm0`q3(~MwQ0YQ~Qk5HnVPQqmHTRT~C~l+m~tl9#%T8yPuS~Gi$<1 z9JW52knY{{Uc@b{*?)bx2Ft8|Iy8eBzb3W_81+*HI_-=dn`WpVMC(yRHcI8q{6;8z zr?B+swmVlaC@$*_`9R}@Xt}uf@7 zA8*xaTJjAh_$>wpWaCudm%17EU*{Df0hiA?$3>>>$ z#%wxey2@SuGLjH()un8^x(2<{^8ussI=YpFfy~ef%aVUG?K0J_+XpOAYB_stDs}%Q zj>AzR2_I=N10S}HD5b?;iqniYD+xR#s5B*9P@b#>&^puG=hS<*);Q+mynml=nCM`Z zk?i_CX@;c$3&A)IqrfpB3-)a)**eF%wJu#?H`5A#qBm^b7;bigg1wqW(NFMX8^h4L z&8cP;kH(&gv+%s@P44(O;|Ybv9sDU5tgN7GR#Z(yI}e-&lsZCNo@`jZ&`?INf&xkC z%|oug%k^uQ>U{oS=G?|_HNvo;B$f^9;T+D7)@&xwfD~gJafe5z`GhGLP?(trlCl_c za8gK$&1uV#-KEUxFe3+#;Ijw9t>*YK$0>sY}i#>B|wR;rvSqD|Y>ph<`&1hsuPgmLHK z7*BjzM~*GR&Z6B{7NsZCtr$Mc6sZqzl_SHacm-nnFeRG!PuGBZzO|nIQ*LdcEmoA* zp?Rn|(GFbwn1VuRhcLz#vhC3GNP{=K7$HJt4_8+y zysA~EbcLLK&8;$Z7xg294kV1m^k>1h(~d|fC7PBq9ty(Og$MzV2Ee$?;4BG6O3Q`! z#-=f1z~Qi3hbvkkiV@=Gcc1bp0bSx)U?~6Y+C(j0jtky>gF5Ul*enA+J{$>97uRLF z7_2pk5)g86EGTgd$y%)P;O5!=d8hqq_>=9d`P-X>TPL5Fe{&Wa_;a$N)vQfc0JOh! zsQcL1J+D`*Ge)B_FvCFTF}iGfz>qexd0vDMleoopv(f4{0;3DXif9nXjcauLRXKl9NHU(8Z@jAH}s<4MgPHm{%#1}+?e8@$oB|D zXO7u{9vw^r*MVNDPIP4!J7`i@^oE~Cq+Tm~8o`j&Kr`^PH0-lq>NkXb+HcB)tbr=6 z#pa*T`pdq#zi1j1LUz`E%XXD$1mn*oi_OT$E;kPP?DHOLx|OFY5r+LWefCUdbq!xB zCNkzCe7b+=ViGQp9-d8&=qd8MMMEL}&L zJ%b2$V15J>1{T@6dhbp~!*4Hn-qU_Nm_TNIBa!Nc--jHDa%j*+0k&UcHyEYGD#rsC4N%cDu-lV{#jl(KMOG%(5; z)d{-dJ7I==Pd%<|vcz@_=FKR~k>WuM34nqbU~frY%TU7nb8+2du}}NwsXdO5z#=#b zJ`FRd1Va9J9V3N6)QlGG6*L%Neki80Tup;sgf6B5NWwvj?)?vl7m7AR;!1sw{LAOk zidi<|ZWm87LdgJBvAvTL6YJy@kL)PBY4p&L_O-i%0RJoi+Zp~hRdt!SN2~8Ie>I!M z1iLx+At+c=O6rZ=x0P4Fwk+~7`nd#4d>vO}nyY-@}#YBXonZ3G~z*tSXggd0NR9X1^KAA!&fcJQHuWen|s@Ja-PPvsuPuIOuOz2fX8k zVPgJ3Cvmw;1qZKWWn<1TrxVvY)5xE4zNtX)PfUfeRR!JJK<%F@@Qz%`9%giQ?y>kl z;zVP|LGJ}cG&^KD>k))pVm`HYdULFrx2q@x(5GrX-?h6LJvcRS73v4a;%fKDcHt~7 zUiiOx@zAH;e!Fgc3E3<{ET-i&MHhAy7MoWVoGubtQ+aGdylJ9UGf>`4Ur)1{7*#FP>FvElU1D zlP|h`#UD$lCf7SHj>CGy`IaOkD$|bFtAo^<9m=I9naS=bNTbD2T^?SruM{LW`66IV zVm#*Waj2^YaC1T%x^i>s?3X7fT7MQV|j<7hC#|OS$RV~#| zX+^=L{RzC;Qhk;tup-RAkKLgG5pWDDt5wB!iV{dCr!#wvZZ=_B`_p#2fEjX`R|u&6 z>@OqW0Q`tJ`I6Zp2OGmsSPE4vZ4&7%lePJQ#*?{|?6f-$_^i8z<-g^LVHS zq)PJU0y_u@NsknwL>+Lk^lcBIf*2fx7#M|1qHe((73@4B;Hg&STowsTFe(VG0tDkJ znqaQyb?aCE@>6X^YUg{JrOEt-rzsho-i=h5*c56Kx-wA6C`2SQun|brSJ_&T2nY%d z69Qx;qN9C!4-4$cKKt(!$VF&aQ9|SIfWmW75Tk|+e8>RGv!X;m8~}uf8UZOa1wAzh z90b@%Ab)ySBqg0z0R9Lx9Ox+&n2VAOO?J8@>f!D+h`Y<6{`2b_Y7hJoSj5z%7|g#5 zG-bO$&w&vN`X8jBPX5gr{s0kJKN@(LFw@U3)PVOYc<_A!I`aMVGde^^QK+KcER0VO zkUqyKxB-Z$aF0(uQh!|%Fa(kNS>8fOWCxHLy~C3}gfbf3A?!mCNIeh;LKw-s2Btk3 z*adk14Fcox3MiJBK%#%*^A8CW$PXTZfQrVG{{D~0FASLYj~hhb0Hr%3(gIX%x({;; z(ExOKQXUQH>-l3f8DGs12@Pfc*Z$)cBie%M^0FKk`itsaUkn{Rg^)-=LI#3}j1(Fy zBI>_6&EjG*pn=~QW3Zs#i9>#$mPAH0fs;CyhSMkaNj`tp{!ep(H=y4b(||#0Oqjjz zwtu#PC<2TxvQNLXueaj)W6>ca0{*RK?ppwC2zC6h z{SOOKfRHJ!)(t~{0b~$h5k&PJ0=zv9+aI_iK{pP?fDe5jc6elavafWNpMO7zjBA@y zu-rX;si8F|x6ij#ATZCtL6PYg3I-h#tLBNi>Cclgy+XGXP%A6m2TIkD#(x;M>IlI* z&yY_nXT2&pgslFniNU2)6P=?4W4ib6%zkR}RYYpdEKv;^P$b+^;Y6V(cz603#GZr^ zWa5&SG##^5A}GaaO5onu+q^5*ruT_Yx z+UKh`JJlJB(b`lZQ}kRv^2oBxlGokm3!u;~clpEUbHCdxIf?K4`C>Zo&!F{9GSbdJ z$HbPE4OBJ&!Fyk0gAvr$Do~CFCtO?fK&OS8B{aBTnm5xMeNNHpc~fUX!Th4W-My(P z&}vO~=<|?nCzdi2{C%)@8PzPj#;1vaq_}Nk;XnuMvWZi*{ep<&w1_j@^&q0q&xcD5 zNYHrhLH?UlMf5ndh2SPD4Q%ie`QU}H)Lxg1{G=o*YTa~_v^ad1S1plMsNO4PfOglX zFAF-~?5L1^VU)$dUH6rsi;nW^{hp|MG>Q)2vvu*M(Yl%81Zw0xGSrQocBGQq-rfMv zqN;uHgq)}-Bf-}#%csnR=Hc)8ah92R@5d}UbRv7$%dmQ_oZTHK zG8}Q`8trw{!J&qAcV=)?+^_wj)O%a5F&Bm}Nmq?g@x_Sfm|xp%uMH;smG>Y7o(Ye@+pFqbSq@x2?uk)kG7PYO z7VaFGb3uC?AfISof)T>w@(KMD^Nr|J$zM_0OLkW z=6a1vz6;uUKj7W018!nw@W8T0<+(PIc%^huG3U#waYE(Bj$4!mK$xJEmZiA`JlCBF z85GHy5N!z1iGi{@RrCAY`&Y1h0u@Xk9_vP(d@5TInLHl`YBzYjq7Tr!NtD_)98B0F zbwAApn>x&QTkU<>3%>RPGMZARuJQS2v0u~*Ae^AK>7c^xu(@LC7^{>NpNI!9-m(K}{EAfk1kul0guT1me2ESQHdPm{d zJ7R($-W$-t2gVC#qB04z<1!iOGCZGH$RSsKWmH%&r|w{5mUSYq$4^r5z+l7AM`6ah zw#&~@attDDO|PX%y|*q#b#_a5E}SA>BGdwK8Qz3=25+@ttiL4Ide6%{65U8?72F%G zKxVK+A1ntuYpdP_Om!Pj7oZRY9h{DD!Z!0cqF;v$I^s-lup6J zIkGr(rfHtg=Wt%pRu_5SFiA>$#`PAb7;qyCg8^(4i>XrZ3uIUE!z_o>I{>L6u0r6L zpV4C`MA>5b03~NavySmXI}xj-6hB!OXb%}*FPKj(EEZe&ijzhsH}@(sMu5BU zA7>kP;>f)>izFqT%8=vXEBzs?S3qstI)S+@v+~9$V`ogav9>cuf7E+Bc9OQzbDE{&PQE4>+O`|j5>~Trf+v% zI7%IdCs8OmlBge2rvC7aAL}&97H(`Eg;mhUm1jg#TX7=?K^G+K^{-_VAeR(&&;~+I zdpa~)tE(FPD~5D3@ociZ+4eDDs}NM>m@RNa~z>bdkJ&{%h;w=8luA2*FtABr8wXNas;r=HvrkCn4Oc%dfTOga#0G17UPpjf^h z+4d?2lva{Js(Tg(iM9w3ehOfA-=WW-$iFGC~*)!av2zul`_1&7H zSlJVMQiYKYvO?`~$-%^FUYJU0=oC;m5=K{cz2-RPi^R)#UA(U=k$7A+d%}n|g?y6n z>C0DLsfOQ7u3JhI>(81C%?SmrP8nGLP7g%RHWq$a4=*8n973zd2}#9<2vEZY(U9jh z1yzKdKT^k79!pShirm``u$CN7Fee0y(Dk>0ft=yB(0pB>9Vgb%^Jm=-sGq8#4Os3ToqOUi~I;QS!dWBH}I= z^na%;kgNp4J)1c!RGCYASbhk5*NIxqX`a0>Mk{*kw&Z)xON&*?68ggN**aTDK_sW# zCi{`lQa4*;(5aQmd*&t(BQ@*JbuHU5`FCT~X}*IIqu0V3Hx@%{JX1SyB>a|6Adf5i zn$vDb5h~1XdROr`5q~5Q3z(ENm{J+2)&1(3D0pXYu&oqu3mxgN1YSTA(A~$p%JjA7 zP$Slj@eoJZ`gF|Jua$PE&i@qR2A^5}UFxK69bkfe6qdh8uNT1{xd-qD2~{Oc86NX; z^xD}Q*)`}{MLtL(tCA0KqLh6i4siz3M)MD5T7A%=?f0mtI0Bb#E(iw;_L#yX3s?^O}5N_3A|=+%(b)&zl9ME43`8XTYL{T87KK&`-Eif6x{Rj+}B5A zkP?$!R9_Zno!&INzTyC@Sm>)9CD9g0P}2tL>mInVlby7q{dXi-lxfxUzk|vjiUqKI zy3qa_t3b|fxvsvc3qkA-B9Kp#TPad3OayoKj?UVn^1{4{URO*EhGHHV6Ux0@vn8Bq z4sY{&zdwGKa8tp9uu58ui8e7zE8hHF&^*3dYDb^N8*D$m|MFpsbWKS>$_b;{XRtv} zj2YwMzE8P*19gtnya$$h=M+(CD<7^YHRIWNwv~{DMn*-!640-CPchAzVX0;FL{u@g z{7R%Da=J;IZF&){QW{O-bBt-_cgR0&VEoy-ZWqjY+AN_(wrX3}4=wZbShBoZRq?aa zn7QYCV$KehAt^}!NK={L8!#h(xypR1HRgG@qK9=on7mV{J!=@WqeeD=Gh1%uv#N6f zrwMGx8BD|Xo&zQ=XTP62zq$<7I(^%xFz9%IrC;U7QZ;w(wgvpS@;cW!>{n6+*YmO( zs{tKirA_W05A%BPdY-1req_#-l-bmfcc z_o8o`1RwZOAL{$eKgi&MV?LnW{&_Nwp;t=|Xx}crM{0s)^QH)cUxMq8Lw2l0NGepu zg-9R!=Tb;=Pgh#c>Y0>6A^%VoDozZuF7QFnP7MAd zWc>H)l>^!l@+O)wN^#n;Gs=yq`ro(Z;Wd@Ux_qUJH%}HnHnFLOS3jp?Q3h)cM>&)E zTk@#_`D&#KS6&VrQwB1cY>vIFmWBU;x~5*z_j7RU9$!-3d8kd~qiF}J4_0n>U zO-IK&4od{y=1TL7>tNkwj@j#5Z7}k)z>Dg|Q^^{cPulb~!DL-f+2Z`J@R5r9?Q`+m z^^*<`u~VE6H@Mw6c_X<0P#~-mBdEMCKr3{GEt>V;gq|)OVb9MWPl;&DiSWD?P3dv7 z(K`{4psgd%8!5j}vb24b+*^Y`cn`7KyB*r%K{vIs2x(^ePxZ5m1WU@_Te_7P<3P#F zVXa$qy|;6Rz45(S);~-#qruw+kZptQmoukyxlX}8Go?e%mz*#r?ZK(2bGp}=58kJISIwIk%75Sax2|1c+v}B+=yOc6PWgkCrAyIh03lu7mI3cz#BKLF&*;wODXMVjdSZ zPN>O%8IjeKo?XSZiHqm$&iZ{8+7FGR{#Y^Xj&1s})qjS;y0@ZkS8!_!OY(yAXlPpr z;8oE1qPGQ9CVETIIlnqR&dr#Lu)WNr>Tjv?CLnNTXsg=r9()B6J9m;UhL_WsJUNwW_5}`3HFa?dg$%bIfz&8gX(_M5|F& zp0GySx`89I6kzXS1rOQ!E(VviragDWlmLywf3Q^UlUh>J>S8ode4#-F?`XWTql zLcEK;1K=q}5q9Wx(W|cLvN&4s*v+3Ph1d69G6b-zq@In(&>Og7xEX(rZg*72gxngg z;@ukbr7nwNx_ETfuIxH-L1b+a5g}6epc-joOLZ6$oj}k4=M;9k77r7KDO|DVyj9=6 zI&WJE-*^?nXm7-}!_Zuq7#6wO za*mL=H7#fa+|8)5Zu9MQbZoCIMzFqPSG^Ge>K4c{bH~EHLNAQbzK$;o-vL9}D)(MD zo5^m*5E&^wI8n$vbm_sz8N2dz>$$qL7_p3(q5C(YXt*WL(uRyj?Wa4Lz)qdB?mOAD zWQ~(8UXPAGHYuN-MwuDQr;EI9Pv1=!-(n+rIT3P+tndhu&ih{ZgY3XJ8U0bU_c~+= zfyOSiW@3H}S6JVU&qRZWCB|((oteH{uU*Ca+WUKup#^_?8jzqTi%_Ct8!E*DDN;;p zSS;fOod3DQi9(Misxf0|o)Kc=P?{ycaJcqIk0)&jRSvbkL1G&rjIywNk zXMQKzGZ!_Y=Yvdxxt6RyZO0tQ^Xk>#VY}wWtdEuOuN1av@!22iS^nk1VQjziN+;Pa@m2 zTm-%FH1DX~&z1w4WA2uPL{D2$i{fE4h(vnS1rkj}3VG6SiJi@s?TQ&=UHG~RY8vRO z*1{(=WQZBr0NG%Oi5*cDotr5=RZJ;LP|i(X7iwxs%dy;Ms$;14SE$mQy1<;aySk52 z=5_FCCC>^-tENxZ%#Kl5;7MDXGBIPCELa3pGEg-!0i7yCi31qGiu7cHTn_(k$Od}8 z3nbu%W(tg>24`0#n@y3#2*V&(+ULPmG*9{0d=v?m%n6;>otGhF2&6123+-g#+i?=7 zY_gY}j`|$r)Fb`>GIF+?JW-v?$c^l9tk+ZP{>)3W_{+ z(;0U~ES|{xM)rn6TvI9>oE8UUy?8T8V}om`IjGVE7=1Y9AIspOE-F1X6|J>!b$0Vd z6cwHit(T>M|Cgac#@*oT@kl4xBD1F65bG8FuYU#idL#a6Q-?T2%d(XtNdAjFc=n&G zMPD#;&0rT!XG)efQ}ikYf)2G^>uz#(FM8-9eLL5o5w(eDJaq<~z0xU$y!H1;xzF)R zRNcU5cr1}fiw)jsNx^XDyjrn+-;hf-7h|rjyDE>JSIp4Q_cW&Y93gW*#NQ93x@^es zuXshQw-$%qEb2F+HD$D9^~DR@Eg_; zHkzW+I*vRXf8!j*Wo{ZyS=*w=sr#P$+Oq6FQbo3Gzg&QG-?(wQXP3~(vwRFrai0f4 zlstQ#bQ}ANX&Z!oSTMKneT6L#gc%!WvDM)goFIwcH`18+-R^3@Fh}a_XKo+p3=0dC zxYx5WMc_4N*t}bG1XrIsPf{;MR+8GB3YFKgizYlYw%&06gJ({v&$YoZMu)L4dl&KR zD~bqPua8L!g*wKor<1YA5aX_SYg~uuRVE^|WB=-_nQfK+Sb(&>Wwu@3seaQ0;$5Cp z*6DC~6rZMBR{D6@U&>qV2Lv%H@X~Sp*EW?i-l%P*w@j_J>$)eyJM*sh5B0)bf2t?z z3HV^prnsArDh^3i;?5b1I_X1B+$`wP2Ch@{_o?l&zP>+GEAHvO>UpXBLZwLl66CSpj|2}3 zTYnqrfg!U`N9R*_=3$yf6TmT!i&geO$-tn3K-cj$Bs?*qw4mp} zdA7^8Oykfz#$5cl6snSBb--Bw2Gkg+01*^n#OiF+m)_878%P^8^Wbg#`Zf#G<)SMj zC`$phK~u`p*9(n}FjnC&g2&o{Zp9UC(R^yP;O^8bvLsQaY?azhfb4AqD6ITv#*PB%)CkyS)#Mhxh{v!smARu~w`s zNR@{5*=r5EROPL(uA*=Eku#MK<%m$zTpY)NzCie?IdUvjp^>F))@ z;U?FPO&%YmvGhUHvvTIJ-w-`x>a+jIbF+myF+`6`2=)ry^_OReRI&W zqKOYzF=!#vE-VD9v(wVi793Zho8dCk3$fC^VY6?_@8~u9Qvy4xfTzI?!=T^o~ zMu6t7q|WoBJbF5Z?tD?C-Z&eH-DhZTDt$~oz1Cj4_MNb}#LxbwiI-(ewHHiI7>1l| zwaoq$mTmVg2I0&8f71p_|{#ol{rc3Aggu@64#@2F*U5I zsyoWzT1JAyHrVw$aJ1fP-^?!KQz2Et4k$5y(+!q(IO3vR!thfXg6!fv;Bm&4J%bWk z2aR)%#TL+{N`}^4SoBCwP~;Hh{!zmCn#tJt??KUzg}KGTm`N|8ghJ{Fp;wHW^>l=K zN;;fC_ReGk1y4|~;r_tbGN`4$#dOs~L!eq0Ao_%lNcfm_b=nrFFBJeQyq>F6cz)$q z1*lwiFV6{LVVthe~9@u^mNik5GYD}u_{Kx~-YefJw z;u7;FnM>=Nxc~$BhuK|z$#+Oi7sl%=^{crn&-RnMJh;j2!akcRju_>9=$ds)*Vd*A z)iq1;M*EqhVChU1Gx@FpQ*M8T;*aG^RFFrGVfHzA?=q#(vKuUdr`1Mj|K1rlgPp%Fbz91ph4r33tM+fMF;d%0aIl&qBj>vc%w{Byyd*+Z8X0hsUW zKa~S|`0#S*iDL{O5?0YW*Cd0rRRiR5T%2NrS(_w5CX$mC+9<36U!v^xp3(#(=FxeR zYI2y;=YUl>>;g6w?mng~UGpvIYvClTf-YXrb4vmSDQU*-<1;K%s%X^)U%ZgavL51} zVB9`!>J{O>QCw&CRkgqo1eet93@tkqhOVmZQKHaNrGO9S}To&vbyZ*48iR zNqGIq|A2|vnEoeB%mQHgKbV+}lktDg;r`#4n4N=_qeuOetpBlk$nthBAOR4dgnBFqk(hYI{<*Q&Gkp;-B{(8Tw_r`+ zB~M^#D2}Dj2w9B%qsWl;wZea!Uzh0p!24hU1iUDoZ`}Aq*HEH^LyF7EE9;M|>eBnj+E*@(b5j45;ikQX4Loq{z$eGm{9 z0r&;}lJP$AlYHHPr=fn>qi^im)%h=JhRK19K| z+ll_Y8vq!mfo&qmzi#m06cSb-0_H(~@aMpTLO2U_Jai2Z`ozF~sDt@TJ=;@h2j`Jt z#5<6_FXR!zLWKT}-9UdiH@!H7aBqFy4&p$xHU6-Lq*kHcQQ@6j!KkKvN(%~${0`XU zQwAXIk{TKcDgrHG13d?KIy`xZaC25}1p zQIJqCuY3JP_;MBn0|Bl!Ktk(Bu>uW7{VwCe3Df%3EMg#pegyh^SI`0pa`*l5{W$|i z$3O$NHSoy)wEGIX#GIn2qICGfa^Gjn%nXGX06>(0>VK4g0t31)A|xsN0^0RYn+F;C zX&rdY(=lyl1GzhsZ#y&oP#?4N2k*aM#mf%xUs({ySA_+4_!2)V^%3$xdIEj=rF-6` z`UQmkRzCcqy!!)+_b&GCxTo*AfBZuR;us<4`oNkkbQLW?%Sr#S2mAt-fj-8XFBEA0 zRvr3_rz#pWBNy+pTQEHafO)=y{q8Yhg8zkFl7bBjTKh?yCj2^QsN(G3Q=kihy;^Mp z&lwqe)n{t%BYHWz4TsfA?-N#N_WkLo6WXdd!|1?su(Tj{%o z3-uBp7FkS&8b3tpnoJnIJzjvj;kgv{h@P66JB;Zh2~oIGuIsj4zFR~e%Qnr`Ox?nk znE!ZSw{ckr54_y_tPi);Hro?wR6>9e?zL7uiJ)k^J+RJ#Pg#c%v}Ykndhkj8V${nz ze_=tzONNYuNahz7-2i8o20YYd>axcYUW4EPhwhGRBw;HsEv(OUX()=(R!^1tkt#Q8 zz!XbXR^>h{Cel<>YFu^57_)ANo>ofQX#IZq*qgblNA*uwFUK+OCoxKKQ8S>YT?K{^ za9zB~q-tTpxnURBH`*s3+{~kMgf%c2aI47$U}0+-bDzKA0gJ}CfiBcTO@kGm*rq04 zgpJM%`n~8mrse77dep6vh1s!@JSVXZXzb}BYd}MqY&Mni_j(q+zjYWre;lYJZ94SR zuSKxYD7BrQ&G!3ohuh2s8KyiYF3`cxOpTY!v^H~;K|rt7uj^hb5qBsaVsC4#(9)`m4++SVZ(Wt(qmzxN%|YvJ;D$B>d=qJMA5F+!@KnxMW)rD;~r^0`?P__ z@%p?N2?F|U-6F#ehQxox#1DE@WD){(JK7s#+9b!S7Wz8)(FNo=EoG!zDYtVW-puiX z_Wjt8<@4H!8U{6@==kx;wz)2le9t<-059sMC#yFrT{MkonR1^5V+9dp_F&QNHp!D# z2hBvM?CEDg*^{3yTYS!641_6}IOT*ck~s5e{FUtkI#ih}sM8x6@QJ` zW)lM$dul8l{sE3%G@)f2FR+ARhqqNyc?Ia#7UJIGQl>KC>fgi+M`|nnn(5Bbv3E|F zFR49$O<`mW#ZfLtY=65)+}T=d=j-689$zA&&YxNwT{pwAcf}=mlk zlSC&Rf01v!iWLKe+9D>xXatehD1!^wkTJbG%uX=sx;#ExZH7gX30ZPs;AwO>l{zx_RfMOHA88$=A?QE&xe=3SLf8SCTz#(a~D%a z7W_^rq$hnQd4n+4GqXpfy)ynJ*-o3;n7kCGRBX--NVCkiNnjZ`D-Z<%h;rsV$0N4# z@IVhm>ShqOckKH_G4|PV{ALJdrVj5U;Hd_LX#0 z+@F~1REgL0@N+0@jU5+*Z#qPr>qN}^g&hs@Z~ad?!sxn&x|Ycaar&oGd#G$A_#>U( zj-0~~C7|SYhbEF-(_c68Sv5jckQCH>l8eYkV+7ahz8~`lY&G9Zt279JW-9upooS;( zV(jZj*!SGZ1_gkIX#)obeQ`5Qu7#cJXlgQs$xZAkosM@*AW3UJTioJeem0>aEFW=mb>;%I3aaykun}DRXPz4XgoE*pMa~$ zV?1`vhfmtp#x)4yTf3r4I84aYF}Q}fQL1c61nb60{CpD~P^>vwzSYR0dbt?KIxvGQUVh$xIhyPX)DZb->(&H?mTn7Pc- zd}@dBeh=eFd($b&C9qw+cYu<>c$w$A5goF5!$t&wY^_@-2APICy;-Q9(K#8dUN!0S z{7PTNGIsspI5*6t5gdkP_e+y(6dpThJVqg%pO~qr>Xy|~)2dNIGptYa&_QRfH9TsR z+*e?J5QJ1*GqIW~Qz-U%ILW+3IiXmkPRV z^{-&^#*h48%6f1qu(~913?*5G@82#OZ6TH_JWgiUkbQC4raJpb~@$*NK>kx18sbEqkgXRmQX$B^sZ2tvn`P(@W9)dv`!Py=omwY}3aX8+= zJ-?e_vVaE@AImQHXwAd6m00}^KKT1y|J-$l(3OHe2jHvAti5MEyruY^^(zjG%43nO zdz~~)B#TD-WFVFiy$Alaq704>@u4$oqUKR`lY6?&&63?&j}r)%7-QRUS?Hx=9wpT> zh}&7XKVM-;-_ddxepaJ3L-g$jWqASK{l`r3CD4aLg<6(LXQYFGmYDvr0vZ5vuFo`)Bx!Sa=G7%i4U8`i-4&cyl$E3HKpJ>#jS#qctewrnK66Aa~9Ed z>P!$Xge}zGp?Z5h{9wtAmMGj1WdD{#n1VXn8~YJM)m~*^VWMdA z^{_1z*1y8F=On#lUmELdQbZ#~F(gf$Y#MJ?j?$M~=lO|q`cg{4_Rk80sQuH0CVR%E z8yUewA;K};O|nN(hCnh(!xD;G);^FYE1=$~U2U!D9b`F+xn zOl!r@5&t)q_D-?^J>62NIs9V*#j>84>|X^U6ie4>D@Y@K`&e6TdedNWGo0%i`dht^ zX`&Gp`p$A1#UeT_*mTeCKWvePxN(uUhDks%vwM#m1T59&Q2AZSw!59SVO^(u7erSF z_J!aX2{j1j)=3_2cFD3^#TVW@rrzf+<494gwPOeu$eh1>xM1kB!w|!F7^}1(*%8$3 zYlkR`MxH^GA*4j6h~m@-+4LQiPF=F#m*zHZF&MkfmT^hOWQw%039f5$VYnnFS3oVsi z#VnN7_`c$MQb3jV73M{OxzR}=&1bDrw~I__n{>F=MuGQKyZ|(BQ;d&T`=#!a3w5lW z9S*EE3W+t7W0@HQ2niYDnL0eT4Eg3{y=X7wA{831;ouWUzSFOO!DP-LS}Sgd(C56~ z@_bs_{{qnHYSUviu=#O6OCs342{f%x+3tPhlMqXe55WYbb7N;Fcw>}qZWCqN*7u zPZTDDWXPU_2v)c6u@xCGc3N-i;dZ~ro3$8CHSm9#oG|oVPyDE`a>#n*Stj9Urx5iV zqpy%*wyY1(+HuR03Z`Bpp`3aar;?bhDYVB1UF&v4@0>sKvhQj=V>#=(Z)BO$O8W}R!jiP#dW?bk(&1ZVC@iUkM zK2z%_zntZhQ}k#E>7F%}E7L{lI>OO9ME(bI2x}yMZ}uaTPbUAmVJ=z@RWkAzWg(N> zF)?ZtFg;$)V<43S+33ZUSLjwGhS^6EinJ*x)S0IPru8c9$@83%yy5C(SyI*H`Q#OGNOG;5<0wsWN6!{YQb`w4oe7E5EUUPAsAalqxV_JX>QE8FRX)kLZH++Iux?m=eZu|j<*-JYVN`%$*kGD;b&k$VqE8tgeNAIv zn64_bQgS)rjqeEdI#!ZD6=E8ywWsAP$nrcQio~P%D!fpmo`sL-SwcXn<@Je~A11YV#J9T-$cqGfZF!t#i$u~=u zXW-9x%eZbmeVCqFn1z!jSXgC~C7gclTOlj37G++GtAB>hcc6|q0;*i+d6!`UJi ze1_W3`&VLd0znrw$JMWbbi$6UXhVg^e5S0QbYl?4H)%NPkLS!bgSuMf&ustE|{ z{F*<(SJ~Z>wGbO<_7)mC1C2Wfx4k`%ezC3~hU93pK{t0gmoGGQO7_k*^ZV$0v`ikG zleFH>WPbqFk!bTHLx%s^p(8|*h)=I_vQ2UMyR@C_g$ct#$H>am0L0!4pqbXa`R*P67^6yufm$ze@?;LG%*3gm2ypH13 zqw8^i8?VkFLAG(Tj}if6HZR)fKAxYm0csbq6!A4X4YgFjP1%&qiqoR$^+Na%Fvk$a zX+^9LOL`rz{;jIV@3m?y?x~61Vk+hOOKO(pz0HgW4w~ z&N_2{+RB>~#@UO-e2|eDa|XB+|~L%v&cr2ln*xAsS*>wYL3~*E8@GAgOL`n zlBCL8VjbCn3S@OV zf_0`HQf5(WTy*irH)N~;5gwSj8~VE<1r)gHzBh6GF(FNv%c*=F225%JQ{Ongxj~o1 z%ObqM(qYe>UDms~=u@+h)KEr z{uj_90qGMy*}aCOi2#)`#xYuDON=xgtm1T27Ry3ETB=QBl!! z#hTu+nmr2&*E%wm+omD6v5>p;Kb8fQC&_axdFteqT~p}%`oeRO3!kpbO|B!l!FGV& zfMS+72q448EObyxf9;8t?5drg_g4io1)l9$0eS0dup|kk5NSOImlpZH2<3iJ0 z9mFbCtlqroF&s@`(&6xq|9(E*;}2lMmoW)Ag0QW(qK*y^Snp~0mhEN(MyM>^X)~Hu zOyi3Ks=}Qa8k#v<_>3vT<(ybGp6_*XV*(5IBz}eJ*@nUcrl(Z0U!5?0Qfma>jh`uw zLVrndfs8IU)>PVCVDYFs>f<{I1rMH2>S|UK$QJ~D`rH@Q$ThDgA&}$wXS*s=CQ6Cb zNy0mPeawja_98@}Ar5uS^`%kP*Yz0?boscV|9eRn`YmAo5b5Q$DekSR4u-wj`NEb*#&{=zHWa7sX-1a z9S4Guh2aR3^U6X?$C>Ji4 zIBH+e-7f38zm2~YOq}r@L zZrKfgszI6FT>A*S0Y2u1-PgDouJg9yNovE{t7Xjb#Fd=0#qoUlETTwUd{$W=t1B*j zUc|qkW@pb;g8cwlw(gC(O>j?z;$HKl$hrz=`?&N0Y!J@YWJzwTOz}*wz2iaq}Qg6 z--5fBH)yJj#>8xqFm3h77r`iT^#9_`ewi?QJ3~uIZtnkL${6q&m^c{!YxFCxWME|b zuhDzKVPYIC(dv zia?QDJgrDYU>qo(;(=E^Iedaa4BqN=Bv6ZdPXI;M`G31JMLP$*;K5HUcto z>`#Sf$wmR8|KGo9b$`Lrk}@}u0~|uWuE~yB!#oNQ$cv`@@RfNC;GtJaLHqRsJjsde zHz!fxQGkT)#{WuA{Qdh!9|7UKH-KCYgCFJ~+8+2RIAD{U7+PkcI>PbwQJ9^>sLtox z7vwGPpMP0XQ_88Hg`IA6S3`Xq16@S}EHU!do+A9-KqamxfGQ5*EFSXxr`_Q6!p^mB74BX5Smf4~>+(cljvL=7GZcHo1lh5(@6csPOQw;0R~mPD+#oRvk|+xz3tna^wAm*8{g$zQg<`2A>CLBbydK>ykF zBZ!N=)v{oBZwZ)+2Zy0aYhA;EUJ`z_&O(F&5DNCg;9qGgdO~j2hAhcq5pGu4gv-FHrvNXqo|@6d4e{5HP($KL-omj5l_ zmopPHNQVM?`<8LGLV!RZe} z#RE=h*F~>_e3DnE!T-Us1o)Kd@T3QaE<@WT}g2q&MJQ-8$K!w2-0{#?Zf{J}n!__#C_sgD96 z@O%GGEBFKcy!lTIt1PvYOx3CP-9LNZ?z6SefL;$h$=MPRBpIex4QIz)x!imD^rTgw z?rr%dJB`OMlElUI)}&BgrTtK+zH3e5c%}Zfe)N&~a_?Z06HN*f0d12m;Jls@TB#Nb zVh=V_Fkq1Rf$Y*;hwjcTJ0*qd#ZX*~EOfecR$$s(C|zE|`<+#B}X7ik2Wabr_zs9Te3 z%0W|f_KxNA)S+APe&r0`{#FK=g75xi-{-QbYMw~-o6eMSghfDa8nB&(mqt2ibr&dv z#wl_5$XM*1{1ae)5A=qnP~x_~Tmg}MLeCogtb1^r@LaK>pP=nm$_*=myL(Ol_sZXl+I z!1JvIqQE7)3f2@4P7K+48N~edjcjC(I@fgB48+3A*{KS=qn(bd8+gyS#KrUhVTpF> z@x~bbl}7Gv5@SCRPjeJ!#quPhbE%o?1QQ>&T{d=-T+fNW%xd%8!7y zDRGzSjRx^fZ};u03cMV6Ayri7q(cNVC=}1KCq@$dijrH^&#!5^2!>V}%?c?ltFG7f z1gjT#mMrbfWzbl0r`-Bp`rq%7y!L3i76IttRZ=%{r^-cgtkxErIi9f6wF_Tu2f``U zX60~~^7&Va9gYec=+jYT_}&04Ggsm5B&tRrR*hvtbi!(N>OXbQIHr;E!5p_}(~lz& z3(i0DvaKt%2`LW6W`qf$iwg>GmDo{v*0!oqb}Kc z$!Iy2M(BZMHG`smQP15oQbUqptYXQdUt4|8KF0wF7CfOM2Pdg2>?_cT^kmDn3X9I^ zUZ1n|hV3J*H{`@Bx<6Ry&@pc7>v^JyQ)T|x;HmeF)6OgndV~qxIE~gL611$_;%0tl zE5$|18D?N;ryKP*1!$aP1olzt;@_HVK-YuBE4LsgA z8s)G`@NN|}ASjt8x>^g(b&-Oa?v6UGY0!Ac>dOYanhqWL{_Xdbc+ae);vRoFt(0QnFziKV4guZjRtL>WV=5}NMJsmVQWyb)s`Y-#KDXh?~l`)R~a^On!xlj zv-YM<;X*0`gK4nam5>?Z^NXv|P&9yX#1-(|kbe7xc74-=^gB?J=r;$PzV%BIuFa*# zef7p`-u)$AEyS}G>IPDIX9@*x`k=bGjond;EJUSd@00L^QQzJdUKTSSSRiedfScMp z#nI`%DPaGqocs+ffU>+@D*o`zkZFic@OtH4#|sLxM$QRubeegvH@DhKj15s`1j~Eu z{8_y|+~XzAk3rjNeqY~u?$6ve5q>VDyG+csK|6V1Ju*d(QhfacOGQ06^H0wvx)+xX zgbz1azwCsjd2VwIz;q!%;K-)99*lsyC0i(3h!8^9PQPi_TY~mPD#wZb*@>Ws~4_sGCTp+ z2}KG}g)$pRifojqLp-m;#fi@L;D>UIoPx?(sRr}8IcLr~Up(oiS9QzrSq<`=7}+2M}-C5P8t$4=^ybAOM)!;$PKIJnMbI# zq0n($!hR>a!oXEljX;WXRR}a_(KxWAETc%kQ;GF17bZAGspc-bE0YW}C?JtP428dh zx?>R8U@2Qr0|HP_9Dwwxa<+#hsVcyFQ50udWi0$w(6ju}?sK(kSrXObD!Ex0Pm#r1 zkuAs*xS@gUz~vw{?^C{m(nts6Li&B+H_xguoTzvQF0Kai^~!!E#I(9Aw9Davj^-!O z5Z7~}7}O?Y1L*fWSU?Ekv?J&=R=LGn7dy zsbPy@!iM<*$lPwlW=m)&CHf5$=S%ZKC<|#*C)xxNA30*hy-gw+^*B`%Xl+cJNZ6k2 z`{|ifmPq_u-BF^F_ZG^@gYFX_y z_L{_@iB{dmt5 zfZFu8_U2_ThljJ?1By{9%<^|o0L!eJ2)8IjuJ8@3Srqx@I(JyCmakgXbF)FD$P!+$ z->zT=MV2-1SoZPv-Ak5T(Xui_00*@Xf7%VDu<~of-EUf=FEH`JzFD=J30h?soAROU z2G@8aJ!10U>6?U1V#P8GQJ@?Vh5^Qg?uD}fxk$8?tZ^aYxsCbxLhxuU1-sx&C`&ar zmtZ@oV-HX!ovTZ#W@pSZjJQrUm&z=u(22=|A}X%Q1LzL6NZ1EYQEpsc2+d15 z3Q6N&ncQ+=7-+?C$s#!Q{u?u?NN&mwU`;T_n-a=X;>i6}s(h zD$GFJe5;&sLnP>B5wS!NX?Xm{W>_USY zDKr{4Jq~d{_s@6r-L@g7u7ETx;V={5Mltt#hVQT-(EZQ>PVnV;AlTT%NV+ZTl8+3*u#MKbAD$tHqwFwJr z-Om~Lgn^+SJ8NRk-mGBm&90Kk(~lyncm$bEdrXE*P8zsMW}6=MR$T25Vq?o#)X|2| zM2V@=>4Vv5pG`=TzTg5hHT9DLCh8@KN6P;Gv2W10D55Khy#8+TrpYAMym(nj&~*nZ z5{sD|YCcseoxR0%SeiEIgBys@WlhkI^;;FHSDgd-&c}1}5Q}3QPK5uVtKLsD5uXsd zn5d(rfn?Bse#7DnO5AxZ5XB=B*-P!2ldZBqSuXkzzizs$GrUBrjky_tEII^xrf<#) zG@?bGt!ydFG1`laV_VT5%YM>31~x*Pg6=~&te3>GDSKe``_x5;UiCyy*z0LmI`%K2 z1gUg_bfil{^T=}19Q#1W*S+xUXbe~_R~xN}A51UA_VW_>RFCn$%+K8c(dk@zJ6AkC zMIF8v(p2}&?@~Glq~2Y#V}-r{PL)5zWYEs``Ugb$eNiR!hDH~9Jjixy5 zR7_4$YHTHW!?F1+K+0WAC@7XNi_LcxctuRkKhMsv6X8H_$CJBJP>dE68he?e4rx}% z(mL~wb-HnQ;g0tYB%VQ4dvEJ(8xCRDKGd}f`vwnZD`bRo+w~+291M4i9Rul=Vm6s) zk+KFcWR5&*QIo`X+G^YVS`t7K!!AJ;U4a7m-cJ>j>or;~Ucg+6T`C(lcEXvZR#}PJ zg!Yy=qgevaLa|wXtm!>FBlF%0TxGQDY*^abIX*I@0vQ?CzJ`#Q8J<%{9~gbBTJ>qo zMwoTQ$CBGg{;2o?u88haij{Db@|P%@EV`1Px@}< zL^3?{cO`xVCpeS4=7?HJF0vvGMG~~MHL>Hp+qZC^4O0^A&4tJf5&M+UPMXy`fWSUZ zx3?^|@*l=cZa>oM=ZdA4YnFx>{*Uujv$-&9L-s{2E; zREah2svy3!;0v;cmalP5S#c%1TGe9D|L)wVskNmkG<0`HoT<-+={OSx)rN#92VA@y z#<$=v!xjFq+w)WN;YqcV_iZaY&2IC4Hou%5%Pu?m5bvlZ`N*QLb8owe`tRhPkT}OC zYl%C1ZE&T!p;QkJ^7!9{_bN_rcKV9Q$=!QSArHWpmz^38+Ci-QXOAmQpeK((GA;y`yy~ z6gd(iSw?IVr*9T0l~e7vJ5`JaF>JA|Qj;>APT7;_m-wwc3i>qeRg4y!Xti*o1kR{R zmW2{QOn>cWX=|@CA9i$)iylyddB;?|RN2;vL+7jH@KXZ(!=0wLk?xG#$wJ?8@lEa1 zCo0Ycbc%9ef{^KJrtbA-GXlEZLr?2&f2NAxdGT^~Wpnu^&yl+XJxm%aNr662nHv^Y zPG|q^6^NRGoBXwOFnfl8;kP!9&>}>=%IuPi9Pj0)9%Jz)Y?m5wU4-L-V%jrt0i=p9 zpQ6W^only|dZvumSu38XzA3+BDU+5G!z7H~QL*jp$nis|ji8!PYXsO*b8se8@r|T7 zLGPZc>izHGk2AszSURoVR}`B@RHXrD3jAF(lH!58H(eB*-t{_h94*GWh}M^9eXsuU zq8emK=*>C!1`$E@?3fN8R$Iz;dvz6WNN$P-A%OV}C>h`88_5aHeu=$=p11_ns66NZ z*~Y5}lxo|^Up!eU_uRGoRL@4Gz3zXL=n z?X5f(sB$(u9lk2sdc{kT?ximCa6%kcc8A{$-#!YAW&++7b%tJk2jau%<|{5QHJ8|O zCyY2yGEMhiqo}-;*dAWtVWr}kwiE(35O`ErGA ztwU~%grO(EC*WMK$3Qp6U-X^N=p<#6JoIFKx*ovXrxs=RH!y`Skd%-7YN0KtP#8Yd zOJ(xRwkys-#)wVW(}X7)Jv?epM6X<0Zs3nNp_vR9ydKs9HqL3a!WaguUXQ9A)}}5M z-`RPrLNacUrjdhyGgph<3a2GiySwNGopr71v3|a0Tb9CZBl?~6KXbP)Qia66E2=`; z-t@4kStfFYOtqBZ09wb%2Br~HFfWsspe9E;1M%SLE5V})eWpE95lA!-Tnj-qJkj_S zQA--fE2h!c-5<*qs=H!^kgyT?%Nuk^Ft`zgV|=$hENwbnE@^)9PW9NQ>8z|3p?EY% z^F+fZihcm9QO1liy$uA;hRWv6(giwx9hka>1wE4Xo#~^E_c1^agJF_DiMH$YpSYL{ zbFXYMkdt|H%qMP0=hHDAJnyiC+vPqqOZBt7TyER%O)56nqHdjKVDj+ji_|2G?%cy& z==hZrP)^ICnjHX3g6WCzt&U_19z7=&oyFIL>9s=;SXQ*Uu;gNW6;gu^o*fTr{pYBw zKoTy-ixqz*Mg1QtA>VrBbaNfC7f(lC)?s zFPv|gfxmoYxd0z5Rl}gGq)s4Vc^{F}CSHu{ppx@IcN+%fJLDZ)6ZF19^`GVxT zhf+;0a9?LziB$PIH`rXLXOKkP7!P<$X;1yDwCN?M*9R8*5xGWr9dShez^==bLHOG5 ziFlgBr(u^4OitZ6@HMqH9-=(L*!mJyx9F^=GFoL;*lM0nHQNm>Vd|dfTDeJe6rmq* zk)SI9||E}@LQ=@gT$aU8S7-}iqRSW@it{l{ckqgJm;kl+O>X4~P z(~_tnDEIPN7BH+3{?AFK6|=8y%rleeLCxm#`YL~tpMC34QI6Nq!&T#!KoWE@d3i0= zS23BZ#(FTl-MQUGvfWm7uuyp3T)f~3eW0ypewAM zw1IPn&XYhm+`D#N580=?cX?(~=@8#XVwGbp-qly7p+B7ivuDQvUE^!eU0%;@kdS;I zO1ukoQII;Z4~`G1h4R@nozH@Ze2p@P%URsTP1BDi`FR3p8mGvDN*#)1gQ9hJgG_vu5ktmwSua$2 zZXbivX3?C{xe$cu=_5A;IIa^x`b)jIX`c7Bg|Rv@dB!@w5NLKJ6`FY39ExsXj(XfR zjD44`JCzzXO$NFv-W$0*#0=h5U>8k|p|7?TX4sy)Buh4@>T|=^Uk|ni3>c;;QnH#1 zUba0%l$r4-bK-)p--gX3iF8*SF}%r24$Hj(D%?Zor&CLH^iGe>Ix!V^rvvonyB*}&ZHpSE1qxd11JTW81P<1dBgb#>uT z?Z|3Qy?32x@8RnwFp-SHF)(|1J^nE^LsQsXAker78+a@nqY!)YC@QV^lM8Uen@8m^ zr6z5v%)xhCZ>l@-g4Dlw{hi&J<|zF7LnYK5gv1gl1@}P-e=)TPwb>^$k6C_Ova=Jt z;6-md>`};c-`0eIp|`q_X(qH|`M__IU=8iSMy+Y|8&O!gZUQ5^KVTtJb^LYESJUfg zVkzTu#_OG*UdbcM*7`QloP0xZr@ypKev}a|-13xu{^dsX40=WkYh72NYtF zXwjpfYVXAdxQMV{P^d>l%I@k2{S%=G-MI_E)As64C!YIQ4Oe&m8rL_8BMiZdi0xBx z2aRawD?1aC=Q}?Tvi~*Z=DZKK$5)We)CJBSCB#<=FfKJ4z#oV6w3ZuI4;R-l7X}3R zlm&(+4#?9K5s|m7)`3%Mu1CN^+Aws2IMbjGytahXN2-HD(HHXbNA%BuUCR~lBle`m zAc(0zCcyTr0IYzQQTH@70n{W3R6>_Q6o3;of{MeU#19DXeU@ibK13!61i{vXggK19 zq1e;!BH^wBgR4Wa?jy#p)CVC2nF2&@A;eNpS4mVMUnnnxv|y1Z=})R-DK^lYPtOVL z_Wy+^P$)+#{xs@bPFH z7*fHTa6QxKac_2v*X7!S-kn&x1T@D@`MK5~9pv6V8#QUoelP60#G_=8WXrF^=ecfHw z%BmMv=Co|MQL|S0OlcqXZ*I&j$i$mX>2F-XTv@Q+kYH~iohULx_S(`ZLFt|qC5FOh zyX`8fIqDN62X2g9#KGC;>P7FI7PZ)m#;%it2WKd2!JJoTdhB^gMeNn5e~jGkin$Tv zhP0%)!~eQa^}q@V&}H$(cy3p$1#Yjgts>c;dn5Ooddfy0HC~ef_x6X6|4Lk*OZQ!v z4lV-j!Z<-`iqQ@4Ov*IGvQs9z6CHiqe}{wneO8mj`f9HT_F!f$^Nf!~PeauHts~oA zY8*H8RGb~daGH($aAsf2_C~`i9~?aH8}_{j=tpMSCrPWiv!!|8uk9Ttcmk3&FVn`e zweCWX=5QI;Ulc8n!ge97D&4u)FD(fsoG=Mk8s49f$eEq z5z#A?*w{rG~>?kpA~~l zYl@|sytkL@(ZQZ=|MF)4UP$arq_~R2sFZu)$DJ6(v+#TlcXb4WXp;MaO!s&2UnhVR z$ONsQ&%=wycIGmK>TUe3C){0OUXf^o%!c|p<5Fo;24XIYbJs4U7>b)ShbNX{TSzh` zJtl_%Km>he@{GpvjQ;R7qqK$7?gC}kGJp(xXKf;V^9@{R&0p@g811|`bj86B3(wr> ztVLW1MI7KshHq69>=K2Tf0lvX%v(tqB_5x>)6)aFmEcd#hQZr zQvD4k1Njx*85x*zu$YOD0J zUl)_9{^@0ebL0Qaa&lgE?PbNK)RJOkPS9X8^mfM0h`crAu=u(3d1kcy>K^J(47BP= z>9nn~ENYX9sH%CN)G4zWNP)Kc%6eJtsX0{HLRK#2K~rAhMk{^p!G+Pk=n9)RIuH7OgcNy4NDZONv0_+`O@RcY+|5M#gOExub4k{ z$i!btrPw(mnlv?@f1Nt0a^>4T4Px*CT;f@XVzaT!fSFa&_!#(3w7h{QRm`|Km6841 zs&OeEYnsK#8QG;}vd@eq$ zeF1_Hsfe>X#t2GQUXPV^bTCCX^krJJ9GOTLmz7DuxB}J`%1H?YL$+Z_$WGS5LqS{6 zr>#{{HKuF^3#dKCLWf=6DHCCW}Q9|jX+GRK|Oj$9MKyA42v+X6FFSYunPMA-dVG| zxQ*Yap8>}>0688rI`Nkp09nO-_HK+y!;`ta^Pl<$7jpYqx8*-h= z?niYiuT`6>OF6qMLZ|64`cx9`_;i){m!x4sr3L#phGsvM|Z4y&-R7ETq zAm*b{#WHcVgyhm^Y{d%3@goVPdBP(uDbBh&J5X6z?>;v$)9lodu=$EBN#CKZCx5CZ zBGNfm)s#~Z-Q825lw=>YJHT`sO62NyIQxSc--eV%!F2GX7x}<00o0LBo#NxfF@iZ)X3MHgo^v}dQLirGZf*qwq;1+sdW^% z{O)lQ#}uHL8P9`KLN3e8RL|9>oU$n%4JvLsiOkXJLLc?1zamnV^-=Jv9FYcG5D`BG zkHjFUoSZx5G+~XE(0@Uj3do>lcv9x&%6F$^ILQjINz1sHW=%-PBU>(QBoh(w2xFQ& z;$O%!MKd>Nldiju8Ec1Y9VOGf8qNs7=Bb^5m$*gGDW~cUCDLMiPYdZw+*v`irwJ6; zydS!zI8rf?rl_`q;>_GZTc=qwjA24QA}`K zp9;-HJR}sB9f_ghF11q$0Cw*viTHsW88IutVy z3#6417bt0!lw?f^ut{){Z|uCVVkXw80q5yQqoG!77{LLKOJgPaou5c)VXAI zi{U%$&X}U3y(J!sNG{{s?Nh*b6h_F(R2_43$-|`{ z(cJx#t~L};a6b%o$r_(Z`yJI^jDvQJ%`DO)cFfHus@zLX$g$5y{d&k){yj_$WHK>t zePZp9`ic8L&C+4TAhjj;T{f#kuBi(}Xe=}5wl1^J?(vp#gE_Fz^Tt>P*DTvGYk|)NY29Cb# zOWrp7#&bEU@uqk=>fuh5J`{Ts?M@KA>%tz@bH|r9q~so-?yGT&K0F#TB%3{G=lryB z*N!@p_m0JP#TjwLCpys39h>mr$jTn~I#QZBs``Po4+qwLx6^S(cRO`gtTj4cHi5o4cU#vb8glt-dDYwuhDcI!Go*!S8eRJ>P zIP~u_Fb7S> z{4AbUZ0+o2OhfoBG}+hd>Fiw z_c1<(6I#A5ZqKgK&)osNcCGeu8`wl7o^V+iXUK#n&4;nf_h5&$)x%~-o7-)QVA}&1;iS{M;CFo#t>1*(UwXVFJt-|bnGu>u zvy=whT*albA024XhHqa+Ol^7U0zaYgpN@hBzD$SmdwH5#q5cSA>%f&`a|WTK4>yI` zvGzR1^wrW)qMQ}x2Wi{miRR^&Xed`%)#VEK! zgVpkVo*7h75i6FxA29dWF#k;aT-|`ZQI>(-agE+@r=RICGivWq2UgNew+81^DJ`g5 z&S19^8t-P>f4rHrI48x+EGsFqj;P*3=3Zo@|32Au(A!s1t5C#2TD@E(?%*Fij%2sjq589%9d?0O#TFZH*_n{lqX+&_Y~H#d7Z z8+H4JCFpz-a09jaL9TAlYOY~8#-f6=d;|(SXk*d90i8H1%o?rP(FPfyjTuCNGiE>w zUHWg2R&;&VzP|Q2pmvgr*~esB1stykF2dqEKlSU3tsdIAJgUsN=-k|5@Mjg=WUo_B zw|M1uj*UwB>-Jn6II~nQfz&R5;XcrF`Owze8fztHe+mQm9MDH9JjJ4a(Datg@*dnXG!TVVrd6MS-EPDXkL4tfT9rr(x@k&T9)m5iRA z?024wo$>!~in61Dy}gMsKAot6wUY@XoxHM$I<4scY2?a-nohDX1`^ybh`<0Mhd)G= z(~y%>FaiOF2%?gpA`(adIg&uaeV<`Kt_g<+qH-*PT!M&*0xBSvBc~8i5o16|!_j{&~5`vxYTt+V9a_i|B@o-zNvMavC6zPEepEPL!yu zD@sD>Lw-JS9oY}U>ge~x=DAhH;X>DFST7}R+iojV zVoILPF-M&3o7kacccPMeWd)`dchC^qZ}8`s1BxlE?|qEi3R zc5O&?DHlxD%s^4HHF7)~AU!?z*j`xu5>(O7IVod&9I8}0vCpP*svT$6FViKnTdnHc zE}h>p_pq0jTFaCNpYxyYwS^VN$VY#OzgWWR^`G+u4z=7bbSRr=)jzqSyU4Nrx)NL; zuKhx3(6f7kky?WpcVG2wQY&UN?^i-njBRU(Assb(yufSUW`%d*CL~livsCsN)4YJ(R(R&U2=ZiZUJHnRmy6{ za!pzuePPdxE_MYxm4D-F)D5Dl%wZbLzkK)*h-wOWmCdlx+(=H!gw(S=M(GOY zJl3njRTQdSl1$bmS%P;{3-bfRY->Maq=JFO&58b5_M`7~y6tfOfGnZA}8ohi5485uDPN9 zNfJA;Bc{DJD4pc=Yids4wKUd9@vWs6A!o<{`^?HXpp$OBQxkVmZJ!bG@lfg*>2qgq zidMX~pp<+6!pRs6zg94{i8+1R5OFJD_M>t~Ih7ARP-I;JVKoLYHCa~Lx2r2@+0Lcg z!8RP0bb9`gx!6fHyk)v~q?{mVm+DLHy?2*73DqHOT|4)`)26xbOk8-nv6C3kkn@Fr zwBDYSTVwZ9n~hN})_ia3ov+W1O%QmVt8T_F>7U2$xx6#x={YV#mb{l#28{@q8-%B|Yqfq?{z*eT@IEJM zX3|u#?Py|BtR-Gf&;F)Ofj|b{uv|et=WmT|EXj5`8&&bZ^7ehwYufPAug#}t(Z|+M z*IkCQX$6yY&SsVK>?O0Prg(lcV$ACeez@pO@|UlEQTb)W@$WqMtLD5+(HfDH46*N0 zJ0B9%|5szc{G~DcfoRUhDV|W6EtO0O1HNe3w4KPSE z;QyNlwwppLiFr@#bIb%JYMpa7x?cIfWW#}0XsFZ*n( zdgbuX@n!nM5&cVq7iqrMFMSfO$d&JJz#h%6!rk4YXz9Noii0_R^A>vs@ba3A!Bk}F zYn!Xtb?TB<+8GrkDtGSXs?27X{B&|mG%MI{&WA3=jN8%3JaX!Q0$*h9aN`+T66BDZ zh-t9W%M&Y!Y2}A1rls{iU@i?Zx0{N?+BA2Ga@|1q_c#e&zEOzegWK^85xqPVo3GK{YCDy{62K9KGf}IX#3|nXO%f*Uu4kXeqEcSy8Gg zpHdUCdXxJPB~?r&dEQj8nfveyJ+k5nS0XKv=-3+9@(q#&QuY{bLWiw3L@hoqh`h^C hEwLT^?}N!;k^-5b!fOWIAe*u0V5q|&x literal 0 HcmV?d00001 diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/spec/fee_distribution/f1_fee_distr.tex b/copy-of-sdk-versioned_docs/version-0.53/build/spec/fee_distribution/f1_fee_distr.tex new file mode 100644 index 00000000..22e86102 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/spec/fee_distribution/f1_fee_distr.tex @@ -0,0 +1,245 @@ +\documentclass[]{article} +\usepackage{hyperref} + +%opening +\title{F1 Fee Distribution Draft-02} +\author{Dev Ojha} + +\begin{document} + +\maketitle + +\begin{abstract} + In a proof of stake blockchain, validators need to split the rewards gained from transaction fees each block. Furthermore, these fees must be fairly distributed to each of a validator's constituent delegators. They accrue this reward throughout the entire time they are delegated, and they have a special operation to withdraw accrued rewards. + + The F1 fee distribution scheme works for any algorithm to split funds between validators each block, with minimal iteration, and the only approximations being due to finite decimal precision. Per block there is a single iteration over the validator set, to enable reward algorithms that differ by validator. No iteration is required to delegate, or withdraw. The state usage is one state update per validator per block, and one state entry per active delegation. It can optionally handle arbitrary inflation schemes, and auto-bonding of rewards. +\end{abstract} + +\section{F1 Fee Distribution} + +\subsection{Context} +In a proof of stake blockchain, each validator has an associated stake. +Transaction fees get rewarded to validators based on the incentive scheme of the underlying proof of stake model. +The fee distribution problem occurs in proof of stake blockchains supporting delegation, as there is a need to distribute a validator's fee rewards to its delegators. +The trivial solution of just giving the rewards to each delegator every block is too expensive to perform on-chain. +So instead fee distribution algorithms have delegators perform a withdraw action, which when performed yields the same total amount of fees as if they had received them at every block. + +This details F1, an approximation-free, slash-tolerant fee distribution algorithm which allows validator commission-rates, inflation rates, and fee proportions, which can all efficiently change per validator, every block. +The algorithm requires iterating over the bonded validators every block, and withdraws require no iteration. +This is cheap, due to staking logic already requiring iteration over all validators, which causes the expensive state-reads to be cached. + +The key point of how F1 works is that it tracks how much rewards a delegator with 1 stake for a given validator would be entitled to if it had bonded at block 0 until the latest block. +When a delegator bonds at block $b$, the amount of rewards a delegator with 1 stake would have if bonded at block 0 until block $b$ is also persisted to state. +When the delegator withdraws, they receive the difference of these two values. +Since rewards are distributed according to stake-weighting, this amount of rewards can be scaled by the amount of stake a delegator had. +Section 1.2 describes this in more detail, with an argument for it being approximation free. +Section 2 details how to adapt this algorithm to handle commission rates, slashing, and inflation. + +\subsection{Base algorithm} +In this section, we show that the F1 base algorithm gives each delegator rewards identical to that which they'd receive in the naive and correct fee distribution algorithm that iterated over all delegators every block. + +Even distribution of a validators rewards amongst its validators weighted by stake means the following: +Suppose a delegator delegates $x$ stake to a validator $v$ at block $h$. +Let the amount of stake the validator has at block $i$ be $s_i$ and the amount of fees they receive at this height be $f_i$. +Then if a delegator contributing $x$ stake decides to withdraw at block $n$, the rewards they receive are +$$\sum_{i = h}^{n} \frac{x}{s_i}f_i = x \sum_{i = h}^{n} \frac{f_i}{s_i}$$ + +Note that $s_i$ does not change every block, +it only changes if the validator gets slashed, +or if any delegator alters the amount they have delegated. +We'll relegate handling of slashes to \autoref{ssec:slashing}, +and only consider the case with no slashing here. +We can change the iteration from being over every block, to instead being over the set of blocks between two changes in validator $v$'s total stake. +Let each of these set of blocks be called a period. +A new period begins every time that validator's total stake changes. +Let the total amount of stake for the validator in period $p$ be $n_p$. +Let $T_p$ be the total fees that validator $v$ accrued in period $p$. +Let $h$ be the start of period $p_{init}$, and height $n$ be the end of $p_{final}$. +It follows that +$$x \sum_{i = h}^{n} \frac{f_i}{s_i} = x \sum_{p = p_{init}}^{p_{final}} \frac{T_p}{n_p}$$ + +Let $p_0$ represent the period which begins when the validator first bonds. +The central idea to the F1 model is that at the end of the $k$th period, +the following is stored at a state location indexable by $k$: $\sum_{i=0}^{k}\frac{T_i}{n_i}$. +Let the index of the current period be $f$. +When a delegator wants to delegate or withdraw their reward, they first create a new entry in state to end the current period. +Then this entry is created using the previous entry as follows: +$$Entry_f = \sum_{i=0}^{f}\frac{T_i}{n_i} = \sum_{i=0}^{f-1}\frac{T_i}{n_i} + \frac{T_f}{n_f} = Entry_{f-1} + \frac{T_f}{n_f}$$ +Where $T_f$ is the fees the validator has accrued in period $f$, and $n_f$ is the validators total amount of stake in period $f$. + +The withdrawer's delegation object has the index $k$ for the period which they ended by bonding. (They start receiving rewards for period $k + 1$) +The reward they should receive when withdrawing is: + +$$x \sum_{i = k + 1}^{f} \frac{T_i}{n_i} = x\left(\left(\sum_{i=0}^{f}\frac{T_i}{n_i}\right) - \left(\sum_{i=0}^{k}\frac{T_i}{n_i}\right)\right) = x\left(Entry_f - Entry_k\right)$$ + +It is clear from the equations that this payout mechanism maintains correctness, and requires no iterations. It just needed the two state reads for these entries. + +$T_f$ is a separate variable in state for the amount of fees this validator has accrued since the last update to its power. +This variable is incremented at every block by however much fees this validator received that block. +On the update to the validators power, this variable is used to create the entry in state at $f$, and is then reset to 0. + +This fee distribution proposal is agnostic to how all of the blocks fees are divied up between validators. +This creates many nice properties, for example it is possible to only rewarding validators who signed that block. + +\section{Additional add-ons} +\subsection{Commission Rates} +Commission rates are the idea that a validator can take a fixed $x\%$ cut of all of their received fees, before redistributing evenly to the constituent delegators. +This can easily be done as follows: + +In block $h$ a validator receives $f_h$ fees. +Instead of incrementing that validators ``total accrued fees this period variable" by $f_h$, it is instead incremented by $(1 - commission\_rate) * f_p$. +Then $commission\_rate * f_p$ is deposited directly to the validator's account. +This allows for efficient updates to a validator's commission rate every block if desired. +More generally, each validator could have a function which takes their fees as input, and outputs a set of outputs to pay these fees too. (i.e. x\% going to themselves, y\% to delegators, z\% burnt) + +\subsection{Slashing} +\label{ssec:slashing} +Slashing is distinct from withdrawals, since it lowers the stake of all of the delegator's by a fixed percentage. +Since no one is charged gas for slashes, a slash cannot iterate over all delegators. +Thus we can no longer just multiply by $x$ over the difference in stake. +This section describes a simple solution that should suffice for most chains needs. An asymptotically optimal solution is provided in section 2.4. +TODO: Consider removing this section in favor of just using the current section 2.4? + +The solution here is to instead store each period created by a slash in the validators state. +Then when withdrawing, you must iterate over all slashes between when you started and ended. +Suppose you delegated at period $0$, a y\% slash occurred at period $2$, and your withdrawal creates period $4$. +Then you receive funds from periods $0$ to $2$ as normal. +The equations for funds you receive for periods $2$ to $4$ now uses $(1 - y)x$ for your stake instead of just $x$ stake. +When there are multiple slashes, you just account for the accumulated slash factor. + +In practice this will not really be an efficiency hit, as the number of slashes is expected to be 0 or 1 for most validators. +Validators that get slashed more will naturally lose their delegators. +A malicious validator that gets itself slashed many times would increase the gas to withdraw linearly, but the economic loss of funds due to the slashes is expected to far out-weigh the extra overhead the honest withdrawer must pay for due to the gas. +(TODO: frame that above sentence in terms of griefing factors, as thats more correct) + +\subsection{Inflation} +Inflation is the idea that we want every staked coin to create more staking tokens as time progresses. +The purpose being to drive down the relative worth of unstaked tokens. +Each block, every staked token should produce $x$ staking tokens as inflation, where $x$ is calculated from a function $inflation$ which takes state and the block information as input. +Let $x_i$ represent the evaluation of $inflation$ in the $i$th block. +The goal of this section is to auto-bond inflation in the fee distribution model without iteration. +This is done by preserving the invariant that every state entry contains the rewards one would have if they had bonded one stake at genesis until that corresponding block. + +In state a variable should be kept for the number of tokens one would have now due to inflation, +given that they bonded one token at genesis. +This is $\prod_{0}^{now} (1 + x_i)$. +Each period now stores this total inflation product along with what it already stores per-period. + +Let $R_i$ be the fee rewards in block $i$, and $n_i$ be the total amount bonded to that validator in that block. +The correct amount of rewards which 1 token at genesis should have now is: +$$Reward(now) = \sum_{i = 0}^{now}\left(\prod_{j = 0}^{i} 1 + x_j \right) * \frac{R_i}{n_i}$$ +The term in the sum is the amount of stake one stake becomes due to inflation, multiplied by the amount of fees per stake. + +Now we cast this into the period frame of view. +Recall that we build the rewards by creating a state entry for the rewards of the previous period, and keeping track of the rewards within this period. +Thus we first define the correct amount of rewards for each successive period, proving correctness of this via induction. +We then show that the state entry that gets efficiently built up block by block is equal to this value for the latest period. + +Let $start, end$ denote the start/end of a period. + +Suppose that $\forall f > 0$, $Reward(end(f))$ is correctly constructed as +$$Reward(end(f)) = Reward(end(f-1)) + \sum_{i = start(f)}^{end(f)}\left(\prod_{j = 0}^{i} 1 + x_j \right) \frac{R_i}{n_i}$$ +and that for $f = 0$, $Reward(end(0)) = 0$. +(With period 1 being defined as the period that has the first bond into it) +It must be shown that assuming the supposition $\forall f \leq f_0$, $$Reward(end(f_0 + 1)) = Reward(end(f_0)) + \sum_{i = start(f_0 + 1)}^{end(f_0 + 1)}\left(\prod_{j = 0}^{i} 1 + x_j \right) \frac{R_i}{n_i}$$ +Using the definition of $Reward$, it follows that: +$$\sum_{i = 0}^{end(f_0 + 1)}\left(\prod_{j = 0}^{i} 1 + x_j \right) * \frac{R_i}{n_i} = \sum_{i = 0}^{end(f_0)}\left(\prod_{j = 0}^{i} 1 + x_j \right) * \frac{R_i}{n_i} + \sum_{i = start(f_0 + 1)}^{end(f_0 + 1)}\left(\prod_{j = 0}^{i} 1 + x_j \right) \frac{R_i}{n_i}$$ + +Since the first summation on the right hand side is $Reward(end(f_0))$, the supposition is proven true. +Consequently, the reward for just period $f$ adjusted for the amount of inflation 1 token at genesis would produce, is: +$$\sum_{i = start(f)}^{end(f)}\left(\prod_{j = 0}^{i} 1 + x_j \right) \frac{R_i}{n_i}$$ + +TODO: make this proof + pre-amble less verbose, and just wrap up into a lemma. +Maybe just leave this proof or the last part to the reader, since it easily follows from summation bounds. + +Now note that +$$\sum_{i = start(f)}^{end(f)}\left(\prod_{j = 0}^{i} 1 + x_j \right) \frac{R_i}{n_i} = \left(\prod_{j = 0}^{end(f - 1)} 1 + x_j \right)\sum_{i = start(f)}^{end(f)}\left(\prod_{j = start(f)}^{i} 1 + x_j \right) \frac{R_i}{n_i}$$ +By definition of period, and inflation being applied every block, \\ +$n_i = n_{start(f)}\left(\prod_{j = start(f)}^{i} 1 + x_j \right)$. This cancels out the product in the summation, therefore +$$\sum_{i = start(f)}^{end(f)}\left(\prod_{j = 0}^{i} 1 + x_j \right) \frac{R_i}{n_i} = \left(\prod_{j = 0}^{end(f - 1)} 1 + x_j \right)\frac{\sum_{i = start(f)}^{end(f)}R_i}{n_{start(f)}}$$ + +Thus every block, each validator just has to add the total amount of fees (The $R_i$ term) that goes to delegates to some per-period term. +When creating a new period, $n_{start(f)}$ can be cached in state, and the product is already stored in the previous periods state entry. +You then get the next period's $n_{start(f)}$ from the consensus' power entry for this validator. +This is thus extremely efficient per block. + +When withdrawing, you take the difference as before, +which yields the amount of rewards you would have obtained with $(\prod_0^{begin\ bonding\ period}1 + x)$ stake from the block you began bonding at until now. +$(\prod_0^{begin\ bonding\ period}1 + x)$ is known, since its included in the state entry for when you bonded. +You then divide the entitled fees by $(\prod_0^{begin\ bonding\ period}1 + x)$ to normalize it to being the amount of rewards you're entitled to from 1 stake at that block to now. +Then as before, you multiply by the amount of stake you had initially bonded. +\\TODO: (Does the difference equating to that make sense, or should it be shown explicitly) +\\TODO: Does this need to explain how the originally bonded tokens are refunded, or is that clear? + +The inflation function could vary per block, +and per validator if ever a need rose. +If the inflation rate is the same for everyone then there can be a single global store for the entries corresponding to the product of inflations. +Inflation creation can trivially be epoched as long as inflation isn't required within the epoch, through changes to the $inflation$ function. + +\subsection{Withdrawing with no iteration over slashes} +Notice that a slash is the same as a negative inflation rate for a validator in one block. +For example a $20\%$ slash is equivalent to a $-20\%$ inflation for a validator in a block. +Given correctness of auto-bonding inflation with different inflation rates per-validator, +it follows that handling slashes can be correctly done by simply subtracting the validators inflation factor in that block to be the negative of the slash factor. +This significantly simplifies the withdrawal procedure. + +\subsection{Auto bonding fees} +TODO: Fill this out. +Core idea: you use the same mechanism as previously, but you just don't take that optimization with $n_{i}$ and the $n_{start}$ relation. +Fairly simple to do. + +\subsection{Delegation updates} +Updating your delegation amount is equivalent to withdrawing earned rewards and a fully independent new delegation occurring in the same block. +The same applies for redelegation. +From the view of fee distribution, partial redelegation is the same as a delegation update + a new delegation. + +\subsection{Jailing / being kicked out of the validator set} +This basically requires no change. +In each block you only iterate over the currently bonded validators. +So you simply don't update the "total accrued fees this period" variable for jailed / non-bonded validators. +Withdrawing requires \textit{no} special casing here! + +\section{State Requirements} +State entries can be pruned quite effectively. +Suppose for the sake of exposition that there is at most one delegation / withdrawal to a particular validator in any given block. +Then each delegation is responsible for one addition to state. +Only the next period, and this delegator's withdrawal could depend on this entry. Thus once this delegator withdraws, this state entry can be pruned. +For the entry created by the delegator's withdrawal, that is only required by the creation of the next period. +Thus once the next period is created, that withdrawal's period can be deleted. + +This can be easily adapted to the case where there are multiple delegations / withdrawals per block, by maintaining a reference count in each period starting state entry. + +The slash entries for a validator can only be pruned when all of that validator's delegators have their bonding period starting after the slash. +This seems ineffective to keep track of, thus it is not worth it. +Each slash should instead remain in state until the validator unbonds and all delegators have their fees withdrawn. + +\section{Implementers Considerations} +TODO: Convert this section into a proper conclusion + +This is an extremely simple scheme with many nice benefits. +\begin{itemize} + \item The overhead per block is a simple iteration over the bonded validator set, which occurs anyway. (Thus it can be implemented ``for-free" with an optimized code-base) + \item Withdrawing earned fees only requires iterating over slashes since when you bonded. (Which is a negligible iteration) + \item There are no approximations in any of the calculations. (modulo minor errata resulting from fixed precision decimals used in divisions) + \item Supports arbitrary inflation models. (Thus could even vary upon block signers) + \item Supports arbitrary fee distribution amongst the validator set. (Thus can account for things like only online validators get fees, which has important incentivization impacts) + \item The above two can change on a live chain with no issues. + \item Validator commission rates can be changed every block + \item The simplicity of this scheme lends itself well to implementation +\end{itemize} + +Thus this scheme has efficiency improvements, simplicity improvements, and expressiveness improvements over the currently proposed schemes. With a correct fee distribution amongst the validator set, this solves the existing problem where one could withhold their signature for risk-free gain. + +\section{TO DOs} + +\begin{itemize} + \item A global fee pool can be described. + \item Mention storage optimization for how to prune slashing entries in the uniform inflation and iteration over slashing case + \item Add equation numbers + \item perhaps re-organize so that the no iteration + \item Section on decimal precision considerations (would unums help?), and mitigating errors in calculation with floats and decimals. -- This probably belongs in a corrollary markdown file in the implementation + \item Consider indicating that the withdraw action need not be a tx type and could instead happen 'transparently' when more coins are needed, if a chain desired this for UX / p2p efficiency. +\end{itemize} + + +\end{document} diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/spec/store/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/spec/store/README.md new file mode 100644 index 00000000..c53d69c6 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/spec/store/README.md @@ -0,0 +1,235 @@ +# Store + +The store package defines the interfaces, types and abstractions for Cosmos SDK +modules to read and write to Merkleized state within a Cosmos SDK application. +The store package provides many primitives for developers to use in order to +work with both state storage and state commitment. Below we describe the various +abstractions. + +## Types + +### `Store` + +The bulk of the store interfaces are defined [here](https://github.com/cosmos/cosmos-sdk/blob/main/store/types/store.go), +where the base primitive interface, for which other interfaces build off of, is +the `Store` type. The `Store` interface defines the ability to tell the type of +the implementing store and the ability to cache wrap via the `CacheWrapper` interface. + +### `CacheWrapper` & `CacheWrap` + +One of the most important features a store has the ability to perform is the +ability to cache wrap. Cache wrapping is essentially the underlying store wrapping +itself within another store type that performs caching for both reads and writes +with the ability to flush writes via `Write()`. + +### `KVStore` & `CacheKVStore` + +One of the most important interfaces that both developers and modules interface +with, which also provides the basis of most state storage and commitment operations, +is the `KVStore`. The `KVStore` interface provides basic CRUD abilities and +prefix-based iteration, including reverse iteration. + +Typically, each module has it's own dedicated `KVStore` instance, which it can +get access to via the `sdk.Context` and the use of a pointer-based named key -- +`KVStoreKey`. The `KVStoreKey` provides pseudo-OCAP. How a exactly a `KVStoreKey` +maps to a `KVStore` will be illustrated below through the `CommitMultiStore`. + +Note, a `KVStore` cannot directly commit state. Instead, a `KVStore` can be wrapped +by a `CacheKVStore` which extends a `KVStore` and provides the ability for the +caller to execute `Write()` which commits state to the underlying state storage. +Note, this doesn't actually flush writes to disk as writes are held in memory +until `Commit()` is called on the `CommitMultiStore`. + +### `CommitMultiStore` + +The `CommitMultiStore` interface exposes the the top-level interface that is used +to manage state commitment and storage by an SDK application and abstracts the +concept of multiple `KVStore`s which are used by multiple modules. Specifically, +it supports the following high-level primitives: + +* Allows for a caller to retrieve a `KVStore` by providing a `KVStoreKey`. +* Exposes pruning mechanisms to remove state pinned against a specific height/version + in the past. +* Allows for loading state storage at a particular height/version in the past to + provide current head and historical queries. +* Provides the ability to rollback state to a previous height/version. +* Provides the ability to to load state storage at a particular height/version + while also performing store upgrades, which are used during live hard-fork + application state migrations. +* Provides the ability to commit all current accumulated state to disk and performs + Merkle commitment. + +## Implementation Details + +While there are many interfaces that the `store` package provides, there is +typically a core implementation for each main interface that modules and +developers interact with that are defined in the Cosmos SDK. + +### `iavl.Store` + +The `iavl.Store` provides the core implementation for state storage and commitment +by implementing the following interfaces: + +* `KVStore` +* `CommitStore` +* `CommitKVStore` +* `Queryable` +* `StoreWithInitialVersion` + +It allows for all CRUD operations to be performed along with allowing current +and historical state queries, prefix iteration, and state commitment along with +Merkle proof operations. The `iavl.Store` also provides the ability to remove +historical state from the state commitment layer. + +An overview of the IAVL implementation can be found [here](https://github.com/cosmos/iavl/blob/master/docs/overview.md). +It is important to note that the IAVL store provides both state commitment and +logical storage operations, which comes with drawbacks as there are various +performance impacts, some of which are very drastic, when it comes to the +operations mentioned above. + +When dealing with state management in modules and clients, the Cosmos SDK provides +various layers of abstractions or "store wrapping", where the `iavl.Store` is the +bottom most layer. When requesting a store to perform reads or writes in a module, +the typical abstraction layer in order is defined as follows: + +```text +iavl.Store <- cachekv.Store <- gaskv.Store <- cachemulti.Store <- rootmulti.Store +``` + +### Concurrent use of IAVL store + +The tree under `iavl.Store` is not safe for concurrent use. It is the +responsibility of the caller to ensure that concurrent access to the store is +not performed. + +The main issue with concurrent use is when data is written at the same time as +it's being iterated over. Doing so will cause a irrecoverable fatal error because +of concurrent reads and writes to an internal map. + +Although it's not recommended, you can iterate through values while writing to +it by disabling "FastNode" **without guarantees that the values being written will +be returned during the iteration** (if you need this, you might want to reconsider +the design of your application). This is done by setting `iavl-disable-fastnode` +to `true` in the config TOML file. + +### `cachekv.Store` + +The `cachekv.Store` store wraps an underlying `KVStore`, typically a `iavl.Store` +and contains an in-memory cache for storing pending writes to underlying `KVStore`. +`Set` and `Delete` calls are executed on the in-memory cache, whereas `Has` calls +are proxied to the underlying `KVStore`. + +One of the most important calls to a `cachekv.Store` is `Write()`, which ensures +that key-value pairs are written to the underlying `KVStore` in a deterministic +and ordered manner by sorting the keys first. The store keeps track of "dirty" +keys and uses these to determine what keys to sort. In addition, it also keeps +track of deleted keys and ensures these are also removed from the underlying +`KVStore`. + +The `cachekv.Store` also provides the ability to perform iteration and reverse +iteration. Iteration is performed through the `cacheMergeIterator` type and uses +both the dirty cache and underlying `KVStore` to iterate over key-value pairs. + +Note, all calls to CRUD and iteration operations on a `cachekv.Store` are thread-safe. + +### `gaskv.Store` + +The `gaskv.Store` store provides a simple implementation of a `KVStore`. +Specifically, it just wraps an existing `KVStore`, such as a cache-wrapped +`iavl.Store`, and incurs configurable gas costs for CRUD operations via +`ConsumeGas()` calls defined on the `GasMeter` which exists in a `sdk.Context` +and then proxies the underlying CRUD call to the underlying store. Note, the +`GasMeter` is reset on each block. + +### `cachemulti.Store` & `rootmulti.Store` + +The `rootmulti.Store` acts as an abstraction around a series of stores. Namely, +it implements the `CommitMultiStore` an `Queryable` interfaces. Through the +`rootmulti.Store`, an SDK module can request access to a `KVStore` to perform +state CRUD operations and queries by holding access to a unique `KVStoreKey`. + +The `rootmulti.Store` ensures these queries and state operations are performed +through cached-wrapped instances of `cachekv.Store` which is described above. The +`rootmulti.Store` implementation is also responsible for committing all accumulated +state from each `KVStore` to disk and returning an application state Merkle root. + +Queries can be performed to return state data along with associated state +commitment proofs for both previous heights/versions and the current state root. +Queries are routed based on store name, i.e. a module, along with other parameters +which are defined in `abci.RequestQuery`. + +The `rootmulti.Store` also provides primitives for pruning data at a given +height/version from state storage. When a height is committed, the `rootmulti.Store` +will determine if other previous heights should be considered for removal based +on the operator's pruning settings defined by `PruningOptions`, which defines +how many recent versions to keep on disk and the interval at which to remove +"staged" pruned heights from disk. During each interval, the staged heights are +removed from each `KVStore`. Note, it is up to the underlying `KVStore` +implementation to determine how pruning is actually performed. The `PruningOptions` +are defined as follows: + +```go +type PruningOptions struct { + // KeepRecent defines how many recent heights to keep on disk. + KeepRecent uint64 + + // Interval defines when the pruned heights are removed from disk. + Interval uint64 + + // Strategy defines the kind of pruning strategy. See below for more information on each. + Strategy PruningStrategy +} +``` + +The Cosmos SDK defines a preset number of pruning "strategies": `default`, `everything` +`nothing`, and `custom`. + +It is important to note that the `rootmulti.Store` considers each `KVStore` as a +separate logical store. In other words, they do not share a Merkle tree or +comparable data structure. This means that when state is committed via +`rootmulti.Store`, each store is committed in sequence and thus is not atomic. + +In terms of store construction and wiring, each Cosmos SDK application contains +a `BaseApp` instance which internally has a reference to a `CommitMultiStore` +that is implemented by a `rootmulti.Store`. The application then registers one or +more `KVStoreKey` that pertain to a unique module and thus a `KVStore`. Through +the use of an `sdk.Context` and a `KVStoreKey`, each module can get direct access +to it's respective `KVStore` instance. + +Example: + +```go +func NewApp(...) Application { + // ... + + bApp := baseapp.NewBaseApp(appName, logger, db, txConfig.TxDecoder(), baseAppOptions...) + bApp.SetCommitMultiStoreTracer(traceStore) + bApp.SetVersion(version.Version) + bApp.SetInterfaceRegistry(interfaceRegistry) + + // ... + + keys := sdk.NewKVStoreKeys(...) + transientKeys := sdk.NewTransientStoreKeys(...) + memKeys := sdk.NewMemoryStoreKeys(...) + + // ... + + // initialize stores + app.MountKVStores(keys) + app.MountTransientStores(transientKeys) + app.MountMemoryStores(memKeys) + + // ... +} +``` + +The `rootmulti.Store` itself can be cache-wrapped which returns an instance of a +`cachemulti.Store`. For each block, `BaseApp` ensures that the proper abstractions +are created on the `CommitMultiStore`, i.e. ensuring that the `rootmulti.Store` +is cached-wrapped and uses the resulting `cachemulti.Store` to be set on the +`sdk.Context` which is then used for block and transaction execution. As a result, +all state mutations due to block and transaction execution are actually held +ephemerally until `Commit()` is called by the ABCI client. This concept is further +expanded upon when the AnteHandler is executed per transaction to ensure state +is not committed for transactions that failed CheckTx. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/spec/store/interblock-cache.md b/copy-of-sdk-versioned_docs/version-0.53/build/spec/store/interblock-cache.md new file mode 100644 index 00000000..cfa2edb5 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/spec/store/interblock-cache.md @@ -0,0 +1,289 @@ +# Inter-block Cache + +* [Inter-block Cache](#inter-block-cache) + * [Synopsis](#synopsis) + * [Overview and basic concepts](#overview-and-basic-concepts) + * [Motivation](#motivation) + * [Definitions](#definitions) + * [System model and properties](#system-model-and-properties) + * [Assumptions](#assumptions) + * [Properties](#properties) + * [Thread safety](#thread-safety) + * [Crash recovery](#crash-recovery) + * [Iteration](#iteration) + * [Technical specification](#technical-specification) + * [General design](#general-design) + * [API](#api) + * [CommitKVCacheManager](#commitkvcachemanager) + * [CommitKVStoreCache](#commitkvstorecache) + * [Implementation details](#implementation-details) + * [History](#history) + * [Copyright](#copyright) + +## Synopsis + +The inter-block cache is an in-memory cache storing (in-most-cases) immutable state that modules need to read in between blocks. When enabled, all sub-stores of a multi store, e.g., `rootmulti`, are wrapped. + +## Overview and basic concepts + +### Motivation + +The goal of the inter-block cache is to allow SDK modules to have fast access to data that it is typically queried during the execution of every block. This is data that do not change often, e.g. module parameters. The inter-block cache wraps each `CommitKVStore` of a multi store such as `rootmulti` with a fixed size, write-through cache. Caches are not cleared after a block is committed, as opposed to other caching layers such as `cachekv`. + +### Definitions + +* `Store key` uniquely identifies a store. +* `KVCache` is a `CommitKVStore` wrapped with a cache. +* `Cache manager` is a key component of the inter-block cache responsible for maintaining a map from `store keys` to `KVCaches`. + +## System model and properties + +### Assumptions + +This specification assumes that there exists a cache implementation accessible to the inter-block cache feature. + +> The implementation uses adaptive replacement cache (ARC), an enhancement over the standard last-recently-used (LRU) cache in that tracks both frequency and recency of use. + +The inter-block cache requires that the cache implementation to provide methods to create a cache, add a key/value pair, remove a key/value pair and retrieve the value associated to a key. In this specification, we assume that a `Cache` feature offers this functionality through the following methods: + +* `NewCache(size int)` creates a new cache with `size` capacity and returns it. +* `Get(key string)` attempts to retrieve a key/value pair from `Cache.` It returns `(value []byte, success bool)`. If `Cache` contains the key, it `value` contains the associated value and `success=true`. Otherwise, `success=false` and `value` should be ignored. +* `Add(key string, value []byte)` inserts a key/value pair into the `Cache`. +* `Remove(key string)` removes the key/value pair identified by `key` from `Cache`. + +The specification also assumes that `CommitKVStore` offers the following API: + +* `Get(key string)` attempts to retrieve a key/value pair from `CommitKVStore`. +* `Set(key, string, value []byte)` inserts a key/value pair into the `CommitKVStore`. +* `Delete(key string)` removes the key/value pair identified by `key` from `CommitKVStore`. + +> Ideally, both `Cache` and `CommitKVStore` should be specified in a different document and referenced here. + +### Properties + +#### Thread safety + +Accessing the `cache manager` or a `KVCache` is not thread-safe: no method is guarded with a lock. +Note that this is true even if the cache implementation is thread-safe. + +> For instance, assume that two `Set` operations are executed concurrently on the same key, each writing a different value. After both are executed, the cache and the underlying store may be inconsistent, each storing a different value under the same key. + +#### Crash recovery + +The inter-block cache transparently delegates `Commit()` to its aggregate `CommitKVStore`. If the +aggregate `CommitKVStore` supports atomic writes and use them to guarantee that the store is always in a consistent state in disk, the inter-block cache can be transparently moved to a consistent state when a failure occurs. + +> Note that this is the case for `IAVLStore`, the preferred `CommitKVStore`. On commit, it calls `SaveVersion()` on the underlying `MutableTree`. `SaveVersion` writes to disk are atomic via batching. This means that only consistent versions of the store (the tree) are written to the disk. Thus, in case of a failure during a `SaveVersion` call, on recovery from disk, the version of the store will be consistent. + +#### Iteration + +Iteration over each wrapped store is supported via the embedded `CommitKVStore` interface. + +## Technical specification + +### General design + +The inter-block cache feature is composed by two components: `CommitKVCacheManager` and `CommitKVCache`. + +`CommitKVCacheManager` implements the cache manager. It maintains a mapping from a store key to a `KVStore`. + +```go +type CommitKVStoreCacheManager interface{ + cacheSize uint + caches map[string]CommitKVStore +} +``` + +`CommitKVStoreCache` implements a `KVStore`: a write-through cache that wraps a `CommitKVStore`. This means that deletes and writes always happen to both the cache and the underlying `CommitKVStore`. Reads on the other hand first hit the internal cache. During a cache miss, the read is delegated to the underlying `CommitKVStore` and cached. + +```go +type CommitKVStoreCache interface{ + store CommitKVStore + cache Cache +} +``` + +To enable inter-block cache on `rootmulti`, one needs to instantiate a `CommitKVCacheManager` and set it by calling `SetInterBlockCache()` before calling one of `LoadLatestVersion()`, `LoadLatestVersionAndUpgrade(...)`, `LoadVersionAndUpgrade(...)` and `LoadVersion(version)`. + +### API + +#### CommitKVCacheManager + +The method `NewCommitKVStoreCacheManager` creates a new cache manager and returns it. + +| Name | Type | Description | +| ------------- | ---------|------- | +| size | integer | Determines the capacity of each of the KVCache maintained by the manager | + +```go +func NewCommitKVStoreCacheManager(size uint) CommitKVStoreCacheManager { + manager = CommitKVStoreCacheManager{size, make(map[string]CommitKVStore)} + return manager +} +``` + +`GetStoreCache` returns a cache from the CommitStoreCacheManager for a given store key. If no cache exists for the store key, then one is created and set. + +| Name | Type | Description | +| ------------- | ---------|------- | +| manager | `CommitKVStoreCacheManager` | The cache manager | +| storeKey | string | The store key of the store being retrieved | +| store | `CommitKVStore` | The store that it is cached in case the manager does not have any in its map of caches | + +```go +func GetStoreCache( + manager CommitKVStoreCacheManager, + storeKey string, + store CommitKVStore) CommitKVStore { + + if manager.caches.has(storeKey) { + return manager.caches.get(storeKey) + } else { + cache = CommitKVStoreCacheManager{store, manager.cacheSize} + manager.set(storeKey, cache) + return cache + } +} +``` + +`Unwrap` returns the underlying CommitKVStore for a given store key. + +| Name | Type | Description | +| ------------- | ---------|------- | +| manager | `CommitKVStoreCacheManager` | The cache manager | +| storeKey | string | The store key of the store being unwrapped | + +```go +func Unwrap( + manager CommitKVStoreCacheManager, + storeKey string) CommitKVStore { + + if manager.caches.has(storeKey) { + cache = manager.caches.get(storeKey) + return cache.store + } else { + return nil + } +} +``` + +`Reset` resets the manager's map of caches. + +| Name | Type | Description | +| ------------- | ---------|------- | +| manager | `CommitKVStoreCacheManager` | The cache manager | + +```go +function Reset(manager CommitKVStoreCacheManager) { + + for (let storeKey of manager.caches.keys()) { + manager.caches.delete(storeKey) + } +} +``` + +#### CommitKVStoreCache + +`NewCommitKVStoreCache` creates a new `CommitKVStoreCache` and returns it. + +| Name | Type | Description | +| ------------- | ---------|------- | +| store | CommitKVStore | The store to be cached | +| size | string | Determines the capacity of the cache being created | + +```go +func NewCommitKVStoreCache( + store CommitKVStore, + size uint) CommitKVStoreCache { + KVCache = CommitKVStoreCache{store, NewCache(size)} + return KVCache +} +``` + +`Get` retrieves a value by key. It first looks in the cache. If the key is not in the cache, the query is delegated to the underlying `CommitKVStore`. In the latter case, the key/value pair is cached. The method returns the value. + +| Name | Type | Description | +| ------------- | ---------|------- | +| KVCache | `CommitKVStoreCache` | The `CommitKVStoreCache` from which the key/value pair is retrieved | +| key | string | Key of the key/value pair being retrieved | + +```go +func Get( + KVCache CommitKVStoreCache, + key string) []byte { + valueCache, success := KVCache.cache.Get(key) + if success { + // cache hit + return valueCache + } else { + // cache miss + valueStore = KVCache.store.Get(key) + KVCache.cache.Add(key, valueStore) + return valueStore + } +} +``` + +`Set` inserts a key/value pair into both the write-through cache and the underlying `CommitKVStore`. + +| Name | Type | Description | +| ------------- | ---------|------- | +| KVCache | `CommitKVStoreCache` | The `CommitKVStoreCache` to which the key/value pair is inserted | +| key | string | Key of the key/value pair being inserted | +| value | []byte | Value of the key/value pair being inserted | + +```go +func Set( + KVCache CommitKVStoreCache, + key string, + value []byte) { + + KVCache.cache.Add(key, value) + KVCache.store.Set(key, value) +} +``` + +`Delete` removes a key/value pair from both the write-through cache and the underlying `CommitKVStore`. + +| Name | Type | Description | +| ------------- | ---------|------- | +| KVCache | `CommitKVStoreCache` | The `CommitKVStoreCache` from which the key/value pair is deleted | +| key | string | Key of the key/value pair being deleted | + +```go +func Delete( + KVCache CommitKVStoreCache, + key string) { + + KVCache.cache.Remove(key) + KVCache.store.Delete(key) +} +``` + +`CacheWrap` wraps a `CommitKVStoreCache` with another caching layer (`CacheKV`). + +> It is unclear whether there is a use case for `CacheWrap`. + +| Name | Type | Description | +| ------------- | ---------|------- | +| KVCache | `CommitKVStoreCache` | The `CommitKVStoreCache` being wrapped | + +```go +func CacheWrap( + KVCache CommitKVStoreCache) { + + return CacheKV.NewStore(KVCache) +} +``` + +### Implementation details + +The inter-block cache implementation uses a fixed-sized adaptive replacement cache (ARC) as cache. [The ARC implementation](https://github.com/hashicorp/golang-lru/blob/main/arc/arc.go) is thread-safe. ARC is an enhancement over the standard LRU cache in that tracks both frequency and recency of use. This avoids a burst in access to new entries from evicting the frequently used older entries. It adds some additional tracking overhead to a standard LRU cache, computationally it is roughly `2x` the cost, and the extra memory overhead is linear with the size of the cache. The default cache size is `1000`. + +## History + +Dec 20, 2022 - Initial draft finished and submitted as a PR + +## Copyright + +All content herein is licensed under [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0). diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/tooling/00-protobuf.md b/copy-of-sdk-versioned_docs/version-0.53/build/tooling/00-protobuf.md new file mode 100644 index 00000000..7f9e3315 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/tooling/00-protobuf.md @@ -0,0 +1,113 @@ +--- +sidebar_position: 1 +--- + +# Protocol Buffers + +It is known that Cosmos SDK uses protocol buffers extensively, this document is meant to provide a guide on how it is used in the cosmos-sdk. + +To generate the proto file, the Cosmos SDK uses a docker image, this image is provided to all to use as well. The latest version is `ghcr.io/cosmos/proto-builder:0.12.x` + +Below is the example of the Cosmos SDK's commands for generating, linting, and formatting protobuf files that can be reused in any applications makefile. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/Makefile#L411-L432 +``` + +The script used to generate the protobuf files can be found in the `scripts/` directory. + +```shell reference +https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/scripts/protocgen.sh +``` + +## Buf + +[Buf](https://buf.build) is a protobuf tool that abstracts the needs to use the complicated `protoc` toolchain on top of various other things that ensure you are using protobuf in accordance with the majority of the ecosystem. Within the cosmos-sdk repository there are a few files that have a buf prefix. Lets start with the top level and then dive into the various directories. + +### Workspace + +At the root level directory a workspace is defined using [buf workspaces](https://docs.buf.build/configuration/v1/buf-work-yaml). This helps if there are one or more protobuf containing directories in your project. + +Cosmos SDK example: + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/buf.work.yaml#L6-L9 +``` + +### Proto Directory + +Next is the `proto/` directory where all of our protobuf files live. In here there are many different buf files defined each serving a different purpose. + +```bash +├── README.md +├── buf.gen.gogo.yaml +├── buf.gen.pulsar.yaml +├── buf.gen.swagger.yaml +├── buf.lock +├── buf.md +├── buf.yaml +├── cosmos +└── tendermint +``` + +The above diagram all the files and directories within the Cosmos SDK `proto/` directory. + +#### `buf.gen.gogo.yaml` + +`buf.gen.gogo.yaml` defines how the protobuf files should be generated for use with in the module. This file uses [gogoproto](https://github.com/gogo/protobuf), a separate generator from the google go-proto generator that makes working with various objects more ergonomic, and it has more performant encode and decode steps + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/buf.gen.gogo.yaml#L1-L9 +``` + +:::tip +Example of how to define `gen` files can be found [here](https://docs.buf.build/tour/generate-go-code) +::: + +#### `buf.gen.pulsar.yaml` + +`buf.gen.pulsar.yaml` defines how protobuf files should be generated using the [new golang apiv2 of protobuf](https://go.dev/blog/protobuf-apiv2). This generator is used instead of the google go-proto generator because it has some extra helpers for Cosmos SDK applications and will have more performant encode and decode than the google go-proto generator. You can follow the development of this generator [here](https://github.com/cosmos/cosmos-proto). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/buf.gen.pulsar.yaml#L1-L18 +``` + +:::tip +Example of how to define `gen` files can be found [here](https://docs.buf.build/tour/generate-go-code) +::: + +#### `buf.gen.swagger.yaml` + +`buf.gen.swagger.yaml` generates the swagger documentation for the query and messages of the chain. This will only define the REST API end points that were defined in the query and msg servers. You can find examples of this [here](https://github.com/cosmos/cosmos-sdk/blob/main/proto/cosmos/bank/v1beta1/query.proto#L19) + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/buf.gen.swagger.yaml#L1-L6 +``` + +:::tip +Example of how to define `gen` files can be found [here](https://docs.buf.build/tour/generate-go-code) +::: + +#### `buf.lock` + +This is an autogenerated file based off the dependencies required by the `.gen` files. There is no need to copy the current one. If you depend on cosmos-sdk proto definitions a new entry for the Cosmos SDK will need to be provided. The dependency you will need to use is `buf.build/cosmos/cosmos-sdk`. + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/buf.lock#L1-L16 +``` + +#### `buf.yaml` + +`buf.yaml` defines the [name of your package](https://github.com/cosmos/cosmos-sdk/blob/main/proto/buf.yaml#L3), which [breakage checker](https://docs.buf.build/tour/detect-breaking-changes) to use and how to [lint your protobuf files](https://buf.build/docs/tutorials/getting-started-with-buf-cli#lint-your-api). + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/proto/buf.yaml#L1-L24 +``` + +We use a variety of linters for the Cosmos SDK protobuf files. The repo also checks this in ci. + +A reference to the github actions can be found [here](https://github.com/cosmos/cosmos-sdk/blob/main/.github/workflows/proto.yml#L1-L32) + +```go reference +https://github.com/cosmos/cosmos-sdk/blob/main/.github/workflows/proto.yml#L1-L32 +``` diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/tooling/01-cosmovisor.md b/copy-of-sdk-versioned_docs/version-0.53/build/tooling/01-cosmovisor.md new file mode 100644 index 00000000..3b5f722c --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/tooling/01-cosmovisor.md @@ -0,0 +1,411 @@ +--- +sidebar_position: 1 +--- + +# Cosmovisor + +`cosmovisor` is a process manager for Cosmos SDK application binaries that automates application binary switch at chain upgrades. +It polls the `upgrade-info.json` file that is created by the x/upgrade module at upgrade height, and then can automatically download the new binary, stop the current binary, switch from the old binary to the new one, and finally restart the node with the new binary. + +* [Design](#design) +* [Contributing](#contributing) +* [Setup](#setup) + * [Installation](#installation) + * [Command Line Arguments And Environment Variables](#command-line-arguments-and-environment-variables) + * [Folder Layout](#folder-layout) +* [Usage](#usage) + * [Initialization](#initialization) + * [Detecting Upgrades](#detecting-upgrades) + * [Adding Upgrade Binary](#adding-upgrade-binary) + * [Auto-Download](#auto-download) + * [Preparing for an Upgrade](#preparing-for-an-upgrade) +* [Example: SimApp Upgrade](#example-simapp-upgrade) + * [Chain Setup](#chain-setup) + * [Prepare Cosmovisor and Start the Chain](#prepare-cosmovisor-and-start-the-chain) + * [Update App](#update-app) + +## Design + +Cosmovisor is designed to be used as a wrapper for a `Cosmos SDK` app: + +* it will pass arguments to the associated app (configured by `DAEMON_NAME` env variable). + Running `cosmovisor run arg1 arg2 ....` will run `app arg1 arg2 ...`; +* it will manage an app by restarting and upgrading if needed; +* it is configured using environment variables, not positional arguments. + +*Note: If new versions of the application are not set up to run in-place store migrations, migrations will need to be run manually before restarting `cosmovisor` with the new binary. For this reason, we recommend applications adopt in-place store migrations.* + +:::tip +Only the latest version of cosmovisor is actively developed/maintained. +::: + +:::warning +Versions prior to v1.0.0 have a vulnerability that could lead to a DOS. Please upgrade to the latest version. +::: + +## Contributing + +Cosmovisor is part of the Cosmos SDK monorepo, but it's a separate module with it's own release schedule. + +Release branches have the following format `release/cosmovisor/vA.B.x`, where A and B are a number (e.g. `release/cosmovisor/v1.3.x`). Releases are tagged using the following format: `cosmovisor/vA.B.C`. + +## Setup + +### Installation + +You can download Cosmovisor from the [GitHub releases](https://github.com/cosmos/cosmos-sdk/releases/tag/cosmovisor%2Fv1.5.0). + +To install the latest version of `cosmovisor`, run the following command: + +```shell +go install cosmossdk.io/tools/cosmovisor/cmd/cosmovisor@latest +``` + +To install a specific version, you can specify the version: + +```shell +go install cosmossdk.io/tools/cosmovisor/cmd/cosmovisor@v1.5.0 +``` + +Run `cosmovisor version` to check the cosmovisor version. + +Alternatively, for building from source, simply run `make cosmovisor`. The binary will be located in `tools/cosmovisor`. + +:::warning +Installing cosmovisor using `go install` will display the correct `cosmovisor` version. +Building from source (`make cosmovisor`) or installing `cosmovisor` by other means won't display the correct version. +::: + +### Command Line Arguments And Environment Variables + +The first argument passed to `cosmovisor` is the action for `cosmovisor` to take. Options are: + +* `help`, `--help`, or `-h` - Output `cosmovisor` help information and check your `cosmovisor` configuration. +* `run` - Run the configured binary using the rest of the provided arguments. +* `version` - Output the `cosmovisor` version and also run the binary with the `version` argument. +* `config` - Display the current `cosmovisor` configuration, that means displaying the environment variables value that `cosmovisor` is using. +* `add-upgrade` - Add an upgrade manually to `cosmovisor`. This command allow you to easily add the binary corresponding to an upgrade in cosmovisor. + +All arguments passed to `cosmovisor run` will be passed to the application binary (as a subprocess). `cosmovisor` will return `/dev/stdout` and `/dev/stderr` of the subprocess as its own. For this reason, `cosmovisor run` cannot accept any command-line arguments other than those available to the application binary. + +`cosmovisor` reads its configuration from environment variables, or its configuration file (use `--cosmovisor-config `): + +* `DAEMON_HOME` is the location where the `cosmovisor/` directory is kept that contains the genesis binary, the upgrade binaries, and any additional auxiliary files associated with each binary (e.g. `$HOME/.gaiad`, `$HOME/.regend`, `$HOME/.simd`, etc.). +* `DAEMON_NAME` is the name of the binary itself (e.g. `gaiad`, `regend`, `simd`, etc.). +* `DAEMON_ALLOW_DOWNLOAD_BINARIES` (*optional*), if set to `true`, will enable auto-downloading of new binaries (for security reasons, this is intended for full nodes rather than validators). By default, `cosmovisor` will not auto-download new binaries. +* `DAEMON_DOWNLOAD_MUST_HAVE_CHECKSUM` (*optional*, default = `false`), if `true` cosmovisor will require that a checksum is provided in the upgrade plan for the binary to be downloaded. If `false`, cosmovisor will not require a checksum to be provided, but still check the checksum if one is provided. +* `DAEMON_RESTART_AFTER_UPGRADE` (*optional*, default = `true`), if `true`, restarts the subprocess with the same command-line arguments and flags (but with the new binary) after a successful upgrade. Otherwise (`false`), `cosmovisor` stops running after an upgrade and requires the system administrator to manually restart it. Note restart is only after the upgrade and does not auto-restart the subprocess after an error occurs. +* `DAEMON_RESTART_DELAY` (*optional*, default none), allow a node operator to define a delay between the node halt (for upgrade) and backup by the specified time. The value must be a duration (e.g. `1s`). +* `DAEMON_SHUTDOWN_GRACE` (*optional*, default none), if set, send interrupt to binary and wait the specified time to allow for cleanup/cache flush to disk before sending the kill signal. The value must be a duration (e.g. `1s`). +* `DAEMON_POLL_INTERVAL` (*optional*, default 300 milliseconds), is the interval length for polling the upgrade plan file. The value must be a duration (e.g. `1s`). +* `DAEMON_DATA_BACKUP_DIR` option to set a custom backup directory. If not set, `DAEMON_HOME` is used. +* `UNSAFE_SKIP_BACKUP` (defaults to `false`), if set to `true`, upgrades directly without performing a backup. Otherwise (`false`, default) backs up the data before trying the upgrade. The default value of false is useful and recommended in case of failures and when a backup needed to rollback. We recommend using the default backup option `UNSAFE_SKIP_BACKUP=false`. +* `DAEMON_PREUPGRADE_MAX_RETRIES` (defaults to `0`). The maximum number of times to call [`pre-upgrade`](https://docs.cosmos.network/main/build/building-apps/app-upgrade#pre-upgrade-handling) in the application after exit status of `31`. After the maximum number of retries, Cosmovisor fails the upgrade. +* `COSMOVISOR_DISABLE_LOGS` (defaults to `false`). If set to true, this will disable Cosmovisor logs (but not the underlying process) completely. This may be useful, for example, when a Cosmovisor subcommand you are executing returns a valid JSON you are then parsing, as logs added by Cosmovisor make this output not a valid JSON. +* `COSMOVISOR_COLOR_LOGS` (defaults to `true`). If set to true, this will colorise Cosmovisor logs (but not the underlying process). +* `COSMOVISOR_TIMEFORMAT_LOGS` (defaults to `kitchen`). If set to a value (`layout|ansic|unixdate|rubydate|rfc822|rfc822z|rfc850|rfc1123|rfc1123z|rfc3339|rfc3339nano|kitchen`), this will add timestamp prefix to Cosmovisor logs (but not the underlying process). +* `COSMOVISOR_CUSTOM_PREUPGRADE` (defaults to ``). If set, this will run $DAEMON_HOME/cosmovisor/$COSMOVISOR_CUSTOM_PREUPGRADE prior to upgrade with the arguments [ upgrade.Name, upgrade.Height ]. Executes a custom script (separate and prior to the chain daemon pre-upgrade command) +* `COSMOVISOR_DISABLE_RECASE` (defaults to `false`). If set to true, the upgrade directory will expected to match the upgrade plan name without any case changes + +### Folder Layout + +`$DAEMON_HOME/cosmovisor` is expected to belong completely to `cosmovisor` and the subprocesses that are controlled by it. The folder content is organized as follows: + +```text +. +├── current -> genesis or upgrades/ +├── genesis +│   └── bin +│   └── $DAEMON_NAME +└── upgrades +│ └── +│ ├── bin +│ │   └── $DAEMON_NAME +│ └── upgrade-info.json +└── preupgrade.sh (optional) +``` + +The `cosmovisor/` directory includes a subdirectory for each version of the application (i.e. `genesis` or `upgrades/`). Within each subdirectory is the application binary (i.e. `bin/$DAEMON_NAME`) and any additional auxiliary files associated with each binary. `current` is a symbolic link to the currently active directory (i.e. `genesis` or `upgrades/`). The `name` variable in `upgrades/` is the lowercased URI-encoded name of the upgrade as specified in the upgrade module plan. Note that the upgrade name path are normalized to be lowercased: for instance, `MyUpgrade` is normalized to `myupgrade`, and its path is `upgrades/myupgrade`. + +Please note that `$DAEMON_HOME/cosmovisor` only stores the *application binaries*. The `cosmovisor` binary itself can be stored in any typical location (e.g. `/usr/local/bin`). The application will continue to store its data in the default data directory (e.g. `$HOME/.simapp`) or the data directory specified with the `--home` flag. `$DAEMON_HOME` is dependent of the data directory and must be set to the same directory as the data directory, you will end up with a configuration like the following: + +```text +.simapp +├── config +├── data +└── cosmovisor +``` + +## Usage + +The system administrator is responsible for: + +* installing the `cosmovisor` binary +* configuring the host's init system (e.g. `systemd`, `launchd`, etc.) +* appropriately setting the environmental variables +* creating the `/cosmovisor` directory +* creating the `/cosmovisor/genesis/bin` folder +* creating the `/cosmovisor/upgrades//bin` folders +* placing the different versions of the `` executable in the appropriate `bin` folders. + +`cosmovisor` will set the `current` link to point to `genesis` at first start (i.e. when no `current` link exists) and then handle switching binaries at the correct points in time so that the system administrator can prepare days in advance and relax at upgrade time. + +In order to support downloadable binaries, a tarball for each upgrade binary will need to be packaged up and made available through a canonical URL. Additionally, a tarball that includes the genesis binary and all available upgrade binaries can be packaged up and made available so that all the necessary binaries required to sync a fullnode from start can be easily downloaded. + +The `DAEMON` specific code and operations (e.g. cometBFT config, the application db, syncing blocks, etc.) all work as expected. The application binaries' directives such as command-line flags and environment variables also work as expected. + +### Initialization + +The `cosmovisor init ` command creates the folder structure required for using cosmovisor. + +It does the following: + +* creates the `/cosmovisor` folder if it doesn't yet exist +* creates the `/cosmovisor/genesis/bin` folder if it doesn't yet exist +* copies the provided executable file to `/cosmovisor/genesis/bin/` +* creates the `current` link, pointing to the `genesis` folder + +It uses the `DAEMON_HOME` and `DAEMON_NAME` environment variables for folder location and executable name. + +The `cosmovisor init` command is specifically for initializing cosmovisor, and should not be confused with a chain's `init` command (e.g. `cosmovisor run init`). + +### Detecting Upgrades + +`cosmovisor` is polling the `$DAEMON_HOME/data/upgrade-info.json` file for new upgrade instructions. The file is created by the x/upgrade module in `BeginBlocker` when an upgrade is detected and the blockchain reaches the upgrade height. +The following heuristic is applied to detect the upgrade: + +* When starting, `cosmovisor` doesn't know much about currently running upgrade, except the binary which is `current/bin/`. It tries to read the `current/update-info.json` file to get information about the current upgrade name. +* If neither `cosmovisor/current/upgrade-info.json` nor `data/upgrade-info.json` exist, then `cosmovisor` will wait for `data/upgrade-info.json` file to trigger an upgrade. +* If `cosmovisor/current/upgrade-info.json` doesn't exist but `data/upgrade-info.json` exists, then `cosmovisor` assumes that whatever is in `data/upgrade-info.json` is a valid upgrade request. In this case `cosmovisor` tries immediately to make an upgrade according to the `name` attribute in `data/upgrade-info.json`. +* Otherwise, `cosmovisor` waits for changes in `upgrade-info.json`. As soon as a new upgrade name is recorded in the file, `cosmovisor` will trigger an upgrade mechanism. + +When the upgrade mechanism is triggered, `cosmovisor` will: + +1. if `DAEMON_ALLOW_DOWNLOAD_BINARIES` is enabled, start by auto-downloading a new binary into `cosmovisor//bin` (where `` is the `upgrade-info.json:name` attribute); +2. update the `current` symbolic link to point to the new directory and save `data/upgrade-info.json` to `cosmovisor/current/upgrade-info.json`. + +### Adding Upgrade Binary + +`cosmovisor` has an `add-upgrade` command that allows to easily link a binary to an upgrade. It creates a new folder in `cosmovisor/upgrades/` and copies the provided executable file to `cosmovisor/upgrades//bin/`. + +Using the `--upgrade-height` flag allows to specify at which height the binary should be switched, without going via a gorvernance proposal. +This enables support for an emergency coordinated upgrades where the binary must be switched at a specific height, but there is no time to go through a governance proposal. + +:::warning +`--upgrade-height` creates an `upgrade-info.json` file. This means if a chain upgrade via governance proposal is executed before the specified height with `--upgrade-height`, the governance proposal will overwrite the `upgrade-info.json` plan created by `add-upgrade --upgrade-height `. +Take this into consideration when using `--upgrade-height`. +::: + +### Auto-Download + +Generally, `cosmovisor` requires that the system administrator place all relevant binaries on disk before the upgrade happens. However, for people who don't need such control and want an automated setup (maybe they are syncing a non-validating fullnode and want to do little maintenance), there is another option. + +**NOTE: we don't recommend using auto-download** because it doesn't verify in advance if a binary is available. If there will be any issue with downloading a binary, the cosmovisor will stop and won't restart an App (which could lead to a chain halt). + +If `DAEMON_ALLOW_DOWNLOAD_BINARIES` is set to `true`, and no local binary can be found when an upgrade is triggered, `cosmovisor` will attempt to download and install the binary itself based on the instructions in the `info` attribute in the `data/upgrade-info.json` file. The files is constructed by the x/upgrade module and contains data from the upgrade `Plan` object. The `Plan` has an info field that is expected to have one of the following two valid formats to specify a download: + +1. Store an os/architecture -> binary URI map in the upgrade plan info field as JSON under the `"binaries"` key. For example: + + ```json + { + "binaries": { + "linux/amd64":"https://example.com/gaia.zip?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f" + } + } + ``` + + You can include multiple binaries at once to ensure more than one environment will receive the correct binaries: + + ```json + { + "binaries": { + "linux/amd64":"https://example.com/gaia.zip?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f", + "linux/arm64":"https://example.com/gaia.zip?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f", + "darwin/amd64":"https://example.com/gaia.zip?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f" + } + } + ``` + + When submitting this as a proposal ensure there are no spaces. An example command using `gaiad` could look like: + + ```shell + > gaiad tx upgrade software-upgrade Vega \ + --title Vega \ + --deposit 100uatom \ + --upgrade-height 7368420 \ + --upgrade-info '{"binaries":{"linux/amd64":"https://github.com/cosmos/gaia/releases/download/v6.0.0-rc1/gaiad-v6.0.0-rc1-linux-amd64","linux/arm64":"https://github.com/cosmos/gaia/releases/download/v6.0.0-rc1/gaiad-v6.0.0-rc1-linux-arm64","darwin/amd64":"https://github.com/cosmos/gaia/releases/download/v6.0.0-rc1/gaiad-v6.0.0-rc1-darwin-amd64"}}' \ + --summary "upgrade to Vega" \ + --gas 400000 \ + --from user \ + --chain-id test \ + --home test/val2 \ + --node tcp://localhost:36657 \ + --yes + ``` + +2. Store a link to a file that contains all information in the above format (e.g. if you want to specify lots of binaries, changelog info, etc. without filling up the blockchain). For example: + + ```text + https://example.com/testnet-1001-info.json?checksum=sha256:deaaa99fda9407c4dbe1d04bd49bab0cc3c1dd76fa392cd55a9425be074af01e + ``` + +When `cosmovisor` is triggered to download the new binary, `cosmovisor` will parse the `"binaries"` field, download the new binary with [go-getter](https://github.com/hashicorp/go-getter), and unpack the new binary in the `upgrades/` folder so that it can be run as if it was installed manually. + +Note that for this mechanism to provide strong security guarantees, all URLs should include a SHA 256/512 checksum. This ensures that no false binary is run, even if someone hacks the server or hijacks the DNS. `go-getter` will always ensure the downloaded file matches the checksum if it is provided. `go-getter` will also handle unpacking archives into directories (in this case the download link should point to a `zip` file of all data in the `bin` directory). + +To properly create a sha256 checksum on linux, you can use the `sha256sum` utility. For example: + +```shell +sha256sum ./testdata/repo/zip_directory/autod.zip +``` + +The result will look something like the following: `29139e1381b8177aec909fab9a75d11381cab5adf7d3af0c05ff1c9c117743a7`. + +You can also use `sha512sum` if you would prefer to use longer hashes, or `md5sum` if you would prefer to use broken hashes. Whichever you choose, make sure to set the hash algorithm properly in the checksum argument to the URL. + +### Preparing for an Upgrade + +To prepare for an upgrade, use the `prepare-upgrade` command: + +```shell +cosmovisor prepare-upgrade +``` + +This command performs the following actions: + +1. Retrieves upgrade information directly from the blockchain about the next scheduled upgrade. +2. Downloads the new binary specified in the upgrade plan. +3. Verifies the binary's checksum (if required by configuration). +4. Places the new binary in the appropriate directory for Cosmovisor to use during the upgrade. + +The `prepare-upgrade` command provides detailed logging throughout the process, including: + +* The name and height of the upcoming upgrade +* The URL from which the new binary is being downloaded +* Confirmation of successful download and verification +* The path where the new binary has been placed + +Example output: + +```bash +INFO Preparing for upgrade name=v1.0.0 height=1000000 +INFO Downloading upgrade binary url=https://example.com/binary/v1.0.0?checksum=sha256:339911508de5e20b573ce902c500ee670589073485216bee8b045e853f24bce8 +INFO Upgrade preparation complete name=v1.0.0 height=1000000 +``` + +*Note: The current way of downloading manually and placing the binary at the right place would still work.* + +## Example: SimApp Upgrade + +The following instructions provide a demonstration of `cosmovisor` using the simulation application (`simapp`) shipped with the Cosmos SDK's source code. The following commands are to be run from within the `cosmos-sdk` repository. + +### Chain Setup + +Let's create a new chain using the `v0.47.4` version of simapp (the Cosmos SDK demo app): + +```shell +git checkout v0.47.4 +make build +``` + +Clean `~/.simapp` (never do this in a production environment): + +```shell +./build/simd tendermint unsafe-reset-all +``` + +Set up app config: + +```shell +./build/simd config chain-id test +./build/simd config keyring-backend test +./build/simd config broadcast-mode sync +``` + +Initialize the node and overwrite any previous genesis file (never do this in a production environment): + +```shell +./build/simd init test --chain-id test --overwrite +``` + +For the sake of this demonstration, amend `voting_period` in `genesis.json` to a reduced time of 20 seconds (`20s`): + +```shell +cat <<< $(jq '.app_state.gov.params.voting_period = "20s"' $HOME/.simapp/config/genesis.json) > $HOME/.simapp/config/genesis.json +``` + +Create a validator, and setup genesis transaction: + +```shell +./build/simd keys add validator +./build/simd genesis add-genesis-account validator 1000000000stake --keyring-backend test +./build/simd genesis gentx validator 1000000stake --chain-id test +./build/simd genesis collect-gentxs +``` + +#### Prepare Cosmovisor and Start the Chain + +Set the required environment variables: + +```shell +export DAEMON_NAME=simd +export DAEMON_HOME=$HOME/.simapp +``` + +Set the optional environment variable to trigger an automatic app restart: + +```shell +export DAEMON_RESTART_AFTER_UPGRADE=true +``` + +Initialize cosmovisor with the current binary: + +```shell +cosmovisor init ./build/simd +``` + +Now you can run cosmovisor with simapp v0.47.4: + +```shell +cosmovisor run start +``` + +### Update App + +Update app to the latest version (e.g. v0.50.0). + +:::note + +Migration plans are defined using the `x/upgrade` module and described in [In-Place Store Migrations](https://github.com/cosmos/cosmos-sdk/blob/main/docs/learn/advanced/15-upgrade.md). Migrations can perform any deterministic state change. + +The migration plan to upgrade the simapp from v0.47 to v0.50 is defined in `simapp/upgrade.go`. + +::: + +Build the new version `simd` binary: + +```shell +make build +``` + +Add the new `simd` binary and the upgrade name: + +:::warning + +The migration name must match the one defined in the migration plan. + +::: + +```shell +cosmovisor add-upgrade v047-to-v050 ./build/simd +``` + +Open a new terminal window and submit an upgrade proposal along with a deposit and a vote (these commands must be run within 20 seconds of each other): + +```shell +./build/simd tx upgrade software-upgrade v047-to-v050 --title upgrade --summary upgrade --upgrade-height 200 --upgrade-info "{}" --no-validate --from validator --yes +./build/simd tx gov deposit 1 10000000stake --from validator --yes +./build/simd tx gov vote 1 yes --from validator --yes +``` + +The upgrade will occur automatically at height 200. Note: you may need to change the upgrade height in the snippet above if your test play takes more time. diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/tooling/02-confix.md b/copy-of-sdk-versioned_docs/version-0.53/build/tooling/02-confix.md new file mode 100644 index 00000000..00851ede --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/tooling/02-confix.md @@ -0,0 +1,156 @@ +--- +sidebar_position: 1 +--- + +# Confix + +`Confix` is a configuration management tool that allows you to manage your configuration via CLI. + +It is based on the [CometBFT RFC 019](https://github.com/cometbft/cometbft/blob/5013bc3f4a6d64dcc2bf02ccc002ebc9881c62e4/docs/rfc/rfc-019-config-version.md). + +## Installation + +### Add Config Command + +To add the confix tool, it's required to add the `ConfigCommand` to your application's root command file (e.g. `/cmd/root.go`). + +Import the `confixCmd` package: + +```go +import "cosmossdk.io/tools/confix/cmd" +``` + +Find the following line: + +```go +initRootCmd(rootCmd, moduleManager) +``` + +After that line, add the following: + +```go +rootCmd.AddCommand( + confixcmd.ConfigCommand(), +) +``` + +The `ConfixCommand` function builds the `config` root command and is defined in the `confixCmd` package (`cosmossdk.io/tools/confix/cmd`). +An implementation example can be found in `simapp`. + +The command will be available as `simd config`. + +:::tip +Using confix directly in the application can have less features than using it standalone. +This is because confix is versioned with the SDK, while `latest` is the standalone version. +::: + +### Using Confix Standalone + +To use Confix standalone, without having to add it in your application, install it with the following command: + +```bash +go install cosmossdk.io/tools/confix/cmd/confix@latest +``` + +Alternatively, for building from source, simply run `make confix`. The binary will be located in `tools/confix`. + +## Usage + +Use standalone: + +```shell +confix --help +``` + +Use in simd: + +```shell +simd config fix --help +``` + +### Get + +Get a configuration value, e.g.: + +```shell +simd config get app pruning # gets the value pruning from app.toml +simd config get client chain-id # gets the value chain-id from client.toml +``` + +```shell +confix get ~/.simapp/config/app.toml pruning # gets the value pruning from app.toml +confix get ~/.simapp/config/client.toml chain-id # gets the value chain-id from client.toml +``` + +### Set + +Set a configuration value, e.g.: + +```shell +simd config set app pruning "enabled" # sets the value pruning from app.toml +simd config set client chain-id "foo-1" # sets the value chain-id from client.toml +``` + +```shell +confix set ~/.simapp/config/app.toml pruning "enabled" # sets the value pruning from app.toml +confix set ~/.simapp/config/client.toml chain-id "foo-1" # sets the value chain-id from client.toml +``` + +### Migrate + +Migrate a configuration file to a new version, config type defaults to `app.toml`, if you want to change it to `client.toml`, please indicate it by adding the optional parameter, e.g.: + +```shell +simd config migrate v0.50 # migrates defaultHome/config/app.toml to the latest v0.50 config +simd config migrate v0.50 --client # migrates defaultHome/config/client.toml to the latest v0.50 config +``` + +```shell +confix migrate v0.50 ~/.simapp/config/app.toml # migrate ~/.simapp/config/app.toml to the latest v0.50 config +confix migrate v0.50 ~/.simapp/config/client.toml --client # migrate ~/.simapp/config/client.toml to the latest v0.50 config +``` + +### Diff + +Get the diff between a given configuration file and the default configuration file, e.g.: + +```shell +simd config diff v0.47 # gets the diff between defaultHome/config/app.toml and the latest v0.47 config +simd config diff v0.47 --client # gets the diff between defaultHome/config/client.toml and the latest v0.47 config +``` + +```shell +confix diff v0.47 ~/.simapp/config/app.toml # gets the diff between ~/.simapp/config/app.toml and the latest v0.47 config +confix diff v0.47 ~/.simapp/config/client.toml --client # gets the diff between ~/.simapp/config/client.toml and the latest v0.47 config +``` + +### View + +View a configuration file, e.g: + +```shell +simd config view client # views the current app client config +``` + +```shell +confix view ~/.simapp/config/client.toml # views the current app client conf +``` + +### Maintainer + +At each SDK modification of the default configuration, add the default SDK config under `data/vXX-app.toml`. +This allows users to use the tool standalone. + +### Compatibility + +The recommended standalone version is `latest`, which is using the latest development version of the Confix. + +| SDK Version | Confix Version | +| ----------- | -------------- | +| v0.50 | v0.1.x | +| v0.52 | v0.2.x | +| v2 | v0.2.x | + +## Credits + +This project is based on the [CometBFT RFC 019](https://github.com/cometbft/cometbft/blob/5013bc3f4a6d64dcc2bf02ccc002ebc9881c62e4/docs/rfc/rfc-019-config-version.md) and their never released own implementation of [confix](https://github.com/cometbft/cometbft/blob/v0.36.x/scripts/confix/confix.go). diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/tooling/README.md b/copy-of-sdk-versioned_docs/version-0.53/build/tooling/README.md new file mode 100644 index 00000000..853fd9a2 --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/tooling/README.md @@ -0,0 +1,17 @@ +--- +sidebar_position: 0 +--- + +# Tools + +This section provides documentation on various tooling maintained by the SDK team. +This includes tools for development, operating a node, and ease of use of a Cosmos SDK chain. + +## CLI Tools + +* [Cosmovisor](./01-cosmovisor.md) +* [Confix](./02-confix.md) + +## Other Tools + +* [Protocol Buffers](./00-protobuf.md) diff --git a/copy-of-sdk-versioned_docs/version-0.53/build/tooling/_category_.json b/copy-of-sdk-versioned_docs/version-0.53/build/tooling/_category_.json new file mode 100644 index 00000000..eb57cb8a --- /dev/null +++ b/copy-of-sdk-versioned_docs/version-0.53/build/tooling/_category_.json @@ -0,0 +1,5 @@ +{ + "label": "Tooling", + "position": 5, + "link": null +} \ No newline at end of file From ab533d2ff5ac42f38f3e4a1003e09757afc67ffc Mon Sep 17 00:00:00 2001 From: Cordt Date: Wed, 15 Oct 2025 23:42:53 -0600 Subject: [PATCH 06/26] prep for Neil --- .../build/architecture/bankv2.png | Bin 0 -> 280587 bytes .../building-modules/transaction_flow.svg | 48 + .../advanced/baseapp_state-begin_block.png | Bin 0 -> 20565 bytes .../learn/advanced/baseapp_state-checktx.png | Bin 0 -> 82308 bytes .../learn/advanced/baseapp_state-commit.png | Bin 0 -> 47662 bytes .../advanced/baseapp_state-deliver_tx.png | Bin 0 -> 59007 bytes .../advanced/baseapp_state-initchain.png | Bin 0 -> 243455 bytes .../baseapp_state-prepareproposal.png | Bin 0 -> 274049 bytes .../baseapp_state-processproposal.png | Bin 0 -> 248588 bytes .../learn/advanced/baseapp_state.png | Bin 0 -> 338941 bytes .../learn/advanced/blockprocessing-1.png | Bin 0 -> 453261 bytes .../learn/intro/main-components.png | Bin 0 -> 61439 bytes docs/sdk/next/build/abci/checktx.mdx | 1576 ++ docs/sdk/next/build/abci/introduction.mdx | 55 + docs/sdk/next/build/abci/prepare-proposal.mdx | 666 + docs/sdk/next/build/abci/process-proposal.mdx | 653 + docs/sdk/next/build/abci/vote-extensions.mdx | 128 + docs/sdk/next/build/architecture/PROCESS.mdx | 59 + docs/sdk/next/build/architecture/README.mdx | 96 + .../architecture/adr-002-docs-structure.mdx | 91 + .../adr-003-dynamic-capability-store.mdx | 391 + .../adr-004-split-denomination-keys.mdx | 128 + .../adr-006-secret-store-replacement.mdx | 58 + .../adr-007-specialization-groups.mdx | 197 + .../architecture/adr-008-dCERT-group.mdx | 173 + .../architecture/adr-009-evidence-module.mdx | 217 + .../adr-010-modular-antehandler.mdx | 319 + .../adr-011-generalize-genesis-accounts.mdx | 187 + .../architecture/adr-012-state-accessors.mdx | 218 + .../build/architecture/adr-013-metrics.mdx | 170 + .../adr-014-proportional-slashing.mdx | 89 + ...r-016-validator-consensus-key-rotation.mdx | 131 + .../adr-017-historical-header-module.mdx | 69 + .../adr-018-extendable-voting-period.mdx | 68 + .../adr-019-protobuf-state-encoding.mdx | 400 + .../adr-020-protobuf-transaction-encoding.mdx | 490 + .../adr-021-protobuf-query-encoding.mdx | 273 + .../adr-022-custom-panic-handling.mdx | 264 + .../architecture/adr-023-protobuf-naming.mdx | 265 + .../architecture/adr-024-coin-metadata.mdx | 144 + ...7-deterministic-protobuf-serialization.mdx | 316 + .../adr-028-public-key-addresses.mdx | 357 + .../architecture/adr-029-fee-grant-module.mdx | 160 + .../architecture/adr-030-authz-module.mdx | 286 + .../architecture/adr-031-msg-service.mdx | 216 + .../architecture/adr-032-typed-events.mdx | 350 + .../adr-033-protobuf-inter-module-comm.mdx | 454 + .../architecture/adr-034-account-rekeying.mdx | 78 + .../adr-035-rosetta-api-support.mdx | 226 + .../adr-036-arbitrary-signature.mdx | 134 + .../architecture/adr-037-gov-split-vote.mdx | 113 + .../architecture/adr-038-state-listening.mdx | 857 + .../architecture/adr-039-epoched-staking.mdx | 124 + ...-040-storage-and-smt-state-commitments.mdx | 296 + .../adr-041-in-place-store-migrations.mdx | 182 + .../architecture/adr-042-group-module.mdx | 288 + .../build/architecture/adr-043-nft-module.mdx | 380 + .../adr-044-protobuf-updates-guidelines.mdx | 133 + .../adr-045-check-delivertx-middlewares.mdx | 343 + .../architecture/adr-046-module-params.mdx | 190 + .../adr-047-extend-upgrade-plan.mdx | 261 + .../architecture/adr-048-consensus-fees.mdx | 206 + .../architecture/adr-049-state-sync-hooks.mdx | 196 + .../adr-050-sign-mode-textual-annex1.mdx | 363 + .../adr-050-sign-mode-textual-annex2.mdx | 124 + .../adr-050-sign-mode-textual.mdx | 374 + .../adr-053-go-module-refactoring.mdx | 112 + .../adr-054-semver-compatible-modules.mdx | 798 + .../next/build/architecture/adr-055-orm.mdx | 115 + .../build/architecture/adr-057-app-wiring.mdx | 386 + .../adr-058-auto-generated-cli.mdx | 100 + .../architecture/adr-059-test-scopes.mdx | 258 + .../build/architecture/adr-060-abci-1.0.mdx | 257 + .../architecture/adr-061-liquid-staking.mdx | 81 + .../adr-062-collections-state-layer.mdx | 118 + .../architecture/adr-063-core-module-api.mdx | 614 + .../build/architecture/adr-064-abci-2.0.mdx | 504 + .../build/architecture/adr-065-store-v2.mdx | 292 + .../build/architecture/adr-068-preblock.mdx | 64 + .../adr-070-unordered-account.mdx | 350 + .../architecture/adr-076-tx-malleability.mdx | 172 + .../next/build/architecture/adr-template.mdx | 82 + docs/sdk/next/build/build.mdx | 10 + .../next/build/building-apps/app-go-di.mdx | 3320 ++++ docs/sdk/next/build/building-apps/app-go.mdx | 939 + .../next/build/building-apps/app-mempool.mdx | 94 + .../next/build/building-apps/app-testnet.mdx | 256 + .../next/build/building-apps/app-upgrade.mdx | 218 + docs/sdk/next/build/building-apps/runtime.mdx | 1876 ++ .../build/building-apps/vote-extensions.mdx | 185 + .../building-modules/beginblock-endblock.mdx | 112 + .../next/build/building-modules/depinject.mdx | 3494 ++++ .../next/build/building-modules/errors.mdx | 701 + .../next/build/building-modules/genesis.mdx | 766 + .../sdk/next/build/building-modules/intro.mdx | 303 + .../build/building-modules/invariants.mdx | 528 + .../next/build/building-modules/keeper.mdx | 370 + .../building-modules/messages-and-queries.mdx | 1605 ++ .../building-modules/module-interfaces.mdx | 1080 + .../build/building-modules/module-manager.mdx | 16221 ++++++++++++++++ .../build/building-modules/msg-services.mdx | 3598 ++++ .../next/build/building-modules/preblock.mdx | 31 + .../building-modules/protobuf-annotations.mdx | 131 + .../build/building-modules/query-services.mdx | 390 + .../next/build/building-modules/simulator.mdx | 4062 ++++ .../next/build/building-modules/structure.mdx | 93 + .../next/build/building-modules/testing.mdx | 2921 +++ .../next/build/building-modules/upgrade.mdx | 124 + docs/sdk/next/build/migrations/intro.mdx | 12 + .../next/build/migrations/upgrade-guide.mdx | 518 + .../build/migrations/upgrade-reference.mdx | 30 + docs/sdk/next/build/migrations/upgrading.mdx | 532 + docs/sdk/next/build/modules/README.mdx | 63 + docs/sdk/next/build/modules/auth/README.mdx | 737 + docs/sdk/next/build/modules/auth/tx.mdx | 271 + docs/sdk/next/build/modules/auth/vesting.mdx | 678 + docs/sdk/next/build/modules/authz/README.mdx | 1340 ++ docs/sdk/next/build/modules/bank/README.mdx | 1136 ++ .../sdk/next/build/modules/circuit/README.mdx | 592 + .../next/build/modules/consensus/README.mdx | 5 + docs/sdk/next/build/modules/crisis/README.mdx | 112 + .../build/modules/distribution/README.mdx | 1148 ++ docs/sdk/next/build/modules/epochs/README.mdx | 178 + .../next/build/modules/evidence/README.mdx | 460 + .../next/build/modules/feegrant/README.mdx | 3654 ++++ .../sdk/next/build/modules/genutil/README.mdx | 1250 ++ docs/sdk/next/build/modules/gov/README.mdx | 2816 +++ docs/sdk/next/build/modules/group/README.mdx | 2168 +++ docs/sdk/next/build/modules/mint/README.mdx | 470 + docs/sdk/next/build/modules/nft/README.mdx | 92 + docs/sdk/next/build/modules/params/README.mdx | 81 + .../build/modules/protocolpool/README.mdx | 656 + .../next/build/modules/slashing/README.mdx | 813 + .../sdk/next/build/modules/staking/README.mdx | 3461 ++++ .../sdk/next/build/modules/upgrade/README.mdx | 608 + docs/sdk/next/build/packages/README.mdx | 39 + docs/sdk/next/build/packages/collections.mdx | 1373 ++ docs/sdk/next/build/packages/depinject.mdx | 677 + docs/sdk/next/build/rfc/PROCESS.mdx | 63 + docs/sdk/next/build/rfc/README.mdx | 39 + .../next/build/rfc/rfc-001-tx-validation.mdx | 27 + docs/sdk/next/build/rfc/rfc-template.mdx | 77 + docs/sdk/next/build/rfc/rfc/PROCESS.mdx | 63 + docs/sdk/next/build/rfc/rfc/README.mdx | 39 + .../build/rfc/rfc/rfc-001-tx-validation.mdx | 27 + docs/sdk/next/build/rfc/rfc/rfc-template.mdx | 77 + docs/sdk/next/build/spec/README.mdx | 25 + docs/sdk/next/build/spec/SPEC_MODULE.mdx | 64 + docs/sdk/next/build/spec/SPEC_STANDARD.mdx | 127 + docs/sdk/next/build/spec/_ics/README.mdx | 5 + .../spec/_ics/ics-030-signed-messages.mdx | 193 + docs/sdk/next/build/spec/addresses/README.mdx | 4 + docs/sdk/next/build/spec/addresses/bech32.mdx | 22 + docs/sdk/next/build/spec/store/README.mdx | 241 + .../build/spec/store/interblock-cache.mdx | 313 + docs/sdk/next/build/tooling/README.mdx | 18 + docs/sdk/next/build/tooling/confix.mdx | 156 + docs/sdk/next/build/tooling/cosmovisor.mdx | 408 + docs/sdk/next/build/tooling/hubl.mdx | 70 + docs/sdk/next/build/tooling/protobuf.mdx | 807 + docs/sdk/next/coming-soon.mdx | 3 - docs/sdk/next/learn/advanced/autocli.mdx | 725 + docs/sdk/next/learn/advanced/baseapp.mdx | 11308 +++++++++++ docs/sdk/next/learn/advanced/cli.mdx | 230 + docs/sdk/next/learn/advanced/config.mdx | 25 + docs/sdk/next/learn/advanced/context.mdx | 821 + docs/sdk/next/learn/advanced/encoding.mdx | 1976 ++ docs/sdk/next/learn/advanced/events.mdx | 2335 +++ docs/sdk/next/learn/advanced/grpc_rest.mdx | 210 + docs/sdk/next/learn/advanced/node.mdx | 4192 ++++ docs/sdk/next/learn/advanced/ocap.mdx | 1097 ++ docs/sdk/next/learn/advanced/proto-docs.mdx | 5 + .../next/learn/advanced/runtx_middleware.mdx | 178 + docs/sdk/next/learn/advanced/simulation.mdx | 94 + docs/sdk/next/learn/advanced/store.mdx | 11855 +++++++++++ docs/sdk/next/learn/advanced/telemetry.mdx | 126 + docs/sdk/next/learn/advanced/transactions.mdx | 1335 ++ docs/sdk/next/learn/advanced/upgrade.mdx | 163 + docs/sdk/next/learn/beginner/accounts.mdx | 3573 ++++ docs/sdk/next/learn/beginner/app-anatomy.mdx | 4484 +++++ docs/sdk/next/learn/beginner/gas-fees.mdx | 623 + .../next/learn/beginner/query-lifecycle.mdx | 1592 ++ docs/sdk/next/learn/beginner/tx-lifecycle.mdx | 283 + docs/sdk/next/learn/intro/overview.mdx | 40 + .../next/learn/intro/sdk-app-architecture.mdx | 91 + docs/sdk/next/learn/intro/sdk-design.mdx | 1070 + .../sdk/next/learn/intro/why-app-specific.mdx | 81 + docs/sdk/next/learn/learn.mdx | 9 + .../transactions/building-a-transaction.mdx | 192 + docs/sdk/next/tutorials/tutorials.mdx | 10 + .../demo-of-mitigating-front-running.mdx | 108 + .../auction-frontrunning/getting-started.mdx | 44 + ...ing-front-running-with-vote-extensions.mdx | 379 + ...ting-front-running-with-vote-extesions.mdx | 379 + .../understanding-frontrunning.mdx | 47 + .../oracle/getting-started.mdx | 38 + .../oracle/implementing-vote-extensions.mdx | 253 + .../vote-extensions/oracle/testing-oracle.mdx | 63 + .../oracle/what-is-an-oracle.mdx | 14 + docs/sdk/next/user/run-node/interact-node.mdx | 298 + docs/sdk/next/user/run-node/keyring.mdx | 143 + docs/sdk/next/user/run-node/rosetta.mdx | 154 + docs/sdk/next/user/run-node/run-node.mdx | 217 + .../sdk/next/user/run-node/run-production.mdx | 267 + docs/sdk/next/user/run-node/run-testnet.mdx | 97 + docs/sdk/next/user/run-node/txs.mdx | 553 + docs/sdk/next/user/user.mdx | 12 + 207 files changed, 142985 insertions(+), 3 deletions(-) create mode 100644 assets/images-for-sdk-next/build/architecture/bankv2.png create mode 100644 assets/images-for-sdk-next/build/building-modules/transaction_flow.svg create mode 100644 assets/images-for-sdk-next/learn/advanced/baseapp_state-begin_block.png create mode 100644 assets/images-for-sdk-next/learn/advanced/baseapp_state-checktx.png create mode 100644 assets/images-for-sdk-next/learn/advanced/baseapp_state-commit.png create mode 100644 assets/images-for-sdk-next/learn/advanced/baseapp_state-deliver_tx.png create mode 100644 assets/images-for-sdk-next/learn/advanced/baseapp_state-initchain.png create mode 100644 assets/images-for-sdk-next/learn/advanced/baseapp_state-prepareproposal.png create mode 100644 assets/images-for-sdk-next/learn/advanced/baseapp_state-processproposal.png create mode 100644 assets/images-for-sdk-next/learn/advanced/baseapp_state.png create mode 100644 assets/images-for-sdk-next/learn/advanced/blockprocessing-1.png create mode 100644 assets/images-for-sdk-next/learn/intro/main-components.png create mode 100644 docs/sdk/next/build/abci/checktx.mdx create mode 100644 docs/sdk/next/build/abci/introduction.mdx create mode 100644 docs/sdk/next/build/abci/prepare-proposal.mdx create mode 100644 docs/sdk/next/build/abci/process-proposal.mdx create mode 100644 docs/sdk/next/build/abci/vote-extensions.mdx create mode 100644 docs/sdk/next/build/architecture/PROCESS.mdx create mode 100644 docs/sdk/next/build/architecture/README.mdx create mode 100644 docs/sdk/next/build/architecture/adr-002-docs-structure.mdx create mode 100644 docs/sdk/next/build/architecture/adr-003-dynamic-capability-store.mdx create mode 100644 docs/sdk/next/build/architecture/adr-004-split-denomination-keys.mdx create mode 100644 docs/sdk/next/build/architecture/adr-006-secret-store-replacement.mdx create mode 100644 docs/sdk/next/build/architecture/adr-007-specialization-groups.mdx create mode 100644 docs/sdk/next/build/architecture/adr-008-dCERT-group.mdx create mode 100644 docs/sdk/next/build/architecture/adr-009-evidence-module.mdx create mode 100644 docs/sdk/next/build/architecture/adr-010-modular-antehandler.mdx create mode 100644 docs/sdk/next/build/architecture/adr-011-generalize-genesis-accounts.mdx create mode 100644 docs/sdk/next/build/architecture/adr-012-state-accessors.mdx create mode 100644 docs/sdk/next/build/architecture/adr-013-metrics.mdx create mode 100644 docs/sdk/next/build/architecture/adr-014-proportional-slashing.mdx create mode 100644 docs/sdk/next/build/architecture/adr-016-validator-consensus-key-rotation.mdx create mode 100644 docs/sdk/next/build/architecture/adr-017-historical-header-module.mdx create mode 100644 docs/sdk/next/build/architecture/adr-018-extendable-voting-period.mdx create mode 100644 docs/sdk/next/build/architecture/adr-019-protobuf-state-encoding.mdx create mode 100644 docs/sdk/next/build/architecture/adr-020-protobuf-transaction-encoding.mdx create mode 100644 docs/sdk/next/build/architecture/adr-021-protobuf-query-encoding.mdx create mode 100644 docs/sdk/next/build/architecture/adr-022-custom-panic-handling.mdx create mode 100644 docs/sdk/next/build/architecture/adr-023-protobuf-naming.mdx create mode 100644 docs/sdk/next/build/architecture/adr-024-coin-metadata.mdx create mode 100644 docs/sdk/next/build/architecture/adr-027-deterministic-protobuf-serialization.mdx create mode 100644 docs/sdk/next/build/architecture/adr-028-public-key-addresses.mdx create mode 100644 docs/sdk/next/build/architecture/adr-029-fee-grant-module.mdx create mode 100644 docs/sdk/next/build/architecture/adr-030-authz-module.mdx create mode 100644 docs/sdk/next/build/architecture/adr-031-msg-service.mdx create mode 100644 docs/sdk/next/build/architecture/adr-032-typed-events.mdx create mode 100644 docs/sdk/next/build/architecture/adr-033-protobuf-inter-module-comm.mdx create mode 100644 docs/sdk/next/build/architecture/adr-034-account-rekeying.mdx create mode 100644 docs/sdk/next/build/architecture/adr-035-rosetta-api-support.mdx create mode 100644 docs/sdk/next/build/architecture/adr-036-arbitrary-signature.mdx create mode 100644 docs/sdk/next/build/architecture/adr-037-gov-split-vote.mdx create mode 100644 docs/sdk/next/build/architecture/adr-038-state-listening.mdx create mode 100644 docs/sdk/next/build/architecture/adr-039-epoched-staking.mdx create mode 100644 docs/sdk/next/build/architecture/adr-040-storage-and-smt-state-commitments.mdx create mode 100644 docs/sdk/next/build/architecture/adr-041-in-place-store-migrations.mdx create mode 100644 docs/sdk/next/build/architecture/adr-042-group-module.mdx create mode 100644 docs/sdk/next/build/architecture/adr-043-nft-module.mdx create mode 100644 docs/sdk/next/build/architecture/adr-044-protobuf-updates-guidelines.mdx create mode 100644 docs/sdk/next/build/architecture/adr-045-check-delivertx-middlewares.mdx create mode 100644 docs/sdk/next/build/architecture/adr-046-module-params.mdx create mode 100644 docs/sdk/next/build/architecture/adr-047-extend-upgrade-plan.mdx create mode 100644 docs/sdk/next/build/architecture/adr-048-consensus-fees.mdx create mode 100644 docs/sdk/next/build/architecture/adr-049-state-sync-hooks.mdx create mode 100644 docs/sdk/next/build/architecture/adr-050-sign-mode-textual-annex1.mdx create mode 100644 docs/sdk/next/build/architecture/adr-050-sign-mode-textual-annex2.mdx create mode 100644 docs/sdk/next/build/architecture/adr-050-sign-mode-textual.mdx create mode 100644 docs/sdk/next/build/architecture/adr-053-go-module-refactoring.mdx create mode 100644 docs/sdk/next/build/architecture/adr-054-semver-compatible-modules.mdx create mode 100644 docs/sdk/next/build/architecture/adr-055-orm.mdx create mode 100644 docs/sdk/next/build/architecture/adr-057-app-wiring.mdx create mode 100644 docs/sdk/next/build/architecture/adr-058-auto-generated-cli.mdx create mode 100644 docs/sdk/next/build/architecture/adr-059-test-scopes.mdx create mode 100644 docs/sdk/next/build/architecture/adr-060-abci-1.0.mdx create mode 100644 docs/sdk/next/build/architecture/adr-061-liquid-staking.mdx create mode 100644 docs/sdk/next/build/architecture/adr-062-collections-state-layer.mdx create mode 100644 docs/sdk/next/build/architecture/adr-063-core-module-api.mdx create mode 100644 docs/sdk/next/build/architecture/adr-064-abci-2.0.mdx create mode 100644 docs/sdk/next/build/architecture/adr-065-store-v2.mdx create mode 100644 docs/sdk/next/build/architecture/adr-068-preblock.mdx create mode 100644 docs/sdk/next/build/architecture/adr-070-unordered-account.mdx create mode 100644 docs/sdk/next/build/architecture/adr-076-tx-malleability.mdx create mode 100644 docs/sdk/next/build/architecture/adr-template.mdx create mode 100644 docs/sdk/next/build/build.mdx create mode 100644 docs/sdk/next/build/building-apps/app-go-di.mdx create mode 100644 docs/sdk/next/build/building-apps/app-go.mdx create mode 100644 docs/sdk/next/build/building-apps/app-mempool.mdx create mode 100644 docs/sdk/next/build/building-apps/app-testnet.mdx create mode 100644 docs/sdk/next/build/building-apps/app-upgrade.mdx create mode 100644 docs/sdk/next/build/building-apps/runtime.mdx create mode 100644 docs/sdk/next/build/building-apps/vote-extensions.mdx create mode 100644 docs/sdk/next/build/building-modules/beginblock-endblock.mdx create mode 100644 docs/sdk/next/build/building-modules/depinject.mdx create mode 100644 docs/sdk/next/build/building-modules/errors.mdx create mode 100644 docs/sdk/next/build/building-modules/genesis.mdx create mode 100644 docs/sdk/next/build/building-modules/intro.mdx create mode 100644 docs/sdk/next/build/building-modules/invariants.mdx create mode 100644 docs/sdk/next/build/building-modules/keeper.mdx create mode 100644 docs/sdk/next/build/building-modules/messages-and-queries.mdx create mode 100644 docs/sdk/next/build/building-modules/module-interfaces.mdx create mode 100644 docs/sdk/next/build/building-modules/module-manager.mdx create mode 100644 docs/sdk/next/build/building-modules/msg-services.mdx create mode 100644 docs/sdk/next/build/building-modules/preblock.mdx create mode 100644 docs/sdk/next/build/building-modules/protobuf-annotations.mdx create mode 100644 docs/sdk/next/build/building-modules/query-services.mdx create mode 100644 docs/sdk/next/build/building-modules/simulator.mdx create mode 100644 docs/sdk/next/build/building-modules/structure.mdx create mode 100644 docs/sdk/next/build/building-modules/testing.mdx create mode 100644 docs/sdk/next/build/building-modules/upgrade.mdx create mode 100644 docs/sdk/next/build/migrations/intro.mdx create mode 100644 docs/sdk/next/build/migrations/upgrade-guide.mdx create mode 100644 docs/sdk/next/build/migrations/upgrade-reference.mdx create mode 100644 docs/sdk/next/build/migrations/upgrading.mdx create mode 100644 docs/sdk/next/build/modules/README.mdx create mode 100644 docs/sdk/next/build/modules/auth/README.mdx create mode 100644 docs/sdk/next/build/modules/auth/tx.mdx create mode 100644 docs/sdk/next/build/modules/auth/vesting.mdx create mode 100644 docs/sdk/next/build/modules/authz/README.mdx create mode 100644 docs/sdk/next/build/modules/bank/README.mdx create mode 100644 docs/sdk/next/build/modules/circuit/README.mdx create mode 100644 docs/sdk/next/build/modules/consensus/README.mdx create mode 100644 docs/sdk/next/build/modules/crisis/README.mdx create mode 100644 docs/sdk/next/build/modules/distribution/README.mdx create mode 100644 docs/sdk/next/build/modules/epochs/README.mdx create mode 100644 docs/sdk/next/build/modules/evidence/README.mdx create mode 100644 docs/sdk/next/build/modules/feegrant/README.mdx create mode 100644 docs/sdk/next/build/modules/genutil/README.mdx create mode 100644 docs/sdk/next/build/modules/gov/README.mdx create mode 100644 docs/sdk/next/build/modules/group/README.mdx create mode 100644 docs/sdk/next/build/modules/mint/README.mdx create mode 100644 docs/sdk/next/build/modules/nft/README.mdx create mode 100644 docs/sdk/next/build/modules/params/README.mdx create mode 100644 docs/sdk/next/build/modules/protocolpool/README.mdx create mode 100644 docs/sdk/next/build/modules/slashing/README.mdx create mode 100644 docs/sdk/next/build/modules/staking/README.mdx create mode 100644 docs/sdk/next/build/modules/upgrade/README.mdx create mode 100644 docs/sdk/next/build/packages/README.mdx create mode 100644 docs/sdk/next/build/packages/collections.mdx create mode 100644 docs/sdk/next/build/packages/depinject.mdx create mode 100644 docs/sdk/next/build/rfc/PROCESS.mdx create mode 100644 docs/sdk/next/build/rfc/README.mdx create mode 100644 docs/sdk/next/build/rfc/rfc-001-tx-validation.mdx create mode 100644 docs/sdk/next/build/rfc/rfc-template.mdx create mode 100644 docs/sdk/next/build/rfc/rfc/PROCESS.mdx create mode 100644 docs/sdk/next/build/rfc/rfc/README.mdx create mode 100644 docs/sdk/next/build/rfc/rfc/rfc-001-tx-validation.mdx create mode 100644 docs/sdk/next/build/rfc/rfc/rfc-template.mdx create mode 100644 docs/sdk/next/build/spec/README.mdx create mode 100644 docs/sdk/next/build/spec/SPEC_MODULE.mdx create mode 100644 docs/sdk/next/build/spec/SPEC_STANDARD.mdx create mode 100644 docs/sdk/next/build/spec/_ics/README.mdx create mode 100644 docs/sdk/next/build/spec/_ics/ics-030-signed-messages.mdx create mode 100644 docs/sdk/next/build/spec/addresses/README.mdx create mode 100644 docs/sdk/next/build/spec/addresses/bech32.mdx create mode 100644 docs/sdk/next/build/spec/store/README.mdx create mode 100644 docs/sdk/next/build/spec/store/interblock-cache.mdx create mode 100644 docs/sdk/next/build/tooling/README.mdx create mode 100644 docs/sdk/next/build/tooling/confix.mdx create mode 100644 docs/sdk/next/build/tooling/cosmovisor.mdx create mode 100644 docs/sdk/next/build/tooling/hubl.mdx create mode 100644 docs/sdk/next/build/tooling/protobuf.mdx delete mode 100644 docs/sdk/next/coming-soon.mdx create mode 100644 docs/sdk/next/learn/advanced/autocli.mdx create mode 100644 docs/sdk/next/learn/advanced/baseapp.mdx create mode 100644 docs/sdk/next/learn/advanced/cli.mdx create mode 100644 docs/sdk/next/learn/advanced/config.mdx create mode 100644 docs/sdk/next/learn/advanced/context.mdx create mode 100644 docs/sdk/next/learn/advanced/encoding.mdx create mode 100644 docs/sdk/next/learn/advanced/events.mdx create mode 100644 docs/sdk/next/learn/advanced/grpc_rest.mdx create mode 100644 docs/sdk/next/learn/advanced/node.mdx create mode 100644 docs/sdk/next/learn/advanced/ocap.mdx create mode 100644 docs/sdk/next/learn/advanced/proto-docs.mdx create mode 100644 docs/sdk/next/learn/advanced/runtx_middleware.mdx create mode 100644 docs/sdk/next/learn/advanced/simulation.mdx create mode 100644 docs/sdk/next/learn/advanced/store.mdx create mode 100644 docs/sdk/next/learn/advanced/telemetry.mdx create mode 100644 docs/sdk/next/learn/advanced/transactions.mdx create mode 100644 docs/sdk/next/learn/advanced/upgrade.mdx create mode 100644 docs/sdk/next/learn/beginner/accounts.mdx create mode 100644 docs/sdk/next/learn/beginner/app-anatomy.mdx create mode 100644 docs/sdk/next/learn/beginner/gas-fees.mdx create mode 100644 docs/sdk/next/learn/beginner/query-lifecycle.mdx create mode 100644 docs/sdk/next/learn/beginner/tx-lifecycle.mdx create mode 100644 docs/sdk/next/learn/intro/overview.mdx create mode 100644 docs/sdk/next/learn/intro/sdk-app-architecture.mdx create mode 100644 docs/sdk/next/learn/intro/sdk-design.mdx create mode 100644 docs/sdk/next/learn/intro/why-app-specific.mdx create mode 100644 docs/sdk/next/learn/learn.mdx create mode 100644 docs/sdk/next/tutorials/transactions/building-a-transaction.mdx create mode 100644 docs/sdk/next/tutorials/tutorials.mdx create mode 100644 docs/sdk/next/tutorials/vote-extensions/auction-frontrunning/demo-of-mitigating-front-running.mdx create mode 100644 docs/sdk/next/tutorials/vote-extensions/auction-frontrunning/getting-started.mdx create mode 100644 docs/sdk/next/tutorials/vote-extensions/auction-frontrunning/mitigating-front-running-with-vote-extensions.mdx create mode 100644 docs/sdk/next/tutorials/vote-extensions/auction-frontrunning/mitigating-front-running-with-vote-extesions.mdx create mode 100644 docs/sdk/next/tutorials/vote-extensions/auction-frontrunning/understanding-frontrunning.mdx create mode 100644 docs/sdk/next/tutorials/vote-extensions/oracle/getting-started.mdx create mode 100644 docs/sdk/next/tutorials/vote-extensions/oracle/implementing-vote-extensions.mdx create mode 100644 docs/sdk/next/tutorials/vote-extensions/oracle/testing-oracle.mdx create mode 100644 docs/sdk/next/tutorials/vote-extensions/oracle/what-is-an-oracle.mdx create mode 100644 docs/sdk/next/user/run-node/interact-node.mdx create mode 100644 docs/sdk/next/user/run-node/keyring.mdx create mode 100644 docs/sdk/next/user/run-node/rosetta.mdx create mode 100644 docs/sdk/next/user/run-node/run-node.mdx create mode 100644 docs/sdk/next/user/run-node/run-production.mdx create mode 100644 docs/sdk/next/user/run-node/run-testnet.mdx create mode 100644 docs/sdk/next/user/run-node/txs.mdx create mode 100644 docs/sdk/next/user/user.mdx diff --git a/assets/images-for-sdk-next/build/architecture/bankv2.png b/assets/images-for-sdk-next/build/architecture/bankv2.png new file mode 100644 index 0000000000000000000000000000000000000000..4123dbf5ed5d4fcecbc14813af0582890f53fdb8 GIT binary patch literal 280587 zcmeFZg;!MX*ET-tM=?NDM5I*&1Ox~7U>-0BOOXecS%b(qf*k+-O>z5 z4$KhmK0fcep6B}~{C?}1wPuNjGjq;;-+N#Cx~_d6{1oM-NX}E8N1;$8(oZFnQ7BUQ z@$B;1Gw{z{@goiR=Y+ko)MHeBC(RNHbps_W@krGrZgt!>PTk~C>i*A*40mpw z_4mJ(ayI`?bh>)tEwRrr5hE#BQ}xd#u{r|<+{GdD>fSn2KTz-P-1%}NDdk3C>S`PD z$~WTn_QS*Xi9b6$Nr~^Zb^P%Vr4yx#TZyxe#|7Sh)md3E=xD-t#ZLn6;(xvOYP=JaZX^Oxb_G-Vp!q4gL3Qpiuvxn4wUe$au*pbBN_uLXMA1Bb{rXl6 zPm4d3+;a656iVQgs=5uDzTDCB7AxCIH5F>=Vb7QDU1z%>s(xq2hjLlDfp^%)k32p; z?Q`ZueS3S0&62S7XtpVV^ttnx?J3l&qJBbwek}vflHKOBukJ~ z^G+$#Y@8vQ6<@hObL5qbaH161V5Ap??+RBrbp-47uA)${KC-d+MTuc(0}WFR@+UfAhY}n*{k3w|~Gm4EWbQ z4*{lXo$}S6Em`XpNk`{Uy;Bhpk~RCLu2vJelM!&U?`vv&!xTD${_hljp>J&TixRE< zJHb~_Q_o*5CTrP^*$I9!i4!wUQ_H!+W%NYydh|(D-v@@^pTTq@cgY&R*B|l$h-rBp z?Q#tVQ4cyZDq{Y5WB#km$}dW&^g)@890nsD<~!d}oZCZ$T8-G;^p%UfqNM)W3q9L( zIWsPlx+A9FS`UR%oK(*r6CJt}pPTDjQ+SEh(iyU)zcZ#{cfhPFwRfAmOwdwFjEjd$1I z8~mQoWXx}VrMtX#YeF2FJO{3^@jve&!f{Qcgb9o5Rqj5>{i^3$3&y z!#^{vx3vW<4s!Cp_Q*er`u4~W=3X{BlYG>27hlb4zRPW&)t=08 z7{v)Yjn!Sb_mR@y|H{VhXjT`I^{A;NVRyK@#9ZX+X%x?$(K2hasAgRax5-W~Lr8mY zYB2YOngp+m4vNw>}Vs zjeg8-Bmbb1rbo-zXLbhL!qn$1dv4G8G88e0O%eo9Nv08zQn{K+l$Hax(S4q)g@WB# zVeX_~Y}3;(hcQJ+HOjmG3)3txbM_H@%RHQXS5N!0@`an_V6?(cqANl02L|;p?`KDlz`>u@@UQD*mE_WI#gn|+ zVYYzh|p2seCC#tJs%L1j+1Q zui&m~Eh6BKYG7SI&UeZk8Do-ew6&3-k_LFKs}Ado%!%nY+}?y?8*=q8x{Z2OW|>M z8G&DwlV>0`UdZx!NT8z5m>uFJ!oxjE#^I)ueeg;|sO2Y*9&P4kGcsPL=8LjBk9y;6 zIb7757Qu7=d{L^_{Urlbk`0Zk@n!>q%;)P{|Gj|T_W0^*-%w_~qj{`JxOPVTnjpy-`e8aO_XAJ46n?@#Lm$_5Tl{->(2J} z46k1=7hXqACH?lKG4_@)bpJUoE?m$KiL3$V(s61k&p`6s{Ny`SG?$9iOZ)&qaC4LL z(pgk5%6dGe2Fpl+c^@wzVnSM1<|M zsXFln|Et7&bL*j&mI(PtUaP@G6Wk~YMME6ea^}QyswC@CQMb2)X)U{qlP6Hi%IfM8 zvrY8Y)URO4#YrT_B;YUlZ&&ZYI)B(K{}`*Urrn{8)NeIi{% zJgQk@ZC(|C@&c;|aSN0o??3%7;rX8=iyb|v zIg0fle!uWupy&*+_1X$B$Bo-}rFPd6xOkoNmU=Urg821g`v%Ia3D>!ejUyIv^=rBF zD`sZGcNY?3ufvyS6^lSg(ddCr3>lBkES zuCBUvjgo~<)^@FRFe?1ss#$M{_*i`P8eXmD&*K+z;pJT%HGk|kYS#}P5Ok`wZ zwx7wy?J3s~)?y324y!~G!V)JRxa};HEyQgVUcWaL_p_~SGShNB`|BSuJKVVQ>TZ-2 zJ$v9T_JYN4x9X7!J8_Tc3ltJ??U6&mmS?_9;=yloB`vK=g@yUwza?yJYY<9d`ZW_1lR~>$@4cz_AGl0fEiYfT`+1Xn=G_HR zvPgaW+{^A16A_JbD3o!LzrX)bP33JqTMj>7OZCQFt@Wm%LWWznX7*;?n@uA1Xfxxu zlM-_NK~eehPeeuW9Z(l~=1$lB^M+J)Ww0RNMZI^!pJ@e2>6VOIq4G3i71@LbH<=U? zE8Eo8~ zlbNl>O$-+ve-zhlXcjxl+G{uC2zvJ}ct?|kCaNirGNH_KysDJTZbrs#t&*b8PExTN zE_FRK-pSN6@`S32lP3jG)e`H`vg`b7`>Z(3cFz|WT-rr8Bop4eA8iVvo)J6V*U+`^ zSeS(%&Rc&C$4~XONB7Q}i4knZoJPAm)<{u(z6*)y{8rBZ3Qm8B_kkC@J7#@f%x0Ez zh?-|Z#7YLIC-ovCA{xKG5T9W)*q42-&UgByQxK=hJ%e?iC+2%g&Ns>mmqT%8% zbTjWDxLjU)6GLUzI-ZgL5CvA+A5(8FbY;Ch_Ps2=@|Eg~9=*rcdp0#2BNZ$8I?L5p zpL2rUq{ya^KAh9UcmeoJu6?m=PY-4&#D=i{c)|bOxxEge_F5F` zN++kUqNb+Qb#ljQ@aQ54gLX)=7d(C2N!IlNJt4YzCr>R26@EpME&D*1|2k(ZZ;RJ1A}Sd5e` z(S@+EYLkf(hMf(kf4EkQp)yklG{dY@;9lQq0;XR_A&XXms)jJ*U)=yf-f*B!)@cx;!^G z3hsh6i&(5$^!bJ@>t3molDIO-Wn zNEn+fNURK4D~}Wx6)h)IA=Ce5gcQBkCO}vXQCk@TEE@Xy!ZTO9^uc@w!L|m!yyvpj z(ZbTKrmEVojz-HIOdgBS2?`4G>T$z@ya*OZu^e-rB5;z-3sS;J92Zi7au>f;|>-+|-_1xSXm)myn zMkA-b8rBQ56;I#nT(>n_o4+t($r*6^!aP%HyhBeGg6Qjx2JS^R<0E_BA$4>zksR{X zV#310XGp5`#QomcI0u+hzO%xg1NF=6o+tPUe$W2vo2N`ewZ z+#4Gy(4scg*n*AG$s@rS-ZmLQr;QoOjUN|2n7e^VebH1)OAF%pfspgsl|w=zxxq0W zH5PZMu0Vj4Nk`1S8z5(~zmJe~5U z0xw7Li0MfcdCE(;ah&nkt9s5H@}nT%#b49EDrWo(8tX~L$S8FGER{5ehgon zmfK)O2k8nu9cT3>1u?h@;X=2a*286IvmEt2-{||9gPLfPM_yiAV74%%ppT1ZWDM|b zW56f=4(6h8uKmbtB!?bN`J|UUt;RW`U@jx?%#wI7{I~GNyl2n&(sQp8qZ}ns*WXY@ z+I)Lnpzk>oc)wH5Jn`NOs}ag~h)4e>#(p^~vssRRJjQAA=O=|hJ6;r+uy@2Tu44|p zd0-+kXRPWJ8frmyWYJ}xL|rsqdZ$tA7JrpF?$zrOt6|nG&;D$3q)eNa7RvoCB`0&*E2XgXxd=20z8d#ulLgD`NUHT%iatvz{rh)AgoYOb zwyq_Nc>pHq+gq!)&+HqUZJcQ(iLZXNz?i5r6GiWtOd>@osb~Z@;lADgRqiib%w&ok z>gl@9@!t}5Kla&Abe>>_s#(o$ebxoPokgHMPb=`}AiOMw7!^Xz&tzV0fVt1W$%$#g z+dkdgif!)TpSKxu!czcTT>9Ck#!`H(Y>5IrPY1J-C}bZhso}m7huWI<-!jmAu8u*#1x2oQVW`d5el|DE>h}ga@TPOP63Z zWk$Hd26eZ_uM7N{<#o&JRiM8P!Cl_7=Kklq`!3tnk@EF7Kf7!b`gV~CS?*`URd$iG z>s1NN9TjC@_(|kap9IZh#M%ToVTICG**G}-fk2eeWxs0=e|mf71I2lj5hCKDx*}J? z?rC%8e)hXo*U6MnubxByD5(hy@hfCZfpX?zvw?4gkK)!&w*&W_>ELG`G&M&C`B1`P z>9y*}uH#BB((Y27ye#D)W3E$O_Jxl11nQz{s+3q{k5d!n!rGqw`b4G#fKu2l^A*4A zf}2a)1$lgOP!vo%;}UwjX8f3&r@luHw(=5@);(~;i87|wR=9L{d5TfjpI@edzG^o6N0M_ zx-X`GEsmC>PIIMj4(l7uMQ|sQDSH( z1fX;EbZB(SKVvIQVOqOWn+re1t|WTGguQvMR~3ECa0}SNZuL65PFX{W)5Yj>l_RtCtCubl57^{XdczamBN>G6ARu3wrK_3IM5*5;%3s12uQgw7LF ztE;OJjPI`VSv~FHf(52F!1oN24sE=u_c>;^CiH8dGoMWKW`spVkQ)$2a5GRDlv@!U z&;;wdzE#>KxNs1z#$(`WV&$=BABj~#)4T1@QG}K$h0MzjNJ3*xW++i8MT3K27DG~h?k%=(Px+O2Wi<%0w zw6&?$F=Ap9X!Ikip|7H4HtYe20#1=^`>TLKeo?uv9V^1nBm?G~XBq>b>Eeh;sh0zH zIkn5IXpwj^3KkTN;j`9G9c(uSNgcGmW!4N=PbqO|3%>hp+Q-??X56jM+4Z4_(7i+t z)X%3&roX8{ErwHAzdxfFbp@61!1eJ}^1S?FqGMm*{v3@aat+tT+fihsTnt@|-2xCo@z!YbR1TH_jkl<8&eKw++XinA&dOTCq(`zsjwO`UdttjR&Y(nt_a*KA9Io`oy%&vLT$%=wJFF0A;ry+nd*cYh& zT3K*$C)L$Nd>|gg_4?=Tw_(dCX=a;5Fh;$?T?nH)-NCjS3XFD;amZOe*LzKWqqh^)EhD``|q}1JGhAh!< zs|(|TVXDo`%?(6Iuu*exApd0CRh@F1yv-rda*a^P{R24gx-{;q=U^3meJSrx1TQ4G zb5FRf1f`+Hoch7?0ZkG%lUv*waDih_mdB#+WkLRZPkdj+Mw4aO2w)7oxOd=KW)%ik zThN3)7G}u8Hc_L=A%QgK1gnok&CJZ2zbJ({TSWp4d{I(p_Ptzh2((yjx3|vo(e^sp z$z%S0q`GD3+W<~ckuvL1^|>QZpUtN!;$nJ4jemZ5Ia)SOM<81MjF2njlPvrtmoL*3 zG?z)Rl?z_Cjy6Itupgi?xC~qhq?YdWMAqr&I1ZGwwzj(9mzoWKek3yN%?Roj%B*ma zd$7?^&t)})nZ01JXQAu1q_K;CYup*91-?*ubDZG1+6p2r5cdLkcjpXBZv@#M+z1xM zSJYO4xCI?t2SAxoG6&932wiiAV3mcWq$Tk9H9rai8cL|U?yhUg*F_JqkoVqDGl&05 ze)S8C#&348PzY-Tm8;h>3`C5~KuAIFS7ioUp4p(HaL5L(!eDo*RM%mZm!lf_ku~s3 zB=(?PTQvZc2lW*Lr75h(sh!K6UYmuJGX%i*p7+H=XRG0&O6>)x0uP=9(_Bk^B0_tL zNdJ^Q8Z%?XhdFRkel}EYa8Fh3T~zc%ciX zp``Sw$k0lnp;^>P>6s3~TnF>VjX<1AV?TTlC;f@~1E0(AOpLLKGqK)lU>1$Pf(jn0 zyVO#5=8e6*{VY)aAf?m!m5cu zBnBbqli;!WY5dG7=d$PD$27k_w|Q{5ZN%mBXO6)0q>S~$hhsm&`mszzSbRo~(a_hM zAg#sxw>k+8qI&mx6SROb(ZOblE!I=j^x5E5@lUw$X2`m-=htjfBgw>!P2`%zR%~?| zz>bbK+)!7VbU_0^OwX?U4Jt68!X+c2NW_$!KlJGoJ5C8l{UM^i8wj*Xa(%+nGA#k3 zVdL8=bP#~JoVK-#^EHk*3fu(2$7ROP2d2-~x47$QNZ-J@HGFVp!u|LXsA|Q$S;Pjq zzY&j z3?SBIHI9V^3o_A9MP5)O{cwLFQSSU{vnm8w!9XajSg#XP6F#Ue22Z9DbL41naIi2L zz^=1L>kBmIS3fgA51Nma4I44?d6cZhn?y(9f%qn>l< zj(g4;fG)ns+2C5$i{g}&i&!9@WBbn^uPwhPz1Bp+@4*f$Ro69Gke~en1GWhjdawQv zdi*Gwd&rbtxRxf*;m|4Q&OhbS5=uHln8dKsd2SzBkfu#)L7lgoO$f2|T=9<*^&HVp z#N-U>Q`3v>w>Y{JAFqKKB)x&PMYCimBvws=VEX=ixo>1k?DXAV{*BK}aC-u@F0(`-dQ&?lHHTC0&uWB5)0#b+6B9>+65VQl^eNVI zytuX-5r^Z#jwa2G0ThUdYOzyj(eJ8)<5UT80E-obHQ|{Bv15Jsbv2ckmxBkc+8~%wCL4Ve zrXYF+PL9l>JsR&v#BF}H7dfKxpS>YG1opj!3`isI&w3{-8{2FPGrb@3)r3Pq_E%Gv zP-mWF5JUmPQ`VfGXYt3+*4Ah4o%;)!b>TY2rfOg_CpWF+kXR00YX)$T`Fn>P#0drc9CZgHFtzSx~= zhS&gDJAh8RK|PE=AmFQzLC}+^q!&@#bEQxO)5CXVI4X-qJlhjQ?t5(ntZN8rGPAL< z0r7Z(TN6puCjoN$CV?ztGPu*+%}bS-mF9yj7?0`_Vw4q)6>)K z2w1U#{_iK%KA?pig&rLJ@gbzDWY$|^p>LuX2IO|O0A0(Feh9L-2}-sB)(iL=8Spko zFr{)@jev-f>s332AVgHiL7=2{gNT|hHw5}5PBq)g%l}ICmx9Yvu`>{>EE<6HOgiI3 z0?8CssgVysfzA-YfFQG}+b3)c=-95>lb~LGy)Gie>*9E@Q9Jv!UMN%KsAfwv+UY~} zj~~gr`a0G!<%?2}9yL?xP&z2Q20;Fo44+oQsfT}bm4X6mk3nV}begsnx=Ei z+lVewo_iL4-?WByk}#pMyRn?cQbm+sCc=J=} z;o)KTgS)?zeU7dn>J2JEBN(Z1PBfbdcwb+ay=nJe`Lm8mnia3~p$oCpR4OF_tmDp^ zi#0dWJ!cvs5fO8kZPFB2J}V`LHyx4Y5>*9*GFW8yUxAH=u-RYY!fLK#WC{;xjt>@& zu^TZ^krDF;>!dtx+Odf+*5hN%ZKE8Ii~7L24i=>hLQ+z)S3-u4aGip;Rleac`zVP%}OH4hQBShP6QW#gBlE#Z+A8 zIREo+f*ZqKUR+3@u2t?hPO#Vz>4E_8OS}F-!+fS%4$=XE)~Y^?L4aJ~Ywh05&%Y(e zTnsm+&;SZRHxD${IF<95oqhP{&l#&L{VQqLAM9-|_AZpX9LUvbJxWRG=R&Rt=#?Jd z;w)_1_#hYC?(2n!uH0=~!9 zK|N>jQUVKrTdb|TSfL`=^B(x#V`}7Tt*TB~d>CNXJ&5)}`7DNCyb|D4&9MS|n>yhhWOtn|Uy&nMQU^>p_ zG^pe8!c`|W={b*=59SDR>I(2rc)34A_OXr6&IAxif$Q|7IoL-Mx+s7LjboL?(5gt@ zXreC2*j51>2RC`V0BBT=bLo(EH_ZYvrDI#mVov-AL?JDrbrAJ}xXe#)UqSRcqC<>; zT`P+UBYYGR-X2hwfyH46XtQ0nKH%V0~RS`9X$b=Lqy0^qI`@y>q z(NVxCq1tK&(u)br)f^u=Kl$6#;`FjJix})sMGyy~=qcXQ2Es+xp?hj^a6M39#@7b+ zclIKEy}SA~cc9Ne$5|)9jeWL?AXTI5f+x52^Qy0ZN@>vv&|})`bgqjl!9bzk=udai6PrmDN+UV70|{GYh&rH_SrF)&4B>1kP=0k?)}L$1eccud-^o(Y=S#o z5J-=kj0e=0yKDAu+O;rhG>PCI#B4sic6noOmQ+nJU;^i@-e=uzXu=|^s1 z`e{#nP|0LMZ$I+A{phOyr#W^bPCA2;a*CkUR@&~^Iqc4C%v9VpJXklObchdEM$KLsAp4`4j-N$dGv8SgQB3s0he4yz*sZfC zy;ID%?)3?o;i9>nwd%wb$iOV?(SIWDYH8Qi)otQ%8t|L`T6cQS?QZAgarY#19n%2O zF%!=HztybvaD3d&3U)TjAloG521?=^Vl)b#|Sv&oh!o^qxOY z8Yz?exg}Km&ooRFyB2rXZ>x2OgT2dIdFtX1n3|4++TJPF)wrh5iTmtU_va6LPMWk` z6YBTwx9Bf2DZ}}VmaeQSswrP@Y=~k;EtKm!{P@={gIsyEWGSsn>{#s(KWCsg+>8Pa`>O$yN|mf64&3qf6wc&cgGXI6tWDXGBjdqnVd8b6%}RG zDhdbRHc!LAQ$ayw#{lBy`iM5ht5iI~x7NBdG&VK|?pZoCBqRhj*XD*nt|4{p%t}d&T&5^dwg4wPh zL9E+OKh9w`NRAkbClGSMk-ERr4=PPg&GSDeXVUdNafu6 z?CDnwgMrsVdz^V)TL}Np_I955gK!SLC$P6id9Jm8)0%-PBSqiUB<{sKhob}6`in}D zp8IoBt?lh!{XTemFLm&XsTZ5((NMYT>ee&`5gsckl?9yd?d{#(>e5*F2O3pKlDci+ zSGuyH`s^PKrZ&q}?F{TvJ*bF0+Dd$Zp9vr>HS6LKci&mzAE37NcqG=N)=C$?M104qktsrWCX~*T?N@WitS(S*X`IKQZ01u6f zylC1X0ax+B8%@}33y}*$&(7NZisDL);`qyI&iA}M=cnx_tzKB zFSi$!AP%cus3cEKJr~((&&jwjiq$H&i5SS`Qjg2gugz!*K9nVAjbcvIWx0J@LP2yt z)NP0Axq#Dh-#NL2gWCGp{ql+mZMUtCkj?R2W;g}9NPO`+?TKRIKBV*xuF&hzZ3E)} z!gt(3Wz=I`h0k{4$>qz9#2b|NncS_cPGkGB$TI9Sa@MM{bt|v;?zM!?&)TbwSCJ4~ zk~yyq&8XUiT95Kkc6Mm{m4*<^Gaa4&SuGMNepQD%zs;lM?_cl_stDVwY zhFwP?<-v$B_T@M4d0bG#-MPI!j)9@-h#dS0^LA10kv}}d8DtE4Y%~&i2i-Y1IM@cK zwZF=-*@HlQ?p(JFXKm`{To78yi+~mGwG=(tqwVeBd=l)Tbn495?5{JV5FkC(>s~f^ zU91m1Q)TTrO(iPs-=XHGzVHq5v9oz1u^r5w4ib6BT?Pp~3d5?Z=1vj^GEz zYCe4UW~2-ow_eI?IiS?&uSUGFzm>Uiu)jq|oyv^hqC?8P*S`bg)mFY}^U9Zxy^g(E z=dk1{J!g7^VUlTp=sP5stz79_zaXSNm;y0$X@HZM`Ae3BP0rroCAHuJh| z`^YmUtqm8;z|!Aq@F8~P>5^nJJ$dSs9Gg>GTHNdGcs7y!-{^SlJN(AJu05M|p4EDE z^$~Rkn?{G*y^-E7wQfN?Zrf7lNkjfT6@wgls8qSp#Dt%EZ`)Vrsgapan2WR}E|l?W zC=f3Bx&KVu=c0zk0g3k>J^BE;bN2G3jC$E_+uOYbtUNsJ$y;9lA17Z~(UU-zi6yfW z@6U+5+^b1|8qK2O<&YiU2Kr26XPMVw?*KSs?{?+)iCR}NqCfM3GEnXNi_OG*I;{uu z1CW^tVZ6Pq8gLCuW0C1e$UlGX9B%_D&CtrPoeATKnk8?|ju^+Q)H;HbmckDA3a+d^ z>&`Ln4Qx!g#SpOK$E?qDHL_JEgwB(kg2L99Q?KgVB?KCFRy3$*P7zJy;CHA6$IPBS z^@Xxx<7+!w*79)-W72kpk;#TPZZuEF)^W|FxZd;Gu{%AUKY&q2CG+UFs?J1;e(e*g zdsB2iT_GWuN6?GpZzyOo_CR$qoPg&SK3CcYg(b(@SgicHJ!mDB*4J08T{pH7EBe9w z`@3jw&G%>I`T_hiN4aHC^75j_L*Lgz#JrSjZ1UxDfvGJ2N{;RIe5MS5N=#O_x@yI) z`Fu?8@?Q)^4StS`yD(Dg?gIjBs?U*GflecWwV#~k0CQU0&Tb>)!UY1Ej(APr}O)j_AC6J{FeDlGk&F znb-0XAGqoQi@M(c^hv(4N&U4O@zK$d+je&*$wqFjZ13{B{iS}(q~6&(P`B~hmE)HZ z0W@K&L>wKorv|x;OTCqp7?E1(lV7fpykRlyQg6tmP(@7KUcH={8O^vUt!!%QJ!)NU z-rI7?p67%BKmXuYn-aZh4x5lAH>bJ71GadvL~ANB_uas2>@h~Zq?DV!D$;(D`*{5F z?&vyi!$Nzs#hnM?iQm3G?By+Y-2g^*h?gVYxNoMssy~ah{|qqZus8PWm!ev(X8*S4 z`ot+(n`U4e5v-J>(h3Up6(qK=@Y~WLI$JL}r{N16%-76zaTd@bmsb<&YH#mrjc8g1 z3xw1m>()UBKaRhl-OGo9BhJJZDR^b0XN1Siw&ty`((3U|dUfE5FJ9!!W5xQys^^$? zXj9MhW*%E;nxT1L&F^?<%{K8<8oJg37&!?XOB18s9D||CL@QJ>dCA#Ws;*7QX*HP> zb1(!O6Xx4lIG8K0g}1lMVuuPFFRhQ1M#^9#*fbsi=g5QcG&ZOz%gQpUeNj{b*2lLH zEhhk+Wo_HWLc?OXsP@G|eMjuEI>yVndhBll0)?tEaB?cU#+i`W7_gA_=zRv2s7H9~ zXZFN($Bx)?^{x3xy6nu1g#PYSAM#7j>+EY7{K*4&8eYHVsOVE~`;67C;($y}UjEt` zI;X4?>ABO-oY8^-J=F_kCi%@9RQU)I1W--m_xFVDxk&nzK?4lLHz`8O_Vu?04cdsg z3=9mQ4>mey*U;Dqdx)yM&Gv!$AoO)wRVP1~;bw9sLVj}9SHudpw|N*D8DrE5CxJ2; z7iyNcZ0L&DcoJ+jx3=uR1nuonL%t7xHMQ$b5kz1Xt6sKqje;}A_M-9-ju^`*t+%h$ zq~^HXr?J#y;;{L918pemWYz6Q)+`&=m=BUlsQye4c7!rVwBBx)FKuIktKcRCqEJ0= zqrYUfd9ON0NU~CD>{S{XL;H0R1_nL%-Bnd!RkSvl^6}K|XRT8>`kK)!=<5iD_hs&h*09oZV8ftT0xA>L^@F#|gyG5Mei=FZ>ioduihixl{Tlh+o=z4P^Gu7r zFLSS}Kd|4s_lqZ*U(B>Wd&^DX)GKV#$$O}8CR_8A&cE4|ZnaL+?x)EJ-{Q3zYQHpD z<(RsQm3eLHkx*vTY}%{W9JlXvjD1UVl(<&21C~3d*#%8+-5P5JKN*P_)LP*a7}d)znr76JsT26yy1kcdfE4-`>&u%`nkWiC%{v1 z_QC}XMa7REo?8ampA!-?06(P)Fh^E(iJ9fL{5BQvU@g`o?9pa#wi=PR)hORW0$L+S zU3{*sxuOpZtg%$ChKX^M2DU_la)=V9pF;y`pK)Espjx&nf1c3!=HXF?`}cl%*eeuw6*w-BEh_I! zww*kAQg(gXcH*F11uGDC*CTzVQRcegZs-Q%dP1=(pwb#9Uc^)_3Bom|7OiK!64b%U z!EZa!n-t0+M@4gh1aCgcr~uO7AKnf@4pGzdesTj3ogHZzUXZ&0YBHdQbF2c z=xen3$&LArm2r#muh10kO~;+@)a?9!djZsoaXdNw%bWMrQ5vMI@QA!_Xheib#q=#{ zS|JB}{3&yYdNPl7(kDn=L z%8!q0-#|7YyF3GW$746sburPlR67FVL?u&x@!Q+l5zr5xIpPbp9gKQ@_M~64M%BP=qrTyiM<}QBj#vVT!mdUObf%Hlr%%7d0z2 z@0AW?M%$9(v*CFfg$MJzx$OViFQ^HY@uPKlrx<+k1t=p{ssDl zmhh~hXji^26z|$N60r?WTkfBYr}8PjNH6*ve~@#7!0XN~z1CIh>EWT8`o!9L z=xY;GojdMg`3Soe7gy8r@8Emx3Sk@~lRWOVrz)Iu$I*T#P?GRK`)P2ucp8xM>z-nuItD6m4EJ~L_ zB|+8n4W^YD0H4rd`(@EZy0J{KE?Nu=D+t!nMdg|-Vy2`&^3-#Bv9}o+S-I?T#%E`n zG0Er1yk5J;!F3-hZES2PNl0)>N?cU|7S*4xXD0IJ+bkZxqQK+0tl+&x!I_ZL6coz_ z<;mQ=IfS0KfmI`aepdj?criUAK`r-v2!>5PcV^(ap;1tPb5{bdx-e3-kh_7ML}tF# zMFU@rTY4;hC1nj17+8~uy?S0yW;L8t}I0IS+k)-$QPJnt#jqgctq&yRvsG&5v$tenZ_+Bjt@eDWvWWl z`ziA$3~)O;j>{gl3B}=erlSWJclL4(Cmzf)UH$Z_vA@FZLgwhRr;9J1qCRtw*S@}e zVsEj#-aBg8qbIB#PkjEoay0kc`P?ot=3q+0^kD2Qa@GAI)V{q`{0DmAS>kCae5$Rn5e~Sv;Jr)I2Q70DaiR1S|NsTJ6no z{BtUL^m~}0slpB2g4IKt2v)Tw9-Cd)+9ZK$zOs7>r(6hejCbw~VeOuV7Od~6G4kBM zFAm24y#^JPu5780*arh$8FDKQi@%OMF36BKYC9B*UcmF33}iCv%Y$ zM)J^#>|1|xCA%E#&JU0CcnY=aZg`z(M~w2FLxCTLE!+*~@uyr~Fr&E4rk#Zq&iAS;G*2bo$i?Oy$FQ>k7xM54pc+5J1XkqV${x)c-3AI)7_h&Wn z?Es%5M}w2?T{rR-r(y5&BcxW`^qQCThlkBx`i{nOx>zI^4;QodIbA^PD7 z)SL3wj*ik;)T%i+_kFN;@_ag{#=jpviItgk3S0k7{m`>r&;Q{9Ovid! z?-Xi^$GsnY;W5|`Ann*oj%qqST%b5#ib1b)oIys4dSlr|!aw#>`y7Mdeo`{`9}Jw= z?}^*##Z98~fgNPxgZx?3!IN8F$~5Q>;H;bLE7b@%acZsGhu+JwYVY~M-e4B;mt)>o zwtjnyi)uPPB5;c5Ch@Ov$*BL?+H&4=b54xV0k8EgP@%u|;~H#Me8MbG!xml#+KI<` zt>p1in;JAgcp7$Bhtokee(1q~`x;EEL%gxLSOhLt<94nmD< zZ-7;?uC2<)g3P!$8u9kY#D82-gM6Y~C{)~QFiF@o?-eT&;vf%ZW^M2EiFQaxT)p4G zegFRX5{2UNV2l3j9Na{#Y7+eY2;?<2G5}f+9?JQCX|mWX6SRe`TSrrn<<5@_^;>#p zfl22M4Yg(~CWo@B=jKAO%yHXsk(7!&T%alb_f5|D)OXUQVBxi}+ah~YX94y7JCK5f zUra6E2J?xc@egv5kQ|kTC#Q*ss96b7YK0ewiB*9BzThe;roIr}0(dSbD*xXD-Gt? zp07CuUoF~3d8ovkEdnE!(P;dx{z2xMx8hQ%dkUxn9!p?PC zGN0QA0g$aab)aBkAe!y{!=eBpa~7-2Ha)tBsjTAvd03CMPJF19>{> zOmf;4<6e(m_N09P^M?edW!9CTedpXam5hVuRJH@{Tj#!6k5ZAni3BVPL&Zfzq=VZ( z8V9=rDMCW#+)9jF9`w3|G4V$?f!8I+kE@&*$Z^|>JKY(3zuAM#A6x-tXbk9BCki<} z2GV)2!K^(h&g>*K`?$n;x8Lap=wDr#WVjW$^+KWM^X+IG~sy>DM z7BKniI)RBuhdvMtxxGmDprY$lFDJO7Tk~=nlXcEj<8{KIZKw^w^m~=l0n_@kt4jf- zofH1<3*Yp#IOQi#s>~gqBdY@~qRYEZUphN#Us4?d?LeygCEJ1AQZUZ+K?(`>qaShJ zy(0@&Wuf#@?dnEzV(+iyQ^eJHXw_fu&l~-BRG8Odtbzm%EC{{y4GJ?lSpbmXZ zSKj>9d7Y!z1)N+On_1XXZ4>ljvhKF{U7@Nt9qW^*SEYoluHg*o6BCYur|6^w*!64v z72P+^y(wzcWLzMJx=0$LI9e7@B5ma7r&H>6xO_6N#0{1Sb{re}N=ZesfAq>x&B}+& z7IJubEQa6_LRX+2^DGoOCroy3eZAl_`>4Ce-9hS{{%pv>7&^=Gk)!$WPoEf#3x}8v z=tMn!bq)_Q0b}_F99R&))urX_0%DujVR4qu96eqYA!N_g$dnLOp;qn8%*w$ru`N{W zIK5WaSyWt1e)Xy`u0ksjHi_`9H+Mn>>W3{?a%}!G+@5C;M?PLSa(UNOi?EC3Ygom6 z4y3+Tts=Hq3+a{ z)}K$ED?7}4y?Q$M%lkgwEMKl%pzDP!D|J|UhYlY6qBOc)B^NtTIre{(?$7#oBj^3m zPosu~FQt*{m6xVq7p{2TBw+@1=UXSS)MR9v>~fqq_!+ zsW=7OJ4ga%8MjD!;B z()C~I6-`df0%G2%B?CI4{CQIqrX8=VabmTP3iMCO&cXvJ_f^mAUWK(#5OtM;&Ggs%c_{ZB|m9IEx*%+rui>sZ(A&*qh#To_;CXJJv|pBz(mo){KqkP=ODo^aI?J3i    3X6PyIJj!omqeF(&ZSAd3!TmKflp%aHN0#7DqabK&A}sXVaC_ zvoj)mH1c`Y8WsZK;pxQ*cf#UQCj9_B5}Un_Io1WxP*hj{tb_f(rEmGG6ZToJ3(`j@ z1nJsl$R$d=K8oY07It4S!`aN%ySl6W$Tx+3K`KZOXCs1*!gBiYZ08n|`~AlC-n zXWQq=Lsc{7J;kjC^RYs%n-w~g(Jd^W$z-6@xkGtNRJf2Sn10bx!2%1wj6K{T+>3{T>^ayeQwGbqKm8j3yBzm z8=mses5-)1R^Ft$tRxGKRF;pTj6j*7wJ045MZU!AkTuo_gg(pHLS0Tc0210gquHi1 z9i1>Z@v1(^duXDz+7X~Y$H;9yT59_zgEMr5ik%WXHYUcdjQUmWSa|XeD-261EylwmMw4Ew;W<(-qg;X)bYXRQn?tGi-!=H2deC zXo66XDH+IjZA}VhS@G4e{KU77h~rman-B1oYA2m4S*V03$)<=!rgz070j zTua8KPPwFMSIoC>b#;#M(lN(j$wYJ0KAIg#;o@?(0x`se3|YK)N|HwjS>p zo%+P6S-`cbiNp<+%b)dXr{R`In$Oq+{$*WBP|3U^$|MHEVPr zg>H@&X9~4zXHle>&rdRWO#g_-i4WSFsIx8mwLc6s7tvZAaCyd@h#tP>1E^vK*<6f_ zq6n>~xl;W#Bcgyf**_>}jR1ER|Gf|>R^9;f3#J-eBg??Nd7hLsR{bI=DfmU!HsMbZ!d1;So*s%(N-Mp7v9hzX)9B{8PcI|t zQzKF?clLbhWa6EBUaOf6UZ~*wPZr^}s;a7po=_5}kP{_U(`+q63I6N^F6-O=W%Ro8 z0YZ*yINr|wAx_>+CPSa|ObZ4lZgPco&kh8=yn7kN@R+W8kSzXvq|i3HKZWdRkdluA z4YUx#cdIwCZRVEv6)P8)*l%-53g=oqD;h}^t-w}Y6Os8z6Yo=6S6BDGN1xKG7cUYU z)oevhD6nz~2;Oe`Xct!@A1f;dfc!L>;Ka7)1t!_)WhhC+DUtTYd{FYJ!cGC>;Iy~w zI5T*<-Hhu%$kVcgRE4!o%-7^{WvvU$2i>2{;>Pp5_AV@p3hlco;g>E8kXfR9Xi1QB zDn3$jsk&d#a#XUex5AOOYo&0{or#L2&3)II73UWxr~?olNaX9c2Xd6xs=5LgSFd&! zT%5oGaK8;}6HkFjh%DL3@*g+_UCi!#$wh{Ln3-#UY39W0o|Ur*9Mz7ko1G}hw0E}#L2Vs;@Rp{W6_!m|R$W4-k3 zP!madXkb<`Kb&PeOkb4RRh$tn72GP9rcEb|@5&j;{hmZ`g#LlM!+gIu*x^t535?#P zdgFvxRy)_nt!dYpZMxn10@Q{UOZG76m$|b%u|ll}I6Ga&P|Umc3WMFR$l^XS7V=?d z+q=8s$y3p2nW!Mi8EVSgjGLgJTn3uywC6&qKcZLrgF_rTl4DkmL1wLn59>oO^4Ds1 zI`CfuU+sPR%eX_#yIqe;?oV1-o)N31k_-*Kj0UNC?&u?%^Q68^K|mcCEi&{>!iikz zZ<;x~aaiVOm5|OLhnVa__|H)3WUBuQrb%yeepGM+(~qW7`=Q&gCPU z?q^8$-tgz2CrLl8l1QO?^Xml&3Lh2z9?}^&DI}^?{L*Nb85(vvjS&$R)$U8d?tgCC z(lDGw&HjO!t|bX)5x$1d8ll0c1MN{id)roe`Vf$S{M0yZeLNJ&-C8)?B`guZ(-A`b zt<0USx>kz1w!fB;hDAovI;AlvfeEq^E6cHl4UUy|#AhHh# zgj7mO>H2RkWwEY`CBMG}mq&dN9EdG$CCI{nMd}8Vg#7!u9>+76(Pyd~5-P`s9c(@$ zX9YFh^Uw)7r2i>GP%%1Wd}bVllMxp>BEVi^ z!G)2)DSN8a>&z>5bSM}~-Q2`(CTn5H@Y+I>lrjA^Yv+4BQ*t3P#Hn5GYT+n~hBpys z0{PoS0X~=$HrN!Vh4I+j9u4ztzdJgaWG&mO}LhT*xvq#raKy=#T@B?IRpFJ>R^AIW=4 z3sr1V-F`tEY<%{rn+H+s zPK|#Vjm4CI?VRC0%-fl&K2!q+IC1i1@>bCv0qycx353*-Gx@H2OuYgFhh@#bqSMCy zNJj_>psD4k%8wMK&-rrocJBvgO%Qj_4b=SDZ9d#0PGFFns6cdWVDJojs~2V}&rL!T zB?&`z9WMmLn_| zS1Lw0KQTy;PdfQ27d_V8pqwr2EuSmiI)SF=>6W$J`!@dh=hZUzc22F&)K4^##+ho? z++bi}05474X8cnKA4XOc?5-uD#zleA*f1uiaRrklPoep_I}kRm_8%7(~XuCM(N?V`mDOPJQVVI_vA(5AZP> zZMVOBfyJ=RWhtpzkWg-SAs44AJI^Yeyzy25?=}SWeX6r@OS+`v;+QM=npZCzLYjCx z^;SQ_&uDpg!%Q2;l|cT^p|3fFy4N3(HC4_*ed5TE^okUc{6T1`PAYN;!#oAIo&d^6 zAg`$s-t;GqeREiTCll&^IAJuiBaa!U-3%1Y(s!M@uV-HiK^4_ zBuk;0z0LC)ohD|8@?d#mhMMoPhb;ub7~A~{FzKPpeW>j~vq}^mH9@7T0MMTlSj8z} zqMn=%i?lDp@n+}d=1y>M6dUp5)UFfGuwE#%x1q&i$1li%2$brq%)EPPw)?REbr7Sk zoOrkTm{Ms%6FRH+7()|sk#Ig>b&P6c?@za97_imO0zH_x63Ma|6+7?-wxN;hhgJRV zk?~Tdq5t^)QIMcQp3>VK>=eZOeG**Fo*ZRD1_T)*9uo;YjLoc%u84?w*Ms(&i0MgR zD>rEp5Yt(}MHxW5iVFXg@UC1W6GRMvrU+Ve`R%6ImnQ(+;Y3mmR3C;}dA4lWP)}%Kg7!w1`kNK>YkH2>_Dv&; z;Jr1X_%;V*lJ}_y9blcmu|s)pE9KsxU%ftO!lk{tcdLC{D}>Y45z)uGZAw93RmwGU zxIaC-0mul*hbuqp6*^6SIwWv_Sp#nJ!}(vu#;&&~O78wR-Xu|YLM?xdvk1K`S{MSJ zR|(8K5&u-=T~gNhW~{sDGl%a=yE$X$$fN{9;5Mhtoj!L8|?^=L-2!c*{f-<*$U!|dir{lv156D~N z^HOoJW|_aYYNknm5uNDEmlpac5lQ@P?;J$X8NlVI#k3hzL2xTZqgdo~W8;~}!|xw& z;Y1Rnqsw{V4v26x~`Z1#jMr_W8i8}g>UO1e@1!N-%Y8339fkD658s(1R1^_Bg zx3o{bTi>bM^KlP|mEpyWI9MiaoIiH|@+%jMm{EYMWR0H&dQT3?wC9$t`3A&u5D$$t z!!g4Nvr8}&X}ho>pe5INCJtekLg@%q%Ald)Gs_lS7*fd4t*(sVB2*B|j=3v1V;GFG zUR6I#E^dn-&zKI#XWwe36b5ShEClAlP339;e40ao&H!agfS>v*oOo#gTI5bI!S$gv zUF_Jejrr&UEOsb^lOz4c-c}mbH!|-|LPw9>P*M3OZVE%2{=uZEe(0QJ<>hE~Km%GcV6M!nmlCmW>0AaveB*ozz3OUULVq{sw%zM0KvY-QF z!$2~Ti1J4`arCf80TT%%Zsb$Hf1?uB28l?N>!otA-DIOnFVQ1RR&`0Bx z)>!}6D2vdVEnfWH7cB+g}5oYk%U-h`qKs{Z8COt1kanx88xxdhm70tbLb zEFtNESaXIC+<-)R)84&1k^m${jXbV#L;@mB^}a5`Pen+QO;B>f)6PSDtBY%-OrZs* zz&1Vwrc0VXjb858c^w&}O#a?u^K%0|sUbuLp#s_!3R<3iw_FNrXEsyFA+w}JJ zMSc6W6>R+D%*-kPYoamMz-f|LU?`z4kF<;L&0@qigr5o~;_7N}Yy`aLU2_gmgc0fZR@bw^}jOgyh*ACaGHvk^i-s&?8|HQ4LF zFi7x-@gJMCQm$XAn!;^_iEzg_uH?yO8LjqSm^_N{tIdyBCiA`i8~nJ28S^?9-aVA1 ztjmAl!I>mQ|5i?SYGA+CEtUC|Z#S3(gH%H(I}=fv=+2DL@!4`+1kcqBw1|rrE*u90 zN9Ye&HT0t#+}sMbGb0Vamc1}V)YFR@2chixb<&<5XH9(l<&`2O`zZTZC~K8R@%!-J zie_8Fly0PVy{MFOurD}C+| zDi*=_R$NP4DZ@ZvL`c1?WG?pRMM2MR17&@N5M>o1jOfdsnIfX1n80W{ckbOr@Nu2D zACb$@4?q#Jd+MYK9S@4NJj>Cm`UCq2S596&5^EKlrVt;W%V-XJ<$@>u8H|0?zO@ie zCs-0v81+}@nCkrK>q|oAC>ME!x1_Am+#pTe78NH(M6u{@``dEFlZJo&`tzd5>#Hg% zEFfOL>$dOh?bXMjyOpfvrDv6a;&PbI1C;G$_*$@2xWDuZhx z2QzV2ao2HKSupM-<+ux5pyhyKOMmS+fNu2YRa#5WEcn5-`RiuTgUxJK<>X$U80m`xKzPaf|9NFg7R#Tj)R=x`9FWX zbtPk|fA?jz?H?q`|KoSr&XbS(H(%c_5}Lxl`^x{5(Dwe#*S$SsYy*EIg8%Z}Yy)6R z=pN61dISw@F8ujX9cL0sLLDx^YuJ|hEX3>VNk3#A3k@TYf=901pAg(4EB^As( zpm9tdaj+!DY54ut+;&w{)h8m%akNRILHKS(Yan?S@`zdE9GPNbf_dEc0U48bAZ=8+8)hWvzlpEs5PT-%v zE!bpI$*F&lQy+wUAxo@{#I!{#Z&}#fHj1`?ZK~F|ruy+eD9TFpbE5Tg@VU5s0=@xv zO;;we)9Z9hC~se9;g5H}W>H;SC2{VzA6G=gr@qy4eaDhB?iw;vC>7W02d}DlN|+v| zlym7U40{T_jhlZgL^-P&H-AL@@4qQtDA=i5BzUtu_vrr3l&{Qk1+&F{CSOnEqsGUV zC$i&j7Z0FRQ+_!**evf$yyEurmaSfOBlBD!-;tttZsla{L%foV8FOz_UxujLU7h4gq3Oe_+I+y4Th9S=K# z4eQrXmD|BUt@rSYO9ksnIGaz4s!iQCZAo`-(s;U}Vs>4AcZyjIH815Ji{_`77reYz z`b-w46O9&G0@IG7g1oQ zcd#K|FZ3NAsz@%a$56^sCSa1SnY&q}A9BeN-#Ir8xX{shr0Z@=8B7%PcoBj-rD{TMg)vxU@K!OO^JaXa+f zDoSeru8H~jRo}aAHyRTaQ>p}6x87=%YqzuYR=s<(jLu*8DhQ-fiJzWKuDRD7`RcVu z{yqjn~f`KDdSFFK!%-d+=@* zbWth5VX4O3<#k5|bzV-cyn}%wRoS2{5v8>gabw@+1JlGg7 z`fWo6XLGXkA8&6@eExDs&9UI%WpRI-!&rM?BPF1-J926*!bZkjt%JQ4$_%e!8tGP1 zPG=jnr*`>wrjN7Tihc0lLjKb9{2i^0l;k5rxds+PIZ^zptL=QSH9o?fmgUFZVpz4E$XH{U;hJ-4o`igLCa zHy)}}70{%|_(}bv*~N>_vy-)-uNSt>t)hJ886Q6gSu1B&)c}UCi@!fFVQ#>0C`cgf z5Mxw~=xPZmijTI|(!5iI_>OB=ukJe`Z`Hq=GS!%(DR0*QlCC{h>tZJDhSij_FH=*U z*b1YcX?;1aIW-VTPen=2FsMEVg957HGV`II?;V<2yk3hiD@yNMyY|&J>6*H*Rg_GN zR>M887P7$K+C|65BXqB(X2p*F?}z%4v-x=t?pev&8b(F$W8a>=a69|hT)So5%EMn3 z#=RHft~JYHtCfMx3USj$6c z9<98qY14I6zNcm5Sia5Sv%)d)ZNJ*vS~8sP)NkCnZLC?x`Fif@rMYwPgdEE7juX7^ z6dzC3x4zY|Z;`@PVn_StI}B*%kFiM=8TJLHg&8PtA6ykp-FU0G_XpP$ z`0F5-ZC^2+#YdO?d=?HuifU@Or6ZbdL|2`gQPq8qN zwsb)t`JKzI`e25h9v&gey_S=m>vVbimF}mS8}uE=>ohgE@Goipe~vTQ|Gx^De|?Gn zvAg@%=kcGa{9m8Pf2`sE^?96f`oH8QdpPCxtAB6-{_79@e{jd$^|!&ref8SSqO=o7 zuAUtce|>+B5VBCllIV}0vSWzga-{43Q@r>xknNK*Fyd>6kINo#-Gw(3yEmZ^KZnEwR^tbWZ zM@TV(b3L9PD=Xc}k3cWvCg#x3)Cz1kr@sEXI_3*b3eSH4a<5t7N>1aKoq;0FT)##H7RBEuC~xr1-nE#(->^JKi<0a zJlMqQ#B17HH#ZAkLfC=GLE-vhW1^~NR=b6(!_s`ofv5Yo=MANbuXZ>4V%zgVv`fly zUPgNOx$qWecFoe$)lL-s(ULvt&!D1wtGnCZD3=M>Q}=BN@?LvjS5Q@wZ#~fkdp$^T zhC-kK}UW)k_) z+qhbgYCL{+7CG*>?s-uSIC3WLO)qi_&x+gco# z2A8lB*gdI5X*R|y?qGwT5>5u7%3PYF3ETmb46bRAz2J9wX}`&bZB*0qzC0#3+hE}2 z-=+g?uj&kg#&!KkP~HvY>GjdX{~R2i9&o7S&@OiZ(=MtG=8&DUb5)M?>-XO|`_O~1 zC4PVT(XP5dxo6`8^47Ecys6jZpGq9wuE!P~X>|Pf@viSr8Qd4(R|0y*wK&Z$pFeli zE2z6c`jB&Zu}`RMrf{YJYM~b(O_%UOL|i5sh76s{(^>3Lw6V#8@pcO?kh|;KLu#XY zFRtx?G=K+Ll}t>|DAue76S8jN(zk7^F2bGR&)^{^JBx039?P4r1F_yx7;4o;+cPVs z9)^PTYad=yZFuE*4VRRZpcmL5Y&R};W~R;5q*j8vq(3T{zW6D%2hM$SecT%a3H!a= zMk>szxu><1VYY*ab=4QoK(Sbwrf)1#h= zlAnQDN#_>9s|jKTY%!eL=H)Rgi2!q2@Y+J^y^-VMCGhq=1c2PCf~%pVniBRsP&;hF14l z7J59Th$DpyR!}3~qOu$=9kvcT#vU>({)ID~W9w)R_z?_dLC`-{UOGM$O zU=X=SC(vA;StUDJZ3%*O@OV+%3n9SR`bGPWd~0^Q*%a!Ya`X&z5I6=4R`;fJxXz3yZ0!tHF-T*1z`_wllZ>N9SC~Oe-x`tt?6v2n$iB z>H|7B$jw5W@^)B;ko9pRq<-!z#wssi7Uucu$> za%C%BS#VrogUB?kZFI$Dd3kxnS;M=*u!`KZYgdXxp*^oV=Wzk)m%v;ef z(0zYBy%YaPc35?bBiZt~gNfn`Get;WCPOJ@B2^GiW@BS}&8kY1R5-6+9>B|i@bYq+ z1^W!yf(NI(?!ykn&}~8L@OG1WIR)Z>=bf5x(RDYXo#=~WYDgcg4l1GUL3g*>->_p-sw@t#jiakZJooq`zjatj6_u*F|bIS2uk>)jUc zua%1nu2;Bx`Lc9xJ>Ca-bV^wnF*(f&ui4b;_o&=?r)|8h4w-8&&z&2SIA&u3YXeu;O_UQ#=VTP%kfOO3_4k zsi~>S9!mWp{XPLQgU?)9bB`H5w}63Bidlb6_W0)$-4J0`fLEU20yCuld&vSaIP(O2 z!ehhxfhJA6!hpdtrB;$Z;x;YP!5QRB69m$z{4F9L^ss)}@~qvWHKA0qDIhA?fv?|W zW~9B_>5#h5LlZFv)^E1JPkMBaRF3 zpm@5ocN5ftfD0rB(vADU*OOn1iK-Bm5W&hjft>?Y)T)c2Bppn&eM6E z14YPGP*bb)n#VTZ3l9z3mS4snp3KCNq6P0h4Ep3^t)wKy3724lI!6ik&9Nb-K9_BE zTv_V=RZK0_Y*`a7X0En@YX?N-xL6A&YxIkY$UEJz^3~sCJU1$WNzpABc4$l`6veOMRSA(nfYqR~vR{hg|YaWGbo#wF@6MFa|uAUcl$k zrvEd%>Po^*oTA_VGt5IWrUFV_2t736OW4e$q>whm$v4C2nf{(o2V;)F`489Z;mp>X zNd?ofGX6NY>OtN*=yn0A!w9@?2n`J}s($ha_oOn3X+TW=SW#gZx~=*uOrvPI+wKUr z6ors%R1W*m4I*okhy8>c9iRs<u(&{&IMU~=-?}(K&3a=&x0EW(VXW> zge6b0xVnXxK>|}Xu*$QrhTL$aXw#Wb_QWE zrOn+5NudwtJ9R$NNfz^1F%bI zzS@IS>qe8yWV0gwNyWn1@kk}#U_4D0PA-0d8`&3`0p!%nIqa9@P@;;{CNAMg(x7Cw zcPl$-_3Il^qW6?`oU9f#XcIAq9farhU(cNOp1g6k2hsJ-xrfr3IGUEyv84TgyVH)t z@a!2Fu0Tq^vkVE)d%JXkD~?IQj=sZ(Yt0$xg!!D(x?IpAgbG|*AEcZq{fWUKG&133 zq$)-ROj0uh|0gnDB_G5rn+%Ks{{E`)MVot;Zu7oVha(!U?$J~z*t$U5IV)n-ci*oqt$u2{SS{nPf&~_P)kVbLn}`o5A6CD!P#%=CoDl}TaY+O zbI*{NJ(8*q3q%v8DoNj7_R}o}NhF&-oaRRv07qJN z>fneAugH)Ei5Q}_NZAMh-vt` zCx&~yy2G4Siw(jEO}t09J3niLJfwHFuRAaivFSvF@+Y?h&lf=e>T7MQbm&66Hwtc)SaG!L4km-3`1p6%lpXzNvo?J$dliz=~#%Ig>w z39k$rq}3+;Jo0s~w_I+RLNQN9<}3j%c?ap3OItvVyNT=q7r&=>aewjuXscon9O|D!oA*V@hhQVud3&sn%v^yFD~fo1~zMCyo11 zcDFluD)3!3Chns-OD&{)B_DyDv6X~JRGTCxLS6tauuC+j%O_r8ox?)y9Eo|P7$Vq4 zettfwfp3xs?j=~eb_NHIX!3*SVE|-~u)&{VH#dF^B_>`nDdB#9E<&GM+}yPSc&@qS&T`Nl^4RBweWf!cdNEC!VgA4vs2?Ph}5mLo4$>T#< zawX*?#KXIf9Y0Q@{DnM=VN7y@2y`HlbM0JY{%ekNxFFOqWpEPRc|sxa8KR)b(=BwE zqFFvGm~M$XXM8+01ClfD_@StFFv16a_Y1|4H2CGPGUnkJUPqt|NPEP~*mll0WJ&9f z7A_d=+`U_#Kgu6RsoYv(h|MYwo`TFDzNWq9F{XckhWHpBD#qb;9()7Q;SL_?I;`;c zJ*TbF3Br4Mp;_LR!wU&KJVD*8`l1_G5g-B=QhSgn>}9xvQSuoUcUq-AgK0TC(+M>c zNCKoX=F6CQh0^JW0R3s*t8SgaTu}o>ob44Be=le(X}@N^q@F)0A1Q!~#5PhyFZA^F zHJ+fTOr0Mpv|lJ?%^RxuYt=V2GCshb&MXY2k?Z_054LrVBQ|(fbeOw~rz9Vf;hn@x zd#L~(cEBtF7A2WUX2UI={B;#E#Gbr=}eSbd}fB zb*}}O)rg5@U>UNBJlmTxHinjFPj?wqxUnU!p|2X|A&?F!J~e-S4Vl{FOyCN7o1Y=% zo|x4O^IHTxV68&RK-$yHK_iwLrU%@hEqTHLUhl?tgP|NRsKuF0FJSXQ(?dW$%ml*W zW#M9;H!&Ce-C7)c5pB^q(wlv)~Dc(Zr_b} z8w)adw{}lBRfr^#eC4^OC#TR2&(6AW`jsKd+kP2-$)jF%FkVi?xCSjH%Pi(m$ekWz|j5SBs* z%twl1uS(nS%vqzA~m%=n(&f*MC|zr*Zz zg73lcRtE|ZA(G!ae|+&SgWvErp~dginrI6AH?N4?zW(DbNmjrPN>PqTzdtxd+?ru| zsku1gxME3wK7YGPlQrxp^ ziUgQ9D8g@VhU>b|U#d+BObV1lct7!v=5x5?pu{Xn>`wA0xc7Z@b(%$)aub(Bu-P)y zt@ATp#03R2aPaeVHY4?id<$M&FCMb4bZKkqy({5(nWcJ&7 ze>?bDmV6Bn?#3?r4Oye3OZi^F1<0KhuXnGYofQW6QBiN}tI z4nkyzfwX1;X!{5N%X0dCIq9`OV7cz&hOI?d;&b$k3{iE3Fn+DeDTt4cPY>xI=;i9~ zO~V;WlDq1yHxpFt@-TsrkZ=KwpyBY^rFn?!k$oJ>#)6tBbBvM!*9RRq-T{F0n$~$e z(%G?>K%D7QW+6R(5H@o|?Q<#u%52a0vJ|HlL(pZIZ#mZZ=)Wg9b%DRjU7XS6QVV3=Bo{^+~X1ej{0?AS?UfA+_LM*kek)ln;t^ zCK&FRf9GOkLrCkc6Y?J}?opNP`*jY%b-#JtHKr-(dGp}#78mV>4rw*p;S3&FRSfR$ zS^~(|?Q$Z~i7dgX!sJ5qm=4ov!S($*%RrJ#owgk!6 zFb6f@rj?I#HWSL5Pt;XWAR`=@T9&~X%hKr7h3kPRUQi3Tk+P0_sL0;$4gCZ*BDuNF zV1b*fHYgY;g-QU!st*>8BAhy>Rr1AEjw(n%j3ENPl#7Q;p`;nr_ic~>p=80d)L$?- zj(Q6CI~|UV+9xc#lW?EpFcn8IcCH2jk!OE@LaT3H?AF!Qm5n;w6FL2gEsM?ra+_pp zMXIvc$&iZoGmJQayF|Ybc|Aw4aI!qwke}FZyuBwf%BFg!Nbq~BlN0(Z&WKE_v99!m z$h`aS(FCg`v^8-zz_M^5;=uB-5pfRW5clL)6P#CS*h<{+<;w#Wz{t>wTULFGBd3*VR zpGg|Z6>PPAdv6sfF!?g3UXe!!pd+rm1C9tkF^k!cnvld8iNuC!Kx!XI58GY1GVWdU z0kD?B@HCJSkG3J zE}3lYtHT=~0xC>Fur5Qve-kF~%{`_Z8t)&?{$O)d?5mGLQ`lVtt59q|{^4otE3Zv+ zac~uNJ&~9lTDmG5bxQWnP}eRvg(g`9R|fKnq8f#TT!&uqPB8wjAfwT74j9YSEVcO^ zq(G*ap%k{^#8gx*V*w}Q1W{(wkvbIZn_Qms7)pC$dTLDyA2-gn1kwqSSrF6IYVe}w zr-zlhElv&3DdL_~ESj~Lk~%RmBN2H2owut9oJ6YdmTof7LC|w2pp7|w@#{>OsPn8W zPH^XRS&`xr5Qqy9M7C*QUOzhu7LK+uV{}7WS<*-Hx%E%C8hbFwM25F#<`f+wl`I)( z5f}&+tqvIlnCt5-%}{JGD^q|zw$djX71U!^8@O%E_7c~ z8%*)=SJ38Ze*pYi@Tm|YpVtg$XUNnNg#kb5$9Hng&J?ZC;ncY-d8lIN;_)htQmk;W*P@6tN5EWRdiLW6NYvfcusS zGr4U*@cu>>Q;E+5(P*}vfK4}Y8Zqt&4#qhCuz(S!5x?IWASS_A&yZx=gdRQ=iIezCqOx$pF8d%%E#S4i ziB!@mmd5aubzRb&`5f6S75Ec=%xwSbgy3T4*(QVzJf5$aF7st}Gud z3vf>Q5y|DayhzXrPyGVh8Fy095Oka{1JJiJlBY}}59W&Ozvl%Oh-75&Mv|YGA=OgQ z3nl_|B3;bv9ya~)`IX*azr&2dq4u%*_V6R^dk0z_F*`=Bnz9h`%PN zf1)0xLRPQ4oTDmUP8oCsm6~ou(i0AD_rrl(vrho5rqB`M&+R2*Ts4bfer#?@^ z)A^R?QleS`AHe{l>eABEewPts_;YSOomXnjbq{)huJ@bRNOnDj(Cb~XG@;*vPFazV z0sPydfTsl^<75xS#*vq1@_qy3@0{*=RKf*-d-}Q3F>^rhZos1=*I1DcASK9HcUc*H zm_02@S_3Uwn4VBG(8FNTs%6s@l>QkASs|;2@Z#0~scd`(p3sJ5hxMlJx|r%ZsZm4OwEg z!q~x+Ye+$kFk65+Gp*EH$`!MOK)L|iM-!_Dyy!(AjA~U-Dw%XSGe)jCedr*JY+c|K zYw6Zn^{7ur1}Tm9H<(b#bBKwINAM!ay6-~Fl*l{ZM+P*nm5pK)R+Qhv9j)6}CrB)Y zfNx_T4|#mRuwKP5ITk=8>Cg$d2j|j@dNaO)_BIJ+va+)2V=I877(gUZZoB)1g^V0; z+j&&rsdW_CmI2M&PYR?Ki$eNk^t=Xbc*Nx9OEAg%4JKc>K)5K#K$@`r{QX!A8C6ea z$6j${;eMRtk%QT)$q)E)Vt4N+<2r1nLs)!=P&Yt3a%bmUrDYde@=j~}N2&EMmbdn;8PflnK)`c@bmwO;Js{^I%8ysi8RN}35QudgY`Wz@#% z$$5Wotdy15qgp2&XcR5)9bzUMlhJvqPCB+B^g+|ZM_>QC^ykZfPKLz2j5GExO(i8? zKJ4qx?WM5}URZ7$?P<%Y`c!V+Zv4CU8`*UQ_%7vR*w3H3aFi;J%+#+xj@pJdUu2q^ zXnU1!?YjHA*({gL*T0`s2MP(P7`6c<;`Er&wj7yHpFUYEEMU|@jz9}9p;?ypW>vi_ zKXS%=;Y+2vM^K|CrUAN7?RDHyNB6J`nCWJ)~IS%OOg_pgY8v zt_hWwa6(GyV{i%WU0^@+qF}3rQRCY-pW)yo zZ5G9Hqx~-%yTwlxylx(R7lcf|Pagou8@<0KEKtRuBzb;dG9Rf`h0)d41yc#XhKc!( zcExF*eDU{p;7ArwvU7wprVE>@d{FlKL#8u3hfX z3k_#ki2AmA5MjW7ezgtzkn_*aMRBzMTaE6uAq!pl`VqKe(3XLnsS87h8_Rl@7 zIEyM3POU3(=qQv`bIq#Z`W}MM;HUfe+(?oMVLdUVBTYx@X>pMvv>~R@neBal5aE@R z%8IuO+o7Cu(KZk3t0Ub3VLfkQzo1>yRv+(h6pEE0zl>i4G=yu(mMzA?JJR%gv_5;8 zd}(n93G8)|)y7TR9ZDTnAyWBLETc%6%=Cw9zj12z6 z#-jy`ZnWH+Inf!Oq3cwm)-FrcL2nm1T3r#jpxxKkr$e)*Jkui3kwT_Xg14D)q%}%)ZN{v?Kg&Zh(|UBoJ0>E*f^=+ zi^0Jy%Yy`FdYV8bCpfk8`-5`Sfp}XUWI4hYlT*7@V#&mJ;&b4lmkP3CA^>={Gl$_+~8>xZ*Mq8L{9*i*AiSHs-eFn181{_V!#xO1BU!WuPh6` zrRtkA03q;k%1v7&K00sOH8>cD(xxAwz5%=Yw0_+&#M|q{5iiMnZd?n9xWwvpo3CEE z@=SQ)c1M2mRfFo##~PngInYQLM-R8<)E<=`al$Al$7~UicdtG&N=DuiT;cSi0gBZ} ze7j<0l?{2Rfk}s~Je#T5kSI*Nd?i`GP}6eVK3SJvP$2QJ-5o{HYrT*5$UUq{*4#W6 zLp}(|kqB!8DC10Z8KfK?REE1zq?~%x$EIF5lp;f4TwIL2#+;y5poCV?6>23>z+>Vr zIB#c7&@paFDEJi0tM~QIeVJNQ*Ig&H`7*Lix=SS`PQtM*Qs(IJ+VV3?Dy+AuXineJ z^Gk0wxSyYN zr4WBzBm12PW9pvQm4jxwI?c9~<&{Tt+8tMxpsMps!VuH5%U7Gcvs;|0{ z*7#(|ae|19|MTn4X7CLt6m9_Hfd?)i%(kdRSwQJd1ORkujPGM-Rmkvg2(z%W!;5$G zSCVOw;j{MlS-=78WF6F}M#fRL*2`SFbV*GqH4du)n8R~)I3d6r^fBeI0ahvp0%O!4 z?*MpyMXMPBV)l>RVKf|6oH|h>+6sWcgo|QgV)(3ny{R3{e$SkLn=4QXDu&V|)(f`} zshE4kz5Bt8*5uTh*X>jMKb?R&7hjD-#SpamBgr6jxbh!nC-ajr%3y-+VaUqt!UF%! zKl1G6Qh~Y%xWQ?;(IA~sNC@h5R}rsN_#Ch_^gfDy$N?RQt0b{J$ z$i_`+^lfAL{t4d^J--&hr-+@ZpO2rZ{q_Pv4+P{qBok!zmM1#DT$+iP`+*sCq`9r< z{lM=(enhy_@zV@6GcNdjqJQi5?3pZZrHM9AU*uHCgTIZOMm^sEC@Y7wQw{Hd+fC)g=@j<84uu1%3mo4TNxU2Zn72*6sEFVl=;O@AyF>>$vB%os)H-2!O9S(Eyi)6SX| z*i0ejHq+qh;W_e1?^mr1)N*u@Qnwhx>W>7BKml8MB=366+fgDOuRU1_7R(PwYoYIJ zRju+2W>8q|stD6bsAIY}*X<9~c3?zr4R2L4uGgASvgcQb7@G-|w$};8q&vekuxlhU>0E68$ySQQ$xb zU|l~!``qt+;QpPT8g6Zj$=Ilba#K%W!A)(v6_ckcgVXb-@@8h~pe`H80J(p)Zp(gM z%izgLvjoMo(#Y59wT@|ov^)>YNLyy1OlUd85#6$N;T(i!{`>0=+W}HYeLGrRUH#;0 zHE!5+GbKqSr>1uh_vHITOog}tqO<;qSxicvgo;W4VC~7^l|@l3+FZ=#>eBUOpulz> z8#a^wNOd_zC07O$C8NucI9}ONQ*?AvuGf)5Ua#iDA(3Zaaq*J~+4?AXArR%-FNmrH zLQ4vhXv=)o#Z)0F=BiIqV)G6&GV*8G!+S@(jD1sT^QP*OvNBqIEWxT;uRdHTzNw_- zhov706E-pEK60IkMud*I69hFD(rqw;( zL!QB=-H9=`c-c2S`oTFVk1;-YT>Yrua*S+IAxy!BaHN~8CZJTWqZ|TW`18z*{`D4m3rBnh`_>H8|CAO_+;gxwGtgX?vBQrPI*}HFz^?(v2fgwnDNt zF(dC_{jQzrb-g@33;dms5?{9Ey6W&?&EeN^{@&i+!F|4PT|fWxD6F4nwzj`uu~e=* zBvyj&CdbAwg>=~T4NLVsJpJl2CqExt+#QB?PO(AxV65t31oo7OB@W13iPMEnnIgjwMGy;|lV@N&8~`VI+uh$n`R0=r z|MC6%=#;e5I$@hhPo*|KIP!EKmm|8P);o@8*#0;vGwa~GpPL^XD_Os~f6?}wlh&?@ zwf(tlp08iO4q$D`Un%cL&Sn&3Wg|aPWH5>Ln>>)OllFYrL#a+9{byt#x!seKm7|yb6fWGovdeZU6;O0E^UkU)e`U*tBW+7s($yxRup%%@nC9Us?4c zgt(xLL%qA-AA_%G*qb+Rr1;7YBQjGv;Sz6-DyGH=vu5&3o#pAsQ`C?dbO+#zC0>zcJkFA4I&c2W;+3{n0cI0Z%2>JzQ&;yi0=6kcMd88c36tdN@Qkga-S60p_nCvP8^m=e>LPw#9>u=o9$^2Uh*sO#9Vae5U$= zWY}PpyK1`Rx|J*ULhYoET)78*$E4GS@lSCJbvWof^O{@(WC69vmn^^i_T-1IGMkr> zxxGIbv(QB0_%^-*X224MBiekYdmT$s6znbodV#HMZPMgQKoly0yE!pOXD>#ogWAm(P~!*$yPNggLa@y%~M5UR?n*9TGy}tSzBv|C-2b*-O z0*C!h6lLIvH^rE!7hI}924(=Hn}2bgabeg)P<2=Pz(uzZA+-?c+Jzk>v}b~MF$@bo zwr1aQbuEIt?DP@MH2e6krv5FWexRn@+bttgS#?($CWs~2doI+8E>R1Y><#BTg9=Va%i))!h{-d z^5!+K*of$fz^I7l%>+&8fxG(?+%X&FE~Y9D&M1%4h(8GJn)1=3B@r5^mM|>aXzI)* zQns5FC)9wPCKm6A>Pdhj^>ohsV-aeM(ZADDQ&muh$Z(Ww_%!#gzfLBvkLqn&yPmAZY46Z@L)4%A`CcKC*s7Ge> zprkSQ_U0zWT)G@#i%T9GF{xSG@UoO0omQPuA?9#pR)sVUt8=!S&Tacpc^Gx)w)QD6 zRibn%EeG*()-PR}X|_?^ve6CLQoAy@{_y^N`|1<((NsD$;N6Qyo^<+~F+sbhKhBkL zr1W4hhoDYsB03PyK*=g+;WpwB<{6Wow#woq6K2)Z(a~{1+~m}$XEf+QmQ{ z>nmlRvXoiP#S zK~o*4rd{)^4aU|Wj5T2Yb)sxoNEZf4osGoM`VW@w(RBkW$|NrZ`{q z=X!uR%bpLLH3&IGF>Km(JhJNO2pbylSaWzcwyIEN6)p?UM1+NkwDrr6*4A=>F1&rm zk}X36)o=-n;*IeOIgYYt zQdw07Al76Ulf+cF-9;Ov)G@!-1T4mgZ?&~t*`v_IOdb6VRZ&#xA zmMtq9JfS)gg0L`5FVJ)l1IUd^JqXFB&XFLw&ro&-!%ANw&6UAmP|sr?5Qq-XV;w=j za$U;Mn)BUm@(6*oOfJHF4?5^_Y~2e#uH`tEbP+l*+2hmY0{3o^F%}vUxWzSHY@N9H zF))=`piPJ3Fi^#5%LGfE5IT?IPn*Er5aRmeDSya9Mdx)ghHBe`jLOx6>#6!K;#c^1 z*B>&davTwY<@}3=ar$$`fASw#{tp)bG@dA>)pr~&gFWP}@VD!Y8=EVu?gs>*Lhw>> zvV4O;BA2BJy>!4K_IFGm0An~lM`<)icjQ}VotcB^%=bC*B}}`INyhV6rQ#7C%FfHl zU2b*;7SQQ%@i#d_*iFua3MdiYDj9uwcGKXv^zG6~6&mP4pbJSTUyrUgGVsZwf0 zh2&z71oS(b%~oDg%E`&;rEohJiynu6rTO1ON|<66f3CbpX@`Ax2sQODh}TynS;z;B zqL@UjC8_JWRu(Obt*n<5GZ7ImW~^O1QS}qzyS>^7d80u zMhOSUW-cXhLy#k=rp2irfAZ}#N4z_p9ZsprM~-Og2)8dHYc^Pbmw7s zeTbsZw%q3&E$C2TGF0`#=Gn7nWAIcmlRfV$-t*#B&fpD{aw*iE!p%a5pzJ^Jqq7tC z_VVWl`lhtlPb1sd+iUrW*C0qRo9w}f{ET|vuUUZY33kF(7R{UR$QXLt)YG;K1>`or zyapUTcxpavwN3f?2t0aP!D{U!(c;Y_!@O@ z!!uH=Ot#{(Lee99e-()1I_7rYh|n%<*Lmt!*A~Y37-h9HWpMK3$=;JC=(7gcQIhk{ z<{*-xfHC3W<(IOJ&SKAvLvDnYwodf%OGoazQQm~AD(QJJQlCYJpt9H)a>cH-0O(+O zwi^9I9z&!R1kw4OxSSuz24o!bzFoT>-CV(Py`-uCi6`MiDWDF+8o@kc5v)VTYr_;6w z0D#P|daF?&V+~u{Iw(HyD4tP4%{7@45ui@Qb+ZIoi*7Ndp@0H5T_z1`r=a}9*61;8 zW`Q^rNC%|i~k$ZdE zsV&pL`J`3<<_GE~IWZHZVH-4>L@wBZ=to{m;jxnE&-f$zt0q zWw765Hg4NiWNB}0jk{4r2$b(zf(!l&d<^YcKtc96x<$_9@n-3v7PS9*Z2|tc=G7HU z#n?Y%v>!Xpyt0_7MOYQXv>3!o*3*^T%WORfj@>44jc<<9G0PP~`j`l+ZFZvS|je2ryxkZ`y$7(bkMqfiTn^5x#9Y|HB}GN$0oof-Iv zCS(`_*`6g%KLfFo`82w4Y7OAjEd-U8$$o6vmG%~j8=E{%v0W{3~jM< zCaH6QBcU>!dtisV<;akoOm55YZ(-_UMgM$jV$<4$Hq) zBnh-&GDWo!3IbX+{1-ZQF)zMCNrv&|%9LCL1-?X`yggeFL^};U4UtL55V$ddT}i~a zL<#RgEy?`53Se6b?ntyh#rQA?oGAqbLW3e-F47UQ;=Ry;eTa{8bDJgaxp@~j+kc;!)_^^NVssPU!U0sw zhf!}D^DD~A5;?6KP2+W2wtS9GK+hW-{&P$NFaH%7wTT8!A%s1OKK3XF2{nUI{1~=Q zA@15#NW2wLG@1ea^Ec_V6ghozn&KaN~QdLeP3XsV3K793$0#x2hi+_&3(;$z7uSE|8A_} z(G3T%i()0y^5t+%q>Du2cs;=x2qoq#`?Ib6JBI2`pD(dJ8 zJ@W~4imlGBFqv#73ZJQm02yE4bSh(w{;cKZTDW;9XwwhSAU3pM-uwB}meN}Aj{TbM z2tZ=7{`T8%X58Spdr#)(H}0~adJ{UX=ZFUeSdi$|x z*Ge+)w;m!1Fgj_$BO`qoi}@ul{EV)$t>uzc#u5eyvJ66{=RrYef*+xCrqYU%0dEDp zRBg=701J0X6SmH_7Z@Q*x5VWBdS(G1Uj*LkqM*`B{%N_?1rR}YKxd%-G&O77GS-?0 zwYm$EOVKToMRV4|b`YgSGe}M;V2hrb8i3a8S@a$#qr%ewXLuDZV3Hc%z2_A2eYx8}x_3SyWdm9;nso}xEYDrJqA zf}x(804vqdc%usgkVoMKo@pPqv4Xvg7e8< zXw4IQdcb-%;Vga);2OhZk-dX$SdwOf>_P^PIAMpfH&LQc3`z{w*C6B%@_rJks34!? zjNXpvRfmBy;4wvDm9g62EDep7`l{7N$8WCB86Kx0iYV98 zK;xkOoDx-y&sPWfC3F9Zv^+LW#}0^hZb1O?47}Vj7Dm`bp@Z5COu++>Fc>IfBaZ$c zQKb)CjY~FT2b6`@0#a&5WGjM#PS4gDD4YgLHGs2-6OjOA*9r){YLlOXFd7O@d`ZO{ zffOK1K03@L_KgC;1J)oJO|2C?WCUnP&DCwahzReoFlv{W1 zSoMnm2nXfNomfhpJdp$rV@0%l<2c}|Ne5v z7fZL_sEpK>OoMBV_+)*MmEu9J0<}~Ize3!_8QFgrykyD(^^mV?)AJ@Gq-FJ&+~fJU z$K|G`wVG;YR#hYzFzbs{HrWtM5Ag`q^iSR_9)0jBpMrguslQI!n${Y<8tmD%f`WM_ zHvrctqI6Nlsf)&X^c`MtWn?(f4o<69uQmcc0ZQZ+uF)dm3D(3*>*rSj$@J4$j*Jl> zc|5WlBZ@o~j31axehuR>zuF{wFuUHqduIr3DJZOr#qY7MJfWm{jEE`O%T*zR-fTE@ z0%xJ;RA_B5$X7%omguoO%~(04t3_y^yJU%JU-D;ACaA|2G$&g64p5sQIj@s8$<%V9 zn6~j~^iHb3h?Iu4QHl8}080X6Cd#j`mp9si77aob}lYL1fm#9zEbw@G~n->&L5f+#W&+zZx*)f%`s;hNj z>hlr^$?|L0ucuhGF57$S?3)|25or|yuR5;`1-}Q#Vq}w^fPetTVas0Xz3=!}5^lYz z+VY>ZGxksO?A63Y?mP^j3QhY{Ar1}>4GU*l2ZJ$5;VDe{`K=ry>V8myM8$e=@9i5m z3P98(Hym-Po=`cjt=?Nt-=c`x|MRD(OR=xtRyBYE*sF&?o(#&lR99~2;1CWOlLiVQ zbZ6>1_IztWTzihc-Uk|qO_B#q#@+`qVG(qIm-7>&x)FzSDU9RPN+FJxWqtlXVa_at?M%#IvA>WP$P zJ$2HX98sP{Lg#acBnXR&rq(;JG$f!kH{BzLlTNa zY^XByHzMaKfQtD90*r<_G4#-0|+X`c>sG-@@Uad>%(l+Cg z#{iK^{OZZwIHydZVe+8bD}!e`ciz13k2*5y?DF$v zxTT-rNl|r(A$QLahV+xQ!PG`_@dTncB3hcX20o@uMLQqK_;Ui6@g(xj58}B|W)F~4 z8MmwQ?7%(EyV&F5;3bx&JEr7r$GKdD!oTaev*HmfKcp~YOn*Q?uw6>W;jiDkh(Y z?h36jEDXvytQkERNsM<`$S~CVrFx2hdqPG3U+34Y(H7g9mTPpF>4UQBt!=@z5bA;5VddYgevZ z*@X3Y@X(?A2$%3D2}2P?83|&qmF=zbIwYIG^H0W*T=)C;AENDzS4L}L>sDnnlF!>U zclgzSF2Mr90x~yL`UQZ!f~algfmIr>Mt457a?xTf<|MZV`}s z90itan+Pn7tFFE(o(<-BUMEkUwEXtwPwn&z$3Qm1ka4wNJ@eMx0g+w-6~o>Wno!`C zWjJSmxJK15PIOefN+@2G(Nj=OztDf7{VQ@T`WA==B0%M#Np8phXb)k<`+8To4%vV( zz=seE`=?}d766oEaG;5wC{AmnbG9cKcKe}}VqjXe9oq=iE3S6_$^9Lcs})W)7YKCu zTs*n~_hr-WFt%w0-->_)~{Y6cPyw4Y_p0Iwsd-tlsw7l|z z5DXvZz-G>hz zShB0H%~O~$V}=S2;A!7WY{FkldHjLNn+PYfGY)a)RwA|NFLOdrYJw5!`Z#_h3Quv~ z%`N-!)z{6<&7pJP{*sr~rrjp#m;ROQ(jB^0Cst0yKP&3Ho0w(jqXGH|?6w@76VGRb z*C>;VBm&JOJDtVvzY$|Hsdk97O%2>;%)IT0i1ONrQ6Dd{rAjWyV`9s=FEhS?bTq6l zmhk;*l2p_Zw=y_y!~U3)r3|A zKyw*KyjZFN&SGS}9A&EnLUG+C#xMd$u0_C3Yi#4#ehG2$W8ktM60rKiHVBN$%H&5= zCQWL@Tw)==$GFcndAL!DvcPYh9*Ds~|NW|I+xhD^ia_5avk@PIK#@qSYd$GkCAILv z=v=(T9za9}a9yJmi0iHmimtg@=SToVFG71X(1Pqir>Ylf!m z3$rz2=FfovL*UKLfIBBxPqux8z>3D)d}}=Y$8J;@;Y>d5D*7>0DeyARxD{}zo7ghL z#(U1{tyYanK}~w|Z?j%LH=RK1lH+kS?{?qN+U(rX?Ng_9D&JqVowH&#J<_o`}DxgQmBb5YEn^vx>A0LqP%<|uzg;Qa2UN&>ksOS+PwJ_ z7Gu6;0c0k~`HWM_p9KdC{kgDD>U9P_$Q>Ptdu)f=(Z110xsIuDvM zSbewx)d@%KnwY8pVnsI^Y_mu9URsEnoY-e2=ji8bQsL3tVZ-~+XV5?0_K!&qccyoA zc78!;{{;wSAi3=ZVgD)mZR^7ey=$GYlCd8i^4rzT#?lMFn9Mn{K+73|+HN!(n$SwS zR{0k`%WQur<=C#g7&)vl&wBm%-;>GrYiD(;{`mH`2QBz!;3FmT>roxnx<;$7lznR~Kf|`+RsntJRfM0)`DV=E;@9lC4m>%gK2?|2#tPBl+faO0X zd-RrA>dep63dH17Hw

    (*fZ?dQs|Lm6 zrKRH=w>t&KxEH@J$n5UNjZ=pJ{roj){9|7;Y3z0V`kuD)u9Gh<5Y##_Yy4sKm}3^l zzdv&E*(m3w+!d=<8G@Pg|GF-Y|6Uh|SWEBH4pa$KCyrkob$?9E{PnBw|7IE}V^%5n z{{GvRE*baRc1FHX3pbEnKeYnF#NQvh$?kC{W)i&e+)wS8dZGT)qW_<7o4I@{6e6y5YH8>I357k}RW%27dtHvLI znSPm!G3e^oE$E-T>Uf0FImO+)#lK1Xb*5VyipZD)m!J1sOUG?AFG+Tg{ zG$+r*1e+JAT$^sL_E$p3V1+DF!Gj++MB{Av?^oLjT1;jIa00sjKSbj4Fc#Ss13na;Z{r0@pEFE`WZM#5%{xTXg?9J&sg^TAIB%`x` z|L)`CzgwVp)v*5Wk4fq0xL;kd{N?KmeSmm@sKnX0%p)LhPfHXU_q;eN#`KfF{v=bo zrMDpJ*iTVZDR{cSe{#*P@t^#*MSh5?T3`)N{>MFaZ2s*kckSB6134-Pxr!a*Y1)}G z<3sM0xtnyf07Fn844uZKzn=w5r;Pu|lfS>2HmUJ{sZ3TI|Kpd{%#`_WoT?G*Db5&) zkJcRjBrZ-*9g9Na|LmWCA079@|NPn5KRcF=`_;ew4fpuCIR0<`kNc6av8@+FK8}oz zZaO_z7z10kaxt{d=W2b_I+)ukC=wyORcOa)gK)JVeVg*iW;OjPLj&(aw+z~*^YFAe zM6QUex%}kvZGc52`?8Ql-tpADf1=@Ut7!aF;ou+V zA@|!~{O^za>oot{bNSyVHde;|{!Hk<{&&Ir?}GWCtAgYImi@AUGj06cuUNZ$xeSpG z(3V5TdL^n#FahOP9(>>i`U-~6s6dp5Ue?@hc`NKcm43qVswbmq47tfEuFNson(Fc=1t-Y=p~<{ z4k4h>EImlWj=}8h1N%#79aLjXy}Q!&tQa)0Zr!+{gcccbcu6`&{)vBs4HiVWKiUK@ zk7{+T7DxLd9oWHX3kUoLVTge}KAo;73?1YY{GpChUhj>&chx~an9+kf&VlOmT-R<4 zckze=BO|;F?YlzAjwWi%zKFCANclg*Twyal+97XU0^UX{~U3pb#-=urSIp@tM1Q7oAL zg~C-k`%XA#ry%(+OqnS>N$8VGn95q+*BM{#EKS{r&IuE}t*+C2{xu-R5EF}RB7l#J zS+=0J9|z*`My*68bbSfN0(+;q*Uiw__{GS`pebH#?#9}vqcN{H)=s>*JW@9U4JGSP z^n*Cl9!#`=@e{thOwg9|1AlGa+_?|(!!M_-Sg~S_fWR)eD6DCGK6hbNpD3iD%|tr@ zy{)w@1Bx&coiQY9X~sOk#_{FKhz&~UX3(Dth|vf*=KAZ5QsPciUx9ofAkVHh*pTVB zRY*w0w&Qrp>kM}lG!8|h8eO2P0-3R*z84RfS}D3k%5FgLMf5){l4hwU#nZN z>bueQXhg+UfR3+r+`)45=2^ZAh<}N;RK?b993@5ocwjCaJeQwer{K_9C6qyjfdDrp z03KynU)euG8x!4x9vBJ|Nq{rWcVgDy$Y?(-g<58glEL6QWaB>SWBcg6>2FDC|4AS> z%~feB*lG1&&PRa+h6hTzy=151Os+3y z%lJKJS zAa@5NQqAjDmU>NUa?k<8y)!a03T33Qz-XMIbm#l!{b^E(nOFau1O9g1Wu1MOzB!u4 zfn3R~4)|l@#BMAeYC#hI2tyzI7}Z%E;lE-p%?kYY>!K!glo5Mla$8}&^%*#M1aTQ8 z)bN8?MnM3?*w|byt;FO51pFNQi0=luJFTm#s(@cdhY_haQm?PQ+BAe(ybxV_yj9-p zoO~Wk7kuJ}uwH1#+325wDwCv2K^6~?45?DGVRDm@#ZE#$3}obUAsNuwQ>4hM{jQHk zM`GyQyi_n$>|xG6b_776U;JYxuh?Ufd;@v~Vk&GriuP}}^Jt$lk&HBVXHq|#ivxxX zdx@%FYMTeBYHMoy3P9t#Iiqs@*e6)pOwht=ZIa+uALE`y#y^kWaD z8r$l{U|ZxXK}SaHV(?_WCLSFNERUCtL(6cI&g)=oAzzq;h+?cjfdeB zFQ;)F5>4ii{EMU45{grDx5@1=1#--Sr_)2Y3AAm23?LLpcnIxVlH9=!l&2S5=g-9c zu@UIdJVR3;w0v3E8 zF=HTN05r6D5M&@LsO#H0A@LR1r(E$+lV9!_gOP^ro*x-q_3v^5d~*e@VXj46_n

    IN5r;S$Sfky&jMcktILudhE2YzFfTwIU7YiXPgj=&2#H{+pLTV#k>vbmLa z;q2Lg09l8QJ|YSgv7v&h^WkJYMy`Q!H9_WUbvZS#ApGz;-CA0tBvg%-wTxFOfaL-)`hHTtF1 zgUYW)e+{d7@BCYMHQ55IK{U!2HskavM7Nx{Z^1t{&c8i^nQGxUd|b|9rx)OcJB7E` zOw*rWd;2YDm>Cm~=5oQXMhSafbtB>zTzaG6KNyL&p5{4tdkAsOsJ=;7BE-IIhLqo1 z!YT~0?qP#Ckbgpx5D0usMsdPYuR1t;lS+si8ZLSv`}gb-ldf;2NC=Y1u|mv8*y8aw z7l+v=1W&GbbSw|LH>Dj%Jm&xWif?C?*D(KKgsh22$J|vPFCB-=U@cdGIw%a%y-a0x z_I~gQi}1j|yW64B83b{Uj|oPMxZzat=RLQWV3Ulc$~>+FhQH}B0~{>SEYQZa zW|vj8Li%&7utj1J-jd^o+GG3_Md#9 z9XZish32seNHJ1(r{gu?=$H|Y!+#xKySoaSxy&gvRxQ8P=ofOmb7W1){*PlP;IE4x zIS>AY{2$ZF5e4k{imiaOrRObLWT3hpNG$jPP3}ML-@i``Nbm@ov4jxbltJmWgm@I~ zeGN(v4%L4UT)+Mhv^d3har2fei9%E3BVH=bC~`7^0=f02$;X5hpoJiXBS#}@Eh7gZ z>H^5luottmd%U#2SS#Ccx`@s;P@mbqsl<=v7(RHxy#2UpN*VPE>YKm_%8_ z!^5O7VC1sf+oKR%y{(7*uxKzk-Hr71n?~*4D~N{INy5n zW)GsSA|B{LS=qx_w2-Aerjr|c0h~EE?OIZNIP|p@Vxf|390yYl8veLi74)Jj6Glkr ziBF(11g(x|i`yIUfWpCKTX*=$)$)4leF}YXES55aG(i_GR5&Q6G%0NFgG_-`TA*h= z$AUn-q@x^F%>&w_ASEQ8u4;k#I|g3}z@VZLJB!jOXkngTyvTu*OdH+;{V!+k_eD}O zg`1xR);uYUWR(HJlEUKJ)vL7p@t)Szs8+c_;5%S90NgufAQ>%omnjZI*cKAdd=pLB zBWk^fh$=ot1<```HN83Xg=swiTE^4RAE>#V`W`YckkjX(fk-su)vF=yY{UdOWqc2a zw#K$=T-H-tkpYS7H{)0ImkPzMX$Jj}k_s?e=JN2Y0}qFh?^g-x0%a-0)yA$zp6|Wl1Fjfx z40M_zWURs9RVAO}LM8PX?(GpjfBw{LHv%slN?B^Ins}AZ(HZN#)U5e^7gIij#m3cx z17|l94im2~q-^TQ990vHj}=Dg>VnNc?r;9tM8wd~^9=>7ay=B^mPCRuO2D<~6?*vB7~+7$m=#gdy{98;#7UK}xHUXckBkFmS%=5>4?ONQnSG zQIq}C3siZ@bcaQ-wUe^GMU z$a1j5>ZY@wDc}^#VFslE+`1aOHK4hA5otC5_S;$8aukUzK-#i&r(t`azWX@*$b>L# z8#H}j`85<3lTr%AYa$0TO?upEWrDsb1LDuiMW5hBe-}y46BxCu0Ts1g41cVQ_|r1; z=LRr|VUZQ8dJY5xhJ@oP)KQ>Yf5AR@=<91Nu`h7+*w%Hh3Qo+#|0Jqn@MTX>QVNjY znK%yPLmR;-2k##LP3CSG>iMQS*?v$0hu>3hdFy!gRpY{8+jR|6`&j)uU#k}V^_RO5 zqnx;C2p~iXL;7o8!GP5bnHRzJo}^777>X+1)=uGG?ZSoBK>uOyAz1BysIIQ=s3PeO zQ7hf!p9KYx(GV4QNT*MCrCE?EZV&9JDZ4{{W^R~=2>~co4bTDC$Z$$)YM;-T4&D7uH96l*Y$8kB&eVR2>n;jT{(6_r16Z5vc?9tFYLq^N$*%8Sy+a z!y~cF(fNK#er@Z^(U~=DwgY>DDjDyA{z4k8tn=8j#B5T5GeK5^gir#%RxBQgmh%Fv zk^r!`!$6ElS@J*?GhLwO-Um)3`4wwt*VUmooyN^wjARyhp%1%)L{o^MU2_HV^NYvM z;>16Gt1u2l=w?*KwYAMUX5zf3{RZsIX!2Ojt6W;5*SmNl2eP=GN|%|L)7mm@?jaS;>Hipg*%ykieIQK;zr+9syr&DI@|@dWuzCpWIGs8S5TlKn^*U8rGL7C4nTSfC9s$SPXBm5P5^JdEEhU zMg$bAv%m@yIr(NPBJ}q}T{X2w3C5*Q@bjd2qnzKbUAvVxE%@}QXY7uztr8b(Q;H&o z_qLYzsSgjdYQ20U*;4`4kv0ip2=+l)RBrVN%~v|nh|dm2j9}WP>)4YhP?KD?nCfPu z=ph5)Fl3~H$F8IyC+Q*QZCtGN5(}urKtJAxKzbN7NQ#2Qnm5sUeomjeB?Jx%0yX5? zm+t5Q$xV4!I#wJ}l&3=*#4ZEl;H}Tw==GYE2pFZ;lz1Wd4*#3S^+6cP<=#F0Lqk7gQb6C&xLDIx$-b;{=UD>n|QcEn85+(&ggd*#X~%^3dzc;W9X8Tm!7nr0dlpeG6x(YsZ8Gb`5;w zgYeZ(`a75^__8}}b~j`kH)CiymB&_zq+ z5lG(c!S5hdDMs9iFia?N9P_M1JHBPw#i}+`()8p^w2NW-_yiNz-$rg`wYu_(KS2Ur z8akLow7p{Boe$v?oiaSwN3`|<0Cv9q<%jLkg0)j^4l>ymRv(zLNGC}|*-b{o40G;@;LNWi*U z5K)P&^8WBh(8AUsuRt&|TV_tLqQn}42en`5Yh%X`|5YFzl5i!fSgPsWU@*3tOa8q6 zSIoRx%;Z^;qI0`#8V8biO~@lIAEA4~se<~N(CMt~HrQ5?W(?8l)I!f6gb&_+UJ>;a;wfKxW{=si7B>qA0UHnjXJ<-{jr>cq$bsRyrFOt>9o zpfFi+2l%Z3-3juygQP4V#TPHHvBe7nq-G%J){S?=H)$n4#=|&_(Ig(ZjuR(Nq@Drb z)&s!!V@mrCP%2@}4nvFouiUjmlE*VS(xBW!T^Fzl(t4b3A}rLoXS>o2=C7eFX=JEN z(IYC~4@a;i;2;_49Vrr^ryl{P<1zp!q)RyR*iO-9%U*}Zyqt0!?hq^(Q3b#26b5)e zW;hg}n5{`x`=!A(1Ah1%20>i>QYHE~Rxt*%kh4%wDq%DllZP7^_DWt}UTQsHuG5)? z6ix-ef+a}CUi<-QN1#H{#Yv-(+dfsjin-0iH~7yvlO^XZbZ@J$a0WpQ8);K^!C{gf z!xWfIz61mW2t2AZMVf4n89S(?O#6mPhkzINZeEq6b@0vtP*!ALMAlKAO zm;wqGdc+7G&+xyJ76l(Kuh3D9Ng@LaNe|;_(Yyw%wdjoL$=ZsFI3Q<$XHR4X!IVh)z123f2@sUCvD zr1U~7&I;n-$4L(PLrD&GPEL317kOf>BjTGn&KHF4tjP(j4AL2IGp#Z%uJB(YByzclSnr!X2>E9Bjh9@7`5RzuIB4VBWmvr2lNjCVpurhjft)%#cfc z2;+wg6R$JL{-z0pBj+?2^B!1E0rd=gUml5P@GxE{EiGN#@pvOO$50qVM5X~6B=I;_ zz}JGKrIPW;55DLx{H7oTTaxhN^GJlpEL?GzGhRDW$p=(K1b@d=ND`I2X;S*~yILz1 zk4X5*Qk~obAr?SyfCVg2*m1y;nRgv^s2Wn7tX%=Hn?2^JjRGtU!y=JoUlZV1fI5_9 zZ+Hx`VTA3F(halCT~DN?n)Ui8oRINFQW^UGy}?2G`1Ih`%9K}a4jR@r-;zkAf-^lF zaerX~I*RKskP{kAY#;pg!BS(toE)<)N(L`gY?94*3-o&*r% z9x50x4E7#m!Ff=^qG`28N~$6*#ST`ANWk>UUd7;jt3?$9#iU$EZBPnWI*E_XwcD|! z;xVO7CJjj1wCU52V5xI)r&FN~9K5@FbfkEeEhU}=f+O@aNHD@TXeAaX8C537H(gm_ z(u|Yl>ltf=EVv=*k_1PlD;NT7Ks*cw6v+qlDz$ZsFMq@hC-xua#0LQi*bUZ!a}9Wvwd+o-XmFK zSZJq6VuE9F$E@pseaZU|YV~xI;{X{Vdux+*f%WS@5pcA z4%HBvpNpE&J61xqfB+v1Kt+}$U&Q95l*zCfkzmpG40sL6Lum8SY6Pi^cb+ctT&tFn z!*u!B5iLE&nD7JXv{Q-JwT#Dt;p% zJlru8S);yK8~Rq{@$(pIRds!;fA=qyvHIgb#&LEtPk-9|%pEEGwF^43Rd@%AFr_8$ z6vXXQg?y2awb2Wpdlh<L)zn_ytOMp&FKJIWqCBP(iPV)<4h z6(!R~=dV*afR0{QNJrFaAqQy}7ngM_R=la-g4Wh&w4(JxOv~bAvG)bF10+v#_f|h( z_O;E_FMfqnQbsBNaAe~|UYL$x7aT48lsD|x+{Pm$iBov`GFEvl~_+RUA)$~07kN!jy;*_Bp9PP(!k9hG0 z5Q4d0okx%+cN5}3=GI&wX#hr1pGCqG#NB%oz!LPo*62`O9U+qt z2h79XPn*8!%ncY^g(8=ryKx%sQO9fh5Usd-_vNN5f-eUFB*-t>Nun>9)9E5p4$9b% zS$sMaWKhU*HDD}Oj&R9^`@v~rvVhEa<4C0(99s2=>_JwsJ6d{9;ROAR+|A9%V>=ul z=mLUv?RL1lECYTc#BT`U=95st+k0YgU}Xw&R|DkE_K<7LCE8 zUJG3LBD2fNvb}a5-nE6zyRowInOA_Zwqhrbi^X0JF^4suL1#h!l*3GxqHIUIxR+Eh zz=UFxq`@-*x|xQg*|_Zpg$6{`WVCv?${`Ka8+{UsPE!!nZYjKym#VrkUM3WPnTtK< z8U*Hqu21~tU(eP&xG7ysO*Kq-t8q@N|D*eo-z(sXbQHM`5^HP;q%IYaT_$h>1Ve$0 z{iDy}v$sXv?EM?-u9`aBNp0n@)`H@<+OixQ*U!6}A8i0psqR3i=j}1)xK)CzDiKzM zq;0SoB9ESo{PfzLr1^NRuG!d4-Z~6*sCQ98T`xM`>vaO{!gZPnFSN6Z;nR#*v6W@h zR$(x8es$dW+I=z+xVoSK(_D1HVh^1SS&5`9ng1n5 zZ$Dzt$62qd05oB1=oK&Yr|vnxiNnAg%`5V8b=VX|&>NpBnUB^ZJd#t4Zn{g2O1WIS zM&nx4@Vre6(UE+HG_n!u_`~>oKmKw8G3BF?B zWrk4^v9KzTZQayrFa_vTg+g6M8aB0YSy90mzZUDU-}-)n_ubu3YA{wue_KoQz0m9p z1slM+wH^E+_&3Q60||v0VziwW(hLkAIT5l0#@^P~j7%C@TO+_$QUTh=2wMWY1LeoI zyYMf3ZZNABeK5;4ymq94gm3g#7M}U(zJ;ZgGe-5f_iJpJPeVO{=3QaxjYdIIcoP8r z3qyqdEnKep!0yg5^K_9menA-5PS|Jja^5x~Vx>oB6}#)i#XtGuWBLf4(Fj0_sWO2h)L9x#6-gk4wn z5G|+&fh@^THb|;p3c0u{kz0;rOOSZdWr{xJd!A0ZNhqXm8E{AiS6i&?a;-+YV*qs_ z7q{!j4|tTJ$R8Fq>t~#??_`g`Kb>Pnon!xs|I0iLJ+z?)PT#zShhkBHB0Kx~Y#JBF zny9;5LQ~_D{X&zWfU{jKo?I}n1!v|u9s#FKUh-Q#%nWh3xM+|8PwUn*^?@^+TF4&LX3dyHcGuvh+qaY2xS!EP};biiD|bz4k?NJpyk}Dr(~nEmU@K{?*0L zTP6(qbntBUpe+U(#RplcvvGITYtO|I_;f|_os?PuX3 zabObHUn`3eLm_TDX_sbjUweNiLdjSGZEu6VA{0ns!mi6d@ypFdeSsYG`a3d*s=Cl6 zPmZHxG6X?r4>nSwq1U#(`}TRK@B7r2rLPfp_5_b*0APHX%GlgCAJ@rZXwr{aUSLsr z!(5PT08lW(6;RK{R6TdCEJDv1^9FU=IvkVaLIin&ahvJ<8^|^sA}e2?v%`Mm;{KED zpnKb^+gY}pp@1ZkF^7Urf)utv+_NPxtswl->5upGYr!&W==g)TlU&}RiHuIR0hmD& zY=t}OApJ1Kje#@VGU%%Y2}WY>nv4%EBYH)bO7829HNxB${2qby);~se?VrE?yuZ-b zFBlUM2KB#-J=%J?dNiFZggOZ>CI+sXH3yM)%U{_TFAHGWZoOA^2+Hc}~<U4arCxS> z^hjSLzkMbnVd7cW$;?llRu&1O9I1d}!=rHYw3^j4C>$@Ew{^9?w#7=~Rm{AjH~;F# zwZix3#9o&wA#WI$$X=kW^hV*h_&|O3ud~h+Ht!vFp|~}g3MA826-nF- z*Uy+PKppn8zDT_#hs@^623@jJm+H=(A8TO)J_OM~1J4871a=xk))`pbGi_WgiwKkr zK?~*xf?oprCopyI?U@4GwyELZjd$SdtFX8m*b9RtAM2xevM5rzk*=Z1y)PMuwET`k zb;1n*)8cW+U9UIB;1VpKTrceVn1{Ym+>wO!QH=iQRz|fV zCH(sB4(i*@mPsn^xQqPeyggqY;ViIJj3S%@yO+d`xX$n0w))&$TODd%%Y!B-e02b8 z-ni^}1wUw6O2|%nP@$3VmwHmLor>uF(f$983YIjR8HE2492|3W1C7=3l_+ZAerhq0 zPDgdfcM(fEF=VDnu3Y)H`)=Uq0DBX2=0y~`R`w&JRkkunkdB~+QjO3Mxt=0diWM<1 z(2PuyQ7SSs!OLotYwA?9Mk$O&@pf52P>!dkr&PqI9VPaBWz#074yo>TRT209h@ht#Jse=`w)F!3fb#=YB9{K{A8o5}Q!|nV;p2Ee=@jCuT~HJXw{_ zrsyt<43Fft$>f=5OGoU!rqS8?vi;ZU@EM+g&PBTl-WP};PmtU!ZU)+Dc9wU4MxW1^ zHDyv);AR|xTUrIhk#3|7b>?7|f7}wM<_2?=r>G?tHoLkM8@C2XZ}6BC>oDRabcO}* zKP;fbKo%^|%ID>Ip@^j?vc$3b9+(LYtazc-`t9PNJ2Op!U8%VdSl{T7H^)<3vgJf? z%@iA_`p&v8TWm1T?K75TfWJaBUFdWJ3f#4uC0An&ssVsTLWW9;6t)16 z`Qg6_cEG~6JN`re!M@B#bf=8NzTUr6yDqHxN>p*q+_`m@1@AUA>aDMHhZ`WWBA+(X zqKCz^K~^BFRkanpeiySEu)k+y6Hhc~SN)I~h}#%+e};@6@L*)g3*@3|Whr^t;GkX9 zj6>7xr`1T5^KeewbX^z&QRB0lr|U`tTiMXiFg>ysz3m_?b*o3lXa@*%ES^34gl&6u z8$A6W>yHofvbsC8dW~*+Dqd-`O4Hf><*8RiO&iYM5J|xScov|Hnn>)Rn~>Id#oM=Y z;9dC6EFjACqPx3!M)3DK1@XSp{JSgQqtwuEap~COQvd6JR0yKR4NXc*OXCu;nS2rF zc{dCmjfQ^ya5+aUY`hd2s)f)?5eB{eo6J}C>NxZ63Dg+I9OX@4bsdh?IE2vZ^;C5P zibJ{C`oBvsTZl?iVtV$})t#c3PGWl`HV6?yRDEG<3R`+xt6<5}*qd`0`WNO8;FgA8 zARhtUF;V0U4qf@ID%Z^p`J9s`)%8oCnXh8qE#2^E8}f}{S0Q$?ac_Zu`j5J<#`kF- z?~`*0I1{#jo@U6$+ zwATXu2G0WzG1iL>2wC&x2-u`s zcX+ICde`ul*nrJw``I+d8X$QiTsB+--j>wo12yrxeJYHeNR|j(zq)=qd?lGUy@fFt z5mhnhe(LzxA`reqK+N~Ho{^gi;E?7H63LZwY1^I2Gje{3t(wgruAF4vK6$O?P*94#CPt#n@bJxTJrJm>7Q4<0lqJt^&} zRP9@)nD}c~!Z630{gYwQ?Mo=RiN;Mf<^iaXhZGs2Vbscw;$isknOb>*;UC>x6cJA6 zE&-?0rhU9V?-0%sq2U+2ixyFelw|A=PjNPIy3Jf?^^38%$Zbd0u}3vB;4}GhLhV3q zesfmI5p0O;Es*H3czp>*+ne6C&&HNxB0Y(~*;tqCjFBxc?IAh{v1|cGlPNH2fb}W- za^K$A^Wa%8<&fR8OQkV>#U}X1Lx}>WQosctp{TY8eQB!$vdLM(Zg1})IXM+@X^`=f z)d~6io%8dWKK_l(`;>8DT*r3g9$08gZ@>Myp&6js+)P8>206yoGj$D1)*Px2B*$4E zL;ud}s02n_qTi!1>!Crwt=xs92FT9Q(T%*|WmJ`F*T3~{Ea(G<8jM1|FMJRj5SveC zn2>9jJ>=9IQ0MiLbe#heO;`AqFACQHS3@gdzTy!$XI<9W?O!J%rf2Oan!+uXHK)x$ zJZVmzqq(_xdQ~-s0WMJKs62*7&le~gLcr~knCnlDsD$K$4vf*V$B5I9tx~}#7!8P+ zVx6dQ;lfZvUUqLICd$#UEzH_`6KE%hULfq{8sm#~fCT#yY?z{34G0bU=@AHyCkG_2 zZA3B$D<{^C*~6Uku?h#d5Mnc zsRs@n$|>&0qwKOuPsQk_FDSdm<|Iec6o~=kywi`X+V~Gmn#0!I1u+jklQC&N}KtmPLBE1CK)-+=DcD~3Q~~< z_W#4)pN3<-cj3eM)u2Milp#YYl8PuLQzarvl8}-@141%omMF6Z(qNX-U@G$*p;Sad z=BUi`JU{2h-tBvL-@oJk;(r{^aXc@6UhG}sy1v(ESnFKpI@el`VKW@>j}tV4^7xC0 z&Zgk1z9P~h(=+@9}bwLQ-}zu2|b93kU8?^2$3cM#S?BC!Uki@ycy@_S>^=Y zuzW1Iv&^Z|dt~p>Znz4uvt{p(P+d4WqO(|_&k)KqCd<_f{`ebA2F(Wi`=IC3#LOb!`0Fw`R2~sIX zdZyEJYoWa#>0C@E*CG|4a<*_80L2NQ{N(N_GFq0T4hV@1!m#JzYjlXmrwK+#5Ce4q z=|GI!HRFS^Lp~M7m;5Tk=lZP*(awRS1LExV3{Q?sd zoIn+Sx2Ag-GS-zTk80|(huj_NLd*1%-a-D14b>b)#*OW>_uK>0t})xr5+3%{LYs3i z<)fN{60)*QzmkxDKZ>@m8fdB%9B%}NdP4_n4-|bh(gCxe{9&O@HB;bC(bLA0zzt7Ay|9Hph9Yik z4iq|GnvCwagO0R^9>jfznYQEHjuKHsaHQ_4uq1bGKFPM zCg~_wdhE6_|oKM5Exu+AfYDS&)`n&6Lc>3GLYc{x7(4%|f#McC8 zR!DK)X`!}k9~nYJL5srtIC&^2MaLxY2sc zI1>@T{>t$fMED9IbwE!=SN(E^e5n<@wMuNbHI z!nHx5qO!sOL^D5HNpT>uH1PT~53~Fhf*+cTFEA>@v8eicJ1$A-+RYKIx`pzf_Xzg&bjeaY6pMNQdoQdG~!i>}Ug!{-o@3 zGs|!1f{QR1B(uJK4))O2WWI7DECY2>u^8fYt)3ga)LwG^=)9UgiLQu|IdL!g>@ z74GEFxm=VQY>XqT7$c@<0SvLBlOehpqY%VS7OuO=bw}+an%-aIuA(tOPhX3Vq9t!} z8@RP}t&fvO7(_yZwJQltjt_Q|F$vKCcGRO!!|a7Xn&|yV(bRyM7z7(4P!%B6m(J8( zR*#h9<55Fyn_~(_}(FP2EP-zJM$rn`Fj~65! z9z>#0;jOK1@>7)ucg&|#2i81;YW($E-uc=1&qcRsYLdNMHtv}`DEG-yI~50u71Ff; zXh8&W_7y^{a58F`%=9*r`PSYMMPy}M_8pPbqc2~+e7x`5om*jHJQu?3&adQ_+|k+Y zfyXR{SXJ4o4EO78x%1d-cIm5^S7L}^r|kRFS%&QmK)WpXbo`mJ%E2|Fc}Qbyq{{^w z%ut}8+t~g1(UvpWhhOzSsF%ID`YYY8hE*lpwx>pVzHN_(VN3_vGt_99Zvoh=VJP{# zA%I#d*eXUCaVxp;WMmYjRdHQND$?r{#%hGH?{RjN1LxUwaEZ&aDByNcNNF8YK<{rR zFUn{A*>6Jlvqgmhn*uyhG^SEiAn{8~I2RIh)a&X1_Z4+?bP58}nsL-RV9sv;n#WiU zzFoU^A=F$A(}#x2;Op2nd+H*vN*}F0$t?LD?R5E(Qf4Q;=%cW%3OspH9C#KSS%E4{ z4_DW>GBk8&0VxMUCGet(8zcYk!=5whhZAjVpB zZT6P#!-P=|2(?GY+7qxo^-`&t8!|F7l8_qG209)yaE56eL@GrQbb_r33BV7)PUvGI z!DJU;rC`OV>iuo&BAej!$Px1T^o1Pg(5uLg1&#b-Ao0-_on%4ir(Vt4^mwg9Sh_jkEgo#hv_9#}C~m9)X{CHR3u|5i;aB!a%L9(%b{CM;6GdO#&@v82 z>Rlf^Cxojes!y61i8v4XG=@1mB3DiHTxp={ zG<5&HS!ObdrxuUH1Q#+JBMS3HHd!9t-PU0)J3D&_X zS9^UrRtf%+5m{a9N>j80cYrGBseHQw6v=mO4C0Y~K7}pkm#pz87s~zf&(!gI+)Hji z*5k!H+o2ef$>S{o#EFt%jmISz^eq{giZK|07vClBh&O^NMIV+xT6WS9Ws%+y5sx;m zT(k4#JA<+Z+cy%*?%l_azGx-zHg9e;fn4lX&=-P3_s^}{y45s|_ccr+ab*h&hkjIV zG2^QZ^tH&9n)in7C1sMQ`v`Tp-snQE7M~qWSQ35Ebkw7vq2Va^xLV-H2Cj?=lG-a?agpG{ zNK@xt7b)asUATU zZ8B47gU_xA1q)M`%WSuv&qxE_R=`Lp7Bthr>#G{_U#1@0Yq#5 z0@Tz7*~uSw?@L-6=h|Z*4_R*w41qH=PBV{4f+UG}T;?vwKDJimpE#)Zr8+^68Tz{f z_o=dYBZtf-^b%`3#VwIHfSMD7GU{`Y2eNo^_X`C7@~o62?rErgw% zm;tFE=LGv)Hf{?@%-j_4>h)_M$0gScO&TrAJp0Q$aGy6+v2E1}9C3QREezm58-gJ@ zC#?jNSHfSjB!6vw7!@+k_-s`2iJM_bC2riw$4TUsk-Su@G?k*I)Bq`~N_IYWpMv1q zXXHT(P{ZL^h{Z&kKhbe5pb~-K?CIWTqzGvxm&CTtR2+JFi0lmD^AtFz0SbJPH?E;t zrf-(<^Il-z+?qjMrAe67gRw3E1frK)@*BJCQ(@=WB`%+-VY#Hyy&n;nt} zqs^RSQN+PG;Gezz$`zabhnkG1tSS_!QyLl?(ou_HJN=7h9;47&UFN6tMABr zGj+9xIhe_PT7XO%|5O|XK16u6n!TE6*w9>hqw{!Ha}nN@W^{iGsxRNdIC2M{x^fWy zctfWwXzKfm<{6W59c5xzLgQfE&>r_lOwd-;}uBN(m#1+=3+0ccxI2 zBd>wQuOeDu>RQfo^-MBYDUDxS1l35zLNV6<(7CcZYT)V8K>;uq^w-0)Y{3K@9>hzY z&}?R^88{Q*3yG{eFw~tJnS8k@RO69Of14%B_83NsTDQgK)Jakjr|AV{(~k<86abOSRUf`oslRV_#j4U1p~$yA6#R5@Ct}JOW6!PkNpPqFRd=1vH`pBWE6BE$cVt`5z3t3i5+&;8 zK;S@SlT-HYohL?aNJNG`dbEaMBLmEG_INlQYTM)m&Gg1zZHFROt)8K}@Sginx=b-V zr@ef%eA=_hj{DfYSE@sdj7Xd4MVeoJ4gDl0ZmLOx`=jc6-S%mTjTN%T0(7NlST5T6 z>EN9QJ56;OP)tEh^b69Rex85XvY#hOdvo#?(`B1Ct@~0hPu6H-if6xb1Kw|h1bPI5 zSK!9f0(nOxN=yPS&_=}q)X3W~WhUptKrw6w`>uw|`;BI{D=Xk0vwVx``* zEo`^td8_W~tpH=JPeW~VNXDdjtf!~vDmt&CE%t=sOPv&WNlm#1x$ z-9`*^f0QtXuvGzvGzzYZU$#B$%z{by5p-U=&z)J-)7RJ6{Y)7#2Jpj!!{PJURlkJe z0Z59Ok4Q73yy#rznfG{$g;gd3o(fpJiOwS~oRGiip{=_->=z&K7Z_$AZB*NTgajfu zG8>CT{GWzU5$Pz>+?MG@au-wF=@QXQ%T?n<-Buhs<3Lb=isWV`20Xr^L!6=!s9Dv|c5#&f4 z0+%BlEL@C92$0yNY%Y<5JP5cba48R*!`=9PD1-cnZ^Fe1NW=t3_Ig@!1)hCen4zf!u%BeQxZ8b3wed+>k*H^B?V@$y&`!wVNM(CPq}Lr+o` zm-!Kms$u6x8dq^0F?l8mfmsp&q~j>)$hB}V%!Gj9y7F$_LEc9}L9EC)dE%n-pSo_N zalh|lTBFTL@HPUDTA>Isfc!TKqbEHHZV6r2JO)PnEg3C2GD<2h8*J)Lsr$dzODy10 zrT^ekTa*AQA|_eME1R9~gmGEiK*pN~mZxQ1DdxEF7K@l$;&C0!@|qf5TV0r7iAdTj z;B{7Vh;4w8WI`6j8(5QI3qJJcBD0jv)ckBwF1qU=ylf?KAZ0g-ia0NXSRAPAJ40e4<>jvH`JhALL9)ybd8J}3 z(A~bfIMPIFmyM8JA*}uJT~%+ykuqRx6Zis-Y7oqNZBYws34ia$1IEvhvd?|A)e%_S z;>+P(3iznRcz7WID?wU`#CTLTzOcx4Gl(&^eC;;0BiD<>w15z6NLWS;Vsk1XRlvuS zqjMDYgq$~^4MnUX+_T}+&`8Xk0rVUZ?EM++N#HONflU5hSd?N^1SHP(Ln2v1g5X%4 zl&-P5bHTc+x1ay$2^ag*;S#}UT)V{xVTV2N#tB!z5)oKZYQH-}_PQ{Ge?I?TX z!0`xx0mbb(K%5}#?7hqW&U)B)f+FiX8|sr$r)J~?@yz7nSw$`jc@Lx)+p`0d{Axs5 zHBd83$fC#X{fOGwiNV7Ylz{4E!c+Kw7+7#hpfHfJzcu2Ni2UautiVqPQ!?!mEqw}A z^K6mM+C}hLde`$8Ol92=r4XmXf$|Ppf{jr{u?l4}rZ2UV_`V-FQcoJtInPfwD}o`X z4f(PF;pBr#9eyVaH5?I#d1IN2$aw*p-&&FM<;#~ga2|dr;Td;0HDUV*2jeX{1z&gx zb1R9bW&=gy1(3(W9!Pjsawk>y%#O&F>%o3sMet9wYw+VZ$1t4?`Y7g*qMOIyu*r%% zmwCBzU6!XISClJTTKyMYJ~T%GmTE9klvn>i78TQAP32_Z5*8vu zm{4+ysBXA0NcALM?MW(8j@dr#uRQb+Q_50c8us*6i^uUv^duIxLLb^>^o~fU{fP+! ztByF3~jFX^`Z04jf(nnsT14BN2Fe4*Gk)G&T zB{(98cDIu2-c0-DemIwG~5bjCBb^mn` z3B=@**suo#Fih^xpR8Axg!W_c3tOSz7D}9+Aynp@E zNyR2Gtt;8Lt;MuC-Iv1|8%UG_4m+H`u^NtE>@;1GHOPn(-noIBv4|ofd5_`gNpu6q zHYoqV-6d_4mr32V<*7c-vp0$u6+_gn(AHn?L2x7rMQjIb(Cy}6n6K3&;wLN#e|Bc2 zZ6V#Rw*k&0(Yk%XTUMPQmk=ks6$Vgb=+jy9pbIbt9FG*8e!o9h#9~Ypy{Fa;bam(S zp+h?R!h<&+ei*o8rW#QOyO^O;(%dX)?#8*vSKA1m54*WpGq@gqEE2Cd#f;!9Ah*Op_@>)UcNup7xWz8( zc$Ki#9?rfCCq(H^bL;ORH_8WrBuGApfbIK;8L|<*i=ys*an`IO`W=34Mc)!Xkl(@t z38Gq2@H%U7D7=LT49cD&pjR$bjX1*pOA+omR8|1ThCo~iEM7EFZPCL#K#K*cACyNM zOtB9x#DVkYf2s0Xe%`lS0pE?rO)sKX?eiy=3K_9AgcU4EMXb6VPV&U#wZmcOu^t4g zx!c24()5gIRf0uW4NEi6)P-!S7lIdgB%(hUau<AVi4VpT#V#ZNnpe!Y)s zQ9!x=p(JdkKfugRC=OUa3m$rA_Jg2^Y#_x+W32cV&2;afF9c))UrOVKpe>vGyZ7%8 zW;T-(BQZPjB^s&um?rA%wF((ezQ*3>xyg0qQnI;=CfDV?`n4T5$r6y%1aVo=&J`md zZNuO&p+ti#Z*6Oa2&yHw5d2Fk&oECmAyJD!K9Nw;AM`9sdNVfhPW3o2PC9^2TX5dY zxol*{MbUwk*f*Qq=AcSj2^K=vSgA2^8GH$Q$ZT(ZnG1)qru%n7pAZ1bz67Dp(AQn& zO6kuPi7dxcaNs1eu|UY&TkXe`E3$R#R+0`v6yOJHulUFNy9V&-Su?u` z1>_GP{T3GQ#E<@skb`=HDHiL)d6_^x1WkiE0OnCh;rTw@?(%kMGCvlUU?9|qD1iWO zQT?}`_qUxbP|dPZlqXn$7zPF0R;H$T5MOsbzi~w3)B>c%0enE)jC=43=|AtCY(-Z! zUw8@uAkL&O zxGHeuLP`q(Qg668Xhbf8c9FV}2gIdiHJn~oj}J`fE^sU?#NLtgDh&4;!ekLl?mXSg zww&8a?RJ*`YQjejV%A>?KsqZ~`;d?j5+;$*3B*&l1b~wd*HmK=`OIWd0TOQ`1|zv2 z4Y*0@8MvXs^g^7T{JG@JS;B!6WJZ`qSoNJGqJRh9hs}{DggK3^|HfnL?Xx?74oW_` zL(nFA89BnoCxMqmE}&^HWG9xA9`;pi{`5F7(64C~HAFXrA|?goC@klO_YoP~?b1=Q zNNvaV^FOdw@6%E)o!B(ioTvUxcm-wR4Mdx+^WlFrpbuP_#;p{exTwY3@OwdAl9ka= z|8hbg?zJQ0&eBImekaGt5yjUnxqqDfU*Djt_4uO@65riR^M^1L-*IL6Lk~=TbCdk< z_>%mMe5rf>cUSz!tNz_6g#3)sx_{VB@>hKQpB_kKQ~!TDB@cuWS{qlm)PZB+Hv+eF zW5mqAzt(zm{3hHNzPR9} zNBWR7{LJB^xQcE3^T{&aqwm;wbMrV#`~hHO2rtWm!9dPxf9{JQ8ychBzIX4QT73mD zfB>cz%|!h9W@>#l8&^0ITms`?YHUQIoKyW{Ph10!-d{Takj+ErWs)Xz%ct!1*zo5Q zm2Og5brr0a1%jSpgn=9JRvLe{y`wySS+MjPlnG4ag@C>GVmegpsz0At$T?zxm56j!D{KYcz=bmG1iFklBz_Cs}Tk*my|KaY$<2;Qd|lz0d1`6-9q6g+S~ zkHVjyN=EanTRtIyiQ-_ce}3)=o~CyFpNo@NvRP%-L|j^vH+ehaE}*7(d2bmdvHp4B z_~O4#Ps?=ftc@k|@K3XYaiRim|NJnFlzo~&BXFKBKzz8|N5_ncD-C4cAIM1H53o>0D=UN6b3yid5V zr^m?Dj2Gs=2bx|_s8cM7))V=}E+HDXWfEgsK|tX7D=vsPyVl z3Z?m9GuQAydoz@R2KrN5%wb;F^XV7+HoQ8$nzC2+_cK2Z%(Pxp4CVU5b==EwB3D{O zcHR-`Y7Ck#db3fQ3*7vv!+X$7>Yh50>7Cw@P~-wVg?mIn#YAHC#p zT*#=OSfxJ?XKfol?Hq}Jk+`D4)0_$TuTSm4hdD|;oqzroj=0MrSMNW^>A1=~Y!RWT zRs7d^QJ*A{;Gc(k6FMXBKaI8CkTw+xP!3b!iFjB3X;({&Qu7o1^C*W=oh{d#tQ1Z+Ee0w!A4_dwH5X`>O zzZj9f&wl>=pId-$|G()|{`?gGA8>O2_ksRC2n+xFKf!?iyF&kWg?_KV|G!Z3f6ve} z^`?KO`>oYS6qs~%uvHsMP-NBxkSXUQR{G1A^$5u^IGvM36Qs3gb}$WPFV#IH7ZBtG zK%-LxI-wPr1wX__3V=QOC`R%_h_eUT-eXPh+7wrsBmW>5=LnKDzY2nsHl=^ja;{bA zJin#dk>tV=1BpbQ1_gn@RZb&L$2zU}B$Cxupc=GIgs4#x=nIx(b!QUMxglgPf?PxY zjT==G;<(Vh@O$@GBY+7&3RG5g_s_tEsAh+`7-1;z*iZ6%5rX@m;bF?#U-cCTH`!6B zDRSAtBCNfDydlx1==CNR()&P7dao`-p2!lX#(EzmR3rE!N8130#^A&ucMIc?Oz`BeCd&_>*{zE82|wMqt7TlZNTIhUgg(pFc|kZ00$mnn*bY zeeYVxu#qfwT^cy-LG-Q-9P-9K3!47RN#rvWqUQTp_J4H}-4LKtm<0XW52-`p<)=JN88 zPq>rmj1epUbGBlHk=Q3=WLw4%Fb91%E-gnoCmM|xEs(+{Ot6p4X(V1o`kVI<+KedD zs9z?Y!HW|uq&kNK_k}I6hkmlaPy1K6T$NxvH?AfBi!boH+>I{kZ z(sngFZYKf{LgRS_%tHG@6rrsMj<*gb<@JMD+Z<$}XZJHmor5icr1H6uy7vatz6Ux- zwWbf75L%BO2LLsAIz6LiR(JF$5q2RB7LEQ9qS*F#A3kjE=MSQ7cXB4@7!oKJdzXdB z5nOZpKS`3kT|@~_gF@23azvW0bRU=ciEc!iM}`zv?*Dl*%(89{s>^9Dt593akd{>w`VBGr=-9s;!+KcP;U z)-as0B`H#{a$ZBH50sLmHTg$9(-M<07=gAI3Ax^2zyn8z1Q(&#;G`Lq%x1oJrzoOk zi-Vd(j4+a@tM^2bz65t%AB=?sY6tHP(s+5MgTIT$eo~__)J?dg*6(Hv8VS_It$BOP_y(MgGyWGG3ae6=*?GV8k^K*dKG^vF3d zY6k%HZ5^_8?ZAn&mAlMYUaNnEEr4>>2<4+j!PkC)i@Mq#YO4?4pPbgm)6(-Z!$}rx z#pz&qy;J%Op-j++dY}RpglP?a;z1HJluT<9Vo?~x0}Wxh)(d=)-EqqVHzRrRGsit} zh@{=7vtZ3EpkXG;&(xYLmX-!MN~EY@Va5FI%J+%EmK=&rF|FT8awtqWgS16o5bZ+J z43!^j;7^QCp-@T-;?4K{HtK3C-%EOjUM`@vK$f%p#kmU?Hd@g%eL*91aa5jNDr&3+xAh`}> z>CL-9sxomW#1akQ{T)W?x%1K^pZEXF+2Sg;9k-RRKDj!`^|yjlw<|ya)Oel&*7#hq zSi}y}C4{V;`xMGBw#<-c{`rr9lp-h&rp_Du>Mp%Fva_(?5~wL*9&>?Y6cK(*AN1q_ zQ1kulzLNb33I|?d63Jatpw}cF^GPn|B4m%1y+l&lhK%Fp%G&x6tIC7aDTG6Z8BZ#1 z6hPh>WbU1Wu`l6s$@0a^&Wvx!I;%+J383GJxG*6X{2gxfffHNl1j*EzBRb}ABOD3v zYLwdB|AY)`#-y6XozjEh0UV6)3uB0H1lbbwzD~IwvpQIzX{R0qGgtzRW;xllr1n@? z=b4`(E?zKO{FlIn_@J)fsrK1MlGVoNpW8FmC$qMFdY*SaCsXqCKE}?p z;YGZGuub0VXy2fHPFVScnr`cy_zz8udJGSAoSkKvn3<3B3>%@Ydhgk@kt(Lh2y$|u z!y1d0j*d4vKGAf+XWUZSFfcyOcBvkHqL#e$^-Mn8lNBY;cP%4h(o&la&C|%2jNhU& zs73qtSEYAXm$AH}B5fDq?M0N@`uf5zUydcto?F3!i7hQqO1s&^?hHV=$$-XaoR2=d zeY+G{4F!C2X+2siC8GW+rI=ymN|q{A7guqVd>Q*QH@wnbg&h zj@v4qzJ23>R)>Pz(6SZ&yPanw;84D-?OxB2rS(f@IE914O~tzNyFGrYW@U@>&I z9v!KmUt7TR3k7UlP4V~hJO1MJHcDVn(06zMG4Ui<4n{_!W=IgIQe0hK>*jlVd+FA! zS@WRx>({SPR#i>adH(*Ii<|Hi{`d0X&y_Su+m3=FGt6vWwrm+h2&`gf)t_m2qo(Z) znt0K@Qaya=;K4UYwNhE58wM0)hfRjjM=cUTxCEL7smScv!;85U@~F#HZj+Rd$S*8h zg62Tat0nLsPQ=LXhg}>Wg5^Au{`N#>DPuxs$cE zIL^T3wqiO|qC_Ppvj_+XB&Md`@bjZ`s;1_O(^gwsn_peM z8dQ_}g9j(BzubQmef`tzh6OP7f&55otG?0(ruz>cMnUv~_@0i7iz{qg4DCX#Y0-qj z%^viE$$VOFt}H5IJdvDy-}BnCT~!4W_%=7n4G#}npwBvaoW#Uc@blY5MX%v;@FJg4 zo{9!67p+vWJ?Lc7kn6O@!^1;x>sF7XBvF)WcVS%}C&>TH*47@Op`q2ks>Q|I=TQQKA&NKf3YRWj`V1xI)vH%KtZwS)N(7)A zKr#0HC<=b05?;L6JTkf_*IZ3gb2SzN=*b7KievaDKR;q@dr?INBYF{Vy6mZmefbgs zt!0=P`I4653f7`ELH!z(h z3Sji}moIm-n!g~4aTA;Iz6#|a-be~9q2PePWpk1S_+~X1(2fhe^9*pu1_lPyE}k|O z+`PFEH0l6qu-lL*iH(oHmz9u{BZCx~7t)o)YbckGiiJ4Xkr#rq=8|<}$EblT<9A^_ zM@HnaSd2_eQC95zcu@A8m+q@<-8R5I(!b}~So_D1FO-yOeSO#hV_T^qTl(CIBFQ&%DjboUvmQMrIIZab*pjzA!N1NNW=g^f6EahCKaPo5m< zYg~hDdLfD~)Z26GQc-=iFAh%0%^Krfs2Arm@JR2)D4UCESC2Pj*)o6(D}ZGM*RI)~ z3q#Yj%9lfI+KWgt7>k~h zclX-0MM#OdL8)(mEEcC-;yaWmuj1hFLYZduq}};5XDDcY3C$oE+DB}|xG1}_8`<=K zS?rGHYya!<(s8IFU%pg%a$aBG&DE9iCKpw~Zl6iZ6btl>KtOx^MR(N=oM39>)YQ}t zJX&?Tjiu#v++dgk!!FD!+w1I{Tl(D%tJ#LwI_Md?m++wha}2#BJV60`%{k+T^c*tg z5Rw%^jB^>?Chf;_kQ@J17U~0^P2xZ?-Ht$xjk|YqpbO}V6)W=Ly-u%bJ^mGFdljZ! znzP3XNTWFNT8N8_@a#ox`3NuU;`hUr>acNs|4jF$4^(i1D?I zo6^%Iw&-TEV6Bc%+(-Lm#NTIep{@di4k9>uRwXln6@@5{8{wQQO2Ri=eZ*^8%uZQD ze#e20DgsV{7mFQf$P~nq0N!bJglVa(yJ2(@rs3t6moq>u`OT76t*g>b<;al|6lJPu zYYS%1qF7}D0c{28T+n`}9bf`*ocD5j8F!5T3)H2~svwfr8$cKzf#(y7Tep7w67*bn z1DMJZHVr|5gx$~vL>}94q_F}*;!lNjm!rHMUn5s4T$*Ut{s|YNg3JF#8Weaqnl3bx zyogpz5j^NR6ol@d5IDf)Zi=0rnv&DYJ3FUhfRaTw9cydroY1B&eRJ~w{Q8F~w2QfQ z|9))cRdhNOTVw$e$j>^UiV8-l06`QBji?M7*U;nCq;NAJDepziEFdVOirXs-m4~EM zOLaR6FW$iTYMW1tpFo@65?BQUtMNk(rB`PrL_rd`LMbA|HRpu)7Dq=5B7oq-z=qz@ z?AZ1>NLbm?fw6JC`yA73jU@);a1@885S=Twaw#mLD?n#8_HS$2+` zKV-Vpg=VH-V$aT^k9ay-`7P6WavwprXRhrJYd;2h`qfpW=UBBvZgw^oxfu)$S`zpT zfDlKJ6cdm#v7(F~JxL*iJM?Uz{|hEYC89Kj=v-*5C7d7zr$;W{oiy&{TJ5NF@E|qm z&7$%^ET*jNiHJ8k1wg2!+3CPD@MCruh0(33zt+({(TLG=$}#HTm5!NBq}}lHqJ}@O zdU#01&TcnxMIZ$Px#yfT&CGI>F1v17@yz;CS?Bm>&o;08P{?Ivi@(NP)}USOB>g)?Vd5l$82 zInk9L<V7JK>?;Y6(C$~|{NhWhr6HcDOF$Z&>qpM4Unxlvat0HRoCAmy$`(&l{B**{hv1YRv#`8M=I zUvtC9hZeG}rM9-Vq&}(1GRtxDN<*ggq3`0v!oeipSyK>%4|3&-8>%4jqZ`sptjGpU z{$Tdt35z!Q2M;=S&5Nx6%K-i7zsjpY z#ZhNKDcB~`X*(vK;hZDzY}7SfJSpn9Rs#6!2hVUWH7Gc^4K`~6XPK&T5ug&-pX+GK z^SUfCTw0_x1C5^EhU~UfJAGQX_E%SzH|%8u2mrUfUQh!Pms=<(6ct&K$Fs+o3$cFz zq`lhh4f?q5dk=bDTJgCsnyuKEnw&8#gWB=q9ta&;;T&pF>;|k!)%N4Zk27$X_tCua zOg)^{xh~Yet^+I-cwG*up)blSqMJtXA!^*3n?HYE1?As9C8ZSr{Ocrsp*01Xr>;dC zOR9DKh!k6Z%-(>k?G8Q3jIqcBGOg$u;;CIEoe_@-%v1^AaE4Jcy92?FV9E_d>u2%a zZkga~Nz-PG5zL1lPn-p+12w)LU5Yl>rlQ{xNJ9C(>->+^H?0;qy(PB3wzdV5@_oP% z3j2%U{V;@T1K2si311mV4C%Qg-NEF&pVhs#aXbP}ef`Fbiiw{P*%5~fM@nTPA|zCR zhX?bkgIMe2`I9g(1qB6(!0;8*z0mL(I*$zxGh692K`(XPS<9{t9a;?w@}R4q=y#d- z0XR#~$|`JV;8K6aLN)@cfG$WD^K(vbB)}=8U;e(B+=bdF@5f~Z9Lo%JamAMAF;Hs1 zeT#%$26-Cqw5^cvo1hEc_XLN9`J-;*U6qQ8ihKzRi5e?z7NGEh9ayp$g{mz*JzHw$ zCI$^KFOwPsQ`GnGfE(+jrMU=!oMVECiTQ}R71B~rX^T|BYV@@}bN;;M$pk5c{8f|#DQf``2|8*=R!%_!ATG`8|t`T}9VMcz1F)nT^)LVwe2p8P)<(=qx zWw(6c*5JDxLApf89S)Y}reG}dHppH@R37f2M)VU$XP~34P5vFl#4MY5f3*lMDtv~N(5u5J9&GB%&XxR<2w*0Fz*V<&OHU*K%;J83_K`Y`g8a8XIeK5t0SoyJvjvQ+XZw zphuj1jRm?`GXB(y${l@LsTvzu*H!PXMF<4mbU%u}6bkbwgk(Vbi50kU%$GKch$v!m zTf=Sxef_1O_rNTHRXso&WnYn6xy!VU1*Mh35bCdI=6i`enP!G%wRXl8esmcXip6Ab z`178805gT_AAbG%h3;$xi0~8=Cei4M#w}OG`)OewNRj;-8Z3Zy$H=|LRms1*%@`c% zHZ*d*)R=jE!0B-@f^Sa4PnkA6sOUI);skZe`|;-h1nUuJ5mFY{nuOSBMqAk2%!}e5 zHT#)NtkGF04c+V^uvmC#P1;gfBxg$w>ElvD#*eG)4ph_Ps6} zkfk7&UV#iL_bFXns(Kjx0KDL{>}8^?tgM)X=@HQf+yqxy0NHe;1@za)U!KZPADBjC zMh%Kcd&>eMli-NY!&cdo^ zCM`W%dVWmqSh8dZfwZ4LF;UE#bAbxXVt3^6q3m^CEC!+0eCwSvg3ylO?1)3JHH28L z4%Xa*KiwAxmmBrH`YFc5tO3ynRCzy5RzG|YAjSjmOs?dnySt~ei>IGoki*BDcAmqnp zW@jO#zv5>bgdbHneL5^+4zZQcjNM9UY8M}C|6t`91O&>VC8Z9Z2o6O!`*m8XyR-8w z?kB1PT+f`uQAhLBrPjK+za#vg1^;lyzbP;yU+s2rKq(K&meOt}E<{#dG2)&uGy6W3 zmOg(|vrfcHOc5X z=FcE;pCNbc(Nj#eVuo*LtU}p+LS^0QKubNK1z4wJYP^zGf*8)i@-U5XiNpi1kbW8y z^BwnJ+3$GUXboF_!zuQ@yX`PoY#0sdtQ#}QYJos?UmOSxWj|ClZw9AyQmy9v<&0un z=G*As8M}EXpB^O}>!%6C!98AM`kIyN?`4e^l= zC2RqrZ=|H8sC>daxDoLyMj3gL{rFw0N$Fe|JFpvSo!ZCIa&m<+R%CTAy9!}s!;O4j zf)qy7o4QOAeSNmh#tj~cT$Jg^{TH!W@xkMNX&g_OuJ^s3u`9r(!St=@LL=M#s;d5V z-6ku*IlDbfO0u|~u>W-XQERCrof9YCV9L`IO*OT(D@IE}9bSL_{CQnC4kGjbyeZX> zeQwZmKi60_`t7r#A36EYRGst}?M#Zd_P&oEdzCe2*v{|${UWjbXcrtK{%-whPYw(s zyx4A{0QkS}v+0iAyEB^nuj^w^U0@SY4_jJ=*iO{COT(kx@gXQ^I3j`A7ekcgii%pv zrrj}BqQKjUDJiT~{mpp^BQxGiS04DghY=2b@7A6Ti(>~qXeUJ4=Mn@G2{m^6>EVPDwcKcSe=Zje`;aTx( z`gBb>!QMf#2Xv1gKc1MD7EGNZG`-e~6QqBX?)7eaR}3_|AU_{EfZ%fz_uCYt9MIJ; z!WlCHAB0=a{$ulL|JUX-VvLa3ch#1Idk?%k6d{d1Aud!YNEVP0-^K|E>pVRkgwd_u z>3*SnzmxSj&(Lz5QX#9J*P&+LTv_AfJgs z@>fQWWV-s4#9rwUOUzMD$vRSlRtJj+EgidgDq@i+OzXf9(=t`mct($C!-^kKQd(67 z>UdMf#pk}LprbKHKbd1wxov%Y36(SYp}#PD_BiJuMt^^Qw>kiB1zz`~;9oLZ<{|d| z41K(WloV~|5##F`LPZFns7AqHZf>~twXksihA=n-uf3GnK3w8G$& z3CY=kJD*dNRGTr4x&Ty1#8rjh;}%1E@V&R!4`jrCJ-xYb1G4OhrWdXry_HC#qc;I9;`OmI0 z{GWH#O$W#bUC@|4N>H~HaFHF^I^}_zW0^`X>m#%Uwd)ZlDs(?wQNL{I(iNGHz@%0? zIO9Cu4h-CI?3e)89G``yzu@b)c*Hs?alajDLh1Gwv_17&w8NVMeZ#u%d)! z+R^ly)Dp)cfB)v|*W+;(MQ(C%RLAW@*nT$nflkK37Pp{^3R`h&~Lv z0526!o#MjS*Mw@xl*3!jy!fPQHN?Wo>QybyNHME?ObxokABMF~=j_>aAcu7?)Kp%` zS_;ztdBZu);1efL`rMH0=BpO3EG<>uvGf?5wcExc-JkcRPy{GIThSnDlnx&bdIldB ziHGPCKD|a zXL=~;*J|33b!ciiIx61WZn*@EC&Y!vw=q^{RXN^;_t21Z9c0s}F-jMX3u+}qN&jGE?;`NHNDVJ1 z!@h==&={ktnH?6>?J~F`Q7FjR&_6%~BuBiAE!>t{Sx6~UmMsS+F3pB9XSEAD^xHQP zK5c5%5``Tj)29K2gw`4B0&=+F>a?PgTmrK;J4{a16tb8#Wp9c#nojxr^ZyrNSogL- z9`;FyY7Xt@$y8g|hnr=~T}>}tTKc90eo%Zu@~x!6!$*$_;V9O(Enl{*6cTadQJ$1h z24H;7In%FL;fjRdf$Hc(Z!>Q_FThZk^=+|HKn}*-&4|9=Os~Zd(>PHRBu;6JQN~h0 zh@snq;rGJB6RPH557`{(7PUZARa5F%n(Hqh@O*YoKT^%qwuO$Cwh*Pv@>!jW^I@hE zv3hm>>2Pgi4PlVJ|NI%F8LV;~PI;ZE=uv_#)$O-PNlBp%2R8<(ij9Kv50SE^$4!1_ z>x=tK8eNi)*fEA3K9zoX5y`k*y($4AT?-5#_MdFgWh*NU`$ovski0HLqZ}dIaI}?2 zy2${s7xWOQ_GKn#7`BR3#T=Dm?58~|YfN&)j*ZiIwz1(kd%FK5e{hf#cyR5#T*^iNFByUg{!Zl2Os zVqF@i!Owih)P*EFs5l6}KDwt%i%3|OHm-%H1W9082Z!lpC-y5SP$4O-Q1fIH#!?X7 zA3X5UlRkcaMdXv!dF?=)4nivE8O92z8FW|hciDKoTvyGJ8i|rD`M9EeVYE6#`DV;N@4TZRE+nX=!V_4rf<@SsR^w70)p~W_4VGcG6;`@;=u}BOX-~M12IW%ZzC0hYv{z z8|=rCX*d8&(%RaJNPlW_dU`z~aO8ey5=8I^1qB7Pb$s^m!h`$X-ZUXH4y&>lB(av|$&#zcmFvbDY z@2ce_&fi`ZQnHU*)p`^>`l1!%jG2MIN8?CQz*Dnda zckj9QdA}R<1%lg~eXjJa5tFAAlrA_J1y(oUqHl@Fnf zQh0=3JbzvQtdJt9=m&E8J6sA)uL;ONCU1k)$i~Uo!$Wy+C11l(pR(ZBwvtZWnVPKI9C&K$2AtwKra*0DQWBEQbnLOGr?W z?ocD;yq#S}#FJ;kvmkid?Uiem9dj@R?YO`!bNO}dF@4h2P zj(l$eSBvhm?r6y!=X^Ru(wYX9qB?8ljo>VlUG{X;B=C~N!oa{~EPH-srTVkBW9sVL zKz@Qn`da@r?FO>8&KLlRu$G&sH6eqJsR}_I6HetOIO?stI%+?U$8~jeEeq{$ma8d` z78~a}OdtT#BOWlP8~FJ*S-+I$BkCFC0K5s61Wuy5Qb>G%O~R7Ds66}0f%${${)^TN z!W_RgOhTgDi3}_w4x(pEOUtrH$2g#+bVchr9BRWZ_>}u-EOp&|JEp($>GY$Q`GIyc zN85$;yrJ7F*ld!6I9Cvc<~6XgH$EmoHc{1~qx4!?S@{f_iw_MJ6&1OWnPy*4sBZN0xJIz|YW}iYza~n7i)YNh^@XE>~V}pD@Qi&v*`s(0F z@+u_f19nY^`i=OHB~p|Yq;R3xU=Ez>0ey5mEo~P%y`xnF*C}uwI8YMcf+00}sg}44 zd=fNM6I0y@tbM}u7>G=Ayf_%Rddo0r-2y${iJgaK9OZEV)qtEF6)N(tA=>=76L+t| z0Q?9Q*g=nK#d6;A=yaHWNG+G(T}Jy%AaA;G;Q~-Kffh&x?1z8XnCrQ1t4dbl!iA@m z_n((dn&!N(HU$|$to}n!e zQNDG2d;L_iUG?x`)?S{@zCHpg{L0Q58xt}a)38!gG0WZ)b#R3>HEF41m&PHtcvJwi z9Bs1hlhCG3N4xDe2@0;N0_efc#33iS!kF%B#mKpJBH4kD9=)&{KX#|Qw3G(G1k~PQ z3fgeBprU>u7au0Qi8F9{nAMUn^bNwXs+!|+A~+02cIhaX_lp~nQ$eK}o;&xx3VDz! z>`hILA|l`l=>MRE;=qt}C1vFTq^WP+y5$Ok@fXWvVf~5 ziYaopaKz=%Fu!5d73`SiOYLju$Ep5A__h)b+Tv##LdWtf+x;s|qT6q_A8kPXOkmec zHzYye>A{f@FhL`;QvLyb){t!Zk48Q5YrnHn;yeD=LGt4UPr!;%kgs0o-;IzWnFq0n^(1ibxR5X*>JGpVqEOi;pzuu71UvI!;tzu`7O`1e%%4cZk%D!2oLav2}hu5`%Z!kc=CATTW<~zo| zkp{36Q&U6Luxu`asH9*+qSvhyty1cVjF6xSs=heUwe`t zia(XXS33^^a{{eTs2UaHUcOwqh>RjmsXjm#(0)`C0R>^&V;|kW-vVK+BC13Kd4`c! zq3JgQ6O zxw!av=!)Yn>iS|HV26WVXul|I6$ytB0tFB@oP@T>?STz38UOwp+R=G&{|~g|N8XgB zY6FwkfhA$<)~!PhEjl9Cw*NGG$}HcuefyW%QxA85edj_$$5q-SQ;8gvJ7jYgt#YHH z_`tU=#|d;Zg=CY--AbIa)gKrh-Vg9)8W#~kA@B%??pzn;GjKVoYd0^fuAJOrIP&9? zJ29zS%>>~YdhsRvdLGt+K_(H%ruzZFEhn_eaUNT6?O=Nqu-+9I)F2@t5dp*pd9ap2 zO6Cis1Ife|m0l=H-=IbZc^;i3UNbX}B#RBblURZQfCfBOgx9%lU(ny{fDY0B3@uXj z+S^M4wh`kWQ$j;eUkoUN6tCbhm(;AslHeQUmsk+?P(JFxo^{EIiF^0%rC{Wv$gzay z&*ebfqE)l*8&PPQ4j|*-Yk~n6{>bugn$4%cZGrk@hDk|1bJE6UCv2vPORmd2sckU) zg(-UZs4jm}6+)6iQ2paY1K{f)nCiF3&u~& zUb@Z`Cz6QgC9FDbsf0GV=&eM;4vjKyqIqX!iMI^o*a`@L&)05gKPQ15jUE+%L z0iT2fJJwk_V6vlPJ;8~9;u!byB5rzmIxl%q3vMrDhTtgh!mAc9S#q3nJ0IU-{2h%w z3IIq=x{<`uG>NNwQYvl^#5@8)?rnq-}f-)%wS-EC@PMH(gvZViiJoB(xG6`pwjK=2#R8W zfYK<9lyrj#C@l?#P$`K6(k1Y&8)KOH{C@BC{{3=Y-|q(pIOjRfbKm>kd+oK>wlqY) zcWG`rPRYpX{TYB?UW{trzKv5h2Z!Zly><7FcY~&nMs)y&tEHGzz0RulHQ{`hG<`rm z0yuTuspv2Fcm-Sn@7d4}%`&s)%X!U2?Vp4XW&LK_E7Y?%ZoqG-<-W7!*z{$Ww0R9972#@bDryBB-| zZBOR>`CVajOgyK92Q`+G4TVna+z*n1a*MIg^60s ze_rz^2N%}{p^+o!Ku5XdRo~^r2Fk(%yy+i3pmtX&Y4s2h@*Q3d4PjGEUn;GtmubaZLcV|I67cCi-b^|_z}=CCwqQjMaFjDKfx!2_ zer2Y)^|0V4Q!{M)ewwrYX#}33UuDFDRw@4ID zq#tboH5?7yQLc3xE$C_2E_0yN6vTWS6=?~JRH)Fm8?pWiZ zA+See1djNEy(7d{$XOfn{9j z-tk-Dr-;djl7(&;%7sZ>I}!Q!$Q^__Av0$1Cj#vFzpXgd4rCIDRgBdjuI*(qm-oZ~ z#wIDBw3cP{kU4;qxoKqdj>8K~s(L`+R@@MRvofr1@)dPp2F>^+Se;E=Z?J;%VILP+ z+vvV_aL)G2cw*p;EHH@ zM(8BV?ML$Q76#u_@}X-ue%qzo^-M4@B~W8;T~tMD zKXKiG8Xi(uQIUR(nlIT3=3{^d9v}Re*+&`|NiTMq=QdC(=cEE6mT=1QtN+ zumLay5$CO|Mi2c1l7SDGV4$&^X-j!oSpl}_6Ia(46-|hxYp6zgki@)q+f!$gQO`@- zPj@=)mBXeGAiKz;NW zg{|0D(FnG&D5of;fTwkYPo}4|m{bWHP|UB?Tu)oNEwkA=Ar6`NdLCcs>Amapp<# z@Q{Hz5S^W4*Z1bpUFYiRx-_>62R89MB-Idb#t-0G0yr&;4?qUeErmn%8q!jU&xFnbjI6i#B{pkm6!dQ(`@4vyS552D z^@ycQ6QMI9^%yAT;3XUffQ-9xC9P?CaxxGI${~}^2PJWUH*=sZ+=rzIvbPM+(=j}e z#<~FnyjxVzj64D)qS$c!k*Tytn=y}z=UdbtgqmIx$p{a@ZMjMKw8X;cKq8jpC1@-U zBm$JTg;etHy?ePRG(IHiD{f?BD(aI%iVT7FMX+`7qqQXfW$%C(>KuI?A+tWyCi%~> zOq@fcOb4PM2CwepX?LjB#ZLm9pU*PX( zVSnuJ=Ndk&0oM87e=mjYEHmE z>IEHWdotTH@1D17t*f{*9JT_B=WjS&G2kdVFp2<(6L2FKDeLW`7JWqQ24ax$}D--eQsmH1^|5(#oGsOW(ciVHz~fCF=xaD!%*gBvu6W$x@pz=RC={oUy5_?7Jc zuUbI%8B#cy_AWKUucxG^>l1Zh48 z2M4lm8f=*+Jdd({)+qSCLjJ5{=z{c@^eIRljX8$2NqbmWb|3~96ck*$cI_sJvKaGt zZFq<*k;bQ7AmcRw1QIXk+OYkIHiVbss0@WAcssT0wRW29ZQ6M7k%FDqx zbG$gmM6zsA2N7heOrI5Hyuo$S5oTo-XL;7q-OajwX?0aq9>V&5;7GZ7bcBJ3>ir{5 zwVR-%;cOx%%n(?tL=_{3lB;Rd(#GZzmWSS~f;0hKMufm;(Z6hKg|%{gNe%)anN)Q7 z*d&_Pd5AXzM9rNAn30E-2_{+vm<<@tOJjM%umvtx zBqj54O^av+|q8g4_z12Be(X{vJhP5Gaz6rt)X zP_O&uWzF&0bRbmTN4}YZKSR2_mz%o~I4FYkEsSAa@$kv%U8L%S^SANysrcr+d<3Vp zI6vNiIkB_e-MS;(hxKB8zA`b>J+NV1Fq3Rc}OTtO)?%4=yVYX`X%ynrpxO_0%yFK2Kw*` zB^Rwr-OE#SMAU&KzP9~C&Y-*3VU{ z@K;!nHPh4g)K4K;fc#J7DjnuwCB?;JU<@78?{3KyBtv|kj7#B+LV3T;45kJov7-+5 ze(vh}4e(6vfI5&lB+j&12T53j=IX@x^H0B6A`?IbB&TD9To8%FMsVH2OtJxA5tN=Z z;is*9Ab3QQd8gBNpXOo~X}?z$S)i~(w6p}U^!6`rRmDC`bJ7rs8^VyB&IK9*KOhn< zQ&;s5{-Qs-L$=HALYtNUDfRuR?y%~`c+P8Jp`pV3gk*K}VHH+090V8%EB;R!A1n)$ zNR3W3?+${7rUYyWdhr*z8tC9um>ELvfwjt9R#rCJU;ML0m>@Z4#r;EH@C&ln*fNhw zjEs!T!!_l?0BxQ}|HTWdV1m0wmB;*n#fULe+xd)JUOl;~hW$m@SO)d6pHdw`%hY6w zyXXi}B`QJxJm=H$(3p`v)c)(Aj|bnn3q~b5W=Yfk^sZG^o&i`%AT=Gvwa-JZ8zBxR zXFhb~HW0SxS>EAZj(M2|O(|=UyUANUAgz?XmfFY2k^aUBRNK(8mIf*o$mfD$&d!X+Sl)t{U996QUBl??FlGzkL+N+EQLHoylr~#x9)y zqvAaC0vY7_38pPLg}{|&pq+f*_VMFQP%KxI{VrPwmquFBTEUU8i5$MN39%vvw1=mw zSEQw;vQ`JqTv<&MIh_?VC{+G3dLIsRcsAZg=fV9U|Ni|)b#(Tk6R{Kug8Ifr9P=9v zOe2B-2v!IjgcHeq)MJ4t)7hf5LE(Vq;c|k;?!@l)u8ccMswwrZpV>tq^UlHw6WqhohX&?|yQcv_|0Xu??+g!vAUF zdX84zkApjbnS=giXs8o7(ih<-U7x7W2v+ffpr9b@R%z6aV%M(iyLIapV2*|(ku~Zd z!o9(gp4VZayMo-Be$`` zV0L6ad@Q2B;JbAdP`XC-Ls8ra8wYL>CqYVQwU7( zaaaP0K9CUthsFYY>!T#oDMqV>Crd=7rXB__n*c31c-S+`a09eRzJq2eN}OvjzOf$I ziZdAF%h>U82+ljSgbp3RugH+e)UA4q7*g0)O-!(Vl{v(PwhgmAZr zuKE{5+4w?Hy)K&z4d~euXU^RG`)}G*ik&AYAqh= z8ND(4*Z#Fnq9^f*;U~ZRxe6XF8U582AK;LRMr~7u)p~e$@8#e)j@}iTb)dN~$HM_x zW*u7lY!(}Kt~-cefZHw|G6p~YOYmkqkO&wN{j%+-F~A2#ya7qf2{}HJg2u-Z3a6Eo zH-X#ij9s!F`5tN#w51&JxG){zAvrNiO8Tt0<+_lRl2gQT;_G%~7ifepLWozw)I{t8 zghJXoaXoHcDt8{N9CX;Gr1T|Fl|NtbTqHX>r&s~GU>M>~KSWNIS5UAVzYh($%bP_} zh>t{w0t&JSAih7{&uCu0ycAt0Xi(mOE7TU)>gfU{y`CN$V$~g}(4Rhi8h}zBN0=iV zYQgmU0D#R!?KUq8ZuIgWg0?_UPagn%_79nPVj?fvi+8XC>nMj6f_+pf46iri4$HobiHWYPp3XWchI2#? z9|o7wIFNvCLtX}X9{F9^m@K!ucv@bbf#~!hQpe3F*MrDRN(~gQMAZn{y1s1-6tSd> z3Jz#dHE2b#dNph=52TNe7;o5i;jc>BK|?OCscSbXziI!D<@TX!!gKw9O1$F&N1!Y~ ze!ynIyt9%8+&5^iMF+0zEvc{H2%x0gW)rs%FbUjDk%22bd%t(;B88=XfY76iBizv2 zE=KeO!-l8c2geI6K!`^K<)Vp56lynwI^EbwQ1UC#!$MLNm)lu=!ppj~PUp*Tm_DeK zo4;kMG9v85KWPz|%Q_WSbJU-Jp6>E({Kx)#%?tk>B=*1H?Y{uP%I*K7)cZvvnE$4G z&Hps9er~Vt|7-gD|1jVdUcvF>0>_6k7=P$Me*GkECuDRac2;94JU}rc;>7U%jXz-J zJ@)k66V?j4*Wp)=-`|C4@&CNbdG_tw7lBE0%Nop*Seyl2u|GZ<@#@8L9MAAP`uz=8 zo&G=M4*&ibv;S+o@xM3X@1akuKe+(^p}ze4)lBbdK)gCStg&?M+9zClSr@Ha$JTB% zKKLZ3I$;sxue&g^F5N7Wwk}5Tp3%Ymi>yaodA>T+%K;U_J7An1NW z!d`B3_}3MD|7OIss`OOoznn+9Z@zhR3~ACLD9OaaGYY@`>!)~m-HrcwBISG8rX2d3 zt<)5*%+3vtm+pX)Y46?5{W{T?T^`O>7IBy{&s1g|)NQkPedVgb^8p@Rx8SOTLz4HC zymVDu(?dEdwK_d?BRw9j(AjnO?#;Ufuk&W6Z^z68P5XG~-7r~_<>&C;%&yFgE46&) zQ(C#5NLRZq?6+a!?ZTyz@uj~TG>xBMH`!M%%lY{anw+_!va(tL(1{34$c9sG<|mo| z`1wcL6N~o!`rT-p-d4^oE;X>aI=jMwYMySur@Ewk<*#3$p;5cH7xv9RzH%7Yp#Vdk zTLWNK9&x$CA^c07QF6K_93*~yeLVB8_c#Q=hr9>cyT%i5TQ7)EJ$GFE^~*Fg6_5Y* z4sEFMtWhi`7&QwN-+`6rKVPd{7GM1JFCH8E*~P#9MRPOc?}a~91>jPF#$y693I;|- zL1<@w+A@*9VcJQ1bJ5Q~uITd-buq%aqoAUQr-w2l2m&i5=h5NeDtSfq zE38Seu`+-c6X}T=IukJt~(Ee#JXbRkTU!%D;Z`go$2IPVF^3Vd$BmzVri8x#bjBq@H>w$i=A39VoYXFECgF89%Ay1V9 zkHbSt+UHOpWJ(foKs9K8|2>v|Gqg)Mm?h%iuk<84J3F`@^2qRjfE-yclI%KgI}Wh&i^c0#chkIy&87Bht}piuXb=Z**G{7=!?CAI@{80BtL`12^b95gx>_+ zAp#;o4=rW4^Li`wU2${FsEswU2A7oFpbl4n&E#wHm#(-HP)aI+(s1PSIr6^8Tr>jR9{5wES?h1D8;WWj1?ibC_0tY$=9xf3Vuh-IhyO<)S;`N@e1f)ILq zhQ|mm{w)!Q9J(>fEIC?=4yCG;Oly7Bm^!CmsrPu+$GrNj$?|4Uh0G%K9vWz>8$_Uudo%7m^8A!xo;9Lc6jwY))L>L}*su+wI+F{lN+=VlS4(EYJ zGsd2JXz9OZvBGXek{8Di1B~Qm@VUBLm~e$6)DG2xqt|++U^HZ--FotlD(ot!y8rPK*Noo`3mv41I}L zd#Y5$d#^?-!|Rnev%|ORc(q#DKKOxOo(vH{-#b~&mb6%lPsoy?&K!(e!N!+{r<5tc%G}*ug7&{8^R7`3YtZZd?4yd%>2;aphfmPxE{pj;x`5| z$_t{V;Ci@4o`YfKt>AiGJPM{zJhMhw1IgN5Kt9sRr;&&Q=eGhMnloR@Pe_?g^jmCj zy|l>WaiHoU!SxV@mJh{Yz&1-J+TtEs+we}3&ky9w_TfN}!A)0k_QgBF7(<8E93}!d zL~qZ(8G*3v;Hijbmd4VMY7#pCUo~u~yu?qyL#x$xSP}zmvtJ7VSDwg~?SuX2rOATT z7)6|ozPtAPt9cmfe65y~X5GL4gKXa`WqpQ?I#G`?KwhqU?*>3H3DZ!S1LSa{}&4PF~x`sg$ug%`(oG((YUUK+0`h{>P<$M zk}2vM0XCB&@NfAO^x0KRJnx3aVDFMl-$kWH!F8{CIt6R5r!K}nxE^Grt%q;Cm3;+T z8)nq9NyMQd7XTz0T#p?b0s0zF=;2|8ZQG1l`CzOB1=VYMZ%@xqbZJ$c4QnFYF&sye zl@FGDC_X&2&@d%aUL@kcArXKnNN_z+VvtUhoq-9R2d^-=9z|#vBDIGWMub20@j(Pe z#6~R_OV)G<@D_)305NH`=}X1X!>hT3C`{XkAFe0Rt;~ z_YQ|FqCMVAA`YFVqLPvXdN2nR?>IWDI1A%CK#=6fN3&HOhlPh0Bs))ieGOTY&`SgW z`I_G5^V>fGEK(9TxeqzG1qpM5RnF_rUM5~TFiywF?GM(6{5$Y}xV(83u0gS$$W)Ilcl{zD@qQ_g#p7 z^q@hlzAFxJFltqt4RQ2>CmoK0Z~iF0QRCH)4mF7R@${69wY!jg$-}23SgCdw@3y*T z{dFL4Kt2%LQiykZTUVzDWHynU)3P|X|8{hY0Ln#9e=AoM!x`XGtoc^ZP5lUpuMdGUOyz%*fs3%C1wrtgWsD;U|yV4lc7 zUtX&gCd2Kkn1z&Zu#%02yqCs88spP{eFaD@j5hJtsfl$xAd7-}H(Z_V;P9VcR`}O1 z9|X%I6G4=O1%Qja|0>;Rs()Wly6Gf=N$>&`qfBG~^oy7LdViXmEVmb5{Pj;Bo9x-q z7zW6ZKwy_g)_Hy0^w$sZjSqP?Kfe?o0DIEM$U)BvPb z6?135g7W;|zZ*ci;Fev>Ps7Nj1oRh5eFYT}I1aePQ>d>S3|1XF`18H-zt?uZTzD}V z0G@R~t@VQR8lmM=h4kRUc_KQe7d$+g2#z5{uOKkSgE4&XC=wf!@uv%3JBPt}!Cm>t zh`D|zqm<)MmJ5&jfSuMPymi4ZU%NASV_{@3(1W!EldyF{dg#LC6TMGp(LXnD!Qa#9 z9AEHU7yf{TY3+jhvhXK2PcAG<7ycw*?ZV1(;ZOem_BI(!!i#8f+}U|+qF?Mt*Te`_ zzCjI)Y|O38=4xty%2$+v7dld-DO-r(Tp<;fC^!_!Va zg4&AqS%bDSGlsNu{QkyTFD6Cu@`T$5jGH|DxqSt-GongaPMmmN&d*sI{pMKP z^c$`UwK_W&wZ=R*rwXNk11U9w+kZ6&@{(5rmBWK;T?GY^titxjUy_0}>gIJoRl z?&_^V?Nq}ii%+-I8yX6x4L-aH8Kah7sA_Mgb@$vnj*luQ^LQ}n#EHs=_|9Q!Q-c^Y zOLj=f+4P~I2VK2g+H%MLp0ssyWxLETPG{I?x%bbUl$d}VEBk9>e&W)}kpVfDp^Fyr zCF;thkDopMx6`+852lBP`ie?;T0)&pbqv&%G{lz;o9l#GwTRd?+GbHHg5?xOu8jj# zl=PtqUN=|Sz)IP+tjBA*tfosgby-oWs!|5NS*71FDIGRXH%~03Fw?H&={J#YF>0s` zNiuv-F)OApu(9s%-)XFP<5WwQ<+-AFDF=qk^&-^s^GijI85t$Q!`rFstj4EKTE8nS zOo=(%VYqEum;a=fT#FHHf4_96@o&qX`$w{K zTi8dJDYtO3Mfi9&q?D!XG}gX?|Bg4*)3XxfuZte;dQS-qtmX-Ml~Hq( zB1(;2;jtDYYpZn3nKCTJt3OHJtlbh_Y{5}BloVh7TX1k^OlW&r2DNYFD~T4&jZWKX zEGVeB=SgyK&oKNd8Q9nl{`h2N#cl@;Y}SI;|&yN?~e zR7-UG!wmK2RDmJ$=4f5qi|Br}tybx-g3%|UBwP5389gN=O#G5d%iKWh^{d;zep9!Q z@n$>jO$=A;XaAs~;gKYnUHdT%14(1Y< zh?LO`yzcMh3W=Z89oQ6Z={C>vv7{MegQlq%c7FX{ip8hF`t9=e))%>8Y}~b{xZEdvpYYnIxR*{<+y*|S z{2V1#Eqs*P*4D}QLm=Lrm$}$f7v*h*JHOGOu56N#@2ZvHq52SWs-AapaL$poIeqmZ zb8G86l~q{Hl%&LB%A!T9{F6b#n8={^s?IP{qu)_JeNsHxV$|HoYc>5jpM8&UXoy!A zRm!)=HMulfC;M99r(yH!al>^y2P%231X%k5xqJZuq8TFy0N00D6Cr`E&QT+U{|H`-? z-{5PlkQvTUSJL4xT~(tl)AlgK*ZqoL^6gt{ZpkZFY`)MkHonJLLXz8f&mM38)}#g@ zAGP`(uZ*qhDs6|7n*04Se7#gOtpnq6?eQjNX3EAE-IWtVW8re0jGt?F8(Z`#O=EFe za3o^KAI_$77$@u3eZ{_7G2Tw)Gt~1>_GQ?0sF=dc?1Hyo@w%{5!!u(mLx-lynx2S^ ztsCp{yJAj`2Cg@I-v=ME0eN5ADWQOtxqqN@}o}+_Z^7z$VGuN^pPNV25G+ zfKr5@Vpl|lUFX?5x=)@)4w)->OeSuv=|CE;@0lDas95JS|3D8MU{b_W7ev93OdMJA z?-$say{D{QTejl8T3n0ysg~6%^d~Y5<5Tw-|Mr`=1AjlBR_d_38=ifP9sV+Xu;6KO zULNj~2zmeXwDGf8DrT*5&pN2l>gsOE<^IXu8wAtYjRo1gL@lDntSAj4y{}u$SvaHK zjIhv_kzIW#n>j5_-|ImVwfY`OG`u#GbAA=q!T2E~^RlcQ6Y~$|%FoXxyRl_IFg35t zH=tC?cC`ugmKVK_d=s=dIHlg!U$%pB;_4pt8#hW2YW~);N}aSV_l=KCskfxuTHG}( zdG^&l;XzMN?JPqx#<{~3ZLH>@;Zo_eXNIchK7G6VFn%sF-mS6BJ{d1`R9Ts?Kj;@4 z|0`>_sX~&8ijM~lQUy#xUdL9xdd$OLXJoB-M4KW$)tdgY&X)4}0J*a4Yq>_&za7?| zetLQ8ZCp7q>RWPt=${lkzN{y6d@!d~BNG3R<7?x&{&U0T!k7$=WfCr~cd> zU3ErT?iPOWf|+ijzux-SHy0gohmPDnY*7}CqmP09kd-N0#e+la>;8MWJ#XwAt~C5c z=P_qX)suNFDQx|f9-|?>1m^E;NJ@QlpMkT(^^RDRlm!Ved7qpUTn4by>f@sd#(N2&h2CO(47(ZK``6Jo${zd)Q7O zJ^a?AN0S4|Y2N#nE^9dJFgH8fNwKm#Z?V#A{IE^=#FW>7T!c>yekbK>&yAH+)82Cz zmMr$!wkJxZ;k<@XQ&-!itf=JV;ntY=$>mF*WlKkT$Hd!N+jtvy^$E*0tM6H|#4to! z(Za(m!lAsnf8#3=W6If9#dhkMGOYK)i`QZ&2amKw({I%AOP={wk{l^w>}}lJx6#0e zgi_@ezSc5%to{9a54VQKk3V?y2mxc#9HFiS$13HjL!O#@^306Bf3j-g>+po?l=6ng zK%;@@ja}5oYsT9R{a>8R z!|?LaYR2BW4VAX(Y3gFs^o>rK)PO zYl${quuELeW~GW%xmq{=doQOv^X;pJ_emrzwOtF620+6}c$GI{pY`Lr70Sb8|HyV*V2*P&Bi#EK%{ z)zkDOS>4Pph|7vHsh!o>WvE?v(WHcORnINip(( z+gxJ221nf;SG5Ig$F{f@eEM`4d`=7e>2BRJNbB^{ix45ZC1+XIx7TOy+$peYPPYM) zqu2j?ht}XAgMdlFMErT3Fv;7?2bF2@_GOuotA1^-e|;k_^DofrpP%vU(CGK0q4`*} zmj1GwCl_;3Ndh}}dH=slV)E-p+>naP-QQ49zHDSXnfI#!W>~S4SJl~f^eEr5WevcZ zjxJ~?{CJCMS*2%^nws=ei)ku+HnsNrCxHC;t(&U<_v>3&e*XCN`TucQSf?-i!I7QE z{`WfOf1%>8Wvb0$T=%K#amZv8ug9fpFKAePe-TN=qko-OGvMzV9!o;r^cR5vd$yt^ zzq#C`U+vDrZU3ie79cJm6Tm(T_BkX54DzgJ`el++@}nN*-N#^|SrSsk$fs z{VMbSBIPv?RP935uY)Duzc;^fRUySjAna6Exi;uHa>CZf({0%P^LIz$>%!ff-sBlN z+O@P4P=Ph+&Yy)BZEbgL+vZ(aMeX;a?Gaa2e$HpC5qYJ!rS>W7xZIEB>6Hn`xZNx) zJ>VdMRxJy(ug^Sv@#4kwFdhN~2P-!@!1eup9fEir&9J2O%JgHqhq# z(+tuB(7|Cm_BcJ1d}4IX-?d&C8V{{tq`BGofTRvG>`ruZ0pS0hgNYn2Y5uod8ZnsM z6dEmwxa=9K@o4>}NAkKhXey1sT}!zU=9JMY>E?zmU6!dBprDU-&T1;us8i6sbx^75 zF9%^fYt|c;T&pWJstGa>Y?dNxk^t0#a^p=nw?sn&3V>9bA)hw@5gyP_n@y`EVe6e~SW*U&Wm;}vVeQKSzr^i@xqh}0EZqTZ*i-=^MQN^SQLf7Xn{e3hT z>NdOzK2;RN4rklo9W#p7(7UT`J3cxlple;~Crpujg_!{`>WO4C1fE_Cypwal7;+gv z+810pvC!wgbOeM5vOrTY0ur)JRp{Kk&qxXINj?A^K^BHl?XWj%`_WHbU&b&wOUf5)CgKWZjIW3q-Knv@VD!9 zjawAJf}ZpUT3Bf|Oh$>|BUWub2I)iAU)oC)!Jn@JIiOj1RWiV7)4e)b>tLGRi^o_4 z8mZ5Qxihk$ukM}w*_Q~oH;;-{D;-HU?sy}g=_o#;&`LX7VDzz!{CboA3N8_>j}A#OL-JYa8; z|4s4$Y28$1q21~^!+9jHsI;^O67v|*Z=dMWVC#_{+O`4DPX*mcqwE=T0QK*htFA|a zA1LWB(tKmPDFkS0LObWL5&!R_-hv1zUUvW9u5NU1u30ULOsB#%kF-b8(d)JAgWawk z_=03yd*&m%RCL7BFE^nWikn7Jk4*0 zM+34{HC!nO5u|}?ZXx}i6L;Y^@|56N@cKIqCZ!n-LNoZr6c7G$VHG1*B=Y|FQqu)a z$+ZeC$-qp4qbF@UaQQCGCqGy8cXcWD9(I5FR0p?Qz7ft#?!Lb2!G`D}TBC2s`Kb5P zr$7u0Vk!^CFbT9dR#OoUhDJtS4O%iY*R-xTgQ5Uqr#yWMK%@yrZs&aO-Z{J$19Y+Q zxIl*ij74>{MFp;XyxA=`g$2Z8(XY09&z@c^I6}5@nd7c$z+xlJbMBa_X{Ip9Z%Fea zd5|W61u}!kLS~z@2s{0LXI>KWY6J{{&rrDMuEKIn6%-RiyxnGN>#*M(zO`-BKmVm+ z3#U@-5g^&-<2+36^E&}u9`)pAb8q4XjH^=5usnyxNDVZC%{d4E-i0wHYQWvE=}3!< ze}G$DWOEi|K#mlNN_375CN_PKXxM1Bq}8RfFEtgBxzXL*=1NQOmic@9(G{!>M1_=E ziW4kZbZvHmPazADu6q)zT*wzpD~lYePJJXYb(-`?+d+uXZGxPM+LD=GFibu@TsQkG zL>y*qG4mm&piN#I?x|ja7SXy6XbhR6`P%~~S4>hsDjoychA!w`g+OqzxgcY1cA5?B z2+YY-54GC-9?U1uSa>l!&3dy5T&=N(Ba#R8ios!lFh{--%dsP*fktO9wmtov##KPw z^7clMIiGy6F%VI4t_dDd;KT5B``PsCe(4Tmep^_WZbNHSIFJM1jlwOBn1IFOF#F9K z1K@gCpk2oNg4I;0DLj(KM@M;QUKRGvHyI{&Yu8RJvYby0^5Go{eyWp)ZM)G z6}7bP{KA}Z?4Y6yY zZEmKgrzfl?Lp1Xob+Og0p#pP%{=9q5IGWwz=vF#Pn?&Ek#^^;iL%tF2IT|s`a=^5R zOpfazbKa|6_*=g8>(bn$Y!NU$jgFdpBUD&Hz0v8>XBNfoBK#)k;hs1-omx`1<|aD~ z!y-Uu3A6)CkN(d5#=5qwxFn&sWK)}dyqK7w^WCooA2%TrLD^5@rGhRf zxN_u4f(dZwZ46>&U`Xc;aF4Bf!b2m3IwoA<2u4~IUKj%!wSt{|G{|>ZSy&2U=Sulo ztBD_JWE}T?w!6*W19J~g|87Jru+S9UlkmjritA}^dhJisECd;W9%B^1xn`rHlQ;!^ z!)84_8Z~Hi%40L(sk%yN{m(1>&O8fvLb3}`xwF3ANG4eVufA5IR=!r0^7=?l)s{MN zPo6#AdkyxYD|obp`iTmzH3r51Wl-@yxc-(0R2}F zjQE0GWVO{coZ8lKe&+@I$4Ml;IU0jtvZV6U5N%~lO-O8rGc&rs^)){oR>i}br5#vzOJdrC8zl6a+fgVPvVIHz49zu>+0@d)h4W6#Xt zT1ML4r1{=$QSX5At`_HQM+KR8Qm0`f$*G$3D%oywYN`h(eKp!IXCM_5BpW{kAX z&9o*m&xLp!$%3}*o`jP^AIgM8=3!SH7YRk>X#2?F5b6=)q6xT)wHysXKbs+1vptY| z?b1aO(+K}(_gS<$yAi$!2jF(;`XgYom0AZCk>u<9S4GC)Qv8GIFYvyjl;V^uS`I5f z)S0n*%S5B>V9YLt4I6aI{it4thaK?2TcXb!;A`00{XiA zUHrzooF~mjL)F^+x=YIZ-1W+q8Eoh-GLiblKh7g@F*gs zq&Il5m8;^o#9amntCxp`CcqqR^Y#jJtdY5I18AZ~g4rZL1wtm~;d~rQoqq)LmlEdC zw3?oVhF{QvOI=!2SY32>;|05GypYI!iE%)*$k=xQ`n7PUhVM_Uvn=e{7sc!;dH2xP z7NmZNsz&ZwmEZ+nisdQfLt3{>;$_rrKA_lg4MFckI!njlwVLNKP45`kTnRIPhp9N zw?kxO6%tYdXO6J-I<6x&m_o!1Dvbh8H{3K?9Aq_Urh=f5YA}mm7r^8^aQ@u={kd_| zaYMr~y0hoQOD8N7wWNVY%mS-|sf!t8*9ZmS$Se_tX;-b1x3o;LhA{D>G`~SaOePXI zSR}z)H{@I+Yd9NJ-V=(QR!sPWj~MKSxFKfIX}X zMPqYx=s4^+n>{e82_M#I+C=~P~8@f?aD^ zJUr(?6qLn|?6vd%z6(*NE}buL+uAP4U5k}mwoF$1UUPGmE|L;I>C!JS0IY!(eFWP5b(W%~pAz{AD+*5b#MKy_a6T7saVw#`;)N$_vpL0(my1Ri z>kG4aF9aJxGL;4$o&D@#5GHZ0b=df1-&R?zgi8rdw;I?LM)(rz2Ex4)bRmqc<#fzy z!BJrQsASt`R#CzHB_{;6K28j*TB%F$%i)1U3wCS@b?O$rs?I}P4H;JPVyZ|Ft1&-? z%@6`~lf5)$MMagMx~=rzaA7m9wF<(ZQBY8NP-#nDf@=UFWWW-X7~r}2`(KC}Qw9|o zO7R{HDf@sOC$FK=&qJ!^v`>zkdBE7bp>3&WNF2&Jfh z?x`ER0aaSeP&#o3$Fw(gaqOQ;IcedJSR=O}5Nq@xw1?hSCb1C8swZO1PlJ%{+M$Az zO6J5)V!U7*h*PeYob)hgOPt&DoyT<=Rx=+slbd9@`8Oc8-bLsSKtMP&W77#G+#Z#I@0pI`;JD{4cwX@T zwzQfm1Z-Sq%TK7qK(DGmZXVnNd@t@L>hMr=(Ad&au=#qSI+K8D&@nMp!I29Y&tjJR zmQ@=fsc+hTw{7d3w7*m(5C&eOChF*ca>4#*FYtdu!{s0i^4krUwy^D|6WXUfH$K;L zj(hq$2Dgd~9$uYqk(HH2=&f6|9EQDH579?K1l@xrnTBd#T|io~KHVZlOjSwgS#;)@ zisyi!fPe}DRVBiFWWpS#7@vbkHOgP*5LR#|Y_sGWVOkK3kyF(@;g4`az%c8Ad(srw zfg8ziS0nohMdR^CemE7dVw&l+T22d>XiQM)BP zbRf>H*^sBs<_CMjNTaODtEJEOi{WT7YqXFg_)qKHY%&<6S6M|wMK2%#S0i~PsgUr{ zyPZ8?gJzZlhi8pp16X&sD~@0tt2lGxs6v)X3Uv@T&qEP#F*EZKK!edD_81)`I3AsY zNWZ$l6Rjc&;=cHDHUWV&jZRH@5bFJaNjPa)YXjbK5LupX+Wi9agw!w`hs!584v{ub zOXQ{Z$&sEK3F5K}8KwIevWJ>fntG$;UgTTnAiUK5(8UcigI;hp>o7MfCb`900+$iM za`u_b%Na88fjevB1>7w-j7^{=_7$>{1x`aSgwWrZEdvy!={Q+gKM+1GFpcn_ptqHL z@Q8V758F);`_B;dBCss4(p9S7jnlKP1tS71yLXc!>Kx8EO$X5TF*zX&+RR$33sCaKma4v0D=GT2CObESNY}e< zZo&!2n|#~MJO>*$IU;k>+ub;Wr#{}MBOnq4MN)LaBafk6*30+~3aJIl?V&U4Y42CY zF{F5-mD709VF zwQ+c|i_&YBHGhT$Og13)ic#RU6N5@rAOSX;YPbtGbYl9&@4I|}|Af1%>*op)u>6a2wt&al`xlii4wL>FM~WZ)-}lu2BTvm?+QL5($Djm-;@@U z^6%i)l8H&(>!?@Bd7>voq^=_X00r%O)Xd1r$eir-uGug*TM1%s1i{=`S;K3mqr*|n z_G0Q;lG?Xv35X1;g~yxZsOwin=|sfLfaVWR;a$b~+1XE#*MRumgL@q|xPMpziPseP z@dn|)fAxek)eMtTx?%QW<|QVHp^fB;hMyZ8;09`{ha-bz-oj-iUYHG06suI)7e1Ih zS!%qc5&p|Eq2so|NC9jFf_taLH9HfG+zMA=LUtSHwmEXhfKRS}{+mrIpjC2q!qhD$ zc#n@pf93UfoPWh9UV5e@*C0y=3%9k~P14&rWGpK?Xn*EIz%c|u(j6Swji92}+&Cfl zCJlOz8q6vmdAnY^I%Q(q6Mm4R?{+@Y0Wq4l#T;^ea%($2w_b35^r#LCHo<1xsF;Gh z?+cFjYJ><*#yO2LY#U-$iQ@;v*b8mcpV@a9C+Rm{b1U_3wa{7d#~(E%&*zf9wg2W_ z8qzvDMu(MqZnYgKnXiUVsQp+eXHK6+sP+*{KlkDBE-M?G%_6)v$Z-r@Vtg{S5~|Tv zl+8op1$AmBE}GNeUdx1DccC>+HjZg_`HX#{(9wkfm&i3k6fW`dVU5p!=KV@$(q~%` zD~Zq_kxuw)&Jx1j)bxRgPSthD0Tm;Uv4s!4&pt^Z$O1XOaVVIf1|d{ZM+(#dClLm+ z0U+xq&UwKzAP~0mFYy@i?2+4!!XqEv3JTCvbj!sS7Zr_wgWZh?6*a2n)uTU$nJztn zPRx~{T%R4U3zlHS+>bEGMWEB$x3w4C`MRBtgtVrt&xc}o0q%Mgq|qy<4f#|P`Q^wY zZ`|mue#ZuAkxg6o#TA+&;(UK!0PcuuqT6m?m3EE_3#)*VLb2_|K-vLR_OJu0hHNx% z0){jjnQteS^1H&~J4PQMw4)u$VkC+ryD?- z03Mij%#%1iv)hGg2HjW|=(+NSO)$TRm=ToSJU3A&>eKRjF3h#bz6JzkRwJ*70z|52 zR^11rN1|dX*95*rKpV;XahVwz)tCuDZXoc(5dB-wfsruiVdN*Lq7p&+0#g&03O66T zfTZvR@^O9mDfHAvfl2diWgDy?=65LSjBxYpUm5mqUD`cBVLH+_>>t(tpQyT5Pnz$^7G39lV@p-P!KnM$)bt45!kw(3@4_ z(W?)bn7U(%=f))9iJ7^bYcOFNHHp)XXYkh-a1q3j3?gW9ksE`>_cQstYR>gk2&J5E z(Y{>#HKYehipZgnOaeZlpe7X6xZb!ENaYIZvGSgFXKOsKI$w8W#*_ zCx`)r&=IIdhQ5BSfYN9L<6QNjhIEvsKrHc`oMCOp{Bd@lpG?I~oI;`>{pHISHk8lm z06wZDxHE%b8hXB)luJbNK$Hx;0wQ`uheF;~vlUlEWIB3qw_ZJsler4hAp&rYM4)YQ zrWG(+4SY*x{O5)p^o0CFCK^M7g1+3_<0pd%Cw2jYw@s1Y>cT=~wY0G`>R#+zdSsD! zMr^ojY88mWBY^S+o0Fel+qDL+v6}e$iHYCH2lLIta7QAsPoPYjg8xPWM(6F`wd>FW zH_+vQg6RTuTWtqO8aHnU4vO6bPF-j6Lsaw1JPY+DPsSi|)ghLo>R4|e;mS_|uNozK zn@?}HGZ37OnC6^dKFmuRBfjFx!Yy7 zSuO^f-sti3=Yi%_f%B|mFl?-rEA|CPOjo_k_k=aW$|RZiP5hoi7g-Q1T*qaYL`|CnxoCv@>Y=s8*tez1%R4K zy@sp>6&P6&Pz{A4!eUN>1i>!o=;{XS#|1erWT|1>m~Gs{%PS9DD!OV;8(l?}49hsN z!I<-t=L-m>9TvDuKp(~CaEPiayn6<#JR&Iz6oySH@{tHsW|4^cjj?x$&c*uky*&xA zeau^&yT{+QGBzwyK$4osjieSUY74EUu#gau!RdpWPDtV8eUzUHT`8isgWAk-?h!nh z^vnH(rN)ihhjx(Rnk0r0O8xwyijDzd6O{a(a8lw$1qy)i7=k6wmf|m0=||riCF^4c zucnf7fOOwrBql&VcgDS|m+U-9-A<88_zMOSgIgD zI$QnvjqZGKyG{NAvF;1$=0xsd)e~kdhklI z#(i1!Xc9HAApH~{Lr_ZFqn}&=$!I%6T;vr%es!f$~7-S!H$&ZYu=3N81z8q~$=yUpe?_ zTWD(?VCr_dTxj^LyLYwP0Xz~?aU?h0xSuy&do^Ac=G4~sgOw`^%l$GZ7pkHSnf+`8^u~(IdQ6aZ(J>XUfm%4cIv8Ii#uDE*0ACTK$8YpXf@oIc-PPE~P zr!d+D)=cjN`S~uyLS*1Wyy#r`1`=n_nx1lI zKpwvDEs-2CNS}WaMPNLb5AkT@9OuOWD`tytLj3T6C{ynuO_+eHxLff2lXQ>ZSW*mM{Rlqi554Y8gp zk@&K0$&;&b?9~|R8~%dp2U>w~@Zx;_Q8-u#;7uqG-TiMElryap39fKA8-~$nBwx4m zfke#P{2^xS5_qggxVGieSk4kU0$(xAmLTONd(wVAvY}?LT$8NCVT}ZMxzM2Vy3t%G+?0E_OBMycS7~R|4Om z)e>6(WR6ORIa_*e>c>dLDm$H!29ThA7xyTpaX41d_J(F|P&{tYMs6fEa8Kw#NG!Uh84Z!{e2iZu~lI97y%rR zy7hmZ1=>Om)RiarpmOIjTgEAk(S^F_O2FZutJ={%1n=eggf;wd5eQ)qeyLZSnyeC~ zf*NMKJ#q@Y_IFQKm#VV-`R5U!G5qvGsEJS%zYmWq%J}+bh4X_4rj~OcE!6X50dK|n zd5dy*WgO7*L#F-3@Vx28Nx%PXWZKPh0*Y!F%5?Rv;OmP{5ccZ^5=HLW`$be3KUTtc z)MBq?F=-*qxUN@*9xdyR9dB4V0eDY6^H7ex_}BIg z$PH1_9UjeiQfB6r6+4}ruk`@|^Kr(QQsUo;lu<&7=9o zFl0KV@kb9zEdv7wBhaVc{P`jMdU07~M93+x+=V4G!3o^UVgxW{yI{?V-+vDq6Y4W# zjxyL&i{Bv48@@Q$6pNjU5f=US^>*o-8<>McfIoJ3w>@c?*5%7Kn-V(_S^^04^Z8Jb z_{Dtj(Pj^yp<=HpZ^q*x1(M?goK4h=a{Wj{H1>!ln%YR-_IVccg7}Sgu=aXE_^pye zb3`ezqiGI(A3)zp_W)~jqhh^bStfcPHN}P5Ax5z#_hnn~C!y@o*Nn~;W5bB;(H0l5 z|CUlU47<^Wct`kAc~#xlh86t|B+1V^!3Y#(pNH{?)FZ_zy<)S0?yl>Yog%eO zPFW#R9%pR=tG&7T_In4geL{RqidA#2B8G=#?-82#cw36`GOR!K&{=hy0KUFzfBX(A z#u9|XonNX{xf6vipQ#8KAmOpo-}TM%tn9@RQK}MW=P2<`EXQ#4tn``dMTeOS9P{(3 zsq{etur*S2THOI}f+cfvb98Kig24T|QFugkkIb*HBb-kkKfbuv7A-ek>N=frf|y~) zG`vNcGD<*%zkXxBCgCUl{?)VYH{O$xw=);>Xs@U$S-Dli_QUZ!2CYt;?@Ju*? zrk{~u-PIMVpl)pHKISjF8KTfYlWyE;GepP3yi#ypfXVW{x5yPPebMQ8fQZ19Mhg@{ zT_Lh2Aw69<+C1igiwm#mJt1^VBrY9()7J#>q8l5e3UJ53*FzXwcz}9Q)g36r2&&~x zp8+|!J$m#=>=JP%Mrb1{=6jg4b&M<}u{&SEM?tTSmp(EZEe0?66ErW@I9Nt6f`wi! z^K}|kQY6ki^BD1iWgG&rXsal5Z17eBR!n-YPK7Bl_~`PXQd_;dtd1W23$;uQtiU`A zqy9+jNE>e--nf2!o9VcLg(c$mZr|yZw%|x1I2}Q>Ftf^ll3J|9AotFJtNwq$y%sRn zK;<_wp&pPa$-#g*0cwqe7YyID4@iXBbF=B6luj`UA6U=K9E~8ThkTW95H(6|TJI+E ztgm58&>8cAQuEL3KwLlOT1xyzlOslEYj>4h#%iwh;Q%{rv>vv0$aM?)i>o*8%c-+Ee&sI@;5j?Gc$;m z3w?-Biv`m+*>&c_I3S=cT#GYg(866=s1l_x1F{I0iv@9a5z7tS6)Jd2` zq^CyyRefIfA3d@N*EiUN1f{C?3IZP2BV{?V{oi+y>1@hir=Us!7f%N={OH4&`eTxs+D0-*^iigj1`k&Bi8~vFLgb9BE!|TYZ zc$FwP5EzdP7S6$f?l(Pwttnx#vA9UnlzE1UCE$%DT|hRDDe?Ko;a7-OQ5dm2STBm` z3Dg)omyc&Ulxs?84I*E!_Z4O|m*Z%AxcDPd)d=9De7;_&XA;q4yOHhzhrG(i_aoJ> z3M(H!{2 z9p)`Vm>-32^G4@kf?25=XVwJnCp1d2x@+RZhKodgw0Ob*z@jzu2(xCxQBf=fGPrnT`v4^sRrRBv)PqC&+JsIFU{Z!)dl%yYIgHeeLn1$|^T|uf5isV~){#AAM;5`k;vbd^!XAU?uQANyfd# z6HbLj9sdAO$%79LMjVXhy`UR%bM7a*C7S~xxSH}>4Dl=YF=dHU^8?f9I(q`5x$|3? z9tU6=vBmW%S1(=+@cq&UwxitJ_H1qzEQ7E$lhwyibyY28I#ELCw(gWK5OZnt_rj=R z%bGPWxJOJE$LZdV`fb)M{d|Ea_&ACOIs(~A{v?Ruj8SE7>aZuh!eWggyl%(D9cUrE zIGBuW!$gM$*%E-X^H2mq=jT#4H4?iG$K_VIJUN%e zoIgmgHYyA$>=S7yiZ}|3Phy&M0>lA!gd?@bLhlic(UU|M?Cyghiw+I|8d-UjMpkMA z%OVJ(-8j5FY_*W_Wq^m&)DOaqJTXWtj#m8B_y%4@La=qAS|0?pril*_dd#Y7LzMwR zLo`q3*fqKmy!gGkt8$CsgNzSGLpVi*VDglp{F~9-(Ia@_c%1;Z;?Swd%g_fW@ytM*r<>wNS@L=Nn&4 z33pr-n|?aGQtqD9(CLk=e@Z@OvG9WGM)5#U2y9C%jKc|qFKK#m=HZ=y2FoB7(ow@E z5ky(avipiW_a1pJdVyO@3lGxTcaZvC>92ba0BiutF?Zv2h1f2rcXZT<3aR|`UXDElk>#6Fij_!GAf)m?&Y=u})yR?cj3Ms$|dhPIZdXKY- zqjnPel9(4{Q}8h}8fkXb2CxgX=xTiWQ5-97IjXRsNyprBT@Q`E#_ajauslHnL;;x~ zbDCv6iU=kc1^}8%Oi-?^5@i~^fe0Np63E1QZbL|Q$4tLF)-z+}xkzqLoF)PqQvCxs zvPuDWl>srf6V))hxM>Al!46Q#fukO9zPX}SKFVG>jsM?n1K&*KK$Gh1A~KzO>&_YL-i28JycUu zaIgPkL<2Wo#)YFRMgb}wF~d)m8}{#q06n8oZ;Y`VPQ?Ka031v2LG?#yzlR9Z*Ya0#^Dc$_s zhe_f2*TloFe6s)02h~39+_1Q|BiEv;!V^3#PFc;}*zf4=9f7%e-ywYtC$k>Frt|k^ zAa#Yu3u&iNH;|e}WbDgpnUpto%C!g^3cE74mu6)1p{%w|asCc_FeqOrn39mc^e|V~ z+c$6C0f!)D0bXaa4CME|Q!Vv5zzMD%E<>*yS2yp0R~qRt15dcZh)oPMq!V%bsl{~& zzc>U0gss%ebEbZ*zFKGT-7KQRPwwc3&6~A>YT(kM9*=ZcCWLg{{MwO`1D(>=AE6NU zQu?mD;^S3JSKrQ>(=TP_zuW96|7LdRc^npA-_wpu3z5${bIsuYQFU!Qp zb4gf>VjRXF8N-cpASgct*DPsh?9Sw3uB;ZY2zNmvtvkw=`Q!^nC&`Rdj*Cx!r7_>6Q}vPE3sgm$glwY8{9X4J+{VG7xO{=CZU zIsGtOkOdy1*--VRkYANWjR1v#@w|NJ%*)0utgOF9W<~j@k%P`oLPc6$%%cFE9?$R0bvw(NgX$0EgE^Kx!eyIka z*PLBeP$Hxld7}b(+tAPu^qU$oQR5h)L-02#jGU z655Q@Bn-On6Bh(uby<=#FiBHg3K_iz`^4?;eU*}4>hJ`DW;bd=*vA(q&-J~VzbUVJ z+Dw&JQtv`eTeC|=Ay2Ec$FTACbL&hQ>!|R-ug=wpLnw2v|IS!6Uz7&#-33n5Ej@H_ zC;Xi-aVLLnAEhr>AbTG`ozHIh?SXg~PE}I0AqzSa2;Z{6C&sKja zAA$=M8qMM?dNVlPz5hhR$Jz2`a!8t=|el??i{Oq+ZA`r$Vl#| zo6-v}M&{{0-j}Oi%6banu=}eUY|#BR(>}j~F^oa`veZi&ibh>-I!D#_?%gU{fAsu$ z*ZL-g1S3R*i}^mufDWdC9-quZ6)Hv$d3mgjRavB7LQ-td4;Cw4Zc%x~_5`Xz_Q zJjZ!ugOHmmEh%}fdi9DUmz;d1NBSMV!kx>zcRtr~V$h!Iu=ea<->x=Nm+DP3wHJDE+Xhg>5uQ2dx&bG@KTp;0O2F%`eXx{w!kCBgl((}i2?x>3OFEw!8 zW6*LkS^4hk*RSWrB5ieT{UP5&UuBSKr6D$vl2%%}<;kW&S^wxaErp%WFXYOW>RjTV zoqWs5sZS#$MXkwQJzmUW=<$ks*0*j2dW%?Y{n7Ping%Iq2bfJ8P~WfXc4XkA>tazh zH9p=GMj{dM`=LmM&MR#1<{8Y1R!oe-qLtlfzyN;c&V7CtxtRB)DE#7NU_Q6I2BFlQ zP4X6odw6(+LCcOXSCJ{LW9fNNL?`%E8`HeSYQbXRt&dqd$P=$9Q?Xuqse_z0f=7R528|W^+&NC%aM3p6~*K|lG}z-m9KwX3n>dvYS%M* zPPmgZAgCw`ys%`+l6kQN1pxGPDd_M7TFW6UTq}9;p_^L>Xq{By9>B7E_*^JVxv6bBAfJ1TifSy`3%0%HD`pDwaoYhAbh~a@ z*RL@SxNP2v?famG^AfMsiq}G`QVKwxdAVH;nW_*sw6ed(${<(F_UY3O96U%okpuhQ z`j~DAl7I*bPWA#(M=xOArFs;;ZIF2wYe}H10l#vX-W9{pbmF>S&5tcf*6w*Vlm*%E z7SwyVK}K3Vdo57?q7A}&!d$yHsc*zF`zp3JcbwV~tm0hnS#P8sFdN6VlH|%o7No(3 z7paH5IDMaNo+zca*{m17<*!^!c(B9bFrQW{ua5LS`YB$}ebV}km|i$wFl%gQ!cK{5sk={PVGZ}I(7>L@O8 zvkITTR>PhqP&Zkf&4Q@0EjDMdOkg$V3#s(`O%g*5)oXv)KqD0~`Ys=LX9^}pv|c+M z`UJ=GN^b*B*@$=376?B@^hw#(g6tDLp^=#L)*lPdgHkYj#WMt@Niun&4#&HmK4>#n zU$X$5JUug<$KR2473JboD-~;2C`ZGlr)Ue1pcE(u=G_;@?yl~ZQuZdop+F_~gq)kQ ztMe{!h>3-3y%e7}y@C>(j%b7|jV-&qG1ky`J1WaU9;3M=tI-^L_39-sE*2`IHaH~+XjuqHBnIrWUkFQS~p^@ zq?mlI?u54yo5=4UG)`Gm`mN`=uD9)ivA9b+z$a>G@E{5VJsnEs+`Q5d_Cl zoi}@%9sphC;vFmusZJnT(5|Q<{})4`7_(o>RLRzx*6&!F8v%SDV{kkeL}beP!2Tl+ zEb4YZ?#a=S#~~4J^rgDLgB>(hG?6~F6U-IbWLO)iYQo2Pvh`8}cwM#P^UJ40)nYo% z89U~4?tWNgvk3>2Z3b^THWKc zS||wd)2+wamz24IjT&(W4!s=~a4$@zD=?5;1PBXd+=|9az2nF%r6Km4*N4)$da0#g z*z@PoR7%X%Co@rW_10b}WLAu9+hZN8KfwDXpucTa0b4GR64x9uIQ121c)&Xf-Xvu> z_l|P;YJJQRF0JgFBgA51X7D}UC51C)_eT{tKc{D?Ch0#!q1TPf4r4wRHIV~ z!S3dc$i#`zq54tRdh<>n_ubv6(bd9-k}S>H`AVuNraj;o;+)si{JAUIc}(&7c4NUm z0=$GC@@W+1n}52K3*YHE-^co$!Y)pPNhxrsUwXVns3vT0L+a<&%|@Lq{xjw&De9n! z63vh9UqM~5GT2_k+B(rn_$!le%dWRBwesD{s)v~GqYVXZP_{bO5G4#yYbvqrMWmqv z9*5n@#0InirhFA^8WQYbhQ9>r#1C0W>4H!$RcBE*8fGU+n~7d^g6QueChNnzR78)KIS*d1bwrtytJ?CC99qd9XPy*!5%e_G@){WUSxijVX z$&=D(JXniyjhQ9Meo3slNiPkl+i5OuT<-Su>km>hV5xxz_v{iBJbYlRHdUlsn7r1w z=j^-~C31fI9yyqH5|5IGgF0vwCrq7<8)|&AKL-S{hi}Mwa#WSDdz)c|>)?HyInVZOVOjasn2no>820J9u&q7 z{bm#_Oq&SYwAPY2bLZ}|R89pXsFO0))eHn!Jmy^nx70mTzu&%&1=r_4N?IDGr$^M) zy;AvWx-vy9cp|4aqr8-7l$Y}`xU?d!xJc?^fSJh+Kfh8SeEvvNA~v27t-!lLkF8MZ zm|2%HP*IyaXV({?tnAzg49TuQ?2{T3OdgQ$8rzhbKnWOisxm#x}?l{tY71K}C z;Szs@v>Qnud!R66+(>{WAG+5GqxXco(OvTDR^lY$&8mo2)$7+wnXC{+1!&U7assM5 z7HGa#TdACXko&=%WI3nlPpp-wo@o-QNGYgBBU0^_fo3ZhD9K;JBBoE0;N%G~ZmPYKbcPaA}V5FrYjrW_4Fi9^kLNdaK={9*y^Nd(WcnF{SHS z{@l?FXaZod^5nI_CP20svQL(Emm}9i+}f3e9CD!8dZP5x5V|&(QZJB=DcTQ#$LpFG zxX7u5VnMSu5?+q#%>^aGyILykHBHWdMiY12?)$2#(7PW;^uvP&s$2z-lWSKBmQAlZ zQ{=ySd#8=3j}NuT?{!c#Cgihn>(<&YBU&~FI!uRNhp{>g~*^?V&#Q9(DxRfnelI-Z? zxHPmpKs!2JmgJIktivSSrh^Wv=sls~a5T|w&T}E5CgDB+`a8j4l+W3g_7q)oZRBo( z4(_fZe)!7JBM8cVAQK1yN|3VqgHRVM zLV(Y|${LQnAy`o|&N#p7x|ox#(RPV3f{!vLzH66O+M=)`t}LbbvEp+*AAR4K$knyU zXQuc=X<4}3DKyFafx75?4fg0RR5PS}$}8G!wLl3lJ`5D3Ako=jDe`q_s1jQ6i-HNk zn(vJAj5=8syUra-^UDO|R*J)D95j zh#a7H3@U8W^zCBnEV$xu6<@-W&+W+i#|)1f0A-qHThY zdw3GvY2RuMil6YroTf8MFRjmp0x|Wr*P3y36s8w0q+Qt_qw7QauwdU#>;P82){T-7mv(=G)@p z-mwJadQiIQB2DMsor^)8Q_;HjP`7ye9;bOb8t}t0I)jtDa6+v8?Ai7(xoxzu^4~rz z$*|m*@-gEWi~}PdbD!m8Y+p$s&?xQ5y7{v(aI_rHfx{zF86#Qec4MLwit4gR+mrwo2V)i_?tm6dst&CK*>8(PSrMEVSDgS6{I-ZXc;M z+Y`S^lBUBxicEWYR@|B~uLQ@eT%Z|EBta{rkEUxnj3r3p`4uz~ifG6a zLeXEcTJ*X+WYq~mmjDPOPmGv7r+OPRuDYCdJ((ET9Eb-tO_xieBmm7aNH_tDaKgYI zU{TPWNQRyk8n#gSwZ8Sz3TU-~@JW5xY(9ErASG!U%d`Zkj?=g1x``;}UPCNWB$;+8 zR-W27I-!ClBo%|Ff-t}aX$pRsAt|`|eFwZ9Nd8y*H4eFH!8c(C)D_%KH9N7hiG#8+ z1vSEU{mcI8W18v(2=tx6Eh^Ferd72UR4;z0#UJDY#4H=UEOdJsG8-hN<#K9j6mcLX zTC6^L=ujKYOTo9*t%AVMc%n}a=mxmR&DPe|@PVL~)S$ze>S&FQF7nD(b>joAhXKCi zh!cTc$LcGPNKlPNj1s^Bs4I>^Q~@U%Npw0Ed5dV9)OzTq97ovUFzML=fPpBpwHYu= zhqireEHf96ngoZtF6k`6s0)@;5)!i4u6-S`&dtpYr{<+`;ZMTmHzC8RyOz%lF_$am z;bK9{0(++}axikz=l~{A0eBe9Dfm}40r|)B>%h?)dsnqer1m5nHgH)WP-{)H?!5F`6vs3Kf~M_^vzQv4v6}FD7H_7 z^Z_G9ZHuhl{MMv`K+PTb%7-BU!clf3k1-U01yV=6MDE?99+Vo zs2VV{VJjDx65dZP|8bRV*^AcSqcZrW zf<`x`qg4Xj`JH4=p3E03JniDh#w{b^*ga3FzFsQVQ55XK_mp17dHPY8^o8Q*&pip_ z+2mZbZ0R^!Ep}y14rNY~b5>Y|V`7vY`v0h55(XuOx~Ct9W4n;E77-G&yb zotzn0-JDRPdj_BpbtZY3LTHnmt*1_6c1R^;&4%PqBhkzr=yiF!Yd3pwW>Keox0;17 zDnCuIhlDa11bOQqI#JHxZS`HVl;^fH#F_7}3GI2@ha-u+_JIl|2^DfI!2~R%;|eG( zn|tJtK7r=YVSJZIS1F>yp=DFB#Cmn8SWh7^(y8)$nh_ z&FzpwqIC&O3NKxChHR9Q=5WCm+yZ6tR6}?d&jp8q`rPDl54a_meJKNU;xfr3e2Ur$ z=%5@LuX0{6{%pJCc zfv&Nc`Vo#6u+Q>Q{l^P${12klfpLGKhgB&${BatVqBues zZ(S?83!6n$=)Iv%U*Ulop38o)N03*JR)UCx+LcZfEI{xiU;?g$& zG>@ZassiJLr2Vr|Zrz+7_i8S%K?n{4X6(2b4rvk*Fxnu+B$oBz1XZPc%G<1E<;Zv0 zVuhDT>RB+Kp8BVijX$XKIPpU3g|xKInR9}>6uc4{f?;Hap_x5mWombPWXd=^FeGth zoVCRfH^LDMzGGoT3iTwtZuT?5N7tD)Iedq7wr+4$EwoT*`kU}w$7HstQVD=g9Z$_9k^}MCnCmJm~ zoZGj*3rzMv{3pIpc~>>UiLKys)q?3Sa7*4(=clfT+;LPXr6@bPbfe$)w{0b*2aUr5 zgTu3$9kC4OWjjPRr;(oHAP$5?_e0kOtSZbtw9O%zr|8%h(*3*+yiS$^xGl$!yj>f1 zLu(R*_lih5jm)Ol;s_!rmL?v-Sw)%UC+oqa@t&qZC`oZKZxyKvo8z(Oj*VDfUq;wR z(Z!4vC9Hx%8)_?EJMW{g~FE?lcU&5gx=hFI-2WJ4zy2sQw25E%~ zDmm(Yz)_*tqhDWNuZ2-N)SiHOCX&#NhX&bmwjiLB4pmSAEJK_9xEKP2cVQlk}_L%1wwt}cz!I7Or()i=bKflxdPBC?sS6e=h<;YkyP zfAZu>KJ|`dY&$-XKIGm<-3&5 z9z)Nfu;FEfRk~VRA>d9r0KsP^(n2MbFKe*BNMlQ`f8?M-W|NS|c4t(GwW@eTCpFGy z+$yY%{5gS+unGVmP>K~g*ULTsqJ~DkTC8-<&H3e#(BP4w02zR|)C3B_JO~7yabo3X zvu{gDPk<&OGSs9cg}8GXsb1YU98b!im?S0{=1GzWO@(BaMRVtN$D$3s&4yL?4_CSD zIo;3~DiCG}^_d^JPC)9=Y^*ka)~wUiGmL)2l(eT3AJo=SX-p|3l^i(3mt}b4gj67B zCJ<2boc_5`WeUTer)6G-)97?5sfgWPau_)9{;;{~RAGceqJenQe0=v$+h)}Eas2|F z7>49Cq&Ww3*t~>Hs_Uu_ibzE-RWv=a#fVwhvarGDMEG8BE?pUP#_Yh_M1)f6GKKEhOVm;U;4K)2y^}1cP8#0{ zps%DlPQ!_ERg8WG6Dx+9SQQosV;7Yh4issm z!|(z^^((7uIsfsaM*wmT62p|Ae+Dmtc8jQTxW15z8Vhxqv7-@OYP@lJTTZxR&fz13 z8Ms7-A;Y5qjgi@YD0jemxsv500KTTNR!5w1VJN^rqKzCjaqu9W6Vz?g)`2VJ#MT2Y zLwX8i-d|ZIfL(6(6%20TOlJ5u^;o=femV^WOpPv~ly#dK4b&!Y`KuLryDic$C z@O9zP-ftSDCM`r$-M6tpfq`dTo@h>t?w5CSO)(h?ZLz0VxlbXn$gecGFflvZjB}F> z>!~SB`^p=OfCFDWE?_2Aofv&+`R;X>Ka?nPD}0&$Lz8^f9(570(e7)lyiYmsgu_u4 z@p;+2hO7@w){3}y2|;H<%i)R;2K1=Hkfof|T{!I`z6pH#^a%!5sjNFv4AIFLMjBjz zLGgv{NKet%9EyimzPr^2owhW-C@f(FCoR~L;QK)@ie<2jD0QnbEw^M7ae(VkylQH5 zAId1)N+|6|wY>O|6$7g(7u@`3ZoyPU>O3Z;Z}ZuC%3t0}aLKH%Z%sK>8ExGceQ&|f z7ya|!H>&SUJ%=yt12R{y7JmK-4*m1xOiYh#8LvP6Og`Y7 zVYr0XGY8u{W}yZe>?5OH1mC(h|}vS z4xHIJ>nFkd%P-HT93Jx~R&9-JUwUslin{xi?J`%_ng8LcnU$eGhyh4_0n@}5xv{T z0Dv7FAV?P$7Zn+|4FhB$HGWVH7xRh0Ym6wTbUiP1o6wdwCmdMxd%2jH;u$vCS`U3x zVGR($=QV?8?UX6-8q0tIU;9bMCC1P!vLDoTr|M)FS)?vw%luJ8zg(#I;aMQbH4;BF zJcX|o5$kOE-O$x(FDB&CL`D8f3_Vzq8&OK0tNJbC)~`!L7JrIQ1AkFVdf{X?!Wxx2(#x|~^zb+>$%Zf|+M>--l#e)ERMMfJ1s8criacYgo9#6_;6Yv>OB zP1q>~cbO+oS~A&hV})6m_-GX|Zc%_yCzl|`3@IvkCaS4vC2Up|yC<_}PfO;B!-q^m zPb{}`oyzny!GGFc6Q+NB&X0e7+%GSeRHQY(45Jg$Xa=P%Z@ z8UEdm@PD#)zcG`Z&%gWmvgR+d;lKYq+kYDP_2SlW1@tpFP8>B(kO>WiXl7!fL`JSJ zfw97VeUoJvXUnlUcdWk4?ze45?Tu#&SK=m_{O7y+|CcW|{=I(o{J|Y{Errf-sQmlS z$3NOG>+xN=Y^9gr<6{O5c^MDg!Z7iDH~jq z|DN&RANT*?`RZATw5pT@i##7lcyaL6wRCfrM|R3Ep3C1ZY+tuQ$0NfQ`;qhyR#qyr zXN9)h1}aiRoKnc{qfQDg?ppZm-fhZ8%k)nC?Kklsk`E%dP-+$Q7CPE}fm&O%+!LYk zDu1uL#J|4u$A7<={9j$4|7i|@=|Z9>{@u@lM#WMb-#n`e-Oa+!KIp%P4fbP3z|IQq zfBl6Ud6z4T6uYbS^)U2t`OfI*%d+Y6I#|8`Sq*3{YSOnvXYl1-}+^G)^hW_w;17GIa}EIdBp8Mkp~ zXbtoIo(ctDEzXK2ojG}j7cS#e(3*aFQS{Q=Yi{2^^pDSr*KBBAV7uy-!dlLu>B7Y; zR{M8)8CW%V6eL&dupjYYA7!3$j)_Hlba3VS3`^NFiN7qMm{Xm#dv*$%=yvch-LQG| zq3lQZ`d{B+(ue6^4yAxac(=d(99uv2#ozu1(;r9v@h?k%jl*vUTfhG7V|lCFF@s6q zYJ~i0wmHimZ?1d%aEX4kX2#=RUKQ5=a%S^sB~Ju(ct{9*x*c((=QpMhJ=uRblWy!< zhgk8qAI(GmdI*)+{m;J3Gmn%hO!HTD*J$MIpQ*l~?s5BrU*q)FcDjXz$E@^><1W4J zWO|Wtm}$k0Bk(Rd)Za4U_RBdHaz8E2E=?H0`Nc$m`Tf6L?tk;1E&6YK@eQe=tV|zY z#Ohx-{OFN1uGeez`{cM*sb4-%8r>@EcI%$RHLIu`G3;`C|7P_RrU7xf@HqS)m$HJl zp`wK2uQzNThnN_LUy=ZV^z`W~;p#5C-sB$`o^qV?mp8^A|EJ60|HW793*4rj>t;(fc@!OW(TM>#s0X`HTepq`7`v-2aUQqFpJQb(GzOv5?;fpJLpef8Lsy-jO!{ zukxu0>)I14B6l{vSs%IbH>OcR+M0z4I?H0MEWhsEVQ`Hl`6nxYU%g>j_L%#0bNYuT z&oY@}RKK{)|L6NL{_wxP#?eBbwdm*u>%l__dK>=wtQ(J>Yr8Jmv*&GZVNrhm<o~=@x*vtuSG}MGz<4JRaMSnn)dE8 zCR*4HbUvJX@Z`UI|AZ@dIk3wgjZeQZelyzeuQ&WZ@)a&4emDxO8;RTe%yRuNt2ZD( zIo1Bn+v7jZr}ZY&n0Ea`pA$(;XT{3*De-$Z{qoulKfD$>a{33Rn7vE>Iv)j?pm^Q| z57ZTa2u~|0umEwkgU}`CyzOdc^iAo%S!=t?=>9(UnrG@K($LEldwt|<)pN}=hYqbW ze7FBSI#Xd)U=QkA7~Q%aN%=vsKoygq3h)PPyKWuCiOlFfId)N9U8Xu3ov1u1ZGQ6U z=0=AOfuvjyqW$HYBIEm{m|N90*7@^JzL?Sm^_~;_LpGKb3pCk7xpK0J|B%8;(d(x8 zm64TK@u5U+kceYw&? zNCz%F9NhO>A?}hmR3;*QVEl7|J%`uop@&x=(r!LAjrJzE`c*BPaIi}P%)j_m=AuPF zba~OFw}MYg`p_XRrKIh^Etdl)zx-SUH~Gf5Uz5UjNg&@!-9#*mOLQO)x`zI}pa(*J zYtaO?;kMa=U1+az0xPxKh*dla76WJ$ZAk+E7dCJ5$RR`MTo$EF9pnRgFLAw7vEd$g z<8Hn&R{f7wjs@uZ+;qx2t#behf+jRJM_rqQ>U$e>IdPo>7@4&K6w{?!gM_98{I#=g zOe;Vio?k=+S9`+OuU}0u76qGt9a{%hqI!+UR9xNYjDPNXTpeK1p%hCfu4HE1{=lCG%VFN@ z!(Wo{)h<9FB3>u)P(JyZ`q<~qdl{b#CDnUeYclNDa$vRN`e>*ZUMtg#r*(ycabQJb z#WAzVY5LPYLR}axwa*+{vG-6PYdHylS8j@kE22WLj;1`4*@k2A_HXtt)2!r2OJ+fd9o5(*|X4v zH{O`T1ZjAU3)^#N4-eLc(fT1N(FwHRI${eQ#*;gAh@N#{G#n_mPPdzKV_NZJ?nN~T z8#DP+&&Jt@Wcy5K+UJhL;pzJbWyOD2X*~4>hq=+$7(7`PZpPWr-Iy3K<)dX8+VtL) zaqmjTEuKBu^9da?;vt}MauE_x4J7K_biBL;jG#UExr*VW``a=ENQxY4TylJKHaWkl zM#efRKD&4v{u`UhuwT9=K~m!J)c+f1Jh1_{jgrO_m0yKjzt!oqy!;BNCq4``Xu}|f z7mXJy&^D4jIGd@9or3(m`wtsDlqLUIwAu5Iaz?Vw{mY^AR3D#_L)>p@1;i{X(3J?$d$@*jiH?#&s`VnwUht9eOuR;ppEHcoYlf95AJymDbf8!+?ib&?p%uE%fR35{ztP zexGSQd3zkj@m2DXQ|4VM9+fd* ztNAnf9NrWcNB7BtRJvzSv?o}q8$wA3>H->|ZQo__R~|KgA;v5n4?*K6|GIT+FE8#J z5yKd39qlg}H*Dl&Wgkmw|PVEZE*TlGuUHdn;w}NqZ#Kw{h1Cjf@qDlGc%jqsE z+mw>talF9WUu9bS&!abSPne7X#92 z3AKM~-;}sv=~DdQGkqI~YYhUcX)7RnL=U*pHueWz@1n&RG$um2_!zxkKMS{>&(|1+ zibv3FgmyY8V-`RNAWCa|LK>VK6)6Uo%AAv^CI~aLrpG~Gyx1&Scn(gLsySL+tXY0!uOCU z3UtN1?l3B<1OL7iijrIMv1*5547=92r*`GY$jE6)$%Wub9l^ovuBvSh0!2aBfo4ue zu<+S9qWr-|(W^wvzuAF$+--DUM$EQfUP)CREOZXay`3Pj4#P3X z4@~vE9VUWGGe_@#PxHoD0e>{Wp+$5FT9X~|c84+43^Tlrfb}y(=VuC}3R`+zFz^Px z-{&J#(ghLrSwJw~1G9-#;mRMq-hQk=i|Q6ZE6hhchqt& zwv&#;&7jl-CdBrT3m!%5Dc0#BEL+3{HsCa)GkPiDIDp(2!pEd&*TY~1j*aD=-CZLw zkMKpZVGOOY1D`1?E>#)71}Z_eSdW7SLJ z4cw!phP51vgGD*|lwf-RB4k%oCFYknz?M(|JSMXbWMVE&tIR$>&@bB4nl<@db&?Y_ zXnN%ybi{QhLH9e9Qml$Do!jrEp#{wgSK|L>R$B*aXjXiW`hgT=c)WOac6L=btnArD z1TkXI`>GPCbWe+(efc4*AFv*f%*arAc&yX9_ZoNjoB?YtCR@dR~1sixnAG}H~I05A=g*&~5vuLk2+UhGe-*pp@xBD4}Q)p0RoVpq7%KD!t_dP!Y9 z8+NA4TfHrG=duY4;HZwR9ETSrj zecZrqqlWcP!aF3OqFI6SEs|~Fv({n*Y}Z`0+CU2e`GP)-s&j>U(;i-}U2D5)F?8w< zvOD`dfBewGa zOz2i{nXP83N(9dM?lSa_m+NcU|D;FWRUxBCZ)Q#|W>N_-Z&O(XsjCwVLU!;#ZJ8bw zcGd-|iflN^jJm;s0}XqD!b2EP)CfaCJ0CcY)3zxytv5`bKe#+pr5LG*%#7ncSo*^d z__O2rguSnY8@xSMTs98KMmnM?DTE)pd@1|dmr&8JoE-6)TuIZrj2j@5#z+a_MHE@| ztVe75Ub9bZfA;K|lsBB)*OAkCHg0bCymqVenC^hS6}>F%^hG#W93bZu45H&j3b{K>fjNcjitYsp5z&Y zI^K0^IF9--3?>nOD+1k|kj(;i74?0Q9Q2J;#~PRSL1HW19P_aU@{2~wP+(q>i@Z~^ zsj2imBqdFinG;50cxy-jcpiS zF}<-CdUmQy{Bm+L;E<;O{xBv@++A{J{$x)NRDXAou*#-t4fd3D3s$KHn2TUcgMe=W z?mAV0wGc7#;gyv%&fpNU~_}@XG~KNQJ4mqi3-Kx;YFP3pOmkIj073 zA+K(2(xcaz7HEArSc_3v`uW_6T}B%_ZDP=-K#!&|W3=bQp0U(a9D2E!NRx|qv|0#B zO!OH#bow6pj0NO<>0ORPz6lbjlOdVd?z7?{t}P1C|=Z}9 zlfzDvA;v|J9p<8EksW!CSc(Xmo^avI(A=Z;4ap{@t{ieIwfJ^Q$cnex+QWHa5lu+G zfH#%tDaA1-07r=?EP8vyC^6`N4Uxa8v0C- zTqTLtREOiCk}6uoV&nkiGEFB`ze`27hUU=@!fAXLr@^K=Z!fRagkBWz=4QbnhLuEy z#^qlS__I(8OZA+`dEKWsIjCnb?-R5bzCfaV+OXVSakQqg?zOsZ&&nTFy{D9(eA#Dn zWT%;)l9?#d)pG1t%CNzSeK`_WCj`gcj(b|%+G>*xP$%>nMIj#mx@{?K*?*jI64C0F zu_+1n5NhmSqZzjLGip*!G~C_cXzhSZdKI?cdyFh?!@J?Sg7RWvpUy%_*ctak(Flcj z4w%8@rQ3X3Ak-BjK;`T0B@%Y%JmAP&52Y(R9fE3Df$=>!hI;PeSdmF>zy@KPx!O=N zuo^zSYH$;9(LxW09Wu*`6d#e*_{awy9*Us}@M032=|k{^<-vi;u%8sn3sG$hg_sq; zvsid18syG4^P=LqOPke23s34EgoboW75ztGKG6g{pLhszz+U9GkhHT9x0mD1^>1zv&cEyEz4$;iW1H*|}aea|`mYhX;rPcRRpPb2whRM|Gde&Dc$r@?!g>)wp z5+%d;hxJjM9!7`5I@I8zIJZn;QqRarpkx*~?+FxT7#36>hRqc?8nY1Mjnl30T^C1v ziYpT2gm=Z@qfy`J4f?EK^mwRU4qW?_M3Z8 z4={z}DeKG;lbT=}XXSYw$G^tJw zsQLp8bm_3Lay{v`eXZ4ar>b0-7ZN%P%Qv|_jMy{!p_mM_X4OE1wH#tzr)aBz@L87E z(M!+=Ay_UR6CiI9NuO`|p#yXb9XE1(VSkbtYKGeQDeMRA6 zn$G6Rb#>VyUj4=_mZ9wiEd{q_I`EhlqNP((3428*O3W1KYnF_h@-n)fl9;cMq^dM~ zqRDU8l#+;uh$IZ{LVC1FCd$zrA*o?FhrjXtQFaGPEYFW(0+qAP0uz3`^RN%njoUQ0 zv?AeI5=RLf4vUPI9Z8xf3DLD(g@gYNPsNV-*5@pPo6V64* zEz)6o6t-`$D6x{WHG{pFGe_%s8)0gG7um%|`vG816`Fy$(t$N*T-b-m^p&HrQh!_m z0|}ulj?NnRU@XMb*ZN~$6$W=bjBz$a#*Ts}^RA+9@X za~B<5^&kdL(#N@!hGpYLsQ6g>V$~x3ysg1m=oDCnhkNQb0IAp8PpICbAkdT4Q4pjDd}^?>gWDCI1hp9Zz>CFm zTSjL6I)WCE)<^agKOb$y!S-4WA+j&M*K!*UzIbhK6y3RW%+Rgc3&XPG(Unx=qW31P zG8s_nACjF7nbyJ>q{Vyn;|s>e_&W-6SYcp!4u)bZPC)C+`sQ-m&PMpX+M`2iudfxA zW~dj`kaf+X>q0%A4PyX06sZ>6c!eyW9*VB=6U3%UmF0u9(GhJmyDk-Zu4IG;%C~88 zQ|4;Fv&aq^%AQZdiS=S*U1H6?v-w=E6d;zDjS6FR?)&~1F;sO5ZpwRn(SeoPRvF!( z;)L2!`CD(pUf&5q%K`3al^uNMqJ&0~4uQ{q9F!8w07gJb$p+sEn9pqb$NkJNPS#`V zeRpG2I>i_%_npWQV2$Rr@G>n5OmL3RYa$>BK>M)}AO<4n$(*2COLKyP9V2GmjsZej zM@z=NWJUWHAt524@lgVkWBuWECa4VbG5cy`-5_erauaQrfKjtmAO{%h2Up$`20Ku~ z)Ed!apl%2YwTcUy`{99~Qxp0DQ%ah-2|w=Hd`zSBZv5L1mD;d;R9 zD|+t54T|!tXf2E~o*;CKPK`}v%XyUC4DU1;W@0JvrF)~VAsa#W_=?udiOx(Z(ann% zZT2#hqSR;B08n02xX5UISt7j~Yd8r;9sZ~aEb5}sKScOtK#g;HgYgiW9yXL&;oRSB zdHKK&xDHv(UAbd}uXmS-tPh$@UYlaT%;FC8WjNB9ljH1zvBB7e^ma|KZ#-6o)W9hl z^_Wt4Jqm|LI$y`yj_$pO8BxjuSka(RcB-N2__*A1E1XA*wa_^gA+x~305)gAyZEsJ zVkQ~r@0D8lMJFCV+C1KHlzp|^srVmC;Tty35Mr^AjvN@*RvlF+aSLbF?&!8tpY}PGQ=8VN@dt~B2AM|HP#6P z3sXo}wRO6OF+bhzio^^TNp|F44mrm+%PHv}rhKw_JaZsYFZ<<8c2CJu31LQ-Vy*pE z;CGVXY@lUyMTeT4vA<7;%1TQ9@vSvX0`Z~|yZ%Io^>GP(y8W5H=55w{D1QLY zfHch$70s-Hbjuv5VK+tGt^?T7hFmqT|HyT=wE9xGIcmp$*AJtl^0orJzZ)@o9PKss zEDkiQ?JyQ1XF08W#NkjGz2z#V=SvJ?`C+AhA4&D*GTbVqaJIosXOk?^-$QVnxz8LF z?BIYc^#; z!{IB6Q|9*ekM$eo1am1o-_qQ)UR1TO7lofb84gfI;s&ElB%7T2SZcegJQpo;Rl0V( z7JWZ`K)HDk#1=-wm{7^A*+r(uhszXM((-KAjBkM~#j6+fdG%i3eEx7Q#@RfT2tTvi z1xs!ik^HRx1y~$BjH*u47>>*c>^B?3p{d;TR7n|4Lwn|_Ps9$o!)W})c7EI8IkidSUn9PvE0YFV`$Z10il{muhZGH%g z;$8B|W(MVzP56T4vKrv>X2s(fQCRg&K(v$x-{;VRk(U;XZ2`KAkInSs@1{8V8sVoD zH87eYNU&ImtuuUv{En=h*mm*KrA^AyO#vJbu*c$L0(8G(*bUY5Z3PV0MLOo2b3tbF z*^s1&2rl$wbXxKN_lKR)K>CMpS%$DFDW+#ReFs5`^Cc?yfpt}lAHB0GOWiSZ( zu%131q63vWo1hp^U2zleDWy(Ptxkj@d%{8h+&3ZLAU0r=rBh%SVCY%#7kzWKaj6LJ zU0ddZPHjV%uhKs;OjKLM&Y=2|7&a>z|FNqwz~QZL?AN{oRwedYa~?}1S4Qx~$|k_s z+QPVr5)K)v8Iq;NNdz_{hBU?%i-t>2V#lpSj0in_BXPHHWi^oskMS1jqlm}0A)cJo?RE9a(O&El)(mYU#Do?}84Aa3c<3^c+$ znoK2qP!<1K>b+z9oZB0RW84kH>kp&{eTokoY}mOpjsNXb6+*;M@FZ{OfrI*tv*|n^ zJSm?q<(0?=obyDIMh2FYOK3MDOF0#i4wS}-C2nik?vGU{cW+mF zuYLCYQBi9w9xS;?3l5xKjvEMlSS}?SUb0CinH|GJLd?~}vhTNUE=w`)X0cs$?O0?B zY;~QG0=E(+D$xDB)DIou=ckt#W>6xN?u`~lX5tMfk3%P=mWaf&P7Fe6;S5AyqQ5NX zhfSmQc;Bi{j)b=vO>k2yC$#aT`>w6X^dy@^SrncPmEl-a4R83c9Dp}-?katpvUh zO97uVJEEnI7aQrYEj;bxqrYeop?gTc18R8SM@+c$0Za6u=>xRSK{3RP)5#HNOcwUk zD(e2Z7LnuJHB^g2Q7|(YUuUtF!@!5{_}dL-&UXwu^KrJVqWU9&^mykc{~`}#*fE~W z4qJXx89~d8ooh<ybM-qN^I|oa)>a+t)av%Q}E_m#hZBs6M1PLf9RT3`bFaGUx|TRCYhGdDQSkRnii5 zkb9(rAbOx1-Fx>avCT=B(*Qs;AbRN_t^G*H{DOjrR*69#ui^^_XXJN;AuM8BFGICL zTc0R=;?bybrLTJCvPE}wmdqYS^|jHh$hKrtm_ajLz?;TieCteNky{04 z8+`OF=B#Bmsnur`mdK2qby1%>5gc)I`W!Wkk|X|00Q3$?Bk1-YLItl?uC2Vm;uK8= z?t|c?d{hZ{UID&yl0qQowD@E>oJCft9sxF$bz0R!<}!HCnHmD`$S=0ZX6 zB?s4tEG7Xn|h&BYC%;gz)D0d5S?C zUeUM44_m4fgG9NH^iq_WOMW4di-2m9>T@JyE?DP`188=DZB!P{DP-6Pszma*@oCE* zy3Y1=FEU6>Ul|dDY{&n1q48RLt%@!EhYnqV2kMd0%0Y#b%uKpSJ|c6(4nLdua6>0C zu2q?TG7ZIcV`HCBwM2b-9Y_Bkpc6;H;u&EJhyq02oD0y(yJTXy($)Q|3<`Kjh?9-3 zSt)M~1bABFXzQ1Hu3gC!1$;CK3E!F7Q&G(d!T07pNdQRVvo-nv9&8FHmkWwkdZ+8X z77h2Y1ZB)licdRg6pyUPl4E;S73WBWte{V>&HVHrH8>FIqhCG?uw&=*Fg@`rHII{C zsUMu=`H>jr?!gpZD?*BSttZCJ+d_0%MtAZ66(XQx#rAXiFzRwQ*mo(>1hAqcJR&Lq zBxF|R-%&4QPN-I=)1Jgr*p^%BqtA&^BNdlcOCT$5G@7)^-qJ z~cBP)l?}Kc<$MW2LEny z-qI|hk_BEK6bbrJdkIQ_Lkt+*IAZ;yg>CA>q$r|lg z)K#zQ=EzJjK2*w-+&Fg74D%RBs0O1(>AqOXm zM~PM)5I}n@?BVigE1BN#m54Ngn&U8g*L~+=%UZo3jJYImR-KrU1YL2ZdFeQ{|4js4 z!cd@~k9Id`ZiUv^<%l{6s^QW|N$ju`c1(;nOr}>fF*7qC0n@C6Qks%&2HXmJ6JC>^ zS~u)JmzRO`G>8}l+BYfFv8TMfn&h|plH56)xt~PM7Pg=g4=tcE+wyZjmymG zWp_H)SdPPlK5EC91@Q?_G`v@$)V{t7g`iqw0L3L$oBlvo z;P4=qg_Y76=&EuLmoD61JV;OuG5U~bMVF?j-u`17!F!yXj2j6PpQYQ4AYOgt`@?uIa# z#yw|2Avokz5$Q9SGCQJkjR?$u1qtrCZI0ut77j%EfMF|53*1$lM%|H_9fC)JKV^iJ zXd@+Ugdoa+07!VoHr*a)hi<`q0n^dz6CWK!rezvgvh&AZTrhhWjv}mAGA>?_i%)^q zC-96nSI{~0=TAr~#)EE-w2sZwQHH&)2=aXwNkkvZlBZWJNoPeAK80_BUS16%(9vkK zPNO1ZwQYdz2xlarX22+=jK0QL2OG*rnnI*p<-}!q+zb+5mVE5w&m1XKm^t|{GQflD z+}NEWFDHo*Zl$D{oc^937&O?GN(gZSLu1Afr;P9xRB~{J(#&>EB+5|%Gpb{ODida*~B2%JVe&3%G-SA*t2Wmb8{GNeNR zZZ`(E3Mh>XSis5jQ;Xe2V4E7S>RAJDKRAMuvs1?#RLkCWu{45XQKoJ4ogjq*Y&bDz zdkZLYW;|3zaK?Ee?{Btq=guaQw$)TNe~B@#n}YYWOsu;9$_A?mHX% z%O4^Xwj(2{S827kLw&kru@>n-6EnxTGa$yPH0{|&XQv9bya3SsCfKhz5ELf}tVqLC z|43wRfEI45%=9jpYTQ$B8krdF-CV}Okr!T@shD_Si54w;q)>J(Pu{B143&U?uSuG|N<>CZP3ETnNKu(qWXjW@)=#!lqvSAQOZ$ZgVlC^lYAq*uxk1R;P za}SHyb4I;*S5axreR0>MTqjH9y(=#p1wx zx7$}2E?u^NAqU$Q$(U#Nlq1WQ*j-lsf7pBTa4h$>ZTMzWckk=iRpVkN5gx ztySw9&hvNvhU3_eeczABC5w~qmYK%HBqq(AQvBRBL_exBt*Yej36I6K*GFqwpVf?t zHQv6K`{MES$1km!HtiRmnt5N3OXmGE_LrQo3IWZvY1h9Vt7%B}^2wR%l+`|F%@Rb# z`5{$4cOvWtt6HeEh*VZ);c{5d_YrJai+-@t8Ua!k+A0AG8EOzTIQosb&&`b!&jTeB zMG!>%WjWwV6dyxfeOWddPHBc|0tHa)edU?FQmt~@2e%^RmA>VA7i(u5|YPX3d4Fkr9QrNt&wuKLrYOu zzFmIzmo-gBjV@0QQUfg90RAONb$J~K0^ z<7yT=xWBVBt7K5Ib7(_yivbxSTiq0?mQwnX_Va%rg(cwIB%6Rk?+O6@8m6el*VN+J zuXvwiW@biUj9NrH_H0`LS5!BYe{Ddk+-#ywTI>}UEbQw2BDr8d`jErZIR}H;SCMAH z3G}{Qj57#DkCED`H*v|w(eFhV9uBlPxS6NR@@4mYuN&Da7uu4%EqR_l4UdWOsI*KM zZ7mB`<>-kc>G!rfS&Dc-4p>l1sweJFI>e4hk2ro)R(HuhQ&EM_H}bRRT#N0F z9F=XcQ%mcbU3YE%ghanT(`4ZKT<1QIwPxuat-+-7xQt}SemM|aBflqT+VNRTgH5Zps!oXW&53I`Ek?NZJ_=Ec=E%NIwt zI+B6PP>xPILJe_FeMGK5RwqRaS=Q}b8*A$z;djU~7mTvz?jX>j{xpE6w*TsbV#U>FR*5dHvxDsg`GhEpjWj8s)4A`*H@uSfM zLnWecl|;0n+GR545n?r_(r#+nRKw{^paT&`kjfEL05WvdxDI;v?mp;$Ssl(f431`T zYL!3A6W5mS|5JIYIlP_1?d>1HkoGYEbd4rSNl7NPN8ZPq)P+*kjH|kKyDRw3$d@#% zs;Vo2ENs*r;kslWrR!GYJO#gZ&5oxr|Aja05ED~2tXH|QI`!4f7YJObI?z;QAt`t( z&A~atfSa4(w2HtMe0wb-Wb+-%D7!~y6v~Ff;k-?At=B8dd+nV-d_E_XkmEWR=~|_y z9f`{Z72zpb##elhp~M=Tk-=GTCEb{jy+c#e5>I14DMx@hg|WlH5JXAC^z&+0REi46 zyP*qE>bic5-0hqAFL#aSr{n>LUh=C4<=C^HAnUoIo}ZI*8tz5yhXN{zw<(g;TK?+p z?~U(OQWyqL^Y^-(@e=`T8s2c6YOMvUtJ=hjSc@jjjStt;MFWujJ!Ako_G2pe0n&@J z=XnZ1em?9|OQ>pQfLuhRj))vZH>C0I#0S?Phgpz^+R!y@@z~D7LWgPJzX0P>)Pp)v!q9m`g@X>^p5nUT&@j1+ddjudk34ueZHz zUVaA<N$g$FL%u??UTQw{d8a#{fWOH53x zSEF30-r<~uB1t$JEspsUJBvy(-Ug;-W(Hs$S)*rQc0Ndp-W`YrLaQv&MaUk@L@@|K zMI9KirwQ?m2SLZ%Kf}z_ln8QEqH!2gLrbECw&alZ-r&j;-C$u^edbc*4FdTBJ?pAu zlZGQ!uNcBv4#d99^7y7ZHKC@2ChPVsx_;g`iVebPco z068*DG>UDWucnZSsD?v&E?`9GpjQE0aEeYoi)&U16UFWZR)5?gc<~gyZ2(D{ax|xKmp?eZ>(Okv^pB8j!AQ8L%t`xrLB&w zMn#b{9zpNTEfDX|JiT6U;re8h0Isbxe10VxN8#yV)Vyi#RhnW%nCU}qzxnHcGpM)B zgBUY;)qLWmQ;ko^D~A#!BD)eR*UtVED1uLkNF$rCYSOr9`_7#Rjb^bcw-7IlVtrD( z)H~~fqfgO3q3&IvtCwM~hf36gA?72&Da-@IawZa3i@AsHkK)8O+Fsa=(l9qj?&rZ+ z3qB{0#D|G(hz3m9GH`*iyVeFo`lqxqG2k-sbwTCKMrZM6_EpeUiZb0p4`KOaV+WoI z4wcn&@QylZCS3$Kj@WAehfnp?Ol<_qTH|4ppM^_|RqJ>j)td;j=%9RJ4`zpV_hy^} z1P~Fe02u*E8BnJ`hYX1X4`4{&tUdoe0(e3tVV%s#r}u? z%wD0tp2){)&sO@VP%h7VQlR&8OrCYw{*zA_u4i?3CJ&ty&wFs4`lt(XwVn4va7kOv zBtEI=2bmd@SH2*$2_gDkvgsBvNJ>hgq1L*+Z|(6;upQ*#M_KU!=cO|1D9U6+I}?3d zuJV~kdeH67BYv0MUJZ@u2)IqydjK6V>y7}hQ1ke`C;9EPRQ#kwiA2r*nm{LqPR6g# z4gwyQqKb!b%b`lz4{b*y8-SU(zSlT6JtV4$W~A;*KS{Cg@XO6&*Y4duQf`%)w?rpV z({qJetw}SH9E;kV&>rg9U7Q{%X_ZFnXmQ+y4SOx=s)Ek96AcIb8{`sSSRl*WgDsWN z1`CaS%Rna~ni_@g6k?{A-at&z2ffevzyI#F-`IZ-)s6+Qylfh8{}=Ylc*$U7NK8!~r_o%yvi-FCkut}hPJp^{ zc(FN{i(s>3fEh@;iuiw9JO#f-Oe~^#`rS@p!>n3{+1qSGYLzO!oQp z0nR!f85!x_n^)a$pFrprv#`a)Vm0DoV@Wjlgd(@Yc`zF#&T9vb-ls@F1SlIafTyC4 z?jpS4bv^?N){|0~iy0n+Hr6)AJqSb3639e?MF;z_1JTgwJpFai^{HWqSL{wk;fSRZ zno3niu~=$>r=7-zE!`v8-B`4U(n9)5goWm%6;$eibL;{*E2n8e44IKFy8Dh0(Aq>@ zvjb@WogZV$@FV7|FufLcQ+K7#r(-XL4&FFsG>KnUg2>pAVOSor&qGd*mPtj5Pmmql zf_BLEDFLr{j(=&6Q=FMSPf-CB=ZbyH=yZYKr(hn?L5d`B3{9lsm4jzZpUpcE5YG{9 zYhiTh?7b6wNRUP3J!VB;Td@EP+*I0?GqM}ry?acGS*oQHU|oNV-t!s|yR9kZ59j8} z98TZ6BzGZlA7B&$$k6tz#s<%XJS6-{PPU6`z)mYh>L3i8Dd4HQK544RkY)poGhswC z6s8efmPok=R_<<>!5Khe7vh^caia7*kdYX*tjeHKqWui(wDw8`dQMSg?G=_IzwcL| z$(z48mQVsFC&7g*K-OMuy`^QZSwd&0cz639)|$G7mvp|CPGgmM?AWpXUXQ+NM%_C1 z11J4H(n?=bq?H^kRqZU@zaht>a^qZE@AUDb@3-y4K^l*BsYSBR%a;ir1U|9?eNOmD zw+N%)Y@W=ICt9m*6BP(xB;4hQp~0PTjSE$0t|Z%HL6`lz>JH=c$YdrBV#V4B)cHp=a(b9jD}B!4T~sa43Ms))67f6PG0)f6m*{`QP}ea9T(4Fh!^paj(EaZoNSsm&X3zvsB>Wa$NHi zR)Z>`9VUfcvh@ZS8EsLWccF+PX{JTD6HU?P?{y#iu~G!v7KN9xNrMCJgXdw>Y09e}}sd;(x5ZsjQoC_H2b5z6Tbc@3sqe2Bb`nZ6t)(81wz2p3<1?S-r(^_$=`;{jnK0ZY5kM=PMmm+Ec#y0pL%@g2bamNyFk; zA8sd`JnP##=m@8Yp(B9$sw~wbTG#?i5V`1EVGkcxHAd6uc;e<9bD}5~F_ilGC_pG6 z6&t>&qk{k$U&T`9f_+5OLw=ZsZn{dSLaoLD%q38Y!<1^@;zvjrktk*NP56vI;^j6; zf5JYNuWE|r?pHB>j$4QRmi~Fa%@XWXTY+|Dt5oKB{OsZao$#QN5UZN#50#}!aNt`)bs zD1q~rvu?k5ZrM1VRpty644gj|i3X{u-2J^tChyOG|9-cUZ~$z5`cZzJ6_F`K{)IiNpcX zB?wwuU`)eo z_g}ox(*FSfN!}fdstf&^*6w2k7Jrwm)13ttD+_yxB+-!rUWEY|Hw^2^*4B37k@2kC z{Xair<0L$e_3U|L2Z#elwh1thm^gY2E5`l5jB$0z-}lj^QHj*0%!Oi2ivBW*b>LnL z13cqU6NKMdF#n5Oi}yx9jInOv!Q=P+1|1Wypd>6)>#y7e62cTg#q(Azz!_aR&7$o> zUtf54Ma#p7pKV!zwn{=pRV8CtcI#%&L=>T=(cW|6_ww!A3eIs6#&BN@SV;wH$attZ z@6u2>`07U{JAoliy(TM_w-o6;y>gW&zQ$#DE=;6Y1#>}@9#|q+c=Cu}MM()I))dYV z8CrJj8=k%4r#a0<`K9Uhnx8+swV%n_*KlXV@^wzgE&bLjXI+@Panr5Ln>=W_Hz;%J zN2(H%2Jkfs64t;6v+)OxX6gdWyJqWj#shd{1hm($^fA9;tH3v)nqq__S_Q5a6muf$ z^+4N)@&O)JpwG`XdCaT3H?FlQJ7D*6Bh#l1_z@g<&qY` zK5XPVE^L>zuU-a}|(gi;;K@!Fajp@vMnFB~PDU zZj8%qV~cQ)nULl)jg@Hkv*T2vL;AXpJXp~q7diBu1*X5^m(vCD%Rjud{hy9?g?PG! zr14{2N4aTk`c~Gax4CID-^Ks)cU|b9w^p70dFs#ELO;t-9!=(HM{?jRu)ZQbI{K%T z|ICG}D4d1X#!C5mBxlkj642eVX0f4^d# zt17}NeJO9OBK!JI^*NQojWAZ_=Sx0!`&emB{z;bw%tey<*bgsJWn5&S*nb&?^@116 zrVaG3exS$NXa61hpwF#2`^Bke7e2J+=U4oW zxjYj-2!gF6907dO?dHV*Xz(!0I_&v&Xl~rGD=bS&ZqXv{Ob>)6%&;jdn;N{jHM9wD zn%8RZgISs#k6mAt%Zn?;KR*9tnqO|A!X`sA{CI?f~CG5l}QKYyCm_}l-v z$8sPAbF4){GdldgkB+guxTA{5w`5mnmQ=b%7=WF!P#+lY`TFv^{cyXusQ>O6|7X+n zUmwVY;e+|A*zWDyE^L;&Qh((~hg6Tk3`fnD40}Z5Hirwr0W1OY$IZy=D$m8M4Of-E zkEa{|#ejJi1KKNK;d!~->ZjA~f5Whr#HzwQCMVILyqp^yewO{P1*}=88K;Ki73V}= z{#NKbPaDB_*4UKUQGAcGw97yrWCvd~FKOB~xLK$*LLO_4?21la! zk_1|`VvO7_WDcZ+U<8v(mPB>mCDfPPdNvESRMWxw;{ofYX#`xUgG@juXAduEKNzz+ zL6~eg7~3LLUe5p}BO$Nw(UP&m3MYIKTyv?T<{)kO-dqqELau2~c=YB1B{Bb41_D{{ z95OdsbLIz_pJjZHm|+Bu!!zZR)Ja#xcFLoayo8@nHH3;qMG|-Yw80i3Ubfke9%;c_ zDA>uR;uqK@B~Jk}@RH{uF@@|8lZzTFapU(>x!|`QC=hRT`Q+6Dvh!@J=oF?7f>uG~ zfjUr`Eeem>FCwZy5QG`8vMWc;w$mlZ9Jwy5i+E9d)5fr@g3tv)Sxm zcFMt6{DOtT$&$CASZvWD$sy&y4qYvCP^H0KWKc_J<|J)SBIEdN@sb6RQA6?Usn#CJ zaja*{neF$|r3$UYaH&=;OUuWvHht9^O#{ke_1q(F1Ym6v9hhX3G80qQg9;yH5zxLm z?D}El_3Q6}-rNBlz5>}11kcq#rHJI1R1+d3Rk+dB{x-B3;gONb5dk2~5OKqT^ZMSs zdmk`={j~vl`Xwr=`=drgdP2+2V`ywi#Y}cYJ-~6mMt!gpIWH%n;buwLUH39b^z8zp=LWNT6f-JP7h zrZ~b`O6%9|XlRgj$fF$r2={EFsSwj+?5-t?7wf}aiX66pGFROku;&5vp&Vfdmp}3k zdXq|6{9LF^^?^18w~`;Smz4#sec7&$!H?5uq9QYzh)I;o(vv6EaR@G00A+eD zub6}-Q86*9^vDv|ELyW=3n3Y}&siV-^-^DgUric9l?afwWymW)Sg-xk7BMBA0N`0( zaYJE)#7m2MTn+P@|7bNB7TYy6ywnw83xaJoFsJnEL!L}>1vo?1&Ml%KSCPpLfY;L` z;Yok5D(uyP`rQ+ZXApSa5UKOQJ&)1RVN#K$6j{=S_O48h9IhD9&O=2AVANCyAbu&f z#Iq=&8#M-{fbV=Z}f)8!$a`=2x%Va|!o{;DJssx=XOxJh8ltA(5kf1m%-uEd^f>99)8P z5N#2k!rFs)rZ{hAPzeDYyf=X68-(h&T*gU=n4W_1IF|q;2;-gt@t;jK-h_Up(Q%n> z&sBAV_1_{>!>tZO&&W-*uyp_|H$JM}sp)j;4bj^&FwR4wG%0Ns-s z7v+w{t*fb$MW-lgLUqAjYVcBw(bJT~HtNt&VNPTi;2hq)r??l?`kKX-e>#fJ@8kwh zEc5>MqseE%T`7_4*0ryiNsx0Bo2jaz2qK7rJ9weBfTW$3JyCvLLH-1oR?VNujTFS{ zoGaN>aYT{T;zb?01wJPHoD6esp`>E56*GVb7f0 zss-bx2nc{5(6IjG{bnUWkE-#l{sBI7$0Yo9?4rxQ1LZjv=+z@#Zi`7ZgA$!u?C4qN3`+ z`tl?-6`)*!oC9~N4KUx@SD`dOHc{tbxN-YIs$zSm-d4ceM8XmjBu6dCAu^YmhtY~vXBvxTp8oG(CgwnymJnG%gab_mI&{5K)3L|>k%u0?Zynj^QYZkW z9wp~|6K|ok<4kG|+o$ueL4f|F zeEdNp7hg&C#AT~z4|Xcr)V>sVowaH1ip1^CZO`pK%Q&M5TZ=V)o`^)96~m13Y#eO{ z;CWkPLTxOWTwR}$TH{A&3vI|97<=j7>r}`Ahh881Fd>>fdG?t_`stNa-6Z21urY0e z&JQ9UBLjfbR8b*wHmW+ISkiuI9-cp=$Rs9NVjXURgniiBBW%2YquAZ}jz+z7A@5@5 zbzv=;(S*dfDs1yHLBV4d@d1M#Wd)#{^W4%sHmWMuSH(ZLZL$ubumRj7J${?*QccoU za$2InIq6{hD|w~`WxmH&oBF`uQqF-r&>#I-)d4 z1$MHyu4uA+F9%8iA8`CwxLMr2_3CX+K2UR#ACmF+(mi(%o&4$pu~`QG2d{!t&t&E} zxj*zJj=V(BiGarZg74U>aiY72At4 zWNTXkSSOXH%lvE`3m1aXkyyppux~3Z85}orWQrMUf&!&VaS~}8{IYyDLdrHUl`5DO z@l;epb$Q+5UMwR@5zqI1>8t|@;ta{W>hBS0lk|qtRYx>HTd`Cp1xHD0Lv&5s`5iBH(Jsh^cV$l&Hc_$-u6mgB;JvtLV9}&cu0ANkm;o zu-425H;o|$5OJ4m$-(^zC-AM$J`n{G{1aajFkOfpP2z zo0F>eagp3VZYxHsm(2g=0oU3X?L3*GV^rX&n zaN+Y8UaqqiFTU~wMMgeMuBg(Q?BsoB0!4Jfpm+6kwm4!Z;&ZKnnnE7}KTps>w3|VK ze4ppfM>L)~eE)eo0U-{pQu3?Snbho}D|^FFkLVS&{*^fVc4fblM`;hS(m=k_E$k(Z z17;Cfo-2wRSPgM58DBG;t(e}@fCeI9;`wE2#(@5+6vyXh1AoKdNiDNx%y>+e&%}y> zPBpBg0&AW&O2)b$cArqTAl`;EmmYaT-7XKbSzKIPEaG~FA|&E-p!LAAtlKw#SLC5- zY3}_{$H;ev;%1>sO_YvKnx}A2?e_#w9hZc=gh?*|#Kq92)A2)}a3=zQwi`e-hCnq9F+{VBWGExIX zph>2<1|m{8WKE&?Lix+J!N#qwrUmADEj?VUHSb})Ues;0OxL&1P?xplg;(WkkS!bl z2!S2VUR#3@>xR7Z2+m!QMu3@N20+1FFY|I*7Qx!MIcDJ=@8w4m6zeyCO?XNql_&)W z9Eb?rl<4=7ha{K4*CI@CPpt5Nlu_d102u!O5VQHr(VBi zr*t}T*S-*fctO$26h~K8WYw9i5Pt@<4&gw%hm>LkNcpne;I^&fJ<<=bE%?IQ&_Bz4 zjBA{`EfV+Aa>Qf3nU~E2ML3cxaIM*qIQFYaXx*Uj<%`8FRli$k5EiMKar3XDE3vXv_(A2OGsXkZJ<=6%zDD^Jc{gMf)u>m{^Y^yzFYir_6 z8b5&$@)VYEmzpSeIqo)C5jIj6Lh_3Ozl#$#6a$(P0z~P_QvHaL@T? zX|x)ZUnkuYDgV{`fkWkKa zHzYzCA5n548|@5^g;l@`za%}MImJoD0f>WC$#ysw#&;`me0OMgIb4kwRVuX+->HRI zErjujZiA48n6by-8!LmIuq6_#`wfT;QzF~3sr&43L@Lu%Og_H^lEnDZrs~$4FhZ$7 zG4uj9<_$Y{wpMM$8P;j!E1ZO|I5@i0ep5~yY#Yw#+LbSaAbdyE0HU#ysI6G(d`HlW zzAspN%da;uV4Gm!!yBVVs$yp{byBxLq;0ikUP{sii2(!cU4)`gR!U|LkiILWXK!4O z7;rpCt<=T_Pn!}YvWJOrK=#8>IABpn8r>GC#F>+YOiv5($;cWFy4dNeBOV$6 z?=kkSj_7rA=E)Z|LGTjvvhb3`#-83NUNdR-jt8nup)2MU0rw^65TdBBaO`R!Y$>6| z(m$`^JyDeb;vOTjH=RimyLRo$CI&5mv!r{c)CVFEh zvDeMG&`A$MeiM0LUoTnCNuIfTw`E&(iFvC*FI@q-V`JWjcc+qJH+59XL}`L3V09!v zh}`X~fkn#bR48Hx)pa^dt<|9y4a{qZgRF&EaOB-ohg0D!f->ox>p1zWE@k?u1C4Jm z$UvBMAoPZOLeRnd_cunfjFkcV55F#~CEp=TH>I^@e zA}0d`Bh3+^P^GfT*s+xwcJ16L`Fw6fFWdI2@|zmM&KP~hQF1EhA@R}P3{C zn`_HiXCbLll`*ZL#v^3TLiDFv^#37FtvnjE%qH3tF>O2g5O~eclWmTsAd0B3y-pE! zit}LHNu47+Ttw*(w7++U0x^ShT11Gh2GLEMLy0p0G=uckWV1`n&|H`PRs)piG4ez* z`Bs&cDxL(?#A7AB%gZ!kboLrkn#kmkvpKZ{L1E88ch)>mEq4K&3{+cNa-?0wZ!$!( zXK-Inlot8V048~ka9T3KAPfQNq_^C~P3xUNcVvW7lBIi!K8S}n=)&a8BuH-pF4^tM zg7j4SkD-?-AC{!L1*PIx+S28c*`D(P?hKG&Y{Zqt5_dtE^L|^^>kBVxbsSZeI#oQ{ z$FVL*1BRV3IEhRm1aLkxx=j#^ZL6Qy!NAx<-e_YE1fy6xqC{FF@Se;{$tAoD>U(v8 z!Qs9ce9qKlBe()tIA6akT~*@TA126tQoT?k6|W|m3OE2mU&W=sL+>cmP?wr$%*g?> z*d8gLw=)R~V|+=nMrc&91InVwk;@Wi(Rnk6x1Y@ENpk^0esTK2NL^!%apzKIl6?f2 zq>Mg}?B2afNXdwF&%>n(*sNqk7aScn;ax#`6LEQNSJwVe_)x*6)n&m#$*T$6`Q501 zMZSuIbfR>Fs;a7bKe>C(SuX}H0HAo`VvQ50n(Gh%pF(gcTui10F-;R=o`n7#K`q)2 z<Y|Wn zAhb){>D-PVWqkO_TB@(jKI<%503p!7y;Gio>CK+6-+yNwZMGwhF0dspyFLWcn+(XX z7U8nwb6X%qJn*JbiR3{-jMOwOrxTHD0BN^kDr#U%OAj4QcEZ;tAVYOkikt~Z<#6`? zz~mk2oGaem>tR~M$F{;qcHm|ohp_J5w zdHp(ajs`OCt>#(%T}rMsFdBAcTx?*j*nWe;ar8YBQozrnsNHszTFR{=@nZ}>wOe%) zHkz=HRcQ3((|Q&Ev=#NPMPbqd6BgkA&`Wf;wRMNEeJknF$bzb@$&5_7Xu*W+ks}oV z3JzuOQX}mC*qeand%!ojeCtUoL_1W33v$2pma)#01I1utc*zudr}4HppoG*?BjB*8 z*O>dX^QyPfV`fatGJxypL&>7Vq219qIX4Hf3UCL72nE1p^ni~$(8TQkGPS4}3GB!5 zoH4BV2}`xMCFD5bAdNL?>tMNUoX?uHrXpJB>ZvnlR0oHb@EQve-4Ir$#GwX7V2tw; zPKtI$X;8bsBb!9CKp59J%aJuGMHL$k^s*%~iRsYb_TWgI zj>F)MFg1BpJ^p^nN#ZdelJegX062!sSZu2^jv~IZhOxoWswPB5Gv7xUi2+jo)e(Df z9+PxOGzTdgc2e4E&0?~^v}U*%MAz`nurD{f%4CZY6Fyo|&6D`Q zWO=B~p+*&O0AxIPsfbpeO6EBz;yea6$0Yeh3Wq|9gQT;~$OPs1_j6Imq{gVgi62s7l$dhr7dqTO=H3j#hFkk8|yBCa>vQ zvQUH`XAyKnnR~VhO{0yU`2Kasm(cxH3GDdJj9lYhi9)&o&{oFG0g;=A z0MQ5F1a?|PBUIu8FI7+pt3^DK;^0rP*AtX(35`_K_JcbB={%9{@lZ_^0l$JK1iS#B ztIVgSqHIbC90|2E2Im&|5|;pe`ki+_+&X)ygzRXDcmroNi9Irh#YVUQ1n}aCJL6=f zG-KF(;PTEV%Z$qu57?}<@Z zbzZh9{M4!0IKm58P`4P(+-sA8n4SfbY7;Wcm4qp=;nC5rTRO<+nJ8`K>PiyFm?RRZ5(2HAL{^`9pxws| zd~yp-#!34Gwd-24`lADhj5UD|^&92qfJR3!>UnetB|EMKDL$6wBL^yA`dM(F-9bk? zN`aYAzF_}oSk)9B#8BKYsU=h=veu;8wp^R} z`7LZVky86B*7%dT3C@ib{jQDTXowJ3VVlr{OBYg zPg_DXD7M1U`59au{7&hcDlfkZ%=ub`VQ1@KT&2hs1~JqYG100<0gXGY9>Ya`8vZ(0 zUYK=X>Mf@<${^R5ZRY&d2xgcOk5X7Hk0<`${K9W@kq#C~@kUTS{2aZPQSA-+8psur z-G3BBV(%F7_sf-6P5=seniwS1M%2-Jya)`X5ZflCX462==W?nV>C;7j#_K=jz`v8~ zMlK-$*Xab4koLPJPaN%lhRzcYvKgXdreEa7c#eavJ z|DCKk^uZrw2DUp;(Izt(8_!`JoMm2j_}lM1JA$JgxPkp+RQ&xMM_Af{Gtn?|zD1gS z{`s~l3k62OmpB)1C4nk+inH+?!UsQwfCKc$66%m<{$k`(-3t)AyYjCQWHn|lc4Z)E!qlDbFx;|WOaK9?Z1xBgsVy>cYG}u#we|R2zRWTF zWke1V7%?LED`;X%_E4fluY$QFKWZ#VSA`x7lofrys(oH~!)Cwd&(}w5UBpxN<9n5G z(2g))ytF4mze2BlI(PIp2rgctfu_4!*JkRb9SAul$O??dZ(fkPeEIY>={VtfZI{fU zdnxFl_K!I4H$fX1k-BMUT_39RENg*lvY;eQo#y| z?%959j5+p~*BUr6m4>rpw{wydV8bX3n3uIzwiEY&g{fY~Qxa~yD`hT_<(rQbA^jA|c-V4@t2x}-jro2FH&e*)?&m)r- zSjql<|KZc&Z(EbbY$eQ}Zi`?yTR}Mx4o~t)AphJF?LpIDR@K)0UKLmBOTuNpK3+^+ z?WNk@$N*!NQbCK;{M>GZ{ur$J{gIKf*-t%k<;SrKe3=Ia3EShZ?O_A=#S|4`WSAk! z%%TVmI*L#X$@~)5I2p4Al{lmwXYxxg&UjEIL+{=dhNpAQR#?Q4B!ek-uudKA=QL?0 zgrD$=kJHXr>h~ZSWX}Xq1YnbG1@)#NYRa@0%s+ zF*4?&YS`LI63P@mVeWG&Q4A8!p;zL8ktL9*1y;2NRX&;bQ8(&f+qL_K-xs)Wgas4$ zq!P7|S~4D@+BVal$V7MQ$X;NqG_vT+jEKHWER|))@9Rw&_zeQnp_k~leW&vJvcK<> zQ2-f7f4lfKXDfs6<|((UAKT;|UJ@?ZCm(fxAn0e!KtqRU`LrY>SEm zH(BKpgNIP6?;|h=svBl3+%%(r%rWjjsHM-M@=#&#E*h_KBcmlTb7XC4XHaH9;P_GG z5!6&!MVp5q3^VsMvUphoS@0juda%%v z@m$XlB(c^Qys&H=xk&mjUT%XUd+yMm@i+gLhVNfRQU8q+FO@c&m`&Yn<*zc*+i#5g z0{&gbYiL-$UGsf4luuWVg$;u>!*BQ>yn>O1H}caL)-thywrBl|>GAv44n;3j_W3kC z-(RBne~*)lcRD6muYGdz?)c8Uu1RCvu7J+%mbg1bjCb@X5Va~iqfux;oxyL?zwQ8D+?55JYT?ZgSXjLovP;7|GZRfju{5K#7{n#4+BmV*eOidX*--7b)$^1Wy zh9za~UY&E zgJk52{sT{l>p85_K$g87HhqM-kwgI>_H*3vZ7c#WGFg%N3FQ9->Y`voO`PUH;P$#! z2I2$K<4`kfauHMBvc=D(K=|_uy@8d)x6)36@sBhJtJSN=td$48F&ouOauem|#-1-n zm45bz(sCGqk?TLB3?bqJh)Lum_6%t{XzbMef_i0GQ-e?747~ll+~~Wv^fVZ2V#Men z?@Z=0!@1e*|*NU;052p}f8QAV#Q01?18 zC0ccoWduW`7;avW3JjNtruG6{C)fmx8S}0lFi|LU1K9TmH328P`{S{G&&jxlO!cKx zT>w`y$neJW>QWDg(FVZpu{!K*HgMzHTAp9T45>r`WPH@pk0=HX{<{GD5}}BA?xe>+ z#mtJl--rew@hUi`2=U@9LbPl=Uqud^IdUTv$d!LC3U%v!0RuB| zolMh90@{UrKPys;JnEVE?!DB2;tJturva<-@Mer;Qb0{+44s#2wrHRPPrdC3dF4zV z3|%>FBS)8pyDR-=da@G86!bh_4qK-9#1!o%b+FY(1*KM(qV@Rk-mh zb_GeLA)tfq##m$sAac7xQO6Z*I1sc=2awo7-4uXZ>Z5{1 z_M6@fTOkypk5TKI1#*@4QpLrfc-2u4Mu@!brEW4QMvGLi^6KXKIi3^Mj@REnmT0QU z>BcB1QL`8@M>2wwpaLUHH+@j%m~8UuDXM$bWgSIC{@#Qx9SI zYb%)%(Sh15U{^zMVn?bKhLl2(FzipYvo-NF$MNi$N~H%_ITxF`=k5lDkV>i(urz5PJqiIjS`+<=TR$@Z7v@5yp4 zMCB%!l?I7^9yi59?mMuDSz7;vbZ&T_A|yqoEOr4j&eg70M2Vx#REGR2j}E>Biv3jh z%dPKIjY)1d`<<9b*^bwkU%0uyeBquT@WJ9&x0hYmOUV=P^5It437(g%0z%O=lo*OW<< z*l_Juee@XXr37Wz&p0YRAhS+RxBK{JZ3apZ4)9I#m#vwD>Ig((ccM`DRzsc5E7wR) zcZ-tJEBK8?f&?4Z<>BG6)4?I_MSpNum>Kwd?!6e>5VUGfy{BhELMPrZx$GxT8bLpN z1z$WrrC^nCB-j{WwTqi-R(A-!(KW5f|4$6@yc813eLCUHa~p zc8#RiSa@&Dy)W+!IX)p5df;fE4OjQn_WIoz!*Y9i!kQubz4@oMRv)a_%5B{oPVvNL z_X1I>*TwulWSXYGdGjeSsm42F_e;apsM_u$@0g6L_3Adh`>uvYMonOlMHYRua&gH- zO@n`32A+-sc30I$S(gsPYe_hKHeR@B(URrM3)-|dY&bzrTc+v}N{;i^&95#k-9_Hi z9$x?GB$|=Glj=p^`Nm~-;WjOoSEru+rC;?km5XLl}`tyDU68F5OCaZ*l!nwGAVJ}Ke zOXTFzOE_p}PsBwo4myz$5xazwnVH!OreG)>M`y=o;IL1MwMWmoSX3k@q-(3FoI|Nd zL~! zi__8Z3U@zKK)~{D@`0Rbo?QU-Ych2Kc9lYOg>7kP*g+g>*VK|Tz*tsweab&)<$+VE z$6AF$+SZU1t9$QgJYe%yQ}}GN;kJKWL2>!=ZBV#Nv5Sg|(0;D@vw|e&s1Yj}eJC!y zd=vsBTBuWr-fFfb_zmExm@?eN%d z1RA)UZDV6&`{w?rxa*^?o1GVskHq$)1WCIjm#6m9S-Nl`-YegU$Z{7}fv%{K(0b6O z4jqd_pz&zi7FAWre;o4=*1su%3vEUMDXlrHQRX!`L{yG!Kk|LWl=$m6d5dN&=s-35vrG<3ZFp zc}<~n6lmRzrnH83^X!}0N}$Mp`hR|`i`1?!XTSV=XB)G!n~feAuq6F3r%~1oS(epT zxZFhZlAxgAXDvzXlOtRJpqZ61`z%!vR~v-mAVQt&S$zidwCWo+ZK^B=*VX&t#kYrY zQ6~lyM{HeHmGqM3I#+MpXe-%Uyi#1;7Cy1*zFApWaQ;(sHJ56&MPQHp^3#VFcbJe) zD(ZzLZ``Rg2)a3Jh%=PPo*Jl-;aVqN2G$IS((P0u_scCNCB|o8_Ke zV}F{vff1j~7}-86P~^7OQg`jOYyT?k+PZo31^hC8t)&SZu+EA(Trv0V?eUYg(o|DB zk8#CT8ir>cfqA8@qT(H(S2wVv3GpO6qK*7lA5(wz>Q&S0)C5T2m(H74TCMZKG->go zMVrtFr2zMfm9#jjcrl!1Pq@1;78c$Jy9*5`r+ZG$&du-QQFd%Z==cg7+0Jd-0zZ8^ zjLNFW%9ZNB{`zZES$xn7&!`o6Zf74IGJrsk17gh*DX9{(>06>eaLn7*TomT1o|(-xm)o0dd=1> z5S*b}>bFf_ZUR9BS}Y#{sXfisa@~u(yb@>uxj0DjB0w&-wQB=EA`-nnKOh!OibB6K zGss8MP?vvQk%I0^uq8N~2+c`R(%*lN#`YfxzLsV8SL|s~iHYo3DW{%8_3z)O{p2o& zC!@Nv&c#-e^(MOT)(Ou)*Ll1ZQ8In_Wg6?g%q_5&WF0<->sny6(xB12cPA?#Ab`$^ zoSGWFix)3~cddTlKyY7wzu6vX%#hscGDWd=U^g_wQ{_nNNsMH=$n|2}6+3e0lB?ZO z2*%n#2a08?zQSm3=yx9kugBC=bURc}jKW2hixfRv0 zxQ^G@4R*$5_D1SjU=R0Qee90el>6%tEBdaoz7>lO)UxH6STz#Cl!v5eG$439@C(cD z#O5eux4BUbDQ2Z=xGwjcbb#)X&avUD*4FXRhfLy#FXBQi9haLkRofq8HZLyLvc31p z5?xTAWq&D$vN7PTjffKJ`1W$FrTw$m3Z2JRNJ>MD4aV(+vD&m+jmP> zZeEh9;XsACt7|9dvBuh`;ON+-x-W1Bzr~9F>2q@QR*qtM=zt8wl?3LpkJ{@ayHKnt zPB^%Ap^(rY!or~?AFVW&qg#7Fn8gJk#PGYjhSZF{gA>0HxmPTDQf$Bq;gp3KfM`cf zc_ux(F45)-Zr3&U=HQw?i*dXbf=nDlDOt&z)^+w1aeHHju(IH{_tyI;OZ z7Q&n4+Q4T$X&_lHu z*;+7;_~sNJ;abeu0&Z3IsSv8)xCoc}E_asX`bmi5{P-*H>)^ImD*91)G2g5@5?Xt3P0dz$Vxw+Ueme#br0bURNhzK%1&F(sg431J@w>wQR*%W63i$MQbT9cD>5}A4Uz6w}3s2mM(%cNDHvU z3N{+dNthH0(WqdN2uzUAp9LI?4bIvm4%VwbLYAiTgs|GWI)3*WKu=*fjcWE6#4FrG z9$JxZZxz$cHGBE}sr!~LUR(&quU1_!`@;ugJl5Tap||Pl-y&RrH=i~PAYWk^hOpka z$jCw@^fBmbAbW2SA_h7I&_NrjHFDZ2`ih*-7741zvSs-Z349e$BuB?(4QL|`yr!?O z-&C)X&|ZutgAR!Yv0zl1(F8_<9jzIqc74_U@D$VH=RpE56Gu=GU->`I{=P{2!crXZ4#iUD4jFVJc>s{kxlGt#^g_;KkwIAhnXz%d4-Vj+Z2hE1h$0if-y#JPX- zhMdLRuJ#(MZfl&1Kzjla#;A`PH7cwbtEvc0M}Q|w!2~UjkvaM?kV0+M0EMd0=MYHT z7^uO?Rs`{SYwV_t8=HVOT1O4ynn5Dm>F$6rn1NIP=XQ>1lJX^RY_%Ub({9@M_%$%a zt)L(kVX771J7)8UgUB35sv36f2*eKi?%we7qNeGvA-0U0+8v{b)|cBLhf8@OFX0Uo@> zUq*}jomI%DoIWp^`ZCW(}vYDBH3X z*es57y*XViSOK7+iC00mJ9(WC?JKwnbk2!@`;>2W0-$Z}uQl-oC*jRt5k6u3_$Hup zC!x3v1%AXg+QG%eg;&b_8gl6AH22&&Agv!K$)a|?B9G6wLysOklE)6)SXgK^J=9;O zhEM*Qzn+%Xhe83(sGZPaC*5?xg~?tYEvAIP^Cqa0#^Lz^ih9Us#5e^PUJ6TX$;w#q zr*lU~#|nS_b`#brM0v;sB1U!}vDSpc^~&irp12YSh@)0FeMeYmvABhvAL1_DeFGS> z0I;6fFLz`w1q8$ae%1tB>Q3j+Ut=aT!QJE)(8@sAmz7$la9JTJa6qSL(|)HUG!JdR z*Lhywz<{e1#Hm;N_ABb?>181FpjZJfwbC)8N7L|vk!a>Vwbf_(mW2_BvnVtA^Upu8 z%a-cL8)NUL!F@|60%|9{_>VyV(jt6VQ}GHVQ%DnIIepmv2-!f|ExzX~Kp<0HSFy#S zqLS>F4-;Zne!U?gCMLyJyRq6Nt-46yWr?4^o)_H*j!btl7c$i~v&(<`=wy;nF7H(b z!29t873&{_)j7 znYo*ThL&+rTh-1`*REDG+3ELKEOICR4DNFzfCsTS7+%r2AOY9FelSzm6taQItAm{| z^0*qGCjL#EeONm{=u}WZ=d6>Lmflt4I+!7?V^g6jT@?&xI2mWxojWgs&}b4~gZ4R= zC(0oq*tjm&G|AUpB&xM0OAq^|I2+lAC7j5L8WWBmKd!oHFSG{RsWpm2fDOtgCvLuP z;Ty+(TvJmMkpMTT`p*tq^X(;3$KNR`2ssx9DS6eJ#LDccU^ld_sx2{uA5jeY(}I9Dl5#^Vkm#5Q5E))&AL z>2uv$(9+oCb}tOCK5OcT&5^T<-qJl!-eCu119tl{)%3!I{e2se2$^Jr-ruXNeCFmX zUfxJ-fvHXdz(Gx9FMoM?Tj1rGyTCI9+Rc(r?!H~PbjF^52Dwi#Rx(AP@1B;RI2}CL)5P@j#4+M=+svVYF4u=ISFYse+%vz~6+%M+=if{d2w7q9olUdX?9Q%xl z3U;cZViyZVK#GC|X(9>|1+4U5r8A?Vh=^mCE=rLqC4fKx2gFJd0uhj+s6Z$|A%N6( zouH0WuJ?Mr=XyVWjE=ya2W?KhwKRYvY$!KKzJ)hLmK_~X=Vy|+ErF~MoVCS*48USbJ2KlEyA6L%*7Sbx^(c0J#J)cb>V^Dr# zVHCm9E!_9`g3><6&1rJ4@@&lGa*iW28pKxUFh_T1BacnE8ER{15e&H-p#&1{|9g$B zr1MQeJa>tx=nfzj<=COhCh%<3 zJU6N2_LTE#YHG9-PiGNOqp~`rn(porSbhHN*;PxIKE5X}=s8PhN*^ZqQU0Eam7Dvg z!v}O89Njw~6>6ID538Yj432F}e7KqF8cxsYfo|gq> zB0=kaQ+4Fm^Zz&jrFuN(ahYNTmy?r|A-5+=5}1{A>jb>z9bc~0%RT2y;|IhlY& z7w>BFZ?+4%KY!Ln4oc8F<5!CS2<;`M2vWyrWbiT}lVv;y9dQiDsQOCFIkq;v9t4sw zf}`3Q5B0KZdQ5!ey?gDJ?BQV#p>3!4VY$nWl!b%{b~extBhFj1-GPfKuLpdGL4dH8 zoqzuN`0-<3D(dd1LqVO#78LOO`m0@5!yRcM+oE-`<_nah(ntV=T>f5CwY~JjOvMgl z`db(+rJ?bF-Li6xJk1fDN%5s8*Yh<|0X@b==BRBor)67gfyO5EB#M)61_hbRR?(4a zzU)vCmN317s6nsbQi}h&7aBt2by2JdvP_bRf@mItRALP(9MrqgZ%xu_$WcK@iojDI zWdg8k8&zb%0^`^_=a{UkF@bkUoq zJUtQjn40fJH%N?(+=1g!8}J`1Y8rA)+~UfH+*2ru(DJ)=l1A0y=5+{0!J4rOwoN`6 zHjUQY!jL)m_Yx=KL5~^1zFIC9C_&m+aBKpl=?Ei1e~U)gHhrLIH?ZE{x$WBJi&}Uzq#)iLUcHx+<#l_Ck33Ie zouyPI`xd|>Ij1~nw~fJj>d~yDGSP(obM4$Kp~w2BP7hGsvEz3$dD4J#L*{-hYuZ!y>w}2;2PLNGXp8t^bdYK_O*apmM@LtpLVYd37e*mGyk zp2kvMx1fJ)#Q>UBBnPl+$gTNEBcKgNRv36X!1ecm3gDPCn-LChRT(?F?4CRx-9deQ zv)JG%wvd~g$H#a4_8a$(H=6>ZbA#lkrcu7!!FXb8-<>1^;tIoH25EV9-JPUX)Qo2G z%a$oaq#*W|Fe2$mDlsypyOm;ur5A`GkQ3ph6lOlndBZ-Rc%Cw%OZ+NSUhc*kR{bA!OL7n5(qkl;g~RFY@IB077Z0& zUaB(Z)Ea`NA)Kh#vO zNhTrLuvuZrxy3@YX%)i~MAldQ8&Au~0eL%-3Ny>mu zg{;ilRjc-p92&)SCkp{MKCNVVJu?d4O*p7II7CO)i$ERd(1P3 zie3*{zsS6DHOm^{*1UQ1=9wJaSy{=Fn)x`yfv=|y(e=moPR{BA6HRW-2s-Y&D#M>P z5B_S(8i(wZcu1u{d;9iCXMK(y4)^{+B7^KpMUGoIR3f$;9RF;mK7_@$RFh8tkoNA` zW9vS0=i1U0Z77C&?nk*1wPoZ?4f|}ENudy&jDz`ELDa|*9`>%?y9La#xL%Z$NRAjf z@4_{K6n$i~+0}y%WQ=G&Kfn1vQ0Lo6I%t16Sd>9xRXH&_Jf5_;e!qe9F#i61m7#vN zG^0#$%;UTTFbud(u2mkv96sYjp!_Fi@%%<_$R?4trU5}0kWB2yf%epdaSounMQMnP zue2#)v>Q*3YZIuH3`=LzV`^%Vu*&2%t~1R=j*;0o?ub}(pb z&~za|K}*@ts%yzlk&T>8t8wgY)wX)`a64#RuffT9+rYLomU>=QUsi>+iKfE>Wx7_l z!Yn4#m^2W@oM{Lxnaa;dQh&D^I9#Q)aBK#F5=($N#!t}Nea!;6xdp^%+&cwr+#xch z9`hE9D_$1IC$kJw%N1y2YD{XvEPC+L`|ayV=JL=1!2ksFm8$s~lSb)iL&sru)~VwA zFu24K_th@Q@plsrK>=Z@a9FB=_9zSz*VoUyMm4{EIiV6JQh zTsfNlsICyEwa49(^|L-7*^F+Xawo)Q9oN2ngp8`NM-8AFB2trW0M=aF^%_80k377P zh{1!=Ja)G5wm0vBaAKH22E%u7zTS~zgS)18nK$Oq5j>8?!a=zW#aUmiOvBCFw_^pY zvmWmg#~lLc;l{07EwnUjOc;{tSFU~!)buq5P1|T`uOR97YG1sU!+D#$uf<8Fy??QN zxcBLm@#|+NhYHnh?9X zpiL)y?~?V#Tr^-o@@!|Ewg@1VQ9alq(0y8WtC~@S&YO%(%||DwTiogEs<()31OZAi zsfWXnWSCEXUOgpEc=;otT!S>@0I%WCyDKduJgbpbYC@~621?*IraSmj8$vs0?$+@^D%;LU%WVUQvnkX#52r%C_t*$9vhb%Su!(O6 ze=4o8t&-sMNL%Ft4iV1AY%yO<|rxae{eL?k%NpzSc-` zPfx(|Q=+dH&s?q8_!(Ife>~aukh{jKr_|b+gmvi zY>3Y8L^;$08j~KP6t#0rhJ6-T_o3sMFmB zoS`S_5v>36GF8Cjl%WI$&W29byY~UBrr`(W%dJL z+2~YjPGf-&c0gPE4;}fFCr_H9spC7iKJ)GI!8F|x%L-dG2-^-E*Wy{cxyW(iAez_j z`+Dp=AxS}6<;Mr3`EV2w^w_|yVOu2-FA3+4L+8unKt&2{>p7E&oQ(ye`}BAmWsAd_ zaTE>nH-4D-{r=<6t-91T=aXM<*zgJdgOm`S?`#3#(@hi5(7J61v#eW?5HZxay>UB% z5|M&g)QbaL!s)<-AVM_gplsaD>+iyFGQ}a1Np{VhJNE?tL_?s>I!l{gy;2VlQ6$rf zw1)P}@Ky%X?5Ku^l)jk7RJkC)%wa>Jek#P|uzS8FSL%Zf(@?b_~qhBhd$(sjgRpQv6lLOsco?yg` zhlqaEdcOK+_z~L*B>qwg!GbxsYOjA`Dyvq__9Zo}G-$PCJoG+YfpV zf*j$C0FMoob1_GfDjBvASuvP_#SapAGgVCO43E#gC5dg=r|4AV^$?Rx0J z%{=x9ue1wzm<;X~O>yEQD0jIRV13lN?v=Qo$OK>tNs@ z=s0jFE8{^n0j^0If-JNo$?(8|`)F4g5p;*NkU;L*x4{2nF9***DmvO6;%+!Ht{iJb z>yNbZXO&rzhz}N&O<`SDChgg6^uG5)J9K zNnPrD+_7O_fEfaM0}m6{4Uwo;U=XyIY!dJRafRz>nc?wQj%2&AlZcXU@fIPC=M4{! zok2&`P?c0l<6c@*VcY~g#Htsfm7CAAnn@^LphcogQSS>#>5&y&(gz6RoUh8Q-3O9XQBn$4S2i-)l8KyNtDBk-xW=$HwK=!B4Rmu%0D4oe^rkBYn5 zXf4KJdsRnm0TR^4@HCk!N`L24&=L2b*AsLHy2xnG@Zl#HG+3k#0{(H9b0K)yr@ zNm?Kz$=`J3<+Eq8w1xgpB8fr;zqEBop*x9bp`nRb75Wf1a$YnFK@T-a0AH1DPx6^D zS|aBINBR*9blT-L>QO!QLV<5lPn0-F4c=hu@4f2;S#`Kwin2k=S;*9+e9;I?1UHT3TXdTsul-mKvSz1=ea3H zcMZc!VV1p+WLu_Jx@~AU9A$ICBkFeR_&Z+h6Mg<$?`+k&b?S&Mk)$z*Ldo@18Aw$Y z(18lteCi?^Tt^JUuUv_MD1{Lrv6>kuDfwV7o0oj(FC323*CV?4*F?WD5wDR$QvmdjIQKiOuSc~AyVR%> z4^Rk;rkalU!hIQRW|CIFq?5)t9*eHMeJb2i%;}0-w;n=jkvnnXMDyHa@D(68-VmxD3KUy+S@t6gMFiHfdcl|SD0tofvze%hkwmR<=){Q=P9>7eR;&j*Gk)4~%)aZP>z72_B32_!f9Hwq zq>J}^q&819EZJ{ig9en^p)lO(j;5D^CVqpWRX&K4YV9Lz+tk%4(=N+~1PXATI? z7Z8XCzn!oT_B%Q{CJu>gwN*m?nRd4UHEpKY!W>`?>gWVkgCTY*OA3ssWKZFCWk9Q> zRS)xn1Bii4s5Jr&J=k0p*IVac1msKt1tOtSXQO~;J!q~4_SFVW_6qb+I#|Fl4ggXR zh+X?rid#Bs)20PeCf|nH>GGoeW%X!RXCF2GNzoTR=<50inJVCb`yggfbcPO5rw*)g~#aP`aWeP03(7PAhlnusAvR0k({om-3ZqP zRnzH@ApqNP7HR-3h{t7s@kRpIUaO#Bh+vjJLpFRZX(RzTYbUR>dbKtJ3SNhiWFTjN z0VJGNlM9gG0mR54X`8O9Wcl1ebDBA1e_uR*u6^v-UF0qBVvBnC zaO1i2=gFB2#4Wamjh)7Nk>`1^_EF`q27J=MKWUJhLuwDbj@pA!boY`muQ|NOwAl@L z9AX3w$wZ6lLr!1rf2EzBEJCv}@=oqYw%Z~`kkDc8aq>1E;-E5jB40^z93kajM*fVr z`*}=?T;pF~KD+*5hW_Ix$}jwLYW@4S_<6^#{r&%c{He6;J(HZ4r9vM+?l*f-(i;>Q zIB&7pgOy4HW*Kom!3?aM8oi)#f{Xoc=hBdllP1a z^;rDW{~rHs^E4Zy8?%HZV6>WMyuiTT&qm&b{CY_YiC_Qq)ot|s{`}*+|NDusIZkyzs{>rw_0dd^+p6qz;CtkV zqeA{nIrHbrlw2TULONOnx{0s2ch3-MtHum2Lh$R%>k}t^eR)48!@52$v%yV`XyCT$ z{_{m8BCgC?z5Fa(nklwY1o~52mT6TdRdRciGE^bkl&$)E^f0nK8k)L33!?*C-R551kAesSwdvf3j4c!R?F z>a}Y(!om#O>65+w4pfq#_eoob&r0EcgA2GukEYJ|S2~CJ6)GhY5RN|e_24{%*EEZbk%_baaaSoJyGYm&mje}#BwAq8y^t7iH*UK1 zL)+%(t2dHW<8w<8Jz_|M>H-nNNx;Ljk_uiv@ju=?#hhGypUuQc>n~p1JUf5tWQM~Q z!|SNcP!5=3ZZegcIE%gPhv3rpmnsn0vExHGt>)OVTssDEGo6_UrZeFEIJN^|DH1_8>E0{Br?&jbXoVYi11EHgn zgb%vXl8$Syj>_quh9@D<+iy{)DHk}YvZ`vJ)KAyJZwK&^`y1leaVQKrO^KkD#70K` zXmu=LZ9 z`=t4En-)qs<*O$p!?)4wI_ADX^E*dD61dRfTrgDho zE-L=piGTeHrKw{)YL_!4Y#NSeZTozd(9(!20S>eeF$UB5oB9;%tMR{l@``spWq7L!}g_ycVlc+qub3}g= z*81xg@HZ0~?g_RT%_KJnKhr?CBCm!UF4>^9WL(AQZ@;iLXZ%P)!L(JLcYusOO8(HB z`spW|I+PIIe0FUBv5E{MXwiD}ryuS+tsxAbr$&N ztgRwXo_ubY`_CV0@+(piSt0fXp6`@Wy0++c{r( z!nw^md3W=v7c9OvQFKkjAE*8F?nP@H-`Kg=f-m4!dSQi>P+gJplcn`-jxlpJ>{pmt zPddhTJtgElMSFSd9A4hlCvV<8yC(Ks|8B2E{`A?52a5+hs*kU4ckTCToEA50#l!rT zAK}GE_g{)N)IWxAT2p+KpZfAhrkEdeVqrY4$Y+985XnHkfB8%*i#u4Aa!gr+MQtg) z(^|)Tr9|0Uj=og6<(f6-$6wy;RXn+1o`l1e@4taRr^O1%iMFTJxTfY)Z1;8lQ;vzs z`_Bhxx|3|%pT8pJ|8p(iU`fqt)F=a~0+n*w2!Gt*F^Unq?owc>ygeY4d zVnvl(LU&T7zsri6&GXmm`AnjQE4aRn(Nc4nK#_>b#eMnv*MPwPtGE0gpZ&{W996S~ z;$aw)da8HY1i{Ng{OpVHcYNo^(W@lunf6x_Y%!p?22uXES> z=@Jqu`ChKClfzBYCNv%WBnK(DpTGXMFZe%t=N~d1Cs71t;o9PdyQIUMK3#O`OjGWH z{qY_IPwOVeUFH!m-_MkFDOG9AGoCuJ;5Q=jW~`&FJ@;_N{jsHK5fOKSe~JoQl{(+> z>W7zbLMxOwjWpH{^fsm%l^N70=%=Ll&8`8{VI9vJwLseQ$^xoG4w6NOS;OJ zR=xs4rm_9)bRXl&M-F1LE`8@!|N2=U-`48&bL+ERK}Vlu{MS>Kcm`;x8MGgNjOo0| z^K|cc`)CUcfaZdkdl6lnCy@3LAP$coTHFteZ?cFD!|~I{uUs&}8ck7c(Bxu?20f9_ zx&Kul?j8^&BGnzKU{V?a7eDKp!lO|BmiHQ}YpjkV^XYaN_?3G3^%0zK{fNe71E>%e zF0^8 zHu7y=U|%I>`RH5|S@zmPomF)Z zfwqL$jeurp;z`w%gj&rTOm|gtzzKUwWYA4pIy(WrU&dI%DT8Eo^7t`j+xlJXld{#v z6MFogffB|f$wQqb1?c!Lo|@P8@U7{!8^~NubYH~1KKtK>ate7$DS7y8MCl1n?lk(g z&BS_=NWv4P(pK(|)Z^X(VT2z)5J%{}PS`wdSV$AF`eZ;E**v5%(wppjqZ+{PFoT*E zk%TUxsH$u~5asJ#36B30arFJOJ_T7E$6Ovy*V16fXcQZbez}#<4(fqvYTDsz#IA(g zf&t9ugg6XHYk>RWLA+#9?5qWDTm6fWaVEIw#9-@M2kCu2#Y9igNgM8`X)0gwJ*?VN z&`7RTV1khrBDv(%Z^tmULF`g6e6#afM?O4)vM{{VF4VdX4*?DH6`;K6u!X;iC=(L_ zPWBk`@&KYm3;?~ozA#Vy&gN6$?S!Y6a402GwbYsi(y8zD@&^wRM~%;LaFZGwC6Zj= zm24)hnq7@U*Z99kW{VTAk82&{JTbvq?$JKJX;~(~Gd^Polo5w!2O+yDjGjiJ_8A@} z#o(GYzU_Sdixt^A1+=tD48C}m}qFfK&(P_)t^wr>VVchoB z9(9XEJVNy3ws2MF!K8Iy9eW+QllXbSLjX^C?s#n0}+Mk+6d7kHx7ctV!-HrZeY{g z1HnLsed|^xyZ>@>Lc%2&NV(@PWr93ei~%FXQ8$^6hlOzU6a!IR7}GLdx#)=#Sz=?J zRGT*sml6Y|qS;>EXR^SXa~O4H5FZudk@ZJ-M5EqP7I-HSwAg39RHAB;CVbZ8N| zTg})2>YY}IQ+5b@#R#an7Ks=;0U7AGEZ`aKj$Q_@!W9+q(G5XHr!kAc+o?qC{hHMW zV~}E^KwOlpFGa+p$cV`hW`q4eOBZ7iMC1f!Yh>7&;_&X}YN&%8m1^h!tJf!xN_l^2 zOX(YS%LvqjE)q{bBALrbZpTb|7S!9&RuP2;R(;cGf5x{hMAW_lGFph^1aRko3=!N< zC4=<_R3R{{%Zx>w4~c2YOZH3qPohw7dFBUvF9#F%gMjiXND>nX;JAE_68BtujMHZ@&*`d#`Dl09Zv&6QZ%`Uq{jg7xOP#6@Qq)2cm4?H|dc658 zKutGXnuH^=LkHNhOL_W{2R^KFaKE~-zgm&eF5zvf~xrZTwI0`SSH|!A* z3Ibpgw35|0SeX}VE3UmsePOEJ1 z05B6kmfr&l;!jVG20M&|R$E{=XPCs?_vEHJvK!=6z}i|2wBG{Z;(_51+wSp{h0D!} zY?!`&O@wDZ`2b)AGUGzwO%#wi&Vl}+WL_{~mDL)qD=057as53G{*0N^^ivh~4S*Vn zq5LrP?JnV95RK@P?Nnu*yt7WdTf zN+?SXp!v>b%;_eXl!@Yy{+T{Dn3=G3Pu8^pzL^4%v8kOoPyNO779m{#^;pLKX)EMD7TSpq?pf9h|iGT3NY4(Xxh-W)sH!yMy z3C|yu3hwa_9;l8uL7c!;MTMAOXv%!NUNnfd0&HHL6kY)2Z2;A|%`LDU5Els%=kz zgdc7Yk8I8gWP4mwJ{3ARpCochnGd)GLT!cX=*ghLJnjB=_n0X@EpT?nKIf^;L_7og zu!c$lw?@Kryw35_`YDGypr;oz)rSx^sUpOZ+s|TwxS=2jsLt0o3wVieAQ3|)L5HjT z4&6JlE=jH@Chro6GvEn^osNI`@cgs)7<()L(@qk^w-AB?=C)1AtJmqLF2^-)WJ}pL z6%bFf!~(MuL~jvJX0qCf@W^7(8lhA-W;fu$HCurRU9~%rIaNs{%l_4-r;PaX#A3;> zmMEkihExyJi2)LnQOEPtdJp$%)R7N1iXbz!q+Vj#8 zmR^3)fb7K!B=MZPz2k_WT@ml=eD5(T4gK$EP3^KL(3V(;z!!T^ZN}Mg#Fn8qIx0TF zrx+&1h7gqRp1dRHC*!=5PbCK8oRr zwm&AjYtzvJAF}URj_-Y`sV7y5cTgY#NR02oWumA(h*v8~qEs*;e6PR!5b()n5(ti9 zc1m<7 zUSTE6U5kGMk|2y_bKT(L6%d58!2h&Y$dugUe&#n4QZS+u-1`>K=?N0GDv}?YR}r&B zJXR8;8SZSbzMkSin^$pjz;gE@qm}aB6)g(=k6IBr5O6aZ+{w=Q5UCZO+gh^)^*!V! z+9?IU?IZ=B&Y?vx-WKD)sdx0sc*^1Qht!SU>pGf#uoREfg&w#fhDaleXxz*!(eeUz zQ87Fhn!$~&HG!{q@^9sAPqw=q9L`q!9>k#`&X7>}9@8KJP)Ed3wrg0Dfhq5SEE4d* zsVGih8xHs55%f;60Rykvo z>^?1XnJ8E+M(hVoSWFiPn^d=iORSA}BBJMc^8@?EK6sL>5$NIe+o8}M;-e&e_7n|?e)_xPjHLlqL zELz@1^a!ZoZ5?qakrdIAv0_Dh#Cs2pB_pca-N|Y1SBpyUu+!|Js|(Uaq%03%vVD`b z2m&)v_}7M{z;Sx1wJI@#H6ICaC^fs;beG-_NgflTkV-Qrr}8;? zU04uBGU|lS>SA+2R84mA9zQ0`exPBq=8&`>tA$AnC8ISnFI{Mbl{)J{6@k&SZhigL}jbIxNocA6$PfkCUo1vkhpzDV}$VP6( zt|xZZb|rycz4uO&L7{r(6VR?*OB7IvlIw0*a0h*SmA>Q@=yUw(CR8>kqW;MIROsM= z5|=s^I#RWOhQc683;PBWQqzIpwt`jjdmo{GctEcuo-L=ntM1;#_M+9M0W3$B~FDKb$uTCJ-l5zgq0!KABBY>(d9& zcz=qy?e_Yoi1={83)^ELfOCeMDv-SZXGvicJ^twLJ|Ta{^snp5&36KmJ@L`nokmgM z5~nZ?o8`yie$uXWd+iu>z9%&Zk6eX4{2z^{!H=!9I#=r#G;;9028+jau!s>96{(kbPz8SyT#A&YfRbR zBGOv1BV}m%AIzN@Lm+P4j6F4j0{y=S+vTx4QZ!rGYIuEY%Prbte=f|sGALWyoEAP} zDF`zmzd_tuqR1N~Ox+Laab$IjR=9EJ(mGcj9*PT$?=_*u$~|R@QA0S?njkl(?I;AD z%nnD9bnLg}QQ`;0HO(hoH4>!}5npx)??;?lPaM=#JV7u`!T*H}k#p2M_6ut1B%Oz( zAi7MlX_A?QlwBUMpt!!xvh#Dp^K4ceZC2!a+(^fUD^?t-RE*NJls|w^v`pK=l(Mz1 zB@NR++I65VvuI`$8jjqr4|g8TBUMNWsvi~l1|xAZChTLTeTGQzCVapb7^U3r-Nh3+ zE0k!OG0HxIXef}|4_?HSu3HW>h-Je@D^KryI-pzQ8)OVyIe8H=FnuVTvu+;h(1)>#=EX!{Y#eROHYEd|* zjT=c_8d_Q7t{$!+&&#qz2pn#jrWotsBXR9{5vaiY;e(7AR#o9|30QZ)Aow^~dQzs1 zmi<`%a@we@^fcWi?w{AvG*9#g16RyEeCTb<``afj*Rbg|(UX}jwayMN`+O-wGpeM| zr7O8nZRPcd_3nFz10XuKBwqugXr@HmI8+s68gDH)ORRC5w}gLH*Bm0IZp5QIq)f3qYKr}`NX_kEJfAyzQy*?lJntJ8 zZWVZBVgU$M7l=Qzc5-`r0wT3twZ6#;7P37La%7i!reDXdWw=2oXp74iCbOl1=r>Pg zV!?UsLQIfD6$B-EEadrGbqTJsi z>^n;+NY=_7`Id~vGV5OvrqmKmW=xfiO80Al_@wD|I=JsQ2lzu2y+^$i6>)B<4GZ5^ z+d6J5yF~9t@JM_^u6#`#Q};S62fNgeE;eIHt1`l2*Z2n6yB9kd@Fsfc(%NIMOcbu^ zh=e<$Y&PK$iUtqEWq&`&;R!CYdD_O5uCJ%OEw^PgTyy9Lj2){(Zn^1fC+Kbfg(}9Q z49Cq$7sr4&&pB)0YFO3wwegQm1)t2p32xlAoYXCT)Ds%Dogg`f;0@5sQBT&fC3@*G zlU*rO1?k zJ3E(#07i`B?Yr)6inhu;ODMHvOw6_g(ErXdcC+8kj5ptdUotKEiEV?C! z*P3pF7JU|kI&@YZfcb+g!6K-%BQX!hYn=}-CLiVQ0*a5WIW#*<>`Q?fzbEi&i)4*h zu5s`usven5=%Ja(f3WvfE>k>o|C~Kis@e$ov?)cEr7sp_TVE80zWT$F25Go2Ow|%e zidVfRCizl^!SgKw~akuX7u&&`~^X;J~8W;+ZlG2=*W3jxF{ZX*qq-bgr4 z03Haa#;7K~l=$Zo@RIJ{0x)O1&H!yE5@#1O?MBNMj0`Tt4yv_m>3n^~FFD{Y8Us7a zY<>kixK~}jKHW^`OrLsAJ`|0eg3Q6HCpMmbesrMU=KG#Gupboj@&X$k@M2peMR=+d z;W@nrBx6Z4a)Ajm71hHsZ6n-lv|$qT-JUI=2yZ;9bT4cRS|+Ev9<^|5qHDiQ-K|2< zzUrq0@?kLvH(1Gm#S|AG_{!tEUzF*&ZzYClMh`J0AZiQQ4KUhdxB(zOQ(7-K zIa~bO!a!GKr8#uVx06qx*cl>!dF%TNyV%DNA^d8!cMH+V+=+20LQ=SZqxA-Y6@xx# zozY`22_tESn*)9EV?fHsfi3tAlGYe7f|K{cobbMhGiYM%cw&~SYXzCwaf}`FPpR79 z#4`6ZckUVAo)qd`?jebaKS12GO^v6)9qkmqD+bVKft})N0!QC(&^dA>go?z&{fyi5 z6$Qc7h1l*vox^8HS1vdf>(HI2)&ZRjzgpD%;haGfa2qzA+iDf)+xIZv@6Vd(F+X!s(%P2bmAb;Z36KSxJ69fn>2xvpCg=04C)i8 z9`$b3bZMLMRkhDzdN-C8)R%Z;LhSe6>mOh952b%3pSqubS^L4YV~e&3Tm#?Q7V_{k zc%uTagXQoF7BM5X@oYc*8lR_#it>SLv|wl$)=Gm?EvM@g1Qwj~GH^`$)nbT(<>{)V~bH zp_;N{Ag@Q*h6<0yh=m3zI}!&8)&j(k$E{u>3L+P_ijImwtZh7UHC_8cB}_l=m-$On<5$%-m|Y*y+WPM7 zK!=H9aI8&D>I#^axUg z>%!KQU`O=6I@GZ&Izc6?-Qj z*_Y5B$Yz4RC-Cu7^hRtkhFKki(QUe~fAS>Sko&zANvBrO;ngM$`%hPvD)S|uL*Ypf z*$Wqtw65?fB`v_K-^4un#J=N|z+D`rKUbLHN9o z^BaYH!)dViMjjV;unvo#7%FpEOFJ!&B8b6Bd?e*UdW0vG$nH(umPRiH8+b9wi2!HK z6Og;VfVRU1?PNSg(uuml z+9jH_U^0Dg|4P&Gki6j-h!&Wbn9(kkb=34#V2_6~+)2hk zbeD>;jE*D=6LZ%}JjP5do~2rFM>TB8$MfQZxw%K+ZT0Zc03Yl|Pps5EYKj>_3!k0b ztj|WVs3CfKF)!&Jg_MZ{^g>0pMmrxPGpP+}_%3mv;p53K}h`5PL<_i zk-?+mjY0_sMWL_&5$kh|;=!oVfu8VqYW6s3!*qVd#4Ffzez;1kc3B(7*Jp|-Y;&@D zU*z|I0~&XXrW4_n@?!|8v~3uS=O<*Rg>?B{$bz~s9}N@zPcixF(6F|y=(X}=yn#r# zM8IhwDoSRWZJMWWrGl3GkkMGX_X>03PmPYJXpAt%a29f5^LA_r^JlJsnD5*i7k70` zK@tX|A*D(FgX(qGW~2Z_!nF&h5T6A)Oa8>?^7HH6B9a3k5K1kEdY%Xg{KpexV^?8r z_0!bw6h(}o!NW?H5eNCxB9zOdOH5;Nvp*$^R8Y~XA&TcE*DpPYZWJ+I4bs@TQ^T_6 z>d5$>7i3|+bPky-j`S*(X;A^fB`}g}`M3ySrwD>1I?N;>(JGz9yaz{OR%wehVgQ*WoieiIU%>EXA+SwMd9^sy%@One^Y5 zvxq+uY2Xdf$1rrJbwm$gZfqcMY!T=a$vU%95L_?==*z&v>OFtetBhe z5As7|aRb$pM8lz$NK6ft!kC&$!#q@RnO9#Lm4>6Y7zb3{hY=DB8C92s{@^_7NZnj! zJgML@VWM)sB5vGP@N_$%w{qnci6;jtE?j_bfQ)20+FT0=(!!EQ+_{8RwUR|zpUp;N z93wy;_TeU|nWcyVIiuXjfaHKqYg*CtY9>vX_IZXvuxQ=ZU9dc1Qp9&Iz$A|B*wHTm zHXh41P07MmA^ZrOc|b+hgFV6aXpu{S-aM6~E_O{)B0Cd^oAg^-<;XmU5@%r!?l@qg zq1-W2Ns=|?m;4CW&{ODqU*qJFC5=w~Tn-|_E<~hIx3ZmpNK-YttxI%#mWk$lxshB1 zXge&s56z<|pfoQe_#@2FvNVUFStkc9Z7z9O&5-YXF1vF8qkVp$DCabIwyd$@A8fEG zJ~}AQyT|0<{a(jVMMc)Uo?=bAfaI!BkKPMf>sj{0!-dBsau(95e4?M7D;TElHf ztam^%y_yKCayxQIz`ucl(#5HqZOCc3Ta$z1;t9HS96}aph89>d4Kw8Pi5Uu^8OUg? zRk$q#*AFf#sts{)9S?wDm%>LnOh`+EYJrs(h+g8;#*zBQC%{tY_LIbe*sjU;ZzP%1 z(T@P*n%5eA-K&o5l9$f_$KLRVm5P1>Ho2S7TjT3*z~Uw@XbC3K^iomL4UaxtmF*9W zx2()SiYb6J-z?QZpb)bH8D&ZwlB|&KI^d>FUML8-a2{%e&*+2~;jEsAtnISV*dTKg zcs|4!jCAt#&kPc@3o0MPKdI_~V(0e`ScGee#r@cB`h=LS1uE1vInD-LR35|Wd$Ya|di zcUO|L23pjcQDu>(q)nyrlNMuAC-xI*n-CJhr?>qGr{vBDf?LFh(*xZAV|yncn?dMJ zq!CT%KLAom5%@rH4ChCS$LQntq^(C7EC~Pl@uba~|Fy*CeP;fMl?O{F{2~V5ix7Ag zA;jv(Yzqf|YKMNtr?-WONZiaqbWtA80Ai8!9vYsP&^!=D3C%|;;SY-l(;pU48UqM2|#2n3Dk44ve! zU_qq%#&;V-pym3&q9&TMd)Udo9m8!`oXn9^$(=w_m}2@mlB83j!-wG&I9p-hs3X!? zL(hft<`ofm6J<(?TM15)W*i2ANNzw9%7^_~F{BO*l6z*0p^SIo9%+f-i9pf?-nr{9 zBFPrF80ZJj;R5dD)-OE{-XdQRKoM{U0=I&#ro(jUtep>usY?JaJj35LlKVjVJRLm= zm^c9C6AfmJ)PAgXls_3fahqAi{i61Jl7khu^5*3a)wACNakTEGi=$mbs9pYNz5Ac_ z@n5*WSY0)~2sJc*#LRP@02>iAuEqAZRj$NsEC0}9GDEC1NOG;@)|{v4avld*Nh;+J zj)nl{nh8_L1C5r_wmdp8m<@yyvIypZ)l2My5a`GjX~x`uc{!?PwCx982YSsTW_u7E z`s8SXe!vlAOrLGW`fLau>egQl`294>=w`IoO1?G_hTv>e4mfpf`^BTZSk8=u^0FN1=x}X`F3~kcb*_&T|}^W@2|JK{Qx8E zVx@X1fO)bTJAW<*R3A^@Gvk?c(B3W^`V0yO@(^N|<)udGD_Nh7yScZ?ww#ErVVA6A zX~>Vb1QM@3y!4IRNmOlZUerE~E!W?o{(I^@!t{QEHu4;3l8?A+B559Xt<_de2p!$ruMY$HUq1fApL{6ibZj}To*@w7{B?C6!}C*MQsz>hGa z$gahFPYSZN1SSDxc3l=+Ou%vi+yzu9Lnxy;e6%h6J^Ux_F9}F*AmF9ZLib)))mmZ~ zH#UUEZ)+{B-K*aSYdIHP5Whh%nC<~)<6+S^khTDX+%6!)SYC~xi8&^rPP*67q01dWQQlHH%IDR$xJ;r*oKr6u9py}+%;FXCocFmx?S?+HOm?lJ ztg~gYFL?q@OEQo#<&HRmz@OvHduFODQ)%ly^v$0j#`6-&l_knY;76qMPa0AK(B~1l zqh6_SS{ELBgp5Nh49J~Zh13^YjPydu8-FlYK{XCA+x)e(tA*YGShrcBhN)Q3_i@pU_ z5NsCUczBJnycPHwd0ci_u0(8}ntd>0J~b~_7NKCIY+9(C$?+zod>4G?5_X_>!lh8T zN~Y%4rQ(+rvdzZ4Fs+LHI_fFV6>) zvZ);F8|5JeBMc2yZf&?@-1W=%3*)I2q@CEUvU4XG`&M0LUj>anTCd;! z{l6IE|0BBdzb|yP5j=L=*474jaahaVPx|Pp_KkW>G2M*%vH0m&J(yL5zS>MS)C}jz zz=@RqM*{#Gn&kBQ8^O-xY{y#qO`3R^d zJjJl^!i5Ho+Qa!{{bST@A?~*owttV(xao8DVMXJV_Zvj{!hH?Wi}}5P`;&=34YU_5 zU2^TYirBU1*?Gu8vjAHVp35eX3Q&Su7I$%fVPN_9N)*$@%1X7pjp?=I7$bT3C6wM^ zh%6tU`zoLKBT1xCW@#fBOHLO2%v{oqChoHBN6FQE7F-#>sc$k8#iXp&$95ME4_{F5 z%oQJRs$z(kq`-N5_PO%U{?Zx+rC^_g26zg z8Fg7HVtdsp!%Gx89;zb}M&FUcA`QMjpZoF2e}2VB0gSB>HZ%8W*plvBdA(62Y#q?m z&DeLI`%}}z|GG(({io2%jiIoGCXXWZcyBcN(P;Ach-1(XUKxJN>8cd(X{|W}$fD+s zPga^PAK$jzOLj0<#!T3~eC5Ps{j^5wCti*fnj8kT7xHoN zf#ko99!#IHMf*sIs=?Y-rk{+tm&E;_S~qv%=!cU{@+8B+P@vW}G>N#&55m8qijB)G z@RI>JZGRdV8mK#f+Oxmw4tU)fYMI=_Fx@`KMX%`3bN<{3qKM0VNF3BBHOS38LZuGc z%^843mH&@b$HR!xGK8i}g#m^Ho;OBLErZC7q3 z0dR9Ul7s9lh|>h86Q(A`XOg}lW<9=tDOJ{Oxtl3drY7g0HRm))_L~3@K(g7gdYtS% zYw}OG^Sn=V7$wBn5UZVk8-#M4hH(Hpyme=12Gh7Tj?bj+7$hked)g4X`}x6}UnhCH zu}dpLJ?|+`oH}>uT)rh8b5v%fw$9wkxU~5h-<2sO3erqkKMz=VY zu4nuAg->}S2geddlbxrhC$aMVeAy*rvHyZo*;!nrR-gAj&@T$*;p}G%i#rpVmkZgT zp4FB0vPqrZ)hq!%3iu9~>-0E;!X2(?Rf{V5PS4L<@JY)d^6b?y=jnYg4z zLTx~0PF*vGA#uj5?=O;X`y7Yz;CzxWyWGN3NLS9Q zIR}lV#Uu&Gz{0_9G!u_X>*sEriwn%XRaJenX!|tRktq~+S?rPQSJjC%hcY*O-D!O4 z)WU_|!}+|9k|vw|1A63_BYG@r=RF87>EoM8>6`V_BTTPJN*fWI;te<1g4?oA<{^Og ze$VH=WufKYp+Rhb_%9`W0=%CyGU@9H4e2y9r{PBSEbh-){WOQ96koA}PB_mvbf=F? z5_IhP`Q_@iPZOF)LMX$%_JM^zcX_`# zkG)!c%G^Tjz0ah*b8p>nR~cXS6d&swCC1A{BOz(BX;==CAD<Q+{&jB2+{<76ue<;jPV8m~&@VIk1aj)3Q92a1Wa9Ud;_ z{$gBV>dfvMOUj$z?+XC`-ceZbdp;~wY`H%Uq{qc>C-;W@6i^-#O~?}{TE5-WdXg`E z`#LIe1q$cE-?S7ieiNS}-z-qDB(<=gmWL>5{&sEPu4kY8Z~bxdBX6b&K?BR~_0EM) z0EyMtN0EP|bT7cYcD$2#c$t*d3$YDr*9XMLuWcJ&WBB&bMh8&WiXrmK2hvDK*M9t4 zYlKFyXoj`MsHOAHovH}cPo_+u%1X8ey!i=h?;#Lc(iW?Q%>87aki2VpnoS9aosYvk1FMQY%M>3MPN;`kt&j+ zBQ`oZMHNwPbzS-1X4hl3i6$Ea2XNZ2wI?QR@HiNs+WG%&MFJCV6ovoGZQj=;a zA-Te)E=EhWw=?(%JHzU0+2g^%irCmahJAzW+-P+hMEjIRuQu<>C;nSfJl(&f;-g1q zNV(RnKP;-7uqWB2=t9LRjjxi4`qyByvnMGtI(oV9Ox0wUcYms%)Tu2j_$}&nyxx~o zjo>f+=RNxG`1)E})?W80H>B@9-c)e8-o$t2>VTl252tK$U#Bi)$E7q*e+iU0}yDm9D%;VL?i$X0nK~ZX3QmhVtNzL=@>F+%C@=Jeb zYU+nm7EEK5D!qB~j;6bZoXvW>LUR++2A#{oR%|l8l4o$Ju~bDz=gVeK_w!w?bpg0} zx}5@^?q9!H;^Fo8cVb)K6lZ4kN9D;|9x^*{aD{kX@SyX-gQH9jcb!IIiC77@K6S$k zX%1dYNPcxd9=))Ek*SyXV%Lf0hS!-E7M00WR*hj}RD--c`l*+fvn%?7wOo2TfoJ9G z#@MhQ#&9}$1X5F+6Z7h^Jp9{xa%w9FotH9My`4gR(Jgg&73)s<1)lC@?R7V9$Yp5U zvtdWrEHr7{@In5jho@X)`x&dcim@=>P-bRN=$Ui9ogOVm@d6%9mS}J1h3cWct1Ir9 zT5B3c+px=pJck0LMXM838!~A9hwut`@MG#aF57T5YG@u^Ij_H%(FG3SDnNfry}`LYyO+PB;ksMp ziyL>|sMY)Xv5hXiaeFlLe#60~Cy#(G z-=wL_nK_>BqZn9P4}10xZp>t@ReB(Z92+Wm?R z8#!G=NCnN7JrQ6KrXQbrS$LlfsJ4gE32lEUJ>IVfnLtkf3o82Hi=sY$W zTA3*z0PiEZhpSs7tOj-rI^zeD^BXvx?(NmX-j&A+Wn*l_kK7)8?DOJ9ulU=xggklE zeJ#D6(haQ%c?Lm)@2*#uKF;%0i;OeJRw4V(?!=eWQdS){olapXxDDPVw~}pc-CAhW z==JeNuhI?;4b|R`M?*t>c-oAO)-IgRVUa7WLyZj?i4J5_K4E4u6P`y;^_kvQckm$I zpe7|t#@s9 zcer|@li%B3w_-(MtY2mNm_kn<}LBE`(EXb5CrlpoX%})RA};f-(Kgx zAj*4A=9N5okJC?woGsWXj`wXA+Iz|wH44k7w+}g=I@RCX`P(G9hRmKRd|x=76&3iU z?F-7QmLlWLMqD`WeY_}MM6r2x+|@g7F$J1xm#{3qE%?o`n|3f<840k{hjkW-*dj_ zeE)cN&U@a&+}-!R-PjL9L~6=Ql=@*hLHD zFWEG`@$M*bHfyMn9@U5^Epd~pD-2JXzJ9T*%iHJp0>UN4ItGpl=36dWD}ft$)|=1I zuQ)IE{oYrrB5R!`SxyhN0&FUx>^6>RSk&*Gk>WkmckaXDMcGpotP-jQ>c=*o(vkWt z`$)&buax~fKwsN^l}QRG>OW8UPIrm=WT)Cjq{4-V`hUU~g_l)-9HaZQm)*FLQUzfr zzxk4Y3I9#%e{;GYeOEh4YNzX}x)O!U54L|;Ac=^c3X0(es|WXUd{?aU4YoD}K(ozW z#i0;qO;G61t|=cY@2#>i4~Q(o!Py@3s{v^SoLH-xYjJq)$wqhW z{g2Jsmlx}Fx9N0bRDjJuM^`o1LcGzA?D|p24xX0yRv)YyZMDtof-=^2LiSeNxQA7R z=I{LX_&eZal_&(c;ND4G*R1Kt@A{Favd+xyy<%Q!L`62$>~OF1kgNDj{4r+@UTc|* z%foLa3~F_ZT>qx&3I6yI@2WOXzA-V`Xw|A?Vok)fk6E{}w&T(qj%7L5_Ia#|_!4gO zG*>l0HX+%@DWmlm_gu=WLVT{7QCQXCrl$fNA=d-WI;(vhpLjzFhHAw?r3e4?kPjG>Mzw%XR+ih)}WXZm^j9vZS@ z$f$YI?+)opNp*R*3a%!2cOt{u=_mN{g^k&U*ac zi%CKjg^vh>Z{X;XrsSrYn05%F=7HKrS#nEL-Eg)y_w<@MwwG%8k&_VC0sXIyG5IDs zk0ufzSx-y{-;eUN;^hYUeo#$A`lK*19Yb*jL5CR`e_8&^YTp?n1oyG%(=3}hZCV=I zH0RHq8ySG<>TGWV8w3TQqkeejWOhggfuTHoRlLhXzv)UK+4qCpf1Ln_{r!H83ojG{ zS(mz5vIX2TK|i8(GMcQ-{98-11G-drD^m_X9r*a4939zyFm#?o(#%22c` z_ot_)ua4eqFm>wG;D`itM(I1kF8_YWP6w{G%D;i}CZ%9BzNww^^<@keF2lVkpea!i z1jcobG%);aXm9lo`b8ivT>~BJ%uDcaJn5-o3v90c)-w@P!Gf=y^wlc)EpVy0m;hw8 zE+5(Ok9X&ng4^V|Oixw8)}MR`aCZ_u0qUPWys@9~!Tx8_;ubs%K*T;Cw*%kaXx-PI zTrSN=-cs~_*`!CWzhVOH3^L@s?`@s4;;XOHPwmqymm3=oCqp~S8P@3}T@C#i z;N#yvXA1;)cI$NrCPyDuGEPoBF#hXrvP8e+(>JL>qtJIo35GB}a)UiBS)Y_tZ{EDw z1KJ|;I7x`%*WD*;w*ad(>a0n1kJEmBCe)byc562t-ej<#NW93+&mR~qVUwN|1hPi> z7NBaJ2lII{2)Z*~pWWlQtifN=FEgD?Cer!H@ImVg)j%>iRfE*GZ^e+w;3tPc$*&|S zbOY!wj|&RO^Wh6rUm;<`rMOc#(7>njrPkXnxM6eM!y~Y8CG!R9}D`cX-wMZ3-l)^S#g) znrmcag!v3V_d=6l?8M?EiTZ2XFR1HISHTr`wqjwtgJr2Rc+dM9V{zrp_m;TzC7osi zw0@VXFeEGkRE#nb8>6yjhGmYtikmqVegMav{2`_)Kj?~qK!=_18xzw>SfS0#+JhWn zM^TsP@(Cjj__2Mq(N{DmEHcsye2ZY~_i$&*07J5HLp4UTc#-)cEiH)o$QNHNvRIK7 zL!%FTKq~kY$?u);e)(x2A4S{y!=~vZjPA1nW4Ao(OGbJr4Vxyci~B_s0ZMNMJ#|Qo zhqXYkpyXw4l%-34M!7VWkS$s%XlLLqx&UyTZcm5$BSqtH69BXHYRlO~%}V)hTYSVTJT- zf-tNUq*kvddTJ9PQWNh;B$c-3^rA-_sxhM810=(`wvXsx90I>ijlz#y$?veTrz(rY zNi}Fw3tp97x@S729u%~6D!%F1g;k&H01bYrQQh`cXJFw_-y4d+E^@I^!<+t&2U2GT zee4Gb*la}?Oo)-mc(UmS&WbqQEY43J0CHqxVYHjQz5T;e%8I0IcEaIhXdp<8_TR?0 zUMDw6< zKtet<0|axBXXG8)u^ZDMF&_vM63fXNxX;d=trE$rwNM|PnxO$rkz<#gtFEj*D${|X z3C_NMxepyOL@)rr*r$tm4z#_PUc7Z#5%>c<8!jnHK@tJnqU2g zIzovp28vYdxS@3nXP0yN(fOsA5a$V9wnp;Xy-LyJrUsT{KFh(*w(QP>;M~TVx8vq; zj#wXbB4;OJ+aCrMqa!dw{maALye|i^47yk-a&!BULu{Xpp$OvsjecrQ)17Y!<8mym_g?3cRMBFJ{H%W;cX)@$0yXW ztGrVz*!HSC-&OXyJBjeb1-1lfbxo63K~6-OD_F)7bNgneRfi58s;{weSJUXI_p0#k zKUIDMMn|cdU@D4f!eQS5Qf>%DK^S0>*-CweUAi8o13Km{^&p>~^0A9=>mnF`eT^K~ zP@=oJX)+12j2z%wo_%iL&fq{lI&jnVAGxiK0tH;SAW+oIotm4%hu|qQe8Cwi@@)GA zl;2!7xOPb;W`UTT!9lUjtWobeGY9aW$uYIG$M3m;1TI9sh#K|UF9+q-NTJX8TAOl% z4ZqaG?f4M9cvNc2_{11=r$r-=8_-qukJ+>z5E!{Q1}c-e1t_~uxV_)S50sNY*l-l~ zo1u;{wARQBTTI~9HaLOSR8pw{OXxtt{HfEUxeDE6sCt-m~Pu-GoQF6=Ia-RN%p-gP8m8b3I7BQvLpK=)+b zR!ED%6n=Jp)34Z1MS^ljRDaY@_C|Czo0T)8J7;~svHAGzqdV@+#-C=IVpJ`C7{^TV1Cz$D@fr*(1gku# zEmR+ni#WXf_53opf*c4?cZpdYgPlSnp0ZX6sC-3n*V3*-kSxzo0D5TW3Fn7k?unW| zHkWyMK`IkHC;{hj%(3bT3W zu|oD#0c2BDG%|yw8U#KU)2ZY-)6R#9X?_9r9iyMcSQ)N^v6Y&8e!>vsLEv?&)`Q8a z#=L36Gtw5l)Eie9ftgN=qXCGch6Bju}k`dXVl@pG(U|^?hkp2)ir^f zZ6DaWuC2+v)5*ujXLN0>+OV$==u^bwf18daYS@O|y#K+ZgbB9kw|LSelr%)FY`rv@U7+~8A{T2>cg?an7HPOG zhTmn-6a?Zy50co0I||J}|KWHj^SDcAAeC^j;Zjw7A@T4aqZy^#V45^Bubt3YWsK-En}$U)Af=kM zAq;O3m3YX-P7I8Gw#&Qm{nOvd;Bw?Mk~Dy|HO4$O_pl6RYGu^+*`>o>rId%b&5p963;}0ux`NMp z1}P#8v|3pxWgLM2E6e_ZC&Sw`I6%BM69>S7D~IG&7H^>s)Y{lXpC>7~U#& z>68jq*2}N$Ek!}5RdDG5?grjw=ci8al-&J-ll ztsyM25F&jqh$VR{=Dk|Wyjs%PE|J;u9!aM8dpB_WPgHFIyZ|tC3X)cs#dWqfLl?{MWt)B z3+Cy%zon(+%tpG!%EZ>kebVCbfa?^PVbALXtfkarl(@|XE6NrDJPpxw2u&=?XmADf zjN%U&^74R-gx!XdH#BeUlv9hDWUH2Sepu3(dvWKh2vi`Ye+{+vfQ%-3kUNs^QYJ_V zjiTu{V2Wh|n@GvT)|qW@@07s@%kq5-kQm*cTv1IPNVpJin6t{4n)T3qchqag=*g=K z#8wNscR&t4h3YlO?A+EG ztm@xGEKStrUP2&}B}_rlK5&h@AFjdyP6=6mur~OntL&p!4Vo>Fy(mPmPxt;d*@ojT zP2j_-T1E>OaeHh8#JyBUn9T~843IZp`GT}~+m+9rCRV7|-8(gMdQh1|6XXc2X~&Kq zkMD)F2#Xy4z5%g+K}cT~O`jW2_jc9=o_^1nQmuWF6 zo@%)v_3#=ksFcMUuAo4%9gr3CT9V?Ph(qPU;7+`c_*{F6 z7K=FibVKJhA}n|+o`rzaQjui<9NbhVy;mR@RY zBh{b_+f>h}AEv9QIBs^QR>N=8y^ zsBQ|c+cy(myiol+^V9gn8Lv*7h?9!%9>uMIS8?>vpDj|5ugnJ~AWkxJvAKgA!`dTl zH6R#S_qO^PjYhx2s;^FR6~jYf39{avWv9`vjIfYGd;IGahmhG z6)W=2y>&hZ89?p}D=%E?nQOr*RfdeIG%h1IR&7W1X#Z{QaN_eo(9-1h*}eOLjdHeopYTJm(fKCbL+;#5>_Ab-MgU;--~!X{(Eh10+%14vUP&uJ27roVcX`5J+kxUf z^jDj1d*UfoLIA_o9+ZOxg4}5XQ6JdtEje>ECj3~f8g87V`?zr{RQwK6=}SvX3e#!d z>2G(YIQ-hR$xs*#WTHzqv--sBfispU<3Q^bsHF4FtLV2MXmRB0@T%<3uaJqmf@Szy zCyE~z2h6&W*8ty@;mkFGbw&TEW{qwE2B@B!vFyHWr&VFOW@vQS{8{l&A2X zidfcY`0&`Kh?-*D$+}h-x=Et&Xh`M0v_KRL}nt?ki8hGq$!PPNq z@lR6O!v2ITYcjkYJr)G`Z^h2@{O0-Rt(lbN_%vq(g?M!cHnGMvl^I^$oj?mt>>PH$CxK z(6)3}^!g}NnP;xyU>yV>rhQ(LAzm&#xrLu2i^%3Z>yNlCBa~UM=M3MUz2lWKYd`-7 z*gkFWy6~cX9}=sey@TtxdCC!%(l*#<)88M#T5DNvxme zE2}8q+5S4%Tkn3i0SNxeFh5T`;{eO5ywVCHif2Az1aj}gz@9}X`|sfW$k<^i6^Htf zaVRnNobm^#%Ffn!YlUC}6>ya!GxxMa0Ff_+?}}hZz$ZwvBDkLpSiWo(+b<9mrFdfA zfC_zhl+SNjHFmUA(J&paZvMriX8i|0nLSD9RrH$qeCKziOc1?Xt4->W6vnQOVMWef z4a^L^(7TDXOfiyMTzOxA)8r6Xt-pI$++-IwDk@-rUqoC_j9ouS{Hn#a#79Y=m2w6i zq2ZrR+$pK3(!oj`rk2631a85^7`<31Ohsf&|xoq^iVllu=^2uOH1Rg z{;>C#kfX;Cn(a5oeCMA&G=NsrS{$OR~dO6?q+s$dEX4G1QY^V0; zNL?glzQep+QSvVH9j4@$`O3&GM@LcAj8jUL&L^>hT$KAIhOq#y%a%SG6-ZE3wW*43 z0yeJx7etapmN_kR(I==>fwT3>@Bd2sn+vdxI4~_0qSe~eU@1GJCi+P!iyhkko9D;u z-E3`rnELdKdj8_tw>GFIDA>fGhCqdECJRQr|MHh5cfQJb%BOrsLDMdZF$taSs5Tk? z;M9w)&#rH*r#YK-LQRZH_RK;Q&Z+f8Pp}cXM>s9XD=I1~R?y#xSeaT67)4;|r{z`u zD24Q2Vl!C$Ptfn*=K`rDP3k8{?GVpc@re^oc_Vz!6RHT?DRofT^%Cmf%o7&>CE_PMM9Mk~X= z>veX;fuDAF|MABufA-PR+F9PTPjmHc)m^SyT8H0#yposqsu=bT-goY)`uWstGsfQb zIUTv)Y}Hz%9(w-9MmuBUH6^_CjlM=Pcch%*h5-5XI1Jhtn!REJ!W)=r-L?Y&oNzwno zv4REH<&Z8cVS%{+g8tNTyJ~bw4*+Hu6@gkxJ1MkB4v?q`*gh%#r6) zG=BQ@=@>$OJ~44eSOZeo#PzST|9FoTt_z6fIwalx~Wj=?eF{K2J{>jh=h&X@coAq_vuwL#A2yTuWvI0YTV#*a7Zf$H_vTazPbsy+I!@D5j&5hvN{z!92*Oeclq=kb43rmpPUG#)mP7^N9Fl$ z-IZ+Rq@x!a60+GW<6OW67wi1|_cIk06_Wv;TZ>|x>q|M|LR%ZCODd}5*qJ40Bt|F2 z6yI{j>NRXZraS884K?^q`ww=#gl4MqrK~_;68FV$w(yT>1l%qD`M0EJY^gCN-2i7> zAv(<5`uggfw>H|v`}9Z2^UT15)msB!BIaDFv^{_W+kOq#meJi|D9ocRCgaMoH*R|H zt4&#PSA7}Is=}UsxOrF-|R?26V%7<0=SAs7XHRG2a%t z#P~i3kqJDgx5@eXQ4bK#iM5#HJc!D5??ymx4@z;AEzYd~hOE2B1+Wz?Qm&^*g%brt z=8#UD2DS%>*sG~W6-g^diz55^fSr~;g&Ck_t|f4GHML$16N=w&hu5oG()gOW1C9F8 zX{rrS=mBcl*+@isQt)CMp_}`YB6z53?-(rA5sH4!d^pvF)2ec)E_=@zaPqi=Z?_B-k1chh;f!oM20qMqQVLSa5pX9E&i>ou2a9rtQhxNX=(aC z88lCqXBng0I-~lb26EF23AdBOwV38DNn~mF}jXMgAW?(&yRq#^(ck5a%Cf0rF zOU$+sK%J0{LYIw07F@QV)54J{wO8lI&wfEe62PHmhbm43|Hguz0VaC8Fy-d$&F?t5 zrRI-SrCSr4#~inwUVi%fNZN=azJ%4wn(o`0UFG3{Rgo800cd$3O}d16MF67N94LYt zpy#(Yabk?q3jw`U@(Ix7@eY4lW#1&pq`~|U z|0X1`7r$>FI(2g&z{`s+>&6<|Xk%VnvE|kpq}ORI#;>n0{O0*q`%69UjA?+aPq0yB z%?((wBsYZnh=2v=Iyb%E>UAe(mt@O!$$v`8EyBzJ{jN+gef;N6PXIgQN$rmxSKuUE z$D#Kd+gZ%x7*;9UM%YNj^chkvxxWgBsBAfT{lwJ7r^qIJF!uc7Mp=2J9qSJ5F*EgI zS%FgD?>a0oyy)|!TniVI{*09Ow_`BtPeZ1THShvXXx-p|`@-%r*w;njPh$s4={Y5$ z7zg|u;1j>)M=4F*46+dpW}%Qjge7v}%5Y@obcgY2*cv%hS{kmEcVEZ*(RU0Lo<+E^ zLr$jA6HCNyd6Zq}qBAU9YQ>I76fRuhUVu-+5!*;a_)G224_G;^$hz3{pGM)`9|Zb| z!&z7v5rvD+7%*{dKX`#OIcCF+(*wRjoq8^{@PY9&7!(8dTef+lzX?^&nqji9qT=Pt z3ssD zUw1% zN?bhZt|6JRVLYjs2KqFxi;R%q9k&Etk{tUpu8O{o&!(yQeHDL44E+>;kCN7dW*mYM zPMv<(?Jpd&g^j%;Y~{Er!9WNcEasGQS^A%OJDj{TE@P%stt^2m$Aa@%N#)~38doQ_MPN6R`m#?gF_BX_F$HY}1a?v;nb z!IPGAwqAruajXoa-I!>aNY&m*6+Xku)~BHTOz(~b3Fqr#7A{&;78(|@ACWA$#$PYy z>&T@d%(V|0h1_5=sAJJ;ui=W74$%2(v0P8X=*`l^r0>@P6(j0T^p5zG%HmjfG4bdv zCF_Mg#V?)V;6kX~+{GpgcV?U=jaS$^n!NG8k24VdQuOo>05TYRAp(}d=zE>Kz8-cG zY%bFYhY=Cy_?;6b2L>t~hWlt50Ti~V>?XjU4kiS#cedSgW2!5z$b)SLVtSSbb7oE# z>DvM`8WZw~c&=G|cPgd5#>NEHl&sAGTeBZWR^~@adbyOpe7Rz1^OEiUMm5ad=!V78 z6aYfz$_zYr!N~-&=4oUw`Pi#%ecgxM{IDATz`)^zOz&^U#E&z0c=gy!QR3e^>FYrL z2|-S5-VP;VUBz{y-W)F1kp*Gw@!4N1BOlPk9E|}Zl(LCp`+;bw({YRqGE!1%)?ZRF zix^LO4F$X7s^~yV0~L64)6ISHM^(CqF^9)YHsjPV2y*N?*mWbLN^H65!B=Ou>7HDx zlStD-rqN524JaX7MRl}|vxYLTT2|G31XL-^(_zEf=SUtM9gm7_x*-5F};`UA6$vUHHsA zPD2(UV>0&6M77HiaNng{4jW7GAEK2X+t=5ant~uC9>%?moKYK8rWluScHP*efmw{i z!u93--5oNE4leaF(y6_gly>Pzl)=tV7&djMuJE}2`L|9v=T zWC4E`h69-0zROqz#X8&ZK~6!0DJxVE+{spR$X>@(>ssXr1ZJ z>SW)OG+EKEh)m`e(N%QJAu|GNIE*92`Xi;%b(w%FK5Y5VRH~Dy$3lvi zEQU?a)8OjGhW-q^bY~lqxfBl{5pYq$0SAcq9pj?vHWl{hJ{&_a)?9m!a>&Z$?ekl< z$kA;2U#D#_b1aO*Ni2T<_aH7zhjQJQ|MP?i2U!acsEoeVL7N}&MxyU%AOO~5=*-Xj zxIwUJTPW2`D@8Py?e@7IYss{6lNs*bW-IQkLBmpn(p3DzvA~SA8mAFr!1c0kZ(=ul z;^MUtP%Nx!SCJGdzbdE8{X^1H+xrp)w;+y^&lC1PJpzH#v6hcLC?fK@!LSEn^6{zO;7q)KlV zc62d-#R2AC8<#a-MM}+44jbFv6U5Q%fRVpK_fBiaRO$IbuL6kqsl$V%r8(UVF5{Y$ zQrh0#&CJwIH~^3-CGk%Fqs0ipX#k7LFv;@DV>oGkWV{yUIuaHG2*?YG3B8Otjs4uR ze!yd~MemAZ0oI=PKQVNgML(Q2w&aN!=<6S8PHfrnuO)r82OJ|O3Tco!(G0%3V}S{u z6chBxFpr&qHEI%w?DvH#LW`oGCT>7Z?YkS#c7F4n zK>9Gfd!(k;S+@RV);V@!VWNC_rBmbRR+NTxU>wGV84n5K3U}|_dseFo2#K6jVaKpv zi6(sY2U!jd%ZX?Lq1V<6)n#-8ZbxCU93mC0(*#Z-EwlhDT#1*{>nc{3D3+KgwQgi4+THZaD)GM@EK+6qBzv9p?No|a^Mgqd?<&h zl8B6yrZ8Ly`-<&m(j;e~)qDQeJrCV`t_iIB59F#Zu?tPs>&)pRRjF@op6X{~trYDu zRQGiC?OjqMb`kW(VjO~0kSQDt?@e$!wLz#kk4QwTEV;kNDPKeWc2d=T6DNLQaAQBz z>sSVTi07~d!pq5)}D z5VDQOfO%gdFbiQ~*WzPg*ySA90#x!mY+Ui(gYZXQ#|!|tmWgWi4s5>iVps~0{DZZ6 z4Hyk}%S5<<^jgrbZ%H0aTNxBE(216cKLO!ND=nWBWlJCx1Ph7WpuzkhKi|Qu=ha*3|k>D&36g&B$->Shq z1_XDu{u;GO)wbaGo=)}J2qDtTE?Hw}*@q06NA{6Z6MOfT3Nb_l^0xDnS;)-@!60Re z;5B193Pu0f6(=_kYT)MjZH;=wraY zlySlZNu-b@HK>34)s;%=FT(phx7>o&Ajl$^A+-#nK;X+yh{BBqlw(J3;9%xhFS3F; z?od+p;tR>xm>1b|A&4vCtSY-bucGx0}=V!1l!S=;&LL z%s<_};0}1nb3Yxv&uqL8k5DF>Sn>_(pA2w5zlXjTZp_(X9Knjc5HqwbJT&xrAv|dQ z^HV)fcnPMVWst`VzpT5CPHp`=zP@`qi@k6a)mmw3X>41QI~#;FKpdZW%lO4VzI{PE zp5x6)`uO&wmteG9wD`FVsu=A*X?^pbpXyiq*j~IcGHj7;iE9t1NRRwLxyhFwZMvA{ zVp4e!WeuWR5)fB*{o?~iOvK_1LF|~zYJgQSUiD)_`#;u49v{ittE$av=p{4FyI-HF z*748hBBjRVu67Pvo&gl^^v-cl%9ktQzvy7|%znuqo5a9iQJZzmehay-?8 z#OMm81Drk)(#T2CfE5%%(J--LC*9Kmt%zYHRt1U4KSW^m3vq-I53gKXG+)kP`56qS z^0Y7pz{3hKNIV?m+j>kbnqW}Fz96P)=q-0a1SF6DWJn{~dxCp+4Y*eQ2(1K(?|Cb- zhv*y9n7eGrAz11wg!<#X62V&Vw8%!rM;lFiE^1oZFDr(sg8;$ih^IvzP7l(Gg2YUF zS#gIrA~C23*LQSi60nrAvwM0iTry@7S-w` zZ^Z;xlG<_0i3~#Afm_Zd5J$W$Zw08D#!hueBl=ngY2j;7L(T`5g{MVVba)8NEyray zr32cN$%|L~$N@VWkc{arSHl=Z4ps;f54DaPiCPX%ogSg!94Lm$A(xHb{8-+gh8ErU z9y-g_kO*$ZRRoDiX++uE7w>nkIv^N}o;-7H5$ivCbQ{#5DkHise94cfVaQQhupD!z zDwqKVhBSh^co+%w=un3x?=H~bS{PIm>Wb07wE4xoLo(TnF=MAf8sW=yknLiFn&0=e zk7$&125XD{-dYJmv4ij4MA5^ErwcxK4XRT6(7J*~%cxApgl0Z?u&BtXp)$|2RmJk@ z1X~GEAB9>Z{)MTo6c)tUsgu%3`eIZ7OfD^)=22Joy#;*HiMzZCxvMS_ky+uTZOok#VW67-%BX#ECV1n;0qU!Pui2+P+D?vrC$s$r))W3g!&(>tLMk!{~76H3lT+}4# z>~Jd0Afk_!5LO6Qv*&GWIZxXK(ZGUO*g+etMq~9zF^l? zWYyIX1ZvV9GQ>;Z^pqwSy1l*E2oKgVwi58U6>I(Osoz`gQgb}cW=zv)ojb15iEJDmhV6 zXUGJ-rr($6(V4k#N(u#vwi4`>>Ge&qzywnxYlvFUt5ec3eK#x+*N-nEgYQ^y`0kbx zfd0al(i!7!e6KuUw0EHAVz%52pObMVR;nU?RamUh$}Mu_Lf7^9Ghd7c<-r%xkHR$_Ag_c z0QYRqR!59_w56PFOf7d|sw*lq|2P|TGW#~6{IUY8x+d1RGQ0H11q#-OOsg!Vr3|V>bAJf)dsIYO$hZW)2Dwl z&hDlD;ZbV#zQx1#!Nh;ec8#f{A{}ojbf6t-uK> zO-702@J^h7G0=a1gC5mL>zj3G+@qRpc%E$IWj%TQ}J)xsDyESX+oL!ps{^ zn{gk>I!~}EO~!E?>0MEWz9_yvjLv16GO@hgSh}bBx({%$U6O-Lf9AGgRZu11WINWt zO4yS~EiFM3RS3;2Z-{kis`b>=zYH+bRzmeaee0r&*mT2V;fy!RR)V8qE}#?a1~?Jv zFNXg0lP^GTNQy~W3K9dELkI(lm-pdSJGkj9s+vZhO3W~uVrgw{oh0!#eRtZsC;qBU zUBg>qW@=Y=6$M5f7W!JSJ`|gJL9Y?ogqPVVox)#=W0$xs`8(ygnsD#(^%Wzfw6(QA zRa;jYn|FS5<62EhSK~xy!OWHIA50xvc3;)l)h|43#M@U=Z*ja-1#5DJ=kDFxW4uXi z(T81~aBUrR_^m1}G!jlukDM}K!h+7GJ)1J^O0V7-Qd{bYSIb}2D;|{RI>yd-QcnO~ z<-^zhB&9D?t0MKAB909WTZ$7A{+ej}?Q^|VUr#UVL}&BEPot^%arhb04SO`C3r^1^ zZS`L62bsk1%yf*EWLoaNDZJ+MKW;W6!<;=)j5tz;iBAVPy_mx;g2QzN_5zpgKR*SF zksw#j#s(26+dO|rGqk9x{^1`RbPE|lmHMEJmSWfC2C|!l@{(hC$QXG{ zK2`PAJMv0OkxwJK9LdEjv@!~JR$6}d!%sv3@}6iXl;DIFuvLq2G?{SBwVe+b^XbsO zyB={~__;ZKA+QWGIgoIeATMK|kWEy1`3=wsdQc0_>5J^-S8dA?*F$PT+0hz_$)`7v z(myaH_X~+BVIjs7QYOTST+ZO`RJok-e+S!u^ezL}^Qzg zsGv`Hk14)nZ1@L*X&yk)o~P3GUPE7n4;)&}zwFER>DNJM~_ z#nU^>KV7}lk%dSsgr5Q{2zp1-;p6&xjOGD}_sTxzPW%~h9EYy(bJbAw!=pJ*A^_H# z4*ZhNy?M#<;nPpTQeY=fBB150T@EZPly{eiI9Xp%(Qvv7IbzWkc|UJ&tR9SI`s}i0 zbuWznAfP~f>0OMy#qcI=nt`CKm{ton!2V!D9>O0;j;E*}DW)`f4+lXTd|19z2bh)i*Q2(ZIk!_+og{Y(`%(PSKE;A2QuqmH;{^l3;CG za%_@=${by`{K$>QhY3p#0N>Ot1%EuSd`t2p1}J&rz8Fn;0O1M8oN)*TySyl+=4Bj~ zJC6 zuEfj+FE2hj+*v}yR9R!M80Jmg{AdKHAi;Uz)k?`7?CF8P2qflXqi=y@{!Ptba&f|T~}d2S(EMj%2gqu!t%e795z zw1Io8&ANo9w(x~`-$>w@3K+7!0Ye#wz!%}!I|p1uDLTg`@5uF;1?A!7ZSTs3PP{7? z>p%hDg#-U%R^R!N!l+)-AW+aw!YJ6zEwK<7JhesFEfs$)OUO^ps0m;EfS`ca^Iu!z zVxg^#IXg505-d{?_irrA|DG#vXYtYhgprRxt#TsFhHNmz==OsU1Cn*5-9Yv}REf0F z5X@b$7-w`;rF4uxZ|UZJXwYPNggu|e)d=?>OHbpDVxvCDjgO21YXF9htJT1#<3>3M zT{>xIyc6@H^7nFP3EI11u8Wf`xLJTC5=&-}gMLfoWm{}5#+m}S-W6)YYj}`HU!TeJ zlKgGQ!k#}+faO;0EKk0@8R*`z4U1&NdHr(8R8Kj&;<*g&veOuT2I03;q@~$Jbu@1l zur<;YzyUDc5^K#52RV&44YU-BNPKtyHD*U2iU45sFs>%1uoS4sgXSUzyu@wqsjg!u zdIr?4PS463=)S}4#ZRACfp1}sIKmb&#Uiqx9jK{ilNv;~iw*aVDX3jBLf26kuYt!+ zMV~Ou2_5`RJ2G*{2;{TXilEZhKMMX4>^|}4(GNqe#(60p_Y&p+l!lf8pOT10)QjSHR|~8rKlb4=lkoj*=|zO4shs?ZTwsV=91q=2F(!`? z#E*puGWJ$vC6Yu3iLIuoY)A1^l9S2Y;{#F4GlM-Fhh&WD-s!dit5~3xU_2ps8xLO> z(Le@NC7Kj?-bpbQEL3>S(^Ed`&Wk+i7pSarC#7&Zww+)ffR=Rpyb2-Fxmo*VL_&cT z$re_>TmvCO7&n`NrA3i6dsNXGpo|Jagyc@IB(>g=@w47{ZTs_kk3K55`s#O+zrM#~ zLPVG2YsWo3E-(LMe{J!Gf%6TkR*J;p%PTI<-MjGd;YFfHy9<4mUg@=4-q66{*Ok&^ z$BtN3VDheY&#vJw&Wu(ZIs4Dn+Q?C@>G<=3b&<$3h^g|WkUJa({5E&qym{ALps3hGwb>N^3h+$!gO?h1w_>eM z(_s&1v@sU;*IJKUf(c^@XeaV6oP2@#e{;8DoZXY zk4hj&qPa8=Xlf9^P@Puv`AbQ*Ll?ovd5N%vM+B9-TYcKhQZv5AF!J%kz#R;>#NAnF z?nROk9Wr>!R$C&6U_i^l=^Fxw@tg>akTj_7N_mPP1J$xbhIN1&nuM|7rlRTnKB5tm ziX+5ua}sU=hd^H3+OdCgs)sb?lUgDqeDiQ@ZNM*bJgJArW>Brl%gg&E3!TK{En`bQpoJ+4f#rKj_O249yHsS97c_8oVNO`MCOrX?ynq zY#jz9_W=3|zH!-XUk11%gy}5@BQVwS!JQ7t`zu$juyY7&2g%reK}DaZLNjk0y*Q;9 zdw|M)Huge52)Wi|2y(?NB<$U|Ti~gYEX@XHv{j+X$RZgJe$be4u0_hT8DJfrUs@o&%K=Gjax`v z*ts`Jcz}E^Y1rX%T>lRrJ|v`zVrzonD-qcFF)-L$G#_L~%;HQ( zGEb*WnZhQgV4nnr%F4||y2*+q?^4Fi8ZFiROg*48TUYLC3_3FZgLedXHfe0=JX_qZ zYD2I-2z_G)PK~}7!M1*Vo&_7-I}EE$1Q2!SdH-%VKP~c`(pHEW^7N0zNHn$ZIN_Eq@L>NOFjzajQ7Ll%_=skN?a_f^y>* zQr?_F=?sFXN~dW%&Y`986`u*~ziXiYs^xZh4Z)EXgeO6WL4*y+YsgVf1S??fUm_Rw>XuSFVqRG(wLm&V5=iV*gg?t{#$d-Ck*Q>O+Clj2}D zbr{=BVO;|L8GNgxT^$dj+wk9x1OyDDwOkoJGTB%2uRe3)!~o2=wxdHMDbLL2`)()g zg)KQxv$5eI5sz+v`&T4%iuGU;&{4_zFZWUMq02A#CB+lX6eS^6dHY;ie5x;+8A=T| z8eLP6U@l?uLbJ8`FtchbxdeN=$Jp7pUuw*@3?SwUZVi6dp^2?T{jpXOXbSbzbuts_ z({ZSveJ11&mSx}<>um2txa_B@>yoy=KOG0hm{cI|BG7i3Q z;doppjrQJGWG@MkV7f0WA)m$&EU|+~muEUu`dn23ks8F^v9?~LRv^xCVlYRe_G?)m z0PKR6T}ot@`ZV3Yd)I@!J=#4UFQ5dEEW8{MJWV=vKL)&zn^IZ#4kTa<5Eimk`;;H z-i?Yq{4e&E3czN$-LDX$p!1LNd6=Q^+dm;2EL9Gb-)jM=L&w=_*cO)(nPa-Wmy8)T zY7}`gJg#nw@d5i2YvJXl+k9jf(m)l~1vzpvkfNQ@;R3!o2Ax{OC$AOs~udLpQkp!2@^kK*{KtLW&oyIrbrt;!PurU5Od+d ziwx2a2bn_fzgyfCiN^Ojtk7-^T>l%zbq^w-b0d}a_=EL0?{$X!F9XfoaOw+pUgur^{Ino&+9bFn*}zV@Rw2wDE-b<2bbD6D-7*Q15*g+1@v5|2|zF*nA#cx^Am zpOdctr4NYV%rEz%1i#QJ#hUV^WH@2E_r*u9a5y!&wY$q>`Sf%$jymd#E+^{!0)inM- zPiSdrWZ3(87F)rDzpuhWI_5|PTPpP*!Y1WuZIpZ4w3Sc2oFo?iKW6b7hRxQ)Y%>l2ne{^NZObGSy!B*J}o6K^dBAT z=n4%|x5y}u?>dw6K^yr~jLqkDzxSsJpgWg;VGs9TiqAdzdm<2NR;~1T(0^`Y4953C zmY4*hzdOD9q@UkVoTPdoP*y7V-(Nk1DAo=HxxE%R>or5ay@~m;8qY_RCWFv(f2$Fq ztBl3I@lxxa?ld|6^NPL}_jd1bL1b0y#u94S+xPKEqwhF(4J2=RC@?ZmodZM32ggJgzTUuhC~?&ntD0 z0Zies;GexVX9rb_MdPV2V#McGpwqyksLrNnc^-!>#K@FOhvC8T58I4S*!xzv=xX;H zEVUlgK&^1(RyvA|T$K8C-(n4mNoHE?1JNAu=O^Wm8sqkk4)260Wa1Myg=dJSzdnl% z`nk?CY-79Xs^B-?8(n|8cY9A-m!aP3u`nH?PxQ}E+7B$t6>i*P(3wz1ic7>e^h!yu zBu(i<-O#s(3e?qSDl03?J1$Wyc1i-_2DxN^mJ7Ev2rp@2`C5-tKk+UX+5UI&$t<8m z$nAW$rQqmnCSXDLa~8_n{3Lk7S}c`0MuAqn0=+rUDMy0Ps{uhVnUp9zTh10mB}y#! zZx4^a33l#8b;bIC{VhpN#qcmZTV#WE__DI6Cp zRC;viM8e1&v$QS+6o0!}R`+08?!2JRDNeyJYx{^$=*c2l<$CR_oD9X@$0J3GLCyIF z;9PZwn#ZxLYg2D2cWe+65QXho*KQBO3Nj+;z1*Fr`bd?CELYtg{Q^;+aQH&E5ihG} zUy2*kZZ7A0gXli!43xuC=9A|U+*s^i4$b`;lcvKcj!Cj^6>8aDjiN&SFCyZ z);6@QL^wKj?*B4)dWJmx7$>8UjeGIe&<*vaX?vgI?W9SjWiL#r!ROW-xy3Vm&OO|J zHgV6E{^rMQ)+qRu8b7E-0j=XKbRP+ZWn(+6T zg?PB)^|S={-)6{f0P~XGKU$(YliR14-VE%#7qR4}x+z{EXl0PJjIUlUF@^Q%P$*

    IE!&qgx`rbJT+1h{ z$SRc`%FB0B7*VO-qjMOz*%#s)XH!4L4lH39Q61VI91z0Uwv;Q$iXXWX;$j5NuL6pKIvM*&mXDgXf)AkmzMaWuVmr?6J(0I(~Es_*3a#tkdFb{ z!hvPK^81bciOy$l&FvM5yLR{CLs}sX3`N$^sWGAA4VKOAssvP!S zHBPD98cfSWGQsM$kpkm3jbT@-YM*6`jrQops*}R;tjFYHxgU>qLidy_dW_M7tSo}# zzfkDO?@vXsLP@K>?os%~EC~cTE}O!&nSJgBt=92-nYeF)uhf;t8R@e z87h3o=bOKbl$Jfp{vQS1CTbJzAJ#K!)*bT>u zUWi;)g#*B<9Lo9Kq19oo5{TIXCqKyoljnds0weS^~sC--~brgtqx9kd^3)t}qf z+)1Ix84okKVSgxop_>Q^+dNPVPBrbIYcgrW6g!}`G#~{-5U5CW$u|^P9RCn+Iy~f4 zVlO-E3zI~8JP-xQbB8M!83K|Q>>SJkiJhHm1aorq;?WZiQErSY7=jaHKP`=hZ7V-Y zZxQskLm#@F2u32;O@x~1`1U}f1jjUh!Vk(8$j-YLkdNAR*7M8JlJ;6BP8G3*up^ay z8&uEhFv2D>wW_hV)O>CFFi1;JMqaGdfF;)d#**vzZqmtw9sL)w$Z8L;*O2XamDFzR$ zF=+|ny>5$av1UKxAxxH-13)Lf0cB2oeoBYv(bP8xLE32B%S2F~@?b}{hX+n$+DQ$d zJ8da^UJj9(jr%N%sG)Y&Rk*Fs7YKHGTvxJ>>EFR_p?3s!?j&I3%SwmcyZsjv4NQy? zJ*;SXVBFD{f5g&Pq%e!J&?5KF_B1^OJ(XLrQ;+G+nY5_D9+!0u=*D+5d+akd7%2u0 zfP0SAdph($(#S)-=n+f@AR2ru>n;@wXqhbtEfKsKlsWNaxa$Xlb1faq+yvC+&;0v{ zx*YA@&3k<|z{0-S4!>BThXVq)Xo^uQZo#y3C!kEmQ(qjS2o*J=iUCm2DaCj`&+4fR z$o1B(Qtxvw%M}=|&$blTOGUL+=o629AJEkha=EEEna_3PEK)jdo`Rd5hQ?FhO2i_p87x|R;^^)sb$;1`yD&OrXCPQoTAst?7q>PzF!QVWhqg2h3#u9_4 z_wKLAq-^_0v`@*i4z}D_{9gYCQdatPLbyEH>89ah^LE0`Sde(2JYIolD^?f1ExY&pZ{kRo#FJuv3HoG zZfF9nX3@Dwl=WqxO^scy)>LFaUiKz8g9VeYdl1(F{E5>AZ9nNZXgeA$jmbUqnIG_WGo%b`7*SfSRAOK z{(BARf&0nDa0Y};v3+#n zZ4!i9VxN?RM(PEs`PJiu9>luXK+eNQ4aCZo1R8P^h~rg}A zLmYS%t&!9y_J$9!Bqm2SQM6#d$jYL&nA|GIgV0`ZR!U5^+?l~K-$|Ik5;kXXXtsi0 zE)e((53K{;g|e$^P7XMEZ4p$?K_n!Togz($)5|Zod6Q5d$>u_{_e8`ejXyBs3x4U; z;m%o1BmC@tLyJnt(bae#r zzVj&=STQEA-z$RLC+OuQf1fS z6M}vMcnW+|@-!deltWhvsfEY7Rczek=|Q?{L2V%Gu-Pn!mtR1Dye=tQ0e^ZSJ=`+Q zT8$EkP-_qJlyJ4AHX^y$oZgw5=q>y>Q#O2SPMc`;oW zK^RGuO|%8^?SEbD?&=~cQ8I5t{;WOmr8jq;)h4RXU{JQGa#QgcXy)0_Xc;vMf@~m8 z=Tn4t{&O5_EU?U$J{rj#Y2EEatFaHDm(Ax0wF#`28x<$x*RNkm`f&#kD_w=;7BOfy$^WhfQx~xD$;0kFhb)O?I*n8YeM!PP<^hsYlt?vix~3p z1+iu0q--78hG%ncS&-E10xujyiMuqiWgd%gJd+|Kb;EO6z2qB#C;`a5K(z0+8FGD& z$3r^R|Cx;>YfsE{2?t@30z|eL6|>q!eI!>j|75gDZG)Dtnz)USM39g;h4auT833{( z#vB{%e`nTLHG8kK{Z4Br-_FQkDG+x!e*TS8e4@xiNDCv_WWEQjokUGSxH6(i;}0iF z^AV_D04Ws^8; zV2HMaU#Ua_hWrFaySyHwN!E)#g`P>afpoQxO3I8!$Hb66eeLMiENjWaBW2Q_Sa$Ux682yX(6s4wu8If!F6IlxM9 zI6{j+C<+q0i8z`NN2G-QQvxwZMlme;>V(6p4D-b8exhjEzJ8vZB)LCxbd^?|LJFzKYuBnTyzNooTTagnY&a-brsj^2ER zPgZ%;CB(|mQC5P{R`=K-i_eA)FZ7aw+5z_2w^XyA+a#fF4ZVb&sF2fbIIxXrEn0~@W5`AViJp2$) z4`dVop80|WJ%#xo+u(^~3B_UB=h@4ztfauq!*u3Ma*yO$oDc+9(w$%lUpO*=t2CiJ5#^;)YT-5@Cg@pvX$7r$urzYoMHMhC5h@uigYuXwfD zqm`<7EayE1_+QwKAHTJeY!8vYc=eyc{`&`~Zdth}j0UP#20vpb*5_n+fh5j%(o7DJ zPzDj8Hd$AUL}^l>9y+bHon)P)7!82D8>f{wG+cQ4C&&XQ+WU>JdG;ijLJn;JCt8xI z6`>A|Alf7%^8?UI?5epk1;)BxW(h0C%NN8Dv>3fCoaHHSQdL^b--?2ZF|fWXLBG@8SsAs*H0X7RWkCmx*U{ zJI2Pw$n_DDkKC+laLPooN~AdU;Zjb{594J#Mmsxwd>5&%!Gbj}RAWZ%sdzl6>O#za z;C(+e1Pdi?78SiRx`eVa5XIOW+izuw$PGfAxJb}`eL%#bA}w>KzaQ-1p^ZY}-tdnM z<)1Ib9{q=J`R6Oomi{->8@m7Ix%2<~3+?IrPsE1s+%*Ad;NAQo5cdw4z~zPK!y5g& zTjtD;O@H^)-~zq*;g9Eu9HN={O_Gvw{iFr$!W&6@?B74$DjQ=H+q=F+pnCUR^0%AK z?~yydzvJ6J71)2BA)dB6NT4iGaMJzmVpXI36Y%hzCm$j6U~eG&0&VglMxWi@Nqd*K z7f5sL-#@NzJ|#4rxsM><#MO!xr$8Umcf`@Y;nazLgb6U**{7){atm1$O_PXb<~_f= zW3R9JPo4pEs2dB4{o>6HB3j#~5V~nICvYSOM zJwZDFmxSE-`vxwdS%?09+h?^8Lg?U?)Agn=KH>MUS?!F04dJvq{H;vs|J*+p{^pz9 z!})Y{bTrdLhkosL(p8}Q_nU9#UqAU9!laznN4)Y@j#vm)F-M;}5!7*wCj&1eA{`ZT zBy2Qumbgh6D0m_K$J7!Mn%GCmjzlUH6 z?`NlkX*2}mm&+qGKMvWb+GcP(MEoO{NAqh2nitiEx({=HOafJ?crP;Khig3D^Wv3% zv;d?#gGeF#>=ud5E(q6f6)FMuQAfzfO+vEch0haJJDZ;3$O{v($0}5EIQzLOl5-l- z3;zU>NC~P~)xNy0$MU2~@83_KA!p zra?@7^H5kAV5Sz=_)}0oME@CGn*-*A5KD4-F`<@np^z-%8KUseLpO+@9RxN^1j$qF zbA;6?K|s025r>3G;_PQ9KX&u+s0O0OhE)e(v5EYbO3H1Tu9%oKhJt>&-|awK(E3~c z*(_@N@Tw0;HHftY@s8S(Z)%gKxS?_Hh2n;q!M&;6HC1WN1c(qtM~TTc2Uj4^NKv$I zCo7EhB`ToxbMchx@w0l?b?RIzUD}a^_)W4PUn*Vl4gDyQx#p7Lh+F$<;`JdPC}gF4ph&Db-nO7ASX)E z2`=!}0h0Iou7*oGl2^(w=cX=MXX47FbKJN$2cUj1G2?^uZ6 zR)V8_w=1V1|9ktTNk>w?5=0|>e!vju1n2z$o&Ve8#$Qj~K7MG)o5Pb87#l$B`9agg`gk?P*PUcmQbFFTMsmjJY3;28TjZC0}(=@q_|~1d=n1QqaL9Y zo!3{+-RSdk+ULEBLOJvCza}#N>j!V+nDJh;TuS@Y_{GKbqSEjrsn#LLWE<+Feci$6 zUnj#E<06I4mDuZK*dls7_e{}xZqKavXXD_%L|#)G7S@^)CYV6Zz$-#hqd=e@45gjt z-#-2a{6`nJ+=Jj5$oRY8z@cpU@6x68znp8_#(m}x)Q}m5KK;o#io;vUhkCZ-U&rp5 zk5Av4E5F0CjV~m@j!4N!9(ljlk9GkkY4dMre}rMl#hb%7^=DT)K@cIXMVrv zx1F?sAHTm*q;zog!Vue3D-o{JrebG8EP$X{`CNQE`IfiJ#DeedAK&(=LtBixOlE~M zpd;cBj2K9HM{}!lIsTsxB9cg`>kLn7x6f$cjSu3rt=*JpZhJ2OI_?=##imG%hS9Uj zZ|A)KTi&wIxXHY5=o^(x3|D8d) zM4X1~Yf^D8NjU;b{CC1N`>!-qL~aLs@k#KOM)3kkSpRi48msEU{;yTB<2%r<4%E5c zCdpYR{=S>?#3%8e`?G2i4{*%_ZKXN5s~u_io0`SHfBW|LCYZAP*BjIRqs#xm{P%xe zM*hE_=AVQr#^dj_U(!X#b;m0)~2{` z_dWag{Db0v*hAaBbPYCY|0Qv#ap{%^bg}!~J%1*C;?RMH% zj&A>NoAvO2c(lJC1jXpTEzRmvHVRuQf|tL(sy>?|gjr38A9$E#Z{Nv+?(Ocu*M@=8 zt=V;|YaX@%J@2b4a|;c1i&hXY&fbAS++IcowswIhE?g+gwvJL(QK?~E(tCb-w3X>{MOtuaCG z`u@+!m2X!tF)HT@k$loGqxsBuF)I3 zy3o%rC*RtXI(9ZA@$ipIUUwOfJ5IMRMMW{|ZNAoTbH2yVpAqoI3An5E7H^_Zgapj> zjLO6HH_8XvtzD<)X=rg&tFOW5>Q{aNn|28SbRG2?yF7Rz5VPk;6<=$|o}HAqH&T?+ z>SxEK6Ew&ttBvb5e)hx9Pr5v$$By|K_Zzk)v697?jvFt1JFr@u&3e$HAN%y)*+ZB1~{L z*0^-J?gq!(0Eg+zvgM)ak!byq)Z<7a=7IP1!5x~%b;X><9{TCUg8WiH0#Ll~Rd z4!pEybcwHyRW4kZH9Yy@9{xwI_>%L+d2@5sm>@19Cuf|!k#gSfVGt9%?KQf(gKX(2 zE@3sldN~f61l+fv93B5y;e~0G0|1BcAytA7$BF!?5ZJ$*63eO(d`Y??S?f`lZjJxZ z@#}f(C`U~La9`6+0_t48_O7O=Ch%&hY-e-U3ANOAUBQH53(_C%1+h*op)jhbZB8{- zhmw;e)y}%FtT$Qr^$S}o;ZO=?KnLn^_ph&gKNM(bF^u=0?4m7_E0@l>Eu+M`fbNcX zcK*ZIoA>X#21P{~F!GiK@;ztMqhBTG(?qr$IPG-rsek&e-0+YPrghsdN#8r!OF6nc zQERMX{#~~9r)Ddw-RmU|H$ORQEYScn<=Pd+mp;_vvzjF7u^hT`T6wd1z@llJ`0l2( zPo9a1!EtLSvAPdDcIVH;qq#>hH?gv`>EO?o$6U8_qk4}2IyW74$l_whhc^QQZuLn5 zd2UN6+zMFvTlM|+tXpc-BCr`GRm1*To6Vg$*eZDwPjwx9OMRjX}Yq&lUP3% z?=QWzA9%#XA|^*UuArTtd$`z3K6FRy! z9TqIo7<=J^o5aKhq|xz;zIz$$hk|aU9L&KS4XYL9Ww3)TFj0?g0S^lfRtEAhdm9ms4=ZxwT3!iztyGJ={{jsv` zdTVMNUp|37p4ss1_dJ_B6%x1~A8xSOe%nflTHXmSp|v*_&KdRI+i>uVRRA9!xVeJq z&@h%S8A;E%C`ao|@YuHt&it^Fl`YJ*9iorb#rr0!a*EC&;YvRie+Xk>wg#pO*P0E@ z#9C`4VId5gR0Lnf7z#m6ddf>HkeDxwYRp%#Bx}9CP|t-iA4xx|ly*orWSB;OnxeQE zziu`QdK5Na(X)Kb+Tr`bX>jqRTZ?ce=_s@v5tb?i9rEf zb398EL8Di@Hch1e^_N>+g2~IBvAfJ>W37dp;|j_SFkK#4O*tbdRIqUH=LU*P)3uuZ z*7EYgK&U9yd7;YYqlPrJ-M!1eqp_`vUhs0w>c9HxJgzprT;Z{VVsqr{SNBaeDQA_p zn>5s)KX&GmkRz*piXOztPfPH=IfCY9r-fEgRQnTkf~Ni~(37ASp}6#=Pmh=UXyC-d z4N26QuAo|3ihC@h#OvqTxra;mxCW=1wcgX$A4_JX#I6o$XM3{Kt?4~^cw!M1DfX?M zsRA1*(e+vd3nA@>SInN&(Nmrssf+WSvaRVyERIzWDyVODxXyy7+Bmnpa7-kYDa4r? zv~v}CHTv~@-0{!VRM?p}|t1Iz65-l8Okl z-}BQILr#J}s_*XK~%?a>C9>>2XC%0^gCh{;!$M|98jm z|G2#1e?QPaNfYh&|A)-!fA7%$-l2c)!2jFq`+wKaKX>qd=q}rn6a8OiAgF+_Rdg7y zgZJ3CgtK|sJL%RmpkZ6|QAqPaaJ*aWhraGQm)VvSUG@h^#vnjH>Q{c08$nw?cd$DH zZ8b+Q997MzC-~q69ke5d-^ut9aIpTm_R_av@z7=!xh$E7>~QOgXXn-Ldh_l(%gE+%kY94@{3V(SMPj@h z3WGK5d?~h!>a$+T5p9XD3S#iveu251*ZU3}@P=L9K1}{0FQutp;f49empUiF9+hA+ zXc&YzR*+EF3!dc~cmjj8C$Aj8zKVjnG6Y@Poa$CGXVURjYC9|nzX@H>eQn2XU(cw|`0FPb-ssjBQj(6+9EiD%P z>Qyamk-T+%(KvBMe0`vPrKd@9?vXu(vMT+JVCmXABwbh34GpUwdlwH~kx562 zbDkg;hH{+aR$Kr&8Fzr9kVRZ*ksGvEh2TLJPEOCNXDjgk!yWkZt7nsvz^rVo5+A#z zV}ZqT>C=ng11oJ-r4;B*>_N*j3?h_4-+3CxuZS-ObJOwVB-KaKv9i@@ug2{rS`>O_ zv;D}8^Y43#y+R5fFqUm&lDWnnlP7aU_hK?8? z*o+rP%7zEn&f(W$5C@yVayt*CYnISC^L9gJ%8bFv;o6@Z*Yh=4_j+@KvFWR89xd=C z7r}jw4fX;`GnrZeT&j{j3CS~B@CW+vDqRCSq!9d`kA!Dehe}@+xZd~{3ZUp`82Nsm zZO@=4M)5$OtO|K_)d|F<%Yi69B7-C*uCh7KN@^xMqA|(Ar$)Luggz)xe1;nXWsWf3P?r^cSZ$1ZEe&*fKDk`u!Jq+)_|OL z{l%G^Bj|Zben0-J*UAijD1y(EOd39PWHb+@T-VoreeG*C#vp{lKH;^hSryvo+VYg# zsgBh9sgrH9*U}5_uIYiGYnj1Y7boR2FS(8E@%X)-fA(gXY#o{r)?{4r4dOnHxcR6M z^fK|x{K|UOGP`wi;)5vpG1!mtL4GYui~m62RLLxlPz)^L^O~hDHVEDQe!*}Us}tS8 zJe!&@w$o_`l;M+i-p&tyckO(?##ueton>e1e(eChxiw;M%7YJ}>NWiN`L?V;vh`4l zAi7?I(x}gl%_k%z?x_f&ZiH;rt~v$BWBpkLTByo{#Bn#m=0J{l4@@mzcT6<1xk)Wf zn?q>s8tI5ZL5w)Ed<1X z>f)($S@e|iCS+AWZ6J5Gzh(N{&$js|k&gG*+NNqG{XuMhK&>Zp3(VR7d@k|AyuAnf zy4ikB;x}};Ot*7xjL#jxj0>%jzx*(?F7W}z;>DlMxYjGwz?yo&y0ao&6wEp&L@0j^ z_T5xnv$fI(1FY1}Ij0{pGy8D0*~W*wA#w8GLN7UWV-EHn9<4Ub65R`6!M)Ky_B=S@ z4hwmDzD?fZuQaPWG?p(CTb#U~u5oC4!{ zG-{^Hm)`eEB<-IwT6ZHa+YE`KLSqKJ*R~1mpWekv*3g-(^-^=Okd>II%yxa+WYAkZ zw>=i@ZQ~c%bQCS$Iw#(pfk|EJ6?Fg!UZM3Kh5+>P#!|y?X`C|czGu91oz*;kS)B@1 zocoexGaTtevYOt|2CuE*v5(~~3l|n3ZLrjFo*(2o{&v$|&*q^sS5x#j_ok~~p-d%Z z-rMUSIX4_ZG90=70-;Y8rrRKuFvKW5iSCIK)*LB~lmoFp;&xori2aW1`o1j; z3?(~i#Ecf<;8Ntr6|O07N_ok(J`}GuJ5EXnC)>d}$@0yO@+UXp zAd(Uvl^_4>XN0p7M0p(^&YSY=91~Qkth*lN5iQc?Qd1wPg>N=@|ID%OXFvwHsR=?! z-?M2~-w91lr^5k+Q&(SOB3!`~N|-P>dNyAS)IGP?l$^ns9czh&)*F|Wb{Opiezk28 zCHMR*(4OFLsnUAP)wo1@GiBf`@R``dNL30yKKkI>nTm?AmWJN8D{3RHzi;AaKfU9Q8=#BLuS~Kj6k{KT-S>(?F>h*u{gdDDH;6OyUL3!#h|{X; z&OAvAAWu&TIFf*Vv@-Yx#=$H(5Yd~Tcq!w(p)%FGG4MtoYR&BGDlMECXhQZDwaRxR zQM)z!y;sk*FE7-|w_GxuH7A1b^M--OKNj8G&}%(7WRIl&kV$~!@Io!Rc*HHm;r za$kKCGumssb8~fHIL@voXK%A(auOFZQ?dw28rWUhjR}6+@&A4BT^9@H*PlM;4-z`| z33SLD>6fo)RG!-mB>17xT)^oz%$my+jWP6zTrB!WjlhVFQ_s5n)<~O#-&s zQ(NQY+GQeZB+8KSUc^&Py{6@a(MvL}E3&>sR}7`%LWxgIS!;tQld8eYuTRkY(!9S< zcm;#LO2Q<#_3{3Y3g-oguP%ZaB`pb@b3o2gjJ}A#ecaqljTvb4g|z%S)T2_d)iYZT zgu+|kG>YL4o@UTCO?eogQt`1N;$&6iO4B_1@W-1e z3*THHk;K|KX9RP((yktZFwIDIFeR5i{yqHz(jRgBem?q|)_S2nYwgIlwaqDn&TUIf z=xAP}b%PM&k*Xi063She;ek8gPn1;qtqPD5SPZ|r|GSjxSoQiFIUxrU;m+s#DlhT; zaQ%KA5h;{a+n}LUMEjvAa_&sK(_=q)J3j8VC)3lJ0Q}p@bf}@Pm1V2m)cl={H3z0_ z(TZQhECo+-u9?Y2C0O}3%la}p5#PBZHzh^vCM88NHMq-|Z6Ew0>5E|^7gXC8DO-ci zn3ZIpdR)C7cBOV?c4p(#$$6aX=mlIdGSU3uVpAG#JLwEMf<%Y`CAUqQdHaQsDy;yh z!%JM2EV@Ibg(SYiZx)U~C0GWmG2si&t9hiCP`U+f{CpdkfpAlTzMH_$^*NJVvP-@p zDs;l@94(bfiPhT^-b2FK;YxpEZ#uPL@fgMjgeClHVG$c*Zp~q1#+MZToJAvPM}$vt z;ja5TQWfS|9frS?Vi`H{ba4hLj{1mrrbH*a`YW9BY(s`6$fahcV8<6WWNBTj}%))*cjU+W|AT&415N|hO=aSqcQyTWD)Z9u+Ngf6u4JY_^?PwV2(JE$AIjtjZD6} z=>{FFCp>>@GEAzQF$xuRLMHN;U8ohPCHM%XEyA2JPUI3`Lr5)gnq_%Y(c|d`4|X5e z>OS@Hk=*V(yjb!Bz|SU>CW7cLoq~6yzzfpbf28Wp>Q1x>&g@AOG;d>{8E1Z_V2z$! zrA}CD?SDQPY_hN!`$px*p%7;&!z)*c6H=UBj*Q`0>4e6WNcjp8u}cSHfWmyqn@xp} zVvnE6g64^a1TbwpcPdL+t?wG!EU*C!|BK|2evR z(4xdq3@&n1WgVT|)Fhk~_tx4TBEeVPD9k@8GI9?(6@z{@P*cyQ8(+@y{#2z;+Cnd_ z-8LLP^^V?Ydr#VB&|1qYfQ>#QL;lD zM^Lm0#_{4|9VQqzRKdAR8 z6PVA;#JtJc?S6LSo(dQsScE=AFCQsZX1?5EDui1h5e6lWnf-I!>KaqReCB~{PBoK{;c-79Lt>Ny_Qk#bqe+;<%`PpLeZlAfl@=uDYb%)L$Er5V9p>wLU zAWxy^bf$d(3Kw*o&pj`HJJf&+fHCJya&;E(mP`2%eC)z35TPA6TgOWXu$nY6Mli#b zY@VmTR(byf3?+Z=1{WGrFEGxegx%_hLr}t)P9|i^K4{KUmy?~k`UrslpNLJCSq{Q6BzT+9wKM3G-e)&{gbNlZ zJQy#XOBV(=2(FRIg7&BURu4;ogbC-@Ko%a;@z)wBRt$U1ooevzBaaMUEFJXK9AJxaYlMB|rRqV&UQZzRCYT59!y8Ck^GytO= zpO5>THg*R3xarS#y=K#+mmzHoly1*==Dj&}Qx%YgkMm-V`P_H)}u zDbAWQmW9?9a?>D#l;L7~fh-Ca%KbDdpvd zC%B*GPacV9ok7jad|ey~C4o(faT8RAZvP75MtTgmhSzDjY|H@f%P8q&1^YwNw^p5W z&skX5X>N8TL4SVV-qYJMTLmd^E6=yQnPiu8wotLxO6ZBATj4zVX^J=babPke3M~2J z11}@uyXQ!##YDo8T1nKBo9zSj9LXF4?f<&>Gq`4Gx0xDF%Ck+dNbAW+5pL9H=YDHPB$23r^6_l zK4A6<;9In|ignUEze&Ugt?=45Vu$`#xCL01I-_q$i0bTYl=Z$Kgqw@Y9pF4SdfA!=os`xLh@c>9G$T>yN67KVP4<(L9B7qO zVYTXT|3u#n58G`3nqO7-C(y|U{wM+Dwu3;IL9-;^WH~axted@KJC^v(OIM;7%qKg2 zN{YRN^^}u`#|jo(g~>kRHy_1}%@QPLo(FW-djS>lg4;)QOA4TRG(Rel=x06-wGXKI z_2^7OA4%J3V=187rLAZI-qh*ioSR$z?g;VEidXOd`T0USDYXgcmsGhhU$j-AMAN5(L<^pMfQ}H;7JKS$c(pcjiwRRGYSDn< zV6-LXi#jb<`$pf5qgk^-5U>M)m4Q`kB>yCo`$ou)c9GQcTt-WJ`N&F=zxF53s^?B$ z8NG9|ThM+Y5o0R)AGZ~OGbw_zAJa;fTHdBi>IMW!E+73I8`GBSAG$}roHWSDT0v>l z%3ZLt9PV>jmR$%S2A8N7*F}t6n`#WMhcC5x<)*%W(qJz1WEBuc91}Q z)6?=9S?%O5f}P+Y6PM#B1c!mPuIi2oZFq2*$xX;0VKG#ZgMiA8;|8&A+JMP0;?~vrT09E`MgAA!B*I z<6>}H@Kiu#vqae&3u@6a`WAow;lQAvth$@KV3TvE{HX*_v5&J9d~5Idbw13j2crS7 zJJj;eSeBylpc<8hu;}d#tPIL1*nigbM@CNI`FbK<%uEO%?+c~#RxZw>sdIl{;X1=ZI7cHb`nWmP?KN7#T)e}$&{EUN|rJ#>6?^>M=q#c8UK z==0Mycs@QhFQkbP0x-kdcjd(F9Ei{d_iUpr^g0Dn1M(` zv+0^nxKOxZ9Z7am!U^gt&nK~omU)F0h?mkWX5bcs*>NR_p1+eKYIZtw-h10q=T#jh zzLu;WB*`?and4jLyL$NCF`rr@^$b=xrl>EHS`^n~N&pw8_SW7i7J&!xb(5XWSH4LQoaFKov3dZ7=Vfvm`CV=c@xv1rhB_RMz- z_n~F=*mX?%_4D_4v+s)2n4UkUr#D7;224ti*w}P`9rI@3s(fW@_eR0dy&i(E*S<~7 znbfmM)&nSCWSs*T7*LUV=H~urt|bloI~;FNBaf0}#s}$5%Aby2+aA4{!7ylEm3skS zvw^VgzC4Sz#24~`uYBNn=h$LdMpa4X4++ea54HVaOIS4-eD}r-w9E0gIWLBh)b@#( z@JRa%Vdr3xB!pbT{H~_eQ&B5p4AyGAlQA(UR!B-kMBFV&+SDzC)(kJ$6RjAwnVdm~ z4B8a>Vvs4r63pD9*>n;?wb!Of1#|)?-Rr*J_6-adXZ~2&>j>@4A%eURm<6sIq~Azv zX54;%Z>ub3{QMf6&3qz0{rb-53q6&(owce}w788-odwB%Ijr@wZy6S$Qu z>=!_$H{~mNJa}-iHdeS3hKh>8&vuc6({a+vVs?<;kI99K8_Vw+Px4=@%4yjhPE*Pt z;;$Rn15zW462>ns+YWV%M|OhJtHQVs^9KMrlKHDbk^zNvB5Jl@yttupYkptGHb$Xw-HNUsP;t!)0QG#CQKG z|0U|5=-yJUWj5%uJ*mw=X>2gr+U#$8T1$Z43+Z%q#j$KA#9z!I(owNTRP21WGTa-x zhMSnD5e$nky&d?XV)iZ%H`tAHmWIj@C-srQf|kd%ZL!LoARuQuqCr`dwb=cX5@@I?v=xM$ijUxmgLOMjCI=EUMz<7Z;q~>F|cC*uTLzqL&1?QA@ z{~Ri+l0EC1+#6s1g#k;F8&9%+<+%)Nybn8*V70mu&6(oN@a6rp)UnMrrh_j?nC0!O z{$$e*K4;s*X8F_kKfjI@UTw>jfot{&?D~OhlMs<^KPnl)!U9`5dX))(RKAlco*ROP&ca1NEvlzDf86039tI7I918ld@tk^L})r zm;^6?J3u>#9T~j#p_kRK*6baZD?{XHN_J9}m}C(h^`aXmyKeW%y^@?mb^Y4i=luOH znKnnSr(`g9#6VC!RWT0hrJ(enC55kN z%&*xwhQl5XV@w>;LtI6|17i-g?EvAl@FQ5bodfj9UbC$36pQgXVVSTa){kelOD)V> zCP{}Pcg6N4j2$~W@+CrGi35h|6`Ag$n&})9#|t3g5hP&BRKI?>8zR8t8T38Y7F#vI zB0o91uNVd|C*jatz(S}sG?9`+9u5=}XaOzow5K}m>3zD79d2jeFDL5+S7Mf!O7i;_ z94p#$qL?&2dostyo&)*s=*3dTpfap;s$ABT2GVr+`m8L(%!6>tL|b^QbiOJ}_6jk} z<}@n5g@&zPgW41GKY?(*&@U)?+yo=Xt(c#~0v8=;uVh_%`95Ks!*=5{8sfjs6o^cH z`{3)n_%q@V1kmO&;yom#Y+oD-v24D(b%CGN?xz%q#vFH?cMBz+aKteR)@4By!@}4I z9u?UM-jo4q2{k5tQ@iG0hHqgU;(BZJQy`6;Lwm7vXW?EV`Iw)S+6UjK8Jt$E^3&7{ zDAWk6sixg}w8BDg?OPjQ78@}LqRP*@!~JsA$INuc74(V{WlBfRVqRitNI2kaKv)v2 z$fhSXW(jvkw((=LhfoCs9zI^%0Cw>m(Gxv~MRW@sgzjTNp7#OGL4vDIwoaby>gHI_ ztpj`nwYazKGN_9vFNwW{NoS<*`sThARi!}&6k8S}oowL@4LUWP7zc72zR+?i&LqfY zwoV+aUNg>%;8P%LdVhzdG)z%aN?VEHJu<9Czfq2H;6-JvRX@nOK%P4y^38>JzxD=Z zjTZ!eAl${{3^=li0m99%5WF_z&dCZP3vj_oSUl0k>^KaI1@&GJzAJwH`5j%pK5nQD zkI-~GO5s+W6U`|;&yTN!)wCZLHM)LzxmIQbUPcj!DI{HtJp{)9<9uo$L%Z*2X>?yh z3L6};3_>l6MP-{wr7}Oe7}GL-E!m)CzQbFLwWaTp1Y`?7n1&(IorhVbt`|W!XCeiU zt)MYP^?-(xBx45J<{Qy?VWBb$qL?QsBR=ES$a}xR=Ip+q4CB^p)6xkU50wT@JusKo zs~ZaeP9}Zs*aIocsU~NW@7GJ~pB?L?CRAwNYpqSxsxg2{=W&yg$oE>pPnC`CF$Xf;GMwd2^$$FFW!1#k6aiO>4tr<7Q?ybv0)wjpy@gE~Vpk;%%jB!9UA{`0qD& z#K(}s9xR{-?}XK0dZyX9UNVRri%%SZ9O*<_;>q-h`n0;0K#BYgc}WIsTlY_KLy8o3 zk;)r#xVMHthTx&Z20oJYq_W_gnZ+t$SBzF?|5_LxbrIT2g>|gaV3Jco`Vq`zGFwJ7 zMSeVK)0QwKkG`0hitOw0BHJ|8Ib6}U{5XB9ujQx*Ps*GD9DbBa1>YSHJkUyu^4<37 zPV=noL$Ys;tI6&nmyL#*%%XV!Y{Ib66H_r`mar?6s&Q$8LAA@^Xfd-Z;f0Cj6?JV4AmBFHjgb=~wT}nm^(9GzWj9@M!PZxEPzKm-bK^ z_1c`B?O^XJ#-Nm=IdwT)W3^(kY^dm1D~A7^NcT*MPSR3+vfaEove$;?r0wcZj5AG9 z$$_B60>WeuYwg<sSz7?%=I1wi_6`oFem8D^ZwVLo*Yuzd$BcV@`26Z5wo$T zcdj)Fe`rSkti$9n4;eu)PuP(rn~I_`el!{=c_-`I@9EgIS3Jax7eIX5tIZuH~ zpSC>u*z4g$R0%(%{S0VtH)hXT47(X!=*d*Gu?L{_YKyK%C7N%l+!pQGW?sE`u@2Se zVtH)RHSiuQ3wvXnU%&5}{F!?5SHJK+hIS_3k=y06loik9PWUJ)-ditv>F8a~EF&>? z#x2Qk!ib+z2p{Z)p^sc4;-S(&rhd3*vz$Cd@6C0miz{oD1 z%xJb&Z=7al2ce+ZoiRJf_SjAR@RBzubW+W3e0v)aFCLxpim$C|@deC=qKo0n$<$da z;p?V<{aq9j2Zz&M*dkPlkIhNX1sSr+Z)R-@0DlpaoYfkPh5xg4_L;N;w1eGxzJpc) z04@^V_iRDS((HtNG^^P6I|AG-iZCy|@$=y|L+An-&2}^I*I$r5{d7)_UGGs}0YiA@ zeD#7Jpcs`C{*~~AVcW#HH(?Q@q?r8USHZ3+X75F#f)C&-Zm`4ALP}9=FxPW-pgGeS z5y~!PK6)JBd24NaH6w(z%TTG)D;1*LmvXnB5OY1PR~0S_mB_}_q`a6VIo{=vhP+)A zaGa@qBDMHII+tB+)bR&$0I!0DaUXa3Hb6J0qBiN65IDLM)t+o2N?X0S2}o%a;Ib|X zFRTrw%{FfENtO-~qK){wTqz%NofR@RCTjGA%>2wcxdDf%iDvU+36{S+fB4^j_h|X^=m+SlmAFr+n?x| zN{ZSSos|3n0-RX2b8Hk)pzTg?+DdT%UBU>>Uc{!6W3JwiALP=de~Bn*gCl=QVQ`T} z=Tmp8L(j@?jf{#d+8L4N>tE$jnF0d$j2Bh$`-2pvUj1sB32SN}DIeTdF~XYHUP|Q) zK4NWo(Y5&YGGF!ZxHqFhk)J-vrtA{7?&~TPBsrm^RCut+g;_{S#%vUJJdZbH5NaIqDNNi6I!EiRB|BB_0uQ--28q#?g8D zYkNY9;;G)TpWO3#tdetSh5a`wg6m)pJ`2{VN-i@euMXB_fNam7=FF4{t+zlbDtztFb1(B|O7PO(c4z3piVj z-QDU*Fi`Mw1GQmqGov9oAdfdr-64U!hGkKzCeJ=aPPZY==(ThrH)A#g?>QY{P~{8B zL4vtjdp{K*s$BbKZp6RZ1Dtwll3aeVNT}_GdH* z`5w#Ye)(Yq=f#>B!-+Y}Ju?HnWXe-Vd@5A8epd{c(1>bU=A!$hj8BRUPhO#r=bWvD zNzYa+MU+44y{V>rz?eC;Oxtv_ycl?3==m!?tXq9WC3zT836z52_l^AeH~VTi();!? zYPLm(Aaa=x1x-w+Yo?^A$Inm=v2*h(wDOjv;O(g z5Q6{s_nlKOh>jSWodp&?Hope#Z>5>3H?<>r>#^Vdn~9oLUq&O6DlSe3h@DIu_s z>^}Gpg-nSafJQH!fAGTnb@4aC85m}%&ex5Xj=(%hIm#w86WSNezC6J}38+2Ns;kc4 z4!aLPM6DD#`9@)Y6SQNEKJxf|*1+u7pD|0bW468ERkcB)8SK-Kv1b4XM*p&xabnfY z_ORgX`mdu8rf;{9NzxC`4azoaZ9*Kn0NOmUeC6N54BfIvlYWG)6+uXb**;B^j zM@e}Q70A?Sx854x$zTXIHla)6!<+7a9FrS{15gWNZoD1@7iqV8!noi)R907SgNVsv zt$S{HXQ?C_RHud6A*V2iPdiG7HdXoAi70*it&N5ls zW2~>Wac=I&<#^}CT`)R7e)%HO8)h8W8d(icOcC@}e{b}Rd7b~Hxvt)LMcQ~g0NS|f zb9HXNx<I$JvnVxdujZ{~JD+Yg`wFUEJl`S~skrCR`@nE_2xA8(dZZ@U;}Dr>(%@7%dy z3o&3oZosbm?dNc|dgf3U45LaA$He4_4db=OeJC3?lkDvFG9OQJ5D~ty$iQb_z+wT1 zR_EJgv&Gn5Q5lnn&YMy}QES?UqS_}ZqYb0OTx-5#47b;F-JGtDR`rC(b>0Y&SIK9> zNhF=iZ?X<8NldeY4V)ycH(&(a2#pT3JE=eGwKc+=&85d^ne5vkWaxD+SuVCrzqZ2X+PCvHo9!( z(|hO^Rl%8{dM=z01whgBif452zU-LRl;FvIATY+Dq|*J5Z|~oix2f8s^*Jdel#eN# z?_poE%|(t$V#d98iX+gkKwdi<$>LUIftvtFs-&lDF+%XU_oAQ#!vX3QZ3Wp`R$7KE zIDiL1kn$oJvOhev^eK|6TYYg1KnM*r-sBPQO5`2ed^rm?lIJ%)Cglk~I*rMfnQ__N zs%rK1@yn$hvaj|f=QuHAq_lN2IzTCBtcYP=hewJV@SNiCMF#+6`U{pP*Y3EbRtwL# z)49l8(=D$ffFW~5as<~4vlkn`1q(7dFX+};L?*Ee&#_P>1#JdC)=q^l+%TEzRm#-R zmcs0xk9~i98-2X0hR(M(ax|V_!}_=%UthcPRagVk`?=>$by#(4ELpJp%gBe-zGNsT zGcIGqLEV2cr|w0OS=>lkRlgudO?ql`r|8j)DlP1E?QRQc>8>A6>G5~q)^`9Bo3GNj zFR!a(c+IZ5`l{ME;=fFvsdd))WTK2x|LbUdRU=1@5)&?V_-@>DKf5<2>e|bQaMPt? z;pG{Jm$gPCDxz@X|&P^Nf@ zorg~Mi~vCSmPY4A*G(gYm`Afwpj)7@er)pHN~5YF0on7heInJ#?N3*4raVjnj9jWf zNjBrl`=x_%DV90E)R_=A+yZ!g-2?G}8!D<(jp-E=1A(M2ZKki1m>;!QUafo$pQjh- ztHJ69z+BlCR@L<{8g48d_CCA#bV48{nJOT$Kon|ti&wM0;Zd7)04GDD>K^{>{E&% zM8NP0&eWy@^MOb|k<OEM;T<^SKjj;EN z8h(1`UMqnsdlu1ck{ovK`3)F0HeZllDB|I%;hOt-3xkkd&`Ez3MO&#&U(EUW{;z9<-@_-6M%v z39XtD^CTa5X(IN`C4U5yTQ`o7RJ=ZE@>Jdr=!bmZHTTN&z#sAOzD1&Qs41;?185^p z#jtF+9!rq^xbSe_fDJESW8{HH2Xp(BhO{&^uz@8IP>u1Ikkbx0bV?_u)O5G^Hnaw) z<>=+*Z$Wvjpf(|!a8Z*u;G$B#c<4qn^O`6w{O~R zSwd~B$6#jaI_AASAL_;(qrDvM^8zxi$?j!ac8z|c%aV^DyFR59j&_Id>3|KkGzyRB za;9XNfQFhZtQ04&2;yke(){2xJ|p@bW4onr`X05%%$6d-CRj?~fX;8Vkyje!O{tbf zfeHN5MAg@M4P77Pa>q$2DxGO&55-01*B?uBz#AG${@iafQlwc3Ky_rg;UufA103!f zL1+5&_js{M?M1xZJU>hSwe9#Hu;2*92moxa2cWY3-2;VFFf&8>TFY6Rym!HZ2?^rf zqfPiqhsoObBi?EK%!0-`Q9?`38)gDTdm>`tz}|+OrS9<=5vRGIB;^ch1Ve5x+NIg? z%yoT|<*eX${O*MWgLCM$_xABd8(E4|*CXf1VtUCpGn-siu06GvQh=C!d7}%4ac%J3 zo2T|86xC_`M5+U0-thY;wNuAdvOL~iRaK?b+R~Gdp(hy9v;WdikYTm(bC5KzBgph6 zV|&u6iNiwL0Xsljfr9B0$}hItDWu4>GxWD(lttzJgwFKM3~|g_mqyRU%PqHLe0rNj zX6Zo+6BD+UbRwj@Bd%;Zy1c8ifukz4{AzwHChN$W{?qA)7At*_(Y&{pY0%S{ZlyjtkWg)q81aPcr&p97Q^ z1@m5>x9@Aq(+uirufn8IO$>E@`n0ibu~N+3n?#h(a3;$C)!vtfQ=Rtze@Zi+sfLkI z*(RnGN(hxujirTDvTsFE)+GBnPg8c*|_Dobx%K<-XtV*YbW*CvNxjeCpNwTqg&gV_NGOWY+f`^;-@l zlCnxUd&E_?lT=+=P^V1NzBTpwdIXq5myOgtF zsOZ*Ht9ZT@OWM08S<&926f!s!i_=~xlbAJf3P1ILiqE|qtnM|iVz}Ka8oT}6PO@&1 z!iS*AQc^a4pD!rAI*MWM4SC(aIZ4)<8i0+8UNdPnkpF^TA;hx=r44|qwqLuyS=Jlx zIhDJST(G;qx524?(Jr+tF6)73?a-!S!?c}>#2mU_6YoG!RkBo0K7Hi%(Ksm86~kSz zI~$EKA8D$&b(-~Zwi$t`BUukkkv#&JXO|=M^$yI$$K%y%Z>am2NSVw#Z+vpx!#HbN zSUC6oL?LB-In8wmwQ=b((@N66(_#J^bIN{W*|pglEc&U!N47%NB~$uz!kXav<(x~7 z)0(f}Ha{H3|m&uH19!FI)!i^Fk<1M~KwpLJ+ zv!zl}w*pvYg8A6)jQzxv9m|u$kw-3L@#vKCM^&VNoR^I`j^OkNvpgHNNu~kS+IB}s z^mO|p^TKt>1h&c)5|c6T&+KHUw;cmiWW<1V((;zl8Ly2{8~Rn4xQ9 zV-qu>eyrlH_7H54+&M1ou?b?8xE!|0cExBzxlI}CazJV=YIr&+@!6&Yh=H~X(4{Od zm$uF1I`&Ss*v3N8EYtJzMKPmI!+m{y)dG5A$^JtS9&BVieN@=**;{IRCm*@urj=tK zISk@r#sEwykcq`7gZp4~upD3q8qcO`1YneVAZ^>=eS1cvT)7~$dy_=zG(65Yop&dE zqGiu|>}*$daJ%f|iZc5$g1V6pb0_7AtEj3=`19w+@lS<+%le7pIdmMG-_eyKGCpOi zcWez>Yy{=mxl;qbdO!PTTo1OiyrN)P80dqJh>RPbw1P<^4mv_oq>-DSIq@#;+7o8u z%@=8z@nJFt^+)K55!j+*p(a#BwB;30hqm;e`8nG`CauOh-#b!5F8`32O-PWPQ)v+U zU_>kWXx#B%k59jnNw*$()77EmZ1VMEpr7$`ZwE{;UT85Qrs)w3#FAW5ujhfP^F+Cfod3y%aDyBf?-2CkiFv0I{!xf^m!Af3(q63gL!EB>2{jN zI*Mnk8FD)|rbQ{`pBnpcn*?cF%wmGkVKM(x4=r49Um;wR(cGwK(2q`8%)h@vd+v6e zW;pOfmP%t^xBx$?>92)j#oZ9AIZI#jMOjK?(e&rUY8`DlVACF`7dLvk;H8~hSF!~`nr2m9?2?R|jJc%VKaojVr-03cWd;&WmEg#2=={6O}+P%)nRy(Ko!5ceecxI zgmtkA^4ha=s#VLLGwYR}ZiK*<{-#Xlp7!FdtU$#qJSjR@cHmvu3P4PbTpMg1b2CgJ zemcM?1Y1BcPVZ-}7C?ZkTxPv|z~uh&5FPCS&(|nM_q#s6oZ!3sLD^m~5YO?;N#TSE z;oCX()@hKWF~;r~7|g6LDw1xTIs|wP`K|#{nhyG3`;G{Zn~#X61-M_o{}r@|eu}bN zr?Ts~EGY5!EgEyL>EY;|UmNUHO<#jEaXZ4Sqe#5S!uos4+v~QT zj9{LWW=^|hYOLlCjTr=9R3A~3eMO=K`H!>=AT5rDWRb9}!aS@&)i6efHQ9rCEkhY_ zyl{%8gK{tu<>0jlM5wADn?V?+L%XCU_ff)CJ>zBNQ#&|w|xLnqkU&Sdk|;_YBgG2`;reXX$6No&{rE;r@zmrKc1|5|LzvYTV@Fv| z@mD-e2k28>B|{eMHbVgrazFY{?9JO|b?EJnD)T@Ult$R`rt41x z8Wg>Jb$Q1>)YbFsDA`XORt7?83J7X`(YPZvFn#;imkc8YKphfFW$bL5v}3kka78|r zjjX1+@WZzy42JeJK{r9HU$t~Nj6cx}G5Nv+jn&CcM|wtyB*AF~wC2XvHqX10n`4(Z zNeYBYs^zZ4Aez}vz3U~#0rlTW5s%M}os0{aTNfFrdekzYE!QB~+hgR3$hscVcmbL? z&KnJzZI&A@qg~_gCxo7W(K#!)49&-C&g{DE35cYR5$hF05gX<@(9gCqJ$`MWo|#zXz+kUq1?z%h(Zqo|!No453g#Vsd#Mtlq6HNv$6 zaYxI>uVVM#=IYb=cHFaVLRzZ6{4l2+tv=S77pqy@k+$y39##`%Ds(SH6=1ZYZ>5kc zSu|s#+0o%dhI(Z5XN><){G1yCso6=VIjoa)_ePDgO~5(4s-t-e+aBBz*Q%oCaM3zx z2`t1XCi*||WQT{Z{W&W{sR>&u5gp6);9fu!HKV!9c75!&o>uyZAu1bYa<`Qvdce#x z>I78dl`K^gkW?M|l_ZKJnc>vm9nqhF{i>424GOuyj-Ebenr-RM(UD3^Ocaqx^L5a5 zC4kNY&m=W>H>=>8Z{U#)i?GL~Rt)r=T|DVfXYqTLjA7b!<|>j$p zm{~TODu^`N&66pxGD*Wd_+Za)s=w3M1@;{R_4w5yV>8uS^H*m5H~>~7dh6b$tDiVe zmL$c~&Ryt##DZqUOooHRgQqXuv(+*`Ifb&E{^+#(9UITDuN>Fe)h33lfa}0hH(3ig zXqsLHQDoQDzHeO;+mK;M)1I4Wb5|BP(riC!g4SAzfE!P#E_CM@6B?(KPgYAbJU6zn zfE`8jr3E~F9;B-cfjjK}n}Rs(KU6=+A`JlKpp2 zTP-j)IRQv+t?$U~;^|1otypv##5lmoe(h2MAMy`2-zgQpjEzGch>+9o^^xG_+z9m* zF^zr~TK2j3OW&Wd1OZ?bG|5__ws;Nt2APyIx&tZ*vOhggR|G2P4Y>+(6N>_0UD1Ib zN2Hpxxv}D2O=EBvb5t=+6xPc=xY@*(3BQhNxSdYM-gsE~e*6OGp68KzjgiMjw}993 zjD;hVJ7Asn(zx*H7TO4=zzZKeB~K~>kO$QYAv0HVHrup5xM|1V;iHN>n)yOSH0OPpe5-^2G`vQ`ib*%Gm=!!eh?)LAjxfTR>4R7(MPX8GFzFyY*R7>i+F%ux zdq~ZRAw-?Mz9f{kxI5S=8cSu5+3ww(>8WB&e^RYcMoS5eS+YHPLQ4(zFOBP%T3pY= z1K%D%)FF!mu*VbfeyA#X-+G(Rh&uo9Os{2ch@Qj@#>5(Ijz}k%k=d3!-P!wmfG?mq zsO5-n2ham4 zVxsY5%*mOpY$^9XBvlUgFXS%caw!|8M?<-hA9Y0a73 z$0#e0A-W(<0BvaJz$BTjAXNmy`SF*#*~K#jHh>!7980Xaw()Aw_BSpjwBQ%o_pz}Q z-cq`hn#EOEMU|vL5vu9cl0_C@z4Cgpj$o9|J^*#Hg0|>q^&wZ781A4|&2}Y_#o(^K zAITi9RATaLUKheJ{*8#I@2f(0BM6@O?rSDm&joH7Ytb?640|61H0WqW1H;XjYAa#= zf?c_r3~Vv#X+?z%Vl6t3$ap|Gr{6nNievZfO{zwa9Iug#ECy(JDwE~<$65{{S%3i5 zE={$>m8`5xma{S_Mqhy@v|Enl3y&J2s-H!?e~hROK~pQ{FvMGudMHbeh_sO|nH=*p zizXQk(x{`?45oSg&hBPx`aly_xb*5eHLgd=(N01gJ9m{nL1z7V z*}!>JQFia{#t3!&&Tc%wm4WT1tZp1um>buDYsy=hsjhVdU5$Gv0}Y)c?7!98)v>9y zVhZwB3yXJ{WO-hv!8s_+GAwg;SqVt%%_9ujSBBuy+lC%IJ1M+Z0k(sx*dQf%q4F~8 zG5KF|MYWixUHmL>Xlff$czf#9&{FV2{PM(^k(K2)E(|XRXT{(Q3RR`+`@S-!h;GE~ z=@)*)YHLN~VU_kMg?CCf+II{2^VEA7Gk42u31mqsA9A~by3jfPv1Xyu!+I?+$rsBB;j(CI+8WSFCi61UY^*1yAb6i(EFwg6(iPDvlRU z^Qco%(?Nx)OFACW9&|hhS0GD>1!;i1m4Mbt*3+;Acn9H`aA8Ijiobr* z5#els2}k-ibLbzWS_wRzd`P=#=mrZ>p4Bfea}DUW{$HMKkS~>*e9}UYB8U1k0VJ_) z6qHmONxH7d$w8m&POdr`OmQ-{K1o>_s;iGpECQ|(Z0S*_qrv;9!$QOmg0^F{mQL;$ z$oPHii8=y`{0ImxWZzYx!2=iT$N=>p1?p~Hy9UZxcy4CzPPJhVg8xpg2UE+8lZeci zG%&>D524{WAidf6w!PVS%!oE_=VX)g=lNuB03#PvSFYMI(TXK3Y{h6gIx#WCfa<1r zxBHQi073IlI}u!l=td2)F_UgR>HFuv#M6CkTUV3m2as_HrVBtG?+DtdI~=iqYZjze zQPQ#7)-wZmhkSvgw%$brC?!yf(6wjho!yjyS#0x$tZ5OX@y4(2Zq)E>)S%-StV{XWi77H}hg;7EV5FXRZ zdg<03PxKFrMA}@C(}iw@*&E-SfXXSzrufG$=MaN{K6`*_fA;+@xbw1(pU^v-Dm@;iL7}2~Sfr!;%;_$-= zvQycwUW!;xylC2QErjIc2TJulj`hLhp}Rqf1EjI;00_DQjagJ>lt@DIIryTAv5Pp% zHfvEsL~NThTYMIB0B6vqaS~}asGVpjJTS^g53H`!BW~6PR4&MQ)<8Vw6x8F~YXM#N z&6N@JxjKF%1ByF5V6^tNEL$uOYoO&0I~&I@=KIN8%)oo&!tlNUZgdxodkLeE28;Yg zwG41YdfJ^s#9OS!xs`YfaIImHL;n>;{@`KM!7Xwdqcbpnxt*xRa@_R&Un|N~LO*$h z>FfQgOG?25S2UG`wbd>q6&e7qHG{>@EfN_2&Z6t`lH5T>`?PQ)Lk%?#16bb}H=Nxf zv-9SI?b6E0el%Ppil>G4WnASW`Pn!v8#0$gUmPl1x4G%+7WaZRBY=g(!L8|AN5P)^ z5`mB>$W0IZ_$IJR7+}4OFpRaFvJrH(R%c(u6}R`nhAk!;v{g+aWX?9io-nV-K$0QJ zfSB!~aSQquLjDt27U_*oJ5@Uh2Uh`>aK6yRfOu*Jrgg>P92^j{#6}4>T8zMg_wZ$H zZ5%e?_>MO-eYR^*Va%wqUz38W0r(e0z^|20S z8)O4qRw?155MvSpOU#spOY2zE^kAN0r<2m~)LUY?87`t-E3rRJ&k%e7h=z^mVW3q?)`YR!xXU{@fUmuGU zW@3V{xRnaib=leOw+E$=9lM}~iCl*Kct<>WAq%*QtUC;1B&lZ|bdvv!&K*SG2?O+K z93-*V0^X1TL4aVfi8PUkDNmNg4&u^bI)Nf-o}#P9bO1W;9q?r1{E<8Dy6SMw!VkWp zAyhJCZoo9;(Tpl(dm2S;rqFkTE$)XH-)PNFY?nt`TCO7kkGxQ&?E4E`C2K$h`Tp zv$tSm_}7+FEr3R!-$(~cw5kWQO4v0yk!7fU{)gE%fhK6;?A4G#$iqOeMlD^J7*Zt6 z0ljKIvi-t^Y`du;7K3Pmi3WLObP{BRByGBKwC3o@ruub>a~lwg8j1SY@OTH96nSte zpvz5OCnOX6vc9 zTNs0II!cho1`MW9_jemGIRVM`>X_>2e<{!-)*eJ$RgEnM1_+Z7}n>kzyTz#`7|K8t0DPX|oNB8G2eZ_xD>srkmpRM=|4W^8BTSxuul14um|qz-hM# zi~?7RG5t_iTPvrQ{~2(7W&fSX0$3dbM3|)HNGy56 zm^xx(*Zwh#f8YBpmm_Q84a3n{Sowd6W02oO1*3=OI=%x&>L5I)whTOZx#t=?02RfE zx|d3Ce*B?P_J8g+OEv!q!3Z<_{BnuFb1^Ip-?4_wkU{K)KM)T7NlT%7_r_o@o6YFI zZFs*a;5b+n#v65R+TnGR*xC_!c!2SA&@H0KRk?fB!h=CXcgUTKZ&+_e`cupUU}*y_ zRvuB7!aXFs&?>r>GGn7#hDBC3#bHG#>C_(1S-tg?8HV-RD(&C)M)yTndU^A6$Mht% z(HA!)mtV>kXYZ2;y>D{l$d#wkh-BmJ*Q%&(La6M&1jTxB!8=KNa}TSL_i8;qlrIe6 zB2o6S+cz#OMjk!O2(X!B^A1}iTqJ@7?T`&JI>F`e6OYuk1#}w;+P;H1Etq5Z96$N+ zvl|hOA!c+;yyz;KB}SEC?w{Vk|Dp+pLRJvg8WCBGnh*yl{VaL43G(6LU> zdRh;`3oyZ9D^BHu=5ex?mIX+zg1Sf)|26AHnQ%-@zK&u;Cs}T-QpG z=iB8mcqI*i`kzh@XUn53#Agwi91zk*gKdX}Ru|`6w>maJ7YH2O%Ekv)DHxL88x-ab z4)o~H9IJgvE@xf1Ge8z3YpsiL;w= zZEX}`nK9p0_&l$q^&Qq#L=!{*#odZgT1~za4Pj(PY81AzCQqafqc`A-KmjB()#gas z&q^{l>*)zoDQ%O4?}riJIc7)#yR1GrWAT;~w^JH(g1&~PzRk`P#$cxO`H=Td1vLCy zg_gFKV-s6l;7}%l;{$saPl#MlRvzSrA}V&2mPdwz62KeqO1_RHWfa*->TWzIUR2bw zx};!56BeKQdhyXW(W@^7|$XuhxzRBcN;PP%Tw>q2mv zJ3Cc`bF!UuGsMSm;ey<4FjNai)&2<6cc2XgwSum9f* zeH!im(`z4X2ADxUxX;9v1q~#G!z2C2cg3*lLnOjC8rgI=ya>M?JL?Z|-8nse1~c>5buOp`P@};jcBtH@48rt#V#T^?~!U~-SDSx-OEDQ@)vQ9CDZ$#3}o5TjZHar)Bq@1v+w3CVrChKn?>Gwq$vSA98` z%e`)Eqibc|Y_^=*lJGU~ZCL5q0xcM}*MB*eH5yRnKR{7cmc^E3zn*xkx5%w}Y}BUM z(omeL@E!EdR$H#hI69oN7X~nx2_!P?!Gsaq^dO{~LA_&&4^&L926IFS;c3^l$1uS-i6s z`4)wCs0O}N>V(j4*VWD;pV~&FP<&4j{!CGl@3go_6*gE|)ZBWXnbb8BLf%c`-Q43E2ar4kaei)(%<5(EW0MDwKJ6r2vharsrorWgqnZoL19m*Bqf7(W@ImIL1f!z)CN9AWd&* zq&L3)kCvF1jq>~wN7=)D^^@dHTi#{hgsb%#9kXhE|J!8=&HEBVlH&0m{uV|!7p>d2 zM{Lu~mALQXF1l?A^;=u}aClD6fXR55jm`F77g5uz(spJ}i4_zGI6Jo`b9u%ZymknP ziZ)L^8*vjbHB}K>LPf`D&A*hUUFMbrs6_>^?(?5YIOw>wwYyPKlE-Ly}8_fccR zqeaD*ifX1thbihzl&Y$QN8g*tE!Jszb6*cgR9CAAe?x6Gp-I9ar}KI72l*)9iI*RE ze?JybB2-Y&GOD1!J9xgJU>5O?H?muzrYBo=&U09^1>Wj*j@7fF4*u3O&UpQ-D@EP7 zDbH&-FP`=)c=|y*?~84(YL19q>78X(@8sjpwq+i49MitiW?sx*M2(Kll}5jRFEz^< z=&P+Y59Ac`AiAYW4+k+^Y${#GoC~D)I;gK-KY-NBQwbspHNI0W6OG-esotHm(K-Gj z4a0nY@V+pVV$Y3-$HaI)a!u!ea<<#nC1Q$?ueIagEiyLH;y`UcCZ2iGt@RG5lW)6*uV1+8tTMa>pd$6Tzf zmhY+P>+>?jT6A77u08*$lQQ2CuV76xNh_-+>+h(y=Wa%%$wbaqkQ%H z#0vz@*faX?MVFQJ6dLk;OZnPHMVY&}71?<-$RhPHQmUt3E6Vrl@8NF6BTiK4-B%C8 z*{p)rcBkss`tO@5E_p&mMVJ$(*IuWnz%#?%^mYq5RW(aR6=NTjGwg*2wC?#HVM|M# zZJ|ZSsty*5dYm~#Z#cZV%x1NS$oXHisnFtPCmnqQ9eqQ`{72U+YxdXvww9twpM5#K zIxOsDN?L-4$Kf@*7E@hqbowzZH@D4EpFf*)mLyivwci^r;>KOQs)S3uOUserUserbaseAppbaseApprouterrouterhandlerhandlermsgServermsgServerkeeperkeeperContext.EventManagerContext.EventManagerTransaction Type<Tx>Route(ctx, msgRoute)handlerMsg<Tx>(Context, Msg(...))<Tx>(Context, Msg)alt[addresses invalid, denominations wrong, etc.]errorperform action, update contextresults, error codeEmit relevant eventsmaybe wrap results in more structureresult, error coderesults, error code \ No newline at end of file diff --git a/assets/images-for-sdk-next/learn/advanced/baseapp_state-begin_block.png b/assets/images-for-sdk-next/learn/advanced/baseapp_state-begin_block.png new file mode 100644 index 0000000000000000000000000000000000000000..745d4a5a971292bb0346c35893b42ebfbcdc206e GIT binary patch literal 20565 zcmd@6WmHw)_s5SOT1t>oKnbP0kwyXOls^@mAbnmtInrrSg=X%fAB3eUDo)C`;4+H`cDk{iofk5bB;P(%Y zuz|Kwc!>%Gq5~<)zR~tI+0VxLLe@?3iQ7OH`t2Lbw>%a+5;={2I?Zq>qb)4UzcMqTUgc(sw|^lU@i-m}r2F)d?D!dQ|5HQrK_9|8 z>_gzDV-qon_vBIbSY!wbf6Q+?*LdJo{Ibf;rcZ_+E`Xc-DzbBm@w#f!@xZ(i=%b!@ zpzty=NpF!JT}xKT)oXYEMs?t-D~8-0I9}I}e^;@EoEnQKnxTeY9Qv}qLGLuc1CRR5 z|4Bht02~cOMc@>}Ml1(B?i-6fM8e2?@FMB`;QzO;OWyEFkIRI3q3c2_QHz98?fDh1 zB#qntVH<M47WREX5ZenxMVdFUDUgRj&DsTh$mM_lddu3jm2Z!9%eH&|<=JDG|I;}qYaCW>J zNo{?U=LY35?_jChyd05IYzxk|?m4yAloVEadc3kS0|Ez}?{R(@7*xg5;6 zGiIBJqtz5b(GXtL>$W$YyPr&mZ=+O7zn*V=C2Z9dL-ew2dH%E7;j~W9K!&Q)tN))c>V zFpv{pYJFHJIA;FKQ^aT2=gp0LZlIE+QI*1Q&aG+*mKR@0jinQ+c&xT;!ft#rkR|)- zZu<9$xN|cOPI=mOPQL0zRK7xr;pdQxI{R3um>`_C#0wpJGVwl31)@hY=t>TgT+IAM z+{qKg;{!vP!q(FVMAkjOaI4quh!~vaaK6Kzcs;*9=I>9ENM%r5%W()R#wC^S+fc;+ zC0K6U!gjKyp1j^0@?~cnHV`>4GyrAv_|^7Zly$UXI6HF?+D-j^pWd5Uo33-JKsj}z zFX`1-z9OmpY;^%97FIVI#F*@fq|5A{kKN_FF2FZ}Z<#44;DvF^NIhqxHk;7sr@bc) zrb%F7=Yg*+V%F{>=QhbgXBY51=Qw63e!|OJK>*;)hBg-L{yGQb9@0=G~83pG( zlWz{%Oj|`Ri%-knYhI6-a&kZA;J~2L6Xu?__1O4){}nL z5mq}d2`Ju~H7dMW-HN9^K0hHET;mRg-MlY!FD)wS)%>~D?Xhv`BVV9+XukEGPITaN zVgX;FCI60~WigtYnbqJ}Lp5YgA-!=wFF%;Y_)BJ$#~I(x5~FhG_X#6+`!f&ua(~64 zw_#uSu0CKu&sXJ#8uaJqU;#scEAe=<^aj=2oA7qV?M)dimCT*S9jaFR=%ift)rp(eBB$fS?shskDT84gbnHK znp74|3wym)!d2s>)g6xD229JT@49||^_C+FQtta$7}y9Zfk5z7#p0{}|`5 zFDxl~LQXTxJL6JZZTHtTaa0l-2&ZKRK}Uf^8`XKmj1ZNIOyEl}e|4>pBYwrGesBwY z?M70paqpBa=2FrOZmKeB4OHCXPU9MpdiZv_H)&FtF_hM-o#S_HFk9`F%@GjN`YR0~ z;7NSGzsxA}>6|aG_v|ug?n}4(!2+d6b{TkjFqXTOwaBS8p4!>Y=2} z!9x3vOYjyWq^~3y!g;xsGr1@ZM#f5$ha%;+wzPJ66E2N!*3sI)L-QPvyq#81xkiizguFHSXS#0__Gj*($6O|vhXrtAl zs&~?{JHO&|wRz*RQHIT#@7-%MhJd`;5p`=7Pv#8xBQcn|QH|Saz0lKQWAU&%o?va1 z3UmLvU{Jg$sXs7f&sOie^eBQ8{-|lX0@{&MLK&+ad;fjtDXTTA`l`oWqt=};^=zTl z@BLQ%9pP|h z8n5k6DK8$Av|Gq7p9>Si6-G;5u8w~7OaJ*yl>wU&0kqmH16g+XyH{+pJ~ucq)>eIx zNdB?n(U%B553@?EK|N^`_V=UPsezz&*m6z+_xWC8zr=ih0LptXJPCuLliwf?L8dp- zhuSRZyL2wY)acJ(&ppklGvdk>WB2%UCNzRiyj*+usQ-3tkgwcPBW)eZp!iamIgV$F z9By~kbSAu_LOEI(rtPpGdirXmNhY`dhj;uhi7w={-Mp%6NLjjsVoor9Q}c9jLltI9 z`J{%fDy{87r>;zoa=(L@5n^6)-usBNZvr)EiU$j3Kg}^a4zBRP_iHi$TPlh+`=qKo za(0^g>)$Xi_M_L#GU)rBVg1{82q&xiMfkFUUyTjMY>j!!^E=N9zaCf|HCshW8N-_o zy-G1(idCBs6-FGEO|=4T^^`(C#i=O}KZ?d@436JjHQlrZ-^~W^=YNe)~G#?5A7Ymsf%!l^+j}<<}ReQ~f_rFJe{Nh(%H5fd)9R1U2 zqao`mU;C`F&^h$5{WB+tfE|2fz?)CHub~7kEHR9 zinelv0=Dja-Jwrf@R>|Lr#bzr^@LbaSwGjA!eC=gTm*#(+_Tk<_%P0&QYg_VumD4DrTQw2sXB9 zSLmwmHqSGV_4FiUzdGC1gJv}xD}M0jj0%PM#+@XKZ%ng+c5*v6L`M7T_0>x-OFcD1cs?LsQHB%jAw}7nL7)W7f zGLJ3HqIhy+?>B^I{C&(b%WH8u-rFtc@3$`Nqv_4TtpXvtQPGodCj-7*?H|iVfXz){ zpJ|<2&#!;^n@TPr4Pk1}oH?{qNTx(nx>qe8?q(9k>gF=}>`_HqjB^c2ZaYGLVd5F| z-w7Ob^pv#AUXfE{MdZX@<#@*t%yI>x^k5z2B~(w->z<*hb?G2Wagb;rFu^lUtffHZ zw>D~tDesp_+gas*zU^_hY5Nj#w}V4D{xni;hn4>p+d`iBb-kR3~5wd*A=# zTs7aK69yH$U^oBlF-_E(WgpOL;XqPmRo@c;alpzm3DlVIT(9|m(icr=JQNqXqyNQ3gv8* zpq(1PQ+ei_aTWXne`b*%N@xC-aOE4h=LfHH@R@>gz5>CK+Si}UmImmqIE=y! z2cP%>8_9eIaap(wWLc%?r4kDsm%KU|!%7`NjJJfWg)A$&4!LhFd2VY-UGys2YpnR~ z2zVEc+U)Q3yWgMEj{R++tPVk8Q;vN@5EvoVc)HAuDVu#;j9v%yEChIop1~F(l%7?h zgQ~iYM{9idG)~am?*W(oVZiC3HYYzuEnPw}Vc-onv4Ou2>;uUo1+T!Uuj@krX0n-| z`22^|PQ-#LA6i^a3^Bmjy~8jskD_OK7H3n&o0%gQ)b%!-g-!$;1a{g(AIX|^5!K>J zjHTk&vhPkHCZax5p>T=A%X-uF^U<~mB1tQb>+a=p&PhWr7;BJde-D<=&x5mLosClU zbL5`hR;oMI;PVUZPqsON)8>$XR`44p$P#z|d-0W>TFO;7%{nG*0tlMSh{VlXJB|Hm zQ(72vP9Mw3c6ky;?!I8TB!_A=DKkt;Ef=cgvX$)R=-rRR?abHiKi2x@Yw+sV^%=YM z);Gzz|n0`+8Bo za(B{+%gNA3kmr+isYj9ISfLY!L5oAtg3of$mLvTS9b;DG#+SJk)j_>B7@ra!gqNT5 zo>8zGX;BII%g0c#GU7 z;r^{16sGz>m`jqZfej{)NOHH)K4?N2RBc+1qms<3SJ*$Ns(%RQ?yG$fsS6F)hX@DQ-s&y7u?Go(Vu4jeKR=w^k)%wb!`#^^n)%caNtXg{Y>V z$H}b6y`RC2R(Ff2@W4nf1-$8}lS;tc<6Nt}tCa&MC@Ox<-E5vIb>z{}QlknQWt~H2 z^x04U%*}$Vtz|o@ANHyq4;VP-NPJs$YK@F4R8&>9;e~pNjnh!ec#FTi<%@2I2(Ps5 z@gC>9%gI!1q$#WBJ5gOWHhxJ_2q;?dy!~_8)_wJbVbhaj)i`LWZ6<1NEl_RoCk1cD za?n*n70Gg=n+zh7BW1r7))$K9Xr&U#gf49uO9+$PrN8Z72zcl+vv~1M3Ir}1=#I-I z^O3afzchD08<867C9f28{b_jewdW=xg7Zy*2{6rieLxT=gorGY|8hC~d369nVE;0; zggdsAma7P$6FU*iZqo*_WKs!18bAYNVz*Ey*#nhSxL@S+?CavG z+>Fb935!9Yfp5+ag?I#mcA>wy)q`>FVO+CT7WJ1cTHU+VUMNvYe*brNx09h^i*eL{ ze}5feFl`M#_D(T0&#*(SCWKn57}Wi;k}&(k0iKld4<~uq3O>Ai1iok_TIB?vV*9*= zl{o@m16TCUT@#hw3oJdkN!@H;F1UdlvqbIB)hkvNz!yi!T~0DS6M0dYwCAFrb=@xzYt-iM-e;ScF7Bo zWfq$SsJDATJZWP+%(i+HFiW}QLW=iVRjj>ux{*Xs1I`a?_JI)`Vp5~hECOSMB3IUZ zr~Xqn+!u2-ohl^@>*YC5q(j{h`1Dx^0#rXG9zz&g4qJb(b7f08nz0A|e9`7Q0kVwP z6LrhEqWrxbOxX4)oOi>rH=N+$)e5LI>BQufWWP?+xcI5-pUvnt$b&9@YL&qa0-oB- zC&8H@m13Z)5}@w;*{NTzIj-t6qT=Ws%X85i+006kIXc%I&Vz0fewgC4k5YtzMyH=X z$^n57TcNVH9*E5C&-&W3xj7v>@QO0$3-024-_a&G-*VFeUG`HXCtOzM!|tcxAF~0$ z({r0&LpMKiTJ*cVB4G=g-c2CwjaQ!jC<<9%*Y5?@jMY)4B|OJ(s~x|({Y5!9DE^_D z*@%;@`mUq;ljE4ZM6K()kSrQB^;`+PUfzT%9-LTzS(s9Qb9)B`A*M}^|1PEC#qZAQ z!0xx{qSi^cIc;7jSm4RN9`vpti)5lPrxtIQL&S90@w(Q$lg)s#dP53U_M?3&o?1BH ze`sv1{^F5{->xtQIGzf#KT7j%H&HDoKmI8<`1(z& zsDB@l?1SNSib##FQW4kC=H_$1f}p05yQx+JPwf$%nPUZBTa}n>*|*ES_ffNJKN-yU z4URXMq=OuC)!vHZ@jlL^7)iQ6d8-1M+y~ch^nN#0nlh^B+gT1y`nzaI?ejgN?1&eP z#Pwa}Gk6l1Dd;1~3hV=z$Nb_kCoxx1Q>5wzo#Xpm`7OZNZLVT#;&VV4NQk5{2r_k$yw z4OxCb_H~WT6>7(<@cOVWa!l&rc-Fg|xHd8Ltkz|in`xg3}q~LPHp{KmBb-HSB4hkW(ehgoTW9+fDCUm$1yLcOrD`njK07Z zrP#F>YvqA?ajYeXCutr7!8n3lCl$tc{4qF9#GF*shVa0CNnXeXe~_ZGTmI=t)npX! zdiJ>gpN~9Y8zHyXHMOia8CQ8%kX{N8lk~axe8)+xF*@J8s+aGB?++YzrjN2U24NAL z)HhotrpP$l5YWpqYxY~Qj_&AmGiKq{$Mp@A?z{o2mwKQgXts+6XPNk04 zJJHN`PY!T=hIaBSzh0lmNDCcmsv>dJ61)GC7wzDJ-+Mr(e8K0u2N4N4sBOMei~gNf zmQgqOsqqOAj}9b_zI>NgP5y{WGVr3|6}ui6Oov`sMSN--M~b)fN!6DWwrusDR^h>k zkd<~5`-R#@h*6s!kkAZCFW>r=ZdRRA=6lU!L&c`qwaSgildsLU;x0DlUD}{jbprz( zSg4I|h{!GPlxB&H`QWPteJ8JFsnRD8cktV7Z9pO@&5erqBjuCApq8P%75~Rp*W$07 zQ|o!Ev%p_4lF)`|hjCo$T1)NWI@TaZ5^|->Z*JyQJeD8doVcyi5PVnie5SR#nFWV? z*33jJ4TZb3c}Yf;&sW-7Zq#T;SE8DZ{!j(s4I{2xC~{_8pR0A|QQt*FxDFjbH{?_k z`Bu6Hzu>ZkL|5A!qh}qbayYh=TxiZkj%T*jkiea0r}NE^=t#xZ#UH2Umj)B3M#N%V zsC~sdlzjxoC1r9iWv|>Uc|lH9%VT;wYZ}yvsjzO?O%-;wf3kH3e9ZSwM$3gpMOvFrZ+UiRg z)M%-X(sdD^qHDbSvFj&h)hJM<^`V~`YM%S?GrN0VO9i`tOJd9)_RJaqS8IL-yneNA z-N$aofV+X;C%P&xUYYLAaY+<%!t(o}{q0PG1Ps+b&`^Ab@5~;*Gpnm94dxxL&6Xqc zKBK421U=&!M*jxvF9u3oba~cSIod^HaYM~J#In}06KQU)qrSjRrrX(^=So9N{`z9s zNw>pF#li5oS7teR-U9}vIf5hKrV!sLs_oKJ#Dr zlQf>MUo~d4VzB?(|CjU$`14)^;TPk^Kwg!cGR0*1{w+>N>#ORr4!ra~993wDxmx>I z1~oSE{h%wYm(|^i$V&{wrNg04(KlSKBH}2~y*tjWhio^FE&&2V zqJ{;sJH#^^B=!k=`S)jE-HRq2O_@~E2PV5{{|D+pE{CTE!Xg91+cT z<#SB(M0@xWpDXnB?#vkJO^2m|g1VYN8XF)WQueuG#zcqn`-m4RGb%iYcy-B49lSQ3 zA^leilk&s#bDO`WKh|NcoXCI9{kKsTr(MWBd3P#UI>@raZ^OrKSmlhyVC^96c@;-o z6A^)RL5g;OYy~~VoBBTD9ZbhME^fymy-~ULnuEFR_9#9K5BvzitySE3rC!9Ca`F0N zb&p=+A;`IqGl@Nw>!Y7;R_SkeLCg#j2e>@PDF@6HLIEcJZlw$6%A}>L>FIvdx-Ek> z$fH|AQ#U|aPgh_w@61H}+>GH*kS_|`-R#EZg!;Fv#%)eKz4Jgf|d zR+V-x2l&E-{^|;OhKv6Gx}HXPtY2u0iJv5qupLXpm02-TE*?au!SVFd6k# z{SCvz<;e(pcx(ca3w@InhbWlsqDbKhlTEDU?&O&`?dPKDZDiZSJ($b1fq^LBcSY*w zL09@;x`H@592M>I%@IpW42ay+vYmnhl{x7x8rTSw%5Pd_^D>0TI8Dc)ISmLITWCFCQ_&7Pe+bEBRd z&Q|Pb;#wrk6El7V={-XoZ*Rsz`Ml;HtU7)4a!;-i@gC)5?TrI8`JRVHS@wdnAN>Lr=;H=&Q5V# zj~u9G%#3f+9BlhnOAQvj#76|WL{EjHr~OsGJt~_(4O~aGvzHde^T%6UHAyKMec%kS zTXTGYteXGAY6q8b5q3HB@PBMN|9$&L9xaYWzg|hV!dB8qF~a=mYqR)U*Q>XzI^To8 zkfw}_b};pAdb>^wt?$;cI=^)EgGX|TUT&u5W~-X)F}DMiZ(`q>F{F z1k{v6sXhlxKLbkQbwFNiEK~L~0H`iEPpge+V_6si|DQ$^X4lvXl*Hcx<0=0-wbBCI zzvNhCTY}D820TM0L0Z7r6ex**1#08d8jeQ*5y5#_H_opUmZmFh&R!@_mr-5;l*E7k zGsO=NJPO@FJk}j0G1x~$GyD$by;H#?R<~F9wj-voDa7d2iY1C|A z`T&&vrOGeXeo-&KV9DBOXcjw^TQn^4!8^KTgZLF0!$p+M*{29ngtY%-GeTHg;Q zNOlt*_wg-2`JycS1nWicXL=MKoYQn zA{BrJr#n|wYv#Bp!!Y$fKIA_V1oSwmLl^WoMk+JEa#LNfj_W_T1pOa60($=PUqcom zq-Z{v>)>Gg9}t4s4A>a$wd}u!65O13V&Miu7Y6Te6OLu+*Cj{bWoUL}n(t;1Hd zneu?CeA8eF!^?hxS?{G9d`z?M!ME4FrM!>Z>3=i*Z-~ag5am+GG?8k7wZ4DipG8p1 z{%?My$)j}e{ycvg+F9^#Am3E~8}~nmM_fBEKZ@gNlF&;&Jy{OOBxzFBOD$Ddgs*-o zjduc>#!RDpheO@}fjA}70<5k&vd%Gm%P*m7vcpk*K`)`&vQWAA)Tew;Sn?_h>LdS~ zSm1i%Ch|W_FYoTd*yocSA8wr#_6`ge>{>c>7oN%QNBr+9>04b;Da8~AGeqP;EVz`k zvqf(vW)X}wp*b$1BPL47J=TwM+1Vjj zzs>C4|K|t)gOe(!INjMD;4q@M*EiaLE3lWG{b#2RsN+059aM`F&{ogl{B6* zC3oQC2)gn9b_fKlGTYoBZ`F>ExGsw~?7QSZbuviuO*m$+^HQ^)>-pYn8}hxZx$+_T z|8Y=lti)tw6JXgnMnx#Y=z4-wFsdNcMCs;Y*|)wHz@XH_Hu{qXlU~UWKb+6IL_04a z-Le;KNSW21KWi-l;2xK~I{E(wEZc+*l=(*z85E&JC)*>r<(@lZM7+56npkVe=z-dh z1?1mf_jfny#trTTU0EW4EPl@p=`Ip`b5ruqTiYcx^5hd})Q#JM@5Y%_GsM&AWj@JX ztdJNMun{|wy$-&;97^Z6%~8yH?RIb8`RPuj6TpOqj_hT0{vlnDRIoAx9le8QD$Rj$ zD3YWRPUse+kHXvQ9H$vxzrNi4!umcgTF;z414o+sKUz%MNGs0^HO0Qcd|99 zjp1f*R>v*LUK#Rm&rVNIPu&|&t*2@}Xe&~O{-3qhiqPY!1ldxhLhkbwgTuJ-^nFCxjKt?T|Nr{7 zPzlp5Gc?{C{Voq^iCW$I)TbRK(sb;uJ7bKLuU%KHBg&*{7@aczw@|^Q0gpM1qvU4_ z1^-Zek7Z#JcD_H4a_CB<#ddm=$DUZ&sd7#^{td4y4gKjmVZ6Qo4RiJ$XWSN74lQ8$ zqacI{32u=ojJr)`EBWOnG+_TpS+7H<$7xN%|4xOS|MaanyUB8fxoF7!tzU!3_U9EX zwXD}wcJ+P%bd zdm?BzU2d$^=xGm-QSuwf>XJ#3w81l|a}SHV>$7<5C25RGLFa|nv$gi`KUSs)yO^X4 zyX1(U{+8*W2_BI;q;(7`Qp=7zXm^SsV+AzjJFV70zput}u@vN?QOn00{iI*t<-2ISAX=71M8^|;yX#Cv+HG$c0jq@}+=NIaPz1M_es2HNA zD~KY(0i*Z#(uP2o27i9QQBGmgu>zJGsHm3%hE*&DC!a29o(=FAY}bybX6&Y|fn#}Z zKK#!0zc_FLnf=at<9>B)O(_|OjH8h-)GAbAJ#4winfRgE`Mk-p_p!$kZOARXn&Y#? z*PeegC=g;GeN_W3dylhQXc$T5d{yn_KnV z(E?!Ed6xjJXdgQ`U<`U0=Cjq65jv0CgKq!!s#1?;dM`Hnjn_VvFbTf0PCcu{Qq7eN z0`{sFh06elmO51irbd}0y_9=9-@lw2c&vDJe{-n%K-mT?5CiYkB{tnT{uG@cpPB}a zey_?E@hGg~vgwC*@9T?pf4_?ZR+_t^79QK-=ili=iVnMDp9)+4bD%*eqjLV+2t0Ji zC@n?!DQa5X=2x0|9!bkH_I62tfqT*_4&(_ZizQ`vJpa-Li1eC)#~L1FR&fv)jI;wi zW~u^upsMT`82=`R&;Jw6Y%rBuxV*<Rn9V<4j9=?S4r&lDa#6j{#D-rxt?nz<5J@8w)Cbf#{5AW3g8vZuUpzX$777 zvqWlcPsi1J{5$g@Wi$vWz>r^nHBVuGu5NQkcv*n-wNuBUJXD#pLc>|s=dn*Bt_Xw?^V zix)eqzVo_p(3**{<#yUH_W@E9zoN{XO?fCM;1LPu|}PKHFJiP}?M$v?i@Ev+Cxnib#t`JNCbhsRF35Z)^7DTp#tkQr;BpkxvF1rP>U-=scj5 zym|BH7?`6>B=g*dlqY=w>+!-y4(bxpxKs4_EupV|Kl-z(RnUAqz>fVkjCc+ol2_bR z1v1%l0~8iPuK>Pt5Z~Y6ov{Lb(Fj`Qo)HQTf9{r3XqaQ>$JDCZqfVlsJDJ?DH=yhr zI=ynEYTv&W7;)_s8raR|UUE36b1eb&(H~+tY}CyMr4HYgb@O8#_QslyZ`LyL7GCB1N|!7S?@p{AKcD>Px%Lj%Y_b4*uzThe*q+f%{5XV z$7Mjuln~g0MHOv#`D3l|LC~1J*KG4RUW3e$tCcX2T(em4?O%C}7poXe#y=^zUcwdh z9YRxqRDhEGY1Mm`&t0yXBS4N6*B#qf?yFPAvXWXM;B* ztu6yxPdcuSV^$v-CD6G`u~dx(Nm^_+`x%byZ7_K?Ynz*XzcrG(TyQ?@4|;wbX-$-f z_1NjFDiUp!7P)39P3Gh+NTD`kVYFZ@bvpx|>CoDA;K-(nMUkPlS34tRFm}tV9RZ5- zU1XnGYy?&@R>`q~ZKmFM_KB_dSpD=Nz!K0{3pLiiI0{2n7oV>VRhJbyXpzTPG1U9nr6PhqG z9YngI51Io)7$F1bJ&^Amqbk}m^4!6fhub*;!|jwX4!9xa5{9aNeAL~VFO!`aHai{# z-CDLQCyB6C*;`O-ydZ`ZsOgAQ^g!Dvp?wAjMXIz&ij`e8{_9md1d_|ypgn3vXdyb3 z)2nf8$$%&nla7Q#y_pOYRT#=;DfP<^BxOeex~BuLH~s=(Q8NqcBn9UqSt0e zOon4%6Y$tSezXGUu}xQ$&lGdS8`8DiaM9fL3m|BsZKXfMD~BWN)lz3hLRB1m_! zVOczVA*35>zh9T0_f1;iJF_skEx-`O0a)U5Z$qjuMJ&TZ6^84|Rmvj)Z(Ov;CYu!p z|Jj*%UQea_!pPFQn^BkUzYmN3DD-Xk>Hh0cZw_Dh<#!kF0{RS${PG_3JO*7NVXj`Z zgq%2u&`;$^{4iQQ%bjL!IQx@qmfDDiC*R3w5O5PvZ3}Z*3TY|(ewQFhQFG>4mQkX| z^q*d&tXS5|j#X}a2L@2@fjyRJ3(Zd`Bs$oHFe3`>kuJ4G%Q1pjzFXEF)n08yADQ;b z3`_3?1qm1swVkyXR=7OxCB6yquv$jE3Xbzm9_t7v(R~I7k4WCY`#r4JvpS~bOYpSR zU5BEsRqjrI;yNO@LhRldYZgaZhVh>IuY}=rc;W|9$|%WNu8MP&OmF-8Snfaw*k8Me zRHKhAK9d#b(Ps|xTOo73$Oq!fHz>_IH`YA{SX@8Q>o}slk9r?fKY%j!vE zc}wNcTbJH@=JlpJ*qhiXzwDiv;-B17f$aYWu_INteD3CSaLYAyTOW>3c#i961$FTB z;7r2hrpb@VV-Qd27EDGO{Q;?5Rh-(O~92-=3n)v8Mx z|DnlxzHE-7QScur=@MP%5)*TlfwL?zaJASHPQ`rB53L(Be^XPcBvA|;v>;76eHOw> zjEy+TC6)R4^!d+{F4d!#76k;R!NVkkm0p^%mwOg9%U@T;o`cO$T@S6v{VigB?O2Yl zjAQot^X>s`AJD*rj{}`A3Xe-e?pU)+$Wj}#Zxptkn!>>K&I460tO<(AH-WegAUe5H0rQ(7L-h<{G;oQB4U(d z(JVJcnGbC8?*Bh&Tn7%_?fciPC-SGME#N7oA;jY5Lh*9`UXyBEsnf-^&arMM?09o2 zVdJu1esk;0kX?I68fuYK;~u_a@nR>ws=%2`Cxl}}CZtIeSdLaU2L@~@R%_ouAs zQ}s1uAw`G{&g;VYdw9Bp0Zo6RCW0%I*$*!@@i`X0GQh;~dChPCn4icxwg)se*!f+OaZNpX>!`J6ulJ?oBlf;vyJx=06z^cn{fqHG6aeZM7rAC*sHDI z3UpGWigCW&xo2? z0MOG`0ClL<;-%OBK0m+eaSB{l9ypI-yYSIP(2iBzdWfmsW$_EQ_hBM{HV**DAsFRK zCcajt@C|(!tL+;cbLjKMkdEykfF3>$Vj>mVPgbvYg3)t247Nw0K1u`yOt5i(cv_Ll z-}b;ZJtJEWVO+-!tkd?xu#Fz=xbU9wAf~j*A)8 zpt7!i1v#Pb{YQ+Lz_4E_0y{KGhWj5>ryn0K0$>hUc{=*UN?&79gPmx*mh&RR?Pf8T zFNFZVgxPW`nBm_klWxn%k3BB?v&1jwWnfB0Rs03-H!ZMZXhu%sim6fL6!|}6rv^z4 za_}R{ESG6gWCFa?E;;d>2e!IT`a-Wtt!KNQ93MN%#p`^oeq~iGo+uiR#>t_*{qUNx zVTpz5tnr+`9doZ?cjQv_ChiP1%FK_uA~#!W2U}=%lNp$9$~=YMRGN1BBnpH#ZHx*R_FRMsCCt|zvRV4{Izd~pqFV_qxEHi67C-tgC8#>r|n|p#PpNJo~|#9BE>BZ zzVzo-qP0WU(*Ztxt%sJ1cFb{Rjlwx@CZ==IgCj%B0q&C zieW*V^k2*P59u>G4N`n5C*2<8pFO~C$Ka1$rhX|E95mDZtj&i?Oj&m%i$w&FjBko3 z#>w>L{<~G+G~JGn{e4LIp9_eQ6NdvChdq+Zo|#v_{F)!&hWTvmxc!*Gk6FP*(e{G? z{>BJi(i;ky=ldGq*nfJf{1rseM^pmH_1`TohHGZ0B#NW8u{VO&IunR-%sy4(WO^+m zi+0eiLvYwB3^o<~FXsx@k}^0R1Zp9?ElInAH#_`Dn`EQrx@h*_ za_Sy%fHlK7Jv&L>?P(tx94a@3a9HDbLy`dLN3kwX?VX{cA4=G#K!w1W-K*(Tkmuc% z#f7&bRG>IZ;;bp~sObb}(eZ^P)^-DXpQI4bEE(Uq_Jo3Q#4$+HqfK6jIJ zwfYXf?Rbw!p}!G1;)TrcB;$c%pG3=5AxOvj3j0(}^}W;f`h(=q)k&}_fJ|3UhRm$MpyKc z?g@lCLGzM{^xQMd3toK?v!_fuQruGP@%L$**^f|glGf65kAE`vW=w1Q-CB`)u8=*) zB{kh3LZ+QIVxyv+t`SNd?>Huj5AO2h`&^srE&BDdRpsjZ;4{~RB$v2asz1>Mu`?zD zSoeEu-sg53b7aHxqnz7KjZ#^e0n4ZxJ#&-^JN!)SU$hjTfQxS6$LtLTrvH`F-K{MC zQ6q~1siI246obDbh=9*L0(U{o>CqJsWkwu>%n5v49sBH02TOL=t!9qPple~;d<}X5 z4emSNaAjTekFZDw<#?_D>U+pdvkJ2M4!%@UgZ7+`D%B#_KV@_AbBl^fnsNLiBSMJb z`*-k5>6~BCN&QA4jx^_moKjoWFGNeGbgy)S?W8LWMzfeAx@Q5rX%l}t9xG-UcevNT zF5pfn^=?PfFAQ)G(jEu7>qi#T;n)fM+~>e4$aL~AWuM}bf#Y0{FN?G}!9I~uT?G(6 z!WFX}Gc9Y!=Nw`TFR@xf(V4u=!U*%yAy+Q29Wi4KhW%fF6jC`&GhdM?m(?wb?5h+< zd&9uDnJxPQghPxGn)DE}oW6nf3L1_c&M;+lYzwt*qIHZge`RSa2Erprf@-9Y&jM~H z7=%XbX4+ViOPKA1wg(cB)V&JP+D>#1KT+&bbk{^Ye<>zvu;kZU{Y2QWHB{+(MeXU* z;OPe;G=32KK4UBFzFIzSu^uY>qn)H(PB*}lE$lmqZ3E=nQ_Zu_ndp{PPuPKz;wv~M$Am92Ak4@t#T<2cO4?%T7 zWuYs!)adt0V1&Y1OjnWXxx{ZHd|{i1D|#p^D%Kr1!U~)<`yYG&-ehvhS1VeowzX9F zhQ?oTPZMa31Mf&LQF+*%OjPVyRJM$V8k=4tqM1lVsEF-ap}l!+0iR{!@~e zRwtsY>3cXM)(CC@e&%_R>h#k17R_ zkhg8FQ3s=$nH;#F+p7 zE`Tfd^`8+@a>PMNzZDVYlLb}tvEJ+OOgv#&4Nt?`fF(8E{ZmPs*pCDH1Fp8S=)Wsd zh%>dosZZJOvq*z{?beOp79fx=n-4YVyu_^?4iG?wO3DHrJCaqBw`#OuJ-W%Pkz|I< z-Vt3TZnpN;;Sy-MN~}rd6AhnaPvg_}skw>2iMdnqGn%)O@1Eu-!}b3eci$r~tu_M215>eJm!Bfj*o;i|GiM%Sv*RXiJZ7upGRN)Q4MWAWI{|8gd_y>AxlE!s zjDy3Zi+VQbI26YsT0DXiU*20v0UwN{?HBx061>)w)lE9{@*aQs`QOS@d!QhN{i$*Z zO{ScV%=agGZ)?&iQ5k2u!3?@dqxU|QLplc3b>5<(gRSqGKKm6P$;8O z{i?8=_q0h*3>LnAUnK;1`dn;X{N1xET`eR9ez_}7Q^MWFsZ&IE`YS^2L{#}hVl z`>vVX?1LjTnkuoA4_$i(H(P=L4dedv4Poq)u=R;vud3^n&t01U)@Pm$e0(ou1ND7p zI#M3ZAWI&A<0ec52*6C&fV>(v|9QnV6h9G@1x?wa*l5SX65(2WEQWSj+uQRmat&1* zTq*E~PDx9XDOgpF1E*dHw4ZFB0reQF?5O<`gPKB0VT&KGb;rUB(Zd=fKKoeJuO(m3 zbbRZh5aqyInF9$Qs9zHtH8e?eR3Mx64lyIj0t(<$C?&K*1=MoJf!8ih{dbCKphh;` z4&W51gG-)Oa4FUUA>HbdMaSMu)%SD=t3I#(o6FxaM3kjZ%lVlc?w#@9Y=u&@Z?Ry4 zE$t~q-1EbjG96=5Jdj*y6zC&pc)EXP!zVElD-SrN(M$C%*C04Nktx4AC}7kpM0uUZ z8zuKgXJ{_S12~uj+1`kG`xT>HfJ3E=*TDG4hZT>7zyr^!O6v-FQxFWO&}K}gA+n`O z>8$acdR1}BYSKW{<(h+HaZbui>h)UZITVgQOs zDSQWGRsq?u7P{`%v_cT6jkA_n)RMnZX5WV<*1_A=1c^o$cfxtYD-UW@M;u;KjvS5#7$AaFw)6}DB2;y6();e_MVpV0z{j@R* zcI2|RK2d&6E=2@=YEqt17@;AJB1>~(JQHQIjvG{Nm~QBVtEZn&(o^=8R)LSWTrVvS z3k}1%FUKzh$CP&qz58en6*PZ;Ss`4(+ZGN2Xzl`0_^jT%3O)^$M__h(Y#FS!Y8+iU z+wCzBgnlr;Pc*g=;T!X0_zLgf3p|`1(TrCik^?2S}a)k3ErJItJv!r8| zz`5bYUTfyuvT%|p1X2P8BY8F9XX<9msg#qh_EPB;Ppl2av^x%{eSIEU`mnfbYs_P( zYi01;zvMrziz@_najCBBX|IE}9I6KH!!yjKprCvdeBXihbsvGSDm z7uIezdm10ZlgNKXurYYWZ$kn9_DRf^=5pP#ha`pq4`Dkc6d9+-$Ktp!$`}_+d|c(^ z{-XFJrN5Xja8`FgzV5(Z{y2yd=}wNJDr5D~`nbJL+s9!!|H8k9d_OCfQ)}=I-kNmJ z%ZaxuX7yziMJ_5=9Jehx{isjgEInb48(mBeo9FMrFn*+#-x=k}5_6k1y7tM5xguwW zWBM0g!dO7JKnU+EgX^|fnpaoNV=i#+)w)t zmZbGayeWEx*LBK28FLuyj$<*_^$*m4)t}j8p)(r9Aq5*WqnnF^#K9sxA$@&+s$4uu zWXasdf>?n}3lP#`EAirpw}9Gt(gJ!LPJC=Av3{Oa03=2%pGa73!y zwIiX(dC8Yki$HYIhRrL{ADmSi>psqCx-+Uu=~acTcZHH@HzAo#$p4!<8jHb3)DHcd z?h#!PrqbpLq9QO8`oTO`CUMC@%bx6TobKutKU&*ykJ%mTSNA4gRl$T3Llfxb7^xmV zFUV|T-(KsIyu;AR(1)_On?tdfk?u=;Vr(k)-ym#x@I;|um7CTe>L+AXB5YPZynNjd zn_hKms?THg&Ur_NC){1S$DMfL|ip*0Q~SKZ?DjR32n0Gy<^TmZr@tF zDPt{wt%?=|bHF}S35*n@!R^e<;-I)remxP*>Q0&Y(!YZ+<;uC_q=&N7=tr!mOB=>d z2QTwVV+LwF9 zm16(ufJ;?wwBUM5E!mc#yj%~ous)b83f4JdpM(^Mc^TyqOPz1mCx^BS@2kw?Zq3|N zwD$XxB!OurWm&>xzKpRZ>I4L!$YtcI{y%KhV8~PVF_99rR4T5Y#K1^bR6~;?3IZY* z^lHzz->M^@Cs-E9yS&m<_Z}=cESk!kfj_RW7>l;&8NHfZM_V*qx1C~rE1=FjvkN2b znk_m}2s{LtOOJ%&-Pkhl(pH>5M35?2{q|RwJlB&QxV@V$dRP5smq>@R1*UE*QKowc z{cZumfU_I{XJW%5tv2niPhaNd=5~-;pr;#=_796<6YKX^H08m`XtOtO znhPf?{l%b|@`d8hWZek;4WuUcgWGkDIp`@~y!0cGhYj80&4+SNoW>|a1hAg<4+G$p z7O4ls*&g#t=z2xdRuK3L59P9y)t~KGGY+Tn*+%Nk#A^6WY)Wd%IEeYcp=I;J!*bD! z!YYpL8nn(NvsA5SLB)d!gC6 z5gUxd&m>7y_&}q#BDVlOm!&yiLP9WGTBDjGemxF)>)hF9Pm5B*J_3gl>)lzh6?j7= z!KdDlF{o1+7O6sycL}A7p^;?O@|ffp2&RX`jO*YIRw0@aBZIqBrA?ea6YAwASt*6- zivdpl39Sz_OIh0g5j+#9|K&uZjQaV^y}qD*DB+QAg~RHvI6>Ldx`G`Pf%e7@l$L8= znPo4_B(M_?Jz)zXxP7XMWj^fl>PP&?s(aec*=9b?Mrw`+`7l}+Iy?J>T-r8Lnr-=q zC8l0CB=AMD$yIC$SQ{xL;AnpICZ=T`FWd!&T;x1^s!NotjYJ&!Y|&lTeu7i~@AHv) zw4f9Igictmz;-d@F64kspTY;q*cppGu4VK5Q+u#apj2ZX35vUe2-}d*3{{5QMd7MJ znnZu{m8O&fDx!e6eOB$K<=^Fqa|I^6u$5{_bf&of%=!fDjb7)=$m4xkPpETA-eJkR z(>>CfikoYzJk`f%`PT`T+BIX$r|g1mJbGK51rrdOh{KFi69$lZi5OYhSCz`~$fmSV z3CsIc+gKPGL4*~NVis*%7pL*(jle7E)tvpd7bk1fe`{Csjy^S@+`KmQrTf^|LW!AX zh~-2^nMdGA@E7$jvd7>K6~7rIx9Q_oi;3rcP3vCzw{*hp`nd+S50162iFgeMJoqK- z^fkExq!a#1Q?0ro;F?^iQ3D>kJ#M0iy3E;-3FPge zn_K6h*diDQ-wUDCU%p#)WXE0XR!VasS|A&JJb zCi8c&VI*qmJ{v$0Z2&I~RT#zZ<9u0aXl)0d0r6lhzM%?8vdcTgWqJPQ>W$LA=4EJUVW_{IppNZ!w>h%8gvamqh=%Yz;$wI|Elm!3P61+XAZ zn;%fh(nwnukUoDN0q>Rs0H$gXwd+Oyyez1XGmio+$65TSyV+6CVL~oy@Sc4Xh634o z8MZ#ZHUf;A-2m8r!RY6W-Pk37j!{3qFM>@y{p}wB4Tej(b>2NPDfY4nB~ZXc&ECNz zYT4S?J~aU3L;{fI?esw6?m{3~$ZM>cwL+b8bUx@+x8K-m?` zhu0zPrBqRL2ctXulKRA%_ISBE;M-6#1&UUrkYHz7(=CHCVFPj>MPv!o1wzb?t&Auq HU84U7#M|-t literal 0 HcmV?d00001 diff --git a/assets/images-for-sdk-next/learn/advanced/baseapp_state-checktx.png b/assets/images-for-sdk-next/learn/advanced/baseapp_state-checktx.png new file mode 100644 index 0000000000000000000000000000000000000000..38b217acdd04fb2430a2332946864de04474ae5a GIT binary patch literal 82308 zcma&OWn5HI*FHRefP#Psh_rMGD9zAa0@7X5(%mg3-O?ir-45M?f}nJ_NVjyuyYYUW z`}cf!Km5PosE0HA>=k>h>$=v7c&jLlg+Yt~fk3ciWh7J}5ELi`f)xD_4gAaW(u21U z$P0+9gs7T_!A{nr%>MDK9*SOK^ee z3r7Q;Z~%j}(d%Su{pxi0N`Q`TO@$Xnt>@WuR29?$B3nsR=YXyLAjH-@u&T)vlF& z(`G@G=rG^z2d3Y7$n;9t*GIp<1{21T@ux8QULJ>48ni;+cYb(;=UXPlriuCo|LxFl zFASrB0kSd1sNP^WkB(W)?Wbn+z0lkAf_{-{<6POK9O^^haqyiGvEXym|5`HgSt~*; z1S8F9?H5s7@OZo=99cS+Jo(e7Pos-q39;ZW<-Gp4*Q2Yn;xJSKzI{95V?TeKg}m27I>Yhu1eE236GCB@j8Z`L#)%=TTXo3$$) zYV|%-QX^IGAVkG?@llqqjD83{Ae)$@W_4_om48S@R#sNdcV78XT@AiCt;^aJO053E z4>c5v#O?I_V40v$F{??nRt2?1T|~4;H~+XPTvq_?Cf8 zK7^B^hqi`vVjOaHbv3)s`QNDsJo<&Cq1wwvCL^%^;l}%|g2C`UF@A>OJ+Pu!G zDHV0K;xNrD^Yl#@P`M&vJTz(y&{hzoH&U?{H-?F*sf~?SoAiW!m2r7kA~HhYaj}|e z)*VH()kUY@S5+xWFFTc?g}xygs7jTfC~+D2!(pB4^8;vM%pI%6JEb44#i~D77Rca# zQOs7VFWG*4KU$|zO({#@y1MhsgizS)G0#qx#|@ZR^x22`r5Iq9^d>3f$Tl4lA+uWn zf2KlkKcxeq@*#rK^?7e@K#<~>AJ1`<88#$7q`Ah~;agHsB}#rcVyO7|1A-|Kh@7<; zd(E`HKA6&i8u{Z_prC07$^Ix&n(S1|avy$sLZ zrS)IRorIU}PE~1y*4oh^>ULAgOH=zoB`be^IHBmRHuR78Q`j=V`+8wCk1<{CSnfj1 zA+C~tc&8a06k}MJszGjkzv*eBuDr4!r08W2CCB=2&&;Xh6v=Eb7^}1;m}pgJ3E4Gl zn+p9#i>^?Rpjq!VldLk_WhZRvAO7aZwZ$W9_9~6o;Pt=Tm>>V*aQ%v?{S*a7RHXNc zc_G1IbS=Z0aZhA@YrK@b+FRGteiPZb{~K7^t~+7E&7u!2BJ4Cl)V|_l^WE>W#UE3O zcR?ELo14|dsAT@kWhY^YAV!x=70BdOK>Cp_35s`a4^mv2f@Vs~ZE3$-`(iDD9*t(Y z`-<8mD{Rl3_6ck>?-q~UY`M@}Fq(OTl&`@swBFXH!(w);es!h#PB!b=ZWI|(mg|v) zJ_^&GNSL+%e7n+&8YAtA!4`u;Q#Fn32ZhJnFSEV-Z))~;V%zDXf@0bUCN8^VkxX8_)%dFlU;jb0|87PgTGm3V_s<5$<%;;ff#~FM@zm0N;y8l%l{JM*IVmXU z*gtO07Ab1z&cPq~W2w_tQ>FLzlu}m5cjwme3tMp_gUA15B@q6B0tgkM| z3a1F)o>ME{QTUyUf+R=1-*Tj=cf2tFgH^wY#?bd9dCq;&x3d~$>i({&8Fo#*?v%(5 zVL^%z3G75Ve3#B|akxTJ-vY3kEAsCwCb>{}>)`ksRdj{64@!D^&E zv!xScsm9G3e8>Hxlq~&c!}zS}iM6WPUG_Y?#{$#E?vN5YY*W>|HD=yyH&J2R^rB3b z-Q)IsBKi7$E^OI8r1sW9<;4&z*g2C{{+ZQyN%HRpsu~q~jCk~lNg(Zh--hfjwi|9u zRm>jP=4v7-2$scLEiUA-0$hm z`|@FlMU2GpJd7I>@aZnQp$Md`5~{=f(iZ#&S(_Q|X_lD7sgt3tRLm9#qD+~CFpA{u zQ8*V2;k(PucQ8BbuR1wV$+>BZUi;Rb}I5Wb^6HcqW{gK@CO@7OzLv!+_uDp zFRZ|`uEY-tUA@5|V4^|CAy3K{^zJKBFMUJvAqP}X^tINL+=}kaZo7{e`ait}2Mp1> zwo<>#P5Lx$+w=?HpD8S2-h_eZY3-dutu!i)FjRl9=b;uju`E z))Qq`d!qEY&SN*<@RUC3&P@yI*4ZHWj)0wJa+l#LfZ>g-jSk%9iM$i($@2*OxZ$w{ z32^dF=S&dF^FR8o*)F6$kSV~3Ww=LMGhHNM;OX0Q<}}K}hs<96e~mTgdp6(AhbG_< zI$5F5d~4iokYo*+e?J`Nt$vUPFPm$ov~z_6q_iQWeEE681yZpggA= zIhitvCGv&{b}+=Vb;SJ{*o$JWX7rEnlpt_v~fNA{7v>dATU#EesnE-n_SEc#Qv$bK@^}4nwFl5!9s!=|Scu5(?V$brST{ zq(Wp=j2}FUJ|=dQodK$Ls)a(A8`OB8JFL(I&dGRReCcu>6V19Ffa1X(I&=)1>kqY_ zEm%|GLVg@9_k^f1=gJR=)r1$RR=@kcvNMesX>_(&PHI0MX`lV;EciC$X#dh(cM`a> zZ3m>PH;ytmq7KCbz8p`i(dOeh-RfO0>uKU6g7m~;Ypl4z5yd&xyB%5 zwV|Tb;8}lmC*j->_Hg*m_ecdeDg%+QU&|&Av199a@^m$%Rnh2Hv||Cc;X~eHlFV9od|ySpl+ShgggoA6g!{LhdsC z6K$ON@~NSLH4G$A;6LL;W5_Pl4+)!;MjGHA=Lj|o=&hROHZ~6`G8VK062rWyqFJH$ z8aER})${e#@PPt_j5iWrYvXPu@xMan%lNB>QJ?{$Ah5AEASfIb1Dx@Xg{bp)>KFYY zBWoZ~A4TYNnKt5$TCmty0q9xorgs8r*l!1X>!OG_)`Ue+7~-7Ph;egmb4BrC+vW8O zALS{iosgr{id9zA4}PB?@ra;9oW(NfeFNBXMI@4+kHSQQ-()C0tg*7bCL5wke(WHQ zGcx=fC7!y5MhvB+VU+YHf?V6f<#e)f7^3{L841auXOM))j`LNI1+9Dv=kBng&oaiC zb0G|mAz!>b%hVZL+z^9I^dU10H|q&!c97yjVuj|+cNie8Hb@C(4o8CHa1ySEMA>p+ zQOHX5LgINi!&FwA9+~Znh%ru;!WLArk!HnAUdl$NRd&qXMV}*u<%UG$wK-nY=SV-o zF>qU7WW`_+XyGlt3?Q&_JSJpt7Q=nj;|oa)K@kbAsRFr~7~&9=!Mri$i063#S4!u! zdi=Y}EuvNsUXF_uX&=U!E8Kxq?5(HtjgFgJ16)s6*>c#&7570(@ka1ul5ArtJjQvF zi+%%Qnccmrx4*KFE-Bixh!LiA1L`T0pEBeT;Hh*BMd=?z7w9X#Mh!x8(K76s!Otb^ zcx)}{u|1gb4T5Z~Art?HV`8YP?t>aT)$=kW<9UoKhpXNC49iEbuI>kJt>J~?*qHm; z=n`Zd*pp}5lYUapA)sBfzZ)~+v($VJ1rSls5|hn^#0mzI&YO4$O_Hrv052}MR0l)m+9 z50R4v)@d60s)wt+R)j^XaawR%F1GnPp1jhq7YSo2wk0NQ@<1l*7#VE{e}Gy7!e4H4 z$X;5M{@AvN`ib(;qp#Ya2Mv-MWi9-K9Ee7iOI;S}SYcvZ{&1VuVE_r@#%qE=#)y9e z`Ec?Y9 zd?etp%N0GIRi~JkQ7d{Y+T^zT-Y86eObeak-M5DvVSWl;9WAt~mNWRly zmF@Rt3tn;Ea-ETw<6{A&FF_q0Cj-R ze4bAUQnZ{^^1iDF1vMov9=?m%kmbxOzA7lDmUl&_L!$JjWpJJMnk1P>1`zWzX+N+7 zx>#)@Sm2eo%9N{2zFsk+SN0c2gTh!2aZTOGzElJUwX#|8g<=0mXmKPKS^#fd$Z0`C z%xt1i_LfuYVg~oTej-Tkldk-B?k88!if=JpqrMo>-g3+H2@q**bf1pi%% zmMH!A2g9M%I!K_u=5ALC)*L#JWo_k^xra_vy1q@apn`ZzcjNmGZ~)oYo3%?X)Ijn5 zF#0K6A46`a*s#$4?!~x#bMhOEmjvKl8IST$@C=Uz6r|Lc6}Rhf4}%n$=|kLA3D`M7)i)?*(5z5<%w?VF>+RxFP{@DR`iDoY&vo+qx3(EhI<=G}oP@ZmO0UlUbK`Co^x+S7_eHc(frS-HTaUX{hs46kNEv}5oWRjU$* zg?!<1RKeh{tac1^uIDk_b|&}R6kzV2^x8SG(e0&fM7HNEJu1>tOHo+AY%ms>X)d&tbux6(ZPr-OHT!N!gjaqCmAy4Ujqm3 z50IyR?d}M5^S!oV-0^BKcZx={$U(R|6!2N%g+UonhxmNXt6X-bUJs9J4H=iNtb|u_ z+RaS`WHK{2XfdHj=JF^Cp}V&I?Zh;{vZxzddqdvcsWEauU|)HphCVBc@FumGg9)!g zs$IFDrv2&THH+XlUV>;@e08(A>pz{472HWY@`ng$M(bVe?7BW80{M?JWSMyHzTw>xTj_zzRu#@n2Y9SHqj4-_by@EQpJ$L&W*{f#mve z%fEDRASNw7Vrc5PnPaMw5DiJ#x!ga79i!~LjFJx_wK+ufh%j0ynbi~lSh);DY4&LV;uW|KgLF7p;Z zq2{FKMjuh6B7Qg&6$zRq+%4-Zn>zR3mwni9AJ7CV@Jmn-bG@gD6~1kFOvL^T-X3q> zW1MT~a}aVtq8vtO=%b8HF2GPf=Omx`;PgrV7qg$~j&Cx!`=e}uTc|WTnJq`5$Vk)- znSlZxZG-nyV*7I3DEBaq(W6&?j1;;%YOmY8&+Jg%%{RFw0o(`rJEyjG-NIbyUb$$C=>>hUjgXcQtO=|m_7Lw zj?XQ{yheGtdyLCLS*NNSmqm-Z&S%~=_?YZ!o^tW#ic}2s-R1(1h3m(-k(|WCn zX{E}0)zZ4oatk*1*CnBlu=i=1bF z4B?)`3~+c(?;yVQES@COX2R<)(GxLzr1N+4*tjU9HkrN^(@n0Wo?U~Vvkm<&^2dr* zdpbh&nS-1MJ}1HdEUBT8g5I^!9P0H#(&Q=#i`q``JkDYr*L{}LjJ{+4r?!Y~j zV(t#Dn?ij;+lOq5#5MKU$m~|VSVa~pm2%=xmGzQ z1rlZ6PL%8RoZwnaJ%R>IAO?j27Gd6c@+6qR@Q{$0hLzW6c}oU>Cb@yMA3cgY@(KzfMZ-9h}krVX_Df#R@-`VOZNa=62gS5pohiKkIr z2J1FIPXllHY9s9Fno!7o=K@Z|QJL2pE5KTG9oX>E7S=V=M~O8C5oVKjevJiZxGXeg zL(iyW0%BTYYPgJgN9UYoM&~^UTzqbYK2DL~yHHIWGx9h9SG3A`-qUBFHT+RM@S$eM zoyixCu#9Gz%fnHm%wFWK&CHtI`jNc;OGN=@pL~vY_R1>K! zzo^B1ui7ULrO<&eOE66l?GEtob1vuUclXT@Q)yF6MLlt=M0qcBKz$Pvj*80+i>RIn ziWzIS7$i@eF%OJk_{hH-C@9in5GJ*Ei5};nIu{tTZH|#GLQmN`EtPT1Ma8x8%?J6t zHXhm(#0By=o_OM>Y9ZWJ(-OT1Dq3jtHAtn&#j4&pa_}kBe@G2ofI+*k{!fYfI zkFf+^$MpNiZGWdJ5;{k?(W zv*RNrf!;wm9>v8VLQL!|?66WIxT~7l8dH?meCvpH`XU79`4?RN$@O2lLzIFzyhyO2 zpd7rB3_kHoN?c~6u#-2C*Zh0n)c7Ux;wTszs1HjidiKI*{h9ANG&e}%$$UQxr()56 z(qsiJ&-ulDwRwXLAqzhfVHaLFb@mZDwh8xn zvh;hu16}b83-3WoGJR*Tv;2o3WY}M#X6xx_J>iLP9-D^j`pg zfPwP3ZisN?R{*N6!?kP%0=4H;4dbLMlUp!qMIQMU-HfT~7aIxmzequQZC7>(?uZ;l z2_;AZ05{VZo|@D$YD%~~#~f%B4C}5?{Y*BqvC!HaaXl5ZFoyLYp#n9a+U}vuAzbi< zMWu;gY~gLZQ#i}=EK}wfPseB@Q6S>(cr*s}N;gZ!@r{f`e`758;yowGED4B(7{KvWl~(zMo;ih#}3( zP`aqe46zxa^xO<8b3OJ-zg$IP~ zPo{APDu!iE@w{{&+|!z0yU!dqFrY#h1*!Dk9xp^AE-L8ALv@Xh1K`Hu# z2!m$(==pmX9ueJyazPR}PZ;xkHfl>@cwXF?7v#(v=lvi4b2X)woIF7bUTb5?b!#~L-Av(MC z019x;k`zpzc0g8FdVZ@ff-ToG#+Ah+FM1IL5m@XBtiR7nc$BmIBuIReHS)*D!M4Py z;r@iH#V%7{a=<`NeT@zl-@V}5qay+dy7twqVvoDNlhRw2ttn)$f33%4spg=~Ch1}* zdiJF;4t=ezw)d=I9jrjV?$??Cm2Lo=+rVtSea>_pC~kh)mDXekR-x#877O_$S_nt} zk`|<@Sx2yLL*1N6x?M2UnU3%u>RjlVminv)`r2L{#@Wf0+jmMS!()}RXYVV8SQ7GC z%W2O4g|R}yc=e$!n|Rebk@aZq6S1oG88dr)OLnugpco!8PfsjeQRipTN54oWbsfJ< zhkn}40+qwIS-)&^R5;o!4+^afW532|=JzhqR0)qMrs<6G=&aT%Sl2YW+Zoi}t2a&B zrWy+l3${IL-f!b*LZY$h*?EMV6$V4*B{lb2`GM;!QaFAB_}Dc8%DP0flJhLGeIR8p z9gsub+41FB@W|tt$4C4U4PZS^h*$a-itO}4|3zP9V z!S7LLG`i<_H}D(KprkuHGGz95rLlwdguUsI<5GKQiFo~U>8SuQCNz`YvhawcNlIQWuM8Qh?puYv`db$13RuGO*T&|`eSqKZPhNvvXM{6 z1gJWqZ~SgfG)KGd0a~{{l#Z&jW=GVmc%XAg8u`2!6QsB?`)WlB20D*K#*K4X9aJ*m zMn*Cy3XpNLB}FC4G6yrcn*1Jadyx{!4tz(1%cc% z25@;tVa3;BQchL$%E6!&l5=sXDPAnlA`|x0+iSn`LqP{>3hsd`z|^f~xi7qCGz$n2 z%uM1AKp$ABMujW|C_?f9gUIfAXzDz~h~0jqNA@D1X_?<)lw4%1qJ8IuW}S`ps6Y1J z3NfVAX|-?d<#VIpV4kbvO_Oc~M&;ZOff(3It1$JtaXP0Deh|rp7EfC5(;d1J)6wA} zr;Y%m0&JDJ=M?C!D$h~c@zOdq;GZ2sahjaYtpOhS7#{cZ6Qe2}iZQ9vOr@bPqiR8v zRV)K`2t(45kWJ5d`1ueIwg)Okpu!G{4^p9C@W5X8s>DMjw_>txh4A0SIR{IkRv_s zz$_$@&f#{balDR@b5O_@@T`#C%r)#FeAP`%cv%gKpgRbbZzi8}!KU!Ci>AN{;g4dC z@^tOd&L*O6P9T-QYehZ|5T#?Ep$Xu31k2wlec^VGXTQE;SU{Szz5q_ zVT4R}nUM5UZBYROD*M{(?;^=2Og!mH=ru3DUa*K?w2-fQr+yN^VVC-Cfmmx~YM;19r%oxMzfD9wH$dq}o&CcL| zeGsNyC@S%x{%Rordw|^)FO5=6f(EIFB-}~L(5qb* zK`bT4ml(H^BvG}+pCY-j)yL^OTIwtn9HSsMZy#o{W>BKx(! zg$ZOLpo-xJV6r^+cY=YyStV$T!myBK_)sKdraOCkE@D1@lzZY5z!DHX_G%*d8nj6& zz+DpQ)*g_N+CwmmDEp&NggbBGWn1Q#0w`B*rdq7Wul);Uj3-Yz#?Q|`*ggOK})0P|M#SP|q&O>x; zL~G8&hqg=CCrvU78-r9)xbZEA zb3>*B`xoj#pNR6&&7G&BCnaj~w5LMp4~NpSQvuoKkq-@O){Be7$ANYLxekc$ERO^} zgD3)90lzO3szg<6;lVLnD4SX$vHGLNcLOunnT{eov--8+$Z=i?L9nu7Omr>3QBFBR-XnajYwF1%+3P|#g^t=YnR*7J|KYTMp8)R zE{6|#1mmbuv9k)^P3AcH&bUx%R?2N{SDtwefqGlMfTswVu>{D)KK4!7$(X4NroggjFS z*+y2^_e7ixVfbtsa$6Ig6EE>w4!U0^u*|lj7kToP;Wxek#poAwu8o$P(^+$4j*z+I z7bsb(RASi*{~zK4#1ub$^~!iIcW|*MUye`J2YlgDJc_}tWGuUcZ(#QY1h2u zDyBclh00_-^UvYjx8^$>MIt&Jab|bCk&d{ma9Z#`==9uFYt9|BCSq|XWVUJ}wCzp2 zvuhMmAg*jWn`IMzZ*bYJrKE#HOznxez?{mapJc;lm;5-5y}2BHDEB5?bzOGP z2h~(=KgP*04MXMgnyNvqH5))e0jZ=#Ama$I5|z0Jl%oKWW_xo2So%JWL5<`XGOu2f zSdG}`E}Nd|%0y1v5uK5IB{tjH)))Qhb;*IjO_;;k#j0zvw?6J^+wQxU5|^j@G(c(` z$6ekm6Ks+3sXnGB=7x^iaF>mQry}`_8F_q#{-tb%o@YhGMwxcATAiJ@651&RUOfbF zsPU>o%uzWLlW;)39Z5fbgjzlS{dl_5=?)PQZ$tA~$w87@(cdD%yvK92_kA_ANVF#= zU9#$XBq0v>5G5&8TjGben6!pr50cV55sUp){?%Gz-<3ZX&WBnzgex0L=?|b2Q33HC_#uqm~D!(`lnD!br0HqEn`%tZE zy0FsV{-cE}slJQ7i3++I(3qRc$X`S=x^6aF)LbO(G=oy^sgH^5;~ojl$ZqzO$X^h< zV!0^n&5M$Iz(2ms;G^8TmCCx33EMKuKRXU_x|$EU<)~I7zv?%+n;6Vt@x*)ZU=z{vn{fA~ zsLR89l6VwoZtBH_)3_8Paq|@I8vYzBr{`#a7YvBa<1${>ORF=4ULi;9jcVf2C?KAoN z)Knd$I06@>qnf@e{?mfuA$8xLcaqp{dFo%q2Vdon=h4D<;|`o=^-=SsZ+ft7;s#vr z#iz9kc_SuU0=@B9ZbZWs)dHu#FjeYwY>8$W<(MYD70LY$iP9$O5wg>V_>I+8CLwY{ zG)k>wqC#5rD$f*1DOGuV>HKdTHFSh81Cq*)8w4glhqW|sxbht@3vJ$As$3ZDI(b@; z$ZSHFxOzRkg{)Nblg7NNlLgdj3tG4w;iPxF;g7TH<%H(1D;`_V%b45Fvgm5EC1XVz zqz*HitRzNn|Jg&g3ojCwu8GEPsQ*+I8ZU;w)}4V!tEoG`45KSYi%C&Q&Uy8!=hKYv zLEL7Bf+qjjI>pFMTF>fN>C#?2tPDAXQwY{nl4naw%gpD-q>}3f0hQ)9tI35$?{2Eb zn~ETVS!R5ZLLje32RduAPbTZF8j5Uyx0MP6Gza-}c2k+#BrAPgELxB#TB@Es8LgRC zeH5hFCBWV(VY^2pY}_ErY(3h9u-XM;^CYC;rry%L0{M(OwjW!` zx~rii?7f?#)$F#HS`qK3mD6iIbjU0IetPM7rJ()FzkJToyUp5b3)@AjY|dVU5JfvF zU!J=+%l#Hp+TbzQi_~irXz%pI6_pAfAM@kkrl;;=g*j;3n;mc2sG)va$%Es68rgo$ zcq-xEIHuKY8FXvKB867E%3Vf$qXo_XlKaCf&)T*CBz{8S1*pCu5zHtf4wZPcf8 zvuBP95i21v5>HQS&2iyyw{|hu5|+ad*5dwpt1#R06TUM22ixU5s@ko{U_ehJ{}yw^ z{D()PTaQQ1{;?b>zBX2N8fB@*@ zpUei|z4E(0Z&x)3<0=PWW?}jJ@%d_M4qUYBy*bN3KaW}S8g?#2{d~$~OSDg;DyH_~ z1X^Ok+K0U2(eA!Z$x40a#eN=()Vgy1jHH@s6LWn;Adtsea{@iW4PI=US21h zf9N&#*RK@$imh@Z$KNMLD4Pli^DwVz{lYgM_&xbLoh#*%U`{w0j$IqyDJ8Mq!UhwE zf3{2u%YPr-&hv2ku3wYR?D3EmuidAzH2$0P>>10!F(Ed2AX8Q#p816|Pb+__3-_C4 zoz#jdWrw ztWQ_IJKXq10B)Z~V@S58W`GO&%pr7o%SS&C;d05_=(DLp3cr`zAA41VB4MeF>@h0K zmGHbbZo?Vq&gQh1#}It0BPGcbjgqCrU7jf03jI-Y<|fzui>Es}s%g=%O=ikBnoH0v z^>r>$rJE%kEqU>~t&cb^bf=c~6FWA#H+3zDzpg~Q?jhRe{;P*((|5a?PD%&p{Zh!I zSMJFtN9Jk$knXamcs&!6eXbUlJonuHVfi5uR}WiK6<8V*;%j z%i$af|7*uoA`bI6SU1BP53kEb-uhKf{tr5OE$EiBRo`3@O)4bWms&|vsQ5j-mK)fU zbKA)8Y7sXUcC;7Db=W;;g%-|k*7q_PNcK4jm1J`?rDRrnK9azS-?n}El_C5S80M9I zIj2us=r4cg+Rf!eSMvB&9k&K^!5IFb={jG;@y4{`f=+|M8rvu8MgP0#U!U3-l+lwe zXkuasLG8})=`1zu!G?sibjIknV24Sr7#(^WTy)+DRI<$LC0m2IrO3s28$PGrfC8o7 zJHMOn0RyMCKTR)wJ!1c}8|@@sKoY_*Fg;rMYrr^eF_50zIHv0ns#MzZ)=8+ z!-k!f6{deR5g8R+tu&&U8~ALHZwi`x)^7je-Q(t&udIM5So;%#NiIr%dUn?fdv>C5 zMIS>RZ-8a}<8S>$hW-GAf&1;J#uMi0R+EgtP{-2x-mS@kzFWcO{+TRl;oaC~VUvPi zK*sh%)#v8unadO`fJ-r|TJHo(*U4$Qz=ZcY&mTufLxH^Fq~`TFn32hsZT*vAR={Z>ECyeKfF?Xk9NFb5u`fneo~pV8x5rjSB`(?4^xp}+ zv^nM(HCdOXH#@Qj*0m>d1z;kshsK6zI`tPxUp`4cKmjRYT-u8pB z+w}1nlt+^?F|&K1xMAuW1u2{B_5EPdZfSD-GvCl&UmW%DX8*A-XTQ2JvU&!Rd_ry) zX#2JQY*WBEe2*%u>tgC=CEZE6xa{Wp3uuo_m(Gm~D&dWvhnsjTel&2+h7?T(3L5^5 z6huom-&~hZj_fH{kh83q9u!A%*{}u*#MERkeP#zZzMo0-^Ioujq+2HkJ*-prE%YcB;gDg|iF@kPA@ zOR*Wes#>rXk$JbRg!l@H>pUG^NCHXpXR>_ipBYLomxDi&jg&{x24oUjUj9C|bOrtk zQGwP2*&maoXb<~Ha&|Z}h(QTmlF8@EZkLB{zx{|{$XEcVZ!ElyH{u!PQ(i7$D^;qZ zc8Uci(kt~9Dd#E1QV1K+`)g@&z6!n{a2%NVD1I;TQ2?}{u~HItgzCP`cw{fboi4^_!FRh&YIl! z_sGUCsXiE#Vmzou?h3;Z_WtuNLYht~yM;NtxmX{Q9RxwpuNUz{WZ+A+`HDp7Bk~>t z9MMoTtQv3J*qyV^#t-&R9Z?`9f5_ZXfFrzftLL=J{GuoJ_WcC$g^t)Gm*=zKIpipK z9gK7%pRtToEht1XJsH3N5ho2M51p$;0+G%5UAK<4d1KXkQm!!`By$*t5k_U;(zGAP z>*j%@#fIVypvXiEB))_BkED&lx-?!?F)WwoW?-O^-R##VM|mKI!boN_6cVq{^RHYS z%f3KuLQyPj-M$I)&Qv825pEdKvdqffu;7WfdL2GI-6LR)S^+N`hQ*FMXo{$m4(MB`mX{>Zhmsi+4=`L`iD! zI$@%(fA2y6@5UCW*oAV*?=Bc*gp|cS5N`2*_yZk)Xuba6CQbk@3^dgM8<2)NzV-C}gK_jz z&yXNRsu1}NZq%#~_!zr`Ks7q+H{-1?0xlN->mY5r3Eb3EAwbr$a z@PB!Y*1Y;N-g(4<1OPG5jgY2`^6e1;{;EIn;vu`Zmx z!E2(+6l!lcLr9Oz={w2uMl*h{{uX0JuFS0{gL9+zZN3y@(Ke_EU z^)hG1KW{2fH2!_h_5Je-XQ17L-#;&vtK!Z7<0W%S5@-^0MXnt{y#d20LN?9^D3?|m z2Paw{NV@!h!cx!y-15I&z25{e1;9JMMQA-g27)_#DK)U5dm-cful~Ekhjd`<&*s&y zHUJX07zH?89xLjKcMAHEyouWZfTtHBcqj~v*Ev`qDok~se`LUYMx^wi)llsH|I(?fkNv-1lHT;pk!}*H^nNu@{D7%G(RNDKy~Y=o=}l<|EG0e{ zAUfuoB`<0kwX!7#LfOfn$%QdBe9j9Lx0%H%`F)?5)JrlFOa02F|E=4QpaIZzvbY!G z5;1zMUMDg@^%*Gg7W<%vg=5JOh~rR(LXQU%g`!LP*~e+W>Y9fA^09fE_-v0uZW7V@8blBf{!;x ze}Zmxpu4-s7BF+}fvDfDS0q9Eq*@8ElLmpM}KeHWUWD0nyv|X%` zTv)!g79RV&XjjWa%F&vp^bAf8A<8@X+8sGf#5QaHx0eW2k}YluICB zQ)u$JIK({Jo>X!MNvZID)^%}q91Yl9gy3%~aw@BS0$cm_;UDl2Z2JB;C(dB#j(EP^ z|BiW~t`N3duHu!&^yC_N&x7`8vHURLR7@$Cg*kvBvhzRPnXU$UxhBAIpG`|C|_DX(0ExHY6%1(U52>wSSgz+H;c`GwCraY*%5Skh^ zFLrlasamLL2!<+`FTm-WLn+ZzHm~;2v3oIqTxYdXA%lCD3{>OQ=S-?YvR}q@0-2t0 zViY+Oa~3?jh_T$#dHAUc*x`zV+vXDwc$dJXz30Oz`Q{=J%)O-@KzGI3elnqZ1youZ zKUDiKS3k9+Tice1$T5Mr@`Nqx*%A>5!Tl(DzU%gcryUsCgVdEM{KtlR7^J)oBIW~` z7f0ar0Q(M;9H?2pzoec@5y*T5?jWnIw6BgTCJ_j@So;cqjZ6cp3BBL-1Ja-sJ==`@lpb#4Agd>-jHMl51QUC28c}!vT)J*Ln_&Z9rcmRm{(_I-?K&slc+^gl3%J1z z(2(4L9Vm~Sa}1kRJAScK?IwF4sev7g4u5}(rV068?tz(neD$G6nR_z{Oivh4$M~?4 zMwS+13Mx?3qJbcJ>wY#50p4-o>m28*(42RlPDO?o?q5!TcW>ax(LyCdg+k6;JkEmQ zm?C7^`}3;z>3h@?5eKFxWMsYobTDi?xx3xJ3ql0XF#q$VAdx`ustASdSc5n(>`>uHLN=j7(O@(lH2Itwihl|4LFxTl4TKTS>jP2} zuHc)?G)DZ2k=uX}X}Q_lE6f{})0HLMTq+EkECt9x>kU9W1Qlt{5d7!6RRe*_S?m6F z36>*p*+IsQ2Zhl!nk6FdK+ctodhZp>j|w(#xW#g`pnn?3_UGb2)V$bAb^|ZyFhFJ1 zYj^=XlZ&k7!d!piSxd^H(qPq1020aonCqiO1jYDsp4LwEQ+<(?K)ZIPwpYEnJL0&* z>1l7Lq7uL6HSnL@kJd*6bDb~`=hjL$_wpQWj{@Iv>B_rVsgkaCr~nmJvhNMm=ysxE zASh{4n|JGGHQaY+P72Q7gF0zHUn1hE9b2(MYZK6EOU%?-(}QW{7(MrSSJ|x%An2wB z9tV4=RVDI%vSL?VAB@=4t_)=9+BGpQ7|VdM#MS$$X`ttRU9kWrgk_mD${2t@%l-AU zhdS@g@i7{wl>}fPyWi_Q37++F9ESEKXwz?wh1zCr`6%v zqJO)RLZvoBYQbX}%M-{NeA2}?^nvFtvG5c7gO1H<(f6!(^=Inp=P>dFaJjJd&U}T)&us-^5B4mK>m_r$AlDgMk zgJa*p6R0FR`@GI?xld1?Y@Uv4YpMcvc@(OVN=Ts>oYd|%J1f2~e6}j~&&b)7+8L$2 zt5X6sv~->{dL3?A?pf0I2(L+gFx}XgXwwS7U@+3)3fa^x(W}{5re6Rm+WX+3{g|tn zF^9m_IZEXwT~O7}4=k?_n$Fe>hXGXt7eYeK^J(Kp%rC32 z(}2=dh^hd}UxFt|+uMkDj{?>ed?gK{4MQqTxc268<5pLixPrSqZ zijRGD;p*}{4?q-qYxx;xLeyAk;1xW%)r;8glUPWqNffqvA?COeo~xcZhFD|ziSUCF9)Rhn!jIkZ@*)+L;uMCEj6ooUBuYe(HTXr z1};ILz(Fu^9n^+N)VCsNj{$4n6zJPm>)2h^M-A4fo@7=4T2n80_??VOJBc5m#nc{I z{;O?XEb#{Mncy%adYnuB4JRv47R>v+4^WI3dVUzIrYE&Cc6d5gqECO!LG|hz;Cui! z&!ed-8!KeS^THRjXgCe4I0Yr;-OY6omvtSFr3lU$;=?W`Kb5uNJkmn&20(_le4R)>q|`o-_v(F33Zr(lks1&-M&0oj@kRo^&?3d zr+4CqX;1uk-!lo(f{!(}Bu6H;CS=TX=nOGgFMs@T!8wo_kqkW^o;y3*;sP0v;8YV} zkdODxd+jugHz#jM{xg+Xl{lO{9k{%67Q*p@OsLg0^5Z?~Oydle)zUf-zrVjJDW1Db zjnI~*NqJRC?scFZwq#OpVpqdK!OMZ7KU3h$}vW6D!pM)t4;Te+=uA(vt2int5sxBV~5xdcHND9@KYyJNEZQb|$IQ zT_7hi@QI+v(+BUE1hKe5Pabsv4oeoeUR9D*B?^e$f5?K}?FQI>Ck7-Gb2AY^rVMvB z4zR>?A1u}{?&7k7x4XteB1Z6r{^S8-Ia1he)%C2~ys%xnK1nnYN*YBP`>gnl@N&^J zd-jO<1tgfj4#cP|*4kr)hT^AhsjiYg!`Ol-f(1i!o`{n*Eljj^Q@Al))Bx45(#K3>~a#kAY*4`n+{zxT`&}gQVD}&sQRr!|l1Zv+z+X z;Hrx0N|p+^ZGgUd++*eF>dErcA^Efpl(wy;>5b)x8mpXe-=)NKo7{#!}V zq+@0l2(v|elO>Dod4q?1iA6+M1F*5L>SrqFz_B9BgI@DJThp@a@>5&{mTsf>>8;8k zkxZqA+(mwZ%%HPUY7G#pN?WZfc}e`RA6pZIp0<(6STokQ7!~zA!=h4@`xQ6n~^QLQ2aPd&lqt8{uOdM$DtMAOcbW zr{rraHERe)3WNfkEdgt6i~ZeQ(ia9+eHGx>~G_J1TeFtUB?mYxM@ z^)+e7&0MbKN6tPhZ`o8OVpYtRBt|pKUDm`paqJ)rws9e5HV@mCLvlYI$GsZp_>{~G(F_|t3%tFz!MLA+x zN!32s!QO+-5O9S?c##}%i)?IEEBy<&A6yY`1UG|g`x7y@47E9|Zt;Z77w<>q;6Y{q zhl+qs5*$_w7{G?%F0n+Kb;j%mvjuBEX2N2D%Nt>Fk}^AtOG5=r@NT(R*vwxnV79q=KyZ z*`Ox~T;$*1)_4#t>4Hs-$nl>AK2?!H(a>f>6Ff6}c84h$pyJ!sPdTBNX0Y<02f~wkVeGI>~EJN@9eoTf08C&Y-Y)i5(=W7BFqkxA_m#*ltAAh{qCE@9(PUu_sfr}> zN!}k@TosdlsU?@Z(`Q(6_{SGxhi=-az1L}dXvDMEw;PE?erM|K4A#ed56$1-f96}g z`Hp{Emay37j1ks~B%q2Y!YXvthno;|s)VUSoc)Pdt6ykxT5}vo{u99ETS_L7wFw@c zO56DcfSi;aoW>X|_DZ944{fZU4$GYk&u$j_+AycU>S`Qu`wj5R!sFVYVS5|^BEf56 z_uYkqda=VQAd-f^*l2&94;yTeGcT*GsBWx53uaR(YU`2M0{ay$bvI zYfaWa|H%C#pyqdpze7|ZY7t|K@2puuI>mEPAv0AznSr9Hv9({Rtw<}0F^By530N0ZY1t6s zb7H|FhehKq9hL@_r-~*{xLz+{*G4Avi}Ti%{GP2}l19E`C08W&=MiEn4~fFo&t`KS z!Im94G@o0gU}@vg+tDyLe@|)iX4geYnT9$J_`*40s9}9)0{I56JbW5RSN}iqp-%Ov z@X#MeIZdutbtTVoe9)n{DiwqVl(e_tt2^nd4I}9#^ie=*G&K{*>qO_@F5MhO!LtTZ zjs0Ywv50N#&KH85)}Ef}N$BPWyi7$8RrPUEX_;o)%xhr}EfyYPGHo)XeNcc;aLya% z_d}cTPt%#w<1O(R){bFuRQR(@z=Sndj-*)}d2FMZNs*DGaP|hI?ERh$a85XMyyGyp z&LM4f#UFy@vF}P6SSW~wI)6(D56M459=~FfNaKWiv9i<$bR~B>m|xzyk0@Cat||dq z(Z|Qzv&-33=^|_kQBraEV@@z2VivIb9DvY-B77<{+vwkq9l`#{Dr6J-=WV>TJzFbb zfY0qTp7TJtF=Vpl^YIh`ENMi_pVNBnXUzLk-krVAQP3lChuwAGu0by~kF`R?heRtE z&BwHNMbe`P21D)$XUj(>i(VCVlxqB{`)L@N@eSfHmwW5vZ821X3;$IwzytgiI+dJ} z8jYNT*uyFVxQ#T_u5vP<8hVV&UnJ5qirIDd-XvPPLzkxi?Qjo@F#c4r0^k-bZCx%#FZ=5&I6i(&0HuhlPuol@*AvO;1wvCfyOkg$ z9sWup$V7GJV>f;+zlPQy_Z&?feBH@@LKTPH7`+&_-{Q2LW*he6qlm_d^h%Lz#3ri} zJ8^!}Pw74e5~18e?AnPyVU;=m=vnbJXK|4`=_K5Vx!0Q|Rudl_upePb-}l`V z2s7(5Jiw`a&82t;s$SN_IcRKaOnrbq>{G^sWsH_NmdK$Ji5gbYnQ7o|=20w>?Dvu# zoEj1C5C+d^AMgbe!hyj*;dgs&(m}`UYj)wPfU6~ViZZgruIUrrewQA%-M#;)Aw8Y* zpv~6XjZYa#u4^6~y@NAWi|syy?A(SkPlA0KcZUifqC8?wG9ND zQUEZdvJ^+~p!PMwKTP~OL5)(*%_V${q3C_w!JT8%@24{o6N75mc z%-56lpTM=WRhE~E#Zl$?M;JD{4XLyo1w#j;N&b)WwRh~iRaIF%mkNA@%BiAhUNy$5oe0D$PiM>nV-0$ zyI+tF3%gmgLxOP6;WB?_PHyrtY=ObF?vyP-OM^|;&iRwb)`rL!u>f2WBYRRC>{kbA z^6ikWFX2!P?$no9@9#7xHr7eJ>?j$>;ZUh)Z!FqrVMHBpubWE|X$aV3>r6X2BhmC? zE+9$@Yq;0Uts!7{sy`4SPv+kn9kxM>8+V`Ce*jx4Gks}>sDEnct1&+Z(sk;t);l!s z!dl^F62+14>gR{DnSX-NWL-0}aIXeEO}#%+i5uWB8Y27B0R#PFfk9k=XYD%i2_F3E=paOPTxuI z9|u>oasBWm|Cu z9rT`BKHp*lttW1=WbJ#01F3)MtoY;zO+jiPTUt`UDq#M{{#N?;-PsVAWki{Ip} zL3IUNEuS4$TJUPrR;pEo&rd^dlOv^=lhuYosfMAELpmWj-UFAHgLh^lCTgfEu}Wur z+}wwW&YyCM92}&zp(lvwapV-6y_3U$Xd;=&Gv)!T{sy%CVN+@TT{im;gdM~FJ;*cR zKLDlN4S#i)MoD`-u!|~dh62F&Rq03il=eBGE~7#6U+5!XP-rYU?|131XPzni=`Pep zKU0y*&9x7=~CI=Qls z{i8QpGFaGOX4kG;{^Hf8MR(axe0^Bsgr;&`S-Qw<|J07@t(w{_5q|gk4yZP%>Qx|p z+Kw8nY5TV=Hs7xn*bm;VD=71#t25(=iaas0S_1f1N?P4ST$EGr#GgK@Dwi+#>>>0>+oySg_qU+lIE?^D5w{v z8yd9vzN-^=)4TJ<#wHSDwYYiLRnuvE8>7bXZ?akJrBA`gA*e9re#<}pj?;28o4b>W zUb)2VssW#{7*KOYy05B+qJozsWk>%kR-nsEeMEGhI6XwK+kYX^m3DfS{o^kG8P1F5 zo0P84bwuR%TQZt=$ECqYBQ))!X3}ZR3iTZTD;Z~ol`R;R2T^B~)ls7ObssH{I>K`I zr475bHV#oiZ`06)CvRdJe6KD}9Zz>J3q15T_%*72niXxP zbh=^`H~hCjeootc_>+%wVtdl%qn+KxqBnb0xfzM;OZsXF&E9FxwDJ2uKPcRw{C{Ka z%+H8VaKw=rZwE3KV~0RqN@BjckmRI3I_a@h3-DcGcfzk`;09}Fq?>l$eA zqP;1gOn*n6;kT<|-qpQC)i3DXhGwnYiUO&=p`b{W_*W?u*J2;T+}WN;nv)_HJ_@mT zL63@BZ1+4<)>l+liiTUBwWpdx->q!kI_qgktq<`9_7+ccvBIUSbB{zOI4MQhnq;pnO6hssvYFZ;x1d5+{qX zk_*$o;(%AFmZ2$tcnnT|fHrze97lUD;fimd+NQwf6?%)W?X?VikEqXqgM0{A7r@+> zP`118SL$P=jo4NRkK_pteja`QFBGH)xz@gjBESb}XHqkY%d5XDFOR`TLD1hM#=qgYQE!G?fQM+rn^Ebn@c#qtm z=6}7JSwDHdbC zKnX^RK`98Gm++Pb`3T_0z}tzQ5P1hKjoWOW>EP|)k4*`6Zl^WXgBL;k7c)mR*YT`X z{>f7eyZ`?3&`RT7*D0>)pfP}JSFsdz-It#*Eq(lyX~lfd@yvWPSO48W`Yb%fQhVF~ zG1NUbBQmCJ>6R8^cj(GCP1zb3FNZQEw$?O90?{DL)MRpF@Yc=%Bf%hcmc^0pvi1GV z0EA0gkCQp^5tpwkhRN>0cbU%J%vRz3Dr+VXc0*6S(8sE{uZB4IXdul-h&&HEP1 z4k8p@pC*5!af&(pC?#f*fDRLUhauY~`ebCj$~i#2H8rXVT~Z{RT77LgXE#$lq&SBp z3=tOwJQs&u&MK^X?giM@MxxM%>fbcd2LSUY8BKJu#K`K6#lwuYzE0^!1Y%+!kF60aCX zD4~#qshWIXfZfTDjpcqGQvrc2RFeO}{(i4M1mEc7A}`S(9zYz)O}NkM^SVwulULL| z0Vva_Yefvz0KS3!hj6W)X@hL+(WthdgdjmxLx(;4OjQY8e0kL}j zD-Ak6P&3tT>&s`76n#yvqiB!~&(;{c057?B`d;SB&xr1M%-%n89~ zU>=%+7H{oPIhPXc<8i{gvI)m2jGIFh3CadIGrZqAFK@{l!qO^^v1JvRR3zR;gLrL$ zkX`Vldm9-|W=_6G8y#G;qd*4AxBH&KlR2PfLyzfg2JSlhZ55VboW4>NVR%aofo(x* zvEF_j z+W+yT<{SSOL`Rd>)wy^m)xA$mS0*2&U-KU>OtkyOa9%i--m>H896L%1kp zW`*Ci@BY#3>>GHeVs69%EvwemXyUIUL>}T$5#K%~fboj$abQrC$rjYvUOwV2mVib> zn*H)ca^*dsHryw^#L_}O!J07m*w%N^V)+Xy$V|Ml>&J_@H5_-pNARu4-L;_le&uOF zO0zdZ^FJN%6LD;r4^Sm3DzWtT7Y{)bcbh}q-&nO@RM}%sOlPERq^ksd{Go9k8JkWB z(=H+nmj#%3|FRylz+WQgqy*Qfn0>LzOx#cVJ{|B?F}6nojTZk_nQ-wL>~x6xghAc< zKkI^@X8)@+ns@2uMMM_7b+y4SZ4rkfA4sEZ5K!&{zSrfZ{A&-~<~;Hj`u4x3|LR4U zD9X4y+05@s$aS@nlcWZ)!Jo)Rh>mmXODyXnknorxYb4ii>#6u8Pd5x~=&400+_`Ua65>URm{eH6ynHd zRAi#50Nz1Ps8kPG3c@L>vHDmXh$K$-=%dl-ds!4XHi}_)*g0Vn7QuBM6!T`##=vMF zX!y*co_6>IR+XZ&KPyRxs~`?ZUDd;3YSkzwQ9Bh*++m<_dp&8Y zCg)R?SmS;0fO;e3!tQZSO?X79dx#Vy3W>sfn`6+(ds^OWpSNYZPKW)k;@;31rYWBJ zTN;fwVi_A?`B`+3;AlDp>|n3nU6%7J$!h{%tlnvAhQW0ecxi;(h8 zY(f&{^g|kid+r4mF5-1brh+HE29XBwno%?4J|{v7;UMDE^9I5ht%9{1j2litI@5AF^@o>F|#TnK5*-q^^>{avPRM?M;$6Fin;fyd(uZs z7ykHQUg)#={M}jgAwN zt|XkHNr=M09?6pV-`W}s{7I?NfGyfgAra3Q+z>GqcLix*9DFOd&Y=!@n5+O~nx%tn zD5kmUgc5>LtuP8mk<*6l9PByso}4(X|0Z{1AoN(^m%~+rDLZJ(fc3727&&l8JEl70gB;o0$yUHbjz;Csvk0g_hD1Wxg3`&dMrm|fcY zHWP8wM5A)o9vT3mvP~H4tiYSlo!%F8!lf6>kt z+OO-|_b~2-pKe&2p&;GKGUnXMd$8~mXD$$0m$jIQEqVv;3HL_ZY9j=jiAmxda&HP^ zNXpa)1fLfAYSQ=R=}4i1eqEEzW#u8FKY*DRa{6CvYp_$~a^Q%nE<$ls*uESuNnp9d}qc!wZbc&FE(to;sd(HTWR1yNx$i9^U*45S;&Nsq_ktc*@? zkA*fW8f}^*dJ(xA#Q`vpFIbAmV{+Q|^rHN1BZ(_Ed4i*- zV!!V;9z(YJ#BmUrG@nQnb6dqui3TTM)zc5Rcwo zup=gXheaEku(Zc_2n>W^HLPdLy)OxQN2}_$IV_Tv_;^K|JgE$tR}I+vTH3)|pk36DWfWgA=m&p^ zv>^8Bc-`7!%7A_8;u~F|cI~j@Q0)+?H~wJP4FG19mv`~Q%dotOD1}x$D}P$O3Vd#8 zrM*cpkJ3RDq+3UuA&y2Dk!q2X9!xfigLNYv&$azf^y5|B-eTIj)uGaSe)W@Oy(9Ii z7A5QlVoniaA5C_?7jHBuLX)qzS9uP1FD3_G#hA;r6ZvhQEu)V5?8e1sXFu|I8&)eV zETxi+s^95$fsgL=yTRh*4Z5*n8}HyV7>@4k`~;Z5%XyUoee|>3S8uv#`H4?}%j>;J z^fde5x@8~tbIH)9xU8|F~0|h%ypD=#O~Y0Jlz3_)HmIy z=Rf|_`6Nf1m4?#jmxSw_$;Mhc6>uwfkbmq^2&UuLJQ)>TARf;`XB^P^nIq6JtqEz7x_(4?l=ahg5_jK7H9Y0v-(3+xb4w0aLX_ka;Fm z7$USE0Wp}UkD>^mM#9a0JxjZ)72!nOy4~6Up5A!ba{M{A8<d$dSk=)@}_7C zja+#;1;~%~a|r<~tdj7mo>Lwy*fF*g-0Zi91RUA3Q#lVD0R@5A^h$Z@*z$K-l>iN3 zO@tk=3)~O&+!m+Ftnwb}m__Ak_=sH)+`A3ziQK1nP9pO%DZE977z=RzyB)<^KNKI~ zWC5!7<-nEQ$%13|9|%FzfG5v8Pysh<=mQ1yel!UccP!v}(b6mldC?Co3TE@dWz}+5 zfhW8O;Tu4B(fXFrM9FKQH*q8ZEQQUi>=yuQL&Fg`&PD@RbC5+Vq8Qfpu4eFWSnq#_)P z-hA371H$$46(GmB;Iii?VvClb@5DK}f)Kwt=#AKhDPR)`_+Eg(p(NxUIbVmz zJqB@SKBjAsMRU;QW+ntCu=b@w#Rffc)EoFjRZmEN^n7{;3`7JA12q;Z$G+$U_}{eO zfhDtL$AQic$q+SAZ0d85_=d%ln|ufy`2j11%MGyIZV;Ut&Q3zr5inBk0U^42W!QgN zXzG$Nh?@>ib5{b7RZ>krm^1~hCh=lUW)xz8=<|c!u+dw`-0bU-SCvGGul-90PlvB6EE`DM5|k%0G;e(XJ(r zwvSc|kJWSJLhrb$gndh13xvDK4~OVHz7z6ESLbn!jyMo#{OS9o#qJh8<1*ujT+y&q zRZqFf*!e9uR=?GNp7lCPpY$52kj{`6_L_5Ru)0h?-1cocl-%(6S|=zyZC#=6!XMEu z*a1lb?!(Pv4dFy-kM;36oF7oydL^;Mdg497bpGSrR7==xAHAec}*3}-`aEf5X6 z9?!b<0%w^y&T5nkPg0_d~^Nm9)N_@_k|P%w2bPLR|>Q|rj=H@8H()xGn6u^78oC1IR*HQNz3udl+R%1gu}o`$TXuF zB$pBVyr63$-3UU1GkNoko0V2?`hN#&wp z9d6nx+xz=lv#Q$noWbpj1l6U)dqaA^b9KgsjTgzj8;5zvjMHBm4jB1gR842eeM1xS zW)ECnp=~Ukn_J4C7r${hCSSX{=Jrxu)l7Y$PjKt=hUb++=YZE-Ubs*eg=l?2ZA-Am z_t>AlqyZ1)!NXBv+rS{Yn#oku~a8i!}k@P$egC{#kOwE#=6?Ot(1(vwU+o< zlAJBke$%CL8Zt)a9+;@l<%d<%9SyI7j@hmVswAG3R6C_?HXb)Rb`7en#OA~#E<0(8 zf^pW~uLI-!o%u7GG~l}&7}}o&Tg{ts_9-)Sg`g@P#r(!x&8E3{>Px(NlQG**6!}PS zJ8>E?qcW~@=3!zv$5;i=^P`Kd&eUqWR$v~!S8%ZlyW*8VW6|Fk^xJDHm&w%7PlR2w z3-v-TXQdQUepzpAU$2i`_cYnkJm3Yk$~EYN_=+=9o@I|k&_3hJt!AU=T^_5+cGGrj z#tT2LG{Rdh%N{GJvh5wJVvU5x{Hu(a(-ncq;%Cdl&krv}4SO(ZwY`*X8g6gbIzmDm zM;__V?hG(_2CbxzXg?OQ{nW$8lh_t5p~^_-m*ai5=(T-D#rgBgG{JFPKDsZKBkWgf z;q_rS*MYFf(nFM!^9m7XuZMzCclx>LXHZR~&G0>FtZ+1Z;CC}HXL;gQoQFe?dEipZbQ`BJMQAw%+yOh^i#mmMX3zhk)OQBS?jsNC@_>#OsNufLkP zUGuk$^IdmxF@9M9;qt!bi*BEs5{E_e%8wehEFS2?FV_-xUz$Cse%*M!{!t*Ex`b(X zZB$_Ky`lGB*@3M~u-^U;<=kzN>26B%wAJ?hFgu;MC z(4gY5ekn_8;#2v4CI)~$h8{usl2iy*_}1Jdc#-qQ789@#PHZW}TB zU0?SLD(x=4=oJT=l=lAgl_g;^|39E4@iVrBZAH5ZZE zti+JpP}qBsr7N-Wf4@k#k$qjg^YI*EOn=iKedKV4y%9Z@8qg227prwir_hknwBT6& zkp7Tu@Ty|-9h$$!X{eA#r+E7FxY!R;o44LZ(`=IT!7){y5LfA;ul zu3A{BQ+~Fg>QvC!FKa8fE~nvKXhV;N%FSJ}wW;i~TWJ@uYC=zUe@K`vwjGOOw@gy2 z^KN-P?*8uj4qfFq64{j|YSObA_BWmWNBsSP`sbeaWa0-~3P&%igG^T{abBPA4+w0R z&uw$}LnW>|-syWCu00a4{@peVS`Q#&Ybt%z5;2)w!Z|C8L^&%_=84q~VUsCn&GF6fZyV#1;-Amnrw$hAR9BoCSA7|7 zujgZ95)1blV?QPI987LtPz|!gk9zyBA#F$+(fBUzTJTte~zf z+SHt0cfH8#fglFttLZJ%iKuhpj^ zu9>&u5LVQzbl9#j)UL^LqxLwS=k1;ysDB79mUOk)Oq=E;;2#72!?QMYC&~3|&+GF1 zj93t9FeDa7DG_fPa5C^Dq~x?9r5!{6=6@E>5M)R<#qRYtbW1hHet=dwQyj?kLdDxBVu4;LEq=sK{2c z^OL2Rlc0|Ij$ znbemSo$THxn62@5zZ#A|?=)WYr9FG_BUw3LGC2Osi$YvAWJFvL?>l3FDM{MW(%Zy$ z&V}rcSaqc2C;0<2{N~_ywJOZiCw40A?Kl7_rp)*E7v&cxAveOH$V!-ef0DT!IfgNj`b6JP* zmAloS@04y#W!o8`!`n^&14jT9bDAS1p9iq<9D4vp(*(cw3qssWaSCucLJa<+39%G)mL3-*>i^8QvAon;4f=7(E*_4}xVAgH(sPu->fP;u3=68#Jv~D0)N5YLZYT^>(o!qKfg3k?GeAPiP^mXPP**+7)g+UJC5tS_1v_m z%kbWdfO~D0m0M2=O!^$pCXjlBob5L`J+NW`+a|VWbCnP5T%sVY;Szqw6rp>CKFU>J z9@r5*4LEZpXDKAD)^7Tyv)j()Jm-OCK$BMk3B9|Ev4mKyXuP)Fsy};adEtqzzm$%8e zm1ODYxanHow(-;q?GRWLNhka}$_M1^+h~xk&gq|nKP5Iy+|mI0cC3K4{Bm}<(F=Ny zEY@>fgN^hT>4b{gD5*pBhw;l|Ww7TsfHE3yE8ah5UYRJ~nW?Eb zmr8oeB>5`Qz_Xz8{h!~)0nIo;BN`ILeeRQ6%18&MbT;emLqbOP%qK~FEkuRjx2NLl z#z>Y(yoRW&9c4@gLlbv_4{B_Ez2r?Nr#t|T>;a*QL~7|O4C$-T?gPfP2U?1BgXiUO z7lJJov8DU`dH%BI-xBu6v3a0W`$Z#@J@|`cnSF(9dIt2|L)CSO-(Uh2r0MBk&VK{9 zFW%*@7`Kh!L7p+;>#wt5f1s9CwZ4OnSAQn4&I3iAZrn+M1WM=ZU~O4i=JH@gNgpgU&-BN70mW=ARUdS1}fz+s1UBlu_k#CG*E^q9xu zW3Wl3OS9)f+M`&-GlR?lAgK_GwD>jWS?IhoH|sONd~&Lh#ZTqC%3x%(?uIhF+DjaE zX_ts1OmK^HgQsH7+vz&KNO>OE`!KIAkxv33Vn?R@{W<$h`tQk>|C!kBg-oCP_=EBK z+|g0V%MGa(!LL9#*by6EN*Yfn7M2V5-ffA#_tRpiHO?My5HLu1yWmcdY-o3RW`0;Z zTQowRrxwGiY{X*h?zMYQwib9kaD(QQ4l8*#7AXp+00(5769tU}$9I5Qn88Epe6wQK z1?Jbyp5+9=304ONHl~ZMA;a|^PGXC}6f+ZG%b{Jrv8cm(fdHglXcQ9vjpaQM-?=H$ z|7+zD$qpzj12#EB9wp44!B>%Rv0-wRyK#Ml0v+`d&X@)H3mU`9(Bn=&DC;f97+AoJ z{1_3hJkW}7*X*^D@FE1FCggP%ECXSz#BOt^F+~M1&UjQzqtt-j!wZVK@yinhV7Kb8b)H~D7f+&c$rO)#r6kJ zS#vLTMLQ#BVQ~&*VlBRD?RjMg*OdF3C#$hRvsr*ZFCME75Sho=kBiRUZQI(nL zg#$a_%`vD!9XJJNjYFCV6#UX5g(?H+HzIJ>e!|7D>UL?#mmM}9Sym66cVDpNmJ06B z?lhEe;aLm8bBb|A2(o>6OQT^S7g2nQNxO`Kc4LI8ghGA|%x8xZVQ%t2mM>cfyg6Bl zUi~P#kuTRq-9A&|+be;^Q^&mQ3)Yyp7Tc^1CI|OEpL4{Fg*+$u=qBUMbuM|A^bXDMK&I% z8^Rb0aO-i8=SM&u6V75=wrz4uA0L$;a6Z`)#;1U?tNBZ1Iq4{<0}%|TT1jItM9q{I zehd#RWhrIO^yDDO$}u;cC=TtD+V2xYS!HD?oK!QuRWwmf7E?%P*1hs>R_U=8nkHxc zD-$Lr8_1G(5uN4+;Z7F}mv9Q%RY-54WZ6BMwv$*|&0x|B{9VnOHtmm;Z=bHTTvoZO zF6A1|yDR^cWsin15Qg0n{VSSU?yG@t`j4zAi1FE9&w4u{$OXXt*3O2{gR<;kFT15$ z@$ImzNEch*EJ>#?ijIYUkQ$?!<8fVO`6YB1>yN)ob`;i-6UAh_8beVRBsE}CtPo2H z+^UXm3q&QE`S`OSn6+TL3V(`5|Az|zdWzcP;5nc?L`qwD!evU7b;xgrx|@|;F#aGn z&2Tv1k390;?2sh?D(6+I@y{Pq`k)n2}biL)-g-rTWesg9xOQOukA|^5W23 zo-^W_?e)tzu=v^qT>p#v{bqg|cg%|!$}*9k*u@l)aXIfkv7kwcj^ukNl{pYCgoif} zcAM09O#e7jYAq(s7^1~z8f9fN+oi!**Sq;%!Jhd~>RpT0%%KGWB;&Qgk}&XKD3%|5_!-EdfSNYb?m?%yFZ8F zKXCqJzph6f89aZ24r3mHWG%FKv_p=Jp$j+>iq*r+MKJGrr3)0bzc>^xd?^si*taEA z6es@s#O@PGmhd6w)vJbD+uhnlT3jnS17bzX-Pdyb%H2$hAAA)~n3-R3wp{HBJ))Ok zRYI$}GcYPk%DP*R&b>Eh2;+6$<>6<6+&9tBR-O1|AOxd1brSR!XA3I4^LLD8#;+{BydWJBxxu<7N= ztr!7%&c2@Ow5!w|t}AAa=Q{g(W02I_*8a=}$!f18FT~7{gKL9JvgdxnZLp-voxgi+ zN&9Wjjr&V$@)qs6TN9S_Llv}uzgMAw(w(uam-{lagv@CI+l zzG9h!-0gOFidhg2n6ZRVN-S;aIPtaz?ZV}sW)lUxIvygEXoUF)G|9bq{P?k61}M+C z)J;XwzU@Q_W;w>{9X=?l>!+pb=Dz$^I%qG}o$()uP`7MA>dTW4JJ0cOhS>zaAzuw4oeWWaO4zm= zC{O4R!Wk*}CY)=N2pat1(K?y2e^R)R?`qJXF|z1&yRehOldCN|KPU5e7+eS?R>tF< z6~t_uW?upsV9TW$>VHku`PG0^k}DimFNHLJ%Rp|{mC{)uckeT=^Q-fr^nto?*(f2V zc0Q3I7qxF}=>w(^hC^sa1vI;1zQ}m&j`{mt+o9cNX1GTT?Jrb7g=qc!1Lun!xTKVO z2JGwl&n(_Uj6KhHPolH{?H-kc&o*s@KhmFCU9YNDI6AWKwM}flwyG1Vc%7}t)&JGF zO%)f<`eBD%up&R(#+%vsijvR7NcRxvzilLwKm7cD9*dbfH6$#+^o)@Kf?%hMAFp+> z;^bhS@eHTe>JM;}R)FEtzr8o*v*}%-FtE*w_MNaXKSny?#J-WFMdk$@uzY3Kh*jQR zoOd^X5VBPg#SbJisgN7sc0X7llmBS{);w8kV_SOZ1B_cf7P7o_i)@Y%+U8^=e$Uz2 z7l|H>mGCQp#%g%fZwbrE*2ZVuIy40X*J_9*gJTUP?T~S;f{N7?8$w!s!9pzTY*BuI>A}sw z*#mW_GQgs%UbMuPz!ULtlA5C@)o*iZ_TDWj`$B_@&IE~p_SgWU*XE-AGUFJHJZ%}4 zK{#tW_eRX1aPTLT;M9H%$CP&xZtE8`t0HiO+V1Rn)0L_?CLpgKbm(wVWW}!f^hfs2 z&=6^$`xv%7`_y?<7d|hCNuJ#pj}w}knUPmoxw?GLBk|v+0QDuxxbGmw?K2*&`yfmN z;xs11s66&nCb8%k(|+xzp)?zZ@r$JuR;9Q8OAPjFG zp9l8IcP51~)vgZ2G$QPB2n$?FHn){Mqlp=UgVKlOCj8UV{|-tscZ5G||1b}egWxH~ zigfnVG~*3Wp`Bq0LjA!?GICit%L_$8(bPyWXR@m)p*or{G`U3VV>(qfgnu+Oz9wBY zfmNBsz1vnH`~r41;kO}$^Eyv39@G$trPn(q(vT+rRJn2nYI5_UMtw+HTS5UNfxUvY zBX3mAp0)jptRUrl;1Q5#700J3X$lc-=Wo~LR}OcSX=mb>TfRkv2JC)hTVVHwWR6q@ zDWRmHoEINcFz+Qx{3xS)p}QTzDuj?X-mU9LPLP}WxY6#+OLlmf69~L(WoeYo42))% zY>bOXN*Ok&u)|-*9uAyG*sn0KjrL!oShUkZD+_)_hz(DSE|4M4ot|Yaht+(3ZB6dm z{cZ5)9!J7rljea;_pOX7Qkfpeg!p5D%sErcPwsnMw-TqFgmGx?z*&;rlR| zBjRb^V<#q3vNuUrZ=+!(q1+h&S38I7_ z=^75DGg(O=XsYPvy1>SchDy{-8QMLYJi3yaGCJuZcgF&s!4enTqU{JJWe+IzC@7OF zh|)e}CeC<8>9A7|tWW7a4u9c-KeB2A3YM~u=bChg(-7#y!$gV?ZMM!2AZBAh<`hDB z!!S^1w6wTGAJ6g>8&6BV@&O-X-5=OD4M^_FrC^qJ+Lze=KcG$-e^Y`q&9?NR#d#hh z3;y&U&0eLa_>iPTG2cP$y{qKGhD`W4ZhqT3CH|Uu#N1OP z{;_=X*t5IX`lO5|R`-3`^6>;I#Q)K=>Tk=^fP6#?*be(J|9o%bDJ# zrhzq)MsG#L@u)fBdAH@cH$2wgg#+QLVcUg=!?y(QXq`L?IaosCT zX`+y?(4eF^LNtB2Nx-Vm!tY^a8w4|7ZO2i z2@fyEWL1kv-a@#-xu-6#A6bjE=|G5h%hjp*b(pprr^3gVivQhxZzp-qRU)&QTHYHm zjF9mCsP*zdvAGZxeLPSc!gcjI-zd=?9$NVGTdZ%+Cguw;W2%V-nv+QaqJA8_2-8e* zjpCZ2e5H_P@6Y5H?roo7wJtAcvxcA%(LWwbIBCq8*4sJsnlPMGG3<50R*Dg7VjhCCEbql{9ch7E=7i zew6YkaCe1etM9h$QKFg%NY4r!UJT_a%$?Av7vp&IFKj3M#pQ)Y*MVdicL|Rv5$+;p z@38$@z4fS`y|c_$O}|NCoF(I|9nFPAHi$jDSQV@?uHzq2!TwiR$o3@kKX?7)lw>h1 z)pBUz`~J8Y6fw+8ueycB}u+rbJp8y5VeOvk+t(%M8=BoR2(;uEnJ-Hw% zj7f+n2pFmEZM_Y#uOss|<`I1GA^pv8#}9PDBU}K-QxR$5CV(@R3+c8+=JSzWbv$ZF zmFNqEhDHE zgf)r~+3|OUgA|C^@sBp8?R?3;@&wHN_rXEHMadvK1d9=GqX>vSUb3d^_3kG%+|)D4sHA5Zfblv!`c*R+SJZ8+!~clKrod1A{f+&YK^ z0~3bee?ideo`A42WTA=l6Pfd=s36u^xp*Ma+Dv;nVXOJH@!U+ZNFsGw%6 z&~z?Qb@t}(CkgAR2e7GLLtmZL^dC6KgRIDDh&c^+0m-P_)jxzM=B05jjyNwm*(#Ua zAH=MZ!DirqNvmeu#@9ap`bcsWmvy=zBQ$lJ{U8mhWQ2G--#Zk8!uV_qcaSJ{D|$Y6 zaX>u1%9KU+6D%cK6*=(P(3tVgziV6hVmlDd9iF%z(RJJIg1ijzx3EEREBvu35+$Tk z1zOeQtFf`MU_oBqMg=9M8*HyBOU*az;A<$I}ruqjdc*etfu49cVSvC#E9Y+y;8 za^Eq~6ZzAEFMcx(VgOkIN9B8KDQoW-5RWCs$#yU-#Y&iYjf(}x(%hVZePcKrK8^L+ zY-H;}F<5Y9TlvO5vzeUp`8Du?mJq%ir5J%Ct{rNM6%X!-$gmn%3L3Q^O=oTD@hbr| zgRd=0J<)`sYWvm+(8K62P?3&0(SAxfYBh}wrc*dqyN1fzu`_g=?j=QMl%ABl6(}2c z-Tl{US79!nI+doj!DvI4qP75Hr_G|2-w&m3z!Vtg=MX&tnlq8rcs>DuY%%u~!Vgyb zXT|+`{{fp9_mT{UeUU*5N-=dPxUw0qQ&gRg+48^r&tz-iMqPKzamBzFq6{%>}6 z*1oYDt7G>juqx5d^ST`vPBc`h5|VSI!qx$Jk~AfL^S};`${V}`f9UQsvbLA>RNl|dwq6TCqY?@^$sYI|70anz$l+TU#VJ?EAt zuTT65A*-}Q-9T@5U6Jb;mrpXF5=x}h8?el(MM(-HB<>WhP*?Ab0(Gbme47JeCGN$P z2+2!B9(9MYrqa;J%7Q!VAnYk?vGzpE_h{~p40<`_Pg(YMcpl7Kztr&Zn>q?;A;+jg zTxUR1w{z&Clpabh9I{(#o?hW4jeJo=S?E4>VW|a^bLUYzbSV9Am@ilAdP3{ZK^)(8 zf)theYV<6^kR5hT88vngNSIvtEJ)Ca2`>s`>oS6wgveYbNbzO?q*&-bW5P(CeQkRf z{5wX;5w!5eS8(>T%1<*ukoCeX>DZ9H?EhTj4@IDf`@sGvDkbHcd2^pyb|k&g-@8Bi zh**uwt20QTmKmI)f_9@L9vu*rrwAv}#CF#_jh`$4n0JEmcMFq@O&UE)|cO7PJ~P__*OpjeHewP(cKPbsogv{C6O@kh5YKPrdUEBnsnn zTtUupo9yPh40*|PM9%I7;S znkPhRqx+A+0*1N-eI~FUjDAgD(%%W&V5|o1M-F z2Clw>Q7V^^M}r*D9s-g0V?U09u0*93wvTb^o~;B)$^N9$XkayZ`BrimObG5HXGK`L z*%BHTMew8)_MpctgesH!uMngAZ&b7Hhtuw~lM3M{)Ij;}&UeJS%qSHEV)irWZK99( zL61*jhbh+^*ro}G$X6PHNg<4-I9ctVuzlWobfx2j#DsD20kut3JEwSxVhyErJaUhu zFzZMuN6w}aN4o={QCh9BiL9~F(E?e+Nb))#C_5H*mv;TH-oLb|5cil6#cQ!<9n=KO(M^-kZ=@VG5CHI?93z0;}ZaM`#0 zjoHhscUl(r^?O?nJ}=n)ef6{?DCwcy`wuUk{k|vkvb7PcIR$Kd{01S(u0HQb+QP8N zDfkPB0%z(mt~$)h9hW_XXo7gTU;?J*PE{u1_QCI-_sPx|0>jRqxn!eRq990%I*!7p z8?nFyj#MWWrT^n84>n5zdT2N%TWkA!g=P6^m6>`7p9c1zLBG5C$D&GoJQPV(N-8ZR zD&bRg5#WO;tHXE=Z&&FSa3&Xrp8IgJWH*WD+XJcPJ2j{=VHw&`h;>gQvB0QVCbeW& zz?<+bAPC)^aPE|+?8Ch!++W9^5)>3IW%Os?eSEnz#}-I^pe46ioHl!Y7@4Tp z6;cV55k(+0aJ?`-Tv9-x;;g{jjHu=WB(TA~c7V0t8=wpx^_HLCdHf9`8&v3BLR+txa-UXlkIn^v zQ(PpB%FjyIgUbtpqOC9q*NN+p;39#U^-C7fZ}r#G4J;ih>@6Cq#vg|wR_t9dQDx0k z5Zv1^X+ z-W^PPQiK`bDmwB{tpDG4w`M(^ETEkD;o;$NzP7g3s+R}V-gp(Q_xE}ptMhke;`!@9 zLeLMk%NSv_=o&Qm*#M-E=2oAbRPs&&sm&^8cd7C2k1QV#55^5RxPSiWG%08}LQgHr z*fv3(2bBNVf;wgjyjv|0&;LHw_)Y-$7`5Hk+mB@dYWV@3Tv-=#Csk@$>y+=U+rU>> zY0G4HAe{#j(ch(Cx3cT*_R&OZ*e9f3aBKsA-SvN86C~gz5agWljlKLas`Sm9#jTc> zmJ}HonSQxSV1)`c)Na`TC4c6aP?T{>*TFa#@hj6ZLtnkK4zO}bt9hMnYYSrJOsTJ%#G zx4l(gvDyGlZPp3Eizf#c>p$1xP*~haoTtyHU1>HQRP=ZU(t}*22&l-d`qosr#7OU_&ZmoiHH9g*>T~-@*e+Eo z@V+UR2)|Q+DVit`8%{CJ2+t9>gy`i*;}?xEm50>-C6h2H+f;dHkEUVV;F*_k7>29U zoWYD$*fby9@fjy$`|s0y`V@KBLL^1sKh=XLu_>wVriWHlnQXgr^Ut&AugALC)BW4jDM+Eg)xm6PTZvIuQ!p?Pj4;SD>i; z%$#0BI;iGpf1;w%xT76OQ6e#s@Im|jOYPt9iJ*->Ki?S%n!5}asVLB#|88&AjV}`- z=qP;+$^+*OH9&}Ot;P4ehLO8&mjK{%PDhjlAumW1X{TfM!&S~`ccpPRMV-anTbqYP zvy1HOP?Jif1m+(M3)XUsPxoVgUKSQ!N-$cbG?Xc({#Gk<`9(!2R1zr7{QUKc<$g!W|Q5d5tzvHwv5jvo~^1Yio(;@DyaGsuVCyP@8E-w3d-uD z=irs`^_t*+IWscj@}!>tTy;}T^)8eJh?Y(@_nrIsLCCqQ`Ob6_hZoyG2*4tFw$ms3 z_7nJ|(7}qZay*K3MsDWPyT3o()BxvwzCyXD;6#*!*ki~`*Es3`)9iD85s!3}^V!*` zR%u6P5jQ-VqGcAg*e4*Kw{LkWpDjN3vgIJ^NF$tek6Ut0A?8GW=NlLCc z{z(v70M#b+CCT1R$+ke6@22Mmexj+H*X6&1L9wVQWxHGc{I37bYQS5YFC(TL)B#RB zss0V^FnsL>rbtomFCwgc0&JP})jtHArOm2|Cod=vUG?!4s6h;r1%%&1jdO`@UpBD` z3YWMFXZ^(XN5XgsifvcBGH--!1VIBX;996n=kv%=QMlb~is9duTUFxC^nq|IsX^tVKY2!4;2)dd?)Gu7vMdvrgax|0M#6kP=p_-;Eq9tQVewXT za;*nHC=1t%D&XV2>;n)f-$5`ml^uCFbveQeJ`OqZKiO)uBf?O_|0e5lo+P{Fb;z)S zJ|w2)x`QmIw&BBuIQ24phF35roC1nCr5!BRM$Asggnt)>8(xy}SF%aGIJQ685Dp=P z6UO_AJ?|64Cn}V6n&4MI1gaof;^^H}b_@o5iWEki#cLiI#Y3x;OAJlhV>P4*`y03IC0l@DKnlrEGZPpZ>1F6D+c{uVL4A+Y3+R7NQGkD%x)C% zndfeKRY5>oIU+CXUwMD@@@L{y{x)WEpQ+NMu7^Zwt@C2hG8&g89@4W;{})|RQ+`LV zKmF`T$Ma>ynXt|R*qKMz63c}zE=}1j!BP#VJEe!Tfn=K1Tl<%V$<@6i{!cj*Ur}hR7Ev>nc zfkACZaB%P>1~0}3XlC0XGB1OtuF|!$S3gsHH7K>17EZU5{~!y3X%N~yR*g$yo@e&4 zyoy-EGS`ezIFd!Z-eiRN7$M>=wTvOlpwym9=V}2U7~Jm(mv+{wkFO)s7B!75Mip+| zksI76+B_@nGj!!XBGpZta(CoOYWyjw$3sxAk`AH9)V5*9a5^dE#$<|>c_C-lRH{UXm5D_Y@TC9a_R(*q(O*fLCVUywD zxC|31{C=2Z2AAv6qi+$nHga%qT%~_oJ!Zhm954cqfew|!Me-D*3o))8GRfe!WSj2d z1!E~3-9)w${Z&pqgeK3bO98_SA+*v0#+Q{>`5-MCmx3sGTLwODpcIT-GoW zLhaL|P+{Ks(xD{{B-Bd3ueWtUdl}q*KRP-iN`S;%<&w)|4d^)ey~O;!ng;}Pl-th1 z2Bu`NRy%hW74j*Wm50eU)e!;=O^=O@r?`cL_Ws&23C0hbTwanLp4ukGoKGp~2Ak|Q zm)VL&(>}4hH7c~4oyF{U>eXeO23>z6ZQRN~6Ls%+Xi#(l>|IY0v4 zd8c%>t7M>VXmfos!lwmVj>GdQotBBtQE_(I38eTrok_8VStzQIs8qHc6 zk3XjKXAQ@2!3{UyOrV8M&pz3}#W3O=3W*)v{Pkb)LxCQ9O3a^n38G=6!QUv zD-PB|8aU{^H4?+=g^@Dmo_dumDo@4N&q#*POiATL6TogPbF=zOENj@L*~euZc!2!q z3KP%ZtB}SD-&Dow-9UbbN6H$j{1d|GAh#X{8rhmPYVD0hYjh~_9}P=DFhy@TO9+TJ z_b_&b-E8v*;4p3{;nZR4FP?cx350VycRZE6MDuPSS{vOFug#r6#Y*^&_r2iNJNyT~ zDa)6YY(aO>jzIRu{Rn=P{cTkWNY3gMjgq6GvT`uLR~16@@F(VhDQ5Fd4@LBTqSoVX zuAbalwE&aO*9>x*`44b3KHYkGQ)-~WZ87rXuS~UxLF8ag`R5-Jr}AuoNrXLp z&L?RnK;xL-FvU5}*x&W~9(QW1X}v+^Wv`=0@A8upojHHar=&lT8~d#Y!YS?FEyRo+ zQ!!Cxb&npjDDD-pJm;Q`gPHc->%NOWB*?eqI2&gi!{G%)LDet)K_Ei8SVO(2Wxoze zSupkxq(rw6DyU_7C+y)3zH-xJ6phb795GsZVl6p8D2?M~H%E~8&rmW5H;hW$H|a;$Dl8W!A%c|+tWFIPb# zoH$NJD+@C3p`c5)Tcfa6<^N~@u@mU$5;>9T;-T&&L6>ue#Rv(OQaMQACU>^!tkoS% zISL}~s5)2sK#4Bfu+kjzWAw7|6gl-mgA9no{bK0%NQD}wVmrckZeXLiu=Pc)S2Le3 zmfH@9C@sum#niHtY>yRS6`DOHIxSCI)ww4ErGHUtVyaz@S&?#wLG3*xAuB|WDA}DJ ze31)Ws1`gJt}g$k#%&=u0sjlUH73L``?=WU!!8PH%_lA>ZpRyMQ}rliQ+Vuwu!kz{9_Pxb?p zXGfYVq>LU*4*3vtEC(e0=BOq`kD*OY`x9pVUw?*`4L7t*&Yx%MRm(+L zum$Wc7+F&bSio^Y)I(q+6^V3r$!C!05HiQ5D8ufMO~ zTxkGiSLU;gT&ZV^Q{P14dl*KKUV@UmH@xgoePIHLuWfam(m$5y0o9Ea6ihfW3XvF~ zyE|=_7N#Z*ZLUeC_0c-95^q~ki0nQ?@NJER@i@&vz>+Ex4j6LyM~JHioxKzMlQ?P? z!i5P9uYUqR&Urs9%vKrw%JCm*Cvj>eMd7!pt2w80EXRR)#H30Z!^Sk@+;4CItQ*`B zEk&dolZV73=$xD?wvNZt(op)mhrR}0M>{I`P%+$tO8XrgS&QLfVy;(zvTSF0Usg$i z80uc7IvSyPqKIR+(Q~3iewu!!e*Eum0jqPn@keN^*WYRTbpLf@X2p(EOUav@`26_x z-Z9EQUDy5563B3(i5N*LYIy6_8nDA%4NKfiV_0R{3a>;g`()NtFmw&0)e0GlFhmj4 zJWAVfH;Eb`}iYvrUju+4F9;Kp;&-*ugi5#b-6MLdXTDz2i{e^vohR{-OglDLQE9D6{yH zR(2<&M(+DA|IL9)_&+JjjjTK)Xu@l6flM5*)ycp7d?TmRdUYLex*=Qdlunw5x1P`4 zyl`Y{04(}Ht(V7ba;SXY`N+eGxS_s?&lY>Af!3S9PL0(+Q$|~!ImtBNKurGaf2n=( zHCps?Uj6r(U){5w?(E!kJHV3n`v1o*OV;RW8Wvc;6;hehDy9AE{MQ~lTk=1Rfe)Wj zFJ3l2p7GigEcMxBIX!|t9imguNSzAzFCQK9 zW&;lzJ^IVfQUferPPcaG+?ss9W8CucmDC%+&{usS9w`%A-cZ^8Ts_f2Hs#c90I^9* z+A7ecrRe&zB2ra1FY3+~+OevGr_ z^%rwON>>}*UmFVTe@7A#iMsS_a3?}U-nX5jnqXswTuN7OooD}LQ_JQIO@A0+UE;kz z@At@`qD>VrwF?xiFLK5Fv! zdNKK~e!9r>AX4;Y;Lj zjHDoHrokdIft1s711)E1nDRt6k|j5m{QlM#fJTA;-une0m->0<78+q|M`r$z^{L&V z#^~dX#kr+BT*NpTY@c7QgMc}9a7|2hvJrBJRyrc!gdgTpJGik}vN^W}YIIz~2i_!W zwQIes#e0tG(Nwb3QODl)K6wIxXgYbXs`!SGMCVJF2r|wK%-Pe?)%~K?>>;Iu%=pFq zm8V~?E)S0K(w5e91r@3ojk0JdYK**YibYZDbxBI`vXxKhhJ@I?G|+l(d%4f#Wvx7e z_69|R=Z`c`HUj64s@%Vv2FF|;wjiuw8fV`?^>A>q`&gcr&;D_`Dbz>qOx4vFizw2x^=;y z=Xks#6LZ>MH@92+Q#5CCue-adt%CPt1~~mG1zyz0w*aAF{&p!9*N0?{wVqEK9eY-8 zZL<&42(|py1kQGU4B3+AKJU#*9zKFf0KrG8`gM89+MJvoCo+GYtph`pwD>n_30eBR zCtHumN;a;)>6C5GR{rs6y2TEZm`p%a>h|(@0PDVZLE1CR$3KH)bCecCzts05Lp|9q z+f+Yw#O5%6d&TJaDN6hMqF4XFTKvV*6q2>e4n15~=1rhn z)gc8TZdUp)Q4edegHb2j&zAqYTHTZpyGQs(r~ybHGw1(xT^@GaXx%a!{Om^5M!9Qv zqUyrvmay^3sk-P0BY)QC)p+$ixRP>k#Z2jo24K*4aBTQhTxt<#tiHagv(9lGm?u^k zzD>GLWYo z()g^%{w#e=BwU8K?OSkZLVP&ZTK%C7#3?vt`C$TE-a{s5(Ot(C7{UpmD*dfmy))4v zp|i+Nm7_Vk(rF^)2Aryv`*AkQC6NPv{F&_azZG+AM2Kb6w1_mz?LtEQe-=_V!3*HR zANJ(%7ZeShokj0Gdv98AwzUC(Aq3@2|HyjVf(e$50Irk4_G!FnTjg}iO2fdXUyTIU z2OrUSx;ILJrwQX9KG%-}bH=hHGP%mmfW24wZ8sLOlntYi``$8zDYF-&7qwl3Au;xR zB2^LvY2rL-6C<}azHW-ItO&DW2d+60Z!g80OHc0b)Df!9q|+EIZ}B|mdwLXc7!_BX zS+U620x%xlB?NCKWXje1bna$dtRSe3`Ld`EV*ABtR~|geAHjkdoAx-CVs<8v^SRvjF&9V89j*p)FQqO;=A-zWyUfj}|RqUen(GpNAm278u7w^H@ zVvbj7L{$w_z9fo|<&<+?$#m*0L>qo+vzwX5>WGe17+Y?l_3lejH#hS^HA=lds)~kJ zw;Mhwpr*@rZUtBA3{g{hX0E;-%-noCQ?UMA$f!1pB)3)rWpS&{BZZ@0_awr$TgWg< zW%p4o41C!tZ#4F_C|D{>JmhZv`hG-29;=FI#ge2NQSl$m;}SZG1m_^2x9ZFCsCuFmlG-0;Cu|vf zRzjVcr0_T6eZ30O-kD(fL!Ue^qWuUMBBf}reb4G_#YxDY$)}(5(>#dOSdoBp@Xz=c zUqhA#k2{RZ)gv^}*hLa_g`QN5znGbd0~`@PZr#D&Wm*IVJ0+`)81}SBL4SkG{!r17 z^0DoE>@@GSmb@*tppdpD>oH^e_ior4QeiIe>4UeQ;l}=aSldM2@|WR!sBFtv|CptE zh3!1@`o?9VB9mHToU{<(10kP{Q@FY)>x#6G^9836f?FtK0z){q<>vQ*u@ax2cEu3T z1dADH-+e%Q+XMrKjnT9zVYYBQWUl|oYBo@k1ZA-pY<+kz0jR<+!#D` zoWN=}%myc8Ee0_mC0^D<&MI?}gd`jX_VHaIYa0@ePlgmPoHN}_e3lLh9YWr?4I_yg zh2g^R9P;HKtRc}XRcg2MjR7Gy8?*7supPuynFFO`F>qfOSUG4e8SY1NWl{pdkAIjW zvF6?6r}D((%wwJDvMh>6U6Z6_Wab)F;m}UfC63vc_;ecM+sryx&+Gy~0$W#zn6-Ht z+zPmCXC)q{3wkdXu^pi~Mv1p${MbYvSDI~t&H)kTif{-3Y&Ub)BrOK=qvw}A0FZT$ zSrTZpBZ9d3Y2H7yR}40Rhgvf_`Vy%3LH8@tnM;?ExLoWKh3W5 z>ONO_4Y=Cn)G@eT^&REsa05O<2>Fg%8?fg;8yt313$3QtZ~%fKb1>oK)C-hLk#@B! zt$iTyaoiWV-fA^I46c#XJEiys$< zw(sTHy*(A6eQQ?YkD6>JbSKnY^W~d|C|K_wT&Q?$%t9R$=YfIF;13bN^hy7&8!U%~ z?cox8DPf)2J&hFIk$~jKHivUL82s8(@>Vhk4slNGLpoU5`m8kGMTXu{<>{8w-A5UY z>{lZcO>BY8IKF|8XSbHaFwmJ=Mz!ERNci+{!uEEWR^1WTZk$O#n0;MMnMXm$;uP<6 z2D@qlPAZ9*F{Ncnvl^*9aJ|yxe)F4Qq_I|}=+_Tq^0p~Vgl(ex&zv!j{Mx1+pgSMyR8`wa|@TQ;|~RVEu<)1AHP+dbb7&l{qlIq_kZ_rA|Ihwe>)s@=PLz*dIv0j|B}9bo$-M5>>jl&BJ6wT z53P+?67N{Ix?hT45{0<~k90bfl9F@J9%4gAAOHIaCT5B=ilep;j0l(KoesY<7MS|` zhFP?NP+;Qd;FIz-mQyN~KV--G&|yu0%B~kw-0v+mVk} zCJ3XtX>F{4M1yASrS-lC@Uo8^zi7Y zs>;;(Q(zNGu2-GL?}T3LAgl2TC)|+8597Fa&U2?UISaFBH-xOB3UJZxs_ zAacJ>1w3MXY95-i_)|5mE9Q8AFTqu z=iWJ>7)|hfBOiF%D`Q#d8dGzi$0q2Bbt7!8+d6g`0fgO3jyMIelD#EToaRg7hiRO7gG70un!N19J4=31H z*k%WwIbNFEp_ZXKxI6WnS8(MFDdH_CFQ%e_l9FIvsU;L=^dOz=z#ARV!=zox$cf<&%SU+o;m}sly}Q#VF#A-exHI z655W9{OTl{q4yy!9n9~zHDVpnMKAlmORf}ld&#pfA%Lh$+Q(;|6;zxs%*(?gt-#G) z>Iw{UkG;f`f$RS9!S8rLSIi2e7)@z%U&gD<7t25Y%s|!K2(jFNzkmxS^MDorHS~th zR=SYoE-L2oZU={WloO~Fu*N6cr_*XnHXpbwmfP<%R5iJ$>c&PYw{ay~1{IR}3S?MJ(h=L7Ib# z2y%!wF#W|i0!CDBLRe?Q(S3}cwDF)HoAbbx)q_527P=Omoqp=`$SV^2?q*ue4QwuV z2D|_M*3y3{h}&QUM08LVIRPbZ9p-(hKxNuzX8b5VjgY`!jrgh9%T(&cnyw!mjrS*{ zh&N1hr(XLZmq~`$w9*0~idd}(-{GPnlSz;#0k`n80qWOZ#bly;{42==Ww?v2y>Mh` z4yV*Jc%QV=TNco zC7#*7YCoRMd7mkatnl@YS4?mS$59AAFdaqL*#wnPAU{lr@9graz4<;l0x&|i0hj&e zB*63#mp&PP^yG;Mi$3d16t}rR+PQn?@EL*a;3H);B1ya(ADd_%LZL8n#C(}oCuw>b z3-izrmuu?isT3|Y6f;5w!p$L?xZ0@9O%tl?i6QX_8jkD(WV?)1=TxD>LR)?f;l<l!@mDQDJ2g&&y9gxEB9sA~x zbdFKecpVHr65+5T35$dy10kI_it3c8eBR*SAJj)ZE)uE*z}>`Mh1Hzl_b3VNdmwja z`Ye2b-l7~dDw+(XyCSw9I!-*s6>*>VNT#ls!mJ}5O&zSJl$XmFcp!Obad=wQcD>c& ziqY*bP}#$*?|<@8Ox%~Be?%xcS&ewJclY#c8-#q*HnvKtIKjbzv`cg7Zqx0WJm#k? zh`mIx7qsQAoLy_I-2nQ!)R^aA&)<23o7OD-nsW?S{;v|q=q^m;B=fa?2 zQNRlNthd!;kFtO03?!KUX}Mb*DhTi`?d}>dl`m~BF`@F8Kd@3wyn|Sv+#TfOlG%eE ztLC%rP!16nL&KSz6t6RE28s$-jxM6AJs!uZISlWWpUw@{^mOIyKd{zyN%mfg!IiMe z8<~>f77(%!?Q1bUr@W4Jv}qECA3~QLC>++l&7`WFc7BhIatUk`IRNznWh^$Wnc!Y3 zq)|ByVwb}ZL4;MhQh_FNR-HN2CX-fo2U`L#%f~^6ftM$}b^G^f*1o?d{;&U(z5f)D zsSEQM4N3qgAsK1=i%0LYHfZSRzzcv%uH)?N%-#;a?;DjY%+$HE*Gj15@)#XKmS&C#m-YGE|jG0 z(o*>UY5`zRp#Vh_p~s1`|CY-6^i~l4WNm#tsgFiF4dLY)>}~W`YqEz?dGTwI+HrcUR0p!t<7e-Rgsb!6#gWf7KQWAWXar~Y8v~OHyrr|UC&JcABSbD6`{tbDl z5@a!++Js4F483)12uL@})uaP&{!`QIqWo6buT04I3^tG}cRB?Kvu5+s(?36JDj~-k z!0JRX@M%XmqPS}jJZMerT;Oki{YZ0Sd5a%P|8}1-LHu(uKbWpbYqjF8W70Q=9%Nu! zwT)_z48TK5Z!%%NN@I-oYKf5y$%#4EAGz@3iaz-ER#olGcUKPfVOf#jw=%T}DWaKL zp7(O9D(K8E?)7lP#7xNQ^{a3+<1t)+%6R6luQ;;d6yn?MFHPZ7z2bCHRv%QIBPNOB zR_=ySsug#0)xj87G}1qu_!>OB{l8F>*TMHA-}ET)H?wy^%3gUJ8X9_8ySnb?GDc}< zE@cgWv)eYho_cSvas21kX=%1=ljE=N`QB%`#Rjs`?NE`Lng5mb=voa5zzNrf^dMt= z-kZ@RZOzOU&jcT5LIluHH~OFM!v6jhsAM++8jGw!$NEp|h!7exjxT7=B57BGLX`$F zd%w?P=XF^Duu9E)1(kOj)zi~dj84S?g(R@S_2h(vCi(wlxI+FoSsQK*1RFi~S6QrH>jXK|)^8*9g|9=*(8ZXq_r(*h+-1lRL9)igOYQ+ivYA&${9! z?ou$VzS!4mi}lSoP4_x1|M&|aF;5z5(q*E_^M0QiZGfkx zPt8qRK(|RVU$Nc77dfa(Z~oB-@PnO%tIALlo&67Mgnh9!PG5kMM@KgaK%k1z#|r?d zc#xoDP{OVlAm+ICX2Gm{Y&2Ki*PBc&mB3ek+;;O^n9mhrA~}E*0!T!E{^8oI>1FW% z!nm7exW|PHz~swpLPA5@#8j#j;H{!+>cKXE2cv!}C!qI$;xz!@YNTmHCV}O?gJ@$J zdi)b@N+kk5Mu8*Ym2WfufE8mkT@hz$_R1#V&#%uy z63}`Ku+}#UTxl3ia40#fEN`al&LuHP&% z7-IlolTXh#A;y^UeAoPgs3iKe*rM_D9@!J0Ym@iILW<`bMY+8K#>0=cdv8HGm4Z}G zOi-;q3=?cq0C0S2I{X0DU7oojl@~GfEb%x(c~Nn~m?P(`-|}LLo>^3K^rMrl0&1iD zX9Prn+15h63DzxLyUgYwe2-k>I1BE%q zxi{UBVxEZeRJHeQ&$~V;r}(4znv4MPiCuE% zab1x%LhoIHN-QE0@&I(N`O_u%04<_{hM=jIx+_IbWNsCw>R5OW1kGf$Ly~~}r~G=K zuI5paFZSJTlKdf#{R<60cKm=}$&6$Kn;c=R9+1ddcmy=pZlhoUF{9w%Bc%Q#LeN(@ zuMbYT;0^bc{zj?{TPVaoo-&YUu{_}{^igvBg^x;q7(qBzuOfwAy-APd8m@&=#Gnij z74ocyyGfpa$y7%gMRf{*!lZ&hvQyUT8ba7K(o+x`_aP)i_?YaXwiVt}fwx2dksv(A zrm%v{x%Z43&D5FfHPmk&qE;qK+0AkVk7XaYPge<&#>q&pgbnMpYoMYJZ0}>G8*F-? zSonSQ1Mk0sgX*O>0l_G2ccz`HF!7Dc%*S%-C8j}Iignkyrp9gWKa@cFJkN8cAD$6z z_$m{kh1EbVb|se{Ans&uwZtlI1%LoE+ZW&Q(})v|6axddp)83XUy5!C1>2T?zA`Q5 zT4{?sMsrgLkllW@J*EcNTKSlDgXuc45-T~UjRz-iPcAv1&<`i z#2@9G{)e(}55=njhKqjD`oF&vQm}RFeB6EK;l{KK{ub@5JbQ2tX$&t91aC&d9j9nl zDVHghu)}auc*PEf$^;^1=P#-gF`X=oLvZLt4g%@vk;1H%5nk>Baz`NY^F=KJj#QbI zrBDqvINVd5kivokXQsEI>H&Wl4l#hAi>K=iTc6EDJ?J$9pq7`W|NY~D4G z;ZV4I$rHhDDp`#EYkreuz^yThk@VDGDjka62&dqH7L=|Ohbwebdpvlg%QPi&*I7;F zQn|0AFTb=cv4N$+nEIIH?#NDi5Uw8ps%aV%S7ZYG@{to=rE{@{FvdyiAMi@qD&vN5 zvTkGdSS~g{K_}WF=+YC+&wU*P59Ir;9@i<>8@q4v$=M`xpKs^K7tEG}S#;Ugs4b#6 ztXQGpq@oR&xptRL0!Cd36H&E=Rex(=>i|$TtOr+}b#F23qD9k0H9zF~%p99si^W$| zX&C@ibn%}2$hL@pz(YHds{kw6Tg1brl`U#h#R!m~S;MfO3!D$at3loTc?NchWlJczZ-0M>*&X)FXIwGetSy4#)h>fhS@R49r2)69h8joxtgl zkQ&83wQnjS<${%8g2s5!5!;X-bQRrMLSK%IkF{UIpU2v}<;5aaIJ%REQEg|@-x2fi zu<#_|qO+spJ+fFav?hlfB&r^GNB##0sqM7dr(`e23^3AIJW-lj)-`3vcUcoscQG} zV9A_3_S69tt!R|7V!kXFnm|1vSK!*p5dW9u$*SC7Te^g}{a_CM(FOwr6`+CT@$bwl;+1~GpOAL~;~~e>Em$p*?Yb=!B@+-wU)E&*??;5^E~ny!dVT%Y>K) z_5*?{2#OmfiOS-=iw!u;Q)RZ4M@65+t4Hs+Vs#D`Lem*U`i5GEH6Oq3a#)DVDald_ zx&8?N{mzxtJ$7}OklKT873t)vaNg~*>S{MlV5_?TYLDlBQOkO})qv}UEX6#T3stI~ z#L~OdxSkhB48CVvRj8)lIiPdD!0MjYIynW}<>uJZWzO&8Ku30bQ@}e*80hBKQH(V&mgJo3Q)Q6*hgSLte8fj9u&ndx5r*y|5_<^C#i^}rwn6rQXt zNyb3Aj%_C%f_6q#YjytI2OZ9<2DC~4D#m!~iZ}1K9`d7!g4i-hRJwk=Jzdd^oNnX~O13F_&$3GUtPI8@3i%`xlJpU3{1t{45)s9yR;tIK+mSeCBkG+30J_r zsM*&2$7t^rj!)PTI)$1|HVf4<5trwNJoCvqkWUFCXH#d#665uNKZmHP`{Jf05>M`h zL^`ZVvIxcXxMpzQuR%eShBj0YBiJz4wYe*IHwaIR<~`*)nTq zm?%p94ezJqvp1%2t+O8~Ue2#vreO+Fo)N6IYa7PGaS~`FzG5dcJzi$|B1U6Jp@e+W zQ{l=#Wv1x1TSLzm{uS{PUbWEr4mKuxkYZiST^6~bKC1=RsJ6)1ggT@ zZ`%nTJGMfWiuTru2tA8()6}r@Tf_#^7^lfr*_2pc4fgB6uvQkjO=@dB3~%f|3ZY#A?FDCPHX3XT}q~0!ceXS6G!y0jX+L zi|m5)x7c@#DbcnWox54asaLK&&VFY8%&W?wl~m*dj6a<60VMLUp@(;L-Row2eubn` z-{D-2_0=C5g)H}7cG|O5I}i(~u{=@$H50Bee;L*BeW)R|;;g`ECkIL{HG`xuf5s1mFwIz#UxXqv2e$NZhX zyE0_{?Q9cv&Zt-?hfF5tkgsD}F>4PPS}eX0g@XO6RXn|h}4+`P!EC) z;K8Z|L9~g43O|l*1OnH}U=>99Pf$}KX5_2VID!{gT*=ZD5B4B$5#>nIMM}StgH0`S zZ$Dpc<91pDd{U-a7PZ%?{+{qP7Z$xiYOe?bxj{E`P?oCb>G`-Y0ZVKZMP;9t)IrO! zWRC>}GOpcLqnSN$xZ2JuoA>3D0D5T#LP(VYx~=}mOV5(KPxT-*wgsyB(%@g=3QDKx z&54bo`N-{=07oNsZin6S60kH}fz#2@s5wR~3rO9>!rD#pP(HIMwQYOe^|=9=;&S;v zB5HmG((T~dXg-E-1!m836>}PSE$6Gh&gQt-M}4>KxGfp3__<>2WF?ZWnV~2rXRQt@ z1x3L=jP#4~Fz7Ply)OPM`%C@3g0SdrqOzohMKZLjAO1HE1B&AHnB1Zq)$ z)uV2+_mnK(%{mozvb9iy^QPex0W4^LL=O@j@HSll_G630tY4+hRL`DmJHAv7SDY6M zXNR}qLMfgzQG@5mS*G{kDE{5t@iJ*p2(cXzo#4D#FOb;L6j)68)sm;%B9LKr*LJD?HB5u~_O9V=1WxT70fROlsyr!nR z3fMRXYgCvjPe~aAf?9w;<=bK)vvYB_HB_Vs_O+-~GRYs=`|rV*1$zpaUyKs@JnOAb z02@ej$3uqX4DgS(p2FD>0V<@FC5zZ+ECBggMb~pu&3J-mJwn)YqEKtD-{ilGcaqC# zYSLLX-fRW{_$YR~P|Ix;2)xhor}h9kA7a6{mRW{bZX3s*8_*P*&B)AL{|6Y?>Od(Y z0ql4`ChzBkU_&jNpWjmqAgNSmb1+-6#c4imJpk%7YuZ{6N$Ef|W{UowUcN+f2S=XM zLGGh&@VJdn`(;CwxjIdcC(2dBJmXef=A zyfREkecoS2EPcOJ>TKIwuLPB$dN~s)Rj1OB=S<}(|9dvlwyOjkJ_82ClpUZZk3eI2 zp!dHCu7nQ@5+;!V&?-;^Dd~VT&s*`I!NHQ?$BUMR#>E_*0n316d z^m2S%PtC&h105X?87Oq&wQ7BShNb^`h7eq6BXXU?UZovqvlF<)jPxhRfu5dRM)J+g z5(i7rzsf<)yWmV;0DO=-x5!UF+t{3J0jsSc&K?4gRx^C7R^mx#U!Z@jTvvyRg0dMb zmIgZa2~>V8fjPF?l@DEt6g0NaD@!mx{I3n>KHkX08aM$00dM70Rj-=>EPQS{S9##u zJUs9Rdo+&9UI^AG-Y8bItN+`7!|U)2aXXY%4{-i@ISqnsXpP<0;bNo5oh*eEz{kb* z5{HqIW3;{sbxl480X$gz5KwD=&Xfw!?LgvDM;t%|@ERHz(9#@)NN@X>rz59C2+SB! z*_)$-sR`bjmgg#X%r$&LX-w|SjrSm`Q~&Hv0&kxpcqh9)fdq-4fx}M6;Icn1j;nfe0qg+0bS#+%3|))FJg#wNLMVq{|`3d-&tvlsMV__^q{YoI-uVD&cdAa zIe7iAo!7+I*cK!l9Gv8G0Qlg7MdjQqd5kFo`xO&5w8W>iE-SS#BI4@>=#J9adJeAV z;(UEjRc}~gV_}*QC?F^(*p!@{d=D0(CTb>EKpqeT0!**o*YyLLy{K-<*fg)$uJ8V4!HtR$AN{ z!2{PZYD#A+dwn<{C1iBM94^z1+sDBAU(g(Q?(eS%B`ZpdFTmPZCJK&AbDJ9*3$gwQ zK#2wUHxL~XP-6jU#iYj%U&=+mv{6s$LWmzg0^5Yt_vBXxwR?qk99E0&!ml<> z!QFmP*@Hl%`Qeb|?0?IBo@3SRfAWLodK9@|pT8(G(AT$@+WzhNKH2}>XFJiwUZ_#R zG2y?)e+vbTFXsqHAH@2B3R?Dd1?av!cMuP>65+ov+O7NCp~WZW+y8ZFO9*&D$`sga zpF4;Be?I&F(>a@D#kwuN2pt_AI##pgJKkWu^N9H!`TQ99fHo)KQRZ6FuXUcOX+4>6 zi0ipMJDyNRSu`Pjx<%}S7G!y;_0`zEbSRsH0u1S25-`PcNgONHzA(cAg$EB?JG-O) zo*o+U6}jgCKIJc?mcHnE#LKlA;??a4Yy|$c_+{QjWUyRh?-?Ec9XTCKWIw&n58N2e zM)d#0dB*@ssXaI<@bN)^T?l}Vz9=pmDE*1`i`(f?2gveYDZk?dnh|2@(%a_9N_~S` z8#hKp;tvH?alkT8tf%vpTA5=3kzM=B>ACQj5P4Ece8O;#Ox^7Bx9_d9F_QA zUc$n|!-r4iDsHucLS8Q|apC8gYl02cfc>trEaUMTs-cZ5wunadbn*@gk z0!X9k{|!z67#ud%AL!KFSnsdBE(hVDdB20#I5SXxzW}EAHQRU z1@n}48Ymi&Km7gyJL8S=KAr6EGNP}9{LfLrpE$WaPM&^N9%_zbeU`RcL>My*SK0T* z95qc&NAt+YGkaTGQ;bYZ)}P74#004m^=Y@OaeGg9Rnzh~x58ebKu7NNcZ~A9Kcu5L zCjf6pZH~9I#7inef4lc-fGZ`fM)yCS#VZ-E-d)! zvJtQvb)NAzadKDj86F;Hfq{YHjxk*i|MMry|+AZfg92ral4Se>4<4l14CjZ+Z~`mkv>8G+u{``M zVIN1~&EEMMyR`#1oGw1v?N5r$*RUxa#DpScpBwr$a7?()6oCV80@^{~e@}v(FHnzf z;%tv&|H`?t+_gwiK(K2sn^K(^JZ_v+&nY>4iXm44^u4mcYdQG&XH!yC;nzR>Kp)y* zF(O+j4~q+(L|1=Tt9ndH!{o4N-_e^-LAFv zc6L;Q`UgwfDPeeG#s{HyLRC?$+s|=4rm4v*_xSiY@c!XpjM6uG)*rNwG6HsGWrY*` zNjBj7_lIY0A2;^j1VbH*dVK7}5VDz~*Tm_Bz+sigPsZ7KU$tv!=wAJ2)si#{^md|x zHX>PIt71yK?g?=C2$O&hEfko__B;TO5v{%?POCignbNEVkGo2ldT_7nVpwp9x>kC*(7N8!kLu{bhyJ}IWwcYfS{;gmt@>; zM~XxgO59;!(%aq~O)ZOI3LZ8uU#%>=7u3nKy&mp+9&g;&A0799CG)ynUV=SsD>#9$ zmg_WmQh3-91uYl@o8T{+bCO@cI{{3M|G}rgBCPGDk5${ODS-p~d@MMwl7nR;xT^6(ePJ4EX*7s{r zg-oP-e#>^FDyK!VeN&*miFqo0O4qFO6qdkkx+}l<(+(Ct%E#W_H>(n3iRT8ie@!|F{4nzEL-gQrW4J z@kQNRgq6LEOBj;3_TRFcS6~$i^tr^7z6dwJ2D3Hl9yc)DVY&0dY;|jk@!M#&bX4jc z%Qny+-CYD*ej>}s{292#cJXR)kWloNuZ)Q)=qNqj)IJb-!iPqr=yoI|I71yM>~Q z(rpsaaOxIwJ!4;OqmJ~d`?nEB!to?w)JZCuc($GbTYfsW$1s=IV|@rAr;O**gAt$L(S__5hp+LQH?%)_@lw69O-j#zzmVV7S=9);v(5+1h};9S08DM9TL8J~fxI z;vX+Xa5frq0Cb~k!7Z!*j6U;hPkQ|z(nJ59zWajxW9yRb+NN|*sTZ;7`qYb-RU?SBTpPPx~7-fbKms9$`%aZ||tv?5k#e=zGnqh1l@&gNDg z<5Bvfe2-N^CYjHynVODHDlCPEf~(A!UAwS^^-bToQ(Vtx?AgW&50`Yqoa25RiceAB zwctXgN}$U67`u*mV57nMa-}i~^rQk$Uj_4U&-qTKs}OatuJxb?3FymF#nP(8{r(&* z0gfJqC#xN$dTj_RK}rE=FIT2D1gOmta@KD{lUV-RiSCRQ9%$KKf7sTnbN#$%eqT?t zSSK3LL`wedgA#{N}FJC-5%pz)Tn8LdgebuS=kX$w$Ot zt{NP}y1O0DwirTgg{eizVpG_!Ua#rsb&-K>OP6qL5|Ugg=UAZgA%SI)Vz2R0X10l| z*O}q?Uds7j5)Q4B0MZQsk6s~;Gi7)()J^6#G?BqV$CAv-(UgXkZ;q@XP&U@~U2yMe zuCSEzOwX8c*3sV`g{SWyN_T^$OSdTkL-2<`6HFF<__OHQRd4x9NpUmefbq(>Q6=ts ze)JjcQ(U@w?8f)_x?b5PA|{W8>mH&TmnFfSaj$&C-d`;OYFEqgDV^edmVO%z8)p4` zqO;I1i`3^9!`CyXmp>MxpvoVpxA$*1yvujE<~3O}jf?F~X2hrl zJ(un=r^^r6g)T|&g*iN+Dv#^}0~LPM{meyXJa;iX8cm@tMV6rwrz`pLk*3`athgR@ zm|uJ7?mYR)`H%SDOB#p8G!5#+tVD11&7tzMFwJHuE9Pny=%1_DzS7DiAr5a9g`_+? zc7a_BIndVU&^-f|(qdsmT%c%&0>tS!q*!Ov?fNSHEPH&YrsWa_tC@#x4#rDwY8rv9 z{UC$WnJD;Ev5em=R;oJqwa(woRZEn#_qa8|x&{AB_2H1{>^7%Br!Uf@sk?x1YGdI< zI7>g}cGPBFNj!-m<=j%W&0A(c#V_kX!(ib0kq_`vJXgNeTuUxfE(+ zpPhv~YHb8XZ6rf37HTI-J=WBB*lbOId%AhNw4bfA(qRTGq8UJLTx5U$%nE(plgYkk z^1Q$P2hwY~9ANo7a{t{HG~I&(1LetWCyb(UFjZqQ@MlKiiH%LOia{uF6;BH*k`Nd$ z4n0A?h6sl9Mv128jg9&{HKg#M z7(#TgG6)IMi{4C_n%Bt!x+pBx_2r(qsr^Yz!^p4G21%(KM5S2C#y=JZgb+?ES03Fe zzwxY=Fy+zE-mHJh-M`tTShIo2wvBTaq{294;0=`FNQW~V849B(6wjGD!ox?zczheX zTNT-$!x)dYGsY#jHJ)Ji>UfvX)+#%M#mEFRSFX|@$EC0&7tu<#N)Q`7B4(CO{8W}+ zN}j@UWIaM}{^_2N@aW%zBoS=yaGT%p)aa5pE}FF%L{{Db93%PCXSWK4ga2%AdihyA z3`uA1A7sX;AmjOuXF=BvKU@^S-W4td;5^+Meev&}ZMII=#nnpmze}a^sDbm(y9Abn z8Pu<@tzd|6qxW_sY%lL!#wzT;jX`~K-2P2bUUBnNxo*#%v^7Zv?ix{^`ORcL6bD7^ zMRpn54mq;W7)EDG#7cxcHtKXbSr}A=gsaC2QV*Wz{3luqU-`9F=auYHY?^ z!Dsc|yW@&Wmb(J&)4ebY7Ml%(8kevobXnex6SH zhQGV|6Hdr0OT_mcPUA)IIb&lq8a_p#&o3|RKVE^1zF=|jxCGpjyA!uV`N5z^slC`d zfnIs)AR2~y+-YnylRPFKOVs@wOx5}vodRqbodND*>0PYAAk6STLij-l)w8<2brP|V!*^gTE3DutN7nkk1 zf4=HRK~L`UoSiawsQ=gn9&|<^Uip{>{a`{y+lt^l*t5k(Fmi~`EmCX@JH17qq8P(U zhr{?5KFoD_E|pr>?%xGth0l`7IS|shRzY`O_#if-F&X3(8}BoyLaxAmB0}mSc{n)2 zWxedpbJC8z+4=042)1X`;L5>rkqdU)^adqYe(Z~xmc(jW>7G&E7!fRY|426;5zCO5 zSt}JK6ZWrXd74X_7H_``$H@@WE2>yAH=H|P zW084o$8KoyPeh@~!FcB4fT|~swJIj}w*CdbickRE?YMu{gU2Idjl)?s)-A_x3&n)X znJ?n;e10zI?Q%;x)Zu;e86Jkmts7BSCqlNX-GbuL94UtNSA07Pb-wivGhb@97P)&A z3bk+N>P4US@BCl64#K3MVr#tn#7g)nQ{7#Kh=@p&50nk*Ts~{WyH6EdfN&*nDz6K& z87i`=JU8>nTy~YzY4RN&lr*sRNL>GB@}tM|HMMV@8tyQO5dTFUggi-3xT-BC@Th*^ z*P6{`AVGo{?u5KNRa%(JbhEajW`ZGLeM2A37(c)gfROH;VTG8Ivd0%e9lXeVIE|@z z+0#n39;)B;6k0_E6%6G4?6_Pku+_!582^>{HYuW{F-3}krj^Nf-G6w&ac6U6OVcikbquJ~8M_f0t3T-EvT|i{BBw`K0m@5>h zf0`Qxj#}TwGHcdGcIE|Zn;vV|)neF4QW~YTtzGpr1rZs0e#sOO9N%=7Xbz@vS@1C7 z2pA7U-LRNEvcN$fw%p06!-=8>%)Us>2^vUE6D+1&QK3Z#roE@D&?t`_T1;cK3pnSv z;@6@TNOU};@OrFNX;f3%wgKru+<<6?6CQqArnub+vzG7_JFa=5F77P%=>hih8RDM-KYm3J(5) zpnG_ITAlZU=(|FeNcd8~ zc%wJA)Otlot->_cu1E!tz_I{Ac(l@@J@j!A7V31l9m3>xM%V08rd4d$EM6jtSZo8I zB7dOc=xTv+fBuJ#h<(^U_%l4zYS3Ahq(5@ZSsCdYx5vKh4)eFdeuC+ReVDw(ZKE3J z!+f4!6!FRTYZ3W6jh`+buN&&;4buBP{{@yw*NJYm1llHig4w|oTw0AH+`U}>VKuDs%OVE!$g5ODd*?Ln z;~QBHH>>>9tE|3LbHB>3YrJ}T8@uIfcXsL=$V~CN<7G?!#cZ_p^vr@?un0U*??E5> zwB8z2FK$IX{#$Fy8;3Dl?A=S}4uqGN+ta+Vkk@Yw3f=4>#Jdk?*EG=%10=Pb+N45{ z-smc_(}=WuoEeUe!x>gQ7gXkh(E*d%l-&C;UX(m!JH8+?L!$nA%L!Xy7y-0|WP5+1 zP6Y**fet_eai<%7eITAnzo`TXM9C8U4sxYc`t;}uDVG|@hg!7VQTcsu1BXdMfk0la z6jR=J(O)d00!chS-E#h;ow40wUyS=J5GYsH^)r_3&bje{r`g-?^G#_8A?e1CAvkV1~MSrnO}C)vMom#k2Gmz8fWW-GSFaqO?CA^ejh875C9L2KU|H%E3x{&cle zTFh+@fzlr$(ZZ^K;El5V;=RrXGFJQ_L0MZ@)Y(S^XeBtCU+fj~+9b zeqXIZxrbZ0&pJ8_N=;66;Rr4PWs)Mh=Q`o2H}ma6mi)plI7rgZT&`K#Wy=C^Sjrah z&|PL?2!QEQ)}Xfp1|DbYieQb~6SbBmCfZ}6hzQli6Nk9zXrdH+Qm zUF+QXVrOit3Fi>tJMkFA(D_)Rb`1gJg-v>evZ$?oFL7k3UE{4hi(%~)&kq;la{;vq z-GGE23bFqrciFz7Z<}jBn+XJsPfQSSa0b16@76d+SB7{Mm79_DF7`mP*#GhHmSFpQZ|X=6 zumDJd=z?T~%(5@QxO!jFHlL7z=n3URaAjlFt2q*ldLMB7d$)Af^=6=B>`oXN)& z+pde2RyXO*>QkYtz7o5!o>1Rn&y=!MFN#ww#+m;u=+6s1V$iX8g>)R)O;Wqb5Q2Kt zp_uhk!aA565q&kc zRxqw@YMp_Lw|5n_*}c=U&eY^U|1Y}XmOUY%7nc|ov$eu`_0xmN1K6b|zj2(ieOS*! z4AI)ChT`SN-iWCBXL^w==J-Lh3_aaSMeJ_2W*xYsgnZd@c}>OMnLv(J?_!*XPOH^I z>nGXdzJ?y|P3W1OD+^M)rW-!Y|9xAKgpHy>uc>P1d z=WwB}?-|A&s0`2J)w$+bY(KsnX1_CBUa5B9$h(2-*T!}JCdn4yYG0GDjC%3jF@c@U7!UE~_~iHC_!rh|Xe7%4X94^0Ynzh=b1x6Wa|8Te zYS+3?j7t+X%Hi1SBS1$I6ya00|Hjx)6;o4JONi5`7y2q;n9>DzqD6u8fcT!zA8AKU z*$!w#`PZ>HD%81gKH`)+_g8joDA1tX%E~MNZU^Oh`wlLc=7#Z-l8yDnva1JF?|TMIdW zC%+PhfhUGf`J`?-DS4WD& z;z4DF24CP6p0Q&TD2+kZ-g|6m7;uefs5T*p)GAyac`We6X^9L6`2eqK7x?cEcyzc8 zO0R#YgAe{?KkcN&v9GuJ@+wCbH0)1VRIoYxf?&p@LHXznTkl*qGqaIF1SVUpcSGkKPJ34r1N-j@FVVBE{00Ih9Dw`ce% z27QT7PHv$253Ki{?}|JmOu&_1sjv9w>IhQn*Gx@{rJ#y+-xG+c4pJ~;EU#AJjra%zpyl4K_#v0Fgk!S?g>v+Boxm8_2& zkHKREG60~(B&6xAmUr??MD>^Iw=o0Q6tBVTp^Vo~4tZT|yYbVo{}(fU_;6KVb~?7* z@QuW$JQ3yt&QFHltgWpj;fa?XeNB!G3cY=0`q|F{xL4uq>-C6c1KZ`Brv!|b8a)(h z?Y~v60(mJ>KnI}#=yx1|Q|=4>v~}E1KJP5lRq+5v>XBER*;Atb6yk$D?+!RKmVg3s z1YqTJawt>o@&avxsQ-unxQq;7r3!MK0|<8{0PwqkbH{tY2(ekjoxAryQ;+t9T!6) zBuUw`fgwf{q0bZ0r^SkAm(+P}|H`d%HHQ}@NJf~m##hbK?JjneZvcw)4&3t;Fvfbo z`HTvj{v(f%t4{WK; znurT9;@JSq5?`2!CND3*26iJiAsO2Pq!hg`18{a7ST|rT9?g{HC>3ch zI43g|^WPr}Bcq|=^dT+OyOg2fF$sW@F3M*uk{!eVx{LbrQOTFL4%f$eJHQhQ9~Xh1 z-?%rX=U%hQQmX~~dt`|5KcF6vjS0Fs65uaAGiAoogrFWOUI~Qto@naO_`NY%{#Zca z=mvS0bwHP4P7ERDo-CJra*ZU*YWb?nYj5=i@-?c$JoH8WfH^AxcrY7aCb5$=fn;=2EqFyf z(5e*1fNEvYV=P!va7tpc6X2(oPNX#Iiwkw+-)XA5JCG|i9wMo+Uh!3ftp43fXDX)58$n zSK!dYA>h~2(Zp^x*)5F8O9>t)kNH|t*x#9vY6=bu? zt>mJ|mDbyP3^KBi;43Da6RP^tUfNeUIEEntv^?JcJ&|g?@59zm8fPax0zCp#grGCF zK}+34z8dRWx;>EZivyzKy`U+&Au15eblrL9di6^4Z)nPkUO?F-6XZz{2%7FsC0no< zl=EVc_gdiubR=Tl>uEm$orlgJ2p^t#PMtrfEyn-KXM5b10iOssrDm)m7>KU#DnV_4 zp7}(e3jFkMes9z>R9!h804^sJKuE{C?wn(X-GLJL*L;D(x<}1gdvR4C9Zj*V>#i5U zf7}d*@G-yPE#QS=KZ25|31?zwf^anS*9yv$}| z__j0~ST?-txDrd=ktd)=lBwO`+F9LY2lq+u*dXLIlca4DmRL7*$~o*9&mDxMPC^78 zh^0wjAi~kh2wzcTM&#npD+GLY@WkcCyLVukprykyZ3}%QUmndA$A&ZhB4`$3FZ2cm zQn+FV8CLX4bzVg_h++Lw-fY*(i+4~Cq;wUr54(p<9FLa;#}IenzR)wi_RvihKsZ=| zf04QKXK$M4BAVH?b_rHz7uMbz%O1{@UMt_#2SX(sBfZU)R;@Hskx_^VpVa}@DxbI! z+hmBqkQn0VP71O1j@yGs^BH5Dbe|9q)3|f0_Bn=QXp=eZgzrsdWdI%MO%R;?fd{13J*s>Q zBQi?VwlVF$!8wP89ViC+!n{}=(*c;ImJDSfI(NKynF6mF?FUQ?|60)hapUCInJ}x`c|lIBv!u~_$Rfo?ozRL+s5Fmmu=pbqc6}Gh5q9x zOhxQ8L?lk{^d-4;h$LDCTw5lAdEhk-7g896d;DvL^In5&r53SMi~mH%rFMyUd%Z7y z$hp&-WwYn>^0QMoM(P_LF>egr04Kzv2xUCR#Ij8Yt=VAy5w5p(jqL_f5W#RtO_d*p zS?tAO?Vw3~u~cEWba$e18rT?nDg5reAw95z!LfH=J*sdV%?5qitAX+Ck#z(De~#5) zDiiB{Z&s6HDlBw$`or;RCn*;lcj>Exrg-KZVa=hDlNZpqk)QJ081~22Sn41R$#Aw# zGK8vY_?=eGpjdz!I)$y@u6PcR2kvNMRgx62NDvGOE2Xz-Behl^ljt7Xk>2s|e{bOB z(ZfVXXO~^~p$Kv3A;MdOgjG}_7Qqzz2+H8$-^qK!0U?fBvHj+YI42}f%}6E?S

    z98ukZ65pmdPSP#u41UIl)r2MU&|Nn6T0AM@_ zgD7+}S)^lCFTd^ASV%&=IiSU_W|w;Cgb3YdbUPd1OgY0*W`R{nFZM!2Dr+n2y7o3* z{&u|Fg5b>SgRzGd9=3sQpb2?TBE`K8AwQhN*ERQv^p%nF6c+I)@Rb=S*m>Qf1mcV# zv?LOZmW}QF25dnrO-3`3znxV4g+0j?D1{}yw2qMZCC99bNP%fE4??_k z|JITsL?kjzbSv25<=wY7TO%!m-o^+9#H!8F5Y=f^xwc1SGXH&bf8vw!WI0}47$#k! z@?brQ_r!P1Vo}Xs&w$=X(!)n{TVubEL5Rl;!&HPrGyeol2ua>wnqrN9uR=X;jiA1P z$bA;WUNLp9>kKEgy41pI{p^g_?92JnngPwMlf|$b3l1x_weBxw5mFCi8&eyhQ&<6V zNwfjBiM|+Lei0dTm{8;N!Lm3#z`!0PZBoDyr%y;A!TcTeaw}0t#%Ab#B<9%uL)dJ* zB-ze;c#A*t;GC83sh(lh5Az^MAv8T4`S3Y4>gA_6hfwGV#)!(SJ}H4mw&f*N&Dr)x zB8)P=5}R}8 z{o0Mpn^?dvXAf^>zwPZ_61(OMr| zgHgK;3Vf-X?KufeMzQ%vp-&y=f|IV57zomqo|X96C`ObsgN^= zF;-$GJ;^4KwW&4-Bt!(fd~{{^`WJ5am>(Q6)9tGC0W(bNv#Uob*e^YAtux_lJ`ybj z1O_${;o#VB6+Ls!^l*+PhJ*Ix#7}}pf~et(q?O)*Xdxk@N<{JkZRyvW`d7{p^DeLU z9ZuL%*_xeAG|_EjEk?b5nl&+bBEJ*_$B5e~bmgR0tiVBAi>8 z&?_3#CVhZm@y3lJZ7=^cnYKL+zr8FE%OP%$m5_>ebsotv@&UTnorh_mZ`;Ja1rgUo zF^j28VBCx-b5$*pFQAZAnUpo0a#c6B*AOBpph7q{- z)!F&F46tzLetSe~|3zt+@i9b(mPC`U9FmuZ3{_@~y8I44@un+?RlI!hpJ!QRh* z$H-F<&v`z-4{D)kHrXf=E!|T#kw9qx)E-4G`Ucs((w`@S%OF{0H>eEP=*p@q)3rt@ z>cfQBjQVel6IsNtULD*bu?$g?sAM$?KKkEFbB?4@Rm=MtNrv)WV?|@cslHNB_7Kn+YN+f`bJ0>n4QlYP@s!E z+%`vZAoPzB@i;T(i$_yct!XDsrlWiUNQz9%tBwcQ`j7sQ60dHO#n)Gf6#?5Hyg9>| zL|#!>AEN%WBzDzmeGiCv>DYokZCyhW7Z}kS%OzzBt0z3RvbW`>7FU9H11e>1ViTqC zYvr%v-7iz@@y>jRY(k>wt~!X46EBl!`z8+}7K;3VI$DWVs2%+J)Nm?s^pM5I*YP5Rrm~Odh}L}54lQSc@g8esys3T?=}WdpyIintrf%s z1hb&Pe0lIKzPgf6JK!NwpOjC=J(J!-|HE-);0v{yXf|{RDX5=n->1p$eaJ%DU`<r4^V-Vk)5h0K8TVK64>`89%(Zr7@k^A4iI#i5h z;Y`QbZM5?X(Q{8Zby+(1A&rVBFbpj*QWBr zCld*0^HzavCn-Pb@$vAgnQua6MAtXKWd6h=xbH%?A|Q2X?0n;HcBKUKOuYn5z})8B zBhT2xl|yh)M2kQo^z=LY@Hh5-t%TXKTq$R-f_vLze>7x_7?=W6 z$z89uE+h*=HnUjw3Xe3lTzQd2=iFKx+K9RHoUv(4!=n|&(+NyBqdjh`L@ag`J(DbL z5 zx8A=zi>BiEWl~vF(?}N&sEvYoR>$Fwrphd+yKC_m3`e6bSgbm}0yX}%IZ3~~EVTFN zNloh6?#EdtFVL+>DTxVqsX<;c?oZBOUrd&cL}(5Q{_&l&Irkq$Lj&26B@zJ9W!SD( ztXO~i5*QeWiHw4B`}RbA0!*G9*b?}ZMDo(X=r9{zQEIBQwp7$XhLw;vQ^LdruH6uk zZM=khP0SzX<8iScew8`qpXun27F{<^UK9^q7cQynQv4&BSrZZxl0q^37ZE$SF!Qkl zA2%Za)LUFur{+WdxTQ2;8ZJ?=Cf32J8H}mOUQIXQQhF6n@*k5-T)pGFdzn&;V}JOC zrh|$?wc0fJJgGzo!yT%5*oVW6*rb(hkTWEi3iZgc31t~ATq!Gc**an|EEJ9lx1eVH z!bsor;G#}q#Uz$mB&P(%CXo*9<_n*8ldz`_SL=SzxBE>^#f1<~oha1!N9MPB&XTj^ zMU)Wboi`L49i~}XM$KcLZe@pcIvZO?ep%grYBC3oo!+Tb-faw@lzj~kd)+89tsd=Z zmt_~7$Ko-Au$IN;a5$>vU3wmTWHfnNWYo4#VtYJIJUnwbn1mqqhO07>IdpGUuJK_f z-9D|H&bKN@b3`7kD!#@=667*RrRIqE@FI+PX!Uu7og;M|sRTey|<>%p<9~v6MG*Arw z5P^fz{sw@fNVzp1BkV)Wy0EeBz3~)qqg~^rR1Q(J@i7i4J1p(5x+4Ny0Kt>$p(yq{ z9Sv2t=@=~WD8F$(-dXW!=DwSIrG*a$nSS8h^~dVbU21XEkE}fxaw=0cpRS;H9+~x< zMC7l?DGe1+?yh_t^Dn%Bn8&9ZkD#HOpE6p{AhHO|D0wA8<+S;^4p)ZX80(tlOBj|R zr_>Kk45X&@*qI{kw-+U&rIzs6l@nJ7vPL~yOWbW;h4*$^5^RK26wpc5q(_((i{M)V zymSa7KA>;V@DfUfhADc4V)f~Ji<1}#&bQRhr=z+k}#z!!$@yF=Ip))VO zTFhY_iu*v;Lb1f@ZF|{jWU4=$vp2r1mYWv}vIDKdKl$SNoKug>Roy(k zSS`}SSV@JGiT+FfIa;Bn>~b1ZpPdF?VH&N(FYL{iGjY5MIdgLeha?YEN#$UcWPZuX zMVKA-Y2>1Eit;v={B<`&_1|6;j6O6B434d)XRwOMwECG9N$Irg$5szP+VZiM=>})nhY@J-8~YZ9Ha`OZlZ(pqiPeREfR~N8 zpz4;-d}zlho6mLU003B4W30&9#CAkK1aublXy3UHK#PghnAAq*rCE%ZNnZoNgqgSS zS6pmzC=%{IcE>0UTQyw7v6)W~6TLuft|ml0kV)m4IftRozZkmVO0N4fmpQaqw`{2; zI=Oh%^kg~sZR2q92@QR*od3pyW8Qx>ea-c4(km6m{rWBb+R(tn%I#p7_@0&hZx!*Gc^S`5d!a-2rYwg?seQQlo5ucw-<*1WQqf{o%;l zgqG{8$=*Ut1g;87r9y!RAB1`q<6hl*@i+{VJEgvn$S__GwO##NNkKvC?4K@E7f**> z3B-7K*GoYGixZy@qELRM^~SL*nzjHcgn-Yz+I*>T;l2&8Q*K@JO^5}W%Rg&J zj6mj7zMU-Q-EdNV%UJ}pk4({iyeBLp{1|*$i~=Zu!KVbpYXpVH_szH>v% zhL}T`0)jurS381@fPP+QamV|v_Z!}#XnmUlNlA3p`}{&y7$uor5MpgaC#Y@b&$_Dw zR5o}dZ%hRfIKpy50s>PqMFE zdZX-HSJSMOPN9ZC!VCA(fphvOz)W0#y63>Gu#VH&3%0qUw(A_N&d&|=vN{l+f5oY) zQ|EzgA_-2N5Tz3jy#lNcJ2Ije?w`2@64){ST05Jpb%rj4`BfNrFnZo>;FdM2KIO|U zV_M-E6MU`!)vRlG%}xMpn| z@k_cZi7|DftU3R1G@KO&*Kf`4F625Gxfk{?znyOqaaEgUx|duSM^6kyiw0gA)78!W z!N%Vvx?U^ahgy$2o9-9tM&U2V!W`pO5!)Y|KG<%5dU5pY^{6o-ai4*q?2DCe`^Y;1 zm7C&%)EwE-PV;NlA7{aF>}dSq<03QZEb5=;XEGj1MfF>9NswmK=tQumqwoNhlT_$T z@PCd0hh(#d*NvPhlLjv`nPUk1FelA(*7*yQE3+jt3Ns!vA9E(NbzdwkH6R~XKuDeG znd+IPo^JOTqpiK$cn-cpA@r#~ngITp{Rq(ML`kM;W;qZJ>GwA>to(;+NGg%6VWc20 zf$n)1->cOAvn$_5-Aq{3gr~#n8SMa0BdJ6NPh}Rk)y5`-WGk~2fV*-j}AT196OO-j53CJkm3Aj zw)4Acfu=_fF`eefq?j&GXx({7fnl8fX))vn7a!1jUVv0wzj(vlYC{0IBN*^eGLvKIbqzZ1v8{ z=dziPucy!Em}wTxf1#NwssvP`+7n#3N4iO?F&uearojC0Df`lMdvw)1M2gO_h{8ks zPMd&gA!&+w;3n?n(oqF2rGx1c(pxOV9j#sOm#(>`AJ|XELFG5>r&Y3+OJ0L6a$qF3~rMgchd%U z@4|aL03;ya$6cre3eUrUFJ{VV*rExel8>`u^TZ$F4*%knks1<>;g;d9_f@#{L_8ap zS67^}hs>u;NX)|rN$1F20$1B)rp98qNVe2}IFR{XD*W0!kA z%C_y`J}J`u`o(G-#_WG01jBniqzxekm{c4nLGNtFJz#nBPb!g3oW*$1Txe8NcsbwZ z^qdEz(6TW>vWa~dLZ;Sn0d0m1&<(|H+%(T^SPJvVZu`JGLG_vH+|u~QoP^f$Ve=sY z&3Fhk@CFdPPIeLQ^fh%8Qtx9Wy5X5xhkwW(2HHq}$caLZX`F7=th-!`Q7!{=9K7S7 zWz#y(1gjJ3Twv|@r!r9A+FrueSG&&dKXln4SgTJhpMZtbOmC*t=qv9iBg$TY17beb z<7RCt>KnRk%`-^a|5MeM2SVAsVUJ<#Av;;i5-LjxV;iXuMu^DXC?rePv9Bdr%f5{f zA-nAR+91V5+1F&>WnaHD{oeQc-tX@@&ok$_pXZ!&FV}V56{m&i6tXj1TFZw(%+G!l zmBt_(67sHzlu6^epmOA@@y-kzS&h~?{4 z1^2F%nveQL_et;;y)<4y!U?`(sZq++Y*sTjJ{sPQk9^Kx5k+(4yEU+CdpLG{kYl+M zKi=a@FRbzl@~OrLUexd#y`d2E%xn97ujV^gpD{~Mx~^~~m*8yJTtd~zfF!TWSWx7N z(a)P~L(sZju_Hg$oH+6p--+Je{L7a(>pCXCZte#JBIVvBk?YBDL?)e{p6V_Q6xJ!8 zPwp20k-biHqe{q4qSWvDGo|C1&a+>bW=f}pmsg zdx+rIm8zDFS#}L+q}cG+JA1e^^C%i1jXocN4hL}rB+h3b3JuQ9Ws=I5qQP_*wj;S^fiU>|!#<>Jpr zI4Osf$fVo)aT5|n9aJPFMl+Q-6q(jTJW=@gB6*f4G!5Vs40=FWf6z1gTD?&LF_pc+ z87R+Kyu}Pi+O}{SfV$khNG|zjE_2SU!bxTiv0+`JfUB7pg!HcaCEvqB<%x7mO8jb- zT0E<+Zq0JxWOX+4yWI!1Z=dF_E+4Z&f?B83(0rZIl~0toJ?6SPG&s>(1zV>Z`ddz` zTc4hG+uKMz3*96&Od3DbIJ$i*=V2NjZp{y*>Lk!bZ5((TrcY(A&%NiLv&+F#EtKaZ zPNl!!?Hp8;Vc-saKEj`dyXx9VdOLZ$A!at>ejU3OQ@r}aVm5~u@WR*S7d5517E9RL zUUom!R4n|1R?QjrZuTx?=@R}?WxZjmQ}&p_gxboHi15zE^lo)TDBPGWsNyAsNe zB@Z=Mc!s&Fdp~Ayx^zx34-d`A)qKwd$s+cP9$oyvzw;0TOx(%@7qz+!%Ju}PrO8b6 zjZZ}~L>+l@l^{BiYApcdtWFj$aPN))HKFIYu8fW}#ZT5# zV)wy1Gi8-y4|XnX3YKT^r|}9Fdrt8r(+|QljcA6FULlp!>ZZ^d1;7Ie=QpDG7TX}f z*J4WaH^rEj$V%|7X_1h(b$gpgqGt#yuS|dS31x>RvpToJ;gr_Xi}m->UK_r2$k`&F z-DAjAL|@FqcDZ5rIAjTc=Bc#OIxya0NjFbQ#UQL49|r&S46>hW?Kcu<+h^xRDkco?^=wZ z;L4w0evMQEhbl(PM}hM{`fG9d3q|t&RPu?sh&LOuyS^Z~KUh2|Hi zpY+IJo#~K$=h$sB&V1T|fTVg~F=qj_^lO^IYi}?6<4eNX`jR4c7;pagGa{U7=e+Ee zNHOlzpeU>@ofUIa`gOml)q}m7qg3Cqde_nIet3R|uKb|GSgec9rO2PP@pKI{R@YuP zHKk`EAimL%P{K3SM{C zZbk$V&ttR5C;mn|(^rYGXl~-9X!!E=U8-T_w^yQQ%zxQOMLy|tO0!*H=hbJeL)Spq z%gZQv?~68UzY}*HUwkd~b^K_I7XS7|#AALco=aSKh~ua9SDP~?khu*@k7tux`qKw5 zG&fh^TqBuH;cVtGg^eB}A$<$`EAoYV8?_Mp+5nMln4{zXjSo@m*tdQF!C0=R5oOzW z_A|ttOq#b1(_jFkDMgZARd9!i$!Niy8Y;Lx_C9h)^AX7pzJS~ufFs;(Pl(IILrTx% z7Hv#M2b&t?%d<3Z@f5c1#r!5`ubn$wjXD9m?jhS8_rq$Crkwyqw~(2S&CSj04Rr}4 zvY_C=^qOkHKz?RX(aRnU=Zd+7W~Cs#9E=!_5Zy%>SpA|~YqK?PZZwqpR7tM#*o+)I zlZ@v1bhP0Fu?YX{%RR08LuG;egpaQWekr6^?9-yz^K+dG3wN6!BD>%k@m5 z9jy4w#fa^_Nk0cj2jO@Lpnj9Ho7unDS)`;W7g+vn;-c2)et1c7T<2VuFQ?so?w2w< z5Abw&CwB#g^qPM0ydCDWot2S?`F^E_g9SD&7T?;pWtZ~8UKNcu=m4bM;RVF{o*}^8 z)w?fo&~$7AqIq#pU|_t5gJ^|S9->u*jvE`Z(eQ(rUYV%1RJBbbm)+{z^f+((H;m9V z@xu%|bn)LL_Cy`L!YY&ieS5FYRY=N7(@_9!H4cgy?tRqHv|&0WV3-hkYn+<1n8qKr9r#qRkUm!A!uMHvFAn zshPZ|)hB`qfNb^+K0eD=>FJXd;B{gqzF%5>DLf@lxlg$ejY%%BE(&pebnnr}Fg4nf zHd@8Ra0|u>ZV=QGuuhi6P`A#FyTAO0n03y@RD`dXtVx6!?l@)lY|eC~Ssk`lHni9F zDipOpyDmP;d&Fkd?PyAG(>7j6tYhT-D$2D|%X?Q;XlFK+rw8>${h3YqeZ1Nnc4p{> z@h$h%*S)UAt{xwuL{FUVnI{>)SV{{-rv45~Na3VWaaL4p`U)f<&PTOGCX7_j>oxB& zZ7|_WkqKnz6{`h<>j+`U4NJECpob-j&%w zgnI=3hP92%gWEN10ABSiD3w5}`6K5(5xQD4KDn4cWMA*?6)(_R=+!omD{82G_A`$I zh%3o59VKrg^>{o)=q})gYn*dDmLeVoG0e+c?|=sdw{gpGzm)LUvW)p0#xOqK(5tq} z8b2T-%<;U_mPYS)Y8<#rlCuf{y+lARI_ifB;#<60Ei$rV1T^eG>MENyl~&m#HKZ*d zD)r7|MWc{Ep3*sUE5l`T2t24crMR>ftvZ_vzWk%R^fTWo+@j}_h4;A&HyL~Cr>VK> zNqBjAN$nSC7qM)#R^$z*hs$$3NX#3QWgXQA=RxkC8*||mT1@64vyJv}>)imbqkU2@KLdWWS$!j#XPXHt)3kVoI zC1iZdwK%`ZY`l(79c+~md&}hCdq~^$FBSmE3I=3f>lvMHzE8tf!J;Evw-gz25O?9KLsWh<&dd@r>yh$eNDfrH~Y zP8lahQ(Q3z)J-OCv9AC}m3)3RS4HsDFCD;RnzA3Epa2vc(+m}K+{wtuD7z>yP6ZH5r`18Ok5!=(G8mrFEElZ9>s=J6Fc# z2R!HHHm)95GUKlqz6OLP*on_aox`{BVgLxDndEY-YCGLLR-+r+whXm4XLM#23VHJ@ zU^-L*ClwO)I2V8%+vZMy#w+`!!3v+AgADU<6ge>z!fN%MuJzSsXa<#|MQWcGwK|TN zQAaT(%}Gbz@wHXx@+$1y_zoGlg?D&95V)G7(+)SH8Tj3--=o4N`7HK3=j9>L+Sa(y z+mL`=o1?%^iQON$tv)gj(S*1F&gWD#(gsT@^C7gQR8r^QKW)M0MlFK97~ zeXcFJ;bijM!ouQd;e!H$@69}TpeZIcT#5>jk?jy}_BV0Ik#W>s;GQ@?_eO!(^k@D< zsbthj-39I${^#fL0A~B9+-`KBhGxYgJh(_(bg*pqJ-Z;H^|=3<`PtX&y{rz=`S#lk z_)puj)B;*3B&3Gdca{gGb|4+~q!{Te#%g8fshCZ%y#loX_T}Vt4%9E62Xhez^HUGs z1R{^m#P8!n{WL3ZB>KRg41ghZg{Mjm4k6J>JDA+@p%$;_givoN5xJlvLSR8GL9u5-tg-%`fDE(_O#{Lm ztSAm*MS%RANOAz$v)^@H%>9A4^Lyq?i) z8M5MNrgSCpZstdHX2ha>@mylJFU*}YXtl0%DPMjg)y~dx_W-~)&ow(i=0X_+3E(qB4#=13;?ma3i$nTG4|ysGbzj=MYJJZ=AgpAJ}S`6X5U$ zQzUs4(~iGsXlZH5DJhd<5SrE%K*vOvM*ypwNUb#_K5&r!SPHq>Ztg!!o5*)eMm)ab zBRd2lL^6^fcKo!^4K4-|%de+doLa#Rbd`5hqZ+0fn!}W0?PM++xb5>WL;;+D8~4NFiTG!4irJ}vMvK4Kd+vrG=3 zvY!PGab5CuBOjr<-jx-l*EXP#3KB3MK&Pv&2m`(MQXip04+0YXY3MiGS@9*UMG&@K zL336Hogl%NV*Hd|j_8XK9ql_OE{lCh_b=C9(l?Ro68!y*bHThBN&{fGkz%^cs+;X8 zf=A7)rcApj8;r65*2bkohDzAr+LfAe@-xcEbMA%NT1 zZ5;KGS`4%vrm@2u66X?mHnYJ{F%6dnbUo$NgZ(WSXAF5(!sSK6ySDUST+Milu97DI z0lhwPiSG-0nB+Aqg98Kuuh&}n(=0+#F5wVN1g!}seJ^?Ry5O|NH%{yqMW#`cZ-WhY z+IM+jeCTs;vD-scxiXy zia|*;-ry3dIMKdw>R7w(bBWy4|yfw zI%VMqJ4b!5wT)c6%!=ev8#@<+*F76*=iTQJF+O;Smy16|xWz;VD@jrACBO&B=4xHs zAhC${+FCI8M?G*(&nIi)T%aTEFlBF@_vgG}(cfUp%H{a0NYVeiE8YPM&5Yj=k-LSi zCpUR4_m#-v0ot3DZ1BAuI5NM@uW+|8w90S8crFGg0aX!=ku^{mlkRwF6>-9owTx5l zz+eG!GZ8O|2<;UcQ9Jf0`ew>QFAn5(+E+?1YT$(z?xc*RT(?3p{Msk5Bk+odR$>1b zp9w={3@*eC0h{(fzuQc_{+O8V}<-51m>yhZ>z~c{4_8F1F_BY0^Be@+;N`K=V(kNy%9_ z{-qm*r1x|g@Ht8QQQ$3@mQ~kh-)Wr0;5~1n`aJBZNm!v%qicF#q{G*QwrN&YF0Rwp zYaN>r2S9}?2PzKZ#IU0bPzKs7N%>-)W*)OlC{-P?>gvc1argDIvw&}#1KBRrdb=M> z$Y4R7s3FRrOU7ix!y~sHK6dS}x>_axtd~uh3X!!1Lp@V1sp|QgI9o&pU^QfOQks(9 zbVX&=RXP->_((M~gwjGFa)$cvNV+#ZPtD5v2lyyjTU02UJYNzl|7t3R0B3M65&32- z9oJ`8AXJ1x1e}N?qV@dw5y2kNTV3T(BO*4$55IbO-<>u^5aD^d6C|&VKuZ>6VNvI2 zT1H_H9+}E2w4uq|)UH|ZGnA|kS{VOO-oNOY>5Q}>0^2owExWjOUN1KSwZV^GwO+milHa*);tZtz>kBh|_E+jASo%*P@6e8Te1)kT5<$x)GAILeT*0s?xO1|I-8&g` zNaw~WrPNz}V6Kw0VO?6Iw#MB_DWF>7JH8^pS#avf&h5irO8ipnYMs?9$pw3Fw{ymW z0d)t?Qa!nINxkxmb9oLfhiqxP{wxFUm*p~L@H2#RIdHNSNuL`2;0*JS(&=5O& z7p-k=wq&HFcgG?)L@R9hfl>xRp6y9bUF0LC*92sh8a4b*y6u%F4r#^=7C@GYf4YN7 zpr-u|C~e>JkO6x@UvDxiBsh5Ebx9*wEsZtbxehA9b&c|VBVKwu;!GeodyL=g)*BcO zDvwvm@iJ=3?0@n@7JzaN>^7z=LCoy1rC)4nQVHN+qYcGYBbW4=tH4#8s|WoP`G4tx zNcun;FBelU)axOl9J4`LvSe+SDCA>bChxkdFwXTvMF6470+Hwke}Dg=|3#wF#~|2M z^L5Up7|{n>a_Kfjn*$%DSV zyIw#T4hX8dyjvez>U?Y559)A*08j~1AB7TWimv>JDW7Wh`jii~R{ zikq6w%*Uf*%Ku;sbEv`9IykxI%X$I(_y1lUl0BR`V~72-oId|#wzBQrmq{)A3Cfry zt-1IdsuOp5M`PxRK`*2#rhsksd&pYY3rRn-242NeU;Q<;ghyZGxx~-p;y9&!wIeYN z7Z04rM52CIOMN+XKX$vz)ftQ2s$1-?Y{=p3IAKdoH>vehRyfdVpO|IF=+ z$cyXb2Nhh0zmvKACZpZKCCe|)FPxejx%rcyX_P|%fB%0Kp*lz7USqwatkuFXO?1`=+km}H~Xek^O|9N{yX^wAgZEbaAFj$;=@LV|s zNX?W8;Q_Br`Q&KNuYGdT%vJlZ^kXIz#8CjHlG_FvF7y;joa7Lc9OYb-K>}9Cu7TfW zbzoKOV_&ZY^-&!0Gqt4$XD37yw6qEFF;eWbq_0jCrR=FN=@cTq@A_Fz-%hbms;9rw z`ht>K56;vcERbwc9juv59&~8j&)ST&)JPxkN5(yt;ol2ld(!NsmgFqa#vH3JNtsM1E+?c_ex$k--z^wiYRAgP^YL_5kSl4RzwxH4hJ)GnW~%iQ zpPg(MD&eP7vxnbCv$Y&Zm||Kz%3j0Zi~U*eZaPfXxU2q==quJ%OIjMb^n}VXM)&INFWKJ%vbpl9O+Ss-7j0Tz^QbIttJj=VSTQk?c%ph~`PBWvNbfNY?YBWP zy(+Z3K|EKRl3vS-#af}n199|pKr7eQ@MTJFWK+c3^icGb67 zV(HkW-Oz1YW8r%a-O;peo%j#3zsJ|~eouJyv75ITm05YBW?)NydfX*W`%NT@)t@M7 z@Vs|MXcMc=dKJZ{)1=3cGI5DdJGLnvrc^sV3F-zFZf zr7<6eAG`f>__+P_b-3L@Y`ubO%qFI!2}fzLQL9W~ry9c^Ii>x`{r(rCi09ENV^nzjDuw_B@{_*SZND0xljoXGD4 zsLc9xgf-Ld4N3MgQ{RJ``hZ%cZ}+-u(>lW43wpz}?jdTtC63#;zj+1M#&w=yUDC?# zOwgPRm&=sc2rd4^2H#*i`p{82O4L2RE&@wqJTx*6DWuFozyJ)Uw(;@jH$O!l72c5PGImf+pT3vj?#u9uG`0)k?cP&n~hQkBJ=_u1urUZ*oO9hBYOeY1&-w-Jy+peDJB0tRatWzhq=w zG3R4y&3@E_6^4t7z1COmY(04~VB(BtFB6;}`8JBn{4@Kyc5C3>Dru)_zBYbwaaf@y zz$LN9@R7b>D}++)#s2n_nT)Nyz3XE7<^3JMDB;XsIb?j)^r>^7$SI;R@ByL6OEP{3 zwcCkJddxmGlR^}j+>CGCod7p?ul5FLzEjuM=XNONWPPgsP9U!7!AjY^JjP!B8B%OU70RaJV3{9?f z+F-w1p#;=b>>0?PDF8k!PBr2Zj3w%UgX{92k6B zj)F-o^V?*1kyXOy%gd`;Fg&(?bUW8^oj5K%P+nT#8!Ils zevbgap!6>ZqLVnl%zN^>%g3{jut=}KK!Yx?9ni}x4sbS`E zqV}m-F`<;?tTRQXHVNB?47_Cz(ob1=x{@w*cH0d#wCA@@hWhO=?)4=&Zqu3B2+hLu z$j$&mKT#IcGu@w{vB1uiRBw3w%W8?EuF5k%MVqY^l)wdcY?<>&SZibQEzbC^#$ip3 zivf3;xZ`$38RO|q6km8g9t)s>lLhc6-w7Q zoPPEUcQ{*w0@6eEkGB7G9n-=qKo}bDAj7&iG~CZvHnRYUS-ms*=W2W-*e=pgAD zQ!u=l^PKGhAI#~A81J$U=(ibodhln3$x1*{M5AXZMSeN?LsDjaUb@a5)>(R4}qW_0hD5sLdl>Vz(@gC zHUD7!H0ZcaJ}>!%&k~le=u}9dIV!VrCx-1xudTY}(WPbvg|hY(w3?MC;0oxh+0 zOKgLyNjGO;!X|PrCKQjy!j%=JE*y81d*8z>)%0CjkV}=1v2@tP+$h@4)v(c3x_08+ z4~oN5A)3dCFwXY^#m8!%SB3Okz#dH2L4pzaRSG>b5_Zz_+X;y*^BIRtQ)? zyga@z?u)V!adFmPH#^?XS-eh`JaS~i|1j~#q0Nj;?F$i&%2iqZs{;1XPvf{__~rAH zyiy{MbZ(K#JM_%)1`v69qD>^uf&}V|23zeu+1>IHG83!2ejaM4JCx1{K)&!MAkls5 z8*x&{Js$$R>>s|qz80Gg%LcN5B{x4dgDhb}+%=QK&!F63gIU~X)L+(tc^e0~E)R@P zGCZ5^2^!zKPL?$tXo0&|kJ72V{pt?J zMq(BBgE(npN!a`6B&xjNmKAjuP~f>i)44=%@b!n*%__LE!gaB`7K-1t z@#$$30&;MK%IG{*clLP4hkIxDV@RftD0Z@z{D1cN{+ednosN1sw%f;#&82qG?gZtOg~WaRX_nTS#}&)1;~$$hw|VF>r==mKsN{31=OvO8lVr~!!P=+e-?Ca zEEs&6vS@Zzx+@OBRixIrXo9HWIt5hPIm8l%_PWyBwmNFzw7GQ7xhH(tG%c5z%Qfxb zD0w(U`Q(Mr_Dr$*;5X?4M`^8{@AlQNYX(ee91m*Q7-qhCYdwmg88x+D);B;0AIYF& zp%7}vRFfOqfthl*sFjDKBJR^G}!|n%maYr&9DWk4?DdWd9RVtDhDqk z_X)<`;~rlN8NN(=>i9o&B2R?b!Nmzh)_;6ENd zmL0B^obC}9*3Ay5_Wc-6!W`~2<{3asP?Kqk$uW5d>_wuB1@wCUlamwm@kSrn1R!kQ z9uY?|kf&b&z9WhZgn_}(IZ)`F0m!N|kZ$WK3bww)|05|E%aDX!ef2etptq4#gX(zk zR$UO(uCw0nO#+eV6B#FI4qXs3O};+m^!)JGUHGf9o(t_FgoeMxqlBI@Qo^;h_JG*P zZYOYjX#iMN5j1LXxx6I1P5F24{HsrNANDQ*WB|Hs6?EIJ8C~9E=AxscEkF_5;f~J- z(+n`ne{Kxq6$#k}j~?4kTycSs^NT=jfA7zqKQpiSuKqiOp#Psmkh;;?-aeX}Vscr- zRDt?qRwGC4rvL)To-`q< zbLXxy(9uOZlIb3deZkWZl(PP>*|3?m%^^&xi&)fZ$N9JZ;DcB6MhjOg|7Qp#Um~=t zCzGLe=5}D{2PUtm|5vlVUsoe**%Lig{Zrhs=xds+6p$qRzNn$9+Iem~ih=XPHv9jx zwrUq;drAN^2L}fiOJ?af2p9#cHSS@kIK3{4Ood??xVYBV=jU1CJ9TWF|NHOzso+@^ zq@IjS@9Q)tAO!jNvNZ4C#~<&r*9~O;_Z>Ms1n;P(w(BHwdaT7EIq440BlkgTmr{OdMd2hkWWnGgvT zH)2hb@27x;yJ_>>VVmFvuQ##0Q8!y>y6~8Yfq{|Xqj6VyJ}h?X<(Ovt%2P$3r*nHp z$Jqz1G%^^38eUDvhl01>A$e|QQ}`1D5tM|SjtAl2j6~pH(2_Hf%SkR=VGd&%UEPg4 z>kw+LiiP}dNQnvH$~?Fn|ERSSKr-KbcSvo{uo-fmvfb1On+-yRGzKmx3I=Miu}KID@67{z;*0eYqzMD~YH7 zXDB6%B<&WWJLKwyJKnH(us1)i)~rxpG^c+t%A$J#^Uq&8J_1i&eu`YLX->z+I5%=d z+)X*~KCPI)DwO{35N2p#k72krLk|5AEUmW4;TE~OW`DiB9%m2#|7Jx_xBqY|SBdOe zKn6v4$BdPpo{2})_42Oeg#X=Qp|<&ZAad}69(TY^lA9^tK3hs04C5wt`To5eUE3@w Yq-4INjgJ_x8*%bR%63NVkLt2#lz-f`Bk|mvlGGs2~bRNh2U7-7PWF4T5yT(4}3kac^mC~!B34?rRj>y;p2bDs-pC4M8Gy~M8J-`x8(7ZC4)wd{ZvA?c6No< z2?2k$M%7uEBFjtGsZ-0F^nJ~tBkwsWxAnm$uf17`q4iNtk;CSp1HbvCQ@MGhhbyN0=UV%RI}=tzY0{cYt-)$>TrXL> zmfGI8Nmree5@h>f17Bg;o+y=V^w=KnSBPYmjsxB`2K>SF$a81X_J;Z!S>j%;A@JY z1Q=E$1Kk=-ct^X$K%zt~UFJCzL=%>3RPe6@L`h}}4L5jf_i0YV{`0mU zJVJnDL;yw>G`Cu#aW_F^3k4l6M%eS6Auxy$0?G2J!JqB)7JjlRCCs7W(YZN@S7Y z_Y*Ew1G_z6w-myVrlsQyGTUS?fG1KSs%)bD4+q3cxuGFSCcE1I z8emZs8!$^ljb8O@c9nR({DZ$cNY7p7xvQ5XW;d=Ej24{+G5zypRCpe|FP{IjqpK_3 z>*jpjx_xy!`4uWp-DIIT;9x{Wa90N}{NwJh(m(Tvx=$Gz7N$ZgY@yhRC@RsQ3N^!? zu5l>zfn<3HxxfC$fbFRe0@VH5oQ4ed0>BF-=N^8k`6p5~Ux96UOP7YLwCXF6RB+z$m$3f*x!dgQy(?4YwZ*PK_)rw>RJ2cP3x{ z_3y68y9t@k!aiPJ|2j&aZQ7G$5Ve8v>(_i9$x-3-(qA5WJ0`veX7yfj8} z$eZqe@FAQ|M1DT#HlQblU8Ul1w$3H%SCQ^0+%i}7CbAvZ_lp<0i`h?gd1XZt`n2c8 zbQgBZ%|#)jj6b5JVT&h8(xU*}O2Q-=dU z4-?4$cuYs-aBbj;jQwkm7mjiSs2=WYS)KpVNbBN@U(oO7i@4MLs5{+#vv=-$vs2;XUV8@TN26-1 zfd9lz82LSC_Fe?%YkvDgL@NZxA!X)U|KgQK#3ZTpdaQsQNM2%OufED*Z;pP8Oj?+6 zYT=LLc|~EoU3WaLKhSu(Gj*@tbu|Xq-pT$IV80Wt&JR=e-2|_N<$*Lg;N8FS^*uAe z>qlN+=RH0#OY1o{pIc#J_M0zD=t=<>!RZY;U!~a`FHZSMtioc~a<&{cG(1tge32sV zma)fQ*7p#T^mK@VUHR-vCjKSty|m@^kzI>Xy=zW6*Zyq1X7lBqROPq+u|R2uY0>k8 zKEWK@(cFUxG~eF% zx!oSD_F*TiUL0>*0$zl3!=aYOhfPTRxlgcV7EP|*`7%o$e_VktY`^jF#j;0&p=Z*p z`{?t7evu*Cx@F6-RfivMuw#ILf9mkSei8=cnRw20{}BWO>Z^`%z!-9AB~n%Z+0maQ zLW~w7frmV!umd(`o*M{5;X|{u{*>bv$)cO#9`^H%x-u6V_poHtq>n#?=VWir+K}9K ztCw)v#e;dj{iJFWmLl!qWRxXLIA_Jsdnq_@qQ}74XO#+T8a?u?S67pt)C7~1XX=RuaD=}rN8Eu8rHz*w8#`Y^-hu@Eu(=@h zkE9-%qe|M+Z}#p(_75>?*5jdTQk^4;Q+fX|mZ!cx+gNURqOR7^Cs6_s!8N}C?^toI}g?ywIr z+-3IeJO_2)5)F=KCdiq%21OsO|8pqhLC7^>WO(hxV@-aiqigTJQx`I=_rz2}&G@lS zkV^E9ZQs%Z^_;iO#(uoPvNyfo?qJU#_?*u(+_d!GZ)jn3t?BN8UO5P2f;YiQ*4;PN z3MNzh4Jxso*}%f9ayB!?KIK6sa;h<>ZYP8% zdL!#*W<4P9;G8fOw+Z5m25Mn60UlJZxVeOvHtLVK(}n5YPNW~{cGvXgwM@KhX~~J* z_?}+W&(Z5-QgWNs2Wx{5AKk0l;ivUGP4bJ;Q_#5JJbrXON;iB=wSnoA+zbdAqo6I9 z^^=VHH_kx>Y`7@IOXnf8q#qxjeJ=B`K5$)KWyXUp6RhYh66$OKC(i(#q|tQh3S_VB zXpyyJ6_>X8cPrtVH9Vuq@#1KcUlQ^ez+4ZhF|<0J1(W$2jx$UA!(FsQ%G!O_4- zOnbMx0{l$rF$~>du(G@yZW-a{gCjB2-E1BKC9p*hmp3%TqqE1OKi?=l&XE05ZhXBX3P&8?9b0y$ zAN}xq0Y}LoLUc9Y9g$_o1=V#*=m6eQqR*EGVpR|Kqg6>`c;%SR;Jy<6_1gF9><>p? zi1j;Cl1GvKNln(Wy>YzOX<)tqkQlWk4J20Yz3g@Ql`o4B*%y@I9>YWD44*yc?}sQX zt`{XTwQ?p;Z;v)j{)-^MW+1m7_5`-HoXU@;_2A?(vIEx6X;d8kHqGLi-e)8$A6pHW z5o+s9O$=h4d`BZ&BE6lqn)6~ou;r>k!rZF#UKEIzUR|MW8p3B%e(-=nA}lV#56QVr z!X)Eg2d2npUbBSzr^t~H&xJExHn#n}$ zjcMd4Q4diBT z$r^(7Gs&gg%-pA%IP}>qCK*UA1e-(u6&G>^a91+gf*;<|=1ohBEh&T8UIGF#tnl;G zg`iu9!GS+w^{0c9+k9@3eoStx@RiAO^G;!mJhtC@U)|Aa;gU8~d-H8b@b6T&K_%Co zoAIUj_Qs6~DZz30$2;Rtf9w$mU1VU4-Zv?di{%Gh1bvUnW597n0dsya$>Q;bi-{sW zj_My;_A8yjZN*5RV)+rfee|}yw+a16YLper;VrDGnz5+ zU$v2~hf;iOQovcjln1$A0$i8Foyr8%{@&tIHh(Y4)1FV)V_#CK-8kYHUwXel*)%;H!?wMNwKq*VlwsepnjrG;)-&tNjnSr@Jw5DcC8q4@D13;euYgHRUrWa0$p%;=a?(9MczF zC0+D3gWMHQW4_e9>r*a=&}MMxi<*efLTq5px_5b|e#RMYk-^(HDD>;OJ9~}Wod`r^ z$&dGtKAFoGxh)eSu^<1fCPcZ&@bTD)dmU=$tVUYB-Ae1}C$F4=5>w0vUkQ8pIfyCT zirSIuu|hhU@%*BDt}{qW;Ojej^9J&g`Eo@)rfv^7?0mU#Q~PS*OBKJ?In0T9({woO zH6P}{?T+dS#%w)UI z321nbWchtVp`G%aTe~r!RK}QWvWin|$x}p~06AnO-HC#5`={8M`eKgJ3KitI=kLDf zy@VN%DaPRx$zTTBTAx6S^`|3%`+4`h7UrIm^V$I_#hb_QH`7fZBG|jJPncg-PR-}? zWvU3FIc+n!ryj$uxP^MX6<|_HhV0qbq13V!!PPtlHa_~6B>m{@`=$T-2f{l zV%a_~(8_n6_CRNq{+TG&w=RfOO%(cpX1pHhrom?o2 z=n^do(hjOJEiIdMxjQZg8VY<~0zZi|2(x*zCzHWEA*inG>IhG`igX-&w#TiJ9UA4G z@^s`xrXZ+JTVriN1na5B%Mky!zgF4nMUb0zhV#Y`Vj{h^#|It-fp~^EaxQ@C&Ppav zh-0XvxNyfVvh5FH5g9GXtE?imU^LeZ*_Tf|Q9r2gaG_?l_s)f=SV0n?_wNP~(I2V# zUl*a!IzX-0ufia{^ah)-UxkhqWKtwWOCuc5nu4Skw*z1pV%YgM?gr=)il=kQ7xtb; z#`%5qHc$zO1MX9*uxz?W8pVYu%Q&a|jgz`WjZKSUT(d0AB1&xeQ=it$i1?Mah|*8E z@8#y<`0JXhlLvgu}4Z==~}5-^9wrdQ%zilIB1HJ0994F6*5 zWbIBxD5N}aQ1yYM3GME}ygR6L61RjzVPv7zr}uGAMH2ka50Zkgj@iEBaG<X4NI0C}>09`lfcnLn~nki)x1V_HGsml0$aX7e^Z}EwbFbvw4)kG4O(DDat zNRJGO`)J2a7lKWo2+p%_yRhopJAVt$n4U-lt;1EH3k0Ew(Aq;oKv-HywWWYwo*0+dz z9^NPmV>i~bH;JDXp};?Tw) zdi+7r0tp@d@rrQPh3S++f@sqDBs?8#e4 zC)QJ!A1lo{i^!lB?`OU76~D-zMXR9Wti*O zEV4xK4IVGl3i*7Ty#Vqv2Yt<2(Y^4w6^uF|VxVT6ZEaNj5QvRIX5!xUSEuIJvnbN3 z(<_(!(d5!7)b^uqTyjq6Uc_y zeXLFpTaX*;0P(3yO~fVMYm+%-mLOg`yDAx!+ZgZ4 zALl}%Xr%VUGd?6#5TZc%k8zNc18Q&olD1EeThK(>aQgcFvYkIcwfAKWI<@Zvb|T;ui8;oN{AFGIT0>O8G2KSPr19Ed z-E7+*P>^IchK^8P!7ozIXk&f9+Q2w!L;Agn=r2aq#hovbvIkaCCj@_ z+9>aWv-r~-jVn`(U*z@2>`&R-o5NqGin`2O?qD?TQ;V-H9ST|OWN26b9)7mc zu&S=$!73PqiNi_`Y}vsJ1lk0o|Lpn3uD_reVZ6y)HlCzj7kkBZXtE3-5I% zLn^gPVx`~G=Nu6kYY1lpkosrQS+dX^hn>lCvmvG!OhUokI9{Cx=lgk`kE`)x$YO&? z!idKt6*-=lGy+I59V}Y|*H#+Ik;40_iVt%U78WLw|0K^&#e?vIeS&eE`+)F3gyN;& zWAs|q$~s1jjYX{5rbp-f*n38oqjd+&@u8T&L^M{UtNUNn+C-^dJcfRB*41+3XPt|A zEIOHo4oO5Mf)F|1LZr-eSK~(Q%+`;xd2?{y_4$+hz=21L=CKYu#$vV~<&R=(=5S)( zW=j&Or%-y^`sj>K=}UQC4A1)`Q8p_Mah9I+o(OLMn!ijHPZm-;$$1t=eXtxRnC$9~ z31-`8zO6Zq?FkAUi?48HOE?iTE^WrpV|?k|GLs25eTIYCMt2C^Fn(J4UyGRWdzCsP z_Aug@w~!(1<200gOmOT3nGKsDj9Tu5?n{wX^T~6dmvY1U?T;@dmo8`WcWgGG- zpX6uC6-y%ki^sx3j{e1kp(gjUEeuf*?C?uk1Q;)G_VI|h{^NF;L;$Q5g2{W3>|syR zk_xrGfg*(!^kW9*6>O!9S7H{E?YLd!<;)7aLG*PL=i*V&aEM`lL_Nd?od66U(AfyKg7xhYmf<;L8n*S&_YVz$oP^@^J z5p@siv)c+Iw*vmzA_zKt;8V2FlwMjsG7?!DaQI5?VQSC}C8RCi@$*qJkftKk@xmL| zBs1kQE{RMcGIwZywZy$JDNzNuPSA;D<}^O;a8R+}i@ zt`1WP9iSzYQT9MV#W-rW=jK1LvvCxq9#inIjWU@@1N1k z@ju+3`>sPk&6j9{4*-hIprMm1PBNQIH^XCX@nHD13bQLVCFF^KZ3Pn#l!G_gh)f<^ zxPhI_7A(dml3Ll;6e>l&O;63q_ZY6O0l?n$Iwirxd?+|wzzd*I2N7wrp|Qf4%4~n! zSI5H?(KYP%lPUv+qKb+s4FYCHHxKPy?=U+;D%cLTBzAT)XHVh zo-&S$6xks1z3UGuI5R*KX%iajdP!vmAa$tl;tAFjlF*Q0eG9b@_UeYL?Pm$luJ?|Z`5Th40JIQAC|G{3O|0fNRo8e{+Rqy2>iw19K)@tspP zYb@}CHPT6nb~FB00K$r5JTbUeV(VgzgIFot>yr5} zIwr<@pDsd?(c(@`yF$s2 zbeW*mQZvRTwn=KP%U=M-DNH5BJ((gJO~)TCPWv}Cdlfx_rN_Lry$z%wvZRk_x8;K3 zRNnJd%liwKHpQT+O5|q0QFHCIoYUK^*g5IN!4+`S?SsOxvzMo_=VM;qbh5`0qj*zA z+FvO-hZ6^)2^1Hu_$VXFZRYFEen1v!C$`?O6VY-~k$}19{StY{pYr*6HhX>ovcX&e ze0;^JdESpd)Z9h2A768JhH^JG@UPYTL3z&+7vSV#D)@WsZ3!#$lIy6G6@1pq_V80a`ki@ zdinYyoEqMsSGpqUG)4GzN@h17FXSbf%Ll^;4}PmCe@-aPjYt2IPQyLfyZwDvP!xN0PS}0Et{@&|C5nfM5`6EbWYGKAl4KzS z4B4lNes;s$?3{*w<+e?|sowM^+^9-!@c7VlWAf*{krHJeTUm=#3+Zk9&4tWnqLf=7 z#aT)}uWR-;NznwS_^aBh_-h5F;I6I2(C-7=6N=4{;H$xb*VG#xOBdL8C$eHOkM{k2 zDhzc*pz1TtuYK~zDq?3fn`+MI_fvxIOMddcRjDsCS!&PEa5^N&iOBUoSZKDaq~!H5 ztk7Id)%Gt|z$D2$v7EOv$L#TlW&h&8&CbEI)Wo||dp?*SEf@t4Ga1?sc6IVU?l>2g zQFjseq$LvVNUNhLTFmc2si<;2iVYo1zb$bOXpRV{eW0YA(ERE}>O+D3=F|9a23fha z!E@CEgD7z`sng5-mY(P=h3rX79p%1p;v8E8hWgxJ$K(vMi6~)uC`GYVR$FKV!5!!x z75R(sShL)8FXK!wL|?|e(4AIBiGaGvpvE4-sWa!UA{049cM4MDRQvLIx>!=>Bvrz4 z&WktOZ;ofgt=GQ(=Hz>hPAq4(cHs-xRgYV?_s0{ECIPnClb=27gjPKaZ~gkZN#hw* z)*=`D*}vGya9Q#^;`?KsOJAqo?A)xnHS;Q@C4#zx)>4FQpzxuq3pidx*QXVkga)MN|5ycwfCphecgg9aqe@N8FkrIzRgl zELlt=f>NxGpodd|QkXnF8;?aDOATA%)Lx6n&DC!Ez%*WqjT>K7akIgBB8DruN)*#( zp7xbCQdATzUScACAc^qe4j_B?xPi_+8$7r>T`j`CX}?Mm^SqKHGkFfrj%~eQtIyE$HhP z(V_)|k2HeZvNv^llJ2hs^lKfX3tpuOO{@&(=q5D*9X0cKMo8o_cSuk z#zwMq6sDRko#@1tJ?fW2gu%wO2Pvx+K?_DxCznnK2N`KGoN6+3m%S;jt8qHdeD@*D zf?1C}%l1%vspV#Xrm)f{Fqb#;o_D-esoF7+Au5!2G0BcJMoh2Y*P~Qn6#@RhYQE$LQ?pMB#|kPR%@-B(B}y(;ZGVjCT6ObxN)F$b zz16C@I?7^{EK{4OpVp!G2vGVM*QhPuSu467WV%emt$U#@;cwE?C~?G|B(g~*k|0pp zXzK2kQhm@=;hkgPY#Qj}_cTcNaBTfxTTPZeqc2W8J$!pgcTn=u-lxK0V$|J6%BHC3 z!tBHBA4RdvQ&q!rhc?Ol*|K`k@cnyTk<8Jy_i%fq%tI76zwamDeDUjL?@;NDeuA6h z(IJ(6xWVnJ+haGNwQ;*8T-(D$s)K)aDiK8}A_;}yvT?0F8+zaRm*%jcKl06lE?ZSU zo6oVauv=e2l1hdx%Jbb33*tI7dDR;v0Z~eVWJlqISoD6*xyQ*YTlpabYwGf|fqCE0 zX!?*5E6=p2bl+;Cv!dt+A8_82pxl(LCsn@bJbr}=Ht_HGNF`Dm#Tn)Q>4DN2KpIqC zwoM+OQ+o4yaJT*(TeIN>di*~}rErX;iE@|I%K2as=8HF5wP|g8<^DYBc&{sPu4Jah zA^Kz7-e;Ny(x{5sS(Yq$(wMvB{(}4c2)=axi?8k*lLph(yBs=3x*Ex{huPrTgbSkB zg}}>Kooci!`-4}C&1bGk@Ckn13PsPIE6qLbTV%VJ9e>>200ZX0I%Tcz?|`hoOtN`>wC2@CO19HsL$2}c4MT>$U!`*vr?y;&>v`pTC0-ercL*C~thUeaEN#u~_|g4Pu`R?SOItbEJUZpxf2S zTPezJ+j+aP*%K4XBr((MMk&ucaKpBvpfz6voYG+?H{DY4`@{NLUk7fT`jD%}3n`zk zfnuBD*H0wY8xJkjXTIeqXIW>rKd(*o{L?&`1jBoAHgAcw3j$=QpDb{+SM@s8pLaN@> z(7(IpcP!Zmo0#`Za3R!ZQceg`mz?m28wKv0pF3_U2s>av<{nK~$qeDIj&^n=vP~0= zDweZIEvEBO5F6&%+KK*&>MPR-gJzrNDu%1q!-5LNq`LC&;UJLna*lF<(F_vjpav}6 zXkSiX#@$}=G!FmZIJzO2!kNu^Z??Wt$yN?xHG)$2B&o}O!OuUu9YREBwuf~=%K*dN zg6>lD=>Kf<7ors(L=*nN30G^NDEJa(*0JCZbmZ}y;<1G#4IJuCqnL&u7NO^z zpV~8S4xl(T_(aE)ksrGC>u1!8?(*On2>Ue@UAafQu#D8)9K^Oyl-R(W50Et2D#l-G z{;XLSwp{fiI&cPVw5D~qozU;xoUYT01)r=5#0knK-g6?}w;rsxZg7lnF^90<@%8vK zqqd$*s&tt4mSU)cN!C{@e$Y=r#@{Zc=+-fquC_hGGMq539%L}KqL(7#TK9-_XNo_; z*sY0C#v9&wyuqbo;FtAC<8*Vhgki2aV(5>8f0@DHV7#A12U9mspY9RA zdJn*`_#lNk`Vu$=<@aN+Ci9p2@d*!)jmz7AALMunAd&i?Dmy?#)ci5`uq@afbb54! z-QhLNn9%hSTJ5HPV9y1d)Z!Ts!~rpaEG}#GK@sbV6rcagN~%{(iHM4xRiNABoR+s#8y7x zh9bpz-bE25zrNRhCyXDzTz4B_oqC7Z{USuw%rYPe6~R78YB$`;yc<*gW`ieGcRC>l zSSYwbFI$wnTT$0eLUHQy+!NzVjXG!3N-I#DH50l`qesGnC#8%Np}foJAR)a*TU0HY zxbQ9SJ-o=Hdh5~7;m!g;%H#?rH0HU(@#(X$rDH-@!Nh%fMrq%tuVr;#`kv78wOrTe zmQhl4KgOC(^WCy_`!s~zKh%Pt81@i=0y#VUSK*A-5ESPSgY8M`IF5;t;LN6g#BR&x zC;9TD48rtjRTh7$KZYT-epm2jzm5%(i8d3%>PNy&tmiT1-v-G0CWn3cvit6krh!p@ zH`6S{PT!S{ZnrqkF>|%ViQp)-y6ZK_sp{I#v(KkqQ0TU^quytZo{nyzx9)v84~hMl zdcgx*+d-(Sk>j$8A$C}T!*gRs8`yBu;KJGbVnU9abuuhGdFVzTKhwk9{Mdp|hlbE9 zW#ZZ-#Noi-*eCCW`O35hgZ0tIVf-a?bX+>0Xa?}w0mK2valkx+8X&(#+vq;SrGcF8 z&d1?R&D7cplWjN*HH#WlSPlsgep8bnhRjJ^5+301=&T+UwwmA*Se31#&slK}8s%E@TttJ-o7_`qAXB7! z*p5>)7q|tw_pU1yY@!5>We!E8LRvh0*CSP!2doB?Ez`(h6l7M$JIrQ?gIYlhF-Btf z3I@aD(kKqD@Me4liki~ty>@YoIR;(ZEKB3u88Mbovj);9$Z*d0Rkn69jz-h8EV-ZP z;NhI+5>C?9G~c=FxomI~|AxyavQwdW^zrrto8DgC5VklC#ITO=ND}B3$t36Q+l0VR zRbg(}Hy3)(R-<(EXzPn+{b%ClPX%sv$#z*I$!i1xC^DG^i& zdz4zDV67t?kg;O@CGC={?n)X7)F1Ge$ElRuU0jbGV93!8PQe_PiYx9l(s0Oti~}F) z%rnm~AgXX`9RNlmi0|{Bc;QGC??}A)l<}_i&p9bCHb^;Pj1gXc zz|ylfV-$9lL!Dyb+v5yHZ?s*!Ztsls={C(U7g?ZB>bI!Ew@>p=h6n|0GlsS{2_XvZ zj@$wBshllN7gGq^_XEaO8tWFlsk#q}4f(MJ>ieNF{XV;KqcAe*OVPqR72OWsS?HJ` zF6jrY)nXRK0w8i^upQNQg8oQEf+(o_mRmu->_;$-k+-}$Ry-q&ke7Uza>FB4t=(he z4fPnSJvK3#k_>J5k(YiVw^)ks5ybUo4L~Brg@mlX4qQ$op-J^G!qe}k`5C*CB^m_H zr)O0br}w1}r-(#07V-~+A0fH6JsGsM4ayzKKF~mZe)Busli6R{XI%Ug2+&r9%WPE2 zunACg2`t?g6?0Y795Ow>HQs-b`#i{S-f#VmZk3JE zBy6}L{;q$9#?ygX?q{X${v1ND$P@>Zd(Yl+3%%Pgx%&JRm$TLQAG5-3 zx4a?zqZ2!g0RruxUKvq*xBdxz$LalXsZ&XVzUJ}A@GhGDp?Ejf)p&+IEIj>ff>>(OtP&9gJCk<5MP9{r3A|ARe!jdG(@30$A$GnYH$jUFpFS;54K zbcd~O2R95Wt2wo64C3AzWT76_ISiYim`0W+z z@{y3cbrvq92bU|sa0W~IZVzfmIh2Af{L*7I_j#v=#SEZ@iSVO@w@xbx5n69N)LD0G zMv(GD&8{J;2wrQZBoWZl#rKB1=HMr24r{Wc_p*Ppk};X$7Q*Qk_%q-%j$R-_!nA6>X%9WSqLx!`5Mf!2 zB(BbPX~=MuttQsNEGgH;42{86(STfrbS5%5+ARzU1s@l^JvOmrlbd|ws=RRc!zf(< z7DXKBG(Iy@sq?MfV?HS8+2%-o0{+3`dfhvPPxLl{d-6NYw?FKs>JQc2LL%21-p+}j z>fUPl&M|0qrQn$sMNhEDlH8jlCg=#Dqk_ba3dHqf-X)6;Du}qW`C0`%@NW?-N>^q0 zxe%_^tjB+DdT!0}=D4V`vZqj5s<*ZF_PnZhs?l*JH|ZDu12q_mWn80!aB27^V5G)X z!hCg^kBK-;7hnK{YTGrnYFII-KLcT#i1{ts+&PyrS!0#xWVz(LE0(a7D_~rm+n*-X zi&z~mF-Y?^EH5lQl(;#k!Q3xX^kpb|U*~vx-QgXg@JSQ;UPwhx+%Tc z*tD}OLUH-vRk~t0$)2=_k=fv5*1zh#7@O7Sdr8Dc>p*sLa2LwgaaLKbXrubzN5b{B ziUxcKP9|t);C4l1N9Vkuw+%r_4SvOT{Sr(AAw<%2HXMzpM2tm-YQk~s$hG+f`ONB9 ziWsanK?FgEO~4iZ4hz|Dh`)0XMK^j%YW8a#OY!!MjKWdm-WG6cQ!3Ytco1!%T;+=7`KTeIqiYm7qx}d+=)B{65n2hDP!=f!8 zG(=9mSz<}LXii$rc=+R;39UirqXhqli;sA$B_-N=aG`^l%gUUuAEoje!ZWCl%cJi} zn1s@60$veK)jCB^nZSfJmTtQ~F~wC5-F!oPS3L-ZFG$5I3)Rfqqm$7OIccoWrIS#f>nhhpE`h`wj#X!Gei6+$$q z?#uR>B>M_yt^9>dT~MjTV9YCIkMjc~w(QYzJDI?pL^_6qGKNXv(`p@y+r7C?VP)4X zPA49oQhwufT0^D+2`hKJrwT=)sa|ar)(jb7liz`5)B*;+q7d3M(!}3#uyI)iN@N(> zS^1vH1V!Sk2byY}IRm;)v1ih}wovnDc^yzn+>+muPef97!V0Je(@W1GKG0G`A*Z&= z8-)Em^-Ry*+fSNP`&bePn(~->GQ7_qV=1!R67xWQxhqZ6X7_%n=XL{Z|1b9*3r zH|{oqo}QpYPemjxPhv}8 zLI$kuzAXf(X0L}$k4=hXztNcnfSe7^8C2Q+#ORI=#1wW^6P%AwL2hF|a~Tui)j^x6 zo*=#W!@csK&&VP z8tH8~(p*BEExR8uixrM-_W3cE=!e__fsNOCUsPw-rSfoL5%&Q&3(9?Zs!w{H%waIhO|*69#CyD{mcXH9ob8`b`Q$dBt4xN z_oeNv=YfW33{38Yx$|RQvEgRcRJ}xYJJM@!DT)W96?xNeRyrO+aTJiZyH9|YSA7-% z%Jz50cGL%gr&3U$&+TgL?|hs3%@{WMsNJFc*2p-*5KP z0U^s%Z7{^@ukiH+i%>;_g1;!huTc>oKt)d&D5%Pk(bCZ9tR&l&_++`Pbbd>4{`veb zfjpF32;c{|0aCFQO#&2o>>~#pfCSmN_kWK~W;}k&3y4$CUxrchf81#Phr+}4S1xND z1n5xxs34>Ax1kXQWVHA5@8JG@c1_ak0tL64F4nL8lcSR0s9Is@08rn_bg==M<+Wy^ zcCl}@PN~rV735xFK)V94x;jiJlRL?ez-*Wq+9&Lz)L)6_h3(R4LB-go_0L4wo2TfRa6ldYfx0VwU z+hu*r^_NqV7lZ?BMZn?LC+}sp0Ts%=eJ7nose4iZoQ-N@s&f5jqtD^|bh&xgJ}{|# zfBJ|VvPAjT?J{86QALpJ%hOWd158gX04p=i9gD{relP;eT?+xIkuiYk`>yomPNkju z#;|G0mts9gmfwPgv=l&GQpp3<0tIkdD(}7e^{t(mTBp}h zt-N764|j8uqz33Km>B`%LuYu6;~WpKcG1HMhnbo&X}=S`6hJc#-G>5flNxqgktjKn z>5Y;sK+gd0rTQyqTG9OWqFUPf_u}dla3E;qsegS3C}6E*{m-0xrADOy0%$HAkoRJ` z?gl-o_$y-v(z28Xu#%e?VBp69|KkfrjUX6J8>9%#*#E7EPXRof=dWD4Rky;T{tqCK z@2IfoaeW*vpqY?E@JG6u+%pTyO^l@KJ5 z5pw*G3-FKB4^Vo)1Q=UF9~p=Zd7<)c0vn9~Xz~A2@HhTSFD_2lvPCrTi1JgXlm3-+ z0lp?ezy*S;_c{r{vI|48`%Qp#Y#DuT7#(ABLJn|sXuYkcSeE*A^60HCG z$EFKqk0V1)$}!?gc| z9*hn@irUiqPdmd}g4EMv6{shn%>Za_V1k?kAP)b^;PW6qxH8CS!(aQVu>mdA@OQnE zA^!~<@^?XPjsd>}4OoP>Y85&2{u588{p~~!eW#gm12p5i*JESenO(39{Oo`Rc_*Wz}stj1UO2eq@ z6*g-T+`wS=xz7QHt|935M&EU@~pZTXN*eN?K1TQ8uxC3Tvq z;U5KpTlfo*llpFf2z#*78F4v3(Mt&#Jq_$S*r9@$`*?Xc6rfuOj<&|^{>D1bSc##O z0>Bwy_dD4shybki4vqp~t3JTbF$3ZYk5Yjs(w%GYC|udqW)XtQ+0mH31Wd|T@%mc< z+?|Vzh9&{H;iWR{*RQ9A0f8(NK=Z7tW`oa63l&UA!@&ozh%U#A^##-Kn|GRiSH12C z`$-&$vgC$#qB*uGw7@|GRZa_m6O}_UDY)C|5B~nZL<GxBi-HI-H1ptDu@Eot$=iQ=g^%}(n^bjbaOZ7oZnq{t@|Hq9KYG$j(5ND zJkOf~#311tbI#^2x0i;X18VpY@00N$Ag zD>H7XEir1U%@#NPv+Gn`EKA3w{aStI8`gCZ;=78N(GFOK^x1N=PD++fU~;p+LW!6Z zUmSPhiSdB_*Ca9)9jgtaQ%%R$qU|Bxnl71-19nK%bHC-RXLjI~Kq2f>eFcz`V*uw` z5wNjLt`efHi|~`8UmMJ%&=GGfG#t&P@H!;0sbxxr=$3H+kppd1Fx|{x4h)O%NlQQl zNgZR-21XM43{}6*xuwWqrW6Q*YCHXo;+^y+D~}@ z9!22p`iK$mfYk(gb-zxwzeB&L-UqUx^!$F1cjuWSgfX<}+!3~I^4jR7kGARPN{`wN zPEU6?BMuoigNOp<*a9GCvq*e+AhJ3aaC0dKfMv+PJ6pDZ2~V&|^OhDpUqSBwBCuU7 z$gKP&>g78$Ilzx6YRWfmX-rlDEK&{O*X8__0`8Ik7bAG_yQplf`Di5e?q)yGeYa+2 zK+onYqmb8LTz&luJ&?aNKeOlwkIqZ;k>|D=U=X`Lct^~lDa%p6^49djnQyvKnd>pl zA?AmQPC&k~|CGe_yT~X{8Geio-(_afY`G|$EYaWBMt!SkIz8Z7X``Bze`}hqMvHF> zMxDyzG^ZKFJ@39b!XAvBC(K2T;dj{2Y;|$CjuvyxTWk+l^|30V7brUE#GJ;4x0gGd zc7OBi&HO_+y~jMM~ZKNOaYg6+h&@tvT~a6)4zZJzSSaC^*bJyu>vpb z4)~*e7Lg*>0op*TfHsigdU<1H=TFt>1Mj=-0tp~SQEfoxQo2nDH3`i1>6w3OhkfI>H z1oitIP`yA)OS_j#U|d})DiyquUneC?tq5F@c9NTR*LAd&kj4XMU~BHf}rQ^ zQ~EH^7`GtqjaO%jUJ9EdUm1akn*d4+_X-Mb6y)`O+c}9tB5>mmQ;Ane{1#c5cj)KF z0T)(JLA>;fvNwW)`ChaEmx3?pFK6S{<76SPQbUhn-hj=k4s1@0m(rjh9@`(wOd+C+ zmoSD-{RRej#q_`woY?ug9&f3c8Q<$X09y7yC;@$V_u+P4I-doQAGosFB4>=$>dX6v zPwFmL(}@r8)uiIjYKmrcz##@{X^bwG-a9w3i6FM1HGuQxJ@DwI@*>SZu5?`t0Foq? z09Ay{kR=nzr#hRjMsGpV`PKL4WG3~_3+Qnyy;;S*0H$rk6|e2)be`Momn1Ux7u4ga zjnQ;Ypjf~&vo@GGdffzOy+{8Ia8?I^5XIWP`U8Ll4gk}F6Se5I?B5fC%fpopE34XD zsd1Q*2Z?_xpfjTmN>NqDh(`!1?4YRxJQOGezq2D-`p|9|XREAxEAUCPa47f`S#(Mr zd-~Eun&4W~==jhsXFKs3s%D27j;tLCJQ0TagYi8;O2_Kkr4~^!ICy@qOe56t{2F)w zAtn}7bRqZGV%l)m;mH7N*_UVEfXc=YYzdf}wcJ$a7_e2ylaODx-kcgBjg<$Ov9JE2 zfxL65Gw=T7K4avC$rT*D2hgj$2VEk24YlA^bjtI`Bg?AZ1=#^RyB;k=9SxKak}uqD zAJku8AC0d6{6ND8`PBV@w8Ol2)GZb06tHEWqM*4imeeiTZ{VFLJk^j+;4rdZXxCk} z9!jDEHZiKK?RIYH-7~mu5N;7;&|B^P;l!%XL+FVDu)2U7pH=tXUF-!jM$493B=~D% z80}f9af?1j^MQD~IQD^$XG9t^YxVtWm!!=Z*xoBvX!v4?)|{o+{#pQsJYVQVH6Hx* zVLiCq;SMBwtQ8PK6nN^C4swv8&NF9O#Jfc9JzdzK6Xd~I&kq4MKR zB2*ofr{WX0m|+9BYMv*^Ei{2d)`^e_4+0lQ)d1u8w}|~@{`cxraoUHyfb={8s}eKn zylKwXx&sbKPV;AqP%v+%P#f{LcGurb5p>$&Biz zmbdve=ZaOCKFYzb}iXbwlwdARD_B ze+J$w@18CBv{XO{BYr+~4#GT^ri)O;QR)iz$PyAKH~?|LG$nhy zMUfK*A({KtZk+Zk-?$sRLla$U1hoA{1n+uJ@Ebs{R5Mt|af)XR}-DVzWFyX?Qh8-|pZKlPQjvu`Wc4h)Q z)3ICFhfn6VzZ2sTMYN=3pCP39#q>`XZezrN?t^;-)@}4dKuBGiam4 zD6{ESh!_aWB}2SD?C8=P-#zbO-P_}5D*#L6}XPVJ;azQ}tOI57Y|W(&-Q3t1w9 zka|wWaugoL{)X^}+=Hy^+**C^b5N85ug0#onisxtqLO@?it1G&BwXwIYZ1dPGot#6 zY+Mw?ax8TZa_<$!z)Rgc>^X+2SOBdxii+kD`W~@5b<{$f;{ja|;!4UgT5O7! ztE-OtzHW0VqQU?7!vzNi!y@xYltNf~TEEzW%8|@|^V6oy z7j)QpEgauvTG%YaZUM|~_)*2?-Druy+H7>E`r0SLiK2cY^&&0ihQr3xp>q@V6wbki zLoufkJ(x4yGd{Y~oW@UoRBndOUaJd%5O;uh?awS68GT5J&&FuLC-iI4$KrJf59t}Y z*ROfX;{n(-H`X|w4=bA#x@Z?e^GOq%=g=`agcb!~*F;kKqpUW8SpWlt;`{bvG`LvF zr8HWN9UCZPCdlmY#_N{|4UTtyupG%AzsDt6ZFvl@wUVp!OL&s^`>uuz0!W@*SS$V7 zZHnhGw#9gLKX;*n1HHriON(^?NmOBVj=ZY7$2A4yrMX{8#1pNfqkMR6%Mr=z#4c6V zC>?NN7LQ}Aw>;ydLWBIz@^#)s##_i++Eg)##V-Id1F@kRfB=0Hm`nc zA{*KMi8?gDMLZMsSY+TBq#FdrfAs&wsI!Efvl*wSo*}FDd~_r$FUj+J&&eM)ox}#E zy*KspbHX<-!^w;AWgnZ_ugBEBuV&J{{+O?%L`98fn1y5C`#JhpHW3b?NCKa#QIeQfrz@nkAAs3y89Tju9J9YHmvcX`gjSnQU$ z`e;;DWC(ijmX-Pde!1Dc&`xocdULJo!iq}SRinYaG`ul#p%IVRasX>4=hOB{v?lEn3702|j9@Gy zD0{>N4y})ol7ib`0yv0pf-y_Tb%l2pPmyaZyb*vM6WX0t*FMV>4tymkk^|7u;kF_k zA8lzb2iE(-HZ9)F(}&drG;E3Qu1@;~ODHJn_PznFEstUJoYB;ywUkOPCQ*8Wzzexw z4mxq;VcHChMlE<_>1{VGZtG?INA-KBP3yyS{wOb~F52Do09**iR?UR`^)^^i7Dmp= zGHXQ1Vw79u%}fNh#WAhNVqLmF<(Q{Q;Bo8q&F1Td^;;Rs{|6=Y=fdH`_I%AXQgisS z^FdJ_+=(F&NnKF8Se&+3KsH&u@s*v%$=g1aiH|7rvcnVEazytDLYyZ^+GQ=LDg84x zgC9`mz2x`l#i$9IQOX*2P-Od4(Gd+(VjwWGc~wp#y%6JOoKY@t93&=+f;<{mkR>+J z;fnJ1B(@Z7WzFGu-GvFW1n88dzDeiDRg#|}E8Mx+j-R{jAH^_SmAgD!jB-pA=GWE{ zR)NuOj>)+ZDORnFphGV+0}rKY?Wg3I{En0g)N?*vWQaGW0|B@sx;L-$Qx)w~vwurn zr2@Vgmr%}`q&z&R64un8dBKl5b0N`BbDk|qhI$!By<+}9R8P7wZPbxlJ**-iS}$-l z<*vVwGog?DOoVN>Xo-F`v6OG6*7Ed~-o^IgRVER)>-y?~SBceR=br=&&g>&UA9i#l ztFH|dtwoyfgLug%790Daa@?P@;Wk-->|w-&huJ8{Yo!O;U*=KGwW*|NJz;NIPNHwS zIgD-QEiMD-<%Xy6sIL-Q?g$!o#(TpDYb8#wa$Pon=ESmJqw4GZ1v;(NYA%1RNC)MEgoi*%=xdc0|!hK=(#A z!jOHQe3brW!6L7U^cK$>f$e=F3-55lC&Z2oBHfWq7xh;>!KqWr4A1Tc4nLn3w_|4^ z(W6H;1GPv>n$wVu@&{@i;XCk55LV3&nSn@l!#DhcRYZ(U;LS-QAn>Cwj_u?#;!HX( zHUIE?Q?t`G(R7#zA00K>=a`zkYG5F>_Me7rjqR)JIw z*zqa;v_E-hh|d>Mv-4r%g5=XZ=vbz+fa+lyU4?HXn;U^TIdj`IihX0?e=e4ig*S>i zin~wCk~Eg&qVD60i{F=qU%(+mP(Hrc`6 zLnSs8SKopku^(4zUhOIVI6LF;t`5);czqmN?YE`9&E*#(pu=Bk!>q^S|H)g_m3hYY z@0YcaD--Wrv4BMeC)UIx?^BnHjtljbiA-*fBc@DN$^T5tS~ z88Uyp`CuX^XN%7XH>d6`vLsphGe{(ejwxJ`jmw#$n{gKQU^0y!>9=I8}vf723{eO@-Ty8m6mFRYIE*iik{y$qu8x6&}H4`yagQ`1IJ zT17J301{jMclAvkH&W?5?%kF4r)AeF9NTeN$dHl!Z68E-+Gj)DbP0+Iv^ z^@scb29`^s!~A)8n4`WSYNG?d>Kgpb2)-W8vF5#`-8&Q={>{+g%0P2%+WScgLlT=d zGLa+$E`^0nga0o6LzTa-{P|J@|B|i!ZVV0aAhkAWP%sNs?T=6RaxYf^BVI90t=N`_ z%^@7Oe7sGlmEA>po7WV}wwiMXR*L+qybsBHPY})qNL{T#5|B7e9Uvr0uz~KUk5PSQ zfU)MlW?m|kG}k$~TjQ)?u#1dMG1k5;n<`8`NVU?ltnIs;z-|yeMY5IkfJ+Q{2;vch zm(=BhhM}LBQ=|AZr1jS)R>fpt+V6ZLJe8sdJO#?2cLr%kq4&H@3;%<5bZM6zLUeck zZ7H#ECkGBry~?iZVHue;>}nK3I1>)CFugPKb%ANe3t<(o zp{QD1EjDdd(r{qM*f%>v~UvMdwv?+1+@2kZ}rQ6_}<$D z(78%jTf(Z| zXnf(@@kH;S=LK1fYp`GIN=y063{Q6CQe8@49>1ZXUTNgOmN)Qb{($V`G(rCEKwXVP z%8tdK{- z(T%p9hJH9fEeaPB^+%>18ur)Y)USS$v152Io7M=du63~)3>CjKP*<>m94gmJJBBt= zkB?D5n}G@$xuwuyEjKUvh);(jY$lZo6i(r`zU)U`E&X54U1cp6k0YcK?$~takHVK) z5GT6CyqDU}e6JWisAl~L zdefANPnxgpW2FBCKLY<8((8QvF*=P6?iYhz&vdeDouKinhkIgos%{<8D#D%Vp+L0O zPGhvtj-p}uvnrt_;YJ!G0kOHG9lgv~{QNBTs_ZU2*gYVvxyR~yq5NadlznDso=UXZ z-@67D48eQ!k{i{L2UIxs!JgA)1woUPLY$zJW5EC5F1wV-EzYN1<4oeD4r@7#rF`S< zEqNmf!rw!4CTmo4yE$Reluz{Rc3{WQkG5W_OEJaZ(K ze-y?PU8Q?cPHO(KIzrU-1S)_hdY*yATb#%kV#jwf4^#hT!m8I^Jo(rCl2_(kjkGyP#_*R z%@>8?&BPVLf7QD>kSTxg1zf)=03z6A1|4BXAnhx*`-N+BF_fh?J|swv&6S6uB8+z| zHE+xly~zfOMC+9XH{2|Zt@5dt0QtRLkOkt^eqQ`)`d6PqI-dELyw2T^sByG}rS0;Y z8<=a&6tpOPP?u9hT5Xk;K_^`;xo;9$uRP)65@zw4BkUcvL~nINmG_Omlfh*rZJdP z@8Gbw&bc+#|u1f@z=$xvG59rP-a-Hy{*D>kZ%3)Q7NVa$8b}+U%ErZ#Dy=% z7(sc}4&JLf}qOfCu?6gvQ4RU-OHhQlR6~`*{48iv^z%zYpt%Ni#AmOei5n z7;YA)01CC-%^-J1c1sXyj|9?wKEAKq$8%vxvuhxW-3jQ#Q)fW0Jh1!7vZ(hUH{~s10u0s$t7*Re@^fm8a zQJDNX8#dJcHm5Siv9x7l(;X-+%HE3^ng;QA@Ta5^PGsSuIv)L%>Rgb0B*9aY`b3a? zqdOoL9lr!alTI*M){s8}`-s6GKc06%-EHZD=$SGxhXC~B7pBG+bL7zzntgPe8L3N5 zyhoZCiV;3OF7=?wjZ@b#7pVC3zd^f-XDFp8D2usV$hsrcqTjwE&!(Y!n{?SYKK(>Z zM)2X`k(2^5v_BqXI-~}hL)RF;Vk4wKOFT}M85{oKIiy9$#ru1^<)=2Sk+^9Mx6TKHN4q8@2L%XU*6D$?ml5JASKO28%&73% zr5$jiEB-Pr=DsJ*BjFdnVHoNzl!(xDZ;O_3zB=9Q>5!1)X0u)MI!a)!x>$2;6^nVO zK^-pt7~n}_3O)`FrfV|QBNwD9jKB)bR7=`Z196K;pUS*}PxNie)L?JO`4E_#fg1ZT z!xyF*+9Sp?8ttzS*>4MKl$1L`^@A*oI*O;Z0ET_zGTVF;_2s>5s0=@ORYwBGpe>)DHAGgrt+AtER3st2ul*|w zx%rbPw)liZmeB6-Fk141pch7HmgrAy-mHbve|uJrS`UFSSZ){xpp8BALc~dq!dOh6n{2!!w7oT|b2ieD zNtPU2J4M#bcSXXPn`=3hWB&16oBf#1?fDMc1Bhz1l_&%{CG7f4eJT7Ik`PdS$$~Ir zM#J5Yy%wV;_0bHIX%b#sW_F;K$4)i_aj=O=X6ryCaTwYGsyu1f2>_>hq9dP9`k-}< zPk3S?_X(T)DHB_i)yI{rk}mGMPPGZM!8^|^{B$OOA!*XIeBAA!WG8sJ(EvS{Gu+)! zRs4O1(2joTbxAAtVwAOwm4UgJU6}x-G^-N#p=yAREZ6R6BS@b=Tf*M*pF<{&@@)JmD;Vuf}--vc-CG_77n8(AaRetX5Ale0nDh)I;Q)X?{+t7vc;s{X=Ku~YPR_{mJ zekjjKWp83(hsNeqAZgF2L4r1mHrWD_s_KCkufCXq+9-}RZ;Q-*gNW;ww9agX@w!Kj z$PA87dJv?#FTk_Y>dZ9XLChiWO>Ce$Q$;pxw#P3`F*ubdo|rB=B9H*TM^~S1Yc}1C z3|a|MUw99BS95yNNOSJGv-9h9&mxB5xGNqv4J~9$xA{%Q!s~e_w0ySNABT>ROoPke z5{;c;lNqDI7m)m5SWm@VgFo^#q;zWDQ$io()y_ua%J$CHlD9<-RQN*l@<&z3b*g_i zA=Uz_4;7r!52G9=dk_i0@UP0;Jds6rN6W3D`lVO%P?oE;+U#S`GYX8Z%Rf#_S=e$n z)CchP>DZn^hsC=;PxnkSVm3SU^U1>8+^nvIWb*Mzy93!g?KAQ7@!%}@7XR!u?NPD2 z<_bQuaftGZEL2*E>BAKOyMH?YRM{O%NzO>p_u0(K#2=P(y4`#B76Q6s4eS;??H8;o4w< zv?0(v{Gj;f;~p$~1F%~j0%FsMojY38CdT505z_H2w!>nMiUa2HBQ=0EwFoq|a1;Pt zLTbM?QfeV+P!40d3W4yY+Nz;0z)eLkh9B7(gGui4W*#AM$JHjdT>0{Krt$6XAcmk5 z&~1YP8;?_k6Xh3S&#|ja(amP6pgc8YtOoD5bn*-ht=d)l_=0q z2o3o&zRe}qA5h9A1U_3`{ZfT|#cRXpQ$=gqqX#H^<-bwgsmP(4#)&Vk;?)&sPd5 zaV^CRVjBEn*7VJ|qg0e7e9Xwfi+{9h&=yy5_Dtx2Qcx=8FmP<7kM_0}?!}o8(BYCr zhcRoy4zfj%wqN+*^q{bh1P^gvgmEFRFOGR$iJ zW5;($0;;OC8DDTTT$aiu$->Qd(FmeBAG~c}rA|bc=rHhTb^T^-3M6SLX zQ}Y`h`FJ79{J{-uW7iXXmAdV4fR$*my_9jxlj5rJff5pJaklO6#`jLfvLh&$-y_@> z)6KM2-vv3@>H^T}_q2Cw$Lrp;SHlq~U(0EDHo}}?E%Py#B9QAp9-o5olpI%)iLdNR z#)V%0;SzfcO};A^yt2oFi&~AlNPh$#qgo|_Ag&gzCKf~dW3)$P1v)QgRSHRhFtAf7 zM7ABMbstnLoy*t#G#*t*4TyC(mXasfKyuBgM)eWfVT8R4Y5FnK?jK-nvi0Q#EBD*e z1n#%YNfgs9u<7pl%`YCGFE|TANTU2R1M6~LFSQr*j)^?Tb}@a(FN)YOO7#ttKdu>N zQQNys+kpk*ZG{O`CLY^RoZW#y###k(n+^2KX;t1D$7+K$&5b`4EM>uGLhVRq6I9fg zcGiL?-2*JG>-d-+=HinQ&F6=yqTT|eo@zRp7Ol@esFRkl}jJ>W5lHz6?tAu$$f zmGmZb(cO}rF}5jN_JkZCGEu+N6nKP&GRh}IPy;c)Ab+J1z?bvx5Oku4h4eX2q>st& zDe_d!11HWt4u~eB32KHkgJ3|y*|$-zTHLhp2g}!d7W^de|xTmPwtZ6VX zQ%;HSIWO4Cr>b?%nq<4lOXKB=5z=W0ekK-{WI%>zJIQf$%q}-Ol8^=^wr-_2zrUAY zYB-g3bW*5{mWd4E(+s3TjcAi6dpb^+P^NW{l2y8M0EOc_-+We8RAn$t2Vw&GlH(-? z{IQ%-hAHE8C@#U=4qpLoap}zQ) zKU-ln_%N3K!HdiVvOA`T5r9#4B$SQi2w|Ag9q-G+X#OGHDhL_e#lxl%K(63ZhX)e| zI_pyx2i^C9@y6`8>${WVQ8E@QT^A*!($EU-x%M9(^*43oB@T-G&0K4S%g9fig5(pY zv3gfqAzj!oYtMb@uw{T04D;s(8cx9o+a;>6sVw;K!PMo2p}mi;!;^(Vp594G;T8K$ zK43!PfnfNlaeqc>2dJr3$K}>VgarVkDsA%yMX*pIXiC-P7uDF`?-b-hxqgZp0|7a? za-~2BDP{y*n$V@m)2+XbABZ1z-S+XzM63ZGY-;wxebzo`J(#UH06@s%0PH-~{vpE% zlL;-XPcZ+rxE5hb+r>>=%X6f<0{hkTFv~P?2Du!3wa4)>k1c`+;-VC06gMh{xJNBH z7$msk)SpQ5;K{b~*e2-p4V_(Um&~{J3T&qRUGf<5pE){ywb*n?LGidb{(XAS51F#65uOutMTtqJj>GNyRLck|PVLb(u zx~C8^*n^CpmYBa5S+t97M-ta9F_l$*l0*8vPoEw1NGem(Ch#f`uLzDLuOC0awyU=Z zBYtYm7NkqmKbjUX_@f_|vQyzYa$Vl+_7*)aBr5b#w&LfZPJKI~J^hiV8~MBo?O!aR zFU-lRZG;TUL8)!zeQiGx${dk08w#}M^cdIl(ZL!D(Fot^D}8B5C;x`C8b){nM??V{ zK;de7*;{BLwF`QLfSi+Uf40wE`rNv2kD?#Med%h;p_s`uf zl8@X42)Z#}b@BQXrXO8fsNnZCwA9A~b|bO>*kF&ix)&`8?Q80sJY>#${I%fY$M+jd zc8{tAY_K5k$ww)A4t!Fmz3VVxuXe4Yp2s*~Jg>E*(;Q<%cgdQ*B!*2n1K?s0v{&A! z_|y7eBLBq&7M!mQaE(aA$lX3<6EQ2x0+=gj1q#$DC>`XP(xw#VU3HK%(|&(I9iJlH zA_uv=qkE}`1Z8t-Bf2qtsuB|Jpl>NGV73%V7Ab2YG%>>GO22<9g6@G3xLNbjLOBo! zu&&vmj}(3kV1RL;=NuWUcB|h7PBrM|G+ZBS#13eIA94Mz|MueQR_G^55!465<%?Z) zJNlYjmRl=5HkI4ux3E#5xqM;)r8;G4ZaPF|vO_dcpB$2(+dDxYASo>j@-Mxy$YeMF zqAe0Mp>b1AD@cc*$XyOqjX^i)z(=mP9wsO9veiM?V7i1%*H2#H9jq^7KV;(y(}o)5 zP!^3=iJKOmIyzQ^bO+z1n!z_L1^|_Rvu#>lst^=hFLGLkT-w1}|eICcX*IhCI^6D!7VX@FDjOnEAw*`La&D$QDf<49#rLbEw81}JPZHRiH_nkII73&VufZP7C4_ZbC(Cvo~M%t zp;XSw1Z{opd%V4W9j>iFf}sfq8jwz9fP*7v_$dXjDQMS;Y1dZ323Y)tpXBbJ!RQO1 zqpC8Y_rCD)-lFe_k=No>v-|qMvuSRp&n);xSj7f)pUdIEH5{LEDJZA~$hU&Jnvw!> zxORy??-RYswLkUs^=t*1?Q^nPwBjU502$T~>Tf)N>@)UY!v3Rp#sld6?FPEk4JI(F zqJ6?b-^afm}F*<$JIxwTZ5vr&FlAk8x>s$y@m5YFr zq)d^eG-+J`B`83El!==eI6kQ%cr?Zzv4EPeCBI#c)y?d}68xk%@yoNgdpbc*+>HBwv=Q}SVAcvU zQ?n|g!2?lfC)I4beC*@dyqvgMU zfRP-ifLrv6X zzFZOebuB=dX9P|{XUlH+@EQ^nUseDeRjhx)x+7?(EYQx8zu`4-~;ehi2o zS>VZL#5z?E?rAU?{}00k>EBK9Q4@@TzQ(57_&?guvv1%)E55Q&Hp&i6~DV*@Fy3?*8e^UNej^g zo-HW;_`bEI>@HbJ;(r_^#e4D+(IRQ=y}WF{^OW>|R3yny_hXqL(#O-eADiNTRIq%& zE&@*u|7Ab@^4^_}^Yf|t-zu#bfsH^#7kzK&vQNXO75||emV79Js-eRLnue$|7W1*PtD!PIwV@4eNmVsRfwY+2 zl7YqW4myqwH`+8T)~MCxmd%pN2e+c`-)#=eSKOhNN^nGj6HUY#i#@R7#2OhtCasXf z&cFemcG7nx#FAu0`7N2VD#%EJVa+Yu@58KBD{iWewY{uS1#K4w-z)H5lYBi7XoyXL z)vpQiVO+5PNZxX$?gCvx9tm6j8ZNfM1!P8JHHAxr#z z+-V!u7+;y4gb6H^qlFKz2o>$BfJ67AISO_)9#oSn!7|qux#_S8mycAgc0I6fSYdVjL}=aK7-}2>)_<^}e6mV8rm- zkl^DZLH|P+fp;T`CLCnXZR8RJ(**qG0fx?D0LKc;vKb5l)HEv3c*<14*(80;t3oZt z1ZWvbz*64{^wD%4~rIO?Et;#zs^kF?g%Pf%C+l z?;cl9e`mjitz39)uGQGBTDI4JbHDP(lkbhzV6aJJZJ7@74Y;;$BIeLm=TJyrTCHg{ zmO+!jqmF84-x(yiD2*}J*i@LSw!6__Kor%r9);kz%rpGl6V@?eA077ADs9=`2y*wk zi^y@`8f{U}v+_;fzdM>qXS{7ySI=3Bop7G*l5`66{7vfZJ!G1Euwk85mv`L$JHGN{ zcP3}BJ{kNsF_hgSBaf2it2tJ8*ZqC93)|ul{+#8>nJE%CWrg zRiu&-xlj-BmwVLI(%kD4oQaq8r%_B_FSqnYvT~zuTO(m}BrV>Cx>YBHLzhv&ee>@& zwFxJdHTOYHIG2%^rX*LQ+umQ-8SZO1f|I{2@lo0?Tj#@8#-fekC`z3*IYQH|*xpa; z@xdmyY{^wtXS0$fW%Td79=0-w`8R2#1vtOIzG}sceRXHmWY%p?Hd7NXEaXrTSD*FP zyLFl^ja4BxJYjp^pJ43Ge7*a}10W%NkW1X-K4Loy z_-WN}+4z|5>08mAt1gK{%b9=;s%-_VjRqZzV=1#1CPv}|3aH9gV5eBM<3QD0*3j_F z&{rXydo?AH%83GvvKj3qg78TzKeAB1z5V+=lDk@qKDpYbs6Rk`^!4FXLd1ku&*P_W zIwN|xpY1l39-jTR;9gswu{uf}ybfsaeTN{}P3f=aUs6GV`~7%bU?gYXTNCSRKOK$z zh_kPUM8WbhXz%dXv{8(R&R&#C>qsKcL*(DQ0aLl6n;E+VgqOX`(6|&vhSJ z$}cN#EPw4)O!T!EVTtvrc?2oka#~+&5Kvg3{r2u~B6M@DlecKCN8O4c0P&>Zo1|Ux zY?V>w&P1LHXBcxN_wDX_Er*`7<3L0vtK)h8 zOe&OPwB7#FY$!cv=WaD{un;J^mHfh%E}$m*#v!;mFd#-)x9#J+&$3QaKxTynQjy;1 zOLwmm8NzIImL4w``pBB!mTWHbbuJf z3wiB1XqsybUk6l9`8Bhryf8eEa^!b>`jlQ|hJD{{_TN<{4Dt`@2(-wI9rP zc6i?F1HL)H6l(4j>nm74_+wY>21!>E5}k9bmOcxJpi!=m6ns&V?dJcXUqWe>anUNV ze}}V`R>#;#cA6uZxo%lU%3k=#gj194ew--Pdal8s+!UIU($cA(Gyki%G@XlAIky2B z=>Hhx;(4AdeAX3ylzXn4dVxA4=nWeQZv{+Zc@S={0p?eXVFO`rHwp%vE;T=9VqnqI z%H%Q-=m1_^TD>*rwi~O+yWplCyMA_I1@N2M-V_DuZ3VB2-4dG*_H5KM4sbEMsg~~Y z!UJ-Hj|0r$eywgLy@^7xv3dQ&inJS!wz; zaGgv2h{G^y`=+VCQ>Esip~SZ@enut}iqgobVoZ@Wd*;SV^*!Kp4(Srengmu#F`e47 z%HUDO^?bdO9cKC)!(k-Y9^7jAn^cd_zq!J?nv6$!4D84%w6hrO%~6HF^MivuGl@*P zP?7ab!G6tx<*s^vS0ZE2T~9e&^z=LGADVxv-$Q?>VM_oKA~Ao$~X&30kCYjEh7+QV(x z{@v4!=YLoL7PBLiVl`l+pUOO-j*8w*m5X&Al}rAlg>!(Ei^uE0SoCNpA($wHVsQ1R zzps^T5%Z8pL+OwUq9mYcuhMLt&|-MC0Xp{v?ZW88&sfFlrTous+@~iI8~fGmw^yBB zOI-M~{vBbJ_Im)#;XL*&@6Y8m{c2h%#qzkHEUvSf35(e2d(C`3&@tdC%LUd$Zu;Xg z33Oc3`Ky4-<(b@oYR+DghGBG%^o1XdaE={_>ORqx^Ao%P1yV}br^O^F#o3UQ2 zUqd(rzjEv4Z`S@4-oKq>v?voJQHq*!m>YJLzZ6<`->u`o7WGc(^n~rQ-Mo&|j|v_2 zTGSt^P(NK{Zhg{rQ*N+ie6HRxIAi49wNUTduzKoUD(6%eJ6}M=yr68YOKtq7Gz=%D zZbDb#wg2h2aJ>dKZtDRyqn!oLz}w4M;U78a#BDdq{W|&OmczFyj*rKP2l^8e%a0hH z*a;OY>tkH;{OeX(pM!2oH`uEKyC)rkG5f#8d#sFdjEOv`o+;=`z4?JWq8O^H%Q+ym zt-I>n{>fEin;R^4pm~`qx<*3YwIOq|IRC@vu|CP4;@9E5X|nb&&acl*nUK@5FZMgm zB-d^sdq0H*+TRRP&J9XF{Q1tbG^{jkj=JHFjYc(gRZGjx8Ik>W z-*FvscIuPOJJHg}PTqcmd+4|f)O`FqQxxD?hA-RKS2r)3sP3f|cVsg9#HWES7^i*aRy@J5_MVitdknl3En?6;0;T8w8CbO>eI zcUq%CKQv#592c7m>;8IfGt9JGxI}kj;-}Oj{CxsOTk4gE4(FQU{LLC z!i<3EP-LB7T~;-elc*KbkE^;#v3FT6K_>RmX!k={@uPNU&vT!1Karzg#La;bF7D)Zp z`P!Q5hh`7r``vYSdNzWw@efIcu_rZPg7{l|>z@^h7T>KeC_DFlraXO-eB!JsvFBHw z;CN?S6>ii(_p^wU|F}_Sb8tXFV}0u-seU->^U{6QRb{O8HG{*?SRaii6j|!CY@8RY zA7;N;tUHo^z=e%g%-Y}BU*3FuKK!8J*MOh9R4df|7$Lg7SS}4UoR>>^{i1|(=`i(K zhHnRh#Z|!K1giUW-%p0ssTgwBk+wS_vU3jwu9?zD(dcjc5$nb?cx<=f_d=d_CbanV zzmFu@$y(Q(1S$j5k6pB9>Q7rQP2YK2k9-xOe~x|K(aH6NjWnJ#pfBJ=c^qOo1y*Y^9#@z34NFULG zi&1TARrOFw^mn;oQ<2xm!d+U&{;Uy7B4@yz7Ab`tjJWxv;`ekZ5{Xdh|G26xU&(+Dj}p zF+_|xXTQOuwE2=ed7&vQ+^|u)aoQgiWT1o5Rmj(Dq_L{zD!!7-pTHE9P6Yj^)kQUQ z^@U{oD&VHSej`FE;6%GU1%pdFFtg#}MYXE3|JSkWi36MU%Txt2-RiLC3pLmZ3>?-r zIOW08bI8{p9{)A=+xX@?jGoW=w+A3`RE>^8c~GxwQ5yLmq|HE0z!G%*JVYRW+$_Y` zhu);+`w@_P6*nc`&d|63RlylazlfvY%fF3NhljK6+-6hO$YFeDB?uCYJ^1g#^^LQI z)`fW-Y8%=y-iiU2`Gg2+=I26m8=RW6x=0nL$hyafm2aR zt&{s3fEDKcu|c_VT@*))#7>9oHZ@Xcma?s|Q zo*LyVCfF+)uMa*h*3n8iBYVs^u;?^*c2u|Ahp6u*VuOR$rH(mGuYX?l&fzWSE6_Fy ziP4JxHN>CkgVH?YuXrq2Kn#)>pym1G)V)m#kXZRd!fHA4MW7O7v)>18qv4Xvf*w|D z+j)1GICW297&!fs>tPvbOssD+-Hr|?L<9GVKPp_AZSp*d5t zs+H9h)S?s3C78CojGs6zJm+N7}SPBj#bfQ&P7Fsy8Zw4ak+xuID7<9>t(QeTK zuehB-M#!&UEPSSX>(h;&F4c8<^6zD+e=sZq?U9I^9jrHmL?PVae8b%B~JK7s-A=$w`|^C4cFyTn|-ir zl8BDZNL|S)^ZvszC(Qh=m)eg=FX9wdys{-wN_kht zv^_j3pJGEm2rCwg6*IxRn2kxf6FXb%DJ$(0BnLaFd^fgYE=SyD%NzQD$Cay|%eUmX zR>&vOyV9oiAgM^5r!Vr+yNA>L4V>HT$!gN}{>phyfz2peic95by@wXMnBuhrR05Wt zv|na+B@NToF^$ATV3Q9({shvCoZnEN+3z9pD14+T=sxct<+_0C<17yF*aGza6P;h6 zblTvEJ5^>IgGQi*Yw?;>fjXM;2Jk$7*kV^_a0+q#wfXy2_5k59d@qOFqipBFgRRzN%z zu^TXOnZLjyRqwS(zK(Aa@av|>yaP|oys)OGH)ExmyarD~0r*_sm90Wpk_k&d`X15# zZ0?8lJ8I8Q@R4?<;*LX*l8LC6*RL%PUSY2KYlO8q@7YC7SYnU`%i`ZNHZpHxCug4u zva@+ZK$^-pAeCZo$U5#~Y${nd77(#sc>i*5ng>%{h~JH4*v91Qk0A{qA}>)w*4Vo) z<&@fF%(0D8^lJ2@i~*&n6k*=;h%r$vefYEoEMSP@*@5)@C<#&ZGBMA2z*T{m8@R&kjh}JUC#Rf@_ ze48YggncXyx!lT#!YUwgR`5z*Uhog`U?lbaiRx7Lq$~DX+ zuVw2l@D5EeD0aO^YSn00`(3BFDsy%Y-^ljNym!4_abZP$Jsv)o5Bq7}C};CggQdp1gOGE(*rvgTb$^T@fmydx+fOFk$;d^fvjeFR7NZYB)^(+Nlb<&h~QnxXc zu(D7sKsT#9UOPn*zFte=X0$Uq$186#VRmL?eI|%~m)BS$GxEdO7$QX`)en6MNd(s;9B(`2VXHwnG8`V+z%fL53ijXtCh)3wp zQQmkTw-$SB2fdanuAF3@bSn4cWZU9OUy5)v|1CPD-V>7*n;WQ`<05y~>2@tCc#Y-9 zyr(>9{KTC%vYhe6g;{a-ih50rit%izqKn`{_QyJox;=Q!A|4B<^lGk4=7f?c;%LdW zE(MlMklfP+YPcjqZ`^9=F7*C%GEy1-M3#nBX|m{h8NiUei2bB_?%u16o`;$F2?NzL zaz+ZhuNBqIM~teS^ddHIIfAqd2AyVX8c!xvI&$y>v6L?!>}=ogq}rMby`1h(Ngl9` z(!{6-@sQy+()8F9L3^Q+4%VbCG!R~}dF=j8QBm2E*Qd_EFPV9S$7>^i(V}LY9;GNT6m1$=XUFL2CpTeJ)LO5FnoH8d*x12z zm8evzB5Aiz3$$vig|9pN^zuOu&WpUUdK^Kj6a6QOh7@a7oT3vAPX_XsR+`s~Mv@*^ z(OI|*J?nBR@W1T$E_@`ofAzfUZgt`Np=K_-hkDb~p8VGBh~zKPv#=1JBr0bClSy?w|L$N5#aaA6 zU*w~$SD@qol%yzwT}qC=y7by4m3WPwCD}gOw|Rs&c6DTL0Tn^R^F+g;R63Q{{+F#5 z(u52bT@5AF@u`(E#6N){ACc1z?iP@0N7jC=!1;j|X8Pa0=g0IZZ$e9hhksR!P*3JE zjF0L5ydJDQB#7FLhuCZ$|4bipR;(+X`saiaN(X1ub`+ z=xG%j=aa|fO=^pFqGf$v55QC-HfA0shhf3-axeLm-~89 zY@tiPM$b1+HVFMc06}^n&k;&LtbLFNw8VGX#yvo`L<_j|Wt<=F9%!Yh;duXvwDh6qTkzDdM~n@;GvJe&qt3rl zx;j=3xEWdZm^8pKgbpPSc>a}XThInL{(&(5aa^ExZ|K;6{;TVzqjg<&iLZxF;Jnp; z2L30~{y!$A!zpi5@|nOVfIY=94tQk@c#UfiGBPgjzf$&Skjazb8={=%;qmuv>Z)Jw zF2n$Iz?76pgFnI69q=RNc=uRK2p~Z@s#Q3D;GY!0y}i8?fG%=~0#TmHz&Mn`4nU|Q zz)E4f<)`ZT9$bS|G}EmQ0m1Jd8Gu#74{$PF7J;KHqdF&zBh$y|EHfoxViPrv}ngQ5w7V1YAmuq*b8FwIujx)6F@$l@H9!(lY2-Lxu*nydmHPN01G4Yh%#e77-|ym5FEu z4wX>A<@Bo3%GK$4KeEaUekvqHSULs9+-Qt1aO@DdKIl_tBk>^_bM0*vdmi%k+h+WG z4w6VHr{pv<5d38iylTNq6F}F4?pKSBPZ(uS9l=ivIY%~D=TnWQd%l#Z=X&Fqu}sp6 z*7bYs&#iAO0U~Jt7+N)qy7`6!JQX9)$b$5-u8ini)EW3*RP!x! z0*QU!DDMVg8T2UxX(Q&k_R0bPGshoKyY;An%XFcc3d}fiWYEiB$_1*D=;xQ3EjRm< z+d)v=&nG7*A;41_az}YMPbLvzm9=_W%D}P&Luf+SkM~Lwk6}HYX9* zap1|c!O?EAt(N|>H~%Hi3uO~7!rE2)0BMthqoff-GWmZWl+N6JbXeZVh7e%QI%e$) zw8bI1+up};<2{&$vN#Vi{&EH%Z~`9}dRo{e3g25kg&`?;UE;3URqizV;Ulku-WHhmM?i&024u*L*res!Ecj=4Gmm|SQ!0vw^%)alcH5Dd?@%Jjp` z0&VfoyZl=A6zl(ZA`R3@f)Y^RwhVrgC8z`peBP&;(~TYC4dHYWj0XzKdE-n#Zen(v z&&~q;YptR22`z1UdGvI4Tiua37y9VY9GVUZ@dY4D4M5LUe>8`d>os%lIh(ep)L(H; z)BWJm9Q9??d%5_^;7~AAO(ACDOFAg$y6ByCJ(oGR6qxTJW&$_=k^9a-0FH(9vC!Ul z+qK0ypV$t^^oJJ3J}cLM`O6` zC%$}AVBljO9xV=dItN0$(KOQinU0V5$`ST6WH=swFDU?3Fvj>fAq?0e^H?!M7=X$>1XL5#w_L^1Z!+w2@sUha`i zt%{wGd-P9VyT9fMk;S!}EdK%2-_ai?zzG*6WIxdksJqPl=BvJEe=?P7umHjBJD8Vb zfH#&RIsDeg)({FM0LQifDHtxl!-TQ5djUC-74YC9g=f7r2QyUGb&b*RY_F|KIb-i# z*~+D8gNHNK-lr~ll`h|vlf<+gY7cczSJNV(BU5E0dp--n*OI9KOT`GhteiTE%W5=@_b5R~1xz&yr0hWjxiaX-zJvP?!0?v?V|Pf0;MK1z0ylTF=} zj=aX&#irAJjf%7J4W&K}$wlUo?U4xl1=j%eZ-A@fg+*OyuXxS=sP|qw0H+cF&lX*1H z+&-OL-TOXd1QM${*RV>M9g%PLCL?CM62JN|$!*mLSYP2+9%Upv-(2umrqyT;uU*_7 zNm}}WRYGc{i?YV6SUNwuCFONiYUkngeabld#V7K1Ouq{j&K2d4>yA9kzpKlHTxrfa zIWT>JSjzo_1N6VgdeK@9nVh3RXSB^@btPSU?BsUlWBGMvY3O~5M1dL6MdS4&S<@#;=isx55&BT&MD>ZS&b*IbJ zXwqu`Cax@Ygv3#-4PYnEZaom6q_BSHTeq44ATg8&7?;01 z3A>{JHoJ@ElMdDCGZ@nJryCSE#W@q*8s=gXjaCvB{`7qFJ9EnfqH#sbAq|W07oK~4 z6*guQ;o>L960_8!P6ZUk(cZcgpKfj@D1Px&Np}lz!y}1h(6pqQ&VCzeTx5*>P+ND) z3ze*8Kc<}5MVZMMsi=)U9ikSn(6;xQMK;x79=p*SGm&Q#T_DZW;=8K0Fx zygA7UTrZXB+rO;Z*&e4juvJ(1@My0|*yOn*cBfSMJ`V%;iN?{@i@_{SUJt7QrM>mz z>KnKYp61zi&t4V`g>7e%to}@3=r{k(mAB(;#eF&QLH1%B;HyGq7Xf!#&|elx50LuY z09{&DM7j48q#lwEllw!N>aWgh0f4vUbP^Ej*#SDW_F~)bItn;XJKMsjzk}<|;>WTE zyy@-Qx<<@kbs)F|kidF{v^<6=b&z$W8iivrk)zEi>NMy75ODPeK}HG8mXth2j?QOD z`2@|W^^aoLWWlW3@WEd^S|9COG~d4fw;F_dvS&;I+b!NmF<9g%fJSgw$Oy0?JwMtQ z-y2loRREpPJ+&p4JpxXvV&%tM)3!5V2!>O2z=X^@rNTW(r<&t`xvad8lmJb8zi3~j z(thF86Fp=~B$IsTUE$*h#|2y`cAR0kM!svXV=`F!BW}^qqPOR2!+8==3zY%B--x-Q=YjBb%G%U7INSg(y zVIH{%T33VcdUH$y&dW{_XeoQMX0gvBqczYmoi%-h0O47yKSPvwRot*g)jyza#)jXH{U4Eh9=*Jdg z)gId~ktQZ2tfMkIRC7#{{j0e4;;7kS9JQyd_s}D~Xs7HBpW=O0NiGP4s!~Dbk(Q!v z*5`IHz`QO0HG3}YveR;IBXGgZmlLwkNKp8mnM5Uu>5%wPi4{4-vXi9y~8qbH^j zv&ioN1a5X5cLtKCYU14G+T)poejh~rR^7Qnw))pM7@~Xg@jVH`NEfWwwk<}buMPsH373oW|hx-Puewn>YvMn?rI)#QHDw&mbv4FdyK z3v9tNNieU#duQZBpcvE=p1Lolw&Z1Sv0(3?Eak2`V^r0E`dUy~g!m@QziRb0R-rfB z3ijB9{`W+JOdVp$#}_B?4%B(cOt$fh^^dm=c%(wCn0f@iz?O{xAiVhtVH;x>tZpXV z`rl$}FoHol7G(@8h}YEWSR~%50qv7b=h&3LeIAQ~O%=t$N8}wY1Ai!7u{c_0Pt@NErIBy~TA@5W;Ni(wATFp%oO zNBa>Zo)`-NV)W`g%5@g?3(&1WwSJGB502dqHI}f!Mi}72d?8wM)MMYLsRS(e{7XT5 zOyl4mcDg)2^7tP!h7n|>UC}E3B0BKY_+zn#kdfpwXjfWo_|f^qF~|?|;PTo!8^kj| z3NQsR0U3UOSk;#Jwok-`{9PKjvQOj)kS+dZyQP~)qo}VWtNXS}yrJq?w*ah(#sj${ zO{l4y`nG<>zVagpsmM!pUh^WeR*pY?&wM{^MQHPrhyVki#{UXi(}i`W9wq!pRV8}f z&jU#d!0-6nqWMEB+V#W!%A6l05OUDbljQ0FW0A$y&uV6?t?RlBv=x>sUPQXBuI_1@ zn?oD~1P~s2=8T$Ph9g$N)6jIP44^=?BzGfvOMS~ zig7K0-JcSN^cj$TQI-k2$?3H`f3CGu@dhZ&GA$nbOkj!EBIHezJY zYr+p9e~=n_R09z0c&?3A@4knMiBb3=a=!{jZ-bjDWMDr2_CBfsN!?kF=hVo7f3jox zyZdK?WkW0{toTC(;6S&z-mru6!{f`2Du2x^n^P1)N=g&XF)SKf2ENI%sGS8`Ji38< zJVem~n^;F!FWAmbdObY+F1R)Dj;KGPfdMp9yg$*H>rN?ZlxDcvXJ(14gFm*azI4V) z%axvEF2K2z{mdRYMbf@zauJqCr0Oq~tH%VNJ0cdQuGq{P9Z|Tl#qYY{4*)lY85=5G zU#T43m&kT6IvA8woUt99`rZkwe5W-YwZcKIXG#)Y()1RP=f!`f*5bNZ; z2~}&^oR`MB3kob&aC`!qT|LO%B2NU1a|nQbzk+aewq45CH88s_7{g)5j1C6${go3` z6oQcU+LmJ<(AkE!^Umw8Zt*k$neYRG^dNgC$#8{a$|ns?EaVL)jiuxoD@`Ph@n6$8 zVNhv+IWNX*Z1m}Zl1@NdJO;u2WQaVPzbezwTvG_8J2Rcf$|#KfChWA5&FjzLMH7EA zajXh(Z856!FWkc|6T)}eEVuLXj-UAY1JdnIWlPN675`5WDa9-n`Yfd z2oe=Ru1d)h!WzamoTpXsb>qY-N?E^Fd+=HEBTK?H23zvWl4W}}i)d}Ezxa-F8Xq)3dC zN#07=JPxc>!t^NLtkZB>0y!)FML>q+ zFoPk*TN~HHdXiOFsUG#}fTaG#K)6X3fUC4A22GMtIDkj@b70eN+p~yr-JO?)iM)PS z*l8+@sfCb1E_GMkLvpaV?|Ff{r9!3LgqYu|zxKuCK|R!Ky#V;BIEigBw+%L6tmCi8 zgg6U}SG;ZXAyjv91YKJ_j5uqG5{TE0hczWmqzmC~5}{pQV9$cLWjcX*0%1WcK#caD zyOxkbZHW72B~foH>j32*d$Gpm-Fd>8_^aYA6M9es;%>PI9kgz~mauW$$5?y)Gxg?S z!w(e$XEjYfuK3j;ZStPV@aw5VEc?bo`-0}fZQEH)WDBfV{io40&j7gECetEB?X#45 zfN#T|VXh9hU_Rsw)FCO?bJjcESJq703hXO>Ev$EmKjB8!Wu=dTKHQEQNaL~~7;Y(9 z%itFwBYkt9mns)wpf44=Y2vph>f%(NDCIT6^|0eJv+XxVWak0ZnD5iYgO2*8gKW(V z2W3wPb)ohAFXNx}m+VsgLQf`rZbFg9$G-@%p~2TLtE7;Uy11{lJbs!HQ4RA8zVe>n^)U%t2(v&YcC#wHL2@VHT#^Oi%spL(=`9 ztHsZs!L+QSNTHkggm6}8r;$5fv?Sg5@s87|zKRQdm5RJOag615JQTBRB zrEYoxda$9fnMzswiLaCAeX&t>Nq8I?+wY?wBuN}X@f@mkbU;Y{>fwI3V4Il7&fFtR z232^`=}S64)|;$NDcTg!Tx|mS5KL^6*eB(0s0CW>= zHuEn{(y`zk*z~E=={p|%0O5+<8U_jB&Tt;X5r0x27Un2+yj?f{1<6V$!8S zwN2AB(>AI(6G#~+rNfCnn)J#fs|NGI1$(FzOAwuB188(i!(Lj*ezazxFY%y43&2O+O?k#1F$sa1W|d zEVCH;sW^YW&^!8Mo_kwJ!IHUf-Lh^&>F0~dbfLu?KeJ5KB+9kEIwao;c`QO5N0y&= zV8P6l`zERW*e#vXAh+K^hkDYx#%SACyrV)U_?9I#sbk0JdZNe4w~&HE8CIb}%d!GN z4>7s%QE$D|o+7^^J8SpjN&_3!&`b&P$l=yJhYSZd*P?=@>iodtLrKR`cGx><*`CK_ zC!p#Ir@;q;Um!en^z#1W8_11&Kcm^~GB&29ZuFaXksh7DWD#1#(t@Nfs=}e1AplLX zTx7if9gm8%f9`vEsQWUUYci}5I&?KtIbLS_#Lh#yTC}nyX5DAFA=z*tCv*L>&UmG! zkHX0N2WyCJQ1;#X){#ilgTGLuaAfl_dMRRSH;4R9BUt=%^a@t@iKp83p#1Pok0{3rU;A1I-k4S@5=h^ z!mo~JEd|YlOxxmHl6{Zv6D8moyjJJ&8Y`-xvD$*VDop>pv}-5CEu@$Op>a2~oJM$} z`BL9$=&Y9@|nIljq3>*PYF*^xT}dXRva66G~mFM40<#YySnfg zxY$eut;pk?Bo43U0*FJOfPyvOS+OWTx%`BvSqtty-5gGLYEf=-a(Ws#%V=?WT>~=xaYo^&6A=C|P!nTda3KvpjNaWe2D; z6y+yh9mt`l;tB76ZTI@HSH5@Cz>$1022c2nEBd3Yl9lD0ZIJaLU2jj{rN@mN=6<@e z1AT3JJS=~-46BobZYDH2Wffm)k3~f~_}pG=JHbRA-NzSFw7eE!k>(P!Lv;Ik*x?f1 z#kgx%8pK$<_g~ouX<fw)*aC3hfNHYnw#2C~<4o?iWRwVC3v5OL)3dt=wM{fi4aOj9o z(LhP&`dH}1pK!OT5@EYBlLqR|Y+i$flWzpB+?pAol{lAKG3$E$<$nIprbgXbA8eU$ zrJ<}O4h7}*o;tQ+lUuF@ok#mNGZNTEvHG_ghgxG!VFVoD)&F)pumQ%t8z&k(uF~ec zD&-{YRPA$0HLYmp+r9c>vu6Tajv|fq{=m8Q4D_&dC8np~;_v zC)#rwST1gHG=tn$TISmHBv|30_BRK9_tW9R21PJ1yQs;j%H=Azs@A&$Lzr<#XY4Dc zE$6TRQS%mV3*^(H5|pVZ2l8sMH61WL9$^wEQobo8CUFA%UJ>OJgkNDzWi_!ACQKf2 zS%@&BTA&n$zbiM{W!QC8rEfg5;+91GyaTq)b8o#jwlQw!d7#82=%gIDG#hT3%muhMGv)`di6^s!xuGxB*|nZ8O?QVt~SO|u1a1u zyS@PvQ&Yt#{xpci#@Ktaf+L#OK#2ZHg5f!iuGr7tADx!W?3-0W$cBylFl0g~c!kIj zbDv?Tk5W!;sIRkJFahI!%oyI^?`*RvJYu-?1We6cIx|viN?dV3`D8pasba>H6Jvq$ zeFN=^nBdGtHq(J19dm;?>nI-!hSJ^~Zj;F;0R0CX!@oMVFXtRF$Zi>7WzpwCB6JHU z=10t-2_On9_{%;H6iLPMvYHQOOGqwCfXu()Qsyh#$BHe<1*@9*dGiJQ52yupr^L<` z!Su$QjZzngW(v8+%bnMP-?B}`!7(B&Nu!w^NrKkNtTXNsB#&^c<%z2Yx#E*FnpsnP z89NhY=x=MNtnQ_TnVFW78%*th&0;#ih{hULmNT)xVJaM>A{uUTr?A2~1;Irn=uftT zS6az(@OwEN+Ez8YLKU5+&5`;=D|jfB3p#j)b#sdJP5;X38|Z*=@3Aj zl-MVc$Q$0>#IZ*B`%m7HXLRc`k^~8i4*>N}!8=vr896uP@xod=aV}|oM{a&qr?u)i zQu>z8V=hBg+(mu0Q9WG4YPTN)5j9B5Jk$(*e-sad#gnqa&Wz2dDpvoyZxgG!xEki)S~O9$d5`P=30D!5B={ zsuISGE>%1@oOega7DeL3gH@BZ>bB;;#sXY<3_q}4JA&0AWFRtyYyk*3mp&pbkwl)5 z3}e3~u+o4g^pIfvZnWqg6M5uoVQR-VMb)YB&u_bWA8d7!LAj@xTb9wgD9sDxY5k#UWW6a{37gNNX`H;YazPz*isi~(i;`?mIqaU1gE#TR(5aFDCg z-FLT)xLiMrzTPp>bXVg?qO_fRp!2AA!Cx)9OYO!78?vgenq0c1X{MH}iIpc};RmH# zCXOWSu?%!`iN#2rxw}r7O-Oj#?RdWBAVCWxfsQmi85@o~QbLlaP<3y>+^D_f!zXL% zc<7RMy9x73?|$X`0ofJDMgPUET}^|nhk_SgvO^sngj7*`nFUfv~U9TLY`+U z(%1>ei3Toijk$C42mIjA2wv98zruLH8I?bKMs9yrj=(LMWg0L}~d+dDp- z0PG7Yimde~o&FRfd@QeYF3#eiwY=FE!5-IKFzkp=3s}4YHiFj&*oTPtjLOWUTba<-U(^u?}#amH92Jy0FsBC9F z^Z63~@Wyi7bqkQM+zq`!K4?Nl*a{6bStrXs2cF>XdCUJz8#?I4Bqfpq5__|+((Blv zWRD_-eQQyjg`5t<7omrT#RgJ**-9d^Y5<-gN4!+vpEAa z(2)&~2Y4^Ky8;&S`HNgyU1(c{64~l#!R-8fj?n+iLXn351f)I#@tFHn$&rzUOSYom z6X=`R`R~bvPZf}4r9JxhZqtw7ULDH*RRxqh?Q*%7%m$76k>FF9*cwhj=O&L~CP`Mn zU)BbAsr7Kqa6^uE?op0$?b%X?P8KSNzz_zGNnRA|j<7>wEeL0+7XqS`0jRWUO)zCOqoouxX>0SpjEGK)DtKuD|t;=N0v zxVx$@v7F!N3jz&!BoO73Wt;=wG^;B#pMs5N}UPVts2-)%R#_D N1zA-Y;BI{L{{e+~Yq9_U literal 0 HcmV?d00001 diff --git a/assets/images-for-sdk-next/learn/advanced/baseapp_state-deliver_tx.png b/assets/images-for-sdk-next/learn/advanced/baseapp_state-deliver_tx.png new file mode 100644 index 0000000000000000000000000000000000000000..f0a54b4ec34bbe282ed6eff81369428d02dec095 GIT binary patch literal 59007 zcmeFZbyU>f_b;sE00J|lbcujcN_P$2pfI!uf=Eg?0z)?_2oj1Qpma#rAP7vz}ltaaD(*S*Vs)R{T&eRiF_U;B055n39Gg!t6>*REY7R91rPT)T$J zdF|TuFbEF#ADwR_sn@PCUQ>q4Jn%H#$iRL1Kz=BcAi?fhJ7ktE`zCMpV?DKeI85rE zDl~$G3_BuGh721H<$Zfo=4B}(ek5dxQ{lmv@No8 z)FqYAmMHtPG?O?LqN)>bQw|M}kdC95xP7tTFXbj^H&%M)f3{iu?%9uztSYbWR8{;W z!B~Yqnyz!BX}UaJkCD1McZncjRVm~!sXHiqCl@BDzMN?&<^zM8cbQJA?h8Z0OMkoY z!x87L2KAQQ7~qHXzK3f+;;NnwWRFRnZRpySG#-63ev)hO7KW&G&b>I_?>D-wkzP}4 zT7AT3lGXKgQp>6W_{%iJ(Zmed&X8WEYQ_A$%68P?Y^#2IoXhAl zr*4DiZqEZ9!w{mt7#g7o^v+GIp8YsSiw4QSAQ3JF5@C(-lN9Ddq2{}|UNDLPrxEVd zkd|aFBb6I8f*ZYU#8T(4UHTm|9cLXM#y2R+GE;H|5dc!gKxQX*I~((a)pGbP_+0Iq<@J|1*v>GFuwr|-n%hY zW>MSoUCGdr0E0y__S|Q6FxPDhtQj(%U2&i$0mLr&`rvLT?RD_z8|D%3WN`~ZHH{8H{Cc3bS9$CLf@ z_=B|{wsR-TSplcJUm3Fg`uWcckC`$`Q_s0yGQl_*83HP*120(^QHjnpp?Uyg=@ks;=Bxf@F3Fc#2!anyYyBu9RPvDEj(nMT6de82eqKXdD{`I^r03vMTZkVe=Pmp0al05vJ@|dT9pj_IC@T7`fZJ zJ-nPQmV?tMpFNjImjdcPvB;s4ZINSqh|IO_&lG(8C4BQmF1OWKsk!@J7uz!4Z-#(# z^I6~h7&@1pdw~KyCC!)5M$G~w1W0S|6VZtdPkgqw72EC+`?#oRe#qUkpA~RfYvOnK z<7nxPX&55cC5tpSg4Y5r!{Q`7cDKhw3D$=>Vw4bQ#8uz?BKhb+9 z8?qS4{)Lp8Gvu0PoG2C?;R?NfJusz*lf2z`y>}yG&xGFY4l41|f(e!AA6+H4#29}E z6_ivDLf7bxp#2T&UnuJy~AJ{yh4Gu=Z8CUvd_0ycwRX8h0W@9J@SZef1;IjpN$ zHKZZd>wUas@3UEz!evnYg<8<=DKPhEjSNxp6=^cPZIpPNMwZ`EYKH5eGDU44*s#66 ziQB8j-3}VBiN|fBgnCWBUhiXbKuE`yHk__~YEsOABk)}h4z#c^TF;_b_920bFvg<0 z;}x`Y=H~i3ZQ-Sbq~^*qkS<9eJm=%ItX@b?V(D<9!BCpe)fM~wRoz#2^#vVVM9+8H zfMuVIH2QeFxn~g?rM5F`J6bGI{Gh|DX)ct8c8*HQzk!gNzq4`f>S)q&v*~QhMT!Se z+7f=P(71MRCg93X=y*s|s_Jlk)F?~RukiUoM=ax#bWN zo>JMGdCrAwB_P~qfi${%RY2!>(FTo5}UOs-TD_cJT@oX#NIdlo{!>IK{b0!+6yTcV@P8U`d6K8<*5<`#zXi?-*8!?*%^C3n$(~ zvHkRYyY{_bf+quEn|1DVg?23j>hcI3xAQ6uL3C83Cf%~}2P}4ew)PEt<=7f6$#Thl z{y>>k^!LwToAYJ*xfrRws+7co)Af@2@aug%SV39O_aZ8J;{*^%Sp{t`rlhYqy)Jko zve(ICVtI|Z?AebyEFlq3H5VDZ<;YgXEaIw~FHgJcTvzAQ*GGzs9EFITk)#Y4K8}OH zt2bzUAu6f&pBQUP=0x%f=@e^7UAP)Gc$TTM%1NdBq@M`bjx4Sb+C+sBFGhvqEC$M~ z8H0+%WD(WIb^lfD3VuJdELGgAJjz#^TOpQqb@4jOl26Tj9+H4XR_Cg(^gcC^Q3LCY zDmg<2PZDjPU$69yha;>zqNx^`xqWe%yjR|ZrC-diKFn2_<2fcV?+R_!S^c4nWNrNY z%q;+|;B-f;E3*VDR*UZ}oLgMxF)SNR%9@5Tq|XfB*p`&0v1P3(eH$!kstjFDcZiZa zpGtVmNDND6G*T?bCJcN4qe%Cr)f$W!be!2>z7r>PS>y6JqO|9YP=DiG9DUBiUA9mkNT4}+QMw~yV|Y9p&>VH2H#~dFd%Z}E z>@cagecP*#22=>6L|?GNvK|z#KnQ(EGt8wkGriXerYbp^sp2Cis%#zeh>66TgG;4z zn7a_-zKq)NC*gZ|CCsHp?SG4V_k_VE5iwe=OA^|rCNgWX8^f4>TM>a`2bZX7FHrFr`H;- zD=HBWM-CU3tX7tDu!9-+fFyZ^9d5~wE)+Zp)Z+1GT3jl~V0bgX_d{pvQ}0Zehi=60 z$*bsOBSR_+X8q54k7fe`^tB{y25&9DNHUba)j<=FA5N}KosE}M@cj8T0hR>JAb1_s zo@_C57hz8HGNWW>60tes^cpBgJz{-tU5~oWnK=WOouAXqhT|zd$lrW-6ynO8t?MxWJ;(`*0$5v({G zZJyY0m+oq)N~3fpsA&hVg4U^zhg zCd`vlWt{AF^SF%4jKU!V`b<8nPkxfbl}bYwR^=@}l*%DJmCdiJx)gyR>w5BrGd%NA6L<@fk^mNtlV%`T#)1XMrECD zUOnX;#lkgpDxcB0Sv|XTuxVq#clD+;xJM2~0+mSA z_ms?Y8WILrnRVgzj3GI%Wxh8^a&D-r6a1FbSQwWe4>LuwlCxVKQ!{gp+h3^-fPW&B z|7SHM=3`8ywR1hrF_oVok&nEoQRWc;!~+=rR7$$-a=CZaTlNVVwY2@t}vDTdEL4utpTVyU{^ zK^wKyFY4S|6}gJr$s9(S1lRGS5)F60@k7fc@L!ThfrQNE8f$W7)pm3*R&Vv{b@GqE{Gmu5Tns*4&y zkuf<+&PzwJm5Xs#BD_tf2`5jCe{^+!S@`w20m zwI5TBI*G(KN-e7+MY62oe-g|Q}QnS zzMTuIIYE~tH4hi+_s+k*xvv%E)!mJI?`XW>z4Bll6u*fUuYN=UdsUr8DV*>^le1+$ z{H!nbv#)z4d6*rh&##d^RgwDLSx>xi4$_3_#UhbY4)@$>#aJIkY1s;%8P0Ei-2X zLfK_cmNC9B=o#Yv*>{|bQY6{MOH*;E&W&52p`8dUd|AXw{quHmec?pZ8~1GP9QF+N z37e5>M>C(()x6DA>&)kbOwV;}^ukGFFx4>?>$>HrJ-apK;LKRUyTQ1`?u0j)c!XQd zHY(!KsEYe{8C;RP6n2bW>eRMLKWh0ze0d9%y56C88O3W*dP`;rS62nFW6oYgcHy{KF zJV&w=nGsK-0FGoQ6em)4@M!xybQH0NZUfcj_S5ua)ok8&(L$JAT5!cdb^R2SYu%Jr z=SP(0UBpa&nGEPom?@`U7le`OHzqe8;a<-8+2zWopX5WNlbPZ<&F6|l5->!E`6Pe; z#5{IXx|T7+#0Di{#uqLG;E{W*Sb;WN-KnoY-k|E)E8CWE7gc27FtbiXxVW@)IQwvs z(WqO%GF3Qc&aajCai29MPris;xz^>~m4IPp(+OX}&77irjy6_ly=gr^qy~7Y&zwNaN!XeN4q0|{LtLJPRvDud29n_iCCFspT(dWMjj3E z*BuquRbn#@a>NqDMRc|S;b#6U^ycQh_bfVu$4mK;iG9aoMB+*;mKy%Qm#dp0s{WAG z{c|WJC-^=1yA{FlGBc-5Sr$aq@X?QKS;m`?TdIg~Y!h3K{MgjmVoVqjYQxOSih*m!-6Jig3U@l^Jd zDz=W&yj4b#zLWe*2s?o`-C(0qNpQ=r>e#%mj?EWVJ{x6WlZmc;nZb}U91b^l@mLg@ zC`6Uhs5Dt9&b8F@j8r~o>X*PgjAAV~9HH$YVf>G`#dyP~y^J2*|g6 zVQ2s@2iqB-U@aekr|?3Ru+86vBA?>GFd;33LQ_ApxrP(9l4R+y<(I+!K1DTfn$!); zYbZ4{+eawjYlsW*2zN609VA4-e~#%G$x7fH!r(Giy=lK@hMPgl#l0DwuQXb0Lic(Y zK3t&tRUQ$~R9>1{oAVNu`XV0Mbpk+3<6iu;2GBmnO2a=0!g?7aFgOGloQR)mh^?kGhZOu!7WF#vL#|)l zDIVI`4zWR%&{u(sT0=oDnkpo>mO%`7#0nxU(V!m?xK7s1ac7??jCLME)OUY?Jo1Ez z9?p{=VlG)=3&mi*3un&1VpNZwAjfHLTRnc}$cP#LUI~Q~A8b%!3I1+3(=fi;VhZ;N zCy`+UP=U4WNa1tKhZ>u7lA~{ZDY1Q8dR$a%$sSzcQMAdt2 zZ%KB%uL@v+Wz!S230iH6!Kwyts>tvAMq#pkIA0=B0gjsfinj^^t}Zo%wsClQ z!-m_-v2&vR*>e`}5o1u;22ktB+J(1x+IS2se~l`Zr<|5cW@h0m+fl;0I&WhAE2r+G zfp;n7f!8-Q+ANaOC#5yuXXpfSMGFsBTH1J{)#v@s+b+#Y^NF11%J8RaDoSp9r_Rvc zop20+o5JTg_%OoV4q&!vx9S{!`Af-?i*RS?_}fgJJ?TcIqG0|2<2RimLxIubwohl_ zrg65fYxPnkB)lv(yG~c2)B4C--;Q1zFNrLOLswy&aX8F#6TnN8T*OVCZJpf|3Hv$) zip+K1E+p+zGil76U2ltO%K)%HP`mR7-j?P@B~l=&@}WEAfv>Feo=?WEGlzHY=oJ|j zvDvdnvy>FC=DdKJuq(NA@;*)|x*t_)`RSK#UNuB@t#nugj~QUhj9Ojl0Ei;u>7~F} zRrtxuH|ZVcFxTPD=ac>Llb(8;3Zf<a9B6r}xec4TgMWTXXoVDlYU#(76lbT$eGuRCIbe!lK&gjHZ2hY6 zku@BgXF<|7hQ?Sr7r3IVTAzqjRUX~gU`$|Y+M3gLo-eFXj^kI^Q)re~k zAH_8ki9y>u>=jdH;GlLJ^8&&3X7r?kV6|sj5y|RePlM=1M?0vZD_iQ^v|-8oK{PLN zF=Y`otkG-k4tU+HcT!al?C`ue0-MLIDlfx*@JTXK`YgT>S{^)z_#w>aJlpWhZIHw4 z<_Lv3Uhu0RE^v~RZYCuRf_lEa5Xctz5Xl--iet6<0-C(vyAk5~*3uC91mLd4ju3r3 zmtehygp~$Y`rFj%f&kt%c~0x~%K0GEn65|NI)dL>Ew4ew*a*oQu7{VR#>_cauCJhU z7if(y5+rLqATEmfHCo)gFD!+~5PwcmHVs!l-J1sv@61^)WHUYI@x*q&keUp20_zw6 z+};jAGw$cRU+d}b1MsGB-GoG>1R%e~VfchppoQ`s{W-9nM1sdCq5Jf=lAOHvS1<(X zA(A-IGAerFYThR~ZASTsb)Fy*8Asx{GPHtSM+Xq$UI6yYn(hLSQvFV;_)jG|| zzQ+{Trlb}Hfc56q;5GmLSN)woa#bnCj;CBQe8sze^zr*ghkX5&V%CHS%Z^j!r{}M| zu?{uI`}8Y_1-P7(U4lR&IFj0jWmq_Ks>rO!j!sY;jcpYwc&Z%ffktXbR=?YG6ui`W zvMMXT0!gK;`)Eh6a=rGKiUWU*TW8sWVn$H3UJlFD|K!Q&quptbSvMPt8S%QBq5MQs zPSTN|sMn>^C zyBuE=0LhM2SZj_tId>(p3i_QMOnJqL?}ejhOMgmA5{362KHH6>35;o)l83{(INCv$ z1214C9eh)XIM3hNEPzoCJ!u?YpD>I5W$zoINdTUalM+K7+zf-L-YlZvOa;x_leofo z1(0d2h^WoSodI+~uB2UOhg*dA0iqhHMwJ!@T-N#{0J9Z|KB&L30vKw|`ZeOY7mv^w zys6hO^1DW#3%Lv{J3&Du3@WhZt0vV}RBPUNwou&d=y-gH^sjHPOym?GIP0TDMnd{{ zN-`OuZnWdAt$7?QSYZMsb!&GNwZ6UNSjeV}p%!p%4)c}1Pr+llL2bm$mOy3sc9qp+ zeN~CL%nQIBwC@;AVpjUW$+p!w^pZoD*6W?jZQB@Hk--F_r62j)ZN04aoD}pc3xo%e zVYo5kZNhK_>S@)ZE>08)r;lX_KRSM0enJTPq-8oj)9y-N*prxZgtNBoM?+Lk?c_bY zbxJ|gXD|X4`z7xU0`V1KeXmS^mW|iA}SQ zl{29Zw#$?e^_1X{t87Plwi8ASuz`b&hefn@SQx*^JhfI07alRBp;XvVItVNaNuIwF z7?|WJIANAn0)eBYzr6F@o#%Fz<-&EGC^%!p57gB}g2~paVt31#1~2Y3SvYbc8GWMT zA4KFsR~el#$`~V^e+J^#<%bKIdatrlwlk8HgNli!+V^=dON&cnzE#XOA+=U;4fr2mura72)O zR`g2^v}2K*D-)oT6HI9Q1XoOd z#gnXnhH1n4?b?)>)HC;D`V)KpIv?COVqQ8uHf?#m)xmKeVIC3vGk$GWQl~FW+$=O{ z#@3u^MAjdsI4AXhN(iTDaoGV3KYs-BDosajJPC3!{rG_6cpP*nOW9oTha)9sj#J6< zfs!oF^jXjSc-?qsmdkRo{c*~rsUI$8o@dH>4}KfFn-EAu*2Z%8DyDFwzaL7SW|rum z+}TMG*SWlpVoC4|;s-~z(g-AvlbI85Y;$tEsVs{6$ArUDLEdorRy9%O)%o%Zas8j; zdPO|d)|vhTroOu(XHS0hkL=YE;ccWHzx2PTpQsqhj22lfQ*_w~U&D4$z~@3>5P(ML zn$Dgsh9*KOrRHEzHN)z?VjM`m@4AIeNk=(|V?t+nQ1{>ddgAW&)j@A_Wr4P=rfe?N z9p07hHk|*-XVB1iU?}^0J)yq6_i7xtpd8Rj#_JMRevzQCTsES@AOBq>4AWLAbITVldhdzz7= zs{J%$3#ov!7!xlG;=2YPEB*G4Yz05siW%)s-l<>fpw~N2(@Wmp5%zJ?B4!aC2pHr) zJKERW*o6h#AM88UKHzoqJzrw>aoOUuow0~7GN>B7eXwm+(wDiUq!Bi$IC(wnLA6=R z)zcw{hS86DQWNq|5iZ{sMD#vPagS7=upV8cWEr(B*-um74LF~nr=1#_@nrhCW;Qv& zy*}3a?IoA>dxyqW4bhU~4Abq$ikVxR<6W^O4<|EIdG8#be5yP6tl_3vmAQ~vdPTo? zC4iM#*j!=^({Ea)_h|w4LaMI>*gEiAErb$|)V5N&51Eh_K0ACrb)TW>bBmQmLqDjB zN;dV(iG3DA435@Zh6*p2&U*@7Iw(?evGqIHOWY6VnKThDYcklLRtKRLALK~y%GsotVawa(+gY8VY zLU@GEy-|a*$F=I2d*Kg1xz`ZZzb|2tuHV#~ncnsvC#RfW_QzPBkC;M>R7+wqk;po`ioH8%?8zy zGTn7!OOM&%Z+$ktAsOR4I`t)*lqvY+Jc;wU7IgloE_da1jia@V)uTm;>d7&$?Xl*7 zt0(sT5;GdYXBhR_Lq$jDNu--$CC!yhqwas(M^Y=<6EVcrmyyn6vrN{R-87^sT4h2$e)?|N9_iv#7ShB`YikI`?#} zA%o6$vFx*Xn|ByYJ7M~0Y$!MC7c0Z-%2lbUXPGYVSe~p5&!Lhs>`bZ0CIT)$JEWLC zV#_r8%H2?2TP0jn$HJax{Jmvs!!_fF_%g;PH*M1Dl4IZgUCoJrPjtzpjc^1>s0wL_ zbRaN32h`463CUW^2UQkj#G837=9nz8`$bOBe=2FD_(DMMqpMAQfs3Zm&NuNlPFL)2 zE;qW5j->*Y6%Z6$X^zc>#^zt?T^gocU2OLu(Dmr1VBkOsgcU@cD+w}_Vot=`jaP=nNQocX|0zt zb=gGPhxkF`!qq}ixT0 ztsbvdm8_c4H(P{sv$UNWo<#c8KP9l(T_>=2jU#gJPZzR#FnYv29d$~wCK?_;+_-f5 z8bf#c{?EGGf>twP+-cWlE)386`w9ah=-khhW0j(PR{bXZ`Xg}y*G3jGs;_1P3d>sU zi_2jm1e;YNd>aFEn05#0LdNPnj(3xd_H~J?cX&REM_`tZZSIi`w+e=xV=-S!Wm!*8rY z^f>yi4L^vAwE4{C99cN=`Zb;Aefh-LT5C@r@7oZv1KbOb z5HBtxfwHCE34>R6aP1Wl{w7s}3E`?dVzZ~mjor_N^H-Hrf^n`Y0M*dF>i+IX?cPUk zL6_6Jv6Y@I6y|dkJk94*o2@l91HVS<-4d;#&|SvUs98PJLr05j3VOq4UFoiNBoNEM-$EEFt61I+m)Ny z_h!V`%+`eLGj<}Bbdjuc7o@2-Z=+CGm|?^W4i{&~{SS)(-w4piARbA2<-s>XI~AfM zB(DI(PjePa#n*9Yw2N~qa_b22kaE}G%kKIW!o2D!M{f`9|H^+K>nwkKp!_b20Q+L< zmI5*5_7blH#(U*OFi4#{zrHPkzhB`721kFxD;Nl1+zM+cTTM;Bo`k?Cp7C9I!>pO= z$=$D64VdP&M`?P34(E_##qDo*4H1nvdA}4avZKymJl+|d?3&^zlndFC+{X_ZsmtLH zv=qQJRYtpr{TIj%w5JIIoLlP_R&oujNk!(Vq7FzH}>y+T+7c)eMi4-)fpAL7fM`>v&BrJ z^1XH)+UI+>GBOOuo>x7qui9hgJf50p{ZYx8ep1=%^*H-5z%uQw(`s z)5CkPl<^8{Hs3eNdG(5jnu!|Y+Ak%C{zv21n`@s++$9WG-po(WxBut_B$%bF-+~tsLR_LCUa(m zCCg&mJlp*aO^&4#n|K#SPhFYqCQIjAFCi$7~jVWsj^^t%r z-=i8(m1yegV{ojxZ?nX{pte<>L}%lpIjce|%D2 zzd@Z+3dQ@T+62cV2>CsH?cIWn8%=F^{|iOy8VJQ+hNmf=SVikd6E!FmE8fs#*$UmD zs*?M{R^pfeShi1HU+=NZ@0_lm^zCrfXp z$y)&>yJFh8o2z&h??NvW%vsZV21w>)jr;U^zbx@h|6;S|CNxb)VZVEK;j7p< z69<&U`y->2H_SdTeFG$R2R|hOBGJ+6p~XQTBCncEDv9sJga3tZ=tB#JgdyiCu&iv;`O z-?Z!Qs#5hogK&;k^BBfo>5oL9)F-J6^0_g44(HvK~2qV*p4v-=yXwOdroJi$h0wI*3f zTNVrzN&O|unSN)vB7!@o-7f7P;;&xruRBs=N2uYk7*;rJHjfm{tQNCpuJlA{N+sWA zOL!?0_iIcN1W6sgX!qsl=crFq1{G`i>srfXw&OnGbZ&c8wf(cZJyBa2f!rRNrI^IC z-kP=oc|`XXsiq43()M}02xYswYVnBQXV8--p`tTf)^C6O z>&V7PQGsIT_-Q(IZI#$bhQPK9n*Q-EfWA+hNRp6x;jnEtO?1yOn+U*jLZ+7A1)2ar z{%7`|wOzk0Y0(#iO|X&f(sxg^Z{d7svCLz8rmw*IJ2}1c_qQ^bqal}hS^mxm>8X6y zqK~z5Rmjm`O4OdGjcI(0|HWyofD&CWyW7^(cu^S9xmpecCF@Pus2A@toUaWA+Ib@7 zGAcLyj2U$SO{-|yebV0j8%JKvMfgYFaC~`5Ts%1`X5LOg%T6eOv<@OVlHq>&4G z*eJb|kZPxa;5v*t{T6Qc%*g!Cwsnr`}r1!mekRh#U_~1mUElb2@hU30PNh@PbY7S zks@fGz(70!cTLNWZ0Ow2LfISP&eEog^xF;lv8pG`Pog^e*s^@*J0aSXgH>oIuaGr> zf!zVGa3V)J$vDg>t`y1<_??%L^IYw#cU);aiC%@3`X5%LOLu2l8sJ5X>c|CfD3J#% z5idrNiEP(yH=Xt6#>fD)b=+H90T5J;B?uR>=7YE5DYEbF9t1%{?88fuy^mXy^pUI~ zf^#aGIxUQ3x!LKFmYh<0tPE*pd4#aphwkjOMn^WA6M-0R`H8 zzQiQKsNL-_@tFRl)2?&~D35ucS;R~UyQgYh?7=k^=YAhJ#-3b;$^oLr>76RM1y?vB z9Cr^Tm8+Wa831eJfRaI#RH~LKJ`T%LLg@e!pm8F`I7qEj6j1hU3VtOD7*pg91DbI6 zd8wB*k+g`xG7^CH#haJA&z><4jWfH+@pPJug+f%vI4Q)v05EQy6rBRP9j@C%wC1am z9_vLqU9tB4*lUiu;O1#IATXETOuc{Yhu;iyOkBBYR+Lkp;VXMgFfg_cOZKV;Ou_7BXcc@mK;fR{X4K%URg&8j@ z#gI~!hgsa5hMCj60xR8GjVc| zOGo9B14v-Fb$yy7ltt>vH!^+rq&k2lo0#BWuMNM8ufwiwS!H_|h2fLQ za$n}T_&@^SIMuoqAduK!vs~{f;bN_Vize0JT27rr!Ta68AvEm2Cd=LsCM;c;&$bKn zuoQ6eD`h&yYB;Y{XwNf&wv)_RN3M<9bQn27;jeJHUeY`RqZ?7Y-HDSxw=JU6_))KD z?ckG9bur65czR9#i^u0mD2&y}Jj(XpaL4>I<)x9zVFQtqS8zn)S2az$IKW2GK>o!> z*n10Ho890+6aWs$_bxZUSUQg|Aj_xgiyGX*04rK#B%;Vm4-NsEOPurLL2%_ zwV@wOMV6R(fHNmtXftw536C`S`5fP<;&EB(d470rctA@Z)yzZzw^3qXIhENYz`Fie z`oU6m6n8n``j1Lz21>ew`%AxMR5yodH8M)xxHC3D?%Mr+U4GM`dpC2C|79WMupt6_Yl41TE*dp`E zWep1EhuBu_jg((Td7w!X7`15T z445sj6b2fI-azJpP4NKAM?HlAIkhaK8sz(H7r?68$0ek8)p)&_T-XYJ%!)Yb#J52Y zVXe@bL61@pm=&%!A>Dv0=sWow+@?TZog(YJa>VU;O>)Z#q6SL+ZczPwUk3B7n>U5$ zZfQM*LKYb$r%5Q%_H`L$K&y&nBOGzQ&n(A5VKQylin* zhhaR20Rf-N18&rDWlyLSRM(?R1;7)FSUG%}ZWWpx~bi4mp4IJW1bL}Z0#Fj+#sd#T`XF)X`p&-iHp zKA7XPshTpSsJI&2Pm8eE_n&;L;{lgXj+o>^r;^Wyyk#N(CCZ#dUjGrMy>%s}Y691I z7nCWDPCfU&4u9Bv7Yc;5U;9xuUU7H z0Ha{EiG+5NVS$O2M73-PzI8RY*XRjwqxKAX+gGqwoWNGV^*LtQ=+e?sawAmNb6;4K4@Sg2}3fQ^+ezs+g8Y z^1B;gmik#a>9#%kqS2)L#@KUNg}a=;d=;gU?H-*~fQxI`2i7)x)H@;niiCoB=onn4 z8w8VDBY*>4O*aBcXFEtv&%lMz8wofh0@08{lll>G^U+EQESOyWq`R2o;m6?~aLdkw zM#1Ek%MM_D;5EhE*N_FC`uYLdC#*KJMKziD{lFy~l@xaEd0{@WI`p;EP%Z2TT5hal z%DZ|S@7>l%8l|4kf2o=yF&PXc1c|!TfD>~O1WFX_*P{>EBZVdpmN{(IdD=r>K%p3| zXqJhmV3%hEIw~IjZJmcIh>47|7(x&MCf!B_;G{`;}YDAoR?ZkZFsMP zx<6hwsE*bF^gj4p)`~X*aB>+LQQ7YkRIpq#bs|2D{E-6^D2t9T_TLAkP{<7oXI@N; z$Y>~hnS-T=o%PS-Qv-p9t;VzsA=gD-i((eQr8&$C;JUVWX#FCk-=UFNGGA{51Pce~ zy5+TO(0@b+Uq-UNdisouNy`;2Io;8O!C!^}ODnMe&D&t+u$5i0hW1W zS-}3sG6djr^RkzVWEfsxXW68Q|7S_gyYV|QHN)P@ueWekFhQy7r*)`*GYb)BPoaM3 zLa=|ZE4}Mw)JnQfKvdAKzK+gcT9+OH)FqM|LwC)@Z@NP&$h=wTt=5&@(Wd(2GmP9o zsiL&9jC{auT{py32>$aCK7e59@R;JM&}U^RU2e#~P6n3jp*My%SCT z{dss4@GoAXFdbBoc^I!M6N==&2n>!~Yp{keScA&pQ32aO`!Iq5f}Rlgyu5@qfgD1lEB4VJ$dyj^Ft6ai7+I`53JBBI~-y zo9jYakS{}2_<;$xz-aOBwd2JxKzPO(h-PZ3AVjr#iv{En<=r!bdJqngWV3&`0RNZ* z#9N}khvaN3G(S0%2C?>6%)Eeh>Vcpv|FJhHHiR|25MaUe8(jAP zsK$~ID9*s*8AsY2+68I?b2Ic(FY*4yJE_$F;!iO=@2 z6%Ur0RRpOWP*spUgYrL?mxho*fy3cLjPdD>Y^`W|H_Z5ax_bKVRSa6`4fd$yKJw#A zFhR?o(wJNHkNkz`f?`F@?^EjGq=J?>$B6yebbL0cs#qBMHc33S#^XPy&7UAaXB(YL zHslJv_A4b6$%)H=O5SuE64>x{A*;bZ%7O$U(agx3A1l?Oqs!Ur0I*bH1z2^3_o~SL zIe_BPa*#DPHnI~SD(@h+nD<@O#UQK|w2hLC8Gf7)jN znLC67zFyhxt-61o31tZUE}RHW?#C5K;gSn&F_&Pt52G-PzKxnE=$U~3yW$QFND0lb z{_+br!k4cG66L66%kqym$+l<$)11S_2*7Q}-CjW6Xp$+4`76z!k6$TtQYYQyoKi)$ z3xT8eH%^t{UuO>5Abk^+(qM8QgRva8yz&#+iXor842k;NWB5K7kzog7cYPR7@!BJCl0Zqvt2`_Wa z{A>vOMW!kIe%G?xGiN|w8`C2C@ZT;pSE~Co7raBF*VUQVFIe=hppFVc@3p~S(xcF| zi|_`SA%{G0qm2JuH*(Xn%XwK^$XoG}41FFTF+u8Z8sn(c0q=~k68&3$u9@Yi9&j9^ zYcF(dhBD9lt^(ds@n&`L(J2mkiT#)4R>_Iz!z$1T91$c$Vj+4e;MZzwxI;qu6^~hR zkxxQWb92y!Vx$Eb1lgwX?iF~agwPN$)c;--0aK{pb>s7?Dx+OQS{Mo;H^;-xNxV-T z_@m7Txs)C<<_+!y3YuP%9|aAY_N~M}QW(MFS*UJwcZ)#&Ju)f9$K5i6tVxw`p^e&U zh)&by-XgfIrE;%xzf<8?90sw~gG2p)@ePpCDh_Ye|LcrUN_6!>^xsthSR}Ob z26)E(wpf_~S?$@k2wCU93(W{{nnOGP77cya|9=v#Pj|BNm_ej6>s1Z!;wm%=mn%aK+ zQ7;@gJ}&U9#=*~id0xz5m4vm>df`-XCzaNy+CSKSs$qPlUc%?%kjGlWHfFgw?@Hfl zbW~;n#3z&&>p)TX5l(`z?AsUMA&Z#C8XA36pv$JJm@A%)Eex2=!9bxR|T<6v{`7hu9y1B(|`FxuK+mrZT-+4k+c@5Nbn+AZ-qhG(RGy9&y=Jj zmql=oZ`&TcUZlvnPtqX@qH0&_E_Nym_){iZVYw>Fl~R<=W;IDvdwDLP+i;MH-~lV$ zMmzV7yLVVQ|ELwLMVidFHd@jg&%w;O8yJZ`HOtA_V9C5!1}`^2Jb+j3fWoab=il0< zz0?%!XBWH^BS2`61(w_pS4;Us+Z7OOdIF%VXy-` z0X6liz^Hl)q>l&&`)tk&g_zHhbd%O@n~`C!!T)8^_5KOt90Cx=u1s&H>Hysuu>EIX z;NSMI?ZE3i^3v1O9fcfcj4uFUcFIS6M;@_vc?w>R)M|LVVR1~j;RqV)&eQEQi0TN# z_3P+}x`tNY3)rn7sM2+?n@Q<(@Y_Dx4(+Ykh0Uw0dYE1!uQHp{DkBH92zFNAP77dID?`j z@GIsa;8&Pf%&$3+5CRC;fFVX$wDWvI)~@S$$z`yW8wm9{Vd|)a!AUg4FxhmdUJgq` z25^0qWZ>CtR8-3j01>kupgToa97XQ+pPR=X*FFK?uKJR9QdtML{C1CMFTU4D(MF;Ifq< z2j*{yB0i?Fw+Wki^be^W7#lI@+4z76Y!@a3(Q}jT+#W z!2VKCu>vPlnZ_(&gR6iqaW)ZvJI377_C3|UBI2M&v7?g(uU)BrtUVMm&T2@G>h0}a zZ33>mN zJKnEt1Zvb^ZucJEm(@?cJ9xn*54y!z^t44#|D7lhWt4fXOBT@R_bmu8ClPUn?;Y#%tccnMwbxn z%WHSv>VfD#d!ql!jW&Uqrvq6!-1RBq+cCihDjt<$cd#rGNvjjjLfrpp~aqN{) zb%u06lUjmIq)iZ)Q~|7zV?dGpbn26LE!YLXFaN9w7yXcbdS^CM81=^IET+cgoOC@< zOKE-lAtA3?WC9h_+b1=`gPB>QGu6Mw!dsXtFS^SP#Fgs zvg==6LqI&!*j3S^r!!tk^RTx0Bf6UdK^f{um*(T8+kNR`N*^q1U0|Yb5KI<2;2B@x zmGs$}4OVa-zvHy>HP6)_1d9;2tN(BRtdmPlnf&5X5^xzhBWhk*cn)}ztDkHKMtLK0LJ}vxl$3Hi3Ht4He4^?} z4~P}AJ^Bh12Ts8KmI$yuVe`3k@rwPyk-`VouRYP=glN++=f4@1g}+4q?}5d#mhCxW zt`n9c|6fb?H?+k_qRAep?pr@jH~A|?X@D-{)=)5TKAcGnKX0T1>v()FT{3pdwdv12 zb}3sdHJ9?})hV!Io|2V^rO-z{Or}c*$LF(n{N&dWmuJ(H*KPuE^tnx+Bttqd&1Rdv zF)LzrY257^Ms+-p{;#J@(U=`n+CKB|jJ>*?$SSiWN0)A&WHe(1b_d#tXXc2n*oenQ zaZF+xAbGDA5VQ?`={|hI*hfy(U(_e+-0Z|nS4SG|z8`&yB455Q+K>I6Zt3D%4qm5{ z(jh~|p=|I5Y4RY5^{Fo-&fWpHm6A190I?x!2_e3ExoAH$pY%YdIo-A zE9d-hV(8kvvO3OU4PN-wM77?L_m+-LN*}BA^XJK58(>Myld|39aK+p2@aFfUYxg_rQ^Jz|y z#UxR>0roO|?B2UBItYDgmwdq~FVkX<56C4qlKx93 z(3XyDA#$mzw4$h0a5dY2hWPmJ-^J1A8`4o8|KUoDF)hIGvvC<$P<{zl8GZ#t zN-j(!MT6(DWp+{Buy#Ik-p@ zho9@%J`aGO6>@|sO#8G0<$k9*3@#E?qfSXWFa}Se_bb)ET!_FLG`x^Iu)qtw*X9mh zp1|**ins=Nb(0u3kaA}350c(CV}!EtARVB$eASG|>1QQK5bU}!cOYLZSne{_uw}6a zOvz(nwUf4&4mgcsuyeXbtkTL{=B)vHI>xi?&YKk8bviu`)W*bnYo*sRjwbK>Nl1vS z?RqH%!I@;;|7g2mUEB$T!kAfhO$fcw(Ui`xP<&smwpLmIbkkukEKp8^Ew7~PHu`0T zK1Ol*^^`M5?t=Y+eYsk4S&ho?L~H>timt%&Z3)l?g}sU+uq#MzKpjND`Ak9XFn%Gg zf;n`vT$@pNlQf?pB2e}f%G77a2wTdbGJb+<-`hcbRjW=Po%WHI2)s~mvr(?oHO z*dGKB>b}%Vf!MX$&N$|Y zOgX2Gx9{FdPuDRqMfqsk0>2XYug{k;VC7m-H1AuTzZV;GW)wL705O%RjEB>z;0=2F z;!B8;=$;vuf9N+*CjfHD%ZNhAReE{vGRckqPhqM_-w~YYajL9}2S`mrf+)=m;Mu6pIs_CB%v9CTix(Qbhic+9kWKO0Y<4h}`#!Q zyb>~}{TctQ`jWUip)$m=Mn)iJN(6K`zwFkQoi}UK z!>y{bjn+(?;PdLsAc)>b1`{l~<`*AuWmX>4fk~f0Wie%WGQjeFpu zD6Q>f5=tgTUmq^`u}ZD3-!lDkBpIiop4GTni3w+|f+Ap92O_ChE3FGJPxhEMzf_JU z7Y4OK4BzCL(stwb^Vbg^Lbs5At7xkkR(fVX=`C)8lnf8Aqo=(fnvhMyV-R-h~B zJc^YRb_eYiHS!SiKpXY+GVe`^d-O6s!fTXArh|GI_v^UJ1f&+qkIV-YY+t50Ietcd zc9du)8fBRH%DxF=l!mHBy%r}me}Koo)@%e$%!GG08w1S_yZidHvOYF--YCkoFapPR z03C$!vX&<0eLe(CT8hFpy@A<)0+N{}m@vUUdZ)3+2ZvH{IG^x9-HzwuBsjkDylvZ7 zZqw8zCL;?YLiui1|C$_!lHn|Rv_U*TQF-vZbeQD;g?NqG1^x^F!tFuQX*?w<5H%7lTHFd9cpj06&~7#zMD{(xua%!rk1l>KxWZP*)0qZrcjrG?IsJDR8N z4CL%=op>MCgMda(jRj2RM%OScY>B#O3bBl{18QaO)jLV;Kunb2GMDfd2hMkzBhmMD zFdP5N#DD=ZKHTz4o1n3BBQ~Cf**mEl$fIyMl#B~)Phd;16rg5X-fcv3*u0V-hr4))@ZPf0TSJPT9L=gdY`Jn7 z_cC?FIQcDJrk|Ba$Yp!czvT;sJ;6Vpla7g;K>XdeKrr++34V6nkX%$ba;#bNA><2) zT@e=nX>Y5b!BS?@E&$NOw`&)@fZgOku_D|HF{-{=HU+xW%N`3je{9k15|b`9C=&>1 z7`kjGKpj#UPOCbKSW!Gzw9-bQ--65-=e388bgb3Aadg+Hw(#1;>Rhb1;LrVJ&0Iz{!7Aag%58`7LsB@wMq%P6Per2uIT8+!G7();EG4u zR4vI0ONz@YHy8%BmBb4w600Ol#&}B^M;9<9S(Dupf z6QN}54~2RN{)m3VlGqY-DemA@1{tKa=d))J`@__&R)WZ(Nk5DHV%0=``F@1O$+UhdDR>IVDg-`BL)nIBVL`k&IJE;Sy;NVGeMirvPw z_Ap9tn0#oCIKd*Z5ehAe{!|>!u|+C+(kEAT1xGQY$5f7K!jQo~4?xJ}ln2g^Lvs4c z{>TJo3uZuL!u^s&n}#F6EHk<#$?UhacngQb9-WvgICF+x!p-M<*bC!ofBI4nnJ$+r z`030?YxPb1S*ZX%_hk>=5td{#CZo?Q(TuJOyaI(mq3kSBH_e+HWECBGgF{>aTp9G8 zL(>ypIK5}avI6efDfH1g2gkcXkykXz^h5VZ7q7C@k;DkX9}X;Q%RQF8!B148REbyn zj9H@7i+*)f#yl0>6(%bI;pP`;nB^X3Hb6$7smt<8{(9hFeyWgMq`ld>KbjfM8@^3! zA0>DB6u46~u!B`}BB&%TefzQ*Ev5?2RiEkEemd5;kD?#~gxkO4H0XDAFlxOYwh3#a z$NeK=uCHR{5au@^pc5XJNlQ)r?z6u%@LBfRDB6_Z_tB=*C6r6Es0)Kz4ruxr)w)d8 zV9t6vyE6nhOL(v(Q7l3)YiG21&{VuI?K?b@+KN2X+DbG)P_r2wqsLPk70oZbxVwN} z2%x*m`#aKuc_hYT1^w9P)6FJI6Om-#X!E3oQcA>zCiIZ*@;YC$nAR6ke1MJk!{fQK zpp!DsdAKrv0fb|_yhU&zztdrpcOG9fd!e5?@12Y#xnaA?95^6%qH$JA9>!?)A#A_z z3QMkwhX1BS{d3 zhRbR~WJLUviNjB5Irbm7rIa@1li%WBHCPPT&*Ixm%)A=S=pOd_GNWwGHb3}gpCEta zxab<1C$W$w#V^tt|4uI(_FZ-%@bmm;&i$v38W-IFPJ;dz-hXb^HXQCGUv6QKeYDh{ z5m@_d%-tUJDq7#Z0UP)0W+tVzYi*TR8TPi`@Xb0a(1Ibj})_hYF`HbzcKRAX9cu1$O4i=7e4%0>{>>108IQ_ugDl@qgVfjhFldqf> z;bzNFK{j}8U!OAn0XE+UtPXWeULnQ0f5$_?IBQ-59A6KU7eA~k7*j0%X+zqZ2~U>* zXEFQGZqcK4PT3K=EWD%V8cj*u`>A43=>v}8AZ$mMCK1|s-BFvE7O@D`^BGN)6Bk$&#Kj|2DKsV&@c_(p)|8Wfm(osU zlp0jH-hHBS9TRiK)NGs0ZOPP9+k%zs>BuI${y35P4_ zAM>V!hI4=U*45hmL4w7#g@9Ficn15J&5Z{ zc8qzbzE|p+M?+8q&10(~SIVG#GRuqZh!)SVbH=LJX4!hKAs z*ED$86f3ox(3wqX{Q7JndXv*q1j_IJPYa+!Od`akqmnRszO|x%cN_0P3yo1CxavFN5y>T_e ztV=an1OXV#Y)k$M=)$44}xe&Z5RL#r*ImxUO>JJX$mmf2TyF*~?pWWvL|E0c$k zQ|n`7-BOkM$|K`FSUY{cdzD#RF+J2>L}j1rtA*?HcrS)*sPnL{bjf_f=m*<54-#PjU}@vH z?Q>E^>j{U31L<4AACo&DdY1RvxT84hzs|7t(70(HKKAAFbPRgC@q3fgRmEfWx!r61 zvW0W5CjEB@OZ2EBCbAUb`b8y8Mv6w2wv?BuyN3pcR$Z?@q~Y)In*a4oqrc}vRTW4w z1Nj0}hKbWpO0pW{08aQ;G7LbNy6>)L^=FtMV`;|v$1@s8VGwN@S+lq+CbCcLpo5L? zlT0?>kJYl>_e`DFJ%~tCg;`9;Kh=o`RhOyd?7yR#tm8l_?h2W`9>1PDU<+C1mu6qLI8A!PI1xJ#96}W$^0`?J!^v$QsMxFmd56T9IEU~;d)U$knRxu#~bDYIY!ar-NZ?2 z0FPGaAO#FWQF(P28&yNoEcei`-%O}pV$qY5a7bJ*(n;t)AOsHJeh+c1I*4CqYLf&_eYYvmiQ@7_3{=_&tp3DZEBE6nI1 zBR?C&j{IQydZEeV2`R+k`$5Ze1Umho`(Vxk-`Ys|sn(jd*f>y9$1?rHZ)S^NBQ69E znxdO|<6eiL#S1=t@%P#TQM5mG51Gkdb27YmNg94YFt_%=uLtcZ5z+H)G1SR_RmN;o z<0ix5uHQ_DrNrfxV=%1usTXoF1$VELMeI%%x@As zB^eK|56i?*Fyb`7Gvkn^xgB{6H zyL9>pR0hb?j{$AGkLY)G5MwACSA0Jwmw}1nS!~McPC}I~ky7UJoT8bsQGu?X*w>ZB zX4nBTB=>7>B0@I%9oX2`xlAys`C?@TIW!G6-(zqWFlD25<$MC!SbcIgm`tqneKu3Q|T#B_SnE>G`1+G+q;^+iEvR}<%MCV4x)CVxer0?H} z_QId9T;?V@@}awS$+X^+BxFa?^pHjV=SeemrE}f6$JIX;6~v~^^_YnzhW-Ay?nLO| z@0BPTkA~%9;l+rSPz+opdXQH^J7i)Q|2c~N*Yci!!@KXL$(WAgwrN?%!r+@4henH* ziGg@adzo7&*zEWXFvQ1tGmRS|xQapE0fCCwj@&T+cYyn8YOE=*WvBix)lf!sVqFg=Q$8gZ;*QtREU_(8F6B|HmnTzT3V2hp{qQ7vOPKq^v>#t9~Q z_(iSQQ7$eRuGtUL*$dMtsW;kXY4ub(az6`KuGrA9$Wch#hDmVS_8N4b_7EUC90E%I zHt+4vcgAs&N5c04i;o5Tv=kSz)SA1Y$3DxG6H(jBj?l0U-(`OWTJAynG7RI;dq83z z+c@{(24+k74FYs|1RNiOl6F6iSz@{wz_K|f@XxLjmr@Q--Div*ZJHht!VuRrYLN2yR{NJ0GV8}?zr3(q(K@FQLsUO=|mns>-HUlDm!#f(DPgdMij*@gBGQ=bk^q#o{{58us!A~}@0mK4by1qY34Wj({9RPOBmZN2x zwKtMdQyKO-G$oZ!cdVlwX*2Kn?fbYv0g8wG&Mq5v(EKmpW-B|)4d4U~`isC{y!Nbf z=fN}Rw>a+$o~4RGgnhdHB=CJrvD$O@uy({T6YcKszP-B6(OLBlB(+_50~Pn|D6A}n zF%#eaN@~GQ#%TtRY9~RF@X~?wX?hI@WHfg0NP!f*I=zZsmI@E>o+o1?go!(d3A=fwX!c0I9oUCH^bt|cR-Fws=5d== z#yy+%(xaVD>8>Pyqn3ny{He2w2rH2J)pxm*5Bbe6w>FCC+cjE+MEopHFGnJ=qtdJL zRHJ2&y#hjc*v5nl*Z0@h;f43&_+ZGG(a<|p$mOI4ShLJ1nVw3v3O-ALcB130%3Pyf zPzlct)O(vmyYNB3(^zE@UknwkP!RX_S*Ox+Vc2dy5iC{}d_7oBz=wso_PA8!Oq7oo z$QR%KxQ^k4auHJ)Bf$&xKNyLn&mHksg+K|=E@qiSaUInv-pJdjj$Ut#YYk4w%A& zSXLTwdje}8JNAsh@b}+N{S#Q}C}3JEQK`D)jC4$9%|8Cd*BDJ`U6TzgWBJjA1XvBAa+&g`e}(Ol2U9f363RqIQ?&l=mE7D;y=^0KATf zN>*4)rpeKh2Z#_qDzvb(N-GE}kj@321|XE{F)umSlf&tb+Ze12n2QioZ6h1={LhgH z6KWTd#%#Rs%e$}YF+t0X%l?C|OXu0%n1yvW z4lxrbRq*lonQSqdwU| z8jI(lt(5FJ(J%fJMoT}XZ$qV51U?1^)tq)?-{rm-)) zN8D*wj|x<7r$#Ik$l7>~J?cs!K=C>dr-T@>EJnIzjr|;ULRDE6k3Qwt zQcV)JP5!H=9P3HDfRSvKqY6Wv=6#fA8i7Y&ak1;j%$3cb9AEOFYyh0vZ6tCdW4D^N zZtX7&3RRk<4lHjsK=Sx8DM;#|qIl9pZg=4%%5;Tipik#RA>$_70sIL(4q>AV!DH*g zT1cK{Xu|=HZ?N)pp!$;|PnrsMWUbg>$>*am8Qar2-IeXeg~P|}_E{L?NvPD*#_m~~ zP~M721=Jh|>i4eqg}(IMmlR0v5`9?k^DjEY{sY@QJ+CAJ6fqr@$Jg~PqD$%1`~Qhi z{(!8}GYRwadE-17m=e2XWUgIXJAL)))owEJYx;Ek@y-4ZavTs!!^XQedITdXP1NPK z?g+0;Z<&v@wUsLq9M&!63PTm+MakkP?xlGLOl7%<%CAh_r;4k}Il>`BZe^M}kk{yu zm*gon0j627hBW1hRLfn8INCs*#^OjDA+OsYt&|3;GX9yqu(mK#co2F2v2Z<9A}r2y z9&%Q+3#Z`glcQki6TmDuXi?D)JtV0dsF!C%I9k(&HEiyiyp%j7B>5%Z(+y-F1J_&Q zsca?>3+|-wJ|`vTb-6-scowx8^}-gs&ZK&5=>mAZg0w2SlCWxOThe5{uha9S20OL1 z9n49}AyQdPh(Sv2?qAoV-SCR)USckFHe*9EouOxAq+Ph$AK=a(1GiQ3#>k4qR%m$>QAn=M@4rvBOZ z$dJ$8oJ^+|3z=jwJDwMcITz>!%%Bi66+dh?*yzUj+`@JsPgno_+ifYwpC5&?@lN$Q zTp8u_humgi^efg?0!jO~ zM2S*bHl;*D>*;jOTiHT~6H*Lr)l77;)V0p(ZQt=jzijJ_iTv^$V~li6;;lZB7CtPr zrO~#7+heha+fY8f#W3H$Y|oHnGq)$OEL_=chgw{4-ZJ)I?5?)UX$sYHewv?o#uRLJ6M~#k-iX}smtgFC+pFThM zU`=jxBK2j3q405W0?{rf6zNpx z?~uoJFYrd$ZGz8Q*|;im>Uh5`<=h`?LNAOWFPSnkze=FPBLvIE3J7hzeJ^50w_}6^ z%#7PE$kFic=>oye`;h!A#$_V z{ddjW15GBuuzyWeZ1tS&V?zioIRPANqO^4OK5KBs_sImO^`g-q-v*a^a&_nl%_tUJ z7&ex&T1ENxOCo5;y7lquSG^~Mr43G2AIh7t-{!{pNr7WPR?Y1o=|2c_<;26MdxjVr2#8z(BnP?u^95%*PN|uHA__0DCtZ&ak+rf zUX8xTYr(g!W|cXE)Nv{8kOtWw+~oK8R*805fc8j1?g5Vk)Yt9L=h||BxTq9w>crvZ zgmI0ESzu~{AJ8Utt+hKQ$pmlT)SdQJZ~|{RY0>O~X&XHU4zmaEbrk01&8vy-kB*OT zx_<3i>`*lVtcUz=UKPk9aa$ODXj|uiSl>TTiasaQwlJk=+*L7T{$m7?lJz4@EOZip!3G7Fjx=4X)bk*2(t{&}gdM-60 zYf&U&76OGgHb=@|zu`)7kEo1;Gxpg{0&YO?=dLgwf(TIu2I)58=pS6XD)`sCEI4)t zm-*fV;+ol>Uu6^A(}lq*9xJ!p#pq8}s-%4w3 z#i;*p5)-3mc2RE8K0emtN-e@ zt(de)^NWkSJmiO8=W_yk7u^roQ3hHF&Y1WPNEJ;_ME)v(n_2K`FL6GIkxZLFqe4Su zs?M$8jq3I~rYEvWQ+_dOo0U6)olqLgyUOz^`krZ9&R)aqX?m;2O$F5YGbRhR-+@|V zfveqEDey8;nNdDXhA|+`=&9O{Tx~Oy)+Nl;!mT_{ILCQP#(enh?yjz> zp0Ae-m*FZftHZ%8HQAwDcsTPLtBSC{?XO{}!h1<#Z1(ZntVCz{kLao)YI$T8O=dMd zw?BU}tQ`bPxa_p*klW5bt4R`;He+FoNX^fEPHC>~lIDk2pX;2W@`f`y7|~38d}25G zf(LUsSMguLl?8bnI>V7K&BrNZn!jne5BqBXK*2&u@nSYB0+Hopuz9BGFs66NMUn+e zOR`FHxYnRGjAZ}$YwAEt#8GX9GPIK-%zem@H>fU3BVTcUWPmyXhaqOFOE@04IbkM^bTC;SCXi( zF)~SqAaPP3H9SXh{E#sYx}GiPbdRFVR?K92o7TRkdHqMs+_Pb3&0Y(HOkM4xLJ?Fi z13AlP12sWc-XrPI#b>BCln<9yg@HbIUC0>LbeakUtsS&ZI`9eY9#( ze{)OcmWRY-?s362F1oa0!iY`Ba1$7pWYdmgD&JwY#GHaN4dJ@gnpg#XDrO-YpMo3o z;p#szpJ*VIGX=ADzt!{XIBRN1Sn^iP+oVBuR6(?@d0sg%i$gEvzr8?U?4lapI5&cg z2s!5QA$BYHVP~#!OsZrx^p{ODx-vchdgUOrJ5gisF=`FHQRn(t-c zvz^XfMB?|o$l;-eCNcNHzeRz; zs5C-8$f?a%`Pp~hVJ=HuH5yEFYCe2s~qdFV54yRht1_|b(Y$z&^P+sIvKa$Pr&1_`7=I_&n^Pv}D>Wlz zP#V2+_tGuV7bRn_Q7)eKowbJLQ&-Z|(}K2#j=@x^d4G1QL>*qa&hG|DNMmj5?>8c4 zgY~b-W`d0(%l4wAX;Hf_pw*YEM7+i*!wn}V?WA(ei>P3~KVBJKZtB(|*N*A14Rv>w z>Kx)$;I;ADmw~I8M2wLB(?Yg%UaRPLvg6_rO~)gRQZd%TMZ&Q^-sk0U9WQfOb zXZ5n;+~0%2q<7VXP!;y{zhCbYq+doOR1j-C_!~t?qj5>H-E5n`vGs5W{*rjmyCvJ` zkeV=2iH$mioVPPJ@@KsFuqs)`oIfP5+`BEvE&{vp13ZMWr%%dxr?;a$ZEmbHe~@UK z-#!o3wrFef!;j9J>4p33HoHwr52xYniL1+eb*y&%G?v=LMF@^$zA5$vRVTv+}j<`s7St@Vi;|$ z?vB^Gx|Z=BbjOC?6?{h?r(jyy$E|QK>_V(*XP}OVdi+A%`b3T3Vo(a#SDK2S)g%&p z5+7wd0fu`lS~@x2La6OWDD-h;^x-JvW3Q{8r{fi?un2<;0l2WUaDN>hWvuz8bG~&z zsZTAwK1L$s{ADo9nHu7AWM+vc578V{!LesVlyhTh|Z!%WPKa93Ho(K8?4zXXk&4mK6& z2Jyx>ZpdO+z*w5d6*P@LI_cg%n5EjJX3`cW5E0m(67^2lk;GfdCZlsWB{WC$f9kPP zrJHEVO4z-LW2lAWue6ogykiW3}o%h~!`PnM_v_=tomBZ=X4E)*#&N6T5G#%FBDD+PPgmtdIXatlEe4>EW;x8*S3K9$}lWj%j$b zWjx{FfaHL~bX!WBvzo?I%@z?86XV_B96Mh869?byZPVf2zKFK?y*RVQDcpOzX>rs= zb`|R@{BYQ~4g>bvdnw74h26&1HwaGFzqI2JIr{Gd$13U0!ysy-IHrW&DG` z<2Ge{hy8n2Km|notu~$PRAxDQ4AUY&V$U+a7BJWlVcyRZaJFC_IeXpudhbYQ^LM;< z)k+e)q;@U{Q_zm~QFK0OpEpavfrv*qZW=ema zn=Ut0YJ?n_&E(TF*4Iah!?G6U=W7s5rP$8jF5rdxuQnj=ZPS!%5P_vEb32J_z)0MB zg;5m~(Us3DBcxaQX|O4s#-a*k!nrlarySml(pSbdbj*Ek=zrQs>z%Rc3Ac?`Q*$G^ zu*mJ^JEg;%!l<6iZGOm98q%P81`q#GJsP|7dV)Y75O^V`@}NX$Km%e5&L1AvAo#!QP<4Hc+kZl3=>AQ zzn9>f6TFOh7%3M|nD!)#vZOpV;UC0DQ+sS#7!R#XBtz zj|0mG^Pmu_S2ILf5f)8_86aQ9$==kt2tBV0ue+5yZ|^`J=TZXVfQ1R?VngWD(Nl;Q zN-#QoL&LsmkY6+pJUY``L{|jh;x{AyXK6o&rhDrw-e@Rp`N#kZ`!@&%^biu2Cgfj! zLKOIfuVXTv71MNLPNYX&WJ`ZsO_>;YW@+5G%`aRZCh zP!eU*N+;?(lcbCso+%QK-r6tio$dVYf6u< zj%4NMrJ9_heS2NL?{uLX=3_uEW-o1;T>bn`uYGX7e(^qL&1!K`H**!t6v<%IG?_G@ zdbkVeIFSK3z!}tPt3T)^U537gdaLm;B30vgnSCL<;6Tmm^l$qc4$mC99V4p`R9|OY z7$T*^A3V(QY{2fy1%G^e7A(kI6dlBcQUvy%GAj=c*<-{Mj_l-?qS;W)7mReSlOyZb zqSRFtkG(srCvbyI?Sp+0v-QZe%BRzlEf?vO-@k>~quvO?TuVqz3&FSh74gidh9-tR zMcqxgQZ%`10=^?YTgdd;fJKgVbI;A}}1F2b=Y$5}hatv!>Nt?Yv*>^Ef zeRYL`f>oTWud?ctc6SB^)9J?k`*ulg)NO>{cJ2@Hi`BDy0I)@5X_DY;3+0#AUgnu& zpEv4QRfeAQ{yxX7btUz&?Q!&jP4v~{b*tDAN@99?dKWbS{zZX5b^1le+mX2%Uq^gH z4E}_OB(%z2d~+J{NiPXvl*!|O#U~L~2miY$Zm|NQ@#lN()Z(24BIs^vaZf@0tXR=L zz-8K>{oO4Vp4ypfHx9fy4u&ZkbCS7Kn{u#*YkD*0b&RWv(YmxpQL(~+*Fxs%`;5yd zrQ#aWK2pQx+IN(FN5EsT2x9K!|L_Vc>N_*Q;ZNw8TngVvd;^1q`1t!3ig?LRm_0{n=k6QmRMi!=1%88cUD60oL z*Cn^KMqn;sv*P7AC|W7};2A=YPV%%&7EEbk^jKu=`pw;WR_dv-X1Vs_mQPCLSy>MI zzk|W$^1uH8%lEG}UL`MyFGBB)Liq3Su$aQmVp0f;jGB$oZIvqB!;l6JMr*7OcwbE% zhO(W_M5}~wa)WscH%EF#e+g((e5e&`I>jQf1H7dLb)f;T`JnvvYDgTlwO91UGY zv^E)+eUK}77q@BCufF$j>#dn{%4#^iHP(t>2fq=qPtCd`BG2B;X>sqc$UaU&6#SUY zOAQn^j^p}_ufqC`edeqj8nE1BajGQ{djdjoa`Hr79i7h3uC5D9l7Vw&uxZ#9{r8#< z@PP8Ov*DhbWg@-yU8l*iTNlC!(VEe)khZwC2zTPpyl9?2iB1Aj`8R6`w(ZVpKR><^ zA5;Y17Rf$FwSs1%SUHlTI@aRh6W}WOonj;|Wyq~frt^KQbS=RwVZQy9u#a%nqrNnQ zRQxT;l(4uY`e<4(v%v*o8g|1}jBEV{Se(>zVcK~Q^A7UT#)B9MwY_ZCB>;w6*#lg6 zQn6ewW-5FnxniAxIw2lLHqGc%c!g(#v#W$n#i>M+f00~sA8@qn^I?^VaW6l3-ipHx znNpea#Uh3@PyPk~TYy7TPiv4VHsyn5_0vZbn#JC#*NP@|t(ibYG}oo-_9=lrZa&Uz zp#I@GRC18oKCa1oVN7EgKR8IRS&aibu2EpYFW7CsxIE!JEk7+FX)k|8zOqyLFZ3Nt}y`Y?X;P>))nUrJQk9;{2^RdZzR6 zG6)tz$d$Nk7^~6M)#ddiSO4;)D*2zyxf{xqCIP2;t>7w8LArYd$;bnrd{*$IfH6=1 zc3vjCeHt5tJXWHQt&iPBNcfsW(?N=9iZ7SWZ(xs6K#on^XB6!E-Nm_16MKC~x~3|x zP~$Q1&zTi$@RAuKhKe7d3_y{-XWDuW^1GSfgisoYF3{mT0y~3l{cyyNa*>Cd`5LH8BGm9D8jk3(RdZzKgCW?nlQneSQN$Wu{kGW%C~p2`u}wz5Y1j4$_F&rr^1TWWaHuo$+OCZHl!P{F-pD za3Fvvq$uLzm+=do-QDb8C}S1lEv?F~Ph-@Pw;J5?D&i+B6tE=B@-BfD9N+5Xy2HXN zm#9L#8rr_n3b40nN`BsqqTg~ozt>x}XRebXS8!!0Q|^m!Ro$=I2OZasC*>!f-eSp; zMp#edCI4EG#a0TyJCHuXO;3MbD`2!NN;w|2(dV`&Z3~-^w_S5kMZ3ud*M+{2DTcI# zg{@DG>M@#6+nyrqT{4^O{IY~G(a2cW2Jkr}qaL;&9lzN?|uBcW7WguZYZbJv*Ap~+A zkxTk`1+XNm1T6Q+a@X3z&pobjWdF{Q44lT*VHTHWNbBF9C z5jlBf4^`%hIggmqj3yiFM7n=*4TtZw8NX9NwTe9f2DL8tuu2uzX=Tip_`6*WHI=bE zF4sG<9}@6-MZRJJ&p{`x!YAP`5hI(`2jJ#@$OvN;ur&haZ~HU>mv+<43Rwg>mfxM-Q<~_08bF96S<*uI@v^BkzQVBY?MEf z{fI+L*d)x=4-(f&^im*r-}1iJrLji}QOklyA&H}h#y;A? zH7F)r-MqSWfp|wNWZ0ct3!!P=rN$kR%tAh|Sa)8n&RP+SP;Qv5F*3*YzNmKsPGKLlT6~0jqXNMzKv$>SG7OC0MwEvXgyE+p zAH1`Xf}nIb{gAlL_5Vu;dICVME6K~(I15I(slEqi$1AWOks4aJxr?JfXF3;)t&F%! zDBT+0I0%!RIhh#kU5^+UO&O78qOx!@<+ypH03v&GX?3q_j52JoOjyV|856;Xo?4f> z+hKLkc5SBvg`GHF^JeX3xpWvJ+?Fezku@5rj~) z_*z;ZqamZoyggdM&RF&}EA`&IF>*MQ_Uswo^p#pMo4UD%PG9sES%vUH2`W!ZK04LA zy)9~;lRrw4*^0(AzZKfaMYz(z03+o^&EV?nR;zr_q!qKrnKQ@Al|G5CzZc+RyF53A z|904o24Wct7M0lV5%~}D$V`j-FuC@Gvjez=vf~w&TE4utb7G)=Sy}0J$bxR<&(y%Y zU6)GL_3JBv4-nlrIdRSn|HKHAlr8J1&gT7qEr+as2u5+WTmRAJ#Skn3AvnNYQvMIL zQnW-4e~JL~6nZwqH073`bNhhfOmpB8#>(JUalNyN=qc?`?peMvq8roK886YNDlQ=F z@_wozo`+f7P}Zsz_r^Da+5AaQXf??@3MYQc7caWUhGtHh+&okl&SlcHc0w6>6JP%+ ztf5)v%H^MsLo5qC3AuZHYNP)3@o?LKKNnnLwp+E>Q+%>#UVt2hg zH*eaTa-r&~St~7v-od|Gm$*VVg+VJ-h9cxF^OFp!X z?;P}+1RZR)R=#S&B&Ft1{Y2%q=*WPpUcd`1DC^dm3_$H3nHN5(B6#-WH(^240Kj)8 zu$}n!E1QZ<0c;hy$p9z0vu9l_mp$KDXcPcf<@Vsq?0A25JXLAxczoEtK33lD9AP)Q z3qm*V3p_thjeVS-wx(uXZoF2CD$#J;rV%;6QckeKYfkp&CFmi7hr+v&lJEh+!NF6< zn`29rKmyqEGj(+vv#~=&B@V%ocuYE%VyLi?v`XeJ|B!22i-)=Rl*)LsREwgslL0?H zB(L!+9xT5Mo>wcAI6f}L$cDx7wO1D(ONS~b44R24*q@9p!_KdO7(&|MiKaMXMyhQb zlZJd^S=ye>V$YS0m~L^XjY+{9hSzvHUy(zE z#i(?}STasZbS9aP47S{}$H!DwS6BA|K#C<~8Yp-L0!xE?#MCx5n+!gZi)GJK`?YyH zx~~zk$B(2hfMM8ZyQYOei6}f^*ol%rL#aojOi%E2cfv%&yjr4xV5?3E#F!ePY7X5Z z*P^&Xicc=pdXqkcyVin=pba@Sv0~cu1=IK=SzP`^u~Mm*HinCMOfFB+Q>Pz$DUl?t zD;m!~ICo|<69GZW=}pgsRNi?Qo6L@)N|JfAucgCabQubq4xp#Lwhy`H8I^f&gPi2{ zRNc>sD+SjcHRc>t_Y0gx<%S|pqRAE=zr3j%7R_0_0#lTbYrh=1Kv|o82rvZ#wzjrL zBoGzB{OJJm2WimCTzz+tIFlx%;zPBFX)ij6S7TO#m>ec#^A?dqD2rMpvE^AT^Rb+w zVvF%>RY2$;ogj~amSmHiH;RZrdULvM`aV-laSd2d^F&fxg&6vrX}v~|Hwl=qqsHL0 z(oTPdhSIb9?MiapYZfr|E$o^rIjKlp_*(FN6%lPpF}-Gs3_ET4Yo+7TKVeVsRhiBfjs{FGXT7*?B!(ZuR?%Jjf&u`*IQoIUNK;b{sfJ^p5S3szyy?Epd_5T(EsTZ;RPW&n`7oU%3W$~> z_@NbHSnoLdc4W!%%>KIBWnMN3j$zU1x+hzD_)Q}rbG!Ic>17sOoor@Yb&gEVRMvXA zGk!agihs=s)BDh-!!uo}T0pt!_Jl4HE+bRwMwr{o9N?&uw|1tnL&Qx?O#T2^8^%n- zJCG>s1n8WXYLkPXCzE*uq*0A$YOPb%zo~nxJFATsUB;NSfMR{V(lM{r99x`>ci9=cuQ;6{lnqd zw9%^(#|T&AR+56NUU(fqhvL)S5d(xto#|3IN@J^7ot%QE_W?@&w%*P*^3|vwB z>h6Z{iEkhw5Sr-iE4s50*7dXm(3MR} zqVOEnTmJgaIrW_A?Aw7fdSPJx0$#wxW4bv%F(IKXIx0%&wThtEC$OE{TV86e3crPh$eK$YnWWytnA5X|o$Pwl;6l7+rjBWi4AQ~w-HOeu}GP7?L3zMHAw z#r0nvdjQZ81qRMiRhf|mClmSew3vUUiwH0SB>9qb+XYt0 zy`>`X@F8R^#H7}61O&(>3moT|Avr$Ahtt-`garvAYgZv?gd|--jtYi;H}KmPyPKKR z7eH_%W{vp6ak6`OF%pdhMLNEd@^^)ZD8C*lCnob3(oM7n7QDOkv+);BkyLt1QcNEMXuO#svJkId{9?4vIQCJh564>3uIJMKOvO-0P7I zC7o;l8dqt)SUQUs=Mk+|Q)O9KWF|l8LoQzG-(QV<0NXKfs0yVf{3sQOabz^)1VPEm zhR+lv(bo|Hq>h~F9?NBmU+oJfDb3aKx=Y0S(R~6y79;NtiMo?LlF54uyw4kbWOO=c zx@?QJa!XCZ%!B6~=1MYfBk2ay>7P$lb=YzQBUuNMKU+`JeTQdvNNUGQI7s-agXIhh z!Op7{1#OTgGMC39n2SnmURz2o4gn{S`yDB}1XCdv3!Ww8OeGft8mtz1wYci95mVdI z><|?*glQ^aLj{V5_r?-|WRj?$wy3v2B?@Y=x|v$z)THOu^V8Ej83-5&AtoPr1MY$* zX4>K;56>!PqcKucgtHE8Mr%Eql`Ai>MC|5lr6M-GHaA@#9E9j*{1bBplO20aV=Jjv zzHC_MfU~nTy~k6p4Pip2xlC5eHE)ys&OZa9Yr+{tprCmofD+{vh&UNkg-M+&K~zFN zwAAP@7&qxrM@On*jEgA1wY*>+YpWEOwG=_U8R0645uX9B%hLJw}*6)N%D8V*JGoOz?`^;jGnBkD~4k&SMDu6rFmup zmY##n20h+nclRsY*H7~NZK$4&IjoIgaE*x*Y)J*7e<0mchEicMEk~~mUv^(WaiO%q zp|!a`O;9=jKyFM~V3N$5t&_zcA;4uBCv^SE`h+~RBF#uz+&BE$5%2tb5N(d}ey2#Z zASRgrl~Io;H3{Dk@vHE&=~{`c@XaG>XbT$zn$>_&&pj6ulYrW3ivD3k@R~EM)@FLn z!z5&D4KyErV5%uI;9wXdWim404Bm0Tld8>C8OjwN8_-ep)eafW`fsgj9QD_b9?E#} zfpuY=)J}m+)lnn|4k!i0q6lFDMEcv*kmZ<=9??T(A_4pR(HPvNno%AHNofBxlHUBg zN4qS+-Mwc7^omcif(LL2VBLc~9`pubXwOD_fZ_NEF&#npNu+dWsLOZ2ix~*+Df@lK zF@f%i&IIIQ1RQ@GSYY}2K!&lmINcfA^3x41CN6kAL`7L|^!tJ&LO|G;Hg*N5 z_aUMJJ%1?^tieqJQEdV+32pQgG9zEscQAdujlIF0Oa*dTq=C-_E4V<;WA(aw6Mo!D zD#|g6yN6BG>GP8n*HE}I_l7Uaz*KU6?=y7uJlG^O0~;POUF~}-sG@%lrind6q9;c9 zh}YgAkNskpjpyl3f50A-HIsM4d+gl~C%$E(Mh7pc=Z3)u=9q4eu01FrA8R=oxez8r zFjDDP8NzW*M3_ELx}Xdpr9dWSN}dn05j=ra!eeuXWG)X7X&W;V1RTcawF-<3?~HXpwJKrJ~FOocP842e&y5O2CIjUx4!tI)tA4A=vTelKo%U(P7%gzehd}qryssw}SEXlR;NE`USgCS6R12 zTR~kQRVONpqpM5sDJ}ow!DdgSQdl6h8N2JgxNIt$W7R!Sc*1sQXAb;P>eY z0oiA>-HI3Xi}Pl!lH0O*HSmKB*dGoc0Vhl=-3&9Eaw$*JYi9bl>`@An`+5)m^7!pK zj{a!#C!eW!mx+svJ<~yzy=+(6Z4%~aqrX_7}F*~&e8;`U~&TIHruTT`-DV{x!i+w=CTNK6IxLdbOpPTb^@ekbED~BHw zqT!Gw#C2qgUfntukp7DWz}`Gh?cHbZMjm<++2UsI+UqZn%QR!TXEVHB=O_|Mw#F0c zR_K)^F2t{mV%KXMgYO$!6^+w7HvhsdCqBbtTz50%h?;HQrg~!{Tek8Q_J!Rr#wgQ1 z)AvQ6%&|(*4HMPr>WNQtE&;r-9#YHsiVk9vEdoM&oxAQ zjo{xdoa~O)8z)A2#OhH9J7#T9QWCiYgcfhM?1k%hompeseL97XYfGjP1Ya z!pXiNU@A(kfJYse=<6H_*VQBCSlNr=4R9{ED-J`FHOZ33R)d$s2QxOWiHGG4lnUVB zA$8kgk}Ti@e9)36Kz%;MY-jC5^+zx4^oo{Jyau0mlGFx5+em+qY$yl;sfHS?@f=pT zqQ_hRtZ@k>hA~!;-DDY{C^EP)3{!$eY><9iWrcg(b-*R7b$Wzkav+yb5NUxUQBG|2 z0B_agL^jp|4;ugE?Q>5sRL^IX^cB>wsZ>Hu0$&`u$K|5pbR}ZnydsO|;dMZcBIWzc zY>bjosv#kT4O(7=O902oGk)(tsSeP%e^1k2fEs=R!z=8$01`GJCO38*E!*~l0fDPW zur*5C({ci}cOz~a)lGE#j|N>_o%6OvqQwl~2O3;05NvTnG%Sw3RM7Eie&DF#4QL6; z<3rgll%I&xu4ay?x1BrBDXXJ;|9+-|N%WBefm@;S)>=1+q15AS(~1^6o^3S9!YmVl zW+^~xo-1D71p-`xuNMI%qG(Uq(?A!-0X^Zy3=TQ%;1em&%5ZKsQ_BBoQ9(lIuVmVO ze_cHAR;I~NgYNZI@Qb0_%%qlyg}gR&1QDKb?x+i3^k@dOQNPGwS)~_IsScW&F}^0p z=#qZ>zCK1W7udU@tK){A_VJk#)aq7bU%of%$^VG4oiq@t4Sf7yp9JkTCw=d+!v(sI zZzylpYt0V_7k!YFu3L9mk`kMD<{^MkJaF!GyuVTExOa)tct3mm5O3aBCQ@ZS=h_Hc zMO)utReado%<(xZCA&ZQrZaZ6nU%Qnwn0$mVdeogdu;yj`(n$m5B8g*J${!(j~*D$ zGW=Ot5sU5DEfz~s7Q3ZGINnUOE@x-0pDJO$I?ifziGY0xmPUyJ80!Z_0f*bPSJLYV zEmy~d4=YcE^MdK0P=)@&n%EIfFZ@e)rdVNwb*hTszB8;QjKeKHLa^iaA@O5EB#jb@ zj&5}@38A-Yp2WO%Yl;6mK(LhYJ@7BY9sk!*tioH%4*=9@^M2Ifr1sy|LF zw@TA8*sjw9vo)J#eIwxmk?2A`vBbgo$`~tt|2h}SF7Z?r)`=sv>m=(mx+y z1V6oPeQo@^FUPxW6saKCC;uG{eD|b|gxx6mZZ2kRL8-_Ld^7;vap1wadFOpUlXbvdy#J)q6^%v%Ccu=3I z^GWq?wury2b8B}dePIxKaX@FTn3{x8-p-8aOiZ<2)}Ys>)5Lf{vM63OsDnDktO-+QOig?#A>jJFwD+~ z5u%Dkz8K^SdHBYq-t20dANTstJd9CqP7{pMg+QR$Xn9wVD$_^_lx-a{ zBt`L@kqv+la!gOy&Y7k}{mJF5dXksk4=Nu#V=@r?#|QZhk7Z)9vNY#U=TE#Qn~31| zBlO-!JM*N{1!4&aAUTre62yE1#{dl=B85Z9GtL4y(xO3TD zQ}2%Ck!+T|7vk2CcQR+X*?V)<;6NGeOs_x$?`K<@ka z`q-_|G)KMaEWc0zT6G4G@|0GG;37VtkY3Ofiu{VMmD%sbCGAKI5x?#wCm|#)VJj5X zm|5ctQP6j_0DWs*K6~ruy%<(7tFfT#Y51w#TSMR3(^~Yb9IE8^6WrFO?Y$zCGK+@i zq0SUX(G%A9Mu>F_542vcw=}AC@2FnC@nL9m+KjiWtXEjFIw^GDu6mlqSlS8py%4q0 zYr#lBKu0}fI@Y}IjSMso0hY>dUl&rWlW+%`1h1k=biOw(uADopd?F5IP|19EU$1pY z&B4^%peO;Mf@f+~!3l7T(ZwbR1JGI0D%0Xp9?^C}=9+CfNOy%d5G4HaUN~kcJuU~x z(vyA;)+LA(HIy=*)(uhTeCS2+o9jVwFR*V|`3ZzQ`IU#62ljjux zL6CgzZ_`QTJp6sL=ygck^80ae-L!y{^;n4)nV}SWXXY8GYmQ`6TgO!9R34O+!R1sh zLYImoh`PAlZy5V9a+rOy_X+ zen9_1jOF3RH7ed^#F__|aagag$tVk2gn-ewL*eIF6?pX1G{|gmb$#PTb;i+O8-A$J?ej zXIjn(b#AVQ@jOnEVls@|+SevYVUxZ4!zaJo=4r~6NaI;TPcvQuA^X3#PU|<6ekt~R z_Q|PVpQnnQQzqr%W+z&1LS7V9S!ZmFFQ4<&ljY4%bS3N@6aeGjyp@fZ3;|@+GGuth z)r;M`Az@AAp%(rWxv8(AgFs+r#N%+O(G+zxfjrp!uv}<;1fjZ6^9q&QT8`3VCxqYZ zjFe;OhfgR8J(5PnUJvoc&4W*aitqis?$u4VgNMW3YmI7S)9n}D39z9YLkfGxFlxvz z%wENtfc%l`=leHOP4g~^WVdSo$D3B#vETCQyI`$M6lS$j$tG>hv4a zIPVDqDp&i^<>GzjlD!I?@n-j1|3FcIt$?``+Y8zn!a82Y2oaAI$%z4Xf!;2E);aT3 z{S+n9y=uO2GJ4YDx+_v)m+$fTI7omH0%fC8cU2ztIT_)jm&pLWN_FLP=OLC}$;IT0CK($4?xyf3CbyEr9h5wn}4^xVMDE?QW0k67y6r`|ld#}QlF^2OQ6^ZcLh8YvX?I8hl3VidtD)BtFJ{0WNH;0mG{3`kd<)6Vh}No4f{%8 zyV|lTlT5}}6)KQ8n$NlE)(y1odyy(p*_Gh7+!{l-Ke4X=x;Mq(GFIWVo~o+Uw7<-~ z^?-4t3*Vx6JS1|AWMZWg#Ozug1X~{cR)A_C2p||&ZgZj-be9I|j-lW(5M4a8ck=j# zMWF4rtz6%~cy}`*d9pc_s-)Lc?*WYzd+_+F-{pFDn(thqt2NsCm&U`a-@UPB0-rn2 z63OGGaVZMk!qJ)q@y$EZlRH^^#=$gpO!Z7_Rzmct>-Tz zd@ixmMJrOh>sM%r+s$e-g&pRxG6S3plJmnb6>}`k%r6xqG|p#Pj-k%V!~!>3%my0@ zL7U}bw#oOH-GeZEO2tk|OOuVjUtP%+r~9A}fsD0+2ca=KqQ#1E7(ceSJj0~_C0ddS zo@0_Wp0f!@2^@yRN??zLXV+)AbCB7B|6uAumHl)Gt<3Otly(s=mB~c5V*F=+7cY<{ z&mkcAO4dMf1R3O-#4KTJkX`u#%fdh_kJ#FJhwJp?`rTy0k3&PflnRJZ>2g<48WA$` z(r-#Mv~3Udb800%(IAKL^^U^l$3Rr}Fl|YUfHfS4ix~q(kDO!#`xg2JJN(9FVV#HVH;!&|eHdI+>;>~| z%CN?xXXwnvx9>6DrdJw#;vN=`9r}Zm<4bQpOu@Q(D@|xcHIvvU- zAO`x!%(?UH{EVbN^;#x>lpWL1Am1oK7u-zR{lTW=VhAA$yoK{-m|37@mbyUZl3zm? zEr%)zb7G2*k?)dsg?B`WL6w@P@+Y=f-WDASzYPx$k8vieOL3vbwsZ1h%?z(XhdK7+ zKi9R6>XoY+wJJUl<@)l7V?GNFG32ukVYfcV1hL z!`?e6#4ju>lUk};Zm&NVrkfU2~i7>B^Rr;U%GcRL9J<&eS&~XV^nRA-SGU1iYOB;NtV)Q!fZwI zYMp@sAxGTH?i7WL(GG5%tQbvVs^Hwk+IXdv)-Gtt2`XR{C&FwWA0Vi9PEF7qVMKp~ z?~JJ<{`{OmGGsoEe783Q?yyE!;Fp9Bqw$kUZY(mhKFNS&lzI-m5hw==3YBUDFEtVu z@g%qDLT&|1C50SCrD%7kk@+&QUVdDq_ti1OIl>T}DNgYk5bwdUI0CNcbxS_fy`g87 z&yh)vai+Smxx}n*0ZsR|sceN{Lshio)#!kJ9NBA^QmM;WZErzt5G~y5I zG|wfatLYF;P@Z->hU}RS-tLYc-s8!-j)6+B6pP>JQE&+1^(aBs`siDJu(jS_#NzQ& zm~E~;u$&#FZZe`Lyyd^MZu>#=B;MU)kh78c+IX8{i97vLoaoE2KHVYYlSL8&o-dv& zqw$sFx}rv7S2`7BRT`YxXB!fJWsbR#3W%mxU^%VPJx{6dZZm1C*}5!n=-K(bZfq*} zUE_$w%Ei7$&p?Dh3M9WV$Ad{ToeXXw#r1qIt(v`$d-#t}hY`L|mRXIVd(E5a|Im-& z-5kwg)k05yh8{Qb*3X@Qzw*~z6AAjjD?Z~%#opDfG%ItFq0uRUZe&GQ$rbAZJOYBl z=U9aI0>@!-89bE1^i=H`-Y6;AUGXYtiU2Y)28A{`CmodPDn>NUm>O^Y-YYXJ4hO)+ z_gvpkfEYMakwe4Gk&k!BOhJscgL*5%QGKel8 zD7PAkkQZ=y8C5HwTI$|@a^@UAj6 zvrN0(Q+r^7&_J01qB6w_B!nhWdua^1i%NuYRDo_fVhK@qQ*@^Ao5f5q`Lb`nrlD>h zes|HVjdiWkX@JZ%1mfxgbdNvf#n>2^7lkV(!3!NRle;$DrvNi1d3y}xK2CjPb5 zU|c8-^;At~BqU(7C?RWzysL9+K6Ur}qO`lT(A_`Ldf_YBU|+5WJ=K`G8{*Tcbq}z) zzQt{9m-Pdu3)$mL6||v{RK53bJ12w?rgobdIv&I`?lN=UgUH0bjEUs!LmRoe3UMe! zRGV~fTOG?5LCVsqz4Ki$-BG;uxY^m}(<|L=PYp_PSzzK*2S}N%HlG%TqYK9(E1&;t zVXezw)-C2BOa}$27Yg5bPP9Fb*7zvup%B`|HKQ}CHM|E6YhWG13qxL?u?ms#U`Xb4 zplc)Pyu!k_L`SQd-m~v;47>7Fpd0OVdT(9GnX(BP z(x&m|o|E6dwrg!}Md9pQ`0n{5OzCz|YQ#i|Fv)3^>%&DAyKyHSMEj_(3(k1vxO2Da zupT5yO%{o$->Rj{CbS9nNg^7HX! z+jP(EnEGh6jKm5mQvRO}`By)F_U;JClhS?c@J&F2b_H6KKfP-B8&c&JheL1?j3BlG z?5bwx6IR}L#GvT>V0zihrpJVnLZfA$WZD-y-bq&hS_pv&wx&+9M+SFO0E~_H;Ehf+njY36Kra^9dofF=V^z7E(g>< zvjv|##q+WI+gRJjHqb=l!GW=h6ZwMOXyS9{Y*%SJJ*VK4$T(==NPlP{f{8*&;z%?B z4qRv@7O;^K@Y$QLYytt0+`4YDd<%1=oYBR8y(Zy&=F4+(^D2jx@gB?hb6lZ#&I_wV zTkG>7#loq$h-39ty&~v+#up@emlhcL0VpZ zNy+*fDaYGt)lrU2To3)s0ZQp&Yy(mM)@BK`m2e3Xx!vX)V7W@!-O(TI>)h6t)ha7W zydR!5o)A3D>{KOI47*=AF+(qHoQjTb`|qoq&xr{`SZa3^vRkgujXi)US(W|RfuDZY zq8^KNDtiJ2u7&)e*RK4O`WVTZlGsH9hSxW4JV*4K2GDN!&D2uo)``}yg-VnYuNQsS zLtrrsPk=CVoJb1AEIvLf>1S@!v((-y?p!U}nKtvpE1h_g9`n;;d(tkcLD*bI%?p$# z?+pEJ+ra&b4D@XrjVJKs?)D8hDPfep4dR`F2oGfZc6tYDcUj*Y5ip-Z+PgR77z9fp znhjAB8Wq0Fy|1Dp>pE!t5s(P$sz+ZA-R6r%f!y`aYRj?Tez!-mo#9lF4g?7aLB?mv zwoFG694egK;Z~Y1v3}kSEmf!cFwue?+r@9$&~e;{js<2DsDWO~F#KS?GkER18)c1^ z8}bwoBK&eAh$)96eC`M0Un_CGr1O6wylO{9kLPf^AA84;Pc+llUltOwc0YP&{v-0r z@ve3~akmZ{g-%y;O#VRN<5gpeR?VOYtq8=rRJ9qI#pLg|y>RBN)yLWRm|DfZl(jc5 zJsv;}GB4O;nFFPEq*h^JqQBIsRLxk5y=4`zcBdV#B06qbJZ??;PmG>8R5}QITd*0q z-iBrL4c5f_NY0X@>i~kqbyPoC>)L;Et*qTIm#1le!%C^~9kBqZ1;*bwNSJcjEgpp( zIz`RN1+@%@Vq)G#?U};9N~k$*ZLlFj@wBLpTT;7r#p8`JdlTsFqK105ZvC$Y*A*El zbp?`1d~5n1{rzoajY;+f;Xr9_m1%cNTwTM7#K2_?H1cAU7yrq}LD9l|Df9x0IR<+_4r z|XlUT^#nM*| z;T!{WhcThsO?4hVr(h|71@!G&wJ-!?5faQd*I3m!eseAwd7c`#mXv<-_LzzwB|%f}|- zx0^o#W;9dj0uHNT*s@T^)6t#PKtNR{poefczcgiwsd4=q+j`vNb=W^zDkisWUB*k? z-J*ZvZ5-%g0n%Y~egW0dH`55xL5JMfqrlifHkxRqNV7;oDeEP5a*y!1!BhQmPzW{S zg2RK}0Z);X^X=b#6Lg>w+2gc>E&AzGnT ztc~z2BlHsNn_M9B`yB9Q9CH$YynF)AeX9V0&g&nU?wtj8&*^SEdgw=R}$WCy*DDxF`IuSs@7e0WEK?~S>&CLMILobyX2K`6q`ztIs z_-Wvpc%TMUQQpUr3!N((D!M5`pGP8F;T^G3u8YLsq#(c4YML;6#IkQ1gVO9j1#%}6 z_^YrqUSO{uc|Nn5z=?Puq1Oo@gfnfpD^cRE{NGFuU6M zYa8dm^7krOV=#$U1t80>H}g^8$uxMS)2rjc2^*pWTga9RGT*M zE0z6)=6YxCk)kygIMAqN%m6fwmcL(t9gYk>yWVA(WC*Gcumt@Q0*W5@CLnvsxbQh; zl4He9nyz+7lkpX7{qpiMEUBU)MDJ!D@1O2h0otI!n>$)Nr!-g}gXvqXC+`1w+~AjR zfHpnfZbJzGiq=0KY5qsUSOj=t0Jv6x-9MZztxXT{oS{DX}V7{$^v?wS0Z1l{Nk-BtSEk?COj zhaP`J`ic$W+0lgou3o7#4M+rX1IrcB!SR6J)y2L`@+eU-f&D=ds-YhSh#gB7$z!D8 z(s(b1#jSCMBE4oXxY}wkrJ3N2{lR<1IZcPp_4jcu34h5G zT?I7cF+uPe+cOdlXMU>j+RRf+eY1{64u7C?A}F0$%ltS*U{S&aY?>+*_bfiIM?^&H zrDfki2$G#A{1#xddjK}OTuMhK zSs5%L|8$fZ{4IDhrB!8LJ*p;h*Db6am8dExG>HLKG+nb2=$oQ{KNKbm1{&5P@&~_B zTpT3|Ev~Bth%pMLCnY&s1F1||<2F2e!+$?E{2e^arwTGL2MyuFJJq(iI$cL;Y59oH zn~Hm-$*@2tH1lh<+op?Ln_J_r6Qu?Qj+>*&2S@ky=3%!Ef5VeFTq5vT9ql4F<8Sg~ z=IB%p^c;WJnvat`{LJwi*j##`;bl!tZt-yZN`xlJ|Ii|9*H~tAEHK=u#TFmjRHOOqKS#_uq z*H5wj2+iF6Yp+HftcQE5+Tg9&S>Wx_=PF=;1XPBWTbjk0Ts+ZE|)FY5XAp7|Z) zUdV4+)DJBAYQwXwU{GjU*88)Ps?SDhHsLuMj;Cr7f<(k{i7l!k9hG9+ZR{~ckx z03%wg_~7;FqeREGANgh%lt}BPmK4b>>l{1{rnc`UoW9>WEUR95u23;UsSHCeOpk;} z3r@CD&2_twr9#K&D9CRjg_}RrCNUelYV-8)#}h3UKgN3Ym9hWlW(slC&j$mFI0g_{ z4N)`}Ep|j{7>I`Q# z>}wnCY)f``T8Mpp3hjItbYo(6It|enX?2>5cY9t|uCiL&u7>(W(7FcVdeCWRzg4|p z3#$ABVPhA3Wri>2o4?PC4MRgA#+BNM*ja}utO|N&*QGOmTT2!yq!DYZnZyn*7qC)l zdAt-(+Qv}W4WX8k!&}U8{QYuElNhkng_~&ljo*Yf3bob>^lO2mBZ*hbSf_wb#;%|M`(r4_fjJ`+G*Y9)fTZD z-pIOf3KZ6z8?}5?fCdIQ{@nnu{UJa{L+tD6@gZr^abfu9i1E+*fQ$%-4Qyf|cjDJ7 z9#VBJqMD=3dOtZvh5Y6?=t<7wzqn~8KUcO(zG%NyM;trtU;RZ6%Wj$)!kqIhk5vp!PmBN3YWb=1>uHdQ4e&=H4)B_@C%Z}+CMj~fRIS^ewKjp4=n@?mja-i=v5)NZ!=#I2 z{+Nxm{dk}z;V8d+^@YuVvH0snT&d6)R!VI4p>24N-dLE0vMGfv&F(|JR+CsOQ^;AN zXNbmechFhE?4MM{h^R4D253W&geXPM=_hL8D4E`&7<@%W-C_&jEB`$q_gAyeeSSgT zS)6-yV6k$3=51*FthDn->0a1V_)jg;+A^y#3gTdA1}!r)GYj~`?9Q|EKby)wD>4=Y zp5|i(9X-8#1~o^T|2h5IO9ov9@2AhHiUgJVC%&%s8lxT-`p!= z)2a7jqurzE`_pnCP-wSA>a^*%U!LP%x&AUTZC!RUYphk!iJ%l+!is4{x=(UcM*LC{ zEuQ(Mtx0AveNtqmYtk1@- z#q(l%O?>61;Zqru-fS3@UXyV(+z(JUZQt9{iCy7=IF1kEd}G0*I8N5|C&HCdMWrG{ zVTLG*oNA-9g2EJI4S<+#pd%FZvFzW?g$ZsZM!XxF;0fhjmu}VGUHSTg)k0z^(rApo zJ8UeY@788+wDtJFG9y}XDuLIKBH3FRp8?n1rQ%I0i(KXk(X9#C<g$_^4{;B76|WcXw{+9%+)LvRZ>B=~%~SQL zv~)34KN?fN^V@5wUoTEYq%(~`dppy6hY|3y{)2?+LZyKJJ_crtlFL5v!1t6zLU|NL zPi(Z(`-kpgrP!DlAJH1R*H-_#4}%|6KLM1*xbldeX?c-3$X14JRpx^}%_PDFW8iSH zo|Z=Fh>jfu(jfdNk}}oC_GppF@Kpy+%A3&oL=xNHwA_bLW&1=^MwL%bEE;*A}xLd zXSd?Gk!uGL3e_8M^yc6-px>>WB>wlw0@TE*Xi$cx#P*V`bGuxi$89@ecwbrMCHb>$AI(_a+dhB5K!(4z-FKf9Y^PS_zg&~%q7{WPmT%B(3KItB^^qD-PP zh&3@O_>?}hzhaeBHW6zQ(sWq{O6U&<{H;)`uFj}?HCCcAj8zmreAxEfNOmji3w}fI zU_#hfWMY+A6qS|~{8dQargV@Qd8kcFwotOV^LVc92Lr?U`Of-lECQ3a;aNp4cgbJc zQ0??4w5?n%wLCoBoAJ0H-91Us2c~9rIuD3C=bgP~f({b2;@Nwq<*^>GA`RR>${z_k z9_TWpKiN($XV+JHUq?>Mug%2vY)+PR>P7a`KE}BhoWws&npL@uxJrH_-U{vZC_yV& z9#_UfpxKF@^o&2OZ!P^3h(jWN{rZ*hjQ{(`g8yFq6@T%!!Rz|iMTvjVB4T4xiI23Z zJwM^CnTB+jNBX;3>Izh~zG$xgbk#q}5y145X*E2=KiYtD*jLi7%sYhmnRTe`NmyO{ z4e317kk~X6xeSDJk~kw`FT&CwaliRuDA3pzcDhYR{NlGMD(|ceU!{uj*aTl^mm~%r zx2?pNG+N_@hlFRhxRbv0S$!>;w<5uxb#i!g20j=!uZ0$`|NUj!d%aduk?EuTbZtY1 z#A5Qp@>sr%itbp*i&3^45la&n8`GA?Ac_=3Ue-^sG9x~U*DAhJp)NLbce8vi;3Hu0 zb@727+m|05j}SKLOtsOCr9RbAZvg-dG+dfEAv30G! zX9HTm@;r!r%{#lrufsZdf>fX-WOW~CmJHqPjG5!a>`}2%!u!_0t99No_-D#23oOma z*e12BX7RDBFOGdhK-)$Z^yM}Yb2q)@MTKWcZb zYzb4YOiw+5(ap}(>c~zwN9au%%%cN4({VGBTbgO1M!alc#CufqQQ!r7ergD`EqXwy zs$FkQs|v|4OY7e=88QMqO?E|a7sEI7PFawQ_{*g_77cWLLctTN0^iAVt^b}d^O4@3 z*;wB6{l%l$dXsGT+L4lqg2G!uLc)3`=R(baf7cMOIzk^q8G`Ybs&bFvZ$TZc4iQj$ zU}I*sG6exhdX4++|G9YeQTy#kmWul+`1$DuM7_t>fckc6`%dAj#{b4t|C1a8pCzO= zC0I=kVz`+$1eM~!*2>DtC@EQ*=|IO*VQ1Oq{kZg=*I)@+Sd7!h z|M~N1%p<2i?x_pbf9J0Lcw`t;7fqO7@^rByOmzG6y#$p*wVVbx>92TGX_p)5=c;7A z>;sU!w>1F6?A7JL#?t&xjQP(pWG3<$EmD|fQTso38dcg1rzVL1NU^Utf%!+XO`5@1 z&HqM$^A#8-BD=SAQ6+%V@Ai1w%K@1 zuN~oma4|9>Dk>x1R&uNR|15$jkKa6G8>N?*ToF9AI46)S9YwGX)ZJ$y{w5d{{-0T( z1_DY&roF(yWfIWIWqE_=AHfa@n}Qh4wBfTnM!)}ajG9D-52+~8yQrMk*_CM*cOepf zZPEQ^1TU_DcM@Wp9>@uy01|)%b9BJM!4Eh%Fvq+>iM`Wc1_AqH&I~U=O@@joczxcn zcKtE}m%G6dY5Vut%EK}MrzgeAy&C|61~unDa$bPATG`aZ!~g@+N=xDYJij@7pd{1) zn#7cK{V@RunR=>Wr;kD#8;1Epd63mc;E?>N7q@(K& zmoo*u(AugV@$btKkm)b}6FKU4SHjp^Xj45Q1fnl14ERornO~?%Bv2Hw#8o!&hEmvy z3CPLsbY4>aKKO4?bCDY)K^OM)R*-@GFl;PG7170>!-vu~3zFMg(J;%pPe%h{?KL7G z*f#gBjo)6BARKuxMG^{@>k9aNE+4gScNyDc?HFFF#TE2joxP!fO0bA1CEu0JO?X zegNpXVvM^d?=2u@>HpjP;dGDR3(3usfws-H8K!ujCc;MX=@}nH*<4r&Q!@q$G5YVz zZ?4}ks~5y2HNrBTW8Jp4P_AzKS{=3Tg*EO5qm*QLE$6CsbN8mbUMUcY=qlig2#p-^ z-~MgZQxj-UI;S3z%{Z6)b%M(9u=n>D?(yWNklF8#&ornE?HbRI(O~BasS0f^jlVM) ziO7>G;Gda4IDw9$0n3e7^&8axnyLm*gAx!<4|$#9L#zMA&*;2K;!ncyM(F;=u0?%P zJYmxk1H$q8z+XWD$Grm0ohIl@-V!R2!?L6U2P(8TZhB_fH|8pe%pU41FfNrGm4vrG zIIy6@^Zo`t{zeipi+){=W)m)t7J2jZYRAMq5$9oVpVP}FjfU+L?!AEbLrYyzr_lLLiNOcT=metz$|?mjaQMX+T1)32{)<_1*X(e=W5``_~{%b&saTr$bK0| zA=tR>gW`c`{ly*Q$(0(LEcct%rDB0!+G8pTqz-)UJbU;NBp!T59#-X#c= zXh(!0wVl=%yE`y`B2q~Sf06KmrFt*-pPt!{l9%ll;oO6g&p`m6Jgi|XPDu);`UT#;oHGkab1}kD$l5G6urn(p z@P2D?&-U1&bJCn=k=2$!HD<&%sbYWyqkGwW_Q_#D(E(2p+ex@(NY-ZMe}X%YXpq zE0c_1nN3M?TzY0uKyrJ11>sswvLx<-dVLlueGa~lWf~ZmyZG|fb1E1B9}Cs|&g(xv z1Gk&}A`sIAz7wPuSjFwzr}X$kwrsTQ<9L?n=xCNxjMDte1rkF1_dzWpY+x{_??(vR zd970d+CQ@VFIo0#8EUH-!G*t5jg9(Cwl&I{=P#{{N+{=!X;n_r@Xotc>C^qHDuzNl z^4>I_Fr!NXR)}lt65sK)rL-GLywX%q{#qU6&E-dQAVz+mAv0UnHssQex21nistwJs zo?K`gXWEsW?ni~p4+P%a9v>D7{;|+pc}Bghxb0EJrItJ&nZ&~_PeJCQ+v8ul#6^}e zf<|g9AN1=3o8=uZ z+j5MLhG3m8^l^^zS#7hvcist*GO0JMpO>0P8~OKkwCBw>SuD#|mo#$syw~IK2sKgX zSR(3pKCIDHyRNYtn9St%L|WarK-$5}s^r82ReS9@IV??7S{7Yk+mxoLtnJOCY@5~L z;JqATR(5q}OS(OOu4|rlkv6ue5{3?Cg6`?-(9wh0U_eux3VY82bqF^+_*v>Vu-qTN ze|~aJ*Y-w}R@oOes+XY95oHjp#;uq}1B*qd#0(hBD01Vu4Gmn<})l zb0A~#!Q)~3vNc^LUT=$vpxl7}vc(3=egNv1F5fHnDB)e-hPM$46$<&*Rr4vTfi3Zw zXVzzIs!;7a!EtSes3$`ma<^yCxq7Ca!1ik%2uQ6ov7hF*iCwa|&owA+Lm9!P72+*%Xc%Hh}gKM3VlEZ{Gs z?ELwf|BTokV{XNOxmN7#lsP}m6xAAqRQU^4Uxo*~JZqwJHvbHDzwd$S%h9va zr)nq~lW5;%Dn!vCBb`JNSyLE#@NGxxcAaVll8=nK-pJvC?97$P@e=;m@ zVWPRA1?C}b+;Dv3pUK#DMnCRBDytCKvT=i7{Vr=e=Emn6@M9>V zT1$nsLtYcVifkgjGiO=coQa?E_7JrtP@ZjEPQHGb_6eRTIXAYo{E(p)e}PxxbScU@ z^qq!jq~nM-^TW~G1S1bhG*^k|&Qn$$Gh(eJH3293##F@y*!Nz+wtuq9FD{+%&+9Fd zY8m@@)tXXgwVzqyv4b|LeFb6B%K;I3aN`0fwPVBD@gDbgvz5!B1V?|8b@PzJ`NR;( zf##HindW@2_|(-Zd-qbxX43=T6ZyEHTK62%0P)8mzI&SStrunM+-x)Pc4|{dJI`n4 zgUzu}_kGh}qhVhWjQxDr6DGA(3b$rsj<{=sYj}+Q%nlXrXOlW!K&}Nsam-ZIZP*qDB>Ahx+c!@yABjxf}6y z)o-ljJ^Twj@0t*|%Td)^ZXRjM-S^geC>B(au+uQ=2WNFTHTV5%d4jBQUYFLh-o0N+ zkMkRj^ZCNO7to4}%zrpxah*opsMz>eEn+#Jvne82nc8TDeh{Je=~IA*XmeY_pkXa$ zsNgI5p!}2vdiy0pGk`opii&CbFqQBy$71?Gvh&JR4-bEM<=3)$&X(dUwahD5@w+e) z(xJ;zQWS&AXFf|dw9m?4lV2Qq4AL8JCf%5Sn3a;!-&Oe(>4%A7sTxd;v$luG#%Ia-wY%J$YFVCA_ zRl&cWa*E!dFc_1&d;Ihm*%0g&0lcE02$a{KZ6@v>XZ1BOBQ(XWJ+npYQNvAz&qm22 znP;MOxqzKj7Mp-4bxP=ChLiub#>me`M-MWl6N!>uKEq%BoYFh4)L}A07{OBRmTDg* zlO)j_MVS2XszsMC-}acfz3$#E{uX9k{8#!d!*#g@4th|GnaE@BV;56|0JsaV|#t?Sw7p1c6WlL^WsPCdK>GM=An3K*T3xW9w#ar}t;-2smt9RhA2q;rH?#?oQ( zrxOgky_YK@A|f31^17$IMhD-LauIZg9*9Saq`j z%X)>a0i%Hv_k;DbMG`v%j=Jz9KMbi%2Q|G;qQkfh@;bY@6-H|3M28fauNC6>j%mC? z4`R6#31hO{ZkX&Zd1}~1p!hJzhdkgq;y~;PEQJ|5wCmXlYY^7rV9e(eoal>W3ZPNV zcV+$VyWa6S#U~7`fssh9*U6_mol+Vpf{VZ5n)_X5!fvsNrOMdiaJX(=(q2kq`f|xX z&VNR>a4_CMM(O8?V_ozl%%W6}i_+$E{N+OEKYnPjgCCzo@HSQt5GdV7$Vu!`2f}(F zj8G#yNafin3_qC5-rUzdsN(5Hg;$uBY{m!CBgH+t2Pm%6?Ga5>kDn1k4j2uBw(@+Y z-AYEE_4S=T``ir{sh-x0RHsfpTZ@AcjOX| zrU9`2qXzaDMY(x1;^U1Cm9-8t-S?H$NNSDOY>$0?2KcI#rA~ElrLTu@HToWK#p$Oy zJ3B+A*0Vpb9Z~%1F^I$jz14-iylcmw7<6*JYhzz4ilihfDq3hB8cN;PD9jBzw%G$l zok1iignGxqK%l5!zBM9%MZ;&A!_#1jAI=^d?E!(Y66$rQN(CV7Owjl#=zHj56yPC2 zfMz&yY_02;hj=Y2UJg@v0-KSM5t?ZD^2!R_Xt>YU={FmU&*(71uw*^>zVQ8Q4B0mW z*rKg-V^HkJ=_9tseSqOvKlk_8E@B)8ikVWX*_0e4PzJ-*glZy>2-`7z)G%2qo};66 zM$8N8YrhR?t#k!6dG3j<0yXLwr3au=aoLwJ9001hy;eu82aYr;MIUL~exWgSGJLk-M+mxpwiVjz_i@vJwA zCGlrtgwHa^y@h%jEAcL;{w00i_(*=)EiBJ%kwt4aPqAU@zzcmvf*u|obw%)rJj@XX zmKm^WFgALTPfBpy5%Vjj0Bhc4Hhfs;xsQ5<4TU*mxO~(7E97qF5FKzC>6z-5Y9k;2 E2iU8KRR910 literal 0 HcmV?d00001 diff --git a/assets/images-for-sdk-next/learn/advanced/baseapp_state-initchain.png b/assets/images-for-sdk-next/learn/advanced/baseapp_state-initchain.png new file mode 100644 index 0000000000000000000000000000000000000000..167b4fad9ed05c2fc28884d7ab6bb1c9762eb87a GIT binary patch literal 243455 zcmYhj$IkOiwWJ)L|JQ%}U;m%K{>T6LKX0FC>#wruiogDWa(}=22LjdO zy8Q#?|A8RsH2w42q}7u4>pzEL1Bbxp{rGLlruhDS4gw+Qe}UltfxBO4)pD_CO zC)+(0e;@u9N0WmqzHLt6rq{m@WA73414j7Yh7x={q@ZhmhB!;t0u1xt-)jDCOgS@? z=iXMU%$AK~z!}Z^b2aosN{_VeE3xiT1Z&LC`B0`C&&7BY9^Wla0n6?|Vk{ZKI~<{~ zdCW%9*~79EA@N~b<)=k%OvO5m^A3X9@*Fg_ITIN~SPnX)jw zC&%2XO(^~${i%G1kHAk6-Sefa$g&)vuh$tzscrW#e?c=D_$w%hLfZUBA8FTXUeWgtXZ@`4S z4@PW+_;JM{Jg=S%sxIP*x zUmumWMYYCAa2gn5*1>58GQns?&R6(-(_;D9i63s3AJ~5Nvt(Bk`XYw;9gGf(YbJ9j zEtm+_C(QHSX(>Owb7V8})bqUhJ&;RL>ThM#JkMz)*@xEZf9daVY`Ds#1I#wN@$2?* z+h}Xg#e53>Wa0ueRNL6AWaQ$YF+djzqlzAQDDQYmu$TFl=p;1Et@9ifO~V-ErKirp~-(n zL;cXL^*RF+{#73Me|PnO%hp1nVksW69F*JTukVcPykn?c=T^yQH2VnwtDN14Z`WsH zAX@mdUV4uit%B0AiJIk%yV;GY3*Gav?mg2j##r^#KDBc#nO3%tLemX#`5VBNA5Tb*KfCKrM<`#m<@C*Vygldc?M_v;)n zl*`d89J$<^-aecBF-8W zE%!?oqpZ;*_XEhhDpiA&H1{kBXX1F^(C=q1+^RGYamBa~W(i;RgHjo)y-pH)S3l+W zNSwypAz5{|gqu+0-!;puS{9nsF8ww^)HUX(qnG$AVip<%Uc}28P@7dGdQbUv$^u{#v3Hw~*IN)Xn^o zjod8^J}|e*w~OxBrMjti`GB696moo}h24X^uNa88&DCwo;JZ^m?^agL&0*^)vY<_o|)sP%7||yfapGPoXdb{{z03&DeSlc6>4N zIY9B)MYgUvwvr6(A0v0fZ&mo#PO$|KoQ47CMFbmP&PCD4gn z4H{Op&-0C`{^=!L@a4Woc&yNlGCf_VCiS^Mf4xlBI{sAYeu9>Lue`pm2oK(#Q)J2s~xxDs+YKZ?qWOFt;cDr3f6IT3l54Ox{ieC55 zvTiauC+>$O?vGxCAdRC}CfKwt+*2cISowniPgY*uudq zu1wnfA|EL%9OgPnl$Hpf<8qeBI5-oIOD#xRK5f?!H`^|o#^pr803y=aL_;mjl0cXP zPPBT_fm2sQCxOFC-gU@d(Ia{~n;Y_+FPO;qF1Bjps;}I^@NXkZ-F7*gOb3MzOgHjZ~H|9_P?XwwOQ@48vj$I*gx6GERsNJSdNY!&U-!K=< z1R(TMvB>iI4-0*SiZz^!iWiBHS&+3<^;~zLw2-J|X`4gv16(rZ%@nc=JtZSM!j*oOr)o8|cy+ zEj6@0;X0%dkNYefn%y58o`oDhEj0H&FuRobWkmF z$GsNV8th+g7?=-Y@y7BQr5&vW0);EiO+Fs;`R&j5Sv^~D1Q2lsPC8J&!nnyR4xUoe z4-$VZ<8hk?5?$Ty1X7|(zGsTLMKz`Yj+xcq=yjU|V$9L%{nT7H^@GhhCCk9gu;@1Q ztRr~gN^YH8cx=yNM7!Qih$CN4dtLhmPV;N3>;1|N*G+B%hxE;8X9~-GKlkJxSURD1 zXqMDcx8>0tq-**(Vw!zCnUm`NAVa~HUHtCbl zhCK!$h;|rGTPor!1o~m0Wv3c(Z!FTbHO?1m*zu?KKxe6-`Dm%nPE`%MDW5 zi~0oS2~`X)#TkwecN4NA$K^*?xw-Z+zuAE(qnS0J6e<73lxF)&aD@TV#TI8e$6V|FUy4J2B;0~U!@a`R# z0l*Qs>S6+e%=pW*=PkQuTxlW=*Bl|jbt5O#Z*0bo3Zb;iR5fWgOG3B-(`tJ%@yW;j zQi_pps3-!9{Nh;Vs#K6QzuwFoZh-94u1^G!It`I)Du3)3u40%5vR*dIuU*RV9UU>YsY6pBELv7q}QmI|T7MK!A4e5B~-XLG0~1 zad5`6;CUu(ki3%X%f_Zng@mZhfU;muPWN`xKsQPi+$@xw-wjKEW@94ljIu+MYEQFf z{bBUaqN2Y>1>f-lXVPoO6U&r%z2vK=EFIx!e!qs@Hp?$@6L#uT+O8ZG8Z zGwKcH=IPcsrgg!StL40weMOKtmNY9E;Nu?$ATONhkoQ{DbNnp={aX&ViqV0#! zNe8UX5^z-CEl+HWc1iTXF*BZp;yH&hykO)aa;nh|Zlitia~vpEY+7}k=U1()CNO)p2pD_5 zKJTh*LP9#8bp3}Q?Y|%&O0Xx=Vd;% zgZ1m{1Fwtp_O92L@9{hrU>R2AvhMnPg1i-X9UJdZaTKs96y@(NgNDPY++9VKWr$+PAT9g`Q^RkUrTY1r0dkdNEOQ=p3Bd?A&#+Po*D@t z++*vI_v`6-HuVf5VbG2_$!#k-0Ljq1K7_zwHWyJ^3AhKLaZY* zl?JVSm#gPn<$UO37}(C|&CixK{iTONjBZ#WIs?JVZ%`udCZ@hCBkn^wQ24xN<2#o! zzz{npaLRFfPThjWVvTB~gVYQJDvrqZWvZ`RZi*Hwo?)asoaRL5O@>WNE>ITtomHPIh)BJVS75R3 zXFzmD!xmxBx*hP|jl6AwV2p_E(vX)Y6amD10bMOnv&=^w%5Xow>%?(VIP$Dblw|Ay zPhcU>#}wDoo`FKK%aY7~9+8Zzc@x|c$1 z^B$@cv?~G#^)*6lPLJjJlwxha=IKhmahbiA@eZ{KGjThmeATrc<7VAqoW)L&z$gpC zv?4RK<+EwB55JSgws%bw@T+9Dy54*$_2{Wpi|wDzQ%^O?Rmv4#TJNq0#wYnV>nTS@ zmfiMxGnAF(uV1k8WOE(R6v}Jl3a2k=mkA@b1^@`)z75pXSn~*`qzs# zG$@D|`GFMvBPPkju|{k9ETWR;Yl%`(tSAj*ssLrx5!3m&DD$WR_Oe<*N4Zc!g!@1>r23NnZv z*q!3^0VD)UK0loHYlwQnAvZxZq&~lO27ZFImmRyGUpFn)lK}_J?>{$th9{2j`$JYr zBZ0T=2VMlMy0UMwU3$XsOku`0REyJR5@0RN{e4Ro(1ZL;-1_`cEBi*>pBkewOVl+V ztBFxBMeBqchKgj2eZ{?W0sC4DfMR2*#5&ZIYM`wMs-o?q2nBdeKOKOwpw_&u92cIz zCt%_vNjwoBL1RW+0tb7P^dxddrw3R{1R;eGl;E)1DvGupOAP zljE?yoYU7|mT#Qo>kIM-;*bFCL(qIPc=Oh#{CvGdehfN(lN4(Q$-9QG9}w*#=6UTh z*TN@aU{enzsxvOqNc87Yd?IUgflr4LNjd!21;c{SqLMp4?IVMtAs(bQs>_MkG6U=Mqvmwrt5x0KBxY zdRvhXL}a|>7xHp&e7q-0ITnsei}h3=QAQnwqE%cPxx;vYHB_|kO<;H*GFQ@E(g_Yq z+&3^GRK!7IAS~zk!dS!C9c_dedm0+kKd6eS0rgMgUCQgaAF82mdHn=DJi(;m%yND4 z1Qo#-kN+`1a1yK=5DY@is=sd|7aL8X1Hva_y@W|Ja+V~n$nDS#?x>QchTj2-QFf-hUW_=uH`brf3!N4KGuW@$(;0O57&Gb4;IvEw0Wd@@snUp zs>*2{uZyPs*r&)q4NC~?P4Fo;&(Z$d$~MPMP(NL zs$0M)28;`B`&56JwOJnk%44QS0^}$RyNTZkL@(K0a%$Snq&()85O;c@EW`iuvviDT z4NmdbC)Q)~QOY=h6D_(W6|hPDz>JkdG-8H+v${?bmuqZj0zP9~YZawi0E2`T#LzEd z%iWk)wA6z2IhVtWf{njazYYd|7}w58j10qveFCW#9o$s?TL{2`G$T<2=-Tu?mBSiXZ>%Ef}n%_-wNCB|8Myh=WhelsmaJ z=vQQxm|i}X^CTQpy^flElVZhwRA88tg@v9*&)xyij4xsO_ySt#=ZHfG@@Lm#A1%LOwEi5%x#Hk_;%>c)C0 zGL~FF>t)1m5S!5k9vDvOuk4d?R$Mj~eIVxQdvG}r?#R==%`Numcv2NT@h$nfPzS;a zpu$u*br>BF7Va(o04$3Xic8b`WO|w>nK4=N=0i5j3mOzrPP<+8U6v&esEP8-dtfNP z;`6pZ#nqc=+`Of%BSUsi!-%WU_FDyA8becNn_^O@m|CHhOwzYuSb4>OS(X!nWVc=yk{LODlxMlmU;{X>p6pKI;ir z#o|ZtFkj07H39K*dofIlxbtCjIL1B9>HDBa_jR(m^VpF3NCC>LH??t5Xi<*?bMbbF zQVLB8KBr^TxF%Kpq{8}L7NgMhJ11aBpfGbUd31O<=@U%w3z&vJES`#{cTmlb4m+KHB z<>n40<9^mw8R%)#wNZ7J&zppK{Pz5cn$(|I@OYa}u`G%Ajm)&b$I-U2;Y8~xAXDF3#p@Z$^ z>?yiM_wp-ydQe0W`ju;ySjw_O@Qx(e_XIX~rYVD?Q(b+Y;VUyjy&Gh-O15 zvb_D0J%8NKS+YNL)gEQr9D1r7F+*pzU_; znF#vAATaap8XC;67uB@XJ}2j(B1c$AE{HG1(Mt)zg7IEnl)Mr&dOS=f&F`|_+KLT% zN;u`tJf0~3wmbnqde$ZiR9X@lA%=e(k3|;MC6+e`_rf|YtS+>OgboavwGd6|dIqmL zpCh2eqZot_04_@h)du|$zIaa1gOQf8P~&~+Uh946&ovI0Ym>Am&X!Tb)@~aHM_LN@-@h*5AaM&a}S`i>^<{ogV90dam zUMvGvK*Y${J^L64o3S|S zVm7qd;yhd#sgy6Wn^*?@y@5#>v4C<#N;x}WUnfxPt(pb-?xxPpSbFC4Gv+x6_-yV< z@}kyy)5xy&9dcH(0HHwPW6?9@g4Vb6GCF*wJfLVvg~mT@5!9B(9}_^nxwViYs0_q7A7%+rIc5{H`r8b1=wO{GO64I@^M83KnpDJfdx? z>}d{;H8fifAj)D>dbrhoITS!8%Qt!*&P%ochbZ)7R(sw3rTS7+<}RdX#Irw~5FSvb z4=-TO*i>q@q`ln}v+(QXjM^%=h17$ufjn3I&FfiS!%<*0SMbS>3;I#)OU=svX;)b+=qvbxA&!JFFjm<5>7*=;+@cL~O~KAmgnC%M4iUkoZmMk_oU3FSU(crHS8O#IdGgr)u1&T^J2-!@=- z_!8eJM{>!A`=~X@2k0Aeih(X!&s7;ZYa87(1?d!_q$94Gbg=%%u~5?}BK?a8)&jb- z1kdEZ;9wJf31bG$`+mMiQ`Cw~hd zkcBc)GVV*8!oJk`b(CQ{qCia%KN(8twDs}7hJgb|f5PgHy@p|wTBQI|Ju>Hx5!%5y z^16y%OIGXNzLM8k&A}VDejaGJbg870OG1Z^MD^uyBgL*aw|d#74Wz{~C}8cfr2N}?fgESAd6ZlRedTZZD3$CD0 zC%V+WzfoE>+^Q{nrTo>^2}~AKSM=JZ9!cgclsdovsjL%{_3CoI=m%Re8{}!;eY}zN#c3G=vXAhdE-bV?H0Iu*3^S9 zUXPdK(#-tCepr!K+!} z`(_YQyDazP1#kEAh5jWwup~CHdc24L7x#rKg?Z=gC>b8F_7j-8klmg2mQi4Y$6oG> zAdH3)Q46&`Gah1L6MnS1J!~LjH9f$12!Wi>nP1)sgh3VWrjpCO^Ev2EaJE!L`c0-_JTAUgr3Zr+V zF!2}-Xhvh3UTKuA}St*bF_{u1!sU~%tgX#JFRtcV zd|+(Ce7yiq;&I~)5!-&Sf=4O5Cr`YHJ;IljpKp&GWb7~Um+&6Y9Bye`V$^gA$avUv zLxBiTjHBdtdHn?w6uuD&$ap6EQRVg7=@;%5zBa8muY7JvT6$UEGIv@(0G9~>Tb(R_ zQ7->W!~Cv7K$n-5vise4(#TPzSWm7u~%H&8k6J zy>4uCh%$%L-J7)wi0N!E4%;Of=Hr_Mh3>=g+Rc0GIN&&?T0IXujj*|+-(1rjA!G98 zTTr9}2Oq$>K+4-Vc!VZHm5#w5;|Y|bBM`sO6WOMy<$}B(#6M_wJ&!saMaQadOebG+ ze(zCn4w*XpZQ0yRvxdrcKT)99&U=;sblkSxo{?L=013G1&GqnV$u1iA2uIz3_Nh0D zym*JvhDmkRqp!{S+;40id8}P|{N?O@?mLd08o)?Q{jydD+Cr?;8&p;^+nz_aGv-~>$JQkD%+&ahsjJ=!R9Fu~L56&%1 z@FK1Q?tFLa6==CWkglWF!Cr-KG?!MoEqy8)M3KW3>ozlF;!dJG8$X*hHKIms6*Iyk z^4e;MnmADG16HWgtr#YNm|`K9QdZrV-hhsBEP1g5Ol$CZR`zF@Q2NI8pD(B~qXUiC zpCTsiUjrKiOBKF1ma@w;FMy`Hg?Ak&A~tc?=v2J~0WNhssRN)1#l|V^hPG9Qo&r*X z-Z{=F(!&gVqa2`wOTF0waRxLC>b$9dPk&TQ_Vwe;hxjc*rpYM!*t>pnq(@bBIJdE- zU6U1~?k9=C@`yhA2iBQ=MRMY4)ImDG>dd?@d?Lu^h6Dkg_Y8kcN4Y;4^lJ&W11aXY ze2<#y$Hi5|w55HKU@HVcJH?Y4lj$`1Gl9B++&Rt<_f3Nh{Oo*$T@k7u#aXi$SFhW>C@ zd8(+NxB<5hzNLdYhr=xh2^mfe^xbI|fwm>PdSos=zy083jFE)fRfv2ub8%suKdqfm zPv@t27TiC8XYZ7VAutwD>0vU-2NO9mu>k4eX+|KbFCma5>`Yp|?C7d2O<5Iu11|n? zhw%Z)#66GX3RuHS2YR@}>zLaRC9t8R)3(R@*Fp^pfmMJWd|o*w+UTe_eGuZoK@&qj zO|6MCqeeYO8L~+A7G>!oIBL`9gWF=H*^`ZFpp>O`<8I)f1TFeeyyGb?eIdLu&vNYh z@M!3-+;b+U^4h_4p2Ro>M*T>{)>V-s!KI{LPV`xI`K5A|G8)pnb9b=+#ntn0k%h;8 zk+<@oWiOF9ftq^)5BEBquBO#~U3SU2eSkKo+6e}~cvPtnz$_?JRFo>aiz~>!$;t49 znGqiAwO&i6$^Z_9k9-1t1$5xa#odlk{fr^>!qKyp3iP_@Zx+Kfn5Kofe0xd+JscS% z;Iy~TUjb-Ibyob&vy>fjSQHuJm`6I1eXFd)1ZpJ00v*yN5k(4@OaddM`botC@_+(C zz2j7h_Zc&NRdS-bSY36P6&UUwc$;sae*r>i(8APpxHOn?*ZLd414PB^gF$L`8->@= zRdQsTu9`q})CI4LZCvX);Hd}mCzOqSfPdgCd#-(I%%VG?1_Mz0gCQRfe`o|;c*VGSV=>300q@O9^SLmgCXT1# zCA3cm>EjOW}9X}i5 zz~;fX`*4)^_0r#L1Kv;A3y4QEAn8cXm}{uf_)R%DoVl6816>X)37G#4q+bJnr(X!E zFxcZz)7tDk>*3RFs&#!~(@?D4=aoA102Jgupg*|xjL`~xpG9#V6@FM-xC1?+n~oRG z=*dAY{*HcBQxyfsb%*uhm1Xr-s(@9qIn2+C>pzyS4&*#9oUOBVXvgN4Tt%?grXc$P z@DnE3zSge4ZHsRTe8B<4Jlm{x|}$P(Xv%K?ryQ$J7P^ z2HWPY54HtB&q_+8i4O7af@pG{J|)m#wc=L=zJ?`CS|hZ2dr{<*%~xc_KrynOGKh@7 z&xgT2ax5qPnF;CVox{16_0D84_FIt(VAa<UC3 zp=rQSW7r?YS}0or?7y4n2eKoUXQfz@CPIsDYe9iir6hh z{LSH3lvX>#f|bVvt(bWZf(Y0pRY5=$7X%LN^)oLNT@^1X`^IV#16IstfdukE*oy#5 zn{^Mfl#U7<6cDE1tEmL6lwDdoda_O;*QBDFPJ)`{&jK-qcnHx9=Jn*mgmEv=LPJq>8`c)WLZJ-{f~+ z94N~<_{`Jes+8#-*enMvNDWH&{N43OJDv0w58;Ql)~dHZ#Zl_fC^ipjk`ujC6j zy(Cm9lzZX-MVoyN)|IgA-BefNABL?sy)K=sZ6`#LUMDa&EWkVX^hLwdx5h53N+wwN z1YglSUjS1BOT;-eo&K}X3OL|l-o6I)uD<2v@W4YyYVaI%)eh#3qYXG&f##$J5z_wU z6(9kG@j2|`Gtgu%nJ!+hoTMm_aWlh24Hg2KW;^VBq>4UXn7qYz z(0-yup#k#q`?)5H3C(o*ZATZps|$X30kqp?1zZ-p zx)g|f{s5(e1J2Tr)9;%}X1vK-l~kPLrf^_)rw?GD!eJbQ{q|7-Tsdz$tua8KKIZ9| z4=tBamccE}GK3x(>^5oEW!F%FlY)uXu5WW0e}y(=at?w}uF-Z1hJ>K71b*;-&^j)&P5EHG9yb%z~VG&(t&>m?KO z3?NIXVtIHgFd-dHvzj%VMtMLm&_bnDtBCy-xccbl$?YM6BdA8t zB9VmUQvZ1%Tm$PA=$>?O3%vL)z^w{9Ee1$RJ{p&RT^(0c89;`QP4$bq%;~v+`1qk$ z+srQF^ZW6c?7=nDTGRBU*H0T!oey!K_^UA^i!BgO*0|~89?LsY?L7HA?4UUX zAbKmiP7Z8ygy)RdANvd|NviD>T}AV?gDrTM45&wM0T7M48#p9_L1QuI#UyaWuQVT3 zAYrLdu#eCd;RY-NiZ|k90(-;Wl$d%v9Ia2L1%*XaN*K+TmR~QSApGJmiuq;5Z+Ty^ zY1r&zv1ZdCrXmvf4{m=Y4(!nYdpvK6ToT84LSDlt77ZV0dQ<-e&geM+m2z+$0RkoT z{VcN(yapw0>cM3Svjb7*zi08a9@rZYdC-_UUcnxW#QLo^Qhj%32Rj#;F;z|)iHchP z4hY->rJ_I!hWD7FqaS4Z> zj?jSg;3Eog8v#nI4NyPPnOE&#^Du}JLWp=cNCj2|$xnM);j zDfjj5>zUH!zKevhm4zI#g?j^m%q<)rp%tkFN|Ug()KZ}@qWFAA=GPcg9rr;h!iS$V zl5By>#GZHLEw`MjDhVzlgSCx<+CTVB94EXG*i)l_L@Q>N)*f?KK~eW zGz{*6k_NhP=K)xi1=7`*n#;i6P|so>#-tfN*8E=o_;1-W185SNPh+_FbL{xE`!X~K zwk3gYg2!#A;vS_qeQj^_Wg15Da`;q7Ibj|f`y#l4O|S&NU~q1OYwQ7K!Db~URtmd? zQ!qSWQL??)lCOIeP`Kf-8iY<(ut9tIQM?OpZE*R=LCxC`seHmOUrUYAudmyL6;ZIIQ zKqZ8cIoIfkof#l!21_i&YkG@10{%M&vn>3`s{8RbWQ?(BqTJ( z7nVQb!Bm#L(+~&1jewS8nKM7Fn}9YC0(+FnWPZoU2Rg*xPfPe9(JnAvEZ~q>=pwMY zd`>;4SoeIEMciUO17$@~ejM@l4)+F_coxB1pjH7BBfLw$iNP;s2%h2q%1Q_xD!1zT zMHoiSTZ-M?$y($mxDF;)-8HhaU?cg9@Z?X7Fa&5%5HuaM3SO`sRa`eAr7|9NeZW@! zf*Pom4@Do^C^M*Hx7sTFIz_-BLSR`&_)ETIA7efy$pHz-p5D%(1ZGhsSMp4I~Jx0WRXR!q~#f9L+{$cFuhps9bG9~%q z#E5oM`iod6Bq|O0UNLhTO8-<-OB5p4eI(i6=n;91N_(e;S$Wx?DL?CdOxtj zI%x~9AzZ3zr3;KVxZ&M_u?&O)AvJE#2&IeU&JT`5R)-aQ#jMRg*w^-LzKno4L)Ok@ z)oLgP;>fJ^e?%(|92@?r4}m@o#xYsNB)xH_%)kw^;?@TrN_ff|H@8*ol90nBn~UDa zJ^UWq5#jw1mn zn`(u=-{PeA-UJZ4L2YD&ED(ZXRBUNp{bfY0S{7C8;v#ehh4eU9=0WDSb0VbiFayc0 z)DZp2k!UXQB%79V8iQ)cm60?Le&b}~*6N#*18O*Z9w;+Ne}pM0(;U__T4A=wF^Byo z6+rXL;D-wmq4(qx?C$$qdWtD+1cd>wys1hh04yrxX?WcTUVpIWU5y*qPp)({5d1Oi zfu>%ERt4D2omcJPSJlwN_PFu4g%;DXXw%L^h&t-g!b6O`JZGPHW~mR~_%YVuyo>Nr zYSr_r5iDpH$bVmxI($@)IHG5?#2|D~QGL4t7O*g+$9aItkfBEqzT)3?JZM<$^@03= zjmNWG#J-prNs|0C(Twj4!b=r57O zBba0|Ci7-Y4km-)>qqpQ(>vSkfH72+RMHJV%oZH1v~4^7ks3aL!>>Ti@H-zJyO+Ar67p zEmwp>D(554xq)!@v|>@>R_Wcze!}y(!)^8ZE+O7$pFcGqfT9LYUEI^*Q#Wqm3g3^2 zCC@v&emvx3&*7q{w9VH~g8wmi$5L0K4Bp!OghGGg#e%Jhap8D{y*ZXl*JQ_`8CxM0 z(4)PPIOyL=Kn1nll{~pLV9@0nscv~m0QLcTnG1^3NT+n(Al=D+41AqW(fNIfPs(xC zz~}#&c(*vI{27zU$4>mSg8}{cM&PF3rJq8B4iNv|7x8Oe z4KI{q)K60RJ+J=Qd^}_X7SN$Yx_pixoBzQ!41afz-eQffY-mK?wti5A!*BgOS#K@Y zXnMa2&*#!w`z4$DZM)1mDz!ZF;Gqbn$3EUW%ICet;SXXs%m=VW0I$v;_|oAOe6pqF zTU3&(0?3tzR<*|vzerFU_=GPMdlVmDClx1I~nl0Q4;!^B3C~V z?%_eQE4{?uLUp`SEm85Ko;md?s_n&wU*9wJ8xt|{FlGNWHXUgMMkCw-{wy_(*>@YfU^OgPd4!=3;Zv2 z-m?PR=iP$dXWVe6a9;0wM@#vkG!+)x^@9ur-kU`aG60IyJ5b+&`#8JDM`qrqW#F#~ z2tIH$+AYai-l1VVw4y3PbzAAtwQ!HQ?ym-55wMWc3$tX0il zckosob5=1*_YA*;#je=JO?u=#qx45>ZplQFHf_tpHl%wo8O3V03{R4 zaIyie1;6ljPMsi}#QZho&^Y)#qS-gkCx$!Z*zX|GBX1@i#Kj9@zm$(eGV|)dGn^ET z?W1;$c|PQ@l6Dq2oyQz|cF~(syt8=JWOLbz5H^)H7TH{9;wpcu?c(ek~}B zMUHqY>PV5Rz@7&v4!DQa?7R(3(G_TQZQnaqz|8_RkJEAGRH|NoECar&xC(*`lq+UX zB*0il_1sYFiYtkQ{0OO%gpdAmI?h2z8EH$`bWjmOA>xC;5#2sI;$D%UhQk9)yj1$~ znLjFMQr(fC((YxJ{Z;Olegwf`c|%$h$vw>0OsmU}$6%o{F((vLY$e7+y2!$q*~N^u ze_|2zDU%8j3I~_+yck)wx+j1PYtATO3s!aTOD;s@|xQ(2`N0(8tF-Hda9&c64TC`-o7cAsJh1dOKwASkw>H=G*r8If@Nd&wL>#qY#d z8k&B@NjF@01~>WM6d7u9EsY(Jo^nxhA_y*`D zRQR2f-`AHtjr=adj_~_RKOWNd3by-8vG$8>?7P}2?StpSBV`Sx%!Fh=dFUM{&wn`M zluRg)+IN(T_H6s%?2Y=6;{C6-xeBH~{NF!I6maioc$6&-_L~bB_#H5IF0L&gWMbZ4ZE=8gB)U>)!~j4_w^!gbw6qSD&##K z3ee@L&^d~P-xIoGks>saZQhrKCRum6%+Hza12N7vJoI<;Tm!22eOdz}F!z;z{%PU? z*9d-xlWPw9nwjRfFUP>#Z=>w{j0eM>LJ!S`rUGd$cmPs~#~6!I{?bb^ywf)i1hKds z6n^}9{sKkr&1oFlDECW<@sJM=~5iO7a?g| z!asKN{Y`TJ1VC_=Eydih8G-Bh););qa+RRFFEku7=~qH}6BY2z4`&udK9N)ai{s_d zT=kZSmLEVSBI)cF^2xA+q z2G~-waylqP?m9eev<&>4F`rnLm2IsVq&8{6qU7O^xN%W$r7(&^%Pj0#fs-oU=lMN< zQm@og$UnS%F={AG-)q}f5|PXS?$T3Q?#uI_^t^*oGW#iPbtz|kiir{)hXKT6F(p6? zD7WX&v#=qvgfR#=8025->&|MSX;Q{#_k{*o&*HY+^Q&PU~f^W#8cC+RAd+W*Aeg=%r zy2ed=!LsKq;%Dc1U+}VQfn<)$>OmHLLEB~rmOoYjJ2;V(c2+yQ6L4{4;Xo35(hNoA zUgW5lHU3E}!RG3IhClYzSe}l8Lt`3+Ww_JGXPaed@ZdC4BCsueY=FV;U!Z@Pt&e+h zU#Em(S!XC(34H3h6q0t~@6oPu<+AX5yubJrcf!b8a9y8mz!GZAswScmQFfonDZ#lyLSQ?z{s}=686h-?){LujMO>@=8Or z!ii}&>n(;C{PL-A=HR&y+}vaEKFKvodKrVi@&&KAiqysSvHnKPp-xglMS)IX&Ei8K z(eoct)BN2cjVZ#;{4QnGMt41WlNq9{ycRz%qOPsJJjej>Xi-4uS?-1^0^Ih(;7HYs zVVkd}fdSaC6v}HH0}y{5J>e5zjp}shVDjf1nIjC=Et>B2WODpjr=*wZUhUp3<$D+^YoLhc4+i+ibpP#DuT=XiS|f>Yk=@6dprA^kpf=?A6)9E)Y9G zzETPA>wTw+NKq{*^y6ogDK%U&N$ObNcR}0>&UD1ajbZoFD+rF}ph5eCN-38>kK(w$ z*-pN=SEeRmkn(5)cY|{*8@6M2FaQAsK+nK01zETiXNR1*w|xIn>IG{z4w=2d3XOYC z)`2TwEs+HvDq~1HG)gA~KLzyQm_ec5hNaGQvFu(s&ghA!VxIwd_&!t1eaqh{zZYAd zeTn;0&P5?H00$PR8dOw4Qeh5F-4$SFwcAjnAfB0`bNG(N`W`50Qg+TmwRn|IV{sXg&0CBg_la0y~NM?Wy&n^q53ggP~fg=cGo|~ z^B8Yj=)FV=Ve*LfgpKt(V=I3{z26tr(p+@rKUZ1B{_D!7W-lU6a4~oXgB%%UR01?k z2MTSK2ZgVOduJg}coxr#qLS?=dfy}XkwK}I=#rFu3Qar#x=#9_lWRaJ^9eJJC*p=q zC?w*ear+q|@&4Ug;~#yGcsB4rp9SU}pMM(2j_6l7X#K0YH1p}#3+z^; z+50p|0?g&mAHNAZ?#gJwL7*Ml^IQVG-%X&zCukJV{n}@w=0geO@=SPz;nN>$GgRyO zB_Fqtv4n>=XGLle=i^+<06S}V*?KPNQs^L>VZXmUJ0AQ|G&#X)nTaJA8?7Hkr!VVC zEA&NVP{zfmY<3w(;I{hZ9^4@Sj2(`8e?P?!l{McExB;+aat{%RD0d&Q1Hp;{sn;__$8HH*T(WVur#Dht*xc$06SxAJ>c9pR(B$o+N0s{uFd%39vlokn3M!s=Z`3_yfy7U+Oj ztDIaz0%DS~9;U~=m(5IL*V=FGGSG?zWXBbU5dj=w!4oz84&41qFJ$^Sz55RhDw_4*3+qG-I3;XERBkU~`Q8AB~4a_)v(gENG+&k#D&-*^}d=KDa8?sA!=zt;+n!X0ugX+LPk4pAV z!0fVLK(na#odV|d1o{;^q!Mmb{cWWuZ)dTd2Z2I%si-> zhWg<%S!n*n;&fFlZbHPW7U_GjtU1-F`g3s^dc2}z^Xu8x;Lt!u$NkmQKTNKxDU&nz z^n+Rj(9I}2vyo$?1?2O1gF2)i&m^;6?`}r`Dnr25$|vj{Ck%V#t&@( zQKmzlWALOujlhkB56|6k{md@bDVq1Xs_6Ayo?+Svq9Lc2L<>;EHB-u;AUP>^07%Xt z4$eIa8GS7cW0a1KK5|d&4?bJ32~}AJtJB@tKmtt8tjA_a zXLOi44&^tO&Ju1o?+`Q`_7qoAlOI;5I0)Lh6(BroJ|lM{8!~%4XpMvIvn4%a@Sx@ZRlA@873 zsAiZzRrHT05*r|OTwGUS-HQ*S;=%Pv0?LvNh=mXOx8iu@uR%EgyPPOPb*)*tE}k6; zaGsAVxbgAH_^)6o8r5mA239a1Bz`sLd}ebGKyR+@FX3_D!vxZ131nw}R#nyjS%b&y zX;Y-nvTqGAkP{S?WtNIe?v!{5n8Gge(UGV1k==rF;xN-6Nj#+8%SK=;rAjuwKkvyQ zVN3n^NEJs2l5x4!p>m#*`Pf3rgPNM3`T{K{6p{)u1$Eh#(s$6PXOB^S|Du6{s-7A* z78Fa_nV>xK)!a!sD6Bzoaz)TC9PbF>)~is{`x6v00FnxMVLV|4+tTfi>mzC(owQdi zNDX&H?WC_>ATyAlTQ{4q1DX;ogf6F_f75!>{Y3!XRN6q!-+tqyB(~gZ`}*FSDzqaE zX0NO%6edVN`vTwH8QeTVTNE)CG+2cn+Y-26SF@Iss{Sy69}GKgX&aB@@+6*%z@p((>cp1O zDBSq)4?p8Qr6fy1QL30`MUeA4X-ejTxu|CJJ*PDc( z!IP+_gR&yZ%hi7GcdrAg8u0(j?^{_jeHxhEH@cP=bJh2ORB{4Ki_lH7$GW&L4(?-q z@8RPy_W=E5SC<~K$cq|bxqBkq_{K`{?|&!Xq;;CcqsJboTbLUn0uc_L`81Drn62 zJF>iqg^FlynTEXpbKUB2!i0GVDMn_OSr#Vz3j7MIB`8=rr5QB~Zo|UXcM)S9K_)>s zYC7R&U*&{(?c#wZv0TR!YIE5Q6+X+eugoN%ezoa5QZ>gb3wv<27i z9nJ94LfO2+x3>tYlI@+demm=VK^#6Mnt7lgi42cf6iN6%5(np<8r9DT!1~{?)R*G@zF6T) zc{uaM2Xo8g+`-ti`l;%x7fJR&hLvBfyS6mJ>1_L{yFxNNa-a|M3x5<>KZ%;xm>`0hqHUoz{P3un~6G9L-6QU$%YrCd92=3p!ehs$|ufr zNB}<3KlOV)_+a+)?KUkjT7le~~hQ-GWg?u-11Y%o{GkMA=D_I#T6z|-HK@C}l{ z0HpmWKt`m~d4PxKMWcEYv;rM$%6ma(w*xTkAhI$ait`aDQ+$f}49bnn$JnuMJ-g^$ zXngS#1#`L>@ytWHqDGL;ecp>Yoi$%J+s!8_2%XF3R@kOITJw$-s^)TI{DmssQL17)ZP~X zFkC$}Fp)sI$8Nozm8ys*P+IP^lL8s=ZSx#dDqOttS%bhHcj=_}uLnSpPDVxqQESdt zS4zJhLb)9+h33~2cmOlNPqMt2<`+`F*VFk?XP-I zGoAUd5I)uz39P+86vc6DQYOM*b! zln@6ca{O|2>;+2Hrv9ME)S~STV5<+0I8+z8%gTXs?1x=*n zR3Z1URSqaKD)bNdo($Y2a*5bIyk|#iqKK+p;#l;sSy8SJ((mWDPIeC_`7*Ua()*_} z1suD>tKoGCut^nwWj(Az#kPDhl=n_G@3MMaw6MOqv*FD*R7E7f^iMOp8|wmcKJW#T zdr*KhieQ6>M*gQA3oF|*^!K*JvP6wGMCFy}B(rF$FzrSm)j{#Dr-I6~}f-M{A z*INV72!SK{y3=J4xBgxy_$nHPk_Y};zUff3=!;(itRUTM8vFn zJ}SU~L_e1uw5T+SGVF~9(JtV$%}eK@lo}5<2ss+XRH|oeA!CbThZw-x=0U~X3z;(P zE}jbSXcJ>9<)=GhaR!j0oPkCVUEX!P+w3n~PM}YKlw#}rF22)=Fsiwn6k{EETahS6 zf6Y|DR(2^pl#tH+`XmhiZBUjJV~IH6C{W484-L4+cUCn>CT*ZT*akdnnv@|%dw>^M zEO4fR)`623O}~IL6$hpj3S&<{Vk#lE(a8EaJ%SA{8B667X!9aJcT!^wn_f}Wy%q91 zgR+-I?zHOJCl%g9413G&9p{6r=-iqKg9Cf0n_7@}7@o_r1|g}^F|O^S5U3f;q33dM zP%m!+fMO=77sn1;Rfh6c>bRQ%Kj z#j-wQH-Zo&RUyxyh@wXGUWssw`f~5Z{fo;h7ZD%PSU4{uZCsj;?0gmJ^t^4dz(%LS z`h0bM24&d}~>CK%E#m`1*^JHCSR1A2me7(uu6)HKdx*eY=f13DWL zaI*p59$086PLA~_6mCB$7x^IEQGB{Mu>4x88?uB&K#BpnP&E7S1LWzyn4o zpj30d`s1{Kvb*_{r~2i1FBXGLEg&pk`}0<{{+%L3~9Q_%*Ah;d*yL7;v){c2?QI4NsAIM|D)nhE7zr#e>-ltTQixdIo#tf!9-*J9J=T|9yvv3I-qGyRDugBpR`201UP9N8uJE6=wsxU|MuZ@|qTl`ud|JhD z1l0e^dyhC2KNJjK;5U-zj^*k=Hzmc-ip=jw`y8eD^3i*)3?E(i8f7Y8naj19F0rm7 z7)3IR>iU|4wk@lD>ySv74YWc|@mqKh1n&XfiIy{|MU{cBTgK}cfYneaW`2_pu|%cy zMriA2o4kENG`gVcJUO~ZoN2H5MxP~sR&rsDws0#>@s_%_+MSvkWw}=)zZH%(2#{~! z@0FmEYW{t;C9E?8!R$BF={*#8m8|Rcfe|1 zAM8hMl&%=#Pt6bw&n>AQ-iQ9e9trIVzio3Yx-$d1t2zUiim3%OUW~aTkNbq9lA`1T zFfQ_`DH>jZoH%@vVYe*jSfSdLSBJl1$`977-^6kY0!qN3TzpX$;k&kd?ckb;%K}T@EdVYy#?TPM#|={ z&Ra4;n9J2~l}R4i=M@|V>qd%ULXh4!J>uI@8B_p=0zSm_(kZvEBUXR$J%;#BEP&Ym z>M)(?!JW_UfX)g_(TasoaQYMTOAZM&8;i5CM?j>1^9WS7*&d{^!Tah2CGI=@1x4AG zOSsq?5=1-QbAGT{VlwyG^hX}t^aEPBX|w?7UPyb-sPh5;$vj!|;BwL|n-H29;gsD|jD+oxYfLFYm&r3IwR&+zYjrsY9%7pbs6w zhQj!*Z}8#kzkL)xlA+N}0ybM)%WL>YldSB6wlQg`Fag zh;ve|*#LN1InwwhGoqnhFi z0zMWWJoA%==5Vh`zX<#v z2r?e>3<@a<__Oh_@8>u7l&hz3;p-ue7;+-$tT7Dl@hUi_P65iuC2EIDI;iD;l|8S z5;De363?(_4s(rlv zkwO=<`iWJ{cwc&%k17Ot@yztcxARg@&|iDArphFrr#%b{Mm@8Rc@4@5>-rgVn4fzCy#OgP{vf2nbYqMjT4GbuW zthg@YPeTCp{&nVTSG!*gKU@cASVyj(n8O5gW^8+rm3IBb?qDsFWtalIA08e)CJ6YhHy@;lP zGA=wgbqEDbufT|$2pkIhB!zJd6}ORiW}m`J1?80eYyGHV4Fvf;zO-Wv)@tG381;ZfXg;qZi&|Y^Fl(Ro~f-V#!pG^ zAMontP~$nhvQ?d4bQ`g56UwVLqA#Uj&kSH3_SX$ms9P}GJc6LQG-D4blh3R7iQhT< z)M^c{Tl`VlG;n^i2lQAi%2(X!H7wdp`P)3fM#B5qjkGnXfLh@JaF+<&MQrHuf8T~j zI0>-EWU#Q!s^H$v1q^8lF{!@70x76Yy%#a9)W5;E2Z2n>l@7O7vhAgVNIVXsS@PIk zj|{WieJeq_cP{HO4xZGXtc(*kd-71tf$}a0U47CO=d+_Mh*R7Ur5_~Nn*bEFb1_8W z0DI1eXQCwj&^pk93th2ze}!DcI_JK}L5jvEh#8WJW!1Xxrc;KTZ`ta^*3QXUAuQm)~QfYr=qUz_{}GJn6*%;;a#7yr{C;Zu| zZdqBWp^)I+{t&N?)`-DaZ%z>SB25;ZF)0{`Z==abB3+1)_;`2_Bup%I?5E(QLlAca zmnB+(W6Ct+-O3?w$@~!_58`ES;v$NE0FH9>;E;B*+~*X4M6G#Q(1EzX0N5kK$py;g zL(DyjdM>sE{?1@}sR58E1c|`ce!c}@%fj_3cs4=jPA$JH1r*>joy|~uj#yjJ8`2N= z#4Wq$Y0V(jv`%aE)gU=s^%0(s7WCQGXmq{TSpk^Q1eUvPLz!<91vF1H#tF`QK=^td z%7aZV>V(Os~%Xp1Cj<$V(t|(!Ja@BEQlQFi)#)XiEd(n8!;q z*XpfEI?jWG^60*Y`6`?C1F9ZE@q!)nDlz9v3q1kk1pln_(4Es~2z|su@+Y8zB=xr@ z%{76&Dz8opS8G^yXm>jn;XuQk=PPfyWq?Am$~zknHZ<@h;X2htRuG^g4dSbbbZM2D z;O+{DjE2P;xipEF3!L!yS&*Bkd!Q;b3eC@dRMrIT8mL>NYY0ZEGasdL0sd$pAa1@f zV>Uo0KV=4#{kuuF1@_i(Uhr|~!|k=#lUU*R63G5mz=2+^>-BOO%K&tAD$q8*+>HU_ zo8GmIh9aVj!@5oyhwE3*(a@r*eCWKR8(*l$5M9Y&gzI>HOkV0>cNYl>q;LzMi4EA3|hrXQvP3Ylz@UpOMXe<;nI={5fF_^RCBlCI0Kpuv?)`b*Z>c}Hy1fB5mlEql zA9w|}4aY@jw+_66UeF+cubIBE=rQrt_N;2yV1Zx-OUb}CxXL93H|ijSN>|0ee#M%SD*t1Rt2Zq;H(4ET3!aE??eBU?-S%h(v)}S0cd*3 zF}ptyT{ypuqz)j}3Q|e7G_=zqmIUSb~gLpdYXa#$!1PTx}a>2xT61K;St^!bm_h2*T0Lt{W zqAi>oIQ{c15fSl)RY!xIc^rg`481d%|{fP(Uc)Bw%} z3Y`qx+C5l{U$-4+4^QxrK0w8aFCE;?0nJ0Pq4T%nOW%+a*Nbn9Nor1m4fc~u54FunBV77Nvw|;O)Xk6YlKP&VLg4@TH3d41fmA!I}Pt+~t6yUsBgt&e_;RKsP0z zQZv@oRMb1L$Kj3NbZn0VjO19M3>Tm?hKvD4bDuYI4faLA3aZ@;_L0{oZn_n-uARTP z*4ggphz1FSex~f)iGMO>_bBz-l_rwTq?qgj6fDj9VnD7HfoO>>{Hncl(5T{?l4X7h zYWgjy83Nl0_YlsQDBlI_+WpYHGNDc~?MDqGj4}>G0HUl1?=h`NX zDF9aZT^AlAu+Tdb$qUO_l6EVNXDv?O!8fo3g1L#sKboE2ujCsiUI5v^&x7FFQg1DK z*i+&^i;6x~xdO>s#7r|>k*x{yqitR!c6_}C8C=Jv6VBImdUBab@LE*Z^aV=4obxbxH`LHD+`*6W zMl^^FxU#YKt>wW3efZr{&d;X6?$Ezo4a+&4nYU#yCK-GLR7Aq>FE|{a1Q$hu#`4U}%@^#ByzE69X8SZi^rsk0QJ`RBQ)-tY$k7GCN;CIC~r^ro?Zafas&AG#pJd! zLe(^0u9|KTj=3vt^P>YA35GHX`LZ9Y+QDObzV>~zO|-ql75!TNWVpP^FeeN2)5xgM z+-FB|V+w`3}d|Fo*EO@(srRK>kWW@3>*uluJAYakMts zFmS^aQq%0-|}y_yj{K>(IwSpcFAM+?GJGr)D1#61ng@e=|X?=F1>{XIoJ zSyFrEe)|<9rhxh|Z?pJMk4QD?pm}w{Ba$W8^D_YG-rYG;WSIg*L5TcP3-V;R9NfWR z)(#iSj#Xp~=woQ`Usry&bpKX!{Me19Jl$3SLFIvj=Bo#Pzp;M+znv@gY9$yIn`S3A!ACS77y@8FG@^(!DJXs>3C4!b7 z*yuHJ;6qcEk8&;S-b?(eO6dXmkbR>_cU|#`6tGCL>Kni5UWC&Gn1`bHha(nO&X43GMHFbVqQUx{c>(M>NRi+_kS=e$f&#P(=*T)A|155IM3Ln9b zMKRadP*5&m@bjVoL$@4v+1i}sntH$D+;;Cp0)EUi7#26vqr9iZc5L(%xE}DzVn)iu znwjfPXNr3&fba+H0u5UToli!g7ml^~uhsv|+rH402nWmjTMNE3_gGNBYX^YVf;SQz z;Op=TMk_|fF|R4VOgwR}tkUWyTA~(W;LR}b?^uin_^dz5tf<-3{LZF0gZ304BOe8V zPcu~+yniohK&|zmXt#+t@rFP5vwo&^$^)ep@=oclsAPhF4VpBz0E<3w@{5x2VCh!f z*QvC{uNct+hj`3`qB4Nwq)zj@rD0AE>tD%hTKc4^Ujs-Qa(fImA{9}5TX$z#tUt?x zMZ)ZuK}0;kpXyvBEyg37Yy`w3443DOx)e)2|E%W0D{WjO2{d?amk~8?WbXjRKWQj*K1~{wL*P#` z7^u&7q+pvC3G?)RPsKa>A@Wyq_&k#i1>7p)7uZ|88970%+F zv>vn`fHAPhlMAKzQxSt3QBN44kT|_i^~*qWn*~+=^%p&hhb5+ip1Dsbi)C3By+t#} zjR%AIE0jWt5`z?;*DtLAMY|U%8HoT3A@7(Q`XSkE_J0_VC4Z#ErU~py_)7=WEkOcb z8d>)42aT)#M|~+FpeyHtet9d*X-N~okr%EQv~0+(OTnwb{wNpoG*Dvn12MP5U!%#! z#lp5`pKNI)8yqYr*GHJd_Yhdim?TnDP|~+tqHc(*pJN=4w-(5n+rdcUSDPf~Yv|y* z!2FaNv#h?v`Ir`S_}qos*V@1u#CN68H`ezw!MSZM0x;`fOQ`nWo&82AK7(12L!$a2 z(!ULYEaUDRE zB*kmle8&#H_;%+Mbo-ZYpDEfe2=K3LXRmXm0WD2yUeMKK0YI4$eeNgAQ>8(Swx7%Q zv`}N}86{rD)B5X9xqSA+ltLWRm^$F78JY~o`Stom1e(;Bisy%0P$HrXf`SDK1A@Hy z5B)|c(Rx7Y>@&vnLnidnU+@TQ6iAq^1z2sU;en>?>yow4T1k=tILx(%X@LffW|X9%dY{w$`LU3KkPM1{LjmZg#je>6Nq%Mr~nw| z-m-XB4^P7CH?n<5E2&qlLlkTO8oOIKPR~T3z<3f> zVj2FXDpk|0;GwAg6!z@ovB3?3F;<83KOeohHf&18loQRyRix)Okm5oDu>xc+JT2GE z34LA4nqsKnQ*n~G3_Ab{0yfx>1-cu~fM$l&e|ZBCuC#1?Ve7bh_VUUhRfjqt7@2-G zNv;?`j&JRrfw}6&&A3iJ`tWyXTg*SCwqX#EUT!!DhkM(s!C^m?P|DlwV(s3Bg%%Vl ztoT*bAcbbPpb=1QG8<&E$1_U195lEVL=wDB=gk`_C2`%oPvC?v|J*L<9>uZ4#DR04NLwL-@B+J!?Y%JjsvhK~&|b75$Jrc4 zQ_8)eJoY}fXi-Dc;3g?8cB!nEZ!}xn3iiVtTRFUk3Ke4WAT$)`M4(XnplXAuf4iU+ ziU$?~E{a)0=!}AOW3H9T2Yrd=3Ge{;G8hbopH&~8NXDZwdEOd~pwLjtnE447nC9>&;PpI$-rwg8$~AskaJm0w z`@*GpP-Q&sMSbd`YQ;cg_NAv0_PXIUs+71EDImWit881Hkg&a1t};GR#su>JujD#I z-8lLF{xjHxU5Q~ETR3xrC;?J3;lbn)4h`DH7W#qZzeBs#i9C>2bzw5{Jf!AI;{I(T zen8!B3kL&C!T}`i=Rj+7O76px9{70V zWDkNp_y`%N$bsVSDEC1Ey=M3z>0hP41OJWMIWMCSv{#+6J-m zR8!~tOV>FnS_WuxCO-FghM1fdgpv+&>)aUC!1qv_np=@ep|};?n)}? zL3vQ98^Kn?P4;(^#xMQF5Gu&>muV4F2q15a0lZK_^tzwWU5u}7DXp5!5x;$`m@*?oA0s)!ItcAztG#|bIDRc8fVUN@G!g_yGe*8Tog*-7l*LTmas4Q3aOk-T^fIQ1`dKWeRArvG3a3rg0J;mrJ=wR z7YLn&mvQbpVCttD}yo4-d0QpDBKhqJw(O6}cjnud- z?$`k;K$7t>K_DKEr{&;b?;|GO=kezUiW;%~A&9U4Ok(#Fx|?_kCX^JXQIE8_^`*Bi zo&kQOXJzPLV9v+3tp1Srp->-a=UZgd>c6$2P*c}3L?O%h{4Jq65-C($GwV#4@tvOY zeV1kEKaCSt9bZoNLONWU-Q`7g5<# z1T?&X$25XcZwzwTcOnKq)s4P(a|Zky&XXIS4$e5!8~cG>T8zAvPGtc>dQrKNz1)k4Qb5zldY*bI9M2UQah;j;9pXvgp1s=aE?%ZN!V z;LYcw_4zrEN_TNALAIG}8LKbgkNfTbn=hHmOO%Dk$UI41Y5sJ6yqfV%m)+bc53SyL z6ioB%b6;2`f#8a_^=y6(n>|vHo|0sKATEzuQn!n-VS1S3zNaTh^>XRxOGKZ&ZyPQ6 zUF&i|0GOqZ2Tn(Qg>f=jP2;}D#OK@HAq9$AM7WCr`3;Uld%|VRTR?6wo!z)2$dTFw z!2#D@^$D_R@yPM9+1G6TF;x6kn0?*;cBl?ky;L zb8F^}Ub`X_{5T{NlB^~mO0BLTdl>JEr}T5TRjd7yN5jpX?xLo*?ip+wiv2-pKZ! zaO@^tgFi~XAwcC2&!bM0e+Mb3buRI+4MO6 zP`>O(IP*gi2oY9zJ;;Il<^FiQdBtouS$o;L$5W{_!KebydA8q5rjg<&`!dwbAK;rtemu;yqF zS%O@{@L$>yB+?p(3S5k*{Q`qnCS=O_IDdp83LRlU(9iKIiJ7cR&(;9@uWG(z2vqSx z2=(Ao+J0V8trL#*?{zN94bJEEXklt##uj_8IcfYY$?eW)bQp~EUvv2>$s~o6Q0CT~ z7*4cNU48~09oM_pw~Zrl=u35=VuYD%w;A_eUZF970{PnzziD_-N9k@&`eN5)asg%I zvGm3MSxy&EdXd8#I#g9uA&20j{rwiyQ{1@h>+x6luOIF*K1~{+(Afbl3pW@y(@1XU zZ);*f=`*?xpZ5OF)+S8jV~ILT&fj-r4cWJA@<2L+v(T1vi0UJ*JF$KbAaKHM+^ZE( z`<8l=5OL$-et#FH!09I+9vQfGr`10U22K2UjI9I$XVhESMB5_1t7I2e)TYz~5z0@! z;ZPSu{gHl)(H%a|7Zd$LIc?tK(Ud5So|=Qvi{6*>m`0;l9b#T7x#!33Mx8Dk~@VJov zw@+W=#R4|&1M2T2B8m+Ya8#{St~{oR22~9hm6z8_Q3w+^-yF=nCXH#tH#PJ3J6ix8 zWaq8XTm2N6VD-X)o7)8swcNw=FYUb`o9j=n&-PvAG>*W`?H=CYeL%t}4YxPRe6aKg z&2ZV+G+TTwz9aH=zaV#FJ>=7)Jt$k55)pso$Ar#=9@`-Ld+4%J|EUs4H-zBo~8J zM6mq+rX)F?s)0nlJpRR+uTrnA_28Ueht3!rGTn~>-PS*?A@)T*Z7q{;fmS0dT46>f zfnzY`v@?zAmg%wQYD$7dLY*e#scVbu_Q&8$To4{E1#5i%wI6Ears%nBxkfvk}Z+@n{u!C zAa^Y0gv>Zp_z;4kHjbu4);y&Z2i{9O-_4G6AjgM_!&>S*GWG(hVy#;?U3F4kE{~-)TJoU$kH_ zi|d12)~|0aL6rkHsA&z~8?Aq5`bWQEDT>5xUSU|&t_qSfX#yBaqUE3SxKWkvjLsZ% zqJkN+YNt1qdsgiV3QmH+HT#$ySn$R^-~bp+O*g??d7eIEa8DBExTJ`W^at|;P;mXJ zj!18fuG6)Y;{EtvC#ySsNUx_LuP?0jhTW5Fv~-yS_yXo)MrmdG`=+y=>B6;RBq4i% zad-=7`7X4KWBV)v44jIUh2H$vl|vm>IK0r>q9@@5 z^*qFhQ*a!fGbWSgkKpEfEAeeHi@#U>^IpdX|3%FpceR*SkJk^D74z1UuTY9a?B3iv zb)FwDTg*(@0vQO@KEa!nNR8!E@Fbh%vcDF7-(?zWxQD#RF+YB@+H|VmxOvq8zIAgB zkNshO*1fhd?fb0;B5B$>bt3grb_dXD80k3V3b6OX2+j$zoVEI33mp?+BOoK20uFmE zj4tg(IRnWMe%iex9v>io9eji*!_u$VBf?EBC^#gH_3I|Zj69thsa1OE^@;q~*Ed9l z1xxCAkWi$_xP$F2VH)>~$j;gjz`1j9S>nZ=cm(uP+om&TFuQO&B|LW5mK19a`!nK~ z7$?G%Z-lLT_e;n`)4}*etTUU9d7>C^y!i(;;$vzvXLu|NB+g!>B-|_Up}A4YD_3+s z>UiL01z-e^x`YBoK0-TyTihBQ-MgDHBRV#Gn1Cio`{nWSmx=f?CwjZbFx=fSnAG35 zoIWr==fN9$wV{@m%T=S8(>O#7dqZ{Z;!rjsd zIZlXKjNJW%lc*zoC_c)7uQyPtO=@nwh8~*yPs5HzR0Mst`t#$}Ga=}3;>8 zW%!yq9B<)HqY&sL6n6ZqTb7w{YG{bpM)}zd^Tak-vMgfV!x){@`2joJCX79mj(P9=(wViFEcMB6)-_ z;Kj}mog#n_Ar6Y-J|<6siF|1vDH{B2O&I(~El)B7CQtAL?~uL?*tIhEssfnxbQ2W3 z2ZRyuG8KPFGBG3QlL*~^mLK(|8jF0jDCPnuJJh4>W8b~~rPo-5yJEO-J1;x0=3w4X z>>+#Y;vwP|)waS)iMi*A0h#FzDJdNcG~zFX!R{qhh=)vM?NPwol=3)jpKI65w-{3_ zTegc=Te;D{YfUOa?eatVYX<3FHD#qt}u3g#8 z1?>rIjs5-{&qiRLIW{#O#lBVk46h*?j*w^JW* zw%+2yW?mAFjPLhm?%s#FvW|F2X}%KW-pg4@Ppx?oMpHzPHEc(Vov=z#V^p zqI%!Us*hUA&Bo^~&BW&qcWa(nQBn_=drzbYB3-t3J>4n)-aU}nbTr7hbNn`}!|RZC zQtnMrNg#E=V4bIrEAfIk%o^e}l(~mrRUQeYQ~q_&z%+D% z<+CELYNT7>h`Z0((Kj1!gm!W55RBJoybw~kfTRZ^911lb+0uJEtP67mrF%lW zaIMNT@wf>yM+Tki`rfjTSJPU0-LDfhf7Ck*tEcl!ihy8M=5Vq#uO zINIwUZJ}|C0CK36u84TsAf9Qy{;?pamNHD&Anb$;2J<--FJ$PkL2Np^)>=q!9jC*I zbs3fFZ6Q|oTL}BcWduq2fnn=|^*X{K$g*K+d|T+>*DmM>v^`sCkiB>6saKQfk-)A( zk;I%>^tOM;X^z7tcv9&sAAg_g7p{TR@QYh+L5Jvx7S9}iI24e^Qy2)VBT#&N*sL)z zLpgYQ5k2>*Yg-y?r55CuxJtl#K?qWWXFO+F=m>}Mr{t2&wf-vRASxC;(82a;_huAp*?l-=egT>|K{kHh~qs*Y!VEfO#n9pk%ZPf_pw zEdH2Y)sIzmpvPQ7wE9@q6j%n!`QVcJ#4we4M1Cw7R5a(~ZWi_fG$fS5%%c%PV!N>> zJ`PbWdqT()M*ew`I8Bl5eu@HUbDJ2|QJ zN4&O!h2H=EzDSo*{N4obZoHSbZDy1oKe0Vrx^gthc%EP*EW@jI*lZRq=eRz#Z6wdD zbP2y|6lA6jz{Tf*XMoJ4AHf|IE}`~*Qr0V%5WI@(5%~{{q$CBgyoaLVe^uU)>kq$i z7s!YXZ4>}o1BEim+787Z za@yyiB$f7wk3$#^ce-(9dyk~CPHvOvYU8+fgpYf11wajT0IYvmUk9S-v%VfPV*KHV zu*w#}SrhA?HWctV;adCh+Fl|RFGY~RT&zwxAoYmCsGk;|j^o_risL9e;4R7n`HyX7pph$d%x@XFs8Mrk2276K&FS0}~D0(t|wiRrf@pq0SI(4Y+ zHXT}M{vONv2{P?x%G_tR?R`c03v)1otiRB#ecW3=@y}VWlMN;>@*g@^eS0xuNEc6E z;Ni#55d>$eM3lxwS7DtLx?p=Nj!+^>?MJ$1iW)YNm`YLiQ|=xemct8Jkv4}mwx|}u z|0UvYU$?zs45+L4rGJr)_5IY3qf}_6eZ46M@BqHME(clg!8n)7;Sm2_sK+cSCt#cQ z68}kkWAhD}wP&R(Xaqb=ex)`csfbFeUSlOKgc-AYU8Q(YqV7sAjgM&U+qHJQ>n&pM zFhKDhJZeyTz)-qSGy5eS(D1w4wXr%*@scm+ItKT+b-ckR`vUU<4&ft(C_G2archQB?~ouMPif9R`?~iuF8mbSAhl7wCR6kIa*mpKJ6i70 z8qTR-t~hq(fdx$W1(v*@@4wWQhqQqF4%$Nei@cnieyqT~L_qT|v+@@kdI#?LDjS;x zxHN3w{WnW$<=Xpkj7ps!RzjQbo6Gb5JLJ|>#%Cb>V+mc+;hD9M)nV^nlsXNuZVhyH zgnLX=k4C!Yli&mO9h6BC7&P_NV=Q|5=laL#JP)2N2HAcBj&GvA1g|q?TD9AC$>Voj zZ@+Ae*sfk7F`Uj+MQq~fe7osp55Rd)6Y(v}KNlAT5jdcGLlUE@GjThfEOFnJRi_Uv zJJ&it%up`^NA%_c3T4+#@)^y(|x+_h|nO?Z?F)pH5^jyoN;2KnX< z?5zZy>&qWQff%x85 z(IzfilHgl1CJER0C|~sjw{KnlJoX!A8uqPjK_k4q{Sw}kRae-CE%`MgY3B>x403TY76}rD2sxug^<3;#9 zM&_!h;1^`S`IB$QT<+sc=WfX+vHL1F`ZNB{ATyEQ=543pqGKeO;4JmS76JWK)9h$g1k{5sXa$M--{(X1}; zAJEkR=sIOfet59cWv%nCnO$ldkh2@8>qZ_$uo-E63$2O6%&ve8S@}+e@#9!nBp8ut zzi#I{(1@NjZ0?E=6L~IT*8$&px*}0r_a-gOi@{B zwi1fhig;CF@;D5_Y& zr6P}RtR(1_r7)8oyoH%|r0X-pr38NY?tu1&&T6my!h7&al~1kBLq{dWd1v*EPgvO+ zSw>PXx?Fs^TBGbWX)E`LE7@AK#u8M>Y4c>aeHoW7dP4qK0=!&Xl>^5v?(~_Ho?mVk zBntA=u<>{5`%E6xxB3P6439oAV5&QrR!m)bBMn!D?U!V4mSS>sFu&sLhUn$<`d_Y{ z_{du0@SPpAaNoA~c9bCzz5`f#xMaz&?Z~pUEdo;!R{e3$Fd-xDyYg=YR4n-6kXnv@ zzQ_Gh`}>ej&xnC+6>*&`h>S{Cj5-{w$EOvb?TeCc``O6-Os<9d;7QUbvq(S;WM+g- ztFpxjJXPRs{T{pb9|UCI&b_$QwLge!2%JPoe~(81YRow*a=UsRC57SN|mA-xy`1d=LB#>-=2{Zrj3!HQ=ZngR4m!KdKw+g#J;b2f_ zckDCjPy{FTZK%4TZG)|kJU)E|_uBy%`(>qRoZ9lXzcY!opWIjTwQYEp#tn9zkJdX6 zNx5-7{eirg9* z9slv4z42~O-rkBBJS1$K2Jh4&YRWtts{VWd?#vY~CW{W6vHbbD8C+}FbyL+kYju7a z>=(_fxzE?Iy8v*%*Qn&a9OB#KqXcyDN|^;KJQ2_1C(E%fkomt$f!#ni5sp|NaNnMz?e*wMtOB%KCoHsbPKs1U zYi^V^Eq3SJa-;r6r7XgCUP!a%zaWLeCR=g>)X?l9&rT`axq8cj4zH?7tr*JY}XkO#GNR8A<8@b*6Q$8 zB1gAA`-o4__D6B{$1XQaeDj(-&5@5QC;v*;{K>;rR+-K^>?R#y&!V*z@u^LAOEb}C=?CyKrwqFdIE7_YND@TlyGv2dDHXU(`-_nF=he{l?76%ZWD1zH^H^iw z!NxH_=d42P#_8-eZiyBTZEhcIN6DNGzOr&Cx5gP$fjB({41nEPs38b;1>^1pnoWK( zJW8Av1t;F#o@+_W@O&6BmJH^}3=h`^BP><%5bf0NXIHbOW>sg6Mb%HGMt<(SZ;%h7 zVC|5b$>NY|P1;CP?v~GTzc@!>-=KFfzo-&TKkxeyagD>1p^=aGk@a3TopS}@O1xyW ze_xDxc>0!33aG$v%YFBw31t;|`^hwxRG$vQ8)B{T56La)hZMvE1lkwV{{X&!hMLfI7co!w%1fa>Q5+tg7j`AP|^idTY%1!&6fU&F&>%O0GhRpfO?I z?)6~QF3J7H<)xR?{d-cTfw-$uLa%AodqGZkhK5uHM1?gX4k>{X^BG&PBgyvE2(nvr zsb0`cG$O*|_ZOpnh1r=8SDEmb^J71AuFd?DA?y3hS4;IC2Mk!gh<01}=l)Sq9b(`Q zm~s$9Bo($S&zyXEP;5&lelVe}kH;ia{frSljBwxDHi(8*jfc}ych9JLW&;i5^?nDRTv?jEhB-W@bBlNAM>HQq z`cC_6@ki|pSA8}VDH zEaeb=k(zn~sG2@`1V(69F%R*32J33xX9Bbl&q_>k_4%4HCPSUj!vA%$O$#=H=viS3 znsZ;cmSAs%8-7F3<3$C}$Sw^$F&Q(kG{bF^E@@-+eR$$$-~?8uG`$b1>>ie%e|bJ% z-NO%gA3tj$puxc*h~^zj4o|!zDjya5p-^+agzdXtGJqm>(4H`DAeEDeVI~E2fW&?6 z{duOs#2l$Yi>Dg)Dj-895>?oaW0zy(wQ-b1~S4@HY**JpbE_}s{h z-mLHQGdw24Nl{d_`?C4$kqQ@1C&uUO;(mT%upm_HvEF{!6$4Gy_Ae$*f3vLTW0PilEU7HcYtgHrH`) zr&-tES=6A=`#rlbJeR8mGy5EE>{rO*QE^|(7-7N0!zdAh)IInJIjf=01#a!gWaqD* zCIR1S|K2-;!IC*Y8ymImLHKf&ApW_x68hLiVm%!CV zFz{d9Kef*RDH^zFW4u40o00zFn#WkG-{1C=+0Q?LoXIF~vVDW_{+Q)BC>7NEB7z4B zOuW=JdmICv(yOQxF-g`2-a$y)2WI>M8;sHZT28IaTmL!a!m4i5*o+$A}^ zIwp6_x3!)aCYr;OxG(R7Ilo-suK)6<#|?-U~|T^7kO{xyG*bby`3-guPvW z(Jk1@_)0UjhDSbl=LrBU6?VD8VIDZjMkO;`1gPfo?~4lx!e%+*HPqk_I9u+FWG0Qt zEBsCsRV<&#lRs{9@O<9Lu8W;OEo}^+ySE%AQXM37vu}_7M>oiZ`ePTEpP-ZjG_$fevuw2Yc(=>^JE7D zV=qn3;n@y*?MxZUehs|H!Oe+BLml7r&Ae*fc|YQWm-dFeNxvs$Kv2VcEJZYEaWBu& z*sB2L@ueQbILrKtNeOpj4(a>V2U0Mx`>FdRJ2|veOS-m-mQ4(wOYaW9cF04gKPUJK zf8K6Wk^bmBQYO8;PG}GRMMKX*K(0f09Q%z@{6AW7UxO4p!Uk3cfOB?Q&R(H6{K~Oj z@GS*_Pn|u7^rA$zL*Q&Mf2X1my(C9N-D7EGzJUM+1g*shoG~9*p`rb{ZltrEn=wNW zZUQ2Zhr>~(FGf=U8$u(W>U?<3ASn~Y7br-lEW(^%-vygIh*i~r&QWlkkiR)N3ZQ6D z@Hq`|IXSkp(8U0s181BU5$~9w3>+~YfwX4sAG^)O@h!%_Vw_B8CrZkv$heVD^rsR8 z5RtR9Na@ErF$z)br{bZ1sSW$(f~5i6%teYadzvc~*7#GqI0#5MvyW}~sONAQCfQ5u z7x__O+o4yaIvKQ3ulz~7&feQztat&LVS?`h-R93dTt8kesn7F$enea3ZF^ZvoQmJ+ znl~KRjC^s93` znYkL4bRsX~>&#EWxL43u)L-B42aHCaHzT5Dp{@Stoz6gZW13s*E2i~fj&x!H=pt4} zUcEP@O2MW1?d#T{#s(5rY^hm+^~!v^Fr?4Hk!TxMz|ae|9x@mrNVSE;eJTOHIiufm zJT6GyRX=_7owp9KBsZ~f7>C;1y3V$9J7J&#&_C>Q2;YcJu4;(dO_m40bZv*63Z;D) zw(pxzU?nu!@E{<)Qq;Zs%f6QK*P?Hl)95(ZnM{~Z-?w8tC+X0VU=V!C=m2=`bm_m$ zk$=nyI=*-t$kJf2eff#!O1~}JUUguH;ds2fm`r@V2U>t{#SiMDo!`9wYp9QTe;})2 z|472}>|7o`q|4g6Zwq21l5h7#La-Qul+@%PU%p)K&FXvK!(OP+xg>JAoDmBjm>zLr zuD@ZwhP-^Ht@oM}v*_>T;M)=26XNdku4#pZ#|#^Tpvry6Iysn_o_1MLNCcc34`n zXEN71A&FWxN(cho7?xA>Jbi<0a~$Fh!AR{F*XyvKtv9tpf<@`SsPT-!{fJIhy0`DI z&wbBcM#F5Hyc4@h`%AEfe{!~qQ(7XdPwfh(Qk`@`YLO??#@HyB20}Xbb@m6DFhXQ- zSLp^ma96?CkLkwo^QM5^&kdJ7vEO zHgNQboAd#6?|=j{x^R1JcCS~D@+|-z{PvlGjLQG^=XL(Mr;t*}QC$-2m(s_OT}+g9 zvRAA(v?7{>#&blmeVL5(RosaHeo#EKeaW#ku|C95IlZogw0I(W9dQAYY4%7R^Tmy6 z(z`vNi)+d_^5MQ>f6;`WOU}@LhZ*kIVN&o}HdL$Q^bqK#{Ol!?P-}U-?jKJFs%Bd^c--mw?8G5282EG`M;lGQtVz8$FOGBb}~MbA?>_EU6byBj+{(eE}npOaB++ zLf=~MY6FnduvBK=oxT)GNv`79Ja!c30HAvQQmC-to%I@qN={ z5OeTvD05z49pe1o>QWQzA#>TxIe>vO{<0W z0x@9ZUAn}5ed|T*iwBJyREwe{0plG11gwu?;Mfxmn}dNJWfR=B2#9bZMqONBGp-k< zwx!;K|4oc-k*OcZ84A}{fW9)sc1iB&(`Fy*GAS)%I=h7szt7nhHM9&GSL#@um+hY0(j@FFw9i2P#SmzS^ zD%h}gkllPyVc{nGeZHfvC;f3 z=JItao~|@$vo~YP(+@^8`ZRpSu{r7vqzV>}Q~6g|hyGHjzCPf6zAXHF+^X9LRQ}-Y zm&1ApKoU|eX!z{6K2mujz#`9#a|^8chzem6&Qq^3D`2CZc@D+ZvFR6Qn_s-qXpk0W zgM8wzftlB$b@Ju#P8f3fOU!;1L+?iYA#E7M1H`90xH8%*7;uu7c&woJ7o?%RO9HR- zc=HYF=B+S{&pGFQj;sSpED*8NUW0XMtozK-->Qj}k^Mkd$3fG+G>td(1P z<@7P4?Ec(a2OxQWIG1%rl73PkEf!`aNa5=-ZcpA{AMYD~J@|a!nWu`6H9Z>`xO?lE=A|iJfS4qKO;66*%WZ!NM)2d*&W&oC|f2Qyq(`oY{ zz4K>M*weUrK~f%&yb~&f@C|(T;f?ndYqjhJ2Y0{NYws)Q;ulm&o}O(q)MU3{cxCZ1 zSk5b%JCt&7^|rbN1+Zv;2Di{{F%ou6=cGsIlWoQ5waJFeRozC*Hrq7q8z3>xJ(dNP zy3U1s3mLPa20k2AggY|E4~4#z)tKN{&TGS zI%^}rOY=>q+R&#ORAJPIYFBzM&G+rgYzm=2O$4lv5dy## zWad!7kM5H{i+Dy{3Ya-v94gZk$d;jMBv>!#j0SY+N1HoBnL;s8yT-V?v^)bxQL2r9 zA+b+=M2gP1RM&lFB9xg{vKS!?>QFxxP_3DGPBW0{_cYABE1bX;z~GIyU&P(uA#{jt z*>}m8DM{A{F~21t#(n#B%UG8Rq%V74-;Uy59v#f#q7mx(w6F~vM%yPV83K~hky6~O_KEuV-G~#of z0G|oh=e_wG$O9;o#pK>DkT%Bd*@{lYU2PAo2T-oxC%*z^M|HK}DQIm|!&d9fo4Up= zjD!fAN5vnnf!8%FL7jW@-VSNPLawtvzdP}k`iLaBYCn{%2)vq#Kc0p5z4=cO>ZK=A zwt9p5GZE3~_}BYyxxab)dJ*X6n2y%1NSo)AxV(2DhkQuLgF8rwhrt|oJBMo7KW^`EFxo2nFxI;ugX&vV%#lNw5F}iclvcj%-hhPF-w6ldG7KRTXy{i% zIvz8_R3vIIYWdU<@6C$nolmxuX18UN&KpbA(fecexpf|-nQ}p!?LQ7K`;mR(5Gi7N zi%6n#ybyKyo67gKSUhcfn1TLtzq6n4q6&Szy8?jlRIIM-*`G*I6#^ODz#ojWTY=~m z+34HLAcW!X*TFHP$tiwsMY(T!Cyr3MYdqVH#k-4AgWlg^^2da9*M=NPoGsHT92v^C zbVNln#}ZPPPnw_*_kb;#fm-ON(APRgIGJNoxI9U)3MBjuy z78g(8uBW#u5F|9+a4KA1?Pfc)YarT5Zq4!=bw% z@lc19-;;R&)O2^0ejIiNLX`~X#?>U)s?-Mzz7*0b&c}!3By$=l4_f_IS3*_V#ffAah!;BVoTz2aCN7Au~T%vqfcnP4DMfYF8WC_BcLp%Vm&0 z-{T{HJ80r4+AbI}Hg>tSvs=wc#n_Od>M!q8etSB7;h2OmX$x;mupxzrU*fCERY-gg z7qKqmkY>}g#JDQeqEC~7F9iw3mTia`4P|IZ71C&Rw$DuMk_IBQoRtK~zppG8Umapr ziY|_#Vjilw%Bh(-9|PlHDE1-#PU@*%?)(GCs6bYTh=we_{cYmBq^&x9aA5jYU}qEb zi)fs^wt84b-dXYVDU1`6%(0+j3xx0Iv~*Xkf(0EWa8P-F6;23+!}~hM^V4pINy|H_ z0L>(xuXpPnil2QXk4u(@&FbO&V}KAn7A0bAlex_;KnIFIe?6r4=rC+^2>)z&&@`cj16gdT7S2Wzg~mp`%WwU8N6UG#d6FO}RsCS9s6V6_VVBT6e{4akTHM2Y!!{F4 zrB~{l2l0f}dcqoxSkfZF4}?%H_rYRzPl60qDJGVc>sr&lnw!@3@p@(iu+QI9XIG1@ z-QKA=aj9Xu-@^rD;}^_RB!{w^OZPLE#!N^+TG&F6aHV5a6XxQ0O`~F8uKSC09nKCD zNVeu5uWDL{OR=kWPA`2yl+q1pV2M8=N-jJqt;4$eGPK2di!wq#Hn!r#oJ=1s=@S8| z$IBB-Dnyob9Y2vS-(akHK3&jzGLhAqeQ9|=2=`0jC-%g$pA3!WaryAh#1r_^p6K@D z+QlOTWIHni(gi(451fw0m1e)T_Jz`#t~4%nsrcN?j{_yL2ml*3ow9eP0?7R7Wc|AH-)I}Di8OsZbSA5i{8hKO(P*M{5*8`ZGy4Q6|IS-6!oob-5 zVF*t1z;V{=!Y{)mBV#-}f!2}q@D%Bv3Gx5Od>s6rK9zbpApw&|K+VjHR-wz9;7%@IszZ|LXL$UkY|C+gnb2|i6)q392`t79w)eAdm z`xkcV)`d_pp4I63+n?_ICh_-!Au*xn_N%g);BfCUg(ObvCGok-6xUCtIp9_U_9))& z0>p-J5atI|6$+Fnd#_M^p5FEf<+}X)rbJrFb+Eqc{n%BFS`Ld{)GnVtTDeXqKT*_Z z>$-PKe(N1BA%jE3!w`&?lm-Cw&$`A${H)$gucaevPM}b_?H# zZJy8}xs5~j2slv7c24HcC1E8@j$T@ewV7^wm*&z9m6L3ar&u4G@T%5b%AX!xj<)WM z8K#uX(q1m)&NOiQ*h7fy9)>Z13T)+@q{kowdlhU~A}-}37Jr$)+-?KIv2c?^>T^@b z?09|5@eAZJ$HL}baLZSJIH0SC=vGSSdlAkzR~!e*mZ?`C)AlQ?iu4%-^Nf-76PC{7 zzDM{Jdxt@|*;Q#|j#%X~u((N}>dx&$W8LS}5M6 znBn<9QMI$0PN^hAX8R?^?2;?{ z2cR+lb~26qnWZF@dxucaVX4;CewoSisJs}&1Y3!adFdY_RFYGuNQT&m?{Aj%f#xg- zbiSV;$GSdG;BFLu@QzpWC}40ZOi;oGI7;PTT6UR3J*Lx4e;88Qs+jc!cASwZI8!I~ zQ$^emU-NJ;F_1rRZaIxvoNEU=z6l4mkmephjgFH6k9ZM zHg@XSyrKiwc74Di=KgpN^ArK@4Y{AqvG*g|Iqmi%Q328h`yI6O|*!$*2^M(FN|N)IUfOperM?6Q1o^S1*#t|jJgiuW1t<$-c7K!b=dfQE@MqsG z6>r3-J69?+_K&O>h{W<|fxO-%{m$m5vkY-EX)lLHH%&2sfQe4S__5E`f%q1B5?qBA z!SwSLy>pc>N%&3>?X+Dj=Xd1cfLI%3TW0db{NTl08Ax-V zYu(~cF_=&x#M=~rV5S;;rnEw|k%Ssph_d3w6SE%lgQe=HSbB%ygm~L_JaiL0Vtgk9 zv77Ekc63hnlO%31@nwKm#l-=fvcIP&G%|z1O*$wm>h6z}47UUzv6Lb)_l=K3&9TIx z@JQ(WKV8d*;DqjnpGm}oQ7{Lc%}m%vhetWT-YtB~jnEB~6K+3_sGj}T1StsY!ikHMMx1t+(9kJ+Yr95v*alHy~}%#vAFp0JF;An<{=4@a$lzIS_5 zKd1Cd2;S^s6bi-z>tUV^k<{VI8P>dT!~8c?Oj5VPwrau$IxZ9GW=B5*Q^i!y#rP2J zw8a<^``VAQPy_(!MQ9R%mvu%)^gaDK@v}P&cW|UA=DqJcn#0)SXnjD^{b6ZxUo`aJ zs;cx^JqQP|6|bMLutCjdl#W+lPgEiBz|!~qgvrYMFQ!QmM8JZn z>%7JV1=4|FJti-?n0y`gjAD!ifO0v)Z?rZ$3xy(1|uG<|9 zDDX>e6#K)s`Pyfv>8e`hzWW!*Ti4Ny2=ir;I|`Cde{S#>65iD6(3WE3ZpW(Hn#7wg z&A=msmnqz4YwPd5X;w>Y3^;0W$EkmFThh3AbNBAO7yv-`0Au1kjeOMMUWXR zKsb$s3%l$UXX(Cw2mViq*rI?j=FwTL(neIc$eWGW5fn{|`$v->k!lF0RL5Yiu4(?f z3Mdrvdk}oA`!<&h|Cy@CnU;7~AuptV+LF_VjTPN_-~H^WE@BwyNTzLJWULC^LfqvV zng_=~8^gy9gct$eSSE!QY(~h(&h!KP!*`ev!xuz*f6npEBM#?h<1|w zmUxyguF&qASj2%=T3VMgvnmznQSWbD$BN{5bB{J>h>)~3<=rMb=~b`AQh9j zm%F3hmLH_Tbz`5)bAt@~T-dP4Jq0Z( z5n$Z@y;2r}^GTMFkAeZUOP$6lQq1~PZ%0k;T+V_7Ynw7ieju~Yq9-K(&b*+4{f-HR zfrKglY05tKZg#q%fmJCq{|rIo)J>NMG!&FE*gr>OWjS0QkIRY;8^r2MP=(7!+7|k` zr-Dy`ov8DbUj42`Oi*tSSpHoZlvK4N@wqCXH=Z)odiSmdS(k(U#HuHlmmeQtR+ix&G#EyP1rTLy03<$w;QW02sa_T!IG$iU zvqy_FU3{^AeyQ=Bu37i~!95$!3(X;KL3T|D^y8UL2E zsYy?d^EB_tqCcxROK#6S(Y;oO@h{oP*b?ra!C^G#nQ*U2Ay-GMqZiD5%-1e(RKCdz z9$o2Z^Lb>9A@`PUXDd>!MkU|Dw2C>SWmxk0Qv`X3Yl>G)l+Zr~*jp$dq%kQR-cEf_ z&ZPlvlEs5|Bk@w@_D8VQ_KSkQsf8LS%@eRfXBh6hz6m|Z*AXUR&GGxewpV2&rHT}YqS>{ z#P+4~5SYd*`m~DeFxBS>UalyqlF?g~^N#KfM?&f9O?XAI_Z=%|jYhMNP;4}88?k8_ zd_#ZlH;sn|?T07tbAX!V7hB>Kq`i6m;}AFu7o15m{L}!Vh41wOf9C%Bpw6O8?%kQxP4$)%u0Ly#MwanQ3QL zxRfv0eEIR=ECH}!A-3RO&EYV-<{w>jcXmn7vDG@981sio1f!T^bUi)eL%9Nej+e}~ zGq`|GB&U*(Z1t_w4}V#VZV$x62Uy6LlnDLL-5baEONi1MREFCYkiW3L!xr$BL92)A zPDmZk0ZJ}+Z$8hYCKg|qgyZ6gC&~bV_uk!tTBDFN9$GM%=b~LD`k=>fc+14WD6Brb z^roKVJH%Z)6Hg32Q8D+yKEva%sAR<_3$B)BE{i|6{Wd+zSC;7^>ks#P9Zy`64|_si zuDY!%4C%dD8;9Hvsp~5H`{82AulL~@YpK==x@o#N!i`!pngbWakOYatAe2`C2j zb~3&Yq>$AIz1m_|YFSrPyHE`Ou(&A}^Tz-9ci!WWwOf?&vEM}gXNV_3|H{`er!?FG z*o)P}_$kWPL`mhl?wh;c;r>uRqZ4k&h(V||C-~7QpMdv;;2V&1(^zQ%6|5eHlt@7digWuq>mImm2@f|&d!t$fZ6`sq zsTdIcQI~VC^Dz)oP#I4BEoy|B;VbQ{h10%lRVq9c z8?J|!mAkwWyiii(qp*=Y1?zNH9yY(Mw*tIPLe*x!*^K^br1>;cjBbC5-mgN57VcVq zLxJ6ff|3TY*TlMcsE-LXJ^@^bKk%%!Nap(c!IIv`OBmXi)wxw3XqD^iK`f5Za~p(I zM&_2L?zMc^-Rj#02(}bw`^KkZMLy9@NQ~!q&qx3l+9ww!tL^k|nb!aq+%wMTZgqso zxC)Pf+2i^$QwM5{BAsB=?OT4hgluldsJj&wPu)F@CJ(jwwb(&JkDwAC>g|5!Nx!J7fjLx|CuUAz9 zbQst932ilk0>Y!G#xut9eW}nq@Q~S0Qk}T%hcvW#r}`N+Z|x-Mmn6aCdt85~{RbSrnX5;SJ@h9WH?Sy(ABrglHttgzD_8ZUPg?{F`L<;L{`qS}-fic^488E2kb2y~q#I6A*DDxC z{bjm0dO>c)v-#U7BKwd+Um``50y{H<-}v&-89z(|=IHM?UxcplqyDY7*`eO;8syM3 zw@>rQgQZma%+=dh$Z@lM?cjkv(Ffr2HQ?cE*oUKE*j}F*_h$&V%h~qHt~`^1(^q2% z34Z|*w9%YzTb3nnboaD;bbQERK}9>p5;cw~xDAu1_jRtwm1c>+;b$cUrG-N47UVfWzt0Xg?0$Js^V# zdKX)75ykv2DeG5rw63%ad=HXB*S=7jewctVaaec6YdE>F2ZMCoz}W0y&Bhp9sV_Nr zBT|BQiS&~OgX&LZy4+g_$-cj=hvl?~08Phx$I7?aM674xdKb?yJq`1@b_}7#%proo zMiS`ahL%L8mtzh8xN^R-E+6bKdUES;^DS8Wl0NrXiG|bj$bTkbUss$UZS0^bgaqMtyGkAy?s2;A`4^KCjS4{L!&7|JKMU!f&NaX=`9S zF9OLl!RS9v8P^6(CL9exCG#KP6ZKjDF2(e*_IP8~FFAVCKRSAI#k=QbR8Tw} z{-QjuGJ&qXZ!&LR$l7vpgW~+Gl#04Utv0BL<^fsr97NRzjVWlIi*5oWSH*8(EV*r& z7WcMj7$hxffQ}wErZ}V$>1M@#&sRkdl$pb|NBCIp>G}003KXZX$s^2e$+JO=U^E>T93{d3n~kI@(RxxTOfB%4Jf4Q_@BRcuH*Nz5dXTfh)Av-}{ru z{82#9?qu#%b`x=0> z>jzb038oLv<&Y<+F0m6r(Q6vJ{_|*AgcG>dZI6V=;`w$EzAMN}K|`dAdxi<6R_8;C zGLzF8u5Y7E1K7y;40wXP~Ejgzg@BINzm_zwYs(t*-zVQ6*Qiqw|x} zT>%V*XTX<W^Ay>;*_jqdTCoZZZ?obuuq+g)vSoEF zfCr(PNaw`Jmy_|i-Xd!CVkiV3KLWJXC0X~_Ovl8gU>XrQVP&!G=q$UR7&a;B4B(d2 zar*9igKiOioZJLj&Qx138~LXs4ve^hAH1U_l>*AUGdx#LFX^<$zz>F`|9GzC0@82* z+t^-`;<!3}xuS)x1MBkkQKsYILjiH1es4~&j-Ttal`^^z`1ek-LdA!Mf!Lb>w?K;mvOT5Ia}gW%Th zp`Q}xS4MjdSadJaIwpSvn&>{P zST4&QwPBag{iQ1^uvsql{(?v;@c;@%%`4zP7Q`MtXEVFJvImF=B9u>hoJXN7A5AgC zcSUn7D+ACqb=3V%;swyU*ar1$(d`lUipK%Fg%jc!@k$=Q<^stKKRz0eRoBH7xaFCn z@kWIY>GIfDHo(NY>(R_VCpxwc)Sb9`vP0RYpN>gZbO17+`akFN0^V0Z9vb{NuJlJ2 zK=Qw|*6Gp;?#y0Lga^gtaKGYHtx6W4>_DCZ-Bq}K;XgTU%;UFaJo4)7 z=>{@t3d2qeP(T;(diwKq0Axwto~`(hUZ<0uTv1hmMWYv3$?1YvSII9_n6hMeJ&ci# z>Ji(RhBDbUdg;~M+C--o?@7Z z2gcrtY`Yfhr4CKelZ~D-6h<2VuOAkb~ z>SrNUQf++IUx`^0EZ?3c9AP%1p?rOg9HtHYtW;pnNfIZ9YO{Pg=i+?BvyJ&q3@WmI zW|XB1$~xajel|YXCL7iESpLQ>$y(2KpT_XqX&eu}7i}^#y?)RuC#Sh*iOyd7?}Lz1 zaOBGE)AyJI+PB!M-x>~={ZVu9IR=kLDFq)GZeb!8t&g^0=cY?i@?!fi8Dx*aJs?FQB720g{83q6-T!Xe>o& zXLN3bBIuJta>F1}`wISG)qaz~y(qGA+(KyHGLwyml+Ex`U9o2)muhyTfuv z4Zw`h=mvZcZb*d{_am~lM#oFRRIPLTW^j3UqR}CWueYZkUzb8eX))15{Q_5jJy_Pq zJRJ}^fOvV{z9}vt{E5&5=dK&vnI*Tn2NWm5?MV>Q>AIJ&6d|IX`v9X}2^|kcdlZiQ zfv`#_HF+GYE5R9PJWihdSrvbeESec;{Lc02c;gKw5G83jHS{kBnQoigho^ff)qC?o zYr6iWVVb2>57AaQU!`~z-BIL85%eFltUUKxA_o>l_lXj!MKN@N91Z#UL8tc~Z5+RU zorS}Gy+2RkrQsg?06?o;-my(TB4i+4neSe(NG-7TCet)r7E_D%>?c-H_}YsHR8?ID z%N<`iY?-EVgME@%`}Q=otPyefVm=%f+7mr0_pMhDis%P*rdd57&eK66MmIH1%L)Bw zp-E&SakMu; zHTOH9l`~O%)X{#S*_vec8xQq41NOPwOK#lCexW<8k6$3_n*%v{N+;J79IK4kL!38#3f%Ed)VgVFt^Io$~3F-l&Y3d?~MS-SA% zIY^P=WYoC}U&uDtd*m^ipXjSCeEnRb)A^7J=&G*MpheM#F%_ori)-F5JgFXebPnPV z;_h#fmc}23zQ}l|A?;o<*`F7ix88ex+~PCC`?b%mdLTXpIN%)h5VSt^3`Pj|&zYt6 ztmVz6r(}BGsQsdeuHg!gZ=RoHk=Pe%ZLGTv=H&am^S!~v($61EM+yJ zrz_seg!GxF8J)Qh1e4cIXs#nEp8DaBD}J5>0l>8NedK<*4AkIDOivGfxLHFd9sR#q z=TZ;6N;wsiz~dLMz2!IjiNv?SH`<=j69EGWWMnkS*^Y#^C}F-_tZ4A7t{b z+(pHw2$!1e0ONAu&GiLzc`@9^aIhIRJ`2o8roCZLH>IEd;}}xEeJl@(Cik)3pn(yN z%ffiZux7pV6jm)#n1jm$3anKh$La*MKOdaierk(H+~9S=#XT$6=PO@B;BoT6rT^U? zD4QfFS~je+1Rni^Ivh1vvgAF^Ehx!-S5t@hY!{0BUYp&31I29k4383Aecqn%g&Tt} zm-pk+1pL__9%yw4@TB99{i6m*z|`~Thjw4Ud6;Wvoz))Pku_$h;UiXw@a*-9tbk5F6E@Hr{o)V`x9vUO`QW5&^#=qe;%=cZj+ig9Qhbiegj z1N1Ww0iWs-EVXSR&CvbHw}J*u%?m8_*vVENB0XQF=d+?~!QV>p^2eZ&iF5e1N_AN+ z4iNERSNQ`(uz%RnvcYv!2~8dptxL2Cr_X3j9UJXWK@0r`oWp`Ha3ixWw*Q#YdpCs} zPlG4-1&B4BAdxgOlop_-`IR*H8QCa`G_rQ#6N_FiS$|EiJlJj>L!O{=n4xDRu`_$K z9-4I-k$S$oZ&UXWqZ?-YTvxM{SGCfqhjotZFKeoiu-x6;7M$pK4^+drI%_$d&=Nk- zRcXM82{CX-20F$)IPSlzX+N#l1&o_GJ zv+YAOG*nt{<7tVQMiu(fQoCH~D(%kB#t}@H**dIRo;t zRr=vfzK(_jbIa2eWMpNj3GE}l$J@hhuiQn^;EFyK?3!^LOO~~nMisu-PB%|h(ULqvvQXgui}D> z`=&jJJiwjdykNCoTBI{N8?;Y%vPzkda6IV?Ic10EttZe^D8wry(Kpk>E`3H+avy7wH?hC>_Oi_97=+%P_m*azk2;7-Z#wuy!y->Sn*yGk$TqNgt+A7HRI6M6HcjZoI zVkJY>Uh;N3zoR1~OSc#qdo;g2uFiX0C;DLf><=yCmK0UYM1`$HVi-KsD-yS-2mQO; z0^}`|q?;u74aXw*Ra0>d4+WYb_v;0_i{mB%a#G`miy+41!x>?8i0dfcf7wxTU*M0f z#rp+4Eh!KFS>EF|_2WMV;);Q)2n2QxT_Cw1FHurVUh1AxG5glU2W3zZYC zpcb<&STdAg+zm$+u5w>4P`dOCZ#e0qgv>Bdk#UnBck%V0j{718V>eJm;e__xw%{#k z_iLSr@=e<6RN4~uL9qP{YJaUSNq2}N4-!-m++~NPw5>e@@x*O|{KHa*AdbE{jQuu( zZhx=Ie)NLG^&_{@vH6Qf zjMhqjxwd?on`sS?$LmCf=y)W-`t!2r^?rfB%N*Z-tUs7q=_}8R$Bt)-**Mwj#@bY2 z%qx%cP-y^Hhrewn5knOA@lY7HxR@ioE$c~gPc1`h7Fbs|?~DQf-lOT8kZzr+stw-A z0lRGT=o0d$J%Qs+eU+pLFMg!WZ+f~(6xT_ZB<%6Mpg8+e?%CJUJbi%_@B29<%kc|t zaf~?avJJ$qVNQD>R;!G1+u4<(Rfh_D+x$nXb;@#`9@h6eV7mwv^K~Zi)EI=O8%rw% z3`$|L-kGmt8SwaUYd#l^QJBd{LOEX6=k+6gO`8g~k@#wGiBEm*2)mtgAA1ROHgXVL z&ssw>YjzGVQBA@wZ#(^tarKn!3{4@1ucjad;WdMIQ54otT|#8pJZnw%t7pC*Sc3K| z%IRHtiIg(#V?S$v|o`w+^c zd&ZNie~{#4(|urkuor$A-GZHcdmg_@q@DHUwQdA798Jp?p>`95iT!efS>~_J1}bGE)Z6W$wnu`fs#G?Afp6URm7&yi zXTIf%8&!uXo?sCZANiOM-R+IG%Paa0J0R36op~l_P>?h8`m_S{SHDNXNNV?n=HNR1 zZk0!qecV2Lqxteb{dzF8-)*BNNedFwsNd_48~2Ofo|5bEv#$|Lm!GiRta?VT%i&~K zS0;1>Z_g4Fd%hw1HM#ZXkB+fdJm>=l^&=j$@L7s)IFP-#MMfN!05hmOX{tF`RWuCF z*FNR<2NUGmpMB*tB5P*`P!hf0t~b>;bc6-#&x1wFuerVj7#4a+GNrk99$wBZ0Gii! z+aaPKe7HlsHk9U`iP7HTecrTT;v2(iX z!|?Br_I2<3o0wiJrD$xhhwEqQleIoLSm~gj$A=8vdNR(KR{FDcdE_vHoXJs!=0?f`&VBL@bqTEtkqIB?LIV85N<}5fF)y4(LGTAo0<6ISV+F>5Y z&ic8wM%#Bfa-_`7@3QqajizzV%X0NkXwkq(qd^AEX}T6=m}sGVc7G;hi=?i^>mCgY z-Qc?@&+Z6ZnwK)aK`{;Y=Z`rS2E7W z#D?)joAJSu;Q!!qZ+@U^+!7~io?u+$|H{`Gt>|&02x@%*$a-LYtl3~Q1Sw(Je*SXg z`Jk}vX$e|yynfrP-;Ea|I15!_si!3R8kw{O(|rt|@N8ZTNb$|EPl=CwwF9)t!AG}7 zgdhSH?sF7sIYQ+)htwe-TFmk($SptG57Sq@&w_YiI0zg!rqY_KV-kXs(X#sg0rpQ% zqGEK5{;+F9SKl(^>j^BxV;HaAw_K+oF^(L z*$U2a+3^ZI`}o+GiX=N6uF6@FjWhOVp2c3COI&+5q>C4j@AKayq@=_ozN=x^Amh82 zMYX>#ivvvlu_%{dA33E0&nThJ(8Sp$?7-iOQR`ghioR| ze!krI`FWn(YJdAzIGX+)$K8A=e7%G&&G`&ex>VBMwVv@9%V{r+$1H6Vl5J~ZZ>T1& z(S0jI!{b)-GVWKLf=6q>#@t7N7N25P`d}O-`4EbnF{)r<#H4?PZ^&sApob(6+LN>3 z+160WzW2ZBoE&ndl!jA_a_xbn{rY+W{orLkzK?Oe@QanjZD7tnG$n~=59lw$7M&Wc z+wb#bPxk1NeAzWx%5m+<3vsROkZz@I_vg;c&5geMTF3dtf=`(-0HaKg-jZc#uB{QTg|gJ_7T% z`r8FOh(~dnk7RqK7P7gn7UO^^R@r5G9+wb(0t{oS4EP&XLBwNFEw|)z{y^J$$@vp? zVlzoUt-qBE08SruFGi==3Rv-eJ}yDo#mcX?YewK8$*EBP_>3dbdrxGvmGJSHn&uiO zAhKXM;S&7dd5dN(>u1NRpgK6l*H0AU(ceq(neW_UoC8SGp~8aR0*`{^vqVu-7e)*0 zC_1#s4%tBgM*`FT);u42TdoysP5%n=-W^~t)amjQR&DzmBjQn9Cj3e&X<7sk5oVWH zA97}R$AwAUizfsr$eH!U^aAo&ZK@=hms^gUT`^x~NBDnzkUhsyPSE5&U%~<5i#fRP zOYZa>T@(&f4YxEV_(%P|W-#lD*;76t7DXlEeoTk{>COSP0{i){`<^G8-evc_hYN=^ zK%jUA4*8}|%;ESm6S^rY4suk%+_rO-tjD(jp43fIWsoYNSeXt$Ty(#| zUSWboYs@MBcOuL4M{oe|XJGoqsX}}q3FF2^$Mr=Kw@&R|@Lj}3J{tF`BTpI)$NiD&Iia1?zz z&*wO&r){`$XH@x~9T3{&(6^l)G%$+J=(i@jJSH3T9#@xo39!H`j1isDMdv@S_4+mW zlNA=u>7d`-FC@=U!I#fQq;=y73+!~CqxqgVqJ@$;kAEG2p$GHf_~sQe%G)>`o`L^Q zspFugN)keHPo3g;F7nISpMMt#QO!x;!=3EWk<10PYp{AKdtYF#JRKJO;ZNBI$2|(Z zvZwH)T^4{@hwph`3-EU%T*i-h*NPd{KHJfoLMB{52M3H={cM{3_lhuF#BR@jk-Wao zge>;PF~7XI;B?+zLv(-j5142?J@00KJWZarbP#}G^)F>#j>VZ$fuHvs=Xuy`m_!ZK z&JS4`yJ|atE2R06>&G8K*sNLf3*%5OAfUEnCYNbJ(w$X4k*BzLT`7p}utsT_?E~iR zB!%Yw#vh~CduPv#g`6!B-Y7{w5*_!ZiC%%-;6PaT)9CY@Q`r1@cYzytlwlMZTN?FB ze;%fABe?aZWLLlElc&Iv_2r8;cMkT;E*vCuxqDhsqI)?ibB~n0RWn3N+V|!bw>tqJ zoznEgSI1R82Y&_Qu=osoZ8oSD{d;gGhGCBS$#))5nq^AXd@uJFOnsceA1h>y_PIUy z&Jz{;uNtZfwBo1>i=ezte|h2>A1Rg9DzppK-|F{ ziOhttz}u_b%I_R;wrkzs-$#Bxv+%b(Y(1<7ZsqK8dL^sBl#MMOuN~?J=zd;P19-iU zWqrTLMz-PEjAmCPT%vhn^ zhfUyN60uzG@%x>XdpP*0n#rdpBe~2+DZ%*ZuHLia?BDb%4)48*%h_kfkHB!aK1y#f zEHXl;?LK9b$-k=CBFc82ku2+)QX3JC-aeA^=b|L$ud2@Dm3h7!5`Cq_(+^&b`(gCY zLW)!I$2WR@KI`V=w7!NhK`GBbejKis%)nZ+YM2p}eFviuj0^}x`&rN-16;DNee>{x zZc~TmO(NOU#~8AH{kq8Z zzLKTJ_PK=1&)Yud0>ENR?W4}V++S=}?g2;x1LY#p&pHOZ_$7^7Rw1=@uco~71`06L zU&B)Q{RgfV;+;4RdOp(RkkGrsxxE8c)uNuG52 z$w_*@Od}ED|5sHcXgcsM9m)IoxQ0P#1QAhP+Ei=~tiLW+daCx@63-5X*=y|IeVyx{@y=;Ybg)5`xy4!@m+aGHYvuagn+!=1#xJN z5b#O%J}F#FbQsrGvCaKezOvW`aZR*g27#CRlQ;&J#~|+*!$H&Md0S- zg!y|OSLgA-y(K=CNwx|)oXt*gVxSSZ?<)fbC3Lf`Sj{Elsx?7>#B^NT@stuhGK3E%5!M3fqMn z^j)Z+Ked8j0_)QLVEqi25Buwd7bJ+>^MGC`SPSE2?cp-jk5}S@b(xeo3Qt(KV<*M9 zRDx!>mHQ3@Fx>Z{^jotU9zP2?ND%@yP@@?{$79amF2zN4jvjRgki<{x7b<=e?ujm3 zs$Te(swHSP5+F;vv5@%1NPf=7r6s>L{r#gL&?-f0CkQ|&lbx>#USQxK`-sNoeG4xy zLK=dff5XMxFPemRErOA^mer;sy@*e@qR|LPUZF~&z8|IDPdc`l!w+=6C9z#t(^t19 zxr>U%kgP-9PChSRiVGW3Q}A&-d}7K2`NUW^(I)*>U|ycYANLlz9DifvJNn*_UB>=V zSh|QQ>8eHiMC24K&JX6Hvh0!Qxq}-(1mICI+@c&xTViC$iOfo-`E%{J!7%Js(oy+xUbq*t3mig7= zgr^>@CCeXUIxj%mE$AQg;m`UBTU>c{T&xb4(*+;iv%SB55R!c(eZTcvjC8SXR)3fM zpt4hN-X5Y#Pwje)G=f!cwxJzR?6Kht?i^mJVuHV)Jt1bJnS|SinZJit;P45^n0*=P+&bGgld{QaysV)o3Rgre%wE#1;sFHC_rTV@QS7cDy%!zA_F z`zipTxJk`k;xE6eoJA2kJi_>-qw?02>#&dAu1aS}7%HmV8^X7rE4UVXC2=C1)am<3 zML$3d17YUQnEDZ7mKXVL%@?4IYTA&LQ6=uL{J`<@Gn60y+U|2nIo{jiJ$yZdWB@2U zS_F>s6o^c<@r@%tneQD1h)F+D+I)W!reC}8%{aqFUCLEyw$Or&GV+tv*mEuMq@zD@ z)Mk%r!#9kyC;J!RNN8=yRgKGGT@2YpOj*yim z*KYS_#T=?=wS3OZh0NN^;KURV4GsHh`cp{x#J9SA3G>VTUfkwZ>56ra_wHVHY4#xd znH*{W>DqWeSFE0LoDoxGx{=9#2NoPK*V_HkW11lHpwG}(-oe7Hs+Lkfj3K zfQsb8qrA#Qmv-dGv=0hd1gy{XGV3;?Z~pTv=AQ@y@dXcke@y&%7rrR(!8CSMzYBgF z@OOPgAB`685jAtn*6ze23EWhgx6kwk8ZPXUH|e1$-yKrp04o@n?m_kbiTKVOojmJhqKj0TNEKn6BgtM;PtY%URwp z%Sbc_IPGJWACdjbLkC1wU-Yz#pvAp$|Mb`*Z!m?d{e#XOdLOw`%^mO}3bbb*G(BOV z!0tNL4n{mV>O9Z~GsYBj{OsYHA&C~uX%4q2B&1ejx^^zM(+To?pYP00J@B2|6#%Yo z516{+57cLp6n2NeO2lB+(wi3oF?^qmXZW(VI<%fUx}*~ZIk7$=~ z1~ZI8e&fsHq1wjl_ah&ad&IzhoMAd0lYI>U<)+=gUK2B&=KH)q9#+{ViR)|+y#>n! zNgFnx@X@*{*OGJ3S^YgPfo&L;rZisyBM7+_m)U%qIrDW-fXc+fh4npA>$`-9If)Am zBqw#6B#ES0?Q^k59jTyw78GobQnL|)l1V$>Mb1-TY1V!?PQ6V>nNMP<^Alr&cy6C@ zgY8u|a83Me67HzWzB7HD_%V7N&mUvEqprA5i59%VF`kv*rQlWaOaHL03MX?mJ^T7f z4Kb-%MW|o1XckVvj!69;H|VK<`<5Z?6My>>9yDZH{n!J2LL~C0DP;ZG5Q&%?Rd{Z-q25^aeRy)yvp)7Z2jMDwvNm3250cjrv`F<{FOWP;LAeR1@*y~s83nO zyY3~+{YW3&PxQ&z6f)e~*9Gf*pQFC{F?^2b_#XH5X1`*=(z`Cc?sM8z%?$R@8T0%L zm6U-`M2ZCP`{mKLPA5I7PHP^h0nct4>r9K>1BjqHv>)N9&E0M({eLBbjW(3|ViuJeKbor6{N>_I<@lsmNtH5T;?2NFWk7wwW(Sl*)PT8OefZ>2)0vvljWXA8Kg0) zpB9)r;zf@4;&6DC9LxLD(JWvrtN!*--ds3i5VS8^@ed5hO-sxc0XpnJs`$>@-0Wu5G+w7Ek1jPP{$6oG@WkB1uHvUP1D+=bf zNmt{&C-*Dj)P6SS!)C?ET^>$9+Bk3~49r2%Aoq7h@XcSEI+Dq+uxOax_Rk4TRQSK$ zSL1EOe>De0FVDgL5kK6K`3pUt+LsYhXbqegDGl?+8NWb2eXHVjv=n+^nf)*EkDo2n z5N9-Z-1k5ZwCXMI-R-CH`*5KQr3dcGDO~b4B}2Y9UXuA;n&Rf0iaOQ;=WPT$pWce81U^UPq?dm$|9-Gu>vVP zXp10cl0K#9=rFE@51L34d%7QpdViZEm!ABAi760FkXD$k_mP8tPWXUjeUHb1A3xO% z%vT~zAEUYsIruFA^Yf%2@>C5E4t_t$SX}Pqeo@X8XS@5>mcwkT_%uEsk!4TK{CE1l&%ZX)>5E`WN;nah&?&c?r%I_ z;~%{r)9-&FPf3n_lem0EvP7#;0Amh%2!} zwzSgk_;MQ!G=OolNtPL1<>&9q#0iUzzu#MqLrhF%l^syVxwm7v&=b=c@SA26cGrGN z#X%h5%jfs+?6SX6Iv9C@YlYjJD7^`9l%Lbj=I)QkBXiI)fYqdV;4Bw!3R7r$V&L0(GciKleNze>{N8zPauHMI}~}X1-DhmAeBqI#l!eaE=|oxd0}xk z{ci4=l5E;XDfll1k4ZcW`ROwm`>GoHl4R_w_TX{C;;gU)K@3*comnYl&OOzfkq>%~`NG_dn zA|^RvzqB^ZlgwEs#b-?-MT;{C#8^Fo)NPq0y{7GxgiSDT#9}eyV}oE$q>I=3fQ@%A zK=&>>c5f`0em&qi58SBYm=vXvMd7WKhr>OodWE&3m!G0nWApG4a{636%OQ+pUXs)i z&FR72Hp3*CP>JsQ&~gNWRLuw`sfKfR<^1Lg32>#t8#u?`d#$7$BQBo&_yv;x9&AA~ z2LvkP;=I1ER|emk`4%r5ld6%+-FQoj4Ji0PN*b9)F3_+Mj)01?1 zKX-^9AJV6k0Z!vH{OrCKcl>?pzIsbn6?RcswtQs!67d9Ktg?2~f^%yCnZOYOI_6$9 z55mREBr^iX7p;qA-@W3r9)8|}z(e`Dr@9#tCTW`~Bs?N3~?%}$|2?m*uc9sDnV;8(}zVRNO5R&640Fhf_UQkuL13@96L=t z=!a)Q>d(+jI9hUT$bp~uc;CiZb=w?4`IH6YugJrNrDY8Zd;hc(L!6TM4I3=`} zmR^@h>1%)4TH_ss@fi@ts!^YsbudoVtZnNZe+<@<@A=$a^ralj1A)fYeM0)cOX{08 zUjELJI8wpPEe=E=|I$710T=DkyyKVT&KA}_q%ai4N~8OpXBtr2za&O>QonzVsb`u{(){)n#AGM5oR@b$g!MuzOvCMiAvf^RX&P~%Fa_TD{U$OF z-SM@VEc`<-A~Qex$RR&kLvv)eFN?g!tBjW{0}XkCKkAiTCvvjj*XlwP&xK=t zY+yT#g8?uDUnqPd^{bry>{^>cHGi-#8T0k8XDeI!(a24fQiqw61|t&XAqNoJyNyIj zozTHX!QJ>lsHQXeJy%SxeqY2a>J`>YsDk*rd2+0M8mF&y5CY)^NKOGC8`{ApN_4I*T=nKt zm=(S>-=uSI!N`U90_zStgoL_2U*!Ipx_Vgc2US1qu7|knEgDgGLfWk1O!#Wv`|D4d z9%q8wSj+-Suir$UTPqamAcZ6>?63NS4PWQW5)yCJVelO1%cW?>v2M<7Q%Rc5oFmSs zA+f6`?1~Ag^njf5XE@det1YmJ-EQAQQunr`oF)DgxOXl&)tTetuhQaCSU2RIaa?ms z21<7J2uQdz%lCa9ClCYBiu1(8RFh%;oAyf=Ot;)deJ33_WH0r_;JjCU1ZW`5(UV@M z4PWhRcRaB}#NxV0-aWlOocE2jfoeC8p&w2coHD8%p|T8lRHr5q9^r+q*uxzFAtB?B z$@{ijb}$XQgo<;$j#wyuzaLq|czi5|r+@=wk3OqIAfNDZ%i%%_!1C_F!p3~Lo_#(z zmhtz%`+)@zpiPR#7j9VV{l&3N3F`Hh=GvNTTLN!0=M`u$Z>w+06^|zi9VPzZyS}7; z{EjN@3mo>{=YG4^cZougKghib9}C>fS|l#x8=T+E?x<>9@GU~{B^CxOOZHj3NCvMP z3Exu{bL*NYTeDC2FQjWs*L7oY*rTq9{9be+@Lw7J6cyvr1E;6(Q#9cww<*sO*84T; z7(PVR{4D)=J%ouZb)BsplFGQ8o%syL9f>o4_a&(3m5|{3ptI0qa1-8x8N<;Q2D>Ta7p8$H;b$gT_+piufXL^t8 z`RV>{hu4UvJ1eaAi1JO|^R}ZGWfxhAVkwnM_(@&qFV&Ve4s(4EGzWop&@}P=H?*Id zIfx!EJCdBd9>4|O=-YET!0^uV%n52O3@mh_5XMGGhc5f{Cql9!R3|A3)l4MxOwe9z zDz$rW`iM`5-FTcwk|#XH`Y3uYd(e%o6cx zo*w~iY}^@@)%Z}1=`_YvuUB{MEIvl@(!fd6a5MbQ4!yr^bVD?E-NUUZ#+V`s{*e|Z zW@JKjg|1g?-@g2nWdzd-g))#a#iCzGjdjS-)PbF=D7c>U(f2c&yjB#C#J*P8??zPd zsM5W~r!iIRKa#F%OHpl${*oktM~NaqGRm7MC`p3kukT6q9d%Dv84zKI6=ranX?n?k zl(o01@AZ2lckA$2yyHHtb(kPmYAIfhr+uy3^&HXq>}RfuFFmd%Iu)<))E!Q=@p9tj zYrf|XBTfg=0oCA3nRaZA?^Z4k25f!HV4p)D;`#G<-M*uieaTLTNN_`OUC6fx!MWSU z0D2psU$B3=J*b4ed5~sK^0k`C%j+Nk-qWWWDL=Gk<@%NnY5fe((uOauF-OAQIF%J8~SEi>|a^^m_b6DN^L_w@@E@si{wd$1_EpQpCXF~mv`PM1gq5JY?X!g_9$9aUKkTL8J9SV_ zD4&yhL82tUDII+>uxUU+3BPcfUO+=>NbF&q<_Tt#8v_an+!n zemVuM{YUHdC8>Fa)GWXn-4qgjOgD)-e6&?RqMVz%MS&d$REhIP0Tw9)sE|A##0rHP z>!kZ|i2NOI;e)JUh1e~MbroAMODr^>_?!GRuKNa$AMl+!Nq!jR_alpN09bnE51FA; z_Vz=qJPyM{F#8o30y-~L-RJS{LFqoZ>}z)p6TTFn51mA|2evbz@Mz22u|N5K_)fD_ z+1Of2+m&>^5=HNg`o8y-@;l$TM_%m9@qS5~oudzW3{6O+QpdP|xn=M;)!85x(UvA+2}|kew2=GrIgYjCxR5Ht$R<)$TtG1b-8woJ>yjw{SnrHxj_J!BmcN%(h z=hk5ewm66OBozM5az8#T56!`AshRgbsd4g8TgP9LF1RMkwU<{*#(yE6rJ zm7we|9im{&NZU1q40?7vg|omP(R=uvh*A%n!GXe3`aR$8Ei5tK=7HRY(|V%Hl8FS7 z+N2CaY|I@O+}rH{yPt1$XT#~E@a0Q*F!?F#3ZNyW08xmtMd}awm=y3rEo@J%4B*(& z?wgxm!!C4Lp=Ned}$JdXQ7+*7X4X-xfNn>W9tR21Yo6I&VnIHs@1d%#?7JmO%3Ur=?^>(>EeCOZm4O)usF4bX6#xqR zrR=j}GTGl*Io`Uui%*&p+aP^cP6x9CH1NsDD|j6!g=t&x+Sg-Sjja)mTm9ZsdK{{x z6A&}Mu+`4A0h87~GZ6dWb5#pN$sQHs{ZRL6nLyi)R4P9CgWC_D-Nr+dI^@hvDynA(o%TzF*gEhczgNn`$+L zl2|b->zhi7VtL*clg|dOb=u>5ksm}qzkvf`8hI@mmMF-DeOzb`q8E7o4-jg!%J|#n ze=Yu_W3yTaJ_(NV$CvwQ>yyFxl*)=sqMbSr5mW(h6Pyr)rg2=x_#u7!r9OsaN)(G| zlcEtGz1Exqq;Eo(WC`e_=2X-XnH`bwJm5D(Fe%(QbC^DPDLHBnXp#=eHQIhLH(e%} zj>h)zT?pzv64;u7U8GBb?Heq4xK{h+>TW+3agG3HCYwO|B+`s;Yuj!USMyQNoc!}N z^kO=HYS|BQ=~{=GfJZ z3lo%DnJ?w-cil%|YjprnY!^HJaJ}()9k>m!u|Fx^m>`MRT_#tl)&#}6{%FX1DCQ1K zCjRah!h%CNM<3sNssO;X(-N)ZY*!B}if~Vj^J>N8EI8EQ2$UXLSf z*q1$;eE9|Q$^`7gjC%M;d(*@7rjdye?OdlsgFYQLS@M?QQ<}WsiCwJgw9DGoJDLAuk;v{cQ&7#>9huRRIq(+Y^u!xcYDmGf?Em;;0b9)IaEH zHKuGyY!h7czP1H^o*f9lfA#T`L#HkJuesXJVZ;P`>Ms=5 zuft+LM2uGW{zq4q<%UemKj$lrw%d_>f~XFf$m~JOqExBs`v3{77Se;wSdW-$uKJ!w z%CT9?$5ra~73w67Z)k^8vEcr!_%%Km^4s*qkfMJ_+ZGWqscn9e-;o1i^F{>z??(VO zCcYpk1ttSuw9PPA2}M;i)PR}cex3ID16xhN^nXa=lsbHq=hx_S9P(+!qG*WliT+d^ zB2;Ddr*!3r$I8IV0&>(Cq>6;lMhL$729ACXtlS=+YL0!YnVB>aSJ;(B{nIwCr!8PYW zBnrthc+U*?_(K71LZzE-y*>wToU-$mYTN56$ZG_1dkxH;ceS5fG1zu6nrwBN^r zbMxcebKh}4#=BZs&NwRhDe!E#xW62n+fQP`L$`0+dqF^v&s7R3e+U_@=-t2Id)rRq zyLt3y*m*wrO-iW4E=#-5&7BKWAO%x4W-Y3hc7O2FJ_Glm!q?>?m*gTT@9)|&E?SBR z`J8USn_Inl@LuE3vpJ|A-Z$^G&(VzoYeN(hMc!Imc%hDuK~GM1w5t0{+1cFWfyEi( zna2ta&*8OSQ?413yw8`rwCwk!=C7d#37U`af~OQY$%>BEMDS%&Z8S6x(>+U(yy$NB z*fjS&QMrGUlW}F>SgPj|tWaHbQ}=y`^obt|R9M2{ny^1t;VmTCQkxR>c+jpT<$jLb$@l+8Ip$zw9r=n{r%urN6+6TRTuFZCB&ACt~k8=wAz#O$GY& z#PrRDh%QIzc0QFs=e&qpC0nVj0L)))C~etx_hKI`WpQ^`Sv~J|@a)7xUMf5(YaIbx zsM?D$aa|k`9S$nxj7h~`2ms47{#=JKk>4mi*0!B~cjTr3MO!>UphIzGXd-=;=>-E( zxV?@RkvzkFGk)=`WQ!@ht$6FZr!w4#&_(I#zd|Q|Lt$1(?-Vu64;S2&4$j;i=qhLM zQ?bzP=nUvxE5zS>N_?Df8*d(E?424zA#TPJ>?6!sjC~3eLU^#@r-I`0XJGv3Z_20> zuzfEAfOC$nrz^(^0l`0m-R407-)N~E9%Zg)BcV5gqu#@aMqc!gE4I-QfZE{-2^LQRlrnmoSQV9GBY`|;M-OGks+PzhQ`Z&k+4~tZ$bh!&{wpV z1UVmto3c67@{{)7VB*bi>Ul3*v&)-cGv)d5DJg%eT)qaTvnO4@`CXD#OwncO-7jW< zX-kg$Wb z-?@rKU+F(YB~4AiFS#XMjW95>I^l#)Ld2Xr%`wh9@=A(PC zt2&J3+CA~!S65bx_|T(#AK6#gXeSLFxhsbkell6-Dv91hqv37c@eq+}-hK}}LG&|y zi;q2Ls?&aY*Ww1PjCkJ<4k2|OsW2vQ7rs`Up72>gbwtWLH@;we51A&&>X5&;MG}j@ zVl#J3zEC;%;dRnYX_45+8}wY=mXlHA^j4l}Z;jY)WcJZySdosh z&LHJ+{rYv{5vc~;6sp;!KB1s_l~J#QodK*zARvPS{nwxC$AjyjtsPAy3>kD7(;VbBr5nJXjtG*4Q;yUy+3^VrfIoebABLQJ!t*LZCy^_=iu=#TAx!{{RV zA+3krx9oKlql#e%FVGx%ZGZhq&d91N0?LH`%?D3nt%qy#()$_?_xvF=``V+Vp0vQeM8z!iiXE7P!p6*h|YF9W|e^v>XUw}X( zLn#8f8OK6cS)ndFh3g|1=D6^=y^GNr5wC{4MsZnf=`?kb&qVvMJwW%+f4|S+_vpDa zHcgOxz>fV=)N?9s5wol~`aFI2x#W#N-WJE?-sX?nL5^Od)tKMg<9MJ-;`ou~6}TK} zuOr^?A<3xqwTGIc!HCz>VnJ2SzQ}XFABgokryH>OgNwr6pb>O>`5LTY@BkQe5A-c` zb&KW1X?8lWK<-mcgA9gw4M4-3P>a6Z89SwpNF9|sS$TID!i75ih@rMrQNIf`aKKb( zp1{%>_ak^;T{6-`3)mWJwjo%tZGVE`j+*_ky+VNih3k8P1dCmc@nuIUgS2H9ynwuESpavlqjAJ#RH_5rpKLh6 zhVJzEEcE59%8J>i)blIBQnIQZ-M4GrD%gYA&4slwR{I*@bLT(!V#=E)#pG>Nxpa(#LQn9T6i;4|KY1vLJOsYX=5b+!w4Enr*V%u=%ssc*)D4P7j2c*XO z>Nvl>s}J=)yyhTqqYPP+khwR~6-+1(IZ?I@t z?bjKF6Ofy58u&3Skz8JKncuPqiCXTe+FX3}T}DGOp-mkPi3NMoQ!aDP_v#0)lEt^- z*6*qUk@?xL36KAuei}Osz+-x>-XRPVp8o5qJ2l9ZFkViGM!nd8?A8NRR@RKQBp*gU z!9}!xZ2Mz3F1w2qAx>`2bf02wf{U)Y$cbatR9pQN*t%=_-0Nwm`zDo6XdXK9NmEQe zo8O21B&N?rLWCm_FEo1{SCj>%G7axEcLbb30ue0#R$?rE4U)&)Y$dPDkkXFmP*5$RvAJkjbM< zWM0Hl&|m-q8{mJ)fX(X|-IwFrmqae2O6 zUNPo_$aW|HJP&d@@wik3%(3ZE~-(FXAK#%Eu zU+tl8>WwI8GTTf3i}f>7F5*p5{BcSdgYp>t0hsZAGR`xs>G;0oQZ)~VGK7=0UWf3l zT+iR2S5%5uCNAFt?YgJ7w_KY5{MK8dZD3O;9w^!#z5ipsd)H(SW7PaLjvBxV)F zYVK_WFyZ8y*iqW);rBS9?6Ez&}j5#Xn;G>FjV+ zsUu=kg$ctdjDqS70qH6i zPoJWrZPc6NuIc7l(S7!nwUwFX6jn87sb*z?>@v9MR~H)~TRg z&w~l2#QsO&&7AxplH4~jRl(b?`{oE?K12ZuwC~)jpji+Z9ivs-2!x|xhN{MPc_^HD zIKl&iFkvfvyy&tHLwLOB{xNwveNwG%j2xZJshUlu*nPGh0W*jCvrkb+e^HCN+!%Ov z;`WLQlCaLQ{ghs|ZE9IE*ZR-=DRrpK_)xe%>lcW&J#J%skNi(4 z?+fg8^q`7{U&`_IW(jMR>TsMdanZio0GvHx(1p(){?gLE`wj00#JK!pb2%NQw_$M* zPl(JOAvsFe=ND*^Kj+7P=t$gY27>;mS&5JOKjY#UQi0ov^jj#fG5OfUe$gb(T>mT% z0)(k*!wv$R*b2IGNn?(I*WJpvbsy)ATo(S^!qCV@gt+S2g&5@`diLi_nb5#8b7+jh zcqU}N_5#}-k-_DIB#$dj=3$!KOaB)PL}SbgoI^EFPJt5z>yq;1pSs(VKfrW&(Zh(6 z9*>i&+D3ODphem=&3=1lV>_h!-;Q9>SKsWfbp`Yyomumir_plo#(gSZo8LtrPP=aC zq1v>YO}}e_C67vZ(5`Avob2$#7+?W=U%B#SuJRijI^L>qDblb0hE$%0DHjVx%9IiQ zcSBiQ3vTQN^ogQ-J*0ebGSV3hXa*sE``RbLP-cn(M-K4=ZWBg~utyQ-B1|%;QM9N= z@ZxGoN3Hl<^kSZG2l|`L!Tg~3ANI^4PABlv;jFn`pL*0b>@-K_=^<&vdvn(mer{Iq zG;P>-m~($^w5G%1RThfJh&(L4Rp{5DXB&eQ4>Q)5CGM4%_jvmS$OunTwyMV?vX6Hf zTJ(&o1G3Isqs_a^@3Xuoivy!LAuN6C$*ppb81=s+Q*{;?2j4r!%w!=Qb= zm^HfWaWBDr=HDxqzKXteCY#hd*I^QZC@@-%Lv0ZV|<-x#wBH^sfux`ePjp**nj3<7ESvF(Jl8@#`cHlsv~x%>TKtz}++(_2F(E zsa|^Dg0P+eb~-S_^~X5}=uUhl2tQ!G(Ph6_INMkWevtqf8v%8*edJgc01aNx>Id4` z*Y*~HhOI&5fAxsqy-J6xS^_Sjl>=zXD^(p&6;y3<=v;^*nv&05^j{J5aS2HEPN4YY ztFFpVtaF|RrE_(J)cke79Ss9*`7OO3GAL^f3|1Ae?9u1NW{g20Y_|e8N=Yh0*Y?ERgbX%`4mEMa7U<~2E z#r?-Ux|6V%Q;c&E1%ws$ABFb>WCZ|cf+=cu0$(XKw8;E^iEx(JvC}>Urb_Xa7}Z z!+wKoMT6BY8#5>WEPilGzwZ&~nI{wuUmYLNt=hZD;T;PBh-u|t-uc*s{axq+Ec^f?ZASzS6{$eSkF2$4b7{`w7ut&(^bkA9*kuz1$8E z{rN!j_An*HW5360bx>ZvY|XYPi=n0xM%klRr7-D;ShrT0NGZc*q}l^9g)=S4OgH0j zIW*V(q>>xqcg7g_9X8*~z|$H{DH_!ft-O36Z4@U%twzJ$d%pmez5T#Fp(<~4q2snd zDJgNE%yXhi7~o0#?0IDc1WsWMpb`$z zN9I-yrl78$75e#Kul&92hRa=8qJ}kN_p&3mg@j&(#XC(^FI~a=wOf3h`ikFi34rZ* z4(GEErh5yQ#x%%sWpThl!m0Rad0J0G2|awP=R~{N-o*Q70zDW!Zk-o^?=#~}3G;P& zqanzs1^$H1*Pnm2_5$*@BbM%((h0~Q-M#JxfXJW}L9g;j*>oelITD)s?e0`47#EWx zwXVA+q+9R#uxRDq89RjlXl>{xw_cd&2IRUkx|sOX$)jNd{-ao-e9@)Dt5s7%QN(5I zNPn9}8NEJGp;hf_aH>Ex6gO=3;{Yvr3QNK>c$}BvA~jodf58^&lB{(Kf{k}k?ys0R zlVI@Oz03NQKYS=SUNEakPo1M0}-$Y)14`{UKy;f%Bd&g;Ik4?$6+D@bE*W*#`S z`D+vz)eLA`r|T5bPadzl>B8aO(UE)BxdVv@?$8^Rwuf;}mkW(uq)lI4zE^)nB{^jK zecR(~xH)?_n&?#U&Vrhn@5|v^XI$c*rE9`=kiQ)Z9g=;Ik%PxmZm~SWz;&9pgB2dp zU(vaIQXA$7LCZieL3V=HB!Hs)VzemsRio2A1^d%mFsh+T$L82ads1;S9g@!GrIP@z zjH9{~dbNQJ>LY*(z`o{^wmCZW(d7>De$q_R$2l;FOz6e8sQ=UII}B}($V(wsv4Ja@ z_Vz`gond+hjk5P8oc$uNcM`vV>jMWpE+XRYdGvL3^}lP~Us4wi?06~{D$j5S9*TvY zAgNvfWoThJD$e7v>bLv%`kkYepXQOprM2somCm`NEqeT+_EW1RYGu8*_cM_We8WL_ zEN72zRP%f=7xc7b&4;)7#L>$73g7+(5KZzc=kGBJ>^$WTiU(oQ-!r_wQQ$5P>$L;9 zRCP|#iEAI z`4e=@LiJTyrsqfUIS%i%gfMrxRhQZMh`|k`RypTwbtv+L-sVSJwv^}t`V-=x#oa$qtID$HfRe9qkSoDd463+XUFSgg`n7Q)IIbS*hjQrGJ7*Ua>H0kL-ecCr(?KY=@{dy6AW(HzU43l! zO^BX%Fui4tL>Bd?DHq2r3nyGD{`hs?{Phcf{4Zdf^-hVoZvIpjXyNU2zn3PtN+KZ{ z?0&!YxI3=C@2vO=#34;-01-^6R9L*Suov&{<9WS92e;Fubp`m0_kRpkaYg)`+2CwT zx9l%&GMsA3OaBXxB?Dn3?P=QFz`9VAGAxC{wf?o0oFBfZ$!*I^(PFfG1nJUXT>VJW z9vtNjmy2BqqqnlVd5WfU2&pY~l~KLDML@SP@V|U8>=(K4a}CE6q}{6(+5B{vp()!*cnNe)^oy$CAP;dfYsMhO6FiOsK{M2Ql+NnpPBn-vtc*zgcpTkCRw8nEN z-J;sPc*3ujJ4t)Yd*6p`UhWb<%jfki5z0HU<|dZAngL(7<4wqGJ;k7mh&_NvfT3A` zPb2)Tx}OXBHRQ(1;v{>hOo$1PE0w1&Y$XC+>K=4xYW*GoP{_g~F1qtV$ZvHd>(FOeT-?yEV+aQXWK8_SUTk(B0PDk`sg$sp@}d^d$E^4neKA7 z_Jsuvq}QAo&(IMbeX&9{E+gv=o)*H)x+wE$jL!Fx$ zAiCaC`|i|ag#6qGAw)mYk6LT)U3h%C+X~$6_1K9|{((~2l-ccxHLCl6_hmeso-Kx? zo)EWkFUjKrEUC*p2i_d--w+wVNr)5p1*hcz-P;81UqvmYADm~9M-wM9CF805@ejBW z?Q6XzeP2vdtC{u`{P5zX17lb^%}{lFelUYNCL;#9639p-kD3J!!t8s*jk+opAX(e5 zy*%cFyO_o44}S3ct6hjFeAnn^9%`cgeBz9aZ8~`!mTI_bE)_u?>U!aS4V=$Vk`b+q zVgsmH<71p;0*Eb%PL(cb-Q|7GvJa{`if%={80)Kn>kl=Hz1}7`>K85-=?#8Ib?m_e z2{4`GLDgT}OEK>=X-~IPp|gPQgaqK&Fa}TecjM=XQH$@se;}ME>~_a_3MXYxVp}*x zo(ojvm19QFQ5W+sx!c$H{;d7>?b=FYxtqU^uBMNfDT!ypUQYF4n@$AX!w<%qVK3e* zcu{BH?(|h&g6y_JA@O=cadV9wK_hN;32Uj|7M~Ib4JYbP7Loq=J*!=_;GG0wOmNh` z{^JZ;siMoPLIw#K1oic>$8(U+Uby>rU-my110F`*-mFitGL9u1_@cq33WSTMsd3_p z&@@?!w3Nrk0b)J-ibXrn#l?FYI1s?L^mK*UwP{a@jN%U-K0Te}_p__#p+YCGMaO-d zo!s|I>6OdRgG?^=cY`nVXtrZbY23r|{9RHBMRNg^_DMIrXnv*a*M&2UH^FWK@p*cx z?otY~gPD_wQfP-%FFMok3IEs{V7k* zp!Sa4`?Ik42MMS`nJc7vw%q2zCVM~I^ZQd4(3Qk-wU?`0;-_Ww=7GMAIbxRBuF>L@ zbkTVBL?Xpo(mOZCaOpxF!p(|^v+1$Mt}-MPpkgyBELEbDF+7e}XLA5C(Nc7Wh4HM> zk5jzYNKJ-%^|BhS89X2&($YAOYaMrN@-%**L!e^8(|%8fkhb5 ztJv3*J>&0!C{K5Il|q)0;f{#-=Hg&mmm}auo5iPYb^GI*Sb`#Rk9sjb1+nZ`k`d(i zyVril^%;ft^Ghv=Gi>=3&HME4SLJ>^ULxSKPLt(c5Wpx$DFlKe*8m(f_>i;-J!Bul zPX?`y9?m5f7MQ){HPM0MwMQ&7-1F`O??SALI0UE2u#{v z;+D#VtM@F@;k^eTN*KWuN_}}vTCcOoJuZga<{l67+ZTopuVr6Fr_f|_sPKI=$8xXy z?Y-?6x93y!1iT>hZBPAScwiXeQR{OQAY^xGd4loZ*P@zZj97wWz!t*OyIiesJmKU1 z2u)oTI-Pq!un*v+iOt60lNbCGkFMtcQ5M6T-cD9lEJr}xBthV>LC(JVQy;t^y>(6uzdBHCJW~8bsArQf?cZ4k zC&Pwe`|We$a2CvT4a7a8)}LhyM0{$lnkK#?OQP8DooO9QeIGIO7RM)L_nL7IA=v`U zZc(o5gDgSD_qz`|-S1H{12%5zDRC38?DyxvHFJ|Gdvey?4M$cB5t9{8 z;gKDfqN<@(8x?-hmPGhexV=- z|E-TOgMU^|mzYxB6SE%1*XvD^k0vC!D?j1&H?Exfa&aGj3UUqKH_r0H^n?b4cdwQO z4xg78tKtj=cpYWI6WRnEvr_%u)#EhL^UI}~g|@Yn;n)y84C^!8E?g;aICUF2wgNM`n#_vmSxnj@K-S`@> zXS@F03p#EFcbVT%3#n&frcL2Q2CXdff(`U zG+N#!@XsV(A`0YRB+{>}Vn5W^HivTn*(ofxhb$!|TBDp-THmAwhxthHrG?*1*DTcs zl`$Whv8vF)*Q5Lek0!T`51Unq3M zeMOOA!p~a_jb)UN;8gv#`8yxY-f{D=Vj#O{md~p7nr>QLPh91r_)z=KUpsSsvMEw= z?Oj@Zd{CeTJ{C8h#Cg`_4dPo_j9ISm96nB|4b6Oue5LQE#{oV+nv~B>Y?C+fzts#- zq-PP5Ua)uzA@NNYhqbJnr-nw*Zj62(fSic-Jo&osWuOp0=A0@rjT+r2e{_@Zr=K5T z5TCi-B|(`)^L*NmwN>L$X+gv(*wo#=720L*39!k0B-SR2&()>to`Z6<(T8rD>T>=8 zsNTgrY~oXmHlkYA_$wgc0AYL~lqPuBK!#G?J^`!fBV=qS*AmgR9o<2`V=CS!=sly{ zc**Il%&wqk@)Q8h{>#BZ3Fr_08ID_z&3M!oPwlhQi|_+AiEj4!r0s~V`tkt& z&Ho|J!gu)iKXVN}hhh3@kmh!$4;OBf1%p80mZR1*RYSEV5R|Uea}s_$v+Jrmeo`MRqM`-b28&dWbO^ zX0H=6_5fI`KRbw~dRessc=QVf8(xWNtT3mS`q0{+z1=#jJ6a0n%--4Yt)Fd@LmETR3JZxI z*9=bdp9fW7eRXl>35;^p{GEU-4#Zz|-G|Wpis%@qg!eJ$739t4U3PohFVuCm9^%Ss zYk%_GZ}2;BA+?4_=6Ana_t%(x01iphGY^C0AxKRj-ml*+1awh@Dvb;6rByKG!ws~f z^5~4`RoNq70%}#EIUx2j^0ph{c*pvvc3s(IejGAma(BTOA&6ZvG43xD`5YQHhhGh$=!_j$Bc_oKikC7iu>vwugeVjskdwIB>ZC@rdkWMEfk8_F# zIjqcqFqReLw|;-cow1~yPYQ7mUwmZLO(ZpVqYQa@91J9cp%ix{4>{>$!ibxZr_*~Q z`W5|C%uq#>4UfqAh^Z<*O@jb#tr))#as!9s%EFxMvjTN%%MJl$lqbv*7YRTO?ka9E zQ+x=ug@8BFKq7Vzp0hBiMPfY@T$d@2W-#ox#$SjPPszeuAL~6urKh=TdVXIa=|pMl zARX_oNS$0y;7XozlgD1#x!?&gbu8vysBOng9sl)fZYPD!p?{&jC zq0gOuxFUwoZa@071?>t;kOK3CV8O<2)g_fmREq6dJIM5}reOMHdj3^w`0;dqtiXYrW4C`DjfdD*cjS`-EGfwIvje^#(rm=Ng;bMh|NYr*J>QaZ+~BM;3n`|yk4!r38XqlS;I zW%?zd~}W|yFT1=nl{Z^3wS`k?SHRs%nKC#rPja3)gu3#jMI zW+u-uVjpq@knO3n>l`F06x-moWKvdJRB=kxFo(7FrBpV|=}&O4(tlUqc*P`DLQr>o z|6Bv-EMPF0F`)aUNvRE>75@2+(#8}a!GJ?fm3%*@OPx|;fktIEtnk_q;a|TSN5iaz ztmAUfc0G1QYMT&n5B!#9#?{8t&tCY58@6J(bwk=e+wxBDE<{dWxDc;X;4lShICi>S zeo?rohu-e4d3j?*;tw;FLT|}AkNZX1*N?|ukF*!)r5#uM`%Sw$bTRPUEf2Yj@RQ)J zFU1#F#^Zja55G2dh>rq=^K7h%7fvU>MA=Nw?Dw&H z`gA%x)e0>^9BD50eSb7OF_{fcdv2u#|K&E0pWPXv>pUWkAo`}-*M=$Gs;MEXe&VY^ z#~!GWSV&M@yJ02UiD?Sha`y*BILq$|AgnWTTp_Jn!|<}|b~zoK?G}h5Y9h0hsrW4gJ}0QPK3R??I@ur;M)oZph11Uk>K4$Xz923LJ;QqoIaab%#eJ{ zTa%_Z;_a9MF!qA8PxCWp29LW8!v$PV*xK1ohy@9|iOPBXjU#aJ5nWXt3g3(ocJl>Pze9qE|8j$WL@RT2$?6<)J|O|$FIDhf^5 z<|C_H^s8fG0O82~L_*!tvn*ZbCs{6yM7rgi+w#6?2e zAw1dR?GM@ugKzon?vY0fyIG%Hoj4L-HXH|u$K&&{%ExiE=itu6o~tLnl~>5UvED)w zz&5hI7U%QB;&`3Sj3N&&+v<|AN}x`*-AJ!lakcb*jeJfj6^`AWPEB`{&Q?2gO_IuxkYg5V7;<-ZXZ5S^j~+$wGDd z72ZEh{HL9kb42K$#F#?0NZfu-guOPQIc{;&uMjZ1N`%s}7Q2SOuiBe&q6Lfl1YR`$ z(;tTz4qlM`v2ShJEJx=$vtiS|!tgXAcos0^Y#-Hl<%7oS`A@yq4mFPSRpERcqEyA6 zL`yeiSY`c6rgwPQ|C;?)QU#G(KhjLn`B@t?6F;1Y+B&bcq5U;o-A^(2_wdkU`V36R zbJRPUEWng#vQH~s^8it5A_WigWs+doM%3#Fp0oZ#g;B7OKhgp8i6^Jh5SBg9o#_xF;vhT^sR_?j7e%>C!W;2-6pOW0&^37Y`qksGf7ryhOlG@<<8m?zoJq&bja> zkRm=_98p67^hsl0=&&nlV`;h%ojelG;+gao-r?_Dz?tPC_9OkxTAoamYm{_GGk#C(#Y(Jlw>A;3bLEv& zm#kh>a5DtQ4z&S`SBK6D!o5T+42zN|wFG7zgoywGhJo4h9vWTdo;8Yg6;5`;^u7Sa zlgE2L)7MA|jdgw>`S49>85UH9E^HFi2dz$62D#t9{eq-d24Vy2aP8O%!-j^fA16IK z7-v*Oj%XFYVcE(&elkWcIi6j-N4+?0U5KoAH3Z{EQ%oCz9@0Ah^=jParQn-GkMeK7 z`xP8@DRVBHA%>Q!-!Ddu((cm$5Y0XU43RK<1>O&Q6#hQJD%;|KNy~T-@Z~|p^!NQ5 z#?4XdjLU0g&yP7sw zZ{*+O4+NOgZUFf@(u3#O<`%C{o8u({LvL(VBv5bRH(uK!jzq8hk>1Y=3>3cM15v>J z4{T8>K_$0ccSyu~59dxRyLZ5d(jFcS6J*^sU#|0I5>F@4t10Dg+NKxU!x?dQ) z5~BHgD`U|5_pzV>c-YREKZ476A06^%y=WVYOY@7Ov(JgZGxDuZGMiwi%&A!I{)YC| zWv=}GA&U?C>8Y(HG}AN7^WbSYpJ` z!oN5t_&slaG>R{1`=-1yN_O)?*pZxu{245dJt-%Xl-lKb6)OYQbCsFx;}?TC*DE-V zNA5gKJn!Vv_)`yxU#2&*l9?9`6h7=ztSBk>nj4XyyFh2saU@DKu-?xaWa6Ov8prS5 zSeVQ`O0eBI-25CfMWJfQoa1J))gIn_3H|BV?P@&us(WnvlBsHgH_tvqREQ0QU4~;< z52+8HiMfEBtHVZYB@D&<3rPKKr=2G0Qhi9abhsxCbKY}VF$fqFSfuXlCh$Z|>JBup zUIG)6os=sHx1)*XHNG%8h&ktUui7P z88gySyIy7zCO_a0{{^d%+dZ~Ty>5_I%u_4p$w-jKEL;Y5+L z=p;u}>!Rg&V>D|)N_@IJ>XeNg?=9 zF*=JHe!$X#P2ip&X|d=O0&Hlu^K9L>roG(#{zQ&9C7~~N57nh=KFIeb8=kOPZo;#h z1Qf|Vrt3}F!*Mt@cUcanTYSi~xdFmHvLzh|%qb28qx_MdHbG$P6N1~E8(89K{0oS_ zbIk|<{UF|S(!u{+&m@GYPZY#xgp!;c=djK=_)y+xct1hDgU4S_m0cVC1p|yqqYtXM z#{nL_$ho2p_XO(IH-w5*a%NJvo(WcQ0tgu3nfu&Zt^ZR{E?Bepo*w7|BUd>gZBU0N zt25R4T_$MgsGmC#Nxp8ZpNB(smw2hxY(A|F`MA|g-#)%q>J!l9Z5O&ni6oDiW^pB* zpwI7mqAO7ujVAGXxLX3^xSlD4tll5@z8weFRUP}%tl<~#K^csW)x0<>!R7QLoxr$d zx|6ToGCASx=Gw^hVY=h%oB;*pGrRJ4Y1cAJo)EA57Crom&UGajmsLBf_d!4KdmtHs zMOU4B=VyGPvp)CVhw<7k+P6M*>OgA7Blw`tzOU5XZBDjIg_*=~MjR^qao83S^HtEl zJp8Hx!nQN6)-*Z^lhHCGo9kayT37~&Anf#umOW0w4`PF#=)~{jyUd^k-E;AwJ^9mG zLhkO>sgig<%8?<>@HVDF;(RMxX)wSW26!*iqpM`ZTjcL|WBREQS_55SZ7PJhNYIp7@1#3FDbhMpEZLB}^Q2AgH-T@nJ#^&*j9qg!~cS z#jrK0Wi` zk?a$n(74+BG#pXP(;%+`EOoy7baR=1JD}&T+`WlPvIi7P5q=5g@haPPFwo@m!R0y* zunx!SEF_CQ+Fs4b@SH?uM*e2nbJj8{TDUjzmS+$Ues^oXB2zKR@=vKh8cC@+c6hyu zZJi|YrMk!vzQ5T$;uZ6QV|2y4t}KeNGSKXZvoN1A**ZU60tbyIm+Lr+XE-L!@7LtO z+JQ-;Zat&>1#i;a!QP_$|HzEILvmKBds|MLZ#q8@HI*P94-O z{dG$wbLhvidxh58gR{hmZGjT<)L9K?SOqO-1+!0x>gkaF`Gbg${d;9YfAK))@V|kk zaiUi-@*!;CEes8y{<=!j?WUG=%Xy?cqg_%6e++p{tkv`^&8sO(&@cGp@?#k?+Vvo6 z5%k!=3~<_zwA`ZrcOlDYO~LfJYjk;Mc%Tf6?L)-cz|)g#1SHz!#cc#@5Cr>4JxR-n zWk5ft;V&uF*Ew%FK8KMpSS)?}a7U;j?wwtNtOP^F#FAJ;n5x#P=X{)QA-)p+NKiv6 zc7WX6@wI$JFP+zwrFD3C?uiiI|_cdwW za*In&E#Y3F+(?)PrtVfzOGavn(wLV|Q)K&TIuHRO|g zi@#hVARM%&<-;sB!XEjz2fN&G{wd1utb#E5EX-I}+a@Z!Z8ZGTM+x0V*QDc1j;J|> zkZHW;KrxfGW1dziOshKfR%FlFPjh_lg=bUJgZy`yuAjv^4SNA|$h|i_m#~(6Z!?jO z5aYbpHY_zv9F1@EK7FjrVYsNe2;esT4ai!hPDF96Bq#z5c2nZp$0~p;*cAJ{?nww? zKYK8HAlu=y{wg#<7mx(QK%P{d&)33ZTO#AK5ni{K!d-#$pzJZnt{bBa!u023On*Z6 zIJDqO-Rl({oYWs*#tXAb-4}}pcw;!pH!qw!%xI4q>@B=>d*^YN6g3WtCo3QU&NknB61a1|}KWOH+#hgQM%WHC$8r6o)JK z6_V)BhEi=SRJPSRhfB3~MXJtFQto&yQ;q+$OG3Q*t6(S6u{Mh#kQ&J)@zortamB_V z4*Ky z@OZ-SgMPdHw)K>S-*~-08B8N1s1y_ILt{F3bM<>}r9MTn`M8OLz<^$D^8iB{c>_cY3pKw_1X?A8a;1G?o+gO%9enp zg60=#Fi?Cjrcom?05pL9`BA9~JM`a(jio%JG3oSdre2WDNMZ04{4uC`hzI+9C{+dx z=1D2~k)+u69!rjBFYU3L&cpUH@bPNU`BMZW@EYZhD3Z9N*d3gD@NU5bBj77~eXYW} z->kP_t_hmN(KGybA+*0DJ}IGt#vzH2ewnP#BZY-q$F=a(+q|gWx%(8Q)wHK?9G1%A zz0YWCFw1rvCZCv`euHZ-`G!-^|n~-+13Ui8z{d23NAK%>rQY1QneQJ-? z7c%Owz+djubk*CI`&{niT7!Qz>C!Lfi}*FyFF&sH6$)!k8R(YscwtYN7z#h zaDnch-F=uFVnLCoTV%MvP*(N=gGqf}Ps8K;8gjjH#7W*;FWDdKP*m_!ys|vflOskA zk=EZ5?s%XU8of$)NA!{a2J&j)IlWJLpts5AF{mciS>RHixpqlAseMZeW(fuG`Dv^sfIitAr-KK|uiUw@-ap#RdNi}Sl zci(+&_cY9~hmpH?m6q{qpD;G}Ya<^3=f>nJJ*l0PDZCEJ>qa%7_w={K?{8jcjnPd( zyKS!jqAz^;t)AH#Hk}#7303XY67!zoD`_jay4OfL(JalrwgjSbBwz1osT1 zefru_>c55gJm|f%=G_TS3Ar&;{EdKq7yKy@n8QZcd>AXPI&n93g7`iz2PPiX^L3~p zo?F~4%dU@`>bZKc1jGJ=P4ClpBXk$2ANvRbiuC>n`LE=eqnzBsubDhW*Kslw#c#cw z>@;P8ExbdrHsTwYl{&Y<^?Qu2o*GJR zJhMG+R~B)=aygTr<%wK(0mk_34&BB*&#}H0(-TR!6RWIrl~PaQt4Y@>IOy}^yP2zw zNeV~7?6}sek~eW0s_5Ko9_zC&y^Z)lG2rg1Q-DzJ$J_UHr-HF)=Aiy;t52uQnW}pF z_}#b58v$R_|TJzCqCynT+X1(8MUZj<=cp`RJiTzFK7M=`sYx^9p3r_BZvUW%&X zVLSj8%C&MB>45+c8mIkppXse?>~{ni*R=I_T@)Wp;#GdZ{kHz`yt{Y3LCu;CTfJPU z57Fq4UWHcPBqGE@lc zy`mYna?UW7v>29{n(y;@5n0KyyZNj6QE~G3MHR5k^3vwyL(4Ju3TwbNkB&UR{J!>Y z36Z+l=iSr+zn#v&eZ5mAvuxzf8)>5rJ|24-5tDpU$d{>)A2mJD*XP?fsZLFJqQXH9 z0W0{$qa4V_Bf7b;FYkpV8|3+W5b z;V2jclKEZx#-tJOI48mBOa7G+q>L$J)`AkbZD-}aO87Wi%((9yBMPuIbD1adk@sFy z@vS|e%;&zl=s;%c&4DQbg;PU!-3A(jd8m;J^RNf_~e{WC;-maKxSRJZaLSCxP zEO1Ru=q9^o4o5a!|x_1u<&`8 zKMPm2t_8#BeZaMTK1jCAeSX&2T7R>0@(Sl!Kl}{xYY)xGK1RpUiYV`)P#2H)4fxq5 zshS=B)J`I%H2DCbc|}X!yGlHwdh|)aVNU(P!=ViVfIMM=UK8BMg+0;{UnGW6$z$vf z+QPIw(>UAuJ`iY+sEI++9sUQ#5*VZXM~aqI)K-t8;vOZjE!7 z7QhVFFE+RZGsev!V+dUe&6)aH$$cj5d>Vw9$w4ne0P}x@5pi8+ojk%!p|qJ-el#v^#elD$4&aW&uzq_32H0M{9}F6 zh(`lI8wnN^=$QY-Cs-1nvjg#m6>FxI^M33FOO8AZ_z8WP@gD~IGx~c#xE8JdsjWvu zi^r>%D3o+b3@d*OXcf_jm><~(2hI^x%6m2+%G+cigpZ* zz+bJ;?e&`uG;#xH(fb`h)e_Ii#pm4pDr-=G^$xntvDAJ#P1tatC$A{pN2DJKoAByC zet;8Y`AB|i-#Pj-a5Vde596C2i3`kOyyMo##p60u$~#mJdikIRtvT0=aJr#3#As42 ziBJb2C2J377V{^Whi~-3T~1H;g}&=|Oeu#-)L%1XWw+no)TsC2iR2M^2#?L_-!B^V zgz?RvZd+M1;_)^7ZbWG3F%(?PhsV=SNIcz53i#(0TL085(k zXa6)yiU2s{-DHvT?16OM6Madrrq7R??%mi;UMf%t&D48f@n7FYAq6D_DI))S=&$eL z*HGQwDK7X;c7XiR2ck?=&S}UOXHPfhAwPk%LQGHJ0JO*9Ksu${*WzM7E=wrrk=)_~ zUbq*{gii3q+)nsJqnDUtNY{M8_!=OlJz)k*^o_J^_j<1$GqAGsORDsJseUrTp94Rd zLB}-q0$E42FYNoV$GEWcgSzPUk1cM4HW>q;e(LZwQgVdm_FTWNd8gO+l3utCO-wuy z9&W^z+1(zL6NlfBjE!43(*ga7i3=;0Wfvt0_9alN=7zUeD8(wIVj}I8+36+L53RZVw>+ethX646)vn;*Y9U^K^YN-qAJnV1e9~@d&b>lq+Ls6KD z@Pa_BT2oO_ZW4D;&cyH1!B)Qe%Pux?_xRY*SR83n`Eq*-8o4q9-_J6h9sgdS=g6;` z9`t)8&rTN`E1Ga@%;=6Nl1m-Itu6E{`iM9%Uo*y4^iRrY7r&_EzSF^wn$Ahcv)YMo5RTB_-#D zCzxqof5EVP!1V0GW>`Y%atVzn$y{*6G%J6pcgz+PS z=ZHHT#SgFF1_kn|s+Qtyx{ccHFvVxS%TjY7-5d``D_dZ*5R}Ws zs#J86+Uo~6YPbeN%Sqn-K?&64)A{b%t`Xe|CW1FT%yLeP&F zSQQZC7qK~Dzsj<1eEw`3Ro1{6wtJx!MHZgfFVW?`kNagMZz@BuW_^E)aEAF#UY{Wn z(2xx5S?U9eEiOBK&%(pfLAgm`A_wtWx+vCU&m(j+(2hNs$B}e!OyQZu{FRyRUfn* z9y&wU)|quVFnJL+gfLnijB&Ofh0iWioC?z4pIY5ZK&yaXx3R)*t9aE(_K7k&LS9aY zk5P-Mn18bDebT8PfYzVKjbcs|*|<*2d;15+(cC#WpH5MGC5V;7pjo*4@r^E`Se6^= zA(HuKc4stXBdfPRJ(MoAw7mSwHQkU>#E?N|apC1&=-vamXAD9_!AqeWI1qCph<|hY zdme71$j&$m@^N{f6V8yUq*M=SroL0UeZw~T#nYn08vBW)0L5w}_g$WAVVq937(H=~ z3h!xqK3a6q7W5%)4>f};73A>IhMVV^+mDTv0kW3hL?qgghKVSXaMW_Y{g5N^1(|uM zrsjLTT&&hzN2i@cuy+>H;9-{1J%{q`h88-N1?Ij|Ysgu3x69WjT7*CKj_Us`w!$Te z$s_#@FK0*qE0rvuDim~53)Q}h$D^n7K|>k*mVb5ngauMQ=MOC<{ZLNFOC7>WpU%+3 zIqKsJ-~^FWE@Ns0imKJe^{T5|tnZJ!$0yxw9IV}HI9}AL85g1@vv6bw)8Zh*zpj5Sp0FQ%($k8`ZmSP z0nUB_)hrC16m?STQ8N1`>vNPwPsJ7%I|$JmR|RIurp4TEBHjHanr4s-H0#^he0Fqx zaEIjUX5F0wdkvc;S$FD%r0%5ly|FEEZ8H()L@*a$T^=TVFYq-(LK*V8agpo0o>A~E z^gNmB6ht!S<-xoNxf~UK8P)PfF75kDDqr-#^}o0=bUY0!Y#Nde_T&vY zgeUaV_?}O_Kz;W2H^w^K7Yc3qagR*M6>m9((I>kTCxcqgd6gheIdZL@4|hyL61qbo z>mcptho$tw_Xt&1FJTs*Hz+x@7|>^!CE5_jQE@j1lo((91KfmPmOPwfSQPA)`0Mvx zImLrT_Y14{&~Cv#u$Yu@zPuk&AaP`Ue(tMfU4BCO2$1;|eOJ0vinZ+SyQ1s2xcK99 zz9+E!#Pg>6me37Y)gK*K!6i#B=z~ZP<^wf8D$K-Ye;u+8iUoZ`zwaYn>%F9QxNu; zgZ0wS@I1-UCa_RLb0;ce3ws#sTMzRF{2~D+F-=`8!R#^{z~1 zpz?6{V@%*_FPLy3b*IARs-a_BGft0*052FTkPyDj4KT#2q<%!Oddq8riD5t9Dvq~d z`|0U~d|@3q`bDz&V0+^ro}qT}xjjg4_e{YGim1^o^esezvNFPxQeAP0CO<{wxt2!Q zjUsbi?}MaXAsOIetP{jI9K4C_&2Bs7Oh_lUFAp~R)-)-Aa$|@d+Ddw06#- zB{}k?y3`vub~9^w`4JyL7Si7MB^Vv@Kj4dUwzqI?70!K$_mm9>L}g%XoFb4buDWQr zR`f!?fa0cRe27QV>r}Nwam5l~q3sLUy`fDpg<)X1hcMd1vwB)aw|@FChC@z;`)NRA zkD{!Fr@r^uiphrywrRg>S%lqf=*|Z2jN!b4+Tw2#-ExvR*n-lWaQ!}th4Pb&I=d4* zop_3XK8|2Lya0db%)Rgc@+yR!Nh$ORNWb zIAegmqwmr83XT}G@6R8X-?pR2wbq9C01u2wLP%2_V++vA`<4w|*U-26mrC8UEaY%h z$#mqAPeOa|hth(=xyXUlG?VNorMZVVb~3zbl@n+C`!zG=_l&>fHT^Pph>NuM^+?2@ z4{Sq{BZj? zwC|0{&qr*!KZf0OeEa8T|HN*X+Xukt1$F}Pz#XI=hCP7~*U-Y3YQaO%_QeTFz$+o4 z6Wh2j-w~k^jCyB6_tkU_apV+a#5ZLd!G%5ZYI#^RZki+CLS~RZdY5ovEq^CD%WY|2 zK7-)A20vi(-P70(U!Qrt%r-ZkBl#Q3yvGvz+MGfLhT$jP!&q*sk@)vjrMJID2?b)fR#SVqI$8Xcq7F12aqlza3-`m;SV@7AEN;jJ7` z)3N%9zz>|Ad)a&+V*9xKo`ikVv-{03C|X4uDs_03$EW}gBLNNEk66V6xAly%C#2T! zw@nQoHWpS%8Z|Qjz8xi~eU{5k$L#!xg2zn@1udMwN!8Fs*r4$m&kP@q$5;wC^$;x8ydIQJ6 zxXD}fdBNIPsRw+npy$o2kIpJ@&9f#MpzFOJB*XohLxYFE2B&k9h#pm26-S^l*x$jF zX+{czyyIVQQrdigaK{JZ)F*wqVQVJ%2PG{c`~pN<@b#}y*UM}0mgH{LwW0fZ7Jk&q zHR{-ZRzc{~AJs15(`;%pUwY41v7(v$R%WXGhF{i_;Xu<9mS`+|}t{@sSedi_y7ibZ)f!_`(|?qwIJGjX1?1DB+0rdP2L`Qx`wK{ewk` zrJ5c3=Ax}RKLwW0VH?_Y?TzQ&paNI1(5&_id88kdsQ|9M2IC6wWF`jiGQkG|kcK+; z`qPC9KY|YnTZIhUcBj~Y;S~8DIv;Tkynx*@E=^xlH8;&#>O;d0qqOJVF3v^RYoLcE z{6d{fdI=`w(B@2ETK9EH%+`@+DX;h6;?7PIA6}^FVS$k>%VQ}XRV2^DEx`7GBd_o3 zt1%1-QJa`uZ3<`8JPLuWI&~8 z&WueEY+OP_B!K=f?~m3SVMp$t1_+&fxfB==rO$mvlq1!VY$dQpX+cB&k=_DT!%!)NVE_16;MbTv12AO4(*I zY53kEtFQ_8RqhZB#IfcdEwdE4d8LBwmT}s}KGRJ^k{N<4$3-s89r!xs5pB0(2X^GI z<8+mKer~Pvw`zR%823g5I3WIk6r;AM+U{#K#@Q~N5-#`S;chAR3M*~PnXL+iZX&;j z5XGq-GzvZYT)N5xlb7)<;M2<*6frl}I_!Z~hfd_50q=H|qP+_cSGk z9W(F57pI`1e#@!$cu+lZSVStTRtBxyc#dC$7p3^ecUB9akbJn$FZdIl zGel&dCk5nST;R(W@7FBj(n7YP$bI$nJ4#ijcW(M*Y#w0G3%qK@1uq&_`}y;Y2~F## ziC3AuPcuNo9_8MPz|Z|2uD^w_bDA?!7stGh5we9PAxRflAD*4ucYH|%t;)^$_4R&f z?7DIbk-b@TYIZpxGJ0m?!^j^1Hc7oZM*>)<5Co+3R02K4*k^v(ZnjnFNwn;s*jI6`aVUt#{IPKXKimRUi3Ra=$hAnaeU9Wc$Uc zA?%U>ieNh>=Aoqil>R-FLWzY-^vS!vapjPo{X5y;mW^u<9WHs$4vqh~YT46xH+T0J zrq8^&D)SV&A`e>n=NQ0QXo;OSwaDcBiE};vK=j58Pqu04R{puiEI@6@?UQ9#!l- z7v83cmHQ39yj%`2vDsHK8G;_T#UGH@dWbAc{^o*3xlgds5^x|L>3+Fx`XnCNeFsqd zid#-?3S=rIBldS_0RjI!49%|zpe^AJ?i(Wc{N}j7eNQBV9Nx<=@s*RHI-+snzHH)t zb#L%KFn{b>uzSDHRFpyYJ6j;m)vULFK}k!G@_wX$HOgJbl~STJ_w{Z|`>an4Z>aI- z&UVeAD<;>x3BJ!>1@o33%I$`wLZI(48hl!ZekCw3?6-HvVCxxfJ-2oPtg)Yv1U;g; zn-G;`&9q;X_DARE{+OCk0^GS%tgTyRu$SGmEkDbCesrKR$n%iT(OiAX?wtGi%@9|K zpE6dyFF}x8vDwRLvUs)oRbQ{l!Ie@1dic2klIYme*iOp4f7_mBL<4?x(>}+G#2c`c z{jd)j4=N|u!CzLtpBDV%z|*7Ts)eNck?vhbG`qT|o2&=gxB00=W}FQlEND~G{Z3&)i|C^0^<5(bCE2TLTNXC-}$9N_M3Xf zT-zsCw`S|*6nMjFU_0gu|Lt;P6~6RbU=FWYJgYpe~vye-WbG@ ztUM9ezW#`mpr4t-)YXdW#ddoJO{6~`Fw zHB}oN6P|Ih%un21z~dF3OYBBgga{t{O?rM$3Ve4!>CIGm;*SXvIX$PoDyqLQ$7?XX zFDSh_S_OIf`twjjocHg55%~(;nAp<|qq|@*G4{ok>8W_x_n&jMIpQ0Ei6T4BBpnvE zRN-FE&Q~8c1H)JmYNEV4wHp$3#m8dU=}VoTM}+_I!>c}fPK;aj^NH>(g~f(leTPz2 zeaexB2%Ee-&ar>&i9EgBUhva9M6hq%oPE`5Qn(F0m#4P#Pc1=c7P^0CXEEIVI4`VaDF z{pJ`{030RW?Bh{Wo%dx?yh?%#-tr7@Gdu;EQ_I*ewNZOCfc1BFK@6Mxkw5VR5zy0w znesx;cxVku7gl6si`H*S|LU(d5m>}^c*zsqVWYE@yE*ggh5nHSh%rp}_3d~|yEp&H z`a27Ybi44eIv-0z9V?7T_+zM>L9JXh3XOXPOjvoRKuu>lwRFY))4s7x$CdR%XL zaSDr71m|xfgdTyl>yAw)Gfa2H5AN( ztd=imxri8D>(?%6#&?$>On-7Xm~AH?(gg%`!p|Z^JID)o7%?=M{$){5h!eWHdrPoW zM`Ga_jt}ry`>;34sGA~rFu^q`62qUrJ8DRNlvH3c2BBA@FYQSBTHsCqoX4k3f%ZPw(wZX3!kXNOzEtjAENkykA=r7@?sH4 z@A_a~ac71!S}G0Xp~2E9_>~NCYE+3=9$n@f&&d;Hp{pGdNWq#LPgAR@m$!+%M0p&iLC+3x94eE5N?l(%@D}|wK>g@+ z%_gtBKEdZ;zu*pC9UT8KvyO6pE!aC?9u;1Gu+;24ifv;E#-o}}{Dlw5%=Z` zYXIgJT)tn_J)s7x%jNe}t&_)Gt74C;Ph>4><+&%mVN?|mu>sWy(s+l$*ZDAoX5jK^ zip}(&50bXT#D4LP@@vIPjipG2_~CEDY|5SYY(N-9&niIavX148x+ zZj=5#B4TSQ_O(&IqSH`Ve)r=18Rzc%fTHHIZ>MG{QKO!^CDikR`d5#47=`SzHb|{I z!PV(rO55u%GO>hD{)cBQFDRegE;`jytoXL>b?P4XQJ~%R*HK$J_`HcKs9o!qfG9o zCx!j8Q(>A1=U0ZzBF#*Bkv3Mh5*YltHZ2Bt3^kD_upAVPm3+68zr@F(?j_rf zD^P7yCxR+}DQ?om+%KWiAY-F}E@^?_QSH`vngzcq4= zFRJBnmRMla&K`d-OPtW1z9{F^{sZwPQQ67_62*dM^02+Vv*IWcReHhtE7%Pmzrw`A_1&|s_+@i!T|GiUFwH@zIuoDcYN;w0p3Ec2dff#x4DN?l%^PRj%EL( zr`Z*x&Byzq8wvZhN8EyAT32%&AKKM=EI3Ez%|ZJXj{eezzn)9{a}Z&b0UsCi8yY7z z_m97AydK_$ZFbtB{sWvg?Awg@A2VdJTGRooNPpxac7yu@it_NgAO5YP&>7)?^#j3i zQ=X3n2Ol#=`)LtOl`*ynWXl8uu!HSRTL6C#XP<@VfN`P-R3@l4|9YQn&y$5YM zJJR2}Vcv^av={36T-kwFl^NNXSt$8aD;Pi8;$gHOPrn7VJlAt0gw;N%gl!dw{R@eE z9Orj>Vtf4FS0toN&*&FIGf|4GN(KuVclxXb7kyWU7X_>!aJ%G zBu+UxT3?3Dy2z#CvHHlX@;*Xt{9Cn!v(S~wvuwzWzhCiA=C%j7U$w zNBXIcUk6s9o5#1sv0Ab_?%ye+u`M>L@$UzJruPO?t5$@Jq&po7FY3Yf`0|wpKXWoe zcN|`FIPNHEx!J9A&Bw5^YF(JxKrIo+d z`&b~rK6U~a2Ifo^YEo$n7fw&|)59#&>EOZem*hHZno-rq;~pN)CihxdxjCZ8UL%d; z9m8A*WL{Se6HX#IJ`gffR)Nr)Bs*&VeEUZ&_cLK)O=azS#X=1b;Ai|RQ0#->eod2` z`FOSfHepcc!12Z^WZo!f!j4K<6gr%tnqW-%)2#@BUM=lGmN&-6>fX(Rgl!|3LiE!T zrGB}pozn_uuRFK<)(v4AU^B^!EO@%yL%;Eiw)P&WyR4zx^~D~a)67O?+_vYbb9^N= z;hsWW>aX=a^~%ds@7vJt@FSUz$15r;-tADn3LBkYFZ*gi zJrz#jgE&ozaO%B_Djkmdg=XCqROgS>e90A(KMw(axi1B9+YdE)VV8@tT6t~->iUhT zB!#hk`^)qR#zbV-|ISV12Py)9asMq02_FsJ*>M=Ly+}V6Ogwhyq}1XO_dOt^J;Xx& z$)c2F{JbUE7QFeGtl-N4!Iv-=v09Adz8pCWxND^ji7t3umsvLKmU+CzTNNvjKb+C@ zrMYIfBsUa)&ii#Vo7o)t`o0dp3Q?Sc%e?(5#pd7giK4cGN@zl>4JHlW()0&k^%Ot@YKK>~`i( z1bXKg{OdFMpM~^Pd|z-4xrKN=@K7d`|O{H^~{Iw{_F_ROTHb)>mL8!ns$W@ z(AUIN79-A9n>SH4%y2|}M*jl#EmPy~MK2q9jIs;ow3)r9MRt2^c|CqWQ&Zpq?0Kkt zeXIkLxwxN=e!9TbsfKFR^ixB)e_y+G`2iCmqquM5>mF~l%2(S@I@2ye|3HsCv6Uz5 z^1aQ1(Gy_giCGM@i|oeM1Aje;dYXkd6QI~V>zuq0WRs19K^yQHBB}H^Tq*rDChA$_ zn`?8vzF%+uhj(g)Dm|XXZta1A{PqYcdq|Ov@h8b`PWHwOQH&MB`Q5?0+_-M7-h@}Y z_qW!eQruTj0@Ze2byTI>?D*k`r4LKpEf7Eu?{aM3bQb$!jSu?W<8(ZBPGB6KK9`GKJGK1 zrup|xhw0nU?{zaN(WHC(MiIqC(6rm$3vCq(8&es!`j0q?X5Z=^sC- zs3I=52kO1JU3>^0$$cLPE9qS}kpWnaz;n4W>-dg61}8(TR#3~&P_ZSCRew}vPay#O zwbjK`URBcG69$gg8glX?k5O?sp6e$bmdpJQHj}-x9`nIv0vNl@yU0_JUkWlgsNZ zb;&g@CwQZXHq+~D1X>rM)ALpY6H1^88Mlc+0ng>0Y zeBw543T5S@l{1_tHtq43AA*Th%+kz_5GtKB7hZ4AUi!}V3M0)AJIdU9+m6B?9(q4R zlGUR_ZVV^c{O(!S>m__6xlTFNM{6&qjw`=8rDgVlyteGh^FiOiLm&}6y~sWH#sWra z@)LXx$08bFoleX!anPac69oJ7An*q2;=-21KGkEC2tb(z+552PT4W@adA+jojVY3-EYZ zatQ9~9->eceWRT8+rhdoOtK4V6nPfUY4zRiKxVdK$g(1yH@O0B`=acbe|p~2JUWw* zRVO5ya>P<&UtjHesMb&to=;GcU8#Y;)+QBj#1O3Tf@$80Qu6%Eck1iAn|T@AIys9> z+v~K-lk`#K&JgE!^fXyTB*Bm^?8D^LD!UF-uFQ0_!s$|FR#oU}6W_rC^-5dygMk7h zGU>NtEIU6SGd)KNJM1^Q59SI_)b0l_(H%7ZRR@g~PR^r#KdI*OHgCcA&BJAF3m@Gr zYq@fJPwa`12yF_eCtrB(%2tlx!9?DF!QC`v#ag)`heNzC_xcCxa1z$0ZBhq^LsC6Y zkp$Oe{8Zn{YY12**3rBk;4D7F=A#T$d@x!lZ1IL^3LF-{e?%e*vgR!u82P1Uj^PUg zLrvY4g{UIN3d`S})ehoS95L0{IlLjh&lolnqPVFks;kO>jd8sN7Cr?$f zA-`k(b?aBV2NA!&R5J_+Iq8sPhC8h|^eh*@EGy5NoZt85@9M*D3?0X3<-6G}yHSVS zM$^hS!!G~Mpo647pWBkSRM0L~PiF2;h7z8B}PA`K63Q+2_pR*J=HMt6I@0xMypYVM+<7!*$D| zv2LD&XC=O<`Qw+dfYQl>llr>1dfyWgn2h%2Rtdy!j^HNOzH)v4Y0I!w9VVC)@4YT( z_5>aFY>8O%_}(;N3Oo}fWe)Cg4R4)3lUZAZaQ*?Sfod!n1|Rz*?5taCj$|x+_=RZ_ zG^@doNO}4RfM-{-<_M&#xNxxPdt_0yseMN8K9cvw>nF+oB-`a0-we8fL3Kmi1HT0` zWxbpri@P9~Ap~5Dc}u7-kURBb zacPtTYaLocRR&=6ZZ9fJ@zmPEYYG*C2J&hmNN>{@X0229 zR@r`!h}>(;SCX7Kd&Fx%HKD_XayYd=DAM*ICF~iJwj*R{sg}^b&*A|i5`~%e{ZYNV zIO5b@w;i}E&nK@AVM=#?D2BFA$0zrP-FnsTi?{lHF<32NAN?1_+NWT6mY*xEZyJ)H za=1(nXKTgWFCe56YH{Qpzj$lSk^kJiRI$*ahxU!{vLR|Y@tU&?r^@jUZ28oZ7B;Sm z{u9%ty$BRnjEm$6_9SZBbA08n*ZT!&!|+}LX-FU<#C$V-^{(5p9vOHt@xgbaFCzWi z{8y=l*%!^G706h0QgeIch0ntuEjvP+b|H#<_nDf~@|_SSpfc@V-yt6-59cH9iC=0% zv+XTNeJ-!>lv1@&*lPhKTZvp^cg>|d%-S3CMe&K)=6#n) z{6iOu3b=r+|8ty+UcEjFS9hpK_p?P^GQ?F;`yQlkdW8p?OqSnImX-o|# z26^mmlXL%m6_FWvnHI) z`rD4g-8L0|_3%kJQDX37ndaUEJV-BStot6cW<2wxLQaF||JE$gDlm1n$5dWz(C==D zy7o0sUDRv5?7a!XX?%n4LcZKTgBg_KPIVz4Fpmkxw>kO9q2{yXHn4|TPJ3Pi4~+IZ zpJ-!m-AGkZoy=;PU#No5nTs(Rdln5w1-Zj^v(gUly)SC^3q zf%jbJV8cC*xH57i<~-p}c35%{nO}_Sl$r2dFiBs$&;na#Vw;?)TX(lQl+%Rmaq!}& zg@6rWUQOJ8#m{jxCafS5&z3Ovvzrw_gVBAL?7?GA11}8K2Sp)2pWF8QFHnIcj z=AwU70^nEdvD+AJ!&f4?&1qDJ=c@Gf8#`XVKGg0t)`j{vN8P-~sm@k<-RZJa`g-g; zItmbg`1nq#UST|+3JI8*{$B4JpIb|4TKDc1Ie=~el7%OS$YYi;3EVRYhP5j7O&ML` zL4SS56vId3P`03bqpGqc^GEiybTTu0@Csm`ZeUA6?>Idb-(y{v5sGXzWh&5KU@~qyyWj`JF_tn}9(rg( zk>JX3W4U5`fWA`6%I!yPeE?#b0Fk^xd;&t(qYgyaPB01IjOpJ0KEB5Q|2JT%HFZE^n?u(Cgo_(XMP$^RP zEA~~pO(|iIN!2F>xQr+7_u<|t)TWbjmMTKJt1litod1z@U0aGOQS_HY zqK}{?0g<36Z)BC6!`IKIXRW?Ln?@{(suOmI+K0VyAr}JY!Z;_O*?ia%KyvJ%ly6m& z;eaSxOgl*~z@&yBWg=XgW#%W`L=ImZdSdY->YUqzU2lKz1Gj!pu`|TCXy0RR6ujA@ zu#t-o1kBh9LOA3YT7U4<1^SD2oBItxb;*1`grPchuPyvC3ASWF1HSXC`c5|ST&i|b zzUIWBtgSxL$w52EKAJi68yvXJq1rIR3gHReAEWMcA}8Y`)O4O9MLhrf+qL#m6jZV= z<{95z;j{51nCAQz&c|8weV!q>{TX#pb8A%RoKhQ7iCN-JqR>UO=sgdEYx-b=NC=Oq)t6_M3ftsJPyNBvb7PNNr1OD& zhFLj2=aV@@2t{jryK%crD2WF#><_9B@t-4WM{N3B;Bk+Ki7+6p9|qHx8-B)p#b=jq zce%N7yB9V+O22^;aenp<2;OVqP&UjvJ7%yERZ9FV4);J;-&TpUOS!-oJ(+~5v^R18 z>sWpr0=Z$pT+(|*efZ@)0`lYykwOuk>G1#u2{q0``}LP8=F!bQ<=0xWwc@P&(4D8T zUZEl24jLJuP7K14hrR)VUJXF1LSr;`F_^GYw|Bjd+D6QbPxyz!3cI&9!Ks zV$pm)l2$kna9Ji=rur#;x!VKb)^rj5402oN{s?0&=Zk8iR4L4?zCTdYZL;G&s(E7H z64grD`qPSgvNwdvm!^!*q6CfO)#4(o!qOeizi;$;pEPiTPt3Qyze9*89?ft&jQr%j z6AzNXTUE>7RtaHQO#&9n-XNvwod$;Dtvh`dFYfIQ|1gi!$P@kejgZ?R z0i|Su%{vaMiA(TVcs$?(J4Z%K3DWGo<#0%r| z`FTW_VBg*y3356N;YNEPb$);1l>yQ{*|#eSQlvP#w(_K2wCutT1+?*W(Q(1I|4GNG zh0HZ1Aku)}j+evrOuahGVL<#&<4oJHxh5@LVPbo`oJW)@(t;^aQ!_So-@E3`P}XnX zQ}*`&Gi;;f%GdX7?2CmQlrg%Yyd$fDWPgX&0h+?igWsFy<4byvET)vLmfBuioXm@I z1_EI-P+|OCVP*0>HKEnQS0wy4RBK7`6D#y7g!Pa{)r~ZXt>D~!6k{_F^Wh6Wi73p8)4R`(vdbs9;F>Dx9yj~* zaN|=KQb*OE8%URk52HWy>zo!@Pd6*5e&7A? zd-{##P_bRd!dWcWpNrhj^YRg=cn|;oeuO<)IM~*{Q*fI7c^rB2rM4$z6<)UVrNbPY zC$=bQv8O0A09AT(bpE}swQ{;NNGbp!Co@pTm#%vq2XD~IWV&Tn9e*-V^q0MUpbDRU z$mXpMBRVeSX@3F^a&@+0YKEi6l>sL${$!`-LY~4voZ(A0lG>c{AT&!z1*2E+d)`*8 z^a6L5f2H|4bvV_%D%e%k?huK&z>&w$JY=mOM_~6*w=5pPuV<{x|2d7LdgmyZ>q~|F z!PDu0Ky1;(#naD;V;qfs44Fhnu zw8JMi3s_nlgTH=fwf=4ct737Iyg%LP*ZUbx4WPR0HHP+b49%Y)CJYf_KM4RiKIWI8&iOud$o&?a@DFTvCiH6m z76!cEWaN+#?@VI^>FM`mTPTML(r|SBf|Ant#p3bqG+%c=Si)cp^1;U*H7f^>eeJp7 zmc9*iS*D9VZavfSXK~%ExUm7wdVMdDaLZZwwo+-p-oWC=;`^C9OF6aV(En_;%`p~~}PiG)|UonB58 z0%A?w2JUnYd6KU8nXR%T$Vl>^Rn7bkwaZ<*f3G024Dv6t+$&d}nD9<LUIA z0c`Mtq#GJF8iPdcHEUdV=l$zG`mV`~em{K5Yc#`k@3u$~$to(c8egcu@zHgG6LJ@* z=Y@E659I|_{PAmcF$}z`X|i~m{)z%4TcYuS8Gw46`iZ(d&%q>5vb}o|08e>fYe*ne?f6s!>O8&Y?Et6T!fW*!Kyl`S?ppKs~kQs{3$_ukQrV z{Qhc#SajKjbACDJMq$?bNT^RoTlhLIE=O-Q!f#OEuKIMRQ+64lq~%+C`r%;)6)xRJ> zDq=mE=i{{pWQwGzNbelRsE{5B?miu*s{_Vn`cxu5uYX|Nw<9edy!lTZYM?_R_-5cj zKge0V!yXmBW=Z0HFv7rFhCJNj*iUmq1(ccr^sS}_BFR0Pe4ddZ&L>6Uh0nba&Q^B9 zdemVK3HHOi9swf@QnLbBt}}txs58 zA*`o|yrrV+vL5}|f=!}0KF1)uD-=Rl!Km(%+!k7ncDd|ME^@sE(Cv;=uFQgku(KaE zRKtx2;B`|n#yNrkp|fth_^eJA`{n@uCjm`>y8NBeB$N##(7dfb8uD~@vUB1;221>* zHJHFH?o~rNUY(BT$0_>(HmbeHR5T^_+xStPI?1p99m{vt%6<@Qv`b6fbIyr7E9>`Y zo)NSP;y!nT--#HjBc0{^fOte$(+2@~C?|l%dCzs(ldZFLt2Xh-gii(%SZ*rA+v37I zaqqv0#n_k3W$x~k_EAUoHhk%$6FDc7Vb?R+V7v3&GhT{peFco65x-7~Dmjzus2Df4|>|9)r$$z$B-BI=Ghy0472E(qyTJXJ5=`zruyWk6%_K8Mc(E z)2AP5#P@Az?!@y=>KXAZ<=Y*NKm{k3jCb6f#8TJlLlDV)bvq9W(MDy(1FgN`vn7*f z^M~1+keB#+MXj#C_@tb`FL-Py3j05S=>er>WD>{5au??#)8!%mE496XC#{AUPrvE` zzg>hM5O_O-KYI?d?ah}UBnqNQS=B)Lv1)ryq^ieyA#|dA*YLmr)E5Dq8j&ShY}qP%<0oPHs^$X&@@#BlKPXEj% z1pz&lD@d$}2&2Y}h~IwxD+>Cn;YTWm#iGt_HS|2#pSp#{4Tl*Fs;zYeanZAd;D1Nbg zPUWqdVPOevG8h!m*u`9ZD8-jzgId9+K)2PYtz6g$Vh1X4U(wTRNCoP*kg8IOH}egF z>2$m|#BlayKeiOQd7TY}UDDLlSs6J5wdp!&ym@nH4p%C^K$MGF-xp0h?0cJZYfjSA z@H|Iwsle2BL4e|OF3bD5^}_Pjkn;@%^oXNo=4gG8&kM`@P(uZG?0>$W4h|-)VBDaGMyr*;d%)`q6dN=en8?96+dIpYKG>SJF?2Kq+O zs!5+t#c&9=T77ANC!u z4#ym1@3w@7$4mp7+d;08 zMrdqlw12JZQy3FL2ku6jY3^^+QgrTc`%DH&z4I0dMq+)X16y=ocTjI5{Gkb5JqhuTr_D21>*5-4gPyE zLn<2gO<}Jo9FNfU%g)Zxxi-h(ijF&4v@bv}Gv)YwJf`pX(U_7qG&+h7Zz30$^zasc zS=urvbKVNjfu7G-8xEFmzKPeW*lWh#&j9;nB=^NmS<1+U=FuyQGuuNgkfA}Xs9HR9 z?d|b26*`vOla;YazTPDH!iyY4oWSkbD*=o9)}ZiGB%_*amAB9mL+tBbu3X}?(zT_( zeg{Cu!TuuJZ{=4M%n7+e8!S?$@^?iOl7j7Yrs)Gcbl#?OOoHxPIIXr9Wo#R^rmbuY z&G5v_z3zwYJJz*9TG-t zEqssjAm&OFfWe^cAQ5S}TVN4#rwMKt^2pyrn|XKLb=S<7dQbTLfQAT#UuAb{lV<>< zcVe%Gg1_Rl*8=~Reo;E5vK{Z6J8{vD@DFP2882XVeL}N3u9*31Yy^yE>U|)@5K`+u z)ZUM^036s+_fEv~bOm(}h8QgBG3Hh^1bJ9KLEWz2PN)f*^lrqH)qOZL+^8zuJ+I?eFp2ey6ucsOz9$bF z>sZRnGN6KFA(B0mKz1SA`s4oP;`6l`j=zlMiD`j#C8WdVM_4D$!t37?EZY#t!GMGW zKf6;@n6Y28R5(Me?Q(aSOJ+M!od-DcTO; zQjQaPd8x2tfLBpNwelm@hi-057-H``q8SiZ$TuM80kZSTz}h{AUAPfGOk>}&R&5Dx z{j)MZ;!6@D2j^aT6tH%*SlPpyz+=CD~SE zI4t#DhO=htWA}hAZx%&R0EDq-Qn_*D_R2_s_I>R4G}x9`KSuMDtNr08E0xjy zXiZweDNdX{!Y#_q()C3;zvJN3uWMC<1#~D?NGh^0e?ROa^u|BTNiW>h_FW z+;FP;9x_8!`rV3K%4*Oa4#cAd(Kf@K-`8RIX&3b%!tnRL#;oN!zs)buUt{|;8tWlF zg808L_I&|P(cO^%oI+$LjI6RmZ_2-X!Wmy|PaD~q zekSMwo*wY7JYOiN6TPJ>+4qH?ULVI43Z6HE=qgXEssQ3G$5Rz=JV9u;H%tBm6Ho5L z(jVAV#~HTD#yx`NNSl3IC;S2fYw(dv9Rp4Jsa948Z*&p1Ob*mhgy0mRSbe>LkW`nD z%;<}93wLgskY8RP0CMs#c%DjAC`(9zO9k{AIta%pjyr4*W3rcJNy$M^y?th0;NVaP zSa1N~F8{QW1enDg9$DkA#9#A-CqF6CqTYf6$>V)IeFYdvp6&cdgPF3yWDM=zv^J{s z3LhmNCc+^csf+iO64_7u%=H`wV}n|L(=|_=F`NcT2ir|NS6LWK7F6QN_Kqx{E z&MKLRG$rmg-xoB#os|zW`*EE6Al{sudk3GwfjH#kgzNddsQoLP5LL=DcY-E3LGfaY zv7jW^Em*k5t|Vc|aMivr75V|E;&mIj^L0U>chc?LQKE+JMTf5I;yU0n*F)B<6Y%=% zmA(ZZC;FCplf9*SAKh$}o>Cr7(bc!kF)%373f{UHM>VUIdAB0tLUZXJS0rD`ie}Q;sNuxUSMAZYmy6Xpq-t!k z&XHqM^B7Laes(CR=Lo-~>P_96*M&pS{Yt?^g%Jtf#n1D4j}PrwWY_8Vl`G0viSKRD z&QDcQa(b^52OdIJ4E~$oNH+kQ$CTLm91PnIT*T5?0@w9QtzNyXOG;`$w?u6#QUdujMlUbGN zi%L^7Jc0N(oM)3dI%S?RyR$OVXK8NR%b>E{ZSQ$98<{skF} zKP7eFsRNzt+G)dBI*1- zpEYIK9}PME`xkoKIrekqn@d;7Ej%6cB@PIaB)F4jPaJUNCi4jh8Fc5h>=eQ2nZxE- zuDUd>aG>iC{Ntjk{hUIX>}M&3eukMu#CF_)Jz`bkg0j`AEBZPbdkj__BqQ~bG$7AxR z&wzuraEc!4x-q|OBA)t%+o1D+#g3Tt%8W|~hrq_pg^V#{fLwhczlY=;Jz)%y3MTpE zsdMb^nh!#1UxgRSq4)3F^#u%RKdwbD_=UmcLI1Y4WVad-R8c`&1Jc%42X?lMv3%Zg zy7&nJeMR#!wF)!JFD~ORj6{ZcaeWrAqs+G8`Qb{u&vd$<2l(m~_V%EE7wmM>WSP=8 zPaY;)!u0he?F%7(WSc(-V=>Y#h@&T=|D-{1F=;9SKG=Db^8Q4GvD$PxmltobD*X2P z7Y5X%55ZQP_@r$pW5aRWX?#VBu!-#}+5Q^Db^2Bx~(=R8K-fVhxnK=Br$YF@k5h zWygvDJ>IfPfA*O^Pm#-ym%4VAR7#2QyamA!Luv&z)9Lr8P151gz`p9kvg4TSVt!jf zQU5R=Pp$Tz0+1P?7JNhRa3k{GK5+Z-Y)MASBtI?rm8w$HRM=q8PkjvM_^j5tNL`0I z=t`rzRJxzbg;`EtBR`^KA3XWbdJd2I`=RA`qZ9RVLUB%Ff<)v#f8LbG7dl#`KY&If zE~Fx&n2fp?$o$;NDGx&bSUjr%^AUE85rK;tY`>Fql_RH8q@X*9w;Cde+`G(0cDKCO zbD;%&ocHeyzcL^RWR%NltR}jrxln=C&59|VVpVwXDU1w{>%MZzI5t|lul3h7f5cGk zq&x7tY93u!vGF$smZmt43{HTWWvtsyK@1Jfe!Cr*pMSm@Hr8-NlBYobzoW2-^D*QSLMLh(N zQdCElNNcVwBdC1|4(*!OyhqdfgLCo06+|R$56NJ@KCM@^%QT3T(cGneg;||t&>x7y za`N5P{N~j%8}ooOhBQKX44}W`P-WA7%rqZasq_tL_ugGp6CClaj@Gn|M7tklTn4=2 zK1-DE6VPp`|I8?5)@8(&U4MrCRHLkb$M4sKg&P0H4`dx)z-S?7;L^`o&R(zjJf6YB z64O2FOuJ8KofdeROt9?(?lPch`s_2A-K9fI6K1_78S6v+d*rFiZvnWkQ2K5uQZ4D< zue!b1+w}q?PG6=Cm>=zHn23r$3qz_pJn7jdI0kZA9?7MR-sc`bxaON4;DCIvr&@}i zRw!a3(lcQ&hl3si@z>5rt+u=rkMHU#z0O6%ZB3xmJ@gyN+WK7Q5aYix1{s~hs7wgxvyBt49X z?fdi{hS@ z`O#D(`5x%3#6gE*TGn^2I`H^D;h6oo$Iq#Qs~~4fAjpeMULm`d+|M|L<1rlAJ(Byx zzlBWH`Q2ncj>dv0X~7!NZ!bFIGy-!=-ShWgchQ&rrZmhB1+#@5^(bztegv8#xCkl{h~Kl?^@0~z0#hst@b*7?s9m;0Ut zz1>p^m>fhnzbkYwIc7Ycqk2#O`WQ-E<#o=%2-&y9Riqz9 z2pRCLcyNXdxMnq#i@;Lp6K9nSn0POH=SPHGP250axou4+c8GpBjy@G2-vV*jLI1g#i1v-!}zdJ>mX!D-q!t z)MbvyE+aO$9Y4^!IzmbB2+TqDW+!7g!LGJB^@6g4d9mIJB@tg?>-66xfuNP z!#`ujiVvnZ=xH&emU<{PX$SzU7AuD90W9lJr;+6dr6JF7pv?; ztUIX=+@e1*I`b(kc#s|E@xmjQ|0EmFKsx~1X1L<&dWH&qvqkaE)L5O-`tzf@$ReMg z(%L3*eK~+Du|G2SF!{$A%^Xu=kbZY z)%ti}$Y=0sqHeCT@l$G_e0>ory`ZxmqO+4u$3FP-=964?@=SQAam0Cr=%UW*rz?nA zu$EM?fj2q0cvQiKNk3g`i?)Y4I4dN~a93AY`z=k0L4gm+t{5aFCy2AU9Vn8aJr3jx z&f-0k%JKI^<^Ni?p;VUqQz3OEhJ~4z)5-SA3%FhWAj0aN*+1*iWuDkGo~FD#=;DyM zOoOLnPIo20A?%BkiUKaa?O*rrnF_Bb)L`~IUl~xbxX5`1w|nY4aXRQx2l7rAMaLfY zqN21vd$;}v9k?(1Wlp!7KrYXkng*S00OY_CxiUA`Hk>$E|+7A>U$+LRvwwPF%FuD0>ESb5GMMI-|SCdgd@rn*;FvMayYTdF}jRL4G z9%t;>_dVpH(An8gaHJL(cE@Gx@>k|VO*v*m`yC6DNcpkq+NuBDn^*icVg~%WUkHr) zb<6sGGQ%LZU(?jw$MKJeh7Df$3G($}4)xu}rSrSLxg>U~J{WlgVdHsmCn%oWl7xH< z1%5|e1co~wwy}&%sBR@Lzbyyt9a16diWGYS!Tsp6>qnz6zbF>je(CSR9=MIq!$47J z4X$bFT*t;=i3r#&LGAd1lHP7~re_;`dLM^W|H+o>7!C&_3L~}EhjMPagFD=Fj-*Oa&sLRE-`>|3K1*UGY#D4_i!`^I zzo?3e1^55nK)fJd@5A>4;%QW$0~Fw7_r!i-i6B7JF@qtA$!Cdoem*AJZKDAnb_0B1 z-)6WYz=mzyzxAhVgy5{M?+7Y~$HZfwAmx9x>lH+OjDOz!j58S7_#63hA0uFC-xwI_ zejrXf2%+ZW^tZd84@WqNz!}EvDa6*=@pagjdnsJ(NBANVVQQ)$+qYdgEu~yJTQQ%G zHfTPOYN3iJt=^!|+pqF{Zf9)S*cb)o{t(!?frp6K(TB@R-q%q`Eheu0qPi|;pxHy> zE%gk!GJ*V+5fvDRbY4!6V<#D_FDduM6`)^%^99iXh{_~@pKXz;i{>LZ5pIV#KinHJ z<$=faSs}>9mVi2FQ9)7;j5$!ZChqUy_*K0=2T!J%U%_4q2)Q)nwz%kw#&GvW&%P`O zpem>*C;~Lk*GCRB*JT_ZhS=8+CQhfZzw}`35bS zg*{hfGB8yvQX_e-XSZ5S4$x!n#J=w!-XX>)=ARC`u8 zCwum20fZqG+AqI-V+C|6?uMUYSel{#_|D7zC`0@{0u6+!FRyTyLo|@G64m^vBc}Sq zme{!Y>S=*7ohLJfi6@lBthD)+-=_fD@PnTq8!yfj$7jzp+%6Y};vm=QoCydXD_{2W zZu(X|1W9@8Fr5hUN3Kv|o%rXGU)O>cq}$nkU4e>mm1nV`M`!`wLTWMmyl~OR%U!C1 zLMcJ;mGiwb_suw0xgU^g)7N6X2Vru3(L19rCVFcVV$w5obf1s`1cUBYa9xi510ZPW z8RD7`J!L;f!#cwG=)&!je62_}(?Y}m(rDVPRyO{mCR2mga{Zx@jvYFqZ?P6iE6D}p z7i76mICtM&s%?L;?lGjERSULhcx~p+;o4*>S+<+l+BSK*zBcaC7BFf4VCNpWhMurn zeM3F(-PG9=*A^$)+PW+U`yStzzlRmJeglmaPyAL%$S2IZfUE}h*U5eajpPI;c<`pp zP=3DB>rtd{NKnAfgO<59jm5n5!^bsxvXG}}!mqFhm;LeMtz;xsy|{k2=ItHzZ?S&O z<*vMd=cewZWU76--8V)yT`bH(D!2V}eT0|Wv)#hNe=++SG=b{Bwg)LW@@nzipY{+i z@BUThFDM^*OO2$749PQ9@cS4(l)?A&4|5EUcqy3Q>J-mwSRSODp}ijBrgeY)ftB!s zBt?-xD+@*eAj(J$BnS4j&I)ytoIyo=$D)!h5a)v-z&_M0IQwl|2>x$o$&Y|66mN?0 z0a9tyFL2#E$@Wu*w#|MleJ%AIXY-Y|o&qnczx)c$<@5Q5gBPAcY58^tfrXW876k&s z@Vr*aa=z&LZ~0j@TPAmuq_pa6KoX4E*Y&jDg!#>zNzRJN`Y!61(^nMuX>a>d{WQ1? zEk`Pk2`azrYYv&8_FM3Gzh@cV1Wy@dHX%{LIo}E~H^bzGJ`04pK&vOj5AVC`XpGum zru!F2%TD2BW*O~~-lQS(lm~NxyvUM>E8$YWv3>7Pix0-vQAd7C-SsZ!p$XKc`=`+K zDY`-)=A{H4G^P28?vmxQM)mz$#Mlo6n`g_(07HEEkg*Uj`fK0%>^DNleW-u*2tm3K zfLfE8xX{B$LTAN1TWU+co-aY?VX?Qz+x+1Hb|sX9Q?aE>^v%G7g=dVJ>dKK@i?(M; zjDU22G62L-oci9rLbN1j9fe&-wuJk#jY{ zAMr<6Y92xwY_$dP`9#mtNlGx7&LZDD9m|#=dgFP^%s#iz5G0MAY?~yWvz~_bOLM|E z0D~3(1^`HVh2XG{$M-4x>x7i2`{U^D`{eXdSaXh&;C13Tkml=!+joWihNeIcOdcG{ zzguER7hLAL&-b$;M^Da%fR+I__cklUZYj+EkEzEsGnTv3DaMWN0HC)1gz|nqOas`b z>`e^YiT79#Ppw!mO*nCP*hM~1k2GjBfN}Xd>ft=Z^R_X45{@n7HeeK8+$Nu zgH1b&VoAeda&+e7_tmjc%HDkR-%bmunWOYz#&GBM2;8p14TvxAlCe`?|((FNfgn=1{Zd(>u%?Fi2pE(pQLAKZ>fBKu1OCjiSc^|R(ufU)II%}@;z)%t%|Ta2-+zs zb)3E~%oi)cM7lR?|DGNo~)@>p*Q5z!)rx*!`1S9ecn}AKS8hUgq2?K z09Dqf+ylYmb1ys5ZG`^llcy6!EgMSlzc7{P!r0U4Tzbsuer=Mvt`6n;4RbRW(0mRQ z+-)-g=<##zy}&rrt?+rCGcBlrykX8rxpqOQp<$R7B!`YCH^XRu)jY{DFSX zl(}vnaeVp1PAzP((mO(CK4)AG+PFzKm(}<#Y3DpYe){7zolkS0_CNYEVW0(Crqd{{ z#_lvd0Km}h+kUFU6)Hg1ZYUJ&WBsM?!>wtAeVBt*qfLd6ZlBweZawpv#MjVJcpE!o zAMJ5%zklz{z!cbIBF?Jq`6I@-zj_)#fI2QR$TO};3=!*MG5 zk$ii-GxTL1O#EiE*i&AxzGd;-`B~C?c)&r}Ti4>pr1-!L+*X;>ndefTFRR*Bg#Nnd zp&;Ggj(S+j(1OL9#j2PkQubZm)t=f(sR^I1lr`b^ce%rta#hF@ftuu5yM%)L?rE+} zmVFYgS<|?u2j|$qW&F(V8#{hqj4{87!VBKWaFYuh>+R+mngs^}D;V0*?GTYvsg(Am z)0*=>KcC)^!tzL~QVxlYa59cR8$Fceu*9$Dz9ASChnY)z?x%ttgLTr+_HAYLWJBi& zzcxeYLU`r=)KeZ9HK*J8c7&wPzB0Z?RTgx(DjqJ1JWCi5_V*cS$3Bp+#8f-?z%uM${+QDTXbe9V zwSo9bd-WCFu<;63hJ8Qil)f?4hr8D>smhfCHe)}sJ`(8>HTW16n(Ho-EveEm8ON%) z5q+EA^i3t?<8AJg!qC>iv0O!Q;peGjBX{#d4mG z0(O^@nztHG!^Lc5?`=L=Lmhc4B1tC@-W74=YwmzQ#nqko`uYN(HU7-d71>xJr7D@R zuzGy_{SYy}(TSsxnoR7^S4OBXWgV_ty{BHxK4Sd_`>@(g@2khSC&}F_zVyCkzF$>@ zK2@ca9QZe6!rs$wvft?kauF+iv$KmTgqwwg4N&Q~N zeKnuobfU1u$Qj9Z#uW;R`~0-@c$=78BrIu1H=FzmV;I=Y{P9~CFiP()$%&~?C3>m# zJEgf^lFtH7o@s=$60bvweJ~~{0Z6(s9FIg0Zu^qPk=&P1{+v{V*DOl13}C}v_;;*x z_|OwtZ%0TV9V3USrP`Y18)SIvSF#SD%l3I|Wxc3D?*~ zqdG|{17|5~Fda^t7m)U!q6igSn>Tdr*e@V7n}qyAO)Rj1(NI zm>SxY@N)`g1!96YHuu1^PcZQXB}|6o_384`V*!DqlMpz#TO7NA?C#qr7G`qc3nTIP zpbx4Y(O$Y_YE-Epx?j0j|Fw_DZJqBfaLw%S@x$`u<#Ahot=jP~2l=ft*{YU*bSkLp zQ&-jMbEhp5`yfAoTn`nV7L{^e+4m(00Y){h!5tQH(vFP~j?=VXepe1p8v7C0ur^?o zL=kb0_BmU=ukTMn=h!UW^pLRILvFRp+`7%EHxL~QS}tAcNwAd1I;d7ebflevKyMY7qrW0X8e$l)DR$ zGm+APT&ONwSe0vr&>Oip&M+~uGw-x{2^5;Me&s4ZAT9)XCnEOne$<~N{*=`xdcB%A z?x2)sO66_)Y^HWO0wI_f`@Jtu?L2(nMpbjnb3ZOc{h+`KBy+5_oYEJ!r4_Gbd3qWu zW!)s-p&;Uk`ie)|01xd>t`cGpLG&sB*I8ztPi1lYb-{ikDL1>r;LGEprUJJ#{n#xo zL7JxLPMU#hOetTeFvt$j4;S6zVbZliME*zF!Fr5GHP33k;p`Ig;w7vi=fp zCcNsL=i%Mq!kjc9;HF2eujlJ?;^6(>T0b!{fA&7ZgC0m$8P4)=K5jRb?a-Ji(QCS+ zXmb$EZvUvca|qST`$>if4niWq=rM5oDg$d(pT-+1fJY!z_thIeoCRP7blIN45!%0f z6V1U7Tu=o{did?37Qa@Z_L}>$NVV?q)D=?gGNGP2dwpuVL`w*2G+kfe=Va zr}DXi$q6O!7sy#PLP*Hm6SGc$tkxCv=j6%&N%rB9Me;^k7i*P?bplNs&SwZpG6Grn zMJHBr~!vG#evNdfk?l%!WP0G==-Lwz!Y8c+oDF}UD+t-XsLYw|) zxoFdVbD-v#9tjZTT&o^`Zl{dg7`dRqM!=bVU!~z*4hydDPfwKIa|`?|aZL_~I7aK- zg4blTIRz|Y@rxR1l!UXU>jAG`&$`c7zvp<@P={lZgAk=$SLkvJ`}hd8aiYGi59o|< zI1hR?!}a!=p`!(lp}gy|Reya;!ms|YInb6UYpmgy`bvn0IkR34OMmW%ZTIi^V6%=YuB8>2c?4jkM;8SnZSf(hIG@K?&(uVMPg&Rl2pho(^b8HVIz7y3_b9sKlLdnswj%`=e%seQ}VO_eN)y?GCLR2clHv-<2&Zk zM1FtpKKeUj-r4gDF8OuuGYZKyx-d{0m-q|{=w4Wf`%_tU%U^jcAiIcnHED)%=%a!l zFi!pxT2_HNw^JRL0`9SY)>3F!T))i|{1K^ddCGXe+HdiMXX+U%<3mT)>|VUu(97c; z)p6HZ!5ImeFc2mzIL@u^E6NY8uI;+mRyUlUErj1Tnz)q`Neo?8(;}srv-2IieL7{* z=}VsBWgYm7`Wz-cM#DKcjeppfIXaMRo;DYls22Qz&3`XQBCNy`8jc(aO?rIf?ctp( z8<(lS<@h7b+GJn64!zwOIvIrm-|p}`z>wR0{@4)TA6fi4+c5|NlIMsD#;K(fA}w(KDWE;yQ+>Fj z3D(wokOq&9njX0N$DRfNr&a3hT&6B>TtHtIxCdJBQGAl!tE8!qtzU?gd9>+1a2HXs zu5EF--XQG{HgD-p?eQp!QN1|dma4tw#P-k6R9a6ea}x_fK>{T|EN?@K5SCAcafn$p ziK^9a$*~n<iP38C5Q{qLZ>Iy-yD`L|c4I zvO>=ZQp(pnIqLwj)?#*J-#HlqEd^jJ!Zm>dS$vEO%-({IZ=AHr!asq|D4e9UT>%$a6@~dc18vln7+=fby z{AY>1TJzV;sUna+I><)B-B+L`bZjL%eXsXOH|AlIEyG~<;H9xUFAm4nRS!)MHY7#B zXt8*km-p#+Ptc_RE%S-zRqmm4=H{GWHh5x2{N;BdZK=c~E%+4s8mm@ryYL-fz4T3KZp3d^`7g!Z5_AyDiPHPvs;tc}9M@)EnNfpvmh>z3{C`cnpGs$h)s}toToK+d{ANoymQC^$calzPEF@Qx-u13zoz8nHgv{( zFR!CuRs(kopRt_{Dab5vGDR5$d>q`mYT|}Yc&8Aov0^QMSdMbwet`6C?RY~d?X(V0 z2&aobxhN=05-gc<4v<5dVw&_oB&@Xot>rcADH3i9Q}-3btcdMAto!fjb9S{!ACA5Q z(9bk+>+|FjrnvB5pK1yx{)F0<<_fRYN+8r9x1#}!=aT?~aB|^q>y%6toyzq&7$>w1 z@X2qHDi+Fcp~0D>E(}~bg<_|9spL#o!V3Nk$JK1yRyvKAAH0kc|58RL--ki!5D5rW z+1`0$dYoE11`u9s`=Tj+e;yS~+e;reV_~jxJsd#fd+qbA%?&+MuRd@Y7ywpe)=Bt2 ziI@CE|JCeY&uX7ZrW_Io?1g)?9;?0>(BH$+1~v!brI`o*ZM$oG4(SQn_q;rImihVI zbAOLfg~_F;L)}Q{NAtc_UYfMOj8YRT4algdzwSHIg7=n0iZEYna{fF*m;vSgSUR&V zMUf~7|0R+AQA9u%5!rcT7etUvgkL{F^_ElzSeVmtBXO=-DA>E;dpXtus$V>D({wVC2`~+gJZh!Wn%dk#}9Q8iJ|AzPf zY$8!RX>n_ zpKY)&5aaoH?-LsNMnA#fY@ET%fGBK2(8#Kc#*4Lfr{gRX3;e0a#Q3USKsOYH)amIgJ zK3AL3qf=SRu9vb|UtKV*zlJBaA*G9UVB+E@qSXWVp4wBzI|*Sc_`Z3;ga>qV1NDs% zAJ>`|`cIg_plie*3@$&*?M8yTIl~m+d%wD7bj{~Z0Ta&EaU^WsW(bn(oiP=5s?hOf zWyg>tCpzcfAiCoKP4L|E9E~6|D=EKEqdZ$w`-xM{e7D0vk{7vg;J5R*^H;VfEfG?) z^$H^`DLnabO_1OLo1Nov;-!Lw^TvbBvr6$-3sS9=q{8y~!Jj!H&K?YwI~{`J`MdR2 zK8HhYhmgL!m-%bTl<-WD;K_Jrl;477&$xFa)AfX7?>yIJXxHDB z!A&SAC?1|(C;o)02`%-g%CPhDAS9!)mLMIOew1&@bZ__CN0ak{9r2NxFmP4eSI0DZ zjmm(f@jAzO%ELP{Oc#fa&iPyc)JAm3<`MD3=Bb*Ptq@dx>9;C&MT(Hs{ca86xdMN) zheHX}?naigwL8Nf5lHEALsU~{H@7G6o%7oeW3{a@R91?<-#v{PgQ)b<@9u5L=<;i1 zYOHmyHAl?v=kn8Sj_z)i^xzN}8qb@OaCt71#Amb(5|;MQ9_J2PsPifI&-HsU`~T>D z^cN3tcfP*N-lLljyjc4{qVx>&xQZ@z^~amoKQB+&`5?C@-(98x(q|@%6r007?+h0o zsn|W$B5Z7nu~#;cgm=EVQu%g=T-(n~kW@#OWF5m~a%XpL4Up$ARc>hHlK@l{?i%iN zJtjyL$VKQu-h}ZTZine2etntgkR8>;6^}VwH0DM#s{qmOr}OACS)85^`>jel;OU%) z?=h~LbP(!e)i-G@CGFn(aYC{)9}&<%Ci<+daXKm5KXS+k37MzOEb?typ8gm-L)YC z<-RC!OGu+t>r7o=Z#a~gQfYQihy*|?>;idOll`2!$wj$SuTi#CLPDa!<-R7ym6Z=(53OtevY1V!ZDRL#r1bFhFqlw<9R&+$zJ#hY=RnNT7 zO5BM}gEv{5P-08G&4CC-oW7ldjHA;^GsgP*}(NHl_~)b*Vg5%*gz&k!Y@2ME`txrFWwNki+`JHirfv}Y3m zU;7pJK8LpP!#~zr`>4)m^Ct)Sv9*Qtdn_^NC5QyN+uVksBXW!-LdOeR00fVir5`h@&4 zUr%kg6reC%tbDxIkHyG16Jp8p^PAd7BDjQV9D4h(-g@%ko{st^I4w_J3Rl0nePoke z`Bhuw+qKL-9pwiEa3EU4B55*~a_-)DhEbnuW7Yi8YkxMxb<)aSlWFU%JR zd!In1>wTi`Lt$I$KL~qazR4xERj(0j^k@Hm$er-TsJK3H21h<`ep|Zc0(bqTZ|M=m zEPE<(FeG+5Xb@dI?rchQj9)C8u3b7b9>)7;>GSfy9r37eYqVci+G|V1WnCt^cH>Gtdm%7P+_nN{kKnnKLAv!&+O_s-~np_ut7o`cy`ZBkr; zh(U&H2i3Oph*#>4!kM%`obZ4*R{X5^IdK~92_J>xcGL_La&`GY`I+w>c^-?<#TLWPg2)exwgn6~ zz!##+CYT0^b1Z-rdV9UT7;KdCduC)`5V^2Wq6JV=Qrx?6-^h;(+qxUgK!=dg$@P^y zt4^ADY~@ppvuNuF@~iJzSsztCu@j4z&D^!B0iIKy1=^tW>tg6#@tR^TTP~^TcDj(WB?(lCds@VHmQ|H!$?anq4Q& z@FaqTyk_42fF0Xb=x z68)Wg`-r@!4d&}TO3(xGP`MlgH+80rx^pG=v(8gk$V7ET5{H?D}wR!iZMyDxY%)HCwV?qkFfQyY-v9e3LgWdg1X zbXak$SpwTJ)`DKieSRIe*UTfPhpRn=eemfBq>R76=*OIk8@C`p8eg2Ry-lB`=kYV( zt9Arvnp`Z(Y-9%0gkR_Apz-QVu3lq;8}1PqtC|HrCTrPFUM zxX7fvKn84WE(WHpgz|dcGR~j?n9<)88ys6!FKZjyD{(0dx6@h8yLZ#=2ctt$&7zGh zai^43ygy$K5`PKyS%sf-fSMF+&1VIb&IJdIi|oR=7~k9H3JPnsMVW>>RKR{Qe>YAR zkL*M}RSwQW?A1GuHByaT3qR9;XWvn8=o>;Xa5(RG4a#a+uiF9{9j84)W^@sq8ywFy z#=b6-HtkTfHeb*$Ic{XCN^h<{WltFE4`m z`fv%YHiIs(FXGv#Wb56VI>6h)J-@~svLG1edTC4zgZup%s!qlxPxaaoMbV{JJmyy| zBJzxTlnLCSJWxIH!P~@rK0dwFvW2D}L|8Uq0yAcU3S^eNb0B;zubWWj<#K5JA2wd* zZ;QmyCn7%7A;h&Ui2Pm_(7g3D`Z%<$uWe}TzA6;yHforsxW@5~g@907BP>$tch=D{ z3Z0f!MQib}-=SFKvEZ|Vr9BPn>&MR@ThPY9hkaemIdhl`4PXwS?kR$By1!sOD|Cxj zd9*M7gpW{rrVuu4Mwr{faS6f~y1KjxLcfhsrHZO8ERq*5^z&PdweI41WUToDpA?~|B%QypkWEv#xkK2$ncZ8-0}HaLa(`9>kkBTq4#e3UzX zt1;5N?{P*vCE&+LeP4;jmz+@fRDF?C%Y;F@&wT!F79FZ8}QJzmDX^Aws8 zHulwDJ%Hqw$AdGS{c>Tc?{SiYZJcJ4v@8K&tp!Ct(iBVQH86Mtw&o9o7@m&b>AjLe zE8iYj!@M7{v>{Wkm<|XSdN*gy|K#GLvtSG>OS?#4!S8wVHyzGFaBitZJ6&L;h3#wp z?SV(qMQmOI@BFfT@)9HR0>==j{hLm7uZgpcI?(5q{X;|+QZp^YxH>D^wW(Gkl6dfP zW)4aU)@7F>cfE)7hrvRm)PDT%hhz)5C0UJ-oUO;#r3{@dvONKKwm&Sne*h=B#!mIf ztUJt?Cn|q6*Be5v&+MffQfV3-W4_)WMjrCndLe6m*F#HZ+PfoO+LJ&Im~aO&_4A5U z-kgX4pE2>OJfQuy2s+!Feq{iXo)M^O1+win`nCr z!C$KEnT>- z{O6MWe35?6vchUXMn~^15!A~`t6bFE19swG@M)Z?r8M14LV^IY%);Ig+#k$|k0xkU z0R1)?pd(*?_G-LI-afjQkJpe*Jt{?^!C@Etan4EfF*4*cilb6Q&UZYFCxUaRGq!^~ zB+rI;8oF=?R_i3a$US_y7kt_x_)A9p0wJ&;^*+)dI)H$quDh1l#yXAfw@L3YQ<91R zioJOI_BZ$}o^V+AVj$b>o6OwSw&A5`XMQ?Q|9i{s9aos!RbzB2iL7_8?+pln(uuXZ?^pOE?00>r6S+QGIAf&rXPk3 z;nK>GWE0eCzaM{tJ;Lyg^XCjD`Q3D=FO5fzc-)FpjsGES2#z1|fq;c(IPKPPsY0vt zbeCS_+7+thH-h*9)A1#i^U#$^P}*9EV&>6FaZ(x|sx$-*<%VGOi?HlsX34XC;kJP$Ek`Yu zs#0sX^`-1d8j75C)xyV_N#1hg8Jv4ECS-|=1@ZZP+CH?dryrm1EFL9N4-s{34H@=d zSer(J?>qSGRGqBEgQL~&^|MYh;&`6p7tK-aha)T9`=MI3;RR$vyZ3&!EBd=)Vkc9G zD}%P!#)FMeUfq{aIYH`~adP7#UE}x57V|!oQ}^kN7^6}RY`(cJ&XCjlEN6>K`mFV) zy4Otsd$ydU(RMd^gBy~uOI~PhmCiEcS5wQrtOX#70nkytuH6F`3#fsG2Xo&lNNPdi z{K6wmZIiJl{YlT0jM5o= zC*o^Z>P_y{q>H$ZTd!PMvlmd2N~!#ji08}ex7sl_nY&1-1b-k8lX@imy@ZA-HdWYp zh20IdqT@AtcONl1K?>^L>3(}&Uk2}3`ym*8?x?Nqb*vf zfN$6kLe+m=yv^GS1AJbge4jGuwr5-lTDcFgMC6lSU%6!IP9>4#*LwK$ZB>K;Fu^~e zB^NJ7o=$T4hEZ2aQJe4mI>8Je=S=4_9ltH1I%k9T_kjikJHpmJ&VVaClk)bse?R?n zW-!Z*LM)gWkXu^N`}+Cq8@4;lEBTA(wn{Id1NB zFa?A3f*s`9sogq9peRB@xq zfxKW)739tFAi;Ooe6d!=N?nLls>|rwOg5g|3xr>yJk%pMnEZaw5ypnbl zqo4~SIlFSNW!MMKR}$*<@eT=dQA-$8L2Y>#4J2&rQFBTC2{E+Rnzhf%=y6HioJGx* z#mM4a$@<4%)#^Ha&wR;l86U4H+;oe0WKy{ z!9XhQGa?TxDl_w*+V0X`>D)_MWamg4hw#QXI$9f}D{(=nX&4pVr(@6)V~8UtG=GtwYi`AG{G*T=2{|MVXF#dr=OPk=jc`e>hb&z5*> zOTvjqPho!ns^^p47wT@QOYt~~Kuw2nhld!TuHb)4$y5GYJC(Qc<>AG&DwJE`>n9dBWR-@1xm>R|KQ>v5!#Lk~C+}zJ+9F)>p4U0`Y-*#Lv#*%ukpocQ|BOlg8?~e!LF9 zA5z^xUR;t=d7nE#^6q?fK`9T}}v8 z{Z7XVxgro^Q`m#fW@80A+Bzzpdq5V+%QAyTn6#ETB{+Whe7lD;cv%P%{DijB4Gx)} zpSD8a9qfDGS0A&w)ZCvuz#C3Kl4An|ZC%;uI8f-eqVXn1P)gxnpf5b0ImuiWPvZQ% z71dI6HWb3=uQG4gF>fgPCimDRlB)Wp6(8N7d@} ztO(+5&6FmJljLC&=V5PUdo;uq!AfZamR>^W9?IA%TDndrbcD;s;S1Zx=8pyE z{G-=GdFYN5w*f9WpVS7l*YC<)hp(~^C|hCkV7X3j@?4X)8u+@~VsoA>k~obMw{T9U zgZ$7tfCU9NUs;DTn<5G}IBsBg*m_uet_Zg&YtU_QBp7nAUX9_!;=&_>7(uLl^et~! zo{qCqPggQPMF!A|+!IWfHXn8=lh}HU@l9#^l%M){kxIU^n97xM`36g$5afaGy*vj~ zuGShP6oBOv3EI-rLXccaza@JwB;GIMUM0?!-e^RE)%^Ooy8h;<;pey4Y^PTgDSBTa z6*$gJ{v6N4_8pqJqWlVh;KeIxXxq3|HrpTuGF2i zIgB;d(w5?=TS#ive(mT_L0xR?W{Q>0MW-7xg^HvW`E(V4I4fT&maV6m{DpOEr1M2w zCV6irmPd^z1R4T>=GomuLwx&DUnr04Oubg&z=Ioz{2%rYut*mB85^uCHg_EWd-iYI-!oo^jeX#q5z(EV<1PUFnAVEvZFIeB8 zo469SMhSyq1lLnIg+DdQZZbcOX(D0Bm5gMsT403@Y~%s@Ok4J@YIrMD8(HB^W&9$9 zJz_!#flAM>Zwik_pS@5oqgLXm+sWC0_Mk|rqBTkj(DLWIeS_o9XulSbgyLCpg3{rR>$f7Q4%xJw}$ zdLr3z(yhK7O-fqF0iYDjdTkp9CG=8d{B@46MZRi~CKP+@C@-!#X&t{K#W*5cTbJJy z-LDxSvn|KR)c2%7#HE4GlFV+q)$^Y=We;u=xOP3L--Us--^C$6>zSrNA8#wM^bJX>kS;wH}zx?VD z+;ZkFD^GIhz|tPtYL(bt?ecsM4LXvC=_&!<@reKL3?@Z+cK$AE_SzuRr7}JslWM1s z$ZzbIPs!Oa7pdN>gUI@f`XTjUoFkJV*-|7CW`!V$!DGY1l z0WbJ#J>{1ZdLHk61Z=2(E0 zLdoJp4MTMAmEgbu>)fv_vAr-7!tvT3p7+F<*A}ff7@nQE{9zSjVS1HX{8IJORx7zr zltzLr?&@n%i|&uesXWQ5gL$y;nhrQ}1$4d)>ubFWXk7yyA4gWgR&TSC1 zWZ$0psL}7;Kl2y{7(AK!ZZOSuTjWn-1ZT`Gd4%1`03YkN&u%8vOLyWr?x!fG`|p>R z7JXQ+0iiiL(?OB6-=Xl)*(tx*Rx1A6Yjow9S$o}q?!(BYCHY=7;F3g%hiDPJU-8Ex z2l#Ye4aomWCSAgw_;IJl8?OKGf&9V17`x>nmyrjkmv_8>K5Mo$22k>>!L^vHC73qW z;kh3&{f~u-I`zB!F(TOm+MimvY9cE4RTwXq;kaLCk5}@&v}cY+MsAo`gwb$6tX_?+ z{o?8~gBw!n38fD4lB>CB3Ug2It&#Z{4DN}{8GcagYs7^z{IASBzQBU}SB0f~y!Lt+ z4Ft|x#8Oqq_oN-Zppg0!{SBs=zOx_Lp6<>}uvKJ5mO?;@az^l&IlM7hj23=x&({;uD$wvl;N}y^TTHc6H>25kb zmG9)G>?44oRFRG!OrYpnzGGy<_Z-H!Yc54LT#|ylPZoWcuBX1=hv8!wROLNOA_SG| zP`^1Tr<36>NfX|$`Id!`{jvs>oc}1)C;asJn)FzPNhph@N<$ znHX=dIPUwvvyWl;6HlH97*KP;PUO##8of+u)HBj0Xb zeOpgur9}E@rk|=yZu{uWa4Id@M;;pC>M$rIe+M2O-!GQK{ANg~9^Uxg4H88Y_nHu- z%KQ191b)8U6sp)bXH~b&a5ivmZYPAh*DBUt((-&lOG=@45%-`9@yCGaf>4F^Y1Ya5 z`IZ{eYKC~fbALnm6RvNz#lPXWEmQ4WAWIhugoDsYCX8PA0eoH+`wl#7t@tytWt{!N zJTIX_ub&Ec$pY;p_43G7?{4A3L&M;!#Wz#!nIge$l`=;x%pbJ=G<8i&rrAI(d)I)v zuyj9TW*8*%UO!{m{LaHzTqvP{$6@8Lo5}}6f){S$lzHqE)TS}2*!9pw|D7Mle`Hy9 zg+7@qUKIctihFW>sgGa1n5q2Xcrv#|+}FD&vOjt7wno?Pa6!b@D|#fM>%1$ww)@Y+ zI-UlueI{aQ@hs*L!66vM-%VJ^J~d68RplJFEVnYOM*|?$Z0$*SZ`b4?N#BNOaD53p z3@7a3vS@bKc6TVP;~d%F7G4yCqFe<6sWgP;QNImEw>_KO^rIff3T>(muF#L zLJFLwDT_fHQ~S<6B*>z**~e%Ewe?JGAKW65RGapd<(UNz>06VT=wbf z7VW>XLT#nFS33y=j0DnUD&(oYz%n>|1s0fu7vm8I4T#ixxc1Vl@<^S13zi1uG0HCq zlmU*`$>r8}+c^`TwWNfG0YV)$t%``C_U7SLr_)CY|ScqVxYcP~5WXub3 zCbg>#dAvAPHTA=&BY@MO#t#~t`|8x`joiRZzxYqla=RgY=*D^Pj|Dz9WFqfw^|-@= z(V(f?!A*|0ZhGMIRA#Pgt_xBk4Q|Gu_~je;~K zWzzQ0cFBQJ<#cL}$(^vT7msIPD1^rL2bBx}srz6|d?hKoeR0Q1=T|a({x~#8{;CMC za+t-d+FOF5*{G?6K}w%MrJ4t)W-M%}HL`RFaPmR48Vu>oJlBO)9}I;ITPr?Z9&}L? zu)sF|SoR;yl|gC^eC4_Hp${%z z(7EO!X)!c{ATL(>a)#Shff^D5Swki;5tsvizW`yT-+%Ur&P2gvtyz6U;nV(6``iu1 z+88d?DkJC!fKFCUpdA@=f>pG>GIUn|xw>`92D(_t{f!GQ#f730N=f;B-{rW-f)kZ<{Y=3z=&w#yP0aAG>RS1C; zy@9`d9-HDOEm;ft;5GCfi$Y?4xK@G3m~pz1^O4A+Z$};=ciKyaBI;z#eewGZUmF+L zjEx6z9OW~1)e5EpPvC1Tu(TehyX#ixuf9(yV1c4GmvYST`tjW((;7If?KHoeQ*jMr zhIbEM{%tPfFNTn zOhn1Y=QFRrhNN>9;4)Xa+gsMZO%s%Auj$jl^p%LXXhCrx_9={#aTJ zKTihc5ZSA&0cs*w!MM}& z-(knGy3$pd8!bk2z*NwOyHm_NT`0djVRzzpjoOd-YJDuFnq%;K*VpTQjrr$hrOrp# z3(nxoKhQ#AQ+awrM1vH2BS=ZO9534=Jstug>rA4vIw_A*keuU}iXKSM4%;a2QaCg! zPPkTt3w&eZIJNe-wdH>#{su)-3 zfWwM4`C02OdV2qMC;H_k6YnLBt=PZ9MJ$MqUT=T$J7GLZ$M39zGNB5mom zq)FO%bq)E;YAD&XkG28w>AdP3XU<@Dc{f=n6J*bRv6oAv8;}Z ztf!(|mUGIul(r7VU0J@UTXFw21X>JLNG;Zjk@8`4nj=Z?MbGgOH2bLnBTYNRf{7ma z zg~VdpwVv0gk#BQgEM3|^7tVM6hw4CM3`tm&HSajYZ)qjCL5h(HgY)+n?Q6wU-l+zDd91k$Ybk|1$-!XbK1y`Mkr{{voLDJc&X6ds#pIJe?j}ft}t`nzD=R zyHwiK>*{3(2Y$HQC3^aj_xNGCK#NFX*&$bEcp%Q+EA|--6%AL@pPc#175{L*4A$?G z#>9cx!`c>!>9=r(XQ$ak*xiC4p6lEDXz@yNFEmv@a-gsgt*RQEHnA(2cBk?0%;{_X6N?LGVZ>{cdj3oCX&z}Vg`hp`YhC=H!eNY zRz*E~eSP;c6|nC!qNXotjC{pn>*3%wT>Dd#689WZFM5%NTLS+=&q#g9$e4NxWpS{4 z48q4wduI7HRKWY~vKxTD4>R~BhkAB}#rA~((HdFey}_5TFsb_}s)X1PX1koYMj0np zJN(|s5qKYvWbiZTSqa9&l~U}GP6r|z!I-AU&+TMB5M_YHJwn!q5`{3GI#`fwQHuAz3r1llMLHKU+b$?j? z1LXCGAVH>ZOt6s;W^(rm)b7O3IRa~p8%HrK#iit0&x5#|GMz}c=N0im(kik$k*#f9 zlmw;()ST`K7bD&h;R&BX*bB3c*pKdGpJ;Ec7PHIpDZG9DP@oS;ERwzF4?htSA>haN zNBgGy7$Q~x8zt$$O_RcR>2<$X#^~62*0_IgrP0oSk3uY+RU_8+&iUhPkas!aGsN-- z#BeRg4Qy@|DJAn&lpmgD7T^oon2(n4-dK??_1-g?fgHb+vQ$6Rh(CS*^cefc4N6k2 zgIPHtVphC^vT zW&L%}IjmoyHnD&Ec+pqx_!Q!2w2I?BNMxIb`HQ4!1c(fh*Uq1ts*#5;k7(8N z6BV`(aNwMfeYzo4{);w@!NfPJNc`@XR=~7Dcz1Bz<&gxUO#8I?n+sOn`)52o9b1Yy z2aj@-mREfVqw6`|UKnIYD0|~Ap+RqsLZQ}HhAXTSB~dEt`97j2)#QG7FsZ9x6MlVK z7gcm;m3U)cAXTnjClTK&1^jtqqgiNgQzE;MUV^tl`*^N~7-;m%0g;+)+I7@Knc?{g zE(2BDf85J;m@PLQ2fByhHSPIya5sTJ6UtJu9!RV6tazJ%XcWE*kLKCX?PR+A-Rco9 zx!_)3O04ft1dG(ucU8UcBG8mc>2*v=*Bv74hwMEIg~eZC$)O>g3m|l|(HJ0yF44lc znk8%_Y=!wmv<;TL=0S`vD!}=2T8qZ>4Y|5~awR-*SWg{dh)>6+GR})|$EJ?;9&Z;}RpQIRl7||CMhE69{E)oM zM16Ncq~Y4?ioH>!U~bpTphE#@yY-c3*yemNUnk}C2J~5-wy(kI_qZ`Gh!pbi3iPY{ zowx0|Qo^J@-^MNil7e;AnWj^r1_=EK8;R#*;&ZrMmv>BCwl;+Cta{ABw-=<}L)>Tg z^l=HEhUyiqYQjpFDF6o4)OmCJamy<6DTek<^5)kEDt{~2xMp+B=XV?56L7W$dYacL zbA|aOj12j@ix2PZ{O$o4mvK>~8M$s$}b#sSmG#2y-@8ESI`}Oq|-glgveREgxFz zoP)Z-?{0ds|Uw43>-Zvcql~M&;3NNtw6d#M?tA0X=XS>lqLF0h227nIei}n@ph2QJ1^DHDj z-#_=N%r50<(#BJ?$%DSv0J z;A8W`NLn)GUqOGRWvUF->>|A^`J>VmJ`?1p%o5@!H$QdPt}D^;^CD zSXX&(6T^aY!9f{u{ zBvaiyShh6LqmQu`e9 z`5g9@;y%o7$36*)F#!1KEe|O(!hV~Tu!1HtK{L|wY&SVVG|mveDBoYI&g zODx=yh;+!qi|jA#XELF8*%#bH;}QVGW%*B-E;e<#L}SATCboMWL}EUa2;%eI-@QLp zYi|}A)853#0lR_~g-xFN6UVX)1z7cdzHae8_J7LNKaPLVg%G@z1dK4R$}Ogkq3b&0 zre2}eMy!;(62Td-Uv!_Y@M9&`^IhI$03hNYJJE^jvU{+CG$z=^q!_`Z5HA4P?;dCP zrIHPr>;CKBU~32S90+J8jBXRL_YR8rJm~z>)zp09DITGk--Crf$0skb20?J@gSg;f zr-$;J2Ix`YV?Qb5eLBeROtkP5nS8LFv?`M6Gw-<-h5e@M#C*b}bMlo0UmXwjYcJH_ zj6Z5u_5I)moHarDeH6j&CeBmZqEzH!o2vLkrMo+0eRzP zRyibU!+yuIj(zA!>p2r(K4#$H#)I!t@u0ri`T1}tXX{SydxRUf{0h?H85pguZJIy8 zP)L7w1?%0TieDNqknD9UMb`5Dkr!^Tgowp#2)<#?aB!Y{o3K56w&Ts^Pf!0gf9}P~ z9rAqRMPQBC;};SX!A?~PFp6`3 zqucV#ddW~Z2bB;k6l|THLk! zyc~NUCsw84$5LhX3c^y5Zr=T_j}*C3d!5l%uYF~kt^i$JpNk{gXBAHpJnc2yA89he z*iU}wk#ddsyWh^I!*NZZ=}RY>;98}mxP3~!El{^Q@^9~Vl9(xl$eVw(9b8mwmd-!( zV?JKCy2P|hv?2W80)zNvao;so-FNh|{Sy5x)0jBvKAu(XtysxA9`ex6u==kfq8Lae4y+&W6x;TAQdCMi{u1pnO$qFjz@Z#K-7+aU1V0fefSx}#^e5bt zNf40h+mdBq)ZY&(!n&*OVEo|7jI~G|r<1$Ch_B#@WO z%04~psgH{&k_r?f+JM9PxZUPW4j~D9!>sE_CYcnPga_f zds)!wi(Zb@XSH7CltEd$a^fv9(E!zTLWTDjkJ0x#mtAm*rKG;DP7l;Sn{4TF3Epr1 zMOhd3FzgC6_>egKUArKj+|J{z{z7~muuI{cAMqZfEr0WsW>JEF11t4nJAHiS^S(MlID?T}I|bx+#5&WKa#GrT{Sff|D`hfXiO0jif_h}nGnBz z-`2jab~G#oHT4IO4I)F9#%h&u1F zUjoK<`4_JhbTAx+z3sDR1Qd6N>I?Ef_-GeBdRQBHar9e;?Jxim^7ytM8{kw@A6}gn) zpI4Q#&Ew@oT;OMz!+7Lrtc^+b;TeRC5c67fC|n95bE-qDBag2wEB{L&Y7e~V%zDC> z?)m(foKbMic~_hh@0W88H0CqGSoUqQd3X(W9aX-cFwd-2-z0Kh>8Nqw)8Z)9E3I-U ze;(TjBwwd&xD#X>#f}Jc$P&4D<&v54H*{6zmkV}d$a~sHc$Nc%Qo#inbt=_-jJdh9 zH;ts>{eG)2urHQN z_-(Es_RJXL|t66^u!$-Y&WOq#i zU}W%R%YPh*?7AKAR#u&jbt{lJ?(==B&f@9@+Fjg&+DhN<=tH4-NS_CF<<eKg1;{Gb40s|T*T(2(QhgmP2w$M$wNxT+4K|$0)Bk^#=2g$zQh{ce< zl1n$;e*qFI@hFo^sVRxnu!KKiHB-sfk+%Jv$}hApH-~E0{Ik;Cx0%W`Ks5_aL@=Yr z0lIotV66FOl=>>1s`Djhj+4vW{A=}a$M4V70@kYQ+$C`EAy6iq8?d9NKF-~KVaAxJ z9V>oF&9y&O$#Zg&BC}viJ;wEGI)Vr&x`oDa+n%Hv_308Xo(`K5h<_zIfS|gsy6 z8WaX2ruk6S75!e@8zWr>UECvZIF`ONsog>unF3G;W_D*_Q!_*E0rqB&J*~f~y zk2gHG7c)pDxEsUiygWHzGYILM%)$Jc=DzjTCzd(*!$V|!r~x#tg|+6u(L#RQI%?rG zAcN4gcP(}DV&}oO^1bbAo)tY0?2Y^7=`?Pt>Ln{0mCaa2*N5{IzOD^scRuPziR0j9 zSC#Kng{7piUTJh?dwyN{U{Z#cJ|!|?Mwp_8*`!-*qad{x2DO%Z?q^?j z^>b$(MP^(%w?rTH+PbB28b!SaKx1~;{4Aa+{e3zQ(9-gVIn&kDf~8|{K}IjaEdow+ zpOez6AuZ`ZIIn6XD{?viGg>MrVG- zK>=L4>ohJoUze;np z`Ch6R{e_anb}+fYs=Y;pj6F>TH_`uigyjp{6OlH&RFL38sS%gbN~bReo{M#dgN3CJ z>1>Lf!J@MGUywBh1rk{4{bSySBN0Vp`_`ITgl zCSbjSv?nS_#(1`jf`Y0Z>JoOucx36bu4}yw^sz}6Qk#EK3{q>t`*2IcW~6K z0``-(TKR=CkM_N2sU7$?1=Ks^x1S{^}=@sm__P0$^>3%?wr->ts2R8@@r z5ex^m_E1NFmMozlxmBxWKGL`RN?QCHJ}_Zm(m3mn=%Kyo`e+y0erv>i;kk90n=lBO z^3M;uSafJu8M;?IOwSXWe67nFZUvQbh4=uam&h<{QAwIMly%)NtB<*dr>Ux-$9!_$ zDrf`ToplJ;tEBZf=WF!4zkCH8(Kigy3r}{DTZ$*?AvWPauni2sKht`nAmbhD{k&%w zDD7>L4<=?t-)@&UJR@xM;L+P`Tq2!Y|5+c5>zMq8K@PoPD&X|Xp`}3Gz00}=jh`++ z4<^79>}PT`gFY($B8op%Eo~bZ75Pl{;P&H8Pe70LekeUwBdUvdh`tx<_8AQMZQs6t zMtminP3Mqa(jwX{*xR44!-*LTI)7JB5dM}W*2wcIZ4m8ZYf>*|N|45?!ZK2isgivV zp7~Do?3PJ(F@YTqi^vdubblhXckz1rI(dj#?D4v7UV=C19}T-WP;6+_^5;h;V3`Ld zRxF~GBpZ?6-JI!{EI?|&WND&@U=d_8++sfIMXi2jE2-u$caRME@)=LgD)#`BQnuZ8 zky@|M04lw(>2tn4U*$1$r6KL3o=cf)h%We+A6lQnYW7kuheQ^Sk^#v?HRFH{b~4%e z08D%6wMw#`Og0iRXgkIjISfFQl#72lrFzAN6o!VEHdkI@=ZV#B9^U^A=>~a&>XMKc5(^E?TWp*y7MZ1mTH7O8iTzRG z7{oB(DB^8Q=IJHjn+m=TtL-@=o>*c*fF)0Gi!PZkUwC**!;rFodSS23AKsDw4pYHA z-_^vRX>NW;)ydw${m>1H&F*XY@}9UO{UORXx)!ziU0tzJ*&lz}&+I|wGS5S)|5N14 zd37}4BYI%cxzvlySG#jCZ%;m&d7>uGe95klq7ctX$1|f+0#hm~FyA|3?w#&touv9( zW`D8l9+BvXiz)i;dhO)CIK|HC5bc8k#-yi*v0w1LDW^Zjq;bcSNbJukw6Ri+=LDWCi0 z3n%EJqOQf@>ZnbaXWg-Rpw4b7>7k5&2k5_e(mO*P+Rx*VvFiPPj!});^1Um;X}30h zn)3N*(;P!jP(2`;S2x&adG?6!Hk>UuzTBJV*SdCBAL_LUz7&LJCOVPGn=AYz#fF-_ zk-8t&s(|<7$l~kBuOP7A1Uk)oX@WP)bIr9S0LIx75coYJ6Ad!*=6S&V6;mBtXJHxk zL@C$NqnABs_*%9UGY$RxJeqU-h3!p_@SmjPIit$-q#YJMgoMWVOqwfk4vc5(7uLQb z(PQg@l+k~<@Ch1xf9{6LT@e};n@gO4o6=uDXa@PgunMPR3sk;%yC~tMK~5>=@*xgi zkMG#E(4xq=f&Vn0P0fBr0HdDOh6u9P(P(mFqr>o3Nzez+LdZ;y(}vyzH1GFKi$ByJ?V&1;zj*ipvdt>4n$g@O z-6uZWx7_EC@N2Jh#5={2UHCLxuM8lRh6ztFZst*sf;;p)7ikzM8EGW2tH`pNfW z&YQ1G!BfYuEeR=F9sw86gSZ!nqf7;T!DqjB?JQK#OC0v7@qeH$XUs!RtDK=2NoHTb%XlV5GcB`S#N6e1BfN^8r2?SI{zYCU8*|3tKS?PqThQX zqUSol-pETIflB)O8qpJwm^$tv!Bs?D;pXKw6aSmjrrD!<)t=b>ezDu|k}tQtUvW?2 z(u_27e*IKM(HHG=o3M=JZ_|5j=^l03+fHH?+5Nw;f>(N=hy7kI;|>~Mey2id1?vifp9-FWm<9VN~+%@6?*` z)(nKH`;%7zH^#u%QO$V3|BGtNy`R9tcM*RX09Zp_zMjfqrbyrnxD3q9_E$o^!%+5N zlrQ^KF`ljxyA06Ix)Vjls4{i@jQO^OFwKa8F7eP66p)$W*$uX zNAG8R}#UBhyIPz4= z+x|W(<`kXB=P~Yjyx5fF)17`z&2>-<73xjLeL2a?d)FkNKW-C8@x?xuA63 z&r`n%b27T-kzzr-3eMbMQYL@O@&r&!1}9rD#-F?69*I<>jE|{aHxJk*{IX@*Q#)ms zZ5X)a*6^@Y3R^;`qYhGj4^&V!sATu+Y>Sk0_%k&x3BmI#XimBS8lQjYO}vEz-l>`L ztg;+gyq#1yc@OX?iy8Nhj%Db6-R0&&%iv3)-rSCFmu8JQd-sQy{T&H3>C;ahi@LyK(OZ(BV5sX z*V==-KSJseN;O$m%S_L~b;k7K8-b_DXb4x(fqa2MMP9b9MAq#^p7rYiYLL_wP6YW? z$8doLt_BmCJ@Bu`YYNO*N?C4yAsw0d@dqWcjhEh(vuxS5t`KH>G&3^Cf&-#8{wE=9 z-j3emYXv!Gj`%%otbFhs@?pMvA02^vl5io+(jAk~bvAnD&Lp|f14G>gf?#!tbXLSK zE4(9mn3Fi(qanz;jAxfGP!$ji6gzF@N-tn0<;9IibFK`=ua)F?;|(#QrGHk_o}J)(|>~}G3;6JNK*pTr~3!o;lZ36Zu|V>UX1jk z4=+Fr6eFYV;pqY^T0U)vUKMZ<&+ifpJ4rXD#Xwf9`AKH*x5HaPcF&{rIOl+v zZZuz-7@?wbf4?XW-d&{I;nk_7^ZIR(K^;1%Ccl1g5}D^%?>?;t4;bA}ZIyz^H4cBS z4LzL>x!|v2@}0E`2w!yBs*a%_IZz4q$_W;;vv*Z~Si^=-``4Laq)RH_{d|syB+pV} zSm@WMkco=hSHr=$tH+52?lB;5F;W|K%uxKkbsT*$D!}cAmi{5@nwg&x_O3y9tMYqA z46C_U*u&&3*H$te*sua}iu?T>{K_YTtVN#3`}eLxTRuiaoqOYTQJ?)MA)*>h;wUtR zJIZ$A)5|`e!wp)8sCw347w@ zDh-;4KyOf*<&F`V*+1{YpN);%@AS6~U*3e1K$K~GE%i@_b@c#)NA|dX^VicmG?0Q? zz0X&d;AgJvlleGbG=_S|rc(XLeav9zFiMwc%GJ2~*F;t0flJQsxw}s+cG)~y z|Fop6E8QLHPhnfF`p%@I^*u?>{rvpS3*J+&y1AHuQ9@-kDVxxI=hMC_^mBY}=yG37Z&&W>#~hs5zS(+taf?gP0P}pk&o7HXUcW;c7%%jc`P|B! za?*vK%;7`N*O<`!caNoR?ILuohBpgZ{B+Rv#)RWWmVMp`M~2h zv2p?3$cIyrKLJ&{zbQj&SaSHP#fc)jFx!KS3tx6Q$?Q?Ua2%flqDbr|Q^#v?bGsdG zGwdTYvvJwCx)9UBCF8ilU=nG4K;?6+pQtrW*8_jhBKhY%&S`p|k0>)8_XZgslet}O zpXZGxlUkc46(PQju=Gzc=VX+hd_S@A^R*me7+rezHa7rq_GZ8il@$Jn$=CD|^sRp36N9=3gXua1xBIQWwmE6t@8lNywS969w z8Ub@Aq|QW0|Ke~6ejf5`pP26=+4iva<`;uEF+tmnLn(IYmuxg64?V8}@%S=Q;s9zg*aoz2WKSeaVl^Anqge5QAE#g9$`6 zpmbhJ-s&nynp{vEqNb@3$u{A0GTS!+vt(B|T$c=t)P|XTOc4Kkc8;Y*E_2vEWVP|f zo4Ak2LgTp`415?TKPu8`K4mk(t;f+%A}1c%UWOP^5f0LtfY7ej+D4r>amsw!FKjw)2{9UKgvfW7_42T zf}|CNY-{`WANY6~{vEP|8Xzg4TCivwRfWJ5*%CFn)WV=p%i=iH7L(wf5ZlUtNz(TbKrCSgPS?j2Ketn+u z8-HVQeb2Ri;2#V+#IMVji?PZK#bds&9s?Z!bkdW=iXmY%a2FH}Q!`XQ^_%n~U;qHN zC|6ymNC2vF_Qb6BkO2Vcc$j72=5G5k`<`5s6`$cgh}GkD>Ewtu&gukfgddbQ`?u5P z(*3)AY-c&_J8r4)B^Hx?)Zr(2eUdJKt<0M^xfxpyaCxYWgIRmyIR#TtR?pL0wRy!g zk`u?(>8nopeXt{BVN3`9)Q5X>cIUtGwxG+Kw&B+&E@bPXciO67iQZ!-{RU^q5GNGz z)S7ah^2)4lQyL`skabHd?_jRJjG+-BeHlVFbGJTeNBZiGd?mBY&O}#xZ1)&nb12f# zi*u_R$p3deIw0g01JdthPSTA%1TnMoj~syX%Uz(Q&f1-RlbZWFC<81`E?Kge@#KF& zVIzDIYHkBtWaz8jPsa&2FL&J>GA)(`wA#;#@4=(kw7%D^EIwUcnJvcIYny)rsPJKp zND4?<;SQIMGsF{33b+C>`;_<)nG&f_<>9Z5!kC?Lnx10~g(v<6;|9A)3!PTFbG{i* zF@t>22X6K+Uat79ew3#${)y!68n9xH0@X~&;AnVW&{nhxHRWOfj9Kx#ufmik=Nl{| z@C$JIwZn<_Irr<`Q$x_2k~mU}b}B~*`aKzOfC>GK>h!|jj&86*KI;q-yHjE9+te!S z7xf68G&ze@`vjd(=rKY7tZ!>=v7q{nC0Wg>=as7x$Z63PB{y})`vud~>!GC%PLJ(b zJiVlSJx?9{4}Z4jekwYND1&rgiHUc1K3?-i#+I)>$)W=q-+%uVLhZN#tHHJ-LJA5n z^|9`#`cWf-2e1%KSLzncuF%G+$rvouaF_%bN?9_TF72&BON%)THn zSIpiU1`4izF!D}y?k28W&QL$R`P>+=WE>U0@KVWFI+ekB%T}+}#q+s7W{%Yza?*xa}QCmaV z>puI31bgl%#zJhl?za)mZ?AlKQfTH$6j|nNGMC|p?n@mj9!qwD^JyEjp#-VDM%|1S z>%(LoD|B}0{P5|(e zi6xe#3oAs$0ANW)S}jWAQtX4F(~747uQN?+Zc<;-kz7mnOTz%ce>=$Em<5O^CO=M~e)5=HgaS zgh?M^hz5`4;sp~8Xud1w4$a6V3rT%L66&tO+E2hS0b?^oqZkQIT2Ya#zEBiZjTIkb zgZAMBO#F|x`TIfNG7F}RYsekXll2>}zT!ixvYuD1Fihq|ykN@W`0)|@wpyI6FaBBA zI>qL6`U&~^z9PmAGEkJ$0IZX@g(5C1YS=^wvq#H#5$uBuP0|V7wV+m8U zr074lx_Kd)B4ixv2UWdEe&rR$^D}Quyz^ASbhplfZ_PdiEf|nEuxKiqK&! z0G!l;zQYvca6bLM({%+2hb{U7jzln?_WSCr_8&*5?)KBxD5R{a7$*e&u?qEfg>NQ4 zw|pI%zb@EQ2EirV2U+y^QvSyA-NDeJJ+%gx3Q@zA@Gj zPTHKMDl`d96Z9|rxdRFs@8JM^HLISb{^z~J%=MLRr)Kp4!PRj z0omW~?X6hfh*Hq<>bwd3w$BLDNRj2zynOpd=k+*nPl;5{K%nJ4FhcN$?OxEs!8zWv z{;hSrGO|WdFxACFw$gFzs}r0C?b0H3x~`}F0?e3XD%%VGPdQ06ey>7EFT#BCM@I+z znZ{rCKtuAAN7ApNI2MMp|Ko)VY=&+?KRH+P^AqQ=Lht-A6)>?8D`CcBs5S-MNQhia zLh#Lo^%Q~J2_0!q{>X0H!?1kwcGeY`I_z~O56mtFhwVMTVobUpu*^jWM=mf*Y%Z(e zYUyL;wm1mx_2WwYnv>ELXEXT~=mtJ|M}-*&2%(yFijEpV^0(8k-=~ttUA`+l({>iJgpB-Z zm4ic0BkDj1L!0Tfdze>ZJ}zHT`6ITP&{)Py0bl1#vIwEpZH#)@!lc zEblyBAW4QZaP>FQAhyfUd?5v_RD|?QLigd+g;;FWClpihL5sMiXp$hafRfn*1U>N- ztP#m4`liiKMD`@Mh^~A}RF50Ce{%GW5@6ky9iJp>mtO|`k&K|Qecn?YB*~2X?3euU zc+f60Ac5O%!@h1J0}wl2Ck@)&W0f2Qe0MYX8^C({51x``=!05vyVfH`Ou~a%-jMUJ z3y>REBP`r8hZ&N(zU0ZW2WiPKyplOmj$*NX_N&uskORWSTb>-{@OFcGpL=-8N~33c zEJOgCCDeG=J5>6Q6=)avF%Ch*i&&VmXAMs@F`(68W3!=%g=;+fg07yHQIoe9T zC$&b^0xm@+7l=oE7D9>-6!SV{Qmv$)EA$9;co>Otvw~b1=$OaSr3+t}UZ8~F)SjO6m8K@8!# zdk3IQ+vm(T?kH?PX$r>mjgjUm_3vMk_U8KWJ6(8`LkNa7q^gHa9i82-{=VYCDPE29 zehc4St_+8T{An+X-EYs$froq~vJXr`l@DDXo!*ii$}9$pnPkTk+HerK$A}gC1dGEL z%y?#Qn5K!-(c86OBwSljANMxvbTTd!)eOsIw$od8)N0S|Mj&w2{977n6=fkET_vZ1 zDPpz>tcs~-8Q~6*7R#F|-XILp9AA%Tscyy59rZuIH`on}A4C1_p$2{LiI#^iK;#m9 zOdOcJxuxq5m_58jCI&)Ykh*gDWFQBkiFklVU7PXXq7l~~0xW6R&u*Cl>@H{Xh@cvM4!AA9yt1X00AngDY

    v$N=pCa=dvkBF_0HaHgVKN9U2`&ip=Ph6w{$%(hn3UqG~s?) z;^48L=db54`4$%-po)So4t?CJ)+}z;zVH3SvZ>k<@ z-rSGqr8aep>YJ!3TX0-%;}#XjjZb!?-hWb#=I-0n=;vVehUzzSN9{So${NjOZ-4Z} zU|W&({{0KR^^$+*D8ia_<-79qQIx4o`|sKHvulzKm)DWbJ$uHge{zwq!|?VIzrb^D zj2b2oD-v{kFOOi^Hp6MvgqK;`Mj!I0({EH+>&wAwyYFZ z-eYjCS^FJPZ0R}sgK>WMq3iP+p1*ze^x!+j@>i$P!DsB~ryq-U_nON$4i3-o6&Q|t zqTegmH6B&K&J(sjosr*ZMWaJg|Jj^A)Zf20eu*xtP5)`z?`%`-V20Rmu%p5+7@?*-Et^hn{YJa#)XA@X}_~rn@g1i z_Ubk-?yZ^Kkrbg{ST@ud{0TSl6`Aeo+-`J^_1@OWKj!YsW-M=;yg2F3-p*3*_EEdm za?nL{3T)TAEkZjp&n-KwDUMVvy*@YD*<e$eo8A+M&zL$2%^~ zMApa-+@_1>i_3EZFRny+us}Kw9pCTWqvESi8uwzwP460heOtbcB&eQ>-mvJ2%sx<5 z?`8jt^+nOIl<}+;^yNeLZ_s7dcdX*z92fnvRPKzA*)n4aF8<)1AP5Zdc1%X{Zs^1)u^q^zg?Y68L z@%`uSt;PWZq4ZoJYqAoC8tu>nDAG7b?WJzCp!`_ND6J^%x>cpe3 zIlsI0O&OeL9XIgoiJ>m`3U%L)184<=l%+{emh8?c3id61gh^+8$+%xxy?HIS>-oR3 z;tsVUjtv2T;1j_Y|Zx z=rmyWuTHwV1xDwsBX1`C8e4j4R6*qQtBb0X(chNzQx9MkeeH2*ebSnxq_Gs+_2k5! zS>@SJ&bHk+f5_O+v=%3Y-P7+Le%-U=#*N<}U+7!wSp&wOrXLL4-QVEHw_2#8(9fBT zI}-&*@-RwHJK~tFKi+e-KlkNF%kucs<(c8vgSPd4(5t`ZMqXySU1!#Dk8roDylbi7 zM|}(G{RLAS;aMLosI~sGr@qQ-s7}--KU$1DkTob05%%E4_jpOzIzJ<>Tje;M9q&`4 zwvXDj{>OOlz7yj|jsN!jwjB1;?i~*^*xCTj8G39R@`_+0UBZ=~FW9+eh!s zNbSv*vh5@1CNi7yZ~dM-l(lJEeEOHS$9A;y^c}u;t0Qal&21;+B?Hq9>9-Ep@>dY^ zte36`GoN)S+}`_qub-9j`LZFml0wH%PWt#Vzr*L3Wlc`wy5F8q3)T77-c{!Y`{+lo z+uS`HwC=O}+8Y$>cM~#w{?|)4J{4%Ic3)iYxVwIGL3)KPnpVAccjqDMBlmZYX|t(( z)0`h8_D`AV+@d2HzJ8sK)(=zW`qqwJGh#qgHbCC1JOA74`Az&A&Q9q+{YT{+$qVId z-sk~Q+UiqTeLo#cue><@$gjCGH&v8w#1%e1S>|cg zOum^BzhtI&%%>GZuc{as%sTpf@qY4}Gm?$NP@6^^*gI-(;MSmWRpXzNDSL?p5Z_Kx@RiB!(LNuxz#T!{LTF%%0(x-4FA>n(w_2zLH|J1 zy~AVowd$u59iP(R13i6a>%KkqxyrAYn^77s@2}Z?DR`>)w5|TWsO6-UOGXR`$_8Y8 z%3b)b<(Zv%!S3Rj^T+E3jjL`qBe!eLh2Zs%4b}-3jBoL-uoP|g2>Fv4sBYV&;pKCQ zGva?sPIf5*P{4}Ar%Mj=bgJAEM3;~T+Xj1eNG>rx9{;w(W)OM zm(8CWj@*@2@k9M$kazoy*FA5y?R=*4MMdwDs`u&k&-4B^=v`F}_V0=BGH5?@F@8rv z5hia_Ou}Q_U%$H^M z~StPvt3%C<#u~n^2_bz&fB=`E|RtL8BK=2{A*P7 z!@7CJjR>bto<5N@{t)fTI{(meL*r`Yj(fw}6Kp4Bwt?g4AHwCvZWS1>?9@`DU*E6e zcxSiA1(taqot%-ox^Nq+>i)_C#)J-^I?tXK4^S%uhX}n!?DMDwf*V5{tINARaYy&%?4J@xQa!X zo~55UD2)#$pl&yn>{x=`lAzq4#;HBMbWWFnT?7>mUlaawI*So!cjOsIRI=Nzdx4>{aK7zTV!6 zq-lJ5>5iT2an*|sON_W^<;OnfR4ayWqBDD!ZQQf{{<53f_DuQNanByvv ze|8^!O!uqXp_`?R;vS48Y`1lK9-i}p+gj`|Kmn@320XR9WhYT@aP+PeT9nlk>|#~Ix@3u(uvHQI1} zSY{&qn;>!BmmxR$ENQc~c=nHxtr~P0GAS+cd(^%3$d0mlvRa$(FE9G_{SC9cdE?&O z^Yy2$?m2z4Ya`tu_r*8wpPuiVd&~2%=$-Os#i?evKABBU@h&n;%Bt=aCN^l<{f0Nb zZjR~hc%Zw*T<<{jHW?-&QTdmd;bu zt$zJd+2_3W$k&e_>g7y1spG#}Q@AfFH0k8~>%Y64H>D`=P7jS96z%t}MbCMuzkf%K z&T%($+xNaF*Mx4wbS2;K7yY%db|HUg)FXVhj@K666=&9N z-!in3(dX0ZtKpCR#$459yvvZUDBzA*6|WnyMekNV&${{z(jDz%c;3J7sm|P^`r^p% zU&~tH9mIF=gJ zfPbZFsOyIa<0`UO6)QR-X-CWIt#kf1#S{J~|K|=@w9*$|e#fZS9C9c%x^4Lx9wUunYs^V?P;xyw$qs=EGhP~uasO|9_XJuJ#BANN;z;qO-Z>g7W}FaP%!kI1Q! zShAhicht3>%C;3n# z)`U+yXuq$pjEf3Yw+p=aCCw}!`|IY|f1kdG4jCuq($*=JEsJjs?%6>%qNL}#v7zOM zLt|@gnKLT;Sz_hEpG0Dfe?r!>1h_`a4!k|H9FEn0d%9!ri{+id`J<{|UscAcy}z%; z%wt|lh-)y5jZ6MHoX$v6cvZ`n$tPCF7oO$iuQ*12uw_Tl`;7B9Crxhhvim<7yNTJ| zhoPFXZ#!OMkW5&sdywFIb$-{y{C~2h`&&S6w(t3AZ9h-dy_!1jLc(`A)eqW#roU^= zvaWE1v!icskAf>5sw8>hR>gln{omd&6LQ-BoL~!2JNW7aiyFRpRloS=z-PEuI)~&*-=(SH7S|NF4<7z30w4JD=`XpT!p#D+ahb3^>KD zC4ebItVm;I1=aia3VJhAe=#p{j^p0WlES~vU!HrkZHq5^B34q`n2T+19KQp}{H;*% z*qhgCN24~iz?D9BhEqNTzLVc$X88{tjP$+v_#a=y?#8YA%pceKZSsPIw-<;0W<9^O z%30a0_-2n0hZfc;T3Dm_%dEJ9NhxrT{Av+9R8|gC2RHPsbbEuF-AW3>Z}J$k+n-*? zUGVs3zP=XeTwebrd-!#u<=;NNObS+Bn~Swx>AE9WQg{8&4roKh-NLZ2WOkzi{ImCt zq^F!+kg~w{e{I}pfXsEjsDI0zg1~|Ci^IKOAr*Kl80>jHW?vt- zE`IpznQiAzpw<^4+`#Iu;|}{HKD80|_phIy?w_8UG|zT@GyD8vobl31GFo@C{*1OM%Ngx< znJ*?!uGcINXTQOET$;1acs8$nZ(K^s=%V?_BM+8NYto@RBQyTWdVYsZ@-2CdJK%Yv z4#$#e|CM%|^yN|UtSg72e)R$0x~}hMj{W@R{*JiHA>+QW4hCL4KDP*iwq5IWdMRmF zzmW%JpR3AWmMx9`ZrXWJuML7_bL+=-vkZnT{{qNZJzv;maIDpspBo*oZsw!Yf2BpM ztCk_j=&uhkr&|oY`YsRl_0O;GY#7IQ9RI5F`j(z8d+;s|xPK_R=ELM7sXtZkks-tL^tCM+SzgN>5C0_URxjr(w6X}!F9DsRP*k%ARNw$+*} zyVHZec%y|}+4XMrGq_i_l#*vAY)k+3b;HarxA)kSl-o!AdRp5_xp}$Sh%$&T)cLxp zhsJ$Z)NS{E@@{>`gY6>=>%1tc+o+A~)-Ba+L1i+)zScirKKEG+Q03vTD@ zrxy()j{mX${oXyJA0D6jfja3~iu3mFZ}00mA57(*ncq9uI6m=dy_8{Z9go^)9+qwp z%K0g&v;J(kN$EWAvY~jzZ)U(G^YV0zd-z?T-^sUph*0fse6Gtje&DmkkO^1X_?ukLs z_Zc}ehZh*wx&2v<42{-7#NTIE^UiCA6@fk4+AY(P(D3%Gc+_e}(&fLpEzc&=1aYX6 z0TNcy>IJM-^u6^?Hn?ot-2hec&6+VUiW07yCUf83%}$|WTeoOBai8or7>F&CX1se^ znnOJ`2cM9i_oaAd>$5vLtlxBPf3y3wmG%2Htn4k@n0=vUw@ul`t&^vHArFfyuG^u0 z>bIJt>8ZLy8S5w2-ahrqBMog{!qSbkuQY2{as<`0q*1-nH%m!=q#7~)!*p5XT+1Tm zDoWi=s{GY^>&{@-4A&==jIkf#l_@6I>-Ib{YWbk(>Xf0)Kb=~-avbeP!tY+$rp!(L zXBQq-R3yT}%Xxlz&C5@bzxLHwr~exZ&<@q~w6N1&dab=sD8F+dGfaef`^|}|>RfJ| zXLsp`jhP1y%Q`;wBS)VZSsV);coECq+ z(dvsuMMdLBPm54f6CSZ@GbT1ChuS2M*q9@u#V2gZPN0z!hGkPeOtSPkxf6DXKHi$G z{itb{c1ySkbvqQy&e*>0+p!us*Xgs`Z0fGqF>2)07Gf{=NAsFE&M;lt^GgX|A5QP` zaqc3F**5>80JSC=wDf7~T3b zA~EX3$Bo`P2RA!Dv2w;n^kcmH-XTp-T9X$?*5{1adX+AV&mnIuq)(i0D$OQeU3@1B<%m8Vxc1;yyB4X5 zV|K(R2IJ$%G*6RTQ#OwI+2ck$bz}3^j6T~EN^Tan*G&#?Vx<>P<7ZTE*X-fcjel`T zHOsN~H6<&@*XS#y6YG0%HJ=OV9IPhud5_i8hW`GsYi9e$@sqMX9se?b*31c;ri|Xg zJ~zRy8r{fyLNkJ9sNGV3_1B^|9A^gVn|;&x-BW`{Fs5_aZ;HMPzSll|@>BfiVLx~m z%Zh<8_e{faKVcWc<=$?tcNnJ5_inud-?e#t;|h9>QN4yu>EEE&mxt?W;ZN1-`Ia*D zT|w=3O;faxSWFzg&vpIW#0e+kUtLb`S9e%?bM17jH1q3aR;}$w zSa|zG#k<36;>Z4IHTHFl+AY;vnJ50j-R%C?kq3$ATp(v9B=l;|+*(cRgSwHB*f6tx(v=18f@$eDwyOK2 zWXnpMG#sCtaHn~ftF=%k+bdX|8r~*%$`GuMx85sRtV(OrE$gFp&9J$*_d2)yoG?Po zS%-h!rQ5crar(8MM4NTfcv|oLU-8x2AI&AS;)H^{FN=m6Sk#h*`O7E2ChmeMi1z{wt#kelt-|4ez>2t8{-rxI@ct#ui#y7(JToH9jUk=n{ocg(%? zAMcpyAL>oL zO+H|px3RM`*L1z!A;r_&h%acm_3N>xq>>w=N4V|}h~QqI$~W*s5K7;vIeXv!x)YDm z+8pVq-yqeOcl|YsRWGYkzN}Y?3-$Wd+Pa7r5p8|*N5f4;C4ytkTWxjIWgnKfi}Fi5 zULH*I$Gw|!>0xL6yxwWeF3U3dXEmTSOvYy(|0d?vjpJ_JK<`wdsaV;g<3Ls7>KSXs z?R;6Vr+9bz#B%+n@mpun3oTaz`u^99{f9bc8aG{x)U0v21SNSe>2r2LXVtMmkBl{* zHmPn`x0*5}U)^TNvr9v-%|1YGkIg!9e6jwjZbq}!<;~?=_4x8(XP1v(bZ_#rdKc?| z%XmKE+Y~c;=d)(jiT)a8tA~E>_>hU(`?=?|vYZL}`Wxd1uJ3b$QtNY^s-R%UIKunn z79MS_i8K0LY5tB&k`To^hcrFXQD+{Gtf%Ai&Tp^Fe!x9REIkvg*&xyj?(yk@e$$^6 z)G7MbY{xOxzW`tzIY-;)(7V@sag9}easbgmq@qI4u{+Uik=Q+F#u&ognXn&iTR&^r zry4N#%@)#{POQT^`l)`Mq!QKiX=`}RaieyQnOJqQy{f_HA!Uh2JLeqz4gSMdZ1#lL z;N$JZRCMb8HVJ+kO_@_Y7eG=I>LQ1X*PdQJxUfn!Gb2BLVzc6fbLJsHl(CiPd?Svr zAq-d=P!k%Y2_QeR;SZQ*(!^n7AZaw*^Q%{AG_K*}_`)JhpUn7rC%WgKX%10bQ`EJI z_$lX0&xP;q-C(}?sa*%*qRt--!oi1ndf>Q+By?|H00)t9cFDG!8Vw>1kY&Tn8c~#X ztIG_;hF7g?rB8_tJLFi{N*}kBoVnsVxZ^i*--&tkneh*ACfXa}Kb`P$o}9_OI{eY8 zIVq}=iMuAh?tfF>iom>Mcw1K}T?k=1e2>WmN0*S(hz+<6ctZR$9D zxM!>Q{o~Vh2R^JIu1jgHr!DmcT6~-IVO9TJh*m1UUTS_TrPIF4e`T#Wjtcjdtlb&< z;!5vSeDn2&?AjhAGeTIB8d?CCY;b*|#?Wcxim@U?%HXLJ3TM7s!<@60yCAuJC;qYl zdp^Fn%Dl3U+Y^GN%e@@yIJtqDo@-z(?#N;U*WHcc^WfHUiqgKW1%E!4m7kD-xW;pn zxRvY2LSjB=pZh*%lVqI%cKQ~HjLaHurZ>;)KU{H9T(SoOD+Re^NL@?M^j|;Fo(D%S zUQm|o`TqI!)uI&5Zr1mE2mEIB;n<$eab>Hh^)@NCEzUZ&_#4D%N#N)&fa7}U`bMnX zKDcy1kTW$1G27h!!}0muOEMPL3ycHvzPk%}d-GcNRg^-cWPE*l&*JT~>jx*+s$1t- zpNg&304w1_sdpVr=b3gDM{&f@O^p!bv|m?pIEgbq8ywYHJ9g|C{;QWbv)p(4rj>vI zsVYwE%OKDnv0%a)`VF{5$)wNcS~l3fCcXlDc2eC&wzYeLFK-l#t#(bkc5lCz3c+EI zw#g&1bNebQ1LR@;Cufqt@6Oq6y~;V2)hWsU^c<2C=M$#wZm$~z5hr_Y_Zg!(A0V(w zvR+x+{`%}T{WTM+tDj${N_W1i*P`j=62a%2J8C%RbRY;u9U0%h1K#nr`pYW_uFfn- zNdb>C_wE6|ePBk{>dNcfsqMaZyn7^l^rd?C%7MPe8CC0>^`4gb?A#)$WF2SSlKNFQ z^QqtK#ZBG1gqeA2PM00LS_g|p9~lpcQk8KED&c1bv9&(2WMh8%miUn_lhDem*FWk}W{`uS!Ua$*aT z{^fWjH_GbtfmN%jS4qYs%CEQgp(4yt{wuVuv~LwZQA z++IN4CIFtV#0{v6K2O~ji(-`02j%&38bm&k*C+;lhfz{Dno){tA{gsfr|6k%-XMT9 z#+}Wgs*1rkpyv~Kcec#w=YyzkM^eMau1uexrz|`#S^*fjP+B#(jR6@4K6N$&kg=Wz zODVE6Z^KpZ)n=*^`70%Om>1M&yzyR1cvL}bvb_SURbMI;IUq;B>!88Lg40SnJhN3}IoIa?|n6i&>^K$7Mx>^^yRdqHZu#Y%lv#F-3Els8hD~ zVOqp4C{BfzXlzClIrVFb6e|TSy8fm?R=VQ8|2ah3E-Yc=G=Zmvb_m@Yk`r*HC(0wQ z@VYA&deuGwxjm)m23dF*@Ye;KbBCjl^VjxC@FTcKrye5b7Y1<4vWoEos?k?^|Ecs= zs^=%*F|6~^=Jxqe7X5Ie1&zO+NWL*_7ByOlM=X00!j(jHBBO_&b>BwTnCELDc=?Cl z+>C(GnZHHu!CEeI%~2J44Rczks$@^_pieOph;+!=dZJM@!fcZqK@QE9Txi`vJ2k&T zbJVD1X|1BIcyxxm0>f7$L}SskWKzS^tOs{1lxpaPOd9WfBYQ>~P&ya}rl+cT$`GaI zIWE!;Y23{<1G!JcjRo7GT-@iyQhU!sgPE~9F?!={PP>0_Vl^i>w^mp-54aH=z$!#3 z^X0bb9!KDDD*Of2H|;N>kh}X>#T|-+%;57`fhJ1{eo%XZ z;b>%k(<_qoZ|LXA+e!?)26c&`k}%p(N~AK+1m$y7k@+uJvz1R>WtBgTpJGPgSIvwF zP#eXRl?-a3qTHM3gZn>y`vAbAbmQnmYghO!x>7>oRi6VI7;S7=6jFluP`OyK1$FSs zt{t+_dFI$9KHNTZJO8z7RF#CkZRH><=^iF>4QBHG6F$jJDN{+_d?p3!4LxHj<#>5^ zcv*=5^&#T6McxVc^XTzzEhrLJ2YPf(P{Z$JZ~m$zY`Z-qG5|*xYLH4%cF}p{he7gm z8(KizYY;j4y3_o8w>``-;lA3iZ!CG#=sKv^Umqz$n`kzis`wz};1zU4@GuL+xUJp# zcOTov8~p1J3A_PxG3fLcfz?AtN$eFxA zYUTso1qc64N@jFDi9poR-}oDvQNn+8JyD42nJWIIDF&-3KMyMqtUR-&j7g9HtfLlea@Eln7xI)&4U)XlaTTt?S`?bX_oMSiXtUV zoKLx5ti8q`)sstN*4Zx>3E#i(A|d1W!LX7zy!XAO83Uz;|C4 z9doVT;(bf9S#|tkRteh}WKNq&BLlLSqp`u!+= z{14m*8DUoEES3JzefX`NR@LNQLbA2t+63--D<u3P#tS((=jRSOhMzcrsdMpjl_Ax7!^bZWo<(Nm}if0u2=I_=nHn z)_EM(9^RrH0q2OQ>V3j1@kbFe_Ck7_T;Mva00HDX_Im08trI1JUrzsUibZK@G|6u7 z&!L?`)vgcuUuA3!=11{&IOA1|OQk(NsAs$Zyv!n^O%@l-r!)V}mxmZ`$21)5nO}2= zoTv~x+3wNVIC5b(I>ao*K2Z$#+E6-;F$_q#zZB=ggkezCdz^9-j1g<1f~jEK>{t~bqd8h%TbbVi->;*f z$IvGCf?$BexYB&H?I+VQ(XB%|N&+wwd;+H5ZrA|yy)!D~CIMhHQq^yP#rX;h@@;Cpv5jtU@!67J>FL15 ztCD$Lp4BSEFdE6dCFTXX>evtJIVymWS_GQpJ;0Bwwy->kSk&};Y4s)sjOEEh^-J=< z9$;jg03@+rWKNRf zyZ>7Q)nwl$Zb*(Ni%q)V<8Isio27Gcxhw-HqjR7W4>Fjs##u<=<~Wam?#H4x{ZYh~ zz5+R$%84F3C%RnJX_E}x>st!`C|VZ%nK}mpBhS7+Mqn6bh3Dvb@k1zsG`MwoOD=Ec zYju;y_p?W`swHbRM?v8E=~fb~^YJ*djegvs<#Vy$m14RJ)eQ0#!p(=v)wlxyMe}uW zwCXuneA!RF3EB2pSFsPe%_9J;uruSj$Vy6&lim25E$d}}T>Bh*iqGMOW?1k|fsF$^ z>{yFAJ=evtG6@0ut{dTGEMd`+=9^?Ay|Tb`P)~=Y5LKlr?D2ki%G@(Us`DVld=nB~ z3M8WQ6hS@+v}!W_WPxpxiUQECnBoRKicIOLT43++L{mmoQ8jwuV|aZWLhvISqs1&B z(O;hWV+!3oOVUIc1w>EClfR)$T5-#O#^7&v<|g-y@|7tO zJE@M*@i_E=5ZlzvF6|cq3u@ZSd*mlrm+21UbRR#pL+m0qgi2u`*f~pafcdY-3IYSs zz4?U@JkI<&o6Pw2^q9w4EnLSPX}+mF;xJ;$i5B_&r-S(ZJP&+eu9$A5h(R)?bl@wV z^#k``x4=o$J))Cw=rPnVn2Zi-aMJU7@9#$7q^XwU40)g0#lSvY?fsp09QS*6Tp%4O zhM#2V!S(7g%Ft~+e>+llFt@5xWG75 za&CFD{M~7}Cb$YAW|;cb;OHIzxFnXj*ZXR*hn{HS=%gkdlV(F;oM8X`{q5(5 z=);Y1)%DS0OvUqJjzW_f)O|{Tvx9=2BpGZ1s(Ff0o687?9EMf|NbIUzSDvOxc$Rm( z+{%L4b^f+C2B35jApBHnZGYxFOxFom4bV@v1hnKoNfY?Nr-3TVf*UJ=-4yH|sU#tS zU=s)~REHC%lU3ZqQlj{K7cTAf_nlU`p&sBt9jM!Ynq3vt)k~nnA!mO||8b)$OX9QJ z>JQnak)J)FW-I`x9#<#KxG@$}_$Hfn&A=Hxvv}#UppOPpYF!ttjjaYUHpZVso6S*FWxxW9b+l*Xj5OQee&cS7w$sj3IPl?_tO`3{8Fw^uqRAs-T1~P>Nxk zs*}1D$kuaZ{Nl1iP|1)_nsK+1QTlbg;wB(EizMOKs~ezh#Lm2Jw?ZiQ;9pjC;O2z+ z!0-ok*#2^V0$2@z)K<$6xV~}$m~B)^@Nstn`=wXV2-xnIzyQ*Aqnp4NFiJXPfz`yt zNvJ8s(7hS= zh_N3omhdoExd><$CZ83u8+$TVZuD`eU%%ECIC4CN%V>r{Amf{?Gz$iaJYERl+*=N( z={hxHda--T1)%5|#-l0MDvoDvYniUG$QD5iIo$zo9%O9r4f*ML;P&f?ylGdx#azB-5-|v`c=2 znb_>jGYkuy?)cTT6+6lP!1r+dXZ(FNT8z%@VdXty^iX^2yag3E!S$DJs?RapbpF)BYp$*so;@!2gTeFmVz>=IFb}9_b$mL%K1lM@J2+7Ok>I~yX42)`y%DOo)|%Sq!>sF z9o7Z>Yru2I^app=vP2xxG4y=%)tTLw*QeD4oCVmF1KUZC|V*mtyQ$fClE-ru7-?PLlVE&3Rz;?VH& z?)X9sv8IEd z$X!4V3OyhsCN*CuAgreR`{pKnlodId5njVCGnRQHP@nt3gWsf(>$XH$jSmZ=e4j)@ z(NtVoKR9ICr2(KO>;D>T`3miXAVQ{)iW7?nlRe(xqt%n9Psc`?JepGvQlgbcpLg z!927x*EFJv_OLDaV^pT*dFdIV9JiQ(N9JI=-?~LNTr6jnR=1JZe>^oBdy}sa5}9Z_ z{1r&2SKJdThtFpAia>Gf)Y^@++Kv{{+Q=UeYe*w;HA92R5lG=&KP1EegUmpS zVxRA0?+RZxe1XVYKsz~NVO_HT&t05$YWZ0q`4ZPpcQXnSV~Zr!a8e?H&&Q&gPTpHS9CN`Zz@@Myo$o`4;bNk-L*g z^FzkjFKp^evm+1EiRf99*IWFSa-RT`REEOHgorgMeHNQ+pgI|?!~V~ zLj@imr2jmh*J-M-iqee#V1di2bvi<4p~DLZiv_X5O`DOP2($03j(w?Dh1~pbG^|b+ z@s>#2P!IKerLTBne`>r4`fGhGNtrCze{vz*e5OesU)<9x=Vcz{$H`|N<%T>)_xqDL z;O5un-#t0hm(#${ zUw-*0NLlU%+2k~k$Ed&+$aBL|UMgEE9#CyaKow&xk-87fXMmtG||k#HD5Wd#_2>tfs#yaggg}j5*MSq%2?+a!tUTA8gmqfC-4{4K9EQ4%8|lw zNTFfvPy&?CUq1y+&&`SVoIjOw6kigxL&!7~;>o0x^gcUgRr{U%H3NE2JdP_N>mLs* zIwSG&jaXdn!0QT36y3&6&3nFUO00gi2@?8K5IPi)uPvY5+B+;6LO|7{j=Grv%U8&V zglBWI*b>2sDej|8YNp~L3p7A(l<6@|ifA;%+oTa;Vi913!0XQQP@*6cpOE|Zvjal5 zP!_qOJgZ5?hRDW_7uX*pXCL|?M0*kQ74ZcdV^Gm7*RaDlVM|j5^zUXj7PJ8sKn##I zpZ)w;G&CF19gtX+mHs%6tG2)}PefD3lXkb;M1df&f{*({OcKWsq9pK-57K^!mPo6R zZdr|8b@12tfzpMXSitCwEfUQJnZ|4GZ)ebb-iQmH-2^`v#*Vo0Qtj@6W#5@PIny&Z zHNr61M3Rgxr~VMhLo1;R40N#IyAH9!%?XPKK}MRN{M5y(d^3)0PD9_4-?tY_o2`hv z!rok8i={-wxiCodlw?Uq@6(|eoZbV6S=lbhG9V5h;F zkytYQ#3hB}1M?kc#zu>T&FMt#w(M0 zTLM2VU5BGGm)lBhrGofEq>` z=TH28y21TpGly=SeVR)f;q81=`L5kRH;UVIKcm#zQFt67#N+Z4WZsIl@Ua8)J9S5d z?)rbsiW&I%c@?jRnEGy_GXM|g$H&uub2zRn4OU6O2SsSV-W< zNO&$w3vU+p?a!qNg13)XQw0}$K4>I?#;O|)b8BA*l}mAQ#sq&390d!liE84GgB!ko z^~?OPS5v@r^=Y;FIt1gWB`AY7BC(zHBn@ocH_KY`L4tE)dDq;wR3{8lks+wPOy9t2 z;&)lATN3c?qE-`T#g*oJP@)ihSDtaEnG<+rEA>$D^5#RXuB~3`#kF8xfwj+h^ROia4PZ4CY z#?tnw?J#|zE?1P15ekl8#U<$almc^aH2WT+A?s++)X;%f%^p$Z%_Z#r@~akCZkz$0 zb1yVUlNgFVb~H|aIR804AF>m4DQSNitJ~rA?Tvf<(aOx;_7+`nJYP_=*mRXkT)7%! zqgTSLr_VK?_v;;!F9913nNl@6VZeXda@ASeJKXr{MOxKyCJ#jTVRPhNqjmT5L~`+Z z8=_06f@KEm%h#b0^+{*BKlh1Wdrr)sZQ^bF80n#)_OW*r7M|U+iern7l(CMBKtp9 zw#IAt9Bmfs@h;8EXl_Gs52 z5wcJcE^}1W;NQIwp`o-1OQO>k05EdXK`1WK)x^nPFIh=S~U3p9$n^EOk zQpd?$3=_tky)@mWktjX(n{l>I_IU!KPBE{{%fCZ4=KI4n*Bp-%nG13tqP(e(wtv;H z?^ORKYe{M_I`3Uiqp;koL*)E4<3h(ixo8tN|4H0LZ2o#>oelK2YPg!#yd-r~c!@fT ztJVen-;5531El34b&1x9`d?`GcY~iJCLs%~PnZkVg(>U@f?d3(6={Bz$NjP^m0x%6 zgyp~##|Vp;XX+R(%;|Kiv{6R53aLNd7g%IVrpq}RH_D>m%d@q;J;i{NbFlqFo?Rt6 zH)kNhNZ7B@P|{g9#aws)be(H3KJWZ@53o}IDT3xJE1@77c`0L*3P`BM#Jin}mMcvg zp}B+`CceO@*B(K&@rmo^SEfm>30Yd)Aszam;MM%y+Q75hyJ4@Ho5ma8F_CKJubP|S zAbHP#M-$yte|sxeZRBcUpQ7{`^;n0wD{sCbT_=<5EGnu2)$olPg%Tb>kCSOA(bY2v zpqg>Dc@BFoq@Od6)dl;TH;LsBHC6=m2TSc!jfy#3HcJgw);c^xm9ceffFj_6?3E?F z+4nL+hgz0Sb|73noVSC-KzL5qxd2qlN*b~2wm!E_? ze;^2DRU6Cn-$Wm=8bLAC7E`R})T*A!U`|={KnLl;*^QR{> zKDy+r*BW_$3{v`bBT2ukBLUtSJ5{d$af^IBfT7=Kn0#gor5mi8;9 z3;yEr9um-uo=|>&R3nTwVt*1FbKQa#tE9AD@IGuu!p9C@^rq^{WW{wqUYEHx zZ;cz|xjh25bt>Kzk}sraWZKx5YCMhOOHh3Jiicd}NG=2i*W@iF`^A+~nrLp$Hu<#8 zh5c^#^~XYn=xMiS0> z>1AGO<{HjQpjxFENC)veuFYLYIjdGGnD#rW!H zZt95Llr0s9K3)%kj_8ldK?=6!rX4h$!p=JD*ZoLmMd#4_4wl~=*V3`xu%x0r?767b z88Jp%<(TyXY{^bYj-P|#6QXCRDnTLX9JHs+`>%_6rYUCw3oFX2m1dR}8MhjOrKDkh z%_~<9I^voAUU~x{4%6J@lf$!0iGYb$zYhe5(+72Qu3n$UH*26;LKs2Mr~lB2G6w8e zpVytKLkD6X0#!^8St5dk9P+*BIAfAM3hEAJ z<2T&ZQBkLDgGB{{T)xYr7mPd=-&XE=Y>M)p(E9+FrN6Q1DN^Gv&H4NoQTSbn^0`Qn z1wd~$Kgb;{fALl{9Da2jDqN-;K&Oejq3YaDd4=OCYk(C+B=LfdE*aO8iC$YqZ!R+@4*a$Ij+Mi!DF|Pz!#2p7g}{eH>9fhkbYg)oS_ zC^TPR`F?cjwfIQ@r6 zc(g`ac`q=)ct*^N>7)7w<%od=VPF8D^gr{;?0EqMpURynZtvin51Agh?#~e2h zh^VUlgvNxQnK0nQbQIKPoYVk6I|3-+|56baaG>dG!oa_AwN7)!0v28G;s$AjZMy*c za`41d!PNQb&i{}EQd7mii=EDYrKU{3c6i@a?O6QV)$Jm?={kog z;;U#pPEep4WVS}ih<&I78ZRGuiUFbRAMb-P+PMN}pq-E92|#+ zh5%&=0kCtqPqg5`O-2#>)Xm9H?B9^iK;dz~V|nle+^{CV4$J8NyiK`HYLXcv`D*@Q z_+8%gmd-m?>whFI6r6_Mo*(aQXgo!(7OLkM0|!oi=ff7o)xqiT)`AV+8>p5$}U6a1Ltuce+$6Yhd57tU0$jY=)(9l>>1$7CJ zO%Bo{z#VMlXccQd2Ee8T5ON7v_E3rgKTf8!pZ-*h4NI&;B2X5UK){R1I>dl}BA!Q2 zpjhuy;cTP_PdI!LREb)4NO}wU;-4~?2MH=nIIn=YYVYjO4#NnvRHYR%lh6n#(7cnW zr(OU^VRJK2AZxHZ;KM8~PIkF^y<|<1@Q{(=`WNMf#dGparqQQ2dc|Frl`$-l<)e+U zGGQOWFKF+6QmdNDdS}F?6X0l;0D2cxsA;e+V@wZO0xU!iML;s25f@U-z{l|~GmZet z2czS*nQi%jK7;HK07$!~gN`$zn&}pYJxm z^J2Mplr$5#H{_WWkne_m`5dm>Sdfz6CKDLL7Im1?vMdE84aOfB6(KhYgl>F9v_j8l zgm_~|>BU{FeF1AYj>pq{3qAmpegsSy@o9~kf&%x8(pC1E6UN++q}DZbi4ac!8oqx0 z8Z;%~CYSPY1NV!%*z1Me1vrW0!A%%8@TlYt*(mcf{{c$EpHUBnRsd7i11L7_mr>?? zXy4=Q!vw3pt%SEdrfcq=+=ik*p0QkNU9*uSLmi4DtRmw)8hpcqWB+?UjgmThA zze$DYqd5x}@H=zEO8EvH5T-ZRuYuU}qW^<8m;1v(BID$Fwj0?Djam=&fH*qh9FQ&y zmwB|NVAx1o`xKSGVFWQ!PEUW?D1c$JA~fGz-2?P&boub_L+5?ow=9;SBBXzT*yWeP z`j7YWnx&vAJC@?&SR>FGE57#g6BfR^kx1tJD3N-+Gn}GxZYfNX**tue2Zw0rITFs? zK*~Wmir=bOvIP{eOY^P4{)hAW3XX9v9JtWPy`$Bk?;vAUrW3)rLx+M2&uF$!c+mu+ zW0{G=!`kKU_Y-O+gT=XaZ0QPDG{P7RcUatMG#tCQS*H#0)W#t|N2=C|yY?sxB13Q$ zo#>*l5!YjHOe(GvLJuPgBW5U>Qk|hvm^E zDFUha1_xiL1EQf#smwA~#;i?K9q!&8`wK|&tRre|yaD4}&V<%CFFnr!8!+{76gL;I?(zU5OIeay~(^IHS6y{ z?szD}0ViJlA}gUt&=mI|s>Uw=FCxoZnKHsz`PoZ4*7+bnB{PZ@I|{J^QN(?q-VjSJ z4abo*LRGz>ic?YW@Asq@X`dja?}BTlLEU5Fr8#AQhA$@yyNCG2KWq^tWU{ap1YzkR zgobgvXHW=-)*%Pd8OJS<@byO#B4g6>E};Ka0l7DzOPgTeapEeC)m2Cx3Io#A+=%|B z*oLU{s%`3c+sCM?Tab-1=1_UZb%Bf5-T*!-0j8la1x1l&< zHI(&J`OOaIbXibcyko!9ccxG~i0@^?FkTx>$l zN3wHq`cX$uRG*onjB=_BgmcT02f6pwQ9jUX@O|BBdmBS!^_wU%wobxZc=y*sz0%9q z(7iYCIL1^LEZ>l|c3v=RI(>xDU5YXY8b{yrz46rxA@!+XWqGML|nVcCJdd-H*%0Qj59|i8Y{et+IQV5L5ao%Vxkknoy4EO@&Vw;*uYxwB#p)YaR<~< z5ZNngxMB?rXKTyV*+)mm4ms>{1u&E0~lbhI!cGQS>hnX7cx!h`$K-EZgEc7 zhyy_E%CTctMa-k?0`<~&-E&b&jH?9rh_6c8eRcpPyPnonuKQ|JE0loh;Pu)(ABfcV z`_6!w;UDcBP=&&oh`@y_VH{LSyFdr+gBFPPsy?=6qc5hE@qdkBS}X=K^#;|@r!5Q; z9*H0YR*j(K+}tqapRq*lg2;IYVWpoAaSe5r7B(i<_2qfN@78agM7jW^2&%wWAKauD z;ath`^5(zyPs)#x8r}Klq*Aa!zovZ~YKe~Dv7xze4W1gsu~L-WAuZLL6q z9rfVVOrpjeI9S}U9*hgw3W{-L0BMh{@MqBQpa=MP7C}1gaAb^$=H04HqCn*A?B!0$zUnkZE=S{hRpleCo-ZbhEXCQY2gjHzWl6Js;l91 zu=?IgZyfXkFyT5mJF}I#dFxIr@bItB@jBnJZ~j5Nd;@m(8OcBcF=#yjR{k!2>jTWJ zV?>i3;88Go{boXn{1pW@6pALT2I(tC0aXBu9>77U-Q@`UI|r}L@kYQc=D+&g7B6V^ zl#0EJ)4~bZXD~+bpv3-ExcsX^c)J&nWayKGNC30YFfhSS0_Qo<-8_nBlHmioDxIK5 zMqqYyG(tw-GvEmh$cL3W%rzTzTwGnAb9u*_8J+{ZkqQv&2$y{UIuC!r2uf=_CLDTm zqSFv-=CXRjFD_hjt1P)Kq`sp>r*C7^3mNFl8*P7bC7CLi4Sg1InCb%aw+Qy97p|D* z4}Iyvs-g6-+kb~|yv`7^VV0Jbj_20lW4L`5nL>>8$|JH{=^$MI?F=~N`#Qjeg|Ywi zcmoCK7210NO=L;f+Bx$M_OnF$IVYNs81I2Gt0^()A$cEUDSWD0z;=u}VR-KZXi~jpy&8vcp?mzGXIX_-VK7>ia;|Zwe3fl;WWZfvpOn|W_ zOnKzds0a{K(5eBqeWO2#CQ2rj3n@&Xzz>8{T)M!Itbe-o8FX(10-5|=N*2XCN%y-9 z+mU42fzYS*ch`DWNd^?d3_&)w!Xp39naP3ym&`<&DYvo^7yB1b`bW_o@64Hm(%N)z z0K54R9zSz6SnnFUUtj%xW0L=~s1w97AF`iert;BI)C6O%`0j6;T zPYNQ7+BH$wzCPcP@v91=rb=Z}rHB5;>Ze}5J7h5$1piIb+M5J={sLPp98;QOKC_r+ z*+ifE;PDUtQs8mI%MHI&&)wIKO$HMiAW{$HTD?H)CDd>NbU;bQhJ-^PhuI^*m#2~O zZ&aisbIyL?UZRq(@rtO~QGp9u!2t$VW7q#^Gfjn(6(R?GC0*7)RVUmK!I5th^eV%t z5|~bao@u1UCLbpcl3@$=A)1swk5$|^N5XUGA>1k;yJUTm%75mG>ehEGx(OpkNk3$6 zC8CFRAz2r8ARC~>zigkFI)lSV5u=2y;O(-&{d*aP0~cXnH-380#RR13O=zSTi#DS< zikeZ`Oi4C`G0wb^qpBVLqEr`afLe1L{<1NU-xzhT2S^jI28rwb6Cpq!AlX3ki2_cO z|7rm?$w$6DjSZZpcoha=!KG=d_rLU6dMjLnRA$Bwchg5wT!D)Zp%4hgvj>Jlt=wn# z26dlD6gdDLAWrdDU7ZL#3qWTJyAbS#u>SU^1U3F;J#jor=L>OJ@CrpiKO#Q~xM?x@05iEH2_Ov72qU#gfM3)*h z>a0q?YltIc0vvHe)>oij)*g)`3%qj!7##wHoNxRaFiaUhOmxrmq5?X~d7Mlr8hK#; z8PvASt+8xKB28bYFsZqM1es-fbQ`H^7nkM-ol@QR84hMdoSLasj#PFjRmN1Ed!`Ir z%=M(43hzKNSssc+Ab3j=iVXGCer@R{_RAr7tYhou<2DD~@eqXTM~stE3gbpU!nOH5 z(cWtaQQN??-Y@&sK0z*O{|1-L5YVL2G-OtI%(>r@ZxAeeT|T2l8ix<;6~dIc7e}>F zH$O5RP60;XZk`PAj|WB7&H`cU3-~RaF3I7>xTz@NLC~J^bJx)DYuROJpYn*vGS*PQ zXumM};sB$^$9!O*9o5mB$IGOT@8RHugg{uxBb6&`9teoMl%u4;-LM6@<*&@Dt9nqg zo(Usan8RZw@r1_k<*_v?yQ#`Uapd&Leus9+xx~FR0*D5covJws31jV7ZV6S8{ZVCe zcYtj6lT}Pzur*I^yt1)+M=2h->$~Dw%eWTz8&kK^zVJ3vIjq-w2fkGM|C` z!MexaTroFqkQ-VvbB)-M{FcepEaH!YwZ>4OgH^yWEK8}7uM=mS%%`lh))aX#n=*?l zixtPEnU6mV{*~btwB!ADXE}$cdt2@3{+DjQ6>qP=%_hN>ivj!i<7`1e-Q#r7Wq{ub z3v|9QNIC;ASK3NtMLsD_=$IpY27)&62rmxrwrnzGo0j_brxT$|gpg@*~X7;bU?xC#eip*bkZpPubkrv7L7e9l1y%ic& z_RKbFA$!7@J@8XF0)(99ObbC5IYowzXpP~hCoYvj1Pi9&te5{udhvh{AB}#CYMbyX z+|-c43cz0&eBhCkCivlT=0w#YT`xBXi}pBIet#dXi(2zIH7bxv0~g4@S-3j>GYDNw z#{V1~#?q;*oS+DL?s{CJ_f)|3(t#w9xCf=@%83$Z|L+Q6!r?$geRyhSFZukaC?~Kb zWH;aBMQ_tYRlalHt+S}5B(Q&oU_bvb80+P{pb2q(`rk9k;DIx$XZ_C^UB}BGcm0Ut z`7p-BW&9W%Rf2kuU)7f?9om+<|KHa)T*wB3L)O8q3R=dT;h(5NzPJ5W4TuMLj_Sr3 z?;%|u<~}VBCU$K-w~ibPoGu&mk>w>@mOjnr51&|4K(~$F@ya=WY%%U|&(9 zD=F-v_9?kIgzdCkJME2Cv6I>O16r9Uo2)9HkS0~Bh1j%Cx zH27Q7Reqjfc-IAvKpN-l~R@r?nHEvP_DRf@Xhpmhy0W^LKQSC+h zy&F5E^-_snWqscA__ARPN?^$umhqt~OeA5Q*Rw34y;=m++j9n@-NW5^7IVo_>kY>) z)UmJ@M|N)+ZqAd*N)I)Qu>lJ7ZH_Kqp-BE)%NJ!+kH5$IR3la##a)k3l3suLyVgde z$nkO>f+kt4MpJI_GA4|iMkV?Aj}y*n>3BFX3%u=%Ja!oQGo~;~beMpp6)Wi`X6?jO z{tVqMKWyn4_0O^#F7)I3E$w}vTwCC2k51W&cxg;S`Hjel7!X{oAL)zA1S)qL)q*`Q`XBK=&g#Lxa)ADcp3a3FyVmt z4ZeqTYrO`4xn#Pj4@!K+ZzgT^z$>#fIo{tXOdky^!Lsua3L)+7VJ_ zS*I}vd&}oIp;e-5)lTGprLhPQJA%u2ckh7(6m)Oo5jlSQ&X$uG^z1x&likwiY7L5X+zY zig#j_NUoBeF1#$R?X;urPX?)YbKQp9_qH9?0(2Rx!}76x8-%$*HENg~W@f%7Z5gBx zPODwDty>#nF{m@~;=$!klZ4C4nRa*TrTp_gvH%)cvrX6@eF_c=3dZw}(vi6{xY)Zn zH{5b?B=60un_(p6oWL2=LpumwK7z5|l;7?W(uDYuS}@I3`!3MZ{3|Py((C?Cm7hj(o}X0H1q9&C|zFjn0g&$Sn8~2y(KPoM;{f8 zZrP64IiM{MHP;PvDwL=99YMi#lZcG1Rc4fou2 zNz_j%9?>lkadMLA^g7#$ig+v--hT@H(fr*MRCtyNW^MfSxg(J!Nk9aykj z$^WMCJ5JRUgBLew6+THbzj@OcW0g;N*T;<75}m82ZcqRHf*L&^c=%n+A3ts8FRk>T zbItS831?QDo>9l^_<1}Ii-H^}KW5HhE6t6RvRMvPne@%ofOiz{_=$hu+0xlQnLYU2 znDwBH59Vmx#6v{bw6Zs~#J*F1G1=m|(-p$FWzpMXS!d_sr)j89!pI&z>#sC^5>5U4 z`@!*2WP$P**w2?t+jU*DJKJ8rjnvKTS=EjnVUOLLhnZ!vson*wofo7Fz)Mu6;vPTy z?xDO56NLR?*psRR3lF0i9oVtR2o`Q+;b!A4P!HzxX3>o&b$*Cpe6|s;STa#^FCB)i0W6dK~T{lOy;bYreG zy@?W3B2mdUXDjeHcZ}!Ib16=i`Z8)i^2pLTN6MS$r@njQACoanzpNAAm?uo5Mts?4 zO44Wf^+M|+&;HzhVzGa;*y=ajY_5@3yTKHm!x8S|hn~-NS=f8D#%~_+@D7Q?w6efb z7h9T47t1f(q@-Ot&&NG?cBan6JpUAxrcrabOB}_o4k5bY!@n<$d%w3;dp;Cl@;HlF zO529YqlQQCQxH#%$kWMi;U{b*;|Y$nJ>9Jg2CPP7_QRe>ED)sV}RC8@%A<*R;+SC^rjU-54JqwvOIpDwS{oiz%}l@NDdi_V550jI@x!jzH`kw6X+`Ye7QpKlc zwCCf8L1+QCjF16peyclK1fwn#<7c$#C=rX`WaZR+(OonP#brds4UY^@1cw z7Cx)$|0VpY#hejU=kc2-O~$8^e5{hXf`=p zc2X>ghl^0c?U&?l$^jy-ymQF_$ONr=7!Sc-GBy~Y6CX$e z3X*d%F4EAlTQNy(mRzAUG;DpYVTTD(y>}-(;!8*ClUSdmKk-i&*%sC)DT8O%|Asxz z776B(M^_QB1WYo60H!&K=oIle^mv?c`g7T!Jfvz27VY>Wyl`pQ`WaNbkcfz0mh1#^fYtX?%Z6mBxa?P;W^rUsShX9SiMy; z_@%2?)MG#E@|#E_M0WF{?qd+;EeJx1P^Mm_pQ9;XJC%!7f=fykecRwHS!OV5rY!#(cil zy0DweWm<@N-4CBSW4gYIyH55*8R0Kby{E94MPhM%iWI~*+gM|{UEuH~M!VZJ2-Y)+ zlx+ucOWpAQN7`G5Rkd~P!vb4jBSAd z^TsN5Hs5%Diuh||WZ(j29VD+xf27OAAdw8%a~(^+G`3oPBl@m~1M5a|b8=>c?Ip{J z5wBNbk$#Z@666G@kU;)Y{J+Uz8Nm#aAO_xZW@`xx_gcAE?0pv<9moT%`^=x}5G=yuM1?s%V{O{p=zRyMnq8}aGoRh;xU z{;`)ACk*J{g?d$Sk{t4Xb4p1jBsNtmPnpno^p$!*^=h_3LEhk+yx)OZ{Xa5a^Mu+n z%p!Y&HjKL7Nh>7ST~Y1o9=XEqxlhJk)Src(;RVfS+4bsYEu96or@o^N=AsiEY#%TW z=r9aFA5?w*KEqsl=~#15VoxJkTjl$)tW7Za_C!pEfO^7n-Nn4qDTPez&Y@Lj+q?Ah zQ%tKrb*EV#CxNAb#y45&FX1+`Dj8k%{Iq$NGYbn2{Wh)8{W*zC&t?1hUCCFmtkm98 z0k4HCGK4BJ8vGv((0yI}ot%14&bki0cf>Nh|9r%Sm1FPN$1+X2S>K=eNA4%){FP7k z-CV@9;!iLVEH9Q=xzLJi|2sb|mSD+;6S-<-yjH-E=BmN8r2UeV##Lpre-3Rz?jLK( z*%6C8tB&%^>CVx+jit};@N&-eKb12!7lDSDhvqo|AA;7Y4g@!ra9{6fW?e;(W}Q?h zxx087v;ET2WSJ{^vk{_Vy{B@Qnpi&F{)j2Z85}NpZ8x-MdDAcH)p7a2%J8+P4Vx)n zAzFU025-lar6pmnoZ54|F<0Pu9H}n|bhYFJQLQt6{l7VukR7!2Z6R zoX$ujH-rvY{beX}rk+w({H0_~M{4~v{yZ9BfJHH-@y^6cxJs)Fn-R^%g4`DK#JES4 z?ZlU2;$_1KHF{~j)J`$%vjsh2{U0Cz?8xl?wo}*EC^*q&iR)$0b*>hONn{6~sPbJ5 zZ;j5@r5_0uuNb!CwJtTvbol95#W+v-TrE@SXlcCz8kQ}z?O zeSVwGCbJZSBrW)I#F;T|53&`_AM%}-z-S(L-yU-&+q4b{xG;2YaULT3@%4_v!|VLw zgRW)qib4=$NXS3@4-Rq#lY4&;`Xqj;@zOjzwSnL@)Nnu|Xi5miW53z%S^_dv@htqv$nhB-al)o)|jl9EXH74*V2l zv-k>|x`|Bt-jo}Xo)}*9cyC^CDEC>qJ|0Q`pLNx%HP)csR7gEjXYGn-edope(F4-< z|6)z7O>vb8fyg=O#u4&`0ksp(b7_qVUK;`N^Hpr5W+?f^;bgmkrgQrDW^8a@X4NR! z5ZW+$%->Sd_&eIO?Mi#6ZS^X-u>3SWHCni*C^{!zK02tmUENeyDntH;GDzQ!S08hY z_xrEGYp4TuY~5_E$^LB7fPFO4@_HzIGv|O02{6U1ICafCkov7px1E0Q^VUnXC**!d z2h}2SP}Lc$RcA%>wm{4k3?Egt>o=NIR1ds6!CSi3J*t5B%%nK_H|CykZ_ux$-6IwBLaoLTq5v zz(bjcx)Q9Z)`1D*DY+3URI&1b6pwi6I~ZgekccwHM9)`BK&0C)5|2lZwgmC5wi7-7IPBv+z8U{3x=5`N1gU_MQ6KE@S zH`5%1hep)(KsCRAdNB(1)E>A!5w~$!uihAX8C&3YL~PoL9KY3+gN^$YfPr&Db-)|Z zcCs;OeQ89L8ybQkrGHRv&&f67I#l!s@kjuNcV6&7j58^-udZdx`v|@U=OT9y8wrr= zp}aSNqtnm7>{xcrh8QZOff3GWM-0Ca#|D^Ob}*huCXwG!wBx2=*I)w@^2*_qmu(tk z+OJ(I-C_>Sp>i8$>v`!%xBA`uQrdt<#34TsFee`WsokifOVKoWBEMo8$aBsodnd~^fztn2P=CIGMZs=f(U`e*kRkiFehmiL*#x-do5q3=Zmjn9)D_X}w0 zqv*88l;Zk5jhZ_vMP?r7@O>NH74|x$z%9X`0&aMSUC`kO8m+#cmF*7|p3C&BCCx@S zdJqr3JP198St6vM*x$uH7O<@61NVg3FHJz-FuK5O(FLO7A7TSTfAXztjrxyG(5ZdyAZKM-{@h@T9PEr$Ka>%cd zrd3(+=6QP^L*aU%NEE3&sRmax(k`rK``ev~@)1HMbiWxuUXBAV;t_5;dI+#E_IvT> zUqXM(X9oy?Y|<#0e72f&AB>C)iyeDQ6bMQ{FWBjj?U(^Gk#`-IiOLv2i!N7h8 zo;Sm%jLI~H%sp#0?PMg>Orh={;JGcf=t%RyOm!Dkj^BGfCmHHfYTLyIUMinT?KB++ z3)4Y^+Quy?bbIat=uOS~D6}w8!zz5acJ4#ApxUj*Enw$)Cz$U8&Tn1TTc1R84kuD@ z&JtW#&dIdWAC6XnJHJM2xY>CD_Bezo(VTp@z;xKe1Sp=G_a!QGBi zr-ne}Rp|K@$@(i>YPhbXRpz2DhM%IZ$<>RoSQkE+2GyrJ(5@}mT(k{AKM}P^XN}il z^SSm;Pp4)SE}1eo1HIIU;|Hr4^j8o%7(w%Z+))13k~$%8Z-qT>-6w(F&s4!T>cK67 zYnQBvTIe+kn4f_+`Rn`5cb1WHeDTB`{Q~Ea=*_y7MXi9D%btL^r+5!q0{d6x|si`5bDjnDXo6|T({~aZ}Hfx!K zOA@9tG&D3kUw-@--_;5mZ-&Ufqi_U3?bDD%u}i?v$baX zn|%k+UQjW#dAKBrrkQes$i%W0Z>_C`bia3!E^Li4;D8x?EUx-bTjLIz=UVR1@c^st zrQbX}lBFV!7go~YCOudi&(fOVE?GA8HF>nBKj-E@kg0m78n+IqU_Q9$u}`1AdlKyv z6!?y=15|&6%Vmp}WbE~+2xc&%`)~|X>e@|w& zPdxR-YQ7APufGUv2-uT2b930}SXSWVzk0o|L}}-Iy{q8c<)QXzi%6Fw4?(jkT|1-x z`rSENaFCr7ENvw1>x`LZc%x)brA&L+q9ZG%DD4A=KFLDiK8&LFSX0TH6H7ywvD2z% zvHoBQk}J^hA#NnRu4p-8SO=4PmCj@s zP|gD1enF8(rtQP&4P0MT9fd?%N$+;z<}$7Zc0%QO2v33P?k_lqAvxxj5$WQ}QQhC2 z&t?ai%)^k1-IO}3)(o42{#N=y4wW<(42bw9;{R#^e0oTdtXnLS)SRcy_W3=|wr{O@v185K)G6Bg=IFvoj<&@uc8^hohWWIS zK@M14VW+q0C<`R)^5=jl`3-!K5;bF-ZJ8xp$)&FNH(Y# z4QTbGDcWDqwYXp5a`yh3Y)aAo13$0j2mXjtp>tc!cd%UIwsxLa+V|+e%rFp0Cvk%j z)PzPY%likH3wUuJ-gdP8R$?Iq$n^q)ZE%S?C2VoA9Z=6MOeup!(g2NX5+&Fv8Qb?| zaf9sOD*G_$cTSzhNzhXReLa}yb;{k25JEGOrZYi=_K_56J}lVyFL&BbFJDxa+XQIY*@vXcw!2r2cP8z>}&PQlC>92hvs(c!huwHEQf{sRgvP2sbTgzef(dZ zd245oxG$Uh-_SM99HXM^G-A=qYrC|XVW<%;a_xXIyOQhV(f33h)S|r{SvzTvv5vE) z#3w^3g8#vd05*_JMFq(lTS`rL^?01~4WvSoE@{+EF679^ocyrub9T z=LxgT1LCI1(-!z1k#1i@dW1#VkX8{o3WrzGE`_m!QrA0f+WIsR^21L{!Ij6WSk#*6 zomIr(Tm6McGIulpULAN3yNA!=h>2pw>G5zj)DTgbc*wGS?EXaN&>{MQmAu_5W@l8= z$X%IRVNe{>kpPmJWH!=|s6r0x>p3??9c>y$W{4pP$g2Ht!b-+EeL{jzkS(*$(4fe? zudAxRsic*t3ib(6Y}HeivLKvoe}mJ(AuVBR#!UH$zS<^$zqD9t0bk~33zZRn?Ge)r zX5Eq^stF|~7ZBiK{u!>qpSgZ{>8McL1vmV*`>&G?Z>lMGoMcp0E<4kDjYJKDwZ~ZN zv#s+|)hsa-mIlBy?qVS2x(SV{E_|Rj;4mlfQAk z^HHNIzv|icx$MNZx(W~u9~SVGPtotfVgoM7Do6{JyQJJ1Hab+%t%Ul{j3^ zJa?#Dl%+89YmQlSPy+7u(98yjWn*XMI z=vqR_{{iT`V5Z=WN7;dQZ?b_hr9{2rg;(!v4o zd0ydyeXi}hHB#E0^-~8^;Hz`(bwFRLVD=FG+sc;iW*=bskh-2R;p?g)&xIs1UYy*s zNiW(BaVf_D`4XW0N%;^KY_sf>Z{E4EwLNx^*@fM*+Zzk)$pv9Thuh=y1zWv$2*Icub`~0qbMJ;zLe^87V+S)=W!w(fQSLaz~ zT*i?k!ye?NjDEl3&o@xbkAtF4AOX)rPl z)iW=T5%UyCT$rJWuC4>VPMVMsgRIXJiS^(gUVM+j7=d9ma3E@-{2Fz1%lpmXq(W)c z8wv-Er1Kyj5&jOgej8d?8H1~t?sDOBOu(pd)zJ8vNR?kvHqnhF5|^{2^xDWf*raEi z7|+seT&-|1*#YVN)0OnWc+X)?L zLxy(NX1P#q0s2v2iw!eP#2bb9}dq;p~`GQF6?M#WA1INr~bW6cIP*cfq4bq)tg0}Putqd`} z>-e~Y^J~h+Q|Aecvsjmg-?)B0Iv?4|WAIW9ip#$Ekm`VI(^VNAl~n`qP#lSDU>?5Z zFWky(3JEGwV$|(TH#-15(7p_jC>$`s{xG;+4|K4`ucrglTlpHv8jw6QlZN`xQyUSy zg~U}AeIIK*vFZ`YMR3b3HUhM(;t9|rZcJdT+T%IWz7(YF9AIN!{Y)!!upNhl5D}in zq&R`z7m9F{&_i;*Tb)3ad+p*27l{+d`N}Z0GEaV#WZ(!?S5u2DrK*scc{ubIik(=! z+J!NS7g{2qPKb-r=cC?pZTd}9$WP6-o=a+T`GNMfWPz4Wc;)GZ2TvKEB5Gpv6y#t$ zhH06QukJAwAGV^%QUUAjC3PqD(8)OxgSiZ=b+qQHQ9XG zoG?7PtTE)s2ZYqQxg)nrT8S*P^cn)c^+G zq|J=Dbzu{EZe{lYr-FI^0iP@b&66e_ z+e^ar4986WEN9wqi^F=NX4Krg{kpSY0GLiuHoG z?TqJa_c?ZKd`UEz+?G<{QU;{*8fhbq+d}1N=9n3pq3EEST|rjp77zgw^{-py4r<+J z!ZR|{PFscgTraW`c%meh4OOe>y%yLY4KeV*Cy~1)$8bZ)hE8pzh~v!{C%YOB#eXW$ z*m#JM@X%@D2%nPk#;JYhK%wK=VI()Y#*C@HZ|m)j1MkT#6CZqz+{^1bwQDaS=L-UE*u?0<`U_JvGaZM|Z~c?8-@% zARs3a6$s@;<@jw}#W)`|RY1&&?)EPazwK$;RNiyr!cmUc*LujK2xMe`D5^M$Fo--k zJABS)e@NWA7W!ed(XIu4$f&ELB;i@*EOif7Ys14KxFWVZb&BDJRSdJ{wfxJ}o1&3^ zvSNV>MLT{wQxV!>!VFifj-Dt$-B5Mhc`v6-p?c7(-wO;mH5I)iS30v(xn+gQ`vwEa z6O!27=k8_2sYDy|zxrTa@a-{6ZBr`}cafY4TjRCHCd>`0wDUINWq#35w|Jd&Z#}8(&&{>DX-i?o7Jb zFOvS~^7b1$lA%3NqHwi=wEPBXJ5Y3GXe%vDZW8s7V(3$5)`PVU#xaq^&I>GMk?SV+ zFDZ5jhw4JZzMFZUq5MwI`N34wpXrC3ODmZ;SB&lw4>M~_p^V7LWI;zmWT^09h;zD| z7KT-zsEXyvYjOU3uGk3kqEKNTLKa$10-Gca=d}Tm{m!?Q&=*sVPf?ZnCV+hl%)}xG zMLSBh=ig&&EM}C>FkqQjqwnI3Lq7XBl>;j*z<_I=j>AwtX^l6?C~D(Ue&@y>?XSOS z!bcseC>b@74Wgb1QJRQ5yyVM1Z@AZIQ6w?tWI1((`^xi@j^>>P2OS{nbiNf%=O4(P@;BCQVXfBiTfEBUI2 z0ng$qXvabmRc}o5Ic0)ia%F?qTdf%;NxcH#S~wC?&s0=WO-WNaL;7Wy=<<7l>8TUl z5$+@+ZN?$k=*Rimj~4WS(V%mFT@pT2FU^}b7%I$g-pXtk<-JO>7*lc=Bl7Fs0g`un zOZ}tq8f{~1Z|?p@f+d9HUYKyGjqMD|8tdOkN5Zb#ABnLV588*ynlG{!!l_2CCmGG$ zGddvEbZEwmcw8l)#5vRbvV?<{b*Mx4bJ;Qs? zUds5P%A&WX)t!~oCFgK-IBvt2p=dYbx5pUmSluxQExn3>SpU~`c zAXI&8y{h}uQ}YH-rSpE9VP9)+tJ^({r`Jwp&(yS*b(%FSPb?p#(<~@CEq?SQ^t@~H z1(Ah!bGJQL1gOjIW%6apnu1h-Z6f-NL1ng_x3Os|H=Dwt$FZDT~kGiOYA7O z%$bo^lgi)dOqrp(UPxBqMyhXGAfiz+<$UADjWpKGHzO1pZ{xk%R1LT2K2lwvlDHFm zb27Z}KC}Sx+K>3;xNq-2pi=MI}l!;+TRgt~8tBE1{;+!4G;U#{Bl4%<6g`dEJ|H zChBtDEO_Xg*wPz!XhNk>)Gi@HSeMVv5oBh|H={2H_}mI|5n#wr?0M=*OIzzmoY$X* z_d=)<@6^6e)q4^WC*As(+rCMv6VQZsleS;>(n-9ci&yS8KMY;@L|$p zxwpl@!d4``9=d9p(j&-fcpw0b=w=-=2ZpS9r|(TTgUP!6z>9U4jx(|U^#0}AE^Xht zO)(ff4g}@0eUBK5)kc)4U8LC8BV~N_j`qUbqBVy_`6r;|s zlGFTyE!HZj;GY`4Z#R@pZG&=v@^1a5#p2ninGSL}Q!%BIqB>-7KhGM5$bo*?+s%xX zx-5W6ve+!eWw)6@Va7M=K=Qh+NV}BB*Uz~h@AG31FTs9IJ~3Eiga2bSW<%uFat0)` z_OYbPtU&|>e_m$0ykwV=VTh*;Pf^TkTpu#dB6(nLZZ2Ls|I2lBpx8RC{(4x}yW4H{ zcqkFmx>7qk^>#v$vWq*5&kmhr@kyLO$Dl-Sah~csybwcV8$AVg(8gMrYrPYb*-e96 zA7Q`fHJV;-GUh~F!7m43wGBgU~QTzm=?YVYMX6W#r0`&1$Z&fDzkFL;+bk4em2 z=PoBp8i{xgW07O0s@k?@<>J$9;?Q+L6j@SlX6C&Xxs_|-A*oUie5d~ojZMwWK%SNu zU8Q`?eAcukeT-$3y_rO81QPtXZk&nf@4_Eta z|MM+@S>@CRnJ?~~eZKASa>I4k+*(>xToesUuD1=v*nJv{s4Oa*|52qP!4P`AMr2f)iRWZslwbzPbCXLsc>5O@5gpHS-{-%k?@1?4WzX6WlW<`uF#yj zR(^VoSnEkZG(J2(6~onBq5)PdhL;u|9sKuOZSN%lPT>l%xWw!kfhPzrR z6i&R85W2zSUeDFHf_<^;YqapM7%-y?>wbak`-eL9Mkja@9?582on9J^mEThXvyt3B zrH<;i{~`pUpWNB#Bz9Y6FeqR z^Hj0)GKQd$<$=b&34q6UBU#F=|2QU(`95aUA zZb1vyR!}UQBnM+)>LP5~~%EP~;qXnPwK9iIK!;;xYw8L8!u%FY`qM zr?eToXYb%br1Fn4EK5wM1>sC2!P@*dn-v5qO(@}rIy6%!Q>*v#C_9iYsnAY}M;Mhu z82`K46=_Gu{;88lg>LFzmILkF1sV01Y-pUoZCx}HK}^IPY+38W3=S%~mp>}F^d+!I-QVbyT)

    kV~nocoZJ@&Isg-y|s8A&T_; zLE7%t+MWJrd92cCWM9gCS`8AjSs*P_AOd=YPq2#TK-JO#K`gpHTRIB5W*t5c6`i{P zHHrf&#IjN*pz<~g>wYJu>0ct`PH z9>a>=`aX0TM-1ta?h=UOG-ByxDwtGGTNi%ABa6zT1#2GN zbgkD(G}GsXMo!xlE?#7WzJf+3riIDCq5xEF*gg%Sm)g1_>hryKx7(;_=ItXV8@AOU{dK-b}g3dH7(V`Y%$LEAfn}Wb% zfFlxsF@hnIUtvpPG$;o^=GbfXowP72wPX9s-P*E+fkNRsgMFOg7y-Sfp_BWVR{mBI z2A9d8pt2oin==y-UU*NpqQw=EPVx*7r8a0yZUu;e3PqRXiLeRa-c~062lqx>!+Y+C z?bf^eMUTdovc+gwaNnk%*r;^kY$!7O=Sn3g0(cP0lUifHyl`}}vz|CMnH}c*~X$#I!>aG9sDt9%Ye~`70SR|oYbJ1%{!+(e-&so@7GG{E)?kF0o z1U?0*M+3T8G3_if&RM>wv~KePe)1bpRqEC* z@rs|d$UiDEeT0Om2g3Z(3J%KI7E&!hCz9Yi)3w7bsh}dBK2xlusN9+3Ni||GCfAH% z?=&48)WfJeaSSG3ykBC88_Iow{lYzPwD=;mBe_&==@B)w940*2HBB#qeu=?1}w z&gPJJkSy0N>FSu|*DDSFes-dzZNRx3;xd|O-CPzL>=>0yI$7!TMFYJ4pGj=rX2&++ zRao#OYSpFer6?&&g8b=1L{6 zOjC;m#)itZ@NRgOR+>Hdu zY%wLdq867_IH*`irn}OG220;d$)DL)4zx~nPBOE3{TfgN5wj!%6*KGm1Wqm)VVf1C z&q%vW7oiY?JU@nb@vb#(D7(Z1<#5ViD<ng2rzYm&I;QytyLbeY;)z$hdL|P`*U& zNY|u?&WFrpnSh`Ygb9}}be7hv-6?3@w>>^b7||BWnmyPldv5NF7KY zlGg5MKNT-zZ`->6^yp6BpohgFGUAWtdd<9tUV=+7Je9kJDk*qaZ#a+}Gg`iCi)%ErQ(<`G=$m_<=1Ast{g!=%Xlr;Iw+k;l~`*NfwC}Ix4g=N|*M?XnjC0b6a)Q zmHZ9YZ(Z*mG0l5gLA|Ses{bv>i3{8YX@PGnzb{9SA}cAi_19b9F=)q6YPY|4GTdk3~Upt$5ZMr>AXe*H3jTz_jUrI02exaZA5wY9Jf3*O3h{)kYym_2r94Xv} z{GH{DP$K%S+Y3zTr#)LLQCF$G)NIm){Rlz9*zX}mE|e1ZCA8$rfw*_Y8_6<+8@zVm z1_^p6R?#+8xR9a#7iTr2T+Lh8Z=V9RZ`qO)DB|XJ#H3ca&uHvdyynK@3Hi&5rrXuX zt1Pc6{>}$Fu7pWu#KGBv4pB~2Yt%up@M5hc25IKGuj)DtzL?__l;T69D1&xSQ+E9$ z=WDk&@SyvaYyCOnwT*)Ev&`~sy-l8^lSKpPnbr~lp;C)ZDCcPo+oTt+D!~lxofY+t zkLd{#S5zH`U*Oy+*t$0$rTBzgarf7+kLkC!mhMuER5h@vCxkXj>4yB|eFws^iy1Re zGi4kPBRZF>ovq#|jl&A!d(rNfsW-oIoa;_aJh;1|wny}nJ3)GlPv^w-onHl?OKpZ+ zq2+LN60ebJvd);KJ(gcV%M9<0X}T+u_Q`fG(p=R{^~rOv75h+dzD5VeHyhVAymjIv zR$1tZdGv0!XGC;;vPq?x14onM|ElHn8`?vfhd*5j?ZZF+=VA1E^1*o24GJvMHjwt& znaw^O6}>31{FyujUm|I>rcW+J`zPvguGm%e#Ue$ed^%gIxIvd2X{l|X>gX}q+iyq# z^r4cRV!JIcnRs^p50g0!q&`yS8Y0*HOOO;c3chmEfi3IB$m~WB<5W}?uQ=x=A=mL5Pb8cEO$E1g=cwG4n1VrSREP zngzs=E%PBVJzS-&fs3z_f8Oiv%H9@MJ$m+`**rl#=*k+O$Hj zy3u>5P?{WF1&Y9)>Zybia0)0$7gDnNy9*s>Jq!DD!G96jM ziDw~PX-dEy!V6r=x|eQ?=ON7h`Hf zuWs-+;;C(f1cPK&H?&_y`_1Jc8MEl6FHXYKRQRk8B>T{i5pF@~G>(6LIy?E>mTtJ< zYq~>%`}3J%oDm}gw~U<1E{1OXxets|;6yd{NvFIT({1=1Ylq;AmAOn$-H6n_zlKxQ0a@JI)Ss^t@WgrELs^-<;jdJ2BurWz9;@+=ULuOcdo zS92%jXNJOkIA0p1(hz3;_d4Nh!-Vwu+1G}kuyFpni1jlq#JYj~Ll2XC7|46nnSMgM zNmwyO4DLZ+8;H)2;Ot*I#-t76)n66e{j68H#6aW(&-=QPe=q%Tt4 zaw^BHMTNwdMfm+$h_tX13KKo#=uvAsxS(N-KdOF1DY+5f2qA0 zvypnay?>q+Hd3hk5_UkLcR@PKNOuv@6$jw98q=Jhz=WRUl?JiMnZ>3RUcX8!Xe z@56-5$%~FF;i|&^kjS_}y4fN5lZntiuBsX2H*9g9z>^}&MTFx&KOM@1a||Eb3Lv`d zj5F~}ibuGDYP| z?%QE&)l>bT9qte26V|e27thJ1uG5eUWhox6X@)fq-zr>+L-DD@E=;g~{<%rH(Mcx_ z9^E%RW_y6e!AZ)U5j1}~%zd&AOPLsG0&|clF7h@Cj5FT+u75e7e?pKMrvVwIF9F|8 zn995soq6>}U6}gtX`-S&M5E;MAC1z-d&uKTA%>JkETlTlv ztV=7ktOdeKxSJJOf!;=5I2SQLLk<3*j+U?bocHLBQ4oMbQ!9&@J)L_iHq+&oA$G;-J9(-MyWXx5dU+5#xbfR(uU87t^f& zpt(phlt~3}VWPl32aYpLQH5dcxAhde8rP}y_ieue8q0iYeD1raA(!pHnTmP$o*SnUnSxU1= zRzF`mQD_U%{#352wo{q7ztyA9)cka|;F;l=>%wu#bbE5;^)~OHi_>c@-}^S5KRp}T zzCHWZ@u%_T>GWDh%c^Z3R9|l<7xo*f{XM)@%|HS?_x+Zf^tg|TpS2Y$P8kwF**`!n zGX))!0Tv|>RkfFYe%5ofY~Z-aYmj&)Vq3GN2oGfTNw=q0UnNQrItPWd}FyYM?VV{#_MHT4$e{lO459O&sKY>4Gx{sk`*dVhqmHf-1dZp>?_sJM&(c>)fQ^vO% z%nHpOtU<1ZC{$AS9_^`xZ+moOo8)HyI$dn0%e=kG+Lgqbx-{}uqUSKAzKHeiL%*E8 zJ1#%Q(*4|2qd4earNn(Ir|l}`wt2SrtU7_kT-D3>I3F7RjS_u&Gp4v1VEY1J>=irX z*}bcFF>dB{EGnj9YP}MV*d3a5p3Ox#+D--=blbmW@Z#y@oPEV(c{l=5lzO&JBGRf@ z=uD9h%>r?mNBFd@19F~`CLtjFSQ0-Ub(tU2uDl?tCTDDdjqjbVstIq6tR3{T|54Yw zH_{TYqQ3GmZ+!!cE@kly<~bei^H}nBT+is;X1n|T*MzR*lPqy;)-SRMOTUpQeXa98nS57Z^`dmYcZik4pW=O&OWO7%Z3)SD9O}M{tQ9iwFK56tUAW&OA%QIRjY}kk zxRlLR$6vGAF9orz|7dE^2dRv>|9=aC7d@UI)LSOxY2=EukS<$p)905Cl6G+!s5%ci zq@8_bW}cO-pDle)mz-mNBE!M9~nU7&4 zd-J9Ahwt(56I9t@ONc?)^A~*5-Tj9nwanN}0+TxV#dEdyia*N;6oZr3-|2ub6nF#( z1xt9vy9@e3y~G2Zy{;b5Eq-s@ootwhLeb~H@1Zm}Sg)^gA5q?w_N*ncTzf}zyt{Fn zL>ek&4h(x?miVstJJsTGfuX+aa`cRX|E^wmg(I8CR#r+CntZhAQrBk2uITrT;sv!t zo!e^frV`nY=j{eQ#IIeHmJoSC+D;*Pz~1%QURU8&ns5;Iz%Ghsb`W}IeCA7Hmyw7Z z)i0-c>DBOqb4`ZZMR`13$lE}JSooiw`n(Re1BF=n1Rk3dz%B%&N*y9RiwyNOuD;^s z$B)+ARz$fOpSKJb7_(Zm>8LRfdFpq?4eKSN1G+3!@Ixes4NL4Zj{cp2 zPHP6JGm#SPh}zWJ&FWK+<(2cO$B>J^{95mApiF45*Nl--UOBX>BTB1WPrh-qlAa~! ze_^~gU31HI+=`+d6qHF7v+{=QOz~0_@(#sT=ULe-f0c&nXCp4#BYNyQ$)kC?=er#SZwEb@1mXO^OS`NQ05ktR&$ap zB_i4`Pm{9u4-Ny=CsZv9J~BR$YYprK*vd)>+^JQjpC1 z8oRrxqaMdrFwmQ*hv*LBkw+|-J{7xrZI=BIzOME^YKV8e#y#x<{!`~`W#nW;ZDX{R z{CcRB-x`Zgtnk+Lg~p2x@0;Ok@YIkmH-PA2cO5qnFaaJX*0??%n_l@FBhLKe^% z?>=-7uF(?P3o08w`epHajLZV!$w??vw5g0YnLkypevNbRR}vEH$+Ckn3sI&XVYF8> z`06CYzBe>=_Tp~-oym#StYTyB}!V9T;- zsk#J`Gb>WS+n_rvvEzHD;JW5J>%?ce1rOH^D(;}{emIIYJU0uJTbbv7AtAZp;K7as zT_i73Y^M@&rVFw3ffk)LJp&ux=10q&$;ruCz?m~1%Jjp=iXR_+3>shblx~VbW(28v zBa?9c+A8Vj+?s9yUH_0odgls8r6*^pQt?6QLeCUP#Wizd%g}>^EEHJp?Lp$r^D!I` zDOtmN4GJ&$Lnt&_V&aS#dyPpJb&VB#s`r)n(g`{~7q&3`P2XiHQiMrSUO zAgbqto#pQpLoClY`J^Ivw2?Yl83lmB>;E=(BZ z4t(n@)K;y7xDqKh1IEQr$7msAwSHd~dMhC91AsOp$3mqWJ#-hA4=Zu4sf|PRAj$IA zwY67Xe4jUY{mnx}|0vdf472#DkO-ci8kC-YEwUE^}=TW{D%~wr(VR2ObD1#y6 zhHp8yg{j}!M~q?@M?ODaz}f^zYGIDI#@sYWS!E6;oA5GCs07SDKH`soLeCmcb(m<* zO1BAM>hDZS%R|)^yr-z1lxmW%p2M-<{EHk_vHaeFMdnhRGLnTU?;W%?!(F8FZsa*t zxCrOk^98BMR2I1Gt~K1zte>{Cc>j`CCZm3w39E4EP<^nsSPX*7L?KCb?JQ&YgVh$H zVrlz5`s3Kkw=Q&u(@Wh_ygk=bAY%jOkt4TmHj)JF&ZZJ{e7O{A1bLs222975+qJQ% z%Lt-^QhI`BvvNnIK9n79cek0b&#APTz{~g^|FtaW!Hgy*_S3p`o}zx#+4BC{#ZcTY z=GL{qr4roavaG)!I%6t7j8eq4K=N0+#-OiqNCqa?-gzMWH0(dH(A?Gs|L8SnqVBR7 zrKe3VXdw$2X#UlgSJf*i?lDNcktZ{W3rOYV6XxCPuR7VXjVzJSZNN&{z` zHeo6X$@jXNFzE`aZ{z-?vbP8@{JNW4&$nwDnbkGbnO2cB$)e}Jz3{{{zwiva{~|Gg zf&CMHzu=SSDVUz3*+}0a38=)|_&Zp)Pw@_&VD$d`iqPFS;@?mHpKHGN^a~%I0i)d5 z{x#JgckVyQvNe8q0keIJ~YAckKzKSVD!Y7y3eRLB5ruDtTX@mwv(ozc4lRS zW>jB=WS)w+IcrHGrsSoaj|!wZ&&6Mc|is zRZK1Ys@8cQ8_f?e^@ZwzB(krm@7%lT4~Uf=45#_;0Jnx!>eYR*F-ViwKdTWJ=n9|7 zqdh0chEohXc#CGVaRrLV8e^H|{@eomDTKgr8y%69r{FI$ld-~b$PGILO@OHGzt7B#4-|z_Wl;&Bg~}Scl>S0+@WtZ@ zkmuJ<7ldMgi_noVAN?`H3`7MZ>vjsDKh=-O`A`%0DFVAV+b53IwY`&lO&HTqci91GMyF57J4f5_vE(Z=KlwAo=se8HT^eAWSU*f<~T0 zSPdmWaHJwbXibLFOd|P|#&!OCgJb|1#iWrHGvT-);E{y&*1x~xU~a^J%z;MrGT|Vu zuUX`5lL7GmqgWjN-wO+?mrXjE>XvOa$ArXGN3J!|Sjm5PF^w#}NExYY$umx5CQiWW z_1=Xx*=&syS|06Th9*()pp;K9r&Qig{0kN_;e4i;#MAj45qZiq3GU8BY}Iq@D(o6K z_dKXuBpp54LI(eC$rET4Cm?f#eN~@cH6jaRytZCY-ov+ZRucbT4`U$GU{6M!dhD7B z89+%vvy#oHAS74zf45WJOh(u4%J;Z;FnBoR?l24|tbdrBRWSgYNJ^1$PjM0_`?mzHm@{UMp zE1J!G+lH%s2X}H-^WABU=R7CBN@Z&Z0Ks-`Yay zGw3RK8~2R-yRj*m8wDpQ(PH0-q+rNIRdM~3Ot5!dN}o(e$48?I)h0jXX-?J9_phkF zIi|Z6{H;TA`vZ~i!yk1ami4SGt=Wlz0R-^0DtwjZK@Y>ekr=tJ>xNDB&g|jIK)}~k z)rYd{P<9~{B6T#;9~|i)v&dQ#u0ZlW3u~D@fApA@taoNT`K1OJS9=`?TgV1z15}l} ze-FZQd-gXrWAz1WjFA6k~s4Yp*rN(rjGqQp=gwZ>X6_1p&J7a`d z?<)vhV#84&M?6lzLreGsT?Q&R36``A7sPs{fgkCzVNJHs_GidLVNZn!z3}8#hUq6` znLY_~%7FaxM24hWj?fl|`PNNC_!Z)VA|iuxC(J#&D>2XLbH4qZsI7R#|Dd3?$N@xq zm9?KU%$;p=Z7>ipXSz2zxl{felSM-QtU3&Lt26hFccfkDj0bvS!h^^39HJx9$=7$m&l&_je{ZR67kEWM0npf z58HYmf8gXu%fkV^MA1XXMu4v3#hPf)hbA@#3+Q343H|U)N8LwaNc^~O)WKi~ZCWc~ zjKmq5Y(FE4kxzphpqRCF?eE-;aKe^_HJbaqP|6l29ZHYdPJo8Tz6eF!fzgz`#RUz1|_dvog^ z{RPEnvE>ScLfJ)*WMY`2@h3D75cW(bak^Z)*z6tmkn2~d3!B#LzLQY5wZY1%{l3iMSUvw&L9*qPxLL&F zBlG?5Kd(q{eHal^@Lih@a~Z3%)XqB3S#YJEHEhG5NqFL+b=C~dR|?T~96DM0{8!uM zse)c+U7BCnVY_%&27vV@;&rS=rvE{Dapjx&2VhlFB#F%ENh>d$(n@27njq6bL zax!kUN9R_yO3N_1>A<^BaKJg>NJM2lAW6JzW>&6fRNuQf`#}z$%{8l-ozC@NEr9XMiT{tSuYiiW>-rT$ zC8Pxhq!Ey2=i%hcE68dq{KbJGG^WhmMyiDV`Te*%Eh) zP^F8OVj|ypCu{nJ*Ee?xT9pR=(anikgod@g3&um$j+$`QIZXkiNlq&Qw4n=%ZY{<; zk(~`b>r&jV-{ag?cb9%`=SOyadn9aDH;^dJm8Y6{k^p~S_e?Fj{iE#02M%@}E0S{Q zt7FaMgSb00>wM{T%2k~{`Ohy3xh*c)^lJm7^Hr0KhOCwXs8SO8~3is?Ar}Z2J~&(k(pyoh4HZ{O}h0=zHGh` zXWRCRd%MaL)}PsYGs}&z7ubDE%{ZtzmB^y|H0;QZNwsa8Gw(crRiC>sDUOx@-Ijp! z*B?tMPk~r>FsJj&0LF+e`>uoY_ z$Y1*U?KZD7MBSx?aUtv?*TPTU^Askn9hJ;F2+U~Xo8!HydY>mVH>d){7~HrxCA-Dk zD#gZ-fcT%P@gn$KtoE@P8-Wj<3Ls$34IvF z?B_n+WOz0`eN6Q)Io9tbTdXM@jE&XS8t<3uRPFjB#JA;G3$l3Xvf&xrrswz5%aEAG zCMIhf#^s@|A)BjrV4fpsLM7SC&nuM&j0%!IY=5&31sRy1Vm6jE4EW0mD-2J1)tEI} z-xw|2q>Fl=PBX%(MSUMrUc~6W|GDG%h&dgpTr7eQ$-@vqmg_Vo615-WlfIqV5%G^= z)4NVrAs^GR(`8|Z4m5eh(KXTd^&_`uqLtS9yeWIRFvAqB1pxsAy-cQCSE_{s7|H#r_{SmH>fXgJX_4OHQIZ@Qb?X zjWVA7O9}SV_yPaiocZ(Z42FD-Atj}j-0Zl6fG4GEa9xSYi4P%crU%VN^UVfH)&Rwn zO`?_%t<|xF({hJlYK(diQ=)5l<8Za(`aOmTgu2p6WXVwz*a~ z(-@*EQFsi~*b|6gdFG=|A)Z!i0+3zh0+f~(1gpa}Dc$PV-M?uNkDA zT4HE4^x9GUc_NYEdRwIUk9B!c$)wU1@r)IwxrI=3t?fq>`|qwFSj?{duKbUJ94y}O zeHFlWe%Aa{1|oAvHy(9YL$Ah-nIUa+n>Vu`5OXc#HZC?I0{Z_)j_Pq`Jv;xI#c{f`Svhndx62&UY`#PTw^o-N zHz2dsWwn;CM*{$mi2J`GXZ;&JRH@KoIwN9_Ax{5A9P~F;sK~$y7MD3Pjd_VFCfgaL z$oyN|n$y(T(+nO{{|W8kKw_0o^7l_Bf?7FBN)52*YY_%du)H zK8CTk(Bpb8`8EEanR6E9%aws6x2-*SA(z8!u1<(2U0xYwPUz9VlSWSkNKmR+&Cgev zMYYHZM7d5qEw}qVXC>B3(MXnD-!~12c}VrDJ%4{@UixFD#OIIv%Z=*ghBMk9FY$WU z%FmX8S|4Q~Ly;p{^HJBRKIaa$InX?uq(~tc(2>AM9U(FSNhS2a?2&vo449b5{^1W>HcqD4#S)Ntk znRcAS^_{zN`Wv=o@ANGkdpNB_l`h$PSRzloou0A$$&K1El_;q^+6>MadJs|!TIcYIm(xJel$59;Mq>MRnCe%67d-^ zsaD#o-6@8w4rJ+UenwJp$bfQLgz%boRio2WM{S8iK|4v#O?bK@T0u8A4C{>PJN)iI z1d)@?T6&@rVy&3DuPdGGuUNW#O&%+>QXTayxEAtwJ$RlIH{rBo%);kn>nUJs`WBe% zg=id6*uHT3O0&F&jb-``5FSSoeM|IVGS%3LFVqSMQmW0tbc`N&Hfrf+Y4&*QTt zM<&+FO40BDf+1mIRr$H&vy&y^YN-m7pjrednAK#P$ugE_Z2mGJol3@XyiTmL92$1Y zu322=uy9mANHzXkEknFAHvRP{x$%K^fh$3MN76#96-riXr8c7(hvsK11`alF%+nDg zdTdj8Wl8t&sTI#JNh~f#ayB6)mZbtpN%BjICBOO;1;d6!o)0CqP+KL;fsDiG;gHFS zaf6HYzNI%Sj_1bUl$g&p2CgT$CQb?zlt9@JDjH zQ@q>ag~~5}*XdwlVX3{N?MV&ys^WIG7xj-0cbOqCJ*OTdiynN>ZGcp4=c9cXNg0^{H3A>4(P`pOJ9nUOt*QmwqPR>j&(jQ#gCFkTZe#Bknf-joZ*M#sh?s)(&!R%e$A?NrVV zv{%e@y+W-TS1CJV5kzD@^oF_zc@tduq158O=sxc2vOiv*QDhb>R3GJeMXRO;7y1)S#>3^a zq3IGGR(|JB_y^CeVVgzk)UDTABVm#%9=y5cxr7i%A|u_6Q7ih|_IYh-Ulx;d+WDV} zp+!2x{>U@eyPVf^G{uZi&%2gKwCJ|T*7_rp#|BiGgzwZ`7!JjQHdN^nSpciB^8e@-v81o>Bhp<6|b%nu-d>%+Cn!7F-=P@(u5vF7Tdg zltb-F8ieUhLC~HMmIeBPARVG*sLjryq^Dds$7ktB1UzM1YiocrGEo-3ZhE#02bDl9hqv@$Y*5d|@%${=jx&tMh+*qAn>f(GTpApB zc~)s6cAr9!OG+vk(hQ{~AK(TTBrCo_-{(e;je-{SlhwKT zm;-7LLq3kShz;nJ$Hc9x_8hfW!jKpCszJofwQc2Y*F%38ymMhBHHpFnD|6?T3{9>l zuOi^^j$EuR)r`7=i3cleUKYx{6{|cM~f-k_7+T1arqn;q#n>*$p((-E2g#B|7m z^|;@05+fPi!86J&n~_NnWq9l6E1ge)3X(A7S|VtLMhNP>NI!c<019`;N`>5Apz9kZ zHOCH5!)$mhIk-WowxtV0@+NNfjbP@>!u9!vX9}4}EA=Ab`b4IU77U?@Q@yO(XgBSy zb5o`JR+YzkRl5|&+tYU4ry-_l?^nB<`2$0+j15vPM~{_@nfq9m(qik|m+V2OmR|(I zVmBCzXFqNQE*!TKuJmRHTqiTv?6Oqy3cxbb_KOa8g3E;5awj`R3zw=W)6;HhAFddK zN}}Xb0@NG`>)qj=W(f+(rr=vO67LU8K3_dE%CILL=`C^|QSoeSNOJ4f^Ou9CaGJ)F zuO5IvspnIWR4WtkrBB|p9+VQ}+8<}c-%C)!M@--|&M;TU8(%&(3i049=V5^pt=H{W z-ein{e;nsU>jG--Iv+cD&0X6tt$6u*wb39zWOUnL;z5h1IM4Bz8=VX zv_$4b68xLbFy`ff*q5KUyhlCv$?T@}Pv>!KcUwEC7Y7RTiaJ?fa~pz2jr-pXorR1A zA0up4s-4OzNXqN2XFVkp>&}-CNbwYx!w%%f|~VAG5fs` z^{?fOa0MsT2nY#Zz2~t;ta+`efMcZS09jN{te|hdP1%U(+8E!XTRs3>Y^wqdipQlE zHv)5yZCYr?dB^|LAb>m9L+ z*O1-0dVEj|ST0BU&HWs!p)^`iQ3_CKG^cy|&Ir8e0h$-lTS!s7r&0>7 zD(1p2ry6U1n;h6$4Ex@*3aYt{gSgLq;X1R^_x@39QCrMU%WNsPU8s|gi$@8f-Q$`f zjJGs~IQ%3Xs;uLWM!PYdck=m8eM>J8z^8VF3GLLfafOP%4+QJ-4WS(J83M{`@=Qxv!d|BMu5s!ZWn)%u#Yqeh;&rP@Z z@PK|&Oi(p;mjxztQd%0Qr#l@IAGCpi8A5*^vTq_WBvC?+L&IgV+G7}OuMe13gSoO06=jPA7%y$tHXC5BJL1|7%c z^~DPW8QsUi-Lx@s4?C8&siUwNb0@fNb0c%i;t10>-Ia`OIn(5QsBQ{q;NV3A6z3tV zr|IQ1mlp^2T7QDY$1Kv7g=Vjno`KDLN?Hm+P1U`g}T-x5tD${1)$wZK1jpT4Sz#KTcCwe0Ko>~mN{ql4_ zK`xqcE`_NF)iP_kJxF40BugMcdWVh%-Ifm6Uc};phs-aO z!T|M#CRZFi01~&T&u_iq{9g9fA7G_X8Xh4*Jaxsly|OcRvZ^RlE5fndrOn?)r!-k6 zWZ3k8VYbe8<6CWUV?=lfqwbG@-#Otfd&^%8n{aV)@0?IDeRsH5%SfWEXCSE{7gLO z^STEoCnrZ-6k@J;8#1r=m&NWlHQ)T2k#OA@kSM&F7pi8QySb)kieHI+_N(9L;<|1r zP$JT3rUr3DOi3A1-h8sMM{TX~BuFjMuMCshDk6X{rCuPis^0or>%PdvNxolR{jm*^ zx&6Ar=z>zm!)`%7p(IFASlSLD+6gg=uN!MpFn#kNoW@6#2FK}6Pe}(;h>M0zcum!R zpRhF5e|#_BDLJe;#8s_e?qR3N*Aq}acg|B%M{c$w(tc%ZfivWbJKv;M18UV*60^q3V$)@tkrHc66rNcoY5;tGkFt@G&wPuDkN~Y0 zumz>{YBFo9D*So*T&%A#;|J%t6s}KNVt~G=f{f1|IdkZ}**_3RjP;8>Yqu*CEUXh! zhA)vVk;K@G5kI_J+TK&@B@m<*0}Q66&ql<2 zm0yX!*yUB;X`lZ5sCG66@!Ldov`Ce*rSKq_6CHEz$;SV5Df@nTFmHV#r$-W**w|1tL%VSIAqjl7^}H1hqOc(S)zC{{>h zxZC6Qd%O-0cz0%{kd(kfsb77hQR?gWBcffA8F72p>*+3kkaG7owU@L3ly@wio0|vC z^)q)j_Lj{r7HnT^CCuVD!gL^6+3QPBy*w^jOJh+_>8KX)%W)m)|9ArvYSAvZ&%#Rv z#|bj-87VEI;i92&8XT>8{^3Oyg%z`B9294ed$))x2(qiXVHxWCCF*5rqXlkkrfA$d zx!sUO1io**@_+{PGNgk8+n1X7+0u^L6-ta+h z`_ojI_|8Mt7m!E6%BC+N!K*|1Dy!mgUp!;6*GR@}cyc;R+;hc#maK4iIRl%^VcH8-W|wqxu6IibZEhE!^5o2st~ zQa`84nHYHr%kcGV8o$CIA~rV!O#n<4YzkHS?-mwJ^wW)@Byceekid6%FAOuTu(H8& zwskQ*%eBI95y^Q(KIt#4_-;X=HKsaF%mU-B<9Y7nZ$8f)efi6a{TlDnHyo+L`MART zfuooHhh?jJpWSZb`SXoqGBNlL&B+XoIDD;-b4tC3&B)qBJ%S7;9}zPP6hB%R8MU4l zY4{XC=y~Zoed)hGpja3sVk@cq+51fB5}e^s`o0sHEuM|O!&Apz;HeE~F5FMioZE#K zK0ATb-olYEc-Xu8su|~la*dshaXYv4>kubHCF9@4-@VTx6;zJi$NU-Dtu1?wMSM}u z1skmM+UBjXSkT2)ci8a?WxR=to)Et#TA6rvFmjP`*rCQv-+6X6PiFN>eV zx2_*YmqF+RhEJ-tGM;(5O=O;ua|BMGg2^+{7Px5=t!TdZ}ebK+NtDAkiO!|o;cm)W3F&kWMrwb7jM>;fM3yWyUvYkgqOt(}cSJbdJpUeLop z)p&26)8tE8fqe{QPOVnFIuH-Eetl^uv5&v>({|W$^N0`D;=gTG!=&QL}qq+Kk$ z`IEoD0etuSAF^K}kxL1IVVwONh4SzobqrC(WzD>wwp5FgBrCl4Qls!5BZ`9y4P`s} zfu*2!H|_gQiz?h_c_OOT5bm%xk}2kNURT0Vn$DNaYN-}fXUd|QlQ*pa7r1VCn3Rs+ z6-5@HQ971Th)*TiQ?gsHEWdc%#OMcI)3n|Bx^OU)?n=~j^37E%erL3VKXBTeMh%X$ zHe|~(FG>-8;pKQT9SvP~KO2y6{aQD5vxoDfX#WJl#DK_5*Of{Bi96IkUbk6+dp{+S z)1>hSKQuO?#dgQc(%)g%YRye|hKIzjr=`$tVEMc2MY<6GqZC^vzLP<+@uDMFmBT+Wwc}zX1+FDYod{Z6fGLK4Tii>Y-NlV5MY{yVFC3e?sKd@Z&(%L6SSXx+weUx zsF8k!A$$1s|{ZKnV*ppbK+?P_4res!8*-fYW9W| zmR?^3G{Vz{OyE9tyy}I4_A1s7{Ps9LQ}PnGQ=HOEL9I;Fy>@yZ;)MMizHD?7@-LNZ zw_SUw$`e-06CQR4BfqPOy*>5XAv|h^Wz{exPC)1I`GrbPm}C3T8lR9oV6_d2I|O=n zWJ{PJ+vd8bb%)d(b}IZoGaxGROWWi+T!EJF)!$HB0ygk*rjZ>Z-3tbEq7`1Nt{G(v zV2?!ZUSzhvA6U&XFIutDXN7 z#4AI0Z{$nStC=h{z|*={FSSFVPfTLIL%SwEJGtf6O&Qwb$J|Oigp8&;A#GBHJMI!u zeXpgxd(~|H{+&RZv-_cqK2EQ?X~zM3So+kHDpv_E{DW$pn#PfO<#D^h>WdA5xo0=E z0)ye`3R5F|z&ahfwO}~WT~HddQaiPtu2tk1b6_Rs|1+3$ZI3NhW3ym!?e=S#r9o*I z7Xp(FVZymUj-E%z|H%aqhIqvVBrOCw%-vBO5{rrRd{?gwH&&cFIrlu?Ra~M^JSS6x zYmKOR`Emj?{bWroJ~}uF7;NLIl-9dg`|?mmX(|@i&3UDBV%r3SJ&=}I z2QCdL+x5qWo}D)cnvdnYm-rQ+=4XtigZw%CjzBx z??aeWWMN2*h|SI|RQQ0y5?c?WC^9#Z~Y!vwx_RoY5pf-tMVTTmFz5d1V zdnuImv+fWyqq8Mk0f8z{X^c&23{7>EAS`auhh?xhG${gKi464saXOTz^gnO?*FWr@ z0si4#I5FcpU1(svmNAoT4hPD&GRZuGK1STQj_>v-O2{Em)dQ9|wHZN!0&4a+~6WPl;x*7dN{U(#@so&^Z#J@)i(R}M1 zm;XpIAUG7t&}2Jk!HR`*ZP4Km?cIf{DOqSm@e1v$?yNIYs!v7#XIQ?71@U0zHV;pu zhtuYKEko#XHCx0N8oQ^9#ykb99Nzbd*Y1lHqPqmUS{%vJ(Wv0e@C7QEM5)}A-R&KyIQJ#KSI`Zx! zn5!|nng0=ZxNI@UwFzB_07WNA8sw+Upztdded(3J^U--`Jzg`x*>-Wl$+SAx^X2h#PwC<)&Sk_=&|dGWRvSK- z&*QzHl*0FWrWw1PIgF#yM@PMzWU*S(2myXtdl0W5^JW)e)|VtZF4V zU~eakkMB#Q4T=BB6ir&24^fblqotv_1*!)k)`rqYK}B}|tD~upMvc|o(=7O@KM7uG z696L)J&n~l9@6}-!uf<9pj(%|2guK|-(JonK$ZrM``WUr{MTef^>QEZmtEeXR8T`i z2|2^|T26-Ev~SOc>EKx9E)B|^y3I%%iTd4LSG#@%Ag!LO9;FX+-7^jJ3LMYiI1;B^ zZmXP_1JJqm60sk;+!`e=U~zXgw;G(GMuIS}}oLUW0D*)rY0u<5mldre6;SH&Ea5^#4iy`E>qm5K?E zT5?2Sy?F=i&x?`&i3*jfK6n5#WX<5D24!TEY&;I8{3Gie4Vrk*!I`OahHb@KusG(R zQ5+^NZqLb5P#mZ%$Ha_4@>H$$d2?ib5`KtA_>IcERO~j`Ov`S+pYaes^@>Y&&B&@P zZVqT$(smnlJxsEzCg$xtpy$sO zAWH5<9W1iT`C6#UH_x|*-+Q$-P#*rsb35*h`Ms5^Y;`*GH8#Do@AoOreTw2YtnJ$1 zMRpT%HJT@6uETB${A>^&%#le)_-wgINYd&>lz0>q>+`POgTkL3JJisF((Q)8Z5H`j z`%o$OrLHrrUR4MBhe1*Ir~)X;2P9rQ5nKHj{X?QsX4rmtU+co7+pqaXQu4)zEh;+v zBP0$?#RD90l1yM!B_Jb<1Wmk(4B$R1pUk>M6LE1_(di`7OCW|wAz&7=(V75#G#&kJ z)jG$Hxps?)1FEJ6U-xguIooY|DAIl*tO&hc4Ud6bTpNt{|BR$}`7wc|l~VvYdEZ8W z(|cbk&*^H&ZF7-REIeh_laB-zwNIQ>k~=is^UY}*L%U=OV~WF6T6P-OqA!swvs5&a zK_o7K$G?9Cg(j)H^w{^niYhG61S8|?kK#y0Ec20C}xzHkA{{VzWor!HWu+Ql9 zEVuF0;R{j_dc8Go>p>Zo%HAEs-GvxDU9Ws#VPr?8OpddwI zid2-WDV-a6;iCaRjkNtYk_182?pFe2;-he(|8;A;{*L|{t&w9GoG;wtCArug_2-q* za?UNWwaQEUuok~@VdUk`qrn1Y*+$Y1^FLiTUhB4-qcV@$uP$EMyZ-E|SG|HMU9%oRvSM&F=m&2!^*%^TYM{4v zLZLoQs;QB549e!?>(pjF$o{oSHFcdJtfk6p4EL#B{;&CdAa5bsT0Px+hePvz$Qrwh zO&t<4_BlEJ*TYBk+`pcTHw#pBbu{k!1m|ystEj;fqB^i)8Jg1PVyT+2CKHT#bznOO zt|`VoLD_aKPe6*wLx!&-(vuRH#wmN<-KP_02Oqz+iEZkXguY@oq~mo*w&`4~MZ+>6 z8_Exd$=ZC(qTj>iD~+-Mu(~01-X)h>B0=HVXj1E6~ovE8W7Dz zqR8r4@INKNpPFYNALb>NdI`*^D!|WSw&tD`8rtv0e5|`Y#1=uo-m+Xi&eAW~`6Epx zdis0C`*eS7Ewjf<>=4uBkpO)^7c4h#wDJp%&1g`*Pvw5|O1K&Fp8e2N+w@~ZTdK~G zB1TI(%Bnd__z%fj@Jy~l5#t@v%69v8R1~G~vacQl#Jr?hs~=hb6YJeuNr82Bs@`Mg zsh@*Yc@6b8u0WY~Xh$d5i)N;gSham;^4k$zOVVna1usd{9|CSZ%I|uaprvBnYdPYL!UuY>2ReKukDIZWfASL@iSZ8x`z^5W^0g?V~Uw>ye$ zehr?RN{m7~j%7wquN-)>*Hpr}@iFK^4(cm~E<=^zl=1~QVv;nqKYO1sj8$PNM}%}w z-^Q;A^T0*}NlQg46BWc27|)2&2tRS4d@VO~Iq3C^1J%#j#AZ)P`r`45ZlbPw#G70( zg`cYi+UmJQ;MBIh%E5g-x^tFzQfub?U=xlbAae;7px^29DE*eaK^=Bglnbra;4&#C zHDp#S5gXgSJNq0H9cnrFpz{vAsm zL9jfw1Wj#QV`K~>jl7dNp10HfGu41#m}sSuQhHD6?B-Y6JY=MnsxMh6v$(sim?E?$1@>tt<;i>sCuLYW z(Q9se1V_x8+eZ9X`n{nMji=NZc$`Uiyg$hvU{13j)aR*R{Ji||ysW!g^^%u}wNC!W zuO7&uA9G(f&syG7S-IOXo4vZOUC!t)5pT?%wh|<=65TTF5fmj#tvfGlEOgty)pB6q z`#FO!Hbv>)`)N}OvM`BC#EZF8IOb==FJfkvkFhP{jH4Eu6)|Enjm z-P@ZYB{;f2bc>-uzSBV9ndLo)F51k55t;1@E8pHj%E;e}_c!(ic`zVIFTR$!$adgj z95yiuNPZ{aK%ul)x-VJK>E7N&x#%74J>|MYE38xIF3&F>xsrU#U$Za$;8{s%aeSa= zKoZHcgWr7_Tb1r)IC5V=b8vO4tTXoFG0{*KZs#FCEig^)pPeb(j=4W__NS0=BjJGO z^_*)-3|<#!P&Xugjc66D-Ds000b?y@B(eFi$nRE6iuakLnB0cN;sW3HifP~mgk;a5 zPU7qo^N(8c4a+3mGcL<3(

    Ca5F$kg?&u`bYMrO4@tVd8s38KN3l9cMxc zR908fVi^Ka@S~-cln#TYQpmooU4n#48z^Y(F-t~JIyhwNz+g`?zS`pZmI=@whEhr? zQ}PWhhg~T@E#1(76$d_-j9;r}F&nzK>$1*|>!^vr<0~c%YlgS-5Doa4wjBCyJ;BGG zOysfq_U<@7v)a^~<*64YKKC?Q?mfk~4P6w>m3@BzeJ{@h&E_T8lM*m*sK6x#=3Mfk zlnJB*5J2G4p2Do??Hy!G@UX4diYFG^;YdNTRZpFTK5sj}jIV(2Xj?xMIa5_({I%qx zwFuTiLA-pF^Nyu(!B6|TYm8aWFbZChSmQIz7>{U?$=5cLHtt~6#@QR>)r%LLej5I< zahoyIV#y4dVfbeLr;mg8pu%?__l|!zU4RSmr2RSG*itpQefz{-1- zdcbqI5*p0r8c1n}V;e|f)8CfhV@@tcHT;Q#JgoNg1>JSTC^9LUgvt>M&9P6-kNdb{ zP4d4gp5JD46FW6iFa%Mn2+2LLy(^05o%)YO-OL86gJRAWf|wvOyCxl^^~6^^kFQEyd)~ZJNd}Ia|vTVnXmMB#rm{9 z5&CH>{LE!?8I>8X)Evu88QQ3sOU|BV+3`}_&`XBY0mUX{#CmeU#diC=o6KhnpJvZ+ zA#&Sg{pBa!FmzlNoiANpi*>)nH)ZO_@lE)_)Z&vc6J>#n9tkh$LFa zPPNCb+eWqAliZ4T3rScL9Kn5iJIk8^v@36ckF4pA>Q;c`~JYgUW=CER{ z7Sm&BPDaB8Blt(W04JV}W-FaCVhT#|Eia6F*Ey+Za`^Y(S02w?LU1jE*!=iua+b~@ z({k74EjCX=>*`_UX2>2{G_ImI2ND;VX27dN4vHh53pQ@Hh`yP#4@kalZXoZn9Z`^c zVj9^!^+5L?7cx5pml9GSZ+Qd!Px@c{51tYf$*2fVnblwds8s|8REhfx#)5(m`g2Jun&!fqM)k zJP{L6aTXV|v5Qzpt9FK*qfp>EMtqcVG z2^&M8McIl$0{|@`>~Ok!s8YRT*fGvw!nKol^9JPO`{y1!4wi zqG)kt!~b{N3Xt-g0;4{bPGg*dUtyV}rWmQ*T0VMheQ71t@Pjh>H6b|Lv zJ<$wNHVBO0={g=49btMvZ!i*MlKwR`bVV0n0cQlVHs^3rPP8#8X-+AIvn#MYd1hom z)%O^BKu+3kaTq?cDg{{I!a2-G@$NVPf?KIJf6U+L(^=9{h9Ey4uCX(@04W{G#W+av zw8(F6uB>a8;WEoV@(SS~=664!OQLYt8htB$3m_J*3oxT+furlPHi95SFg)L1CKpEN!5F>(vBvwJWNL!0SNT;yN9s&;6GsE#meuD$GJRoHw9eUW) zF#b89-sV@@>(W8NE2$9tp?hBEOGssgvG(Cr-0ob8iXREdm zZ(x<<`Z5eUHKnh(7mz1Ba*{+ zJ8?P5vX5`Ab8Nakj$*z!#F+3{OExM}uP|^t1WIx%aUAA`O+HwY+mqQC_+9=0IGqC^ z!d%I_^NqTfhBrw(hvC;$F=x{D=bO!u+$c_Z2+NQ}I-N9Ui|2PPrJ@I9lD0cdKud_-a`IKqzU@p0 zfzEdH)O*!8v1~f55LyRGWR>c*p-95W01~IK!AZfRRcjyVgT*Ta2^&o~gBC!@&X6Rf zHDGg|eD06u23R0%0k*@9l(y7vYXdwSNkzmKu2Y@#fD1i5IrKa`{}}NhPURreMxK1n&hB-MCi0y zgp`oOu$bSy^G>e&_=4>gMke*BKEM0+Q$mhqkD9%T+{1o4@?K)LMvArRU!8ikGC5eK zwi}9s*FRrfm@i4xR|Ej3-f?)ay_n_4Hgh3n0_udR?CserQyfRZOT~04%r0HPvO4LGrTv`7A)QI~OEUQvfVx@>-ZI zlvw6T*18ueSp;BE=P@EP$Mm%TSCq@? zdt0vW_wJfOCCT19Y5Ky#)bX??195vA;yk>aWS70gf|&M}S*Y6@v{=b!emiK!L@;Zk z@%B)uMFGN)3VGXrZE zBlw8f$FJtrCueigO=WyCH9J*KhFC`3d*-|^dOIqiY2p35x3HV@CF~sj^y3mcvfMP^ zvZ!#8o?RZ;OLXcU;<{P-Wcm(zYx*O4U%)%-Gj&(;f#ij#8m8S0fSHq?1$3ZfKPI5S zs|E|{9&m|Lt&80|BTz(6qt>sx|5f?b8W%4+<@&AM}j2RW(72f*$eN|DWf`W=FRYRZ)gu*w-EZ)jr+ zF9NQj?M$Q32lm5kkC62{+(aBl!kI`|ZTN{JV1d)%+REZ;>mx}Lg%91;C1WZS%exw65B zie~kW0IOP*@%^k;%DQKs8|RVMhP|aV52BUqaB$AEx9sep{jRJ~kv5Cmj7MV9c%x5} z$AUQf)gS3Yu_le|%NB=~VOLb?KbwEFv<%3f($ZCK&3iPR_DPKmnv;9H$1=6eKeq6I zzt2;6Cz#0bZa4MN*z0N}V^AoHNtSm=%hfO>cG#}#x!QB5FK>unPO1q}5Jd;c39{C` zpM3j;d&5vcad`KKwk?7%r*02hpfUHDgjaL5{)LiBO_@LwZ?CUjo0hW4`=rR>Du=d8tSe7=o9-PF8ZK zP`lE`zI8cnFUvY>NnkeWd^E@dJk`UcGFA2VkHDpxbz4>Tvz&xzz(qfjo|gVboDrzV z+3#xBYV?2Mg5ko(z+Kg3{j8oxJ!g@UWDGzo&mout9lwX=ETG2fKd=#xpCwqgwYIoA zmX)}r{TljqdA#K42sUJR;mb_M2gd~ZnRT-_YIg%MVJz!t0MOAVQSHzs!5-sU zKI^7OdpufGs<>8;iD5*xkZdwWC~@z-QKaaNvH{*+HDgC0{FGCFWnyvt5};oZkK1Ke z0nu$y5+v3pHC6aUzn--=>joh8S+_GS>yNm6gZKF6+n)0&&d3r z!(|k&RxV7Ek@&9*2(1Ey)DKt~1+1EWtI7Lo{&|;BX-OxrTP6<)zojKQmxgzw)g+A_1@uZy#e328WlSt_DT>m?>|zUZ zE}2=%_5xB4t?J*iIG{)Noq`0OfK?^47~*NaFpI&mN2pOO+o|2L?~kLU&nB)t+w8#e zrauN`sw^EH4yR9i99Ee2qgP*CPn9H`uz0~f4XM70B0OkmcsKQ>v}M)hg#c%hjEdjq z^z9!V@qe}S9Uexm)>@?I9)zN3+|V_O7sU*7vICfEIL&gWS;=$ml(KmAFsH`$>M z1#=P0<}$!iWz?7!h0fFJV-ny=1d->{G(&&}J18Hu6%DQqgr$cGHm;h&5RDzhwg90& zhBCuJ0s}g2mmfhKvKBW001zsKh&XvjQBdF$SW@~oCp2vFYtY9n1G))xhfijQVJsvA zlE&V9$q&pkXnGLuG1gyPG++B+Ipt9Va~qh2Ucac`MDK%{oTOQg8Y17s`KOYvaPEo~Xtodm|A#8K!;tEzBoXZiPb8T&k6M>*!Z zd7?ElSK0Op9LKcs<4P80+$25E%ggzG5^Ypw$FC zB*2&9b!;kJwlh3!4;BVy2hnI#nSI)~@%bJ@IQS}ULi|*IxU<|Mrw?6%xU#-TzK^*6 z4%gx!3N#pz&L#`QbVf*SC&ST()SIzh>L~cXeZ`>h5ZHosCiH(xSsBqp_fexE&cc);M%!q1xyVm^tTl$0`Yt{P^)c-`DCZ#2BAI@!`wYFUpS?C{^M zEN{94ySc1TAr)T8^Ses>(BgdQQ4cIVG-wt%CPWD4c0E{s(|jK(^z6L9WktZvqJlrb z{LqZUXHxcNMB)esuCZ4;Z4+w~C{x84*R>j}4jw~5S?k;X9zy^^`$QszP%-xkz+CSi zlH&XouqI#IyDcC8@ag4rvpbH_iL&!4da$W_rse6=PU$fCu-L~80K3fwnmD|sFI~?9 zWTq2n!((4f4YHbLg=u@!rxFYQ?u(pCN9P5v95@IA zQ71RIgqT&8&mS~LuGkdqGprI&y^e^b{5>NcZ(~RxR9MDD%!&3KcZK7En9ywXFy1Nl zqL3wSJt(p_-gh=XiH2H;o^IBDNnt$qyw^Aj0;095(f>2-CT;ej91 zD0cL2Y}211fBkUM;fI}izePj0_GmKN6|Rile)8OMP~YG=uHoT48UP#^>$@3wFAH8T zm>bj}q<}vc#V$0u-4K+s=~h#;T@MW~Y!8@@{P)r}_<^t-btpZD)a5wxLIrPqOg$$kk5|`5FZOBl4Yw6e9rAGpkHpsoz5M34gvjC0Uwk`ZAMk;8`|pt)WSaNHJ7nkSM2eK_UYRa~NGW$VNELafq1g^U74+^P#5pyU2~UE|+|pIfQu+r)un+ z6^OT_t0kT|4K~Xq-L#z*zch34XQRDuLcAQ(=1SF-xFi|reRvqyr<<}VCf8?%?<2Jp z`;oRZMf&B0W1$9rKp&%&qcF%B&FLLKz|>1MFX7PEDtrYj_U#TMI9NY9gVV#2bVyA% z$2bV|Y4f9FaXYpE@HiOoWE z<8)}|qLlF_hGP=+W||+WUL>f&{+--U)R%zVLt&iJrET#YT?G#H!~7yFHikrCyfb@S z)KC5$Kdn7peYN;GZ=?BC?b{oZ=y+j#nRcJqu$dVY6|!1ZQ|sTA;$b z$jtWc)uno`4SmQmhL8lb&wspuBSc-`5E`5S;*C!LgYeZdBcnXO?}nd_{@y-2Iy>TD zHUe&VA^6kHosiMUuRcxt2|vyLM$(4IzP(P1D!IW-R~mP(5E8hGA!FK14}f^{WTRPS zX718r$R0bV2$TD2%l$()L!arC{cF86DTw|j&D+JjwYRR**=R#sf{#*b2e?c{!aWqi z<3Sn%Fa>0JTUp#$`wN?fd+T8ov_q%{kBPu#W<>(O_{;_CZM!s>ls1W|5oelYc@azv zja2QNyQLAfFCiVhM*ZV?jJJJOwYeBBgRKg4th5mokfKB}*vseFk)axW;XM~`BT$jdecPGzA!~B0%OE3S7myVs|qZg}F-yNGtD$gng-6^pfdO^=Y zYoEe5R(LhAUif0sK(L;`+oo5HPflO^-zNGX|E+L*VgTHbZz?RZ@T$*m1}$U8`iUIe z2*t)|r;`#}`3H@BU$!kmHjjQv%09l2!lW`kF7`0-KwS#_Mb7*87!P@CC4t~0zgxzq zx_;`bIC7`Kc5H!5&oCxDp77G)jd3-fY!!u@Q26XcKu9l{xNydKXq24S{1R2; zlEe7XWd8FI&hX3gvZcztVViVD;vt46st1BKGOz1IZTK26|g>_`@dQMv_JHxK4RoFhF0Cx zKGPDaK=_A^_kiMal`8NksslLOfcGFB#Jtw?D0~id!LF0=_kMjE% zV%M|#Oww_w>wLe&x!SrCT7{`XZDAAYdvSa|+FC(ef__@6PZefOuhIT!cU$!`R8C89 z2yO73B9HJ7Pd7jKtr;G$?ArYF66cSAH&;}CyK+81SjzZQw)*mfbf|Qu?)pm76O2>y z`VR8;3)fXygji>At66lb?^Q6Edy+&xEJ)7bUA_n5BUE4EgjWUeSe=lF{o8MLANA;^ zXQ=~du-C`OKY%O!h~V0c+!be7S8r@J^%<&h1_7kZHTAxav0_}0B?et*ALnF{-&TGA z?y=_r=+1K_pW18<%F3}n%X=UB;ICz;0It-gUi@IK^Y`b)rHr%4=y4TNo9+Iu`E^r; zS-(WP&~(Paqi3meWgKZA*SVo1;i<>)HZeAD*ZUa)mNNoNE%#sk`+GC!?kTXM3bOu@ zjO{AfVt!klW!@4H6k>I7gIY{n5M20n@6{r6tBY^cgO@h12Tn{B=UAz{{m1F(ogU^$ z9Y1@&J-6@jXXT6EVPt-DjgRr|wM{3Qzot?nUF$8!XUkd@nLC2ZKOWSj5_Goy^;_d} z1S5v6i|fIYslGmimy#|_+->6mrE%OC_2;TK|3XX9IVF{Fy?uUW+%B5vKo4yJ8TS ztB@OjiZdy3r*k*4*D5XAm&4MB;UM(0sN3Hpi(ftYmM=(SR%LwlSt|^C*G*}Lw4i?lL6Up9o%N6UCKhB-A)9&23&|rcr0%nAW!G9hp}$^p_3pKM6Vvo< z-vF@oaCPI|VvkbY;x_thX$jC0oI4Q=08Jr@gnJVhe$G$C1Mu_Ji$5jaowOOlgd0N`e|<4;e){EGfV$=St%G+ii(R9|5r6U$auS3@(Z%dq z8mu$NG;|=;?`uJiymyrpI*x}3%Yd!E*)6JplkS{JlVXhKJ73M+q4&#q$h5E#d7Aa| z&9~=Z?vbCOPY6Cq`AH@`pOONT=Cnw}2mJQsH-to3y^^0YAIv?{$h@m#1ETqOA&{9@ z3Xmn$kz%{DMZM*<(Lz%)-d9Cdc6RDarDzGUCn)dGuD3&(&Q?>`I)3UAB!ryYN8d^B zyHnn9O?qNRl64;yv2M6$IqIs%8;8`jx4CRp^-IW%l}@rCUb-JBe|m6uH%UcTUGa)w znlA0ur7O}(fl02q59EkVtUA{jFr6U8^#{tb^>X`7dJN0YK=3N>)W(N+Wkf-jzQMJT z*RKJy3BXGx!2icw z)%|NYq7?YiwSbjIk)XJKgdlaaCaAy&YekStf|P{NO&T5i&`vF4eX4JeAKIaw#J6Tb z^x{~K==gKqBnZZc8LK+2M-#w>R&pN_n|e%O28z@AG)jI2MXl1;e~eVa`$XdMeR>yG zG?Xq~uU`5*LVA>3&$?%?d7`O(mn}x~*PRZ;zsX6sNTdBWcatrQ57&6E(eNY2`*g-# z6y23ovToc1n6bdWa-4Y#04y3fw05rK8~KducKY|^R{-FE(ivVi`Oj?@P5c5l(a!zF zvKpYSUz%Ki1Si%{_vb}=dPqxSyVeX+PrF*EC~gCyV-JF`I?JF(gkMoAHvrmFe|ii+ z-rWX%yc2Us{>U3^^jdsNg9WQABJW}@+c;HsI&0xufeyh&>S!?GTm*XUD@OE%JUkMG z`~-BSJ(!?jI1y4-2-iT1yrMQ(0~Pcu9%lI3hAd`FDrn;fclUf%(*`aay{K+}Uaan@ zX?34qP<6>w@g0yXD6|A`U%co{lP44+Fxi692GZN>PfLSK7c`%m+Oz-yK7AMI6gDsU zdt>^0r_&*qPu>A|kmR&Z>_w)h^7LURPm#zs+KHO4)AE{P%Banf0Jw3+U=Wh6Za~pz zp!xP~=zidYhG;uDK95fr+HocJu)1Y^rOJ502@Z#yJ%VMuKG||aX`p)U#p^_!^)0R6 zqPn7d?W>$yy|lx*Hc?-mgLfJ~cZ&jUhdd0+%*I8;s!p!LEgd`eon8rZ3nfb$MD^_y zH-(b(!N$4E(Y9)7$s6pv-9!HLSsnBh27-N}EF-WS#*&D3bB3X1Ak%L4sItj8SkhpV z%d0gGo^VW-l;*7YppEzVis;ifz>?OQ|DRPXL4)UZV;S8V=bYR#fbujc&mC2ZG*4>O@l(>j*kA2nItLR+_PWk2Me4IF-GHf% zX{phzmoxQpxf-&a0C6QLm-pQxVGc7i%*YI!JXE_kabx{iKjKgrW`%rVXliOv+IPw3 z3}aI>=Lk15qd|de5ICBX*!QNpk-gw;p=p{%yfoOaqY=}O={DHbmxd(q`OW_X0PZfk zo**1mFD(ajrChC-i8|Bt4YGHNssz>#O=)Znh*sF&p>ond(|Yvs8!80L3iLv$<9)L} z$2RT#E-z}{IIg+p+((qn)vEd}MM_@CKE81^XsP1$tNBs!zhMf#bJ`R4YoC2qJ4p-R zcV*fh+DS+Y9tTk|zHa1&-~}`X_)I&J!W2K!9L{ieeT)4PiyG(2~BnK6Pj+^`ObVG=!tkfgJ_CYHMgp0A6S*!lg^YKwIfH zEuW4cBJ)2TC}9FSQ4{)cl0uyC93JRrH)JEx>d+%@JnF3ZKIj(4VzBv-AsUTx&Ea#_ z2zQ;)J)FO87*Ee`oA4kB)URadiXp`{*CgGIROF0q&>WH(=A3$NYL7W?aEzYy?*(%& zPqypHBv$y^i5wP7>#eGDut3caxS7=J?GsWp`gGMHD=Tq-8LKLIS7{#$({o%IBorrU zfqO4!>cmkhxfs{@XWC{drBrRS#XB?Q>D)o~W8pAMxjO?saX4V}NDiy`o@Eo`gV1g- z=O4UYp+jwbNc!-`=g?oHMq_VEYfh7&(-pj}<3$I` zhDj5-Ih|frk^NEMz;7bp#mitoJc1JN4$Oh$e9wh1idk_hrogx9ACnaX$|terOxs6m z$muOwpd2JQb`|hHun;a2SO``K>ao5IReC-{R6l<}u?P{nqC|~Q`Se5~$W6o9E-^sI zfG%R^NZ~J074IpjBIf@ zddq5+`mY#@j-I`YE2vg~yM4O@EBsebXCEk_4xo;Lq?=weNEW~)g5b2`806OTq*!>$ zo9Rf`s__f9gD{SW_7qCrC=HbLra>RTY>GxL_07<+t^(#rX`*<{lg`VhwZ4)UoW|(~HK?u^6wOS@!kd0C1OK>uR|9TxBl}GLbxcXbGd!-P( zN3T3dbPQLZrU!q$pHtvE9+_dxBa}xNQGKFC*#pt%GV74M=B)bK5u*TYxJcTSJj;ilJ^qr0=vt#jb9p|jgp%= zqiMa0E&Mp*f7}b~5bmSB4RttkJcElN8`^GJT``OC8#rXBf~N_}(npK{Ul1EU;?gyQ zO5;#Ew_Gq0M-z{4Q8xzZP%JcZAOSn z?mmWCR^@$u{$7s7$2|tjB%tz@RedlkiiQT!dh?b2pc!SQl}hYR-z9|FBq+2%{b~}I zm5goe`^+6l?6)wnBFL@Y39?fseU*pd?)%KTTQ+2ox$5{;4mUHHWG~+wr&p^dJraev zF5D;Y38n;8l~(uusqurLsRWDQz^7Gjf9F5gl`8WhgX<~)gOuNeX#V?cT2^nw){e4z z8-X~Q82f|JP8j1E6l-+e^?@2ETcq<-_KSjSk3}7yX1ps+C%h?hcgti%eTnlXfQ?;xG1C0 z$}=4F2r$aTy=8*jaP3jz7_4%X(Lg6q&&ELefHS92gLoie*jgCh{;l2VzK>R(&iVkS z?Xb^{m?=O=j(w$=_Nf5}Y@W9z5P*|p9^;%4Pi5^?Ksm3!>~`gd!)4|=L%;e0+nW2M zf8+yn^?T}7=5h5xns+B;SK+mQUWzv|3(VCkwa-X&Q(Tu0if@`KnzEcu%_ou)#{7~5 zUWg{nbMsR3=gH*2!m&0m;V=QO)+)Md4i?>63n>gvxq#oD(J=7FbKv$4{Q1RyV8w(D zxONwKCM zQaiH4X1kqMu+g6l`J(aqY)d92S#zz0>=?cEud@Mp1Wm7nqNFZLUIhzCU=fPbW`r;< zf6^)Kj{>p}+-TZRL;2~Gs5mon2JEJ)hJXkHC&HYsr2(_!Lzeqg@Z5wGTwJ3m`=bNt zl~0lHu@846s(9N~5Qf1u$4>*st=H|<-SjZ?TfVW{U~f)m18SLf6$r+T=Q`Qpy`tg8 z{GZyjB*8wN{QdXU^{*bQNDQd<3Skr98q;0$FAV8D-cq23G2>LlEe1mAhq#wLcHh6v zNR+e0Dv=M|qj%v7`YCwzBo2T0x8T^Fcr_hhVKt=pd7S#V* z66rpdN|WLqg7iMJ7)rL(GI-_jM0FFsjkd5JyW5G8;wQ@;v zPly-galptj>!3v5*>N&3ka;oG`~3?QCP{^o{Z_B7{wpz zCL(R)#=5>m#WTKn?P&a1`tPKC<@vVpo==0#JfIQ zy!++9>)s}P&^LJf$$IrZ^juT8Jl1>joJFj)=cQ~qcQ;HCJYJ{wpTDi=le%#SVT6)A zZ5m;Lpy(x?pkZ~6n22>f_AdZbQqd%8a|N}D-zpz+R`OoD%sJkbrn7ne-T3ASLPDXA zKr$Nb^SZ=O60s2g>uN$ph0dS>&xENEz#1`}}F!&2G^VNF|%n+XwdEIdq+ zH4I|?vwWIVeipGH{ZpwcJ14VT&|SQ+&GlmgV1w5&Yx*%%kB8WE2!`)w8HLsV9lw>M zSc@nqcLmJEqs;*xoP+qTB66}eV#Kr%@W8%EH5~;K-S&w$t_B`}9_>23qI^ZH(B>>Zb#_GMxzZ9hTdE(m_COxn$9WCbm)38z6JS z401=*^{4!Az>gT(u76!yOLO*>dAYHL52*8di56`R89}6!^eg0kW-BKR9CUe=b+2P$CsY~^8tMbcH2TuYXwZc6MvkaaJ zE?vZQV{g$J@DKP2ti6FG?)~}RBD0v+TkX z_W)oRUP)eXiySpH1o`V7C~I1Fw1+M*qSh({Y1^c)$elT?7L!ON#&kdF6Lf)XPooLfRk{<$0 zZqD95I$SO?0(QszORk_(z#%$iTx4RH#A@QKbfjAqwjNy!_HP5w`RW#2{<$OXwvOnX z$mYd6K*mI!s47rtVwgMRx~f}QjBANYTUH5L+r@v@tSi_Fd&CeYPqT<$j`q<1+T9%M ztUt(H9Zjm6|75#t1J%=PAyyFM@a1qWRl4oLYw`gr7CCZpVekcErCHckD)*97EI7>y-GHixtZw~6Of3Uty*`zP|rbM4f}sagM9pnnFx`L zEm^f2)Rm-#bAEo?RX8II23_J0#(RijV}fNRuT}xtx=VV!y+xF5*tCwhzLxBL*b_&v zz?qWsDc&>dP=)&|?mC#MUuhctlp>B(^|5w3_gP3(t^=I&L zyP#Zu>-60&(Hs%wgDEesecgJWHJp5~Dy|vFXZzYS&nP8cRzJZa@Oo0^P-=`$9H)4y zBnxV5ZgS+#$b!>ys6D-tA(xq^rj$T%6_2=(xUTrK)(^qlqXN^PSs;Y1?K|S)5o_YI z97o;qU}g?=!o}LHZOU7KQI>ZCpiBPLuGLCgR@*i?`d+GJ=Q0hdtuZ(2FjklCAhvUz z(B#wL;|t?)By*g|`YIr3Zb_sm>dMkK3F}EU%|1?MyL4^Rv21g`IHGHo;?+hNMH7dW+LLjLa0oqg1F=SdfubAHg)TrT$Wed>+=Mw5h5{k@!*ps8Mz2 z^WOZl(O5C2A&B)-c5&6MH-j&;kv+DZ3G71%dd}&Zi=!-UWRvnAIjXuyd`{<8qov(6GotgzEy}j5OVM&B zrUxBvFG|AgF()>)uF0MGq{O(9c%<{l#c9Ae{?luPyj}w*#s`V?w`3IE5c1Ip>Gu1e zqVdcXAGw%)bBfF0N}n!dRjH`%=Mk{a^Ew=<#U{d?C2Z<_=s4l^ILJ>Lu#W6wEzb}= zP94Kt`=7k`P)<}Ct^BPnzlERVrcqJGQ3Bhm#M4m@{|mPZgIJ$9^v2528qn2hsSP{< zCQEja#D$ZUc`has@_fWDPtvs^5d3AHVCzuF3|-ceP2r6tUcUvUjvrvaWmd?h!mBbt zMa%pkj(WSJRc9aV=Ge9^zGLj_Ez+4jtZ%UNmUp{G4+TdwwveUCpxWncn-YoCsfz>hY+T7E{OEj4A>HJalJ9fRVXKAac)*2r$ zfJ%OIVMd$zSeLv*QnX^*b7`if25xcy#z^IxNZmBH)%Z*C@`@wB#KN$}R z^uZv3o#Ncmr6GDl<{|ng!fWfLzc$lcvbzwvb#F@f&`|7<=~{4G2*=m#JN|TC_#5Kq$n6xI+*6e_bxs4iTTGxlV;~M&N$9d_!fX6oAxjlLw=GqMimNW#@WZO zff6pafsx}FedZI_>uFm+euIB_r%mS_=G8^O^8XaVV32CX^2Y<7critCUANW6)CW$9 zZ15Z(tFrzaFLuXko=3Xu6icFxXVbYh8k}{Lv~_qwj0AK3bZcd4F9;nI>I_Zz%XxVC z7)YAHK6sxUz>Fx`=QI>wNRj8hozsxoafg>0C$G$iLJxX&lauv%Tm8QrQCNX*>T6-v zBSr=ZWNYoW`7Z@p-KqQrz72)VyiF4iKC6Z6EAI-X<>pKYiXdz=uUijcj(i{KKGP{+ z+TMyQ-Wr^!yXje7GQVl;rk2poHbsbvsnHdj?uXR%17wK`xiyNcLardkb`n2S({Nnm;J5dCs8)=OP5?&cFW*~^tUY`~ z3|tMw-Dtg3B)6DY#DH}SD?j@-^cu{vx*-Gixk$Wh-Qs3kisS*NfA z_(Kc{>g#6idLQXd#+7PUjDFPom`-i{QX+R!U6@to2;sO(pr7Wa|9rJYxm81m z-5y!9MB#1T3n@$Dlz9jDS^HHJwNo1pj&EW%i`R+sz}!_V)ry4Mg9Ye!m^j(P+qbz- z_mEU;gXlo_Oisy`5d>Vp@_I}z4| zxGD<@y0~9!KWvf&8LIFOlosfvesUA(j+Hf?EB(U82#e9o7}Zmr>fz~RR;RD54&RLp zbk2e>fr?2Yio)Ddk2Ce>8TO1`N+JPy+`Ug*zGVW_@frK&8G>cm`_C?qtOO=(r>g9( z5%*Yybf2{8h~UfOf>;|hzJ3+aKI}n-JVa__p1*RdH9Ul8LXl(PkSedP%%~c zF{ntZ8|Qvhsbg?M#EcUD0pI&nyR9`dR(l{PFY}T=gL98=VSm&r*h>qr_RZcs(ivgVc zT?L8B@kT>A8fvC{!Qew<7NgbZ%^63yLaU0Yv}L7hc^pkg5NFCoGXPy;czik^QJhG0 z&rvG{IqI}Gcew&7lc6FyIGv{0UZJj zD%upS_BAV(qVoPV*$+M6r5;LB=ZHgTdO2DYT0LuEhqOJ`u9Z2Qr4BG>@l7xX^xs{7 z3IuxS8CmYbI%}<|Uj@lzap+@H#VUb7&Rv~eYg@?!+h4_2z=p7igr{3(8d;8<+z#QV z3F0?aAOBx1fOP3`cHGp1AUVZXK=N!e-{XOkJ{V%a9e}hPF|`d-ZRKKjbAM|h*Jc=bYo-MSpdLs&Fnb}J<&+QH{S2GU2~>CYm!^8^>Cei32D z_(R=*F2}fS68o}N@Kua)h&nmC^IHrhAoFztU#ybFE{C+0ekmOn$iDiuCZZ-{e!Q=R z-bm$4Ywqh6mwAR9GT`aIU!`94X(nEik=sIu)x8zjoz=~`mV<|k+g3^5LlsZoLtS8T z_^p>bzO{-DI+_vNX?$1nTFy9$=HyOmFLi38gHQnq6NLWx1=)o*>p1Z=+lpYsi@x)Y zWWJpIWup@hu`S8_-ntV~Br}ocfZYT>=eQ?`omaWlp@xrxUH^U0=SxU6RCMr`Hz>Be z-{Sk&G6<4-i)SbK6HWJr(5!TQvZEaMg}@GU`}xM*Zr*w_dl0*vnVIdvTAQm7up*2Z zP1fw`7^uFcy!aF~tB|T7#Txh)3zlDl#{#Ph<-mjR%P6PBq^`sQCTNfVHn4R|=C+JZ zvNmQhJ}xHhJL|Hlb2fk`MAR|pg}3Y9FfjMD<2fVhm7J-8ja9W=w-2zN)pqx9dBSV;7W>T}KJn6=e)OCn z^6;<1@97;s_wREA3wez5U(r}XF_~;7T@;cLA`s#oavJb|+Cp(K#U9>A8ZAVE6}c@Xy;=4*2Kx-Un)hKZ zrighc-s6N z8pA6AfY4+U(p8X@gQ&JytF4>Yr{=ad#tI*##pCTR54>%cL*T@06HLP<|3-^wRC6h~ zrp-|FePH%$|2TE?*Q88oX6qGc}=eQUpQcdxk^zU2(i&nFC z49Q|ur7ojD6unN#r`p1&lS$M?ZsI0sAK(0}{3sZ{*mV(YF`)^)pju8Mr7u^AEO3PR zuI#jizv5lodh1+NM&CmDSj^li@KwFX*N^5AKQ73h2C(!s;2F&*MZuKx^qh%>@|Ph` zU;qwl2*lVsl~T+_3w`949CxAjkP{L571+`I-dn0a%i(};(T;&$ez`lh4y%e;Y9Qye z=Ya!yFmGg_4p5PCB>fQokci80gfnVbKG6dP_jD$YbRL96C`~{r1;km}V>)_5X;#&M z^-{(W#t>Cy4Hg(@7+3zOu*=zM8i#5m61hAmqVCS8Uu|=IcZHJEMX$2_#<&B0ZM@>e z(xS?aPX}=El$`r0r&wC?aL-_eXdta9ols8A0Aa08={Jwjc@iXd;<7GH8%sStgoqJZ z&nYew`KE~dC_l%us^DhX&eYN0VzI2SW4xTB%QAn``K+|?EnHti`f^3)r3KnaR3#1X z1HM5=c#d>1$6vlJ?=dBQl}Du|d2kF4`b~2JWlR{jy9(r%+lJP;E(Zf62wM@7RpX+C zp47ddjqbS@RXb=*X!iMiNXG$=zbon-F(EU+@juU3p0cI+?gFqx{Rb~bcEl^Mi1x5IY&!1H&0+#NC`EjutM-F zegF4EB^}JHDfq%avwWbhT94=6X1xCD6fc54&ee+ml#<531ylHU(m3Vgn68tzWg<_$ z9{zrOt3IT_bN?lFC^Ni>j~cIIi2uy%+cJ&xu5xmkay$uy%OI;7V~E)2%Fpd%%Xn`h zp^=0acjMK39!JI0a{q=&DNj`?jK#*Ry=nie^2TWeMXzx5zAgi=KW&{Dd-9AWtS1zO zC8jHQzJuvqrdoHp;cSbxJqdI-?-BGcChwS>s72JQ_tkH-7YRx`O<{i#y{3kProO{I zx0)+bJs%NHe!z~hL|@x-HU2EHt^b%tq^cF*fpz+;jS%O{lLuITt4#%EyHlh1oNUQ8 z+aAd)43SlgORWP~l6BZI?c<{dHIkR9oxr`)BoTqlNeL%CLkBK#>9r1k?6^+XBHr3a zkaowaNABacqG^?{H;Pj`MD=w`4jcsgVq&(@XtxP{mMwoKhRasc4t>l1E5mYf=nk$S zKG5fB>4{-csZt`eRQm5P`8=2cko2rC?qB^0=o|sbdh(ECU%44VDnA0YbbLC+hWHZl zvES76@P)5y9c4K)R}O6foV9LO&TS0^IPm2@{8BZzib@{C7Xb;%_aXc&B-7lQs|$GWQ~reKZA*a|datZGzvk z2|szMRrwwWqQ7j~aBUul*6LF~`;cmFJK>_*{wcW?f##$p=FY4nWFxu4MXGfTXPj*x zlbOL-jXtQ`L+tKhk^hypRCBrqG8_58rzsE`LIA%ZWB@h(-&}$JLU|wIuY+sVKE*|Kay+9d!TR~Q57<8@qwgxA{>{qQCl&gZG03e$hm-wn+M$N@Q&-n} zEZ^^+w@1~ko=2BLfM|}V4pu?`pYQ`X9-=?`I_O?j8j%%e^Tzv+t$JS*1f}gE`^`|7 zAB?1I1amXSKj}Pa7YTDc({*PS6=8gBl8f!2)9Vi|N^85L$**QVa>RCiOhc`36td)Z ztmJT4W#%yqY~UK5D%&0a%CVgymW0u{U-uCZiri8d=>TmQS?Db_F9{1%Fu0~%p^u9Z zCHOT1wC;HjEfh$k1rBsCZUF?4R<-81N+AUGB$w*L`j0Qr1SP1VUmosHzV`h%(Mu?S z6!|9Y-q80-GTWXwxfJQ;xC6u$|E**_tT@u$d2DQ<&OhZ&K!5W6r9 z;}N76?B^VhavWwsAQq;-0%kNjern3(K(0KWRoA6w#n&4=Cr7_~;8A zf-Xk*K6^-IlAi%6@DrNSx5~DumVw>mMQs|IgI^(xp+o&qT`Dpc z4Dwr-7FZH-6|y-Cvjr+(WHnw2lF}#$iKXnBMy4WfO{JP8+~VlxbHc{blZeSJj3UuQ172bH z%XQ=W9v_=8MR|g&&)XdVV$_ z3KDc*TAu)cs)w~TqtV6{Y;zQCI8+jd{>pruBg{y1#rejtZ?tf`Esn}dmIJb&Ns;H) zOVbLIPRnj~7gTzrkrx`y$9;=**r#%yL}?_#xOLlG?yR>=2X8L{C<0Lyf*%kZ)oE;a z9sP)-Ymuj66Y8};wO+$E7Zl)hBK{&~XZl3GWCBb}y;*eUK9D&O$V=VJ;KzcBeya5g z=AI@|2&GM~HvE5zygMivBLmr`tS?y?&KWZbIJA@jxEO0onxdPTdePch&dWJJ?4c5} zaW1SS#lxD{zS8I!#Ndh@(G;dI%VeRZ%YA#M_BCl5hNchu1O|;&Y4+I&zgdNKfz&cB z`ftn1Q2Qj7luC!q#U5u0?idjIsXozY@DkKZB8^V=gJkQSM{Yg&$0o;;&jqoL>>qB&CIJFS^m#&Kr9~y){2^T0^){`T1p4}WZUlQw zvjaldBC1r~*xZb+7CE17i%@%IX_r6F* zJHH4AUlQGk4Z9gv)HB-gHFo`0S35fcUwF(Wup$lq)r6|@e9Go5jy)Fo%QDBAK#&$B zTgeJ^_a9&CyFzpGjic_qv$&Y=G%%ri_pT*C0XG3aFw#HEwzP%-7XU>!#&+L-I5(%P zrz{6ykBQ?kg<&Wr19b9Sa+-kXTH{L1-}?;fC@e)7f@M00@E5QoHX32ZVTz3`XhWYS zwDs+rCw89nDbj|r>pE-TI)16@FF{S8BP#Jc?&!~! z9cd``r1-{EmT94HW(W|YQ1DmR&hyu55SYJH}8ce%O+kVp%YSYO`6X{<5Mj9aaStOb|z0(PyU2nTYkF{y7BL4kj=l4hmHG% zbwfX=8}^i@H|#w&ZjeN?R$;A|4GBK96NCd|+-j-M@IN>aY^Uy({yHlrk?EMApiS2S zN~;H}q6x4@0_g>kuK6Mnqr)G`;M}ocku(VOJ~y;WY4?+*D(!I|4dnvHy$!apcFFm} z0-KtOjDl)Y$=vjnUiF;laz&Uk@pz|kKEvOcGg5TBSQF`a!@$7jub1vZ#@%dhi{c1P zX!_W5@>ZwZNmA0rt)tLm{_m`l?o*95tLhQ78PHSXGewj5U)QY*91L!{GoK0{B*kZc2<(cbAeZfs~|eS$IOh6-GtfEIaAXC%n+N& z!*r8-2I?`4a$=umE5JdcUb(mR2pVy$Fj4?ut@TbqzOV?9tI7P5TbiKtCOqs`>k zKcG&^oHnN&fk-s(QI9@%UOac=hZ7}|>$T_{lkzY0Adt5)9mnk%oVt+318hQwSy;K$myT zZV{G>ZLvrt=NB)AXI#AN)~`bG>RoP3hw}ro`mpGZ=`j;9J!p%(#Wpnt^SnW~S_9tC zm*j>bR8lJ#M_v|l-S`p;$Fi`R662dC#qEY_9x_GGfu%8KGsHL+7ODGUO_{(Mo~obq zcbR@{xBp$;E7b-LR4ZnQ#wd=A@!h#&Ft6E&8`YwRh)i%Ig!M8WETlD1@g*2Oh=%g9 zBQ8IH731WE__S|a>4mOCY+TWO-X4U`3 z6yhQiDD+3)!c*iS|Ay&i1t4|Gf{GQ50Y;QFAgdosjw+OAs`7fTrY(PLA;#|Om~eNv z>jaRn24sPzBW7Yhv5MAb20#ujknGJrSP(Wtg;+rV-Qw&Ig!V|>~dxgxS<4 z_f=Yr2hUaAIo)s7Q$^E{=!hH<mzbSFuc zsFS4PbBU)k3lhiAD$4(A?7})p{Mieb3M=`bfL#mr2t?2)tVP9)! zL4--eQrds?TZs5DEj+zT$3TMr1K(*7j4Zkq@SKgyreiQ_$CRu4Dj8+ zuV(-79dU|G-yV6ue%NfHHbv+=BH=%A4_~IPR`9mZ%=g9|NuP;aBl7b5NbO5t$;J9d z#cJPQv6y8_qnK|7Ue_xA95lXmuuOn4lTk5A4~gHFGrP$ChS(vkeCJkwLvVR>C-*6u z)X%wH8PQdPy5Nxy_OSx8v4l*43irN?-|Ng%H4fkI=U9GzXW&(4^#q7J6G?kt6|!@C zq5M&q-M>A$b7U)z?#|w|d#iSZv8GO2Qt^bM3aTF!sU5^$cxbN_C2h=&4`q#-Pzrp% z4dXk)YyK`(g|!XwW7-}I=%#2_a@%30M|<;cb(GybWg&L<%N8In%CGo99r~MGuP+-W zC4if@SHIAIp`B|;_OQMmr?H@fiO{jDr<+}Qb1BJ%5V_5`uE*6S77?C2XZZF&@qqIt zgj>DqOBPe4n;$xe;$y-dmY1IM0vjUUBXq)_4MDR`F@BOJO!oV7`S;#eHpy+rE^se3 zW&T4z4`0!!iDdJtb9*Lu;m5;#=nXNT*@aaagE!c%o0$|ftbGp}kBiZpsg$`7jHe=7 zk)d}pXc>xr#tW)~u@5RNbi(?pw)Tq6;O`#~RdqS*T?3x~?ELxe46X-4Q^@$0^*Om{$$*7uCD^WS^l8)UfUr0Ut%(zGKgX|VjQ-)RsUNy zeD?mjqw;xnog;|Edm-?q^5%Q0#U$Yj{r%D^AomOoOz|Sr=BM_qM3G1@57m#V)JK^S zcFgKWT$Mm(^Sb;`8&BXnq7+NfQd{$#%Z<_+D5;2mZLmEqxR)N%CWNA0fui0%Z|^pQn=5 zk%>|g_pIofy zcYZcRpU|BNUdlYQ!98+!id6SJ5oD2kA z_ouLnod>ejM1Fa3lT*1;^~Hc|dU7mqh?GGr|1&PbwTd;sTt8lyU5NO$4O1dV8z zBax)R==I|Y5N!8U2N+U=`I7QX3K%>O-%F13`T}oY#JIi*uL}6@JpT#sc-$E*r6kfibnSD305pk*0C+O>uk`{CW0=8b@Q%_R$-wtg_ZjfEakIel z`|Pi^xBtzzhqo35TH8j`*5H6miv94ou0LbS4~^6T8o5%msXpRJ!dTco^bXKM4A_wY zp6@!{qigxlyAN-D{;%^;#{Ts`@Hj|ljs3&G4Zwg#S}Lccg#sN<5c4Jy8uuF;Kv<~o zPZ$T;+M7;ITOb*BLDT5}-h<^a@XHF1jP~XMVeE4|D-kXX(f|sv-^l{4>~Rlfh}nR7 z23`N%N3nZDCcQU>uw(L@cjCZ&dx+^LX!6ik#kzbt4bH#?KwX+mtAt(8wmd|$SoigV zBFv;sX>-E2?{$&NNu*(~vhHW$@>x_94JqT;MFzDhqS>NSUk9@2jee&+E59FU9vZzzVzH}PhS97 zSH1vviU*?%b=ehQ%mzaR)GC2N;7a5h25A!o943D4%^$Job)9zLa1v0*EfjTOPFpkkX}Be0ai5b@3^?80cc*yTeM5Lw;X%rr@e<7~r(= zzu|op)CPQ!`9WlDv{2c4LX>9N75&cW6?(^X-WTaCg{g~&! z$i@!{lwL@+%!+>y52&@tDlmwp zP)wZuNMQXiKyg4aaI+tuu>sv>qr0t5NZ*Ev=$yM3FWI$X)f2Flv1#}>1w;MAPzv>d zg)l<@ttk*tv%o?hAmr~Nwhb~)DdxDPO>Eq+XWpK&AOOro{^$6k5Yz^k7BB;cNrKtr zez?4K-0vVS<)oDWa50`oNL$-bsp9R2fog-Aqo3c#DE`+XRFJV&$%}b!4FG>xNeg*s zhU|aQUx|xKD3ejW;wDfk9a;1)h3~(<|F^4fHXQ^4zz&TE4;0wzG#2^C9Rj+s;R)1y z8GJ&V;Ek&dl+EGdbQ%D7F;=beUtsyS0fLvTMVyP&B&`pN-2H!x+#n@Jw{jY+wRBpX zlHWdq&yLMb>OpEvOZrE|WAof-el|N79iMw((KZ97ih7H;2OthF`KIvRWXUKREf zU<Ca6#t{2$gM_#IQ@=Q78qEMel=b zqhbn2^y_JWyH}?t(d~6N0m#k(?ih)HwGQW^1q}3XQ?gijknSwhuXoy+1B5n}0176< zY@=Jsh>Fm&ih=qM>p%I%_345C6x{#;TVe5=vQW4B+YO-5=QN`HqEACrgz>>92=H$= z%yM4}*A@Z(YS9N)g&6jDvEp;anF~^VxqH1@`)7a}idB4zM)mw1;5Ni~TLr+s3~Odx zr<2Chouwk`q2DqO?a^xieZgOoZh%gP+&B3PJm0%NQbfsC)Xb-4_pKMeEKUZLL%Cg_ zx|*DMoX@&(%Dbp1l%FjG5jBK|DRMTCiX?KoU9P6|OOqRrQW+Vem)PPp0y3H@1$OP} z4t^(6G(aoN6Cn}3Kt=memGgX4@`{=Rm)+RX3orgC6UWL9-W z`)t(eyO*13>jC6YSAbPE0U&!act4fgjd)rTH(6=f4~zomgYLvR3}#=yN(Kmhy5#{b zA;X^~f_ep^>RLuV)xrRu@CZ1}2$}*qhl)A?bdvt;WEJ>giY%=M{OV+L8F6)UdAtfN z@*e@wt^x4Z7jy3Pu0|cvs_h|c3Lr%UeXBU7^*ta8sf}cI0Zy6VfdvUGQ4Yp$FMqs{ zuI8D03sFD_+_(VND)Qf?FYwS%%XP^}(AmjafX>bY0iIDGNm_GdV_jiafO0AOkk@C1 zx6$Rijtk<?J@%^VtKL zjCmciA9(YX2Pw=4_*^`b9Bc5}gC$6cFEFQ^fR2tB5Cvp2C->5T86;iOe5UL6`)#ZU z6Bf0jKeg9RIR~0JM&K?@ve_T9tqI%8-!ry3Mxpo=u!jvf0{{>`2Tq4Cf{5b%FW&D0 zTD$8UbbuJp$SN)5EikbKTL<~_;V$j%tz-I{F z03(B2tT4jw4BQt(I3j{r0G(Ei3@Zt5u1Xx0tK$Sl#hHB%GKS<1SqgkB5}r_7J9!}x zL>Ckeh!`3aIe0$!U<9)eR~`UXO_dpdA<}S-o!)q9j#OBKCZ-%C-6kNTA9nWiR|)7< z7gpVf=&l&g$VJD497v~6OsY&11>kkYZilOIC*o{&IZV|$Z~_>(auO3`WtBQH z`u%am`-^KpdU&SUxDJ3|7p z{Sk+5fSh!ZlX6n_l7sMfz!J#b+myZ}Y=I=8lN>Z&HP4B#?-B!y$=rf*-o{zc#AmT; ze66eT=UfimSmd9!)j*cZL}+R^^5RN*0kLiKLZ;mbu&ODSC%(aMN82Qvas|Zxa_qX? zKCNg2betwY@-+tkt=rrSvAc`hPC7kqdlx{=b=o>VGs5_XdzW7s(S8>E=J}3DaGj|) z48n53R>NdYqE-PM;RTJx!|~zr6JE(146d@mM?`)yuMR~Q4OYoZ@Tleiy8f*oawk+( z<}~c8{R|MAbbgy@)ol_+vv$>28ye2kjj^u{n_vvD89I;(7$$=ULj@aTOAt z&{0u)$}a@oxOgSDIr%-swxW+o{sm|WTg?-QGV`Ub@D3$r9z=U=@YgS81L#YgvNZ3} za+akC>i_Agz7OUdFEyI~VtCLV41Yz3hHCnI-UD#1naO3fR7m>t%mS0AsK}skOe8YZ z02?OH4STBVc1r#+k07J4y9%r!=fdcJlzdcF!odGuW7&tv`T^JE_9(8;u z3NkwmL+;rtQeee!5nS|l#D%=bO4!U%Bo;v`{Gax@E|FxisP z1pmmnuX;QjThPe~i2;JE3|ed{uA%D*CK|QVlwcc+nj|0hhaAQ)qB`^1-%?z6)>%`T)aB zi12UcuS!27QR}q)s+zrLE9A7&Tjz`Gip|D_{&wyWz#GcZfTAppBlGlc1#OEq8v_m_ z#P9(Z36s3#7pdi#{1dPu1B8=zbdnrKqfFYTF8?Z?u}hj|+V+KMvKh#-iCtGI#rXx+ z>5-vHEtBJ-NSNxZV<$m*FLt3cqRv=>X*}?euM%CvvEm$&$pqKO1Dh@mNo*nREDys^ zEa9G|fjAvt(?NF=+vhQzu-YHd`(@|#VoYFKHCL$v>C-T`N6Y@@F+|5aONet`wD|Hb zi6|1N*}r7*+c9FIo<)QwnEmPRv;huqIcmj<0wHZt*=s*P^%?cP-knM=n0?zF6%W|% z4EhLvA_!S|;8zy=97IMCBZ9tq9=u;!4&0b{_r2J(^0i#QOZbdNRwl`OI; z3<79N54Krh~Zc+CtSXz&`>Owv~8Ujg0Xw&DJtgFN|@+mXN3X??!v2yFsuE3&$Ed zDoK>r6H9mt9{~3O0o0$BhyBK$AXqGg`3?0VmX75a-C+bm^FAnVSS1*?OV~+rO^*q( zxyZ%c{!DaC4HsBKONa3uXmpbVhKoY-JP6e&$uj7Pp-Tw+l1RW`Ifnp2$<@VtfVI=@ z-cA^0<2baGPbTvPXVC~@h{1I#J|NHBWd!o?i{eA_U07%~jt;uhah=tvXpmEQU7)oF zO^g^-+i6l25<%sYq%|AXH%O<_M%;m}j8oMKUB z1LKaynDSpQbACsZ;~otcg+M74TElsPbPbrGH#;4;e8)a3X08u!)64c|O5b_)ddoAI zekhB@#N_L5P7@yc_K?9AfBzev>s4}#!pn=}7g^}#4{m5QLkmH;@oQ3B`3fwlZvt1x zv2y&MaE)x{%QzAYnp#i}W7gwwa9JEa!%!vvCaDfah08k6BJSBOzJWEowdL3SK|I?E zTey-TzK6mHZzM9fig9YNXM&tDj?FP3t^$vEaH&%Sp#R7&fum-^K&CQrq$0QePYn^z zdpYRLMF)Jhbjpm3OX68GpRIfRdZW>XsRyHm7=!3<)3eV@kPNtDW9Y9^N^lOQC8*k< zbzi%B9=%63QNM;^hNoRz-XSpQVp%$rh1@O5xTF+Ult)@m_60wD-wpP*W-|h*j@>~J zuZ_Pc2ihn&cT=?c@ACmBk-ur_4cnZ6l>2~es)^QNQ3t9TS~*iP*H6{g7_8y=XM8We z>NH|p66pyA{*hV$ME6BL2IiicXifDu1GAu;7s>F=KsfPzbTq|N;hO|b zZpi2ei&`LEaI=<&1GpIy@hwnYI(j}E-d$^N2Ihm34rU_+!%nfl+xgv>{Fc9#t|`k2 zY}}CZoXvX=)%qblmq^c0ZA^7)dDV*5CRle2~Gd>o*(lQQ9^s2!zbJ9P>&xaFK<*I} zBq%zEO+4)I>6DQ%LJn^b#;B0{JWkf&L=Gd++pgCi7maZaB!$3Ri6A9}aSCHqU>-7t z;G%X!aaC>z2Tl5IEnRu-H;)(V0BeUANHz}AOWyG#Hc7lH333TW4JJ~<8GC01#mZWj z5WKl=BT~}T-&87)QP50c;l|xgY1K|iB9*I9RpL`e3uo+D-EUbPTr;J^mM8U1qy54! z;|-MyCyetXR!xH7)@7&q?qGsf+}bti587g#MF<(9QhjdFPz%SU*uZuR!QyMQM}OM! zIux&ntc~D;b+LZGjK8y>^6Zd?GW*8tR%aiQHIPh7AV8@SqcHup5I*4(=o1MI;^IJ| ztn6EqpqIz+&3n9fq$B?q?bUrIMR^#$ELf!GLFeIrQeIGAa;`v*E)ZNAO z&0qm>@Re%~U!EU4ds z-H)%t$kfl94WDYO=Nxnd?>L~ag*ThT6FU-ll^%(9(DCVFSiq^>=`L^OExcvJ6Ws5D zwF$S05(VMOh|kO0OsZbLx;8 z|0kPEtEYX~fyFRP32`CF>$nfIU_`9wO7QyO`?Yff^%UM_i01L46iS>YI!^FHXgG22 z$A25>iznS;rb96$g|Ne=jCJp1=zPiEJ3JCxcWLE0#;O>%w(c%^1{cu2x9TJ zaQ;8O!)a}(evnK8Dk#P!XFOXkDO%{Ym6(k#@*v16u_PE}@xDAK0+2z~gpHA3#uG8F z8p{dE_d^&TJ;$+^P(zddTD%b84{i7{MM(DTx^lBBGgYq(T{JpdyrDfyRN_;4p?&Q4 zLGw2$u1k2oPQn)ZYyt0=)b|)X7$5IKR{Nw54h+;U4tREof+;)57!?lQW2nFPjfhiM zQ}Sz1@%Ein(9$>=y=%B83&a$nKPdnHbqf5Y6YEf8I2tsVM>3?v1WTZ>G46AZc$boJ z30!&mL{vv)DRM7f!lXtePyBHpc28lx+CEjb%tx)8d$$W9( z?o`DEelgsjvn;1L&KZM6jdPBw3D3iD0x0+0mYsjIPiTWvEsLpxg@*#n%|O$b;&+lRoVk3>cO`KYPq3`VaCj4xIBOJ zo|H9$A9W}%=H@hNfxjShe+|gugFmk)adqP5_$NW_<(@5}t1hBr1u#bk%uD%d8yETo znen7=WovW{0v>*k2mOBsn2>$^eS>IbE1pm+d-snL%RL1;I~U~lmr8mo43NNvF--#A<|EOWH!V)-;U01$>1potT_ud=X3 zn>>`pZ&5Hnn9T1(#z9&JgB|k+%Ehq-G%JW2md#~K_@g0W*ArAr7!@|d6i#7uhXy&n z1{NC85XHxq+#wtULp(|s6O2Utw>D0e22u@Gj^kYB()vK3w2Sg~TvFkQnV_~a=5$Z0 zj{ObkVLQenSYVPQ?k*FoZ~wr{8E+&ir4dSZUR}T zmLI>jLo%SY9bFQWFkadkZ0m7A{?yOE9d7O+;2?mENUIvF{wVx|Kr4^yz9(@Lc)nS^ zpgtpi9)5yX1dbeiY$22-JN4;|fEXop%!Sk#bV@B!NISGK4SJ6=cZmDRNz64m>?xQ- z;eAc6XxWM&U9IswC<3T9aKe2V&i%)-Mcdv)LCh4~G`mlwl?6=QRRH zHi85X$I|cwVJ@T#)DpbV={b%kwc5a8;8a62b}%D}BGC~gvZ>zwsJ;F#iH%(g{i_-I z9XM(@41CLgl-1;8^Gx5@UiG|3n35Rqt0ioIWH-N7PD&ycZ=40OFrsOld;E!)0!pGf zkhUF8R{p%yxTUv1?ez_YoPlYmSRGaNyrKGroY<=Fuu2ek(snn!`a27nQc@hIC6J01 z0ZNqrQqju~wVyhiBGmu#>J)GwgO1rg_*FKYrH{!*TMriuEChWznS5vsm{23jt4UV* zaZ|HS-P{#+Gc5qrDvrc1vky{cjnI3MWaU%unHip-U#%Z84NRFI{<D07&y3Vq9IDWV`^w9Y=33bJfAgjwpNc7%0wJ7~gFNB*X;&QkU^b2fKkGO{>0 z*OiyedbY5Rh`4`}F)DtEUqSB2vATh*V@gHBSZwCYCzZVU;mpT7a38)QK^H8J?hnXi z#-Rp9Cj-Z@?u1dbVK1emB+`1}#zCNrL^0Zs_~D_=i%J---8flSG=t)YgeA+~1ZPL< z!DcGap&6BJkDY#npJ9KlV0*BAA%O{#1O!?wWZ>51uR8L>aRP&%@marM)}YVes9Qi| zW_gJv)&I1#X-Q5P3*SkbTJOn+SCG>WWN7QAjxA{Gs%6#edd@J!uz@?_6OvR@Ft<+t z##?%ovUO_o8vZeZk}45+Im7|G2(Ew}PwC1g_VAtH^IXF)d$F?P_QOQHwUCSN|?DGsb$*=Fd39pfrmY=9o zsftN31ZGrT@9Lxvlfu!j&tsVxQjkm}hGbv+Tiet=4+2|}KH94t)j`)X+v>hc3U81A zc~B+Y#Ve-)OoliL?*WiWzsx}G=L<2Z4uPVm`S+h`)&m{)dV#$4N>={5BUgH#goEvM z?>=OXx>t5+UGhZ0G4>cQ5NrI4I> z3sgU{G^rghM+UhB#-kk6OUv(S7znZfkA)e6sX{E~id|MX`?ps3bJsZ!OXjJUil|X- z$@jx=VAOzn!+0S%VTuH@O@G+U&5D0zsMaO1_kS2vdBI2V67erWV|up!x(x?Z?E zYg>Q59*|N=99B_zn!o{$Iiv zX+%%*^PZNEWuI1ASX@D6GD`4SgTjGlJ#>ztxZbNx5u~_BW z6`IA}u^+L`d7E4OV7s!Sb*-xBK?crW!WAWrBHMrlo?r<{Re)QK`#gxL149YGI@C*j zAKcF#oYM@`a9x)@55k0D)QVfG#sye1ri#Pc2l4~q3lw?%3t?4>EFk9kV|Jtfr=0P~FQyc%bEPhj@0oiq zDMrcrG7)3Dn(UfY1fApYxA8~G!yoTcb>rWE$;Ou5LZ@>i>GNVNDzu8Mfw=l(!Qo8Q*4BKLGlT)9;fD*V(_-G(=qNd3*rP8pDQc@nt zEcLf(xI7_6e_C1!c2WonbPF{gBuQfIQ(q9i^%XipNURW@y-Jrw=;Mw~oK6rGHW&?Ko;k8+1rZ+~X-}C{mKnoot0j4GV|0q!mP-CG7`(G(kx$ z7cdhav6LS#O;7^l8I=E)@}{BXSh%K58X~ztbTGXP8Nztk;78#lUyqDmOled4NkaZ` zct>b7zfO9Kz9S`69*c`&@wYvBp2S1EN~#LHEukiffrl3MdxM_gV{uc^Evjrck!Y0h ztBxq_;0Y5V1o!QawUbl=D$NovVSiuyn>omENH1ERgv`~0}JHH)aXS5taOSHd* z?Fdmci^m+AzY3Gc>q}V3cFQ2F7??OeF<~q({QuyKg{qM#VMtUDe&-D z$O1@yON#4NQk0aFT%Z3Rt`7tImz;&fC($~RaFi~(BI0^ND3Dtts=pHpemsme>97Bs zB=!~Thcq5f0!TL)+cd_eAQtV=Y%Dp|1skM>F|4bNG3dj7V)+}lE5KLglzbRN2i@(e z-zD$kWr!R;oPq6Bt~8pMvBl_eT->P*C0$bdb<(0AwgE;$w&+SEvBj|BvMM~(Ta8M; zZo8JGbySmK_o-<2leY69Bu2S{0#kr zf3Kp6?uX?UOozt$&Rc@x&}X&`C4KoryTSGi>C=0GyC-In=&c$sDpG*P4R;1OKpgO% zwLIU=C3{~P$018!@=z?bH;AW&N`f}~tqwP5TxU;STtLv0t=J3g)m{cL`Yd0vQI{)% zUcd$}_zMdWa*wTqr}xooqL1FTW@4Mn6~kQ*rVFmhc9rRf&P}K~gJ%SfA3rNtY@;5Y>SDbX>79k!gqmpinV_N#}rK8$L z$kfw5@r7)Z%VkWuTRde2VGlb&$Uu~j3E33tu#VOviH!glF#ya(h?jGqm`I6Tat=c6 zG6nu?#PwPYx&0o*2Jf;W zhY{WQ3{&ux0cpL{?_6qV9!yx-IvxmeWW+q{;mG=>Xn60BQiUzmmD%e;i$ge0OPFzp zxD%ZX+=@=E68QX^I5`ZM8mcXs4DlwpuM#Cb!zVfXe_(Po+#TRWuarm=5yaMhc@{(b zuJ@*Av`&gY2`i`JM;H0X;In0PwdF__D!+9@B-u%F1MgNLoOes0#g7Xd;4kAo;&+26 zm*&Mp(vGQ&r42DJ6S@AsSb%6WsO`a9pk;iSQP{*+T*3&lA=PM$Kdw7nf^nZ|5NI$s z$XGZioM_Gs81(oE7#zok00?PJpC77qS6Qfm z)0r;618$ha)!ZXaWH3C}S{68tt{AAL#RBlE;m;|Z=N!5faG59?&J=#3@zV}+Mpb+o zCd)A)wVG+qZR))ozFAQ3GmHv}B(6llMgNVXMf0!mIwr#*+VH-x%o7~!7iMV`4(e4M za2$q!Sav$atw0QJy*}CG6C6>0Yz*~A$h2?@g(Tu-UThL_LDKE96o^3dDlbZW5Al*^ zk@3iJuYSFO z%l^mWO|}cq%I0-Q65O@NbS92AsFmmY?=udkkAqJ^?r%2)ie=@F9c+q-axUQ@x4EO6t?gt`ayJSRX;s zEkUZHWC(nSfUUz(Lk%ezRxW22ZS~lvlOyiReg6lSTA+xPjiyfnmHq_BTgF2=CMS2l zV_K6BxJXrahKJEn3~*c4qlV?{3As%17J3bMsMo7AZqBX>*5}y}c`TJoe^K1`S{($O zE`v;hzKpfp>qRAxWL9@mp$Yhl>qHWZIw~L_@^JZ!0zbftbg%QYXvBR! zx>heR5@^ydga-4KNoT=$9jM`fuefb!qWsHTgFLM{8Mr35HI2phHnaUyaCZI8BrzZ?8`j8{; z+@3lQe%%&Z9&JP?8tMq=UC0%Vz4JGB+_t$ksOL=46ATSJrQRC)0r&ep>EyNf`7Q1*wu`(rGaQ%0QoDXmzT%8v3k+W%T#pNCZ+wx68OTdrki2U$LiGsP$m zL_F4lpvO^K_;#u|GY59;aCSXStsy&~arawa&iqM|T1^!9$C$1?Y0`XG@A<9yw#HQ7 z(ozN6#2eLo&fQeX@GA|VH%h^?7ks|*LhXD%9YBn~ev!<+4SRuG$Ok$uICd|{zPdRi z9TUaCV6>vz>zRw7X(_hsWC+Ca8Et?bsjUZgdBw~d`jG#@^t0`0%yz?Kq_~z{Z1)O0 zB(mn%yom86dUTzNZ9giF<3-N66?W&sSX|0*7u0&Zht@xwL9UVDi@DFOmVit8p^6a6 z*pulOaMOH~txd#cUz4ijz9hY*h0`bzh#oCQcq1-XdjJ|v}BZq6M4gKXkIprbo6dqaC{ zs=AO2lg0!#QaJ#aIPcXnhg+3LXhr76#aP=^&c)JfTfe^wR>k&}Z2tTzstp*Ey91Bn zzK`2)xi^fl9o7`}wl3JI?b!=O00>Pp6d<)lfig?0^A)@7Pby9N#B;vX4wcs#A&Ycd zh3APXKUB0EuEDLAZk(>JPdCvv%%;AMSCr%dPFnV|>|}Y@w`TcFHHLqs4}kUbTA%E` zvY-6cG@s8e2&<-S&Dp_K&Qwic{KCg9Ot?nZ!sPk%QUy;EEt7V_*|bQgI6nX>XTW(n zBVuhxtTp{*GFW_F@bAwifi+HZEDxrg^sTv67I{A88>1R%n@K7)DGsWtMG74pM~`ot zY;1~CggTao^JP$|!IzhA7#)KikUIhD&F;V;;?}z>8#feKWBTRo$>4X$Q~=1NCl?hR z^Ck631_2@K-@v#<2kI`_Rxp#TmJ%sqy^N7_J*KQCB;?%on!5T}tKr)IlnSj-637D* z%h{h_Fb@~RWX{H8nCZOV{GRx=ucM!c^SI_yYZAdqYK6l$FH0oDUxcoY8n)w0Doe+* z;^$axV4a0OA_K(Gqc%V26{$#3?EN`CD1%Y0*51JF+e>M`wFB`1#RZTI5;J2`lHu(G zS9KkFz!N5-PA;SkeN~qdgevetdN5(Z%o^|(d-Xz2)LN%q4hL&`$QOxYOHdrb(%BVG zGRp(Pqu%L}KeO$L6#uM}_1nakx}!%x5Ki$jHxON_FtO6%B}#0LSHx)*%WA-Cs&;R4iS#c2{QeeL%sB_&DXnOZ+P^ zd|CeuA1NC30k%MxGd&szFHTp5h&c_lZ@o>Z*XMk1mL{CB8gb8Tju;sZ%748*IEod% z)`WrJ#F~YwfF4m_^zb*_(8i;oE;f-)wdZ6i#DOuXKld&Mz_C3~HlPoJZ(dA=YPyi! zQ4&sA;O9?VCV@gbF}vOZIuD3Ja>9|k%)D1>oG?TX-X>Kb?vS`3*`V?X;2&&!aXVv~ z?K4ve_UH^FA}3st3NBABBO|<^hoSLLpbp8+m!odWZlGgbfe98tzu*1+);Ff-uxl@y zz_pb#4QBxuVumxGZM6qU_AK<@+9uHdX)Bl+Z0w; z7p>RMV#!D=SblRPUlpu|bOEudIjJa+2B&YJ4}mRi}Ek>yZpDdKWzJ$8K9ABy(V0gw#}Q*`k@p z<6wlSE!khdgN+6;SHOa^6uV*j=W_r7trUbFSbycwTBKkR`7G;4rh;V1n%64;@k)!~OM8UeSsCvW%z z@dGLz=rF_xsy-#OBK8Jejl91%Uu-iV8fVHb`@lX(srJ2;7a44YE$NRy$NQyo9Uuq2 zLMdc=-m(Ab*3yj~@j}fXK>7(hSMTVs$B=FHy`^4cf}wDiXq9FuWsA;Ab3m3s_DBKt z1(^eJO;^C;@RY1!drvR#Sv-dfZ$LF`6#;UfAsir#*CWujxyd*UchqY@4D1(Y^n!(? zj1S27QxYgx-%kpc3@s*PH}99)Sc$>*Ri7ZOn688_mHR%xmF9@(fO#PGXS{xK_tcSc zD!0D9#dDWA)uMj`S8(R`d2)x~9h-^ ziDSL~+Tg~dpdMZDmplX|IGdE&0J4|wu$e{-$Em!yQ6B6ura_O#L2$Fee>G_!VnEU+ zZp>pQz)=-M6=#Kfd_!>9#(od*8kW_6RF!?ceejcfR!}BqfEO6x!h*o8QIu%||As0Pb;$;j z)M93H+#FO^qOs27iLFl?Q6<0Ss+t*_IVJ`Z#z?w?Jli8q>3vPOn@rP`{FWE9Blz`b zLdBo|3#VuQKjHKrPh*AnVTUSv17kSOHutNaOe5&GV|o0dGy%R_@3C1S=IbWVn(lBo z59@Fyx9~Tc71XKpOtw|e*-%m&t>lr`B{?K-{T;F<)*4=ES0Bx<@H6_k z`FtK_YTFNh>x0tA0WiQGm@B<{4}?jRDR+kBc|Mz!)w}cl0Z2H=B zzX2r=Ku&t36#99nR_F6?xXOI*0;((WUe;e?WcW5CZaAb#D8{BNUEgi7M0@G8TjC0 zeZ{@WkNx~C*5R}QmOjjRwZ_^#*K}&989zKuOO;I6IG?B*t+yTW81*MsX>6Q?kEi_n zxLAVbNuRk=tTuU@;9>~-&`N)qB{z_|#yt9T*^@E&01i`wFo=Sc=uN=SgC|dhE9jTMYdvw~Vy}l&L2>r4b3&vMo>3?cZ=OzLBKd zZ@H2zYyo7n7dFDn*9S8B3`#^#9hqsbqHo#NHx6c8^J$>tVkb%TNaeH1H-5!`xO|P+L+ne$+ct>d$0H8 zzR%D2QeUpUX8z=xd7kJjw(q?8!al*a!aAg`_G?g8%k5B)(?Ig>%D}deeEQmYh^QD? zE#X;@!|vRLQm$5U>}AEpeSQaMzF zv+LA}W1elX(M5T@CKRp7()aAltT3pijJe46l9u&Y3=qkPOq_VJy9!4&FNlJ3~zYw)MNNN7oLKt2OJgeXTZc`cEyhSKxTC({+K$ zmDqW*zM|4rQuvPxlOV}kuV0@7)O{0`S8sAKozDQ#q~i1I|IXn=Ii6SMz+j zt~KRng9%}V_XXPJg)*usK8fypc`NE9jI04eZ2z}bsQp_j>R1vk_YgTp-I1z7OJvEe zXcUc?9o&?sQ#dTR3NYzR0vQMl~Al2((X8uzxrC%2W6b zN&RNuxxTiO(P<+*|L1#xbirfmycopWXpwVyE9bBMEjS{=A>_dI1^Vet^8c8O;sXz) zX`Dpqc%|OMPwQ9;rRy@?DwYIq`tc7c=2L#|@!1GG7hM<|sOUk(>Ib5E+aiz7%PT@} zy}jd*oUTbRt-8^$A=}7kYIbs5noXO;>33>R-RPHWzfZeek9eloaSe~QIi23m`m7$} z82v0N6-|kqqh=)FtXJ6EcCT-=xZ6o}T2FrVrN2|PU%8mF2i`XNH75(*512Ivx_r6i@qU8M9jYo;zGSW1#b$05C zTA)UPWHSG3F$Uw@&nv>V{IsV06xZYy7I@S}GaG4q(|O{sau;K_(h|SlZ4iWFEn+^U zD6cJesMw>D!2QohnP(}0|I^L_L&Yu7>~(Hw;$IO=GhN7rx--WT8!oA`E6xaaR- zH=gRxJe;?g6MHV!8qBs7c%-MX$J1^uzS(l}`99Ukr(3kF#e>SiU)bYau}Zns)QLxT zX#dNWcs~%ni9bdWGt#x5rr|e~YQ^(WYxbk9;n0Wv%wf)A`u^r-c{l-*qdPU@6suXJ zFFogHSLeKc?+up7wNcokJPOsE^h}??e{LfJ@&BccrI@WX|K8dluM=W8m93^_4`}*$ z->k8)wr+lPnvl;|%$H#fjYv3`XKTqAv+L#&;0yZQev=ib*@Vx&G8s``UCE72$nl|zqrvojQv{%u<|UrQ5!ZGO zH1;AdKbW82+SFrrr*n!vi}cNU`uM2>bO$tcGqpDm>jPC`GyLR7udrwBSI*l~;>j2fUtO89WT;$<&*|bs{RmC-YAtIv(`Z%#pbG&& zUM7A1+np}`A9kmrCyWXpoD@2@&%#_+w-cUN-)`-Xm^s)EE`*Hgdb?ZiOX4FN&YY&# z2|X_CWw*ZXme=Y<<_ra_`rWcF8+k~?I80~)QLbQn{>%?m5F^vMJZrFJ>*!|u?z;5X zo$I$9p97Pl%{uNF_Bnp5Bw@dKJC38H%j@OUugszK&$LR#8nZ}HHRh<+#|n9yw*55XG?Oss858Geo(9ov(b!ZE@`@w!Yc!*woENLCaIMQP1;dWoZ-JeUUyZ zBA#bElf})g-te1!Yi1Bb{7JFx5lz?Ey*Zg{m*}JtuSK_J%;+TaSYcNYwZPrZ8!8it zh&Q)yQiQxTcz5@5^kjxiYkEb4~1YEM86;X$gw3H2f2pj}uuTPr7Ta+VS@E%y6jptuq8B|J0Y)2+EB zy+x{D#$mDZ%Viep*;`kEoI{V{qd&6-F(Q!@vZ9lNUw+TLFb!1vGW0CKN3CKpbT!ZG z_{wQKZhSWCNT?I5U&C#V1${1^Epg75hd=1H)6J;A+LC5F7!7H;*p!{8IHK`3o|x>< z{PB_d<=Z~fTAuObS`i3yhL0h;&-bZ4uX;Y(yvbK#G72v>0;?ZY-B*zn&w9qB8mYK$ zT8Ly*LA~fSnO*6&r8xvm_a`U=OGUFb##qWY0!|=3bpn2WGF1MW&PLphTlk zi5@K0*?4d{2*PpTEbJ&Hr&?$6Z(!*~rWR%UjNMd`NJLg@6RLT*0_pbdKoQl;VAdGvV{4O!E;Mx2+ zQ|8jW`)BHw&wlO>#=365hHTMiZLPy_^P*e?&NWTSxg)puW()5x`s{0q^f&~kGo{;a zU)M}c*&TYRk9?FKV6D%!!>e^{o}Z8(&h@zcBzJXlTRVH}YyDxn*-7_!%wCqQ*^~CpoItToBrs><$w=8%Ub!$!1?SoMavQlE2>|zxF$eb@obR z{U()^9j4b{^G5jIVq74&hHPNpdj1+*Yl7zT>vGSgzQ9KH+;WVqTHw&Qb|MQFg!+ z&^6&GUD5Y`>u=F+LB@#y%V_83MwMHoLV8bg_N2`f2|HZyPWLL^R=Xr)+vb4sUi2#L z0^nN}XtQ!`soheZp5y}i)EAB^xUO!blxuvxSk|7!-g2^Y;#h$t^AhJ>bNz~tiBHUt z!&nlp^|YGnlpT@I>HS^l`FEP^OXsiCJ8iY^ky1RfXVr4@$d6_J35fvWAPEnddz_sF z##DJtyA&pW6xiO;GLe&w+smSOq#ot}!`@#;MHTho|FFU!LkKf8A}~Xjq)PW74T4BW zH!9NIF~A^5iy);qfG8k{BHb+=f^*R_KyMp(*IHt z0CeOU!9rFBsuvLb=aoq<8)*O%6BUrkSGD0QV+UbBUcNr}qW5*@5yUIL<9g!;Wn%$t zk3Wy*#1s}7wC#?EoH%6Y2(td?j0OJ`zx?lN0?zn9FFF(dQ!^X}USzYBwrc$HS5LC~ zQ+w$4--m3Y%=HO)fKnqw-@xs8rSjLvgswZ{lZOwq5)9792LJnggt*tM(ml(NmnOHJYb5b<)-}rM2~`!!B^9ARII;~@3~g( zzvVME0VJHqT=L(HDh4v1m+rLEz5Bud;y~N+AT+`+{}jZl%Xt)ag&i8w-40g!PjO*L zJ&EN%n#}+G6+~J|1^Oj&*Kh;xm7I4Lt%as_wML-b9uPjx@72HsuUnwkLA!s6FX+to z{_C?=m}AlMTF|!V?sLGXQ%SekoTzZ=elXHr+AGBkIvDb+K?kGD{2O7hoy5-XPP1}~ z{9kno-*>)vVnXe;zd30LQ|%i39~XeZXZfSH`8EI(bY6#p+Gcv&bdJ+}YveVqY{#QE zLV%8OnN%s^VbZgmHpU$5-^t$r_n`e6rf|&{IbgOpr~#0MoZYh$%eGF(x(l|YjH9~J z=7B$>6uMyE)F}Za`Cr9SW@6`C?!4l~tEcV&7oY-+Zq}gFTV3@cr!dL6)Aw+HQ1jjY zFbhA-wZ_WWeCnXn%9F$$3|@;?|3;s0y*=?xa79J!3Y`lbBl&I6SVkvON-@Dw$WL}n6jVm&LL z@q+9azzy276{7C;cP-*DU<5Hv*-OS@2cR+f|F-T6Zfr)=3f(OkbNPMm_kKlw0FB&D z)9S6-GovJd427(x+I4~87g_=Nlubo0+HJ2}SQW_PuhojNgUKC#x*^RVoO`pCGvqQm zinsIG&9`>bK&E+}1YTC+00(+d{n_=bo?0n${1}-4U>04G;WNZ67M}n(VHfoOR{j;q zM#f6)VyZ#o@BmhsykfhN$Qn!omr3`L4pQlJ1UT8E>lAGlP{ZlGh7{bsbKfbZ@!&c_ z?kl%``BfOTNgOaK4!{Q)Bz@XJ^EO-H)y1!uq=DlA1c0?{i*f1X%u{-tRDHVo)#d8q zsH#jB$_~&D5ez<`jRG$YzJq3Y3h%ptX~K?~JjRteph=k5bHX{o543S#qX#;{IP$(T za*0d_0D|3r?@TN0i18BSencDsb5HNZCcwPJTu8VrKmP07MsK~p-0uQv`r;BWccaka z=YzR#m;+_|lkDrfH-U`LE$Msc=8qQ$?Eq7M~*v`q)szS%Aqw=&NSrW(>;kS zJMyc~L}&c+YF8JH?$?GR;yd>_4uww*sytprh~vQh%6qOvS1V+z?S3O8?lN7=l-cf3 z!)Bh|^10XCM*FwccVf+(!bKSy^qQEsyDrHELVj$4n`dc&QT&53b+i)zeK-YZ z?5t^G86}9Mo4*x%?k#p(#uKkHk3n0Z`({_7#I$KOfE^4PIkH5YHPd_!R{x#Wqi+Nr z5nVi~vz40#sDLCu$7y^+etyu-9P9Q@adtL}tjK#N7=IyJsK+V$VP`Mks%$p@Io_G4 z&or*`a4$WWXj-@tpnL`JDSj2lb5Yg+WpZy|@$-(Fskf9Rm3g->T8h!NOJFm=k0A}f z7ykV9n<#hw7@tsFqLrgUnF?Z#>8PVq$u&e|0Yily4Dp*Lk@Xtf6?PT5topx3Iu#l(vd|S}*^@-|VnM{W> zs`nhh5MGn&Q3X{Fl-h9{;8-dIpOZZ>3nyu;S4>vIVf54fj41L80+C_1iYmwDdsh_b z8}7`42#o;qGHSVK85xdkAr>N>QxGg%<&!e}FCeqwltNk?aNp3Lt3%2$l85@Dr^}y= z3GYDoQXb)U1pNT)4(B4qAq6og3&l-WaQz54Ut;-X85$sSR{%XD9)drcEwj3Bi@EVi z=0gS`!{B(&+paQg+(zC~4mL~9orcM^^B%~)M-)nsX18?lUbRR8+DT;-oJkneg!(R# zW-u-opM5z0+H_srSHm!D+1qK&6#j;IjiQKh=F$4d!yti>w+Hg4LWd+xZx8WyvIF>U zF}4#d5SpI>^hqn`?pzFpur9CghjlXsu8_?w!H9D`C&VO*A6$kwYG#Q2#7w>%{z55) zcVz7G*E$9}_i`UDDC)Is#;!xY(x#%{ek`4) zo0V(4OHbl7AhaVfAa8iqr|GsZMP$fHHe|X{>IePq>)Y@MfQ*W64wV|1zD6+d*6eEw zJ1n!Kr8|4`ufTIBF@iB*bn-XLO{wOECIj1yf2S&yZ1Y5Q#JMjAdWv_d0f0yJ{0fkT zmZGo?vrnqIz3R4kWrt?>P!P_B4)XJR_VzQMMng-W4AoD(-faubGq2Z#DzVSCh|99e z+nr7MZqct~?Hfj&lFt!F*HZ=F-g|kDb`zNT`1>87=f%Q>qT8Lj@b?%G{{F1gZNQ)P zv6}}hi^c85t(Kar&c(I#^Cw^l4gNcsxX9}4zG+nXV)%u($FWnz4}-yp=WYr2HjMI~ zC3q%X?)n|P8(>a6y)*E9T8@mh>yPZMU=MjncmMRH9z-W7v?%^NdvM|Vyl}-tB;0mSm{b} zs36>61Au~8;d>G%B-F`MWr}e95p3Is4@E$NpacrGPoInT(__elCK}wRuWZ}ztZCfu z=3cjjQZ^UfzpybTd4%)~Z2lx7&7O^yNr4vbmti8sxU=2bCTb-vYYGoQCcqzNJ{QhLE90HV`aTyA zkn%mW7q0kV0dbkC^*=j65o~=eE(xxGltMoI$>cPm{-1v^4UzBGjPwiAv0ibU20sA* zQaEKV`;(mwk!_Sjd3-v5zf4*-IHcT6nMjI}I_>g(T~fsP{=6Wb?3`E@_wWZbag^^> z&LwyH`#aaLzP9wDoB}01jZmvMeEN{i7k);QOR~aWQ&;3(kTA(VNru5;+EOuo`#MQ7 zh|sV)B*i{+C;okszzrnpi@9&5 z+qNkuqwU5V%!_NBk#pN-+mQbx z7vMuzN3_O>C1#SjuN3L8FMd(EF9xj5T01D^A=d^<`20L21*_~;i2k6XAAW*LFjT(& z+<3AWF0=!4SMS#Tj!*l?EpH|q%9RV#=E^>hvibh$oOzV=AU^yy9Tj}+$4Hxi7vp8f zR@{3Ed(}QuO1cZlhp2K{?9YwLDTrLm=m9cI0qp)Ld^kD@2?f2k96kj}ij@dh5_CvyY~f^nAD+7wOUowU-$Y(OLR14UPuKXUpU<4Y?q@&1 zdL!kIYjUx1CgG#OJa`?|niPK8^NI+S0Y`fj-GeWo#V6oB#j5V&(6yf^Q1__(%(0u?n?#OL^It8*`jCSLcwWARt;a+UQ+$bx@5a8tCdX-GY?S5qCfLqDzhYc z?AA6>U7~R3(+`-j=_m1I{v$J*)t=XP6+P-wbF9FF3o@3A2i?2{ah$-0BtU4HS$|L8j;ICw^^^A$6?K(QZ!1Sc58i6WCwgNbE&KX0 z|FHZH(gpTM`p+jb)qz(qb}V&#j~up(niZo7eVFfmPXAqb(g=TQB5E>aC+z-?1b?g# zZ+QaSzxj_|C1p24)T>4x2e}Jiu`(k0X)WWh04h3WpB-V-q|bd%Le#k!HdyG1#ZNts zrkzw$3~W(>KVng&`OMb?zx|2$2W>nmDP%~%USZ(|&-{t1U^e;^mSNUv+D6*1p?$JV zZnFYEH}~T2(Qy(Y_<+MOOZRUHL)Vau2Yj>m}_4E$8E*HD^l z>4JL%zE?ZER(|B&oZXv#D^_@HDg%)YF+;|>SZ>9cVw*cS3NWRXWBngik#9L87d+u)gZcStA~eO!=3z>0 z&It2&w~yC1q^qLcs5k&yAYfu`rPfbd)hsZi$C=4OF~6{f9_+?4d3q(4~|CD zp*Tb%4iBqf2w;(AfU2ODo`(ui=!z^ z!_Rwh@Zvm^1D43#P||SxhniAh>bxaBjKOx_+-3=#mXWUYUidsg8 ze8$DUR5e{D4;vD2Y9-aL`gGYe4PT#-$Fi@p-38g3=z|`-&?2M zZFx6`>8r{kXrDrn3pZVw74g3}clqhhnqcm-x1aS|CBt_e zSFEGoPYwCJOLT!6>eGD19FM4*&Y_iLT@e=1(jJyZ-R5-PImK=)h@m;OZcFw;y1+8A z5!v{F!NyD@t^O}HJxnbiRvJn8iSQ7gx!KYw?^m%ecuByCG&{LmjE&^K;^;ZVl4;*p zC@No5J@s6dhmg|U@)t3X$UaZUP!aV-N(C8gi;mtIM^f@uonLfDGrP~BS*hBSVP0-JmDT@>a^%qM8kJiK z?+HGAB3tS5A?*)J{sRh%ec_kxZeZv=Uvrc*V3XFt_V4#Mc8%{^NlDP+diD2pJq6;Z z5Q+r1ESHSe9)|QS%rb<;Q9aBQH&LyQoLv0S;l(! z!|$4fTx;+Ha-mGQ!qxC;gGwH;1~>Ct4>(sA^j_H3{^`C*D&6kA@$Id&yT>>=dtr|Q z%f_ZJ2e-#G*Hd<82b<*BC$q}`W*Ldh3m2qtu-XD^1-5+)KC$}3^3M<}k5;52CEt}W z;YA+Yei-BW_x0bu9ss5M{GH&dw~+~gVdD(RmQdIW$G`cdYT%iy{mbt}nj3w<8o*h% z)B1gXuXkZA;`Co32j>GP-QfS0N~f+h&n})nQiC!Cxv-X_Jos2h#hP1}MLr#NurmIgw9u~9zhvy4S%zVIB@_po?^&dfUR_j|oB|po+Q?_^5UH<&jYk%Ix zKpqth`3Nl5A9~CuAO0V;(FuILfFg{XbrBLSa|%xpa?D(RR`_fo6g&>6ZyiGZD{=lu zV?7+p?RsXDjqUnShEEHQ)P?{5YOpY%S*953W1Ibe{|5)cqn&{FsF>}4r$v12tqzs) zWw4J=ST70tiFE=tG41lQUzyiQSm08Pz9-we36Dxjp$2I2>-rfFf5?M||FVHCq54>m zlxN!;dQUq+vaC3nf)^Z|aOCih>wooe@QtlaT{uS`wV}rwy?co|ev5*26@aFXe1T6ah{qE>%1^EB#vHx@W@(Awh z0tlr|@uUC!Zs^UZBrE8#y-$GxsNdiDlPq^FRa+!q0X#G?;<#&zW32@B|UxbzA{`b%)Uh0$9`kF#|K$N~I}wO&28UxWza>btZe9c2$y@=yeGxZYhU!|xt_5i$ z+p;G|(}DlyqWF>tDY@D~^2j}UagQV*e`&4`<&*0rr2`>F(58##I_!sIr+lMq{2C4K z(kpq?-hj`@1IVe``87e6fOsrd@h{mh9aaJ4#%rNil@5N8^$RGU6ypI<@$!wjt4m&$ zq#kgssVkPVqpW~zd~cTqO5cbD+gN8tM)$z#v?;Io+t+B^A0Xf>G68^h`y;cwvL9s7 z*iCY&+#?iyL?~FO7(sPS9@>uoxSpKo}$wFd$cHfbr{X#7G{Z&}-`*ptR-W$+d z>do3>6Uy{nOpQL%RX%%Pcm$yMy1$dmt3dUTxS>pu76%S)*GP}slw|Z`ZgD_YYva8Z zKdsL;e!XLkmC#md3t^D}O2M_T`I{1qAgT?3Us)Y%4wBb_sHqX8_Wr(dYYaU%hRmk# zni~7-_I20ay)=i)=kbpUp8ZrY@tVa8)_(=A%)lo_QqlF|rUfwU9u}c>0!>jOV%IFy z83J-vY&tU2>+oX)0~Z*88t^HSHFvMpXj%u4WP?$m9uavEA;5jjbR}kx&<7FP;wQ)R zv3PTnx$1PHTh)6;Izda5fJL|4ugEBxZ2)=!^!WNecuxE46;-Z&q2a_z^VJ?_r~7VJ zgox0HxqXg8z=N{`p>;roQUG(3ddx(7ati$a=mF|WeWnkft2(ojFnZ106kP@3V894o zq;Yz!h_;=o+@A*meR8gPTIEv2!CKBclLP?xW$_3+SRFR5%JP~ch!DQ`R}pZnS4OF6 z9gCNa&iFOpQMUt-@<#SU|I>Zvi>Ot_K19b@)>+`$hA?%;HBLCaaQv6!mc2UUP1%g< z=sS*>!{DryEkIM}Q-6Qo`C-dugB;@u(MXn4Bf&tCu{fZezghsgZX%!)iwAnGm$Xex z7gcSF{RO|la^nO{W+NSVR*P;e$H%OTvm?*BbPt$<{Np`|G2g?#w!h!%nQ;F5{m!#i zwmG6q8$U&;taxpEwkf0V>~LePmEM2h63~t-ub74+hw_zl0_{OyQBxOV9%gaIYYL!N zCS14gWrj`*YTS8fzuXE<@!Xs+xO3lb#$Li_-%fauGupV-?(v5&H6h3LKZkV%r19`i z)qf;A{{-mK6Ht5km+so*>@VllM(26huX-0ON0F9qf9Zj$l;PmBHWw)P!_FJL=b(%2 zEQa5l%@q_OJcMOsj#J_V@w`s~1=|vROR&GxR#R~R5ea5t6>}(z;x%EU_*V53z~3KX zdJ}||KSW9cGrK32-i4SmL|?u#na6+$!;0$G5a0Nb$q}qCn*i3c{|KyrDMk2<-=82m zvM)%dUmAK0rp?mnO>_Amq(0`*>2`C%;TPz8z%+}d6YlvLuXBIwmU#_eT3h(<4q9Jh z$gd+YnnIQb+vA!4LOY+H!Q-s~9M-yPRcg~c-r&7zm#+XEr| zv5gV7U$bh#K}gTl? zJTWT%LB_|~7ljUG0MS!!0aq5X5@9F!l~{I1AtcvPb_{U>R3MilCK?!`>-02i|9eLw zdsPxMA(|io|0LJ6ATg*~8?gkvx%xy4@S-Ud(W!;uk5_6gUC)2s#*jJ5Sjn;=J7K>* zA2OAfXQl?KzY9$XmTZiuLnN!_Rb{vP9NW(DTn)p0z<#Qc6dWMH3!6hBVJsN+ zy5r0CX}5I2-0kV&9kqS(Dkd2?awe$VcH($Nk8AzM#<6fb!xZVWA6e$dX40!xUF6OX z!%IdwfdKfzxkEz;UQ3MlStV->7|7<5&T($QSt)#8Xeo*Ye>iRp*_YwvjN_(~6C(0y zM@EQ{5k?YF*$jbKl7&$wODL5bvr;GG1RKhKwnk2c!IG)fIiTSE)a{YUW($p`Pa26O z7ve&0$UtQOBt2&K`W#!E4jz1)Vyv&@q@XmVjg?ZNhoEUXQyXY2DICEZ2`ae3><9P) zIVinx8VXjGN+ruDWCRVwFZqNPUgNo#c+k9slAWB6!a47RQwPdM6BI2(r>*|;^tvj`4vcQk`Q2$ig)rCk3&SL&S95*7?Ju=sb6(?GN>?b7&Sx%lan& z&pWnS5{fR^KqH$0hMT3cOw5KQvH0M<2E+512qBhzffPrnz*w;(GA|GZ&r;q-3?0Xl zslP++%IH95Z#0O`1mR8)b1?;nRdmrLj`v>6k60Rb3-P_?c-jD{tp zVQ_lNP*fG@2ak?y1i@ue-XKI$BRnH@g?+<*u`88V;rDd(4V*WmuJm4|WjCdn6hM67 z%qNhe7WI?;#YbN!&tinfs$)T(#a*T%jP`)3_P=Zt=t6qHg+kL92C#rn_bC>)jWo6j zrJP!fQD;jP6(E_oP69VF@ROb@{0WQAhG;dQMJ-VZE%#sFgtYN2r^pB}+puB?7kM5% zrl54~A$f#iNl{dw?J|&&RY2j%5?`HmUhPx7qpmVNBC2_LkE+k#aX8=DeQUC+NA#&g z7CJnbu9thSo9LtceoGs7D|;G8q^HO4!-==`OF8yxaU7g!AHPV-|KrS;w0~L(Yp1*! znXs=UONF=}C(vk#QMC=D{Vso3DssFaM9#`%!nv(@Kof&+70NO%LQKTeMJR-dm($k= zErjxR>eXK~U3leixA2;yiYd{g3pC&G88zjaV2|Qh5`2*h9VkyFewNhf(#|z=ZDlP% zhlz3+p?uNJg_J&8)F^mYwDzJ%SfKAEF`;yfEz3|EI7cODp7ac3_-kBLpsBq&R9&y@TVw_tal* zG36W7O~S&T8w5Y^KNulihU9%QbkTG1-L zDn8%%$ijkK?*8PS+OZCAHo8ynR8@n>o!Mg>(VE?y^-kxQMS&nwblT(&-<@OTW17$f z*ESqTg{4`h-!0b*hM|!)7M0btcEyWij(!#xPK%;UHp?E3%p!p}QfrKed(}&7)aLD5 zOQm?~YUF|u!tPi&8z-TiMAu8pZ#enb9phe2w&f1XRIsm!crM$C{2M0-CBU1z>1}0u zuUBu|Ri!v0j!w6N;K3fwa~n!=wlyyX7}t<&q-RmchqhV6<__i$Fx>#&*Gn}rVsK(u z;ljr_WliPkv9(M{BUUM0!!DgF>nKbtOQx~Ymdhl!c(1cmTDZYds z^JfI(A>~546cCu4fOi>jBgx0+Q6~L?1Jb+N2h5Rrwe!8l@yBXjnXyQJxq{}UB$i$x zWd6iXYbpMTdS-A#(G#;7SNO*_dQn;MKTrXW#%{ko`o-;Zfh$g^c=P)uYrE9i^+RlQU zm4zcJ`%zE2pHMb77o$^Wqb)h=Vc(KsPBJ`0=kpxAw z)w2MqEp5taMZ-8hH0hD=EJHg6^a?t>T_Gm)cxW+hvA*l8eURdV)WanBX}(t+o#{4z zmrL(4iWHU^G5v8l&RhIgG=!fvu?m z=z=AmM}%IM;wibM^oA*nU5?v%^hMo&^uCD?KWrMNrE?M4mfAiy7c$9N*wfAMNpxi! z+)G!zmfqFKU zCqn&^9t{o|tGnmI!E7Un->Weavzf5eXe?={qY=} zJek%8X((j_lCFEpJ{OB?nUkwwe@RXgnJ|X> zrM8;P!I>DGkV^SRrYL&>e0_16W9?rDP@~+QMWakXOv~(aUZ&3r*lkS2rx>wLAZ&?@ z1CQHRr}-u0O1Bb2$C_a(11tF1LZW5?@BxbY2LaQYgW-$(oJRaJAf*8>UL~cK1e->> z-8BPm61ck#PuISUrwCZCcM0_pU$o~$Gf0XVZCL|P+^?w`-|^kwd|5k(pkzCgY+yrc z2%?yp+ygI9@-o1FeRc}?&DzC0*6o0tyIf%RYCA(f!+(>w$V{ALpdI;=Jt`A?0-4_RM zYcFapfF#lg_8$e?8Wvhe-Zv+sCR`t=|I$5B)AKu32Ar+EtqLBeQ)xg{VB z{37Bluh%uOetRbtkI`tg^$-+>2N}RScc_dN6UP*X$F&CM0R*lHsqS>q!CRyZ_CSmZ zcx(3?AkcV7VQ2Wt$5#GLof(~hS}GJ+#UuIgtab(e4d+|Nt{QkY~{hF`JO<^*si?h(k_ zyBcMIT?yi`mxpRe^WklfCLI8_q~1ynul^DvAEnqAH{7C4lMyM#Jf5t0>u?UAjG*_> z*RKz*pT}F2bZe!xMSChg1c4o@l_zt($9*5=n|$MUW-p>Rt}TeS1zbmrJ-hdM_O>9> zd77zHi9m=b{8Po8TN6?Z_mAIvNSN-AfZ9MsURSjNPB6-G82744jw2=ifjc zXoI-ixU$wRumk;ls%LCH-}72Z0nImM$x`iXANLIWrv(uDVvNDP zbqH3DF}UJga}W*Ssc%pXjA1wp6}z3>O{)(M_CB_`qCS!qbe6pwaj2D&i_@R9e(Ddd z%WZ}TAoYz0UhXl1iQC)w`WR%%H`aKWPyt=>WL3$U8qG|vp|cHKTzG1B@1ANkH-a0Q zLf6|s!6qHyaLr^>2?mKfMBiZkbOIJASSU=W9XTHW?8&;_@4!W5!$jjvh9XYod>6!vJ?}B-x?yYP*DjiWv`;{l|dH;uVCZnnVt{Bj+TLD zO}0K~oUtj{;SY4rEZeEQo&!&>3DepK)mg_E!2UQwAM?ZS-1zwK$ONVq#~{^Q(6ytr z5K1iYaq>^0VMHuD3kG&yt}FmZ>)sNqermlSO>O2P_%oT{t&a^~6NzbEH3=9sFf8aB zjq5uzae5G33rirQ6UkZpn)E0IBDB=GJy4FzfPWkv%X5rqH#!E~4Nt$~`KPYXdsq_L zKR~4J6F%yaaVeopAi5cvgjh)Uy0@~v3UvNrVM>irrDgh!xyfK`2mw0&>^SYIm##XJ zxWlQ)OCjY&9nvA*LctN)l(q=ZRz8cIGZM%~th>l6eFmUM;tE=%v-5G9lsms{~bEf!#RR*$k7V)BCdgK#{t_j}n3H3I2PE*dnR+_Xi(YBT7u=!9Ra9I^>U2%89{7xlWAGWq` zd@`nn?}+S>H10t+CGvj!w!p=SJPFnh3lg;TqVkSOVKj^U{HV*k2|#G*(KH)D^!`f1 zb%^fjURXL*cFM8q-l8MeQF_LTc9zy>t9~J?8?<{@VjHtvL?a#GR~+xjW)W1jLOmZk z^5$gCJio$7k;eMVN#k8y+}0p(LaKdEDm}9f3G5(SMa{TguJzKr8;bc(MBR zo5=x*=7{N3mV`8qRZd#l@WmsQBpvDs!b;6-Y{;!A#+-(bT{vr;snlFSD>F_Hc!X~w zL%fOwZ#9HJeg&#*!RtGLx(p}vWIio~d=@wZa`Z40DH#T`#hvyzGpOK*?36_0-NyP} z1iSNH={fuaA5gb~XxDQ|F*-?|dr>0_;sP$a3HcdcVeIbK;;jVNZ###j_u&^cu%Y$8 z%V>j2$d1fHwT!*~EV}O=h;o!o*MiCW4XqGiUq93jYi0mgm=0yu133vvtH!l(8nUTb zECWw{jBkdTub%{@Rqw6k_xC-#W2c}kLwgQlZa#r@8Vc(k4Hm}TZSQmd!u4VYWn|l} zkgm?E@i&EDB}O0tedj~VUYL~7ue*7pLSc#+0kj(ur-GDN|H0yPL4tfAj1a0_6pFCi z0$M)B48*eaG&jwGkb4*e?Gf(1DX|Glt7TG2RirpooYJZc;D0yxM%V(U|Fyca29?~+ z-EhTVoLS3r#L!AnlL_kG5w3j)XXFy8`;Mzq7|r}!3x@gBj{AHi=#vZTS zlE_22X*8H_bH^d3JOdU+ele#ZcwWp>?V^@&_ErKqT70zQUEOxq_rKkFNU-nu%$mhp ziCla4pcl5A^z24Nq>Nh*650~dmjyY#n&128_A-~=+X_AjJZatTvVGrX_9TNzOPhX( zYn>r7fspR8dmazGT`}nxzn7f;BuHif!4GqRGT?*`+XXB#PUa8U#C#gxxH`)4{(VG zW>qG6RhFN8pOKVNs@j0<=#0qj5@eWHOEPj!inL|3Tzcm2*rp@A{d}4>U_)AYG_Y^_z zg;`7THYZdPC7H$%ybTk)p%tVg*9FzHu;ta&Kk1v#jwN`+<1iOX%Kh=jnt14}0^-&k zM|^H9Ol((4zng`EIU^53)*0aj_AMmlu!4bv4_RtKOY<7X5x#Qu8O0A)**594<@F!s zX=LC~{U8zz+HSE*qqHk}qgQD#do9cH_H`bFFDgof zzl%j>qBaHAHh0Il{+wBY;2Zm1@KWNDLbWo^7CDvZgyAFlP0rcBK-YrhdUe7wYnybd z_2Z&AW{q3D1i!(Ft0TO!g1svP_KXlk^YmBC)bpz4+{oyK+VW-3UW&T;8kqFfjyUVv z<)g_imkQoYzM(MK;w0f8uej}`AcN}1q54d*B*->#Iy%n3Q;F40{!{bA$|I)L6D1rS z_hY~A-Ch8<_$rg0?2&SkPM_HqZtEx+scf{y?#)LWGBX6UPP_H^vBT1hzY=B%1UiCe zyj_Hyr;JDq5S~FPE~_)2V)!HFmF(CjV-#x>V${(zuskXI(PG#wJX$2`*2kL$b4xJ2 zMxKN!M{f>NM&kq@P8yxLhQu*c8<1 zQymo6E)de>s&YPsg)z~-ed*Fiw}`1cpXz9@>bh8J7ruWxe_93KJ8xR%2ja&uIP?tMM!Vu$c;3G;ur`s*>BeXp6wHT{UH4DrQ_aYlCksKAjhi2Z#x;fp6p z$6ko!c`2c#?U(_@smRO`#R1X1C{LTa&(gr{KbqF-yQ(o_y52DU@8reGlx4N40Y7s8 z_LjPo_+RCuq9b_4VNKc(2!dCc;=Xar$~Q$2&dyX&)lwEaTCaRmD8S0sCy288 zjUE^8!r37B-)CC(1pTaG1GC(YuqV1&YDV zj}qIcwUV?Qi`vI9p=jnS#r=}X4N+Dp({kQc0zL>TY1qDq)ejO&WVt+5vXDwxA~_V% zj!bVkt3NmM#9}#QDcU@mkMq{>53qEOV+~(%l`TwyOM9u6sOF%=#i36S$sdIm}e+@m*IRo?bZP89We7J(bAVF^|F~FYkpqMb@FGc_vzfk{_+gNlXrAraAS+n% z+b=UEL64DQb58|#6}S6jMC_s{ht&w;je6bVzN(Fs3@ou%%5x-ey9Q_rSqbqvPb1~f z-?jygj@L!B?*G*+`WX8|Z*nke@b6m!b|^3jvK7^uo~J5#(!2MQHd-Gis(zGQ%>DH)Dx+d(ZDfdI1nZwV zmV1xC^L}hSe2eo!UCK9q)kc_m>UQltVdUFUG&|c!V^xIo5Bxu1J!!=^^q0`Ck^h`% zOL{g(kMH{PtJugtA%=>ftQE=B^rMsgUvYc-*(~qk3$|YZdD<^%xaPae2k;karwPMG zE+H25<8XU+{v~ZkPUHCsWI+eNO#HnyEB=-rQ62Nzd zcU9JG-OuEsMU-bjc1ic|LG8&yH`5FGpo~w@s3s!iWvU7>t^<6an4b#$dG5=lm930` zypEO0k4l(hW&yr&Af3v6NVpdF7y7$P9LZQkadLj6W$qzmyoOkhB+P2g4hwUrbPBIO zCj*5B4?GIm`!vdL5nOl7bs6aW!=G;aB3xW`+{HleTBj$xmBU4bGyG^~s6l=`I^aS+ zp+aR6F@xV*!u&{`Lyyrvj3YlLC;YZ zTJEo*ek6o+DJgkaWbVn}QTzH=QclJ~kMo1)X%OpH5$|I*_r=$G>SMibj>t1*@fMm9 zH-EEBSwYd1guM)^bOx2unP{|?7YZi{>vB=uE`p#O-r_fPBHGcdIL>_ZfK zBl38G`+M3)l(IShz2DDRR61Qot=z(pP7NELhQEL=2zqyG8+~-gCe7EhA&|h*xBQGK zYMk`D3|Y;Yh3s*rXafA5e};2H)^^fTzmZv$BA)Z$-HK=&ogmWX@WOulJ&%1BVZOW{ zWhqu%8ppilusXdkLEDZliCSnXE}`{wqb?t>w9^xbtna zYylp(#ud*z1_Jm$9tDfmmlywZ^V3je3bP1)W?Mo3M8uEU3fp(Ri4i!R*e59YlHMigkgsAprN;Z9b z!O~dzMb*5@N`j=I(lrPqfNxMY6X%7vF4KkSKi3U95w&G=GJ%Ah?&!k`X7ci@IA(+7 z$IQ|!G>YM&T6Sxw(Ym1vJ428?B9Q@J>^P2x{(Z|y_X_S-i$&!3eOVyvcN)EHO{l0)BJ5^<8TGa403Yx-AD<4E0nR};oQ=~~Q!j*=1x=wfz? zA&?Z;$Z6tqqKXyxpBLcWVM$Bd+dU5vqOd)mQO?*)*U$8}`Yc3r68ya>duDI!X71kg zFq{vP05qcXTRyZ_Q(tN1CucFbe* zO&|dtB=hw`9TFc%&$}DGMZ@dj^UjXoH>SInEoPc)5=J+@ml&yL2s@L4?ZVFU6eBH$Z zAAKi;_+%dK5YWmseJ%P1zl8Y(;GfLN6U{E(!O-IiGfACeUqDT@lVG)Y%Ax1-UnJDR zD*;zlh*1T`Ptv#mdDTq9=)Jjgf8$=+C{x^nGWW&$2d2*#c_2_^1jOYJ5tg2bK1()q z3D1!z1ZojcE@vjgBYKi4e@k?x2!K6XAH!$1?1ATyf%q zWn`9TI%I$B_@eL{@zo@C1gN!eGI8{^O2y{>!+w$bR-B^CR9x&T)O_ z%O~CN)`$wMwh<)75m2mQ*z|-sl1BoD?>IQwPG1;8&)?KeKfu|02_K^HXY0S*SAGw3X})z8(X6F!t+?(~DT#c# zAdJ8P>5tY*PqaZ}CUQu4!bu)6TJVfKJc)AzvPF!du!xNd!JMWFeo~Aj!NGA3fd%t0 znHAsc?FQlzgKqj?!oQkjZ5|kIf7E>^7(;nn>73||IQ3?#g}BQn(BYM_pI?mufums_ z0?(`AABiCSc3Kxjh9;iEg)*6t_8ut{639tF@tE{(&Z0~WI`aI-=3#2~N83mxfeSfQ zki4KDH+40ldjACIwgu1b2k8g}KoNXhc#C+Why)l}!RXP}v^4ZShR^UhvkA2KljA5= zRDzC(`{slwG}?Z{G9uB3n)O>{DU1FPml)m+?78L7S9eAZ50!5<-7|tk(bd}R&$&E>!rK^(2s^@O+>FkQlI7`AJe;~_9an^xRVZ}MKg_WL1xL&y>B1xB80f9@6Z$lE{_nMQ*7DWto{2qcm6aW2&epe@|QYBXjXOQJf7W(8M3 zY+g{A!Se_ic{@v{bTk*+Im;dSxsoioG?+CyB#KN)ATu763I&aT)$cL8reWR|OkaW( zrsg7`|0b7LHydt&5te()u{j((6Y@%}Y#!oA&06rDxf+oSGpUnKeS-76!7?;18x{k} zUm9{iDSw}-2u>2>HSzRQ=k+Q{i1j4aqM@!fj9X6m0BouAKf>DO+L4){Qc;7@nOCRW zuCyj&jUfj{BXFaXaF}P3C5O@UBvp|`&<;pXF9h>fc}>inBq}GxmB+Ai@GkHnor=RM z_JMsJ{W9exuSvO-o)($uyB|>}U3+BIr_CZEmS05YqVN^G4nB8WDVl+#>)DIYxVIen zZG&>zSO(JCN)v79{vEfP4A;#H^A_zK2e=Ze3e-DT|2vcTi=odlQ<68wI~a83w&5(G zXh*m}{k=m)1k&DA09CKYz1h!FfR`{1nhIo^3Fbq(@^+IDHxQ+9dX0h5-j1XRq7F8V zEdJyar#y02kg^7q3l%*AwJH4gVBz+fJ5q!T(Be)tDToQq|5MmkheiE-;nFN1urx?6 zAtj)qbS{kwf|L@{NQv|!A>aawpdcY2un1q2?(Qx{KjGM7H479tri}*jhTez1|u78JF6v*Ob$CGxfxl#Sh-TQzT0B338u9S+1cYEYECwSm^-40pk6i?NP&>xpPEec8^+BswIvfAAnGv- zRB~^!GNm#I{4h8r8U#MtCWE!L!{DyPb z5xnq!Rb5bJpB#6LCux{L2Fe!#I@H@7$`52mO%XHv>k@JO7XI3-bhbli={4BLgcf zbnCEtPbbHipj&8Ryt7X217D8uS;Wl58*OEMO;9Dg z%e8zk*dW5)yu(h zc-C+h=3BlcXjVd_0WiWU(-C3C~-31ZA@fGoGj3p4x$5?mw z%eSDjdloBbhWybXL1i0^X(Nldxnu*a>`2*3 zO-c&Q6$XyEwPlW`;5~`He;Vys{AJquh@LatYaxYtng5s`C7PCnP){^O zb!PJI9LHXp-K|YZHs3gAeg81`9T&m?`p)%2H+Mi#OkVv}jUTb_vH>zcVIz@sSGtN^{y;UQMR~f5x-4Avrqya(L}cvBYz?cZD^LLU`^H zx-Hl6kl-x|)q=IW2QEDa(o(dB?jm2-jlitaALpP@v)-_L(HKT`= zjDLr$j=r^J$(eKw-Opz($Ox-mIIzce4e9=7&0xl{5k)zAe^~Cojdk7`B_VPa`I2=a z{I%BU84M}>WVeMZMvFD6Q-;;doTfiPZxKzN^{G6~o~4CGn`w_$CUNq1z;SO-Z7u!I z2M3u3|Fl6FJ68>Hwe@c=Dnv!_Kp89bCg)L|8t~hFF#(1qHux@eZOdl|#`@dI!oS)J zCCi#TC+i-|Dl41P18}1GQu3nH1pDhJSq+E6jko`f;Xx>mp$N@|N37hc=>Nek`mjTZljcKfHq;F43SKH$*?dViHAQ{F*b=Vs#%a` zrY!2~xw&aAo8FGUK5@vuN8Eb2vB&E1Iu9ZgXDI zO4Yr=lJGvhR2c%ny#k)R#`oSQW%;8j31j38DG4j7wI<*M zKA}AKJ?HV}3`3_;(Tu-C8Pl-Pe}CQwHD6Kad(LTBWS(JN#b8!3`qj_SF7=TTIJ#S_ znScNNv4nThIsP1OszVQ{-`zSDv)C2)TD@c!(5F}Zu8ti%b{zcBxid6?{PZTMQ9pYs zq}}uDkfKcb{pyVYU=%(WK`nVhTciBTDC$!6uS2v!hrACf8D=lLDTdSE-V4z^B>UG2 zAE0y5?V!v&2EanGKk>q2ILV_w(cy)t0<_)$>Z7VZ;(=;Znt8(sUtHc@Rb_+!7_Sfl zEv*2OI^zb$Hc?B_d_8pfro052EFgtJ&Hnj%;^FX6j@Pj)r4cwNR0tZ9zZ@#SCMIxU zkHjIx-$wu|#R1gttKtow@@J{?Xu1V!FpvcO0_fSy{jTgA^reEM&cJz-f4XVu>#=Sf zA<~F=m^;|;Zxb8@r0;Qvxd3+{Hho5K^1{~PQAXxmTRLfof-4jN>L|86r`H{~8(pHB zj$)jrYAZH>=9CGQ55PU0gC}V4{%zzIB_6;F)sZuc^>#+FyI|2KoyY@^0gbrlx+FoQ zieMygqB~tL>M{E_1`9Mh67@gv z0Jp>yfE&%ch70vFGCvLcNEPk65M7W=-tXzEY{ny-(ETprlI*?lJmTK7j8FG2wkt*C z5wo`apKSg(O?-Xo>A!Q~d$6~^R=My=$hpTRAvKF);{xQXMm{Uz8~YB5&2K;WJsD23 znYA`p@LQGnhxd4Ulw9fTa&O5!@u}i<@AC7$u@bSB(I+E*N%WO1@)s6@`HiX-C+W$% zN&ucLUoSAf4p2VdXD*Itm@n5>4raCG%jiBD_lZqAi5gd1v_WTvLHvgC2Ksk`>2>RG z{>>`U;szy&+D!o5jJ2q3FXVN9s`O~*J7zm9#;pPz)y~GPV;?#=B`Is%<3MJodCmoh z{r)cET=93LO7-EVu`rhgCI_j@3u5QCf~p+Vg3CIa<`P+_UEZ`YI&Jx6{kxeCsMBZH z4_y9CEgDH@KD+c0PQt7Uj=Y}r&maGFf6`MV5_os<{^x&I)!0kI3R#~UQof$C^}B2! zmpycnUL9(zoXX7`_aXMK$f4n#`269Y;8aTT>(9MSy~6K3@z61L*%R6*U{DRMt$X$| zeG_QP9dvCsO|mkWK4-3Qc66TDHsS(8cxMpxxaS6bckE03FaC;)*_=d)SuHmP~FQFoa~_H8HZ|~ zT~v*iZ4SwLSFO$ZJKD|qR27u8%$fzWf7Pmph?3|HxNxmC6}8N~=U{Sv>uqx1y34FK z+9_+=FG8re8PDhG^UibanO6})RqMH4!)09g8s(a=`hVkZ1UVL#e);&UrI1OEGmp<_ zE!^T@pS5bz=TH{vwBGplqt~!#oAX}-<}nfZi|0-Ksg6Gqo^;wiNVW}gs!wP29{)Wu zABg{E+CAWW_=W7HiSO^VET=gXL;l)A#3aA8ce!aTE4A`l&HrF^(U_^(&|5(a?QXsg}6vD;o=3HTcsVQdwDtESx0b@IuWXMd`;<-9r`_amdf zM0GaUM9sWxXxJT!g|*ukZOP_uqJ77M$%GlVd>4u*v?h1%gQ%-VLbI`?zc8JB(eNZQ2yYx`RA*&46d z#TSOnUtMAPAwfS*j_v-`eAjAeTg*UW%5ii@w27U~%Chfih>53_FHCKC&AtpC zt~ssDxEGzDer0w(lJyRoP4yZacqHGtd;uoLLVT81=BDYZGzV$+DIsK<-{p@{v5n>A zg1?oM6YtLZi{(aV8DI7e9m<52We6wmb9xWPfss>rh%p(skCSJ!^*#fb>oixa#jrN zJ_tw&eCnF)O8z4TGkSOm#zWyEO5)VS*LQ=F`MCKUtfl_(^*>d2oT@9mMJBg1A3Oc7 z7%5He2X%C%DM2^qG&4oL2dPK#LgSX>xlmzv6%mVj`KH&Z#lezuRVb#w+l<9g96j!W zepD#>E~W9QYVSF%K1`=L8D2SoRUULE>-nU2D< zBkt^sq zFX8gRpa?N_PWkg?<6IfGoZO@3i2lu~H??EHQMBb=0xr3||KZg1#AaR5=Fo2r>4rTs zSp9mO;%LaL8~(c*n7h|r1;oj^kFp-Di}oXL<#Z&N+(Bq+Z4C6)rv99L>Rh7_iCy>H zG@tY;(n_~yP_Uc!sdBDWs++S<5_SCOJmbn+w*$1eH@kIO$Xfato>r$9G9`gIxUqfC-v`;J@;0yD^It%7tswMq4a`_F29(hDI(r;$-?iczw#9>_O)NuQxO zzBYee>60cb8Qf_WK3FE>dUNo672(REeIrJ#d?-5M`AC-*9xs0hTqz@O#r9MwX-RN!^KxC;Vf_sFPP zx4#Dbjeqz0m?wGvr`o{;#tuG4t1&CRab5&f_3Y(Ic=D%m(qLMPk6vR>qcnWxEx>jlB+?ru!G=OtFCIFu@ob5v#n^2+yJXL~>Q82p%=>XsyU-~b zcs!KGv3#PLjRo-#6X!J2s08uUTz*!~pQPN=IqA%f#I?|MQk1bfaKaur?wMug6abab zf=SylALSo(UF^)e#$w|yeCx`)bi|gv7&=d_>Ugy=WqqOJd7~{oYydKi$1*&iE#Af1 z5|J5S5ro15a-vB7^5$3s`OZ6M8r=j8Fqc(xilh4tkYZbFFPJH`GcXgv-Bsx`B=jojaq z-j=15>>{9Ur4m5UqH8xtd|ERswZkJ~j0T|ee+NE0I-T~Nj+N%+--+V$v1)hs`bqVA z+oR%7df1c0J(0V}_%J7*qmL`yb8C_XgJ|GD3++|HS1Q{V>^A_nKV1~DA5p0sL9d_P zSy?sf{rXQ?S0OHbJDJxt*+Uj)nO9C2sE*t#-;~tat{3|A#t6-r4DSE$L$C`o!7Qs)n2 zSxAWiTYd>w)mZO)=9eMPqd9{zUIEfOd2{pThDC!fYR5l`G(?`uoD=&V)jBG%8d9=b z2v(Q~F8#`{=($mO*(2*b(k~z4+r0CvD~-`>w-$p@0xo-$#Gm)4EIkjZ$jQH`^QA$r z5H$~-XxzHG5C`ytWS?_2uTDI;*a9L^B0^;T&^r+NZ>p27IG)~m1DstG7l`Y@phw(b7e7(RdQcv$40*Qb1Zlv#kwOevwbUHY;+LMsNg{a5r1iPUuUK z$$hPhjX|G!CJ~vlN05?}KmGDb>JvyqGYbFDePddc3XQwSMfg@E!-?lYyrFTj*JfK3 zl;7LT?Stp$;OK$uPG+>X+m<4+foVVgK^A4hFfd%XWathoDuC@lZKI);gy8Z=O?sZe z*B9eA{7+LKp04qpdLE>_WfJw|7AN?0*TMR}xTCFLg;D1xk;>;U#CZy1_;To-YBjD- zDRyAf7{YNtU5bbXT)Q_{@_ej%N2cNf@?wut-sm3{dJ%-}B5Z zC|`Ix;s%%^2OHxyx31qQiH6*LF*PQ4fl*49@hL5+J#+JV)OAp)zTlr+AR8Xz1X(-0 z3MLjf!D28u8?J@&G2+GF&}>ADO&2y^DoWR?Q5xIC>yw7Y3JACmG#)LG)wy;<{|wu_ zHhvMlEa|P9!EKlAk$$zC@&Uup5_;VeARvuW-~r;#jTfD4*H24Rf8`m@2kE|}3u>mr zCmIU^k&=Fbu~^mx*nA0Mg{iT}E?RQ1;bbTlg@yq3S2nlKufr4O&GNziVikr0vkL`_ z5BknuP*`z9>jcW`USYYD?v&nGz8;brrrZSB)WCJ%uT|cdk&^|raz5hESQ;NSt5OyE zSmj)KKHCCR$TTbTN%5@IqAKOT`rENqjooxi;MOdKXZ~A2S5X0Hx@=6IE9{X3fq+V! z$>ms+^PdA&r}Mv~A}kWQIh<73doUZs)(QXow2#U^2VIkX5WcFY(_(418LdT~Aqw-* zY+4<+&gk@!GH(~4p8jOMS?3{LcyknpunnL2gqV(AzA@@0f z)}P5yVfjY25usrazP!4g?G7xZhl4jv&0{PpJtB8Jzr82Elcd5F!&};&NPpQ5+{;$ms#!hs%^OQAmq8{0g^Xlk6U4%Ja1qQ>wZps;% zweD(%@mPK!j~K_DEG=-*{+D5iO^A#D#{x2Oe>J`mtrG!D4M_mKm;^6C|IRx54WQS~ z45l6*gsSI)B`K+S-==wvJn;g;A5Q_vz^yTgY^68JN{!W1ueu3v3A}(X^&}8Owg42d zA9?87M#MsUxEHAZOaR&2z1CdejX1s>vbf>UtJQe$Z^!3PzS6G~U^~7A>gAJPwNf3x z!M+^u6#B5L>C%8Q)z)$51jf|w=obK_Y?Q9pI6l)W8B5Vh6eaF`lDv=)fO#^5C2Cf6i8g~XPw=yhY4oDfW)d9I7;6y$a2b`ab0~U*gs9oPR%Qv$^rQMwAjj3J}{Mb#A zK%0E@@AmBMr@Qvl>+PXH-9x%OEjKey-e(igNSi^MPd11K&Lrj{Lc5AR)7E#QULf*={-Qwx=Xn6$kHle2IzNkj-iVf_)k~AG=kDl zZTFho)jnbmKg+MK;QiUuq5=uV}Rh&ELMm`z=g00dyD2KU>}uR zy_f9d_=^;30RMsIXiWkD07F1%meuM&y4PmK=meHg1aFo*!zk4)e{u{?^Z{$<&CB^2 zAga)!CAG#4Xe*OW9dw2%+HpW7XpBMz(>$4NUoi%XIM_7J2oS`ltFWZs0`4-*7Pdt9hWFbBfOub}G}_Daj8QMv(!z?+376w+h8S)2fP8K`-_NQv7R zqJdYmCceq9i7{aTv>UHh65cTYTz6>jJ;ZW22sq!X;TJUvMn{00Q}7w!taJ2gCN0S4IPne{`VMSRr-K?V0H*FSeOf)sP<`z=VlYDhHPrphNpXZ0 zScG}yteS?eZ)#@mfx2|>cR6L^1*a(4<>{x_x5?A((Nq1Gvh1O0vS%1@0j4J3&uhTrrZE5h?V0xsVO#boV|XPouefVlA_~j*95QD%X_JYPL zaAGf@SB2JoR?d(bfI^5ODk5YH!j`0$QZc@6T9|6E|4Se&fmUf8My@?iv5&}F?(uHj z_FR1Kg;5+wxs>--N`gN?@Z_EYi6(tB%3@f%GuZVg(abW6h)0$>@BoTLkM$w`DJ(;l zSesO0u3#so{}gtrez8p&9^*IgtKw=k{8IU>r9#4;lxU;w#J?f-_(cZ6ZDPe|0E4g@ z&Wna9I~-x=iCiy%zMM0lqLFilbL+!-Z-7jeU5cw}i|s79=z+b}nBxfg7t51C+=XnL z+epp^Cxju5y5&7*JV#Ao6se6^Kd7juH~`^Ef6YC*Y+Rg_67*1PoO{Li2|w=|V@t^Z zoGfJe6Xco2-^79I>P)W>*N49Y3Tbo#CCT?)oB9^A6K4P1ndL&9o zMHVTF#$D#yCRZk|;hhSz3$lI*FC1G)00k-{YbGisH`!52a3{l3WagxQMD5O3mY2=A zUVy_uwEY8I(?Ns&kT~FLWRQE}qlP#JhRSRG09jU&te_fKi$_n9(B znWRQ&X(F2Wjo})g4^wUv%E)_`JWf#7IPfVFyxLWN2Pzbxs12?io722`U@=VT*8Po( z-K>?GW7O~Y6XzwXsxixmkSIx#nEc(nphc^0wKQc-gWtykWdc2Kx$;KxwMqrLNZB;9 zu{HFjm5m@1&2*I>Al`@P14FZ%jw#v!>Y|v;H82gPtD;EWaLUnA6@Hk}esa9N+^*9z zQj)+&3NZkTZ%uu@#X$~^gS$Yuy9dPd2!s1cg+g96%N;0~GcdxdTi&sHFctwVHJ)f# z-^0%jF`53INVqJD#c~7OnZmqrMIwY7LYW}fWF&?<#&pHcS5_Khq5jHor2-r1YX+7~ zE|x#7v`LUu)N1Nvf<-&^Z(Z@(W8NM!d5QJ|<}~AktvGilQ3>vvH3Q6xNYh3{uyKnJ zhDNuW-Xb#Y{3ws&TIN~okl|KzJE-u$~QJ2*QwSuC^Yy(>B% zBOLG8f)G*EaB#;Uyd|XC$Kdr25evAR0@tehwiVIw4Fk4dMF`R1jwrQX$-9!dR{_NK zhjb=L`pVtcC)#Hca3t$1D0}|Fua9Brir=WTw)_>rI(UZ@Li<$!Rqjy@qexUUSCL@6 z?5YbUFAw2Uf>>}h@$L)6H|&$#>DW%n>NTyu8Lf}xdd-n^cC9pY;O&Zlg;^v%-YNU# zks601)DXq%de}=@FF%Jmvb;uR8N&CQLsPYJH+R!Vk8;vGA$7BKP`koLcj?;jS3Zp} z(QO!-q5VdO3W+;w6#lkwzmUd=VmCE#19Ak@WZR8LaxyGQ@I*)~r*dRXC`vJ!3yDDM z`h0XRXp%bc(K4)+%W9>fl=vdHt9nP49boJczS$I4LC_9WHl5BcAgG5uB8F2M*}sY2 z`(QJiG=-xM6C8GWMxwKPos=XN$+cqvbXQUy%Yh~MU3$^|T%<8QRTfeFd)K##p0+vG>Baz{st6`z};y-@Ok1ylEf z7`YUTm_i_RS;*P>FXsAm_54s@WmYtGp<2o#-c2s$v0t&l>WVm=(MO*}DG&-Kw~Bx8 ziamk`jzL^QSCudg9Hir%ajgO(OJ{jSjiedWa1{gt8-+S63>L}mY(?g5RRlm}ILflI ze7J3T)v#V@5QGxRjMuX#52b*J8D#M@z`^l~{0a@PC%@*HUXV8=n11{EHU%kOuxYu2pro{9A$MX~GD8IZO@&8@epo(L zi@+L){(o*<9nkcM@G3YpArV1CB@5a?9%Tak4rxUPW%}HLi_uS>5i0vBph*5f8UC2Y z|A1t1Re~^(e1zbV3J#`-K#PpNGUvi0s13TPG$DMNDb^3=Q$1pr-q|6CpNOP*2L=Xa z(wHrU&%P%y<5iA~pmvku*xkpq49OzFle6tjgjy0P+J&H8!dZM1Mg))Q3VbAXNKwsaks!389xn~QAYvmq zNhTF1pxq<12pk9}vugHh9#m4?|4G5dpsXR_TSJr{R)Erk2+jx-(AANYxIKJ9&Pg_9 zb(=2igU>WN0xuLLfDT)dSmMkmYjFFf5+`#o1(9CvEpwjOXIDyyS;!PtAz5HbM@7Gn zZ9kTrH;{3!slQ+P?qTKZp0H9o^~76m6&`PJnsMvWG`!Mi(PRpG3h1d8yL71duxiQi zWfx@0#ksJ%pt3SE})G_Rs=ya zdy7&NiEk^tj6UiCimryvv9QKgA}Wu=6 zo3?wLBQvrla2jIST80@yxCPwQH0jPPO*p`OJL zG*NUGCdkzwrum5c(5?(Rs*tSk;#9v@>t79zKCyYG6v!>t=myM!TfV2u**7Nb2bW7c z(}~EPI;CAE`0hVdY0B}WUgUE%JNFQGR%l`*|@=|Oy5nc{;`+WT>H zsT@O*1AH>%`y@XD83F@1CNPmuF%<~Oyc2-EpUOz`K*Zry9CcV70w@Q!E0-#i6>3g! z?eBsj?B;tvves3j8a0o(0tFlnS}J@rL-6Wn;nrS=d#f2d)A9phAxa)ez=pG7J%#ab zWtDcjjUIyoq#OT`O14qGmA*;Vc4Nq9B)>oWWic7mp}Cd7)YuLm`aU88Ab)7x06Y_U z5wjB0W7aNm%nh+ZMv&3=x9rFy1NP46+l5m~MleY(2#<^*>b{t-xhNjI4Z+4piB5pW zb)2TUSY4Fpz;bhkr5aC89RIx1bUC#d$sf>a3t^z(Jm_7Fs+dt@wcs_81aJTYwa=vj zprn?+qvrzRt?VYq&|AJ1<7Umfg5PK>^KHH`yQ%U~W_}pp{sbGR>Zir%W?Iu&TX*2I?bo zP0kB~>(sUvzupUq7soOvO1GPg;vy)u6V;ZoV6{-cYa0jD5!8n-k0jj5&w0zqQyBL= zs^{OeyjZ5_@MgU~!E(qTqAKN^gFheU{oZR$p3p*()phKtj3J4Rl0qHpPz!te_29P` zh;(g;v$73Lvj*w1>ApcCwsHJn5A{KA`f`Oe?>nXdK4%sywGjI=wr2yO`=s82S6bxe ze(^xFbnqF2d<1ezwExHA(@V*1nwg5TG;ak@(rr7LI0V=I67{&ah3xJdSDWF*m3glL zNHr%v9-YcK`J{+=*=;c^3;=q8_KqD!&~NyObTJK`*Df-1dQ0A!{LPnhV4R`3lko!WSHE5{OXv>9c6qFH;nSA+B>X7LZO`C}*LTQ;4rcG&A*FJm6a z8p-9~f=?iZF!looc=X~Uij1X2k;d|ehpYRCPuRQI9ZMKp0i*LmHCPBi@_PUA&&54G z8E$%5Kb#^sA+@&tD3o+#se==`S5ljSB){K{zj!TO_a;aHNC=c(C5@xy@hWa;?uvie z+U5hX$EdNJEC*9hnE_NN+6N*$NeHSC!?JG26{xBp))0v|LG9iz)vT%9RI;y|m5)uv zKimB6evjY-3*Rgxec)rl8@{BwHgBgdF#n8fS6lt^YPyj@@bi9litl2#3fHsnnowwa zn*xekI)loryOR-7+Pwy2iLr|)mV@K%$h@TVf#38hmZqOkZ)Ms!p$^qV2plVMcf<;Y z8n&&7vl+J@LtMG5zIRBNsms`HXofkfI`+%I@TGT5F6 zPlGN&=uWgzH{ihoKLCrGx)II zr)5x*K*-Vc>Y1W%%^3GgS~%FgemXF~kp zzq^MmCr#lPNDg;Y1UW~yuhQyb{M-~*E1Kgt+Nbi@jjkNysuvdSB=AEh0andtEa@Ev zF7skYMVOw96lw#u3K0qU9zs&|9c4mm^bfA$keCR*^oM8$v3JdX6pbOga4stLr8_@~ zy8^|05|%hMq3UCi2rd>XnCkPJ8Sh>%{VA3{cY90r?3cR4cJdT(<}eK01|4tmKm9d$BIG;(jcuwUr!mW=ay;IpytPc zft@4Z96KoJF7~1)>(&g80ptT}w{9&r6zvv_1=^4DoA{uzB_SdLIsfom}gED zfmh$63^QdN{K4D~a-)tBHjCf?P)sK{j1~r$BayT!*M5;2=A?MACUVK^L8cSJH*Z&i zqL#lIlOiuxpfE7c(^B__mzV`JHm7fi52+mbT75`_8zzD8c(V2Pr}*p)%Qcdw$hKb6 zonDPNT0E6u*j0*N?kXqNkrq<=nFHj+&d9keabP$lq1CZ8En0R?q7NX{$(+TXC|eH7 zG&p7u*X!rPJ#<=asiy7+e2jHAI3FJiPT?!UzukQB6P2iU%z!j2ITy9dKm>HPhtsqz zQ;sW>NJCHT_g-+-yh3nd?kspJuW~4_axue;t=M@0i`NsWdvb$yKh5+H=2NsuR2M{> z*9;A$qc|X3nojZ={cS&*NfcL^<*I*-h4_caM1Z_5M-ip|6}FF0>T2{VX~;XDZ(&FO zjw|ml+OAK-(i1I1rDe;zPx7m878}Iii4X~%BXq~CgC6lP@GRlzL`6_<@n{FnF3NI< zAcOf}%GVTw1388wSSZ~djA;zWiXmmGNL5>ygY0->`C#JsxFLxx5kcaRU)t)|ktt{7 z4EK>q03u!e?S5=t0-+coLV!XxY3=C=lVeB7UM?_ZU#WI!Cpt@&2`bjVE+1j)zDT9Dg$`%6C2P%U9f z>rc@_ltOP+NML$rDbATY84ATzw^5|6@4ES0q!k(o<#~NrKftMF(UdX0_B8!?%2PDG zB&M8cAttvbRG}qgtY-9;7?sT89ei}8M+S1b3M0(%V3lkV$2Z--@>!Qsu(_qTc+8Id z;Oou`gjDw*xIz#Kp{v65R!MUJLH}pPH*hmjIQh;z$X;K&%-V*~D>F%oauyQ!?kpQtB^mA;A*ybZd2JP|G+*Z zdnkAMV~$qtggWnkfPAvP8KDe05~esLsZQ&v04pcm#<9@JftPgu0XhWj5Y7&=1>Bgv zgQ>-?C`yYbW|&Ha6WAXVD*z+k&zLaF%LE^Yi=RqM7pPqW#X|=u_2MJiGn`2X=U!0t0l6$j;-Ieu;Q-b zVg&alwGt5wt)T^+7EV6VhsS*4%s#!suYL)-swdd@DnHS&0yF181nZef;Z+(N#i~^% z(xM?=@tokaw3AXMA~&7syiD5}ZsUB2uTyvRu1AgE$?DGb#Jb|98BX#bH|+ z9uK&)gVXftSA5v?ze>oncK}Emtvq+q6*@k$>3z-4JR1`90P+A_t!c(A`|Z_6g|ETq z|6>)BgCGWS?e#gioT%8%;27|73%nknm)4mkkT;#qyX4?O* zyr1{AvtU7aOhLm|t(fn@hRKWJdvr(zpbEFyb~sz50VDxG2^N?WdrtklF7A|QNXetQ z8+@PP3ZuM^1r^wi5=`q*^};K`lf z%ebAn9uKfK)(OEB|FujU*1#?lg>x(>Iv}d)l?eE-hQ*kjSaFm62Z0_6em4YFm=?ZT zQ8w7On8{op{3RBu-GK!*A6apbU42RdMU$UrS3V39^cMToLYNUNEm*w0z>V?m;l>^R zJD6xzFt!cGHPWl@Z)3l_Vklk}A+PG4QbAANU46>MPI*Q8;Jg1k2KJ?m`>x)jg?$V` z>|=N?4ZB>mBa0PcWh1Yw6#$R%1d9py*mmQee;7x?U-M_Q`Kxm^js3t_IV&^@(_nO;m#~&QhQ$Q^$2gC%v-9@z*44;| zgh4A65k(IFc@Ao9#fyMQ@y3;1?*ITz#@bbE1I42QbzhAR$`UC)V7Vl$F_!W9_Wolz zY}ht_``5o^GfU1}X?*-&Zv#5%RWnEhXV`$xQgVfU#X9g(SbJUPycNZlV_{kgMvr~C iD`WgSz-V#2OJd4~i?gpLjs7^`pN5K-av|J2_GJ=vMiNuj0Q3;ZRAQ=QC=P;5%vH=7M0wS3~lqAR?86+4; zA~_8L0>e0@Nv8*VzxO@+>_7H-p6}dy?!HpbFx}OwtGcUus%owEtCeJ+r%8R5{VV|i z0kyW4`fUONQb_^=;%;(MAcv%)*qwlY%H2&(%|KgCjoZN2%h}DtiGV;W>8Tl+xzPY~ zfz@qoS3;7Pv2!Gu?ALY3MIZd)og&xfF6w?pXS}su9PQ3xSiN4EXm3UM+QE#uXO4yP z?BKidWa_7~JcM@+p6=xDJP*U=$sr1TU3_;4uWu6TUmjL#Anea(>SyST$tn5zCFdp0 z0|LnxM1psFmOqwmH8;BwI4xj2_uy2*Doo#a>1^W9qW4Vpth9HXBKvYMve+S& zNKWxEx~jbm7T-j3vEk)g7?3UkDge@#Smfb?uZ2^3?(XV&bI@Ia*HsT#7|y(==(c;*_RO_GSxWbOZyf73v;V{9 z2hT}f^K?_j?tM~k7{2(eo1{Vft(b1FT@?}*QXdJ`v86rNGTFUF7pz@6S$RH9`}=2vZ}+^ogxTywO64gxWe6zp8D-!NAv;0ZUGmkE5;9+Uay3A25L33$UJ0Z;sa)+{q1 zVUjoloRdM-JNcMu?6*$rxt0aC?j!EAD<9?`Voe^YcwJh!G?s{4%qJt`>U~a@;ESE# zBzrqA?NOd&>dr*WnPW+u)oox;E)mVD;op%8Czzp4kDuheHsj5_EtSzH8`deMD!eGM zNLrNY?GoK=zOVMAE+__Z_5#B-@@h!XHf&^Sv+ z*jRej6wwwzAdN!OosP7-$OlOm`q=B7x5^o4w`qfw#C zh5lH>(mcSy+uPf_=KVAK2&Z7w>9`^<`7mYzd3J(4P`6qCSrd8d5S|V&g=p}Xlm~2e zMEh5`WEak$uhWsA$>e6{kCMK^sUaSXvL?M4^W!d!5TVoEOXg=LqEqiuP7wyiU|w*Z zClvf(;Z0#pDBGdb95($y_Y?J8lnsfB7WoA`ZjD4a`3%Uyo8jST6k0}IVeLJsqs&ujiXH8S=B&rt^eokAb9<^teNVt~ToY-8@oDdv6 zr4z2Y#gnO}!7um-bSbNw?_7qCmb+G~R-d++_Rp8Jj@0#X-%`(O=n3lf_pJEt>Fr7E zne6%bir;u{uLdvezD@F^;)%eMnkO2APC5#u*_CPyCC5gO%jL%8#?IaoMN%P^ku~x0 z@ul(U8g23B4viXdy*8-`_H=3GFaB<6(lnkTw^Xcde%Dh_X;ll;E&J;EL*f&yzIx-k>GP7| zuLTu%Dk8K{S%K*^YA&&Q)q3qCy!rX^EdKKT+V2|Q6}=;x4S8qfum3~Y?k<%uX~GAW zAtw)~JiE7>^vJDW&7pFkPNA(x%U|!10Z64^M!(9|%{I8ky`(y*JgA#VLr8V0_Bm#x z52d^P$-@%8`#X6W)M{x$ysnL1={ImSzt`Ni8^0*X_sX!`u=cZLNoWaKZ}aOCpEkJT zGIg&@N^ATEHIieH%TnGS_o?+_c~XgX^nmnZ(Tl?um0mf&T6}f;tIVsio2^4sL(xON zL#DYGq&B5po{>FE9yZJ6k_CSlbE(e>89KY>=G+vQbR#yd)Beqk zCe*E~H~pLySmYcpjQsXu@e&oX5jU(sCXX!Kf9%@Rb z1uw6y_Xbt@w{GhN(fSpx&Mjc4y9U(OUw>F`6zuYQ0t+9#I4W*4XCn!*gy?y>?@;Xo z%r%*ZR$rUooe1HI)~_2CDdbb;ig+JR8GeAm{(x;|Z#I2}IJ}(ITI{dkD?GG1MxbR; zO=qqUOA=i@^Y)A-$sSP^5f_=o8H(t}GfFNBb$(N=Q;_I8F-{-IV&?tA<)p3&s@7%f zW_-!WGMN3e@~NSSwo9a|zUyA+yDp`!vbe%TZguq=BFW7?GOK$n<1^b@JN;~#WhJhL zNrvtvoSF(6AB#COi%NJkYghw7y%#kYjJPQ6TV4y>b9H~~x%E)tynaf0G9(3@b%ob1 zw6jHBV=1;fKWXPt^y4i4S=~l`Q-0Y}*V2?*6?!3s?2q0lHhBKp{Vb(nt0SeySSIuG z@fV{nO{E7Z6c^syyNNO%eJ$YNmG*{1)@ddV-n)$G<;s5{6D7NNos@@9#=)i6#YP13 zaPslMuyyvgVc4!2!uD)5iSU_xRq&$kB0>aLy=rmc8}^%Uy~2&CVqe4TXM8rok@<|7 zZzNz5_dT}vXWHAw+LVq~&?#s&hCAA|E5Fp=BpF?7)X9G-@TF0^{juq-jjS63jRW*Y z*Fw~yIML-^rc=U^w-ql_2~~@rugE#=MO~6N;y21Ilh?a*4H;r+{#pF%t{d9z)>qM2 zqd8bt(y-pOoc^JqoLg_Iorj-~D=UQWrvV*Bi(jO0ps0-vdU9s0B^7ZKHe7J9Qnp)o zPe)qUQJ`rJH9X%;V9Rauss2;MVs4zR?wL}SkJcXtKPrnaiN8BUBo+!sZd>IwG&?0t zKBCr5(iPD45~H+kbZ8mbD_+$%O|dj=delcl8R6L25OA zKi8BgWzVEcv+5)-<{z^CzHErt|c_%2tr|vCH#dFKaJK~jI?pp4yN=zZ; z6`vvS1-tC7@9E~}D-p(A6IRN92{*fhR z=rU4Btq`_x9yJ3;U}5RjyYIc%c{lAb0ubGR;euf@FarJaZnBx~tkcd%YP0ZK>Bck< zr9he8jRAL_$q^fv4b-1+O=EL-<$04=>ih9PEAQ52y}A6!Aj+Nnx#tmu-q2rB`!Rb7 z7ip^^gAOC~pPPOEtjUv}%O$AXeh`aWSv5NPI{Fh)@VW3QNEU1}yEx(VQmPs;m@FYa zZL4FuANUkqgy?%`whxKKNUe{qZGWEq32}m;=0rl>e+8m!Il(f>Zlq#(Hm>#{;s;p? zt%7pBaslee@sE(5mC=`@=WNfnOGl<2heE}n5dFc&@MF-KE7v|%ixA9tkUc0MB_Q7S z9FwTDsk5as!A+-kfIBNAU)#13l*i5Q!0+sCt}zpYHFfS&?zw-kkx8Su{)qPa>?~P= z<%-4j{mWwPTSnxxsN=cLg4DM}55#p*$Dvin$L$_bA3EpYvFhV7m*dF8;%`aVN+P5_ zKGO$ffKtjk)a0b{S1U|}y z9RJ$ZAQU1XKFKE{AV_c{Ao(q$2YloIGJp^MoYQaONAUz?z#aqe34THJmo%y53*x`F ziMxSg1S&>q+SzRkZ2lt1ZaZ0>J< z>!!Sem#3JWqnEvtSg@xzz8nI@V0mEE)5+hCJJ{3XzMp)s67PwGJg|+=7U$(Y5%G6d z;x)fzz^&%x>%@Ik?26bGUgfjg+}w)3j?VJ8)ir*f4(uuMy88Qj%ZrN#1qF!(Nr`#+ zx`<22$;pXdkrbDd6a^$i{X*{h+Xai>_v1S)*MaS5?2;{PfeI8_m!D{tTy?Brpg?&b-!8Bm9^ z+*N7C6Z!w;$lo>o<4p6v&y$8~g5y`U{}{r0NhjH^$_Xk8nL0sq`B zDBUNQDFzAR^*fMhd?DP#GP+f8-AW7f z#rXiq?T$&l1JpGmA};k+vA10X0yCPaf4~K#!U>Zxx&36)Z)Q`jGhhwU3>tHWZK$SF z3+^3|8fz;@UfW9dw|8n788+9AwcySl`2*!0DQ$oX!w)ZCX7)miICn&FVh=ld1rZ## z+mWe7$++**9IspC6kBw!UjkaK6}xK>YwUAm+$gYk?oN>w9Q&x1_MU1d?27H<{x<0kn$?F&KHPSzS z9)mCL^gexXY}9Hf)qwl}C42lOT)|%g{x0Veun29Yjq>kDpBOlw96#h*(augY!ziwt zXWmIuZ2R5-DQdTeh*xNsTHU^E8tW&O5yxMtkg zC{LBn40skulabuhqpZktql7GH54O%dtU^J6Bpzf=R0vWAhhu*!8FKK|PK*3{V5pd2 zBUA`_%48FP-G9Vhx{TcflEU-y-1kM5kl?fygZT;Ub1%pB*85KrGs{C>IMrWvSeEC! zw!!>8=k|aMS?{W4TM48l=zSYDYxSnD&7P+KY#uooWHqkw^J>o=c&J0`_pQw0yZwZzDO*#T=%4=%!D`iMp^s&`tF=eos9?20Jd9;Zz z3+tac51ets@$sE}Q%NaYj$6-dg`7^`3k*2)GNKO#@pyP90(%Syqfimp2|>xmuD!>K zhxR4QVOC*S`Uak1xrFnJDl5f>V}{}6BXWVSsNF_t6>Tanb#A5$emLT?IMl-Aoog5$ z)9mG1RB6VZ{+3+NlnflAFIXHlaMqMvg`JO#odri=57DWqODIrd^yjNH;L)|Cj<*HV zd43)A&R_0;Z}w^DNF`AjCyC%KFyzN{T9B*UWIWX4Ymw1q(Rm-HP|XrTjqF8S>ua&D4IMRmF{z z_FWvoifyKvL)d=v#SB+gZ1lSeKQS?;{lySY(g5#bqlH2D7BGc988TnaI=vG7Esie& zX%^y*aguOMeXE-Dg933~{DY!o#3v<5#V zo3v$Co6r(|l2dTy?9kFwqEV;nuz5OJ{;`<cZmIXU~5Qvz)XKq&H>kF+npTv(I$%ae7pXQCB%Vj1a{9%*J;Bga@B2$ zeIk^|m&Nv%Od}C_m+zcLA|Ktf-Yr^wk?yzWuCoSG>YEi475yChb-h#drWIkVUDK|= zz~w(8f7<2G%kW?Nk$5Cd3QAt@w11T>I`C#UWou|JiQumIX7uI1_g+u+WUW{PYXmwU zsT0&?2dF&#d(V8!UUyGKkx$`GI4{A}$9FGu{#=9CdgQXm_AO_Xk+8#N;*81Pd-kvY+}?kur>D(Q3(X`v2a1u1U6xS3 zevTDNtkX*=Lj87>>)q1UnPV!4hGXkr)>08CNrYL`bvb|ckaO)92DUq_ZF)Tow^HW&RX76Shz#T9LOQ{iWAH) zqtOI<%jo-SHTO{2#-&xbqjMwCylYbd2aLlYK+~9SmSYn%R9N~!5ctE29x**2+1n%dKUbsq=QU65sdT|W%E45EOEVMe+ zl)9Hl_~l*gir7Jr>Tt)it#;Lhe?<5QgIL`i{b4mGP zUX%2W`$YK{(SYLB+vQK}&yrt0ZjWDDt{V2i3)n~zn*55Oe%nlFy`lcG)ZkJN6P+=T z(SybEoeMWp@?QJ-NU@X&a+BypEE0R*Q3}>Bxc$)VViZsisU-|NYI>Z#a;Y@fiJ`oB z$NfdXe=m_wyNqny+*ZtBp&LxGB)SFbNn9%3cimkN9;&^>8YBskQ}|zB5RB}ni>WD^ z6{ewwfUpMnj)@u98JQ20xFmmzb{_>{?||#o0O>B0$fX1-i7EE!_e*r}6YJUI3#wW# zI4Y2(PlX;~ttWpv2$jYy=r@26_O3H9fu8=fUXhZO~y7 zRZGlBnVXU*<%QAJF2DC*cRy~JxWraAH*Ba@>dhovX~X9{RU^7?GGiIQVZ(>q$@NhrGbAofU$_r6*LIx@0N(#UMdw@c=f8f`a6I7q*ay-Y;ddWD;Ow= zRribpPT;y2+8ch16stgp@3`rRo_kW&Z4J&$8A>=PMCnVLAK1z{_0A>6zRlALR>hCc z8|jTl=tXEnrc~n#Yk@U{?4!)1UBJdY3G)KE_s#7defI;b;Y!5qxIMgquGcem2NZ#m z1Dih$+luym`fLZv$Cd+_#lX*ZpsS2*-+$itF2eV!+oMItr}?czFU6YllHUv|O%j6* zC|&Uu#a9>_5%}PU2QYJ9=I5$@PJNz10N>XxWf|#4uPy_hK0};(O^eF5#cl9IWkWzDN!p1F6_ibbm~#E#Z0l1ZS5>! zb?5raV=B4K5Xu$<=y!2i=Gf-6zIRPF^4wFmHyU`^1us6ZNsL`h-wY1M40g4->yoj> z#Mys)s~HTc9vxY);@X#F%h0bvW+Yir~Qqi@7#)g<;NQM_R0 zwL1bl5w+04m`$&73OW(Vw;ng7^==Y0&{2Hkn*43atf^_6D%fZ zp=`Yzy2e~w5M0+cGXe#Sy_?^YpF3?!J<>#nAq+(~I%Ov;c-v5o#i)fwu}^ zq>A46RFP;owT0u4j@*8mN#0m1(r4Ubdgk-s8YZX6jF)b$aI9KrhRi&;6?cptnC+-h zd2mbe=ZI}Y#@E1QY|Jn22E4|LPnm>`q(st5Zb82nHn!4oU92JFfuEFcGH}a!R}&y^KXnSvi&|-kSjzym^wzClZTFM~#AB;Q)uKg2Efs+g^9VNcCQ& zYl*9KE!9S1FOC}3>DQyq`;h9zFP%|cLFR)e3$c$sHz=iQ~&ZUc9aPKY)TB zvXEy2SA$QZ|A{#IB5L$ly;tasNL{c4xxm4$7+dFYwA#5{(_ZhdX&=pb+tCAj)rg41 zp7+?HL;89=m*@97bv)%2_=I4gViYf!+Fr~&r_^YPg6YVe&hNvZNIrx9i+ck&H!NA}>+Y=ly9LJB9`=(F)D4Uxn3c+O& zfH_cVs$8yauMHO)NLf*r7eP zj5IgCNI=0gDTGFh)@)p>f(RGtO7h8N4rypDoM^T;sH-o0hR@j98_WHme44o;przFj zz_N^#VR>{2a|BUq*#MV60(KmSdCmJ($&YMo4#FM{Y3cF5p=UUCCL0pFYx*k&J^OtV zM~8U>3ADC7R%~#e`OiO=e7?rSnB@D)eef}ivnL0&g+u`Ub2HRpyIO&l`u)(YYQNs+ z(qy;M3^+ zDCOu{LWSVF=C1lxXL}6rtN=b4gPMcL=W$0^uY9?Z+XjMldr2wUr7Gs}8NB6#s9du& znop5jyzOt93>w-UZSeCxF;e7du^K>=u#3)re`nl9qki0`Xg2C#VHY&WGcI z$4!{Ys~nd#OWiyUZFfF=CIk!{ph>R%(HSrZe(hH!Zlwn%;P&OR}yQg@5l zY16&%ZpWXw4FzArn9cRCBRd4o|Jv`~oc|zFlR|KlW2ae@r#4>cVl2Vq!hHjhqBt0` zgxuw}u-PMtj<+Mw%~7CrHN!;MV|_1hJ>;GNPkz_|dd>9F`3<&l;g=2suYR*KfKT#0 z^m>dz?XnvE$qXneVg+wBJ<<61hyzUflL((p92BXVVOo;9afkF&Gym0U}{#-*&=Iea)l+$d_C8dZDz)BHokyUSsf4MEX zT`q{%b}amL;X`D(HozFwJGsi(WI34Drdob65G%cc|3y?0Hpj>gmhn|8-uj@6k9CiCYB@V zsB0Zsm;%a_fU;x}6~gZJ&J*Dr?+dM7Dp)u{Udr*vOB>$ntoBCb`?sL^X8LJ7)-ngq zj2apckkI*S_XIHz-m;~ zya6*@s|yZVS)84SP(_{#!whu@2#kOQ;>;%J_h~eZ(}3yuDAG1;i~2@H559>?(z|g1 z=}MIL&v-)ua7unFCk%|R60x_J(1viqG36@ONPBS{a9Ia|N={wnF>0DykuS<2Q!st! zg+~m9&=Y_LPoW4aU0v{6#PZGee+tU4q)!cS+4s}*wOV6|g*m;>*Uq$w_ipR(QBv$X zXqZF7k8`T~vk`>?Pi|yohbMV>zn{LGHH{K>fAdlmc3dUxX@v;G2Ayy5bYdG3*{WO`HUN+&_p{$Chd$;7k8-Q~0`02r| z+aD2|;K`Iry?oGtH73X;-xiY3Cnq-a(z;fL^G@3LjJ3RDK1Ff}=+OeYgh}Ju3kPa+ zre;;eS{`wF-O0~N@ajVpt)=27CW_bTOJ z5BP>&wql<>%)B}|Z=pzg^Q4TlE04F29WHB3TZ3KTidSl0<@(WF>%94HGrfY<%@32` zgXnmhd+)zg;E*6(P_j3na3!-Mul>o)OBs3fRS=1Udn~A%(qz-C&mrr3p@$098(I$A z#V&>$Ad>fyPTXIX0Z6P3_vwc-H1Soj$%o-iM#pvFDfD5Qo~oGkG#d*HhpJjg$gAvb zL*ISP5ZVC^>zGjbO0`Ax;f2ahg&Kx(KYuAIR^JBUWe&K8b)HiFn`L0n=fF#hY_>gb z1a@M3{2D>ODrOy^Y4g3ho?}xF*BU4$hyKP@A`8zAyEA5aSaYol9FpI|6E-%`y%(B> zx?@xcAuqBQ_{vj*u) z5qaQA+b4u!yDdgE&Yr?MP{eGI_N2~}493&Z@)*El@QONQ2Q;D(tLZ#zdNOz3l=`gs zp;}c=6}|lI6qYlh=w8U2RS@J@h(2q`^I{A3@XZcw{;#IyJc-j4?niU~_j zJShj2z79DUIz%HeWHj?-yznE`b7k;RRjDLW3c4rlLG7+Y*pe)M%#LRwB&9I zUXd{{+fSe6rfQ8V6E=+c6nHO`+m7c|4MAs}Rq#88bALqsw9B8D;lK1Fx!S!6_+RWK zzW(84{$N1=pP`&yQclkIKX_R9fwdFP%Jt%G$~>XK@|i5sX&CJtpM9c;_}7*ZVxhG; z?UQ)7;2iif*(c`sRLvdE-MhMPY}syI*LPfqzd(y;-pkJvf@jWNn|p0^udpLVH1Kc2 z2Cw)TQqBQK=fLA^pDw+d{PwU0&&Y@p?p)UJP{b3;#mqC{=5sUPN~vGlgtU#)sHdMv zeyNk*pMrY>rmrMRZ``7(H?Csjf!^o$Bc>jAfU3PH!f}i(&y-}}EMZZoPhil|t_fOl zN&o&C(S{4VwFH!{scc5+phxT_-?^qKymP%$~bz7oc9fcw!C&G=_AP*Gyi@ zV<9dd>qB(KcbP({A$>cJO}qR(+&iMVD|eZ*__y8OKK&5Jg+s$ov;|l2SuRX!6KZqv zGdo9)AN&Gbl2fIr(j7*jM4UKNy_mbjkqqL7A#cJQ!8CeoXOOv^%t zhx@Y%0YY#TCzhnOA@SkS+@Af)m4+c*Lnk(N6E_~_J zXEsnodw2M$kQjQhE}P!7hRrK)a(+(W9sg^?r|(q+9ws9|I2o;vMshV1&TT$`p~)62 z{8bljT~S#;4-hth@dS#Vbj=QRd+*%K0Xs1<_NB~SfT25a*Eq!1(Oh^e7VovS{jt?983*BULLOhfpZt&=iqSBnTTbM-ztyZ zA-y3guNpm8fhTBM06nw*1e009N=feC_vN=L=Hu7O4?Q*EY(u{>zLn6@ymWZqU<^3m zjZ30(1(u+kTKG=+8q42&%?Wse?<(6bVPMBeDYh=C$*hS~(F=};G|HzX6?0d;rN8$|0xd>Y|IDCAq87~0Id2oWl%n*qEPmqm07?*jry^8Z1BJiKY z3*xJE<-dK^n~}U zYP5jo{a-OLB&pPzc89by`YOQAHc~5Po{}vcWxgEEZngZcX*yBJwGb9?m z*L5dKR`J!#GhI1QRtByeeK~k}@5sOI-lNn4x6N{VMHH&1ltw?p zF>td)HV0!uv&W9I52Q=8&JLQ`*Fv>4*17a;3ndPgUcz;YDsCrN-P^Cp@ z=wKcX=hB(owTyt?=EXCA}O1Fm-5iHQ!6(m*0TQi%71d~gC@j$Ko7W<2Pkt{YoYaHQit|d@vJt=bVxsrJ=s!l*4@(euXUZXV0+Y0o%}Dyi3BbD`h8(e=`ZQNC_W0 zPM^Xx8q6Q^@Bo!$27u#S!-*2#q`N0ry#qCUC<)T~@^&^D$8$+eS@5q|080J2J5c;W z;g$Of6Wkpaa{^%y<$kwTADl{PhUKaM@}RJvz>1hKxBEZGbYzGD`;f0|1p!6uIP301 z(O6awjkG#Co5JVJavaQT(f`Z@XdnO7}!Emv6b))UQC)Tm#Uq;G5- zUZ?iKg=~q|8*$2PgGMa|@wg7)+kkO>1uJ(i=jU7SR5aBp5et6Re92Nw>thB2KZaeJ z68sjCc8yq24NkG91)0}-(%<0cJsPa;VDAzIg+4v3uf_WSuolqCX_$@+b zv}3@a?RsK37Ii|@fMw38{4@V_iTw=N)QIk_Z02m)FRDDM9?IDM6BlS7#^pZ|k9>@A ziQsj3V!>?QCK3B6EI6CWF5*Mc*DzF;&F|{>Q z&UV!B<;_XW=m3;g1U8x7T%mZmrK`K#_Y2EqKD_*cO|jlhcQJnW=s+ZU2AT1+muAOlwYw4H%yd*8?@@GQv=v^=VTPrg9m=I@&b45@T`HXU(56(=s0II9lOT`ut(nhC}& zwz=q#XEZ~cfT~Z(3fjg~GzWhN#iaJxb^PQ8*G_Spc~Bl!*vs)(=mH~6XxI{R=Wdp% z2EnV;pqUanvo20X)dvImVM5WLIuXZ)u~HRJg$G#gS_1GAuy6xgqQp$C+LA_lgKitT zxo~i@9?1)tvT^Q<1OX6J28c&)mJ#+UFs1WAxRI_zCA?$@x(fuP`B@uu7JZ-j+Am=ya<>QhDnKNdRQm6Mh~rJY z($&U1KHFO{Bwg~j9Kx5x6G#@f3g)1($G{>KuE^W2?@RMaY;s9Cr~*kBJ410d?Ave} z0q2n`Cnh2(4wzdS<_o`TU7Zv;%LGQ2VHvAXxm+%IYB2hCP2X=T`=Uxr9KOnJXeR5y zyy1nvV$+QDhU7Xxr774&@Tg7zF0~tN_iJ9ix3K@&Jf&{bsNa=kuPCsj?2|nveedq8 z_I`fGzS$3MpM>ow`u5`IR;$+xx##QDDeE0*|Mj(%N38z{FEiGjL2WFi>A`nZR`cQs z0)yvWe^WDVN>$lHElILLsV)C=;F;*gTz3yfulqFm|3GkH(+)2w+(ylZo&E}a0<)AzEFW<# z?&oZk;koK?z{!m_uJ3%~!$0=XP3Zo2T4Urn*eqFE?vIW`G#f{n1%4V*FUuwh3 z%7YQ9R1uRE1&MI=VL@pqZ=}T$)l!9xhs)a6wjsJSE7ay%l9se-+vWyR$|6%72BH*7 z77;({T3iTiFcE1$^!0W64nOH#b)T4Lu?;`kPll$-ibf)DOo=<}=as*rxVFC@R2*0m z>h~JH?7p;^w)&+zVCEV>eK1(C>m|0FD`IMzlPG*>2Kbal>;ABU2p~PF&ujY)q@k=eg z%)6uQN0wKzDH$75Yh%yH0E2AOwhTDlFnv|1ZIi>9W9&40F2LD!y6Y(2U!5Tw+fe^t z`J|7nQu5!TI+)+0RR$L`g=5n&8BO%=E{9lgKf{L1Fem4ib=FcoK1aZshjM*KN3qL1 zv3#`aHIE((Uh7TOq;b=Ohbnbi`_D0R5nYJr^VIUw!_afaN+-uUJcHt-LTGP(bi>Em zIpoN~iG$%i-}NK+9yi&plwGN$QBE>T1!1MTv>3c^2jrOS*^!J*vAcvDZmL4Z~>Sug*tv z3eYz~a6KAutb;JCXBP(MQ9yfhv*Ldmm)G6olk1f58!P3u)Ve-hV-fZ}*fdx>GIFVg?iqA6D;n~e}h`^ljkzTlp z1ACjRLVG%7*TfDZF&WP1sI@84-gvz$wpRI!LFWAU@q8-GAw2zQ_VLob^cCEZDDqen zONM$6pIJin$y(-AdPzdzkONG5loZgXVHr1_u*=Ekb#cnIxNltJ9ASrg>1eaT+Ii5P zE%ec?cAN#6FUVmb*kSjhEv7Heq0Qp32NH>F0G=xdh5iY678DD5GS}f9Qd0Y$?Zc?v z*=a7yO7({`Vd$7X!_lzGCA@2pE3kCCJdSJ+An)Cr3|8sQ4(4Ag06bp$T^|DV&~WUA zw!)^shQ>D?mXknCGvLBTb0_z;n?`0yRqngBpc-lZL1dYQ-RqT6(k_k=c3Qm8!j#nF z-12P&w{1ZWVGTj@IgDlyJHslr#G>M!%KdoR-QaKpO1~|O89I5f{S$f*8CJf-4WWH2 zG?##nj>P9{l#YkK==+@SU?*>QP6M#jBt+3w*dr--@vpc=^BrjLA;fl7@Ji$!3$D>d zKW(RMuH#SzJD3aqIow1b$rhXs(slg_e=3BDCx%gO^nc!UXbeTzEnK4c3gckZl(t>P z{sdx%3p{G4yEBhCoZj4An7rCPbHsXnCJOXXmgHg%@mZX5IBuC^@qpDfu)XbY{tC_p zx48-)+ss~0O|`{dp5N-XJl~V}j`A93SE}tq);?ks1V(*^f!N=!-!rfgUrzWH#aU## z`57O7=`g@l8gk3L-Y4ReQ3Iee{3@cM`)lO__u{+$4%C!~8;n8xUl#J|kb2U#Ei)7M z>Iee~)Y>~UoYBM50R(q@83fsU-uxaVpq6dWPw~DTfwQWFqM0<%?3d7Z{6ZJ5@3rL4S{gJT)KT!=M!e@S+b9}AH!UCM?;z#cbo^^{3P{wg_g z?xkD)+{8LnKa=P8{9wIxE_VVL4Im)?0AWK_y>&DSjT6nsiCmquo%O%MLv#vo?>TpZ zaLP>-KUia{YL2me2OuOuJX!6-WhN&|)JagOKA8TmlLaV~!ml^Wo6+|w*oL|s7QWZb z7|~|3O40}@)^@=vkT!Oqn4DvGq9a~~FEiB$=og<`w&U~SSPT@5S_WfBH{(Y7*UR8* zJ)^i$Xn})p67olq%!RqSayI5s-#f-H%+GWAv5vBm-6E)*%PGf)uzxU_{@gZ#2Eoq( zVnU9rpbx^0sUyNRcLc%6uhkia=wISr)AWsf+oKAaj(BoJuGU> zQe)Hycfq2(uOS?7St+@KkEoR-+1x~q2Lt=)eQVNyMOIMD%li2t?PCn9=)}af!<@${P3M-X+c7!!3^wQ5bP71Mh44mjTOU%K%IS26M0+Y~^AoBFm=3Dl|_;;k8bt zWJ7(yx`-G4I$F-`9xs+>uDgSS84;026@t-dU}CqHNjVB#56D!_@PCN6%W`5c>SD*jAyKJ}Tpf z1&jf|Lvp28p^hL-N`f1|!*}K5{^RjhtniJ|B>B@YUFNX=rSMvu&S$^kk<)No6Gz~o z>!s^*hQC8_p_<=qLT~@dEB_sKD*($SWpF7}Z|rxdE#=znV+a#cy#|{3pdZKToaN$;MZ@8J% zV773_n@#X0iTdfiGhajf><$4>(*~5u&$_!_T}@$)!UbcuW%%aJ{jP;uNgq<7L4Y6o zo;CR^=bNBwwQS1pLo7n#S4$nxv6t{#gKdLwnD2$yCn#LlJPP}Lbm=kMro_X0TMg3= z-OwUz%s0Q|nZBvX!?Q1TkDq29Szp76^oWdF6jg=3z0aIn867u>WMPA2Ikd04-Aq0U zsH?HfxD|_ad@R)_B1=;F8$TI?>#VH4y-OY~)JhyJ%#5uuFaUL>B>?Vmud(P+uKQ;^ z*tVWb3+~=co`s}bd?6_54IBl`6}DrYvf;Q0An+4>@bbeZorA#lKzOJ9Ok}aAXKbiS zV6R$Qo8tT@55Krpt`Lj6Q?5;}?XFu$&4N5!@P`8^cCv{J_nZrgSrNxc&ik`^0pVc8 z!MpoM(BtgP!kzA`tX>-GMLlNec|{txY+cPznx>$>=qR0ll6hwWf|OkZ3%vqt_((@5nMfi-SK+45!_W{F#VTN z`4EO*+X1VR_$z^pYGp!kLKi@|TAVAF{ssPnM3k3*^3$R$#?xgp?O}bNV;aIpvxR`= zYM-`!KTZs?A>s?RPK=#jWrthmrggVLuLEWPS1X!%8;4+IbLXnPmEh;jiF=Y*j5YBO zH=KImyK^go@Ipget}wva8CNDq$;eT^l}kXJGIRi3X9FGiHI#HwL-H?nZZ~}pmySc? z;QNn*KS*-8F>Szb8)RPK{TMDsx0UpiWy!)%(&);Kn&dBIf+8Ansc+7|14f_?Gj)?v zI3;xkmutGL3TbD_94p(rnPRVXS6cF9x?+m$`|6sXJgHdYhiXW~-Jm8C^F3*gqz4D-;Jl6!*fd34$U~$i6$BR3X-Ad_P!45p4)tzRSw(uDpA^qMkai`RRYK_uf%aMa{mTihvR&2MJ0} zl9g;DL6YPgBnU{(Ac8;(NX|J(&N)aHq$TH^gJftVH?g7VKGXVrbKiI0%$r$r=iW85 z-g>LoI)9uxy-%GwRr^%!s`~A2jO@MsE{jLzSyYclnCYjgDWD;mJOc@Id3;robJ=J( zi#jbMu=<0Gd+Sb~z`E|6s3`ct73Avj?79z9%hUHlf*xInSoivH@0=$vNu%xky)rbf z))VIcUB%;pi&Ca_3n@oo>b-#Q_UhdEeL0Srh}Sy&PX7)840*Vq2>dH-*eH-ydCoJS zsR$cnQj=Yslia^O{{QL{F#H@AZP^au@Rm&|5F&&i$QURqwUK?^WXyC9ZiD6A|_Y#ZQOnMFq%)bP6X(usyGAjkJsgHZ~g7q&c1CKz5*H6 z`Rq}vwtYyi`kjRs8~pqi{2mQ}?=CMDFvCqO0b>mPKVpVKahVw1hS~hzH>_7lc4fzt z<5{&o5J$~;x33MQrH}6m(B2=OCivcYU5yW(T~$S00H_y!6sRT7Jleibcwl<)V{=l2 zb|^2-%R6@b&hPob*hvQwd=AZw&`myux!V{RpH4`OiCB`!(nmK&teFaQ!iPR->juGc z0O8rtRYEGXrSY{VAODfnWgR4~)kj?Js?P(EUJSUPu>v0S8z(HXBo=*xrRv)24$}pG zM1z{WSlTtY`{QN2puJLJ^W$o1w2uS@e&3E1d`FjK{xR%7Ey0!apR0;@MWYeFy+!;| z1Oxv7Y)4bHIa-o6Z2hAN_-`%_9@qw~p@Cdj;fIZ;t*?H*;ydX2(fbD$Yz{i`7bc94 zW#yh2zKJeYQ}BoPmEXrFRi^)6AeB9)h3M=-5cDX8Td$+rjP9jufEV?mmk>-@-lII` zt@|`NMtw6Xczgx{-Xx)1eR!+Aj1fgrGvB6(6IZ3~q=8pN7s;IJ6e&}ZTvGDaC9S16 zN$5L9qrkzoQ=EVURiJ0N!^!DS1eM}zdT@S;!9Zp%-G@$<1g-wTQsW40{I7Vf|AoNz zKNDUZ3Vd0GFd8pJ4}=|8DA@s~+RypcTBh31rU&?3pMRM5 zsE`~ytNl!Ec!0@yigJ4Y;c__Z(=kTY{1uzk-qFG6=#iJ_RmR(GG9BDuJKQXmunqnt z>mU?e!X3V6|Ai-y;`^mur%FrdI1cu*drbw1rIAWnXC2614s;VxnlZQKJ&KMy>~h#> zKL8tZ#}4(x=N%ncOhrKMS`ilb2aftvvoh>O$VN)nq;}MDB+nm{=eKE-x&=YEI%k6L z)nyGN7z3wVzw(WQ2}aSh<4N6+5QpL=0*YPkGs%lvW3u0TFM=W;E}L%XTq<6Icq+Ex z(((Hgfa#9H4W0g!%&z%QbRpD?qPgz+Oja+6mk2?>DlWfH0bjX-Mz}gEJ z6F=0*9yFVPQafO@*7bH9K7@>s+ZRV|!LSJ#+Lr}ZB(9SVEv~N#twKSktDu+f-#uDz zQnJ+g0fjpGp?3ZrAZUuo^>KAC61m;p&n97>0Gid?p~@Zd(s^_A-8@l_$zpRiwd#vj z$;a1?Ja1Q8nZENNKm;KtW1j`aa{Pt24Bt~u$gx0jmK3j#%MS<@2wXm}55XP0-e%m9 zyCKKzu*$GB#R>l!Dne_*f{}2h%{;rKU@gh_(~G=RPxVZedX#Z#3-fVXJ{4Uoi~|y!9OUMK?(Y>gNHIO!-{?wlXo)i} zrNHL?^0k_!EP{GO+5&Vutjd3|w>$5oC?6DVwFP610o@9HyWpW0^ST|`tVX@y2&ScA z3lLoliSFY>j}Qa$x*gb5r30Uxv7(rw%&q>2=lJ;edY_#CoG|EoENE~Qz0F!ia*nJ) z@{)TDaMzL@uh)+vj)72#-h=VoVD!_HNgwFYq!l748&9Al>(n#pqgOZMyPJOy_9-@j z<6@1bBeAKE2Vf9>(B7O9q<8J~w=N~+DLje_74aBMHa&!;HH^WkB^CUIH?0DL2{(5r z0zaP6QGOuAuZ~(kI{I^uG;`>@hJ0W6g5M=LG?@kr`UE@<>}qd4o{)a+uOiH9PT4-V zHXD|i?9x&}5%@^Uru~fB=04{+o&ej%RuM5z%tsk6fAa@rf~(hqmotRz>%-<)%K4vz z2uHx`LJUQRlmQ$gp6y(|jVAB`-oQO}ux?n2oH#?#@jnRPfEhv&RJbtTaE@2WXAanD zs9bkFt+ZO<^{8$%=t4Rg!k~gDU`@x7qu3_CLB!|K_m_pFO;u#CSv?=d8~^I2_vwfEx)y*Nuih4^e5e?P`cq!XIn_+XXD%;; zjr7uXm!MA;48q+Kg76+36naW`|H{xIF;fcwU|>AiWSfN0_}>x4XMqe(B0b{2;)4Y? zeQG3#yX-*-(0%o2&>=r05jAHUMAlq4cyY5euv@jb&>$2@OEeR9#Sh_d7`~&amgY(0 zp3(m;G#Eo;N4GGF$`mJqXov)-1+{^9X5aHRp+Go0(e64NsZ`6i=QcvL+ zgx$GM8D7Y_|`5wI*0LA#RO%i#MB4*9qC6 zZAbLsMBWc2cs?{cwEWQ^yg(eq5Y4f?NqK#J)|CbN=$7##&3F{Tz&54cs-ZRzHi&tT zS%RyjH~anen?d*C(tn;Sv^Nn_Ezh$-YDP984NX?;MEkAH`F=*K0-xV*NE=>1-ykw8m$=RKKax`(Cut8_lWp)XmZ zZ2Zl&Hr)iiArHV|<-DXj@XhGUvkQpZs6-4FL2sJqZaQOdOpc0P|Jq9)-!uf+RU3yx zMByHD&bekJSewfVao~Rd(11^G@dF)O@)N~e(xPvY0u)uWxF4ZmfdF)5S!aDhoV*0; z1Ji*|SheZEN{oT=+adC4(P12zNf{+ZPt*p-vTtt(kUTM)mQ}$IGl%Hc$n$ua)xq-*RyxL9Y)g}dz4Q>*M_q5KISBBerlXHRtV=%-@7@Z z_qyJ91gU=)!A4(EVOt>Cj%>dLtqs@hW^@Ev+|6~$HlEihqi{ZYd3&eJ!scVNg1Bf_ zPcc(PS7ebp-X$G(0bdjKJE%iVdqz@jx@<hOPx^{gX=>G%+-Z){y$R~)7@-mK^}WN>N!D~O(R8A*^`dfbDd3V5nJyI~XlTRxZlsZ%PqR1uIK;ph>n%6?kUD|K zUX=7RoPbA9fA z7kqm$C?_MLmnwyF%PB)=hS|2{6w>-u_|2@E=TU zstpb03^7}Z4Cbo*a4Ffg9N&)rMzgI}ydpe(%D?NXpdan}pYW{z>o)%Z1^FKeE!t+r z)==p>?D14poPU|9nG7Sb8>jHVbgaJfxELaioNFAAbHT zq2AEhj~el-^_UBn%HFd(_UUx3IW`|x`&wmw=faW>x7S_r@0SaY&st8*a7gZx3s|UQ z9K^~uCP}?MEyN^E8pEYr(^nh~wB!aYptr)MfMV%}9~U@u_w{tDUxKg+Oa$n`Z-rLA z7=zE0!@B2;eeT8r(p)?6>IJ~CYFwvnnw{ICrmGv-oW#8@_J{if@{Gj=nt662ql}hOt|i)WOW)M`(sYH63*X0O&nvgB32O$ zeI^SS+HIOaNt=Xpk08QO89@fL@2Px!Jmx<9EH8igDz%ECvNJxh)3Y=5HPeocbD4oN zCM@0mZP10%x0s+v8@<7wTjX-oRkqvDvtCt0z2aZ>jM#l#CWQt2G-e|K#_rWoy?#oG z9lrYpw94KOq2|u+Lrce|d>l_p_}Fpr15Ra};I`7F?oyeAOgg^GLyUEJqfbBRc0Qe*BS@pUbdZhg@q$e^p4rIB3BUvNie?;C;t7q93pwF!Q8|k1NB7z*XAtXi;MJ`q7C4R%&&0xdRU66sMteIffzvTL9g|K-w%)@JwGB0SP_aiu+*%>-=EI~t z)zq)C`&``704*_K2n;}1K}q?td{Stq`*t9@@t;WM2!F|dCAn@rK>z{*M zU*I02j2~(Xs(Q1(u+g0(q0EsxchYRL108c(zus)`e-Op>Q>Yp0w)rUyvn#SIl{$3f zx2>%ct1a0j11E!kF`oxdvHgU*er4fp3nb`DX_LcKy(4HkOv2? z>%7@{M+m*z6edNUwyu7fsON#qvt)yGa>vF;a+6$P5bpg-)#J9Ss_xYX1k@vce9oKP+uNVP+*Nc2sIAqKGUBV zVp@Om>z(bB1z-WVq>OQ4zDt~65Zcrq-v6d2lf7?R@~?jb)7_(*eD#iJ06CWBIl)ZC z*Ed2MS?d2csPVe3JtFZA{yeXA3Qy>x@0LU%t;`+)Dvgc;3A~qFPyV_-b$i#F>I}f-ulEdye_+v&t%DH?m zah%kxBS>pyL2*`lO}gdO1~V~u7q%k^rEx3avzf~7ZJ$;itnhgD-LerdZvql|+6$7F zn&c$A*%H=bcd(s$$aHg(boKm`?WTg04gExHr);SV+-rLZ#>U>2rEqbb`Big)s< zqUET#y`7sd_AT^;a*loY7=%T6eN2zf`9bpt{KvtmCZH76X(sAY^Zy$s{>ZT;q{Mxc z&uRAO!ar{0sV9FYGYB0f3W2~L%hR=!QK`W=!(*#|U4&1La5~LvUAc~0Zc-6bLHHFm z%YiWd4vpgaPPP_b)4kGh9+~*BFHe;l}UV#T-m7wST7*3A22@>h^IlOgoJZ)kaQe-+R9*LS))*u({WEzR13Z7u*U z`@p9rU^_+Ay6}TtPUZ8L@u=Yno6x7x61~y~T+0s`Qp?17YpnjJPA{?j5 zyz>QCFsRL^17`IEfz=Zz=UET10{Q5uHe#5M*dDCgXxG(ych{C0)mU% z5}H^X{V;U~=A@Id2jZM)Zk+6I8|-JKcFb=!A|j=|X-T1&&)Yli1z{Sd^1YAec`O}{ ziGPHfdcN7zlxtBQc-rRQUfco-@*wikTC#T^Cb>ae>?vO@gTd3A3QR{Cc8yMQl?L?% zvqN0c`&B>48{RsK$P0Jr+pQkxi&RE}w2^g4QSY_5kl*QMjJunvFN;(`$Vg+q3$kdY zTh?b)4$+uVEDva+c@~D$3S{;xe!QUdm^UG!A9Ayvj)Wx5TFYs+-zvKL{(hJd$9LTJ zQ)E9|2sMHdGVxUg5No~$H>z#B{T_3imtfq)cjyMKLkBn9;BOHUsF&^Z?Xug zJ=E$~j3j0+4bqieLp#UW*+7&pYUn5B#&lm|kYhAtaWt*4qoa7lK--DkEi!V)*i#z??e3g$gbgD*l zw9x)0l>8;;r5FsXgobxN1l|psaHcR;&_s_2=!KNqf_Qd1Z1uw_rlF-a#CMC0Umr>A>aR zhxld;o1uTK2-E@R#HI3^kp>=ZgyPLIGnnfsmKe0)I1UmqgUw}8<&eF#flb@my|lxK zy0vQbot{4AZy7j#y;C?*#6R&2`OSVI4^!Af@VbZMN%C(){8tJAMqB=L8-(5!LsoCC zqwRa#f0p*?sJGSRNE9JX=%~N}o{I@Rh$Wqpf)Op~h+-aB3 zUhcz65XD3{Yqn$ylX%I)!8stdeH!r-Lw#`&Zr9QoZh*~{dOoS7;ebz7{y5^fH+T>( z1US`flb`RES5MqK8<87(lN#E*sh4OgNSWNV(V4?kv zXvi|)Q@w#Avi_~HSPdUdnX89@wDY{fTU(jBpIw2ViT6hSEN`B|H|5BV9(&!!5lIDW z(dt@KJ`+y>gF|_yg*M99hV}~ecGMH??5zVUgJep;|H~PN6^6B^I zm%cT@>T;Q4AM(f+8w)K{9AqPqE_~j{NW$HVfrRa67Z1hFMkt8C(bm;cuPj4M$4zb9 zg$cm#4dJU6c_3OuS)hf{6NO>R?e8we8B}|PuM3yUdIl>P*_qy&?~h%(^fnwEk1aX= z^30|bMQ$aOinXhxCZV#kklFbtRSATk!&0T#vWA@DhF#_v7J&>hLZ{(IwJUG#t>>z2 z2(259^0h6_ZAtvu7_H1#$ND&}kqsvUq@eAO4aJSVpsz3T!}94P4i{np@ZgP8!!LsK z<+Cw#lT22x_{pQ^(5`;)4*ap$2cu;JTlmTP-qi19qET0c6vfcNFJ$lDfAMF?%Xq_I z{>CIKVJq!X(jwW0wcr~iZ8ohP^&KX(@GIEgnxxixFZekEG{7!N3(%AMSuRvqvfp`P z?HQFT`t9fk2~&@tVyaA=ECF3CReTj<&4=n~IZ`y4S(`lH1AZlMR`Y+fb&gL(-|{}$ z#_l-{c!KPpkp`U9p&6Lat@Za^$`wQ55$GYd;pKQ))EP`g=z(7a35!bfnYd%N9_o^U zJw77zizFg;lFRN-KKC;H#Lmh7R@ypEiYp;&LLeDeb^5oA{Za$z|BeNaQECvaSVw1a zVvSESSoL(eJO0JeRTcp%KvP2ZmnDA@C3Ju8H&AHU7<=8Zu4`&ns$yqbpm3q)G@Qo> zkGKhW=%etNF88_Bu{CmpL>$3wqEMonmvx$19xFMEDJ2yFL3=xqm-C)Z>RUdew9W($ zEel1?dsjCj-x2vbX8t$ zC#4Jr=^~4*zy`>x`r&X+yG&=O9XvMI%#QaFXdIZTJ4TNAWzHO$450#JUMfml{nA|o zXO7xUj4ScTTG}mvk9sII>unYIj)ZP+*X`l)2XMNfYM=KmFEm(YF*={m+%E&9569GnS}j=9Tz%_# zCu9~-G#+l&>p5(Nao$=t*|;yoPF1)E-t2c@WIyYlDG!*e+pk{zp5AEK&*a}mG1Q+xhIz@f-2x7cU03|uUf%*c~%uc zU6zQ*juCXzIs&h7QuFUTM(a)a192Y9ut|SI@^AM{)}ZjStQT_I@H6AEj!qa01tP4P z2ArEurPj1o6-T-;(8-~QanJ7v{Bm+wy#?^9wysZgN`046y$n=rdL7qTB?eRMdzm~I zR;09iHruToSlLO{%=$ZRZK!upkF%HSHp!~JT;sTg-(xg%&9 zOFaQ;=^By-!_6^wyZ1T5a zVT>)MoJxOXg=o_x-krQ5z0`NonE`uWLb5L&XJGx<-FZ5k_qrVvLQTe=Z|wmC6nKlzm~=@FC(=UjGB?D! zwuig{XPlJFwPLv{(_Xk?Fr0JpP-x}Jw`>8_5DIjgYQDSp*pW0l+hwqH+9Bl7j~u8| zzkIrim4)EB?&AYpU(88+>CHEDp7SaX-#2*|Nt84wp>C08{Cu7zi~G%_K*wD5^h+L7 zpXZ0=ysu&gbGl9n1XOLuepxtH8vZ`o2RRPwWwv>4nxqa^-CXr)9Z67zSl$Lc%Mm0n zyyq8FotfH4{Nr<7tO8%jgR?gBeOu~f5s><Vvu4gr!^p!5KPub_SeZEeEKLLTviy z4{%2=hfvT8rn{@1Jud=cn%gvN*Zs#%C~Uz5oeZJcl-u>tYOZMBXEU9d`z$Jq-6u3B zNjE`ugA}V)5fL7pw$sW7`id-YobAT~AMnOSsU@&@*)I3zR6RN+6td;tN6Js89AG<@ zs1o-u98(`inThJfzg*IF()THY)&c8e5rC^OGfb0w^iF2M7_68M?F2B$}4yA?NMnC$3X=sfp-AJ2_lOzN+lz-;$1#V93*xP-?X`U`yr0uP38@)@A(94{q8$(qW5ql zVAcKdag=vWNrLk5#C~51@at+t4q@KPM=*-^AC#|txwQ7OznT38Ot8{VQD=%7mRjV# zDAUJ_;%26pFOt$ryuJsk8_M1tP{o(iY5PYD(Ixz#^^WQwKM&4*tBd;i+z%=R# z20AeT^4w~y`{(xc`q@OW)krHszwGX%KWNpzI6G4<&a-PSbJi-9vZu+b-h<>-7yFV> z=Vh@(XG%ixML{2_&YK?&s8ygn;hGb*)%%)_!)$MtU)pzyhB%ogz3R`T%ZUx^-qsq= zBRQ~c%(%QVGa-M4qg!LOuH(ZTe6#t44fa$lN_*o@UrCD|?R({1UYuu7i=l=1Tll`0 zp7w3TgRlJ}F0INpd5$M<>K^yT(1MgUASSEr{h1{o9$R660yY+%g(6EQ3HQ3)luuNv z+-dAoPntXcI5wRMzm~b+H0{8LU?~U_I&fJO@fsP1Y@yVjDBBQr1-4Ap+9Wkg`e&vC zG<#M&IIEE>hR!Q|^q7*xuAKDMx7MB6diq>)g#Pt{pR=zv_6ztj+4}J^U=Eu-P!Tih zxFbO8^Rm}DBSBqwq=){t0Q=WT;Opr?XzB(NrH>EE7yYtW>G2>sN@HcrwfpwA*lpp=k|fd+{aYntBPdvi*CT*@#onayHt`~x3gPtQj3BD-?szsBCgSn-lY?#T`Q-U{etzj(hwttg52OG> z3#K_FB1i9M2Vm2AKMJt`$?jLy5i~emK~0R1$8G!Eq7O)}ms!wjf#G!Dp^k~Q-;fT; z;fAqeL<JS{sWf3Xq zwO2ZK7cpff+-$_dZH`94gg4oFAM!-w&yctI-<(PH{_F_sk*$WHg45(phdI`~( zlBYE`uuq>7-#wkn5)snTp7isZWxC6l35f|`!R?bEUj#l-t*=@fl4cCr7$|6n zPU9F1N{j9lhV@n5@*!85xq>|prin}*N9EVTMY|5J4wqsEO{|^0DoUxUo0&>5QgDr3 zf~N0y-Ih4*;+G%+9ISE4WMYpz0pU<4D_w zT|@-Wex#B2x_{H;8 znCOWV*5&G)KGPeP^|?CK=N-J0F+XK&t-AH!m~WRK8Q8-TNnH~kQYv$N3m+{>(9L+R zY6NrAnAzkuROJL(B$Tgjl!)xVO<)PahwDnQN98ERP%boUzcN%r);}&fBk?&7K*$3D z_rCtt-y1{RQ!6n(O-M+k%}*+T3m>Z#*|g#p^4i=i#BAz4?t}rY*cAUzeLRIli}+MI zaK_UnpHJr#`||og)3(u6)4(Gs$>y-(`%jiR>^Zz?@M68qIosgL=@5`R2Kp*hUfGD# zPHe4uHX=0Uei(s&`IM!n@mH;w1aerQ7F8_{(2Tr5*y|9hZ;QGpxy;N1fbYJ8!KW_# z!W>*7J4JJPpV0T&B!*r!_W-v;-~g9rT=V4Y)A0{g2ZN@(XuA*2OV3BrFRRJHSCQYd zFU3llNG*vn!2D+C*6j2tYTU2Yz+SDC?KB^d7w+dSedY8|3}`|uV*E@=_l6wuF2D|x z7K_$rBbF0(Un?8)+(yMUEoKhtTIb13e9xZy-VU(NkJ`O7ux$rXn2yWsy^C-?O=_lqaftg;oL z=0sf^Gt|Wr%9RUv!rM=ovfmeOc&dPTqta|3+ zip`NjpWRqW8(#k@Xn1iWU$|6!^sq>}^H1hus zB>tZ;3;ZwU{$uke8-K({GbYp+JqVt7(Ke{l}u`_NYc zI{zU$7nM*nq<>xke6U%3zLjD;xfNd_KSV+x3i~p;#)5586#%}H9(1GiF*i+7(X6@0 ztMd~u%eup{ro_H? z4OkupF)f}edE6}5Wu%LV#2olTJH_{$hnDMM_HYol`T;O6NeJxAg^ zebCvnOVN`%X%_|`*WU{st%v+BuWrxtQde1dy){%_G;WuwWkqi+@b11uU=Mi}nD#}E z6+rki*&N)FM;?-{b*IfL>r-^&f|=a-MZMuw=I=xj)dwA2iqwQg01qTXs>_9?Z)Pq! zXRb!=2}4N@AhhVrxObTX8TWoWm%Fg7^mH^^TZ)bw1(MC6!!lV7lG6PCIj>JY z*>sD!+#>_9j_KESR0Ver+XcvJb?9fG>~yJTdKU08-5fR)DjBo6wFr5h`)sp}IC|{tZaAXvf+@MamH*T#YqHhy)#udk+l%!9 zCz`!(a>ST zLHikZJ?!;kbTwMRhAgIv$q*3xytH`snc;+Fn;GOZoKw32*qTzEa{P2Ct677Y01?(* zC=;KD90cInVAzASssLZOl<8_9{PVe5@;or}Qr9c$`D_l6balakRUZx>KigdP*f-(R z=FQ!kuTIgjY)jDFr6$9`;J1ADuZOuk!d}Xig<=Er&L>aZ=X|f^Nu0?Xsa&2_MpuiK zEkLKMA=g+QzbvM#!Aq4*MgH&r*`@o1uiAB^C{_BhKF04lx9Xk&oyrtNU->2=)7i=K zAIvQ;7KWR^4e(DE=ah@IhuR}A!Lq08A@m_dY`4`;H?!(vzdQ>`VqSjl1k8J5@-si3 z$9f-zw8gx0J};+K5jqMKPuPQ}bAdg6AIk;M|s>A=-h=nvch#U1{ z(OJTt^Mm+vlZuvpt484Z#;|=cxhDAgVZEFxHTEj3&``+>@lL~HP4V}aHGTtqbTX#r zSG|^mMvzoIVcpOLA=hWY26ZeEhi$UL0GUB{>X@e{5Ih9ND4je;?KsjtJj$hTk9sM&-||r}{X{_O^8*Lp2G~#&c(os~ zJH8S!2nR3f7f>TDxN*?_IApYXeMuqdKqw~S1PixYi>al z=sR$^;5k%p@S26##P9IA2gQ4geO^AV3o>1e6oPrIz`CBpRwqbY{m56I*N-cfw67m2 zrwgXN`1wI$uf#@h7hRtVG%n|LwqFDA1b`)B<2{i3>8NAwZX0DsaA;L43QKfDnCsr! zhNuvWnb3cg`B)9GMM0U~oAiRtgdWR$w}lCPxRu#!?>jPh zrp)zyr9D}X|KT^A`hnMvr>-%u$L;Gz==QpMXHZB&aY+Qt$47<*(#}=#t2Mkmm#cnP zZ$)puknHA$(2)a(n~+Z328dFVqdV~^OPcS8Xo)DG3576O#B#Y^@1qaV(?Wb~WP+;yd|}u-WE4vSW1vfFbSp3FA-ggcigZro z*-I$w&Fz?ZD37a26E^Z9R!K*&F4o0e~?YD^)D7Ofu3Z&u^ z`1L->Goi(X?sl{MPxUXBiB>ROFzm!*eSf4GEAxRh9dHWI&IaGyxqdnZI?{gbP05rF zk(%YI`frsP5~uJf_$s}4-VUs3j|3}gU@SX*g2)fNgSy&`0l}ljz(>tbqGV*6>4iR~ zu~>COV0gVUMUSZ1<3kyV;X(m`p$Q8u7}RE)5^TlFFJqT^9nQ2N zFT$prS`??YmuK3>p`msA>++M~z({<({?2D1-ELfbjq_>b`T=m-3F z4d0COG%fBWKl501k^7Urt@W5*st2(QW`j|fhtjs{;XTmDC$Hwps~f2+gD^y(>2}i=>aWxu++UvSty8j{f=Hn-*|Q17IT2R$!A-#RhA16uuFD$my(BiULe!&*-<9Vp z)%15zAkazYAQw6o#@3A*2NgKe!7XM2lTYo{AUno6#D(}o_hKNmJ~+$ z^!pV`z22$X_#LQbcb+jihpzQ7+#&IOF|eM2hbr49+v>8kU;5znozv&-}G`u6OX)Dpp!KHTl+8aDxu12bl} z>ZwB9w;zvM=5_4pxQu<;#qM_?7GIc+1kIEDGcqqGe<>wmA}Q(%%NE z&yX@O$`ZRUF~oD|=DwLappGp2FPjnmr)7yb-Heto{JB@ULT5Rf+{h zJva1yCL(x!Em+M2Jvyqs1V0xD_9ROIB_8D07potZeombceLPKPWf}q6Os9OWet87Y zTpx7dQt8R8VVMEh9;2qz?kLQF?2yA}FIL?*t-*K%va5wwgtd@UoIjc8<=A;>-kVI( zq{dZC3JFS@pv|tDV|p*v5wRPwQI%cwvlj~hy;-~; zA=jih;x&9K~J(S4T@RNAqpSc%SjpK_K`vd-d5LFFtk zc&Wz6*#Be>mi_5z%!D|KQQ*D`Nx?b{n6m|<4UY=UZ)lk>RvY@N+`D0Nw|jd4Z6l|6 z88C6)flaTbDPE^zV9C7q8Twn}Su(M=P6P1X&gu1W+gVn3C(@iQ=RMdSU0(-0>J^{` z${UPn`Krh0jk_tM1=8Q&PNF(*f_&#Zm8gPNFdZk@NwW6G3Jae1+pqehAqiD~J{+ja zCw;C^fvMj)1jA+}_pRG%=P2-w!3<&L!D!8d{2w7bXkuTs zIBMEEfZ5z3wDe0#->M0^1=YlY)co^{v~hIz%OIAe0|#}fL7b&*Sv=d*w=C#$vMLMh zy@?;$JTy0Ec)z54oRLpakYPM6KLye2w2<&v^b>B_Og|(k=?Wp35baNh+z-N)#CqNy z^qKgHl=k?;XKQc_DVA@-_~**1jbS)4{n~Fw6@)$gl-^d3i_K3KpLsw2tTl4jw2(Y1 zigYJqB-}A}y(V+t1EJW(8}wKW_c9_Bet@|8omQl^dQe|jStkiv4}xjJ?O;0*Q;V5m z8+HMWsr6-jOx+FVdj$g%sBc5{MF?ldyA;Piu2%A+-_A{S*VOKnm5+Pq5)_I+H-6N) z1l_3i=1%nihZgB>(Ji~pj4?Un&kXZKjo2zLk3JnL$82yC{t(_4G{83@u&+URpKABl zjs1|HTXFvp-qP93E$+$d@O?el7Ne~LnyG3vlN^~P2Z z-_a5j3EmuB~JM z{&8XR8-xs70RtG{@nD_UW^RbO72{7E`-IaeFtpcx`E1n{@zvK3Jb*hq;MAtF@AREr zo||XFA90|BIBq2zk$}>mYXh>;1@Jzh)zmA6wJ{)-s~BooC)Cx59$2NW`(4C@gy*v2 z*;tGMxLvKcJQ$zR*!>-l9oRM7wBXH2mWzTKe|$+E!TSnNqW#6H1qrp!Y?^D1r?n!P zWXA@;)cxC1Iz;gyMTh@Z4Csc^p}B{gSalh7HUi@L<=;bs^6o#~z5xqeJl^w!$DO0$ z-ZvtnB&;Q9c%3ewm5{2o9qL-k+R^S#<*yUgG^Y}CMsBYWycz%hR?y986afQivAnx<9)Eo@Dg*?4+Dxy zFeOkp(js8$+w^QS+qU(cp}~i1OPhrk4%TV2L*w*cdGLH6SaqV%)-HA29ub81(Qb?J zO5?1DBB2v_1dK)cvR5p3=f#6+kdN)a$8WE4!^~N`Zy-eN8VHFi%KId#s!uw;1@km0#k4{_YH3U|02qX6v zlnb<6Zv4`=jN^XMRD`vROrPf8o-R19`L|a?QtBSrVgQ-Nn>Bs97#t#Xn=VoHmc07-D#dqWryt`I%s3qM z`rIoqNdH`CG&aoQTeshq_rh5AOpcAy?YHiA63T;R^ z7x?>%Tgf6_nwl zUv*Q0bXUk1H@f;ZU31)sd{uGv$)h%NAyIr>))fG;o)PrvsMRFgjjOR>(X(1&23&Iu z|MF0n@jg`fOL<>a>qJ-|9fsmQ@TW|}Rv3={VqW$zO1yB) zAkB6{V-{1=@(Qmr~FzJH(xzz8MYfNwYHdnhz~&Vqzr zO^IJEyVXB$r#2H&rHbjKpxt+BY#H|vJ3EI=T`t)RXkLH-VxI|@7wx;IV(&Ha`}Jug zKCH+h`y5FzpETR{&<|Ch;;l^efVvx8vE_pBpOpY?R--Mp!{=+g`ONvGR`QD^Z4FC@ z+;XN%t{7ENpCbO)L|ZrwCTD-i-ha~_eIFb3VIu`y=2|PhQ4<%Jp{pJWNeRS3=|d6U zC{$l=S1lWb)g7hV=jq&{iM^oY^r|u(Bo#S9ALvE&|Hj^X2Q~G+f1e@(QUnoc(o__r zO9ufXAWeGjy(_)LhrpKBxm#ae1E^)eRgMOXP$Zf+Sz|H zllx9iCMUV>bD!&azh76DH$vCva#MRJO3rayhQYtsocqi!RH~KEV~$iG>quEK?Qh{$ zED3DnR~47{b1rJaCgLZfk*hqT;fR$0c)1%ULn24fa$Jvx(W6L~O#`r+kwZsROj(CK z;ndwqEQ$+y6F;q2&g=37_DzIG;^ir{rsEB#LnTM!+z)|eGjl!rOU>6q7YB}`rv8YN zu9$o=hP0En9J6lXL$PG*2yS>~4nlqnY=$Ir4wzVOIe5g7cXngk0O=egJ#g~~OQfvI zk-sFc?;zk|y8J%^g?2#KhEOY3b*xsDp8RF*c&K}>O9P4ajSVSO(>cr9yY(dhKSB1| zuGW7>zsFHCV_TP=OVl>y6U{XD(g9G@_^o1H6cdeWa$OqpRnfav0OZeWH}Y-oWEi3H zvqH=f6$Fvc1CE?Bp^;iqBd_tdNdmvjf6oDyj`)T>-dUTcoe7~Ob*6L^Luf8v`5o5b zbM_d@EIx&TNBb#9jw`@vMC3eibt7%2^hZWDFNG>SKZ>-!KbaI+HdFI&ZfOE|q&CBE z9<+Zs)g7|H<+uIBGV*G!O%ZhGa|fazYZY;a^HPo0yzzkXi;O?Cvo#<4>nF0R@df6S zll9>>eXJ6b!p-xYDvU_q(%O0w{^83~4L)e>ZA9+5;sK+-W+FV)wMqntMLtc~DKmd! z$gGtvpEyjpz`GI(9#tL$X`k*hOzi2g*I4flAlV{S5TnbCFssHz-PbQ(_MogZJ1SAjR8(+w^sf6cvg8*2_O zrX!ZOUL&#nXSG1p9hY2wV(ZGC2RT7eJ11z=hYoB0I}rK8uY(||ywe!vL^r>zZdWp< zPG(tbV6uBDalqn5pMI*@4g(_pkDk_OQngzMCFU~dB-s`Td$w^ zm;1hNFAx4evG~Y`G=!G+)>vxs57^R_u_AY z@&w$xcjA0Rlv(XEs9^L|JCvv!bRFf&`7Z3Y!z}slMb#!1*|CSn43*ZuyUroEWEkKYp5HsTMY`4jMLKryQ*a!JGw4aK3drT|uy#M|h825+y6Kmo(MzF&(XMX6 zJ%gY91>8whFHL!ZS!GL#i9Y&-ezd70PhwmrlT9nuk9P`S(i)3ONM&P8 z-^-@|W3XaqI?rA3c%S{$3M) zW0bU75{l|D9uBj$IU|un{^*q zipdHkSU|6ZnJgWG;Y1IW75Z@uUdmY|L{eMOLUCBVa!A)>CK$_=IrWoIV#HJLo`0_I zBB{0HDr=nlInDG-vyZB{1k*;b{xK@fTWlyiEN&~R4dSzq`N@QFU%t_iE&*j(}5A(0(^FZl=EdH9#iLC&T?bXEI(&~KpNan+nlNW)lw zWSDKQQ>l|CZ(qfbt@8Web1ly3?b#k8}mBVXjT!AGMBI-9ali&M^}^Ve|zv%zsGz2w%(_r!jUL z&+RT-tuP|hNBn)e>t3c~A@$I2(XKzk6_uhQoZCw0!es4=rGsiMe6C~+#DbJW&~D$M zlF>rnt`;4YH!ddT1c8wOgfi+#M6cG~w*-brx04k)sKXu}xncNoHePmdz&kRoPL?g< z+9`OTElP5F^mP)bGAAi8yxyq1DxCpe3Y1CYzxF?~+~~-p0RFijC`Fvl_!`dW$PBpL z@IeIW4B`>^enJS{8x=*T zCr~j(yI6cbPIw?X)%TBj`5#MniGYwvejkSTg}See!L@)>@|EM(oi)~xucjo3@G-_= z*or7xYo8W`zM+BkIf2DL$^CH9H6izJmNw?9jndjVelIhjW@K95-rBHg8~=v$-!X3d z$Nvilt*(UZoa-i(L{zO6>Y{s1r&E@5G2{zU66e|&aqR%jP>VIn!cX3N*u3<2Ozb~t zpZ@@TOJRd*U}-2%3}7pq@#{@#$Q7#cQ8R}v#{$8bgmfGlZ}j?tcZmF=su+pY zxfZrvKhlHOWMe5*l6bEqh5B~k^nc>R!%-mZhl9AHTJ^pMDfmxSax;TDzdR1&WDIW^|^t|G% zE`}OcM*9|ya(!i%B~dXu$_wr*@9n+|`XeV!h-`ygY6@q$qM)>3kM9&*Kfa;4jK4Zl zm&eCGeN#nU48+P;=3^CQvNXhq?%M3N?JK3>pZOdgdhTNMXgL(+da|SeL`aY{YDK(R zP#*&Q_^ZgF#Vs!n=(P^C*}p$3SUe%*XX$!-3mGNTnOqfm3taDlA0JM90hLrn0iPb1 zPy1-zXrq9QvXS;b9Sb27*7HDZDVpIA@WOu77F%~;4?OW`=ivOra*3!8AgPCrRQQg4 zJ0%;X6dA2&tYGt`cBN}E^fM>QBS*B@zUAZC>=7V3>~W}U8h@o~U`10tx?=w1d0|1T z9q1zG0PGc*O|DtNXOS!Me>(pdB-;$3vX>)%)^GM7gLarB`6}G+u1nO`;doog;g$C4 z{~!FHJ0VT-FA1qliAi+l7)Wf}mg`nIu~`B~Z`8TgYFXZPerlqsa2~um?NVNZpcueB zO*(3mOPRm4?xK2VwrXO>N(iH<1t~sX@=+5~^DvM~s0UkKXKY&(h@veg}^dn0X7(F)Kx>G9LfLXt5Z%Ht6q07Jk?v!1@y+$E}1+4_5UHJocBP z&>rjfn)^`sn5^*c&T5eb+^6W(rE3+s<>|~Uz}s|iVOtM@NLOxddsGjiq4%Cya>Hxr zTCX(J(sQ=d^USQ@87QlK`JU!m*|=R!AzvJc0_3xEfbHEsPUg(ukc@~E%aG|7rG~cO zYiVUYD|SGG$Z`IA6mgPZ9K?1mUi$0S*&vSbW%rdii5TL|Ui%UJ>4ekjEzhLY-1Kb2 zrnwI(YBR!VwpsC>fa7vTsF5Fjz3qgaf!G>8+C_S#dep_~$gi+(u}*k6NVnx&Z<4}T zh<&04XGj=H`yEB5EF2PQ5Os!&gc!SFl|zSrUrfyy_vc)4wcgyXnYHw~~J>*SENH7~M)!)+N;T&;eRw!T{WVcR>am5%E71gU zmHm*eS26bs%i*{ac~c07GCMEPTA$o|T*?4^~H%UjE*;u(-b!3H$Mj0b#@8e9;|j6%Jd zw+gfGndX-a9Rn$&@eUO7>>B{W%!?SZf`_&9=onSNI@>4IV};lrE8DU4mdUNx#LrTz z2M|?S^xXdAcE4eIoFlKUeE2vOdZT_ z(NKnQz!iYY4*Z8Wz)0dD*!w$9JB*5X5YCnH0^K*la2X6B zLEuG7>NeZ2%)vN=qKq1IwPr5c(Qjg8`+CQ?4e?7ju()b`HIagqc4Pum zaO{5=v`!yRqT4$r7#*5aBhQ8JnOED#+i~DfGn+Ej9~ifXF=iJyPBl2p{WyX~tQau= zCe#OLN4HH@Md>tU((UU=QG^NDwL|aIpLQ=$vZ;}>NTkSO(;pZM+fmVh$K~GOLE{G8 zH$Ojh*D|6jZ=9a5Lp&=p7q_(3t2GqSGeO_lb`1#@X)`HG+vkLQ6O3-xX1s|vvpUd6 z%`91{+lgF+&VmWZ(g-=4R6+nC%06G9=Ssz;gC62KlI1&I9marbm?-g#uHGTwF9{{p;TNFF)=%kn_2l^(U+9)X z4`Eum&Qb+qXvY_oiVgF6ZSAHBmdMSkm3rjxjZXn3$7cZ{=KS>V$`3vVwIqriS!WdB zX>>;AoU!|qrp*wjt-|NQf3pA@^QN?Qzt7h@D$nGIV&k4u^4|<#Oml_x4Cf= zG^OMSY5R$DKHdDW+OFfUGom1oPm`?h7DF%YJsw1l&l>%J@AYe+ScwWY)N|(*Tx~li zz(BeXKFH~Z2g{d2+G~mC7iF)G82vb!C$nv~>6dIH${S<3z~B0%N6}9JJ9)c%_f5xM zn~Jw1R`d*K3SBuxWhh?L)NnDWKBbnge`&_46%^4w<92|Fb4sH3*_>2fST&VJVB+`c z#84|&ybGbg-uD6mSHLn@j7p#ANV66lRS%d?0+`=4&&brd^jt4_=tc*ZE z`W`NlnUiOSeXM!3l1Z{8rD)X^PJRbqc5P}f@+w2}ECvpYs!njlv#dea1~8UDX?ICP z^sL-a(iaJDZ&*M0vH0N*Pyv+Nsi~1Bz9qw%BBoy{36JK>yB(arEZ)q}Z3{;AK>X() zxKCck2KN9c#N{JhUvp^XsWM&ceoSC^^>Z-X3(|eh&fu2H%5 zz8sbsOp!d}SCao19X!@ZAl5}xS_m!s5B}HlKltCdHbjS%i=F(ousT82NzN_To^*G- zQ0UK3=b2pcfa^R%L`dY3hylX!FV=yz zm8NrSwOKXFzUGLx?NQ7*7B8_A6yu-d%YKkozOQ~0-*A(cJQWE%XyBi(^km4;J$*s^ z`+Zo$tXo2A4VaEXoVd%ZPb-Cp!S8C$3_u=3i|nhM&KC)}!s*`H3fc|2us4LH`BpSH zO^&rCrxOxzZtWX^;qHhPB+!-o@qDyYC(-1J5I_r};0LukrnFSUjs$}nda|AMW_ow8 zsAu4<5$^v=6@0n-TUW&Y%!(dNO|+g5%V0{$IZ49CCm%Ckh)_{uGA6*fYuepb`o$QG zVIo`GD2YPH3F{yN{3tUVyB}g$NWK&ynf>J!eD@8uixDZJaoW~*mhENsn)fR@l-vPm z7_Z1XcSGZYFOoA8sXB|Z0WF6G-_*D`**R@DN6{s z9NfuO=svB7rxuOBm;-X()A+qn!)CEIyzUt6-m?BT@|^8pBogQW72KHTO#_fMjNWh( ze_=eT{mQ<2)PSY=7sc~`A=J)jA99~iYQCud3xFERkK{-;dX`k0C+|dm51je}Tyt_0 z{96w&Z(cR|6uCaELcxFkj{bDg97gYwBKW0VH|No#KUb`2)>+N52JUlU9`Q)O*=(1$ z?o>b`)9=mS>APO<`Dlphbz@vVU;PY_L1|_f54I&zdh;aStNjpGkXpSmi^%rveg1nR zNWKRRPmgFM@j6a%%q;HjBn0uUMp2-GU-JQo( z`W0U*wph)11$`LTM-E1QT&=h*Dei(Dq0FbAgQ!N6j)F}$_&-|(lTjSEHQ{abBBjg| zsosYkZ$3jma;Xxhfs;L+UI(<722@;a; z)Wzv1E(CZSiyNp!kQL;2lJZ%&Lu2i7q(pJtajU)qPv>p;Sy?bgt0I z;|bmoF=Z05vo}lL*Rnng38QMt`PGuyNo6{tMCYnHNoZF~g`A~*ifDoJ+I(}5};p<|T!p;!T4*n||t39c-@K{EJXke1hu z^&)VBYb))yL}}(@g%|19ufk8v+FK{d@G_2rYE6<2{O~p3^e}+OI*n)lY6;RDwoY74 z)=0_sm+Rdr-q_rlh6p3XY<0mp4f&L!T@PsMIut#6*f zEaUFu^2bGhIS*#>7%=Qm#p)ys3CmHy>_ykqhMucI+dJf{py5HC)d(H318Wk;i)qrA`l5RmI1UO^Rr zQ@$J!73Ip3*FrJ8*_c{-c3n8GcOUEcuz2*2iI1e;4O|EJvJ^;tm|;^YRJ#E*T%`IS1F2M4bCFGZh#k(=aAU;FCEQCp2RHoS{b5LlT`N}s_O_e zEFAv~27H7Der?8I&8*KyB(04Lz zDmEC+_B%}d{vTYr%(DAU={nioQX^Ls@wQ5pc>ntpIKJ0=m5g(B$ER0wdA^qiaxk+N zW+EjX+ZRTmpPjDRPeEKSGr3poGPs?E+1Cj!DfORkOHl*afA;THm1@mnd-!|waGD%H zBKN2^fd%0tS;=U`))21OdRG7Jd}$_yqmlOKnzJgxp3pDZ+ypF!kN_~)XTWc&bk6@IzO_% z6nl9LzbV3?GV~}R0bkoN4hZ~fH3fp?oCAQpK7Uf*n_Sm>liYHXTsvMtof%NckZag z8Q_`8iwF-cSSQ7C-`i{x19lx`(VcKtu_%6Ck@Ul3aH^f^LTFaJCBEo+UVxItS*PO_ zG(B|b%>rgQ@wnc3OY}tt>Uzl>1g})~CQC=*tq6TA9r)HNzRDz>ql}qTE1ABDJy2Ldujr}Wq!Fg7uGH>*E^lTO;i;C%p z(v&f|`D(U~I2ymppLE1TAuAM>9q^Ycph=>SaRgK#VmavOY{yPLel{b{sk^eQ%D2VHom#J9=}9 zO6yDV@4X-eW_Kl?G%VepSf0x~JO^jzkx=mTuA@wS?@scKp{#fJ3KWhHoD6IR^6m0MlH`PC32}^9C|1As6Igl;C$<0!Wx7KO{r#zYX zQoRNj!t~csVE&bO-{o5$hMEPOqq7eMCNSEMLCdQ`w{QgHNzHD%q3oOP2U`#BCA9pi zKk3OSZi|;7#1BdNXdmc;I{$<6uG9FU5SYZ@K}ss*QQ~u;LoMJ{mAGcZaz(riPDu?# zPFNox1(`oSElQXU5WYtwU@LA#=lGVfy-PNw3Lf{STamSdfQh{7l*LaAHHcX0#(1Th z23I30+b(eMvySiW!ERaHy}kL_zO_emaJ>ioY(oc=t));vH#aB5EXU+0$5Wx9Bi)bC zxl;0I&v)066PEY~8aambeyc#^!9NNOIZyV^lmMJr6&tYQvnWl_0-0i)eV%>($ZN=e zUWyR1aUN&{1wcRnfMl|c3%;&bP6$ws7>Pk2w;0+?VBj^61iCA0$I!GQq2@0nQGpVK z_mN6zD&Z`B`DbS%pvE1o?sqJ{`$Ex-=d+=LtB_NJKBuzpv@K3f8dOvU@;`l@1W;RyQ-Q{+q!^aR0AbCK;l zPJOm2Mq)#E6tGUOYn|y{SOQ$HfFTVW^L_C;3ib^%oI)?1Ty>o{H!U$pr)0}yV`+-c zVGbH*-4NS3s0M1K*Lr%tvXuq6#w1O;LN6^BY7PsQS=m||zBWtpS|0#^$&}?|qQz9c zmH5E=6Zn;r?0}M4AJ6MU&;Hw@OosP>mTq~L=-p!8Y^v!a6&WVKn>gC0Z7jXYKi4bz zoJX#5a;Pov;?UK(GIVwP+Oq0l+c!2rsn6bqJne4TFAsrX{o_7YWie(DaFW1Y+sRWi zx0NoRK$rIO{SBV((@hJ7Bve{`ta9~2^tUe#zqJND*e85oS77+%jO9kTXCL8+Xc%2A zR1T>`moHglt|`rpsz}s$peXeosOXSdX*DmX@x_Vu?&M5Sc>zfnY5I*XfPIUoHIl;K z@yBTXSZOIsuxzKH_{SnNA%@CnQ6!TT589adIygy>8tfx`tdH``_!Yv?8e{F*pYYZ~ zzDX#UC@?Be%~lqS*cX3)aEfpkqp}jWL+z>d*AesTm{B zBtFy|>|;%v`8rxp{e$OG4fCG_48W4w?@#_>O4;2OgRA;s1K}dl1Ci4S7vqZ znI=5GOe>@%^G~_3mk?6DjY)fmoAKxh*o84{UbP&>(cnFbAE~~PoFa0Nku@~P|MTNu zvaaMHa4?(35lZJFy_&+t^X*FNhjeD)<EQaWXl^6fk=3CcZj(UM>u`{%I6HIkb~LBCkM?WvknPdEk_s`ORN6EJo%q zJUq2h1DNPt!xjy8uG3hFXd*N(wQIYia2ceNjE#B48JQ0QR+tof$83!IJ&nP^@bG}i z%+E9q4cs2$97mJWxd7gxSnZo5COrZ;_2&8Mbs}`rg+2EqI!Z1fAPL^$(M=~nC%@Nt zy4{E&uEOyd1_A%edZSN&4qOHYTn4#f^6qQLh1`t=O{fDuqRG$xl8x-$Aa@93KK+@} z78g@#dU9EW7F_YupQj5%`mq;h{+Ww&)a=v2_DuQJg8to9WXe$z6EQbqS0%8Dc=zg^ zBzG;VI9W3Wr}1GLHk;}(MULA19+q`)Xklf4-YX$0UoaZ2SBBP0GaQ?Y`PmcLx1H^6 z^xI>HU{|M4$JE<97a=$6QN!8F{%s_>ziO#FhG{^g7)ICS2$?bVSKlA$9J8V{oR+^5 zb29Fep9c4DQHzNs$-;@HF=#5faZtL5j1iD z&2bGGYMiI7sjt)9u|wGc*UJIQN@b#o=xa2fb_|__c2$VTAG7)H54Wf|-&>43-GvG1 z5#(03VM>==~meGA*$=wjn~n+dn%pP%?kiqDBI4UftgZm0x8)^GBcM z9y^=E)?OZc@-)Wz_<8D$e8t0f<(2df_s;Sg&_Q_oZq+~nx8K0s+rJ?s!oo=l0ME(2FE2n-%p2B=?{q6-2x zku~nJR&Rgz`fZ>E8R5#yz$&jdF!9eUN*<}X3|tt#WB@r zwJtnA$2&%QAsdMyZXHCdX5sDO{#zdsES+Dyj{2cSN>x2VYg5A>ou99&%6gyiDivEX zxhF1>kM)z3N%wo#pZzsL@$u49B@ZKKt%><`DP+{fi{FrcCG}OU3P9nuD<}QnG~5^{ ztB_dKWNpbvxe>5v#(y4=XC1`F_|Quw%J*$~mm{tWE+s+R-e;?Ut*4>KMn7DA9)703 zS1Sn|gYR-Y#V{GE#+sY;i1pk(e#;PyM;b9ijM6g}Z9^UT-fq+?UpT}jY3r#TyX$z3 zNo9~?#98M;B{9ysHzUxy+-ref^;>Dbci?(Y9>E6QevG338olMcm5ixDeaSJkR;M>2aYR4(?=ODeJLWN}NzPp1%5pDJi>%5$4|+*qk18&QXQzIxAh7YXgg*f3%!_2a zn;*Yj?^tkF9vkoDkz$Tt@rK)bBZoXUk|0K7{f^|YQwGGGHnFXHRmRl*!F}Jjkqb}} zrHW^d1wzfm8(3CrI43RzI%|DR*V7@dT=~SgRjX<_-{})O_&-#UwOPx29t1|677@|$ zC{!GR`8j`P{X%r{^FFRZhtl-fH!b>%Nm1f>=7N$XMJ=n*usVA#u0KLb!r8vN-nv$) zmVQhR*>bas`xC$khJ$J3Qw$d>_(4(t$$$l)R*JPxN5j8T+ja2A9W2<yLqxi)*?$tu9 znv0sjzNN0?&gg`ea-r~qC(ft2QiIs}u-&CKuBJu$$*RX6kTRFdaUOhzSNqlG)v??G zL=-%~7n-O_(x_FEs-9~kQ^ZO)Pg1elXdvmRHH92lr)G^F2q*lkPb7$hD^{!LIeQd^ zvQ!K8r?9AXKmJOJ{QH$@a9#G(GxCC$Z_ToWM=f+|<>c~mH6BPG@ZzPhM=-M3Y9#*n zUlU~ipZc&4K^XoPW)ubPv0# zeSU?*Vs*w_$f{%|5bO6(ReT-jvRPh;B0*}wELmcx|1gYth_CwB; zAU>DCF-79Hf=;1nR7PCTw#2NSp zlkec$GWZyd#yzZ0Z@Kvyl@qv&iYUcj|03lM#ClT##R?D``Jl9nH%=u}TSbvk94RCA z>Jz2T)T`e?H4h%Dbdx)=wyefE?Tx85?T0fR8O&+EbKC!EIXOc?ry+dw`xNq^>-_ps z=!WHFUa9#7c9^X3avYYCy?`-45iCamvG1^9!NML3Axu#8bYRssUr+H__Qw1XQ3q7Q z`AZ!-Pj$2urSICy@CK&*5sY9u;ijP%E?Xhi0~qu@vvsCRLvk38IV#V%(gQ{+j(0dR zlG2|LkdW1cG@Y!?tHT6yfd;+tyx8@eyi!L{#}Bshrx)j4g*qq_j1s{c$h_8Ap7n(F z=MtKdrV3z(@??A8*&ZNnq=_A7)b^%(;#7&Ax1oB|dHnihy-7S@DrUSDXM%G^RneAW z7L<{9(@}_HKO&g+8t04o?gK{w==QMh#-jQ#H~A{1E^!3KqpEcH<|$X6=y#OzubuoB z?YhLrKQFiOIQDMUhU8uBTJmzDbRPUvgsug;c>5_d7+%e5azf8smd4E7wh9uhvjenP zF%9@$QH;DZJtbZ%b_61TUf8mo;b zBKX;Y=m>*eL^TTyeaNCuN+s+{%GD69dxE82)2>%h?1V-1p)bwE$`F-#BI|MwJ9huN zJXPmaBiJsYyZ;fZ1V@mXLyt`NJ>2Kl7&4(7pQ7l?V{kRcubJ1*n2*v}228N(x-FS(?#{=w@Ju4psSr^PSadJ|**k!HPR7$qe}|}mqCN$I)%`WsaL%{^`BN#7(=7-t`IY;HmQ=$v0pnb z8%&#i`m`w4|1_lvk)^Y~mG_mbp)Zy+q>Tu^rs46jRL86^i*Y#;cOU*<$Jn7#zcy=i zEQ#yeH%9$xalqE~?7A#)_9oN)-2Zx0@QxMQU${^5&FB8-D zzU(Z492DS_=_0e0I-0-@D))jXM*PJvGK$y$)+gq8U3k1UuOn zgy!n7nZLr!gVM;RCc!L6-%Oe>&lN6%v3nYx0N*oTf>0L;ewe;5XML!c0S>_>i73_? zdId3I1dDFTG64&+7X6zL>(Z6N;}Cq7Dpqj0W^ZA7ztR?*x1fp><#6)??C| z^02t4fto{9)-JyrC$r>Q!G{FOpc#m^-`mA5)I$-_N~o{CxBx+zn_*!PcXSVD(kcIJ z+!{=39=6MDT=LkpyXtgi8R)lcX6Fpy{T>O^h>3eP8+&LR4Bx%5DJ@2smnfzs!i^ps zrF`ciR?bf~ijd=;UH>LR*h9;0=LaaE6n)gx%v?|x+irb_*!d-HJ3M^S-y zcHJ%ehdQ?m5e;V3eTIfyLtBC7)1NmF<6=N_p7yl~JpySIz5mQ_-*Ka*MR@#P^Z#I@ zh3np?SoNl$g*I?ajHL~abd*;=UEpZkD>Sz4rgp*ZyM$F3(I%eK)52e(SnVaprbyM?HNXm3(D4m)gLuRhrY*=GSw-~yXQrY#!5#s&Xfmx zCSmVf`_9NK54JpP-Hugr{PO=Qq>Lf7XCgc3sO>Li;Ej(Mn9}VUxqoa9NbBYp@_nrf zU<_xfRLo%j|CA`4MjA95kIbu)bp%`ciOS#Q_RY6&t+il_ef!2_ zvKV1iX)H%{ zd`S3~qTuOsGZ-8qgc_#s%A>{oe83cva9=%*yLclv=05Rr7u0w7_EmNRFlF5GKE+E$ zT6-5pN8QAhcRzyq0wn0K@Hh*fp2mPKutbw8MF{Z%YxwYVrZf#wWzKgWai3|VHF)m< zp0_6M-O4)xOWQuoCGHyPJA`tq*atrnoPRJ8qV6su?N>J$bap$@$i<8(`~=F9JjRAW zSyC?ZXU=MjITx>XI(i;OhtR%U;+62~1R?KYVv>KmZ@iszTTs++pb}Son_N&4pD*DAoJlDAV@1R|5i^n+5%Oys`w!78AGm9Re+wwOqcfM9Fz#{ zw2}R0fRwPNj~R2nsSE?@#TO<4LS9BRJZ5FHPcnw!x}4Uj4{N+xhH|dVkEEW4TCnFR zHa&FZRm9p6!B7|;a;1n2)Jyl0vfr$UuWfsmdF{z1BENXiKmCw7+aH0S*kqQDx?c2D z-d#Gb`I$XAi%!F8+Bm1A;;l3} zyC%Wo+8Q+VuI;AmCW4n@;4mAx!cGh3Sx&l!M&e+i3I5{tCLsoNdqcMTT?lrCx%%+@ zVdF(?9D~jmZz8x9*m;c%mLTb)xz$AvEbc!&VSe?&3O7P*ES>_d%>evW%oWMZs5#JR zklSv=LceWtxnKE+JwP`KhsdyRXHn|6sVDBzu;P7hnU5CR5(^L+55mlVPMcjfZ=4tM zx~gQD&q zb}b9F<3Qp-26Ouh9Iys}Ky${BGKLO@Mpfze#`GWUJU?6KYG6CxD<{-3xPn(^pF_l( z@|zti*%HAxwAdG`wK07XtGX7>Mk)3vlKS9>NynjI$SZ$nK#&Tvrh_iGmk_x==Cc#m zn7+?tm4z-`U9SKYg8z);x zr*+H~Cz0YCqXRY=pvv*!iy`M-q0Z8>Jkb#`y*jiq=&CLQyoGZ{$2n$&Oh-ovF6k%< z??0vOs&|(|VQfta2X%+h#WaaF>b@x1!n;(y$!rnY|X z`{xs3>chfP^XpHJ)eZq3PG^Qu>%dkWF$z&7(DABJ1&yaj(-jowy-QCBqzt``;({z) z&vlVg-epGby)ic`o<0*WDEhjHn*GB`IcPW4KMQCLKK?4MOH_MPJNp;#TJEsx@W4iz=g@(C2yJxt2oxP3_S+yx~ z#uU*!v3yk0?gzaHoC@`rykGaCu6G$>^!U*#(&1BGoT|rud5BxW7w5i>A7rD%I}1gX z7l$)~aoecM)>Z>)csMJ+dj2=qk^PF7@9x+inQu|z>L$*I2sy=D=*w77fho{T_5$b{ z`qztx2A16lZ2qUPA^&G&1FnolCqRMIylR`iXo$O)l=PipaP#_%W2VYEZq%vnE>0cM z%Y?~;A8Zogs?7m>$__xcaZU90MD++2Zw$`bHr8?9j;|(oH+qT6VA82I;AT z(mW9s`nB^}p;VKJR$4HPfXz?%{)s80W!~W(7wSdiSx`W>2aaoJz2DQwQ*D^u8ycPy zip99Ea+VuL=H>hw9Yx$ZBdu>L%YJ~Ra-AORk&q3<<`IszIp7I`WHH(AumMjw=<>K9 z^p8d#m`ynub_7;%k_zK8rn7ampb;idIH;IRDaz)NYA^!tp9pgw9Xg+#b}Q#wo@1*< zzpHshA?Rg5?n!}Rf84DT3R_eLZ)mf7SR4Y`1<8qFRrjhf}Hu0}pXW`_hSFF~fP<>32KFZWpI&d4$w2IaIa@eT*NLtAuq{iE0V-PL9m% zYa#2Cua~_kFG`x^^O_G@_my0F<*Z+BF29zBzL!2W%-NMdX;P`ZzB}HTmgz6kNz4Hp z8+xqH5MLbIl`{~9Lmsi{nQKT0#d-`&xWe5EBwnXL7pWWrFklKtUJwFU_mS8*rKNfd zSIvM&CtaU4){>LdL+(#2P#amecJT@6w(4ixI5{SE(yubg)%pI_@{;`Ps$=C6M%~VO z3-Gp|pBL*@#jNVa`O?R$VkiY0Ip3?=)q((0DVuqQ3!NX(r zSR|MydF!7T!gT9-uM2nX==~HyXhZ#xsbub{_P57*|8?6lghFw-)@dw;%+0{vh>&Y} z4+qYKo@A}jWR2vReZA%iBc(9WGRcTG%`SU5V1b!wMsJk&MGiSa2?J3yPBOUjP~S#Q zoxb)lwak|F)2u$A{Y-MIQZ!jz;|QsN-$pfFyZNsD!|r6SnP4D1><%tz8Q6FM5$3 z<}G54=Hm~`%$O{`?=OBh5F7oC8I>CRk+xIk2_wEWPVX+&)$Na;3ZaZ^w_Lk3BK*%= z2BNcrSP_#??`nB3rn;=Y26)blX{3hdc?8_-%VaLr`;@+Rdt8{B8E|RO5mN>N?cIAZ z*&)&Uym|d4Ek}sCS+cPyjKTA!7B~AbYF}tnD{^b06qs&tRHqAT6s5hb zBEy0iilNpg(qza#Y=6TiD}a+S_h}pZm3Uv6w)L#%=5i1(8xJ?%(3a?XzR36Y_rnOf zJlQzNm}iXrtZ9!HS2>?rr?aFiI)1~!vhH~|jvQF7!Q-s5LM)3MCCQIKsUQZ*(>2_9 z98PvH^UWQy`7ra;LQ8F%{(fO@My1}%3KvyO;=Ko(QdVS$~hLN|G-j!E5 zjWyYl*)E%Lu@A80DL$+d-lP2A*n6v}IHGV}5JG?i2m}ZY!GgOxO(3`hNrF4U-L-)P z3+@C-2MZG1y>WMUcX#iu>6~-VS##H#nTMIX);!EScG0z|ZC(5S|4$Yn=B9Ib=j<0^ zCrd`KTOmiveYbAuUt;>;60)r^_%ugkoJxJ@H$1HrSwl}OqNZ7?>}ae;<5*4o1Ns_~ zPp--M^}3yhrxUGJk={3`!=276q9(Bqc)0Tq0PGgxYzIAbjGTKlpgM1n;gMF{e88+e zkLxjP`8KWvdrp@9$Pf9XdQCF6EC)}Ud$mmsw%U~~-Sln2%0FIJ{LqX9wq%LOvRYn) z6a>k8ojz>@IT|2QK7v+3LjaYYR5t2Iwg)egr@ORsbv5mELe_*xdW;IG5QZ&nf@cY3 zigM^wESxI6<)a^;^ZmVYQOm(-8m~SpkTgeKz$93gEMfE1yzZ{hZ1vKzqqu#dkSw+I z9Lc%%AdG%R-U+nATwv7_wwJ^s$7O_!CU{jpY1e<=Ld_yC>`fu&$x0i=@BeKta_Nr^ zuuQcMo`1=~BZ_w61<^D3<_}VjGvbj)sLt;&`HORoNMBDrG|}`PkbYm-7Yco;@}It^ zlg@O(5sZaptPACZL>!^x3{?p|4w}-ErK`%eB9jFbNIN%QdarhN?IeI z{4<6?lyRO0Yt{P@cS{Kjo-#aTcSK+a_3DT2f)Vi6u#7Ny;zn2KN=iR6o6gvIa|A*X zc>n712T&(|z*tD~m>o$huAa7*QqP|?Y(HqUY}izBI20WlB=#fjYiH<7JL9R6crkDItS*|N=?^*3ikB63~)?-x$rkJ?VWb?;fU8Pce)fDd;+P#=*4(s=B zo9g{7EgiJg*f+%W`F!o8pFwXQE^V$;0zI=jWmfdS+qaWNpwo|QcOu3c&+oU(47WJ$ z@xAoD?$TYR_qotC>d8v|jN7_Jr97+O5ONQ(^Eu4!(JeF{wsUiRmTGtqc|W!*Jpa@m?ehu7_cdBn$m<=#
  • 0+?qgmu`03Qc_Xigf&PnG-&CV=7AyVBwY04DN*wkC$pu$ISHU@x~~5w4#@Ig#$6ET`0vKvku^uhL|_ zkBYNGiB|+iJH!I1GndoIj+qf9@KtkgAQ3)SK#K2pkK^)2Zrj!OaN>7TX4w@R$Ch=X znC#-_0gqwIZr{(c$wb)Z#a>x=1NgNAPhdXO9mM1>y|zkWE9>7G1@D0fPiax0lcV($al!cx_DJKQ4+s!Qw7g766pnGeV{4& zZC7(hrWA4+e0ox5>s8BnWA;B@5`Sg76g=gf^yx>-SyPboMV3?~uPz5GC(*zJKD z##&9c?@KMOjry}t{|Lz8|9wS+@=-ti+U}(%uA6a6Y(k_c6go1r;b+XglgRglG^^=l zti9srT{Pp>`-vA>yD)`OMZQG5WdZV5l8xVNrzTVD*wf<2J5NroE{xVDbUCZ^-vSZH7_MHV+1T?4+YQ(AM9NK%jrW(7i*g~cePucc9 z(l#A>&3&1bQ_0c{4kR+M01jDyCE{WFK=$c1nF`(c7jee!5bEdZeep9k!gu&?CzD*h z(@J0GyxQPjzXtSUIRmeBqVaKwFoS_o9Xsh*VveTOv)J}ELO?K`dJI7gkwQw{+l)wY zd{X7~{Hie|ugquaQ6HzYSFbUp0UA|}+(IDx97U+G(6Qf=0_ZxfWbCg0-~v}9!5`Pe zHg4QEIU+xTnT#Fg<#fJaX#7D9aj8)i+Oo)ThG84&0(mp+-DmCk>-Xy6?>_g1I-tFU z&(!m~>6)E}4^?nW{tH$4+-vKO)|g->u-#XOfvOY)m55D)Qh4E})m7{KV476yM%UZ^ zkwyo|Bfeq3eEd0X!k0_A{RPn~327X0?;X%@+|q^NLiiD$M}EJ4lP56RV#q!z=N&$J zJo$hb=PMF@?n#7~|EmQ!{|VcY zaFN$cLiX*=4%ZP_qK1b4sh84umD#!z)2!F%R=FC(-~1`@w#oKx!*fehDyn@&Gjq?jWgNCj=wP|Lw})tlB+n4J#X z!W0O>JmIV6bq%sks_5}(S#go4)=JVKH~$?i15EpdaH=P23n|FR(jm$cL!b~ABrW)j&5xGY-FP%m zZmT*H!Z^pZ^qv#dKk;5lc~1n=h`GdK&-~VW`VuOJzkWRAChRWrM+kKhAslp$s~BH+ zo#hcp&s-fbCxe$CE1E$uF+Q8xrRk#w1mjQ^@XHD8duEcRN3jZ2Q@J{~6vysBv9LgV zxH~&UTx;Tf5?h+OjzQI-6uB8PG|L?m4*d&V2es1L>VCFh!yo(-ijy56z9JpRBrHDL z^`hYzj34U%0>%%Nl}>?;qF@8bjE7Pyw%B37X*fn#3*-Vgzu!Mt*&B98VW8+?Re zkgf5}Ln8gZn^!*mPpm>k#OQr-NFk5;;eBda$hLTel)=`-jUFF2*tf$Jz;Qp3I-dVB z_|~P|*S17xAc4YHN20vT>WuvH@-oDlUak?oSAi*6%%(E`eVLDWfGx)xX%{=51r0QO zCPMtEGx9b;ooRz(lm596E-G`da6dL)+ftwb7JCxFm)MnN!B^UA)h56WX!z0SFY5NT zeup%+iS#eYM=vBaLi-h-NcIQTDGJ0hTGHd7vCu88oTzbEu2j8u-Tx84 zJ!a8_v&VeNNx`2qi+j0q^UUPf=}z17H@21G&87a~Zu{FSvms)~5S0SGXmR@s1!*Pjp0eYRRf$jV+4rrYZp_AL#=M?)0PX<(92%eT#K{T^A!o*VI9!qqHQrZ5kxJ^vn-daC zk2K3Qh`a1}iTcw=o6x%-$KrQS*rxdQ+Wu%)Zov{?VQJY|Ckz;Vcx+f>(j$F;kA86Q z{vG0>v%302r&EiY%U|22$oFXBK%w!omecf^_oee7u^qj>$)}%o=iciut7~ZayUUZqS{<_Hd9W*eZb+erL_weRlL~L!Y!omQa zWL$NMvjhg-F|DmxQZ0YlnR~zd{x8!o*%aEx!z#ElM7ZxTgA#Vk!0l<@e-AMKwYecX zDH2(Bkoj?WC*|K?QUvj5iRueNF|@GO#&_;exGg#_1xH`Dy121=w>C-qypIok*&?n# zup0Ynie=sUc3b>@2#r5px=;&nw2ds;ZR^0x4VSa(p&LXwH3wSa^YW5rbNV%NM)pGT z80(<)eITY`L5Zy-GD%u&bCdxMA8q8r>xQtpKozNMN9*&q?aC%-E)KUfwf_L0;t}3d z%y()j)5^z^z3mMv4Ph`NTU*GLm)0`1 zM(K|xs$ODW>*a%!$x{#r_i8`n7R9K!M^EL;@C*9Ug@1~RieE0m91BDCQAa2>UVav* zuF?^@ah~IrjpKbMW-2sjiMyRbMC+LCjEpo97vv!OZz|N))#-04bxYuj|A2L~N+_s@ zwpKR!^ochLm8^IaHrrS&N~OhTlIseRrQoAAu;=jp`;}NVC#lr0rFlehUYiH(i_4C6 zBLjTaY5EBe_~q!VCmUbn+%=p<|6Wg$?dg~~Y$I;xW8q-tsB>kXct8eUDT(A7Ax-B;zf!lSaElEch@5C@_EnqoL~OR z*<|--Z|*)b_nDbzq^bLEl5CddmDD_qL>*0FR;A`8gCA}z&8L4m&90MZ_ZaE^-VfkL ztNivv!w9@WUM4_l!L9b$qA)e;U%TwLf3$JWlHGmMc(U#^4G$KPBD)KoWLG9QpBV08 zY-D7N4hGnDsKdE~=jtovSsD%YRB{a4etw<2C?9Ar9U>?X*PI|u3QG5MD_0Cs)js8e zO>TPkvV#cP3WZK#G|0CkZ1J?DM7&ftc~~Y{08NrNEW z(9~xjD2=X=($J^sG6|i;_%V`sGdc;H@(K(&UOJzEVpl+_;LHbVj=M}yGBcV0e^M25 ziuGq6W+s5Y7;BoT&nc?wTJ&Cst7iC-=k{W&G#r##He-1x))hm>0!i035sA}&ui zwb9}=k3WyRcDOeXEcSZRTiii|(L^LrQn7uV-yt}EU7JihM-LPbF-G%muUTzcqOy12NUF>c3=J-HbmOC}+n;mw7= z$`gog;g5&xCNObdNz9d(5iLKOAlq0rn>TBk!YhqkKcSy;z&;N2tbXpX{$+bg+9r|_ z9z`}0oupkwH2W^(t{`oyTcuxaXq~a)}H68NE?y-5Y_*BbH zGIi=%V5QwZ6H&5P0QPa#Q31SAJdCH+2Z5=peT*O5C^=rrj{7tS|=VNEq zAot#E;9NA<687;MnmQsi_+(J!3^MXY2KksZzY|CW*e^jx-d*K^!B1R6z*3mjGAdt; zFmnzGmr3_?B0JOmx6G!{WfWaUhecA?CHgCfx4GK~^8nvII!G2cf%AqOe!pwXJ-B_W z5VA(q@3|-OBllL@>}S&t@AK6vuB@M38gf&M(zF32U^^NfGgV{=`8rDu`TUd1xlzeW_N%06X%RHAagATK7Mk;TnFzBt8)HkHKif9_1C2#E zC=>Cw@Kt0)6g%`Sxr~NCI^l8hK-;pn$AKHkIo##Ez23R*V*$9VdEMyz3|De((C21M z=T)U0YQufO-0{*7LXa?ho=3o*I(i!!-nqO|o1Kc*F=}0Jnr(q@3cE$M>0}$qZW=sT z2=80^m<_IUFHM@btn-~lM#{o16ACX2bJ?$GNvDs_h5f73Msx;{-reVEnscPNR`%&2 zQ~YNh^53pGT}pcg-{~bG0zOMhp|95!4BgZNQ`%oog%hIP^~fMaX)}p1e&F!R-u9ed z=^4_L|M__@R%Z+2*ZJEb)3Z5p*A36aY?37(R7&r=ih?U3^_Ld(MLk8ZVx<1AVgciklHz=2AD5fk zZe>WC#LO4J;e5Am_)Q2kv7gmOE!)Tto1YBxdU`0*+{V_q!ro+wY-Z_81#H}pp(+Vw zQj)M*f(uF~dZ&_(%(*`wNqUcOwDcAlLaX;mJ*%{f1xr`oC-_`od#xivM!ss1A>3yK z5_9o$kK|vka5s1lJDqp5F`iUHC}G^9`FkweCxx1mCDL(l9)>KE%|FmWP&G_dAB-uW z{({oH>o+ykLFyKGoj{uWdo?HNF(W7!Krp)hk9r_{Mi+2q*{!IJH3Hv8%) zxx1Y^JV@EdeT{r9bdbMu{TN5>CtAiB?9A14Pe=Y~Zect6Ye?4A7UD}L{Ew!e$xve^ zJZjuTfO7(J)IdFIl^v2v9t4`lZUS)F>7;ABn^&z?;XlH5+#_J8WG%&v*>HeI|?R+P`Q*BcC05fi9Zw_0;}UT3sA%_huw^NzDxh{93ZV=b7QP zK|P}6MHculOSv^-}V@Sfi zULY?o@392P{^!<)CHIY=Bf?+cv-|lAf+?KC#Xm1hhvCe=4x^9itxQ{61^rTE%o?(} z)PCqeQXn7j51GdDqa~7wa`Wa*91D)4WXb0F~a74NHYxBM$n{lgJ6)*ilQk za*r!}vLwCpjelSSy@#qm@%3@uPE{auWZM*LnmtWt-WwnZe2O-Zq;KzAd{9%Nb~&d- zh6LBPCyAsl1C&Yp$1{x|<@7I_C{T?y-X0kKtU2H@eRjQS|6obD>p5G0Qd!LqT7$=L zN8NM=^*TDkjh0;QGHOgMZ^AESzo8<@lz5adai3ai%t|PAsc5FEUxe*o^E;ed{#sf# z9&QnXNYCAyxMG20TK(UCx4oU?Kmx3-%=4w4J=uD3Gv{znMZ(K^kW>2Q0J!+2!n8;&d@ z5^MaZC{@eJl;!q3bx7+b!P#}O&^ouT437K_wvDLMqH*a|PrQ;(eVC4%y|1O5ZK$Uh zFyn?u`*%-6s5@?48Z(ol{IinfjxM2Rbk9wwR(>9L=r>evVFS{`Mh?Y z8|Ti1M8$d2NF3??R6ZCBqb?Bo65=0TV0ZEy&X$x+U(x+Vo#|Z-b=J($7hzUab@PGL zsWa#uc)`63PO9be`#QHSIsR~`$^x2xjOFEXnEFe7E_aw{%Pd@)F3CNr|HF6Rn-yz* zzr&xT1_K^$Ot;JFA_imbd%vY^CZd`xvLLM#z-9qw;d47pb%h;0nimL64S&Qh2@~7A zwya*bQXZR8a7J&8`rC&GJZHJ#lZQ%R~M4Y-)MCb_2r#c_E~~ zNK5j1qP0pt(+@S}>H>MZ?t^98iKX7i*)Le1-uPKg#&&0bQ1-GH_JX7xgO~M#H+r?( zR)!bx?%0tRzukKJcEC#Ru;S4`2bly-6~rfC(s}DL-KJ+NVuU`Is!dY55$B_;@a*N3 z`F7luWM`K1NiWxL>YOIq@8H#}a=$5$OIpS6611F%=@pW^bp=00Y4d?()k>lglL~x7Z;o{tpG$u5~@mYg^ zR(SYA;|MJ_?w^2P&9(R6CQHnMQUn~o8eJPFiGrIcXOFd3Gy*ZMhQDHKpQUY11Hlm0 z@~%h7A$-tOQ~L4Y9{1Lv!<{rZa1yV7xZ{i@XY1!cWSn|?pVZv6UpMG3vdK09Y?BGy zPNv@o$6JobwCT7gZM6`v;PX3bM7RSDVf$dQG)Pt)Gf3llzhUI|jkhPmX05don~o{?ryz}X}nI%BntKyS!Y07dHzO#^@%+FOTP$<`NScq@1Bl7zT7?qua%Ye5x9t;Q|uP?ZV z?-IGa`Z{*>ArWzRhZ04+-n+eED>n76Jr8V~4^}}K2HcvD;l`Jk&g3emw}%^k%qEm4 z%1l8eqLFBQ(>r<`<1T$(21uPa-}Y#zVk9xpfB{udN(nou+Q97l#w2w@6PfoTAZ%bu zXP7sCXSRy@^V2AND*%7b@A2Zwg!`md6>wGn@}@z_qBC#Drel;S`Xs*&7|NR)Wz69D z>(1L}_uO$@ac+c$p&0}GhUZ4C0zMP(1-m~hVeFeftxB5$KvN?~H3|vmB=B$eIfpek z^jN2!<(I#c4iWr(A2YM*@sl|~10Ds(Iwk_N0=FvQIUb1BD&9Lb{{eWMTH+b0Gyn*_ z^Ej8-)3WMgvor@)o{HC+E<;0+_hTGV$?B8&;aHl_5S#!?j$BrU+G)tXmZz zo&~7zNswY)()fSFJ}gmg7BTS^A4u0a=Uifd-L$x4w)IL|C=?%-NQJKIt~sMTg9XABsu8-4aD0n|m55Kxho|BA&M!BTw?5}R9@HoZZm$KA5njwU|MFTB);)NTHLcSrA{C(+!>2NOS-RcHiJ3H&0oG zOSi&b6HB6eFM9o0PxyOw1CyY6BMjH7ASSa)p&9JaOG^2YY%x!vCgbuz*2)aJepU`Y3`8spHNGU7 zwO??82a=X=gq8SL(o*VI9%*(pzNZv0NB&11O<+I07;7i`ue}%((PPc5(P?^p?|$$f zi$hux*Ppi0^eUd%Lh&Q`15NkmFP}6%D$kqcX)Z0Mysrc}H55f;nJnA}6euky3*A1# zgH`Y$kOAx30Kr9k#zQOgCnF2;6fSy_fTsousXw)y!97{R2_T*6r{l0;(a|G9IAka^ zfrw)(Un3)O+4MNoxOv;Tq0F-AS)KpcCz+8|nTCh|I+gehr8l#hX`E9Pp4GZ-bWCpT z3E0d#O&s}^HYlvNYRP>iubu(~_s2Xx#v9VNlCzDUBNH($ruNeG0 zrD_vIXt7pb+T!vqonfe|zj?piec$l72knXi<2E)Kr2vv7$82>Ms5yNBrl zTQCz?WY;~-0O?h3j3e+tE0zq`?>qUFBx829YaERk!3Hu-duO4zwVDE{>~`Kbm%YDM zFBOh@iW9q*9MR>Ocs4C3nvW2Z;^OA|7``aOkmH4;kFX4i??6-%f9 zDxze-_)>m9QPn!nP86$rt^ zLf1j~D_JDCLwtMd|183jci_m-uYR$h$hn{@n#TC?R=|ZzE;W?2pT*XMLGLiNGpM2#qMLrf;uO~`reA^;; zbuka<0^q(^mXm(P(<$zhQa6MOtJ6H>HzYV`tP<$82CPj1I9NJ!B{Mej!2)LyqfY7P znTn|GBKYo}LO{Rm&fiKMMbg}=XgRVx1`o|TVW5Q&Z>3<$62*)h>`lcSAsCq&VW{=7 z8wFPK;Ek-v{!IWS_*BpZAr_pZ(EH4*2?aWAgw0=1_M3mlus$gH!}@5J`kD=^oFGm) zFMc6kMg16l@ao^+Irgi_&;kW|;scwhS&hEhz!%8ZHo8^J_BmOdvlz$E`et%GoySGz z)UrzUal}PBs%xxtc@$OO^K6Y7xm2ma2YfQr=BpEOKu}IGg@1%hHnZwMQ+{XSgs3nx zoRqMd(Q)>Qlit}f9VPkJ!68Nhr~)7qdx-mkt`Wl3uP ztmF1w*hP#Z0vQ9b`Q_)gwP6+m609*>_r#rNGyYAg66D{M<#D) z55Z7k9yhNjz32Ri7+{DnE{j&!`Vi|S6?;%xXemClxZtb1P>r)!)yrE(qG(eWt9k$oi zQXZJ=eHZogv*n(2$Fq3p14)qF`T*kliyCnu3fbh&90qrTi^srJz6aozx4(glhA*lb}&>@ z3dDeeCj*_MA^Y^510O_kMh(+yoLZd8C_2>F<#R7ya1R^u=Brw8gx(Gm7wMmU&HW;` zQx>kF^L#TNH%i7vzrS_8=yj>#FVJ}G5@j}7Ny}fFR@%1Bj#tW5Q!rALH@7D>|1n`mQo1Q&mvKREuUv#l_o-^?+6Zj)>*ZN-(HdRP=)X4V zEiH~Kc#CS+Cp6TZDEnG7@yP7{eXEZ9pP{k)$bSzL%}cU_=RE3}nnw9$883bj@eU}x z;~h^tQW@IaFhU5wppybOq1P#!KRbEIB(E|XJSZ;qJhWABVeZQ{t8?zeirYyz&3P$_ z;1St3lgcbRz51AK)B&2tstwpOWLxJ^dP%UEF<59?_>q`DYYHbR`iOZYoG!mmkvpt& zoIe6R`Hk}UI|}x9r+Bol(iOr!c#&?-8Bg-slod6HsAC112 zF&7By&uCnH9WzH5z^KroeygKOU5FMpk2pd!3%FzPId;8%ZRA(1u|lr&z5=$TwxNo7 zuul6Xvn}+czFIrq@xEw*P*QVml`=c6l^{)i-KrNFd#^R9F#v0p;fV ztD6LmiOum)DG-v-PTWy!tr9J4)Z0y*%2CPXgf8Ydm}sO8!iJ08{f!TUKB<=Qwdb8k zG?MfC)w~&~T3KkOTLloE4K;ATq53T$6>SNaEy@8ko!H zCYsxm-tA@URQJBnez)37riZ1?5MU^2`EA~2l8)-j$Ipjb@pf@?FIJYyimd5)IogT} z%k(}YALz@bjRuHLGfeS}obmrF8tF(3gPx+??B4RA;&+2#fi|o#@!3@1zlh zE{wmeb{lJWwvJTW=xw<*2yrPpdGGv+S!M**yc$HJg%a{AOh&G|+WuEuBkgH18hxvU zLuz4DvPcpnA}+Fa(zI32^?95_agL{WX5vmgH9T1JsH61akg`-rVmCbaHC(Z@Nr~|y z=XGd&w{}hGteK{6Q+`gZ*@gLE5zIbYR&$XdgYsC7saGoS7`^2EwiOeMdJ%jBe6VO7 zqF|OedvR_~%;o!$4QK34^m#A{n{GVaL>_*fQ?w=Zj4`q>pZ{gL0CHC(fkNu>8%$S| z^zRwg#r7%Dxpo1NPZvv=wQ_P@eR*}Mk!DyEV0 zb~>z=+;5XM*?btIj>da(ji-DO-a)KO;U&vyO!!W8cyvAkIXD<+OfM3-S5O)auvWaM zBHBm?g!nHNi4Q!K=5>Wvez$zWKWiWmH@0Y;iN1C^jd2oaX6r*`3$YcD|5>JG8$3{Y z{Nc*XKW!#krvq~+`E5*b!TYvZY~AXdX*w7mLCQs`!-e`Kd7ftG`HoSXYpRR&_i|G} zu`EW%A?+iQ5HkQ#sCeix&{k&r<`a)5#slAV^|NBtpN`e1Rwfa?{k0mnLLZn4Qk+pQ zftE2a2i5Wk$Q2+XwJj~?j2f|X6XfoBBjZ2c-)q1-gr7~`#a&}^uj^6z>{n^61W zf&)F9?KJTn^n}yIS`)T4Fl*%U#jkH4h(`w+>`7Oy?|i#u+gJt^(3dj(?%7zE?iaV& ze*1n3m-7c!5PBT++x5l(+`gPe3r;F?!z(LR(UksDq+MpzjP5mank;MDbXwChON#)s zgSRRS=6tzBX$DvwV;st32 zOMnsA2h$S`Ic~U9v-f54NIhRyK1!F@!@gS?WIhcYFMv@oi)1vBI~K2fowla2F@XwN zKeN5BE~ap8Au#lwM3-4nTfn~VULbcBWpDt6M9F*P$N?cvF{r}xMP5$IIqWN5-`^&U zcWMN?&x&`a$WANQ7Ki&kMkycUlV>b??!o33(_z!x6&!65 zhaM1L`5+STmx@X8YgZcE-R#vL5{_G*P|qx5`M$2muI)*}w|Zf!HFv|8OV*0%J4?(sXu zVTVC-Q=d55B1i7MnP3+9$x+85GFwGk%bTdQ-pxxh$$WqPF3wLD=4t%GrdTz;0h3RK zM;d&d|7l}gGh7_;aQV|Zbs@|z@;-0L8E>aPtQ!8OT3Y(AofY>0hhkrz^ZE)2p^q> zTX?7MRdd>1&!bQV(tC}g;B+F`=-TJp5Vnnhn3HHT>H(Xc`9!Edw8-Q=)y!|U!?Nz}XhNCv!NZj4+&VNP63h>8^FPp0Re9(M- zmwPOcuoUGSl_BcsDwCIDDPtxW&Xu3yZ2eqO*&##R`*5Mr-MmLNSflOF2a}zdx-Gxn zqIp_Q4XQZw5*lQP%&l|UmGdJLH8a7FxP;AB+KASJgY+-rrZ;qnxRq>SZ0a@TmVzXd zH&8p2*fX_${a=SyGN{vH>N(<4X3@A1v;o5n4#GJEe~ zF3Ewd0D**ec9}Kt|G4EP#p^y9171?76n4ND8lOoT#(iGj;{gr~%1NfcS)x44$?rnr zOSrfHLQfG0qsdb}&FyPxi)`hkqBQVe96BD-(*;5J zG{~~_QlmorZQ@YiJpgw9eLxICibbFbV^ARfpMzf&{PP@bf<0mXI}`XeI|!M<2h)i_ z82o<@VtoTCFAbxgUH|WLz&HjVu+lB@GJ_NP|2arX4h)lxzj*?z%Kr`i8-#ubNp=XJ Udla_q1pzN*c@4QT8H>RG2e&-vMF0Q* literal 0 HcmV?d00001 diff --git a/docs/sdk/next/build/abci/checktx.mdx b/docs/sdk/next/build/abci/checktx.mdx new file mode 100644 index 00000000..120b8186 --- /dev/null +++ b/docs/sdk/next/build/abci/checktx.mdx @@ -0,0 +1,1576 @@ +--- +title: CheckTx +description: >- + CheckTx is called by the BaseApp when comet receives a transaction from a + client, over the p2p network or RPC. The CheckTx method is responsible for + validating the transaction and returning an error if the transaction is + invalid. +--- +CheckTx is called by the `BaseApp` when comet receives a transaction from a client, over the p2p network or RPC. The CheckTx method is responsible for validating the transaction and returning an error if the transaction is invalid. + +```mermaid +graph TD + subgraph SDK[Cosmos SDK] + B[Baseapp] + A[AnteHandlers] + B <-->|Validate TX| A + end + C[CometBFT] <-->|CheckTx|SDK + U((User)) -->|Submit TX| C + N[P2P] -->|Receive TX| C +``` + +```go expandable +package baseapp + +import ( + + "context" + "errors" + "fmt" + "sort" + "strings" + "time" + + abcitypes "github.com/cometbft/cometbft/abci/types" + abci "github.com/cometbft/cometbft/api/cometbft/abci/v1" + cmtproto "github.com/cometbft/cometbft/api/cometbft/types/v1" + "github.com/cosmos/gogoproto/proto" + "google.golang.org/grpc/codes" + grpcstatus "google.golang.org/grpc/status" + + corecomet "cosmossdk.io/core/comet" + coreheader "cosmossdk.io/core/header" + errorsmod "cosmossdk.io/errors" + "cosmossdk.io/store/rootmulti" + snapshottypes "cosmossdk.io/store/snapshots/types" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/telemetry" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" +) + +// Supported ABCI Query prefixes and paths +const ( + QueryPathApp = "app" + QueryPathCustom = "custom" + QueryPathP2P = "p2p" + QueryPathStore = "store" + + QueryPathBroadcastTx = "/cosmos.tx.v1beta1.Service/BroadcastTx" +) + +// InitChain implements the ABCI interface. It initializes the application's state +// and sets up the initial validator set. +func (app *BaseApp) + +InitChain(req *abci.InitChainRequest) (*abci.InitChainResponse, error) { + if req.ChainId != app.chainID { + return nil, fmt.Errorf("invalid chain-id on InitChain; expected: %s, got: %s", app.chainID, req.ChainId) +} + + // On a new chain, we consider the init chain block height as 0, even though + // req.InitialHeight is 1 by default. + initHeader := cmtproto.Header{ + ChainID: req.ChainId, + Time: req.Time +} + +app.logger.Info("InitChain", "initialHeight", req.InitialHeight, "chainID", req.ChainId) + + // Set the initial height, which will be used to determine if we are proposing + // or processing the first block or not. + app.initialHeight = req.InitialHeight + if app.initialHeight == 0 { // If initial height is 0, set it to 1 + app.initialHeight = 1 +} + + // if req.InitialHeight is > 1, then we set the initial version on all stores + if req.InitialHeight > 1 { + initHeader.Height = req.InitialHeight + if err := app.cms.SetInitialVersion(req.InitialHeight); err != nil { + return nil, err +} + +} + + // initialize states with a correct header + app.setState(execModeFinalize, initHeader) + +app.setState(execModeCheck, initHeader) + + // Store the consensus params in the BaseApp's param store. Note, this must be + // done after the finalizeBlockState and context have been set as it's persisted + // to state. + if req.ConsensusParams != nil { + err := app.StoreConsensusParams(app.finalizeBlockState.Context(), *req.ConsensusParams) + if err != nil { + return nil, err +} + +} + +defer func() { + // InitChain represents the state of the application BEFORE the first block, + // i.e. the genesis block. This means that when processing the app's InitChain + // handler, the block height is zero by default. However, after Commit is called + // the height needs to reflect the true block height. + initHeader.Height = req.InitialHeight + app.checkState.SetContext(app.checkState.Context().WithBlockHeader(initHeader). + WithHeaderInfo(coreheader.Info{ + ChainID: req.ChainId, + Height: req.InitialHeight, + Time: req.Time, +})) + +app.finalizeBlockState.SetContext(app.finalizeBlockState.Context().WithBlockHeader(initHeader). + WithHeaderInfo(coreheader.Info{ + ChainID: req.ChainId, + Height: req.InitialHeight, + Time: req.Time, +})) +}() + if app.initChainer == nil { + return &abci.InitChainResponse{ +}, nil +} + + // add block gas meter for any genesis transactions (allow infinite gas) + +app.finalizeBlockState.SetContext(app.finalizeBlockState.Context().WithBlockGasMeter(storetypes.NewInfiniteGasMeter())) + +res, err := app.initChainer(app.finalizeBlockState.Context(), req) + if err != nil { + return nil, err +} + if len(req.Validators) > 0 { + if len(req.Validators) != len(res.Validators) { + return nil, fmt.Errorf( + "len(RequestInitChain.Validators) != len(GenesisValidators) (%d != %d)", + len(req.Validators), len(res.Validators), + ) +} + +sort.Sort(abcitypes.ValidatorUpdates(req.Validators)) + for i := range res.Validators { + if !proto.Equal(&res.Validators[i], &req.Validators[i]) { + return nil, fmt.Errorf("genesisValidators[%d] != req.Validators[%d] ", i, i) +} + +} + +} + + // NOTE: We don't commit, but FinalizeBlock for block InitialHeight starts from + // this FinalizeBlockState. + return &abci.InitChainResponse{ + ConsensusParams: res.ConsensusParams, + Validators: res.Validators, + AppHash: app.LastCommitID().Hash, +}, nil +} + +// Info implements the ABCI interface. It returns information about the application. +func (app *BaseApp) + +Info(_ *abci.InfoRequest) (*abci.InfoResponse, error) { + lastCommitID := app.cms.LastCommitID() + appVersion := InitialAppVersion + if lastCommitID.Version > 0 { + ctx, err := app.CreateQueryContext(lastCommitID.Version, false) + if err != nil { + return nil, fmt.Errorf("failed creating query context: %w", err) +} + +appVersion, err = app.AppVersion(ctx) + if err != nil { + return nil, fmt.Errorf("failed getting app version: %w", err) +} + +} + +return &abci.InfoResponse{ + Data: app.name, + Version: app.version, + AppVersion: appVersion, + LastBlockHeight: lastCommitID.Version, + LastBlockAppHash: lastCommitID.Hash, +}, nil +} + +// Query implements the ABCI interface. It delegates to CommitMultiStore if it +// implements Queryable. +func (app *BaseApp) + +Query(_ context.Context, req *abci.QueryRequest) (resp *abci.QueryResponse, err error) { + // add panic recovery for all queries + // + // Ref: https://github.com/cosmos/cosmos-sdk/pull/8039 + defer func() { + if r := recover(); r != nil { + resp = queryResult(errorsmod.Wrapf(sdkerrors.ErrPanic, "%v", r), app.trace) +} + +}() + + // when a client did not provide a query height, manually inject the latest + if req.Height == 0 { + req.Height = app.LastBlockHeight() +} + +telemetry.IncrCounter(1, "query", "count") + +telemetry.IncrCounter(1, "query", req.Path) + start := telemetry.Now() + +defer telemetry.MeasureSince(start, req.Path) + if req.Path == QueryPathBroadcastTx { + return queryResult(errorsmod.Wrap(sdkerrors.ErrInvalidRequest, "can't route a broadcast tx message"), app.trace), nil +} + + // handle gRPC routes first rather than calling splitPath because '/' characters + // are used as part of gRPC paths + if grpcHandler := app.grpcQueryRouter.Route(req.Path); grpcHandler != nil { + return app.handleQueryGRPC(grpcHandler, req), nil +} + path := SplitABCIQueryPath(req.Path) + if len(path) == 0 { + return queryResult(errorsmod.Wrap(sdkerrors.ErrUnknownRequest, "no query path provided"), app.trace), nil +} + switch path[0] { + case QueryPathApp: + // "/app" prefix for special application queries + resp = handleQueryApp(app, path, req) + case QueryPathStore: + resp = handleQueryStore(app, path, *req) + case QueryPathP2P: + resp = handleQueryP2P(app, path) + +default: + resp = queryResult(errorsmod.Wrap(sdkerrors.ErrUnknownRequest, "unknown query path"), app.trace) +} + +return resp, nil +} + +// ListSnapshots implements the ABCI interface. It delegates to app.snapshotManager if set. +func (app *BaseApp) + +ListSnapshots(req *abci.ListSnapshotsRequest) (*abci.ListSnapshotsResponse, error) { + resp := &abci.ListSnapshotsResponse{ + Snapshots: []*abci.Snapshot{ +}} + if app.snapshotManager == nil { + return resp, nil +} + +snapshots, err := app.snapshotManager.List() + if err != nil { + app.logger.Error("failed to list snapshots", "err", err) + +return nil, err +} + for _, snapshot := range snapshots { + abciSnapshot, err := snapshot.ToABCI() + if err != nil { + app.logger.Error("failed to convert ABCI snapshots", "err", err) + +return nil, err +} + +resp.Snapshots = append(resp.Snapshots, &abciSnapshot) +} + +return resp, nil +} + +// LoadSnapshotChunk implements the ABCI interface. It delegates to app.snapshotManager if set. +func (app *BaseApp) + +LoadSnapshotChunk(req *abci.LoadSnapshotChunkRequest) (*abci.LoadSnapshotChunkResponse, error) { + if app.snapshotManager == nil { + return &abci.LoadSnapshotChunkResponse{ +}, nil +} + +chunk, err := app.snapshotManager.LoadChunk(req.Height, req.Format, req.Chunk) + if err != nil { + app.logger.Error( + "failed to load snapshot chunk", + "height", req.Height, + "format", req.Format, + "chunk", req.Chunk, + "err", err, + ) + +return nil, err +} + +return &abci.LoadSnapshotChunkResponse{ + Chunk: chunk +}, nil +} + +// OfferSnapshot implements the ABCI interface. It delegates to app.snapshotManager if set. +func (app *BaseApp) + +OfferSnapshot(req *abci.OfferSnapshotRequest) (*abci.OfferSnapshotResponse, error) { + if app.snapshotManager == nil { + app.logger.Error("snapshot manager not configured") + +return &abci.OfferSnapshotResponse{ + Result: abci.OFFER_SNAPSHOT_RESULT_ABORT +}, nil +} + if req.Snapshot == nil { + app.logger.Error("received nil snapshot") + +return &abci.OfferSnapshotResponse{ + Result: abci.OFFER_SNAPSHOT_RESULT_REJECT +}, nil +} + +snapshot, err := snapshottypes.SnapshotFromABCI(req.Snapshot) + if err != nil { + app.logger.Error("failed to decode snapshot metadata", "err", err) + +return &abci.OfferSnapshotResponse{ + Result: abci.OFFER_SNAPSHOT_RESULT_REJECT +}, nil +} + +err = app.snapshotManager.Restore(snapshot) + switch { + case err == nil: + return &abci.OfferSnapshotResponse{ + Result: abci.OFFER_SNAPSHOT_RESULT_ACCEPT +}, nil + case errors.Is(err, snapshottypes.ErrUnknownFormat): + return &abci.OfferSnapshotResponse{ + Result: abci.OFFER_SNAPSHOT_RESULT_REJECT_FORMAT +}, nil + case errors.Is(err, snapshottypes.ErrInvalidMetadata): + app.logger.Error( + "rejecting invalid snapshot", + "height", req.Snapshot.Height, + "format", req.Snapshot.Format, + "err", err, + ) + +return &abci.OfferSnapshotResponse{ + Result: abci.OFFER_SNAPSHOT_RESULT_REJECT +}, nil + + default: + // CometBFT errors are defined here: https://github.com/cometbft/cometbft/blob/main/statesync/syncer.go + // It may happen that in case of a CometBFT error, such as a timeout (which occurs after two minutes), + // the process is aborted. This is done intentionally because deleting the database programmatically + // can lead to more complicated situations. + app.logger.Error( + "failed to restore snapshot", + "height", req.Snapshot.Height, + "format", req.Snapshot.Format, + "err", err, + ) + + // We currently don't support resetting the IAVL stores and retrying a + // different snapshot, so we ask CometBFT to abort all snapshot restoration. + return &abci.OfferSnapshotResponse{ + Result: abci.OFFER_SNAPSHOT_RESULT_ABORT +}, nil +} +} + +// ApplySnapshotChunk implements the ABCI interface. It delegates to app.snapshotManager if set. +func (app *BaseApp) + +ApplySnapshotChunk(req *abci.ApplySnapshotChunkRequest) (*abci.ApplySnapshotChunkResponse, error) { + if app.snapshotManager == nil { + app.logger.Error("snapshot manager not configured") + +return &abci.ApplySnapshotChunkResponse{ + Result: abci.APPLY_SNAPSHOT_CHUNK_RESULT_ABORT +}, nil +} + + _, err := app.snapshotManager.RestoreChunk(req.Chunk) + switch { + case err == nil: + return &abci.ApplySnapshotChunkResponse{ + Result: abci.APPLY_SNAPSHOT_CHUNK_RESULT_ACCEPT +}, nil + case errors.Is(err, snapshottypes.ErrChunkHashMismatch): + app.logger.Error( + "chunk checksum mismatch; rejecting sender and requesting refetch", + "chunk", req.Index, + "sender", req.Sender, + "err", err, + ) + +return &abci.ApplySnapshotChunkResponse{ + Result: abci.APPLY_SNAPSHOT_CHUNK_RESULT_RETRY, + RefetchChunks: []uint32{ + req.Index +}, + RejectSenders: []string{ + req.Sender +}, +}, nil + + default: + app.logger.Error("failed to restore snapshot", "err", err) + +return &abci.ApplySnapshotChunkResponse{ + Result: abci.APPLY_SNAPSHOT_CHUNK_RESULT_ABORT +}, nil +} +} + +// CheckTx implements the ABCI interface and executes a tx in CheckTx mode. In +// CheckTx mode, messages are not executed. This means messages are only validated +// and only the AnteHandler is executed. State is persisted to the BaseApp's +// internal CheckTx state if the AnteHandler passes. Otherwise, the ResponseCheckTx +// will contain relevant error information. Regardless of tx execution outcome, +// the ResponseCheckTx will contain relevant gas execution context. +func (app *BaseApp) + +CheckTx(req *abci.CheckTxRequest) (*abci.CheckTxResponse, error) { + var mode execMode + switch { + case req.Type == abci.CHECK_TX_TYPE_CHECK: + mode = execModeCheck + case req.Type == abci.CHECK_TX_TYPE_RECHECK: + mode = execModeReCheck + + default: + return nil, fmt.Errorf("unknown RequestCheckTx type: %s", req.Type) +} + if app.checkTxHandler == nil { + gInfo, result, anteEvents, err := app.runTx(mode, req.Tx, nil) + if err != nil { + return responseCheckTxWithEvents(err, gInfo.GasWanted, gInfo.GasUsed, anteEvents, app.trace), nil +} + +return &abci.CheckTxResponse{ + GasWanted: int64(gInfo.GasWanted), // TODO: Should type accept unsigned ints? + GasUsed: int64(gInfo.GasUsed), // TODO: Should type accept unsigned ints? + Log: result.Log, + Data: result.Data, + Events: sdk.MarkEventsToIndex(result.Events, app.indexEvents), +}, nil +} + +return app.checkTxHandler(app.runTx, req) +} + +// PrepareProposal implements the PrepareProposal ABCI method and returns a +// ResponsePrepareProposal object to the client. The PrepareProposal method is +// responsible for allowing the block proposer to perform application-dependent +// work in a block before proposing it. +// +// Transactions can be modified, removed, or added by the application. Since the +// application maintains its own local mempool, it will ignore the transactions +// provided to it in RequestPrepareProposal. Instead, it will determine which +// transactions to return based on the mempool's semantics and the MaxTxBytes +// provided by the client's request. +// +// Ref: https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-060-abci-1.0.md +// Ref: https://github.com/cometbft/cometbft/blob/main/spec/abci/abci%2B%2B_basic_concepts.md +func (app *BaseApp) + +PrepareProposal(req *abci.PrepareProposalRequest) (resp *abci.PrepareProposalResponse, err error) { + if app.prepareProposal == nil { + return nil, errors.New("PrepareProposal handler not set") +} + + // Always reset state given that PrepareProposal can timeout and be called + // again in a subsequent round. + header := cmtproto.Header{ + ChainID: app.chainID, + Height: req.Height, + Time: req.Time, + ProposerAddress: req.ProposerAddress, + NextValidatorsHash: req.NextValidatorsHash, + AppHash: app.LastCommitID().Hash, +} + +app.setState(execModePrepareProposal, header) + + // CometBFT must never call PrepareProposal with a height of 0. + // + // Ref: https://github.com/cometbft/cometbft/blob/059798a4f5b0c9f52aa8655fa619054a0154088c/spec/core/state.md?plain=1#L37-L38 + if req.Height < 1 { + return nil, errors.New("PrepareProposal called with invalid height") +} + +app.prepareProposalState.SetContext(app.getContextForProposal(app.prepareProposalState.Context(), req.Height). + WithVoteInfos(toVoteInfo(req.LocalLastCommit.Votes)). // this is a set of votes that are not finalized yet, wait for commit + WithBlockHeight(req.Height). + WithProposer(req.ProposerAddress). + WithExecMode(sdk.ExecModePrepareProposal). + WithCometInfo(corecomet.Info{ + Evidence: sdk.ToSDKEvidence(req.Misbehavior), + ValidatorsHash: req.NextValidatorsHash, + ProposerAddress: req.ProposerAddress, + LastCommit: sdk.ToSDKExtendedCommitInfo(req.LocalLastCommit), +}). + WithHeaderInfo(coreheader.Info{ + ChainID: app.chainID, + Height: req.Height, + Time: req.Time, +})) + +app.prepareProposalState.SetContext(app.prepareProposalState.Context(). + WithConsensusParams(app.GetConsensusParams(app.prepareProposalState.Context())). + WithBlockGasMeter(app.getBlockGasMeter(app.prepareProposalState.Context()))) + +defer func() { + if err := recover(); err != nil { + app.logger.Error( + "panic recovered in PrepareProposal", + "height", req.Height, + "time", req.Time, + "panic", err, + ) + +resp = &abci.PrepareProposalResponse{ + Txs: req.Txs +} + +} + +}() + +resp, err = app.prepareProposal(app.prepareProposalState.Context(), req) + if err != nil { + app.logger.Error("failed to prepare proposal", "height", req.Height, "time", req.Time, "err", err) + +return &abci.PrepareProposalResponse{ + Txs: req.Txs +}, nil +} + +return resp, nil +} + +// ProcessProposal implements the ProcessProposal ABCI method and returns a +// ResponseProcessProposal object to the client. The ProcessProposal method is +// responsible for allowing execution of application-dependent work in a proposed +// block. Note, the application defines the exact implementation details of +// ProcessProposal. In general, the application must at the very least ensure +// that all transactions are valid. If all transactions are valid, then we inform +// CometBFT that the Status is ACCEPT. However, the application is also able +// to implement optimizations such as executing the entire proposed block +// immediately. +// +// If a panic is detected during execution of an application's ProcessProposal +// handler, it will be recovered and we will reject the proposal. +// +// Ref: https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-060-abci-1.0.md +// Ref: https://github.com/cometbft/cometbft/blob/main/spec/abci/abci%2B%2B_basic_concepts.md +func (app *BaseApp) + +ProcessProposal(req *abci.ProcessProposalRequest) (resp *abci.ProcessProposalResponse, err error) { + if app.processProposal == nil { + return nil, errors.New("ProcessProposal handler not set") +} + + // CometBFT must never call ProcessProposal with a height of 0. + // Ref: https://github.com/cometbft/cometbft/blob/059798a4f5b0c9f52aa8655fa619054a0154088c/spec/core/state.md?plain=1#L37-L38 + if req.Height < 1 { + return nil, errors.New("ProcessProposal called with invalid height") +} + + // Always reset state given that ProcessProposal can timeout and be called + // again in a subsequent round. + header := cmtproto.Header{ + ChainID: app.chainID, + Height: req.Height, + Time: req.Time, + ProposerAddress: req.ProposerAddress, + NextValidatorsHash: req.NextValidatorsHash, + AppHash: app.LastCommitID().Hash, +} + +app.setState(execModeProcessProposal, header) + + // Since the application can get access to FinalizeBlock state and write to it, + // we must be sure to reset it in case ProcessProposal timeouts and is called + // again in a subsequent round. However, we only want to do this after we've + // processed the first block, as we want to avoid overwriting the finalizeState + // after state changes during InitChain. + if req.Height > app.initialHeight { + // abort any running OE + app.optimisticExec.Abort() + +app.setState(execModeFinalize, header) +} + +app.processProposalState.SetContext(app.getContextForProposal(app.processProposalState.Context(), req.Height). + WithVoteInfos(req.ProposedLastCommit.Votes). // this is a set of votes that are not finalized yet, wait for commit + WithBlockHeight(req.Height). + WithHeaderHash(req.Hash). + WithProposer(req.ProposerAddress). + WithCometInfo(corecomet.Info{ + ProposerAddress: req.ProposerAddress, + ValidatorsHash: req.NextValidatorsHash, + Evidence: sdk.ToSDKEvidence(req.Misbehavior), + LastCommit: sdk.ToSDKCommitInfo(req.ProposedLastCommit), +}, + ). + WithExecMode(sdk.ExecModeProcessProposal). + WithHeaderInfo(coreheader.Info{ + ChainID: app.chainID, + Height: req.Height, + Time: req.Time, +})) + +app.processProposalState.SetContext(app.processProposalState.Context(). + WithConsensusParams(app.GetConsensusParams(app.processProposalState.Context())). + WithBlockGasMeter(app.getBlockGasMeter(app.processProposalState.Context()))) + +defer func() { + if err := recover(); err != nil { + app.logger.Error( + "panic recovered in ProcessProposal", + "height", req.Height, + "time", req.Time, + "hash", fmt.Sprintf("%X", req.Hash), + "panic", err, + ) + +resp = &abci.ProcessProposalResponse{ + Status: abci.PROCESS_PROPOSAL_STATUS_REJECT +} + +} + +}() + +resp, err = app.processProposal(app.processProposalState.Context(), req) + if err != nil { + app.logger.Error("failed to process proposal", "height", req.Height, "time", req.Time, "hash", fmt.Sprintf("%X", req.Hash), "err", err) + +return &abci.ProcessProposalResponse{ + Status: abci.PROCESS_PROPOSAL_STATUS_REJECT +}, nil +} + + // Only execute optimistic execution if the proposal is accepted, OE is + // enabled and the block height is greater than the initial height. During + // the first block we'll be carrying state from InitChain, so it would be + // impossible for us to easily revert. + // After the first block has been processed, the next blocks will get executed + // optimistically, so that when the ABCI client calls `FinalizeBlock` the app + // can have a response ready. + if resp.Status == abci.PROCESS_PROPOSAL_STATUS_ACCEPT && + app.optimisticExec.Enabled() && + req.Height > app.initialHeight { + app.optimisticExec.Execute(req) +} + +return resp, nil +} + +// ExtendVote implements the ExtendVote ABCI method and returns a ResponseExtendVote. +// It calls the application's ExtendVote handler which is responsible for performing +// application-specific business logic when sending a pre-commit for the NEXT +// block height. The extensions response may be non-deterministic but must always +// be returned, even if empty. +// +// Agreed upon vote extensions are made available to the proposer of the next +// height and are committed in the subsequent height, i.e. H+2. An error is +// returned if vote extensions are not enabled or if extendVote fails or panics. +func (app *BaseApp) + +ExtendVote(_ context.Context, req *abci.ExtendVoteRequest) (resp *abci.ExtendVoteResponse, err error) { + // Always reset state given that ExtendVote and VerifyVoteExtension can timeout + // and be called again in a subsequent round. + var ctx sdk.Context + + // If we're extending the vote for the initial height, we need to use the + // finalizeBlockState context, otherwise we don't get the uncommitted data + // from InitChain. + if req.Height == app.initialHeight { + ctx, _ = app.finalizeBlockState.Context().CacheContext() +} + +else { + ms := app.cms.CacheMultiStore() + +ctx = sdk.NewContext(ms, false, app.logger).WithStreamingManager(app.streamingManager).WithChainID(app.chainID).WithBlockHeight(req.Height) +} + if app.extendVote == nil { + return nil, errors.New("application ExtendVote handler not set") +} + + // If vote extensions are not enabled, as a safety precaution, we return an + // error. + cp := app.GetConsensusParams(ctx) + + // Note: In this case, we do want to extend vote if the height is equal or + // greater than VoteExtensionsEnableHeight. This defers from the check done + // in ValidateVoteExtensions and PrepareProposal in which we'll check for + // vote extensions on VoteExtensionsEnableHeight+1. + extsEnabled := cp.Feature != nil && req.Height >= cp.Feature.VoteExtensionsEnableHeight.Value && cp.Feature.VoteExtensionsEnableHeight.Value != 0 + if !extsEnabled { + // check abci params + extsEnabled = cp.Abci != nil && req.Height >= cp.Abci.VoteExtensionsEnableHeight && cp.Abci.VoteExtensionsEnableHeight != 0 + if !extsEnabled { + return nil, fmt.Errorf("vote extensions are not enabled; unexpected call to ExtendVote at height %d", req.Height) +} + +} + +ctx = ctx. + WithConsensusParams(cp). + WithBlockGasMeter(storetypes.NewInfiniteGasMeter()). + WithBlockHeight(req.Height). + WithHeaderHash(req.Hash). + WithExecMode(sdk.ExecModeVoteExtension). + WithHeaderInfo(coreheader.Info{ + ChainID: app.chainID, + Height: req.Height, + Hash: req.Hash, +}) + + // add a deferred recover handler in case extendVote panics + defer func() { + if r := recover(); r != nil { + app.logger.Error( + "panic recovered in ExtendVote", + "height", req.Height, + "hash", fmt.Sprintf("%X", req.Hash), + "panic", err, + ) + +err = fmt.Errorf("recovered application panic in ExtendVote: %v", r) +} + +}() + +resp, err = app.extendVote(ctx, req) + if err != nil { + app.logger.Error("failed to extend vote", "height", req.Height, "hash", fmt.Sprintf("%X", req.Hash), "err", err) + +return &abci.ExtendVoteResponse{ + VoteExtension: []byte{ +}}, nil +} + +return resp, err +} + +// VerifyVoteExtension implements the VerifyVoteExtension ABCI method and returns +// a ResponseVerifyVoteExtension. It calls the applications' VerifyVoteExtension +// handler which is responsible for performing application-specific business +// logic in verifying a vote extension from another validator during the pre-commit +// phase. The response MUST be deterministic. An error is returned if vote +// extensions are not enabled or if verifyVoteExt fails or panics. +// We highly recommend a size validation due to performance degradation, +// see more here https://docs.cometbft.com/v1.0/references/qa/cometbft-qa-38#vote-extensions-testbed +func (app *BaseApp) + +VerifyVoteExtension(req *abci.VerifyVoteExtensionRequest) (resp *abci.VerifyVoteExtensionResponse, err error) { + if app.verifyVoteExt == nil { + return nil, errors.New("application VerifyVoteExtension handler not set") +} + +var ctx sdk.Context + + // If we're verifying the vote for the initial height, we need to use the + // finalizeBlockState context, otherwise we don't get the uncommitted data + // from InitChain. + if req.Height == app.initialHeight { + ctx, _ = app.finalizeBlockState.Context().CacheContext() +} + +else { + ms := app.cms.CacheMultiStore() + +ctx = sdk.NewContext(ms, false, app.logger).WithStreamingManager(app.streamingManager).WithChainID(app.chainID).WithBlockHeight(req.Height) +} + + // If vote extensions are not enabled, as a safety precaution, we return an + // error. + cp := app.GetConsensusParams(ctx) + + // Note: we verify votes extensions on VoteExtensionsEnableHeight+1. Check + // comment in ExtendVote and ValidateVoteExtensions for more details. + extsEnabled := cp.Feature.VoteExtensionsEnableHeight != nil && req.Height >= cp.Feature.VoteExtensionsEnableHeight.Value && cp.Feature.VoteExtensionsEnableHeight.Value != 0 + if !extsEnabled { + // check abci params + extsEnabled = cp.Abci != nil && req.Height >= cp.Abci.VoteExtensionsEnableHeight && cp.Abci.VoteExtensionsEnableHeight != 0 + if !extsEnabled { + return nil, fmt.Errorf("vote extensions are not enabled; unexpected call to VerifyVoteExtension at height %d", req.Height) +} + +} + + // add a deferred recover handler in case verifyVoteExt panics + defer func() { + if r := recover(); r != nil { + app.logger.Error( + "panic recovered in VerifyVoteExtension", + "height", req.Height, + "hash", fmt.Sprintf("%X", req.Hash), + "validator", fmt.Sprintf("%X", req.ValidatorAddress), + "panic", r, + ) + +err = fmt.Errorf("recovered application panic in VerifyVoteExtension: %v", r) +} + +}() + +ctx = ctx. + WithConsensusParams(cp). + WithBlockGasMeter(storetypes.NewInfiniteGasMeter()). + WithBlockHeight(req.Height). + WithHeaderHash(req.Hash). + WithExecMode(sdk.ExecModeVerifyVoteExtension). + WithHeaderInfo(coreheader.Info{ + ChainID: app.chainID, + Height: req.Height, + Hash: req.Hash, +}) + +resp, err = app.verifyVoteExt(ctx, req) + if err != nil { + app.logger.Error("failed to verify vote extension", "height", req.Height, "err", err) + +return &abci.VerifyVoteExtensionResponse{ + Status: abci.VERIFY_VOTE_EXTENSION_STATUS_REJECT +}, nil +} + +return resp, err +} + +// internalFinalizeBlock executes the block, called by the Optimistic +// Execution flow or by the FinalizeBlock ABCI method. The context received is +// only used to handle early cancellation, for anything related to state app.finalizeBlockState.Context() +// must be used. +func (app *BaseApp) + +internalFinalizeBlock(ctx context.Context, req *abci.FinalizeBlockRequest) (*abci.FinalizeBlockResponse, error) { + var events []abci.Event + if err := app.checkHalt(req.Height, req.Time); err != nil { + return nil, err +} + if err := app.validateFinalizeBlockHeight(req); err != nil { + return nil, err +} + if app.cms.TracingEnabled() { + app.cms.SetTracingContext(storetypes.TraceContext( + map[string]any{"blockHeight": req.Height +}, + )) +} + header := cmtproto.Header{ + ChainID: app.chainID, + Height: req.Height, + Time: req.Time, + ProposerAddress: req.ProposerAddress, + NextValidatorsHash: req.NextValidatorsHash, + AppHash: app.LastCommitID().Hash, +} + + // finalizeBlockState should be set on InitChain or ProcessProposal. If it is + // nil, it means we are replaying this block and we need to set the state here + // given that during block replay ProcessProposal is not executed by CometBFT. + if app.finalizeBlockState == nil { + app.setState(execModeFinalize, header) +} + + // Context is now updated with Header information. + app.finalizeBlockState.SetContext(app.finalizeBlockState.Context(). + WithBlockHeader(header). + WithHeaderHash(req.Hash). + WithHeaderInfo(coreheader.Info{ + ChainID: app.chainID, + Height: req.Height, + Time: req.Time, + Hash: req.Hash, + AppHash: app.LastCommitID().Hash, +}). + WithConsensusParams(app.GetConsensusParams(app.finalizeBlockState.Context())). + WithVoteInfos(req.DecidedLastCommit.Votes). + WithExecMode(sdk.ExecModeFinalize). + WithCometInfo(corecomet.Info{ + Evidence: sdk.ToSDKEvidence(req.Misbehavior), + ValidatorsHash: req.NextValidatorsHash, + ProposerAddress: req.ProposerAddress, + LastCommit: sdk.ToSDKCommitInfo(req.DecidedLastCommit), +})) + + // GasMeter must be set after we get a context with updated consensus params. + gasMeter := app.getBlockGasMeter(app.finalizeBlockState.Context()) + +app.finalizeBlockState.SetContext(app.finalizeBlockState.Context().WithBlockGasMeter(gasMeter)) + if app.checkState != nil { + app.checkState.SetContext(app.checkState.Context(). + WithBlockGasMeter(gasMeter). + WithHeaderHash(req.Hash)) +} + +preblockEvents, err := app.preBlock(req) + if err != nil { + return nil, err +} + +events = append(events, preblockEvents...) + +beginBlock, err := app.beginBlock(req) + if err != nil { + return nil, err +} + + // First check for an abort signal after beginBlock, as it's the first place + // we spend any significant amount of time. + select { + case <-ctx.Done(): + return nil, ctx.Err() + +default: + // continue +} + +events = append(events, beginBlock.Events...) + + // Reset the gas meter so that the AnteHandlers aren't required to + gasMeter = app.getBlockGasMeter(app.finalizeBlockState.Context()) + +app.finalizeBlockState.SetContext(app.finalizeBlockState.Context().WithBlockGasMeter(gasMeter)) + + // Iterate over all raw transactions in the proposal and attempt to execute + // them, gathering the execution results. + // + // NOTE: Not all raw transactions may adhere to the sdk.Tx interface, e.g. + // vote extensions, so skip those. + txResults := make([]*abci.ExecTxResult, 0, len(req.Txs)) + for _, rawTx := range req.Txs { + response := app.deliverTx(rawTx) + + // check after every tx if we should abort + select { + case <-ctx.Done(): + return nil, ctx.Err() + +default: + // continue +} + +txResults = append(txResults, response) +} + if app.finalizeBlockState.ms.TracingEnabled() { + app.finalizeBlockState.ms = app.finalizeBlockState.ms.SetTracingContext(nil).(storetypes.CacheMultiStore) +} + +endBlock, err := app.endBlock(app.finalizeBlockState.Context()) + if err != nil { + return nil, err +} + + // check after endBlock if we should abort, to avoid propagating the result + select { + case <-ctx.Done(): + return nil, ctx.Err() + +default: + // continue +} + +events = append(events, endBlock.Events...) + cp := app.GetConsensusParams(app.finalizeBlockState.Context()) + +return &abci.FinalizeBlockResponse{ + Events: events, + TxResults: txResults, + ValidatorUpdates: endBlock.ValidatorUpdates, + ConsensusParamUpdates: &cp, +}, nil +} + +// FinalizeBlock will execute the block proposal provided by RequestFinalizeBlock. +// Specifically, it will execute an application's BeginBlock (if defined), followed +// by the transactions in the proposal, finally followed by the application's +// EndBlock (if defined). +// +// For each raw transaction, i.e. a byte slice, BaseApp will only execute it if +// it adheres to the sdk.Tx interface. Otherwise, the raw transaction will be +// skipped. This is to support compatibility with proposers injecting vote +// extensions into the proposal, which should not themselves be executed in cases +// where they adhere to the sdk.Tx interface. +func (app *BaseApp) + +FinalizeBlock(req *abci.FinalizeBlockRequest) (res *abci.FinalizeBlockResponse, err error) { + defer func() { + // call the streaming service hooks with the FinalizeBlock messages + for _, streamingListener := range app.streamingManager.ABCIListeners { + if err := streamingListener.ListenFinalizeBlock(app.finalizeBlockState.Context(), *req, *res); err != nil { + app.logger.Error("ListenFinalizeBlock listening hook failed", "height", req.Height, "err", err) +} + +} + +}() + if app.optimisticExec.Initialized() { + // check if the hash we got is the same as the one we are executing + aborted := app.optimisticExec.AbortIfNeeded(req.Hash) + // Wait for the OE to finish, regardless of whether it was aborted or not + res, err = app.optimisticExec.WaitResult() + + // only return if we are not aborting + if !aborted { + if res != nil { + res.AppHash = app.workingHash() +} + +return res, err +} + + // if it was aborted, we need to reset the state + app.finalizeBlockState = nil + app.optimisticExec.Reset() +} + + // if no OE is running, just run the block (this is either a block replay or a OE that got aborted) + +res, err = app.internalFinalizeBlock(context.Background(), req) + if res != nil { + res.AppHash = app.workingHash() +} + +return res, err +} + +// checkHalt checks if height or time exceeds halt-height or halt-time respectively. +func (app *BaseApp) + +checkHalt(height int64, time time.Time) + +error { + var halt bool + switch { + case app.haltHeight > 0 && uint64(height) >= app.haltHeight: + halt = true + case app.haltTime > 0 && time.Unix() >= int64(app.haltTime): + halt = true +} + if halt { + return fmt.Errorf("halt per configuration height %d time %d", app.haltHeight, app.haltTime) +} + +return nil +} + +// Commit implements the ABCI interface. It will commit all state that exists in +// the deliver state's multi-store and includes the resulting commit ID in the +// returned abci.ResponseCommit. Commit will set the check state based on the +// latest header and reset the deliver state. Also, if a non-zero halt height is +// defined in config, Commit will execute a deferred function call to check +// against that height and gracefully halt if it matches the latest committed +// height. +func (app *BaseApp) + +Commit() (*abci.CommitResponse, error) { + header := app.finalizeBlockState.Context().BlockHeader() + retainHeight := app.GetBlockRetentionHeight(header.Height) + if app.precommiter != nil { + app.precommiter(app.finalizeBlockState.Context()) +} + +rms, ok := app.cms.(*rootmulti.Store) + if ok { + rms.SetCommitHeader(header) +} + +app.cms.Commit() + resp := &abci.CommitResponse{ + RetainHeight: retainHeight, +} + abciListeners := app.streamingManager.ABCIListeners + if len(abciListeners) > 0 { + ctx := app.finalizeBlockState.Context() + blockHeight := ctx.BlockHeight() + changeSet := app.cms.PopStateCache() + for _, abciListener := range abciListeners { + if err := abciListener.ListenCommit(ctx, *resp, changeSet); err != nil { + app.logger.Error("Commit listening hook failed", "height", blockHeight, "err", err) +} + +} + +} + + // Reset the CheckTx state to the latest committed. + // + // NOTE: This is safe because CometBFT holds a lock on the mempool for + // Commit. Use the header from this latest block. + app.setState(execModeCheck, header) + +app.finalizeBlockState = nil + if app.prepareCheckStater != nil { + app.prepareCheckStater(app.checkState.Context()) +} + + // The SnapshotIfApplicable method will create the snapshot by starting the goroutine + app.snapshotManager.SnapshotIfApplicable(header.Height) + +return resp, nil +} + +// workingHash gets the apphash that will be finalized in commit. +// These writes will be persisted to the root multi-store (app.cms) + +and flushed to +// disk in the Commit phase. This means when the ABCI client requests Commit(), the application +// state transitions will be flushed to disk and as a result, but we already have +// an application Merkle root. +func (app *BaseApp) + +workingHash() []byte { + // Write the FinalizeBlock state into branched storage and commit the MultiStore. + // The write to the FinalizeBlock state writes all state transitions to the root + // MultiStore (app.cms) + +so when Commit() + +is called it persists those values. + app.finalizeBlockState.ms.Write() + + // Get the hash of all writes in order to return the apphash to the comet in finalizeBlock. + commitHash := app.cms.WorkingHash() + +app.logger.Debug("hash of all writes", "workingHash", fmt.Sprintf("%X", commitHash)) + +return commitHash +} + +func handleQueryApp(app *BaseApp, path []string, req *abci.QueryRequest) *abci.QueryResponse { + if len(path) >= 2 { + switch path[1] { + case "simulate": + txBytes := req.Data + + gInfo, res, err := app.Simulate(txBytes) + if err != nil { + return queryResult(errorsmod.Wrap(err, "failed to simulate tx"), app.trace) +} + simRes := &sdk.SimulationResponse{ + GasInfo: gInfo, + Result: res, +} + +bz, err := codec.ProtoMarshalJSON(simRes, app.interfaceRegistry) + if err != nil { + return queryResult(errorsmod.Wrap(err, "failed to JSON encode simulation response"), app.trace) +} + +return &abci.QueryResponse{ + Codespace: sdkerrors.RootCodespace, + Height: req.Height, + Value: bz, +} + case "version": + return &abci.QueryResponse{ + Codespace: sdkerrors.RootCodespace, + Height: req.Height, + Value: []byte(app.version), +} + +default: + return queryResult(errorsmod.Wrapf(sdkerrors.ErrUnknownRequest, "unknown query: %s", path), app.trace) +} + +} + +return queryResult( + errorsmod.Wrap( + sdkerrors.ErrUnknownRequest, + "expected second parameter to be either 'simulate' or 'version', neither was present", + ), app.trace) +} + +func handleQueryStore(app *BaseApp, path []string, req abci.QueryRequest) *abci.QueryResponse { + // "/store" prefix for store queries + queryable, ok := app.cms.(storetypes.Queryable) + if !ok { + return queryResult(errorsmod.Wrap(sdkerrors.ErrUnknownRequest, "multi-store does not support queries"), app.trace) +} + +req.Path = "/" + strings.Join(path[1:], "/") + if req.Height <= 1 && req.Prove { + return queryResult( + errorsmod.Wrap( + sdkerrors.ErrInvalidRequest, + "cannot query with proof when height <= 1; please provide a valid height", + ), app.trace) +} + sdkReq := storetypes.RequestQuery(req) + +resp, err := queryable.Query(&sdkReq) + if err != nil { + return queryResult(err, app.trace) +} + +resp.Height = req.Height + abciResp := abci.QueryResponse(*resp) + +return &abciResp +} + +func handleQueryP2P(app *BaseApp, path []string) *abci.QueryResponse { + // "/p2p" prefix for p2p queries + if len(path) < 4 { + return queryResult(errorsmod.Wrap(sdkerrors.ErrUnknownRequest, "path should be p2p filter "), app.trace) +} + +var resp *abci.QueryResponse + + cmd, typ, arg := path[1], path[2], path[3] + switch cmd { + case "filter": + switch typ { + case "addr": + resp = app.FilterPeerByAddrPort(arg) + case "id": + resp = app.FilterPeerByID(arg) +} + +default: + resp = queryResult(errorsmod.Wrap(sdkerrors.ErrUnknownRequest, "expected second parameter to be 'filter'"), app.trace) +} + +return resp +} + +// SplitABCIQueryPath splits a string path using the delimiter '/'. +// +// e.g. "this/is/funny" becomes []string{"this", "is", "funny" +} + +func SplitABCIQueryPath(requestPath string) (path []string) { + path = strings.Split(requestPath, "/") + + // first element is empty string + if len(path) > 0 && path[0] == "" { + path = path[1:] +} + +return path +} + +// FilterPeerByAddrPort filters peers by address/port. +func (app *BaseApp) + +FilterPeerByAddrPort(info string) *abci.QueryResponse { + if app.addrPeerFilter != nil { + return app.addrPeerFilter(info) +} + +return &abci.QueryResponse{ +} +} + +// FilterPeerByID filters peers by node ID. +func (app *BaseApp) + +FilterPeerByID(info string) *abci.QueryResponse { + if app.idPeerFilter != nil { + return app.idPeerFilter(info) +} + +return &abci.QueryResponse{ +} +} + +// getContextForProposal returns the correct Context for PrepareProposal and +// ProcessProposal. We use finalizeBlockState on the first block to be able to +// access any state changes made in InitChain. +func (app *BaseApp) + +getContextForProposal(ctx sdk.Context, height int64) + +sdk.Context { + if height == app.initialHeight { + ctx, _ = app.finalizeBlockState.Context().CacheContext() + + // clear all context data set during InitChain to avoid inconsistent behavior + ctx = ctx.WithHeaderInfo(coreheader.Info{ +}).WithBlockHeader(cmtproto.Header{ +}) + +return ctx +} + +return ctx +} + +func (app *BaseApp) + +handleQueryGRPC(handler GRPCQueryHandler, req *abci.QueryRequest) *abci.QueryResponse { + ctx, err := app.CreateQueryContext(req.Height, req.Prove) + if err != nil { + return queryResult(err, app.trace) +} + +resp, err := handler(ctx, req) + if err != nil { + resp = queryResult(gRPCErrorToSDKError(err), app.trace) + +resp.Height = req.Height + return resp +} + +return resp +} + +func gRPCErrorToSDKError(err error) + +error { + status, ok := grpcstatus.FromError(err) + if !ok { + return errorsmod.Wrap(sdkerrors.ErrInvalidRequest, err.Error()) +} + switch status.Code() { + case codes.NotFound: + return errorsmod.Wrap(sdkerrors.ErrKeyNotFound, err.Error()) + case codes.InvalidArgument: + return errorsmod.Wrap(sdkerrors.ErrInvalidRequest, err.Error()) + case codes.FailedPrecondition: + return errorsmod.Wrap(sdkerrors.ErrInvalidRequest, err.Error()) + case codes.Unauthenticated: + return errorsmod.Wrap(sdkerrors.ErrUnauthorized, err.Error()) + +default: + return errorsmod.Wrap(sdkerrors.ErrUnknownRequest, err.Error()) +} +} + +func checkNegativeHeight(height int64) + +error { + if height < 0 { + return errorsmod.Wrap(sdkerrors.ErrInvalidRequest, "cannot query with height < 0; please provide a valid height") +} + +return nil +} + +// CreateQueryContext creates a new sdk.Context for a query, taking as args +// the block height and whether the query needs a proof or not. +func (app *BaseApp) + +CreateQueryContext(height int64, prove bool) (sdk.Context, error) { + if err := checkNegativeHeight(height); err != nil { + return sdk.Context{ +}, err +} + + // use custom query multi-store if provided + qms := app.qms + if qms == nil { + qms = app.cms.(storetypes.MultiStore) +} + lastBlockHeight := qms.LatestVersion() + if lastBlockHeight == 0 { + return sdk.Context{ +}, errorsmod.Wrapf(sdkerrors.ErrInvalidHeight, "%s is not ready; please wait for first block", app.Name()) +} + if height > lastBlockHeight { + return sdk.Context{ +}, + errorsmod.Wrap( + sdkerrors.ErrInvalidHeight, + "cannot query with height in the future; please provide a valid height", + ) +} + + // when a client did not provide a query height, manually inject the latest + if height == 0 { + height = lastBlockHeight +} + if height <= 1 && prove { + return sdk.Context{ +}, + errorsmod.Wrap( + sdkerrors.ErrInvalidRequest, + "cannot query with proof when height <= 1; please provide a valid height", + ) +} + +cacheMS, err := qms.CacheMultiStoreWithVersion(height) + if err != nil { + return sdk.Context{ +}, + errorsmod.Wrapf( + sdkerrors.ErrNotFound, + "failed to load state at height %d; %s (latest height: %d)", height, err, lastBlockHeight, + ) +} + + // branch the commit multi-store for safety + ctx := sdk.NewContext(cacheMS, true, app.logger). + WithMinGasPrices(app.minGasPrices). + WithGasMeter(storetypes.NewGasMeter(app.queryGasLimit)). + WithHeaderInfo(coreheader.Info{ + ChainID: app.chainID, + Height: height, +}). + WithBlockHeader(app.checkState.Context().BlockHeader()). + WithBlockHeight(height) + if height != lastBlockHeight { + rms, ok := app.cms.(*rootmulti.Store) + if ok { + cInfo, err := rms.GetCommitInfo(height) + if cInfo != nil && err == nil { + ctx = ctx.WithHeaderInfo(coreheader.Info{ + Height: height, + Time: cInfo.Timestamp +}) +} + +} + +} + +return ctx, nil +} + +// GetBlockRetentionHeight returns the height for which all blocks below this height +// are pruned from CometBFT. Given a commitment height and a non-zero local +// minRetainBlocks configuration, the retentionHeight is the smallest height that +// satisfies: +// +// - Unbonding (safety threshold) + +time: The block interval in which validators +// can be economically punished for misbehavior. Blocks in this interval must be +// auditable e.g. by the light client. +// +// - Logical store snapshot interval: The block interval at which the underlying +// logical store database is persisted to disk, e.g. every 10000 heights. Blocks +// since the last IAVL snapshot must be available for replay on application restart. +// +// - State sync snapshots: Blocks since the oldest available snapshot must be +// available for state sync nodes to catch up (oldest because a node may be +// restoring an old snapshot while a new snapshot was taken). +// +// - Local (minRetainBlocks) + +config: Archive nodes may want to retain more or +// all blocks, e.g. via a local config option min-retain-blocks. There may also +// be a need to vary retention for other nodes, e.g. sentry nodes which do not +// need historical blocks. +func (app *BaseApp) + +GetBlockRetentionHeight(commitHeight int64) + +int64 { + // pruning is disabled if minRetainBlocks is zero + if app.minRetainBlocks == 0 { + return 0 +} + minNonZero := func(x, y int64) + +int64 { + switch { + case x == 0: + return y + case y == 0: + return x + case x < y: + return x + + default: + return y +} + +} + + // Define retentionHeight as the minimum value that satisfies all non-zero + // constraints. All blocks below (commitHeight-retentionHeight) + +are pruned + // from CometBFT. + var retentionHeight int64 + + // Define the number of blocks needed to protect against misbehaving validators + // which allows light clients to operate safely. Note, we piggy back of the + // evidence parameters instead of computing an estimated number of blocks based + // on the unbonding period and block commitment time as the two should be + // equivalent. + cp := app.GetConsensusParams(app.finalizeBlockState.Context()) + if cp.Evidence != nil && cp.Evidence.MaxAgeNumBlocks > 0 { + retentionHeight = commitHeight - cp.Evidence.MaxAgeNumBlocks +} + if app.snapshotManager != nil { + snapshotRetentionHeights := app.snapshotManager.GetSnapshotBlockRetentionHeights() + if snapshotRetentionHeights > 0 { + retentionHeight = minNonZero(retentionHeight, commitHeight-snapshotRetentionHeights) +} + +} + v := commitHeight - int64(app.minRetainBlocks) + +retentionHeight = minNonZero(retentionHeight, v) + if retentionHeight <= 0 { + // prune nothing in the case of a non-positive height + return 0 +} + +return retentionHeight +} + +// toVoteInfo converts the new ExtendedVoteInfo to VoteInfo. +func toVoteInfo(votes []abci.ExtendedVoteInfo) []abci.VoteInfo { + legacyVotes := make([]abci.VoteInfo, len(votes)) + for i, vote := range votes { + legacyVotes[i] = abci.VoteInfo{ + Validator: abci.Validator{ + Address: vote.Validator.Address, + Power: vote.Validator.Power, +}, + BlockIdFlag: vote.BlockIdFlag, +} + +} + +return legacyVotes +} +``` + +## CheckTx Handler + +`CheckTxHandler` allows users to extend the logic of `CheckTx`. `CheckTxHandler` is called by passing context and the transaction bytes received through ABCI. It is required that the handler returns deterministic results given the same transaction bytes. + + +we return the raw decoded transaction here to avoid decoding it twice. + + +```go +type CheckTxHandler func(ctx sdk.Context, tx []byte) (Tx, error) +``` + +Setting a custom `CheckTxHandler` is optional. It can be done from your app.go file: + +```go expandable +func NewSimApp( + logger log.Logger, + db corestore.KVStoreWithBatch, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), +) *SimApp { + ... + // Create ChecktxHandler + checktxHandler := abci.NewCustomCheckTxHandler(...) + +app.SetCheckTxHandler(checktxHandler) + ... +} +``` diff --git a/docs/sdk/next/build/abci/introduction.mdx b/docs/sdk/next/build/abci/introduction.mdx new file mode 100644 index 00000000..432094a7 --- /dev/null +++ b/docs/sdk/next/build/abci/introduction.mdx @@ -0,0 +1,55 @@ +--- +title: Introduction +description: >- + ABCI, Application Blockchain Interface is the interface between CometBFT and + the application. More information about ABCI can be found here. CometBFT + version 0.38 included a new version of ABCI (called ABCI 2.0) which added + several new methods. +--- +## What is ABCI? + +ABCI, Application Blockchain Interface is the interface between CometBFT and the application. More information about ABCI can be found [here](https://docs.cometbft.com/v0.38/spec/abci/). CometBFT version 0.38 included a new version of ABCI (called ABCI 2.0) which added several new methods. + +The 5 methods introduced in ABCI 2.0 are: + +* `PrepareProposal` +* `ProcessProposal` +* `ExtendVote` +* `VerifyVoteExtension` +* `FinalizeBlock` + +## The Flow + +## PrepareProposal + +Based on validator voting power, CometBFT chooses a block proposer and calls `PrepareProposal` on the block proposer's application (Cosmos SDK). The selected block proposer is responsible for collecting outstanding transactions from the mempool, adhering to the application's specifications. The application can enforce custom transaction ordering and incorporate additional transactions, potentially generated from vote extensions in the previous block. + +To perform this manipulation on the application side, a custom handler must be implemented. By default, the Cosmos SDK provides `PrepareProposalHandler`, used in conjunction with an application specific mempool. A custom handler can be written by an application developer, if a noop handler is provided, all transactions are considered valid. + +Please note that vote extensions will only be available on the following height in which vote extensions are enabled. More information about vote extensions can be found [here](https://docs.cosmos.network/main/build/abci/vote-extensions). + +After creating the proposal, the proposer returns it to CometBFT. + +PrepareProposal CAN be non-deterministic. + +## ProcessProposal + +This method allows validators to perform application-specific checks on the block proposal and is called on all validators. This is an important step in the consensus process, as it ensures that the block is valid and meets the requirements of the application. For example, validators could check that the block contains all the required transactions or that the block does not create any invalid state transitions. + +The implementation of `ProcessProposal` MUST be deterministic. + +## ExtendVote and VerifyVoteExtensions + +These methods allow applications to extend the voting process by requiring validators to perform additional actions beyond simply validating blocks. + +If vote extensions are enabled, `ExtendVote` will be called on every validator and each one will return its vote extension which is in practice a bunch of bytes. As mentioned above this data (vote extension) can only be retrieved in the next block height during `PrepareProposal`. Additionally, this data can be arbitrary, but in the provided tutorials, it serves as an oracle or proof of transactions in the mempool. Essentially, vote extensions are processed and injected as transactions. Examples of use-cases for vote extensions include prices for a price oracle or encryption shares for an encrypted transaction mempool. `ExtendVote` CAN be non-deterministic. + +`VerifyVoteExtensions` is performed on every validator multiple times in order to verify other validators' vote extensions. This check is performed to validate the integrity and validity of the vote extensions preventing malicious or invalid vote extensions. + +Additionally, applications must keep the vote extension data concise as it can degrade the performance of their chain, see testing results [here](https://docs.cometbft.com/v0.38/qa/cometbft-qa-38#vote-extensions-testbed). + +`VerifyVoteExtensions` MUST be deterministic. + +## FinalizeBlock + +`FinalizeBlock` is then called and is responsible for updating the state of the blockchain and making the block available to users. diff --git a/docs/sdk/next/build/abci/prepare-proposal.mdx b/docs/sdk/next/build/abci/prepare-proposal.mdx new file mode 100644 index 00000000..5459b54b --- /dev/null +++ b/docs/sdk/next/build/abci/prepare-proposal.mdx @@ -0,0 +1,666 @@ +--- +title: Prepare Proposal +--- +`PrepareProposal` handles construction of the block, meaning that when a proposer +is preparing to propose a block, it requests the application to evaluate a +`RequestPrepareProposal`, which contains a series of transactions from CometBFT's +mempool. At this point, the application has complete control over the proposal. +It can modify, delete, and inject transactions from its own app-side mempool into +the proposal or even ignore all the transactions altogether. What the application +does with the transactions provided to it by `RequestPrepareProposal` has no +effect on CometBFT's mempool. + +Note, that the application defines the semantics of the `PrepareProposal` and it +MAY be non-deterministic and is only executed by the current block proposer. + +Now, reading mempool twice in the previous sentence is confusing, lets break it down. +CometBFT has a mempool that handles gossiping transactions to other nodes +in the network. The order of these transactions is determined by CometBFT's mempool, +using FIFO as the sole ordering mechanism. It's worth noting that the priority mempool +in Comet was removed or deprecated. +However, since the application is able to fully inspect +all transactions, it can provide greater control over transaction ordering. +Allowing the application to handle ordering enables the application to define how +it would like the block constructed. + +The Cosmos SDK defines the `DefaultProposalHandler` type, which provides applications with +`PrepareProposal` and `ProcessProposal` handlers. If you decide to implement your +own `PrepareProposal` handler, you must ensure that the transactions +selected DO NOT exceed the maximum block gas (if set) and the maximum bytes provided +by `req.MaxBytes`. + +```go expandable +package baseapp + +import ( + + "bytes" + "context" + "fmt" + "slices" + "github.com/cockroachdb/errors" + abci "github.com/cometbft/cometbft/abci/types" + cryptoenc "github.com/cometbft/cometbft/crypto/encoding" + cmtprotocrypto "github.com/cometbft/cometbft/proto/tendermint/crypto" + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + cmttypes "github.com/cometbft/cometbft/types" + protoio "github.com/cosmos/gogoproto/io" + "github.com/cosmos/gogoproto/proto" + "cosmossdk.io/core/comet" + + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/mempool" +) + +type ( + // ValidatorStore defines the interface contract required for verifying vote + // extension signatures. Typically, this will be implemented by the x/staking + // module, which has knowledge of the CometBFT public key. + ValidatorStore interface { + GetPubKeyByConsAddr(context.Context, sdk.ConsAddress) (cmtprotocrypto.PublicKey, error) +} + + // GasTx defines the contract that a transaction with a gas limit must implement. + GasTx interface { + GetGas() + +uint64 +} +) + +// ValidateVoteExtensions defines a helper function for verifying vote extension +// signatures that may be passed or manually injected into a block proposal from +// a proposer in PrepareProposal. It returns an error if any signature is invalid +// or if unexpected vote extensions and/or signatures are found or less than 2/3 +// power is received. +// NOTE: From v0.50.5 `currentHeight` and `chainID` arguments are ignored for fixing an issue. +// They will be removed from the function in v0.51+. +func ValidateVoteExtensions( + ctx sdk.Context, + valStore ValidatorStore, + _ int64, + _ string, + extCommit abci.ExtendedCommitInfo, +) + +error { + // Get values from context + cp := ctx.ConsensusParams() + currentHeight := ctx.HeaderInfo().Height + chainID := ctx.HeaderInfo().ChainID + commitInfo := ctx.CometInfo().GetLastCommit() + + // Check that both extCommit + commit are ordered in accordance with vp/address. + if err := validateExtendedCommitAgainstLastCommit(extCommit, commitInfo); err != nil { + return err +} + + // Start checking vote extensions only **after** the vote extensions enable + // height, because when `currentHeight == VoteExtensionsEnableHeight` + // PrepareProposal doesn't get any vote extensions in its request. + extsEnabled := cp.Abci != nil && currentHeight > cp.Abci.VoteExtensionsEnableHeight && cp.Abci.VoteExtensionsEnableHeight != 0 + marshalDelimitedFn := func(msg proto.Message) ([]byte, error) { + var buf bytes.Buffer + if err := protoio.NewDelimitedWriter(&buf).WriteMsg(msg); err != nil { + return nil, err +} + +return buf.Bytes(), nil +} + +var ( + // Total voting power of all vote extensions. + totalVP int64 + // Total voting power of all validators that submitted valid vote extensions. + sumVP int64 + ) + for _, vote := range extCommit.Votes { + totalVP += vote.Validator.Power + + // Only check + include power if the vote is a commit vote. There must be super-majority, otherwise the + // previous block (the block the vote is for) + +could not have been committed. + if vote.BlockIdFlag != cmtproto.BlockIDFlagCommit { + continue +} + if !extsEnabled { + if len(vote.VoteExtension) > 0 { + return fmt.Errorf("vote extensions disabled; received non-empty vote extension at height %d", currentHeight) +} + if len(vote.ExtensionSignature) > 0 { + return fmt.Errorf("vote extensions disabled; received non-empty vote extension signature at height %d", currentHeight) +} + +continue +} + if len(vote.ExtensionSignature) == 0 { + return fmt.Errorf("vote extensions enabled; received empty vote extension signature at height %d", currentHeight) +} + valConsAddr := sdk.ConsAddress(vote.Validator.Address) + +pubKeyProto, err := valStore.GetPubKeyByConsAddr(ctx, valConsAddr) + if err != nil { + return fmt.Errorf("failed to get validator %X public key: %w", valConsAddr, err) +} + +cmtPubKey, err := cryptoenc.PubKeyFromProto(pubKeyProto) + if err != nil { + return fmt.Errorf("failed to convert validator %X public key: %w", valConsAddr, err) +} + cve := cmtproto.CanonicalVoteExtension{ + Extension: vote.VoteExtension, + Height: currentHeight - 1, // the vote extension was signed in the previous height + Round: int64(extCommit.Round), + ChainId: chainID, +} + +extSignBytes, err := marshalDelimitedFn(&cve) + if err != nil { + return fmt.Errorf("failed to encode CanonicalVoteExtension: %w", err) +} + if !cmtPubKey.VerifySignature(extSignBytes, vote.ExtensionSignature) { + return fmt.Errorf("failed to verify validator %X vote extension signature", valConsAddr) +} + +sumVP += vote.Validator.Power +} + + // This check is probably unnecessary, but better safe than sorry. + if totalVP <= 0 { + return fmt.Errorf("total voting power must be positive, got: %d", totalVP) +} + + // If the sum of the voting power has not reached (2/3 + 1) + +we need to error. + if requiredVP := ((totalVP * 2) / 3) + 1; sumVP < requiredVP { + return fmt.Errorf( + "insufficient cumulative voting power received to verify vote extensions; got: %d, expected: >=%d", + sumVP, requiredVP, + ) +} + +return nil +} + +// validateExtendedCommitAgainstLastCommit validates an ExtendedCommitInfo against a LastCommit. Specifically, +// it checks that the ExtendedCommit + LastCommit (for the same height), are consistent with each other + that +// they are ordered correctly (by voting power) + +in accordance with +// [comet](https://github.com/cometbft/cometbft/blob/4ce0277b35f31985bbf2c25d3806a184a4510010/types/validator_set.go#L784). +func validateExtendedCommitAgainstLastCommit(ec abci.ExtendedCommitInfo, lc comet.CommitInfo) + +error { + // check that the rounds are the same + if ec.Round != lc.Round() { + return fmt.Errorf("extended commit round %d does not match last commit round %d", ec.Round, lc.Round()) +} + + // check that the # of votes are the same + if len(ec.Votes) != lc.Votes().Len() { + return fmt.Errorf("extended commit votes length %d does not match last commit votes length %d", len(ec.Votes), lc.Votes().Len()) +} + + // check sort order of extended commit votes + if !slices.IsSortedFunc(ec.Votes, func(vote1, vote2 abci.ExtendedVoteInfo) + +int { + if vote1.Validator.Power == vote2.Validator.Power { + return bytes.Compare(vote1.Validator.Address, vote2.Validator.Address) // addresses sorted in ascending order (used to break vp conflicts) +} + +return -int(vote1.Validator.Power - vote2.Validator.Power) // vp sorted in descending order +}) { + return fmt.Errorf("extended commit votes are not sorted by voting power") +} + addressCache := make(map[string]struct{ +}, len(ec.Votes)) + // check that consistency between LastCommit and ExtendedCommit + for i, vote := range ec.Votes { + // cache addresses to check for duplicates + if _, ok := addressCache[string(vote.Validator.Address)]; ok { + return fmt.Errorf("extended commit vote address %X is duplicated", vote.Validator.Address) +} + +addressCache[string(vote.Validator.Address)] = struct{ +}{ +} + if !bytes.Equal(vote.Validator.Address, lc.Votes().Get(i).Validator().Address()) { + return fmt.Errorf("extended commit vote address %X does not match last commit vote address %X", vote.Validator.Address, lc.Votes().Get(i).Validator().Address()) +} + if vote.Validator.Power != lc.Votes().Get(i).Validator().Power() { + return fmt.Errorf("extended commit vote power %d does not match last commit vote power %d", vote.Validator.Power, lc.Votes().Get(i).Validator().Power()) +} + +} + +return nil +} + +type ( + // ProposalTxVerifier defines the interface that is implemented by BaseApp, + // that any custom ABCI PrepareProposal and ProcessProposal handler can use + // to verify a transaction. + ProposalTxVerifier interface { + PrepareProposalVerifyTx(tx sdk.Tx) ([]byte, error) + +ProcessProposalVerifyTx(txBz []byte) (sdk.Tx, error) + +TxDecode(txBz []byte) (sdk.Tx, error) + +TxEncode(tx sdk.Tx) ([]byte, error) +} + + // DefaultProposalHandler defines the default ABCI PrepareProposal and + // ProcessProposal handlers. + DefaultProposalHandler struct { + mempool mempool.Mempool + txVerifier ProposalTxVerifier + txSelector TxSelector + signerExtAdapter mempool.SignerExtractionAdapter +} +) + +func NewDefaultProposalHandler(mp mempool.Mempool, txVerifier ProposalTxVerifier) *DefaultProposalHandler { + return &DefaultProposalHandler{ + mempool: mp, + txVerifier: txVerifier, + txSelector: NewDefaultTxSelector(), + signerExtAdapter: mempool.NewDefaultSignerExtractionAdapter(), +} +} + +// SetTxSelector sets the TxSelector function on the DefaultProposalHandler. +func (h *DefaultProposalHandler) + +SetTxSelector(ts TxSelector) { + h.txSelector = ts +} + +// PrepareProposalHandler returns the default implementation for processing an +// ABCI proposal. The application's mempool is enumerated and all valid +// transactions are added to the proposal. Transactions are valid if they: +// +// 1) + +Successfully encode to bytes. +// 2) + +Are valid (i.e. pass runTx, AnteHandler only). +// +// Enumeration is halted once RequestPrepareProposal.MaxBytes of transactions is +// reached or the mempool is exhausted. +// +// Note: +// +// - Step (2) + +is identical to the validation step performed in +// DefaultProcessProposal. It is very important that the same validation logic +// is used in both steps, and applications must ensure that this is the case in +// non-default handlers. +// +// - If no mempool is set or if the mempool is a no-op mempool, the transactions +// requested from CometBFT will simply be returned, which, by default, are in +// FIFO order. +func (h *DefaultProposalHandler) + +PrepareProposalHandler() + +sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + var maxBlockGas uint64 + if b := ctx.ConsensusParams().Block; b != nil { + maxBlockGas = uint64(b.MaxGas) +} + +defer h.txSelector.Clear() + + // If the mempool is nil or NoOp we simply return the transactions + // requested from CometBFT, which, by default, should be in FIFO order. + // + // Note, we still need to ensure the transactions returned respect req.MaxTxBytes. + _, isNoOp := h.mempool.(mempool.NoOpMempool) + if h.mempool == nil || isNoOp { + for _, txBz := range req.Txs { + tx, err := h.txVerifier.TxDecode(txBz) + if err != nil { + return nil, err +} + stop := h.txSelector.SelectTxForProposal(ctx, uint64(req.MaxTxBytes), maxBlockGas, tx, txBz) + if stop { + break +} + +} + +return &abci.ResponsePrepareProposal{ + Txs: h.txSelector.SelectedTxs(ctx) +}, nil +} + selectedTxsSignersSeqs := make(map[string]uint64) + +var ( + resError error + selectedTxsNums int + invalidTxs []sdk.Tx // invalid txs to be removed out of the loop to avoid dead lock + ) + +mempool.SelectBy(ctx, h.mempool, req.Txs, func(memTx sdk.Tx) + +bool { + unorderedTx, ok := memTx.(sdk.TxWithUnordered) + isUnordered := ok && unorderedTx.GetUnordered() + txSignersSeqs := make(map[string]uint64) + + // if the tx is unordered, we don't need to check the sequence, we just add it + if !isUnordered { + signerData, err := h.signerExtAdapter.GetSigners(memTx) + if err != nil { + // propagate the error to the caller + resError = err + return false +} + + // If the signers aren't in selectedTxsSignersSeqs then we haven't seen them before + // so we add them and continue given that we don't need to check the sequence. + shouldAdd := true + for _, signer := range signerData { + seq, ok := selectedTxsSignersSeqs[signer.Signer.String()] + if !ok { + txSignersSeqs[signer.Signer.String()] = signer.Sequence + continue +} + + // If we have seen this signer before in this block, we must make + // sure that the current sequence is seq+1; otherwise is invalid + // and we skip it. + if seq+1 != signer.Sequence { + shouldAdd = false + break +} + +txSignersSeqs[signer.Signer.String()] = signer.Sequence +} + if !shouldAdd { + return true +} + +} + + // NOTE: Since transaction verification was already executed in CheckTx, + // which calls mempool.Insert, in theory everything in the pool should be + // valid. But some mempool implementations may insert invalid txs, so we + // check again. + txBz, err := h.txVerifier.PrepareProposalVerifyTx(memTx) + if err != nil { + invalidTxs = append(invalidTxs, memTx) +} + +else { + stop := h.txSelector.SelectTxForProposal(ctx, uint64(req.MaxTxBytes), maxBlockGas, memTx, txBz) + if stop { + return false +} + txsLen := len(h.txSelector.SelectedTxs(ctx)) + // If the tx is unordered, we don't need to update the sender sequence. + if !isUnordered { + for sender, seq := range txSignersSeqs { + // If txsLen != selectedTxsNums is true, it means that we've + // added a new tx to the selected txs, so we need to update + // the sequence of the sender. + if txsLen != selectedTxsNums { + selectedTxsSignersSeqs[sender] = seq +} + +else if _, ok := selectedTxsSignersSeqs[sender]; !ok { + // The transaction hasn't been added but it passed the + // verification, so we know that the sequence is correct. + // So we set this sender's sequence to seq-1, in order + // to avoid unnecessary calls to PrepareProposalVerifyTx. + selectedTxsSignersSeqs[sender] = seq - 1 +} + +} + +} + +selectedTxsNums = txsLen +} + +return true +}) + if resError != nil { + return nil, resError +} + for _, tx := range invalidTxs { + err := h.mempool.Remove(tx) + if err != nil && !errors.Is(err, mempool.ErrTxNotFound) { + return nil, err +} + +} + +return &abci.ResponsePrepareProposal{ + Txs: h.txSelector.SelectedTxs(ctx) +}, nil +} +} + +// ProcessProposalHandler returns the default implementation for processing an +// ABCI proposal. Every transaction in the proposal must pass 2 conditions: +// +// 1. The transaction bytes must decode to a valid transaction. +// 2. The transaction must be valid (i.e. pass runTx, AnteHandler only) +// +// If any transaction fails to pass either condition, the proposal is rejected. +// Note that step (2) + +is identical to the validation step performed in +// DefaultPrepareProposal. It is very important that the same validation logic +// is used in both steps, and applications must ensure that this is the case in +// non-default handlers. +func (h *DefaultProposalHandler) + +ProcessProposalHandler() + +sdk.ProcessProposalHandler { + // If the mempool is nil or NoOp we simply return ACCEPT, + // because PrepareProposal may have included txs that could fail verification. + _, isNoOp := h.mempool.(mempool.NoOpMempool) + if h.mempool == nil || isNoOp { + return NoOpProcessProposal() +} + +return func(ctx sdk.Context, req *abci.RequestProcessProposal) (*abci.ResponseProcessProposal, error) { + var totalTxGas uint64 + + var maxBlockGas int64 + if b := ctx.ConsensusParams().Block; b != nil { + maxBlockGas = b.MaxGas +} + for _, txBytes := range req.Txs { + tx, err := h.txVerifier.ProcessProposalVerifyTx(txBytes) + if err != nil { + return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_REJECT +}, nil +} + if maxBlockGas > 0 { + gasTx, ok := tx.(GasTx) + if ok { + totalTxGas += gasTx.GetGas() +} + if totalTxGas > uint64(maxBlockGas) { + return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_REJECT +}, nil +} + +} + +} + +return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_ACCEPT +}, nil +} +} + +// NoOpPrepareProposal defines a no-op PrepareProposal handler. It will always +// return the transactions sent by the client's request. +func NoOpPrepareProposal() + +sdk.PrepareProposalHandler { + return func(_ sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + return &abci.ResponsePrepareProposal{ + Txs: req.Txs +}, nil +} +} + +// NoOpProcessProposal defines a no-op ProcessProposal Handler. It will always +// return ACCEPT. +func NoOpProcessProposal() + +sdk.ProcessProposalHandler { + return func(_ sdk.Context, _ *abci.RequestProcessProposal) (*abci.ResponseProcessProposal, error) { + return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_ACCEPT +}, nil +} +} + +// NoOpExtendVote defines a no-op ExtendVote handler. It will always return an +// empty byte slice as the vote extension. +func NoOpExtendVote() + +sdk.ExtendVoteHandler { + return func(_ sdk.Context, _ *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + return &abci.ResponseExtendVote{ + VoteExtension: []byte{ +}}, nil +} +} + +// NoOpVerifyVoteExtensionHandler defines a no-op VerifyVoteExtension handler. It +// will always return an ACCEPT status with no error. +func NoOpVerifyVoteExtensionHandler() + +sdk.VerifyVoteExtensionHandler { + return func(_ sdk.Context, _ *abci.RequestVerifyVoteExtension) (*abci.ResponseVerifyVoteExtension, error) { + return &abci.ResponseVerifyVoteExtension{ + Status: abci.ResponseVerifyVoteExtension_ACCEPT +}, nil +} +} + +// TxSelector defines a helper type that assists in selecting transactions during +// mempool transaction selection in PrepareProposal. It keeps track of the total +// number of bytes and total gas of the selected transactions. It also keeps +// track of the selected transactions themselves. +type TxSelector interface { + // SelectedTxs should return a copy of the selected transactions. + SelectedTxs(ctx context.Context) [][]byte + + // Clear should clear the TxSelector, nulling out all relevant fields. + Clear() + + // SelectTxForProposal should attempt to select a transaction for inclusion in + // a proposal based on inclusion criteria defined by the TxSelector. It must + // return if the caller should halt the transaction selection loop + // (typically over a mempool) + +or otherwise. + SelectTxForProposal(ctx context.Context, maxTxBytes, maxBlockGas uint64, memTx sdk.Tx, txBz []byte) + +bool +} + +type defaultTxSelector struct { + totalTxBytes uint64 + totalTxGas uint64 + selectedTxs [][]byte +} + +func NewDefaultTxSelector() + +TxSelector { + return &defaultTxSelector{ +} +} + +func (ts *defaultTxSelector) + +SelectedTxs(_ context.Context) [][]byte { + txs := make([][]byte, len(ts.selectedTxs)) + +copy(txs, ts.selectedTxs) + +return txs +} + +func (ts *defaultTxSelector) + +Clear() { + ts.totalTxBytes = 0 + ts.totalTxGas = 0 + ts.selectedTxs = nil +} + +func (ts *defaultTxSelector) + +SelectTxForProposal(_ context.Context, maxTxBytes, maxBlockGas uint64, memTx sdk.Tx, txBz []byte) + +bool { + txSize := uint64(cmttypes.ComputeProtoSizeForTxs([]cmttypes.Tx{ + txBz +})) + +var txGasLimit uint64 + if memTx != nil { + if gasTx, ok := memTx.(GasTx); ok { + txGasLimit = gasTx.GetGas() +} + +} + + // only add the transaction to the proposal if we have enough capacity + if (txSize + ts.totalTxBytes) <= maxTxBytes { + // If there is a max block gas limit, add the tx only if the limit has + // not been met. + if maxBlockGas > 0 { + if (txGasLimit + ts.totalTxGas) <= maxBlockGas { + ts.totalTxGas += txGasLimit + ts.totalTxBytes += txSize + ts.selectedTxs = append(ts.selectedTxs, txBz) +} + +} + +else { + ts.totalTxBytes += txSize + ts.selectedTxs = append(ts.selectedTxs, txBz) +} + +} + + // check if we've reached capacity; if so, we cannot select any more transactions + return ts.totalTxBytes >= maxTxBytes || (maxBlockGas > 0 && (ts.totalTxGas >= maxBlockGas)) +} +``` + +This default implementation can be overridden by the application developer in +favor of a custom implementation in [`app_di.go`](/docs/sdk/vnext/build/building-apps/app-go-di): + +```go +prepareOpt := func(app *baseapp.BaseApp) { + abciPropHandler := baseapp.NewDefaultProposalHandler(mempool, app) + +app.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) +} + +baseAppOptions = append(baseAppOptions, prepareOpt) +``` diff --git a/docs/sdk/next/build/abci/process-proposal.mdx b/docs/sdk/next/build/abci/process-proposal.mdx new file mode 100644 index 00000000..2ec594c0 --- /dev/null +++ b/docs/sdk/next/build/abci/process-proposal.mdx @@ -0,0 +1,653 @@ +--- +title: Process Proposal +--- +`ProcessProposal` handles the validation of a proposal from `PrepareProposal`, +which also includes a block header. After a block has been proposed, +the other validators have the right to accept or reject that block. The validator in the +default implementation of `PrepareProposal` runs basic validity checks on each +transaction. + +Note, `ProcessProposal` MUST be deterministic. Non-deterministic behaviors will cause apphash mismatches. +This means that if `ProcessProposal` panics or fails and we reject, all honest validator +processes should reject (i.e., prevote nil). If so, CometBFT will start a new round with a new block proposal and the same cycle will happen with `PrepareProposal` +and `ProcessProposal` for the new proposal. + +Here is the implementation of the default implementation: + +```go expandable +package baseapp + +import ( + + "bytes" + "context" + "fmt" + "slices" + "github.com/cockroachdb/errors" + abci "github.com/cometbft/cometbft/abci/types" + cryptoenc "github.com/cometbft/cometbft/crypto/encoding" + cmtprotocrypto "github.com/cometbft/cometbft/proto/tendermint/crypto" + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + cmttypes "github.com/cometbft/cometbft/types" + protoio "github.com/cosmos/gogoproto/io" + "github.com/cosmos/gogoproto/proto" + "cosmossdk.io/core/comet" + + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/mempool" +) + +type ( + // ValidatorStore defines the interface contract required for verifying vote + // extension signatures. Typically, this will be implemented by the x/staking + // module, which has knowledge of the CometBFT public key. + ValidatorStore interface { + GetPubKeyByConsAddr(context.Context, sdk.ConsAddress) (cmtprotocrypto.PublicKey, error) +} + + // GasTx defines the contract that a transaction with a gas limit must implement. + GasTx interface { + GetGas() + +uint64 +} +) + +// ValidateVoteExtensions defines a helper function for verifying vote extension +// signatures that may be passed or manually injected into a block proposal from +// a proposer in PrepareProposal. It returns an error if any signature is invalid +// or if unexpected vote extensions and/or signatures are found or less than 2/3 +// power is received. +// NOTE: From v0.50.5 `currentHeight` and `chainID` arguments are ignored for fixing an issue. +// They will be removed from the function in v0.51+. +func ValidateVoteExtensions( + ctx sdk.Context, + valStore ValidatorStore, + _ int64, + _ string, + extCommit abci.ExtendedCommitInfo, +) + +error { + // Get values from context + cp := ctx.ConsensusParams() + currentHeight := ctx.HeaderInfo().Height + chainID := ctx.HeaderInfo().ChainID + commitInfo := ctx.CometInfo().GetLastCommit() + + // Check that both extCommit + commit are ordered in accordance with vp/address. + if err := validateExtendedCommitAgainstLastCommit(extCommit, commitInfo); err != nil { + return err +} + + // Start checking vote extensions only **after** the vote extensions enable + // height, because when `currentHeight == VoteExtensionsEnableHeight` + // PrepareProposal doesn't get any vote extensions in its request. + extsEnabled := cp.Abci != nil && currentHeight > cp.Abci.VoteExtensionsEnableHeight && cp.Abci.VoteExtensionsEnableHeight != 0 + marshalDelimitedFn := func(msg proto.Message) ([]byte, error) { + var buf bytes.Buffer + if err := protoio.NewDelimitedWriter(&buf).WriteMsg(msg); err != nil { + return nil, err +} + +return buf.Bytes(), nil +} + +var ( + // Total voting power of all vote extensions. + totalVP int64 + // Total voting power of all validators that submitted valid vote extensions. + sumVP int64 + ) + for _, vote := range extCommit.Votes { + totalVP += vote.Validator.Power + + // Only check + include power if the vote is a commit vote. There must be super-majority, otherwise the + // previous block (the block the vote is for) + +could not have been committed. + if vote.BlockIdFlag != cmtproto.BlockIDFlagCommit { + continue +} + if !extsEnabled { + if len(vote.VoteExtension) > 0 { + return fmt.Errorf("vote extensions disabled; received non-empty vote extension at height %d", currentHeight) +} + if len(vote.ExtensionSignature) > 0 { + return fmt.Errorf("vote extensions disabled; received non-empty vote extension signature at height %d", currentHeight) +} + +continue +} + if len(vote.ExtensionSignature) == 0 { + return fmt.Errorf("vote extensions enabled; received empty vote extension signature at height %d", currentHeight) +} + valConsAddr := sdk.ConsAddress(vote.Validator.Address) + +pubKeyProto, err := valStore.GetPubKeyByConsAddr(ctx, valConsAddr) + if err != nil { + return fmt.Errorf("failed to get validator %X public key: %w", valConsAddr, err) +} + +cmtPubKey, err := cryptoenc.PubKeyFromProto(pubKeyProto) + if err != nil { + return fmt.Errorf("failed to convert validator %X public key: %w", valConsAddr, err) +} + cve := cmtproto.CanonicalVoteExtension{ + Extension: vote.VoteExtension, + Height: currentHeight - 1, // the vote extension was signed in the previous height + Round: int64(extCommit.Round), + ChainId: chainID, +} + +extSignBytes, err := marshalDelimitedFn(&cve) + if err != nil { + return fmt.Errorf("failed to encode CanonicalVoteExtension: %w", err) +} + if !cmtPubKey.VerifySignature(extSignBytes, vote.ExtensionSignature) { + return fmt.Errorf("failed to verify validator %X vote extension signature", valConsAddr) +} + +sumVP += vote.Validator.Power +} + + // This check is probably unnecessary, but better safe than sorry. + if totalVP <= 0 { + return fmt.Errorf("total voting power must be positive, got: %d", totalVP) +} + + // If the sum of the voting power has not reached (2/3 + 1) + +we need to error. + if requiredVP := ((totalVP * 2) / 3) + 1; sumVP < requiredVP { + return fmt.Errorf( + "insufficient cumulative voting power received to verify vote extensions; got: %d, expected: >=%d", + sumVP, requiredVP, + ) +} + +return nil +} + +// validateExtendedCommitAgainstLastCommit validates an ExtendedCommitInfo against a LastCommit. Specifically, +// it checks that the ExtendedCommit + LastCommit (for the same height), are consistent with each other + that +// they are ordered correctly (by voting power) + +in accordance with +// [comet](https://github.com/cometbft/cometbft/blob/4ce0277b35f31985bbf2c25d3806a184a4510010/types/validator_set.go#L784). +func validateExtendedCommitAgainstLastCommit(ec abci.ExtendedCommitInfo, lc comet.CommitInfo) + +error { + // check that the rounds are the same + if ec.Round != lc.Round() { + return fmt.Errorf("extended commit round %d does not match last commit round %d", ec.Round, lc.Round()) +} + + // check that the # of votes are the same + if len(ec.Votes) != lc.Votes().Len() { + return fmt.Errorf("extended commit votes length %d does not match last commit votes length %d", len(ec.Votes), lc.Votes().Len()) +} + + // check sort order of extended commit votes + if !slices.IsSortedFunc(ec.Votes, func(vote1, vote2 abci.ExtendedVoteInfo) + +int { + if vote1.Validator.Power == vote2.Validator.Power { + return bytes.Compare(vote1.Validator.Address, vote2.Validator.Address) // addresses sorted in ascending order (used to break vp conflicts) +} + +return -int(vote1.Validator.Power - vote2.Validator.Power) // vp sorted in descending order +}) { + return fmt.Errorf("extended commit votes are not sorted by voting power") +} + addressCache := make(map[string]struct{ +}, len(ec.Votes)) + // check that consistency between LastCommit and ExtendedCommit + for i, vote := range ec.Votes { + // cache addresses to check for duplicates + if _, ok := addressCache[string(vote.Validator.Address)]; ok { + return fmt.Errorf("extended commit vote address %X is duplicated", vote.Validator.Address) +} + +addressCache[string(vote.Validator.Address)] = struct{ +}{ +} + if !bytes.Equal(vote.Validator.Address, lc.Votes().Get(i).Validator().Address()) { + return fmt.Errorf("extended commit vote address %X does not match last commit vote address %X", vote.Validator.Address, lc.Votes().Get(i).Validator().Address()) +} + if vote.Validator.Power != lc.Votes().Get(i).Validator().Power() { + return fmt.Errorf("extended commit vote power %d does not match last commit vote power %d", vote.Validator.Power, lc.Votes().Get(i).Validator().Power()) +} + +} + +return nil +} + +type ( + // ProposalTxVerifier defines the interface that is implemented by BaseApp, + // that any custom ABCI PrepareProposal and ProcessProposal handler can use + // to verify a transaction. + ProposalTxVerifier interface { + PrepareProposalVerifyTx(tx sdk.Tx) ([]byte, error) + +ProcessProposalVerifyTx(txBz []byte) (sdk.Tx, error) + +TxDecode(txBz []byte) (sdk.Tx, error) + +TxEncode(tx sdk.Tx) ([]byte, error) +} + + // DefaultProposalHandler defines the default ABCI PrepareProposal and + // ProcessProposal handlers. + DefaultProposalHandler struct { + mempool mempool.Mempool + txVerifier ProposalTxVerifier + txSelector TxSelector + signerExtAdapter mempool.SignerExtractionAdapter +} +) + +func NewDefaultProposalHandler(mp mempool.Mempool, txVerifier ProposalTxVerifier) *DefaultProposalHandler { + return &DefaultProposalHandler{ + mempool: mp, + txVerifier: txVerifier, + txSelector: NewDefaultTxSelector(), + signerExtAdapter: mempool.NewDefaultSignerExtractionAdapter(), +} +} + +// SetTxSelector sets the TxSelector function on the DefaultProposalHandler. +func (h *DefaultProposalHandler) + +SetTxSelector(ts TxSelector) { + h.txSelector = ts +} + +// PrepareProposalHandler returns the default implementation for processing an +// ABCI proposal. The application's mempool is enumerated and all valid +// transactions are added to the proposal. Transactions are valid if they: +// +// 1) + +Successfully encode to bytes. +// 2) + +Are valid (i.e. pass runTx, AnteHandler only). +// +// Enumeration is halted once RequestPrepareProposal.MaxBytes of transactions is +// reached or the mempool is exhausted. +// +// Note: +// +// - Step (2) + +is identical to the validation step performed in +// DefaultProcessProposal. It is very important that the same validation logic +// is used in both steps, and applications must ensure that this is the case in +// non-default handlers. +// +// - If no mempool is set or if the mempool is a no-op mempool, the transactions +// requested from CometBFT will simply be returned, which, by default, are in +// FIFO order. +func (h *DefaultProposalHandler) + +PrepareProposalHandler() + +sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + var maxBlockGas uint64 + if b := ctx.ConsensusParams().Block; b != nil { + maxBlockGas = uint64(b.MaxGas) +} + +defer h.txSelector.Clear() + + // If the mempool is nil or NoOp we simply return the transactions + // requested from CometBFT, which, by default, should be in FIFO order. + // + // Note, we still need to ensure the transactions returned respect req.MaxTxBytes. + _, isNoOp := h.mempool.(mempool.NoOpMempool) + if h.mempool == nil || isNoOp { + for _, txBz := range req.Txs { + tx, err := h.txVerifier.TxDecode(txBz) + if err != nil { + return nil, err +} + stop := h.txSelector.SelectTxForProposal(ctx, uint64(req.MaxTxBytes), maxBlockGas, tx, txBz) + if stop { + break +} + +} + +return &abci.ResponsePrepareProposal{ + Txs: h.txSelector.SelectedTxs(ctx) +}, nil +} + selectedTxsSignersSeqs := make(map[string]uint64) + +var ( + resError error + selectedTxsNums int + invalidTxs []sdk.Tx // invalid txs to be removed out of the loop to avoid dead lock + ) + +mempool.SelectBy(ctx, h.mempool, req.Txs, func(memTx sdk.Tx) + +bool { + unorderedTx, ok := memTx.(sdk.TxWithUnordered) + isUnordered := ok && unorderedTx.GetUnordered() + txSignersSeqs := make(map[string]uint64) + + // if the tx is unordered, we don't need to check the sequence, we just add it + if !isUnordered { + signerData, err := h.signerExtAdapter.GetSigners(memTx) + if err != nil { + // propagate the error to the caller + resError = err + return false +} + + // If the signers aren't in selectedTxsSignersSeqs then we haven't seen them before + // so we add them and continue given that we don't need to check the sequence. + shouldAdd := true + for _, signer := range signerData { + seq, ok := selectedTxsSignersSeqs[signer.Signer.String()] + if !ok { + txSignersSeqs[signer.Signer.String()] = signer.Sequence + continue +} + + // If we have seen this signer before in this block, we must make + // sure that the current sequence is seq+1; otherwise is invalid + // and we skip it. + if seq+1 != signer.Sequence { + shouldAdd = false + break +} + +txSignersSeqs[signer.Signer.String()] = signer.Sequence +} + if !shouldAdd { + return true +} + +} + + // NOTE: Since transaction verification was already executed in CheckTx, + // which calls mempool.Insert, in theory everything in the pool should be + // valid. But some mempool implementations may insert invalid txs, so we + // check again. + txBz, err := h.txVerifier.PrepareProposalVerifyTx(memTx) + if err != nil { + invalidTxs = append(invalidTxs, memTx) +} + +else { + stop := h.txSelector.SelectTxForProposal(ctx, uint64(req.MaxTxBytes), maxBlockGas, memTx, txBz) + if stop { + return false +} + txsLen := len(h.txSelector.SelectedTxs(ctx)) + // If the tx is unordered, we don't need to update the sender sequence. + if !isUnordered { + for sender, seq := range txSignersSeqs { + // If txsLen != selectedTxsNums is true, it means that we've + // added a new tx to the selected txs, so we need to update + // the sequence of the sender. + if txsLen != selectedTxsNums { + selectedTxsSignersSeqs[sender] = seq +} + +else if _, ok := selectedTxsSignersSeqs[sender]; !ok { + // The transaction hasn't been added but it passed the + // verification, so we know that the sequence is correct. + // So we set this sender's sequence to seq-1, in order + // to avoid unnecessary calls to PrepareProposalVerifyTx. + selectedTxsSignersSeqs[sender] = seq - 1 +} + +} + +} + +selectedTxsNums = txsLen +} + +return true +}) + if resError != nil { + return nil, resError +} + for _, tx := range invalidTxs { + err := h.mempool.Remove(tx) + if err != nil && !errors.Is(err, mempool.ErrTxNotFound) { + return nil, err +} + +} + +return &abci.ResponsePrepareProposal{ + Txs: h.txSelector.SelectedTxs(ctx) +}, nil +} +} + +// ProcessProposalHandler returns the default implementation for processing an +// ABCI proposal. Every transaction in the proposal must pass 2 conditions: +// +// 1. The transaction bytes must decode to a valid transaction. +// 2. The transaction must be valid (i.e. pass runTx, AnteHandler only) +// +// If any transaction fails to pass either condition, the proposal is rejected. +// Note that step (2) + +is identical to the validation step performed in +// DefaultPrepareProposal. It is very important that the same validation logic +// is used in both steps, and applications must ensure that this is the case in +// non-default handlers. +func (h *DefaultProposalHandler) + +ProcessProposalHandler() + +sdk.ProcessProposalHandler { + // If the mempool is nil or NoOp we simply return ACCEPT, + // because PrepareProposal may have included txs that could fail verification. + _, isNoOp := h.mempool.(mempool.NoOpMempool) + if h.mempool == nil || isNoOp { + return NoOpProcessProposal() +} + +return func(ctx sdk.Context, req *abci.RequestProcessProposal) (*abci.ResponseProcessProposal, error) { + var totalTxGas uint64 + + var maxBlockGas int64 + if b := ctx.ConsensusParams().Block; b != nil { + maxBlockGas = b.MaxGas +} + for _, txBytes := range req.Txs { + tx, err := h.txVerifier.ProcessProposalVerifyTx(txBytes) + if err != nil { + return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_REJECT +}, nil +} + if maxBlockGas > 0 { + gasTx, ok := tx.(GasTx) + if ok { + totalTxGas += gasTx.GetGas() +} + if totalTxGas > uint64(maxBlockGas) { + return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_REJECT +}, nil +} + +} + +} + +return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_ACCEPT +}, nil +} +} + +// NoOpPrepareProposal defines a no-op PrepareProposal handler. It will always +// return the transactions sent by the client's request. +func NoOpPrepareProposal() + +sdk.PrepareProposalHandler { + return func(_ sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + return &abci.ResponsePrepareProposal{ + Txs: req.Txs +}, nil +} +} + +// NoOpProcessProposal defines a no-op ProcessProposal Handler. It will always +// return ACCEPT. +func NoOpProcessProposal() + +sdk.ProcessProposalHandler { + return func(_ sdk.Context, _ *abci.RequestProcessProposal) (*abci.ResponseProcessProposal, error) { + return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_ACCEPT +}, nil +} +} + +// NoOpExtendVote defines a no-op ExtendVote handler. It will always return an +// empty byte slice as the vote extension. +func NoOpExtendVote() + +sdk.ExtendVoteHandler { + return func(_ sdk.Context, _ *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + return &abci.ResponseExtendVote{ + VoteExtension: []byte{ +}}, nil +} +} + +// NoOpVerifyVoteExtensionHandler defines a no-op VerifyVoteExtension handler. It +// will always return an ACCEPT status with no error. +func NoOpVerifyVoteExtensionHandler() + +sdk.VerifyVoteExtensionHandler { + return func(_ sdk.Context, _ *abci.RequestVerifyVoteExtension) (*abci.ResponseVerifyVoteExtension, error) { + return &abci.ResponseVerifyVoteExtension{ + Status: abci.ResponseVerifyVoteExtension_ACCEPT +}, nil +} +} + +// TxSelector defines a helper type that assists in selecting transactions during +// mempool transaction selection in PrepareProposal. It keeps track of the total +// number of bytes and total gas of the selected transactions. It also keeps +// track of the selected transactions themselves. +type TxSelector interface { + // SelectedTxs should return a copy of the selected transactions. + SelectedTxs(ctx context.Context) [][]byte + + // Clear should clear the TxSelector, nulling out all relevant fields. + Clear() + + // SelectTxForProposal should attempt to select a transaction for inclusion in + // a proposal based on inclusion criteria defined by the TxSelector. It must + // return if the caller should halt the transaction selection loop + // (typically over a mempool) + +or otherwise. + SelectTxForProposal(ctx context.Context, maxTxBytes, maxBlockGas uint64, memTx sdk.Tx, txBz []byte) + +bool +} + +type defaultTxSelector struct { + totalTxBytes uint64 + totalTxGas uint64 + selectedTxs [][]byte +} + +func NewDefaultTxSelector() + +TxSelector { + return &defaultTxSelector{ +} +} + +func (ts *defaultTxSelector) + +SelectedTxs(_ context.Context) [][]byte { + txs := make([][]byte, len(ts.selectedTxs)) + +copy(txs, ts.selectedTxs) + +return txs +} + +func (ts *defaultTxSelector) + +Clear() { + ts.totalTxBytes = 0 + ts.totalTxGas = 0 + ts.selectedTxs = nil +} + +func (ts *defaultTxSelector) + +SelectTxForProposal(_ context.Context, maxTxBytes, maxBlockGas uint64, memTx sdk.Tx, txBz []byte) + +bool { + txSize := uint64(cmttypes.ComputeProtoSizeForTxs([]cmttypes.Tx{ + txBz +})) + +var txGasLimit uint64 + if memTx != nil { + if gasTx, ok := memTx.(GasTx); ok { + txGasLimit = gasTx.GetGas() +} + +} + + // only add the transaction to the proposal if we have enough capacity + if (txSize + ts.totalTxBytes) <= maxTxBytes { + // If there is a max block gas limit, add the tx only if the limit has + // not been met. + if maxBlockGas > 0 { + if (txGasLimit + ts.totalTxGas) <= maxBlockGas { + ts.totalTxGas += txGasLimit + ts.totalTxBytes += txSize + ts.selectedTxs = append(ts.selectedTxs, txBz) +} + +} + +else { + ts.totalTxBytes += txSize + ts.selectedTxs = append(ts.selectedTxs, txBz) +} + +} + + // check if we've reached capacity; if so, we cannot select any more transactions + return ts.totalTxBytes >= maxTxBytes || (maxBlockGas > 0 && (ts.totalTxGas >= maxBlockGas)) +} +``` + +Like `PrepareProposal`, this implementation is the default and can be modified by +the application developer in [`app_di.go`](/docs/sdk/vnext/build/building-apps/app-go-di). If you decide to implement +your own `ProcessProposal` handler, you must ensure that the transactions +provided in the proposal DO NOT exceed the maximum block gas and `maxtxbytes` (if set). + +```go +processOpt := func(app *baseapp.BaseApp) { + abciPropHandler := baseapp.NewDefaultProposalHandler(mempool, app) + +app.SetProcessProposal(abciPropHandler.ProcessProposalHandler()) +} + +baseAppOptions = append(baseAppOptions, processOpt) +``` diff --git a/docs/sdk/next/build/abci/vote-extensions.mdx b/docs/sdk/next/build/abci/vote-extensions.mdx new file mode 100644 index 00000000..f7038cae --- /dev/null +++ b/docs/sdk/next/build/abci/vote-extensions.mdx @@ -0,0 +1,128 @@ +--- +title: Vote Extensions +--- + +**Synopsis** +This section describes how the application can define and use vote extensions +defined in ABCI++. + + +## Extend Vote + +ABCI 2.0 (colloquially called ABCI++) allows an application to extend a pre-commit vote with arbitrary data. This process does NOT have to be deterministic, and the data returned can be unique to the +validator process. The Cosmos SDK defines [`baseapp.ExtendVoteHandler`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/types/abci.go#L32): + +```go +type ExtendVoteHandler func(Context, *abci.ExtendVoteRequest) (*abci.ExtendVoteResponse, error) +``` + +An application can set this handler in `app.go` via the `baseapp.SetExtendVoteHandler` +`BaseApp` option function. The `sdk.ExtendVoteHandler`, if defined, is called during +the `ExtendVote` ABCI method. Note, if an application decides to implement +`baseapp.ExtendVoteHandler`, it MUST return a non-nil `VoteExtension`. However, the vote +extension can be empty. See [here](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/spec/abci/abci++_methods.md#extendvote) +for more details. + +There are many decentralized censorship-resistant use cases for vote extensions. +For example, a validator may want to submit prices for a price oracle or encryption +shares for an encrypted transaction mempool. Note, an application should be careful +to consider the size of the vote extensions as they could increase latency in block +production. See [here](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/docs/qa/CometBFT-QA-38.md#vote-extensions-testbed) +for more details. + +Click [here](https://docs.cosmos.network/main/build/abci/vote-extensions) if you would like a walkthrough of how to implement vote extensions. + +## Verify Vote Extension + +Similar to extending a vote, an application can also verify vote extensions from +other validators when validating their pre-commits. For a given vote extension, +this process MUST be deterministic. The Cosmos SDK defines [`sdk.VerifyVoteExtensionHandler`](https://github.com/cosmos/cosmos-sdk/blob/v0.50.1/types/abci.go#L29-L31): + +```go +type VerifyVoteExtensionHandler func(Context, *abci.VerifyVoteExtensionRequest) (*abci.VerifyVoteExtensionResponse, error) +``` + +An application can set this handler in `app.go` via the `baseapp.SetVerifyVoteExtensionHandler` +`BaseApp` option function. The `sdk.VerifyVoteExtensionHandler`, if defined, is called +during the `VerifyVoteExtension` ABCI method. If an application defines a vote +extension handler, it should also define a verification handler. Note, not all +validators will share the same view of what vote extensions they verify depending +on how votes are propagated. See [here](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/spec/abci/abci++_methods.md#verifyvoteextension) +for more details. + +Additionally, please keep in mind that performance can be degraded if vote extensions are too big ([Link](https://docs.cometbft.com/v0.38/qa/cometbft-qa-38#vote-extensions-testbed)), so we highly recommend a size validation in `VerifyVoteExtensions`. + +## Vote Extension Propagation + +The agreed upon vote extensions at height `H` are provided to the proposing validator +at height `H+1` during `PrepareProposal`. As a result, the vote extensions are +not natively provided or exposed to the remaining validators during `ProcessProposal`. +As a result, if an application requires that the agreed upon vote extensions from +height `H` are available to all validators at `H+1`, the application must propagate +these vote extensions manually in the block proposal itself. This can be done by +"injecting" them into the block proposal, since the `Txs` field in `PrepareProposal` +is just a slice of byte slices. + +`FinalizeBlock` will ignore any byte slice that doesn't implement an `sdk.Tx`, so +any injected vote extensions will safely be ignored in `FinalizeBlock`. For more +details on propagation, see the [ABCI++ 2.0 ADR](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-064-abci-2.0.md#vote-extension-propagation--verification). + +### Recovery of injected Vote Extensions + +As stated before, vote extensions can be injected into a block proposal (along with +other transactions in the `Txs` field). The Cosmos SDK provides a pre-FinalizeBlock +hook to allow applications to recover vote extensions, perform any necessary +computation on them, and then store the results in the cached store. These results +will be available to the application during the subsequent `FinalizeBlock` call. + +An example of how a pre-FinalizeBlock hook could look like is shown below: + +```go expandable +app.SetPreBlocker(func(ctx sdk.Context, req *abci.FinalizeBlockRequest) + +error { + allVEs := []VE{ +} // store all parsed vote extensions here + for _, tx := range req.Txs { + // define a custom function that tries to parse the tx as a vote extension + ve, ok := parseVoteExtension(tx) + if !ok { + continue +} + +allVEs = append(allVEs, ve) +} + + // perform any necessary computation on the vote extensions and store the result + // in the cached store + result := compute(allVEs) + err := storeVEResult(ctx, result) + if err != nil { + return err +} + +return nil +}) +``` + +Then, in an app's module, the application can retrieve the result of the computation +of vote extensions from the cached store: + +```go expandable +func (k Keeper) + +BeginBlocker(ctx context.Context) + +error { + // retrieve the result of the computation of vote extensions from the cached store + result, err := k.GetVEResult(ctx) + if err != nil { + return err +} + + // use the result of the computation of vote extensions + k.setSomething(result) + +return nil +} +``` diff --git a/docs/sdk/next/build/architecture/PROCESS.mdx b/docs/sdk/next/build/architecture/PROCESS.mdx new file mode 100644 index 00000000..3ac2986a --- /dev/null +++ b/docs/sdk/next/build/architecture/PROCESS.mdx @@ -0,0 +1,59 @@ +--- +title: ADR Creation Process +--- +1. Copy the `adr-template.md` file. Use the following filename pattern: `adr-next_number-title.md` +2. Create a draft Pull Request if you want to get early feedback. +3. Make sure the context and solution are clear and well documented. +4. Add an entry to the list in the [README](/docs/sdk/vnext/build/architecture/README) file. +5. Create a Pull Request to propose a new ADR. + +## What is an ADR? + +An ADR is a document that documents an implementation and design that may or may not have been discussed in an RFC. While an RFC is meant to replace synchronous communication in a distributed environment, an ADR is meant to document an already made decision. An ADR won't come with much of a communication overhead because the discussion was recorded in an RFC or a synchronous discussion. If the consensus came from a synchronous discussion, then a short excerpt should be added to the ADR to explain the goals. + +## ADR life cycle + +ADR creation is an **iterative** process. Instead of having a high amount of communication overhead, an ADR is used when there is already a decision made and implementation details need to be added. The ADR should document what the collective consensus for the specific issue is and how to solve it. + +1. Every ADR should start with either an RFC or a discussion where consensus has been met. + +2. Once consensus is met, a GitHub Pull Request (PR) is created with a new document based on the `adr-template.md`. + +3. If a *proposed* ADR is merged, then it should clearly document outstanding issues either in ADR document notes or in a GitHub Issue. + +4. The PR SHOULD always be merged. In the case of a faulty ADR, we still prefer to merge it with a *rejected* status. The only time the ADR SHOULD NOT be merged is if the author abandons it. + +5. Merged ADRs SHOULD NOT be pruned. + +### ADR status + +Status has two components: + +```text +{CONSENSUS STATUS} {IMPLEMENTATION STATUS} +``` + +IMPLEMENTATION STATUS is either `Implemented` or `Not Implemented`. + +#### Consensus Status + +```text +DRAFT -> PROPOSED -> LAST CALL yyyy-mm-dd -> ACCEPTED | REJECTED -> SUPERSEDED by ADR-xxx + \ | + \ | + v v + ABANDONED +``` + +* `DRAFT`: \[optional] an ADR which is a work in progress, not ready for a general review. This is to present an early work and get early feedback in a Draft Pull Request form. +* `PROPOSED`: an ADR covering a full solution architecture and still in the review - project stakeholders haven't reached an agreement yet. +* `LAST CALL `: \[optional] Notify that we are close to accepting updates. Changing a status to `LAST CALL` means that social consensus (of Cosmos SDK maintainers) has been reached, and we still want to give it a time to let the community react or analyze. +* `ACCEPTED`: an ADR that represents a currently implemented or to be implemented architecture design. +* `REJECTED`: ADR can go from PROPOSED or ACCEPTED to rejected if the consensus among project stakeholders will decide so. +* `SUPERSEDED by ADR-xxx`: an ADR that has been superseded by a new ADR. +* `ABANDONED`: the ADR is no longer pursued by the original authors. + +## Language used in ADR + +* The context/background should be written in the present tense. +* Avoid using the first person. diff --git a/docs/sdk/next/build/architecture/README.mdx b/docs/sdk/next/build/architecture/README.mdx new file mode 100644 index 00000000..7779d752 --- /dev/null +++ b/docs/sdk/next/build/architecture/README.mdx @@ -0,0 +1,96 @@ +--- +title: Architecture Decision Records (ADR) +description: >- + This is a location to record all high-level architecture decisions in the + Cosmos-SDK. +--- +This is a location to record all high-level architecture decisions in the Cosmos-SDK. + +An Architectural Decision (**AD**) is a software design choice that addresses a functional or non-functional requirement that is architecturally significant. +An Architecturally Significant Requirement (**ASR**) is a requirement that has a measurable effect on a software system’s architecture and quality. +An Architectural Decision Record (**ADR**) captures a single AD, such as is often done when writing personal notes or meeting minutes; the collection of ADRs created and maintained in a project constitute its decision log. All these are within the topic of Architectural Knowledge Management (AKM). + +You can read more about the ADR concept in this [blog post](https://product.reverb.com/documenting-architecture-decisions-the-reverb-way-a3563bb24bd0#.78xhdix6t). + +## Rationale + +ADRs are intended to be the primary mechanism for proposing new feature designs and new processes, for collecting community input on an issue, and for documenting the design decisions. +An ADR should provide: + +* Context on the relevant goals and the current state +* Proposed changes to achieve the goals +* Summary of pros and cons +* References +* Changelog + +Note the distinction between an ADR and a spec. The ADR provides the context, intuition, reasoning, and +justification for a change in architecture, or for the architecture of something +new. The spec is a much more compressed and streamlined summary of everything as +it stands today. + +If recorded decisions turned out to be lacking, convene a discussion, record the new decisions here, and then modify the code to match. + +## Creating a new ADR + +Read about the [PROCESS](/docs/sdk/vnext/build/architecture/PROCESS). + +### Use RFC 2119 Keywords + +When writing ADRs, follow the same best practices for writing RFCs. When writing RFCs, key words are used to signify the requirements in the specification. These words are often capitalized: "MUST," "MUST NOT," "REQUIRED," "SHALL," "SHALL NOT," "SHOULD," "SHOULD NOT," "RECOMMENDED," "MAY," and "OPTIONAL." They are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119). + +## ADR Table of Contents + +### Accepted + +* [ADR 002: SDK Documentation Structure](/docs/sdk/vnext/build/architecture/adr-002-docs-structure) +* [ADR 004: Split Denomination Keys](/docs/sdk/vnext/build/architecture/adr-004-split-denomination-keys) +* [ADR 006: Secret Store Replacement](/docs/sdk/vnext/build/architecture/adr-006-secret-store-replacement) +* [ADR 009: Evidence Module](/docs/sdk/vnext/build/architecture/adr-009-evidence-module) +* [ADR 010: Modular AnteHandler](/docs/sdk/vnext/build/architecture/adr-010-modular-antehandler) +* [ADR 019: Protocol Buffer State Encoding](/docs/sdk/vnext/build/architecture/adr-019-protobuf-state-encoding) +* [ADR 020: Protocol Buffer Transaction Encoding](/docs/sdk/vnext/build/architecture/adr-020-protobuf-transaction-encoding) +* [ADR 021: Protocol Buffer Query Encoding](/docs/sdk/vnext/build/architecture/adr-021-protobuf-query-encoding) +* [ADR 023: Protocol Buffer Naming and Versioning](/docs/sdk/vnext/build/architecture/adr-023-protobuf-naming) +* [ADR 029: Fee Grant Module](/docs/sdk/vnext/build/architecture/adr-029-fee-grant-module) +* [ADR 030: Message Authorization Module](/docs/sdk/vnext/build/architecture/adr-030-authz-module) +* [ADR 031: Protobuf Msg Services](/docs/sdk/vnext/build/architecture/adr-031-msg-service) +* [ADR 055: ORM](/docs/sdk/vnext/build/architecture/adr-055-orm) +* [ADR 058: Auto-Generated CLI](/docs/sdk/vnext/build/architecture/adr-058-auto-generated-cli) +* [ADR 060: ABCI 1.0 (Phase I)](/docs/sdk/vnext/build/architecture/adr-060-abci-1.0) +* [ADR 061: Liquid Staking](/docs/sdk/vnext/build/architecture/adr-061-liquid-staking) + +### Proposed + +* [ADR 003: Dynamic Capability Store](/docs/sdk/vnext/build/architecture/adr-003-dynamic-capability-store) +* [ADR 011: Generalize Genesis Accounts](/docs/sdk/vnext/build/architecture/adr-011-generalize-genesis-accounts) +* [ADR 012: State Accessors](/docs/sdk/vnext/build/architecture/adr-012-state-accessors) +* [ADR 013: Metrics](/docs/sdk/vnext/build/architecture/adr-013-metrics) +* [ADR 016: Validator Consensus Key Rotation](/docs/sdk/vnext/build/architecture/adr-016-validator-consensus-key-rotation) +* [ADR 017: Historical Header Module](/docs/sdk/vnext/build/architecture/adr-017-historical-header-module) +* [ADR 018: Extendable Voting Periods](/docs/sdk/vnext/build/architecture/adr-018-extendable-voting-period) +* [ADR 022: Custom baseapp panic handling](/docs/sdk/vnext/build/architecture/adr-022-custom-panic-handling) +* [ADR 024: Coin Metadata](/docs/sdk/vnext/build/architecture/adr-024-coin-metadata) +* [ADR 027: Deterministic Protobuf Serialization](/docs/sdk/vnext/build/architecture/adr-027-deterministic-protobuf-serialization) +* [ADR 028: Public Key Addresses](/docs/sdk/vnext/build/architecture/adr-028-public-key-addresses) +* [ADR 032: Typed Events](/docs/sdk/vnext/build/architecture/adr-032-typed-events) +* [ADR 033: Inter-module RPC](/docs/sdk/vnext/build/architecture/adr-033-protobuf-inter-module-comm) +* [ADR 035: Rosetta API Support](/docs/sdk/vnext/build/architecture/adr-035-rosetta-api-support) +* [ADR 037: Governance Split Votes](/docs/sdk/vnext/build/architecture/adr-037-gov-split-vote) +* [ADR 038: State Listening](/docs/sdk/vnext/build/architecture/adr-038-state-listening) +* [ADR 039: Epoched Staking](/docs/sdk/vnext/build/architecture/adr-039-epoched-staking) +* [ADR 040: Storage and SMT State Commitments](/docs/sdk/vnext/build/architecture/adr-040-storage-and-smt-state-commitments) +* [ADR 046: Module Params](/docs/sdk/vnext/build/architecture/adr-046-module-params) +* [ADR 054: Semver Compatible SDK Modules](/docs/sdk/vnext/build/architecture/adr-054-semver-compatible-modules) +* [ADR 057: App Wiring](/docs/sdk/vnext/build/architecture/adr-057-app-wiring) +* [ADR 059: Test Scopes](/docs/sdk/vnext/build/architecture/adr-059-test-scopes) +* [ADR 062: Collections State Layer](/docs/sdk/vnext/build/architecture/adr-062-collections-state-layer) +* [ADR 063: Core Module API](/docs/sdk/vnext/build/architecture/adr-063-core-module-api) +* [ADR 065: Store V2](/docs/sdk/vnext/build/architecture/adr-065-store-v2) +* [ADR 076: Transaction Malleability Risk Review and Recommendations](/docs/sdk/vnext/build/architecture/adr-076-tx-malleability) + +### Draft + +* [ADR 044: Guidelines for Updating Protobuf Definitions](/docs/sdk/vnext/build/architecture/adr-044-protobuf-updates-guidelines) +* [ADR 047: Extend Upgrade Plan](/docs/sdk/vnext/build/architecture/adr-047-extend-upgrade-plan) +* [ADR 053: Go Module Refactoring](/docs/sdk/vnext/build/architecture/adr-053-go-module-refactoring) +* [ADR 068: Preblock](/docs/sdk/vnext/build/architecture/adr-068-preblock) diff --git a/docs/sdk/next/build/architecture/adr-002-docs-structure.mdx b/docs/sdk/next/build/architecture/adr-002-docs-structure.mdx new file mode 100644 index 00000000..13d37761 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-002-docs-structure.mdx @@ -0,0 +1,91 @@ +--- +title: 'ADR 002: SDK Documentation Structure' +description: >- + There is a need for a scalable structure of the Cosmos SDK documentation. + Current documentation includes a lot of non-related Cosmos SDK material, is + difficult to maintain and hard to follow as a user. +--- +## Context + +There is a need for a scalable structure of the Cosmos SDK documentation. Current documentation includes a lot of non-related Cosmos SDK material, is difficult to maintain and hard to follow as a user. + +Ideally, we would have: + +* All docs related to dev frameworks or tools live in their respective github repos (sdk repo would contain sdk docs, hub repo would contain hub docs, lotion repo would contain lotion docs, etc.) +* All other docs (faqs, whitepaper, high-level material about Cosmos) would live on the website. + +## Decision + +Re-structure the `/docs` folder of the Cosmos SDK github repo as follows: + +```text expandable +docs/ +├── README +├── intro/ +├── concepts/ +│ ├── baseapp +│ ├── types +│ ├── store +│ ├── server +│ ├── modules/ +│ │ ├── keeper +│ │ ├── handler +│ │ ├── cli +│ ├── gas +│ └── commands +├── clients/ +│ ├── lite/ +│ ├── service-providers +├── modules/ +├── spec/ +├── translations/ +└── architecture/ +``` + +The files in each sub-folders do not matter and will likely change. What matters is the sectioning: + +* `README`: Landing page of the docs. +* `intro`: Introductory material. Goal is to have a short explainer of the Cosmos SDK and then channel people to the resource they need. The [Cosmos SDK tutorial](https://github.com/cosmos/sdk-application-tutorial/) will be highlighted, as well as the `godocs`. +* `concepts`: Contains high-level explanations of the abstractions of the Cosmos SDK. It does not contain specific code implementation and does not need to be updated often. **It is not an API specification of the interfaces**. API spec is the `godoc`. +* `clients`: Contains specs and info about the various Cosmos SDK clients. +* `spec`: Contains specs of modules, and others. +* `modules`: Contains links to `godocs` and the spec of the modules. +* `architecture`: Contains architecture-related docs like the present one. +* `translations`: Contains different translations of the documentation. + +Website docs sidebar will only include the following sections: + +* `README` +* `intro` +* `concepts` +* `clients` + +`architecture` need not be displayed on the website. + +## Status + +Accepted + +## Consequences + +### Positive + +* Much clearer organisation of the Cosmos SDK docs. +* The `/docs` folder now only contains Cosmos SDK and gaia related material. Later, it will only contain Cosmos SDK related material. +* Developers only have to update `/docs` folder when they open a PR (and not `/examples` for example). +* Easier for developers to find what they need to update in the docs thanks to reworked architecture. +* Cleaner vuepress build for website docs. +* Will help build an executable doc (cf [Link](https://github.com/cosmos/cosmos-sdk/issues/2611)) + +### Neutral + +* We need to move a bunch of deprecated stuff to `/_attic` folder. +* We need to integrate content in `docs/sdk/docs/core` in `concepts`. +* We need to move all the content that currently lives in `docs` and does not fit in new structure (like `lotion`, intro material, whitepaper) to the website repository. +* Update `DOCS_README.md` + +## References + +* [Link](https://github.com/cosmos/cosmos-sdk/issues/1460) +* [Link](https://github.com/cosmos/cosmos-sdk/pull/2695) +* [Link](https://github.com/cosmos/cosmos-sdk/issues/2611) diff --git a/docs/sdk/next/build/architecture/adr-003-dynamic-capability-store.mdx b/docs/sdk/next/build/architecture/adr-003-dynamic-capability-store.mdx new file mode 100644 index 00000000..64581b82 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-003-dynamic-capability-store.mdx @@ -0,0 +1,391 @@ +--- +title: 'ADR 3: Dynamic Capability Store' +description: '12 December 2019: Initial version 02 April 2020: Memory Store Revisions' +--- +## Changelog + +* 12 December 2019: Initial version +* 02 April 2020: Memory Store Revisions + +## Context + +Full implementation of the [IBC specification](https://github.com/cosmos/ibc) requires the ability to create and authenticate object-capability keys at runtime (i.e., during transaction execution), +as described in [ICS 5](https://github.com/cosmos/ibc/tree/master/spec/core/ics-005-port-allocation#technical-specification). In the IBC specification, capability keys are created for each newly initialised +port & channel, and are used to authenticate future usage of the port or channel. Since channels and potentially ports can be initialised during transaction execution, the state machine must be able to create +object-capability keys at this time. + +At present, the Cosmos SDK does not have the ability to do this. Object-capability keys are currently pointers (memory addresses) of `StoreKey` structs created at application initialisation in `app.go` ([example](https://github.com/cosmos/gaia/blob/dcbddd9f04b3086c0ad07ee65de16e7adedc7da4/app/app.go#L132)) +and passed to Keepers as fixed arguments ([example](https://github.com/cosmos/gaia/blob/dcbddd9f04b3086c0ad07ee65de16e7adedc7da4/app/app.go#L160)). Keepers cannot create or store capability keys during transaction execution — although they could call `NewKVStoreKey` and take the memory address +of the returned struct, storing this in the Merklised store would result in a consensus fault, since the memory address will be different on each machine (this is intentional — were this not the case, the keys would be predictable and couldn't serve as object capabilities). + +Keepers need a way to keep a private map of store keys which can be altered during transaction execution, along with a suitable mechanism for regenerating the unique memory addresses (capability keys) in this map whenever the application is started or restarted, along with a mechanism to revert capability creation on tx failure. +This ADR proposes such an interface & mechanism. + +## Decision + +The Cosmos SDK will include a new `CapabilityKeeper` abstraction, which is responsible for provisioning, +tracking, and authenticating capabilities at runtime. During application initialisation in `app.go`, +the `CapabilityKeeper` will be hooked up to modules through unique function references +(by calling `ScopeToModule`, defined below) so that it can identify the calling module when later +invoked. + +When the initial state is loaded from disk, the `CapabilityKeeper`'s `Initialise` function will create +new capability keys for all previously allocated capability identifiers (allocated during execution of +past transactions and assigned to particular modes), and keep them in a memory-only store while the +chain is running. + +The `CapabilityKeeper` will include a persistent `KVStore`, a `MemoryStore`, and an in-memory map. +The persistent `KVStore` tracks which capability is owned by which modules. +The `MemoryStore` stores a forward mapping that map from module name, capability tuples to capability names and +a reverse mapping that map from module name, capability name to the capability index. +Since we cannot marshal the capability into a `KVStore` and unmarshal without changing the memory location of the capability, +the reverse mapping in the KVStore will simply map to an index. This index can then be used as a key in the ephemeral +go-map to retrieve the capability at the original memory location. + +The `CapabilityKeeper` will define the following types & functions: + +The `Capability` is similar to `StoreKey`, but has a globally unique `Index()` instead of +a name. A `String()` method is provided for debugging. + +A `Capability` is simply a struct, the address of which is taken for the actual capability. + +```go +type Capability struct { + index uint64 +} +``` + +A `CapabilityKeeper` contains a persistent store key, memory store key, and mapping of allocated module names. + +```go +type CapabilityKeeper struct { + persistentKey StoreKey + memKey StoreKey + capMap map[uint64]*Capability + moduleNames map[string]interface{ +} + +sealed bool +} +``` + +The `CapabilityKeeper` provides the ability to create *scoped* sub-keepers which are tied to a +particular module name. These `ScopedCapabilityKeeper`s must be created at application initialisation +and passed to modules, which can then use them to claim capabilities they receive and retrieve +capabilities which they own by name, in addition to creating new capabilities & authenticating capabilities +passed by other modules. + +```go +type ScopedCapabilityKeeper struct { + persistentKey StoreKey + memKey StoreKey + capMap map[uint64]*Capability + moduleName string +} +``` + +`ScopeToModule` is used to create a scoped sub-keeper with a particular name, which must be unique. +It MUST be called before `InitialiseAndSeal`. + +```go expandable +func (ck CapabilityKeeper) + +ScopeToModule(moduleName string) + +ScopedCapabilityKeeper { + if k.sealed { + panic("cannot scope to module via a sealed capability keeper") +} + if _, ok := k.scopedModules[moduleName]; ok { + panic(fmt.Sprintf("cannot create multiple scoped keepers for the same module name: %s", moduleName)) +} + +k.scopedModules[moduleName] = struct{ +}{ +} + +return ScopedKeeper{ + cdc: k.cdc, + storeKey: k.storeKey, + memKey: k.memKey, + capMap: k.capMap, + module: moduleName, +} +} +``` + +`InitialiseAndSeal` MUST be called exactly once, after loading the initial state and creating all +necessary `ScopedCapabilityKeeper`s, in order to populate the memory store with newly-created +capability keys in accordance with the keys previously claimed by particular modules and prevent the +creation of any new `ScopedCapabilityKeeper`s. + +```go expandable +func (ck CapabilityKeeper) + +InitialiseAndSeal(ctx Context) { + if ck.sealed { + panic("capability keeper is sealed") +} + persistentStore := ctx.KVStore(ck.persistentKey) + map := ctx.KVStore(ck.memKey) + + // initialise memory store for all names in persistent store + for index, value := range persistentStore.Iter() { + capability = &CapabilityKey{ + index: index +} + for moduleAndCapability := range value { + moduleName, capabilityName := moduleAndCapability.Split("/") + +memStore.Set(moduleName + "/fwd/" + capability, capabilityName) + +memStore.Set(moduleName + "/rev/" + capabilityName, index) + +ck.capMap[index] = capability +} + +} + +ck.sealed = true +} +``` + +`NewCapability` can be called by any module to create a new unique, unforgeable object-capability +reference. The newly created capability is automatically persisted; the calling module need not +call `ClaimCapability`. + +```go expandable +func (sck ScopedCapabilityKeeper) + +NewCapability(ctx Context, name string) (Capability, error) { + // check name not taken in memory store + if capStore.Get("rev/" + name) != nil { + return nil, errors.New("name already taken") +} + + // fetch the current index + index := persistentStore.Get("index") + + // create a new capability + capability := &CapabilityKey{ + index: index +} + + // set persistent store + persistentStore.Set(index, Set.singleton(sck.moduleName + "/" + name)) + + // update the index + index++ + persistentStore.Set("index", index) + + // set forward mapping in memory store from capability to name + memStore.Set(sck.moduleName + "/fwd/" + capability, name) + + // set reverse mapping in memory store from name to index + memStore.Set(sck.moduleName + "/rev/" + name, index) + + // set the in-memory mapping from index to capability pointer + capMap[index] = capability + + // return the newly created capability + return capability +} +``` + +`AuthenticateCapability` can be called by any module to check that a capability +does in fact correspond to a particular name (the name can be untrusted user input) +with which the calling module previously associated it. + +```go +func (sck ScopedCapabilityKeeper) + +AuthenticateCapability(name string, capability Capability) + +bool { + // return whether forward mapping in memory store matches name + return memStore.Get(sck.moduleName + "/fwd/" + capability) === name +} +``` + +`ClaimCapability` allows a module to claim a capability key which it has received from another module +so that future `GetCapability` calls will succeed. + +`ClaimCapability` MUST be called if a module which receives a capability wishes to access it by name +in the future. Capabilities are multi-owner, so if multiple modules have a single `Capability` reference, +they will all own it. + +```go expandable +func (sck ScopedCapabilityKeeper) + +ClaimCapability(ctx Context, capability Capability, name string) + +error { + persistentStore := ctx.KVStore(sck.persistentKey) + + // set forward mapping in memory store from capability to name + memStore.Set(sck.moduleName + "/fwd/" + capability, name) + + // set reverse mapping in memory store from name to capability + memStore.Set(sck.moduleName + "/rev/" + name, capability) + + // update owner set in persistent store + owners := persistentStore.Get(capability.Index()) + +owners.add(sck.moduleName + "/" + name) + +persistentStore.Set(capability.Index(), owners) +} +``` + +`GetCapability` allows a module to fetch a capability which it has previously claimed by name. +The module is not allowed to retrieve capabilities which it does not own. + +```go +func (sck ScopedCapabilityKeeper) + +GetCapability(ctx Context, name string) (Capability, error) { + // fetch the index of capability using reverse mapping in memstore + index := memStore.Get(sck.moduleName + "/rev/" + name) + + // fetch capability from go-map using index + capability := capMap[index] + + // return the capability + return capability +} +``` + +`ReleaseCapability` allows a module to release a capability which it had previously claimed. If no +more owners exist, the capability will be deleted globally. + +```go expandable +func (sck ScopedCapabilityKeeper) + +ReleaseCapability(ctx Context, capability Capability) + +err { + persistentStore := ctx.KVStore(sck.persistentKey) + name := capStore.Get(sck.moduleName + "/fwd/" + capability) + if name == nil { + return error("capability not owned by module") +} + + // delete forward mapping in memory store + memoryStore.Delete(sck.moduleName + "/fwd/" + capability, name) + + // delete reverse mapping in memory store + memoryStore.Delete(sck.moduleName + "/rev/" + name, capability) + + // update owner set in persistent store + owners := persistentStore.Get(capability.Index()) + +owners.remove(sck.moduleName + "/" + name) + if owners.size() > 0 { + // there are still other owners, keep the capability around + persistentStore.Set(capability.Index(), owners) +} + +else { + // no more owners, delete the capability + persistentStore.Delete(capability.Index()) + +delete(capMap[capability.Index()]) +} +} +``` + +### Usage patterns + +#### Initialisation + +Any modules which use dynamic capabilities must be provided a `ScopedCapabilityKeeper` in `app.go`: + +```go +ck := NewCapabilityKeeper(persistentKey, memoryKey) + +mod1Keeper := NewMod1Keeper(ck.ScopeToModule("mod1"), ....) + +mod2Keeper := NewMod2Keeper(ck.ScopeToModule("mod2"), ....) + +// other initialisation logic ... + +// load initial state... + +ck.InitialiseAndSeal(initialContext) +``` + +#### Creating, passing, claiming and using capabilities + +Consider the case where `mod1` wants to create a capability, associate it with a resource (e.g. an IBC channel) by name, then pass it to `mod2` which will use it later: + +Module 1 would have the following code: + +```go +capability := scopedCapabilityKeeper.NewCapability(ctx, "resourceABC") + +mod2Keeper.SomeFunction(ctx, capability, args...) +``` + +`SomeFunction`, running in module 2, could then claim the capability: + +```go +func (k Mod2Keeper) + +SomeFunction(ctx Context, capability Capability) { + k.sck.ClaimCapability(ctx, capability, "resourceABC") + // other logic... +} +``` + +Later on, module 2 can retrieve that capability by name and pass it to module 1, which will authenticate it against the resource: + +```go +func (k Mod2Keeper) + +SomeOtherFunction(ctx Context, name string) { + capability := k.sck.GetCapability(ctx, name) + +mod1.UseResource(ctx, capability, "resourceABC") +} +``` + +Module 1 will then check that this capability key is authenticated to use the resource before allowing module 2 to use it: + +```go +func (k Mod1Keeper) + +UseResource(ctx Context, capability Capability, resource string) { + if !k.sck.AuthenticateCapability(name, capability) { + return errors.New("unauthenticated") +} + // do something with the resource +} +``` + +If module 2 passed the capability key to module 3, module 3 could then claim it and call module 1 just like module 2 did +(in which case module 1, module 2, and module 3 would all be able to use this capability). + +## Status + +Proposed. + +## Consequences + +### Positive + +* Dynamic capability support. +* Allows CapabilityKeeper to return same capability pointer from go-map while reverting any writes to the persistent `KVStore` and in-memory `MemoryStore` on tx failure. + +### Negative + +* Requires an additional keeper. +* Some overlap with existing `StoreKey` system (in the future they could be combined, since this is a superset functionality-wise). +* Requires an extra level of indirection in the reverse mapping, since MemoryStore must map to index which must then be used as key in a go map to retrieve the actual capability + +### Neutral + +(none known) + +## References + +* [Original discussion](https://github.com/cosmos/cosmos-sdk/pull/5230#discussion_r343978513) diff --git a/docs/sdk/next/build/architecture/adr-004-split-denomination-keys.mdx b/docs/sdk/next/build/architecture/adr-004-split-denomination-keys.mdx new file mode 100644 index 00000000..16405824 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-004-split-denomination-keys.mdx @@ -0,0 +1,128 @@ +--- +title: 'ADR 004: Split Denomination Keys' +description: >- + 2020-01-08: Initial version 2020-01-09: Alterations to handle vesting accounts + 2020-01-14: Updates from review feedback 2020-01-30: Updates from + implementation +--- +## Changelog + +* 2020-01-08: Initial version +* 2020-01-09: Alterations to handle vesting accounts +* 2020-01-14: Updates from review feedback +* 2020-01-30: Updates from implementation + +### Glossary + +* denom / denomination key -- unique token identifier. + +## Context + +With permissionless IBC, anyone will be able to send arbitrary denominations to any other account. Currently, all non-zero balances are stored along with the account in an `sdk.Coins` struct, which creates a potential denial-of-service concern, as too many denominations will become expensive to load & store each time the account is modified. See issues [5467](https://github.com/cosmos/cosmos-sdk/issues/5467) and [4982](https://github.com/cosmos/cosmos-sdk/issues/4982) for additional context. + +Simply rejecting incoming deposits after a denomination count limit doesn't work, since it opens up a griefing vector: someone could send a user lots of nonsensical coins over IBC, and then prevent the user from receiving real denominations (such as staking rewards). + +## Decision + +Balances shall be stored per-account & per-denomination under a denomination- and account-unique key, thus enabling O(1) read & write access to the balance of a particular account in a particular denomination. + +### Account interface (x/auth) + +`GetCoins()` and `SetCoins()` will be removed from the account interface, since coin balances will +now be stored in & managed by the bank module. + +The vesting account interface will replace `SpendableCoins` in favor of `LockedCoins` which does +not require the account balance anymore. In addition, `TrackDelegation()` will now accept the +account balance of all tokens denominated in the vesting balance instead of loading the entire +account balance. + +Vesting accounts will continue to store original vesting, delegated free, and delegated +vesting coins (which is safe since these cannot contain arbitrary denominations). + +### Bank keeper (x/bank) + +The following APIs will be added to the `x/bank` keeper: + +* `GetAllBalances(ctx Context, addr AccAddress) Coins` +* `GetBalance(ctx Context, addr AccAddress, denom string) Coin` +* `SetBalance(ctx Context, addr AccAddress, coin Coin)` +* `LockedCoins(ctx Context, addr AccAddress) Coins` +* `SpendableCoins(ctx Context, addr AccAddress) Coins` + +Additional APIs may be added to facilitate iteration and auxiliary functionality not essential to +core functionality or persistence. + +Balances will be stored first by the address, then by the denomination (the reverse is also possible, +but retrieval of all balances for a single account is presumed to be more frequent): + +```go expandable +var BalancesPrefix = []byte("balances") + +func (k Keeper) + +SetBalance(ctx Context, addr AccAddress, balance Coin) + +error { + if !balance.IsValid() { + return err +} + store := ctx.KVStore(k.storeKey) + balancesStore := prefix.NewStore(store, BalancesPrefix) + accountStore := prefix.NewStore(balancesStore, addr.Bytes()) + bz := Marshal(balance) + +accountStore.Set([]byte(balance.Denom), bz) + +return nil +} +``` + +This will result in the balances being indexed by the byte representation of +`balances/{address}/{denom}`. + +`DelegateCoins()` and `UndelegateCoins()` will be altered to only load each individual +account balance by denomination found in the (un)delegation amount. As a result, +any mutations to the account balance will be made by denomination. + +`SubtractCoins()` and `AddCoins()` will be altered to read & write the balances +directly instead of calling `GetCoins()` / `SetCoins()` (which no longer exist). + +`trackDelegation()` and `trackUndelegation()` will be altered to no longer update +account balances. + +External APIs will need to scan all balances under an account to retain backwards-compatibility. It +is advised that these APIs use `GetBalance` and `SetBalance` instead of `GetAllBalances` when +possible as to not load the entire account balance. + +### Supply module + +The supply module, in order to implement the total supply invariant, will now need +to scan all accounts & call `GetAllBalances` using the `x/bank` Keeper, then sum +the balances and check that they match the expected total supply. + +## Status + +Accepted. + +## Consequences + +### Positive + +* O(1) reads & writes of balances (with respect to the number of denominations for + which an account has non-zero balances). Note, this does not relate to the actual + I/O cost, rather the total number of direct reads needed. + +### Negative + +* Slightly less efficient reads/writes when reading & writing all balances of a + single account in a transaction. + +### Neutral + +None in particular. + +## References + +* Ref: [Link](https://github.com/cosmos/cosmos-sdk/issues/4982) +* Ref: [Link](https://github.com/cosmos/cosmos-sdk/issues/5467) +* Ref: [Link](https://github.com/cosmos/cosmos-sdk/issues/5492) diff --git a/docs/sdk/next/build/architecture/adr-006-secret-store-replacement.mdx b/docs/sdk/next/build/architecture/adr-006-secret-store-replacement.mdx new file mode 100644 index 00000000..ed663227 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-006-secret-store-replacement.mdx @@ -0,0 +1,58 @@ +--- +title: 'ADR 006: Secret Store Replacement' +description: >- + July 29th, 2019: Initial draft September 11th, 2019: Work has started November + 4th: Cosmos SDK changes merged in November 18th: Gaia changes merged in +--- +## Changelog + +* July 29th, 2019: Initial draft +* September 11th, 2019: Work has started +* November 4th: Cosmos SDK changes merged in +* November 18th: Gaia changes merged in + +## Context + +Currently, a Cosmos SDK application's CLI directory stores key material and metadata in a plain text database in the user’s home directory. Key material is encrypted by a passphrase, protected by bcrypt hashing algorithm. Metadata (e.g. addresses, public keys, key storage details) is available in plain text. + +This is not desirable for a number of reasons. Perhaps the biggest reason is insufficient security protection of key material and metadata. Leaking the plain text allows an attacker to surveil what keys a given computer controls via a number of techniques, like compromised dependencies without any privilege execution. This could be followed by a more targeted attack on a particular user/computer. + +All modern desktop computers OS (Ubuntu, Debian, MacOS, Windows) provide a built-in secret store that is designed to allow applications to store information that is isolated from all other applications and requires passphrase entry to access the data. + +We are seeking solution that provides a common abstraction layer to the many different backends and reasonable fallback for minimal platforms that don’t provide a native secret store. + +## Decision + +We recommend replacing the current Keybase backend based on LevelDB with [Keyring](https://github.com/99designs/keyring) by 99 designs. This application is designed to provide a common abstraction and uniform interface between many secret stores and is used by AWS Vault application by 99-designs application. + +This appears to fulfill the requirement of protecting both key material and metadata from rogue software on a user’s machine. + +## Status + +Accepted + +## Consequences + +### Positive + +Increased safety for users. + +### Negative + +Users must manually migrate. + +Testing against all supported backends is difficult. + +Running tests locally on a Mac require numerous repetitive password entries. + +### Neutral + +`{neutral consequences}` + +## References + +* \#4754 Switch secret store to the keyring secret store (original PR by @poldsam) \[**CLOSED**] +* \#5029 Add support for github.com/99designs/keyring-backed keybases \[**MERGED**] +* \#5097 Add keys migrate command \[**MERGED**] +* \#5180 Drop on-disk keybase in favor of keyring \[*PENDING\_REVIEW*] +* cosmos/gaia#164 Drop on-disk keybase in favor of keyring (gaia's changes) \[*PENDING\_REVIEW*] diff --git a/docs/sdk/next/build/architecture/adr-007-specialization-groups.mdx b/docs/sdk/next/build/architecture/adr-007-specialization-groups.mdx new file mode 100644 index 00000000..faa07d9f --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-007-specialization-groups.mdx @@ -0,0 +1,197 @@ +--- +title: 'ADR 007: Specialization Groups' +description: '2019 Jul 31: Initial Draft' +--- +## Changelog + +* 2019 Jul 31: Initial Draft + +## Context + +This idea was first conceived of in order to fulfill the use case of the +creation of a decentralized Computer Emergency Response Team (dCERT), whose +members would be elected by a governing community and would fulfill the role of +coordinating the community under emergency situations. This thinking +can be further abstracted into the conception of "blockchain specialization +groups". + +The creation of these groups are the beginning of specialization capabilities +within a wider blockchain community which could be used to enable a certain +level of delegated responsibilities. Examples of specialization which could be +beneficial to a blockchain community include: code auditing, emergency response, +code development etc. This type of community organization paves the way for +individual stakeholders to delegate votes by issue type, if in the future +governance proposals include a field for issue type. + +## Decision + +A specialization group can be broadly broken down into the following functions +(herein containing examples): + +* Membership Admittance +* Membership Acceptance +* Membership Revocation + * (probably) Without Penalty + * member steps down (self-Revocation) + * replaced by new member from governance + * (probably) With Penalty + * due to breach of soft-agreement (determined through governance) + * due to breach of hard-agreement (determined by code) +* Execution of Duties + * Special transactions which only execute for members of a specialization + group (for example, dCERT members voting to turn off transaction routes in + an emergency scenario) +* Compensation + * Group compensation (further distribution decided by the specialization group) + * Individual compensation for all constituents of a group from the + greater community + +Membership admittance to a specialization group could take place over a wide +variety of mechanisms. The most obvious example is through a general vote among +the entire community, however in certain systems a community may want to allow +the members already in a specialization group to internally elect new members, +or maybe the community may assign a permission to a particular specialization +group to appoint members to other 3rd party groups. The sky is really the limit +as to how membership admittance can be structured. We attempt to capture +some of these possibilities in a common interface dubbed the `Electionator`. For +its initial implementation as a part of this ADR we recommend that the general +election abstraction (`Electionator`) is provided as well as a basic +implementation of that abstraction which allows for a continuous election of +members of a specialization group. + +```golang expandable +// The Electionator abstraction covers the concept space for +// a wide variety of election kinds. +type Electionator interface { + + // is the election object accepting votes. + Active() + +bool + + // functionality to execute for when a vote is cast in this election, here + // the vote field is anticipated to be marshalled into a vote type used + // by an election. + // + // NOTE There are no explicit ids here. Just votes which pertain specifically + // to one electionator. Anyone can create and send a vote to the electionator item + // which will presumably attempt to marshal those bytes into a particular struct + // and apply the vote information in some arbitrary way. There can be multiple + // Electionators within the Cosmos-Hub for multiple specialization groups, votes + // would need to be routed to the Electionator upstream of here. + Vote(addr sdk.AccAddress, vote []byte) + + // here lies all functionality to authenticate and execute changes for + // when a member accepts being elected + AcceptElection(sdk.AccAddress) + + // Register a revoker object + RegisterRevoker(Revoker) + + // No more revokers may be registered after this function is called + SealRevokers() + + // register hooks to call when an election actions occur + RegisterHooks(ElectionatorHooks) + + // query for the current winner(s) + +of this election based on arbitrary + // election ruleset + QueryElected() []sdk.AccAddress + + // query metadata for an address in the election this + // could include for example position that an address + // is being elected for within a group + // + // this metadata may be directly related to + // voting information and/or privileges enabled + // to members within a group. + QueryMetadata(sdk.AccAddress) []byte +} + +// ElectionatorHooks, once registered with an Electionator, +// trigger execution of relevant interface functions when +// Electionator events occur. +type ElectionatorHooks interface { + AfterVoteCast(addr sdk.AccAddress, vote []byte) + +AfterMemberAccepted(addr sdk.AccAddress) + +AfterMemberRevoked(addr sdk.AccAddress, cause []byte) +} + +// Revoker defines the function required for a membership revocation rule-set +// used by a specialization group. This could be used to create self revoking, +// and evidence based revoking, etc. Revokers types may be created and +// reused for different election types. +// +// When revoking the "cause" bytes may be arbitrarily marshalled into evidence, +// memos, etc. +type Revoker interface { + RevokeName() + +string // identifier for this revoker type + RevokeMember(addr sdk.AccAddress, cause []byte) + +error +} +``` + +Certain level of commonality likely exists between the existing code within +`x/governance` and required functionality of elections. This common +functionality should be abstracted during implementation. Similarly for each +vote implementation client CLI/REST functionality should be abstracted +to be reused for multiple elections. + +The specialization group abstraction firstly extends the `Electionator` +but also further defines traits of the group. + +```golang expandable +type SpecializationGroup interface { + Electionator + GetName() + +string + GetDescription() + +string + + // general soft contract the group is expected + // to fulfill with the greater community + GetContract() + +string + + // messages which can be executed by the members of the group + Handler(ctx sdk.Context, msg sdk.Msg) + +sdk.Result + + // logic to be executed at endblock, this may for instance + // include payment of a stipend to the group members + // for participation in the security group. + EndBlocker(ctx sdk.Context) +} +``` + +## Status + +> Proposed + +## Consequences + +### Positive + +* increases specialization capabilities of a blockchain +* improve abstractions in `x/gov/` such that they can be used with specialization groups + +### Negative + +* could be used to increase centralization within a community + +### Neutral + +## References + +* [dCERT ADR](/docs/sdk/vnext/build/architecture/adr-008-dCERT-group) diff --git a/docs/sdk/next/build/architecture/adr-008-dCERT-group.mdx b/docs/sdk/next/build/architecture/adr-008-dCERT-group.mdx new file mode 100644 index 00000000..9f115076 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-008-dCERT-group.mdx @@ -0,0 +1,173 @@ +--- +title: 'ADR 008: Decentralized Computer Emergency Response Team (dCERT) Group' +description: '2019 Jul 31: Initial Draft' +--- +## Changelog + +* 2019 Jul 31: Initial Draft + +## Context + +In order to reduce the number of parties involved with handling sensitive +information in an emergency scenario, we propose the creation of a +specialization group named The Decentralized Computer Emergency Response Team +(dCERT). Initially this group's role is intended to serve as coordinators +between various actors within a blockchain community such as validators, +bug-hunters, and developers. During a time of crisis, the dCERT group would +aggregate and relay input from a variety of stakeholders to the developers who +are actively devising a patch to the software, this way sensitive information +does not need to be publicly disclosed while some input from the community can +still be gained. + +Additionally, a special privilege is proposed for the dCERT group: the capacity +to "circuit-break" (aka. temporarily disable) a particular message path. Note +that this privilege should be enabled/disabled globally with a governance +parameter such that this privilege could start disabled and later be enabled +through a parameter change proposal, once a dCERT group has been established. + +In the future it is foreseeable that the community may wish to expand the roles +of dCERT with further responsibilities such as the capacity to "pre-approve" a +security update on behalf of the community prior to a full community +wide vote whereby the sensitive information would be revealed prior to a +vulnerability being patched on the live network. + +## Decision + +The dCERT group is proposed to include an implementation of a `SpecializationGroup` +as defined in [ADR 007](/docs/sdk/vnext/build/architecture/adr-007-specialization-groups). This will include the +implementation of: + +* continuous voting +* slashing due to breach of soft contract +* revoking a member due to breach of soft contract +* emergency disband of the entire dCERT group (ex. for colluding maliciously) +* compensation stipend from the community pool or other means decided by + governance + +This system necessitates the following new parameters: + +* blockly stipend allowance per dCERT member +* maximum number of dCERT members +* required staked slashable tokens for each dCERT member +* quorum for suspending a particular member +* proposal wager for disbanding the dCERT group +* stabilization period for dCERT member transition +* circuit break dCERT privileges enabled + +These parameters are expected to be implemented through the param keeper such +that governance may change them at any given point. + +### Continuous Voting Electionator + +An `Electionator` object is to be implemented as continuous voting and with the +following specifications: + +* All delegation addresses may submit votes at any point which updates their + preferred representation on the dCERT group. +* Preferred representation may be arbitrarily split between addresses (ex. 50% + to John, 25% to Sally, 25% to Carol) +* In order for a new member to be added to the dCERT group they must + send a transaction accepting their admission at which point the validity of + their admission is to be confirmed. + * A sequence number is assigned when a member is added to dCERT group. + If a member leaves the dCERT group and then enters back, a new sequence number + is assigned. +* Addresses which control the greatest amount of preferred-representation are + eligible to join the dCERT group (up the *maximum number of dCERT members*). + If the dCERT group is already full and new member is admitted, the existing + dCERT member with the lowest amount of votes is kicked from the dCERT group. + * In the split situation where the dCERT group is full but a vying candidate + has the same amount of vote as an existing dCERT member, the existing + member should maintain its position. + * In the split situation where somebody must be kicked out but the two + addresses with the smallest number of votes have the same number of votes, + the address with the smallest sequence number maintains its position. +* A stabilization period can be optionally included to reduce the + "flip-flopping" of the dCERT membership tail members. If a stabilization + period is provided which is greater than 0, when members are kicked due to + insufficient support, a queue entry is created which documents which member is + to replace which other member. While this entry is in the queue, no new entries + to kick that same dCERT member can be made. When the entry matures at the + duration of the stabilization period, the new member is instantiated, and old + member kicked. + +### Staking/Slashing + +All members of the dCERT group must stake tokens *specifically* to maintain +eligibility as a dCERT member. These tokens can be staked directly by the vying +dCERT member or out of the good will of a 3rd party (who shall gain no on-chain +benefits for doing so). This staking mechanism should use the existing global +unbonding time of tokens staked for network validator security. A dCERT member +can *only be* a member if it has the required tokens staked under this +mechanism. If those tokens are unbonded then the dCERT member must be +automatically kicked from the group. + +Slashing of a particular dCERT member due to soft-contract breach should be +performed by governance on a per member basis based on the magnitude of the +breach. The process flow is anticipated to be that a dCERT member is suspended +by the dCERT group prior to being slashed by governance. + +Membership suspension by the dCERT group takes place through a voting procedure +by the dCERT group members. After this suspension has taken place, a governance +proposal to slash the dCERT member must be submitted, if the proposal is not +approved by the time the rescinding member has completed unbonding their +tokens, then the tokens are no longer staked and unable to be slashed. + +Additionally in the case of an emergency situation of a colluding and malicious +dCERT group, the community needs the capability to disband the entire dCERT +group and likely fully slash them. This could be achieved though a special new +proposal type (implemented as a general governance proposal) which would halt +the functionality of the dCERT group until the proposal was concluded. This +special proposal type would likely need to also have a fairly large wager which +could be slashed if the proposal creator was malicious. The reason a large +wager should be required is because as soon as the proposal is made, the +capability of the dCERT group to halt message routes is put on temporarily +suspended, meaning that a malicious actor who created such a proposal could +then potentially exploit a bug during this period of time, with no dCERT group +capable of shutting down the exploitable message routes. + +### dCERT membership transactions + +Active dCERT members + +* change of the description of the dCERT group +* circuit break a message route +* vote to suspend a dCERT member. + +Here circuit-breaking refers to the capability to disable a groups of messages, +This could for instance mean: "disable all staking-delegation messages", or +"disable all distribution messages". This could be accomplished by verifying +that the message route has not been "circuit-broken" at CheckTx time (in +`baseapp/baseapp.go`). + +"unbreaking" a circuit is anticipated only to occur during a hard fork upgrade +meaning that no capability to unbreak a message route on a live chain is +required. + +Note also, that if there was a problem with governance voting (for instance a +capability to vote many times) then governance would be broken and should be +halted with this mechanism, it would be then up to the validator set to +coordinate and hard-fork upgrade to a patched version of the software where +governance is re-enabled (and fixed). If the dCERT group abuses this privilege +they should all be severely slashed. + +## Status + +Proposed + +## Consequences + +### Positive + +* Potential to reduces the number of parties to coordinate with during an emergency +* Reduction in possibility of disclosing sensitive information to malicious parties + +### Negative + +* Centralization risks + +### Neutral + +## References + +[Specialization Groups ADR](/docs/sdk/vnext/build/architecture/adr-007-specialization-groups) diff --git a/docs/sdk/next/build/architecture/adr-009-evidence-module.mdx b/docs/sdk/next/build/architecture/adr-009-evidence-module.mdx new file mode 100644 index 00000000..a05c79e2 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-009-evidence-module.mdx @@ -0,0 +1,217 @@ +--- +title: 'ADR 009: Evidence Module' +description: '2019 July 31: Initial draft 2019 October 24: Initial implementation' +--- +## Changelog + +* 2019 July 31: Initial draft +* 2019 October 24: Initial implementation + +## Status + +Accepted + +## Context + +In order to support building highly secure, robust and interoperable blockchain +applications, it is vital for the Cosmos SDK to expose a mechanism in which arbitrary +evidence can be submitted, evaluated and verified resulting in some agreed upon +penalty for any misbehavior committed by a validator, such as equivocation (double-voting), +signing when unbonded, signing an incorrect state transition (in the future), etc. +Furthermore, such a mechanism is paramount for any +[IBC](https://github.com/cosmos/ics/blob/master/ibc/2_IBC_ARCHITECTURE.md) or +cross-chain validation protocol implementation in order to support the ability +for any misbehavior to be relayed back from a collateralized chain to a primary +chain so that the equivocating validator(s) can be slashed. + +## Decision + +We will implement an evidence module in the Cosmos SDK supporting the following +functionality: + +* Provide developers with the abstractions and interfaces necessary to define + custom evidence messages, message handlers, and methods to slash and penalize + accordingly for misbehavior. +* Support the ability to route evidence messages to handlers in any module to + determine the validity of submitted misbehavior. +* Support the ability, through governance, to modify slashing penalties of any + evidence type. +* Querier implementation to support querying params, evidence types, params, and + all submitted valid misbehavior. + +### Types + +First, we define the `Evidence` interface type. The `x/evidence` module may implement +its own types that can be used by many chains (e.g. `CounterFactualEvidence`). +In addition, other modules may implement their own `Evidence` types in a similar +manner in which governance is extensible. It is important to note any concrete +type implementing the `Evidence` interface may include arbitrary fields such as +an infraction time. We want the `Evidence` type to remain as flexible as possible. + +When submitting evidence to the `x/evidence` module, the concrete type must provide +the validator's consensus address, which should be known by the `x/slashing` +module (assuming the infraction is valid), the height at which the infraction +occurred and the validator's power at same height in which the infraction occurred. + +```go expandable +type Evidence interface { + Route() + +string + Type() + +string + String() + +string + Hash() + +HexBytes + ValidateBasic() + +error + + // The consensus address of the malicious validator at time of infraction + GetConsensusAddress() + +ConsAddress + + // Height at which the infraction occurred + GetHeight() + +int64 + + // The total power of the malicious validator at time of infraction + GetValidatorPower() + +int64 + + // The total validator set power at time of infraction + GetTotalPower() + +int64 +} +``` + +### Routing & Handling + +Each `Evidence` type must map to a specific unique route and be registered with +the `x/evidence` module. It accomplishes this through the `Router` implementation. + +```go +type Router interface { + AddRoute(r string, h Handler) + +Router + HasRoute(r string) + +bool + GetRoute(path string) + +Handler + Seal() +} +``` + +Upon successful routing through the `x/evidence` module, the `Evidence` type +is passed through a `Handler`. This `Handler` is responsible for executing all +corresponding business logic necessary for verifying the evidence as valid. In +addition, the `Handler` may execute any necessary slashing and potential jailing. +Since slashing fractions will typically result from some form of static functions, +allow the `Handler` to do this provides the greatest flexibility. An example could +be `k * evidence.GetValidatorPower()` where `k` is an on-chain parameter controlled +by governance. The `Evidence` type should provide all the external information +necessary in order for the `Handler` to make the necessary state transitions. +If no error is returned, the `Evidence` is considered valid. + +```go +type Handler func(Context, Evidence) + +error +``` + +### Submission + +`Evidence` is submitted through a `MsgSubmitEvidence` message type which is internally +handled by the `x/evidence` module's `SubmitEvidence`. + +```go expandable +type MsgSubmitEvidence struct { + Evidence +} + +func handleMsgSubmitEvidence(ctx Context, keeper Keeper, msg MsgSubmitEvidence) + +Result { + if err := keeper.SubmitEvidence(ctx, msg.Evidence); err != nil { + return err.Result() +} + + // emit events... + + return Result{ + // ... +} +} +``` + +The `x/evidence` module's keeper is responsible for matching the `Evidence` against +the module's router and invoking the corresponding `Handler` which may include +slashing and jailing the validator. Upon success, the submitted evidence is persisted. + +```go +func (k Keeper) + +SubmitEvidence(ctx Context, evidence Evidence) + +error { + handler := keeper.router.GetRoute(evidence.Route()) + if err := handler(ctx, evidence); err != nil { + return ErrInvalidEvidence(keeper.codespace, err) +} + +keeper.setEvidence(ctx, evidence) + +return nil +} +``` + +### Genesis + +Finally, we need to represent the genesis state of the `x/evidence` module. The +module only needs a list of all submitted valid infractions and any necessary params +for which the module needs in order to handle submitted evidence. The `x/evidence` +module will naturally define and route native evidence types for which it'll most +likely need slashing penalty constants for. + +```go +type GenesisState struct { + Params Params + Infractions []Evidence +} +``` + +## Consequences + +### Positive + +* Allows the state machine to process misbehavior submitted on-chain and penalize + validators based on agreed upon slashing parameters. +* Allows evidence types to be defined and handled by any module. This further allows + slashing and jailing to be defined by more complex mechanisms. +* Does not solely rely on Tendermint to submit evidence. + +### Negative + +* No easy way to introduce new evidence types through governance on a live chain + due to the inability to introduce the new evidence type's corresponding handler + +### Neutral + +* Should we persist infractions indefinitely? Or should we rather rely on events? + +## References + +* [ICS](https://github.com/cosmos/ics) +* [IBC Architecture](https://github.com/cosmos/ics/blob/master/ibc/1_IBC_ARCHITECTURE.md) +* [Tendermint Fork Accountability](https://github.com/tendermint/spec/blob/7b3138e69490f410768d9b1ffc7a17abc23ea397/spec/consensus/fork-accountability.md) diff --git a/docs/sdk/next/build/architecture/adr-010-modular-antehandler.mdx b/docs/sdk/next/build/architecture/adr-010-modular-antehandler.mdx new file mode 100644 index 00000000..260b76e4 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-010-modular-antehandler.mdx @@ -0,0 +1,319 @@ +--- +title: 'ADR 010: Modular AnteHandler' +description: '2019 Aug 31: Initial draft 2021 Sep 14: Superseded by ADR-045' +--- +## Changelog + +* 2019 Aug 31: Initial draft +* 2021 Sep 14: Superseded by ADR-045 + +## Status + +SUPERSEDED by ADR-045 + +## Context + +The current AnteHandler design allows users to either use the default AnteHandler provided in `x/auth` or to build their own AnteHandler from scratch. Ideally AnteHandler functionality is split into multiple, modular functions that can be chained together along with custom ante-functions so that users do not have to rewrite common antehandler logic when they want to implement custom behavior. + +For example, let's say a user wants to implement some custom signature verification logic. In the current codebase, the user would have to write their own Antehandler from scratch largely reimplementing much of the same code and then set their own custom, monolithic antehandler in the baseapp. Instead, we would like to allow users to specify custom behavior when necessary and combine them with default ante-handler functionality in a way that is as modular and flexible as possible. + +## Proposals + +### Per-Module AnteHandler + +One approach is to use the [ModuleManager](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/types/module) and have each module implement its own antehandler if it requires custom antehandler logic. The ModuleManager can then be passed in an AnteHandler order in the same way it has an order for BeginBlockers and EndBlockers. The ModuleManager returns a single AnteHandler function that will take in a tx and run each module's `AnteHandle` in the specified order. The module manager's AnteHandler is set as the baseapp's AnteHandler. + +Pros: + +1. Simple to implement +2. Utilizes the existing ModuleManager architecture + +Cons: + +1. Improves granularity but still cannot get more granular than a per-module basis. e.g. If auth's `AnteHandle` function is in charge of validating memo and signatures, users cannot swap the signature-checking functionality while keeping the rest of auth's `AnteHandle` functionality. +2. Module AnteHandler are run one after the other. There is no way for one AnteHandler to wrap or "decorate" another. + +### Decorator Pattern + +The [weave project](https://github.com/iov-one/weave) achieves AnteHandler modularity through the use of a decorator pattern. The interface is designed as follows: + +```go +// Decorator wraps a Handler to provide common functionality +// like authentication, or fee-handling, to many Handlers +type Decorator interface { + Check(ctx Context, store KVStore, tx Tx, next Checker) (*CheckResult, error) + +Deliver(ctx Context, store KVStore, tx Tx, next Deliverer) (*DeliverResult, error) +} +``` + +Each decorator works like a modularized Cosmos SDK antehandler function, but it can take in a `next` argument that may be another decorator or a Handler (which does not take in a next argument). These decorators can be chained together, one decorator being passed in as the `next` argument of the previous decorator in the chain. The chain ends in a Router which can take a tx and route to the appropriate msg handler. + +A key benefit of this approach is that one Decorator can wrap its internal logic around the next Checker/Deliverer. A weave Decorator may do the following: + +```go +// Example Decorator's Deliver function +func (example Decorator) + +Deliver(ctx Context, store KVStore, tx Tx, next Deliverer) { + // Do some pre-processing logic + + res, err := next.Deliver(ctx, store, tx) + + // Do some post-processing logic given the result and error +} +``` + +Pros: + +1. Weave Decorators can wrap over the next decorator/handler in the chain. The ability to both pre-process and post-process may be useful in certain settings. +2. Provides a nested modular structure that isn't possible in the solution above, while also allowing for a linear one-after-the-other structure like the solution above. + +Cons: + +1. It is hard to understand at first glance the state updates that would occur after a Decorator runs given the `ctx`, `store`, and `tx`. A Decorator can have an arbitrary number of nested Decorators being called within its function body, each possibly doing some pre- and post-processing before calling the next decorator on the chain. Thus to understand what a Decorator is doing, one must also understand what every other decorator further along the chain is also doing. This can get quite complicated to understand. A linear, one-after-the-other approach while less powerful, may be much easier to reason about. + +### Chained Micro-Functions + +The benefit of Weave's approach is that the Decorators can be very concise, which when chained together allows for maximum customizability. However, the nested structure can get quite complex and thus hard to reason about. + +Another approach is to split the AnteHandler functionality into tightly scoped "micro-functions", while preserving the one-after-the-other ordering that would come from the ModuleManager approach. + +We can then have a way to chain these micro-functions so that they run one after the other. Modules may define multiple ante micro-functions and then also provide a default per-module AnteHandler that implements a default, suggested order for these micro-functions. + +Users can order the AnteHandlers easily by simply using the ModuleManager. The ModuleManager will take in a list of AnteHandlers and return a single AnteHandler that runs each AnteHandler in the order of the list provided. If the user is comfortable with the default ordering of each module, this is as simple as providing a list with each module's antehandler (exactly the same as BeginBlocker and EndBlocker). + +If however, users wish to change the order or add, modify, or delete ante micro-functions in anyway; they can always define their own ante micro-functions and add them explicitly to the list that gets passed into module manager. + +#### Default Workflow + +This is an example of a user's AnteHandler if they choose not to make any custom micro-functions. + +##### Cosmos SDK code + +```go expandable +// Chains together a list of AnteHandler micro-functions that get run one after the other. +// Returned AnteHandler will abort on first error. +func Chainer(order []AnteHandler) + +AnteHandler { + return func(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + for _, ante := range order { + ctx, err := ante(ctx, tx, simulate) + if err != nil { + return ctx, err +} + +} + +return ctx, err +} +} +``` + +```go expandable +// AnteHandler micro-function to verify signatures +func VerifySignatures(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + // verify signatures + // Returns InvalidSignature Result and abort=true if sigs invalid + // Return OK result and abort=false if sigs are valid +} + +// AnteHandler micro-function to validate memo +func ValidateMemo(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + // validate memo +} + +// Auth defines its own default ante-handler by chaining its micro-functions in a recommended order +AuthModuleAnteHandler := Chainer([]AnteHandler{ + VerifySignatures, ValidateMemo +}) +``` + +```go expandable +// Distribution micro-function to deduct fees from tx +func DeductFees(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + // Deduct fees from tx + // Abort if insufficient funds in account to pay for fees +} + +// Distribution micro-function to check if fees > mempool parameter +func CheckMempoolFees(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + // If CheckTx: Abort if the fees are less than the mempool's minFee parameter +} + +// Distribution defines its own default ante-handler by chaining its micro-functions in a recommended order +DistrModuleAnteHandler := Chainer([]AnteHandler{ + CheckMempoolFees, DeductFees +}) +``` + +```go +type ModuleManager struct { + // other fields + AnteHandlerOrder []AnteHandler +} + +func (mm ModuleManager) + +GetAnteHandler() + +AnteHandler { + return Chainer(mm.AnteHandlerOrder) +} +``` + +##### User Code + +```go +// Note: Since user is not making any custom modifications, we can just SetAnteHandlerOrder with the default AnteHandlers provided by each module in our preferred order +moduleManager.SetAnteHandlerOrder([]AnteHandler(AuthModuleAnteHandler, DistrModuleAnteHandler)) + +app.SetAnteHandler(mm.GetAnteHandler()) +``` + +#### Custom Workflow + +This is an example workflow for a user that wants to implement custom antehandler logic. In this example, the user wants to implement custom signature verification and change the order of antehandler so that validate memo runs before signature verification. + +##### User Code + +```go +// User can implement their own custom signature verification antehandler micro-function +func CustomSigVerify(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) { + // do some custom signature verification logic +} +``` + +```go +// Micro-functions allow users to change order of when they get executed, and swap out default ante-functionality with their own custom logic. +// Note that users can still chain the default distribution module handler, and auth micro-function along with their custom ante function +moduleManager.SetAnteHandlerOrder([]AnteHandler(ValidateMemo, CustomSigVerify, DistrModuleAnteHandler)) +``` + +Pros: + +1. Allows for ante functionality to be as modular as possible. +2. For users that do not need custom ante-functionality, there is little difference between how antehandlers work and how BeginBlock and EndBlock work in ModuleManager. +3. Still easy to understand + +Cons: + +1. Cannot wrap antehandlers with decorators like you can with Weave. + +### Simple Decorators + +This approach takes inspiration from Weave's decorator design while trying to minimize the number of breaking changes to the Cosmos SDK and maximizing simplicity. Like Weave decorators, this approach allows one `AnteDecorator` to wrap the next AnteHandler to do pre- and post-processing on the result. This is useful since decorators can do defer/cleanups after an AnteHandler returns as well as perform some setup beforehand. Unlike Weave decorators, these `AnteDecorator` functions can only wrap over the AnteHandler rather than the entire handler execution path. This is deliberate as we want decorators from different modules to perform authentication/validation on a `tx`. However, we do not want decorators being capable of wrapping and modifying the results of a `MsgHandler`. + +In addition, this approach will not break any core Cosmos SDK API's. Since we preserve the notion of an AnteHandler and still set a single AnteHandler in baseapp, the decorator is simply an additional approach available for users that desire more customization. The API of modules (namely `x/auth`) may break with this approach, but the core API remains untouched. + +Allow Decorator interface that can be chained together to create a Cosmos SDK AnteHandler. + +This allows users to choose between implementing an AnteHandler by themselves and setting it in the baseapp, or use the decorator pattern to chain their custom decorators with the Cosmos SDK provided decorators in the order they wish. + +```go +// An AnteDecorator wraps an AnteHandler, and can do pre- and post-processing on the next AnteHandler +type AnteDecorator interface { + AnteHandle(ctx Context, tx Tx, simulate bool, next AnteHandler) (newCtx Context, err error) +} +``` + +```go expandable +// ChainAnteDecorators will recursively link all of the AnteDecorators in the chain and return a final AnteHandler function +// This is done to preserve the ability to set a single AnteHandler function in the baseapp. +func ChainAnteDecorators(chain ...AnteDecorator) + +AnteHandler { + if len(chain) == 1 { + return func(ctx Context, tx Tx, simulate bool) { + chain[0].AnteHandle(ctx, tx, simulate, nil) +} + +} + +return func(ctx Context, tx Tx, simulate bool) { + chain[0].AnteHandle(ctx, tx, simulate, ChainAnteDecorators(chain[1:])) +} +} +``` + +#### Example Code + +Define AnteDecorator functions + +```go expandable +// Setup GasMeter, catch OutOfGasPanic and handle appropriately +type SetUpContextDecorator struct{ +} + +func (sud SetUpContextDecorator) + +AnteHandle(ctx Context, tx Tx, simulate bool, next AnteHandler) (newCtx Context, err error) { + ctx.GasMeter = NewGasMeter(tx.Gas) + +defer func() { + // recover from OutOfGas panic and handle appropriately +} + +return next(ctx, tx, simulate) +} + +// Signature Verification decorator. Verify Signatures and move on +type SigVerifyDecorator struct{ +} + +func (svd SigVerifyDecorator) + +AnteHandle(ctx Context, tx Tx, simulate bool, next AnteHandler) (newCtx Context, err error) { + // verify sigs. Return error if invalid + + // call next antehandler if sigs ok + return next(ctx, tx, simulate) +} + +// User-defined Decorator. Can choose to pre- and post-process on AnteHandler +type UserDefinedDecorator struct{ + // custom fields +} + +func (udd UserDefinedDecorator) + +AnteHandle(ctx Context, tx Tx, simulate bool, next AnteHandler) (newCtx Context, err error) { + // pre-processing logic + + ctx, err = next(ctx, tx, simulate) + + // post-processing logic +} +``` + +Link AnteDecorators to create a final AnteHandler. Set this AnteHandler in baseapp. + +```go +// Create final antehandler by chaining the decorators together + antehandler := ChainAnteDecorators(NewSetUpContextDecorator(), NewSigVerifyDecorator(), NewUserDefinedDecorator()) + +// Set chained Antehandler in the baseapp +bapp.SetAnteHandler(antehandler) +``` + +Pros: + +1. Allows one decorator to pre- and post-process the next AnteHandler, similar to the Weave design. +2. Do not need to break baseapp API. Users can still set a single AnteHandler if they choose. + +Cons: + +1. Decorator pattern may have a deeply nested structure that is hard to understand, this is mitigated by having the decorator order explicitly listed in the `ChainAnteDecorators` function. +2. Does not make use of the ModuleManager design. Since this is already being used for BeginBlocker/EndBlocker, this proposal seems unaligned with that design pattern. + +## Consequences + +Since pros and cons are written for each approach, it is omitted from this section + +## References + +* [#4572](https://github.com/cosmos/cosmos-sdk/issues/4572): Modular AnteHandler Issue +* [#4582](https://github.com/cosmos/cosmos-sdk/pull/4583): Initial Implementation of Per-Module AnteHandler Approach +* [Weave Decorator Code](https://github.com/iov-one/weave/blob/master/handler.go#L35) +* [Weave Design Videos](https://vimeo.com/showcase/6189877) diff --git a/docs/sdk/next/build/architecture/adr-011-generalize-genesis-accounts.mdx b/docs/sdk/next/build/architecture/adr-011-generalize-genesis-accounts.mdx new file mode 100644 index 00000000..405f2fd7 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-011-generalize-genesis-accounts.mdx @@ -0,0 +1,187 @@ +--- +title: 'ADR 011: Generalize Genesis Accounts' +description: '2019-08-30: initial draft' +--- +## Changelog + +* 2019-08-30: initial draft + +## Context + +Currently, the Cosmos SDK allows for custom account types; the `auth` keeper stores any type fulfilling its `Account` interface. However `auth` does not handle exporting or loading accounts to/from a genesis file, this is done by `genaccounts`, which only handles one of 4 concrete account types (`BaseAccount`, `ContinuousVestingAccount`, `DelayedVestingAccount` and `ModuleAccount`). + +Projects desiring to use custom accounts (say custom vesting accounts) need to fork and modify `genaccounts`. + +## Decision + +In summary, we will (un)marshal all accounts (interface types) directly using amino, rather than converting to `genaccounts`’s `GenesisAccount` type. Since doing this removes the majority of `genaccounts`'s code, we will merge `genaccounts` into `auth`. Marshalled accounts will be stored in `auth`'s genesis state. + +Detailed changes: + +### 1) (Un)Marshal accounts directly using amino + +The `auth` module's `GenesisState` gains a new field `Accounts`. Note these aren't of type `exported.Account` for reasons outlined in section 3. + +```go +// GenesisState - all auth state that must be provided at genesis +type GenesisState struct { + Params Params `json:"params" yaml:"params"` + Accounts []GenesisAccount `json:"accounts" yaml:"accounts"` +} +``` + +Now `auth`'s `InitGenesis` and `ExportGenesis` (un)marshal accounts as well as the defined params. + +```go expandable +// InitGenesis - Init store state from genesis data +func InitGenesis(ctx sdk.Context, ak AccountKeeper, data GenesisState) { + ak.SetParams(ctx, data.Params) + // load the accounts + for _, a := range data.Accounts { + acc := ak.NewAccount(ctx, a) // set account number + ak.SetAccount(ctx, acc) +} +} + +// ExportGenesis returns a GenesisState for a given context and keeper +func ExportGenesis(ctx sdk.Context, ak AccountKeeper) + +GenesisState { + params := ak.GetParams(ctx) + +var genAccounts []exported.GenesisAccount + ak.IterateAccounts(ctx, func(account exported.Account) + +bool { + genAccount := account.(exported.GenesisAccount) + +genAccounts = append(genAccounts, genAccount) + +return false +}) + +return NewGenesisState(params, genAccounts) +} +``` + +### 2) Register custom account types on the `auth` codec + +The `auth` codec must have all custom account types registered to marshal them. We will follow the pattern established in `gov` for proposals. + +An example custom account definition: + +```go +import authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + +// Register the module account type with the auth module codec so it can decode module accounts stored in a genesis file +func init() { + authtypes.RegisterAccountTypeCodec(ModuleAccount{ +}, "cosmos-sdk/ModuleAccount") +} + +type ModuleAccount struct { + ... +``` + +The `auth` codec definition: + +```go expandable +var ModuleCdc *codec.LegacyAmino + +func init() { + ModuleCdc = codec.NewLegacyAmino() + // register module msg's and Account interface + ... + // leave the codec unsealed +} + +// RegisterAccountTypeCodec registers an external account type defined in another module for the internal ModuleCdc. +func RegisterAccountTypeCodec(o interface{ +}, name string) { + ModuleCdc.RegisterConcrete(o, name, nil) +} +``` + +### 3) Genesis validation for custom account types + +Modules implement a `ValidateGenesis` method. As `auth` does not know of account implementations, accounts will need to validate themselves. + +We will unmarshal accounts into a `GenesisAccount` interface that includes a `Validate` method. + +```go +type GenesisAccount interface { + exported.Account + Validate() + +error +} +``` + +Then the `auth` `ValidateGenesis` function becomes: + +```go expandable +// ValidateGenesis performs basic validation of auth genesis data returning an +// error for any failed validation criteria. +func ValidateGenesis(data GenesisState) + +error { + // Validate params + ... + + // Validate accounts + addrMap := make(map[string]bool, len(data.Accounts)) + for _, acc := range data.Accounts { + + // check for duplicated accounts + addrStr := acc.GetAddress().String() + if _, ok := addrMap[addrStr]; ok { + return fmt.Errorf("duplicate account found in genesis state; address: %s", addrStr) +} + +addrMap[addrStr] = true + + // check account specific validation + if err := acc.Validate(); err != nil { + return fmt.Errorf("invalid account found in genesis state; address: %s, error: %s", addrStr, err.Error()) +} + + +} + +return nil +} +``` + +### 4) Move add-genesis-account cli to `auth` + +The `genaccounts` module contains a cli command to add base or vesting accounts to a genesis file. + +This will be moved to `auth`. We will leave it to projects to write their own commands to add custom accounts. An extensible cli handler, similar to `gov`, could be created but it is not worth the complexity for this minor use case. + +### 5) Update module and vesting accounts + +Under the new scheme, module and vesting account types need some minor updates: + +* Type registration on `auth`'s codec (shown above) +* A `Validate` method for each `Account` concrete type + +## Status + +Proposed + +## Consequences + +### Positive + +* custom accounts can be used without needing to fork `genaccounts` +* reduction in lines of code + +### Negative + +### Neutral + +* `genaccounts` module no longer exists +* accounts in genesis files are stored under `accounts` in `auth` rather than in the `genaccounts` module. + -`add-genesis-account` cli command now in `auth` + +## References diff --git a/docs/sdk/next/build/architecture/adr-012-state-accessors.mdx b/docs/sdk/next/build/architecture/adr-012-state-accessors.mdx new file mode 100644 index 00000000..da42f783 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-012-state-accessors.mdx @@ -0,0 +1,218 @@ +--- +title: 'ADR 012: State Accessors' +description: '2019 Sep 04: Initial draft' +--- +## Changelog + +* 2019 Sep 04: Initial draft + +## Context + +Cosmos SDK modules currently use the `KVStore` interface and `Codec` to access their respective state. While +this provides a large degree of freedom to module developers, it is hard to modularize and the UX is +mediocre. + +First, each time a module tries to access the state, it has to marshal the value and set or get the +value and finally unmarshal. Usually this is done by declaring `Keeper.GetXXX` and `Keeper.SetXXX` functions, +which are repetitive and hard to maintain. + +Second, this makes it harder to align with the object capability theorem: the right to access the +state is defined as a `StoreKey`, which gives full access on the entire Merkle tree, so a module cannot +send the access right to a specific key-value pair (or a set of key-value pairs) to another module safely. + +Finally, because the getter/setter functions are defined as methods of a module's `Keeper`, the reviewers +have to consider the whole Merkle tree space when they reviewing a function accessing any part of the state. +There is no static way to know which part of the state that the function is accessing (and which is not). + +## Decision + +We will define a type named `Value`: + +```go +type Value struct { + m Mapping + key []byte +} +``` + +The `Value` works as a reference for a key-value pair in the state, where `Value.m` defines the key-value +space it will access and `Value.key` defines the exact key for the reference. + +We will define a type named `Mapping`: + +```go +type Mapping struct { + storeKey sdk.StoreKey + cdc *codec.LegacyAmino + prefix []byte +} +``` + +The `Mapping` works as a reference for a key-value space in the state, where `Mapping.storeKey` defines +the IAVL (sub-)tree and `Mapping.prefix` defines the optional subspace prefix. + +We will define the following core methods for the `Value` type: + +```go expandable +// Get and unmarshal stored data, noop if not exists, panic if cannot unmarshal +func (Value) + +Get(ctx Context, ptr interface{ +}) { +} + +// Get and unmarshal stored data, return error if not exists or cannot unmarshal +func (Value) + +GetSafe(ctx Context, ptr interface{ +}) { +} + +// Get stored data as raw byte slice +func (Value) + +GetRaw(ctx Context) []byte { +} + +// Marshal and set a raw value +func (Value) + +Set(ctx Context, o interface{ +}) { +} + +// Check if a raw value exists +func (Value) + +Exists(ctx Context) + +bool { +} + +// Delete a raw value +func (Value) + +Delete(ctx Context) { +} +``` + +We will define the following core methods for the `Mapping` type: + +```go expandable +// Constructs key-value pair reference corresponding to the key argument in the Mapping space +func (Mapping) + +Value(key []byte) + +Value { +} + +// Get and unmarshal stored data, noop if not exists, panic if cannot unmarshal +func (Mapping) + +Get(ctx Context, key []byte, ptr interface{ +}) { +} + +// Get and unmarshal stored data, return error if not exists or cannot unmarshal +func (Mapping) + +GetSafe(ctx Context, key []byte, ptr interface{ +}) + +// Get stored data as raw byte slice +func (Mapping) + +GetRaw(ctx Context, key []byte) []byte { +} + +// Marshal and set a raw value +func (Mapping) + +Set(ctx Context, key []byte, o interface{ +}) { +} + +// Check if a raw value exists +func (Mapping) + +Has(ctx Context, key []byte) + +bool { +} + +// Delete a raw value +func (Mapping) + +Delete(ctx Context, key []byte) { +} +``` + +Each method of the `Mapping` type that is passed the arguments `ctx`, `key`, and `args...` will proxy +the call to `Mapping.Value(key)` with arguments `ctx` and `args...`. + +In addition, we will define and provide a common set of types derived from the `Value` type: + +```go +type Boolean struct { + Value +} + +type Enum struct { + Value +} + +type Integer struct { + Value; enc IntEncoding +} + +type String struct { + Value +} +// ... +``` + +Where the encoding schemes can be different, `o` arguments in core methods are typed, and `ptr` arguments +in core methods are replaced by explicit return types. + +Finally, we will define a family of types derived from the `Mapping` type: + +```go +type Indexer struct { + m Mapping + enc IntEncoding +} +``` + +Where the `key` argument in core method is typed. + +Some of the properties of the accessor types are: + +* State access happens only when a function which takes a `Context` as an argument is invoked +* Accessor type structs give rights to access the state only that the struct is referring, no other +* Marshalling/Unmarshalling happens implicitly within the core methods + +## Status + +Proposed + +## Consequences + +### Positive + +* Serialization will be done automatically +* Shorter code size, less boilerplate, better UX +* References to the state can be transferred safely +* Explicit scope of accessing + +### Negative + +* Serialization format will be hidden +* Different architecture from the current, but the use of accessor types can be opt-in +* Type-specific types (e.g. `Boolean` and `Integer`) have to be defined manually + +### Neutral + +## References + +* [#4554](https://github.com/cosmos/cosmos-sdk/issues/4554) diff --git a/docs/sdk/next/build/architecture/adr-013-metrics.mdx b/docs/sdk/next/build/architecture/adr-013-metrics.mdx new file mode 100644 index 00000000..c61a24c3 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-013-metrics.mdx @@ -0,0 +1,170 @@ +--- +title: 'ADR 013: Observability' +description: '20-01-2020: Initial Draft' +--- +## Changelog + +* 20-01-2020: Initial Draft + +## Status + +Proposed + +## Context + +Telemetry is paramount into debugging and understanding what the application is doing and how it is +performing. We aim to expose metrics from modules and other core parts of the Cosmos SDK. + +In addition, we should aim to support multiple configurable sinks that an operator may choose from. +By default, when telemetry is enabled, the application should track and expose metrics that are +stored in-memory. The operator may choose to enable additional sinks, where we support only +[Prometheus](https://prometheus.io/) for now, as it's battle-tested, simple to setup, open source, +and is rich with ecosystem tooling. + +We must also aim to integrate metrics into the Cosmos SDK in the most seamless way possible such that +metrics may be added or removed at will and without much friction. To do this, we will use the +[go-metrics](https://github.com/hashicorp/go-metrics) library. + +Finally, operators may enable telemetry along with specific configuration options. If enabled, metrics +will be exposed via `/metrics?format={text|prometheus}` via the API server. + +## Decision + +We will add an additional configuration block to `app.toml` that defines telemetry settings: + +```toml expandable +############################################################################### +### Telemetry Configuration ### +############################################################################### + +[telemetry] + +# Prefixed with keys to separate services +service-name = {{ .Telemetry.ServiceName }} + +# Enabled enables the application telemetry functionality. When enabled, +# an in-memory sink is also enabled by default. Operators may also enabled +# other sinks such as Prometheus. +enabled = {{ .Telemetry.Enabled }} + +# Enable prefixing gauge values with hostname +enable-hostname = {{ .Telemetry.EnableHostname }} + +# Enable adding hostname to labels +enable-hostname-label = {{ .Telemetry.EnableHostnameLabel }} + +# Enable adding service to labels +enable-service-label = {{ .Telemetry.EnableServiceLabel }} + +# PrometheusRetentionTime, when positive, enables a Prometheus metrics sink. +prometheus-retention-time = {{ .Telemetry.PrometheusRetentionTime }} +``` + +The given configuration allows for two sinks -- in-memory and Prometheus. We create a `Metrics` +type that performs all the bootstrapping for the operator, so capturing metrics becomes seamless. + +```go expandable +// Metrics defines a wrapper around application telemetry functionality. It allows +// metrics to be gathered at any point in time. When creating a Metrics object, +// internally, a global metrics is registered with a set of sinks as configured +// by the operator. In addition to the sinks, when a process gets a SIGUSR1, a +// dump of formatted recent metrics will be sent to STDERR. +type Metrics struct { + memSink *metrics.InmemSink + prometheusEnabled bool +} + +// Gather collects all registered metrics and returns a GatherResponse where the +// metrics are encoded depending on the type. Metrics are either encoded via +// Prometheus or JSON if in-memory. +func (m *Metrics) + +Gather(format string) (GatherResponse, error) { + switch format { + case FormatPrometheus: + return m.gatherPrometheus() + case FormatText: + return m.gatherGeneric() + case FormatDefault: + return m.gatherGeneric() + +default: + return GatherResponse{ +}, fmt.Errorf("unsupported metrics format: %s", format) +} +} +``` + +In addition, `Metrics` allows us to gather the current set of metrics at any given point in time. An +operator may also choose to send a signal, SIGUSR1, to dump and print formatted metrics to STDERR. + +During an application's bootstrapping and construction phase, if `Telemetry.Enabled` is `true`, the +API server will create an instance of a reference to `Metrics` object and will register a metrics +handler accordingly. + +```go expandable +func (s *Server) + +Start(cfg config.Config) + +error { + // ... + if cfg.Telemetry.Enabled { + m, err := telemetry.New(cfg.Telemetry) + if err != nil { + return err +} + +s.metrics = m + s.registerMetrics() +} + + // ... +} + +func (s *Server) + +registerMetrics() { + metricsHandler := func(w http.ResponseWriter, r *http.Request) { + format := strings.TrimSpace(r.FormValue("format")) + +gr, err := s.metrics.Gather(format) + if err != nil { + rest.WriteErrorResponse(w, http.StatusBadRequest, fmt.Sprintf("failed to gather metrics: %s", err)) + +return +} + +w.Header().Set("Content-Type", gr.ContentType) + _, _ = w.Write(gr.Metrics) +} + +s.Router.HandleFunc("/metrics", metricsHandler).Methods("GET") +} +``` + +Application developers may track counters, gauges, summaries, and key/value metrics. There is no +additional lifting required by modules to leverage profiling metrics. To do so, it's as simple as: + +```go +func (k BaseKeeper) + +MintCoins(ctx sdk.Context, moduleName string, amt sdk.Coins) + +error { + defer metrics.MeasureSince(time.Now(), "MintCoins") + // ... +} +``` + +## Consequences + +### Positive + +* Exposure into the performance and behavior of an application + +### Negative + +### Neutral + +## References diff --git a/docs/sdk/next/build/architecture/adr-014-proportional-slashing.mdx b/docs/sdk/next/build/architecture/adr-014-proportional-slashing.mdx new file mode 100644 index 00000000..026ca5a3 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-014-proportional-slashing.mdx @@ -0,0 +1,89 @@ +--- +title: 'ADR 14: Proportional Slashing' +description: >- + 2019-10-15: Initial draft 2020-05-25: Removed correlation root slashing + 2020-07-01: Updated to include S-curve function instead of linear +--- +## Changelog + +* 2019-10-15: Initial draft +* 2020-05-25: Removed correlation root slashing +* 2020-07-01: Updated to include S-curve function instead of linear + +## Context + +In Proof of Stake-based chains, centralization of consensus power amongst a small set of validators can cause harm to the network due to increased risk of censorship, liveness failure, fork attacks, etc. However, while this centralization causes a negative externality to the network, it is not directly felt by the delegators contributing towards delegating towards already large validators. We would like a way to pass on the negative externality cost of centralization onto those large validators and their delegators. + +## Decision + +### Design + +To solve this problem, we will implement a procedure called Proportional Slashing. The desire is that the larger a validator is, the more they should be slashed. The first naive attempt is to make a validator's slash percent proportional to their share of consensus voting power. + +```text +slash_amount = k * power // power is the faulting validator's voting power and k is some on-chain constant +``` + +However, this will incentivize validators with large amounts of stake to split up their voting power amongst accounts (sybil attack), so that if they fault, they all get slashed at a lower percent. The solution to this is to take into account not just a validator's own voting percentage, but also the voting percentage of all the other validators who get slashed in a specified time frame. + +```text +slash_amount = k * (power_1 + power_2 + ... + power_n) // where power_i is the voting power of the ith validator faulting in the specified time frame and k is some on-chain constant +``` + +Now, if someone splits a validator of 10% into two validators of 5% each which both fault, then they both fault in the same time frame, they both will get slashed at the sum 10% amount. + +However in practice, we likely don't want a linear relation between amount of stake at fault, and the percentage of stake to slash. In particular, solely 5% of stake double signing effectively did nothing to majorly threaten security, whereas 30% of stake being at fault clearly merits a large slashing factor, due to being very close to the point at which Tendermint security is threatened. A linear relation would require a factor of 6 gap between these two, whereas the difference in risk posed to the network is much larger. We propose using S-curves (formally [logistic functions](https://en.wikipedia.org/wiki/Logistic_function) to solve this). S-Curves capture the desired criterion quite well. They allow the slashing factor to be minimal for small values, and then grow very rapidly near some threshold point where the risk posed becomes notable. + +#### Parameterization + +This requires parameterizing a logistic function. It is very well understood how to parameterize this. It has four parameters: + +1. A minimum slashing factor +2. A maximum slashing factor +3. The inflection point of the S-curve (essentially where do you want to center the S) +4. The rate of growth of the S-curve (How elongated is the S) + +#### Correlation across non-sybil validators + +One will note, that this model doesn't differentiate between multiple validators run by the same operators vs validators run by different operators. This can be seen as an additional benefit in fact. It incentivizes validators to differentiate their setups from other validators, to avoid having correlated faults with them or else they risk a higher slash. So for example, operators should avoid using the same popular cloud hosting platforms or using the same Staking as a Service providers. This will lead to a more resilient and decentralized network. + +#### Griefing + +Griefing, the act of intentionally getting oneself slashed in order to make another's slash worse, could be a concern here. However, using the protocol described here, the attacker also gets equally impacted by the grief as the victim, so it would not provide much benefit to the griefer. + +### Implementation + +In the slashing module, we will add two queues that will track all of the recent slash events. For double sign faults, we will define "recent slashes" as ones that have occurred within the last `unbonding period`. For liveness faults, we will define "recent slashes" as ones that have occurred within the last `jail period`. + +```go +type SlashEvent struct { + Address sdk.ValAddress + ValidatorVotingPercent sdk.Dec + SlashedSoFar sdk.Dec +} +``` + +These slash events will be pruned from the queue once they are older than their respective "recent slash period". + +Whenever a new slash occurs, a `SlashEvent` struct is created with the faulting validator's voting percent and a `SlashedSoFar` of 0. Because recent slash events are pruned before the unbonding period and unjail period expires, it should not be possible for the same validator to have multiple SlashEvents in the same Queue at the same time. + +We then will iterate over all the SlashEvents in the queue, adding their `ValidatorVotingPercent` to calculate the new percent to slash all the validators in the queue at, using the "Square of Sum of Roots" formula introduced above. + +Once we have the `NewSlashPercent`, we then iterate over all the `SlashEvent`s in the queue once again, and if `NewSlashPercent > SlashedSoFar` for that SlashEvent, we call the `staking.Slash(slashEvent.Address, slashEvent.Power, Math.Min(Math.Max(minSlashPercent, NewSlashPercent - SlashedSoFar), maxSlashPercent)` (we pass in the power of the validator before any slashes occurred, so that we slash the right amount of tokens). We then set `SlashEvent.SlashedSoFar` amount to `NewSlashPercent`. + +## Status + +Proposed + +## Consequences + +### Positive + +* Increases decentralization by disincentivizing delegating to large validators +* Incentivizes Decorrelation of Validators +* More severely punishes attacks than accidental faults +* More flexibility in slashing rates parameterization + +### Negative + +* More computationally expensive than current implementation. Will require more data about "recent slashing events" to be stored on chain. diff --git a/docs/sdk/next/build/architecture/adr-016-validator-consensus-key-rotation.mdx b/docs/sdk/next/build/architecture/adr-016-validator-consensus-key-rotation.mdx new file mode 100644 index 00000000..29e2c756 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-016-validator-consensus-key-rotation.mdx @@ -0,0 +1,131 @@ +--- +title: 'ADR 016: Validator Consensus Key Rotation' +description: '2019 Oct 23: Initial draft 2019 Nov 28: Add key rotation fee' +--- +## Changelog + +* 2019 Oct 23: Initial draft +* 2019 Nov 28: Add key rotation fee + +## Context + +Validator consensus key rotation feature has been discussed and requested for a long time, for the sake of safer validator key management policy (e.g. [Link](https://github.com/tendermint/tendermint/issues/1136)). So, we suggest one of the simplest form of validator consensus key rotation implementation mostly onto Cosmos SDK. + +We don't need to make any update on consensus logic in Tendermint because Tendermint does not have any mapping information of consensus key and validator operator key, meaning that from Tendermint's point of view, a consensus key rotation of a validator is simply a replacement of a consensus key to another. + +Also, it should be noted that this ADR includes only the simplest form of consensus key rotation without considering the multiple consensus keys concept. Such multiple consensus keys concept shall remain a long term goal of Tendermint and Cosmos SDK. + +## Decision + +### Pseudo procedure for consensus key rotation + +* create new random consensus key. +* create and broadcast a transaction with a `MsgRotateConsPubKey` that states the new consensus key is now coupled with the validator operator with a signature from the validator's operator key. +* old consensus key becomes unable to participate on consensus immediately after the update of key mapping state on-chain. +* start validating with new consensus key. +* validators using HSM and KMS should update the consensus key in HSM to use the new rotated key after the height `h` when `MsgRotateConsPubKey` is committed to the blockchain. + +### Considerations + +* consensus key mapping information management strategy + * store history of each key mapping changes in the kvstore. + * the state machine can search corresponding consensus key paired with the given validator operator for any arbitrary height in a recent unbonding period. + * the state machine does not need any historical mapping information which is past more than unbonding period. +* key rotation costs related to LCD and IBC + * LCD and IBC will have a traffic/computation burden when there exists frequent power changes + * In current Tendermint design, consensus key rotations are seen as power changes from LCD or IBC perspective + * Therefore, to minimize unnecessary frequent key rotation behavior, we limited the maximum number of rotation in recent unbonding period and also applied exponentially increasing rotation fee +* limits + * a validator cannot rotate its consensus key more than `MaxConsPubKeyRotations` time for any unbonding period, to prevent spam. + * parameters can be decided by governance and stored in genesis file. +* key rotation fee + * a validator should pay `KeyRotationFee` to rotate the consensus key which is calculated as below + * `KeyRotationFee` = (max(`VotingPowerPercentage` *100, 1)* `InitialKeyRotationFee`) \* 2^(number of rotations in `ConsPubKeyRotationHistory` in recent unbonding period) +* evidence module + * evidence module can search corresponding consensus key for any height from slashing keeper so that it can decide which consensus key is supposed to be used for the given height. +* abci.ValidatorUpdate + * tendermint already has ability to change a consensus key by ABCI communication(`ValidatorUpdate`). + * validator consensus key update can be done via creating new + delete old by change the power to zero. + * therefore, we expect we do not even need to change Tendermint codebase at all to implement this feature. +* new genesis parameters in `staking` module + * `MaxConsPubKeyRotations` : maximum number of rotation can be executed by a validator in recent unbonding period. default value 10 is suggested(11th key rotation will be rejected) + * `InitialKeyRotationFee` : the initial key rotation fee when no key rotation has happened in recent unbonding period. default value 1atom is suggested(1atom fee for the first key rotation in recent unbonding period) + +### Workflow + +1. The validator generates a new consensus keypair. + +2. The validator generates and signs a `MsgRotateConsPubKey` tx with their operator key and new ConsPubKey + + ```go + type MsgRotateConsPubKey struct { + ValidatorAddress sdk.ValAddress + NewPubKey crypto.PubKey + } + ``` + +3. `handleMsgRotateConsPubKey` gets `MsgRotateConsPubKey`, calls `RotateConsPubKey` with emits event + +4. `RotateConsPubKey` + + * checks if `NewPubKey` is not duplicated on `ValidatorsByConsAddr` + * checks if the validator is does not exceed parameter `MaxConsPubKeyRotations` by iterating `ConsPubKeyRotationHistory` + * checks if the signing account has enough balance to pay `KeyRotationFee` + * pays `KeyRotationFee` to community fund + * overwrites `NewPubKey` in `validator.ConsPubKey` + * deletes old `ValidatorByConsAddr` + * `SetValidatorByConsAddr` for `NewPubKey` + * Add `ConsPubKeyRotationHistory` for tracking rotation + + ```go + type ConsPubKeyRotationHistory struct { + OperatorAddress sdk.ValAddress + OldConsPubKey crypto.PubKey + NewConsPubKey crypto.PubKey + RotatedHeight int64 + } + ``` + +5. `ApplyAndReturnValidatorSetUpdates` checks if there is `ConsPubKeyRotationHistory` with `ConsPubKeyRotationHistory.RotatedHeight == ctx.BlockHeight()` and if so, generates 2 `ValidatorUpdate` , one for a remove validator and one for create new validator + + ```go + abci.ValidatorUpdate{ + PubKey: cmttypes.TM2PB.PubKey(OldConsPubKey), + Power: 0, + } + + abci.ValidatorUpdate{ + PubKey: cmttypes.TM2PB.PubKey(NewConsPubKey), + Power: v.ConsensusPower(), + } + ``` + +6. at `previousVotes` Iteration logic of `AllocateTokens`, `previousVote` using `OldConsPubKey` match up with `ConsPubKeyRotationHistory`, and replace validator for token allocation + +7. Migrate `ValidatorSigningInfo` and `ValidatorMissedBlockBitArray` from `OldConsPubKey` to `NewConsPubKey` + +* Note : All above features shall be implemented in `staking` module. + +## Status + +Proposed + +## Consequences + +### Positive + +* Validators can immediately or periodically rotate their consensus key to have a better security policy +* improved security against Long-Range attacks ([Link](https://nearprotocol.com/blog/long-range-attacks-and-a-new-fork-choice-rule)) given a validator throws away the old consensus key(s) + +### Negative + +* Slash module needs more computation because it needs to look up the corresponding consensus key of validators for each height +* frequent key rotations will make light client bisection less efficient + +### Neutral + +## References + +* on tendermint repo : [Link](https://github.com/tendermint/tendermint/issues/1136) +* on cosmos-sdk repo : [Link](https://github.com/cosmos/cosmos-sdk/issues/5231) +* about multiple consensus keys : [Link](https://github.com/tendermint/tendermint/issues/1758#issuecomment-545291698) diff --git a/docs/sdk/next/build/architecture/adr-017-historical-header-module.mdx b/docs/sdk/next/build/architecture/adr-017-historical-header-module.mdx new file mode 100644 index 00000000..e7fc90b5 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-017-historical-header-module.mdx @@ -0,0 +1,69 @@ +--- +title: 'ADR 17: Historical Header Module' +description: >- + 26 November 2019: Start of first version 2 December 2019: Final draft of first + version +--- +## Changelog + +* 26 November 2019: Start of first version +* 2 December 2019: Final draft of first version + +## Context + +In order for the Cosmos SDK to implement the [IBC specification](https://github.com/cosmos/ics), modules within the Cosmos SDK must have the ability to introspect recent consensus states (validator sets & commitment roots) as proofs of these values on other chains must be checked during the handshakes. + +## Decision + +The application MUST store the most recent `n` headers in a persistent store. At first, this store MAY be the current Merklised store. A non-Merklised store MAY be used later as no proofs are necessary. + +The application MUST store this information by storing new headers immediately when handling `abci.RequestBeginBlock`: + +```go +func BeginBlock(ctx sdk.Context, keeper HistoricalHeaderKeeper, req abci.RequestBeginBlock) + +abci.ResponseBeginBlock { + info := HistoricalInfo{ + Header: ctx.BlockHeader(), + ValSet: keeper.StakingKeeper.GetAllValidators(ctx), // note that this must be stored in a canonical order +} + +keeper.SetHistoricalInfo(ctx, ctx.BlockHeight(), info) + n := keeper.GetParamRecentHeadersToStore() + +keeper.PruneHistoricalInfo(ctx, ctx.BlockHeight() - n) + // continue handling request +} +``` + +Alternatively, the application MAY store only the hash of the validator set. + +The application MUST make these past `n` committed headers available for querying by Cosmos SDK modules through the `Keeper`'s `GetHistoricalInfo` function. This MAY be implemented in a new module, or it MAY also be integrated into an existing one (likely `x/staking` or `x/ibc`). + +`n` MAY be configured as a parameter store parameter, in which case it could be changed by `ParameterChangeProposal`s, although it will take some blocks for the stored information to catch up if `n` is increased. + +## Status + +Proposed. + +## Consequences + +Implementation of this ADR will require changes to the Cosmos SDK. It will not require changes to Tendermint. + +### Positive + +* Easy retrieval of headers & state roots for recent past heights by modules anywhere in the Cosmos SDK. +* No RPC calls to Tendermint required. +* No ABCI alterations required. + +### Negative + +* Duplicates `n` headers data in Tendermint & the application (additional disk usage) - in the long term, an approach such as [this](https://github.com/tendermint/tendermint/issues/4210) might be preferable. + +### Neutral + +(none known) + +## References + +* [ICS 2: "Consensus state introspection"](https://github.com/cosmos/ibc/tree/master/spec/core/ics-002-client-semantics#consensus-state-introspection) diff --git a/docs/sdk/next/build/architecture/adr-018-extendable-voting-period.mdx b/docs/sdk/next/build/architecture/adr-018-extendable-voting-period.mdx new file mode 100644 index 00000000..52712a42 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-018-extendable-voting-period.mdx @@ -0,0 +1,68 @@ +--- +title: 'ADR 18: Extendable Voting Periods' +description: '1 January 2020: Start of first version' +--- +## Changelog + +* 1 January 2020: Start of first version + +## Context + +Currently the voting period for all governance proposals is the same. However, this is suboptimal as all governance proposals do not require the same time period. For more non-contentious proposals, they can be dealt with more efficiently with a faster period, while more contentious or complex proposals may need a longer period for extended discussion/consideration. + +## Decision + +We would like to design a mechanism for making the voting period of a governance proposal variable based on the demand of voters. We would like it to be based on the view of the governance participants, rather than just the proposer of a governance proposal (thus, allowing the proposer to select the voting period length is not sufficient). + +However, we would like to avoid the creation of an entire second voting process to determine the length of the voting period, as it just pushed the problem to determining the length of that first voting period. + +Thus, we propose the following mechanism: + +### Params + +* The current gov param `VotingPeriod` is to be replaced by a `MinVotingPeriod` param. This is the default voting period that all governance proposal voting periods start with. +* There is a new gov param called `MaxVotingPeriodExtension`. + +### Mechanism + +There is a new `Msg` type called `MsgExtendVotingPeriod`, which can be sent by any staked account during a proposal's voting period. It allows the sender to unilaterally extend the length of the voting period by `MaxVotingPeriodExtension * sender's share of voting power`. Every address can only call `MsgExtendVotingPeriod` once per proposal. + +So for example, if the `MaxVotingPeriodExtension` is set to 100 Days, then anyone with 1% of voting power can extend the voting power by 1 day. If 33% of voting power has sent the message, the voting period will be extended by 33 days. Thus, if absolutely everyone chooses to extend the voting period, the absolute maximum voting period will be `MinVotingPeriod + MaxVotingPeriodExtension`. + +This system acts as a sort of distributed coordination, where individual stakers choosing to extend or not, allows the system the gauge the contentiousness/complexity of the proposal. It is extremely unlikely that many stakers will choose to extend at the exact same time, it allows stakers to view how long others have already extended thus far, to decide whether or not to extend further. + +### Dealing with Unbonding/Redelegation + +There is one thing that needs to be addressed. How to deal with redelegation/unbonding during the voting period. If a staker of 5% calls `MsgExtendVotingPeriod` and then unbonds, does the voting period then decrease by 5 days again? This is not good as it can give people a false sense of how long they have to make their decision. For this reason, we want to design it such that the voting period length can only be extended, not shortened. To do this, the current extension amount is based on the highest percent that voted extension at any time. This is best explained by example: + +1. Let's say 2 stakers of voting power 4% and 3% respectively vote to extend. The voting period will be extended by 7 days. +2. Now the staker of 3% decides to unbond before the end of the voting period. The voting period extension remains 7 days. +3. Now, let's say another staker of 2% voting power decides to extend voting period. There is now 6% of active voting power choosing the extend. The voting power remains 7 days. +4. If a fourth staker of 10% chooses to extend now, there is a total of 16% of active voting power wishing to extend. The voting period will be extended to 16 days. + +### Delegators + +Just like votes in the actual voting period, delegators automatically inherit the extension of their validators. If their validator chooses to extend, their voting power will be used in the validator's extension. However, the delegator is unable to override their validator and "unextend" as that would contradict the "voting power length can only be ratcheted up" principle described in the previous section. However, a delegator may choose the extend using their personal voting power, if their validator has not done so. + +## Status + +Proposed + +## Consequences + +### Positive + +* More complex/contentious governance proposals will have more time to properly digest and deliberate + +### Negative + +* Governance process becomes more complex and requires more understanding to interact with effectively +* Can no longer predict when a governance proposal will end. Can't assume order in which governance proposals will end. + +### Neutral + +* The minimum voting period can be made shorter + +## References + +* [Cosmos Forum post where idea first originated](https://forum.cosmos.network/t/proposal-draft-reduce-governance-voting-period-to-7-days/3032/9) diff --git a/docs/sdk/next/build/architecture/adr-019-protobuf-state-encoding.mdx b/docs/sdk/next/build/architecture/adr-019-protobuf-state-encoding.mdx new file mode 100644 index 00000000..918a2ac0 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-019-protobuf-state-encoding.mdx @@ -0,0 +1,400 @@ +--- +title: 'ADR 019: Protocol Buffer State Encoding' +--- +## Changelog + +* 2020 Feb 15: Initial Draft +* 2020 Feb 24: Updates to handle messages with interface fields +* 2020 Apr 27: Convert usages of `oneof` for interfaces to `Any` +* 2020 May 15: Describe `cosmos_proto` extensions and amino compatibility +* 2020 Dec 4: Move and rename `MarshalAny` and `UnmarshalAny` into the `codec.Codec` interface. +* 2021 Feb 24: Remove mentions of `HybridCodec`, which has been abandoned in [#6843](https://github.com/cosmos/cosmos-sdk/pull/6843). + +## Status + +Accepted + +## Context + +Currently, the Cosmos SDK utilizes [go-amino](https://github.com/tendermint/go-amino/) for binary +and JSON object encoding over the wire bringing parity between logical objects and persistence objects. + +From the Amino docs: + +> Amino is an object encoding specification. It is a subset of Proto3 with an extension for interface +> support. See the [Proto3 spec](https://developers.google.com/protocol-buffers/docs/proto3) for more +> information on Proto3, which Amino is largely compatible with (but not with Proto2). +> +> The goal of the Amino encoding protocol is to bring parity into logic objects and persistence objects. + +Amino also aims to have the following goals (not a complete list): + +* Binary bytes must be decodable with a schema. +* Schema must be upgradeable. +* The encoder and decoder logic must be reasonably simple. + +However, we believe that Amino does not fulfill these goals completely and does not fully meet the +needs of a truly flexible cross-language and multi-client compatible encoding protocol in the Cosmos SDK. +Namely, Amino has proven to be a big pain-point in regards to supporting object serialization across +clients written in various languages while providing virtually little in the way of true backwards +compatibility and upgradeability. Furthermore, through profiling and various benchmarks, Amino has +been shown to be an extremely large performance bottleneck in the Cosmos SDK 1. This is +largely reflected in the performance of simulations and application transaction throughput. + +Thus, we need to adopt an encoding protocol that meets the following criteria for state serialization: + +* Language agnostic +* Platform agnostic +* Rich client support and thriving ecosystem +* High performance +* Minimal encoded message size +* Codegen-based over reflection-based +* Supports backward and forward compatibility + +Note, migrating away from Amino should be viewed as a two-pronged approach, state and client encoding. +This ADR focuses on state serialization in the Cosmos SDK state machine. A corresponding ADR will be +made to address client-side encoding. + +## Decision + +We will adopt [Protocol Buffers](https://developers.google.com/protocol-buffers) for serializing +persisted structured data in the Cosmos SDK while providing a clean mechanism and developer UX for +applications wishing to continue to use Amino. We will provide this mechanism by updating modules to +accept a codec interface, `Marshaler`, instead of a concrete Amino codec. Furthermore, the Cosmos SDK +will provide two concrete implementations of the `Marshaler` interface: `AminoCodec` and `ProtoCodec`. + +* `AminoCodec`: Uses Amino for both binary and JSON encoding. +* `ProtoCodec`: Uses Protobuf for both binary and JSON encoding. + +Modules will use whichever codec is instantiated in the app. By default, the Cosmos SDK's `simapp` +instantiates a `ProtoCodec` as the concrete implementation of `Marshaler`, inside the `MakeTestEncodingConfig` +function. This can be easily overwritten by app developers if they so desire. + +The ultimate goal will be to replace Amino JSON encoding with Protobuf encoding and thus have +modules accept and/or extend `ProtoCodec`. Until then, Amino JSON is still provided for legacy use-cases. +A handful of places in the Cosmos SDK still have Amino JSON hardcoded, such as the Legacy API REST endpoints +and the `x/params` store. They are planned to be converted to Protobuf in a gradual manner. + +### Module Codecs + +Modules that do not require the ability to work with and serialize interfaces, the path to Protobuf +migration is pretty straightforward. These modules are to simply migrate any existing types that +are encoded and persisted via their concrete Amino codec to Protobuf and have their keeper accept a +`Marshaler` that will be a `ProtoCodec`. This migration is simple as things will just work as-is. + +Note, any business logic that needs to encode primitive types like `bool` or `int64` should use +[gogoprotobuf](https://github.com/cosmos/gogoproto) Value types. + +Example: + +```go +ts, err := gogotypes.TimestampProto(completionTime) + if err != nil { + // ... +} + bz := cdc.MustMarshal(ts) +``` + +However, modules can vary greatly in purpose and design and so we must support the ability for modules +to be able to encode and work with interfaces (e.g. `Account` or `Content`). For these modules, they +must define their own codec interface that extends `Marshaler`. These specific interfaces are unique +to the module and will contain method contracts that know how to serialize the needed interfaces. + +Example: + +```go expandable +// x/auth/types/codec.go + +type Codec interface { + codec.Codec + + MarshalAccount(acc exported.Account) ([]byte, error) + +UnmarshalAccount(bz []byte) (exported.Account, error) + +MarshalAccountJSON(acc exported.Account) ([]byte, error) + +UnmarshalAccountJSON(bz []byte) (exported.Account, error) +} +``` + +### Usage of `Any` to encode interfaces + +In general, module-level .proto files should define messages which encode interfaces +using [`google.protobuf.Any`](https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/any.proto). +After [extension discussion](https://github.com/cosmos/cosmos-sdk/issues/6030), +this was chosen as the preferred alternative to application-level `oneof`s +as in our original protobuf design. The arguments in favor of `Any` can be +summarized as follows: + +* `Any` provides a simpler, more consistent client UX for dealing with + interfaces than app-level `oneof`s that will need to be coordinated more + carefully across applications. Creating a generic transaction + signing library using `oneof`s may be cumbersome and critical logic may need + to be reimplemented for each chain +* `Any` provides more resistance against human error than `oneof` +* `Any` is generally simpler to implement for both modules and apps + +The main counter-argument to using `Any` centers around its additional space +and possibly performance overhead. The space overhead could be dealt with using +compression at the persistence layer in the future and the performance impact +is likely to be small. Thus, not using `Any` is seen as a pre-mature optimization, +with user experience as the higher order concern. + +Note, that given the Cosmos SDK's decision to adopt the `Codec` interfaces described +above, apps can still choose to use `oneof` to encode state and transactions +but it is not the recommended approach. If apps do choose to use `oneof`s +instead of `Any` they will likely lose compatibility with client apps that +support multiple chains. Thus developers should think carefully about whether +they care more about what is possibly a premature optimization or end-user +and client developer UX. + +### Safe usage of `Any` + +By default, the [gogo protobuf implementation of `Any`](https://pkg.go.dev/github.com/cosmos/gogoproto/types) +uses [global type registration](https://github.com/cosmos/gogoproto/blob/master/proto/properties.go#L540) +to decode values packed in `Any` into concrete +go types. This introduces a vulnerability where any malicious module +in the dependency tree could register a type with the global protobuf registry +and cause it to be loaded and unmarshaled by a transaction that referenced +it in the `type_url` field. + +To prevent this, we introduce a type registration mechanism for decoding `Any` +values into concrete types through the `InterfaceRegistry` interface which +bears some similarity to type registration with Amino: + +```go expandable +type InterfaceRegistry interface { + // RegisterInterface associates protoName as the public name for the + // interface passed in as iface + // Ex: + // registry.RegisterInterface("cosmos_sdk.Msg", (*sdk.Msg)(nil)) + +RegisterInterface(protoName string, iface interface{ +}) + + // RegisterImplementations registers impls as concrete implementations of + // the interface iface + // Ex: + // registry.RegisterImplementations((*sdk.Msg)(nil), &MsgSend{ +}, &MsgMultiSend{ +}) + +RegisterImplementations(iface interface{ +}, impls ...proto.Message) +} +``` + +In addition to serving as a whitelist, `InterfaceRegistry` can also serve +to communicate the list of concrete types that satisfy an interface to clients. + +In .proto files: + +* fields which accept interfaces should be annotated with `cosmos_proto.accepts_interface` + using the same full-qualified name passed as `protoName` to `InterfaceRegistry.RegisterInterface` +* interface implementations should be annotated with `cosmos_proto.implements_interface` + using the same full-qualified name passed as `protoName` to `InterfaceRegistry.RegisterInterface` + +In the future, `protoName`, `cosmos_proto.accepts_interface`, `cosmos_proto.implements_interface` +may be used via code generation, reflection &/or static linting. + +The same struct that implements `InterfaceRegistry` will also implement an +interface `InterfaceUnpacker` to be used for unpacking `Any`s: + +```go +type InterfaceUnpacker interface { + // UnpackAny unpacks the value in any to the interface pointer passed in as + // iface. Note that the type in any must have been registered with + // RegisterImplementations as a concrete type for that interface + // Ex: + // var msg sdk.Msg + // err := ctx.UnpackAny(any, &msg) + // ... + UnpackAny(any *Any, iface interface{ +}) + +error +} +``` + +Note that `InterfaceRegistry` usage does not deviate from standard protobuf +usage of `Any`, it just introduces a security and introspection layer for +golang usage. + +`InterfaceRegistry` will be a member of `ProtoCodec` +described above. In order for modules to register interface types, app modules +can optionally implement the following interface: + +```go +type InterfaceModule interface { + RegisterInterfaceTypes(InterfaceRegistry) +} +``` + +The module manager will include a method to call `RegisterInterfaceTypes` on +every module that implements it in order to populate the `InterfaceRegistry`. + +### Using `Any` to encode state + +The Cosmos SDK will provide support methods `MarshalInterface` and `UnmarshalInterface` to hide the complexity of wrapping interface types into `Any` and allow easy serialization. + +```go expandable +import "github.com/cosmos/cosmos-sdk/codec" + +// note: eviexported.Evidence is an interface type +func MarshalEvidence(cdc codec.BinaryCodec, e eviexported.Evidence) ([]byte, error) { + return cdc.MarshalInterface(e) +} + +func UnmarshalEvidence(cdc codec.BinaryCodec, bz []byte) (eviexported.Evidence, error) { + var evi eviexported.Evidence + err := cdc.UnmarshalInterface(&evi, bz) + +return err, nil +} +``` + +### Using `Any` in `sdk.Msg`s + +A similar concept is to be applied for messages that contain interface fields. +For example, we can define `MsgSubmitEvidence` as follows where `Evidence` is +an interface: + +```protobuf +// x/evidence/types/types.proto + +message MsgSubmitEvidence { + bytes submitter = 1 + [ + (gogoproto.casttype) = "github.com/cosmos/cosmos-sdk/types.AccAddress" + ]; + google.protobuf.Any evidence = 2; +} +``` + +Note that in order to unpack the evidence from `Any` we do need a reference to +`InterfaceRegistry`. In order to reference evidence in methods like +`ValidateBasic` which shouldn't have to know about the `InterfaceRegistry`, we +introduce an `UnpackInterfaces` phase to deserialization which unpacks +interfaces before they're needed. + +### Unpacking Interfaces + +To implement the `UnpackInterfaces` phase of deserialization which unpacks +interfaces wrapped in `Any` before they're needed, we create an interface +that `sdk.Msg`s and other types can implement: + +```go +type UnpackInterfacesMessage interface { + UnpackInterfaces(InterfaceUnpacker) + +error +} +``` + +We also introduce a private `cachedValue interface{}` field onto the `Any` +struct itself with a public getter `GetCachedValue() interface{}`. + +The `UnpackInterfaces` method is to be invoked during message deserialization right +after `Unmarshal` and any interface values packed in `Any`s will be decoded +and stored in `cachedValue` for reference later. + +Then unpacked interface values can safely be used in any code afterwards +without knowledge of the `InterfaceRegistry` +and messages can introduce a simple getter to cast the cached value to the +correct interface type. + +This has the added benefit that unmarshaling of `Any` values only happens once +during initial deserialization rather than every time the value is read. Also, +when `Any` values are first packed (for instance in a call to +`NewMsgSubmitEvidence`), the original interface value is cached so that +unmarshaling isn't needed to read it again. + +`MsgSubmitEvidence` could implement `UnpackInterfaces`, plus a convenience getter +`GetEvidence` as follows: + +```go +func (msg MsgSubmitEvidence) + +UnpackInterfaces(ctx sdk.InterfaceRegistry) + +error { + var evi eviexported.Evidence + return ctx.UnpackAny(msg.Evidence, *evi) +} + +func (msg MsgSubmitEvidence) + +GetEvidence() + +eviexported.Evidence { + return msg.Evidence.GetCachedValue().(eviexported.Evidence) +} +``` + +### Amino Compatibility + +Our custom implementation of `Any` can be used transparently with Amino if used +with the proper codec instance. What this means is that interfaces packed within +`Any`s will be amino marshaled like regular Amino interfaces (assuming they +have been registered properly with Amino). + +In order for this functionality to work: + +* **all legacy code must use `*codec.LegacyAmino` instead of `*amino.Codec` which is + now a wrapper which properly handles `Any`** +* **all new code should use `Marshaler` which is compatible with both amino and + protobuf** +* Also, before v0.39, `codec.LegacyAmino` will be renamed to `codec.LegacyAmino`. + +### Why Wasn't X Chosen Instead + +For a more complete comparison to alternative protocols, see [here](https://codeburst.io/json-vs-protocol-buffers-vs-flatbuffers-a4247f8bda6f). + +### Cap'n Proto + +While [Cap’n Proto](https://capnproto.org/) does seem like an advantageous alternative to Protobuf +due to its native support for interfaces/generics and built-in canonicalization, it does lack the +rich client ecosystem compared to Protobuf and is a bit less mature. + +### FlatBuffers + +[FlatBuffers](https://google.github.io/flatbuffers/) is also a potentially viable alternative, with the +primary difference being that FlatBuffers does not need a parsing/unpacking step to a secondary +representation before you can access data, often coupled with per-object memory allocation. + +However, it would require great efforts into research and a full understanding the scope of the migration +and path forward -- which isn't immediately clear. In addition, FlatBuffers aren't designed for +untrusted inputs. + +## Future Improvements & Roadmap + +In the future we may consider a compression layer right above the persistence +layer which doesn't change tx or merkle tree hashes, but reduces the storage +overhead of `Any`. In addition, we may adopt protobuf naming conventions which +make type URLs a bit more concise while remaining descriptive. + +Additional code generation support around the usage of `Any` is something that +could also be explored in the future to make the UX for go developers more +seamless. + +## Consequences + +### Positive + +* Significant performance gains. +* Supports backward and forward type compatibility. +* Better support for cross-language clients. + +### Negative + +* Learning curve required to understand and implement Protobuf messages. +* Slightly larger message size due to use of `Any`, although this could be offset + by a compression layer in the future + +### Neutral + +## References + +1. [Link](https://github.com/cosmos/cosmos-sdk/issues/4977) +2. [Link](https://github.com/cosmos/cosmos-sdk/issues/5444) diff --git a/docs/sdk/next/build/architecture/adr-020-protobuf-transaction-encoding.mdx b/docs/sdk/next/build/architecture/adr-020-protobuf-transaction-encoding.mdx new file mode 100644 index 00000000..eddfb1f7 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-020-protobuf-transaction-encoding.mdx @@ -0,0 +1,490 @@ +--- +title: 'ADR 020: Protocol Buffer Transaction Encoding' +--- +## Changelog + +* 2020 March 06: Initial Draft +* 2020 March 12: API Updates +* 2020 April 13: Added details on interface `oneof` handling +* 2020 April 30: Switch to `Any` +* 2020 May 14: Describe public key encoding +* 2020 June 08: Store `TxBody` and `AuthInfo` as bytes in `SignDoc`; Document `TxRaw` as broadcast and storage type. +* 2020 August 07: Use ADR 027 for serializing `SignDoc`. +* 2020 August 19: Move sequence field from `SignDoc` to `SignerInfo`, as discussed in [#6966](https://github.com/cosmos/cosmos-sdk/issues/6966). +* 2020 September 25: Remove `PublicKey` type in favor of `secp256k1.PubKey`, `ed25519.PubKey` and `multisig.LegacyAminoPubKey`. +* 2020 October 15: Add `GetAccount` and `GetAccountWithHeight` methods to the `AccountRetriever` interface. +* 2021 Feb 24: The Cosmos SDK does not use Tendermint's `PubKey` interface anymore, but its own `cryptotypes.PubKey`. Updates to reflect this. +* 2021 May 3: Rename `clientCtx.JSONMarshaler` to `clientCtx.JSONCodec`. +* 2021 June 10: Add `clientCtx.Codec: codec.Codec`. + +## Status + +Accepted + +## Context + +This ADR is a continuation of the motivation, design, and context established in +[ADR 019](/docs/sdk/vnext/build/architecture/adr-019-protobuf-state-encoding), namely, we aim to design the +Protocol Buffer migration path for the client-side of the Cosmos SDK. + +Specifically, the client-side migration path primarily includes tx generation and +signing, message construction and routing, in addition to CLI & REST handlers and +business logic (i.e. queriers). + +With this in mind, we will tackle the migration path via two main areas, txs and +querying. However, this ADR solely focuses on transactions. Querying should be +addressed in a future ADR, but it should build off of these proposals. + +Based on detailed discussions ([#6030](https://github.com/cosmos/cosmos-sdk/issues/6030) +and [#6078](https://github.com/cosmos/cosmos-sdk/issues/6078)), the original +design for transactions was changed substantially from an `oneof` /JSON-signing +approach to the approach described below. + +## Decision + +### Transactions + +Since interface values are encoded with `google.protobuf.Any` in state (see [ADR 019](/docs/sdk/vnext/build/architecture/adr-019-protobuf-state-encoding)), +`sdk.Msg`s are encoded with `Any` in transactions. + +One of the main goals of using `Any` to encode interface values is to have a +core set of types which is reused by apps so that +clients can safely be compatible with as many chains as possible. + +It is one of the goals of this specification to provide a flexible cross-chain transaction +format that can serve a wide variety of use cases without breaking the client +compatibility. + +In order to facilitate signing, transactions are separated into `TxBody`, +which will be reused by `SignDoc` below, and `signatures`: + +```protobuf expandable +// types/types.proto +package cosmos_sdk.v1; + +message Tx { + TxBody body = 1; + AuthInfo auth_info = 2; + // A list of signatures that matches the length and order of AuthInfo's signer_infos to + // allow connecting signature meta information like public key and signing mode by position. + repeated bytes signatures = 3; +} + +// A variant of Tx that pins the signer's exact binary representation of body and +// auth_info. This is used for signing, broadcasting and verification. The binary +// `serialize(tx: TxRaw)` is stored in Tendermint and the hash `sha256(serialize(tx: TxRaw))` +// becomes the "txhash", commonly used as the transaction ID. +message TxRaw { + // A protobuf serialization of a TxBody that matches the representation in SignDoc. + bytes body = 1; + // A protobuf serialization of an AuthInfo that matches the representation in SignDoc. + bytes auth_info = 2; + // A list of signatures that matches the length and order of AuthInfo's signer_infos to + // allow connecting signature meta information like public key and signing mode by position. + repeated bytes signatures = 3; +} + +message TxBody { + // A list of messages to be executed. The required signers of those messages define + // the number and order of elements in AuthInfo's signer_infos and Tx's signatures. + // Each required signer address is added to the list only the first time it occurs. + // + // By convention, the first required signer (usually from the first message) is referred + // to as the primary signer and pays the fee for the whole transaction. + repeated google.protobuf.Any messages = 1; + string memo = 2; + int64 timeout_height = 3; + repeated google.protobuf.Any extension_options = 1023; +} + +message AuthInfo { + // This list defines the signing modes for the required signers. The number + // and order of elements must match the required signers from TxBody's messages. + // The first element is the primary signer and the one which pays the fee. + repeated SignerInfo signer_infos = 1; + // The fee can be calculated based on the cost of evaluating the body and doing signature verification of the signers. This can be estimated via simulation. + Fee fee = 2; +} + +message SignerInfo { + // The public key is optional for accounts that already exist in state. If unset, the + // verifier can use the required signer address for this position and lookup the public key. + google.protobuf.Any public_key = 1; + // ModeInfo describes the signing mode of the signer and is a nested + // structure to support nested multisig pubkey's + ModeInfo mode_info = 2; + // sequence is the sequence of the account, which describes the + // number of committed transactions signed by a given address. It is used to prevent + // replay attacks. + uint64 sequence = 3; +} + +message ModeInfo { + oneof sum { + Single single = 1; + Multi multi = 2; + } + + // Single is the mode info for a single signer. It is structured as a message + // to allow for additional fields such as locale for SIGN_MODE_TEXTUAL in the future + message Single { + SignMode mode = 1; + } + + // Multi is the mode info for a multisig public key + message Multi { + // bitarray specifies which keys within the multisig are signing + CompactBitArray bitarray = 1; + // mode_infos is the corresponding modes of the signers of the multisig + // which could include nested multisig public keys + repeated ModeInfo mode_infos = 2; + } +} + +enum SignMode { + SIGN_MODE_UNSPECIFIED = 0; + + SIGN_MODE_DIRECT = 1; + + SIGN_MODE_TEXTUAL = 2; + + SIGN_MODE_LEGACY_AMINO_JSON = 127; +} +``` + +As will be discussed below, in order to include as much of the `Tx` as possible +in the `SignDoc`, `SignerInfo` is separated from signatures so that only the +raw signatures themselves live outside of what is signed over. + +Because we are aiming for a flexible, extensible cross-chain transaction +format, new transaction processing options should be added to `TxBody` as soon +those use cases are discovered, even if they can't be implemented yet. + +Because there is coordination overhead in this, `TxBody` includes an +`extension_options` field which can be used for any transaction processing +options that are not already covered. App developers should, nevertheless, +attempt to upstream important improvements to `Tx`. + +### Signing + +All of the signing modes below aim to provide the following guarantees: + +* **No Malleability**: `TxBody` and `AuthInfo` cannot change once the transaction + is signed +* **Predictable Gas**: if I am signing a transaction where I am paying a fee, + the final gas is fully dependent on what I am signing + +These guarantees give the maximum amount of confidence to message signers that +manipulation of `Tx`s by intermediaries can't result in any meaningful changes. + +#### `SIGN_MODE_DIRECT` + +The "direct" signing behavior is to sign the raw `TxBody` bytes as broadcast over +the wire. This has the advantages of: + +* requiring the minimum additional client capabilities beyond a standard protocol + buffers implementation +* leaving effectively zero holes for transaction malleability (i.e. there are no + subtle differences between the signing and encoding formats which could + potentially be exploited by an attacker) + +Signatures are structured using the `SignDoc` below which reuses the serialization of +`TxBody` and `AuthInfo` and only adds the fields which are needed for signatures: + +```protobuf +// types/types.proto +message SignDoc { + // A protobuf serialization of a TxBody that matches the representation in TxRaw. + bytes body = 1; + // A protobuf serialization of an AuthInfo that matches the representation in TxRaw. + bytes auth_info = 2; + string chain_id = 3; + uint64 account_number = 4; +} +``` + +In order to sign in the default mode, clients take the following steps: + +1. Serialize `TxBody` and `AuthInfo` using any valid protobuf implementation. +2. Create a `SignDoc` and serialize it using [ADR 027](/docs/sdk/vnext/build/architecture/adr-027-deterministic-protobuf-serialization). +3. Sign the encoded `SignDoc` bytes. +4. Build a `TxRaw` and serialize it for broadcasting. + +Signature verification is based on comparing the raw `TxBody` and `AuthInfo` +bytes encoded in `TxRaw` not based on any ["canonicalization"](https://github.com/regen-network/canonical-proto3) +algorithm which creates added complexity for clients in addition to preventing +some forms of upgradeability (to be addressed later in this document). + +Signature verifiers do: + +1. Deserialize a `TxRaw` and pull out `body` and `auth_info`. +2. Create a list of required signer addresses from the messages. +3. For each required signer: + * Pull account number and sequence from the state. + * Obtain the public key either from state or `AuthInfo`'s `signer_infos`. + * Create a `SignDoc` and serialize it using [ADR 027](/docs/sdk/vnext/build/architecture/adr-027-deterministic-protobuf-serialization). + * Verify the signature at the same list position against the serialized `SignDoc`. + +#### `SIGN_MODE_LEGACY_AMINO` + +In order to support legacy wallets and exchanges, Amino JSON will be temporarily +supported transaction signing. Once wallets and exchanges have had a +chance to upgrade to protobuf-based signing, this option will be disabled. In +the meantime, it is foreseen that disabling the current Amino signing would cause +too much breakage to be feasible. Note that this is mainly a requirement of the +Cosmos Hub and other chains may choose to disable Amino signing immediately. + +Legacy clients will be able to sign a transaction using the current Amino +JSON format and have it encoded to protobuf using the REST `/tx/encode` +endpoint before broadcasting. + +#### `SIGN_MODE_TEXTUAL` + +As was discussed extensively in [#6078](https://github.com/cosmos/cosmos-sdk/issues/6078), +there is a desire for a human-readable signing encoding, especially for hardware +wallets like the [Ledger](https://www.ledger.com) which display +transaction contents to users before signing. JSON was an attempt at this but +falls short of the ideal. + +`SIGN_MODE_TEXTUAL` is intended as a placeholder for a human-readable +encoding which will replace Amino JSON. This new encoding should be even more +focused on readability than JSON, possibly based on formatting strings like +[MessageFormat](http://userguide.icu-project.org/formatparse/messages). + +In order to ensure that the new human-readable format does not suffer from +transaction malleability issues, `SIGN_MODE_TEXTUAL` +requires that the *human-readable bytes are concatenated with the raw `SignDoc`* +to generate sign bytes. + +Multiple human-readable formats (maybe even localized messages) may be supported +by `SIGN_MODE_TEXTUAL` when it is implemented. + +### Unknown Field Filtering + +Unknown fields in protobuf messages should generally be rejected by the transaction +processors because: + +* important data may be present in the unknown fields, that if ignored, will + cause unexpected behavior for clients +* they present a malleability vulnerability where attackers can bloat tx size + by adding random uninterpreted data to unsigned content (i.e. the master `Tx`, + not `TxBody`) + +There are also scenarios where we may choose to safely ignore unknown fields +([Link](https://github.com/cosmos/cosmos-sdk/issues/6078#issuecomment-624400188)) to +provide graceful forwards compatibility with newer clients. + +We propose that field numbers with bit 11 set (for most use cases this is +the range of 1024-2047) be considered non-critical fields that can safely be +ignored if unknown. + +To handle this we will need an unknown field filter that: + +* always rejects unknown fields in unsigned content (i.e. top-level `Tx` and + unsigned parts of `AuthInfo` if present based on the signing mode) +* rejects unknown fields in all messages (including nested `Any`s) other than + fields with bit 11 set + +This will likely need to be a custom protobuf parser pass that takes message bytes +and `FileDescriptor`s and returns a boolean result. + +### Public Key Encoding + +Public keys in the Cosmos SDK implement the `cryptotypes.PubKey` interface. +We propose to use `Any` for protobuf encoding as we are doing with other interfaces (for example, in `BaseAccount.PubKey` and `SignerInfo.PublicKey`). +The following public keys are implemented: secp256k1, secp256r1, ed25519 and legacy-multisignature. + +Ex: + +```protobuf +message PubKey { + bytes key = 1; +} +``` + +`multisig.LegacyAminoPubKey` has an array of `Any`'s member to support any +protobuf public key type. + +Apps should only attempt to handle a registered set of public keys that they +have tested. The provided signature verification ante handler decorators will +enforce this. + +### CLI & REST + +Currently, the REST and CLI handlers encode and decode types and txs via Amino +JSON encoding using a concrete Amino codec. Being that some of the types dealt with +in the client can be interfaces, similar to how we described in [ADR 019](/docs/sdk/vnext/build/architecture/adr-019-protobuf-state-encoding), +the client logic will now need to take a codec interface that knows not only how +to handle all the types, but also knows how to generate transactions, signatures, +and messages. + +```go expandable +type AccountRetriever interface { + GetAccount(clientCtx Context, addr sdk.AccAddress) (client.Account, error) + +GetAccountWithHeight(clientCtx Context, addr sdk.AccAddress) (client.Account, int64, error) + +EnsureExists(clientCtx client.Context, addr sdk.AccAddress) + +error + GetAccountNumberSequence(clientCtx client.Context, addr sdk.AccAddress) (uint64, uint64, error) +} + +type Generator interface { + NewTx() + +TxBuilder + NewFee() + +ClientFee + NewSignature() + +ClientSignature + MarshalTx(tx types.Tx) ([]byte, error) +} + +type TxBuilder interface { + GetTx() + +sdk.Tx + + SetMsgs(...sdk.Msg) + +error + GetSignatures() []sdk.Signature + SetSignatures(...sdk.Signature) + +GetFee() + +sdk.Fee + SetFee(sdk.Fee) + +GetMemo() + +string + SetMemo(string) +} +``` + +We then update `Context` to have new fields: `Codec`, `TxGenerator`, +and `AccountRetriever`, and we update `AppModuleBasic.GetTxCmd` to take +a `Context` which should have all of these fields pre-populated. + +Each client method should then use one of the `Init` methods to re-initialize +the pre-populated `Context`. `tx.GenerateOrBroadcastTx` can be used to +generate or broadcast a transaction. For example: + +```go expandable +import "github.com/spf13/cobra" +import "github.com/cosmos/cosmos-sdk/client" +import "github.com/cosmos/cosmos-sdk/client/tx" + +func NewCmdDoSomething(clientCtx client.Context) *cobra.Command { + return &cobra.Command{ + RunE: func(cmd *cobra.Command, args []string) + +error { + clientCtx := ctx.InitWithInput(cmd.InOrStdin()) + msg := NewSomeMsg{... +} + +tx.GenerateOrBroadcastTx(clientCtx, msg) +}, +} +} +``` + +## Future Improvements + +### `SIGN_MODE_TEXTUAL` specification + +A concrete specification and implementation of `SIGN_MODE_TEXTUAL` is intended +as a near-term future improvement so that the ledger app and other wallets +can gracefully transition away from Amino JSON. + +### `SIGN_MODE_DIRECT_AUX` + +(\*Documented as option (3) in [Link](https://github.com/cosmos/cosmos-sdk/issues/6078#issuecomment-628026933)) + +We could add a mode `SIGN_MODE_DIRECT_AUX` +to support scenarios where multiple signatures +are being gathered into a single transaction but the message composer does not +yet know which signatures will be included in the final transaction. For instance, +I may have a 3/5 multisig wallet and want to send a `TxBody` to all 5 +signers to see who signs first. As soon as I have 3 signatures then I will go +ahead and build the full transaction. + +With `SIGN_MODE_DIRECT`, each signer needs +to sign the full `AuthInfo` which includes the full list of all signers and +their signing modes, making the above scenario very hard. + +`SIGN_MODE_DIRECT_AUX` would allow "auxiliary" signers to create their signature +using only `TxBody` and their own `PublicKey`. This allows the full list of +signers in `AuthInfo` to be delayed until signatures have been collected. + +An "auxiliary" signer is any signer besides the primary signer who is paying +the fee. For the primary signer, the full `AuthInfo` is actually needed to calculate gas and fees +because that is dependent on how many signers and which key types and signing +modes they are using. Auxiliary signers, however, do not need to worry about +fees or gas and thus can just sign `TxBody`. + +To generate a signature in `SIGN_MODE_DIRECT_AUX` these steps would be followed: + +1. Encode `SignDocAux` (with the same requirement that fields must be serialized + in order): + + ```protobuf expandable + // types/types.proto + message SignDocAux { + bytes body_bytes = 1; + // PublicKey is included in SignDocAux : + // 1. as a special case for multisig public keys. For multisig public keys, + // the signer should use the top-level multisig public key they are signing + // against, not their own public key. This is to prevent a form + // of malleability where a signature could be taken out of context of the + // multisig key that was intended to be signed for + // 2. to guard against scenario where configuration information is encoded + // in public keys (it has been proposed) such that two keys can generate + // the same signature but have different security properties + // + // By including it here, the composer of AuthInfo cannot reference the + // a public key variant the signer did not intend to use + PublicKey public_key = 2; + string chain_id = 3; + uint64 account_number = 4; + } + ``` + +2. Sign the encoded `SignDocAux` bytes + +3. Send their signature and `SignerInfo` to the primary signer who will then + sign and broadcast the final transaction (with `SIGN_MODE_DIRECT` and `AuthInfo` + added) once enough signatures have been collected + +### `SIGN_MODE_DIRECT_RELAXED` + +(*Documented as option (1)(a) in [Link](https://github.com/cosmos/cosmos-sdk/issues/6078#issuecomment-628026933)*) + +This is a variation of `SIGN_MODE_DIRECT` where multiple signers wouldn't need to +coordinate public keys and signing modes in advance. It would involve an alternate +`SignDoc` similar to `SignDocAux` above with fee. This could be added in the future +if client developers found the burden of collecting public keys and modes in advance +too burdensome. + +## Consequences + +### Positive + +* Significant performance gains. +* Supports backward and forward type compatibility. +* Better support for cross-language clients. +* Multiple signing modes allow for greater protocol evolution + +### Negative + +* `google.protobuf.Any` type URLs increase transaction size although the effect + may be negligible or compression may be able to mitigate it. + +### Neutral + +## References diff --git a/docs/sdk/next/build/architecture/adr-021-protobuf-query-encoding.mdx b/docs/sdk/next/build/architecture/adr-021-protobuf-query-encoding.mdx new file mode 100644 index 00000000..b5cd3152 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-021-protobuf-query-encoding.mdx @@ -0,0 +1,273 @@ +--- +title: 'ADR 021: Protocol Buffer Query Encoding' +description: '2020 March 27: Initial Draft' +--- +## Changelog + +* 2020 March 27: Initial Draft + +## Status + +Accepted + +## Context + +This ADR is a continuation of the motivation, design, and context established in +[ADR 019](/docs/sdk/vnext/build/architecture/adr-019-protobuf-state-encoding) and +[ADR 020](/docs/sdk/vnext/build/architecture/adr-020-protobuf-transaction-encoding), namely, we aim to design the +Protocol Buffer migration path for the client-side of the Cosmos SDK. + +This ADR continues from [ADR 020](/docs/sdk/vnext/build/architecture/adr-020-protobuf-transaction-encoding) +to specify the encoding of queries. + +## Decision + +### Custom Query Definition + +Modules define custom queries through a protocol buffers `service` definition. +These `service` definitions are generally associated with and used by the +GRPC protocol. However, the protocol buffers specification indicates that +they can be used more generically by any request/response protocol that uses +protocol buffer encoding. Thus, we can use `service` definitions for specifying +custom ABCI queries and even reuse a substantial amount of the GRPC infrastructure. + +Each module with custom queries should define a service canonically named `Query`: + +```protobuf +// x/bank/types/types.proto + +service Query { + rpc QueryBalance(QueryBalanceParams) returns (cosmos_sdk.v1.Coin) { } + rpc QueryAllBalances(QueryAllBalancesParams) returns (QueryAllBalancesResponse) { } +} +``` + +#### Handling of Interface Types + +Modules that use interface types and need true polymorphism generally force a +`oneof` up to the app-level that provides the set of concrete implementations of +that interface that the app supports. While app's are welcome to do the same for +queries and implement an app-level query service, it is recommended that modules +provide query methods that expose these interfaces via `google.protobuf.Any`. +There is a concern on the transaction level that the overhead of `Any` is too +high to justify its usage. However for queries this is not a concern, and +providing generic module-level queries that use `Any` does not preclude apps +from also providing app-level queries that return using the app-level `oneof`s. + +A hypothetical example for the `gov` module would look something like: + +```protobuf expandable +// x/gov/types/types.proto + +import "google/protobuf/any.proto"; + +service Query { + rpc GetProposal(GetProposalParams) returns (AnyProposal) { } +} + +message AnyProposal { + ProposalBase base = 1; + google.protobuf.Any content = 2; +} +``` + +### Custom Query Implementation + +In order to implement the query service, we can reuse the existing [gogo protobuf](https://github.com/cosmos/gogoproto) +grpc plugin, which for a service named `Query` generates an interface named +`QueryServer` as below: + +```go +type QueryServer interface { + QueryBalance(context.Context, *QueryBalanceParams) (*types.Coin, error) + +QueryAllBalances(context.Context, *QueryAllBalancesParams) (*QueryAllBalancesResponse, error) +} +``` + +The custom queries for our module are implemented by implementing this interface. + +The first parameter in this generated interface is a generic `context.Context`, +whereas querier methods generally need an instance of `sdk.Context` to read +from the store. Since arbitrary values can be attached to `context.Context` +using the `WithValue` and `Value` methods, the Cosmos SDK should provide a function +`sdk.UnwrapSDKContext` to retrieve the `sdk.Context` from the provided +`context.Context`. + +An example implementation of `QueryBalance` for the bank module as above would +look something like: + +```go +type Querier struct { + Keeper +} + +func (q Querier) + +QueryBalance(ctx context.Context, params *types.QueryBalanceParams) (*sdk.Coin, error) { + balance := q.GetBalance(sdk.UnwrapSDKContext(ctx), params.Address, params.Denom) + +return &balance, nil +} +``` + +### Custom Query Registration and Routing + +Query server implementations as above would be registered with `AppModule`s using +a new method `RegisterQueryService(grpc.Server)` which could be implemented simply +as below: + +```go +// x/bank/module.go +func (am AppModule) + +RegisterQueryService(server grpc.Server) { + types.RegisterQueryServer(server, keeper.Querier{ + am.keeper +}) +} +``` + +Underneath the hood, a new method `RegisterService(sd *grpc.ServiceDesc, handler interface{})` +will be added to the existing `baseapp.QueryRouter` to add the queries to the custom +query routing table (with the routing method being described below). +The signature for this method matches the existing +`RegisterServer` method on the GRPC `Server` type where `handler` is the custom +query server implementation described above. + +GRPC-like requests are routed by the service name (ex. `cosmos_sdk.x.bank.v1.Query`) +and method name (ex. `QueryBalance`) combined with `/`s to form a full +method name (ex. `/cosmos_sdk.x.bank.v1.Query/QueryBalance`). This gets translated +into an ABCI query as `custom/cosmos_sdk.x.bank.v1.Query/QueryBalance`. Service handlers +registered with `QueryRouter.RegisterService` will be routed this way. + +Beyond the method name, GRPC requests carry a protobuf encoded payload, which maps naturally +to `RequestQuery.Data`, and receive a protobuf encoded response or error. Thus +there is a quite natural mapping of GRPC-like rpc methods to the existing +`sdk.Query` and `QueryRouter` infrastructure. + +This basic specification allows us to reuse protocol buffer `service` definitions +for ABCI custom queries substantially reducing the need for manual decoding and +encoding in query methods. + +### GRPC Protocol Support + +In addition to providing an ABCI query pathway, we can easily provide a GRPC +proxy server that routes requests in the GRPC protocol to ABCI query requests +under the hood. In this way, clients could use their host languages' existing +GRPC implementations to make direct queries against Cosmos SDK app's using +these `service` definitions. In order for this server to work, the `QueryRouter` +on `BaseApp` will need to expose the service handlers registered with +`QueryRouter.RegisterService` to the proxy server implementation. Nodes could +launch the proxy server on a separate port in the same process as the ABCI app +with a command-line flag. + +### REST Queries and Swagger Generation + +[grpc-gateway](https://github.com/grpc-ecosystem/grpc-gateway) is a project that +translates REST calls into GRPC calls using special annotations on service +methods. Modules that want to expose REST queries should add `google.api.http` +annotations to their `rpc` methods as in this example below. + +```protobuf expandable +// x/bank/types/types.proto + +service Query { + rpc QueryBalance(QueryBalanceParams) returns (cosmos_sdk.v1.Coin) { + option (google.api.http) = { + get: "/x/bank/v1/balance/{address}/{denom}" + }; + } + rpc QueryAllBalances(QueryAllBalancesParams) returns (QueryAllBalancesResponse) { + option (google.api.http) = { + get: "/x/bank/v1/balances/{address}" + }; + } +} +``` + +grpc-gateway will work directly against the GRPC proxy described above which will +translate requests to ABCI queries under the hood. grpc-gateway can also +generate Swagger definitions automatically. + +In the current implementation of REST queries, each module needs to implement +REST queries manually in addition to ABCI querier methods. Using the grpc-gateway +approach, there will be no need to generate separate REST query handlers, just +query servers as described above as grpc-gateway handles the translation of protobuf +to REST as well as Swagger definitions. + +The Cosmos SDK should provide CLI commands for apps to start GRPC gateway either in +a separate process or the same process as the ABCI app, as well as provide a +command for generating grpc-gateway proxy `.proto` files and the `swagger.json` +file. + +### Client Usage + +The gogo protobuf grpc plugin generates client interfaces in addition to server +interfaces. For the `Query` service defined above we would get a `QueryClient` +interface like: + +```go +type QueryClient interface { + QueryBalance(ctx context.Context, in *QueryBalanceParams, opts ...grpc.CallOption) (*types.Coin, error) + +QueryAllBalances(ctx context.Context, in *QueryAllBalancesParams, opts ...grpc.CallOption) (*QueryAllBalancesResponse, error) +} +``` + +Via a small patch to gogo protobuf ([gogo/protobuf#675](https://github.com/gogo/protobuf/pull/675)) +we have tweaked the grpc codegen to use an interface rather than a concrete type +for the generated client struct. This allows us to also reuse the GRPC infrastructure +for ABCI client queries. + +1Context`will receive a new method`QueryConn`that returns a`ClientConn\` +that routes calls to ABCI queries + +Clients (such as CLI methods) will then be able to call query methods like this: + +```go +clientCtx := client.NewContext() + queryClient := types.NewQueryClient(clientCtx.QueryConn()) + params := &types.QueryBalanceParams{ + addr, denom +} + +result, err := queryClient.QueryBalance(gocontext.Background(), params) +``` + +### Testing + +Tests would be able to create a query client directly from keeper and `sdk.Context` +references using a `QueryServerTestHelper` as below: + +```go +queryHelper := baseapp.NewQueryServerTestHelper(ctx) + +types.RegisterQueryServer(queryHelper, keeper.Querier{ + app.BankKeeper +}) + queryClient := types.NewQueryClient(queryHelper) +``` + +## Future Improvements + +## Consequences + +### Positive + +* greatly simplified querier implementation (no manual encoding/decoding) +* easy query client generation (can use existing grpc and swagger tools) +* no need for REST query implementations +* type safe query methods (generated via grpc plugin) +* going forward, there will be less breakage of query methods because of the + backwards compatibility guarantees provided by buf + +### Negative + +* all clients using the existing ABCI/REST queries will need to be refactored + for both the new GRPC/REST query paths as well as protobuf/proto-json encoded + data, but this is more or less unavoidable in the protobuf refactoring + +### Neutral + +## References diff --git a/docs/sdk/next/build/architecture/adr-022-custom-panic-handling.mdx b/docs/sdk/next/build/architecture/adr-022-custom-panic-handling.mdx new file mode 100644 index 00000000..24c6764c --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-022-custom-panic-handling.mdx @@ -0,0 +1,264 @@ +--- +title: 'ADR 022: Custom BaseApp panic handling' +description: '2020 Apr 24: Initial Draft 2021 Sep 14: Superseded by ADR-045' +--- +## Changelog + +* 2020 Apr 24: Initial Draft +* 2021 Sep 14: Superseded by ADR-045 + +## Status + +SUPERSEDED by ADR-045 + +## Context + +The current implementation of BaseApp does not allow developers to write custom error handlers during panic recovery +[runTx()](https://github.com/cosmos/cosmos-sdk/blob/bad4ca75f58b182f600396ca350ad844c18fc80b/baseapp/baseapp.go#L539) +method. We think that this method can be more flexible and can give Cosmos SDK users more options for customizations without +the need to rewrite whole BaseApp. Also there's one special case for `sdk.ErrorOutOfGas` error handling, that case +might be handled in a "standard" way (middleware) alongside the others. + +We propose middleware-solution, which could help developers implement the following cases: + +* add external logging (let's say sending reports to external services like [Sentry](https://sentry.io)); +* call panic for specific error cases; + +It will also make `OutOfGas` case and `default` case one of the middlewares. +`Default` case wraps recovery object to an error and logs it ([example middleware implementation](#recovery-middleware)). + +Our project has a sidecar service running alongside the blockchain node (smart contracts virtual machine). It is +essential that node \`<->\` sidecar connectivity stays stable for TXs processing. So when the communication breaks we need +to crash the node and reboot it once the problem is solved. That behaviour makes the node's state machine execution +deterministic. As all keeper panics are caught by runTx's `defer()` handler, we have to adjust the BaseApp code +in order to customize it. + +## Decision + +### Design + +#### Overview + +Instead of hardcoding custom error handling into BaseApp we suggest using a set of middlewares which can be customized +externally and will allow developers to use as many custom error handlers as they want. Implementation with tests +can be found [here](https://github.com/cosmos/cosmos-sdk/pull/6053). + +#### Implementation details + +##### Recovery handler + +New `RecoveryHandler` type added. `recoveryObj` input argument is an object returned by the standard Go function +`recover()` from the `builtin` package. + +```go +type RecoveryHandler func(recoveryObj interface{ +}) + +error +``` + +Handler should type assert (or other methods) an object to define if the object should be handled. +`nil` should be returned if the input object can't be handled by that `RecoveryHandler` (not a handler's target type). +Not `nil` error should be returned if the input object was handled and the middleware chain execution should be stopped. + +An example: + +```go +func exampleErrHandler(recoveryObj interface{ +}) + +error { + err, ok := recoveryObj.(error) + if !ok { + return nil +} + if someSpecificError.Is(err) { + panic(customPanicMsg) +} + +else { + return nil +} +} +``` + +This example breaks the application execution, but it also might enrich the error's context like the `OutOfGas` handler. + +##### Recovery middleware + +We also add a middleware type (decorator). That function type wraps `RecoveryHandler` and returns the next middleware in +execution chain and handler's `error`. Type is used to separate actual `recovery()` object handling from middleware +chain processing. + +```go +type recoveryMiddleware func(recoveryObj interface{ +}) (recoveryMiddleware, error) + +func newRecoveryMiddleware(handler RecoveryHandler, next recoveryMiddleware) + +recoveryMiddleware { + return func(recoveryObj interface{ +}) (recoveryMiddleware, error) { + if err := handler(recoveryObj); err != nil { + return nil, err +} + +return next, nil +} +} +``` + +Function receives a `recoveryObj` object and returns: + +* (next `recoveryMiddleware`, `nil`) if object wasn't handled (not a target type) by `RecoveryHandler`; +* (`nil`, not nil `error`) if input object was handled and other middlewares in the chain should not be executed; +* (`nil`, `nil`) in case of invalid behavior. Panic recovery might not have been properly handled; + this can be avoided by always using a `default` as a rightmost middleware in the chain (always returns an `error`'); + +`OutOfGas` middleware example: + +```go expandable +func newOutOfGasRecoveryMiddleware(gasWanted uint64, ctx sdk.Context, next recoveryMiddleware) + +recoveryMiddleware { + handler := func(recoveryObj interface{ +}) + +error { + err, ok := recoveryObj.(sdk.ErrorOutOfGas) + if !ok { + return nil +} + +return errorsmod.Wrap( + sdkerrors.ErrOutOfGas, fmt.Sprintf( + "out of gas in location: %v; gasWanted: %d, gasUsed: %d", err.Descriptor, gasWanted, ctx.GasMeter().GasConsumed(), + ), + ) +} + +return newRecoveryMiddleware(handler, next) +} +``` + +`Default` middleware example: + +```go +func newDefaultRecoveryMiddleware() + +recoveryMiddleware { + handler := func(recoveryObj interface{ +}) + +error { + return errorsmod.Wrap( + sdkerrors.ErrPanic, fmt.Sprintf("recovered: %v\nstack:\n%v", recoveryObj, string(debug.Stack())), + ) +} + +return newRecoveryMiddleware(handler, nil) +} +``` + +##### Recovery processing + +Basic chain of middlewares processing would look like: + +```go +func processRecovery(recoveryObj interface{ +}, middleware recoveryMiddleware) + +error { + if middleware == nil { + return nil +} + +next, err := middleware(recoveryObj) + if err != nil { + return err +} + if next == nil { + return nil +} + +return processRecovery(recoveryObj, next) +} +``` + +That way we can create a middleware chain which is executed from left to right, the rightmost middleware is a +`default` handler which must return an `error`. + +##### BaseApp changes + +The `default` middleware chain must exist in a `BaseApp` object. `Baseapp` modifications: + +```go expandable +type BaseApp struct { + // ... + runTxRecoveryMiddleware recoveryMiddleware +} + +func NewBaseApp(...) { + // ... + app.runTxRecoveryMiddleware = newDefaultRecoveryMiddleware() +} + +func (app *BaseApp) + +runTx(...) { + // ... + defer func() { + if r := recover(); r != nil { + recoveryMW := newOutOfGasRecoveryMiddleware(gasWanted, ctx, app.runTxRecoveryMiddleware) + +err, result = processRecovery(r, recoveryMW), nil +} + +gInfo = sdk.GasInfo{ + GasWanted: gasWanted, + GasUsed: ctx.GasMeter().GasConsumed() +} + +}() + // ... +} +``` + +Developers can add their custom `RecoveryHandler`s by providing `AddRunTxRecoveryHandler` as a BaseApp option parameter to the `NewBaseapp` constructor: + +```go +func (app *BaseApp) + +AddRunTxRecoveryHandler(handlers ...RecoveryHandler) { + for _, h := range handlers { + app.runTxRecoveryMiddleware = newRecoveryMiddleware(h, app.runTxRecoveryMiddleware) +} +} +``` + +This method would prepend handlers to an existing chain. + +## Consequences + +### Positive + +* Developers of Cosmos SDK-based projects can add custom panic handlers to: + * add error context for custom panic sources (panic inside of custom keepers); + * emit `panic()`: passthrough recovery object to the Tendermint core; + * other necessary handling; +* Developers can use standard Cosmos SDK `BaseApp` implementation, rather than rewriting it in their projects; +* Proposed solution doesn't break the current "standard" `runTx()` flow; + +### Negative + +* Introduces changes to the execution model design. + +### Neutral + +* `OutOfGas` error handler becomes one of the middlewares; +* Default panic handler becomes one of the middlewares; + +## References + +* [PR-6053 with proposed solution](https://github.com/cosmos/cosmos-sdk/pull/6053) +* [Similar solution. ADR-010 Modular AnteHandler](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-010-modular-antehandler.md) diff --git a/docs/sdk/next/build/architecture/adr-023-protobuf-naming.mdx b/docs/sdk/next/build/architecture/adr-023-protobuf-naming.mdx new file mode 100644 index 00000000..1ccbbd32 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-023-protobuf-naming.mdx @@ -0,0 +1,265 @@ +--- +title: 'ADR 023: Protocol Buffer Naming and Versioning Conventions' +description: '2020 April 27: Initial Draft 2020 August 5: Update guidelines' +--- +## Changelog + +* 2020 April 27: Initial Draft +* 2020 August 5: Update guidelines + +## Status + +Accepted + +## Context + +Protocol Buffers provide a basic [style guide](https://developers.google.com/protocol-buffers/docs/style) +and [Buf](https://buf.build/docs/style-guide) builds upon that. To the +extent possible, we want to follow industry accepted guidelines and wisdom for +the effective usage of protobuf, deviating from those only when there is clear +rationale for our use case. + +### Adoption of `Any` + +The adoption of `google.protobuf.Any` as the recommended approach for encoding +interface types (as opposed to `oneof`) makes package naming a central part +of the encoding as fully-qualified message names now appear in encoded +messages. + +### Current Directory Organization + +Thus far we have mostly followed [Buf's](https://buf.build) [DEFAULT](https://buf.build/docs/lint-checkers#default) +recommendations, with the minor deviation of disabling [`PACKAGE_DIRECTORY_MATCH`](https://buf.build/docs/lint-checkers#file_layout) +which although being convenient for developing code comes with the warning +from Buf that: + +> you will have a very bad time with many Protobuf plugins across various languages if you do not do this + +### Adoption of gRPC Queries + +In [ADR 021](/docs/sdk/vnext/build/architecture/adr-021-protobuf-query-encoding), gRPC was adopted for Protobuf +native queries. The full gRPC service path thus becomes a key part of ABCI query +path. In the future, gRPC queries may be allowed from within persistent scripts +by technologies such as CosmWasm and these query routes would be stored within +script binaries. + +## Decision + +The goal of this ADR is to provide thoughtful naming conventions that: + +* encourage a good user experience for when users interact directly with + .proto files and fully-qualified protobuf names +* balance conciseness against the possibility of either over-optimizing (making + names too short and cryptic) or under-optimizing (just accepting bloated names + with lots of redundant information) + +These guidelines are meant to act as a style guide for both the Cosmos SDK and +third-party modules. + +As a starting point, we should adopt all of the [DEFAULT](https://buf.build/docs/lint-checkers#default) +checkers in [Buf's](https://buf.build) including [`PACKAGE_DIRECTORY_MATCH`](https://buf.build/docs/lint-checkers#file_layout), +except: + +* [PACKAGE\_VERSION\_SUFFIX](https://buf.build/docs/lint-checkers#package_version_suffix) +* [SERVICE\_SUFFIX](https://buf.build/docs/lint-checkers#service_suffix) + +Further guidelines to be described below. + +### Principles + +#### Concise and Descriptive Names + +Names should be descriptive enough to convey their meaning and distinguish +them from other names. + +Given that we are using fully-qualified names within +`google.protobuf.Any` as well as within gRPC query routes, we should aim to +keep names concise, without going overboard. The general rule of thumb should +be if a shorter name would convey more or else the same thing, pick the shorter +name. + +For instance, `cosmos.bank.MsgSend` (19 bytes) conveys roughly the same information +as `cosmos_sdk.x.bank.v1.MsgSend` (28 bytes) but is more concise. + +Such conciseness makes names both more pleasant to work with and take up less +space within transactions and on the wire. + +We should also resist the temptation to over-optimize, by making names +cryptically short with abbreviations. For instance, we shouldn't try to +reduce `cosmos.bank.MsgSend` to `csm.bk.MSnd` just to save a few bytes. + +The goal is to make names ***concise but not cryptic***. + +#### Names are for Clients First + +Package and type names should be chosen for the benefit of users, not +necessarily because of legacy concerns related to the go code-base. + +#### Plan for Longevity + +In the interests of long-term support, we should plan on the names we do +choose to be in usage for a long time, so now is the opportunity to make +the best choices for the future. + +### Versioning + +#### Guidelines on Stable Package Versions + +In general, schema evolution is the way to update protobuf schemas. That means that new fields, +messages, and RPC methods are *added* to existing schemas and old fields, messages and RPC methods +are maintained as long as possible. + +Breaking things is often unacceptable in a blockchain scenario. For instance, immutable smart contracts +may depend on certain data schemas on the host chain. If the host chain breaks those schemas, the smart +contract may be irreparably broken. Even when things can be fixed (for instance in client software), +this often comes at a high cost. + +Instead of breaking things, we should make every effort to evolve schemas rather than just breaking them. +[Buf](https://buf.build) breaking change detection should be used on all stable (non-alpha or beta) packages +to prevent such breakage. + +With that in mind, different stable versions (i.e. `v1` or `v2`) of a package should more or less be considered +different packages and this should be a last resort approach for upgrading protobuf schemas. Scenarios where creating +a `v2` may make sense are: + +* we want to create a new module with similar functionality to an existing module and adding `v2` is the most natural + way to do this. In that case, there are really just two different, but similar modules with different APIs. +* we want to add a new revamped API for an existing module and it's just too cumbersome to add it to the existing package, + so putting it in `v2` is cleaner for users. In this case, care should be made to not deprecate support for + `v1` if it is actively used in immutable smart contracts. + +#### Guidelines on unstable (alpha and beta) package versions + +The following guidelines are recommended for marking packages as alpha or beta: + +* marking something as `alpha` or `beta` should be a last resort and just putting something in the + stable package (i.e. `v1` or `v2`) should be preferred +* a package *should* be marked as `alpha` *if and only if* there are active discussions to remove + or significantly alter the package in the near future +* a package *should* be marked as `beta` *if and only if* there is an active discussion to + significantly refactor/rework the functionality in the near future but do not remove it +* modules *can and should* have types in both stable (i.e. `v1` or `v2`) and unstable (`alpha` or `beta`) packages. + +*`alpha` and `beta` should not be used to avoid responsibility for maintaining compatibility.* +Whenever code is released into the wild, especially on a blockchain, there is a high cost to changing things. In some +cases, for instance with immutable smart contracts, a breaking change may be impossible to fix. + +When marking something as `alpha` or `beta`, maintainers should ask the following questions: + +* what is the cost of asking others to change their code vs the benefit of us maintaining the optionality to change it? +* what is the plan for moving this to `v1` and how will that affect users? + +`alpha` or `beta` should really be used to communicate "changes are planned". + +As a case study, gRPC reflection is in the package `grpc.reflection.v1alpha`. It hasn't been changed since +2017 and it is now used in other widely used software like gRPCurl. Some folks probably use it in production services +and so if they actually went and changed the package to `grpc.reflection.v1`, some software would break and +they probably don't want to do that... So now the `v1alpha` package is more or less the de-facto `v1`. Let's not do that. + +The following are guidelines for working with non-stable packages: + +* [Buf's recommended version suffix](https://buf.build/docs/lint-checkers#package_version_suffix) + (ex. `v1alpha1`) *should* be used for non-stable packages +* non-stable packages should generally be excluded from breaking change detection +* immutable smart contract modules (i.e. CosmWasm) *should* block smart contracts/persistent + scripts from interacting with `alpha`/`beta` packages + +#### Omit v1 suffix + +Instead of using [Buf's recommended version suffix](https://buf.build/docs/lint-checkers#package_version_suffix), +we can omit `v1` for packages that don't actually have a second version. This +allows for more concise names for common use cases like `cosmos.bank.Send`. +Packages that do have a second or third version can indicate that with `.v2` +or `.v3`. + +### Package Naming + +#### Adopt a short, unique top-level package name + +Top-level packages should adopt a short name that is known not to collide with +other names in common usage within the Cosmos ecosystem. In the near future, a +registry should be created to reserve and index top-level package names used +within the Cosmos ecosystem. Because the Cosmos SDK is intended to provide +the top-level types for the Cosmos project, the top-level package name `cosmos` +is recommended for usage within the Cosmos SDK instead of the longer `cosmos_sdk`. +[ICS](https://github.com/cosmos/ics) specifications could consider a +short top-level package like `ics23` based upon the standard number. + +#### Limit sub-package depth + +Sub-package depth should be increased with caution. Generally a single +sub-package is needed for a module or a library. Even though `x` or `modules` +is used in source code to denote modules, this is often unnecessary for .proto +files as modules are the primary thing sub-packages are used for. Only items which +are known to be used infrequently should have deep sub-package depths. + +For the Cosmos SDK, it is recommended that we simply write `cosmos.bank`, +`cosmos.gov`, etc. rather than `cosmos.x.bank`. In practice, most non-module +types can go straight in the `cosmos` package or we can introduce a +`cosmos.base` package if needed. Note that this naming *will not* change +go package names, i.e. the `cosmos.bank` protobuf package will still live in +`x/bank`. + +### Message Naming + +Message type names should be as concise as possible without losing clarity. `sdk.Msg` +types which are used in transactions will retain the `Msg` prefix as that provides +helpful context. + +### Service and RPC Naming + +[ADR 021](/docs/sdk/vnext/build/architecture/adr-021-protobuf-query-encoding) specifies that modules should +implement a gRPC query service. We should consider the principle of conciseness +for query service and RPC names as these may be called from persistent script +modules such as CosmWasm. Also, users may use these query paths from tools like +[gRPCurl](https://github.com/fullstorydev/grpcurl). As an example, we can shorten +`/cosmos_sdk.x.bank.v1.QueryService/QueryBalance` to +`/cosmos.bank.Query/Balance` without losing much useful information. + +RPC request and response types *should* follow the `ServiceNameMethodNameRequest`/ +`ServiceNameMethodNameResponse` naming convention. i.e. for an RPC method named `Balance` +on the `Query` service, the request and response types would be `QueryBalanceRequest` +and `QueryBalanceResponse`. This will be more self-explanatory than `BalanceRequest` +and `BalanceResponse`. + +#### Use just `Query` for the query service + +Instead of [Buf's default service suffix recommendation](https://github.com/cosmos/cosmos-sdk/pull/6033), +we should simply use the shorter `Query` for query services. + +For other types of gRPC services, we should consider sticking with Buf's +default recommendation. + +#### Omit `Get` and `Query` from query service RPC names + +`Get` and `Query` should be omitted from `Query` service names because they are +redundant in the fully-qualified name. For instance, `/cosmos.bank.Query/QueryBalance` +just says `Query` twice without any new information. + +## Future Improvements + +A registry of top-level package names should be created to coordinate naming +across the ecosystem, prevent collisions, and also help developers discover +useful schemas. A simple starting point would be a git repository with +community-based governance. + +## Consequences + +### Positive + +* names will be more concise and easier to read and type +* all transactions using `Any` will be at shorter (`_sdk.x` and `.v1` will be removed) +* `.proto` file imports will be more standard (without `"third_party/proto"` in + the path) +* code generation will be easier for clients because .proto files will be + in a single `proto/` directory which can be copied rather than scattered + throughout the Cosmos SDK + +### Negative + +### Neutral + +* `.proto` files will need to be reorganized and refactored +* some modules may need to be marked as alpha or beta + +## References diff --git a/docs/sdk/next/build/architecture/adr-024-coin-metadata.mdx b/docs/sdk/next/build/architecture/adr-024-coin-metadata.mdx new file mode 100644 index 00000000..003b214d --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-024-coin-metadata.mdx @@ -0,0 +1,144 @@ +--- +title: 'ADR 024: Coin Metadata' +description: '05/19/2020: Initial draft' +--- +## Changelog + +* 05/19/2020: Initial draft + +## Status + +Proposed + +## Context + +Assets in the Cosmos SDK are represented via a `Coins` type that consists of an `amount` and a `denom`, +where the `amount` can be any arbitrarily large or small value. In addition, the Cosmos SDK uses an +account-based model where there are two types of primary accounts -- basic accounts and module accounts. +All account types have a set of balances that are composed of `Coins`. The `x/bank` module keeps +track of all balances for all accounts and also keeps track of the total supply of balances in an +application. + +With regards to a balance `amount`, the Cosmos SDK assumes a static and fixed unit of denomination, +regardless of the denomination itself. In other words, clients and apps built atop a Cosmos-SDK-based +chain may choose to define and use arbitrary units of denomination to provide a richer UX, however, by +the time a tx or operation reaches the Cosmos SDK state machine, the `amount` is treated as a single +unit. For example, for the Cosmos Hub (Gaia), clients assume 1 ATOM = 10^6 uatom, and so all txs and +operations in the Cosmos SDK work off of units of 10^6. + +This clearly provides a poor and limited UX especially as interoperability of networks increases and +as a result the total amount of asset types increases. We propose to have `x/bank` additionally keep +track of metadata per `denom` in order to help clients, wallet providers, and explorers improve their +UX and remove the requirement for making any assumptions on the unit of denomination. + +## Decision + +The `x/bank` module will be updated to store and index metadata by `denom`, specifically the "base" or +smallest unit -- the unit the Cosmos SDK state-machine works with. + +Metadata may also include a non-zero length list of denominations. Each entry contains the name of +the denomination `denom`, the exponent to the base and a list of aliases. An entry is to be +interpreted as `1 denom = 10^exponent base_denom` (e.g. `1 ETH = 10^18 wei` and `1 uatom = 10^0 uatom`). + +There are two denominations that are of high importance for clients: the `base`, which is the smallest +possible unit and the `display`, which is the unit that is commonly referred to in human communication +and on exchanges. The values in those fields link to an entry in the list of denominations. + +The list in `denom_units` and the `display` entry may be changed via governance. + +As a result, we can define the type as follows: + +```protobuf expandable +message DenomUnit { + string denom = 1; + uint32 exponent = 2; + repeated string aliases = 3; +} + +message Metadata { + string description = 1; + repeated DenomUnit denom_units = 2; + string base = 3; + string display = 4; +} +``` + +As an example, the ATOM's metadata can be defined as follows: + +```json expandable +{ + "name": "atom", + "description": "The native staking token of the Cosmos Hub.", + "denom_units": [ + { + "denom": "uatom", + "exponent": 0, + "aliases": [ + "microatom" + ], + +}, + { + "denom": "matom", + "exponent": 3, + "aliases": [ + "milliatom" + ] + +}, + { + "denom": "atom", + "exponent": 6, + } + ], + "base": "uatom", + "display": "atom", +} +``` + +Given the above metadata, a client may infer the following things: + +* 4.3atom = 4.3 \* (10^6) = 4,300,000uatom +* The string "atom" can be used as a display name in a list of tokens. +* The balance 4300000 can be displayed as 4,300,000uatom or 4,300matom or 4.3atom. + The `display` denomination 4.3atom is a good default if the authors of the client don't make + an explicit decision to choose a different representation. + +A client should be able to query for metadata by denom both via the CLI and REST interfaces. In +addition, we will add handlers to these interfaces to convert from any unit to another given unit, +as the base framework for this already exists in the Cosmos SDK. + +Finally, we need to ensure metadata exists in the `GenesisState` of the `x/bank` module which is also +indexed by the base `denom`. + +```go +type GenesisState struct { + SendEnabled bool `json:"send_enabled" yaml:"send_enabled"` + Balances []Balance `json:"balances" yaml:"balances"` + Supply sdk.Coins `json:"supply" yaml:"supply"` + DenomMetadata []Metadata `json:"denom_metadata" yaml:"denom_metadata"` +} +``` + +## Future Work + +In order for clients to avoid having to convert assets to the base denomination -- either manually or +via an endpoint, we may consider supporting automatic conversion of a given unit input. + +## Consequences + +### Positive + +* Provides clients, wallet providers and block explorers with additional data on + asset denomination to improve UX and remove any need to make assumptions on + denomination units. + +### Negative + +* A small amount of required additional storage in the `x/bank` module. The amount + of additional storage should be minimal as the amount of total assets should not + be large. + +### Neutral + +## References diff --git a/docs/sdk/next/build/architecture/adr-027-deterministic-protobuf-serialization.mdx b/docs/sdk/next/build/architecture/adr-027-deterministic-protobuf-serialization.mdx new file mode 100644 index 00000000..ff7b276f --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-027-deterministic-protobuf-serialization.mdx @@ -0,0 +1,316 @@ +--- +title: 'ADR 027: Deterministic Protobuf Serialization' +description: '2020-08-07: Initial Draft 2020-09-01: Further clarify rules' +--- +## Changelog + +* 2020-08-07: Initial Draft +* 2020-09-01: Further clarify rules + +## Status + +Proposed + +## Abstract + +Fully deterministic structure serialization, which works across many languages and clients, +is needed when signing messages. We need to be sure that whenever we serialize +a data structure, no matter in which supported language, the raw bytes +will stay the same. +[Protobuf](https://developers.google.com/protocol-buffers/docs/proto3) +serialization is not bijective (i.e. there exists a practically unlimited number of +valid binary representations for a given protobuf document)1. + +This document describes a deterministic serialization scheme for +a subset of protobuf documents, that covers this use case but can be reused in +other cases as well. + +### Context + +For signature verification in Cosmos SDK, the signer and verifier need to agree on +the same serialization of a `SignDoc` as defined in +[ADR-020](/docs/sdk/vnext/build/architecture/adr-020-protobuf-transaction-encoding) without transmitting the +serialization. + +Currently, for block signatures we are using a workaround: we create a new [TxRaw](https://github.com/cosmos/cosmos-sdk/blob/9e85e81e0e8140067dd893421290c191529c148c/proto/cosmos/tx/v1beta1/tx.proto#L30) +instance (as defined in [adr-020-protobuf-transaction-encoding](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-020-protobuf-transaction-encoding.md#transactions)) +by converting all [Tx](https://github.com/cosmos/cosmos-sdk/blob/9e85e81e0e8140067dd893421290c191529c148c/proto/cosmos/tx/v1beta1/tx.proto#L13) +fields to bytes on the client side. This adds an additional manual +step when sending and signing transactions. + +### Decision + +The following encoding scheme is to be used by other ADRs, +and in particular for `SignDoc` serialization. + +## Specification + +### Scope + +This ADR defines a protobuf3 serializer. The output is a valid protobuf +serialization, such that every protobuf parser can parse it. + +No maps are supported in version 1 due to the complexity of defining a +deterministic serialization. This might change in future. Implementations must +reject documents containing maps as invalid input. + +### Background - Protobuf3 Encoding + +Most numeric types in protobuf3 are encoded as +[varints](https://developers.google.com/protocol-buffers/docs/encoding#varints). +Varints are at most 10 bytes, and since each varint byte has 7 bits of data, +varints are a representation of `uint70` (70-bit unsigned integer). When +encoding, numeric values are casted from their base type to `uint70`, and when +decoding, the parsed `uint70` is casted to the appropriate numeric type. + +The maximum valid value for a varint that complies with protobuf3 is +`FF FF FF FF FF FF FF FF FF 7F` (i.e. `2**70 -1`). If the field type is +`{,u,s}int64`, the highest 6 bits of the 70 are dropped during decoding, +introducing 6 bits of malleability. If the field type is `{,u,s}int32`, the +highest 38 bits of the 70 are dropped during decoding, introducing 38 bits of +malleability. + +Among other sources of non-determinism, this ADR eliminates the possibility of +encoding malleability. + +### Serialization rules + +The serialization is based on the +[protobuf3 encoding](https://developers.google.com/protocol-buffers/docs/encoding) +with the following additions: + +1. Fields must be serialized only once in ascending order +2. Extra fields or any extra data must not be added +3. [Default values](https://developers.google.com/protocol-buffers/docs/proto3#default) + must be omitted +4. `repeated` fields of scalar numeric types must use + [packed encoding](https://developers.google.com/protocol-buffers/docs/encoding#packed) +5. Varint encoding must not be longer than needed: + * No trailing zero bytes (in little endian, i.e. no leading zeroes in big + endian). Per rule 3 above, the default value of `0` must be omitted, so + this rule does not apply in such cases. + * The maximum value for a varint must be `FF FF FF FF FF FF FF FF FF 01`. + In other words, when decoded, the highest 6 bits of the 70-bit unsigned + integer must be `0`. (10-byte varints are 10 groups of 7 bits, i.e. + 70 bits, of which only the lowest 70-6=64 are useful.) + * The maximum value for 32-bit values in varint encoding must be `FF FF FF FF 0F` + with one exception (below). In other words, when decoded, the highest 38 + bits of the 70-bit unsigned integer must be `0`. + * The one exception to the above is *negative* `int32`, which must be + encoded using the full 10 bytes for sign extension2. + * The maximum value for Boolean values in varint encoding must be `01` (i.e. + it must be `0` or `1`). Per rule 3 above, the default value of `0` must + be omitted, so if a Boolean is included it must have a value of `1`. + +While rules number 1. and 2. should be pretty straightforward and describe the +default behavior of all protobuf encoders the author is aware of, the 3rd rule +is more interesting. After a protobuf3 deserialization you cannot differentiate +between unset fields and fields set to the default value3. At +serialization level however, it is possible to set the fields with an empty +value or omit them entirely. This is a significant difference to e.g. JSON +where a property can be empty (`""`, `0`), `null` or undefined, leading to 3 +different documents. + +Omitting fields set to default values is valid because the parser must assign +the default value to fields missing in the serialization4. For scalar +types, omitting defaults is required by the spec5. For `repeated` +fields, not serializing them is the only way to express empty lists. Enums must +have a first element of numeric value 0, which is the default6. And +message fields default to unset7. + +Omitting defaults allows for some amount of forward compatibility: users of +newer versions of a protobuf schema produce the same serialization as users of +older versions as long as newly added fields are not used (i.e. set to their +default value). + +### Implementation + +There are three main implementation strategies, ordered from the least to the +most custom development: + +* **Use a protobuf serializer that follows the above rules by default.** E.g. + [gogoproto](https://pkg.go.dev/github.com/cosmos/gogoproto/gogoproto) is known to + be compliant in most cases, but not when certain annotations such as + `nullable = false` are used. It might also be an option to configure an + existing serializer accordingly. + +* **Normalize default values before encoding them.** If your serializer follows + rules 1. and 2. and allows you to explicitly unset fields for serialization, + you can normalize default values to unset. This can be done when working with + [protobuf.js](https://www.npmjs.com/package/protobufjs): + + ```js + const bytes = SignDoc.encode({ + bodyBytes: body.length > 0 ? body : null, // normalize empty bytes to unset + authInfoBytes: authInfo.length > 0 ? authInfo : null, // normalize empty bytes to unset + chainId: chainId || null, // normalize "" to unset + accountNumber: accountNumber || null, // normalize 0 to unset + accountSequence: accountSequence || null, // normalize 0 to unset + }).finish(); + ``` + +* **Use a hand-written serializer for the types you need.** If none of the above + ways works for you, you can write a serializer yourself. For SignDoc this + would look something like this in Go, building on existing protobuf utilities: + + ```go expandable + if !signDoc.body_bytes.empty() { + buf.WriteUVarInt64(0xA) // wire type and field number for body_bytes + buf.WriteUVarInt64(signDoc.body_bytes.length()) + + buf.WriteBytes(signDoc.body_bytes) + } + if !signDoc.auth_info.empty() { + buf.WriteUVarInt64(0x12) // wire type and field number for auth_info + buf.WriteUVarInt64(signDoc.auth_info.length()) + + buf.WriteBytes(signDoc.auth_info) + } + if !signDoc.chain_id.empty() { + buf.WriteUVarInt64(0x1a) // wire type and field number for chain_id + buf.WriteUVarInt64(signDoc.chain_id.length()) + + buf.WriteBytes(signDoc.chain_id) + } + if signDoc.account_number != 0 { + buf.WriteUVarInt64(0x20) // wire type and field number for account_number + buf.WriteUVarInt(signDoc.account_number) + } + if signDoc.account_sequence != 0 { + buf.WriteUVarInt64(0x28) // wire type and field number for account_sequence + buf.WriteUVarInt(signDoc.account_sequence) + } + ``` + +### Test vectors + +Given the protobuf definition `Article.proto` + +```protobuf expandable +package blog; +syntax = "proto3"; + +enum Type { + UNSPECIFIED = 0; + IMAGES = 1; + NEWS = 2; +}; + +enum Review { + UNSPECIFIED = 0; + ACCEPTED = 1; + REJECTED = 2; +}; + +message Article { + string title = 1; + string description = 2; + uint64 created = 3; + uint64 updated = 4; + bool public = 5; + bool promoted = 6; + Type type = 7; + Review review = 8; + repeated string comments = 9; + repeated string backlinks = 10; +}; +``` + +serializing the values + +```yaml +title: "The world needs change 🌳" +description: "" +created: 1596806111080 +updated: 0 +public: true +promoted: false +type: Type.NEWS +review: Review.UNSPECIFIED +comments: ["Nice one", "Thank you"] +backlinks: [] +``` + +must result in the serialization + +```text +0a1b54686520776f726c64206e65656473206368616e676520f09f8cb318e8bebec8bc2e280138024a084e696365206f6e654a095468616e6b20796f75 +``` + +When inspecting the serialized document, you see that every second field is +omitted: + +```shell +$ echo 0a1b54686520776f726c64206e65656473206368616e676520f09f8cb318e8bebec8bc2e280138024a084e696365206f6e654a095468616e6b20796f75 | xxd -r -p | protoc --decode_raw +1: "The world needs change \360\237\214\263" +3: 1596806111080 +5: 1 +7: 2 +9: "Nice one" +9: "Thank you" +``` + +## Consequences + +Having such an encoding available allows us to get deterministic serialization +for all protobuf documents we need in the context of Cosmos SDK signing. + +### Positive + +* Well defined rules that can be verified independently of a reference + implementation +* Simple enough to keep the barrier to implementing transaction signing low +* It allows us to continue to use 0 and other empty values in SignDoc, avoiding + the need to work around 0 sequences. This does not imply the change from + [Link](https://github.com/cosmos/cosmos-sdk/pull/6949) should not be merged, but not + too important anymore. + +### Negative + +* When implementing transaction signing, the encoding rules above must be + understood and implemented. +* The need for rule number 3. adds some complexity to implementations. +* Some data structures may require custom code for serialization. Thus + the code is not very portable - it will require additional work for each + client implementing serialization to properly handle custom data structures. + +### Neutral + +### Usage in Cosmos SDK + +For the reasons mentioned above ("Negative" section) we prefer to keep workarounds +for shared data structure. Example: the aforementioned `TxRaw` is using raw bytes +as a workaround. This allows them to use any valid Protobuf library without +the need to implement a custom serializer that adheres to this standard (and related risks of bugs). + +## References + +* 1 *When a message is serialized, there is no guaranteed order for + how its known or unknown fields should be written. Serialization order is an + implementation detail and the details of any particular implementation may + change in the future. Therefore, protocol buffer parsers must be able to parse + fields in any order.* from + [Link](https://developers.google.com/protocol-buffers/docs/encoding#order) +* 2 [Link](https://developers.google.com/protocol-buffers/docs/encoding#signed_integers) +* 3 *Note that for scalar message fields, once a message is parsed + there's no way of telling whether a field was explicitly set to the default + value (for example whether a boolean was set to false) or just not set at all: + you should bear this in mind when defining your message types. For example, + don't have a boolean that switches on some behavior when set to false if you + don't want that behavior to also happen by default.* from + [Link](https://developers.google.com/protocol-buffers/docs/proto3#default) +* 4 *When a message is parsed, if the encoded message does not + contain a particular singular element, the corresponding field in the parsed + object is set to the default value for that field.* from + [Link](https://developers.google.com/protocol-buffers/docs/proto3#default) +* 5 *Also note that if a scalar message field is set to its default, + the value will not be serialized on the wire.* from + [Link](https://developers.google.com/protocol-buffers/docs/proto3#default) +* 6 *For enums, the default value is the first defined enum value, + which must be 0.* from + [Link](https://developers.google.com/protocol-buffers/docs/proto3#default) +* 7 *For message fields, the field is not set. Its exact value is + language-dependent.* from + [Link](https://developers.google.com/protocol-buffers/docs/proto3#default) +* Encoding rules and parts of the reasoning taken from + [canonical-proto3 Aaron Craelius](https://github.com/regen-network/canonical-proto3) diff --git a/docs/sdk/next/build/architecture/adr-028-public-key-addresses.mdx b/docs/sdk/next/build/architecture/adr-028-public-key-addresses.mdx new file mode 100644 index 00000000..cc3ffba6 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-028-public-key-addresses.mdx @@ -0,0 +1,357 @@ +--- +title: 'ADR 028: Public Key Addresses' +description: '2020/08/18: Initial version 2021/01/15: Analysis and algorithm update' +--- +## Changelog + +* 2020/08/18: Initial version +* 2021/01/15: Analysis and algorithm update + +## Status + +Proposed + +## Abstract + +This ADR defines an address format for all addressable Cosmos SDK accounts. That includes: new public key algorithms, multisig public keys, and module accounts. + +## Context + +Issue [#3685](https://github.com/cosmos/cosmos-sdk/issues/3685) identified that public key +address spaces are currently overlapping. We confirmed that it significantly decreases security of Cosmos SDK. + +### Problem + +An attacker can control an input for an address generation function. This leads to a birthday attack, which significantly decreases the security space. +To overcome this, we need to separate the inputs for different kinds of account types: +a security break of one account type shouldn't impact the security of other account types. + +### Initial proposals + +One initial proposal was to extend the address length and +adding prefixes for different types of addresses. + +@ethanfrey explained an alternate approach originally used in [Link](https://github.com/iov-one/weave): + +> I spent quite a bit of time thinking about this issue while building weave... The other cosmos Sdk. +> Basically I define a condition to be a type and format as human readable string with some binary data appended. This condition is hashed into an Address (again at 20 bytes). The use of this prefix makes it impossible to find a preimage for a given address with a different condition (eg ed25519 vs secp256k1). +> This is explained in depth here [Link](https://weave.readthedocs.io/en/latest/design/permissions.html) +> And the code is here, look mainly at the top where we process conditions. [Link](https://github.com/iov-one/weave/blob/master/conditions.go) + +And explained how this approach should be sufficiently collision resistant: + +> Yeah, AFAIK, 20 bytes should be collision resistance when the preimages are unique and not malleable. A space of 2^160 would expect some collision to be likely around 2^80 elements (birthday paradox). And if you want to find a collision for some existing element in the database, it is still 2^160. 2^80 only if all these elements are written to state. +> The good example you brought up was eg. a public key bytes being a valid public key on two algorithms supported by the codec. Meaning if either was broken, you would break accounts even if they were secured with the safer variant. This is only as the issue when no differentiating type info is present in the preimage (before hashing into an address). +> I would like to hear an argument if the 20 bytes space is an actual issue for security, as I would be happy to increase my address sizes in weave. I just figured cosmos and ethereum and bitcoin all use 20 bytes, it should be good enough. And the arguments above which made me feel it was secure. But I have not done a deeper analysis. + +This led to the first proposal (which we proved to be not good enough): +we concatenate a key type with a public key, hash it and take the first 20 bytes of that hash, summarized as `sha256(keyTypePrefix || keybytes)[:20]`. + +### Review and Discussions + +In [#5694](https://github.com/cosmos/cosmos-sdk/issues/5694) we discussed various solutions. +We agreed that 20 bytes it's not future proof, and extending the address length is the only way to allow addresses of different types, various signature types, etc. +This disqualifies the initial proposal. + +In the issue we discussed various modifications: + +* Choice of the hash function. +* Move the prefix out of the hash function: `keyTypePrefix + sha256(keybytes)[:20]` \[post-hash-prefix-proposal]. +* Use double hashing: `sha256(keyTypePrefix + sha256(keybytes)[:20])`. +* Increase to keybytes hash slice from 20 bytes to 32 or 40 bytes. We concluded that 32 bytes, produced by a good hash functions is future secure. + +### Requirements + +* Support currently used tools - we don't want to break an ecosystem, or add a long adaptation period. Ref: [Link](https://github.com/cosmos/cosmos-sdk/issues/8041) +* Try to keep the address length small - addresses are widely used in state, both as part of a key and object value. + +### Scope + +This ADR only defines a process for the generation of address bytes. For end-user interactions with addresses (through the API, or CLI, etc.), we still use bech32 to format these addresses as strings. This ADR doesn't change that. +Using Bech32 for string encoding gives us support for checksum error codes and handling of user typos. + +## Decision + +We define the following account types, for which we define the address function: + +1. simple accounts: represented by a regular public key (ie: secp256k1, sr25519) +2. naive multisig: accounts composed by other addressable objects (ie: naive multisig) +3. composed accounts with a native address key (ie: bls, group module accounts) +4. module accounts: basically any accounts which cannot sign transactions and which are managed internally by modules + +### Legacy Public Key Addresses Don't Change + +Currently (Jan 2021), the only officially supported Cosmos SDK user accounts are `secp256k1` basic accounts and legacy amino multisig. +They are used in existing Cosmos SDK zones. They use the following address formats: + +* secp256k1: `ripemd160(sha256(pk_bytes))[:20]` +* legacy amino multisig: `sha256(aminoCdc.Marshal(pk))[:20]` + +We don't want to change existing addresses. So the addresses for these two key types will remain the same. + +The current multisig public keys use amino serialization to generate the address. We will retain +those public keys and their address formatting, and call them "legacy amino" multisig public keys +in protobuf. We will also create multisig public keys without amino addresses to be described below. + +### Hash Function Choice + +As in other parts of the Cosmos SDK, we will use `sha256`. + +### Basic Address + +We start by defining a base algorithm for generating addresses which we will call `Hash`. Notably, it's used for accounts represented by a single key pair. For each public key schema we have to have an associated `typ` string, explained in the next section. `hash` is the cryptographic hash function defined in the previous section. + +```go +const A_LEN = 32 + +func Hash(typ string, key []byte) []byte { + return hash(hash(typ) + key)[:A_LEN] +} +``` + +The `+` is bytes concatenation, which doesn't use any separator. + +This algorithm is the outcome of a consultation session with a professional cryptographer. +Motivation: this algorithm keeps the address relatively small (length of the `typ` doesn't impact the length of the final address) +and it's more secure than \[post-hash-prefix-proposal] (which uses the first 20 bytes of a pubkey hash, significantly reducing the address space). +Moreover the cryptographer motivated the choice of adding `typ` in the hash to protect against a switch table attack. + +`address.Hash` is a low level function to generate *base* addresses for new key types. Example: + +* BLS: `address.Hash("bls", pubkey)` + +### Composed Addresses + +For simple composed accounts (like a new naive multisig) we generalize the `address.Hash`. The address is constructed by recursively creating addresses for the sub accounts, sorting the addresses and composing them into a single address. It ensures that the ordering of keys doesn't impact the resulting address. + +```go +// We don't need a PubKey interface - we need anything which is addressable. +type Addressable interface { + Address() []byte +} + +func Composed(typ string, subaccounts []Addressable) []byte { + addresses = map(subaccounts, \a -> LengthPrefix(a.Address())) + +addresses = sort(addresses) + +return address.Hash(typ, addresses[0] + ... + addresses[n]) +} +``` + +The `typ` parameter should be a schema descriptor, containing all significant attributes with deterministic serialization (eg: utf8 string). +`LengthPrefix` is a function which prepends 1 byte to the address. The value of that byte is the length of the address bits before prepending. The address must be at most 255 bits long. +We are using `LengthPrefix` to eliminate conflicts - it assures, that for 2 lists of addresses: `as = {a1, a2, ..., an}` and `bs = {b1, b2, ..., bm}` such that every `bi` and `ai` is at most 255 long, `concatenate(map(as, (a) => LengthPrefix(a))) = map(bs, (b) => LengthPrefix(b))` if `as = bs`. + +Implementation Tip: account implementations should cache addresses. + +#### Multisig Addresses + +For a new multisig public keys, we define the `typ` parameter not based on any encoding scheme (amino or protobuf). This avoids issues with non-determinism in the encoding scheme. + +Example: + +```protobuf +package cosmos.crypto.multisig; + +message PubKey { + uint32 threshold = 1; + repeated google.protobuf.Any pubkeys = 2; +} +``` + +```go expandable +func (multisig PubKey) + +Address() { + // first gather all nested pub keys + var keys []address.Addressable // cryptotypes.PubKey implements Addressable + for _, _key := range multisig.Pubkeys { + keys = append(keys, key.GetCachedValue().(cryptotypes.PubKey)) +} + + // form the type from the message name (cosmos.crypto.multisig.PubKey) + +and the threshold joined together + prefix := fmt.Sprintf("%s/%d", proto.MessageName(multisig), multisig.Threshold) + + // use the Composed function defined above + return address.Composed(prefix, keys) +} +``` + +### Derived Addresses + +We must be able to cryptographically derive one address from another one. The derivation process must guarantee hash properties, hence we use the already defined `Hash` function: + +```go +func Derive(address, derivationKey []byte) []byte { + return Hash(address, derivationKey) +} +``` + +### Module Account Addresses + +A module account will have `"module"` type. Module accounts can have sub accounts. The submodule account will be created based on module name, and sequence of derivation keys. Typically, the first derivation key should be a class of the derived accounts. The derivation process has a defined order: module name, submodule key, subsubmodule key... An example module account is created using: + +```go +address.Module(moduleName, key) +``` + +An example sub-module account is created using: + +```go +groupPolicyAddresses := []byte{1 +} + +address.Module(moduleName, groupPolicyAddresses, policyID) +``` + +The `address.Module` function is using `address.Hash` with `"module"` as the type argument, and byte representation of the module name concatenated with submodule key. The last two components must be uniquely separated to avoid potential clashes (example: modulename="ab" & submodulekey="bc" will have the same derivation key as modulename="a" & submodulekey="bbc"). +We use a null byte (`'\x00'`) to separate module name from the submodule key. This works, because null byte is not a part of a valid module name. Finally, the sub-submodule accounts are created by applying the `Derive` function recursively. +We could use `Derive` function also in the first step (rather than concatenating the module name with a zero byte and the submodule key). We decided to do concatenation to avoid one level of derivation and speed up computation. + +For backward compatibility with the existing `authtypes.NewModuleAddress`, we add a special case in `Module` function: when no derivation key is provided, we fallback to the "legacy" implementation. + +```go +func Module(moduleName string, derivationKeys ...[]byte) []byte{ + if len(derivationKeys) == 0 { + return authtypes.NewModuleAddress(moduleName) // legacy case +} + submoduleAddress := Hash("module", []byte(moduleName) + 0 + key) + +return fold((a, k) => Derive(a, k), subsubKeys, submoduleAddress) +} +``` + +**Example 1** A lending BTC pool address would be: + +```go +btcPool := address.Module("lending", btc.Address() +}) +``` + +If we want to create an address for a module account depending on more than one key, we can concatenate them: + +```go +btcAtomAMM := address.Module("amm", btc.Address() + atom.Address() +}) +``` + +**Example 2** a smart-contract address could be constructed by: + +```go +smartContractAddr = Module("mySmartContractVM", smartContractsNamespace, smartContractKey +}) + +// which equals to: +smartContractAddr = Derived( + Module("mySmartContractVM", smartContractsNamespace), + []{ + smartContractKey +}) +``` + +### Schema Types + +A `typ` parameter used in `Hash` function SHOULD be unique for each account type. +Since all Cosmos SDK account types are serialized in the state, we propose to use the protobuf message name string. + +Example: all public key types have a unique protobuf message type similar to: + +```protobuf +package cosmos.crypto.sr25519; + +message PubKey { + bytes key = 1; +} +``` + +All protobuf messages have unique fully qualified names, in this example `cosmos.crypto.sr25519.PubKey`. +These names are derived directly from .proto files in a standardized way and used +in other places such as the type URL in `Any`s. We can easily obtain the name using +`proto.MessageName(msg)`. + +## Consequences + +### Backwards Compatibility + +This ADR is compatible with what was committed and directly supported in the Cosmos SDK repository. + +### Positive + +* a simple algorithm for generating addresses for new public keys, complex accounts and modules +* the algorithm generalizes *native composed keys* +* increased security and collision resistance of addresses +* the approach is extensible for future use-cases - one can use other address types, as long as they don't conflict with the address length specified here (20 or 32 bytes). +* support new account types. + +### Negative + +* addresses do not communicate key type, a prefixed approach would have done this +* addresses are 60% longer and will consume more storage space +* requires a refactor of KVStore store keys to handle variable length addresses + +### Neutral + +* protobuf message names are used as key type prefixes + +## Further Discussions + +Some accounts can have a fixed name or may be constructed in another way (eg: modules). We were discussing an idea of an account with a predefined name (eg: `me.regen`), which could be used by institutions. +Without going into details, these kinds of addresses are compatible with the hash based addresses described here as long as they don't have the same length. +More specifically, any special account address must not have a length equal to 20 or 32 bytes. + +## Appendix: Consulting session + +End of Dec 2020 we had a session with [Alan Szepieniec](https://scholar.google.be/citations?user=4LyZn8oAAAAJ\&hl=en) to consult the approach presented above. + +Alan general observations: + +* we don’t need 2-preimage resistance +* we need 32bytes address space for collision resistance +* when an attacker can control an input for an object with an address then we have a problem with a birthday attack +* there is an issue with smart-contracts for hashing +* sha2 mining can be used to break the address pre-image + +Hashing algorithm + +* any attack breaking blake3 will break blake2 +* Alan is pretty confident about the current security analysis of the blake hash algorithm. It was a finalist, and the author is well known in security analysis. + +Algorithm: + +* Alan recommends to hash the prefix: `address(pub_key) = hash(hash(key_type) + pub_key)[:32]`, main benefits: + * we are free to user arbitrary long prefix names + * we still don’t risk collisions + * switch tables +* discussion about penalization -> about adding prefix post hash +* Aaron asked about post hash prefixes (`address(pub_key) = key_type + hash(pub_key)`) and differences. Alan noted that this approach has longer address space and it’s stronger. + +Algorithm for complex / composed keys: + +* merging tree-like addresses with same algorithm are fine + +Module addresses: Should module addresses have a different size to differentiate it? + +* we will need to set a pre-image prefix for module addresses to keep them in 32-byte space: `hash(hash('module') + module_key)` +* Aaron observation: we already need to deal with variable length (to not break secp256k1 keys). + +Discussion about an arithmetic hash function for ZKP + +* Poseidon / Rescue +* Problem: much bigger risk because we don’t know much techniques and the history of crypto-analysis of arithmetic constructions. It’s still a new ground and area of active research. + +Post quantum signature size + +* Alan suggestion: Falcon: speed / size ratio - very good. +* Aaron - should we think about it? + Alan: based on early extrapolation this thing will get able to break EC cryptography in 2050. But that’s a lot of uncertainty. But there is magic happening with recursions / linking / simulation and that can speedup the progress. + +Other ideas + +* Let’s say we use the same key and two different address algorithms for 2 different use cases. Is it still safe to use it? Alan: if we want to hide the public key (which is not our use case), then it’s less secure but there are fixes. + +### References + +* [Notes](https://hackmd.io/_NGWI4xZSbKzj1BkCqyZMw) diff --git a/docs/sdk/next/build/architecture/adr-029-fee-grant-module.mdx b/docs/sdk/next/build/architecture/adr-029-fee-grant-module.mdx new file mode 100644 index 00000000..3238c5e3 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-029-fee-grant-module.mdx @@ -0,0 +1,160 @@ +--- +title: 'ADR 029: Fee Grant Module' +description: >- + 2020/08/18: Initial Draft 2021/05/05: Removed height based expiration support + and simplified naming. +--- +## Changelog + +* 2020/08/18: Initial Draft +* 2021/05/05: Removed height based expiration support and simplified naming. + +## Status + +Accepted + +## Context + +In order to make blockchain transactions, the signing account must possess a sufficient balance of the right denomination +in order to pay fees. There are classes of transactions where needing to maintain a wallet with sufficient fees is a +barrier to adoption. + +For instance, when proper permissions are set up, someone may temporarily delegate the ability to vote on proposals to +a "burner" account that is stored on a mobile phone with only minimal security. + +Other use cases include workers tracking items in a supply chain or farmers submitting field data for analytics +or compliance purposes. + +For all of these use cases, UX would be significantly enhanced by obviating the need for these accounts to always +maintain the appropriate fee balance. This is especially true if we want to achieve enterprise adoption for something +like supply chain tracking. + +While one solution would be to have a service that fills up these accounts automatically with the appropriate fees, a better UX +would be provided by allowing these accounts to pull from a common fee pool account with proper spending limits. +A single pool would reduce the churn of making lots of small "fill up" transactions and also more effectively leverage +the resources of the organization setting up the pool. + +## Decision + +As a solution we propose a module, `x/feegrant` which allows one account, the "granter" to grant another account, the "grantee" +an allowance to spend the granter's account balance for fees within certain well-defined limits. + +Fee allowances are defined by the extensible `FeeAllowanceI` interface: + +```go expandable +type FeeAllowanceI { + // Accept can use fee payment requested as well as timestamp of the current block + // to determine whether or not to process this. This is checked in + // Keeper.UseGrantedFees and the return values should match how it is handled there. + // + // If it returns an error, the fee payment is rejected, otherwise it is accepted. + // The FeeAllowance implementation is expected to update it's internal state + // and will be saved again after an acceptance. + // + // If remove is true (regardless of the error), the FeeAllowance will be deleted from storage + // (eg. when it is used up). (See call to RevokeFeeAllowance in Keeper.UseGrantedFees) + +Accept(ctx sdk.Context, fee sdk.Coins, msgs []sdk.Msg) (remove bool, err error) + + // ValidateBasic should evaluate this FeeAllowance for internal consistency. + // Don't allow negative amounts, or negative periods for example. + ValidateBasic() + +error +} +``` + +Two basic fee allowance types, `BasicAllowance` and `PeriodicAllowance` are defined to support known use cases: + +```protobuf expandable +// BasicAllowance implements FeeAllowanceI with a one-time grant of tokens +// that optionally expires. The delegatee can use up to SpendLimit to cover fees. +message BasicAllowance { + // spend_limit specifies the maximum amount of tokens that can be spent + // by this allowance and will be updated as tokens are spent. If it is + // empty, there is no spend limit and any amount of coins can be spent. + repeated cosmos_sdk.v1.Coin spend_limit = 1; + + // expiration specifies an optional time when this allowance expires + google.protobuf.Timestamp expiration = 2; +} + +// PeriodicAllowance extends FeeAllowanceI to allow for both a maximum cap, +// as well as a limit per time period. +message PeriodicAllowance { + BasicAllowance basic = 1; + + // period specifies the time duration in which period_spend_limit coins can + // be spent before that allowance is reset + google.protobuf.Duration period = 2; + + // period_spend_limit specifies the maximum number of coins that can be spent + // in the period + repeated cosmos_sdk.v1.Coin period_spend_limit = 3; + + // period_can_spend is the number of coins left to be spent before the period_reset time + repeated cosmos_sdk.v1.Coin period_can_spend = 4; + + // period_reset is the time at which this period resets and a new one begins, + // it is calculated from the start time of the first transaction after the + // last period ended + google.protobuf.Timestamp period_reset = 5; +} + +``` + +Allowances can be granted and revoked using `MsgGrantAllowance` and `MsgRevokeAllowance`: + +```protobuf expandable +// MsgGrantAllowance adds permission for Grantee to spend up to Allowance +// of fees from the account of Granter. +message MsgGrantAllowance { + string granter = 1; + string grantee = 2; + google.protobuf.Any allowance = 3; + } + + // MsgRevokeAllowance removes any existing FeeAllowance from Granter to Grantee. + message MsgRevokeAllowance { + string granter = 1; + string grantee = 2; + } +``` + +In order to use allowances in transactions, we add a new field `granter` to the transaction `Fee` type: + +```protobuf +package cosmos.tx.v1beta1; + +message Fee { + repeated cosmos.base.v1beta1.Coin amount = 1; + uint64 gas_limit = 2; + string payer = 3; + string granter = 4; +} +``` + +`granter` must either be left empty or must correspond to an account which has granted +a fee allowance to the fee payer (either the first signer or the value of the `payer` field). + +A new `AnteDecorator` named `DeductGrantedFeeDecorator` will be created in order to process transactions with `fee_payer` +set and correctly deduct fees based on fee allowances. + +## Consequences + +### Positive + +* improved UX for use cases where it is cumbersome to maintain an account balance just for fees + +### Negative + +### Neutral + +* a new field must be added to the transaction `Fee` message and a new `AnteDecorator` must be + created to use it + +## References + +* Blog article describing initial work: [Link](https://medium.com/regen-network/hacking-the-cosmos-cosmwasm-and-key-management-a08b9f561d1b) +* Initial public specification: [Link](https://gist.github.com/aaronc/b60628017352df5983791cad30babe56) +* Original subkeys proposal from B-harvest which influenced this design: [Link](https://github.com/cosmos/cosmos-sdk/issues/4480) diff --git a/docs/sdk/next/build/architecture/adr-030-authz-module.mdx b/docs/sdk/next/build/architecture/adr-030-authz-module.mdx new file mode 100644 index 00000000..45c36823 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-030-authz-module.mdx @@ -0,0 +1,286 @@ +--- +title: 'ADR 030: Authorization Module' +--- +## Changelog + +* 2019-11-06: Initial Draft +* 2020-10-12: Updated Draft +* 2020-11-13: Accepted +* 2020-05-06: proto API updates, use `sdk.Msg` instead of `sdk.ServiceMsg` (the latter concept was removed from Cosmos SDK) +* 2022-04-20: Updated the `SendAuthorization` proto docs to clarify the `SpendLimit` is a required field. (Generic authorization can be used with bank msg type url to create limit less bank authorization) + +## Status + +Accepted + +## Abstract + +This ADR defines the `x/authz` module which allows accounts to grant authorizations to perform actions +on behalf of that account to other accounts. + +## Context + +The concrete use cases which motivated this module include: + +* the desire to delegate the ability to vote on proposals to other accounts besides the account which one has + delegated stake +* "sub-keys" functionality, as originally proposed in [#4480](https://github.com/cosmos/cosmos-sdk/issues/4480) which + is a term used to describe the functionality provided by this module together with + the `fee_grant` module from [ADR 029](/docs/sdk/vnext/build/architecture/adr-029-fee-grant-module) and the [group module](https://github.com/cosmos/cosmos-sdk/tree/main/x/group). + +The "sub-keys" functionality roughly refers to the ability for one account to grant some subset of its capabilities to +other accounts with possibly less robust, but easier to use security measures. For instance, a master account representing +an organization could grant the ability to spend small amounts of the organization's funds to individual employee accounts. +Or an individual (or group) with a multisig wallet could grant the ability to vote on proposals to any one of the member +keys. + +The current implementation is based on work done by the [Gaian's team at Hackatom Berlin 2019](https://github.com/cosmos-gaians/cosmos-sdk/tree/hackatom/x/delegation). + +## Decision + +We will create a module named `authz` which provides functionality for +granting arbitrary privileges from one account (the *granter*) to another account (the *grantee*). Authorizations +must be granted for a particular `Msg` service methods one by one using an implementation +of `Authorization` interface. + +### Types + +Authorizations determine exactly what privileges are granted. They are extensible +and can be defined for any `Msg` service method even outside of the module where +the `Msg` method is defined. `Authorization`s reference `Msg`s using their TypeURL. + +#### Authorization + +```go expandable +type Authorization interface { + proto.Message + + // MsgTypeURL returns the fully-qualified Msg TypeURL (as described in ADR 020), + // which will process and accept or reject a request. + MsgTypeURL() + +string + + // Accept determines whether this grant permits the provided sdk.Msg to be performed, and if + // so provides an upgraded authorization instance. + Accept(ctx sdk.Context, msg sdk.Msg) (AcceptResponse, error) + + // ValidateBasic does a simple validation check that + // doesn't require access to any other information. + ValidateBasic() + +error +} + +// AcceptResponse instruments the controller of an authz message if the request is accepted +// and if it should be updated or deleted. +type AcceptResponse struct { + // If Accept=true, the controller can accept and authorization and handle the update. + Accept bool + // If Delete=true, the controller must delete the authorization object and release + // storage resources. + Delete bool + // Controller, who is calling Authorization.Accept must check if `Updated != nil`. If yes, + // it must use the updated version and handle the update on the storage level. + Updated Authorization +} +``` + +For example a `SendAuthorization` like this is defined for `MsgSend` that takes +a `SpendLimit` and updates it down to zero: + +```go expandable +type SendAuthorization struct { + // SpendLimit specifies the maximum amount of tokens that can be spent + // by this authorization and will be updated as tokens are spent. This field is required. (Generic authorization + // can be used with bank msg type url to create limit less bank authorization). + SpendLimit sdk.Coins +} + +func (a SendAuthorization) + +MsgTypeURL() + +string { + return sdk.MsgTypeURL(&MsgSend{ +}) +} + +func (a SendAuthorization) + +Accept(ctx sdk.Context, msg sdk.Msg) (authz.AcceptResponse, error) { + mSend, ok := msg.(*MsgSend) + if !ok { + return authz.AcceptResponse{ +}, sdkerrors.ErrInvalidType.Wrap("type mismatch") +} + +limitLeft, isNegative := a.SpendLimit.SafeSub(mSend.Amount) + if isNegative { + return authz.AcceptResponse{ +}, sdkerrors.ErrInsufficientFunds.Wrapf("requested amount is more than spend limit") +} + if limitLeft.IsZero() { + return authz.AcceptResponse{ + Accept: true, + Delete: true +}, nil +} + +return authz.AcceptResponse{ + Accept: true, + Delete: false, + Updated: &SendAuthorization{ + SpendLimit: limitLeft +}}, nil +} +``` + +A different type of capability for `MsgSend` could be implemented +using the `Authorization` interface with no need to change the underlying +`bank` module. + +##### Small notes on `AcceptResponse` + +* The `AcceptResponse.Accept` field will be set to `true` if the authorization is accepted. + However, if it is rejected, the function `Accept` will raise an error (without setting `AcceptResponse.Accept` to `false`). + +* The `AcceptResponse.Updated` field will be set to a non-nil value only if there is a real change to the authorization. + If authorization remains the same (as is, for instance, always the case for a [`GenericAuthorization`](#genericauthorization)), + the field will be `nil`. + +### `Msg` Service + +```protobuf expandable +service Msg { + // Grant grants the provided authorization to the grantee on the granter's + // account with the provided expiration time. + rpc Grant(MsgGrant) returns (MsgGrantResponse); + + // Exec attempts to execute the provided messages using + // authorizations granted to the grantee. Each message should have only + // one signer corresponding to the granter of the authorization. + rpc Exec(MsgExec) returns (MsgExecResponse); + + // Revoke revokes any authorization corresponding to the provided method name on the + // granter's account that has been granted to the grantee. + rpc Revoke(MsgRevoke) returns (MsgRevokeResponse); +} + +// Grant gives permissions to execute +// the provided method with expiration time. +message Grant { + google.protobuf.Any authorization = 1 [(cosmos_proto.accepts_interface) = "cosmos.authz.v1beta1.Authorization"]; + google.protobuf.Timestamp expiration = 2 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false]; +} + +message MsgGrant { + string granter = 1; + string grantee = 2; + + Grant grant = 3 [(gogoproto.nullable) = false]; +} + +message MsgExecResponse { + cosmos.base.abci.v1beta1.Result result = 1; +} + +message MsgExec { + string grantee = 1; + // Authorization Msg requests to execute. Each msg must implement Authorization interface + repeated google.protobuf.Any msgs = 2 [(cosmos_proto.accepts_interface) = "cosmos.base.v1beta1.Msg"]; +} +``` + +### Router Middleware + +The `authz` `Keeper` will expose a `DispatchActions` method which allows other modules to send `Msg`s +to the router based on `Authorization` grants: + +```go +type Keeper interface { + // DispatchActions routes the provided msgs to their respective handlers if the grantee was granted an authorization + // to send those messages by the first (and only) + +signer of each msg. + DispatchActions(ctx sdk.Context, grantee sdk.AccAddress, msgs []sdk.Msg) + +sdk.Result` +} +``` + +### CLI + +#### `tx exec` Method + +When a CLI user wants to run a transaction on behalf of another account using `MsgExec`, they +can use the `exec` method. For instance `gaiacli tx gov vote 1 yes --from --generate-only | gaiacli tx authz exec --send-as --from ` +would send a transaction like this: + +```go +MsgExec { + Grantee: mykey, + Msgs: []sdk.Msg{ + MsgVote { + ProposalID: 1, + Voter: cosmos3thsdgh983egh823 + Option: Yes +} + +} +} +``` + +#### `tx grant --from ` + +This CLI command will send a `MsgGrant` transaction. `authorization` should be encoded as +JSON on the CLI. + +#### `tx revoke --from ` + +This CLI command will send a `MsgRevoke` transaction. + +### Built-in Authorizations + +#### `SendAuthorization` + +```protobuf +// SendAuthorization allows the grantee to spend up to spend_limit coins from +// the granter's account. +message SendAuthorization { + repeated cosmos.base.v1beta1.Coin spend_limit = 1; +} +``` + +#### `GenericAuthorization` + +```protobuf +// GenericAuthorization gives the grantee unrestricted permissions to execute +// the provided method on behalf of the granter's account. +message GenericAuthorization { + option (cosmos_proto.implements_interface) = "Authorization"; + + // Msg, identified by it's type URL, to grant unrestricted permissions to execute + string msg = 1; +} +``` + +## Consequences + +### Positive + +* Users will be able to authorize arbitrary actions on behalf of their accounts to other + users, improving key management for many use cases +* The solution is more generic than previously considered approaches and the + `Authorization` interface approach can be extended to cover other use cases by + SDK users + +### Negative + +### Neutral + +## References + +* Initial Hackatom implementation: [Link](https://github.com/cosmos-gaians/cosmos-sdk/tree/hackatom/x/delegation) +* Post-Hackatom spec: [Link](https://gist.github.com/aaronc/b60628017352df5983791cad30babe56#delegation-module) +* B-Harvest subkeys spec: [Link](https://github.com/cosmos/cosmos-sdk/issues/4480) diff --git a/docs/sdk/next/build/architecture/adr-031-msg-service.mdx b/docs/sdk/next/build/architecture/adr-031-msg-service.mdx new file mode 100644 index 00000000..c3f8634d --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-031-msg-service.mdx @@ -0,0 +1,216 @@ +--- +title: 'ADR 031: Protobuf Msg Services' +description: >- + 2020-10-05: Initial Draft 2021-04-21: Remove ServiceMsgs to follow Protobuf + Any's spec, see #9063. +--- +## Changelog + +* 2020-10-05: Initial Draft +* 2021-04-21: Remove `ServiceMsg`s to follow Protobuf `Any`'s spec, see [#9063](https://github.com/cosmos/cosmos-sdk/issues/9063). + +## Status + +Accepted + +## Abstract + +We want to leverage protobuf `service` definitions for defining `Msg`s, which will give us significant developer UX +improvements in terms of the code that is generated and the fact that return types will now be well defined. + +## Context + +Currently `Msg` handlers in the Cosmos SDK have return values that are placed in the `data` field of the response. +These return values, however, are not specified anywhere except in the golang handler code. + +In early conversations [it was proposed](https://docs.google.com/document/d/1eEgYgvgZqLE45vETjhwIw4VOqK-5hwQtZtjVbiXnIGc/edit) +that `Msg` return types be captured using a protobuf extension field, ex: + +```protobuf +package cosmos.gov; + +message MsgSubmitProposal + option (cosmos_proto.msg_return) = “uint64”; + string delegator_address = 1; + string validator_address = 2; + repeated sdk.Coin amount = 3; +} +``` + +This was never adopted, however. + +Having a well-specified return value for `Msg`s would improve client UX. For instance, +in `x/gov`, `MsgSubmitProposal` returns the proposal ID as a big-endian `uint64`. +This isn’t really documented anywhere and clients would need to know the internals +of the Cosmos SDK to parse that value and return it to users. + +Also, there may be cases where we want to use these return values programmatically. +For instance, [Link](https://github.com/cosmos/cosmos-sdk/issues/7093) proposes a method for +doing inter-module Ocaps using the `Msg` router. A well-defined return type would +improve the developer UX for this approach. + +In addition, handler registration of `Msg` types tends to add a bit of +boilerplate on top of keepers and is usually done through manual type switches. +This isn't necessarily bad, but it does add overhead to creating modules. + +## Decision + +We decide to use protobuf `service` definitions for defining `Msg`s as well as +the code generated by them as a replacement for `Msg` handlers. + +Below we define how this will look for the `SubmitProposal` message from `x/gov` module. +We start with a `Msg` `service` definition: + +```protobuf expandable +package cosmos.gov; + +service Msg { + rpc SubmitProposal(MsgSubmitProposal) returns (MsgSubmitProposalResponse); +} + +// Note that for backwards compatibility this uses MsgSubmitProposal as the request +// type instead of the more canonical MsgSubmitProposalRequest +message MsgSubmitProposal { + google.protobuf.Any content = 1; + string proposer = 2; +} + +message MsgSubmitProposalResponse { + uint64 proposal_id; +} +``` + +While this is most commonly used for gRPC, overloading protobuf `service` definitions like this does not violate +the intent of the [protobuf spec](https://developers.google.com/protocol-buffers/docs/proto3#services) which says: + +> If you don’t want to use gRPC, it’s also possible to use protocol buffers with your own RPC implementation. +> With this approach, we would get an auto-generated `MsgServer` interface: + +In addition to clearly specifying return types, this has the benefit of generating client and server code. On the server +side, this is almost like an automatically generated keeper method and could maybe be used instead of keepers eventually +(see [#7093](https://github.com/cosmos/cosmos-sdk/issues/7093)): + +```go +package gov + +type MsgServer interface { + SubmitProposal(context.Context, *MsgSubmitProposal) (*MsgSubmitProposalResponse, error) +} +``` + +On the client side, developers could take advantage of this by creating RPC implementations that encapsulate transaction +logic. Protobuf libraries that use asynchronous callbacks, like [protobuf.js](https://github.com/protobufjs/protobuf.js#using-services) +could use this to register callbacks for specific messages even for transactions that include multiple `Msg`s. + +Each `Msg` service method should have exactly one request parameter: its corresponding `Msg` type. For example, the `Msg` service method `/cosmos.gov.v1beta1.Msg/SubmitProposal` above has exactly one request parameter, namely the `Msg` type `/cosmos.gov.v1beta1.MsgSubmitProposal`. It is important the reader understands clearly the nomenclature difference between a `Msg` service (a Protobuf service) and a `Msg` type (a Protobuf message), and the differences in their fully-qualified name. + +This convention has been decided over the more canonical `Msg...Request` names mainly for backwards compatibility, but also for better readability in `TxBody.messages` (see [Encoding section](#encoding) below): transactions containing `/cosmos.gov.MsgSubmitProposal` read better than those containing `/cosmos.gov.v1beta1.MsgSubmitProposalRequest`. + +One consequence of this convention is that each `Msg` type can be the request parameter of only one `Msg` service method. However, we consider this limitation a good practice in explicitness. + +### Encoding + +Encoding of transactions generated with `Msg` services does not differ from current Protobuf transaction encoding as defined in [ADR-020](/docs/sdk/vnext/build/architecture/adr-020-protobuf-transaction-encoding). We are encoding `Msg` types (which are exactly `Msg` service methods' request parameters) as `Any` in `Tx`s which involves packing the +binary-encoded `Msg` with its type URL. + +### Decoding + +Since `Msg` types are packed into `Any`, decoding transaction messages is done by unpacking `Any`s into `Msg` types. For more information, please refer to [ADR-020](/docs/sdk/vnext/build/architecture/adr-020-protobuf-transaction-encoding#transactions). + +### Routing + +We propose to add a `msg_service_router` in BaseApp. This router is a key/value map which maps `Msg` types' `type_url`s to their corresponding `Msg` service method handler. Since there is a 1-to-1 mapping between `Msg` types and `Msg` service method, the `msg_service_router` has exactly one entry per `Msg` service method. + +When a transaction is processed by BaseApp (in CheckTx or in DeliverTx), its `TxBody.messages` are decoded as `Msg`s. Each `Msg`'s `type_url` is matched against an entry in the `msg_service_router`, and the respective `Msg` service method handler is called. + +For backward compatibility, the old handlers are not removed yet. If BaseApp receives a legacy `Msg` with no corresponding entry in the `msg_service_router`, it will be routed via its legacy `Route()` method into the legacy handler. + +### Module Configuration + +In [ADR 021](/docs/sdk/vnext/build/architecture/adr-021-protobuf-query-encoding), we introduced a method `RegisterQueryService` +to `AppModule` which allows for modules to register gRPC queriers. + +To register `Msg` services, we attempt a more extensible approach by converting `RegisterQueryService` +to a more generic `RegisterServices` method: + +```go expandable +type AppModule interface { + RegisterServices(Configurator) + ... +} + +type Configurator interface { + QueryServer() + +grpc.Server + MsgServer() + +grpc.Server +} + +// example module: +func (am AppModule) + +RegisterServices(cfg Configurator) { + types.RegisterQueryServer(cfg.QueryServer(), keeper) + +types.RegisterMsgServer(cfg.MsgServer(), keeper) +} +``` + +The `RegisterServices` method and the `Configurator` interface are intended to +evolve to satisfy the use cases discussed in [#7093](https://github.com/cosmos/cosmos-sdk/issues/7093) +and [#7122](https://github.com/cosmos/cosmos-sdk/issues/7421). + +When `Msg` services are registered, the framework *should* verify that all `Msg` types +implement the `sdk.Msg` interface and throw an error during initialization rather +than later when transactions are processed. + +### `Msg` Service Implementation + +Just like query services, `Msg` service methods can retrieve the `sdk.Context` +from the `context.Context` parameter using the `sdk.UnwrapSDKContext` +method: + +```go +package gov + +func (k Keeper) + +SubmitProposal(goCtx context.Context, params *types.MsgSubmitProposal) (*MsgSubmitProposalResponse, error) { + ctx := sdk.UnwrapSDKContext(goCtx) + ... +} +``` + +The `sdk.Context` should have an `EventManager` already attached by BaseApp's `msg_service_router`. + +Separate handler definition is no longer needed with this approach. + +## Consequences + +This design changes how a module functionality is exposed and accessed. It deprecates the existing `Handler` interface and `AppModule.Route` in favor of [Protocol Buffer Services](https://developers.google.com/protocol-buffers/docs/proto3#services) and Service Routing described above. This dramatically simplifies the code. We don't need to create handlers and keepers any more. Use of Protocol Buffer auto-generated clients clearly separates the communication interfaces between the module and a modules user. The control logic (aka handlers and keepers) is not exposed any more. A module interface can be seen as a black box accessible through a client API. It's worth to note that the client interfaces are also generated by Protocol Buffers. + +This also allows us to change how we perform functional tests. Instead of mocking AppModules and Router, we will mock a client (server will stay hidden). More specifically: we will never mock `moduleA.MsgServer` in `moduleB`, but rather `moduleA.MsgClient`. One can think about it as working with external services (eg DBs, or online servers...). We assume that the transmission between clients and servers is correctly handled by generated Protocol Buffers. + +Finally, closing a module to client API opens desirable OCAP patterns discussed in ADR-033. Since server implementation and interface is hidden, nobody can hold "keepers"/servers and will be forced to relay on the client interface, which will drive developers for correct encapsulation and software engineering patterns. + +### Pros + +* communicates return type clearly +* manual handler registration and return type marshaling is no longer needed, just implement the interface and register it +* communication interface is automatically generated, the developer can now focus only on the state transition methods - this would improve the UX of [#7093](https://github.com/cosmos/cosmos-sdk/issues/7093) approach (1) if we chose to adopt that +* generated client code could be useful for clients and tests +* dramatically reduces and simplifies the code + +### Cons + +* using `service` definitions outside the context of gRPC could be confusing (but doesn’t violate the proto3 spec) + +## References + +* [Initial Github Issue #7122](https://github.com/cosmos/cosmos-sdk/issues/7122) +* [proto 3 Language Guide: Defining Services](https://developers.google.com/protocol-buffers/docs/proto3#services) +* [Initial pre-`Any` `Msg` designs](https://docs.google.com/document/d/1eEgYgvgZqLE45vETjhwIw4VOqK-5hwQtZtjVbiXnIGc) +* [ADR 020](/docs/sdk/vnext/build/architecture/adr-020-protobuf-transaction-encoding) +* [ADR 021](/docs/sdk/vnext/build/architecture/adr-021-protobuf-query-encoding) diff --git a/docs/sdk/next/build/architecture/adr-032-typed-events.mdx b/docs/sdk/next/build/architecture/adr-032-typed-events.mdx new file mode 100644 index 00000000..193aae19 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-032-typed-events.mdx @@ -0,0 +1,350 @@ +--- +title: 'ADR 032: Typed Events' +description: '28-Sept-2020: Initial Draft' +--- +## Changelog + +* 28-Sept-2020: Initial Draft + +## Authors + +* Anil Kumar (@anilcse) +* Jack Zampolin (@jackzampolin) +* Adam Bozanich (@boz) + +## Status + +Proposed + +## Abstract + +Currently in the Cosmos SDK, events are defined in the handlers for each message as well as `BeginBlock` and `EndBlock`. Each module doesn't have types defined for each event, they are implemented as `map[string]string`. Above all else this makes these events difficult to consume as it requires a great deal of raw string matching and parsing. This proposal focuses on updating the events to use **typed events** defined in each module such that emitting and subscribing to events will be much easier. This workflow comes from the experience of the Akash Network team. + +## Context + +Currently in the Cosmos SDK, events are defined in the handlers for each message, meaning each module doesn't have a canonical set of types for each event. Above all else this makes these events difficult to consume as it requires a great deal of raw string matching and parsing. This proposal focuses on updating the events to use **typed events** defined in each module such that emitting and subscribing to events will be much easier. This workflow comes from the experience of the Akash Network team. + +[Our platform](http://github.com/ovrclk/akash) requires a number of programmatic on chain interactions both on the provider (datacenter - to bid on new orders and listen for leases created) and user (application developer - to send the app manifest to the provider) side. In addition the Akash team is now maintaining the IBC [`relayer`](https://github.com/ovrclk/relayer), another very event driven process. In working on these core pieces of infrastructure, and integrating lessons learned from Kubernetes development, our team has developed a standard method for defining and consuming typed events in Cosmos SDK modules. We have found that it is extremely useful in building this type of event driven application. + +As the Cosmos SDK gets used more extensively for apps like `peggy`, other peg zones, IBC, DeFi, etc... there will be an exploding demand for event driven applications to support new features desired by users. We propose upstreaming our findings into the Cosmos SDK to enable all Cosmos SDK applications to quickly and easily build event driven apps to aid their core application. Wallets, exchanges, explorers, and defi protocols all stand to benefit from this work. + +If this proposal is accepted, users will be able to build event driven Cosmos SDK apps in go by just writing `EventHandler`s for their specific event types and passing them to `EventEmitters` that are defined in the Cosmos SDK. + +The end of this proposal contains a detailed example of how to consume events after this refactor. + +This proposal is specifically about how to consume these events as a client of the blockchain, not for intermodule communication. + +## Decision + +**Step-1**: Implement additional functionality in the `types` package: `EmitTypedEvent` and `ParseTypedEvent` functions + +```go expandable +// types/events.go + +// EmitTypedEvent takes typed event and emits converting it into sdk.Event +func (em *EventManager) + +EmitTypedEvent(event proto.Message) + +error { + evtType := proto.MessageName(event) + +evtJSON, err := codec.ProtoMarshalJSON(event) + if err != nil { + return err +} + +var attrMap map[string]json.RawMessage + err = json.Unmarshal(evtJSON, &attrMap) + if err != nil { + return err +} + +var attrs []abci.EventAttribute + for k, v := range attrMap { + attrs = append(attrs, abci.EventAttribute{ + Key: []byte(k), + Value: v, +}) +} + +em.EmitEvent(Event{ + Type: evtType, + Attributes: attrs, +}) + +return nil +} + +// ParseTypedEvent converts abci.Event back to typed event +func ParseTypedEvent(event abci.Event) (proto.Message, error) { + concreteGoType := proto.MessageType(event.Type) + if concreteGoType == nil { + return nil, fmt.Errorf("failed to retrieve the message of type %q", event.Type) +} + +var value reflect.Value + if concreteGoType.Kind() == reflect.Ptr { + value = reflect.New(concreteGoType.Elem()) +} + +else { + value = reflect.Zero(concreteGoType) +} + +protoMsg, ok := value.Interface().(proto.Message) + if !ok { + return nil, fmt.Errorf("%q does not implement proto.Message", event.Type) +} + attrMap := make(map[string]json.RawMessage) + for _, attr := range event.Attributes { + attrMap[string(attr.Key)] = attr.Value +} + +attrBytes, err := json.Marshal(attrMap) + if err != nil { + return nil, err +} + +err = jsonpb.Unmarshal(strings.NewReader(string(attrBytes)), protoMsg) + if err != nil { + return nil, err +} + +return protoMsg, nil +} +``` + +Here, the `EmitTypedEvent` is a method on `EventManager` which takes typed event as input and apply json serialization on it. Then it maps the JSON key/value pairs to `event.Attributes` and emits it in form of `sdk.Event`. `Event.Type` will be the type URL of the proto message. + +When we subscribe to emitted events on the CometBFT websocket, they are emitted in the form of an `abci.Event`. `ParseTypedEvent` parses the event back to it's original proto message. + +**Step-2**: Add proto definitions for typed events for msgs in each module: + +For example, let's take `MsgSubmitProposal` of `gov` module and implement this event's type. + +```protobuf +// proto/cosmos/gov/v1beta1/gov.proto +// Add typed event definition + +package cosmos.gov.v1beta1; + +message EventSubmitProposal { + string from_address = 1; + uint64 proposal_id = 2; + TextProposal proposal = 3; +} +``` + +**Step-3**: Refactor event emission to use the typed event created and emit using `sdk.EmitTypedEvent`: + +```go expandable +// x/gov/handler.go +func handleMsgSubmitProposal(ctx sdk.Context, keeper keeper.Keeper, msg types.MsgSubmitProposalI) (*sdk.Result, error) { + ... + types.Context.EventManager().EmitTypedEvent( + &EventSubmitProposal{ + FromAddress: fromAddress, + ProposalId: id, + Proposal: proposal, +}, + ) + ... +} +``` + +### How to subscribe to these typed events in `Client` + +> NOTE: Full code example below + +Users will be able to subscribe using `client.Context.Client.Subscribe` and consume events which are emitted using `EventHandler`s. + +Akash Network has built a simple [`pubsub`](https://github.com/ovrclk/akash/blob/90d258caeb933b611d575355b8df281208a214f8/pubsub/bus.go#L20). This can be used to subscribe to `abci.Events` and [publish](https://github.com/ovrclk/akash/blob/90d258caeb933b611d575355b8df281208a214f8/events/publish.go#L21) them as typed events. + +Please see the below code sample for more detail on how this flow looks for clients. + +## Consequences + +### Positive + +* Improves consistency of implementation for the events currently in the Cosmos SDK +* Provides a much more ergonomic way to handle events and facilitates writing event driven applications +* This implementation will support a middleware ecosystem of `EventHandler`s + +### Negative + +## Detailed code example of publishing events + +This ADR also proposes adding affordances to emit and consume these events. This way developers will only need to write +`EventHandler`s which define the actions they desire to take. + +```go expandable +// EventEmitter is a type that describes event emitter functions +// This should be defined in `types/events.go` +type EventEmitter func(context.Context, client.Context, ...EventHandler) + +error + +// EventHandler is a type of function that handles events coming out of the event bus +// This should be defined in `types/events.go` +type EventHandler func(proto.Message) + +error + +// Sample use of the functions below +func main() { + ctx, cancel := context.WithCancel(context.Background()) + if err := TxEmitter(ctx, client.Context{ +}.WithNodeURI("tcp://localhost:26657"), SubmitProposalEventHandler); err != nil { + cancel() + +panic(err) +} + +return +} + +// SubmitProposalEventHandler is an example of an event handler that prints proposal details +// when any EventSubmitProposal is emitted. +func SubmitProposalEventHandler(ev proto.Message) (err error) { + switch event := ev.(type) { + // Handle governance proposal events creation events + case govtypes.EventSubmitProposal: + // Users define business logic here e.g. + fmt.Println(ev.FromAddress, ev.ProposalId, ev.Proposal) + +return nil + default: + return nil +} +} + +// TxEmitter is an example of an event emitter that emits just transaction events. This can and +// should be implemented somewhere in the Cosmos SDK. The Cosmos SDK can include an EventEmitters for tm.event='Tx' +// and/or tm.event='NewBlock' (the new block events may contain typed events) + +func TxEmitter(ctx context.Context, cliCtx client.Context, ehs ...EventHandler) (err error) { + // Instantiate and start CometBFT RPC client + client, err := cliCtx.GetNode() + if err != nil { + return err +} + if err = client.Start(); err != nil { + return err +} + + // Start the pubsub bus + bus := pubsub.NewBus() + +defer bus.Close() + + // Initialize a new error group + eg, ctx := errgroup.WithContext(ctx) + + // Publish chain events to the pubsub bus + eg.Go(func() + +error { + return PublishChainTxEvents(ctx, client, bus, simapp.ModuleBasics) +}) + + // Subscribe to the bus events + subscriber, err := bus.Subscribe() + if err != nil { + return err +} + + // Handle all the events coming out of the bus + eg.Go(func() + +error { + var err error + for { + select { + case <-ctx.Done(): + return nil + case <-subscriber.Done(): + return nil + case ev := <-subscriber.Events(): + for _, eh := range ehs { + if err = eh(ev); err != nil { + break +} + +} + +} + +} + +return nil +}) + +return group.Wait() +} + +// PublishChainTxEvents events using cmtclient. Waits on context shutdown signals to exit. +func PublishChainTxEvents(ctx context.Context, client cmtclient.EventsClient, bus pubsub.Bus, mb module.BasicManager) (err error) { + // Subscribe to transaction events + txch, err := client.Subscribe(ctx, "txevents", "tm.event='Tx'", 100) + if err != nil { + return err +} + + // Unsubscribe from transaction events on function exit + defer func() { + err = client.UnsubscribeAll(ctx, "txevents") +}() + + // Use errgroup to manage concurrency + g, ctx := errgroup.WithContext(ctx) + + // Publish transaction events in a goroutine + g.Go(func() + +error { + var err error + for { + select { + case <-ctx.Done(): + break + case ed := <-ch: + switch evt := ed.Data.(type) { + case cmttypes.EventDataTx: + if !evt.Result.IsOK() { + continue +} + // range over events, parse them using the basic manager and + // send them to the pubsub bus + for _, abciEv := range events { + typedEvent, err := sdk.ParseTypedEvent(abciEv) + if err != nil { + return err +} + if err := bus.Publish(typedEvent); err != nil { + bus.Close() + +return +} + +continue +} + +} + +} + +} + +return err +}) + + // Exit on error or context cancellation + return g.Wait() +} +``` + +## References + +* [Publish Custom Events via a bus](https://github.com/ovrclk/akash/blob/90d258caeb933b611d575355b8df281208a214f8/events/publish.go#L19-L58) +* [Consuming the events in `Client`](https://github.com/ovrclk/deploy/blob/bf6c633ab6c68f3026df59efd9982d6ca1bf0561/cmd/event-handlers.go#L57) diff --git a/docs/sdk/next/build/architecture/adr-033-protobuf-inter-module-comm.mdx b/docs/sdk/next/build/architecture/adr-033-protobuf-inter-module-comm.mdx new file mode 100644 index 00000000..bbfdb51e --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-033-protobuf-inter-module-comm.mdx @@ -0,0 +1,454 @@ +--- +title: 'ADR 033: Protobuf-based Inter-Module Communication' +description: '2020-10-05: Initial Draft' +--- +## Changelog + +* 2020-10-05: Initial Draft + +## Status + +Proposed + +## Abstract + +This ADR introduces a system for permissioned inter-module communication leveraging the protobuf `Query` and `Msg` +service definitions defined in [ADR 021](/docs/sdk/vnext/build/architecture/adr-021-protobuf-query-encoding) and +[ADR 031](/docs/sdk/vnext/build/architecture/adr-031-msg-service) which provides: + +* stable protobuf based module interfaces to potentially later replace the keeper paradigm +* stronger inter-module object capabilities (OCAPs) guarantees +* module accounts and sub-account authorization + +## Context + +In the current Cosmos SDK documentation on the [Object-Capability Model](/docs/sdk/vnext/build/docs/learn/advanced/ocap), it is stated that: + +> We assume that a thriving ecosystem of Cosmos SDK modules that are easy to compose into a blockchain application will contain faulty or malicious modules. + +There is currently not a thriving ecosystem of Cosmos SDK modules. We hypothesize that this is in part due to: + +1. lack of a stable v1.0 Cosmos SDK to build modules off of. Module interfaces are changing, sometimes dramatically, from + point release to point release, often for good reasons, but this does not create a stable foundation to build on. +2. lack of a properly implemented object capability or even object-oriented encapsulation system which makes refactors + of module keeper interfaces inevitable because the current interfaces are poorly constrained. + +### `x/bank` Case Study + +Currently the `x/bank` keeper gives pretty much unrestricted access to any module which references it. For instance, the +`SetBalance` method allows the caller to set the balance of any account to anything, bypassing even proper tracking of supply. + +There appears to have been some later attempts to implement some semblance of OCAPs using module-level minting, staking +and burning permissions. These permissions allow a module to mint, burn or delegate tokens with reference to the module’s +own account. These permissions are actually stored as a `[]string` array on the `ModuleAccount` type in state. + +However, these permissions don’t really do much. They control what modules can be referenced in the `MintCoins`, +`BurnCoins` and `DelegateCoins***` methods, but for one there is no unique object capability token that controls access — +just a simple string. So the `x/upgrade` module could mint tokens for the `x/staking` module simply by calling +`MintCoins(“staking”)`. Furthermore, all modules which have access to these keeper methods, also have access to +`SetBalance` negating any other attempt at OCAPs and breaking even basic object-oriented encapsulation. + +## Decision + +Based on [ADR-021](/docs/sdk/vnext/build/architecture/adr-021-protobuf-query-encoding) and [ADR-031](/docs/sdk/vnext/build/architecture/adr-031-msg-service), we introduce the +Inter-Module Communication framework for secure module authorization and OCAPs. +When implemented, this could also serve as an alternative to the existing paradigm of passing keepers between +modules. The approach outlined here-in is intended to form the basis of a Cosmos SDK v1.0 that provides the necessary +stability and encapsulation guarantees that allow a thriving module ecosystem to emerge. + +Of particular note — the decision is to *enable* this functionality for modules to adopt at their own discretion. +Proposals to migrate existing modules to this new paradigm will have to be a separate conversation, potentially +addressed as amendments to this ADR. + +### New "Keeper" Paradigm + +In [ADR 021](/docs/sdk/vnext/build/architecture/adr-021-protobuf-query-encoding), a mechanism for using protobuf service definitions to define queriers +was introduced and in [ADR 31](/docs/sdk/vnext/build/architecture/adr-031-msg-service), a mechanism for using protobuf service to define `Msg`s was added. +Protobuf service definitions generate two golang interfaces representing the client and server sides of a service plus +some helper code. Here is a minimal example for the bank `cosmos.bank.Msg/Send` message type: + +```go +package bank + +type MsgClient interface { + Send(context.Context, *MsgSend, opts ...grpc.CallOption) (*MsgSendResponse, error) +} + +type MsgServer interface { + Send(context.Context, *MsgSend) (*MsgSendResponse, error) +} +``` + +[ADR 021](/docs/sdk/vnext/build/architecture/adr-021-protobuf-query-encoding) and [ADR 31](/docs/sdk/vnext/build/architecture/adr-031-msg-service) specifies how modules can implement the generated `QueryServer` +and `MsgServer` interfaces as replacements for the legacy queriers and `Msg` handlers respectively. + +In this ADR we explain how modules can make queries and send `Msg`s to other modules using the generated `QueryClient` +and `MsgClient` interfaces and propose this mechanism as a replacement for the existing `Keeper` paradigm. To be clear, +this ADR does not necessitate the creation of new protobuf definitions or services. Rather, it leverages the same proto +based service interfaces already used by clients for inter-module communication. + +Using this `QueryClient`/`MsgClient` approach has the following key benefits over exposing keepers to external modules: + +1. Protobuf types are checked for breaking changes using [buf](https://buf.build/docs/breaking-overview) and because of + the way protobuf is designed this will give us strong backwards compatibility guarantees while allowing for forward + evolution. +2. The separation between the client and server interfaces will allow us to insert permission checking code in between + the two which checks if one module is authorized to send the specified `Msg` to the other module providing a proper + object capability system (see below). +3. The router for inter-module communication gives us a convenient place to handle rollback of transactions, + enabling atomicity of operations ([currently a problem](https://github.com/cosmos/cosmos-sdk/issues/8030)). Any failure within a module-to-module call would result in a failure of the entire + transaction + +This mechanism has the added benefits of: + +* reducing boilerplate through code generation, and +* allowing for modules in other languages either via a VM like CosmWasm or sub-processes using gRPC + +### Inter-module Communication + +To use the `Client` generated by the protobuf compiler we need a `grpc.ClientConn` [interface](https://github.com/grpc/grpc-go/blob/v1.49.x/clientconn.go#L441-L450) +implementation. For this we introduce +a new type, `ModuleKey`, which implements the `grpc.ClientConn` interface. `ModuleKey` can be thought of as the "private +key" corresponding to a module account, where authentication is provided through use of a special `Invoker()` function, +described in more detail below. + +Blockchain users (external clients) use their account's private key to sign transactions containing `Msg`s where they are listed as signers (each +message specifies required signers with `Msg.GetSigner`). The authentication check is performed by `AnteHandler`. + +Here, we extend this process, by allowing modules to be identified in `Msg.GetSigners`. When a module wants to trigger the execution a `Msg` in another module, +its `ModuleKey` acts as the sender (through the `ClientConn` interface we describe below) and is set as a sole "signer". It's worth to note +that we don't use any cryptographic signature in this case. +For example, module `A` could use its `A.ModuleKey` to create `MsgSend` object for `/cosmos.bank.Msg/Send` transaction. `MsgSend` validation +will assure that the `from` account (`A.ModuleKey` in this case) is the signer. + +Here's an example of a hypothetical module `foo` interacting with `x/bank`: + +```go expandable +package foo + +type FooMsgServer { + // ... + + bankQuery bank.QueryClient + bankMsg bank.MsgClient +} + +func NewFooMsgServer(moduleKey RootModuleKey, ...) + +FooMsgServer { + // ... + + return FooMsgServer { + // ... + modouleKey: moduleKey, + bankQuery: bank.NewQueryClient(moduleKey), + bankMsg: bank.NewMsgClient(moduleKey), +} +} + +func (foo *FooMsgServer) + +Bar(ctx context.Context, req *MsgBarRequest) (*MsgBarResponse, error) { + balance, err := foo.bankQuery.Balance(&bank.QueryBalanceRequest{ + Address: foo.moduleKey.Address(), + Denom: "foo" +}) + + ... + + res, err := foo.bankMsg.Send(ctx, &bank.MsgSendRequest{ + FromAddress: fooMsgServer.moduleKey.Address(), ... +}) + + ... +} +``` + +This design is also intended to be extensible to cover use cases of more fine grained permissioning like minting by +denom prefix being restricted to certain modules (as discussed in +[#7459](https://github.com/cosmos/cosmos-sdk/pull/7459#discussion_r529545528)). + +### `ModuleKey`s and `ModuleID`s + +A `ModuleKey` can be thought of as a "private key" for a module account and a `ModuleID` can be thought of as the +corresponding "public key". From the [ADR 028](/docs/sdk/vnext/build/architecture/adr-028-public-key-addresses), modules can have both a root module account and any number of sub-accounts +or derived accounts that can be used for different pools (ex. staking pools) or managed accounts (ex. group +accounts). We can also think of module sub-accounts as similar to derived keys - there is a root key and then some +derivation path. `ModuleID` is a simple struct which contains the module name and optional "derivation" path, +and forms its address based on the `AddressHash` method from [the ADR-028](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-028-public-key-addresses.md): + +```go +type ModuleID struct { + ModuleName string + Path []byte +} + +func (key ModuleID) + +Address() []byte { + return AddressHash(key.ModuleName, key.Path) +} +``` + +In addition to being able to generate a `ModuleID` and address, a `ModuleKey` contains a special function called +`Invoker` which is the key to safe inter-module access. The `Invoker` creates an `InvokeFn` closure which is used as an `Invoke` method in +the `grpc.ClientConn` interface and under the hood is able to route messages to the appropriate `Msg` and `Query` handlers +performing appropriate security checks on `Msg`s. This allows for even safer inter-module access than keeper's whose +private member variables could be manipulated through reflection. Golang does not support reflection on a function +closure's captured variables and direct manipulation of memory would be needed for a truly malicious module to bypass +the `ModuleKey` security. + +The two `ModuleKey` types are `RootModuleKey` and `DerivedModuleKey`: + +```go expandable +type Invoker func(callInfo CallInfo) + +func(ctx context.Context, request, response interface{ +}, opts ...interface{ +}) + +error + +type CallInfo { + Method string + Caller ModuleID +} + +type RootModuleKey struct { + moduleName string + invoker Invoker +} + +func (rm RootModuleKey) + +Derive(path []byte) + +DerivedModuleKey { /* ... */ +} + +type DerivedModuleKey struct { + moduleName string + path []byte + invoker Invoker +} +``` + +A module can get access to a `DerivedModuleKey`, using the `Derive(path []byte)` method on `RootModuleKey` and then +would use this key to authenticate `Msg`s from a sub-account. Ex: + +```go +package foo + +func (fooMsgServer *MsgServer) + +Bar(ctx context.Context, req *MsgBar) (*MsgBarResponse, error) { + derivedKey := fooMsgServer.moduleKey.Derive(req.SomePath) + bankMsgClient := bank.NewMsgClient(derivedKey) + +res, err := bankMsgClient.Balance(ctx, &bank.MsgSend{ + FromAddress: derivedKey.Address(), ... +}) + ... +} +``` + +In this way, a module can gain permissioned access to a root account and any number of sub-accounts and send +authenticated `Msg`s from these accounts. The `Invoker` `callInfo.Caller` parameter is used under the hood to +distinguish between different module accounts, but either way the function returned by `Invoker` only allows `Msg`s +from either the root or a derived module account to pass through. + +Note that `Invoker` itself returns a function closure based on the `CallInfo` passed in. This will allow client implementations +in the future that cache the invoke function for each method type avoiding the overhead of hash table lookup. +This would reduce the performance overhead of this inter-module communication method to the bare minimum required for +checking permissions. + +To re-iterate, the closure only allows access to authorized calls. There is no access to anything else regardless of any +name impersonation. + +Below is a rough sketch of the implementation of `grpc.ClientConn.Invoke` for `RootModuleKey`: + +```go +func (key RootModuleKey) + +Invoke(ctx context.Context, method string, args, reply interface{ +}, opts ...grpc.CallOption) + +error { + f := key.invoker(CallInfo { + Method: method, + Caller: ModuleID { + ModuleName: key.moduleName +}}) + +return f(ctx, args, reply) +} +``` + +### `AppModule` Wiring and Requirements + +In [ADR 031](/docs/sdk/vnext/build/architecture/adr-031-msg-service), the `AppModule.RegisterService(Configurator)` method was introduced. To support +inter-module communication, we extend the `Configurator` interface to pass in the `ModuleKey` and to allow modules to +specify their dependencies on other modules using `RequireServer()`: + +```go +type Configurator interface { + MsgServer() + +grpc.Server + QueryServer() + +grpc.Server + + ModuleKey() + +ModuleKey + RequireServer(msgServer interface{ +}) +} +``` + +The `ModuleKey` is passed to modules in the `RegisterService` method itself so that `RegisterServices` serves as a single +entry point for configuring module services. This is intended to also have the side-effect of greatly reducing boilerplate in +`app.go`. For now, `ModuleKey`s will be created based on `AppModuleBasic.Name()`, but a more flexible system may be +introduced in the future. The `ModuleManager` will handle creation of module accounts behind the scenes. + +Because modules do not get direct access to each other anymore, modules may have unfulfilled dependencies. To make sure +that module dependencies are resolved at startup, the `Configurator.RequireServer` method should be added. The `ModuleManager` +will make sure that all dependencies declared with `RequireServer` can be resolved before the app starts. An example +module `foo` could declare its dependency on `x/bank` like this: + +```go +package foo + +func (am AppModule) + +RegisterServices(cfg Configurator) { + cfg.RequireServer((*bank.QueryServer)(nil)) + +cfg.RequireServer((*bank.MsgServer)(nil)) +} +``` + +### Security Considerations + +In addition to checking for `ModuleKey` permissions, a few additional security precautions will need to be taken by +the underlying router infrastructure. + +#### Recursion and Re-entry + +Recursive or re-entrant method invocations pose a potential security threat. This can be a problem if Module A +calls Module B and Module B calls module A again in the same call. + +One basic way for the router system to deal with this is to maintain a call stack which prevents a module from +being referenced more than once in the call stack so that there is no re-entry. A `map[string]interface{}` table +in the router could be used to perform this security check. + +#### Queries + +Queries in Cosmos SDK are generally un-permissioned so allowing one module to query another module should not pose +any major security threats assuming basic precautions are taken. The basic precaution that the router system will +need to take is making sure that the `sdk.Context` passed to query methods does not allow writing to the store. This +can be done for now with a `CacheMultiStore` as is currently done for `BaseApp` queries. + +### Internal Methods + +In many cases, we may wish for modules to call methods on other modules which are not exposed to clients at all. For this +purpose, we add the `InternalServer` method to `Configurator`: + +```go +type Configurator interface { + MsgServer() + +grpc.Server + QueryServer() + +grpc.Server + InternalServer() + +grpc.Server +} +``` + +As an example, x/slashing's Slash must call x/staking's Slash, but we don't want to expose x/staking's Slash to end users +and clients. + +Internal protobuf services will be defined in a corresponding `internal.proto` file in the given module's +proto package. + +Services registered against `InternalServer` will be callable from other modules but not by external clients. + +An alternative solution to internal-only methods could involve hooks / plugins as discussed [here](https://github.com/cosmos/cosmos-sdk/pull/7459#issuecomment-733807753). +A more detailed evaluation of a hooks / plugin system will be addressed later in follow-ups to this ADR or as a separate +ADR. + +### Authorization + +By default, the inter-module router requires that messages are sent by the first signer returned by `GetSigners`. The +inter-module router should also accept authorization middleware such as that provided by [ADR 030](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-030-authz-module.md). +This middleware will allow accounts to authorize specific module accounts to perform actions on their behalf. +Authorization middleware should take into account the need to grant certain modules effectively "admin" privileges to +other modules. This will be addressed in separate ADRs or updates to this ADR. + +### Future Work + +Other future improvements may include: + +* custom code generation that: + * simplifies interfaces (ex. generates code with `sdk.Context` instead of `context.Context`) + * optimizes inter-module calls - for instance caching resolved methods after first invocation +* combining `StoreKey`s and `ModuleKey`s into a single interface so that modules have a single OCAPs handle +* code generation which makes inter-module communication more performant +* decoupling `ModuleKey` creation from `AppModuleBasic.Name()` so that app's can override root module account names +* inter-module hooks and plugins + +## Alternatives + +### MsgServices vs `x/capability` + +The `x/capability` module does provide a proper object-capability implementation that can be used by any module in the +Cosmos SDK and could even be used for inter-module OCAPs as described in [#5931](https://github.com/cosmos/cosmos-sdk/issues/5931). + +The advantages of the approach described in this ADR are mostly around how it integrates with other parts of the Cosmos SDK, +specifically: + +* protobuf so that: + * code generation of interfaces can be leveraged for a better dev UX + * module interfaces are versioned and checked for breakage using [buf](https://docs.buf.build/breaking-overview) +* sub-module accounts as per ADR 028 +* the general `Msg` passing paradigm and the way signers are specified by `GetSigners` + +Also, this is a complete replacement for keepers and could be applied to *all* inter-module communication whereas the +`x/capability` approach in #5931 would need to be applied method by method. + +## Consequences + +### Backwards Compatibility + +This ADR is intended to provide a pathway to a scenario where there is greater long term compatibility between modules. +In the short-term, this will likely result in breaking certain `Keeper` interfaces which are too permissive and/or +replacing `Keeper` interfaces altogether. + +### Positive + +* an alternative to keepers which can more easily lead to stable inter-module interfaces +* proper inter-module OCAPs +* improved module developer DevX, as commented on by several participants on + [Architecture Review Call, Dec 3](https://hackmd.io/E0wxxOvRQ5qVmTf6N_k84Q) +* lays the groundwork for what can be a greatly simplified `app.go` +* router can be setup to enforce atomic transactions for module-to-module calls + +### Negative + +* modules which adopt this will need significant refactoring + +### Neutral + +## Test Cases \[optional] + +## References + +* [ADR 021](/docs/sdk/vnext/build/architecture/adr-021-protobuf-query-encoding) +* [ADR 031](/docs/sdk/vnext/build/architecture/adr-031-msg-service) +* [ADR 028](/docs/sdk/vnext/build/architecture/adr-028-public-key-addresses) +* [ADR 030 draft](https://github.com/cosmos/cosmos-sdk/pull/7105) +* [Object-Capability Model](https://docs.network.com/main/core/ocap) diff --git a/docs/sdk/next/build/architecture/adr-034-account-rekeying.mdx b/docs/sdk/next/build/architecture/adr-034-account-rekeying.mdx new file mode 100644 index 00000000..ad819486 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-034-account-rekeying.mdx @@ -0,0 +1,78 @@ +--- +title: 'ADR 034: Account Rekeying' +description: '30-09-2020: Initial Draft' +--- +## Changelog + +* 30-09-2020: Initial Draft + +## Status + +PROPOSED + +## Abstract + +Account rekeying is a process that allows an account to replace its authentication pubkey with a new one. + +## Context + +Currently, in the Cosmos SDK, the address of an auth `BaseAccount` is based on the hash of the public key. Once an account is created, the public key for the account is set in stone, and cannot be changed. This can be a problem for users, as key rotation is a useful security practice, but is not possible currently. Furthermore, as multisigs are a type of pubkey, once a multisig for an account is set, it cannot be updated. This is problematic, as multisigs are often used by organizations or companies, who may need to change their set of multisig signers for internal reasons. + +Transferring all the assets of an account to a new account with the updated pubkey is not sufficient, because some "engagements" of an account are not easily transferable. For example, in staking, to transfer bonded Atoms, an account would have to unbond all delegations and wait the three-week unbonding period. Even more significantly, for validator operators, ownership over a validator is not transferable at all, meaning that the operator key for a validator can never be updated, leading to poor operational security for validators. + +## Decision + +We propose the addition of a new feature to `x/auth` that allows accounts to update the public key associated with their account, while keeping the address the same. + +This is possible because the Cosmos SDK `BaseAccount` stores the public key for an account in state, instead of making the assumption that the public key is included in the transaction (whether explicitly or implicitly through the signature) as in other blockchains such as Bitcoin and Ethereum. Because the public key is stored on chain, it is okay for the public key to not hash to the address of an account, as the address is not pertinent to the signature checking process. + +To build this system, we design a new Msg type as follows: + +```protobuf +service Msg { + rpc ChangePubKey(MsgChangePubKey) returns (MsgChangePubKeyResponse); +} + +message MsgChangePubKey { + string address = 1; + google.protobuf.Any pub_key = 2; +} + +message MsgChangePubKeyResponse {} +``` + +The MsgChangePubKey transaction needs to be signed by the existing pubkey in state. + +Once approved, the handler for this message type, which takes in the AccountKeeper, will update the in-state pubkey for the account and replace it with the pubkey from the Msg. + +An account that has had its pubkey changed cannot be automatically pruned from state. This is because if pruned, the original pubkey of the account would be needed to recreate the same address, but the owner of the address may not have the original pubkey anymore. Currently, we do not automatically prune any accounts anyways, but we would like to keep this option open down the road (this is the purpose of account numbers). To resolve this, we charge an additional gas fee for this operation to compensate for this externality (this bound gas amount is configured as a parameter `PubKeyChangeCost`). The bonus gas is charged inside the handler, using the `ConsumeGas` function. Furthermore, in the future, we can allow accounts that have rekeyed manually prune themselves using a new Msg type such as `MsgDeleteAccount`. Manually pruning accounts can give a gas refund as an incentive for performing the action. + +```go +amount := ak.GetParams(ctx).PubKeyChangeCost + ctx.GasMeter().ConsumeGas(amount, "pubkey change fee") +``` + +Every time a key for an address is changed, we will store a log of this change in the state of the chain, thus creating a stack of all previous keys for an address and the time intervals for which they were active. This allows dapps and clients to easily query past keys for an account which may be useful for features such as verifying timestamped off-chain signed messages. + +## Consequences + +### Positive + +* Will allow users and validator operators to employ better operational security practices with key rotation. +* Will allow organizations or groups to easily change and add/remove multisig signers. + +### Negative + +Breaks the current assumed relationship between address and pubkey as H(pubkey) = address. This has a couple of consequences. + +* This makes wallets that support this feature more complicated. For example, if an address on-chain was updated, the corresponding key in the CLI wallet also needs to be updated. +* Cannot automatically prune accounts with 0 balance that have had their pubkey changed. + +### Neutral + +* While the purpose of this is intended to allow the owner of an account to update to a new pubkey they own, this could technically also be used to transfer ownership of an account to a new owner. For example, this could be used to sell a staked position without unbonding or an account that has vesting tokens. However, the friction of this is very high as this would essentially have to be done as a very specific OTC trade. Furthermore, additional constraints could be added to prevent accounts with Vesting tokens to use this feature. +* Will require that PubKeys for an account are included in the genesis exports. + +## References + +* [Link](https://www.algorand.com/resources/blog/announcing-rekeying) diff --git a/docs/sdk/next/build/architecture/adr-035-rosetta-api-support.mdx b/docs/sdk/next/build/architecture/adr-035-rosetta-api-support.mdx new file mode 100644 index 00000000..e06352d9 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-035-rosetta-api-support.mdx @@ -0,0 +1,226 @@ +--- +title: 'ADR 035: Rosetta API Support' +description: >- + Jonathan Gimeno (@jgimeno) David Grierson (@senormonito) Alessio Treglia + (@alessio) Frojdy Dymylja (@fdymylja) +--- +## Authors + +* Jonathan Gimeno (@jgimeno) +* David Grierson (@senormonito) +* Alessio Treglia (@alessio) +* Frojdy Dymylja (@fdymylja) + +## Changelog + +* 2021-05-12: the external library [cosmos-rosetta-gateway](https://github.com/tendermint/cosmos-rosetta-gateway) has been moved within the Cosmos SDK. + +## Context + +[Rosetta API](https://www.rosetta-api.org/) is an open-source specification and set of tools developed by Coinbase to +standardise blockchain interactions. + +Through the use of a standard API for integrating blockchain applications it will + +* Be easier for a user to interact with a given blockchain +* Allow exchanges to integrate new blockchains quickly and easily +* Enable application developers to build cross-blockchain applications such as block explorers, wallets and dApps at + considerably lower cost and effort. + +## Decision + +It is clear that adding Rosetta API support to the Cosmos SDK will bring value to all the developers and +Cosmos SDK based chains in the ecosystem. How it is implemented is key. + +The driving principles of the proposed design are: + +1. **Extensibility:** it must be as riskless and painless as possible for application developers to set-up network + configurations to expose Rosetta API-compliant services. +2. **Long term support:** This proposal aims to provide support for all the Cosmos SDK release series. +3. **Cost-efficiency:** Backporting changes to Rosetta API specifications from `master` to the various stable + branches of Cosmos SDK is a cost that needs to be reduced. + +We will achieve these by delivering on these principles by the following: + +1. There will be a package `rosetta/lib` + for the implementation of the core Rosetta API features, particularly: + a. The types and interfaces (`Client`, `OfflineClient`...), this separates design from implementation detail. + b. The `Server` functionality as this is independent of the Cosmos SDK version. + c. The `Online/OfflineNetwork`, which is not exported, and implements the rosetta API using the `Client` interface to query the node, build tx and so on. + d. The `errors` package to extend rosetta errors. +2. Due to differences between the Cosmos release series, each series will have its own specific implementation of `Client` interface. +3. There will be two options for starting an API service in applications: + a. API shares the application process + b. API-specific process. + +## Architecture + +### The External Repo + +This section will describe the proposed external library, including the service implementation, plus the defined types and interfaces. + +#### Server + +`Server` is a simple `struct` that is started and listens to the port specified in the settings. This is meant to be used across all the Cosmos SDK versions that are actively supported. + +The constructor follows: + +`func NewServer(settings Settings) (Server, error)` + +`Settings`, which are used to construct a new server, are the following: + +```go expandable +// Settings define the rosetta server settings +type Settings struct { + // Network contains the information regarding the network + Network *types.NetworkIdentifier + // Client is the online API handler + Client crgtypes.Client + // Listen is the address the handler will listen at + Listen string + // Offline defines if the rosetta service should be exposed in offline mode + Offline bool + // Retries is the number of readiness checks that will be attempted when instantiating the handler + // valid only for online API + Retries int + // RetryWait is the time that will be waited between retries + RetryWait time.Duration +} +``` + +#### Types + +Package types uses a mixture of rosetta types and custom defined type wrappers, that the client must parse and return while executing operations. + +##### Interfaces + +Every SDK version uses a different format to connect (rpc, gRPC, etc), query and build transactions, we have abstracted this in what is the `Client` interface. +The client uses rosetta types, whilst the `Online/OfflineNetwork` takes care of returning correctly parsed rosetta responses and errors. + +Each Cosmos SDK release series will have their own `Client` implementations. +Developers can implement their own custom `Client`s as required. + +```go expandable +// Client defines the API the client implementation should provide. +type Client interface { + // Needed if the client needs to perform some action before connecting. + Bootstrap() + +error + // Ready checks if the servicer constraints for queries are satisfied + // for example the node might still not be ready, it's useful in process + // when the rosetta instance might come up before the node itself + // the servicer must return nil if the node is ready + Ready() + +error + + // Data API + + // Balances fetches the balance of the given address + // if height is not nil, then the balance will be displayed + // at the provided height, otherwise last block balance will be returned + Balances(ctx context.Context, addr string, height *int64) ([]*types.Amount, error) + // BlockByHashAlt gets a block and its transaction at the provided height + BlockByHash(ctx context.Context, hash string) (BlockResponse, error) + // BlockByHeightAlt gets a block given its height, if height is nil then last block is returned + BlockByHeight(ctx context.Context, height *int64) (BlockResponse, error) + // BlockTransactionsByHash gets the block, parent block and transactions + // given the block hash. + BlockTransactionsByHash(ctx context.Context, hash string) (BlockTransactionsResponse, error) + // BlockTransactionsByHeight gets the block, parent block and transactions + // given the block height. + BlockTransactionsByHeight(ctx context.Context, height *int64) (BlockTransactionsResponse, error) + // GetTx gets a transaction given its hash + GetTx(ctx context.Context, hash string) (*types.Transaction, error) + // GetUnconfirmedTx gets an unconfirmed Tx given its hash + // NOTE(fdymylja): NOT IMPLEMENTED YET! + GetUnconfirmedTx(ctx context.Context, hash string) (*types.Transaction, error) + // Mempool returns the list of the current non confirmed transactions + Mempool(ctx context.Context) ([]*types.TransactionIdentifier, error) + // Peers gets the peers currently connected to the node + Peers(ctx context.Context) ([]*types.Peer, error) + // Status returns the node status, such as sync data, version etc + Status(ctx context.Context) (*types.SyncStatus, error) + + // Construction API + + // PostTx posts txBytes to the node and returns the transaction identifier plus metadata related + // to the transaction itself. + PostTx(txBytes []byte) (res *types.TransactionIdentifier, meta map[string]interface{ +}, err error) + // ConstructionMetadataFromOptions + ConstructionMetadataFromOptions(ctx context.Context, options map[string]interface{ +}) (meta map[string]interface{ +}, err error) + +OfflineClient +} + +// OfflineClient defines the functionalities supported without having access to the node +type OfflineClient interface { + NetworkInformationProvider + // SignedTx returns the signed transaction given the tx bytes (msgs) + +plus the signatures + SignedTx(ctx context.Context, txBytes []byte, sigs []*types.Signature) (signedTxBytes []byte, err error) + // TxOperationsAndSignersAccountIdentifiers returns the operations related to a transaction and the account + // identifiers if the transaction is signed + TxOperationsAndSignersAccountIdentifiers(signed bool, hexBytes []byte) (ops []*types.Operation, signers []*types.AccountIdentifier, err error) + // ConstructionPayload returns the construction payload given the request + ConstructionPayload(ctx context.Context, req *types.ConstructionPayloadsRequest) (resp *types.ConstructionPayloadsResponse, err error) + // PreprocessOperationsToOptions returns the options given the preprocess operations + PreprocessOperationsToOptions(ctx context.Context, req *types.ConstructionPreprocessRequest) (options map[string]interface{ +}, err error) + // AccountIdentifierFromPublicKey returns the account identifier given the public key + AccountIdentifierFromPublicKey(pubKey *types.PublicKey) (*types.AccountIdentifier, error) +} +``` + +### 2. Cosmos SDK Implementation + +The Cosmos SDK implementation, based on version, takes care of satisfying the `Client` interface. +In Stargate, Launchpad and 0.37, we have introduced the concept of rosetta.Msg, this message is not in the shared repository as the sdk.Msg type differs between Cosmos SDK versions. + +The rosetta.Msg interface follows: + +```go +// Msg represents a cosmos-sdk message that can be converted from and to a rosetta operation. +type Msg interface { + sdk.Msg + ToOperations(withStatus, hasError bool) []*types.Operation + FromOperations(ops []*types.Operation) (sdk.Msg, error) +} +``` + +Hence developers who want to extend the rosetta set of supported operations just need to extend their module's sdk.Msgs with the `ToOperations` and `FromOperations` methods. + +### 3. API service invocation + +As stated at the start, application developers will have two methods for invocation of the Rosetta API service: + +1. Shared process for both application and API +2. Standalone API service + +#### Shared Process (Only Stargate) + +Rosetta API service could run within the same execution process as the application. This would be enabled via app.toml settings, and if gRPC is not enabled the rosetta instance would be spun in offline mode (tx building capabilities only). + +#### Separate API service + +Client application developers can write a new command to launch a Rosetta API server as a separate process too, using the rosetta command contained in the `/server/rosetta` package. Construction of the command depends on Cosmos SDK version. Examples can be found inside `simd` for stargate, and `contrib/rosetta/simapp` for other release series. + +## Status + +Proposed + +## Consequences + +### Positive + +* Out-of-the-box Rosetta API support within Cosmos SDK. +* Blockchain interface standardisation + +## References + +* [Link](https://www.rosetta-api.org/) diff --git a/docs/sdk/next/build/architecture/adr-036-arbitrary-signature.mdx b/docs/sdk/next/build/architecture/adr-036-arbitrary-signature.mdx new file mode 100644 index 00000000..81e0fec3 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-036-arbitrary-signature.mdx @@ -0,0 +1,134 @@ +--- +title: 'ADR 036: Arbitrary Message Signature Specification' +description: 28/10/2020 - Initial draft +--- +## Changelog + +* 28/10/2020 - Initial draft + +## Authors + +* Antoine Herzog (@antoineherzog) +* Zaki Manian (@zmanian) +* Aleksandr Bezobchuk (alexanderbez) \[1] +* Frojdi Dymylja (@fdymylja) + +## Status + +Draft + +## Abstract + +Currently, in the Cosmos SDK, there is no convention to sign arbitrary messages like in Ethereum. We propose with this specification, for Cosmos SDK ecosystem, a way to sign and validate off-chain arbitrary messages. + +This specification serves the purpose of covering every use case; this means that Cosmos SDK application developers decide how to serialize and represent `Data` to users. + +## Context + +Having the ability to sign messages off-chain has proven to be a fundamental aspect of nearly any blockchain. The notion of signing messages off-chain has many added benefits such as saving on computational costs and reducing transaction throughput and overhead. Within the context of the Cosmos, some of the major applications of signing such data include, but is not limited to, providing a cryptographic secure and verifiable means of proving validator identity and possibly associating it with some other framework or organization. In addition, having the ability to sign Cosmos messages with a Ledger or similar HSM device. + +Further context and use cases can be found in the reference links. + +## Decision + +The aim is being able to sign arbitrary messages, even using Ledger or similar HSM devices. + +As a result, signed messages should look roughly like Cosmos SDK messages but **must not** be a valid on-chain transaction. `chain-id`, `account_number` and `sequence` can all be assigned invalid values. + +Cosmos SDK 0.40 also introduces a concept of “auth\_info” this can specify SIGN\_MODES. + +A spec should include an `auth_info` that supports SIGN\_MODE\_DIRECT and SIGN\_MODE\_LEGACY\_AMINO. + +To create the `offchain` proto definitions, we extend the auth module with `offchain` package to offer functionalities to verify and sign offline messages. + +An offchain transaction follows these rules: + +* the memo must be empty +* nonce, sequence number must be equal to 0 +* chain-id must be equal to “” +* fee gas must be equal to 0 +* fee amount must be an empty array + +Verification of an offchain transaction follows the same rules as an onchain one, except for the spec differences highlighted above. + +The first message added to the `offchain` package is `MsgSignData`. + +`MsgSignData` allows developers to sign arbitrary bytes validatable offchain only. `Signer` is the account address of the signer. `Data` is arbitrary bytes which can represent `text`, `files`, `object`s. It's applications developers decision how `Data` should be deserialized, serialized and the object it can represent in their context. + +It's applications developers decision how `Data` should be treated, by treated we mean the serialization and deserialization process and the Object `Data` should represent. + +Proto definition: + +```protobuf +// MsgSignData defines an arbitrary, general-purpose, off-chain message +message MsgSignData { + // Signer is the sdk.AccAddress of the message signer + bytes Signer = 1 [(gogoproto.jsontag) = "signer", (gogoproto.casttype) = "github.com/cosmos/cosmos-sdk/types.AccAddress"]; + // Data represents the raw bytes of the content that is signed (text, json, etc) + bytes Data = 2 [(gogoproto.jsontag) = "data"]; +} +``` + +Signed MsgSignData json example: + +```json expandable +{ + "type": "cosmos-sdk/StdTx", + "value": { + "msg": [ + { + "type": "sign/MsgSignData", + "value": { + "signer": "cosmos1hftz5ugqmpg9243xeegsqqav62f8hnywsjr4xr", + "data": "cmFuZG9t" + } + } + ], + "fee": { + "amount": [], + "gas": "0" + }, + "signatures": [ + { + "pub_key": { + "type": "tendermint/PubKeySecp256k1", + "value": "AqnDSiRoFmTPfq97xxEb2VkQ/Hm28cPsqsZm9jEVsYK9" + }, + "signature": "8y8i34qJakkjse9pOD2De+dnlc4KvFgh0wQpes4eydN66D9kv7cmCEouRrkka9tlW9cAkIL52ErB+6ye7X5aEg==" + } + ], + "memo": "" + } +} +``` + +## Consequences + +There is a specification on how messages, that are not meant to be broadcast to a live chain, should be formed. + +### Backwards Compatibility + +Backwards compatibility is maintained as this is a new message spec definition. + +### Positive + +* A common format that can be used by multiple applications to sign and verify off-chain messages. +* The specification is primitive which means it can cover every use case without limiting what is possible to fit inside it. +* It gives room for other off-chain messages specifications that aim to target more specific and common use cases such as off-chain-based authN/authZ layers \[2]. + +### Negative + +* The current proposal requires a fixed relationship between an account address and a public key. +* Doesn't work with multisig accounts. + +## Further discussion + +* Regarding security in `MsgSignData`, the developer using `MsgSignData` is in charge of making the content contained in `Data` non-replayable when, and if, needed. +* The offchain package will be further extended with extra messages that target specific use cases such as, but not limited to, authentication in applications, payment channels, L2 solutions in general. + +## References + +1. [Link](https://github.com/cosmos/ics/pull/33) +2. [Link](https://github.com/cosmos/cosmos-sdk/pull/7727#discussion_r515668204) +3. [Link](https://github.com/cosmos/cosmos-sdk/pull/7727#issuecomment-722478477) +4. [Link](https://github.com/cosmos/cosmos-sdk/pull/7727#issuecomment-721062923) diff --git a/docs/sdk/next/build/architecture/adr-037-gov-split-vote.mdx b/docs/sdk/next/build/architecture/adr-037-gov-split-vote.mdx new file mode 100644 index 00000000..f6ad8452 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-037-gov-split-vote.mdx @@ -0,0 +1,113 @@ +--- +title: 'ADR 037: Governance split votes' +description: '2020/10/28: Initial draft' +--- +## Changelog + +* 2020/10/28: Initial draft + +## Status + +Accepted + +## Abstract + +This ADR defines a modification to the governance module that would allow a staker to split their votes into several voting options. For example, it could use 70% of its voting power to vote Yes and 30% of its voting power to vote No. + +## Context + +Currently, an address can cast a vote with only one option (Yes/No/Abstain/NoWithVeto) and use their full voting power behind that choice. + +However, oftentimes the entity owning that address might not be a single individual. For example, a company might have different stakeholders who want to vote differently, and so it makes sense to allow them to split their voting power. Another example use case is exchanges. Many centralized exchanges often stake a portion of their users' tokens in their custody. Currently, it is not possible for them to do "passthrough voting" and giving their users voting rights over their tokens. However, with this system, exchanges can poll their users for voting preferences, and then vote on-chain proportionally to the results of the poll. + +## Decision + +We modify the vote structs to be + +```go +type WeightedVoteOption struct { + Option string + Weight sdk.Dec +} + +type Vote struct { + ProposalID int64 + Voter sdk.Address + Options []WeightedVoteOption +} +``` + +And for backwards compatibility, we introduce `MsgVoteWeighted` while keeping `MsgVote`. + +```go expandable +type MsgVote struct { + ProposalID int64 + Voter sdk.Address + Option Option +} + +type MsgVoteWeighted struct { + ProposalID int64 + Voter sdk.Address + Options []WeightedVoteOption +} +``` + +The `ValidateBasic` of a `MsgVoteWeighted` struct would require that + +1. The sum of all the rates is equal to 1.0 +2. No Option is repeated + +The governance tally function will iterate over all the options in a vote and add to the tally the result of the voter's voting power \* the rate for that option. + +```go +tally() { + results := map[types.VoteOption]sdk.Dec + for _, vote := range votes { + for i, weightedOption := range vote.Options { + results[weightedOption.Option] += getVotingPower(vote.voter) * weightedOption.Weight +} + +} +} +``` + +The CLI command for creating a multi-option vote would be as such: + +```shell +simd tx gov vote 1 "yes=0.6,no=0.3,abstain=0.05,no_with_veto=0.05" --from mykey +``` + +To create a single-option vote a user can do either + +```shell +simd tx gov vote 1 "yes=1" --from mykey +``` + +or + +```shell +simd tx gov vote 1 yes --from mykey +``` + +to maintain backwards compatibility. + +## Consequences + +### Backwards Compatibility + +* Previous VoteMsg types will remain the same and so clients will not have to update their procedure unless they want to support the WeightedVoteMsg feature. +* When querying a Vote struct from state, its structure will be different, and so clients wanting to display all voters and their respective votes will have to handle the new format and the fact that a single voter can have split votes. +* The result of querying the tally function should have the same API for clients. + +### Positive + +* Can make the voting process more accurate for addresses representing multiple stakeholders, often some of the largest addresses. + +### Negative + +* Is more complex than simple voting, and so may be harder to explain to users. However, this is mostly mitigated because the feature is opt-in. + +### Neutral + +* Relatively minor change to governance tally function. diff --git a/docs/sdk/next/build/architecture/adr-038-state-listening.mdx b/docs/sdk/next/build/architecture/adr-038-state-listening.mdx new file mode 100644 index 00000000..f07db684 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-038-state-listening.mdx @@ -0,0 +1,857 @@ +--- +title: 'ADR 038: KVStore state listening' +--- +## Changelog + +* 11/23/2020: Initial draft +* 10/06/2022: Introduce plugin system based on hashicorp/go-plugin +* 10/14/2022: + * Add `ListenCommit`, flatten the state writes in a block to a single batch. + * Remove listeners from cache stores, should only listen to `rootmulti.Store`. + * Remove `HaltAppOnDeliveryError()`, the errors are propagated by default, the implementations should return nil if they don't want to propagate errors. +* 26/05/2023: Update with ABCI 2.0 + +## Status + +Proposed + +## Abstract + +This ADR defines a set of changes to enable listening to state changes of individual KVStores and exposing these data to consumers. + +## Context + +Currently, KVStore data can be remotely accessed through [Queries](https://docs.cosmos.network/main/build/building-modules/messages-and-queries#queries) +which proceed either through Tendermint and the ABCI, or through the gRPC server. +In addition to these request/response queries, it would be beneficial to have a means of listening to state changes as they occur in real time. + +## Decision + +We will modify the `CommitMultiStore` interface and its concrete (`rootmulti`) implementations and introduce a new `listenkv.Store` to allow listening to state changes in underlying KVStores. We don't need to listen to cache stores, because we can't be sure that the writes will be committed eventually, and the writes are duplicated in `rootmulti.Store` eventually, so we should only listen to `rootmulti.Store`. +We will introduce a plugin system for configuring and running streaming services that write these state changes and their surrounding ABCI message context to different destinations. + +### Listening + +In a new file, `store/types/listening.go`, we will create a `MemoryListener` struct for streaming out protobuf encoded KV pairs state changes from a KVStore. +The `MemoryListener` will be used internally by the concrete `rootmulti` implementation to collect state changes from KVStores. + +```go expandable +// MemoryListener listens to the state writes and accumulate the records in memory. +type MemoryListener struct { + stateCache []StoreKVPair +} + +// NewMemoryListener creates a listener that accumulates the state writes in memory. +func NewMemoryListener() *MemoryListener { + return &MemoryListener{ +} +} + +// OnWrite writes state change events to the internal cache +func (fl *MemoryListener) + +OnWrite(storeKey StoreKey, key []byte, value []byte, delete bool) { + fl.stateCache = append(fl.stateCache, StoreKVPair{ + StoreKey: storeKey.Name(), + Delete: delete, + Key: key, + Value: value, +}) +} + +// PopStateCache returns the current state caches and set to nil +func (fl *MemoryListener) + +PopStateCache() []StoreKVPair { + res := fl.stateCache + fl.stateCache = nil + return res +} +``` + +We will also define a protobuf type for the KV pairs. In addition to the key and value fields this message +will include the StoreKey for the originating KVStore so that we can collect information from separate KVStores and determine the source of each KV pair. + +```protobuf +message StoreKVPair { + optional string store_key = 1; // the store key for the KVStore this pair originates from + required bool set = 2; // true indicates a set operation, false indicates a delete operation + required bytes key = 3; + required bytes value = 4; +} +``` + +### ListenKVStore + +We will create a new `Store` type `listenkv.Store` that the `rootmulti` store will use to wrap a `KVStore` to enable state listening. +We will configure the `Store` with a `MemoryListener` which will collect state changes for output to specific destinations. + +```go expandable +// Store implements the KVStore interface with listening enabled. +// Operations are traced on each core KVStore call and written to any of the +// underlying listeners with the proper key and operation permissions +type Store struct { + parent types.KVStore + listener *types.MemoryListener + parentStoreKey types.StoreKey +} + +// NewStore returns a reference to a new traceKVStore given a parent +// KVStore implementation and a buffered writer. +func NewStore(parent types.KVStore, psk types.StoreKey, listener *types.MemoryListener) *Store { + return &Store{ + parent: parent, listener: listener, parentStoreKey: psk +} +} + +// Set implements the KVStore interface. It traces a write operation and +// delegates the Set call to the parent KVStore. +func (s *Store) + +Set(key []byte, value []byte) { + types.AssertValidKey(key) + +s.parent.Set(key, value) + +s.listener.OnWrite(s.parentStoreKey, key, value, false) +} + +// Delete implements the KVStore interface. It traces a write operation and +// delegates the Delete call to the parent KVStore. +func (s *Store) + +Delete(key []byte) { + s.parent.Delete(key) + +s.listener.OnWrite(s.parentStoreKey, key, nil, true) +} +``` + +### MultiStore interface updates + +We will update the `CommitMultiStore` interface to allow us to wrap a `MemoryListener` to a specific `KVStore`. +Note that the `MemoryListener` will be attached internally by the concrete `rootmulti` implementation. + +```go +type CommitMultiStore interface { + ... + + // AddListeners adds a listener for the KVStore belonging to the provided StoreKey + AddListeners(keys []StoreKey) + + // PopStateCache returns the accumulated state change messages from MemoryListener + PopStateCache() []StoreKVPair +} +``` + +### MultiStore implementation updates + +We will adjust the `rootmulti` `GetKVStore` method to wrap the returned `KVStore` with a `listenkv.Store` if listening is turned on for that `Store`. + +```go expandable +func (rs *Store) + +GetKVStore(key types.StoreKey) + +types.KVStore { + store := rs.stores[key].(types.KVStore) + if rs.TracingEnabled() { + store = tracekv.NewStore(store, rs.traceWriter, rs.traceContext) +} + if rs.ListeningEnabled(key) { + store = listenkv.NewStore(store, key, rs.listeners[key]) +} + +return store +} +``` + +We will implement `AddListeners` to manage KVStore listeners internally and implement `PopStateCache` +for a means of retrieving the current state. + +```go +// AddListeners adds state change listener for a specific KVStore +func (rs *Store) + +AddListeners(keys []types.StoreKey) { + listener := types.NewMemoryListener() + for i := range keys { + rs.listeners[keys[i]] = listener +} +} +``` + +```go +func (rs *Store) + +PopStateCache() []types.StoreKVPair { + var cache []types.StoreKVPair + for _, ls := range rs.listeners { + cache = append(cache, ls.PopStateCache()...) +} + +sort.SliceStable(cache, func(i, j int) + +bool { + return cache[i].StoreKey < cache[j].StoreKey +}) + +return cache +} +``` + +We will also adjust the `rootmulti` `CacheMultiStore` and `CacheMultiStoreWithVersion` methods to enable listening in +the cache layer. + +```go expandable +func (rs *Store) + +CacheMultiStore() + +types.CacheMultiStore { + stores := make(map[types.StoreKey]types.CacheWrapper) + for k, v := range rs.stores { + store := v.(types.KVStore) + // Wire the listenkv.Store to allow listeners to observe the writes from the cache store, + // set same listeners on cache store will observe duplicated writes. + if rs.ListeningEnabled(k) { + store = listenkv.NewStore(store, k, rs.listeners[k]) +} + +stores[k] = store +} + +return cachemulti.NewStore(rs.db, stores, rs.keysByName, rs.traceWriter, rs.getTracingContext()) +} +``` + +```go expandable +func (rs *Store) + +CacheMultiStoreWithVersion(version int64) (types.CacheMultiStore, error) { + // ... + + // Wire the listenkv.Store to allow listeners to observe the writes from the cache store, + // set same listeners on cache store will observe duplicated writes. + if rs.ListeningEnabled(key) { + cacheStore = listenkv.NewStore(cacheStore, key, rs.listeners[key]) +} + +cachedStores[key] = cacheStore +} + +return cachemulti.NewStore(rs.db, cachedStores, rs.keysByName, rs.traceWriter, rs.getTracingContext()), nil +} +``` + +### Exposing the data + +#### Streaming Service + +We will introduce a new `ABCIListener` interface that plugs into the BaseApp and relays ABCI requests and responses +so that the service can group the state changes with the ABCI requests. + +```go +// baseapp/streaming.go + +// ABCIListener is the interface that we're exposing as a streaming service. +type ABCIListener interface { + // ListenFinalizeBlock updates the streaming service with the latest FinalizeBlock messages + ListenFinalizeBlock(ctx context.Context, req abci.FinalizeBlockRequest, res abci.FinalizeBlockResponse) + +error + // ListenCommit updates the streaming service with the latest Commit messages and state changes + ListenCommit(ctx context.Context, res abci.CommitResponse, changeSet []*StoreKVPair) + +error +} +``` + +#### BaseApp Registration + +We will add a new method to the `BaseApp` to enable the registration of `StreamingService`s: + +```go +// SetStreamingService is used to set a streaming service into the BaseApp hooks and load the listeners into the multistore +func (app *BaseApp) + +SetStreamingService(s ABCIListener) { + // register the StreamingService within the BaseApp + // BaseApp will pass BeginBlock, DeliverTx, and EndBlock requests and responses to the streaming services to update their ABCI context + app.abciListeners = append(app.abciListeners, s) +} +``` + +We will add two new fields to the `BaseApp` struct: + +```go expandable +type BaseApp struct { + + ... + + // abciListenersAsync for determining if abciListeners will run asynchronously. + // When abciListenersAsync=false and stopNodeOnABCIListenerErr=false listeners will run synchronized but will not stop the node. + // When abciListenersAsync=true stopNodeOnABCIListenerErr will be ignored. + abciListenersAsync bool + + // stopNodeOnABCIListenerErr halts the node when ABCI streaming service listening results in an error. + // stopNodeOnABCIListenerErr=true must be paired with abciListenersAsync=false. + stopNodeOnABCIListenerErr bool +} +``` + +#### ABCI Event Hooks + +We will modify the `FinalizeBlock` and `Commit` methods to pass ABCI requests and responses +to any streaming service hooks registered with the `BaseApp`. + +```go expandable +func (app *BaseApp) + +FinalizeBlock(req abci.FinalizeBlockRequest) + +abci.FinalizeBlockResponse { + var abciRes abci.FinalizeBlockResponse + defer func() { + // call the streaming service hook with the FinalizeBlock messages + for _, abciListener := range app.abciListeners { + ctx := app.finalizeState.ctx + blockHeight := ctx.BlockHeight() + if app.abciListenersAsync { + go func(req abci.FinalizeBlockRequest, res abci.FinalizeBlockResponse) { + if err := app.abciListener.FinalizeBlock(blockHeight, req, res); err != nil { + app.logger.Error("FinalizeBlock listening hook failed", "height", blockHeight, "err", err) +} + +}(req, abciRes) +} + +else { + if err := app.abciListener.ListenFinalizeBlock(blockHeight, req, res); err != nil { + app.logger.Error("FinalizeBlock listening hook failed", "height", blockHeight, "err", err) + if app.stopNodeOnABCIListenerErr { + os.Exit(1) +} + +} + +} + +} + +}() + + ... + + return abciRes +} +``` + +```go expandable +func (app *BaseApp) + +Commit() + +abci.CommitResponse { + + ... + res := abci.CommitResponse{ + Data: commitID.Hash, + RetainHeight: retainHeight, +} + + // call the streaming service hook with the Commit messages + for _, abciListener := range app.abciListeners { + ctx := app.deliverState.ctx + blockHeight := ctx.BlockHeight() + changeSet := app.cms.PopStateCache() + if app.abciListenersAsync { + go func(res abci.CommitResponse, changeSet []store.StoreKVPair) { + if err := app.abciListener.ListenCommit(ctx, res, changeSet); err != nil { + app.logger.Error("ListenCommit listening hook failed", "height", blockHeight, "err", err) +} + +}(res, changeSet) +} + +else { + if err := app.abciListener.ListenCommit(ctx, res, changeSet); err != nil { + app.logger.Error("ListenCommit listening hook failed", "height", blockHeight, "err", err) + if app.stopNodeOnABCIListenerErr { + os.Exit(1) +} + +} + +} + +} + + ... + + return res +} +``` + +#### Go Plugin System + +We propose a plugin architecture to load and run `Streaming` plugins and other types of implementations. We will introduce a plugin +system over gRPC that is used to load and run Cosmos-SDK plugins. The plugin system uses [hashicorp/go-plugin](https://github.com/hashicorp/go-plugin). +Each plugin must have a struct that implements the `plugin.Plugin` interface and an `Impl` interface for processing messages over gRPC. +Each plugin must also have a message protocol defined for the gRPC service: + +```go expandable +// streaming/plugins/abci/{ + plugin_version +}/interface.go + +// Handshake is a common handshake that is shared by streaming and host. +// This prevents users from executing bad plugins or executing a plugin +// directory. It is a UX feature, not a security feature. +var Handshake = plugin.HandshakeConfig{ + ProtocolVersion: 1, + MagicCookieKey: "ABCI_LISTENER_PLUGIN", + MagicCookieValue: "ef78114d-7bdf-411c-868f-347c99a78345", +} + +// ListenerPlugin is the base struct for all kinds of go-plugin implementations +// It will be included in interfaces of different Plugins +type ABCIListenerPlugin struct { + // GRPCPlugin must still implement the Plugin interface + plugin.Plugin + // Concrete implementation, written in Go. This is only used for plugins + // that are written in Go. + Impl baseapp.ABCIListener +} + +func (p *ListenerGRPCPlugin) + +GRPCServer(_ *plugin.GRPCBroker, s *grpc.Server) + +error { + RegisterABCIListenerServiceServer(s, &GRPCServer{ + Impl: p.Impl +}) + +return nil +} + +func (p *ListenerGRPCPlugin) + +GRPCClient( + _ context.Context, + _ *plugin.GRPCBroker, + c *grpc.ClientConn, +) (interface{ +}, error) { + return &GRPCClient{ + client: NewABCIListenerServiceClient(c) +}, nil +} +``` + +The `plugin.Plugin` interface has two methods `Client` and `Server`. For our GRPC service these are `GRPCClient` and `GRPCServer` +The `Impl` field holds the concrete implementation of our `baseapp.ABCIListener` interface written in Go. +Note: this is only used for plugin implementations written in Go. + +The advantage of having such a plugin system is that within each plugin authors can define the message protocol in a way that fits their use case. +For example, when state change listening is desired, the `ABCIListener` message protocol can be defined as below (*for illustrative purposes only*). +When state change listening is not desired than `ListenCommit` can be omitted from the protocol. + +```protobuf expandable +syntax = "proto3"; + +... + +message Empty {} + +message ListenFinalizeBlockRequest { + RequestFinalizeBlock req = 1; + ResponseFinalizeBlock res = 2; +} +message ListenCommitRequest { + int64 block_height = 1; + ResponseCommit res = 2; + repeated StoreKVPair changeSet = 3; +} + +// plugin that listens to state changes +service ABCIListenerService { + rpc ListenFinalizeBlock(ListenFinalizeBlockRequest) returns (Empty); + rpc ListenCommit(ListenCommitRequest) returns (Empty); +} +``` + +```protobuf +... +// plugin that doesn't listen to state changes +service ABCIListenerService { + rpc ListenFinalizeBlock(ListenFinalizeBlockRequest) returns (Empty); + rpc ListenCommit(ListenCommitRequest) returns (Empty); +} +``` + +Implementing the service above: + +```go expandable +// streaming/plugins/abci/{ + plugin_version +}/grpc.go + +var ( + _ baseapp.ABCIListener = (*GRPCClient)(nil) +) + +// GRPCClient is an implementation of the ABCIListener and ABCIListenerPlugin interfaces that talks over RPC. +type GRPCClient struct { + client ABCIListenerServiceClient +} + +func (m *GRPCClient) + +ListenFinalizeBlock(goCtx context.Context, req abci.FinalizeBlockRequest, res abci.FinalizeBlockResponse) + +error { + ctx := sdk.UnwrapSDKContext(goCtx) + _, err := m.client.ListenDeliverTx(ctx, &ListenDeliverTxRequest{ + BlockHeight: ctx.BlockHeight(), + Req: req, + Res: res +}) + +return err +} + +func (m *GRPCClient) + +ListenCommit(goCtx context.Context, res abci.CommitResponse, changeSet []store.StoreKVPair) + +error { + ctx := sdk.UnwrapSDKContext(goCtx) + _, err := m.client.ListenCommit(ctx, &ListenCommitRequest{ + BlockHeight: ctx.BlockHeight(), + Res: res, + ChangeSet: changeSet +}) + +return err +} + +// GRPCServer is the gRPC server that GRPCClient talks to. +type GRPCServer struct { + // This is the real implementation + Impl baseapp.ABCIListener +} + +func (m *GRPCServer) + +ListenFinalizeBlock(ctx context.Context, req *ListenFinalizeBlockRequest) (*Empty, error) { + return &Empty{ +}, m.Impl.ListenFinalizeBlock(ctx, req.Req, req.Res) +} + +func (m *GRPCServer) + +ListenCommit(ctx context.Context, req *ListenCommitRequest) (*Empty, error) { + return &Empty{ +}, m.Impl.ListenCommit(ctx, req.Res, req.ChangeSet) +} +``` + +And the pre-compiled Go plugin `Impl`(*this is only used for plugins that are written in Go*): + +```go expandable +// streaming/plugins/abci/{ + plugin_version +}/impl/plugin.go + +// Plugins are pre-compiled and loaded by the plugin system + +// ABCIListener is the implementation of the baseapp.ABCIListener interface +type ABCIListener struct{ +} + +func (m *ABCIListenerPlugin) + +ListenFinalizeBlock(ctx context.Context, req abci.FinalizeBlockRequest, res abci.FinalizeBlockResponse) + +error { + // send data to external system +} + +func (m *ABCIListenerPlugin) + +ListenCommit(ctx context.Context, res abci.CommitResponse, changeSet []store.StoreKVPair) + +error { + // send data to external system +} + +func main() { + plugin.Serve(&plugin.ServeConfig{ + HandshakeConfig: grpc_abci_v1.Handshake, + Plugins: map[string]plugin.Plugin{ + "grpc_plugin_v1": &grpc_abci_v1.ABCIListenerGRPCPlugin{ + Impl: &ABCIListenerPlugin{ +}}, +}, + + // A non-nil value here enables gRPC serving for this streaming... + GRPCServer: plugin.DefaultGRPCServer, +}) +} +``` + +We will introduce a plugin loading system that will return `(interface{}, error)`. +This provides the advantage of using versioned plugins where the plugin interface and gRPC protocol change over time. +In addition, it allows for building independent plugin that can expose different parts of the system over gRPC. + +```go expandable +func NewStreamingPlugin(name string, logLevel string) (interface{ +}, error) { + logger := hclog.New(&hclog.LoggerOptions{ + Output: hclog.DefaultOutput, + Level: toHclogLevel(logLevel), + Name: fmt.Sprintf("plugin.%s", name), +}) + + // We're a host. Start by launching the streaming process. + env := os.Getenv(GetPluginEnvKey(name)) + client := plugin.NewClient(&plugin.ClientConfig{ + HandshakeConfig: HandshakeMap[name], + Plugins: PluginMap, + Cmd: exec.Command("sh", "-c", env), + Logger: logger, + AllowedProtocols: []plugin.Protocol{ + plugin.ProtocolNetRPC, plugin.ProtocolGRPC +}, +}) + + // Connect via RPC + rpcClient, err := client.Client() + if err != nil { + return nil, err +} + + // Request streaming plugin + return rpcClient.Dispense(name) +} +``` + +We propose a `RegisterStreamingPlugin` function for the App to register `NewStreamingPlugin`s with the App's BaseApp. +Streaming plugins can be of `Any` type; therefore, the function takes in an interface vs a concrete type. +For example, we could have plugins of `ABCIListener`, `WasmListener` or `IBCListener`. Note that `RegisterStreamingPlugin` function +is helper function and not a requirement. Plugin registration can easily be moved from the App to the BaseApp directly. + +```go expandable +// baseapp/streaming.go + +// RegisterStreamingPlugin registers streaming plugins with the App. +// This method returns an error if a plugin is not supported. +func RegisterStreamingPlugin( + bApp *BaseApp, + appOpts servertypes.AppOptions, + keys map[string]*types.KVStoreKey, + streamingPlugin interface{ +}, +) + +error { + switch t := streamingPlugin.(type) { + case ABCIListener: + registerABCIListenerPlugin(bApp, appOpts, keys, t) + +default: + return fmt.Errorf("unexpected plugin type %T", t) +} + +return nil +} +``` + +```go expandable +func registerABCIListenerPlugin( + bApp *BaseApp, + appOpts servertypes.AppOptions, + keys map[string]*store.KVStoreKey, + abciListener ABCIListener, +) { + asyncKey := fmt.Sprintf("%s.%s.%s", StreamingTomlKey, StreamingABCITomlKey, StreamingABCIAsync) + async := cast.ToBool(appOpts.Get(asyncKey)) + stopNodeOnErrKey := fmt.Sprintf("%s.%s.%s", StreamingTomlKey, StreamingABCITomlKey, StreamingABCIStopNodeOnErrTomlKey) + stopNodeOnErr := cast.ToBool(appOpts.Get(stopNodeOnErrKey)) + keysKey := fmt.Sprintf("%s.%s.%s", StreamingTomlKey, StreamingABCITomlKey, StreamingABCIKeysTomlKey) + exposeKeysStr := cast.ToStringSlice(appOpts.Get(keysKey)) + exposedKeys := exposeStoreKeysSorted(exposeKeysStr, keys) + +bApp.cms.AddListeners(exposedKeys) + +app.SetStreamingManager( + storetypes.StreamingManager{ + ABCIListeners: []storetypes.ABCIListener{ + abciListener +}, + StopNodeOnErr: stopNodeOnErr, +}, + ) +} +``` + +```go expandable +func exposeAll(list []string) + +bool { + for _, ele := range list { + if ele == "*" { + return true +} + +} + +return false +} + +func exposeStoreKeys(keysStr []string, keys map[string]*types.KVStoreKey) []types.StoreKey { + var exposeStoreKeys []types.StoreKey + if exposeAll(keysStr) { + exposeStoreKeys = make([]types.StoreKey, 0, len(keys)) + for _, storeKey := range keys { + exposeStoreKeys = append(exposeStoreKeys, storeKey) +} + +} + +else { + exposeStoreKeys = make([]types.StoreKey, 0, len(keysStr)) + for _, keyStr := range keysStr { + if storeKey, ok := keys[keyStr]; ok { + exposeStoreKeys = append(exposeStoreKeys, storeKey) +} + +} + +} + // sort storeKeys for deterministic output + sort.SliceStable(exposeStoreKeys, func(i, j int) + +bool { + return exposeStoreKeys[i].Name() < exposeStoreKeys[j].Name() +}) + +return exposeStoreKeys +} +``` + +The `NewStreamingPlugin` and `RegisterStreamingPlugin` functions are used to register a plugin with the App's BaseApp. + +e.g. in `NewSimApp`: + +```go expandable +func NewSimApp( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), +) *SimApp { + + ... + keys := sdk.NewKVStoreKeys( + authtypes.StoreKey, banktypes.StoreKey, stakingtypes.StoreKey, + minttypes.StoreKey, distrtypes.StoreKey, slashingtypes.StoreKey, + govtypes.StoreKey, paramstypes.StoreKey, ibchost.StoreKey, upgradetypes.StoreKey, + evidencetypes.StoreKey, ibctransfertypes.StoreKey, capabilitytypes.StoreKey, + ) + + ... + + // register streaming services + streamingCfg := cast.ToStringMap(appOpts.Get(baseapp.StreamingTomlKey)) + for service := range streamingCfg { + pluginKey := fmt.Sprintf("%s.%s.%s", baseapp.StreamingTomlKey, service, baseapp.StreamingPluginTomlKey) + pluginName := strings.TrimSpace(cast.ToString(appOpts.Get(pluginKey))) + if len(pluginName) > 0 { + logLevel := cast.ToString(appOpts.Get(flags.FlagLogLevel)) + +plugin, err := streaming.NewStreamingPlugin(pluginName, logLevel) + if err != nil { + tmos.Exit(err.Error()) +} + if err := baseapp.RegisterStreamingPlugin(bApp, appOpts, keys, plugin); err != nil { + tmos.Exit(err.Error()) +} + +} + +} + +return app +``` + +#### Configuration + +The plugin system will be configured within an App's TOML configuration files. + +```toml expandable +# gRPC streaming +[streaming] + +# ABCI streaming service +[streaming.abci] + +# The plugin version to use for ABCI listening +plugin = "abci_v1" + +# List of kv store keys to listen to for state changes. +# Set to ["*"] to expose all keys. +keys = ["*"] + +# Enable abciListeners to run asynchronously. +# When abciListenersAsync=false and stopNodeOnABCIListenerErr=false listeners will run synchronized but will not stop the node. +# When abciListenersAsync=true stopNodeOnABCIListenerErr will be ignored. +async = false + +# Whether to stop the node on message deliver error. +stop-node-on-err = true +``` + +There will be four parameters for configuring `ABCIListener` plugin: `streaming.abci.plugin`, `streaming.abci.keys`, `streaming.abci.async` and `streaming.abci.stop-node-on-err`. +`streaming.abci.plugin` is the name of the plugin we want to use for streaming, `streaming.abci.keys` is a set of store keys for stores it listens to, +`streaming.abci.async` is bool enabling asynchronous listening and `streaming.abci.stop-node-on-err` is a bool that stops the node when true and when operating +on synchronized mode `streaming.abci.async=false`. Note that `streaming.abci.stop-node-on-err=true` will be ignored if `streaming.abci.async=true`. + +The configuration above support additional streaming plugins by adding the plugin to the `[streaming]` configuration section +and registering the plugin with `RegisterStreamingPlugin` helper function. + +Note the that each plugin must include `streaming.{service}.plugin` property as it is a requirement for doing the lookup and registration of the plugin +with the App. All other properties are unique to the individual services. + +#### Encoding and decoding streams + +ADR-038 introduces the interfaces and types for streaming state changes out from KVStores, associating this +data with their related ABCI requests and responses, and registering a service for consuming this data and streaming it to some destination in a final format. +Instead of prescribing a final data format in this ADR, it is left to a specific plugin implementation to define and document this format. +We take this approach because flexibility in the final format is necessary to support a wide range of streaming service plugins. For example, +the data format for a streaming service that writes the data out to a set of files will differ from the data format that is written to a Kafka topic. + +## Consequences + +These changes will provide a means of subscribing to KVStore state changes in real time. + +### Backwards Compatibility + +* This ADR changes the `CommitMultiStore` interface, implementations supporting the previous version of this interface will not support the new one + +### Positive + +* Ability to listen to KVStore state changes in real time and expose these events to external consumers + +### Negative + +* Changes `CommitMultiStore` interface and its implementations + +### Neutral + +* Introduces additional—but optional—complexity to configuring and running a cosmos application +* If an application developer opts to use these features to expose data, they need to be aware of the ramifications/risks of that data exposure as it pertains to the specifics of their application diff --git a/docs/sdk/next/build/architecture/adr-039-epoched-staking.mdx b/docs/sdk/next/build/architecture/adr-039-epoched-staking.mdx new file mode 100644 index 00000000..54cf41ce --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-039-epoched-staking.mdx @@ -0,0 +1,124 @@ +--- +title: 'ADR 039: Epoched Staking' +description: '10-Feb-2021: Initial Draft' +--- +## Changelog + +* 10-Feb-2021: Initial Draft + +## Authors + +* Dev Ojha (@valardragon) +* Sunny Aggarwal (@sunnya97) + +## Status + +Proposed + +## Abstract + +This ADR updates the proof of stake module to buffer the staking weight updates for a number of blocks before updating the consensus' staking weights. The length of the buffer is dubbed an epoch. The prior functionality of the staking module is then a special case of the abstracted module, with the epoch being set to 1 block. + +## Context + +The current proof of stake module takes the design decision to apply staking weight changes to the consensus engine immediately. This means that delegations and unbonds get applied immediately to the validator set. This decision was primarily done as it was the simplest from an implementation perspective, and because we at the time believed that this would lead to better UX for clients. + +An alternative design choice is to allow buffering staking updates (delegations, unbonds, validators joining) for a number of blocks. This epoched proof of stake consensus provides the guarantee that the consensus weights for validators will not change mid-epoch, except in the event of a slash condition. + +Additionally, the UX hurdle may not be as significant as was previously thought. This is because it is possible to provide users immediate acknowledgement that their bond was recorded and will be executed. + +Furthermore, it has become clearer over time that immediate execution of staking events comes with limitations, such as: + +* Threshold based cryptography. One of the main limitations is that because the validator set can change so regularly, it makes the running of multiparty computation by a fixed validator set difficult. Many threshold-based cryptographic features for blockchains such as randomness beacons and threshold decryption require a computationally-expensive DKG process (will take much longer than 1 block to create). To productively use these, we need to guarantee that the result of the DKG will be used for a reasonably long time. It wouldn't be feasible to rerun the DKG every block. By epoching staking, it guarantees we'll only need to run a new DKG once every epoch. + +* Light client efficiency. This would lessen the overhead for IBC when there is high churn in the validator set. In the Tendermint light client bisection algorithm, the number of headers you need to verify is related to bounding the difference in validator sets between a trusted header and the latest header. If the difference is too great, you verify more headers in between the two. By limiting the frequency of validator set changes, we can reduce the worst case size of IBC lite client proofs, which occurs when a validator set has high churn. + +* Fairness of deterministic leader election. Currently we have no ways of reasoning about fairness of deterministic leader election in the presence of staking changes without epochs (tendermint/spec#217). Breaking fairness of leader election is profitable for validators, as they earn additional rewards from being the proposer. Adding epochs at least makes it easier for our deterministic leader election to match something we can prove secure. (Albeit, we still haven’t proven if our current algorithm is fair with > 2 validators in the presence of stake changes) + +* Staking derivative design. Currently, reward distribution is done lazily using the F1 fee distribution. While saving computational complexity, lazy accounting requires a more stateful staking implementation. Right now, each delegation entry has to track the time of last withdrawal. Handling this can be a challenge for some staking derivatives designs that seek to provide fungibility for all tokens staked to a single validator. Force-withdrawing rewards to users can help solve this, however it is infeasible to force-withdraw rewards to users on a per block basis. With epochs, a chain could more easily alter the design to have rewards be forcefully withdrawn (iterating over delegator accounts only once per-epoch), and can thus remove delegation timing from state. This may be useful for certain staking derivative designs. + +## Design considerations + +### Slashing + +There is a design consideration for whether to apply a slash immediately or at the end of an epoch. A slash event should apply to only members who are actually staked during the time of the infraction, namely during the epoch the slash event occurred. + +Applying it immediately can be viewed as offering greater consensus layer security, at potential costs to the aforementioned use cases. The benefits of immediate slashing for consensus layer security can be all be obtained by executing the validator jailing immediately (thus removing it from the validator set), and delaying the actual slash change to the validator's weight until the epoch boundary. For the use cases mentioned above, workarounds can be integrated to avoid problems, as follows: + +* For threshold based cryptography, this setting will have the threshold cryptography use the original epoch weights, while consensus has an update that lets it more rapidly benefit from additional security. If the threshold based cryptography blocks liveness of the chain, then we have effectively raised the liveness threshold of the remaining validators for the rest of the epoch. (Alternatively, jailed nodes could still contribute shares) This plan will fail in the extreme case that more than 1/3rd of the validators have been jailed within a single epoch. For such an extreme scenario, the chain already have its own custom incident response plan, and defining how to handle the threshold cryptography should be a part of that. +* For light client efficiency, there can be a bit included in the header indicating an intra-epoch slash (ala [Link](https://github.com/tendermint/spec/issues/199)). +* For fairness of deterministic leader election, applying a slash or jailing within an epoch would break the guarantee we were seeking to provide. This then re-introduces a new (but significantly simpler) problem for trying to provide fairness guarantees. Namely, that validators can adversarially elect to remove themselves from the set of proposers. From a security perspective, this could potentially be handled by two different mechanisms (or prove to still be too difficult to achieve). One is making a security statement acknowledging the ability for an adversary to force an ahead-of-time fixed threshold of users to drop out of the proposer set within an epoch. The second method would be to parameterize such that the cost of a slash within the epoch far outweighs benefits due to being a proposer. However, this latter criterion is quite dubious, since being a proposer can have many advantageous side-effects in chains with complex state machines. (Namely, DeFi games such as Fomo3D) +* For staking derivative design, there is no issue introduced. This does not increase the state size of staking records, since whether a slash has occurred is fully queryable given the validator address. + +### Token lockup + +When someone makes a transaction to delegate, even though they are not immediately staked, their tokens should be moved into a pool managed by the staking module which will then be used at the end of an epoch. This prevents concerns where they stake, and then spend those tokens not realizing they were already allocated for staking, and thus having their staking tx fail. + +### Pipelining the epochs + +For threshold based cryptography in particular, we need a pipeline for epoch changes. This is because when we are in epoch N, we want the epoch N+1 weights to be fixed so that the validator set can do the DKG accordingly. So if we are currently in epoch N, the stake weights for epoch N+1 should already be fixed, and new stake changes should be getting applied to epoch N + 2. + +This can be handled by making a parameter for the epoch pipeline length. This parameter should not be alterable except during hard forks, to mitigate implementation complexity of switching the pipeline length. + +With pipeline length 1, if I redelegate during epoch N, then my redelegation is applied prior to the beginning of epoch N+1. +With pipeline length 2, if I redelegate during epoch N, then my redelegation is applied prior to the beginning of epoch N+2. + +### Rewards + +Even though all staking updates are applied at epoch boundaries, rewards can still be distributed immediately when they are claimed. This is because they do not affect the current stake weights, as we do not implement auto-bonding of rewards. If such a feature were to be implemented, it would have to be setup so that rewards are auto-bonded at the epoch boundary. + +### Parameterizing the epoch length + +When choosing the epoch length, there is a trade-off between queued state/computation buildup, and countering the previously discussed limitations of immediate execution if they apply to a given chain. + +Until an ABCI mechanism for variable block times is introduced, it is ill-advised to be using high epoch lengths due to the computation buildup. This is because when a block's execution time is greater than the expected block time from Tendermint, rounds may increment. + +## Decision + +**Step-1**: Implement buffering of all staking and slashing messages. + +First we create a pool for storing tokens that are being bonded, but should be applied at the epoch boundary called the `EpochDelegationPool`. Then, we have two separate queues, one for staking, one for slashing. We describe what happens on each message being delivered below: + +### Staking messages + +* **MsgCreateValidator**: Move user's self-bond to `EpochDelegationPool` immediately. Queue a message for the epoch boundary to handle the self-bond, taking the funds from the `EpochDelegationPool`. If Epoch execution fails, return back funds from `EpochDelegationPool` to user's account. +* **MsgEditValidator**: Validate message and if valid queue the message for execution at the end of the Epoch. +* **MsgDelegate**: Move user's funds to `EpochDelegationPool` immediately. Queue a message for the epoch boundary to handle the delegation, taking the funds from the `EpochDelegationPool`. If Epoch execution fails, return back funds from `EpochDelegationPool` to user's account. +* **MsgBeginRedelegate**: Validate message and if valid queue the message for execution at the end of the Epoch. +* **MsgUndelegate**: Validate message and if valid queue the message for execution at the end of the Epoch. + +### Slashing messages + +* **MsgUnjail**: Validate message and if valid queue the message for execution at the end of the Epoch. +* **Slash Event**: Whenever a slash event is created, it gets queued in the slashing module to apply at the end of the epoch. The queues should be set up such that this slash applies immediately. + +### Evidence Messages + +* **MsgSubmitEvidence**: This gets executed immediately, and the validator gets jailed immediately. However in slashing, the actual slash event gets queued. + +Then we add methods to the end blockers, to ensure that at the epoch boundary the queues are cleared and delegation updates are applied. + +**Step-2**: Implement querying of queued staking txs. + +When querying the staking activity of a given address, the status should return not only the amount of tokens staked, but also if there are any queued stake events for that address. This will require more work to be done in the querying logic, to trace the queued upcoming staking events. + +As an initial implementation, this can be implemented as a linear search over all queued staking events. However, for chains that need long epochs, they should eventually build additional support for nodes that support querying to be able to produce results in constant time. (This is doable by maintaining an auxiliary hashmap for indexing upcoming staking events by address) + +**Step-3**: Adjust gas + +Currently gas represents the cost of executing a transaction when its done immediately. (Merging together costs of p2p overhead, state access overhead, and computational overhead) However, now a transaction can cause computation in a future block, namely at the epoch boundary. + +To handle this, we should initially include parameters for estimating the amount of future computation (denominated in gas), and add that as a flat charge needed for the message. +We leave it out of scope for how to weight future computation versus current computation in gas pricing, and have it set such that they are weighted equally for now. + +## Consequences + +### Positive + +* Abstracts the proof of stake module that allows retaining the existing functionality +* Enables new features such as validator-set based threshold cryptography + +### Negative + +* Increases complexity of integrating more complex gas pricing mechanisms, as they now have to consider future execution costs as well. +* When epoch > 1, validators can no longer leave the network immediately, and must wait until an epoch boundary. diff --git a/docs/sdk/next/build/architecture/adr-040-storage-and-smt-state-commitments.mdx b/docs/sdk/next/build/architecture/adr-040-storage-and-smt-state-commitments.mdx new file mode 100644 index 00000000..bbe46a1b --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-040-storage-and-smt-state-commitments.mdx @@ -0,0 +1,296 @@ +--- +title: 'ADR 040: Storage and SMT State Commitments' +description: '2020-01-15: Draft' +--- +## Changelog + +* 2020-01-15: Draft + +## Status + +DRAFT Not Implemented + +## Abstract + +Sparse Merkle Tree ([SMT](https://osf.io/8mcnh/)) is a version of a Merkle Tree with various storage and performance optimizations. This ADR defines a separation of state commitments from data storage and the Cosmos SDK transition from IAVL to SMT. + +## Context + +Currently, Cosmos SDK uses IAVL for both state [commitments](https://cryptography.fandom.com/wiki/Commitment_scheme) and data storage. + +IAVL has effectively become an orphaned project within the Cosmos ecosystem and it's proven to be an inefficient state commitment data structure. +In the current design, IAVL is used for both data storage and as a Merkle Tree for state commitments. IAVL is meant to be a standalone Merkleized key/value database, however it's using a KV DB engine to store all tree nodes. So, each node is stored in a separate record in the KV DB. This causes many inefficiencies and problems: + +* Each object query requires a tree traversal from the root. Subsequent queries for the same object are cached on the Cosmos SDK level. +* Each edge traversal requires a DB query. +* Creating snapshots is [expensive](https://github.com/cosmos/cosmos-sdk/issues/7215#issuecomment-684804950). It takes about 30 seconds to export less than 100 MB of state (as of March 2020). +* Updates in IAVL may trigger tree reorganization and possible O(log(n)) hashes re-computation, which can become a CPU bottleneck. +* The node structure is pretty expensive - it contains a standard tree node elements (key, value, left and right element) and additional metadata such as height, version (which is not required by the Cosmos SDK). The entire node is hashed, and that hash is used as the key in the underlying database, [ref](https://github.com/cosmos/iavl/blob/master/docs/node/node.md). + +Moreover, the IAVL project lacks support and a maintainer and we already see better and well-established alternatives. Instead of optimizing the IAVL, we are looking into other solutions for both storage and state commitments. + +## Decision + +We propose to separate the concerns of state commitment (**SC**), needed for consensus, and state storage (**SS**), needed for state machine. Finally we replace IAVL with [Celestia's SMT](https://github.com/lazyledger/smt). Celestia SMT is based on Diem (called jellyfish) design \[\*] - it uses a compute-optimized SMT by replacing subtrees with only default values with a single node (same approach is used by Ethereum2) and implements compact proofs. + +The storage model presented here doesn't deal with data structure nor serialization. It's a Key-Value database, where both key and value are binaries. The storage user is responsible for data serialization. + +### Decouple state commitment from storage + +Separation of storage and commitment (by the SMT) will allow the optimization of different components according to their usage and access patterns. + +`SC` (SMT) is used to commit to a data and compute Merkle proofs. `SS` is used to directly access data. To avoid collisions, both `SS` and `SC` will use a separate storage namespace (they could use the same database underneath). `SS` will store each record directly (mapping `(key, value)` as `key → value`). + +SMT is a merkle tree structure: we don't store keys directly. For every `(key, value)` pair, `hash(key)` is used as leaf path (we hash a key to uniformly distribute leaves in the tree) and `hash(value)` as the leaf contents. The tree structure is specified in more depth [below](#smt-for-state-commitment). + +For data access we propose 2 additional KV buckets (implemented as namespaces for the key-value pairs, sometimes called [column family](https://github.com/facebook/rocksdb/wiki/Terminology)): + +1. B1: `key → value`: the principal object storage, used by a state machine, behind the Cosmos SDK `KVStore` interface: provides direct access by key and allows prefix iteration (KV DB backend must support it). +2. B2: `hash(key) → key`: a reverse index to get a key from an SMT path. Internally the SMT will store `(key, value)` as `prefix || hash(key) || hash(value)`. So, we can get an object value by composing `hash(key) → B2 → B1`. +3. We could use more buckets to optimize the app usage if needed. + +We propose to use a KV database for both `SS` and `SC`. The store interface will allow to use the same physical DB backend for both `SS` and `SC` as well two separate DBs. The latter option allows for the separation of `SS` and `SC` into different hardware units, providing support for more complex setup scenarios and improving overall performance: one can use different backends (eg RocksDB and Badger) as well as independently tuning the underlying DB configuration. + +### Requirements + +State Storage requirements: + +* range queries +* quick (key, value) access +* creating a snapshot +* historical versioning +* pruning (garbage collection) + +State Commitment requirements: + +* fast updates +* tree path should be short +* query historical commitment proofs using ICS-23 standard +* pruning (garbage collection) + +### SMT for State Commitment + +A Sparse Merkle tree is based on the idea of a complete Merkle tree of an intractable size. The assumption here is that as the size of the tree is intractable, there would only be a few leaf nodes with valid data blocks relative to the tree size, rendering a sparse tree. + +The full specification can be found at [Celestia](https://github.com/celestiaorg/celestia-specs/blob/ec98170398dfc6394423ee79b00b71038879e211/src/specs/data_structures.md#sparse-merkle-tree). In summary: + +* The SMT consists of a binary Merkle tree, constructed in the same fashion as described in [Certificate Transparency (RFC-6962)](https://tools.ietf.org/html/rfc6962), but using as the hashing function SHA-2-256 as defined in [FIPS 180-4](https://doi.org/10.6028/NIST.FIPS.180-4). +* Leaves and internal nodes are hashed differently: the one-byte `0x00` is prepended for leaf nodes while `0x01` is prepended for internal nodes. +* Default values are given to leaf nodes with empty leaves. +* While the above rule is sufficient to pre-compute the values of intermediate nodes that are roots of empty subtrees, a further simplification is to extend this default value to all nodes that are roots of empty subtrees. The 32-byte zero is used as the default value. This rule takes precedence over the above one. +* An internal node that is the root of a subtree that contains exactly one non-empty leaf is replaced by that leaf's leaf node. + +### Snapshots for storage sync and state versioning + +Below, with simple *snapshot* we refer to a database snapshot mechanism, not to a *ABCI snapshot sync*. The latter will be referred as *snapshot sync* (which will directly use DB snapshot as described below). + +Database snapshot is a view of DB state at a certain time or transaction. It's not a full copy of a database (it would be too big). Usually a snapshot mechanism is based on a *copy on write* and it allows DB state to be efficiently delivered at a certain stage. +Some DB engines support snapshotting. Hence, we propose to reuse that functionality for the state sync and versioning (described below). We limit the supported DB engines to ones which efficiently implement snapshots. In a final section we discuss the evaluated DBs. + +One of the Stargate core features is a *snapshot sync* delivered in the `/snapshot` package. It provides a way to trustlessly sync a blockchain without repeating all transactions from the genesis. This feature is implemented in Cosmos SDK and requires storage support. Currently IAVL is the only supported backend. It works by streaming to a client a snapshot of a `SS` at a certain version together with a header chain. + +A new database snapshot will be created in every `EndBlocker` and identified by a block height. The `root` store keeps track of the available snapshots to offer `SS` at a certain version. The `root` store implements the `RootStore` interface described below. In essence, `RootStore` encapsulates a `Committer` interface. `Committer` has a `Commit`, `SetPruning`, `GetPruning` functions which will be used for creating and removing snapshots. The `rootStore.Commit` function creates a new snapshot and increments the version on each call, and checks if it needs to remove old versions. We will need to update the SMT interface to implement the `Committer` interface. +NOTE: `Commit` must be called exactly once per block. Otherwise we risk going out of sync for the version number and block height. +NOTE: For the Cosmos SDK storage, we may consider splitting that interface into `Committer` and `PruningCommitter` - only the multiroot should implement `PruningCommitter` (cache and prefix store don't need pruning). + +Number of historical versions for `abci.QueryRequest` and state sync snapshots is part of a node configuration, not a chain configuration (configuration implied by the blockchain consensus). A configuration should allow to specify number of past blocks and number of past blocks modulo some number (eg: 100 past blocks and one snapshot every 100 blocks for past 2000 blocks). Archival nodes can keep all past versions. + +Pruning old snapshots is effectively done by a database. Whenever we update a record in `SC`, SMT won't update nodes - instead it creates new nodes on the update path, without removing the old one. Since we are snapshotting each block, we need to change that mechanism to immediately remove orphaned nodes from the database. This is a safe operation - snapshots will keep track of the records and make it available when accessing past versions. + +To manage the active snapshots we will either use a DB *max number of snapshots* option (if available), or we will remove DB snapshots in the `EndBlocker`. The latter option can be done efficiently by identifying snapshots with block height and calling a store function to remove past versions. + +#### Accessing old state versions + +One of the functional requirements is to access old state. This is done through `abci.QueryRequest` structure. The version is specified by a block height (so we query for an object by a key `K` at block height `H`). The number of old versions supported for `abci.QueryRequest` is configurable. Accessing an old state is done by using available snapshots. +`abci.QueryRequest` doesn't need old state of `SC` unless the `prove=true` parameter is set. The SMT merkle proof must be included in the `abci.QueryResponse` only if both `SC` and `SS` have a snapshot for requested version. + +Moreover, Cosmos SDK could provide a way to directly access a historical state. However, a state machine shouldn't do that - since the number of snapshots is configurable, it would lead to nondeterministic execution. + +We positively [validated](https://github.com/cosmos/cosmos-sdk/discussions/8297) a versioning and snapshot mechanism for querying old state with regards to the database we evaluated. + +### State Proofs + +For any object stored in State Store (SS), we have corresponding object in `SC`. A proof for object `V` identified by a key `K` is a branch of `SC`, where the path corresponds to the key `hash(K)`, and the leaf is `hash(K, V)`. + +### Rollbacks + +We need to be able to process transactions and roll-back state updates if a transaction fails. This can be done in the following way: during transaction processing, we keep all state change requests (writes) in a `CacheWrapper` abstraction (as it's done today). Once we finish the block processing, in the `Endblocker`, we commit a root store - at that time, all changes are written to the SMT and to the `SS` and a snapshot is created. + +### Committing to an object without saving it + +We identified use-cases, where modules will need to save an object commitment without storing an object itself. Sometimes clients are receiving complex objects, and they have no way to prove a correctness of that object without knowing the storage layout. For those use cases it would be easier to commit to the object without storing it directly. + +### Refactor MultiStore + +The Stargate `/store` implementation (store/v1) adds an additional layer in the SDK store construction - the `MultiStore` structure. The multistore exists to support the modularity of the Cosmos SDK - each module is using its own instance of IAVL, but in the current implementation, all instances share the same database. The latter indicates, however, that the implementation doesn't provide true modularity. Instead it causes problems related to race condition and atomic DB commits (see: [#6370](https://github.com/cosmos/cosmos-sdk/issues/6370) and [discussion](https://github.com/cosmos/cosmos-sdk/discussions/8297#discussioncomment-757043)). + +We propose to reduce the multistore concept from the SDK, and to use a single instance of `SC` and `SS` in a `RootStore` object. To avoid confusion, we should rename the `MultiStore` interface to `RootStore`. The `RootStore` will have the following interface; the methods for configuring tracing and listeners are omitted for brevity. + +```go expandable +// Used where read-only access to versions is needed. +type BasicRootStore interface { + Store + GetKVStore(StoreKey) + +KVStore + CacheRootStore() + +CacheRootStore +} + +// Used as the main app state, replacing CommitMultiStore. +type CommitRootStore interface { + BasicRootStore + Committer + Snapshotter + + GetVersion(uint64) (BasicRootStore, error) + +SetInitialVersion(uint64) + +error + + ... // Trace and Listen methods +} + +// Replaces CacheMultiStore for branched state. +type CacheRootStore interface { + BasicRootStore + Write() + + ... // Trace and Listen methods +} + +// Example of constructor parameters for the concrete type. +type RootStoreConfig struct { + Upgrades *StoreUpgrades + InitialVersion uint64 + + ReservePrefix(StoreKey, StoreType) +} +``` + +{/* TODO: Review whether these types can be further reduced or simplified */} +{/* TODO: RootStorePersistentCache type */} + +In contrast to `MultiStore`, `RootStore` doesn't allow to dynamically mount sub-stores or provide an arbitrary backing DB for individual sub-stores. + +NOTE: modules will be able to use a special commitment and their own DBs. For example: a module which will use ZK proofs for state can store and commit this proof in the `RootStore` (usually as a single record) and manage the specialized store privately or using the `SC` low level interface. + +#### Compatibility support + +To ease the transition to this new interface for users, we can create a shim which wraps a `CommitMultiStore` but provides a `CommitRootStore` interface, and expose functions to safely create and access the underlying `CommitMultiStore`. + +The new `RootStore` and supporting types can be implemented in a `store/v2alpha1` package to avoid breaking existing code. + +#### Merkle Proofs and IBC + +Currently, an IBC (v1.0) Merkle proof path consists of two elements (`["", ""]`), with each key corresponding to a separate proof. These are each verified according to individual [ICS-23 specs](https://github.com/cosmos/ibc-go/blob/f7051429e1cf833a6f65d51e6c3df1609290a549/modules/core/23-commitment/types/merkle.go#L17), and the result hash of each step is used as the committed value of the next step, until a root commitment hash is obtained. +The root hash of the proof for `""` is hashed with the `""` to validate against the App Hash. + +This is not compatible with the `RootStore`, which stores all records in a single Merkle tree structure, and won't produce separate proofs for the store- and record-key. Ideally, the store-key component of the proof could just be omitted, and updated to use a "no-op" spec, so only the record-key is used. However, because the IBC verification code hardcodes the `"ibc"` prefix and applies it to the SDK proof as a separate element of the proof path, this isn't possible without a breaking change. Breaking this behavior would severely impact the Cosmos ecosystem which already widely adopts the IBC module. Requesting an update of the IBC module across the chains is a time consuming effort and not easily feasible. + +As a workaround, the `RootStore` will have to use two separate SMTs (they could use the same underlying DB): one for IBC state and one for everything else. A simple Merkle map that reference these SMTs will act as a Merkle Tree to create a final App hash. The Merkle map is not stored in a DBs - it's constructed in the runtime. The IBC substore key must be `"ibc"`. + +The workaround can still guarantee atomic syncs: the [proposed DB backends](#evaluated-kv-databases) support atomic transactions and efficient rollbacks, which will be used in the commit phase. + +The presented workaround can be used until the IBC module is fully upgraded to supports single-element commitment proofs. + +### Optimization: compress module key prefixes + +We consider a compression of prefix keys by creating a mapping from module key to an integer, and serializing the integer using varint coding. Varint coding assures that different values don't have common byte prefix. For Merkle Proofs we can't use prefix compression - so it should only apply for the `SS` keys. Moreover, the prefix compression should be only applied for the module namespace. More precisely: + +* each module has it's own namespace; +* when accessing a module namespace we create a KVStore with embedded prefix; +* that prefix will be compressed only when accessing and managing `SS`. + +We need to assure that the codes won't change. We can fix the mapping in a static variable (provided by an app) or SS state under a special key. + +TODO: need to make decision about the key compression. + +## Optimization: SS key compression + +Some objects may be saved with key, which contains a Protobuf message type. Such keys are long. We could save a lot of space if we can map Protobuf message types in varints. + +TODO: finalize this or move to another ADR. + +## Migration + +Using the new store will require a migration. 2 Migrations are proposed: + +1. Genesis export -- it will reset the blockchain history. +2. In place migration: we can reuse `UpgradeKeeper.SetUpgradeHandler` to provide the migration logic: + +```go +app.UpgradeKeeper.SetUpgradeHandler("adr-40", func(ctx sdk.Context, plan upgradetypes.Plan, vm module.VersionMap) (module.VersionMap, error) { + storev2.Migrate(iavlstore, v2.store) + + // RunMigrations returns the VersionMap + // with the updated module ConsensusVersions + return app.mm.RunMigrations(ctx, vm) +}) +``` + +The `Migrate` function will read all entries from a store/v1 DB and save them to the AD-40 combined KV store. +Cache layer should not be used and the operation must finish with a single Commit call. + +Inserting records to the `SC` (SMT) component is the bottleneck. Unfortunately SMT doesn't support batch transactions. +Adding batch transactions to `SC` layer is considered as a feature after the main release. + +## Consequences + +### Backwards Compatibility + +This ADR doesn't introduce any Cosmos SDK level API changes. + +We change the storage layout of the state machine, a storage hard fork and network upgrade is required to incorporate these changes. SMT provides a merkle proof functionality, however it is not compatible with ICS23. Updating the proofs for ICS23 compatibility is required. + +### Positive + +* Decoupling state from state commitment introduce better engineering opportunities for further optimizations and better storage patterns. +* Performance improvements. +* Joining SMT based camp which has wider and proven adoption than IAVL. Example projects which decided on SMT: Ethereum2, Diem (Libra), Trillan, Tezos, Celestia. +* Multistore removal fixes a longstanding issue with the current MultiStore design. +* Simplifies merkle proofs - all modules, except IBC, have only one pass for merkle proof. + +### Negative + +* Storage migration +* LL SMT doesn't support pruning - we will need to add and test that functionality. +* `SS` keys will have an overhead of a key prefix. This doesn't impact `SC` because all keys in `SC` have same size (they are hashed). + +### Neutral + +* Deprecating IAVL, which is one of the core proposals of Cosmos Whitepaper. + +## Alternative designs + +Most of the alternative designs were evaluated in [state commitments and storage report](https://paper.dropbox.com/published/State-commitments-and-storage-review--BDvA1MLwRtOx55KRihJ5xxLbBw-KeEB7eOd11pNrZvVtqUgL3h). + +Ethereum research published [Verkle Trie](https://dankradfeist.de/ethereum/2021/06/18/verkle-trie-for-eth1.html) - an idea of combining polynomial commitments with merkle tree in order to reduce the tree height. This concept has a very good potential, but we think it's too early to implement it. The current, SMT based design could be easily updated to the Verkle Trie once other research implement all necessary libraries. The main advantage of the design described in this ADR is the separation of state commitments from the data storage and designing a more powerful interface. + +## Further Discussions + +### Evaluated KV Databases + +We verified existing databases KV databases for evaluating snapshot support. The following databases provide efficient snapshot mechanism: Badger, RocksDB, [Pebble](https://github.com/cockroachdb/pebble). Databases which don't provide such support or are not production ready: boltdb, leveldb, goleveldb, membdb, lmdb. + +### RDBMS + +Use of RDBMS instead of simple KV store for state. Use of RDBMS will require a Cosmos SDK API breaking change (`KVStore` interface) and will allow better data extraction and indexing solutions. Instead of saving an object as a single blob of bytes, we could save it as record in a table in the state storage layer, and as a `hash(key, protobuf(object))` in the SMT as outlined above. To verify that an object registered in RDBMS is same as the one committed to SMT, one will need to load it from RDBMS, marshal using protobuf, hash and do SMT search. + +### Off Chain Store + +We were discussing use case where modules can use a support database, which is not automatically committed. Module will responsible for having a sound storage model and can optionally use the feature discussed in \_*Committing to an object without saving it* section. + +## References + +* [IAVL What's Next?](https://github.com/cosmos/cosmos-sdk/issues/7100) +* [IAVL overview](https://docs.google.com/document/d/16Z_hW2rSAmoyMENO-RlAhQjAG3mSNKsQueMnKpmcBv0/edit#heading=h.yd2th7x3o1iv) of it's state v0.15 +* [State commitments and storage report](https://paper.dropbox.com/published/State-commitments-and-storage-review--BDvA1MLwRtOx55KRihJ5xxLbBw-KeEB7eOd11pNrZvVtqUgL3h) +* [Celestia (LazyLedger) SMT](https://github.com/lazyledger/smt) +* Facebook Diem (Libra) SMT [design](https://developers.diem.com/papers/jellyfish-merkle-tree/2021-01-14.pdf) +* [Trillian Revocation Transparency](https://github.com/google/trillian/blob/master/docs/papers/RevocationTransparency.pdf), [Trillian Verifiable Data Structures](https://github.com/google/trillian/blob/master/docs/papers/VerifiableDataStructures.pdf). +* Design and implementation [discussion](https://github.com/cosmos/cosmos-sdk/discussions/8297). +* [How to Upgrade IBC Chains and their Clients](https://ibc.cosmos.network/main/ibc/upgrades/quick-guide/) +* [ADR-40 Effect on IBC](https://github.com/cosmos/ibc-go/discussions/256) diff --git a/docs/sdk/next/build/architecture/adr-041-in-place-store-migrations.mdx b/docs/sdk/next/build/architecture/adr-041-in-place-store-migrations.mdx new file mode 100644 index 00000000..ee2fe3a1 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-041-in-place-store-migrations.mdx @@ -0,0 +1,182 @@ +--- +title: 'ADR 041: In-Place Store Migrations' +description: '17.02.2021: Initial Draft' +--- +## Changelog + +* 17.02.2021: Initial Draft + +## Status + +Accepted + +## Abstract + +This ADR introduces a mechanism to perform in-place state store migrations during chain software upgrades. + +## Context + +When a chain upgrade introduces state-breaking changes inside modules, the current procedure consists of exporting the whole state into a JSON file (via the `simd export` command), running migration scripts on the JSON file (`simd genesis migrate` command), clearing the stores (`simd unsafe-reset-all` command), and starting a new chain with the migrated JSON file as new genesis (optionally with a custom initial block height). An example of such a procedure can be seen [in the Cosmos Hub 3->4 migration guide](https://github.com/cosmos/gaia/blob/v4.0.3/docs/migration/cosmoshub-3.md#upgrade-procedure). + +This procedure is cumbersome for multiple reasons: + +* The procedure takes time. It can take hours to run the `export` command, plus some additional hours to run `InitChain` on the fresh chain using the migrated JSON. +* The exported JSON file can be heavy (\~100MB-1GB), making it difficult to view, edit and transfer, which in turn introduces additional work to solve these problems (such as [streaming genesis](https://github.com/cosmos/cosmos-sdk/issues/6936)). + +## Decision + +We propose a migration procedure based on modifying the KV store in-place without involving the JSON export-process-import flow described above. + +### Module `ConsensusVersion` + +We introduce a new method on the `AppModule` interface: + +```go +type AppModule interface { + // --snip-- + ConsensusVersion() + +uint64 +} +``` + +This methods returns an `uint64` which serves as state-breaking version of the module. It MUST be incremented on each consensus-breaking change introduced by the module. To avoid potential errors with default values, the initial version of a module MUST be set to 1. In the Cosmos SDK, version 1 corresponds to the modules in the v0.41 series. + +### Module-Specific Migration Functions + +For each consensus-breaking change introduced by the module, a migration script from ConsensusVersion `N` to version `N+1` MUST be registered in the `Configurator` using its newly-added `RegisterMigration` method. All modules receive a reference to the configurator in their `RegisterServices` method on `AppModule`, and this is where the migration functions should be registered. The migration functions should be registered in increasing order. + +```go +func (am AppModule) + +RegisterServices(cfg module.Configurator) { + // --snip-- + cfg.RegisterMigration(types.ModuleName, 1, func(ctx sdk.Context) + +error { + // Perform in-place store migrations from ConsensusVersion 1 to 2. +}) + +cfg.RegisterMigration(types.ModuleName, 2, func(ctx sdk.Context) + +error { + // Perform in-place store migrations from ConsensusVersion 2 to 3. +}) + // etc. +} +``` + +For example, if the new ConsensusVersion of a module is `N` , then `N-1` migration functions MUST be registered in the configurator. + +In the Cosmos SDK, the migration functions are handled by each module's keeper, because the keeper holds the `sdk.StoreKey` used to perform in-place store migrations. To not overload the keeper, a `Migrator` wrapper is used by each module to handle the migration functions: + +```go +// Migrator is a struct for handling in-place store migrations. +type Migrator struct { + BaseKeeper +} +``` + +Migration functions should live inside the `migrations/` folder of each module, and be called by the Migrator's methods. We propose the format `Migrate{M}to{N}` for method names. + +```go +// Migrate1to2 migrates from version 1 to 2. +func (m Migrator) + +Migrate1to2(ctx sdk.Context) + +error { + return v2bank.MigrateStore(ctx, m.keeper.storeKey) // v043bank is package `x/bank/migrations/v2`. +} +``` + +Each module's migration functions are specific to the module's store evolutions, and are not described in this ADR. An example of x/bank store key migrations after the introduction of ADR-028 length-prefixed addresses can be seen in this [store.go code](https://github.com/cosmos/cosmos-sdk/blob/36f68eb9e041e20a5bb47e216ac5eb8b91f95471/x/bank/legacy/v043/store.go#L41-L62). + +### Tracking Module Versions in `x/upgrade` + +We introduce a new prefix store in `x/upgrade`'s store. This store will track each module's current version, it can be modelized as a `map[string]uint64` of module name to module ConsensusVersion, and will be used when running the migrations (see next section for details). The key prefix used is `0x1`, and the key/value format is: + +```text +0x2 | {bytes(module_name)} => BigEndian(module_consensus_version) +``` + +The initial state of the store is set from `app.go`'s `InitChainer` method. + +The UpgradeHandler signature needs to be updated to take a `VersionMap`, as well as return an upgraded `VersionMap` and an error: + +```diff +- type UpgradeHandler func(ctx sdk.Context, plan Plan) ++ type UpgradeHandler func(ctx sdk.Context, plan Plan, versionMap VersionMap) (VersionMap, error) +``` + +To apply an upgrade, we query the `VersionMap` from the `x/upgrade` store and pass it into the handler. The handler runs the actual migration functions (see next section), and if successful, returns an updated `VersionMap` to be stored in state. + +```diff expandable +func (k UpgradeKeeper) ApplyUpgrade(ctx sdk.Context, plan types.Plan) { + // --snip-- +- handler(ctx, plan) ++ updatedVM, err := handler(ctx, plan, k.GetModuleVersionMap(ctx)) // k.GetModuleVersionMap() fetches the VersionMap stored in state. ++ if err != nil { ++ return err ++ } ++ ++ // Set the updated consensus versions to state ++ k.SetModuleVersionMap(ctx, updatedVM) +} +``` + +A gRPC query endpoint to query the `VersionMap` stored in `x/upgrade`'s state will also be added, so that app developers can double-check the `VersionMap` before the upgrade handler runs. + +### Running Migrations + +Once all the migration handlers are registered inside the configurator (which happens at startup), running migrations can happen by calling the `RunMigrations` method on `module.Manager`. This function will loop through all modules, and for each module: + +* Get the old ConsensusVersion of the module from its `VersionMap` argument (let's call it `M`). +* Fetch the new ConsensusVersion of the module from the `ConsensusVersion()` method on `AppModule` (call it `N`). +* If `N>M`, run all registered migrations for the module sequentially `M -> M+1 -> M+2...` until `N`. + * There is a special case where there is no ConsensusVersion for the module, as this means that the module has been newly added during the upgrade. In this case, no migration function is run, and the module's current ConsensusVersion is saved to `x/upgrade`'s store. + +If a required migration is missing (e.g. if it has not been registered in the `Configurator`), then the `RunMigrations` function will error. + +In practice, the `RunMigrations` method should be called from inside an `UpgradeHandler`. + +```go +app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, vm module.VersionMap) (module.VersionMap, error) { + return app.mm.RunMigrations(ctx, vm) +}) +``` + +Assuming a chain upgrades at block `n`, the procedure should run as follows: + +* the old binary will halt in `BeginBlock` when starting block `N`. In its store, the ConsensusVersions of the old binary's modules are stored. +* the new binary will start at block `N`. The UpgradeHandler is set in the new binary, so will run at `BeginBlock` of the new binary. Inside `x/upgrade`'s `ApplyUpgrade`, the `VersionMap` will be retrieved from the (old binary's) store, and passed into the `RunMigrations` function, migrating all module stores in-place before the modules' own `BeginBlock`s. + +## Consequences + +### Backwards Compatibility + +This ADR introduces a new method `ConsensusVersion()` on `AppModule`, which all modules need to implement. It also alters the UpgradeHandler function signature. As such, it is not backwards-compatible. + +While modules MUST register their migration functions when bumping ConsensusVersions, running those scripts using an upgrade handler is optional. An application may perfectly well decide to not call the `RunMigrations` inside its upgrade handler, and continue using the legacy JSON migration path. + +### Positive + +* Perform chain upgrades without manipulating JSON files. +* While no benchmark has been made yet, it is probable that in-place store migrations will take less time than JSON migrations. The main reason supporting this claim is that both the `simd export` command on the old binary and the `InitChain` function on the new binary will be skipped. + +### Negative + +* Module developers MUST correctly track consensus-breaking changes in their modules. If a consensus-breaking change is introduced in a module without its corresponding `ConsensusVersion()` bump, then the `RunMigrations` function won't detect the migration, and the chain upgrade might be unsuccessful. Documentation should clearly reflect this. + +### Neutral + +* The Cosmos SDK will continue to support JSON migrations via the existing `simd export` and `simd genesis migrate` commands. +* The current ADR does not allow creating, renaming or deleting stores, only modifying existing store keys and values. The Cosmos SDK already has the `StoreLoader` for those operations. + +## Further Discussions + +## References + +* Initial discussion: [Link](https://github.com/cosmos/cosmos-sdk/discussions/8429) +* Implementation of `ConsensusVersion` and `RunMigrations`: [Link](https://github.com/cosmos/cosmos-sdk/pull/8485) +* Issue discussing `x/upgrade` design: [Link](https://github.com/cosmos/cosmos-sdk/issues/8514) diff --git a/docs/sdk/next/build/architecture/adr-042-group-module.mdx b/docs/sdk/next/build/architecture/adr-042-group-module.mdx new file mode 100644 index 00000000..dd881b68 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-042-group-module.mdx @@ -0,0 +1,288 @@ +--- +title: 'ADR 042: Group Module' +description: '2020/04/09: Initial Draft' +--- +## Changelog + +* 2020/04/09: Initial Draft + +## Status + +Draft + +## Abstract + +This ADR defines the `x/group` module which allows the creation and management of on-chain multi-signature accounts and enables voting for message execution based on configurable decision policies. + +## Context + +The legacy amino multi-signature mechanism of the Cosmos SDK has certain limitations: + +* Key rotation is not possible, although this can be solved with [account rekeying](/docs/sdk/vnext/build/architecture/adr-034-account-rekeying). +* Thresholds can't be changed. +* UX is cumbersome for non-technical users ([#5661](https://github.com/cosmos/cosmos-sdk/issues/5661)). +* It requires `legacy_amino` sign mode ([#8141](https://github.com/cosmos/cosmos-sdk/issues/8141)). + +While the group module is not meant to be a total replacement for the current multi-signature accounts, it provides a solution to the limitations described above, with a more flexible key management system where keys can be added, updated or removed, as well as configurable thresholds. +It's meant to be used with other access control modules such as [`x/feegrant`](/docs/sdk/vnext/build/architecture/adr-029-fee-grant-module) and [`x/authz`](/docs/sdk/vnext/build/architecture/adr-030-authz-module) to simplify key management for individuals and organizations. + +The proof of concept of the group module can be found in [Link](https://github.com/cosmos/cosmos-sdk/tree/main/proto/cosmos/group/v1) and [Link](https://github.com/cosmos/cosmos-sdk/tree/main/x/group). + +## Decision + +We propose merging the `x/group` module with its supporting [ORM/Table Store package](https://github.com/cosmos/cosmos-sdk/tree/main/x/group/internal/orm) ([#7098](https://github.com/cosmos/cosmos-sdk/issues/7098)) into the Cosmos SDK and continuing development here. There will be a dedicated ADR for the ORM package. + +### Group + +A group is a composition of accounts with associated weights. It is not +an account and doesn't have a balance. It doesn't in and of itself have any +sort of voting or decision weight. +Group members can create proposals and vote on them through group accounts using different decision policies. + +It has an `admin` account which can manage members in the group, update the group +metadata and set a new admin. + +```protobuf expandable +message GroupInfo { + + // group_id is the unique ID of this group. + uint64 group_id = 1; + + // admin is the account address of the group's admin. + string admin = 2; + + // metadata is any arbitrary metadata to attached to the group. + bytes metadata = 3; + + // version is used to track changes to a group's membership structure that + // would break existing proposals. Whenever a member weight has changed, + // or any member is added or removed, the version is incremented and will + // invalidate all proposals from older versions. + uint64 version = 4; + + // total_weight is the sum of the group members' weights. + string total_weight = 5; +} +``` + +```protobuf expandable +message GroupMember { + + // group_id is the unique ID of the group. + uint64 group_id = 1; + + // member is the member data. + Member member = 2; +} + +// Member represents a group member with an account address, +// non-zero weight and metadata. +message Member { + + // address is the member's account address. + string address = 1; + + // weight is the member's voting weight that should be greater than 0. + string weight = 2; + + // metadata is any arbitrary metadata to attached to the member. + bytes metadata = 3; +} +``` + +### Group Account + +A group account is an account associated with a group and a decision policy. +A group account does have a balance. + +Group accounts are abstracted from groups because a single group may have +multiple decision policies for different types of actions. Managing group +membership separately from decision policies results in the least overhead +and keeps membership consistent across different policies. The pattern that +is recommended is to have a single master group account for a given group, +and then to create separate group accounts with different decision policies +and delegate the desired permissions from the master account to +those "sub-accounts" using the [`x/authz` module](/docs/sdk/vnext/build/architecture/adr-030-authz-module). + +```protobuf expandable +message GroupAccountInfo { + + // address is the group account address. + string address = 1; + + // group_id is the ID of the Group the GroupAccount belongs to. + uint64 group_id = 2; + + // admin is the account address of the group admin. + string admin = 3; + + // metadata is any arbitrary metadata of this group account. + bytes metadata = 4; + + // version is used to track changes to a group's GroupAccountInfo structure that + // invalidates active proposal from old versions. + uint64 version = 5; + + // decision_policy specifies the group account's decision policy. + google.protobuf.Any decision_policy = 6 [(cosmos_proto.accepts_interface) = "cosmos.group.v1.DecisionPolicy"]; +} +``` + +Similarly to a group admin, a group account admin can update its metadata, decision policy or set a new group account admin. + +A group account can also be an admin or a member of a group. +For instance, a group admin could be another group account which could "elects" the members or it could be the same group that elects itself. + +### Decision Policy + +A decision policy is the mechanism by which members of a group can vote on +proposals. + +All decision policies should have a minimum and maximum voting window. +The minimum voting window is the minimum duration that must pass in order +for a proposal to potentially pass, and it may be set to 0. The maximum voting +window is the maximum time that a proposal may be voted on and executed if +it reached enough support before it is closed. +Both of these values must be less than a chain-wide max voting window parameter. + +We define the `DecisionPolicy` interface that all decision policies must implement: + +```go expandable +type DecisionPolicy interface { + codec.ProtoMarshaler + + ValidateBasic() + +error + GetTimeout() + +types.Duration + Allow(tally Tally, totalPower string, votingDuration time.Duration) (DecisionPolicyResult, error) + +Validate(g GroupInfo) + +error +} + +type DecisionPolicyResult struct { + Allow bool + Final bool +} +``` + +#### Threshold decision policy + +A threshold decision policy defines a minimum support votes (*yes*), based on a tally +of voter weights, for a proposal to pass. For +this decision policy, abstain and veto are treated as no support (*no*). + +```protobuf +message ThresholdDecisionPolicy { + + // threshold is the minimum weighted sum of support votes for a proposal to succeed. + string threshold = 1; + + // voting_period is the duration from submission of a proposal to the end of voting period + // Within this period, votes and exec messages can be submitted. + google.protobuf.Duration voting_period = 2 [(gogoproto.nullable) = false]; +} +``` + +### Proposal + +Any member of a group can submit a proposal for a group account to decide upon. +A proposal consists of a set of `sdk.Msg`s that will be executed if the proposal +passes as well as any metadata associated with the proposal. These `sdk.Msg`s get validated as part of the `Msg/CreateProposal` request validation. They should also have their signer set as the group account. + +Internally, a proposal also tracks: + +* its current `Status`: submitted, closed or aborted +* its `Result`: unfinalized, accepted or rejected +* its `VoteState` in the form of a `Tally`, which is calculated on new votes and when executing the proposal. + +```protobuf expandable +// Tally represents the sum of weighted votes. +message Tally { + option (gogoproto.goproto_getters) = false; + + // yes_count is the weighted sum of yes votes. + string yes_count = 1; + + // no_count is the weighted sum of no votes. + string no_count = 2; + + // abstain_count is the weighted sum of abstainers. + string abstain_count = 3; + + // veto_count is the weighted sum of vetoes. + string veto_count = 4; +} +``` + +### Voting + +Members of a group can vote on proposals. There are four choices to choose while voting - yes, no, abstain and veto. Not +all decision policies will support them. Votes can contain some optional metadata. +In the current implementation, the voting window begins as soon as a proposal +is submitted. + +Voting internally updates the proposal `VoteState` as well as `Status` and `Result` if needed. + +### Executing Proposals + +Proposals will not be automatically executed by the chain in this current design, +but rather a user must submit a `Msg/Exec` transaction to attempt to execute the +proposal based on the current votes and decision policy. A future upgrade could +automate this and have the group account (or a fee granter) pay. + +#### Changing Group Membership + +In the current implementation, updating a group or a group account after submitting a proposal will make it invalid. It will simply fail if someone calls `Msg/Exec` and will eventually be garbage collected. + +### Notes on current implementation + +This section outlines the current implementation used in the proof of concept of the group module but this could be subject to changes and iterated on. + +#### ORM + +The [ORM package](https://github.com/cosmos/cosmos-sdk/discussions/9156) defines tables, sequences and secondary indexes which are used in the group module. + +Groups are stored in state as part of a `groupTable`, the `group_id` being an auto-increment integer. Group members are stored in a `groupMemberTable`. + +Group accounts are stored in a `groupAccountTable`. The group account address is generated based on an auto-increment integer which is used to derive the group module `RootModuleKey` into a `DerivedModuleKey`, as stated in [ADR-033](/docs/sdk/vnext/build/architecture/adr-033-protobuf-inter-module-comm#modulekeys-and-moduleids). The group account is added as a new `ModuleAccount` through `x/auth`. + +Proposals are stored as part of the `proposalTable` using the `Proposal` type. The `proposal_id` is an auto-increment integer. + +Votes are stored in the `voteTable`. The primary key is based on the vote's `proposal_id` and `voter` account address. + +#### ADR-033 to route proposal messages + +Inter-module communication introduced by [ADR-033](/docs/sdk/vnext/build/architecture/adr-033-protobuf-inter-module-comm) can be used to route a proposal's messages using the `DerivedModuleKey` corresponding to the proposal's group account. + +## Consequences + +### Positive + +* Improved UX for multi-signature accounts allowing key rotation and custom decision policies. + +### Negative + +### Neutral + +* It uses ADR 033 so it will need to be implemented within the Cosmos SDK, but this doesn't imply necessarily any large refactoring of existing Cosmos SDK modules. +* The current implementation of the group module uses the ORM package. + +## Further Discussions + +* Convergence of `/group` and `x/gov` as both support proposals and voting: [Link](https://github.com/cosmos/cosmos-sdk/discussions/9066) +* `x/group` possible future improvements: + * Execute proposals on submission ([Link](https://github.com/regen-network/regen-ledger/issues/288)) + * Withdraw a proposal ([Link](https://github.com/regen-network/cosmos-modules/issues/41)) + * Make `Tally` more flexible and support non-binary choices + +## References + +* Initial specification: + * [Link](https://gist.github.com/aaronc/b60628017352df5983791cad30babe56#group-module) + * [#5236](https://github.com/cosmos/cosmos-sdk/pull/5236) +* Proposal to add `x/group` into the Cosmos SDK: [#7633](https://github.com/cosmos/cosmos-sdk/issues/7633) diff --git a/docs/sdk/next/build/architecture/adr-043-nft-module.mdx b/docs/sdk/next/build/architecture/adr-043-nft-module.mdx new file mode 100644 index 00000000..dda1919d --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-043-nft-module.mdx @@ -0,0 +1,380 @@ +--- +title: 'ADR 43: NFT Module' +description: >- + 2021-05-01: Initial Draft 2021-07-02: Review updates 2022-06-15: Add batch + operation 2022-11-11: Remove strict validation of classID and tokenID +--- +## Changelog + +* 2021-05-01: Initial Draft +* 2021-07-02: Review updates +* 2022-06-15: Add batch operation +* 2022-11-11: Remove strict validation of classID and tokenID + +## Status + +PROPOSED + +## Abstract + +This ADR defines the `x/nft` module which is a generic implementation of NFTs, roughly "compatible" with ERC721. **Applications using the `x/nft` module must implement the following functions**: + +* `MsgNewClass` - Receive the user's request to create a class, and call the `NewClass` of the `x/nft` module. +* `MsgUpdateClass` - Receive the user's request to update a class, and call the `UpdateClass` of the `x/nft` module. +* `MsgMintNFT` - Receive the user's request to mint a nft, and call the `MintNFT` of the `x/nft` module. +* `BurnNFT` - Receive the user's request to burn a nft, and call the `BurnNFT` of the `x/nft` module. +* `UpdateNFT` - Receive the user's request to update a nft, and call the `UpdateNFT` of the `x/nft` module. + +## Context + +NFTs are more than just crypto art, which is very helpful for accruing value to the Cosmos ecosystem. As a result, Cosmos Hub should implement NFT functions and enable a unified mechanism for storing and sending the ownership representative of NFTs as discussed in [Link](https://github.com/cosmos/cosmos-sdk/discussions/9065). + +As discussed in [#9065](https://github.com/cosmos/cosmos-sdk/discussions/9065), several potential solutions can be considered: + +* irismod/nft and modules/incubator/nft +* CW721 +* DID NFTs +* interNFT + +Since functions/use cases of NFTs are tightly connected with their logic, it is almost impossible to support all the NFTs' use cases in one Cosmos SDK module by defining and implementing different transaction types. + +Considering generic usage and compatibility of interchain protocols including IBC and Gravity Bridge, it is preferred to have a generic NFT module design which handles the generic NFTs logic. +This design idea can enable composability that application-specific functions should be managed by other modules on Cosmos Hub or on other Zones by importing the NFT module. + +The current design is based on the work done by [IRISnet team](https://github.com/irisnet/irismod/tree/master/modules/nft) and an older implementation in the [Cosmos repository](https://github.com/cosmos/modules/tree/master/incubator/nft). + +## Decision + +We create a `x/nft` module, which contains the following functionality: + +* Store NFTs and track their ownership. +* Expose `Keeper` interface for composing modules to transfer, mint and burn NFTs. +* Expose external `Message` interface for users to transfer ownership of their NFTs. +* Query NFTs and their supply information. + +The proposed module is a base module for NFT app logic. It's goal it to provide a common layer for storage, basic transfer functionality and IBC. The module should not be used as a standalone. +Instead an app should create a specialized module to handle app specific logic (eg: NFT ID construction, royalty), user level minting and burning. Moreover an app specialized module should handle auxiliary data to support the app logic (eg indexes, ORM, business data). + +All data carried over IBC must be part of the `NFT` or `Class` type described below. The app specific NFT data should be encoded in `NFT.data` for cross-chain integrity. Other objects related to NFT, which are not important for integrity can be part of the app specific module. + +### Types + +We propose two main types: + +* `Class` -- describes NFT class. We can think about it as a smart contract address. +* `NFT` -- object representing unique, non fungible asset. Each NFT is associated with a Class. + +#### Class + +NFT **Class** is comparable to an ERC-721 smart contract (provides description of a smart contract), under which a collection of NFTs can be created and managed. + +```protobuf +message Class { + string id = 1; + string name = 2; + string symbol = 3; + string description = 4; + string uri = 5; + string uri_hash = 6; + google.protobuf.Any data = 7; +} +``` + +* `id` is used as the primary index for storing the class; *required* +* `name` is a descriptive name of the NFT class; *optional* +* `symbol` is the symbol usually shown on exchanges for the NFT class; *optional* +* `description` is a detailed description of the NFT class; *optional* +* `uri` is a URI for the class metadata stored off chain. It should be a JSON file that contains metadata about the NFT class and NFT data schema ([OpenSea example](https://docs.opensea.io/docs/contract-level-metadata)); *optional* +* `uri_hash` is a hash of the document pointed by uri; *optional* +* `data` is app specific metadata of the class; *optional* + +#### NFT + +We define a general model for `NFT` as follows. + +```protobuf +message NFT { + string class_id = 1; + string id = 2; + string uri = 3; + string uri_hash = 4; + google.protobuf.Any data = 10; +} +``` + +* `class_id` is the identifier of the NFT class where the NFT belongs; *required* + +* `id` is an identifier of the NFT, unique within the scope of its class. It is specified by the creator of the NFT and may be expanded to use DID in the future. `class_id` combined with `id` uniquely identifies an NFT and is used as the primary index for storing the NFT; *required* + + ```text + {class_id}/{id} --> NFT (bytes) + ``` + +* `uri` is a URI for the NFT metadata stored off chain. Should point to a JSON file that contains metadata about this NFT (Ref: [ERC721 standard and OpenSea extension](https://docs.opensea.io/docs/metadata-standards)); *required* + +* `uri_hash` is a hash of the document pointed by uri; *optional* + +* `data` is an app specific data of the NFT. CAN be used by composing modules to specify additional properties of the NFT; *optional* + +This ADR doesn't specify values that `data` can take; however, best practices recommend upper-level NFT modules clearly specify their contents. Although the value of this field doesn't provide the additional context required to manage NFT records, which means that the field can technically be removed from the specification, the field's existence allows basic informational/UI functionality. + +### `Keeper` Interface + +```go expandable +type Keeper interface { + NewClass(ctx sdk.Context,class Class) + +UpdateClass(ctx sdk.Context,class Class) + +Mint(ctx sdk.Context,nft NFT,receiver sdk.AccAddress) // updates totalSupply + BatchMint(ctx sdk.Context, tokens []NFT,receiver sdk.AccAddress) + +error + + Burn(ctx sdk.Context, classId string, nftId string) // updates totalSupply + BatchBurn(ctx sdk.Context, classID string, nftIDs []string) + +error + + Update(ctx sdk.Context, nft NFT) + +BatchUpdate(ctx sdk.Context, tokens []NFT) + +error + + Transfer(ctx sdk.Context, classId string, nftId string, receiver sdk.AccAddress) + +BatchTransfer(ctx sdk.Context, classID string, nftIDs []string, receiver sdk.AccAddress) + +error + + GetClass(ctx sdk.Context, classId string) + +Class + GetClasses(ctx sdk.Context) []Class + + GetNFT(ctx sdk.Context, classId string, nftId string) + +NFT + GetNFTsOfClassByOwner(ctx sdk.Context, classId string, owner sdk.AccAddress) []NFT + GetNFTsOfClass(ctx sdk.Context, classId string) []NFT + + GetOwner(ctx sdk.Context, classId string, nftId string) + +sdk.AccAddress + GetBalance(ctx sdk.Context, classId string, owner sdk.AccAddress) + +uint64 + GetTotalSupply(ctx sdk.Context, classId string) + +uint64 +} +``` + +Other business logic implementations should be defined in composing modules that import `x/nft` and use its `Keeper`. + +### `Msg` Service + +```protobuf expandable +service Msg { + rpc Send(MsgSend) returns (MsgSendResponse); +} + +message MsgSend { + string class_id = 1; + string id = 2; + string sender = 3; + string receiver = 4; +} +message MsgSendResponse {} +``` + +`MsgSend` can be used to transfer the ownership of an NFT to another address. + +The implementation outline of the server is as follows: + +```go expandable +type msgServer struct{ + k Keeper +} + +func (m msgServer) + +Send(ctx context.Context, msg *types.MsgSend) (*types.MsgSendResponse, error) { + // check current ownership + assertEqual(msg.Sender, m.k.GetOwner(msg.ClassId, msg.Id)) + + // transfer ownership + m.k.Transfer(msg.ClassId, msg.Id, msg.Receiver) + +return &types.MsgSendResponse{ +}, nil +} +``` + +The query service methods for the `x/nft` module are: + +```protobuf expandable +service Query { + // Balance queries the number of NFTs of a given class owned by the owner, same as balanceOf in ERC721 + rpc Balance(QueryBalanceRequest) returns (QueryBalanceResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/balance/{owner}/{class_id}"; + } + + // Owner queries the owner of the NFT based on its class and id, same as ownerOf in ERC721 + rpc Owner(QueryOwnerRequest) returns (QueryOwnerResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/owner/{class_id}/{id}"; + } + + // Supply queries the number of NFTs from the given class, same as totalSupply of ERC721. + rpc Supply(QuerySupplyRequest) returns (QuerySupplyResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/supply/{class_id}"; + } + + // NFTs queries all NFTs of a given class or owner,choose at least one of the two, similar to tokenByIndex in ERC721Enumerable + rpc NFTs(QueryNFTsRequest) returns (QueryNFTsResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/nfts"; + } + + // NFT queries an NFT based on its class and id. + rpc NFT(QueryNFTRequest) returns (QueryNFTResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/nfts/{class_id}/{id}"; + } + + // Class queries an NFT class based on its id + rpc Class(QueryClassRequest) returns (QueryClassResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/classes/{class_id}"; + } + + // Classes queries all NFT classes + rpc Classes(QueryClassesRequest) returns (QueryClassesResponse) { + option (google.api.http).get = "/cosmos/nft/v1beta1/classes"; + } +} + +// QueryBalanceRequest is the request type for the Query/Balance RPC method +message QueryBalanceRequest { + string class_id = 1; + string owner = 2; +} + +// QueryBalanceResponse is the response type for the Query/Balance RPC method +message QueryBalanceResponse { + uint64 amount = 1; +} + +// QueryOwnerRequest is the request type for the Query/Owner RPC method +message QueryOwnerRequest { + string class_id = 1; + string id = 2; +} + +// QueryOwnerResponse is the response type for the Query/Owner RPC method +message QueryOwnerResponse { + string owner = 1; +} + +// QuerySupplyRequest is the request type for the Query/Supply RPC method +message QuerySupplyRequest { + string class_id = 1; +} + +// QuerySupplyResponse is the response type for the Query/Supply RPC method +message QuerySupplyResponse { + uint64 amount = 1; +} + +// QueryNFTsRequest is the request type for the Query/NFTs RPC method +message QueryNFTsRequest { + string class_id = 1; + string owner = 2; + cosmos.base.query.v1beta1.PageRequest pagination = 3; +} + +// QueryNFTsResponse is the response type for the Query/NFTs RPC methods +message QueryNFTsResponse { + repeated cosmos.nft.v1beta1.NFT nfts = 1; + cosmos.base.query.v1beta1.PageResponse pagination = 2; +} + +// QueryNFTRequest is the request type for the Query/NFT RPC method +message QueryNFTRequest { + string class_id = 1; + string id = 2; +} + +// QueryNFTResponse is the response type for the Query/NFT RPC method +message QueryNFTResponse { + cosmos.nft.v1beta1.NFT nft = 1; +} + +// QueryClassRequest is the request type for the Query/Class RPC method +message QueryClassRequest { + string class_id = 1; +} + +// QueryClassResponse is the response type for the Query/Class RPC method +message QueryClassResponse { + cosmos.nft.v1beta1.Class class = 1; +} + +// QueryClassesRequest is the request type for the Query/Classes RPC method +message QueryClassesRequest { + // pagination defines an optional pagination for the request. + cosmos.base.query.v1beta1.PageRequest pagination = 1; +} + +// QueryClassesResponse is the response type for the Query/Classes RPC method +message QueryClassesResponse { + repeated cosmos.nft.v1beta1.Class classes = 1; + cosmos.base.query.v1beta1.PageResponse pagination = 2; +} +``` + +### Interoperability + +Interoperability is all about reusing assets between modules and chains. The former one is achieved by ADR-33: Protobuf client - server communication. At the time of writing ADR-33 is not finalized. The latter is achieved by IBC. Here we will focus on the IBC side. +IBC is implemented per module. Here, we aligned that NFTs will be recorded and managed in the x/nft. This requires creation of a new IBC standard and implementation of it. + +For IBC interoperability, NFT custom modules MUST use the NFT object type understood by the IBC client. So, for x/nft interoperability, custom NFT implementations (example: x/cryptokitty) should use the canonical x/nft module and proxy all NFT balance keeping functionality to x/nft or else re-implement all functionality using the NFT object type understood by the IBC client. In other words: x/nft becomes the standard NFT registry for all Cosmos NFTs (example: x/cryptokitty will register a kitty NFT in x/nft and use x/nft for book keeping). This was [discussed](https://github.com/cosmos/cosmos-sdk/discussions/9065#discussioncomment-873206) in the context of using x/bank as a general asset balance book. Not using x/nft will require implementing another module for IBC. + +## Consequences + +### Backward Compatibility + +No backward incompatibilities. + +### Forward Compatibility + +This specification conforms to the ERC-721 smart contract specification for NFT identifiers. Note that ERC-721 defines uniqueness based on (contract address, uint256 tokenId), and we conform to this implicitly because a single module is currently aimed to track NFT identifiers. Note: use of the (mutable) data field to determine uniqueness is not safe. + +### Positive + +* NFT identifiers available on Cosmos Hub. +* Ability to build different NFT modules for the Cosmos Hub, e.g., ERC-721. +* NFT module which supports interoperability with IBC and other cross-chain infrastructures like Gravity Bridge + +### Negative + +* New IBC app is required for x/nft +* CW721 adapter is required + +### Neutral + +* Other functions need more modules. For example, a custody module is needed for NFT trading function, a collectible module is needed for defining NFT properties. + +## Further Discussions + +For other kinds of applications on the Hub, more app-specific modules can be developed in the future: + +* `x/nft/custody`: custody of NFTs to support trading functionality. +* `x/nft/marketplace`: selling and buying NFTs using sdk.Coins. +* `x/fractional`: a module to split an ownership of an asset (NFT or other assets) for multiple stakeholder. `x/group` should work for most of the cases. + +Other networks in the Cosmos ecosystem could design and implement their own NFT modules for specific NFT applications and use cases. + +## References + +* Initial discussion: [Link](https://github.com/cosmos/cosmos-sdk/discussions/9065) +* x/nft: initialize module: [Link](https://github.com/cosmos/cosmos-sdk/pull/9174) +* [ADR 033](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-033-protobuf-inter-module-comm.md) diff --git a/docs/sdk/next/build/architecture/adr-044-protobuf-updates-guidelines.mdx b/docs/sdk/next/build/architecture/adr-044-protobuf-updates-guidelines.mdx new file mode 100644 index 00000000..9f48405d --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-044-protobuf-updates-guidelines.mdx @@ -0,0 +1,133 @@ +--- +title: 'ADR 044: Guidelines for Updating Protobuf Definitions' +description: >- + 28.06.2021: Initial Draft 02.12.2021: Add Since: comment for new fields + 21.07.2022: Remove the rule of no new Msg in the same proto version. +--- +## Changelog + +* 28.06.2021: Initial Draft +* 02.12.2021: Add `Since:` comment for new fields +* 21.07.2022: Remove the rule of no new `Msg` in the same proto version. + +## Status + +Draft + +## Abstract + +This ADR provides guidelines and recommended practices when updating Protobuf definitions. These guidelines are targeting module developers. + +## Context + +The Cosmos SDK maintains a set of [Protobuf definitions](https://github.com/cosmos/cosmos-sdk/tree/main/proto/cosmos). It is important to correctly design Protobuf definitions to avoid any breaking changes within the same version. The reasons are to not break tooling (including indexers and explorers), wallets and other third-party integrations. + +When making changes to these Protobuf definitions, the Cosmos SDK currently only follows [Buf's](https://docs.buf.build/) recommendations. We noticed however that Buf's recommendations might still result in breaking changes in the SDK in some cases. For example: + +* Adding fields to `Msg`s. Adding fields is not a Protobuf spec-breaking operation. However, when adding new fields to `Msg`s, the unknown field rejection will throw an error when sending the new `Msg` to an older node. +* Marking fields as `reserved`. Protobuf proposes the `reserved` keyword for removing fields without the need to bump the package version. However, by doing so, client backwards compatibility is broken as Protobuf doesn't generate anything for `reserved` fields. See [#9446](https://github.com/cosmos/cosmos-sdk/issues/9446) for more details on this issue. + +Moreover, module developers often face other questions around Protobuf definitions such as "Can I rename a field?" or "Can I deprecate a field?" This ADR aims to answer all these questions by providing clear guidelines about allowed updates for Protobuf definitions. + +## Decision + +We decide to keep [Buf's](https://docs.buf.build/) recommendations with the following exceptions: + +* `UNARY_RPC`: the Cosmos SDK currently does not support streaming RPCs. +* `COMMENT_FIELD`: the Cosmos SDK allows fields with no comments. +* `SERVICE_SUFFIX`: we use the `Query` and `Msg` service naming convention, which doesn't use the `-Service` suffix. +* `PACKAGE_VERSION_SUFFIX`: some packages, such as `cosmos.crypto.ed25519`, don't use a version suffix. +* `RPC_REQUEST_STANDARD_NAME`: Requests for the `Msg` service don't have the `-Request` suffix to keep backwards compatibility. + +On top of Buf's recommendations we add the following guidelines that are specific to the Cosmos SDK. + +### Updating Protobuf Definition Without Bumping Version + +#### 1. Module developers MAY add new Protobuf definitions + +Module developers MAY add new `message`s, new `Service`s, new `rpc` endpoints, and new fields to existing messages. This recommendation follows the Protobuf specification, but is added in this document for clarity, as the SDK requires one additional change. + +The SDK requires the Protobuf comment of the new addition to contain one line with the following format: + +```protobuf +// Since: cosmos-sdk {, ...} +``` + +Where each `version` denotes a minor ("0.45") or patch ("0.44.5") version from which the field is available. This will greatly help client libraries, who can optionally use reflection or custom code generation to show/hide these fields depending on the targeted node version. + +As examples, the following comments are valid: + +```protobuf +// Since: cosmos-sdk 0.44 + +// Since: cosmos-sdk 0.42.11, 0.44.5 +``` + +and the following ones are NOT valid: + +```protobuf +// Since cosmos-sdk v0.44 + +// since: cosmos-sdk 0.44 + +// Since: cosmos-sdk 0.42.11 0.44.5 + +// Since: Cosmos SDK 0.42.11, 0.44.5 +``` + +#### 2. Fields MAY be marked as `deprecated`, and nodes MAY implement a protocol-breaking change for handling these fields + +Protobuf supports the [`deprecated` field option](https://developers.google.com/protocol-buffers/docs/proto#options), and this option MAY be used on any field, including `Msg` fields. If a node handles a Protobuf message with a non-empty deprecated field, the node MAY change its behavior upon processing it, even in a protocol-breaking way. When possible, the node MUST handle backwards compatibility without breaking the consensus (unless we increment the proto version). + +As an example, the Cosmos SDK v0.42 to v0.43 update contained two Protobuf-breaking changes, listed below. Instead of bumping the package versions from `v1beta1` to `v1`, the SDK team decided to follow this guideline, by reverting the breaking changes, marking those changes as deprecated, and modifying the node implementation when processing messages with deprecated fields. More specifically: + +* The Cosmos SDK recently removed support for [time-based software upgrades](https://github.com/cosmos/cosmos-sdk/pull/8849). As such, the `time` field has been marked as deprecated in `cosmos.upgrade.v1beta1.Plan`. Moreover, the node will reject any proposal containing an upgrade Plan whose `time` field is non-empty. +* The Cosmos SDK now supports [governance split votes](/docs/sdk/vnext/build/architecture/adr-037-gov-split-vote). When querying for votes, the returned `cosmos.gov.v1beta1.Vote` message has its `option` field (used for 1 vote option) deprecated in favor of its `options` field (allowing multiple vote options). Whenever possible, the SDK still populates the deprecated `option` field, that is, if and only if the `len(options) == 1` and `options[0].Weight == 1.0`. + +#### 3. Fields MUST NOT be renamed + +Whereas the official Protobuf recommendations do not prohibit renaming fields, as it does not break the Protobuf binary representation, the SDK explicitly forbids renaming fields in Protobuf structs. The main reason for this choice is to avoid introducing breaking changes for clients, which often rely on hard-coded fields from generated types. Moreover, renaming fields will lead to client-breaking JSON representations of Protobuf definitions, used in REST endpoints and in the CLI. + +### Incrementing Protobuf Package Version + +TODO, needs architecture review. Some topics: + +* Bumping versions frequency +* When bumping versions, should the Cosmos SDK support both versions? + * i.e. v1beta1 -> v1, should we have two folders in the Cosmos SDK, and handlers for both versions? +* mention ADR-023 Protobuf naming + +## Consequences + +> This section describes the resulting context, after applying the decision. All consequences should be listed here, not just the "positive" ones. A particular decision may have positive, negative, and neutral consequences, but all of them affect the team and project in the future. + +### Backwards Compatibility + +> All ADRs that introduce backwards incompatibilities must include a section describing these incompatibilities and their severity. The ADR must explain how the author proposes to deal with these incompatibilities. ADR submissions without a sufficient backwards compatibility treatise may be rejected outright. + +### Positive + +* less pain to tool developers +* more compatibility in the ecosystem +* ... + +### Negative + +`{negative consequences}` + +### Neutral + +* more rigor in Protobuf review + +## Further Discussions + +This ADR is still in the DRAFT stage, and the "Incrementing Protobuf Package Version" will be filled in once we make a decision on how to correctly do it. + +## Test Cases \[optional] + +Test cases for an implementation are mandatory for ADRs that are affecting consensus changes. Other ADRs can choose to include links to test cases if applicable. + +## References + +* [#9445](https://github.com/cosmos/cosmos-sdk/issues/9445) Release proto definitions v1 +* [#9446](https://github.com/cosmos/cosmos-sdk/issues/9446) Address v1beta1 proto breaking changes diff --git a/docs/sdk/next/build/architecture/adr-045-check-delivertx-middlewares.mdx b/docs/sdk/next/build/architecture/adr-045-check-delivertx-middlewares.mdx new file mode 100644 index 00000000..ceb5d85b --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-045-check-delivertx-middlewares.mdx @@ -0,0 +1,343 @@ +--- +description: >- + 20.08.2021: Initial draft. 07.12.2021: Update tx.Handler interface (\#10693). + 17.05.2022: ADR is abandoned, as middlewares are deemed too hard to reason + about. +--- +## Changelog + +* 20.08.2021: Initial draft. +* 07.12.2021: Update `tx.Handler` interface ([#10693](https://github.com/cosmos/cosmos-sdk/pull/10693)). +* 17.05.2022: ADR is abandoned, as middlewares are deemed too hard to reason about. + +## Status + +ABANDONED. Replacement is being discussed in [#11955](https://github.com/cosmos/cosmos-sdk/issues/11955). + +## Abstract + +This ADR replaces the current BaseApp `runTx` and antehandlers design with a middleware-based design. + +## Context + +BaseApp's implementation of ABCI `{Check,Deliver}Tx()` and its own `Simulate()` method call the `runTx` method under the hood, which first runs antehandlers, then executes `Msg`s. However, the [transaction Tips](https://github.com/cosmos/cosmos-sdk/issues/9406) and [refunding unused gas](https://github.com/cosmos/cosmos-sdk/issues/2150) use cases require custom logic to be run after the `Msg`s execution. There is currently no way to achieve this. + +A naive solution would be to add post-`Msg` hooks to BaseApp. However, the Cosmos SDK team thinks in parallel about the bigger picture of making app wiring simpler ([#9181](https://github.com/cosmos/cosmos-sdk/discussions/9182)), which includes making BaseApp more lightweight and modular. + +## Decision + +We decide to transform Baseapp's implementation of ABCI `{Check,Deliver}Tx` and its own `Simulate` methods to use a middleware-based design. + +The two following interfaces are the base of the middleware design, and are defined in `types/tx`: + +```go +type Handler interface { + CheckTx(ctx context.Context, req Request, checkReq RequestCheckTx) (Response, ResponseCheckTx, error) + +DeliverTx(ctx context.Context, req Request) (Response, error) + +SimulateTx(ctx context.Context, req Request (Response, error) +} + +type Middleware func(Handler) + +Handler +``` + +where we define the following arguments and return types: + +```go expandable +type Request struct { + Tx sdk.Tx + TxBytes []byte +} + +type Response struct { + GasWanted uint64 + GasUsed uint64 + // MsgResponses is an array containing each Msg service handler's response + // type, packed in an Any. This will get proto-serialized into the `Data` field + // in the ABCI Check/DeliverTx responses. + MsgResponses []*codectypes.Any + Log string + Events []abci.Event +} + +type RequestCheckTx struct { + Type abci.CheckTxType +} + +type ResponseCheckTx struct { + Priority int64 +} +``` + +Please note that because CheckTx handles separate logic related to mempool prioritization, its signature is different than DeliverTx and SimulateTx. + +BaseApp holds a reference to a `tx.Handler`: + +```go +type BaseApp struct { + // other fields + txHandler tx.Handler +} +``` + +Baseapp's ABCI `{Check,Deliver}Tx()` and `Simulate()` methods simply call `app.txHandler.{Check,Deliver,Simulate}Tx()` with the relevant arguments. For example, for `DeliverTx`: + +```go expandable +func (app *BaseApp) + +DeliverTx(req abci.RequestDeliverTx) + +abci.ResponseDeliverTx { + var abciRes abci.ResponseDeliverTx + ctx := app.getContextForTx(runTxModeDeliver, req.Tx) + +res, err := app.txHandler.DeliverTx(ctx, tx.Request{ + TxBytes: req.Tx +}) + if err != nil { + abciRes = sdkerrors.ResponseDeliverTx(err, uint64(res.GasUsed), uint64(res.GasWanted), app.trace) + +return abciRes +} + +abciRes, err = convertTxResponseToDeliverTx(res) + if err != nil { + return sdkerrors.ResponseDeliverTx(err, uint64(res.GasUsed), uint64(res.GasWanted), app.trace) +} + +return abciRes +} + +// convertTxResponseToDeliverTx converts a tx.Response into a abci.ResponseDeliverTx. +func convertTxResponseToDeliverTx(txRes tx.Response) (abci.ResponseDeliverTx, error) { + data, err := makeABCIData(txRes) + if err != nil { + return abci.ResponseDeliverTx{ +}, nil +} + +return abci.ResponseDeliverTx{ + Data: data, + Log: txRes.Log, + Events: txRes.Events, +}, nil +} + +// makeABCIData generates the Data field to be sent to ABCI Check/DeliverTx. +func makeABCIData(txRes tx.Response) ([]byte, error) { + return proto.Marshal(&sdk.TxMsgData{ + MsgResponses: txRes.MsgResponses +}) +} +``` + +The implementations are similar for `BaseApp.CheckTx` and `BaseApp.Simulate`. + +`baseapp.txHandler`'s three methods' implementations can obviously be monolithic functions, but for modularity we propose a middleware composition design, where a middleware is simply a function that takes a `tx.Handler`, and returns another `tx.Handler` wrapped around the previous one. + +### Implementing a Middleware + +In practice, middlewares are created by Go function that takes as arguments some parameters needed for the middleware, and returns a `tx.Middleware`. + +For example, for creating an arbitrary `MyMiddleware`, we can implement: + +```go expandable +// myTxHandler is the tx.Handler of this middleware. Note that it holds a +// reference to the next tx.Handler in the stack. +type myTxHandler struct { + // next is the next tx.Handler in the middleware stack. + next tx.Handler + // some other fields that are relevant to the middleware can be added here +} + +// NewMyMiddleware returns a middleware that does this and that. +func NewMyMiddleware(arg1, arg2) + +tx.Middleware { + return func (txh tx.Handler) + +tx.Handler { + return myTxHandler{ + next: txh, + // optionally, set arg1, arg2... if they are needed in the middleware +} + +} +} + +// Assert myTxHandler is a tx.Handler. +var _ tx.Handler = myTxHandler{ +} + +func (h myTxHandler) + +CheckTx(ctx context.Context, req Request, checkReq RequestcheckTx) (Response, ResponseCheckTx, error) { + // CheckTx specific pre-processing logic + + // run the next middleware + res, checkRes, err := txh.next.CheckTx(ctx, req, checkReq) + + // CheckTx specific post-processing logic + + return res, checkRes, err +} + +func (h myTxHandler) + +DeliverTx(ctx context.Context, req Request) (Response, error) { + // DeliverTx specific pre-processing logic + + // run the next middleware + res, err := txh.next.DeliverTx(ctx, tx, req) + + // DeliverTx specific post-processing logic + + return res, err +} + +func (h myTxHandler) + +SimulateTx(ctx context.Context, req Request) (Response, error) { + // SimulateTx specific pre-processing logic + + // run the next middleware + res, err := txh.next.SimulateTx(ctx, tx, req) + + // SimulateTx specific post-processing logic + + return res, err +} +``` + +### Composing Middlewares + +While BaseApp simply holds a reference to a `tx.Handler`, this `tx.Handler` itself is defined using a middleware stack. The Cosmos SDK exposes a base (i.e. innermost) `tx.Handler` called `RunMsgsTxHandler`, which executes messages. + +Then, the app developer can compose multiple middlewares on top of the base `tx.Handler`. Each middleware can run pre-and-post-processing logic around its next middleware, as described in the section above. Conceptually, as an example, given the middlewares `A`, `B`, and `C` and the base `tx.Handler` `H` the stack looks like: + +```text +A.pre + B.pre + C.pre + H # The base tx.handler, for example `RunMsgsTxHandler` + C.post + B.post +A.post +``` + +We define a `ComposeMiddlewares` function for composing middlewares. It takes the base handler as first argument, and middlewares in the "outer to inner" order. For the above stack, the final `tx.Handler` is: + +```go +txHandler := middleware.ComposeMiddlewares(H, A, B, C) +``` + +The middleware is set in BaseApp via its `SetTxHandler` setter: + +```go +// simapp/app.go + txHandler := middleware.ComposeMiddlewares(...) + +app.SetTxHandler(txHandler) +``` + +The app developer can define their own middlewares, or use the Cosmos SDK's pre-defined middlewares from `middleware.NewDefaultTxHandler()`. + +### Middlewares Maintained by the Cosmos SDK + +While the app developer can define and compose the middlewares of their choice, the Cosmos SDK provides a set of middlewares that caters for the ecosystem's most common use cases. These middlewares are: + +| Middleware | Description | +| ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| RunMsgsTxHandler | This is the base `tx.Handler`. It replaces the old baseapp's `runMsgs`, and executes a transaction's `Msg`s. | +| TxDecoderMiddleware | This middleware takes in transaction raw bytes, and decodes them into a `sdk.Tx`. It replaces the `baseapp.txDecoder` field, so that BaseApp stays as thin as possible. Since most middlewares read the contents of the `sdk.Tx`, the TxDecoderMiddleware should be run first in the middleware stack. | +| `{Antehandlers}` | Each antehandler is converted to its own middleware. These middlewares perform signature verification, fee deductions and other validations on the incoming transaction. | +| IndexEventsTxMiddleware | This is a simple middleware that chooses which events to index in Tendermint. Replaces `baseapp.indexEvents` (which unfortunately still exists in baseapp too, because it's used to index Begin/EndBlock events) | +| RecoveryTxMiddleware | This index recovers from panics. It replaces baseapp.runTx's panic recovery described in [ADR-022](/docs/sdk/vnext/build/architecture/adr-022-custom-panic-handling). | +| GasTxMiddleware | This replaces the [`Setup`](https://github.com/cosmos/cosmos-sdk/blob/v0.43.0/x/auth/ante/setup.go) Antehandler. It sets a GasMeter on sdk.Context. Note that before, GasMeter was set on sdk.Context inside the antehandlers, and there was some mess around the fact that antehandlers had their own panic recovery system so that the GasMeter could be read by baseapp's recovery system. Now, this mess is all removed: one middleware sets GasMeter, another one handles recovery. | + +### Similarities and Differences between Antehandlers and Middlewares + +The middleware-based design builds upon the existing antehandlers design described in [ADR-010](/docs/sdk/vnext/build/architecture/adr-010-modular-antehandler). Even though the final decision of ADR-010 was to go with the "Simple Decorators" approach, the middleware design is actually very similar to the other [Decorator Pattern](/docs/sdk/vnext/build/architecture/adr-010-modular-antehandler#decorator-pattern) proposal, also used in [weave](https://github.com/iov-one/weave). + +#### Similarities with Antehandlers + +* Designed as chaining/composing small modular pieces. +* Allow code reuse for `{Check,Deliver}Tx` and for `Simulate`. +* Set up in `app.go`, and easily customizable by app developers. +* Order is important. + +#### Differences with Antehandlers + +* The Antehandlers are run before `Msg` execution, whereas middlewares can run before and after. +* The middleware approach uses separate methods for `{Check,Deliver,Simulate}Tx`, whereas the antehandlers pass a `simulate bool` flag and uses the `sdkCtx.Is{Check,Recheck}Tx()` flags to determine in which transaction mode we are. +* The middleware design lets each middleware hold a reference to the next middleware, whereas the antehandlers pass a `next` argument in the `AnteHandle` method. +* The middleware design use Go's standard `context.Context`, whereas the antehandlers use `sdk.Context`. + +## Consequences + +### Backwards Compatibility + +Since this refactor removes some logic away from BaseApp and into middlewares, it introduces API-breaking changes for app developers. Most notably, instead of creating an antehandler chain in `app.go`, app developers need to create a middleware stack: + +```diff expandable +- anteHandler, err := ante.NewAnteHandler( +- ante.HandlerOptions{ +- AccountKeeper: app.AccountKeeper, +- BankKeeper: app.BankKeeper, +- SignModeHandler: encodingConfig.TxConfig.SignModeHandler(), +- FeegrantKeeper: app.FeeGrantKeeper, +- SigGasConsumer: ante.DefaultSigVerificationGasConsumer, +- }, +-) ++txHandler, err := authmiddleware.NewDefaultTxHandler(authmiddleware.TxHandlerOptions{ ++ Debug: app.Trace(), ++ IndexEvents: indexEvents, ++ LegacyRouter: app.legacyRouter, ++ MsgServiceRouter: app.msgSvcRouter, ++ LegacyAnteHandler: anteHandler, ++ TxDecoder: encodingConfig.TxConfig.TxDecoder, ++}) +if err != nil { + panic(err) +} +- app.SetAnteHandler(anteHandler) ++ app.SetTxHandler(txHandler) +``` + +Other more minor API breaking changes will also be provided in the CHANGELOG. As usual, the Cosmos SDK will provide a release migration document for app developers. + +This ADR does not introduce any state-machine-, client- or CLI-breaking changes. + +### Positive + +* Allow custom logic to be run before an after `Msg` execution. This enables the [tips](https://github.com/cosmos/cosmos-sdk/issues/9406) and [gas refund](https://github.com/cosmos/cosmos-sdk/issues/2150) uses cases, and possibly other ones. +* Make BaseApp more lightweight, and defer complex logic to small modular components. +* Separate paths for `{Check,Deliver,Simulate}Tx` with different returns types. This allows for improved readability (replace `if sdkCtx.IsRecheckTx() && !simulate {...}` with separate methods) and more flexibility (e.g. returning a `priority` in `ResponseCheckTx`). + +### Negative + +* It is hard to understand at first glance the state updates that would occur after a middleware runs given the `sdk.Context` and `tx`. A middleware can have an arbitrary number of nested middleware being called within its function body, each possibly doing some pre- and post-processing before calling the next middleware on the chain. Thus to understand what a middleware is doing, one must also understand what every other middleware further along the chain is also doing, and the order of middlewares matters. This can get quite complicated to understand. +* API-breaking changes for app developers. + +### Neutral + +No neutral consequences. + +## Further Discussions + +* [#9934](https://github.com/cosmos/cosmos-sdk/discussions/9934) Decomposing BaseApp's other ABCI methods into middlewares. +* Replace `sdk.Tx` interface with the concrete protobuf Tx type in the `tx.Handler` methods signature. + +## Test Cases + +We update the existing baseapp and antehandlers tests to use the new middleware API, but keep the same test cases and logic, to avoid introducing regressions. Existing CLI tests will also be left untouched. + +For new middlewares, we introduce unit tests. Since middlewares are purposefully small, unit tests suit well. + +## References + +* Initial discussion: [Link](https://github.com/cosmos/cosmos-sdk/issues/9585) +* Implementation: [#9920 BaseApp refactor](https://github.com/cosmos/cosmos-sdk/pull/9920) and [#10028 Antehandlers migration](https://github.com/cosmos/cosmos-sdk/pull/10028) diff --git a/docs/sdk/next/build/architecture/adr-046-module-params.mdx b/docs/sdk/next/build/architecture/adr-046-module-params.mdx new file mode 100644 index 00000000..887783ed --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-046-module-params.mdx @@ -0,0 +1,190 @@ +--- +title: 'ADR 046: Module Params' +description: 'Sep 22, 2021: Initial Draft' +--- +## Changelog + +* Sep 22, 2021: Initial Draft + +## Status + +Proposed + +## Abstract + +This ADR describes an alternative approach to how Cosmos SDK modules use, interact, +and store their respective parameters. + +## Context + +Currently, in the Cosmos SDK, modules that require the use of parameters use the +`x/params` module. The `x/params` works by having modules define parameters, +typically via a simple `Params` structure, and registering that structure in +the `x/params` module via a unique `Subspace` that belongs to the respective +registering module. The registering module then has unique access to its respective +`Subspace`. Through this `Subspace`, the module can get and set its `Params` +structure. + +In addition, the Cosmos SDK's `x/gov` module has direct support for changing +parameters on-chain via a `ParamChangeProposal` governance proposal type, where +stakeholders can vote on suggested parameter changes. + +There are various tradeoffs to using the `x/params` module to manage individual +module parameters. Namely, managing parameters essentially comes for "free" in +that developers only need to define the `Params` struct, the `Subspace`, and the +various auxiliary functions, e.g. `ParamSetPairs`, on the `Params` type. However, +there are some notable drawbacks. These drawbacks include the fact that parameters +are serialized in state via JSON which is extremely slow. In addition, parameter +changes via `ParamChangeProposal` governance proposals have no way of reading from +or writing to state. In other words, it is currently not possible to have any +state transitions in the application during an attempt to change param(s). + +## Decision + +We will build off of the alignment of `x/gov` and `x/authz` work per +[#9810](https://github.com/cosmos/cosmos-sdk/pull/9810). Namely, module developers +will create one or more unique parameter data structures that must be serialized +to state. The Param data structures must implement `sdk.Msg` interface with respective +Protobuf Msg service method which will validate and update the parameters with all +necessary changes. The `x/gov` module via the work done in +[#9810](https://github.com/cosmos/cosmos-sdk/pull/9810), will dispatch Param +messages, which will be handled by Protobuf Msg services. + +Note, it is up to developers to decide how to structure their parameters and +the respective `sdk.Msg` messages. Consider the parameters currently defined in +`x/auth` using the `x/params` module for parameter management: + +```protobuf +message Params { + uint64 max_memo_characters = 1; + uint64 tx_sig_limit = 2; + uint64 tx_size_cost_per_byte = 3; + uint64 sig_verify_cost_ed25519 = 4; + uint64 sig_verify_cost_secp256k1 = 5; +} +``` + +Developers can choose to either create a unique data structure for every field in +`Params` or they can create a single `Params` structure as outlined above in the +case of `x/auth`. + +In the former, `x/params`, approach, a `sdk.Msg` would need to be created for every single +field along with a handler. This can become burdensome if there are a lot of +parameter fields. In the latter case, there is only a single data structure and +thus only a single message handler, however, the message handler might have to be +more sophisticated in that it might need to understand what parameters are being +changed vs what parameters are untouched. + +Params change proposals are made using the `x/gov` module. Execution is done through +`x/authz` authorization to the root `x/gov` module's account. + +Continuing to use `x/auth`, we demonstrate a more complete example: + +```go expandable +type Params struct { + MaxMemoCharacters uint64 + TxSigLimit uint64 + TxSizeCostPerByte uint64 + SigVerifyCostED25519 uint64 + SigVerifyCostSecp256k1 uint64 +} + +type MsgUpdateParams struct { + MaxMemoCharacters uint64 + TxSigLimit uint64 + TxSizeCostPerByte uint64 + SigVerifyCostED25519 uint64 + SigVerifyCostSecp256k1 uint64 +} + +type MsgUpdateParamsResponse struct { +} + +func (ms msgServer) + +UpdateParams(goCtx context.Context, msg *types.MsgUpdateParams) (*types.MsgUpdateParamsResponse, error) { + ctx := sdk.UnwrapSDKContext(goCtx) + + // verification logic... + + // persist params + params := ParamsFromMsg(msg) + +ms.SaveParams(ctx, params) + +return &types.MsgUpdateParamsResponse{ +}, nil +} + +func ParamsFromMsg(msg *types.MsgUpdateParams) + +Params { + // ... +} +``` + +A gRPC `Service` query should also be provided, for example: + +```protobuf expandable +service Query { + // ... + + rpc Params(QueryParamsRequest) returns (QueryParamsResponse) { + option (google.api.http).get = "/cosmos//v1beta1/params"; + } +} + +message QueryParamsResponse { + Params params = 1 [(gogoproto.nullable) = false]; +} +``` + +## Consequences + +As a result of implementing the module parameter methodology, we gain the ability +for module parameter changes to be stateful and extensible to fit nearly every +application's use case. We will be able to emit events (and trigger hooks registered +to that events using the work proposed in [event hooks](https://github.com/cosmos/cosmos-sdk/discussions/9656)), +call other Msg service methods or perform migration. +In addition, there will be significant gains in performance when it comes to reading +and writing parameters from and to state, especially if a specific set of parameters +are read on a consistent basis. + +However, this methodology will require developers to implement more types and +Msg service methods which can become burdensome if many parameters exist. In addition, +developers are required to implement persistence logics of module parameters. +However, this should be trivial. + +### Backwards Compatibility + +The new method for working with module parameters is naturally not backwards +compatible with the existing `x/params` module. However, the `x/params` will +remain in the Cosmos SDK and will be marked as deprecated with no additional +functionality being added apart from potential bug fixes. Note, the `x/params` +module may be removed entirely in a future release. + +### Positive + +* Module parameters are serialized more efficiently +* Modules are able to react on parameters changes and perform additional actions. +* Special events can be emitted, allowing hooks to be triggered. + +### Negative + +* Module parameters become slightly more burdensome for module developers: + * Modules are now responsible for persisting and retrieving parameter state + * Modules are now required to have unique message handlers to handle parameter + changes per unique parameter data structure. + +### Neutral + +* Requires [#9810](https://github.com/cosmos/cosmos-sdk/pull/9810) to be reviewed + and merged. + +{/* ## Further Discussions While an ADR is in the DRAFT or PROPOSED stage, this section should contain a summary of issues to be solved in future iterations (usually referencing comments from a pull-request discussion). Later, this section can optionally list ideas or improvements the author or reviewers found during the analysis of this ADR. */} + +## References + +* [Link](https://github.com/cosmos/cosmos-sdk/pull/9810) +* [Link](https://github.com/cosmos/cosmos-sdk/issues/9438) +* [Link](https://github.com/cosmos/cosmos-sdk/discussions/9913) diff --git a/docs/sdk/next/build/architecture/adr-047-extend-upgrade-plan.mdx b/docs/sdk/next/build/architecture/adr-047-extend-upgrade-plan.mdx new file mode 100644 index 00000000..9a58c239 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-047-extend-upgrade-plan.mdx @@ -0,0 +1,261 @@ +--- +title: 'ADR 047: Extend Upgrade Plan' +description: >- + Nov, 23, 2021: Initial Draft May, 16, 2023: Proposal ABANDONED. prerun and + postrun are not necessary anymore and adding the artifacts brings minor + benefits. +--- +## Changelog + +* Nov, 23, 2021: Initial Draft +* May, 16, 2023: Proposal ABANDONED. `pre_run` and `post_run` are not necessary anymore and adding the `artifacts` brings minor benefits. + +## Status + +ABANDONED + +## Abstract + +This ADR expands the existing x/upgrade `Plan` proto message to include new fields for defining pre-run and post-run processes within upgrade tooling. +It also defines a structure for providing downloadable artifacts involved in an upgrade. + +## Context + +The `upgrade` module in conjunction with Cosmovisor are designed to facilitate and automate a blockchain's transition from one version to another. + +Users submit a software upgrade governance proposal containing an upgrade `Plan`. +The [Plan](https://github.com/cosmos/cosmos-sdk/blob/v0.44.5/proto/cosmos/upgrade/v1beta1/upgrade.proto#L12) currently contains the following fields: + +* `name`: A short string identifying the new version. +* `height`: The chain height at which the upgrade is to be performed. +* `info`: A string containing information about the upgrade. + +The `info` string can be anything. +However, Cosmovisor will try to use the `info` field to automatically download a new version of the blockchain executable. +For the auto-download to work, Cosmovisor expects it to be either a stringified JSON object (with a specific structure defined through documentation), or a URL that will return such JSON. +The JSON object identifies URLs used to download the new blockchain executable for different platforms (OS and Architecture, e.g. "linux/amd64"). +Such a URL can either return the executable file directly or can return an archive containing the executable and possibly other assets. + +If the URL returns an archive, it is decompressed into `{DAEMON_HOME}/cosmovisor/{upgrade name}`. +Then, if `{DAEMON_HOME}/cosmovisor/{upgrade name}/bin/{DAEMON_NAME}` does not exist, but `{DAEMON_HOME}/cosmovisor/{upgrade name}/{DAEMON_NAME}` does, the latter is copied to the former. +If the URL returns something other than an archive, it is downloaded to `{DAEMON_HOME}/cosmovisor/{upgrade name}/bin/{DAEMON_NAME}`. + +If an upgrade height is reached and the new version of the executable version isn't available, Cosmovisor will stop running. + +Both `DAEMON_HOME` and `DAEMON_NAME` are [environment variables used to configure Cosmovisor](https://github.com/cosmos/cosmos-sdk/blob/cosmovisor/v1.0.0/cosmovisor/README.md#command-line-arguments-and-environment-variables). + +Currently, there is no mechanism that makes Cosmovisor run a command after the upgraded chain has been restarted. + +The current upgrade process has this timeline: + +1. An upgrade governance proposal is submitted and approved. +2. The upgrade height is reached. +3. The `x/upgrade` module writes the `upgrade_info.json` file. +4. The chain halts. +5. Cosmovisor backs up the data directory (if set up to do so). +6. Cosmovisor downloads the new executable (if not already in place). +7. Cosmovisor executes the `${DAEMON_NAME} pre-upgrade`. +8. Cosmovisor restarts the app using the new version and same args originally provided. + +## Decision + +### Protobuf Updates + +We will update the `x/upgrade.Plan` message for providing upgrade instructions. +The upgrade instructions will contain a list of artifacts available for each platform. +It allows for the definition of a pre-run and post-run commands. +These commands are not consensus guaranteed; they will be executed by Cosmovisor (or other) during its upgrade handling. + +```protobuf +message Plan { + // ... (existing fields) + + UpgradeInstructions instructions = 6; +} +``` + +The new `UpgradeInstructions instructions` field MUST be optional. + +```protobuf +message UpgradeInstructions { + string pre_run = 1; + string post_run = 2; + repeated Artifact artifacts = 3; + string description = 4; +} +``` + +All fields in the `UpgradeInstructions` are optional. + +* `pre_run` is a command to run prior to the upgraded chain restarting. + If defined, it will be executed after halting and downloading the new artifact but before restarting the upgraded chain. + The working directory this command runs from MUST be `{DAEMON_HOME}/cosmovisor/{upgrade name}`. + This command MUST behave the same as the current [pre-upgrade](https://github.com/cosmos/cosmos-sdk/blob/v0.44.5/docs/migrations/pre-upgrade.md) command. + It does not take in any command-line arguments and is expected to terminate with the following exit codes: + + | Exit status code | How it is handled in Cosmovisor | + | ---------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | + | `0` | Assumes `pre-upgrade` command executed successfully and continues the upgrade. | + | `1` | Default exit code when `pre-upgrade` command has not been implemented. | + | `30` | `pre-upgrade` command was executed but failed. This fails the entire upgrade. | + | `31` | `pre-upgrade` command was executed but failed. But the command is retried until exit code `1` or `30` are returned. | + | If defined, then the app supervisors (e.g. Cosmovisor) MUST NOT run `app pre-run`. | | + +* `post_run` is a command to run after the upgraded chain has been started. If defined, this command MUST be only executed at most once by an upgrading node. + The output and exit code SHOULD be logged but SHOULD NOT affect the running of the upgraded chain. + The working directory this command runs from MUST be `{DAEMON_HOME}/cosmovisor/{upgrade name}`. + +* `artifacts` define items to be downloaded. + It SHOULD have only one entry per platform. + +* `description` contains human-readable information about the upgrade and might contain references to external resources. + It SHOULD NOT be used for structured processing information. + +```protobuf +message Artifact { + string platform = 1; + string url = 2; + string checksum = 3; + string checksum_algo = 4; +} +``` + +* `platform` is a required string that SHOULD be in the format `{OS}/{CPU}`, e.g. `"linux/amd64"`. + The string `"any"` SHOULD also be allowed. + An `Artifact` with a `platform` of `"any"` SHOULD be used as a fallback when a specific `{OS}/{CPU}` entry is not found. + That is, if an `Artifact` exists with a `platform` that matches the system's OS and CPU, that should be used; + otherwise, if an `Artifact` exists with a `platform` of `any`, that should be used; + otherwise no artifact should be downloaded. +* `url` is a required URL string that MUST conform to [RFC 1738: Uniform Resource Locators](https://www.ietf.org/rfc/rfc1738.txt). + A request to this `url` MUST return either an executable file or an archive containing either `bin/{DAEMON_NAME}` or `{DAEMON_NAME}`. + The URL should not contain checksum - it should be specified by the `checksum` attribute. +* `checksum` is a checksum of the expected result of a request to the `url`. + It is not required, but is recommended. + If provided, it MUST be a hex encoded checksum string. + Tools utilizing these `UpgradeInstructions` MUST fail if a `checksum` is provided but is different from the checksum of the result returned by the `url`. +* `checksum_algo` is a string identifying the algorithm used to generate the `checksum`. + Recommended algorithms: `sha256`, `sha512`. + Algorithms also supported (but not recommended): `sha1`, `md5`. + If a `checksum` is provided, a `checksum_algo` MUST also be provided. + +A `url` is not required to contain a `checksum` query parameter. +If the `url` does contain a `checksum` query parameter, the `checksum` and `checksum_algo` fields MUST also be populated, and their values MUST match the value of the query parameter. +For example, if the `url` is `"https://example.com?checksum=md5:d41d8cd98f00b204e9800998ecf8427e"`, then the `checksum` field must be `"d41d8cd98f00b204e9800998ecf8427e"` and the `checksum_algo` field must be `"md5"`. + +### Upgrade Module Updates + +If an upgrade `Plan` does not use the new `UpgradeInstructions` field, existing functionality will be maintained. +The parsing of the `info` field as either a URL or `binaries` JSON will be deprecated. +During validation, if the `info` field is used as such, a warning will be issued, but not an error. + +We will update the creation of the `upgrade-info.json` file to include the `UpgradeInstructions`. + +We will update the optional validation available via CLI to account for the new `Plan` structure. +We will add the following validation: + +1. If `UpgradeInstructions` are provided: + 1. There MUST be at least one entry in `artifacts`. + 2. All of the `artifacts` MUST have a unique `platform`. + 3. For each `Artifact`, if the `url` contains a `checksum` query parameter: + 1. The `checksum` query parameter value MUST be in the format of `{checksum_algo}:{checksum}`. + 2. The `{checksum}` from the query parameter MUST equal the `checksum` provided in the `Artifact`. + 3. The `{checksum_algo}` from the query parameter MUST equal the `checksum_algo` provided in the `Artifact`. +2. The following validation is currently done using the `info` field. We will apply similar validation to the `UpgradeInstructions`. + For each `Artifact`: + 1. The `platform` MUST have the format `{OS}/{CPU}` or be `"any"`. + 2. The `url` field MUST NOT be empty. + 3. The `url` field MUST be a proper URL. + 4. A `checksum` MUST be provided either in the `checksum` field or as a query parameter in the `url`. + 5. If the `checksum` field has a value and the `url` also has a `checksum` query parameter, the two values MUST be equal. + 6. The `url` MUST return either a file or an archive containing either `bin/{DAEMON_NAME}` or `{DAEMON_NAME}`. + 7. If a `checksum` is provided (in the field or as a query param), the checksum of the result of the `url` MUST equal the provided checksum. + +Downloading of an `Artifact` will happen the same way that URLs from `info` are currently downloaded. + +### Cosmovisor Updates + +If the `upgrade-info.json` file does not contain any `UpgradeInstructions`, existing functionality will be maintained. + +We will update Cosmovisor to look for and handle the new `UpgradeInstructions` in `upgrade-info.json`. +If the `UpgradeInstructions` are provided, we will do the following: + +1. The `info` field will be ignored. +2. The `artifacts` field will be used to identify the artifact to download based on the `platform` that Cosmovisor is running in. +3. If a `checksum` is provided (either in the field or as a query param in the `url`), and the downloaded artifact has a different checksum, the upgrade process will be interrupted and Cosmovisor will exit with an error. +4. If a `pre_run` command is defined, it will be executed at the same point in the process where the `app pre-upgrade` command would have been executed. + It will be executed using the same environment as other commands run by Cosmovisor. +5. If a `post_run` command is defined, it will be executed after executing the command that restarts the chain. + It will be executed in a background process using the same environment as the other commands. + Any output generated by the command will be logged. + Once complete, the exit code will be logged. + +We will deprecate the use of the `info` field for anything other than human readable information. +A warning will be logged if the `info` field is used to define the assets (either by URL or JSON). + +The new upgrade timeline is very similar to the current one. Changes are in bold: + +1. An upgrade governance proposal is submitted and approved. +2. The upgrade height is reached. +3. The `x/upgrade` module writes the `upgrade_info.json` file **(now possibly with `UpgradeInstructions`)**. +4. The chain halts. +5. Cosmovisor backs up the data directory (if set up to do so). +6. Cosmovisor downloads the new executable (if not already in place). +7. Cosmovisor executes **the `pre_run` command if provided**, or else the `${DAEMON_NAME} pre-upgrade` command. +8. Cosmovisor restarts the app using the new version and same args originally provided. +9. **Cosmovisor immediately runs the `post_run` command in a detached process.** + +## Consequences + +### Backwards Compatibility + +Since the only change to existing definitions is the addition of the `instructions` field to the `Plan` message, and that field is optional, there are no backwards incompatibilities with respects to the proto messages. +Additionally, current behavior will be maintained when no `UpgradeInstructions` are provided, so there are no backwards incompatibilities with respects to either the upgrade module or Cosmovisor. + +### Forwards Compatibility + +In order to utilize the `UpgradeInstructions` as part of a software upgrade, both of the following must be true: + +1. The chain must already be using a sufficiently advanced version of the Cosmos SDK. +2. The chain's nodes must be using a sufficiently advanced version of Cosmovisor. + +### Positive + +1. The structure for defining artifacts is clearer since it is now defined in the proto instead of in documentation. +2. Availability of a pre-run command becomes more obvious. +3. A post-run command becomes possible. + +### Negative + +1. The `Plan` message becomes larger. This is negligible because A) the `x/upgrades` module only stores at most one upgrade plan, and B) upgrades are rare enough that the increased gas cost isn't a concern. +2. There is no option for providing a URL that will return the `UpgradeInstructions`. +3. The only way to provide multiple assets (executables and other files) for a platform is to use an archive as the platform's artifact. + +### Neutral + +1. Existing functionality of the `info` field is maintained when the `UpgradeInstructions` aren't provided. + +## Further Discussions + +1. [Draft PR #10032 Comment](https://github.com/cosmos/cosmos-sdk/pull/10032/files?authenticity_token=pLtzpnXJJB%2Fif2UWiTp9Td3MvRrBF04DvjSuEjf1azoWdLF%2BSNymVYw9Ic7VkqHgNLhNj6iq9bHQYnVLzMXd4g%3D%3D\&file-filters%5B%5D=.go\&file-filters%5B%5D=.proto#r698708349): + Consider different names for `UpgradeInstructions instructions` (either the message type or field name). +2. [Draft PR #10032 Comment](https://github.com/cosmos/cosmos-sdk/pull/10032/files?authenticity_token=pLtzpnXJJB%2Fif2UWiTp9Td3MvRrBF04DvjSuEjf1azoWdLF%2BSNymVYw9Ic7VkqHgNLhNj6iq9bHQYnVLzMXd4g%3D%3D\&file-filters%5B%5D=.go\&file-filters%5B%5D=.proto#r754655072): + 1. Consider putting the `string platform` field inside `UpgradeInstructions` and make `UpgradeInstructions` a repeated field in `Plan`. + 2. Consider using a `oneof` field in the `Plan` which could either be `UpgradeInstructions` or else a URL that should return the `UpgradeInstructions`. + 3. Consider allowing `info` to either be a JSON serialized version of `UpgradeInstructions` or else a URL that returns that. +3. [Draft PR #10032 Comment](https://github.com/cosmos/cosmos-sdk/pull/10032/files?authenticity_token=pLtzpnXJJB%2Fif2UWiTp9Td3MvRrBF04DvjSuEjf1azoWdLF%2BSNymVYw9Ic7VkqHgNLhNj6iq9bHQYnVLzMXd4g%3D%3D\&file-filters%5B%5D=.go\&file-filters%5B%5D=.proto#r755462876): + Consider not including the `UpgradeInstructions.description` field, using the `info` field for that purpose instead. +4. [Draft PR #10032 Comment](https://github.com/cosmos/cosmos-sdk/pull/10032/files?authenticity_token=pLtzpnXJJB%2Fif2UWiTp9Td3MvRrBF04DvjSuEjf1azoWdLF%2BSNymVYw9Ic7VkqHgNLhNj6iq9bHQYnVLzMXd4g%3D%3D\&file-filters%5B%5D=.go\&file-filters%5B%5D=.proto#r754643691): + Consider allowing multiple artifacts to be downloaded for any given `platform` by adding a `name` field to the `Artifact` message. +5. [PR #10502 Comment](https://github.com/cosmos/cosmos-sdk/pull/10602#discussion_r781438288) + Allow the new `UpgradeInstructions` to be provided via URL. +6. [PR #10502 Comment](https://github.com/cosmos/cosmos-sdk/pull/10602#discussion_r781438288) + Allow definition of a `signer` for assets (as an alternative to using a `checksum`). + +## References + +* [Current upgrade.proto](https://github.com/cosmos/cosmos-sdk/blob/v0.44.5/proto/cosmos/upgrade/v1beta1/upgrade.proto) +* [Upgrade Module README](https://github.com/cosmos/cosmos-sdk/blob/v0.44.5/x/upgrade/spec/README.md) +* [Cosmovisor README](https://github.com/cosmos/cosmos-sdk/blob/cosmovisor/v1.0.0/cosmovisor/README.md) +* [Pre-upgrade README](https://github.com/cosmos/cosmos-sdk/blob/v0.44.5/docs/migrations/pre-upgrade.md) +* [Draft/POC PR #10032](https://github.com/cosmos/cosmos-sdk/pull/10032) +* [RFC 1738: Uniform Resource Locators](https://www.ietf.org/rfc/rfc1738.txt) diff --git a/docs/sdk/next/build/architecture/adr-048-consensus-fees.mdx b/docs/sdk/next/build/architecture/adr-048-consensus-fees.mdx new file mode 100644 index 00000000..82d83ebe --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-048-consensus-fees.mdx @@ -0,0 +1,206 @@ +--- +title: 'ADR 048: Multi Tier Gas Price System' +description: 'Dec 1, 2021: Initial Draft' +--- +## Changelog + +* Dec 1, 2021: Initial Draft + +## Status + +Rejected + +## Abstract + +This ADR describes a flexible mechanism to maintain a consensus level gas prices, in which one can choose a multi-tier gas price system or EIP-1559 like one through configuration. + +## Context + +Currently, each validator configures it's own `minimal-gas-prices` in `app.yaml`. But setting a proper minimal gas price is critical to protect network from dos attack, and it's hard for all the validators to pick a sensible value, so we propose to maintain a gas price in consensus level. + +Since tendermint 0.34.20 has supported mempool prioritization, we can take advantage of that to implement more sophisticated gas fee system. + +## Multi-Tier Price System + +We propose a multi-tier price system on consensus to provide maximum flexibility: + +* Tier 1: a constant gas price, which could only be modified occasionally through governance proposal. +* Tier 2: a dynamic gas price which is adjusted according to previous block load. +* Tier 3: a dynamic gas price which is adjusted according to previous block load at a higher speed. + +The gas price of higher tier should be bigger than the lower tier. + +The transaction fees are charged with the exact gas price calculated on consensus. + +The parameter schema is like this: + +```protobuf expandable +message TierParams { + uint32 priority = 1 // priority in tendermint mempool + Coin initial_gas_price = 2 // + uint32 parent_gas_target = 3 // the target saturation of block + uint32 change_denominator = 4 // decides the change speed + Coin min_gas_price = 5 // optional lower bound of the price adjustment + Coin max_gas_price = 6 // optional upper bound of the price adjustment +} + +message Params { + repeated TierParams tiers = 1; +} +``` + +### Extension Options + +We need to allow user to specify the tier of service for the transaction, to support it in an extensible way, we add an extension option in `AuthInfo`: + +```protobuf +message ExtensionOptionsTieredTx { + uint32 fee_tier = 1 +} +``` + +The value of `fee_tier` is just the index to the `tiers` parameter list. + +We also change the semantic of existing `fee` field of `Tx`, instead of charging user the exact `fee` amount, we treat it as a fee cap, while the actual amount of fee charged is decided dynamically. If the `fee` is smaller than dynamic one, the transaction won't be included in current block and ideally should stay in the mempool until the consensus gas price drop. The mempool can eventually prune old transactions. + +### Tx Prioritization + +Transactions are prioritized based on the tier, the higher the tier, the higher the priority. + +Within the same tier, follow the default Tendermint order (currently FIFO). Be aware of that the mempool tx ordering logic is not part of consensus and can be modified by malicious validator. + +This mechanism can be easily composed with prioritization mechanisms: + +* we can add extra tiers out of a user control: + * Example 1: user can set tier 0, 10 or 20, but the protocol will create tiers 0, 1, 2 ... 29. For example IBC transactions will go to tier `user_tier + 5`: if user selected tier 1, then the transaction will go to tier 15. + * Example 2: we can reserve tier 4, 5, ... only for special transaction types. For example, tier 5 is reserved for evidence tx. So if submits a bank.Send transaction and set tier 5, it will be delegated to tier 3 (the max tier level available for any transaction). + * Example 3: we can enforce that all transactions of a specific type will go to specific tier. For example, tier 100 will be reserved for evidence transactions and all evidence transactions will always go to that tier. + +### `min-gas-prices` + +Deprecate the current per-validator `min-gas-prices` configuration, since it would confusing for it to work together with the consensus gas price. + +### Adjust For Block Load + +For tier 2 and tier 3 transactions, the gas price is adjusted according to previous block load, the logic could be similar to EIP-1559: + +```python expandable +def adjust_gas_price(gas_price, parent_gas_used, tier): + if parent_gas_used == tier.parent_gas_target: + return gas_price + elif parent_gas_used > tier.parent_gas_target: + gas_used_delta = parent_gas_used - tier.parent_gas_target + gas_price_delta = max(gas_price * gas_used_delta // tier.parent_gas_target // tier.change_speed, 1) + return gas_price + gas_price_delta + else: + gas_used_delta = parent_gas_target - parent_gas_used + gas_price_delta = gas_price * gas_used_delta // parent_gas_target // tier.change_speed + return gas_price - gas_price_delta +``` + +### Block Segment Reservation + +Ideally we should reserve block segments for each tier, so the lower tiered transactions won't be completely squeezed out by higher tier transactions, which will force user to use higher tier, and the system degraded to a single tier. + +We need help from tendermint to implement this. + +## Implementation + +We can make each tier's gas price strategy fully configurable in protocol parameters, while providing a sensible default one. + +Pseudocode in python-like syntax: + +```python expandable +interface TieredTx: + def tier(self) -> int: + pass + +def tx_tier(tx): + if isinstance(tx, TieredTx): + return tx.tier() + else: + # default tier for custom transactions + return 0 + # NOTE: we can add more rules here per "Tx Prioritization" section + +class TierParams: + 'gas price strategy parameters of one tier' + priority: int # priority in tendermint mempool + initial_gas_price: Coin + parent_gas_target: int + change_speed: Decimal # 0 means don't adjust for block load. + +class Params: + 'protocol parameters' + tiers: List[TierParams] + +class State: + 'consensus state' + # total gas used in last block, None when it's the first block + parent_gas_used: Optional[int] + # gas prices of last block for all tiers + gas_prices: List[Coin] + +def begin_block(): + 'Adjust gas prices' + for i, tier in enumerate(Params.tiers): + if State.parent_gas_used is None: + # initialized gas price for the first block + State.gas_prices[i] = tier.initial_gas_price + else: + # adjust gas price according to gas used in previous block + State.gas_prices[i] = adjust_gas_price(State.gas_prices[i], State.parent_gas_used, tier) + +def mempoolFeeTxHandler_checkTx(ctx, tx): + # the minimal-gas-price configured by validator, zero in deliver_tx context + validator_price = ctx.MinGasPrice() + consensus_price = State.gas_prices[tx_tier(tx)] + min_price = max(validator_price, consensus_price) + + # zero means infinity for gas price cap + if tx.gas_price() > 0 and tx.gas_price() < min_price: + return 'insufficient fees' + return next_CheckTx(ctx, tx) + +def txPriorityHandler_checkTx(ctx, tx): + res, err := next_CheckTx(ctx, tx) + # pass priority to tendermint + res.Priority = Params.tiers[tx_tier(tx)].priority + return res, err + +def end_block(): + 'Update block gas used' + State.parent_gas_used = block_gas_meter.consumed() +``` + +### Dos attack protection + +To fully saturate the blocks and prevent other transactions from executing, attacker need to use transactions of highest tier, the cost would be significantly higher than the default tier. + +If attacker spam with lower tier transactions, user can mitigate by sending higher tier transactions. + +## Consequences + +### Backwards Compatibility + +* New protocol parameters. +* New consensus states. +* New/changed fields in transaction body. + +### Positive + +* The default tier keeps the same predictable gas price experience for client. +* The higher tier's gas price can adapt to block load. +* No priority conflict with custom priority based on transaction types, since this proposal only occupy three priority levels. +* Possibility to compose different priority rules with tiers + +### Negative + +* Wallets & tools need to update to support the new `tier` parameter, and semantic of `fee` field is changed. + +### Neutral + +## References + +* [Link](https://eips.ethereum.org/EIPS/eip-1559) +* [Link](https://iohk.io/en/blog/posts/2021/11/26/network-traffic-and-tiered-pricing/) diff --git a/docs/sdk/next/build/architecture/adr-049-state-sync-hooks.mdx b/docs/sdk/next/build/architecture/adr-049-state-sync-hooks.mdx new file mode 100644 index 00000000..37b373c9 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-049-state-sync-hooks.mdx @@ -0,0 +1,196 @@ +--- +title: 'ADR 049: State Sync Hooks' +description: >- + Jan 19, 2022: Initial Draft Apr 29, 2022: Safer extension snapshotter + interface +--- +## Changelog + +* Jan 19, 2022: Initial Draft +* Apr 29, 2022: Safer extension snapshotter interface + +## Status + +Implemented + +## Abstract + +This ADR outlines a hooks-based mechanism for application modules to provide additional state (outside of the IAVL tree) to be used +during state sync. + +## Context + +New clients use state-sync to download snapshots of module state from peers. Currently, the snapshot consists of a +stream of `SnapshotStoreItem` and `SnapshotIAVLItem`, which means that application modules that define their state outside of the IAVL +tree cannot include their state as part of the state-sync process. + +Note, Even though the module state data is outside of the tree, for determinism we require that the hash of the external data should +be posted in the IAVL tree. + +## Decision + +A simple proposal based on our existing implementation is that, we can add two new message types: `SnapshotExtensionMeta` +and `SnapshotExtensionPayload`, and they are appended to the existing multi-store stream with `SnapshotExtensionMeta` +acting as a delimiter between extensions. As the chunk hashes should be able to ensure data integrity, we don't need +a delimiter to mark the end of the snapshot stream. + +Besides, we provide `Snapshotter` and `ExtensionSnapshotter` interface for modules to implement snapshotters, which will handle both taking +snapshot and the restoration. Each module could have multiple snapshotters, and for modules with additional state, they should +implement `ExtensionSnapshotter` as extension snapshotters. When setting up the application, the snapshot `Manager` should call +`RegisterExtensions([]ExtensionSnapshotter…)` to register all the extension snapshotters. + +```protobuf expandable +// SnapshotItem is an item contained in a rootmulti.Store snapshot. +// On top of the existing SnapshotStoreItem and SnapshotIAVLItem, we add two new options for the item. +message SnapshotItem { + // item is the specific type of snapshot item. + oneof item { + SnapshotStoreItem store = 1; + SnapshotIAVLItem iavl = 2 [(gogoproto.customname) = "IAVL"]; + SnapshotExtensionMeta extension = 3; + SnapshotExtensionPayload extension_payload = 4; + } +} + +// SnapshotExtensionMeta contains metadata about an external snapshotter. +// One module may need multiple snapshotters, so each module may have multiple SnapshotExtensionMeta. +message SnapshotExtensionMeta { + // the name of the ExtensionSnapshotter, and it is registered to snapshotter manager when setting up the application + // name should be unique for each ExtensionSnapshotter as we need to alphabetically order their snapshots to get + // deterministic snapshot stream. + string name = 1; + // this is used by each ExtensionSnapshotter to decide the format of payloads included in SnapshotExtensionPayload message + // it is used within the snapshotter/namespace, not global one for all modules + uint32 format = 2; +} + +// SnapshotExtensionPayload contains payloads of an external snapshotter. +message SnapshotExtensionPayload { + bytes payload = 1; +} +``` + +When we create a snapshot stream, the `multistore` snapshot is always placed at the beginning of the binary stream, and other extension snapshots are alphabetically ordered by the name of the corresponding `ExtensionSnapshotter`. + +The snapshot stream would look like as follows: + +```go +// multi-store snapshot +{ + SnapshotStoreItem | SnapshotIAVLItem, ... +} +// extension1 snapshot +SnapshotExtensionMeta +{ + SnapshotExtensionPayload, ... +} +// extension2 snapshot +SnapshotExtensionMeta +{ + SnapshotExtensionPayload, ... +} +``` + +We add an `extensions` field to snapshot `Manager` for extension snapshotters. The `multistore` snapshotter is a special one and it doesn't need a name because it is always placed at the beginning of the binary stream. + +```go expandable +type Manager struct { + store *Store + multistore types.Snapshotter + extensions map[string]types.ExtensionSnapshotter + mtx sync.Mutex + operation operation + chRestore chan<- io.ReadCloser + chRestoreDone <-chan restoreDone + restoreChunkHashes [][]byte + restoreChunkIndex uint32 +} +``` + +For extension snapshotters that implement the `ExtensionSnapshotter` interface, their names should be registered to the snapshot `Manager` by +calling `RegisterExtensions` when setting up the application. The snapshotters will handle both taking snapshot and restoration. + +```go +// RegisterExtensions register extension snapshotters to manager +func (m *Manager) + +RegisterExtensions(extensions ...types.ExtensionSnapshotter) + +error +``` + +On top of the existing `Snapshotter` interface for the `multistore`, we add `ExtensionSnapshotter` interface for the extension snapshotters. Three more function signatures: `SnapshotFormat()`, `SupportedFormats()` and `SnapshotName()` are added to `ExtensionSnapshotter`. + +```go expandable +// ExtensionPayloadReader read extension payloads, +// it returns io.EOF when reached either end of stream or the extension boundaries. +type ExtensionPayloadReader = func() ([]byte, error) + +// ExtensionPayloadWriter is a helper to write extension payloads to underlying stream. +type ExtensionPayloadWriter = func([]byte) + +error + +// ExtensionSnapshotter is an extension Snapshotter that is appended to the snapshot stream. +// ExtensionSnapshotter has an unique name and manages it's own internal formats. +type ExtensionSnapshotter interface { + // SnapshotName returns the name of snapshotter, it should be unique in the manager. + SnapshotName() + +string + + // SnapshotFormat returns the default format used to take a snapshot. + SnapshotFormat() + +uint32 + + // SupportedFormats returns a list of formats it can restore from. + SupportedFormats() []uint32 + + // SnapshotExtension writes extension payloads into the underlying protobuf stream. + SnapshotExtension(height uint64, payloadWriter ExtensionPayloadWriter) + +error + + // RestoreExtension restores an extension state snapshot, + // the payload reader returns `io.EOF` when reached the extension boundaries. + RestoreExtension(height uint64, format uint32, payloadReader ExtensionPayloadReader) + +error +} +``` + +## Consequences + +As a result of this implementation, we are able to create snapshots of binary chunk stream for the state that we maintain outside of the IAVL Tree, CosmWasm blobs for example. And new clients are able to fetch snapshots of state for all modules that have implemented the corresponding interface from peer nodes. + +### Backwards Compatibility + +This ADR introduces new proto message types, adds an `extensions` field in snapshot `Manager`, and add new `ExtensionSnapshotter` interface, so this is not backwards compatible if we have extensions. + +But for applications that do not have the state data outside of the IAVL tree for any module, the snapshot stream is backwards-compatible. + +### Positive + +* State maintained outside of IAVL tree like CosmWasm blobs can create snapshots by implementing extension snapshotters, and being fetched by new clients via state-sync. + +### Negative + +### Neutral + +* All modules that maintain state outside of IAVL tree need to implement `ExtensionSnapshotter` and the snapshot `Manager` need to call `RegisterExtensions` when setting up the application. + +## Further Discussions + +While an ADR is in the DRAFT or PROPOSED stage, this section should contain a summary of issues to be solved in future iterations (usually referencing comments from a pull-request discussion). +Later, this section can optionally list ideas or improvements the author or reviewers found during the analysis of this ADR. + +## Test Cases \[optional] + +Test cases for an implementation are mandatory for ADRs that are affecting consensus changes. Other ADRs can choose to include links to test cases if applicable. + +## References + +* [Link](https://github.com/cosmos/cosmos-sdk/pull/10961) +* [Link](https://github.com/cosmos/cosmos-sdk/issues/7340) +* [Link](https://hackmd.io/gJoyev6DSmqqkO667WQlGw) diff --git a/docs/sdk/next/build/architecture/adr-050-sign-mode-textual-annex1.mdx b/docs/sdk/next/build/architecture/adr-050-sign-mode-textual-annex1.mdx new file mode 100644 index 00000000..08bdac90 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-050-sign-mode-textual-annex1.mdx @@ -0,0 +1,363 @@ +--- +title: 'ADR 050: SIGN_MODE_TEXTUAL: Annex 1 Value Renderers' +--- +## Changelog + +* Dec 06, 2021: Initial Draft +* Feb 07, 2022: Draft read and concept-ACKed by the Ledger team. +* Dec 01, 2022: Remove `Object: ` prefix on Any header screen. +* Dec 13, 2022: Sign over bytes hash when bytes length > 32. +* Mar 27, 2023: Update `Any` value renderer to omit message header screen. + +## Status + +Accepted. Implementation started. Small value renderers details still need to be polished. + +## Abstract + +This Annex describes value renderers, which are used for displaying Protobuf values in a human-friendly way using a string array. + +## Value Renderers + +Value Renderers describe how values of different Protobuf types should be encoded as a string array. Value renderers can be formalized as a set of bijective functions `func renderT(value T) []string`, where `T` is one of the below Protobuf types for which this spec is defined. + +### Protobuf `number` + +* Applies to: + * protobuf numeric integer types (`int{32,64}`, `uint{32,64}`, `sint{32,64}`, `fixed{32,64}`, `sfixed{32,64}`) + * strings whose `customtype` is `github.com/cosmos/cosmos-sdk/types.Int` or `github.com/cosmos/cosmos-sdk/types.Dec` + * bytes whose `customtype` is `github.com/cosmos/cosmos-sdk/types.Int` or `github.com/cosmos/cosmos-sdk/types.Dec` +* Trailing decimal zeroes are always removed +* Formatting with `'`s for every three integral digits. +* Usage of `.` to denote the decimal delimiter. + +#### Examples + +* `1000` (uint64) -> `1'000` +* `"1000000.00"` (string representing a Dec) -> `1'000'000` +* `"1000000.10"` (string representing a Dec) -> `1'000'000.1` + +### `coin` + +* Applies to `cosmos.base.v1beta1.Coin`. +* Denoms are converted to `display` denoms using `Metadata` (if available). **This requires a state query**. The definition of `Metadata` can be found in the [bank protobuf definition](https://buf.build/cosmos/cosmos-sdk/docs/main:cosmos.bank.v1beta1#cosmos.bank.v1beta1.Metadata). If the `display` field is empty or nil, then we do not perform any denom conversion. +* Amounts are converted to `display` denom amounts and rendered as `number`s above + * We do not change the capitalization of the denom. In practice, `display` denoms are stored in lowercase in state (e.g. `10 atom`), however they are often showed in UPPERCASE in everyday life (e.g. `10 ATOM`). Value renderers keep the case used in state, but we may recommend chains changing the denom metadata to be uppercase for better user display. +* One space between the denom and amount (e.g. `10 atom`). +* In the future, IBC denoms could maybe be converted to DID/IIDs, if we can find a robust way for doing this (ex. `cosmos:cosmos:hub:bank:denom:atom`) + +#### Examples + +* `1000000000uatom` -> `["1'000 atom"]`, because atom is the metadata's display denom. + +### `coins` + +* an array of `coin` is display as the concatenation of each `coin` encoded as the specification above, then joined together with the delimiter `", "` (a comma and a space, no quotes around). +* the list of coins is ordered by unicode code point of the display denom: `A-Z` < `a-z`. For example, the string `aAbBcC` would be sorted `ABCabc`. + * if the coins list had 0 items in it then it'll be rendered as `zero` + +### Example + +* `["3cosm", "2000000uatom"]` -> `2 atom, 3 COSM` (assuming the display denoms are `atom` and `COSM`) +* `["10atom", "20Acoin"]` -> `20 Acoin, 10 atom` (assuming the display denoms are `atom` and `Acoin`) +* `[]` -> `zero` + +### `repeated` + +* Applies to all `repeated` fields, except `cosmos.tx.v1beta1.TxBody#Messages`, which has a particular encoding (see [ADR-050](/docs/sdk/vnext/build/architecture/adr-050-sign-mode-textual)). +* A repeated type has the following template: + +``` +: + (/): + + (/): + +End of . +``` + +where: + +* `field_name` is the Protobuf field name of the repeated field +* `field_kind`: + * if the type of the repeated field is a message, `field_kind` is the message name + * if the type of the repeated field is an enum, `field_kind` is the enum name + * in any other case, `field_kind` is the protobuf primitive type (e.g. "string" or "bytes") +* `int` is the length of the array +* `index` is one based index of the repeated field + +#### Examples + +Given the proto definition: + +```protobuf +message AllowedMsgAllowance { + repeated string allowed_messages = 1; +} +``` + +and initializing with: + +```go +x := []AllowedMsgAllowance{"cosmos.bank.v1beta1.MsgSend", "cosmos.gov.v1.MsgVote" +} +``` + +we have the following value-rendered encoding: + +``` +Allowed messages: 2 strings +Allowed messages (1/2): cosmos.bank.v1beta1.MsgSend +Allowed messages (2/2): cosmos.gov.v1.MsgVote +End of Allowed messages +``` + +### `message` + +* Applies to all Protobuf messages that do not have a custom encoding. +* Field names follow [sentence case](https://en.wiktionary.org/wiki/sentence_case) + * replace each `_` with a space + * capitalize first letter of the sentence +* Field names are ordered by their Protobuf field number +* Screen title is the field name, and screen content is the value. +* Nesting: + + * if a field contains a nested message, we value-render the underlying message using the template: + + ``` + : <1st line of value-rendered message> + > // Notice the `>` prefix. + ``` + + * `>` character is used to denote nesting. For each additional level of nesting, add `>`. + +#### Examples + +Given the following Protobuf messages: + +```protobuf expandable +enum VoteOption { + VOTE_OPTION_UNSPECIFIED = 0; + VOTE_OPTION_YES = 1; + VOTE_OPTION_ABSTAIN = 2; + VOTE_OPTION_NO = 3; + VOTE_OPTION_NO_WITH_VETO = 4; +} + +message WeightedVoteOption { + VoteOption option = 1; + string weight = 2 [(cosmos_proto.scalar) = "cosmos.Dec"]; +} + +message Vote { + uint64 proposal_id = 1; + string voter = 2 [(cosmos_proto.scalar) = "cosmos.AddressString"]; + reserved 3; + repeated WeightedVoteOption options = 4; +} +``` + +we get the following encoding for the `Vote` message: + +``` +Vote object +> Proposal id: 4 +> Voter: cosmos1abc...def +> Options: 2 WeightedVoteOptions +> Options (1/2): WeightedVoteOption object +>> Option: VOTE_OPTION_YES +>> Weight: 0.7 +> Options (2/2): WeightedVoteOption object +>> Option: VOTE_OPTION_NO +>> Weight: 0.3 +> End of Options +``` + +### Enums + +* Show the enum variant name as string. + +#### Examples + +See example above with `message Vote{}`. + +### `google.protobuf.Any` + +* Applies to `google.protobuf.Any` +* Rendered as: + +``` + +> +``` + +There is however one exception: when the underlying message is a Protobuf message that does not have a custom encoding, then the message header screen is omitted, and one level of indentation is removed. + +Messages that have a custom encoding, including `google.protobuf.Timestamp`, `google.protobuf.Duration`, `google.protobuf.Any`, `cosmos.base.v1beta1.Coin`, and messages that have an app-defined custom encoding, will preserve their header and indentation level. + +#### Examples + +Message header screen is stripped, one-level of indentation removed: + +``` +/cosmos.gov.v1.Vote +> Proposal id: 4 +> Vote: cosmos1abc...def +> Options: 2 WeightedVoteOptions +> Options (1/2): WeightedVoteOption object +>> Option: Yes +>> Weight: 0.7 +> Options (2/2): WeightedVoteOption object +>> Option: No +>> Weight: 0.3 +> End of Options +``` + +Message with custom encoding: + +``` +/cosmos.base.v1beta1.Coin +> 10uatom +``` + +### `google.protobuf.Timestamp` + +Rendered using [RFC 3339](https://www.rfc-editor.org/rfc/rfc3339) (a +simplification of ISO 8601), which is the current recommendation for portable +time values. The rendering always uses "Z" (UTC) as the timezone. It uses only +the necessary fractional digits of a second, omitting the fractional part +entirely if the timestamp has no fractional seconds. (The resulting timestamps +are not automatically sortable by standard lexicographic order, but we favor +the legibility of the shorter string.) + +#### Examples + +The timestamp with 1136214245 seconds and 700000000 nanoseconds is rendered +as `2006-01-02T15:04:05.7Z`. +The timestamp with 1136214245 seconds and zero nanoseconds is rendered +as `2006-01-02T15:04:05Z`. + +### `google.protobuf.Duration` + +The duration proto expresses a raw number of seconds and nanoseconds. +This will be rendered as longer time units of days, hours, and minutes, +plus any remaining seconds, in that order. +Leading and trailing zero-quantity units will be omitted, but all +units in between nonzero units will be shown, e.g. ` 3 days, 0 hours, 0 minutes, 5 seconds`. + +Even longer time units such as months or years are imprecise. +Weeks are precise, but not commonly used - `91 days` is more immediately +legible than `13 weeks`. Although `days` can be problematic, +e.g. noon to noon on subsequent days can be 23 or 25 hours depending on +daylight savings transitions, there is significant advantage in using +strict 24-hour days over using only hours (e.g. `91 days` vs `2184 hours`). + +When nanoseconds are nonzero, they will be shown as fractional seconds, +with only the minimum number of digits, e.g `0.5 seconds`. + +A duration of exactly zero is shown as `0 seconds`. + +Units will be given as singular (no trailing `s`) when the quantity is exactly one, +and will be shown in plural otherwise. + +Negative durations will be indicated with a leading minus sign (`-`). + +Examples: + +* `1 day` +* `30 days` +* `-1 day, 12 hours` +* `3 hours, 0 minutes, 53.025 seconds` + +### bytes + +* Bytes of length shorter or equal to 35 are rendered in hexadecimal, all capital letters, without the `0x` prefix. +* Bytes of length greater than 35 are hashed using SHA256. The rendered text is `SHA-256=`, followed by the 32-byte hash, in hexadecimal, all capital letters, without the `0x` prefix. +* The hexadecimal string is finally separated into groups of 4 digits, with a space `' '` as separator. If the bytes length is odd, the 2 remaining hexadecimal characters are at the end. + +The number 35 was chosen because it is the longest length where the hashed-and-prefixed representation is longer than the original data directly formatted, using the 3 rules above. More specifically: + +* a 35-byte array will have 70 hex characters, plus 17 space characters, resulting in 87 characters. +* byte arrays starting from length 36 will be hashed to 32 bytes, which is 64 hex characters plus 15 spaces, and with the `SHA-256=` prefix, it takes 87 characters. + Also, secp256k1 public keys have length 33, so their Textual representation is not their hashed value, which we would like to avoid. + +Note: Data longer than 35 bytes are not rendered in a way that can be inverted. See ADR-050's [section about invertibility](/docs/sdk/vnext/build/architecture/adr-050-sign-mode-textual#invertible-rendering) for a discussion. + +#### Examples + +Inputs are displayed as byte arrays. + +* `[0]`: `00` +* `[0,1,2]`: `0001 02` +* `[0,1,2,..,34]`: `0001 0203 0405 0607 0809 0A0B 0C0D 0E0F 1011 1213 1415 1617 1819 1A1B 1C1D 1E1F 2021 22` +* `[0,1,2,..,35]`: `SHA-256=5D7E 2D9B 1DCB C85E 7C89 0036 A2CF 2F9F E7B6 6554 F2DF 08CE C6AA 9C0A 25C9 9C21` + +### address bytes + +We currently use `string` types in protobuf for addresses so this may not be needed, but if any address bytes are used in sign mode textual they should be rendered with bech32 formatting + +### strings + +Strings are rendered as-is. + +### Default Values + +* Default Protobuf values for each field are skipped. + +#### Example + +```protobuf +message TestData { + string signer = 1; + string metadata = 2; +} +``` + +```go +myTestData := TestData{ + Signer: "cosmos1abc" +} +``` + +We get the following encoding for the `TestData` message: + +``` +TestData object +> Signer: cosmos1abc +``` + +### bool + +Boolean values are rendered as `True` or `False`. + +### \[ABANDONED] Custom `msg_title` instead of Msg `type_url` + +*This paragraph is in the Annex for informational purposes only, and will be removed in a next update of the ADR.* + + + +* all protobuf messages to be used with `SIGN_MODE_TEXTUAL` CAN have a short title associated with them that can be used in format strings whenever the type URL is explicitly referenced via the `cosmos.msg.v1.textual.msg_title` Protobuf message option. +* if this option is not specified for a Msg, then the Protobuf fully qualified name will be used. + +```protobuf +message MsgSend { + option (cosmos.msg.v1.textual.msg_title) = "bank send coins"; +} +``` + +* they MUST be unique per message, per chain + +#### Examples + +* `cosmos.gov.v1.MsgVote` -> `governance v1 vote` + +#### Best Practices + +We recommend to use this option only for `Msg`s whose Protobuf fully qualified name can be hard to understand. As such, the two examples above (`MsgSend` and `MsgVote`) are not good examples to be used with `msg_title`. We still allow `msg_title` for chains who might have `Msg`s with complex or non-obvious names. + +In those cases, we recommend to drop the version (e.g. `v1`) in the string if there's only one version of the module on chain. This way, the bijective mapping can figure out which message each string corresponds to. If multiple Protobuf versions of the same module exist on the same chain, we recommend keeping the first `msg_title` with version, and the second `msg_title` with version (e.g. `v2`): + +* `mychain.mymodule.v1.MsgDo` -> `mymodule do something` +* `mychain.mymodule.v2.MsgDo` -> `mymodule v2 do something` + + diff --git a/docs/sdk/next/build/architecture/adr-050-sign-mode-textual-annex2.mdx b/docs/sdk/next/build/architecture/adr-050-sign-mode-textual-annex2.mdx new file mode 100644 index 00000000..25ba76ba --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-050-sign-mode-textual-annex2.mdx @@ -0,0 +1,124 @@ +--- +title: 'ADR 050: SIGN_MODE_TEXTUAL: Annex 2 XXX' +description: 'Oct 3, 2022: Initial Draft' +--- +## Changelog + +* Oct 3, 2022: Initial Draft + +## Status + +DRAFT + +## Abstract + +This annex provides normative guidance on how devices should render a +`SIGN_MODE_TEXTUAL` document. + +## Context + +`SIGN_MODE_TEXTUAL` allows a legible version of a transaction to be signed +on a hardware security device, such as a Ledger. Early versions of the +design rendered transactions directly to lines of ASCII text, but this +proved awkward from its in-band signaling, and for the need to display +Unicode text within the transaction. + +## Decision + +`SIGN_MODE_TEXTUAL` renders to an abstract representation, leaving it +up to device-specific software how to present this representation given the +capabilities, limitations, and conventions of the device. + +We offer the following normative guidance: + +1. The presentation should be as legible as possible to the user, given + the capabilities of the device. If legibility could be sacrificed for other + properties, we would recommend just using some other signing mode. + Legibility should focus on the common case - it is okay for unusual cases + to be less legible. + +2. The presentation should be invertible if possible without substantial + sacrifice of legibility. Any change to the rendered data should result + in a visible change to the presentation. This extends the integrity of the + signing to user-visible presentation. + +3. The presentation should follow normal conventions of the device, + without sacrificing legibility or invertibility. + +As an illustration of these principles, here is an example algorithm +for presentation on a device which can display a single 80-character +line of printable ASCII characters: + +* The presentation is broken into lines, and each line is presented in + sequence, with user controls for going forward or backward a line. + +* Expert mode screens are only presented if the device is in expert mode. + +* Each line of the screen starts with a number of `>` characters equal + to the screen's indentation level, followed by a `+` character if this + isn't the first line of the screen, followed by a space if either a + `>` or a `+` has been emitted, + or if this header is followed by a `>`, `+`, or space. + +* If the line ends with whitespace or an `@` character, an additional `@` + character is appended to the line. + +* The following ASCII control characters or backslash (`\`) are converted + to a backslash followed by a letter code, in the manner of string literals + in many languages: + + * a: U+0007 alert or bell + * b: U+0008 backspace + * f: U+000C form feed + * n: U+000A line feed + * r: U+000D carriage return + * t: U+0009 horizontal tab + * v: U+000B vertical tab + * `\`: U+005C backslash + +* All other ASCII control characters, plus non-ASCII Unicode code points, + are shown as either: + + * `\u` followed by 4 uppercase hex characters for code points + in the basic multilingual plane (BMP). + + * `\U` followed by 8 uppercase hex characters for other code points. + +* The screen will be broken into multiple lines to fit the 80-character + limit, considering the above transformations in a way that attempts to + minimize the number of lines generated. Expanded control or Unicode characters + are never split across lines. + +Example output: + +``` +An introductory line. +key1: 123456 +key2: a string that ends in whitespace @ +key3: a string that ends in a single ampersand - @@ + >tricky key4<: note the leading space in the presentation +introducing an aggregate +> key5: false +> key6: a very long line of text, please co\u00F6perate and break into +>+ multiple lines. +> Can we do further nesting? +>> You bet we can! +``` + +The inverse mapping gives us the only input which could have +generated this output (JSON notation for string data): + +``` +Indent Text +------ ---- +0 "An introductory line." +0 "key1: 123456" +0 "key2: a string that ends in whitespace " +0 "key3: a string that ends in a single ampersand - @" +0 ">tricky key4<: note the leading space in the presentation" +0 "introducing an aggregate" +1 "key5: false" +1 "key6: a very long line of text, please coöperate and break into multiple lines." +1 "Can we do further nesting?" +2 "You bet we can!" +``` diff --git a/docs/sdk/next/build/architecture/adr-050-sign-mode-textual.mdx b/docs/sdk/next/build/architecture/adr-050-sign-mode-textual.mdx new file mode 100644 index 00000000..8171d164 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-050-sign-mode-textual.mdx @@ -0,0 +1,374 @@ +--- +title: 'ADR 050: SIGN_MODE_TEXTUAL' +--- +## Changelog + +* Dec 06, 2021: Initial Draft. +* Feb 07, 2022: Draft read and concept-ACKed by the Ledger team. +* May 16, 2022: Change status to Accepted. +* Aug 11, 2022: Require signing over tx raw bytes. +* Sep 07, 2022: Add custom `Msg`-renderers. +* Sep 18, 2022: Structured format instead of lines of text +* Nov 23, 2022: Specify CBOR encoding. +* Dec 01, 2022: Link to examples in separate JSON file. +* Dec 06, 2022: Re-ordering of envelope screens. +* Dec 14, 2022: Mention exceptions for invertibility. +* Jan 23, 2023: Switch Screen.Text to Title+Content. +* Mar 07, 2023: Change SignDoc from array to struct containing array. +* Mar 20, 2023: Introduce a spec version initialized to 0. + +## Status + +Accepted. Implementation started. Small value renderers details still need to be polished. + +Spec version: 0. + +## Abstract + +This ADR specifies SIGN\_MODE\_TEXTUAL, a new string-based sign mode that is targeted at signing with hardware devices. + +## Context + +Protobuf-based SIGN\_MODE\_DIRECT was introduced in [ADR-020](/docs/sdk/vnext/build/architecture/adr-020-protobuf-transaction-encoding) and is intended to replace SIGN\_MODE\_LEGACY\_AMINO\_JSON in most situations, such as mobile wallets and CLI keyrings. However, the [Ledger](https://www.ledger.com/) hardware wallet is still using SIGN\_MODE\_LEGACY\_AMINO\_JSON for displaying the sign bytes to the user. Hardware wallets cannot transition to SIGN\_MODE\_DIRECT as: + +* SIGN\_MODE\_DIRECT is binary-based and thus not suitable for display to end-users. Technically, hardware wallets could simply display the sign bytes to the user. But this would be considered as blind signing, and is a security concern. +* hardware cannot decode the protobuf sign bytes due to memory constraints, as the Protobuf definitions would need to be embedded on the hardware device. + +In an effort to remove Amino from the SDK, a new sign mode needs to be created for hardware devices. [Initial discussions](https://github.com/cosmos/cosmos-sdk/issues/6513) propose a text-based sign mode, which this ADR formally specifies. + +## Decision + +In SIGN\_MODE\_TEXTUAL, a transaction is rendered into a textual representation, +which is then sent to a secure device or subsystem for the user to review and sign. +Unlike `SIGN_MODE_DIRECT`, the transmitted data can be simply decoded into legible text +even on devices with limited processing and display. + +The textual representation is a sequence of *screens*. +Each screen is meant to be displayed in its entirety (if possible) even on a small device like a Ledger. +A screen is roughly equivalent to a short line of text. +Large screens can be displayed in several pieces, +much as long lines of text are wrapped, +so no hard guidance is given, though 40 characters is a good target. +A screen is used to display a single key/value pair for scalar values +(or composite values with a compact notation, such as `Coins`) +or to introduce or conclude a larger grouping. + +The text can contain the full range of Unicode code points, including control characters and nul. +The device is responsible for deciding how to display characters it cannot render natively. +See [annex 2](/docs/sdk/vnext/build/architecture/adr-050-sign-mode-textual-annex2) for guidance. + +Screens have a non-negative indentation level to signal composite or nested structures. +Indentation level zero is the top level. +Indentation is displayed via some device-specific mechanism. +Message quotation notation is an appropriate model, such as +leading `>` characters or vertical bars on more capable displays. + +Some screens are marked as *expert* screens, +meant to be displayed only if the viewer chooses to opt in for the extra detail. +Expert screens are meant for information that is rarely useful, +or needs to be present only for signature integrity (see below). + +### Invertible Rendering + +We require that the rendering of the transaction be invertible: +there must be a parsing function such that for every transaction, +when rendered to the textual representation, +parsing that representation yields a proto message equivalent +to the original under proto equality. + +Note that this inverse function does not need to perform correct +parsing or error signaling for the whole domain of textual data. +Merely that the range of valid transactions be invertible under +the composition of rendering and parsing. + +Note that the existence of an inverse function ensures that the +rendered text contains the full information of the original transaction, +not a hash or subset. + +We make an exception for invertibility for data which are too large to +meaningfully display, such as byte strings longer than 32 bytes. We may then +selectively render them with a cryptographically-strong hash. In these cases, +it is still computationally infeasible to find a different transaction which +has the same rendering. However, we must ensure that the hash computation is +simple enough to be reliably executed independently, so at least the hash is +itself reasonably verifiable when the raw byte string is not. + +### Chain State + +The rendering function (and parsing function) may depend on the current chain state. +This is useful for reading parameters, such as coin display metadata, +or for reading user-specific preferences such as language or address aliases. +Note that if the observed state changes between signature generation +and the transaction's inclusion in a block, the delivery-time rendering +might differ. If so, the signature will be invalid and the transaction +will be rejected. + +### Signature and Security + +For security, transaction signatures should have three properties: + +1. Given the transaction, signatures, and chain state, it must be possible to validate that the signatures matches the transaction, + to verify that the signers must have known their respective secret keys. + +2. It must be computationally infeasible to find a substantially different transaction for which the given signatures are valid, given the same chain state. + +3. The user should be able to give informed consent to the signed data via a simple, secure device with limited display capabilities. + +The correctness and security of `SIGN_MODE_TEXTUAL` is guaranteed by demonstrating an inverse function from the rendering to transaction protos. +This means that it is impossible for a different protocol buffer message to render to the same text. + +### Transaction Hash Malleability + +When client software forms a transaction, the "raw" transaction (`TxRaw`) is serialized as a proto +and a hash of the resulting byte sequence is computed. +This is the `TxHash`, and is used by various services to track the submitted transaction through its lifecycle. +Various misbehavior is possible if one can generate a modified transaction with a different TxHash +but for which the signature still checks out. + +SIGN\_MODE\_TEXTUAL prevents this transaction malleability by including the TxHash as an expert screen +in the rendering. + +### SignDoc + +The SignDoc for `SIGN_MODE_TEXTUAL` is formed from a data structure like: + +```go +type Screen struct { + Title string // possibly size limited to, advised to 64 characters + Content string // possibly size limited to, advised to 255 characters + Indent uint8 // size limited to something small like 16 or 32 + Expert bool +} + +type SignDocTextual struct { + Screens []Screen +} +``` + +We do not plan to use protobuf serialization to form the sequence of bytes +that will be transmitted and signed, in order to keep the decoder simple. +We will use [CBOR](https://cbor.io) ([RFC 8949](https://www.rfc-editor.org/rfc/rfc8949.html)) instead. +The encoding is defined by the following CDDL ([RFC 8610](https://www.rfc-editor.org/rfc/rfc8610)): + +``` +;;; CDDL (RFC 8610) Specification of SignDoc for SIGN_MODE_TEXTUAL. +;;; Must be encoded using CBOR deterministic encoding (RFC 8949, section 4.2.1). + +;; A Textual document is a struct containing one field: an array of screens. +sign_doc = { + screens_key: [* screen], +} + +;; The key is an integer to keep the encoding small. +screens_key = 1 + +;; A screen consists of a text string, an indentation, and the expert flag, +;; represented as an integer-keyed map. All entries are optional +;; and MUST be omitted from the encoding if empty, zero, or false. +;; Text defaults to the empty string, indent defaults to zero, +;; and expert defaults to false. +screen = { + ? title_key: tstr, + ? content_key: tstr, + ? indent_key: uint, + ? expert_key: bool, +} + +;; Keys are small integers to keep the encoding small. +title_key = 1 +content_key = 2 +indent_key = 3 +expert_key = 4 +``` + +Defining the sign\_doc as directly an array of screens has also been considered. However, given the possibility of future iterations of this specification, using a single-keyed struct has been chosen over the former proposal, as structs allow for easier backwards-compatibility. + +## Details + +In the examples that follow, screens will be shown as lines of text, +indentation is indicated with a leading '>', +and expert screens are marked with a leading `*`. + +### Encoding of the Transaction Envelope + +We define "transaction envelope" as all data in a transaction that is not in the `TxBody.Messages` field. Transaction envelope includes fee, signer infos and memo, but don't include `Msg`s. `//` denotes comments and are not shown on the Ledger device. + +```protobuf expandable +Chain ID: +Account number: +Sequence: +Address: +*Public Key: +This transaction has Message(s) // Pluralize "Message" only when int>1 +> Message (/): // See value renderers for Any rendering. +End of Message +Memo: // Skipped if no memo set. +Fee: // See value renderers for coins rendering. +*Fee payer: // Skipped if no fee_payer set. +*Fee granter: // Skipped if no fee_granter set. +Tip: // Skipped if no tip. +Tipper: +*Gas Limit: +*Timeout Height: // Skipped if no timeout_height set. +*Other signer: SignerInfo // Skipped if the transaction only has 1 signer. +*> Other signer (/): +*End of other signers +*Extension options: Any: // Skipped if no body extension options +*> Extension options (/): +*End of extension options +*Non critical extension options: Any: // Skipped if no body non critical extension options +*> Non critical extension options (/): +*End of Non critical extension options +*Hash of raw bytes: // Hex encoding of bytes defined, to prevent tx hash malleability. +``` + +### Encoding of the Transaction Body + +Transaction Body is the `Tx.TxBody.Messages` field, which is an array of `Any`s, where each `Any` packs a `sdk.Msg`. Since `sdk.Msg`s are widely used, they have a slightly different encoding than usual array of `Any`s (Protobuf: `repeated google.protobuf.Any`) described in Annex 1. + +``` +This transaction has message: // Optional 's' for "message" if there's >1 sdk.Msgs. +// For each Msg, print the following 2 lines: +Msg (/): // E.g. Msg (1/2): bank v1beta1 send coins + +End of transaction messages +``` + +#### Example + +Given the following Protobuf message: + +```protobuf expandable +message Grant { + google.protobuf.Any authorization = 1 [(cosmos_proto.accepts_interface) = "cosmos.authz.v1beta1.Authorization"]; + google.protobuf.Timestamp expiration = 2 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false]; +} + +message MsgGrant { + option (cosmos.msg.v1.signer) = "granter"; + + string granter = 1 [(cosmos_proto.scalar) = "cosmos.AddressString"]; + string grantee = 2 [(cosmos_proto.scalar) = "cosmos.AddressString"]; +} +``` + +and a transaction containing 1 such `sdk.Msg`, we get the following encoding: + +``` +This transaction has 1 message: +Msg (1/1): authz v1beta1 grant +Granter: cosmos1abc...def +Grantee: cosmos1ghi...jkl +End of transaction messages +``` + +### Custom `Msg` Renderers + +Application developers may choose to not follow default renderer value output for their own `Msg`s. In this case, they can implement their own custom `Msg` renderer. This is similar to [EIP4430](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-4430.md), where the smart contract developer chooses the description string to be shown to the end user. + +This is done by setting the `cosmos.msg.textual.v1.expert_custom_renderer` Protobuf option to a non-empty string. This option CAN ONLY be set on a Protobuf message representing transaction message object (implementing `sdk.Msg` interface). + +```protobuf +message MsgFooBar { + // Optional comments to describe in human-readable language the formatting + // rules of the custom renderer. + option (cosmos.msg.textual.v1.expert_custom_renderer) = ""; + + // proto fields +} +``` + +When this option is set on a `Msg`, a registered function will transform the `Msg` into an array of one or more strings, which MAY use the key/value format (described in point #3) with the expert field prefix (described in point #5) and arbitrary indentation (point #6). These strings MAY be rendered from a `Msg` field using a default value renderer, or they may be generated from several fields using custom logic. + +The `` is a string convention chosen by the application developer and is used to identify the custom `Msg` renderer. For example, the documentation or specification of this custom algorithm can reference this identifier. This identifier CAN have a versioned suffix (e.g. `_v1`) to adapt for future changes (which would be consensus-breaking). We also recommend adding Protobuf comments to describe in human language the custom logic used. + +Moreover, the renderer must provide 2 functions: one for formatting from Protobuf to string, and one for parsing string to Protobuf. These 2 functions are provided by the application developer. To satisfy point #1, the parse function MUST be the inverse of the formatting function. This property will not be checked by the SDK at runtime. However, we strongly recommend the application developer to include a comprehensive suite in their app repo to test invertibility, as to not introduce security bugs. + +### Require signing over the `TxBody` and `AuthInfo` raw bytes + +Recall that the transaction bytes merkleized on chain are the Protobuf binary serialization of [TxRaw](https://buf.build/cosmos/cosmos-sdk/docs/main:cosmos.tx.v1beta1#cosmos.tx.v1beta1.TxRaw), which contains the `body_bytes` and `auth_info_bytes`. Moreover, the transaction hash is defined as the SHA256 hash of the `TxRaw` bytes. We require that the user signs over these bytes in SIGN\_MODE\_TEXTUAL, more specifically over the following string: + +``` +*Hash of raw bytes: +``` + +where: + +* `++` denotes concatenation, +* `HEX` is the hexadecimal representation of the bytes, all in capital letters, no `0x` prefix, +* and `len()` is encoded as a Big-Endian uint64. + +This is to prevent transaction hash malleability. The point #1 about invertibility assures that transaction `body` and `auth_info` values are not malleable, but the transaction hash still might be malleable with point #1 only, because the SIGN\_MODE\_TEXTUAL strings don't follow the byte ordering defined in `body_bytes` and `auth_info_bytes`. Without this hash, a malicious validator or exchange could intercept a transaction, modify its transaction hash *after* the user signed it using SIGN\_MODE\_TEXTUAL (by tweaking the byte ordering inside `body_bytes` or `auth_info_bytes`), and then submit it to Tendermint. + +By including this hash in the SIGN\_MODE\_TEXTUAL signing payload, we keep the same level of guarantees as [SIGN\_MODE\_DIRECT](/docs/sdk/vnext/build/architecture/adr-020-protobuf-transaction-encoding). + +These bytes are only shown in expert mode, hence the leading `*`. + +## Updates to the current specification + +The current specification is not set in stone, and future iterations are to be expected. We distinguish two categories of updates to this specification: + +1. Updates that require changes of the hardware device embedded application. +2. Updates that only modify the envelope and the value renderers. + +Updates in the 1st category include changes of the `Screen` struct or its corresponding CBOR encoding. This type of updates require a modification of the hardware signer application, to be able to decode and parse the new types. Backwards-compatibility must also be guaranteed, so that the new hardware application works with existing versions of the SDK. These updates require the coordination of multiple parties: SDK developers, hardware application developers (currently: Zondax), and client-side developers (e.g. CosmJS). Furthermore, a new submission of the hardware device application may be necessary, which, depending on the vendor, can take some time. As such, we recommend to avoid this type of updates as much as possible. + +Updates in the 2nd category include changes to any of the value renderers or to the transaction envelope. For example, the ordering of fields in the envelope can be swapped, or the timestamp formatting can be modified. Since SIGN\_MODE\_TEXTUAL sends `Screen`s to the hardware device, this type of change does not need a hardware wallet application update. They are however state-machine-breaking, and must be documented as such. They require the coordination of SDK developers with client-side developers (e.g. CosmJS), so that the updates are released on both sides close to each other in time. + +We define a spec version, which is an integer that must be incremented on each update of either category. This spec version will be exposed by the SDK's implementation, and can be communicated to clients. For example, SDK v0.50 might use the spec version 1, and SDK v0.51 might use 2; thanks to this versioning, clients can know how to craft SIGN\_MODE\_TEXTUAL transactions based on the target SDK version. + +The current spec version is defined in the "Status" section, on the top of this document. It is initialized to `0` to allow flexibility in choosing how to define future versions, as it would allow adding a field either in the SignDoc Go struct or in Protobuf in a backwards-compatible way. + +## Additional Formatting by the Hardware Device + +See [annex 2](/docs/sdk/vnext/build/architecture/adr-050-sign-mode-textual-annex2). + +## Examples + +1. A minimal MsgSend: [see transaction](https://github.com/cosmos/cosmos-sdk/blob/094abcd393379acbbd043996024d66cd65246fb1/tx/textual/internal/testdata/e2e.json#L2-L70). +2. A transaction with a bit of everything: [see transaction](https://github.com/cosmos/cosmos-sdk/blob/094abcd393379acbbd043996024d66cd65246fb1/tx/textual/internal/testdata/e2e.json#L71-L270). + +The examples below are stored in a JSON file with the following fields: + +* `proto`: the representation of the transaction in ProtoJSON, +* `screens`: the transaction rendered into SIGN\_MODE\_TEXTUAL screens, +* `cbor`: the sign bytes of the transaction, which is the CBOR encoding of the screens. + +## Consequences + +### Backwards Compatibility + +SIGN\_MODE\_TEXTUAL is purely additive, and doesn't break any backwards compatibility with other sign modes. + +### Positive + +* Human-friendly way of signing in hardware devices. +* Once SIGN\_MODE\_TEXTUAL is shipped, SIGN\_MODE\_LEGACY\_AMINO\_JSON can be deprecated and removed. On the longer term, once the ecosystem has totally migrated, Amino can be totally removed. + +### Negative + +* Some fields are still encoded in non-human-readable ways, such as public keys in hexadecimal. +* New ledger app needs to be released, still unclear + +### Neutral + +* If the transaction is complex, the string array can be arbitrarily long, and some users might just skip some screens and blind sign. + +## Further Discussions + +* Some details on value renderers need to be polished, see [Annex 1](/docs/sdk/vnext/build/architecture/adr-050-sign-mode-textual-annex1). +* Are ledger apps able to support both SIGN\_MODE\_LEGACY\_AMINO\_JSON and SIGN\_MODE\_TEXTUAL at the same time? +* Open question: should we add a Protobuf field option to allow app developers to overwrite the textual representation of certain Protobuf fields and message? This would be similar to Ethereum's [EIP4430](https://github.com/ethereum/EIPs/pull/4430), where the contract developer decides on the textual representation. +* Internationalization. + +## References + +* [Annex 1](/docs/sdk/vnext/build/architecture/adr-050-sign-mode-textual-annex1) + +* Initial discussion: [Link](https://github.com/cosmos/cosmos-sdk/issues/6513) + +* Living document used in the working group: [Link](https://hackmd.io/fsZAO-TfT0CKmLDtfMcKeA?both) + +* Working group meeting notes: [Link](https://hackmd.io/7RkGfv_rQAaZzEigUYhcXw) + +* Ethereum's "Described Transactions" [Link](https://github.com/ethereum/EIPs/pull/4430) diff --git a/docs/sdk/next/build/architecture/adr-053-go-module-refactoring.mdx b/docs/sdk/next/build/architecture/adr-053-go-module-refactoring.mdx new file mode 100644 index 00000000..81615b1d --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-053-go-module-refactoring.mdx @@ -0,0 +1,112 @@ +--- +title: 'ADR 053: Go Module Refactoring' +description: '2022-04-27: First Draft' +--- +## Changelog + +* 2022-04-27: First Draft + +## Status + +PROPOSED + +## Abstract + +The current SDK is built as a single monolithic go module. This ADR describes +how we refactor the SDK into smaller independently versioned go modules +for ease of maintenance. + +## Context + +Go modules impose certain requirements on software projects with respect to +stable version numbers (anything above 0.x) in that [any API breaking changes +necessitate a major version](https://go.dev/doc/modules/release-workflow#breaking) +increase which technically creates a new go module +(with a v2, v3, etc. suffix). + +[Keeping modules API compatible](https://go.dev/blog/module-compatibility) in +this way requires a fair amount of thought and discipline. + +The Cosmos SDK is a fairly large project which originated before go modules +came into existence and has always been under a v0.x release even though +it has been used in production for years now, not because it isn't production +quality software, but rather because the API compatibility guarantees required +by go modules are fairly complex to adhere to with such a large project. +Up to now, it has generally been deemed more important to be able to break the +API if needed rather than require all users update all package import paths +to accommodate breaking changes causing v2, v3, etc. releases. This is in +addition to the other complexities related to protobuf generated code that will +be addressed in a separate ADR. + +Nevertheless, the desire for semantic versioning has been [strong in the +community](https://github.com/cosmos/cosmos-sdk/discussions/10162) and the +single go module release process has made it very hard to +release small changes to isolated features in a timely manner. Release cycles +often exceed six months which means small improvements done in a day or +two get bottle-necked by everything else in the monolithic release cycle. + +## Decision + +To improve the current situation, the SDK is being refactored into multiple +go modules within the current repository. There has been a [fair amount of +debate](https://github.com/cosmos/cosmos-sdk/discussions/10582#discussioncomment-1813377) +as to how to do this, with some developers arguing for larger vs smaller +module scopes. There are pros and cons to both approaches (which will be +discussed below in the [Consequences](#consequences) section), but the +approach being adopted is the following: + +* a go module should generally be scoped to a specific coherent set of + functionality (such as math, errors, store, etc.) +* when code is removed from the core SDK and moved to a new module path, every + effort should be made to avoid API breaking changes in the existing code using + aliases and wrapper types (as done in [Link](https://github.com/cosmos/cosmos-sdk/pull/10779) + and [Link](https://github.com/cosmos/cosmos-sdk/pull/11788)) +* new go modules should be moved to a standalone domain (`cosmossdk.io`) before + being tagged as `v1.0.0` to accommodate the possibility that they may be + better served by a standalone repository in the future +* all go modules should follow the guidelines in [Link](https://go.dev/blog/module-compatibility) + before `v1.0.0` is tagged and should make use of `internal` packages to limit + the exposed API surface +* the new go module's API may deviate from the existing code where there are + clear improvements to be made or to remove legacy dependencies (for instance on + amino or gogo proto), as long the old package attempts + to avoid API breakage with aliases and wrappers +* care should be taken when simply trying to turn an existing package into a + new go module: [Link](https://github.com/golang/go/wiki/Modules#is-it-possible-to-add-a-module-to-a-multi-module-repository). + In general, it seems safer to just create a new module path (appending v2, v3, etc. + if necessary), rather than trying to make an old package a new module. + +## Consequences + +### Backwards Compatibility + +If the above guidelines are followed to use aliases or wrapper types pointing +in existing APIs that point back to the new go modules, there should be no or +very limited breaking changes to existing APIs. + +### Positive + +* standalone pieces of software will reach `v1.0.0` sooner +* new features to specific functionality will be released sooner + +### Negative + +* there will be more go module versions to update in the SDK itself and + per-project, although most of these will hopefully be indirect + +### Neutral + +## Further Discussions + +Further discussions are occurring primarily in +[Link](https://github.com/cosmos/cosmos-sdk/discussions/10582) and within +the Cosmos SDK Framework Working Group. + +## References + +* [Link](https://go.dev/doc/modules/release-workflow) +* [Link](https://go.dev/blog/module-compatibility) +* [Link](https://github.com/cosmos/cosmos-sdk/discussions/10162) +* [Link](https://github.com/cosmos/cosmos-sdk/discussions/10582) +* [Link](https://github.com/cosmos/cosmos-sdk/pull/10779) +* [Link](https://github.com/cosmos/cosmos-sdk/pull/11788) diff --git a/docs/sdk/next/build/architecture/adr-054-semver-compatible-modules.mdx b/docs/sdk/next/build/architecture/adr-054-semver-compatible-modules.mdx new file mode 100644 index 00000000..80d13f91 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-054-semver-compatible-modules.mdx @@ -0,0 +1,798 @@ +--- +title: 'ADR 054: Semver Compatible SDK Modules' +description: '2022-04-27: First draft' +--- +## Changelog + +* 2022-04-27: First draft + +## Status + +DRAFT + +## Abstract + +In order to move the Cosmos SDK to a system of decoupled semantically versioned +modules which can be composed in different combinations (ex. staking v3 with +bank v1 and distribution v2), we need to reassess how we organize the API surface +of modules to avoid problems with go semantic import versioning and +circular dependencies. This ADR explores various approaches we can take to +addressing these issues. + +## Context + +There has been [a fair amount of desire](https://github.com/cosmos/cosmos-sdk/discussions/10162) +in the community for semantic versioning in the SDK and there has been significant +movement to splitting SDK modules into [standalone go modules](https://github.com/cosmos/cosmos-sdk/issues/11899). +Both of these will ideally allow the ecosystem to move faster because we won't +be waiting for all dependencies to update synchronously. For instance, we could +have 3 versions of the core SDK compatible with the latest 2 releases of +CosmWasm as well as 4 different versions of staking . This sort of setup would +allow early adopters to aggressively integrate new versions, while allowing +more conservative users to be selective about which versions they're ready for. + +In order to achieve this, we need to solve the following problems: + +1. because of the way [go semantic import versioning](https://research.swtch.com/vgo-import) (SIV) + works, moving to SIV naively will actually make it harder to achieve these goals +2. circular dependencies between modules need to be broken to actually release + many modules in the SDK independently +3. pernicious minor version incompatibilities introduced through correctly + [evolving protobuf schemas](https://developers.google.com/protocol-buffers/docs/proto3#updating) + without correct [unknown field filtering](/docs/sdk/vnext/build/architecture/adr-020-protobuf-transaction-encoding#unknown-field-filtering) + +Note that all the following discussion assumes that the proto file versioning and state machine versioning of a module +are distinct in that: + +* proto files are maintained in a non-breaking way (using something + like [buf breaking](https://docs.buf.build/breaking/overview) + to ensure all changes are backwards compatible) +* proto file versions get bumped much less frequently, i.e. we might maintain `cosmos.bank.v1` through many versions + of the bank module state machine +* state machine breaking changes are more common and ideally this is what we'd want to semantically version with + go modules, ex. `x/bank/v2`, `x/bank/v3`, etc. + +### Problem 1: Semantic Import Versioning Compatibility + +Consider we have a module `foo` which defines the following `MsgDoSomething` and that we've released its state +machine in go module `example.com/foo`: + +```protobuf +package foo.v1; + +message MsgDoSomething { + string sender = 1; + uint64 amount = 2; +} + +service Msg { + DoSomething(MsgDoSomething) returns (MsgDoSomethingResponse); +} +``` + +Now consider that we make a revision to this module and add a new `condition` field to `MsgDoSomething` and also +add a new validation rule on `amount` requiring it to be non-zero, and that following go semantic versioning we +release the next state machine version of `foo` as `example.com/foo/v2`. + +```protobuf expandable +// Revision 1 +package foo.v1; + +message MsgDoSomething { + string sender = 1; + + // amount must be a non-zero integer. + uint64 amount = 2; + + // condition is an optional condition on doing the thing. + // + // Since: Revision 1 + Condition condition = 3; +} +``` + +Approaching this naively, we would generate the protobuf types for the initial +version of `foo` in `example.com/foo/types` and we would generate the protobuf +types for the second version in `example.com/foo/v2/types`. + +Now let's say we have a module `bar` which talks to `foo` using this keeper +interface which `foo` provides: + +```go +type FooKeeper interface { + DoSomething(MsgDoSomething) + +error +} +``` + +#### Scenario A: Backward Compatibility: Newer Foo, Older Bar + +Imagine we have a chain which uses both `foo` and `bar` and wants to upgrade to +`foo/v2`, but the `bar` module has not upgraded to `foo/v2`. + +In this case, the chain will not be able to upgrade to `foo/v2` until `bar` +has upgraded its references to `example.com/foo/types.MsgDoSomething` to +`example.com/foo/v2/types.MsgDoSomething`. + +Even if `bar`'s usage of `MsgDoSomething` has not changed at all, the upgrade +will be impossible without this change because `example.com/foo/types.MsgDoSomething` +and `example.com/foo/v2/types.MsgDoSomething` are fundamentally different +incompatible structs in the go type system. + +#### Scenario B: Forward Compatibility: Older Foo, Newer Bar + +Now let's consider the reverse scenario, where `bar` upgrades to `foo/v2` +by changing the `MsgDoSomething` reference to `example.com/foo/v2/types.MsgDoSomething` +and releases that as `bar/v2` with some other changes that a chain wants. +The chain, however, has decided that it thinks the changes in `foo/v2` are too +risky and that it'd prefer to stay on the initial version of `foo`. + +In this scenario, it is impossible to upgrade to `bar/v2` without upgrading +to `foo/v2` even if `bar/v2` would have worked 100% fine with `foo` other +than changing the import path to `MsgDoSomething` (meaning that `bar/v2` +doesn't actually use any new features of `foo/v2`). + +Now because of the way go semantic import versioning works, we are locked +into either using `foo` and `bar` OR `foo/v2` and `bar/v2`. We cannot have +`foo` + `bar/v2` OR `foo/v2` + `bar`. The go type system doesn't allow this +even if both versions of these modules are otherwise compatible with each +other. + +#### Naive Mitigation + +A naive approach to fixing this would be to not regenerate the protobuf types +in `example.com/foo/v2/types` but instead just update `example.com/foo/types` +to reflect the changes needed for `v2` (adding `condition` and requiring +`amount` to be non-zero). Then we could release a patch of `example.com/foo/types` +with this update and use that for `foo/v2`. But this change is state machine +breaking for `v1`. It requires changing the `ValidateBasic` method to reject +the case where `amount` is zero, and it adds the `condition` field which +should be rejected based +on [ADR 020 unknown field filtering](/docs/sdk/vnext/build/architecture/adr-020-protobuf-transaction-encoding#unknown-field-filtering). +So adding these changes as a patch on `v1` is actually incorrect based on semantic +versioning. Chains that want to stay on `v1` of `foo` should not +be importing these changes because they are incorrect for `v1.` + +### Problem 2: Circular dependencies + +None of the above approaches allow `foo` and `bar` to be separate modules +if for some reason `foo` and `bar` depend on each other in different ways. +For instance, we can't have `foo` import `bar/types` while `bar` imports +`foo/types`. + +We have several cases of circular module dependencies in the SDK +(ex. staking, distribution and slashing) that are legitimate from a state machine +perspective. Without separating the API types out somehow, there would be +no way to independently semantically version these modules without some other +mitigation. + +### Problem 3: Handling Minor Version Incompatibilities + +Imagine that we solve the first two problems but now have a scenario where +`bar/v2` wants the option to use `MsgDoSomething.condition` which only `foo/v2` +supports. If `bar/v2` works with `foo` `v1` and sets `condition` to some non-nil +value, then `foo` will silently ignore this field resulting in a silent logic +possibly dangerous logic error. If `bar/v2` were able to check whether `foo` was +on `v1` or `v2` and dynamically, it could choose to only use `condition` when +`foo/v2` is available. Even if `bar/v2` were able to perform this check, however, +how do we know that it is always performing the check properly. Without +some sort of +framework-level [unknown field filtering](/docs/sdk/vnext/build/architecture/adr-020-protobuf-transaction-encoding#unknown-field-filtering), +it is hard to know whether these pernicious hard to detect bugs are getting into +our app and a client-server layer such as [ADR 033: Inter-Module Communication](/docs/sdk/vnext/build/architecture/adr-033-protobuf-inter-module-comm) +may be needed to do this. + +## Solutions + +### Approach A) Separate API and State Machine Modules + +One solution (first proposed in [Link](https://github.com/cosmos/cosmos-sdk/discussions/10582)) is to isolate all protobuf +generated code into a separate module +from the state machine module. This would mean that we could have state machine +go modules `foo` and `foo/v2` which could use a types or API go module say +`foo/api`. This `foo/api` go module would be perpetually on `v1.x` and only +accept non-breaking changes. This would then allow other modules to be +compatible with either `foo` or `foo/v2` as long as the inter-module API only +depends on the types in `foo/api`. It would also allow modules `foo` and `bar` +to depend on each other in that both of them could depend on `foo/api` and +`bar/api` without `foo` directly depending on `bar` and vice versa. + +This is similar to the naive mitigation described above except that it separates +the types into separate go modules which in and of itself could be used to +break circular module dependencies. It has the same problems as the naive solution, +otherwise, which we could rectify by: + +1. removing all state machine breaking code from the API module (ex. `ValidateBasic` and any other interface methods) +2. embedding the correct file descriptors for unknown field filtering in the binary + +#### Migrate all interface methods on API types to handlers + +To solve 1), we need to remove all interface implementations from generated +types and instead use a handler approach which essentially means that given +a type `X`, we have some sort of resolver which allows us to resolve interface +implementations for that type (ex. `sdk.Msg` or `authz.Authorization`). For +example: + +```go +func (k Keeper) + +DoSomething(msg MsgDoSomething) + +error { + var validateBasicHandler ValidateBasicHandler + err := k.resolver.Resolve(&validateBasic, msg) + if err != nil { + return err +} + +err = validateBasicHandler.ValidateBasic() + ... +} +``` + +In the case of some methods on `sdk.Msg`, we could replace them with declarative +annotations. For instance, `GetSigners` can already be replaced by the protobuf +annotation `cosmos.msg.v1.signer`. In the future, we may consider some sort +of protobuf validation framework (like [Link](https://github.com/bufbuild/protoc-gen-validate) +but more Cosmos-specific) to replace `ValidateBasic`. + +#### Pinned FileDescriptor's + +To solve 2), state machine modules must be able to specify what the version of +the protobuf files was that they were built against. For instance if the API +module for `foo` upgrades to `foo/v2`, the original `foo` module still needs +a copy of the original protobuf files it was built with so that ADR 020 +unknown field filtering will reject `MsgDoSomething` when `condition` is +set. + +The simplest way to do this may be to embed the protobuf `FileDescriptor`s into +the module itself so that these `FileDescriptor`s are used at runtime rather +than the ones that are built into the `foo/api` which may be different. Using +[buf build](https://docs.buf.build/build/usage#output-format), [go embed](https://pkg.go.dev/embed), +and a build script we can probably come up with a solution for embedding +`FileDescriptor`s into modules that is fairly straightforward. + +#### Potential limitations to generated code + +One challenge with this approach is that it places heavy restrictions on what +can go in API modules and requires that most of this is state machine breaking. +All or most of the code in the API module would be generated from protobuf +files, so we can probably control this with how code generation is done, but +it is a risk to be aware of. + +For instance, we do code generation for the ORM that in the future could +contain optimizations that are state machine breaking. We +would either need to ensure very carefully that the optimizations aren't +actually state machine breaking in generated code or separate this generated code +out from the API module into the state machine module. Both of these mitigations +are potentially viable but the API module approach does require an extra level +of care to avoid these sorts of issues. + +#### Minor Version Incompatibilities + +This approach in and of itself does little to address any potential minor +version incompatibilities and the +requisite [unknown field filtering](/docs/sdk/vnext/build/architecture/adr-020-protobuf-transaction-encoding#unknown-field-filtering). +Likely some sort of client-server routing layer which does this check such as +[ADR 033: Inter-Module communication](/docs/sdk/vnext/build/architecture/adr-033-protobuf-inter-module-comm) +is required to make sure that this is done properly. We could then allow +modules to perform a runtime check given a `MsgClient`, ex: + +```go +func (k Keeper) + +CallFoo() + +error { + if k.interModuleClient.MinorRevision(k.fooMsgClient) >= 2 { + k.fooMsgClient.DoSomething(&MsgDoSomething{ + Condition: ... +}) +} + +else { + ... +} +} +``` + +To do the unknown field filtering itself, the ADR 033 router would need to use +the [protoreflect API](https://pkg.go.dev/google.golang.org/protobuf/reflect/protoreflect) +to ensure that no fields unknown to the receiving module are set. This could +result in an undesirable performance hit depending on how complex this logic is. + +### Approach B) Changes to Generated Code + +An alternate approach to solving the versioning problem is to change how protobuf code is generated and move modules +mostly or completely in the direction of inter-module communication as described +in [ADR 033](/docs/sdk/vnext/build/architecture/adr-033-protobuf-inter-module-comm). +In this paradigm, a module could generate all the types it needs internally - including the API types of other modules - +and talk to other modules via a client-server boundary. For instance, if `bar` needs to talk to `foo`, it could +generate its own version of `MsgDoSomething` as `bar/internal/foo/v1.MsgDoSomething` and just pass this to the +inter-module router which would somehow convert it to the version which foo needs (ex. `foo/internal.MsgDoSomething`). + +Currently, two generated structs for the same protobuf type cannot exist in the same go binary without special +build flags (see [Link](https://developers.google.com/protocol-buffers/docs/reference/go/faq#fix-namespace-conflict)). +A relatively simple mitigation to this issue would be to set up the protobuf code to not register protobuf types +globally if they are generated in an `internal/` package. This will require modules to register their types manually +with the app-level level protobuf registry, this is similar to what modules already do with the `InterfaceRegistry` +and amino codec. + +If modules *only* do ADR 033 message passing then a naive and non-performant solution for +converting `bar/internal/foo/v1.MsgDoSomething` +to `foo/internal.MsgDoSomething` would be marshaling and unmarshaling in the ADR 033 router. This would break down if +we needed to expose protobuf types in `Keeper` interfaces because the whole point is to try to keep these types +`internal/` so that we don't end up with all the import version incompatibilities we've described above. However, +because of the issue with minor version incompatibilities and the need +for [unknown field filtering](/docs/sdk/vnext/build/architecture/adr-020-protobuf-transaction-encoding#unknown-field-filtering), +sticking with the `Keeper` paradigm instead of ADR 033 may be unviable to begin with. + +A more performant solution (that could maybe be adapted to work with `Keeper` interfaces) would be to only expose +getters and setters for generated types and internally store data in memory buffers which could be passed from +one implementation to another in a zero-copy way. + +For example, imagine this protobuf API with only getters and setters is exposed for `MsgSend`: + +```go expandable +type MsgSend interface { + proto.Message + GetFromAddress() + +string + GetToAddress() + +string + GetAmount() []v1beta1.Coin + SetFromAddress(string) + +SetToAddress(string) + +SetAmount([]v1beta1.Coin) +} + +func NewMsgSend() + +MsgSend { + return &msgSendImpl{ + memoryBuffers: ... +} +} +``` + +Under the hood, `MsgSend` could be implemented based on some raw memory buffer in the same way +that [Cap'n Proto](https://capnproto.org) +and [FlatBuffers](https://google.github.io/flatbuffers/) so that we could convert between one version of `MsgSend` +and another without serialization (i.e. zero-copy). This approach would have the added benefits of allowing zero-copy +message passing to modules written in other languages such as Rust and accessed through a VM or FFI. It could also make +unknown field filtering in inter-module communication simpler if we require that all new fields are added in sequential +order, ex. just checking that no field `> 5` is set. + +Also, we wouldn't have any issues with state machine breaking code on generated types because all the generated +code used in the state machine would actually live in the state machine module itself. Depending on how interface +types and protobuf `Any`s are used in other languages, however, it may still be desirable to take the handler +approach described in approach A. Either way, types implementing interfaces would still need to be registered +with an `InterfaceRegistry` as they are now because there would be no way to retrieve them via the global registry. + +In order to simplify access to other modules using ADR 033, a public API module (maybe even one +[remotely generated by Buf](https://buf.build/docs/bsr/generated-sdks/go/)) could be used by client modules instead +of requiring to generate all client types internally. + +The big downsides of this approach are that it requires big changes to how people use protobuf types and would be a +substantial rewrite of the protobuf code generator. This new generated code, however, could still be made compatible +with +the [`google.golang.org/protobuf/reflect/protoreflect`](https://pkg.go.dev/google.golang.org/protobuf/reflect/protoreflect) +API in order to work with all standard golang protobuf tooling. + +It is possible that the naive approach of marshaling/unmarshaling in the ADR 033 router is an acceptable intermediate +solution if the changes to the code generator are seen as too complex. However, since all modules would likely need +to migrate to ADR 033 anyway with this approach, it might be better to do this all at once. + +### Approach C) Don't address these issues + +If the above solutions are seen as too complex, we can also decide not to do anything explicit to enable better module +version compatibility, and break circular dependencies. + +In this case, when developers are confronted with the issues described above they can require dependencies to update in +sync (what we do now) or attempt some ad-hoc potentially hacky solution. + +One approach is to ditch go semantic import versioning (SIV) altogether. Some people have commented that go's SIV +(i.e. changing the import path to `foo/v2`, `foo/v3`, etc.) is too restrictive and that it should be optional. The +golang maintainers disagree and only officially support semantic import versioning. We could, however, take the +contrarian perspective and get more flexibility by using 0.x-based versioning basically forever. + +Module version compatibility could then be achieved using go.mod replace directives to pin dependencies to specific +compatible 0.x versions. For instance if we knew `foo` 0.2 and 0.3 were both compatible with `bar` 0.3 and 0.4, we +could use replace directives in our go.mod to stick to the versions of `foo` and `bar` we want. This would work as +long as the authors of `foo` and `bar` avoid incompatible breaking changes between these modules. + +Or, if developers choose to use semantic import versioning, they can attempt the naive solution described above +and would also need to use special tags and replace directives to make sure that modules are pinned to the correct +versions. + +Note, however, that all of these ad-hoc approaches, would be vulnerable to the minor version compatibility issues +described above unless [unknown field filtering](/docs/sdk/vnext/build/architecture/adr-020-protobuf-transaction-encoding#unknown-field-filtering) +is properly addressed. + +### Approach D) Avoid protobuf generated code in public APIs + +An alternative approach would be to avoid protobuf generated code in public module APIs. This would help avoid the +discrepancy between state machine versions and client API versions at the module to module boundaries. It would mean +that we wouldn't do inter-module message passing based on ADR 033, but rather stick to the existing keeper approach +and take it one step further by avoiding any protobuf generated code in the keeper interface methods. + +Using this approach, our `foo.Keeper.DoSomething` method wouldn't have the generated `MsgDoSomething` struct (which +comes from the protobuf API), but instead positional parameters. Then in order for `foo/v2` to support the `foo/v1` +keeper it would simply need to implement both the v1 and v2 keeper APIs. The `DoSomething` method in v2 could have the +additional `condition` parameter, but this wouldn't be present in v1 at all so there would be no danger of a client +accidentally setting this when it isn't available. + +So this approach would avoid the challenge around minor version incompatibilities because the existing module keeper +API would not get new fields when they are added to protobuf files. + +Taking this approach, however, would likely require making all protobuf generated code internal in order to prevent +it from leaking into the keeper API. This means we would still need to modify the protobuf code generator to not +register `internal/` code with the global registry, and we would still need to manually register protobuf +`FileDescriptor`s (this is probably true in all scenarios). It may, however, be possible to avoid needing to refactor +interface methods on generated types to handlers. + +Also, this approach doesn't address what would be done in scenarios where modules still want to use the message router. +Either way, we probably still want a way to pass messages from one module to another router safely even if it's just for +use cases like `x/gov`, `x/authz`, CosmWasm, etc. That would still require most of the things outlined in approach (B), +although we could advise modules to prefer keepers for communicating with other modules. + +The biggest downside of this approach is probably that it requires a strict refactoring of keeper interfaces to avoid +generated code leaking into the API. This may result in cases where we need to duplicate types that are already defined +in proto files and then write methods for converting between the golang and protobuf version. This may end up in a lot +of unnecessary boilerplate and that may discourage modules from actually adopting it and achieving effective version +compatibility. Approaches (A) and (B), although heavy handed initially, aim to provide a system which once adopted +more or less gives the developer version compatibility for free with minimal boilerplate. Approach (D) may not be able +to provide such a straightforward system since it requires a golang API to be defined alongside a protobuf API in a +way that requires duplication and differing sets of design principles (protobuf APIs encourage additive changes +while golang APIs would forbid it). + +Other downsides to this approach are: + +* no clear roadmap to supporting modules in other languages like Rust +* doesn't get us any closer to proper object capability security (one of the goals of ADR 033) +* ADR 033 needs to be done properly anyway for the set of use cases which do need it + +## Decision + +The latest **DRAFT** proposal is: + +1. we are alignment on adopting [ADR 033](/docs/sdk/vnext/build/architecture/adr-033-protobuf-inter-module-comm) not just as an addition to the + framework, but as a core replacement to the keeper paradigm entirely. +2. the ADR 033 inter-module router will accommodate any variation of approach (A) or (B) given the following rules: + a. if the client type is the same as the server type then pass it directly through, + b. if both client and server use the zero-copy generated code wrappers (which still need to be defined), then pass + the memory buffers from one wrapper to the other, or + c. marshal/unmarshal types between client and server. + +This approach will allow for both maximal correctness and enable a clear path to enabling modules within in other +languages, possibly executed within a WASM VM. + +### Minor API Revisions + +To declare minor API revisions of proto files, we propose the following guidelines (which were already documented +in [cosmos.app.v1alpha module options](/docs/sdk/vnext/build/proto/cosmos/app/v1alpha1/module.proto)): + +* proto packages which are revised from their initial version (considered revision `0`) should include a `package` +* comment in some .proto file containing the test `Revision N` at the start of a comment line where `N` is the current + revision number. +* all fields, messages, etc. added in a version beyond the initial revision should add a comment at the start of a + comment line of the form `Since: Revision N` where `N` is the non-zero revision it was added. + +It is advised that there is a 1:1 correspondence between a state machine module and versioned set of proto files +which are versioned either as a buf module a go API module or both. If the buf schema registry is used, the version of +this buf module should always be `1.N` where `N` corresponds to the package revision. Patch releases should be used when +only documentation comments are updated. It is okay to include proto packages named `v2`, `v3`, etc. in this same +`1.N` versioned buf module (ex. `cosmos.bank.v2`) as long as all these proto packages consist of a single API intended +to be served by a single SDK module. + +### Introspecting Minor API Revisions + +In order for modules to introspect the minor API revision of peer modules, we propose adding the following method +to `cosmossdk.io/core/intermodule.Client`: + +```go +ServiceRevision(ctx context.Context, serviceName string) + +uint64 +``` + +Modules could call this using the service name statically generated by the go grpc code generator: + +```go +intermoduleClient.ServiceRevision(ctx, bankv1beta1.Msg_ServiceDesc.ServiceName) +``` + +In the future, we may decide to extend the code generator used for protobuf services to add a field +to client types which does this check more concisely, ex: + +```go +package bankv1beta1 + +type MsgClient interface { + Send(context.Context, MsgSend) (MsgSendResponse, error) + +ServiceRevision(context.Context) + +uint64 +} +``` + +### Unknown Field Filtering + +To correctly perform [unknown field filtering](/docs/sdk/vnext/build/architecture/adr-020-protobuf-transaction-encoding#unknown-field-filtering), +the inter-module router can do one of the following: + +* use the `protoreflect` API for messages which support that +* for gogo proto messages, marshal and use the existing `codec/unknownproto` code +* for zero-copy messages, do a simple check on the highest set field number (assuming we can require that fields are + adding consecutively in increasing order) + +### `FileDescriptor` Registration + +Because a single go binary may contain different versions of the same generated protobuf code, we cannot rely on the +global protobuf registry to contain the correct `FileDescriptor`s. Because `appconfig` module configuration is itself +written in protobuf, we would like to load the `FileDescriptor`s for a module before loading a module itself. So we +will provide ways to register `FileDescriptor`s at module registration time before instantiation. We propose the +following `cosmossdk.io/core/appmodule.Option` constructors for the various cases of how `FileDescriptor`s may be +packaged: + +```go expandable +package appmodule + +// this can be used when we are using google.golang.org/protobuf compatible generated code +// Ex: +// ProtoFiles(bankv1beta1.File_cosmos_bank_v1beta1_module_proto) + +func ProtoFiles(file []protoreflect.FileDescriptor) + +Option { +} + +// this can be used when we are using gogo proto generated code. +func GzippedProtoFiles(file [][]byte) + +Option { +} + +// this can be used when we are using buf build to generated a pinned file descriptor +func ProtoImage(protoImage []byte) + +Option { +} +``` + +This approach allows us to support several ways protobuf files might be generated: + +* proto files generated internally to a module (use `ProtoFiles`) +* the API module approach with pinned file descriptors (use `ProtoImage`) +* gogo proto (use `GzippedProtoFiles`) + +### Module Dependency Declaration + +One risk of ADR 033 is that dependencies are called at runtime which are not present in the loaded set of SDK modules.\ +Also we want modules to have a way to define a minimum dependency API revision that they require. Therefore, all +modules should declare their set of dependencies upfront. These dependencies could be defined when a module is +instantiated, but ideally we know what the dependencies are before instantiation and can statically look at an app +config and determine whether the set of modules. For example, if `bar` requires `foo` revision `>= 1`, then we +should be able to know this when creating an app config with two versions of `bar` and `foo`. + +We propose defining these dependencies in the proto options of the module config object itself. + +### Interface Registration + +We will also need to define how interface methods are defined on types that are serialized as `google.protobuf.Any`'s. +In light of the desire to support modules in other languages, we may want to think of solutions that will accommodate +other languages such as plugins described briefly in [ADR 033](/docs/sdk/vnext/build/architecture/adr-033-protobuf-inter-module-comm#internal-methods). + +### Testing + +In order to ensure that modules are indeed with multiple versions of their dependencies, we plan to provide specialized +unit and integration testing infrastructure that automatically tests multiple versions of dependencies. + +#### Unit Testing + +Unit tests should be conducted inside SDK modules by mocking their dependencies. In a full ADR 033 scenario, +this means that all interaction with other modules is done via the inter-module router, so mocking of dependencies +means mocking their msg and query server implementations. We will provide both a test runner and fixture to make this +streamlined. The key thing that the test runner should do to test compatibility is to test all combinations of +dependency API revisions. This can be done by taking the file descriptors for the dependencies, parsing their comments +to determine the revisions various elements were added, and then created synthetic file descriptors for each revision +by subtracting elements that were added later. + +Here is a proposed API for the unit test runner and fixture: + +```go expandable +package moduletesting + +import ( + + "context" + "testing" + "cosmossdk.io/core/intermodule" + "cosmossdk.io/depinject" + "google.golang.org/grpc" + "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/reflect/protodesc" +) + +type TestFixture interface { + context.Context + intermodule.Client // for making calls to the module we're testing + BeginBlock() + +EndBlock() +} + +type UnitTestFixture interface { + TestFixture + grpc.ServiceRegistrar // for registering mock service implementations +} + +type UnitTestConfig struct { + ModuleConfig proto.Message // the module's config object + DepinjectConfig depinject.Config // optional additional depinject config options + DependencyFileDescriptors []protodesc.FileDescriptorProto // optional dependency file descriptors to use instead of the global registry +} + +// Run runs the test function for all combinations of dependency API revisions. +func (cfg UnitTestConfig) + +Run(t *testing.T, f func(t *testing.T, f UnitTestFixture)) { + // ... +} +``` + +Here is an example for testing bar calling foo which takes advantage of conditional service revisions in the expected +mock arguments: + +```go expandable +func TestBar(t *testing.T) { + UnitTestConfig{ + ModuleConfig: &foomodulev1.Module{ +}}.Run(t, func (t *testing.T, f moduletesting.UnitTestFixture) { + ctrl := gomock.NewController(t) + mockFooMsgServer := footestutil.NewMockMsgServer() + +foov1.RegisterMsgServer(f, mockFooMsgServer) + barMsgClient := barv1.NewMsgClient(f) + if f.ServiceRevision(foov1.Msg_ServiceDesc.ServiceName) >= 1 { + mockFooMsgServer.EXPECT().DoSomething(gomock.Any(), &foov1.MsgDoSomething{ + ..., + Condition: ..., // condition is expected in revision >= 1 +}).Return(&foov1.MsgDoSomethingResponse{ +}, nil) +} + +else { + mockFooMsgServer.EXPECT().DoSomething(gomock.Any(), &foov1.MsgDoSomething{... +}).Return(&foov1.MsgDoSomethingResponse{ +}, nil) +} + +res, err := barMsgClient.CallFoo(f, &MsgCallFoo{ +}) + ... +}) +} +``` + +The unit test runner would make sure that no dependency mocks return arguments which are invalid for the service +revision being tested to ensure that modules don't incorrectly depend on functionality not present in a given revision. + +#### Integration Testing + +An integration test runner and fixture would also be provided which instead of using mocks would test actual module +dependencies in various combinations. Here is the proposed API: + +```go expandable +type IntegrationTestFixture interface { + TestFixture +} + +type IntegrationTestConfig struct { + ModuleConfig proto.Message // the module's config object + DependencyMatrix map[string][]proto.Message // all the dependent module configs +} + +// Run runs the test function for all combinations of dependency modules. +func (cfg IntegrationTestConfig) + +Run(t *testing.T, f func (t *testing.T, f IntegrationTestFixture)) { + // ... +} +``` + +And here is an example with foo and bar: + +```go expandable +func TestBarIntegration(t *testing.T) { + IntegrationTestConfig{ + ModuleConfig: &barmodulev1.Module{ +}, + DependencyMatrix: map[string][]proto.Message{ + "runtime": []proto.Message{ // test against two versions of runtime + &runtimev1.Module{ +}, + &runtimev2.Module{ +}, +}, + "foo": []proto.Message{ // test against three versions of foo + &foomodulev1.Module{ +}, + &foomodulev2.Module{ +}, + &foomodulev3.Module{ +}, +} + +} +}.Run(t, func (t *testing.T, f moduletesting.IntegrationTestFixture) { + barMsgClient := barv1.NewMsgClient(f) + +res, err := barMsgClient.CallFoo(f, &MsgCallFoo{ +}) + ... +}) +} +``` + +Unlike unit tests, integration tests actually pull in other module dependencies. So that modules can be written +without direct dependencies on other modules and because golang has no concept of development dependencies, integration +tests should be written in separate go modules, ex. `example.com/bar/v2/test`. Because this paradigm uses go semantic +versioning, it is possible to build a single go module which imports 3 versions of bar and 2 versions of runtime and +can test these all together in the six various combinations of dependencies. + +## Consequences + +### Backwards Compatibility + +Modules which migrate fully to ADR 033 will not be compatible with existing modules which use the keeper paradigm. +As a temporary workaround we may create some wrapper types that emulate the current keeper interface to minimize +the migration overhead. + +### Positive + +* we will be able to deliver interoperable semantically versioned modules which should dramatically increase the + ability of the Cosmos SDK ecosystem to iterate on new features +* it will be possible to write Cosmos SDK modules in other languages in the near future + +### Negative + +* all modules will need to be refactored somewhat dramatically + +### Neutral + +* the `cosmossdk.io/core/appconfig` framework will play a more central role in terms of how modules are defined, this + is likely generally a good thing but does mean additional changes for users wanting to stick to the pre-depinject way + of wiring up modules +* `depinject` is somewhat less needed or maybe even obviated because of the full ADR 033 approach. If we adopt the + core API proposed in [Link](https://github.com/cosmos/cosmos-sdk/pull/12239), then a module would probably always instantiate + itself with a method `ProvideModule(appmodule.Service) (appmodule.AppModule, error)`. There is no complex wiring of + keeper dependencies in this scenario and dependency injection may not have as much of (or any) use case. + +## Further Discussions + +The decision described above is considered in draft mode and is pending final buy-in from the team and key stakeholders. +Key outstanding discussions if we do adopt that direction are: + +* how do module clients introspect dependency module API revisions +* how do modules determine a minor dependency module API revision requirement +* how do modules appropriately test compatibility with different dependency versions +* how to register and resolve interface implementations +* how do modules register their protobuf file descriptors depending on the approach they take to generated code (the + API module approach may still be viable as a supported strategy and would need pinned file descriptors) + +## References + +* [Link](https://github.com/cosmos/cosmos-sdk/discussions/10162) +* [Link](https://github.com/cosmos/cosmos-sdk/discussions/10582) +* [Link](https://github.com/cosmos/cosmos-sdk/discussions/10368) +* [Link](https://github.com/cosmos/cosmos-sdk/pull/11340) +* [Link](https://github.com/cosmos/cosmos-sdk/issues/11899) +* [ADR 020](/docs/sdk/vnext/build/architecture/adr-020-protobuf-transaction-encoding) +* [ADR 033](/docs/sdk/vnext/build/architecture/adr-033-protobuf-inter-module-comm) diff --git a/docs/sdk/next/build/architecture/adr-055-orm.mdx b/docs/sdk/next/build/architecture/adr-055-orm.mdx new file mode 100644 index 00000000..f0572f71 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-055-orm.mdx @@ -0,0 +1,115 @@ +--- +title: 'ADR 055: ORM' +description: '2022-04-27: First draft' +--- +## Changelog + +* 2022-04-27: First draft + +## Status + +ACCEPTED Implemented + +## Abstract + +In order to make it easier for developers to build Cosmos SDK modules and for clients to query, index and verify proofs +against state data, we have implemented an ORM (object-relational mapping) layer for the Cosmos SDK. + +## Context + +Historically modules in the Cosmos SDK have always used the key-value store directly and created various handwritten +functions for managing key format as well as constructing secondary indexes. This consumes a significant amount of +time when building a module and is error-prone. Because key formats are non-standard, sometimes poorly documented, +and subject to change, it is hard for clients to generically index, query and verify merkle proofs against state data. + +The known first instance of an "ORM" in the Cosmos ecosystem was in [weave](https://github.com/iov-one/weave/tree/master/orm). +A later version was built for [regen-ledger](https://github.com/regen-network/regen-ledger/tree/157181f955823149e1825263a317ad8e16096da4/orm) for +use in the group module and later [ported to the SDK](https://github.com/cosmos/cosmos-sdk/tree/35d3312c3be306591fcba39892223f1244c8d108/x/group/internal/orm) +just for that purpose. + +While these earlier designs made it significantly easier to write state machines, they still required a lot of manual +configuration, didn't expose state format directly to clients, and were limited in their support of different types +of index keys, composite keys, and range queries. + +Discussions about the design continued in [Link](https://github.com/cosmos/cosmos-sdk/discussions/9156) and more +sophisticated proofs of concept were created in [Link](https://github.com/allinbits/cosmos-sdk-poc/tree/master/runtime/orm) +and [Link](https://github.com/cosmos/cosmos-sdk/pull/10454). + +## Decision + +These prior efforts culminated in the creation of the Cosmos SDK `orm` go module which uses protobuf annotations +for specifying ORM table definitions. This ORM is based on the new `google.golang.org/protobuf/reflect/protoreflect` +API and supports: + +* sorted indexes for all simple protobuf types (except `bytes`, `enum`, `float`, `double`) as well as `Timestamp` and `Duration` +* unsorted `bytes` and `enum` indexes +* composite primary and secondary keys +* unique indexes +* auto-incrementing `uint64` primary keys +* complex prefix and range queries +* paginated queries +* complete logical decoding of KV-store data + +Almost all the information needed to decode state directly is specified in .proto files. Each table definition specifies +an ID which is unique per .proto file and each index within a table is unique within that table. Clients then only need +to know the name of a module and the prefix ORM data for a specific .proto file within that module in order to decode +state data directly. This additional information will be exposed directly through app configs which will be explained +in a future ADR related to app wiring. + +The ORM makes optimizations around storage space by not repeating values in the primary key in the key value +when storing primary key records. For example, if the object `{"a":0,"b":1}` has the primary key `a`, it will +be stored in the key value store as `Key: '0', Value: {"b":1}` (with more efficient protobuf binary encoding). +Also, the generated code from [Link](https://github.com/cosmos/cosmos-proto) does optimizations around the +`google.golang.org/protobuf/reflect/protoreflect` API to improve performance. + +A code generator is included with the ORM which creates type safe wrappers around the ORM's dynamic `Table` +implementation and is the recommended way for modules to use the ORM. + +The ORM tests provide a simplified bank module demonstration which illustrates: + +* [ORM proto options](https://github.com/cosmos/cosmos-sdk/blob/0d846ae2f0424b2eb640f6679a703b52d407813d/orm/internal/testpb/bank.proto) +* [Generated Code](https://github.com/cosmos/cosmos-sdk/blob/0d846ae2f0424b2eb640f6679a703b52d407813d/orm/internal/testpb/bank.cosmos_orm.go) +* [Example Usage in a Module Keeper](https://github.com/cosmos/cosmos-sdk/blob/0d846ae2f0424b2eb640f6679a703b52d407813d/orm/model/ormdb/module_test.go) + +## Consequences + +### Backwards Compatibility + +State machine code that adopts the ORM will need migrations as the state layout is generally backwards incompatible. +These state machines will also need to migrate to [Link](https://github.com/cosmos/cosmos-proto) at least for state data. + +### Positive + +* easier to build modules +* easier to add secondary indexes to state +* possible to write a generic indexer for ORM state +* easier to write clients that do state proofs +* possible to automatically write query layers rather than needing to manually implement gRPC queries + +### Negative + +* worse performance than handwritten keys (for now). See [Further Discussions](#further-discussions) + for potential improvements + +### Neutral + +## Further Discussions + +Further discussions will happen within the Cosmos SDK Framework Working Group. Current planned and ongoing work includes: + +* automatically generate client-facing query layer +* client-side query libraries that transparently verify light client proofs +* index ORM data to SQL databases +* improve performance by: + * optimizing existing reflection based code to avoid unnecessary gets when doing deletes & updates of simple tables + * more sophisticated code generation such as making fast path reflection even faster (avoiding `switch` statements), + or even fully generating code that equals handwritten performance + +## References + +* [Link](https://github.com/iov-one/weave/tree/master/orm)). +* [Link](https://github.com/regen-network/regen-ledger/tree/157181f955823149e1825263a317ad8e16096da4/orm) +* [Link](https://github.com/cosmos/cosmos-sdk/tree/35d3312c3be306591fcba39892223f1244c8d108/x/group/internal/orm) +* [Link](https://github.com/cosmos/cosmos-sdk/discussions/9156) +* [Link](https://github.com/allinbits/cosmos-sdk-poc/tree/master/runtime/orm) +* [Link](https://github.com/cosmos/cosmos-sdk/pull/10454) diff --git a/docs/sdk/next/build/architecture/adr-057-app-wiring.mdx b/docs/sdk/next/build/architecture/adr-057-app-wiring.mdx new file mode 100644 index 00000000..0d411a00 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-057-app-wiring.mdx @@ -0,0 +1,386 @@ +--- +title: 'ADR 057: App Wiring' +description: '2022-05-04: Initial Draft 2022-08-19: Updates' +--- +## Changelog + +* 2022-05-04: Initial Draft +* 2022-08-19: Updates + +## Status + +PROPOSED Implemented + +## Abstract + +In order to make it easier to build Cosmos SDK modules and apps, we propose a new app wiring system based on +dependency injection and declarative app configurations to replace the current `app.go` code. + +## Context + +A number of factors have made the SDK and SDK apps in their current state hard to maintain. A symptom of the current +state of complexity is [`simapp/app.go`](https://github.com/cosmos/cosmos-sdk/blob/c3edbb22cab8678c35e21fe0253919996b780c01/simapp/app.go) +which contains almost 100 lines of imports and is otherwise over 600 lines of mostly boilerplate code that is +generally copied to each new project. (Not to mention the additional boilerplate which gets copied in `simapp/simd`.) + +The large amount of boilerplate needed to bootstrap an app has made it hard to release independently versioned go +modules for Cosmos SDK modules as described in [ADR 053: Go Module Refactoring](/docs/sdk/vnext/build/architecture/adr-053-go-module-refactoring). + +In addition to being very verbose and repetitive, `app.go` also exposes a large surface area for breaking changes +as most modules instantiate themselves with positional parameters which forces breaking changes anytime a new parameter +(even an optional one) is needed. + +Several attempts were made to improve the current situation including [ADR 033: Internal-Module Communication](/docs/sdk/vnext/build/architecture/adr-033-protobuf-inter-module-comm) +and [a proof-of-concept of a new SDK](https://github.com/allinbits/cosmos-sdk-poc). The discussions around these +designs led to the current solution described here. + +## Decision + +In order to improve the current situation, a new "app wiring" paradigm has been designed to replace `app.go` which +involves: + +* declaration configuration of the modules in an app which can be serialized to JSON or YAML +* a dependency-injection (DI) framework for instantiating apps from the configuration + +### Dependency Injection + +When examining the code in `app.go` most of the code simply instantiates modules with dependencies provided either +by the framework (such as store keys) or by other modules (such as keepers). It is generally pretty obvious given +the context what the correct dependencies actually should be, so dependency-injection is an obvious solution. Rather +than making developers manually resolve dependencies, a module will tell the DI container what dependency it needs +and the container will figure out how to provide it. + +We explored several existing DI solutions in golang and felt that the reflection-based approach in [uber/dig](https://github.com/uber-go/dig) +was closest to what we needed but not quite there. Assessing what we needed for the SDK, we designed and built +the Cosmos SDK [depinject module](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/depinject), which has the following +features: + +* dependency resolution and provision through functional constructors, ex: `func(need SomeDep) (AnotherDep, error)` +* dependency injection `In` and `Out` structs which support `optional` dependencies +* grouped-dependencies (many-per-container) through the `ManyPerContainerType` tag interface +* module-scoped dependencies via `ModuleKey`s (where each module gets a unique dependency) +* one-per-module dependencies through the `OnePerModuleType` tag interface +* sophisticated debugging information and container visualization via GraphViz + +Here are some examples of how these would be used in an SDK module: + +* `StoreKey` could be a module-scoped dependency which is unique per module +* a module's `AppModule` instance (or the equivalent) could be a `OnePerModuleType` +* CLI commands could be provided with `ManyPerContainerType`s + +Note that even though dependency resolution is dynamic and based on reflection, which could be considered a pitfall +of this approach, the entire dependency graph should be resolved immediately on app startup and only gets resolved +once (except in the case of dynamic config reloading which is a separate topic). This means that if there are any +errors in the dependency graph, they will get reported immediately on startup so this approach is only slightly worse +than fully static resolution in terms of error reporting and much better in terms of code complexity. + +### Declarative App Config + +In order to compose modules into an app, a declarative app configuration will be used. This configuration is based off +of protobuf and its basic structure is very simple: + +```protobuf +package cosmos.app.v1; + +message Config { + repeated ModuleConfig modules = 1; +} + +message ModuleConfig { + string name = 1; + google.protobuf.Any config = 2; +} +``` + +(See also [Link](https://github.com/cosmos/cosmos-sdk/blob/6e18f582bf69e3926a1e22a6de3c35ea327aadce/proto/cosmos/app/v1alpha1/config.proto)) + +The configuration for every module is itself a protobuf message and modules will be identified and loaded based +on the protobuf type URL of their config object (ex. `cosmos.bank.module.v1.Module`). Modules are given a unique short `name` +to share resources across different versions of the same module which might have a different protobuf package +versions (ex. `cosmos.bank.module.v2.Module`). All module config objects should define the `cosmos.app.v1alpha1.module` +descriptor option which will provide additional useful metadata for the framework and which can also be indexed +in module registries. + +An example app config in YAML might look like this: + +```yaml expandable +modules: + - name: baseapp + config: + "@type": cosmos.baseapp.module.v1.Module + begin_blockers: [staking, auth, bank] + end_blockers: [bank, auth, staking] + init_genesis: [bank, auth, staking] + - name: auth + config: + "@type": cosmos.auth.module.v1.Module + bech32_prefix: "foo" + - name: bank + config: + "@type": cosmos.bank.module.v1.Module + - name: staking + config: + "@type": cosmos.staking.module.v1.Module +``` + +In the above example, there is a hypothetical `baseapp` module which contains the information around ordering of +begin blockers, end blockers, and init genesis. Rather than lifting these concerns up to the module config layer, +they are themselves handled by a module which could allow a convenient way of swapping out different versions of +baseapp (for instance to target different versions of tendermint), without needing to change the rest of the config. +The `baseapp` module would then provide to the server framework (which sort of sits outside the ABCI app) an instance +of `abci.Application`. + +In this model, an app is *modules all the way down* and the dependency injection/app config layer is very much +protocol-agnostic and can adapt to even major breaking changes at the protocol layer. + +### Module & Protobuf Registration + +In order for the two components of dependency injection and declarative configuration to work together as described, +we need a way for modules to actually register themselves and provide dependencies to the container. + +One additional complexity that needs to be handled at this layer is protobuf registry initialization. Recall that +in both the current SDK `codec` and the proposed [ADR 054: Protobuf Semver Compatible Codegen](https://github.com/cosmos/cosmos-sdk/pull/11802), +protobuf types need to be explicitly registered. Given that the app config itself is based on protobuf and +uses protobuf `Any` types, protobuf registration needs to happen before the app config itself can be decoded. Because +we don't know which protobuf `Any` types will be needed a priori and modules themselves define those types, we need +to decode the app config in separate phases: + +1. parse app config JSON/YAML as raw JSON and collect required module type URLs (without doing proto JSON decoding) +2. build a [protobuf type registry](https://pkg.go.dev/google.golang.org/protobuf@v1.28.0/reflect/protoregistry) based + on file descriptors and types provided by each required module +3. decode the app config as proto JSON using the protobuf type registry + +Because in [ADR 054: Protobuf Semver Compatible Codegen](https://github.com/cosmos/cosmos-sdk/pull/11802), each module +might use `internal` generated code which is not registered with the global protobuf registry, this code should provide +an alternate way to register protobuf types with a type registry. In the same way that `.pb.go` files currently have a +`var File_foo_proto protoreflect.FileDescriptor` for the file `foo.proto`, generated code should have a new member +`var Types_foo_proto TypeInfo` where `TypeInfo` is an interface or struct with all the necessary info to register both +the protobuf generated types and file descriptor. + +So a module must provide dependency injection providers and protobuf types, and takes as input its module +config object which uniquely identifies the module based on its type URL. + +With this in mind, we define a global module register which allows module implementations to register themselves +with the following API: + +```go expandable +// Register registers a module with the provided type name (ex. cosmos.bank.module.v1.Module) +// and the provided options. +func Register(configTypeName protoreflect.FullName, option ...Option) { ... +} + +type Option { /* private methods */ +} + +// Provide registers dependency injection provider functions which work with the +// cosmos-sdk container module. These functions can also accept an additional +// parameter for the module's config object. +func Provide(providers ...interface{ +}) + +Option { ... +} + +// Types registers protobuf TypeInfo's with the protobuf registry. +func Types(types ...TypeInfo) + +Option { ... +} +``` + +Ex: + +```go expandable +func init() { + appmodule.Register("cosmos.bank.module.v1.Module", + appmodule.Types( + types.Types_tx_proto, + types.Types_query_proto, + types.Types_types_proto, + ), + appmodule.Provide( + provideBankModule, + ) + ) +} + +type Inputs struct { + container.In + + AuthKeeper auth.Keeper + DB ormdb.ModuleDB +} + +type Outputs struct { + Keeper bank.Keeper + AppModule appmodule.AppModule +} + +func ProvideBankModule(config *bankmodulev1.Module, Inputs) (Outputs, error) { ... +} +``` + +Note that in this module, a module configuration object *cannot* register different dependency providers at runtime +based on the configuration. This is intentional because it allows us to know globally which modules provide which +dependencies, and it will also allow us to do code generation of the whole app initialization. This +can help us figure out issues with missing dependencies in an app config if the needed modules are loaded at runtime. +In cases where required modules are not loaded at runtime, it may be possible to guide users to the correct module if +through a global Cosmos SDK module registry. + +The `*appmodule.Handler` type referenced above is a replacement for the legacy `AppModule` framework, and +described in [ADR 063: Core Module API](/docs/sdk/vnext/build/architecture/adr-063-core-module-api). + +### New `app.go` + +With this setup, `app.go` might now look something like this: + +```go expandable +package main + +import ( + + // Each go package which registers a module must be imported just for side-effects + // so that module implementations are registered. + _ "github.com/cosmos/cosmos-sdk/x/auth/module" + _ "github.com/cosmos/cosmos-sdk/x/bank/module" + _ "github.com/cosmos/cosmos-sdk/x/staking/module" + "github.com/cosmos/cosmos-sdk/core/app" +) + +// go:embed app.yaml +var appConfigYAML []byte + +func main() { + app.Run(app.LoadYAML(appConfigYAML)) +} +``` + +### Application to existing SDK modules + +So far we have described a system which is largely agnostic to the specifics of the SDK such as store keys, `AppModule`, +`BaseApp`, etc. Improvements to these parts of the framework that integrate with the general app wiring framework +defined here are described in [ADR 063: Core Module API](/docs/sdk/vnext/build/architecture/adr-063-core-module-api). + +### Registration of Inter-Module Hooks + +Some modules define a hooks interface (ex. `StakingHooks`) which allows one module to call back into another module +when certain events happen. + +With the app wiring framework, these hooks interfaces can be defined as a `OnePerModuleType`s and then the module +which consumes these hooks can collect these hooks as a map of module name to hook type (ex. `map[string]FooHooks`). Ex: + +```go expandable +func init() { + appmodule.Register( + &foomodulev1.Module{ +}, + appmodule.Invoke(InvokeSetFooHooks), + ... + ) +} + +func InvokeSetFooHooks( + keeper *keeper.Keeper, + fooHooks map[string]FooHooks, +) + +error { + for k in sort.Strings(maps.Keys(fooHooks)) { + keeper.AddFooHooks(fooHooks[k]) +} +} +``` + +Optionally, the module consuming hooks can allow app's to define an order for calling these hooks based on module name +in its config object. + +An alternative way for registering hooks via reflection was considered where all keeper types are inspected to see if +they implement the hook interface by the modules exposing hooks. This has the downsides of: + +* needing to expose all the keepers of all modules to the module providing hooks, +* not allowing for encapsulating hooks on a different type which doesn't expose all keeper methods, +* harder to know statically which module expose hooks or are checking for them. + +With the approach proposed here, hooks registration will be obviously observable in `app.go` if `depinject` codegen +(described below) is used. + +### Code Generation + +The `depinject` framework will optionally allow the app configuration and dependency injection wiring to be code +generated. This will allow: + +* dependency injection wiring to be inspected as regular go code just like the existing `app.go`, +* dependency injection to be opt-in with manual wiring 100% still possible. + +Code generation requires that all providers and invokers and their parameters are exported and in non-internal packages. + +### Module Semantic Versioning + +When we start creating semantically versioned SDK modules that are in standalone go modules, a state machine breaking +change to a module should be handled as follows: + +* the semantic major version should be incremented, and +* a new semantically versioned module config protobuf type should be created. + +For instance, if we have the SDK module for bank in the go module `github.com/cosmos/cosmos-sdk/x/bank` with the module config type +`cosmos.bank.module.v1.Module`, and we want to make a state machine breaking change to the module, we would: + +* create a new go module `github.com/cosmos/cosmos-sdk/x/bank/v2`, +* with the module config protobuf type `cosmos.bank.module.v2.Module`. + +This *does not* mean that we need to increment the protobuf API version for bank. Both modules can support +`cosmos.bank.v1`, but `github.com/cosmos/cosmos-sdk/x/bank/v2` will be a separate go module with a separate module config type. + +This practice will eventually allow us to use appconfig to load new versions of a module via a configuration change. + +Effectively, there should be a 1:1 correspondence between a semantically versioned go module and a +versioned module config protobuf type, and major versioning bumps should occur whenever state machine breaking changes +are made to a module. + +NOTE: SDK modules that are standalone go modules *should not* adopt semantic versioning until the concerns described in +[ADR 054: Module Semantic Versioning](/docs/sdk/vnext/build/architecture/adr-054-semver-compatible-modules) are +addressed. The short-term solution for this issue was left somewhat unresolved. However, the easiest tactic is +likely to use a standalone API go module and follow the guidelines described in this comment: [Link](https://github.com/cosmos/cosmos-sdk/pull/11802#issuecomment-1406815181). For the time-being, it is recommended that +Cosmos SDK modules continue to follow tried and true [0-based versioning](https://0ver.org) until an officially +recommended solution is provided. This section of the ADR will be updated when that happens and for now, this section +should be considered as a design recommendation for future adoption of semantic versioning. + +## Consequences + +### Backwards Compatibility + +Modules which work with the new app wiring system do not need to drop their existing `AppModule` and `NewKeeper` +registration paradigms. These two methods can live side-by-side for as long as is needed. + +### Positive + +* wiring up new apps will be simpler, more succinct and less error-prone +* it will be easier to develop and test standalone SDK modules without needing to replicate all of simapp +* it may be possible to dynamically load modules and upgrade chains without needing to do a coordinated stop and binary + upgrade using this mechanism +* easier plugin integration +* dependency injection framework provides more automated reasoning about dependencies in the project, with a graph visualization. + +### Negative + +* it may be confusing when a dependency is missing although error messages, the GraphViz visualization, and global + module registration may help with that + +### Neutral + +* it will require work and education + +## Further Discussions + +The protobuf type registration system described in this ADR has not been implemented and may need to be reconsidered in +light of code generation. It may be better to do this type registration with a DI provider. + +## References + +* [Link](https://github.com/cosmos/cosmos-sdk/blob/c3edbb22cab8678c35e21fe0253919996b780c01/simapp/app.go) +* [Link](https://github.com/allinbits/cosmos-sdk-poc) +* [Link](https://github.com/uber-go/dig) +* [Link](https://github.com/google/wire) +* [Link](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/container) +* [Link](https://github.com/cosmos/cosmos-sdk/pull/11802) +* [ADR 063: Core Module API](/docs/sdk/vnext/build/architecture/adr-063-core-module-api) diff --git a/docs/sdk/next/build/architecture/adr-058-auto-generated-cli.mdx b/docs/sdk/next/build/architecture/adr-058-auto-generated-cli.mdx new file mode 100644 index 00000000..0dbaf896 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-058-auto-generated-cli.mdx @@ -0,0 +1,100 @@ +--- +title: 'ADR 058: Auto-Generated CLI' +description: '2022-05-04: Initial Draft' +--- +## Changelog + +* 2022-05-04: Initial Draft + +## Status + +ACCEPTED Partially Implemented + +## Abstract + +In order to make it easier for developers to write Cosmos SDK modules, we provide infrastructure which automatically +generates CLI commands based on protobuf definitions. + +## Context + +Current Cosmos SDK modules generally implement a CLI command for every transaction and every query supported by the +module. These are handwritten for each command and essentially amount to providing some CLI flags or positional +arguments for specific fields in protobuf messages. + +In order to make sure CLI commands are correctly implemented as well as to make sure that the application works +in end-to-end scenarios, we do integration tests using CLI commands. While these tests are valuable on some-level, +they can be hard to write and maintain, and run slowly. [Some teams have contemplated](https://github.com/regen-network/regen-ledger/issues/1041) +moving away from CLI-style integration tests (which are really end-to-end tests) towards narrower integration tests +which exercise `MsgClient` and `QueryClient` directly. This might involve replacing the current end-to-end CLI +tests with unit tests as there still needs to be some way to test these CLI commands for full quality assurance. + +## Decision + +To make module development simpler, we provide infrastructure - in the new [`client/v2`](https://github.com/cosmos/cosmos-sdk/tree/main/client/v2) +go module - for automatically generating CLI commands based on protobuf definitions to either replace or complement +handwritten CLI commands. This will mean that when developing a module, it will be possible to skip both writing and +testing CLI commands as that can all be taken care of by the framework. + +The basic design for automatically generating CLI commands is to: + +* create one CLI command for each `rpc` method in a protobuf `Query` or `Msg` service +* create a CLI flag for each field in the `rpc` request type +* for `query` commands call gRPC and print the response as protobuf JSON or YAML (via the `-o`/`--output` flag) +* for `tx` commands, create a transaction and apply common transaction flags + +In order to make the auto-generated CLI as easy to use (or easier) than handwritten CLI, we need to do custom handling +of specific protobuf field types so that the input format is easy for humans: + +* `Coin`, `Coins`, `DecCoin`, and `DecCoins` should be input using the existing format (i.e. `1000uatom`) +* it should be possible to specify an address using either the bech32 address string or a named key in the keyring +* `Timestamp` and `Duration` should accept strings like `2001-01-01T00:00:00Z` and `1h3m` respectively +* pagination should be handled with flags like `--page-limit`, `--page-offset`, etc. +* it should be possible to customize any other protobuf type either via its message name or a `cosmos_proto.scalar` annotation + +At a basic level it should be possible to generate a command for a single `rpc` method as well as all the commands for +a whole protobuf `service` definition. It should be possible to mix and match auto-generated and handwritten commands. + +## Consequences + +### Backwards Compatibility + +Existing modules can mix and match auto-generated and handwritten CLI commands so it is up to them as to whether they +make breaking changes by replacing handwritten commands with slightly different auto-generated ones. + +For now the SDK will maintain the existing set of CLI commands for backwards compatibility but new commands will use +this functionality. + +### Positive + +* module developers will not need to write CLI commands +* module developers will not need to test CLI commands +* [lens](https://github.com/strangelove-ventures/lens) may benefit from this + +### Negative + +### Neutral + +## Further Discussions + +We would like to be able to customize: + +* short and long usage strings for commands +* aliases for flags (ex. `-a` for `--amount`) +* which fields are positional parameters rather than flags + +It is an [open discussion](https://github.com/cosmos/cosmos-sdk/pull/11725#issuecomment-1108676129) +as to whether these customizations options should lie in: + +* the .proto files themselves, +* separate config files (ex. YAML), or +* directly in code + +Providing the options in .proto files would allow a dynamic client to automatically generate +CLI commands on the fly. However, that may pollute the .proto files themselves with information that is only relevant +for a small subset of users. + +## References + +* [Link](https://github.com/regen-network/regen-ledger/issues/1041) +* [Link](https://github.com/cosmos/cosmos-sdk/tree/main/client/v2) +* [Link](https://github.com/cosmos/cosmos-sdk/pull/11725#issuecomment-1108676129) diff --git a/docs/sdk/next/build/architecture/adr-059-test-scopes.mdx b/docs/sdk/next/build/architecture/adr-059-test-scopes.mdx new file mode 100644 index 00000000..2b9acef7 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-059-test-scopes.mdx @@ -0,0 +1,258 @@ +--- +title: 'ADR 059: Test Scopes' +description: >- + 2022-08-02: Initial Draft 2023-03-02: Add precision for integration tests + 2023-03-23: Add precision for E2E tests +--- +## Changelog + +* 2022-08-02: Initial Draft +* 2023-03-02: Add precision for integration tests +* 2023-03-23: Add precision for E2E tests + +## Status + +PROPOSED Partially Implemented + +## Abstract + +Recent work in the SDK aimed at breaking apart the monolithic root go module has highlighted +shortcomings and inconsistencies in our testing paradigm. This ADR clarifies a common +language for talking about test scopes and proposes an ideal state of tests at each scope. + +## Context + +[ADR-053: Go Module Refactoring](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-053-go-module-refactoring.md) expresses our desire for an SDK composed of many +independently versioned Go modules, and [ADR-057: App Wiring](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-057-app-wiring.md) offers a methodology +for breaking apart inter-module dependencies through the use of dependency injection. As +described in [EPIC: Separate all SDK modules into standalone go modules](https://github.com/cosmos/cosmos-sdk/issues/11899), module +dependencies are particularly complected in the test phase, where simapp is used as +the key test fixture in setting up and running tests. It is clear that the successful +completion of Phases 3 and 4 in that EPIC require the resolution of this dependency problem. + +In [EPIC: Unit Testing of Modules via Mocks](https://github.com/cosmos/cosmos-sdk/issues/12398) it was thought this Gordian knot could be +unwound by mocking all dependencies in the test phase for each module, but seeing how these +refactors were complete rewrites of test suites discussions began around the fate of the +existing integration tests. One perspective is that they ought to be thrown out, another is +that integration tests have some utility of their own and a place in the SDK's testing story. + +Another point of confusion has been the current state of CLI test suites, [x/auth](https://github.com/cosmos/cosmos-sdk/blob/0f7e56c6f9102cda0ca9aba5b6f091dbca976b5a/x/auth/client/testutil/suite.go#L44-L49) for +example. In code these are called integration tests, but in reality function as end to end +tests by starting up a tendermint node and full application. [EPIC: Rewrite and simplify +CLI tests](https://github.com/cosmos/cosmos-sdk/issues/12696) identifies the ideal state of CLI tests using mocks, but does not address the +place end to end tests may have in the SDK. + +From here we identify three scopes of testing, **unit**, **integration**, **e2e** (end to +end), seek to define the boundaries of each, their shortcomings (real and imposed), and their +ideal state in the SDK. + +### Unit tests + +Unit tests exercise the code contained in a single module (e.g. `/x/bank`) or package +(e.g. `/client`) in isolation from the rest of the code base. Within this we identify two +levels of unit tests, *illustrative* and *journey*. The definitions below lean heavily on +[The BDD Books - Formulation](https://leanpub.com/bddbooks-formulation) section 1.3. + +*Illustrative* tests exercise an atomic part of a module in isolation - in this case we +might do fixture setup/mocking of other parts of the module. + +Tests which exercise a whole module's function with dependencies mocked, are *journeys*. +These are almost like integration tests in that they exercise many things together but still +use mocks. + +Example 1 journey vs illustrative tests - [depinject's BDD style tests](https://github.com/cosmos/cosmos-sdk/blob/main/depinject/binding_test.go), show how we can +rapidly build up many illustrative cases demonstrating behavioral rules without [very much code](https://github.com/cosmos/cosmos-sdk/blob/main/depinject/binding_test.go) while maintaining high level readability. + +Example 2 [depinject table driven tests](https://github.com/cosmos/cosmos-sdk/blob/main/depinject/provider_desc_test.go) + +Example 3 [Bank keeper tests](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/x/bank/keeper/keeper_test.go#L94-L105) - A mock implementation of `AccountKeeper` is supplied to the keeper constructor. + +#### Limitations + +Certain modules are tightly coupled beyond the test phase. A recent dependency report for +`bank -> auth` found 274 total usages of `auth` in `bank`, 50 of which are in +production code and 224 in test. This tight coupling may suggest that either the modules +should be merged, or refactoring is required to abstract references to the core types tying +the modules together. It could also indicate that these modules should be tested together +in integration tests beyond mocked unit tests. + +In some cases setting up a test case for a module with many mocked dependencies can be quite +cumbersome and the resulting test may only show that the mocking framework works as expected +rather than working as a functional test of interdependent module behavior. + +### Integration tests + +Integration tests define and exercise relationships between an arbitrary number of modules +and/or application subsystems. + +Wiring for integration tests is provided by `depinject` and some [helper code](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/testutil/sims/app_helpers.go#L95) starts up +a running application. A section of the running application may then be tested. Certain +inputs during different phases of the application life cycle are expected to produce +invariant outputs without too much concern for component internals. This type of black box +testing has a larger scope than unit testing. + +Example 1 [client/grpc\_query\_test/TestGRPCQuery](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/client/grpc_query_test.go#L111-L129) - This test is misplaced in `/client`, +but tests the life cycle of (at least) `runtime` and `bank` as they progress through +startup, genesis and query time. It also exercises the fitness of the client and query +server without putting bytes on the wire through the use of [QueryServiceTestHelper](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/baseapp/grpcrouter_helpers.go#L31). + +Example 2 `x/evidence` Keeper integration tests - Starts up an application composed of [8 +modules](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/x/evidence/testutil/app.yaml#L1) with [5 keepers](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/x/evidence/keeper/keeper_test.go#L101-L106) used in the integration test suite. One test in the suite +exercises [HandleEquivocationEvidence](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/x/evidence/keeper/infraction_test.go#L42) which contains many interactions with the staking +keeper. + +Example 3 - Integration suite app configurations may also be specified via golang (not +YAML as above) [statically](https://github.com/cosmos/cosmos-sdk/blob/main/x/nft/testutil/app_config.go) or [dynamically](https://github.com/cosmos/cosmos-sdk/blob/8c23f6f957d1c0bedd314806d1ac65bea59b084c/tests/integration/bank/keeper/keeper_test.go#L129-L134). + +#### Limitations + +Setting up a particular input state may be more challenging since the application is +starting from a zero state. Some of this may be addressed by good test fixture +abstractions with testing of their own. Tests may also be more brittle, and larger +refactors could impact application initialization in unexpected ways with harder to +understand errors. This could also be seen as a benefit, and indeed the SDK's current +integration tests were helpful in tracking down logic errors during earlier stages +of app-wiring refactors. + +### Simulations + +Simulations (also called generative testing) are a special case of integration tests where +deterministically random module operations are executed against a running simapp, building +blocks on the chain until a specified height is reached. No *specific* assertions are +made for the state transitions resulting from module operations but any error will halt and +fail the simulation. Since `crisis` is included in simapp and the simulation runs +EndBlockers at the end of each block any module invariant violations will also fail +the simulation. + +Modules must implement [AppModuleSimulation.WeightedOperations](https://github.com/cosmos/cosmos-sdk/blob/2bec9d2021918650d3938c3ab242f84289daef80/types/module/simulation.go#L31) to define their +simulation operations. Note that not all modules implement this which may indicate a +gap in current simulation test coverage. + +Modules not returning simulation operations: + +* `auth` +* `evidence` +* `mint` +* `params` + +A separate binary, [runsim](https://github.com/cosmos/tools/tree/master/cmd/runsim), is responsible for kicking off some of these tests and +managing their life cycle. + +#### Limitations + +* [A success](https://github.com/cosmos/cosmos-sdk/runs/7606931983?check_suite_focus=true) may take a long time to run, 7-10 minutes per simulation in CI. +* [Timeouts](https://github.com/cosmos/cosmos-sdk/runs/7606932295?check_suite_focus=true) sometimes occur on apparent successes without any indication why. +* Useful error messages not provided on [failure](https://github.com/cosmos/cosmos-sdk/runs/7606932548?check_suite_focus=true) from CI, requiring a developer to run + the simulation locally to reproduce. + +### E2E tests + +End to end tests exercise the entire system as we understand it in as close an approximation +to a production environment as is practical. Presently these tests are located at +[tests/e2e](https://github.com/cosmos/cosmos-sdk/tree/main/tests/e2e) and rely on [testutil/network](https://github.com/cosmos/cosmos-sdk/tree/main/testutil/network) to start up an in-process Tendermint node. + +An application should be built as minimally as possible to exercise the desired functionality. +The SDK uses an application will only the required modules for the tests. The application developer is advised to use its own application for e2e tests. + +#### Limitations + +In general the limitations of end to end tests are orchestration and compute cost. +Scaffolding is required to start up and run a prod-like environment and this +process takes much longer to start and run than unit or integration tests. + +Global locks present in Tendermint code cause stateful starting/stopping to sometimes hang +or fail intermittently when run in a CI environment. + +The scope of e2e tests has been complected with command line interface testing. + +## Decision + +We accept these test scopes and identify the following decisions points for each. + +| Scope | App Type | Mocks? | +| ----------- | ------------------- | ------ | +| Unit | None | Yes | +| Integration | integration helpers | Some | +| Simulation | minimal app | No | +| E2E | minimal app | No | + +The decision above is valid for the SDK. An application developer should test their application with their full application instead of the minimal app. + +### Unit Tests + +All modules must have mocked unit test coverage. + +Illustrative tests should outnumber journeys in unit tests. + +Unit tests should outnumber integration tests. + +Unit tests must not introduce additional dependencies beyond those already present in +production code. + +When module unit test introduction as per [EPIC: Unit testing of modules via mocks](https://github.com/cosmos/cosmos-sdk/issues/12398) +results in a near complete rewrite of an integration test suite the test suite should be +retained and moved to `/tests/integration`. We accept the resulting test logic +duplication but recommend improving the unit test suite through the addition of +illustrative tests. + +### Integration Tests + +All integration tests shall be located in `/tests/integration`, even those which do not +introduce extra module dependencies. + +To help limit scope and complexity, it is recommended to use the smallest possible number of +modules in application startup, i.e. don't depend on simapp. + +Integration tests should outnumber e2e tests. + +### Simulations + +Simulations shall use a minimal application (usually via app wiring). They are located under `/x/{moduleName}/simulation`. + +### E2E Tests + +Existing e2e tests shall be migrated to integration tests by removing the dependency on the +test network and in-process Tendermint node to ensure we do not lose test coverage. + +The e2e rest runner shall transition from in process Tendermint to a runner powered by +Docker via [dockertest](https://github.com/ory/dockertest). + +E2E tests exercising a full network upgrade shall be written. + +The CLI testing aspect of existing e2e tests shall be rewritten using the network mocking +demonstrated in [PR#12706](https://github.com/cosmos/cosmos-sdk/pull/12706). + +## Consequences + +### Positive + +* test coverage is increased +* test organization is improved +* reduced dependency graph size in modules +* simapp removed as a dependency from modules +* inter-module dependencies introduced in test code are removed +* reduced CI run time after transitioning away from in process Tendermint + +### Negative + +* some test logic duplication between unit and integration tests during transition +* test written using dockertest DX may be a bit worse + +### Neutral + +* some discovery required for e2e transition to dockertest + +## Further Discussions + +It may be useful if test suites could be run in integration mode (with mocked tendermint) or +with e2e fixtures (with real tendermint and many nodes). Integration fixtures could be used +for quicker runs, e2e fixtures could be used for more battle hardening. + +A PoC `x/gov` was completed in PR [#12847](https://github.com/cosmos/cosmos-sdk/pull/12847) +is in progress for unit tests demonstrating BDD \[Rejected]. +Observing that a strength of BDD specifications is their readability, and a con is the +cognitive load while writing and maintaining, current consensus is to reserve BDD use +for places in the SDK where complex rules and module interactions are demonstrated. +More straightforward or low level test cases will continue to rely on go table tests. + +Levels are network mocking in integration and e2e tests are still being worked on and formalized. diff --git a/docs/sdk/next/build/architecture/adr-060-abci-1.0.mdx b/docs/sdk/next/build/architecture/adr-060-abci-1.0.mdx new file mode 100644 index 00000000..0c16becb --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-060-abci-1.0.mdx @@ -0,0 +1,257 @@ +--- +title: 'ADR 60: ABCI 1.0 Integration (Phase I)' +description: >- + 2022-08-10: Initial Draft (@alexanderbez, @tac0turtle) Nov 12, 2022: Update + PrepareProposal and ProcessProposal semantics per the initial implementation + PR (@alexanderbez) +--- +## Changelog + +* 2022-08-10: Initial Draft (@alexanderbez, @tac0turtle) +* Nov 12, 2022: Update `PrepareProposal` and `ProcessProposal` semantics per the + initial implementation [PR](https://github.com/cosmos/cosmos-sdk/pull/13453) (@alexanderbez) + +## Status + +ACCEPTED + +## Abstract + +This ADR describes the initial adoption of [ABCI 1.0](https://github.com/tendermint/tendermint/blob/master/spec/abci%2B%2B/README.md), +the next evolution of ABCI, within the Cosmos SDK. ABCI 1.0 aims to provide +application developers with more flexibility and control over application and +consensus semantics, e.g. in-application mempools, in-process oracles, and +order-book style matching engines. + +## Context + +Tendermint will release ABCI 1.0. Notably, at the time of this writing, +Tendermint is releasing v0.37.0 which will include `PrepareProposal` and `ProcessProposal`. + +The `PrepareProposal` ABCI method is concerned with a block proposer requesting +the application to evaluate a series of transactions to be included in the next +block, defined as a slice of `TxRecord` objects. The application can either +accept, reject, or completely ignore some or all of these transactions. This is +an important consideration to make as the application can essentially define and +control its own mempool allowing it to define sophisticated transaction priority +and filtering mechanisms, by completely ignoring the `TxRecords` Tendermint +sends it, favoring its own transactions. This essentially means that the Tendermint +mempool acts more like a gossip data structure. + +The second ABCI method, `ProcessProposal`, is used to process the block proposer's +proposal as defined by `PrepareProposal`. It is important to note the following +with respect to `ProcessProposal`: + +* Execution of `ProcessProposal` must be deterministic. +* There must be coherence between `PrepareProposal` and `ProcessProposal`. In + other words, for any two correct processes *p* and *q*, if *q*'s Tendermint + calls `RequestProcessProposal` on *up*, *q*'s Application returns + ACCEPT in `ResponseProcessProposal`. + +It is important to note that in ABCI 1.0 integration, the application +is NOT responsible for locking semantics -- Tendermint will still be responsible +for that. In the future, however, the application will be responsible for locking, +which allows for parallel execution possibilities. + +## Decision + +We will integrate ABCI 1.0, which will be introduced in Tendermint +v0.37.0, in the next major release of the Cosmos SDK. We will integrate ABCI 1.0 +methods on the `BaseApp` type. We describe the implementations of the two methods +individually below. + +Prior to describing the implementation of the two new methods, it is important to +note that the existing ABCI methods, `CheckTx`, `DeliverTx`, etc, still exist and +serve the same functions as they do now. + +### `PrepareProposal` + +Prior to evaluating the decision for how to implement `PrepareProposal`, it is +important to note that `CheckTx` will still be executed and will be responsible +for evaluating transaction validity as it does now, with one very important +*additive* distinction. + +When executing transactions in `CheckTx`, the application will now add valid +transactions, i.e. passing the AnteHandler, to its own mempool data structure. +In order to provide a flexible approach to meet the varying needs of application +developers, we will define both a mempool interface and a data structure utilizing +Golang generics, allowing developers to focus only on transaction +ordering. Developers requiring absolute full control can implement their own +custom mempool implementation. + +We define the general mempool interface as follows (subject to change): + +```go expandable +type Mempool interface { + // Insert attempts to insert a Tx into the app-side mempool returning + // an error upon failure. + Insert(sdk.Context, sdk.Tx) + +error + + // Select returns an Iterator over the app-side mempool. If txs are specified, + // then they shall be incorporated into the Iterator. The Iterator must + // be closed by the caller. + Select(sdk.Context, [][]byte) + +Iterator + + // CountTx returns the number of transactions currently in the mempool. + CountTx() + +int + + // Remove attempts to remove a transaction from the mempool, returning an error + // upon failure. + Remove(sdk.Tx) + +error +} + +// Iterator defines an app-side mempool iterator interface that is as minimal as +// possible. The order of iteration is determined by the app-side mempool +// implementation. +type Iterator interface { + // Next returns the next transaction from the mempool. If there are no more + // transactions, it returns nil. + Next() + +Iterator + + // Tx returns the transaction at the current position of the iterator. + Tx() + +sdk.Tx +} +``` + +We will define an implementation of `Mempool`, defined by `nonceMempool`, that +will cover most basic application use-cases. Namely, it will prioritize transactions +by transaction sender, allowing for multiple transactions from the same sender. + +The default app-side mempool implementation, `nonceMempool`, will operate on a +single skip list data structure. Specifically, transactions with the lowest nonce +globally are prioritized. Transactions with the same nonce are prioritized by +sender address. + +```go +type nonceMempool struct { + txQueue *huandu.SkipList +} +``` + +Previous discussions1 have come to the agreement that Tendermint will +perform a request to the application, via `RequestPrepareProposal`, with a certain +amount of transactions reaped from Tendermint's local mempool. The exact amount +of transactions reaped will be determined by a local operator configuration. +This is referred to as the "one-shot approach" seen in discussions. + +When Tendermint reaps transactions from the local mempool and sends them to the +application via `RequestPrepareProposal`, the application will have to evaluate +the transactions. Specifically, it will need to inform Tendermint if it should +reject and or include each transaction. Note, the application can even *replace* +transactions entirely with other transactions. + +When evaluating transactions from `RequestPrepareProposal`, the application will +ignore *ALL* transactions sent to it in the request and instead reap up to +`RequestPrepareProposal.max_tx_bytes` from it's own mempool. + +Since an application can technically insert or inject transactions on `Insert` +during `CheckTx` execution, it is recommended that applications ensure transaction +validity when reaping transactions during `PrepareProposal`. However, what validity +exactly means is entirely determined by the application. + +The Cosmos SDK will provide a default `PrepareProposal` implementation that simply +select up to `MaxBytes` *valid* transactions. + +However, applications can override this default implementation with their own +implementation and set that on `BaseApp` via `SetPrepareProposal`. + +### `ProcessProposal` + +The `ProcessProposal` ABCI method is relatively straightforward. It is responsible +for ensuring validity of the proposed block containing transactions that were +selected from the `PrepareProposal` step. However, how an application determines +validity of a proposed block depends on the application and its varying use cases. +For most applications, simply calling the `AnteHandler` chain would suffice, but +there could easily be other applications that need more control over the validation +process of the proposed block, such as ensuring txs are in a certain order or +that certain transactions are included. While this theoretically could be achieved +with a custom `AnteHandler` implementation, it's not the cleanest UX or the most +efficient solution. + +Instead, we will define an additional ABCI interface method on the existing +`Application` interface, similar to the existing ABCI methods such as `BeginBlock` +or `EndBlock`. This new interface method will be defined as follows: + +```go +ProcessProposal(sdk.Context, abci.ProcessProposalRequest) + +error { +} +``` + +Note, we must call `ProcessProposal` with a new internal branched state on the +`Context` argument as we cannot simply just use the existing `checkState` because +`BaseApp` already has a modified `checkState` at this point. So when executing +`ProcessProposal`, we create a similar branched state, `processProposalState`, +off of `deliverState`. Note, the `processProposalState` is never committed and +is completely discarded after `ProcessProposal` finishes execution. + +The Cosmos SDK will provide a default implementation of `ProcessProposal` in which +all transactions are validated using the CheckTx flow, i.e. the AnteHandler, and +will always return ACCEPT unless any transaction cannot be decoded. + +### `DeliverTx` + +Since transactions are not truly removed from the app-side mempool during +`PrepareProposal`, since `ProcessProposal` can fail or take multiple rounds and +we do not want to lose transactions, we need to finally remove the transaction +from the app-side mempool during `DeliverTx` since during this phase, the +transactions are being included in the proposed block. + +Alternatively, we can keep the transactions as truly being removed during the +reaping phase in `PrepareProposal` and add them back to the app-side mempool in +case `ProcessProposal` fails. + +## Consequences + +### Backwards Compatibility + +ABCI 1.0 is naturally not backwards compatible with prior versions of the Cosmos SDK +and Tendermint. For example, an application that requests `RequestPrepareProposal` +to the same application that does not speak ABCI 1.0 will naturally fail. + +However, in the first phase of the integration, the existing ABCI methods as we +know them today will still exist and function as they currently do. + +### Positive + +* Applications now have full control over transaction ordering and priority. +* Lays the groundwork for the full integration of ABCI 1.0, which will unlock more + app-side use cases around block construction and integration with the Tendermint + consensus engine. + +### Negative + +* Requires that the "mempool", as a general data structure that collects and stores + uncommitted transactions will be duplicated between both Tendermint and the + Cosmos SDK. +* Additional requests between Tendermint and the Cosmos SDK in the context of + block execution. Albeit, the overhead should be negligible. +* Not backwards compatible with previous versions of Tendermint and the Cosmos SDK. + +## Further Discussions + +It is possible to design the app-side implementation of the `Mempool[T MempoolTx]` +in many different ways using different data structures and implementations. All +of which have different tradeoffs. The proposed solution keeps things simple +and covers cases that would be required for most basic applications. There are +tradeoffs that can be made to improve performance of reaping and inserting into +the provided mempool implementation. + +## References + +* [Link](https://github.com/tendermint/tendermint/blob/master/spec/abci%2B%2B/README.md) +* \[1] [Link](https://github.com/tendermint/tendermint/issues/7750#issuecomment-1076806155) +* \[2] [Link](https://github.com/tendermint/tendermint/issues/7750#issuecomment-1075717151) diff --git a/docs/sdk/next/build/architecture/adr-061-liquid-staking.mdx b/docs/sdk/next/build/architecture/adr-061-liquid-staking.mdx new file mode 100644 index 00000000..c1d34390 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-061-liquid-staking.mdx @@ -0,0 +1,81 @@ +--- +title: 'ADR-061: Liquid Staking' +description: '2022-09-10: Initial Draft (@zmanian)' +--- +## Changelog + +* 2022-09-10: Initial Draft (@zmanian) + +## Status + +ACCEPTED + +## Abstract + +Add a semi-fungible liquid staking primitive to the default Cosmos SDK staking module. This upgrades proof of stake to enable safe designs with lower overall monetary issuance and integration with numerous liquid staking protocols like Stride, Persistence, Quicksilver, Lido etc. + +## Context + +The original release of the Cosmos Hub featured the implementation of a ground breaking proof of stake mechanism featuring delegation, slashing, in protocol reward distribution and adaptive issuance. This design was state of the art for 2016 and has been deployed without major changes by many L1 blockchains. + +As both Proof of Stake and blockchain use cases have matured, this design has aged poorly and should no longer be considered a good baseline Proof of Stake issuance. In the world of application specific blockchains, there cannot be a one size fits all blockchain but the Cosmos SDK does endeavour to provide a good baseline implementation and one that is suitable for the Cosmos Hub. + +The most important deficiency of the legacy staking design is that it composes poorly with on chain protocols for trading, lending, derivatives that are referred to collectively as DeFi. The legacy staking implementation starves these applications of liquidity by increasing the risk free rate adaptively. It basically makes DeFi and staking security somewhat incompatible. + +The Osmosis team has adopted the idea of Superfluid and Interfluid staking where assets that are participating in DeFi applications can also be used in proof of stake. This requires tight integration with an enshrined set of DeFi applications and thus is unsuitable for the Cosmos SDK. + +It's also important to note that Interchain Accounts are available in the default IBC implementation and can be used to [rehypothecate](https://www.investopedia.com/terms/h/hypothecation.asp#toc-what-is-rehypothecation) delegations. Thus liquid staking is already possible and these changes merely improve the UX of liquid staking. Centralized exchanges also rehypothecate staked assets, posing challenges for decentralization. This ADR takes the position that adoption of in-protocol liquid staking is the preferable outcome and provides new levers to incentivize decentralization of stake. + +These changes to the staking module have been in development for more than a year and have seen substantial industry adoption who plan to build staking UX. The internal economics at Informal team has also done a review of the impacts of these changes and this review led to the development of the exempt delegation system. This system provides governance with a tuneable parameter for modulating the risks of principal agent problem called the exemption factor. + +## Decision + +We implement the semi-fungible liquid staking system and exemption factor system within the cosmos sdk. Though registered as fungible assets, these tokenized shares have extremely limited fungibility, only among the specific delegation record that was created when shares were tokenized. These assets can be used for OTC trades but composability with DeFi is limited. The primary expected use case is improving the user experience of liquid staking providers. + +A new governance parameter is introduced that defines the ratio of exempt to issued tokenized shares. This is called the exemption factor. A larger exemption factor allows more tokenized shares to be issued for a smaller amount of exempt delegations. If governance is comfortable with how the liquid staking market is evolving, it makes sense to increase this value. + +Min self delegation is removed from the staking system with the expectation that it will be replaced by the exempt delegations system. The exempt delegation system allows multiple accounts to demonstrate economic alignment with the validator operator as team members, partners etc. without co-mingling funds. Delegation exemption will likely be required to grow the validators' business under widespread adoption of liquid staking once governance has adjusted the exemption factor. + +When shares are tokenized, the underlying shares are transferred to a module account and rewards go to the module account for the TokenizedShareRecord. + +There is no longer a mechanism to override the validators vote for TokenizedShares. + +### `MsgTokenizeShares` + +The MsgTokenizeShares message is used to create tokenize delegated tokens. This message can be executed by any delegator who has positive amount of delegation and after execution the specific amount of delegation disappear from the account and share tokens are provided. Share tokens are denominated in the validator and record id of the underlying delegation. + +A user may tokenize some or all of their delegation. + +They will receive shares with the denom of `cosmosvaloper1xxxx/5` where 5 is the record id for the validator operator. + +MsgTokenizeShares fails if the account is a VestingAccount. Users will have to move vested tokens to a new account and endure the unbonding period. We view this as an acceptable tradeoff vs. the complex book keeping required to track vested tokens. + +The total amount of outstanding tokenized shares for the validator is checked against the sum of exempt delegations multiplied by the exemption factor. If the tokenized shares exceeds this limit, execution fails. + +MsgTokenizeSharesResponse provides the number of tokens generated and their denom. + +### `MsgRedeemTokensforShares` + +The MsgRedeemTokensforShares message is used to redeem the delegation from share tokens. This message can be executed by any user who owns share tokens. After execution delegations will appear to the user. + +### `MsgTransferTokenizeShareRecord` + +The MsgTransferTokenizeShareRecord message is used to transfer the ownership of rewards generated from the tokenized amount of delegation. The tokenize share record is created when a user tokenize his/her delegation and deleted when the full amount of share tokens are redeemed. + +This is designed to work with liquid staking designs that do not redeem the tokenized shares and may instead want to keep the shares tokenized. + +### `MsgExemptDelegation` + +The MsgExemptDelegation message is used to exempt a delegation to a validator. If the exemption factor is greater than 0, this will allow more delegation shares to be issued from the validator. + +This design allows the chain to force an amount of self-delegation by validators participating in liquid staking schemes. + +## Consequences + +### Backwards Compatibility + +By setting the exemption factor to zero, this module works like legacy staking. The only substantial change is the removal of min-self-bond and without any tokenized shares, there is no incentive to exempt delegation. + +### Positive + +This approach should enable integration with liquid staking providers and improved user experience. It provides a pathway to security under non-exponential issuance policies in the baseline staking module. diff --git a/docs/sdk/next/build/architecture/adr-062-collections-state-layer.mdx b/docs/sdk/next/build/architecture/adr-062-collections-state-layer.mdx new file mode 100644 index 00000000..31758c2c --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-062-collections-state-layer.mdx @@ -0,0 +1,118 @@ +--- +title: 'ADR 062: Collections, a simplified storage layer for cosmos-sdk modules' +description: '30/11/2022: PROPOSED' +--- +## Changelog + +* 30/11/2022: PROPOSED + +## Status + +PROPOSED - Implemented + +## Abstract + +We propose a simplified module storage layer which leverages golang generics to allow module developers to handle module +storage in a simple and straightforward manner, whilst offering safety, extensibility and standardization. + +## Context + +Module developers are forced into manually implementing storage functionalities in their modules, those functionalities include +but are not limited to: + +* Defining key to bytes formats. +* Defining value to bytes formats. +* Defining secondary indexes. +* Defining query methods to expose outside to deal with storage. +* Defining local methods to deal with storage writing. +* Dealing with genesis imports and exports. +* Writing tests for all the above. + +This brings in a lot of problems: + +* It blocks developers from focusing on the most important part: writing business logic. +* Key to bytes formats are complex and their definition is error-prone, for example: + * how do I format time to bytes in such a way that bytes are sorted? + * how do I ensure when I don't have namespace collisions when dealing with secondary indexes? +* The lack of standardization makes life hard for clients, and the problem is exacerbated when it comes to providing proofs for objects present in state. Clients are forced to maintain a list of object paths to gather proofs. + +### Current Solution: ORM + +The current SDK proposed solution to this problem is [ORM](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-055-orm.md). +Whilst ORM offers a lot of good functionality aimed at solving these specific problems, it has some downsides: + +* It requires migrations. +* It uses the newest protobuf golang API, whilst the SDK still mainly uses gogoproto. +* Integrating ORM into a module would require the developer to deal with two different golang frameworks (golang protobuf + gogoproto) representing the same API objects. +* It has a high learning curve, even for simple storage layers as it requires developers to have knowledge around protobuf options, custom cosmos-sdk storage extensions, and tooling download. Then after this they still need to learn the code-generated API. + +### CosmWasm Solution: cw-storage-plus + +The collections API takes inspiration from [cw-storage-plus](https://docs.cosmwasm.com/docs/1.0/smart-contracts/state/cw-plus/), +which has demonstrated to be a powerful tool for dealing with storage in CosmWasm contracts. +It's simple, does not require extra tooling, it makes it easy to deal with complex storage structures (indexes, snapshot, etc). +The API is straightforward and explicit. + +## Decision + +We propose to port the `collections` API, whose implementation lives in [NibiruChain/collections](https://github.com/NibiruChain/collections) to cosmos-sdk. + +Collections implements four different storage handlers types: + +* `Map`: which deals with simple `key=>object` mappings. +* `KeySet`: which acts as a `Set` and only retains keys and no object (usecase: allow-lists). +* `Item`: which always contains only one object (usecase: Params) +* `Sequence`: which implements a simple always increasing number (usecase: Nonces) +* `IndexedMap`: builds on top of `Map` and `KeySet` and allows to create relationships with `Objects` and `Objects` secondary keys. + +All the collection APIs build on top of the simple `Map` type. + +Collections is fully generic, meaning that anything can be used as `Key` and `Value`. It can be a protobuf object or not. + +Collections types, in fact, delegate the duty of serialization of keys and values to a secondary collections API component called `ValueEncoders` and `KeyEncoders`. + +`ValueEncoders` take care of converting a value to bytes (relevant only for `Map`). And offers a plug and play layer which allows us to change how we encode objects, +which is relevant for swapping serialization frameworks and enhancing performance. +`Collections` already comes in with default `ValueEncoders`, specifically for: protobuf objects, special SDK types (sdk.Int, sdk.Dec). + +`KeyEncoders` take care of converting keys to bytes, `collections` already comes in with some default `KeyEncoders` for some primitive golang types +(uint64, string, time.Time, ...) and some widely used sdk types (sdk.Acc/Val/ConsAddress, sdk.Int/Dec, ...). +These default implementations also offer safety around proper lexicographic ordering and namespace-collision. + +Examples of the collections API can be found here: + +* introduction: [Link](https://github.com/NibiruChain/collections/tree/main/examples) +* usage in nibiru: [x/oracle](https://github.com/NibiruChain/nibiru/blob/master/x/oracle/keeper/keeper.go#L32), [x/perp](https://github.com/NibiruChain/nibiru/blob/master/x/perp/keeper/keeper.go#L31) +* cosmos-sdk's x/staking migrated: [Link](https://github.com/testinginprod/cosmos-sdk/pull/22) + +## Consequences + +### Backwards Compatibility + +The design of `ValueEncoders` and `KeyEncoders` allows modules to retain the same `byte(key)=>byte(value)` mappings, making +the upgrade to the new storage layer non-state breaking. + +### Positive + +* ADR aimed at removing code from the SDK rather than adding it. Migrating just `x/staking` to collections would yield to a net decrease in LOC (even considering the addition of collections itself). +* Simplifies and standardizes storage layers across modules in the SDK. +* Does not require to have to deal with protobuf. +* It's pure golang code. +* Generalization over `KeyEncoders` and `ValueEncoders` allows us to not tie ourself to the data serialization framework. +* `KeyEncoders` and `ValueEncoders` can be extended to provide schema reflection. + +### Negative + +* Golang generics are not as battle-tested as other Golang features, despite being used in production right now. +* Collection types instantiation needs to be improved. + +### Neutral + +`{neutral consequences}` + +## Further Discussions + +* Automatic genesis import/export (not implemented because of API breakage) +* Schema reflection + +## References diff --git a/docs/sdk/next/build/architecture/adr-063-core-module-api.mdx b/docs/sdk/next/build/architecture/adr-063-core-module-api.mdx new file mode 100644 index 00000000..20c6b2fc --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-063-core-module-api.mdx @@ -0,0 +1,614 @@ +--- +title: 'ADR 063: Core Module API' +description: 2022-08-18 First Draft 2022-12-08 First Draft 2023-01-24 Updates +--- +## Changelog + +* 2022-08-18 First Draft +* 2022-12-08 First Draft +* 2023-01-24 Updates + +## Status + +ACCEPTED Partially Implemented + +## Abstract + +A new core API is proposed as a way to develop cosmos-sdk applications that will eventually replace the existing +`AppModule` and `sdk.Context` frameworks a set of core services and extension interfaces. This core API aims to: + +* be simpler +* more extensible +* more stable than the current framework +* enable deterministic events and queries, +* support event listeners +* [ADR 033: Protobuf-based Inter-Module Communication](/docs/sdk/vnext/build/architecture/adr-033-protobuf-inter-module-comm) clients. + +## Context + +Historically modules have exposed their functionality to the framework via the `AppModule` and `AppModuleBasic` +interfaces which have the following shortcomings: + +* both `AppModule` and `AppModuleBasic` need to be defined and registered which is counter-intuitive +* apps need to implement the full interfaces, even parts they don't need (although there are workarounds for this), +* interface methods depend heavily on unstable third party dependencies, in particular Comet, +* legacy required methods have littered these interfaces for far too long + +In order to interact with the state machine, modules have needed to do a combination of these things: + +* get store keys from the app +* call methods on `sdk.Context` which contains more or less the full set of capability available to modules. + +By isolating all the state machine functionality into `sdk.Context`, the set of functionalities available to +modules are tightly coupled to this type. If there are changes to upstream dependencies (such as Comet) +or new functionalities are desired (such as alternate store types), the changes need impact `sdk.Context` and all +consumers of it (basically all modules). Also, all modules now receive `context.Context` and need to convert these +to `sdk.Context`'s with a non-ergonomic unwrapping function. + +Any breaking changes to these interfaces, such as ones imposed by third-party dependencies like Comet, have the +side effect of forcing all modules in the ecosystem to update in lock-step. This means it is almost impossible to have +a version of the module which can be run with 2 or 3 different versions of the SDK or 2 or 3 different versions of +another module. This lock-step coupling slows down overall development within the ecosystem and causes updates to +components to be delayed longer than they would if things were more stable and loosely coupled. + +## Decision + +The `core` API proposes a set of core APIs that modules can rely on to interact with the state machine and expose their +functionalities to it that are designed in a principled way such that: + +* tight coupling of dependencies and unrelated functionalities is minimized or eliminated +* APIs can have long-term stability guarantees +* the SDK framework is extensible in a safe and straightforward way + +The design principles of the core API are as follows: + +* everything that a module wants to interact with in the state machine is a service +* all services coordinate state via `context.Context` and don't try to recreate the "bag of variables" approach of `sdk.Context` +* all independent services are isolated in independent packages with minimal APIs and minimal dependencies +* the core API should be minimalistic and designed for long-term support (LTS) +* a "runtime" module will implement all the "core services" defined by the core API and can handle all module + functionalities exposed by core extension interfaces +* other non-core and/or non-LTS services can be exposed by specific versions of runtime modules or other modules + following the same design principles, this includes functionality that interacts with specific non-stable versions of + third party dependencies such as Comet +* the core API doesn't implement *any* functionality, it just defines types +* go stable API compatibility guidelines are followed: [Link](https://go.dev/blog/module-compatibility) + +A "runtime" module is any module which implements the core functionality of composing an ABCI app, which is currently +handled by `BaseApp` and the `ModuleManager`. Runtime modules which implement the core API are *intentionally* separate +from the core API in order to enable more parallel versions and forks of the runtime module than is possible with the +SDK's current tightly coupled `BaseApp` design while still allowing for a high degree of composability and +compatibility. + +Modules which are built only against the core API don't need to know anything about which version of runtime, +`BaseApp` or Comet in order to be compatible. Modules from the core mainline SDK could be easily composed +with a forked version of runtime with this pattern. + +This design is intended to enable matrices of compatible dependency versions. Ideally a given version of any module +is compatible with multiple versions of the runtime module and other compatible modules. This will allow dependencies +to be selectively updated based on battle-testing. More conservative projects may want to update some dependencies +slower than more fast moving projects. + +### Core Services + +The following "core services" are defined by the core API. All valid runtime module implementations should provide +implementations of these services to modules via both [dependency injection](/docs/sdk/vnext/build/architecture/adr-057-app-wiring) and +manual wiring. The individual services described below are all bundled in a convenient `appmodule.Service` +"bundle service" so that for simplicity modules can declare a dependency on a single service. + +#### Store Services + +Store services will be defined in the `cosmossdk.io/core/store` package. + +The generic `store.KVStore` interface is the same as current SDK `KVStore` interface. Store keys have been refactored +into store services which, instead of expecting the context to know about stores, invert the pattern and allow +retrieving a store from a generic context. There are three store services for the three types of currently supported +stores - regular kv-store, memory, and transient: + +```go +type KVStoreService interface { + OpenKVStore(context.Context) + +KVStore +} + +type MemoryStoreService interface { + OpenMemoryStore(context.Context) + +KVStore +} + +type TransientStoreService interface { + OpenTransientStore(context.Context) + +KVStore +} +``` + +Modules can use these services like this: + +```go +func (k msgServer) + +Send(ctx context.Context, msg *types.MsgSend) (*types.MsgSendResponse, error) { + store := k.kvStoreSvc.OpenKVStore(ctx) +} +``` + +Just as with the current runtime module implementation, modules will not need to explicitly name these store keys, +but rather the runtime module will choose an appropriate name for them and modules just need to request the +type of store they need in their dependency injection (or manual) constructors. + +#### Event Service + +The event `Service` will be defined in the `cosmossdk.io/core/event` package. + +The event `Service` allows modules to emit typed and legacy untyped events: + +```go expandable +package event + +type Service interface { + // EmitProtoEvent emits events represented as a protobuf message (as described in ADR 032). + // + // Callers SHOULD assume that these events may be included in consensus. These events + // MUST be emitted deterministically and adding, removing or changing these events SHOULD + // be considered state-machine breaking. + EmitProtoEvent(ctx context.Context, event protoiface.MessageV1) + +error + + // EmitKVEvent emits an event based on an event and kv-pair attributes. + // + // These events will not be part of consensus and adding, removing or changing these events is + // not a state-machine breaking change. + EmitKVEvent(ctx context.Context, eventType string, attrs ...KVEventAttribute) + +error + + // EmitProtoEventNonConsensus emits events represented as a protobuf message (as described in ADR 032), without + // including it in blockchain consensus. + // + // These events will not be part of consensus and adding, removing or changing events is + // not a state-machine breaking change. + EmitProtoEventNonConsensus(ctx context.Context, event protoiface.MessageV1) + +error +} +``` + +Typed events emitted with `EmitProto` should be assumed to be part of blockchain consensus (whether they are part of +the block or app hash is left to the runtime to specify). + +Events emitted by `EmitKVEvent` and `EmitProtoEventNonConsensus` are not considered to be part of consensus and cannot be observed +by other modules. If there is a client-side need to add events in patch releases, these methods can be used. + +#### Logger + +A logger (`cosmossdk.io/log`) must be supplied using `depinject`, and will +be made available for modules to use via `depinject.In`. +Modules using it should follow the current pattern in the SDK by adding the module name before using it. + +```go expandable +type ModuleInputs struct { + depinject.In + + Logger log.Logger +} + +func ProvideModule(in ModuleInputs) + +ModuleOutputs { + keeper := keeper.NewKeeper( + in.logger, + ) +} + +func NewKeeper(logger log.Logger) + +Keeper { + return Keeper{ + logger: logger.With(log.ModuleKey, "x/"+types.ModuleName), +} +} +``` + +### Core `AppModule` extension interfaces + +Modules will provide their core services to the runtime module via extension interfaces built on top of the +`cosmossdk.io/core/appmodule.AppModule` tag interface. This tag interface requires only two empty methods which +allow `depinject` to identify implementers as `depinject.OnePerModule` types and as app module implementations: + +```go +type AppModule interface { + depinject.OnePerModuleType + + // IsAppModule is a dummy method to tag a struct as implementing an AppModule. + IsAppModule() +} +``` + +Other core extension interfaces will be defined in `cosmossdk.io/core` should be supported by valid runtime +implementations. + +#### `MsgServer` and `QueryServer` registration + +`MsgServer` and `QueryServer` registration is done by implementing the `HasServices` extension interface: + +```go +type HasServices interface { + AppModule + + RegisterServices(grpc.ServiceRegistrar) +} +``` + +Because of the `cosmos.msg.v1.service` protobuf option, required for `Msg` services, the same `ServiceRegistrar` can be +used to register both `Msg` and query services. + +#### Genesis + +The genesis `Handler` functions - `DefaultGenesis`, `ValidateGenesis`, `InitGenesis` and `ExportGenesis` - are specified +against the `GenesisSource` and `GenesisTarget` interfaces which will abstract over genesis sources which may be a single +JSON object or collections of JSON objects that can be efficiently streamed. + +```go expandable +// GenesisSource is a source for genesis data in JSON format. It may abstract over a +// single JSON object or separate files for each field in a JSON object that can +// be streamed over. Modules should open a separate io.ReadCloser for each field that +// is required. When fields represent arrays they can efficiently be streamed +// over. If there is no data for a field, this function should return nil, nil. It is +// important that the caller closes the reader when done with it. +type GenesisSource = func(field string) (io.ReadCloser, error) + +// GenesisTarget is a target for writing genesis data in JSON format. It may +// abstract over a single JSON object or JSON in separate files that can be +// streamed over. Modules should open a separate io.WriteCloser for each field +// and should prefer writing fields as arrays when possible to support efficient +// iteration. It is important the caller closers the writer AND checks the error +// when done with it. It is expected that a stream of JSON data is written +// to the writer. +type GenesisTarget = func(field string) (io.WriteCloser, error) +``` + +All genesis objects for a given module are expected to conform to the semantics of a JSON object. +Each field in the JSON object should be read and written separately to support streaming genesis. +The [ORM](/docs/sdk/vnext/build/architecture/adr-055-orm) and [collections](/docs/sdk/vnext/build/architecture/adr-062-collections-state-layer) both support +streaming genesis and modules using these frameworks generally do not need to write any manual +genesis code. + +To support genesis, modules should implement the `HasGenesis` extension interface: + +```go expandable +type HasGenesis interface { + AppModule + + // DefaultGenesis writes the default genesis for this module to the target. + DefaultGenesis(GenesisTarget) + +error + + // ValidateGenesis validates the genesis data read from the source. + ValidateGenesis(GenesisSource) + +error + + // InitGenesis initializes module state from the genesis source. + InitGenesis(context.Context, GenesisSource) + +error + + // ExportGenesis exports module state to the genesis target. + ExportGenesis(context.Context, GenesisTarget) + +error +} +``` + +#### Pre Blockers + +Modules that have functionality that runs before BeginBlock and should implement the `HasPreBlocker` interfaces: + +```go +type HasPreBlocker interface { + AppModule + PreBlock(context.Context) + +error +} +``` + +#### Begin and End Blockers + +Modules that have functionality that runs before transactions (begin blockers) or after transactions +(end blockers) should implement the has `HasBeginBlocker` and/or `HasEndBlocker` interfaces: + +```go +type HasBeginBlocker interface { + AppModule + BeginBlock(context.Context) + +error +} + +type HasEndBlocker interface { + AppModule + EndBlock(context.Context) + +error +} +``` + +The `BeginBlock` and `EndBlock` methods will take a `context.Context`, because: + +* most modules don't need Comet information other than `BlockInfo` so we can eliminate dependencies on specific + Comet versions +* for the few modules that need Comet block headers and/or return validator updates, specific versions of the + runtime module will provide specific functionality for interacting with the specific version(s) of Comet + supported + +In order for `BeginBlock`, `EndBlock` and `InitGenesis` to send back validator updates and retrieve full Comet +block headers, the runtime module for a specific version of Comet could provide services like this: + +```go +type ValidatorUpdateService interface { + SetValidatorUpdates(context.Context, []abci.ValidatorUpdate) +} +``` + +Header Service defines a way to get header information about a block. This information is generalized for all implementations: + +```go expandable +type Service interface { + GetHeaderInfo(context.Context) + +Info +} + +type Info struct { + Height int64 // Height returns the height of the block + Hash []byte // Hash returns the hash of the block header + Time time.Time // Time returns the time of the block + ChainID string // ChainId returns the chain ID of the block +} +``` + +Comet Service provides a way to get comet specific information: + +```go expandable +type Service interface { + GetCometInfo(context.Context) + +Info +} + +type CometInfo struct { + Evidence []abci.Misbehavior // Misbehavior returns the misbehavior of the block + // ValidatorsHash returns the hash of the validators + // For Comet, it is the hash of the next validators + ValidatorsHash []byte + ProposerAddress []byte // ProposerAddress returns the address of the block proposer + DecidedLastCommit abci.CommitInfo // DecidedLastCommit returns the last commit info +} +``` + +If a user would like to provide a module other information they would need to implement another service like: + +```go +type RollKit Interface { + ... +} +``` + +We know these types will change at the Comet level and that also a very limited set of modules actually need this +functionality, so they are intentionally kept out of core to keep core limited to the necessary, minimal set of stable +APIs. + +#### Remaining Parts of AppModule + +The current `AppModule` framework handles a number of additional concerns which aren't addressed by this core API. +These include: + +* gas +* block headers +* upgrades +* registration of gogo proto and amino interface types +* cobra query and tx commands +* gRPC gateway +* crisis module invariants +* simulations + +Additional `AppModule` extension interfaces either inside or outside of core will need to be specified to handle +these concerns. + +In the case of gogo proto and amino interfaces, the registration of these generally should happen as early +as possible during initialization and in [ADR 057: App Wiring](/docs/sdk/vnext/build/architecture/adr-057-app-wiring), protobuf type registration\ +happens before dependency injection (although this could alternatively be done dedicated DI providers). + +gRPC gateway registration should probably be handled by the runtime module, but the core API shouldn't depend on gRPC +gateway types as 1) we are already using an older version and 2) it's possible the framework can do this registration +automatically in the future. So for now, the runtime module should probably provide some sort of specific type for doing +this registration ex: + +```go +type GrpcGatewayInfo struct { + Handlers []GrpcGatewayHandler +} + +type GrpcGatewayHandler func(ctx context.Context, mux *runtime.ServeMux, client QueryClient) + +error +``` + +which modules can return in a provider: + +```go +func ProvideGrpcGateway() + +GrpcGatewayInfo { + return GrpcGatewayInfo { + Handlers: []Handler { + types.RegisterQueryHandlerClient +} + +} +} +``` + +Crisis module invariants and simulations are subject to potential redesign and should be managed with types +defined in the crisis and simulation modules respectively. + +Extension interface for CLI commands will be provided via the `cosmossdk.io/client/v2` module and its +[autocli](/docs/sdk/vnext/build/architecture/adr-058-auto-generated-cli) framework. + +#### Example Usage + +Here is an example of setting up a hypothetical `foo` v2 module which uses the [ORM](/docs/sdk/vnext/build/architecture/adr-055-orm) for its state +management and genesis. + +```go expandable +type Keeper struct { + db orm.ModuleDB + evtSrv event.Service +} + +func (k Keeper) + +RegisterServices(r grpc.ServiceRegistrar) { + foov1.RegisterMsgServer(r, k) + +foov1.RegisterQueryServer(r, k) +} + +func (k Keeper) + +BeginBlock(context.Context) + +error { + return nil +} + +func ProvideApp(config *foomodulev2.Module, evtSvc event.EventService, db orm.ModuleDB) (Keeper, appmodule.AppModule) { + k := &Keeper{ + db: db, evtSvc: evtSvc +} + +return k, k +} +``` + +### Runtime Compatibility Version + +The `core` module will define a static integer var, `cosmossdk.io/core.RuntimeCompatibilityVersion`, which is +a minor version indicator of the core module that is accessible at runtime. Correct runtime module implementations +should check this compatibility version and return an error if the current `RuntimeCompatibilityVersion` is higher +than the version of the core API that this runtime version can support. When new features are adding to the `core` +module API that runtime modules are required to support, this version should be incremented. + +### Runtime Modules + +The initial `runtime` module will simply be created within the existing `github.com/cosmos/cosmos-sdk` go module +under the `runtime` package. This module will be a small wrapper around the existing `BaseApp`, `sdk.Context` and +module manager and follow the Cosmos SDK's existing [0-based versioning](https://0ver.org). To move to semantic +versioning as well as runtime modularity, new officially supported runtime modules will be created under the +`cosmossdk.io/runtime` prefix. For each supported consensus engine a semantically-versioned go module should be created +with a runtime implementation for that consensus engine. For example: + +* `cosmossdk.io/runtime/comet` +* `cosmossdk.io/runtime/comet/v2` +* `cosmossdk.io/runtime/rollkit` +* etc. + +These runtime modules should attempt to be semantically versioned even if the underlying consensus engine is not. Also, +because a runtime module is also a first class Cosmos SDK module, it should have a protobuf module config type. +A new semantically versioned module config type should be created for each of these runtime module such that there is a +1:1 correspondence between the go module and module config type. This is the same practice should be followed for every +semantically versioned Cosmos SDK module as described in [ADR 057: App Wiring](/docs/sdk/vnext/build/architecture/adr-057-app-wiring). + +Currently, `github.com/cosmos/cosmos-sdk/runtime` uses the protobuf config type `cosmos.app.runtime.v1alpha1.Module`. +When we have a standalone v1 comet runtime, we should use a dedicated protobuf module config type such as +`cosmos.runtime.comet.v1.Module1`. When we release v2 of the comet runtime (`cosmossdk.io/runtime/comet/v2`) we should +have a corresponding `cosmos.runtime.comet.v2.Module` protobuf type. + +In order to make it easier to support different consensus engines that support the same core module functionality as +described in this ADR, a common go module should be created with shared runtime components. The easiest runtime components +to share initially are probably the message/query router, inter-module client, service register, and event router. +This common runtime module should be created initially as the `cosmossdk.io/runtime/common` go module. + +When this new architecture has been implemented, the main dependency for a Cosmos SDK module would be +`cosmossdk.io/core` and that module should be able to be used with any supported consensus engine (to the extent +that it does not explicitly depend on consensus engine specific functionality such as Comet's block headers). An +app developer would then be able to choose which consensus engine they want to use by importing the corresponding +runtime module. The current `BaseApp` would be refactored into the `cosmossdk.io/runtime/comet` module, the router +infrastructure in `baseapp/` would be refactored into `cosmossdk.io/runtime/common` and support ADR 033, and eventually +a dependency on `github.com/cosmos/cosmos-sdk` would no longer be required. + +In short, modules would depend primarily on `cosmossdk.io/core`, and each `cosmossdk.io/runtime/{consensus-engine}` +would implement the `cosmossdk.io/core` functionality for that consensus engine. + +One additional piece that would need to be resolved as part of this architecture is how runtimes relate to the server. +Likely it would make sense to modularize the current server architecture so that it can be used with any runtime even +if that is based on a consensus engine besides Comet. This means that eventually the Comet runtime would need to +encapsulate the logic for starting Comet and the ABCI app. + +### Testing + +A mock implementation of all services should be provided in core to allow for unit testing of modules +without needing to depend on any particular version of runtime. Mock services should +allow tests to observe service behavior or provide a non-production implementation - for instance memory +stores can be used to mock stores. + +For integration testing, a mock runtime implementation should be provided that allows composing different app modules +together for testing without a dependency on runtime or Comet. + +## Consequences + +### Backwards Compatibility + +Early versions of runtime modules should aim to support as much as possible modules built with the existing +`AppModule`/`sdk.Context` framework. As the core API is more widely adopted, later runtime versions may choose to +drop support and only support the core API plus any runtime module specific APIs (like specific versions of Comet). + +The core module itself should strive to remain at the go semantic version `v1` as long as possible and follow design +principles that allow for strong long-term support (LTS). + +Older versions of the SDK can support modules built against core with adaptors that convert wrap core `AppModule` +implementations in implementations of `AppModule` that conform to that version of the SDK's semantics as well +as by providing service implementations by wrapping `sdk.Context`. + +### Positive + +* better API encapsulation and separation of concerns +* more stable APIs +* more framework extensibility +* deterministic events and queries +* event listeners +* inter-module msg and query execution support +* more explicit support for forking and merging of module versions (including runtime) + +### Negative + +### Neutral + +* modules will need to be refactored to use this API +* some replacements for `AppModule` functionality still need to be defined in follow-ups + (type registration, commands, invariants, simulations) and this will take additional design work + +## Further Discussions + +* gas +* block headers +* upgrades +* registration of gogo proto and amino interface types +* cobra query and tx commands +* gRPC gateway +* crisis module invariants +* simulations + +## References + +* [ADR 033: Protobuf-based Inter-Module Communication](/docs/sdk/vnext/build/architecture/adr-033-protobuf-inter-module-comm) +* [ADR 057: App Wiring](/docs/sdk/vnext/build/architecture/adr-057-app-wiring) +* [ADR 055: ORM](/docs/sdk/vnext/build/architecture/adr-055-orm) +* [ADR 028: Public Key Addresses](/docs/sdk/vnext/build/architecture/adr-028-public-key-addresses) +* [Keeping Your Modules Compatible](https://go.dev/blog/module-compatibility) diff --git a/docs/sdk/next/build/architecture/adr-064-abci-2.0.mdx b/docs/sdk/next/build/architecture/adr-064-abci-2.0.mdx new file mode 100644 index 00000000..6ca2dbaa --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-064-abci-2.0.mdx @@ -0,0 +1,504 @@ +--- +title: 'ADR 64: ABCI 2.0 Integration (Phase II)' +--- +## Changelog + +* 2023-01-17: Initial Draft (@alexanderbez) +* 2023-04-06: Add upgrading section (@alexanderbez) +* 2023-04-10: Simplify vote extension state persistence (@alexanderbez) +* 2023-07-07: Revise vote extension state persistence (@alexanderbez) +* 2023-08-24: Revise vote extension power calculations and staking interface (@davidterpay) + +## Status + +ACCEPTED + +## Abstract + +This ADR outlines the continuation of the efforts to implement ABCI++ in the Cosmos +SDK outlined in [ADR 060: ABCI 1.0 (Phase I)](/docs/sdk/vnext/build/architecture/adr-060-abci-1.0). + +Specifically, this ADR outlines the design and implementation of ABCI 2.0, which +includes `ExtendVote`, `VerifyVoteExtension` and `FinalizeBlock`. + +## Context + +ABCI 2.0 continues the promised updates from ABCI++, specifically three additional +ABCI methods that the application can implement in order to gain further control, +insight and customization of the consensus process, unlocking many novel use-cases +that were previously not possible. We describe these three new methods below: + +### `ExtendVote` + +This method allows each validator process to extend the pre-commit phase of the +CometBFT consensus process. Specifically, it allows the application to perform +custom business logic that extends the pre-commit vote and supply additional data +as part of the vote, although they are signed separately by the same key. + +The data, called vote extension, will be broadcast and received together with the +vote it is extending, and will be made available to the application in the next +height. Specifically, the proposer of the next block will receive the vote extensions +in `RequestPrepareProposal.local_last_commit.votes`. + +If the application does not have vote extension information to provide, it +returns a 0-length byte array as its vote extension. + +**NOTE**: + +* Although each validator process submits its own vote extension, ONLY the *proposer* + of the *next* block will receive all the vote extensions included as part of the + pre-commit phase of the previous block. This means only the proposer will + implicitly have access to all the vote extensions, via `RequestPrepareProposal`, + and that not all vote extensions may be included, since a validator does not + have to wait for all pre-commits, only 2/3. +* The pre-commit vote is signed independently from the vote extension. + +### `VerifyVoteExtension` + +This method allows validators to validate the vote extension data attached to +each pre-commit message it receives. If the validation fails, the whole pre-commit +message will be deemed invalid and ignored by CometBFT. + +CometBFT uses `VerifyVoteExtension` when validating a pre-commit vote. Specifically, +for a pre-commit, CometBFT will: + +* Reject the message if it doesn't contain a signed vote AND a signed vote extension +* Reject the message if the vote's signature OR the vote extension's signature fails to verify +* Reject the message if `VerifyVoteExtension` was rejected by the app + +Otherwise, CometBFT will accept the pre-commit message. + +Note, this has important consequences on liveness, i.e., if vote extensions repeatedly +cannot be verified by correct validators, CometBFT may not be able to finalize +a block even if sufficiently many (+2/3) validators send pre-commit votes for +that block. Thus, `VerifyVoteExtension` should be used with special care. + +CometBFT recommends that an application that detects an invalid vote extension +SHOULD accept it in `ResponseVerifyVoteExtension` and ignore it in its own logic. + +### `FinalizeBlock` + +This method delivers a decided block to the application. The application must +execute the transactions in the block deterministically and update its state +accordingly. Cryptographic commitments to the block and transaction results, +returned via the corresponding parameters in `ResponseFinalizeBlock`, are +included in the header of the next block. CometBFT calls it when a new block +is decided. + +In other words, `FinalizeBlock` encapsulates the current ABCI execution flow of +`BeginBlock`, one or more `DeliverTx`, and `EndBlock` into a single ABCI method. +CometBFT will no longer execute requests for these legacy methods and instead +will just simply call `FinalizeBlock`. + +## Decision + +We will discuss changes to the Cosmos SDK to implement ABCI 2.0 in two distinct +phases, `VoteExtensions` and `FinalizeBlock`. + +### `VoteExtensions` + +Similarly for `PrepareProposal` and `ProcessProposal`, we propose to introduce +two new handlers that an application can implement in order to provide and verify +vote extensions. + +We propose the following new handlers for applications to implement: + +```go +type ExtendVoteHandler func(sdk.Context, abci.ExtendVoteRequest) + +abci.ExtendVoteResponse +type VerifyVoteExtensionHandler func(sdk.Context, abci.VerifyVoteExtensionRequest) + +abci.VerifyVoteExtensionResponse +``` + +An ephemeral context and state will be supplied to both handlers. The +context will contain relevant metadata such as the block height and block hash. +The state will be a cached version of the committed state of the application and +will be discarded after the execution of the handler, this means that both handlers +get a fresh state view and no changes made to it will be written. + +If an application decides to implement `ExtendVoteHandler`, it must return a +non-nil `ResponseExtendVote.VoteExtension`. + +Recall, an implementation of `ExtendVoteHandler` does NOT need to be deterministic, +however, given a set of vote extensions, `VerifyVoteExtensionHandler` must be +deterministic, otherwise the chain may suffer from liveness faults. In addition, +recall CometBFT proceeds in rounds for each height, so if a decision cannot be +made about a block proposal at a given height, CometBFT will proceed to the +next round and thus will execute `ExtendVote` and `VerifyVoteExtension` again for +the new round for each validator until 2/3 valid pre-commits can be obtained. + +Given the broad scope of potential implementations and use-cases of vote extensions, +and how to verify them, most applications should choose to implement the handlers +through a single handler type, which can have any number of dependencies injected +such as keepers. In addition, this handler type could contain some notion of +volatile vote extension state management which would assist in vote extension +verification. This state management could be ephemeral or could be some form of +on-disk persistence. + +Example: + +```go expandable +// VoteExtensionHandler implements an Oracle vote extension handler. +type VoteExtensionHandler struct { + cdc Codec + mk MyKeeper + state VoteExtState // This could be a map or a DB connection object +} + +// ExtendVoteHandler can do something with h.mk and possibly h.state to create +// a vote extension, such as fetching a series of prices for supported assets. +func (h VoteExtensionHandler) + +ExtendVoteHandler(ctx sdk.Context, req abci.ExtendVoteRequest) + +abci.ExtendVoteResponse { + prices := GetPrices(ctx, h.mk.Assets()) + +bz, err := EncodePrices(h.cdc, prices) + if err != nil { + panic(fmt.Errorf("failed to encode prices for vote extension: %w", err)) +} + + // store our vote extension at the given height + // + // NOTE: Vote extensions can be overridden since we can timeout in a round. + SetPrices(h.state, req, bz) + +return abci.ExtendVoteResponse{ + VoteExtension: bz +} +} + +// VerifyVoteExtensionHandler can do something with h.state and req to verify +// the req.VoteExtension field, such as ensuring the provided oracle prices are +// within some valid range of our prices. +func (h VoteExtensionHandler) + +VerifyVoteExtensionHandler(ctx sdk.Context, req abci.VerifyVoteExtensionRequest) + +abci.VerifyVoteExtensionResponse { + prices, err := DecodePrices(h.cdc, req.VoteExtension) + if err != nil { + log("failed to decode vote extension", "err", err) + +return abci.VerifyVoteExtensionResponse{ + Status: REJECT +} + +} + if err := ValidatePrices(h.state, req, prices); err != nil { + log("failed to validate vote extension", "prices", prices, "err", err) + +return abci.VerifyVoteExtensionResponse{ + Status: REJECT +} + +} + + // store updated vote extensions at the given height + // + // NOTE: Vote extensions can be overridden since we can timeout in a round. + SetPrices(h.state, req, req.VoteExtension) + +return abci.VerifyVoteExtensionResponse{ + Status: ACCEPT +} +} +``` + +#### Vote Extension Propagation & Verification + +As mentioned previously, vote extensions for height `H` are only made available +to the proposer at height `H+1` during `PrepareProposal`. However, in order to +make vote extensions useful, all validators should have access to the agreed upon +vote extensions at height `H` during `H+1`. + +Since CometBFT includes all the vote extension signatures in `RequestPrepareProposal`, +we propose that the proposing validator manually "inject" the vote extensions +along with their respective signatures via a special transaction, `VoteExtsTx`, +into the block proposal during `PrepareProposal`. The `VoteExtsTx` will be +populated with a single `ExtendedCommitInfo` object which is received directly +from `RequestPrepareProposal`. + +For convention, the `VoteExtsTx` transaction should be the first transaction in +the block proposal, although chains can implement their own preferences. For +safety purposes, we also propose that the proposer itself verify all the vote +extension signatures it receives in `RequestPrepareProposal`. + +A validator, upon a `RequestProcessProposal`, will receive the injected `VoteExtsTx` +which includes the vote extensions along with their signatures. If no such transaction +exists, the validator MUST REJECT the proposal. + +When a validator inspects a `VoteExtsTx`, it will evaluate each `SignedVoteExtension`. +For each signed vote extension, the validator will generate the signed bytes and +verify the signature. At least 2/3 valid signatures, based on voting power, must +be received in order for the block proposal to be valid, otherwise the validator +MUST REJECT the proposal. + +In order to have the ability to validate signatures, `BaseApp` must have access +to the `x/staking` module, since this module stores an index from consensus +address to public key. However, we will avoid a direct dependency on `x/staking` +and instead rely on an interface instead. In addition, the Cosmos SDK will expose +a default signature verification method which applications can use: + +```go expandable +type ValidatorStore interface { + GetPubKeyByConsAddr(context.Context, sdk.ConsAddress) (cmtprotocrypto.PublicKey, error) +} + +// ValidateVoteExtensions is a function that an application can execute in +// ProcessProposal to verify vote extension signatures. +func (app *BaseApp) + +ValidateVoteExtensions(ctx sdk.Context, currentHeight int64, extCommit abci.ExtendedCommitInfo) + +error { + votingPower := 0 + totalVotingPower := 0 + for _, vote := range extCommit.Votes { + totalVotingPower += vote.Validator.Power + if !vote.SignedLastBlock || len(vote.VoteExtension) == 0 { + continue +} + valConsAddr := sdk.ConsAddress(vote.Validator.Address) + +pubKeyProto, err := valStore.GetPubKeyByConsAddr(ctx, valConsAddr) + if err != nil { + return fmt.Errorf("failed to get public key for validator %s: %w", valConsAddr, err) +} + if len(vote.ExtensionSignature) == 0 { + return fmt.Errorf("received a non-empty vote extension with empty signature for validator %s", valConsAddr) +} + +cmtPubKey, err := cryptoenc.PubKeyFromProto(pubKeyProto) + if err != nil { + return fmt.Errorf("failed to convert validator %X public key: %w", valConsAddr, err) +} + cve := cmtproto.CanonicalVoteExtension{ + Extension: vote.VoteExtension, + Height: currentHeight - 1, // the vote extension was signed in the previous height + Round: int64(extCommit.Round), + ChainId: app.GetChainID(), +} + +extSignBytes, err := cosmosio.MarshalDelimited(&cve) + if err != nil { + return fmt.Errorf("failed to encode CanonicalVoteExtension: %w", err) +} + if !cmtPubKey.VerifySignature(extSignBytes, vote.ExtensionSignature) { + return errors.New("received vote with invalid signature") +} + +votingPower += vote.Validator.Power +} + if (votingPower / totalVotingPower) < threshold { + return errors.New("not enough voting power for the vote extensions") +} + +return nil +} +``` + +Once at least 2/3 signatures, by voting power, are received and verified, the +validator can use the vote extensions to derive additional data or come to some +decision based on the vote extensions. + +> NOTE: It is very important to state, that neither the vote propagation technique +> nor the vote extension verification mechanism described above is required for +> applications to implement. In other words, a proposer is not required to verify +> and propagate vote extensions along with their signatures nor are proposers +> required to verify those signatures. An application can implement it's own +> PKI mechanism and use that to sign and verify vote extensions. + +#### Vote Extension Persistence + +In certain contexts, it may be useful or necessary for applications to persist +data derived from vote extensions. In order to facilitate this use case, we propose +to allow app developers to define a pre-Blocker hook which will be called +at the very beginning of `FinalizeBlock`, i.e. before `BeginBlock` (see below). + +Note, we cannot allow applications to directly write to the application state +during `ProcessProposal` because during replay, CometBFT will NOT call `ProcessProposal`, +which would result in an incomplete state view. + +```go +func (a MyApp) + +PreBlocker(ctx sdk.Context, req *abci.FinalizeBlockRequest) + +error { + voteExts := GetVoteExtensions(ctx, req.Txs) + + // Process and perform some compute on vote extensions, storing any resulting + // state. + if err a.processVoteExtensions(ctx, voteExts); if err != nil { + return err +} +} +``` + +### `FinalizeBlock` + +The existing ABCI methods `BeginBlock`, `DeliverTx`, and `EndBlock` have existed +since the dawn of ABCI-based applications. Thus, applications, tooling, and developers +have grown used to these methods and their use-cases. Specifically, `BeginBlock` +and `EndBlock` have grown to be pretty integral and powerful within ABCI-based +applications. E.g. an application might want to run distribution and inflation +related operations prior to executing transactions and then have staking related +changes to happen after executing all transactions. + +We propose to keep `BeginBlock` and `EndBlock` within the SDK's core module +interfaces only so application developers can continue to build against existing +execution flows. However, we will remove `BeginBlock`, `DeliverTx` and `EndBlock` +from the SDK's `BaseApp` implementation and thus the ABCI surface area. + +What will then exist is a single `FinalizeBlock` execution flow. Specifically, in +`FinalizeBlock` we will execute the application's `BeginBlock`, followed by +execution of all the transactions, finally followed by execution of the application's +`EndBlock`. + +Note, we will still keep the existing transaction execution mechanics within +`BaseApp`, but all notions of `DeliverTx` will be removed, i.e. `deliverState` +will be replace with `finalizeState`, which will be committed on `Commit`. + +However, there are current parameters and fields that exist in the existing +`BeginBlock` and `EndBlock` ABCI types, such as votes that are used in distribution +and byzantine validators used in evidence handling. These parameters exist in the +`FinalizeBlock` request type, and will need to be passed to the application's +implementations of `BeginBlock` and `EndBlock`. + +This means the Cosmos SDK's core module interfaces will need to be updated to +reflect these parameters. The easiest and most straightforward way to achieve +this is to just pass `RequestFinalizeBlock` to `BeginBlock` and `EndBlock`. +Alternatively, we can create dedicated proxy types in the SDK that reflect these +legacy ABCI types, e.g. `LegacyBeginBlockRequest` and `LegacyEndBlockRequest`. Or, +we can come up with new types and names altogether. + +```go expandable +func (app *BaseApp) + +FinalizeBlock(req abci.FinalizeBlockRequest) (*abci.FinalizeBlockResponse, error) { + ctx := ... + if app.preBlocker != nil { + ctx := app.finalizeBlockState.ctx + rsp, err := app.preBlocker(ctx, req) + if err != nil { + return nil, err +} + if rsp.ConsensusParamsChanged { + app.finalizeBlockState.ctx = ctx.WithConsensusParams(app.GetConsensusParams(ctx)) +} + +} + +beginBlockResp, err := app.beginBlock(req) + +appendBlockEventAttr(beginBlockResp.Events, "begin_block") + txExecResults := make([]abci.ExecTxResult, 0, len(req.Txs)) + for _, tx := range req.Txs { + result := app.runTx(runTxModeFinalize, tx) + +txExecResults = append(txExecResults, result) +} + +endBlockResp, err := app.endBlock(app.finalizeBlockState.ctx) + +appendBlockEventAttr(beginBlockResp.Events, "end_block") + +return abci.FinalizeBlockResponse{ + TxResults: txExecResults, + Events: joinEvents(beginBlockResp.Events, endBlockResp.Events), + ValidatorUpdates: endBlockResp.ValidatorUpdates, + ConsensusParamUpdates: endBlockResp.ConsensusParamUpdates, + AppHash: nil, +} +} +``` + +#### Events + +Many tools, indexers and ecosystem libraries rely on the existence `BeginBlock` +and `EndBlock` events. Since CometBFT now only exposes `FinalizeBlockEvents`, we +find that it will still be useful for these clients and tools to still query for +and rely on existing events, especially since applications will still define +`BeginBlock` and `EndBlock` implementations. + +In order to facilitate existing event functionality, we propose that all `BeginBlock` +and `EndBlock` events have a dedicated `EventAttribute` with `key=block` and +`value=begin_block|end_block`. The `EventAttribute` will be appended to each event +in both `BeginBlock` and `EndBlock` events. + +### Upgrading + +CometBFT defines a consensus parameter, [`VoteExtensionsEnableHeight`](https://github.com/cometbft/cometbft/blob/v0.38.0-alpha.1/spec/abci/abci%2B%2B_app_requirements.md#abciparamsvoteextensionsenableheight), +which specifies the height at which vote extensions are enabled and **required**. +If the value is set to zero, which is the default, then vote extensions are +disabled and an application is not required to implement and use vote extensions. + +However, if the value `H` is positive, at all heights greater than the configured +height `H` vote extensions must be present (even if empty). When the configured +height `H` is reached, `PrepareProposal` will not include vote extensions yet, +but `ExtendVote` and `VerifyVoteExtension` will be called. Then, when reaching +height `H+1`, `PrepareProposal` will include the vote extensions from height `H`. + +It is very important to note, for all heights after H: + +* Vote extensions CANNOT be disabled +* They are mandatory, i.e. all pre-commit messages sent MUST have an extension + attached (even if empty) + +When an application updates to the Cosmos SDK version with CometBFT v0.38 support, +in the upgrade handler it must ensure to set the consensus parameter +`VoteExtensionsEnableHeight` to the correct value. E.g. if an application is set +to perform an upgrade at height `H`, then the value of `VoteExtensionsEnableHeight` +should be set to any value `>=H+1`. This means that at the upgrade height, `H`, +vote extensions will not be enabled yet, but at height `H+1` they will be enabled. + +## Consequences + +### Backwards Compatibility + +ABCI 2.0 is naturally not backwards compatible with prior versions of the Cosmos SDK +and CometBFT. For example, an application that requests `RequestFinalizeBlock` +to the same application that does not speak ABCI 2.0 will naturally fail. + +In addition, `BeginBlock`, `DeliverTx` and `EndBlock` will be removed from the +application ABCI interfaces and along with the inputs and outputs being modified +in the module interfaces. + +### Positive + +* `BeginBlock` and `EndBlock` semantics remain, so burden on application developers + should be limited. +* Less communication overhead as multiple ABCI requests are condensed into a single + request. +* Sets the groundwork for optimistic execution. +* Vote extensions allow for an entirely new set of application primitives to be + developed, such as in-process price oracles and encrypted mempools. + +### Negative + +* Some existing Cosmos SDK core APIs may need to be modified and thus broken. +* Signature verification in `ProcessProposal` of 100+ vote extension signatures + will add significant performance overhead to `ProcessProposal`. Granted, the + signature verification process can happen concurrently using an error group + with `GOMAXPROCS` goroutines. + +### Neutral + +* Having to manually "inject" vote extensions into the block proposal during + `PrepareProposal` is an awkward approach and takes up block space unnecessarily. +* The requirement of `ResetProcessProposalState` can create a footgun for + application developers if they're not careful, but this is necessary in order + for applications to be able to commit state from vote extension computation. + +## Further Discussions + +Future discussions include design and implementation of ABCI 3.0, which is a +continuation of ABCI++ and the general discussion of optimistic execution. + +## References + +* [ADR 060: ABCI 1.0 (Phase I)](/docs/sdk/vnext/build/architecture/adr-060-abci-1.0) diff --git a/docs/sdk/next/build/architecture/adr-065-store-v2.mdx b/docs/sdk/next/build/architecture/adr-065-store-v2.mdx new file mode 100644 index 00000000..9ddc3818 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-065-store-v2.mdx @@ -0,0 +1,292 @@ +--- +title: 'ADR-065: Store V2' +description: 'Feb 14, 2023: Initial Draft (@alexanderbez)' +--- +## Changelog + +* Feb 14, 2023: Initial Draft (@alexanderbez) + +## Status + +DRAFT + +## Abstract + +The storage and state primitives that Cosmos SDK based applications have used have +by and large not changed since the launch of the inaugural Cosmos Hub. The demands +and needs of Cosmos SDK based applications, from both developer and client UX +perspectives, have evolved and outgrown the ecosystem since these primitives +were first introduced. + +Over time as these applications have gained significant adoption, many critical +shortcomings and flaws have been exposed in the state and storage primitives of +the Cosmos SDK. + +In order to keep up with the evolving demands and needs of both clients and developers, +a major overhaul to these primitives is necessary. + +## Context + +The Cosmos SDK provides application developers with various storage primitives +for dealing with application state. Specifically, each module contains its own +merkle commitment data structure -- an IAVL tree. In this data structure, a module +can store and retrieve key-value pairs along with Merkle commitments, i.e. proofs, +to those key-value pairs indicating that they do or do not exist in the global +application state. This data structure is the base layer `KVStore`. + +In addition, the SDK provides abstractions on top of this Merkle data structure. +Namely, a root multi-store (RMS) is a collection of each module's `KVStore`. +Through the RMS, the application can serve queries and provide proofs to clients +in addition to providing a module access to its own unique `KVStore` through the use +of `StoreKey`, which is an OCAP primitive. + +There are further layers of abstraction that sit between the RMS and the underlying +IAVL `KVStore`. A `GasKVStore` is responsible for tracking gas IO consumption for +state machine reads and writes. A `CacheKVStore` is responsible for providing a +way to cache reads and buffer writes to make state transitions atomic, e.g. +transaction execution or governance proposal execution. + +There are a few critical drawbacks to these layers of abstraction and the overall +design of storage in the Cosmos SDK: + +* Since each module has its own IAVL `KVStore`, commitments are not [atomic](https://github.com/cosmos/cosmos-sdk/issues/14625) + * Note, we can still allow modules to have their own IAVL `KVStore`, but the + IAVL library will need to support the ability to pass a DB instance as an + argument to various IAVL APIs. +* Since IAVL is responsible for both state storage and commitment, running an + archive node becomes increasingly expensive as disk space grows exponentially. +* As the size of a network increases, various performance bottlenecks start to + emerge in many areas such as query performance, network upgrades, state + migrations, and general application performance. +* Developer UX is poor as it does not allow application developers to experiment + with different types of approaches to storage and commitments, along with the + complications of many layers of abstractions referenced above. + +See the [Storage Discussion](https://github.com/cosmos/cosmos-sdk/discussions/13545) for more information. + +## Alternatives + +There was a previous attempt to refactor the storage layer described in [ADR-040](/docs/sdk/vnext/build/architecture/adr-040-storage-and-smt-state-commitments). +However, this approach mainly stems from the shortcomings of IAVL and various performance +issues around it. While there was a (partial) implementation of [ADR-040](/docs/sdk/vnext/build/architecture/adr-040-storage-and-smt-state-commitments), +it was never adopted for a variety of reasons, such as the reliance on using an +SMT, which was more in a research phase, and some design choices that couldn't +be fully agreed upon, such as the snapshotting mechanism that would result in +massive state bloat. + +## Decision + +We propose to build upon some of the great ideas introduced in [ADR-040](/docs/sdk/vnext/build/architecture/adr-040-storage-and-smt-state-commitments), +while being a bit more flexible with the underlying implementations and overall +less intrusive. Specifically, we propose to: + +* Separate the concerns of state commitment (**SC**), needed for consensus, and + state storage (**SS**), needed for state machine and clients. +* Reduce layers of abstractions necessary between the RMS and underlying stores. +* Provide atomic module store commitments by providing a batch database object + to core IAVL APIs. +* Reduce complexities in the `CacheKVStore` implementation while also improving + performance\[3]. + +Furthermore, we will keep the IAVL is the backing [commitment](https://cryptography.fandom.com/wiki/Commitment_scheme) +store for the time being. While we might not fully settle on the use of IAVL in +the long term, we do not have strong empirical evidence to suggest a better +alternative. Given that the SDK provides interfaces for stores, it should be sufficient +to change the backing commitment store in the future should evidence arise to +warrant a better alternative. However there is promising work being done to IAVL +that should result in significant performance improvement \[1,2]. + +### Separating SS and SC + +By separating SS and SC, it will allow for us to optimize against primary use cases +and access patterns to state. Specifically, The SS layer will be responsible for +direct access to data in the form of (key, value) pairs, whereas the SC layer (IAVL) +will be responsible for committing to data and providing Merkle proofs. + +Note, the underlying physical storage database will be the same between both the +SS and SC layers. So to avoid collisions between (key, value) pairs, both layers +will be namespaced. + +#### State Commitment (SC) + +Given that the existing solution today acts as both SS and SC, we can simply +repurpose it to act solely as the SC layer without any significant changes to +access patterns or behavior. In other words, the entire collection of existing +IAVL-backed module `KVStore`s will act as the SC layer. + +However, in order for the SC layer to remain lightweight and not duplicate a +majority of the data held in the SS layer, we encourage node operators to keep +tight pruning strategies. + +#### State Storage (SS) + +In the RMS, we will expose a *single* `KVStore` backed by the same physical +database that backs the SC layer. This `KVStore` will be explicitly namespaced +to avoid collisions and will act as the primary storage for (key, value) pairs. + +While we most likely will continue the use of `cosmos-db`, or some local interface, +to allow for flexibility and iteration over preferred physical storage backends +as research and benchmarking continues. However, we propose to hardcode the use +of RocksDB as the primary physical storage backend. + +Since the SS layer will be implemented as a `KVStore`, it will support the +following functionality: + +* Range queries +* CRUD operations +* Historical queries and versioning +* Pruning + +The RMS will keep track of all buffered writes using a dedicated and internal +`MemoryListener` for each `StoreKey`. For each block height, upon `Commit`, the +SS layer will write all buffered (key, value) pairs under a [RocksDB user-defined timestamp](https://github.com/facebook/rocksdb/wiki/User-defined-Timestamp-%28Experimental%29) column +family using the block height as the timestamp, which is an unsigned integer. +This will allow a client to fetch (key, value) pairs at historical and current +heights along with making iteration and range queries relatively performant as +the timestamp is the key suffix. + +Note, we choose not to use a more general approach of allowing any embedded key/value +database, such as LevelDB or PebbleDB, using height key-prefixed keys to +effectively version state because most of these databases use variable length +keys which would effectively make actions likes iteration and range queries less +performant. + +Since operators might want pruning strategies to differ in SS compared to SC, +e.g. having a very tight pruning strategy in SC while having a looser pruning +strategy for SS, we propose to introduce an additional pruning configuration, +with parameters that are identical to what exists in the SDK today, and allow +operators to control the pruning strategy of the SS layer independently of the +SC layer. + +Note, the SC pruning strategy must be congruent with the operator's state sync +configuration. This is so as to allow state sync snapshots to execute successfully, +otherwise, a snapshot could be triggered on a height that is not available in SC. + +#### State Sync + +The state sync process should be largely unaffected by the separation of the SC +and SS layers. However, if a node syncs via state sync, the SS layer of the node +will not have the state synced height available, since the IAVL import process is +not setup in way to easily allow direct key/value insertion. A modification of +the IAVL import process would be necessary to facilitate having the state sync +height available. + +Note, this is not problematic for the state machine itself because when a query +is made, the RMS will automatically direct the query correctly (see [Queries](#queries)). + +#### Queries + +To consolidate the query routing between both the SC and SS layers, we propose to +have a notion of a "query router" that is constructed in the RMS. This query router +will be supplied to each `KVStore` implementation. The query router will route +queries to either the SC layer or the SS layer based on a few parameters. If +`prove: true`, then the query must be routed to the SC layer. Otherwise, if the +query height is available in the SS layer, the query will be served from the SS +layer. Otherwise, we fall back on the SC layer. + +If no height is provided, the SS layer will assume the latest height. The SS +layer will store a reverse index to lookup `LatestVersion -> timestamp(version)` +which is set on `Commit`. + +#### Proofs + +Since the SS layer is naturally a storage layer only, without any commitments +to (key, value) pairs, it cannot provide Merkle proofs to clients during queries. + +Since the pruning strategy against the SC layer is configured by the operator, +we can therefore have the RMS route the query to the SC layer if the version exists and +`prove: true`. Otherwise, the query will fall back to the SS layer without a proof. + +We could explore the idea of using state snapshots to rebuild an in-memory IAVL +tree in real time against a version closest to the one provided in the query. +However, it is not clear what the performance implications will be of this approach. + +### Atomic Commitment + +We propose to modify the existing IAVL APIs to accept a batch DB object instead +of relying on an internal batch object in `nodeDB`. Since each underlying IAVL +`KVStore` shares the same DB in the SC layer, this will allow commits to be +atomic. + +Specifically, we propose to: + +* Remove the `dbm.Batch` field from `nodeDB` +* Update the `SaveVersion` method of the `MutableTree` IAVL type to accept a batch object +* Update the `Commit` method of the `CommitKVStore` interface to accept a batch object +* Create a batch object in the RMS during `Commit` and pass this object to each + `KVStore` +* Write the database batch after all stores have committed successfully + +Note, this will require IAVL to be updated to not rely or assume on any batch +being present during `SaveVersion`. + +## Consequences + +As a result of a new store V2 package, we should expect to see improved performance +for queries and transactions due to the separation of concerns. We should also +expect to see improved developer UX around experimentation of commitment schemes +and storage backends for further performance, in addition to a reduced amount of +abstraction around KVStores making operations such as caching and state branching +more intuitive. + +However, due to the proposed design, there are drawbacks around providing state +proofs for historical queries. + +### Backwards Compatibility + +This ADR proposes changes to the storage implementation in the Cosmos SDK through +an entirely new package. Interfaces may be borrowed and extended from existing +types that exist in `store`, but no existing implementations or interfaces will +be broken or modified. + +### Positive + +* Improved performance of independent SS and SC layers +* Reduced layers of abstraction making storage primitives easier to understand +* Atomic commitments for SC +* Redesign of storage types and interfaces will allow for greater experimentation + such as different physical storage backends and different commitment schemes + for different application modules + +### Negative + +* Providing proofs for historical state is challenging + +### Neutral + +* Keeping IAVL as the primary commitment data structure, although drastic + performance improvements are being made + +## Further Discussions + +### Module Storage Control + +Many modules store secondary indexes that are typically solely used to support +client queries, but are actually not needed for the state machine's state +transitions. What this means is that these indexes technically have no reason to +exist in the SC layer at all, as they take up unnecessary space. It is worth +exploring what an API would look like to allow modules to indicate what (key, value) +pairs they want to be persisted in the SC layer, implicitly indicating the SS +layer as well, as opposed to just persisting the (key, value) pair only in the +SS layer. + +### Historical State Proofs + +It is not clear what the importance or demand is within the community of providing +commitment proofs for historical state. While solutions can be devised such as +rebuilding trees on the fly based on state snapshots, it is not clear what the +performance implications are for such solutions. + +### Physical DB Backends + +This ADR proposes usage of RocksDB to utilize user-defined timestamps as a +versioning mechanism. However, other physical DB backends are available that may +offer alternative ways to implement versioning while also providing performance +improvements over RocksDB. E.g. PebbleDB supports MVCC timestamps as well, but +we'll need to explore how PebbleDB handles compaction and state growth over time. + +## References + +* \[1] [Link](https://github.com/cosmos/iavl/pull/676) +* \[2] [Link](https://github.com/cosmos/iavl/pull/664) +* \[3] [Link](https://github.com/cosmos/cosmos-sdk/issues/14990) diff --git a/docs/sdk/next/build/architecture/adr-068-preblock.mdx b/docs/sdk/next/build/architecture/adr-068-preblock.mdx new file mode 100644 index 00000000..a0d97cc2 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-068-preblock.mdx @@ -0,0 +1,64 @@ +--- +title: 'ADR 068: Preblock' +description: 'Sept 13, 2023: Initial Draft' +--- +## Changelog + +* Sept 13, 2023: Initial Draft + +## Status + +DRAFT + +## Abstract + +Introduce `PreBlock`, which runs before the begin blocker of other modules, and allows modifying consensus parameters, and the changes are visible to the following state machine logics. + +## Context + +When upgrading to sdk 0.47, the storage format for consensus parameters changed, but in the migration block, `ctx.ConsensusParams()` is always `nil`, because it fails to load the old format using new code, it's supposed to be migrated by the `x/upgrade` module first, but unfortunately, the migration happens in `BeginBlocker` handler, which runs after the `ctx` is initialized. +When we try to solve this, we find the `x/upgrade` module can't modify the context to make the consensus parameters visible for the other modules, the context is passed by value, and sdk team want to keep it that way, that's good for isolation between modules. + +## Alternatives + +The first alternative solution introduced a `MigrateModuleManager`, which only includes the `x/upgrade` module right now, and baseapp will run their `BeginBlocker`s before the other modules, and reload context's consensus parameters in between. + +## Decision + +Suggested this new lifecycle method. + +### `PreBlocker` + +There are two semantics around the new lifecycle method: + +* It runs before the `BeginBlocker` of all modules +* It can modify consensus parameters in storage, and signal the caller through the return value. + +When it returns `ConsensusParamsChanged=true`, the caller must refresh the consensus parameters in the finalize context: + +``` +app.finalizeBlockState.ctx = app.finalizeBlockState.ctx.WithConsensusParams(app.GetConsensusParams()) +``` + +The new ctx must be passed to all the other lifecycle methods. + +## Consequences + +### Backwards Compatibility + +### Positive + +### Negative + +### Neutral + +## Further Discussions + +## Test Cases + +## References + +* \[1] [Link](https://github.com/cosmos/cosmos-sdk/issues/16494) +* \[2] [Link](https://github.com/cosmos/cosmos-sdk/pull/16583) +* \[3] [Link](https://github.com/cosmos/cosmos-sdk/pull/17421) +* \[4] [Link](https://github.com/cosmos/cosmos-sdk/pull/17713) diff --git a/docs/sdk/next/build/architecture/adr-070-unordered-account.mdx b/docs/sdk/next/build/architecture/adr-070-unordered-account.mdx new file mode 100644 index 00000000..5f66e3a3 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-070-unordered-account.mdx @@ -0,0 +1,350 @@ +--- +title: 'ADR 070: Unordered Transactions' +--- +## Changelog + +* Dec 4, 2023: Initial Draft (@yihuang, @tac0turtle, @alexanderbez) +* Jan 30, 2024: Include section on deterministic transaction encoding +* Mar 18, 2025: Revise implementation to use Cosmos SDK KV Store and require unique timeouts per-address (@technicallyty) +* Apr 25, 2025: Add note about rejecting unordered txs with sequence values. + +## Status + +ACCEPTED Not Implemented + +## Abstract + +We propose a way to do replay-attack protection without enforcing the order of +transactions and without requiring the use of monotonically increasing sequences. Instead, we propose +the use of a time-based, ephemeral sequence. + +## Context + +Account sequence values serve to prevent replay attacks and ensure transactions from the same sender are included in blocks and executed +in sequential order. Unfortunately, this makes it difficult to reliably send many concurrent transactions from the +same sender. Victims of such limitations include IBC relayers and crypto exchanges. + +## Decision + +We propose adding a boolean field `unordered` and a google.protobuf.Timestamp field `timeout_timestamp` to the transaction body. + +Unordered transactions will bypass the traditional account sequence rules and follow the rules described +below, without impacting traditional ordered transactions which will follow the same sequence rules as before. + +We will introduce new storage of time-based, ephemeral unordered sequences using the SDK's existing KV Store library. +Specifically, we will leverage the existing x/auth KV store to store the unordered sequences. + +When an unordered transaction is included in a block, a concatenation of the `timeout_timestamp` and sender’s address bytes +will be recorded to state (i.e. `542939323/`). In cases of multi-party signing, one entry per signer +will be recorded to state. + +New transactions will be checked against the state to prevent duplicate submissions. To prevent the state from growing indefinitely, we propose the following: + +* Define an upper bound for the value of `timeout_timestamp` (i.e. 10 minutes). +* Add PreBlocker method to x/auth that removes state entries with a `timeout_timestamp` earlier than the current block time. + +### Transaction Format + +```protobuf +message TxBody { + ... + + bool unordered = 4; + google.protobuf.Timestamp timeout_timestamp = 5; +} +``` + +### Replay Protection + +We facilitate replay protection by storing the unordered sequence in the Cosmos SDK KV store. Upon transaction ingress, we check if the transaction's unordered +sequence exists in state, or if the TTL value is stale, i.e. before the current block time. If so, we reject it. Otherwise, +we add the unordered sequence to the state. This section of the state will belong to the `x/auth` module. + +The state is evaluated during x/auth's `PreBlocker`. All transactions with an unordered sequence earlier than the current block time +will be deleted. + +```go +func (am AppModule) + +PreBlock(ctx context.Context) (appmodule.ResponsePreBlock, error) { + err := am.accountKeeper.RemoveExpired(sdk.UnwrapSDKContext(ctx)) + if err != nil { + return nil, err +} + +return &sdk.ResponsePreBlock{ + ConsensusParamsChanged: false +}, nil +} +``` + +```golang expandable +package keeper + +import ( + + sdk "github.com/cosmos/cosmos-sdk/types" + "cosmossdk.io/collections" + "cosmossdk.io/core/store" +) + +var ( + // just arbitrarily picking some upper bound number. + unorderedSequencePrefix = collections.NewPrefix(90) +) + +type AccountKeeper struct { + // ... + unorderedSequences collections.KeySet[collections.Pair[uint64, []byte]] +} + +func (m *AccountKeeper) + +Contains(ctx sdk.Context, sender []byte, timestamp uint64) (bool, error) { + return m.unorderedSequences.Has(ctx, collections.Join(timestamp, sender)) +} + +func (m *AccountKeeper) + +Add(ctx sdk.Context, sender []byte, timestamp uint64) + +error { + return m.unorderedSequences.Set(ctx, collections.Join(timestamp, sender)) +} + +func (m *AccountKeeper) + +RemoveExpired(ctx sdk.Context) + +error { + blkTime := ctx.BlockTime().UnixNano() + +it, err := m.unorderedSequences.Iterate(ctx, collections.NewPrefixUntilPairRange[uint64, []byte](uint64(blkTime))) + if err != nil { + return err +} + +defer it.Close() + +keys, err := it.Keys() + if err != nil { + return err +} + for _, key := range keys { + if err := m.unorderedSequences.Remove(ctx, key); err != nil { + return err +} + +} + +return nil +} +``` + +### AnteHandler Decorator + +To facilitate bypassing nonce verification, we must modify the existing +`IncrementSequenceDecorator` AnteHandler decorator to skip the nonce verification +when the transaction is marked as unordered. + +```golang +func (isd IncrementSequenceDecorator) + +AnteHandle(ctx sdk.Context, tx sdk.Tx, simulate bool, next sdk.AnteHandler) (sdk.Context, error) { + if tx.UnOrdered() { + return next(ctx, tx, simulate) +} + + // ... +} +``` + +We also introduce a new decorator to perform the unordered transaction verification. + +```golang expandable +package ante + +import ( + + "slices" + "strings" + "time" + + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + authkeeper "github.com/cosmos/cosmos-sdk/x/auth/keeper" + authsigning "github.com/cosmos/cosmos-sdk/x/auth/signing" + + errorsmod "cosmossdk.io/errors" +) + +var _ sdk.AnteDecorator = (*UnorderedTxDecorator)(nil) + +// UnorderedTxDecorator defines an AnteHandler decorator that is responsible for +// checking if a transaction is intended to be unordered and, if so, evaluates +// the transaction accordingly. An unordered transaction will bypass having its +// nonce incremented, which allows fire-and-forget transaction broadcasting, +// removing the necessity of ordering on the sender-side. +// +// The transaction sender must ensure that unordered=true and a timeout_height +// is appropriately set. The AnteHandler will check that the transaction is not +// a duplicate and will evict it from state when the timeout is reached. +// +// The UnorderedTxDecorator should be placed as early as possible in the AnteHandler +// chain to ensure that during DeliverTx, the transaction is added to the unordered sequence state. +type UnorderedTxDecorator struct { + // maxUnOrderedTTL defines the maximum TTL a transaction can define. + maxTimeoutDuration time.Duration + txManager authkeeper.UnorderedTxManager +} + +func NewUnorderedTxDecorator( + utxm authkeeper.UnorderedTxManager, +) *UnorderedTxDecorator { + return &UnorderedTxDecorator{ + maxTimeoutDuration: 10 * time.Minute, + txManager: utxm, +} +} + +func (d *UnorderedTxDecorator) + +AnteHandle( + ctx sdk.Context, + tx sdk.Tx, + _ bool, + next sdk.AnteHandler, +) (sdk.Context, error) { + if err := d.ValidateTx(ctx, tx); err != nil { + return ctx, err +} + +return next(ctx, tx, false) +} + +func (d *UnorderedTxDecorator) + +ValidateTx(ctx sdk.Context, tx sdk.Tx) + +error { + unorderedTx, ok := tx.(sdk.TxWithUnordered) + if !ok || !unorderedTx.GetUnordered() { + // If the transaction does not implement unordered capabilities or has the + // unordered value as false, we bypass. + return nil +} + blockTime := ctx.BlockTime() + timeoutTimestamp := unorderedTx.GetTimeoutTimeStamp() + if timeoutTimestamp.IsZero() || timeoutTimestamp.Unix() == 0 { + return errorsmod.Wrap( + sdkerrors.ErrInvalidRequest, + "unordered transaction must have timeout_timestamp set", + ) +} + if timeoutTimestamp.Before(blockTime) { + return errorsmod.Wrap( + sdkerrors.ErrInvalidRequest, + "unordered transaction has a timeout_timestamp that has already passed", + ) +} + if timeoutTimestamp.After(blockTime.Add(d.maxTimeoutDuration)) { + return errorsmod.Wrapf( + sdkerrors.ErrInvalidRequest, + "unordered tx ttl exceeds %s", + d.maxTimeoutDuration.String(), + ) +} + execMode := ctx.ExecMode() + if execMode == sdk.ExecModeSimulate { + return nil +} + +signerAddrs, err := getSigners(tx) + if err != nil { + return err +} + for _, signer := range signerAddrs { + contains, err := d.txManager.Contains(ctx, signer, uint64(unorderedTx.GetTimeoutTimeStamp().Unix())) + if err != nil { + return errorsmod.Wrap( + sdkerrors.ErrIO, + "failed to check contains", + ) +} + if contains { + return errorsmod.Wrapf( + sdkerrors.ErrInvalidRequest, + "tx is duplicated for signer %x", signer, + ) +} + if err := d.txManager.Add(ctx, signer, uint64(unorderedTx.GetTimeoutTimeStamp().Unix())); err != nil { + return errorsmod.Wrap( + sdkerrors.ErrIO, + "failed to add unordered sequence to state", + ) +} + +} + +return nil +} + +func getSigners(tx sdk.Tx) ([][]byte, error) { + sigTx, ok := tx.(authsigning.SigVerifiableTx) + if !ok { + return nil, errorsmod.Wrap(sdkerrors.ErrTxDecode, "invalid tx type") +} + +return sigTx.GetSigners() +} +``` + +### Unordered Sequences + +Unordered sequences provide a simple, straightforward mechanism to protect against both transaction malleability and +transaction duplication. It is important to note that the unordered sequence must still be unique. However, +the value is not required to be strictly increasing as with regular sequences, and the order in which the node receives +the transactions no longer matters. Clients can handle building unordered transactions similarly to the code below: + +```go +for _, tx := range txs { + tx.SetUnordered(true) + +tx.SetTimeoutTimestamp(time.Now() + 1 * time.Nanosecond) +} +``` + +We will reject transactions that have both sequence and unordered timeouts set. We do this to avoid assuming the intent of the user. + +### State Management + +The storage of unordered sequences will be facilitated using the Cosmos SDK's KV Store service. + +## Note On Previous Design Iteration + +The previous iteration of unordered transactions worked by using an ad-hoc state-management system that posed severe +risks and a vector for duplicated tx processing. It relied on graceful app closure which would flush the current state +of the unordered sequence mapping. If 2/3 of the network crashed, and the graceful closure did not trigger, +the system would lose track of all sequences in the mapping, allowing those transactions to be replayed. The +implementation proposed in the updated version of this ADR solves this by writing directly to the Cosmos KV Store. +While this is less performant, for the initial implementation, we opted to choose a safer path and postpone performance optimizations until we have more data on real-world impacts and a more battle-tested approach to optimization. + +Additionally, the previous iteration relied on using hashes to create what we call an "unordered sequence." There are known +issues with transaction malleability in Cosmos SDK signing modes. This ADR gets away from this problem by enforcing +single-use unordered nonces, instead of deriving nonces from bytes in the transaction. + +## Consequences + +### Positive + +* Support unordered transaction inclusion, enabling the ability to "fire and forget" many transactions at once. + +### Negative + +* Requires additional storage overhead. +* Requirement of unique timestamps per transaction causes a small amount of additional overhead for clients. Clients must ensure each transaction's timeout timestamp is different. However, nanosecond differentials suffice. +* Usage of Cosmos SDK KV store is slower in comparison to using a non-merkleized store or ad-hoc methods, and block times may slow down as a result. + +## References + +* [Link](https://github.com/cosmos/cosmos-sdk/issues/13009) diff --git a/docs/sdk/next/build/architecture/adr-076-tx-malleability.mdx b/docs/sdk/next/build/architecture/adr-076-tx-malleability.mdx new file mode 100644 index 00000000..e00ae4d2 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-076-tx-malleability.mdx @@ -0,0 +1,172 @@ +--- +title: Cosmos SDK Transaction Malleability Risk Review and Recommendations +description: '2025-03-10: Initial draft (@aaronc)' +--- +## Changelog + +* 2025-03-10: Initial draft (@aaronc) + +## Status + +PROPOSED: Not Implemented + +## Abstract + +Several encoding and sign mode related issues have historically resulted in the possibility +that Cosmos SDK transactions may be re-encoded in such a way as to change their hash +(and in rare cases, their meaning) without invalidating the signature. +This document details these cases, their potential risks, the extent to which they have been +addressed, and provides recommendations for future improvements. + +## Review + +One naive assumption about Cosmos SDK transactions is that hashing the raw bytes of a submitted transaction creates a safe unique identifier for the transaction. In reality, there are multiple ways in which transactions could be manipulated to create different transaction bytes (and as a result different hashes) that still pass signature verification. + +This document attempts to enumerate the various potential transaction "malleability" risks that we have identified and the extent to which they have or have not been addressed in various sign modes. We also identify vulnerabilities that could be introduced if developers make changes in the future without careful consideration of the complexities involved with transaction encoding, sign modes and signatures. + +### Risks Associated with Malleability + +The malleability of transactions poses the following potential risks to end users: + +* unsigned data could get added to transactions and be processed by state machines +* clients often rely on transaction hashes for checking transaction status, but whether or not submitted transaction hashes match processed transaction hashes depends primarily on good network actors rather than fundamental protocol guarantees +* transactions could potentially get executed more than once (faulty replay protection) + +If a client generates a transaction, keeps a record of its hash and then attempts to query nodes to check the transaction's status, this process may falsely conclude that the transaction had not been processed if an intermediary +processor decoded and re-encoded the transaction with different encoding rules (either maliciously or unintentionally). +As long as no malleability is present in the signature bytes themselves, clients *should* query transactions by signature instead of hash. + +Not being cognizant of this risk may lead clients to submit the same transaction multiple times if they believe that +earlier transactions had failed or gotten lost in processing. +This could be an attack vector against users if wallets primarily query transactions by hash. + +If the state machine were to rely on transaction hashes as a replay mechanism itself, this would be faulty and not +provide the intended replay protection. Instead, the state machine should rely on deterministic representations of +transactions rather than the raw encoding, or other nonces, +if they want to provide some replay protection that doesn't rely on a monotonically +increasing account sequence number. + +### Sources of Malleability + +#### Non-deterministic Protobuf Encoding + +Cosmos SDK transactions are encoded using protobuf binary encoding when they are submitted to the network. Protobuf binary is not inherently a deterministic encoding meaning that the same logical payload could have several valid bytes representations. In a basic sense, this means that protobuf in general can be decoded and re-encoded to produce a different byte stream (and thus different hash) without changing the logical meaning of the bytes. [ADR 027: Deterministic Protobuf Serialization](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-027-deterministic-protobuf-serialization.md) describes in detail what needs to be done to produce what we consider to be a "canonical", deterministic protobuf serialization. Briefly, the following sources of malleability at the encoding level have been identified and are addressed by this specification: + +* fields can be emitted in any order +* default field values can be included or omitted, and this doesn't change meaning unless `optional` is used +* `repeated` fields of scalars may use packed or "regular" encoding +* `varint`s can include extra ignored bits +* extra fields may be added and are usually simply ignored by decoders. [ADR 020](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-020-protobuf-transaction-encoding.md#unknown-field-filtering) specifies that in general such extra fields should cause messages and transactions to be rejected + +When using `SIGN_MODE_DIRECT` none of the above malleabilities will be tolerated because: + +* signatures of messages and extensions must be done over the raw encoded bytes of those fields +* the outer tx envelope (`TxRaw`) must follow ADR 027 rules or be rejected + +Transactions signed with `SIGN_MODE_LEGACY_AMINO_JSON`, however, have no way of protecting against the above malleabilities because what is signed is a JSON representation of the logical contents of the transaction. These logical contents could have any number of valid protobuf binary encodings, so in general there are no guarantees regarding transaction hash with Amino JSON signing. + +In addition to being aware of the general non-determinism of protobuf binary, developers need to pay special attention to make sure that unknown protobuf fields get rejected when developing new capabilities related to protobuf transactions. The protobuf serialization format was designed with the assumption that unknown data known to encoders could safely be ignored by decoders. This assumption may have been fairly safe within the walled garden of Google's centralized infrastructure. However, in distributed blockchain systems, this assumption is generally unsafe. If a newer client encodes a protobuf message with data intended for a newer server, it is not safe for an older server to simply ignore and discard instructions that it does not understand. These instructions could include critical information that the transaction signer is relying upon and just assuming that it is unimportant is not safe. + +[ADR 020](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-020-protobuf-transaction-encoding.md#unknown-field-filtering) specifies some provisions for "non-critical" fields which can safely be ignored by older servers. In practice, I have not seen any valid usages of this. It is something in the design that maintainers should be aware of, but it may not be necessary or even 100% safe. + +#### Non-deterministic Value Encoding + +In addition to the non-determinism present in protobuf binary itself, some protobuf field data is encoded using a micro-format which itself may not be deterministic. Consider for instance integer or decimal encoding. Some decoders may allow for the presence of leading or trailing zeros without changing the logical meaning, ex. `00100` vs `100` or `100.00` vs `100`. So if a sign mode encodes numbers deterministically, but decoders accept multiple representations, +a user may sign over the value `100` while `0100` gets encoded. This would be possible with Amino JSON to the extent that the integer decoder accepts leading zeros. I believe the current `Int` implementation will reject this, however, it is +probably possible to encode an octal or hexadecimal representation in the transaction whereas the user signs over a decimal integer. + +#### Signature Encoding + +Signatures themselves are encoded using a micro-format specific to the signature algorithm being used and sometimes these +micro-formats can allow for non-determinism (multiple valid bytes for the same signature). +Most of the signature algorithms supported by the SDK should reject non-canonical bytes in their current implementation. +However, the `Multisignature` protobuf type uses normal protobuf encoding and there is no check as to whether the +decoded bytes followed canonical ADR 027 rules or not. Therefore, multisig transactions can have malleability in +their signatures. +Any new or custom signature algorithms must make sure that they reject any non-canonical bytes, otherwise even +with `SIGN_MODE_DIRECT` there can be transaction hash malleability by re-encoding signatures with a non-canonical +representation. + +#### Fields not covered by Amino JSON + +Another area that needs to be addressed carefully is the discrepancy between `AminoSignDoc` (see [`aminojson.proto`](/docs/sdk/vnext/x/tx/signing/aminojson/internal/aminojsonpb/aminojson.proto)) used for `SIGN_MODE_LEGACY_AMINO_JSON` and the actual contents of `TxBody` and `AuthInfo` (see [`tx.proto`](/docs/sdk/vnext/proto/cosmos/tx/v1beta1/tx.proto)). +If fields get added to `TxBody` or `AuthInfo`, they must either have a corresponding representation in `AminoSignDoc` or Amino JSON signatures must be rejected when those new fields are set. Making sure that this is done is a +highly manual process, and developers could easily make the mistake of updating `TxBody` or `AuthInfo` +without paying any attention to the implementation of `GetSignBytes` for Amino JSON. This is a critical +vulnerability in which unsigned content can now get into the transaction and signature verification will +pass. + +## Sign Mode Summary and Recommendations + +The sign modes officially supported by the SDK are `SIGN_MODE_DIRECT`, `SIGN_MODE_TEXTUAL`, `SIGN_MODE_DIRECT_AUX`, +and `SIGN_MODE_LEGACY_AMINO_JSON`. +`SIGN_MODE_LEGACY_AMINO_JSON` is used commonly by wallets and is currently the only sign mode supported on Nano Ledger hardware devices +(although `SIGN_MODE_TEXTUAL` was designed to also support hardware devices). +`SIGN_MODE_DIRECT` is the simplest sign mode and its usage is also fairly common. +`SIGN_MODE_DIRECT_AUX` is a variant of `SIGN_MODE_DIRECT` that can be used by auxiliary signers in a multi-signer +transaction by those signers who are not paying gas. +`SIGN_MODE_TEXTUAL` was intended as a replacement for `SIGN_MODE_LEGACY_AMINO_JSON`, but as far as we know it +has not been adopted by any clients yet and thus is not in active use. + +All known malleability concerns have been addressed in the current implementation of `SIGN_MODE_DIRECT`. +The only known malleability that could occur with a transaction signed with `SIGN_MODE_DIRECT` would +need to be in the signature bytes themselves. +Since signatures are not signed over, it is impossible for any sign mode to address this directly +and instead signature algorithms need to take care to reject any non-canonically encoded signature bytes +to prevent malleability. +For the known malleability of the `Multisignature` type, we should make sure that any valid signatures +were encoded following canonical ADR 027 rules when doing signature verification. + +`SIGN_MODE_DIRECT_AUX` provides the same level of safety as `SIGN_MODE_DIRECT` because + +* the raw encoded `TxBody` bytes are signed over in `SignDocDirectAux`, and +* a transaction using `SIGN_MODE_DIRECT_AUX` still requires the primary signer to sign the transaction with `SIGN_MODE_DIRECT` + +`SIGN_MODE_TEXTUAL` also provides the same level of safety as `SIGN_MODE_DIRECT` because the hash of the raw encoded +`TxBody` and `AuthInfo` bytes are signed over. + +Unfortunately, the vast majority of unaddressed malleability risks affect `SIGN_MODE_LEGACY_AMINO_JSON` and this +sign mode is still commonly used. +It is recommended that the following improvements be made to Amino JSON signing: + +* hashes of `TxBody` and `AuthInfo` should be added to `AminoSignDoc` so that encoding-level malleability is addressed +* when constructing `AminoSignDoc`, [protoreflect](https://pkg.go.dev/google.golang.org/protobuf/reflect/protoreflect) API should be used to ensure that there are no fields in `TxBody` or `AuthInfo` which do not have a mapping in `AminoSignDoc` have been set +* fields present in `TxBody` or `AuthInfo` that are not present in `AminoSignDoc` (such as extension options) should + be added to `AminoSignDoc` if possible + +## Testing + +To test that transactions are resistant to malleability, +we can develop a test suite to run against all sign modes that +attempts to manipulate transaction bytes in the following ways: + +* changing protobuf encoding by + * reordering fields + * setting default values + * adding extra bits to varints, or + * setting new unknown fields +* modifying integer and decimal values encoded as strings with leading or trailing zeros + +Whenever any of these manipulations is done, we should observe that the sign doc bytes for the sign mode being +tested also change, meaning that the corresponding signatures will also have to change. + +In the case of Amino JSON, we should also develop tests which ensure that if any `TxBody` or `AuthInfo` +field not supported by Amino's `AminoSignDoc` is set that signing fails. + +In the general case of transaction decoding, we should have unit tests to ensure that + +* any `TxRaw` bytes which do not follow ADR 027 canonical encoding cause decoding to fail, and +* any top-level transaction elements including `TxBody`, `AuthInfo`, public keys, and messages which + have unknown fields set cause the transaction to be rejected + (this ensures that ADR 020 unknown field filtering is properly applied) + +For each supported signature algorithm, +there should also be unit tests to ensure that signatures must be encoded canonically +or get rejected. + +## References + +* [ADR 027: Deterministic Protobuf Serialization](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-027-deterministic-protobuf-serialization.md) +* [ADR 020](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-020-protobuf-transaction-encoding.md#unknown-field-filtering) +* [`aminojson.proto`](/docs/sdk/vnext/x/tx/signing/aminojson/internal/aminojsonpb/aminojson.proto) +* [`tx.proto`](/docs/sdk/vnext/proto/cosmos/tx/v1beta1/tx.proto) diff --git a/docs/sdk/next/build/architecture/adr-template.mdx b/docs/sdk/next/build/architecture/adr-template.mdx new file mode 100644 index 00000000..4acf5570 --- /dev/null +++ b/docs/sdk/next/build/architecture/adr-template.mdx @@ -0,0 +1,82 @@ +## Changelog + +* `{date}`: `{changelog}` + +## Status + +{DRAFT | PROPOSED} Not Implemented + +> Please have a look at the [PROCESS](/docs/sdk/vnext/build/architecture/PROCESS#adr-status) page. +> Use DRAFT if the ADR is in a draft stage (draft PR) or PROPOSED if it's in review. + +## Abstract + +> "If you can't explain it simply, you don't understand it well enough." Provide +> a simplified and layman-accessible explanation of the ADR. +> A short (\~200 words) description of the issue being addressed. + +## Context + +> This section describes the forces at play, including technological, political, +> social, and project local. These forces are probably in tension, and should be +> called out as such. The language in this section is value-neutral. It is simply +> describing facts. It should clearly explain the problem and motivation that the +> proposal aims to resolve. + +`{context body}` + +## Alternatives + +> This section describes alternative designs to the chosen design. This section +> is important and if an adr does not have any alternatives then it should be +> considered that the ADR was not thought through. + +## Decision + +> This section describes our response to these forces. It is stated in full +> sentences, with active voice. "We will ..." +> `{decision body}` + +## Consequences + +> This section describes the resulting context, after applying the decision. All +> consequences should be listed here, not just the "positive" ones. A particular +> decision may have positive, negative, and neutral consequences, but all of them +> affect the team and project in the future. + +### Backwards Compatibility + +> All ADRs that introduce backwards incompatibilities must include a section +> describing these incompatibilities and their severity. The ADR must explain +> how the author proposes to deal with these incompatibilities. ADR submissions +> without a sufficient backwards compatibility treatise may be rejected outright. + +### Positive + +> `{positive consequences}` + +### Negative + +> `{negative consequences}` + +### Neutral + +> `{neutral consequences}` + +## Further Discussions + +> While an ADR is in the DRAFT or PROPOSED stage, this section should contain a +> summary of issues to be solved in future iterations (usually referencing comments +> from a pull-request discussion). +> +> Later, this section can optionally list ideas or improvements the author or +> reviewers found during the analysis of this ADR. + +## Test Cases \[optional] + +Test cases for an implementation are mandatory for ADRs that are affecting consensus +changes. Other ADRs can choose to include links to test cases if applicable. + +## References + +* `{reference link}` diff --git a/docs/sdk/next/build/build.mdx b/docs/sdk/next/build/build.mdx new file mode 100644 index 00000000..acd7f385 --- /dev/null +++ b/docs/sdk/next/build/build.mdx @@ -0,0 +1,10 @@ +--- +title: Build +--- +* [Building Apps](/docs/sdk/vnext/build/building-apps/app-go) - The documentation in this section will guide you through the process of developing your dApp using the Cosmos SDK framework. +* [Modules](/docs/sdk/vnext/../../x/README) - Information about the various modules available in the Cosmos SDK: Auth, Authz, Bank, Circuit, Consensus, Distribution, Epochs, Evidence, Feegrant, Governance, Group, Mint, NFT, Protocolpool, Slashing, Staking, Upgrade, Genutil. +* [Migrations](/docs/sdk/vnext/build/migrations/intro) - See what has been updated in each release the process of the transition between versions. +* [Packages](/docs/sdk/vnext/build/packages/README) - Explore a curated collection of pre-built modules and functionalities, streamlining the development process. +* [Tooling](/docs/sdk/vnext/build/tooling/README) - A suite of utilities designed to enhance the development workflow, optimizing the efficiency of Cosmos SDK-based projects. +* [ADR's](/docs/sdk/vnext/build/architecture/README) - Provides a structured repository of key decisions made during the development process, which have been documented and offers rationale behind key decisions being made. +* [REST API](https://docs.cosmos.network/api) - A comprehensive reference for the application programming interfaces (APIs) provided by the SDK. diff --git a/docs/sdk/next/build/building-apps/app-go-di.mdx b/docs/sdk/next/build/building-apps/app-go-di.mdx new file mode 100644 index 00000000..658c2121 --- /dev/null +++ b/docs/sdk/next/build/building-apps/app-go-di.mdx @@ -0,0 +1,3320 @@ +--- +title: Overview of `app_di.go` +--- + +**Synopsis** + +The Cosmos SDK makes wiring of an `app.go` much easier thanks to [runtime](/docs/sdk/vnext/build/building-apps/runtime) and app wiring. +Learn more about the rationale of App Wiring in [ADR-057](/docs/sdk/vnext/../architecture/adr-057-app-wiring). + + + + +**Pre-requisite Readings** + +* [What is `runtime`?](/docs/sdk/vnext/build/building-apps/runtime) +* [Depinject documentation](/docs/sdk/vnext/build/packages/depinject) +* [Modules depinject-ready](/docs/sdk/vnext/build/building-modules/depinject) +* [ADR 057: App Wiring](/docs/sdk/vnext/../architecture/adr-057-app-wiring) + + + +This section is intended to provide an overview of the `SimApp` `app_di.go` file with App Wiring. + +## `app_config.go` + +The `app_config.go` file is the single place to configure all modules parameters. + +1. Create the `AppConfig` variable: + + ```go expandable + package simapp + + import ( + + "time" + "google.golang.org/protobuf/types/known/durationpb" + + runtimev1alpha1 "cosmossdk.io/api/cosmos/app/runtime/v1alpha1" + appv1alpha1 "cosmossdk.io/api/cosmos/app/v1alpha1" + authmodulev1 "cosmossdk.io/api/cosmos/auth/module/v1" + authzmodulev1 "cosmossdk.io/api/cosmos/authz/module/v1" + bankmodulev1 "cosmossdk.io/api/cosmos/bank/module/v1" + circuitmodulev1 "cosmossdk.io/api/cosmos/circuit/module/v1" + consensusmodulev1 "cosmossdk.io/api/cosmos/consensus/module/v1" + distrmodulev1 "cosmossdk.io/api/cosmos/distribution/module/v1" + epochsmodulev1 "cosmossdk.io/api/cosmos/epochs/module/v1" + evidencemodulev1 "cosmossdk.io/api/cosmos/evidence/module/v1" + feegrantmodulev1 "cosmossdk.io/api/cosmos/feegrant/module/v1" + genutilmodulev1 "cosmossdk.io/api/cosmos/genutil/module/v1" + govmodulev1 "cosmossdk.io/api/cosmos/gov/module/v1" + groupmodulev1 "cosmossdk.io/api/cosmos/group/module/v1" + mintmodulev1 "cosmossdk.io/api/cosmos/mint/module/v1" + nftmodulev1 "cosmossdk.io/api/cosmos/nft/module/v1" + protocolpoolmodulev1 "cosmossdk.io/api/cosmos/protocolpool/module/v1" + slashingmodulev1 "cosmossdk.io/api/cosmos/slashing/module/v1" + stakingmodulev1 "cosmossdk.io/api/cosmos/staking/module/v1" + txconfigv1 "cosmossdk.io/api/cosmos/tx/config/v1" + upgrademodulev1 "cosmossdk.io/api/cosmos/upgrade/module/v1" + vestingmodulev1 "cosmossdk.io/api/cosmos/vesting/module/v1" + "cosmossdk.io/core/appconfig" + "cosmossdk.io/depinject" + _ "cosmossdk.io/x/circuit" // import for side-effects + circuittypes "cosmossdk.io/x/circuit/types" + _ "cosmossdk.io/x/evidence" // import for side-effects + evidencetypes "cosmossdk.io/x/evidence/types" + "cosmossdk.io/x/feegrant" + _ "cosmossdk.io/x/feegrant/module" // import for side-effects + "cosmossdk.io/x/nft" + _ "cosmossdk.io/x/nft/module" // import for side-effects + _ "cosmossdk.io/x/upgrade" // import for side-effects + upgradetypes "cosmossdk.io/x/upgrade/types" + "github.com/cosmos/cosmos-sdk/runtime" + "github.com/cosmos/cosmos-sdk/types/module" + _ "github.com/cosmos/cosmos-sdk/x/auth/tx/config" // import for side-effects + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + _ "github.com/cosmos/cosmos-sdk/x/auth/vesting" // import for side-effects + vestingtypes "github.com/cosmos/cosmos-sdk/x/auth/vesting/types" + "github.com/cosmos/cosmos-sdk/x/authz" + _ "github.com/cosmos/cosmos-sdk/x/authz/module" // import for side-effects + _ "github.com/cosmos/cosmos-sdk/x/bank" // import for side-effects + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" + _ "github.com/cosmos/cosmos-sdk/x/consensus" // import for side-effects + consensustypes "github.com/cosmos/cosmos-sdk/x/consensus/types" + _ "github.com/cosmos/cosmos-sdk/x/distribution" // import for side-effects + distrtypes "github.com/cosmos/cosmos-sdk/x/distribution/types" + _ "github.com/cosmos/cosmos-sdk/x/epochs" // import for side-effects + epochstypes "github.com/cosmos/cosmos-sdk/x/epochs/types" + "github.com/cosmos/cosmos-sdk/x/genutil" + genutiltypes "github.com/cosmos/cosmos-sdk/x/genutil/types" + "github.com/cosmos/cosmos-sdk/x/gov" + govclient "github.com/cosmos/cosmos-sdk/x/gov/client" + govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" + "github.com/cosmos/cosmos-sdk/x/group" + _ "github.com/cosmos/cosmos-sdk/x/group/module" // import for side-effects + _ "github.com/cosmos/cosmos-sdk/x/mint" // import for side-effects + minttypes "github.com/cosmos/cosmos-sdk/x/mint/types" + _ "github.com/cosmos/cosmos-sdk/x/protocolpool" // import for side-effects + protocolpooltypes "github.com/cosmos/cosmos-sdk/x/protocolpool/types" + _ "github.com/cosmos/cosmos-sdk/x/slashing" // import for side-effects + slashingtypes "github.com/cosmos/cosmos-sdk/x/slashing/types" + _ "github.com/cosmos/cosmos-sdk/x/staking" // import for side-effects + stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types" + ) + + var ( + // module account permissions + moduleAccPerms = []*authmodulev1.ModuleAccountPermission{ + { + Account: authtypes.FeeCollectorName + }, + { + Account: distrtypes.ModuleName + }, + { + Account: minttypes.ModuleName, + Permissions: []string{ + authtypes.Minter + }}, + { + Account: stakingtypes.BondedPoolName, + Permissions: []string{ + authtypes.Burner, stakingtypes.ModuleName + }}, + { + Account: stakingtypes.NotBondedPoolName, + Permissions: []string{ + authtypes.Burner, stakingtypes.ModuleName + }}, + { + Account: govtypes.ModuleName, + Permissions: []string{ + authtypes.Burner + }}, + { + Account: nft.ModuleName + }, + { + Account: protocolpooltypes.ModuleName + }, + { + Account: protocolpooltypes.ProtocolPoolEscrowAccount + }, + } + + // blocked account addresses + blockAccAddrs = []string{ + authtypes.FeeCollectorName, + distrtypes.ModuleName, + minttypes.ModuleName, + stakingtypes.BondedPoolName, + stakingtypes.NotBondedPoolName, + nft.ModuleName, + // We allow the following module accounts to receive funds: + // govtypes.ModuleName + } + + ModuleConfig = []*appv1alpha1.ModuleConfig{ + { + Name: runtime.ModuleName, + Config: appconfig.WrapAny(&runtimev1alpha1.Module{ + AppName: "SimApp", + // NOTE: upgrade module is required to be prioritized + PreBlockers: []string{ + upgradetypes.ModuleName, + authtypes.ModuleName, + }, + // During begin block slashing happens after distr.BeginBlocker so that + // there is nothing left over in the validator fee pool, so as to keep the + // CanWithdrawInvariant invariant. + // NOTE: staking module is required if HistoricalEntries param > 0 + BeginBlockers: []string{ + minttypes.ModuleName, + distrtypes.ModuleName, + protocolpooltypes.ModuleName, + slashingtypes.ModuleName, + evidencetypes.ModuleName, + stakingtypes.ModuleName, + authz.ModuleName, + epochstypes.ModuleName, + }, + EndBlockers: []string{ + govtypes.ModuleName, + stakingtypes.ModuleName, + feegrant.ModuleName, + group.ModuleName, + protocolpooltypes.ModuleName, + }, + OverrideStoreKeys: []*runtimev1alpha1.StoreKeyConfig{ + { + ModuleName: authtypes.ModuleName, + KvStoreKey: "acc", + }, + }, + // NOTE: The genutils module must occur after staking so that pools are + // properly initialized with tokens from genesis accounts. + // NOTE: The genutils module must also occur after auth so that it can access the params from auth. + InitGenesis: []string{ + authtypes.ModuleName, + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + nft.ModuleName, + group.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + circuittypes.ModuleName, + epochstypes.ModuleName, + protocolpooltypes.ModuleName, + }, + // When ExportGenesis is not specified, the export genesis module order + // is equal to the init genesis order + ExportGenesis: []string{ + consensustypes.ModuleName, + authtypes.ModuleName, + protocolpooltypes.ModuleName, // Must be exported before bank + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + nft.ModuleName, + group.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + circuittypes.ModuleName, + epochstypes.ModuleName, + }, + // Uncomment if you want to set a custom migration order here. + // OrderMigrations: []string{ + }, + }), + }, + { + Name: authtypes.ModuleName, + Config: appconfig.WrapAny(&authmodulev1.Module{ + Bech32Prefix: "cosmos", + ModuleAccountPermissions: moduleAccPerms, + // By default modules authority is the governance module. This is configurable with the following: + // Authority: "group", // A custom module authority can be set using a module name + // Authority: "cosmos1cwwv22j5ca08ggdv9c2uky355k908694z577tv", // or a specific address + }), + }, + { + Name: vestingtypes.ModuleName, + Config: appconfig.WrapAny(&vestingmodulev1.Module{ + }), + }, + { + Name: banktypes.ModuleName, + Config: appconfig.WrapAny(&bankmodulev1.Module{ + BlockedModuleAccountsOverride: blockAccAddrs, + }), + }, + { + Name: stakingtypes.ModuleName, + Config: appconfig.WrapAny(&stakingmodulev1.Module{ + // NOTE: specifying a prefix is only necessary when using bech32 addresses + // If not specfied, the auth Bech32Prefix appended with "valoper" and "valcons" is used by default + Bech32PrefixValidator: "cosmosvaloper", + Bech32PrefixConsensus: "cosmosvalcons", + }), + }, + { + Name: slashingtypes.ModuleName, + Config: appconfig.WrapAny(&slashingmodulev1.Module{ + }), + }, + { + Name: "tx", + Config: appconfig.WrapAny(&txconfigv1.Config{ + SkipAnteHandler: true, // Enable this to skip the default antehandlers and set custom ante handlers. + }), + }, + { + Name: genutiltypes.ModuleName, + Config: appconfig.WrapAny(&genutilmodulev1.Module{ + }), + }, + { + Name: authz.ModuleName, + Config: appconfig.WrapAny(&authzmodulev1.Module{ + }), + }, + { + Name: upgradetypes.ModuleName, + Config: appconfig.WrapAny(&upgrademodulev1.Module{ + }), + }, + { + Name: distrtypes.ModuleName, + Config: appconfig.WrapAny(&distrmodulev1.Module{ + }), + }, + { + Name: evidencetypes.ModuleName, + Config: appconfig.WrapAny(&evidencemodulev1.Module{ + }), + }, + { + Name: minttypes.ModuleName, + Config: appconfig.WrapAny(&mintmodulev1.Module{ + }), + }, + { + Name: group.ModuleName, + Config: appconfig.WrapAny(&groupmodulev1.Module{ + MaxExecutionPeriod: durationpb.New(time.Second * 1209600), + MaxMetadataLen: 255, + }), + }, + { + Name: nft.ModuleName, + Config: appconfig.WrapAny(&nftmodulev1.Module{ + }), + }, + { + Name: feegrant.ModuleName, + Config: appconfig.WrapAny(&feegrantmodulev1.Module{ + }), + }, + { + Name: govtypes.ModuleName, + Config: appconfig.WrapAny(&govmodulev1.Module{ + }), + }, + { + Name: consensustypes.ModuleName, + Config: appconfig.WrapAny(&consensusmodulev1.Module{ + }), + }, + { + Name: circuittypes.ModuleName, + Config: appconfig.WrapAny(&circuitmodulev1.Module{ + }), + }, + { + Name: epochstypes.ModuleName, + Config: appconfig.WrapAny(&epochsmodulev1.Module{ + }), + }, + { + Name: protocolpooltypes.ModuleName, + Config: appconfig.WrapAny(&protocolpoolmodulev1.Module{ + }), + }, + } + + // AppConfig is application configuration (used by depinject) + + AppConfig = depinject.Configs(appconfig.Compose(&appv1alpha1.Config{ + Modules: ModuleConfig, + }), + depinject.Supply( + // supply custom module basics + map[string]module.AppModuleBasic{ + genutiltypes.ModuleName: genutil.NewAppModuleBasic(genutiltypes.DefaultMessageValidator), + govtypes.ModuleName: gov.NewAppModuleBasic( + []govclient.ProposalHandler{ + }, + ), + }, + ), + ) + ) + ``` + + Where the `appConfig` combines the [runtime](/docs/sdk/vnext/build/building-apps/runtime) configuration and the (extra) modules configuration. + + ```go expandable + //go:build !app_v1 + + package simapp + + import ( + + "io" + + dbm "github.com/cosmos/cosmos-db" + + clienthelpers "cosmossdk.io/client/v2/helpers" + "cosmossdk.io/depinject" + "cosmossdk.io/log" + storetypes "cosmossdk.io/store/types" + circuitkeeper "cosmossdk.io/x/circuit/keeper" + evidencekeeper "cosmossdk.io/x/evidence/keeper" + feegrantkeeper "cosmossdk.io/x/feegrant/keeper" + nftkeeper "cosmossdk.io/x/nft/keeper" + upgradekeeper "cosmossdk.io/x/upgrade/keeper" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + "github.com/cosmos/cosmos-sdk/runtime" + "github.com/cosmos/cosmos-sdk/server" + "github.com/cosmos/cosmos-sdk/server/api" + "github.com/cosmos/cosmos-sdk/server/config" + servertypes "github.com/cosmos/cosmos-sdk/server/types" + testdata_pulsar "github.com/cosmos/cosmos-sdk/testutil/testdata/testpb" + "github.com/cosmos/cosmos-sdk/types/module" + "github.com/cosmos/cosmos-sdk/x/auth" + "github.com/cosmos/cosmos-sdk/x/auth/ante" + authkeeper "github.com/cosmos/cosmos-sdk/x/auth/keeper" + authsims "github.com/cosmos/cosmos-sdk/x/auth/simulation" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + authzkeeper "github.com/cosmos/cosmos-sdk/x/authz/keeper" + bankkeeper "github.com/cosmos/cosmos-sdk/x/bank/keeper" + consensuskeeper "github.com/cosmos/cosmos-sdk/x/consensus/keeper" + distrkeeper "github.com/cosmos/cosmos-sdk/x/distribution/keeper" + epochskeeper "github.com/cosmos/cosmos-sdk/x/epochs/keeper" + govkeeper "github.com/cosmos/cosmos-sdk/x/gov/keeper" + groupkeeper "github.com/cosmos/cosmos-sdk/x/group/keeper" + mintkeeper "github.com/cosmos/cosmos-sdk/x/mint/keeper" + protocolpoolkeeper "github.com/cosmos/cosmos-sdk/x/protocolpool/keeper" + slashingkeeper "github.com/cosmos/cosmos-sdk/x/slashing/keeper" + stakingkeeper "github.com/cosmos/cosmos-sdk/x/staking/keeper" + ) + + // DefaultNodeHome default home directories for the application daemon + var DefaultNodeHome string + + var ( + _ runtime.AppI = (*SimApp)(nil) + _ servertypes.Application = (*SimApp)(nil) + ) + + // SimApp extends an ABCI application, but with most of its parameters exported. + // They are exported for convenience in creating helper functions, as object + // capabilities aren't needed for testing. + type SimApp struct { + *runtime.App + legacyAmino *codec.LegacyAmino + appCodec codec.Codec + txConfig client.TxConfig + interfaceRegistry codectypes.InterfaceRegistry + + // essential keepers + AccountKeeper authkeeper.AccountKeeper + BankKeeper bankkeeper.BaseKeeper + StakingKeeper *stakingkeeper.Keeper + SlashingKeeper slashingkeeper.Keeper + MintKeeper mintkeeper.Keeper + DistrKeeper distrkeeper.Keeper + GovKeeper *govkeeper.Keeper + UpgradeKeeper *upgradekeeper.Keeper + EvidenceKeeper evidencekeeper.Keeper + ConsensusParamsKeeper consensuskeeper.Keeper + CircuitKeeper circuitkeeper.Keeper + + // supplementary keepers + FeeGrantKeeper feegrantkeeper.Keeper + GroupKeeper groupkeeper.Keeper + AuthzKeeper authzkeeper.Keeper + NFTKeeper nftkeeper.Keeper + EpochsKeeper epochskeeper.Keeper + ProtocolPoolKeeper protocolpoolkeeper.Keeper + + // simulation manager + sm *module.SimulationManager + } + + func init() { + var err error + DefaultNodeHome, err = clienthelpers.GetNodeHomeDirectory(".simapp") + if err != nil { + panic(err) + } + } + + // NewSimApp returns a reference to an initialized SimApp. + func NewSimApp( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), + ) *SimApp { + var ( + app = &SimApp{ + } + + appBuilder *runtime.AppBuilder + + // merge the AppConfig and other configuration in one config + appConfig = depinject.Configs( + AppConfig, + depinject.Supply( + // supply the application options + appOpts, + // supply the logger + logger, + + // ADVANCED CONFIGURATION + + // + // AUTH + // + // For providing a custom function required in auth to generate custom account types + // add it below. By default the auth module uses simulation.RandomGenesisAccounts. + // + // authtypes.RandomGenesisAccountsFn(simulation.RandomGenesisAccounts), + // + // For providing a custom a base account type add it below. + // By default the auth module uses authtypes.ProtoBaseAccount(). + // + // func() + + sdk.AccountI { + return authtypes.ProtoBaseAccount() + }, + // + // For providing a different address codec, add it below. + // By default the auth module uses a Bech32 address codec, + // with the prefix defined in the auth module configuration. + // + // func() + + address.Codec { + return <- custom address codec type -> + } + + // + // STAKING + // + // For provinding a different validator and consensus address codec, add it below. + // By default the staking module uses the bech32 prefix provided in the auth config, + // and appends "valoper" and "valcons" for validator and consensus addresses respectively. + // When providing a custom address codec in auth, custom address codecs must be provided here as well. + // + // func() + + runtime.ValidatorAddressCodec { + return <- custom validator address codec type -> + } + // func() + + runtime.ConsensusAddressCodec { + return <- custom consensus address codec type -> + } + + // + // MINT + // + + // For providing a custom inflation function for x/mint add here your + // custom function that implements the minttypes.InflationCalculationFn + // interface. + ), + ) + ) + if err := depinject.Inject(appConfig, + &appBuilder, + &app.appCodec, + &app.legacyAmino, + &app.txConfig, + &app.interfaceRegistry, + &app.AccountKeeper, + &app.BankKeeper, + &app.StakingKeeper, + &app.SlashingKeeper, + &app.MintKeeper, + &app.DistrKeeper, + &app.GovKeeper, + &app.UpgradeKeeper, + &app.AuthzKeeper, + &app.EvidenceKeeper, + &app.FeeGrantKeeper, + &app.GroupKeeper, + &app.NFTKeeper, + &app.ConsensusParamsKeeper, + &app.CircuitKeeper, + &app.EpochsKeeper, + &app.ProtocolPoolKeeper, + ); err != nil { + panic(err) + } + + // Below we could construct and set an application specific mempool and + // ABCI 1.0 PrepareProposal and ProcessProposal handlers. These defaults are + // already set in the SDK's BaseApp, this shows an example of how to override + // them. + // + // Example: + // + // app.App = appBuilder.Build(...) + // nonceMempool := mempool.NewSenderNonceMempool() + // abciPropHandler := NewDefaultProposalHandler(nonceMempool, app.App.BaseApp) + // + // app.App.BaseApp.SetMempool(nonceMempool) + // app.App.BaseApp.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // app.App.BaseApp.SetProcessProposal(abciPropHandler.ProcessProposalHandler()) + // + // Alternatively, you can construct BaseApp options, append those to + // baseAppOptions and pass them to the appBuilder. + // + // Example: + // + // prepareOpt = func(app *baseapp.BaseApp) { + // abciPropHandler := baseapp.NewDefaultProposalHandler(nonceMempool, app) + // app.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // + } + // baseAppOptions = append(baseAppOptions, prepareOpt) + + // create and set dummy vote extension handler + voteExtOp := func(bApp *baseapp.BaseApp) { + voteExtHandler := NewVoteExtensionHandler() + + voteExtHandler.SetHandlers(bApp) + } + + baseAppOptions = append(baseAppOptions, voteExtOp, baseapp.SetOptimisticExecution()) + + app.App = appBuilder.Build(db, traceStore, baseAppOptions...) + + // register streaming services + if err := app.RegisterStreamingServices(appOpts, app.kvStoreKeys()); err != nil { + panic(err) + } + + /**** Module Options ****/ + + // RegisterUpgradeHandlers is used for registering any on-chain upgrades. + app.RegisterUpgradeHandlers() + + // add test gRPC service for testing gRPC queries in isolation + testdata_pulsar.RegisterQueryServer(app.GRPCQueryRouter(), testdata_pulsar.QueryImpl{ + }) + + // create the simulation manager and define the order of the modules for deterministic simulations + // + // NOTE: this is not required apps that don't use the simulator for fuzz testing + // transactions + overrideModules := map[string]module.AppModuleSimulation{ + authtypes.ModuleName: auth.NewAppModule(app.appCodec, app.AccountKeeper, authsims.RandomGenesisAccounts, nil), + } + + app.sm = module.NewSimulationManagerFromAppModules(app.ModuleManager.Modules, overrideModules) + + app.sm.RegisterStoreDecoders() + + // A custom InitChainer can be set if extra pre-init-genesis logic is required. + // By default, when using app wiring enabled module, this is not required. + // For instance, the upgrade module will set automatically the module version map in its init genesis thanks to app wiring. + // However, when registering a module manually (i.e. that does not support app wiring), the module version map + // must be set manually as follow. The upgrade module will de-duplicate the module version map. + // + // app.SetInitChainer(func(ctx sdk.Context, req *abci.RequestInitChain) (*abci.ResponseInitChain, error) { + // app.UpgradeKeeper.SetModuleVersionMap(ctx, app.ModuleManager.GetVersionMap()) + // return app.App.InitChainer(ctx, req) + // + }) + + // set custom ante handler + app.setAnteHandler(app.txConfig) + if err := app.Load(loadLatest); err != nil { + panic(err) + } + + return app + } + + // setAnteHandler sets custom ante handlers. + // "x/auth/tx" pre-defined ante handler have been disabled in app_config. + func (app *SimApp) + + setAnteHandler(txConfig client.TxConfig) { + anteHandler, err := NewAnteHandler( + HandlerOptions{ + ante.HandlerOptions{ + UnorderedNonceManager: app.AccountKeeper, + AccountKeeper: app.AccountKeeper, + BankKeeper: app.BankKeeper, + SignModeHandler: txConfig.SignModeHandler(), + FeegrantKeeper: app.FeeGrantKeeper, + SigGasConsumer: ante.DefaultSigVerificationGasConsumer, + }, + &app.CircuitKeeper, + }, + ) + if err != nil { + panic(err) + } + + // Set the AnteHandler for the app + app.SetAnteHandler(anteHandler) + } + + // LegacyAmino returns SimApp's amino codec. + // + // NOTE: This is solely to be used for testing purposes as it may be desirable + // for modules to register their own custom testing types. + func (app *SimApp) + + LegacyAmino() *codec.LegacyAmino { + return app.legacyAmino + } + + // AppCodec returns SimApp's app codec. + // + // NOTE: This is solely to be used for testing purposes as it may be desirable + // for modules to register their own custom testing types. + func (app *SimApp) + + AppCodec() + + codec.Codec { + return app.appCodec + } + + // InterfaceRegistry returns SimApp's InterfaceRegistry. + func (app *SimApp) + + InterfaceRegistry() + + codectypes.InterfaceRegistry { + return app.interfaceRegistry + } + + // TxConfig returns SimApp's TxConfig + func (app *SimApp) + + TxConfig() + + client.TxConfig { + return app.txConfig + } + + // GetKey returns the KVStoreKey for the provided store key. + // + // NOTE: This is solely to be used for testing purposes. + func (app *SimApp) + + GetKey(storeKey string) *storetypes.KVStoreKey { + sk := app.UnsafeFindStoreKey(storeKey) + + kvStoreKey, ok := sk.(*storetypes.KVStoreKey) + if !ok { + return nil + } + + return kvStoreKey + } + + func (app *SimApp) + + kvStoreKeys() + + map[string]*storetypes.KVStoreKey { + keys := make(map[string]*storetypes.KVStoreKey) + for _, k := range app.GetStoreKeys() { + if kv, ok := k.(*storetypes.KVStoreKey); ok { + keys[kv.Name()] = kv + } + + } + + return keys + } + + // SimulationManager implements the SimulationApp interface + func (app *SimApp) + + SimulationManager() *module.SimulationManager { + return app.sm + } + + // RegisterAPIRoutes registers all application module routes with the provided + // API server. + func (app *SimApp) + + RegisterAPIRoutes(apiSvr *api.Server, apiConfig config.APIConfig) { + app.App.RegisterAPIRoutes(apiSvr, apiConfig) + // register swagger API in app.go so that other applications can override easily + if err := server.RegisterSwaggerAPI(apiSvr.ClientCtx, apiSvr.Router, apiConfig.Swagger); err != nil { + panic(err) + } + } + + // GetMaccPerms returns a copy of the module account permissions + // + // NOTE: This is solely to be used for testing purposes. + func GetMaccPerms() + + map[string][]string { + dup := make(map[string][]string) + for _, perms := range moduleAccPerms { + dup[perms.Account] = perms.Permissions + } + + return dup + } + + // BlockedAddresses returns all the app's blocked account addresses. + func BlockedAddresses() + + map[string]bool { + result := make(map[string]bool) + if len(blockAccAddrs) > 0 { + for _, addr := range blockAccAddrs { + result[addr] = true + } + + } + + else { + for addr := range GetMaccPerms() { + result[addr] = true + } + + } + + return result + } + ``` + +2. Configure the `runtime` module: + + In this configuration, the order in which the modules are defined in PreBlockers, BeginBlocks, and EndBlockers is important. + They are named in the order they should be executed by the module manager. + + ```go expandable + package simapp + + import ( + + "time" + "google.golang.org/protobuf/types/known/durationpb" + + runtimev1alpha1 "cosmossdk.io/api/cosmos/app/runtime/v1alpha1" + appv1alpha1 "cosmossdk.io/api/cosmos/app/v1alpha1" + authmodulev1 "cosmossdk.io/api/cosmos/auth/module/v1" + authzmodulev1 "cosmossdk.io/api/cosmos/authz/module/v1" + bankmodulev1 "cosmossdk.io/api/cosmos/bank/module/v1" + circuitmodulev1 "cosmossdk.io/api/cosmos/circuit/module/v1" + consensusmodulev1 "cosmossdk.io/api/cosmos/consensus/module/v1" + distrmodulev1 "cosmossdk.io/api/cosmos/distribution/module/v1" + epochsmodulev1 "cosmossdk.io/api/cosmos/epochs/module/v1" + evidencemodulev1 "cosmossdk.io/api/cosmos/evidence/module/v1" + feegrantmodulev1 "cosmossdk.io/api/cosmos/feegrant/module/v1" + genutilmodulev1 "cosmossdk.io/api/cosmos/genutil/module/v1" + govmodulev1 "cosmossdk.io/api/cosmos/gov/module/v1" + groupmodulev1 "cosmossdk.io/api/cosmos/group/module/v1" + mintmodulev1 "cosmossdk.io/api/cosmos/mint/module/v1" + nftmodulev1 "cosmossdk.io/api/cosmos/nft/module/v1" + protocolpoolmodulev1 "cosmossdk.io/api/cosmos/protocolpool/module/v1" + slashingmodulev1 "cosmossdk.io/api/cosmos/slashing/module/v1" + stakingmodulev1 "cosmossdk.io/api/cosmos/staking/module/v1" + txconfigv1 "cosmossdk.io/api/cosmos/tx/config/v1" + upgrademodulev1 "cosmossdk.io/api/cosmos/upgrade/module/v1" + vestingmodulev1 "cosmossdk.io/api/cosmos/vesting/module/v1" + "cosmossdk.io/core/appconfig" + "cosmossdk.io/depinject" + _ "cosmossdk.io/x/circuit" // import for side-effects + circuittypes "cosmossdk.io/x/circuit/types" + _ "cosmossdk.io/x/evidence" // import for side-effects + evidencetypes "cosmossdk.io/x/evidence/types" + "cosmossdk.io/x/feegrant" + _ "cosmossdk.io/x/feegrant/module" // import for side-effects + "cosmossdk.io/x/nft" + _ "cosmossdk.io/x/nft/module" // import for side-effects + _ "cosmossdk.io/x/upgrade" // import for side-effects + upgradetypes "cosmossdk.io/x/upgrade/types" + "github.com/cosmos/cosmos-sdk/runtime" + "github.com/cosmos/cosmos-sdk/types/module" + _ "github.com/cosmos/cosmos-sdk/x/auth/tx/config" // import for side-effects + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + _ "github.com/cosmos/cosmos-sdk/x/auth/vesting" // import for side-effects + vestingtypes "github.com/cosmos/cosmos-sdk/x/auth/vesting/types" + "github.com/cosmos/cosmos-sdk/x/authz" + _ "github.com/cosmos/cosmos-sdk/x/authz/module" // import for side-effects + _ "github.com/cosmos/cosmos-sdk/x/bank" // import for side-effects + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" + _ "github.com/cosmos/cosmos-sdk/x/consensus" // import for side-effects + consensustypes "github.com/cosmos/cosmos-sdk/x/consensus/types" + _ "github.com/cosmos/cosmos-sdk/x/distribution" // import for side-effects + distrtypes "github.com/cosmos/cosmos-sdk/x/distribution/types" + _ "github.com/cosmos/cosmos-sdk/x/epochs" // import for side-effects + epochstypes "github.com/cosmos/cosmos-sdk/x/epochs/types" + "github.com/cosmos/cosmos-sdk/x/genutil" + genutiltypes "github.com/cosmos/cosmos-sdk/x/genutil/types" + "github.com/cosmos/cosmos-sdk/x/gov" + govclient "github.com/cosmos/cosmos-sdk/x/gov/client" + govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" + "github.com/cosmos/cosmos-sdk/x/group" + _ "github.com/cosmos/cosmos-sdk/x/group/module" // import for side-effects + _ "github.com/cosmos/cosmos-sdk/x/mint" // import for side-effects + minttypes "github.com/cosmos/cosmos-sdk/x/mint/types" + _ "github.com/cosmos/cosmos-sdk/x/protocolpool" // import for side-effects + protocolpooltypes "github.com/cosmos/cosmos-sdk/x/protocolpool/types" + _ "github.com/cosmos/cosmos-sdk/x/slashing" // import for side-effects + slashingtypes "github.com/cosmos/cosmos-sdk/x/slashing/types" + _ "github.com/cosmos/cosmos-sdk/x/staking" // import for side-effects + stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types" + ) + + var ( + // module account permissions + moduleAccPerms = []*authmodulev1.ModuleAccountPermission{ + { + Account: authtypes.FeeCollectorName + }, + { + Account: distrtypes.ModuleName + }, + { + Account: minttypes.ModuleName, + Permissions: []string{ + authtypes.Minter + }}, + { + Account: stakingtypes.BondedPoolName, + Permissions: []string{ + authtypes.Burner, stakingtypes.ModuleName + }}, + { + Account: stakingtypes.NotBondedPoolName, + Permissions: []string{ + authtypes.Burner, stakingtypes.ModuleName + }}, + { + Account: govtypes.ModuleName, + Permissions: []string{ + authtypes.Burner + }}, + { + Account: nft.ModuleName + }, + { + Account: protocolpooltypes.ModuleName + }, + { + Account: protocolpooltypes.ProtocolPoolEscrowAccount + }, + } + + // blocked account addresses + blockAccAddrs = []string{ + authtypes.FeeCollectorName, + distrtypes.ModuleName, + minttypes.ModuleName, + stakingtypes.BondedPoolName, + stakingtypes.NotBondedPoolName, + nft.ModuleName, + // We allow the following module accounts to receive funds: + // govtypes.ModuleName + } + + ModuleConfig = []*appv1alpha1.ModuleConfig{ + { + Name: runtime.ModuleName, + Config: appconfig.WrapAny(&runtimev1alpha1.Module{ + AppName: "SimApp", + // NOTE: upgrade module is required to be prioritized + PreBlockers: []string{ + upgradetypes.ModuleName, + authtypes.ModuleName, + }, + // During begin block slashing happens after distr.BeginBlocker so that + // there is nothing left over in the validator fee pool, so as to keep the + // CanWithdrawInvariant invariant. + // NOTE: staking module is required if HistoricalEntries param > 0 + BeginBlockers: []string{ + minttypes.ModuleName, + distrtypes.ModuleName, + protocolpooltypes.ModuleName, + slashingtypes.ModuleName, + evidencetypes.ModuleName, + stakingtypes.ModuleName, + authz.ModuleName, + epochstypes.ModuleName, + }, + EndBlockers: []string{ + govtypes.ModuleName, + stakingtypes.ModuleName, + feegrant.ModuleName, + group.ModuleName, + protocolpooltypes.ModuleName, + }, + OverrideStoreKeys: []*runtimev1alpha1.StoreKeyConfig{ + { + ModuleName: authtypes.ModuleName, + KvStoreKey: "acc", + }, + }, + // NOTE: The genutils module must occur after staking so that pools are + // properly initialized with tokens from genesis accounts. + // NOTE: The genutils module must also occur after auth so that it can access the params from auth. + InitGenesis: []string{ + authtypes.ModuleName, + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + nft.ModuleName, + group.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + circuittypes.ModuleName, + epochstypes.ModuleName, + protocolpooltypes.ModuleName, + }, + // When ExportGenesis is not specified, the export genesis module order + // is equal to the init genesis order + ExportGenesis: []string{ + consensustypes.ModuleName, + authtypes.ModuleName, + protocolpooltypes.ModuleName, // Must be exported before bank + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + nft.ModuleName, + group.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + circuittypes.ModuleName, + epochstypes.ModuleName, + }, + // Uncomment if you want to set a custom migration order here. + // OrderMigrations: []string{ + }, + }), + }, + { + Name: authtypes.ModuleName, + Config: appconfig.WrapAny(&authmodulev1.Module{ + Bech32Prefix: "cosmos", + ModuleAccountPermissions: moduleAccPerms, + // By default modules authority is the governance module. This is configurable with the following: + // Authority: "group", // A custom module authority can be set using a module name + // Authority: "cosmos1cwwv22j5ca08ggdv9c2uky355k908694z577tv", // or a specific address + }), + }, + { + Name: vestingtypes.ModuleName, + Config: appconfig.WrapAny(&vestingmodulev1.Module{ + }), + }, + { + Name: banktypes.ModuleName, + Config: appconfig.WrapAny(&bankmodulev1.Module{ + BlockedModuleAccountsOverride: blockAccAddrs, + }), + }, + { + Name: stakingtypes.ModuleName, + Config: appconfig.WrapAny(&stakingmodulev1.Module{ + // NOTE: specifying a prefix is only necessary when using bech32 addresses + // If not specfied, the auth Bech32Prefix appended with "valoper" and "valcons" is used by default + Bech32PrefixValidator: "cosmosvaloper", + Bech32PrefixConsensus: "cosmosvalcons", + }), + }, + { + Name: slashingtypes.ModuleName, + Config: appconfig.WrapAny(&slashingmodulev1.Module{ + }), + }, + { + Name: "tx", + Config: appconfig.WrapAny(&txconfigv1.Config{ + SkipAnteHandler: true, // Enable this to skip the default antehandlers and set custom ante handlers. + }), + }, + { + Name: genutiltypes.ModuleName, + Config: appconfig.WrapAny(&genutilmodulev1.Module{ + }), + }, + { + Name: authz.ModuleName, + Config: appconfig.WrapAny(&authzmodulev1.Module{ + }), + }, + { + Name: upgradetypes.ModuleName, + Config: appconfig.WrapAny(&upgrademodulev1.Module{ + }), + }, + { + Name: distrtypes.ModuleName, + Config: appconfig.WrapAny(&distrmodulev1.Module{ + }), + }, + { + Name: evidencetypes.ModuleName, + Config: appconfig.WrapAny(&evidencemodulev1.Module{ + }), + }, + { + Name: minttypes.ModuleName, + Config: appconfig.WrapAny(&mintmodulev1.Module{ + }), + }, + { + Name: group.ModuleName, + Config: appconfig.WrapAny(&groupmodulev1.Module{ + MaxExecutionPeriod: durationpb.New(time.Second * 1209600), + MaxMetadataLen: 255, + }), + }, + { + Name: nft.ModuleName, + Config: appconfig.WrapAny(&nftmodulev1.Module{ + }), + }, + { + Name: feegrant.ModuleName, + Config: appconfig.WrapAny(&feegrantmodulev1.Module{ + }), + }, + { + Name: govtypes.ModuleName, + Config: appconfig.WrapAny(&govmodulev1.Module{ + }), + }, + { + Name: consensustypes.ModuleName, + Config: appconfig.WrapAny(&consensusmodulev1.Module{ + }), + }, + { + Name: circuittypes.ModuleName, + Config: appconfig.WrapAny(&circuitmodulev1.Module{ + }), + }, + { + Name: epochstypes.ModuleName, + Config: appconfig.WrapAny(&epochsmodulev1.Module{ + }), + }, + { + Name: protocolpooltypes.ModuleName, + Config: appconfig.WrapAny(&protocolpoolmodulev1.Module{ + }), + }, + } + + // AppConfig is application configuration (used by depinject) + + AppConfig = depinject.Configs(appconfig.Compose(&appv1alpha1.Config{ + Modules: ModuleConfig, + }), + depinject.Supply( + // supply custom module basics + map[string]module.AppModuleBasic{ + genutiltypes.ModuleName: genutil.NewAppModuleBasic(genutiltypes.DefaultMessageValidator), + govtypes.ModuleName: gov.NewAppModuleBasic( + []govclient.ProposalHandler{ + }, + ), + }, + ), + ) + ) + ``` + +3. Wire the other modules: + + Next to runtime, the other (depinject-enabled) modules are wired in the `AppConfig`: + + ```go expandable + package simapp + + import ( + + "time" + "google.golang.org/protobuf/types/known/durationpb" + + runtimev1alpha1 "cosmossdk.io/api/cosmos/app/runtime/v1alpha1" + appv1alpha1 "cosmossdk.io/api/cosmos/app/v1alpha1" + authmodulev1 "cosmossdk.io/api/cosmos/auth/module/v1" + authzmodulev1 "cosmossdk.io/api/cosmos/authz/module/v1" + bankmodulev1 "cosmossdk.io/api/cosmos/bank/module/v1" + circuitmodulev1 "cosmossdk.io/api/cosmos/circuit/module/v1" + consensusmodulev1 "cosmossdk.io/api/cosmos/consensus/module/v1" + distrmodulev1 "cosmossdk.io/api/cosmos/distribution/module/v1" + epochsmodulev1 "cosmossdk.io/api/cosmos/epochs/module/v1" + evidencemodulev1 "cosmossdk.io/api/cosmos/evidence/module/v1" + feegrantmodulev1 "cosmossdk.io/api/cosmos/feegrant/module/v1" + genutilmodulev1 "cosmossdk.io/api/cosmos/genutil/module/v1" + govmodulev1 "cosmossdk.io/api/cosmos/gov/module/v1" + groupmodulev1 "cosmossdk.io/api/cosmos/group/module/v1" + mintmodulev1 "cosmossdk.io/api/cosmos/mint/module/v1" + nftmodulev1 "cosmossdk.io/api/cosmos/nft/module/v1" + protocolpoolmodulev1 "cosmossdk.io/api/cosmos/protocolpool/module/v1" + slashingmodulev1 "cosmossdk.io/api/cosmos/slashing/module/v1" + stakingmodulev1 "cosmossdk.io/api/cosmos/staking/module/v1" + txconfigv1 "cosmossdk.io/api/cosmos/tx/config/v1" + upgrademodulev1 "cosmossdk.io/api/cosmos/upgrade/module/v1" + vestingmodulev1 "cosmossdk.io/api/cosmos/vesting/module/v1" + "cosmossdk.io/core/appconfig" + "cosmossdk.io/depinject" + _ "cosmossdk.io/x/circuit" // import for side-effects + circuittypes "cosmossdk.io/x/circuit/types" + _ "cosmossdk.io/x/evidence" // import for side-effects + evidencetypes "cosmossdk.io/x/evidence/types" + "cosmossdk.io/x/feegrant" + _ "cosmossdk.io/x/feegrant/module" // import for side-effects + "cosmossdk.io/x/nft" + _ "cosmossdk.io/x/nft/module" // import for side-effects + _ "cosmossdk.io/x/upgrade" // import for side-effects + upgradetypes "cosmossdk.io/x/upgrade/types" + "github.com/cosmos/cosmos-sdk/runtime" + "github.com/cosmos/cosmos-sdk/types/module" + _ "github.com/cosmos/cosmos-sdk/x/auth/tx/config" // import for side-effects + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + _ "github.com/cosmos/cosmos-sdk/x/auth/vesting" // import for side-effects + vestingtypes "github.com/cosmos/cosmos-sdk/x/auth/vesting/types" + "github.com/cosmos/cosmos-sdk/x/authz" + _ "github.com/cosmos/cosmos-sdk/x/authz/module" // import for side-effects + _ "github.com/cosmos/cosmos-sdk/x/bank" // import for side-effects + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" + _ "github.com/cosmos/cosmos-sdk/x/consensus" // import for side-effects + consensustypes "github.com/cosmos/cosmos-sdk/x/consensus/types" + _ "github.com/cosmos/cosmos-sdk/x/distribution" // import for side-effects + distrtypes "github.com/cosmos/cosmos-sdk/x/distribution/types" + _ "github.com/cosmos/cosmos-sdk/x/epochs" // import for side-effects + epochstypes "github.com/cosmos/cosmos-sdk/x/epochs/types" + "github.com/cosmos/cosmos-sdk/x/genutil" + genutiltypes "github.com/cosmos/cosmos-sdk/x/genutil/types" + "github.com/cosmos/cosmos-sdk/x/gov" + govclient "github.com/cosmos/cosmos-sdk/x/gov/client" + govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" + "github.com/cosmos/cosmos-sdk/x/group" + _ "github.com/cosmos/cosmos-sdk/x/group/module" // import for side-effects + _ "github.com/cosmos/cosmos-sdk/x/mint" // import for side-effects + minttypes "github.com/cosmos/cosmos-sdk/x/mint/types" + _ "github.com/cosmos/cosmos-sdk/x/protocolpool" // import for side-effects + protocolpooltypes "github.com/cosmos/cosmos-sdk/x/protocolpool/types" + _ "github.com/cosmos/cosmos-sdk/x/slashing" // import for side-effects + slashingtypes "github.com/cosmos/cosmos-sdk/x/slashing/types" + _ "github.com/cosmos/cosmos-sdk/x/staking" // import for side-effects + stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types" + ) + + var ( + // module account permissions + moduleAccPerms = []*authmodulev1.ModuleAccountPermission{ + { + Account: authtypes.FeeCollectorName + }, + { + Account: distrtypes.ModuleName + }, + { + Account: minttypes.ModuleName, + Permissions: []string{ + authtypes.Minter + }}, + { + Account: stakingtypes.BondedPoolName, + Permissions: []string{ + authtypes.Burner, stakingtypes.ModuleName + }}, + { + Account: stakingtypes.NotBondedPoolName, + Permissions: []string{ + authtypes.Burner, stakingtypes.ModuleName + }}, + { + Account: govtypes.ModuleName, + Permissions: []string{ + authtypes.Burner + }}, + { + Account: nft.ModuleName + }, + { + Account: protocolpooltypes.ModuleName + }, + { + Account: protocolpooltypes.ProtocolPoolEscrowAccount + }, + } + + // blocked account addresses + blockAccAddrs = []string{ + authtypes.FeeCollectorName, + distrtypes.ModuleName, + minttypes.ModuleName, + stakingtypes.BondedPoolName, + stakingtypes.NotBondedPoolName, + nft.ModuleName, + // We allow the following module accounts to receive funds: + // govtypes.ModuleName + } + + ModuleConfig = []*appv1alpha1.ModuleConfig{ + { + Name: runtime.ModuleName, + Config: appconfig.WrapAny(&runtimev1alpha1.Module{ + AppName: "SimApp", + // NOTE: upgrade module is required to be prioritized + PreBlockers: []string{ + upgradetypes.ModuleName, + authtypes.ModuleName, + }, + // During begin block slashing happens after distr.BeginBlocker so that + // there is nothing left over in the validator fee pool, so as to keep the + // CanWithdrawInvariant invariant. + // NOTE: staking module is required if HistoricalEntries param > 0 + BeginBlockers: []string{ + minttypes.ModuleName, + distrtypes.ModuleName, + protocolpooltypes.ModuleName, + slashingtypes.ModuleName, + evidencetypes.ModuleName, + stakingtypes.ModuleName, + authz.ModuleName, + epochstypes.ModuleName, + }, + EndBlockers: []string{ + govtypes.ModuleName, + stakingtypes.ModuleName, + feegrant.ModuleName, + group.ModuleName, + protocolpooltypes.ModuleName, + }, + OverrideStoreKeys: []*runtimev1alpha1.StoreKeyConfig{ + { + ModuleName: authtypes.ModuleName, + KvStoreKey: "acc", + }, + }, + // NOTE: The genutils module must occur after staking so that pools are + // properly initialized with tokens from genesis accounts. + // NOTE: The genutils module must also occur after auth so that it can access the params from auth. + InitGenesis: []string{ + authtypes.ModuleName, + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + nft.ModuleName, + group.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + circuittypes.ModuleName, + epochstypes.ModuleName, + protocolpooltypes.ModuleName, + }, + // When ExportGenesis is not specified, the export genesis module order + // is equal to the init genesis order + ExportGenesis: []string{ + consensustypes.ModuleName, + authtypes.ModuleName, + protocolpooltypes.ModuleName, // Must be exported before bank + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + nft.ModuleName, + group.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + circuittypes.ModuleName, + epochstypes.ModuleName, + }, + // Uncomment if you want to set a custom migration order here. + // OrderMigrations: []string{ + }, + }), + }, + { + Name: authtypes.ModuleName, + Config: appconfig.WrapAny(&authmodulev1.Module{ + Bech32Prefix: "cosmos", + ModuleAccountPermissions: moduleAccPerms, + // By default modules authority is the governance module. This is configurable with the following: + // Authority: "group", // A custom module authority can be set using a module name + // Authority: "cosmos1cwwv22j5ca08ggdv9c2uky355k908694z577tv", // or a specific address + }), + }, + { + Name: vestingtypes.ModuleName, + Config: appconfig.WrapAny(&vestingmodulev1.Module{ + }), + }, + { + Name: banktypes.ModuleName, + Config: appconfig.WrapAny(&bankmodulev1.Module{ + BlockedModuleAccountsOverride: blockAccAddrs, + }), + }, + { + Name: stakingtypes.ModuleName, + Config: appconfig.WrapAny(&stakingmodulev1.Module{ + // NOTE: specifying a prefix is only necessary when using bech32 addresses + // If not specfied, the auth Bech32Prefix appended with "valoper" and "valcons" is used by default + Bech32PrefixValidator: "cosmosvaloper", + Bech32PrefixConsensus: "cosmosvalcons", + }), + }, + { + Name: slashingtypes.ModuleName, + Config: appconfig.WrapAny(&slashingmodulev1.Module{ + }), + }, + { + Name: "tx", + Config: appconfig.WrapAny(&txconfigv1.Config{ + SkipAnteHandler: true, // Enable this to skip the default antehandlers and set custom ante handlers. + }), + }, + { + Name: genutiltypes.ModuleName, + Config: appconfig.WrapAny(&genutilmodulev1.Module{ + }), + }, + { + Name: authz.ModuleName, + Config: appconfig.WrapAny(&authzmodulev1.Module{ + }), + }, + { + Name: upgradetypes.ModuleName, + Config: appconfig.WrapAny(&upgrademodulev1.Module{ + }), + }, + { + Name: distrtypes.ModuleName, + Config: appconfig.WrapAny(&distrmodulev1.Module{ + }), + }, + { + Name: evidencetypes.ModuleName, + Config: appconfig.WrapAny(&evidencemodulev1.Module{ + }), + }, + { + Name: minttypes.ModuleName, + Config: appconfig.WrapAny(&mintmodulev1.Module{ + }), + }, + { + Name: group.ModuleName, + Config: appconfig.WrapAny(&groupmodulev1.Module{ + MaxExecutionPeriod: durationpb.New(time.Second * 1209600), + MaxMetadataLen: 255, + }), + }, + { + Name: nft.ModuleName, + Config: appconfig.WrapAny(&nftmodulev1.Module{ + }), + }, + { + Name: feegrant.ModuleName, + Config: appconfig.WrapAny(&feegrantmodulev1.Module{ + }), + }, + { + Name: govtypes.ModuleName, + Config: appconfig.WrapAny(&govmodulev1.Module{ + }), + }, + { + Name: consensustypes.ModuleName, + Config: appconfig.WrapAny(&consensusmodulev1.Module{ + }), + }, + { + Name: circuittypes.ModuleName, + Config: appconfig.WrapAny(&circuitmodulev1.Module{ + }), + }, + { + Name: epochstypes.ModuleName, + Config: appconfig.WrapAny(&epochsmodulev1.Module{ + }), + }, + { + Name: protocolpooltypes.ModuleName, + Config: appconfig.WrapAny(&protocolpoolmodulev1.Module{ + }), + }, + } + + // AppConfig is application configuration (used by depinject) + + AppConfig = depinject.Configs(appconfig.Compose(&appv1alpha1.Config{ + Modules: ModuleConfig, + }), + depinject.Supply( + // supply custom module basics + map[string]module.AppModuleBasic{ + genutiltypes.ModuleName: genutil.NewAppModuleBasic(genutiltypes.DefaultMessageValidator), + govtypes.ModuleName: gov.NewAppModuleBasic( + []govclient.ProposalHandler{ + }, + ), + }, + ), + ) + ) + ``` + + Note: the `tx` isn't a module, but a configuration. It should be wired in the `AppConfig` as well. + + ```go expandable + package simapp + + import ( + + "time" + "google.golang.org/protobuf/types/known/durationpb" + + runtimev1alpha1 "cosmossdk.io/api/cosmos/app/runtime/v1alpha1" + appv1alpha1 "cosmossdk.io/api/cosmos/app/v1alpha1" + authmodulev1 "cosmossdk.io/api/cosmos/auth/module/v1" + authzmodulev1 "cosmossdk.io/api/cosmos/authz/module/v1" + bankmodulev1 "cosmossdk.io/api/cosmos/bank/module/v1" + circuitmodulev1 "cosmossdk.io/api/cosmos/circuit/module/v1" + consensusmodulev1 "cosmossdk.io/api/cosmos/consensus/module/v1" + distrmodulev1 "cosmossdk.io/api/cosmos/distribution/module/v1" + epochsmodulev1 "cosmossdk.io/api/cosmos/epochs/module/v1" + evidencemodulev1 "cosmossdk.io/api/cosmos/evidence/module/v1" + feegrantmodulev1 "cosmossdk.io/api/cosmos/feegrant/module/v1" + genutilmodulev1 "cosmossdk.io/api/cosmos/genutil/module/v1" + govmodulev1 "cosmossdk.io/api/cosmos/gov/module/v1" + groupmodulev1 "cosmossdk.io/api/cosmos/group/module/v1" + mintmodulev1 "cosmossdk.io/api/cosmos/mint/module/v1" + nftmodulev1 "cosmossdk.io/api/cosmos/nft/module/v1" + protocolpoolmodulev1 "cosmossdk.io/api/cosmos/protocolpool/module/v1" + slashingmodulev1 "cosmossdk.io/api/cosmos/slashing/module/v1" + stakingmodulev1 "cosmossdk.io/api/cosmos/staking/module/v1" + txconfigv1 "cosmossdk.io/api/cosmos/tx/config/v1" + upgrademodulev1 "cosmossdk.io/api/cosmos/upgrade/module/v1" + vestingmodulev1 "cosmossdk.io/api/cosmos/vesting/module/v1" + "cosmossdk.io/core/appconfig" + "cosmossdk.io/depinject" + _ "cosmossdk.io/x/circuit" // import for side-effects + circuittypes "cosmossdk.io/x/circuit/types" + _ "cosmossdk.io/x/evidence" // import for side-effects + evidencetypes "cosmossdk.io/x/evidence/types" + "cosmossdk.io/x/feegrant" + _ "cosmossdk.io/x/feegrant/module" // import for side-effects + "cosmossdk.io/x/nft" + _ "cosmossdk.io/x/nft/module" // import for side-effects + _ "cosmossdk.io/x/upgrade" // import for side-effects + upgradetypes "cosmossdk.io/x/upgrade/types" + "github.com/cosmos/cosmos-sdk/runtime" + "github.com/cosmos/cosmos-sdk/types/module" + _ "github.com/cosmos/cosmos-sdk/x/auth/tx/config" // import for side-effects + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + _ "github.com/cosmos/cosmos-sdk/x/auth/vesting" // import for side-effects + vestingtypes "github.com/cosmos/cosmos-sdk/x/auth/vesting/types" + "github.com/cosmos/cosmos-sdk/x/authz" + _ "github.com/cosmos/cosmos-sdk/x/authz/module" // import for side-effects + _ "github.com/cosmos/cosmos-sdk/x/bank" // import for side-effects + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" + _ "github.com/cosmos/cosmos-sdk/x/consensus" // import for side-effects + consensustypes "github.com/cosmos/cosmos-sdk/x/consensus/types" + _ "github.com/cosmos/cosmos-sdk/x/distribution" // import for side-effects + distrtypes "github.com/cosmos/cosmos-sdk/x/distribution/types" + _ "github.com/cosmos/cosmos-sdk/x/epochs" // import for side-effects + epochstypes "github.com/cosmos/cosmos-sdk/x/epochs/types" + "github.com/cosmos/cosmos-sdk/x/genutil" + genutiltypes "github.com/cosmos/cosmos-sdk/x/genutil/types" + "github.com/cosmos/cosmos-sdk/x/gov" + govclient "github.com/cosmos/cosmos-sdk/x/gov/client" + govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" + "github.com/cosmos/cosmos-sdk/x/group" + _ "github.com/cosmos/cosmos-sdk/x/group/module" // import for side-effects + _ "github.com/cosmos/cosmos-sdk/x/mint" // import for side-effects + minttypes "github.com/cosmos/cosmos-sdk/x/mint/types" + _ "github.com/cosmos/cosmos-sdk/x/protocolpool" // import for side-effects + protocolpooltypes "github.com/cosmos/cosmos-sdk/x/protocolpool/types" + _ "github.com/cosmos/cosmos-sdk/x/slashing" // import for side-effects + slashingtypes "github.com/cosmos/cosmos-sdk/x/slashing/types" + _ "github.com/cosmos/cosmos-sdk/x/staking" // import for side-effects + stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types" + ) + + var ( + // module account permissions + moduleAccPerms = []*authmodulev1.ModuleAccountPermission{ + { + Account: authtypes.FeeCollectorName + }, + { + Account: distrtypes.ModuleName + }, + { + Account: minttypes.ModuleName, + Permissions: []string{ + authtypes.Minter + }}, + { + Account: stakingtypes.BondedPoolName, + Permissions: []string{ + authtypes.Burner, stakingtypes.ModuleName + }}, + { + Account: stakingtypes.NotBondedPoolName, + Permissions: []string{ + authtypes.Burner, stakingtypes.ModuleName + }}, + { + Account: govtypes.ModuleName, + Permissions: []string{ + authtypes.Burner + }}, + { + Account: nft.ModuleName + }, + { + Account: protocolpooltypes.ModuleName + }, + { + Account: protocolpooltypes.ProtocolPoolEscrowAccount + }, + } + + // blocked account addresses + blockAccAddrs = []string{ + authtypes.FeeCollectorName, + distrtypes.ModuleName, + minttypes.ModuleName, + stakingtypes.BondedPoolName, + stakingtypes.NotBondedPoolName, + nft.ModuleName, + // We allow the following module accounts to receive funds: + // govtypes.ModuleName + } + + ModuleConfig = []*appv1alpha1.ModuleConfig{ + { + Name: runtime.ModuleName, + Config: appconfig.WrapAny(&runtimev1alpha1.Module{ + AppName: "SimApp", + // NOTE: upgrade module is required to be prioritized + PreBlockers: []string{ + upgradetypes.ModuleName, + authtypes.ModuleName, + }, + // During begin block slashing happens after distr.BeginBlocker so that + // there is nothing left over in the validator fee pool, so as to keep the + // CanWithdrawInvariant invariant. + // NOTE: staking module is required if HistoricalEntries param > 0 + BeginBlockers: []string{ + minttypes.ModuleName, + distrtypes.ModuleName, + protocolpooltypes.ModuleName, + slashingtypes.ModuleName, + evidencetypes.ModuleName, + stakingtypes.ModuleName, + authz.ModuleName, + epochstypes.ModuleName, + }, + EndBlockers: []string{ + govtypes.ModuleName, + stakingtypes.ModuleName, + feegrant.ModuleName, + group.ModuleName, + protocolpooltypes.ModuleName, + }, + OverrideStoreKeys: []*runtimev1alpha1.StoreKeyConfig{ + { + ModuleName: authtypes.ModuleName, + KvStoreKey: "acc", + }, + }, + // NOTE: The genutils module must occur after staking so that pools are + // properly initialized with tokens from genesis accounts. + // NOTE: The genutils module must also occur after auth so that it can access the params from auth. + InitGenesis: []string{ + authtypes.ModuleName, + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + nft.ModuleName, + group.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + circuittypes.ModuleName, + epochstypes.ModuleName, + protocolpooltypes.ModuleName, + }, + // When ExportGenesis is not specified, the export genesis module order + // is equal to the init genesis order + ExportGenesis: []string{ + consensustypes.ModuleName, + authtypes.ModuleName, + protocolpooltypes.ModuleName, // Must be exported before bank + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + nft.ModuleName, + group.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + circuittypes.ModuleName, + epochstypes.ModuleName, + }, + // Uncomment if you want to set a custom migration order here. + // OrderMigrations: []string{ + }, + }), + }, + { + Name: authtypes.ModuleName, + Config: appconfig.WrapAny(&authmodulev1.Module{ + Bech32Prefix: "cosmos", + ModuleAccountPermissions: moduleAccPerms, + // By default modules authority is the governance module. This is configurable with the following: + // Authority: "group", // A custom module authority can be set using a module name + // Authority: "cosmos1cwwv22j5ca08ggdv9c2uky355k908694z577tv", // or a specific address + }), + }, + { + Name: vestingtypes.ModuleName, + Config: appconfig.WrapAny(&vestingmodulev1.Module{ + }), + }, + { + Name: banktypes.ModuleName, + Config: appconfig.WrapAny(&bankmodulev1.Module{ + BlockedModuleAccountsOverride: blockAccAddrs, + }), + }, + { + Name: stakingtypes.ModuleName, + Config: appconfig.WrapAny(&stakingmodulev1.Module{ + // NOTE: specifying a prefix is only necessary when using bech32 addresses + // If not specfied, the auth Bech32Prefix appended with "valoper" and "valcons" is used by default + Bech32PrefixValidator: "cosmosvaloper", + Bech32PrefixConsensus: "cosmosvalcons", + }), + }, + { + Name: slashingtypes.ModuleName, + Config: appconfig.WrapAny(&slashingmodulev1.Module{ + }), + }, + { + Name: "tx", + Config: appconfig.WrapAny(&txconfigv1.Config{ + SkipAnteHandler: true, // Enable this to skip the default antehandlers and set custom ante handlers. + }), + }, + { + Name: genutiltypes.ModuleName, + Config: appconfig.WrapAny(&genutilmodulev1.Module{ + }), + }, + { + Name: authz.ModuleName, + Config: appconfig.WrapAny(&authzmodulev1.Module{ + }), + }, + { + Name: upgradetypes.ModuleName, + Config: appconfig.WrapAny(&upgrademodulev1.Module{ + }), + }, + { + Name: distrtypes.ModuleName, + Config: appconfig.WrapAny(&distrmodulev1.Module{ + }), + }, + { + Name: evidencetypes.ModuleName, + Config: appconfig.WrapAny(&evidencemodulev1.Module{ + }), + }, + { + Name: minttypes.ModuleName, + Config: appconfig.WrapAny(&mintmodulev1.Module{ + }), + }, + { + Name: group.ModuleName, + Config: appconfig.WrapAny(&groupmodulev1.Module{ + MaxExecutionPeriod: durationpb.New(time.Second * 1209600), + MaxMetadataLen: 255, + }), + }, + { + Name: nft.ModuleName, + Config: appconfig.WrapAny(&nftmodulev1.Module{ + }), + }, + { + Name: feegrant.ModuleName, + Config: appconfig.WrapAny(&feegrantmodulev1.Module{ + }), + }, + { + Name: govtypes.ModuleName, + Config: appconfig.WrapAny(&govmodulev1.Module{ + }), + }, + { + Name: consensustypes.ModuleName, + Config: appconfig.WrapAny(&consensusmodulev1.Module{ + }), + }, + { + Name: circuittypes.ModuleName, + Config: appconfig.WrapAny(&circuitmodulev1.Module{ + }), + }, + { + Name: epochstypes.ModuleName, + Config: appconfig.WrapAny(&epochsmodulev1.Module{ + }), + }, + { + Name: protocolpooltypes.ModuleName, + Config: appconfig.WrapAny(&protocolpoolmodulev1.Module{ + }), + }, + } + + // AppConfig is application configuration (used by depinject) + + AppConfig = depinject.Configs(appconfig.Compose(&appv1alpha1.Config{ + Modules: ModuleConfig, + }), + depinject.Supply( + // supply custom module basics + map[string]module.AppModuleBasic{ + genutiltypes.ModuleName: genutil.NewAppModuleBasic(genutiltypes.DefaultMessageValidator), + govtypes.ModuleName: gov.NewAppModuleBasic( + []govclient.ProposalHandler{ + }, + ), + }, + ), + ) + ) + ``` + +See the complete `app_config.go` file for `SimApp` [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/simapp/app_config.go). + +### Alternative formats + + +The example above shows how to create an `AppConfig` using Go. However, it is also possible to create an `AppConfig` using YAML, or JSON.\ +The configuration can then be embedded with `go:embed` and read with [`appconfig.LoadYAML`](https://pkg.go.dev/cosmossdk.io/core/appconfig#LoadYAML), or [`appconfig.LoadJSON`](https://pkg.go.dev/cosmossdk.io/core/appconfig#LoadJSON), in `app_di.go`. + +```go +//go:embed app_config.yaml +var ( + appConfigYaml []byte + appConfig = appconfig.LoadYAML(appConfigYaml) +) +``` + + + +```yaml expandable +modules: + - name: runtime + config: + "@type": cosmos.app.runtime.v1alpha1.Module + app_name: SimApp + begin_blockers: [staking, auth, bank] + end_blockers: [bank, auth, staking] + init_genesis: [bank, auth, staking] + - name: auth + config: + "@type": cosmos.auth.module.v1.Module + bech32_prefix: cosmos + - name: bank + config: + "@type": cosmos.bank.module.v1.Module + - name: staking + config: + "@type": cosmos.staking.module.v1.Module + - name: tx + config: + "@type": cosmos.tx.module.v1.Module +``` + +A more complete example of `app.yaml` can be found [here](https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/simapp/example_app.yaml). + +## `app_di.go` + +`app_di.go` is the place where `SimApp` is constructed. `depinject.Inject` automatically wires the app modules and keepers when provided with an application configuration (`AppConfig`). `SimApp` is constructed upon calling the injected `*runtime.AppBuilder` with `appBuilder.Build(...)`.\ +In short `depinject` and the [`runtime` package](/docs/sdk/vnext/build/building-apps/runtime) abstract the wiring of the app, and the `AppBuilder` is the place where the app is constructed. [`runtime`](/docs/sdk/vnext/build/building-apps/runtime) takes care of registering the codecs, KV store, subspaces and instantiating `baseapp`. + +```go expandable +//go:build !app_v1 + +package simapp + +import ( + + "io" + + dbm "github.com/cosmos/cosmos-db" + + clienthelpers "cosmossdk.io/client/v2/helpers" + "cosmossdk.io/depinject" + "cosmossdk.io/log" + storetypes "cosmossdk.io/store/types" + circuitkeeper "cosmossdk.io/x/circuit/keeper" + evidencekeeper "cosmossdk.io/x/evidence/keeper" + feegrantkeeper "cosmossdk.io/x/feegrant/keeper" + nftkeeper "cosmossdk.io/x/nft/keeper" + upgradekeeper "cosmossdk.io/x/upgrade/keeper" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + "github.com/cosmos/cosmos-sdk/runtime" + "github.com/cosmos/cosmos-sdk/server" + "github.com/cosmos/cosmos-sdk/server/api" + "github.com/cosmos/cosmos-sdk/server/config" + servertypes "github.com/cosmos/cosmos-sdk/server/types" + testdata_pulsar "github.com/cosmos/cosmos-sdk/testutil/testdata/testpb" + "github.com/cosmos/cosmos-sdk/types/module" + "github.com/cosmos/cosmos-sdk/x/auth" + "github.com/cosmos/cosmos-sdk/x/auth/ante" + authkeeper "github.com/cosmos/cosmos-sdk/x/auth/keeper" + authsims "github.com/cosmos/cosmos-sdk/x/auth/simulation" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + authzkeeper "github.com/cosmos/cosmos-sdk/x/authz/keeper" + bankkeeper "github.com/cosmos/cosmos-sdk/x/bank/keeper" + consensuskeeper "github.com/cosmos/cosmos-sdk/x/consensus/keeper" + distrkeeper "github.com/cosmos/cosmos-sdk/x/distribution/keeper" + epochskeeper "github.com/cosmos/cosmos-sdk/x/epochs/keeper" + govkeeper "github.com/cosmos/cosmos-sdk/x/gov/keeper" + groupkeeper "github.com/cosmos/cosmos-sdk/x/group/keeper" + mintkeeper "github.com/cosmos/cosmos-sdk/x/mint/keeper" + protocolpoolkeeper "github.com/cosmos/cosmos-sdk/x/protocolpool/keeper" + slashingkeeper "github.com/cosmos/cosmos-sdk/x/slashing/keeper" + stakingkeeper "github.com/cosmos/cosmos-sdk/x/staking/keeper" +) + +// DefaultNodeHome default home directories for the application daemon +var DefaultNodeHome string + +var ( + _ runtime.AppI = (*SimApp)(nil) + _ servertypes.Application = (*SimApp)(nil) +) + +// SimApp extends an ABCI application, but with most of its parameters exported. +// They are exported for convenience in creating helper functions, as object +// capabilities aren't needed for testing. +type SimApp struct { + *runtime.App + legacyAmino *codec.LegacyAmino + appCodec codec.Codec + txConfig client.TxConfig + interfaceRegistry codectypes.InterfaceRegistry + + // essential keepers + AccountKeeper authkeeper.AccountKeeper + BankKeeper bankkeeper.BaseKeeper + StakingKeeper *stakingkeeper.Keeper + SlashingKeeper slashingkeeper.Keeper + MintKeeper mintkeeper.Keeper + DistrKeeper distrkeeper.Keeper + GovKeeper *govkeeper.Keeper + UpgradeKeeper *upgradekeeper.Keeper + EvidenceKeeper evidencekeeper.Keeper + ConsensusParamsKeeper consensuskeeper.Keeper + CircuitKeeper circuitkeeper.Keeper + + // supplementary keepers + FeeGrantKeeper feegrantkeeper.Keeper + GroupKeeper groupkeeper.Keeper + AuthzKeeper authzkeeper.Keeper + NFTKeeper nftkeeper.Keeper + EpochsKeeper epochskeeper.Keeper + ProtocolPoolKeeper protocolpoolkeeper.Keeper + + // simulation manager + sm *module.SimulationManager +} + +func init() { + var err error + DefaultNodeHome, err = clienthelpers.GetNodeHomeDirectory(".simapp") + if err != nil { + panic(err) +} +} + +// NewSimApp returns a reference to an initialized SimApp. +func NewSimApp( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), +) *SimApp { + var ( + app = &SimApp{ +} + +appBuilder *runtime.AppBuilder + + // merge the AppConfig and other configuration in one config + appConfig = depinject.Configs( + AppConfig, + depinject.Supply( + // supply the application options + appOpts, + // supply the logger + logger, + + // ADVANCED CONFIGURATION + + // + // AUTH + // + // For providing a custom function required in auth to generate custom account types + // add it below. By default the auth module uses simulation.RandomGenesisAccounts. + // + // authtypes.RandomGenesisAccountsFn(simulation.RandomGenesisAccounts), + // + // For providing a custom a base account type add it below. + // By default the auth module uses authtypes.ProtoBaseAccount(). + // + // func() + +sdk.AccountI { + return authtypes.ProtoBaseAccount() +}, + // + // For providing a different address codec, add it below. + // By default the auth module uses a Bech32 address codec, + // with the prefix defined in the auth module configuration. + // + // func() + +address.Codec { + return <- custom address codec type -> +} + + // + // STAKING + // + // For provinding a different validator and consensus address codec, add it below. + // By default the staking module uses the bech32 prefix provided in the auth config, + // and appends "valoper" and "valcons" for validator and consensus addresses respectively. + // When providing a custom address codec in auth, custom address codecs must be provided here as well. + // + // func() + +runtime.ValidatorAddressCodec { + return <- custom validator address codec type -> +} + // func() + +runtime.ConsensusAddressCodec { + return <- custom consensus address codec type -> +} + + // + // MINT + // + + // For providing a custom inflation function for x/mint add here your + // custom function that implements the minttypes.InflationCalculationFn + // interface. + ), + ) + ) + if err := depinject.Inject(appConfig, + &appBuilder, + &app.appCodec, + &app.legacyAmino, + &app.txConfig, + &app.interfaceRegistry, + &app.AccountKeeper, + &app.BankKeeper, + &app.StakingKeeper, + &app.SlashingKeeper, + &app.MintKeeper, + &app.DistrKeeper, + &app.GovKeeper, + &app.UpgradeKeeper, + &app.AuthzKeeper, + &app.EvidenceKeeper, + &app.FeeGrantKeeper, + &app.GroupKeeper, + &app.NFTKeeper, + &app.ConsensusParamsKeeper, + &app.CircuitKeeper, + &app.EpochsKeeper, + &app.ProtocolPoolKeeper, + ); err != nil { + panic(err) +} + + // Below we could construct and set an application specific mempool and + // ABCI 1.0 PrepareProposal and ProcessProposal handlers. These defaults are + // already set in the SDK's BaseApp, this shows an example of how to override + // them. + // + // Example: + // + // app.App = appBuilder.Build(...) + // nonceMempool := mempool.NewSenderNonceMempool() + // abciPropHandler := NewDefaultProposalHandler(nonceMempool, app.App.BaseApp) + // + // app.App.BaseApp.SetMempool(nonceMempool) + // app.App.BaseApp.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // app.App.BaseApp.SetProcessProposal(abciPropHandler.ProcessProposalHandler()) + // + // Alternatively, you can construct BaseApp options, append those to + // baseAppOptions and pass them to the appBuilder. + // + // Example: + // + // prepareOpt = func(app *baseapp.BaseApp) { + // abciPropHandler := baseapp.NewDefaultProposalHandler(nonceMempool, app) + // app.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // +} + // baseAppOptions = append(baseAppOptions, prepareOpt) + + // create and set dummy vote extension handler + voteExtOp := func(bApp *baseapp.BaseApp) { + voteExtHandler := NewVoteExtensionHandler() + +voteExtHandler.SetHandlers(bApp) +} + +baseAppOptions = append(baseAppOptions, voteExtOp, baseapp.SetOptimisticExecution()) + +app.App = appBuilder.Build(db, traceStore, baseAppOptions...) + + // register streaming services + if err := app.RegisterStreamingServices(appOpts, app.kvStoreKeys()); err != nil { + panic(err) +} + + /**** Module Options ****/ + + // RegisterUpgradeHandlers is used for registering any on-chain upgrades. + app.RegisterUpgradeHandlers() + + // add test gRPC service for testing gRPC queries in isolation + testdata_pulsar.RegisterQueryServer(app.GRPCQueryRouter(), testdata_pulsar.QueryImpl{ +}) + + // create the simulation manager and define the order of the modules for deterministic simulations + // + // NOTE: this is not required apps that don't use the simulator for fuzz testing + // transactions + overrideModules := map[string]module.AppModuleSimulation{ + authtypes.ModuleName: auth.NewAppModule(app.appCodec, app.AccountKeeper, authsims.RandomGenesisAccounts, nil), +} + +app.sm = module.NewSimulationManagerFromAppModules(app.ModuleManager.Modules, overrideModules) + +app.sm.RegisterStoreDecoders() + + // A custom InitChainer can be set if extra pre-init-genesis logic is required. + // By default, when using app wiring enabled module, this is not required. + // For instance, the upgrade module will set automatically the module version map in its init genesis thanks to app wiring. + // However, when registering a module manually (i.e. that does not support app wiring), the module version map + // must be set manually as follow. The upgrade module will de-duplicate the module version map. + // + // app.SetInitChainer(func(ctx sdk.Context, req *abci.RequestInitChain) (*abci.ResponseInitChain, error) { + // app.UpgradeKeeper.SetModuleVersionMap(ctx, app.ModuleManager.GetVersionMap()) + // return app.App.InitChainer(ctx, req) + // +}) + + // set custom ante handler + app.setAnteHandler(app.txConfig) + if err := app.Load(loadLatest); err != nil { + panic(err) +} + +return app +} + +// setAnteHandler sets custom ante handlers. +// "x/auth/tx" pre-defined ante handler have been disabled in app_config. +func (app *SimApp) + +setAnteHandler(txConfig client.TxConfig) { + anteHandler, err := NewAnteHandler( + HandlerOptions{ + ante.HandlerOptions{ + UnorderedNonceManager: app.AccountKeeper, + AccountKeeper: app.AccountKeeper, + BankKeeper: app.BankKeeper, + SignModeHandler: txConfig.SignModeHandler(), + FeegrantKeeper: app.FeeGrantKeeper, + SigGasConsumer: ante.DefaultSigVerificationGasConsumer, +}, + &app.CircuitKeeper, +}, + ) + if err != nil { + panic(err) +} + + // Set the AnteHandler for the app + app.SetAnteHandler(anteHandler) +} + +// LegacyAmino returns SimApp's amino codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +LegacyAmino() *codec.LegacyAmino { + return app.legacyAmino +} + +// AppCodec returns SimApp's app codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +AppCodec() + +codec.Codec { + return app.appCodec +} + +// InterfaceRegistry returns SimApp's InterfaceRegistry. +func (app *SimApp) + +InterfaceRegistry() + +codectypes.InterfaceRegistry { + return app.interfaceRegistry +} + +// TxConfig returns SimApp's TxConfig +func (app *SimApp) + +TxConfig() + +client.TxConfig { + return app.txConfig +} + +// GetKey returns the KVStoreKey for the provided store key. +// +// NOTE: This is solely to be used for testing purposes. +func (app *SimApp) + +GetKey(storeKey string) *storetypes.KVStoreKey { + sk := app.UnsafeFindStoreKey(storeKey) + +kvStoreKey, ok := sk.(*storetypes.KVStoreKey) + if !ok { + return nil +} + +return kvStoreKey +} + +func (app *SimApp) + +kvStoreKeys() + +map[string]*storetypes.KVStoreKey { + keys := make(map[string]*storetypes.KVStoreKey) + for _, k := range app.GetStoreKeys() { + if kv, ok := k.(*storetypes.KVStoreKey); ok { + keys[kv.Name()] = kv +} + +} + +return keys +} + +// SimulationManager implements the SimulationApp interface +func (app *SimApp) + +SimulationManager() *module.SimulationManager { + return app.sm +} + +// RegisterAPIRoutes registers all application module routes with the provided +// API server. +func (app *SimApp) + +RegisterAPIRoutes(apiSvr *api.Server, apiConfig config.APIConfig) { + app.App.RegisterAPIRoutes(apiSvr, apiConfig) + // register swagger API in app.go so that other applications can override easily + if err := server.RegisterSwaggerAPI(apiSvr.ClientCtx, apiSvr.Router, apiConfig.Swagger); err != nil { + panic(err) +} +} + +// GetMaccPerms returns a copy of the module account permissions +// +// NOTE: This is solely to be used for testing purposes. +func GetMaccPerms() + +map[string][]string { + dup := make(map[string][]string) + for _, perms := range moduleAccPerms { + dup[perms.Account] = perms.Permissions +} + +return dup +} + +// BlockedAddresses returns all the app's blocked account addresses. +func BlockedAddresses() + +map[string]bool { + result := make(map[string]bool) + if len(blockAccAddrs) > 0 { + for _, addr := range blockAccAddrs { + result[addr] = true +} + +} + +else { + for addr := range GetMaccPerms() { + result[addr] = true +} + +} + +return result +} +``` + + +When using `depinject.Inject`, the injected types must be pointers. + + +### Advanced Configuration + +In advanced cases, it is possible to inject extra (module) configuration in a way that is not (yet) supported by `AppConfig`.\ +In this case, use `depinject.Configs` for combining the extra configuration, and `AppConfig` and `depinject.Supply` for providing the extra configuration. +More information on how `depinject.Configs` and `depinject.Supply` function can be found in the [`depinject` documentation](https://pkg.go.dev/cosmossdk.io/depinject). + +```go expandable +//go:build !app_v1 + +package simapp + +import ( + + "io" + + dbm "github.com/cosmos/cosmos-db" + + clienthelpers "cosmossdk.io/client/v2/helpers" + "cosmossdk.io/depinject" + "cosmossdk.io/log" + storetypes "cosmossdk.io/store/types" + circuitkeeper "cosmossdk.io/x/circuit/keeper" + evidencekeeper "cosmossdk.io/x/evidence/keeper" + feegrantkeeper "cosmossdk.io/x/feegrant/keeper" + nftkeeper "cosmossdk.io/x/nft/keeper" + upgradekeeper "cosmossdk.io/x/upgrade/keeper" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + "github.com/cosmos/cosmos-sdk/runtime" + "github.com/cosmos/cosmos-sdk/server" + "github.com/cosmos/cosmos-sdk/server/api" + "github.com/cosmos/cosmos-sdk/server/config" + servertypes "github.com/cosmos/cosmos-sdk/server/types" + testdata_pulsar "github.com/cosmos/cosmos-sdk/testutil/testdata/testpb" + "github.com/cosmos/cosmos-sdk/types/module" + "github.com/cosmos/cosmos-sdk/x/auth" + "github.com/cosmos/cosmos-sdk/x/auth/ante" + authkeeper "github.com/cosmos/cosmos-sdk/x/auth/keeper" + authsims "github.com/cosmos/cosmos-sdk/x/auth/simulation" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + authzkeeper "github.com/cosmos/cosmos-sdk/x/authz/keeper" + bankkeeper "github.com/cosmos/cosmos-sdk/x/bank/keeper" + consensuskeeper "github.com/cosmos/cosmos-sdk/x/consensus/keeper" + distrkeeper "github.com/cosmos/cosmos-sdk/x/distribution/keeper" + epochskeeper "github.com/cosmos/cosmos-sdk/x/epochs/keeper" + govkeeper "github.com/cosmos/cosmos-sdk/x/gov/keeper" + groupkeeper "github.com/cosmos/cosmos-sdk/x/group/keeper" + mintkeeper "github.com/cosmos/cosmos-sdk/x/mint/keeper" + protocolpoolkeeper "github.com/cosmos/cosmos-sdk/x/protocolpool/keeper" + slashingkeeper "github.com/cosmos/cosmos-sdk/x/slashing/keeper" + stakingkeeper "github.com/cosmos/cosmos-sdk/x/staking/keeper" +) + +// DefaultNodeHome default home directories for the application daemon +var DefaultNodeHome string + +var ( + _ runtime.AppI = (*SimApp)(nil) + _ servertypes.Application = (*SimApp)(nil) +) + +// SimApp extends an ABCI application, but with most of its parameters exported. +// They are exported for convenience in creating helper functions, as object +// capabilities aren't needed for testing. +type SimApp struct { + *runtime.App + legacyAmino *codec.LegacyAmino + appCodec codec.Codec + txConfig client.TxConfig + interfaceRegistry codectypes.InterfaceRegistry + + // essential keepers + AccountKeeper authkeeper.AccountKeeper + BankKeeper bankkeeper.BaseKeeper + StakingKeeper *stakingkeeper.Keeper + SlashingKeeper slashingkeeper.Keeper + MintKeeper mintkeeper.Keeper + DistrKeeper distrkeeper.Keeper + GovKeeper *govkeeper.Keeper + UpgradeKeeper *upgradekeeper.Keeper + EvidenceKeeper evidencekeeper.Keeper + ConsensusParamsKeeper consensuskeeper.Keeper + CircuitKeeper circuitkeeper.Keeper + + // supplementary keepers + FeeGrantKeeper feegrantkeeper.Keeper + GroupKeeper groupkeeper.Keeper + AuthzKeeper authzkeeper.Keeper + NFTKeeper nftkeeper.Keeper + EpochsKeeper epochskeeper.Keeper + ProtocolPoolKeeper protocolpoolkeeper.Keeper + + // simulation manager + sm *module.SimulationManager +} + +func init() { + var err error + DefaultNodeHome, err = clienthelpers.GetNodeHomeDirectory(".simapp") + if err != nil { + panic(err) +} +} + +// NewSimApp returns a reference to an initialized SimApp. +func NewSimApp( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), +) *SimApp { + var ( + app = &SimApp{ +} + +appBuilder *runtime.AppBuilder + + // merge the AppConfig and other configuration in one config + appConfig = depinject.Configs( + AppConfig, + depinject.Supply( + // supply the application options + appOpts, + // supply the logger + logger, + + // ADVANCED CONFIGURATION + + // + // AUTH + // + // For providing a custom function required in auth to generate custom account types + // add it below. By default the auth module uses simulation.RandomGenesisAccounts. + // + // authtypes.RandomGenesisAccountsFn(simulation.RandomGenesisAccounts), + // + // For providing a custom a base account type add it below. + // By default the auth module uses authtypes.ProtoBaseAccount(). + // + // func() + +sdk.AccountI { + return authtypes.ProtoBaseAccount() +}, + // + // For providing a different address codec, add it below. + // By default the auth module uses a Bech32 address codec, + // with the prefix defined in the auth module configuration. + // + // func() + +address.Codec { + return <- custom address codec type -> +} + + // + // STAKING + // + // For provinding a different validator and consensus address codec, add it below. + // By default the staking module uses the bech32 prefix provided in the auth config, + // and appends "valoper" and "valcons" for validator and consensus addresses respectively. + // When providing a custom address codec in auth, custom address codecs must be provided here as well. + // + // func() + +runtime.ValidatorAddressCodec { + return <- custom validator address codec type -> +} + // func() + +runtime.ConsensusAddressCodec { + return <- custom consensus address codec type -> +} + + // + // MINT + // + + // For providing a custom inflation function for x/mint add here your + // custom function that implements the minttypes.InflationCalculationFn + // interface. + ), + ) + ) + if err := depinject.Inject(appConfig, + &appBuilder, + &app.appCodec, + &app.legacyAmino, + &app.txConfig, + &app.interfaceRegistry, + &app.AccountKeeper, + &app.BankKeeper, + &app.StakingKeeper, + &app.SlashingKeeper, + &app.MintKeeper, + &app.DistrKeeper, + &app.GovKeeper, + &app.UpgradeKeeper, + &app.AuthzKeeper, + &app.EvidenceKeeper, + &app.FeeGrantKeeper, + &app.GroupKeeper, + &app.NFTKeeper, + &app.ConsensusParamsKeeper, + &app.CircuitKeeper, + &app.EpochsKeeper, + &app.ProtocolPoolKeeper, + ); err != nil { + panic(err) +} + + // Below we could construct and set an application specific mempool and + // ABCI 1.0 PrepareProposal and ProcessProposal handlers. These defaults are + // already set in the SDK's BaseApp, this shows an example of how to override + // them. + // + // Example: + // + // app.App = appBuilder.Build(...) + // nonceMempool := mempool.NewSenderNonceMempool() + // abciPropHandler := NewDefaultProposalHandler(nonceMempool, app.App.BaseApp) + // + // app.App.BaseApp.SetMempool(nonceMempool) + // app.App.BaseApp.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // app.App.BaseApp.SetProcessProposal(abciPropHandler.ProcessProposalHandler()) + // + // Alternatively, you can construct BaseApp options, append those to + // baseAppOptions and pass them to the appBuilder. + // + // Example: + // + // prepareOpt = func(app *baseapp.BaseApp) { + // abciPropHandler := baseapp.NewDefaultProposalHandler(nonceMempool, app) + // app.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // +} + // baseAppOptions = append(baseAppOptions, prepareOpt) + + // create and set dummy vote extension handler + voteExtOp := func(bApp *baseapp.BaseApp) { + voteExtHandler := NewVoteExtensionHandler() + +voteExtHandler.SetHandlers(bApp) +} + +baseAppOptions = append(baseAppOptions, voteExtOp, baseapp.SetOptimisticExecution()) + +app.App = appBuilder.Build(db, traceStore, baseAppOptions...) + + // register streaming services + if err := app.RegisterStreamingServices(appOpts, app.kvStoreKeys()); err != nil { + panic(err) +} + + /**** Module Options ****/ + + // RegisterUpgradeHandlers is used for registering any on-chain upgrades. + app.RegisterUpgradeHandlers() + + // add test gRPC service for testing gRPC queries in isolation + testdata_pulsar.RegisterQueryServer(app.GRPCQueryRouter(), testdata_pulsar.QueryImpl{ +}) + + // create the simulation manager and define the order of the modules for deterministic simulations + // + // NOTE: this is not required apps that don't use the simulator for fuzz testing + // transactions + overrideModules := map[string]module.AppModuleSimulation{ + authtypes.ModuleName: auth.NewAppModule(app.appCodec, app.AccountKeeper, authsims.RandomGenesisAccounts, nil), +} + +app.sm = module.NewSimulationManagerFromAppModules(app.ModuleManager.Modules, overrideModules) + +app.sm.RegisterStoreDecoders() + + // A custom InitChainer can be set if extra pre-init-genesis logic is required. + // By default, when using app wiring enabled module, this is not required. + // For instance, the upgrade module will set automatically the module version map in its init genesis thanks to app wiring. + // However, when registering a module manually (i.e. that does not support app wiring), the module version map + // must be set manually as follow. The upgrade module will de-duplicate the module version map. + // + // app.SetInitChainer(func(ctx sdk.Context, req *abci.RequestInitChain) (*abci.ResponseInitChain, error) { + // app.UpgradeKeeper.SetModuleVersionMap(ctx, app.ModuleManager.GetVersionMap()) + // return app.App.InitChainer(ctx, req) + // +}) + + // set custom ante handler + app.setAnteHandler(app.txConfig) + if err := app.Load(loadLatest); err != nil { + panic(err) +} + +return app +} + +// setAnteHandler sets custom ante handlers. +// "x/auth/tx" pre-defined ante handler have been disabled in app_config. +func (app *SimApp) + +setAnteHandler(txConfig client.TxConfig) { + anteHandler, err := NewAnteHandler( + HandlerOptions{ + ante.HandlerOptions{ + UnorderedNonceManager: app.AccountKeeper, + AccountKeeper: app.AccountKeeper, + BankKeeper: app.BankKeeper, + SignModeHandler: txConfig.SignModeHandler(), + FeegrantKeeper: app.FeeGrantKeeper, + SigGasConsumer: ante.DefaultSigVerificationGasConsumer, +}, + &app.CircuitKeeper, +}, + ) + if err != nil { + panic(err) +} + + // Set the AnteHandler for the app + app.SetAnteHandler(anteHandler) +} + +// LegacyAmino returns SimApp's amino codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +LegacyAmino() *codec.LegacyAmino { + return app.legacyAmino +} + +// AppCodec returns SimApp's app codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +AppCodec() + +codec.Codec { + return app.appCodec +} + +// InterfaceRegistry returns SimApp's InterfaceRegistry. +func (app *SimApp) + +InterfaceRegistry() + +codectypes.InterfaceRegistry { + return app.interfaceRegistry +} + +// TxConfig returns SimApp's TxConfig +func (app *SimApp) + +TxConfig() + +client.TxConfig { + return app.txConfig +} + +// GetKey returns the KVStoreKey for the provided store key. +// +// NOTE: This is solely to be used for testing purposes. +func (app *SimApp) + +GetKey(storeKey string) *storetypes.KVStoreKey { + sk := app.UnsafeFindStoreKey(storeKey) + +kvStoreKey, ok := sk.(*storetypes.KVStoreKey) + if !ok { + return nil +} + +return kvStoreKey +} + +func (app *SimApp) + +kvStoreKeys() + +map[string]*storetypes.KVStoreKey { + keys := make(map[string]*storetypes.KVStoreKey) + for _, k := range app.GetStoreKeys() { + if kv, ok := k.(*storetypes.KVStoreKey); ok { + keys[kv.Name()] = kv +} + +} + +return keys +} + +// SimulationManager implements the SimulationApp interface +func (app *SimApp) + +SimulationManager() *module.SimulationManager { + return app.sm +} + +// RegisterAPIRoutes registers all application module routes with the provided +// API server. +func (app *SimApp) + +RegisterAPIRoutes(apiSvr *api.Server, apiConfig config.APIConfig) { + app.App.RegisterAPIRoutes(apiSvr, apiConfig) + // register swagger API in app.go so that other applications can override easily + if err := server.RegisterSwaggerAPI(apiSvr.ClientCtx, apiSvr.Router, apiConfig.Swagger); err != nil { + panic(err) +} +} + +// GetMaccPerms returns a copy of the module account permissions +// +// NOTE: This is solely to be used for testing purposes. +func GetMaccPerms() + +map[string][]string { + dup := make(map[string][]string) + for _, perms := range moduleAccPerms { + dup[perms.Account] = perms.Permissions +} + +return dup +} + +// BlockedAddresses returns all the app's blocked account addresses. +func BlockedAddresses() + +map[string]bool { + result := make(map[string]bool) + if len(blockAccAddrs) > 0 { + for _, addr := range blockAccAddrs { + result[addr] = true +} + +} + +else { + for addr := range GetMaccPerms() { + result[addr] = true +} + +} + +return result +} +``` + +### Registering non app wiring modules + +It is possible to combine app wiring / depinject enabled modules with non-app wiring modules. +To do so, use the `app.RegisterModules` method to register the modules on your app, as well as `app.RegisterStores` for registering the extra stores needed. + +```go expandable +// .... +app.App = appBuilder.Build(db, traceStore, baseAppOptions...) + +// register module manually +app.RegisterStores(storetypes.NewKVStoreKey(example.ModuleName)) + +app.ExampleKeeper = examplekeeper.NewKeeper(app.appCodec, app.AccountKeeper.AddressCodec(), runtime.NewKVStoreService(app.GetKey(example.ModuleName)), authtypes.NewModuleAddress(govtypes.ModuleName).String()) + exampleAppModule := examplemodule.NewAppModule(app.ExampleKeeper) + if err := app.RegisterModules(&exampleAppModule); err != nil { + panic(err) +} + +// .... +``` + + +When using AutoCLI and combining app wiring and non-app wiring modules. The AutoCLI options should be manually constructed instead of injected. +Otherwise it will miss the non depinject modules and not register their CLI. + + +### Complete `app_di.go` + + +Note that in the complete `SimApp` `app_di.go` file, testing utilities are also defined, but they could as well be defined in a separate file. + + +```go expandable +//go:build !app_v1 + +package simapp + +import ( + + "io" + + dbm "github.com/cosmos/cosmos-db" + + clienthelpers "cosmossdk.io/client/v2/helpers" + "cosmossdk.io/depinject" + "cosmossdk.io/log" + storetypes "cosmossdk.io/store/types" + circuitkeeper "cosmossdk.io/x/circuit/keeper" + evidencekeeper "cosmossdk.io/x/evidence/keeper" + feegrantkeeper "cosmossdk.io/x/feegrant/keeper" + nftkeeper "cosmossdk.io/x/nft/keeper" + upgradekeeper "cosmossdk.io/x/upgrade/keeper" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + "github.com/cosmos/cosmos-sdk/runtime" + "github.com/cosmos/cosmos-sdk/server" + "github.com/cosmos/cosmos-sdk/server/api" + "github.com/cosmos/cosmos-sdk/server/config" + servertypes "github.com/cosmos/cosmos-sdk/server/types" + testdata_pulsar "github.com/cosmos/cosmos-sdk/testutil/testdata/testpb" + "github.com/cosmos/cosmos-sdk/types/module" + "github.com/cosmos/cosmos-sdk/x/auth" + "github.com/cosmos/cosmos-sdk/x/auth/ante" + authkeeper "github.com/cosmos/cosmos-sdk/x/auth/keeper" + authsims "github.com/cosmos/cosmos-sdk/x/auth/simulation" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + authzkeeper "github.com/cosmos/cosmos-sdk/x/authz/keeper" + bankkeeper "github.com/cosmos/cosmos-sdk/x/bank/keeper" + consensuskeeper "github.com/cosmos/cosmos-sdk/x/consensus/keeper" + distrkeeper "github.com/cosmos/cosmos-sdk/x/distribution/keeper" + epochskeeper "github.com/cosmos/cosmos-sdk/x/epochs/keeper" + govkeeper "github.com/cosmos/cosmos-sdk/x/gov/keeper" + groupkeeper "github.com/cosmos/cosmos-sdk/x/group/keeper" + mintkeeper "github.com/cosmos/cosmos-sdk/x/mint/keeper" + protocolpoolkeeper "github.com/cosmos/cosmos-sdk/x/protocolpool/keeper" + slashingkeeper "github.com/cosmos/cosmos-sdk/x/slashing/keeper" + stakingkeeper "github.com/cosmos/cosmos-sdk/x/staking/keeper" +) + +// DefaultNodeHome default home directories for the application daemon +var DefaultNodeHome string + +var ( + _ runtime.AppI = (*SimApp)(nil) + _ servertypes.Application = (*SimApp)(nil) +) + +// SimApp extends an ABCI application, but with most of its parameters exported. +// They are exported for convenience in creating helper functions, as object +// capabilities aren't needed for testing. +type SimApp struct { + *runtime.App + legacyAmino *codec.LegacyAmino + appCodec codec.Codec + txConfig client.TxConfig + interfaceRegistry codectypes.InterfaceRegistry + + // essential keepers + AccountKeeper authkeeper.AccountKeeper + BankKeeper bankkeeper.BaseKeeper + StakingKeeper *stakingkeeper.Keeper + SlashingKeeper slashingkeeper.Keeper + MintKeeper mintkeeper.Keeper + DistrKeeper distrkeeper.Keeper + GovKeeper *govkeeper.Keeper + UpgradeKeeper *upgradekeeper.Keeper + EvidenceKeeper evidencekeeper.Keeper + ConsensusParamsKeeper consensuskeeper.Keeper + CircuitKeeper circuitkeeper.Keeper + + // supplementary keepers + FeeGrantKeeper feegrantkeeper.Keeper + GroupKeeper groupkeeper.Keeper + AuthzKeeper authzkeeper.Keeper + NFTKeeper nftkeeper.Keeper + EpochsKeeper epochskeeper.Keeper + ProtocolPoolKeeper protocolpoolkeeper.Keeper + + // simulation manager + sm *module.SimulationManager +} + +func init() { + var err error + DefaultNodeHome, err = clienthelpers.GetNodeHomeDirectory(".simapp") + if err != nil { + panic(err) +} +} + +// NewSimApp returns a reference to an initialized SimApp. +func NewSimApp( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), +) *SimApp { + var ( + app = &SimApp{ +} + +appBuilder *runtime.AppBuilder + + // merge the AppConfig and other configuration in one config + appConfig = depinject.Configs( + AppConfig, + depinject.Supply( + // supply the application options + appOpts, + // supply the logger + logger, + + // ADVANCED CONFIGURATION + + // + // AUTH + // + // For providing a custom function required in auth to generate custom account types + // add it below. By default the auth module uses simulation.RandomGenesisAccounts. + // + // authtypes.RandomGenesisAccountsFn(simulation.RandomGenesisAccounts), + // + // For providing a custom a base account type add it below. + // By default the auth module uses authtypes.ProtoBaseAccount(). + // + // func() + +sdk.AccountI { + return authtypes.ProtoBaseAccount() +}, + // + // For providing a different address codec, add it below. + // By default the auth module uses a Bech32 address codec, + // with the prefix defined in the auth module configuration. + // + // func() + +address.Codec { + return <- custom address codec type -> +} + + // + // STAKING + // + // For provinding a different validator and consensus address codec, add it below. + // By default the staking module uses the bech32 prefix provided in the auth config, + // and appends "valoper" and "valcons" for validator and consensus addresses respectively. + // When providing a custom address codec in auth, custom address codecs must be provided here as well. + // + // func() + +runtime.ValidatorAddressCodec { + return <- custom validator address codec type -> +} + // func() + +runtime.ConsensusAddressCodec { + return <- custom consensus address codec type -> +} + + // + // MINT + // + + // For providing a custom inflation function for x/mint add here your + // custom function that implements the minttypes.InflationCalculationFn + // interface. + ), + ) + ) + if err := depinject.Inject(appConfig, + &appBuilder, + &app.appCodec, + &app.legacyAmino, + &app.txConfig, + &app.interfaceRegistry, + &app.AccountKeeper, + &app.BankKeeper, + &app.StakingKeeper, + &app.SlashingKeeper, + &app.MintKeeper, + &app.DistrKeeper, + &app.GovKeeper, + &app.UpgradeKeeper, + &app.AuthzKeeper, + &app.EvidenceKeeper, + &app.FeeGrantKeeper, + &app.GroupKeeper, + &app.NFTKeeper, + &app.ConsensusParamsKeeper, + &app.CircuitKeeper, + &app.EpochsKeeper, + &app.ProtocolPoolKeeper, + ); err != nil { + panic(err) +} + + // Below we could construct and set an application specific mempool and + // ABCI 1.0 PrepareProposal and ProcessProposal handlers. These defaults are + // already set in the SDK's BaseApp, this shows an example of how to override + // them. + // + // Example: + // + // app.App = appBuilder.Build(...) + // nonceMempool := mempool.NewSenderNonceMempool() + // abciPropHandler := NewDefaultProposalHandler(nonceMempool, app.App.BaseApp) + // + // app.App.BaseApp.SetMempool(nonceMempool) + // app.App.BaseApp.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // app.App.BaseApp.SetProcessProposal(abciPropHandler.ProcessProposalHandler()) + // + // Alternatively, you can construct BaseApp options, append those to + // baseAppOptions and pass them to the appBuilder. + // + // Example: + // + // prepareOpt = func(app *baseapp.BaseApp) { + // abciPropHandler := baseapp.NewDefaultProposalHandler(nonceMempool, app) + // app.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // +} + // baseAppOptions = append(baseAppOptions, prepareOpt) + + // create and set dummy vote extension handler + voteExtOp := func(bApp *baseapp.BaseApp) { + voteExtHandler := NewVoteExtensionHandler() + +voteExtHandler.SetHandlers(bApp) +} + +baseAppOptions = append(baseAppOptions, voteExtOp, baseapp.SetOptimisticExecution()) + +app.App = appBuilder.Build(db, traceStore, baseAppOptions...) + + // register streaming services + if err := app.RegisterStreamingServices(appOpts, app.kvStoreKeys()); err != nil { + panic(err) +} + + /**** Module Options ****/ + + // RegisterUpgradeHandlers is used for registering any on-chain upgrades. + app.RegisterUpgradeHandlers() + + // add test gRPC service for testing gRPC queries in isolation + testdata_pulsar.RegisterQueryServer(app.GRPCQueryRouter(), testdata_pulsar.QueryImpl{ +}) + + // create the simulation manager and define the order of the modules for deterministic simulations + // + // NOTE: this is not required apps that don't use the simulator for fuzz testing + // transactions + overrideModules := map[string]module.AppModuleSimulation{ + authtypes.ModuleName: auth.NewAppModule(app.appCodec, app.AccountKeeper, authsims.RandomGenesisAccounts, nil), +} + +app.sm = module.NewSimulationManagerFromAppModules(app.ModuleManager.Modules, overrideModules) + +app.sm.RegisterStoreDecoders() + + // A custom InitChainer can be set if extra pre-init-genesis logic is required. + // By default, when using app wiring enabled module, this is not required. + // For instance, the upgrade module will set automatically the module version map in its init genesis thanks to app wiring. + // However, when registering a module manually (i.e. that does not support app wiring), the module version map + // must be set manually as follow. The upgrade module will de-duplicate the module version map. + // + // app.SetInitChainer(func(ctx sdk.Context, req *abci.RequestInitChain) (*abci.ResponseInitChain, error) { + // app.UpgradeKeeper.SetModuleVersionMap(ctx, app.ModuleManager.GetVersionMap()) + // return app.App.InitChainer(ctx, req) + // +}) + + // set custom ante handler + app.setAnteHandler(app.txConfig) + if err := app.Load(loadLatest); err != nil { + panic(err) +} + +return app +} + +// setAnteHandler sets custom ante handlers. +// "x/auth/tx" pre-defined ante handler have been disabled in app_config. +func (app *SimApp) + +setAnteHandler(txConfig client.TxConfig) { + anteHandler, err := NewAnteHandler( + HandlerOptions{ + ante.HandlerOptions{ + UnorderedNonceManager: app.AccountKeeper, + AccountKeeper: app.AccountKeeper, + BankKeeper: app.BankKeeper, + SignModeHandler: txConfig.SignModeHandler(), + FeegrantKeeper: app.FeeGrantKeeper, + SigGasConsumer: ante.DefaultSigVerificationGasConsumer, +}, + &app.CircuitKeeper, +}, + ) + if err != nil { + panic(err) +} + + // Set the AnteHandler for the app + app.SetAnteHandler(anteHandler) +} + +// LegacyAmino returns SimApp's amino codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +LegacyAmino() *codec.LegacyAmino { + return app.legacyAmino +} + +// AppCodec returns SimApp's app codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +AppCodec() + +codec.Codec { + return app.appCodec +} + +// InterfaceRegistry returns SimApp's InterfaceRegistry. +func (app *SimApp) + +InterfaceRegistry() + +codectypes.InterfaceRegistry { + return app.interfaceRegistry +} + +// TxConfig returns SimApp's TxConfig +func (app *SimApp) + +TxConfig() + +client.TxConfig { + return app.txConfig +} + +// GetKey returns the KVStoreKey for the provided store key. +// +// NOTE: This is solely to be used for testing purposes. +func (app *SimApp) + +GetKey(storeKey string) *storetypes.KVStoreKey { + sk := app.UnsafeFindStoreKey(storeKey) + +kvStoreKey, ok := sk.(*storetypes.KVStoreKey) + if !ok { + return nil +} + +return kvStoreKey +} + +func (app *SimApp) + +kvStoreKeys() + +map[string]*storetypes.KVStoreKey { + keys := make(map[string]*storetypes.KVStoreKey) + for _, k := range app.GetStoreKeys() { + if kv, ok := k.(*storetypes.KVStoreKey); ok { + keys[kv.Name()] = kv +} + +} + +return keys +} + +// SimulationManager implements the SimulationApp interface +func (app *SimApp) + +SimulationManager() *module.SimulationManager { + return app.sm +} + +// RegisterAPIRoutes registers all application module routes with the provided +// API server. +func (app *SimApp) + +RegisterAPIRoutes(apiSvr *api.Server, apiConfig config.APIConfig) { + app.App.RegisterAPIRoutes(apiSvr, apiConfig) + // register swagger API in app.go so that other applications can override easily + if err := server.RegisterSwaggerAPI(apiSvr.ClientCtx, apiSvr.Router, apiConfig.Swagger); err != nil { + panic(err) +} +} + +// GetMaccPerms returns a copy of the module account permissions +// +// NOTE: This is solely to be used for testing purposes. +func GetMaccPerms() + +map[string][]string { + dup := make(map[string][]string) + for _, perms := range moduleAccPerms { + dup[perms.Account] = perms.Permissions +} + +return dup +} + +// BlockedAddresses returns all the app's blocked account addresses. +func BlockedAddresses() + +map[string]bool { + result := make(map[string]bool) + if len(blockAccAddrs) > 0 { + for _, addr := range blockAccAddrs { + result[addr] = true +} + +} + +else { + for addr := range GetMaccPerms() { + result[addr] = true +} + +} + +return result +} +``` diff --git a/docs/sdk/next/build/building-apps/app-go.mdx b/docs/sdk/next/build/building-apps/app-go.mdx new file mode 100644 index 00000000..ae0ec93f --- /dev/null +++ b/docs/sdk/next/build/building-apps/app-go.mdx @@ -0,0 +1,939 @@ +--- +title: Overview of `app.go` +description: >- + This section is intended to provide an overview of the SimApp app.go file and + is still a work in progress. For now please instead read the tutorials for a + deep dive on how to build a chain. +--- +This section is intended to provide an overview of the `SimApp` `app.go` file and is still a work in progress. +For now please instead read the [tutorials](https://tutorials.cosmos.network) for a deep dive on how to build a chain. + +## Complete `app.go` + +```go expandable +//go:build app_v1 + +package simapp + +import ( + + "encoding/json" + "fmt" + "io" + "os" + "path/filepath" + "cosmossdk.io/log" + "cosmossdk.io/x/tx/signing" + + autocliv1 "cosmossdk.io/api/cosmos/autocli/v1" + reflectionv1 "cosmossdk.io/api/cosmos/reflection/v1" + "cosmossdk.io/client/v2/autocli" + "cosmossdk.io/core/appmodule" + "github.com/cosmos/cosmos-sdk/codec/address" + + authcodec "github.com/cosmos/cosmos-sdk/x/auth/codec" + "github.com/cosmos/cosmos-sdk/x/auth/tx" + + abci "github.com/cometbft/cometbft/abci/types" + dbm "github.com/cosmos/cosmos-db" + "github.com/cosmos/gogoproto/proto" + "github.com/spf13/cast" + + storetypes "cosmossdk.io/store/types" + "cosmossdk.io/x/evidence" + evidencekeeper "cosmossdk.io/x/evidence/keeper" + evidencetypes "cosmossdk.io/x/evidence/types" + "cosmossdk.io/x/feegrant" + feegrantkeeper "cosmossdk.io/x/feegrant/keeper" + feegrantmodule "cosmossdk.io/x/feegrant/module" + "cosmossdk.io/x/nft" + nftkeeper "cosmossdk.io/x/nft/keeper" + nftmodule "cosmossdk.io/x/nft/module" + "cosmossdk.io/x/upgrade" + upgradekeeper "cosmossdk.io/x/upgrade/keeper" + upgradetypes "cosmossdk.io/x/upgrade/types" + "cosmossdk.io/x/circuit" + circuitkeeper "cosmossdk.io/x/circuit/keeper" + circuittypes "cosmossdk.io/x/circuit/types" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/client/flags" + "github.com/cosmos/cosmos-sdk/client/grpc/cmtservice" + nodeservice "github.com/cosmos/cosmos-sdk/client/grpc/node" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/types" + "github.com/cosmos/cosmos-sdk/runtime" + runtimeservices "github.com/cosmos/cosmos-sdk/runtime/services" + "github.com/cosmos/cosmos-sdk/server" + "github.com/cosmos/cosmos-sdk/server/api" + "github.com/cosmos/cosmos-sdk/server/config" + servertypes "github.com/cosmos/cosmos-sdk/server/types" + "github.com/cosmos/cosmos-sdk/std" + testdata_pulsar "github.com/cosmos/cosmos-sdk/testutil/testdata/testpb" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/module" + "github.com/cosmos/cosmos-sdk/types/msgservice" + "github.com/cosmos/cosmos-sdk/version" + "github.com/cosmos/cosmos-sdk/x/auth" + "github.com/cosmos/cosmos-sdk/x/auth/ante" + authkeeper "github.com/cosmos/cosmos-sdk/x/auth/keeper" + "github.com/cosmos/cosmos-sdk/x/auth/posthandler" + authsims "github.com/cosmos/cosmos-sdk/x/auth/simulation" + authtx "github.com/cosmos/cosmos-sdk/x/auth/tx" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + "github.com/cosmos/cosmos-sdk/x/auth/vesting" + vestingtypes "github.com/cosmos/cosmos-sdk/x/auth/vesting/types" + "github.com/cosmos/cosmos-sdk/x/authz" + authzkeeper "github.com/cosmos/cosmos-sdk/x/authz/keeper" + authzmodule "github.com/cosmos/cosmos-sdk/x/authz/module" + "github.com/cosmos/cosmos-sdk/x/bank" + bankkeeper "github.com/cosmos/cosmos-sdk/x/bank/keeper" + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" + consensus "github.com/cosmos/cosmos-sdk/x/consensus" + consensusparamkeeper "github.com/cosmos/cosmos-sdk/x/consensus/keeper" + consensusparamtypes "github.com/cosmos/cosmos-sdk/x/consensus/types" + "github.com/cosmos/cosmos-sdk/x/crisis" + crisiskeeper "github.com/cosmos/cosmos-sdk/x/crisis/keeper" + crisistypes "github.com/cosmos/cosmos-sdk/x/crisis/types" + distr "github.com/cosmos/cosmos-sdk/x/distribution" + distrkeeper "github.com/cosmos/cosmos-sdk/x/distribution/keeper" + distrtypes "github.com/cosmos/cosmos-sdk/x/distribution/types" + "github.com/cosmos/cosmos-sdk/x/genutil" + genutiltypes "github.com/cosmos/cosmos-sdk/x/genutil/types" + "github.com/cosmos/cosmos-sdk/x/gov" + govclient "github.com/cosmos/cosmos-sdk/x/gov/client" + govkeeper "github.com/cosmos/cosmos-sdk/x/gov/keeper" + govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" + govv1beta1 "github.com/cosmos/cosmos-sdk/x/gov/types/v1beta1" + "github.com/cosmos/cosmos-sdk/x/group" + groupkeeper "github.com/cosmos/cosmos-sdk/x/group/keeper" + groupmodule "github.com/cosmos/cosmos-sdk/x/group/module" + "github.com/cosmos/cosmos-sdk/x/mint" + mintkeeper "github.com/cosmos/cosmos-sdk/x/mint/keeper" + minttypes "github.com/cosmos/cosmos-sdk/x/mint/types" + "github.com/cosmos/cosmos-sdk/x/params" + paramsclient "github.com/cosmos/cosmos-sdk/x/params/client" + paramskeeper "github.com/cosmos/cosmos-sdk/x/params/keeper" + paramstypes "github.com/cosmos/cosmos-sdk/x/params/types" + paramproposal "github.com/cosmos/cosmos-sdk/x/params/types/proposal" + "github.com/cosmos/cosmos-sdk/x/slashing" + slashingkeeper "github.com/cosmos/cosmos-sdk/x/slashing/keeper" + slashingtypes "github.com/cosmos/cosmos-sdk/x/slashing/types" + "github.com/cosmos/cosmos-sdk/x/staking" + stakingkeeper "github.com/cosmos/cosmos-sdk/x/staking/keeper" + stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types" +) + +const appName = "SimApp" + +var ( + // DefaultNodeHome default home directories for the application daemon + DefaultNodeHome string + + // module account permissions + maccPerms = map[string][]string{ + authtypes.FeeCollectorName: nil, + distrtypes.ModuleName: nil, + minttypes.ModuleName: { + authtypes.Minter +}, + stakingtypes.BondedPoolName: { + authtypes.Burner, authtypes.Staking +}, + stakingtypes.NotBondedPoolName: { + authtypes.Burner, authtypes.Staking +}, + govtypes.ModuleName: { + authtypes.Burner +}, + nft.ModuleName: nil, +} +) + +var ( + _ runtime.AppI = (*SimApp)(nil) + _ servertypes.Application = (*SimApp)(nil) +) + +// stdAccAddressCodec is a temporary address codec that we will use until we +// can populate it with the correct bech32 prefixes without depending on the global. +type stdAccAddressCodec struct{ +} + +func (g stdAccAddressCodec) + +StringToBytes(text string) ([]byte, error) { + if text == "" { + return nil, nil +} + +return sdk.AccAddressFromBech32(text) +} + +func (g stdAccAddressCodec) + +BytesToString(bz []byte) (string, error) { + if bz == nil { + return "", nil +} + +return sdk.AccAddress(bz).String(), nil +} + +// stdValAddressCodec is a temporary address codec that we will use until we +// can populate it with the correct bech32 prefixes without depending on the global. +type stdValAddressCodec struct{ +} + +func (g stdValAddressCodec) + +StringToBytes(text string) ([]byte, error) { + return sdk.ValAddressFromBech32(text) +} + +func (g stdValAddressCodec) + +BytesToString(bz []byte) (string, error) { + return sdk.ValAddress(bz).String(), nil +} + +// SimApp extends an ABCI application, but with most of its parameters exported. +// They are exported for convenience in creating helper functions, as object +// capabilities aren't needed for testing. +type SimApp struct { + *baseapp.BaseApp + legacyAmino *codec.LegacyAmino + appCodec codec.Codec + txConfig client.TxConfig + interfaceRegistry types.InterfaceRegistry + + // keys to access the substores + keys map[string]*storetypes.KVStoreKey + tkeys map[string]*storetypes.TransientStoreKey + + // keepers + AccountKeeper authkeeper.AccountKeeper + BankKeeper bankkeeper.Keeper + StakingKeeper *stakingkeeper.Keeper + SlashingKeeper slashingkeeper.Keeper + MintKeeper mintkeeper.Keeper + DistrKeeper distrkeeper.Keeper + GovKeeper govkeeper.Keeper + CrisisKeeper *crisiskeeper.Keeper + UpgradeKeeper *upgradekeeper.Keeper + ParamsKeeper paramskeeper.Keeper + AuthzKeeper authzkeeper.Keeper + EvidenceKeeper evidencekeeper.Keeper + FeeGrantKeeper feegrantkeeper.Keeper + GroupKeeper groupkeeper.Keeper + NFTKeeper nftkeeper.Keeper + ConsensusParamsKeeper consensusparamkeeper.Keeper + CircuitKeeper circuitkeeper.Keeper + + // the module manager + ModuleManager *module.Manager + BasicModuleManager module.BasicManager + + // simulation manager + sm *module.SimulationManager + + // module configurator + configurator module.Configurator +} + +func init() { + userHomeDir, err := os.UserHomeDir() + if err != nil { + panic(err) +} + +DefaultNodeHome = filepath.Join(userHomeDir, ".simapp") +} + +// NewSimApp returns a reference to an initialized SimApp. +func NewSimApp( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), +) *SimApp { + interfaceRegistry, _ := types.NewInterfaceRegistryWithOptions(types.InterfaceRegistryOptions{ + ProtoFiles: proto.HybridResolver, + SigningOptions: signing.Options{ + AddressCodec: address.Bech32Codec{ + Bech32Prefix: sdk.GetConfig().GetBech32AccountAddrPrefix(), +}, + ValidatorAddressCodec: address.Bech32Codec{ + Bech32Prefix: sdk.GetConfig().GetBech32ValidatorAddrPrefix(), +}, +}, +}) + appCodec := codec.NewProtoCodec(interfaceRegistry) + legacyAmino := codec.NewLegacyAmino() + txConfig := tx.NewTxConfig(appCodec, tx.DefaultSignModes) + +std.RegisterLegacyAminoCodec(legacyAmino) + +std.RegisterInterfaces(interfaceRegistry) + + // Below we could construct and set an application specific mempool and + // ABCI 1.0 PrepareProposal and ProcessProposal handlers. These defaults are + // already set in the SDK's BaseApp, this shows an example of how to override + // them. + // + // Example: + // + // bApp := baseapp.NewBaseApp(...) + // nonceMempool := mempool.NewSenderNonceMempool() + // abciPropHandler := NewDefaultProposalHandler(nonceMempool, bApp) + // + // bApp.SetMempool(nonceMempool) + // bApp.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // bApp.SetProcessProposal(abciPropHandler.ProcessProposalHandler()) + // + // Alternatively, you can construct BaseApp options, append those to + // baseAppOptions and pass them to NewBaseApp. + // + // Example: + // + // prepareOpt = func(app *baseapp.BaseApp) { + // abciPropHandler := baseapp.NewDefaultProposalHandler(nonceMempool, app) + // app.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // +} + // baseAppOptions = append(baseAppOptions, prepareOpt) + bApp := baseapp.NewBaseApp(appName, logger, db, txConfig.TxDecoder(), baseAppOptions...) + +bApp.SetCommitMultiStoreTracer(traceStore) + +bApp.SetVersion(version.Version) + +bApp.SetInterfaceRegistry(interfaceRegistry) + +bApp.SetTxEncoder(txConfig.TxEncoder()) + keys := storetypes.NewKVStoreKeys( + authtypes.StoreKey, banktypes.StoreKey, stakingtypes.StoreKey, crisistypes.StoreKey, + minttypes.StoreKey, distrtypes.StoreKey, slashingtypes.StoreKey, + govtypes.StoreKey, paramstypes.StoreKey, consensusparamtypes.StoreKey, upgradetypes.StoreKey, feegrant.StoreKey, + evidencetypes.StoreKey, circuittypes.StoreKey, + authzkeeper.StoreKey, nftkeeper.StoreKey, group.StoreKey, + ) + + // register streaming services + if err := bApp.RegisterStreamingServices(appOpts, keys); err != nil { + panic(err) +} + tkeys := storetypes.NewTransientStoreKeys(paramstypes.TStoreKey) + app := &SimApp{ + BaseApp: bApp, + legacyAmino: legacyAmino, + appCodec: appCodec, + txConfig: txConfig, + interfaceRegistry: interfaceRegistry, + keys: keys, + tkeys: tkeys, +} + +app.ParamsKeeper = initParamsKeeper(appCodec, legacyAmino, keys[paramstypes.StoreKey], tkeys[paramstypes.TStoreKey]) + + // set the BaseApp's parameter store + app.ConsensusParamsKeeper = consensusparamkeeper.NewKeeper(appCodec, runtime.NewKVStoreService(keys[consensusparamtypes.StoreKey]), authtypes.NewModuleAddress(govtypes.ModuleName).String(), runtime.EventService{ +}) + +bApp.SetParamStore(app.ConsensusParamsKeeper.ParamsStore) + + // add keepers + app.AccountKeeper = authkeeper.NewAccountKeeper(appCodec, runtime.NewKVStoreService(keys[authtypes.StoreKey]), authtypes.ProtoBaseAccount, maccPerms, sdk.Bech32MainPrefix, authtypes.NewModuleAddress(govtypes.ModuleName).String()) + +app.BankKeeper = bankkeeper.NewBaseKeeper( + appCodec, + runtime.NewKVStoreService(keys[banktypes.StoreKey]), + app.AccountKeeper, + BlockedAddresses(), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + logger, + ) + +app.StakingKeeper = stakingkeeper.NewKeeper( + appCodec, keys[stakingtypes.StoreKey], app.AccountKeeper, app.BankKeeper, authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + +app.MintKeeper = mintkeeper.NewKeeper(appCodec, runtime.NewKVStoreService(keys[minttypes.StoreKey]), app.StakingKeeper, app.AccountKeeper, app.BankKeeper, authtypes.FeeCollectorName, authtypes.NewModuleAddress(govtypes.ModuleName).String()) + +app.DistrKeeper = distrkeeper.NewKeeper(appCodec, runtime.NewKVStoreService(keys[distrtypes.StoreKey]), app.AccountKeeper, app.BankKeeper, app.StakingKeeper, authtypes.FeeCollectorName, authtypes.NewModuleAddress(govtypes.ModuleName).String()) + +app.SlashingKeeper = slashingkeeper.NewKeeper( + appCodec, legacyAmino, runtime.NewKVStoreService(keys[slashingtypes.StoreKey]), app.StakingKeeper, authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + invCheckPeriod := cast.ToUint(appOpts.Get(server.FlagInvCheckPeriod)) + +app.CrisisKeeper = crisiskeeper.NewKeeper(appCodec, runtime.NewKVStoreService(keys[crisistypes.StoreKey]), invCheckPeriod, + app.BankKeeper, authtypes.FeeCollectorName, authtypes.NewModuleAddress(govtypes.ModuleName).String(), app.AccountKeeper.AddressCodec()) + +app.FeeGrantKeeper = feegrantkeeper.NewKeeper(appCodec, runtime.NewKVStoreService(keys[feegrant.StoreKey]), app.AccountKeeper) + + // register the staking hooks + // NOTE: stakingKeeper above is passed by reference, so that it will contain these hooks + app.StakingKeeper.SetHooks( + stakingtypes.NewMultiStakingHooks(app.DistrKeeper.Hooks(), app.SlashingKeeper.Hooks()), + ) + +app.CircuitKeeper = circuitkeeper.NewKeeper(appCodec, runtime.NewKVStoreService(keys[circuittypes.StoreKey]), authtypes.NewModuleAddress(govtypes.ModuleName).String(), app.AccountKeeper.AddressCodec()) + +app.BaseApp.SetCircuitBreaker(&app.CircuitKeeper) + +app.AuthzKeeper = authzkeeper.NewKeeper(runtime.NewKVStoreService(keys[authzkeeper.StoreKey]), appCodec, app.MsgServiceRouter(), app.AccountKeeper) + groupConfig := group.DefaultConfig() + /* + Example of setting group params: + groupConfig.MaxMetadataLen = 1000 + */ + app.GroupKeeper = groupkeeper.NewKeeper(keys[group.StoreKey], appCodec, app.MsgServiceRouter(), app.AccountKeeper, groupConfig) + + // get skipUpgradeHeights from the app options + skipUpgradeHeights := map[int64]bool{ +} + for _, h := range cast.ToIntSlice(appOpts.Get(server.FlagUnsafeSkipUpgrades)) { + skipUpgradeHeights[int64(h)] = true +} + homePath := cast.ToString(appOpts.Get(flags.FlagHome)) + // set the governance module account as the authority for conducting upgrades + app.UpgradeKeeper = upgradekeeper.NewKeeper(skipUpgradeHeights, runtime.NewKVStoreService(keys[upgradetypes.StoreKey]), appCodec, homePath, app.BaseApp, authtypes.NewModuleAddress(govtypes.ModuleName).String()) + + // Register the proposal types + // Deprecated: Avoid adding new handlers, instead use the new proposal flow + // by granting the governance module the right to execute the message. + // See: https://docs.cosmos.network/main/modules/gov#proposal-messages + govRouter := govv1beta1.NewRouter() + +govRouter.AddRoute(govtypes.RouterKey, govv1beta1.ProposalHandler). + AddRoute(paramproposal.RouterKey, params.NewParamChangeProposalHandler(app.ParamsKeeper)). + AddRoute(upgradetypes.RouterKey, upgrade.NewSoftwareUpgradeProposalHandler(app.UpgradeKeeper)) + govConfig := govtypes.DefaultConfig() + /* + Example of setting gov params: + govConfig.MaxMetadataLen = 10000 + */ + govKeeper := govkeeper.NewKeeper( + appCodec, runtime.NewKVStoreService(keys[govtypes.StoreKey]), app.AccountKeeper, app.BankKeeper, + app.StakingKeeper, app.DistrKeeper, app.MsgServiceRouter(), govConfig, authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + + // Set legacy router for backwards compatibility with gov v1beta1 + govKeeper.SetLegacyRouter(govRouter) + +app.GovKeeper = *govKeeper.SetHooks( + govtypes.NewMultiGovHooks( + // register the governance hooks + ), + ) + +app.NFTKeeper = nftkeeper.NewKeeper(runtime.NewKVStoreService(keys[nftkeeper.StoreKey]), appCodec, app.AccountKeeper, app.BankKeeper) + + // create evidence keeper with router + evidenceKeeper := evidencekeeper.NewKeeper( + appCodec, runtime.NewKVStoreService(keys[evidencetypes.StoreKey]), app.StakingKeeper, app.SlashingKeeper, app.AccountKeeper.AddressCodec(), runtime.ProvideCometInfoService(), + ) + // If evidence needs to be handled for the app, set routes in router here and seal + app.EvidenceKeeper = *evidenceKeeper + + /**** Module Options ****/ + + // NOTE: we may consider parsing `appOpts` inside module constructors. For the moment + // we prefer to be more strict in what arguments the modules expect. + skipGenesisInvariants := cast.ToBool(appOpts.Get(crisis.FlagSkipGenesisInvariants)) + + // NOTE: Any module instantiated in the module manager that is later modified + // must be passed by reference here. + app.ModuleManager = module.NewManager( + genutil.NewAppModule( + app.AccountKeeper, app.StakingKeeper, app, + txConfig, + ), + auth.NewAppModule(appCodec, app.AccountKeeper, authsims.RandomGenesisAccounts, app.GetSubspace(authtypes.ModuleName)), + vesting.NewAppModule(app.AccountKeeper, app.BankKeeper), + bank.NewAppModule(appCodec, app.BankKeeper, app.AccountKeeper, app.GetSubspace(banktypes.ModuleName)), + crisis.NewAppModule(app.CrisisKeeper, skipGenesisInvariants, app.GetSubspace(crisistypes.ModuleName)), + feegrantmodule.NewAppModule(appCodec, app.AccountKeeper, app.BankKeeper, app.FeeGrantKeeper, app.interfaceRegistry), + gov.NewAppModule(appCodec, &app.GovKeeper, app.AccountKeeper, app.BankKeeper, app.GetSubspace(govtypes.ModuleName)), + mint.NewAppModule(appCodec, app.MintKeeper, app.AccountKeeper, nil, app.GetSubspace(minttypes.ModuleName)), + slashing.NewAppModule(appCodec, app.SlashingKeeper, app.AccountKeeper, app.BankKeeper, app.StakingKeeper, app.GetSubspace(slashingtypes.ModuleName), app.interfaceRegistry), + distr.NewAppModule(appCodec, app.DistrKeeper, app.AccountKeeper, app.BankKeeper, app.StakingKeeper, app.GetSubspace(distrtypes.ModuleName)), + staking.NewAppModule(appCodec, app.StakingKeeper, app.AccountKeeper, app.BankKeeper, app.GetSubspace(stakingtypes.ModuleName)), + upgrade.NewAppModule(app.UpgradeKeeper, app.AccountKeeper.AddressCodec()), + evidence.NewAppModule(app.EvidenceKeeper), + params.NewAppModule(app.ParamsKeeper), + authzmodule.NewAppModule(appCodec, app.AuthzKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry), + groupmodule.NewAppModule(appCodec, app.GroupKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry), + nftmodule.NewAppModule(appCodec, app.NFTKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry), + consensus.NewAppModule(appCodec, app.ConsensusParamsKeeper), + circuit.NewAppModule(appCodec, app.CircuitKeeper), + ) + + // BasicModuleManager defines the module BasicManager is in charge of setting up basic, + // non-dependant module elements, such as codec registration and genesis verification. + // By default it is composed of all the module from the module manager. + // Additionally, app module basics can be overwritten by passing them as argument. + app.BasicModuleManager = module.NewBasicManagerFromManager( + app.ModuleManager, + map[string]module.AppModuleBasic{ + genutiltypes.ModuleName: genutil.NewAppModuleBasic(genutiltypes.DefaultMessageValidator), + govtypes.ModuleName: gov.NewAppModuleBasic( + []govclient.ProposalHandler{ + paramsclient.ProposalHandler, +}, + ), +}) + +app.BasicModuleManager.RegisterLegacyAminoCodec(legacyAmino) + +app.BasicModuleManager.RegisterInterfaces(interfaceRegistry) + + // During begin block slashing happens after distr.BeginBlocker so that + // there is nothing left over in the validator fee pool, so as to keep the + // CanWithdrawInvariant invariant. + // NOTE: staking module is required if HistoricalEntries param > 0 + app.ModuleManager.SetOrderBeginBlockers( + upgradetypes.ModuleName, + minttypes.ModuleName, + distrtypes.ModuleName, + slashingtypes.ModuleName, + evidencetypes.ModuleName, + stakingtypes.ModuleName, + genutiltypes.ModuleName, + authz.ModuleName, + ) + +app.ModuleManager.SetOrderEndBlockers( + crisistypes.ModuleName, + govtypes.ModuleName, + stakingtypes.ModuleName, + genutiltypes.ModuleName, + feegrant.ModuleName, + group.ModuleName, + ) + + // NOTE: The genutils module must occur after staking so that pools are + // properly initialized with tokens from genesis accounts. + // NOTE: The genutils module must also occur after auth so that it can access the params from auth. + genesisModuleOrder := []string{ + authtypes.ModuleName, banktypes.ModuleName, + distrtypes.ModuleName, stakingtypes.ModuleName, slashingtypes.ModuleName, govtypes.ModuleName, + minttypes.ModuleName, crisistypes.ModuleName, genutiltypes.ModuleName, evidencetypes.ModuleName, authz.ModuleName, + feegrant.ModuleName, nft.ModuleName, group.ModuleName, paramstypes.ModuleName, upgradetypes.ModuleName, + vestingtypes.ModuleName, consensusparamtypes.ModuleName, circuittypes.ModuleName, +} + +app.ModuleManager.SetOrderInitGenesis(genesisModuleOrder...) + +app.ModuleManager.SetOrderExportGenesis(genesisModuleOrder...) + + // Uncomment if you want to set a custom migration order here. + // app.ModuleManager.SetOrderMigrations(custom order) + +app.ModuleManager.RegisterInvariants(app.CrisisKeeper) + +app.configurator = module.NewConfigurator(app.appCodec, app.MsgServiceRouter(), app.GRPCQueryRouter()) + err := app.ModuleManager.RegisterServices(app.configurator) + if err != nil { + panic(err) +} + + // RegisterUpgradeHandlers is used for registering any on-chain upgrades. + // Make sure it's called after `app.ModuleManager` and `app.configurator` are set. + app.RegisterUpgradeHandlers() + +autocliv1.RegisterQueryServer(app.GRPCQueryRouter(), runtimeservices.NewAutoCLIQueryService(app.ModuleManager.Modules)) + +reflectionSvc, err := runtimeservices.NewReflectionService() + if err != nil { + panic(err) +} + +reflectionv1.RegisterReflectionServiceServer(app.GRPCQueryRouter(), reflectionSvc) + + // add test gRPC service for testing gRPC queries in isolation + testdata_pulsar.RegisterQueryServer(app.GRPCQueryRouter(), testdata_pulsar.QueryImpl{ +}) + + // create the simulation manager and define the order of the modules for deterministic simulations + // + // NOTE: this is not required apps that don't use the simulator for fuzz testing + // transactions + overrideModules := map[string]module.AppModuleSimulation{ + authtypes.ModuleName: auth.NewAppModule(app.appCodec, app.AccountKeeper, authsims.RandomGenesisAccounts, app.GetSubspace(authtypes.ModuleName)), +} + +app.sm = module.NewSimulationManagerFromAppModules(app.ModuleManager.Modules, overrideModules) + +app.sm.RegisterStoreDecoders() + + // initialize stores + app.MountKVStores(keys) + +app.MountTransientStores(tkeys) + + // initialize BaseApp + app.SetInitChainer(app.InitChainer) + +app.SetBeginBlocker(app.BeginBlocker) + +app.SetEndBlocker(app.EndBlocker) + +app.setAnteHandler(txConfig) + + // In v0.46, the SDK introduces _postHandlers_. PostHandlers are like + // antehandlers, but are run _after_ the `runMsgs` execution. They are also + // defined as a chain, and have the same signature as antehandlers. + // + // In baseapp, postHandlers are run in the same store branch as `runMsgs`, + // meaning that both `runMsgs` and `postHandler` state will be committed if + // both are successful, and both will be reverted if any of the two fails. + // + // The SDK exposes a default postHandlers chain, which comprises of only + // one decorator: the Transaction Tips decorator. However, some chains do + // not need it by default, so feel free to comment the next line if you do + // not need tips. + // To read more about tips: + // https://docs.cosmos.network/main/core/tips.html + // + // Please note that changing any of the anteHandler or postHandler chain is + // likely to be a state-machine breaking change, which needs a coordinated + // upgrade. + app.setPostHandler() + + // At startup, after all modules have been registered, check that all prot + // annotations are correct. + protoFiles, err := proto.MergedRegistry() + if err != nil { + panic(err) +} + +err = msgservice.ValidateProtoAnnotations(protoFiles) + if err != nil { + // Once we switch to using protoreflect-based antehandlers, we might + // want to panic here instead of logging a warning. + fmt.Fprintln(os.Stderr, err.Error()) +} + if loadLatest { + if err := app.LoadLatestVersion(); err != nil { + panic(fmt.Errorf("error loading last version: %w", err)) +} + +} + +return app +} + +func (app *SimApp) + +setAnteHandler(txConfig client.TxConfig) { + anteHandler, err := NewAnteHandler( + HandlerOptions{ + ante.HandlerOptions{ + AccountKeeper: app.AccountKeeper, + BankKeeper: app.BankKeeper, + SignModeHandler: txConfig.SignModeHandler(), + FeegrantKeeper: app.FeeGrantKeeper, + SigGasConsumer: ante.DefaultSigVerificationGasConsumer, +}, + &app.CircuitKeeper, +}, + ) + if err != nil { + panic(err) +} + + // Set the AnteHandler for the app + app.SetAnteHandler(anteHandler) +} + +func (app *SimApp) + +setPostHandler() { + postHandler, err := posthandler.NewPostHandler( + posthandler.HandlerOptions{ +}, + ) + if err != nil { + panic(err) +} + +app.SetPostHandler(postHandler) +} + +// Name returns the name of the App +func (app *SimApp) + +Name() + +string { + return app.BaseApp.Name() +} + +// BeginBlocker application updates every begin block +func (app *SimApp) + +BeginBlocker(ctx sdk.Context) (sdk.BeginBlock, error) { + return app.ModuleManager.BeginBlock(ctx) +} + +// EndBlocker application updates every end block +func (app *SimApp) + +EndBlocker(ctx sdk.Context) (sdk.EndBlock, error) { + return app.ModuleManager.EndBlock(ctx) +} + +func (a *SimApp) + +Configurator() + +module.Configurator { + return a.configurator +} + +// InitChainer application update at chain initialization +func (app *SimApp) + +InitChainer(ctx sdk.Context, req *abci.RequestInitChain) (*abci.ResponseInitChain, error) { + var genesisState GenesisState + if err := json.Unmarshal(req.AppStateBytes, &genesisState); err != nil { + panic(err) +} + +app.UpgradeKeeper.SetModuleVersionMap(ctx, app.ModuleManager.GetVersionMap()) + +return app.ModuleManager.InitGenesis(ctx, app.appCodec, genesisState) +} + +// LoadHeight loads a particular height +func (app *SimApp) + +LoadHeight(height int64) + +error { + return app.LoadVersion(height) +} + +// LegacyAmino returns SimApp's amino codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +LegacyAmino() *codec.LegacyAmino { + return app.legacyAmino +} + +// AppCodec returns SimApp's app codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +AppCodec() + +codec.Codec { + return app.appCodec +} + +// InterfaceRegistry returns SimApp's InterfaceRegistry +func (app *SimApp) + +InterfaceRegistry() + +types.InterfaceRegistry { + return app.interfaceRegistry +} + +// TxConfig returns SimApp's TxConfig +func (app *SimApp) + +TxConfig() + +client.TxConfig { + return app.txConfig +} + +// AutoCliOpts returns the autocli options for the app. +func (app *SimApp) + +AutoCliOpts() + +autocli.AppOptions { + modules := make(map[string]appmodule.AppModule, 0) + for _, m := range app.ModuleManager.Modules { + if moduleWithName, ok := m.(module.HasName); ok { + moduleName := moduleWithName.Name() + if appModule, ok := moduleWithName.(appmodule.AppModule); ok { + modules[moduleName] = appModule +} + +} + +} + +return autocli.AppOptions{ + Modules: modules, + AddressCodec: authcodec.NewBech32Codec(sdk.GetConfig().GetBech32AccountAddrPrefix()), +} +} + +// DefaultGenesis returns a default genesis from the registered AppModuleBasic's. +func (a *SimApp) + +DefaultGenesis() + +map[string]json.RawMessage { + return a.BasicModuleManager.DefaultGenesis(a.appCodec) +} + +// GetKey returns the KVStoreKey for the provided store key. +// +// NOTE: This is solely to be used for testing purposes. +func (app *SimApp) + +GetKey(storeKey string) *storetypes.KVStoreKey { + return app.keys[storeKey] +} + +// GetStoreKeys returns all the stored store keys. +func (app *SimApp) + +GetStoreKeys() []storetypes.StoreKey { + keys := make([]storetypes.StoreKey, len(app.keys)) + for _, key := range app.keys { + keys = append(keys, key) +} + +return keys +} + +// GetSubspace returns a param subspace for a given module name. +// +// NOTE: This is solely to be used for testing purposes. +func (app *SimApp) + +GetSubspace(moduleName string) + +paramstypes.Subspace { + subspace, _ := app.ParamsKeeper.GetSubspace(moduleName) + +return subspace +} + +// SimulationManager implements the SimulationApp interface +func (app *SimApp) + +SimulationManager() *module.SimulationManager { + return app.sm +} + +// RegisterAPIRoutes registers all application module routes with the provided +// API server. +func (app *SimApp) + +RegisterAPIRoutes(apiSvr *api.Server, apiConfig config.APIConfig) { + clientCtx := apiSvr.ClientCtx + // Register new tx routes from grpc-gateway. + authtx.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // Register new CometBFT queries routes from grpc-gateway. + cmtservice.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // Register node gRPC service for grpc-gateway. + nodeservice.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // Register grpc-gateway routes for all modules. + app.BasicModuleManager.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // register swagger API from root so that other applications can override easily + if err := server.RegisterSwaggerAPI(apiSvr.ClientCtx, apiSvr.Router, apiConfig.Swagger); err != nil { + panic(err) +} +} + +// RegisterTxService implements the Application.RegisterTxService method. +func (app *SimApp) + +RegisterTxService(clientCtx client.Context) { + authtx.RegisterTxService(app.BaseApp.GRPCQueryRouter(), clientCtx, app.BaseApp.Simulate, app.interfaceRegistry) +} + +// RegisterTendermintService implements the Application.RegisterTendermintService method. +func (app *SimApp) + +RegisterTendermintService(clientCtx client.Context) { + cmtApp := server.NewCometABCIWrapper(app) + +cmtservice.RegisterTendermintService( + clientCtx, + app.BaseApp.GRPCQueryRouter(), + app.interfaceRegistry, + cmtApp.Query, + ) +} + +func (app *SimApp) + +RegisterNodeService(clientCtx client.Context, cfg config.Config) { + nodeservice.RegisterNodeService(clientCtx, app.GRPCQueryRouter(), cfg) +} + +// GetMaccPerms returns a copy of the module account permissions +// +// NOTE: This is solely to be used for testing purposes. +func GetMaccPerms() + +map[string][]string { + dupMaccPerms := make(map[string][]string) + for k, v := range maccPerms { + dupMaccPerms[k] = v +} + +return dupMaccPerms +} + +// BlockedAddresses returns all the app's blocked account addresses. +func BlockedAddresses() + +map[string]bool { + modAccAddrs := make(map[string]bool) + for acc := range GetMaccPerms() { + modAccAddrs[authtypes.NewModuleAddress(acc).String()] = true +} + + // allow the following addresses to receive funds + delete(modAccAddrs, authtypes.NewModuleAddress(govtypes.ModuleName).String()) + +return modAccAddrs +} + +// initParamsKeeper init params keeper and its subspaces +func initParamsKeeper(appCodec codec.BinaryCodec, legacyAmino *codec.LegacyAmino, key, tkey storetypes.StoreKey) + +paramskeeper.Keeper { + paramsKeeper := paramskeeper.NewKeeper(appCodec, legacyAmino, key, tkey) + +paramsKeeper.Subspace(authtypes.ModuleName) + +paramsKeeper.Subspace(banktypes.ModuleName) + +paramsKeeper.Subspace(stakingtypes.ModuleName) + +paramsKeeper.Subspace(minttypes.ModuleName) + +paramsKeeper.Subspace(distrtypes.ModuleName) + +paramsKeeper.Subspace(slashingtypes.ModuleName) + +paramsKeeper.Subspace(govtypes.ModuleName) + +paramsKeeper.Subspace(crisistypes.ModuleName) + +return paramsKeeper +} +``` diff --git a/docs/sdk/next/build/building-apps/app-mempool.mdx b/docs/sdk/next/build/building-apps/app-mempool.mdx new file mode 100644 index 00000000..a16f7bde --- /dev/null +++ b/docs/sdk/next/build/building-apps/app-mempool.mdx @@ -0,0 +1,94 @@ +--- +title: Application Mempool +--- + +**Synopsis** +This section describes how the app-side mempool can be used and replaced. + + +Since `v0.47` the application has its own mempool to allow much more granular +block building than previous versions. This change was enabled by +[ABCI 1.0](https://github.com/cometbft/cometbft/blob/v0.37.0/spec/abci). +Notably it introduces the `PrepareProposal` and `ProcessProposal` steps of ABCI++. + + +**Pre-requisite Readings** + +* [BaseApp](/docs/sdk/vnext/learn/advanced/baseapp) +* [ABCI](/docs/sdk/vnext/build/abci/introduction) + + + +## Mempool + +There are countless designs that an application developer can write for a mempool, the SDK opted to provide only simple mempool implementations. +Namely, the SDK provides the following mempools: + +* [No-op Mempool](#no-op-mempool) +* [Sender Nonce Mempool](#sender-nonce-mempool) +* [Priority Nonce Mempool](#priority-nonce-mempool) + +By default, the SDK uses the [No-op Mempool](#no-op-mempool), but it can be replaced by the application developer in [`app.go`](/docs/sdk/vnext/build/building-apps/app-go-di): + +```go +nonceMempool := mempool.NewSenderNonceMempool() + mempoolOpt := baseapp.SetMempool(nonceMempool) + +baseAppOptions = append(baseAppOptions, mempoolOpt) +``` + +### No-op Mempool + +A no-op mempool is a mempool where transactions are completely discarded and ignored when BaseApp interacts with the mempool. +When this mempool is used, it is assumed that an application will rely on CometBFT's transaction ordering defined in `RequestPrepareProposal`, +which is FIFO-ordered by default. + +> Note: If a NoOp mempool is used, PrepareProposal and ProcessProposal both should be aware of this as +> PrepareProposal could include transactions that could fail verification in ProcessProposal. + +### Sender Nonce Mempool + +The nonce mempool is a mempool that keeps transactions from a sender sorted by nonce in order to avoid the issues with nonces. +It works by storing the transaction in a list sorted by the transaction nonce. When the proposer asks for transactions to be included in a block it randomly selects a sender and gets the first transaction in the list. It repeats this until the mempool is empty or the block is full. + +It is configurable with the following parameters: + +#### MaxTxs + +It is an integer value that sets the mempool in one of three modes, *bounded*, *unbounded*, or *disabled*. + +* **negative**: Disabled, mempool does not insert new transaction and return early. +* **zero**: Unbounded mempool has no transaction limit and will never fail with `ErrMempoolTxMaxCapacity`. +* **positive**: Bounded, it fails with `ErrMempoolTxMaxCapacity` when the `maxTx` value is the same as `CountTx()` + +#### Seed + +Set the seed for the random number generator used to select transactions from the mempool. + +### Priority Nonce Mempool + +The [priority nonce mempool](https://github.com/cosmos/cosmos-sdk/blob/main/types/mempool/priority_nonce_spec.md) is a mempool implementation that stores txs in a partially ordered set by 2 dimensions: + +* priority +* sender-nonce (sequence number) + +Internally it uses one priority ordered [skip list](https://pkg.go.dev/github.com/huandu/skiplist) and one skip list per sender ordered by sender-nonce (sequence number). When there are multiple txs from the same sender, they are not always comparable by priority to other sender txs and must be partially ordered by both sender-nonce and priority. + +It is configurable with the following parameters: + +#### MaxTxs + +It is an integer value that sets the mempool in one of three modes, *bounded*, *unbounded*, or *disabled*. + +* **negative**: Disabled, mempool does not insert new transaction and return early. +* **zero**: Unbounded mempool has no transaction limit and will never fail with `ErrMempoolTxMaxCapacity`. +* **positive**: Bounded, it fails with `ErrMempoolTxMaxCapacity` when the `maxTx` value is the same as `CountTx()` + +#### Callback + +The priority nonce mempool provides mempool options allowing the application to set callback(s). + +* **OnRead**: Set a callback to be called when a transaction is read from the mempool. +* **TxReplacement**: Sets a callback to be called when duplicate transaction nonce detected during mempool insert. Application can define a transaction replacement rule based on tx priority or certain transaction fields. + +More information on the SDK mempool implementation can be found in the [godocs](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/types/mempool). diff --git a/docs/sdk/next/build/building-apps/app-testnet.mdx b/docs/sdk/next/build/building-apps/app-testnet.mdx new file mode 100644 index 00000000..6bd02f48 --- /dev/null +++ b/docs/sdk/next/build/building-apps/app-testnet.mdx @@ -0,0 +1,256 @@ +--- +title: Application Testnets +description: >- + Building an application is complicated and requires a lot of testing. The + Cosmos SDK provides a way to test your application in a real-world + environment: a testnet. +--- +Building an application is complicated and requires a lot of testing. The Cosmos SDK provides a way to test your application in a real-world environment: a testnet. + +We allow developers to take the state from their mainnet and run tests against the state. This is useful for testing upgrade migrations, or for testing the application in a real-world environment. + +## Testnet Setup + +We will be breaking down the steps to create a testnet from mainnet state. + +```go +// InitSimAppForTestnet is broken down into two sections: + // Required Changes: Changes that, if not made, will cause the testnet to halt or panic + // Optional Changes: Changes to customize the testnet to one's liking (lower vote times, fund accounts, etc) + +func InitSimAppForTestnet(app *SimApp, newValAddr bytes.HexBytes, newValPubKey crypto.PubKey, newOperatorAddress, upgradeToTrigger string) *SimApp { + ... +} +``` + +### Required Changes + +#### Staking + +When creating a testnet the important part is to migrate the validator set from many validators to one or a few. This allows developers to spin up the chain without needing to replace validator keys. + +```go expandable +ctx := app.BaseApp.NewUncachedContext(true, tmproto.Header{ +}) + pubkey := &ed25519.PubKey{ + Key: newValPubKey.Bytes() +} + +pubkeyAny, err := types.NewAnyWithValue(pubkey) + if err != nil { + tmos.Exit(err.Error()) +} + + // STAKING + // + + // Create Validator struct for our new validator. + _, bz, err := bech32.DecodeAndConvert(newOperatorAddress) + if err != nil { + tmos.Exit(err.Error()) +} + +bech32Addr, err := bech32.ConvertAndEncode("simvaloper", bz) + if err != nil { + tmos.Exit(err.Error()) +} + newVal := stakingtypes.Validator{ + OperatorAddress: bech32Addr, + ConsensusPubkey: pubkeyAny, + Jailed: false, + Status: stakingtypes.Bonded, + Tokens: sdk.NewInt(900000000000000), + DelegatorShares: sdk.MustNewDecFromStr("10000000"), + Description: stakingtypes.Description{ + Moniker: "Testnet Validator", +}, + Commission: stakingtypes.Commission{ + CommissionRates: stakingtypes.CommissionRates{ + Rate: sdk.MustNewDecFromStr("0.05"), + MaxRate: sdk.MustNewDecFromStr("0.1"), + MaxChangeRate: sdk.MustNewDecFromStr("0.05"), +}, +}, + MinSelfDelegation: sdk.OneInt(), +} + + // Remove all validators from power store + stakingKey := app.GetKey(stakingtypes.ModuleName) + stakingStore := ctx.KVStore(stakingKey) + iterator := app.StakingKeeper.ValidatorsPowerStoreIterator(ctx) + for ; iterator.Valid(); iterator.Next() { + stakingStore.Delete(iterator.Key()) +} + +iterator.Close() + + // Remove all validators from last validators store + iterator = app.StakingKeeper.LastValidatorsIterator(ctx) + for ; iterator.Valid(); iterator.Next() { + app.StakingKeeper.LastValidatorPower.Delete(iterator.Key()) +} + +iterator.Close() + + // Add our validator to power and last validators store + app.StakingKeeper.SetValidator(ctx, newVal) + +err = app.StakingKeeper.SetValidatorByConsAddr(ctx, newVal) + if err != nil { + panic(err) +} + +app.StakingKeeper.SetValidatorByPowerIndex(ctx, newVal) + +app.StakingKeeper.SetLastValidatorPower(ctx, newVal.GetOperator(), 0) + if err := app.StakingKeeper.Hooks().AfterValidatorCreated(ctx, newVal.GetOperator()); err != nil { + panic(err) +} +``` + +#### Distribution + +Since the validator set has changed, we need to update the distribution records for the new validator. + +```go +// Initialize records for this validator across all distribution stores + app.DistrKeeper.ValidatorHistoricalRewards.Set(ctx, newVal.GetOperator(), 0, distrtypes.NewValidatorHistoricalRewards(sdk.DecCoins{ +}, 1)) + +app.DistrKeeper.ValidatorCurrentRewards.Set(ctx, newVal.GetOperator(), distrtypes.NewValidatorCurrentRewards(sdk.DecCoins{ +}, 1)) + +app.DistrKeeper.ValidatorAccumulatedCommission.Set(ctx, newVal.GetOperator(), distrtypes.InitialValidatorAccumulatedCommission()) + +app.DistrKeeper.ValidatorOutstandingRewards.Set(ctx, newVal.GetOperator(), distrtypes.ValidatorOutstandingRewards{ + Rewards: sdk.DecCoins{ +}}) +``` + +#### Slashing + +We also need to set the validator signing info for the new validator. + +```go expandable +// SLASHING + // + + // Set validator signing info for our new validator. + newConsAddr := sdk.ConsAddress(newValAddr.Bytes()) + newValidatorSigningInfo := slashingtypes.ValidatorSigningInfo{ + Address: newConsAddr.String(), + StartHeight: app.LastBlockHeight() - 1, + Tombstoned: false, +} + +app.SlashingKeeper.ValidatorSigningInfo.Set(ctx, newConsAddr, newValidatorSigningInfo) +``` + +#### Bank + +It is useful to create new accounts for your testing purposes. This avoids the need to have the same key as you may have on mainnet. + +```go expandable +// BANK + // + defaultCoins := sdk.NewCoins(sdk.NewInt64Coin("ustake", 1000000000000)) + localSimAppAccounts := []sdk.AccAddress{ + sdk.MustAccAddressFromBech32("cosmos12smx2wdlyttvyzvzg54y2vnqwq2qjateuf7thj"), + sdk.MustAccAddressFromBech32("cosmos1cyyzpxplxdzkeea7kwsydadg87357qnahakaks"), + sdk.MustAccAddressFromBech32("cosmos18s5lynnmx37hq4wlrw9gdn68sg2uxp5rgk26vv"), + sdk.MustAccAddressFromBech32("cosmos1qwexv7c6sm95lwhzn9027vyu2ccneaqad4w8ka"), + sdk.MustAccAddressFromBech32("cosmos14hcxlnwlqtq75ttaxf674vk6mafspg8xwgnn53"), + sdk.MustAccAddressFromBech32("cosmos12rr534cer5c0vj53eq4y32lcwguyy7nndt0u2t"), + sdk.MustAccAddressFromBech32("cosmos1nt33cjd5auzh36syym6azgc8tve0jlvklnq7jq"), + sdk.MustAccAddressFromBech32("cosmos10qfrpash5g2vk3hppvu45x0g860czur8ff5yx0"), + sdk.MustAccAddressFromBech32("cosmos1f4tvsdukfwh6s9swrc24gkuz23tp8pd3e9r5fa"), + sdk.MustAccAddressFromBech32("cosmos1myv43sqgnj5sm4zl98ftl45af9cfzk7nhjxjqh"), + sdk.MustAccAddressFromBech32("cosmos14gs9zqh8m49yy9kscjqu9h72exyf295afg6kgk"), + sdk.MustAccAddressFromBech32("cosmos1jllfytsz4dryxhz5tl7u73v29exsf80vz52ucc") +} + + // Fund localSimApp accounts + for _, account := range localSimAppAccounts { + err := app.BankKeeper.MintCoins(ctx, minttypes.ModuleName, defaultCoins) + if err != nil { + tmos.Exit(err.Error()) +} + +err = app.BankKeeper.SendCoinsFromModuleToAccount(ctx, minttypes.ModuleName, account, defaultCoins) + if err != nil { + tmos.Exit(err.Error()) +} + +} +``` + +#### Upgrade + +If you would like to schedule an upgrade the below can be used. + +```go expandable +// UPGRADE + // + if upgradeToTrigger != "" { + upgradePlan := upgradetypes.Plan{ + Name: upgradeToTrigger, + Height: app.LastBlockHeight(), +} + +err = app.UpgradeKeeper.ScheduleUpgrade(ctx, upgradePlan) + if err != nil { + panic(err) +} + +} +``` + +### Optional Changes + +If you have custom modules that rely on specific state from the above modules and/or you would like to test your custom module, you will need to update the state of your custom module to reflect your needs + +## Running the Testnet + +Before we can run the testnet we must plug everything together. + +in `root.go`, in the `initRootCmd` function we add: + +```diff + server.AddCommands(rootCmd, simapp.DefaultNodeHome, newApp, createSimAppAndExport, addModuleInitFlags) + ++ server.AddTestnetCreatorCommand(rootCmd, simapp.DefaultNodeHome, newTestnetApp, addModuleInitFlags) +``` + +Next we will add a newTestnetApp helper function: + +```diff expandable +// newTestnetApp starts by running the normal newApp method. From there, the app interface returned is modified in order +// for a testnet to be created from the provided app. +func newTestnetApp(logger log.Logger, db cometbftdb.DB, traceStore io.Writer, appOpts servertypes.AppOptions) servertypes.Application { + // Create an app and type cast to an SimApp + app := newApp(logger, db, traceStore, appOpts) + simApp, ok := app.(*simapp.SimApp) + if !ok { + panic("app created from newApp is not of type simApp") + } + + newValAddr, ok := appOpts.Get(server.KeyNewValAddr).(bytes.HexBytes) + if !ok { + panic("newValAddr is not of type bytes.HexBytes") + } + newValPubKey, ok := appOpts.Get(server.KeyUserPubKey).(crypto.PubKey) + if !ok { + panic("newValPubKey is not of type crypto.PubKey") + } + newOperatorAddress, ok := appOpts.Get(server.KeyNewOpAddr).(string) + if !ok { + panic("newOperatorAddress is not of type string") + } + upgradeToTrigger, ok := appOpts.Get(server.KeyTriggerTestnetUpgrade).(string) + if !ok { + panic("upgradeToTrigger is not of type string") + } + + // Make modifications to the normal SimApp required to run the network locally + return simapp.InitSimAppForTestnet(simApp, newValAddr, newValPubKey, newOperatorAddress, upgradeToTrigger) +} +``` diff --git a/docs/sdk/next/build/building-apps/app-upgrade.mdx b/docs/sdk/next/build/building-apps/app-upgrade.mdx new file mode 100644 index 00000000..5b4cb2b8 --- /dev/null +++ b/docs/sdk/next/build/building-apps/app-upgrade.mdx @@ -0,0 +1,218 @@ +--- +title: Application Upgrade +--- + +This document describes how to upgrade your application. If you are looking specifically for the changes to perform between SDK versions, see the [SDK migrations documentation](https://docs.cosmos.network/main/migrations/intro). + + + +This section is currently incomplete. Track the progress of this document [here](https://github.com/cosmos/cosmos-sdk/issues/11504). + + + +**Pre-requisite Readings** + +* [`x/upgrade` Documentation](https://docs.cosmos.network/main/modules/upgrade) + + + +## General Workflow + +Let's assume we are running v0.38.0 of our software in our testnet and want to upgrade to v0.40.0. +How would this look in practice? First, we want to finalize the v0.40.0 release candidate +and then install a specially named upgrade handler (e.g. "testnet-v2" or even "v0.40.0"). An upgrade +handler should be defined in a new version of the software to define what migrations +to run to migrate from the older version of the software. Naturally, this is app-specific rather +than module-specific, and must be defined in `app.go`, even if it imports logic from various +modules to perform the actions. You can register them with `upgradeKeeper.SetUpgradeHandler` +during the app initialization (before starting the abci server), and they serve not only to +perform a migration, but also to identify if this is the old or new version (e.g. presence of +a handler registered for the named upgrade). + +Once the release candidate along with an appropriate upgrade handler is frozen, +we can have a governance vote to approve this upgrade at some future block height (e.g. 200000). +This is known as an upgrade.Plan. The v0.38.0 code will not know of this handler, but will +continue to run until block 200000, when the plan kicks in at `BeginBlock`. It will check +for the existence of the handler, and finding it missing, know that it is running the obsolete software, +and gracefully exit. + +Generally the application binary will restart on exit, but then will execute this BeginBlocker +again and exit, causing a restart loop. Either the operator can manually install the new software, +or you can make use of an external watcher daemon to possibly download and then switch binaries, +also potentially doing a backup. The SDK tool for doing such, is called [Cosmovisor](https://docs.cosmos.network/main/tooling/cosmovisor). + +When the binary restarts with the upgraded version (here v0.40.0), it will detect we have registered the +"testnet-v2" upgrade handler in the code, and realize it is the new version. It then will run the upgrade handler +and *migrate the database in-place*. Once finished, it marks the upgrade as done, and continues processing +the rest of the block as normal. Once 2/3 of the voting power has upgraded, the blockchain will immediately +resume the consensus mechanism. If the majority of operators add a custom `do-upgrade` script, this should +be a matter of minutes and not even require them to be awake at that time. + +## Integrating With An App + + +The following is not required for users using `depinject`, this is abstracted for them. + + +In addition to basic module wiring, set up the upgrade Keeper for the app and then define a `PreBlocker` that calls the upgrade +keeper's PreBlocker method: + +```go +func (app *myApp) + +PreBlocker(ctx sdk.Context, req req.RequestFinalizeBlock) (*sdk.ResponsePreBlock, error) { + // For demonstration sake, the app PreBlocker only returns the upgrade module pre-blocker. + // In a real app, the module manager should call all pre-blockers + // return app.ModuleManager.PreBlock(ctx, req) + +return app.upgradeKeeper.PreBlocker(ctx, req) +} +``` + +The app must then integrate the upgrade keeper with its governance module as appropriate. The governance module +should call ScheduleUpgrade to schedule an upgrade and ClearUpgradePlan to cancel a pending upgrade. + +## Performing Upgrades + +Upgrades can be scheduled at a predefined block height. Once this block height is reached, the +existing software will cease to process ABCI messages and a new version with code that handles the upgrade must be deployed. +All upgrades are coordinated by a unique upgrade name that cannot be reused on the same blockchain. In order for the upgrade +module to know that the upgrade has been safely applied, a handler with the name of the upgrade must be installed. +Here is an example handler for an upgrade named "my-fancy-upgrade": + +```go +app.upgradeKeeper.SetUpgradeHandler("my-fancy-upgrade", func(ctx context.Context, plan upgrade.Plan) { + // Perform any migrations of the state store needed for this upgrade +}) +``` + +This upgrade handler performs the dual function of alerting the upgrade module that the named upgrade has been applied, +as well as providing the opportunity for the upgraded software to perform any necessary state migrations. Both the halt +(with the old binary) and applying the migration (with the new binary) are enforced in the state machine. Actually +switching the binaries is an ops task and not handled inside the sdk / abci app. + +Here is a sample code to set store migrations with an upgrade: + +```go expandable +// this configures a no-op upgrade handler for the "my-fancy-upgrade" upgrade +app.UpgradeKeeper.SetUpgradeHandler("my-fancy-upgrade", func(ctx context.Context, plan upgrade.Plan) { + // upgrade changes here +}) + +upgradeInfo, err := app.UpgradeKeeper.ReadUpgradeInfoFromDisk() + if err != nil { + // handle error +} + if upgradeInfo.Name == "my-fancy-upgrade" && !app.UpgradeKeeper.IsSkipHeight(upgradeInfo.Height) { + storeUpgrades := store.StoreUpgrades{ + Renamed: []store.StoreRename{{ + OldKey: "foo", + NewKey: "bar", +}}, + Deleted: []string{ +}, +} + // configure store loader that checks if version == upgradeHeight and applies store upgrades + app.SetStoreLoader(upgrade.UpgradeStoreLoader(upgradeInfo.Height, &storeUpgrades)) +} +``` + +## Halt Behavior + +Before halting the ABCI state machine in the BeginBlocker method, the upgrade module will log an error +that looks like: + +```text + UPGRADE "" NEEDED at height : +``` + +where `Name` and `Info` are the values of the respective fields on the upgrade Plan. + +To perform the actual halt of the blockchain, the upgrade keeper simply panics which prevents the ABCI state machine +from proceeding but doesn't actually exit the process. Exiting the process can cause issues for other nodes that start +to lose connectivity with the exiting nodes, thus this module prefers to just halt but not exit. + +## Automation + +Read more about [Cosmovisor](https://docs.cosmos.network/main/tooling/cosmovisor), the tool for automating upgrades. + +## Canceling Upgrades + +There are two ways to cancel a planned upgrade - with on-chain governance or off-chain social consensus. +For the first one, there is a `CancelSoftwareUpgrade` governance proposal, which can be voted on and will +remove the scheduled upgrade plan. Of course this requires that the upgrade was known to be a bad idea +well before the upgrade itself, to allow time for a vote. If you want to allow such a possibility, you +should set the upgrade height to be `2 * (votingperiod + depositperiod) + (safety delta)` from the beginning of +the first upgrade proposal. Safety delta is the time available from the success of an upgrade proposal +and the realization it was a bad idea (due to external testing). You can also start a `CancelSoftwareUpgrade` +proposal while the original `SoftwareUpgrade` proposal is still being voted upon, as long as the voting +period ends after the `SoftwareUpgrade` proposal. + +However, let's assume that we don't realize the upgrade has a bug until shortly before it will occur +(or while we try it out - hitting some panic in the migration). It would seem the blockchain is stuck, +but we need to allow an escape for social consensus to overrule the planned upgrade. To do so, there's +a `--unsafe-skip-upgrades` flag to the start command, which will cause the node to mark the upgrade +as done upon hitting the planned upgrade height(s), without halting and without actually performing a migration. +If over two-thirds run their nodes with this flag on the old binary, it will allow the chain to continue through +the upgrade with a manual override. (This must be well-documented for anyone syncing from genesis later on). + +Example: + +```shell + start --unsafe-skip-upgrades ... +``` + +## Pre-Upgrade Handling + +Cosmovisor supports custom pre-upgrade handling. Use pre-upgrade handling when you need to implement application config changes that are required in the newer version before you perform the upgrade. + +Using Cosmovisor pre-upgrade handling is optional. If pre-upgrade handling is not implemented, the upgrade continues. + +For example, make the required new-version changes to `app.toml` settings during the pre-upgrade handling. The pre-upgrade handling process means that the file does not have to be manually updated after the upgrade. + +Before the application binary is upgraded, Cosmovisor calls a `pre-upgrade` command that can be implemented by the application. + +The `pre-upgrade` command does not take in any command-line arguments and is expected to terminate with the following exit codes: + +| Exit status code | How it is handled in Cosmosvisor | +| ---------------- | ------------------------------------------------------------------------------------------------------------------- | +| `0` | Assumes `pre-upgrade` command executed successfully and continues the upgrade. | +| `1` | Default exit code when `pre-upgrade` command has not been implemented. | +| `30` | `pre-upgrade` command was executed but failed. This fails the entire upgrade. | +| `31` | `pre-upgrade` command was executed but failed. But the command is retried until exit code `1` or `30` are returned. | + +## Sample + +Here is a sample structure of the `pre-upgrade` command: + +```go expandable +func preUpgradeCommand() *cobra.Command { + cmd := &cobra.Command{ + Use: "pre-upgrade", + Short: "Pre-upgrade command", + Long: "Pre-upgrade command to implement custom pre-upgrade handling", + Run: func(cmd *cobra.Command, args []string) { + err := HandlePreUpgrade() + if err != nil { + os.Exit(30) +} + +os.Exit(0) +}, +} + +return cmd +} +``` + +Ensure that the pre-upgrade command has been registered in the application: + +```go +rootCmd.AddCommand( + // .. + preUpgradeCommand(), + // .. + ) +``` + +When not using Cosmovisor, ensure to run ` pre-upgrade` before starting the application binary. diff --git a/docs/sdk/next/build/building-apps/runtime.mdx b/docs/sdk/next/build/building-apps/runtime.mdx new file mode 100644 index 00000000..916e6411 --- /dev/null +++ b/docs/sdk/next/build/building-apps/runtime.mdx @@ -0,0 +1,1876 @@ +--- +title: What is `runtime`? +description: >- + The runtime package in the Cosmos SDK provides a flexible framework for + configuring and managing blockchain applications. It serves as the foundation + for creating modular blockchain applications using a declarative configuration + approach. +--- +The `runtime` package in the Cosmos SDK provides a flexible framework for configuring and managing blockchain applications. It serves as the foundation for creating modular blockchain applications using a declarative configuration approach. + +## Overview + +The runtime package acts as a wrapper around the `BaseApp` and `ModuleManager`, offering a hybrid approach where applications can be configured both declaratively through configuration files and programmatically through traditional methods. +It is a layer of abstraction between `baseapp` and the application modules that simplifies the process of building a Cosmos SDK application. + +## Core Components + +### App Structure + +The runtime App struct contains several key components: + +```go +type App struct { + *baseapp.BaseApp + ModuleManager *module.Manager + configurator module.Configurator + config *runtimev1alpha1.Module + storeKeys []storetypes.StoreKey + // ... other fields +} +``` + +Cosmos SDK applications should embed the `*runtime.App` struct to leverage the runtime module. + +```go expandable +//go:build !app_v1 + +package simapp + +import ( + + "io" + + dbm "github.com/cosmos/cosmos-db" + + clienthelpers "cosmossdk.io/client/v2/helpers" + "cosmossdk.io/depinject" + "cosmossdk.io/log" + storetypes "cosmossdk.io/store/types" + circuitkeeper "cosmossdk.io/x/circuit/keeper" + evidencekeeper "cosmossdk.io/x/evidence/keeper" + feegrantkeeper "cosmossdk.io/x/feegrant/keeper" + nftkeeper "cosmossdk.io/x/nft/keeper" + upgradekeeper "cosmossdk.io/x/upgrade/keeper" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + "github.com/cosmos/cosmos-sdk/runtime" + "github.com/cosmos/cosmos-sdk/server" + "github.com/cosmos/cosmos-sdk/server/api" + "github.com/cosmos/cosmos-sdk/server/config" + servertypes "github.com/cosmos/cosmos-sdk/server/types" + testdata_pulsar "github.com/cosmos/cosmos-sdk/testutil/testdata/testpb" + "github.com/cosmos/cosmos-sdk/types/module" + "github.com/cosmos/cosmos-sdk/x/auth" + "github.com/cosmos/cosmos-sdk/x/auth/ante" + authkeeper "github.com/cosmos/cosmos-sdk/x/auth/keeper" + authsims "github.com/cosmos/cosmos-sdk/x/auth/simulation" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + authzkeeper "github.com/cosmos/cosmos-sdk/x/authz/keeper" + bankkeeper "github.com/cosmos/cosmos-sdk/x/bank/keeper" + consensuskeeper "github.com/cosmos/cosmos-sdk/x/consensus/keeper" + distrkeeper "github.com/cosmos/cosmos-sdk/x/distribution/keeper" + epochskeeper "github.com/cosmos/cosmos-sdk/x/epochs/keeper" + govkeeper "github.com/cosmos/cosmos-sdk/x/gov/keeper" + groupkeeper "github.com/cosmos/cosmos-sdk/x/group/keeper" + mintkeeper "github.com/cosmos/cosmos-sdk/x/mint/keeper" + protocolpoolkeeper "github.com/cosmos/cosmos-sdk/x/protocolpool/keeper" + slashingkeeper "github.com/cosmos/cosmos-sdk/x/slashing/keeper" + stakingkeeper "github.com/cosmos/cosmos-sdk/x/staking/keeper" +) + +// DefaultNodeHome default home directories for the application daemon +var DefaultNodeHome string + +var ( + _ runtime.AppI = (*SimApp)(nil) + _ servertypes.Application = (*SimApp)(nil) +) + +// SimApp extends an ABCI application, but with most of its parameters exported. +// They are exported for convenience in creating helper functions, as object +// capabilities aren't needed for testing. +type SimApp struct { + *runtime.App + legacyAmino *codec.LegacyAmino + appCodec codec.Codec + txConfig client.TxConfig + interfaceRegistry codectypes.InterfaceRegistry + + // essential keepers + AccountKeeper authkeeper.AccountKeeper + BankKeeper bankkeeper.BaseKeeper + StakingKeeper *stakingkeeper.Keeper + SlashingKeeper slashingkeeper.Keeper + MintKeeper mintkeeper.Keeper + DistrKeeper distrkeeper.Keeper + GovKeeper *govkeeper.Keeper + UpgradeKeeper *upgradekeeper.Keeper + EvidenceKeeper evidencekeeper.Keeper + ConsensusParamsKeeper consensuskeeper.Keeper + CircuitKeeper circuitkeeper.Keeper + + // supplementary keepers + FeeGrantKeeper feegrantkeeper.Keeper + GroupKeeper groupkeeper.Keeper + AuthzKeeper authzkeeper.Keeper + NFTKeeper nftkeeper.Keeper + EpochsKeeper epochskeeper.Keeper + ProtocolPoolKeeper protocolpoolkeeper.Keeper + + // simulation manager + sm *module.SimulationManager +} + +func init() { + var err error + DefaultNodeHome, err = clienthelpers.GetNodeHomeDirectory(".simapp") + if err != nil { + panic(err) +} +} + +// NewSimApp returns a reference to an initialized SimApp. +func NewSimApp( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), +) *SimApp { + var ( + app = &SimApp{ +} + +appBuilder *runtime.AppBuilder + + // merge the AppConfig and other configuration in one config + appConfig = depinject.Configs( + AppConfig, + depinject.Supply( + // supply the application options + appOpts, + // supply the logger + logger, + + // ADVANCED CONFIGURATION + + // + // AUTH + // + // For providing a custom function required in auth to generate custom account types + // add it below. By default the auth module uses simulation.RandomGenesisAccounts. + // + // authtypes.RandomGenesisAccountsFn(simulation.RandomGenesisAccounts), + // + // For providing a custom a base account type add it below. + // By default the auth module uses authtypes.ProtoBaseAccount(). + // + // func() + +sdk.AccountI { + return authtypes.ProtoBaseAccount() +}, + // + // For providing a different address codec, add it below. + // By default the auth module uses a Bech32 address codec, + // with the prefix defined in the auth module configuration. + // + // func() + +address.Codec { + return <- custom address codec type -> +} + // + // STAKING + // + // For provinding a different validator and consensus address codec, add it below. + // By default the staking module uses the bech32 prefix provided in the auth config, + // and appends "valoper" and "valcons" for validator and consensus addresses respectively. + // When providing a custom address codec in auth, custom address codecs must be provided here as well. + // + // func() + +runtime.ValidatorAddressCodec { + return <- custom validator address codec type -> +} + // func() + +runtime.ConsensusAddressCodec { + return <- custom consensus address codec type -> +} + + // + // MINT + // + + // For providing a custom inflation function for x/mint add here your + // custom minting function that implements the mintkeeper.MintFn + // interface. + ), + ) + ) + if err := depinject.Inject(appConfig, + &appBuilder, + &app.appCodec, + &app.legacyAmino, + &app.txConfig, + &app.interfaceRegistry, + &app.AccountKeeper, + &app.BankKeeper, + &app.StakingKeeper, + &app.SlashingKeeper, + &app.MintKeeper, + &app.DistrKeeper, + &app.GovKeeper, + &app.UpgradeKeeper, + &app.AuthzKeeper, + &app.EvidenceKeeper, + &app.FeeGrantKeeper, + &app.GroupKeeper, + &app.NFTKeeper, + &app.ConsensusParamsKeeper, + &app.CircuitKeeper, + &app.EpochsKeeper, + &app.ProtocolPoolKeeper, + ); err != nil { + panic(err) +} + + // Below we could construct and set an application specific mempool and + // ABCI 1.0 PrepareProposal and ProcessProposal handlers. These defaults are + // already set in the SDK's BaseApp, this shows an example of how to override + // them. + // + // Example: + // + // app.App = appBuilder.Build(...) + // nonceMempool := mempool.NewSenderNonceMempool() + // abciPropHandler := NewDefaultProposalHandler(nonceMempool, app.App.BaseApp) + // + // app.App.BaseApp.SetMempool(nonceMempool) + // app.App.BaseApp.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // app.App.BaseApp.SetProcessProposal(abciPropHandler.ProcessProposalHandler()) + // + // Alternatively, you can construct BaseApp options, append those to + // baseAppOptions and pass them to the appBuilder. + // + // Example: + // + // prepareOpt = func(app *baseapp.BaseApp) { + // abciPropHandler := baseapp.NewDefaultProposalHandler(nonceMempool, app) + // app.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // +} + // baseAppOptions = append(baseAppOptions, prepareOpt) + + // create and set dummy vote extension handler + voteExtOp := func(bApp *baseapp.BaseApp) { + voteExtHandler := NewVoteExtensionHandler() + +voteExtHandler.SetHandlers(bApp) +} + +baseAppOptions = append(baseAppOptions, voteExtOp, baseapp.SetOptimisticExecution()) + +app.App = appBuilder.Build(db, traceStore, baseAppOptions...) + + // register streaming services + if err := app.RegisterStreamingServices(appOpts, app.kvStoreKeys()); err != nil { + panic(err) +} + + /**** Module Options ****/ + + // RegisterUpgradeHandlers is used for registering any on-chain upgrades. + app.RegisterUpgradeHandlers() + + // add test gRPC service for testing gRPC queries in isolation + testdata_pulsar.RegisterQueryServer(app.GRPCQueryRouter(), testdata_pulsar.QueryImpl{ +}) + + // create the simulation manager and define the order of the modules for deterministic simulations + // + // NOTE: this is not required apps that don't use the simulator for fuzz testing + // transactions + overrideModules := map[string]module.AppModuleSimulation{ + authtypes.ModuleName: auth.NewAppModule(app.appCodec, app.AccountKeeper, authsims.RandomGenesisAccounts, nil), +} + +app.sm = module.NewSimulationManagerFromAppModules(app.ModuleManager.Modules, overrideModules) + +app.sm.RegisterStoreDecoders() + + // A custom InitChainer can be set if extra pre-init-genesis logic is required. + // By default, when using app wiring enabled module, this is not required. + // For instance, the upgrade module will set automatically the module version map in its init genesis thanks to app wiring. + // However, when registering a module manually (i.e. that does not support app wiring), the module version map + // must be set manually as follow. The upgrade module will de-duplicate the module version map. + // + // app.SetInitChainer(func(ctx sdk.Context, req *abci.RequestInitChain) (*abci.ResponseInitChain, error) { + // app.UpgradeKeeper.SetModuleVersionMap(ctx, app.ModuleManager.GetVersionMap()) + // return app.App.InitChainer(ctx, req) + // +}) + + // set custom ante handler + app.setAnteHandler(app.txConfig) + if err := app.Load(loadLatest); err != nil { + panic(err) +} + +return app +} + +// setAnteHandler sets custom ante handlers. +// "x/auth/tx" pre-defined ante handler have been disabled in app_config. +func (app *SimApp) + +setAnteHandler(txConfig client.TxConfig) { + anteHandler, err := NewAnteHandler( + HandlerOptions{ + ante.HandlerOptions{ + AccountKeeper: app.AccountKeeper, + BankKeeper: app.BankKeeper, + SignModeHandler: txConfig.SignModeHandler(), + FeegrantKeeper: app.FeeGrantKeeper, + SigGasConsumer: ante.DefaultSigVerificationGasConsumer, +}, + &app.CircuitKeeper, +}, + ) + if err != nil { + panic(err) +} + + // Set the AnteHandler for the app + app.SetAnteHandler(anteHandler) +} + +// LegacyAmino returns SimApp's amino codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +LegacyAmino() *codec.LegacyAmino { + return app.legacyAmino +} + +// AppCodec returns SimApp's app codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +AppCodec() + +codec.Codec { + return app.appCodec +} + +// InterfaceRegistry returns SimApp's InterfaceRegistry. +func (app *SimApp) + +InterfaceRegistry() + +codectypes.InterfaceRegistry { + return app.interfaceRegistry +} + +// TxConfig returns SimApp's TxConfig +func (app *SimApp) + +TxConfig() + +client.TxConfig { + return app.txConfig +} + +// GetKey returns the KVStoreKey for the provided store key. +// +// NOTE: This is solely to be used for testing purposes. +func (app *SimApp) + +GetKey(storeKey string) *storetypes.KVStoreKey { + sk := app.UnsafeFindStoreKey(storeKey) + +kvStoreKey, ok := sk.(*storetypes.KVStoreKey) + if !ok { + return nil +} + +return kvStoreKey +} + +func (app *SimApp) + +kvStoreKeys() + +map[string]*storetypes.KVStoreKey { + keys := make(map[string]*storetypes.KVStoreKey) + for _, k := range app.GetStoreKeys() { + if kv, ok := k.(*storetypes.KVStoreKey); ok { + keys[kv.Name()] = kv +} + +} + +return keys +} + +// SimulationManager implements the SimulationApp interface +func (app *SimApp) + +SimulationManager() *module.SimulationManager { + return app.sm +} + +// RegisterAPIRoutes registers all application module routes with the provided +// API server. +func (app *SimApp) + +RegisterAPIRoutes(apiSvr *api.Server, apiConfig config.APIConfig) { + app.App.RegisterAPIRoutes(apiSvr, apiConfig) + // register swagger API in app.go so that other applications can override easily + if err := server.RegisterSwaggerAPI(apiSvr.ClientCtx, apiSvr.Router, apiConfig.Swagger); err != nil { + panic(err) +} +} + +// GetMaccPerms returns a copy of the module account permissions +// +// NOTE: This is solely to be used for testing purposes. +func GetMaccPerms() + +map[string][]string { + dup := make(map[string][]string) + for _, perms := range moduleAccPerms { + dup[perms.Account] = perms.Permissions +} + +return dup +} + +// BlockedAddresses returns all the app's blocked account addresses. +func BlockedAddresses() + +map[string]bool { + result := make(map[string]bool) + if len(blockAccAddrs) > 0 { + for _, addr := range blockAccAddrs { + result[addr] = true +} + +} + +else { + for addr := range GetMaccPerms() { + result[addr] = true +} + +} + +return result +} +``` + +### Configuration + +The runtime module is configured using App Wiring. The main configuration object is the [`Module` message](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/proto/cosmos/app/runtime/v1alpha1/module.proto), which supports the following key settings: + +* `app_name`: The name of the application +* `begin_blockers`: List of module names to call during BeginBlock +* `end_blockers`: List of module names to call during EndBlock +* `init_genesis`: Order of module initialization during genesis +* `export_genesis`: Order for exporting module genesis data +* `pre_blockers`: Modules to execute before block processing + +Learn more about wiring `runtime` in the [next section](/docs/sdk/vnext/build/building-apps/app-go-di). + +#### Store Configuration + +By default, the runtime module uses the module name as the store key. +However it provides a flexible store key configuration through: + +* `override_store_keys`: Allows customizing module store keys +* `skip_store_keys`: Specifies store keys to skip during keeper construction + +Example configuration: + +```go expandable +package simapp + +import ( + + "time" + "google.golang.org/protobuf/types/known/durationpb" + + runtimev1alpha1 "cosmossdk.io/api/cosmos/app/runtime/v1alpha1" + appv1alpha1 "cosmossdk.io/api/cosmos/app/v1alpha1" + authmodulev1 "cosmossdk.io/api/cosmos/auth/module/v1" + authzmodulev1 "cosmossdk.io/api/cosmos/authz/module/v1" + bankmodulev1 "cosmossdk.io/api/cosmos/bank/module/v1" + circuitmodulev1 "cosmossdk.io/api/cosmos/circuit/module/v1" + consensusmodulev1 "cosmossdk.io/api/cosmos/consensus/module/v1" + distrmodulev1 "cosmossdk.io/api/cosmos/distribution/module/v1" + epochsmodulev1 "cosmossdk.io/api/cosmos/epochs/module/v1" + evidencemodulev1 "cosmossdk.io/api/cosmos/evidence/module/v1" + feegrantmodulev1 "cosmossdk.io/api/cosmos/feegrant/module/v1" + genutilmodulev1 "cosmossdk.io/api/cosmos/genutil/module/v1" + govmodulev1 "cosmossdk.io/api/cosmos/gov/module/v1" + groupmodulev1 "cosmossdk.io/api/cosmos/group/module/v1" + mintmodulev1 "cosmossdk.io/api/cosmos/mint/module/v1" + nftmodulev1 "cosmossdk.io/api/cosmos/nft/module/v1" + protocolpoolmodulev1 "cosmossdk.io/api/cosmos/protocolpool/module/v1" + slashingmodulev1 "cosmossdk.io/api/cosmos/slashing/module/v1" + stakingmodulev1 "cosmossdk.io/api/cosmos/staking/module/v1" + txconfigv1 "cosmossdk.io/api/cosmos/tx/config/v1" + upgrademodulev1 "cosmossdk.io/api/cosmos/upgrade/module/v1" + vestingmodulev1 "cosmossdk.io/api/cosmos/vesting/module/v1" + "cosmossdk.io/core/appconfig" + "cosmossdk.io/depinject" + _ "cosmossdk.io/x/circuit" // import for side-effects + circuittypes "cosmossdk.io/x/circuit/types" + _ "cosmossdk.io/x/evidence" // import for side-effects + evidencetypes "cosmossdk.io/x/evidence/types" + "cosmossdk.io/x/feegrant" + _ "cosmossdk.io/x/feegrant/module" // import for side-effects + "cosmossdk.io/x/nft" + _ "cosmossdk.io/x/nft/module" // import for side-effects + _ "cosmossdk.io/x/upgrade" // import for side-effects + upgradetypes "cosmossdk.io/x/upgrade/types" + "github.com/cosmos/cosmos-sdk/runtime" + "github.com/cosmos/cosmos-sdk/types/module" + _ "github.com/cosmos/cosmos-sdk/x/auth/tx/config" // import for side-effects + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + _ "github.com/cosmos/cosmos-sdk/x/auth/vesting" // import for side-effects + vestingtypes "github.com/cosmos/cosmos-sdk/x/auth/vesting/types" + "github.com/cosmos/cosmos-sdk/x/authz" + _ "github.com/cosmos/cosmos-sdk/x/authz/module" // import for side-effects + _ "github.com/cosmos/cosmos-sdk/x/bank" // import for side-effects + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" + _ "github.com/cosmos/cosmos-sdk/x/consensus" // import for side-effects + consensustypes "github.com/cosmos/cosmos-sdk/x/consensus/types" + _ "github.com/cosmos/cosmos-sdk/x/distribution" // import for side-effects + distrtypes "github.com/cosmos/cosmos-sdk/x/distribution/types" + _ "github.com/cosmos/cosmos-sdk/x/epochs" // import for side-effects + epochstypes "github.com/cosmos/cosmos-sdk/x/epochs/types" + "github.com/cosmos/cosmos-sdk/x/genutil" + genutiltypes "github.com/cosmos/cosmos-sdk/x/genutil/types" + "github.com/cosmos/cosmos-sdk/x/gov" + govclient "github.com/cosmos/cosmos-sdk/x/gov/client" + govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" + "github.com/cosmos/cosmos-sdk/x/group" + _ "github.com/cosmos/cosmos-sdk/x/group/module" // import for side-effects + _ "github.com/cosmos/cosmos-sdk/x/mint" // import for side-effects + minttypes "github.com/cosmos/cosmos-sdk/x/mint/types" + _ "github.com/cosmos/cosmos-sdk/x/protocolpool" // import for side-effects + protocolpooltypes "github.com/cosmos/cosmos-sdk/x/protocolpool/types" + _ "github.com/cosmos/cosmos-sdk/x/slashing" // import for side-effects + slashingtypes "github.com/cosmos/cosmos-sdk/x/slashing/types" + _ "github.com/cosmos/cosmos-sdk/x/staking" // import for side-effects + stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types" +) + +var ( + // module account permissions + moduleAccPerms = []*authmodulev1.ModuleAccountPermission{ + { + Account: authtypes.FeeCollectorName +}, + { + Account: distrtypes.ModuleName +}, + { + Account: minttypes.ModuleName, + Permissions: []string{ + authtypes.Minter +}}, + { + Account: stakingtypes.BondedPoolName, + Permissions: []string{ + authtypes.Burner, stakingtypes.ModuleName +}}, + { + Account: stakingtypes.NotBondedPoolName, + Permissions: []string{ + authtypes.Burner, stakingtypes.ModuleName +}}, + { + Account: govtypes.ModuleName, + Permissions: []string{ + authtypes.Burner +}}, + { + Account: nft.ModuleName +}, + { + Account: protocolpooltypes.ModuleName +}, + { + Account: protocolpooltypes.ProtocolPoolEscrowAccount +}, +} + + // blocked account addresses + blockAccAddrs = []string{ + authtypes.FeeCollectorName, + distrtypes.ModuleName, + minttypes.ModuleName, + stakingtypes.BondedPoolName, + stakingtypes.NotBondedPoolName, + nft.ModuleName, + // We allow the following module accounts to receive funds: + // govtypes.ModuleName +} + +ModuleConfig = []*appv1alpha1.ModuleConfig{ + { + Name: runtime.ModuleName, + Config: appconfig.WrapAny(&runtimev1alpha1.Module{ + AppName: "SimApp", + // NOTE: upgrade module is required to be prioritized + PreBlockers: []string{ + upgradetypes.ModuleName, + authtypes.ModuleName, +}, + // During begin block slashing happens after distr.BeginBlocker so that + // there is nothing left over in the validator fee pool, so as to keep the + // CanWithdrawInvariant invariant. + // NOTE: staking module is required if HistoricalEntries param > 0 + BeginBlockers: []string{ + minttypes.ModuleName, + distrtypes.ModuleName, + protocolpooltypes.ModuleName, + slashingtypes.ModuleName, + evidencetypes.ModuleName, + stakingtypes.ModuleName, + authz.ModuleName, + epochstypes.ModuleName, +}, + EndBlockers: []string{ + govtypes.ModuleName, + stakingtypes.ModuleName, + feegrant.ModuleName, + group.ModuleName, + protocolpooltypes.ModuleName, +}, + OverrideStoreKeys: []*runtimev1alpha1.StoreKeyConfig{ + { + ModuleName: authtypes.ModuleName, + KvStoreKey: "acc", +}, +}, + SkipStoreKeys: []string{ + "tx", +}, + // NOTE: The genutils module must occur after staking so that pools are + // properly initialized with tokens from genesis accounts. + // NOTE: The genutils module must also occur after auth so that it can access the params from auth. + InitGenesis: []string{ + authtypes.ModuleName, + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + nft.ModuleName, + group.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + circuittypes.ModuleName, + epochstypes.ModuleName, + protocolpooltypes.ModuleName, +}, + // When ExportGenesis is not specified, the export genesis module order + // is equal to the init genesis order + ExportGenesis: []string{ + consensustypes.ModuleName, + authtypes.ModuleName, + protocolpooltypes.ModuleName, // Must be exported before bank + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + nft.ModuleName, + group.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + circuittypes.ModuleName, + epochstypes.ModuleName, +}, + // Uncomment if you want to set a custom migration order here. + // OrderMigrations: []string{ +}, +}), +}, + { + Name: authtypes.ModuleName, + Config: appconfig.WrapAny(&authmodulev1.Module{ + Bech32Prefix: "cosmos", + ModuleAccountPermissions: moduleAccPerms, + // By default modules authority is the governance module. This is configurable with the following: + // Authority: "group", // A custom module authority can be set using a module name + // Authority: "cosmos1cwwv22j5ca08ggdv9c2uky355k908694z577tv", // or a specific address + EnableUnorderedTransactions: true, +}), +}, + { + Name: vestingtypes.ModuleName, + Config: appconfig.WrapAny(&vestingmodulev1.Module{ +}), +}, + { + Name: banktypes.ModuleName, + Config: appconfig.WrapAny(&bankmodulev1.Module{ + BlockedModuleAccountsOverride: blockAccAddrs, +}), +}, + { + Name: stakingtypes.ModuleName, + Config: appconfig.WrapAny(&stakingmodulev1.Module{ + // NOTE: specifying a prefix is only necessary when using bech32 addresses + // If not specfied, the auth Bech32Prefix appended with "valoper" and "valcons" is used by default + Bech32PrefixValidator: "cosmosvaloper", + Bech32PrefixConsensus: "cosmosvalcons", +}), +}, + { + Name: slashingtypes.ModuleName, + Config: appconfig.WrapAny(&slashingmodulev1.Module{ +}), +}, + { + Name: "tx", + Config: appconfig.WrapAny(&txconfigv1.Config{ + SkipAnteHandler: true, // Enable this to skip the default antehandlers and set custom ante handlers. +}), +}, + { + Name: genutiltypes.ModuleName, + Config: appconfig.WrapAny(&genutilmodulev1.Module{ +}), +}, + { + Name: authz.ModuleName, + Config: appconfig.WrapAny(&authzmodulev1.Module{ +}), +}, + { + Name: upgradetypes.ModuleName, + Config: appconfig.WrapAny(&upgrademodulev1.Module{ +}), +}, + { + Name: distrtypes.ModuleName, + Config: appconfig.WrapAny(&distrmodulev1.Module{ +}), +}, + { + Name: evidencetypes.ModuleName, + Config: appconfig.WrapAny(&evidencemodulev1.Module{ +}), +}, + { + Name: minttypes.ModuleName, + Config: appconfig.WrapAny(&mintmodulev1.Module{ +}), +}, + { + Name: group.ModuleName, + Config: appconfig.WrapAny(&groupmodulev1.Module{ + MaxExecutionPeriod: durationpb.New(time.Second * 1209600), + MaxMetadataLen: 255, +}), +}, + { + Name: nft.ModuleName, + Config: appconfig.WrapAny(&nftmodulev1.Module{ +}), +}, + { + Name: feegrant.ModuleName, + Config: appconfig.WrapAny(&feegrantmodulev1.Module{ +}), +}, + { + Name: govtypes.ModuleName, + Config: appconfig.WrapAny(&govmodulev1.Module{ +}), +}, + { + Name: consensustypes.ModuleName, + Config: appconfig.WrapAny(&consensusmodulev1.Module{ +}), +}, + { + Name: circuittypes.ModuleName, + Config: appconfig.WrapAny(&circuitmodulev1.Module{ +}), +}, + { + Name: epochstypes.ModuleName, + Config: appconfig.WrapAny(&epochsmodulev1.Module{ +}), +}, + { + Name: protocolpooltypes.ModuleName, + Config: appconfig.WrapAny(&protocolpoolmodulev1.Module{ +}), +}, +} + + // AppConfig is application configuration (used by depinject) + +AppConfig = depinject.Configs(appconfig.Compose(&appv1alpha1.Config{ + Modules: ModuleConfig, +}), + depinject.Supply( + // supply custom module basics + map[string]module.AppModuleBasic{ + genutiltypes.ModuleName: genutil.NewAppModuleBasic(genutiltypes.DefaultMessageValidator), + govtypes.ModuleName: gov.NewAppModuleBasic( + []govclient.ProposalHandler{ +}, + ), +}, + ), + ) +) +``` + +## Key Features + +### 1. BaseApp and other Core SDK components integration + +The runtime module integrates with the `BaseApp` and other core SDK components to provide a seamless experience for developers. + +The developer only needs to embed the `runtime.App` struct in their application to leverage the runtime module. +The configuration of the module manager and other core components is handled internally via the [`AppBuilder`](#4-application-building). + +### 2. Module Registration + +Runtime has built-in support for [`depinject`-enabled modules](/docs/sdk/vnext/build/building-modules/depinject). +Such modules can be registered through the configuration file (often named `app_config.go`), with no additional code required. + +```go expandable +package simapp + +import ( + + "time" + "google.golang.org/protobuf/types/known/durationpb" + + runtimev1alpha1 "cosmossdk.io/api/cosmos/app/runtime/v1alpha1" + appv1alpha1 "cosmossdk.io/api/cosmos/app/v1alpha1" + authmodulev1 "cosmossdk.io/api/cosmos/auth/module/v1" + authzmodulev1 "cosmossdk.io/api/cosmos/authz/module/v1" + bankmodulev1 "cosmossdk.io/api/cosmos/bank/module/v1" + circuitmodulev1 "cosmossdk.io/api/cosmos/circuit/module/v1" + consensusmodulev1 "cosmossdk.io/api/cosmos/consensus/module/v1" + distrmodulev1 "cosmossdk.io/api/cosmos/distribution/module/v1" + epochsmodulev1 "cosmossdk.io/api/cosmos/epochs/module/v1" + evidencemodulev1 "cosmossdk.io/api/cosmos/evidence/module/v1" + feegrantmodulev1 "cosmossdk.io/api/cosmos/feegrant/module/v1" + genutilmodulev1 "cosmossdk.io/api/cosmos/genutil/module/v1" + govmodulev1 "cosmossdk.io/api/cosmos/gov/module/v1" + groupmodulev1 "cosmossdk.io/api/cosmos/group/module/v1" + mintmodulev1 "cosmossdk.io/api/cosmos/mint/module/v1" + nftmodulev1 "cosmossdk.io/api/cosmos/nft/module/v1" + protocolpoolmodulev1 "cosmossdk.io/api/cosmos/protocolpool/module/v1" + slashingmodulev1 "cosmossdk.io/api/cosmos/slashing/module/v1" + stakingmodulev1 "cosmossdk.io/api/cosmos/staking/module/v1" + txconfigv1 "cosmossdk.io/api/cosmos/tx/config/v1" + upgrademodulev1 "cosmossdk.io/api/cosmos/upgrade/module/v1" + vestingmodulev1 "cosmossdk.io/api/cosmos/vesting/module/v1" + "cosmossdk.io/core/appconfig" + "cosmossdk.io/depinject" + _ "cosmossdk.io/x/circuit" // import for side-effects + circuittypes "cosmossdk.io/x/circuit/types" + _ "cosmossdk.io/x/evidence" // import for side-effects + evidencetypes "cosmossdk.io/x/evidence/types" + "cosmossdk.io/x/feegrant" + _ "cosmossdk.io/x/feegrant/module" // import for side-effects + "cosmossdk.io/x/nft" + _ "cosmossdk.io/x/nft/module" // import for side-effects + _ "cosmossdk.io/x/upgrade" // import for side-effects + upgradetypes "cosmossdk.io/x/upgrade/types" + "github.com/cosmos/cosmos-sdk/runtime" + "github.com/cosmos/cosmos-sdk/types/module" + _ "github.com/cosmos/cosmos-sdk/x/auth/tx/config" // import for side-effects + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + _ "github.com/cosmos/cosmos-sdk/x/auth/vesting" // import for side-effects + vestingtypes "github.com/cosmos/cosmos-sdk/x/auth/vesting/types" + "github.com/cosmos/cosmos-sdk/x/authz" + _ "github.com/cosmos/cosmos-sdk/x/authz/module" // import for side-effects + _ "github.com/cosmos/cosmos-sdk/x/bank" // import for side-effects + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" + _ "github.com/cosmos/cosmos-sdk/x/consensus" // import for side-effects + consensustypes "github.com/cosmos/cosmos-sdk/x/consensus/types" + _ "github.com/cosmos/cosmos-sdk/x/distribution" // import for side-effects + distrtypes "github.com/cosmos/cosmos-sdk/x/distribution/types" + _ "github.com/cosmos/cosmos-sdk/x/epochs" // import for side-effects + epochstypes "github.com/cosmos/cosmos-sdk/x/epochs/types" + "github.com/cosmos/cosmos-sdk/x/genutil" + genutiltypes "github.com/cosmos/cosmos-sdk/x/genutil/types" + "github.com/cosmos/cosmos-sdk/x/gov" + govclient "github.com/cosmos/cosmos-sdk/x/gov/client" + govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" + "github.com/cosmos/cosmos-sdk/x/group" + _ "github.com/cosmos/cosmos-sdk/x/group/module" // import for side-effects + _ "github.com/cosmos/cosmos-sdk/x/mint" // import for side-effects + minttypes "github.com/cosmos/cosmos-sdk/x/mint/types" + _ "github.com/cosmos/cosmos-sdk/x/protocolpool" // import for side-effects + protocolpooltypes "github.com/cosmos/cosmos-sdk/x/protocolpool/types" + _ "github.com/cosmos/cosmos-sdk/x/slashing" // import for side-effects + slashingtypes "github.com/cosmos/cosmos-sdk/x/slashing/types" + _ "github.com/cosmos/cosmos-sdk/x/staking" // import for side-effects + stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types" +) + +var ( + // module account permissions + moduleAccPerms = []*authmodulev1.ModuleAccountPermission{ + { + Account: authtypes.FeeCollectorName +}, + { + Account: distrtypes.ModuleName +}, + { + Account: minttypes.ModuleName, + Permissions: []string{ + authtypes.Minter +}}, + { + Account: stakingtypes.BondedPoolName, + Permissions: []string{ + authtypes.Burner, stakingtypes.ModuleName +}}, + { + Account: stakingtypes.NotBondedPoolName, + Permissions: []string{ + authtypes.Burner, stakingtypes.ModuleName +}}, + { + Account: govtypes.ModuleName, + Permissions: []string{ + authtypes.Burner +}}, + { + Account: nft.ModuleName +}, + { + Account: protocolpooltypes.ModuleName +}, + { + Account: protocolpooltypes.ProtocolPoolEscrowAccount +}, +} + + // blocked account addresses + blockAccAddrs = []string{ + authtypes.FeeCollectorName, + distrtypes.ModuleName, + minttypes.ModuleName, + stakingtypes.BondedPoolName, + stakingtypes.NotBondedPoolName, + nft.ModuleName, + // We allow the following module accounts to receive funds: + // govtypes.ModuleName +} + +ModuleConfig = []*appv1alpha1.ModuleConfig{ + { + Name: runtime.ModuleName, + Config: appconfig.WrapAny(&runtimev1alpha1.Module{ + AppName: "SimApp", + // NOTE: upgrade module is required to be prioritized + PreBlockers: []string{ + upgradetypes.ModuleName, + authtypes.ModuleName, +}, + // During begin block slashing happens after distr.BeginBlocker so that + // there is nothing left over in the validator fee pool, so as to keep the + // CanWithdrawInvariant invariant. + // NOTE: staking module is required if HistoricalEntries param > 0 + BeginBlockers: []string{ + minttypes.ModuleName, + distrtypes.ModuleName, + protocolpooltypes.ModuleName, + slashingtypes.ModuleName, + evidencetypes.ModuleName, + stakingtypes.ModuleName, + authz.ModuleName, + epochstypes.ModuleName, +}, + EndBlockers: []string{ + govtypes.ModuleName, + stakingtypes.ModuleName, + feegrant.ModuleName, + group.ModuleName, + protocolpooltypes.ModuleName, +}, + OverrideStoreKeys: []*runtimev1alpha1.StoreKeyConfig{ + { + ModuleName: authtypes.ModuleName, + KvStoreKey: "acc", +}, +}, + SkipStoreKeys: []string{ + "tx", +}, + // NOTE: The genutils module must occur after staking so that pools are + // properly initialized with tokens from genesis accounts. + // NOTE: The genutils module must also occur after auth so that it can access the params from auth. + InitGenesis: []string{ + authtypes.ModuleName, + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + nft.ModuleName, + group.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + circuittypes.ModuleName, + epochstypes.ModuleName, + protocolpooltypes.ModuleName, +}, + // When ExportGenesis is not specified, the export genesis module order + // is equal to the init genesis order + ExportGenesis: []string{ + consensustypes.ModuleName, + authtypes.ModuleName, + protocolpooltypes.ModuleName, // Must be exported before bank + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + nft.ModuleName, + group.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + circuittypes.ModuleName, + epochstypes.ModuleName, +}, + // Uncomment if you want to set a custom migration order here. + // OrderMigrations: []string{ +}, +}), +}, + { + Name: authtypes.ModuleName, + Config: appconfig.WrapAny(&authmodulev1.Module{ + Bech32Prefix: "cosmos", + ModuleAccountPermissions: moduleAccPerms, + // By default modules authority is the governance module. This is configurable with the following: + // Authority: "group", // A custom module authority can be set using a module name + // Authority: "cosmos1cwwv22j5ca08ggdv9c2uky355k908694z577tv", // or a specific address + EnableUnorderedTransactions: true, +}), +}, + { + Name: vestingtypes.ModuleName, + Config: appconfig.WrapAny(&vestingmodulev1.Module{ +}), +}, + { + Name: banktypes.ModuleName, + Config: appconfig.WrapAny(&bankmodulev1.Module{ + BlockedModuleAccountsOverride: blockAccAddrs, +}), +}, + { + Name: stakingtypes.ModuleName, + Config: appconfig.WrapAny(&stakingmodulev1.Module{ + // NOTE: specifying a prefix is only necessary when using bech32 addresses + // If not specfied, the auth Bech32Prefix appended with "valoper" and "valcons" is used by default + Bech32PrefixValidator: "cosmosvaloper", + Bech32PrefixConsensus: "cosmosvalcons", +}), +}, + { + Name: slashingtypes.ModuleName, + Config: appconfig.WrapAny(&slashingmodulev1.Module{ +}), +}, + { + Name: "tx", + Config: appconfig.WrapAny(&txconfigv1.Config{ + SkipAnteHandler: true, // Enable this to skip the default antehandlers and set custom ante handlers. +}), +}, + { + Name: genutiltypes.ModuleName, + Config: appconfig.WrapAny(&genutilmodulev1.Module{ +}), +}, + { + Name: authz.ModuleName, + Config: appconfig.WrapAny(&authzmodulev1.Module{ +}), +}, + { + Name: upgradetypes.ModuleName, + Config: appconfig.WrapAny(&upgrademodulev1.Module{ +}), +}, + { + Name: distrtypes.ModuleName, + Config: appconfig.WrapAny(&distrmodulev1.Module{ +}), +}, + { + Name: evidencetypes.ModuleName, + Config: appconfig.WrapAny(&evidencemodulev1.Module{ +}), +}, + { + Name: minttypes.ModuleName, + Config: appconfig.WrapAny(&mintmodulev1.Module{ +}), +}, + { + Name: group.ModuleName, + Config: appconfig.WrapAny(&groupmodulev1.Module{ + MaxExecutionPeriod: durationpb.New(time.Second * 1209600), + MaxMetadataLen: 255, +}), +}, + { + Name: nft.ModuleName, + Config: appconfig.WrapAny(&nftmodulev1.Module{ +}), +}, + { + Name: feegrant.ModuleName, + Config: appconfig.WrapAny(&feegrantmodulev1.Module{ +}), +}, + { + Name: govtypes.ModuleName, + Config: appconfig.WrapAny(&govmodulev1.Module{ +}), +}, + { + Name: consensustypes.ModuleName, + Config: appconfig.WrapAny(&consensusmodulev1.Module{ +}), +}, + { + Name: circuittypes.ModuleName, + Config: appconfig.WrapAny(&circuitmodulev1.Module{ +}), +}, + { + Name: epochstypes.ModuleName, + Config: appconfig.WrapAny(&epochsmodulev1.Module{ +}), +}, + { + Name: protocolpooltypes.ModuleName, + Config: appconfig.WrapAny(&protocolpoolmodulev1.Module{ +}), +}, +} + + // AppConfig is application configuration (used by depinject) + +AppConfig = depinject.Configs(appconfig.Compose(&appv1alpha1.Config{ + Modules: ModuleConfig, +}), + depinject.Supply( + // supply custom module basics + map[string]module.AppModuleBasic{ + genutiltypes.ModuleName: genutil.NewAppModuleBasic(genutiltypes.DefaultMessageValidator), + govtypes.ModuleName: gov.NewAppModuleBasic( + []govclient.ProposalHandler{ +}, + ), +}, + ), + ) +) +``` + +Additionally, the runtime package facilitates manual module registration through the `RegisterModules` method. This is the primary integration point for modules not registered via configuration. + + +Even when using manual registration, the module should still be configured in the `Module` message in AppConfig. + + +```go +func (a *App) + +RegisterModules(modules ...module.AppModule) + +error +``` + +The SDK recommends using the declarative approach with `depinject` for module registration whenever possible. + +### 3. Service Registration + +Runtime registers all [core services](https://pkg.go.dev/cosmossdk.io/core) required by modules. +These services include `store`, `event manager`, `context`, and `logger`. +Runtime ensures that services are scoped to their respective modules during the wiring process. + +```go expandable +package runtime + +import ( + + "fmt" + "os" + "slices" + "github.com/cosmos/gogoproto/proto" + "google.golang.org/protobuf/reflect/protodesc" + "google.golang.org/protobuf/reflect/protoregistry" + + runtimev1alpha1 "cosmossdk.io/api/cosmos/app/runtime/v1alpha1" + appv1alpha1 "cosmossdk.io/api/cosmos/app/v1alpha1" + authmodulev1 "cosmossdk.io/api/cosmos/auth/module/v1" + stakingmodulev1 "cosmossdk.io/api/cosmos/staking/module/v1" + "cosmossdk.io/core/address" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/core/comet" + "cosmossdk.io/core/event" + "cosmossdk.io/core/genesis" + "cosmossdk.io/core/header" + "cosmossdk.io/core/store" + "cosmossdk.io/depinject" + "cosmossdk.io/log" + storetypes "cosmossdk.io/store/types" + "cosmossdk.io/x/tx/signing" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/codec" + addresscodec "github.com/cosmos/cosmos-sdk/codec/address" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + "github.com/cosmos/cosmos-sdk/std" + "github.com/cosmos/cosmos-sdk/types/module" + "github.com/cosmos/cosmos-sdk/types/msgservice" +) + +type appModule struct { + app *App +} + +func (m appModule) + +RegisterServices(configurator module.Configurator) { + err := m.app.registerRuntimeServices(configurator) + if err != nil { + panic(err) +} +} + +func (m appModule) + +IsOnePerModuleType() { +} + +func (m appModule) + +IsAppModule() { +} + +var ( + _ appmodule.AppModule = appModule{ +} + _ module.HasServices = appModule{ +} +) + +// BaseAppOption is a depinject.AutoGroupType which can be used to pass +// BaseApp options into the depinject. It should be used carefully. +type BaseAppOption func(*baseapp.BaseApp) + +// IsManyPerContainerType indicates that this is a depinject.ManyPerContainerType. +func (b BaseAppOption) + +IsManyPerContainerType() { +} + +func init() { + appmodule.Register(&runtimev1alpha1.Module{ +}, + appmodule.Provide( + ProvideApp, + ProvideInterfaceRegistry, + ProvideKVStoreKey, + ProvideTransientStoreKey, + ProvideMemoryStoreKey, + ProvideGenesisTxHandler, + ProvideKVStoreService, + ProvideMemoryStoreService, + ProvideTransientStoreService, + ProvideEventService, + ProvideHeaderInfoService, + ProvideCometInfoService, + ProvideBasicManager, + ProvideAddressCodec, + ), + appmodule.Invoke(SetupAppBuilder), + ) +} + +func ProvideApp(interfaceRegistry codectypes.InterfaceRegistry) ( + codec.Codec, + *codec.LegacyAmino, + *AppBuilder, + *baseapp.MsgServiceRouter, + *baseapp.GRPCQueryRouter, + appmodule.AppModule, + protodesc.Resolver, + protoregistry.MessageTypeResolver, + error, +) { + protoFiles := proto.HybridResolver + protoTypes := protoregistry.GlobalTypes + + // At startup, check that all proto annotations are correct. + if err := msgservice.ValidateProtoAnnotations(protoFiles); err != nil { + // Once we switch to using protoreflect-based ante handlers, we might + // want to panic here instead of logging a warning. + _, _ = fmt.Fprintln(os.Stderr, err.Error()) +} + amino := codec.NewLegacyAmino() + +std.RegisterInterfaces(interfaceRegistry) + +std.RegisterLegacyAminoCodec(amino) + cdc := codec.NewProtoCodec(interfaceRegistry) + msgServiceRouter := baseapp.NewMsgServiceRouter() + grpcQueryRouter := baseapp.NewGRPCQueryRouter() + app := &App{ + storeKeys: nil, + interfaceRegistry: interfaceRegistry, + cdc: cdc, + amino: amino, + basicManager: module.BasicManager{ +}, + msgServiceRouter: msgServiceRouter, + grpcQueryRouter: grpcQueryRouter, +} + appBuilder := &AppBuilder{ + app +} + +return cdc, amino, appBuilder, msgServiceRouter, grpcQueryRouter, appModule{ + app +}, protoFiles, protoTypes, nil +} + +type AppInputs struct { + depinject.In + + AppConfig *appv1alpha1.Config `optional:"true"` + Config *runtimev1alpha1.Module + AppBuilder *AppBuilder + Modules map[string]appmodule.AppModule + CustomModuleBasics map[string]module.AppModuleBasic `optional:"true"` + BaseAppOptions []BaseAppOption + InterfaceRegistry codectypes.InterfaceRegistry + LegacyAmino *codec.LegacyAmino + Logger log.Logger +} + +func SetupAppBuilder(inputs AppInputs) { + app := inputs.AppBuilder.app + app.baseAppOptions = inputs.BaseAppOptions + app.config = inputs.Config + app.appConfig = inputs.AppConfig + app.logger = inputs.Logger + app.ModuleManager = module.NewManagerFromMap(inputs.Modules) + for name, mod := range inputs.Modules { + if customBasicMod, ok := inputs.CustomModuleBasics[name]; ok { + app.basicManager[name] = customBasicMod + customBasicMod.RegisterInterfaces(inputs.InterfaceRegistry) + +customBasicMod.RegisterLegacyAminoCodec(inputs.LegacyAmino) + +continue +} + coreAppModuleBasic := module.CoreAppModuleBasicAdaptor(name, mod) + +app.basicManager[name] = coreAppModuleBasic + coreAppModuleBasic.RegisterInterfaces(inputs.InterfaceRegistry) + +coreAppModuleBasic.RegisterLegacyAminoCodec(inputs.LegacyAmino) +} +} + +func ProvideInterfaceRegistry(addressCodec address.Codec, validatorAddressCodec ValidatorAddressCodec, customGetSigners []signing.CustomGetSigner) (codectypes.InterfaceRegistry, error) { + signingOptions := signing.Options{ + AddressCodec: addressCodec, + ValidatorAddressCodec: validatorAddressCodec, +} + for _, signer := range customGetSigners { + signingOptions.DefineCustomGetSigners(signer.MsgType, signer.Fn) +} + +interfaceRegistry, err := codectypes.NewInterfaceRegistryWithOptions(codectypes.InterfaceRegistryOptions{ + ProtoFiles: proto.HybridResolver, + SigningOptions: signingOptions, +}) + if err != nil { + return nil, err +} + if err := interfaceRegistry.SigningContext().Validate(); err != nil { + return nil, err +} + +return interfaceRegistry, nil +} + +func registerStoreKey(wrapper *AppBuilder, key storetypes.StoreKey) { + wrapper.app.storeKeys = append(wrapper.app.storeKeys, key) +} + +func storeKeyOverride(config *runtimev1alpha1.Module, moduleName string) *runtimev1alpha1.StoreKeyConfig { + for _, cfg := range config.OverrideStoreKeys { + if cfg.ModuleName == moduleName { + return cfg +} + +} + +return nil +} + +func ProvideKVStoreKey(config *runtimev1alpha1.Module, key depinject.ModuleKey, app *AppBuilder) *storetypes.KVStoreKey { + if slices.Contains(config.SkipStoreKeys, key.Name()) { + return nil +} + override := storeKeyOverride(config, key.Name()) + +var storeKeyName string + if override != nil { + storeKeyName = override.KvStoreKey +} + +else { + storeKeyName = key.Name() +} + storeKey := storetypes.NewKVStoreKey(storeKeyName) + +registerStoreKey(app, storeKey) + +return storeKey +} + +func ProvideTransientStoreKey(config *runtimev1alpha1.Module, key depinject.ModuleKey, app *AppBuilder) *storetypes.TransientStoreKey { + if slices.Contains(config.SkipStoreKeys, key.Name()) { + return nil +} + storeKey := storetypes.NewTransientStoreKey(fmt.Sprintf("transient:%s", key.Name())) + +registerStoreKey(app, storeKey) + +return storeKey +} + +func ProvideMemoryStoreKey(config *runtimev1alpha1.Module, key depinject.ModuleKey, app *AppBuilder) *storetypes.MemoryStoreKey { + if slices.Contains(config.SkipStoreKeys, key.Name()) { + return nil +} + storeKey := storetypes.NewMemoryStoreKey(fmt.Sprintf("memory:%s", key.Name())) + +registerStoreKey(app, storeKey) + +return storeKey +} + +func ProvideGenesisTxHandler(appBuilder *AppBuilder) + +genesis.TxHandler { + return appBuilder.app +} + +func ProvideKVStoreService(config *runtimev1alpha1.Module, key depinject.ModuleKey, app *AppBuilder) + +store.KVStoreService { + storeKey := ProvideKVStoreKey(config, key, app) + +return kvStoreService{ + key: storeKey +} +} + +func ProvideMemoryStoreService(config *runtimev1alpha1.Module, key depinject.ModuleKey, app *AppBuilder) + +store.MemoryStoreService { + storeKey := ProvideMemoryStoreKey(config, key, app) + +return memStoreService{ + key: storeKey +} +} + +func ProvideTransientStoreService(config *runtimev1alpha1.Module, key depinject.ModuleKey, app *AppBuilder) + +store.TransientStoreService { + storeKey := ProvideTransientStoreKey(config, key, app) + +return transientStoreService{ + key: storeKey +} +} + +func ProvideEventService() + +event.Service { + return EventService{ +} +} + +func ProvideCometInfoService() + +comet.BlockInfoService { + return cometInfoService{ +} +} + +func ProvideHeaderInfoService(app *AppBuilder) + +header.Service { + return headerInfoService{ +} +} + +func ProvideBasicManager(app *AppBuilder) + +module.BasicManager { + return app.app.basicManager +} + +type ( + // ValidatorAddressCodec is an alias for address.Codec for validator addresses. + ValidatorAddressCodec address.Codec + + // ConsensusAddressCodec is an alias for address.Codec for validator consensus addresses. + ConsensusAddressCodec address.Codec +) + +type AddressCodecInputs struct { + depinject.In + + AuthConfig *authmodulev1.Module `optional:"true"` + StakingConfig *stakingmodulev1.Module `optional:"true"` + + AddressCodecFactory func() + +address.Codec `optional:"true"` + ValidatorAddressCodecFactory func() + +ValidatorAddressCodec `optional:"true"` + ConsensusAddressCodecFactory func() + +ConsensusAddressCodec `optional:"true"` +} + +// ProvideAddressCodec provides an address.Codec to the container for any +// modules that want to do address string <> bytes conversion. +func ProvideAddressCodec(in AddressCodecInputs) (address.Codec, ValidatorAddressCodec, ConsensusAddressCodec) { + if in.AddressCodecFactory != nil && in.ValidatorAddressCodecFactory != nil && in.ConsensusAddressCodecFactory != nil { + return in.AddressCodecFactory(), in.ValidatorAddressCodecFactory(), in.ConsensusAddressCodecFactory() +} + if in.AuthConfig == nil || in.AuthConfig.Bech32Prefix == "" { + panic("auth config bech32 prefix cannot be empty if no custom address codec is provided") +} + if in.StakingConfig == nil { + in.StakingConfig = &stakingmodulev1.Module{ +} + +} + if in.StakingConfig.Bech32PrefixValidator == "" { + in.StakingConfig.Bech32PrefixValidator = fmt.Sprintf("%svaloper", in.AuthConfig.Bech32Prefix) +} + if in.StakingConfig.Bech32PrefixConsensus == "" { + in.StakingConfig.Bech32PrefixConsensus = fmt.Sprintf("%svalcons", in.AuthConfig.Bech32Prefix) +} + +return addresscodec.NewBech32Codec(in.AuthConfig.Bech32Prefix), + addresscodec.NewBech32Codec(in.StakingConfig.Bech32PrefixValidator), + addresscodec.NewBech32Codec(in.StakingConfig.Bech32PrefixConsensus) +} +``` + +Additionally, runtime provides automatic registration of other essential (i.e., gRPC routes) services available to the App: + +* AutoCLI Query Service +* Reflection Service +* Custom module services + +```go expandable +package runtime + +import ( + + "encoding/json" + "io" + + dbm "github.com/cosmos/cosmos-db" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/types/module" + "github.com/cosmos/cosmos-sdk/version" +) + +// AppBuilder is a type that is injected into a container by the runtime module +// (as *AppBuilder) + +which can be used to create an app which is compatible with +// the existing app.go initialization conventions. +type AppBuilder struct { + app *App +} + +// DefaultGenesis returns a default genesis from the registered AppModuleBasic's. +func (a *AppBuilder) + +DefaultGenesis() + +map[string]json.RawMessage { + return a.app.DefaultGenesis() +} + +// Build builds an *App instance. +func (a *AppBuilder) + +Build(db dbm.DB, traceStore io.Writer, baseAppOptions ...func(*baseapp.BaseApp)) *App { + for _, option := range a.app.baseAppOptions { + baseAppOptions = append(baseAppOptions, option) +} + + // set routers first in case they get modified by other options + baseAppOptions = append( + []func(*baseapp.BaseApp) { + func(bApp *baseapp.BaseApp) { + bApp.SetMsgServiceRouter(a.app.msgServiceRouter) + +bApp.SetGRPCQueryRouter(a.app.grpcQueryRouter) +}, +}, + baseAppOptions..., + ) + bApp := baseapp.NewBaseApp(a.app.config.AppName, a.app.logger, db, nil, baseAppOptions...) + +bApp.SetCommitMultiStoreTracer(traceStore) + +bApp.SetVersion(version.Version) + +bApp.SetInterfaceRegistry(a.app.interfaceRegistry) + +bApp.MountStores(a.app.storeKeys...) + +a.app.BaseApp = bApp + a.app.configurator = module.NewConfigurator(a.app.cdc, a.app.MsgServiceRouter(), a.app.GRPCQueryRouter()) + if err := a.app.ModuleManager.RegisterServices(a.app.configurator); err != nil { + panic(err) +} + +return a.app +} +``` + +### 4. Application Building + +The `AppBuilder` type provides a structured way to build applications: + +```go expandable +package runtime + +import ( + + "encoding/json" + "io" + + dbm "github.com/cosmos/cosmos-db" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/types/module" + "github.com/cosmos/cosmos-sdk/version" +) + +// AppBuilder is a type that is injected into a container by the runtime module +// (as *AppBuilder) + +which can be used to create an app which is compatible with +// the existing app.go initialization conventions. +type AppBuilder struct { + app *App +} + +// DefaultGenesis returns a default genesis from the registered AppModuleBasic's. +func (a *AppBuilder) + +DefaultGenesis() + +map[string]json.RawMessage { + return a.app.DefaultGenesis() +} + +// Build builds an *App instance. +func (a *AppBuilder) + +Build(db dbm.DB, traceStore io.Writer, baseAppOptions ...func(*baseapp.BaseApp)) *App { + for _, option := range a.app.baseAppOptions { + baseAppOptions = append(baseAppOptions, option) +} + + // set routers first in case they get modified by other options + baseAppOptions = append( + []func(*baseapp.BaseApp) { + func(bApp *baseapp.BaseApp) { + bApp.SetMsgServiceRouter(a.app.msgServiceRouter) + +bApp.SetGRPCQueryRouter(a.app.grpcQueryRouter) +}, +}, + baseAppOptions..., + ) + bApp := baseapp.NewBaseApp(a.app.config.AppName, a.app.logger, db, nil, baseAppOptions...) + +bApp.SetCommitMultiStoreTracer(traceStore) + +bApp.SetVersion(version.Version) + +bApp.SetInterfaceRegistry(a.app.interfaceRegistry) + +bApp.MountStores(a.app.storeKeys...) + +a.app.BaseApp = bApp + a.app.configurator = module.NewConfigurator(a.app.cdc, a.app.MsgServiceRouter(), a.app.GRPCQueryRouter()) + if err := a.app.ModuleManager.RegisterServices(a.app.configurator); err != nil { + panic(err) +} + +return a.app +} +``` + +Key building steps: + +1. Configuration loading +2. Module registration +3. Service setup +4. Store mounting +5. Router configuration + +An application only needs to call `AppBuilder.Build` to create a fully configured application (`runtime.App`). + +```go expandable +package runtime + +import ( + + "encoding/json" + "io" + + dbm "github.com/cosmos/cosmos-db" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/types/module" + "github.com/cosmos/cosmos-sdk/version" +) + +// AppBuilder is a type that is injected into a container by the runtime module +// (as *AppBuilder) + +which can be used to create an app which is compatible with +// the existing app.go initialization conventions. +type AppBuilder struct { + app *App +} + +// DefaultGenesis returns a default genesis from the registered AppModuleBasic's. +func (a *AppBuilder) + +DefaultGenesis() + +map[string]json.RawMessage { + return a.app.DefaultGenesis() +} + +// Build builds an *App instance. +func (a *AppBuilder) + +Build(db dbm.DB, traceStore io.Writer, baseAppOptions ...func(*baseapp.BaseApp)) *App { + for _, option := range a.app.baseAppOptions { + baseAppOptions = append(baseAppOptions, option) +} + + // set routers first in case they get modified by other options + baseAppOptions = append( + []func(*baseapp.BaseApp) { + func(bApp *baseapp.BaseApp) { + bApp.SetMsgServiceRouter(a.app.msgServiceRouter) + +bApp.SetGRPCQueryRouter(a.app.grpcQueryRouter) +}, +}, + baseAppOptions..., + ) + bApp := baseapp.NewBaseApp(a.app.config.AppName, a.app.logger, db, nil, baseAppOptions...) + +bApp.SetCommitMultiStoreTracer(traceStore) + +bApp.SetVersion(version.Version) + +bApp.SetInterfaceRegistry(a.app.interfaceRegistry) + +bApp.MountStores(a.app.storeKeys...) + +a.app.BaseApp = bApp + a.app.configurator = module.NewConfigurator(a.app.cdc, a.app.MsgServiceRouter(), a.app.GRPCQueryRouter()) + if err := a.app.ModuleManager.RegisterServices(a.app.configurator); err != nil { + panic(err) +} + +return a.app +} +``` + +More information on building applications can be found in the [next section](/docs/sdk/vnext/build/building-apps/app-building). + +## Best Practices + +1. **Module Order**: Carefully consider the order of modules in begin\_blockers, end\_blockers, and pre\_blockers. +2. **Store Keys**: Use override\_store\_keys only when necessary to maintain clarity +3. **Genesis Order**: Maintain correct initialization order in init\_genesis +4. **Migration Management**: Use order\_migrations to control upgrade paths + +### Migration Considerations + +When upgrading between versions: + +1. Review the migration order specified in `order_migrations` +2. Ensure all required modules are included in the configuration +3. Validate store key configurations +4. Test the upgrade path thoroughly diff --git a/docs/sdk/next/build/building-apps/vote-extensions.mdx b/docs/sdk/next/build/building-apps/vote-extensions.mdx new file mode 100644 index 00000000..d31ceca2 --- /dev/null +++ b/docs/sdk/next/build/building-apps/vote-extensions.mdx @@ -0,0 +1,185 @@ +--- +title: Vote Extensions +--- + +**Synopsis** +This section describes how the application can define and use vote extensions +defined in ABCI++. + + +## Extend Vote + +ABCI++ allows an application to extend a pre-commit vote with arbitrary data. This +process does NOT have to be deterministic, and the data returned can be unique to the +validator process. The Cosmos SDK defines `baseapp.ExtendVoteHandler`: + +```go +type ExtendVoteHandler func(Context, *abci.ExtendVoteRequest) (*abci.ExtendVoteResponse, error) +``` + +An application can set this handler in `app.go` via the `baseapp.SetExtendVoteHandler` +`BaseApp` option function. The `sdk.ExtendVoteHandler`, if defined, is called during +the `ExtendVote` ABCI method. Note, if an application decides to implement +`baseapp.ExtendVoteHandler`, it MUST return a non-nil `VoteExtension`. However, the vote +extension can be empty. See [here](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/spec/abci/abci++_methods.md#extendvote) +for more details. + +There are many decentralized censorship-resistant use cases for vote extensions. +For example, a validator may want to submit prices for a price oracle or encryption +shares for an encrypted transaction mempool. Note, an application should be careful +to consider the size of the vote extensions as they could increase latency in block +production. See [here](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/docs/qa/CometBFT-QA-38.md#vote-extensions-testbed) +for more details. + +## Verify Vote Extension + +Similar to extending a vote, an application can also verify vote extensions from +other validators when validating their pre-commits. For a given vote extension, +this process MUST be deterministic. The Cosmos SDK defines `sdk.VerifyVoteExtensionHandler`: + +```go expandable +package types + +import ( + + abci "github.com/cometbft/cometbft/abci/types" +) + +// InitChainer initializes application state at genesis +type InitChainer func(ctx Context, req *abci.RequestInitChain) (*abci.ResponseInitChain, error) + +// PrepareCheckStater runs code during commit after the block has been committed, and the `checkState` +// has been branched for the new block. +type PrepareCheckStater func(ctx Context) + +// Precommiter runs code during commit immediately before the `deliverState` is written to the `rootMultiStore`. +type Precommiter func(ctx Context) + +// PeerFilter responds to p2p filtering queries from Tendermint +type PeerFilter func(info string) *abci.ResponseQuery + +// ProcessProposalHandler defines a function type alias for processing a proposer +type ProcessProposalHandler func(Context, *abci.RequestProcessProposal) (*abci.ResponseProcessProposal, error) + +// PrepareProposalHandler defines a function type alias for preparing a proposal +type PrepareProposalHandler func(Context, *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) + +// ExtendVoteHandler defines a function type alias for extending a pre-commit vote. +type ExtendVoteHandler func(Context, *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) + +// VerifyVoteExtensionHandler defines a function type alias for verifying a +// pre-commit vote extension. +type VerifyVoteExtensionHandler func(Context, *abci.RequestVerifyVoteExtension) (*abci.ResponseVerifyVoteExtension, error) + +// BeginBlocker defines a function type alias for executing application +// business logic before transactions are executed. +// +// Note: The BeginBlock ABCI method no longer exists in the ABCI specification +// as of CometBFT v0.38.0. This function type alias is provided for backwards +// compatibility with applications that still use the BeginBlock ABCI method +// and allows for existing BeginBlock functionality within applications. +type BeginBlocker func(Context) (BeginBlock, error) + +// EndBlocker defines a function type alias for executing application +// business logic after transactions are executed but before committing. +// +// Note: The EndBlock ABCI method no longer exists in the ABCI specification +// as of CometBFT v0.38.0. This function type alias is provided for backwards +// compatibility with applications that still use the EndBlock ABCI method +// and allows for existing EndBlock functionality within applications. +type EndBlocker func(Context) (EndBlock, error) + +// EndBlock defines a type which contains endblock events and validator set updates +type EndBlock struct { + ValidatorUpdates []abci.ValidatorUpdate + Events []abci.Event +} + +// BeginBlock defines a type which contains beginBlock events +type BeginBlock struct { + Events []abci.Event +} +``` + +An application can set this handler in `app.go` via the `baseapp.SetVerifyVoteExtensionHandler` +`BaseApp` option function. The `sdk.VerifyVoteExtensionHandler`, if defined, is called +during the `VerifyVoteExtension` ABCI method. If an application defines a vote +extension handler, it should also define a verification handler. Note, not all +validators will share the same view of what vote extensions they verify depending +on how votes are propagated. See [here](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/spec/abci/abci++_methods.md#verifyvoteextension) +for more details. + +## Vote Extension Propagation + +The agreed upon vote extensions at height `H` are provided to the proposing validator +at height `H+1` during `PrepareProposal`. As a result, the vote extensions are +not natively provided or exposed to the remaining validators during `ProcessProposal`. +As a result, if an application requires that the agreed upon vote extensions from +height `H` are available to all validators at `H+1`, the application must propagate +these vote extensions manually in the block proposal itself. This can be done by +"injecting" them into the block proposal, since the `Txs` field in `PrepareProposal` +is just a slice of byte slices. + +`FinalizeBlock` will ignore any byte slice that doesn't implement an `sdk.Tx`, so +any injected vote extensions will safely be ignored in `FinalizeBlock`. For more +details on propagation, see the [ABCI++ 2.0 ADR](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-064-abci-2.0.md#vote-extension-propagation--verification). + +### Recovery of injected Vote Extensions + +As stated before, vote extensions can be injected into a block proposal (along with +other transactions in the `Txs` field). The Cosmos SDK provides a pre-FinalizeBlock +hook to allow applications to recover vote extensions, perform any necessary +computation on them, and then store the results in the cached store. These results +will be available to the application during the subsequent `FinalizeBlock` call. + +An example of how a pre-FinalizeBlock hook could look is shown below: + +```go expandable +app.SetPreBlocker(func(ctx sdk.Context, req *abci.FinalizeBlockRequest) + +error { + allVEs := []VE{ +} // store all parsed vote extensions here + for _, tx := range req.Txs { + // define a custom function that tries to parse the tx as a vote extension + ve, ok := parseVoteExtension(tx) + if !ok { + continue +} + +allVEs = append(allVEs, ve) +} + + // perform any necessary computation on the vote extensions and store the result + // in the cached store + result := compute(allVEs) + err := storeVEResult(ctx, result) + if err != nil { + return err +} + +return nil +}) +``` + +Then, in an app's module, the application can retrieve the result of the computation +of vote extensions from the cached store: + +```go expandable +func (k Keeper) + +BeginBlocker(ctx context.Context) + +error { + // retrieve the result of the computation of vote extensions from the cached store + result, err := k.GetVEResult(ctx) + if err != nil { + return err +} + + // use the result of the computation of vote extensions + k.setSomething(result) + +return nil +} +``` diff --git a/docs/sdk/next/build/building-modules/beginblock-endblock.mdx b/docs/sdk/next/build/building-modules/beginblock-endblock.mdx new file mode 100644 index 00000000..857c4e65 --- /dev/null +++ b/docs/sdk/next/build/building-modules/beginblock-endblock.mdx @@ -0,0 +1,112 @@ +--- +title: BeginBlocker and EndBlocker +--- + +**Synopsis** +`BeginBlocker` and `EndBlocker` are optional methods module developers can implement in their module. They will be triggered at the beginning and at the end of each block respectively, when the [`BeginBlock`](/docs/sdk/vnext/learn/advanced/baseapp#beginblock) and [`EndBlock`](/docs/sdk/vnext/learn/advanced/baseapp#endblock) ABCI messages are received from the underlying consensus engine. + + + +**Pre-requisite Readings** + +* [Module Manager](/docs/sdk/vnext/build/building-modules/module-manager) + + + +## BeginBlocker and EndBlocker + +`BeginBlocker` and `EndBlocker` are a way for module developers to add automatic execution of logic to their module. This is a powerful tool that should be used carefully, as complex automatic functions can slow down or even halt the chain. + +In 0.47.0, Prepare and Process Proposal were added that allow app developers to do arbitrary work at those phases, but they do not influence the work that will be done in BeginBlock. If an application requires `BeginBlock` to execute prior to any sort of work is done then this is not possible today (0.50.0). + +When needed, `BeginBlocker` and `EndBlocker` are implemented as part of the [`HasBeginBlocker`, `HasABCIEndBlocker` and `EndBlocker` interfaces](/docs/sdk/vnext/build/building-modules/module-manager#appmodule). This means either can be left-out if not required. The `BeginBlock` and `EndBlock` methods of the interface implemented in `module.go` generally defer to `BeginBlocker` and `EndBlocker` methods respectively, which are usually implemented in `abci.go`. + +The actual implementation of `BeginBlocker` and `EndBlocker` in `abci.go` is very similar to that of a [`Msg` service](/docs/sdk/vnext/build/building-modules/msg-services): + +* They generally use the [`keeper`](/docs/sdk/vnext/build/building-modules/keeper) and [`ctx`](/docs/sdk/vnext/learn/advanced/context) to retrieve information about the latest state. +* If needed, they use the `keeper` and `ctx` to trigger state-transitions. +* If needed, they can emit [`events`](/docs/sdk/vnext/learn/advanced/events) via the `ctx`'s `EventManager`. + +A specific type of `EndBlocker` is available to return validator updates to the underlying consensus engine in the form of an [`[]abci.ValidatorUpdates`](https://docs.cometbft.com/v0.37/spec/abci/abci++_methods#endblock). This is the preferred way to implement custom validator changes. + +It is possible for developers to define the order of execution between the `BeginBlocker`/`EndBlocker` functions of each of their application's modules via the module's manager `SetOrderBeginBlocker`/`SetOrderEndBlocker` methods. For more on the module manager, click [here](/docs/sdk/vnext/build/building-modules/module-manager#manager). + +See an example implementation of `BeginBlocker` from the `distribution` module: + +```go expandable +package distribution + +import ( + + "time" + "github.com/cosmos/cosmos-sdk/telemetry" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/x/distribution/keeper" + "github.com/cosmos/cosmos-sdk/x/distribution/types" +) + +// BeginBlocker sets the proposer for determining distribution during endblock +// and distribute rewards for the previous block. +func BeginBlocker(ctx sdk.Context, k keeper.Keeper) + +error { + defer telemetry.ModuleMeasureSince(types.ModuleName, time.Now(), telemetry.MetricKeyBeginBlocker) + + // determine the total power signing the block + var previousTotalPower int64 + for _, voteInfo := range ctx.VoteInfos() { + previousTotalPower += voteInfo.Validator.Power +} + + // TODO this is Tendermint-dependent + // ref https://github.com/cosmos/cosmos-sdk/issues/3095 + if ctx.BlockHeight() > 1 { + k.AllocateTokens(ctx, previousTotalPower, ctx.VoteInfos()) +} + + // record the proposer for when we payout on the next block + consAddr := sdk.ConsAddress(ctx.BlockHeader().ProposerAddress) + +k.SetPreviousProposerConsAddr(ctx, consAddr) + +return nil +} +``` + +and an example implementation of `EndBlocker` from the `staking` module: + +```go expandable +package keeper + +import ( + + "context" + "time" + + abci "github.com/cometbft/cometbft/abci/types" + "github.com/cosmos/cosmos-sdk/telemetry" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/x/staking/types" +) + +// BeginBlocker will persist the current header and validator set as a historical entry +// and prune the oldest entry based on the HistoricalEntries parameter +func (k *Keeper) + +BeginBlocker(ctx sdk.Context) { + defer telemetry.ModuleMeasureSince(types.ModuleName, time.Now(), telemetry.MetricKeyBeginBlocker) + +k.TrackHistoricalInfo(ctx) +} + +// Called every block, update validator set +func (k *Keeper) + +EndBlocker(ctx context.Context) ([]abci.ValidatorUpdate, error) { + defer telemetry.ModuleMeasureSince(types.ModuleName, time.Now(), telemetry.MetricKeyEndBlocker) + +return k.BlockValidatorUpdates(sdk.UnwrapSDKContext(ctx)), nil +} +``` + +{/* TODO: leaving this here to update docs with core api changes */} diff --git a/docs/sdk/next/build/building-modules/depinject.mdx b/docs/sdk/next/build/building-modules/depinject.mdx new file mode 100644 index 00000000..99f0950b --- /dev/null +++ b/docs/sdk/next/build/building-modules/depinject.mdx @@ -0,0 +1,3494 @@ +--- +title: Modules depinject-ready +--- + +**Pre-requisite Readings** + +* [Depinject Documentation](/docs/sdk/vnext/build/packages/depinject) + + + +[`depinject`](/docs/sdk/vnext/build/packages/depinject) is used to wire any module in `app.go`. +All core modules are already configured to support dependency injection. + +To work with `depinject` a module must define its configuration and requirements so that `depinject` can provide the right dependencies. + +In brief, as a module developer, the following steps are required: + +1. Define the module configuration using Protobuf +2. Define the module dependencies in `x/{moduleName}/module.go` + +A chain developer can then use the module by following these two steps: + +1. Configure the module in `app_config.go` or `app.yaml` +2. Inject the module in `app.go` + +## Module Configuration + +The module available configuration is defined in a Protobuf file, located at `{moduleName}/module/v1/module.proto`. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/group/module/v1/module.proto +``` + +* `go_import` must point to the Go package of the custom module. +* Message fields define the module configuration. + That configuration can be set in the `app_config.go` / `app.yaml` file for a chain developer to configure the module.\ + Taking `group` as an example, a chain developer is able to decide, thanks to `uint64 max_metadata_len`, what the maximum metadata length allowed for a group proposal is. + + ```go expandable + package simapp + + import ( + + "time" + "google.golang.org/protobuf/types/known/durationpb" + + runtimev1alpha1 "cosmossdk.io/api/cosmos/app/runtime/v1alpha1" + appv1alpha1 "cosmossdk.io/api/cosmos/app/v1alpha1" + authmodulev1 "cosmossdk.io/api/cosmos/auth/module/v1" + authzmodulev1 "cosmossdk.io/api/cosmos/authz/module/v1" + bankmodulev1 "cosmossdk.io/api/cosmos/bank/module/v1" + circuitmodulev1 "cosmossdk.io/api/cosmos/circuit/module/v1" + consensusmodulev1 "cosmossdk.io/api/cosmos/consensus/module/v1" + crisismodulev1 "cosmossdk.io/api/cosmos/crisis/module/v1" + distrmodulev1 "cosmossdk.io/api/cosmos/distribution/module/v1" + evidencemodulev1 "cosmossdk.io/api/cosmos/evidence/module/v1" + feegrantmodulev1 "cosmossdk.io/api/cosmos/feegrant/module/v1" + genutilmodulev1 "cosmossdk.io/api/cosmos/genutil/module/v1" + govmodulev1 "cosmossdk.io/api/cosmos/gov/module/v1" + groupmodulev1 "cosmossdk.io/api/cosmos/group/module/v1" + mintmodulev1 "cosmossdk.io/api/cosmos/mint/module/v1" + nftmodulev1 "cosmossdk.io/api/cosmos/nft/module/v1" + paramsmodulev1 "cosmossdk.io/api/cosmos/params/module/v1" + slashingmodulev1 "cosmossdk.io/api/cosmos/slashing/module/v1" + stakingmodulev1 "cosmossdk.io/api/cosmos/staking/module/v1" + txconfigv1 "cosmossdk.io/api/cosmos/tx/config/v1" + upgrademodulev1 "cosmossdk.io/api/cosmos/upgrade/module/v1" + vestingmodulev1 "cosmossdk.io/api/cosmos/vesting/module/v1" + "cosmossdk.io/depinject" + + _ "cosmossdk.io/x/circuit" // import for side-effects + _ "cosmossdk.io/x/evidence" // import for side-effects + _ "cosmossdk.io/x/feegrant/module" // import for side-effects + _ "cosmossdk.io/x/nft/module" // import for side-effects + _ "cosmossdk.io/x/upgrade" // import for side-effects + _ "github.com/cosmos/cosmos-sdk/x/auth/tx/config" // import for side-effects + _ "github.com/cosmos/cosmos-sdk/x/auth/vesting" // import for side-effects + _ "github.com/cosmos/cosmos-sdk/x/authz/module" // import for side-effects + _ "github.com/cosmos/cosmos-sdk/x/bank" // import for side-effects + _ "github.com/cosmos/cosmos-sdk/x/consensus" // import for side-effects + _ "github.com/cosmos/cosmos-sdk/x/crisis" // import for side-effects + _ "github.com/cosmos/cosmos-sdk/x/distribution" // import for side-effects + "github.com/cosmos/cosmos-sdk/x/genutil" + "github.com/cosmos/cosmos-sdk/x/gov" + _ "github.com/cosmos/cosmos-sdk/x/group/module" // import for side-effects + _ "github.com/cosmos/cosmos-sdk/x/mint" // import for side-effects + _ "github.com/cosmos/cosmos-sdk/x/params" // import for side-effects + _ "github.com/cosmos/cosmos-sdk/x/slashing" // import for side-effects + _ "github.com/cosmos/cosmos-sdk/x/staking" // import for side-effects + + "cosmossdk.io/core/appconfig" + circuittypes "cosmossdk.io/x/circuit/types" + evidencetypes "cosmossdk.io/x/evidence/types" + "cosmossdk.io/x/feegrant" + "cosmossdk.io/x/nft" + upgradetypes "cosmossdk.io/x/upgrade/types" + "github.com/cosmos/cosmos-sdk/runtime" + "github.com/cosmos/cosmos-sdk/types/module" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + vestingtypes "github.com/cosmos/cosmos-sdk/x/auth/vesting/types" + "github.com/cosmos/cosmos-sdk/x/authz" + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" + consensustypes "github.com/cosmos/cosmos-sdk/x/consensus/types" + crisistypes "github.com/cosmos/cosmos-sdk/x/crisis/types" + distrtypes "github.com/cosmos/cosmos-sdk/x/distribution/types" + genutiltypes "github.com/cosmos/cosmos-sdk/x/genutil/types" + govclient "github.com/cosmos/cosmos-sdk/x/gov/client" + govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" + "github.com/cosmos/cosmos-sdk/x/group" + minttypes "github.com/cosmos/cosmos-sdk/x/mint/types" + paramsclient "github.com/cosmos/cosmos-sdk/x/params/client" + paramstypes "github.com/cosmos/cosmos-sdk/x/params/types" + slashingtypes "github.com/cosmos/cosmos-sdk/x/slashing/types" + stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types" + ) + + var ( + // module account permissions + moduleAccPerms = []*authmodulev1.ModuleAccountPermission{ + { + Account: authtypes.FeeCollectorName + }, + { + Account: distrtypes.ModuleName + }, + { + Account: minttypes.ModuleName, + Permissions: []string{ + authtypes.Minter + }}, + { + Account: stakingtypes.BondedPoolName, + Permissions: []string{ + authtypes.Burner, stakingtypes.ModuleName + }}, + { + Account: stakingtypes.NotBondedPoolName, + Permissions: []string{ + authtypes.Burner, stakingtypes.ModuleName + }}, + { + Account: govtypes.ModuleName, + Permissions: []string{ + authtypes.Burner + }}, + { + Account: nft.ModuleName + }, + } + + // blocked account addresses + blockAccAddrs = []string{ + authtypes.FeeCollectorName, + distrtypes.ModuleName, + minttypes.ModuleName, + stakingtypes.BondedPoolName, + stakingtypes.NotBondedPoolName, + nft.ModuleName, + // We allow the following module accounts to receive funds: + // govtypes.ModuleName + } + + // application configuration (used by depinject) + + AppConfig = depinject.Configs(appconfig.Compose(&appv1alpha1.Config{ + Modules: []*appv1alpha1.ModuleConfig{ + { + Name: runtime.ModuleName, + Config: appconfig.WrapAny(&runtimev1alpha1.Module{ + AppName: "SimApp", + // During begin block slashing happens after distr.BeginBlocker so that + // there is nothing left over in the validator fee pool, so as to keep the + // CanWithdrawInvariant invariant. + // NOTE: staking module is required if HistoricalEntries param > 0 + BeginBlockers: []string{ + upgradetypes.ModuleName, + minttypes.ModuleName, + distrtypes.ModuleName, + slashingtypes.ModuleName, + evidencetypes.ModuleName, + stakingtypes.ModuleName, + genutiltypes.ModuleName, + authz.ModuleName, + }, + EndBlockers: []string{ + crisistypes.ModuleName, + govtypes.ModuleName, + stakingtypes.ModuleName, + genutiltypes.ModuleName, + feegrant.ModuleName, + group.ModuleName, + }, + OverrideStoreKeys: []*runtimev1alpha1.StoreKeyConfig{ + { + ModuleName: authtypes.ModuleName, + KvStoreKey: "acc", + }, + }, + // NOTE: The genutils module must occur after staking so that pools are + // properly initialized with tokens from genesis accounts. + // NOTE: The genutils module must also occur after auth so that it can access the params from auth. + InitGenesis: []string{ + authtypes.ModuleName, + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + crisistypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + nft.ModuleName, + group.ModuleName, + paramstypes.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + consensustypes.ModuleName, + circuittypes.ModuleName, + }, + // When ExportGenesis is not specified, the export genesis module order + // is equal to the init genesis order + // ExportGenesis: []string{ + }, + // Uncomment if you want to set a custom migration order here. + // OrderMigrations: []string{ + }, + }), + }, + { + Name: authtypes.ModuleName, + Config: appconfig.WrapAny(&authmodulev1.Module{ + Bech32Prefix: "cosmos", + ModuleAccountPermissions: moduleAccPerms, + // By default modules authority is the governance module. This is configurable with the following: + // Authority: "group", // A custom module authority can be set using a module name + // Authority: "cosmos1cwwv22j5ca08ggdv9c2uky355k908694z577tv", // or a specific address + }), + }, + { + Name: vestingtypes.ModuleName, + Config: appconfig.WrapAny(&vestingmodulev1.Module{ + }), + }, + { + Name: banktypes.ModuleName, + Config: appconfig.WrapAny(&bankmodulev1.Module{ + BlockedModuleAccountsOverride: blockAccAddrs, + }), + }, + { + Name: stakingtypes.ModuleName, + Config: appconfig.WrapAny(&stakingmodulev1.Module{ + }), + }, + { + Name: slashingtypes.ModuleName, + Config: appconfig.WrapAny(&slashingmodulev1.Module{ + }), + }, + { + Name: paramstypes.ModuleName, + Config: appconfig.WrapAny(¶msmodulev1.Module{ + }), + }, + { + Name: "tx", + Config: appconfig.WrapAny(&txconfigv1.Config{ + }), + }, + { + Name: genutiltypes.ModuleName, + Config: appconfig.WrapAny(&genutilmodulev1.Module{ + }), + }, + { + Name: authz.ModuleName, + Config: appconfig.WrapAny(&authzmodulev1.Module{ + }), + }, + { + Name: upgradetypes.ModuleName, + Config: appconfig.WrapAny(&upgrademodulev1.Module{ + }), + }, + { + Name: distrtypes.ModuleName, + Config: appconfig.WrapAny(&distrmodulev1.Module{ + }), + }, + { + Name: evidencetypes.ModuleName, + Config: appconfig.WrapAny(&evidencemodulev1.Module{ + }), + }, + { + Name: minttypes.ModuleName, + Config: appconfig.WrapAny(&mintmodulev1.Module{ + }), + }, + { + Name: group.ModuleName, + Config: appconfig.WrapAny(&groupmodulev1.Module{ + MaxExecutionPeriod: durationpb.New(time.Second * 1209600), + MaxMetadataLen: 255, + }), + }, + { + Name: nft.ModuleName, + Config: appconfig.WrapAny(&nftmodulev1.Module{ + }), + }, + { + Name: feegrant.ModuleName, + Config: appconfig.WrapAny(&feegrantmodulev1.Module{ + }), + }, + { + Name: govtypes.ModuleName, + Config: appconfig.WrapAny(&govmodulev1.Module{ + }), + }, + { + Name: crisistypes.ModuleName, + Config: appconfig.WrapAny(&crisismodulev1.Module{ + }), + }, + { + Name: consensustypes.ModuleName, + Config: appconfig.WrapAny(&consensusmodulev1.Module{ + }), + }, + { + Name: circuittypes.ModuleName, + Config: appconfig.WrapAny(&circuitmodulev1.Module{ + }), + }, + }, + }), + depinject.Supply( + // supply custom module basics + map[string]module.AppModuleBasic{ + genutiltypes.ModuleName: genutil.NewAppModuleBasic(genutiltypes.DefaultMessageValidator), + govtypes.ModuleName: gov.NewAppModuleBasic( + []govclient.ProposalHandler{ + paramsclient.ProposalHandler, + }, + ), + }, + )) + ) + ``` + +That message is generated using [`pulsar`](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/scripts/protocgen-pulsar.sh) (by running `make proto-gen`). +In the case of the `group` module, this file is generated here: [Link](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/api/cosmos/group/module/v1/module.pulsar.go). + +The part that is relevant for the module configuration is: + +```go expandable +// Code generated by protoc-gen-go-pulsar. DO NOT EDIT. +package modulev1 + +import ( + + _ "cosmossdk.io/api/amino" + _ "cosmossdk.io/api/cosmos/app/v1alpha1" + fmt "fmt" + runtime "github.com/cosmos/cosmos-proto/runtime" + _ "github.com/cosmos/gogoproto/gogoproto" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoiface "google.golang.org/protobuf/runtime/protoiface" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + durationpb "google.golang.org/protobuf/types/known/durationpb" + io "io" + reflect "reflect" + sync "sync" +) + +var ( + md_Module protoreflect.MessageDescriptor + fd_Module_max_execution_period protoreflect.FieldDescriptor + fd_Module_max_metadata_len protoreflect.FieldDescriptor +) + +func init() { + file_cosmos_group_module_v1_module_proto_init() + +md_Module = File_cosmos_group_module_v1_module_proto.Messages().ByName("Module") + +fd_Module_max_execution_period = md_Module.Fields().ByName("max_execution_period") + +fd_Module_max_metadata_len = md_Module.Fields().ByName("max_metadata_len") +} + +var _ protoreflect.Message = (*fastReflection_Module)(nil) + +type fastReflection_Module Module + +func (x *Module) + +ProtoReflect() + +protoreflect.Message { + return (*fastReflection_Module)(x) +} + +func (x *Module) + +slowProtoReflect() + +protoreflect.Message { + mi := &file_cosmos_group_module_v1_module_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) +} + +return ms +} + +return mi.MessageOf(x) +} + +var _fastReflection_Module_messageType fastReflection_Module_messageType +var _ protoreflect.MessageType = fastReflection_Module_messageType{ +} + +type fastReflection_Module_messageType struct{ +} + +func (x fastReflection_Module_messageType) + +Zero() + +protoreflect.Message { + return (*fastReflection_Module)(nil) +} + +func (x fastReflection_Module_messageType) + +New() + +protoreflect.Message { + return new(fastReflection_Module) +} + +func (x fastReflection_Module_messageType) + +Descriptor() + +protoreflect.MessageDescriptor { + return md_Module +} + +// Descriptor returns message descriptor, which contains only the protobuf +// type information for the message. +func (x *fastReflection_Module) + +Descriptor() + +protoreflect.MessageDescriptor { + return md_Module +} + +// Type returns the message type, which encapsulates both Go and protobuf +// type information. If the Go type information is not needed, +// it is recommended that the message descriptor be used instead. +func (x *fastReflection_Module) + +Type() + +protoreflect.MessageType { + return _fastReflection_Module_messageType +} + +// New returns a newly allocated and mutable empty message. +func (x *fastReflection_Module) + +New() + +protoreflect.Message { + return new(fastReflection_Module) +} + +// Interface unwraps the message reflection interface and +// returns the underlying ProtoMessage interface. +func (x *fastReflection_Module) + +Interface() + +protoreflect.ProtoMessage { + return (*Module)(x) +} + +// Range iterates over every populated field in an undefined order, +// calling f for each field descriptor and value encountered. +// Range returns immediately if f returns false. +// While iterating, mutating operations may only be performed +// on the current field descriptor. +func (x *fastReflection_Module) + +Range(f func(protoreflect.FieldDescriptor, protoreflect.Value) + +bool) { + if x.MaxExecutionPeriod != nil { + value := protoreflect.ValueOfMessage(x.MaxExecutionPeriod.ProtoReflect()) + if !f(fd_Module_max_execution_period, value) { + return +} + +} + if x.MaxMetadataLen != uint64(0) { + value := protoreflect.ValueOfUint64(x.MaxMetadataLen) + if !f(fd_Module_max_metadata_len, value) { + return +} + +} +} + +// Has reports whether a field is populated. +// +// Some fields have the property of nullability where it is possible to +// distinguish between the default value of a field and whether the field +// was explicitly populated with the default value. Singular message fields, +// member fields of a oneof, and proto2 scalar fields are nullable. Such +// fields are populated only if explicitly set. +// +// In other cases (aside from the nullable cases above), +// a proto3 scalar field is populated if it contains a non-zero value, and +// a repeated field is populated if it is non-empty. +func (x *fastReflection_Module) + +Has(fd protoreflect.FieldDescriptor) + +bool { + switch fd.FullName() { + case "cosmos.group.module.v1.Module.max_execution_period": + return x.MaxExecutionPeriod != nil + case "cosmos.group.module.v1.Module.max_metadata_len": + return x.MaxMetadataLen != uint64(0) + +default: + if fd.IsExtension() { + panic(fmt.Errorf("proto3 declared messages do not support extensions: cosmos.group.module.v1.Module")) +} + +panic(fmt.Errorf("message cosmos.group.module.v1.Module does not contain field %s", fd.FullName())) +} +} + +// Clear clears the field such that a subsequent Has call reports false. +// +// Clearing an extension field clears both the extension type and value +// associated with the given field number. +// +// Clear is a mutating operation and unsafe for concurrent use. +func (x *fastReflection_Module) + +Clear(fd protoreflect.FieldDescriptor) { + switch fd.FullName() { + case "cosmos.group.module.v1.Module.max_execution_period": + x.MaxExecutionPeriod = nil + case "cosmos.group.module.v1.Module.max_metadata_len": + x.MaxMetadataLen = uint64(0) + +default: + if fd.IsExtension() { + panic(fmt.Errorf("proto3 declared messages do not support extensions: cosmos.group.module.v1.Module")) +} + +panic(fmt.Errorf("message cosmos.group.module.v1.Module does not contain field %s", fd.FullName())) +} +} + +// Get retrieves the value for a field. +// +// For unpopulated scalars, it returns the default value, where +// the default value of a bytes scalar is guaranteed to be a copy. +// For unpopulated composite types, it returns an empty, read-only view +// of the value; to obtain a mutable reference, use Mutable. +func (x *fastReflection_Module) + +Get(descriptor protoreflect.FieldDescriptor) + +protoreflect.Value { + switch descriptor.FullName() { + case "cosmos.group.module.v1.Module.max_execution_period": + value := x.MaxExecutionPeriod + return protoreflect.ValueOfMessage(value.ProtoReflect()) + case "cosmos.group.module.v1.Module.max_metadata_len": + value := x.MaxMetadataLen + return protoreflect.ValueOfUint64(value) + +default: + if descriptor.IsExtension() { + panic(fmt.Errorf("proto3 declared messages do not support extensions: cosmos.group.module.v1.Module")) +} + +panic(fmt.Errorf("message cosmos.group.module.v1.Module does not contain field %s", descriptor.FullName())) +} +} + +// Set stores the value for a field. +// +// For a field belonging to a oneof, it implicitly clears any other field +// that may be currently set within the same oneof. +// For extension fields, it implicitly stores the provided ExtensionType. +// When setting a composite type, it is unspecified whether the stored value +// aliases the source's memory in any way. If the composite value is an +// empty, read-only value, then it panics. +// +// Set is a mutating operation and unsafe for concurrent use. +func (x *fastReflection_Module) + +Set(fd protoreflect.FieldDescriptor, value protoreflect.Value) { + switch fd.FullName() { + case "cosmos.group.module.v1.Module.max_execution_period": + x.MaxExecutionPeriod = value.Message().Interface().(*durationpb.Duration) + case "cosmos.group.module.v1.Module.max_metadata_len": + x.MaxMetadataLen = value.Uint() + +default: + if fd.IsExtension() { + panic(fmt.Errorf("proto3 declared messages do not support extensions: cosmos.group.module.v1.Module")) +} + +panic(fmt.Errorf("message cosmos.group.module.v1.Module does not contain field %s", fd.FullName())) +} +} + +// Mutable returns a mutable reference to a composite type. +// +// If the field is unpopulated, it may allocate a composite value. +// For a field belonging to a oneof, it implicitly clears any other field +// that may be currently set within the same oneof. +// For extension fields, it implicitly stores the provided ExtensionType +// if not already stored. +// It panics if the field does not contain a composite type. +// +// Mutable is a mutating operation and unsafe for concurrent use. +func (x *fastReflection_Module) + +Mutable(fd protoreflect.FieldDescriptor) + +protoreflect.Value { + switch fd.FullName() { + case "cosmos.group.module.v1.Module.max_execution_period": + if x.MaxExecutionPeriod == nil { + x.MaxExecutionPeriod = new(durationpb.Duration) +} + +return protoreflect.ValueOfMessage(x.MaxExecutionPeriod.ProtoReflect()) + case "cosmos.group.module.v1.Module.max_metadata_len": + panic(fmt.Errorf("field max_metadata_len of message cosmos.group.module.v1.Module is not mutable")) + +default: + if fd.IsExtension() { + panic(fmt.Errorf("proto3 declared messages do not support extensions: cosmos.group.module.v1.Module")) +} + +panic(fmt.Errorf("message cosmos.group.module.v1.Module does not contain field %s", fd.FullName())) +} +} + +// NewField returns a new value that is assignable to the field +// for the given descriptor. For scalars, this returns the default value. +// For lists, maps, and messages, this returns a new, empty, mutable value. +func (x *fastReflection_Module) + +NewField(fd protoreflect.FieldDescriptor) + +protoreflect.Value { + switch fd.FullName() { + case "cosmos.group.module.v1.Module.max_execution_period": + m := new(durationpb.Duration) + +return protoreflect.ValueOfMessage(m.ProtoReflect()) + case "cosmos.group.module.v1.Module.max_metadata_len": + return protoreflect.ValueOfUint64(uint64(0)) + +default: + if fd.IsExtension() { + panic(fmt.Errorf("proto3 declared messages do not support extensions: cosmos.group.module.v1.Module")) +} + +panic(fmt.Errorf("message cosmos.group.module.v1.Module does not contain field %s", fd.FullName())) +} +} + +// WhichOneof reports which field within the oneof is populated, +// returning nil if none are populated. +// It panics if the oneof descriptor does not belong to this message. +func (x *fastReflection_Module) + +WhichOneof(d protoreflect.OneofDescriptor) + +protoreflect.FieldDescriptor { + switch d.FullName() { + default: + panic(fmt.Errorf("%s is not a oneof field in cosmos.group.module.v1.Module", d.FullName())) +} + +panic("unreachable") +} + +// GetUnknown retrieves the entire list of unknown fields. +// The caller may only mutate the contents of the RawFields +// if the mutated bytes are stored back into the message with SetUnknown. +func (x *fastReflection_Module) + +GetUnknown() + +protoreflect.RawFields { + return x.unknownFields +} + +// SetUnknown stores an entire list of unknown fields. +// The raw fields must be syntactically valid according to the wire format. +// An implementation may panic if this is not the case. +// Once stored, the caller must not mutate the content of the RawFields. +// An empty RawFields may be passed to clear the fields. +// +// SetUnknown is a mutating operation and unsafe for concurrent use. +func (x *fastReflection_Module) + +SetUnknown(fields protoreflect.RawFields) { + x.unknownFields = fields +} + +// IsValid reports whether the message is valid. +// +// An invalid message is an empty, read-only value. +// +// An invalid message often corresponds to a nil pointer of the concrete +// message type, but the details are implementation dependent. +// Validity is not part of the protobuf data model, and may not +// be preserved in marshaling or other operations. +func (x *fastReflection_Module) + +IsValid() + +bool { + return x != nil +} + +// ProtoMethods returns optional fastReflectionFeature-path implementations of various operations. +// This method may return nil. +// +// The returned methods type is identical to +// "google.golang.org/protobuf/runtime/protoiface".Methods. +// Consult the protoiface package documentation for details. +func (x *fastReflection_Module) + +ProtoMethods() *protoiface.Methods { + size := func(input protoiface.SizeInput) + +protoiface.SizeOutput { + x := input.Message.Interface().(*Module) + if x == nil { + return protoiface.SizeOutput{ + NoUnkeyedLiterals: input.NoUnkeyedLiterals, + Size: 0, +} + +} + options := runtime.SizeInputToOptions(input) + _ = options + var n int + var l int + _ = l + if x.MaxExecutionPeriod != nil { + l = options.Size(x.MaxExecutionPeriod) + +n += 1 + l + runtime.Sov(uint64(l)) +} + if x.MaxMetadataLen != 0 { + n += 1 + runtime.Sov(uint64(x.MaxMetadataLen)) +} + if x.unknownFields != nil { + n += len(x.unknownFields) +} + +return protoiface.SizeOutput{ + NoUnkeyedLiterals: input.NoUnkeyedLiterals, + Size: n, +} + +} + marshal := func(input protoiface.MarshalInput) (protoiface.MarshalOutput, error) { + x := input.Message.Interface().(*Module) + if x == nil { + return protoiface.MarshalOutput{ + NoUnkeyedLiterals: input.NoUnkeyedLiterals, + Buf: input.Buf, +}, nil +} + options := runtime.MarshalInputToOptions(input) + _ = options + size := options.Size(x) + dAtA := make([]byte, size) + i := len(dAtA) + _ = i + var l int + _ = l + if x.unknownFields != nil { + i -= len(x.unknownFields) + +copy(dAtA[i:], x.unknownFields) +} + if x.MaxMetadataLen != 0 { + i = runtime.EncodeVarint(dAtA, i, uint64(x.MaxMetadataLen)) + +i-- + dAtA[i] = 0x10 +} + if x.MaxExecutionPeriod != nil { + encoded, err := options.Marshal(x.MaxExecutionPeriod) + if err != nil { + return protoiface.MarshalOutput{ + NoUnkeyedLiterals: input.NoUnkeyedLiterals, + Buf: input.Buf, +}, err +} + +i -= len(encoded) + +copy(dAtA[i:], encoded) + +i = runtime.EncodeVarint(dAtA, i, uint64(len(encoded))) + +i-- + dAtA[i] = 0xa +} + if input.Buf != nil { + input.Buf = append(input.Buf, dAtA...) +} + +else { + input.Buf = dAtA +} + +return protoiface.MarshalOutput{ + NoUnkeyedLiterals: input.NoUnkeyedLiterals, + Buf: input.Buf, +}, nil +} + unmarshal := func(input protoiface.UnmarshalInput) (protoiface.UnmarshalOutput, error) { + x := input.Message.Interface().(*Module) + if x == nil { + return protoiface.UnmarshalOutput{ + NoUnkeyedLiterals: input.NoUnkeyedLiterals, + Flags: input.Flags, +}, nil +} + options := runtime.UnmarshalInputToOptions(input) + _ = options + dAtA := input.Buf + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protoiface.UnmarshalOutput{ + NoUnkeyedLiterals: input.NoUnkeyedLiterals, + Flags: input.Flags +}, runtime.ErrIntOverflow +} + if iNdEx >= l { + return protoiface.UnmarshalOutput{ + NoUnkeyedLiterals: input.NoUnkeyedLiterals, + Flags: input.Flags +}, io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break +} + +} + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return protoiface.UnmarshalOutput{ + NoUnkeyedLiterals: input.NoUnkeyedLiterals, + Flags: input.Flags +}, fmt.Errorf("proto: Module: wiretype end group for non-group") +} + if fieldNum <= 0 { + return protoiface.UnmarshalOutput{ + NoUnkeyedLiterals: input.NoUnkeyedLiterals, + Flags: input.Flags +}, fmt.Errorf("proto: Module: illegal tag %d (wire type %d)", fieldNum, wire) +} + switch fieldNum { + case 1: + if wireType != 2 { + return protoiface.UnmarshalOutput{ + NoUnkeyedLiterals: input.NoUnkeyedLiterals, + Flags: input.Flags +}, fmt.Errorf("proto: wrong wireType = %d for field MaxExecutionPeriod", wireType) +} + +var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protoiface.UnmarshalOutput{ + NoUnkeyedLiterals: input.NoUnkeyedLiterals, + Flags: input.Flags +}, runtime.ErrIntOverflow +} + if iNdEx >= l { + return protoiface.UnmarshalOutput{ + NoUnkeyedLiterals: input.NoUnkeyedLiterals, + Flags: input.Flags +}, io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break +} + +} + if msglen < 0 { + return protoiface.UnmarshalOutput{ + NoUnkeyedLiterals: input.NoUnkeyedLiterals, + Flags: input.Flags +}, runtime.ErrInvalidLength +} + postIndex := iNdEx + msglen + if postIndex < 0 { + return protoiface.UnmarshalOutput{ + NoUnkeyedLiterals: input.NoUnkeyedLiterals, + Flags: input.Flags +}, runtime.ErrInvalidLength +} + if postIndex > l { + return protoiface.UnmarshalOutput{ + NoUnkeyedLiterals: input.NoUnkeyedLiterals, + Flags: input.Flags +}, io.ErrUnexpectedEOF +} + if x.MaxExecutionPeriod == nil { + x.MaxExecutionPeriod = &durationpb.Duration{ +} + +} + if err := options.Unmarshal(dAtA[iNdEx:postIndex], x.MaxExecutionPeriod); err != nil { + return protoiface.UnmarshalOutput{ + NoUnkeyedLiterals: input.NoUnkeyedLiterals, + Flags: input.Flags +}, err +} + +iNdEx = postIndex + case 2: + if wireType != 0 { + return protoiface.UnmarshalOutput{ + NoUnkeyedLiterals: input.NoUnkeyedLiterals, + Flags: input.Flags +}, fmt.Errorf("proto: wrong wireType = %d for field MaxMetadataLen", wireType) +} + +x.MaxMetadataLen = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protoiface.UnmarshalOutput{ + NoUnkeyedLiterals: input.NoUnkeyedLiterals, + Flags: input.Flags +}, runtime.ErrIntOverflow +} + if iNdEx >= l { + return protoiface.UnmarshalOutput{ + NoUnkeyedLiterals: input.NoUnkeyedLiterals, + Flags: input.Flags +}, io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + x.MaxMetadataLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break +} + +} + +default: + iNdEx = preIndex + skippy, err := runtime.Skip(dAtA[iNdEx:]) + if err != nil { + return protoiface.UnmarshalOutput{ + NoUnkeyedLiterals: input.NoUnkeyedLiterals, + Flags: input.Flags +}, err +} + if (skippy < 0) || (iNdEx+skippy) < 0 { + return protoiface.UnmarshalOutput{ + NoUnkeyedLiterals: input.NoUnkeyedLiterals, + Flags: input.Flags +}, runtime.ErrInvalidLength +} + if (iNdEx + skippy) > l { + return protoiface.UnmarshalOutput{ + NoUnkeyedLiterals: input.NoUnkeyedLiterals, + Flags: input.Flags +}, io.ErrUnexpectedEOF +} + if !options.DiscardUnknown { + x.unknownFields = append(x.unknownFields, dAtA[iNdEx:iNdEx+skippy]...) +} + +iNdEx += skippy +} + +} + if iNdEx > l { + return protoiface.UnmarshalOutput{ + NoUnkeyedLiterals: input.NoUnkeyedLiterals, + Flags: input.Flags +}, io.ErrUnexpectedEOF +} + +return protoiface.UnmarshalOutput{ + NoUnkeyedLiterals: input.NoUnkeyedLiterals, + Flags: input.Flags +}, nil +} + +return &protoiface.Methods{ + NoUnkeyedLiterals: struct{ +}{ +}, + Flags: protoiface.SupportMarshalDeterministic | protoiface.SupportUnmarshalDiscardUnknown, + Size: size, + Marshal: marshal, + Unmarshal: unmarshal, + Merge: nil, + CheckInitialized: nil, +} +} + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.27.0 +// protoc (unknown) +// source: cosmos/group/module/v1/module.proto + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// Module is the config object of the group module. +type Module struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // max_execution_period defines the max duration after a proposal's voting period ends that members can send a MsgExec + // to execute the proposal. + MaxExecutionPeriod *durationpb.Duration `protobuf:"bytes,1,opt,name=max_execution_period,json=maxExecutionPeriod,proto3" json:"max_execution_period,omitempty"` + // max_metadata_len defines the max length of the metadata bytes field for various entities within the group module. + // Defaults to 255 if not explicitly set. + MaxMetadataLen uint64 `protobuf:"varint,2,opt,name=max_metadata_len,json=maxMetadataLen,proto3" json:"max_metadata_len,omitempty"` +} + +func (x *Module) + +Reset() { + *x = Module{ +} + if protoimpl.UnsafeEnabled { + mi := &file_cosmos_group_module_v1_module_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + +ms.StoreMessageInfo(mi) +} +} + +func (x *Module) + +String() + +string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Module) + +ProtoMessage() { +} + +// Deprecated: Use Module.ProtoReflect.Descriptor instead. +func (*Module) + +Descriptor() ([]byte, []int) { + return file_cosmos_group_module_v1_module_proto_rawDescGZIP(), []int{0 +} +} + +func (x *Module) + +GetMaxExecutionPeriod() *durationpb.Duration { + if x != nil { + return x.MaxExecutionPeriod +} + +return nil +} + +func (x *Module) + +GetMaxMetadataLen() + +uint64 { + if x != nil { + return x.MaxMetadataLen +} + +return 0 +} + +var File_cosmos_group_module_v1_module_proto protoreflect.FileDescriptor + +var file_cosmos_group_module_v1_module_proto_rawDesc = []byte{ + 0x0a, 0x23, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2f, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x2f, 0x6d, + 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x2f, 0x76, 0x31, 0x2f, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x16, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x67, 0x72, + 0x6f, 0x75, 0x70, 0x2e, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x1a, 0x20, 0x63, + 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2f, 0x61, 0x70, 0x70, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x31, 0x2f, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, + 0x14, 0x67, 0x6f, 0x67, 0x6f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x67, 0x6f, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x11, 0x61, 0x6d, 0x69, 0x6e, 0x6f, 0x2f, 0x61, 0x6d, 0x69, + 0x6e, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xbc, 0x01, 0x0a, 0x06, 0x4d, 0x6f, 0x64, + 0x75, 0x6c, 0x65, 0x12, 0x5a, 0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, 0x65, 0x78, 0x65, 0x63, 0x75, + 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x0d, 0xc8, 0xde, + 0x1f, 0x00, 0x98, 0xdf, 0x1f, 0x01, 0xa8, 0xe7, 0xb0, 0x2a, 0x01, 0x52, 0x12, 0x6d, 0x61, 0x78, + 0x45, 0x78, 0x65, 0x63, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x12, + 0x28, 0x0a, 0x10, 0x6d, 0x61, 0x78, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x5f, + 0x6c, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0e, 0x6d, 0x61, 0x78, 0x4d, 0x65, + 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4c, 0x65, 0x6e, 0x3a, 0x2c, 0xba, 0xc0, 0x96, 0xda, 0x01, + 0x26, 0x0a, 0x24, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, + 0x73, 0x6d, 0x6f, 0x73, 0x2f, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2d, 0x73, 0x64, 0x6b, 0x2f, + 0x78, 0x2f, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x42, 0xd6, 0x01, 0x0a, 0x1a, 0x63, 0x6f, 0x6d, 0x2e, + 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x6d, 0x6f, 0x64, + 0x75, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x42, 0x0b, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x50, 0x72, + 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x30, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x73, 0x64, 0x6b, + 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2f, 0x67, + 0x72, 0x6f, 0x75, 0x70, 0x2f, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x2f, 0x76, 0x31, 0x3b, 0x6d, + 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x76, 0x31, 0xa2, 0x02, 0x03, 0x43, 0x47, 0x4d, 0xaa, 0x02, 0x16, + 0x43, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4d, 0x6f, 0x64, + 0x75, 0x6c, 0x65, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x16, 0x43, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x5c, + 0x47, 0x72, 0x6f, 0x75, 0x70, 0x5c, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x5c, 0x56, 0x31, 0xe2, + 0x02, 0x22, 0x43, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x5c, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x5c, 0x4d, + 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x5c, 0x56, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, + 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x19, 0x43, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x3a, 0x3a, 0x47, + 0x72, 0x6f, 0x75, 0x70, 0x3a, 0x3a, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x3a, 0x3a, 0x56, 0x31, + 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_cosmos_group_module_v1_module_proto_rawDescOnce sync.Once + file_cosmos_group_module_v1_module_proto_rawDescData = file_cosmos_group_module_v1_module_proto_rawDesc +) + +func file_cosmos_group_module_v1_module_proto_rawDescGZIP() []byte { + file_cosmos_group_module_v1_module_proto_rawDescOnce.Do(func() { + file_cosmos_group_module_v1_module_proto_rawDescData = protoimpl.X.CompressGZIP(file_cosmos_group_module_v1_module_proto_rawDescData) +}) + +return file_cosmos_group_module_v1_module_proto_rawDescData +} + +var file_cosmos_group_module_v1_module_proto_msgTypes = make([]protoimpl.MessageInfo, 1) + +var file_cosmos_group_module_v1_module_proto_goTypes = []interface{ +}{ + (*Module)(nil), // 0: cosmos.group.module.v1.Module + (*durationpb.Duration)(nil), // 1: google.protobuf.Duration +} + +var file_cosmos_group_module_v1_module_proto_depIdxs = []int32{ + 1, // 0: cosmos.group.module.v1.Module.max_execution_period:type_name -> google.protobuf.Duration + 1, // [1:1] is the sub-list for method output_type + 1, // [1:1] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { + file_cosmos_group_module_v1_module_proto_init() +} + +func file_cosmos_group_module_v1_module_proto_init() { + if File_cosmos_group_module_v1_module_proto != nil { + return +} + if !protoimpl.UnsafeEnabled { + file_cosmos_group_module_v1_module_proto_msgTypes[0].Exporter = func(v interface{ +}, i int) + +interface{ +} { + switch v := v.(*Module); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil +} + +} + +} + +type x struct{ +} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{ +}).PkgPath(), + RawDescriptor: file_cosmos_group_module_v1_module_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, +}, + GoTypes: file_cosmos_group_module_v1_module_proto_goTypes, + DependencyIndexes: file_cosmos_group_module_v1_module_proto_depIdxs, + MessageInfos: file_cosmos_group_module_v1_module_proto_msgTypes, +}.Build() + +File_cosmos_group_module_v1_module_proto = out.File + file_cosmos_group_module_v1_module_proto_rawDesc = nil + file_cosmos_group_module_v1_module_proto_goTypes = nil + file_cosmos_group_module_v1_module_proto_depIdxs = nil +} +``` + + +Pulsar is optional. The official [`protoc-gen-go`](https://developers.google.com/protocol-buffers/docs/reference/go-generated) can be used as well. + + +## Dependency Definition + +Once the configuration proto is defined, the module's `module.go` must define what dependencies are required by the module. +The boilerplate is similar for all modules. + + +All methods, structs and their fields must be public for `depinject`. + + +1. Import the module configuration generated package: + + ```go expandable + package module + + import ( + + "context" + "encoding/json" + "fmt" + + abci "github.com/cometbft/cometbft/abci/types" + gwruntime "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/spf13/cobra" + + modulev1 "cosmossdk.io/api/cosmos/group/module/v1" + "cosmossdk.io/core/address" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/depinject" + + store "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/baseapp" + sdkclient "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + cdctypes "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/module" + simtypes "github.com/cosmos/cosmos-sdk/types/simulation" + "github.com/cosmos/cosmos-sdk/x/group" + "github.com/cosmos/cosmos-sdk/x/group/client/cli" + "github.com/cosmos/cosmos-sdk/x/group/keeper" + "github.com/cosmos/cosmos-sdk/x/group/simulation" + ) + + // ConsensusVersion defines the current x/group module consensus version. + const ConsensusVersion = 2 + + var ( + _ module.AppModuleBasic = AppModuleBasic{ + } + _ module.AppModuleSimulation = AppModule{ + } + ) + + type AppModule struct { + AppModuleBasic + keeper keeper.Keeper + bankKeeper group.BankKeeper + accKeeper group.AccountKeeper + registry cdctypes.InterfaceRegistry + } + + // NewAppModule creates a new AppModule object + func NewAppModule(cdc codec.Codec, keeper keeper.Keeper, ak group.AccountKeeper, bk group.BankKeeper, registry cdctypes.InterfaceRegistry) + + AppModule { + return AppModule{ + AppModuleBasic: AppModuleBasic{ + cdc: cdc, ac: ak.AddressCodec() + }, + keeper: keeper, + bankKeeper: bk, + accKeeper: ak, + registry: registry, + } + } + + var ( + _ appmodule.AppModule = AppModule{ + } + _ appmodule.HasEndBlocker = AppModule{ + } + ) + + // IsOnePerModuleType implements the depinject.OnePerModuleType interface. + func (am AppModule) + + IsOnePerModuleType() { + } + + // IsAppModule implements the appmodule.AppModule interface. + func (am AppModule) + + IsAppModule() { + } + + type AppModuleBasic struct { + cdc codec.Codec + ac address.Codec + } + + // Name returns the group module's name. + func (AppModuleBasic) + + Name() + + string { + return group.ModuleName + } + + // DefaultGenesis returns default genesis state as raw bytes for the group + // module. + func (AppModuleBasic) + + DefaultGenesis(cdc codec.JSONCodec) + + json.RawMessage { + return cdc.MustMarshalJSON(group.NewGenesisState()) + } + + // ValidateGenesis performs genesis state validation for the group module. + func (AppModuleBasic) + + ValidateGenesis(cdc codec.JSONCodec, config sdkclient.TxEncodingConfig, bz json.RawMessage) + + error { + var data group.GenesisState + if err := cdc.UnmarshalJSON(bz, &data); err != nil { + return fmt.Errorf("failed to unmarshal %s genesis state: %w", group.ModuleName, err) + } + + return data.Validate() + } + + // GetQueryCmd returns the cli query commands for the group module + func (a AppModuleBasic) + + GetQueryCmd() *cobra.Command { + return cli.QueryCmd(a.Name()) + } + + // GetTxCmd returns the transaction commands for the group module + func (a AppModuleBasic) + + GetTxCmd() *cobra.Command { + return cli.TxCmd(a.Name(), a.ac) + } + + // RegisterGRPCGatewayRoutes registers the gRPC Gateway routes for the group module. + func (a AppModuleBasic) + + RegisterGRPCGatewayRoutes(clientCtx sdkclient.Context, mux *gwruntime.ServeMux) { + if err := group.RegisterQueryHandlerClient(context.Background(), mux, group.NewQueryClient(clientCtx)); err != nil { + panic(err) + } + } + + // RegisterInterfaces registers the group module's interface types + func (AppModuleBasic) + + RegisterInterfaces(registry cdctypes.InterfaceRegistry) { + group.RegisterInterfaces(registry) + } + + // RegisterLegacyAminoCodec registers the group module's types for the given codec. + func (AppModuleBasic) + + RegisterLegacyAminoCodec(cdc *codec.LegacyAmino) { + group.RegisterLegacyAminoCodec(cdc) + } + + // Name returns the group module's name. + func (AppModule) + + Name() + + string { + return group.ModuleName + } + + // RegisterInvariants does nothing, there are no invariants to enforce + func (am AppModule) + + RegisterInvariants(ir sdk.InvariantRegistry) { + keeper.RegisterInvariants(ir, am.keeper) + } + + // InitGenesis performs genesis initialization for the group module. It returns + // no validator updates. + func (am AppModule) + + InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, data json.RawMessage) []abci.ValidatorUpdate { + am.keeper.InitGenesis(ctx, cdc, data) + + return []abci.ValidatorUpdate{ + } + } + + // ExportGenesis returns the exported genesis state as raw bytes for the group + // module. + func (am AppModule) + + ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec) + + json.RawMessage { + gs := am.keeper.ExportGenesis(ctx, cdc) + + return cdc.MustMarshalJSON(gs) + } + + // RegisterServices registers a gRPC query service to respond to the + // module-specific gRPC queries. + func (am AppModule) + + RegisterServices(cfg module.Configurator) { + group.RegisterMsgServer(cfg.MsgServer(), am.keeper) + + group.RegisterQueryServer(cfg.QueryServer(), am.keeper) + m := keeper.NewMigrator(am.keeper) + if err := cfg.RegisterMigration(group.ModuleName, 1, m.Migrate1to2); err != nil { + panic(fmt.Sprintf("failed to migrate x/%s from version 1 to 2: %v", group.ModuleName, err)) + } + } + + // ConsensusVersion implements AppModule/ConsensusVersion. + func (AppModule) + + ConsensusVersion() + + uint64 { + return ConsensusVersion + } + + // EndBlock implements the group module's EndBlock. + func (am AppModule) + + EndBlock(ctx context.Context) + + error { + c := sdk.UnwrapSDKContext(ctx) + + return EndBlocker(c, am.keeper) + } + + // ____________________________________________________________________________ + + // AppModuleSimulation functions + + // GenerateGenesisState creates a randomized GenState of the group module. + func (AppModule) + + GenerateGenesisState(simState *module.SimulationState) { + simulation.RandomizedGenState(simState) + } + + // RegisterStoreDecoder registers a decoder for group module's types + func (am AppModule) + + RegisterStoreDecoder(sdr simtypes.StoreDecoderRegistry) { + sdr[group.StoreKey] = simulation.NewDecodeStore(am.cdc) + } + + // WeightedOperations returns the all the gov module operations with their respective weights. + func (am AppModule) + + WeightedOperations(simState module.SimulationState) []simtypes.WeightedOperation { + return simulation.WeightedOperations( + am.registry, + simState.AppParams, simState.Cdc, simState.TxConfig, + am.accKeeper, am.bankKeeper, am.keeper, am.cdc, + ) + } + + // + // App Wiring Setup + // + + func init() { + appmodule.Register( + &modulev1.Module{ + }, + appmodule.Provide(ProvideModule), + ) + } + + type GroupInputs struct { + depinject.In + + Config *modulev1.Module + Key *store.KVStoreKey + Cdc codec.Codec + AccountKeeper group.AccountKeeper + BankKeeper group.BankKeeper + Registry cdctypes.InterfaceRegistry + MsgServiceRouter baseapp.MessageRouter + } + + type GroupOutputs struct { + depinject.Out + + GroupKeeper keeper.Keeper + Module appmodule.AppModule + } + + func ProvideModule(in GroupInputs) + + GroupOutputs { + /* + Example of setting group params: + in.Config.MaxMetadataLen = 1000 + in.Config.MaxExecutionPeriod = "1209600s" + */ + k := keeper.NewKeeper(in.Key, in.Cdc, in.MsgServiceRouter, in.AccountKeeper, group.Config{ + MaxExecutionPeriod: in.Config.MaxExecutionPeriod.AsDuration(), + MaxMetadataLen: in.Config.MaxMetadataLen + }) + m := NewAppModule(in.Cdc, k, in.AccountKeeper, in.BankKeeper, in.Registry) + + return GroupOutputs{ + GroupKeeper: k, + Module: m + } + } + ``` + + Define an `init()` function for defining the `providers` of the module configuration:\ + This registers the module configuration message and the wiring of the module. + + ```go expandable + package module + + import ( + + "context" + "encoding/json" + "fmt" + + abci "github.com/cometbft/cometbft/abci/types" + gwruntime "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/spf13/cobra" + + modulev1 "cosmossdk.io/api/cosmos/group/module/v1" + "cosmossdk.io/core/address" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/depinject" + + store "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/baseapp" + sdkclient "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + cdctypes "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/module" + simtypes "github.com/cosmos/cosmos-sdk/types/simulation" + "github.com/cosmos/cosmos-sdk/x/group" + "github.com/cosmos/cosmos-sdk/x/group/client/cli" + "github.com/cosmos/cosmos-sdk/x/group/keeper" + "github.com/cosmos/cosmos-sdk/x/group/simulation" + ) + + // ConsensusVersion defines the current x/group module consensus version. + const ConsensusVersion = 2 + + var ( + _ module.AppModuleBasic = AppModuleBasic{ + } + _ module.AppModuleSimulation = AppModule{ + } + ) + + type AppModule struct { + AppModuleBasic + keeper keeper.Keeper + bankKeeper group.BankKeeper + accKeeper group.AccountKeeper + registry cdctypes.InterfaceRegistry + } + + // NewAppModule creates a new AppModule object + func NewAppModule(cdc codec.Codec, keeper keeper.Keeper, ak group.AccountKeeper, bk group.BankKeeper, registry cdctypes.InterfaceRegistry) + + AppModule { + return AppModule{ + AppModuleBasic: AppModuleBasic{ + cdc: cdc, ac: ak.AddressCodec() + }, + keeper: keeper, + bankKeeper: bk, + accKeeper: ak, + registry: registry, + } + } + + var ( + _ appmodule.AppModule = AppModule{ + } + _ appmodule.HasEndBlocker = AppModule{ + } + ) + + // IsOnePerModuleType implements the depinject.OnePerModuleType interface. + func (am AppModule) + + IsOnePerModuleType() { + } + + // IsAppModule implements the appmodule.AppModule interface. + func (am AppModule) + + IsAppModule() { + } + + type AppModuleBasic struct { + cdc codec.Codec + ac address.Codec + } + + // Name returns the group module's name. + func (AppModuleBasic) + + Name() + + string { + return group.ModuleName + } + + // DefaultGenesis returns default genesis state as raw bytes for the group + // module. + func (AppModuleBasic) + + DefaultGenesis(cdc codec.JSONCodec) + + json.RawMessage { + return cdc.MustMarshalJSON(group.NewGenesisState()) + } + + // ValidateGenesis performs genesis state validation for the group module. + func (AppModuleBasic) + + ValidateGenesis(cdc codec.JSONCodec, config sdkclient.TxEncodingConfig, bz json.RawMessage) + + error { + var data group.GenesisState + if err := cdc.UnmarshalJSON(bz, &data); err != nil { + return fmt.Errorf("failed to unmarshal %s genesis state: %w", group.ModuleName, err) + } + + return data.Validate() + } + + // GetQueryCmd returns the cli query commands for the group module + func (a AppModuleBasic) + + GetQueryCmd() *cobra.Command { + return cli.QueryCmd(a.Name()) + } + + // GetTxCmd returns the transaction commands for the group module + func (a AppModuleBasic) + + GetTxCmd() *cobra.Command { + return cli.TxCmd(a.Name(), a.ac) + } + + // RegisterGRPCGatewayRoutes registers the gRPC Gateway routes for the group module. + func (a AppModuleBasic) + + RegisterGRPCGatewayRoutes(clientCtx sdkclient.Context, mux *gwruntime.ServeMux) { + if err := group.RegisterQueryHandlerClient(context.Background(), mux, group.NewQueryClient(clientCtx)); err != nil { + panic(err) + } + } + + // RegisterInterfaces registers the group module's interface types + func (AppModuleBasic) + + RegisterInterfaces(registry cdctypes.InterfaceRegistry) { + group.RegisterInterfaces(registry) + } + + // RegisterLegacyAminoCodec registers the group module's types for the given codec. + func (AppModuleBasic) + + RegisterLegacyAminoCodec(cdc *codec.LegacyAmino) { + group.RegisterLegacyAminoCodec(cdc) + } + + // Name returns the group module's name. + func (AppModule) + + Name() + + string { + return group.ModuleName + } + + // RegisterInvariants does nothing, there are no invariants to enforce + func (am AppModule) + + RegisterInvariants(ir sdk.InvariantRegistry) { + keeper.RegisterInvariants(ir, am.keeper) + } + + // InitGenesis performs genesis initialization for the group module. It returns + // no validator updates. + func (am AppModule) + + InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, data json.RawMessage) []abci.ValidatorUpdate { + am.keeper.InitGenesis(ctx, cdc, data) + + return []abci.ValidatorUpdate{ + } + } + + // ExportGenesis returns the exported genesis state as raw bytes for the group + // module. + func (am AppModule) + + ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec) + + json.RawMessage { + gs := am.keeper.ExportGenesis(ctx, cdc) + + return cdc.MustMarshalJSON(gs) + } + + // RegisterServices registers a gRPC query service to respond to the + // module-specific gRPC queries. + func (am AppModule) + + RegisterServices(cfg module.Configurator) { + group.RegisterMsgServer(cfg.MsgServer(), am.keeper) + + group.RegisterQueryServer(cfg.QueryServer(), am.keeper) + m := keeper.NewMigrator(am.keeper) + if err := cfg.RegisterMigration(group.ModuleName, 1, m.Migrate1to2); err != nil { + panic(fmt.Sprintf("failed to migrate x/%s from version 1 to 2: %v", group.ModuleName, err)) + } + } + + // ConsensusVersion implements AppModule/ConsensusVersion. + func (AppModule) + + ConsensusVersion() + + uint64 { + return ConsensusVersion + } + + // EndBlock implements the group module's EndBlock. + func (am AppModule) + + EndBlock(ctx context.Context) + + error { + c := sdk.UnwrapSDKContext(ctx) + + return EndBlocker(c, am.keeper) + } + + // ____________________________________________________________________________ + + // AppModuleSimulation functions + + // GenerateGenesisState creates a randomized GenState of the group module. + func (AppModule) + + GenerateGenesisState(simState *module.SimulationState) { + simulation.RandomizedGenState(simState) + } + + // RegisterStoreDecoder registers a decoder for group module's types + func (am AppModule) + + RegisterStoreDecoder(sdr simtypes.StoreDecoderRegistry) { + sdr[group.StoreKey] = simulation.NewDecodeStore(am.cdc) + } + + // WeightedOperations returns the all the gov module operations with their respective weights. + func (am AppModule) + + WeightedOperations(simState module.SimulationState) []simtypes.WeightedOperation { + return simulation.WeightedOperations( + am.registry, + simState.AppParams, simState.Cdc, simState.TxConfig, + am.accKeeper, am.bankKeeper, am.keeper, am.cdc, + ) + } + + // + // App Wiring Setup + // + + func init() { + appmodule.Register( + &modulev1.Module{ + }, + appmodule.Provide(ProvideModule), + ) + } + + type GroupInputs struct { + depinject.In + + Config *modulev1.Module + Key *store.KVStoreKey + Cdc codec.Codec + AccountKeeper group.AccountKeeper + BankKeeper group.BankKeeper + Registry cdctypes.InterfaceRegistry + MsgServiceRouter baseapp.MessageRouter + } + + type GroupOutputs struct { + depinject.Out + + GroupKeeper keeper.Keeper + Module appmodule.AppModule + } + + func ProvideModule(in GroupInputs) + + GroupOutputs { + /* + Example of setting group params: + in.Config.MaxMetadataLen = 1000 + in.Config.MaxExecutionPeriod = "1209600s" + */ + k := keeper.NewKeeper(in.Key, in.Cdc, in.MsgServiceRouter, in.AccountKeeper, group.Config{ + MaxExecutionPeriod: in.Config.MaxExecutionPeriod.AsDuration(), + MaxMetadataLen: in.Config.MaxMetadataLen + }) + m := NewAppModule(in.Cdc, k, in.AccountKeeper, in.BankKeeper, in.Registry) + + return GroupOutputs{ + GroupKeeper: k, + Module: m + } + } + ``` + +2. Ensure that the module implements the `appmodule.AppModule` interface: + + ```go expandable + package module + + import ( + + "context" + "encoding/json" + "fmt" + + abci "github.com/cometbft/cometbft/abci/types" + gwruntime "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/spf13/cobra" + + modulev1 "cosmossdk.io/api/cosmos/group/module/v1" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/depinject" + "github.com/cosmos/cosmos-sdk/baseapp" + sdkclient "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + cdctypes "github.com/cosmos/cosmos-sdk/codec/types" + store "github.com/cosmos/cosmos-sdk/store/types" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/module" + simtypes "github.com/cosmos/cosmos-sdk/types/simulation" + "github.com/cosmos/cosmos-sdk/x/group" + "github.com/cosmos/cosmos-sdk/x/group/client/cli" + "github.com/cosmos/cosmos-sdk/x/group/keeper" + "github.com/cosmos/cosmos-sdk/x/group/simulation" + ) + + // ConsensusVersion defines the current x/group module consensus version. + const ConsensusVersion = 2 + + var ( + _ module.EndBlockAppModule = AppModule{ + } + _ module.AppModuleBasic = AppModuleBasic{ + } + _ module.AppModuleSimulation = AppModule{ + } + ) + + type AppModule struct { + AppModuleBasic + keeper keeper.Keeper + bankKeeper group.BankKeeper + accKeeper group.AccountKeeper + registry cdctypes.InterfaceRegistry + } + + // NewAppModule creates a new AppModule object + func NewAppModule(cdc codec.Codec, keeper keeper.Keeper, ak group.AccountKeeper, bk group.BankKeeper, registry cdctypes.InterfaceRegistry) + + AppModule { + return AppModule{ + AppModuleBasic: AppModuleBasic{ + cdc: cdc + }, + keeper: keeper, + bankKeeper: bk, + accKeeper: ak, + registry: registry, + } + } + + var _ appmodule.AppModule = AppModule{ + } + + // IsOnePerModuleType implements the depinject.OnePerModuleType interface. + func (am AppModule) + + IsOnePerModuleType() { + } + + // IsAppModule implements the appmodule.AppModule interface. + func (am AppModule) + + IsAppModule() { + } + + type AppModuleBasic struct { + cdc codec.Codec + } + + // Name returns the group module's name. + func (AppModuleBasic) + + Name() + + string { + return group.ModuleName + } + + // DefaultGenesis returns default genesis state as raw bytes for the group + // module. + func (AppModuleBasic) + + DefaultGenesis(cdc codec.JSONCodec) + + json.RawMessage { + return cdc.MustMarshalJSON(group.NewGenesisState()) + } + + // ValidateGenesis performs genesis state validation for the group module. + func (AppModuleBasic) + + ValidateGenesis(cdc codec.JSONCodec, config sdkclient.TxEncodingConfig, bz json.RawMessage) + + error { + var data group.GenesisState + if err := cdc.UnmarshalJSON(bz, &data); err != nil { + return fmt.Errorf("failed to unmarshal %s genesis state: %w", group.ModuleName, err) + } + + return data.Validate() + } + + // GetQueryCmd returns the cli query commands for the group module + func (a AppModuleBasic) + + GetQueryCmd() *cobra.Command { + return cli.QueryCmd(a.Name()) + } + + // GetTxCmd returns the transaction commands for the group module + func (a AppModuleBasic) + + GetTxCmd() *cobra.Command { + return cli.TxCmd(a.Name()) + } + + // RegisterGRPCGatewayRoutes registers the gRPC Gateway routes for the group module. + func (a AppModuleBasic) + + RegisterGRPCGatewayRoutes(clientCtx sdkclient.Context, mux *gwruntime.ServeMux) { + if err := group.RegisterQueryHandlerClient(context.Background(), mux, group.NewQueryClient(clientCtx)); err != nil { + panic(err) + } + } + + // RegisterInterfaces registers the group module's interface types + func (AppModuleBasic) + + RegisterInterfaces(registry cdctypes.InterfaceRegistry) { + group.RegisterInterfaces(registry) + } + + // RegisterLegacyAminoCodec registers the group module's types for the given codec. + func (AppModuleBasic) + + RegisterLegacyAminoCodec(cdc *codec.LegacyAmino) { + group.RegisterLegacyAminoCodec(cdc) + } + + // Name returns the group module's name. + func (AppModule) + + Name() + + string { + return group.ModuleName + } + + // RegisterInvariants does nothing, there are no invariants to enforce + func (am AppModule) + + RegisterInvariants(ir sdk.InvariantRegistry) { + keeper.RegisterInvariants(ir, am.keeper) + } + + func (am AppModule) + + NewHandler() + + sdk.Handler { + return nil + } + + // InitGenesis performs genesis initialization for the group module. It returns + // no validator updates. + func (am AppModule) + + InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, data json.RawMessage) []abci.ValidatorUpdate { + am.keeper.InitGenesis(ctx, cdc, data) + + return []abci.ValidatorUpdate{ + } + } + + // ExportGenesis returns the exported genesis state as raw bytes for the group + // module. + func (am AppModule) + + ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec) + + json.RawMessage { + gs := am.keeper.ExportGenesis(ctx, cdc) + + return cdc.MustMarshalJSON(gs) + } + + // RegisterServices registers a gRPC query service to respond to the + // module-specific gRPC queries. + func (am AppModule) + + RegisterServices(cfg module.Configurator) { + group.RegisterMsgServer(cfg.MsgServer(), am.keeper) + + group.RegisterQueryServer(cfg.QueryServer(), am.keeper) + m := keeper.NewMigrator(am.keeper) + if err := cfg.RegisterMigration(group.ModuleName, 1, m.Migrate1to2); err != nil { + panic(fmt.Sprintf("failed to migrate x/%s from version 1 to 2: %v", group.ModuleName, err)) + } + } + + // ConsensusVersion implements AppModule/ConsensusVersion. + func (AppModule) + + ConsensusVersion() + + uint64 { + return ConsensusVersion + } + + // EndBlock implements the group module's EndBlock. + func (am AppModule) + + EndBlock(ctx sdk.Context, _ abci.RequestEndBlock) []abci.ValidatorUpdate { + EndBlocker(ctx, am.keeper) + + return []abci.ValidatorUpdate{ + } + } + + // ____________________________________________________________________________ + + // AppModuleSimulation functions + + // GenerateGenesisState creates a randomized GenState of the group module. + func (AppModule) + + GenerateGenesisState(simState *module.SimulationState) { + simulation.RandomizedGenState(simState) + } + + // RegisterStoreDecoder registers a decoder for group module's types + func (am AppModule) + + RegisterStoreDecoder(sdr sdk.StoreDecoderRegistry) { + sdr[group.StoreKey] = simulation.NewDecodeStore(am.cdc) + } + + // WeightedOperations returns the all the gov module operations with their respective weights. + func (am AppModule) + + WeightedOperations(simState module.SimulationState) []simtypes.WeightedOperation { + return simulation.WeightedOperations( + am.registry, + simState.AppParams, simState.Cdc, + am.accKeeper, am.bankKeeper, am.keeper, am.cdc, + ) + } + + // + // App Wiring Setup + // + + func init() { + appmodule.Register( + &modulev1.Module{ + }, + appmodule.Provide(ProvideModule), + ) + } + + type GroupInputs struct { + depinject.In + + Config *modulev1.Module + Key *store.KVStoreKey + Cdc codec.Codec + AccountKeeper group.AccountKeeper + BankKeeper group.BankKeeper + Registry cdctypes.InterfaceRegistry + MsgServiceRouter *baseapp.MsgServiceRouter + } + + type GroupOutputs struct { + depinject.Out + + GroupKeeper keeper.Keeper + Module appmodule.AppModule + } + + func ProvideModule(in GroupInputs) + + GroupOutputs { + /* + Example of setting group params: + in.Config.MaxMetadataLen = 1000 + in.Config.MaxExecutionPeriod = "1209600s" + */ + k := keeper.NewKeeper(in.Key, in.Cdc, in.MsgServiceRouter, in.AccountKeeper, group.Config{ + MaxExecutionPeriod: in.Config.MaxExecutionPeriod.AsDuration(), + MaxMetadataLen: in.Config.MaxMetadataLen + }) + m := NewAppModule(in.Cdc, k, in.AccountKeeper, in.BankKeeper, in.Registry) + + return GroupOutputs{ + GroupKeeper: k, + Module: m + } + } + ``` + +3. Define a struct that inherits `depinject.In` and define the module inputs (i.e. module dependencies): + + * `depinject` provides the right dependencies to the module. + * `depinject` also checks that all dependencies are provided. + + :::tip + For making a dependency optional, add the `optional:"true"` struct tag.\ + + ```go expandable + package module + + import ( + + "context" + "encoding/json" + "fmt" + + abci "github.com/cometbft/cometbft/abci/types" + gwruntime "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/spf13/cobra" + + modulev1 "cosmossdk.io/api/cosmos/group/module/v1" + "cosmossdk.io/core/address" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/depinject" + + store "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/baseapp" + sdkclient "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + cdctypes "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/module" + simtypes "github.com/cosmos/cosmos-sdk/types/simulation" + "github.com/cosmos/cosmos-sdk/x/group" + "github.com/cosmos/cosmos-sdk/x/group/client/cli" + "github.com/cosmos/cosmos-sdk/x/group/keeper" + "github.com/cosmos/cosmos-sdk/x/group/simulation" + ) + + // ConsensusVersion defines the current x/group module consensus version. + const ConsensusVersion = 2 + + var ( + _ module.AppModuleBasic = AppModuleBasic{ + } + _ module.AppModuleSimulation = AppModule{ + } + ) + + type AppModule struct { + AppModuleBasic + keeper keeper.Keeper + bankKeeper group.BankKeeper + accKeeper group.AccountKeeper + registry cdctypes.InterfaceRegistry + } + + // NewAppModule creates a new AppModule object + func NewAppModule(cdc codec.Codec, keeper keeper.Keeper, ak group.AccountKeeper, bk group.BankKeeper, registry cdctypes.InterfaceRegistry) + + AppModule { + return AppModule{ + AppModuleBasic: AppModuleBasic{ + cdc: cdc, ac: ak.AddressCodec() + }, + keeper: keeper, + bankKeeper: bk, + accKeeper: ak, + registry: registry, + } + } + + var ( + _ appmodule.AppModule = AppModule{ + } + _ appmodule.HasEndBlocker = AppModule{ + } + ) + + // IsOnePerModuleType implements the depinject.OnePerModuleType interface. + func (am AppModule) + + IsOnePerModuleType() { + } + + // IsAppModule implements the appmodule.AppModule interface. + func (am AppModule) + + IsAppModule() { + } + + type AppModuleBasic struct { + cdc codec.Codec + ac address.Codec + } + + // Name returns the group module's name. + func (AppModuleBasic) + + Name() + + string { + return group.ModuleName + } + + // DefaultGenesis returns default genesis state as raw bytes for the group + // module. + func (AppModuleBasic) + + DefaultGenesis(cdc codec.JSONCodec) + + json.RawMessage { + return cdc.MustMarshalJSON(group.NewGenesisState()) + } + + // ValidateGenesis performs genesis state validation for the group module. + func (AppModuleBasic) + + ValidateGenesis(cdc codec.JSONCodec, config sdkclient.TxEncodingConfig, bz json.RawMessage) + + error { + var data group.GenesisState + if err := cdc.UnmarshalJSON(bz, &data); err != nil { + return fmt.Errorf("failed to unmarshal %s genesis state: %w", group.ModuleName, err) + } + + return data.Validate() + } + + // GetQueryCmd returns the cli query commands for the group module + func (a AppModuleBasic) + + GetQueryCmd() *cobra.Command { + return cli.QueryCmd(a.Name()) + } + + // GetTxCmd returns the transaction commands for the group module + func (a AppModuleBasic) + + GetTxCmd() *cobra.Command { + return cli.TxCmd(a.Name(), a.ac) + } + + // RegisterGRPCGatewayRoutes registers the gRPC Gateway routes for the group module. + func (a AppModuleBasic) + + RegisterGRPCGatewayRoutes(clientCtx sdkclient.Context, mux *gwruntime.ServeMux) { + if err := group.RegisterQueryHandlerClient(context.Background(), mux, group.NewQueryClient(clientCtx)); err != nil { + panic(err) + } + } + + // RegisterInterfaces registers the group module's interface types + func (AppModuleBasic) + + RegisterInterfaces(registry cdctypes.InterfaceRegistry) { + group.RegisterInterfaces(registry) + } + + // RegisterLegacyAminoCodec registers the group module's types for the given codec. + func (AppModuleBasic) + + RegisterLegacyAminoCodec(cdc *codec.LegacyAmino) { + group.RegisterLegacyAminoCodec(cdc) + } + + // Name returns the group module's name. + func (AppModule) + + Name() + + string { + return group.ModuleName + } + + // RegisterInvariants does nothing, there are no invariants to enforce + func (am AppModule) + + RegisterInvariants(ir sdk.InvariantRegistry) { + keeper.RegisterInvariants(ir, am.keeper) + } + + // InitGenesis performs genesis initialization for the group module. It returns + // no validator updates. + func (am AppModule) + + InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, data json.RawMessage) []abci.ValidatorUpdate { + am.keeper.InitGenesis(ctx, cdc, data) + + return []abci.ValidatorUpdate{ + } + } + + // ExportGenesis returns the exported genesis state as raw bytes for the group + // module. + func (am AppModule) + + ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec) + + json.RawMessage { + gs := am.keeper.ExportGenesis(ctx, cdc) + + return cdc.MustMarshalJSON(gs) + } + + // RegisterServices registers a gRPC query service to respond to the + // module-specific gRPC queries. + func (am AppModule) + + RegisterServices(cfg module.Configurator) { + group.RegisterMsgServer(cfg.MsgServer(), am.keeper) + + group.RegisterQueryServer(cfg.QueryServer(), am.keeper) + m := keeper.NewMigrator(am.keeper) + if err := cfg.RegisterMigration(group.ModuleName, 1, m.Migrate1to2); err != nil { + panic(fmt.Sprintf("failed to migrate x/%s from version 1 to 2: %v", group.ModuleName, err)) + } + } + + // ConsensusVersion implements AppModule/ConsensusVersion. + func (AppModule) + + ConsensusVersion() + + uint64 { + return ConsensusVersion + } + + // EndBlock implements the group module's EndBlock. + func (am AppModule) + + EndBlock(ctx context.Context) + + error { + c := sdk.UnwrapSDKContext(ctx) + + return EndBlocker(c, am.keeper) + } + + // ____________________________________________________________________________ + + // AppModuleSimulation functions + + // GenerateGenesisState creates a randomized GenState of the group module. + func (AppModule) + + GenerateGenesisState(simState *module.SimulationState) { + simulation.RandomizedGenState(simState) + } + + // RegisterStoreDecoder registers a decoder for group module's types + func (am AppModule) + + RegisterStoreDecoder(sdr simtypes.StoreDecoderRegistry) { + sdr[group.StoreKey] = simulation.NewDecodeStore(am.cdc) + } + + // WeightedOperations returns the all the gov module operations with their respective weights. + func (am AppModule) + + WeightedOperations(simState module.SimulationState) []simtypes.WeightedOperation { + return simulation.WeightedOperations( + am.registry, + simState.AppParams, simState.Cdc, simState.TxConfig, + am.accKeeper, am.bankKeeper, am.keeper, am.cdc, + ) + } + + // + // App Wiring Setup + // + + func init() { + appmodule.Register( + &modulev1.Module{ + }, + appmodule.Provide(ProvideModule), + ) + } + + type GroupInputs struct { + depinject.In + + Config *modulev1.Module + Key *store.KVStoreKey + Cdc codec.Codec + AccountKeeper group.AccountKeeper + BankKeeper group.BankKeeper + Registry cdctypes.InterfaceRegistry + MsgServiceRouter baseapp.MessageRouter + } + + type GroupOutputs struct { + depinject.Out + + GroupKeeper keeper.Keeper + Module appmodule.AppModule + } + + func ProvideModule(in GroupInputs) + + GroupOutputs { + /* + Example of setting group params: + in.Config.MaxMetadataLen = 1000 + in.Config.MaxExecutionPeriod = "1209600s" + */ + k := keeper.NewKeeper(in.Key, in.Cdc, in.MsgServiceRouter, in.AccountKeeper, group.Config{ + MaxExecutionPeriod: in.Config.MaxExecutionPeriod.AsDuration(), + MaxMetadataLen: in.Config.MaxMetadataLen + }) + m := NewAppModule(in.Cdc, k, in.AccountKeeper, in.BankKeeper, in.Registry) + + return GroupOutputs{ + GroupKeeper: k, + Module: m + } + } + ``` + +4. Define the module outputs with a public struct that inherits `depinject.Out`: + The module outputs are the dependencies that the module provides to other modules. It is usually the module itself and its keeper. + + ```go expandable + package module + + import ( + + "context" + "encoding/json" + "fmt" + + abci "github.com/cometbft/cometbft/abci/types" + gwruntime "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/spf13/cobra" + + modulev1 "cosmossdk.io/api/cosmos/group/module/v1" + "cosmossdk.io/core/address" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/depinject" + + store "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/baseapp" + sdkclient "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + cdctypes "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/module" + simtypes "github.com/cosmos/cosmos-sdk/types/simulation" + "github.com/cosmos/cosmos-sdk/x/group" + "github.com/cosmos/cosmos-sdk/x/group/client/cli" + "github.com/cosmos/cosmos-sdk/x/group/keeper" + "github.com/cosmos/cosmos-sdk/x/group/simulation" + ) + + // ConsensusVersion defines the current x/group module consensus version. + const ConsensusVersion = 2 + + var ( + _ module.AppModuleBasic = AppModuleBasic{ + } + _ module.AppModuleSimulation = AppModule{ + } + ) + + type AppModule struct { + AppModuleBasic + keeper keeper.Keeper + bankKeeper group.BankKeeper + accKeeper group.AccountKeeper + registry cdctypes.InterfaceRegistry + } + + // NewAppModule creates a new AppModule object + func NewAppModule(cdc codec.Codec, keeper keeper.Keeper, ak group.AccountKeeper, bk group.BankKeeper, registry cdctypes.InterfaceRegistry) + + AppModule { + return AppModule{ + AppModuleBasic: AppModuleBasic{ + cdc: cdc, ac: ak.AddressCodec() + }, + keeper: keeper, + bankKeeper: bk, + accKeeper: ak, + registry: registry, + } + } + + var ( + _ appmodule.AppModule = AppModule{ + } + _ appmodule.HasEndBlocker = AppModule{ + } + ) + + // IsOnePerModuleType implements the depinject.OnePerModuleType interface. + func (am AppModule) + + IsOnePerModuleType() { + } + + // IsAppModule implements the appmodule.AppModule interface. + func (am AppModule) + + IsAppModule() { + } + + type AppModuleBasic struct { + cdc codec.Codec + ac address.Codec + } + + // Name returns the group module's name. + func (AppModuleBasic) + + Name() + + string { + return group.ModuleName + } + + // DefaultGenesis returns default genesis state as raw bytes for the group + // module. + func (AppModuleBasic) + + DefaultGenesis(cdc codec.JSONCodec) + + json.RawMessage { + return cdc.MustMarshalJSON(group.NewGenesisState()) + } + + // ValidateGenesis performs genesis state validation for the group module. + func (AppModuleBasic) + + ValidateGenesis(cdc codec.JSONCodec, config sdkclient.TxEncodingConfig, bz json.RawMessage) + + error { + var data group.GenesisState + if err := cdc.UnmarshalJSON(bz, &data); err != nil { + return fmt.Errorf("failed to unmarshal %s genesis state: %w", group.ModuleName, err) + } + + return data.Validate() + } + + // GetQueryCmd returns the cli query commands for the group module + func (a AppModuleBasic) + + GetQueryCmd() *cobra.Command { + return cli.QueryCmd(a.Name()) + } + + // GetTxCmd returns the transaction commands for the group module + func (a AppModuleBasic) + + GetTxCmd() *cobra.Command { + return cli.TxCmd(a.Name(), a.ac) + } + + // RegisterGRPCGatewayRoutes registers the gRPC Gateway routes for the group module. + func (a AppModuleBasic) + + RegisterGRPCGatewayRoutes(clientCtx sdkclient.Context, mux *gwruntime.ServeMux) { + if err := group.RegisterQueryHandlerClient(context.Background(), mux, group.NewQueryClient(clientCtx)); err != nil { + panic(err) + } + } + + // RegisterInterfaces registers the group module's interface types + func (AppModuleBasic) + + RegisterInterfaces(registry cdctypes.InterfaceRegistry) { + group.RegisterInterfaces(registry) + } + + // RegisterLegacyAminoCodec registers the group module's types for the given codec. + func (AppModuleBasic) + + RegisterLegacyAminoCodec(cdc *codec.LegacyAmino) { + group.RegisterLegacyAminoCodec(cdc) + } + + // Name returns the group module's name. + func (AppModule) + + Name() + + string { + return group.ModuleName + } + + // RegisterInvariants does nothing, there are no invariants to enforce + func (am AppModule) + + RegisterInvariants(ir sdk.InvariantRegistry) { + keeper.RegisterInvariants(ir, am.keeper) + } + + // InitGenesis performs genesis initialization for the group module. It returns + // no validator updates. + func (am AppModule) + + InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, data json.RawMessage) []abci.ValidatorUpdate { + am.keeper.InitGenesis(ctx, cdc, data) + + return []abci.ValidatorUpdate{ + } + } + + // ExportGenesis returns the exported genesis state as raw bytes for the group + // module. + func (am AppModule) + + ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec) + + json.RawMessage { + gs := am.keeper.ExportGenesis(ctx, cdc) + + return cdc.MustMarshalJSON(gs) + } + + // RegisterServices registers a gRPC query service to respond to the + // module-specific gRPC queries. + func (am AppModule) + + RegisterServices(cfg module.Configurator) { + group.RegisterMsgServer(cfg.MsgServer(), am.keeper) + + group.RegisterQueryServer(cfg.QueryServer(), am.keeper) + m := keeper.NewMigrator(am.keeper) + if err := cfg.RegisterMigration(group.ModuleName, 1, m.Migrate1to2); err != nil { + panic(fmt.Sprintf("failed to migrate x/%s from version 1 to 2: %v", group.ModuleName, err)) + } + } + + // ConsensusVersion implements AppModule/ConsensusVersion. + func (AppModule) + + ConsensusVersion() + + uint64 { + return ConsensusVersion + } + + // EndBlock implements the group module's EndBlock. + func (am AppModule) + + EndBlock(ctx context.Context) + + error { + c := sdk.UnwrapSDKContext(ctx) + + return EndBlocker(c, am.keeper) + } + + // ____________________________________________________________________________ + + // AppModuleSimulation functions + + // GenerateGenesisState creates a randomized GenState of the group module. + func (AppModule) + + GenerateGenesisState(simState *module.SimulationState) { + simulation.RandomizedGenState(simState) + } + + // RegisterStoreDecoder registers a decoder for group module's types + func (am AppModule) + + RegisterStoreDecoder(sdr simtypes.StoreDecoderRegistry) { + sdr[group.StoreKey] = simulation.NewDecodeStore(am.cdc) + } + + // WeightedOperations returns the all the gov module operations with their respective weights. + func (am AppModule) + + WeightedOperations(simState module.SimulationState) []simtypes.WeightedOperation { + return simulation.WeightedOperations( + am.registry, + simState.AppParams, simState.Cdc, simState.TxConfig, + am.accKeeper, am.bankKeeper, am.keeper, am.cdc, + ) + } + + // + // App Wiring Setup + // + + func init() { + appmodule.Register( + &modulev1.Module{ + }, + appmodule.Provide(ProvideModule), + ) + } + + type GroupInputs struct { + depinject.In + + Config *modulev1.Module + Key *store.KVStoreKey + Cdc codec.Codec + AccountKeeper group.AccountKeeper + BankKeeper group.BankKeeper + Registry cdctypes.InterfaceRegistry + MsgServiceRouter baseapp.MessageRouter + } + + type GroupOutputs struct { + depinject.Out + + GroupKeeper keeper.Keeper + Module appmodule.AppModule + } + + func ProvideModule(in GroupInputs) + + GroupOutputs { + /* + Example of setting group params: + in.Config.MaxMetadataLen = 1000 + in.Config.MaxExecutionPeriod = "1209600s" + */ + k := keeper.NewKeeper(in.Key, in.Cdc, in.MsgServiceRouter, in.AccountKeeper, group.Config{ + MaxExecutionPeriod: in.Config.MaxExecutionPeriod.AsDuration(), + MaxMetadataLen: in.Config.MaxMetadataLen + }) + m := NewAppModule(in.Cdc, k, in.AccountKeeper, in.BankKeeper, in.Registry) + + return GroupOutputs{ + GroupKeeper: k, + Module: m + } + } + ``` + +5. Create a function named `ProvideModule` (as called in 1.) and use the inputs for instantiating the module outputs. + +```go expandable +package module + +import ( + + "context" + "encoding/json" + "fmt" + + abci "github.com/cometbft/cometbft/abci/types" + gwruntime "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/spf13/cobra" + + modulev1 "cosmossdk.io/api/cosmos/group/module/v1" + "cosmossdk.io/core/address" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/depinject" + + store "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/baseapp" + sdkclient "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + cdctypes "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/module" + simtypes "github.com/cosmos/cosmos-sdk/types/simulation" + "github.com/cosmos/cosmos-sdk/x/group" + "github.com/cosmos/cosmos-sdk/x/group/client/cli" + "github.com/cosmos/cosmos-sdk/x/group/keeper" + "github.com/cosmos/cosmos-sdk/x/group/simulation" +) + +// ConsensusVersion defines the current x/group module consensus version. +const ConsensusVersion = 2 + +var ( + _ module.AppModuleBasic = AppModuleBasic{ +} + _ module.AppModuleSimulation = AppModule{ +} +) + +type AppModule struct { + AppModuleBasic + keeper keeper.Keeper + bankKeeper group.BankKeeper + accKeeper group.AccountKeeper + registry cdctypes.InterfaceRegistry +} + +// NewAppModule creates a new AppModule object +func NewAppModule(cdc codec.Codec, keeper keeper.Keeper, ak group.AccountKeeper, bk group.BankKeeper, registry cdctypes.InterfaceRegistry) + +AppModule { + return AppModule{ + AppModuleBasic: AppModuleBasic{ + cdc: cdc, ac: ak.AddressCodec() +}, + keeper: keeper, + bankKeeper: bk, + accKeeper: ak, + registry: registry, +} +} + +var ( + _ appmodule.AppModule = AppModule{ +} + _ appmodule.HasEndBlocker = AppModule{ +} +) + +// IsOnePerModuleType implements the depinject.OnePerModuleType interface. +func (am AppModule) + +IsOnePerModuleType() { +} + +// IsAppModule implements the appmodule.AppModule interface. +func (am AppModule) + +IsAppModule() { +} + +type AppModuleBasic struct { + cdc codec.Codec + ac address.Codec +} + +// Name returns the group module's name. +func (AppModuleBasic) + +Name() + +string { + return group.ModuleName +} + +// DefaultGenesis returns default genesis state as raw bytes for the group +// module. +func (AppModuleBasic) + +DefaultGenesis(cdc codec.JSONCodec) + +json.RawMessage { + return cdc.MustMarshalJSON(group.NewGenesisState()) +} + +// ValidateGenesis performs genesis state validation for the group module. +func (AppModuleBasic) + +ValidateGenesis(cdc codec.JSONCodec, config sdkclient.TxEncodingConfig, bz json.RawMessage) + +error { + var data group.GenesisState + if err := cdc.UnmarshalJSON(bz, &data); err != nil { + return fmt.Errorf("failed to unmarshal %s genesis state: %w", group.ModuleName, err) +} + +return data.Validate() +} + +// GetQueryCmd returns the cli query commands for the group module +func (a AppModuleBasic) + +GetQueryCmd() *cobra.Command { + return cli.QueryCmd(a.Name()) +} + +// GetTxCmd returns the transaction commands for the group module +func (a AppModuleBasic) + +GetTxCmd() *cobra.Command { + return cli.TxCmd(a.Name(), a.ac) +} + +// RegisterGRPCGatewayRoutes registers the gRPC Gateway routes for the group module. +func (a AppModuleBasic) + +RegisterGRPCGatewayRoutes(clientCtx sdkclient.Context, mux *gwruntime.ServeMux) { + if err := group.RegisterQueryHandlerClient(context.Background(), mux, group.NewQueryClient(clientCtx)); err != nil { + panic(err) +} +} + +// RegisterInterfaces registers the group module's interface types +func (AppModuleBasic) + +RegisterInterfaces(registry cdctypes.InterfaceRegistry) { + group.RegisterInterfaces(registry) +} + +// RegisterLegacyAminoCodec registers the group module's types for the given codec. +func (AppModuleBasic) + +RegisterLegacyAminoCodec(cdc *codec.LegacyAmino) { + group.RegisterLegacyAminoCodec(cdc) +} + +// Name returns the group module's name. +func (AppModule) + +Name() + +string { + return group.ModuleName +} + +// RegisterInvariants does nothing, there are no invariants to enforce +func (am AppModule) + +RegisterInvariants(ir sdk.InvariantRegistry) { + keeper.RegisterInvariants(ir, am.keeper) +} + +// InitGenesis performs genesis initialization for the group module. It returns +// no validator updates. +func (am AppModule) + +InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, data json.RawMessage) []abci.ValidatorUpdate { + am.keeper.InitGenesis(ctx, cdc, data) + +return []abci.ValidatorUpdate{ +} +} + +// ExportGenesis returns the exported genesis state as raw bytes for the group +// module. +func (am AppModule) + +ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec) + +json.RawMessage { + gs := am.keeper.ExportGenesis(ctx, cdc) + +return cdc.MustMarshalJSON(gs) +} + +// RegisterServices registers a gRPC query service to respond to the +// module-specific gRPC queries. +func (am AppModule) + +RegisterServices(cfg module.Configurator) { + group.RegisterMsgServer(cfg.MsgServer(), am.keeper) + +group.RegisterQueryServer(cfg.QueryServer(), am.keeper) + m := keeper.NewMigrator(am.keeper) + if err := cfg.RegisterMigration(group.ModuleName, 1, m.Migrate1to2); err != nil { + panic(fmt.Sprintf("failed to migrate x/%s from version 1 to 2: %v", group.ModuleName, err)) +} +} + +// ConsensusVersion implements AppModule/ConsensusVersion. +func (AppModule) + +ConsensusVersion() + +uint64 { + return ConsensusVersion +} + +// EndBlock implements the group module's EndBlock. +func (am AppModule) + +EndBlock(ctx context.Context) + +error { + c := sdk.UnwrapSDKContext(ctx) + +return EndBlocker(c, am.keeper) +} + +// ____________________________________________________________________________ + +// AppModuleSimulation functions + +// GenerateGenesisState creates a randomized GenState of the group module. +func (AppModule) + +GenerateGenesisState(simState *module.SimulationState) { + simulation.RandomizedGenState(simState) +} + +// RegisterStoreDecoder registers a decoder for group module's types +func (am AppModule) + +RegisterStoreDecoder(sdr simtypes.StoreDecoderRegistry) { + sdr[group.StoreKey] = simulation.NewDecodeStore(am.cdc) +} + +// WeightedOperations returns the all the gov module operations with their respective weights. +func (am AppModule) + +WeightedOperations(simState module.SimulationState) []simtypes.WeightedOperation { + return simulation.WeightedOperations( + am.registry, + simState.AppParams, simState.Cdc, simState.TxConfig, + am.accKeeper, am.bankKeeper, am.keeper, am.cdc, + ) +} + +// +// App Wiring Setup +// + +func init() { + appmodule.Register( + &modulev1.Module{ +}, + appmodule.Provide(ProvideModule), + ) +} + +type GroupInputs struct { + depinject.In + + Config *modulev1.Module + Key *store.KVStoreKey + Cdc codec.Codec + AccountKeeper group.AccountKeeper + BankKeeper group.BankKeeper + Registry cdctypes.InterfaceRegistry + MsgServiceRouter baseapp.MessageRouter +} + +type GroupOutputs struct { + depinject.Out + + GroupKeeper keeper.Keeper + Module appmodule.AppModule +} + +func ProvideModule(in GroupInputs) + +GroupOutputs { + /* + Example of setting group params: + in.Config.MaxMetadataLen = 1000 + in.Config.MaxExecutionPeriod = "1209600s" + */ + k := keeper.NewKeeper(in.Key, in.Cdc, in.MsgServiceRouter, in.AccountKeeper, group.Config{ + MaxExecutionPeriod: in.Config.MaxExecutionPeriod.AsDuration(), + MaxMetadataLen: in.Config.MaxMetadataLen +}) + m := NewAppModule(in.Cdc, k, in.AccountKeeper, in.BankKeeper, in.Registry) + +return GroupOutputs{ + GroupKeeper: k, + Module: m +} +} +``` + +The `ProvideModule` function should return an instance of `cosmossdk.io/core/appmodule.AppModule` which implements +one or more app module extension interfaces for initializing the module. + +Following is the complete app wiring configuration for `group`: + +```go expandable +package module + +import ( + + "context" + "encoding/json" + "fmt" + + abci "github.com/cometbft/cometbft/abci/types" + gwruntime "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/spf13/cobra" + + modulev1 "cosmossdk.io/api/cosmos/group/module/v1" + "cosmossdk.io/core/address" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/depinject" + + store "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/baseapp" + sdkclient "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + cdctypes "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/module" + simtypes "github.com/cosmos/cosmos-sdk/types/simulation" + "github.com/cosmos/cosmos-sdk/x/group" + "github.com/cosmos/cosmos-sdk/x/group/client/cli" + "github.com/cosmos/cosmos-sdk/x/group/keeper" + "github.com/cosmos/cosmos-sdk/x/group/simulation" +) + +// ConsensusVersion defines the current x/group module consensus version. +const ConsensusVersion = 2 + +var ( + _ module.AppModuleBasic = AppModuleBasic{ +} + _ module.AppModuleSimulation = AppModule{ +} +) + +type AppModule struct { + AppModuleBasic + keeper keeper.Keeper + bankKeeper group.BankKeeper + accKeeper group.AccountKeeper + registry cdctypes.InterfaceRegistry +} + +// NewAppModule creates a new AppModule object +func NewAppModule(cdc codec.Codec, keeper keeper.Keeper, ak group.AccountKeeper, bk group.BankKeeper, registry cdctypes.InterfaceRegistry) + +AppModule { + return AppModule{ + AppModuleBasic: AppModuleBasic{ + cdc: cdc, ac: ak.AddressCodec() +}, + keeper: keeper, + bankKeeper: bk, + accKeeper: ak, + registry: registry, +} +} + +var ( + _ appmodule.AppModule = AppModule{ +} + _ appmodule.HasEndBlocker = AppModule{ +} +) + +// IsOnePerModuleType implements the depinject.OnePerModuleType interface. +func (am AppModule) + +IsOnePerModuleType() { +} + +// IsAppModule implements the appmodule.AppModule interface. +func (am AppModule) + +IsAppModule() { +} + +type AppModuleBasic struct { + cdc codec.Codec + ac address.Codec +} + +// Name returns the group module's name. +func (AppModuleBasic) + +Name() + +string { + return group.ModuleName +} + +// DefaultGenesis returns default genesis state as raw bytes for the group +// module. +func (AppModuleBasic) + +DefaultGenesis(cdc codec.JSONCodec) + +json.RawMessage { + return cdc.MustMarshalJSON(group.NewGenesisState()) +} + +// ValidateGenesis performs genesis state validation for the group module. +func (AppModuleBasic) + +ValidateGenesis(cdc codec.JSONCodec, config sdkclient.TxEncodingConfig, bz json.RawMessage) + +error { + var data group.GenesisState + if err := cdc.UnmarshalJSON(bz, &data); err != nil { + return fmt.Errorf("failed to unmarshal %s genesis state: %w", group.ModuleName, err) +} + +return data.Validate() +} + +// GetQueryCmd returns the cli query commands for the group module +func (a AppModuleBasic) + +GetQueryCmd() *cobra.Command { + return cli.QueryCmd(a.Name()) +} + +// GetTxCmd returns the transaction commands for the group module +func (a AppModuleBasic) + +GetTxCmd() *cobra.Command { + return cli.TxCmd(a.Name(), a.ac) +} + +// RegisterGRPCGatewayRoutes registers the gRPC Gateway routes for the group module. +func (a AppModuleBasic) + +RegisterGRPCGatewayRoutes(clientCtx sdkclient.Context, mux *gwruntime.ServeMux) { + if err := group.RegisterQueryHandlerClient(context.Background(), mux, group.NewQueryClient(clientCtx)); err != nil { + panic(err) +} +} + +// RegisterInterfaces registers the group module's interface types +func (AppModuleBasic) + +RegisterInterfaces(registry cdctypes.InterfaceRegistry) { + group.RegisterInterfaces(registry) +} + +// RegisterLegacyAminoCodec registers the group module's types for the given codec. +func (AppModuleBasic) + +RegisterLegacyAminoCodec(cdc *codec.LegacyAmino) { + group.RegisterLegacyAminoCodec(cdc) +} + +// Name returns the group module's name. +func (AppModule) + +Name() + +string { + return group.ModuleName +} + +// RegisterInvariants does nothing, there are no invariants to enforce +func (am AppModule) + +RegisterInvariants(ir sdk.InvariantRegistry) { + keeper.RegisterInvariants(ir, am.keeper) +} + +// InitGenesis performs genesis initialization for the group module. It returns +// no validator updates. +func (am AppModule) + +InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, data json.RawMessage) []abci.ValidatorUpdate { + am.keeper.InitGenesis(ctx, cdc, data) + +return []abci.ValidatorUpdate{ +} +} + +// ExportGenesis returns the exported genesis state as raw bytes for the group +// module. +func (am AppModule) + +ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec) + +json.RawMessage { + gs := am.keeper.ExportGenesis(ctx, cdc) + +return cdc.MustMarshalJSON(gs) +} + +// RegisterServices registers a gRPC query service to respond to the +// module-specific gRPC queries. +func (am AppModule) + +RegisterServices(cfg module.Configurator) { + group.RegisterMsgServer(cfg.MsgServer(), am.keeper) + +group.RegisterQueryServer(cfg.QueryServer(), am.keeper) + m := keeper.NewMigrator(am.keeper) + if err := cfg.RegisterMigration(group.ModuleName, 1, m.Migrate1to2); err != nil { + panic(fmt.Sprintf("failed to migrate x/%s from version 1 to 2: %v", group.ModuleName, err)) +} +} + +// ConsensusVersion implements AppModule/ConsensusVersion. +func (AppModule) + +ConsensusVersion() + +uint64 { + return ConsensusVersion +} + +// EndBlock implements the group module's EndBlock. +func (am AppModule) + +EndBlock(ctx context.Context) + +error { + c := sdk.UnwrapSDKContext(ctx) + +return EndBlocker(c, am.keeper) +} + +// ____________________________________________________________________________ + +// AppModuleSimulation functions + +// GenerateGenesisState creates a randomized GenState of the group module. +func (AppModule) + +GenerateGenesisState(simState *module.SimulationState) { + simulation.RandomizedGenState(simState) +} + +// RegisterStoreDecoder registers a decoder for group module's types +func (am AppModule) + +RegisterStoreDecoder(sdr simtypes.StoreDecoderRegistry) { + sdr[group.StoreKey] = simulation.NewDecodeStore(am.cdc) +} + +// WeightedOperations returns the all the gov module operations with their respective weights. +func (am AppModule) + +WeightedOperations(simState module.SimulationState) []simtypes.WeightedOperation { + return simulation.WeightedOperations( + am.registry, + simState.AppParams, simState.Cdc, simState.TxConfig, + am.accKeeper, am.bankKeeper, am.keeper, am.cdc, + ) +} + +// +// App Wiring Setup +// + +func init() { + appmodule.Register( + &modulev1.Module{ +}, + appmodule.Provide(ProvideModule), + ) +} + +type GroupInputs struct { + depinject.In + + Config *modulev1.Module + Key *store.KVStoreKey + Cdc codec.Codec + AccountKeeper group.AccountKeeper + BankKeeper group.BankKeeper + Registry cdctypes.InterfaceRegistry + MsgServiceRouter baseapp.MessageRouter +} + +type GroupOutputs struct { + depinject.Out + + GroupKeeper keeper.Keeper + Module appmodule.AppModule +} + +func ProvideModule(in GroupInputs) + +GroupOutputs { + /* + Example of setting group params: + in.Config.MaxMetadataLen = 1000 + in.Config.MaxExecutionPeriod = "1209600s" + */ + k := keeper.NewKeeper(in.Key, in.Cdc, in.MsgServiceRouter, in.AccountKeeper, group.Config{ + MaxExecutionPeriod: in.Config.MaxExecutionPeriod.AsDuration(), + MaxMetadataLen: in.Config.MaxMetadataLen +}) + m := NewAppModule(in.Cdc, k, in.AccountKeeper, in.BankKeeper, in.Registry) + +return GroupOutputs{ + GroupKeeper: k, + Module: m +} +} +``` + +The module is now ready to be used with `depinject` by a chain developer. + +## Integrate in an application + +The App Wiring is done in `app_config.go` / `app.yaml` and `app_di.go` and is explained in detail in the [overview of `app_di.go`](/docs/sdk/vnext/build/building-apps/app-go-di). diff --git a/docs/sdk/next/build/building-modules/errors.mdx b/docs/sdk/next/build/building-modules/errors.mdx new file mode 100644 index 00000000..e1e114d6 --- /dev/null +++ b/docs/sdk/next/build/building-modules/errors.mdx @@ -0,0 +1,701 @@ +--- +title: Errors +--- + +**Synopsis** +This document outlines the recommended usage and APIs for error handling in Cosmos SDK modules. + + +Modules are encouraged to define and register their own errors to provide better +context on failed message or handler execution. Typically, these errors should be +common or general errors which can be further wrapped to provide additional specific +execution context. + +## Registration + +Modules should define and register their custom errors in `x/{module}/errors.go`. +Registration of errors is handled via the [`errors` package](https://github.com/cosmos/cosmos-sdk/blob/main/errors/errors.go). + +Example: + +```go expandable +package types + +import "cosmossdk.io/errors" + +// x/distribution module sentinel errors +var ( + ErrEmptyDelegatorAddr = errors.Register(ModuleName, 2, "delegator address is empty") + +ErrEmptyWithdrawAddr = errors.Register(ModuleName, 3, "withdraw address is empty") + +ErrEmptyValidatorAddr = errors.Register(ModuleName, 4, "validator address is empty") + +ErrEmptyDelegationDistInfo = errors.Register(ModuleName, 5, "no delegation distribution info") + +ErrNoValidatorDistInfo = errors.Register(ModuleName, 6, "no validator distribution info") + +ErrNoValidatorCommission = errors.Register(ModuleName, 7, "no validator commission to withdraw") + +ErrSetWithdrawAddrDisabled = errors.Register(ModuleName, 8, "set withdraw address disabled") + +ErrBadDistribution = errors.Register(ModuleName, 9, "community pool does not have sufficient coins to distribute") + +ErrInvalidProposalAmount = errors.Register(ModuleName, 10, "invalid community pool spend proposal amount") + +ErrEmptyProposalRecipient = errors.Register(ModuleName, 11, "invalid community pool spend proposal recipient") + +ErrNoValidatorExists = errors.Register(ModuleName, 12, "validator does not exist") + +ErrNoDelegationExists = errors.Register(ModuleName, 13, "delegation does not exist") +) +``` + +Each custom module error must provide the codespace, which is typically the module name +(e.g. "distribution") and is unique per module, and a uint32 code. Together, the codespace and code +provide a globally unique Cosmos SDK error. Typically, the code is monotonically increasing but does not +necessarily have to be. The only restrictions on error codes are the following: + +* Must be greater than one, as a code value of one is reserved for internal errors. +* Must be unique within the module. + +Note, the Cosmos SDK provides a core set of *common* errors. These errors are defined in [`types/errors/errors.go`](https://github.com/cosmos/cosmos-sdk/blob/main/types/errors/errors.go). + +## Wrapping + +The custom module errors can be returned as their concrete type as they already fulfill the `error` +interface. However, module errors can be wrapped to provide further context and meaning to failed +execution. + +Example: + +```go expandable +package keeper + +import ( + + "context" + "errors" + "fmt" + "cosmossdk.io/collections" + "cosmossdk.io/core/store" + "cosmossdk.io/log" + "cosmossdk.io/math" + + errorsmod "cosmossdk.io/errors" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/cosmos/cosmos-sdk/types/query" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + "github.com/cosmos/cosmos-sdk/x/bank/types" +) + +var _ Keeper = (*BaseKeeper)(nil) + +// Keeper defines a module interface that facilitates the transfer of coins +// between accounts. +type Keeper interface { + SendKeeper + WithMintCoinsRestriction(MintingRestrictionFn) + +BaseKeeper + + InitGenesis(context.Context, *types.GenesisState) + +ExportGenesis(context.Context) *types.GenesisState + + GetSupply(ctx context.Context, denom string) + +sdk.Coin + HasSupply(ctx context.Context, denom string) + +bool + GetPaginatedTotalSupply(ctx context.Context, pagination *query.PageRequest) (sdk.Coins, *query.PageResponse, error) + +IterateTotalSupply(ctx context.Context, cb func(sdk.Coin) + +bool) + +GetDenomMetaData(ctx context.Context, denom string) (types.Metadata, bool) + +HasDenomMetaData(ctx context.Context, denom string) + +bool + SetDenomMetaData(ctx context.Context, denomMetaData types.Metadata) + +GetAllDenomMetaData(ctx context.Context) []types.Metadata + IterateAllDenomMetaData(ctx context.Context, cb func(types.Metadata) + +bool) + +SendCoinsFromModuleToAccount(ctx context.Context, senderModule string, recipientAddr sdk.AccAddress, amt sdk.Coins) + +error + SendCoinsFromModuleToModule(ctx context.Context, senderModule, recipientModule string, amt sdk.Coins) + +error + SendCoinsFromAccountToModule(ctx context.Context, senderAddr sdk.AccAddress, recipientModule string, amt sdk.Coins) + +error + DelegateCoinsFromAccountToModule(ctx context.Context, senderAddr sdk.AccAddress, recipientModule string, amt sdk.Coins) + +error + UndelegateCoinsFromModuleToAccount(ctx context.Context, senderModule string, recipientAddr sdk.AccAddress, amt sdk.Coins) + +error + MintCoins(ctx context.Context, moduleName string, amt sdk.Coins) + +error + BurnCoins(ctx context.Context, moduleName string, amt sdk.Coins) + +error + + DelegateCoins(ctx context.Context, delegatorAddr, moduleAccAddr sdk.AccAddress, amt sdk.Coins) + +error + UndelegateCoins(ctx context.Context, moduleAccAddr, delegatorAddr sdk.AccAddress, amt sdk.Coins) + +error + + types.QueryServer +} + +// BaseKeeper manages transfers between accounts. It implements the Keeper interface. +type BaseKeeper struct { + BaseSendKeeper + + ak types.AccountKeeper + cdc codec.BinaryCodec + storeService store.KVStoreService + mintCoinsRestrictionFn MintingRestrictionFn + logger log.Logger +} + +type MintingRestrictionFn func(ctx context.Context, coins sdk.Coins) + +error + +// GetPaginatedTotalSupply queries for the supply, ignoring 0 coins, with a given pagination +func (k BaseKeeper) + +GetPaginatedTotalSupply(ctx context.Context, pagination *query.PageRequest) (sdk.Coins, *query.PageResponse, error) { + results, pageResp, err := query.CollectionPaginate[string, math.Int](ctx, k.Supply, pagination) + if err != nil { + return nil, nil, err +} + coins := sdk.NewCoins() + for _, res := range results { + coins = coins.Add(sdk.NewCoin(res.Key, res.Value)) +} + +return coins, pageResp, nil +} + +// NewBaseKeeper returns a new BaseKeeper object with a given codec, dedicated +// store key, an AccountKeeper implementation, and a parameter Subspace used to +// store and fetch module parameters. The BaseKeeper also accepts a +// blocklist map. This blocklist describes the set of addresses that are not allowed +// to receive funds through direct and explicit actions, for example, by using a MsgSend or +// by using a SendCoinsFromModuleToAccount execution. +func NewBaseKeeper( + cdc codec.BinaryCodec, + storeService store.KVStoreService, + ak types.AccountKeeper, + blockedAddrs map[string]bool, + authority string, + logger log.Logger, +) + +BaseKeeper { + if _, err := ak.AddressCodec().StringToBytes(authority); err != nil { + panic(fmt.Errorf("invalid bank authority address: %w", err)) +} + + // add the module name to the logger + logger = logger.With(log.ModuleKey, "x/"+types.ModuleName) + +return BaseKeeper{ + BaseSendKeeper: NewBaseSendKeeper(cdc, storeService, ak, blockedAddrs, authority, logger), + ak: ak, + cdc: cdc, + storeService: storeService, + mintCoinsRestrictionFn: func(ctx context.Context, coins sdk.Coins) + +error { + return nil +}, + logger: logger, +} +} + +// WithMintCoinsRestriction restricts the bank Keeper used within a specific module to +// have restricted permissions on minting via function passed in parameter. +// Previous restriction functions can be nested as such: +// +// bankKeeper.WithMintCoinsRestriction(restriction1).WithMintCoinsRestriction(restriction2) + +func (k BaseKeeper) + +WithMintCoinsRestriction(check MintingRestrictionFn) + +BaseKeeper { + oldRestrictionFn := k.mintCoinsRestrictionFn + k.mintCoinsRestrictionFn = func(ctx context.Context, coins sdk.Coins) + +error { + err := check(ctx, coins) + if err != nil { + return err +} + +err = oldRestrictionFn(ctx, coins) + if err != nil { + return err +} + +return nil +} + +return k +} + +// DelegateCoins performs delegation by deducting amt coins from an account with +// address addr. For vesting accounts, delegations amounts are tracked for both +// vesting and vested coins. The coins are then transferred from the delegator +// address to a ModuleAccount address. If any of the delegation amounts are negative, +// an error is returned. +func (k BaseKeeper) + +DelegateCoins(ctx context.Context, delegatorAddr, moduleAccAddr sdk.AccAddress, amt sdk.Coins) + +error { + moduleAcc := k.ak.GetAccount(ctx, moduleAccAddr) + if moduleAcc == nil { + return errorsmod.Wrapf(sdkerrors.ErrUnknownAddress, "module account %s does not exist", moduleAccAddr) +} + if !amt.IsValid() { + return errorsmod.Wrap(sdkerrors.ErrInvalidCoins, amt.String()) +} + balances := sdk.NewCoins() + for _, coin := range amt { + balance := k.GetBalance(ctx, delegatorAddr, coin.GetDenom()) + if balance.IsLT(coin) { + return errorsmod.Wrapf( + sdkerrors.ErrInsufficientFunds, "failed to delegate; %s is smaller than %s", balance, amt, + ) +} + +balances = balances.Add(balance) + err := k.setBalance(ctx, delegatorAddr, balance.Sub(coin)) + if err != nil { + return err +} + +} + if err := k.trackDelegation(ctx, delegatorAddr, balances, amt); err != nil { + return errorsmod.Wrap(err, "failed to track delegation") +} + // emit coin spent event + sdkCtx := sdk.UnwrapSDKContext(ctx) + +sdkCtx.EventManager().EmitEvent( + types.NewCoinSpentEvent(delegatorAddr, amt), + ) + err := k.addCoins(ctx, moduleAccAddr, amt) + if err != nil { + return err +} + +return nil +} + +// UndelegateCoins performs undelegation by crediting amt coins to an account with +// address addr. For vesting accounts, undelegation amounts are tracked for both +// vesting and vested coins. The coins are then transferred from a ModuleAccount +// address to the delegator address. If any of the undelegation amounts are +// negative, an error is returned. +func (k BaseKeeper) + +UndelegateCoins(ctx context.Context, moduleAccAddr, delegatorAddr sdk.AccAddress, amt sdk.Coins) + +error { + moduleAcc := k.ak.GetAccount(ctx, moduleAccAddr) + if moduleAcc == nil { + return errorsmod.Wrapf(sdkerrors.ErrUnknownAddress, "module account %s does not exist", moduleAccAddr) +} + if !amt.IsValid() { + return errorsmod.Wrap(sdkerrors.ErrInvalidCoins, amt.String()) +} + err := k.subUnlockedCoins(ctx, moduleAccAddr, amt) + if err != nil { + return err +} + if err := k.trackUndelegation(ctx, delegatorAddr, amt); err != nil { + return errorsmod.Wrap(err, "failed to track undelegation") +} + +err = k.addCoins(ctx, delegatorAddr, amt) + if err != nil { + return err +} + +return nil +} + +// GetSupply retrieves the Supply from store +func (k BaseKeeper) + +GetSupply(ctx context.Context, denom string) + +sdk.Coin { + amt, err := k.Supply.Get(ctx, denom) + if err != nil { + return sdk.NewCoin(denom, math.ZeroInt()) +} + +return sdk.NewCoin(denom, amt) +} + +// HasSupply checks if the supply coin exists in store. +func (k BaseKeeper) + +HasSupply(ctx context.Context, denom string) + +bool { + has, err := k.Supply.Has(ctx, denom) + +return has && err == nil +} + +// GetDenomMetaData retrieves the denomination metadata. returns the metadata and true if the denom exists, +// false otherwise. +func (k BaseKeeper) + +GetDenomMetaData(ctx context.Context, denom string) (types.Metadata, bool) { + m, err := k.BaseViewKeeper.DenomMetadata.Get(ctx, denom) + +return m, err == nil +} + +// HasDenomMetaData checks if the denomination metadata exists in store. +func (k BaseKeeper) + +HasDenomMetaData(ctx context.Context, denom string) + +bool { + has, err := k.BaseViewKeeper.DenomMetadata.Has(ctx, denom) + +return has && err == nil +} + +// GetAllDenomMetaData retrieves all denominations metadata +func (k BaseKeeper) + +GetAllDenomMetaData(ctx context.Context) []types.Metadata { + denomMetaData := make([]types.Metadata, 0) + +k.IterateAllDenomMetaData(ctx, func(metadata types.Metadata) + +bool { + denomMetaData = append(denomMetaData, metadata) + +return false +}) + +return denomMetaData +} + +// IterateAllDenomMetaData iterates over all the denominations metadata and +// provides the metadata to a callback. If true is returned from the +// callback, iteration is halted. +func (k BaseKeeper) + +IterateAllDenomMetaData(ctx context.Context, cb func(types.Metadata) + +bool) { + err := k.BaseViewKeeper.DenomMetadata.Walk(ctx, nil, func(_ string, metadata types.Metadata) (stop bool, err error) { + return cb(metadata), nil +}) + if err != nil && !errors.Is(err, collections.ErrInvalidIterator) { + panic(err) +} +} + +// SetDenomMetaData sets the denominations metadata +func (k BaseKeeper) + +SetDenomMetaData(ctx context.Context, denomMetaData types.Metadata) { + _ = k.BaseViewKeeper.DenomMetadata.Set(ctx, denomMetaData.Base, denomMetaData) +} + +// SendCoinsFromModuleToAccount transfers coins from a ModuleAccount to an AccAddress. +// It will panic if the module account does not exist. An error is returned if +// the recipient address is black-listed or if sending the tokens fails. +func (k BaseKeeper) + +SendCoinsFromModuleToAccount( + ctx context.Context, senderModule string, recipientAddr sdk.AccAddress, amt sdk.Coins, +) + +error { + senderAddr := k.ak.GetModuleAddress(senderModule) + if senderAddr == nil { + panic(errorsmod.Wrapf(sdkerrors.ErrUnknownAddress, "module account %s does not exist", senderModule)) +} + if k.BlockedAddr(recipientAddr) { + return errorsmod.Wrapf(sdkerrors.ErrUnauthorized, "%s is not allowed to receive funds", recipientAddr) +} + +return k.SendCoins(ctx, senderAddr, recipientAddr, amt) +} + +// SendCoinsFromModuleToModule transfers coins from a ModuleAccount to another. +// It will panic if either module account does not exist. +func (k BaseKeeper) + +SendCoinsFromModuleToModule( + ctx context.Context, senderModule, recipientModule string, amt sdk.Coins, +) + +error { + senderAddr := k.ak.GetModuleAddress(senderModule) + if senderAddr == nil { + panic(errorsmod.Wrapf(sdkerrors.ErrUnknownAddress, "module account %s does not exist", senderModule)) +} + recipientAcc := k.ak.GetModuleAccount(ctx, recipientModule) + if recipientAcc == nil { + panic(errorsmod.Wrapf(sdkerrors.ErrUnknownAddress, "module account %s does not exist", recipientModule)) +} + +return k.SendCoins(ctx, senderAddr, recipientAcc.GetAddress(), amt) +} + +// SendCoinsFromAccountToModule transfers coins from an AccAddress to a ModuleAccount. +// It will panic if the module account does not exist. +func (k BaseKeeper) + +SendCoinsFromAccountToModule( + ctx context.Context, senderAddr sdk.AccAddress, recipientModule string, amt sdk.Coins, +) + +error { + recipientAcc := k.ak.GetModuleAccount(ctx, recipientModule) + if recipientAcc == nil { + panic(errorsmod.Wrapf(sdkerrors.ErrUnknownAddress, "module account %s does not exist", recipientModule)) +} + +return k.SendCoins(ctx, senderAddr, recipientAcc.GetAddress(), amt) +} + +// DelegateCoinsFromAccountToModule delegates coins and transfers them from a +// delegator account to a module account. It will panic if the module account +// does not exist or is unauthorized. +func (k BaseKeeper) + +DelegateCoinsFromAccountToModule( + ctx context.Context, senderAddr sdk.AccAddress, recipientModule string, amt sdk.Coins, +) + +error { + recipientAcc := k.ak.GetModuleAccount(ctx, recipientModule) + if recipientAcc == nil { + panic(errorsmod.Wrapf(sdkerrors.ErrUnknownAddress, "module account %s does not exist", recipientModule)) +} + if !recipientAcc.HasPermission(authtypes.Staking) { + panic(errorsmod.Wrapf(sdkerrors.ErrUnauthorized, "module account %s does not have permissions to receive delegated coins", recipientModule)) +} + +return k.DelegateCoins(ctx, senderAddr, recipientAcc.GetAddress(), amt) +} + +// UndelegateCoinsFromModuleToAccount undelegates the unbonding coins and transfers +// them from a module account to the delegator account. It will panic if the +// module account does not exist or is unauthorized. +func (k BaseKeeper) + +UndelegateCoinsFromModuleToAccount( + ctx context.Context, senderModule string, recipientAddr sdk.AccAddress, amt sdk.Coins, +) + +error { + acc := k.ak.GetModuleAccount(ctx, senderModule) + if acc == nil { + panic(errorsmod.Wrapf(sdkerrors.ErrUnknownAddress, "module account %s does not exist", senderModule)) +} + if !acc.HasPermission(authtypes.Staking) { + panic(errorsmod.Wrapf(sdkerrors.ErrUnauthorized, "module account %s does not have permissions to undelegate coins", senderModule)) +} + +return k.UndelegateCoins(ctx, acc.GetAddress(), recipientAddr, amt) +} + +// MintCoins creates new coins from thin air and adds it to the module account. +// It will panic if the module account does not exist or is unauthorized. +func (k BaseKeeper) + +MintCoins(ctx context.Context, moduleName string, amounts sdk.Coins) + +error { + sdkCtx := sdk.UnwrapSDKContext(ctx) + err := k.mintCoinsRestrictionFn(ctx, amounts) + if err != nil { + k.logger.Error(fmt.Sprintf("Module %q attempted to mint coins %s it doesn't have permission for, error %v", moduleName, amounts, err)) + +return err +} + acc := k.ak.GetModuleAccount(ctx, moduleName) + if acc == nil { + panic(errorsmod.Wrapf(sdkerrors.ErrUnknownAddress, "module account %s does not exist", moduleName)) +} + if !acc.HasPermission(authtypes.Minter) { + panic(errorsmod.Wrapf(sdkerrors.ErrUnauthorized, "module account %s does not have permissions to mint tokens", moduleName)) +} + +err = k.addCoins(ctx, acc.GetAddress(), amounts) + if err != nil { + return err +} + for _, amount := range amounts { + supply := k.GetSupply(ctx, amount.GetDenom()) + +supply = supply.Add(amount) + +k.setSupply(ctx, supply) +} + +k.logger.Debug("minted coins from module account", "amount", amounts.String(), "from", moduleName) + + // emit mint event + sdkCtx.EventManager().EmitEvent( + types.NewCoinMintEvent(acc.GetAddress(), amounts), + ) + +return nil +} + +// BurnCoins burns coins deletes coins from the balance of the module account. +// It will panic if the module account does not exist or is unauthorized. +func (k BaseKeeper) + +BurnCoins(ctx context.Context, moduleName string, amounts sdk.Coins) + +error { + acc := k.ak.GetModuleAccount(ctx, moduleName) + if acc == nil { + panic(errorsmod.Wrapf(sdkerrors.ErrUnknownAddress, "module account %s does not exist", moduleName)) +} + if !acc.HasPermission(authtypes.Burner) { + panic(errorsmod.Wrapf(sdkerrors.ErrUnauthorized, "module account %s does not have permissions to burn tokens", moduleName)) +} + err := k.subUnlockedCoins(ctx, acc.GetAddress(), amounts) + if err != nil { + return err +} + for _, amount := range amounts { + supply := k.GetSupply(ctx, amount.GetDenom()) + +supply = supply.Sub(amount) + +k.setSupply(ctx, supply) +} + +k.logger.Debug("burned tokens from module account", "amount", amounts.String(), "from", moduleName) + + // emit burn event + sdkCtx := sdk.UnwrapSDKContext(ctx) + +sdkCtx.EventManager().EmitEvent( + types.NewCoinBurnEvent(acc.GetAddress(), amounts), + ) + +return nil +} + +// setSupply sets the supply for the given coin +func (k BaseKeeper) + +setSupply(ctx context.Context, coin sdk.Coin) { + // Bank invariants and IBC requires to remove zero coins. + if coin.IsZero() { + _ = k.Supply.Remove(ctx, coin.Denom) +} + +else { + _ = k.Supply.Set(ctx, coin.Denom, coin.Amount) +} +} + +// trackDelegation tracks the delegation of the given account if it is a vesting account +func (k BaseKeeper) + +trackDelegation(ctx context.Context, addr sdk.AccAddress, balance, amt sdk.Coins) + +error { + acc := k.ak.GetAccount(ctx, addr) + if acc == nil { + return errorsmod.Wrapf(sdkerrors.ErrUnknownAddress, "account %s does not exist", addr) +} + +vacc, ok := acc.(types.VestingAccount) + if ok { + // TODO: return error on account.TrackDelegation + sdkCtx := sdk.UnwrapSDKContext(ctx) + +vacc.TrackDelegation(sdkCtx.BlockHeader().Time, balance, amt) + +k.ak.SetAccount(ctx, acc) +} + +return nil +} + +// trackUndelegation trakcs undelegation of the given account if it is a vesting account +func (k BaseKeeper) + +trackUndelegation(ctx context.Context, addr sdk.AccAddress, amt sdk.Coins) + +error { + acc := k.ak.GetAccount(ctx, addr) + if acc == nil { + return errorsmod.Wrapf(sdkerrors.ErrUnknownAddress, "account %s does not exist", addr) +} + +vacc, ok := acc.(types.VestingAccount) + if ok { + // TODO: return error on account.TrackUndelegation + vacc.TrackUndelegation(amt) + +k.ak.SetAccount(ctx, acc) +} + +return nil +} + +// IterateTotalSupply iterates over the total supply calling the given cb (callback) + +function +// with the balance of each coin. +// The iteration stops if the callback returns true. +func (k BaseViewKeeper) + +IterateTotalSupply(ctx context.Context, cb func(sdk.Coin) + +bool) { + err := k.Supply.Walk(ctx, nil, func(s string, m math.Int) (bool, error) { + return cb(sdk.NewCoin(s, m)), nil +}) + if err != nil && !errors.Is(err, collections.ErrInvalidIterator) { + panic(err) +} +} +``` + +Regardless if an error is wrapped or not, the Cosmos SDK's `errors` package provides a function to determine if +an error is of a particular kind via `Is`. + +## ABCI + +If a module error is registered, the Cosmos SDK `errors` package allows ABCI information to be extracted +through the `ABCIInfo` function. The package also provides `ResponseCheckTx` and `ResponseDeliverTx` as +auxiliary functions to automatically get `CheckTx` and `DeliverTx` responses from an error. diff --git a/docs/sdk/next/build/building-modules/genesis.mdx b/docs/sdk/next/build/building-modules/genesis.mdx new file mode 100644 index 00000000..17ad76fd --- /dev/null +++ b/docs/sdk/next/build/building-modules/genesis.mdx @@ -0,0 +1,766 @@ +--- +title: Module Genesis +--- + +**Synopsis** +Modules generally handle a subset of the state and, as such, they need to define the related subset of the genesis file as well as methods to initialize, verify and export it. + + + +**Pre-requisite Readings** + +* [Module Manager](/docs/sdk/vnext/build/building-modules/module-manager) +* [Keepers](/docs/sdk/vnext/build/building-modules/keeper) + + + +## Type Definition + +The subset of the genesis state defined by a given module is generally defined in a `genesis.proto` file ([more info](/docs/sdk/vnext/learn/advanced/encoding#gogoproto) on how to define protobuf messages). The struct defining the module's subset of the genesis state is usually called `GenesisState` and contains all the module-related values that need to be initialized during the genesis process. + +See an example of `GenesisState` protobuf message definition from the `auth` module: + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/auth/v1beta1/genesis.proto +``` + +Next we present the main genesis-related methods that need to be implemented by module developers in order for their module to be used in Cosmos SDK applications. + +### `DefaultGenesis` + +The `DefaultGenesis()` method is a simple function that calls the constructor function for `GenesisState` with the default value for each parameter. See an example from the `auth` module: + +```go expandable +package auth + +import ( + + "context" + "encoding/json" + "fmt" + + abci "github.com/cometbft/cometbft/abci/types" + gwruntime "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/spf13/cobra" + "cosmossdk.io/depinject" + + authcodec "github.com/cosmos/cosmos-sdk/x/auth/codec" + "cosmossdk.io/core/address" + "cosmossdk.io/core/appmodule" + + modulev1 "cosmossdk.io/api/cosmos/auth/module/v1" + "cosmossdk.io/core/store" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/module" + simtypes "github.com/cosmos/cosmos-sdk/types/simulation" + "github.com/cosmos/cosmos-sdk/x/auth/client/cli" + "github.com/cosmos/cosmos-sdk/x/auth/exported" + "github.com/cosmos/cosmos-sdk/x/auth/keeper" + "github.com/cosmos/cosmos-sdk/x/auth/simulation" + "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +// ConsensusVersion defines the current x/auth module consensus version. +const ( + ConsensusVersion = 5 + GovModuleName = "gov" +) + +var ( + _ module.AppModule = AppModule{ +} + _ module.AppModuleBasic = AppModuleBasic{ +} + _ module.AppModuleSimulation = AppModule{ +} +) + +// AppModuleBasic defines the basic application module used by the auth module. +type AppModuleBasic struct { + ac address.Codec +} + +// Name returns the auth module's name. +func (AppModuleBasic) + +Name() + +string { + return types.ModuleName +} + +// RegisterLegacyAminoCodec registers the auth module's types for the given codec. +func (AppModuleBasic) + +RegisterLegacyAminoCodec(cdc *codec.LegacyAmino) { + types.RegisterLegacyAminoCodec(cdc) +} + +// DefaultGenesis returns default genesis state as raw bytes for the auth +// module. +func (AppModuleBasic) + +DefaultGenesis(cdc codec.JSONCodec) + +json.RawMessage { + return cdc.MustMarshalJSON(types.DefaultGenesisState()) +} + +// ValidateGenesis performs genesis state validation for the auth module. +func (AppModuleBasic) + +ValidateGenesis(cdc codec.JSONCodec, config client.TxEncodingConfig, bz json.RawMessage) + +error { + var data types.GenesisState + if err := cdc.UnmarshalJSON(bz, &data); err != nil { + return fmt.Errorf("failed to unmarshal %s genesis state: %w", types.ModuleName, err) +} + +return types.ValidateGenesis(data) +} + +// RegisterGRPCGatewayRoutes registers the gRPC Gateway routes for the auth module. +func (AppModuleBasic) + +RegisterGRPCGatewayRoutes(clientCtx client.Context, mux *gwruntime.ServeMux) { + if err := types.RegisterQueryHandlerClient(context.Background(), mux, types.NewQueryClient(clientCtx)); err != nil { + panic(err) +} +} + +// GetTxCmd returns the root tx command for the auth module. +func (AppModuleBasic) + +GetTxCmd() *cobra.Command { + return nil +} + +// GetQueryCmd returns the root query command for the auth module. +func (ab AppModuleBasic) + +GetQueryCmd() *cobra.Command { + return cli.GetQueryCmd(ab.ac) +} + +// RegisterInterfaces registers interfaces and implementations of the auth module. +func (AppModuleBasic) + +RegisterInterfaces(registry codectypes.InterfaceRegistry) { + types.RegisterInterfaces(registry) +} + +// AppModule implements an application module for the auth module. +type AppModule struct { + AppModuleBasic + + accountKeeper keeper.AccountKeeper + randGenAccountsFn types.RandomGenesisAccountsFn + + // legacySubspace is used solely for migration of x/params managed parameters + legacySubspace exported.Subspace +} + +var _ appmodule.AppModule = AppModule{ +} + +// IsOnePerModuleType implements the depinject.OnePerModuleType interface. +func (am AppModule) + +IsOnePerModuleType() { +} + +// IsAppModule implements the appmodule.AppModule interface. +func (am AppModule) + +IsAppModule() { +} + +// NewAppModule creates a new AppModule object +func NewAppModule(cdc codec.Codec, accountKeeper keeper.AccountKeeper, randGenAccountsFn types.RandomGenesisAccountsFn, ss exported.Subspace) + +AppModule { + return AppModule{ + AppModuleBasic: AppModuleBasic{ + ac: accountKeeper.AddressCodec() +}, + accountKeeper: accountKeeper, + randGenAccountsFn: randGenAccountsFn, + legacySubspace: ss, +} +} + +// Name returns the auth module's name. +func (AppModule) + +Name() + +string { + return types.ModuleName +} + +// RegisterServices registers a GRPC query service to respond to the +// module-specific GRPC queries. +func (am AppModule) + +RegisterServices(cfg module.Configurator) { + types.RegisterMsgServer(cfg.MsgServer(), keeper.NewMsgServerImpl(am.accountKeeper)) + +types.RegisterQueryServer(cfg.QueryServer(), keeper.NewQueryServer(am.accountKeeper)) + m := keeper.NewMigrator(am.accountKeeper, cfg.QueryServer(), am.legacySubspace) + if err := cfg.RegisterMigration(types.ModuleName, 1, m.Migrate1to2); err != nil { + panic(fmt.Sprintf("failed to migrate x/%s from version 1 to 2: %v", types.ModuleName, err)) +} + if err := cfg.RegisterMigration(types.ModuleName, 2, m.Migrate2to3); err != nil { + panic(fmt.Sprintf("failed to migrate x/%s from version 2 to 3: %v", types.ModuleName, err)) +} + if err := cfg.RegisterMigration(types.ModuleName, 3, m.Migrate3to4); err != nil { + panic(fmt.Sprintf("failed to migrate x/%s from version 3 to 4: %v", types.ModuleName, err)) +} + if err := cfg.RegisterMigration(types.ModuleName, 4, m.Migrate4To5); err != nil { + panic(fmt.Sprintf("failed to migrate x/%s from version 4 to 5", types.ModuleName)) +} +} + +// InitGenesis performs genesis initialization for the auth module. It returns +// no validator updates. +func (am AppModule) + +InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, data json.RawMessage) []abci.ValidatorUpdate { + var genesisState types.GenesisState + cdc.MustUnmarshalJSON(data, &genesisState) + +am.accountKeeper.InitGenesis(ctx, genesisState) + +return []abci.ValidatorUpdate{ +} +} + +// ExportGenesis returns the exported genesis state as raw bytes for the auth +// module. +func (am AppModule) + +ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec) + +json.RawMessage { + gs := am.accountKeeper.ExportGenesis(ctx) + +return cdc.MustMarshalJSON(gs) +} + +// ConsensusVersion implements AppModule/ConsensusVersion. +func (AppModule) + +ConsensusVersion() + +uint64 { + return ConsensusVersion +} + +// AppModuleSimulation functions + +// GenerateGenesisState creates a randomized GenState of the auth module +func (am AppModule) + +GenerateGenesisState(simState *module.SimulationState) { + simulation.RandomizedGenState(simState, am.randGenAccountsFn) +} + +// ProposalMsgs returns msgs used for governance proposals for simulations. +func (AppModule) + +ProposalMsgs(simState module.SimulationState) []simtypes.WeightedProposalMsg { + return simulation.ProposalMsgs() +} + +// RegisterStoreDecoder registers a decoder for auth module's types +func (am AppModule) + +RegisterStoreDecoder(sdr simtypes.StoreDecoderRegistry) { + sdr[types.StoreKey] = simtypes.NewStoreDecoderFuncFromCollectionsSchema(am.accountKeeper.Schema) +} + +// WeightedOperations doesn't return any auth module operation. +func (AppModule) + +WeightedOperations(_ module.SimulationState) []simtypes.WeightedOperation { + return nil +} + +// +// App Wiring Setup +// + +func init() { + appmodule.Register(&modulev1.Module{ +}, + appmodule.Provide(ProvideAddressCodec), + appmodule.Provide(ProvideModule), + ) +} + +// ProvideAddressCodec provides an address.Codec to the container for any +// modules that want to do address string <> bytes conversion. +func ProvideAddressCodec(config *modulev1.Module) + +address.Codec { + return authcodec.NewBech32Codec(config.Bech32Prefix) +} + +type ModuleInputs struct { + depinject.In + + Config *modulev1.Module + StoreService store.KVStoreService + Cdc codec.Codec + + RandomGenesisAccountsFn types.RandomGenesisAccountsFn `optional:"true"` + AccountI func() + +sdk.AccountI `optional:"true"` + + // LegacySubspace is used solely for migration of x/params managed parameters + LegacySubspace exported.Subspace `optional:"true"` +} + +type ModuleOutputs struct { + depinject.Out + + AccountKeeper keeper.AccountKeeper + Module appmodule.AppModule +} + +func ProvideModule(in ModuleInputs) + +ModuleOutputs { + maccPerms := map[string][]string{ +} + for _, permission := range in.Config.ModuleAccountPermissions { + maccPerms[permission.Account] = permission.Permissions +} + + // default to governance authority if not provided + authority := types.NewModuleAddress(GovModuleName) + if in.Config.Authority != "" { + authority = types.NewModuleAddressOrBech32Address(in.Config.Authority) +} + if in.RandomGenesisAccountsFn == nil { + in.RandomGenesisAccountsFn = simulation.RandomGenesisAccounts +} + if in.AccountI == nil { + in.AccountI = types.ProtoBaseAccount +} + k := keeper.NewAccountKeeper(in.Cdc, in.StoreService, in.AccountI, maccPerms, in.Config.Bech32Prefix, authority.String()) + m := NewAppModule(in.Cdc, k, in.RandomGenesisAccountsFn, in.LegacySubspace) + +return ModuleOutputs{ + AccountKeeper: k, + Module: m +} +} +``` + +### `ValidateGenesis` + +The `ValidateGenesis(data GenesisState)` method is called to verify that the provided `genesisState` is correct. It should perform validity checks on each of the parameters listed in `GenesisState`. See an example from the `auth` module: + +```go expandable +package types + +import ( + + "encoding/json" + "fmt" + "sort" + + proto "github.com/cosmos/gogoproto/proto" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/module" +) + +var _ types.UnpackInterfacesMessage = GenesisState{ +} + +// RandomGenesisAccountsFn defines the function required to generate custom account types +type RandomGenesisAccountsFn func(simState *module.SimulationState) + +GenesisAccounts + +// NewGenesisState - Create a new genesis state +func NewGenesisState(params Params, accounts GenesisAccounts) *GenesisState { + genAccounts, err := PackAccounts(accounts) + if err != nil { + panic(err) +} + +return &GenesisState{ + Params: params, + Accounts: genAccounts, +} +} + +// UnpackInterfaces implements UnpackInterfacesMessage.UnpackInterfaces +func (g GenesisState) + +UnpackInterfaces(unpacker types.AnyUnpacker) + +error { + for _, any := range g.Accounts { + var account GenesisAccount + err := unpacker.UnpackAny(any, &account) + if err != nil { + return err +} + +} + +return nil +} + +// DefaultGenesisState - Return a default genesis state +func DefaultGenesisState() *GenesisState { + return NewGenesisState(DefaultParams(), GenesisAccounts{ +}) +} + +// GetGenesisStateFromAppState returns x/auth GenesisState given raw application +// genesis state. +func GetGenesisStateFromAppState(cdc codec.Codec, appState map[string]json.RawMessage) + +GenesisState { + var genesisState GenesisState + if appState[ModuleName] != nil { + cdc.MustUnmarshalJSON(appState[ModuleName], &genesisState) +} + +return genesisState +} + +// ValidateGenesis performs basic validation of auth genesis data returning an +// error for any failed validation criteria. +func ValidateGenesis(data GenesisState) + +error { + if err := data.Params.Validate(); err != nil { + return err +} + +genAccs, err := UnpackAccounts(data.Accounts) + if err != nil { + return err +} + +return ValidateGenAccounts(genAccs) +} + +// SanitizeGenesisAccounts sorts accounts and coin sets. +func SanitizeGenesisAccounts(genAccs GenesisAccounts) + +GenesisAccounts { + // Make sure there aren't any duplicated account numbers by fixing the duplicates with the lowest unused values. + // seenAccNum = easy lookup for used account numbers. + seenAccNum := map[uint64]bool{ +} + // dupAccNum = a map of account number to accounts with duplicate account numbers (excluding the 1st one seen). + dupAccNum := map[uint64]GenesisAccounts{ +} + for _, acc := range genAccs { + num := acc.GetAccountNumber() + if !seenAccNum[num] { + seenAccNum[num] = true +} + +else { + dupAccNum[num] = append(dupAccNum[num], acc) +} + +} + + // dupAccNums a sorted list of the account numbers with duplicates. + var dupAccNums []uint64 + for num := range dupAccNum { + dupAccNums = append(dupAccNums, num) +} + +sort.Slice(dupAccNums, func(i, j int) + +bool { + return dupAccNums[i] < dupAccNums[j] +}) + + // Change the account number of the duplicated ones to the first unused value. + globalNum := uint64(0) + for _, dupNum := range dupAccNums { + accs := dupAccNum[dupNum] + for _, acc := range accs { + for seenAccNum[globalNum] { + globalNum++ +} + if err := acc.SetAccountNumber(globalNum); err != nil { + panic(err) +} + +seenAccNum[globalNum] = true +} + +} + + // Then sort them all by account number. + sort.Slice(genAccs, func(i, j int) + +bool { + return genAccs[i].GetAccountNumber() < genAccs[j].GetAccountNumber() +}) + +return genAccs +} + +// ValidateGenAccounts validates an array of GenesisAccounts and checks for duplicates +func ValidateGenAccounts(accounts GenesisAccounts) + +error { + addrMap := make(map[string]bool, len(accounts)) + for _, acc := range accounts { + // check for duplicated accounts + addrStr := acc.GetAddress().String() + if _, ok := addrMap[addrStr]; ok { + return fmt.Errorf("duplicate account found in genesis state; address: %s", addrStr) +} + +addrMap[addrStr] = true + + // check account specific validation + if err := acc.Validate(); err != nil { + return fmt.Errorf("invalid account found in genesis state; address: %s, error: %s", addrStr, err.Error()) +} + +} + +return nil +} + +// GenesisAccountIterator implements genesis account iteration. +type GenesisAccountIterator struct{ +} + +// IterateGenesisAccounts iterates over all the genesis accounts found in +// appGenesis and invokes a callback on each genesis account. If any call +// returns true, iteration stops. +func (GenesisAccountIterator) + +IterateGenesisAccounts( + cdc codec.Codec, appGenesis map[string]json.RawMessage, cb func(sdk.AccountI) (stop bool), +) { + for _, genAcc := range GetGenesisStateFromAppState(cdc, appGenesis).Accounts { + acc, ok := genAcc.GetCachedValue().(sdk.AccountI) + if !ok { + panic("expected account") +} + if cb(acc) { + break +} + +} +} + +// PackAccounts converts GenesisAccounts to Any slice +func PackAccounts(accounts GenesisAccounts) ([]*types.Any, error) { + accountsAny := make([]*types.Any, len(accounts)) + for i, acc := range accounts { + msg, ok := acc.(proto.Message) + if !ok { + return nil, fmt.Errorf("cannot proto marshal %T", acc) +} + +any, err := types.NewAnyWithValue(msg) + if err != nil { + return nil, err +} + +accountsAny[i] = any +} + +return accountsAny, nil +} + +// UnpackAccounts converts Any slice to GenesisAccounts +func UnpackAccounts(accountsAny []*types.Any) (GenesisAccounts, error) { + accounts := make(GenesisAccounts, len(accountsAny)) + for i, any := range accountsAny { + acc, ok := any.GetCachedValue().(GenesisAccount) + if !ok { + return nil, fmt.Errorf("expected genesis account") +} + +accounts[i] = acc +} + +return accounts, nil +} +``` + +## Other Genesis Methods + +Other than the methods related directly to `GenesisState`, module developers are expected to implement two other methods as part of the [`AppModuleGenesis` interface](/docs/sdk/vnext/build/building-modules/module-manager#appmodulegenesis) (only if the module needs to initialize a subset of state in genesis). These methods are [`InitGenesis`](#initgenesis) and [`ExportGenesis`](#exportgenesis). + +### `InitGenesis` + +The `InitGenesis` method is executed during [`InitChain`](/docs/sdk/vnext/learn/advanced/baseapp#initchain) when the application is first started. Given a `GenesisState`, it initializes the subset of the state managed by the module by using the module's [`keeper`](/docs/sdk/vnext/build/building-modules/keeper) setter function on each parameter within the `GenesisState`. + +The [module manager](/docs/sdk/vnext/build/building-modules/module-manager#manager) of the application is responsible for calling the `InitGenesis` method of each of the application's modules in order. This order is set by the application developer via the manager's `SetOrderGenesisMethod`, which is called in the [application's constructor function](/docs/sdk/vnext/learn/beginner/app-anatomy#constructor-function). + +See an example of `InitGenesis` from the `auth` module: + +```go expandable +package keeper + +import ( + + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +// InitGenesis - Init store state from genesis data +// +// CONTRACT: old coins from the FeeCollectionKeeper need to be transferred through +// a genesis port script to the new fee collector account +func (ak AccountKeeper) + +InitGenesis(ctx sdk.Context, data types.GenesisState) { + if err := ak.Params.Set(ctx, data.Params); err != nil { + panic(err) +} + +accounts, err := types.UnpackAccounts(data.Accounts) + if err != nil { + panic(err) +} + +accounts = types.SanitizeGenesisAccounts(accounts) + + // Set the accounts and make sure the global account number matches the largest account number (even if zero). + var lastAccNum *uint64 + for _, acc := range accounts { + accNum := acc.GetAccountNumber() + for lastAccNum == nil || *lastAccNum < accNum { + n := ak.NextAccountNumber(ctx) + +lastAccNum = &n +} + +ak.SetAccount(ctx, acc) +} + +ak.GetModuleAccount(ctx, types.FeeCollectorName) +} + +// ExportGenesis returns a GenesisState for a given context and keeper +func (ak AccountKeeper) + +ExportGenesis(ctx sdk.Context) *types.GenesisState { + params := ak.GetParams(ctx) + +var genAccounts types.GenesisAccounts + ak.IterateAccounts(ctx, func(account sdk.AccountI) + +bool { + genAccount := account.(types.GenesisAccount) + +genAccounts = append(genAccounts, genAccount) + +return false +}) + +return types.NewGenesisState(params, genAccounts) +} +``` + +### `ExportGenesis` + +The `ExportGenesis` method is executed whenever an export of the state is made. It takes the latest known version of the subset of the state managed by the module and creates a new `GenesisState` out of it. This is mainly used when the chain needs to be upgraded via a hard fork. + +See an example of `ExportGenesis` from the `auth` module. + +```go expandable +package keeper + +import ( + + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +// InitGenesis - Init store state from genesis data +// +// CONTRACT: old coins from the FeeCollectionKeeper need to be transferred through +// a genesis port script to the new fee collector account +func (ak AccountKeeper) + +InitGenesis(ctx sdk.Context, data types.GenesisState) { + if err := ak.Params.Set(ctx, data.Params); err != nil { + panic(err) +} + +accounts, err := types.UnpackAccounts(data.Accounts) + if err != nil { + panic(err) +} + +accounts = types.SanitizeGenesisAccounts(accounts) + + // Set the accounts and make sure the global account number matches the largest account number (even if zero). + var lastAccNum *uint64 + for _, acc := range accounts { + accNum := acc.GetAccountNumber() + for lastAccNum == nil || *lastAccNum < accNum { + n := ak.NextAccountNumber(ctx) + +lastAccNum = &n +} + +ak.SetAccount(ctx, acc) +} + +ak.GetModuleAccount(ctx, types.FeeCollectorName) +} + +// ExportGenesis returns a GenesisState for a given context and keeper +func (ak AccountKeeper) + +ExportGenesis(ctx sdk.Context) *types.GenesisState { + params := ak.GetParams(ctx) + +var genAccounts types.GenesisAccounts + ak.IterateAccounts(ctx, func(account sdk.AccountI) + +bool { + genAccount := account.(types.GenesisAccount) + +genAccounts = append(genAccounts, genAccount) + +return false +}) + +return types.NewGenesisState(params, genAccounts) +} +``` + +### GenesisTxHandler + +`GenesisTxHandler` is a way for modules to submit state transitions prior to the first block. This is used by `x/genutil` to submit the genesis transactions for the validators to be added to staking. + +```go +package genesis + +// TxHandler is an interface that modules can implement to provide genesis state transitions +type TxHandler interface { + ExecuteGenesisTx([]byte) + +error +} +``` diff --git a/docs/sdk/next/build/building-modules/intro.mdx b/docs/sdk/next/build/building-modules/intro.mdx new file mode 100644 index 00000000..d709f7ea --- /dev/null +++ b/docs/sdk/next/build/building-modules/intro.mdx @@ -0,0 +1,303 @@ +--- +title: Introduction to Cosmos SDK Modules +--- + +**Synopsis** +Modules define most of the logic of Cosmos SDK applications. Developers compose modules together using the Cosmos SDK to build their custom application-specific blockchains. This document outlines the basic concepts behind SDK modules and how to approach module management. + + + +**Pre-requisite Readings** + +* [Anatomy of a Cosmos SDK application](/docs/sdk/vnext/learn/beginner/app-anatomy) +* [Lifecycle of a Cosmos SDK transaction](/docs/sdk/vnext/learn/beginner/tx-lifecycle) + + + +## Role of Modules in a Cosmos SDK Application + +The Cosmos SDK can be thought of as the Ruby-on-Rails of blockchain development. It comes with a core that provides the basic functionalities every blockchain application needs, like a [boilerplate implementation of the ABCI](/docs/sdk/vnext/learn/advanced/baseapp) to communicate with the underlying consensus engine, a [`multistore`](/docs/sdk/vnext/learn/advanced/store#multistore) to persist state, a [server](/docs/sdk/vnext/learn/advanced/node) to form a full-node and [interfaces](/docs/sdk/vnext/build/building-modules/module-interfaces) to handle queries. + +On top of this core, the Cosmos SDK enables developers to build modules that implement the business logic of their application. In other words, SDK modules implement the bulk of the logic of applications, while the core does the wiring and enables modules to be composed together. The end goal is to build a robust ecosystem of open-source Cosmos SDK modules, making it increasingly easier to build complex blockchain applications. + +Cosmos SDK modules can be seen as little state-machines within the state-machine. They generally define a subset of the state using one or more `KVStore`s in the [main multistore](/docs/sdk/vnext/learn/advanced/store), as well as a subset of [message types](/docs/sdk/vnext/build/building-modules/messages-and-queries#messages). These messages are routed by one of the main components of Cosmos SDK core, [`BaseApp`](/docs/sdk/vnext/learn/advanced/baseapp), to a module Protobuf [`Msg` service](/docs/sdk/vnext/build/building-modules/msg-services) that defines them. + +```mermaid expandable +flowchart TD + A[Transaction relayed from the full-node's consensus engine to the node's application via DeliverTx] + A --> B[APPLICATION] + B --> C["Using baseapp's methods: Decode the Tx, extract and route the message(s)"] + C --> D[Message routed to the correct module to be processed] + D --> E[AUTH MODULE] + D --> F[BANK MODULE] + D --> G[STAKING MODULE] + D --> H[GOV MODULE] + H --> I[Handles message, Updates state] + E --> I + F --> I + G --> I + I --> J["Return result to the underlying consensus engine (e.g. CometBFT) (0=Ok, 1=Err)"] +``` + +As a result of this architecture, building a Cosmos SDK application usually revolves around writing modules to implement the specialized logic of the application and composing them with existing modules to complete the application. Developers will generally work on modules that implement logic needed for their specific use case that do not exist yet, and will use existing modules for more generic functionalities like staking, accounts, or token management. + +### Modules as super-users + +Modules have the ability to perform actions that are not available to regular users. This is because modules are given sudo permissions by the state machine. Modules can reject another modules desire to execute a function but this logic must be explicit. Examples of this can be seen when modules create functions to modify parameters: + +```go expandable +package keeper + +import ( + + "context" + "github.com/hashicorp/go-metrics" + + errorsmod "cosmossdk.io/errors" + "cosmossdk.io/x/bank/types" + "github.com/cosmos/cosmos-sdk/telemetry" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" +) + +type msgServer struct { + Keeper +} + +var _ types.MsgServer = msgServer{ +} + +// NewMsgServerImpl returns an implementation of the bank MsgServer interface +// for the provided Keeper. +func NewMsgServerImpl(keeper Keeper) + +types.MsgServer { + return &msgServer{ + Keeper: keeper +} +} + +func (k msgServer) + +Send(ctx context.Context, msg *types.MsgSend) (*types.MsgSendResponse, error) { + var ( + from, to []byte + err error + ) + if base, ok := k.Keeper.(BaseKeeper); ok { + from, err = base.ak.AddressCodec().StringToBytes(msg.FromAddress) + if err != nil { + return nil, sdkerrors.ErrInvalidAddress.Wrapf("invalid from address: %s", err) +} + +to, err = base.ak.AddressCodec().StringToBytes(msg.ToAddress) + if err != nil { + return nil, sdkerrors.ErrInvalidAddress.Wrapf("invalid to address: %s", err) +} + +} + +else { + return nil, sdkerrors.ErrInvalidRequest.Wrapf("invalid keeper type: %T", k.Keeper) +} + if !msg.Amount.IsValid() { + return nil, errorsmod.Wrap(sdkerrors.ErrInvalidCoins, msg.Amount.String()) +} + if !msg.Amount.IsAllPositive() { + return nil, errorsmod.Wrap(sdkerrors.ErrInvalidCoins, msg.Amount.String()) +} + if err := k.IsSendEnabledCoins(ctx, msg.Amount...); err != nil { + return nil, err +} + if k.BlockedAddr(to) { + return nil, errorsmod.Wrapf(sdkerrors.ErrUnauthorized, "%s is not allowed to receive funds", msg.ToAddress) +} + +err = k.SendCoins(ctx, from, to, msg.Amount) + if err != nil { + return nil, err +} + +defer func() { + for _, a := range msg.Amount { + if a.Amount.IsInt64() { + telemetry.SetGaugeWithLabels( + []string{"tx", "msg", "send" +}, + float32(a.Amount.Int64()), + []metrics.Label{ + telemetry.NewLabel("denom", a.Denom) +}, + ) +} + +} + +}() + +return &types.MsgSendResponse{ +}, nil +} + +func (k msgServer) + +MultiSend(ctx context.Context, msg *types.MsgMultiSend) (*types.MsgMultiSendResponse, error) { + if len(msg.Inputs) == 0 { + return nil, types.ErrNoInputs +} + if len(msg.Inputs) != 1 { + return nil, types.ErrMultipleSenders +} + if len(msg.Outputs) == 0 { + return nil, types.ErrNoOutputs +} + if err := types.ValidateInputOutputs(msg.Inputs[0], msg.Outputs); err != nil { + return nil, err +} + + // NOTE: totalIn == totalOut should already have been checked + for _, in := range msg.Inputs { + if err := k.IsSendEnabledCoins(ctx, in.Coins...); err != nil { + return nil, err +} + +} + for _, out := range msg.Outputs { + if base, ok := k.Keeper.(BaseKeeper); ok { + accAddr, err := base.ak.AddressCodec().StringToBytes(out.Address) + if err != nil { + return nil, err +} + if k.BlockedAddr(accAddr) { + return nil, errorsmod.Wrapf(sdkerrors.ErrUnauthorized, "%s is not allowed to receive funds", out.Address) +} + +} + +else { + return nil, sdkerrors.ErrInvalidRequest.Wrapf("invalid keeper type: %T", k.Keeper) +} + +} + err := k.InputOutputCoins(ctx, msg.Inputs[0], msg.Outputs) + if err != nil { + return nil, err +} + +return &types.MsgMultiSendResponse{ +}, nil +} + +func (k msgServer) + +UpdateParams(ctx context.Context, req *types.MsgUpdateParams) (*types.MsgUpdateParamsResponse, error) { + if k.GetAuthority() != req.Authority { + return nil, errorsmod.Wrapf(types.ErrInvalidSigner, "invalid authority; expected %s, got %s", k.GetAuthority(), req.Authority) +} + if err := req.Params.Validate(); err != nil { + return nil, err +} + if err := k.SetParams(ctx, req.Params); err != nil { + return nil, err +} + +return &types.MsgUpdateParamsResponse{ +}, nil +} + +func (k msgServer) + +SetSendEnabled(ctx context.Context, msg *types.MsgSetSendEnabled) (*types.MsgSetSendEnabledResponse, error) { + if k.GetAuthority() != msg.Authority { + return nil, errorsmod.Wrapf(types.ErrInvalidSigner, "invalid authority; expected %s, got %s", k.GetAuthority(), msg.Authority) +} + seen := map[string]bool{ +} + for _, se := range msg.SendEnabled { + if _, alreadySeen := seen[se.Denom]; alreadySeen { + return nil, sdkerrors.ErrInvalidRequest.Wrapf("duplicate denom entries found for %q", se.Denom) +} + +seen[se.Denom] = true + if err := se.Validate(); err != nil { + return nil, sdkerrors.ErrInvalidRequest.Wrapf("invalid SendEnabled denom %q: %s", se.Denom, err) +} + +} + for _, denom := range msg.UseDefaultFor { + if err := sdk.ValidateDenom(denom); err != nil { + return nil, sdkerrors.ErrInvalidRequest.Wrapf("invalid UseDefaultFor denom %q: %s", denom, err) +} + +} + if len(msg.SendEnabled) > 0 { + k.SetAllSendEnabled(ctx, msg.SendEnabled) +} + if len(msg.UseDefaultFor) > 0 { + k.DeleteSendEnabled(ctx, msg.UseDefaultFor...) +} + +return &types.MsgSetSendEnabledResponse{ +}, nil +} + +func (k msgServer) + +Burn(goCtx context.Context, msg *types.MsgBurn) (*types.MsgBurnResponse, error) { + var ( + from []byte + err error + ) + +var coins sdk.Coins + for _, coin := range msg.Amount { + coins = coins.Add(sdk.NewCoin(coin.Denom, coin.Amount)) +} + if base, ok := k.Keeper.(BaseKeeper); ok { + from, err = base.ak.AddressCodec().StringToBytes(msg.FromAddress) + if err != nil { + return nil, sdkerrors.ErrInvalidAddress.Wrapf("invalid from address: %s", err) +} + +} + +else { + return nil, sdkerrors.ErrInvalidRequest.Wrapf("invalid keeper type: %T", k.Keeper) +} + if !coins.IsValid() { + return nil, errorsmod.Wrap(sdkerrors.ErrInvalidCoins, coins.String()) +} + if !coins.IsAllPositive() { + return nil, errorsmod.Wrap(sdkerrors.ErrInvalidCoins, coins.String()) +} + +err = k.BurnCoins(goCtx, from, coins) + if err != nil { + return nil, err +} + +return &types.MsgBurnResponse{ +}, nil +} +``` + +## How to Approach Building Modules as a Developer + +While there are no definitive guidelines for writing modules, here are some important design principles developers should keep in mind when building them: + +* **Composability**: Cosmos SDK applications are almost always composed of multiple modules. This means developers need to carefully consider the integration of their module not only with the core of the Cosmos SDK, but also with other modules. The former is achieved by following standard design patterns outlined [here](#main-components-of-cosmos-sdk-modules), while the latter is achieved by properly exposing the store(s) of the module via the [`keeper`](/docs/sdk/vnext/build/building-modules/keeper). +* **Specialization**: A direct consequence of the **composability** feature is that modules should be **specialized**. Developers should carefully establish the scope of their module and not batch multiple functionalities into the same module. This separation of concerns enables modules to be reused in other projects and improves the upgradability of the application. **Specialization** also plays an important role in the [object-capabilities model](/docs/sdk/vnext/learn/advanced/ocap) of the Cosmos SDK. +* **Capabilities**: Most modules need to read and/or write to the store(s) of other modules. However, in an open-source environment, it is possible for some modules to be malicious. That is why module developers need to carefully think not only about how their module interacts with other modules, but also about how to give access to the module's store(s). The Cosmos SDK takes a capabilities-oriented approach to inter-module security. This means that each store defined by a module is accessed by a `key`, which is held by the module's [`keeper`](/docs/sdk/vnext/build/building-modules/keeper). This `keeper` defines how to access the store(s) and under what conditions. Access to the module's store(s) is done by passing a reference to the module's `keeper`. + +## Main Components of Cosmos SDK Modules + +Modules are by convention defined in the `./x/` subfolder (e.g. the `bank` module will be defined in the `./x/bank` folder). They generally share the same core components: + +* A [`keeper`](/docs/sdk/vnext/build/building-modules/keeper), used to access the module's store(s) and update the state. +* A [`Msg` service](/docs/sdk/vnext/build/building-modules/messages-and-queries#messages), used to process messages when they are routed to the module by [`BaseApp`](/docs/sdk/vnext/learn/advanced/baseapp#message-routing) and trigger state-transitions. +* A [query service](/docs/sdk/vnext/build/building-modules/query-services), used to process user queries when they are routed to the module by [`BaseApp`](/docs/sdk/vnext/learn/advanced/baseapp#query-routing). +* Interfaces, for end users to query the subset of the state defined by the module and create `message`s of the custom types defined in the module. + +In addition to these components, modules implement the `AppModule` interface in order to be managed by the [`module manager`](/docs/sdk/vnext/build/building-modules/module-manager). + +Please refer to the [structure document](/docs/sdk/vnext/build/building-modules/structure) to learn about the recommended structure of a module's directory. diff --git a/docs/sdk/next/build/building-modules/invariants.mdx b/docs/sdk/next/build/building-modules/invariants.mdx new file mode 100644 index 00000000..caee883a --- /dev/null +++ b/docs/sdk/next/build/building-modules/invariants.mdx @@ -0,0 +1,528 @@ +--- +title: Invariants +--- + +**Synopsis** +An invariant is a property of the application that should always be true. In the context of the Cosmos SDK, an `Invariant` is a function that checks for a particular invariant. These functions are useful to detect bugs early on and act upon them to limit their potential consequences (e.g. by halting the chain). They are also useful in the development process of the application to detect bugs via simulations. + + + +**Pre-requisite Readings** + +* [Keepers](/docs/sdk/vnext/build/building-modules/keeper) + + + +## Implementing `Invariant`s + +An `Invariant` is a function that checks for a particular invariant within a module. Module `Invariant`s must follow the `Invariant` type: + +```go expandable +package types + +import "fmt" + +// An Invariant is a function which tests a particular invariant. +// The invariant returns a descriptive message about what happened +// and a boolean indicating whether the invariant has been broken. +// The simulator will then halt and print the logs. +type Invariant func(ctx Context) (string, bool) + +// Invariants defines a group of invariants +type Invariants []Invariant + +// expected interface for registering invariants +type InvariantRegistry interface { + RegisterRoute(moduleName, route string, invar Invariant) +} + +// FormatInvariant returns a standardized invariant message. +func FormatInvariant(module, name, msg string) + +string { + return fmt.Sprintf("%s: %s invariant\n%s\n", module, name, msg) +} +``` + +The `string` return value is the invariant message, which can be used when printing logs, and the `bool` return value is the actual result of the invariant check. + +In practice, each module implements `Invariant`s in a `keeper/invariants.go` file within the module's folder. The standard is to implement one `Invariant` function per logical grouping of invariants with the following model: + +```go +// Example for an Invariant that checks balance-related invariants + +func BalanceInvariants(k Keeper) + +sdk.Invariant { + return func(ctx context.Context) (string, bool) { + // Implement checks for balance-related invariants +} +} +``` + +Additionally, module developers should generally implement an `AllInvariants` function that runs all the `Invariant`s functions of the module: + +```go expandable +// AllInvariants runs all invariants of the module. +// In this example, the module implements two Invariants: BalanceInvariants and DepositsInvariants + +func AllInvariants(k Keeper) + +sdk.Invariant { + return func(ctx context.Context) (string, bool) { + res, stop := BalanceInvariants(k)(ctx) + if stop { + return res, stop +} + +return DepositsInvariant(k)(ctx) +} +} +``` + +Finally, module developers need to implement the `RegisterInvariants` method as part of the [`AppModule` interface](/docs/sdk/vnext/build/building-modules/module-manager#appmodule). Indeed, the `RegisterInvariants` method of the module, implemented in the `module/module.go` file, typically only defers the call to a `RegisterInvariants` method implemented in the `keeper/invariants.go` file. The `RegisterInvariants` method registers a route for each `Invariant` function in the [`InvariantRegistry`](#invariant-registry): + +```go expandable +package keeper + +import ( + + "bytes" + "fmt" + "cosmossdk.io/math" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/x/staking/types" +) + +// RegisterInvariants registers all staking invariants +func RegisterInvariants(ir sdk.InvariantRegistry, k *Keeper) { + ir.RegisterRoute(types.ModuleName, "module-accounts", + ModuleAccountInvariants(k)) + +ir.RegisterRoute(types.ModuleName, "nonnegative-power", + NonNegativePowerInvariant(k)) + +ir.RegisterRoute(types.ModuleName, "positive-delegation", + PositiveDelegationInvariant(k)) + +ir.RegisterRoute(types.ModuleName, "delegator-shares", + DelegatorSharesInvariant(k)) +} + +// AllInvariants runs all invariants of the staking module. +func AllInvariants(k *Keeper) + +sdk.Invariant { + return func(ctx sdk.Context) (string, bool) { + res, stop := ModuleAccountInvariants(k)(ctx) + if stop { + return res, stop +} + +res, stop = NonNegativePowerInvariant(k)(ctx) + if stop { + return res, stop +} + +res, stop = PositiveDelegationInvariant(k)(ctx) + if stop { + return res, stop +} + +return DelegatorSharesInvariant(k)(ctx) +} +} + +// ModuleAccountInvariants checks that the bonded and notBonded ModuleAccounts pools +// reflects the tokens actively bonded and not bonded +func ModuleAccountInvariants(k *Keeper) + +sdk.Invariant { + return func(ctx sdk.Context) (string, bool) { + bonded := math.ZeroInt() + notBonded := math.ZeroInt() + bondedPool := k.GetBondedPool(ctx) + notBondedPool := k.GetNotBondedPool(ctx) + bondDenom := k.BondDenom(ctx) + +k.IterateValidators(ctx, func(_ int64, validator types.ValidatorI) + +bool { + switch validator.GetStatus() { + case types.Bonded: + bonded = bonded.Add(validator.GetTokens()) + case types.Unbonding, types.Unbonded: + notBonded = notBonded.Add(validator.GetTokens()) + +default: + panic("invalid validator status") +} + +return false +}) + +k.IterateUnbondingDelegations(ctx, func(_ int64, ubd types.UnbondingDelegation) + +bool { + for _, entry := range ubd.Entries { + notBonded = notBonded.Add(entry.Balance) +} + +return false +}) + poolBonded := k.bankKeeper.GetBalance(ctx, bondedPool.GetAddress(), bondDenom) + poolNotBonded := k.bankKeeper.GetBalance(ctx, notBondedPool.GetAddress(), bondDenom) + broken := !poolBonded.Amount.Equal(bonded) || !poolNotBonded.Amount.Equal(notBonded) + + // Bonded tokens should equal sum of tokens with bonded validators + // Not-bonded tokens should equal unbonding delegations plus tokens on unbonded validators + return sdk.FormatInvariant(types.ModuleName, "bonded and not bonded module account coins", fmt.Sprintf( + "\tPool's bonded tokens: %v\n"+ + "\tsum of bonded tokens: %v\n"+ + "not bonded token invariance:\n"+ + "\tPool's not bonded tokens: %v\n"+ + "\tsum of not bonded tokens: %v\n"+ + "module accounts total (bonded + not bonded):\n"+ + "\tModule Accounts' tokens: %v\n"+ + "\tsum tokens: %v\n", + poolBonded, bonded, poolNotBonded, notBonded, poolBonded.Add(poolNotBonded), bonded.Add(notBonded))), broken +} +} + +// NonNegativePowerInvariant checks that all stored validators have >= 0 power. +func NonNegativePowerInvariant(k *Keeper) + +sdk.Invariant { + return func(ctx sdk.Context) (string, bool) { + var ( + msg string + broken bool + ) + iterator := k.ValidatorsPowerStoreIterator(ctx) + for ; iterator.Valid(); iterator.Next() { + validator, found := k.GetValidator(ctx, iterator.Value()) + if !found { + panic(fmt.Sprintf("validator record not found for address: %X\n", iterator.Value())) +} + powerKey := types.GetValidatorsByPowerIndexKey(validator, k.PowerReduction(ctx)) + if !bytes.Equal(iterator.Key(), powerKey) { + broken = true + msg += fmt.Sprintf("power store invariance:\n\tvalidator.Power: %v"+ + "\n\tkey should be: %v\n\tkey in store: %v\n", + validator.GetConsensusPower(k.PowerReduction(ctx)), powerKey, iterator.Key()) +} + if validator.Tokens.IsNegative() { + broken = true + msg += fmt.Sprintf("\tnegative tokens for validator: %v\n", validator) +} + +} + +iterator.Close() + +return sdk.FormatInvariant(types.ModuleName, "nonnegative power", fmt.Sprintf("found invalid validator powers\n%s", msg)), broken +} +} + +// PositiveDelegationInvariant checks that all stored delegations have > 0 shares. +func PositiveDelegationInvariant(k *Keeper) + +sdk.Invariant { + return func(ctx sdk.Context) (string, bool) { + var ( + msg string + count int + ) + delegations := k.GetAllDelegations(ctx) + for _, delegation := range delegations { + if delegation.Shares.IsNegative() { + count++ + msg += fmt.Sprintf("\tdelegation with negative shares: %+v\n", delegation) +} + if delegation.Shares.IsZero() { + count++ + msg += fmt.Sprintf("\tdelegation with zero shares: %+v\n", delegation) +} + +} + broken := count != 0 + + return sdk.FormatInvariant(types.ModuleName, "positive delegations", fmt.Sprintf( + "%d invalid delegations found\n%s", count, msg)), broken +} +} + +// DelegatorSharesInvariant checks whether all the delegator shares which persist +// in the delegator object add up to the correct total delegator shares +// amount stored in each validator. +func DelegatorSharesInvariant(k *Keeper) + +sdk.Invariant { + return func(ctx sdk.Context) (string, bool) { + var ( + msg string + broken bool + ) + validators := k.GetAllValidators(ctx) + validatorsDelegationShares := map[string]math.LegacyDec{ +} + + // initialize a map: validator -> its delegation shares + for _, validator := range validators { + validatorsDelegationShares[validator.GetOperator().String()] = math.LegacyZeroDec() +} + + // iterate through all the delegations to calculate the total delegation shares for each validator + delegations := k.GetAllDelegations(ctx) + for _, delegation := range delegations { + delegationValidatorAddr := delegation.GetValidatorAddr().String() + validatorDelegationShares := validatorsDelegationShares[delegationValidatorAddr] + validatorsDelegationShares[delegationValidatorAddr] = validatorDelegationShares.Add(delegation.Shares) +} + + // for each validator, check if its total delegation shares calculated from the step above equals to its expected delegation shares + for _, validator := range validators { + expValTotalDelShares := validator.GetDelegatorShares() + calculatedValTotalDelShares := validatorsDelegationShares[validator.GetOperator().String()] + if !calculatedValTotalDelShares.Equal(expValTotalDelShares) { + broken = true + msg += fmt.Sprintf("broken delegator shares invariance:\n"+ + "\tvalidator.DelegatorShares: %v\n"+ + "\tsum of Delegator.Shares: %v\n", expValTotalDelShares, calculatedValTotalDelShares) +} + +} + +return sdk.FormatInvariant(types.ModuleName, "delegator shares", msg), broken +} +} +``` + +For more, see an example of [`Invariant`s implementation from the `staking` module](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/staking/keeper/invariants.go). + +## Invariant Registry + +The `InvariantRegistry` is a registry where the `Invariant`s of all the modules of an application are registered. There is only one `InvariantRegistry` per **application**, meaning module developers need not implement their own `InvariantRegistry` when building a module. **All module developers need to do is to register their modules' invariants in the `InvariantRegistry`, as explained in the section above**. The rest of this section gives more information on the `InvariantRegistry` itself, and does not contain anything directly relevant to module developers. + +At its core, the `InvariantRegistry` is defined in the Cosmos SDK as an interface: + +```go expandable +package types + +import "fmt" + +// An Invariant is a function which tests a particular invariant. +// The invariant returns a descriptive message about what happened +// and a boolean indicating whether the invariant has been broken. +// The simulator will then halt and print the logs. +type Invariant func(ctx Context) (string, bool) + +// Invariants defines a group of invariants +type Invariants []Invariant + +// expected interface for registering invariants +type InvariantRegistry interface { + RegisterRoute(moduleName, route string, invar Invariant) +} + +// FormatInvariant returns a standardized invariant message. +func FormatInvariant(module, name, msg string) + +string { + return fmt.Sprintf("%s: %s invariant\n%s\n", module, name, msg) +} +``` + +Typically, this interface is implemented in the `keeper` of a specific module. The most used implementation of an `InvariantRegistry` can be found in the `crisis` module: + +```go expandable +package keeper + +import ( + + "context" + "fmt" + "time" + "cosmossdk.io/collections" + "cosmossdk.io/core/address" + "cosmossdk.io/log" + + storetypes "cosmossdk.io/core/store" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/x/crisis/types" +) + +// Keeper - crisis keeper +type Keeper struct { + routes []types.InvarRoute + invCheckPeriod uint + storeService storetypes.KVStoreService + cdc codec.BinaryCodec + + // the address capable of executing a MsgUpdateParams message. Typically, this + // should be the x/gov module account. + authority string + + supplyKeeper types.SupplyKeeper + + feeCollectorName string // name of the FeeCollector ModuleAccount + + addressCodec address.Codec + + Schema collections.Schema + ConstantFee collections.Item[sdk.Coin] +} + +// NewKeeper creates a new Keeper object +func NewKeeper( + cdc codec.BinaryCodec, storeService storetypes.KVStoreService, invCheckPeriod uint, + supplyKeeper types.SupplyKeeper, feeCollectorName, authority string, ac address.Codec, +) *Keeper { + sb := collections.NewSchemaBuilder(storeService) + k := &Keeper{ + storeService: storeService, + cdc: cdc, + routes: make([]types.InvarRoute, 0), + invCheckPeriod: invCheckPeriod, + supplyKeeper: supplyKeeper, + feeCollectorName: feeCollectorName, + authority: authority, + addressCodec: ac, + ConstantFee: collections.NewItem(sb, types.ConstantFeeKey, "constant_fee", codec.CollValue[sdk.Coin](cdc)), +} + +schema, err := sb.Build() + if err != nil { + panic(err) +} + +k.Schema = schema + return k +} + +// GetAuthority returns the x/crisis module's authority. +func (k *Keeper) + +GetAuthority() + +string { + return k.authority +} + +// Logger returns a module-specific logger. +func (k *Keeper) + +Logger(ctx context.Context) + +log.Logger { + sdkCtx := sdk.UnwrapSDKContext(ctx) + +return sdkCtx.Logger().With("module", "x/"+types.ModuleName) +} + +// RegisterRoute register the routes for each of the invariants +func (k *Keeper) + +RegisterRoute(moduleName, route string, invar sdk.Invariant) { + invarRoute := types.NewInvarRoute(moduleName, route, invar) + +k.routes = append(k.routes, invarRoute) +} + +// Routes - return the keeper's invariant routes +func (k *Keeper) + +Routes() []types.InvarRoute { + return k.routes +} + +// Invariants returns a copy of all registered Crisis keeper invariants. +func (k *Keeper) + +Invariants() []sdk.Invariant { + invars := make([]sdk.Invariant, len(k.routes)) + for i, route := range k.routes { + invars[i] = route.Invar +} + +return invars +} + +// AssertInvariants asserts all registered invariants. If any invariant fails, +// the method panics. +func (k *Keeper) + +AssertInvariants(ctx sdk.Context) { + logger := k.Logger(ctx) + start := time.Now() + invarRoutes := k.Routes() + n := len(invarRoutes) + for i, ir := range invarRoutes { + logger.Info("asserting crisis invariants", "inv", fmt.Sprint(i+1, "/", n), "name", ir.FullRoute()) + +invCtx, _ := ctx.CacheContext() + if res, stop := ir.Invar(invCtx); stop { + // TODO: Include app name as part of context to allow for this to be + // variable. + panic(fmt.Errorf("invariant broken: %s\n"+ + "\tCRITICAL please submit the following transaction:\n"+ + "\t\t tx crisis invariant-broken %s %s", res, ir.ModuleName, ir.Route)) +} + +} + diff := time.Since(start) + +logger.Info("asserted all invariants", "duration", diff, "height", ctx.BlockHeight()) +} + +// InvCheckPeriod returns the invariant checks period. +func (k *Keeper) + +InvCheckPeriod() + +uint { + return k.invCheckPeriod +} + +// SendCoinsFromAccountToFeeCollector transfers amt to the fee collector account. +func (k *Keeper) + +SendCoinsFromAccountToFeeCollector(ctx context.Context, senderAddr sdk.AccAddress, amt sdk.Coins) + +error { + return k.supplyKeeper.SendCoinsFromAccountToModule(ctx, senderAddr, k.feeCollectorName, amt) +} +``` + +The `InvariantRegistry` is therefore typically instantiated by instantiating the `keeper` of the `crisis` module in the [application's constructor function](/docs/sdk/vnext/learn/beginner/app-anatomy#constructor-function). + +`Invariant`s can be checked manually via [`message`s](/docs/sdk/vnext/build/building-modules/messages-and-queries), but most often they are checked automatically at the end of each block. Here is an example from the `crisis` module: + +```go expandable +package crisis + +import ( + + "context" + "time" + "github.com/cosmos/cosmos-sdk/telemetry" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/x/crisis/keeper" + "github.com/cosmos/cosmos-sdk/x/crisis/types" +) + +// check all registered invariants +func EndBlocker(ctx context.Context, k keeper.Keeper) { + defer telemetry.ModuleMeasureSince(types.ModuleName, time.Now(), telemetry.MetricKeyEndBlocker) + sdkCtx := sdk.UnwrapSDKContext(ctx) + if k.InvCheckPeriod() == 0 || sdkCtx.BlockHeight()%int64(k.InvCheckPeriod()) != 0 { + // skip running the invariant check + return +} + +k.AssertInvariants(sdkCtx) +} +``` + +In both cases, if one of the `Invariant`s returns false, the `InvariantRegistry` can trigger special logic (e.g. have the application panic and print the `Invariant`s message in the log). diff --git a/docs/sdk/next/build/building-modules/keeper.mdx b/docs/sdk/next/build/building-modules/keeper.mdx new file mode 100644 index 00000000..531727bd --- /dev/null +++ b/docs/sdk/next/build/building-modules/keeper.mdx @@ -0,0 +1,370 @@ +--- +title: Keepers +--- + +**Synopsis** +`Keeper`s refer to a Cosmos SDK abstraction whose role is to manage access to the subset of the state defined by various modules. `Keeper`s are module-specific, i.e. the subset of state defined by a module can only be accessed by a `keeper` defined in said module. If a module needs to access the subset of state defined by another module, a reference to the second module's internal `keeper` needs to be passed to the first one. This is done in `app.go` during the instantiation of module keepers. + + + +**Pre-requisite Readings** + +* [Introduction to Cosmos SDK Modules](/docs/sdk/vnext/build/building-modules/intro) + + + +## Motivation + +The Cosmos SDK is a framework that makes it easy for developers to build complex decentralized applications from scratch, mainly by composing modules together. As the ecosystem of open-source modules for the Cosmos SDK expands, it will become increasingly likely that some of these modules contain vulnerabilities, as a result of the negligence or malice of their developers. + +The Cosmos SDK adopts an [object-capabilities-based approach](/docs/sdk/vnext/learn/advanced/ocap) to help developers better protect their application from unwanted inter-module interactions, and `keeper`s are at the core of this approach. A `keeper` can be considered quite literally to be the gatekeeper of a module's store(s). Each store (typically an [`IAVL` Store](/docs/sdk/vnext/learn/advanced/store#iavl-store)) defined within a module comes with a `storeKey`, which grants unlimited access to it. The module's `keeper` holds this `storeKey` (which should otherwise remain unexposed), and defines [methods](#implementing-methods) for reading and writing to the store(s). + +The core idea behind the object-capabilities approach is to only reveal what is necessary to get the work done. In practice, this means that instead of handling permissions of modules through access-control lists, module `keeper`s are passed a reference to the specific instance of the other modules' `keeper`s that they need to access (this is done in the [application's constructor function](/docs/sdk/vnext/learn/beginner/app-anatomy#constructor-function)). As a consequence, a module can only interact with the subset of state defined in another module via the methods exposed by the instance of the other module's `keeper`. This is a great way for developers to control the interactions that their own module can have with modules developed by external developers. + +## Type Definition + +`keeper`s are generally implemented in a `/keeper/keeper.go` file located in the module's folder. By convention, the type `keeper` of a module is simply named `Keeper` and usually follows the following structure: + +```go +type Keeper struct { + // External keepers, if any + + // Store key(s) + + // codec + + // authority +} +``` + +For example, here is the type definition of the `keeper` from the `staking` module: + +```go expandable +package keeper + +import ( + + "fmt" + "cosmossdk.io/log" + "cosmossdk.io/math" + abci "github.com/cometbft/cometbft/abci/types" + + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/x/staking/types" +) + +// Implements ValidatorSet interface +var _ types.ValidatorSet = Keeper{ +} + +// Implements DelegationSet interface +var _ types.DelegationSet = Keeper{ +} + +// Keeper of the x/staking store +type Keeper struct { + storeKey storetypes.StoreKey + cdc codec.BinaryCodec + authKeeper types.AccountKeeper + bankKeeper types.BankKeeper + hooks types.StakingHooks + authority string +} + +// NewKeeper creates a new staking Keeper instance +func NewKeeper( + cdc codec.BinaryCodec, + key storetypes.StoreKey, + ak types.AccountKeeper, + bk types.BankKeeper, + authority string, +) *Keeper { + // ensure bonded and not bonded module accounts are set + if addr := ak.GetModuleAddress(types.BondedPoolName); addr == nil { + panic(fmt.Sprintf("%s module account has not been set", types.BondedPoolName)) +} + if addr := ak.GetModuleAddress(types.NotBondedPoolName); addr == nil { + panic(fmt.Sprintf("%s module account has not been set", types.NotBondedPoolName)) +} + + // ensure that authority is a valid AccAddress + if _, err := ak.AddressCodec().StringToBytes(authority); err != nil { + panic("authority is not a valid acc address") +} + +return &Keeper{ + storeKey: key, + cdc: cdc, + authKeeper: ak, + bankKeeper: bk, + hooks: nil, + authority: authority, +} +} + +// Logger returns a module-specific logger. +func (k Keeper) + +Logger(ctx sdk.Context) + +log.Logger { + return ctx.Logger().With("module", "x/"+types.ModuleName) +} + +// Hooks gets the hooks for staking *Keeper { + func (k *Keeper) + +Hooks() + +types.StakingHooks { + if k.hooks == nil { + // return a no-op implementation if no hooks are set + return types.MultiStakingHooks{ +} + +} + +return k.hooks +} + +// SetHooks Set the validator hooks. In contrast to other receivers, this method must take a pointer due to nature +// of the hooks interface and SDK start up sequence. +func (k *Keeper) + +SetHooks(sh types.StakingHooks) { + if k.hooks != nil { + panic("cannot set validator hooks twice") +} + +k.hooks = sh +} + +// GetLastTotalPower Load the last total validator power. +func (k Keeper) + +GetLastTotalPower(ctx sdk.Context) + +math.Int { + store := ctx.KVStore(k.storeKey) + bz := store.Get(types.LastTotalPowerKey) + if bz == nil { + return math.ZeroInt() +} + ip := sdk.IntProto{ +} + +k.cdc.MustUnmarshal(bz, &ip) + +return ip.Int +} + +// SetLastTotalPower Set the last total validator power. +func (k Keeper) + +SetLastTotalPower(ctx sdk.Context, power math.Int) { + store := ctx.KVStore(k.storeKey) + bz := k.cdc.MustMarshal(&sdk.IntProto{ + Int: power +}) + +store.Set(types.LastTotalPowerKey, bz) +} + +// GetAuthority returns the x/staking module's authority. +func (k Keeper) + +GetAuthority() + +string { + return k.authority +} + +// SetValidatorUpdates sets the ABCI validator power updates for the current block. +func (k Keeper) + +SetValidatorUpdates(ctx sdk.Context, valUpdates []abci.ValidatorUpdate) { + store := ctx.KVStore(k.storeKey) + bz := k.cdc.MustMarshal(&types.ValidatorUpdates{ + Updates: valUpdates +}) + +store.Set(types.ValidatorUpdatesKey, bz) +} + +// GetValidatorUpdates returns the ABCI validator power updates within the current block. +func (k Keeper) + +GetValidatorUpdates(ctx sdk.Context) []abci.ValidatorUpdate { + store := ctx.KVStore(k.storeKey) + bz := store.Get(types.ValidatorUpdatesKey) + +var valUpdates types.ValidatorUpdates + k.cdc.MustUnmarshal(bz, &valUpdates) + +return valUpdates.Updates +} +``` + +Let us go through the different parameters: + +* An expected `keeper` is a `keeper` external to a module that is required by the internal `keeper` of said module. External `keeper`s are listed in the internal `keeper`'s type definition as interfaces. These interfaces are themselves defined in an `expected_keepers.go` file in the root of the module's folder. In this context, interfaces are used to reduce the number of dependencies, as well as to facilitate the maintenance of the module itself. +* `storeKey`s grant access to the store(s) of the [multistore](/docs/sdk/vnext/learn/advanced/store) managed by the module. They should always remain unexposed to external modules. +* `cdc` is the [codec](/docs/sdk/vnext/learn/advanced/encoding) used to marshall and unmarshall structs to/from `[]byte`. The `cdc` can be any of `codec.BinaryCodec`, `codec.JSONCodec` or `codec.Codec` based on your requirements. It can be either a proto or amino codec as long as they implement these interfaces. +* The authority listed is a module account or user account that has the right to change module level parameters. Previously this was handled by the param module, which has been deprecated. + +Of course, it is possible to define different types of internal `keeper`s for the same module (e.g. a read-only `keeper`). Each type of `keeper` comes with its own constructor function, which is called from the [application's constructor function](/docs/sdk/vnext/learn/beginner/app-anatomy). This is where `keeper`s are instantiated, and where developers make sure to pass correct instances of modules' `keeper`s to other modules that require them. + +## Implementing Methods + +`Keeper`s primarily expose getter and setter methods for the store(s) managed by their module. These methods should remain as simple as possible and strictly be limited to getting or setting the requested value, as validity checks should have already been performed by the [`Msg` server](/docs/sdk/vnext/build/building-modules/msg-services) when `keeper`s' methods are called. + +Typically, a *getter* method will have the following signature + +```go +func (k Keeper) + +Get(ctx context.Context, key string) + +returnType +``` + +and the method will go through the following steps: + +1. Retrieve the appropriate store from the `ctx` using the `storeKey`. This is done through the `KVStore(storeKey sdk.StoreKey)` method of the `ctx`. Then it's preferred to use the `prefix.Store` to access only the desired limited subset of the store for convenience and safety. +2. If it exists, get the `[]byte` value stored at location `[]byte(key)` using the `Get(key []byte)` method of the store. +3. Unmarshall the retrieved value from `[]byte` to `returnType` using the codec `cdc`. Return the value. + +Similarly, a *setter* method will have the following signature + +```go +func (k Keeper) + +Set(ctx context.Context, key string, value valueType) +``` + +and the method will go through the following steps: + +1. Retrieve the appropriate store from the `ctx` using the `storeKey`. This is done through the `KVStore(storeKey sdk.StoreKey)` method of the `ctx`. It's preferred to use the `prefix.Store` to access only the desired limited subset of the store for convenience and safety. +2. Marshal `value` to `[]byte` using the codec `cdc`. +3. Set the encoded value in the store at location `key` using the `Set(key []byte, value []byte)` method of the store. + +For more, see an example of `keeper`'s [methods implementation from the `staking` module](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/staking/keeper/keeper.go). + +The [module `KVStore`](/docs/sdk/vnext/learn/advanced/store#kvstore-and-commitkvstore-interfaces) also provides an `Iterator()` method which returns an `Iterator` object to iterate over a domain of keys. + +This is an example from the `auth` module to iterate accounts: + +```go expandable +package keeper + +import ( + + "context" + "errors" + "cosmossdk.io/collections" + + sdk "github.com/cosmos/cosmos-sdk/types" +) + +// NewAccountWithAddress implements AccountKeeperI. +func (ak AccountKeeper) + +NewAccountWithAddress(ctx context.Context, addr sdk.AccAddress) + +sdk.AccountI { + acc := ak.proto() + err := acc.SetAddress(addr) + if err != nil { + panic(err) +} + +return ak.NewAccount(ctx, acc) +} + +// NewAccount sets the next account number to a given account interface +func (ak AccountKeeper) + +NewAccount(ctx context.Context, acc sdk.AccountI) + +sdk.AccountI { + if err := acc.SetAccountNumber(ak.NextAccountNumber(ctx)); err != nil { + panic(err) +} + +return acc +} + +// HasAccount implements AccountKeeperI. +func (ak AccountKeeper) + +HasAccount(ctx context.Context, addr sdk.AccAddress) + +bool { + has, _ := ak.Accounts.Has(ctx, addr) + +return has +} + +// GetAccount implements AccountKeeperI. +func (ak AccountKeeper) + +GetAccount(ctx context.Context, addr sdk.AccAddress) + +sdk.AccountI { + acc, err := ak.Accounts.Get(ctx, addr) + if err != nil && !errors.Is(err, collections.ErrNotFound) { + panic(err) +} + +return acc +} + +// GetAllAccounts returns all accounts in the accountKeeper. +func (ak AccountKeeper) + +GetAllAccounts(ctx context.Context) (accounts []sdk.AccountI) { + ak.IterateAccounts(ctx, func(acc sdk.AccountI) (stop bool) { + accounts = append(accounts, acc) + +return false +}) + +return accounts +} + +// SetAccount implements AccountKeeperI. +func (ak AccountKeeper) + +SetAccount(ctx context.Context, acc sdk.AccountI) { + err := ak.Accounts.Set(ctx, acc.GetAddress(), acc) + if err != nil { + panic(err) +} +} + +// RemoveAccount removes an account for the account mapper store. +// NOTE: this will cause supply invariant violation if called +func (ak AccountKeeper) + +RemoveAccount(ctx context.Context, acc sdk.AccountI) { + err := ak.Accounts.Remove(ctx, acc.GetAddress()) + if err != nil { + panic(err) +} +} + +// IterateAccounts iterates over all the stored accounts and performs a callback function. +// Stops iteration when callback returns true. +func (ak AccountKeeper) + +IterateAccounts(ctx context.Context, cb func(account sdk.AccountI) (stop bool)) { + err := ak.Accounts.Walk(ctx, nil, func(_ sdk.AccAddress, value sdk.AccountI) (bool, error) { + return cb(value), nil +}) + if err != nil { + panic(err) +} +} +``` diff --git a/docs/sdk/next/build/building-modules/messages-and-queries.mdx b/docs/sdk/next/build/building-modules/messages-and-queries.mdx new file mode 100644 index 00000000..653b4359 --- /dev/null +++ b/docs/sdk/next/build/building-modules/messages-and-queries.mdx @@ -0,0 +1,1605 @@ +--- +title: Messages and Queries +--- + +**Synopsis** +`Msg`s and `Queries` are the two primary objects handled by modules. Most of the core components defined in a module, like `Msg` services, `keeper`s and `Query` services, exist to process `message`s and `queries`. + + + +**Pre-requisite Readings** + +* [Introduction to Cosmos SDK Modules](/docs/sdk/vnext/build/building-modules/intro) + + + +## Messages + +`Msg`s are objects whose end-goal is to trigger state-transitions. They are wrapped in [transactions](/docs/sdk/vnext/learn/advanced/transactions), which may contain one or more of them. + +When a transaction is relayed from the underlying consensus engine to the Cosmos SDK application, it is first decoded by [`BaseApp`](/docs/sdk/vnext/learn/advanced/baseapp). Then, each message contained in the transaction is extracted and routed to the appropriate module via `BaseApp`'s `MsgServiceRouter` so that it can be processed by the module's [`Msg` service](/docs/sdk/vnext/build/building-modules/msg-services). For a more detailed explanation of the lifecycle of a transaction, click [here](/docs/sdk/vnext/learn/beginner/tx-lifecycle). + +### `Msg` Services + +Defining Protobuf `Msg` services is the recommended way to handle messages. A Protobuf `Msg` service should be created for each module, typically in `tx.proto` (see more info about [conventions and naming](/docs/sdk/vnext/learn/advanced/encoding#faq)). It must have an RPC service method defined for each message in the module. + +Each `Msg` service method must have exactly one argument, which must implement the `sdk.Msg` interface, and a Protobuf response. The naming convention is to call the RPC argument `Msg` and the RPC response `MsgResponse`. For example: + +```protobuf + rpc Send(MsgSend) returns (MsgSendResponse); +``` + +See an example of a `Msg` service definition from `x/bank` module: + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/bank/v1beta1/tx.proto#L13-L36 +``` + +### `sdk.Msg` Interface + +`sdk.Msg` is an alias of `proto.Message`. + +To attach a `ValidateBasic()` method to a message then you must add methods to the type adhering to the `HasValidateBasic`. + +```go expandable +package types + +import ( + + "encoding/json" + fmt "fmt" + strings "strings" + "github.com/cosmos/gogoproto/proto" + protov2 "google.golang.org/protobuf/proto" + "github.com/cosmos/cosmos-sdk/codec" + cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" +) + +type ( + // Msg defines the interface a transaction message needed to fulfill. + Msg = proto.Message + + // LegacyMsg defines the interface a transaction message needed to fulfill up through + // v0.47. + LegacyMsg interface { + Msg + + // GetSigners returns the addrs of signers that must sign. + // CONTRACT: All signatures must be present to be valid. + // CONTRACT: Returns addrs in some deterministic order. + GetSigners() []AccAddress +} + + // Fee defines an interface for an application application-defined concrete + // transaction type to be able to set and return the transaction fee. + Fee interface { + GetGas() + +uint64 + GetAmount() + +Coins +} + + // Signature defines an interface for an application application-defined + // concrete transaction type to be able to set and return transaction signatures. + Signature interface { + GetPubKey() + +cryptotypes.PubKey + GetSignature() []byte +} + + // HasMsgs defines an interface a transaction must fulfill. + HasMsgs interface { + // GetMsgs gets the all the transaction's messages. + GetMsgs() []Msg +} + + // Tx defines an interface a transaction must fulfill. + Tx interface { + HasMsgs + + // GetMsgsV2 gets the transaction's messages as google.golang.org/protobuf/proto.Message's. + GetMsgsV2() ([]protov2.Message, error) +} + + // FeeTx defines the interface to be implemented by Tx to use the FeeDecorators + FeeTx interface { + Tx + GetGas() + +uint64 + GetFee() + +Coins + FeePayer() []byte + FeeGranter() []byte +} + + // TxWithMemo must have GetMemo() + +method to use ValidateMemoDecorator + TxWithMemo interface { + Tx + GetMemo() + +string +} + + // TxWithTimeoutHeight extends the Tx interface by allowing a transaction to + // set a height timeout. + TxWithTimeoutHeight interface { + Tx + + GetTimeoutHeight() + +uint64 +} + + // HasValidateBasic defines a type that has a ValidateBasic method. + // ValidateBasic is deprecated and now facultative. + // Prefer validating messages directly in the msg server. + HasValidateBasic interface { + // ValidateBasic does a simple validation check that + // doesn't require access to any other information. + ValidateBasic() + +error +} +) + +// TxDecoder unmarshals transaction bytes +type TxDecoder func(txBytes []byte) (Tx, error) + +// TxEncoder marshals transaction to bytes +type TxEncoder func(tx Tx) ([]byte, error) + +// MsgTypeURL returns the TypeURL of a `sdk.Msg`. +func MsgTypeURL(msg proto.Message) + +string { + if m, ok := msg.(protov2.Message); ok { + return "/" + string(m.ProtoReflect().Descriptor().FullName()) +} + +return "/" + proto.MessageName(msg) +} + +// GetMsgFromTypeURL returns a `sdk.Msg` message type from a type URL +func GetMsgFromTypeURL(cdc codec.Codec, input string) (Msg, error) { + var msg Msg + bz, err := json.Marshal(struct { + Type string `json:"@type"` +}{ + Type: input, +}) + if err != nil { + return nil, err +} + if err := cdc.UnmarshalInterfaceJSON(bz, &msg); err != nil { + return nil, fmt.Errorf("failed to determine sdk.Msg for %s URL : %w", input, err) +} + +return msg, nil +} + +// GetModuleNameFromTypeURL assumes that module name is the second element of the msg type URL +// e.g. "cosmos.bank.v1beta1.MsgSend" => "bank" +// It returns an empty string if the input is not a valid type URL +func GetModuleNameFromTypeURL(input string) + +string { + moduleName := strings.Split(input, ".") + if len(moduleName) > 1 { + return moduleName[1] +} + +return "" +} +``` + +In 0.50+ signers from the `GetSigners()` call are automated via a protobuf annotation. + +Read more about the signer field [here](/docs/sdk/vnext/build/building-modules/protobuf-annotations). + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/e6848d99b55a65d014375b295bdd7f9641aac95e/proto/cosmos/bank/v1beta1/tx.proto#L40 +``` + +If there is a need for custom signers then there is an alternative path which can be taken. A function which returns `signing.CustomGetSigner` for a specific message can be defined. + +```go expandable +func ProvideBankSendTransactionGetSigners() + +signing.CustomGetSigner { + + // Extract the signer from the signature. + signer, err := coretypes.LatestSigner(Tx).Sender(ethTx) + if err != nil { + return nil, err +} + + // Return the signer in the required format. + return [][]byte{ + signer.Bytes() +}, nil +} +``` + +When using dependency injection (depinject) this can be provided to the application via the provide method. + +```go +depinject.Provide(banktypes.ProvideBankSendTransactionGetSigners) +``` + +The Cosmos SDK uses Protobuf definitions to generate client and server code: + +* `MsgServer` interface defines the server API for the `Msg` service and its implementation is described as part of the [`Msg` services](/docs/sdk/vnext/build/building-modules/msg-services) documentation. +* Structures are generated for all RPC request and response types. + +A `RegisterMsgServer` method is also generated and should be used to register the module's `MsgServer` implementation in `RegisterServices` method from the [`AppModule` interface](/docs/sdk/vnext/build/building-modules/module-manager#appmodule). + +In order for clients (CLI and grpc-gateway) to have these URLs registered, the Cosmos SDK provides the function `RegisterMsgServiceDesc(registry codectypes.InterfaceRegistry, sd *grpc.ServiceDesc)` that should be called inside module's [`RegisterInterfaces`](/docs/sdk/vnext/build/building-modules/module-manager#appmodulebasic) method, using the proto-generated `&_Msg_serviceDesc` as `*grpc.ServiceDesc` argument. + +## Queries + +A `query` is a request for information made by end-users of applications through an interface and processed by a full-node. A `query` is received by a full-node through its consensus engine and relayed to the application via the ABCI. It is then routed to the appropriate module via `BaseApp`'s `QueryRouter` so that it can be processed by the module's query service (./04-query-services.md). For a deeper look at the lifecycle of a `query`, click [here](/docs/sdk/vnext/learn/beginner/query-lifecycle). + +### gRPC Queries + +Queries should be defined using [Protobuf services](https://developers.google.com/protocol-buffers/docs/proto#services). A `Query` service should be created per module in `query.proto`. This service lists endpoints starting with `rpc`. + +Here's an example of such a `Query` service definition: + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/auth/v1beta1/query.proto#L14-L89 +``` + +As `proto.Message`s, generated `Response` types implement by default `String()` method of [`fmt.Stringer`](https://pkg.go.dev/fmt#Stringer). + +A `RegisterQueryServer` method is also generated and should be used to register the module's query server in the `RegisterServices` method from the [`AppModule` interface](/docs/sdk/vnext/build/building-modules/module-manager#appmodule). + +### Legacy Queries + +Before the introduction of Protobuf and gRPC in the Cosmos SDK, there was usually no specific `query` object defined by module developers, contrary to `message`s. Instead, the Cosmos SDK took the simpler approach of using a simple `path` to define each `query`. The `path` contains the `query` type and all the arguments needed to process it. For most module queries, the `path` should look like the following: + +```text +queryCategory/queryRoute/queryType/arg1/arg2/... +``` + +where: + +* `queryCategory` is the category of the `query`, typically `custom` for module queries. It is used to differentiate between different kinds of queries within `BaseApp`'s [`Query` method](/docs/sdk/vnext/learn/advanced/baseapp#query). +* `queryRoute` is used by `BaseApp`'s [`queryRouter`](/docs/sdk/vnext/learn/advanced/baseapp#query-routing) to map the `query` to its module. Usually, `queryRoute` should be the name of the module. +* `queryType` is used by the module's [`querier`](/docs/sdk/vnext/build/building-modules/query-services#legacy-queriers) to map the `query` to the appropriate `querier function` within the module. +* `args` are the actual arguments needed to process the `query`. They are filled out by the end-user. Note that for bigger queries, you might prefer passing arguments in the `Data` field of the request `req` instead of the `path`. + +The `path` for each `query` must be defined by the module developer in the module's [command-line interface file](/docs/sdk/vnext/build/building-modules/module-interfaces#query-commands). Overall, there are 3 mains components module developers need to implement in order to make the subset of the state defined by their module queryable: + +* A [`querier`](/docs/sdk/vnext/build/building-modules/query-services#legacy-queriers), to process the `query` once it has been [routed to the module](/docs/sdk/vnext/learn/advanced/baseapp#query-routing). +* [Query commands](/docs/sdk/vnext/build/building-modules/module-interfaces#query-commands) in the module's CLI file, where the `path` for each `query` is specified. +* `query` return types. Typically defined in a file `types/querier.go`, they specify the result type of each of the module's `queries`. These custom types must implement the `String()` method of [`fmt.Stringer`](https://pkg.go.dev/fmt#Stringer). + +### Store Queries + +Store queries access store keys directly. They use `clientCtx.QueryABCI(req abci.QueryRequest)` to return the full `abci.QueryResponse` with inclusion Merkle proofs. + +See following examples: + +```go expandable +package baseapp + +import ( + + "context" + "crypto/sha256" + "fmt" + "os" + "sort" + "strings" + "syscall" + "time" + + errorsmod "cosmossdk.io/errors" + "cosmossdk.io/store/rootmulti" + snapshottypes "cosmossdk.io/store/snapshots/types" + storetypes "cosmossdk.io/store/types" + "github.com/cockroachdb/errors" + abci "github.com/cometbft/cometbft/abci/types" + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + "github.com/cosmos/gogoproto/proto" + "google.golang.org/grpc/codes" + grpcstatus "google.golang.org/grpc/status" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/telemetry" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" +) + +// Supported ABCI Query prefixes and paths +const ( + QueryPathApp = "app" + QueryPathCustom = "custom" + QueryPathP2P = "p2p" + QueryPathStore = "store" + + QueryPathBroadcastTx = "/cosmos.tx.v1beta1.Service/BroadcastTx" +) + +func (app *BaseApp) + +InitChain(req *abci.RequestInitChain) (*abci.ResponseInitChain, error) { + if req.ChainId != app.chainID { + return nil, fmt.Errorf("invalid chain-id on InitChain; expected: %s, got: %s", app.chainID, req.ChainId) +} + + // On a new chain, we consider the init chain block height as 0, even though + // req.InitialHeight is 1 by default. + initHeader := cmtproto.Header{ + ChainID: req.ChainId, + Time: req.Time +} + +app.initialHeight = req.InitialHeight + + app.logger.Info("InitChain", "initialHeight", req.InitialHeight, "chainID", req.ChainId) + + // Set the initial height, which will be used to determine if we are proposing + // or processing the first block or not. + app.initialHeight = req.InitialHeight + + // if req.InitialHeight is > 1, then we set the initial version on all stores + if req.InitialHeight > 1 { + initHeader.Height = req.InitialHeight + if err := app.cms.SetInitialVersion(req.InitialHeight); err != nil { + return nil, err +} + +} + + // initialize states with a correct header + app.setState(execModeFinalize, initHeader) + +app.setState(execModeCheck, initHeader) + + // Store the consensus params in the BaseApp's param store. Note, this must be + // done after the finalizeBlockState and context have been set as it's persisted + // to state. + if req.ConsensusParams != nil { + err := app.StoreConsensusParams(app.finalizeBlockState.ctx, *req.ConsensusParams) + if err != nil { + return nil, err +} + +} + +defer func() { + // InitChain represents the state of the application BEFORE the first block, + // i.e. the genesis block. This means that when processing the app's InitChain + // handler, the block height is zero by default. However, after Commit is called + // the height needs to reflect the true block height. + initHeader.Height = req.InitialHeight + app.checkState.ctx = app.checkState.ctx.WithBlockHeader(initHeader) + +app.finalizeBlockState.ctx = app.finalizeBlockState.ctx.WithBlockHeader(initHeader) +}() + if app.initChainer == nil { + return &abci.ResponseInitChain{ +}, nil +} + + // add block gas meter for any genesis transactions (allow infinite gas) + +app.finalizeBlockState.ctx = app.finalizeBlockState.ctx.WithBlockGasMeter(storetypes.NewInfiniteGasMeter()) + +res, err := app.initChainer(app.finalizeBlockState.ctx, req) + if err != nil { + return nil, err +} + if len(req.Validators) > 0 { + if len(req.Validators) != len(res.Validators) { + return nil, fmt.Errorf( + "len(RequestInitChain.Validators) != len(GenesisValidators) (%d != %d)", + len(req.Validators), len(res.Validators), + ) +} + +sort.Sort(abci.ValidatorUpdates(req.Validators)) + +sort.Sort(abci.ValidatorUpdates(res.Validators)) + for i := range res.Validators { + if !proto.Equal(&res.Validators[i], &req.Validators[i]) { + return nil, fmt.Errorf("genesisValidators[%d] != req.Validators[%d] ", i, i) +} + +} + +} + + // In the case of a new chain, AppHash will be the hash of an empty string. + // During an upgrade, it'll be the hash of the last committed block. + var appHash []byte + if !app.LastCommitID().IsZero() { + appHash = app.LastCommitID().Hash +} + +else { + // $ echo -n '' | sha256sum + // e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + emptyHash := sha256.Sum256([]byte{ +}) + +appHash = emptyHash[:] +} + + // NOTE: We don't commit, but FinalizeBlock for block InitialHeight starts from + // this FinalizeBlockState. + return &abci.ResponseInitChain{ + ConsensusParams: res.ConsensusParams, + Validators: res.Validators, + AppHash: appHash, +}, nil +} + +func (app *BaseApp) + +Info(req *abci.RequestInfo) (*abci.ResponseInfo, error) { + lastCommitID := app.cms.LastCommitID() + +return &abci.ResponseInfo{ + Data: app.name, + Version: app.version, + AppVersion: app.appVersion, + LastBlockHeight: lastCommitID.Version, + LastBlockAppHash: lastCommitID.Hash, +}, nil +} + +// Query implements the ABCI interface. It delegates to CommitMultiStore if it +// implements Queryable. +func (app *BaseApp) + +Query(_ context.Context, req *abci.RequestQuery) (resp *abci.ResponseQuery, err error) { + // add panic recovery for all queries + // + // Ref: https://github.com/cosmos/cosmos-sdk/pull/8039 + defer func() { + if r := recover(); r != nil { + resp = sdkerrors.QueryResult(errorsmod.Wrapf(sdkerrors.ErrPanic, "%v", r), app.trace) +} + +}() + + // when a client did not provide a query height, manually inject the latest + if req.Height == 0 { + req.Height = app.LastBlockHeight() +} + +telemetry.IncrCounter(1, "query", "count") + +telemetry.IncrCounter(1, "query", req.Path) + +defer telemetry.MeasureSince(time.Now(), req.Path) + if req.Path == QueryPathBroadcastTx { + return sdkerrors.QueryResult(errorsmod.Wrap(sdkerrors.ErrInvalidRequest, "can't route a broadcast tx message"), app.trace), nil +} + + // handle gRPC routes first rather than calling splitPath because '/' characters + // are used as part of gRPC paths + if grpcHandler := app.grpcQueryRouter.Route(req.Path); grpcHandler != nil { + return app.handleQueryGRPC(grpcHandler, req), nil +} + path := SplitABCIQueryPath(req.Path) + if len(path) == 0 { + return sdkerrors.QueryResult(errorsmod.Wrap(sdkerrors.ErrUnknownRequest, "no query path provided"), app.trace), nil +} + switch path[0] { + case QueryPathApp: + // "/app" prefix for special application queries + resp = handleQueryApp(app, path, req) + case QueryPathStore: + resp = handleQueryStore(app, path, *req) + case QueryPathP2P: + resp = handleQueryP2P(app, path) + +default: + resp = sdkerrors.QueryResult(errorsmod.Wrap(sdkerrors.ErrUnknownRequest, "unknown query path"), app.trace) +} + +return resp, nil +} + +// ListSnapshots implements the ABCI interface. It delegates to app.snapshotManager if set. +func (app *BaseApp) + +ListSnapshots(req *abci.RequestListSnapshots) (*abci.ResponseListSnapshots, error) { + resp := &abci.ResponseListSnapshots{ + Snapshots: []*abci.Snapshot{ +}} + if app.snapshotManager == nil { + return resp, nil +} + +snapshots, err := app.snapshotManager.List() + if err != nil { + app.logger.Error("failed to list snapshots", "err", err) + +return nil, err +} + for _, snapshot := range snapshots { + abciSnapshot, err := snapshot.ToABCI() + if err != nil { + app.logger.Error("failed to convert ABCI snapshots", "err", err) + +return nil, err +} + +resp.Snapshots = append(resp.Snapshots, &abciSnapshot) +} + +return resp, nil +} + +// LoadSnapshotChunk implements the ABCI interface. It delegates to app.snapshotManager if set. +func (app *BaseApp) + +LoadSnapshotChunk(req *abci.RequestLoadSnapshotChunk) (*abci.ResponseLoadSnapshotChunk, error) { + if app.snapshotManager == nil { + return &abci.ResponseLoadSnapshotChunk{ +}, nil +} + +chunk, err := app.snapshotManager.LoadChunk(req.Height, req.Format, req.Chunk) + if err != nil { + app.logger.Error( + "failed to load snapshot chunk", + "height", req.Height, + "format", req.Format, + "chunk", req.Chunk, + "err", err, + ) + +return nil, err +} + +return &abci.ResponseLoadSnapshotChunk{ + Chunk: chunk +}, nil +} + +// OfferSnapshot implements the ABCI interface. It delegates to app.snapshotManager if set. +func (app *BaseApp) + +OfferSnapshot(req *abci.RequestOfferSnapshot) (*abci.ResponseOfferSnapshot, error) { + if app.snapshotManager == nil { + app.logger.Error("snapshot manager not configured") + +return &abci.ResponseOfferSnapshot{ + Result: abci.ResponseOfferSnapshot_ABORT +}, nil +} + if req.Snapshot == nil { + app.logger.Error("received nil snapshot") + +return &abci.ResponseOfferSnapshot{ + Result: abci.ResponseOfferSnapshot_REJECT +}, nil +} + +snapshot, err := snapshottypes.SnapshotFromABCI(req.Snapshot) + if err != nil { + app.logger.Error("failed to decode snapshot metadata", "err", err) + +return &abci.ResponseOfferSnapshot{ + Result: abci.ResponseOfferSnapshot_REJECT +}, nil +} + +err = app.snapshotManager.Restore(snapshot) + switch { + case err == nil: + return &abci.ResponseOfferSnapshot{ + Result: abci.ResponseOfferSnapshot_ACCEPT +}, nil + case errors.Is(err, snapshottypes.ErrUnknownFormat): + return &abci.ResponseOfferSnapshot{ + Result: abci.ResponseOfferSnapshot_REJECT_FORMAT +}, nil + case errors.Is(err, snapshottypes.ErrInvalidMetadata): + app.logger.Error( + "rejecting invalid snapshot", + "height", req.Snapshot.Height, + "format", req.Snapshot.Format, + "err", err, + ) + +return &abci.ResponseOfferSnapshot{ + Result: abci.ResponseOfferSnapshot_REJECT +}, nil + + default: + app.logger.Error( + "failed to restore snapshot", + "height", req.Snapshot.Height, + "format", req.Snapshot.Format, + "err", err, + ) + + // We currently don't support resetting the IAVL stores and retrying a + // different snapshot, so we ask CometBFT to abort all snapshot restoration. + return &abci.ResponseOfferSnapshot{ + Result: abci.ResponseOfferSnapshot_ABORT +}, nil +} +} + +// ApplySnapshotChunk implements the ABCI interface. It delegates to app.snapshotManager if set. +func (app *BaseApp) + +ApplySnapshotChunk(req *abci.RequestApplySnapshotChunk) (*abci.ResponseApplySnapshotChunk, error) { + if app.snapshotManager == nil { + app.logger.Error("snapshot manager not configured") + +return &abci.ResponseApplySnapshotChunk{ + Result: abci.ResponseApplySnapshotChunk_ABORT +}, nil +} + + _, err := app.snapshotManager.RestoreChunk(req.Chunk) + switch { + case err == nil: + return &abci.ResponseApplySnapshotChunk{ + Result: abci.ResponseApplySnapshotChunk_ACCEPT +}, nil + case errors.Is(err, snapshottypes.ErrChunkHashMismatch): + app.logger.Error( + "chunk checksum mismatch; rejecting sender and requesting refetch", + "chunk", req.Index, + "sender", req.Sender, + "err", err, + ) + +return &abci.ResponseApplySnapshotChunk{ + Result: abci.ResponseApplySnapshotChunk_RETRY, + RefetchChunks: []uint32{ + req.Index +}, + RejectSenders: []string{ + req.Sender +}, +}, nil + + default: + app.logger.Error("failed to restore snapshot", "err", err) + +return &abci.ResponseApplySnapshotChunk{ + Result: abci.ResponseApplySnapshotChunk_ABORT +}, nil +} +} + +// CheckTx implements the ABCI interface and executes a tx in CheckTx mode. In +// CheckTx mode, messages are not executed. This means messages are only validated +// and only the AnteHandler is executed. State is persisted to the BaseApp's +// internal CheckTx state if the AnteHandler passes. Otherwise, the ResponseCheckTx +// will contain relevant error information. Regardless of tx execution outcome, +// the ResponseCheckTx will contain relevant gas execution context. +func (app *BaseApp) + +CheckTx(req *abci.RequestCheckTx) (*abci.ResponseCheckTx, error) { + var mode execMode + switch { + case req.Type == abci.CheckTxType_New: + mode = execModeCheck + case req.Type == abci.CheckTxType_Recheck: + mode = execModeReCheck + + default: + return nil, fmt.Errorf("unknown RequestCheckTx type: %s", req.Type) +} + +gInfo, result, anteEvents, err := app.runTx(mode, req.Tx) + if err != nil { + return sdkerrors.ResponseCheckTxWithEvents(err, gInfo.GasWanted, gInfo.GasUsed, anteEvents, app.trace), nil +} + +return &abci.ResponseCheckTx{ + GasWanted: int64(gInfo.GasWanted), // TODO: Should type accept unsigned ints? + GasUsed: int64(gInfo.GasUsed), // TODO: Should type accept unsigned ints? + Log: result.Log, + Data: result.Data, + Events: sdk.MarkEventsToIndex(result.Events, app.indexEvents), +}, nil +} + +// PrepareProposal implements the PrepareProposal ABCI method and returns a +// ResponsePrepareProposal object to the client. The PrepareProposal method is +// responsible for allowing the block proposer to perform application-dependent +// work in a block before proposing it. +// +// Transactions can be modified, removed, or added by the application. Since the +// application maintains its own local mempool, it will ignore the transactions +// provided to it in RequestPrepareProposal. Instead, it will determine which +// transactions to return based on the mempool's semantics and the MaxTxBytes +// provided by the client's request. +// +// Ref: https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-060-abci-1.0.md +// Ref: https://github.com/cometbft/cometbft/blob/main/spec/abci/abci%2B%2B_basic_concepts.md +func (app *BaseApp) + +PrepareProposal(req *abci.RequestPrepareProposal) (resp *abci.ResponsePrepareProposal, err error) { + if app.prepareProposal == nil { + return nil, errors.New("PrepareProposal handler not set") +} + + // Always reset state given that PrepareProposal can timeout and be called + // again in a subsequent round. + header := cmtproto.Header{ + ChainID: app.chainID, + Height: req.Height, + Time: req.Time, + ProposerAddress: req.ProposerAddress, + NextValidatorsHash: req.NextValidatorsHash, +} + +app.setState(execModePrepareProposal, header) + + // CometBFT must never call PrepareProposal with a height of 0. + // + // Ref: https://github.com/cometbft/cometbft/blob/059798a4f5b0c9f52aa8655fa619054a0154088c/spec/core/state.md?plain=1#L37-L38 + if req.Height < 1 { + return nil, errors.New("PrepareProposal called with invalid height") +} + +app.prepareProposalState.ctx = app.getContextForProposal(app.prepareProposalState.ctx, req.Height). + WithVoteInfos(toVoteInfo(req.LocalLastCommit.Votes)). // this is a set of votes that are not finalized yet, wait for commit + WithBlockHeight(req.Height). + WithBlockTime(req.Time). + WithProposer(req.ProposerAddress). + WithExecMode(sdk.ExecModePrepareProposal). + WithCometInfo(prepareProposalInfo{ + req +}) + +app.prepareProposalState.ctx = app.prepareProposalState.ctx. + WithConsensusParams(app.GetConsensusParams(app.prepareProposalState.ctx)). + WithBlockGasMeter(app.getBlockGasMeter(app.prepareProposalState.ctx)) + +defer func() { + if err := recover(); err != nil { + app.logger.Error( + "panic recovered in PrepareProposal", + "height", req.Height, + "time", req.Time, + "panic", err, + ) + +resp = &abci.ResponsePrepareProposal{ +} + +} + +}() + +resp, err = app.prepareProposal(app.prepareProposalState.ctx, req) + if err != nil { + app.logger.Error("failed to prepare proposal", "height", req.Height, "error", err) + +return &abci.ResponsePrepareProposal{ +}, nil +} + +return resp, nil +} + +// ProcessProposal implements the ProcessProposal ABCI method and returns a +// ResponseProcessProposal object to the client. The ProcessProposal method is +// responsible for allowing execution of application-dependent work in a proposed +// block. Note, the application defines the exact implementation details of +// ProcessProposal. In general, the application must at the very least ensure +// that all transactions are valid. If all transactions are valid, then we inform +// CometBFT that the Status is ACCEPT. However, the application is also able +// to implement optimizations such as executing the entire proposed block +// immediately. +// +// If a panic is detected during execution of an application's ProcessProposal +// handler, it will be recovered and we will reject the proposal. +// +// Ref: https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-060-abci-1.0.md +// Ref: https://github.com/cometbft/cometbft/blob/main/spec/abci/abci%2B%2B_basic_concepts.md +func (app *BaseApp) + +ProcessProposal(req *abci.RequestProcessProposal) (resp *abci.ResponseProcessProposal, err error) { + if app.processProposal == nil { + return nil, errors.New("ProcessProposal handler not set") +} + + // CometBFT must never call ProcessProposal with a height of 0. + // Ref: https://github.com/cometbft/cometbft/blob/059798a4f5b0c9f52aa8655fa619054a0154088c/spec/core/state.md?plain=1#L37-L38 + if req.Height < 1 { + return nil, errors.New("ProcessProposal called with invalid height") +} + + // Always reset state given that ProcessProposal can timeout and be called + // again in a subsequent round. + header := cmtproto.Header{ + ChainID: app.chainID, + Height: req.Height, + Time: req.Time, + ProposerAddress: req.ProposerAddress, + NextValidatorsHash: req.NextValidatorsHash, +} + +app.setState(execModeProcessProposal, header) + + // Since the application can get access to FinalizeBlock state and write to it, + // we must be sure to reset it in case ProcessProposal timeouts and is called + // again in a subsequent round. However, we only want to do this after we've + // processed the first block, as we want to avoid overwriting the finalizeState + // after state changes during InitChain. + if req.Height > app.initialHeight { + app.setState(execModeFinalize, header) +} + +app.processProposalState.ctx = app.getContextForProposal(app.processProposalState.ctx, req.Height). + WithVoteInfos(req.ProposedLastCommit.Votes). // this is a set of votes that are not finalized yet, wait for commit + WithBlockHeight(req.Height). + WithBlockTime(req.Time). + WithHeaderHash(req.Hash). + WithProposer(req.ProposerAddress). + WithCometInfo(cometInfo{ + ProposerAddress: req.ProposerAddress, + ValidatorsHash: req.NextValidatorsHash, + Misbehavior: req.Misbehavior, + LastCommit: req.ProposedLastCommit +}). + WithExecMode(sdk.ExecModeProcessProposal) + +app.processProposalState.ctx = app.processProposalState.ctx. + WithConsensusParams(app.GetConsensusParams(app.processProposalState.ctx)). + WithBlockGasMeter(app.getBlockGasMeter(app.processProposalState.ctx)) + +defer func() { + if err := recover(); err != nil { + app.logger.Error( + "panic recovered in ProcessProposal", + "height", req.Height, + "time", req.Time, + "hash", fmt.Sprintf("%X", req.Hash), + "panic", err, + ) + +resp = &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_REJECT +} + +} + +}() + +resp, err = app.processProposal(app.processProposalState.ctx, req) + if err != nil { + app.logger.Error("failed to process proposal", "height", req.Height, "error", err) + +return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_REJECT +}, nil +} + +return resp, nil +} + +// ExtendVote implements the ExtendVote ABCI method and returns a ResponseExtendVote. +// It calls the application's ExtendVote handler which is responsible for performing +// application-specific business logic when sending a pre-commit for the NEXT +// block height. The extensions response may be non-deterministic but must always +// be returned, even if empty. +// +// Agreed upon vote extensions are made available to the proposer of the next +// height and are committed in the subsequent height, i.e. H+2. An error is +// returned if vote extensions are not enabled or if extendVote fails or panics. +func (app *BaseApp) + +ExtendVote(_ context.Context, req *abci.RequestExtendVote) (resp *abci.ResponseExtendVote, err error) { + // Always reset state given that ExtendVote and VerifyVoteExtension can timeout + // and be called again in a subsequent round. + emptyHeader := cmtproto.Header{ + ChainID: app.chainID, + Height: req.Height +} + +app.setState(execModeVoteExtension, emptyHeader) + if app.extendVote == nil { + return nil, errors.New("application ExtendVote handler not set") +} + + // If vote extensions are not enabled, as a safety precaution, we return an + // error. + cp := app.GetConsensusParams(app.voteExtensionState.ctx) + if cp.Abci != nil && cp.Abci.VoteExtensionsEnableHeight <= 0 { + return nil, fmt.Errorf("vote extensions are not enabled; unexpected call to ExtendVote at height %d", req.Height) +} + +app.voteExtensionState.ctx = app.voteExtensionState.ctx. + WithConsensusParams(cp). + WithBlockGasMeter(storetypes.NewInfiniteGasMeter()). + WithBlockHeight(req.Height). + WithHeaderHash(req.Hash). + WithExecMode(sdk.ExecModeVoteExtension) + + // add a deferred recover handler in case extendVote panics + defer func() { + if r := recover(); r != nil { + app.logger.Error( + "panic recovered in ExtendVote", + "height", req.Height, + "hash", fmt.Sprintf("%X", req.Hash), + "panic", err, + ) + +err = fmt.Errorf("recovered application panic in ExtendVote: %v", r) +} + +}() + +resp, err = app.extendVote(app.voteExtensionState.ctx, req) + if err != nil { + app.logger.Error("failed to extend vote", "height", req.Height, "error", err) + +return &abci.ResponseExtendVote{ + VoteExtension: []byte{ +}}, nil +} + +return resp, err +} + +// VerifyVoteExtension implements the VerifyVoteExtension ABCI method and returns +// a ResponseVerifyVoteExtension. It calls the applications' VerifyVoteExtension +// handler which is responsible for performing application-specific business +// logic in verifying a vote extension from another validator during the pre-commit +// phase. The response MUST be deterministic. An error is returned if vote +// extensions are not enabled or if verifyVoteExt fails or panics. +func (app *BaseApp) + +VerifyVoteExtension(req *abci.RequestVerifyVoteExtension) (resp *abci.ResponseVerifyVoteExtension, err error) { + if app.verifyVoteExt == nil { + return nil, errors.New("application VerifyVoteExtension handler not set") +} + + // If vote extensions are not enabled, as a safety precaution, we return an + // error. + cp := app.GetConsensusParams(app.voteExtensionState.ctx) + if cp.Abci != nil && cp.Abci.VoteExtensionsEnableHeight <= 0 { + return nil, fmt.Errorf("vote extensions are not enabled; unexpected call to VerifyVoteExtension at height %d", req.Height) +} + + // add a deferred recover handler in case verifyVoteExt panics + defer func() { + if r := recover(); r != nil { + app.logger.Error( + "panic recovered in VerifyVoteExtension", + "height", req.Height, + "hash", fmt.Sprintf("%X", req.Hash), + "validator", fmt.Sprintf("%X", req.ValidatorAddress), + "panic", r, + ) + +err = fmt.Errorf("recovered application panic in VerifyVoteExtension: %v", r) +} + +}() + +resp, err = app.verifyVoteExt(app.voteExtensionState.ctx, req) + if err != nil { + app.logger.Error("failed to verify vote extension", "height", req.Height, "error", err) + +return &abci.ResponseVerifyVoteExtension{ + Status: abci.ResponseVerifyVoteExtension_REJECT +}, nil +} + +return resp, err +} + +// FinalizeBlock will execute the block proposal provided by RequestFinalizeBlock. +// Specifically, it will execute an application's BeginBlock (if defined), followed +// by the transactions in the proposal, finally followed by the application's +// EndBlock (if defined). +// +// For each raw transaction, i.e. a byte slice, BaseApp will only execute it if +// it adheres to the sdk.Tx interface. Otherwise, the raw transaction will be +// skipped. This is to support compatibility with proposers injecting vote +// extensions into the proposal, which should not themselves be executed in cases +// where they adhere to the sdk.Tx interface. +func (app *BaseApp) + +FinalizeBlock(req *abci.RequestFinalizeBlock) (*abci.ResponseFinalizeBlock, error) { + var events []abci.Event + if err := app.validateFinalizeBlockHeight(req); err != nil { + return nil, err +} + if app.cms.TracingEnabled() { + app.cms.SetTracingContext(storetypes.TraceContext( + map[string]any{"blockHeight": req.Height +}, + )) +} + header := cmtproto.Header{ + ChainID: app.chainID, + Height: req.Height, + Time: req.Time, + ProposerAddress: req.ProposerAddress, + NextValidatorsHash: req.NextValidatorsHash, +} + + // Initialize the FinalizeBlock state. If this is the first block, it should + // already be initialized in InitChain. Otherwise app.finalizeBlockState will be + // nil, since it is reset on Commit. + if app.finalizeBlockState == nil { + app.setState(execModeFinalize, header) +} + +else { + // In the first block, app.finalizeBlockState.ctx will already be initialized + // by InitChain. Context is now updated with Header information. + app.finalizeBlockState.ctx = app.finalizeBlockState.ctx. + WithBlockHeader(header). + WithBlockHeight(req.Height) +} + gasMeter := app.getBlockGasMeter(app.finalizeBlockState.ctx) + +app.finalizeBlockState.ctx = app.finalizeBlockState.ctx. + WithBlockGasMeter(gasMeter). + WithHeaderHash(req.Hash). + WithConsensusParams(app.GetConsensusParams(app.finalizeBlockState.ctx)). + WithVoteInfos(req.DecidedLastCommit.Votes). + WithExecMode(sdk.ExecModeFinalize) + if app.checkState != nil { + app.checkState.ctx = app.checkState.ctx. + WithBlockGasMeter(gasMeter). + WithHeaderHash(req.Hash) +} + beginBlock := app.beginBlock(req) + +events = append(events, beginBlock.Events...) + + // Iterate over all raw transactions in the proposal and attempt to execute + // them, gathering the execution results. + // + // NOTE: Not all raw transactions may adhere to the sdk.Tx interface, e.g. + // vote extensions, so skip those. + txResults := make([]*abci.ExecTxResult, 0, len(req.Txs)) + for _, rawTx := range req.Txs { + if _, err := app.txDecoder(rawTx); err == nil { + txResults = append(txResults, app.deliverTx(rawTx)) +} + +} + if app.finalizeBlockState.ms.TracingEnabled() { + app.finalizeBlockState.ms = app.finalizeBlockState.ms.SetTracingContext(nil).(storetypes.CacheMultiStore) +} + +endBlock, err := app.endBlock(app.finalizeBlockState.ctx) + if err != nil { + return nil, err +} + +events = append(events, endBlock.Events...) + cp := app.GetConsensusParams(app.finalizeBlockState.ctx) + +return &abci.ResponseFinalizeBlock{ + Events: events, + TxResults: txResults, + ValidatorUpdates: endBlock.ValidatorUpdates, + ConsensusParamUpdates: &cp, + AppHash: app.workingHash(), +}, nil +} + +// Commit implements the ABCI interface. It will commit all state that exists in +// the deliver state's multi-store and includes the resulting commit ID in the +// returned abci.ResponseCommit. Commit will set the check state based on the +// latest header and reset the deliver state. Also, if a non-zero halt height is +// defined in config, Commit will execute a deferred function call to check +// against that height and gracefully halt if it matches the latest committed +// height. +func (app *BaseApp) + +Commit() (*abci.ResponseCommit, error) { + header := app.finalizeBlockState.ctx.BlockHeader() + retainHeight := app.GetBlockRetentionHeight(header.Height) + if app.precommiter != nil { + app.precommiter(app.finalizeBlockState.ctx) +} + +rms, ok := app.cms.(*rootmulti.Store) + if ok { + rms.SetCommitHeader(header) +} + +app.cms.Commit() + resp := &abci.ResponseCommit{ + RetainHeight: retainHeight, +} + abciListeners := app.streamingManager.ABCIListeners + if len(abciListeners) > 0 { + ctx := app.finalizeBlockState.ctx + blockHeight := ctx.BlockHeight() + changeSet := app.cms.PopStateCache() + for _, abciListener := range abciListeners { + if err := abciListener.ListenCommit(ctx, *resp, changeSet); err != nil { + app.logger.Error("Commit listening hook failed", "height", blockHeight, "err", err) +} + +} + +} + + // Reset the CheckTx state to the latest committed. + // + // NOTE: This is safe because CometBFT holds a lock on the mempool for + // Commit. Use the header from this latest block. + app.setState(execModeCheck, header) + +app.finalizeBlockState = nil + if app.prepareCheckStater != nil { + app.prepareCheckStater(app.checkState.ctx) +} + +var halt bool + switch { + case app.haltHeight > 0 && uint64(header.Height) >= app.haltHeight: + halt = true + case app.haltTime > 0 && header.Time.Unix() >= int64(app.haltTime): + halt = true +} + if halt { + // Halt the binary and allow CometBFT to receive the ResponseCommit + // response with the commit ID hash. This will allow the node to successfully + // restart and process blocks assuming the halt configuration has been + // reset or moved to a more distant value. + app.halt() +} + +go app.snapshotManager.SnapshotIfApplicable(header.Height) + +return resp, nil +} + +// workingHash gets the apphash that will be finalized in commit. +// These writes will be persisted to the root multi-store (app.cms) + +and flushed to +// disk in the Commit phase. This means when the ABCI client requests Commit(), the application +// state transitions will be flushed to disk and as a result, but we already have +// an application Merkle root. +func (app *BaseApp) + +workingHash() []byte { + // Write the FinalizeBlock state into branched storage and commit the MultiStore. + // The write to the FinalizeBlock state writes all state transitions to the root + // MultiStore (app.cms) + +so when Commit() + +is called it persists those values. + app.finalizeBlockState.ms.Write() + + // Get the hash of all writes in order to return the apphash to the comet in finalizeBlock. + commitHash := app.cms.WorkingHash() + +app.logger.Debug("hash of all writes", "workingHash", fmt.Sprintf("%X", commitHash)) + +return commitHash +} + +// halt attempts to gracefully shutdown the node via SIGINT and SIGTERM falling +// back on os.Exit if both fail. +func (app *BaseApp) + +halt() { + app.logger.Info("halting node per configuration", "height", app.haltHeight, "time", app.haltTime) + +p, err := os.FindProcess(os.Getpid()) + if err == nil { + // attempt cascading signals in case SIGINT fails (os dependent) + sigIntErr := p.Signal(syscall.SIGINT) + sigTermErr := p.Signal(syscall.SIGTERM) + if sigIntErr == nil || sigTermErr == nil { + return +} + +} + + // Resort to exiting immediately if the process could not be found or killed + // via SIGINT/SIGTERM signals. + app.logger.Info("failed to send SIGINT/SIGTERM; exiting...") + +os.Exit(0) +} + +func handleQueryApp(app *BaseApp, path []string, req *abci.RequestQuery) *abci.ResponseQuery { + if len(path) >= 2 { + switch path[1] { + case "simulate": + txBytes := req.Data + + gInfo, res, err := app.Simulate(txBytes) + if err != nil { + return sdkerrors.QueryResult(errorsmod.Wrap(err, "failed to simulate tx"), app.trace) +} + simRes := &sdk.SimulationResponse{ + GasInfo: gInfo, + Result: res, +} + +bz, err := codec.ProtoMarshalJSON(simRes, app.interfaceRegistry) + if err != nil { + return sdkerrors.QueryResult(errorsmod.Wrap(err, "failed to JSON encode simulation response"), app.trace) +} + +return &abci.ResponseQuery{ + Codespace: sdkerrors.RootCodespace, + Height: req.Height, + Value: bz, +} + case "version": + return &abci.ResponseQuery{ + Codespace: sdkerrors.RootCodespace, + Height: req.Height, + Value: []byte(app.version), +} + +default: + return sdkerrors.QueryResult(errorsmod.Wrapf(sdkerrors.ErrUnknownRequest, "unknown query: %s", path), app.trace) +} + +} + +return sdkerrors.QueryResult( + errorsmod.Wrap( + sdkerrors.ErrUnknownRequest, + "expected second parameter to be either 'simulate' or 'version', neither was present", + ), app.trace) +} + +func handleQueryStore(app *BaseApp, path []string, req abci.RequestQuery) *abci.ResponseQuery { + // "/store" prefix for store queries + queryable, ok := app.cms.(storetypes.Queryable) + if !ok { + return sdkerrors.QueryResult(errorsmod.Wrap(sdkerrors.ErrUnknownRequest, "multi-store does not support queries"), app.trace) +} + +req.Path = "/" + strings.Join(path[1:], "/") + if req.Height <= 1 && req.Prove { + return sdkerrors.QueryResult( + errorsmod.Wrap( + sdkerrors.ErrInvalidRequest, + "cannot query with proof when height <= 1; please provide a valid height", + ), app.trace) +} + sdkReq := storetypes.RequestQuery(req) + +resp, err := queryable.Query(&sdkReq) + if err != nil { + return sdkerrors.QueryResult(err, app.trace) +} + +resp.Height = req.Height + abciResp := abci.ResponseQuery(*resp) + +return &abciResp +} + +func handleQueryP2P(app *BaseApp, path []string) *abci.ResponseQuery { + // "/p2p" prefix for p2p queries + if len(path) < 4 { + return sdkerrors.QueryResult(errorsmod.Wrap(sdkerrors.ErrUnknownRequest, "path should be p2p filter "), app.trace) +} + +var resp *abci.ResponseQuery + + cmd, typ, arg := path[1], path[2], path[3] + switch cmd { + case "filter": + switch typ { + case "addr": + resp = app.FilterPeerByAddrPort(arg) + case "id": + resp = app.FilterPeerByID(arg) +} + +default: + resp = sdkerrors.QueryResult(errorsmod.Wrap(sdkerrors.ErrUnknownRequest, "expected second parameter to be 'filter'"), app.trace) +} + +return resp +} + +// SplitABCIQueryPath splits a string path using the delimiter '/'. +// +// e.g. "this/is/funny" becomes []string{"this", "is", "funny" +} + +func SplitABCIQueryPath(requestPath string) (path []string) { + path = strings.Split(requestPath, "/") + + // first element is empty string + if len(path) > 0 && path[0] == "" { + path = path[1:] +} + +return path +} + +// FilterPeerByAddrPort filters peers by address/port. +func (app *BaseApp) + +FilterPeerByAddrPort(info string) *abci.ResponseQuery { + if app.addrPeerFilter != nil { + return app.addrPeerFilter(info) +} + +return &abci.ResponseQuery{ +} +} + +// FilterPeerByID filters peers by node ID. +func (app *BaseApp) + +FilterPeerByID(info string) *abci.ResponseQuery { + if app.idPeerFilter != nil { + return app.idPeerFilter(info) +} + +return &abci.ResponseQuery{ +} +} + +// getContextForProposal returns the correct Context for PrepareProposal and +// ProcessProposal. We use finalizeBlockState on the first block to be able to +// access any state changes made in InitChain. +func (app *BaseApp) + +getContextForProposal(ctx sdk.Context, height int64) + +sdk.Context { + if height == app.initialHeight { + ctx, _ = app.finalizeBlockState.ctx.CacheContext() + + // clear all context data set during InitChain to avoid inconsistent behavior + ctx = ctx.WithBlockHeader(cmtproto.Header{ +}) + +return ctx +} + +return ctx +} + +func (app *BaseApp) + +handleQueryGRPC(handler GRPCQueryHandler, req *abci.RequestQuery) *abci.ResponseQuery { + ctx, err := app.CreateQueryContext(req.Height, req.Prove) + if err != nil { + return sdkerrors.QueryResult(err, app.trace) +} + +resp, err := handler(ctx, req) + if err != nil { + resp = sdkerrors.QueryResult(gRPCErrorToSDKError(err), app.trace) + +resp.Height = req.Height + return resp +} + +return resp +} + +func gRPCErrorToSDKError(err error) + +error { + status, ok := grpcstatus.FromError(err) + if !ok { + return errorsmod.Wrap(sdkerrors.ErrInvalidRequest, err.Error()) +} + switch status.Code() { + case codes.NotFound: + return errorsmod.Wrap(sdkerrors.ErrKeyNotFound, err.Error()) + case codes.InvalidArgument: + return errorsmod.Wrap(sdkerrors.ErrInvalidRequest, err.Error()) + case codes.FailedPrecondition: + return errorsmod.Wrap(sdkerrors.ErrInvalidRequest, err.Error()) + case codes.Unauthenticated: + return errorsmod.Wrap(sdkerrors.ErrUnauthorized, err.Error()) + +default: + return errorsmod.Wrap(sdkerrors.ErrUnknownRequest, err.Error()) +} +} + +func checkNegativeHeight(height int64) + +error { + if height < 0 { + return errorsmod.Wrap(sdkerrors.ErrInvalidRequest, "cannot query with height < 0; please provide a valid height") +} + +return nil +} + +// createQueryContext creates a new sdk.Context for a query, taking as args +// the block height and whether the query needs a proof or not. +func (app *BaseApp) + +CreateQueryContext(height int64, prove bool) (sdk.Context, error) { + if err := checkNegativeHeight(height); err != nil { + return sdk.Context{ +}, err +} + + // use custom query multi-store if provided + qms := app.qms + if qms == nil { + qms = app.cms.(storetypes.MultiStore) +} + lastBlockHeight := qms.LatestVersion() + if lastBlockHeight == 0 { + return sdk.Context{ +}, errorsmod.Wrapf(sdkerrors.ErrInvalidHeight, "%s is not ready; please wait for first block", app.Name()) +} + if height > lastBlockHeight { + return sdk.Context{ +}, + errorsmod.Wrap( + sdkerrors.ErrInvalidHeight, + "cannot query with height in the future; please provide a valid height", + ) +} + + // when a client did not provide a query height, manually inject the latest + if height == 0 { + height = lastBlockHeight +} + if height <= 1 && prove { + return sdk.Context{ +}, + errorsmod.Wrap( + sdkerrors.ErrInvalidRequest, + "cannot query with proof when height <= 1; please provide a valid height", + ) +} + +cacheMS, err := qms.CacheMultiStoreWithVersion(height) + if err != nil { + return sdk.Context{ +}, + errorsmod.Wrapf( + sdkerrors.ErrInvalidRequest, + "failed to load state at height %d; %s (latest height: %d)", height, err, lastBlockHeight, + ) +} + + // branch the commit multi-store for safety + ctx := sdk.NewContext(cacheMS, app.checkState.ctx.BlockHeader(), true, app.logger). + WithMinGasPrices(app.minGasPrices). + WithBlockHeight(height) + if height != lastBlockHeight { + rms, ok := app.cms.(*rootmulti.Store) + if ok { + cInfo, err := rms.GetCommitInfo(height) + if cInfo != nil && err == nil { + ctx = ctx.WithBlockTime(cInfo.Timestamp) +} + +} + +} + +return ctx, nil +} + +// GetBlockRetentionHeight returns the height for which all blocks below this height +// are pruned from CometBFT. Given a commitment height and a non-zero local +// minRetainBlocks configuration, the retentionHeight is the smallest height that +// satisfies: +// +// - Unbonding (safety threshold) + +time: The block interval in which validators +// can be economically punished for misbehavior. Blocks in this interval must be +// auditable e.g. by the light client. +// +// - Logical store snapshot interval: The block interval at which the underlying +// logical store database is persisted to disk, e.g. every 10000 heights. Blocks +// since the last IAVL snapshot must be available for replay on application restart. +// +// - State sync snapshots: Blocks since the oldest available snapshot must be +// available for state sync nodes to catch up (oldest because a node may be +// restoring an old snapshot while a new snapshot was taken). +// +// - Local (minRetainBlocks) + +config: Archive nodes may want to retain more or +// all blocks, e.g. via a local config option min-retain-blocks. There may also +// be a need to vary retention for other nodes, e.g. sentry nodes which do not +// need historical blocks. +func (app *BaseApp) + +GetBlockRetentionHeight(commitHeight int64) + +int64 { + // pruning is disabled if minRetainBlocks is zero + if app.minRetainBlocks == 0 { + return 0 +} + minNonZero := func(x, y int64) + +int64 { + switch { + case x == 0: + return y + case y == 0: + return x + case x < y: + return x + + default: + return y +} + +} + + // Define retentionHeight as the minimum value that satisfies all non-zero + // constraints. All blocks below (commitHeight-retentionHeight) + +are pruned + // from CometBFT. + var retentionHeight int64 + + // Define the number of blocks needed to protect against misbehaving validators + // which allows light clients to operate safely. Note, we piggy back of the + // evidence parameters instead of computing an estimated number of blocks based + // on the unbonding period and block commitment time as the two should be + // equivalent. + cp := app.GetConsensusParams(app.finalizeBlockState.ctx) + if cp.Evidence != nil && cp.Evidence.MaxAgeNumBlocks > 0 { + retentionHeight = commitHeight - cp.Evidence.MaxAgeNumBlocks +} + if app.snapshotManager != nil { + snapshotRetentionHeights := app.snapshotManager.GetSnapshotBlockRetentionHeights() + if snapshotRetentionHeights > 0 { + retentionHeight = minNonZero(retentionHeight, commitHeight-snapshotRetentionHeights) +} + +} + v := commitHeight - int64(app.minRetainBlocks) + +retentionHeight = minNonZero(retentionHeight, v) + if retentionHeight <= 0 { + // prune nothing in the case of a non-positive height + return 0 +} + +return retentionHeight +} + +// toVoteInfo converts the new ExtendedVoteInfo to VoteInfo. +func toVoteInfo(votes []abci.ExtendedVoteInfo) []abci.VoteInfo { + legacyVotes := make([]abci.VoteInfo, len(votes)) + for i, vote := range votes { + legacyVotes[i] = abci.VoteInfo{ + Validator: abci.Validator{ + Address: vote.Validator.Address, + Power: vote.Validator.Power, +}, + BlockIdFlag: vote.BlockIdFlag, +} + +} + +return legacyVotes +} +``` diff --git a/docs/sdk/next/build/building-modules/module-interfaces.mdx b/docs/sdk/next/build/building-modules/module-interfaces.mdx new file mode 100644 index 00000000..0e9a9a87 --- /dev/null +++ b/docs/sdk/next/build/building-modules/module-interfaces.mdx @@ -0,0 +1,1080 @@ +--- +title: Module Interfaces +--- + +**Synopsis** +This document details how to build CLI and REST interfaces for a module. Examples from various Cosmos SDK modules are included. + + + +**Pre-requisite Readings** + +* [Building Modules Intro](/docs/sdk/vnext/build/building-modules/intro) + + + +## CLI + +One of the main interfaces for an application is the [command-line interface](/docs/sdk/vnext/learn/advanced/cli). This entrypoint adds commands from the application's modules enabling end-users to create [**messages**](/docs/sdk/vnext/build/building-modules/messages-and-queries#messages) wrapped in transactions and [**queries**](/docs/sdk/vnext/build/building-modules/messages-and-queries#queries). The CLI files are typically found in the module's `./client/cli` folder. + +### Transaction Commands + +In order to create messages that trigger state changes, end-users must create [transactions](/docs/sdk/vnext/learn/advanced/transactions) that wrap and deliver the messages. A transaction command creates a transaction that includes one or more messages. + +Transaction commands typically have their own `tx.go` file that lives within the module's `./client/cli` folder. The commands are specified in getter functions and the name of the function should include the name of the command. + +Here is an example from the `x/bank` module: + +```go expandable +package cli + +import ( + + "fmt" + "cosmossdk.io/core/address" + sdkmath "cosmossdk.io/math" + "github.com/spf13/cobra" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/client/flags" + "github.com/cosmos/cosmos-sdk/client/tx" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/x/bank/types" +) + +var FlagSplit = "split" + +// NewTxCmd returns a root CLI command handler for all x/bank transaction commands. +func NewTxCmd(ac address.Codec) *cobra.Command { + txCmd := &cobra.Command{ + Use: types.ModuleName, + Short: "Bank transaction subcommands", + DisableFlagParsing: true, + SuggestionsMinimumDistance: 2, + RunE: client.ValidateCmd, +} + +txCmd.AddCommand( + NewSendTxCmd(ac), + NewMultiSendTxCmd(ac), + ) + +return txCmd +} + +// NewSendTxCmd returns a CLI command handler for creating a MsgSend transaction. +func NewSendTxCmd(ac address.Codec) *cobra.Command { + cmd := &cobra.Command{ + Use: "send [from_key_or_address] [to_address] [amount]", + Short: "Send funds from one account to another.", + Long: `Send funds from one account to another. +Note, the '--from' flag is ignored as it is implied from [from_key_or_address]. +When using '--dry-run' a key name cannot be used, only a bech32 address. +`, + Args: cobra.ExactArgs(3), + RunE: func(cmd *cobra.Command, args []string) + +error { + cmd.Flags().Set(flags.FlagFrom, args[0]) + +clientCtx, err := client.GetClientTxContext(cmd) + if err != nil { + return err +} + +toAddr, err := ac.StringToBytes(args[1]) + if err != nil { + return err +} + +coins, err := sdk.ParseCoinsNormalized(args[2]) + if err != nil { + return err +} + if len(coins) == 0 { + return fmt.Errorf("invalid coins") +} + msg := types.NewMsgSend(clientCtx.GetFromAddress(), toAddr, coins) + +return tx.GenerateOrBroadcastTxCLI(clientCtx, cmd.Flags(), msg) +}, +} + +flags.AddTxFlagsToCmd(cmd) + +return cmd +} + +// NewMultiSendTxCmd returns a CLI command handler for creating a MsgMultiSend transaction. +// For a better UX this command is limited to send funds from one account to two or more accounts. +func NewMultiSendTxCmd(ac address.Codec) *cobra.Command { + cmd := &cobra.Command{ + Use: "multi-send [from_key_or_address] [to_address_1, to_address_2, ...] [amount]", + Short: "Send funds from one account to two or more accounts.", + Long: `Send funds from one account to two or more accounts. +By default, sends the [amount] to each address of the list. +Using the '--split' flag, the [amount] is split equally between the addresses. +Note, the '--from' flag is ignored as it is implied from [from_key_or_address]. +When using '--dry-run' a key name cannot be used, only a bech32 address. +`, + Args: cobra.MinimumNArgs(4), + RunE: func(cmd *cobra.Command, args []string) + +error { + cmd.Flags().Set(flags.FlagFrom, args[0]) + +clientCtx, err := client.GetClientTxContext(cmd) + if err != nil { + return err +} + +coins, err := sdk.ParseCoinsNormalized(args[len(args)-1]) + if err != nil { + return err +} + if coins.IsZero() { + return fmt.Errorf("must send positive amount") +} + +split, err := cmd.Flags().GetBool(FlagSplit) + if err != nil { + return err +} + totalAddrs := sdkmath.NewInt(int64(len(args) - 2)) + // coins to be received by the addresses + sendCoins := coins + if split { + sendCoins = coins.QuoInt(totalAddrs) +} + +var output []types.Output + for _, arg := range args[1 : len(args)-1] { + toAddr, err := ac.StringToBytes(arg) + if err != nil { + return err +} + +output = append(output, types.NewOutput(toAddr, sendCoins)) +} + + // amount to be send from the from address + var amount sdk.Coins + if split { + // user input: 1000stake to send to 3 addresses + // actual: 333stake to each address (=> 999stake actually sent) + +amount = sendCoins.MulInt(totalAddrs) +} + +else { + amount = coins.MulInt(totalAddrs) +} + msg := types.NewMsgMultiSend(types.NewInput(clientCtx.FromAddress, amount), output) + +return tx.GenerateOrBroadcastTxCLI(clientCtx, cmd.Flags(), msg) +}, +} + +cmd.Flags().Bool(FlagSplit, false, "Send the equally split token amount to each address") + +flags.AddTxFlagsToCmd(cmd) + +return cmd +} +``` + +In the example, `NewSendTxCmd()` creates and returns the transaction command for a transaction that wraps and delivers `MsgSend`. `MsgSend` is the message used to send tokens from one account to another. + +In general, the getter function does the following: + +* **Constructs the command:** Read the [Cobra Documentation](https://pkg.go.dev/github.com/spf13/cobra) for more detailed information on how to create commands. + * **Use:** Specifies the format of the user input required to invoke the command. In the example above, `send` is the name of the transaction command and `[from_key_or_address]`, `[to_address]`, and `[amount]` are the arguments. + * **Args:** The number of arguments the user provides. In this case, there are exactly three: `[from_key_or_address]`, `[to_address]`, and `[amount]`. + * **Short and Long:** Descriptions for the command. A `Short` description is expected. A `Long` description can be used to provide additional information that is displayed when a user adds the `--help` flag. + * **RunE:** Defines a function that can return an error. This is the function that is called when the command is executed. This function encapsulates all of the logic to create a new transaction. + * The function typically starts by getting the `clientCtx`, which can be done with `client.GetClientTxContext(cmd)`. The `clientCtx` contains information relevant to transaction handling, including information about the user. In this example, the `clientCtx` is used to retrieve the address of the sender by calling `clientCtx.GetFromAddress()`. + * If applicable, the command's arguments are parsed. In this example, the arguments `[to_address]` and `[amount]` are both parsed. + * A [message](/docs/sdk/vnext/build/building-modules/messages-and-queries) is created using the parsed arguments and information from the `clientCtx`. The constructor function of the message type is called directly. In this case, `types.NewMsgSend(fromAddr, toAddr, amount)`. Its good practice to call, if possible, the necessary [message validation methods](/docs/sdk/vnext/build/building-modules/msg-services#Validation) before broadcasting the message. + * Depending on what the user wants, the transaction is either generated offline or signed and broadcasted to the preconfigured node using `tx.GenerateOrBroadcastTxCLI(clientCtx, flags, msg)`. +* **Adds transaction flags:** All transaction commands must add a set of transaction [flags](#flags). The transaction flags are used to collect additional information from the user (e.g. the amount of fees the user is willing to pay). The transaction flags are added to the constructed command using `AddTxFlagsToCmd(cmd)`. +* **Returns the command:** Finally, the transaction command is returned. + +Each module can implement `NewTxCmd()`, which aggregates all of the transaction commands of the module. Here is an example from the `x/bank` module: + +```go expandable +package cli + +import ( + + "fmt" + "cosmossdk.io/core/address" + sdkmath "cosmossdk.io/math" + "github.com/spf13/cobra" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/client/flags" + "github.com/cosmos/cosmos-sdk/client/tx" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/x/bank/types" +) + +var FlagSplit = "split" + +// NewTxCmd returns a root CLI command handler for all x/bank transaction commands. +func NewTxCmd(ac address.Codec) *cobra.Command { + txCmd := &cobra.Command{ + Use: types.ModuleName, + Short: "Bank transaction subcommands", + DisableFlagParsing: true, + SuggestionsMinimumDistance: 2, + RunE: client.ValidateCmd, +} + +txCmd.AddCommand( + NewSendTxCmd(ac), + NewMultiSendTxCmd(ac), + ) + +return txCmd +} + +// NewSendTxCmd returns a CLI command handler for creating a MsgSend transaction. +func NewSendTxCmd(ac address.Codec) *cobra.Command { + cmd := &cobra.Command{ + Use: "send [from_key_or_address] [to_address] [amount]", + Short: "Send funds from one account to another.", + Long: `Send funds from one account to another. +Note, the '--from' flag is ignored as it is implied from [from_key_or_address]. +When using '--dry-run' a key name cannot be used, only a bech32 address. +`, + Args: cobra.ExactArgs(3), + RunE: func(cmd *cobra.Command, args []string) + +error { + cmd.Flags().Set(flags.FlagFrom, args[0]) + +clientCtx, err := client.GetClientTxContext(cmd) + if err != nil { + return err +} + +toAddr, err := ac.StringToBytes(args[1]) + if err != nil { + return err +} + +coins, err := sdk.ParseCoinsNormalized(args[2]) + if err != nil { + return err +} + if len(coins) == 0 { + return fmt.Errorf("invalid coins") +} + msg := types.NewMsgSend(clientCtx.GetFromAddress(), toAddr, coins) + +return tx.GenerateOrBroadcastTxCLI(clientCtx, cmd.Flags(), msg) +}, +} + +flags.AddTxFlagsToCmd(cmd) + +return cmd +} + +// NewMultiSendTxCmd returns a CLI command handler for creating a MsgMultiSend transaction. +// For a better UX this command is limited to send funds from one account to two or more accounts. +func NewMultiSendTxCmd(ac address.Codec) *cobra.Command { + cmd := &cobra.Command{ + Use: "multi-send [from_key_or_address] [to_address_1, to_address_2, ...] [amount]", + Short: "Send funds from one account to two or more accounts.", + Long: `Send funds from one account to two or more accounts. +By default, sends the [amount] to each address of the list. +Using the '--split' flag, the [amount] is split equally between the addresses. +Note, the '--from' flag is ignored as it is implied from [from_key_or_address]. +When using '--dry-run' a key name cannot be used, only a bech32 address. +`, + Args: cobra.MinimumNArgs(4), + RunE: func(cmd *cobra.Command, args []string) + +error { + cmd.Flags().Set(flags.FlagFrom, args[0]) + +clientCtx, err := client.GetClientTxContext(cmd) + if err != nil { + return err +} + +coins, err := sdk.ParseCoinsNormalized(args[len(args)-1]) + if err != nil { + return err +} + if coins.IsZero() { + return fmt.Errorf("must send positive amount") +} + +split, err := cmd.Flags().GetBool(FlagSplit) + if err != nil { + return err +} + totalAddrs := sdkmath.NewInt(int64(len(args) - 2)) + // coins to be received by the addresses + sendCoins := coins + if split { + sendCoins = coins.QuoInt(totalAddrs) +} + +var output []types.Output + for _, arg := range args[1 : len(args)-1] { + toAddr, err := ac.StringToBytes(arg) + if err != nil { + return err +} + +output = append(output, types.NewOutput(toAddr, sendCoins)) +} + + // amount to be send from the from address + var amount sdk.Coins + if split { + // user input: 1000stake to send to 3 addresses + // actual: 333stake to each address (=> 999stake actually sent) + +amount = sendCoins.MulInt(totalAddrs) +} + +else { + amount = coins.MulInt(totalAddrs) +} + msg := types.NewMsgMultiSend(types.NewInput(clientCtx.FromAddress, amount), output) + +return tx.GenerateOrBroadcastTxCLI(clientCtx, cmd.Flags(), msg) +}, +} + +cmd.Flags().Bool(FlagSplit, false, "Send the equally split token amount to each address") + +flags.AddTxFlagsToCmd(cmd) + +return cmd +} +``` + +Each module then can also implement a `GetTxCmd()` method that simply returns `NewTxCmd()`. This allows the root command to easily aggregate all of the transaction commands for each module. Here is an example: + +```go expandable +package bank + +import ( + + "context" + "encoding/json" + "fmt" + "time" + + modulev1 "cosmossdk.io/api/cosmos/bank/module/v1" + "cosmossdk.io/core/address" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/depinject" + "cosmossdk.io/log" + abci "github.com/cometbft/cometbft/abci/types" + gwruntime "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/spf13/cobra" + + corestore "cosmossdk.io/core/store" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + "github.com/cosmos/cosmos-sdk/telemetry" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/module" + simtypes "github.com/cosmos/cosmos-sdk/types/simulation" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + "github.com/cosmos/cosmos-sdk/x/bank/client/cli" + "github.com/cosmos/cosmos-sdk/x/bank/exported" + "github.com/cosmos/cosmos-sdk/x/bank/keeper" + v1bank "github.com/cosmos/cosmos-sdk/x/bank/migrations/v1" + "github.com/cosmos/cosmos-sdk/x/bank/simulation" + "github.com/cosmos/cosmos-sdk/x/bank/types" + govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" +) + +// ConsensusVersion defines the current x/bank module consensus version. +const ConsensusVersion = 4 + +var ( + _ module.AppModule = AppModule{ +} + _ module.AppModuleBasic = AppModuleBasic{ +} + _ module.AppModuleSimulation = AppModule{ +} +) + +// AppModuleBasic defines the basic application module used by the bank module. +type AppModuleBasic struct { + cdc codec.Codec + ac address.Codec +} + +// Name returns the bank module's name. +func (AppModuleBasic) + +Name() + +string { + return types.ModuleName +} + +// RegisterLegacyAminoCodec registers the bank module's types on the LegacyAmino codec. +func (AppModuleBasic) + +RegisterLegacyAminoCodec(cdc *codec.LegacyAmino) { + types.RegisterLegacyAminoCodec(cdc) +} + +// DefaultGenesis returns default genesis state as raw bytes for the bank +// module. +func (AppModuleBasic) + +DefaultGenesis(cdc codec.JSONCodec) + +json.RawMessage { + return cdc.MustMarshalJSON(types.DefaultGenesisState()) +} + +// ValidateGenesis performs genesis state validation for the bank module. +func (AppModuleBasic) + +ValidateGenesis(cdc codec.JSONCodec, _ client.TxEncodingConfig, bz json.RawMessage) + +error { + var data types.GenesisState + if err := cdc.UnmarshalJSON(bz, &data); err != nil { + return fmt.Errorf("failed to unmarshal %s genesis state: %w", types.ModuleName, err) +} + +return data.Validate() +} + +// RegisterGRPCGatewayRoutes registers the gRPC Gateway routes for the bank module. +func (AppModuleBasic) + +RegisterGRPCGatewayRoutes(clientCtx client.Context, mux *gwruntime.ServeMux) { + if err := types.RegisterQueryHandlerClient(context.Background(), mux, types.NewQueryClient(clientCtx)); err != nil { + panic(err) +} +} + +// GetTxCmd returns the root tx command for the bank module. +func (ab AppModuleBasic) + +GetTxCmd() *cobra.Command { + return cli.NewTxCmd(ab.ac) +} + +// GetQueryCmd returns no root query command for the bank module. +func (ab AppModuleBasic) + +GetQueryCmd() *cobra.Command { + return cli.GetQueryCmd(ab.ac) +} + +// RegisterInterfaces registers interfaces and implementations of the bank module. +func (AppModuleBasic) + +RegisterInterfaces(registry codectypes.InterfaceRegistry) { + types.RegisterInterfaces(registry) + + // Register legacy interfaces for migration scripts. + v1bank.RegisterInterfaces(registry) +} + +// AppModule implements an application module for the bank module. +type AppModule struct { + AppModuleBasic + + keeper keeper.Keeper + accountKeeper types.AccountKeeper + + // legacySubspace is used solely for migration of x/params managed parameters + legacySubspace exported.Subspace +} + +var _ appmodule.AppModule = AppModule{ +} + +// IsOnePerModuleType implements the depinject.OnePerModuleType interface. +func (am AppModule) + +IsOnePerModuleType() { +} + +// IsAppModule implements the appmodule.AppModule interface. +func (am AppModule) + +IsAppModule() { +} + +// RegisterServices registers module services. +func (am AppModule) + +RegisterServices(cfg module.Configurator) { + types.RegisterMsgServer(cfg.MsgServer(), keeper.NewMsgServerImpl(am.keeper)) + +types.RegisterQueryServer(cfg.QueryServer(), am.keeper) + m := keeper.NewMigrator(am.keeper.(keeper.BaseKeeper), am.legacySubspace) + if err := cfg.RegisterMigration(types.ModuleName, 1, m.Migrate1to2); err != nil { + panic(fmt.Sprintf("failed to migrate x/bank from version 1 to 2: %v", err)) +} + if err := cfg.RegisterMigration(types.ModuleName, 2, m.Migrate2to3); err != nil { + panic(fmt.Sprintf("failed to migrate x/bank from version 2 to 3: %v", err)) +} + if err := cfg.RegisterMigration(types.ModuleName, 3, m.Migrate3to4); err != nil { + panic(fmt.Sprintf("failed to migrate x/bank from version 3 to 4: %v", err)) +} +} + +// NewAppModule creates a new AppModule object +func NewAppModule(cdc codec.Codec, keeper keeper.Keeper, accountKeeper types.AccountKeeper, ss exported.Subspace) + +AppModule { + return AppModule{ + AppModuleBasic: AppModuleBasic{ + cdc: cdc, ac: accountKeeper.AddressCodec() +}, + keeper: keeper, + accountKeeper: accountKeeper, + legacySubspace: ss, +} +} + +// Name returns the bank module's name. +func (AppModule) + +Name() + +string { + return types.ModuleName +} + +// RegisterInvariants registers the bank module invariants. +func (am AppModule) + +RegisterInvariants(ir sdk.InvariantRegistry) { + keeper.RegisterInvariants(ir, am.keeper) +} + +// QuerierRoute returns the bank module's querier route name. +func (AppModule) + +QuerierRoute() + +string { + return types.RouterKey +} + +// InitGenesis performs genesis initialization for the bank module. It returns +// no validator updates. +func (am AppModule) + +InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, data json.RawMessage) []abci.ValidatorUpdate { + start := time.Now() + +var genesisState types.GenesisState + cdc.MustUnmarshalJSON(data, &genesisState) + +telemetry.MeasureSince(start, "InitGenesis", "crisis", "unmarshal") + +am.keeper.InitGenesis(ctx, &genesisState) + +return []abci.ValidatorUpdate{ +} +} + +// ExportGenesis returns the exported genesis state as raw bytes for the bank +// module. +func (am AppModule) + +ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec) + +json.RawMessage { + gs := am.keeper.ExportGenesis(ctx) + +return cdc.MustMarshalJSON(gs) +} + +// ConsensusVersion implements AppModule/ConsensusVersion. +func (AppModule) + +ConsensusVersion() + +uint64 { + return ConsensusVersion +} + +// AppModuleSimulation functions + +// GenerateGenesisState creates a randomized GenState of the bank module. +func (AppModule) + +GenerateGenesisState(simState *module.SimulationState) { + simulation.RandomizedGenState(simState) +} + +// ProposalMsgs returns msgs used for governance proposals for simulations. +func (AppModule) + +ProposalMsgs(simState module.SimulationState) []simtypes.WeightedProposalMsg { + return simulation.ProposalMsgs() +} + +// RegisterStoreDecoder registers a decoder for supply module's types +func (am AppModule) + +RegisterStoreDecoder(sdr simtypes.StoreDecoderRegistry) { + sdr[types.StoreKey] = simtypes.NewStoreDecoderFuncFromCollectionsSchema(am.keeper.(keeper.BaseKeeper).Schema) +} + +// WeightedOperations returns the all the gov module operations with their respective weights. +func (am AppModule) + +WeightedOperations(simState module.SimulationState) []simtypes.WeightedOperation { + return simulation.WeightedOperations( + simState.AppParams, simState.Cdc, simState.TxConfig, am.accountKeeper, am.keeper, + ) +} + +// App Wiring Setup + +func init() { + appmodule.Register(&modulev1.Module{ +}, + appmodule.Provide(ProvideModule), + ) +} + +type ModuleInputs struct { + depinject.In + + Config *modulev1.Module + Cdc codec.Codec + StoreService corestore.KVStoreService + Logger log.Logger + + AccountKeeper types.AccountKeeper + + // LegacySubspace is used solely for migration of x/params managed parameters + LegacySubspace exported.Subspace `optional:"true"` +} + +type ModuleOutputs struct { + depinject.Out + + BankKeeper keeper.BaseKeeper + Module appmodule.AppModule +} + +func ProvideModule(in ModuleInputs) + +ModuleOutputs { + // Configure blocked module accounts. + // + // Default behavior for blockedAddresses is to regard any module mentioned in + // AccountKeeper's module account permissions as blocked. + blockedAddresses := make(map[string]bool) + if len(in.Config.BlockedModuleAccountsOverride) > 0 { + for _, moduleName := range in.Config.BlockedModuleAccountsOverride { + blockedAddresses[authtypes.NewModuleAddress(moduleName).String()] = true +} + +} + +else { + for _, permission := range in.AccountKeeper.GetModulePermissions() { + blockedAddresses[permission.GetAddress().String()] = true +} + +} + + // default to governance authority if not provided + authority := authtypes.NewModuleAddress(govtypes.ModuleName) + if in.Config.Authority != "" { + authority = authtypes.NewModuleAddressOrBech32Address(in.Config.Authority) +} + bankKeeper := keeper.NewBaseKeeper( + in.Cdc, + in.StoreService, + in.AccountKeeper, + blockedAddresses, + authority.String(), + in.Logger, + ) + m := NewAppModule(in.Cdc, bankKeeper, in.AccountKeeper, in.LegacySubspace) + +return ModuleOutputs{ + BankKeeper: bankKeeper, + Module: m +} +} +``` + +### Query Commands + + +This section is being rewritten. Refer to [AutoCLI](https://docs.cosmos.network/main/core/autocli) while this section is being updated. + + +## gRPC + +[gRPC](https://grpc.io/) is a Remote Procedure Call (RPC) framework. RPC is the preferred way for external clients like wallets and exchanges to interact with a blockchain. + +In addition to providing an ABCI query pathway, the Cosmos SDK provides a gRPC proxy server that routes gRPC query requests to ABCI query requests. + +In order to do that, modules must implement `RegisterGRPCGatewayRoutes(clientCtx client.Context, mux *runtime.ServeMux)` on `AppModuleBasic` to wire the client gRPC requests to the correct handler inside the module. + +Here's an example from the `x/auth` module: + +```go expandable +package auth + +import ( + + "context" + "encoding/json" + "fmt" + + abci "github.com/cometbft/cometbft/abci/types" + gwruntime "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/spf13/cobra" + "cosmossdk.io/depinject" + + authcodec "github.com/cosmos/cosmos-sdk/x/auth/codec" + "cosmossdk.io/core/address" + "cosmossdk.io/core/appmodule" + + modulev1 "cosmossdk.io/api/cosmos/auth/module/v1" + "cosmossdk.io/core/store" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/module" + simtypes "github.com/cosmos/cosmos-sdk/types/simulation" + "github.com/cosmos/cosmos-sdk/x/auth/client/cli" + "github.com/cosmos/cosmos-sdk/x/auth/exported" + "github.com/cosmos/cosmos-sdk/x/auth/keeper" + "github.com/cosmos/cosmos-sdk/x/auth/simulation" + "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +// ConsensusVersion defines the current x/auth module consensus version. +const ( + ConsensusVersion = 5 + GovModuleName = "gov" +) + +var ( + _ module.AppModule = AppModule{ +} + _ module.AppModuleBasic = AppModuleBasic{ +} + _ module.AppModuleSimulation = AppModule{ +} +) + +// AppModuleBasic defines the basic application module used by the auth module. +type AppModuleBasic struct { + ac address.Codec +} + +// Name returns the auth module's name. +func (AppModuleBasic) + +Name() + +string { + return types.ModuleName +} + +// RegisterLegacyAminoCodec registers the auth module's types for the given codec. +func (AppModuleBasic) + +RegisterLegacyAminoCodec(cdc *codec.LegacyAmino) { + types.RegisterLegacyAminoCodec(cdc) +} + +// DefaultGenesis returns default genesis state as raw bytes for the auth +// module. +func (AppModuleBasic) + +DefaultGenesis(cdc codec.JSONCodec) + +json.RawMessage { + return cdc.MustMarshalJSON(types.DefaultGenesisState()) +} + +// ValidateGenesis performs genesis state validation for the auth module. +func (AppModuleBasic) + +ValidateGenesis(cdc codec.JSONCodec, config client.TxEncodingConfig, bz json.RawMessage) + +error { + var data types.GenesisState + if err := cdc.UnmarshalJSON(bz, &data); err != nil { + return fmt.Errorf("failed to unmarshal %s genesis state: %w", types.ModuleName, err) +} + +return types.ValidateGenesis(data) +} + +// RegisterGRPCGatewayRoutes registers the gRPC Gateway routes for the auth module. +func (AppModuleBasic) + +RegisterGRPCGatewayRoutes(clientCtx client.Context, mux *gwruntime.ServeMux) { + if err := types.RegisterQueryHandlerClient(context.Background(), mux, types.NewQueryClient(clientCtx)); err != nil { + panic(err) +} +} + +// GetTxCmd returns the root tx command for the auth module. +func (AppModuleBasic) + +GetTxCmd() *cobra.Command { + return nil +} + +// GetQueryCmd returns the root query command for the auth module. +func (ab AppModuleBasic) + +GetQueryCmd() *cobra.Command { + return cli.GetQueryCmd(ab.ac) +} + +// RegisterInterfaces registers interfaces and implementations of the auth module. +func (AppModuleBasic) + +RegisterInterfaces(registry codectypes.InterfaceRegistry) { + types.RegisterInterfaces(registry) +} + +// AppModule implements an application module for the auth module. +type AppModule struct { + AppModuleBasic + + accountKeeper keeper.AccountKeeper + randGenAccountsFn types.RandomGenesisAccountsFn + + // legacySubspace is used solely for migration of x/params managed parameters + legacySubspace exported.Subspace +} + +var _ appmodule.AppModule = AppModule{ +} + +// IsOnePerModuleType implements the depinject.OnePerModuleType interface. +func (am AppModule) + +IsOnePerModuleType() { +} + +// IsAppModule implements the appmodule.AppModule interface. +func (am AppModule) + +IsAppModule() { +} + +// NewAppModule creates a new AppModule object +func NewAppModule(cdc codec.Codec, accountKeeper keeper.AccountKeeper, randGenAccountsFn types.RandomGenesisAccountsFn, ss exported.Subspace) + +AppModule { + return AppModule{ + AppModuleBasic: AppModuleBasic{ + ac: accountKeeper.AddressCodec() +}, + accountKeeper: accountKeeper, + randGenAccountsFn: randGenAccountsFn, + legacySubspace: ss, +} +} + +// Name returns the auth module's name. +func (AppModule) + +Name() + +string { + return types.ModuleName +} + +// RegisterServices registers a GRPC query service to respond to the +// module-specific GRPC queries. +func (am AppModule) + +RegisterServices(cfg module.Configurator) { + types.RegisterMsgServer(cfg.MsgServer(), keeper.NewMsgServerImpl(am.accountKeeper)) + +types.RegisterQueryServer(cfg.QueryServer(), keeper.NewQueryServer(am.accountKeeper)) + m := keeper.NewMigrator(am.accountKeeper, cfg.QueryServer(), am.legacySubspace) + if err := cfg.RegisterMigration(types.ModuleName, 1, m.Migrate1to2); err != nil { + panic(fmt.Sprintf("failed to migrate x/%s from version 1 to 2: %v", types.ModuleName, err)) +} + if err := cfg.RegisterMigration(types.ModuleName, 2, m.Migrate2to3); err != nil { + panic(fmt.Sprintf("failed to migrate x/%s from version 2 to 3: %v", types.ModuleName, err)) +} + if err := cfg.RegisterMigration(types.ModuleName, 3, m.Migrate3to4); err != nil { + panic(fmt.Sprintf("failed to migrate x/%s from version 3 to 4: %v", types.ModuleName, err)) +} + if err := cfg.RegisterMigration(types.ModuleName, 4, m.Migrate4To5); err != nil { + panic(fmt.Sprintf("failed to migrate x/%s from version 4 to 5", types.ModuleName)) +} +} + +// InitGenesis performs genesis initialization for the auth module. It returns +// no validator updates. +func (am AppModule) + +InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, data json.RawMessage) []abci.ValidatorUpdate { + var genesisState types.GenesisState + cdc.MustUnmarshalJSON(data, &genesisState) + +am.accountKeeper.InitGenesis(ctx, genesisState) + +return []abci.ValidatorUpdate{ +} +} + +// ExportGenesis returns the exported genesis state as raw bytes for the auth +// module. +func (am AppModule) + +ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec) + +json.RawMessage { + gs := am.accountKeeper.ExportGenesis(ctx) + +return cdc.MustMarshalJSON(gs) +} + +// ConsensusVersion implements AppModule/ConsensusVersion. +func (AppModule) + +ConsensusVersion() + +uint64 { + return ConsensusVersion +} + +// AppModuleSimulation functions + +// GenerateGenesisState creates a randomized GenState of the auth module +func (am AppModule) + +GenerateGenesisState(simState *module.SimulationState) { + simulation.RandomizedGenState(simState, am.randGenAccountsFn) +} + +// ProposalMsgs returns msgs used for governance proposals for simulations. +func (AppModule) + +ProposalMsgs(simState module.SimulationState) []simtypes.WeightedProposalMsg { + return simulation.ProposalMsgs() +} + +// RegisterStoreDecoder registers a decoder for auth module's types +func (am AppModule) + +RegisterStoreDecoder(sdr simtypes.StoreDecoderRegistry) { + sdr[types.StoreKey] = simtypes.NewStoreDecoderFuncFromCollectionsSchema(am.accountKeeper.Schema) +} + +// WeightedOperations doesn't return any auth module operation. +func (AppModule) + +WeightedOperations(_ module.SimulationState) []simtypes.WeightedOperation { + return nil +} + +// +// App Wiring Setup +// + +func init() { + appmodule.Register(&modulev1.Module{ +}, + appmodule.Provide(ProvideAddressCodec), + appmodule.Provide(ProvideModule), + ) +} + +// ProvideAddressCodec provides an address.Codec to the container for any +// modules that want to do address string <> bytes conversion. +func ProvideAddressCodec(config *modulev1.Module) + +address.Codec { + return authcodec.NewBech32Codec(config.Bech32Prefix) +} + +type ModuleInputs struct { + depinject.In + + Config *modulev1.Module + StoreService store.KVStoreService + Cdc codec.Codec + + RandomGenesisAccountsFn types.RandomGenesisAccountsFn `optional:"true"` + AccountI func() + +sdk.AccountI `optional:"true"` + + // LegacySubspace is used solely for migration of x/params managed parameters + LegacySubspace exported.Subspace `optional:"true"` +} + +type ModuleOutputs struct { + depinject.Out + + AccountKeeper keeper.AccountKeeper + Module appmodule.AppModule +} + +func ProvideModule(in ModuleInputs) + +ModuleOutputs { + maccPerms := map[string][]string{ +} + for _, permission := range in.Config.ModuleAccountPermissions { + maccPerms[permission.Account] = permission.Permissions +} + + // default to governance authority if not provided + authority := types.NewModuleAddress(GovModuleName) + if in.Config.Authority != "" { + authority = types.NewModuleAddressOrBech32Address(in.Config.Authority) +} + if in.RandomGenesisAccountsFn == nil { + in.RandomGenesisAccountsFn = simulation.RandomGenesisAccounts +} + if in.AccountI == nil { + in.AccountI = types.ProtoBaseAccount +} + k := keeper.NewAccountKeeper(in.Cdc, in.StoreService, in.AccountI, maccPerms, in.Config.Bech32Prefix, authority.String()) + m := NewAppModule(in.Cdc, k, in.RandomGenesisAccountsFn, in.LegacySubspace) + +return ModuleOutputs{ + AccountKeeper: k, + Module: m +} +} +``` + +## gRPC-gateway REST + +Applications need to support web services that use HTTP requests (e.g. a web wallet like [Keplr](https://keplr.app)). [grpc-gateway](https://github.com/grpc-ecosystem/grpc-gateway) translates REST calls into gRPC calls, which might be useful for clients that do not use gRPC. + +Modules that want to expose REST queries should add `google.api.http` annotations to their `rpc` methods, such as in the example below from the `x/auth` module: + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/auth/v1beta1/query.proto#L14-L89 +``` + +gRPC gateway is started in-process along with the application and CometBFT. It can be enabled or disabled by setting gRPC Configuration `enable` in [`app.toml`](/docs/sdk/vnext/user/run-node/run-node#configuring-the-node-using-apptoml-and-configtoml). + +The Cosmos SDK provides a command for generating [Swagger](https://swagger.io/) documentation (`protoc-gen-swagger`). Setting `swagger` in [`app.toml`](/docs/sdk/vnext/user/run-node/run-node#configuring-the-node-using-apptoml-and-configtoml) defines if swagger documentation should be automatically registered. diff --git a/docs/sdk/next/build/building-modules/module-manager.mdx b/docs/sdk/next/build/building-modules/module-manager.mdx new file mode 100644 index 00000000..d437a5d6 --- /dev/null +++ b/docs/sdk/next/build/building-modules/module-manager.mdx @@ -0,0 +1,16221 @@ +--- +title: Module Manager +--- + +**Synopsis** +Cosmos SDK modules need to implement the [`AppModule` interfaces](#application-module-interfaces), in order to be managed by the application's [module manager](#module-manager). The module manager plays an important role in [`message` and `query` routing](/docs/sdk/vnext/learn/advanced/baseapp#routing), and allows application developers to set the order of execution of a variety of functions like [`PreBlocker`](/docs/sdk/vnext/learn/beginner/app-anatomy#preblocker) and [`BeginBlocker` and `EndBlocker`](/docs/sdk/vnext/learn/beginner/app-anatomy#beginblocker-and-endblocker). + + + +**Pre-requisite Readings** + +* [Introduction to Cosmos SDK Modules](/docs/sdk/vnext/build/building-modules/intro) + + + +## Application Module Interfaces + +Application module interfaces exist to facilitate the composition of modules together to form a functional Cosmos SDK application. + + + +It is recommended to implement interfaces from the [Core API](https://docs.cosmos.network/main/architecture/adr-063-core-module-api) `appmodule` package. This makes modules less dependent on the SDK. +For legacy reason modules can still implement interfaces from the SDK `module` package. + + +There are 2 main application module interfaces: + +* [`appmodule.AppModule` / `module.AppModule`](#appmodule) for inter-dependent module functionalities (except genesis-related functionalities). +* (legacy) [`module.AppModuleBasic`](#appmodulebasic) for independent module functionalities. New modules can use `module.CoreAppModuleBasicAdaptor` instead. + +The above interfaces are mostly embedding smaller interfaces (extension interfaces), that define specific functionalities: + +* (legacy) `module.HasName`: Allows the module to provide its own name for legacy purposes. +* (legacy) [`module.HasGenesisBasics`](#modulehasgenesisbasics): The legacy interface for stateless genesis methods. +* [`module.HasGenesis`](#modulehasgenesis) for inter-dependent genesis-related module functionalities. +* [`module.HasABCIGenesis`](#modulehasabcigenesis) for inter-dependent genesis-related module functionalities. +* [`appmodule.HasGenesis` / `module.HasGenesis`](#appmodulehasgenesis): The extension interface for stateful genesis methods. +* [`appmodule.HasPreBlocker`](#haspreblocker): The extension interface that contains information about the `AppModule` and `PreBlock`. +* [`appmodule.HasBeginBlocker`](#hasbeginblocker): The extension interface that contains information about the `AppModule` and `BeginBlock`. +* [`appmodule.HasEndBlocker`](#hasendblocker): The extension interface that contains information about the `AppModule` and `EndBlock`. +* [`appmodule.HasPrecommit`](#hasprecommit): The extension interface that contains information about the `AppModule` and `Precommit`. +* [`appmodule.HasPrepareCheckState`](#haspreparecheckstate): The extension interface that contains information about the `AppModule` and `PrepareCheckState`. +* [`appmodule.HasService` / `module.HasServices`](#hasservices): The extension interface for modules to register services. +* [`module.HasABCIEndBlock`](#hasabciendblock): The extension interface that contains information about the `AppModule`, `EndBlock` and returns an updated validator set. +* (legacy) [`module.HasInvariants`](#hasinvariants): The extension interface for registering invariants. +* (legacy) [`module.HasConsensusVersion`](#hasconsensusversion): The extension interface for declaring a module consensus version. + +The `AppModuleBasic` interface exists to define independent methods of the module, i.e. those that do not depend on other modules in the application. This allows for the construction of the basic application structure early in the application definition, generally in the `init()` function of the [main application file](/docs/sdk/vnext/learn/beginner/app-anatomy#core-application-file). + +The `AppModule` interface exists to define inter-dependent module methods. Many modules need to interact with other modules, typically through [`keeper`s](/docs/sdk/vnext/build/building-modules/keeper), which means there is a need for an interface where modules list their `keeper`s and other methods that require a reference to another module's object. `AppModule` interface extension, such as `HasBeginBlocker` and `HasEndBlocker`, also enables the module manager to set the order of execution between module's methods like `BeginBlock` and `EndBlock`, which is important in cases where the order of execution between modules matters in the context of the application. + +The usage of extension interfaces allows modules to define only the functionalities they need. For example, a module that does not need an `EndBlock` does not need to define the `HasEndBlocker` interface and thus the `EndBlock` method. `AppModule` and `AppModuleGenesis` are voluntarily small interfaces, that can take advantage of the `Module` patterns without having to define many placeholder functions. + +### `AppModuleBasic` + + +Use `module.CoreAppModuleBasicAdaptor` instead for creating an `AppModuleBasic` from an `appmodule.AppModule`. + + +The `AppModuleBasic` interface defines the independent methods modules need to implement. + +```go expandable +/* +Package module contains application module patterns and associated "manager" functionality. +The module pattern has been broken down by: + - independent module functionality (AppModuleBasic) + - inter-dependent module simulation functionality (AppModuleSimulation) + - inter-dependent module full functionality (AppModule) + +inter-dependent module functionality is module functionality which somehow +depends on other modules, typically through the module keeper. Many of the +module keepers are dependent on each other, thus in order to access the full +set of module functionality we need to define all the keepers/params-store/keys +etc. This full set of advanced functionality is defined by the AppModule interface. + +Independent module functions are separated to allow for the construction of the +basic application structures required early on in the application definition +and used to enable the definition of full module functionality later in the +process. This separation is necessary, however we still want to allow for a +high level pattern for modules to follow - for instance, such that we don't +have to manually register all of the codecs for all the modules. This basic +procedure as well as other basic patterns are handled through the use of +BasicManager. + +Lastly the interface for genesis functionality (HasGenesis & HasABCIGenesis) + +has been +separated out from full module functionality (AppModule) + +so that modules which +are only used for genesis can take advantage of the Module patterns without +needlessly defining many placeholder functions +*/ +package module + +import ( + + "context" + "encoding/json" + "errors" + "fmt" + "maps" + "slices" + "sort" + + abci "github.com/cometbft/cometbft/abci/types" + "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/spf13/cobra" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/core/genesis" + errorsmod "cosmossdk.io/errors" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" +) + +// AppModuleBasic is the standard form for basic non-dependant elements of an application module. +type AppModuleBasic interface { + HasName + RegisterLegacyAminoCodec(*codec.LegacyAmino) + +RegisterInterfaces(types.InterfaceRegistry) + +RegisterGRPCGatewayRoutes(client.Context, *runtime.ServeMux) +} + +// HasName allows the module to provide its own name for legacy purposes. +// Newer apps should specify the name for their modules using a map +// using NewManagerFromMap. +type HasName interface { + Name() + +string +} + +// HasGenesisBasics is the legacy interface for stateless genesis methods. +type HasGenesisBasics interface { + DefaultGenesis(codec.JSONCodec) + +json.RawMessage + ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage) + +error +} + +// BasicManager is a collection of AppModuleBasic +type BasicManager map[string]AppModuleBasic + +// NewBasicManager creates a new BasicManager object +func NewBasicManager(modules ...AppModuleBasic) + +BasicManager { + moduleMap := make(map[string]AppModuleBasic) + for _, module := range modules { + moduleMap[module.Name()] = module +} + +return moduleMap +} + +// NewBasicManagerFromManager creates a new BasicManager from a Manager +// The BasicManager will contain all AppModuleBasic from the AppModule Manager +// Module's AppModuleBasic can be overridden by passing a custom AppModuleBasic map +func NewBasicManagerFromManager(manager *Manager, customModuleBasics map[string]AppModuleBasic) + +BasicManager { + moduleMap := make(map[string]AppModuleBasic) + for name, module := range manager.Modules { + if customBasicMod, ok := customModuleBasics[name]; ok { + moduleMap[name] = customBasicMod + continue +} + if appModule, ok := module.(appmodule.AppModule); ok { + moduleMap[name] = CoreAppModuleBasicAdaptor(name, appModule) + +continue +} + if basicMod, ok := module.(AppModuleBasic); ok { + moduleMap[name] = basicMod +} + +} + +return moduleMap +} + +// RegisterLegacyAminoCodec registers all module codecs +func (bm BasicManager) + +RegisterLegacyAminoCodec(cdc *codec.LegacyAmino) { + for _, b := range bm { + b.RegisterLegacyAminoCodec(cdc) +} +} + +// RegisterInterfaces registers all module interface types +func (bm BasicManager) + +RegisterInterfaces(registry types.InterfaceRegistry) { + for _, m := range bm { + m.RegisterInterfaces(registry) +} +} + +// DefaultGenesis provides default genesis information for all modules +func (bm BasicManager) + +DefaultGenesis(cdc codec.JSONCodec) + +map[string]json.RawMessage { + genesisData := make(map[string]json.RawMessage) + for _, b := range bm { + if mod, ok := b.(HasGenesisBasics); ok { + genesisData[b.Name()] = mod.DefaultGenesis(cdc) +} + +} + +return genesisData +} + +// ValidateGenesis performs genesis state validation for all modules +func (bm BasicManager) + +ValidateGenesis(cdc codec.JSONCodec, txEncCfg client.TxEncodingConfig, genesisData map[string]json.RawMessage) + +error { + for _, b := range bm { + // first check if the module is an adapted Core API Module + if mod, ok := b.(HasGenesisBasics); ok { + if err := mod.ValidateGenesis(cdc, txEncCfg, genesisData[b.Name()]); err != nil { + return err +} + +} + +} + +return nil +} + +// RegisterGRPCGatewayRoutes registers all module rest routes +func (bm BasicManager) + +RegisterGRPCGatewayRoutes(clientCtx client.Context, rtr *runtime.ServeMux) { + for _, b := range bm { + b.RegisterGRPCGatewayRoutes(clientCtx, rtr) +} +} + +// AddTxCommands adds all tx commands to the rootTxCmd. +func (bm BasicManager) + +AddTxCommands(rootTxCmd *cobra.Command) { + for _, b := range bm { + if mod, ok := b.(interface { + GetTxCmd() *cobra.Command +}); ok { + if cmd := mod.GetTxCmd(); cmd != nil { + rootTxCmd.AddCommand(cmd) +} + +} + +} +} + +// AddQueryCommands adds all query commands to the rootQueryCmd. +func (bm BasicManager) + +AddQueryCommands(rootQueryCmd *cobra.Command) { + for _, b := range bm { + if mod, ok := b.(interface { + GetQueryCmd() *cobra.Command +}); ok { + if cmd := mod.GetQueryCmd(); cmd != nil { + rootQueryCmd.AddCommand(cmd) +} + +} + +} +} + +// HasGenesis is the extension interface for stateful genesis methods. +type HasGenesis interface { + HasGenesisBasics + InitGenesis(sdk.Context, codec.JSONCodec, json.RawMessage) + +ExportGenesis(sdk.Context, codec.JSONCodec) + +json.RawMessage +} + +// HasABCIGenesis is the extension interface for stateful genesis methods which returns validator updates. +type HasABCIGenesis interface { + HasGenesisBasics + InitGenesis(sdk.Context, codec.JSONCodec, json.RawMessage) []abci.ValidatorUpdate + ExportGenesis(sdk.Context, codec.JSONCodec) + +json.RawMessage +} + +// AppModule is the form for an application module. Most of +// its functionality has been moved to extension interfaces. +// Deprecated: use appmodule.AppModule with a combination of extension interfaes interfaces instead. +type AppModule interface { + appmodule.AppModule + + AppModuleBasic +} + +// HasInvariants is the interface for registering invariants. +// +// Deprecated: this will be removed in the next Cosmos SDK release. +type HasInvariants interface { + // RegisterInvariants registers module invariants. + RegisterInvariants(sdk.InvariantRegistry) +} + +// HasServices is the interface for modules to register services. +type HasServices interface { + // RegisterServices allows a module to register services. + RegisterServices(Configurator) +} + +// HasConsensusVersion is the interface for declaring a module consensus version. +type HasConsensusVersion interface { + // ConsensusVersion is a sequence number for state-breaking change of the + // module. It should be incremented on each consensus-breaking change + // introduced by the module. To avoid wrong/empty versions, the initial version + // should be set to 1. + ConsensusVersion() + +uint64 +} + +// HasABCIEndblock is a released typo of HasABCIEndBlock. +// Deprecated: use HasABCIEndBlock instead. +type HasABCIEndblock HasABCIEndBlock + +// HasABCIEndBlock is the interface for modules that need to run code at the end of the block. +type HasABCIEndBlock interface { + AppModule + EndBlock(context.Context) ([]abci.ValidatorUpdate, error) +} + +var ( + _ appmodule.AppModule = (*GenesisOnlyAppModule)(nil) + _ AppModuleBasic = (*GenesisOnlyAppModule)(nil) +) + +// AppModuleGenesis is the standard form for an application module genesis functions +type AppModuleGenesis interface { + AppModuleBasic + HasABCIGenesis +} + +// GenesisOnlyAppModule is an AppModule that only has import/export functionality +type GenesisOnlyAppModule struct { + AppModuleGenesis +} + +// NewGenesisOnlyAppModule creates a new GenesisOnlyAppModule object +func NewGenesisOnlyAppModule(amg AppModuleGenesis) + +GenesisOnlyAppModule { + return GenesisOnlyAppModule{ + AppModuleGenesis: amg, +} +} + +// IsOnePerModuleType implements the depinject.OnePerModuleType interface. +func (GenesisOnlyAppModule) + +IsOnePerModuleType() { +} + +// IsAppModule implements the appmodule.AppModule interface. +func (GenesisOnlyAppModule) + +IsAppModule() { +} + +// RegisterInvariants is a placeholder function register no invariants +func (GenesisOnlyAppModule) + +RegisterInvariants(_ sdk.InvariantRegistry) { +} + +// ConsensusVersion implements AppModule/ConsensusVersion. +func (gam GenesisOnlyAppModule) + +ConsensusVersion() + +uint64 { + return 1 +} + +// Manager defines a module manager that provides the high level utility for managing and executing +// operations for a group of modules +type Manager struct { + Modules map[string]any // interface{ +} + +is used now to support the legacy AppModule as well as new core appmodule.AppModule. + OrderInitGenesis []string + OrderExportGenesis []string + OrderPreBlockers []string + OrderBeginBlockers []string + OrderEndBlockers []string + OrderPrepareCheckStaters []string + OrderPrecommiters []string + OrderMigrations []string +} + +// NewManager creates a new Manager object. +func NewManager(modules ...AppModule) *Manager { + moduleMap := make(map[string]any) + modulesStr := make([]string, 0, len(modules)) + preBlockModulesStr := make([]string, 0) + for _, module := range modules { + if _, ok := module.(appmodule.AppModule); !ok { + panic(fmt.Sprintf("module %s does not implement appmodule.AppModule", module.Name())) +} + +moduleMap[module.Name()] = module + modulesStr = append(modulesStr, module.Name()) + if _, ok := module.(appmodule.HasPreBlocker); ok { + preBlockModulesStr = append(preBlockModulesStr, module.Name()) +} + +} + +return &Manager{ + Modules: moduleMap, + OrderInitGenesis: modulesStr, + OrderExportGenesis: modulesStr, + OrderPreBlockers: preBlockModulesStr, + OrderBeginBlockers: modulesStr, + OrderPrepareCheckStaters: modulesStr, + OrderPrecommiters: modulesStr, + OrderEndBlockers: modulesStr, +} +} + +// NewManagerFromMap creates a new Manager object from a map of module names to module implementations. +// This method should be used for apps and modules which have migrated to the cosmossdk.io/core.appmodule.AppModule API. +func NewManagerFromMap(moduleMap map[string]appmodule.AppModule) *Manager { + simpleModuleMap := make(map[string]any) + modulesStr := make([]string, 0, len(simpleModuleMap)) + preBlockModulesStr := make([]string, 0) + for name, module := range moduleMap { + simpleModuleMap[name] = module + modulesStr = append(modulesStr, name) + if _, ok := module.(appmodule.HasPreBlocker); ok { + preBlockModulesStr = append(preBlockModulesStr, name) +} + +} + + // Sort the modules by name. Given that we are using a map above we can't guarantee the order. + sort.Strings(modulesStr) + +return &Manager{ + Modules: simpleModuleMap, + OrderInitGenesis: modulesStr, + OrderExportGenesis: modulesStr, + OrderPreBlockers: preBlockModulesStr, + OrderBeginBlockers: modulesStr, + OrderEndBlockers: modulesStr, + OrderPrecommiters: modulesStr, + OrderPrepareCheckStaters: modulesStr, +} +} + +// SetOrderInitGenesis sets the order of init genesis calls +func (m *Manager) + +SetOrderInitGenesis(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderInitGenesis", moduleNames, func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasGenesis := module.(appmodule.HasGenesis); hasGenesis { + return !hasGenesis +} + if _, hasABCIGenesis := module.(HasABCIGenesis); hasABCIGenesis { + return !hasABCIGenesis +} + + _, hasGenesis := module.(HasGenesis) + +return !hasGenesis +}) + +m.OrderInitGenesis = moduleNames +} + +// SetOrderExportGenesis sets the order of export genesis calls +func (m *Manager) + +SetOrderExportGenesis(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderExportGenesis", moduleNames, func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasGenesis := module.(appmodule.HasGenesis); hasGenesis { + return !hasGenesis +} + if _, hasABCIGenesis := module.(HasABCIGenesis); hasABCIGenesis { + return !hasABCIGenesis +} + + _, hasGenesis := module.(HasGenesis) + +return !hasGenesis +}) + +m.OrderExportGenesis = moduleNames +} + +// SetOrderPreBlockers sets the order of set pre-blocker calls +func (m *Manager) + +SetOrderPreBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPreBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasBlock := module.(appmodule.HasPreBlocker) + +return !hasBlock +}) + +m.OrderPreBlockers = moduleNames +} + +// SetOrderBeginBlockers sets the order of set begin-blocker calls +func (m *Manager) + +SetOrderBeginBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderBeginBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasBeginBlock := module.(appmodule.HasBeginBlocker) + +return !hasBeginBlock +}) + +m.OrderBeginBlockers = moduleNames +} + +// SetOrderEndBlockers sets the order of set end-blocker calls +func (m *Manager) + +SetOrderEndBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderEndBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasEndBlock := module.(appmodule.HasEndBlocker); hasEndBlock { + return !hasEndBlock +} + + _, hasABCIEndBlock := module.(HasABCIEndBlock) + +return !hasABCIEndBlock +}) + +m.OrderEndBlockers = moduleNames +} + +// SetOrderPrepareCheckStaters sets the order of set prepare-check-stater calls +func (m *Manager) + +SetOrderPrepareCheckStaters(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPrepareCheckStaters", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasPrepareCheckState := module.(appmodule.HasPrepareCheckState) + +return !hasPrepareCheckState +}) + +m.OrderPrepareCheckStaters = moduleNames +} + +// SetOrderPrecommiters sets the order of set precommiter calls +func (m *Manager) + +SetOrderPrecommiters(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPrecommiters", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasPrecommit := module.(appmodule.HasPrecommit) + +return !hasPrecommit +}) + +m.OrderPrecommiters = moduleNames +} + +// SetOrderMigrations sets the order of migrations to be run. If not set +// then migrations will be run with an order defined in `DefaultMigrationsOrder`. +func (m *Manager) + +SetOrderMigrations(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderMigrations", moduleNames, nil) + +m.OrderMigrations = moduleNames +} + +// RegisterInvariants registers all module invariants +// +// Deprecated: this function is a no-op and will be removed in the next release of the Cosmos SDK. +func (m *Manager) + +RegisterInvariants(_ sdk.InvariantRegistry) { +} + +// RegisterServices registers all module services +func (m *Manager) + +RegisterServices(cfg Configurator) + +error { + for _, module := range m.Modules { + if module, ok := module.(HasServices); ok { + module.RegisterServices(cfg) +} + if module, ok := module.(appmodule.HasServices); ok { + err := module.RegisterServices(cfg) + if err != nil { + return err +} + +} + if cfg.Error() != nil { + return cfg.Error() +} + +} + +return nil +} + +// InitGenesis performs init genesis functionality for modules. Exactly one +// module must return a non-empty validator set update to correctly initialize +// the chain. +func (m *Manager) + +InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, genesisData map[string]json.RawMessage) (*abci.ResponseInitChain, error) { + var validatorUpdates []abci.ValidatorUpdate + ctx.Logger().Info("initializing blockchain state from genesis.json") + for _, moduleName := range m.OrderInitGenesis { + if genesisData[moduleName] == nil { + continue +} + mod := m.Modules[moduleName] + // we might get an adapted module, a native core API module or a legacy module + if module, ok := mod.(appmodule.HasGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + // core API genesis + source, err := genesis.SourceFromRawJSON(genesisData[moduleName]) + if err != nil { + return &abci.ResponseInitChain{ +}, err +} + +err = module.InitGenesis(ctx, source) + if err != nil { + return &abci.ResponseInitChain{ +}, err +} + +} + +else if module, ok := mod.(HasGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + +module.InitGenesis(ctx, cdc, genesisData[moduleName]) +} + +else if module, ok := mod.(HasABCIGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + moduleValUpdates := module.InitGenesis(ctx, cdc, genesisData[moduleName]) + + // use these validator updates if provided, the module manager assumes + // only one module will update the validator set + if len(moduleValUpdates) > 0 { + if len(validatorUpdates) > 0 { + return &abci.ResponseInitChain{ +}, errors.New("validator InitGenesis updates already set by a previous module") +} + +validatorUpdates = moduleValUpdates +} + +} + +} + + // a chain must initialize with a non-empty validator set + if len(validatorUpdates) == 0 { + return &abci.ResponseInitChain{ +}, fmt.Errorf("validator set is empty after InitGenesis, please ensure at least one validator is initialized with a delegation greater than or equal to the DefaultPowerReduction (%d)", sdk.DefaultPowerReduction) +} + +return &abci.ResponseInitChain{ + Validators: validatorUpdates, +}, nil +} + +// ExportGenesis performs export genesis functionality for modules +func (m *Manager) + +ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec) (map[string]json.RawMessage, error) { + return m.ExportGenesisForModules(ctx, cdc, []string{ +}) +} + +// ExportGenesisForModules performs export genesis functionality for modules +func (m *Manager) + +ExportGenesisForModules(ctx sdk.Context, cdc codec.JSONCodec, modulesToExport []string) (map[string]json.RawMessage, error) { + if len(modulesToExport) == 0 { + modulesToExport = m.OrderExportGenesis +} + // verify modules exists in app, so that we don't panic in the middle of an export + if err := m.checkModulesExists(modulesToExport); err != nil { + return nil, err +} + +type genesisResult struct { + bz json.RawMessage + err error +} + channels := make(map[string]chan genesisResult) + for _, moduleName := range modulesToExport { + mod := m.Modules[moduleName] + if module, ok := mod.(appmodule.HasGenesis); ok { + // core API genesis + channels[moduleName] = make(chan genesisResult) + +go func(module appmodule.HasGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + target := genesis.RawJSONTarget{ +} + err := module.ExportGenesis(ctx, target.Target()) + if err != nil { + ch <- genesisResult{ + nil, err +} + +return +} + +rawJSON, err := target.JSON() + if err != nil { + ch <- genesisResult{ + nil, err +} + +return +} + +ch <- genesisResult{ + rawJSON, nil +} + +}(module, channels[moduleName]) +} + +else if module, ok := mod.(HasGenesis); ok { + channels[moduleName] = make(chan genesisResult) + +go func(module HasGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + ch <- genesisResult{ + module.ExportGenesis(ctx, cdc), nil +} + +}(module, channels[moduleName]) +} + +else if module, ok := mod.(HasABCIGenesis); ok { + channels[moduleName] = make(chan genesisResult) + +go func(module HasABCIGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + ch <- genesisResult{ + module.ExportGenesis(ctx, cdc), nil +} + +}(module, channels[moduleName]) +} + +} + genesisData := make(map[string]json.RawMessage) + for moduleName := range channels { + res := <-channels[moduleName] + if res.err != nil { + return nil, fmt.Errorf("genesis export error in %s: %w", moduleName, res.err) +} + +genesisData[moduleName] = res.bz +} + +return genesisData, nil +} + +// checkModulesExists verifies that all modules in the list exist in the app +func (m *Manager) + +checkModulesExists(moduleName []string) + +error { + for _, name := range moduleName { + if _, ok := m.Modules[name]; !ok { + return fmt.Errorf("module %s does not exist", name) +} + +} + +return nil +} + +// assertNoForgottenModules checks that we didn't forget any modules in the SetOrder* functions. +// `pass` is a closure which allows one to omit modules from `moduleNames`. +// If you provide non-nil `pass` and it returns true, the module would not be subject of the assertion. +func (m *Manager) + +assertNoForgottenModules(setOrderFnName string, moduleNames []string, pass func(moduleName string) + +bool) { + ms := make(map[string]bool) + for _, m := range moduleNames { + ms[m] = true +} + +var missing []string + for m := range m.Modules { + if pass != nil && pass(m) { + continue +} + if !ms[m] { + missing = append(missing, m) +} + +} + if len(missing) != 0 { + sort.Strings(missing) + +panic(fmt.Sprintf( + "all modules must be defined when setting %s, missing: %v", setOrderFnName, missing)) +} +} + +// MigrationHandler is the migration function that each module registers. +type MigrationHandler func(sdk.Context) + +error + +// VersionMap is a map of moduleName -> version +type VersionMap map[string]uint64 + +// RunMigrations performs in-place store migrations for all modules. This +// function MUST be called insde an x/upgrade UpgradeHandler. +// +// Recall that in an upgrade handler, the `fromVM` VersionMap is retrieved from +// x/upgrade's store, and the function needs to return the target VersionMap +// that will in turn be persisted to the x/upgrade's store. In general, +// returning RunMigrations should be enough: +// +// Example: +// +// cfg := module.NewConfigurator(...) +// app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx context.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { +// return app.mm.RunMigrations(ctx, cfg, fromVM) +// +}) +// +// Internally, RunMigrations will perform the following steps: +// - create an `updatedVM` VersionMap of module with their latest ConsensusVersion +// - make a diff of `fromVM` and `udpatedVM`, and for each module: +// - if the module's `fromVM` version is less than its `updatedVM` version, +// then run in-place store migrations for that module between those versions. +// - if the module does not exist in the `fromVM` (which means that it's a new module, +// because it was not in the previous x/upgrade's store), then run +// `InitGenesis` on that module. +// +// - return the `updatedVM` to be persisted in the x/upgrade's store. +// +// Migrations are run in an order defined by `Manager.OrderMigrations` or (if not set) + +defined by +// `DefaultMigrationsOrder` function. +// +// As an app developer, if you wish to skip running InitGenesis for your new +// module "foo", you need to manually pass a `fromVM` argument to this function +// foo's module version set to its latest ConsensusVersion. That way, the diff +// between the function's `fromVM` and `udpatedVM` will be empty, hence not +// running anything for foo. +// +// Example: +// +// cfg := module.NewConfigurator(...) +// app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx context.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { +// // Assume "foo" is a new module. +// // `fromVM` is fetched from existing x/upgrade store. Since foo didn't exist +// // before this upgrade, `v, exists := fromVM["foo"]; exists == false`, and RunMigration will by default +// // run InitGenesis on foo. +// // To skip running foo's InitGenesis, you need set `fromVM`'s foo to its latest +// // consensus version: +// fromVM["foo"] = foo.AppModule{ +}.ConsensusVersion() +// +// return app.mm.RunMigrations(ctx, cfg, fromVM) +// +}) +// +// Please also refer to https://docs.cosmos.network/main/core/upgrade for more information. +func (m Manager) + +RunMigrations(ctx context.Context, cfg Configurator, fromVM VersionMap) (VersionMap, error) { + c, ok := cfg.(*configurator) + if !ok { + return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidType, "expected %T, got %T", &configurator{ +}, cfg) +} + modules := m.OrderMigrations + if modules == nil { + modules = DefaultMigrationsOrder(m.ModuleNames()) +} + sdkCtx := sdk.UnwrapSDKContext(ctx) + updatedVM := VersionMap{ +} + for _, moduleName := range modules { + module := m.Modules[moduleName] + fromVersion, exists := fromVM[moduleName] + toVersion := uint64(0) + if module, ok := module.(HasConsensusVersion); ok { + toVersion = module.ConsensusVersion() +} + + // We run migration if the module is specified in `fromVM`. + // Otherwise we run InitGenesis. + // + // The module won't exist in the fromVM in two cases: + // 1. A new module is added. In this case we run InitGenesis with an + // empty genesis state. + // 2. An existing chain is upgrading from version < 0.43 to v0.43+ for the first time. + // In this case, all modules have yet to be added to x/upgrade's VersionMap store. + if exists { + err := c.runModuleMigrations(sdkCtx, moduleName, fromVersion, toVersion) + if err != nil { + return nil, err +} + +} + +else { + sdkCtx.Logger().Info(fmt.Sprintf("adding a new module: %s", moduleName)) + if module, ok := m.Modules[moduleName].(HasGenesis); ok { + module.InitGenesis(sdkCtx, c.cdc, module.DefaultGenesis(c.cdc)) +} + if module, ok := m.Modules[moduleName].(HasABCIGenesis); ok { + moduleValUpdates := module.InitGenesis(sdkCtx, c.cdc, module.DefaultGenesis(c.cdc)) + // The module manager assumes only one module will update the + // validator set, and it can't be a new module. + if len(moduleValUpdates) > 0 { + return nil, errorsmod.Wrapf(sdkerrors.ErrLogic, "validator InitGenesis update is already set by another module") +} + +} + +} + +updatedVM[moduleName] = toVersion +} + +return updatedVM, nil +} + +// PreBlock performs begin block functionality for upgrade module. +// It takes the current context as a parameter and returns a boolean value +// indicating whether the migration was successfully executed or not. +func (m *Manager) + +PreBlock(ctx sdk.Context) (*sdk.ResponsePreBlock, error) { + paramsChanged := false + for _, moduleName := range m.OrderPreBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasPreBlocker); ok { + rsp, err := module.PreBlock(ctx) + if err != nil { + return nil, err +} + if rsp.IsConsensusParamsChanged() { + paramsChanged = true +} + +} + +} + +return &sdk.ResponsePreBlock{ + ConsensusParamsChanged: paramsChanged, +}, nil +} + +// BeginBlock performs begin block functionality for all modules. It creates a +// child context with an event manager to aggregate events emitted from all +// modules. +func (m *Manager) + +BeginBlock(ctx sdk.Context) (sdk.BeginBlock, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + for _, moduleName := range m.OrderBeginBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasBeginBlocker); ok { + if err := module.BeginBlock(ctx); err != nil { + return sdk.BeginBlock{ +}, err +} + +} + +} + +return sdk.BeginBlock{ + Events: ctx.EventManager().ABCIEvents(), +}, nil +} + +// EndBlock performs end block functionality for all modules. It creates a +// child context with an event manager to aggregate events emitted from all +// modules. +func (m *Manager) + +EndBlock(ctx sdk.Context) (sdk.EndBlock, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + validatorUpdates := []abci.ValidatorUpdate{ +} + for _, moduleName := range m.OrderEndBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasEndBlocker); ok { + err := module.EndBlock(ctx) + if err != nil { + return sdk.EndBlock{ +}, err +} + +} + +else if module, ok := m.Modules[moduleName].(HasABCIEndBlock); ok { + moduleValUpdates, err := module.EndBlock(ctx) + if err != nil { + return sdk.EndBlock{ +}, err +} + // use these validator updates if provided, the module manager assumes + // only one module will update the validator set + if len(moduleValUpdates) > 0 { + if len(validatorUpdates) > 0 { + return sdk.EndBlock{ +}, errors.New("validator EndBlock updates already set by a previous module") +} + for _, updates := range moduleValUpdates { + validatorUpdates = append(validatorUpdates, abci.ValidatorUpdate{ + PubKey: updates.PubKey, + Power: updates.Power +}) +} + +} + +} + +else { + continue +} + +} + +return sdk.EndBlock{ + ValidatorUpdates: validatorUpdates, + Events: ctx.EventManager().ABCIEvents(), +}, nil +} + +// Precommit performs precommit functionality for all modules. +func (m *Manager) + +Precommit(ctx sdk.Context) + +error { + for _, moduleName := range m.OrderPrecommiters { + module, ok := m.Modules[moduleName].(appmodule.HasPrecommit) + if !ok { + continue +} + if err := module.Precommit(ctx); err != nil { + return err +} + +} + +return nil +} + +// PrepareCheckState performs functionality for preparing the check state for all modules. +func (m *Manager) + +PrepareCheckState(ctx sdk.Context) + +error { + for _, moduleName := range m.OrderPrepareCheckStaters { + module, ok := m.Modules[moduleName].(appmodule.HasPrepareCheckState) + if !ok { + continue +} + if err := module.PrepareCheckState(ctx); err != nil { + return err +} + +} + +return nil +} + +// GetVersionMap gets consensus version from all modules +func (m *Manager) + +GetVersionMap() + +VersionMap { + vermap := make(VersionMap) + for name, v := range m.Modules { + version := uint64(0) + if v, ok := v.(HasConsensusVersion); ok { + version = v.ConsensusVersion() +} + +vermap[name] = version +} + +return vermap +} + +// ModuleNames returns list of all module names, without any particular order. +func (m *Manager) + +ModuleNames() []string { + return slices.Collect(maps.Keys(m.Modules)) +} + +// DefaultMigrationsOrder returns a default migrations order: ascending alphabetical by module name, +// except x/auth which will run last, see: +// https://github.com/cosmos/cosmos-sdk/issues/10591 +func DefaultMigrationsOrder(modules []string) []string { + const authName = "auth" + out := make([]string, 0, len(modules)) + hasAuth := false + for _, m := range modules { + if m == authName { + hasAuth = true +} + +else { + out = append(out, m) +} + +} + +sort.Strings(out) + if hasAuth { + out = append(out, authName) +} + +return out +} +``` + +* `RegisterLegacyAminoCodec(*codec.LegacyAmino)`: Registers the `amino` codec for the module, which is used to marshal and unmarshal structs to/from `[]byte` in order to persist them in the module's `KVStore`. +* `RegisterInterfaces(codectypes.InterfaceRegistry)`: Registers a module's interface types and their concrete implementations as `proto.Message`. +* `RegisterGRPCGatewayRoutes(client.Context, *runtime.ServeMux)`: Registers gRPC routes for the module. + +All the `AppModuleBasic` of an application are managed by the [`BasicManager`](#basicmanager). + +### `HasName` + +```go expandable +/* +Package module contains application module patterns and associated "manager" functionality. +The module pattern has been broken down by: + - independent module functionality (AppModuleBasic) + - inter-dependent module simulation functionality (AppModuleSimulation) + - inter-dependent module full functionality (AppModule) + +inter-dependent module functionality is module functionality which somehow +depends on other modules, typically through the module keeper. Many of the +module keepers are dependent on each other, thus in order to access the full +set of module functionality we need to define all the keepers/params-store/keys +etc. This full set of advanced functionality is defined by the AppModule interface. + +Independent module functions are separated to allow for the construction of the +basic application structures required early on in the application definition +and used to enable the definition of full module functionality later in the +process. This separation is necessary, however we still want to allow for a +high level pattern for modules to follow - for instance, such that we don't +have to manually register all of the codecs for all the modules. This basic +procedure as well as other basic patterns are handled through the use of +BasicManager. + +Lastly the interface for genesis functionality (HasGenesis & HasABCIGenesis) + +has been +separated out from full module functionality (AppModule) + +so that modules which +are only used for genesis can take advantage of the Module patterns without +needlessly defining many placeholder functions +*/ +package module + +import ( + + "context" + "encoding/json" + "errors" + "fmt" + "maps" + "slices" + "sort" + + abci "github.com/cometbft/cometbft/abci/types" + "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/spf13/cobra" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/core/genesis" + errorsmod "cosmossdk.io/errors" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" +) + +// AppModuleBasic is the standard form for basic non-dependant elements of an application module. +type AppModuleBasic interface { + HasName + RegisterLegacyAminoCodec(*codec.LegacyAmino) + +RegisterInterfaces(types.InterfaceRegistry) + +RegisterGRPCGatewayRoutes(client.Context, *runtime.ServeMux) +} + +// HasName allows the module to provide its own name for legacy purposes. +// Newer apps should specify the name for their modules using a map +// using NewManagerFromMap. +type HasName interface { + Name() + +string +} + +// HasGenesisBasics is the legacy interface for stateless genesis methods. +type HasGenesisBasics interface { + DefaultGenesis(codec.JSONCodec) + +json.RawMessage + ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage) + +error +} + +// BasicManager is a collection of AppModuleBasic +type BasicManager map[string]AppModuleBasic + +// NewBasicManager creates a new BasicManager object +func NewBasicManager(modules ...AppModuleBasic) + +BasicManager { + moduleMap := make(map[string]AppModuleBasic) + for _, module := range modules { + moduleMap[module.Name()] = module +} + +return moduleMap +} + +// NewBasicManagerFromManager creates a new BasicManager from a Manager +// The BasicManager will contain all AppModuleBasic from the AppModule Manager +// Module's AppModuleBasic can be overridden by passing a custom AppModuleBasic map +func NewBasicManagerFromManager(manager *Manager, customModuleBasics map[string]AppModuleBasic) + +BasicManager { + moduleMap := make(map[string]AppModuleBasic) + for name, module := range manager.Modules { + if customBasicMod, ok := customModuleBasics[name]; ok { + moduleMap[name] = customBasicMod + continue +} + if appModule, ok := module.(appmodule.AppModule); ok { + moduleMap[name] = CoreAppModuleBasicAdaptor(name, appModule) + +continue +} + if basicMod, ok := module.(AppModuleBasic); ok { + moduleMap[name] = basicMod +} + +} + +return moduleMap +} + +// RegisterLegacyAminoCodec registers all module codecs +func (bm BasicManager) + +RegisterLegacyAminoCodec(cdc *codec.LegacyAmino) { + for _, b := range bm { + b.RegisterLegacyAminoCodec(cdc) +} +} + +// RegisterInterfaces registers all module interface types +func (bm BasicManager) + +RegisterInterfaces(registry types.InterfaceRegistry) { + for _, m := range bm { + m.RegisterInterfaces(registry) +} +} + +// DefaultGenesis provides default genesis information for all modules +func (bm BasicManager) + +DefaultGenesis(cdc codec.JSONCodec) + +map[string]json.RawMessage { + genesisData := make(map[string]json.RawMessage) + for _, b := range bm { + if mod, ok := b.(HasGenesisBasics); ok { + genesisData[b.Name()] = mod.DefaultGenesis(cdc) +} + +} + +return genesisData +} + +// ValidateGenesis performs genesis state validation for all modules +func (bm BasicManager) + +ValidateGenesis(cdc codec.JSONCodec, txEncCfg client.TxEncodingConfig, genesisData map[string]json.RawMessage) + +error { + for _, b := range bm { + // first check if the module is an adapted Core API Module + if mod, ok := b.(HasGenesisBasics); ok { + if err := mod.ValidateGenesis(cdc, txEncCfg, genesisData[b.Name()]); err != nil { + return err +} + +} + +} + +return nil +} + +// RegisterGRPCGatewayRoutes registers all module rest routes +func (bm BasicManager) + +RegisterGRPCGatewayRoutes(clientCtx client.Context, rtr *runtime.ServeMux) { + for _, b := range bm { + b.RegisterGRPCGatewayRoutes(clientCtx, rtr) +} +} + +// AddTxCommands adds all tx commands to the rootTxCmd. +func (bm BasicManager) + +AddTxCommands(rootTxCmd *cobra.Command) { + for _, b := range bm { + if mod, ok := b.(interface { + GetTxCmd() *cobra.Command +}); ok { + if cmd := mod.GetTxCmd(); cmd != nil { + rootTxCmd.AddCommand(cmd) +} + +} + +} +} + +// AddQueryCommands adds all query commands to the rootQueryCmd. +func (bm BasicManager) + +AddQueryCommands(rootQueryCmd *cobra.Command) { + for _, b := range bm { + if mod, ok := b.(interface { + GetQueryCmd() *cobra.Command +}); ok { + if cmd := mod.GetQueryCmd(); cmd != nil { + rootQueryCmd.AddCommand(cmd) +} + +} + +} +} + +// HasGenesis is the extension interface for stateful genesis methods. +type HasGenesis interface { + HasGenesisBasics + InitGenesis(sdk.Context, codec.JSONCodec, json.RawMessage) + +ExportGenesis(sdk.Context, codec.JSONCodec) + +json.RawMessage +} + +// HasABCIGenesis is the extension interface for stateful genesis methods which returns validator updates. +type HasABCIGenesis interface { + HasGenesisBasics + InitGenesis(sdk.Context, codec.JSONCodec, json.RawMessage) []abci.ValidatorUpdate + ExportGenesis(sdk.Context, codec.JSONCodec) + +json.RawMessage +} + +// AppModule is the form for an application module. Most of +// its functionality has been moved to extension interfaces. +// Deprecated: use appmodule.AppModule with a combination of extension interfaes interfaces instead. +type AppModule interface { + appmodule.AppModule + + AppModuleBasic +} + +// HasInvariants is the interface for registering invariants. +// +// Deprecated: this will be removed in the next Cosmos SDK release. +type HasInvariants interface { + // RegisterInvariants registers module invariants. + RegisterInvariants(sdk.InvariantRegistry) +} + +// HasServices is the interface for modules to register services. +type HasServices interface { + // RegisterServices allows a module to register services. + RegisterServices(Configurator) +} + +// HasConsensusVersion is the interface for declaring a module consensus version. +type HasConsensusVersion interface { + // ConsensusVersion is a sequence number for state-breaking change of the + // module. It should be incremented on each consensus-breaking change + // introduced by the module. To avoid wrong/empty versions, the initial version + // should be set to 1. + ConsensusVersion() + +uint64 +} + +// HasABCIEndblock is a released typo of HasABCIEndBlock. +// Deprecated: use HasABCIEndBlock instead. +type HasABCIEndblock HasABCIEndBlock + +// HasABCIEndBlock is the interface for modules that need to run code at the end of the block. +type HasABCIEndBlock interface { + AppModule + EndBlock(context.Context) ([]abci.ValidatorUpdate, error) +} + +var ( + _ appmodule.AppModule = (*GenesisOnlyAppModule)(nil) + _ AppModuleBasic = (*GenesisOnlyAppModule)(nil) +) + +// AppModuleGenesis is the standard form for an application module genesis functions +type AppModuleGenesis interface { + AppModuleBasic + HasABCIGenesis +} + +// GenesisOnlyAppModule is an AppModule that only has import/export functionality +type GenesisOnlyAppModule struct { + AppModuleGenesis +} + +// NewGenesisOnlyAppModule creates a new GenesisOnlyAppModule object +func NewGenesisOnlyAppModule(amg AppModuleGenesis) + +GenesisOnlyAppModule { + return GenesisOnlyAppModule{ + AppModuleGenesis: amg, +} +} + +// IsOnePerModuleType implements the depinject.OnePerModuleType interface. +func (GenesisOnlyAppModule) + +IsOnePerModuleType() { +} + +// IsAppModule implements the appmodule.AppModule interface. +func (GenesisOnlyAppModule) + +IsAppModule() { +} + +// RegisterInvariants is a placeholder function register no invariants +func (GenesisOnlyAppModule) + +RegisterInvariants(_ sdk.InvariantRegistry) { +} + +// ConsensusVersion implements AppModule/ConsensusVersion. +func (gam GenesisOnlyAppModule) + +ConsensusVersion() + +uint64 { + return 1 +} + +// Manager defines a module manager that provides the high level utility for managing and executing +// operations for a group of modules +type Manager struct { + Modules map[string]any // interface{ +} + +is used now to support the legacy AppModule as well as new core appmodule.AppModule. + OrderInitGenesis []string + OrderExportGenesis []string + OrderPreBlockers []string + OrderBeginBlockers []string + OrderEndBlockers []string + OrderPrepareCheckStaters []string + OrderPrecommiters []string + OrderMigrations []string +} + +// NewManager creates a new Manager object. +func NewManager(modules ...AppModule) *Manager { + moduleMap := make(map[string]any) + modulesStr := make([]string, 0, len(modules)) + preBlockModulesStr := make([]string, 0) + for _, module := range modules { + if _, ok := module.(appmodule.AppModule); !ok { + panic(fmt.Sprintf("module %s does not implement appmodule.AppModule", module.Name())) +} + +moduleMap[module.Name()] = module + modulesStr = append(modulesStr, module.Name()) + if _, ok := module.(appmodule.HasPreBlocker); ok { + preBlockModulesStr = append(preBlockModulesStr, module.Name()) +} + +} + +return &Manager{ + Modules: moduleMap, + OrderInitGenesis: modulesStr, + OrderExportGenesis: modulesStr, + OrderPreBlockers: preBlockModulesStr, + OrderBeginBlockers: modulesStr, + OrderPrepareCheckStaters: modulesStr, + OrderPrecommiters: modulesStr, + OrderEndBlockers: modulesStr, +} +} + +// NewManagerFromMap creates a new Manager object from a map of module names to module implementations. +// This method should be used for apps and modules which have migrated to the cosmossdk.io/core.appmodule.AppModule API. +func NewManagerFromMap(moduleMap map[string]appmodule.AppModule) *Manager { + simpleModuleMap := make(map[string]any) + modulesStr := make([]string, 0, len(simpleModuleMap)) + preBlockModulesStr := make([]string, 0) + for name, module := range moduleMap { + simpleModuleMap[name] = module + modulesStr = append(modulesStr, name) + if _, ok := module.(appmodule.HasPreBlocker); ok { + preBlockModulesStr = append(preBlockModulesStr, name) +} + +} + + // Sort the modules by name. Given that we are using a map above we can't guarantee the order. + sort.Strings(modulesStr) + +return &Manager{ + Modules: simpleModuleMap, + OrderInitGenesis: modulesStr, + OrderExportGenesis: modulesStr, + OrderPreBlockers: preBlockModulesStr, + OrderBeginBlockers: modulesStr, + OrderEndBlockers: modulesStr, + OrderPrecommiters: modulesStr, + OrderPrepareCheckStaters: modulesStr, +} +} + +// SetOrderInitGenesis sets the order of init genesis calls +func (m *Manager) + +SetOrderInitGenesis(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderInitGenesis", moduleNames, func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasGenesis := module.(appmodule.HasGenesis); hasGenesis { + return !hasGenesis +} + if _, hasABCIGenesis := module.(HasABCIGenesis); hasABCIGenesis { + return !hasABCIGenesis +} + + _, hasGenesis := module.(HasGenesis) + +return !hasGenesis +}) + +m.OrderInitGenesis = moduleNames +} + +// SetOrderExportGenesis sets the order of export genesis calls +func (m *Manager) + +SetOrderExportGenesis(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderExportGenesis", moduleNames, func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasGenesis := module.(appmodule.HasGenesis); hasGenesis { + return !hasGenesis +} + if _, hasABCIGenesis := module.(HasABCIGenesis); hasABCIGenesis { + return !hasABCIGenesis +} + + _, hasGenesis := module.(HasGenesis) + +return !hasGenesis +}) + +m.OrderExportGenesis = moduleNames +} + +// SetOrderPreBlockers sets the order of set pre-blocker calls +func (m *Manager) + +SetOrderPreBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPreBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasBlock := module.(appmodule.HasPreBlocker) + +return !hasBlock +}) + +m.OrderPreBlockers = moduleNames +} + +// SetOrderBeginBlockers sets the order of set begin-blocker calls +func (m *Manager) + +SetOrderBeginBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderBeginBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasBeginBlock := module.(appmodule.HasBeginBlocker) + +return !hasBeginBlock +}) + +m.OrderBeginBlockers = moduleNames +} + +// SetOrderEndBlockers sets the order of set end-blocker calls +func (m *Manager) + +SetOrderEndBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderEndBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasEndBlock := module.(appmodule.HasEndBlocker); hasEndBlock { + return !hasEndBlock +} + + _, hasABCIEndBlock := module.(HasABCIEndBlock) + +return !hasABCIEndBlock +}) + +m.OrderEndBlockers = moduleNames +} + +// SetOrderPrepareCheckStaters sets the order of set prepare-check-stater calls +func (m *Manager) + +SetOrderPrepareCheckStaters(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPrepareCheckStaters", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasPrepareCheckState := module.(appmodule.HasPrepareCheckState) + +return !hasPrepareCheckState +}) + +m.OrderPrepareCheckStaters = moduleNames +} + +// SetOrderPrecommiters sets the order of set precommiter calls +func (m *Manager) + +SetOrderPrecommiters(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPrecommiters", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasPrecommit := module.(appmodule.HasPrecommit) + +return !hasPrecommit +}) + +m.OrderPrecommiters = moduleNames +} + +// SetOrderMigrations sets the order of migrations to be run. If not set +// then migrations will be run with an order defined in `DefaultMigrationsOrder`. +func (m *Manager) + +SetOrderMigrations(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderMigrations", moduleNames, nil) + +m.OrderMigrations = moduleNames +} + +// RegisterInvariants registers all module invariants +// +// Deprecated: this function is a no-op and will be removed in the next release of the Cosmos SDK. +func (m *Manager) + +RegisterInvariants(_ sdk.InvariantRegistry) { +} + +// RegisterServices registers all module services +func (m *Manager) + +RegisterServices(cfg Configurator) + +error { + for _, module := range m.Modules { + if module, ok := module.(HasServices); ok { + module.RegisterServices(cfg) +} + if module, ok := module.(appmodule.HasServices); ok { + err := module.RegisterServices(cfg) + if err != nil { + return err +} + +} + if cfg.Error() != nil { + return cfg.Error() +} + +} + +return nil +} + +// InitGenesis performs init genesis functionality for modules. Exactly one +// module must return a non-empty validator set update to correctly initialize +// the chain. +func (m *Manager) + +InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, genesisData map[string]json.RawMessage) (*abci.ResponseInitChain, error) { + var validatorUpdates []abci.ValidatorUpdate + ctx.Logger().Info("initializing blockchain state from genesis.json") + for _, moduleName := range m.OrderInitGenesis { + if genesisData[moduleName] == nil { + continue +} + mod := m.Modules[moduleName] + // we might get an adapted module, a native core API module or a legacy module + if module, ok := mod.(appmodule.HasGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + // core API genesis + source, err := genesis.SourceFromRawJSON(genesisData[moduleName]) + if err != nil { + return &abci.ResponseInitChain{ +}, err +} + +err = module.InitGenesis(ctx, source) + if err != nil { + return &abci.ResponseInitChain{ +}, err +} + +} + +else if module, ok := mod.(HasGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + +module.InitGenesis(ctx, cdc, genesisData[moduleName]) +} + +else if module, ok := mod.(HasABCIGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + moduleValUpdates := module.InitGenesis(ctx, cdc, genesisData[moduleName]) + + // use these validator updates if provided, the module manager assumes + // only one module will update the validator set + if len(moduleValUpdates) > 0 { + if len(validatorUpdates) > 0 { + return &abci.ResponseInitChain{ +}, errors.New("validator InitGenesis updates already set by a previous module") +} + +validatorUpdates = moduleValUpdates +} + +} + +} + + // a chain must initialize with a non-empty validator set + if len(validatorUpdates) == 0 { + return &abci.ResponseInitChain{ +}, fmt.Errorf("validator set is empty after InitGenesis, please ensure at least one validator is initialized with a delegation greater than or equal to the DefaultPowerReduction (%d)", sdk.DefaultPowerReduction) +} + +return &abci.ResponseInitChain{ + Validators: validatorUpdates, +}, nil +} + +// ExportGenesis performs export genesis functionality for modules +func (m *Manager) + +ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec) (map[string]json.RawMessage, error) { + return m.ExportGenesisForModules(ctx, cdc, []string{ +}) +} + +// ExportGenesisForModules performs export genesis functionality for modules +func (m *Manager) + +ExportGenesisForModules(ctx sdk.Context, cdc codec.JSONCodec, modulesToExport []string) (map[string]json.RawMessage, error) { + if len(modulesToExport) == 0 { + modulesToExport = m.OrderExportGenesis +} + // verify modules exists in app, so that we don't panic in the middle of an export + if err := m.checkModulesExists(modulesToExport); err != nil { + return nil, err +} + +type genesisResult struct { + bz json.RawMessage + err error +} + channels := make(map[string]chan genesisResult) + for _, moduleName := range modulesToExport { + mod := m.Modules[moduleName] + if module, ok := mod.(appmodule.HasGenesis); ok { + // core API genesis + channels[moduleName] = make(chan genesisResult) + +go func(module appmodule.HasGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + target := genesis.RawJSONTarget{ +} + err := module.ExportGenesis(ctx, target.Target()) + if err != nil { + ch <- genesisResult{ + nil, err +} + +return +} + +rawJSON, err := target.JSON() + if err != nil { + ch <- genesisResult{ + nil, err +} + +return +} + +ch <- genesisResult{ + rawJSON, nil +} + +}(module, channels[moduleName]) +} + +else if module, ok := mod.(HasGenesis); ok { + channels[moduleName] = make(chan genesisResult) + +go func(module HasGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + ch <- genesisResult{ + module.ExportGenesis(ctx, cdc), nil +} + +}(module, channels[moduleName]) +} + +else if module, ok := mod.(HasABCIGenesis); ok { + channels[moduleName] = make(chan genesisResult) + +go func(module HasABCIGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + ch <- genesisResult{ + module.ExportGenesis(ctx, cdc), nil +} + +}(module, channels[moduleName]) +} + +} + genesisData := make(map[string]json.RawMessage) + for moduleName := range channels { + res := <-channels[moduleName] + if res.err != nil { + return nil, fmt.Errorf("genesis export error in %s: %w", moduleName, res.err) +} + +genesisData[moduleName] = res.bz +} + +return genesisData, nil +} + +// checkModulesExists verifies that all modules in the list exist in the app +func (m *Manager) + +checkModulesExists(moduleName []string) + +error { + for _, name := range moduleName { + if _, ok := m.Modules[name]; !ok { + return fmt.Errorf("module %s does not exist", name) +} + +} + +return nil +} + +// assertNoForgottenModules checks that we didn't forget any modules in the SetOrder* functions. +// `pass` is a closure which allows one to omit modules from `moduleNames`. +// If you provide non-nil `pass` and it returns true, the module would not be subject of the assertion. +func (m *Manager) + +assertNoForgottenModules(setOrderFnName string, moduleNames []string, pass func(moduleName string) + +bool) { + ms := make(map[string]bool) + for _, m := range moduleNames { + ms[m] = true +} + +var missing []string + for m := range m.Modules { + if pass != nil && pass(m) { + continue +} + if !ms[m] { + missing = append(missing, m) +} + +} + if len(missing) != 0 { + sort.Strings(missing) + +panic(fmt.Sprintf( + "all modules must be defined when setting %s, missing: %v", setOrderFnName, missing)) +} +} + +// MigrationHandler is the migration function that each module registers. +type MigrationHandler func(sdk.Context) + +error + +// VersionMap is a map of moduleName -> version +type VersionMap map[string]uint64 + +// RunMigrations performs in-place store migrations for all modules. This +// function MUST be called insde an x/upgrade UpgradeHandler. +// +// Recall that in an upgrade handler, the `fromVM` VersionMap is retrieved from +// x/upgrade's store, and the function needs to return the target VersionMap +// that will in turn be persisted to the x/upgrade's store. In general, +// returning RunMigrations should be enough: +// +// Example: +// +// cfg := module.NewConfigurator(...) +// app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx context.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { +// return app.mm.RunMigrations(ctx, cfg, fromVM) +// +}) +// +// Internally, RunMigrations will perform the following steps: +// - create an `updatedVM` VersionMap of module with their latest ConsensusVersion +// - make a diff of `fromVM` and `udpatedVM`, and for each module: +// - if the module's `fromVM` version is less than its `updatedVM` version, +// then run in-place store migrations for that module between those versions. +// - if the module does not exist in the `fromVM` (which means that it's a new module, +// because it was not in the previous x/upgrade's store), then run +// `InitGenesis` on that module. +// +// - return the `updatedVM` to be persisted in the x/upgrade's store. +// +// Migrations are run in an order defined by `Manager.OrderMigrations` or (if not set) + +defined by +// `DefaultMigrationsOrder` function. +// +// As an app developer, if you wish to skip running InitGenesis for your new +// module "foo", you need to manually pass a `fromVM` argument to this function +// foo's module version set to its latest ConsensusVersion. That way, the diff +// between the function's `fromVM` and `udpatedVM` will be empty, hence not +// running anything for foo. +// +// Example: +// +// cfg := module.NewConfigurator(...) +// app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx context.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { +// // Assume "foo" is a new module. +// // `fromVM` is fetched from existing x/upgrade store. Since foo didn't exist +// // before this upgrade, `v, exists := fromVM["foo"]; exists == false`, and RunMigration will by default +// // run InitGenesis on foo. +// // To skip running foo's InitGenesis, you need set `fromVM`'s foo to its latest +// // consensus version: +// fromVM["foo"] = foo.AppModule{ +}.ConsensusVersion() +// +// return app.mm.RunMigrations(ctx, cfg, fromVM) +// +}) +// +// Please also refer to https://docs.cosmos.network/main/core/upgrade for more information. +func (m Manager) + +RunMigrations(ctx context.Context, cfg Configurator, fromVM VersionMap) (VersionMap, error) { + c, ok := cfg.(*configurator) + if !ok { + return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidType, "expected %T, got %T", &configurator{ +}, cfg) +} + modules := m.OrderMigrations + if modules == nil { + modules = DefaultMigrationsOrder(m.ModuleNames()) +} + sdkCtx := sdk.UnwrapSDKContext(ctx) + updatedVM := VersionMap{ +} + for _, moduleName := range modules { + module := m.Modules[moduleName] + fromVersion, exists := fromVM[moduleName] + toVersion := uint64(0) + if module, ok := module.(HasConsensusVersion); ok { + toVersion = module.ConsensusVersion() +} + + // We run migration if the module is specified in `fromVM`. + // Otherwise we run InitGenesis. + // + // The module won't exist in the fromVM in two cases: + // 1. A new module is added. In this case we run InitGenesis with an + // empty genesis state. + // 2. An existing chain is upgrading from version < 0.43 to v0.43+ for the first time. + // In this case, all modules have yet to be added to x/upgrade's VersionMap store. + if exists { + err := c.runModuleMigrations(sdkCtx, moduleName, fromVersion, toVersion) + if err != nil { + return nil, err +} + +} + +else { + sdkCtx.Logger().Info(fmt.Sprintf("adding a new module: %s", moduleName)) + if module, ok := m.Modules[moduleName].(HasGenesis); ok { + module.InitGenesis(sdkCtx, c.cdc, module.DefaultGenesis(c.cdc)) +} + if module, ok := m.Modules[moduleName].(HasABCIGenesis); ok { + moduleValUpdates := module.InitGenesis(sdkCtx, c.cdc, module.DefaultGenesis(c.cdc)) + // The module manager assumes only one module will update the + // validator set, and it can't be a new module. + if len(moduleValUpdates) > 0 { + return nil, errorsmod.Wrapf(sdkerrors.ErrLogic, "validator InitGenesis update is already set by another module") +} + +} + +} + +updatedVM[moduleName] = toVersion +} + +return updatedVM, nil +} + +// PreBlock performs begin block functionality for upgrade module. +// It takes the current context as a parameter and returns a boolean value +// indicating whether the migration was successfully executed or not. +func (m *Manager) + +PreBlock(ctx sdk.Context) (*sdk.ResponsePreBlock, error) { + paramsChanged := false + for _, moduleName := range m.OrderPreBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasPreBlocker); ok { + rsp, err := module.PreBlock(ctx) + if err != nil { + return nil, err +} + if rsp.IsConsensusParamsChanged() { + paramsChanged = true +} + +} + +} + +return &sdk.ResponsePreBlock{ + ConsensusParamsChanged: paramsChanged, +}, nil +} + +// BeginBlock performs begin block functionality for all modules. It creates a +// child context with an event manager to aggregate events emitted from all +// modules. +func (m *Manager) + +BeginBlock(ctx sdk.Context) (sdk.BeginBlock, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + for _, moduleName := range m.OrderBeginBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasBeginBlocker); ok { + if err := module.BeginBlock(ctx); err != nil { + return sdk.BeginBlock{ +}, err +} + +} + +} + +return sdk.BeginBlock{ + Events: ctx.EventManager().ABCIEvents(), +}, nil +} + +// EndBlock performs end block functionality for all modules. It creates a +// child context with an event manager to aggregate events emitted from all +// modules. +func (m *Manager) + +EndBlock(ctx sdk.Context) (sdk.EndBlock, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + validatorUpdates := []abci.ValidatorUpdate{ +} + for _, moduleName := range m.OrderEndBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasEndBlocker); ok { + err := module.EndBlock(ctx) + if err != nil { + return sdk.EndBlock{ +}, err +} + +} + +else if module, ok := m.Modules[moduleName].(HasABCIEndBlock); ok { + moduleValUpdates, err := module.EndBlock(ctx) + if err != nil { + return sdk.EndBlock{ +}, err +} + // use these validator updates if provided, the module manager assumes + // only one module will update the validator set + if len(moduleValUpdates) > 0 { + if len(validatorUpdates) > 0 { + return sdk.EndBlock{ +}, errors.New("validator EndBlock updates already set by a previous module") +} + for _, updates := range moduleValUpdates { + validatorUpdates = append(validatorUpdates, abci.ValidatorUpdate{ + PubKey: updates.PubKey, + Power: updates.Power +}) +} + +} + +} + +else { + continue +} + +} + +return sdk.EndBlock{ + ValidatorUpdates: validatorUpdates, + Events: ctx.EventManager().ABCIEvents(), +}, nil +} + +// Precommit performs precommit functionality for all modules. +func (m *Manager) + +Precommit(ctx sdk.Context) + +error { + for _, moduleName := range m.OrderPrecommiters { + module, ok := m.Modules[moduleName].(appmodule.HasPrecommit) + if !ok { + continue +} + if err := module.Precommit(ctx); err != nil { + return err +} + +} + +return nil +} + +// PrepareCheckState performs functionality for preparing the check state for all modules. +func (m *Manager) + +PrepareCheckState(ctx sdk.Context) + +error { + for _, moduleName := range m.OrderPrepareCheckStaters { + module, ok := m.Modules[moduleName].(appmodule.HasPrepareCheckState) + if !ok { + continue +} + if err := module.PrepareCheckState(ctx); err != nil { + return err +} + +} + +return nil +} + +// GetVersionMap gets consensus version from all modules +func (m *Manager) + +GetVersionMap() + +VersionMap { + vermap := make(VersionMap) + for name, v := range m.Modules { + version := uint64(0) + if v, ok := v.(HasConsensusVersion); ok { + version = v.ConsensusVersion() +} + +vermap[name] = version +} + +return vermap +} + +// ModuleNames returns list of all module names, without any particular order. +func (m *Manager) + +ModuleNames() []string { + return slices.Collect(maps.Keys(m.Modules)) +} + +// DefaultMigrationsOrder returns a default migrations order: ascending alphabetical by module name, +// except x/auth which will run last, see: +// https://github.com/cosmos/cosmos-sdk/issues/10591 +func DefaultMigrationsOrder(modules []string) []string { + const authName = "auth" + out := make([]string, 0, len(modules)) + hasAuth := false + for _, m := range modules { + if m == authName { + hasAuth = true +} + +else { + out = append(out, m) +} + +} + +sort.Strings(out) + if hasAuth { + out = append(out, authName) +} + +return out +} +``` + +* `HasName` is an interface that has a method `Name()`. This method returns the name of the module as a `string`. + +### Genesis + + +For easily creating an `AppModule` that only has genesis functionalities, use `module.GenesisOnlyAppModule`. + + +#### `module.HasGenesisBasics` + +```go expandable +/* +Package module contains application module patterns and associated "manager" functionality. +The module pattern has been broken down by: + - independent module functionality (AppModuleBasic) + - inter-dependent module simulation functionality (AppModuleSimulation) + - inter-dependent module full functionality (AppModule) + +inter-dependent module functionality is module functionality which somehow +depends on other modules, typically through the module keeper. Many of the +module keepers are dependent on each other, thus in order to access the full +set of module functionality we need to define all the keepers/params-store/keys +etc. This full set of advanced functionality is defined by the AppModule interface. + +Independent module functions are separated to allow for the construction of the +basic application structures required early on in the application definition +and used to enable the definition of full module functionality later in the +process. This separation is necessary, however we still want to allow for a +high level pattern for modules to follow - for instance, such that we don't +have to manually register all of the codecs for all the modules. This basic +procedure as well as other basic patterns are handled through the use of +BasicManager. + +Lastly the interface for genesis functionality (HasGenesis & HasABCIGenesis) + +has been +separated out from full module functionality (AppModule) + +so that modules which +are only used for genesis can take advantage of the Module patterns without +needlessly defining many placeholder functions +*/ +package module + +import ( + + "context" + "encoding/json" + "errors" + "fmt" + "maps" + "slices" + "sort" + + abci "github.com/cometbft/cometbft/abci/types" + "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/spf13/cobra" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/core/genesis" + errorsmod "cosmossdk.io/errors" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" +) + +// AppModuleBasic is the standard form for basic non-dependant elements of an application module. +type AppModuleBasic interface { + HasName + RegisterLegacyAminoCodec(*codec.LegacyAmino) + +RegisterInterfaces(types.InterfaceRegistry) + +RegisterGRPCGatewayRoutes(client.Context, *runtime.ServeMux) +} + +// HasName allows the module to provide its own name for legacy purposes. +// Newer apps should specify the name for their modules using a map +// using NewManagerFromMap. +type HasName interface { + Name() + +string +} + +// HasGenesisBasics is the legacy interface for stateless genesis methods. +type HasGenesisBasics interface { + DefaultGenesis(codec.JSONCodec) + +json.RawMessage + ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage) + +error +} + +// BasicManager is a collection of AppModuleBasic +type BasicManager map[string]AppModuleBasic + +// NewBasicManager creates a new BasicManager object +func NewBasicManager(modules ...AppModuleBasic) + +BasicManager { + moduleMap := make(map[string]AppModuleBasic) + for _, module := range modules { + moduleMap[module.Name()] = module +} + +return moduleMap +} + +// NewBasicManagerFromManager creates a new BasicManager from a Manager +// The BasicManager will contain all AppModuleBasic from the AppModule Manager +// Module's AppModuleBasic can be overridden by passing a custom AppModuleBasic map +func NewBasicManagerFromManager(manager *Manager, customModuleBasics map[string]AppModuleBasic) + +BasicManager { + moduleMap := make(map[string]AppModuleBasic) + for name, module := range manager.Modules { + if customBasicMod, ok := customModuleBasics[name]; ok { + moduleMap[name] = customBasicMod + continue +} + if appModule, ok := module.(appmodule.AppModule); ok { + moduleMap[name] = CoreAppModuleBasicAdaptor(name, appModule) + +continue +} + if basicMod, ok := module.(AppModuleBasic); ok { + moduleMap[name] = basicMod +} + +} + +return moduleMap +} + +// RegisterLegacyAminoCodec registers all module codecs +func (bm BasicManager) + +RegisterLegacyAminoCodec(cdc *codec.LegacyAmino) { + for _, b := range bm { + b.RegisterLegacyAminoCodec(cdc) +} +} + +// RegisterInterfaces registers all module interface types +func (bm BasicManager) + +RegisterInterfaces(registry types.InterfaceRegistry) { + for _, m := range bm { + m.RegisterInterfaces(registry) +} +} + +// DefaultGenesis provides default genesis information for all modules +func (bm BasicManager) + +DefaultGenesis(cdc codec.JSONCodec) + +map[string]json.RawMessage { + genesisData := make(map[string]json.RawMessage) + for _, b := range bm { + if mod, ok := b.(HasGenesisBasics); ok { + genesisData[b.Name()] = mod.DefaultGenesis(cdc) +} + +} + +return genesisData +} + +// ValidateGenesis performs genesis state validation for all modules +func (bm BasicManager) + +ValidateGenesis(cdc codec.JSONCodec, txEncCfg client.TxEncodingConfig, genesisData map[string]json.RawMessage) + +error { + for _, b := range bm { + // first check if the module is an adapted Core API Module + if mod, ok := b.(HasGenesisBasics); ok { + if err := mod.ValidateGenesis(cdc, txEncCfg, genesisData[b.Name()]); err != nil { + return err +} + +} + +} + +return nil +} + +// RegisterGRPCGatewayRoutes registers all module rest routes +func (bm BasicManager) + +RegisterGRPCGatewayRoutes(clientCtx client.Context, rtr *runtime.ServeMux) { + for _, b := range bm { + b.RegisterGRPCGatewayRoutes(clientCtx, rtr) +} +} + +// AddTxCommands adds all tx commands to the rootTxCmd. +func (bm BasicManager) + +AddTxCommands(rootTxCmd *cobra.Command) { + for _, b := range bm { + if mod, ok := b.(interface { + GetTxCmd() *cobra.Command +}); ok { + if cmd := mod.GetTxCmd(); cmd != nil { + rootTxCmd.AddCommand(cmd) +} + +} + +} +} + +// AddQueryCommands adds all query commands to the rootQueryCmd. +func (bm BasicManager) + +AddQueryCommands(rootQueryCmd *cobra.Command) { + for _, b := range bm { + if mod, ok := b.(interface { + GetQueryCmd() *cobra.Command +}); ok { + if cmd := mod.GetQueryCmd(); cmd != nil { + rootQueryCmd.AddCommand(cmd) +} + +} + +} +} + +// HasGenesis is the extension interface for stateful genesis methods. +type HasGenesis interface { + HasGenesisBasics + InitGenesis(sdk.Context, codec.JSONCodec, json.RawMessage) + +ExportGenesis(sdk.Context, codec.JSONCodec) + +json.RawMessage +} + +// HasABCIGenesis is the extension interface for stateful genesis methods which returns validator updates. +type HasABCIGenesis interface { + HasGenesisBasics + InitGenesis(sdk.Context, codec.JSONCodec, json.RawMessage) []abci.ValidatorUpdate + ExportGenesis(sdk.Context, codec.JSONCodec) + +json.RawMessage +} + +// AppModule is the form for an application module. Most of +// its functionality has been moved to extension interfaces. +// Deprecated: use appmodule.AppModule with a combination of extension interfaes interfaces instead. +type AppModule interface { + appmodule.AppModule + + AppModuleBasic +} + +// HasInvariants is the interface for registering invariants. +// +// Deprecated: this will be removed in the next Cosmos SDK release. +type HasInvariants interface { + // RegisterInvariants registers module invariants. + RegisterInvariants(sdk.InvariantRegistry) +} + +// HasServices is the interface for modules to register services. +type HasServices interface { + // RegisterServices allows a module to register services. + RegisterServices(Configurator) +} + +// HasConsensusVersion is the interface for declaring a module consensus version. +type HasConsensusVersion interface { + // ConsensusVersion is a sequence number for state-breaking change of the + // module. It should be incremented on each consensus-breaking change + // introduced by the module. To avoid wrong/empty versions, the initial version + // should be set to 1. + ConsensusVersion() + +uint64 +} + +// HasABCIEndblock is a released typo of HasABCIEndBlock. +// Deprecated: use HasABCIEndBlock instead. +type HasABCIEndblock HasABCIEndBlock + +// HasABCIEndBlock is the interface for modules that need to run code at the end of the block. +type HasABCIEndBlock interface { + AppModule + EndBlock(context.Context) ([]abci.ValidatorUpdate, error) +} + +var ( + _ appmodule.AppModule = (*GenesisOnlyAppModule)(nil) + _ AppModuleBasic = (*GenesisOnlyAppModule)(nil) +) + +// AppModuleGenesis is the standard form for an application module genesis functions +type AppModuleGenesis interface { + AppModuleBasic + HasABCIGenesis +} + +// GenesisOnlyAppModule is an AppModule that only has import/export functionality +type GenesisOnlyAppModule struct { + AppModuleGenesis +} + +// NewGenesisOnlyAppModule creates a new GenesisOnlyAppModule object +func NewGenesisOnlyAppModule(amg AppModuleGenesis) + +GenesisOnlyAppModule { + return GenesisOnlyAppModule{ + AppModuleGenesis: amg, +} +} + +// IsOnePerModuleType implements the depinject.OnePerModuleType interface. +func (GenesisOnlyAppModule) + +IsOnePerModuleType() { +} + +// IsAppModule implements the appmodule.AppModule interface. +func (GenesisOnlyAppModule) + +IsAppModule() { +} + +// RegisterInvariants is a placeholder function register no invariants +func (GenesisOnlyAppModule) + +RegisterInvariants(_ sdk.InvariantRegistry) { +} + +// ConsensusVersion implements AppModule/ConsensusVersion. +func (gam GenesisOnlyAppModule) + +ConsensusVersion() + +uint64 { + return 1 +} + +// Manager defines a module manager that provides the high level utility for managing and executing +// operations for a group of modules +type Manager struct { + Modules map[string]any // interface{ +} + +is used now to support the legacy AppModule as well as new core appmodule.AppModule. + OrderInitGenesis []string + OrderExportGenesis []string + OrderPreBlockers []string + OrderBeginBlockers []string + OrderEndBlockers []string + OrderPrepareCheckStaters []string + OrderPrecommiters []string + OrderMigrations []string +} + +// NewManager creates a new Manager object. +func NewManager(modules ...AppModule) *Manager { + moduleMap := make(map[string]any) + modulesStr := make([]string, 0, len(modules)) + preBlockModulesStr := make([]string, 0) + for _, module := range modules { + if _, ok := module.(appmodule.AppModule); !ok { + panic(fmt.Sprintf("module %s does not implement appmodule.AppModule", module.Name())) +} + +moduleMap[module.Name()] = module + modulesStr = append(modulesStr, module.Name()) + if _, ok := module.(appmodule.HasPreBlocker); ok { + preBlockModulesStr = append(preBlockModulesStr, module.Name()) +} + +} + +return &Manager{ + Modules: moduleMap, + OrderInitGenesis: modulesStr, + OrderExportGenesis: modulesStr, + OrderPreBlockers: preBlockModulesStr, + OrderBeginBlockers: modulesStr, + OrderPrepareCheckStaters: modulesStr, + OrderPrecommiters: modulesStr, + OrderEndBlockers: modulesStr, +} +} + +// NewManagerFromMap creates a new Manager object from a map of module names to module implementations. +// This method should be used for apps and modules which have migrated to the cosmossdk.io/core.appmodule.AppModule API. +func NewManagerFromMap(moduleMap map[string]appmodule.AppModule) *Manager { + simpleModuleMap := make(map[string]any) + modulesStr := make([]string, 0, len(simpleModuleMap)) + preBlockModulesStr := make([]string, 0) + for name, module := range moduleMap { + simpleModuleMap[name] = module + modulesStr = append(modulesStr, name) + if _, ok := module.(appmodule.HasPreBlocker); ok { + preBlockModulesStr = append(preBlockModulesStr, name) +} + +} + + // Sort the modules by name. Given that we are using a map above we can't guarantee the order. + sort.Strings(modulesStr) + +return &Manager{ + Modules: simpleModuleMap, + OrderInitGenesis: modulesStr, + OrderExportGenesis: modulesStr, + OrderPreBlockers: preBlockModulesStr, + OrderBeginBlockers: modulesStr, + OrderEndBlockers: modulesStr, + OrderPrecommiters: modulesStr, + OrderPrepareCheckStaters: modulesStr, +} +} + +// SetOrderInitGenesis sets the order of init genesis calls +func (m *Manager) + +SetOrderInitGenesis(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderInitGenesis", moduleNames, func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasGenesis := module.(appmodule.HasGenesis); hasGenesis { + return !hasGenesis +} + if _, hasABCIGenesis := module.(HasABCIGenesis); hasABCIGenesis { + return !hasABCIGenesis +} + + _, hasGenesis := module.(HasGenesis) + +return !hasGenesis +}) + +m.OrderInitGenesis = moduleNames +} + +// SetOrderExportGenesis sets the order of export genesis calls +func (m *Manager) + +SetOrderExportGenesis(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderExportGenesis", moduleNames, func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasGenesis := module.(appmodule.HasGenesis); hasGenesis { + return !hasGenesis +} + if _, hasABCIGenesis := module.(HasABCIGenesis); hasABCIGenesis { + return !hasABCIGenesis +} + + _, hasGenesis := module.(HasGenesis) + +return !hasGenesis +}) + +m.OrderExportGenesis = moduleNames +} + +// SetOrderPreBlockers sets the order of set pre-blocker calls +func (m *Manager) + +SetOrderPreBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPreBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasBlock := module.(appmodule.HasPreBlocker) + +return !hasBlock +}) + +m.OrderPreBlockers = moduleNames +} + +// SetOrderBeginBlockers sets the order of set begin-blocker calls +func (m *Manager) + +SetOrderBeginBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderBeginBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasBeginBlock := module.(appmodule.HasBeginBlocker) + +return !hasBeginBlock +}) + +m.OrderBeginBlockers = moduleNames +} + +// SetOrderEndBlockers sets the order of set end-blocker calls +func (m *Manager) + +SetOrderEndBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderEndBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasEndBlock := module.(appmodule.HasEndBlocker); hasEndBlock { + return !hasEndBlock +} + + _, hasABCIEndBlock := module.(HasABCIEndBlock) + +return !hasABCIEndBlock +}) + +m.OrderEndBlockers = moduleNames +} + +// SetOrderPrepareCheckStaters sets the order of set prepare-check-stater calls +func (m *Manager) + +SetOrderPrepareCheckStaters(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPrepareCheckStaters", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasPrepareCheckState := module.(appmodule.HasPrepareCheckState) + +return !hasPrepareCheckState +}) + +m.OrderPrepareCheckStaters = moduleNames +} + +// SetOrderPrecommiters sets the order of set precommiter calls +func (m *Manager) + +SetOrderPrecommiters(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPrecommiters", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasPrecommit := module.(appmodule.HasPrecommit) + +return !hasPrecommit +}) + +m.OrderPrecommiters = moduleNames +} + +// SetOrderMigrations sets the order of migrations to be run. If not set +// then migrations will be run with an order defined in `DefaultMigrationsOrder`. +func (m *Manager) + +SetOrderMigrations(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderMigrations", moduleNames, nil) + +m.OrderMigrations = moduleNames +} + +// RegisterInvariants registers all module invariants +// +// Deprecated: this function is a no-op and will be removed in the next release of the Cosmos SDK. +func (m *Manager) + +RegisterInvariants(_ sdk.InvariantRegistry) { +} + +// RegisterServices registers all module services +func (m *Manager) + +RegisterServices(cfg Configurator) + +error { + for _, module := range m.Modules { + if module, ok := module.(HasServices); ok { + module.RegisterServices(cfg) +} + if module, ok := module.(appmodule.HasServices); ok { + err := module.RegisterServices(cfg) + if err != nil { + return err +} + +} + if cfg.Error() != nil { + return cfg.Error() +} + +} + +return nil +} + +// InitGenesis performs init genesis functionality for modules. Exactly one +// module must return a non-empty validator set update to correctly initialize +// the chain. +func (m *Manager) + +InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, genesisData map[string]json.RawMessage) (*abci.ResponseInitChain, error) { + var validatorUpdates []abci.ValidatorUpdate + ctx.Logger().Info("initializing blockchain state from genesis.json") + for _, moduleName := range m.OrderInitGenesis { + if genesisData[moduleName] == nil { + continue +} + mod := m.Modules[moduleName] + // we might get an adapted module, a native core API module or a legacy module + if module, ok := mod.(appmodule.HasGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + // core API genesis + source, err := genesis.SourceFromRawJSON(genesisData[moduleName]) + if err != nil { + return &abci.ResponseInitChain{ +}, err +} + +err = module.InitGenesis(ctx, source) + if err != nil { + return &abci.ResponseInitChain{ +}, err +} + +} + +else if module, ok := mod.(HasGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + +module.InitGenesis(ctx, cdc, genesisData[moduleName]) +} + +else if module, ok := mod.(HasABCIGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + moduleValUpdates := module.InitGenesis(ctx, cdc, genesisData[moduleName]) + + // use these validator updates if provided, the module manager assumes + // only one module will update the validator set + if len(moduleValUpdates) > 0 { + if len(validatorUpdates) > 0 { + return &abci.ResponseInitChain{ +}, errors.New("validator InitGenesis updates already set by a previous module") +} + +validatorUpdates = moduleValUpdates +} + +} + +} + + // a chain must initialize with a non-empty validator set + if len(validatorUpdates) == 0 { + return &abci.ResponseInitChain{ +}, fmt.Errorf("validator set is empty after InitGenesis, please ensure at least one validator is initialized with a delegation greater than or equal to the DefaultPowerReduction (%d)", sdk.DefaultPowerReduction) +} + +return &abci.ResponseInitChain{ + Validators: validatorUpdates, +}, nil +} + +// ExportGenesis performs export genesis functionality for modules +func (m *Manager) + +ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec) (map[string]json.RawMessage, error) { + return m.ExportGenesisForModules(ctx, cdc, []string{ +}) +} + +// ExportGenesisForModules performs export genesis functionality for modules +func (m *Manager) + +ExportGenesisForModules(ctx sdk.Context, cdc codec.JSONCodec, modulesToExport []string) (map[string]json.RawMessage, error) { + if len(modulesToExport) == 0 { + modulesToExport = m.OrderExportGenesis +} + // verify modules exists in app, so that we don't panic in the middle of an export + if err := m.checkModulesExists(modulesToExport); err != nil { + return nil, err +} + +type genesisResult struct { + bz json.RawMessage + err error +} + channels := make(map[string]chan genesisResult) + for _, moduleName := range modulesToExport { + mod := m.Modules[moduleName] + if module, ok := mod.(appmodule.HasGenesis); ok { + // core API genesis + channels[moduleName] = make(chan genesisResult) + +go func(module appmodule.HasGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + target := genesis.RawJSONTarget{ +} + err := module.ExportGenesis(ctx, target.Target()) + if err != nil { + ch <- genesisResult{ + nil, err +} + +return +} + +rawJSON, err := target.JSON() + if err != nil { + ch <- genesisResult{ + nil, err +} + +return +} + +ch <- genesisResult{ + rawJSON, nil +} + +}(module, channels[moduleName]) +} + +else if module, ok := mod.(HasGenesis); ok { + channels[moduleName] = make(chan genesisResult) + +go func(module HasGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + ch <- genesisResult{ + module.ExportGenesis(ctx, cdc), nil +} + +}(module, channels[moduleName]) +} + +else if module, ok := mod.(HasABCIGenesis); ok { + channels[moduleName] = make(chan genesisResult) + +go func(module HasABCIGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + ch <- genesisResult{ + module.ExportGenesis(ctx, cdc), nil +} + +}(module, channels[moduleName]) +} + +} + genesisData := make(map[string]json.RawMessage) + for moduleName := range channels { + res := <-channels[moduleName] + if res.err != nil { + return nil, fmt.Errorf("genesis export error in %s: %w", moduleName, res.err) +} + +genesisData[moduleName] = res.bz +} + +return genesisData, nil +} + +// checkModulesExists verifies that all modules in the list exist in the app +func (m *Manager) + +checkModulesExists(moduleName []string) + +error { + for _, name := range moduleName { + if _, ok := m.Modules[name]; !ok { + return fmt.Errorf("module %s does not exist", name) +} + +} + +return nil +} + +// assertNoForgottenModules checks that we didn't forget any modules in the SetOrder* functions. +// `pass` is a closure which allows one to omit modules from `moduleNames`. +// If you provide non-nil `pass` and it returns true, the module would not be subject of the assertion. +func (m *Manager) + +assertNoForgottenModules(setOrderFnName string, moduleNames []string, pass func(moduleName string) + +bool) { + ms := make(map[string]bool) + for _, m := range moduleNames { + ms[m] = true +} + +var missing []string + for m := range m.Modules { + if pass != nil && pass(m) { + continue +} + if !ms[m] { + missing = append(missing, m) +} + +} + if len(missing) != 0 { + sort.Strings(missing) + +panic(fmt.Sprintf( + "all modules must be defined when setting %s, missing: %v", setOrderFnName, missing)) +} +} + +// MigrationHandler is the migration function that each module registers. +type MigrationHandler func(sdk.Context) + +error + +// VersionMap is a map of moduleName -> version +type VersionMap map[string]uint64 + +// RunMigrations performs in-place store migrations for all modules. This +// function MUST be called insde an x/upgrade UpgradeHandler. +// +// Recall that in an upgrade handler, the `fromVM` VersionMap is retrieved from +// x/upgrade's store, and the function needs to return the target VersionMap +// that will in turn be persisted to the x/upgrade's store. In general, +// returning RunMigrations should be enough: +// +// Example: +// +// cfg := module.NewConfigurator(...) +// app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx context.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { +// return app.mm.RunMigrations(ctx, cfg, fromVM) +// +}) +// +// Internally, RunMigrations will perform the following steps: +// - create an `updatedVM` VersionMap of module with their latest ConsensusVersion +// - make a diff of `fromVM` and `udpatedVM`, and for each module: +// - if the module's `fromVM` version is less than its `updatedVM` version, +// then run in-place store migrations for that module between those versions. +// - if the module does not exist in the `fromVM` (which means that it's a new module, +// because it was not in the previous x/upgrade's store), then run +// `InitGenesis` on that module. +// +// - return the `updatedVM` to be persisted in the x/upgrade's store. +// +// Migrations are run in an order defined by `Manager.OrderMigrations` or (if not set) + +defined by +// `DefaultMigrationsOrder` function. +// +// As an app developer, if you wish to skip running InitGenesis for your new +// module "foo", you need to manually pass a `fromVM` argument to this function +// foo's module version set to its latest ConsensusVersion. That way, the diff +// between the function's `fromVM` and `udpatedVM` will be empty, hence not +// running anything for foo. +// +// Example: +// +// cfg := module.NewConfigurator(...) +// app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx context.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { +// // Assume "foo" is a new module. +// // `fromVM` is fetched from existing x/upgrade store. Since foo didn't exist +// // before this upgrade, `v, exists := fromVM["foo"]; exists == false`, and RunMigration will by default +// // run InitGenesis on foo. +// // To skip running foo's InitGenesis, you need set `fromVM`'s foo to its latest +// // consensus version: +// fromVM["foo"] = foo.AppModule{ +}.ConsensusVersion() +// +// return app.mm.RunMigrations(ctx, cfg, fromVM) +// +}) +// +// Please also refer to https://docs.cosmos.network/main/core/upgrade for more information. +func (m Manager) + +RunMigrations(ctx context.Context, cfg Configurator, fromVM VersionMap) (VersionMap, error) { + c, ok := cfg.(*configurator) + if !ok { + return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidType, "expected %T, got %T", &configurator{ +}, cfg) +} + modules := m.OrderMigrations + if modules == nil { + modules = DefaultMigrationsOrder(m.ModuleNames()) +} + sdkCtx := sdk.UnwrapSDKContext(ctx) + updatedVM := VersionMap{ +} + for _, moduleName := range modules { + module := m.Modules[moduleName] + fromVersion, exists := fromVM[moduleName] + toVersion := uint64(0) + if module, ok := module.(HasConsensusVersion); ok { + toVersion = module.ConsensusVersion() +} + + // We run migration if the module is specified in `fromVM`. + // Otherwise we run InitGenesis. + // + // The module won't exist in the fromVM in two cases: + // 1. A new module is added. In this case we run InitGenesis with an + // empty genesis state. + // 2. An existing chain is upgrading from version < 0.43 to v0.43+ for the first time. + // In this case, all modules have yet to be added to x/upgrade's VersionMap store. + if exists { + err := c.runModuleMigrations(sdkCtx, moduleName, fromVersion, toVersion) + if err != nil { + return nil, err +} + +} + +else { + sdkCtx.Logger().Info(fmt.Sprintf("adding a new module: %s", moduleName)) + if module, ok := m.Modules[moduleName].(HasGenesis); ok { + module.InitGenesis(sdkCtx, c.cdc, module.DefaultGenesis(c.cdc)) +} + if module, ok := m.Modules[moduleName].(HasABCIGenesis); ok { + moduleValUpdates := module.InitGenesis(sdkCtx, c.cdc, module.DefaultGenesis(c.cdc)) + // The module manager assumes only one module will update the + // validator set, and it can't be a new module. + if len(moduleValUpdates) > 0 { + return nil, errorsmod.Wrapf(sdkerrors.ErrLogic, "validator InitGenesis update is already set by another module") +} + +} + +} + +updatedVM[moduleName] = toVersion +} + +return updatedVM, nil +} + +// PreBlock performs begin block functionality for upgrade module. +// It takes the current context as a parameter and returns a boolean value +// indicating whether the migration was successfully executed or not. +func (m *Manager) + +PreBlock(ctx sdk.Context) (*sdk.ResponsePreBlock, error) { + paramsChanged := false + for _, moduleName := range m.OrderPreBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasPreBlocker); ok { + rsp, err := module.PreBlock(ctx) + if err != nil { + return nil, err +} + if rsp.IsConsensusParamsChanged() { + paramsChanged = true +} + +} + +} + +return &sdk.ResponsePreBlock{ + ConsensusParamsChanged: paramsChanged, +}, nil +} + +// BeginBlock performs begin block functionality for all modules. It creates a +// child context with an event manager to aggregate events emitted from all +// modules. +func (m *Manager) + +BeginBlock(ctx sdk.Context) (sdk.BeginBlock, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + for _, moduleName := range m.OrderBeginBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasBeginBlocker); ok { + if err := module.BeginBlock(ctx); err != nil { + return sdk.BeginBlock{ +}, err +} + +} + +} + +return sdk.BeginBlock{ + Events: ctx.EventManager().ABCIEvents(), +}, nil +} + +// EndBlock performs end block functionality for all modules. It creates a +// child context with an event manager to aggregate events emitted from all +// modules. +func (m *Manager) + +EndBlock(ctx sdk.Context) (sdk.EndBlock, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + validatorUpdates := []abci.ValidatorUpdate{ +} + for _, moduleName := range m.OrderEndBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasEndBlocker); ok { + err := module.EndBlock(ctx) + if err != nil { + return sdk.EndBlock{ +}, err +} + +} + +else if module, ok := m.Modules[moduleName].(HasABCIEndBlock); ok { + moduleValUpdates, err := module.EndBlock(ctx) + if err != nil { + return sdk.EndBlock{ +}, err +} + // use these validator updates if provided, the module manager assumes + // only one module will update the validator set + if len(moduleValUpdates) > 0 { + if len(validatorUpdates) > 0 { + return sdk.EndBlock{ +}, errors.New("validator EndBlock updates already set by a previous module") +} + for _, updates := range moduleValUpdates { + validatorUpdates = append(validatorUpdates, abci.ValidatorUpdate{ + PubKey: updates.PubKey, + Power: updates.Power +}) +} + +} + +} + +else { + continue +} + +} + +return sdk.EndBlock{ + ValidatorUpdates: validatorUpdates, + Events: ctx.EventManager().ABCIEvents(), +}, nil +} + +// Precommit performs precommit functionality for all modules. +func (m *Manager) + +Precommit(ctx sdk.Context) + +error { + for _, moduleName := range m.OrderPrecommiters { + module, ok := m.Modules[moduleName].(appmodule.HasPrecommit) + if !ok { + continue +} + if err := module.Precommit(ctx); err != nil { + return err +} + +} + +return nil +} + +// PrepareCheckState performs functionality for preparing the check state for all modules. +func (m *Manager) + +PrepareCheckState(ctx sdk.Context) + +error { + for _, moduleName := range m.OrderPrepareCheckStaters { + module, ok := m.Modules[moduleName].(appmodule.HasPrepareCheckState) + if !ok { + continue +} + if err := module.PrepareCheckState(ctx); err != nil { + return err +} + +} + +return nil +} + +// GetVersionMap gets consensus version from all modules +func (m *Manager) + +GetVersionMap() + +VersionMap { + vermap := make(VersionMap) + for name, v := range m.Modules { + version := uint64(0) + if v, ok := v.(HasConsensusVersion); ok { + version = v.ConsensusVersion() +} + +vermap[name] = version +} + +return vermap +} + +// ModuleNames returns list of all module names, without any particular order. +func (m *Manager) + +ModuleNames() []string { + return slices.Collect(maps.Keys(m.Modules)) +} + +// DefaultMigrationsOrder returns a default migrations order: ascending alphabetical by module name, +// except x/auth which will run last, see: +// https://github.com/cosmos/cosmos-sdk/issues/10591 +func DefaultMigrationsOrder(modules []string) []string { + const authName = "auth" + out := make([]string, 0, len(modules)) + hasAuth := false + for _, m := range modules { + if m == authName { + hasAuth = true +} + +else { + out = append(out, m) +} + +} + +sort.Strings(out) + if hasAuth { + out = append(out, authName) +} + +return out +} +``` + +Let us go through the methods: + +* `DefaultGenesis(codec.JSONCodec)`: Returns a default [`GenesisState`](/docs/sdk/vnext/build/building-modules/genesis#genesisstate) for the module, marshalled to `json.RawMessage`. The default `GenesisState` need to be defined by the module developer and is primarily used for testing. +* `ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage)`: Used to validate the `GenesisState` defined by a module, given in its `json.RawMessage` form. It will usually unmarshall the `json` before running a custom [`ValidateGenesis`](/docs/sdk/vnext/build/building-modules/genesis#validategenesis) function defined by the module developer. + +#### `module.HasGenesis` + +`HasGenesis` is an extension interface for allowing modules to implement genesis functionalities. + +```go expandable +/* +Package module contains application module patterns and associated "manager" functionality. +The module pattern has been broken down by: + - independent module functionality (AppModuleBasic) + - inter-dependent module simulation functionality (AppModuleSimulation) + - inter-dependent module full functionality (AppModule) + +inter-dependent module functionality is module functionality which somehow +depends on other modules, typically through the module keeper. Many of the +module keepers are dependent on each other, thus in order to access the full +set of module functionality we need to define all the keepers/params-store/keys +etc. This full set of advanced functionality is defined by the AppModule interface. + +Independent module functions are separated to allow for the construction of the +basic application structures required early on in the application definition +and used to enable the definition of full module functionality later in the +process. This separation is necessary, however we still want to allow for a +high level pattern for modules to follow - for instance, such that we don't +have to manually register all of the codecs for all the modules. This basic +procedure as well as other basic patterns are handled through the use of +BasicManager. + +Lastly the interface for genesis functionality (HasGenesis & HasABCIGenesis) + +has been +separated out from full module functionality (AppModule) + +so that modules which +are only used for genesis can take advantage of the Module patterns without +needlessly defining many placeholder functions +*/ +package module + +import ( + + "context" + "encoding/json" + "errors" + "fmt" + "sort" + + abci "github.com/cometbft/cometbft/abci/types" + "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/spf13/cobra" + "golang.org/x/exp/maps" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/core/genesis" + errorsmod "cosmossdk.io/errors" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" +) + +// AppModuleBasic is the standard form for basic non-dependant elements of an application module. +type AppModuleBasic interface { + HasName + RegisterLegacyAminoCodec(*codec.LegacyAmino) + +RegisterInterfaces(types.InterfaceRegistry) + +RegisterGRPCGatewayRoutes(client.Context, *runtime.ServeMux) +} + +// HasName allows the module to provide its own name for legacy purposes. +// Newer apps should specify the name for their modules using a map +// using NewManagerFromMap. +type HasName interface { + Name() + +string +} + +// HasGenesisBasics is the legacy interface for stateless genesis methods. +type HasGenesisBasics interface { + DefaultGenesis(codec.JSONCodec) + +json.RawMessage + ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage) + +error +} + +// BasicManager is a collection of AppModuleBasic +type BasicManager map[string]AppModuleBasic + +// NewBasicManager creates a new BasicManager object +func NewBasicManager(modules ...AppModuleBasic) + +BasicManager { + moduleMap := make(map[string]AppModuleBasic) + for _, module := range modules { + moduleMap[module.Name()] = module +} + +return moduleMap +} + +// NewBasicManagerFromManager creates a new BasicManager from a Manager +// The BasicManager will contain all AppModuleBasic from the AppModule Manager +// Module's AppModuleBasic can be overridden by passing a custom AppModuleBasic map +func NewBasicManagerFromManager(manager *Manager, customModuleBasics map[string]AppModuleBasic) + +BasicManager { + moduleMap := make(map[string]AppModuleBasic) + for name, module := range manager.Modules { + if customBasicMod, ok := customModuleBasics[name]; ok { + moduleMap[name] = customBasicMod + continue +} + if appModule, ok := module.(appmodule.AppModule); ok { + moduleMap[name] = CoreAppModuleBasicAdaptor(name, appModule) + +continue +} + if basicMod, ok := module.(AppModuleBasic); ok { + moduleMap[name] = basicMod +} + +} + +return moduleMap +} + +// RegisterLegacyAminoCodec registers all module codecs +func (bm BasicManager) + +RegisterLegacyAminoCodec(cdc *codec.LegacyAmino) { + for _, b := range bm { + b.RegisterLegacyAminoCodec(cdc) +} +} + +// RegisterInterfaces registers all module interface types +func (bm BasicManager) + +RegisterInterfaces(registry types.InterfaceRegistry) { + for _, m := range bm { + m.RegisterInterfaces(registry) +} +} + +// DefaultGenesis provides default genesis information for all modules +func (bm BasicManager) + +DefaultGenesis(cdc codec.JSONCodec) + +map[string]json.RawMessage { + genesisData := make(map[string]json.RawMessage) + for _, b := range bm { + if mod, ok := b.(HasGenesisBasics); ok { + genesisData[b.Name()] = mod.DefaultGenesis(cdc) +} + +} + +return genesisData +} + +// ValidateGenesis performs genesis state validation for all modules +func (bm BasicManager) + +ValidateGenesis(cdc codec.JSONCodec, txEncCfg client.TxEncodingConfig, genesisData map[string]json.RawMessage) + +error { + for _, b := range bm { + // first check if the module is an adapted Core API Module + if mod, ok := b.(HasGenesisBasics); ok { + if err := mod.ValidateGenesis(cdc, txEncCfg, genesisData[b.Name()]); err != nil { + return err +} + +} + +} + +return nil +} + +// RegisterGRPCGatewayRoutes registers all module rest routes +func (bm BasicManager) + +RegisterGRPCGatewayRoutes(clientCtx client.Context, rtr *runtime.ServeMux) { + for _, b := range bm { + b.RegisterGRPCGatewayRoutes(clientCtx, rtr) +} +} + +// AddTxCommands adds all tx commands to the rootTxCmd. +func (bm BasicManager) + +AddTxCommands(rootTxCmd *cobra.Command) { + for _, b := range bm { + if mod, ok := b.(interface { + GetTxCmd() *cobra.Command +}); ok { + if cmd := mod.GetTxCmd(); cmd != nil { + rootTxCmd.AddCommand(cmd) +} + +} + +} +} + +// AddQueryCommands adds all query commands to the rootQueryCmd. +func (bm BasicManager) + +AddQueryCommands(rootQueryCmd *cobra.Command) { + for _, b := range bm { + if mod, ok := b.(interface { + GetQueryCmd() *cobra.Command +}); ok { + if cmd := mod.GetQueryCmd(); cmd != nil { + rootQueryCmd.AddCommand(cmd) +} + +} + +} +} + +// HasGenesis is the extension interface for stateful genesis methods. +type HasGenesis interface { + HasGenesisBasics + InitGenesis(sdk.Context, codec.JSONCodec, json.RawMessage) + +ExportGenesis(sdk.Context, codec.JSONCodec) + +json.RawMessage +} + +// HasABCIGenesis is the extension interface for stateful genesis methods which returns validator updates. +type HasABCIGenesis interface { + HasGenesisBasics + InitGenesis(sdk.Context, codec.JSONCodec, json.RawMessage) []abci.ValidatorUpdate + ExportGenesis(sdk.Context, codec.JSONCodec) + +json.RawMessage +} + +// AppModule is the form for an application module. Most of +// its functionality has been moved to extension interfaces. +type AppModule interface { + AppModuleBasic +} + +// HasInvariants is the interface for registering invariants. +type HasInvariants interface { + // RegisterInvariants registers module invariants. + RegisterInvariants(sdk.InvariantRegistry) +} + +// HasServices is the interface for modules to register services. +type HasServices interface { + // RegisterServices allows a module to register services. + RegisterServices(Configurator) +} + +// HasConsensusVersion is the interface for declaring a module consensus version. +type HasConsensusVersion interface { + // ConsensusVersion is a sequence number for state-breaking change of the + // module. It should be incremented on each consensus-breaking change + // introduced by the module. To avoid wrong/empty versions, the initial version + // should be set to 1. + ConsensusVersion() + +uint64 +} + +type HasABCIEndblock interface { + AppModule + EndBlock(context.Context) ([]abci.ValidatorUpdate, error) +} + +var ( + _ appmodule.AppModule = (*GenesisOnlyAppModule)(nil) + _ AppModuleBasic = (*GenesisOnlyAppModule)(nil) +) + +// genesisOnlyModule is an interface need to return GenesisOnlyAppModule struct in order to wrap two interfaces +type genesisOnlyModule interface { + AppModuleBasic + HasABCIGenesis +} + +// GenesisOnlyAppModule is an AppModule that only has import/export functionality +type GenesisOnlyAppModule struct { + genesisOnlyModule +} + +// NewGenesisOnlyAppModule creates a new GenesisOnlyAppModule object +func NewGenesisOnlyAppModule(amg genesisOnlyModule) + +GenesisOnlyAppModule { + return GenesisOnlyAppModule{ + genesisOnlyModule: amg, +} +} + +// IsOnePerModuleType implements the depinject.OnePerModuleType interface. +func (GenesisOnlyAppModule) + +IsOnePerModuleType() { +} + +// IsAppModule implements the appmodule.AppModule interface. +func (GenesisOnlyAppModule) + +IsAppModule() { +} + +// RegisterInvariants is a placeholder function register no invariants +func (GenesisOnlyAppModule) + +RegisterInvariants(_ sdk.InvariantRegistry) { +} + +// ConsensusVersion implements AppModule/ConsensusVersion. +func (gam GenesisOnlyAppModule) + +ConsensusVersion() + +uint64 { + return 1 +} + +// Manager defines a module manager that provides the high level utility for managing and executing +// operations for a group of modules +type Manager struct { + Modules map[string]interface{ +} // interface{ +} + +is used now to support the legacy AppModule as well as new core appmodule.AppModule. + OrderInitGenesis []string + OrderExportGenesis []string + OrderBeginBlockers []string + OrderEndBlockers []string + OrderPrepareCheckStaters []string + OrderPrecommiters []string + OrderMigrations []string +} + +// NewManager creates a new Manager object. +func NewManager(modules ...AppModule) *Manager { + moduleMap := make(map[string]interface{ +}) + modulesStr := make([]string, 0, len(modules)) + for _, module := range modules { + moduleMap[module.Name()] = module + modulesStr = append(modulesStr, module.Name()) +} + +return &Manager{ + Modules: moduleMap, + OrderInitGenesis: modulesStr, + OrderExportGenesis: modulesStr, + OrderBeginBlockers: modulesStr, + OrderPrepareCheckStaters: modulesStr, + OrderPrecommiters: modulesStr, + OrderEndBlockers: modulesStr, +} +} + +// NewManagerFromMap creates a new Manager object from a map of module names to module implementations. +// This method should be used for apps and modules which have migrated to the cosmossdk.io/core.appmodule.AppModule API. +func NewManagerFromMap(moduleMap map[string]appmodule.AppModule) *Manager { + simpleModuleMap := make(map[string]interface{ +}) + modulesStr := make([]string, 0, len(simpleModuleMap)) + for name, module := range moduleMap { + simpleModuleMap[name] = module + modulesStr = append(modulesStr, name) +} + + // Sort the modules by name. Given that we are using a map above we can't guarantee the order. + sort.Strings(modulesStr) + +return &Manager{ + Modules: simpleModuleMap, + OrderInitGenesis: modulesStr, + OrderExportGenesis: modulesStr, + OrderBeginBlockers: modulesStr, + OrderEndBlockers: modulesStr, + OrderPrecommiters: modulesStr, + OrderPrepareCheckStaters: modulesStr, +} +} + +// SetOrderInitGenesis sets the order of init genesis calls +func (m *Manager) + +SetOrderInitGenesis(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderInitGenesis", moduleNames, func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasGenesis := module.(appmodule.HasGenesis); hasGenesis { + return !hasGenesis +} + if _, hasABCIGenesis := module.(HasABCIGenesis); hasABCIGenesis { + return !hasABCIGenesis +} + + _, hasGenesis := module.(HasGenesis) + +return !hasGenesis +}) + +m.OrderInitGenesis = moduleNames +} + +// SetOrderExportGenesis sets the order of export genesis calls +func (m *Manager) + +SetOrderExportGenesis(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderExportGenesis", moduleNames, func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasGenesis := module.(appmodule.HasGenesis); hasGenesis { + return !hasGenesis +} + if _, hasABCIGenesis := module.(HasABCIGenesis); hasABCIGenesis { + return !hasABCIGenesis +} + + _, hasGenesis := module.(HasGenesis) + +return !hasGenesis +}) + +m.OrderExportGenesis = moduleNames +} + +// SetOrderBeginBlockers sets the order of set begin-blocker calls +func (m *Manager) + +SetOrderBeginBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderBeginBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasBeginBlock := module.(appmodule.HasBeginBlocker) + +return !hasBeginBlock +}) + +m.OrderBeginBlockers = moduleNames +} + +// SetOrderEndBlockers sets the order of set end-blocker calls +func (m *Manager) + +SetOrderEndBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderEndBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasEndBlock := module.(appmodule.HasEndBlocker); hasEndBlock { + return !hasEndBlock +} + + _, hasABCIEndBlock := module.(HasABCIEndblock) + +return !hasABCIEndBlock +}) + +m.OrderEndBlockers = moduleNames +} + +// SetOrderPrepareCheckStaters sets the order of set prepare-check-stater calls +func (m *Manager) + +SetOrderPrepareCheckStaters(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPrepareCheckStaters", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasPrepareCheckState := module.(appmodule.HasPrepareCheckState) + +return !hasPrepareCheckState +}) + +m.OrderPrepareCheckStaters = moduleNames +} + +// SetOrderPrecommiters sets the order of set precommiter calls +func (m *Manager) + +SetOrderPrecommiters(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPrecommiters", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasPrecommit := module.(appmodule.HasPrecommit) + +return !hasPrecommit +}) + +m.OrderPrecommiters = moduleNames +} + +// SetOrderMigrations sets the order of migrations to be run. If not set +// then migrations will be run with an order defined in `DefaultMigrationsOrder`. +func (m *Manager) + +SetOrderMigrations(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderMigrations", moduleNames, nil) + +m.OrderMigrations = moduleNames +} + +// RegisterInvariants registers all module invariants +func (m *Manager) + +RegisterInvariants(ir sdk.InvariantRegistry) { + for _, module := range m.Modules { + if module, ok := module.(HasInvariants); ok { + module.RegisterInvariants(ir) +} + +} +} + +// RegisterServices registers all module services +func (m *Manager) + +RegisterServices(cfg Configurator) + +error { + for _, module := range m.Modules { + if module, ok := module.(HasServices); ok { + module.RegisterServices(cfg) +} + if module, ok := module.(appmodule.HasServices); ok { + err := module.RegisterServices(cfg) + if err != nil { + return err +} + +} + if cfg.Error() != nil { + return cfg.Error() +} + +} + +return nil +} + +// InitGenesis performs init genesis functionality for modules. Exactly one +// module must return a non-empty validator set update to correctly initialize +// the chain. +func (m *Manager) + +InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, genesisData map[string]json.RawMessage) (*abci.ResponseInitChain, error) { + var validatorUpdates []abci.ValidatorUpdate + ctx.Logger().Info("initializing blockchain state from genesis.json") + for _, moduleName := range m.OrderInitGenesis { + if genesisData[moduleName] == nil { + continue +} + mod := m.Modules[moduleName] + // we might get an adapted module, a native core API module or a legacy module + if module, ok := mod.(appmodule.HasGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + // core API genesis + source, err := genesis.SourceFromRawJSON(genesisData[moduleName]) + if err != nil { + return &abci.ResponseInitChain{ +}, err +} + +err = module.InitGenesis(ctx, source) + if err != nil { + return &abci.ResponseInitChain{ +}, err +} + +} + +else if module, ok := mod.(HasGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + +module.InitGenesis(ctx, cdc, genesisData[moduleName]) +} + +else if module, ok := mod.(HasABCIGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + moduleValUpdates := module.InitGenesis(ctx, cdc, genesisData[moduleName]) + + // use these validator updates if provided, the module manager assumes + // only one module will update the validator set + if len(moduleValUpdates) > 0 { + if len(validatorUpdates) > 0 { + return &abci.ResponseInitChain{ +}, errors.New("validator InitGenesis updates already set by a previous module") +} + +validatorUpdates = moduleValUpdates +} + +} + +} + + // a chain must initialize with a non-empty validator set + if len(validatorUpdates) == 0 { + return &abci.ResponseInitChain{ +}, fmt.Errorf("validator set is empty after InitGenesis, please ensure at least one validator is initialized with a delegation greater than or equal to the DefaultPowerReduction (%d)", sdk.DefaultPowerReduction) +} + +return &abci.ResponseInitChain{ + Validators: validatorUpdates, +}, nil +} + +// ExportGenesis performs export genesis functionality for modules +func (m *Manager) + +ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec) (map[string]json.RawMessage, error) { + return m.ExportGenesisForModules(ctx, cdc, []string{ +}) +} + +// ExportGenesisForModules performs export genesis functionality for modules +func (m *Manager) + +ExportGenesisForModules(ctx sdk.Context, cdc codec.JSONCodec, modulesToExport []string) (map[string]json.RawMessage, error) { + if len(modulesToExport) == 0 { + modulesToExport = m.OrderExportGenesis +} + // verify modules exists in app, so that we don't panic in the middle of an export + if err := m.checkModulesExists(modulesToExport); err != nil { + return nil, err +} + +type genesisResult struct { + bz json.RawMessage + err error +} + channels := make(map[string]chan genesisResult) + for _, moduleName := range modulesToExport { + mod := m.Modules[moduleName] + if module, ok := mod.(appmodule.HasGenesis); ok { + // core API genesis + channels[moduleName] = make(chan genesisResult) + +go func(module appmodule.HasGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + target := genesis.RawJSONTarget{ +} + err := module.ExportGenesis(ctx, target.Target()) + if err != nil { + ch <- genesisResult{ + nil, err +} + +return +} + +rawJSON, err := target.JSON() + if err != nil { + ch <- genesisResult{ + nil, err +} + +return +} + +ch <- genesisResult{ + rawJSON, nil +} + +}(module, channels[moduleName]) +} + +else if module, ok := mod.(HasGenesis); ok { + channels[moduleName] = make(chan genesisResult) + +go func(module HasGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + ch <- genesisResult{ + module.ExportGenesis(ctx, cdc), nil +} + +}(module, channels[moduleName]) +} + +else if module, ok := mod.(HasABCIGenesis); ok { + channels[moduleName] = make(chan genesisResult) + +go func(module HasABCIGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + ch <- genesisResult{ + module.ExportGenesis(ctx, cdc), nil +} + +}(module, channels[moduleName]) +} + +} + genesisData := make(map[string]json.RawMessage) + for moduleName := range channels { + res := <-channels[moduleName] + if res.err != nil { + return nil, res.err +} + +genesisData[moduleName] = res.bz +} + +return genesisData, nil +} + +// checkModulesExists verifies that all modules in the list exist in the app +func (m *Manager) + +checkModulesExists(moduleName []string) + +error { + for _, name := range moduleName { + if _, ok := m.Modules[name]; !ok { + return fmt.Errorf("module %s does not exist", name) +} + +} + +return nil +} + +// assertNoForgottenModules checks that we didn't forget any modules in the SetOrder* functions. +// `pass` is a closure which allows one to omit modules from `moduleNames`. +// If you provide non-nil `pass` and it returns true, the module would not be subject of the assertion. +func (m *Manager) + +assertNoForgottenModules(setOrderFnName string, moduleNames []string, pass func(moduleName string) + +bool) { + ms := make(map[string]bool) + for _, m := range moduleNames { + ms[m] = true +} + +var missing []string + for m := range m.Modules { + m := m + if pass != nil && pass(m) { + continue +} + if !ms[m] { + missing = append(missing, m) +} + +} + if len(missing) != 0 { + sort.Strings(missing) + +panic(fmt.Sprintf( + "all modules must be defined when setting %s, missing: %v", setOrderFnName, missing)) +} +} + +// MigrationHandler is the migration function that each module registers. +type MigrationHandler func(sdk.Context) + +error + +// VersionMap is a map of moduleName -> version +type VersionMap map[string]uint64 + +// RunMigrations performs in-place store migrations for all modules. This +// function MUST be called insde an x/upgrade UpgradeHandler. +// +// Recall that in an upgrade handler, the `fromVM` VersionMap is retrieved from +// x/upgrade's store, and the function needs to return the target VersionMap +// that will in turn be persisted to the x/upgrade's store. In general, +// returning RunMigrations should be enough: +// +// Example: +// +// cfg := module.NewConfigurator(...) +// app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx context.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { +// return app.mm.RunMigrations(ctx, cfg, fromVM) +// +}) +// +// Internally, RunMigrations will perform the following steps: +// - create an `updatedVM` VersionMap of module with their latest ConsensusVersion +// - make a diff of `fromVM` and `udpatedVM`, and for each module: +// - if the module's `fromVM` version is less than its `updatedVM` version, +// then run in-place store migrations for that module between those versions. +// - if the module does not exist in the `fromVM` (which means that it's a new module, +// because it was not in the previous x/upgrade's store), then run +// `InitGenesis` on that module. +// +// - return the `updatedVM` to be persisted in the x/upgrade's store. +// +// Migrations are run in an order defined by `Manager.OrderMigrations` or (if not set) + +defined by +// `DefaultMigrationsOrder` function. +// +// As an app developer, if you wish to skip running InitGenesis for your new +// module "foo", you need to manually pass a `fromVM` argument to this function +// foo's module version set to its latest ConsensusVersion. That way, the diff +// between the function's `fromVM` and `udpatedVM` will be empty, hence not +// running anything for foo. +// +// Example: +// +// cfg := module.NewConfigurator(...) +// app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx context.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { +// // Assume "foo" is a new module. +// // `fromVM` is fetched from existing x/upgrade store. Since foo didn't exist +// // before this upgrade, `v, exists := fromVM["foo"]; exists == false`, and RunMigration will by default +// // run InitGenesis on foo. +// // To skip running foo's InitGenesis, you need set `fromVM`'s foo to its latest +// // consensus version: +// fromVM["foo"] = foo.AppModule{ +}.ConsensusVersion() +// +// return app.mm.RunMigrations(ctx, cfg, fromVM) +// +}) +// +// Please also refer to https://docs.cosmos.network/main/core/upgrade for more information. +func (m Manager) + +RunMigrations(ctx context.Context, cfg Configurator, fromVM VersionMap) (VersionMap, error) { + c, ok := cfg.(*configurator) + if !ok { + return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidType, "expected %T, got %T", &configurator{ +}, cfg) +} + modules := m.OrderMigrations + if modules == nil { + modules = DefaultMigrationsOrder(m.ModuleNames()) +} + sdkCtx := sdk.UnwrapSDKContext(ctx) + updatedVM := VersionMap{ +} + for _, moduleName := range modules { + module := m.Modules[moduleName] + fromVersion, exists := fromVM[moduleName] + toVersion := uint64(0) + if module, ok := module.(HasConsensusVersion); ok { + toVersion = module.ConsensusVersion() +} + + // We run migration if the module is specified in `fromVM`. + // Otherwise we run InitGenesis. + // + // The module won't exist in the fromVM in two cases: + // 1. A new module is added. In this case we run InitGenesis with an + // empty genesis state. + // 2. An existing chain is upgrading from version < 0.43 to v0.43+ for the first time. + // In this case, all modules have yet to be added to x/upgrade's VersionMap store. + if exists { + err := c.runModuleMigrations(sdkCtx, moduleName, fromVersion, toVersion) + if err != nil { + return nil, err +} + +} + +else { + sdkCtx.Logger().Info(fmt.Sprintf("adding a new module: %s", moduleName)) + +module1, ok := m.Modules[moduleName].(HasGenesis) + if ok { + module1.InitGenesis(sdkCtx, c.cdc, module1.DefaultGenesis(c.cdc)) +} + if module2, ok := m.Modules[moduleName].(HasABCIGenesis); ok { + moduleValUpdates := module2.InitGenesis(sdkCtx, c.cdc, module1.DefaultGenesis(c.cdc)) + // The module manager assumes only one module will update the + // validator set, and it can't be a new module. + if len(moduleValUpdates) > 0 { + return nil, errorsmod.Wrapf(sdkerrors.ErrLogic, "validator InitGenesis update is already set by another module") +} + +} + +} + +updatedVM[moduleName] = toVersion +} + +return updatedVM, nil +} + +// RunMigrationBeginBlock performs begin block functionality for upgrade module. +// It takes the current context as a parameter and returns a boolean value +// indicating whether the migration was executed or not and an error if fails. +func (m *Manager) + +RunMigrationBeginBlock(ctx sdk.Context) (bool, error) { + for _, moduleName := range m.OrderBeginBlockers { + if mod, ok := m.Modules[moduleName].(appmodule.HasBeginBlocker); ok { + if _, ok := mod.(appmodule.UpgradeModule); ok { + err := mod.BeginBlock(ctx) + +return err == nil, err +} + +} + +} + +return false, nil +} + +// BeginBlock performs begin block functionality for non-upgrade modules. It creates a +// child context with an event manager to aggregate events emitted from non-upgrade +// modules. +func (m *Manager) + +BeginBlock(ctx sdk.Context) (sdk.BeginBlock, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + for _, moduleName := range m.OrderBeginBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasBeginBlocker); ok { + if _, ok := module.(appmodule.UpgradeModule); !ok { + if err := module.BeginBlock(ctx); err != nil { + return sdk.BeginBlock{ +}, err +} + +} + +} + +} + +return sdk.BeginBlock{ + Events: ctx.EventManager().ABCIEvents(), +}, nil +} + +// EndBlock performs end block functionality for all modules. It creates a +// child context with an event manager to aggregate events emitted from all +// modules. +func (m *Manager) + +EndBlock(ctx sdk.Context) (sdk.EndBlock, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + validatorUpdates := []abci.ValidatorUpdate{ +} + for _, moduleName := range m.OrderEndBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasEndBlocker); ok { + err := module.EndBlock(ctx) + if err != nil { + return sdk.EndBlock{ +}, err +} + +} + +else if module, ok := m.Modules[moduleName].(HasABCIEndblock); ok { + moduleValUpdates, err := module.EndBlock(ctx) + if err != nil { + return sdk.EndBlock{ +}, err +} + // use these validator updates if provided, the module manager assumes + // only one module will update the validator set + if len(moduleValUpdates) > 0 { + if len(validatorUpdates) > 0 { + return sdk.EndBlock{ +}, errors.New("validator EndBlock updates already set by a previous module") +} + for _, updates := range moduleValUpdates { + validatorUpdates = append(validatorUpdates, abci.ValidatorUpdate{ + PubKey: updates.PubKey, + Power: updates.Power +}) +} + +} + +} + +else { + continue +} + +} + +return sdk.EndBlock{ + ValidatorUpdates: validatorUpdates, + Events: ctx.EventManager().ABCIEvents(), +}, nil +} + +// Precommit performs precommit functionality for all modules. +func (m *Manager) + +Precommit(ctx sdk.Context) + +error { + for _, moduleName := range m.OrderPrecommiters { + module, ok := m.Modules[moduleName].(appmodule.HasPrecommit) + if !ok { + continue +} + if err := module.Precommit(ctx); err != nil { + return err +} + +} + +return nil +} + +// PrepareCheckState performs functionality for preparing the check state for all modules. +func (m *Manager) + +PrepareCheckState(ctx sdk.Context) + +error { + for _, moduleName := range m.OrderPrepareCheckStaters { + module, ok := m.Modules[moduleName].(appmodule.HasPrepareCheckState) + if !ok { + continue +} + if err := module.PrepareCheckState(ctx); err != nil { + return err +} + +} + +return nil +} + +// GetVersionMap gets consensus version from all modules +func (m *Manager) + +GetVersionMap() + +VersionMap { + vermap := make(VersionMap) + for name, v := range m.Modules { + version := uint64(0) + if v, ok := v.(HasConsensusVersion); ok { + version = v.ConsensusVersion() +} + name := name + vermap[name] = version +} + +return vermap +} + +// ModuleNames returns list of all module names, without any particular order. +func (m *Manager) + +ModuleNames() []string { + return maps.Keys(m.Modules) +} + +// DefaultMigrationsOrder returns a default migrations order: ascending alphabetical by module name, +// except x/auth which will run last, see: +// https://github.com/cosmos/cosmos-sdk/issues/10591 +func DefaultMigrationsOrder(modules []string) []string { + const authName = "auth" + out := make([]string, 0, len(modules)) + hasAuth := false + for _, m := range modules { + if m == authName { + hasAuth = true +} + +else { + out = append(out, m) +} + +} + +sort.Strings(out) + if hasAuth { + out = append(out, authName) +} + +return out +} +``` + +#### `module.HasABCIGenesis` + +`HasABCIGenesis` is an extension interface for allowing modules to implement genesis functionalities and returns validator set updates. + +```go expandable +/* +Package module contains application module patterns and associated "manager" functionality. +The module pattern has been broken down by: + - independent module functionality (AppModuleBasic) + - inter-dependent module simulation functionality (AppModuleSimulation) + - inter-dependent module full functionality (AppModule) + +inter-dependent module functionality is module functionality which somehow +depends on other modules, typically through the module keeper. Many of the +module keepers are dependent on each other, thus in order to access the full +set of module functionality we need to define all the keepers/params-store/keys +etc. This full set of advanced functionality is defined by the AppModule interface. + +Independent module functions are separated to allow for the construction of the +basic application structures required early on in the application definition +and used to enable the definition of full module functionality later in the +process. This separation is necessary, however we still want to allow for a +high level pattern for modules to follow - for instance, such that we don't +have to manually register all of the codecs for all the modules. This basic +procedure as well as other basic patterns are handled through the use of +BasicManager. + +Lastly the interface for genesis functionality (HasGenesis & HasABCIGenesis) + +has been +separated out from full module functionality (AppModule) + +so that modules which +are only used for genesis can take advantage of the Module patterns without +needlessly defining many placeholder functions +*/ +package module + +import ( + + "context" + "encoding/json" + "errors" + "fmt" + "sort" + + abci "github.com/cometbft/cometbft/abci/types" + "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/spf13/cobra" + "golang.org/x/exp/maps" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/core/genesis" + errorsmod "cosmossdk.io/errors" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" +) + +// AppModuleBasic is the standard form for basic non-dependant elements of an application module. +type AppModuleBasic interface { + HasName + RegisterLegacyAminoCodec(*codec.LegacyAmino) + +RegisterInterfaces(types.InterfaceRegistry) + +RegisterGRPCGatewayRoutes(client.Context, *runtime.ServeMux) +} + +// HasName allows the module to provide its own name for legacy purposes. +// Newer apps should specify the name for their modules using a map +// using NewManagerFromMap. +type HasName interface { + Name() + +string +} + +// HasGenesisBasics is the legacy interface for stateless genesis methods. +type HasGenesisBasics interface { + DefaultGenesis(codec.JSONCodec) + +json.RawMessage + ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage) + +error +} + +// BasicManager is a collection of AppModuleBasic +type BasicManager map[string]AppModuleBasic + +// NewBasicManager creates a new BasicManager object +func NewBasicManager(modules ...AppModuleBasic) + +BasicManager { + moduleMap := make(map[string]AppModuleBasic) + for _, module := range modules { + moduleMap[module.Name()] = module +} + +return moduleMap +} + +// NewBasicManagerFromManager creates a new BasicManager from a Manager +// The BasicManager will contain all AppModuleBasic from the AppModule Manager +// Module's AppModuleBasic can be overridden by passing a custom AppModuleBasic map +func NewBasicManagerFromManager(manager *Manager, customModuleBasics map[string]AppModuleBasic) + +BasicManager { + moduleMap := make(map[string]AppModuleBasic) + for name, module := range manager.Modules { + if customBasicMod, ok := customModuleBasics[name]; ok { + moduleMap[name] = customBasicMod + continue +} + if appModule, ok := module.(appmodule.AppModule); ok { + moduleMap[name] = CoreAppModuleBasicAdaptor(name, appModule) + +continue +} + if basicMod, ok := module.(AppModuleBasic); ok { + moduleMap[name] = basicMod +} + +} + +return moduleMap +} + +// RegisterLegacyAminoCodec registers all module codecs +func (bm BasicManager) + +RegisterLegacyAminoCodec(cdc *codec.LegacyAmino) { + for _, b := range bm { + b.RegisterLegacyAminoCodec(cdc) +} +} + +// RegisterInterfaces registers all module interface types +func (bm BasicManager) + +RegisterInterfaces(registry types.InterfaceRegistry) { + for _, m := range bm { + m.RegisterInterfaces(registry) +} +} + +// DefaultGenesis provides default genesis information for all modules +func (bm BasicManager) + +DefaultGenesis(cdc codec.JSONCodec) + +map[string]json.RawMessage { + genesisData := make(map[string]json.RawMessage) + for _, b := range bm { + if mod, ok := b.(HasGenesisBasics); ok { + genesisData[b.Name()] = mod.DefaultGenesis(cdc) +} + +} + +return genesisData +} + +// ValidateGenesis performs genesis state validation for all modules +func (bm BasicManager) + +ValidateGenesis(cdc codec.JSONCodec, txEncCfg client.TxEncodingConfig, genesisData map[string]json.RawMessage) + +error { + for _, b := range bm { + // first check if the module is an adapted Core API Module + if mod, ok := b.(HasGenesisBasics); ok { + if err := mod.ValidateGenesis(cdc, txEncCfg, genesisData[b.Name()]); err != nil { + return err +} + +} + +} + +return nil +} + +// RegisterGRPCGatewayRoutes registers all module rest routes +func (bm BasicManager) + +RegisterGRPCGatewayRoutes(clientCtx client.Context, rtr *runtime.ServeMux) { + for _, b := range bm { + b.RegisterGRPCGatewayRoutes(clientCtx, rtr) +} +} + +// AddTxCommands adds all tx commands to the rootTxCmd. +func (bm BasicManager) + +AddTxCommands(rootTxCmd *cobra.Command) { + for _, b := range bm { + if mod, ok := b.(interface { + GetTxCmd() *cobra.Command +}); ok { + if cmd := mod.GetTxCmd(); cmd != nil { + rootTxCmd.AddCommand(cmd) +} + +} + +} +} + +// AddQueryCommands adds all query commands to the rootQueryCmd. +func (bm BasicManager) + +AddQueryCommands(rootQueryCmd *cobra.Command) { + for _, b := range bm { + if mod, ok := b.(interface { + GetQueryCmd() *cobra.Command +}); ok { + if cmd := mod.GetQueryCmd(); cmd != nil { + rootQueryCmd.AddCommand(cmd) +} + +} + +} +} + +// HasGenesis is the extension interface for stateful genesis methods. +type HasGenesis interface { + HasGenesisBasics + InitGenesis(sdk.Context, codec.JSONCodec, json.RawMessage) + +ExportGenesis(sdk.Context, codec.JSONCodec) + +json.RawMessage +} + +// HasABCIGenesis is the extension interface for stateful genesis methods which returns validator updates. +type HasABCIGenesis interface { + HasGenesisBasics + InitGenesis(sdk.Context, codec.JSONCodec, json.RawMessage) []abci.ValidatorUpdate + ExportGenesis(sdk.Context, codec.JSONCodec) + +json.RawMessage +} + +// AppModule is the form for an application module. Most of +// its functionality has been moved to extension interfaces. +type AppModule interface { + AppModuleBasic +} + +// HasInvariants is the interface for registering invariants. +type HasInvariants interface { + // RegisterInvariants registers module invariants. + RegisterInvariants(sdk.InvariantRegistry) +} + +// HasServices is the interface for modules to register services. +type HasServices interface { + // RegisterServices allows a module to register services. + RegisterServices(Configurator) +} + +// HasConsensusVersion is the interface for declaring a module consensus version. +type HasConsensusVersion interface { + // ConsensusVersion is a sequence number for state-breaking change of the + // module. It should be incremented on each consensus-breaking change + // introduced by the module. To avoid wrong/empty versions, the initial version + // should be set to 1. + ConsensusVersion() + +uint64 +} + +type HasABCIEndblock interface { + AppModule + EndBlock(context.Context) ([]abci.ValidatorUpdate, error) +} + +var ( + _ appmodule.AppModule = (*GenesisOnlyAppModule)(nil) + _ AppModuleBasic = (*GenesisOnlyAppModule)(nil) +) + +// genesisOnlyModule is an interface need to return GenesisOnlyAppModule struct in order to wrap two interfaces +type genesisOnlyModule interface { + AppModuleBasic + HasABCIGenesis +} + +// GenesisOnlyAppModule is an AppModule that only has import/export functionality +type GenesisOnlyAppModule struct { + genesisOnlyModule +} + +// NewGenesisOnlyAppModule creates a new GenesisOnlyAppModule object +func NewGenesisOnlyAppModule(amg genesisOnlyModule) + +GenesisOnlyAppModule { + return GenesisOnlyAppModule{ + genesisOnlyModule: amg, +} +} + +// IsOnePerModuleType implements the depinject.OnePerModuleType interface. +func (GenesisOnlyAppModule) + +IsOnePerModuleType() { +} + +// IsAppModule implements the appmodule.AppModule interface. +func (GenesisOnlyAppModule) + +IsAppModule() { +} + +// RegisterInvariants is a placeholder function register no invariants +func (GenesisOnlyAppModule) + +RegisterInvariants(_ sdk.InvariantRegistry) { +} + +// ConsensusVersion implements AppModule/ConsensusVersion. +func (gam GenesisOnlyAppModule) + +ConsensusVersion() + +uint64 { + return 1 +} + +// Manager defines a module manager that provides the high level utility for managing and executing +// operations for a group of modules +type Manager struct { + Modules map[string]interface{ +} // interface{ +} + +is used now to support the legacy AppModule as well as new core appmodule.AppModule. + OrderInitGenesis []string + OrderExportGenesis []string + OrderBeginBlockers []string + OrderEndBlockers []string + OrderPrepareCheckStaters []string + OrderPrecommiters []string + OrderMigrations []string +} + +// NewManager creates a new Manager object. +func NewManager(modules ...AppModule) *Manager { + moduleMap := make(map[string]interface{ +}) + modulesStr := make([]string, 0, len(modules)) + for _, module := range modules { + moduleMap[module.Name()] = module + modulesStr = append(modulesStr, module.Name()) +} + +return &Manager{ + Modules: moduleMap, + OrderInitGenesis: modulesStr, + OrderExportGenesis: modulesStr, + OrderBeginBlockers: modulesStr, + OrderPrepareCheckStaters: modulesStr, + OrderPrecommiters: modulesStr, + OrderEndBlockers: modulesStr, +} +} + +// NewManagerFromMap creates a new Manager object from a map of module names to module implementations. +// This method should be used for apps and modules which have migrated to the cosmossdk.io/core.appmodule.AppModule API. +func NewManagerFromMap(moduleMap map[string]appmodule.AppModule) *Manager { + simpleModuleMap := make(map[string]interface{ +}) + modulesStr := make([]string, 0, len(simpleModuleMap)) + for name, module := range moduleMap { + simpleModuleMap[name] = module + modulesStr = append(modulesStr, name) +} + + // Sort the modules by name. Given that we are using a map above we can't guarantee the order. + sort.Strings(modulesStr) + +return &Manager{ + Modules: simpleModuleMap, + OrderInitGenesis: modulesStr, + OrderExportGenesis: modulesStr, + OrderBeginBlockers: modulesStr, + OrderEndBlockers: modulesStr, + OrderPrecommiters: modulesStr, + OrderPrepareCheckStaters: modulesStr, +} +} + +// SetOrderInitGenesis sets the order of init genesis calls +func (m *Manager) + +SetOrderInitGenesis(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderInitGenesis", moduleNames, func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasGenesis := module.(appmodule.HasGenesis); hasGenesis { + return !hasGenesis +} + if _, hasABCIGenesis := module.(HasABCIGenesis); hasABCIGenesis { + return !hasABCIGenesis +} + + _, hasGenesis := module.(HasGenesis) + +return !hasGenesis +}) + +m.OrderInitGenesis = moduleNames +} + +// SetOrderExportGenesis sets the order of export genesis calls +func (m *Manager) + +SetOrderExportGenesis(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderExportGenesis", moduleNames, func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasGenesis := module.(appmodule.HasGenesis); hasGenesis { + return !hasGenesis +} + if _, hasABCIGenesis := module.(HasABCIGenesis); hasABCIGenesis { + return !hasABCIGenesis +} + + _, hasGenesis := module.(HasGenesis) + +return !hasGenesis +}) + +m.OrderExportGenesis = moduleNames +} + +// SetOrderBeginBlockers sets the order of set begin-blocker calls +func (m *Manager) + +SetOrderBeginBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderBeginBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasBeginBlock := module.(appmodule.HasBeginBlocker) + +return !hasBeginBlock +}) + +m.OrderBeginBlockers = moduleNames +} + +// SetOrderEndBlockers sets the order of set end-blocker calls +func (m *Manager) + +SetOrderEndBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderEndBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasEndBlock := module.(appmodule.HasEndBlocker); hasEndBlock { + return !hasEndBlock +} + + _, hasABCIEndBlock := module.(HasABCIEndblock) + +return !hasABCIEndBlock +}) + +m.OrderEndBlockers = moduleNames +} + +// SetOrderPrepareCheckStaters sets the order of set prepare-check-stater calls +func (m *Manager) + +SetOrderPrepareCheckStaters(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPrepareCheckStaters", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasPrepareCheckState := module.(appmodule.HasPrepareCheckState) + +return !hasPrepareCheckState +}) + +m.OrderPrepareCheckStaters = moduleNames +} + +// SetOrderPrecommiters sets the order of set precommiter calls +func (m *Manager) + +SetOrderPrecommiters(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPrecommiters", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasPrecommit := module.(appmodule.HasPrecommit) + +return !hasPrecommit +}) + +m.OrderPrecommiters = moduleNames +} + +// SetOrderMigrations sets the order of migrations to be run. If not set +// then migrations will be run with an order defined in `DefaultMigrationsOrder`. +func (m *Manager) + +SetOrderMigrations(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderMigrations", moduleNames, nil) + +m.OrderMigrations = moduleNames +} + +// RegisterInvariants registers all module invariants +func (m *Manager) + +RegisterInvariants(ir sdk.InvariantRegistry) { + for _, module := range m.Modules { + if module, ok := module.(HasInvariants); ok { + module.RegisterInvariants(ir) +} + +} +} + +// RegisterServices registers all module services +func (m *Manager) + +RegisterServices(cfg Configurator) + +error { + for _, module := range m.Modules { + if module, ok := module.(HasServices); ok { + module.RegisterServices(cfg) +} + if module, ok := module.(appmodule.HasServices); ok { + err := module.RegisterServices(cfg) + if err != nil { + return err +} + +} + if cfg.Error() != nil { + return cfg.Error() +} + +} + +return nil +} + +// InitGenesis performs init genesis functionality for modules. Exactly one +// module must return a non-empty validator set update to correctly initialize +// the chain. +func (m *Manager) + +InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, genesisData map[string]json.RawMessage) (*abci.ResponseInitChain, error) { + var validatorUpdates []abci.ValidatorUpdate + ctx.Logger().Info("initializing blockchain state from genesis.json") + for _, moduleName := range m.OrderInitGenesis { + if genesisData[moduleName] == nil { + continue +} + mod := m.Modules[moduleName] + // we might get an adapted module, a native core API module or a legacy module + if module, ok := mod.(appmodule.HasGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + // core API genesis + source, err := genesis.SourceFromRawJSON(genesisData[moduleName]) + if err != nil { + return &abci.ResponseInitChain{ +}, err +} + +err = module.InitGenesis(ctx, source) + if err != nil { + return &abci.ResponseInitChain{ +}, err +} + +} + +else if module, ok := mod.(HasGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + +module.InitGenesis(ctx, cdc, genesisData[moduleName]) +} + +else if module, ok := mod.(HasABCIGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + moduleValUpdates := module.InitGenesis(ctx, cdc, genesisData[moduleName]) + + // use these validator updates if provided, the module manager assumes + // only one module will update the validator set + if len(moduleValUpdates) > 0 { + if len(validatorUpdates) > 0 { + return &abci.ResponseInitChain{ +}, errors.New("validator InitGenesis updates already set by a previous module") +} + +validatorUpdates = moduleValUpdates +} + +} + +} + + // a chain must initialize with a non-empty validator set + if len(validatorUpdates) == 0 { + return &abci.ResponseInitChain{ +}, fmt.Errorf("validator set is empty after InitGenesis, please ensure at least one validator is initialized with a delegation greater than or equal to the DefaultPowerReduction (%d)", sdk.DefaultPowerReduction) +} + +return &abci.ResponseInitChain{ + Validators: validatorUpdates, +}, nil +} + +// ExportGenesis performs export genesis functionality for modules +func (m *Manager) + +ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec) (map[string]json.RawMessage, error) { + return m.ExportGenesisForModules(ctx, cdc, []string{ +}) +} + +// ExportGenesisForModules performs export genesis functionality for modules +func (m *Manager) + +ExportGenesisForModules(ctx sdk.Context, cdc codec.JSONCodec, modulesToExport []string) (map[string]json.RawMessage, error) { + if len(modulesToExport) == 0 { + modulesToExport = m.OrderExportGenesis +} + // verify modules exists in app, so that we don't panic in the middle of an export + if err := m.checkModulesExists(modulesToExport); err != nil { + return nil, err +} + +type genesisResult struct { + bz json.RawMessage + err error +} + channels := make(map[string]chan genesisResult) + for _, moduleName := range modulesToExport { + mod := m.Modules[moduleName] + if module, ok := mod.(appmodule.HasGenesis); ok { + // core API genesis + channels[moduleName] = make(chan genesisResult) + +go func(module appmodule.HasGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + target := genesis.RawJSONTarget{ +} + err := module.ExportGenesis(ctx, target.Target()) + if err != nil { + ch <- genesisResult{ + nil, err +} + +return +} + +rawJSON, err := target.JSON() + if err != nil { + ch <- genesisResult{ + nil, err +} + +return +} + +ch <- genesisResult{ + rawJSON, nil +} + +}(module, channels[moduleName]) +} + +else if module, ok := mod.(HasGenesis); ok { + channels[moduleName] = make(chan genesisResult) + +go func(module HasGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + ch <- genesisResult{ + module.ExportGenesis(ctx, cdc), nil +} + +}(module, channels[moduleName]) +} + +else if module, ok := mod.(HasABCIGenesis); ok { + channels[moduleName] = make(chan genesisResult) + +go func(module HasABCIGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + ch <- genesisResult{ + module.ExportGenesis(ctx, cdc), nil +} + +}(module, channels[moduleName]) +} + +} + genesisData := make(map[string]json.RawMessage) + for moduleName := range channels { + res := <-channels[moduleName] + if res.err != nil { + return nil, res.err +} + +genesisData[moduleName] = res.bz +} + +return genesisData, nil +} + +// checkModulesExists verifies that all modules in the list exist in the app +func (m *Manager) + +checkModulesExists(moduleName []string) + +error { + for _, name := range moduleName { + if _, ok := m.Modules[name]; !ok { + return fmt.Errorf("module %s does not exist", name) +} + +} + +return nil +} + +// assertNoForgottenModules checks that we didn't forget any modules in the SetOrder* functions. +// `pass` is a closure which allows one to omit modules from `moduleNames`. +// If you provide non-nil `pass` and it returns true, the module would not be subject of the assertion. +func (m *Manager) + +assertNoForgottenModules(setOrderFnName string, moduleNames []string, pass func(moduleName string) + +bool) { + ms := make(map[string]bool) + for _, m := range moduleNames { + ms[m] = true +} + +var missing []string + for m := range m.Modules { + m := m + if pass != nil && pass(m) { + continue +} + if !ms[m] { + missing = append(missing, m) +} + +} + if len(missing) != 0 { + sort.Strings(missing) + +panic(fmt.Sprintf( + "all modules must be defined when setting %s, missing: %v", setOrderFnName, missing)) +} +} + +// MigrationHandler is the migration function that each module registers. +type MigrationHandler func(sdk.Context) + +error + +// VersionMap is a map of moduleName -> version +type VersionMap map[string]uint64 + +// RunMigrations performs in-place store migrations for all modules. This +// function MUST be called insde an x/upgrade UpgradeHandler. +// +// Recall that in an upgrade handler, the `fromVM` VersionMap is retrieved from +// x/upgrade's store, and the function needs to return the target VersionMap +// that will in turn be persisted to the x/upgrade's store. In general, +// returning RunMigrations should be enough: +// +// Example: +// +// cfg := module.NewConfigurator(...) +// app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx context.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { +// return app.mm.RunMigrations(ctx, cfg, fromVM) +// +}) +// +// Internally, RunMigrations will perform the following steps: +// - create an `updatedVM` VersionMap of module with their latest ConsensusVersion +// - make a diff of `fromVM` and `udpatedVM`, and for each module: +// - if the module's `fromVM` version is less than its `updatedVM` version, +// then run in-place store migrations for that module between those versions. +// - if the module does not exist in the `fromVM` (which means that it's a new module, +// because it was not in the previous x/upgrade's store), then run +// `InitGenesis` on that module. +// +// - return the `updatedVM` to be persisted in the x/upgrade's store. +// +// Migrations are run in an order defined by `Manager.OrderMigrations` or (if not set) + +defined by +// `DefaultMigrationsOrder` function. +// +// As an app developer, if you wish to skip running InitGenesis for your new +// module "foo", you need to manually pass a `fromVM` argument to this function +// foo's module version set to its latest ConsensusVersion. That way, the diff +// between the function's `fromVM` and `udpatedVM` will be empty, hence not +// running anything for foo. +// +// Example: +// +// cfg := module.NewConfigurator(...) +// app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx context.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { +// // Assume "foo" is a new module. +// // `fromVM` is fetched from existing x/upgrade store. Since foo didn't exist +// // before this upgrade, `v, exists := fromVM["foo"]; exists == false`, and RunMigration will by default +// // run InitGenesis on foo. +// // To skip running foo's InitGenesis, you need set `fromVM`'s foo to its latest +// // consensus version: +// fromVM["foo"] = foo.AppModule{ +}.ConsensusVersion() +// +// return app.mm.RunMigrations(ctx, cfg, fromVM) +// +}) +// +// Please also refer to https://docs.cosmos.network/main/core/upgrade for more information. +func (m Manager) + +RunMigrations(ctx context.Context, cfg Configurator, fromVM VersionMap) (VersionMap, error) { + c, ok := cfg.(*configurator) + if !ok { + return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidType, "expected %T, got %T", &configurator{ +}, cfg) +} + modules := m.OrderMigrations + if modules == nil { + modules = DefaultMigrationsOrder(m.ModuleNames()) +} + sdkCtx := sdk.UnwrapSDKContext(ctx) + updatedVM := VersionMap{ +} + for _, moduleName := range modules { + module := m.Modules[moduleName] + fromVersion, exists := fromVM[moduleName] + toVersion := uint64(0) + if module, ok := module.(HasConsensusVersion); ok { + toVersion = module.ConsensusVersion() +} + + // We run migration if the module is specified in `fromVM`. + // Otherwise we run InitGenesis. + // + // The module won't exist in the fromVM in two cases: + // 1. A new module is added. In this case we run InitGenesis with an + // empty genesis state. + // 2. An existing chain is upgrading from version < 0.43 to v0.43+ for the first time. + // In this case, all modules have yet to be added to x/upgrade's VersionMap store. + if exists { + err := c.runModuleMigrations(sdkCtx, moduleName, fromVersion, toVersion) + if err != nil { + return nil, err +} + +} + +else { + sdkCtx.Logger().Info(fmt.Sprintf("adding a new module: %s", moduleName)) + +module1, ok := m.Modules[moduleName].(HasGenesis) + if ok { + module1.InitGenesis(sdkCtx, c.cdc, module1.DefaultGenesis(c.cdc)) +} + if module2, ok := m.Modules[moduleName].(HasABCIGenesis); ok { + moduleValUpdates := module2.InitGenesis(sdkCtx, c.cdc, module1.DefaultGenesis(c.cdc)) + // The module manager assumes only one module will update the + // validator set, and it can't be a new module. + if len(moduleValUpdates) > 0 { + return nil, errorsmod.Wrapf(sdkerrors.ErrLogic, "validator InitGenesis update is already set by another module") +} + +} + +} + +updatedVM[moduleName] = toVersion +} + +return updatedVM, nil +} + +// RunMigrationBeginBlock performs begin block functionality for upgrade module. +// It takes the current context as a parameter and returns a boolean value +// indicating whether the migration was executed or not and an error if fails. +func (m *Manager) + +RunMigrationBeginBlock(ctx sdk.Context) (bool, error) { + for _, moduleName := range m.OrderBeginBlockers { + if mod, ok := m.Modules[moduleName].(appmodule.HasBeginBlocker); ok { + if _, ok := mod.(appmodule.UpgradeModule); ok { + err := mod.BeginBlock(ctx) + +return err == nil, err +} + +} + +} + +return false, nil +} + +// BeginBlock performs begin block functionality for non-upgrade modules. It creates a +// child context with an event manager to aggregate events emitted from non-upgrade +// modules. +func (m *Manager) + +BeginBlock(ctx sdk.Context) (sdk.BeginBlock, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + for _, moduleName := range m.OrderBeginBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasBeginBlocker); ok { + if _, ok := module.(appmodule.UpgradeModule); !ok { + if err := module.BeginBlock(ctx); err != nil { + return sdk.BeginBlock{ +}, err +} + +} + +} + +} + +return sdk.BeginBlock{ + Events: ctx.EventManager().ABCIEvents(), +}, nil +} + +// EndBlock performs end block functionality for all modules. It creates a +// child context with an event manager to aggregate events emitted from all +// modules. +func (m *Manager) + +EndBlock(ctx sdk.Context) (sdk.EndBlock, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + validatorUpdates := []abci.ValidatorUpdate{ +} + for _, moduleName := range m.OrderEndBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasEndBlocker); ok { + err := module.EndBlock(ctx) + if err != nil { + return sdk.EndBlock{ +}, err +} + +} + +else if module, ok := m.Modules[moduleName].(HasABCIEndblock); ok { + moduleValUpdates, err := module.EndBlock(ctx) + if err != nil { + return sdk.EndBlock{ +}, err +} + // use these validator updates if provided, the module manager assumes + // only one module will update the validator set + if len(moduleValUpdates) > 0 { + if len(validatorUpdates) > 0 { + return sdk.EndBlock{ +}, errors.New("validator EndBlock updates already set by a previous module") +} + for _, updates := range moduleValUpdates { + validatorUpdates = append(validatorUpdates, abci.ValidatorUpdate{ + PubKey: updates.PubKey, + Power: updates.Power +}) +} + +} + +} + +else { + continue +} + +} + +return sdk.EndBlock{ + ValidatorUpdates: validatorUpdates, + Events: ctx.EventManager().ABCIEvents(), +}, nil +} + +// Precommit performs precommit functionality for all modules. +func (m *Manager) + +Precommit(ctx sdk.Context) + +error { + for _, moduleName := range m.OrderPrecommiters { + module, ok := m.Modules[moduleName].(appmodule.HasPrecommit) + if !ok { + continue +} + if err := module.Precommit(ctx); err != nil { + return err +} + +} + +return nil +} + +// PrepareCheckState performs functionality for preparing the check state for all modules. +func (m *Manager) + +PrepareCheckState(ctx sdk.Context) + +error { + for _, moduleName := range m.OrderPrepareCheckStaters { + module, ok := m.Modules[moduleName].(appmodule.HasPrepareCheckState) + if !ok { + continue +} + if err := module.PrepareCheckState(ctx); err != nil { + return err +} + +} + +return nil +} + +// GetVersionMap gets consensus version from all modules +func (m *Manager) + +GetVersionMap() + +VersionMap { + vermap := make(VersionMap) + for name, v := range m.Modules { + version := uint64(0) + if v, ok := v.(HasConsensusVersion); ok { + version = v.ConsensusVersion() +} + name := name + vermap[name] = version +} + +return vermap +} + +// ModuleNames returns list of all module names, without any particular order. +func (m *Manager) + +ModuleNames() []string { + return maps.Keys(m.Modules) +} + +// DefaultMigrationsOrder returns a default migrations order: ascending alphabetical by module name, +// except x/auth which will run last, see: +// https://github.com/cosmos/cosmos-sdk/issues/10591 +func DefaultMigrationsOrder(modules []string) []string { + const authName = "auth" + out := make([]string, 0, len(modules)) + hasAuth := false + for _, m := range modules { + if m == authName { + hasAuth = true +} + +else { + out = append(out, m) +} + +} + +sort.Strings(out) + if hasAuth { + out = append(out, authName) +} + +return out +} +``` + +#### `appmodule.HasGenesis` + + +`appmodule.HasGenesis` is experimental and should be considered unstable, it is recommended to not use this interface at this time. + + +```go expandable +package appmodule + +import ( + + "context" + "io" +) + +// HasGenesis is the extension interface that modules should implement to handle +// genesis data and state initialization. +// WARNING: This interface is experimental and may change at any time. +type HasGenesis interface { + AppModule + + // DefaultGenesis writes the default genesis for this module to the target. + DefaultGenesis(GenesisTarget) + +error + + // ValidateGenesis validates the genesis data read from the source. + ValidateGenesis(GenesisSource) + +error + + // InitGenesis initializes module state from the genesis source. + InitGenesis(context.Context, GenesisSource) + +error + + // ExportGenesis exports module state to the genesis target. + ExportGenesis(context.Context, GenesisTarget) + +error +} + +// GenesisSource is a source for genesis data in JSON format. It may abstract over a +// single JSON object or separate files for each field in a JSON object that can +// be streamed over. Modules should open a separate io.ReadCloser for each field that +// is required. When fields represent arrays they can efficiently be streamed +// over. If there is no data for a field, this function should return nil, nil. It is +// important that the caller closes the reader when done with it. +type GenesisSource = func(field string) (io.ReadCloser, error) + +// GenesisTarget is a target for writing genesis data in JSON format. It may +// abstract over a single JSON object or JSON in separate files that can be +// streamed over. Modules should open a separate io.WriteCloser for each field +// and should prefer writing fields as arrays when possible to support efficient +// iteration. It is important the caller closers the writer AND checks the error +// when done with it. It is expected that a stream of JSON data is written +// to the writer. +type GenesisTarget = func(field string) (io.WriteCloser, error) +``` + +### `AppModule` + +The `AppModule` interface defines a module. Modules can declare their functionalities by implementing extensions interfaces. +`AppModule`s are managed by the [module manager](#manager), which checks which extension interfaces are implemented by the module. + +#### `appmodule.AppModule` + +```go expandable +package appmodule + +import ( + + "context" + "google.golang.org/grpc" + "cosmossdk.io/depinject" +) + +// AppModule is a tag interface for app module implementations to use as a basis +// for extension interfaces. It provides no functionality itself, but is the +// type that all valid app modules should provide so that they can be identified +// by other modules (usually via depinject) + +as app modules. +type AppModule interface { + depinject.OnePerModuleType + + // IsAppModule is a dummy method to tag a struct as implementing an AppModule. + IsAppModule() +} + +// HasServices is the extension interface that modules should implement to register +// implementations of services defined in .proto files. +type HasServices interface { + AppModule + + // RegisterServices registers the module's services with the app's service + // registrar. + // + // Two types of services are currently supported: + // - read-only gRPC query services, which are the default. + // - transaction message services, which must have the protobuf service + // option "cosmos.msg.v1.service" (defined in "cosmos/msg/v1/service.proto") + // set to true. + // + // The service registrar will figure out which type of service you are + // implementing based on the presence (or absence) + +of protobuf options. You + // do not need to specify this in golang code. + RegisterServices(grpc.ServiceRegistrar) + +error +} + +// HasPrepareCheckState is an extension interface that contains information about the AppModule +// and PrepareCheckState. +type HasPrepareCheckState interface { + AppModule + PrepareCheckState(context.Context) + +error +} + +// HasPrecommit is an extension interface that contains information about the AppModule and Precommit. +type HasPrecommit interface { + AppModule + Precommit(context.Context) + +error +} + +// HasBeginBlocker is the extension interface that modules should implement to run +// custom logic before transaction processing in a block. +type HasBeginBlocker interface { + AppModule + + // BeginBlock is a method that will be run before transactions are processed in + // a block. + BeginBlock(context.Context) + +error +} + +// HasEndBlocker is the extension interface that modules should implement to run +// custom logic after transaction processing in a block. +type HasEndBlocker interface { + AppModule + + // EndBlock is a method that will be run after transactions are processed in + // a block. + EndBlock(context.Context) + +error +} +``` + +#### `module.AppModule` + + +Previously the `module.AppModule` interface was containing all the methods that are defined in the extensions interfaces. This was leading to much boilerplate for modules that did not need all the functionalities. + + +```go expandable +/* +Package module contains application module patterns and associated "manager" functionality. +The module pattern has been broken down by: + - independent module functionality (AppModuleBasic) + - inter-dependent module simulation functionality (AppModuleSimulation) + - inter-dependent module full functionality (AppModule) + +inter-dependent module functionality is module functionality which somehow +depends on other modules, typically through the module keeper. Many of the +module keepers are dependent on each other, thus in order to access the full +set of module functionality we need to define all the keepers/params-store/keys +etc. This full set of advanced functionality is defined by the AppModule interface. + +Independent module functions are separated to allow for the construction of the +basic application structures required early on in the application definition +and used to enable the definition of full module functionality later in the +process. This separation is necessary, however we still want to allow for a +high level pattern for modules to follow - for instance, such that we don't +have to manually register all of the codecs for all the modules. This basic +procedure as well as other basic patterns are handled through the use of +BasicManager. + +Lastly the interface for genesis functionality (HasGenesis & HasABCIGenesis) + +has been +separated out from full module functionality (AppModule) + +so that modules which +are only used for genesis can take advantage of the Module patterns without +needlessly defining many placeholder functions +*/ +package module + +import ( + + "context" + "encoding/json" + "errors" + "fmt" + "maps" + "slices" + "sort" + + abci "github.com/cometbft/cometbft/abci/types" + "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/spf13/cobra" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/core/genesis" + errorsmod "cosmossdk.io/errors" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" +) + +// AppModuleBasic is the standard form for basic non-dependant elements of an application module. +type AppModuleBasic interface { + HasName + RegisterLegacyAminoCodec(*codec.LegacyAmino) + +RegisterInterfaces(types.InterfaceRegistry) + +RegisterGRPCGatewayRoutes(client.Context, *runtime.ServeMux) +} + +// HasName allows the module to provide its own name for legacy purposes. +// Newer apps should specify the name for their modules using a map +// using NewManagerFromMap. +type HasName interface { + Name() + +string +} + +// HasGenesisBasics is the legacy interface for stateless genesis methods. +type HasGenesisBasics interface { + DefaultGenesis(codec.JSONCodec) + +json.RawMessage + ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage) + +error +} + +// BasicManager is a collection of AppModuleBasic +type BasicManager map[string]AppModuleBasic + +// NewBasicManager creates a new BasicManager object +func NewBasicManager(modules ...AppModuleBasic) + +BasicManager { + moduleMap := make(map[string]AppModuleBasic) + for _, module := range modules { + moduleMap[module.Name()] = module +} + +return moduleMap +} + +// NewBasicManagerFromManager creates a new BasicManager from a Manager +// The BasicManager will contain all AppModuleBasic from the AppModule Manager +// Module's AppModuleBasic can be overridden by passing a custom AppModuleBasic map +func NewBasicManagerFromManager(manager *Manager, customModuleBasics map[string]AppModuleBasic) + +BasicManager { + moduleMap := make(map[string]AppModuleBasic) + for name, module := range manager.Modules { + if customBasicMod, ok := customModuleBasics[name]; ok { + moduleMap[name] = customBasicMod + continue +} + if appModule, ok := module.(appmodule.AppModule); ok { + moduleMap[name] = CoreAppModuleBasicAdaptor(name, appModule) + +continue +} + if basicMod, ok := module.(AppModuleBasic); ok { + moduleMap[name] = basicMod +} + +} + +return moduleMap +} + +// RegisterLegacyAminoCodec registers all module codecs +func (bm BasicManager) + +RegisterLegacyAminoCodec(cdc *codec.LegacyAmino) { + for _, b := range bm { + b.RegisterLegacyAminoCodec(cdc) +} +} + +// RegisterInterfaces registers all module interface types +func (bm BasicManager) + +RegisterInterfaces(registry types.InterfaceRegistry) { + for _, m := range bm { + m.RegisterInterfaces(registry) +} +} + +// DefaultGenesis provides default genesis information for all modules +func (bm BasicManager) + +DefaultGenesis(cdc codec.JSONCodec) + +map[string]json.RawMessage { + genesisData := make(map[string]json.RawMessage) + for _, b := range bm { + if mod, ok := b.(HasGenesisBasics); ok { + genesisData[b.Name()] = mod.DefaultGenesis(cdc) +} + +} + +return genesisData +} + +// ValidateGenesis performs genesis state validation for all modules +func (bm BasicManager) + +ValidateGenesis(cdc codec.JSONCodec, txEncCfg client.TxEncodingConfig, genesisData map[string]json.RawMessage) + +error { + for _, b := range bm { + // first check if the module is an adapted Core API Module + if mod, ok := b.(HasGenesisBasics); ok { + if err := mod.ValidateGenesis(cdc, txEncCfg, genesisData[b.Name()]); err != nil { + return err +} + +} + +} + +return nil +} + +// RegisterGRPCGatewayRoutes registers all module rest routes +func (bm BasicManager) + +RegisterGRPCGatewayRoutes(clientCtx client.Context, rtr *runtime.ServeMux) { + for _, b := range bm { + b.RegisterGRPCGatewayRoutes(clientCtx, rtr) +} +} + +// AddTxCommands adds all tx commands to the rootTxCmd. +func (bm BasicManager) + +AddTxCommands(rootTxCmd *cobra.Command) { + for _, b := range bm { + if mod, ok := b.(interface { + GetTxCmd() *cobra.Command +}); ok { + if cmd := mod.GetTxCmd(); cmd != nil { + rootTxCmd.AddCommand(cmd) +} + +} + +} +} + +// AddQueryCommands adds all query commands to the rootQueryCmd. +func (bm BasicManager) + +AddQueryCommands(rootQueryCmd *cobra.Command) { + for _, b := range bm { + if mod, ok := b.(interface { + GetQueryCmd() *cobra.Command +}); ok { + if cmd := mod.GetQueryCmd(); cmd != nil { + rootQueryCmd.AddCommand(cmd) +} + +} + +} +} + +// HasGenesis is the extension interface for stateful genesis methods. +type HasGenesis interface { + HasGenesisBasics + InitGenesis(sdk.Context, codec.JSONCodec, json.RawMessage) + +ExportGenesis(sdk.Context, codec.JSONCodec) + +json.RawMessage +} + +// HasABCIGenesis is the extension interface for stateful genesis methods which returns validator updates. +type HasABCIGenesis interface { + HasGenesisBasics + InitGenesis(sdk.Context, codec.JSONCodec, json.RawMessage) []abci.ValidatorUpdate + ExportGenesis(sdk.Context, codec.JSONCodec) + +json.RawMessage +} + +// AppModule is the form for an application module. Most of +// its functionality has been moved to extension interfaces. +// Deprecated: use appmodule.AppModule with a combination of extension interfaes interfaces instead. +type AppModule interface { + appmodule.AppModule + + AppModuleBasic +} + +// HasInvariants is the interface for registering invariants. +// +// Deprecated: this will be removed in the next Cosmos SDK release. +type HasInvariants interface { + // RegisterInvariants registers module invariants. + RegisterInvariants(sdk.InvariantRegistry) +} + +// HasServices is the interface for modules to register services. +type HasServices interface { + // RegisterServices allows a module to register services. + RegisterServices(Configurator) +} + +// HasConsensusVersion is the interface for declaring a module consensus version. +type HasConsensusVersion interface { + // ConsensusVersion is a sequence number for state-breaking change of the + // module. It should be incremented on each consensus-breaking change + // introduced by the module. To avoid wrong/empty versions, the initial version + // should be set to 1. + ConsensusVersion() + +uint64 +} + +// HasABCIEndblock is a released typo of HasABCIEndBlock. +// Deprecated: use HasABCIEndBlock instead. +type HasABCIEndblock HasABCIEndBlock + +// HasABCIEndBlock is the interface for modules that need to run code at the end of the block. +type HasABCIEndBlock interface { + AppModule + EndBlock(context.Context) ([]abci.ValidatorUpdate, error) +} + +var ( + _ appmodule.AppModule = (*GenesisOnlyAppModule)(nil) + _ AppModuleBasic = (*GenesisOnlyAppModule)(nil) +) + +// AppModuleGenesis is the standard form for an application module genesis functions +type AppModuleGenesis interface { + AppModuleBasic + HasABCIGenesis +} + +// GenesisOnlyAppModule is an AppModule that only has import/export functionality +type GenesisOnlyAppModule struct { + AppModuleGenesis +} + +// NewGenesisOnlyAppModule creates a new GenesisOnlyAppModule object +func NewGenesisOnlyAppModule(amg AppModuleGenesis) + +GenesisOnlyAppModule { + return GenesisOnlyAppModule{ + AppModuleGenesis: amg, +} +} + +// IsOnePerModuleType implements the depinject.OnePerModuleType interface. +func (GenesisOnlyAppModule) + +IsOnePerModuleType() { +} + +// IsAppModule implements the appmodule.AppModule interface. +func (GenesisOnlyAppModule) + +IsAppModule() { +} + +// RegisterInvariants is a placeholder function register no invariants +func (GenesisOnlyAppModule) + +RegisterInvariants(_ sdk.InvariantRegistry) { +} + +// ConsensusVersion implements AppModule/ConsensusVersion. +func (gam GenesisOnlyAppModule) + +ConsensusVersion() + +uint64 { + return 1 +} + +// Manager defines a module manager that provides the high level utility for managing and executing +// operations for a group of modules +type Manager struct { + Modules map[string]any // interface{ +} + +is used now to support the legacy AppModule as well as new core appmodule.AppModule. + OrderInitGenesis []string + OrderExportGenesis []string + OrderPreBlockers []string + OrderBeginBlockers []string + OrderEndBlockers []string + OrderPrepareCheckStaters []string + OrderPrecommiters []string + OrderMigrations []string +} + +// NewManager creates a new Manager object. +func NewManager(modules ...AppModule) *Manager { + moduleMap := make(map[string]any) + modulesStr := make([]string, 0, len(modules)) + preBlockModulesStr := make([]string, 0) + for _, module := range modules { + if _, ok := module.(appmodule.AppModule); !ok { + panic(fmt.Sprintf("module %s does not implement appmodule.AppModule", module.Name())) +} + +moduleMap[module.Name()] = module + modulesStr = append(modulesStr, module.Name()) + if _, ok := module.(appmodule.HasPreBlocker); ok { + preBlockModulesStr = append(preBlockModulesStr, module.Name()) +} + +} + +return &Manager{ + Modules: moduleMap, + OrderInitGenesis: modulesStr, + OrderExportGenesis: modulesStr, + OrderPreBlockers: preBlockModulesStr, + OrderBeginBlockers: modulesStr, + OrderPrepareCheckStaters: modulesStr, + OrderPrecommiters: modulesStr, + OrderEndBlockers: modulesStr, +} +} + +// NewManagerFromMap creates a new Manager object from a map of module names to module implementations. +// This method should be used for apps and modules which have migrated to the cosmossdk.io/core.appmodule.AppModule API. +func NewManagerFromMap(moduleMap map[string]appmodule.AppModule) *Manager { + simpleModuleMap := make(map[string]any) + modulesStr := make([]string, 0, len(simpleModuleMap)) + preBlockModulesStr := make([]string, 0) + for name, module := range moduleMap { + simpleModuleMap[name] = module + modulesStr = append(modulesStr, name) + if _, ok := module.(appmodule.HasPreBlocker); ok { + preBlockModulesStr = append(preBlockModulesStr, name) +} + +} + + // Sort the modules by name. Given that we are using a map above we can't guarantee the order. + sort.Strings(modulesStr) + +return &Manager{ + Modules: simpleModuleMap, + OrderInitGenesis: modulesStr, + OrderExportGenesis: modulesStr, + OrderPreBlockers: preBlockModulesStr, + OrderBeginBlockers: modulesStr, + OrderEndBlockers: modulesStr, + OrderPrecommiters: modulesStr, + OrderPrepareCheckStaters: modulesStr, +} +} + +// SetOrderInitGenesis sets the order of init genesis calls +func (m *Manager) + +SetOrderInitGenesis(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderInitGenesis", moduleNames, func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasGenesis := module.(appmodule.HasGenesis); hasGenesis { + return !hasGenesis +} + if _, hasABCIGenesis := module.(HasABCIGenesis); hasABCIGenesis { + return !hasABCIGenesis +} + + _, hasGenesis := module.(HasGenesis) + +return !hasGenesis +}) + +m.OrderInitGenesis = moduleNames +} + +// SetOrderExportGenesis sets the order of export genesis calls +func (m *Manager) + +SetOrderExportGenesis(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderExportGenesis", moduleNames, func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasGenesis := module.(appmodule.HasGenesis); hasGenesis { + return !hasGenesis +} + if _, hasABCIGenesis := module.(HasABCIGenesis); hasABCIGenesis { + return !hasABCIGenesis +} + + _, hasGenesis := module.(HasGenesis) + +return !hasGenesis +}) + +m.OrderExportGenesis = moduleNames +} + +// SetOrderPreBlockers sets the order of set pre-blocker calls +func (m *Manager) + +SetOrderPreBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPreBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasBlock := module.(appmodule.HasPreBlocker) + +return !hasBlock +}) + +m.OrderPreBlockers = moduleNames +} + +// SetOrderBeginBlockers sets the order of set begin-blocker calls +func (m *Manager) + +SetOrderBeginBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderBeginBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasBeginBlock := module.(appmodule.HasBeginBlocker) + +return !hasBeginBlock +}) + +m.OrderBeginBlockers = moduleNames +} + +// SetOrderEndBlockers sets the order of set end-blocker calls +func (m *Manager) + +SetOrderEndBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderEndBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasEndBlock := module.(appmodule.HasEndBlocker); hasEndBlock { + return !hasEndBlock +} + + _, hasABCIEndBlock := module.(HasABCIEndBlock) + +return !hasABCIEndBlock +}) + +m.OrderEndBlockers = moduleNames +} + +// SetOrderPrepareCheckStaters sets the order of set prepare-check-stater calls +func (m *Manager) + +SetOrderPrepareCheckStaters(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPrepareCheckStaters", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasPrepareCheckState := module.(appmodule.HasPrepareCheckState) + +return !hasPrepareCheckState +}) + +m.OrderPrepareCheckStaters = moduleNames +} + +// SetOrderPrecommiters sets the order of set precommiter calls +func (m *Manager) + +SetOrderPrecommiters(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPrecommiters", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasPrecommit := module.(appmodule.HasPrecommit) + +return !hasPrecommit +}) + +m.OrderPrecommiters = moduleNames +} + +// SetOrderMigrations sets the order of migrations to be run. If not set +// then migrations will be run with an order defined in `DefaultMigrationsOrder`. +func (m *Manager) + +SetOrderMigrations(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderMigrations", moduleNames, nil) + +m.OrderMigrations = moduleNames +} + +// RegisterInvariants registers all module invariants +// +// Deprecated: this function is a no-op and will be removed in the next release of the Cosmos SDK. +func (m *Manager) + +RegisterInvariants(_ sdk.InvariantRegistry) { +} + +// RegisterServices registers all module services +func (m *Manager) + +RegisterServices(cfg Configurator) + +error { + for _, module := range m.Modules { + if module, ok := module.(HasServices); ok { + module.RegisterServices(cfg) +} + if module, ok := module.(appmodule.HasServices); ok { + err := module.RegisterServices(cfg) + if err != nil { + return err +} + +} + if cfg.Error() != nil { + return cfg.Error() +} + +} + +return nil +} + +// InitGenesis performs init genesis functionality for modules. Exactly one +// module must return a non-empty validator set update to correctly initialize +// the chain. +func (m *Manager) + +InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, genesisData map[string]json.RawMessage) (*abci.ResponseInitChain, error) { + var validatorUpdates []abci.ValidatorUpdate + ctx.Logger().Info("initializing blockchain state from genesis.json") + for _, moduleName := range m.OrderInitGenesis { + if genesisData[moduleName] == nil { + continue +} + mod := m.Modules[moduleName] + // we might get an adapted module, a native core API module or a legacy module + if module, ok := mod.(appmodule.HasGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + // core API genesis + source, err := genesis.SourceFromRawJSON(genesisData[moduleName]) + if err != nil { + return &abci.ResponseInitChain{ +}, err +} + +err = module.InitGenesis(ctx, source) + if err != nil { + return &abci.ResponseInitChain{ +}, err +} + +} + +else if module, ok := mod.(HasGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + +module.InitGenesis(ctx, cdc, genesisData[moduleName]) +} + +else if module, ok := mod.(HasABCIGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + moduleValUpdates := module.InitGenesis(ctx, cdc, genesisData[moduleName]) + + // use these validator updates if provided, the module manager assumes + // only one module will update the validator set + if len(moduleValUpdates) > 0 { + if len(validatorUpdates) > 0 { + return &abci.ResponseInitChain{ +}, errors.New("validator InitGenesis updates already set by a previous module") +} + +validatorUpdates = moduleValUpdates +} + +} + +} + + // a chain must initialize with a non-empty validator set + if len(validatorUpdates) == 0 { + return &abci.ResponseInitChain{ +}, fmt.Errorf("validator set is empty after InitGenesis, please ensure at least one validator is initialized with a delegation greater than or equal to the DefaultPowerReduction (%d)", sdk.DefaultPowerReduction) +} + +return &abci.ResponseInitChain{ + Validators: validatorUpdates, +}, nil +} + +// ExportGenesis performs export genesis functionality for modules +func (m *Manager) + +ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec) (map[string]json.RawMessage, error) { + return m.ExportGenesisForModules(ctx, cdc, []string{ +}) +} + +// ExportGenesisForModules performs export genesis functionality for modules +func (m *Manager) + +ExportGenesisForModules(ctx sdk.Context, cdc codec.JSONCodec, modulesToExport []string) (map[string]json.RawMessage, error) { + if len(modulesToExport) == 0 { + modulesToExport = m.OrderExportGenesis +} + // verify modules exists in app, so that we don't panic in the middle of an export + if err := m.checkModulesExists(modulesToExport); err != nil { + return nil, err +} + +type genesisResult struct { + bz json.RawMessage + err error +} + channels := make(map[string]chan genesisResult) + for _, moduleName := range modulesToExport { + mod := m.Modules[moduleName] + if module, ok := mod.(appmodule.HasGenesis); ok { + // core API genesis + channels[moduleName] = make(chan genesisResult) + +go func(module appmodule.HasGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + target := genesis.RawJSONTarget{ +} + err := module.ExportGenesis(ctx, target.Target()) + if err != nil { + ch <- genesisResult{ + nil, err +} + +return +} + +rawJSON, err := target.JSON() + if err != nil { + ch <- genesisResult{ + nil, err +} + +return +} + +ch <- genesisResult{ + rawJSON, nil +} + +}(module, channels[moduleName]) +} + +else if module, ok := mod.(HasGenesis); ok { + channels[moduleName] = make(chan genesisResult) + +go func(module HasGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + ch <- genesisResult{ + module.ExportGenesis(ctx, cdc), nil +} + +}(module, channels[moduleName]) +} + +else if module, ok := mod.(HasABCIGenesis); ok { + channels[moduleName] = make(chan genesisResult) + +go func(module HasABCIGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + ch <- genesisResult{ + module.ExportGenesis(ctx, cdc), nil +} + +}(module, channels[moduleName]) +} + +} + genesisData := make(map[string]json.RawMessage) + for moduleName := range channels { + res := <-channels[moduleName] + if res.err != nil { + return nil, fmt.Errorf("genesis export error in %s: %w", moduleName, res.err) +} + +genesisData[moduleName] = res.bz +} + +return genesisData, nil +} + +// checkModulesExists verifies that all modules in the list exist in the app +func (m *Manager) + +checkModulesExists(moduleName []string) + +error { + for _, name := range moduleName { + if _, ok := m.Modules[name]; !ok { + return fmt.Errorf("module %s does not exist", name) +} + +} + +return nil +} + +// assertNoForgottenModules checks that we didn't forget any modules in the SetOrder* functions. +// `pass` is a closure which allows one to omit modules from `moduleNames`. +// If you provide non-nil `pass` and it returns true, the module would not be subject of the assertion. +func (m *Manager) + +assertNoForgottenModules(setOrderFnName string, moduleNames []string, pass func(moduleName string) + +bool) { + ms := make(map[string]bool) + for _, m := range moduleNames { + ms[m] = true +} + +var missing []string + for m := range m.Modules { + if pass != nil && pass(m) { + continue +} + if !ms[m] { + missing = append(missing, m) +} + +} + if len(missing) != 0 { + sort.Strings(missing) + +panic(fmt.Sprintf( + "all modules must be defined when setting %s, missing: %v", setOrderFnName, missing)) +} +} + +// MigrationHandler is the migration function that each module registers. +type MigrationHandler func(sdk.Context) + +error + +// VersionMap is a map of moduleName -> version +type VersionMap map[string]uint64 + +// RunMigrations performs in-place store migrations for all modules. This +// function MUST be called insde an x/upgrade UpgradeHandler. +// +// Recall that in an upgrade handler, the `fromVM` VersionMap is retrieved from +// x/upgrade's store, and the function needs to return the target VersionMap +// that will in turn be persisted to the x/upgrade's store. In general, +// returning RunMigrations should be enough: +// +// Example: +// +// cfg := module.NewConfigurator(...) +// app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx context.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { +// return app.mm.RunMigrations(ctx, cfg, fromVM) +// +}) +// +// Internally, RunMigrations will perform the following steps: +// - create an `updatedVM` VersionMap of module with their latest ConsensusVersion +// - make a diff of `fromVM` and `udpatedVM`, and for each module: +// - if the module's `fromVM` version is less than its `updatedVM` version, +// then run in-place store migrations for that module between those versions. +// - if the module does not exist in the `fromVM` (which means that it's a new module, +// because it was not in the previous x/upgrade's store), then run +// `InitGenesis` on that module. +// +// - return the `updatedVM` to be persisted in the x/upgrade's store. +// +// Migrations are run in an order defined by `Manager.OrderMigrations` or (if not set) + +defined by +// `DefaultMigrationsOrder` function. +// +// As an app developer, if you wish to skip running InitGenesis for your new +// module "foo", you need to manually pass a `fromVM` argument to this function +// foo's module version set to its latest ConsensusVersion. That way, the diff +// between the function's `fromVM` and `udpatedVM` will be empty, hence not +// running anything for foo. +// +// Example: +// +// cfg := module.NewConfigurator(...) +// app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx context.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { +// // Assume "foo" is a new module. +// // `fromVM` is fetched from existing x/upgrade store. Since foo didn't exist +// // before this upgrade, `v, exists := fromVM["foo"]; exists == false`, and RunMigration will by default +// // run InitGenesis on foo. +// // To skip running foo's InitGenesis, you need set `fromVM`'s foo to its latest +// // consensus version: +// fromVM["foo"] = foo.AppModule{ +}.ConsensusVersion() +// +// return app.mm.RunMigrations(ctx, cfg, fromVM) +// +}) +// +// Please also refer to https://docs.cosmos.network/main/core/upgrade for more information. +func (m Manager) + +RunMigrations(ctx context.Context, cfg Configurator, fromVM VersionMap) (VersionMap, error) { + c, ok := cfg.(*configurator) + if !ok { + return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidType, "expected %T, got %T", &configurator{ +}, cfg) +} + modules := m.OrderMigrations + if modules == nil { + modules = DefaultMigrationsOrder(m.ModuleNames()) +} + sdkCtx := sdk.UnwrapSDKContext(ctx) + updatedVM := VersionMap{ +} + for _, moduleName := range modules { + module := m.Modules[moduleName] + fromVersion, exists := fromVM[moduleName] + toVersion := uint64(0) + if module, ok := module.(HasConsensusVersion); ok { + toVersion = module.ConsensusVersion() +} + + // We run migration if the module is specified in `fromVM`. + // Otherwise we run InitGenesis. + // + // The module won't exist in the fromVM in two cases: + // 1. A new module is added. In this case we run InitGenesis with an + // empty genesis state. + // 2. An existing chain is upgrading from version < 0.43 to v0.43+ for the first time. + // In this case, all modules have yet to be added to x/upgrade's VersionMap store. + if exists { + err := c.runModuleMigrations(sdkCtx, moduleName, fromVersion, toVersion) + if err != nil { + return nil, err +} + +} + +else { + sdkCtx.Logger().Info(fmt.Sprintf("adding a new module: %s", moduleName)) + if module, ok := m.Modules[moduleName].(HasGenesis); ok { + module.InitGenesis(sdkCtx, c.cdc, module.DefaultGenesis(c.cdc)) +} + if module, ok := m.Modules[moduleName].(HasABCIGenesis); ok { + moduleValUpdates := module.InitGenesis(sdkCtx, c.cdc, module.DefaultGenesis(c.cdc)) + // The module manager assumes only one module will update the + // validator set, and it can't be a new module. + if len(moduleValUpdates) > 0 { + return nil, errorsmod.Wrapf(sdkerrors.ErrLogic, "validator InitGenesis update is already set by another module") +} + +} + +} + +updatedVM[moduleName] = toVersion +} + +return updatedVM, nil +} + +// PreBlock performs begin block functionality for upgrade module. +// It takes the current context as a parameter and returns a boolean value +// indicating whether the migration was successfully executed or not. +func (m *Manager) + +PreBlock(ctx sdk.Context) (*sdk.ResponsePreBlock, error) { + paramsChanged := false + for _, moduleName := range m.OrderPreBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasPreBlocker); ok { + rsp, err := module.PreBlock(ctx) + if err != nil { + return nil, err +} + if rsp.IsConsensusParamsChanged() { + paramsChanged = true +} + +} + +} + +return &sdk.ResponsePreBlock{ + ConsensusParamsChanged: paramsChanged, +}, nil +} + +// BeginBlock performs begin block functionality for all modules. It creates a +// child context with an event manager to aggregate events emitted from all +// modules. +func (m *Manager) + +BeginBlock(ctx sdk.Context) (sdk.BeginBlock, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + for _, moduleName := range m.OrderBeginBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasBeginBlocker); ok { + if err := module.BeginBlock(ctx); err != nil { + return sdk.BeginBlock{ +}, err +} + +} + +} + +return sdk.BeginBlock{ + Events: ctx.EventManager().ABCIEvents(), +}, nil +} + +// EndBlock performs end block functionality for all modules. It creates a +// child context with an event manager to aggregate events emitted from all +// modules. +func (m *Manager) + +EndBlock(ctx sdk.Context) (sdk.EndBlock, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + validatorUpdates := []abci.ValidatorUpdate{ +} + for _, moduleName := range m.OrderEndBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasEndBlocker); ok { + err := module.EndBlock(ctx) + if err != nil { + return sdk.EndBlock{ +}, err +} + +} + +else if module, ok := m.Modules[moduleName].(HasABCIEndBlock); ok { + moduleValUpdates, err := module.EndBlock(ctx) + if err != nil { + return sdk.EndBlock{ +}, err +} + // use these validator updates if provided, the module manager assumes + // only one module will update the validator set + if len(moduleValUpdates) > 0 { + if len(validatorUpdates) > 0 { + return sdk.EndBlock{ +}, errors.New("validator EndBlock updates already set by a previous module") +} + for _, updates := range moduleValUpdates { + validatorUpdates = append(validatorUpdates, abci.ValidatorUpdate{ + PubKey: updates.PubKey, + Power: updates.Power +}) +} + +} + +} + +else { + continue +} + +} + +return sdk.EndBlock{ + ValidatorUpdates: validatorUpdates, + Events: ctx.EventManager().ABCIEvents(), +}, nil +} + +// Precommit performs precommit functionality for all modules. +func (m *Manager) + +Precommit(ctx sdk.Context) + +error { + for _, moduleName := range m.OrderPrecommiters { + module, ok := m.Modules[moduleName].(appmodule.HasPrecommit) + if !ok { + continue +} + if err := module.Precommit(ctx); err != nil { + return err +} + +} + +return nil +} + +// PrepareCheckState performs functionality for preparing the check state for all modules. +func (m *Manager) + +PrepareCheckState(ctx sdk.Context) + +error { + for _, moduleName := range m.OrderPrepareCheckStaters { + module, ok := m.Modules[moduleName].(appmodule.HasPrepareCheckState) + if !ok { + continue +} + if err := module.PrepareCheckState(ctx); err != nil { + return err +} + +} + +return nil +} + +// GetVersionMap gets consensus version from all modules +func (m *Manager) + +GetVersionMap() + +VersionMap { + vermap := make(VersionMap) + for name, v := range m.Modules { + version := uint64(0) + if v, ok := v.(HasConsensusVersion); ok { + version = v.ConsensusVersion() +} + +vermap[name] = version +} + +return vermap +} + +// ModuleNames returns list of all module names, without any particular order. +func (m *Manager) + +ModuleNames() []string { + return slices.Collect(maps.Keys(m.Modules)) +} + +// DefaultMigrationsOrder returns a default migrations order: ascending alphabetical by module name, +// except x/auth which will run last, see: +// https://github.com/cosmos/cosmos-sdk/issues/10591 +func DefaultMigrationsOrder(modules []string) []string { + const authName = "auth" + out := make([]string, 0, len(modules)) + hasAuth := false + for _, m := range modules { + if m == authName { + hasAuth = true +} + +else { + out = append(out, m) +} + +} + +sort.Strings(out) + if hasAuth { + out = append(out, authName) +} + +return out +} +``` + +### `HasInvariants` + +This interface defines one method. It allows checking if a module can register invariants. + +```go expandable +/* +Package module contains application module patterns and associated "manager" functionality. +The module pattern has been broken down by: + - independent module functionality (AppModuleBasic) + - inter-dependent module simulation functionality (AppModuleSimulation) + - inter-dependent module full functionality (AppModule) + +inter-dependent module functionality is module functionality which somehow +depends on other modules, typically through the module keeper. Many of the +module keepers are dependent on each other, thus in order to access the full +set of module functionality we need to define all the keepers/params-store/keys +etc. This full set of advanced functionality is defined by the AppModule interface. + +Independent module functions are separated to allow for the construction of the +basic application structures required early on in the application definition +and used to enable the definition of full module functionality later in the +process. This separation is necessary, however we still want to allow for a +high level pattern for modules to follow - for instance, such that we don't +have to manually register all of the codecs for all the modules. This basic +procedure as well as other basic patterns are handled through the use of +BasicManager. + +Lastly the interface for genesis functionality (HasGenesis & HasABCIGenesis) + +has been +separated out from full module functionality (AppModule) + +so that modules which +are only used for genesis can take advantage of the Module patterns without +needlessly defining many placeholder functions +*/ +package module + +import ( + + "context" + "encoding/json" + "errors" + "fmt" + "maps" + "slices" + "sort" + + abci "github.com/cometbft/cometbft/abci/types" + "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/spf13/cobra" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/core/genesis" + errorsmod "cosmossdk.io/errors" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" +) + +// AppModuleBasic is the standard form for basic non-dependant elements of an application module. +type AppModuleBasic interface { + HasName + RegisterLegacyAminoCodec(*codec.LegacyAmino) + +RegisterInterfaces(types.InterfaceRegistry) + +RegisterGRPCGatewayRoutes(client.Context, *runtime.ServeMux) +} + +// HasName allows the module to provide its own name for legacy purposes. +// Newer apps should specify the name for their modules using a map +// using NewManagerFromMap. +type HasName interface { + Name() + +string +} + +// HasGenesisBasics is the legacy interface for stateless genesis methods. +type HasGenesisBasics interface { + DefaultGenesis(codec.JSONCodec) + +json.RawMessage + ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage) + +error +} + +// BasicManager is a collection of AppModuleBasic +type BasicManager map[string]AppModuleBasic + +// NewBasicManager creates a new BasicManager object +func NewBasicManager(modules ...AppModuleBasic) + +BasicManager { + moduleMap := make(map[string]AppModuleBasic) + for _, module := range modules { + moduleMap[module.Name()] = module +} + +return moduleMap +} + +// NewBasicManagerFromManager creates a new BasicManager from a Manager +// The BasicManager will contain all AppModuleBasic from the AppModule Manager +// Module's AppModuleBasic can be overridden by passing a custom AppModuleBasic map +func NewBasicManagerFromManager(manager *Manager, customModuleBasics map[string]AppModuleBasic) + +BasicManager { + moduleMap := make(map[string]AppModuleBasic) + for name, module := range manager.Modules { + if customBasicMod, ok := customModuleBasics[name]; ok { + moduleMap[name] = customBasicMod + continue +} + if appModule, ok := module.(appmodule.AppModule); ok { + moduleMap[name] = CoreAppModuleBasicAdaptor(name, appModule) + +continue +} + if basicMod, ok := module.(AppModuleBasic); ok { + moduleMap[name] = basicMod +} + +} + +return moduleMap +} + +// RegisterLegacyAminoCodec registers all module codecs +func (bm BasicManager) + +RegisterLegacyAminoCodec(cdc *codec.LegacyAmino) { + for _, b := range bm { + b.RegisterLegacyAminoCodec(cdc) +} +} + +// RegisterInterfaces registers all module interface types +func (bm BasicManager) + +RegisterInterfaces(registry types.InterfaceRegistry) { + for _, m := range bm { + m.RegisterInterfaces(registry) +} +} + +// DefaultGenesis provides default genesis information for all modules +func (bm BasicManager) + +DefaultGenesis(cdc codec.JSONCodec) + +map[string]json.RawMessage { + genesisData := make(map[string]json.RawMessage) + for _, b := range bm { + if mod, ok := b.(HasGenesisBasics); ok { + genesisData[b.Name()] = mod.DefaultGenesis(cdc) +} + +} + +return genesisData +} + +// ValidateGenesis performs genesis state validation for all modules +func (bm BasicManager) + +ValidateGenesis(cdc codec.JSONCodec, txEncCfg client.TxEncodingConfig, genesisData map[string]json.RawMessage) + +error { + for _, b := range bm { + // first check if the module is an adapted Core API Module + if mod, ok := b.(HasGenesisBasics); ok { + if err := mod.ValidateGenesis(cdc, txEncCfg, genesisData[b.Name()]); err != nil { + return err +} + +} + +} + +return nil +} + +// RegisterGRPCGatewayRoutes registers all module rest routes +func (bm BasicManager) + +RegisterGRPCGatewayRoutes(clientCtx client.Context, rtr *runtime.ServeMux) { + for _, b := range bm { + b.RegisterGRPCGatewayRoutes(clientCtx, rtr) +} +} + +// AddTxCommands adds all tx commands to the rootTxCmd. +func (bm BasicManager) + +AddTxCommands(rootTxCmd *cobra.Command) { + for _, b := range bm { + if mod, ok := b.(interface { + GetTxCmd() *cobra.Command +}); ok { + if cmd := mod.GetTxCmd(); cmd != nil { + rootTxCmd.AddCommand(cmd) +} + +} + +} +} + +// AddQueryCommands adds all query commands to the rootQueryCmd. +func (bm BasicManager) + +AddQueryCommands(rootQueryCmd *cobra.Command) { + for _, b := range bm { + if mod, ok := b.(interface { + GetQueryCmd() *cobra.Command +}); ok { + if cmd := mod.GetQueryCmd(); cmd != nil { + rootQueryCmd.AddCommand(cmd) +} + +} + +} +} + +// HasGenesis is the extension interface for stateful genesis methods. +type HasGenesis interface { + HasGenesisBasics + InitGenesis(sdk.Context, codec.JSONCodec, json.RawMessage) + +ExportGenesis(sdk.Context, codec.JSONCodec) + +json.RawMessage +} + +// HasABCIGenesis is the extension interface for stateful genesis methods which returns validator updates. +type HasABCIGenesis interface { + HasGenesisBasics + InitGenesis(sdk.Context, codec.JSONCodec, json.RawMessage) []abci.ValidatorUpdate + ExportGenesis(sdk.Context, codec.JSONCodec) + +json.RawMessage +} + +// AppModule is the form for an application module. Most of +// its functionality has been moved to extension interfaces. +// Deprecated: use appmodule.AppModule with a combination of extension interfaes interfaces instead. +type AppModule interface { + appmodule.AppModule + + AppModuleBasic +} + +// HasInvariants is the interface for registering invariants. +// +// Deprecated: this will be removed in the next Cosmos SDK release. +type HasInvariants interface { + // RegisterInvariants registers module invariants. + RegisterInvariants(sdk.InvariantRegistry) +} + +// HasServices is the interface for modules to register services. +type HasServices interface { + // RegisterServices allows a module to register services. + RegisterServices(Configurator) +} + +// HasConsensusVersion is the interface for declaring a module consensus version. +type HasConsensusVersion interface { + // ConsensusVersion is a sequence number for state-breaking change of the + // module. It should be incremented on each consensus-breaking change + // introduced by the module. To avoid wrong/empty versions, the initial version + // should be set to 1. + ConsensusVersion() + +uint64 +} + +// HasABCIEndblock is a released typo of HasABCIEndBlock. +// Deprecated: use HasABCIEndBlock instead. +type HasABCIEndblock HasABCIEndBlock + +// HasABCIEndBlock is the interface for modules that need to run code at the end of the block. +type HasABCIEndBlock interface { + AppModule + EndBlock(context.Context) ([]abci.ValidatorUpdate, error) +} + +var ( + _ appmodule.AppModule = (*GenesisOnlyAppModule)(nil) + _ AppModuleBasic = (*GenesisOnlyAppModule)(nil) +) + +// AppModuleGenesis is the standard form for an application module genesis functions +type AppModuleGenesis interface { + AppModuleBasic + HasABCIGenesis +} + +// GenesisOnlyAppModule is an AppModule that only has import/export functionality +type GenesisOnlyAppModule struct { + AppModuleGenesis +} + +// NewGenesisOnlyAppModule creates a new GenesisOnlyAppModule object +func NewGenesisOnlyAppModule(amg AppModuleGenesis) + +GenesisOnlyAppModule { + return GenesisOnlyAppModule{ + AppModuleGenesis: amg, +} +} + +// IsOnePerModuleType implements the depinject.OnePerModuleType interface. +func (GenesisOnlyAppModule) + +IsOnePerModuleType() { +} + +// IsAppModule implements the appmodule.AppModule interface. +func (GenesisOnlyAppModule) + +IsAppModule() { +} + +// RegisterInvariants is a placeholder function register no invariants +func (GenesisOnlyAppModule) + +RegisterInvariants(_ sdk.InvariantRegistry) { +} + +// ConsensusVersion implements AppModule/ConsensusVersion. +func (gam GenesisOnlyAppModule) + +ConsensusVersion() + +uint64 { + return 1 +} + +// Manager defines a module manager that provides the high level utility for managing and executing +// operations for a group of modules +type Manager struct { + Modules map[string]any // interface{ +} + +is used now to support the legacy AppModule as well as new core appmodule.AppModule. + OrderInitGenesis []string + OrderExportGenesis []string + OrderPreBlockers []string + OrderBeginBlockers []string + OrderEndBlockers []string + OrderPrepareCheckStaters []string + OrderPrecommiters []string + OrderMigrations []string +} + +// NewManager creates a new Manager object. +func NewManager(modules ...AppModule) *Manager { + moduleMap := make(map[string]any) + modulesStr := make([]string, 0, len(modules)) + preBlockModulesStr := make([]string, 0) + for _, module := range modules { + if _, ok := module.(appmodule.AppModule); !ok { + panic(fmt.Sprintf("module %s does not implement appmodule.AppModule", module.Name())) +} + +moduleMap[module.Name()] = module + modulesStr = append(modulesStr, module.Name()) + if _, ok := module.(appmodule.HasPreBlocker); ok { + preBlockModulesStr = append(preBlockModulesStr, module.Name()) +} + +} + +return &Manager{ + Modules: moduleMap, + OrderInitGenesis: modulesStr, + OrderExportGenesis: modulesStr, + OrderPreBlockers: preBlockModulesStr, + OrderBeginBlockers: modulesStr, + OrderPrepareCheckStaters: modulesStr, + OrderPrecommiters: modulesStr, + OrderEndBlockers: modulesStr, +} +} + +// NewManagerFromMap creates a new Manager object from a map of module names to module implementations. +// This method should be used for apps and modules which have migrated to the cosmossdk.io/core.appmodule.AppModule API. +func NewManagerFromMap(moduleMap map[string]appmodule.AppModule) *Manager { + simpleModuleMap := make(map[string]any) + modulesStr := make([]string, 0, len(simpleModuleMap)) + preBlockModulesStr := make([]string, 0) + for name, module := range moduleMap { + simpleModuleMap[name] = module + modulesStr = append(modulesStr, name) + if _, ok := module.(appmodule.HasPreBlocker); ok { + preBlockModulesStr = append(preBlockModulesStr, name) +} + +} + + // Sort the modules by name. Given that we are using a map above we can't guarantee the order. + sort.Strings(modulesStr) + +return &Manager{ + Modules: simpleModuleMap, + OrderInitGenesis: modulesStr, + OrderExportGenesis: modulesStr, + OrderPreBlockers: preBlockModulesStr, + OrderBeginBlockers: modulesStr, + OrderEndBlockers: modulesStr, + OrderPrecommiters: modulesStr, + OrderPrepareCheckStaters: modulesStr, +} +} + +// SetOrderInitGenesis sets the order of init genesis calls +func (m *Manager) + +SetOrderInitGenesis(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderInitGenesis", moduleNames, func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasGenesis := module.(appmodule.HasGenesis); hasGenesis { + return !hasGenesis +} + if _, hasABCIGenesis := module.(HasABCIGenesis); hasABCIGenesis { + return !hasABCIGenesis +} + + _, hasGenesis := module.(HasGenesis) + +return !hasGenesis +}) + +m.OrderInitGenesis = moduleNames +} + +// SetOrderExportGenesis sets the order of export genesis calls +func (m *Manager) + +SetOrderExportGenesis(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderExportGenesis", moduleNames, func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasGenesis := module.(appmodule.HasGenesis); hasGenesis { + return !hasGenesis +} + if _, hasABCIGenesis := module.(HasABCIGenesis); hasABCIGenesis { + return !hasABCIGenesis +} + + _, hasGenesis := module.(HasGenesis) + +return !hasGenesis +}) + +m.OrderExportGenesis = moduleNames +} + +// SetOrderPreBlockers sets the order of set pre-blocker calls +func (m *Manager) + +SetOrderPreBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPreBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasBlock := module.(appmodule.HasPreBlocker) + +return !hasBlock +}) + +m.OrderPreBlockers = moduleNames +} + +// SetOrderBeginBlockers sets the order of set begin-blocker calls +func (m *Manager) + +SetOrderBeginBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderBeginBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasBeginBlock := module.(appmodule.HasBeginBlocker) + +return !hasBeginBlock +}) + +m.OrderBeginBlockers = moduleNames +} + +// SetOrderEndBlockers sets the order of set end-blocker calls +func (m *Manager) + +SetOrderEndBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderEndBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasEndBlock := module.(appmodule.HasEndBlocker); hasEndBlock { + return !hasEndBlock +} + + _, hasABCIEndBlock := module.(HasABCIEndBlock) + +return !hasABCIEndBlock +}) + +m.OrderEndBlockers = moduleNames +} + +// SetOrderPrepareCheckStaters sets the order of set prepare-check-stater calls +func (m *Manager) + +SetOrderPrepareCheckStaters(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPrepareCheckStaters", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasPrepareCheckState := module.(appmodule.HasPrepareCheckState) + +return !hasPrepareCheckState +}) + +m.OrderPrepareCheckStaters = moduleNames +} + +// SetOrderPrecommiters sets the order of set precommiter calls +func (m *Manager) + +SetOrderPrecommiters(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPrecommiters", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasPrecommit := module.(appmodule.HasPrecommit) + +return !hasPrecommit +}) + +m.OrderPrecommiters = moduleNames +} + +// SetOrderMigrations sets the order of migrations to be run. If not set +// then migrations will be run with an order defined in `DefaultMigrationsOrder`. +func (m *Manager) + +SetOrderMigrations(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderMigrations", moduleNames, nil) + +m.OrderMigrations = moduleNames +} + +// RegisterInvariants registers all module invariants +// +// Deprecated: this function is a no-op and will be removed in the next release of the Cosmos SDK. +func (m *Manager) + +RegisterInvariants(_ sdk.InvariantRegistry) { +} + +// RegisterServices registers all module services +func (m *Manager) + +RegisterServices(cfg Configurator) + +error { + for _, module := range m.Modules { + if module, ok := module.(HasServices); ok { + module.RegisterServices(cfg) +} + if module, ok := module.(appmodule.HasServices); ok { + err := module.RegisterServices(cfg) + if err != nil { + return err +} + +} + if cfg.Error() != nil { + return cfg.Error() +} + +} + +return nil +} + +// InitGenesis performs init genesis functionality for modules. Exactly one +// module must return a non-empty validator set update to correctly initialize +// the chain. +func (m *Manager) + +InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, genesisData map[string]json.RawMessage) (*abci.ResponseInitChain, error) { + var validatorUpdates []abci.ValidatorUpdate + ctx.Logger().Info("initializing blockchain state from genesis.json") + for _, moduleName := range m.OrderInitGenesis { + if genesisData[moduleName] == nil { + continue +} + mod := m.Modules[moduleName] + // we might get an adapted module, a native core API module or a legacy module + if module, ok := mod.(appmodule.HasGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + // core API genesis + source, err := genesis.SourceFromRawJSON(genesisData[moduleName]) + if err != nil { + return &abci.ResponseInitChain{ +}, err +} + +err = module.InitGenesis(ctx, source) + if err != nil { + return &abci.ResponseInitChain{ +}, err +} + +} + +else if module, ok := mod.(HasGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + +module.InitGenesis(ctx, cdc, genesisData[moduleName]) +} + +else if module, ok := mod.(HasABCIGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + moduleValUpdates := module.InitGenesis(ctx, cdc, genesisData[moduleName]) + + // use these validator updates if provided, the module manager assumes + // only one module will update the validator set + if len(moduleValUpdates) > 0 { + if len(validatorUpdates) > 0 { + return &abci.ResponseInitChain{ +}, errors.New("validator InitGenesis updates already set by a previous module") +} + +validatorUpdates = moduleValUpdates +} + +} + +} + + // a chain must initialize with a non-empty validator set + if len(validatorUpdates) == 0 { + return &abci.ResponseInitChain{ +}, fmt.Errorf("validator set is empty after InitGenesis, please ensure at least one validator is initialized with a delegation greater than or equal to the DefaultPowerReduction (%d)", sdk.DefaultPowerReduction) +} + +return &abci.ResponseInitChain{ + Validators: validatorUpdates, +}, nil +} + +// ExportGenesis performs export genesis functionality for modules +func (m *Manager) + +ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec) (map[string]json.RawMessage, error) { + return m.ExportGenesisForModules(ctx, cdc, []string{ +}) +} + +// ExportGenesisForModules performs export genesis functionality for modules +func (m *Manager) + +ExportGenesisForModules(ctx sdk.Context, cdc codec.JSONCodec, modulesToExport []string) (map[string]json.RawMessage, error) { + if len(modulesToExport) == 0 { + modulesToExport = m.OrderExportGenesis +} + // verify modules exists in app, so that we don't panic in the middle of an export + if err := m.checkModulesExists(modulesToExport); err != nil { + return nil, err +} + +type genesisResult struct { + bz json.RawMessage + err error +} + channels := make(map[string]chan genesisResult) + for _, moduleName := range modulesToExport { + mod := m.Modules[moduleName] + if module, ok := mod.(appmodule.HasGenesis); ok { + // core API genesis + channels[moduleName] = make(chan genesisResult) + +go func(module appmodule.HasGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + target := genesis.RawJSONTarget{ +} + err := module.ExportGenesis(ctx, target.Target()) + if err != nil { + ch <- genesisResult{ + nil, err +} + +return +} + +rawJSON, err := target.JSON() + if err != nil { + ch <- genesisResult{ + nil, err +} + +return +} + +ch <- genesisResult{ + rawJSON, nil +} + +}(module, channels[moduleName]) +} + +else if module, ok := mod.(HasGenesis); ok { + channels[moduleName] = make(chan genesisResult) + +go func(module HasGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + ch <- genesisResult{ + module.ExportGenesis(ctx, cdc), nil +} + +}(module, channels[moduleName]) +} + +else if module, ok := mod.(HasABCIGenesis); ok { + channels[moduleName] = make(chan genesisResult) + +go func(module HasABCIGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + ch <- genesisResult{ + module.ExportGenesis(ctx, cdc), nil +} + +}(module, channels[moduleName]) +} + +} + genesisData := make(map[string]json.RawMessage) + for moduleName := range channels { + res := <-channels[moduleName] + if res.err != nil { + return nil, fmt.Errorf("genesis export error in %s: %w", moduleName, res.err) +} + +genesisData[moduleName] = res.bz +} + +return genesisData, nil +} + +// checkModulesExists verifies that all modules in the list exist in the app +func (m *Manager) + +checkModulesExists(moduleName []string) + +error { + for _, name := range moduleName { + if _, ok := m.Modules[name]; !ok { + return fmt.Errorf("module %s does not exist", name) +} + +} + +return nil +} + +// assertNoForgottenModules checks that we didn't forget any modules in the SetOrder* functions. +// `pass` is a closure which allows one to omit modules from `moduleNames`. +// If you provide non-nil `pass` and it returns true, the module would not be subject of the assertion. +func (m *Manager) + +assertNoForgottenModules(setOrderFnName string, moduleNames []string, pass func(moduleName string) + +bool) { + ms := make(map[string]bool) + for _, m := range moduleNames { + ms[m] = true +} + +var missing []string + for m := range m.Modules { + if pass != nil && pass(m) { + continue +} + if !ms[m] { + missing = append(missing, m) +} + +} + if len(missing) != 0 { + sort.Strings(missing) + +panic(fmt.Sprintf( + "all modules must be defined when setting %s, missing: %v", setOrderFnName, missing)) +} +} + +// MigrationHandler is the migration function that each module registers. +type MigrationHandler func(sdk.Context) + +error + +// VersionMap is a map of moduleName -> version +type VersionMap map[string]uint64 + +// RunMigrations performs in-place store migrations for all modules. This +// function MUST be called insde an x/upgrade UpgradeHandler. +// +// Recall that in an upgrade handler, the `fromVM` VersionMap is retrieved from +// x/upgrade's store, and the function needs to return the target VersionMap +// that will in turn be persisted to the x/upgrade's store. In general, +// returning RunMigrations should be enough: +// +// Example: +// +// cfg := module.NewConfigurator(...) +// app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx context.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { +// return app.mm.RunMigrations(ctx, cfg, fromVM) +// +}) +// +// Internally, RunMigrations will perform the following steps: +// - create an `updatedVM` VersionMap of module with their latest ConsensusVersion +// - make a diff of `fromVM` and `udpatedVM`, and for each module: +// - if the module's `fromVM` version is less than its `updatedVM` version, +// then run in-place store migrations for that module between those versions. +// - if the module does not exist in the `fromVM` (which means that it's a new module, +// because it was not in the previous x/upgrade's store), then run +// `InitGenesis` on that module. +// +// - return the `updatedVM` to be persisted in the x/upgrade's store. +// +// Migrations are run in an order defined by `Manager.OrderMigrations` or (if not set) + +defined by +// `DefaultMigrationsOrder` function. +// +// As an app developer, if you wish to skip running InitGenesis for your new +// module "foo", you need to manually pass a `fromVM` argument to this function +// foo's module version set to its latest ConsensusVersion. That way, the diff +// between the function's `fromVM` and `udpatedVM` will be empty, hence not +// running anything for foo. +// +// Example: +// +// cfg := module.NewConfigurator(...) +// app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx context.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { +// // Assume "foo" is a new module. +// // `fromVM` is fetched from existing x/upgrade store. Since foo didn't exist +// // before this upgrade, `v, exists := fromVM["foo"]; exists == false`, and RunMigration will by default +// // run InitGenesis on foo. +// // To skip running foo's InitGenesis, you need set `fromVM`'s foo to its latest +// // consensus version: +// fromVM["foo"] = foo.AppModule{ +}.ConsensusVersion() +// +// return app.mm.RunMigrations(ctx, cfg, fromVM) +// +}) +// +// Please also refer to https://docs.cosmos.network/main/core/upgrade for more information. +func (m Manager) + +RunMigrations(ctx context.Context, cfg Configurator, fromVM VersionMap) (VersionMap, error) { + c, ok := cfg.(*configurator) + if !ok { + return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidType, "expected %T, got %T", &configurator{ +}, cfg) +} + modules := m.OrderMigrations + if modules == nil { + modules = DefaultMigrationsOrder(m.ModuleNames()) +} + sdkCtx := sdk.UnwrapSDKContext(ctx) + updatedVM := VersionMap{ +} + for _, moduleName := range modules { + module := m.Modules[moduleName] + fromVersion, exists := fromVM[moduleName] + toVersion := uint64(0) + if module, ok := module.(HasConsensusVersion); ok { + toVersion = module.ConsensusVersion() +} + + // We run migration if the module is specified in `fromVM`. + // Otherwise we run InitGenesis. + // + // The module won't exist in the fromVM in two cases: + // 1. A new module is added. In this case we run InitGenesis with an + // empty genesis state. + // 2. An existing chain is upgrading from version < 0.43 to v0.43+ for the first time. + // In this case, all modules have yet to be added to x/upgrade's VersionMap store. + if exists { + err := c.runModuleMigrations(sdkCtx, moduleName, fromVersion, toVersion) + if err != nil { + return nil, err +} + +} + +else { + sdkCtx.Logger().Info(fmt.Sprintf("adding a new module: %s", moduleName)) + if module, ok := m.Modules[moduleName].(HasGenesis); ok { + module.InitGenesis(sdkCtx, c.cdc, module.DefaultGenesis(c.cdc)) +} + if module, ok := m.Modules[moduleName].(HasABCIGenesis); ok { + moduleValUpdates := module.InitGenesis(sdkCtx, c.cdc, module.DefaultGenesis(c.cdc)) + // The module manager assumes only one module will update the + // validator set, and it can't be a new module. + if len(moduleValUpdates) > 0 { + return nil, errorsmod.Wrapf(sdkerrors.ErrLogic, "validator InitGenesis update is already set by another module") +} + +} + +} + +updatedVM[moduleName] = toVersion +} + +return updatedVM, nil +} + +// PreBlock performs begin block functionality for upgrade module. +// It takes the current context as a parameter and returns a boolean value +// indicating whether the migration was successfully executed or not. +func (m *Manager) + +PreBlock(ctx sdk.Context) (*sdk.ResponsePreBlock, error) { + paramsChanged := false + for _, moduleName := range m.OrderPreBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasPreBlocker); ok { + rsp, err := module.PreBlock(ctx) + if err != nil { + return nil, err +} + if rsp.IsConsensusParamsChanged() { + paramsChanged = true +} + +} + +} + +return &sdk.ResponsePreBlock{ + ConsensusParamsChanged: paramsChanged, +}, nil +} + +// BeginBlock performs begin block functionality for all modules. It creates a +// child context with an event manager to aggregate events emitted from all +// modules. +func (m *Manager) + +BeginBlock(ctx sdk.Context) (sdk.BeginBlock, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + for _, moduleName := range m.OrderBeginBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasBeginBlocker); ok { + if err := module.BeginBlock(ctx); err != nil { + return sdk.BeginBlock{ +}, err +} + +} + +} + +return sdk.BeginBlock{ + Events: ctx.EventManager().ABCIEvents(), +}, nil +} + +// EndBlock performs end block functionality for all modules. It creates a +// child context with an event manager to aggregate events emitted from all +// modules. +func (m *Manager) + +EndBlock(ctx sdk.Context) (sdk.EndBlock, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + validatorUpdates := []abci.ValidatorUpdate{ +} + for _, moduleName := range m.OrderEndBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasEndBlocker); ok { + err := module.EndBlock(ctx) + if err != nil { + return sdk.EndBlock{ +}, err +} + +} + +else if module, ok := m.Modules[moduleName].(HasABCIEndBlock); ok { + moduleValUpdates, err := module.EndBlock(ctx) + if err != nil { + return sdk.EndBlock{ +}, err +} + // use these validator updates if provided, the module manager assumes + // only one module will update the validator set + if len(moduleValUpdates) > 0 { + if len(validatorUpdates) > 0 { + return sdk.EndBlock{ +}, errors.New("validator EndBlock updates already set by a previous module") +} + for _, updates := range moduleValUpdates { + validatorUpdates = append(validatorUpdates, abci.ValidatorUpdate{ + PubKey: updates.PubKey, + Power: updates.Power +}) +} + +} + +} + +else { + continue +} + +} + +return sdk.EndBlock{ + ValidatorUpdates: validatorUpdates, + Events: ctx.EventManager().ABCIEvents(), +}, nil +} + +// Precommit performs precommit functionality for all modules. +func (m *Manager) + +Precommit(ctx sdk.Context) + +error { + for _, moduleName := range m.OrderPrecommiters { + module, ok := m.Modules[moduleName].(appmodule.HasPrecommit) + if !ok { + continue +} + if err := module.Precommit(ctx); err != nil { + return err +} + +} + +return nil +} + +// PrepareCheckState performs functionality for preparing the check state for all modules. +func (m *Manager) + +PrepareCheckState(ctx sdk.Context) + +error { + for _, moduleName := range m.OrderPrepareCheckStaters { + module, ok := m.Modules[moduleName].(appmodule.HasPrepareCheckState) + if !ok { + continue +} + if err := module.PrepareCheckState(ctx); err != nil { + return err +} + +} + +return nil +} + +// GetVersionMap gets consensus version from all modules +func (m *Manager) + +GetVersionMap() + +VersionMap { + vermap := make(VersionMap) + for name, v := range m.Modules { + version := uint64(0) + if v, ok := v.(HasConsensusVersion); ok { + version = v.ConsensusVersion() +} + +vermap[name] = version +} + +return vermap +} + +// ModuleNames returns list of all module names, without any particular order. +func (m *Manager) + +ModuleNames() []string { + return slices.Collect(maps.Keys(m.Modules)) +} + +// DefaultMigrationsOrder returns a default migrations order: ascending alphabetical by module name, +// except x/auth which will run last, see: +// https://github.com/cosmos/cosmos-sdk/issues/10591 +func DefaultMigrationsOrder(modules []string) []string { + const authName = "auth" + out := make([]string, 0, len(modules)) + hasAuth := false + for _, m := range modules { + if m == authName { + hasAuth = true +} + +else { + out = append(out, m) +} + +} + +sort.Strings(out) + if hasAuth { + out = append(out, authName) +} + +return out +} +``` + +* `RegisterInvariants(sdk.InvariantRegistry)`: Registers the [`invariants`](/docs/sdk/vnext/build/building-modules/invariants) of the module. If an invariant deviates from its predicted value, the [`InvariantRegistry`](/docs/sdk/vnext/build/building-modules/invariants#registry) triggers appropriate logic (most often the chain will be halted). + +### `HasServices` + +This interface defines one method. It allows checking if a module can register services. + +#### `appmodule.HasService` + +```go expandable +package appmodule + +import ( + + "context" + "google.golang.org/grpc" + "cosmossdk.io/depinject" +) + +// AppModule is a tag interface for app module implementations to use as a basis +// for extension interfaces. It provides no functionality itself, but is the +// type that all valid app modules should provide so that they can be identified +// by other modules (usually via depinject) + +as app modules. +type AppModule interface { + depinject.OnePerModuleType + + // IsAppModule is a dummy method to tag a struct as implementing an AppModule. + IsAppModule() +} + +// HasServices is the extension interface that modules should implement to register +// implementations of services defined in .proto files. +type HasServices interface { + AppModule + + // RegisterServices registers the module's services with the app's service + // registrar. + // + // Two types of services are currently supported: + // - read-only gRPC query services, which are the default. + // - transaction message services, which must have the protobuf service + // option "cosmos.msg.v1.service" (defined in "cosmos/msg/v1/service.proto") + // set to true. + // + // The service registrar will figure out which type of service you are + // implementing based on the presence (or absence) + +of protobuf options. You + // do not need to specify this in golang code. + RegisterServices(grpc.ServiceRegistrar) + +error +} + +// HasPrepareCheckState is an extension interface that contains information about the AppModule +// and PrepareCheckState. +type HasPrepareCheckState interface { + AppModule + PrepareCheckState(context.Context) + +error +} + +// HasPrecommit is an extension interface that contains information about the AppModule and Precommit. +type HasPrecommit interface { + AppModule + Precommit(context.Context) + +error +} + +// HasBeginBlocker is the extension interface that modules should implement to run +// custom logic before transaction processing in a block. +type HasBeginBlocker interface { + AppModule + + // BeginBlock is a method that will be run before transactions are processed in + // a block. + BeginBlock(context.Context) + +error +} + +// HasEndBlocker is the extension interface that modules should implement to run +// custom logic after transaction processing in a block. +type HasEndBlocker interface { + AppModule + + // EndBlock is a method that will be run after transactions are processed in + // a block. + EndBlock(context.Context) + +error +} +``` + +#### `module.HasServices` + +```go expandable +/* +Package module contains application module patterns and associated "manager" functionality. +The module pattern has been broken down by: + - independent module functionality (AppModuleBasic) + - inter-dependent module simulation functionality (AppModuleSimulation) + - inter-dependent module full functionality (AppModule) + +inter-dependent module functionality is module functionality which somehow +depends on other modules, typically through the module keeper. Many of the +module keepers are dependent on each other, thus in order to access the full +set of module functionality we need to define all the keepers/params-store/keys +etc. This full set of advanced functionality is defined by the AppModule interface. + +Independent module functions are separated to allow for the construction of the +basic application structures required early on in the application definition +and used to enable the definition of full module functionality later in the +process. This separation is necessary, however we still want to allow for a +high level pattern for modules to follow - for instance, such that we don't +have to manually register all of the codecs for all the modules. This basic +procedure as well as other basic patterns are handled through the use of +BasicManager. + +Lastly the interface for genesis functionality (HasGenesis & HasABCIGenesis) + +has been +separated out from full module functionality (AppModule) + +so that modules which +are only used for genesis can take advantage of the Module patterns without +needlessly defining many placeholder functions +*/ +package module + +import ( + + "context" + "encoding/json" + "errors" + "fmt" + "maps" + "slices" + "sort" + + abci "github.com/cometbft/cometbft/abci/types" + "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/spf13/cobra" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/core/genesis" + errorsmod "cosmossdk.io/errors" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" +) + +// AppModuleBasic is the standard form for basic non-dependant elements of an application module. +type AppModuleBasic interface { + HasName + RegisterLegacyAminoCodec(*codec.LegacyAmino) + +RegisterInterfaces(types.InterfaceRegistry) + +RegisterGRPCGatewayRoutes(client.Context, *runtime.ServeMux) +} + +// HasName allows the module to provide its own name for legacy purposes. +// Newer apps should specify the name for their modules using a map +// using NewManagerFromMap. +type HasName interface { + Name() + +string +} + +// HasGenesisBasics is the legacy interface for stateless genesis methods. +type HasGenesisBasics interface { + DefaultGenesis(codec.JSONCodec) + +json.RawMessage + ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage) + +error +} + +// BasicManager is a collection of AppModuleBasic +type BasicManager map[string]AppModuleBasic + +// NewBasicManager creates a new BasicManager object +func NewBasicManager(modules ...AppModuleBasic) + +BasicManager { + moduleMap := make(map[string]AppModuleBasic) + for _, module := range modules { + moduleMap[module.Name()] = module +} + +return moduleMap +} + +// NewBasicManagerFromManager creates a new BasicManager from a Manager +// The BasicManager will contain all AppModuleBasic from the AppModule Manager +// Module's AppModuleBasic can be overridden by passing a custom AppModuleBasic map +func NewBasicManagerFromManager(manager *Manager, customModuleBasics map[string]AppModuleBasic) + +BasicManager { + moduleMap := make(map[string]AppModuleBasic) + for name, module := range manager.Modules { + if customBasicMod, ok := customModuleBasics[name]; ok { + moduleMap[name] = customBasicMod + continue +} + if appModule, ok := module.(appmodule.AppModule); ok { + moduleMap[name] = CoreAppModuleBasicAdaptor(name, appModule) + +continue +} + if basicMod, ok := module.(AppModuleBasic); ok { + moduleMap[name] = basicMod +} + +} + +return moduleMap +} + +// RegisterLegacyAminoCodec registers all module codecs +func (bm BasicManager) + +RegisterLegacyAminoCodec(cdc *codec.LegacyAmino) { + for _, b := range bm { + b.RegisterLegacyAminoCodec(cdc) +} +} + +// RegisterInterfaces registers all module interface types +func (bm BasicManager) + +RegisterInterfaces(registry types.InterfaceRegistry) { + for _, m := range bm { + m.RegisterInterfaces(registry) +} +} + +// DefaultGenesis provides default genesis information for all modules +func (bm BasicManager) + +DefaultGenesis(cdc codec.JSONCodec) + +map[string]json.RawMessage { + genesisData := make(map[string]json.RawMessage) + for _, b := range bm { + if mod, ok := b.(HasGenesisBasics); ok { + genesisData[b.Name()] = mod.DefaultGenesis(cdc) +} + +} + +return genesisData +} + +// ValidateGenesis performs genesis state validation for all modules +func (bm BasicManager) + +ValidateGenesis(cdc codec.JSONCodec, txEncCfg client.TxEncodingConfig, genesisData map[string]json.RawMessage) + +error { + for _, b := range bm { + // first check if the module is an adapted Core API Module + if mod, ok := b.(HasGenesisBasics); ok { + if err := mod.ValidateGenesis(cdc, txEncCfg, genesisData[b.Name()]); err != nil { + return err +} + +} + +} + +return nil +} + +// RegisterGRPCGatewayRoutes registers all module rest routes +func (bm BasicManager) + +RegisterGRPCGatewayRoutes(clientCtx client.Context, rtr *runtime.ServeMux) { + for _, b := range bm { + b.RegisterGRPCGatewayRoutes(clientCtx, rtr) +} +} + +// AddTxCommands adds all tx commands to the rootTxCmd. +func (bm BasicManager) + +AddTxCommands(rootTxCmd *cobra.Command) { + for _, b := range bm { + if mod, ok := b.(interface { + GetTxCmd() *cobra.Command +}); ok { + if cmd := mod.GetTxCmd(); cmd != nil { + rootTxCmd.AddCommand(cmd) +} + +} + +} +} + +// AddQueryCommands adds all query commands to the rootQueryCmd. +func (bm BasicManager) + +AddQueryCommands(rootQueryCmd *cobra.Command) { + for _, b := range bm { + if mod, ok := b.(interface { + GetQueryCmd() *cobra.Command +}); ok { + if cmd := mod.GetQueryCmd(); cmd != nil { + rootQueryCmd.AddCommand(cmd) +} + +} + +} +} + +// HasGenesis is the extension interface for stateful genesis methods. +type HasGenesis interface { + HasGenesisBasics + InitGenesis(sdk.Context, codec.JSONCodec, json.RawMessage) + +ExportGenesis(sdk.Context, codec.JSONCodec) + +json.RawMessage +} + +// HasABCIGenesis is the extension interface for stateful genesis methods which returns validator updates. +type HasABCIGenesis interface { + HasGenesisBasics + InitGenesis(sdk.Context, codec.JSONCodec, json.RawMessage) []abci.ValidatorUpdate + ExportGenesis(sdk.Context, codec.JSONCodec) + +json.RawMessage +} + +// AppModule is the form for an application module. Most of +// its functionality has been moved to extension interfaces. +// Deprecated: use appmodule.AppModule with a combination of extension interfaes interfaces instead. +type AppModule interface { + appmodule.AppModule + + AppModuleBasic +} + +// HasInvariants is the interface for registering invariants. +// +// Deprecated: this will be removed in the next Cosmos SDK release. +type HasInvariants interface { + // RegisterInvariants registers module invariants. + RegisterInvariants(sdk.InvariantRegistry) +} + +// HasServices is the interface for modules to register services. +type HasServices interface { + // RegisterServices allows a module to register services. + RegisterServices(Configurator) +} + +// HasConsensusVersion is the interface for declaring a module consensus version. +type HasConsensusVersion interface { + // ConsensusVersion is a sequence number for state-breaking change of the + // module. It should be incremented on each consensus-breaking change + // introduced by the module. To avoid wrong/empty versions, the initial version + // should be set to 1. + ConsensusVersion() + +uint64 +} + +// HasABCIEndblock is a released typo of HasABCIEndBlock. +// Deprecated: use HasABCIEndBlock instead. +type HasABCIEndblock HasABCIEndBlock + +// HasABCIEndBlock is the interface for modules that need to run code at the end of the block. +type HasABCIEndBlock interface { + AppModule + EndBlock(context.Context) ([]abci.ValidatorUpdate, error) +} + +var ( + _ appmodule.AppModule = (*GenesisOnlyAppModule)(nil) + _ AppModuleBasic = (*GenesisOnlyAppModule)(nil) +) + +// AppModuleGenesis is the standard form for an application module genesis functions +type AppModuleGenesis interface { + AppModuleBasic + HasABCIGenesis +} + +// GenesisOnlyAppModule is an AppModule that only has import/export functionality +type GenesisOnlyAppModule struct { + AppModuleGenesis +} + +// NewGenesisOnlyAppModule creates a new GenesisOnlyAppModule object +func NewGenesisOnlyAppModule(amg AppModuleGenesis) + +GenesisOnlyAppModule { + return GenesisOnlyAppModule{ + AppModuleGenesis: amg, +} +} + +// IsOnePerModuleType implements the depinject.OnePerModuleType interface. +func (GenesisOnlyAppModule) + +IsOnePerModuleType() { +} + +// IsAppModule implements the appmodule.AppModule interface. +func (GenesisOnlyAppModule) + +IsAppModule() { +} + +// RegisterInvariants is a placeholder function register no invariants +func (GenesisOnlyAppModule) + +RegisterInvariants(_ sdk.InvariantRegistry) { +} + +// ConsensusVersion implements AppModule/ConsensusVersion. +func (gam GenesisOnlyAppModule) + +ConsensusVersion() + +uint64 { + return 1 +} + +// Manager defines a module manager that provides the high level utility for managing and executing +// operations for a group of modules +type Manager struct { + Modules map[string]any // interface{ +} + +is used now to support the legacy AppModule as well as new core appmodule.AppModule. + OrderInitGenesis []string + OrderExportGenesis []string + OrderPreBlockers []string + OrderBeginBlockers []string + OrderEndBlockers []string + OrderPrepareCheckStaters []string + OrderPrecommiters []string + OrderMigrations []string +} + +// NewManager creates a new Manager object. +func NewManager(modules ...AppModule) *Manager { + moduleMap := make(map[string]any) + modulesStr := make([]string, 0, len(modules)) + preBlockModulesStr := make([]string, 0) + for _, module := range modules { + if _, ok := module.(appmodule.AppModule); !ok { + panic(fmt.Sprintf("module %s does not implement appmodule.AppModule", module.Name())) +} + +moduleMap[module.Name()] = module + modulesStr = append(modulesStr, module.Name()) + if _, ok := module.(appmodule.HasPreBlocker); ok { + preBlockModulesStr = append(preBlockModulesStr, module.Name()) +} + +} + +return &Manager{ + Modules: moduleMap, + OrderInitGenesis: modulesStr, + OrderExportGenesis: modulesStr, + OrderPreBlockers: preBlockModulesStr, + OrderBeginBlockers: modulesStr, + OrderPrepareCheckStaters: modulesStr, + OrderPrecommiters: modulesStr, + OrderEndBlockers: modulesStr, +} +} + +// NewManagerFromMap creates a new Manager object from a map of module names to module implementations. +// This method should be used for apps and modules which have migrated to the cosmossdk.io/core.appmodule.AppModule API. +func NewManagerFromMap(moduleMap map[string]appmodule.AppModule) *Manager { + simpleModuleMap := make(map[string]any) + modulesStr := make([]string, 0, len(simpleModuleMap)) + preBlockModulesStr := make([]string, 0) + for name, module := range moduleMap { + simpleModuleMap[name] = module + modulesStr = append(modulesStr, name) + if _, ok := module.(appmodule.HasPreBlocker); ok { + preBlockModulesStr = append(preBlockModulesStr, name) +} + +} + + // Sort the modules by name. Given that we are using a map above we can't guarantee the order. + sort.Strings(modulesStr) + +return &Manager{ + Modules: simpleModuleMap, + OrderInitGenesis: modulesStr, + OrderExportGenesis: modulesStr, + OrderPreBlockers: preBlockModulesStr, + OrderBeginBlockers: modulesStr, + OrderEndBlockers: modulesStr, + OrderPrecommiters: modulesStr, + OrderPrepareCheckStaters: modulesStr, +} +} + +// SetOrderInitGenesis sets the order of init genesis calls +func (m *Manager) + +SetOrderInitGenesis(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderInitGenesis", moduleNames, func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasGenesis := module.(appmodule.HasGenesis); hasGenesis { + return !hasGenesis +} + if _, hasABCIGenesis := module.(HasABCIGenesis); hasABCIGenesis { + return !hasABCIGenesis +} + + _, hasGenesis := module.(HasGenesis) + +return !hasGenesis +}) + +m.OrderInitGenesis = moduleNames +} + +// SetOrderExportGenesis sets the order of export genesis calls +func (m *Manager) + +SetOrderExportGenesis(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderExportGenesis", moduleNames, func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasGenesis := module.(appmodule.HasGenesis); hasGenesis { + return !hasGenesis +} + if _, hasABCIGenesis := module.(HasABCIGenesis); hasABCIGenesis { + return !hasABCIGenesis +} + + _, hasGenesis := module.(HasGenesis) + +return !hasGenesis +}) + +m.OrderExportGenesis = moduleNames +} + +// SetOrderPreBlockers sets the order of set pre-blocker calls +func (m *Manager) + +SetOrderPreBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPreBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasBlock := module.(appmodule.HasPreBlocker) + +return !hasBlock +}) + +m.OrderPreBlockers = moduleNames +} + +// SetOrderBeginBlockers sets the order of set begin-blocker calls +func (m *Manager) + +SetOrderBeginBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderBeginBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasBeginBlock := module.(appmodule.HasBeginBlocker) + +return !hasBeginBlock +}) + +m.OrderBeginBlockers = moduleNames +} + +// SetOrderEndBlockers sets the order of set end-blocker calls +func (m *Manager) + +SetOrderEndBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderEndBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasEndBlock := module.(appmodule.HasEndBlocker); hasEndBlock { + return !hasEndBlock +} + + _, hasABCIEndBlock := module.(HasABCIEndBlock) + +return !hasABCIEndBlock +}) + +m.OrderEndBlockers = moduleNames +} + +// SetOrderPrepareCheckStaters sets the order of set prepare-check-stater calls +func (m *Manager) + +SetOrderPrepareCheckStaters(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPrepareCheckStaters", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasPrepareCheckState := module.(appmodule.HasPrepareCheckState) + +return !hasPrepareCheckState +}) + +m.OrderPrepareCheckStaters = moduleNames +} + +// SetOrderPrecommiters sets the order of set precommiter calls +func (m *Manager) + +SetOrderPrecommiters(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPrecommiters", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasPrecommit := module.(appmodule.HasPrecommit) + +return !hasPrecommit +}) + +m.OrderPrecommiters = moduleNames +} + +// SetOrderMigrations sets the order of migrations to be run. If not set +// then migrations will be run with an order defined in `DefaultMigrationsOrder`. +func (m *Manager) + +SetOrderMigrations(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderMigrations", moduleNames, nil) + +m.OrderMigrations = moduleNames +} + +// RegisterInvariants registers all module invariants +// +// Deprecated: this function is a no-op and will be removed in the next release of the Cosmos SDK. +func (m *Manager) + +RegisterInvariants(_ sdk.InvariantRegistry) { +} + +// RegisterServices registers all module services +func (m *Manager) + +RegisterServices(cfg Configurator) + +error { + for _, module := range m.Modules { + if module, ok := module.(HasServices); ok { + module.RegisterServices(cfg) +} + if module, ok := module.(appmodule.HasServices); ok { + err := module.RegisterServices(cfg) + if err != nil { + return err +} + +} + if cfg.Error() != nil { + return cfg.Error() +} + +} + +return nil +} + +// InitGenesis performs init genesis functionality for modules. Exactly one +// module must return a non-empty validator set update to correctly initialize +// the chain. +func (m *Manager) + +InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, genesisData map[string]json.RawMessage) (*abci.ResponseInitChain, error) { + var validatorUpdates []abci.ValidatorUpdate + ctx.Logger().Info("initializing blockchain state from genesis.json") + for _, moduleName := range m.OrderInitGenesis { + if genesisData[moduleName] == nil { + continue +} + mod := m.Modules[moduleName] + // we might get an adapted module, a native core API module or a legacy module + if module, ok := mod.(appmodule.HasGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + // core API genesis + source, err := genesis.SourceFromRawJSON(genesisData[moduleName]) + if err != nil { + return &abci.ResponseInitChain{ +}, err +} + +err = module.InitGenesis(ctx, source) + if err != nil { + return &abci.ResponseInitChain{ +}, err +} + +} + +else if module, ok := mod.(HasGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + +module.InitGenesis(ctx, cdc, genesisData[moduleName]) +} + +else if module, ok := mod.(HasABCIGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + moduleValUpdates := module.InitGenesis(ctx, cdc, genesisData[moduleName]) + + // use these validator updates if provided, the module manager assumes + // only one module will update the validator set + if len(moduleValUpdates) > 0 { + if len(validatorUpdates) > 0 { + return &abci.ResponseInitChain{ +}, errors.New("validator InitGenesis updates already set by a previous module") +} + +validatorUpdates = moduleValUpdates +} + +} + +} + + // a chain must initialize with a non-empty validator set + if len(validatorUpdates) == 0 { + return &abci.ResponseInitChain{ +}, fmt.Errorf("validator set is empty after InitGenesis, please ensure at least one validator is initialized with a delegation greater than or equal to the DefaultPowerReduction (%d)", sdk.DefaultPowerReduction) +} + +return &abci.ResponseInitChain{ + Validators: validatorUpdates, +}, nil +} + +// ExportGenesis performs export genesis functionality for modules +func (m *Manager) + +ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec) (map[string]json.RawMessage, error) { + return m.ExportGenesisForModules(ctx, cdc, []string{ +}) +} + +// ExportGenesisForModules performs export genesis functionality for modules +func (m *Manager) + +ExportGenesisForModules(ctx sdk.Context, cdc codec.JSONCodec, modulesToExport []string) (map[string]json.RawMessage, error) { + if len(modulesToExport) == 0 { + modulesToExport = m.OrderExportGenesis +} + // verify modules exists in app, so that we don't panic in the middle of an export + if err := m.checkModulesExists(modulesToExport); err != nil { + return nil, err +} + +type genesisResult struct { + bz json.RawMessage + err error +} + channels := make(map[string]chan genesisResult) + for _, moduleName := range modulesToExport { + mod := m.Modules[moduleName] + if module, ok := mod.(appmodule.HasGenesis); ok { + // core API genesis + channels[moduleName] = make(chan genesisResult) + +go func(module appmodule.HasGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + target := genesis.RawJSONTarget{ +} + err := module.ExportGenesis(ctx, target.Target()) + if err != nil { + ch <- genesisResult{ + nil, err +} + +return +} + +rawJSON, err := target.JSON() + if err != nil { + ch <- genesisResult{ + nil, err +} + +return +} + +ch <- genesisResult{ + rawJSON, nil +} + +}(module, channels[moduleName]) +} + +else if module, ok := mod.(HasGenesis); ok { + channels[moduleName] = make(chan genesisResult) + +go func(module HasGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + ch <- genesisResult{ + module.ExportGenesis(ctx, cdc), nil +} + +}(module, channels[moduleName]) +} + +else if module, ok := mod.(HasABCIGenesis); ok { + channels[moduleName] = make(chan genesisResult) + +go func(module HasABCIGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + ch <- genesisResult{ + module.ExportGenesis(ctx, cdc), nil +} + +}(module, channels[moduleName]) +} + +} + genesisData := make(map[string]json.RawMessage) + for moduleName := range channels { + res := <-channels[moduleName] + if res.err != nil { + return nil, fmt.Errorf("genesis export error in %s: %w", moduleName, res.err) +} + +genesisData[moduleName] = res.bz +} + +return genesisData, nil +} + +// checkModulesExists verifies that all modules in the list exist in the app +func (m *Manager) + +checkModulesExists(moduleName []string) + +error { + for _, name := range moduleName { + if _, ok := m.Modules[name]; !ok { + return fmt.Errorf("module %s does not exist", name) +} + +} + +return nil +} + +// assertNoForgottenModules checks that we didn't forget any modules in the SetOrder* functions. +// `pass` is a closure which allows one to omit modules from `moduleNames`. +// If you provide non-nil `pass` and it returns true, the module would not be subject of the assertion. +func (m *Manager) + +assertNoForgottenModules(setOrderFnName string, moduleNames []string, pass func(moduleName string) + +bool) { + ms := make(map[string]bool) + for _, m := range moduleNames { + ms[m] = true +} + +var missing []string + for m := range m.Modules { + if pass != nil && pass(m) { + continue +} + if !ms[m] { + missing = append(missing, m) +} + +} + if len(missing) != 0 { + sort.Strings(missing) + +panic(fmt.Sprintf( + "all modules must be defined when setting %s, missing: %v", setOrderFnName, missing)) +} +} + +// MigrationHandler is the migration function that each module registers. +type MigrationHandler func(sdk.Context) + +error + +// VersionMap is a map of moduleName -> version +type VersionMap map[string]uint64 + +// RunMigrations performs in-place store migrations for all modules. This +// function MUST be called insde an x/upgrade UpgradeHandler. +// +// Recall that in an upgrade handler, the `fromVM` VersionMap is retrieved from +// x/upgrade's store, and the function needs to return the target VersionMap +// that will in turn be persisted to the x/upgrade's store. In general, +// returning RunMigrations should be enough: +// +// Example: +// +// cfg := module.NewConfigurator(...) +// app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx context.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { +// return app.mm.RunMigrations(ctx, cfg, fromVM) +// +}) +// +// Internally, RunMigrations will perform the following steps: +// - create an `updatedVM` VersionMap of module with their latest ConsensusVersion +// - make a diff of `fromVM` and `udpatedVM`, and for each module: +// - if the module's `fromVM` version is less than its `updatedVM` version, +// then run in-place store migrations for that module between those versions. +// - if the module does not exist in the `fromVM` (which means that it's a new module, +// because it was not in the previous x/upgrade's store), then run +// `InitGenesis` on that module. +// +// - return the `updatedVM` to be persisted in the x/upgrade's store. +// +// Migrations are run in an order defined by `Manager.OrderMigrations` or (if not set) + +defined by +// `DefaultMigrationsOrder` function. +// +// As an app developer, if you wish to skip running InitGenesis for your new +// module "foo", you need to manually pass a `fromVM` argument to this function +// foo's module version set to its latest ConsensusVersion. That way, the diff +// between the function's `fromVM` and `udpatedVM` will be empty, hence not +// running anything for foo. +// +// Example: +// +// cfg := module.NewConfigurator(...) +// app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx context.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { +// // Assume "foo" is a new module. +// // `fromVM` is fetched from existing x/upgrade store. Since foo didn't exist +// // before this upgrade, `v, exists := fromVM["foo"]; exists == false`, and RunMigration will by default +// // run InitGenesis on foo. +// // To skip running foo's InitGenesis, you need set `fromVM`'s foo to its latest +// // consensus version: +// fromVM["foo"] = foo.AppModule{ +}.ConsensusVersion() +// +// return app.mm.RunMigrations(ctx, cfg, fromVM) +// +}) +// +// Please also refer to https://docs.cosmos.network/main/core/upgrade for more information. +func (m Manager) + +RunMigrations(ctx context.Context, cfg Configurator, fromVM VersionMap) (VersionMap, error) { + c, ok := cfg.(*configurator) + if !ok { + return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidType, "expected %T, got %T", &configurator{ +}, cfg) +} + modules := m.OrderMigrations + if modules == nil { + modules = DefaultMigrationsOrder(m.ModuleNames()) +} + sdkCtx := sdk.UnwrapSDKContext(ctx) + updatedVM := VersionMap{ +} + for _, moduleName := range modules { + module := m.Modules[moduleName] + fromVersion, exists := fromVM[moduleName] + toVersion := uint64(0) + if module, ok := module.(HasConsensusVersion); ok { + toVersion = module.ConsensusVersion() +} + + // We run migration if the module is specified in `fromVM`. + // Otherwise we run InitGenesis. + // + // The module won't exist in the fromVM in two cases: + // 1. A new module is added. In this case we run InitGenesis with an + // empty genesis state. + // 2. An existing chain is upgrading from version < 0.43 to v0.43+ for the first time. + // In this case, all modules have yet to be added to x/upgrade's VersionMap store. + if exists { + err := c.runModuleMigrations(sdkCtx, moduleName, fromVersion, toVersion) + if err != nil { + return nil, err +} + +} + +else { + sdkCtx.Logger().Info(fmt.Sprintf("adding a new module: %s", moduleName)) + if module, ok := m.Modules[moduleName].(HasGenesis); ok { + module.InitGenesis(sdkCtx, c.cdc, module.DefaultGenesis(c.cdc)) +} + if module, ok := m.Modules[moduleName].(HasABCIGenesis); ok { + moduleValUpdates := module.InitGenesis(sdkCtx, c.cdc, module.DefaultGenesis(c.cdc)) + // The module manager assumes only one module will update the + // validator set, and it can't be a new module. + if len(moduleValUpdates) > 0 { + return nil, errorsmod.Wrapf(sdkerrors.ErrLogic, "validator InitGenesis update is already set by another module") +} + +} + +} + +updatedVM[moduleName] = toVersion +} + +return updatedVM, nil +} + +// PreBlock performs begin block functionality for upgrade module. +// It takes the current context as a parameter and returns a boolean value +// indicating whether the migration was successfully executed or not. +func (m *Manager) + +PreBlock(ctx sdk.Context) (*sdk.ResponsePreBlock, error) { + paramsChanged := false + for _, moduleName := range m.OrderPreBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasPreBlocker); ok { + rsp, err := module.PreBlock(ctx) + if err != nil { + return nil, err +} + if rsp.IsConsensusParamsChanged() { + paramsChanged = true +} + +} + +} + +return &sdk.ResponsePreBlock{ + ConsensusParamsChanged: paramsChanged, +}, nil +} + +// BeginBlock performs begin block functionality for all modules. It creates a +// child context with an event manager to aggregate events emitted from all +// modules. +func (m *Manager) + +BeginBlock(ctx sdk.Context) (sdk.BeginBlock, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + for _, moduleName := range m.OrderBeginBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasBeginBlocker); ok { + if err := module.BeginBlock(ctx); err != nil { + return sdk.BeginBlock{ +}, err +} + +} + +} + +return sdk.BeginBlock{ + Events: ctx.EventManager().ABCIEvents(), +}, nil +} + +// EndBlock performs end block functionality for all modules. It creates a +// child context with an event manager to aggregate events emitted from all +// modules. +func (m *Manager) + +EndBlock(ctx sdk.Context) (sdk.EndBlock, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + validatorUpdates := []abci.ValidatorUpdate{ +} + for _, moduleName := range m.OrderEndBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasEndBlocker); ok { + err := module.EndBlock(ctx) + if err != nil { + return sdk.EndBlock{ +}, err +} + +} + +else if module, ok := m.Modules[moduleName].(HasABCIEndBlock); ok { + moduleValUpdates, err := module.EndBlock(ctx) + if err != nil { + return sdk.EndBlock{ +}, err +} + // use these validator updates if provided, the module manager assumes + // only one module will update the validator set + if len(moduleValUpdates) > 0 { + if len(validatorUpdates) > 0 { + return sdk.EndBlock{ +}, errors.New("validator EndBlock updates already set by a previous module") +} + for _, updates := range moduleValUpdates { + validatorUpdates = append(validatorUpdates, abci.ValidatorUpdate{ + PubKey: updates.PubKey, + Power: updates.Power +}) +} + +} + +} + +else { + continue +} + +} + +return sdk.EndBlock{ + ValidatorUpdates: validatorUpdates, + Events: ctx.EventManager().ABCIEvents(), +}, nil +} + +// Precommit performs precommit functionality for all modules. +func (m *Manager) + +Precommit(ctx sdk.Context) + +error { + for _, moduleName := range m.OrderPrecommiters { + module, ok := m.Modules[moduleName].(appmodule.HasPrecommit) + if !ok { + continue +} + if err := module.Precommit(ctx); err != nil { + return err +} + +} + +return nil +} + +// PrepareCheckState performs functionality for preparing the check state for all modules. +func (m *Manager) + +PrepareCheckState(ctx sdk.Context) + +error { + for _, moduleName := range m.OrderPrepareCheckStaters { + module, ok := m.Modules[moduleName].(appmodule.HasPrepareCheckState) + if !ok { + continue +} + if err := module.PrepareCheckState(ctx); err != nil { + return err +} + +} + +return nil +} + +// GetVersionMap gets consensus version from all modules +func (m *Manager) + +GetVersionMap() + +VersionMap { + vermap := make(VersionMap) + for name, v := range m.Modules { + version := uint64(0) + if v, ok := v.(HasConsensusVersion); ok { + version = v.ConsensusVersion() +} + +vermap[name] = version +} + +return vermap +} + +// ModuleNames returns list of all module names, without any particular order. +func (m *Manager) + +ModuleNames() []string { + return slices.Collect(maps.Keys(m.Modules)) +} + +// DefaultMigrationsOrder returns a default migrations order: ascending alphabetical by module name, +// except x/auth which will run last, see: +// https://github.com/cosmos/cosmos-sdk/issues/10591 +func DefaultMigrationsOrder(modules []string) []string { + const authName = "auth" + out := make([]string, 0, len(modules)) + hasAuth := false + for _, m := range modules { + if m == authName { + hasAuth = true +} + +else { + out = append(out, m) +} + +} + +sort.Strings(out) + if hasAuth { + out = append(out, authName) +} + +return out +} +``` + +* `RegisterServices(Configurator)`: Allows a module to register services. + +### `HasConsensusVersion` + +This interface defines one method for checking a module consensus version. + +```go expandable +/* +Package module contains application module patterns and associated "manager" functionality. +The module pattern has been broken down by: + - independent module functionality (AppModuleBasic) + - inter-dependent module simulation functionality (AppModuleSimulation) + - inter-dependent module full functionality (AppModule) + +inter-dependent module functionality is module functionality which somehow +depends on other modules, typically through the module keeper. Many of the +module keepers are dependent on each other, thus in order to access the full +set of module functionality we need to define all the keepers/params-store/keys +etc. This full set of advanced functionality is defined by the AppModule interface. + +Independent module functions are separated to allow for the construction of the +basic application structures required early on in the application definition +and used to enable the definition of full module functionality later in the +process. This separation is necessary, however we still want to allow for a +high level pattern for modules to follow - for instance, such that we don't +have to manually register all of the codecs for all the modules. This basic +procedure as well as other basic patterns are handled through the use of +BasicManager. + +Lastly the interface for genesis functionality (HasGenesis & HasABCIGenesis) + +has been +separated out from full module functionality (AppModule) + +so that modules which +are only used for genesis can take advantage of the Module patterns without +needlessly defining many placeholder functions +*/ +package module + +import ( + + "context" + "encoding/json" + "errors" + "fmt" + "maps" + "slices" + "sort" + + abci "github.com/cometbft/cometbft/abci/types" + "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/spf13/cobra" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/core/genesis" + errorsmod "cosmossdk.io/errors" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" +) + +// AppModuleBasic is the standard form for basic non-dependant elements of an application module. +type AppModuleBasic interface { + HasName + RegisterLegacyAminoCodec(*codec.LegacyAmino) + +RegisterInterfaces(types.InterfaceRegistry) + +RegisterGRPCGatewayRoutes(client.Context, *runtime.ServeMux) +} + +// HasName allows the module to provide its own name for legacy purposes. +// Newer apps should specify the name for their modules using a map +// using NewManagerFromMap. +type HasName interface { + Name() + +string +} + +// HasGenesisBasics is the legacy interface for stateless genesis methods. +type HasGenesisBasics interface { + DefaultGenesis(codec.JSONCodec) + +json.RawMessage + ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage) + +error +} + +// BasicManager is a collection of AppModuleBasic +type BasicManager map[string]AppModuleBasic + +// NewBasicManager creates a new BasicManager object +func NewBasicManager(modules ...AppModuleBasic) + +BasicManager { + moduleMap := make(map[string]AppModuleBasic) + for _, module := range modules { + moduleMap[module.Name()] = module +} + +return moduleMap +} + +// NewBasicManagerFromManager creates a new BasicManager from a Manager +// The BasicManager will contain all AppModuleBasic from the AppModule Manager +// Module's AppModuleBasic can be overridden by passing a custom AppModuleBasic map +func NewBasicManagerFromManager(manager *Manager, customModuleBasics map[string]AppModuleBasic) + +BasicManager { + moduleMap := make(map[string]AppModuleBasic) + for name, module := range manager.Modules { + if customBasicMod, ok := customModuleBasics[name]; ok { + moduleMap[name] = customBasicMod + continue +} + if appModule, ok := module.(appmodule.AppModule); ok { + moduleMap[name] = CoreAppModuleBasicAdaptor(name, appModule) + +continue +} + if basicMod, ok := module.(AppModuleBasic); ok { + moduleMap[name] = basicMod +} + +} + +return moduleMap +} + +// RegisterLegacyAminoCodec registers all module codecs +func (bm BasicManager) + +RegisterLegacyAminoCodec(cdc *codec.LegacyAmino) { + for _, b := range bm { + b.RegisterLegacyAminoCodec(cdc) +} +} + +// RegisterInterfaces registers all module interface types +func (bm BasicManager) + +RegisterInterfaces(registry types.InterfaceRegistry) { + for _, m := range bm { + m.RegisterInterfaces(registry) +} +} + +// DefaultGenesis provides default genesis information for all modules +func (bm BasicManager) + +DefaultGenesis(cdc codec.JSONCodec) + +map[string]json.RawMessage { + genesisData := make(map[string]json.RawMessage) + for _, b := range bm { + if mod, ok := b.(HasGenesisBasics); ok { + genesisData[b.Name()] = mod.DefaultGenesis(cdc) +} + +} + +return genesisData +} + +// ValidateGenesis performs genesis state validation for all modules +func (bm BasicManager) + +ValidateGenesis(cdc codec.JSONCodec, txEncCfg client.TxEncodingConfig, genesisData map[string]json.RawMessage) + +error { + for _, b := range bm { + // first check if the module is an adapted Core API Module + if mod, ok := b.(HasGenesisBasics); ok { + if err := mod.ValidateGenesis(cdc, txEncCfg, genesisData[b.Name()]); err != nil { + return err +} + +} + +} + +return nil +} + +// RegisterGRPCGatewayRoutes registers all module rest routes +func (bm BasicManager) + +RegisterGRPCGatewayRoutes(clientCtx client.Context, rtr *runtime.ServeMux) { + for _, b := range bm { + b.RegisterGRPCGatewayRoutes(clientCtx, rtr) +} +} + +// AddTxCommands adds all tx commands to the rootTxCmd. +func (bm BasicManager) + +AddTxCommands(rootTxCmd *cobra.Command) { + for _, b := range bm { + if mod, ok := b.(interface { + GetTxCmd() *cobra.Command +}); ok { + if cmd := mod.GetTxCmd(); cmd != nil { + rootTxCmd.AddCommand(cmd) +} + +} + +} +} + +// AddQueryCommands adds all query commands to the rootQueryCmd. +func (bm BasicManager) + +AddQueryCommands(rootQueryCmd *cobra.Command) { + for _, b := range bm { + if mod, ok := b.(interface { + GetQueryCmd() *cobra.Command +}); ok { + if cmd := mod.GetQueryCmd(); cmd != nil { + rootQueryCmd.AddCommand(cmd) +} + +} + +} +} + +// HasGenesis is the extension interface for stateful genesis methods. +type HasGenesis interface { + HasGenesisBasics + InitGenesis(sdk.Context, codec.JSONCodec, json.RawMessage) + +ExportGenesis(sdk.Context, codec.JSONCodec) + +json.RawMessage +} + +// HasABCIGenesis is the extension interface for stateful genesis methods which returns validator updates. +type HasABCIGenesis interface { + HasGenesisBasics + InitGenesis(sdk.Context, codec.JSONCodec, json.RawMessage) []abci.ValidatorUpdate + ExportGenesis(sdk.Context, codec.JSONCodec) + +json.RawMessage +} + +// AppModule is the form for an application module. Most of +// its functionality has been moved to extension interfaces. +// Deprecated: use appmodule.AppModule with a combination of extension interfaes interfaces instead. +type AppModule interface { + appmodule.AppModule + + AppModuleBasic +} + +// HasInvariants is the interface for registering invariants. +// +// Deprecated: this will be removed in the next Cosmos SDK release. +type HasInvariants interface { + // RegisterInvariants registers module invariants. + RegisterInvariants(sdk.InvariantRegistry) +} + +// HasServices is the interface for modules to register services. +type HasServices interface { + // RegisterServices allows a module to register services. + RegisterServices(Configurator) +} + +// HasConsensusVersion is the interface for declaring a module consensus version. +type HasConsensusVersion interface { + // ConsensusVersion is a sequence number for state-breaking change of the + // module. It should be incremented on each consensus-breaking change + // introduced by the module. To avoid wrong/empty versions, the initial version + // should be set to 1. + ConsensusVersion() + +uint64 +} + +// HasABCIEndblock is a released typo of HasABCIEndBlock. +// Deprecated: use HasABCIEndBlock instead. +type HasABCIEndblock HasABCIEndBlock + +// HasABCIEndBlock is the interface for modules that need to run code at the end of the block. +type HasABCIEndBlock interface { + AppModule + EndBlock(context.Context) ([]abci.ValidatorUpdate, error) +} + +var ( + _ appmodule.AppModule = (*GenesisOnlyAppModule)(nil) + _ AppModuleBasic = (*GenesisOnlyAppModule)(nil) +) + +// AppModuleGenesis is the standard form for an application module genesis functions +type AppModuleGenesis interface { + AppModuleBasic + HasABCIGenesis +} + +// GenesisOnlyAppModule is an AppModule that only has import/export functionality +type GenesisOnlyAppModule struct { + AppModuleGenesis +} + +// NewGenesisOnlyAppModule creates a new GenesisOnlyAppModule object +func NewGenesisOnlyAppModule(amg AppModuleGenesis) + +GenesisOnlyAppModule { + return GenesisOnlyAppModule{ + AppModuleGenesis: amg, +} +} + +// IsOnePerModuleType implements the depinject.OnePerModuleType interface. +func (GenesisOnlyAppModule) + +IsOnePerModuleType() { +} + +// IsAppModule implements the appmodule.AppModule interface. +func (GenesisOnlyAppModule) + +IsAppModule() { +} + +// RegisterInvariants is a placeholder function register no invariants +func (GenesisOnlyAppModule) + +RegisterInvariants(_ sdk.InvariantRegistry) { +} + +// ConsensusVersion implements AppModule/ConsensusVersion. +func (gam GenesisOnlyAppModule) + +ConsensusVersion() + +uint64 { + return 1 +} + +// Manager defines a module manager that provides the high level utility for managing and executing +// operations for a group of modules +type Manager struct { + Modules map[string]any // interface{ +} + +is used now to support the legacy AppModule as well as new core appmodule.AppModule. + OrderInitGenesis []string + OrderExportGenesis []string + OrderPreBlockers []string + OrderBeginBlockers []string + OrderEndBlockers []string + OrderPrepareCheckStaters []string + OrderPrecommiters []string + OrderMigrations []string +} + +// NewManager creates a new Manager object. +func NewManager(modules ...AppModule) *Manager { + moduleMap := make(map[string]any) + modulesStr := make([]string, 0, len(modules)) + preBlockModulesStr := make([]string, 0) + for _, module := range modules { + if _, ok := module.(appmodule.AppModule); !ok { + panic(fmt.Sprintf("module %s does not implement appmodule.AppModule", module.Name())) +} + +moduleMap[module.Name()] = module + modulesStr = append(modulesStr, module.Name()) + if _, ok := module.(appmodule.HasPreBlocker); ok { + preBlockModulesStr = append(preBlockModulesStr, module.Name()) +} + +} + +return &Manager{ + Modules: moduleMap, + OrderInitGenesis: modulesStr, + OrderExportGenesis: modulesStr, + OrderPreBlockers: preBlockModulesStr, + OrderBeginBlockers: modulesStr, + OrderPrepareCheckStaters: modulesStr, + OrderPrecommiters: modulesStr, + OrderEndBlockers: modulesStr, +} +} + +// NewManagerFromMap creates a new Manager object from a map of module names to module implementations. +// This method should be used for apps and modules which have migrated to the cosmossdk.io/core.appmodule.AppModule API. +func NewManagerFromMap(moduleMap map[string]appmodule.AppModule) *Manager { + simpleModuleMap := make(map[string]any) + modulesStr := make([]string, 0, len(simpleModuleMap)) + preBlockModulesStr := make([]string, 0) + for name, module := range moduleMap { + simpleModuleMap[name] = module + modulesStr = append(modulesStr, name) + if _, ok := module.(appmodule.HasPreBlocker); ok { + preBlockModulesStr = append(preBlockModulesStr, name) +} + +} + + // Sort the modules by name. Given that we are using a map above we can't guarantee the order. + sort.Strings(modulesStr) + +return &Manager{ + Modules: simpleModuleMap, + OrderInitGenesis: modulesStr, + OrderExportGenesis: modulesStr, + OrderPreBlockers: preBlockModulesStr, + OrderBeginBlockers: modulesStr, + OrderEndBlockers: modulesStr, + OrderPrecommiters: modulesStr, + OrderPrepareCheckStaters: modulesStr, +} +} + +// SetOrderInitGenesis sets the order of init genesis calls +func (m *Manager) + +SetOrderInitGenesis(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderInitGenesis", moduleNames, func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasGenesis := module.(appmodule.HasGenesis); hasGenesis { + return !hasGenesis +} + if _, hasABCIGenesis := module.(HasABCIGenesis); hasABCIGenesis { + return !hasABCIGenesis +} + + _, hasGenesis := module.(HasGenesis) + +return !hasGenesis +}) + +m.OrderInitGenesis = moduleNames +} + +// SetOrderExportGenesis sets the order of export genesis calls +func (m *Manager) + +SetOrderExportGenesis(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderExportGenesis", moduleNames, func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasGenesis := module.(appmodule.HasGenesis); hasGenesis { + return !hasGenesis +} + if _, hasABCIGenesis := module.(HasABCIGenesis); hasABCIGenesis { + return !hasABCIGenesis +} + + _, hasGenesis := module.(HasGenesis) + +return !hasGenesis +}) + +m.OrderExportGenesis = moduleNames +} + +// SetOrderPreBlockers sets the order of set pre-blocker calls +func (m *Manager) + +SetOrderPreBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPreBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasBlock := module.(appmodule.HasPreBlocker) + +return !hasBlock +}) + +m.OrderPreBlockers = moduleNames +} + +// SetOrderBeginBlockers sets the order of set begin-blocker calls +func (m *Manager) + +SetOrderBeginBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderBeginBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasBeginBlock := module.(appmodule.HasBeginBlocker) + +return !hasBeginBlock +}) + +m.OrderBeginBlockers = moduleNames +} + +// SetOrderEndBlockers sets the order of set end-blocker calls +func (m *Manager) + +SetOrderEndBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderEndBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasEndBlock := module.(appmodule.HasEndBlocker); hasEndBlock { + return !hasEndBlock +} + + _, hasABCIEndBlock := module.(HasABCIEndBlock) + +return !hasABCIEndBlock +}) + +m.OrderEndBlockers = moduleNames +} + +// SetOrderPrepareCheckStaters sets the order of set prepare-check-stater calls +func (m *Manager) + +SetOrderPrepareCheckStaters(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPrepareCheckStaters", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasPrepareCheckState := module.(appmodule.HasPrepareCheckState) + +return !hasPrepareCheckState +}) + +m.OrderPrepareCheckStaters = moduleNames +} + +// SetOrderPrecommiters sets the order of set precommiter calls +func (m *Manager) + +SetOrderPrecommiters(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPrecommiters", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasPrecommit := module.(appmodule.HasPrecommit) + +return !hasPrecommit +}) + +m.OrderPrecommiters = moduleNames +} + +// SetOrderMigrations sets the order of migrations to be run. If not set +// then migrations will be run with an order defined in `DefaultMigrationsOrder`. +func (m *Manager) + +SetOrderMigrations(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderMigrations", moduleNames, nil) + +m.OrderMigrations = moduleNames +} + +// RegisterInvariants registers all module invariants +// +// Deprecated: this function is a no-op and will be removed in the next release of the Cosmos SDK. +func (m *Manager) + +RegisterInvariants(_ sdk.InvariantRegistry) { +} + +// RegisterServices registers all module services +func (m *Manager) + +RegisterServices(cfg Configurator) + +error { + for _, module := range m.Modules { + if module, ok := module.(HasServices); ok { + module.RegisterServices(cfg) +} + if module, ok := module.(appmodule.HasServices); ok { + err := module.RegisterServices(cfg) + if err != nil { + return err +} + +} + if cfg.Error() != nil { + return cfg.Error() +} + +} + +return nil +} + +// InitGenesis performs init genesis functionality for modules. Exactly one +// module must return a non-empty validator set update to correctly initialize +// the chain. +func (m *Manager) + +InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, genesisData map[string]json.RawMessage) (*abci.ResponseInitChain, error) { + var validatorUpdates []abci.ValidatorUpdate + ctx.Logger().Info("initializing blockchain state from genesis.json") + for _, moduleName := range m.OrderInitGenesis { + if genesisData[moduleName] == nil { + continue +} + mod := m.Modules[moduleName] + // we might get an adapted module, a native core API module or a legacy module + if module, ok := mod.(appmodule.HasGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + // core API genesis + source, err := genesis.SourceFromRawJSON(genesisData[moduleName]) + if err != nil { + return &abci.ResponseInitChain{ +}, err +} + +err = module.InitGenesis(ctx, source) + if err != nil { + return &abci.ResponseInitChain{ +}, err +} + +} + +else if module, ok := mod.(HasGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + +module.InitGenesis(ctx, cdc, genesisData[moduleName]) +} + +else if module, ok := mod.(HasABCIGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + moduleValUpdates := module.InitGenesis(ctx, cdc, genesisData[moduleName]) + + // use these validator updates if provided, the module manager assumes + // only one module will update the validator set + if len(moduleValUpdates) > 0 { + if len(validatorUpdates) > 0 { + return &abci.ResponseInitChain{ +}, errors.New("validator InitGenesis updates already set by a previous module") +} + +validatorUpdates = moduleValUpdates +} + +} + +} + + // a chain must initialize with a non-empty validator set + if len(validatorUpdates) == 0 { + return &abci.ResponseInitChain{ +}, fmt.Errorf("validator set is empty after InitGenesis, please ensure at least one validator is initialized with a delegation greater than or equal to the DefaultPowerReduction (%d)", sdk.DefaultPowerReduction) +} + +return &abci.ResponseInitChain{ + Validators: validatorUpdates, +}, nil +} + +// ExportGenesis performs export genesis functionality for modules +func (m *Manager) + +ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec) (map[string]json.RawMessage, error) { + return m.ExportGenesisForModules(ctx, cdc, []string{ +}) +} + +// ExportGenesisForModules performs export genesis functionality for modules +func (m *Manager) + +ExportGenesisForModules(ctx sdk.Context, cdc codec.JSONCodec, modulesToExport []string) (map[string]json.RawMessage, error) { + if len(modulesToExport) == 0 { + modulesToExport = m.OrderExportGenesis +} + // verify modules exists in app, so that we don't panic in the middle of an export + if err := m.checkModulesExists(modulesToExport); err != nil { + return nil, err +} + +type genesisResult struct { + bz json.RawMessage + err error +} + channels := make(map[string]chan genesisResult) + for _, moduleName := range modulesToExport { + mod := m.Modules[moduleName] + if module, ok := mod.(appmodule.HasGenesis); ok { + // core API genesis + channels[moduleName] = make(chan genesisResult) + +go func(module appmodule.HasGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + target := genesis.RawJSONTarget{ +} + err := module.ExportGenesis(ctx, target.Target()) + if err != nil { + ch <- genesisResult{ + nil, err +} + +return +} + +rawJSON, err := target.JSON() + if err != nil { + ch <- genesisResult{ + nil, err +} + +return +} + +ch <- genesisResult{ + rawJSON, nil +} + +}(module, channels[moduleName]) +} + +else if module, ok := mod.(HasGenesis); ok { + channels[moduleName] = make(chan genesisResult) + +go func(module HasGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + ch <- genesisResult{ + module.ExportGenesis(ctx, cdc), nil +} + +}(module, channels[moduleName]) +} + +else if module, ok := mod.(HasABCIGenesis); ok { + channels[moduleName] = make(chan genesisResult) + +go func(module HasABCIGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + ch <- genesisResult{ + module.ExportGenesis(ctx, cdc), nil +} + +}(module, channels[moduleName]) +} + +} + genesisData := make(map[string]json.RawMessage) + for moduleName := range channels { + res := <-channels[moduleName] + if res.err != nil { + return nil, fmt.Errorf("genesis export error in %s: %w", moduleName, res.err) +} + +genesisData[moduleName] = res.bz +} + +return genesisData, nil +} + +// checkModulesExists verifies that all modules in the list exist in the app +func (m *Manager) + +checkModulesExists(moduleName []string) + +error { + for _, name := range moduleName { + if _, ok := m.Modules[name]; !ok { + return fmt.Errorf("module %s does not exist", name) +} + +} + +return nil +} + +// assertNoForgottenModules checks that we didn't forget any modules in the SetOrder* functions. +// `pass` is a closure which allows one to omit modules from `moduleNames`. +// If you provide non-nil `pass` and it returns true, the module would not be subject of the assertion. +func (m *Manager) + +assertNoForgottenModules(setOrderFnName string, moduleNames []string, pass func(moduleName string) + +bool) { + ms := make(map[string]bool) + for _, m := range moduleNames { + ms[m] = true +} + +var missing []string + for m := range m.Modules { + if pass != nil && pass(m) { + continue +} + if !ms[m] { + missing = append(missing, m) +} + +} + if len(missing) != 0 { + sort.Strings(missing) + +panic(fmt.Sprintf( + "all modules must be defined when setting %s, missing: %v", setOrderFnName, missing)) +} +} + +// MigrationHandler is the migration function that each module registers. +type MigrationHandler func(sdk.Context) + +error + +// VersionMap is a map of moduleName -> version +type VersionMap map[string]uint64 + +// RunMigrations performs in-place store migrations for all modules. This +// function MUST be called insde an x/upgrade UpgradeHandler. +// +// Recall that in an upgrade handler, the `fromVM` VersionMap is retrieved from +// x/upgrade's store, and the function needs to return the target VersionMap +// that will in turn be persisted to the x/upgrade's store. In general, +// returning RunMigrations should be enough: +// +// Example: +// +// cfg := module.NewConfigurator(...) +// app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx context.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { +// return app.mm.RunMigrations(ctx, cfg, fromVM) +// +}) +// +// Internally, RunMigrations will perform the following steps: +// - create an `updatedVM` VersionMap of module with their latest ConsensusVersion +// - make a diff of `fromVM` and `udpatedVM`, and for each module: +// - if the module's `fromVM` version is less than its `updatedVM` version, +// then run in-place store migrations for that module between those versions. +// - if the module does not exist in the `fromVM` (which means that it's a new module, +// because it was not in the previous x/upgrade's store), then run +// `InitGenesis` on that module. +// +// - return the `updatedVM` to be persisted in the x/upgrade's store. +// +// Migrations are run in an order defined by `Manager.OrderMigrations` or (if not set) + +defined by +// `DefaultMigrationsOrder` function. +// +// As an app developer, if you wish to skip running InitGenesis for your new +// module "foo", you need to manually pass a `fromVM` argument to this function +// foo's module version set to its latest ConsensusVersion. That way, the diff +// between the function's `fromVM` and `udpatedVM` will be empty, hence not +// running anything for foo. +// +// Example: +// +// cfg := module.NewConfigurator(...) +// app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx context.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { +// // Assume "foo" is a new module. +// // `fromVM` is fetched from existing x/upgrade store. Since foo didn't exist +// // before this upgrade, `v, exists := fromVM["foo"]; exists == false`, and RunMigration will by default +// // run InitGenesis on foo. +// // To skip running foo's InitGenesis, you need set `fromVM`'s foo to its latest +// // consensus version: +// fromVM["foo"] = foo.AppModule{ +}.ConsensusVersion() +// +// return app.mm.RunMigrations(ctx, cfg, fromVM) +// +}) +// +// Please also refer to https://docs.cosmos.network/main/core/upgrade for more information. +func (m Manager) + +RunMigrations(ctx context.Context, cfg Configurator, fromVM VersionMap) (VersionMap, error) { + c, ok := cfg.(*configurator) + if !ok { + return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidType, "expected %T, got %T", &configurator{ +}, cfg) +} + modules := m.OrderMigrations + if modules == nil { + modules = DefaultMigrationsOrder(m.ModuleNames()) +} + sdkCtx := sdk.UnwrapSDKContext(ctx) + updatedVM := VersionMap{ +} + for _, moduleName := range modules { + module := m.Modules[moduleName] + fromVersion, exists := fromVM[moduleName] + toVersion := uint64(0) + if module, ok := module.(HasConsensusVersion); ok { + toVersion = module.ConsensusVersion() +} + + // We run migration if the module is specified in `fromVM`. + // Otherwise we run InitGenesis. + // + // The module won't exist in the fromVM in two cases: + // 1. A new module is added. In this case we run InitGenesis with an + // empty genesis state. + // 2. An existing chain is upgrading from version < 0.43 to v0.43+ for the first time. + // In this case, all modules have yet to be added to x/upgrade's VersionMap store. + if exists { + err := c.runModuleMigrations(sdkCtx, moduleName, fromVersion, toVersion) + if err != nil { + return nil, err +} + +} + +else { + sdkCtx.Logger().Info(fmt.Sprintf("adding a new module: %s", moduleName)) + if module, ok := m.Modules[moduleName].(HasGenesis); ok { + module.InitGenesis(sdkCtx, c.cdc, module.DefaultGenesis(c.cdc)) +} + if module, ok := m.Modules[moduleName].(HasABCIGenesis); ok { + moduleValUpdates := module.InitGenesis(sdkCtx, c.cdc, module.DefaultGenesis(c.cdc)) + // The module manager assumes only one module will update the + // validator set, and it can't be a new module. + if len(moduleValUpdates) > 0 { + return nil, errorsmod.Wrapf(sdkerrors.ErrLogic, "validator InitGenesis update is already set by another module") +} + +} + +} + +updatedVM[moduleName] = toVersion +} + +return updatedVM, nil +} + +// PreBlock performs begin block functionality for upgrade module. +// It takes the current context as a parameter and returns a boolean value +// indicating whether the migration was successfully executed or not. +func (m *Manager) + +PreBlock(ctx sdk.Context) (*sdk.ResponsePreBlock, error) { + paramsChanged := false + for _, moduleName := range m.OrderPreBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasPreBlocker); ok { + rsp, err := module.PreBlock(ctx) + if err != nil { + return nil, err +} + if rsp.IsConsensusParamsChanged() { + paramsChanged = true +} + +} + +} + +return &sdk.ResponsePreBlock{ + ConsensusParamsChanged: paramsChanged, +}, nil +} + +// BeginBlock performs begin block functionality for all modules. It creates a +// child context with an event manager to aggregate events emitted from all +// modules. +func (m *Manager) + +BeginBlock(ctx sdk.Context) (sdk.BeginBlock, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + for _, moduleName := range m.OrderBeginBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasBeginBlocker); ok { + if err := module.BeginBlock(ctx); err != nil { + return sdk.BeginBlock{ +}, err +} + +} + +} + +return sdk.BeginBlock{ + Events: ctx.EventManager().ABCIEvents(), +}, nil +} + +// EndBlock performs end block functionality for all modules. It creates a +// child context with an event manager to aggregate events emitted from all +// modules. +func (m *Manager) + +EndBlock(ctx sdk.Context) (sdk.EndBlock, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + validatorUpdates := []abci.ValidatorUpdate{ +} + for _, moduleName := range m.OrderEndBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasEndBlocker); ok { + err := module.EndBlock(ctx) + if err != nil { + return sdk.EndBlock{ +}, err +} + +} + +else if module, ok := m.Modules[moduleName].(HasABCIEndBlock); ok { + moduleValUpdates, err := module.EndBlock(ctx) + if err != nil { + return sdk.EndBlock{ +}, err +} + // use these validator updates if provided, the module manager assumes + // only one module will update the validator set + if len(moduleValUpdates) > 0 { + if len(validatorUpdates) > 0 { + return sdk.EndBlock{ +}, errors.New("validator EndBlock updates already set by a previous module") +} + for _, updates := range moduleValUpdates { + validatorUpdates = append(validatorUpdates, abci.ValidatorUpdate{ + PubKey: updates.PubKey, + Power: updates.Power +}) +} + +} + +} + +else { + continue +} + +} + +return sdk.EndBlock{ + ValidatorUpdates: validatorUpdates, + Events: ctx.EventManager().ABCIEvents(), +}, nil +} + +// Precommit performs precommit functionality for all modules. +func (m *Manager) + +Precommit(ctx sdk.Context) + +error { + for _, moduleName := range m.OrderPrecommiters { + module, ok := m.Modules[moduleName].(appmodule.HasPrecommit) + if !ok { + continue +} + if err := module.Precommit(ctx); err != nil { + return err +} + +} + +return nil +} + +// PrepareCheckState performs functionality for preparing the check state for all modules. +func (m *Manager) + +PrepareCheckState(ctx sdk.Context) + +error { + for _, moduleName := range m.OrderPrepareCheckStaters { + module, ok := m.Modules[moduleName].(appmodule.HasPrepareCheckState) + if !ok { + continue +} + if err := module.PrepareCheckState(ctx); err != nil { + return err +} + +} + +return nil +} + +// GetVersionMap gets consensus version from all modules +func (m *Manager) + +GetVersionMap() + +VersionMap { + vermap := make(VersionMap) + for name, v := range m.Modules { + version := uint64(0) + if v, ok := v.(HasConsensusVersion); ok { + version = v.ConsensusVersion() +} + +vermap[name] = version +} + +return vermap +} + +// ModuleNames returns list of all module names, without any particular order. +func (m *Manager) + +ModuleNames() []string { + return slices.Collect(maps.Keys(m.Modules)) +} + +// DefaultMigrationsOrder returns a default migrations order: ascending alphabetical by module name, +// except x/auth which will run last, see: +// https://github.com/cosmos/cosmos-sdk/issues/10591 +func DefaultMigrationsOrder(modules []string) []string { + const authName = "auth" + out := make([]string, 0, len(modules)) + hasAuth := false + for _, m := range modules { + if m == authName { + hasAuth = true +} + +else { + out = append(out, m) +} + +} + +sort.Strings(out) + if hasAuth { + out = append(out, authName) +} + +return out +} +``` + +* `ConsensusVersion() uint64`: Returns the consensus version of the module. + +### `HasPreBlocker` + +The `HasPreBlocker` is an extension interface from `appmodule.AppModule`. All modules that have an `PreBlock` method implement this interface. + +### `HasBeginBlocker` + +The `HasBeginBlocker` is an extension interface from `appmodule.AppModule`. All modules that have an `BeginBlock` method implement this interface. + +```go expandable +package appmodule + +import ( + + "context" + "google.golang.org/grpc" + "cosmossdk.io/depinject" +) + +// AppModule is a tag interface for app module implementations to use as a basis +// for extension interfaces. It provides no functionality itself, but is the +// type that all valid app modules should provide so that they can be identified +// by other modules (usually via depinject) + +as app modules. +type AppModule interface { + depinject.OnePerModuleType + + // IsAppModule is a dummy method to tag a struct as implementing an AppModule. + IsAppModule() +} + +// HasServices is the extension interface that modules should implement to register +// implementations of services defined in .proto files. +type HasServices interface { + AppModule + + // RegisterServices registers the module's services with the app's service + // registrar. + // + // Two types of services are currently supported: + // - read-only gRPC query services, which are the default. + // - transaction message services, which must have the protobuf service + // option "cosmos.msg.v1.service" (defined in "cosmos/msg/v1/service.proto") + // set to true. + // + // The service registrar will figure out which type of service you are + // implementing based on the presence (or absence) + +of protobuf options. You + // do not need to specify this in golang code. + RegisterServices(grpc.ServiceRegistrar) + +error +} + +// HasPrepareCheckState is an extension interface that contains information about the AppModule +// and PrepareCheckState. +type HasPrepareCheckState interface { + AppModule + PrepareCheckState(context.Context) + +error +} + +// HasPrecommit is an extension interface that contains information about the AppModule and Precommit. +type HasPrecommit interface { + AppModule + Precommit(context.Context) + +error +} + +// ResponsePreBlock represents the response from the PreBlock method. +// It can modify consensus parameters in storage and signal the caller through the return value. +// When it returns ConsensusParamsChanged=true, the caller must refresh the consensus parameter in the finalize context. +// The new context (ctx) + +must be passed to all the other lifecycle methods. +type ResponsePreBlock interface { + IsConsensusParamsChanged() + +bool +} + +// HasPreBlocker is the extension interface that modules should implement to run +// custom logic before BeginBlock. +type HasPreBlocker interface { + AppModule + // PreBlock is method that will be run before BeginBlock. + PreBlock(context.Context) (ResponsePreBlock, error) +} + +// HasBeginBlocker is the extension interface that modules should implement to run +// custom logic before transaction processing in a block. +type HasBeginBlocker interface { + AppModule + + // BeginBlock is a method that will be run before transactions are processed in + // a block. + BeginBlock(context.Context) + +error +} + +// HasEndBlocker is the extension interface that modules should implement to run +// custom logic after transaction processing in a block. +type HasEndBlocker interface { + AppModule + + // EndBlock is a method that will be run after transactions are processed in + // a block. + EndBlock(context.Context) + +error +} + +// UpgradeModule is the extension interface that upgrade module should implement to differentiate +// it from other modules, migration handler need ensure the upgrade module's migration is executed +// before the rest of the modules. +type UpgradeModule interface { + IsUpgradeModule() +} +``` + +* `BeginBlock(context.Context) error`: This method gives module developers the option to implement logic that is automatically triggered at the beginning of each block. + +### `HasEndBlocker` + +The `HasEndBlocker` is an extension interface from `appmodule.AppModule`. All modules that have an `EndBlock` method implement this interface. If a module needs to return validator set updates (staking), they can use `HasABCIEndBlock` + +```go expandable +package appmodule + +import ( + + "context" + "google.golang.org/grpc" + "cosmossdk.io/depinject" +) + +// AppModule is a tag interface for app module implementations to use as a basis +// for extension interfaces. It provides no functionality itself, but is the +// type that all valid app modules should provide so that they can be identified +// by other modules (usually via depinject) + +as app modules. +type AppModule interface { + depinject.OnePerModuleType + + // IsAppModule is a dummy method to tag a struct as implementing an AppModule. + IsAppModule() +} + +// HasServices is the extension interface that modules should implement to register +// implementations of services defined in .proto files. +type HasServices interface { + AppModule + + // RegisterServices registers the module's services with the app's service + // registrar. + // + // Two types of services are currently supported: + // - read-only gRPC query services, which are the default. + // - transaction message services, which must have the protobuf service + // option "cosmos.msg.v1.service" (defined in "cosmos/msg/v1/service.proto") + // set to true. + // + // The service registrar will figure out which type of service you are + // implementing based on the presence (or absence) + +of protobuf options. You + // do not need to specify this in golang code. + RegisterServices(grpc.ServiceRegistrar) + +error +} + +// HasPrepareCheckState is an extension interface that contains information about the AppModule +// and PrepareCheckState. +type HasPrepareCheckState interface { + AppModule + PrepareCheckState(context.Context) + +error +} + +// HasPrecommit is an extension interface that contains information about the AppModule and Precommit. +type HasPrecommit interface { + AppModule + Precommit(context.Context) + +error +} + +// ResponsePreBlock represents the response from the PreBlock method. +// It can modify consensus parameters in storage and signal the caller through the return value. +// When it returns ConsensusParamsChanged=true, the caller must refresh the consensus parameter in the finalize context. +// The new context (ctx) + +must be passed to all the other lifecycle methods. +type ResponsePreBlock interface { + IsConsensusParamsChanged() + +bool +} + +// HasPreBlocker is the extension interface that modules should implement to run +// custom logic before BeginBlock. +type HasPreBlocker interface { + AppModule + // PreBlock is method that will be run before BeginBlock. + PreBlock(context.Context) (ResponsePreBlock, error) +} + +// HasBeginBlocker is the extension interface that modules should implement to run +// custom logic before transaction processing in a block. +type HasBeginBlocker interface { + AppModule + + // BeginBlock is a method that will be run before transactions are processed in + // a block. + BeginBlock(context.Context) + +error +} + +// HasEndBlocker is the extension interface that modules should implement to run +// custom logic after transaction processing in a block. +type HasEndBlocker interface { + AppModule + + // EndBlock is a method that will be run after transactions are processed in + // a block. + EndBlock(context.Context) + +error +} + +// UpgradeModule is the extension interface that upgrade module should implement to differentiate +// it from other modules, migration handler need ensure the upgrade module's migration is executed +// before the rest of the modules. +type UpgradeModule interface { + IsUpgradeModule() +} +``` + +* `EndBlock(context.Context) error`: This method gives module developers the option to implement logic that is automatically triggered at the end of each block. + +### `HasABCIEndBlock` + +The `HasABCIEndBlock` is an extension interface from `module.AppModule`. All modules that have an `EndBlock` which return validator set updates implement this interface. + +```go expandable +/* +Package module contains application module patterns and associated "manager" functionality. +The module pattern has been broken down by: + - independent module functionality (AppModuleBasic) + - inter-dependent module simulation functionality (AppModuleSimulation) + - inter-dependent module full functionality (AppModule) + +inter-dependent module functionality is module functionality which somehow +depends on other modules, typically through the module keeper. Many of the +module keepers are dependent on each other, thus in order to access the full +set of module functionality we need to define all the keepers/params-store/keys +etc. This full set of advanced functionality is defined by the AppModule interface. + +Independent module functions are separated to allow for the construction of the +basic application structures required early on in the application definition +and used to enable the definition of full module functionality later in the +process. This separation is necessary, however we still want to allow for a +high level pattern for modules to follow - for instance, such that we don't +have to manually register all of the codecs for all the modules. This basic +procedure as well as other basic patterns are handled through the use of +BasicManager. + +Lastly the interface for genesis functionality (HasGenesis & HasABCIGenesis) + +has been +separated out from full module functionality (AppModule) + +so that modules which +are only used for genesis can take advantage of the Module patterns without +needlessly defining many placeholder functions +*/ +package module + +import ( + + "context" + "encoding/json" + "errors" + "fmt" + "maps" + "slices" + "sort" + + abci "github.com/cometbft/cometbft/abci/types" + "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/spf13/cobra" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/core/genesis" + errorsmod "cosmossdk.io/errors" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" +) + +// AppModuleBasic is the standard form for basic non-dependant elements of an application module. +type AppModuleBasic interface { + HasName + RegisterLegacyAminoCodec(*codec.LegacyAmino) + +RegisterInterfaces(types.InterfaceRegistry) + +RegisterGRPCGatewayRoutes(client.Context, *runtime.ServeMux) +} + +// HasName allows the module to provide its own name for legacy purposes. +// Newer apps should specify the name for their modules using a map +// using NewManagerFromMap. +type HasName interface { + Name() + +string +} + +// HasGenesisBasics is the legacy interface for stateless genesis methods. +type HasGenesisBasics interface { + DefaultGenesis(codec.JSONCodec) + +json.RawMessage + ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage) + +error +} + +// BasicManager is a collection of AppModuleBasic +type BasicManager map[string]AppModuleBasic + +// NewBasicManager creates a new BasicManager object +func NewBasicManager(modules ...AppModuleBasic) + +BasicManager { + moduleMap := make(map[string]AppModuleBasic) + for _, module := range modules { + moduleMap[module.Name()] = module +} + +return moduleMap +} + +// NewBasicManagerFromManager creates a new BasicManager from a Manager +// The BasicManager will contain all AppModuleBasic from the AppModule Manager +// Module's AppModuleBasic can be overridden by passing a custom AppModuleBasic map +func NewBasicManagerFromManager(manager *Manager, customModuleBasics map[string]AppModuleBasic) + +BasicManager { + moduleMap := make(map[string]AppModuleBasic) + for name, module := range manager.Modules { + if customBasicMod, ok := customModuleBasics[name]; ok { + moduleMap[name] = customBasicMod + continue +} + if appModule, ok := module.(appmodule.AppModule); ok { + moduleMap[name] = CoreAppModuleBasicAdaptor(name, appModule) + +continue +} + if basicMod, ok := module.(AppModuleBasic); ok { + moduleMap[name] = basicMod +} + +} + +return moduleMap +} + +// RegisterLegacyAminoCodec registers all module codecs +func (bm BasicManager) + +RegisterLegacyAminoCodec(cdc *codec.LegacyAmino) { + for _, b := range bm { + b.RegisterLegacyAminoCodec(cdc) +} +} + +// RegisterInterfaces registers all module interface types +func (bm BasicManager) + +RegisterInterfaces(registry types.InterfaceRegistry) { + for _, m := range bm { + m.RegisterInterfaces(registry) +} +} + +// DefaultGenesis provides default genesis information for all modules +func (bm BasicManager) + +DefaultGenesis(cdc codec.JSONCodec) + +map[string]json.RawMessage { + genesisData := make(map[string]json.RawMessage) + for _, b := range bm { + if mod, ok := b.(HasGenesisBasics); ok { + genesisData[b.Name()] = mod.DefaultGenesis(cdc) +} + +} + +return genesisData +} + +// ValidateGenesis performs genesis state validation for all modules +func (bm BasicManager) + +ValidateGenesis(cdc codec.JSONCodec, txEncCfg client.TxEncodingConfig, genesisData map[string]json.RawMessage) + +error { + for _, b := range bm { + // first check if the module is an adapted Core API Module + if mod, ok := b.(HasGenesisBasics); ok { + if err := mod.ValidateGenesis(cdc, txEncCfg, genesisData[b.Name()]); err != nil { + return err +} + +} + +} + +return nil +} + +// RegisterGRPCGatewayRoutes registers all module rest routes +func (bm BasicManager) + +RegisterGRPCGatewayRoutes(clientCtx client.Context, rtr *runtime.ServeMux) { + for _, b := range bm { + b.RegisterGRPCGatewayRoutes(clientCtx, rtr) +} +} + +// AddTxCommands adds all tx commands to the rootTxCmd. +func (bm BasicManager) + +AddTxCommands(rootTxCmd *cobra.Command) { + for _, b := range bm { + if mod, ok := b.(interface { + GetTxCmd() *cobra.Command +}); ok { + if cmd := mod.GetTxCmd(); cmd != nil { + rootTxCmd.AddCommand(cmd) +} + +} + +} +} + +// AddQueryCommands adds all query commands to the rootQueryCmd. +func (bm BasicManager) + +AddQueryCommands(rootQueryCmd *cobra.Command) { + for _, b := range bm { + if mod, ok := b.(interface { + GetQueryCmd() *cobra.Command +}); ok { + if cmd := mod.GetQueryCmd(); cmd != nil { + rootQueryCmd.AddCommand(cmd) +} + +} + +} +} + +// HasGenesis is the extension interface for stateful genesis methods. +type HasGenesis interface { + HasGenesisBasics + InitGenesis(sdk.Context, codec.JSONCodec, json.RawMessage) + +ExportGenesis(sdk.Context, codec.JSONCodec) + +json.RawMessage +} + +// HasABCIGenesis is the extension interface for stateful genesis methods which returns validator updates. +type HasABCIGenesis interface { + HasGenesisBasics + InitGenesis(sdk.Context, codec.JSONCodec, json.RawMessage) []abci.ValidatorUpdate + ExportGenesis(sdk.Context, codec.JSONCodec) + +json.RawMessage +} + +// AppModule is the form for an application module. Most of +// its functionality has been moved to extension interfaces. +// Deprecated: use appmodule.AppModule with a combination of extension interfaes interfaces instead. +type AppModule interface { + appmodule.AppModule + + AppModuleBasic +} + +// HasInvariants is the interface for registering invariants. +// +// Deprecated: this will be removed in the next Cosmos SDK release. +type HasInvariants interface { + // RegisterInvariants registers module invariants. + RegisterInvariants(sdk.InvariantRegistry) +} + +// HasServices is the interface for modules to register services. +type HasServices interface { + // RegisterServices allows a module to register services. + RegisterServices(Configurator) +} + +// HasConsensusVersion is the interface for declaring a module consensus version. +type HasConsensusVersion interface { + // ConsensusVersion is a sequence number for state-breaking change of the + // module. It should be incremented on each consensus-breaking change + // introduced by the module. To avoid wrong/empty versions, the initial version + // should be set to 1. + ConsensusVersion() + +uint64 +} + +// HasABCIEndblock is a released typo of HasABCIEndBlock. +// Deprecated: use HasABCIEndBlock instead. +type HasABCIEndblock HasABCIEndBlock + +// HasABCIEndBlock is the interface for modules that need to run code at the end of the block. +type HasABCIEndBlock interface { + AppModule + EndBlock(context.Context) ([]abci.ValidatorUpdate, error) +} + +var ( + _ appmodule.AppModule = (*GenesisOnlyAppModule)(nil) + _ AppModuleBasic = (*GenesisOnlyAppModule)(nil) +) + +// AppModuleGenesis is the standard form for an application module genesis functions +type AppModuleGenesis interface { + AppModuleBasic + HasABCIGenesis +} + +// GenesisOnlyAppModule is an AppModule that only has import/export functionality +type GenesisOnlyAppModule struct { + AppModuleGenesis +} + +// NewGenesisOnlyAppModule creates a new GenesisOnlyAppModule object +func NewGenesisOnlyAppModule(amg AppModuleGenesis) + +GenesisOnlyAppModule { + return GenesisOnlyAppModule{ + AppModuleGenesis: amg, +} +} + +// IsOnePerModuleType implements the depinject.OnePerModuleType interface. +func (GenesisOnlyAppModule) + +IsOnePerModuleType() { +} + +// IsAppModule implements the appmodule.AppModule interface. +func (GenesisOnlyAppModule) + +IsAppModule() { +} + +// RegisterInvariants is a placeholder function register no invariants +func (GenesisOnlyAppModule) + +RegisterInvariants(_ sdk.InvariantRegistry) { +} + +// ConsensusVersion implements AppModule/ConsensusVersion. +func (gam GenesisOnlyAppModule) + +ConsensusVersion() + +uint64 { + return 1 +} + +// Manager defines a module manager that provides the high level utility for managing and executing +// operations for a group of modules +type Manager struct { + Modules map[string]any // interface{ +} + +is used now to support the legacy AppModule as well as new core appmodule.AppModule. + OrderInitGenesis []string + OrderExportGenesis []string + OrderPreBlockers []string + OrderBeginBlockers []string + OrderEndBlockers []string + OrderPrepareCheckStaters []string + OrderPrecommiters []string + OrderMigrations []string +} + +// NewManager creates a new Manager object. +func NewManager(modules ...AppModule) *Manager { + moduleMap := make(map[string]any) + modulesStr := make([]string, 0, len(modules)) + preBlockModulesStr := make([]string, 0) + for _, module := range modules { + if _, ok := module.(appmodule.AppModule); !ok { + panic(fmt.Sprintf("module %s does not implement appmodule.AppModule", module.Name())) +} + +moduleMap[module.Name()] = module + modulesStr = append(modulesStr, module.Name()) + if _, ok := module.(appmodule.HasPreBlocker); ok { + preBlockModulesStr = append(preBlockModulesStr, module.Name()) +} + +} + +return &Manager{ + Modules: moduleMap, + OrderInitGenesis: modulesStr, + OrderExportGenesis: modulesStr, + OrderPreBlockers: preBlockModulesStr, + OrderBeginBlockers: modulesStr, + OrderPrepareCheckStaters: modulesStr, + OrderPrecommiters: modulesStr, + OrderEndBlockers: modulesStr, +} +} + +// NewManagerFromMap creates a new Manager object from a map of module names to module implementations. +// This method should be used for apps and modules which have migrated to the cosmossdk.io/core.appmodule.AppModule API. +func NewManagerFromMap(moduleMap map[string]appmodule.AppModule) *Manager { + simpleModuleMap := make(map[string]any) + modulesStr := make([]string, 0, len(simpleModuleMap)) + preBlockModulesStr := make([]string, 0) + for name, module := range moduleMap { + simpleModuleMap[name] = module + modulesStr = append(modulesStr, name) + if _, ok := module.(appmodule.HasPreBlocker); ok { + preBlockModulesStr = append(preBlockModulesStr, name) +} + +} + + // Sort the modules by name. Given that we are using a map above we can't guarantee the order. + sort.Strings(modulesStr) + +return &Manager{ + Modules: simpleModuleMap, + OrderInitGenesis: modulesStr, + OrderExportGenesis: modulesStr, + OrderPreBlockers: preBlockModulesStr, + OrderBeginBlockers: modulesStr, + OrderEndBlockers: modulesStr, + OrderPrecommiters: modulesStr, + OrderPrepareCheckStaters: modulesStr, +} +} + +// SetOrderInitGenesis sets the order of init genesis calls +func (m *Manager) + +SetOrderInitGenesis(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderInitGenesis", moduleNames, func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasGenesis := module.(appmodule.HasGenesis); hasGenesis { + return !hasGenesis +} + if _, hasABCIGenesis := module.(HasABCIGenesis); hasABCIGenesis { + return !hasABCIGenesis +} + + _, hasGenesis := module.(HasGenesis) + +return !hasGenesis +}) + +m.OrderInitGenesis = moduleNames +} + +// SetOrderExportGenesis sets the order of export genesis calls +func (m *Manager) + +SetOrderExportGenesis(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderExportGenesis", moduleNames, func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasGenesis := module.(appmodule.HasGenesis); hasGenesis { + return !hasGenesis +} + if _, hasABCIGenesis := module.(HasABCIGenesis); hasABCIGenesis { + return !hasABCIGenesis +} + + _, hasGenesis := module.(HasGenesis) + +return !hasGenesis +}) + +m.OrderExportGenesis = moduleNames +} + +// SetOrderPreBlockers sets the order of set pre-blocker calls +func (m *Manager) + +SetOrderPreBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPreBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasBlock := module.(appmodule.HasPreBlocker) + +return !hasBlock +}) + +m.OrderPreBlockers = moduleNames +} + +// SetOrderBeginBlockers sets the order of set begin-blocker calls +func (m *Manager) + +SetOrderBeginBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderBeginBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasBeginBlock := module.(appmodule.HasBeginBlocker) + +return !hasBeginBlock +}) + +m.OrderBeginBlockers = moduleNames +} + +// SetOrderEndBlockers sets the order of set end-blocker calls +func (m *Manager) + +SetOrderEndBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderEndBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasEndBlock := module.(appmodule.HasEndBlocker); hasEndBlock { + return !hasEndBlock +} + + _, hasABCIEndBlock := module.(HasABCIEndBlock) + +return !hasABCIEndBlock +}) + +m.OrderEndBlockers = moduleNames +} + +// SetOrderPrepareCheckStaters sets the order of set prepare-check-stater calls +func (m *Manager) + +SetOrderPrepareCheckStaters(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPrepareCheckStaters", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasPrepareCheckState := module.(appmodule.HasPrepareCheckState) + +return !hasPrepareCheckState +}) + +m.OrderPrepareCheckStaters = moduleNames +} + +// SetOrderPrecommiters sets the order of set precommiter calls +func (m *Manager) + +SetOrderPrecommiters(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPrecommiters", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasPrecommit := module.(appmodule.HasPrecommit) + +return !hasPrecommit +}) + +m.OrderPrecommiters = moduleNames +} + +// SetOrderMigrations sets the order of migrations to be run. If not set +// then migrations will be run with an order defined in `DefaultMigrationsOrder`. +func (m *Manager) + +SetOrderMigrations(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderMigrations", moduleNames, nil) + +m.OrderMigrations = moduleNames +} + +// RegisterInvariants registers all module invariants +// +// Deprecated: this function is a no-op and will be removed in the next release of the Cosmos SDK. +func (m *Manager) + +RegisterInvariants(_ sdk.InvariantRegistry) { +} + +// RegisterServices registers all module services +func (m *Manager) + +RegisterServices(cfg Configurator) + +error { + for _, module := range m.Modules { + if module, ok := module.(HasServices); ok { + module.RegisterServices(cfg) +} + if module, ok := module.(appmodule.HasServices); ok { + err := module.RegisterServices(cfg) + if err != nil { + return err +} + +} + if cfg.Error() != nil { + return cfg.Error() +} + +} + +return nil +} + +// InitGenesis performs init genesis functionality for modules. Exactly one +// module must return a non-empty validator set update to correctly initialize +// the chain. +func (m *Manager) + +InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, genesisData map[string]json.RawMessage) (*abci.ResponseInitChain, error) { + var validatorUpdates []abci.ValidatorUpdate + ctx.Logger().Info("initializing blockchain state from genesis.json") + for _, moduleName := range m.OrderInitGenesis { + if genesisData[moduleName] == nil { + continue +} + mod := m.Modules[moduleName] + // we might get an adapted module, a native core API module or a legacy module + if module, ok := mod.(appmodule.HasGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + // core API genesis + source, err := genesis.SourceFromRawJSON(genesisData[moduleName]) + if err != nil { + return &abci.ResponseInitChain{ +}, err +} + +err = module.InitGenesis(ctx, source) + if err != nil { + return &abci.ResponseInitChain{ +}, err +} + +} + +else if module, ok := mod.(HasGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + +module.InitGenesis(ctx, cdc, genesisData[moduleName]) +} + +else if module, ok := mod.(HasABCIGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + moduleValUpdates := module.InitGenesis(ctx, cdc, genesisData[moduleName]) + + // use these validator updates if provided, the module manager assumes + // only one module will update the validator set + if len(moduleValUpdates) > 0 { + if len(validatorUpdates) > 0 { + return &abci.ResponseInitChain{ +}, errors.New("validator InitGenesis updates already set by a previous module") +} + +validatorUpdates = moduleValUpdates +} + +} + +} + + // a chain must initialize with a non-empty validator set + if len(validatorUpdates) == 0 { + return &abci.ResponseInitChain{ +}, fmt.Errorf("validator set is empty after InitGenesis, please ensure at least one validator is initialized with a delegation greater than or equal to the DefaultPowerReduction (%d)", sdk.DefaultPowerReduction) +} + +return &abci.ResponseInitChain{ + Validators: validatorUpdates, +}, nil +} + +// ExportGenesis performs export genesis functionality for modules +func (m *Manager) + +ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec) (map[string]json.RawMessage, error) { + return m.ExportGenesisForModules(ctx, cdc, []string{ +}) +} + +// ExportGenesisForModules performs export genesis functionality for modules +func (m *Manager) + +ExportGenesisForModules(ctx sdk.Context, cdc codec.JSONCodec, modulesToExport []string) (map[string]json.RawMessage, error) { + if len(modulesToExport) == 0 { + modulesToExport = m.OrderExportGenesis +} + // verify modules exists in app, so that we don't panic in the middle of an export + if err := m.checkModulesExists(modulesToExport); err != nil { + return nil, err +} + +type genesisResult struct { + bz json.RawMessage + err error +} + channels := make(map[string]chan genesisResult) + for _, moduleName := range modulesToExport { + mod := m.Modules[moduleName] + if module, ok := mod.(appmodule.HasGenesis); ok { + // core API genesis + channels[moduleName] = make(chan genesisResult) + +go func(module appmodule.HasGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + target := genesis.RawJSONTarget{ +} + err := module.ExportGenesis(ctx, target.Target()) + if err != nil { + ch <- genesisResult{ + nil, err +} + +return +} + +rawJSON, err := target.JSON() + if err != nil { + ch <- genesisResult{ + nil, err +} + +return +} + +ch <- genesisResult{ + rawJSON, nil +} + +}(module, channels[moduleName]) +} + +else if module, ok := mod.(HasGenesis); ok { + channels[moduleName] = make(chan genesisResult) + +go func(module HasGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + ch <- genesisResult{ + module.ExportGenesis(ctx, cdc), nil +} + +}(module, channels[moduleName]) +} + +else if module, ok := mod.(HasABCIGenesis); ok { + channels[moduleName] = make(chan genesisResult) + +go func(module HasABCIGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + ch <- genesisResult{ + module.ExportGenesis(ctx, cdc), nil +} + +}(module, channels[moduleName]) +} + +} + genesisData := make(map[string]json.RawMessage) + for moduleName := range channels { + res := <-channels[moduleName] + if res.err != nil { + return nil, fmt.Errorf("genesis export error in %s: %w", moduleName, res.err) +} + +genesisData[moduleName] = res.bz +} + +return genesisData, nil +} + +// checkModulesExists verifies that all modules in the list exist in the app +func (m *Manager) + +checkModulesExists(moduleName []string) + +error { + for _, name := range moduleName { + if _, ok := m.Modules[name]; !ok { + return fmt.Errorf("module %s does not exist", name) +} + +} + +return nil +} + +// assertNoForgottenModules checks that we didn't forget any modules in the SetOrder* functions. +// `pass` is a closure which allows one to omit modules from `moduleNames`. +// If you provide non-nil `pass` and it returns true, the module would not be subject of the assertion. +func (m *Manager) + +assertNoForgottenModules(setOrderFnName string, moduleNames []string, pass func(moduleName string) + +bool) { + ms := make(map[string]bool) + for _, m := range moduleNames { + ms[m] = true +} + +var missing []string + for m := range m.Modules { + if pass != nil && pass(m) { + continue +} + if !ms[m] { + missing = append(missing, m) +} + +} + if len(missing) != 0 { + sort.Strings(missing) + +panic(fmt.Sprintf( + "all modules must be defined when setting %s, missing: %v", setOrderFnName, missing)) +} +} + +// MigrationHandler is the migration function that each module registers. +type MigrationHandler func(sdk.Context) + +error + +// VersionMap is a map of moduleName -> version +type VersionMap map[string]uint64 + +// RunMigrations performs in-place store migrations for all modules. This +// function MUST be called insde an x/upgrade UpgradeHandler. +// +// Recall that in an upgrade handler, the `fromVM` VersionMap is retrieved from +// x/upgrade's store, and the function needs to return the target VersionMap +// that will in turn be persisted to the x/upgrade's store. In general, +// returning RunMigrations should be enough: +// +// Example: +// +// cfg := module.NewConfigurator(...) +// app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx context.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { +// return app.mm.RunMigrations(ctx, cfg, fromVM) +// +}) +// +// Internally, RunMigrations will perform the following steps: +// - create an `updatedVM` VersionMap of module with their latest ConsensusVersion +// - make a diff of `fromVM` and `udpatedVM`, and for each module: +// - if the module's `fromVM` version is less than its `updatedVM` version, +// then run in-place store migrations for that module between those versions. +// - if the module does not exist in the `fromVM` (which means that it's a new module, +// because it was not in the previous x/upgrade's store), then run +// `InitGenesis` on that module. +// +// - return the `updatedVM` to be persisted in the x/upgrade's store. +// +// Migrations are run in an order defined by `Manager.OrderMigrations` or (if not set) + +defined by +// `DefaultMigrationsOrder` function. +// +// As an app developer, if you wish to skip running InitGenesis for your new +// module "foo", you need to manually pass a `fromVM` argument to this function +// foo's module version set to its latest ConsensusVersion. That way, the diff +// between the function's `fromVM` and `udpatedVM` will be empty, hence not +// running anything for foo. +// +// Example: +// +// cfg := module.NewConfigurator(...) +// app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx context.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { +// // Assume "foo" is a new module. +// // `fromVM` is fetched from existing x/upgrade store. Since foo didn't exist +// // before this upgrade, `v, exists := fromVM["foo"]; exists == false`, and RunMigration will by default +// // run InitGenesis on foo. +// // To skip running foo's InitGenesis, you need set `fromVM`'s foo to its latest +// // consensus version: +// fromVM["foo"] = foo.AppModule{ +}.ConsensusVersion() +// +// return app.mm.RunMigrations(ctx, cfg, fromVM) +// +}) +// +// Please also refer to https://docs.cosmos.network/main/core/upgrade for more information. +func (m Manager) + +RunMigrations(ctx context.Context, cfg Configurator, fromVM VersionMap) (VersionMap, error) { + c, ok := cfg.(*configurator) + if !ok { + return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidType, "expected %T, got %T", &configurator{ +}, cfg) +} + modules := m.OrderMigrations + if modules == nil { + modules = DefaultMigrationsOrder(m.ModuleNames()) +} + sdkCtx := sdk.UnwrapSDKContext(ctx) + updatedVM := VersionMap{ +} + for _, moduleName := range modules { + module := m.Modules[moduleName] + fromVersion, exists := fromVM[moduleName] + toVersion := uint64(0) + if module, ok := module.(HasConsensusVersion); ok { + toVersion = module.ConsensusVersion() +} + + // We run migration if the module is specified in `fromVM`. + // Otherwise we run InitGenesis. + // + // The module won't exist in the fromVM in two cases: + // 1. A new module is added. In this case we run InitGenesis with an + // empty genesis state. + // 2. An existing chain is upgrading from version < 0.43 to v0.43+ for the first time. + // In this case, all modules have yet to be added to x/upgrade's VersionMap store. + if exists { + err := c.runModuleMigrations(sdkCtx, moduleName, fromVersion, toVersion) + if err != nil { + return nil, err +} + +} + +else { + sdkCtx.Logger().Info(fmt.Sprintf("adding a new module: %s", moduleName)) + if module, ok := m.Modules[moduleName].(HasGenesis); ok { + module.InitGenesis(sdkCtx, c.cdc, module.DefaultGenesis(c.cdc)) +} + if module, ok := m.Modules[moduleName].(HasABCIGenesis); ok { + moduleValUpdates := module.InitGenesis(sdkCtx, c.cdc, module.DefaultGenesis(c.cdc)) + // The module manager assumes only one module will update the + // validator set, and it can't be a new module. + if len(moduleValUpdates) > 0 { + return nil, errorsmod.Wrapf(sdkerrors.ErrLogic, "validator InitGenesis update is already set by another module") +} + +} + +} + +updatedVM[moduleName] = toVersion +} + +return updatedVM, nil +} + +// PreBlock performs begin block functionality for upgrade module. +// It takes the current context as a parameter and returns a boolean value +// indicating whether the migration was successfully executed or not. +func (m *Manager) + +PreBlock(ctx sdk.Context) (*sdk.ResponsePreBlock, error) { + paramsChanged := false + for _, moduleName := range m.OrderPreBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasPreBlocker); ok { + rsp, err := module.PreBlock(ctx) + if err != nil { + return nil, err +} + if rsp.IsConsensusParamsChanged() { + paramsChanged = true +} + +} + +} + +return &sdk.ResponsePreBlock{ + ConsensusParamsChanged: paramsChanged, +}, nil +} + +// BeginBlock performs begin block functionality for all modules. It creates a +// child context with an event manager to aggregate events emitted from all +// modules. +func (m *Manager) + +BeginBlock(ctx sdk.Context) (sdk.BeginBlock, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + for _, moduleName := range m.OrderBeginBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasBeginBlocker); ok { + if err := module.BeginBlock(ctx); err != nil { + return sdk.BeginBlock{ +}, err +} + +} + +} + +return sdk.BeginBlock{ + Events: ctx.EventManager().ABCIEvents(), +}, nil +} + +// EndBlock performs end block functionality for all modules. It creates a +// child context with an event manager to aggregate events emitted from all +// modules. +func (m *Manager) + +EndBlock(ctx sdk.Context) (sdk.EndBlock, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + validatorUpdates := []abci.ValidatorUpdate{ +} + for _, moduleName := range m.OrderEndBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasEndBlocker); ok { + err := module.EndBlock(ctx) + if err != nil { + return sdk.EndBlock{ +}, err +} + +} + +else if module, ok := m.Modules[moduleName].(HasABCIEndBlock); ok { + moduleValUpdates, err := module.EndBlock(ctx) + if err != nil { + return sdk.EndBlock{ +}, err +} + // use these validator updates if provided, the module manager assumes + // only one module will update the validator set + if len(moduleValUpdates) > 0 { + if len(validatorUpdates) > 0 { + return sdk.EndBlock{ +}, errors.New("validator EndBlock updates already set by a previous module") +} + for _, updates := range moduleValUpdates { + validatorUpdates = append(validatorUpdates, abci.ValidatorUpdate{ + PubKey: updates.PubKey, + Power: updates.Power +}) +} + +} + +} + +else { + continue +} + +} + +return sdk.EndBlock{ + ValidatorUpdates: validatorUpdates, + Events: ctx.EventManager().ABCIEvents(), +}, nil +} + +// Precommit performs precommit functionality for all modules. +func (m *Manager) + +Precommit(ctx sdk.Context) + +error { + for _, moduleName := range m.OrderPrecommiters { + module, ok := m.Modules[moduleName].(appmodule.HasPrecommit) + if !ok { + continue +} + if err := module.Precommit(ctx); err != nil { + return err +} + +} + +return nil +} + +// PrepareCheckState performs functionality for preparing the check state for all modules. +func (m *Manager) + +PrepareCheckState(ctx sdk.Context) + +error { + for _, moduleName := range m.OrderPrepareCheckStaters { + module, ok := m.Modules[moduleName].(appmodule.HasPrepareCheckState) + if !ok { + continue +} + if err := module.PrepareCheckState(ctx); err != nil { + return err +} + +} + +return nil +} + +// GetVersionMap gets consensus version from all modules +func (m *Manager) + +GetVersionMap() + +VersionMap { + vermap := make(VersionMap) + for name, v := range m.Modules { + version := uint64(0) + if v, ok := v.(HasConsensusVersion); ok { + version = v.ConsensusVersion() +} + +vermap[name] = version +} + +return vermap +} + +// ModuleNames returns list of all module names, without any particular order. +func (m *Manager) + +ModuleNames() []string { + return slices.Collect(maps.Keys(m.Modules)) +} + +// DefaultMigrationsOrder returns a default migrations order: ascending alphabetical by module name, +// except x/auth which will run last, see: +// https://github.com/cosmos/cosmos-sdk/issues/10591 +func DefaultMigrationsOrder(modules []string) []string { + const authName = "auth" + out := make([]string, 0, len(modules)) + hasAuth := false + for _, m := range modules { + if m == authName { + hasAuth = true +} + +else { + out = append(out, m) +} + +} + +sort.Strings(out) + if hasAuth { + out = append(out, authName) +} + +return out +} +``` + +* `EndBlock(context.Context) ([]abci.ValidatorUpdate, error)`: This method gives module developers the option to inform the underlying consensus engine of validator set changes (e.g. the `staking` module). + +### `HasPrecommit` + +`HasPrecommit` is an extension interface from `appmodule.AppModule`. All modules that have a `Precommit` method implement this interface. + +```go expandable +package appmodule + +import ( + + "context" + "google.golang.org/grpc" + "cosmossdk.io/depinject" +) + +// AppModule is a tag interface for app module implementations to use as a basis +// for extension interfaces. It provides no functionality itself, but is the +// type that all valid app modules should provide so that they can be identified +// by other modules (usually via depinject) + +as app modules. +type AppModule interface { + depinject.OnePerModuleType + + // IsAppModule is a dummy method to tag a struct as implementing an AppModule. + IsAppModule() +} + +// HasServices is the extension interface that modules should implement to register +// implementations of services defined in .proto files. +type HasServices interface { + AppModule + + // RegisterServices registers the module's services with the app's service + // registrar. + // + // Two types of services are currently supported: + // - read-only gRPC query services, which are the default. + // - transaction message services, which must have the protobuf service + // option "cosmos.msg.v1.service" (defined in "cosmos/msg/v1/service.proto") + // set to true. + // + // The service registrar will figure out which type of service you are + // implementing based on the presence (or absence) + +of protobuf options. You + // do not need to specify this in golang code. + RegisterServices(grpc.ServiceRegistrar) + +error +} + +// HasPrepareCheckState is an extension interface that contains information about the AppModule +// and PrepareCheckState. +type HasPrepareCheckState interface { + AppModule + PrepareCheckState(context.Context) + +error +} + +// HasPrecommit is an extension interface that contains information about the AppModule and Precommit. +type HasPrecommit interface { + AppModule + Precommit(context.Context) + +error +} + +// ResponsePreBlock represents the response from the PreBlock method. +// It can modify consensus parameters in storage and signal the caller through the return value. +// When it returns ConsensusParamsChanged=true, the caller must refresh the consensus parameter in the finalize context. +// The new context (ctx) + +must be passed to all the other lifecycle methods. +type ResponsePreBlock interface { + IsConsensusParamsChanged() + +bool +} + +// HasPreBlocker is the extension interface that modules should implement to run +// custom logic before BeginBlock. +type HasPreBlocker interface { + AppModule + // PreBlock is method that will be run before BeginBlock. + PreBlock(context.Context) (ResponsePreBlock, error) +} + +// HasBeginBlocker is the extension interface that modules should implement to run +// custom logic before transaction processing in a block. +type HasBeginBlocker interface { + AppModule + + // BeginBlock is a method that will be run before transactions are processed in + // a block. + BeginBlock(context.Context) + +error +} + +// HasEndBlocker is the extension interface that modules should implement to run +// custom logic after transaction processing in a block. +type HasEndBlocker interface { + AppModule + + // EndBlock is a method that will be run after transactions are processed in + // a block. + EndBlock(context.Context) + +error +} + +// UpgradeModule is the extension interface that upgrade module should implement to differentiate +// it from other modules, migration handler need ensure the upgrade module's migration is executed +// before the rest of the modules. +type UpgradeModule interface { + IsUpgradeModule() +} +``` + +* `Precommit(context.Context)`: This method gives module developers the option to implement logic that is automatically triggered during \[`Commit'](../../learn/advanced/00-baseapp.md#commit) of each block using the [`finalizeblockstate`](../../learn/advanced/00-baseapp.md#state-updates) of the block to be committed. Implement empty if no logic needs to be triggered during `Commit\` of each block for this module. + +### `HasPrepareCheckState` + +`HasPrepareCheckState` is an extension interface from `appmodule.AppModule`. All modules that have a `PrepareCheckState` method implement this interface. + +```go expandable +package appmodule + +import ( + + "context" + "google.golang.org/grpc" + "cosmossdk.io/depinject" +) + +// AppModule is a tag interface for app module implementations to use as a basis +// for extension interfaces. It provides no functionality itself, but is the +// type that all valid app modules should provide so that they can be identified +// by other modules (usually via depinject) + +as app modules. +type AppModule interface { + depinject.OnePerModuleType + + // IsAppModule is a dummy method to tag a struct as implementing an AppModule. + IsAppModule() +} + +// HasServices is the extension interface that modules should implement to register +// implementations of services defined in .proto files. +type HasServices interface { + AppModule + + // RegisterServices registers the module's services with the app's service + // registrar. + // + // Two types of services are currently supported: + // - read-only gRPC query services, which are the default. + // - transaction message services, which must have the protobuf service + // option "cosmos.msg.v1.service" (defined in "cosmos/msg/v1/service.proto") + // set to true. + // + // The service registrar will figure out which type of service you are + // implementing based on the presence (or absence) + +of protobuf options. You + // do not need to specify this in golang code. + RegisterServices(grpc.ServiceRegistrar) + +error +} + +// HasPrepareCheckState is an extension interface that contains information about the AppModule +// and PrepareCheckState. +type HasPrepareCheckState interface { + AppModule + PrepareCheckState(context.Context) + +error +} + +// HasPrecommit is an extension interface that contains information about the AppModule and Precommit. +type HasPrecommit interface { + AppModule + Precommit(context.Context) + +error +} + +// ResponsePreBlock represents the response from the PreBlock method. +// It can modify consensus parameters in storage and signal the caller through the return value. +// When it returns ConsensusParamsChanged=true, the caller must refresh the consensus parameter in the finalize context. +// The new context (ctx) + +must be passed to all the other lifecycle methods. +type ResponsePreBlock interface { + IsConsensusParamsChanged() + +bool +} + +// HasPreBlocker is the extension interface that modules should implement to run +// custom logic before BeginBlock. +type HasPreBlocker interface { + AppModule + // PreBlock is method that will be run before BeginBlock. + PreBlock(context.Context) (ResponsePreBlock, error) +} + +// HasBeginBlocker is the extension interface that modules should implement to run +// custom logic before transaction processing in a block. +type HasBeginBlocker interface { + AppModule + + // BeginBlock is a method that will be run before transactions are processed in + // a block. + BeginBlock(context.Context) + +error +} + +// HasEndBlocker is the extension interface that modules should implement to run +// custom logic after transaction processing in a block. +type HasEndBlocker interface { + AppModule + + // EndBlock is a method that will be run after transactions are processed in + // a block. + EndBlock(context.Context) + +error +} + +// UpgradeModule is the extension interface that upgrade module should implement to differentiate +// it from other modules, migration handler need ensure the upgrade module's migration is executed +// before the rest of the modules. +type UpgradeModule interface { + IsUpgradeModule() +} +``` + +* `PrepareCheckState(context.Context)`: This method gives module developers the option to implement logic that is automatically triggered during \[`Commit'](../../learn/advanced/00-baseapp.md#commit) of each block using the [`checkState`](../../learn/advanced/00-baseapp.md#state-updates) of the next block. Implement empty if no logic needs to be triggered during `Commit\` of each block for this module. + +### Implementing the Application Module Interfaces + +Typically, the various application module interfaces are implemented in a file called `module.go`, located in the module's folder (e.g. `./x/module/module.go`). + +Almost every module needs to implement the `AppModuleBasic` and `AppModule` interfaces. If the module is only used for genesis, it will implement `AppModuleGenesis` instead of `AppModule`. The concrete type that implements the interface can add parameters that are required for the implementation of the various methods of the interface. For example, the `Route()` function often calls a `NewMsgServerImpl(k keeper)` function defined in `keeper/msg_server.go` and therefore needs to pass the module's [`keeper`](/docs/sdk/vnext/build/building-modules/keeper) as a parameter. + +```go +// example +type AppModule struct { + AppModuleBasic + keeper Keeper +} +``` + +In the example above, you can see that the `AppModule` concrete type references an `AppModuleBasic`, and not an `AppModuleGenesis`. That is because `AppModuleGenesis` only needs to be implemented in modules that focus on genesis-related functionalities. In most modules, the concrete `AppModule` type will have a reference to an `AppModuleBasic` and implement the two added methods of `AppModuleGenesis` directly in the `AppModule` type. + +If no parameter is required (which is often the case for `AppModuleBasic`), just declare an empty concrete type like so: + +```go +type AppModuleBasic struct{ +} +``` + +## Module Managers + +Module managers are used to manage collections of `AppModuleBasic` and `AppModule`. + +### `BasicManager` + +The `BasicManager` is a structure that lists all the `AppModuleBasic` of an application: + +```go expandable +/* +Package module contains application module patterns and associated "manager" functionality. +The module pattern has been broken down by: + - independent module functionality (AppModuleBasic) + - inter-dependent module simulation functionality (AppModuleSimulation) + - inter-dependent module full functionality (AppModule) + +inter-dependent module functionality is module functionality which somehow +depends on other modules, typically through the module keeper. Many of the +module keepers are dependent on each other, thus in order to access the full +set of module functionality we need to define all the keepers/params-store/keys +etc. This full set of advanced functionality is defined by the AppModule interface. + +Independent module functions are separated to allow for the construction of the +basic application structures required early on in the application definition +and used to enable the definition of full module functionality later in the +process. This separation is necessary, however we still want to allow for a +high level pattern for modules to follow - for instance, such that we don't +have to manually register all of the codecs for all the modules. This basic +procedure as well as other basic patterns are handled through the use of +BasicManager. + +Lastly the interface for genesis functionality (HasGenesis & HasABCIGenesis) + +has been +separated out from full module functionality (AppModule) + +so that modules which +are only used for genesis can take advantage of the Module patterns without +needlessly defining many placeholder functions +*/ +package module + +import ( + + "context" + "encoding/json" + "errors" + "fmt" + "maps" + "slices" + "sort" + + abci "github.com/cometbft/cometbft/abci/types" + "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/spf13/cobra" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/core/genesis" + errorsmod "cosmossdk.io/errors" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" +) + +// AppModuleBasic is the standard form for basic non-dependant elements of an application module. +type AppModuleBasic interface { + HasName + RegisterLegacyAminoCodec(*codec.LegacyAmino) + +RegisterInterfaces(types.InterfaceRegistry) + +RegisterGRPCGatewayRoutes(client.Context, *runtime.ServeMux) +} + +// HasName allows the module to provide its own name for legacy purposes. +// Newer apps should specify the name for their modules using a map +// using NewManagerFromMap. +type HasName interface { + Name() + +string +} + +// HasGenesisBasics is the legacy interface for stateless genesis methods. +type HasGenesisBasics interface { + DefaultGenesis(codec.JSONCodec) + +json.RawMessage + ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage) + +error +} + +// BasicManager is a collection of AppModuleBasic +type BasicManager map[string]AppModuleBasic + +// NewBasicManager creates a new BasicManager object +func NewBasicManager(modules ...AppModuleBasic) + +BasicManager { + moduleMap := make(map[string]AppModuleBasic) + for _, module := range modules { + moduleMap[module.Name()] = module +} + +return moduleMap +} + +// NewBasicManagerFromManager creates a new BasicManager from a Manager +// The BasicManager will contain all AppModuleBasic from the AppModule Manager +// Module's AppModuleBasic can be overridden by passing a custom AppModuleBasic map +func NewBasicManagerFromManager(manager *Manager, customModuleBasics map[string]AppModuleBasic) + +BasicManager { + moduleMap := make(map[string]AppModuleBasic) + for name, module := range manager.Modules { + if customBasicMod, ok := customModuleBasics[name]; ok { + moduleMap[name] = customBasicMod + continue +} + if appModule, ok := module.(appmodule.AppModule); ok { + moduleMap[name] = CoreAppModuleBasicAdaptor(name, appModule) + +continue +} + if basicMod, ok := module.(AppModuleBasic); ok { + moduleMap[name] = basicMod +} + +} + +return moduleMap +} + +// RegisterLegacyAminoCodec registers all module codecs +func (bm BasicManager) + +RegisterLegacyAminoCodec(cdc *codec.LegacyAmino) { + for _, b := range bm { + b.RegisterLegacyAminoCodec(cdc) +} +} + +// RegisterInterfaces registers all module interface types +func (bm BasicManager) + +RegisterInterfaces(registry types.InterfaceRegistry) { + for _, m := range bm { + m.RegisterInterfaces(registry) +} +} + +// DefaultGenesis provides default genesis information for all modules +func (bm BasicManager) + +DefaultGenesis(cdc codec.JSONCodec) + +map[string]json.RawMessage { + genesisData := make(map[string]json.RawMessage) + for _, b := range bm { + if mod, ok := b.(HasGenesisBasics); ok { + genesisData[b.Name()] = mod.DefaultGenesis(cdc) +} + +} + +return genesisData +} + +// ValidateGenesis performs genesis state validation for all modules +func (bm BasicManager) + +ValidateGenesis(cdc codec.JSONCodec, txEncCfg client.TxEncodingConfig, genesisData map[string]json.RawMessage) + +error { + for _, b := range bm { + // first check if the module is an adapted Core API Module + if mod, ok := b.(HasGenesisBasics); ok { + if err := mod.ValidateGenesis(cdc, txEncCfg, genesisData[b.Name()]); err != nil { + return err +} + +} + +} + +return nil +} + +// RegisterGRPCGatewayRoutes registers all module rest routes +func (bm BasicManager) + +RegisterGRPCGatewayRoutes(clientCtx client.Context, rtr *runtime.ServeMux) { + for _, b := range bm { + b.RegisterGRPCGatewayRoutes(clientCtx, rtr) +} +} + +// AddTxCommands adds all tx commands to the rootTxCmd. +func (bm BasicManager) + +AddTxCommands(rootTxCmd *cobra.Command) { + for _, b := range bm { + if mod, ok := b.(interface { + GetTxCmd() *cobra.Command +}); ok { + if cmd := mod.GetTxCmd(); cmd != nil { + rootTxCmd.AddCommand(cmd) +} + +} + +} +} + +// AddQueryCommands adds all query commands to the rootQueryCmd. +func (bm BasicManager) + +AddQueryCommands(rootQueryCmd *cobra.Command) { + for _, b := range bm { + if mod, ok := b.(interface { + GetQueryCmd() *cobra.Command +}); ok { + if cmd := mod.GetQueryCmd(); cmd != nil { + rootQueryCmd.AddCommand(cmd) +} + +} + +} +} + +// HasGenesis is the extension interface for stateful genesis methods. +type HasGenesis interface { + HasGenesisBasics + InitGenesis(sdk.Context, codec.JSONCodec, json.RawMessage) + +ExportGenesis(sdk.Context, codec.JSONCodec) + +json.RawMessage +} + +// HasABCIGenesis is the extension interface for stateful genesis methods which returns validator updates. +type HasABCIGenesis interface { + HasGenesisBasics + InitGenesis(sdk.Context, codec.JSONCodec, json.RawMessage) []abci.ValidatorUpdate + ExportGenesis(sdk.Context, codec.JSONCodec) + +json.RawMessage +} + +// AppModule is the form for an application module. Most of +// its functionality has been moved to extension interfaces. +// Deprecated: use appmodule.AppModule with a combination of extension interfaes interfaces instead. +type AppModule interface { + appmodule.AppModule + + AppModuleBasic +} + +// HasInvariants is the interface for registering invariants. +// +// Deprecated: this will be removed in the next Cosmos SDK release. +type HasInvariants interface { + // RegisterInvariants registers module invariants. + RegisterInvariants(sdk.InvariantRegistry) +} + +// HasServices is the interface for modules to register services. +type HasServices interface { + // RegisterServices allows a module to register services. + RegisterServices(Configurator) +} + +// HasConsensusVersion is the interface for declaring a module consensus version. +type HasConsensusVersion interface { + // ConsensusVersion is a sequence number for state-breaking change of the + // module. It should be incremented on each consensus-breaking change + // introduced by the module. To avoid wrong/empty versions, the initial version + // should be set to 1. + ConsensusVersion() + +uint64 +} + +// HasABCIEndblock is a released typo of HasABCIEndBlock. +// Deprecated: use HasABCIEndBlock instead. +type HasABCIEndblock HasABCIEndBlock + +// HasABCIEndBlock is the interface for modules that need to run code at the end of the block. +type HasABCIEndBlock interface { + AppModule + EndBlock(context.Context) ([]abci.ValidatorUpdate, error) +} + +var ( + _ appmodule.AppModule = (*GenesisOnlyAppModule)(nil) + _ AppModuleBasic = (*GenesisOnlyAppModule)(nil) +) + +// AppModuleGenesis is the standard form for an application module genesis functions +type AppModuleGenesis interface { + AppModuleBasic + HasABCIGenesis +} + +// GenesisOnlyAppModule is an AppModule that only has import/export functionality +type GenesisOnlyAppModule struct { + AppModuleGenesis +} + +// NewGenesisOnlyAppModule creates a new GenesisOnlyAppModule object +func NewGenesisOnlyAppModule(amg AppModuleGenesis) + +GenesisOnlyAppModule { + return GenesisOnlyAppModule{ + AppModuleGenesis: amg, +} +} + +// IsOnePerModuleType implements the depinject.OnePerModuleType interface. +func (GenesisOnlyAppModule) + +IsOnePerModuleType() { +} + +// IsAppModule implements the appmodule.AppModule interface. +func (GenesisOnlyAppModule) + +IsAppModule() { +} + +// RegisterInvariants is a placeholder function register no invariants +func (GenesisOnlyAppModule) + +RegisterInvariants(_ sdk.InvariantRegistry) { +} + +// ConsensusVersion implements AppModule/ConsensusVersion. +func (gam GenesisOnlyAppModule) + +ConsensusVersion() + +uint64 { + return 1 +} + +// Manager defines a module manager that provides the high level utility for managing and executing +// operations for a group of modules +type Manager struct { + Modules map[string]any // interface{ +} + +is used now to support the legacy AppModule as well as new core appmodule.AppModule. + OrderInitGenesis []string + OrderExportGenesis []string + OrderPreBlockers []string + OrderBeginBlockers []string + OrderEndBlockers []string + OrderPrepareCheckStaters []string + OrderPrecommiters []string + OrderMigrations []string +} + +// NewManager creates a new Manager object. +func NewManager(modules ...AppModule) *Manager { + moduleMap := make(map[string]any) + modulesStr := make([]string, 0, len(modules)) + preBlockModulesStr := make([]string, 0) + for _, module := range modules { + if _, ok := module.(appmodule.AppModule); !ok { + panic(fmt.Sprintf("module %s does not implement appmodule.AppModule", module.Name())) +} + +moduleMap[module.Name()] = module + modulesStr = append(modulesStr, module.Name()) + if _, ok := module.(appmodule.HasPreBlocker); ok { + preBlockModulesStr = append(preBlockModulesStr, module.Name()) +} + +} + +return &Manager{ + Modules: moduleMap, + OrderInitGenesis: modulesStr, + OrderExportGenesis: modulesStr, + OrderPreBlockers: preBlockModulesStr, + OrderBeginBlockers: modulesStr, + OrderPrepareCheckStaters: modulesStr, + OrderPrecommiters: modulesStr, + OrderEndBlockers: modulesStr, +} +} + +// NewManagerFromMap creates a new Manager object from a map of module names to module implementations. +// This method should be used for apps and modules which have migrated to the cosmossdk.io/core.appmodule.AppModule API. +func NewManagerFromMap(moduleMap map[string]appmodule.AppModule) *Manager { + simpleModuleMap := make(map[string]any) + modulesStr := make([]string, 0, len(simpleModuleMap)) + preBlockModulesStr := make([]string, 0) + for name, module := range moduleMap { + simpleModuleMap[name] = module + modulesStr = append(modulesStr, name) + if _, ok := module.(appmodule.HasPreBlocker); ok { + preBlockModulesStr = append(preBlockModulesStr, name) +} + +} + + // Sort the modules by name. Given that we are using a map above we can't guarantee the order. + sort.Strings(modulesStr) + +return &Manager{ + Modules: simpleModuleMap, + OrderInitGenesis: modulesStr, + OrderExportGenesis: modulesStr, + OrderPreBlockers: preBlockModulesStr, + OrderBeginBlockers: modulesStr, + OrderEndBlockers: modulesStr, + OrderPrecommiters: modulesStr, + OrderPrepareCheckStaters: modulesStr, +} +} + +// SetOrderInitGenesis sets the order of init genesis calls +func (m *Manager) + +SetOrderInitGenesis(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderInitGenesis", moduleNames, func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasGenesis := module.(appmodule.HasGenesis); hasGenesis { + return !hasGenesis +} + if _, hasABCIGenesis := module.(HasABCIGenesis); hasABCIGenesis { + return !hasABCIGenesis +} + + _, hasGenesis := module.(HasGenesis) + +return !hasGenesis +}) + +m.OrderInitGenesis = moduleNames +} + +// SetOrderExportGenesis sets the order of export genesis calls +func (m *Manager) + +SetOrderExportGenesis(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderExportGenesis", moduleNames, func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasGenesis := module.(appmodule.HasGenesis); hasGenesis { + return !hasGenesis +} + if _, hasABCIGenesis := module.(HasABCIGenesis); hasABCIGenesis { + return !hasABCIGenesis +} + + _, hasGenesis := module.(HasGenesis) + +return !hasGenesis +}) + +m.OrderExportGenesis = moduleNames +} + +// SetOrderPreBlockers sets the order of set pre-blocker calls +func (m *Manager) + +SetOrderPreBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPreBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasBlock := module.(appmodule.HasPreBlocker) + +return !hasBlock +}) + +m.OrderPreBlockers = moduleNames +} + +// SetOrderBeginBlockers sets the order of set begin-blocker calls +func (m *Manager) + +SetOrderBeginBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderBeginBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasBeginBlock := module.(appmodule.HasBeginBlocker) + +return !hasBeginBlock +}) + +m.OrderBeginBlockers = moduleNames +} + +// SetOrderEndBlockers sets the order of set end-blocker calls +func (m *Manager) + +SetOrderEndBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderEndBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasEndBlock := module.(appmodule.HasEndBlocker); hasEndBlock { + return !hasEndBlock +} + + _, hasABCIEndBlock := module.(HasABCIEndBlock) + +return !hasABCIEndBlock +}) + +m.OrderEndBlockers = moduleNames +} + +// SetOrderPrepareCheckStaters sets the order of set prepare-check-stater calls +func (m *Manager) + +SetOrderPrepareCheckStaters(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPrepareCheckStaters", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasPrepareCheckState := module.(appmodule.HasPrepareCheckState) + +return !hasPrepareCheckState +}) + +m.OrderPrepareCheckStaters = moduleNames +} + +// SetOrderPrecommiters sets the order of set precommiter calls +func (m *Manager) + +SetOrderPrecommiters(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPrecommiters", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasPrecommit := module.(appmodule.HasPrecommit) + +return !hasPrecommit +}) + +m.OrderPrecommiters = moduleNames +} + +// SetOrderMigrations sets the order of migrations to be run. If not set +// then migrations will be run with an order defined in `DefaultMigrationsOrder`. +func (m *Manager) + +SetOrderMigrations(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderMigrations", moduleNames, nil) + +m.OrderMigrations = moduleNames +} + +// RegisterInvariants registers all module invariants +// +// Deprecated: this function is a no-op and will be removed in the next release of the Cosmos SDK. +func (m *Manager) + +RegisterInvariants(_ sdk.InvariantRegistry) { +} + +// RegisterServices registers all module services +func (m *Manager) + +RegisterServices(cfg Configurator) + +error { + for _, module := range m.Modules { + if module, ok := module.(HasServices); ok { + module.RegisterServices(cfg) +} + if module, ok := module.(appmodule.HasServices); ok { + err := module.RegisterServices(cfg) + if err != nil { + return err +} + +} + if cfg.Error() != nil { + return cfg.Error() +} + +} + +return nil +} + +// InitGenesis performs init genesis functionality for modules. Exactly one +// module must return a non-empty validator set update to correctly initialize +// the chain. +func (m *Manager) + +InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, genesisData map[string]json.RawMessage) (*abci.ResponseInitChain, error) { + var validatorUpdates []abci.ValidatorUpdate + ctx.Logger().Info("initializing blockchain state from genesis.json") + for _, moduleName := range m.OrderInitGenesis { + if genesisData[moduleName] == nil { + continue +} + mod := m.Modules[moduleName] + // we might get an adapted module, a native core API module or a legacy module + if module, ok := mod.(appmodule.HasGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + // core API genesis + source, err := genesis.SourceFromRawJSON(genesisData[moduleName]) + if err != nil { + return &abci.ResponseInitChain{ +}, err +} + +err = module.InitGenesis(ctx, source) + if err != nil { + return &abci.ResponseInitChain{ +}, err +} + +} + +else if module, ok := mod.(HasGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + +module.InitGenesis(ctx, cdc, genesisData[moduleName]) +} + +else if module, ok := mod.(HasABCIGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + moduleValUpdates := module.InitGenesis(ctx, cdc, genesisData[moduleName]) + + // use these validator updates if provided, the module manager assumes + // only one module will update the validator set + if len(moduleValUpdates) > 0 { + if len(validatorUpdates) > 0 { + return &abci.ResponseInitChain{ +}, errors.New("validator InitGenesis updates already set by a previous module") +} + +validatorUpdates = moduleValUpdates +} + +} + +} + + // a chain must initialize with a non-empty validator set + if len(validatorUpdates) == 0 { + return &abci.ResponseInitChain{ +}, fmt.Errorf("validator set is empty after InitGenesis, please ensure at least one validator is initialized with a delegation greater than or equal to the DefaultPowerReduction (%d)", sdk.DefaultPowerReduction) +} + +return &abci.ResponseInitChain{ + Validators: validatorUpdates, +}, nil +} + +// ExportGenesis performs export genesis functionality for modules +func (m *Manager) + +ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec) (map[string]json.RawMessage, error) { + return m.ExportGenesisForModules(ctx, cdc, []string{ +}) +} + +// ExportGenesisForModules performs export genesis functionality for modules +func (m *Manager) + +ExportGenesisForModules(ctx sdk.Context, cdc codec.JSONCodec, modulesToExport []string) (map[string]json.RawMessage, error) { + if len(modulesToExport) == 0 { + modulesToExport = m.OrderExportGenesis +} + // verify modules exists in app, so that we don't panic in the middle of an export + if err := m.checkModulesExists(modulesToExport); err != nil { + return nil, err +} + +type genesisResult struct { + bz json.RawMessage + err error +} + channels := make(map[string]chan genesisResult) + for _, moduleName := range modulesToExport { + mod := m.Modules[moduleName] + if module, ok := mod.(appmodule.HasGenesis); ok { + // core API genesis + channels[moduleName] = make(chan genesisResult) + +go func(module appmodule.HasGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + target := genesis.RawJSONTarget{ +} + err := module.ExportGenesis(ctx, target.Target()) + if err != nil { + ch <- genesisResult{ + nil, err +} + +return +} + +rawJSON, err := target.JSON() + if err != nil { + ch <- genesisResult{ + nil, err +} + +return +} + +ch <- genesisResult{ + rawJSON, nil +} + +}(module, channels[moduleName]) +} + +else if module, ok := mod.(HasGenesis); ok { + channels[moduleName] = make(chan genesisResult) + +go func(module HasGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + ch <- genesisResult{ + module.ExportGenesis(ctx, cdc), nil +} + +}(module, channels[moduleName]) +} + +else if module, ok := mod.(HasABCIGenesis); ok { + channels[moduleName] = make(chan genesisResult) + +go func(module HasABCIGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + ch <- genesisResult{ + module.ExportGenesis(ctx, cdc), nil +} + +}(module, channels[moduleName]) +} + +} + genesisData := make(map[string]json.RawMessage) + for moduleName := range channels { + res := <-channels[moduleName] + if res.err != nil { + return nil, fmt.Errorf("genesis export error in %s: %w", moduleName, res.err) +} + +genesisData[moduleName] = res.bz +} + +return genesisData, nil +} + +// checkModulesExists verifies that all modules in the list exist in the app +func (m *Manager) + +checkModulesExists(moduleName []string) + +error { + for _, name := range moduleName { + if _, ok := m.Modules[name]; !ok { + return fmt.Errorf("module %s does not exist", name) +} + +} + +return nil +} + +// assertNoForgottenModules checks that we didn't forget any modules in the SetOrder* functions. +// `pass` is a closure which allows one to omit modules from `moduleNames`. +// If you provide non-nil `pass` and it returns true, the module would not be subject of the assertion. +func (m *Manager) + +assertNoForgottenModules(setOrderFnName string, moduleNames []string, pass func(moduleName string) + +bool) { + ms := make(map[string]bool) + for _, m := range moduleNames { + ms[m] = true +} + +var missing []string + for m := range m.Modules { + if pass != nil && pass(m) { + continue +} + if !ms[m] { + missing = append(missing, m) +} + +} + if len(missing) != 0 { + sort.Strings(missing) + +panic(fmt.Sprintf( + "all modules must be defined when setting %s, missing: %v", setOrderFnName, missing)) +} +} + +// MigrationHandler is the migration function that each module registers. +type MigrationHandler func(sdk.Context) + +error + +// VersionMap is a map of moduleName -> version +type VersionMap map[string]uint64 + +// RunMigrations performs in-place store migrations for all modules. This +// function MUST be called insde an x/upgrade UpgradeHandler. +// +// Recall that in an upgrade handler, the `fromVM` VersionMap is retrieved from +// x/upgrade's store, and the function needs to return the target VersionMap +// that will in turn be persisted to the x/upgrade's store. In general, +// returning RunMigrations should be enough: +// +// Example: +// +// cfg := module.NewConfigurator(...) +// app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx context.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { +// return app.mm.RunMigrations(ctx, cfg, fromVM) +// +}) +// +// Internally, RunMigrations will perform the following steps: +// - create an `updatedVM` VersionMap of module with their latest ConsensusVersion +// - make a diff of `fromVM` and `udpatedVM`, and for each module: +// - if the module's `fromVM` version is less than its `updatedVM` version, +// then run in-place store migrations for that module between those versions. +// - if the module does not exist in the `fromVM` (which means that it's a new module, +// because it was not in the previous x/upgrade's store), then run +// `InitGenesis` on that module. +// +// - return the `updatedVM` to be persisted in the x/upgrade's store. +// +// Migrations are run in an order defined by `Manager.OrderMigrations` or (if not set) + +defined by +// `DefaultMigrationsOrder` function. +// +// As an app developer, if you wish to skip running InitGenesis for your new +// module "foo", you need to manually pass a `fromVM` argument to this function +// foo's module version set to its latest ConsensusVersion. That way, the diff +// between the function's `fromVM` and `udpatedVM` will be empty, hence not +// running anything for foo. +// +// Example: +// +// cfg := module.NewConfigurator(...) +// app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx context.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { +// // Assume "foo" is a new module. +// // `fromVM` is fetched from existing x/upgrade store. Since foo didn't exist +// // before this upgrade, `v, exists := fromVM["foo"]; exists == false`, and RunMigration will by default +// // run InitGenesis on foo. +// // To skip running foo's InitGenesis, you need set `fromVM`'s foo to its latest +// // consensus version: +// fromVM["foo"] = foo.AppModule{ +}.ConsensusVersion() +// +// return app.mm.RunMigrations(ctx, cfg, fromVM) +// +}) +// +// Please also refer to https://docs.cosmos.network/main/core/upgrade for more information. +func (m Manager) + +RunMigrations(ctx context.Context, cfg Configurator, fromVM VersionMap) (VersionMap, error) { + c, ok := cfg.(*configurator) + if !ok { + return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidType, "expected %T, got %T", &configurator{ +}, cfg) +} + modules := m.OrderMigrations + if modules == nil { + modules = DefaultMigrationsOrder(m.ModuleNames()) +} + sdkCtx := sdk.UnwrapSDKContext(ctx) + updatedVM := VersionMap{ +} + for _, moduleName := range modules { + module := m.Modules[moduleName] + fromVersion, exists := fromVM[moduleName] + toVersion := uint64(0) + if module, ok := module.(HasConsensusVersion); ok { + toVersion = module.ConsensusVersion() +} + + // We run migration if the module is specified in `fromVM`. + // Otherwise we run InitGenesis. + // + // The module won't exist in the fromVM in two cases: + // 1. A new module is added. In this case we run InitGenesis with an + // empty genesis state. + // 2. An existing chain is upgrading from version < 0.43 to v0.43+ for the first time. + // In this case, all modules have yet to be added to x/upgrade's VersionMap store. + if exists { + err := c.runModuleMigrations(sdkCtx, moduleName, fromVersion, toVersion) + if err != nil { + return nil, err +} + +} + +else { + sdkCtx.Logger().Info(fmt.Sprintf("adding a new module: %s", moduleName)) + if module, ok := m.Modules[moduleName].(HasGenesis); ok { + module.InitGenesis(sdkCtx, c.cdc, module.DefaultGenesis(c.cdc)) +} + if module, ok := m.Modules[moduleName].(HasABCIGenesis); ok { + moduleValUpdates := module.InitGenesis(sdkCtx, c.cdc, module.DefaultGenesis(c.cdc)) + // The module manager assumes only one module will update the + // validator set, and it can't be a new module. + if len(moduleValUpdates) > 0 { + return nil, errorsmod.Wrapf(sdkerrors.ErrLogic, "validator InitGenesis update is already set by another module") +} + +} + +} + +updatedVM[moduleName] = toVersion +} + +return updatedVM, nil +} + +// PreBlock performs begin block functionality for upgrade module. +// It takes the current context as a parameter and returns a boolean value +// indicating whether the migration was successfully executed or not. +func (m *Manager) + +PreBlock(ctx sdk.Context) (*sdk.ResponsePreBlock, error) { + paramsChanged := false + for _, moduleName := range m.OrderPreBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasPreBlocker); ok { + rsp, err := module.PreBlock(ctx) + if err != nil { + return nil, err +} + if rsp.IsConsensusParamsChanged() { + paramsChanged = true +} + +} + +} + +return &sdk.ResponsePreBlock{ + ConsensusParamsChanged: paramsChanged, +}, nil +} + +// BeginBlock performs begin block functionality for all modules. It creates a +// child context with an event manager to aggregate events emitted from all +// modules. +func (m *Manager) + +BeginBlock(ctx sdk.Context) (sdk.BeginBlock, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + for _, moduleName := range m.OrderBeginBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasBeginBlocker); ok { + if err := module.BeginBlock(ctx); err != nil { + return sdk.BeginBlock{ +}, err +} + +} + +} + +return sdk.BeginBlock{ + Events: ctx.EventManager().ABCIEvents(), +}, nil +} + +// EndBlock performs end block functionality for all modules. It creates a +// child context with an event manager to aggregate events emitted from all +// modules. +func (m *Manager) + +EndBlock(ctx sdk.Context) (sdk.EndBlock, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + validatorUpdates := []abci.ValidatorUpdate{ +} + for _, moduleName := range m.OrderEndBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasEndBlocker); ok { + err := module.EndBlock(ctx) + if err != nil { + return sdk.EndBlock{ +}, err +} + +} + +else if module, ok := m.Modules[moduleName].(HasABCIEndBlock); ok { + moduleValUpdates, err := module.EndBlock(ctx) + if err != nil { + return sdk.EndBlock{ +}, err +} + // use these validator updates if provided, the module manager assumes + // only one module will update the validator set + if len(moduleValUpdates) > 0 { + if len(validatorUpdates) > 0 { + return sdk.EndBlock{ +}, errors.New("validator EndBlock updates already set by a previous module") +} + for _, updates := range moduleValUpdates { + validatorUpdates = append(validatorUpdates, abci.ValidatorUpdate{ + PubKey: updates.PubKey, + Power: updates.Power +}) +} + +} + +} + +else { + continue +} + +} + +return sdk.EndBlock{ + ValidatorUpdates: validatorUpdates, + Events: ctx.EventManager().ABCIEvents(), +}, nil +} + +// Precommit performs precommit functionality for all modules. +func (m *Manager) + +Precommit(ctx sdk.Context) + +error { + for _, moduleName := range m.OrderPrecommiters { + module, ok := m.Modules[moduleName].(appmodule.HasPrecommit) + if !ok { + continue +} + if err := module.Precommit(ctx); err != nil { + return err +} + +} + +return nil +} + +// PrepareCheckState performs functionality for preparing the check state for all modules. +func (m *Manager) + +PrepareCheckState(ctx sdk.Context) + +error { + for _, moduleName := range m.OrderPrepareCheckStaters { + module, ok := m.Modules[moduleName].(appmodule.HasPrepareCheckState) + if !ok { + continue +} + if err := module.PrepareCheckState(ctx); err != nil { + return err +} + +} + +return nil +} + +// GetVersionMap gets consensus version from all modules +func (m *Manager) + +GetVersionMap() + +VersionMap { + vermap := make(VersionMap) + for name, v := range m.Modules { + version := uint64(0) + if v, ok := v.(HasConsensusVersion); ok { + version = v.ConsensusVersion() +} + +vermap[name] = version +} + +return vermap +} + +// ModuleNames returns list of all module names, without any particular order. +func (m *Manager) + +ModuleNames() []string { + return slices.Collect(maps.Keys(m.Modules)) +} + +// DefaultMigrationsOrder returns a default migrations order: ascending alphabetical by module name, +// except x/auth which will run last, see: +// https://github.com/cosmos/cosmos-sdk/issues/10591 +func DefaultMigrationsOrder(modules []string) []string { + const authName = "auth" + out := make([]string, 0, len(modules)) + hasAuth := false + for _, m := range modules { + if m == authName { + hasAuth = true +} + +else { + out = append(out, m) +} + +} + +sort.Strings(out) + if hasAuth { + out = append(out, authName) +} + +return out +} +``` + +It implements the following methods: + +* `NewBasicManager(modules ...AppModuleBasic)`: Constructor function. It takes a list of the application's `AppModuleBasic` and builds a new `BasicManager`. This function is generally called in the `init()` function of [`app.go`](/docs/sdk/vnext/learn/beginner/app-anatomy#core-application-file) to quickly initialize the independent elements of the application's modules (click [here](https://github.com/cosmos/gaia/blob/main/app/app.go#L59-L74) to see an example). +* `NewBasicManagerFromManager(manager *Manager, customModuleBasics map[string]AppModuleBasic)`: Constructor function. It creates a new `BasicManager` from a `Manager`. The `BasicManager` will contain all `AppModuleBasic` from the `AppModule` manager using `CoreAppModuleBasicAdaptor` whenever possible. Module's `AppModuleBasic` can be overridden by passing a custom AppModuleBasic map +* `RegisterLegacyAminoCodec(cdc *codec.LegacyAmino)`: Registers the [`codec.LegacyAmino`s](/docs/sdk/vnext/learn/advanced/encoding#amino) of each of the application's `AppModuleBasic`. This function is usually called early on in the [application's construction](/docs/sdk/vnext/learn/beginner/app-anatomy#constructor). +* `RegisterInterfaces(registry codectypes.InterfaceRegistry)`: Registers interface types and implementations of each of the application's `AppModuleBasic`. +* `DefaultGenesis(cdc codec.JSONCodec)`: Provides default genesis information for modules in the application by calling the [`DefaultGenesis(cdc codec.JSONCodec)`](/docs/sdk/vnext/build/building-modules/genesis#defaultgenesis) function of each module. It only calls the modules that implements the `HasGenesisBasics` interfaces. +* `ValidateGenesis(cdc codec.JSONCodec, txEncCfg client.TxEncodingConfig, genesis map[string]json.RawMessage)`: Validates the genesis information modules by calling the [`ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage)`](/docs/sdk/vnext/build/building-modules/genesis#validategenesis) function of modules implementing the `HasGenesisBasics` interface. +* `RegisterGRPCGatewayRoutes(clientCtx client.Context, rtr *runtime.ServeMux)`: Registers gRPC routes for modules. +* `AddTxCommands(rootTxCmd *cobra.Command)`: Adds modules' transaction commands (defined as `GetTxCmd() *cobra.Command`) to the application's [`rootTxCommand`](/docs/sdk/vnext/learn/advanced/cli#transaction-commands). This function is usually called function from the `main.go` function of the [application's command-line interface](/docs/sdk/vnext/learn/advanced/cli). +* `AddQueryCommands(rootQueryCmd *cobra.Command)`: Adds modules' query commands (defined as `GetQueryCmd() *cobra.Command`) to the application's [`rootQueryCommand`](/docs/sdk/vnext/learn/advanced/cli#query-commands). This function is usually called function from the `main.go` function of the [application's command-line interface](/docs/sdk/vnext/learn/advanced/cli). + +### `Manager` + +The `Manager` is a structure that holds all the `AppModule` of an application, and defines the order of execution between several key components of these modules: + +```go expandable +/* +Package module contains application module patterns and associated "manager" functionality. +The module pattern has been broken down by: + - independent module functionality (AppModuleBasic) + - inter-dependent module simulation functionality (AppModuleSimulation) + - inter-dependent module full functionality (AppModule) + +inter-dependent module functionality is module functionality which somehow +depends on other modules, typically through the module keeper. Many of the +module keepers are dependent on each other, thus in order to access the full +set of module functionality we need to define all the keepers/params-store/keys +etc. This full set of advanced functionality is defined by the AppModule interface. + +Independent module functions are separated to allow for the construction of the +basic application structures required early on in the application definition +and used to enable the definition of full module functionality later in the +process. This separation is necessary, however we still want to allow for a +high level pattern for modules to follow - for instance, such that we don't +have to manually register all of the codecs for all the modules. This basic +procedure as well as other basic patterns are handled through the use of +BasicManager. + +Lastly the interface for genesis functionality (HasGenesis & HasABCIGenesis) + +has been +separated out from full module functionality (AppModule) + +so that modules which +are only used for genesis can take advantage of the Module patterns without +needlessly defining many placeholder functions +*/ +package module + +import ( + + "context" + "encoding/json" + "errors" + "fmt" + "maps" + "slices" + "sort" + + abci "github.com/cometbft/cometbft/abci/types" + "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/spf13/cobra" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/core/genesis" + errorsmod "cosmossdk.io/errors" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" +) + +// AppModuleBasic is the standard form for basic non-dependant elements of an application module. +type AppModuleBasic interface { + HasName + RegisterLegacyAminoCodec(*codec.LegacyAmino) + +RegisterInterfaces(types.InterfaceRegistry) + +RegisterGRPCGatewayRoutes(client.Context, *runtime.ServeMux) +} + +// HasName allows the module to provide its own name for legacy purposes. +// Newer apps should specify the name for their modules using a map +// using NewManagerFromMap. +type HasName interface { + Name() + +string +} + +// HasGenesisBasics is the legacy interface for stateless genesis methods. +type HasGenesisBasics interface { + DefaultGenesis(codec.JSONCodec) + +json.RawMessage + ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage) + +error +} + +// BasicManager is a collection of AppModuleBasic +type BasicManager map[string]AppModuleBasic + +// NewBasicManager creates a new BasicManager object +func NewBasicManager(modules ...AppModuleBasic) + +BasicManager { + moduleMap := make(map[string]AppModuleBasic) + for _, module := range modules { + moduleMap[module.Name()] = module +} + +return moduleMap +} + +// NewBasicManagerFromManager creates a new BasicManager from a Manager +// The BasicManager will contain all AppModuleBasic from the AppModule Manager +// Module's AppModuleBasic can be overridden by passing a custom AppModuleBasic map +func NewBasicManagerFromManager(manager *Manager, customModuleBasics map[string]AppModuleBasic) + +BasicManager { + moduleMap := make(map[string]AppModuleBasic) + for name, module := range manager.Modules { + if customBasicMod, ok := customModuleBasics[name]; ok { + moduleMap[name] = customBasicMod + continue +} + if appModule, ok := module.(appmodule.AppModule); ok { + moduleMap[name] = CoreAppModuleBasicAdaptor(name, appModule) + +continue +} + if basicMod, ok := module.(AppModuleBasic); ok { + moduleMap[name] = basicMod +} + +} + +return moduleMap +} + +// RegisterLegacyAminoCodec registers all module codecs +func (bm BasicManager) + +RegisterLegacyAminoCodec(cdc *codec.LegacyAmino) { + for _, b := range bm { + b.RegisterLegacyAminoCodec(cdc) +} +} + +// RegisterInterfaces registers all module interface types +func (bm BasicManager) + +RegisterInterfaces(registry types.InterfaceRegistry) { + for _, m := range bm { + m.RegisterInterfaces(registry) +} +} + +// DefaultGenesis provides default genesis information for all modules +func (bm BasicManager) + +DefaultGenesis(cdc codec.JSONCodec) + +map[string]json.RawMessage { + genesisData := make(map[string]json.RawMessage) + for _, b := range bm { + if mod, ok := b.(HasGenesisBasics); ok { + genesisData[b.Name()] = mod.DefaultGenesis(cdc) +} + +} + +return genesisData +} + +// ValidateGenesis performs genesis state validation for all modules +func (bm BasicManager) + +ValidateGenesis(cdc codec.JSONCodec, txEncCfg client.TxEncodingConfig, genesisData map[string]json.RawMessage) + +error { + for _, b := range bm { + // first check if the module is an adapted Core API Module + if mod, ok := b.(HasGenesisBasics); ok { + if err := mod.ValidateGenesis(cdc, txEncCfg, genesisData[b.Name()]); err != nil { + return err +} + +} + +} + +return nil +} + +// RegisterGRPCGatewayRoutes registers all module rest routes +func (bm BasicManager) + +RegisterGRPCGatewayRoutes(clientCtx client.Context, rtr *runtime.ServeMux) { + for _, b := range bm { + b.RegisterGRPCGatewayRoutes(clientCtx, rtr) +} +} + +// AddTxCommands adds all tx commands to the rootTxCmd. +func (bm BasicManager) + +AddTxCommands(rootTxCmd *cobra.Command) { + for _, b := range bm { + if mod, ok := b.(interface { + GetTxCmd() *cobra.Command +}); ok { + if cmd := mod.GetTxCmd(); cmd != nil { + rootTxCmd.AddCommand(cmd) +} + +} + +} +} + +// AddQueryCommands adds all query commands to the rootQueryCmd. +func (bm BasicManager) + +AddQueryCommands(rootQueryCmd *cobra.Command) { + for _, b := range bm { + if mod, ok := b.(interface { + GetQueryCmd() *cobra.Command +}); ok { + if cmd := mod.GetQueryCmd(); cmd != nil { + rootQueryCmd.AddCommand(cmd) +} + +} + +} +} + +// HasGenesis is the extension interface for stateful genesis methods. +type HasGenesis interface { + HasGenesisBasics + InitGenesis(sdk.Context, codec.JSONCodec, json.RawMessage) + +ExportGenesis(sdk.Context, codec.JSONCodec) + +json.RawMessage +} + +// HasABCIGenesis is the extension interface for stateful genesis methods which returns validator updates. +type HasABCIGenesis interface { + HasGenesisBasics + InitGenesis(sdk.Context, codec.JSONCodec, json.RawMessage) []abci.ValidatorUpdate + ExportGenesis(sdk.Context, codec.JSONCodec) + +json.RawMessage +} + +// AppModule is the form for an application module. Most of +// its functionality has been moved to extension interfaces. +// Deprecated: use appmodule.AppModule with a combination of extension interfaes interfaces instead. +type AppModule interface { + appmodule.AppModule + + AppModuleBasic +} + +// HasInvariants is the interface for registering invariants. +// +// Deprecated: this will be removed in the next Cosmos SDK release. +type HasInvariants interface { + // RegisterInvariants registers module invariants. + RegisterInvariants(sdk.InvariantRegistry) +} + +// HasServices is the interface for modules to register services. +type HasServices interface { + // RegisterServices allows a module to register services. + RegisterServices(Configurator) +} + +// HasConsensusVersion is the interface for declaring a module consensus version. +type HasConsensusVersion interface { + // ConsensusVersion is a sequence number for state-breaking change of the + // module. It should be incremented on each consensus-breaking change + // introduced by the module. To avoid wrong/empty versions, the initial version + // should be set to 1. + ConsensusVersion() + +uint64 +} + +// HasABCIEndblock is a released typo of HasABCIEndBlock. +// Deprecated: use HasABCIEndBlock instead. +type HasABCIEndblock HasABCIEndBlock + +// HasABCIEndBlock is the interface for modules that need to run code at the end of the block. +type HasABCIEndBlock interface { + AppModule + EndBlock(context.Context) ([]abci.ValidatorUpdate, error) +} + +var ( + _ appmodule.AppModule = (*GenesisOnlyAppModule)(nil) + _ AppModuleBasic = (*GenesisOnlyAppModule)(nil) +) + +// AppModuleGenesis is the standard form for an application module genesis functions +type AppModuleGenesis interface { + AppModuleBasic + HasABCIGenesis +} + +// GenesisOnlyAppModule is an AppModule that only has import/export functionality +type GenesisOnlyAppModule struct { + AppModuleGenesis +} + +// NewGenesisOnlyAppModule creates a new GenesisOnlyAppModule object +func NewGenesisOnlyAppModule(amg AppModuleGenesis) + +GenesisOnlyAppModule { + return GenesisOnlyAppModule{ + AppModuleGenesis: amg, +} +} + +// IsOnePerModuleType implements the depinject.OnePerModuleType interface. +func (GenesisOnlyAppModule) + +IsOnePerModuleType() { +} + +// IsAppModule implements the appmodule.AppModule interface. +func (GenesisOnlyAppModule) + +IsAppModule() { +} + +// RegisterInvariants is a placeholder function register no invariants +func (GenesisOnlyAppModule) + +RegisterInvariants(_ sdk.InvariantRegistry) { +} + +// ConsensusVersion implements AppModule/ConsensusVersion. +func (gam GenesisOnlyAppModule) + +ConsensusVersion() + +uint64 { + return 1 +} + +// Manager defines a module manager that provides the high level utility for managing and executing +// operations for a group of modules +type Manager struct { + Modules map[string]any // interface{ +} + +is used now to support the legacy AppModule as well as new core appmodule.AppModule. + OrderInitGenesis []string + OrderExportGenesis []string + OrderPreBlockers []string + OrderBeginBlockers []string + OrderEndBlockers []string + OrderPrepareCheckStaters []string + OrderPrecommiters []string + OrderMigrations []string +} + +// NewManager creates a new Manager object. +func NewManager(modules ...AppModule) *Manager { + moduleMap := make(map[string]any) + modulesStr := make([]string, 0, len(modules)) + preBlockModulesStr := make([]string, 0) + for _, module := range modules { + if _, ok := module.(appmodule.AppModule); !ok { + panic(fmt.Sprintf("module %s does not implement appmodule.AppModule", module.Name())) +} + +moduleMap[module.Name()] = module + modulesStr = append(modulesStr, module.Name()) + if _, ok := module.(appmodule.HasPreBlocker); ok { + preBlockModulesStr = append(preBlockModulesStr, module.Name()) +} + +} + +return &Manager{ + Modules: moduleMap, + OrderInitGenesis: modulesStr, + OrderExportGenesis: modulesStr, + OrderPreBlockers: preBlockModulesStr, + OrderBeginBlockers: modulesStr, + OrderPrepareCheckStaters: modulesStr, + OrderPrecommiters: modulesStr, + OrderEndBlockers: modulesStr, +} +} + +// NewManagerFromMap creates a new Manager object from a map of module names to module implementations. +// This method should be used for apps and modules which have migrated to the cosmossdk.io/core.appmodule.AppModule API. +func NewManagerFromMap(moduleMap map[string]appmodule.AppModule) *Manager { + simpleModuleMap := make(map[string]any) + modulesStr := make([]string, 0, len(simpleModuleMap)) + preBlockModulesStr := make([]string, 0) + for name, module := range moduleMap { + simpleModuleMap[name] = module + modulesStr = append(modulesStr, name) + if _, ok := module.(appmodule.HasPreBlocker); ok { + preBlockModulesStr = append(preBlockModulesStr, name) +} + +} + + // Sort the modules by name. Given that we are using a map above we can't guarantee the order. + sort.Strings(modulesStr) + +return &Manager{ + Modules: simpleModuleMap, + OrderInitGenesis: modulesStr, + OrderExportGenesis: modulesStr, + OrderPreBlockers: preBlockModulesStr, + OrderBeginBlockers: modulesStr, + OrderEndBlockers: modulesStr, + OrderPrecommiters: modulesStr, + OrderPrepareCheckStaters: modulesStr, +} +} + +// SetOrderInitGenesis sets the order of init genesis calls +func (m *Manager) + +SetOrderInitGenesis(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderInitGenesis", moduleNames, func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasGenesis := module.(appmodule.HasGenesis); hasGenesis { + return !hasGenesis +} + if _, hasABCIGenesis := module.(HasABCIGenesis); hasABCIGenesis { + return !hasABCIGenesis +} + + _, hasGenesis := module.(HasGenesis) + +return !hasGenesis +}) + +m.OrderInitGenesis = moduleNames +} + +// SetOrderExportGenesis sets the order of export genesis calls +func (m *Manager) + +SetOrderExportGenesis(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderExportGenesis", moduleNames, func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasGenesis := module.(appmodule.HasGenesis); hasGenesis { + return !hasGenesis +} + if _, hasABCIGenesis := module.(HasABCIGenesis); hasABCIGenesis { + return !hasABCIGenesis +} + + _, hasGenesis := module.(HasGenesis) + +return !hasGenesis +}) + +m.OrderExportGenesis = moduleNames +} + +// SetOrderPreBlockers sets the order of set pre-blocker calls +func (m *Manager) + +SetOrderPreBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPreBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasBlock := module.(appmodule.HasPreBlocker) + +return !hasBlock +}) + +m.OrderPreBlockers = moduleNames +} + +// SetOrderBeginBlockers sets the order of set begin-blocker calls +func (m *Manager) + +SetOrderBeginBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderBeginBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasBeginBlock := module.(appmodule.HasBeginBlocker) + +return !hasBeginBlock +}) + +m.OrderBeginBlockers = moduleNames +} + +// SetOrderEndBlockers sets the order of set end-blocker calls +func (m *Manager) + +SetOrderEndBlockers(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderEndBlockers", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + if _, hasEndBlock := module.(appmodule.HasEndBlocker); hasEndBlock { + return !hasEndBlock +} + + _, hasABCIEndBlock := module.(HasABCIEndBlock) + +return !hasABCIEndBlock +}) + +m.OrderEndBlockers = moduleNames +} + +// SetOrderPrepareCheckStaters sets the order of set prepare-check-stater calls +func (m *Manager) + +SetOrderPrepareCheckStaters(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPrepareCheckStaters", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasPrepareCheckState := module.(appmodule.HasPrepareCheckState) + +return !hasPrepareCheckState +}) + +m.OrderPrepareCheckStaters = moduleNames +} + +// SetOrderPrecommiters sets the order of set precommiter calls +func (m *Manager) + +SetOrderPrecommiters(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderPrecommiters", moduleNames, + func(moduleName string) + +bool { + module := m.Modules[moduleName] + _, hasPrecommit := module.(appmodule.HasPrecommit) + +return !hasPrecommit +}) + +m.OrderPrecommiters = moduleNames +} + +// SetOrderMigrations sets the order of migrations to be run. If not set +// then migrations will be run with an order defined in `DefaultMigrationsOrder`. +func (m *Manager) + +SetOrderMigrations(moduleNames ...string) { + m.assertNoForgottenModules("SetOrderMigrations", moduleNames, nil) + +m.OrderMigrations = moduleNames +} + +// RegisterInvariants registers all module invariants +// +// Deprecated: this function is a no-op and will be removed in the next release of the Cosmos SDK. +func (m *Manager) + +RegisterInvariants(_ sdk.InvariantRegistry) { +} + +// RegisterServices registers all module services +func (m *Manager) + +RegisterServices(cfg Configurator) + +error { + for _, module := range m.Modules { + if module, ok := module.(HasServices); ok { + module.RegisterServices(cfg) +} + if module, ok := module.(appmodule.HasServices); ok { + err := module.RegisterServices(cfg) + if err != nil { + return err +} + +} + if cfg.Error() != nil { + return cfg.Error() +} + +} + +return nil +} + +// InitGenesis performs init genesis functionality for modules. Exactly one +// module must return a non-empty validator set update to correctly initialize +// the chain. +func (m *Manager) + +InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, genesisData map[string]json.RawMessage) (*abci.ResponseInitChain, error) { + var validatorUpdates []abci.ValidatorUpdate + ctx.Logger().Info("initializing blockchain state from genesis.json") + for _, moduleName := range m.OrderInitGenesis { + if genesisData[moduleName] == nil { + continue +} + mod := m.Modules[moduleName] + // we might get an adapted module, a native core API module or a legacy module + if module, ok := mod.(appmodule.HasGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + // core API genesis + source, err := genesis.SourceFromRawJSON(genesisData[moduleName]) + if err != nil { + return &abci.ResponseInitChain{ +}, err +} + +err = module.InitGenesis(ctx, source) + if err != nil { + return &abci.ResponseInitChain{ +}, err +} + +} + +else if module, ok := mod.(HasGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + +module.InitGenesis(ctx, cdc, genesisData[moduleName]) +} + +else if module, ok := mod.(HasABCIGenesis); ok { + ctx.Logger().Debug("running initialization for module", "module", moduleName) + moduleValUpdates := module.InitGenesis(ctx, cdc, genesisData[moduleName]) + + // use these validator updates if provided, the module manager assumes + // only one module will update the validator set + if len(moduleValUpdates) > 0 { + if len(validatorUpdates) > 0 { + return &abci.ResponseInitChain{ +}, errors.New("validator InitGenesis updates already set by a previous module") +} + +validatorUpdates = moduleValUpdates +} + +} + +} + + // a chain must initialize with a non-empty validator set + if len(validatorUpdates) == 0 { + return &abci.ResponseInitChain{ +}, fmt.Errorf("validator set is empty after InitGenesis, please ensure at least one validator is initialized with a delegation greater than or equal to the DefaultPowerReduction (%d)", sdk.DefaultPowerReduction) +} + +return &abci.ResponseInitChain{ + Validators: validatorUpdates, +}, nil +} + +// ExportGenesis performs export genesis functionality for modules +func (m *Manager) + +ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec) (map[string]json.RawMessage, error) { + return m.ExportGenesisForModules(ctx, cdc, []string{ +}) +} + +// ExportGenesisForModules performs export genesis functionality for modules +func (m *Manager) + +ExportGenesisForModules(ctx sdk.Context, cdc codec.JSONCodec, modulesToExport []string) (map[string]json.RawMessage, error) { + if len(modulesToExport) == 0 { + modulesToExport = m.OrderExportGenesis +} + // verify modules exists in app, so that we don't panic in the middle of an export + if err := m.checkModulesExists(modulesToExport); err != nil { + return nil, err +} + +type genesisResult struct { + bz json.RawMessage + err error +} + channels := make(map[string]chan genesisResult) + for _, moduleName := range modulesToExport { + mod := m.Modules[moduleName] + if module, ok := mod.(appmodule.HasGenesis); ok { + // core API genesis + channels[moduleName] = make(chan genesisResult) + +go func(module appmodule.HasGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + target := genesis.RawJSONTarget{ +} + err := module.ExportGenesis(ctx, target.Target()) + if err != nil { + ch <- genesisResult{ + nil, err +} + +return +} + +rawJSON, err := target.JSON() + if err != nil { + ch <- genesisResult{ + nil, err +} + +return +} + +ch <- genesisResult{ + rawJSON, nil +} + +}(module, channels[moduleName]) +} + +else if module, ok := mod.(HasGenesis); ok { + channels[moduleName] = make(chan genesisResult) + +go func(module HasGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + ch <- genesisResult{ + module.ExportGenesis(ctx, cdc), nil +} + +}(module, channels[moduleName]) +} + +else if module, ok := mod.(HasABCIGenesis); ok { + channels[moduleName] = make(chan genesisResult) + +go func(module HasABCIGenesis, ch chan genesisResult) { + ctx := ctx.WithGasMeter(storetypes.NewInfiniteGasMeter()) // avoid race conditions + ch <- genesisResult{ + module.ExportGenesis(ctx, cdc), nil +} + +}(module, channels[moduleName]) +} + +} + genesisData := make(map[string]json.RawMessage) + for moduleName := range channels { + res := <-channels[moduleName] + if res.err != nil { + return nil, fmt.Errorf("genesis export error in %s: %w", moduleName, res.err) +} + +genesisData[moduleName] = res.bz +} + +return genesisData, nil +} + +// checkModulesExists verifies that all modules in the list exist in the app +func (m *Manager) + +checkModulesExists(moduleName []string) + +error { + for _, name := range moduleName { + if _, ok := m.Modules[name]; !ok { + return fmt.Errorf("module %s does not exist", name) +} + +} + +return nil +} + +// assertNoForgottenModules checks that we didn't forget any modules in the SetOrder* functions. +// `pass` is a closure which allows one to omit modules from `moduleNames`. +// If you provide non-nil `pass` and it returns true, the module would not be subject of the assertion. +func (m *Manager) + +assertNoForgottenModules(setOrderFnName string, moduleNames []string, pass func(moduleName string) + +bool) { + ms := make(map[string]bool) + for _, m := range moduleNames { + ms[m] = true +} + +var missing []string + for m := range m.Modules { + if pass != nil && pass(m) { + continue +} + if !ms[m] { + missing = append(missing, m) +} + +} + if len(missing) != 0 { + sort.Strings(missing) + +panic(fmt.Sprintf( + "all modules must be defined when setting %s, missing: %v", setOrderFnName, missing)) +} +} + +// MigrationHandler is the migration function that each module registers. +type MigrationHandler func(sdk.Context) + +error + +// VersionMap is a map of moduleName -> version +type VersionMap map[string]uint64 + +// RunMigrations performs in-place store migrations for all modules. This +// function MUST be called insde an x/upgrade UpgradeHandler. +// +// Recall that in an upgrade handler, the `fromVM` VersionMap is retrieved from +// x/upgrade's store, and the function needs to return the target VersionMap +// that will in turn be persisted to the x/upgrade's store. In general, +// returning RunMigrations should be enough: +// +// Example: +// +// cfg := module.NewConfigurator(...) +// app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx context.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { +// return app.mm.RunMigrations(ctx, cfg, fromVM) +// +}) +// +// Internally, RunMigrations will perform the following steps: +// - create an `updatedVM` VersionMap of module with their latest ConsensusVersion +// - make a diff of `fromVM` and `udpatedVM`, and for each module: +// - if the module's `fromVM` version is less than its `updatedVM` version, +// then run in-place store migrations for that module between those versions. +// - if the module does not exist in the `fromVM` (which means that it's a new module, +// because it was not in the previous x/upgrade's store), then run +// `InitGenesis` on that module. +// +// - return the `updatedVM` to be persisted in the x/upgrade's store. +// +// Migrations are run in an order defined by `Manager.OrderMigrations` or (if not set) + +defined by +// `DefaultMigrationsOrder` function. +// +// As an app developer, if you wish to skip running InitGenesis for your new +// module "foo", you need to manually pass a `fromVM` argument to this function +// foo's module version set to its latest ConsensusVersion. That way, the diff +// between the function's `fromVM` and `udpatedVM` will be empty, hence not +// running anything for foo. +// +// Example: +// +// cfg := module.NewConfigurator(...) +// app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx context.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { +// // Assume "foo" is a new module. +// // `fromVM` is fetched from existing x/upgrade store. Since foo didn't exist +// // before this upgrade, `v, exists := fromVM["foo"]; exists == false`, and RunMigration will by default +// // run InitGenesis on foo. +// // To skip running foo's InitGenesis, you need set `fromVM`'s foo to its latest +// // consensus version: +// fromVM["foo"] = foo.AppModule{ +}.ConsensusVersion() +// +// return app.mm.RunMigrations(ctx, cfg, fromVM) +// +}) +// +// Please also refer to https://docs.cosmos.network/main/core/upgrade for more information. +func (m Manager) + +RunMigrations(ctx context.Context, cfg Configurator, fromVM VersionMap) (VersionMap, error) { + c, ok := cfg.(*configurator) + if !ok { + return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidType, "expected %T, got %T", &configurator{ +}, cfg) +} + modules := m.OrderMigrations + if modules == nil { + modules = DefaultMigrationsOrder(m.ModuleNames()) +} + sdkCtx := sdk.UnwrapSDKContext(ctx) + updatedVM := VersionMap{ +} + for _, moduleName := range modules { + module := m.Modules[moduleName] + fromVersion, exists := fromVM[moduleName] + toVersion := uint64(0) + if module, ok := module.(HasConsensusVersion); ok { + toVersion = module.ConsensusVersion() +} + + // We run migration if the module is specified in `fromVM`. + // Otherwise we run InitGenesis. + // + // The module won't exist in the fromVM in two cases: + // 1. A new module is added. In this case we run InitGenesis with an + // empty genesis state. + // 2. An existing chain is upgrading from version < 0.43 to v0.43+ for the first time. + // In this case, all modules have yet to be added to x/upgrade's VersionMap store. + if exists { + err := c.runModuleMigrations(sdkCtx, moduleName, fromVersion, toVersion) + if err != nil { + return nil, err +} + +} + +else { + sdkCtx.Logger().Info(fmt.Sprintf("adding a new module: %s", moduleName)) + if module, ok := m.Modules[moduleName].(HasGenesis); ok { + module.InitGenesis(sdkCtx, c.cdc, module.DefaultGenesis(c.cdc)) +} + if module, ok := m.Modules[moduleName].(HasABCIGenesis); ok { + moduleValUpdates := module.InitGenesis(sdkCtx, c.cdc, module.DefaultGenesis(c.cdc)) + // The module manager assumes only one module will update the + // validator set, and it can't be a new module. + if len(moduleValUpdates) > 0 { + return nil, errorsmod.Wrapf(sdkerrors.ErrLogic, "validator InitGenesis update is already set by another module") +} + +} + +} + +updatedVM[moduleName] = toVersion +} + +return updatedVM, nil +} + +// PreBlock performs begin block functionality for upgrade module. +// It takes the current context as a parameter and returns a boolean value +// indicating whether the migration was successfully executed or not. +func (m *Manager) + +PreBlock(ctx sdk.Context) (*sdk.ResponsePreBlock, error) { + paramsChanged := false + for _, moduleName := range m.OrderPreBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasPreBlocker); ok { + rsp, err := module.PreBlock(ctx) + if err != nil { + return nil, err +} + if rsp.IsConsensusParamsChanged() { + paramsChanged = true +} + +} + +} + +return &sdk.ResponsePreBlock{ + ConsensusParamsChanged: paramsChanged, +}, nil +} + +// BeginBlock performs begin block functionality for all modules. It creates a +// child context with an event manager to aggregate events emitted from all +// modules. +func (m *Manager) + +BeginBlock(ctx sdk.Context) (sdk.BeginBlock, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + for _, moduleName := range m.OrderBeginBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasBeginBlocker); ok { + if err := module.BeginBlock(ctx); err != nil { + return sdk.BeginBlock{ +}, err +} + +} + +} + +return sdk.BeginBlock{ + Events: ctx.EventManager().ABCIEvents(), +}, nil +} + +// EndBlock performs end block functionality for all modules. It creates a +// child context with an event manager to aggregate events emitted from all +// modules. +func (m *Manager) + +EndBlock(ctx sdk.Context) (sdk.EndBlock, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + validatorUpdates := []abci.ValidatorUpdate{ +} + for _, moduleName := range m.OrderEndBlockers { + if module, ok := m.Modules[moduleName].(appmodule.HasEndBlocker); ok { + err := module.EndBlock(ctx) + if err != nil { + return sdk.EndBlock{ +}, err +} + +} + +else if module, ok := m.Modules[moduleName].(HasABCIEndBlock); ok { + moduleValUpdates, err := module.EndBlock(ctx) + if err != nil { + return sdk.EndBlock{ +}, err +} + // use these validator updates if provided, the module manager assumes + // only one module will update the validator set + if len(moduleValUpdates) > 0 { + if len(validatorUpdates) > 0 { + return sdk.EndBlock{ +}, errors.New("validator EndBlock updates already set by a previous module") +} + for _, updates := range moduleValUpdates { + validatorUpdates = append(validatorUpdates, abci.ValidatorUpdate{ + PubKey: updates.PubKey, + Power: updates.Power +}) +} + +} + +} + +else { + continue +} + +} + +return sdk.EndBlock{ + ValidatorUpdates: validatorUpdates, + Events: ctx.EventManager().ABCIEvents(), +}, nil +} + +// Precommit performs precommit functionality for all modules. +func (m *Manager) + +Precommit(ctx sdk.Context) + +error { + for _, moduleName := range m.OrderPrecommiters { + module, ok := m.Modules[moduleName].(appmodule.HasPrecommit) + if !ok { + continue +} + if err := module.Precommit(ctx); err != nil { + return err +} + +} + +return nil +} + +// PrepareCheckState performs functionality for preparing the check state for all modules. +func (m *Manager) + +PrepareCheckState(ctx sdk.Context) + +error { + for _, moduleName := range m.OrderPrepareCheckStaters { + module, ok := m.Modules[moduleName].(appmodule.HasPrepareCheckState) + if !ok { + continue +} + if err := module.PrepareCheckState(ctx); err != nil { + return err +} + +} + +return nil +} + +// GetVersionMap gets consensus version from all modules +func (m *Manager) + +GetVersionMap() + +VersionMap { + vermap := make(VersionMap) + for name, v := range m.Modules { + version := uint64(0) + if v, ok := v.(HasConsensusVersion); ok { + version = v.ConsensusVersion() +} + +vermap[name] = version +} + +return vermap +} + +// ModuleNames returns list of all module names, without any particular order. +func (m *Manager) + +ModuleNames() []string { + return slices.Collect(maps.Keys(m.Modules)) +} + +// DefaultMigrationsOrder returns a default migrations order: ascending alphabetical by module name, +// except x/auth which will run last, see: +// https://github.com/cosmos/cosmos-sdk/issues/10591 +func DefaultMigrationsOrder(modules []string) []string { + const authName = "auth" + out := make([]string, 0, len(modules)) + hasAuth := false + for _, m := range modules { + if m == authName { + hasAuth = true +} + +else { + out = append(out, m) +} + +} + +sort.Strings(out) + if hasAuth { + out = append(out, authName) +} + +return out +} +``` + +The module manager is used throughout the application whenever an action on a collection of modules is required. It implements the following methods: + +* `NewManager(modules ...AppModule)`: Constructor function. It takes a list of the application's `AppModule`s and builds a new `Manager`. It is generally called from the application's main [constructor function](/docs/sdk/vnext/learn/beginner/app-anatomy#constructor-function). +* `SetOrderInitGenesis(moduleNames ...string)`: Sets the order in which the [`InitGenesis`](/docs/sdk/vnext/build/building-modules/genesis#initgenesis) function of each module will be called when the application is first started. This function is generally called from the application's main [constructor function](/docs/sdk/vnext/learn/beginner/app-anatomy#constructor-function). + To initialize modules successfully, module dependencies should be considered. For example, the `genutil` module must occur after `staking` module so that the pools are properly initialized with tokens from genesis accounts, the `genutils` module must also occur after `auth` so that it can access the params from auth, IBC's `capability` module should be initialized before all other modules so that it can initialize any capabilities. +* `SetOrderExportGenesis(moduleNames ...string)`: Sets the order in which the [`ExportGenesis`](/docs/sdk/vnext/build/building-modules/genesis#exportgenesis) function of each module will be called in case of an export. This function is generally called from the application's main [constructor function](/docs/sdk/vnext/learn/beginner/app-anatomy#constructor-function). +* `SetOrderPreBlockers(moduleNames ...string)`: Sets the order in which the `PreBlock()` function of each module will be called before `BeginBlock()` of all modules. This function is generally called from the application's main [constructor function](/docs/sdk/vnext/learn/beginner/app-anatomy#constructor-function). +* `SetOrderBeginBlockers(moduleNames ...string)`: Sets the order in which the `BeginBlock()` function of each module will be called at the beginning of each block. This function is generally called from the application's main [constructor function](/docs/sdk/vnext/learn/beginner/app-anatomy#constructor-function). +* `SetOrderEndBlockers(moduleNames ...string)`: Sets the order in which the `EndBlock()` function of each module will be called at the end of each block. This function is generally called from the application's main [constructor function](/docs/sdk/vnext/learn/beginner/app-anatomy#constructor-function). +* `SetOrderPrecommiters(moduleNames ...string)`: Sets the order in which the `Precommit()` function of each module will be called during commit of each block. This function is generally called from the application's main [constructor function](/docs/sdk/vnext/learn/beginner/app-anatomy#constructor-function). +* `SetOrderPrepareCheckStaters(moduleNames ...string)`: Sets the order in which the `PrepareCheckState()` function of each module will be called during commit of each block. This function is generally called from the application's main [constructor function](/docs/sdk/vnext/learn/beginner/app-anatomy#constructor-function). +* `SetOrderMigrations(moduleNames ...string)`: Sets the order of migrations to be run. If not set then migrations will be run with an order defined in `DefaultMigrationsOrder`. +* `RegisterInvariants(ir sdk.InvariantRegistry)`: Registers the [invariants](/docs/sdk/vnext/build/building-modules/invariants) of module implementing the `HasInvariants` interface. +* `RegisterServices(cfg Configurator)`: Registers the services of modules implementing the `HasServices` interface. +* `InitGenesis(ctx context.Context, cdc codec.JSONCodec, genesisData map[string]json.RawMessage)`: Calls the [`InitGenesis`](/docs/sdk/vnext/build/building-modules/genesis#initgenesis) function of each module when the application is first started, in the order defined in `OrderInitGenesis`. Returns an `abci.InitChainResponse` to the underlying consensus engine, which can contain validator updates. +* `ExportGenesis(ctx context.Context, cdc codec.JSONCodec)`: Calls the [`ExportGenesis`](/docs/sdk/vnext/build/building-modules/genesis#exportgenesis) function of each module, in the order defined in `OrderExportGenesis`. The export constructs a genesis file from a previously existing state, and is mainly used when a hard-fork upgrade of the chain is required. +* `ExportGenesisForModules(ctx context.Context, cdc codec.JSONCodec, modulesToExport []string)`: Behaves the same as `ExportGenesis`, except takes a list of modules to export. +* `BeginBlock(ctx context.Context) error`: At the beginning of each block, this function is called from [`BaseApp`](/docs/sdk/vnext/learn/advanced/baseapp#beginblock) and, in turn, calls the [`BeginBlock`](/docs/sdk/vnext/build/building-modules/beginblock-endblock) function of each modules implementing the `appmodule.HasBeginBlocker` interface, in the order defined in `OrderBeginBlockers`. It creates a child [context](/docs/sdk/vnext/learn/advanced/context) with an event manager to aggregate [events](/docs/sdk/vnext/learn/advanced/events) emitted from each modules. +* `EndBlock(ctx context.Context) error`: At the end of each block, this function is called from [`BaseApp`](/docs/sdk/vnext/learn/advanced/baseapp#endblock) and, in turn, calls the [`EndBlock`](/docs/sdk/vnext/build/building-modules/beginblock-endblock) function of each modules implementing the `appmodule.HasEndBlocker` interface, in the order defined in `OrderEndBlockers`. It creates a child [context](/docs/sdk/vnext/learn/advanced/context) with an event manager to aggregate [events](/docs/sdk/vnext/learn/advanced/events) emitted from all modules. The function returns an `abci` which contains the aforementioned events, as well as validator set updates (if any). +* `EndBlock(context.Context) ([]abci.ValidatorUpdate, error)`: At the end of each block, this function is called from [`BaseApp`](/docs/sdk/vnext/learn/advanced/baseapp#endblock) and, in turn, calls the [`EndBlock`](/docs/sdk/vnext/build/building-modules/beginblock-endblock) function of each modules implementing the `module.HasABCIEndBlock` interface, in the order defined in `OrderEndBlockers`. It creates a child [context](/docs/sdk/vnext/learn/advanced/context) with an event manager to aggregate [events](/docs/sdk/vnext/learn/advanced/events) emitted from all modules. The function returns an `abci` which contains the aforementioned events, as well as validator set updates (if any). +* `Precommit(ctx context.Context)`: During [`Commit`](/docs/sdk/vnext/learn/advanced/baseapp#commit), this function is called from `BaseApp` immediately before the [`deliverState`](/docs/sdk/vnext/learn/advanced/baseapp#state-updates) is written to the underlying [`rootMultiStore`](/docs/sdk/vnext/learn/advanced/store#commitmultistore) and, in turn calls the `Precommit` function of each modules implementing the `HasPrecommit` interface, in the order defined in `OrderPrecommiters`. It creates a child [context](/docs/sdk/vnext/learn/advanced/context) where the underlying `CacheMultiStore` is that of the newly committed block's [`finalizeblockstate`](/docs/sdk/vnext/learn/advanced/baseapp#state-updates). +* `PrepareCheckState(ctx context.Context)`: During [`Commit`](/docs/sdk/vnext/learn/advanced/baseapp#commit), this function is called from `BaseApp` immediately after the [`deliverState`](/docs/sdk/vnext/learn/advanced/baseapp#state-updates) is written to the underlying [`rootMultiStore`](/docs/sdk/vnext/learn/advanced/store#commitmultistore) and, in turn calls the `PrepareCheckState` function of each module implementing the `HasPrepareCheckState` interface, in the order defined in `OrderPrepareCheckStaters`. It creates a child [context](/docs/sdk/vnext/learn/advanced/context) where the underlying `CacheMultiStore` is that of the next block's [`checkState`](/docs/sdk/vnext/learn/advanced/baseapp#state-updates). Writes to this state will be present in the [`checkState`](/docs/sdk/vnext/learn/advanced/baseapp#state-updates) of the next block, and therefore this method can be used to prepare the `checkState` for the next block. + +Here's an example of a concrete integration within an `simapp`: + +```go expandable +//go:build app_v1 + +package simapp + +import ( + + "encoding/json" + "fmt" + "io" + "maps" + + abci "github.com/cometbft/cometbft/abci/types" + dbm "github.com/cosmos/cosmos-db" + "github.com/cosmos/gogoproto/proto" + "github.com/spf13/cast" + + autocliv1 "cosmossdk.io/api/cosmos/autocli/v1" + reflectionv1 "cosmossdk.io/api/cosmos/reflection/v1" + "cosmossdk.io/client/v2/autocli" + clienthelpers "cosmossdk.io/client/v2/helpers" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/log" + storetypes "cosmossdk.io/store/types" + "cosmossdk.io/x/circuit" + circuitkeeper "cosmossdk.io/x/circuit/keeper" + circuittypes "cosmossdk.io/x/circuit/types" + "cosmossdk.io/x/evidence" + evidencekeeper "cosmossdk.io/x/evidence/keeper" + evidencetypes "cosmossdk.io/x/evidence/types" + "cosmossdk.io/x/feegrant" + feegrantkeeper "cosmossdk.io/x/feegrant/keeper" + feegrantmodule "cosmossdk.io/x/feegrant/module" + "cosmossdk.io/x/nft" + nftkeeper "cosmossdk.io/x/nft/keeper" + nftmodule "cosmossdk.io/x/nft/module" + "cosmossdk.io/x/tx/signing" + "cosmossdk.io/x/upgrade" + upgradekeeper "cosmossdk.io/x/upgrade/keeper" + upgradetypes "cosmossdk.io/x/upgrade/types" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/client/flags" + "github.com/cosmos/cosmos-sdk/client/grpc/cmtservice" + nodeservice "github.com/cosmos/cosmos-sdk/client/grpc/node" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/address" + "github.com/cosmos/cosmos-sdk/codec/types" + "github.com/cosmos/cosmos-sdk/runtime" + runtimeservices "github.com/cosmos/cosmos-sdk/runtime/services" + "github.com/cosmos/cosmos-sdk/server" + "github.com/cosmos/cosmos-sdk/server/api" + "github.com/cosmos/cosmos-sdk/server/config" + servertypes "github.com/cosmos/cosmos-sdk/server/types" + "github.com/cosmos/cosmos-sdk/std" + testdata_pulsar "github.com/cosmos/cosmos-sdk/testutil/testdata/testpb" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/module" + sigtypes "github.com/cosmos/cosmos-sdk/types/tx/signing" + "github.com/cosmos/cosmos-sdk/version" + "github.com/cosmos/cosmos-sdk/x/auth" + "github.com/cosmos/cosmos-sdk/x/auth/ante" + authcodec "github.com/cosmos/cosmos-sdk/x/auth/codec" + authkeeper "github.com/cosmos/cosmos-sdk/x/auth/keeper" + "github.com/cosmos/cosmos-sdk/x/auth/posthandler" + authsims "github.com/cosmos/cosmos-sdk/x/auth/simulation" + "github.com/cosmos/cosmos-sdk/x/auth/tx" + authtx "github.com/cosmos/cosmos-sdk/x/auth/tx" + txmodule "github.com/cosmos/cosmos-sdk/x/auth/tx/config" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + "github.com/cosmos/cosmos-sdk/x/auth/vesting" + vestingtypes "github.com/cosmos/cosmos-sdk/x/auth/vesting/types" + "github.com/cosmos/cosmos-sdk/x/authz" + authzkeeper "github.com/cosmos/cosmos-sdk/x/authz/keeper" + authzmodule "github.com/cosmos/cosmos-sdk/x/authz/module" + "github.com/cosmos/cosmos-sdk/x/bank" + bankkeeper "github.com/cosmos/cosmos-sdk/x/bank/keeper" + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" + consensus "github.com/cosmos/cosmos-sdk/x/consensus" + consensusparamkeeper "github.com/cosmos/cosmos-sdk/x/consensus/keeper" + consensusparamtypes "github.com/cosmos/cosmos-sdk/x/consensus/types" + distr "github.com/cosmos/cosmos-sdk/x/distribution" + distrkeeper "github.com/cosmos/cosmos-sdk/x/distribution/keeper" + distrtypes "github.com/cosmos/cosmos-sdk/x/distribution/types" + "github.com/cosmos/cosmos-sdk/x/epochs" + epochskeeper "github.com/cosmos/cosmos-sdk/x/epochs/keeper" + epochstypes "github.com/cosmos/cosmos-sdk/x/epochs/types" + "github.com/cosmos/cosmos-sdk/x/genutil" + genutiltypes "github.com/cosmos/cosmos-sdk/x/genutil/types" + "github.com/cosmos/cosmos-sdk/x/gov" + govclient "github.com/cosmos/cosmos-sdk/x/gov/client" + govkeeper "github.com/cosmos/cosmos-sdk/x/gov/keeper" + govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" + govv1beta1 "github.com/cosmos/cosmos-sdk/x/gov/types/v1beta1" + "github.com/cosmos/cosmos-sdk/x/group" + groupkeeper "github.com/cosmos/cosmos-sdk/x/group/keeper" + groupmodule "github.com/cosmos/cosmos-sdk/x/group/module" + "github.com/cosmos/cosmos-sdk/x/mint" + mintkeeper "github.com/cosmos/cosmos-sdk/x/mint/keeper" + minttypes "github.com/cosmos/cosmos-sdk/x/mint/types" + "github.com/cosmos/cosmos-sdk/x/protocolpool" + protocolpoolkeeper "github.com/cosmos/cosmos-sdk/x/protocolpool/keeper" + protocolpooltypes "github.com/cosmos/cosmos-sdk/x/protocolpool/types" + "github.com/cosmos/cosmos-sdk/x/slashing" + slashingkeeper "github.com/cosmos/cosmos-sdk/x/slashing/keeper" + slashingtypes "github.com/cosmos/cosmos-sdk/x/slashing/types" + "github.com/cosmos/cosmos-sdk/x/staking" + stakingkeeper "github.com/cosmos/cosmos-sdk/x/staking/keeper" + stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types" +) + +const appName = "SimApp" + +var ( + // DefaultNodeHome default home directories for the application daemon + DefaultNodeHome string + + // module account permissions + maccPerms = map[string][]string{ + authtypes.FeeCollectorName: nil, + distrtypes.ModuleName: nil, + minttypes.ModuleName: { + authtypes.Minter +}, + stakingtypes.BondedPoolName: { + authtypes.Burner, authtypes.Staking +}, + stakingtypes.NotBondedPoolName: { + authtypes.Burner, authtypes.Staking +}, + govtypes.ModuleName: { + authtypes.Burner +}, + nft.ModuleName: nil, + protocolpooltypes.ModuleName: nil, + protocolpooltypes.ProtocolPoolEscrowAccount: nil +} +) + +var ( + _ runtime.AppI = (*SimApp)(nil) + _ servertypes.Application = (*SimApp)(nil) +) + +// SimApp extends an ABCI application, but with most of its parameters exported. +// They are exported for convenience in creating helper functions, as object +// capabilities aren't needed for testing. +type SimApp struct { + *baseapp.BaseApp + legacyAmino *codec.LegacyAmino + appCodec codec.Codec + txConfig client.TxConfig + interfaceRegistry types.InterfaceRegistry + + // keys to access the substores + keys map[string]*storetypes.KVStoreKey + + // essential keepers + AccountKeeper authkeeper.AccountKeeper + BankKeeper bankkeeper.BaseKeeper + StakingKeeper *stakingkeeper.Keeper + SlashingKeeper slashingkeeper.Keeper + MintKeeper mintkeeper.Keeper + DistrKeeper distrkeeper.Keeper + GovKeeper govkeeper.Keeper + UpgradeKeeper *upgradekeeper.Keeper + EvidenceKeeper evidencekeeper.Keeper + ConsensusParamsKeeper consensusparamkeeper.Keeper + CircuitKeeper circuitkeeper.Keeper + + // supplementary keepers + FeeGrantKeeper feegrantkeeper.Keeper + GroupKeeper groupkeeper.Keeper + AuthzKeeper authzkeeper.Keeper + NFTKeeper nftkeeper.Keeper + EpochsKeeper epochskeeper.Keeper + ProtocolPoolKeeper protocolpoolkeeper.Keeper + + // the module manager + ModuleManager *module.Manager + BasicModuleManager module.BasicManager + + // simulation manager + sm *module.SimulationManager + + // module configurator + configurator module.Configurator +} + +func init() { + var err error + DefaultNodeHome, err = clienthelpers.GetNodeHomeDirectory(".simapp") + if err != nil { + panic(err) +} +} + +// NewSimApp returns a reference to an initialized SimApp. +func NewSimApp( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), +) *SimApp { + interfaceRegistry, _ := types.NewInterfaceRegistryWithOptions(types.InterfaceRegistryOptions{ + ProtoFiles: proto.HybridResolver, + SigningOptions: signing.Options{ + AddressCodec: address.Bech32Codec{ + Bech32Prefix: sdk.GetConfig().GetBech32AccountAddrPrefix(), +}, + ValidatorAddressCodec: address.Bech32Codec{ + Bech32Prefix: sdk.GetConfig().GetBech32ValidatorAddrPrefix(), +}, +}, +}) + appCodec := codec.NewProtoCodec(interfaceRegistry) + legacyAmino := codec.NewLegacyAmino() + txConfig := tx.NewTxConfig(appCodec, tx.DefaultSignModes) + if err := interfaceRegistry.SigningContext().Validate(); err != nil { + panic(err) +} + +std.RegisterLegacyAminoCodec(legacyAmino) + +std.RegisterInterfaces(interfaceRegistry) + + // Below we could construct and set an application specific mempool and + // ABCI 1.0 PrepareProposal and ProcessProposal handlers. These defaults are + // already set in the SDK's BaseApp, this shows an example of how to override + // them. + // + // Example: + // + // bApp := baseapp.NewBaseApp(...) + // nonceMempool := mempool.NewSenderNonceMempool() + // abciPropHandler := NewDefaultProposalHandler(nonceMempool, bApp) + // + // bApp.SetMempool(nonceMempool) + // bApp.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // bApp.SetProcessProposal(abciPropHandler.ProcessProposalHandler()) + // + // Alternatively, you can construct BaseApp options, append those to + // baseAppOptions and pass them to NewBaseApp. + // + // Example: + // + // prepareOpt = func(app *baseapp.BaseApp) { + // abciPropHandler := baseapp.NewDefaultProposalHandler(nonceMempool, app) + // app.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // +} + // baseAppOptions = append(baseAppOptions, prepareOpt) + + // create and set dummy vote extension handler + voteExtOp := func(bApp *baseapp.BaseApp) { + voteExtHandler := NewVoteExtensionHandler() + +voteExtHandler.SetHandlers(bApp) +} + +baseAppOptions = append(baseAppOptions, voteExtOp, baseapp.SetOptimisticExecution()) + bApp := baseapp.NewBaseApp(appName, logger, db, txConfig.TxDecoder(), baseAppOptions...) + +bApp.SetCommitMultiStoreTracer(traceStore) + +bApp.SetVersion(version.Version) + +bApp.SetInterfaceRegistry(interfaceRegistry) + +bApp.SetTxEncoder(txConfig.TxEncoder()) + keys := storetypes.NewKVStoreKeys( + authtypes.StoreKey, + banktypes.StoreKey, + stakingtypes.StoreKey, + minttypes.StoreKey, + distrtypes.StoreKey, + slashingtypes.StoreKey, + govtypes.StoreKey, + consensusparamtypes.StoreKey, + upgradetypes.StoreKey, + feegrant.StoreKey, + evidencetypes.StoreKey, + circuittypes.StoreKey, + authzkeeper.StoreKey, + nftkeeper.StoreKey, + group.StoreKey, + epochstypes.StoreKey, + protocolpooltypes.StoreKey, + ) + + // register streaming services + if err := bApp.RegisterStreamingServices(appOpts, keys); err != nil { + panic(err) +} + app := &SimApp{ + BaseApp: bApp, + legacyAmino: legacyAmino, + appCodec: appCodec, + txConfig: txConfig, + interfaceRegistry: interfaceRegistry, + keys: keys, +} + + // set the BaseApp's parameter store + app.ConsensusParamsKeeper = consensusparamkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[consensusparamtypes.StoreKey]), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + runtime.EventService{ +}, + ) + +bApp.SetParamStore(app.ConsensusParamsKeeper.ParamsStore) + + // add keepers + app.AccountKeeper = authkeeper.NewAccountKeeper( + appCodec, + runtime.NewKVStoreService(keys[authtypes.StoreKey]), + authtypes.ProtoBaseAccount, + maccPerms, + authcodec.NewBech32Codec(sdk.Bech32MainPrefix), + sdk.Bech32MainPrefix, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + authkeeper.WithUnorderedTransactions(true), + ) + +app.BankKeeper = bankkeeper.NewBaseKeeper( + appCodec, + runtime.NewKVStoreService(keys[banktypes.StoreKey]), + app.AccountKeeper, + BlockedAddresses(), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + logger, + ) + + // optional: enable sign mode textual by overwriting the default tx config (after setting the bank keeper) + enabledSignModes := append(tx.DefaultSignModes, sigtypes.SignMode_SIGN_MODE_TEXTUAL) + txConfigOpts := tx.ConfigOptions{ + EnabledSignModes: enabledSignModes, + TextualCoinMetadataQueryFn: txmodule.NewBankKeeperCoinMetadataQueryFn(app.BankKeeper), +} + +txConfig, err := tx.NewTxConfigWithOptions( + appCodec, + txConfigOpts, + ) + if err != nil { + panic(err) +} + +app.txConfig = txConfig + + app.StakingKeeper = stakingkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[stakingtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + authcodec.NewBech32Codec(sdk.Bech32PrefixValAddr), + authcodec.NewBech32Codec(sdk.Bech32PrefixConsAddr), + ) + +app.MintKeeper = mintkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[minttypes.StoreKey]), + app.StakingKeeper, + app.AccountKeeper, + app.BankKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + // mintkeeper.WithMintFn(mintkeeper.DefaultMintFn(minttypes.DefaultInflationCalculationFn)), custom mintFn can be added here + ) + +app.ProtocolPoolKeeper = protocolpoolkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[protocolpooltypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + +app.DistrKeeper = distrkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[distrtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + app.StakingKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + distrkeeper.WithExternalCommunityPool(app.ProtocolPoolKeeper), + ) + +app.SlashingKeeper = slashingkeeper.NewKeeper( + appCodec, + legacyAmino, + runtime.NewKVStoreService(keys[slashingtypes.StoreKey]), + app.StakingKeeper, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + +app.FeeGrantKeeper = feegrantkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[feegrant.StoreKey]), + app.AccountKeeper, + ) + + // register the staking hooks + // NOTE: stakingKeeper above is passed by reference, so that it will contain these hooks + app.StakingKeeper.SetHooks( + stakingtypes.NewMultiStakingHooks( + app.DistrKeeper.Hooks(), + app.SlashingKeeper.Hooks(), + ), + ) + +app.CircuitKeeper = circuitkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[circuittypes.StoreKey]), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + app.AccountKeeper.AddressCodec(), + ) + +app.BaseApp.SetCircuitBreaker(&app.CircuitKeeper) + +app.AuthzKeeper = authzkeeper.NewKeeper( + runtime.NewKVStoreService(keys[authzkeeper.StoreKey]), + appCodec, + app.MsgServiceRouter(), + app.AccountKeeper, + ) + groupConfig := group.DefaultConfig() + /* + Example of setting group params: + groupConfig.MaxMetadataLen = 1000 + */ + app.GroupKeeper = groupkeeper.NewKeeper( + keys[group.StoreKey], + appCodec, + app.MsgServiceRouter(), + app.AccountKeeper, + groupConfig, + ) + + // get skipUpgradeHeights from the app options + skipUpgradeHeights := map[int64]bool{ +} + for _, h := range cast.ToIntSlice(appOpts.Get(server.FlagUnsafeSkipUpgrades)) { + skipUpgradeHeights[int64(h)] = true +} + homePath := cast.ToString(appOpts.Get(flags.FlagHome)) + // set the governance module account as the authority for conducting upgrades + app.UpgradeKeeper = upgradekeeper.NewKeeper( + skipUpgradeHeights, + runtime.NewKVStoreService(keys[upgradetypes.StoreKey]), + appCodec, + homePath, + app.BaseApp, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + + // Register the proposal types + // Deprecated: Avoid adding new handlers, instead use the new proposal flow + // by granting the governance module the right to execute the message. + // See: https://docs.cosmos.network/main/modules/gov#proposal-messages + govRouter := govv1beta1.NewRouter() + +govRouter.AddRoute(govtypes.RouterKey, govv1beta1.ProposalHandler) + govConfig := govtypes.DefaultConfig() + /* + Example of setting gov params: + govConfig.MaxMetadataLen = 10000 + */ + govKeeper := govkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[govtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + app.StakingKeeper, + app.DistrKeeper, + app.MsgServiceRouter(), + govConfig, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + // govkeeper.WithCustomCalculateVoteResultsAndVotingPowerFn(...), // Add if you want to use a custom vote calculation function. + ) + + // Set legacy router for backwards compatibility with gov v1beta1 + govKeeper.SetLegacyRouter(govRouter) + +app.GovKeeper = *govKeeper.SetHooks( + govtypes.NewMultiGovHooks( + // register the governance hooks + ), + ) + +app.NFTKeeper = nftkeeper.NewKeeper( + runtime.NewKVStoreService(keys[nftkeeper.StoreKey]), + appCodec, + app.AccountKeeper, + app.BankKeeper, + ) + + // create evidence keeper with router + evidenceKeeper := evidencekeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[evidencetypes.StoreKey]), + app.StakingKeeper, + app.SlashingKeeper, + app.AccountKeeper.AddressCodec(), + runtime.ProvideCometInfoService(), + ) + // If evidence needs to be handled for the app, set routes in router here and seal + app.EvidenceKeeper = *evidenceKeeper + + app.EpochsKeeper = epochskeeper.NewKeeper( + runtime.NewKVStoreService(keys[epochstypes.StoreKey]), + appCodec, + ) + +app.EpochsKeeper.SetHooks( + epochstypes.NewMultiEpochHooks( + // insert epoch hooks receivers here + ), + ) + + /**** Module Options ****/ + + // NOTE: Any module instantiated in the module manager that is later modified + // must be passed by reference here. + app.ModuleManager = module.NewManager( + genutil.NewAppModule( + app.AccountKeeper, app.StakingKeeper, app, + txConfig, + ), + auth.NewAppModule(appCodec, app.AccountKeeper, authsims.RandomGenesisAccounts, nil), + vesting.NewAppModule(app.AccountKeeper, app.BankKeeper), + bank.NewAppModule(appCodec, app.BankKeeper, app.AccountKeeper, nil), + feegrantmodule.NewAppModule(appCodec, app.AccountKeeper, app.BankKeeper, app.FeeGrantKeeper, app.interfaceRegistry), + gov.NewAppModule(appCodec, &app.GovKeeper, app.AccountKeeper, app.BankKeeper, nil), + mint.NewAppModule(appCodec, app.MintKeeper, app.AccountKeeper, nil, nil), + slashing.NewAppModule(appCodec, app.SlashingKeeper, app.AccountKeeper, app.BankKeeper, app.StakingKeeper, nil, app.interfaceRegistry), + distr.NewAppModule(appCodec, app.DistrKeeper, app.AccountKeeper, app.BankKeeper, app.StakingKeeper, nil), + staking.NewAppModule(appCodec, app.StakingKeeper, app.AccountKeeper, app.BankKeeper, nil), + upgrade.NewAppModule(app.UpgradeKeeper, app.AccountKeeper.AddressCodec()), + evidence.NewAppModule(app.EvidenceKeeper), + authzmodule.NewAppModule(appCodec, app.AuthzKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry), + groupmodule.NewAppModule(appCodec, app.GroupKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry), + nftmodule.NewAppModule(appCodec, app.NFTKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry), + consensus.NewAppModule(appCodec, app.ConsensusParamsKeeper), + circuit.NewAppModule(appCodec, app.CircuitKeeper), + epochs.NewAppModule(app.EpochsKeeper), + protocolpool.NewAppModule(app.ProtocolPoolKeeper, app.AccountKeeper, app.BankKeeper), + ) + + // BasicModuleManager defines the module BasicManager is in charge of setting up basic, + // non-dependant module elements, such as codec registration and genesis verification. + // By default it is composed of all the module from the module manager. + // Additionally, app module basics can be overwritten by passing them as argument. + app.BasicModuleManager = module.NewBasicManagerFromManager( + app.ModuleManager, + map[string]module.AppModuleBasic{ + genutiltypes.ModuleName: genutil.NewAppModuleBasic(genutiltypes.DefaultMessageValidator), + govtypes.ModuleName: gov.NewAppModuleBasic( + []govclient.ProposalHandler{ +}, + ), +}) + +app.BasicModuleManager.RegisterLegacyAminoCodec(legacyAmino) + +app.BasicModuleManager.RegisterInterfaces(interfaceRegistry) + + // NOTE: upgrade module is required to be prioritized + app.ModuleManager.SetOrderPreBlockers( + upgradetypes.ModuleName, + authtypes.ModuleName, + ) + // During begin block slashing happens after distr.BeginBlocker so that + // there is nothing left over in the validator fee pool, so as to keep the + // CanWithdrawInvariant invariant. + // NOTE: staking module is required if HistoricalEntries param > 0 + app.ModuleManager.SetOrderBeginBlockers( + minttypes.ModuleName, + distrtypes.ModuleName, + protocolpooltypes.ModuleName, + slashingtypes.ModuleName, + evidencetypes.ModuleName, + stakingtypes.ModuleName, + genutiltypes.ModuleName, + authz.ModuleName, + epochstypes.ModuleName, + ) + +app.ModuleManager.SetOrderEndBlockers( + govtypes.ModuleName, + stakingtypes.ModuleName, + genutiltypes.ModuleName, + feegrant.ModuleName, + group.ModuleName, + protocolpooltypes.ModuleName, + ) + + // NOTE: The genutils module must occur after staking so that pools are + // properly initialized with tokens from genesis accounts. + // NOTE: The genutils module must also occur after auth so that it can access the params from auth. + genesisModuleOrder := []string{ + authtypes.ModuleName, + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + nft.ModuleName, + group.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + consensusparamtypes.ModuleName, + circuittypes.ModuleName, + epochstypes.ModuleName, + protocolpooltypes.ModuleName, +} + exportModuleOrder := []string{ + consensusparamtypes.ModuleName, + authtypes.ModuleName, + protocolpooltypes.ModuleName, // Must be exported before bank + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + nft.ModuleName, + group.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + circuittypes.ModuleName, + epochstypes.ModuleName, +} + +app.ModuleManager.SetOrderInitGenesis(genesisModuleOrder...) + +app.ModuleManager.SetOrderExportGenesis(exportModuleOrder...) + + // Uncomment if you want to set a custom migration order here. + // app.ModuleManager.SetOrderMigrations(custom order) + +app.configurator = module.NewConfigurator(app.appCodec, app.MsgServiceRouter(), app.GRPCQueryRouter()) + +err = app.ModuleManager.RegisterServices(app.configurator) + if err != nil { + panic(err) +} + + // RegisterUpgradeHandlers is used for registering any on-chain upgrades. + // Make sure it's called after `app.ModuleManager` and `app.configurator` are set. + app.RegisterUpgradeHandlers() + +autocliv1.RegisterQueryServer(app.GRPCQueryRouter(), runtimeservices.NewAutoCLIQueryService(app.ModuleManager.Modules)) + +reflectionSvc, err := runtimeservices.NewReflectionService() + if err != nil { + panic(err) +} + +reflectionv1.RegisterReflectionServiceServer(app.GRPCQueryRouter(), reflectionSvc) + + // add test gRPC service for testing gRPC queries in isolation + testdata_pulsar.RegisterQueryServer(app.GRPCQueryRouter(), testdata_pulsar.QueryImpl{ +}) + + // create the simulation manager and define the order of the modules for deterministic simulations + // + // NOTE: this is not required apps that don't use the simulator for fuzz testing + // transactions + overrideModules := map[string]module.AppModuleSimulation{ + authtypes.ModuleName: auth.NewAppModule(app.appCodec, app.AccountKeeper, authsims.RandomGenesisAccounts, nil), +} + +app.sm = module.NewSimulationManagerFromAppModules(app.ModuleManager.Modules, overrideModules) + +app.sm.RegisterStoreDecoders() + + // initialize stores + app.MountKVStores(keys) + + // initialize BaseApp + app.SetInitChainer(app.InitChainer) + +app.SetPreBlocker(app.PreBlocker) + +app.SetBeginBlocker(app.BeginBlocker) + +app.SetEndBlocker(app.EndBlocker) + +app.setAnteHandler(txConfig) + + // In v0.46, the SDK introduces _postHandlers_. PostHandlers are like + // antehandlers, but are run _after_ the `runMsgs` execution. They are also + // defined as a chain, and have the same signature as antehandlers. + // + // In baseapp, postHandlers are run in the same store branch as `runMsgs`, + // meaning that both `runMsgs` and `postHandler` state will be committed if + // both are successful, and both will be reverted if any of the two fails. + // + // The SDK exposes a default postHandlers chain + // + // Please note that changing any of the anteHandler or postHandler chain is + // likely to be a state-machine breaking change, which needs a coordinated + // upgrade. + app.setPostHandler() + if loadLatest { + if err := app.LoadLatestVersion(); err != nil { + panic(fmt.Errorf("error loading last version: %w", err)) +} + +} + +return app +} + +func (app *SimApp) + +setAnteHandler(txConfig client.TxConfig) { + anteHandler, err := NewAnteHandler( + HandlerOptions{ + ante.HandlerOptions{ + AccountKeeper: app.AccountKeeper, + BankKeeper: app.BankKeeper, + SignModeHandler: txConfig.SignModeHandler(), + FeegrantKeeper: app.FeeGrantKeeper, + SigGasConsumer: ante.DefaultSigVerificationGasConsumer, + SigVerifyOptions: []ante.SigVerificationDecoratorOption{ + // change below as needed. + ante.WithUnorderedTxGasCost(ante.DefaultUnorderedTxGasCost), + ante.WithMaxUnorderedTxTimeoutDuration(ante.DefaultMaxTimeoutDuration), +}, +}, + &app.CircuitKeeper, +}, + ) + if err != nil { + panic(err) +} + + // Set the AnteHandler for the app + app.SetAnteHandler(anteHandler) +} + +func (app *SimApp) + +setPostHandler() { + postHandler, err := posthandler.NewPostHandler( + posthandler.HandlerOptions{ +}, + ) + if err != nil { + panic(err) +} + +app.SetPostHandler(postHandler) +} + +// Name returns the name of the App +func (app *SimApp) + +Name() + +string { + return app.BaseApp.Name() +} + +// PreBlocker application updates every pre block +func (app *SimApp) + +PreBlocker(ctx sdk.Context, _ *abci.RequestFinalizeBlock) (*sdk.ResponsePreBlock, error) { + return app.ModuleManager.PreBlock(ctx) +} + +// BeginBlocker application updates every begin block +func (app *SimApp) + +BeginBlocker(ctx sdk.Context) (sdk.BeginBlock, error) { + return app.ModuleManager.BeginBlock(ctx) +} + +// EndBlocker application updates every end block +func (app *SimApp) + +EndBlocker(ctx sdk.Context) (sdk.EndBlock, error) { + return app.ModuleManager.EndBlock(ctx) +} + +func (a *SimApp) + +Configurator() + +module.Configurator { + return a.configurator +} + +// InitChainer application update at chain initialization +func (app *SimApp) + +InitChainer(ctx sdk.Context, req *abci.RequestInitChain) (*abci.ResponseInitChain, error) { + var genesisState GenesisState + if err := json.Unmarshal(req.AppStateBytes, &genesisState); err != nil { + panic(err) +} + +app.UpgradeKeeper.SetModuleVersionMap(ctx, app.ModuleManager.GetVersionMap()) + +return app.ModuleManager.InitGenesis(ctx, app.appCodec, genesisState) +} + +// LoadHeight loads a particular height +func (app *SimApp) + +LoadHeight(height int64) + +error { + return app.LoadVersion(height) +} + +// LegacyAmino returns SimApp's amino codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +LegacyAmino() *codec.LegacyAmino { + return app.legacyAmino +} + +// AppCodec returns SimApp's app codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +AppCodec() + +codec.Codec { + return app.appCodec +} + +// InterfaceRegistry returns SimApp's InterfaceRegistry +func (app *SimApp) + +InterfaceRegistry() + +types.InterfaceRegistry { + return app.interfaceRegistry +} + +// TxConfig returns SimApp's TxConfig +func (app *SimApp) + +TxConfig() + +client.TxConfig { + return app.txConfig +} + +// AutoCliOpts returns the autocli options for the app. +func (app *SimApp) + +AutoCliOpts() + +autocli.AppOptions { + modules := make(map[string]appmodule.AppModule, 0) + for _, m := range app.ModuleManager.Modules { + if moduleWithName, ok := m.(module.HasName); ok { + moduleName := moduleWithName.Name() + if appModule, ok := moduleWithName.(appmodule.AppModule); ok { + modules[moduleName] = appModule +} + +} + +} + +return autocli.AppOptions{ + Modules: modules, + ModuleOptions: runtimeservices.ExtractAutoCLIOptions(app.ModuleManager.Modules), + AddressCodec: authcodec.NewBech32Codec(sdk.GetConfig().GetBech32AccountAddrPrefix()), + ValidatorAddressCodec: authcodec.NewBech32Codec(sdk.GetConfig().GetBech32ValidatorAddrPrefix()), + ConsensusAddressCodec: authcodec.NewBech32Codec(sdk.GetConfig().GetBech32ConsensusAddrPrefix()), +} +} + +// DefaultGenesis returns a default genesis from the registered AppModuleBasic's. +func (a *SimApp) + +DefaultGenesis() + +map[string]json.RawMessage { + return a.BasicModuleManager.DefaultGenesis(a.appCodec) +} + +// GetKey returns the KVStoreKey for the provided store key. +// +// NOTE: This is solely to be used for testing purposes. +func (app *SimApp) + +GetKey(storeKey string) *storetypes.KVStoreKey { + return app.keys[storeKey] +} + +// GetStoreKeys returns all the stored store keys. +func (app *SimApp) + +GetStoreKeys() []storetypes.StoreKey { + keys := make([]storetypes.StoreKey, 0, len(app.keys)) + for _, key := range app.keys { + keys = append(keys, key) +} + +return keys +} + +// SimulationManager implements the SimulationApp interface +func (app *SimApp) + +SimulationManager() *module.SimulationManager { + return app.sm +} + +// RegisterAPIRoutes registers all application module routes with the provided +// API server. +func (app *SimApp) + +RegisterAPIRoutes(apiSvr *api.Server, apiConfig config.APIConfig) { + clientCtx := apiSvr.ClientCtx + // Register new tx routes from grpc-gateway. + authtx.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // Register new CometBFT queries routes from grpc-gateway. + cmtservice.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // Register node gRPC service for grpc-gateway. + nodeservice.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // Register grpc-gateway routes for all modules. + app.BasicModuleManager.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // register swagger API from root so that other applications can override easily + if err := server.RegisterSwaggerAPI(apiSvr.ClientCtx, apiSvr.Router, apiConfig.Swagger); err != nil { + panic(err) +} +} + +// RegisterTxService implements the Application.RegisterTxService method. +func (app *SimApp) + +RegisterTxService(clientCtx client.Context) { + authtx.RegisterTxService(app.BaseApp.GRPCQueryRouter(), clientCtx, app.BaseApp.Simulate, app.interfaceRegistry) +} + +// RegisterTendermintService implements the Application.RegisterTendermintService method. +func (app *SimApp) + +RegisterTendermintService(clientCtx client.Context) { + cmtApp := server.NewCometABCIWrapper(app) + +cmtservice.RegisterTendermintService( + clientCtx, + app.BaseApp.GRPCQueryRouter(), + app.interfaceRegistry, + cmtApp.Query, + ) +} + +func (app *SimApp) + +RegisterNodeService(clientCtx client.Context, cfg config.Config) { + nodeservice.RegisterNodeService(clientCtx, app.GRPCQueryRouter(), cfg) +} + +// GetMaccPerms returns a copy of the module account permissions +// +// NOTE: This is solely to be used for testing purposes. +func GetMaccPerms() + +map[string][]string { + return maps.Clone(maccPerms) +} + +// BlockedAddresses returns all the app's blocked account addresses. +func BlockedAddresses() + +map[string]bool { + modAccAddrs := make(map[string]bool) + for acc := range GetMaccPerms() { + modAccAddrs[authtypes.NewModuleAddress(acc).String()] = true +} + + // allow the following addresses to receive funds + delete(modAccAddrs, authtypes.NewModuleAddress(govtypes.ModuleName).String()) + +return modAccAddrs +} +``` + +This is the same example from `runtime` (the package that powers app di): + +```go expandable +package runtime + +import ( + + "fmt" + "os" + "slices" + "github.com/cosmos/gogoproto/proto" + "google.golang.org/protobuf/reflect/protodesc" + "google.golang.org/protobuf/reflect/protoregistry" + + runtimev1alpha1 "cosmossdk.io/api/cosmos/app/runtime/v1alpha1" + appv1alpha1 "cosmossdk.io/api/cosmos/app/v1alpha1" + authmodulev1 "cosmossdk.io/api/cosmos/auth/module/v1" + stakingmodulev1 "cosmossdk.io/api/cosmos/staking/module/v1" + "cosmossdk.io/core/address" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/core/comet" + "cosmossdk.io/core/event" + "cosmossdk.io/core/genesis" + "cosmossdk.io/core/header" + "cosmossdk.io/core/store" + "cosmossdk.io/depinject" + "cosmossdk.io/log" + storetypes "cosmossdk.io/store/types" + "cosmossdk.io/x/tx/signing" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/codec" + addresscodec "github.com/cosmos/cosmos-sdk/codec/address" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + "github.com/cosmos/cosmos-sdk/std" + "github.com/cosmos/cosmos-sdk/types/module" + "github.com/cosmos/cosmos-sdk/types/msgservice" +) + +type appModule struct { + app *App +} + +func (m appModule) + +RegisterServices(configurator module.Configurator) { + err := m.app.registerRuntimeServices(configurator) + if err != nil { + panic(err) +} +} + +func (m appModule) + +IsOnePerModuleType() { +} + +func (m appModule) + +IsAppModule() { +} + +var ( + _ appmodule.AppModule = appModule{ +} + _ module.HasServices = appModule{ +} +) + +// BaseAppOption is a depinject.AutoGroupType which can be used to pass +// BaseApp options into the depinject. It should be used carefully. +type BaseAppOption func(*baseapp.BaseApp) + +// IsManyPerContainerType indicates that this is a depinject.ManyPerContainerType. +func (b BaseAppOption) + +IsManyPerContainerType() { +} + +func init() { + appmodule.Register(&runtimev1alpha1.Module{ +}, + appmodule.Provide( + ProvideApp, + ProvideInterfaceRegistry, + ProvideKVStoreKey, + ProvideTransientStoreKey, + ProvideMemoryStoreKey, + ProvideGenesisTxHandler, + ProvideKVStoreService, + ProvideMemoryStoreService, + ProvideTransientStoreService, + ProvideEventService, + ProvideHeaderInfoService, + ProvideCometInfoService, + ProvideBasicManager, + ProvideAddressCodec, + ), + appmodule.Invoke(SetupAppBuilder), + ) +} + +func ProvideApp(interfaceRegistry codectypes.InterfaceRegistry) ( + codec.Codec, + *codec.LegacyAmino, + *AppBuilder, + *baseapp.MsgServiceRouter, + *baseapp.GRPCQueryRouter, + appmodule.AppModule, + protodesc.Resolver, + protoregistry.MessageTypeResolver, + error, +) { + protoFiles := proto.HybridResolver + protoTypes := protoregistry.GlobalTypes + + // At startup, check that all proto annotations are correct. + if err := msgservice.ValidateProtoAnnotations(protoFiles); err != nil { + // Once we switch to using protoreflect-based ante handlers, we might + // want to panic here instead of logging a warning. + _, _ = fmt.Fprintln(os.Stderr, err.Error()) +} + amino := codec.NewLegacyAmino() + +std.RegisterInterfaces(interfaceRegistry) + +std.RegisterLegacyAminoCodec(amino) + cdc := codec.NewProtoCodec(interfaceRegistry) + msgServiceRouter := baseapp.NewMsgServiceRouter() + grpcQueryRouter := baseapp.NewGRPCQueryRouter() + app := &App{ + storeKeys: nil, + interfaceRegistry: interfaceRegistry, + cdc: cdc, + amino: amino, + basicManager: module.BasicManager{ +}, + msgServiceRouter: msgServiceRouter, + grpcQueryRouter: grpcQueryRouter, +} + appBuilder := &AppBuilder{ + app +} + +return cdc, amino, appBuilder, msgServiceRouter, grpcQueryRouter, appModule{ + app +}, protoFiles, protoTypes, nil +} + +type AppInputs struct { + depinject.In + + AppConfig *appv1alpha1.Config `optional:"true"` + Config *runtimev1alpha1.Module + AppBuilder *AppBuilder + Modules map[string]appmodule.AppModule + CustomModuleBasics map[string]module.AppModuleBasic `optional:"true"` + BaseAppOptions []BaseAppOption + InterfaceRegistry codectypes.InterfaceRegistry + LegacyAmino *codec.LegacyAmino + Logger log.Logger +} + +func SetupAppBuilder(inputs AppInputs) { + app := inputs.AppBuilder.app + app.baseAppOptions = inputs.BaseAppOptions + app.config = inputs.Config + app.appConfig = inputs.AppConfig + app.logger = inputs.Logger + app.ModuleManager = module.NewManagerFromMap(inputs.Modules) + for name, mod := range inputs.Modules { + if customBasicMod, ok := inputs.CustomModuleBasics[name]; ok { + app.basicManager[name] = customBasicMod + customBasicMod.RegisterInterfaces(inputs.InterfaceRegistry) + +customBasicMod.RegisterLegacyAminoCodec(inputs.LegacyAmino) + +continue +} + coreAppModuleBasic := module.CoreAppModuleBasicAdaptor(name, mod) + +app.basicManager[name] = coreAppModuleBasic + coreAppModuleBasic.RegisterInterfaces(inputs.InterfaceRegistry) + +coreAppModuleBasic.RegisterLegacyAminoCodec(inputs.LegacyAmino) +} +} + +func ProvideInterfaceRegistry(addressCodec address.Codec, validatorAddressCodec ValidatorAddressCodec, customGetSigners []signing.CustomGetSigner) (codectypes.InterfaceRegistry, error) { + signingOptions := signing.Options{ + AddressCodec: addressCodec, + ValidatorAddressCodec: validatorAddressCodec, +} + for _, signer := range customGetSigners { + signingOptions.DefineCustomGetSigners(signer.MsgType, signer.Fn) +} + +interfaceRegistry, err := codectypes.NewInterfaceRegistryWithOptions(codectypes.InterfaceRegistryOptions{ + ProtoFiles: proto.HybridResolver, + SigningOptions: signingOptions, +}) + if err != nil { + return nil, err +} + if err := interfaceRegistry.SigningContext().Validate(); err != nil { + return nil, err +} + +return interfaceRegistry, nil +} + +func registerStoreKey(wrapper *AppBuilder, key storetypes.StoreKey) { + wrapper.app.storeKeys = append(wrapper.app.storeKeys, key) +} + +func storeKeyOverride(config *runtimev1alpha1.Module, moduleName string) *runtimev1alpha1.StoreKeyConfig { + for _, cfg := range config.OverrideStoreKeys { + if cfg.ModuleName == moduleName { + return cfg +} + +} + +return nil +} + +func ProvideKVStoreKey(config *runtimev1alpha1.Module, key depinject.ModuleKey, app *AppBuilder) *storetypes.KVStoreKey { + if slices.Contains(config.SkipStoreKeys, key.Name()) { + return nil +} + override := storeKeyOverride(config, key.Name()) + +var storeKeyName string + if override != nil { + storeKeyName = override.KvStoreKey +} + +else { + storeKeyName = key.Name() +} + storeKey := storetypes.NewKVStoreKey(storeKeyName) + +registerStoreKey(app, storeKey) + +return storeKey +} + +func ProvideTransientStoreKey(config *runtimev1alpha1.Module, key depinject.ModuleKey, app *AppBuilder) *storetypes.TransientStoreKey { + if slices.Contains(config.SkipStoreKeys, key.Name()) { + return nil +} + storeKey := storetypes.NewTransientStoreKey(fmt.Sprintf("transient:%s", key.Name())) + +registerStoreKey(app, storeKey) + +return storeKey +} + +func ProvideMemoryStoreKey(config *runtimev1alpha1.Module, key depinject.ModuleKey, app *AppBuilder) *storetypes.MemoryStoreKey { + if slices.Contains(config.SkipStoreKeys, key.Name()) { + return nil +} + storeKey := storetypes.NewMemoryStoreKey(fmt.Sprintf("memory:%s", key.Name())) + +registerStoreKey(app, storeKey) + +return storeKey +} + +func ProvideGenesisTxHandler(appBuilder *AppBuilder) + +genesis.TxHandler { + return appBuilder.app +} + +func ProvideKVStoreService(config *runtimev1alpha1.Module, key depinject.ModuleKey, app *AppBuilder) + +store.KVStoreService { + storeKey := ProvideKVStoreKey(config, key, app) + +return kvStoreService{ + key: storeKey +} +} + +func ProvideMemoryStoreService(config *runtimev1alpha1.Module, key depinject.ModuleKey, app *AppBuilder) + +store.MemoryStoreService { + storeKey := ProvideMemoryStoreKey(config, key, app) + +return memStoreService{ + key: storeKey +} +} + +func ProvideTransientStoreService(config *runtimev1alpha1.Module, key depinject.ModuleKey, app *AppBuilder) + +store.TransientStoreService { + storeKey := ProvideTransientStoreKey(config, key, app) + +return transientStoreService{ + key: storeKey +} +} + +func ProvideEventService() + +event.Service { + return EventService{ +} +} + +func ProvideCometInfoService() + +comet.BlockInfoService { + return cometInfoService{ +} +} + +func ProvideHeaderInfoService(app *AppBuilder) + +header.Service { + return headerInfoService{ +} +} + +func ProvideBasicManager(app *AppBuilder) + +module.BasicManager { + return app.app.basicManager +} + +type ( + // ValidatorAddressCodec is an alias for address.Codec for validator addresses. + ValidatorAddressCodec address.Codec + + // ConsensusAddressCodec is an alias for address.Codec for validator consensus addresses. + ConsensusAddressCodec address.Codec +) + +type AddressCodecInputs struct { + depinject.In + + AuthConfig *authmodulev1.Module `optional:"true"` + StakingConfig *stakingmodulev1.Module `optional:"true"` + + AddressCodecFactory func() + +address.Codec `optional:"true"` + ValidatorAddressCodecFactory func() + +ValidatorAddressCodec `optional:"true"` + ConsensusAddressCodecFactory func() + +ConsensusAddressCodec `optional:"true"` +} + +// ProvideAddressCodec provides an address.Codec to the container for any +// modules that want to do address string <> bytes conversion. +func ProvideAddressCodec(in AddressCodecInputs) (address.Codec, ValidatorAddressCodec, ConsensusAddressCodec) { + if in.AddressCodecFactory != nil && in.ValidatorAddressCodecFactory != nil && in.ConsensusAddressCodecFactory != nil { + return in.AddressCodecFactory(), in.ValidatorAddressCodecFactory(), in.ConsensusAddressCodecFactory() +} + if in.AuthConfig == nil || in.AuthConfig.Bech32Prefix == "" { + panic("auth config bech32 prefix cannot be empty if no custom address codec is provided") +} + if in.StakingConfig == nil { + in.StakingConfig = &stakingmodulev1.Module{ +} + +} + if in.StakingConfig.Bech32PrefixValidator == "" { + in.StakingConfig.Bech32PrefixValidator = fmt.Sprintf("%svaloper", in.AuthConfig.Bech32Prefix) +} + if in.StakingConfig.Bech32PrefixConsensus == "" { + in.StakingConfig.Bech32PrefixConsensus = fmt.Sprintf("%svalcons", in.AuthConfig.Bech32Prefix) +} + +return addresscodec.NewBech32Codec(in.AuthConfig.Bech32Prefix), + addresscodec.NewBech32Codec(in.StakingConfig.Bech32PrefixValidator), + addresscodec.NewBech32Codec(in.StakingConfig.Bech32PrefixConsensus) +} +``` + +```go expandable +package runtime + +import ( + + "fmt" + "os" + "slices" + "github.com/cosmos/gogoproto/proto" + "google.golang.org/protobuf/reflect/protodesc" + "google.golang.org/protobuf/reflect/protoregistry" + + runtimev1alpha1 "cosmossdk.io/api/cosmos/app/runtime/v1alpha1" + appv1alpha1 "cosmossdk.io/api/cosmos/app/v1alpha1" + authmodulev1 "cosmossdk.io/api/cosmos/auth/module/v1" + stakingmodulev1 "cosmossdk.io/api/cosmos/staking/module/v1" + "cosmossdk.io/core/address" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/core/comet" + "cosmossdk.io/core/event" + "cosmossdk.io/core/genesis" + "cosmossdk.io/core/header" + "cosmossdk.io/core/store" + "cosmossdk.io/depinject" + "cosmossdk.io/log" + storetypes "cosmossdk.io/store/types" + "cosmossdk.io/x/tx/signing" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/codec" + addresscodec "github.com/cosmos/cosmos-sdk/codec/address" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + "github.com/cosmos/cosmos-sdk/std" + "github.com/cosmos/cosmos-sdk/types/module" + "github.com/cosmos/cosmos-sdk/types/msgservice" +) + +type appModule struct { + app *App +} + +func (m appModule) + +RegisterServices(configurator module.Configurator) { + err := m.app.registerRuntimeServices(configurator) + if err != nil { + panic(err) +} +} + +func (m appModule) + +IsOnePerModuleType() { +} + +func (m appModule) + +IsAppModule() { +} + +var ( + _ appmodule.AppModule = appModule{ +} + _ module.HasServices = appModule{ +} +) + +// BaseAppOption is a depinject.AutoGroupType which can be used to pass +// BaseApp options into the depinject. It should be used carefully. +type BaseAppOption func(*baseapp.BaseApp) + +// IsManyPerContainerType indicates that this is a depinject.ManyPerContainerType. +func (b BaseAppOption) + +IsManyPerContainerType() { +} + +func init() { + appmodule.Register(&runtimev1alpha1.Module{ +}, + appmodule.Provide( + ProvideApp, + ProvideInterfaceRegistry, + ProvideKVStoreKey, + ProvideTransientStoreKey, + ProvideMemoryStoreKey, + ProvideGenesisTxHandler, + ProvideKVStoreService, + ProvideMemoryStoreService, + ProvideTransientStoreService, + ProvideEventService, + ProvideHeaderInfoService, + ProvideCometInfoService, + ProvideBasicManager, + ProvideAddressCodec, + ), + appmodule.Invoke(SetupAppBuilder), + ) +} + +func ProvideApp(interfaceRegistry codectypes.InterfaceRegistry) ( + codec.Codec, + *codec.LegacyAmino, + *AppBuilder, + *baseapp.MsgServiceRouter, + *baseapp.GRPCQueryRouter, + appmodule.AppModule, + protodesc.Resolver, + protoregistry.MessageTypeResolver, + error, +) { + protoFiles := proto.HybridResolver + protoTypes := protoregistry.GlobalTypes + + // At startup, check that all proto annotations are correct. + if err := msgservice.ValidateProtoAnnotations(protoFiles); err != nil { + // Once we switch to using protoreflect-based ante handlers, we might + // want to panic here instead of logging a warning. + _, _ = fmt.Fprintln(os.Stderr, err.Error()) +} + amino := codec.NewLegacyAmino() + +std.RegisterInterfaces(interfaceRegistry) + +std.RegisterLegacyAminoCodec(amino) + cdc := codec.NewProtoCodec(interfaceRegistry) + msgServiceRouter := baseapp.NewMsgServiceRouter() + grpcQueryRouter := baseapp.NewGRPCQueryRouter() + app := &App{ + storeKeys: nil, + interfaceRegistry: interfaceRegistry, + cdc: cdc, + amino: amino, + basicManager: module.BasicManager{ +}, + msgServiceRouter: msgServiceRouter, + grpcQueryRouter: grpcQueryRouter, +} + appBuilder := &AppBuilder{ + app +} + +return cdc, amino, appBuilder, msgServiceRouter, grpcQueryRouter, appModule{ + app +}, protoFiles, protoTypes, nil +} + +type AppInputs struct { + depinject.In + + AppConfig *appv1alpha1.Config `optional:"true"` + Config *runtimev1alpha1.Module + AppBuilder *AppBuilder + Modules map[string]appmodule.AppModule + CustomModuleBasics map[string]module.AppModuleBasic `optional:"true"` + BaseAppOptions []BaseAppOption + InterfaceRegistry codectypes.InterfaceRegistry + LegacyAmino *codec.LegacyAmino + Logger log.Logger +} + +func SetupAppBuilder(inputs AppInputs) { + app := inputs.AppBuilder.app + app.baseAppOptions = inputs.BaseAppOptions + app.config = inputs.Config + app.appConfig = inputs.AppConfig + app.logger = inputs.Logger + app.ModuleManager = module.NewManagerFromMap(inputs.Modules) + for name, mod := range inputs.Modules { + if customBasicMod, ok := inputs.CustomModuleBasics[name]; ok { + app.basicManager[name] = customBasicMod + customBasicMod.RegisterInterfaces(inputs.InterfaceRegistry) + +customBasicMod.RegisterLegacyAminoCodec(inputs.LegacyAmino) + +continue +} + coreAppModuleBasic := module.CoreAppModuleBasicAdaptor(name, mod) + +app.basicManager[name] = coreAppModuleBasic + coreAppModuleBasic.RegisterInterfaces(inputs.InterfaceRegistry) + +coreAppModuleBasic.RegisterLegacyAminoCodec(inputs.LegacyAmino) +} +} + +func ProvideInterfaceRegistry(addressCodec address.Codec, validatorAddressCodec ValidatorAddressCodec, customGetSigners []signing.CustomGetSigner) (codectypes.InterfaceRegistry, error) { + signingOptions := signing.Options{ + AddressCodec: addressCodec, + ValidatorAddressCodec: validatorAddressCodec, +} + for _, signer := range customGetSigners { + signingOptions.DefineCustomGetSigners(signer.MsgType, signer.Fn) +} + +interfaceRegistry, err := codectypes.NewInterfaceRegistryWithOptions(codectypes.InterfaceRegistryOptions{ + ProtoFiles: proto.HybridResolver, + SigningOptions: signingOptions, +}) + if err != nil { + return nil, err +} + if err := interfaceRegistry.SigningContext().Validate(); err != nil { + return nil, err +} + +return interfaceRegistry, nil +} + +func registerStoreKey(wrapper *AppBuilder, key storetypes.StoreKey) { + wrapper.app.storeKeys = append(wrapper.app.storeKeys, key) +} + +func storeKeyOverride(config *runtimev1alpha1.Module, moduleName string) *runtimev1alpha1.StoreKeyConfig { + for _, cfg := range config.OverrideStoreKeys { + if cfg.ModuleName == moduleName { + return cfg +} + +} + +return nil +} + +func ProvideKVStoreKey(config *runtimev1alpha1.Module, key depinject.ModuleKey, app *AppBuilder) *storetypes.KVStoreKey { + if slices.Contains(config.SkipStoreKeys, key.Name()) { + return nil +} + override := storeKeyOverride(config, key.Name()) + +var storeKeyName string + if override != nil { + storeKeyName = override.KvStoreKey +} + +else { + storeKeyName = key.Name() +} + storeKey := storetypes.NewKVStoreKey(storeKeyName) + +registerStoreKey(app, storeKey) + +return storeKey +} + +func ProvideTransientStoreKey(config *runtimev1alpha1.Module, key depinject.ModuleKey, app *AppBuilder) *storetypes.TransientStoreKey { + if slices.Contains(config.SkipStoreKeys, key.Name()) { + return nil +} + storeKey := storetypes.NewTransientStoreKey(fmt.Sprintf("transient:%s", key.Name())) + +registerStoreKey(app, storeKey) + +return storeKey +} + +func ProvideMemoryStoreKey(config *runtimev1alpha1.Module, key depinject.ModuleKey, app *AppBuilder) *storetypes.MemoryStoreKey { + if slices.Contains(config.SkipStoreKeys, key.Name()) { + return nil +} + storeKey := storetypes.NewMemoryStoreKey(fmt.Sprintf("memory:%s", key.Name())) + +registerStoreKey(app, storeKey) + +return storeKey +} + +func ProvideGenesisTxHandler(appBuilder *AppBuilder) + +genesis.TxHandler { + return appBuilder.app +} + +func ProvideKVStoreService(config *runtimev1alpha1.Module, key depinject.ModuleKey, app *AppBuilder) + +store.KVStoreService { + storeKey := ProvideKVStoreKey(config, key, app) + +return kvStoreService{ + key: storeKey +} +} + +func ProvideMemoryStoreService(config *runtimev1alpha1.Module, key depinject.ModuleKey, app *AppBuilder) + +store.MemoryStoreService { + storeKey := ProvideMemoryStoreKey(config, key, app) + +return memStoreService{ + key: storeKey +} +} + +func ProvideTransientStoreService(config *runtimev1alpha1.Module, key depinject.ModuleKey, app *AppBuilder) + +store.TransientStoreService { + storeKey := ProvideTransientStoreKey(config, key, app) + +return transientStoreService{ + key: storeKey +} +} + +func ProvideEventService() + +event.Service { + return EventService{ +} +} + +func ProvideCometInfoService() + +comet.BlockInfoService { + return cometInfoService{ +} +} + +func ProvideHeaderInfoService(app *AppBuilder) + +header.Service { + return headerInfoService{ +} +} + +func ProvideBasicManager(app *AppBuilder) + +module.BasicManager { + return app.app.basicManager +} + +type ( + // ValidatorAddressCodec is an alias for address.Codec for validator addresses. + ValidatorAddressCodec address.Codec + + // ConsensusAddressCodec is an alias for address.Codec for validator consensus addresses. + ConsensusAddressCodec address.Codec +) + +type AddressCodecInputs struct { + depinject.In + + AuthConfig *authmodulev1.Module `optional:"true"` + StakingConfig *stakingmodulev1.Module `optional:"true"` + + AddressCodecFactory func() + +address.Codec `optional:"true"` + ValidatorAddressCodecFactory func() + +ValidatorAddressCodec `optional:"true"` + ConsensusAddressCodecFactory func() + +ConsensusAddressCodec `optional:"true"` +} + +// ProvideAddressCodec provides an address.Codec to the container for any +// modules that want to do address string <> bytes conversion. +func ProvideAddressCodec(in AddressCodecInputs) (address.Codec, ValidatorAddressCodec, ConsensusAddressCodec) { + if in.AddressCodecFactory != nil && in.ValidatorAddressCodecFactory != nil && in.ConsensusAddressCodecFactory != nil { + return in.AddressCodecFactory(), in.ValidatorAddressCodecFactory(), in.ConsensusAddressCodecFactory() +} + if in.AuthConfig == nil || in.AuthConfig.Bech32Prefix == "" { + panic("auth config bech32 prefix cannot be empty if no custom address codec is provided") +} + if in.StakingConfig == nil { + in.StakingConfig = &stakingmodulev1.Module{ +} + +} + if in.StakingConfig.Bech32PrefixValidator == "" { + in.StakingConfig.Bech32PrefixValidator = fmt.Sprintf("%svaloper", in.AuthConfig.Bech32Prefix) +} + if in.StakingConfig.Bech32PrefixConsensus == "" { + in.StakingConfig.Bech32PrefixConsensus = fmt.Sprintf("%svalcons", in.AuthConfig.Bech32Prefix) +} + +return addresscodec.NewBech32Codec(in.AuthConfig.Bech32Prefix), + addresscodec.NewBech32Codec(in.StakingConfig.Bech32PrefixValidator), + addresscodec.NewBech32Codec(in.StakingConfig.Bech32PrefixConsensus) +} +``` diff --git a/docs/sdk/next/build/building-modules/msg-services.mdx b/docs/sdk/next/build/building-modules/msg-services.mdx new file mode 100644 index 00000000..14a2e3e9 --- /dev/null +++ b/docs/sdk/next/build/building-modules/msg-services.mdx @@ -0,0 +1,3598 @@ +--- +title: '`Msg` Services' +--- + +**Synopsis** +A Protobuf `Msg` service processes [messages](/docs/sdk/vnext/build/building-modules/messages-and-queries#messages). Protobuf `Msg` services are specific to the module in which they are defined, and only process messages defined within the said module. They are called from `BaseApp` during [`DeliverTx`](/docs/sdk/vnext/learn/advanced/baseapp#delivertx). + + + +**Pre-requisite Readings** + +* [Module Manager](/docs/sdk/vnext/build/building-modules/module-manager) +* [Messages and Queries](/docs/sdk/vnext/build/building-modules/messages-and-queries) + + + +## Implementation of a module `Msg` service + +Each module should define a Protobuf `Msg` service, which will be responsible for processing requests (implementing `sdk.Msg`) and returning responses. + +As further described in [ADR 031](/docs/sdk/vnext/../architecture/adr-031-msg-service), this approach has the advantage of clearly specifying return types and generating server and client code. + +Protobuf generates a `MsgServer` interface based on a definition of `Msg` service. It is the role of the module developer to implement this interface, by implementing the state transition logic that should happen upon receival of each `sdk.Msg`. As an example, here is the generated `MsgServer` interface for `x/bank`, which exposes two `sdk.Msg`s: + +```go expandable +// Code generated by protoc-gen-gogo. DO NOT EDIT. +// source: cosmos/bank/v1beta1/tx.proto + +package types + +import ( + + context "context" + fmt "fmt" + _ "github.com/cosmos/cosmos-proto" + github_com_cosmos_cosmos_sdk_types "github.com/cosmos/cosmos-sdk/types" + types "github.com/cosmos/cosmos-sdk/types" + _ "github.com/cosmos/cosmos-sdk/types/msgservice" + _ "github.com/cosmos/cosmos-sdk/types/tx/amino" + _ "github.com/cosmos/gogoproto/gogoproto" + grpc1 "github.com/cosmos/gogoproto/grpc" + proto "github.com/cosmos/gogoproto/proto" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" + io "io" + math "math" + math_bits "math/bits" +) + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package + +// MsgSend represents a message to send coins from one account to another. +type MsgSend struct { + FromAddress string `protobuf:"bytes,1,opt,name=from_address,json=fromAddress,proto3" json:"from_address,omitempty"` + ToAddress string `protobuf:"bytes,2,opt,name=to_address,json=toAddress,proto3" json:"to_address,omitempty"` + Amount github_com_cosmos_cosmos_sdk_types.Coins `protobuf:"bytes,3,rep,name=amount,proto3,castrepeated=github.com/cosmos/cosmos-sdk/types.Coins" json:"amount"` +} + +func (m *MsgSend) + +Reset() { *m = MsgSend{ +} +} + +func (m *MsgSend) + +String() + +string { + return proto.CompactTextString(m) +} + +func (*MsgSend) + +ProtoMessage() { +} + +func (*MsgSend) + +Descriptor() ([]byte, []int) { + return fileDescriptor_1d8cb1613481f5b7, []int{0 +} +} + +func (m *MsgSend) + +XXX_Unmarshal(b []byte) + +error { + return m.Unmarshal(b) +} + +func (m *MsgSend) + +XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_MsgSend.Marshal(b, m, deterministic) +} + +else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err +} + +return b[:n], nil +} +} + +func (m *MsgSend) + +XXX_Merge(src proto.Message) { + xxx_messageInfo_MsgSend.Merge(m, src) +} + +func (m *MsgSend) + +XXX_Size() + +int { + return m.Size() +} + +func (m *MsgSend) + +XXX_DiscardUnknown() { + xxx_messageInfo_MsgSend.DiscardUnknown(m) +} + +var xxx_messageInfo_MsgSend proto.InternalMessageInfo + +// MsgSendResponse defines the Msg/Send response type. +type MsgSendResponse struct { +} + +func (m *MsgSendResponse) + +Reset() { *m = MsgSendResponse{ +} +} + +func (m *MsgSendResponse) + +String() + +string { + return proto.CompactTextString(m) +} + +func (*MsgSendResponse) + +ProtoMessage() { +} + +func (*MsgSendResponse) + +Descriptor() ([]byte, []int) { + return fileDescriptor_1d8cb1613481f5b7, []int{1 +} +} + +func (m *MsgSendResponse) + +XXX_Unmarshal(b []byte) + +error { + return m.Unmarshal(b) +} + +func (m *MsgSendResponse) + +XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_MsgSendResponse.Marshal(b, m, deterministic) +} + +else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err +} + +return b[:n], nil +} +} + +func (m *MsgSendResponse) + +XXX_Merge(src proto.Message) { + xxx_messageInfo_MsgSendResponse.Merge(m, src) +} + +func (m *MsgSendResponse) + +XXX_Size() + +int { + return m.Size() +} + +func (m *MsgSendResponse) + +XXX_DiscardUnknown() { + xxx_messageInfo_MsgSendResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_MsgSendResponse proto.InternalMessageInfo + +// MsgMultiSend represents an arbitrary multi-in, multi-out send message. +type MsgMultiSend struct { + // Inputs, despite being `repeated`, only allows one sender input. This is + // checked in MsgMultiSend's ValidateBasic. + Inputs []Input `protobuf:"bytes,1,rep,name=inputs,proto3" json:"inputs"` + Outputs []Output `protobuf:"bytes,2,rep,name=outputs,proto3" json:"outputs"` +} + +func (m *MsgMultiSend) + +Reset() { *m = MsgMultiSend{ +} +} + +func (m *MsgMultiSend) + +String() + +string { + return proto.CompactTextString(m) +} + +func (*MsgMultiSend) + +ProtoMessage() { +} + +func (*MsgMultiSend) + +Descriptor() ([]byte, []int) { + return fileDescriptor_1d8cb1613481f5b7, []int{2 +} +} + +func (m *MsgMultiSend) + +XXX_Unmarshal(b []byte) + +error { + return m.Unmarshal(b) +} + +func (m *MsgMultiSend) + +XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_MsgMultiSend.Marshal(b, m, deterministic) +} + +else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err +} + +return b[:n], nil +} +} + +func (m *MsgMultiSend) + +XXX_Merge(src proto.Message) { + xxx_messageInfo_MsgMultiSend.Merge(m, src) +} + +func (m *MsgMultiSend) + +XXX_Size() + +int { + return m.Size() +} + +func (m *MsgMultiSend) + +XXX_DiscardUnknown() { + xxx_messageInfo_MsgMultiSend.DiscardUnknown(m) +} + +var xxx_messageInfo_MsgMultiSend proto.InternalMessageInfo + +func (m *MsgMultiSend) + +GetInputs() []Input { + if m != nil { + return m.Inputs +} + +return nil +} + +func (m *MsgMultiSend) + +GetOutputs() []Output { + if m != nil { + return m.Outputs +} + +return nil +} + +// MsgMultiSendResponse defines the Msg/MultiSend response type. +type MsgMultiSendResponse struct { +} + +func (m *MsgMultiSendResponse) + +Reset() { *m = MsgMultiSendResponse{ +} +} + +func (m *MsgMultiSendResponse) + +String() + +string { + return proto.CompactTextString(m) +} + +func (*MsgMultiSendResponse) + +ProtoMessage() { +} + +func (*MsgMultiSendResponse) + +Descriptor() ([]byte, []int) { + return fileDescriptor_1d8cb1613481f5b7, []int{3 +} +} + +func (m *MsgMultiSendResponse) + +XXX_Unmarshal(b []byte) + +error { + return m.Unmarshal(b) +} + +func (m *MsgMultiSendResponse) + +XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_MsgMultiSendResponse.Marshal(b, m, deterministic) +} + +else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err +} + +return b[:n], nil +} +} + +func (m *MsgMultiSendResponse) + +XXX_Merge(src proto.Message) { + xxx_messageInfo_MsgMultiSendResponse.Merge(m, src) +} + +func (m *MsgMultiSendResponse) + +XXX_Size() + +int { + return m.Size() +} + +func (m *MsgMultiSendResponse) + +XXX_DiscardUnknown() { + xxx_messageInfo_MsgMultiSendResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_MsgMultiSendResponse proto.InternalMessageInfo + +// MsgUpdateParams is the Msg/UpdateParams request type. +// +// Since: cosmos-sdk 0.47 +type MsgUpdateParams struct { + // authority is the address that controls the module (defaults to x/gov unless overwritten). + Authority string `protobuf:"bytes,1,opt,name=authority,proto3" json:"authority,omitempty"` + // params defines the x/bank parameters to update. + // + // NOTE: All parameters must be supplied. + Params Params `protobuf:"bytes,2,opt,name=params,proto3" json:"params"` +} + +func (m *MsgUpdateParams) + +Reset() { *m = MsgUpdateParams{ +} +} + +func (m *MsgUpdateParams) + +String() + +string { + return proto.CompactTextString(m) +} + +func (*MsgUpdateParams) + +ProtoMessage() { +} + +func (*MsgUpdateParams) + +Descriptor() ([]byte, []int) { + return fileDescriptor_1d8cb1613481f5b7, []int{4 +} +} + +func (m *MsgUpdateParams) + +XXX_Unmarshal(b []byte) + +error { + return m.Unmarshal(b) +} + +func (m *MsgUpdateParams) + +XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_MsgUpdateParams.Marshal(b, m, deterministic) +} + +else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err +} + +return b[:n], nil +} +} + +func (m *MsgUpdateParams) + +XXX_Merge(src proto.Message) { + xxx_messageInfo_MsgUpdateParams.Merge(m, src) +} + +func (m *MsgUpdateParams) + +XXX_Size() + +int { + return m.Size() +} + +func (m *MsgUpdateParams) + +XXX_DiscardUnknown() { + xxx_messageInfo_MsgUpdateParams.DiscardUnknown(m) +} + +var xxx_messageInfo_MsgUpdateParams proto.InternalMessageInfo + +func (m *MsgUpdateParams) + +GetAuthority() + +string { + if m != nil { + return m.Authority +} + +return "" +} + +func (m *MsgUpdateParams) + +GetParams() + +Params { + if m != nil { + return m.Params +} + +return Params{ +} +} + +// MsgUpdateParamsResponse defines the response structure for executing a +// MsgUpdateParams message. +// +// Since: cosmos-sdk 0.47 +type MsgUpdateParamsResponse struct { +} + +func (m *MsgUpdateParamsResponse) + +Reset() { *m = MsgUpdateParamsResponse{ +} +} + +func (m *MsgUpdateParamsResponse) + +String() + +string { + return proto.CompactTextString(m) +} + +func (*MsgUpdateParamsResponse) + +ProtoMessage() { +} + +func (*MsgUpdateParamsResponse) + +Descriptor() ([]byte, []int) { + return fileDescriptor_1d8cb1613481f5b7, []int{5 +} +} + +func (m *MsgUpdateParamsResponse) + +XXX_Unmarshal(b []byte) + +error { + return m.Unmarshal(b) +} + +func (m *MsgUpdateParamsResponse) + +XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_MsgUpdateParamsResponse.Marshal(b, m, deterministic) +} + +else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err +} + +return b[:n], nil +} +} + +func (m *MsgUpdateParamsResponse) + +XXX_Merge(src proto.Message) { + xxx_messageInfo_MsgUpdateParamsResponse.Merge(m, src) +} + +func (m *MsgUpdateParamsResponse) + +XXX_Size() + +int { + return m.Size() +} + +func (m *MsgUpdateParamsResponse) + +XXX_DiscardUnknown() { + xxx_messageInfo_MsgUpdateParamsResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_MsgUpdateParamsResponse proto.InternalMessageInfo + +// MsgSetSendEnabled is the Msg/SetSendEnabled request type. +// +// Only entries to add/update/delete need to be included. +// Existing SendEnabled entries that are not included in this +// message are left unchanged. +// +// Since: cosmos-sdk 0.47 +type MsgSetSendEnabled struct { + Authority string `protobuf:"bytes,1,opt,name=authority,proto3" json:"authority,omitempty"` + // send_enabled is the list of entries to add or update. + SendEnabled []*SendEnabled `protobuf:"bytes,2,rep,name=send_enabled,json=sendEnabled,proto3" json:"send_enabled,omitempty"` + // use_default_for is a list of denoms that should use the params.default_send_enabled value. + // Denoms listed here will have their SendEnabled entries deleted. + // If a denom is included that doesn't have a SendEnabled entry, + // it will be ignored. + UseDefaultFor []string `protobuf:"bytes,3,rep,name=use_default_for,json=useDefaultFor,proto3" json:"use_default_for,omitempty"` +} + +func (m *MsgSetSendEnabled) + +Reset() { *m = MsgSetSendEnabled{ +} +} + +func (m *MsgSetSendEnabled) + +String() + +string { + return proto.CompactTextString(m) +} + +func (*MsgSetSendEnabled) + +ProtoMessage() { +} + +func (*MsgSetSendEnabled) + +Descriptor() ([]byte, []int) { + return fileDescriptor_1d8cb1613481f5b7, []int{6 +} +} + +func (m *MsgSetSendEnabled) + +XXX_Unmarshal(b []byte) + +error { + return m.Unmarshal(b) +} + +func (m *MsgSetSendEnabled) + +XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_MsgSetSendEnabled.Marshal(b, m, deterministic) +} + +else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err +} + +return b[:n], nil +} +} + +func (m *MsgSetSendEnabled) + +XXX_Merge(src proto.Message) { + xxx_messageInfo_MsgSetSendEnabled.Merge(m, src) +} + +func (m *MsgSetSendEnabled) + +XXX_Size() + +int { + return m.Size() +} + +func (m *MsgSetSendEnabled) + +XXX_DiscardUnknown() { + xxx_messageInfo_MsgSetSendEnabled.DiscardUnknown(m) +} + +var xxx_messageInfo_MsgSetSendEnabled proto.InternalMessageInfo + +func (m *MsgSetSendEnabled) + +GetAuthority() + +string { + if m != nil { + return m.Authority +} + +return "" +} + +func (m *MsgSetSendEnabled) + +GetSendEnabled() []*SendEnabled { + if m != nil { + return m.SendEnabled +} + +return nil +} + +func (m *MsgSetSendEnabled) + +GetUseDefaultFor() []string { + if m != nil { + return m.UseDefaultFor +} + +return nil +} + +// MsgSetSendEnabledResponse defines the Msg/SetSendEnabled response type. +// +// Since: cosmos-sdk 0.47 +type MsgSetSendEnabledResponse struct { +} + +func (m *MsgSetSendEnabledResponse) + +Reset() { *m = MsgSetSendEnabledResponse{ +} +} + +func (m *MsgSetSendEnabledResponse) + +String() + +string { + return proto.CompactTextString(m) +} + +func (*MsgSetSendEnabledResponse) + +ProtoMessage() { +} + +func (*MsgSetSendEnabledResponse) + +Descriptor() ([]byte, []int) { + return fileDescriptor_1d8cb1613481f5b7, []int{7 +} +} + +func (m *MsgSetSendEnabledResponse) + +XXX_Unmarshal(b []byte) + +error { + return m.Unmarshal(b) +} + +func (m *MsgSetSendEnabledResponse) + +XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_MsgSetSendEnabledResponse.Marshal(b, m, deterministic) +} + +else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err +} + +return b[:n], nil +} +} + +func (m *MsgSetSendEnabledResponse) + +XXX_Merge(src proto.Message) { + xxx_messageInfo_MsgSetSendEnabledResponse.Merge(m, src) +} + +func (m *MsgSetSendEnabledResponse) + +XXX_Size() + +int { + return m.Size() +} + +func (m *MsgSetSendEnabledResponse) + +XXX_DiscardUnknown() { + xxx_messageInfo_MsgSetSendEnabledResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_MsgSetSendEnabledResponse proto.InternalMessageInfo + +func init() { + proto.RegisterType((*MsgSend)(nil), "cosmos.bank.v1beta1.MsgSend") + +proto.RegisterType((*MsgSendResponse)(nil), "cosmos.bank.v1beta1.MsgSendResponse") + +proto.RegisterType((*MsgMultiSend)(nil), "cosmos.bank.v1beta1.MsgMultiSend") + +proto.RegisterType((*MsgMultiSendResponse)(nil), "cosmos.bank.v1beta1.MsgMultiSendResponse") + +proto.RegisterType((*MsgUpdateParams)(nil), "cosmos.bank.v1beta1.MsgUpdateParams") + +proto.RegisterType((*MsgUpdateParamsResponse)(nil), "cosmos.bank.v1beta1.MsgUpdateParamsResponse") + +proto.RegisterType((*MsgSetSendEnabled)(nil), "cosmos.bank.v1beta1.MsgSetSendEnabled") + +proto.RegisterType((*MsgSetSendEnabledResponse)(nil), "cosmos.bank.v1beta1.MsgSetSendEnabledResponse") +} + +func init() { + proto.RegisterFile("cosmos/bank/v1beta1/tx.proto", fileDescriptor_1d8cb1613481f5b7) +} + +var fileDescriptor_1d8cb1613481f5b7 = []byte{ + // 700 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x54, 0xcf, 0x4f, 0xd3, 0x50, + 0x1c, 0x5f, 0x99, 0x8e, 0xec, 0x31, 0x25, 0x54, 0x22, 0xac, 0x90, 0x0e, 0x16, 0x43, 0x00, 0xa5, + 0x15, 0x34, 0x9a, 0xcc, 0x68, 0x74, 0x28, 0x89, 0x26, 0x8b, 0x66, 0xc4, 0x83, 0x5e, 0x96, 0xd7, + 0xf5, 0x51, 0x1a, 0xd6, 0xbe, 0xa6, 0xef, 0x95, 0xb0, 0x9b, 0x7a, 0x32, 0x9e, 0x3c, 0x7b, 0xe2, + 0x68, 0x8c, 0x07, 0x0e, 0x1e, 0x4d, 0xbc, 0x72, 0x24, 0x9e, 0x3c, 0xa9, 0x81, 0x03, 0xfa, 0x5f, + 0x98, 0xf7, 0xa3, 0xa5, 0x8c, 0x8d, 0x11, 0x2f, 0x6b, 0xf7, 0x3e, 0x3f, 0xbe, 0xef, 0xf3, 0xed, + 0xf7, 0x3d, 0x30, 0xd9, 0xc4, 0xc4, 0xc3, 0xc4, 0xb4, 0xa0, 0xbf, 0x61, 0x6e, 0x2e, 0x5a, 0x88, + 0xc2, 0x45, 0x93, 0x6e, 0x19, 0x41, 0x88, 0x29, 0x56, 0x2f, 0x09, 0xd4, 0x60, 0xa8, 0x21, 0x51, + 0x6d, 0xd4, 0xc1, 0x0e, 0xe6, 0xb8, 0xc9, 0xde, 0x04, 0x55, 0xd3, 0x13, 0x23, 0x82, 0x12, 0xa3, + 0x26, 0x76, 0xfd, 0x13, 0x78, 0xaa, 0x10, 0xf7, 0x15, 0x78, 0x51, 0xe0, 0x0d, 0x61, 0x2c, 0xeb, + 0x0a, 0x68, 0x4c, 0x4a, 0x3d, 0xe2, 0x98, 0x9b, 0x8b, 0xec, 0x21, 0x81, 0x11, 0xe8, 0xb9, 0x3e, + 0x36, 0xf9, 0xaf, 0x58, 0x2a, 0x7f, 0x1e, 0x00, 0x83, 0x35, 0xe2, 0xac, 0x22, 0xdf, 0x56, 0xef, + 0x80, 0xc2, 0x5a, 0x88, 0xbd, 0x06, 0xb4, 0xed, 0x10, 0x11, 0x32, 0xae, 0x4c, 0x29, 0xb3, 0xf9, + 0xea, 0xf8, 0xf7, 0x2f, 0x0b, 0xa3, 0xd2, 0xff, 0x81, 0x40, 0x56, 0x69, 0xe8, 0xfa, 0x4e, 0x7d, + 0x88, 0xb1, 0xe5, 0x92, 0x7a, 0x1b, 0x00, 0x8a, 0x13, 0xe9, 0x40, 0x1f, 0x69, 0x9e, 0xe2, 0x58, + 0xd8, 0x06, 0x39, 0xe8, 0xe1, 0xc8, 0xa7, 0xe3, 0xd9, 0xa9, 0xec, 0xec, 0xd0, 0x52, 0xd1, 0x48, + 0x9a, 0x48, 0x50, 0xdc, 0x44, 0x63, 0x19, 0xbb, 0x7e, 0x75, 0x65, 0xf7, 0x67, 0x29, 0xf3, 0xe9, + 0x57, 0x69, 0xd6, 0x71, 0xe9, 0x7a, 0x64, 0x19, 0x4d, 0xec, 0xc9, 0xe4, 0xf2, 0xb1, 0x40, 0xec, + 0x0d, 0x93, 0xb6, 0x03, 0x44, 0xb8, 0x80, 0x7c, 0x38, 0xdc, 0x99, 0x2f, 0xb4, 0x90, 0x03, 0x9b, + 0xed, 0x06, 0xeb, 0x2d, 0xf9, 0x78, 0xb8, 0x33, 0xaf, 0xd4, 0x65, 0xc1, 0xca, 0xf5, 0xb7, 0xdb, + 0xa5, 0xcc, 0x9f, 0xed, 0x52, 0xe6, 0x0d, 0xe3, 0xa5, 0xb3, 0xbf, 0x3b, 0xdc, 0x99, 0x57, 0x53, + 0x9e, 0xb2, 0x45, 0xe5, 0x11, 0x30, 0x2c, 0x5f, 0xeb, 0x88, 0x04, 0xd8, 0x27, 0xa8, 0xfc, 0x55, + 0x01, 0x85, 0x1a, 0x71, 0x6a, 0x51, 0x8b, 0xba, 0xbc, 0x8d, 0x77, 0x41, 0xce, 0xf5, 0x83, 0x88, + 0xb2, 0x06, 0xb2, 0x40, 0x9a, 0xd1, 0x65, 0x2a, 0x8c, 0xc7, 0x8c, 0x52, 0xcd, 0xb3, 0x44, 0x72, + 0x53, 0x42, 0xa4, 0xde, 0x07, 0x83, 0x38, 0xa2, 0x5c, 0x3f, 0xc0, 0xf5, 0x13, 0x5d, 0xf5, 0x4f, + 0x39, 0x27, 0x6d, 0x10, 0xcb, 0x2a, 0x57, 0xe3, 0x48, 0xd2, 0x92, 0x85, 0x19, 0x3b, 0x1e, 0x26, + 0xd9, 0x6d, 0xf9, 0x32, 0x18, 0x4d, 0xff, 0x4f, 0x62, 0x7d, 0x53, 0x78, 0xd4, 0xe7, 0x81, 0x0d, + 0x29, 0x7a, 0x06, 0x43, 0xe8, 0x11, 0xf5, 0x16, 0xc8, 0xc3, 0x88, 0xae, 0xe3, 0xd0, 0xa5, 0xed, + 0xbe, 0xd3, 0x71, 0x44, 0x55, 0xef, 0x81, 0x5c, 0xc0, 0x1d, 0xf8, 0x5c, 0xf4, 0x4a, 0x24, 0x8a, + 0x1c, 0x6b, 0x89, 0x50, 0x55, 0x6e, 0xb2, 0x30, 0x47, 0x7e, 0x2c, 0xcf, 0x74, 0x2a, 0xcf, 0x96, + 0x38, 0x24, 0x1d, 0xbb, 0x2d, 0x17, 0xc1, 0x58, 0xc7, 0x52, 0x12, 0xee, 0xaf, 0x02, 0x46, 0xf8, + 0x77, 0xa4, 0x2c, 0xf3, 0x23, 0x1f, 0x5a, 0x2d, 0x64, 0xff, 0x77, 0xbc, 0x65, 0x50, 0x20, 0xc8, + 0xb7, 0x1b, 0x48, 0xf8, 0xc8, 0xcf, 0x36, 0xd5, 0x35, 0x64, 0xaa, 0x5e, 0x7d, 0x88, 0xa4, 0x8a, + 0xcf, 0x80, 0xe1, 0x88, 0xa0, 0x86, 0x8d, 0xd6, 0x60, 0xd4, 0xa2, 0x8d, 0x35, 0x1c, 0xf2, 0xf3, + 0x90, 0xaf, 0x5f, 0x88, 0x08, 0x7a, 0x28, 0x56, 0x57, 0x70, 0x58, 0x31, 0x4f, 0xf6, 0x62, 0xb2, + 0x73, 0x50, 0xd3, 0xa9, 0xca, 0x13, 0xa0, 0x78, 0x62, 0x31, 0x6e, 0xc4, 0xd2, 0xeb, 0x2c, 0xc8, + 0xd6, 0x88, 0xa3, 0x3e, 0x01, 0xe7, 0xf8, 0xec, 0x4e, 0x76, 0xdd, 0xb4, 0x1c, 0x79, 0xed, 0xca, + 0x69, 0x68, 0xec, 0xa9, 0xbe, 0x00, 0xf9, 0xa3, 0xc3, 0x30, 0xdd, 0x4b, 0x92, 0x50, 0xb4, 0xb9, + 0xbe, 0x94, 0xc4, 0xda, 0x02, 0x85, 0x63, 0x03, 0xd9, 0x73, 0x43, 0x69, 0x96, 0x76, 0xed, 0x2c, + 0xac, 0xa4, 0xc6, 0x3a, 0xb8, 0xd8, 0x31, 0x17, 0x33, 0xbd, 0x63, 0xa7, 0x79, 0x9a, 0x71, 0x36, + 0x5e, 0x5c, 0x49, 0x3b, 0xff, 0x8a, 0x4d, 0x79, 0x75, 0x79, 0x77, 0x5f, 0x57, 0xf6, 0xf6, 0x75, + 0xe5, 0xf7, 0xbe, 0xae, 0xbc, 0x3f, 0xd0, 0x33, 0x7b, 0x07, 0x7a, 0xe6, 0xc7, 0x81, 0x9e, 0x79, + 0x39, 0x77, 0xea, 0x3d, 0x27, 0xc7, 0x9e, 0x5f, 0x77, 0x56, 0x8e, 0x5f, 0xe7, 0x37, 0xfe, 0x05, + 0x00, 0x00, 0xff, 0xff, 0x5b, 0x5b, 0x43, 0xa9, 0xa0, 0x06, 0x00, 0x00, +} + +// Reference imports to suppress errors if they are not otherwise used. +var _ context.Context +var _ grpc.ClientConn + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +const _ = grpc.SupportPackageIsVersion4 + +// MsgClient is the client API for Msg service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. +type MsgClient interface { + // Send defines a method for sending coins from one account to another account. + Send(ctx context.Context, in *MsgSend, opts ...grpc.CallOption) (*MsgSendResponse, error) + // MultiSend defines a method for sending coins from some accounts to other accounts. + MultiSend(ctx context.Context, in *MsgMultiSend, opts ...grpc.CallOption) (*MsgMultiSendResponse, error) + // UpdateParams defines a governance operation for updating the x/bank module parameters. + // The authority is defined in the keeper. + // + // Since: cosmos-sdk 0.47 + UpdateParams(ctx context.Context, in *MsgUpdateParams, opts ...grpc.CallOption) (*MsgUpdateParamsResponse, error) + // SetSendEnabled is a governance operation for setting the SendEnabled flag + // on any number of Denoms. Only the entries to add or update should be + // included. Entries that already exist in the store, but that aren't + // included in this message, will be left unchanged. + // + // Since: cosmos-sdk 0.47 + SetSendEnabled(ctx context.Context, in *MsgSetSendEnabled, opts ...grpc.CallOption) (*MsgSetSendEnabledResponse, error) +} + +type msgClient struct { + cc grpc1.ClientConn +} + +func NewMsgClient(cc grpc1.ClientConn) + +MsgClient { + return &msgClient{ + cc +} +} + +func (c *msgClient) + +Send(ctx context.Context, in *MsgSend, opts ...grpc.CallOption) (*MsgSendResponse, error) { + out := new(MsgSendResponse) + err := c.cc.Invoke(ctx, "/cosmos.bank.v1beta1.Msg/Send", in, out, opts...) + if err != nil { + return nil, err +} + +return out, nil +} + +func (c *msgClient) + +MultiSend(ctx context.Context, in *MsgMultiSend, opts ...grpc.CallOption) (*MsgMultiSendResponse, error) { + out := new(MsgMultiSendResponse) + err := c.cc.Invoke(ctx, "/cosmos.bank.v1beta1.Msg/MultiSend", in, out, opts...) + if err != nil { + return nil, err +} + +return out, nil +} + +func (c *msgClient) + +UpdateParams(ctx context.Context, in *MsgUpdateParams, opts ...grpc.CallOption) (*MsgUpdateParamsResponse, error) { + out := new(MsgUpdateParamsResponse) + err := c.cc.Invoke(ctx, "/cosmos.bank.v1beta1.Msg/UpdateParams", in, out, opts...) + if err != nil { + return nil, err +} + +return out, nil +} + +func (c *msgClient) + +SetSendEnabled(ctx context.Context, in *MsgSetSendEnabled, opts ...grpc.CallOption) (*MsgSetSendEnabledResponse, error) { + out := new(MsgSetSendEnabledResponse) + err := c.cc.Invoke(ctx, "/cosmos.bank.v1beta1.Msg/SetSendEnabled", in, out, opts...) + if err != nil { + return nil, err +} + +return out, nil +} + +// MsgServer is the server API for Msg service. +type MsgServer interface { + // Send defines a method for sending coins from one account to another account. + Send(context.Context, *MsgSend) (*MsgSendResponse, error) + // MultiSend defines a method for sending coins from some accounts to other accounts. + MultiSend(context.Context, *MsgMultiSend) (*MsgMultiSendResponse, error) + // UpdateParams defines a governance operation for updating the x/bank module parameters. + // The authority is defined in the keeper. + // + // Since: cosmos-sdk 0.47 + UpdateParams(context.Context, *MsgUpdateParams) (*MsgUpdateParamsResponse, error) + // SetSendEnabled is a governance operation for setting the SendEnabled flag + // on any number of Denoms. Only the entries to add or update should be + // included. Entries that already exist in the store, but that aren't + // included in this message, will be left unchanged. + // + // Since: cosmos-sdk 0.47 + SetSendEnabled(context.Context, *MsgSetSendEnabled) (*MsgSetSendEnabledResponse, error) +} + +// UnimplementedMsgServer can be embedded to have forward compatible implementations. +type UnimplementedMsgServer struct { +} + +func (*UnimplementedMsgServer) + +Send(ctx context.Context, req *MsgSend) (*MsgSendResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Send not implemented") +} + +func (*UnimplementedMsgServer) + +MultiSend(ctx context.Context, req *MsgMultiSend) (*MsgMultiSendResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method MultiSend not implemented") +} + +func (*UnimplementedMsgServer) + +UpdateParams(ctx context.Context, req *MsgUpdateParams) (*MsgUpdateParamsResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpdateParams not implemented") +} + +func (*UnimplementedMsgServer) + +SetSendEnabled(ctx context.Context, req *MsgSetSendEnabled) (*MsgSetSendEnabledResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method SetSendEnabled not implemented") +} + +func RegisterMsgServer(s grpc1.Server, srv MsgServer) { + s.RegisterService(&_Msg_serviceDesc, srv) +} + +func _Msg_Send_Handler(srv interface{ +}, ctx context.Context, dec func(interface{ +}) + +error, interceptor grpc.UnaryServerInterceptor) (interface{ +}, error) { + in := new(MsgSend) + if err := dec(in); err != nil { + return nil, err +} + if interceptor == nil { + return srv.(MsgServer).Send(ctx, in) +} + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/cosmos.bank.v1beta1.Msg/Send", +} + handler := func(ctx context.Context, req interface{ +}) (interface{ +}, error) { + return srv.(MsgServer).Send(ctx, req.(*MsgSend)) +} + +return interceptor(ctx, in, info, handler) +} + +func _Msg_MultiSend_Handler(srv interface{ +}, ctx context.Context, dec func(interface{ +}) + +error, interceptor grpc.UnaryServerInterceptor) (interface{ +}, error) { + in := new(MsgMultiSend) + if err := dec(in); err != nil { + return nil, err +} + if interceptor == nil { + return srv.(MsgServer).MultiSend(ctx, in) +} + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/cosmos.bank.v1beta1.Msg/MultiSend", +} + handler := func(ctx context.Context, req interface{ +}) (interface{ +}, error) { + return srv.(MsgServer).MultiSend(ctx, req.(*MsgMultiSend)) +} + +return interceptor(ctx, in, info, handler) +} + +func _Msg_UpdateParams_Handler(srv interface{ +}, ctx context.Context, dec func(interface{ +}) + +error, interceptor grpc.UnaryServerInterceptor) (interface{ +}, error) { + in := new(MsgUpdateParams) + if err := dec(in); err != nil { + return nil, err +} + if interceptor == nil { + return srv.(MsgServer).UpdateParams(ctx, in) +} + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/cosmos.bank.v1beta1.Msg/UpdateParams", +} + handler := func(ctx context.Context, req interface{ +}) (interface{ +}, error) { + return srv.(MsgServer).UpdateParams(ctx, req.(*MsgUpdateParams)) +} + +return interceptor(ctx, in, info, handler) +} + +func _Msg_SetSendEnabled_Handler(srv interface{ +}, ctx context.Context, dec func(interface{ +}) + +error, interceptor grpc.UnaryServerInterceptor) (interface{ +}, error) { + in := new(MsgSetSendEnabled) + if err := dec(in); err != nil { + return nil, err +} + if interceptor == nil { + return srv.(MsgServer).SetSendEnabled(ctx, in) +} + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/cosmos.bank.v1beta1.Msg/SetSendEnabled", +} + handler := func(ctx context.Context, req interface{ +}) (interface{ +}, error) { + return srv.(MsgServer).SetSendEnabled(ctx, req.(*MsgSetSendEnabled)) +} + +return interceptor(ctx, in, info, handler) +} + +var _Msg_serviceDesc = grpc.ServiceDesc{ + ServiceName: "cosmos.bank.v1beta1.Msg", + HandlerType: (*MsgServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Send", + Handler: _Msg_Send_Handler, +}, + { + MethodName: "MultiSend", + Handler: _Msg_MultiSend_Handler, +}, + { + MethodName: "UpdateParams", + Handler: _Msg_UpdateParams_Handler, +}, + { + MethodName: "SetSendEnabled", + Handler: _Msg_SetSendEnabled_Handler, +}, +}, + Streams: []grpc.StreamDesc{ +}, + Metadata: "cosmos/bank/v1beta1/tx.proto", +} + +func (m *MsgSend) + +Marshal() (dAtA []byte, err error) { + size := m.Size() + +dAtA = make([]byte, size) + +n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err +} + +return dAtA[:n], nil +} + +func (m *MsgSend) + +MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + +return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *MsgSend) + +MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Amount) > 0 { + for iNdEx := len(m.Amount) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Amount[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err +} + +i -= size + i = encodeVarintTx(dAtA, i, uint64(size)) +} + +i-- + dAtA[i] = 0x1a +} + +} + if len(m.ToAddress) > 0 { + i -= len(m.ToAddress) + +copy(dAtA[i:], m.ToAddress) + +i = encodeVarintTx(dAtA, i, uint64(len(m.ToAddress))) + +i-- + dAtA[i] = 0x12 +} + if len(m.FromAddress) > 0 { + i -= len(m.FromAddress) + +copy(dAtA[i:], m.FromAddress) + +i = encodeVarintTx(dAtA, i, uint64(len(m.FromAddress))) + +i-- + dAtA[i] = 0xa +} + +return len(dAtA) - i, nil +} + +func (m *MsgSendResponse) + +Marshal() (dAtA []byte, err error) { + size := m.Size() + +dAtA = make([]byte, size) + +n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err +} + +return dAtA[:n], nil +} + +func (m *MsgSendResponse) + +MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + +return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *MsgSendResponse) + +MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + return len(dAtA) - i, nil +} + +func (m *MsgMultiSend) + +Marshal() (dAtA []byte, err error) { + size := m.Size() + +dAtA = make([]byte, size) + +n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err +} + +return dAtA[:n], nil +} + +func (m *MsgMultiSend) + +MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + +return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *MsgMultiSend) + +MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Outputs) > 0 { + for iNdEx := len(m.Outputs) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Outputs[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err +} + +i -= size + i = encodeVarintTx(dAtA, i, uint64(size)) +} + +i-- + dAtA[i] = 0x12 +} + +} + if len(m.Inputs) > 0 { + for iNdEx := len(m.Inputs) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Inputs[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err +} + +i -= size + i = encodeVarintTx(dAtA, i, uint64(size)) +} + +i-- + dAtA[i] = 0xa +} + +} + +return len(dAtA) - i, nil +} + +func (m *MsgMultiSendResponse) + +Marshal() (dAtA []byte, err error) { + size := m.Size() + +dAtA = make([]byte, size) + +n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err +} + +return dAtA[:n], nil +} + +func (m *MsgMultiSendResponse) + +MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + +return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *MsgMultiSendResponse) + +MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + return len(dAtA) - i, nil +} + +func (m *MsgUpdateParams) + +Marshal() (dAtA []byte, err error) { + size := m.Size() + +dAtA = make([]byte, size) + +n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err +} + +return dAtA[:n], nil +} + +func (m *MsgUpdateParams) + +MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + +return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *MsgUpdateParams) + +MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + { + size, err := m.Params.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err +} + +i -= size + i = encodeVarintTx(dAtA, i, uint64(size)) +} + +i-- + dAtA[i] = 0x12 + if len(m.Authority) > 0 { + i -= len(m.Authority) + +copy(dAtA[i:], m.Authority) + +i = encodeVarintTx(dAtA, i, uint64(len(m.Authority))) + +i-- + dAtA[i] = 0xa +} + +return len(dAtA) - i, nil +} + +func (m *MsgUpdateParamsResponse) + +Marshal() (dAtA []byte, err error) { + size := m.Size() + +dAtA = make([]byte, size) + +n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err +} + +return dAtA[:n], nil +} + +func (m *MsgUpdateParamsResponse) + +MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + +return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *MsgUpdateParamsResponse) + +MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + return len(dAtA) - i, nil +} + +func (m *MsgSetSendEnabled) + +Marshal() (dAtA []byte, err error) { + size := m.Size() + +dAtA = make([]byte, size) + +n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err +} + +return dAtA[:n], nil +} + +func (m *MsgSetSendEnabled) + +MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + +return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *MsgSetSendEnabled) + +MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.UseDefaultFor) > 0 { + for iNdEx := len(m.UseDefaultFor) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.UseDefaultFor[iNdEx]) + +copy(dAtA[i:], m.UseDefaultFor[iNdEx]) + +i = encodeVarintTx(dAtA, i, uint64(len(m.UseDefaultFor[iNdEx]))) + +i-- + dAtA[i] = 0x1a +} + +} + if len(m.SendEnabled) > 0 { + for iNdEx := len(m.SendEnabled) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.SendEnabled[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err +} + +i -= size + i = encodeVarintTx(dAtA, i, uint64(size)) +} + +i-- + dAtA[i] = 0x12 +} + +} + if len(m.Authority) > 0 { + i -= len(m.Authority) + +copy(dAtA[i:], m.Authority) + +i = encodeVarintTx(dAtA, i, uint64(len(m.Authority))) + +i-- + dAtA[i] = 0xa +} + +return len(dAtA) - i, nil +} + +func (m *MsgSetSendEnabledResponse) + +Marshal() (dAtA []byte, err error) { + size := m.Size() + +dAtA = make([]byte, size) + +n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err +} + +return dAtA[:n], nil +} + +func (m *MsgSetSendEnabledResponse) + +MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + +return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *MsgSetSendEnabledResponse) + +MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + return len(dAtA) - i, nil +} + +func encodeVarintTx(dAtA []byte, offset int, v uint64) + +int { + offset -= sovTx(v) + base := offset + for v >= 1<<7 { + dAtA[offset] = uint8(v&0x7f | 0x80) + +v >>= 7 + offset++ +} + +dAtA[offset] = uint8(v) + +return base +} + +func (m *MsgSend) + +Size() (n int) { + if m == nil { + return 0 +} + +var l int + _ = l + l = len(m.FromAddress) + if l > 0 { + n += 1 + l + sovTx(uint64(l)) +} + +l = len(m.ToAddress) + if l > 0 { + n += 1 + l + sovTx(uint64(l)) +} + if len(m.Amount) > 0 { + for _, e := range m.Amount { + l = e.Size() + +n += 1 + l + sovTx(uint64(l)) +} + +} + +return n +} + +func (m *MsgSendResponse) + +Size() (n int) { + if m == nil { + return 0 +} + +var l int + _ = l + return n +} + +func (m *MsgMultiSend) + +Size() (n int) { + if m == nil { + return 0 +} + +var l int + _ = l + if len(m.Inputs) > 0 { + for _, e := range m.Inputs { + l = e.Size() + +n += 1 + l + sovTx(uint64(l)) +} + +} + if len(m.Outputs) > 0 { + for _, e := range m.Outputs { + l = e.Size() + +n += 1 + l + sovTx(uint64(l)) +} + +} + +return n +} + +func (m *MsgMultiSendResponse) + +Size() (n int) { + if m == nil { + return 0 +} + +var l int + _ = l + return n +} + +func (m *MsgUpdateParams) + +Size() (n int) { + if m == nil { + return 0 +} + +var l int + _ = l + l = len(m.Authority) + if l > 0 { + n += 1 + l + sovTx(uint64(l)) +} + +l = m.Params.Size() + +n += 1 + l + sovTx(uint64(l)) + +return n +} + +func (m *MsgUpdateParamsResponse) + +Size() (n int) { + if m == nil { + return 0 +} + +var l int + _ = l + return n +} + +func (m *MsgSetSendEnabled) + +Size() (n int) { + if m == nil { + return 0 +} + +var l int + _ = l + l = len(m.Authority) + if l > 0 { + n += 1 + l + sovTx(uint64(l)) +} + if len(m.SendEnabled) > 0 { + for _, e := range m.SendEnabled { + l = e.Size() + +n += 1 + l + sovTx(uint64(l)) +} + +} + if len(m.UseDefaultFor) > 0 { + for _, s := range m.UseDefaultFor { + l = len(s) + +n += 1 + l + sovTx(uint64(l)) +} + +} + +return n +} + +func (m *MsgSetSendEnabledResponse) + +Size() (n int) { + if m == nil { + return 0 +} + +var l int + _ = l + return n +} + +func sovTx(x uint64) (n int) { + return (math_bits.Len64(x|1) + 6) / 7 +} + +func sozTx(x uint64) (n int) { + return sovTx(uint64((x << 1) ^ uint64((int64(x) >> 63)))) +} + +func (m *MsgSend) + +Unmarshal(dAtA []byte) + +error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break +} + +} + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: MsgSend: wiretype end group for non-group") +} + if fieldNum <= 0 { + return fmt.Errorf("proto: MsgSend: illegal tag %d (wire type %d)", fieldNum, wire) +} + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field FromAddress", wireType) +} + +var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break +} + +} + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTx +} + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTx +} + if postIndex > l { + return io.ErrUnexpectedEOF +} + +m.FromAddress = string(dAtA[iNdEx:postIndex]) + +iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ToAddress", wireType) +} + +var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break +} + +} + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTx +} + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTx +} + if postIndex > l { + return io.ErrUnexpectedEOF +} + +m.ToAddress = string(dAtA[iNdEx:postIndex]) + +iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Amount", wireType) +} + +var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break +} + +} + if msglen < 0 { + return ErrInvalidLengthTx +} + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthTx +} + if postIndex > l { + return io.ErrUnexpectedEOF +} + +m.Amount = append(m.Amount, types.Coin{ +}) + if err := m.Amount[len(m.Amount)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err +} + +iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipTx(dAtA[iNdEx:]) + if err != nil { + return err +} + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTx +} + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF +} + +iNdEx += skippy +} + +} + if iNdEx > l { + return io.ErrUnexpectedEOF +} + +return nil +} + +func (m *MsgSendResponse) + +Unmarshal(dAtA []byte) + +error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break +} + +} + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: MsgSendResponse: wiretype end group for non-group") +} + if fieldNum <= 0 { + return fmt.Errorf("proto: MsgSendResponse: illegal tag %d (wire type %d)", fieldNum, wire) +} + switch fieldNum { + default: + iNdEx = preIndex + skippy, err := skipTx(dAtA[iNdEx:]) + if err != nil { + return err +} + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTx +} + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF +} + +iNdEx += skippy +} + +} + if iNdEx > l { + return io.ErrUnexpectedEOF +} + +return nil +} + +func (m *MsgMultiSend) + +Unmarshal(dAtA []byte) + +error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break +} + +} + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: MsgMultiSend: wiretype end group for non-group") +} + if fieldNum <= 0 { + return fmt.Errorf("proto: MsgMultiSend: illegal tag %d (wire type %d)", fieldNum, wire) +} + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Inputs", wireType) +} + +var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break +} + +} + if msglen < 0 { + return ErrInvalidLengthTx +} + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthTx +} + if postIndex > l { + return io.ErrUnexpectedEOF +} + +m.Inputs = append(m.Inputs, Input{ +}) + if err := m.Inputs[len(m.Inputs)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err +} + +iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Outputs", wireType) +} + +var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break +} + +} + if msglen < 0 { + return ErrInvalidLengthTx +} + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthTx +} + if postIndex > l { + return io.ErrUnexpectedEOF +} + +m.Outputs = append(m.Outputs, Output{ +}) + if err := m.Outputs[len(m.Outputs)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err +} + +iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipTx(dAtA[iNdEx:]) + if err != nil { + return err +} + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTx +} + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF +} + +iNdEx += skippy +} + +} + if iNdEx > l { + return io.ErrUnexpectedEOF +} + +return nil +} + +func (m *MsgMultiSendResponse) + +Unmarshal(dAtA []byte) + +error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break +} + +} + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: MsgMultiSendResponse: wiretype end group for non-group") +} + if fieldNum <= 0 { + return fmt.Errorf("proto: MsgMultiSendResponse: illegal tag %d (wire type %d)", fieldNum, wire) +} + switch fieldNum { + default: + iNdEx = preIndex + skippy, err := skipTx(dAtA[iNdEx:]) + if err != nil { + return err +} + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTx +} + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF +} + +iNdEx += skippy +} + +} + if iNdEx > l { + return io.ErrUnexpectedEOF +} + +return nil +} + +func (m *MsgUpdateParams) + +Unmarshal(dAtA []byte) + +error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break +} + +} + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: MsgUpdateParams: wiretype end group for non-group") +} + if fieldNum <= 0 { + return fmt.Errorf("proto: MsgUpdateParams: illegal tag %d (wire type %d)", fieldNum, wire) +} + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Authority", wireType) +} + +var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break +} + +} + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTx +} + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTx +} + if postIndex > l { + return io.ErrUnexpectedEOF +} + +m.Authority = string(dAtA[iNdEx:postIndex]) + +iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Params", wireType) +} + +var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break +} + +} + if msglen < 0 { + return ErrInvalidLengthTx +} + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthTx +} + if postIndex > l { + return io.ErrUnexpectedEOF +} + if err := m.Params.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err +} + +iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipTx(dAtA[iNdEx:]) + if err != nil { + return err +} + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTx +} + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF +} + +iNdEx += skippy +} + +} + if iNdEx > l { + return io.ErrUnexpectedEOF +} + +return nil +} + +func (m *MsgUpdateParamsResponse) + +Unmarshal(dAtA []byte) + +error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break +} + +} + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: MsgUpdateParamsResponse: wiretype end group for non-group") +} + if fieldNum <= 0 { + return fmt.Errorf("proto: MsgUpdateParamsResponse: illegal tag %d (wire type %d)", fieldNum, wire) +} + switch fieldNum { + default: + iNdEx = preIndex + skippy, err := skipTx(dAtA[iNdEx:]) + if err != nil { + return err +} + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTx +} + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF +} + +iNdEx += skippy +} + +} + if iNdEx > l { + return io.ErrUnexpectedEOF +} + +return nil +} + +func (m *MsgSetSendEnabled) + +Unmarshal(dAtA []byte) + +error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break +} + +} + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: MsgSetSendEnabled: wiretype end group for non-group") +} + if fieldNum <= 0 { + return fmt.Errorf("proto: MsgSetSendEnabled: illegal tag %d (wire type %d)", fieldNum, wire) +} + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Authority", wireType) +} + +var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break +} + +} + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTx +} + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTx +} + if postIndex > l { + return io.ErrUnexpectedEOF +} + +m.Authority = string(dAtA[iNdEx:postIndex]) + +iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SendEnabled", wireType) +} + +var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break +} + +} + if msglen < 0 { + return ErrInvalidLengthTx +} + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthTx +} + if postIndex > l { + return io.ErrUnexpectedEOF +} + +m.SendEnabled = append(m.SendEnabled, &SendEnabled{ +}) + if err := m.SendEnabled[len(m.SendEnabled)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err +} + +iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UseDefaultFor", wireType) +} + +var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break +} + +} + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTx +} + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTx +} + if postIndex > l { + return io.ErrUnexpectedEOF +} + +m.UseDefaultFor = append(m.UseDefaultFor, string(dAtA[iNdEx:postIndex])) + +iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipTx(dAtA[iNdEx:]) + if err != nil { + return err +} + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTx +} + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF +} + +iNdEx += skippy +} + +} + if iNdEx > l { + return io.ErrUnexpectedEOF +} + +return nil +} + +func (m *MsgSetSendEnabledResponse) + +Unmarshal(dAtA []byte) + +error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break +} + +} + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: MsgSetSendEnabledResponse: wiretype end group for non-group") +} + if fieldNum <= 0 { + return fmt.Errorf("proto: MsgSetSendEnabledResponse: illegal tag %d (wire type %d)", fieldNum, wire) +} + switch fieldNum { + default: + iNdEx = preIndex + skippy, err := skipTx(dAtA[iNdEx:]) + if err != nil { + return err +} + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTx +} + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF +} + +iNdEx += skippy +} + +} + if iNdEx > l { + return io.ErrUnexpectedEOF +} + +return nil +} + +func skipTx(dAtA []byte) (n int, err error) { + l := len(dAtA) + iNdEx := 0 + depth := 0 + for iNdEx < l { + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowTx +} + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break +} + +} + wireType := int(wire & 0x7) + switch wireType { + case 0: + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowTx +} + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF +} + +iNdEx++ + if dAtA[iNdEx-1] < 0x80 { + break +} + +} + case 1: + iNdEx += 8 + case 2: + var length int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowTx +} + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + length |= (int(b) & 0x7F) << shift + if b < 0x80 { + break +} + +} + if length < 0 { + return 0, ErrInvalidLengthTx +} + +iNdEx += length + case 3: + depth++ + case 4: + if depth == 0 { + return 0, ErrUnexpectedEndOfGroupTx +} + +depth-- + case 5: + iNdEx += 4 + default: + return 0, fmt.Errorf("proto: illegal wireType %d", wireType) +} + if iNdEx < 0 { + return 0, ErrInvalidLengthTx +} + if depth == 0 { + return iNdEx, nil +} + +} + +return 0, io.ErrUnexpectedEOF +} + +var ( + ErrInvalidLengthTx = fmt.Errorf("proto: negative length found during unmarshaling") + +ErrIntOverflowTx = fmt.Errorf("proto: integer overflow") + +ErrUnexpectedEndOfGroupTx = fmt.Errorf("proto: unexpected end of group") +) +``` + +When possible, the existing module's [`Keeper`](/docs/sdk/vnext/build/building-modules/keeper) should implement `MsgServer`, otherwise a `msgServer` struct that embeds the `Keeper` can be created, typically in `./keeper/msg_server.go`: + +```go expandable +package keeper + +import ( + + "context" + "github.com/armon/go-metrics" + + errorsmod "cosmossdk.io/errors" + "github.com/cosmos/cosmos-sdk/telemetry" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/cosmos/cosmos-sdk/x/bank/types" + govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" +) + +type msgServer struct { + Keeper +} + +var _ types.MsgServer = msgServer{ +} + +// NewMsgServerImpl returns an implementation of the bank MsgServer interface +// for the provided Keeper. +func NewMsgServerImpl(keeper Keeper) + +types.MsgServer { + return &msgServer{ + Keeper: keeper +} +} + +func (k msgServer) + +Send(goCtx context.Context, msg *types.MsgSend) (*types.MsgSendResponse, error) { + var ( + from, to []byte + err error + ) + if base, ok := k.Keeper.(BaseKeeper); ok { + from, err = base.ak.AddressCodec().StringToBytes(msg.FromAddress) + if err != nil { + return nil, sdkerrors.ErrInvalidAddress.Wrapf("invalid from address: %s", err) +} + +to, err = base.ak.AddressCodec().StringToBytes(msg.ToAddress) + if err != nil { + return nil, sdkerrors.ErrInvalidAddress.Wrapf("invalid to address: %s", err) +} + +} + +else { + return nil, sdkerrors.ErrInvalidRequest.Wrapf("invalid keeper type: %T", k.Keeper) +} + if !msg.Amount.IsValid() { + return nil, errorsmod.Wrap(sdkerrors.ErrInvalidCoins, msg.Amount.String()) +} + if !msg.Amount.IsAllPositive() { + return nil, errorsmod.Wrap(sdkerrors.ErrInvalidCoins, msg.Amount.String()) +} + ctx := sdk.UnwrapSDKContext(goCtx) + if err := k.IsSendEnabledCoins(ctx, msg.Amount...); err != nil { + return nil, err +} + if k.BlockedAddr(to) { + return nil, errorsmod.Wrapf(sdkerrors.ErrUnauthorized, "%s is not allowed to receive funds", msg.ToAddress) +} + +err = k.SendCoins(ctx, from, to, msg.Amount) + if err != nil { + return nil, err +} + +defer func() { + for _, a := range msg.Amount { + if a.Amount.IsInt64() { + telemetry.SetGaugeWithLabels( + []string{"tx", "msg", "send" +}, + float32(a.Amount.Int64()), + []metrics.Label{ + telemetry.NewLabel("denom", a.Denom) +}, + ) +} + +} + +}() + +return &types.MsgSendResponse{ +}, nil +} + +func (k msgServer) + +MultiSend(goCtx context.Context, msg *types.MsgMultiSend) (*types.MsgMultiSendResponse, error) { + if len(msg.Inputs) == 0 { + return nil, types.ErrNoInputs +} + if len(msg.Inputs) != 1 { + return nil, types.ErrMultipleSenders +} + if len(msg.Outputs) == 0 { + return nil, types.ErrNoOutputs +} + if err := types.ValidateInputOutputs(msg.Inputs[0], msg.Outputs); err != nil { + return nil, err +} + ctx := sdk.UnwrapSDKContext(goCtx) + + // NOTE: totalIn == totalOut should already have been checked + for _, in := range msg.Inputs { + if err := k.IsSendEnabledCoins(ctx, in.Coins...); err != nil { + return nil, err +} + +} + for _, out := range msg.Outputs { + if base, ok := k.Keeper.(BaseKeeper); ok { + accAddr, err := base.ak.AddressCodec().StringToBytes(out.Address) + if err != nil { + return nil, err +} + if k.BlockedAddr(accAddr) { + return nil, errorsmod.Wrapf(sdkerrors.ErrUnauthorized, "%s is not allowed to receive funds", out.Address) +} + +} + +else { + return nil, sdkerrors.ErrInvalidRequest.Wrapf("invalid keeper type: %T", k.Keeper) +} + +} + err := k.InputOutputCoins(ctx, msg.Inputs[0], msg.Outputs) + if err != nil { + return nil, err +} + +return &types.MsgMultiSendResponse{ +}, nil +} + +func (k msgServer) + +UpdateParams(goCtx context.Context, req *types.MsgUpdateParams) (*types.MsgUpdateParamsResponse, error) { + if k.GetAuthority() != req.Authority { + return nil, errorsmod.Wrapf(govtypes.ErrInvalidSigner, "invalid authority; expected %s, got %s", k.GetAuthority(), req.Authority) +} + if err := req.Params.Validate(); err != nil { + return nil, err +} + ctx := sdk.UnwrapSDKContext(goCtx) + if err := k.SetParams(ctx, req.Params); err != nil { + return nil, err +} + +return &types.MsgUpdateParamsResponse{ +}, nil +} + +func (k msgServer) + +SetSendEnabled(goCtx context.Context, msg *types.MsgSetSendEnabled) (*types.MsgSetSendEnabledResponse, error) { + if k.GetAuthority() != msg.Authority { + return nil, errorsmod.Wrapf(govtypes.ErrInvalidSigner, "invalid authority; expected %s, got %s", k.GetAuthority(), msg.Authority) +} + seen := map[string]bool{ +} + for _, se := range msg.SendEnabled { + if _, alreadySeen := seen[se.Denom]; alreadySeen { + return nil, sdkerrors.ErrInvalidRequest.Wrapf("duplicate denom entries found for %q", se.Denom) +} + +seen[se.Denom] = true + if err := se.Validate(); err != nil { + return nil, sdkerrors.ErrInvalidRequest.Wrapf("invalid SendEnabled denom %q: %s", se.Denom, err) +} + +} + for _, denom := range msg.UseDefaultFor { + if err := sdk.ValidateDenom(denom); err != nil { + return nil, sdkerrors.ErrInvalidRequest.Wrapf("invalid UseDefaultFor denom %q: %s", denom, err) +} + +} + ctx := sdk.UnwrapSDKContext(goCtx) + if len(msg.SendEnabled) > 0 { + k.SetAllSendEnabled(ctx, msg.SendEnabled) +} + if len(msg.UseDefaultFor) > 0 { + k.DeleteSendEnabled(ctx, msg.UseDefaultFor...) +} + +return &types.MsgSetSendEnabledResponse{ +}, nil +} +``` + +`msgServer` methods can retrieve the `sdk.Context` from the `context.Context` parameter using the `sdk.UnwrapSDKContext` method: + +```go expandable +package keeper + +import ( + + "context" + "github.com/armon/go-metrics" + + errorsmod "cosmossdk.io/errors" + "github.com/cosmos/cosmos-sdk/telemetry" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/cosmos/cosmos-sdk/x/bank/types" + govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" +) + +type msgServer struct { + Keeper +} + +var _ types.MsgServer = msgServer{ +} + +// NewMsgServerImpl returns an implementation of the bank MsgServer interface +// for the provided Keeper. +func NewMsgServerImpl(keeper Keeper) + +types.MsgServer { + return &msgServer{ + Keeper: keeper +} +} + +func (k msgServer) + +Send(goCtx context.Context, msg *types.MsgSend) (*types.MsgSendResponse, error) { + var ( + from, to []byte + err error + ) + if base, ok := k.Keeper.(BaseKeeper); ok { + from, err = base.ak.AddressCodec().StringToBytes(msg.FromAddress) + if err != nil { + return nil, sdkerrors.ErrInvalidAddress.Wrapf("invalid from address: %s", err) +} + +to, err = base.ak.AddressCodec().StringToBytes(msg.ToAddress) + if err != nil { + return nil, sdkerrors.ErrInvalidAddress.Wrapf("invalid to address: %s", err) +} + +} + +else { + return nil, sdkerrors.ErrInvalidRequest.Wrapf("invalid keeper type: %T", k.Keeper) +} + if !msg.Amount.IsValid() { + return nil, errorsmod.Wrap(sdkerrors.ErrInvalidCoins, msg.Amount.String()) +} + if !msg.Amount.IsAllPositive() { + return nil, errorsmod.Wrap(sdkerrors.ErrInvalidCoins, msg.Amount.String()) +} + ctx := sdk.UnwrapSDKContext(goCtx) + if err := k.IsSendEnabledCoins(ctx, msg.Amount...); err != nil { + return nil, err +} + if k.BlockedAddr(to) { + return nil, errorsmod.Wrapf(sdkerrors.ErrUnauthorized, "%s is not allowed to receive funds", msg.ToAddress) +} + +err = k.SendCoins(ctx, from, to, msg.Amount) + if err != nil { + return nil, err +} + +defer func() { + for _, a := range msg.Amount { + if a.Amount.IsInt64() { + telemetry.SetGaugeWithLabels( + []string{"tx", "msg", "send" +}, + float32(a.Amount.Int64()), + []metrics.Label{ + telemetry.NewLabel("denom", a.Denom) +}, + ) +} + +} + +}() + +return &types.MsgSendResponse{ +}, nil +} + +func (k msgServer) + +MultiSend(goCtx context.Context, msg *types.MsgMultiSend) (*types.MsgMultiSendResponse, error) { + if len(msg.Inputs) == 0 { + return nil, types.ErrNoInputs +} + if len(msg.Inputs) != 1 { + return nil, types.ErrMultipleSenders +} + if len(msg.Outputs) == 0 { + return nil, types.ErrNoOutputs +} + if err := types.ValidateInputOutputs(msg.Inputs[0], msg.Outputs); err != nil { + return nil, err +} + ctx := sdk.UnwrapSDKContext(goCtx) + + // NOTE: totalIn == totalOut should already have been checked + for _, in := range msg.Inputs { + if err := k.IsSendEnabledCoins(ctx, in.Coins...); err != nil { + return nil, err +} + +} + for _, out := range msg.Outputs { + if base, ok := k.Keeper.(BaseKeeper); ok { + accAddr, err := base.ak.AddressCodec().StringToBytes(out.Address) + if err != nil { + return nil, err +} + if k.BlockedAddr(accAddr) { + return nil, errorsmod.Wrapf(sdkerrors.ErrUnauthorized, "%s is not allowed to receive funds", out.Address) +} + +} + +else { + return nil, sdkerrors.ErrInvalidRequest.Wrapf("invalid keeper type: %T", k.Keeper) +} + +} + err := k.InputOutputCoins(ctx, msg.Inputs[0], msg.Outputs) + if err != nil { + return nil, err +} + +return &types.MsgMultiSendResponse{ +}, nil +} + +func (k msgServer) + +UpdateParams(goCtx context.Context, req *types.MsgUpdateParams) (*types.MsgUpdateParamsResponse, error) { + if k.GetAuthority() != req.Authority { + return nil, errorsmod.Wrapf(govtypes.ErrInvalidSigner, "invalid authority; expected %s, got %s", k.GetAuthority(), req.Authority) +} + if err := req.Params.Validate(); err != nil { + return nil, err +} + ctx := sdk.UnwrapSDKContext(goCtx) + if err := k.SetParams(ctx, req.Params); err != nil { + return nil, err +} + +return &types.MsgUpdateParamsResponse{ +}, nil +} + +func (k msgServer) + +SetSendEnabled(goCtx context.Context, msg *types.MsgSetSendEnabled) (*types.MsgSetSendEnabledResponse, error) { + if k.GetAuthority() != msg.Authority { + return nil, errorsmod.Wrapf(govtypes.ErrInvalidSigner, "invalid authority; expected %s, got %s", k.GetAuthority(), msg.Authority) +} + seen := map[string]bool{ +} + for _, se := range msg.SendEnabled { + if _, alreadySeen := seen[se.Denom]; alreadySeen { + return nil, sdkerrors.ErrInvalidRequest.Wrapf("duplicate denom entries found for %q", se.Denom) +} + +seen[se.Denom] = true + if err := se.Validate(); err != nil { + return nil, sdkerrors.ErrInvalidRequest.Wrapf("invalid SendEnabled denom %q: %s", se.Denom, err) +} + +} + for _, denom := range msg.UseDefaultFor { + if err := sdk.ValidateDenom(denom); err != nil { + return nil, sdkerrors.ErrInvalidRequest.Wrapf("invalid UseDefaultFor denom %q: %s", denom, err) +} + +} + ctx := sdk.UnwrapSDKContext(goCtx) + if len(msg.SendEnabled) > 0 { + k.SetAllSendEnabled(ctx, msg.SendEnabled) +} + if len(msg.UseDefaultFor) > 0 { + k.DeleteSendEnabled(ctx, msg.UseDefaultFor...) +} + +return &types.MsgSetSendEnabledResponse{ +}, nil +} +``` + +`sdk.Msg` processing usually follows these 3 steps: + +### Validation + +The message server must perform all validation required (both *stateful* and *stateless*) to make sure the `message` is valid. +The `signer` is charged for the gas cost of this validation. + +For example, a `msgServer` method for a `transfer` message should check that the sending account has enough funds to actually perform the transfer. + +It is recommended to implement all validation checks in a separate function that passes state values as arguments. This implementation simplifies testing. As expected, expensive validation functions charge additional gas. Example: + +```go +ValidateMsgA(msg MsgA, now Time, gm GasMeter) + +error { + if now.Before(msg.Expire) { + return sdkerrors.ErrInvalidRequest.Wrap("msg expired") +} + +gm.ConsumeGas(1000, "signature verification") + +return signatureVerification(msg.Prover, msg.Data) +} +``` + + +Previously, the `ValidateBasic` method was used to perform simple and stateless validation checks. +This way of validating is deprecated, this means the `msgServer` must perform all validation checks. + + +### State Transition + +After the validation is successful, the `msgServer` method uses the [`keeper`](/docs/sdk/vnext/build/building-modules/keeper) functions to access the state and perform a state transition. + +### Events + +Before returning, `msgServer` methods generally emit one or more [events](/docs/sdk/vnext/learn/advanced/events) by using the `EventManager` held in the `ctx`. Use the new `EmitTypedEvent` function that uses protobuf-based event types: + +```go +ctx.EventManager().EmitTypedEvent( + &group.EventABC{ + Key1: Value1, Key2: Value2 +}) +``` + +or the older `EmitEvent` function: + +```go +ctx.EventManager().EmitEvent( + sdk.NewEvent( + eventType, // e.g. sdk.EventTypeMessage for a message, types.CustomEventType for a custom event defined in the module + sdk.NewAttribute(key1, value1), + sdk.NewAttribute(key2, value2), + ), +) +``` + +These events are relayed back to the underlying consensus engine and can be used by service providers to implement services around the application. Click [here](/docs/sdk/vnext/learn/advanced/events) to learn more about events. + +The invoked `msgServer` method returns a `proto.Message` response and an `error`. These return values are then wrapped into an `*sdk.Result` or an `error` using `sdk.WrapServiceResult(ctx context.Context, res proto.Message, err error)`: + +```go expandable +package baseapp + +import ( + + "context" + "fmt" + + gogogrpc "github.com/cosmos/gogoproto/grpc" + "github.com/cosmos/gogoproto/proto" + "google.golang.org/grpc" + + errorsmod "cosmossdk.io/errors" + + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" +) + +// MessageRouter ADR 031 request type routing +// https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-031-msg-service.md +type MessageRouter interface { + Handler(msg sdk.Msg) + +MsgServiceHandler + HandlerByTypeURL(typeURL string) + +MsgServiceHandler +} + +// MsgServiceRouter routes fully-qualified Msg service methods to their handler. +type MsgServiceRouter struct { + interfaceRegistry codectypes.InterfaceRegistry + routes map[string]MsgServiceHandler + circuitBreaker CircuitBreaker +} + +var _ gogogrpc.Server = &MsgServiceRouter{ +} + +// NewMsgServiceRouter creates a new MsgServiceRouter. +func NewMsgServiceRouter() *MsgServiceRouter { + return &MsgServiceRouter{ + routes: map[string]MsgServiceHandler{ +}, +} +} + +func (msr *MsgServiceRouter) + +SetCircuit(cb CircuitBreaker) { + msr.circuitBreaker = cb +} + +// MsgServiceHandler defines a function type which handles Msg service message. +type MsgServiceHandler = func(ctx sdk.Context, req sdk.Msg) (*sdk.Result, error) + +// Handler returns the MsgServiceHandler for a given msg or nil if not found. +func (msr *MsgServiceRouter) + +Handler(msg sdk.Msg) + +MsgServiceHandler { + return msr.routes[sdk.MsgTypeURL(msg)] +} + +// HandlerByTypeURL returns the MsgServiceHandler for a given query route path or nil +// if not found. +func (msr *MsgServiceRouter) + +HandlerByTypeURL(typeURL string) + +MsgServiceHandler { + return msr.routes[typeURL] +} + +// RegisterService implements the gRPC Server.RegisterService method. sd is a gRPC +// service description, handler is an object which implements that gRPC service. +// +// This function PANICs: +// - if it is called before the service `Msg`s have been registered using +// RegisterInterfaces, +// - or if a service is being registered twice. +func (msr *MsgServiceRouter) + +RegisterService(sd *grpc.ServiceDesc, handler interface{ +}) { + // Adds a top-level query handler based on the gRPC service name. + for _, method := range sd.Methods { + fqMethod := fmt.Sprintf("/%s/%s", sd.ServiceName, method.MethodName) + methodHandler := method.Handler + + var requestTypeName string + + // NOTE: This is how we pull the concrete request type for each handler for registering in the InterfaceRegistry. + // This approach is maybe a bit hacky, but less hacky than reflecting on the handler object itself. + // We use a no-op interceptor to avoid actually calling into the handler itself. + _, _ = methodHandler(nil, context.Background(), func(i interface{ +}) + +error { + msg, ok := i.(sdk.Msg) + if !ok { + // We panic here because there is no other alternative and the app cannot be initialized correctly + // this should only happen if there is a problem with code generation in which case the app won't + // work correctly anyway. + panic(fmt.Errorf("unable to register service method %s: %T does not implement sdk.Msg", fqMethod, i)) +} + +requestTypeName = sdk.MsgTypeURL(msg) + +return nil +}, noopInterceptor) + + // Check that the service Msg fully-qualified method name has already + // been registered (via RegisterInterfaces). If the user registers a + // service without registering according service Msg type, there might be + // some unexpected behavior down the road. Since we can't return an error + // (`Server.RegisterService` interface restriction) + +we panic (at startup). + reqType, err := msr.interfaceRegistry.Resolve(requestTypeName) + if err != nil || reqType == nil { + panic( + fmt.Errorf( + "type_url %s has not been registered yet. "+ + "Before calling RegisterService, you must register all interfaces by calling the `RegisterInterfaces` "+ + "method on module.BasicManager. Each module should call `msgservice.RegisterMsgServiceDesc` inside its "+ + "`RegisterInterfaces` method with the `_Msg_serviceDesc` generated by proto-gen", + requestTypeName, + ), + ) +} + + // Check that each service is only registered once. If a service is + // registered more than once, then we should error. Since we can't + // return an error (`Server.RegisterService` interface restriction) + +we + // panic (at startup). + _, found := msr.routes[requestTypeName] + if found { + panic( + fmt.Errorf( + "msg service %s has already been registered. Please make sure to only register each service once. "+ + "This usually means that there are conflicting modules registering the same msg service", + fqMethod, + ), + ) +} + +msr.routes[requestTypeName] = func(ctx sdk.Context, msg sdk.Msg) (*sdk.Result, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + interceptor := func(goCtx context.Context, _ interface{ +}, _ *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{ +}, error) { + goCtx = context.WithValue(goCtx, sdk.SdkContextKey, ctx) + +return handler(goCtx, msg) +} + if m, ok := msg.(sdk.HasValidateBasic); ok { + if err := m.ValidateBasic(); err != nil { + return nil, err +} + +} + if msr.circuitBreaker != nil { + msgURL := sdk.MsgTypeURL(msg) + +isAllowed, err := msr.circuitBreaker.IsAllowed(ctx, msgURL) + if err != nil { + return nil, err +} + if !isAllowed { + return nil, fmt.Errorf("circuit breaker disables execution of this message: %s", msgURL) +} + +} + + // Call the method handler from the service description with the handler object. + // We don't do any decoding here because the decoding was already done. + res, err := methodHandler(handler, ctx, noopDecoder, interceptor) + if err != nil { + return nil, err +} + +resMsg, ok := res.(proto.Message) + if !ok { + return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidType, "Expecting proto.Message, got %T", resMsg) +} + +return sdk.WrapServiceResult(ctx, resMsg, err) +} + +} +} + +// SetInterfaceRegistry sets the interface registry for the router. +func (msr *MsgServiceRouter) + +SetInterfaceRegistry(interfaceRegistry codectypes.InterfaceRegistry) { + msr.interfaceRegistry = interfaceRegistry +} + +func noopDecoder(_ interface{ +}) + +error { + return nil +} + +func noopInterceptor(_ context.Context, _ interface{ +}, _ *grpc.UnaryServerInfo, _ grpc.UnaryHandler) (interface{ +}, error) { + return nil, nil +} +``` + +This method takes care of marshaling the `res` parameter to protobuf and attaching any events on the `ctx.EventManager()` to the `sdk.Result`. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/proto/cosmos/base/abci/v1beta1/abci.proto#L93-L113 +``` + +This diagram shows a typical structure of a Protobuf `Msg` service, and how the message propagates through the module. + +![Transaction flow](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/transaction_flow.svg) + +## Telemetry + +New [telemetry metrics](/docs/sdk/vnext/learn/advanced/telemetry) can be created from `msgServer` methods when handling messages. + +This is an example from the `x/auth/vesting` module: + +```go expandable +package vesting + +import ( + + "context" + "github.com/armon/go-metrics" + + errorsmod "cosmossdk.io/errors" + "github.com/cosmos/cosmos-sdk/telemetry" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/cosmos/cosmos-sdk/x/auth/keeper" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + "github.com/cosmos/cosmos-sdk/x/auth/vesting/types" +) + +type msgServer struct { + keeper.AccountKeeper + types.BankKeeper +} + +// NewMsgServerImpl returns an implementation of the vesting MsgServer interface, +// wrapping the corresponding AccountKeeper and BankKeeper. +func NewMsgServerImpl(k keeper.AccountKeeper, bk types.BankKeeper) + +types.MsgServer { + return &msgServer{ + AccountKeeper: k, + BankKeeper: bk +} +} + +var _ types.MsgServer = msgServer{ +} + +func (s msgServer) + +CreateVestingAccount(goCtx context.Context, msg *types.MsgCreateVestingAccount) (*types.MsgCreateVestingAccountResponse, error) { + from, err := s.AccountKeeper.AddressCodec().StringToBytes(msg.FromAddress) + if err != nil { + return nil, sdkerrors.ErrInvalidAddress.Wrapf("invalid 'from' address: %s", err) +} + +to, err := s.AccountKeeper.AddressCodec().StringToBytes(msg.ToAddress) + if err != nil { + return nil, sdkerrors.ErrInvalidAddress.Wrapf("invalid 'to' address: %s", err) +} + if err := validateAmount(msg.Amount); err != nil { + return nil, err +} + if msg.EndTime <= 0 { + return nil, errorsmod.Wrap(sdkerrors.ErrInvalidRequest, "invalid end time") +} + ctx := sdk.UnwrapSDKContext(goCtx) + if err := s.BankKeeper.IsSendEnabledCoins(ctx, msg.Amount...); err != nil { + return nil, err +} + if s.BankKeeper.BlockedAddr(to) { + return nil, errorsmod.Wrapf(sdkerrors.ErrUnauthorized, "%s is not allowed to receive funds", msg.ToAddress) +} + if acc := s.AccountKeeper.GetAccount(ctx, to); acc != nil { + return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidRequest, "account %s already exists", msg.ToAddress) +} + baseAccount := authtypes.NewBaseAccountWithAddress(to) + +baseAccount = s.AccountKeeper.NewAccount(ctx, baseAccount).(*authtypes.BaseAccount) + baseVestingAccount := types.NewBaseVestingAccount(baseAccount, msg.Amount.Sort(), msg.EndTime) + +var vestingAccount sdk.AccountI + if msg.Delayed { + vestingAccount = types.NewDelayedVestingAccountRaw(baseVestingAccount) +} + +else { + vestingAccount = types.NewContinuousVestingAccountRaw(baseVestingAccount, ctx.BlockTime().Unix()) +} + +s.AccountKeeper.SetAccount(ctx, vestingAccount) + +defer func() { + telemetry.IncrCounter(1, "new", "account") + for _, a := range msg.Amount { + if a.Amount.IsInt64() { + telemetry.SetGaugeWithLabels( + []string{"tx", "msg", "create_vesting_account" +}, + float32(a.Amount.Int64()), + []metrics.Label{ + telemetry.NewLabel("denom", a.Denom) +}, + ) +} + +} + +}() + if err = s.BankKeeper.SendCoins(ctx, from, to, msg.Amount); err != nil { + return nil, err +} + +return &types.MsgCreateVestingAccountResponse{ +}, nil +} + +func (s msgServer) + +CreatePermanentLockedAccount(goCtx context.Context, msg *types.MsgCreatePermanentLockedAccount) (*types.MsgCreatePermanentLockedAccountResponse, error) { + from, err := s.AccountKeeper.AddressCodec().StringToBytes(msg.FromAddress) + if err != nil { + return nil, sdkerrors.ErrInvalidAddress.Wrapf("invalid 'from' address: %s", err) +} + +to, err := s.AccountKeeper.AddressCodec().StringToBytes(msg.ToAddress) + if err != nil { + return nil, sdkerrors.ErrInvalidAddress.Wrapf("invalid 'to' address: %s", err) +} + if err := validateAmount(msg.Amount); err != nil { + return nil, err +} + ctx := sdk.UnwrapSDKContext(goCtx) + if err := s.BankKeeper.IsSendEnabledCoins(ctx, msg.Amount...); err != nil { + return nil, err +} + if s.BankKeeper.BlockedAddr(to) { + return nil, errorsmod.Wrapf(sdkerrors.ErrUnauthorized, "%s is not allowed to receive funds", msg.ToAddress) +} + if acc := s.AccountKeeper.GetAccount(ctx, to); acc != nil { + return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidRequest, "account %s already exists", msg.ToAddress) +} + baseAccount := authtypes.NewBaseAccountWithAddress(to) + +baseAccount = s.AccountKeeper.NewAccount(ctx, baseAccount).(*authtypes.BaseAccount) + vestingAccount := types.NewPermanentLockedAccount(baseAccount, msg.Amount) + +s.AccountKeeper.SetAccount(ctx, vestingAccount) + +defer func() { + telemetry.IncrCounter(1, "new", "account") + for _, a := range msg.Amount { + if a.Amount.IsInt64() { + telemetry.SetGaugeWithLabels( + []string{"tx", "msg", "create_permanent_locked_account" +}, + float32(a.Amount.Int64()), + []metrics.Label{ + telemetry.NewLabel("denom", a.Denom) +}, + ) +} + +} + +}() + if err = s.BankKeeper.SendCoins(ctx, from, to, msg.Amount); err != nil { + return nil, err +} + +return &types.MsgCreatePermanentLockedAccountResponse{ +}, nil +} + +func (s msgServer) + +CreatePeriodicVestingAccount(goCtx context.Context, msg *types.MsgCreatePeriodicVestingAccount) (*types.MsgCreatePeriodicVestingAccountResponse, error) { + from, err := s.AccountKeeper.AddressCodec().StringToBytes(msg.FromAddress) + if err != nil { + return nil, sdkerrors.ErrInvalidAddress.Wrapf("invalid 'from' address: %s", err) +} + +to, err := s.AccountKeeper.AddressCodec().StringToBytes(msg.ToAddress) + if err != nil { + return nil, sdkerrors.ErrInvalidAddress.Wrapf("invalid 'to' address: %s", err) +} + if msg.StartTime < 1 { + return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidRequest, "invalid start time of %d, length must be greater than 0", msg.StartTime) +} + +var totalCoins sdk.Coins + for i, period := range msg.VestingPeriods { + if period.Length < 1 { + return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidRequest, "invalid period length of %d in period %d, length must be greater than 0", period.Length, i) +} + +totalCoins = totalCoins.Add(period.Amount...) +} + ctx := sdk.UnwrapSDKContext(goCtx) + if acc := s.AccountKeeper.GetAccount(ctx, to); acc != nil { + return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidRequest, "account %s already exists", msg.ToAddress) +} + if err := s.BankKeeper.IsSendEnabledCoins(ctx, totalCoins...); err != nil { + return nil, err +} + baseAccount := authtypes.NewBaseAccountWithAddress(to) + +baseAccount = s.AccountKeeper.NewAccount(ctx, baseAccount).(*authtypes.BaseAccount) + vestingAccount := types.NewPeriodicVestingAccount(baseAccount, totalCoins.Sort(), msg.StartTime, msg.VestingPeriods) + +s.AccountKeeper.SetAccount(ctx, vestingAccount) + +defer func() { + telemetry.IncrCounter(1, "new", "account") + for _, a := range totalCoins { + if a.Amount.IsInt64() { + telemetry.SetGaugeWithLabels( + []string{"tx", "msg", "create_periodic_vesting_account" +}, + float32(a.Amount.Int64()), + []metrics.Label{ + telemetry.NewLabel("denom", a.Denom) +}, + ) +} + +} + +}() + if err = s.BankKeeper.SendCoins(ctx, from, to, totalCoins); err != nil { + return nil, err +} + +return &types.MsgCreatePeriodicVestingAccountResponse{ +}, nil +} + +func validateAmount(amount sdk.Coins) + +error { + if !amount.IsValid() { + return sdkerrors.ErrInvalidCoins.Wrap(amount.String()) +} + if !amount.IsAllPositive() { + return sdkerrors.ErrInvalidCoins.Wrap(amount.String()) +} + +return nil +} +``` diff --git a/docs/sdk/next/build/building-modules/preblock.mdx b/docs/sdk/next/build/building-modules/preblock.mdx new file mode 100644 index 00000000..eda597b5 --- /dev/null +++ b/docs/sdk/next/build/building-modules/preblock.mdx @@ -0,0 +1,31 @@ +--- +title: PreBlocker +--- + +**Synopsis** +`PreBlocker` is an optional method module developers can implement in their module. They will be triggered before [`BeginBlock`](/docs/sdk/vnext/learn/advanced/baseapp#beginblock). + + + +**Pre-requisite Readings** + +* [Module Manager](/docs/sdk/vnext/build/building-modules/module-manager) + + + +## PreBlocker + +There are two semantics around the new lifecycle method: + +* It runs before the `BeginBlocker` of all modules +* It can modify consensus parameters in storage, and signal the caller through the return value. + +When it returns `ConsensusParamsChanged=true`, the caller must refresh the consensus parameters in the deliver context: + +``` +app.finalizeBlockState.ctx = app.finalizeBlockState.ctx.WithConsensusParams(app.GetConsensusParams()) +``` + +The new ctx must be passed to all the other lifecycle methods. + +{/* TODO: leaving this here to update docs with core api changes */} diff --git a/docs/sdk/next/build/building-modules/protobuf-annotations.mdx b/docs/sdk/next/build/building-modules/protobuf-annotations.mdx new file mode 100644 index 00000000..7e314c61 --- /dev/null +++ b/docs/sdk/next/build/building-modules/protobuf-annotations.mdx @@ -0,0 +1,131 @@ +--- +title: ProtocolBuffer Annotations +description: >- + This document explains the various protobuf scalars that have been added to + make working with protobuf easier for Cosmos SDK application developers +--- +This document explains the various protobuf scalars that have been added to make working with protobuf easier for Cosmos SDK application developers + +## Signer + +Signer specifies which field should be used to determine the signer of a message for the Cosmos SDK. This field can be used for clients as well to infer which field should be used to determine the signer of a message. + +Read more about the signer field [here](/docs/sdk/vnext/build/building-modules/messages-and-queries). + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/e6848d99b55a65d014375b295bdd7f9641aac95e/proto/cosmos/bank/v1beta1/tx.proto#L40 +``` + +```proto +option (cosmos.msg.v1.signer) = "from_address"; +``` + +## Scalar + +The scalar type defines a way for clients to understand how to construct protobuf messages according to what is expected by the module and sdk. + +```proto +(cosmos_proto.scalar) = "cosmos.AddressString" +``` + +Example of account address string scalar: + +```proto +// Reference: https://github.com/cosmos/cosmos-sdk/blob/e6848d99b55a65d014375b295bdd7f9641aac95e/proto/cosmos/bank/v1beta1/tx.proto#L46 +``` + +Example of validator address string scalar: + +```proto +// Reference: https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/distribution/v1beta1/query.proto#L87 +``` + +Example of Decimals scalar: + +```proto +// Reference: https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/distribution/v1beta1/distribution.proto#L26 +``` + +Example of Int scalar: + +```proto +// Reference: https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/gov/v1/gov.proto#L137 +``` + +There are a few options for what can be provided as a scalar: `cosmos.AddressString`, `cosmos.ValidatorAddressString`, `cosmos.ConsensusAddressString`, `cosmos.Int`, `cosmos.Dec`. + +## Implements\_Interface + +`Implements_Interface` is used to provide information to client tooling like [telescope](https://github.com/cosmology-tech/telescope) on how to encode and decode protobuf messages. + +```proto +option (cosmos_proto.implements_interface) = "cosmos.auth.v1beta1.AccountI"; +``` + +## Method,Field,Message Added In + +`method_added_in`, `field_added_in` and `message_added_in` are annotations to denote to clients that a field has been supported in a later version. This is useful when new methods or fields are added in later versions and that the client needs to be aware of what it can call. + +The annotation should be worded as follows: + +```proto +option (cosmos_proto.method_added_in) = "cosmos-sdk v0.50.1"; +option (cosmos_proto.method_added_in) = "x/epochs v1.0.0"; +option (cosmos_proto.method_added_in) = "simapp v24.0.0"; +``` + +## Amino + +The amino codec was removed in `v0.50+`, this means there is no need to register `legacyAminoCodec`. To replace the amino codec, Amino protobuf annotations are used to provide information to the amino codec on how to encode and decode protobuf messages. + +Amino annotations are only used for backwards compatibility with amino. New modules are not required to use amino annotations. + +The below annotations are used to provide information to the amino codec on how to encode and decode protobuf messages in a backwards compatible manner. + +### Name + +Name specifies the amino name that would show up for the user in order for them to see which message they are signing. + +```proto +option (amino.name) = "cosmos-sdk/BaseAccount"; +``` + +```proto +// Reference: https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/bank/v1beta1/tx.proto#L41 +``` + +### Field\_Name + +Field name specifies the amino name that would show up for the user in order for them to see which field they are signing. + +```proto +uint64 height = 1 [(amino.field_name) = "public_key"]; +``` + +```proto +// Reference: https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/distribution/v1beta1/distribution.proto#L166 +``` + +### Dont\_OmitEmpty + +Dont omitempty specifies that the field should not be omitted when encoding to amino. + +```proto +repeated cosmos.base.v1beta1.Coin amount = 3 [(amino.dont_omitempty) = true]; +``` + +```proto +// Reference: https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/bank/v1beta1/bank.proto#L56 +``` + +### Encoding + +Encoding instructs the amino json marshaler how to encode certain fields that may differ from the standard encoding behaviour. The most common example of this is how `repeated cosmos.base.v1beta1.Coin` is encoded when using the amino json encoding format. The `legacy_coins` option tells the json marshaler [how to encode a null slice](https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/x/tx/signing/aminojson/json_marshal.go#L65) of `cosmos.base.v1beta1.Coin`. + +```proto +(amino.encoding) = "legacy_coins", +``` + +```proto +// Reference: https://github.com/cosmos/cosmos-sdk/blob/e8f28bf5db18b8d6b7e0d94b542ce4cf48fed9d6/proto/cosmos/bank/v1beta1/genesis.proto#L23 +``` diff --git a/docs/sdk/next/build/building-modules/query-services.mdx b/docs/sdk/next/build/building-modules/query-services.mdx new file mode 100644 index 00000000..6118ff75 --- /dev/null +++ b/docs/sdk/next/build/building-modules/query-services.mdx @@ -0,0 +1,390 @@ +--- +title: Query Services +--- + +**Synopsis** +A Protobuf Query service processes [`queries`](/docs/sdk/vnext/build/building-modules/messages-and-queries#queries). Query services are specific to the module in which they are defined, and only process `queries` defined within said module. They are called from `BaseApp`'s [`Query` method](/docs/sdk/vnext/learn/advanced/baseapp#query). + + + +**Pre-requisite Readings** + +* [Module Manager](/docs/sdk/vnext/build/building-modules/module-manager) +* [Messages and Queries](/docs/sdk/vnext/build/building-modules/messages-and-queries) + + + +## Implementation of a module query service + +### gRPC Service + +When defining a Protobuf `Query` service, a `QueryServer` interface is generated for each module with all the service methods: + +```go +type QueryServer interface { + QueryBalance(context.Context, *QueryBalanceParams) (*types.Coin, error) + +QueryAllBalances(context.Context, *QueryAllBalancesParams) (*QueryAllBalancesResponse, error) +} +``` + +These custom queries methods should be implemented by a module's keeper, typically in `./keeper/grpc_query.go`. The first parameter of these methods is a generic `context.Context`. Therefore, the Cosmos SDK provides a function `sdk.UnwrapSDKContext` to retrieve the `context.Context` from the provided +`context.Context`. + +Here's an example implementation for the bank module: + +```go expandable +package keeper + +import ( + + "context" + "cosmossdk.io/collections" + "cosmossdk.io/math" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + "cosmossdk.io/store/prefix" + "github.com/cosmos/cosmos-sdk/runtime" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/query" + "github.com/cosmos/cosmos-sdk/x/bank/types" +) + +type Querier struct { + BaseKeeper +} + +var _ types.QueryServer = BaseKeeper{ +} + +func NewQuerier(keeper *BaseKeeper) + +Querier { + return Querier{ + BaseKeeper: *keeper +} +} + +// Balance implements the Query/Balance gRPC method +func (k BaseKeeper) + +Balance(ctx context.Context, req *types.QueryBalanceRequest) (*types.QueryBalanceResponse, error) { + if req == nil { + return nil, status.Error(codes.InvalidArgument, "empty request") +} + if err := sdk.ValidateDenom(req.Denom); err != nil { + return nil, status.Error(codes.InvalidArgument, err.Error()) +} + sdkCtx := sdk.UnwrapSDKContext(ctx) + +address, err := k.ak.AddressCodec().StringToBytes(req.Address) + if err != nil { + return nil, status.Errorf(codes.InvalidArgument, "invalid address: %s", err.Error()) +} + balance := k.GetBalance(sdkCtx, address, req.Denom) + +return &types.QueryBalanceResponse{ + Balance: &balance +}, nil +} + +// AllBalances implements the Query/AllBalances gRPC method +func (k BaseKeeper) + +AllBalances(ctx context.Context, req *types.QueryAllBalancesRequest) (*types.QueryAllBalancesResponse, error) { + if req == nil { + return nil, status.Error(codes.InvalidArgument, "empty request") +} + +addr, err := k.ak.AddressCodec().StringToBytes(req.Address) + if err != nil { + return nil, status.Errorf(codes.InvalidArgument, "invalid address: %s", err.Error()) +} + sdkCtx := sdk.UnwrapSDKContext(ctx) + balances := sdk.NewCoins() + + _, pageRes, err := query.CollectionFilteredPaginate(ctx, k.Balances, req.Pagination, func(key collections.Pair[sdk.AccAddress, string], value math.Int) (include bool, err error) { + denom := key.K2() + if req.ResolveDenom { + if metadata, ok := k.GetDenomMetaData(sdkCtx, denom); ok { + denom = metadata.Display +} + +} + +balances = append(balances, sdk.NewCoin(denom, value)) + +return false, nil // we don't include results because we're appending them here. +}, query.WithCollectionPaginationPairPrefix[sdk.AccAddress, string](addr)) + if err != nil { + return nil, status.Errorf(codes.InvalidArgument, "paginate: %v", err) +} + +return &types.QueryAllBalancesResponse{ + Balances: balances, + Pagination: pageRes +}, nil +} + +// SpendableBalances implements a gRPC query handler for retrieving an account's +// spendable balances. +func (k BaseKeeper) + +SpendableBalances(ctx context.Context, req *types.QuerySpendableBalancesRequest) (*types.QuerySpendableBalancesResponse, error) { + if req == nil { + return nil, status.Error(codes.InvalidArgument, "empty request") +} + +addr, err := k.ak.AddressCodec().StringToBytes(req.Address) + if err != nil { + return nil, status.Errorf(codes.InvalidArgument, "invalid address: %s", err.Error()) +} + sdkCtx := sdk.UnwrapSDKContext(ctx) + balances := sdk.NewCoins() + zeroAmt := math.ZeroInt() + + _, pageRes, err := query.CollectionFilteredPaginate(ctx, k.Balances, req.Pagination, func(key collections.Pair[sdk.AccAddress, string], _ math.Int) (include bool, err error) { + balances = append(balances, sdk.NewCoin(key.K2(), zeroAmt)) + +return false, nil // not including results as they're appended here +}, query.WithCollectionPaginationPairPrefix[sdk.AccAddress, string](addr)) + if err != nil { + return nil, status.Errorf(codes.InvalidArgument, "paginate: %v", err) +} + result := sdk.NewCoins() + spendable := k.SpendableCoins(sdkCtx, addr) + for _, c := range balances { + result = append(result, sdk.NewCoin(c.Denom, spendable.AmountOf(c.Denom))) +} + +return &types.QuerySpendableBalancesResponse{ + Balances: result, + Pagination: pageRes +}, nil +} + +// SpendableBalanceByDenom implements a gRPC query handler for retrieving an account's +// spendable balance for a specific denom. +func (k BaseKeeper) + +SpendableBalanceByDenom(ctx context.Context, req *types.QuerySpendableBalanceByDenomRequest) (*types.QuerySpendableBalanceByDenomResponse, error) { + if req == nil { + return nil, status.Error(codes.InvalidArgument, "empty request") +} + +addr, err := k.ak.AddressCodec().StringToBytes(req.Address) + if err != nil { + return nil, status.Errorf(codes.InvalidArgument, "invalid address: %s", err.Error()) +} + if err := sdk.ValidateDenom(req.Denom); err != nil { + return nil, status.Error(codes.InvalidArgument, err.Error()) +} + sdkCtx := sdk.UnwrapSDKContext(ctx) + spendable := k.SpendableCoin(sdkCtx, addr, req.Denom) + +return &types.QuerySpendableBalanceByDenomResponse{ + Balance: &spendable +}, nil +} + +// TotalSupply implements the Query/TotalSupply gRPC method +func (k BaseKeeper) + +TotalSupply(ctx context.Context, req *types.QueryTotalSupplyRequest) (*types.QueryTotalSupplyResponse, error) { + sdkCtx := sdk.UnwrapSDKContext(ctx) + +totalSupply, pageRes, err := k.GetPaginatedTotalSupply(sdkCtx, req.Pagination) + if err != nil { + return nil, status.Error(codes.Internal, err.Error()) +} + +return &types.QueryTotalSupplyResponse{ + Supply: totalSupply, + Pagination: pageRes +}, nil +} + +// SupplyOf implements the Query/SupplyOf gRPC method +func (k BaseKeeper) + +SupplyOf(c context.Context, req *types.QuerySupplyOfRequest) (*types.QuerySupplyOfResponse, error) { + if req == nil { + return nil, status.Error(codes.InvalidArgument, "empty request") +} + if err := sdk.ValidateDenom(req.Denom); err != nil { + return nil, status.Error(codes.InvalidArgument, err.Error()) +} + ctx := sdk.UnwrapSDKContext(c) + supply := k.GetSupply(ctx, req.Denom) + +return &types.QuerySupplyOfResponse{ + Amount: sdk.NewCoin(req.Denom, supply.Amount) +}, nil +} + +// Params implements the gRPC service handler for querying x/bank parameters. +func (k BaseKeeper) + +Params(ctx context.Context, req *types.QueryParamsRequest) (*types.QueryParamsResponse, error) { + if req == nil { + return nil, status.Errorf(codes.InvalidArgument, "empty request") +} + sdkCtx := sdk.UnwrapSDKContext(ctx) + params := k.GetParams(sdkCtx) + +return &types.QueryParamsResponse{ + Params: params +}, nil +} + +// DenomsMetadata implements Query/DenomsMetadata gRPC method. +func (k BaseKeeper) + +DenomsMetadata(c context.Context, req *types.QueryDenomsMetadataRequest) (*types.QueryDenomsMetadataResponse, error) { + if req == nil { + return nil, status.Errorf(codes.InvalidArgument, "empty request") +} + kvStore := runtime.KVStoreAdapter(k.storeService.OpenKVStore(c)) + store := prefix.NewStore(kvStore, types.DenomMetadataPrefix) + metadatas := []types.Metadata{ +} + +pageRes, err := query.Paginate(store, req.Pagination, func(_, value []byte) + +error { + var metadata types.Metadata + k.cdc.MustUnmarshal(value, &metadata) + +metadatas = append(metadatas, metadata) + +return nil +}) + if err != nil { + return nil, status.Error(codes.Internal, err.Error()) +} + +return &types.QueryDenomsMetadataResponse{ + Metadatas: metadatas, + Pagination: pageRes, +}, nil +} + +// DenomMetadata implements Query/DenomMetadata gRPC method. +func (k BaseKeeper) + +DenomMetadata(c context.Context, req *types.QueryDenomMetadataRequest) (*types.QueryDenomMetadataResponse, error) { + if req == nil { + return nil, status.Errorf(codes.InvalidArgument, "empty request") +} + if err := sdk.ValidateDenom(req.Denom); err != nil { + return nil, status.Error(codes.InvalidArgument, err.Error()) +} + ctx := sdk.UnwrapSDKContext(c) + +metadata, found := k.GetDenomMetaData(ctx, req.Denom) + if !found { + return nil, status.Errorf(codes.NotFound, "client metadata for denom %s", req.Denom) +} + +return &types.QueryDenomMetadataResponse{ + Metadata: metadata, +}, nil +} + +func (k BaseKeeper) + +DenomOwners( + goCtx context.Context, + req *types.QueryDenomOwnersRequest, +) (*types.QueryDenomOwnersResponse, error) { + if req == nil { + return nil, status.Errorf(codes.InvalidArgument, "empty request") +} + if err := sdk.ValidateDenom(req.Denom); err != nil { + return nil, status.Error(codes.InvalidArgument, err.Error()) +} + +var denomOwners []*types.DenomOwner + + _, pageRes, err := query.CollectionFilteredPaginate(goCtx, k.Balances.Indexes.Denom, req.Pagination, + func(key collections.Pair[string, sdk.AccAddress], value collections.NoValue) (include bool, err error) { + amt, err := k.Balances.Get(goCtx, collections.Join(key.K2(), req.Denom)) + if err != nil { + return false, err +} + +denomOwners = append(denomOwners, &types.DenomOwner{ + Address: key.K2().String(), + Balance: sdk.NewCoin(req.Denom, amt), +}) + +return false, nil +}, + query.WithCollectionPaginationPairPrefix[string, sdk.AccAddress](req.Denom), + ) + if err != nil { + return nil, err +} + +return &types.QueryDenomOwnersResponse{ + DenomOwners: denomOwners, + Pagination: pageRes +}, nil +} + +func (k BaseKeeper) + +SendEnabled(goCtx context.Context, req *types.QuerySendEnabledRequest) (*types.QuerySendEnabledResponse, error) { + if req == nil { + return nil, status.Errorf(codes.InvalidArgument, "empty request") +} + ctx := sdk.UnwrapSDKContext(goCtx) + resp := &types.QuerySendEnabledResponse{ +} + if len(req.Denoms) > 0 { + for _, denom := range req.Denoms { + if se, ok := k.getSendEnabled(ctx, denom); ok { + resp.SendEnabled = append(resp.SendEnabled, types.NewSendEnabled(denom, se)) +} + +} + +} + +else { + results, pageResp, err := query.CollectionPaginate[string, bool](ctx, k.BaseViewKeeper.SendEnabled, req.Pagination) + if err != nil { + return nil, status.Error(codes.Internal, err.Error()) +} + for _, r := range results { + resp.SendEnabled = append(resp.SendEnabled, &types.SendEnabled{ + Denom: r.Key, + Enabled: r.Value, +}) +} + +resp.Pagination = pageResp +} + +return resp, nil +} +``` + +### Calling queries from the State Machine + +The Cosmos SDK v0.47 introduces a new `cosmos.query.v1.module_query_safe` Protobuf annotation which is used to state that a query that is safe to be called from within the state machine, for example: + +* a Keeper's query function can be called from another module's Keeper, +* ADR-033 intermodule query calls, +* CosmWasm contracts can also directly interact with these queries. + +If the `module_query_safe` annotation set to `true`, it means: + +* The query is deterministic: given a block height it will return the same response upon multiple calls, and doesn't introduce any state-machine breaking changes across SDK patch versions. +* Gas consumption never fluctuates across calls and across patch versions. + +If you are a module developer and want to use `module_query_safe` annotation for your own query, you have to ensure the following things: + +* the query is deterministic and won't introduce state-machine-breaking changes without coordinated upgrades +* it has its gas tracked, to avoid the attack vector where no gas is accounted for + on potentially high-computation queries. diff --git a/docs/sdk/next/build/building-modules/simulator.mdx b/docs/sdk/next/build/building-modules/simulator.mdx new file mode 100644 index 00000000..89b3ef83 --- /dev/null +++ b/docs/sdk/next/build/building-modules/simulator.mdx @@ -0,0 +1,4062 @@ +--- +title: Module Simulation +--- + +**Pre-requisite Readings** + +* [Cosmos Blockchain Simulator](/docs/sdk/vnext/learn/advanced/simulation) + + + +## Synopsis + +This document guides developers on integrating their custom modules with the Cosmos SDK `Simulations`. +Simulations are useful for testing edge cases in module implementations. + +* [Simulation Package](#simulation-package) +* [Simulation App Module](#simulation-app-module) +* [SimsX](#simsx) + * [Example Implementations](#example-implementations) +* [Store decoders](#store-decoders) +* [Randomized genesis](#randomized-genesis) +* [Random weighted operations](#random-weighted-operations) + * [Using Simsx](#using-simsx) +* [App Simulator manager](#app-simulator-manager) +* [Running Simulations](#running-simulations) + +## Simulation Package + +The Cosmos SDK suggests organizing your simulation related code in a `x//simulation` package. + +## Simulation App Module + +To integrate with the Cosmos SDK `SimulationManager`, app modules must implement the `AppModuleSimulation` interface. + +```go expandable +package module + +import ( + + "encoding/json" + "math/rand" + "sort" + "time" + + sdkmath "cosmossdk.io/math" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/types/simulation" +) + +// AppModuleSimulation defines the standard functions that every module should expose +// for the SDK blockchain simulator +type AppModuleSimulation interface { + // randomized genesis states + GenerateGenesisState(input *SimulationState) + + // register a func to decode the each module's defined types from their corresponding store key + RegisterStoreDecoder(simulation.StoreDecoderRegistry) + + // simulation operations (i.e msgs) + +with their respective weight + WeightedOperations(simState SimulationState) []simulation.WeightedOperation +} + +// HasProposalMsgs defines the messages that can be used to simulate governance (v1) + +proposals +type HasProposalMsgs interface { + // msg functions used to simulate governance proposals + ProposalMsgs(simState SimulationState) []simulation.WeightedProposalMsg +} + +// HasProposalContents defines the contents that can be used to simulate legacy governance (v1beta1) + +proposals +type HasProposalContents interface { + // content functions used to simulate governance proposals + ProposalContents(simState SimulationState) []simulation.WeightedProposalContent //nolint:staticcheck // legacy v1beta1 governance +} + +// SimulationManager defines a simulation manager that provides the high level utility +// for managing and executing simulation functionalities for a group of modules +type SimulationManager struct { + Modules []AppModuleSimulation // array of app modules; we use an array for deterministic simulation tests + StoreDecoders simulation.StoreDecoderRegistry // functions to decode the key-value pairs from each module's store +} + +// NewSimulationManager creates a new SimulationManager object +// +// CONTRACT: All the modules provided must be also registered on the module Manager +func NewSimulationManager(modules ...AppModuleSimulation) *SimulationManager { + return &SimulationManager{ + Modules: modules, + StoreDecoders: make(simulation.StoreDecoderRegistry), +} +} + +// NewSimulationManagerFromAppModules creates a new SimulationManager object. +// +// First it sets any SimulationModule provided by overrideModules, and ignores any AppModule +// with the same moduleName. +// Then it attempts to cast every provided AppModule into an AppModuleSimulation. +// If the cast succeeds, its included, otherwise it is excluded. +func NewSimulationManagerFromAppModules(modules map[string]any, overrideModules map[string]AppModuleSimulation) *SimulationManager { + simModules := []AppModuleSimulation{ +} + appModuleNamesSorted := make([]string, 0, len(modules)) + for moduleName := range modules { + appModuleNamesSorted = append(appModuleNamesSorted, moduleName) +} + +sort.Strings(appModuleNamesSorted) + for _, moduleName := range appModuleNamesSorted { + // for every module, see if we override it. If so, use override. + // Else, if we can cast the app module into a simulation module add it. + // otherwise no simulation module. + if simModule, ok := overrideModules[moduleName]; ok { + simModules = append(simModules, simModule) +} + +else { + appModule := modules[moduleName] + if simModule, ok := appModule.(AppModuleSimulation); ok { + simModules = append(simModules, simModule) +} + // cannot cast, so we continue +} + +} + +return NewSimulationManager(simModules...) +} + +// Deprecated: Use GetProposalMsgs instead. +// GetProposalContents returns each module's proposal content generator function +// with their default operation weight and key. +func (sm *SimulationManager) + +GetProposalContents(simState SimulationState) []simulation.WeightedProposalContent { + wContents := make([]simulation.WeightedProposalContent, 0, len(sm.Modules)) + for _, module := range sm.Modules { + if module, ok := module.(HasProposalContents); ok { + wContents = append(wContents, module.ProposalContents(simState)...) +} + +} + +return wContents +} + +// GetProposalMsgs returns each module's proposal msg generator function +// with their default operation weight and key. +func (sm *SimulationManager) + +GetProposalMsgs(simState SimulationState) []simulation.WeightedProposalMsg { + wContents := make([]simulation.WeightedProposalMsg, 0, len(sm.Modules)) + for _, module := range sm.Modules { + if module, ok := module.(HasProposalMsgs); ok { + wContents = append(wContents, module.ProposalMsgs(simState)...) +} + +} + +return wContents +} + +// RegisterStoreDecoders registers each of the modules' store decoders into a map +func (sm *SimulationManager) + +RegisterStoreDecoders() { + for _, module := range sm.Modules { + module.RegisterStoreDecoder(sm.StoreDecoders) +} +} + +// GenerateGenesisStates generates a randomized GenesisState for each of the +// registered modules +func (sm *SimulationManager) + +GenerateGenesisStates(simState *SimulationState) { + for _, module := range sm.Modules { + module.GenerateGenesisState(simState) +} +} + +// WeightedOperations returns all the modules' weighted operations of an application +func (sm *SimulationManager) + +WeightedOperations(simState SimulationState) []simulation.WeightedOperation { + wOps := make([]simulation.WeightedOperation, 0, len(sm.Modules)) + for _, module := range sm.Modules { + wOps = append(wOps, module.WeightedOperations(simState)...) +} + +return wOps +} + +// SimulationState is the input parameters used on each of the module's randomized +// GenesisState generator function +type SimulationState struct { + AppParams simulation.AppParams + Cdc codec.JSONCodec // application codec + TxConfig client.TxConfig // Shared TxConfig; this is expensive to create and stateless, so create it once up front. + Rand *rand.Rand // random number + GenState map[string]json.RawMessage // genesis state + Accounts []simulation.Account // simulation accounts + InitialStake sdkmath.Int // initial coins per account + NumBonded int64 // number of initially bonded accounts + BondDenom string // denom to be used as default + GenTimestamp time.Time // genesis timestamp + UnbondTime time.Duration // staking unbond time stored to use it as the slashing maximum evidence duration + LegacyParamChange []simulation.LegacyParamChange // simulated parameter changes from modules + //nolint:staticcheck // legacy used for testing + LegacyProposalContents []simulation.WeightedProposalContent // proposal content generator functions with their default weight and app sim key + ProposalMsgs []simulation.WeightedProposalMsg // proposal msg generator functions with their default weight and app sim key +} +``` + +See an example implementation of these methods from `x/distribution` [here](https://github.com/cosmos/cosmos-sdk/blob/b55b9e14fb792cc8075effb373be9d26327fddea/x/distribution/module.go#L170-L194). + +## SimsX + +Cosmos SDK v0.53.0 introduced a new package, `simsx`, providing improved DevX for writing simulation code. + +It exposes the following extension interfaces that modules may implement to integrate with the new `simsx` runner. + +```go expandable +package simsx + +import ( + + "encoding/json" + "fmt" + "io" + "math" + "os" + "path/filepath" + "strings" + "testing" + + dbm "github.com/cosmos/cosmos-db" + "github.com/stretchr/testify/require" + "cosmossdk.io/log" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/client/flags" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/runtime" + servertypes "github.com/cosmos/cosmos-sdk/server/types" + simtestutil "github.com/cosmos/cosmos-sdk/testutil/sims" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/module" + simtypes "github.com/cosmos/cosmos-sdk/types/simulation" + "github.com/cosmos/cosmos-sdk/x/simulation" + "github.com/cosmos/cosmos-sdk/x/simulation/client/cli" +) + +const SimAppChainID = "simulation-app" + +// this list of seeds was imported from the original simulation runner: https://github.com/cosmos/tools/blob/v1.0.0/cmd/runsim/main.go#L32 +var defaultSeeds = []int64{ + 1, 2, 4, 7, + 32, 123, 124, 582, 1893, 2989, + 3012, 4728, 37827, 981928, 87821, 891823782, + 989182, 89182391, 11, 22, 44, 77, 99, 2020, + 3232, 123123, 124124, 582582, 18931893, + 29892989, 30123012, 47284728, 7601778, 8090485, + 977367484, 491163361, 424254581, 673398983, +} + +// SimStateFactory is a factory type that provides a convenient way to create a simulation state for testing. +// It contains the following fields: +// - Codec: a codec used for serializing other objects +// - AppStateFn: a function that returns the app state JSON bytes and the genesis accounts +// - BlockedAddr: a map of blocked addresses +// - AccountSource: an interface for retrieving accounts +// - BalanceSource: an interface for retrieving balance-related information +type SimStateFactory struct { + Codec codec.Codec + AppStateFn simtypes.AppStateFn + BlockedAddr map[string]bool + AccountSource AccountSourceX + BalanceSource BalanceSource +} + +// SimulationApp abstract app that is used by sims +type SimulationApp interface { + runtime.AppI + SetNotSigverifyTx() + +GetBaseApp() *baseapp.BaseApp + TxConfig() + +client.TxConfig + Close() + +error +} + +// Run is a helper function that runs a simulation test with the given parameters. +// It calls the RunWithSeeds function with the default seeds and parameters. +// +// This is the entrypoint to run simulation tests that used to run with the runsim binary. +func Run[T SimulationApp]( + t *testing.T, + appFactory func( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), + ) + +T, + setupStateFactory func(app T) + +SimStateFactory, + postRunActions ...func(t testing.TB, app TestInstance[T], accs []simtypes.Account), +) { + t.Helper() + +RunWithSeeds(t, appFactory, setupStateFactory, defaultSeeds, nil, postRunActions...) +} + +// RunWithSeeds is a helper function that runs a simulation test with the given parameters. +// It iterates over the provided seeds and runs the simulation test for each seed in parallel. +// +// It sets up the environment, creates an instance of the simulation app, +// calls the simulation.SimulateFromSeed function to run the simulation, and performs post-run actions for each seed. +// The execution is deterministic and can be used for fuzz tests as well. +// +// The system under test is isolated for each run but unlike the old runsim command, there is no Process separation. +// This means, global caches may be reused for example. This implementation build upon the vanilla Go stdlib test framework. +func RunWithSeeds[T SimulationApp]( + t *testing.T, + appFactory func( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), + ) + +T, + setupStateFactory func(app T) + +SimStateFactory, + seeds []int64, + fuzzSeed []byte, + postRunActions ...func(t testing.TB, app TestInstance[T], accs []simtypes.Account), +) { + t.Helper() + +RunWithSeedsAndRandAcc(t, appFactory, setupStateFactory, seeds, fuzzSeed, simtypes.RandomAccounts, postRunActions...) +} + +// RunWithSeedsAndRandAcc calls RunWithSeeds with randAccFn +func RunWithSeedsAndRandAcc[T SimulationApp]( + t *testing.T, + appFactory func( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), + ) + +T, + setupStateFactory func(app T) + +SimStateFactory, + seeds []int64, + fuzzSeed []byte, + randAccFn simtypes.RandomAccountFn, + postRunActions ...func(t testing.TB, app TestInstance[T], accs []simtypes.Account), +) { + t.Helper() + if deprecatedParams := cli.GetDeprecatedFlagUsed(); len(deprecatedParams) != 0 { + fmt.Printf("Warning: Deprecated flag are used: %s", strings.Join(deprecatedParams, ",")) +} + cfg := cli.NewConfigFromFlags() + +cfg.ChainID = SimAppChainID + for i := range seeds { + seed := seeds[i] + t.Run(fmt.Sprintf("seed: %d", seed), func(t *testing.T) { + t.Parallel() + +RunWithSeed(t, cfg, appFactory, setupStateFactory, seed, fuzzSeed, postRunActions...) +}) +} +} + +// RunWithSeed is a helper function that runs a simulation test with the given parameters. +// It iterates over the provided seeds and runs the simulation test for each seed in parallel. +// +// It sets up the environment, creates an instance of the simulation app, +// calls the simulation.SimulateFromSeed function to run the simulation, and performs post-run actions for the seed. +// The execution is deterministic and can be used for fuzz tests as well. +func RunWithSeed[T SimulationApp]( + tb testing.TB, + cfg simtypes.Config, + appFactory func(logger log.Logger, db dbm.DB, traceStore io.Writer, loadLatest bool, appOpts servertypes.AppOptions, baseAppOptions ...func(*baseapp.BaseApp)) + +T, + setupStateFactory func(app T) + +SimStateFactory, + seed int64, + fuzzSeed []byte, + postRunActions ...func(t testing.TB, app TestInstance[T], accs []simtypes.Account), +) { + tb.Helper() + +RunWithSeedAndRandAcc(tb, cfg, appFactory, setupStateFactory, seed, fuzzSeed, simtypes.RandomAccounts, postRunActions...) +} + +// RunWithSeedAndRandAcc calls RunWithSeed with randAccFn +func RunWithSeedAndRandAcc[T SimulationApp]( + tb testing.TB, + cfg simtypes.Config, + appFactory func(logger log.Logger, db dbm.DB, traceStore io.Writer, loadLatest bool, appOpts servertypes.AppOptions, baseAppOptions ...func(*baseapp.BaseApp)) + +T, + setupStateFactory func(app T) + +SimStateFactory, + seed int64, + fuzzSeed []byte, + randAccFn simtypes.RandomAccountFn, + postRunActions ...func(t testing.TB, app TestInstance[T], accs []simtypes.Account), +) { + tb.Helper() + // setup environment + tCfg := cfg.With(tb, seed, fuzzSeed) + testInstance := NewSimulationAppInstance(tb, tCfg, appFactory) + +var runLogger log.Logger + if cli.FlagVerboseValue { + runLogger = log.NewTestLogger(tb) +} + +else { + runLogger = log.NewTestLoggerInfo(tb) +} + +runLogger = runLogger.With("seed", tCfg.Seed) + app := testInstance.App + stateFactory := setupStateFactory(app) + +ops, reporter := prepareWeightedOps(app.SimulationManager(), stateFactory, tCfg, testInstance.App.TxConfig(), runLogger) + +simParams, accs, err := simulation.SimulateFromSeedX( + tb, + runLogger, + WriteToDebugLog(runLogger), + app.GetBaseApp(), + stateFactory.AppStateFn, + randAccFn, + ops, + stateFactory.BlockedAddr, + tCfg, + stateFactory.Codec, + testInstance.ExecLogWriter, + ) + +require.NoError(tb, err) + +err = simtestutil.CheckExportSimulation(app, tCfg, simParams) + +require.NoError(tb, err) + if tCfg.Commit { + simtestutil.PrintStats(testInstance.DB) +} + // not using tb.Log to always print the summary + fmt.Printf("+++ DONE (seed: %d): \n%s\n", seed, reporter.Summary().String()) + for _, step := range postRunActions { + step(tb, testInstance, accs) +} + +require.NoError(tb, app.Close()) +} + +type ( + HasWeightedOperationsX interface { + WeightedOperationsX(weight WeightSource, reg Registry) +} + +HasWeightedOperationsXWithProposals interface { + WeightedOperationsX(weights WeightSource, reg Registry, proposals WeightedProposalMsgIter, + legacyProposals []simtypes.WeightedProposalContent) //nolint: staticcheck // used for legacy proposal types +} + +HasProposalMsgsX interface { + ProposalMsgsX(weights WeightSource, reg Registry) +} +) + +type ( + HasLegacyWeightedOperations interface { + // WeightedOperations simulation operations (i.e msgs) + +with their respective weight + WeightedOperations(simState module.SimulationState) []simtypes.WeightedOperation +} + // HasLegacyProposalMsgs defines the messages that can be used to simulate governance (v1) + +proposals + // Deprecated replaced by HasProposalMsgsX + HasLegacyProposalMsgs interface { + // ProposalMsgs msg fu nctions used to simulate governance proposals + ProposalMsgs(simState module.SimulationState) []simtypes.WeightedProposalMsg +} + + // HasLegacyProposalContents defines the contents that can be used to simulate legacy governance (v1beta1) + +proposals + // Deprecated replaced by HasProposalMsgsX + HasLegacyProposalContents interface { + // ProposalContents content functions used to simulate governance proposals + ProposalContents(simState module.SimulationState) []simtypes.WeightedProposalContent //nolint:staticcheck // legacy v1beta1 governance +} +) + +// TestInstance is a generic type that represents an instance of a SimulationApp used for testing simulations. +// It contains the following fields: +// - App: The instance of the SimulationApp under test. +// - DB: The LevelDB database for the simulation app. +// - WorkDir: The temporary working directory for the simulation app. +// - Cfg: The configuration flags for the simulator. +// - AppLogger: The logger used for logging in the app during the simulation, with seed value attached. +// - ExecLogWriter: Captures block and operation data coming from the simulation +type TestInstance[T SimulationApp] struct { + App T + DB dbm.DB + WorkDir string + Cfg simtypes.Config + AppLogger log.Logger + ExecLogWriter simulation.LogWriter +} + +// included to avoid cyclic dependency in testutils/sims +func prepareWeightedOps( + sm *module.SimulationManager, + stateFact SimStateFactory, + config simtypes.Config, + txConfig client.TxConfig, + logger log.Logger, +) (simulation.WeightedOperations, *BasicSimulationReporter) { + cdc := stateFact.Codec + simState := module.SimulationState{ + AppParams: make(simtypes.AppParams), + Cdc: cdc, + TxConfig: txConfig, + BondDenom: sdk.DefaultBondDenom, +} + if config.ParamsFile != "" { + bz, err := os.ReadFile(config.ParamsFile) + if err != nil { + panic(err) +} + +err = json.Unmarshal(bz, &simState.AppParams) + if err != nil { + panic(err) +} + +} + weights := ParamWeightSource(simState.AppParams) + reporter := NewBasicSimulationReporter() + pReg := make(UniqueTypeRegistry) + wContent := make([]simtypes.WeightedProposalContent, 0) //nolint:staticcheck // required for legacy type + legacyPReg := NewWeightedFactoryMethods() + // add gov proposals types + for _, m := range sm.Modules { + switch xm := m.(type) { + case HasProposalMsgsX: + xm.ProposalMsgsX(weights, pReg) + case HasLegacyProposalMsgs: + for _, p := range xm.ProposalMsgs(simState) { + weight := weights.Get(p.AppParamsKey(), safeUint(p.DefaultWeight())) + +legacyPReg.Add(weight, legacyToMsgFactoryAdapter(p.MsgSimulatorFn())) +} + case HasLegacyProposalContents: + wContent = append(wContent, xm.ProposalContents(simState)...) +} + +} + oReg := NewSimsMsgRegistryAdapter( + reporter, + stateFact.AccountSource, + stateFact.BalanceSource, + txConfig, + logger, + ) + wOps := make([]simtypes.WeightedOperation, 0, len(sm.Modules)) + for _, m := range sm.Modules { + // add operations + switch xm := m.(type) { + case HasWeightedOperationsX: + xm.WeightedOperationsX(weights, oReg) + case HasWeightedOperationsXWithProposals: + xm.WeightedOperationsX(weights, oReg, AppendIterators(legacyPReg.Iterator(), pReg.Iterator()), wContent) + case HasLegacyWeightedOperations: + wOps = append(wOps, xm.WeightedOperations(simState)...) +} + +} + +return append(wOps, Collect(oReg.items, func(a weightedOperation) + +simtypes.WeightedOperation { + return a +})...), reporter +} + +func safeUint(p int) + +uint32 { + if p < 0 || p > math.MaxUint32 { + panic(fmt.Sprintf("can not cast to uint32: %d", p)) +} + +return uint32(p) +} + +// NewSimulationAppInstance initializes and returns a TestInstance of a SimulationApp. +// The function takes a testing.T instance, a simtypes.Config instance, and an appFactory function as parameters. +// It creates a temporary working directory and a LevelDB database for the simulation app. +// The function then initializes a logger based on the verbosity flag and sets the logger's seed to the test configuration's seed. +// The database is closed and cleaned up on test completion. +func NewSimulationAppInstance[T SimulationApp]( + tb testing.TB, + tCfg simtypes.Config, + appFactory func(logger log.Logger, db dbm.DB, traceStore io.Writer, loadLatest bool, appOpts servertypes.AppOptions, baseAppOptions ...func(*baseapp.BaseApp)) + +T, +) + +TestInstance[T] { + tb.Helper() + workDir := tb.TempDir() + +require.NoError(tb, os.Mkdir(filepath.Join(workDir, "data"), 0o750)) + dbDir := filepath.Join(workDir, "leveldb-app-sim") + +var logger log.Logger + if cli.FlagVerboseValue { + logger = log.NewTestLogger(tb) +} + +else { + logger = log.NewTestLoggerError(tb) +} + +logger = logger.With("seed", tCfg.Seed) + +db, err := dbm.NewDB("Simulation", dbm.BackendType(tCfg.DBBackend), dbDir) + +require.NoError(tb, err) + +tb.Cleanup(func() { + _ = db.Close() // ensure db is closed +}) + appOptions := make(simtestutil.AppOptionsMap) + +appOptions[flags.FlagHome] = workDir + opts := []func(*baseapp.BaseApp) { + baseapp.SetChainID(tCfg.ChainID) +} + if tCfg.FauxMerkle { + opts = append(opts, FauxMerkleModeOpt) +} + app := appFactory(logger, db, nil, true, appOptions, opts...) + if !cli.FlagSigverifyTxValue { + app.SetNotSigverifyTx() +} + +return TestInstance[T]{ + App: app, + DB: db, + WorkDir: workDir, + Cfg: tCfg, + AppLogger: logger, + ExecLogWriter: &simulation.StandardLogWriter{ + Seed: tCfg.Seed +}, +} +} + +var _ io.Writer = writerFn(nil) + +type writerFn func(p []byte) (n int, err error) + +func (w writerFn) + +Write(p []byte) (n int, err error) { + return w(p) +} + +// WriteToDebugLog is an adapter to io.Writer interface +func WriteToDebugLog(logger log.Logger) + +io.Writer { + return writerFn(func(p []byte) (n int, err error) { + logger.Debug(string(p)) + +return len(p), nil +}) +} + +// FauxMerkleModeOpt returns a BaseApp option to use a dbStoreAdapter instead of +// an IAVLStore for faster simulation speed. +func FauxMerkleModeOpt(bapp *baseapp.BaseApp) { + bapp.SetFauxMerkleMode() +} +``` + +These methods allow constructing randomized messages and/or proposal messages. + + +Note that modules should **not** implement both `HasWeightedOperationsX` and `HasWeightedOperationsXWithProposals`. +See the runner code [here](https://github.com/cosmos/cosmos-sdk/blob/main/testutil/simsx/runner.go#L330-L339) for details + +If the module does **not** have message handlers or governance proposal handlers, these interface methods do **not** need to be implemented. + + +### Example Implementations + +* `HasWeightedOperationsXWithProposals`: [x/gov](https://github.com/cosmos/cosmos-sdk/blob/main/x/gov/module.go#L242-L261) +* `HasWeightedOperationsX`: [x/bank](https://github.com/cosmos/cosmos-sdk/blob/main/x/bank/module.go#L199-L203) +* `HasProposalMsgsX`: [x/bank](https://github.com/cosmos/cosmos-sdk/blob/main/x/bank/module.go#L194-L197) + +## Store decoders + +Registering the store decoders is required for the `AppImportExport` simulation. This allows +for the key-value pairs from the stores to be decoded to their corresponding types. +In particular, it matches the key to a concrete type and then unmarshals the value from the `KVPair` to the type provided. + +Modules using [collections](https://github.com/cosmos/cosmos-sdk/blob/main/collections/README.md) can use the `NewStoreDecoderFuncFromCollectionsSchema` function that builds the decoder for you: + +```go expandable +package bank + +import ( + + "context" + "encoding/json" + "fmt" + "maps" + "slices" + "sort" + + gwruntime "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/spf13/cobra" + + modulev1 "cosmossdk.io/api/cosmos/bank/module/v1" + "cosmossdk.io/core/address" + "cosmossdk.io/core/appmodule" + corestore "cosmossdk.io/core/store" + "cosmossdk.io/depinject" + "cosmossdk.io/log" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + "github.com/cosmos/cosmos-sdk/testutil/simsx" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/module" + simtypes "github.com/cosmos/cosmos-sdk/types/simulation" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + "github.com/cosmos/cosmos-sdk/x/bank/client/cli" + "github.com/cosmos/cosmos-sdk/x/bank/exported" + "github.com/cosmos/cosmos-sdk/x/bank/keeper" + v1bank "github.com/cosmos/cosmos-sdk/x/bank/migrations/v1" + "github.com/cosmos/cosmos-sdk/x/bank/simulation" + "github.com/cosmos/cosmos-sdk/x/bank/types" + govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" +) + +// ConsensusVersion defines the current x/bank module consensus version. +const ConsensusVersion = 4 + +var ( + _ module.AppModuleBasic = AppModule{ +} + _ module.AppModuleSimulation = AppModule{ +} + _ module.HasGenesis = AppModule{ +} + _ module.HasServices = AppModule{ +} + + _ appmodule.AppModule = AppModule{ +} +) + +// AppModuleBasic defines the basic application module used by the bank module. +type AppModuleBasic struct { + cdc codec.Codec + ac address.Codec +} + +// Name returns the bank module's name. +func (AppModuleBasic) + +Name() + +string { + return types.ModuleName +} + +// RegisterLegacyAminoCodec registers the bank module's types on the LegacyAmino codec. +func (AppModuleBasic) + +RegisterLegacyAminoCodec(cdc *codec.LegacyAmino) { + types.RegisterLegacyAminoCodec(cdc) +} + +// DefaultGenesis returns default genesis state as raw bytes for the bank +// module. +func (AppModuleBasic) + +DefaultGenesis(cdc codec.JSONCodec) + +json.RawMessage { + return cdc.MustMarshalJSON(types.DefaultGenesisState()) +} + +// ValidateGenesis performs genesis state validation for the bank module. +func (AppModuleBasic) + +ValidateGenesis(cdc codec.JSONCodec, _ client.TxEncodingConfig, bz json.RawMessage) + +error { + var data types.GenesisState + if err := cdc.UnmarshalJSON(bz, &data); err != nil { + return fmt.Errorf("failed to unmarshal %s genesis state: %w", types.ModuleName, err) +} + +return data.Validate() +} + +// RegisterGRPCGatewayRoutes registers the gRPC Gateway routes for the bank module. +func (AppModuleBasic) + +RegisterGRPCGatewayRoutes(clientCtx client.Context, mux *gwruntime.ServeMux) { + if err := types.RegisterQueryHandlerClient(context.Background(), mux, types.NewQueryClient(clientCtx)); err != nil { + panic(err) +} +} + +// GetTxCmd returns the root tx command for the bank module. +func (ab AppModuleBasic) + +GetTxCmd() *cobra.Command { + return cli.NewTxCmd(ab.ac) +} + +// RegisterInterfaces registers interfaces and implementations of the bank module. +func (AppModuleBasic) + +RegisterInterfaces(registry codectypes.InterfaceRegistry) { + types.RegisterInterfaces(registry) + + // Register legacy interfaces for migration scripts. + v1bank.RegisterInterfaces(registry) +} + +// AppModule implements an application module for the bank module. +type AppModule struct { + AppModuleBasic + + keeper keeper.Keeper + accountKeeper types.AccountKeeper + + // legacySubspace is used solely for migration of x/params managed parameters + legacySubspace exported.Subspace +} + +// IsOnePerModuleType implements the depinject.OnePerModuleType interface. +func (am AppModule) + +IsOnePerModuleType() { +} + +// IsAppModule implements the appmodule.AppModule interface. +func (am AppModule) + +IsAppModule() { +} + +// RegisterServices registers module services. +func (am AppModule) + +RegisterServices(cfg module.Configurator) { + types.RegisterMsgServer(cfg.MsgServer(), keeper.NewMsgServerImpl(am.keeper)) + +types.RegisterQueryServer(cfg.QueryServer(), am.keeper) + m := keeper.NewMigrator(am.keeper.(keeper.BaseKeeper), am.legacySubspace) + if err := cfg.RegisterMigration(types.ModuleName, 1, m.Migrate1to2); err != nil { + panic(fmt.Sprintf("failed to migrate x/bank from version 1 to 2: %v", err)) +} + if err := cfg.RegisterMigration(types.ModuleName, 2, m.Migrate2to3); err != nil { + panic(fmt.Sprintf("failed to migrate x/bank from version 2 to 3: %v", err)) +} + if err := cfg.RegisterMigration(types.ModuleName, 3, m.Migrate3to4); err != nil { + panic(fmt.Sprintf("failed to migrate x/bank from version 3 to 4: %v", err)) +} +} + +// NewAppModule creates a new AppModule object +func NewAppModule(cdc codec.Codec, keeper keeper.Keeper, accountKeeper types.AccountKeeper, ss exported.Subspace) + +AppModule { + return AppModule{ + AppModuleBasic: AppModuleBasic{ + cdc: cdc, ac: accountKeeper.AddressCodec() +}, + keeper: keeper, + accountKeeper: accountKeeper, + legacySubspace: ss, +} +} + +// QuerierRoute returns the bank module's querier route name. +func (AppModule) + +QuerierRoute() + +string { + return types.RouterKey +} + +// InitGenesis performs genesis initialization for the bank module. It returns +// no validator updates. +func (am AppModule) + +InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, data json.RawMessage) { + var genesisState types.GenesisState + cdc.MustUnmarshalJSON(data, &genesisState) + +am.keeper.InitGenesis(ctx, &genesisState) +} + +// ExportGenesis returns the exported genesis state as raw bytes for the bank +// module. +func (am AppModule) + +ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec) + +json.RawMessage { + gs := am.keeper.ExportGenesis(ctx) + +return cdc.MustMarshalJSON(gs) +} + +// ConsensusVersion implements AppModule/ConsensusVersion. +func (AppModule) + +ConsensusVersion() + +uint64 { + return ConsensusVersion +} + +// AppModuleSimulation functions + +// GenerateGenesisState creates a randomized GenState of the bank module. +func (AppModule) + +GenerateGenesisState(simState *module.SimulationState) { + simulation.RandomizedGenState(simState) +} + +// ProposalMsgs returns msgs used for governance proposals for simulations. +// migrate to ProposalMsgsX. This method is ignored when ProposalMsgsX exists and will be removed in the future. +func (AppModule) + +ProposalMsgs(simState module.SimulationState) []simtypes.WeightedProposalMsg { + return simulation.ProposalMsgs() +} + +// RegisterStoreDecoder registers a decoder for supply module's types +func (am AppModule) + +RegisterStoreDecoder(sdr simtypes.StoreDecoderRegistry) { + sdr[types.StoreKey] = simtypes.NewStoreDecoderFuncFromCollectionsSchema(am.keeper.(keeper.BaseKeeper).Schema) +} + +// WeightedOperations returns the all the bank module operations with their respective weights. +// migrate to WeightedOperationsX. This method is ignored when WeightedOperationsX exists and will be removed in the future +func (am AppModule) + +WeightedOperations(simState module.SimulationState) []simtypes.WeightedOperation { + return simulation.WeightedOperations( + simState.AppParams, simState.Cdc, simState.TxConfig, am.accountKeeper, am.keeper, + ) +} + +// ProposalMsgsX registers governance proposal messages in the simulation registry. +func (AppModule) + +ProposalMsgsX(weights simsx.WeightSource, reg simsx.Registry) { + reg.Add(weights.Get("msg_update_params", 100), simulation.MsgUpdateParamsFactory()) +} + +// WeightedOperationsX registers weighted bank module operations for simulation. +func (am AppModule) + +WeightedOperationsX(weights simsx.WeightSource, reg simsx.Registry) { + reg.Add(weights.Get("msg_send", 100), simulation.MsgSendFactory()) + +reg.Add(weights.Get("msg_multisend", 10), simulation.MsgMultiSendFactory()) +} + +// App Wiring Setup + +func init() { + appmodule.Register( + &modulev1.Module{ +}, + appmodule.Provide(ProvideModule), + appmodule.Invoke(InvokeSetSendRestrictions), + ) +} + +type ModuleInputs struct { + depinject.In + + Config *modulev1.Module + Cdc codec.Codec + StoreService corestore.KVStoreService + Logger log.Logger + + AccountKeeper types.AccountKeeper + + // LegacySubspace is used solely for migration of x/params managed parameters + LegacySubspace exported.Subspace `optional:"true"` +} + +type ModuleOutputs struct { + depinject.Out + + BankKeeper keeper.BaseKeeper + Module appmodule.AppModule +} + +func ProvideModule(in ModuleInputs) + +ModuleOutputs { + // Configure blocked module accounts. + // + // Default behavior for blockedAddresses is to regard any module mentioned in + // AccountKeeper's module account permissions as blocked. + blockedAddresses := make(map[string]bool) + if len(in.Config.BlockedModuleAccountsOverride) > 0 { + for _, moduleName := range in.Config.BlockedModuleAccountsOverride { + blockedAddresses[authtypes.NewModuleAddress(moduleName).String()] = true +} + +} + +else { + for _, permission := range in.AccountKeeper.GetModulePermissions() { + blockedAddresses[permission.GetAddress().String()] = true +} + +} + + // default to governance authority if not provided + authority := authtypes.NewModuleAddress(govtypes.ModuleName) + if in.Config.Authority != "" { + authority = authtypes.NewModuleAddressOrBech32Address(in.Config.Authority) +} + bankKeeper := keeper.NewBaseKeeper( + in.Cdc, + in.StoreService, + in.AccountKeeper, + blockedAddresses, + authority.String(), + in.Logger, + ) + m := NewAppModule(in.Cdc, bankKeeper, in.AccountKeeper, in.LegacySubspace) + +return ModuleOutputs{ + BankKeeper: bankKeeper, + Module: m +} +} + +func InvokeSetSendRestrictions( + config *modulev1.Module, + keeper keeper.BaseKeeper, + restrictions map[string]types.SendRestrictionFn, +) + +error { + if config == nil { + return nil +} + modules := slices.Collect(maps.Keys(restrictions)) + order := config.RestrictionsOrder + if len(order) == 0 { + order = modules + sort.Strings(order) +} + if len(order) != len(modules) { + return fmt.Errorf("len(restrictions order: %v) != len(restriction modules: %v)", order, modules) +} + if len(modules) == 0 { + return nil +} + for _, module := range order { + restriction, ok := restrictions[module] + if !ok { + return fmt.Errorf("can't find send restriction for module %s", module) +} + +keeper.AppendSendRestriction(restriction) +} + +return nil +} +``` + +Modules not using collections must manually build the store decoder. +See the implementation [here](https://github.com/cosmos/cosmos-sdk/blob/main/x/distribution/simulation/decoder.go) from the distribution module for an example. + +## Randomized genesis + +The simulator tests different scenarios and values for genesis parameters. +App modules must implement a `GenerateGenesisState` method to generate the initial random `GenesisState` from a given seed. + +```go expandable +package module + +import ( + + "encoding/json" + "math/rand" + "sort" + "time" + + sdkmath "cosmossdk.io/math" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/types/simulation" +) + +// AppModuleSimulation defines the standard functions that every module should expose +// for the SDK blockchain simulator +type AppModuleSimulation interface { + // randomized genesis states + GenerateGenesisState(input *SimulationState) + + // register a func to decode the each module's defined types from their corresponding store key + RegisterStoreDecoder(simulation.StoreDecoderRegistry) + + // simulation operations (i.e msgs) + +with their respective weight + WeightedOperations(simState SimulationState) []simulation.WeightedOperation +} + +// HasProposalMsgs defines the messages that can be used to simulate governance (v1) + +proposals +type HasProposalMsgs interface { + // msg functions used to simulate governance proposals + ProposalMsgs(simState SimulationState) []simulation.WeightedProposalMsg +} + +// HasProposalContents defines the contents that can be used to simulate legacy governance (v1beta1) + +proposals +type HasProposalContents interface { + // content functions used to simulate governance proposals + ProposalContents(simState SimulationState) []simulation.WeightedProposalContent //nolint:staticcheck // legacy v1beta1 governance +} + +// SimulationManager defines a simulation manager that provides the high level utility +// for managing and executing simulation functionalities for a group of modules +type SimulationManager struct { + Modules []AppModuleSimulation // array of app modules; we use an array for deterministic simulation tests + StoreDecoders simulation.StoreDecoderRegistry // functions to decode the key-value pairs from each module's store +} + +// NewSimulationManager creates a new SimulationManager object +// +// CONTRACT: All the modules provided must be also registered on the module Manager +func NewSimulationManager(modules ...AppModuleSimulation) *SimulationManager { + return &SimulationManager{ + Modules: modules, + StoreDecoders: make(simulation.StoreDecoderRegistry), +} +} + +// NewSimulationManagerFromAppModules creates a new SimulationManager object. +// +// First it sets any SimulationModule provided by overrideModules, and ignores any AppModule +// with the same moduleName. +// Then it attempts to cast every provided AppModule into an AppModuleSimulation. +// If the cast succeeds, its included, otherwise it is excluded. +func NewSimulationManagerFromAppModules(modules map[string]any, overrideModules map[string]AppModuleSimulation) *SimulationManager { + simModules := []AppModuleSimulation{ +} + appModuleNamesSorted := make([]string, 0, len(modules)) + for moduleName := range modules { + appModuleNamesSorted = append(appModuleNamesSorted, moduleName) +} + +sort.Strings(appModuleNamesSorted) + for _, moduleName := range appModuleNamesSorted { + // for every module, see if we override it. If so, use override. + // Else, if we can cast the app module into a simulation module add it. + // otherwise no simulation module. + if simModule, ok := overrideModules[moduleName]; ok { + simModules = append(simModules, simModule) +} + +else { + appModule := modules[moduleName] + if simModule, ok := appModule.(AppModuleSimulation); ok { + simModules = append(simModules, simModule) +} + // cannot cast, so we continue +} + +} + +return NewSimulationManager(simModules...) +} + +// Deprecated: Use GetProposalMsgs instead. +// GetProposalContents returns each module's proposal content generator function +// with their default operation weight and key. +func (sm *SimulationManager) + +GetProposalContents(simState SimulationState) []simulation.WeightedProposalContent { + wContents := make([]simulation.WeightedProposalContent, 0, len(sm.Modules)) + for _, module := range sm.Modules { + if module, ok := module.(HasProposalContents); ok { + wContents = append(wContents, module.ProposalContents(simState)...) +} + +} + +return wContents +} + +// GetProposalMsgs returns each module's proposal msg generator function +// with their default operation weight and key. +func (sm *SimulationManager) + +GetProposalMsgs(simState SimulationState) []simulation.WeightedProposalMsg { + wContents := make([]simulation.WeightedProposalMsg, 0, len(sm.Modules)) + for _, module := range sm.Modules { + if module, ok := module.(HasProposalMsgs); ok { + wContents = append(wContents, module.ProposalMsgs(simState)...) +} + +} + +return wContents +} + +// RegisterStoreDecoders registers each of the modules' store decoders into a map +func (sm *SimulationManager) + +RegisterStoreDecoders() { + for _, module := range sm.Modules { + module.RegisterStoreDecoder(sm.StoreDecoders) +} +} + +// GenerateGenesisStates generates a randomized GenesisState for each of the +// registered modules +func (sm *SimulationManager) + +GenerateGenesisStates(simState *SimulationState) { + for _, module := range sm.Modules { + module.GenerateGenesisState(simState) +} +} + +// WeightedOperations returns all the modules' weighted operations of an application +func (sm *SimulationManager) + +WeightedOperations(simState SimulationState) []simulation.WeightedOperation { + wOps := make([]simulation.WeightedOperation, 0, len(sm.Modules)) + for _, module := range sm.Modules { + wOps = append(wOps, module.WeightedOperations(simState)...) +} + +return wOps +} + +// SimulationState is the input parameters used on each of the module's randomized +// GenesisState generator function +type SimulationState struct { + AppParams simulation.AppParams + Cdc codec.JSONCodec // application codec + TxConfig client.TxConfig // Shared TxConfig; this is expensive to create and stateless, so create it once up front. + Rand *rand.Rand // random number + GenState map[string]json.RawMessage // genesis state + Accounts []simulation.Account // simulation accounts + InitialStake sdkmath.Int // initial coins per account + NumBonded int64 // number of initially bonded accounts + BondDenom string // denom to be used as default + GenTimestamp time.Time // genesis timestamp + UnbondTime time.Duration // staking unbond time stored to use it as the slashing maximum evidence duration + LegacyParamChange []simulation.LegacyParamChange // simulated parameter changes from modules + //nolint:staticcheck // legacy used for testing + LegacyProposalContents []simulation.WeightedProposalContent // proposal content generator functions with their default weight and app sim key + ProposalMsgs []simulation.WeightedProposalMsg // proposal msg generator functions with their default weight and app sim key +} +``` + +See an example from `x/auth` [here](https://github.com/cosmos/cosmos-sdk/blob/main/x/auth/module.go#L169-L172). + +Once the module's genesis parameters are generated randomly (or with the key and +values defined in a `params` file), they are marshaled to JSON format and added +to the app genesis JSON for the simulation. + +## Random weighted operations + +Operations are one of the crucial parts of the Cosmos SDK simulation. They are the transactions +(`Msg`) that are simulated with random field values. The sender of the operation +is also assigned randomly. + +Operations on the simulation are simulated using the full [transaction cycle](/docs/sdk/vnext/learn/advanced/transactions) of a +`ABCI` application that exposes the `BaseApp`. + +### Using Simsx + +Simsx introduces the ability to define a `MsgFactory` for each of a module's messages. + +These factories are registered in `WeightedOperationsX` and/or `ProposalMsgsX`. + +```go expandable +package distribution + +import ( + + "context" + "encoding/json" + "fmt" + + gwruntime "github.com/grpc-ecosystem/grpc-gateway/runtime" + "github.com/spf13/cobra" + + modulev1 "cosmossdk.io/api/cosmos/distribution/module/v1" + "cosmossdk.io/core/address" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/core/store" + "cosmossdk.io/depinject" + + sdkclient "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + cdctypes "github.com/cosmos/cosmos-sdk/codec/types" + "github.com/cosmos/cosmos-sdk/testutil/simsx" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/module" + simtypes "github.com/cosmos/cosmos-sdk/types/simulation" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + "github.com/cosmos/cosmos-sdk/x/distribution/client/cli" + "github.com/cosmos/cosmos-sdk/x/distribution/exported" + "github.com/cosmos/cosmos-sdk/x/distribution/keeper" + "github.com/cosmos/cosmos-sdk/x/distribution/simulation" + "github.com/cosmos/cosmos-sdk/x/distribution/types" + govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" + staking "github.com/cosmos/cosmos-sdk/x/staking/types" +) + +// ConsensusVersion defines the current x/distribution module consensus version. +const ConsensusVersion = 3 + +var ( + _ module.AppModuleBasic = AppModule{ +} + _ module.AppModuleSimulation = AppModule{ +} + _ module.HasGenesis = AppModule{ +} + _ module.HasServices = AppModule{ +} + + _ appmodule.AppModule = AppModule{ +} + _ appmodule.HasBeginBlocker = AppModule{ +} +) + +// AppModuleBasic defines the basic application module used by the distribution module. +type AppModuleBasic struct { + cdc codec.Codec + ac address.Codec +} + +// Name returns the distribution module's name. +func (AppModuleBasic) + +Name() + +string { + return types.ModuleName +} + +// RegisterLegacyAminoCodec registers the distribution module's types for the given codec. +func (AppModuleBasic) + +RegisterLegacyAminoCodec(cdc *codec.LegacyAmino) { + types.RegisterLegacyAminoCodec(cdc) +} + +// DefaultGenesis returns default genesis state as raw bytes for the distribution +// module. +func (AppModuleBasic) + +DefaultGenesis(cdc codec.JSONCodec) + +json.RawMessage { + return cdc.MustMarshalJSON(types.DefaultGenesisState()) +} + +// ValidateGenesis performs genesis state validation for the distribution module. +func (AppModuleBasic) + +ValidateGenesis(cdc codec.JSONCodec, _ sdkclient.TxEncodingConfig, bz json.RawMessage) + +error { + var data types.GenesisState + if err := cdc.UnmarshalJSON(bz, &data); err != nil { + return fmt.Errorf("failed to unmarshal %s genesis state: %w", types.ModuleName, err) +} + +return types.ValidateGenesis(&data) +} + +// RegisterGRPCGatewayRoutes registers the gRPC Gateway routes for the distribution module. +func (AppModuleBasic) + +RegisterGRPCGatewayRoutes(clientCtx sdkclient.Context, mux *gwruntime.ServeMux) { + if err := types.RegisterQueryHandlerClient(context.Background(), mux, types.NewQueryClient(clientCtx)); err != nil { + panic(err) +} +} + +// GetTxCmd returns the root tx command for the distribution module. +func (ab AppModuleBasic) + +GetTxCmd() *cobra.Command { + return cli.NewTxCmd(ab.cdc.InterfaceRegistry().SigningContext().ValidatorAddressCodec(), ab.cdc.InterfaceRegistry().SigningContext().AddressCodec()) +} + +// RegisterInterfaces implements InterfaceModule +func (AppModuleBasic) + +RegisterInterfaces(registry cdctypes.InterfaceRegistry) { + types.RegisterInterfaces(registry) +} + +// AppModule implements an application module for the distribution module. +type AppModule struct { + AppModuleBasic + + keeper keeper.Keeper + accountKeeper types.AccountKeeper + bankKeeper types.BankKeeper + stakingKeeper types.StakingKeeper + + // legacySubspace is used solely for migration of x/params managed parameters + legacySubspace exported.Subspace +} + +// NewAppModule creates a new AppModule object +func NewAppModule( + cdc codec.Codec, keeper keeper.Keeper, accountKeeper types.AccountKeeper, + bankKeeper types.BankKeeper, stakingKeeper types.StakingKeeper, ss exported.Subspace, +) + +AppModule { + return AppModule{ + AppModuleBasic: AppModuleBasic{ + cdc: cdc, ac: accountKeeper.AddressCodec() +}, + keeper: keeper, + accountKeeper: accountKeeper, + bankKeeper: bankKeeper, + stakingKeeper: stakingKeeper, + legacySubspace: ss, +} +} + +// IsOnePerModuleType implements the depinject.OnePerModuleType interface. +func (am AppModule) + +IsOnePerModuleType() { +} + +// IsAppModule implements the appmodule.AppModule interface. +func (am AppModule) + +IsAppModule() { +} + +// RegisterServices registers module services. +func (am AppModule) + +RegisterServices(cfg module.Configurator) { + types.RegisterMsgServer(cfg.MsgServer(), keeper.NewMsgServerImpl(am.keeper)) + +types.RegisterQueryServer(cfg.QueryServer(), keeper.NewQuerier(am.keeper)) + m := keeper.NewMigrator(am.keeper, am.legacySubspace) + if err := cfg.RegisterMigration(types.ModuleName, 1, m.Migrate1to2); err != nil { + panic(fmt.Sprintf("failed to migrate x/%s from version 1 to 2: %v", types.ModuleName, err)) +} + if err := cfg.RegisterMigration(types.ModuleName, 2, m.Migrate2to3); err != nil { + panic(fmt.Sprintf("failed to migrate x/%s from version 2 to 3: %v", types.ModuleName, err)) +} +} + +// InitGenesis performs genesis initialization for the distribution module. It returns +// no validator updates. +func (am AppModule) + +InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, data json.RawMessage) { + var genesisState types.GenesisState + cdc.MustUnmarshalJSON(data, &genesisState) + +am.keeper.InitGenesis(ctx, genesisState) +} + +// ExportGenesis returns the exported genesis state as raw bytes for the distribution +// module. +func (am AppModule) + +ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec) + +json.RawMessage { + gs := am.keeper.ExportGenesis(ctx) + +return cdc.MustMarshalJSON(gs) +} + +// ConsensusVersion implements AppModule/ConsensusVersion. +func (AppModule) + +ConsensusVersion() + +uint64 { + return ConsensusVersion +} + +// BeginBlock returns the begin blocker for the distribution module. +func (am AppModule) + +BeginBlock(ctx context.Context) + +error { + c := sdk.UnwrapSDKContext(ctx) + +return BeginBlocker(c, am.keeper) +} + +// AppModuleSimulation functions + +// GenerateGenesisState creates a randomized GenState of the distribution module. +func (AppModule) + +GenerateGenesisState(simState *module.SimulationState) { + simulation.RandomizedGenState(simState) +} + +// ProposalMsgs returns msgs used for governance proposals for simulations. +// migrate to ProposalMsgsX. This method is ignored when ProposalMsgsX exists and will be removed in the future. +func (AppModule) + +ProposalMsgs(_ module.SimulationState) []simtypes.WeightedProposalMsg { + return simulation.ProposalMsgs() +} + +// RegisterStoreDecoder registers a decoder for distribution module's types +func (am AppModule) + +RegisterStoreDecoder(sdr simtypes.StoreDecoderRegistry) { + sdr[types.StoreKey] = simulation.NewDecodeStore(am.cdc) +} + +// WeightedOperations returns the all the gov module operations with their respective weights. +// migrate to WeightedOperationsX. This method is ignored when WeightedOperationsX exists and will be removed in the future +func (am AppModule) + +WeightedOperations(simState module.SimulationState) []simtypes.WeightedOperation { + return simulation.WeightedOperations( + simState.AppParams, simState.Cdc, simState.TxConfig, + am.accountKeeper, am.bankKeeper, am.keeper, am.stakingKeeper, + ) +} + +// ProposalMsgsX registers governance proposal messages in the simulation registry. +func (AppModule) + +ProposalMsgsX(weights simsx.WeightSource, reg simsx.Registry) { + reg.Add(weights.Get("msg_update_params", 100), simulation.MsgUpdateParamsFactory()) +} + +// WeightedOperationsX registers weighted distribution module operations for simulation. +func (am AppModule) + +WeightedOperationsX(weights simsx.WeightSource, reg simsx.Registry) { + reg.Add(weights.Get("msg_set_withdraw_address", 50), simulation.MsgSetWithdrawAddressFactory(am.keeper)) + +reg.Add(weights.Get("msg_withdraw_delegation_reward", 50), simulation.MsgWithdrawDelegatorRewardFactory(am.keeper, am.stakingKeeper)) + +reg.Add(weights.Get("msg_withdraw_validator_commission", 50), simulation.MsgWithdrawValidatorCommissionFactory(am.keeper, am.stakingKeeper)) +} + +// +// App Wiring Setup +// + +func init() { + appmodule.Register(&modulev1.Module{ +}, + appmodule.Provide(ProvideModule), + ) +} + +type ModuleInputs struct { + depinject.In + + Config *modulev1.Module + StoreService store.KVStoreService + Cdc codec.Codec + + AccountKeeper types.AccountKeeper + BankKeeper types.BankKeeper + StakingKeeper types.StakingKeeper + ExternalPoolKeeper types.ExternalCommunityPoolKeeper `optional:"true"` + + // LegacySubspace is used solely for migration of x/params managed parameters + LegacySubspace exported.Subspace `optional:"true"` +} + +type ModuleOutputs struct { + depinject.Out + + DistrKeeper keeper.Keeper + Module appmodule.AppModule + Hooks staking.StakingHooksWrapper +} + +func ProvideModule(in ModuleInputs) + +ModuleOutputs { + feeCollectorName := in.Config.FeeCollectorName + if feeCollectorName == "" { + feeCollectorName = authtypes.FeeCollectorName +} + + // default to governance authority if not provided + authority := authtypes.NewModuleAddress(govtypes.ModuleName) + if in.Config.Authority != "" { + authority = authtypes.NewModuleAddressOrBech32Address(in.Config.Authority) +} + +var opts []keeper.InitOption + if in.ExternalPoolKeeper != nil { + opts = append(opts, keeper.WithExternalCommunityPool(in.ExternalPoolKeeper)) +} + k := keeper.NewKeeper( + in.Cdc, + in.StoreService, + in.AccountKeeper, + in.BankKeeper, + in.StakingKeeper, + feeCollectorName, + authority.String(), + opts..., + ) + m := NewAppModule(in.Cdc, k, in.AccountKeeper, in.BankKeeper, in.StakingKeeper, in.LegacySubspace) + +return ModuleOutputs{ + DistrKeeper: k, + Module: m, + Hooks: staking.StakingHooksWrapper{ + StakingHooks: k.Hooks() +}, +} +} +``` + +Note that the name passed in to `weights.Get` must match the name of the operation set in the `WeightedOperations`. + +For example, if the module contains an operation `op_weight_msg_set_withdraw_address`, the name passed to `weights.Get` should be `msg_set_withdraw_address`. + +See the `x/distribution` for an example of implementing message factories [here](https://github.com/cosmos/cosmos-sdk/blob/main/x/distribution/simulation/msg_factory.go) + +## App Simulator manager + +The following step is setting up the `SimulatorManager` at the app level. This +is required for the simulation test files in the next step. + +```go +type CoolApp struct { +... +sm *module.SimulationManager +} +``` + +Within the constructor of the application, construct the simulation manager using the modules from `ModuleManager` and call the `RegisterStoreDecoders` method. + +```go expandable +//go:build app_v1 + +package simapp + +import ( + + "encoding/json" + "fmt" + "io" + "maps" + + abci "github.com/cometbft/cometbft/abci/types" + dbm "github.com/cosmos/cosmos-db" + "github.com/cosmos/gogoproto/proto" + "github.com/spf13/cast" + + autocliv1 "cosmossdk.io/api/cosmos/autocli/v1" + reflectionv1 "cosmossdk.io/api/cosmos/reflection/v1" + "cosmossdk.io/client/v2/autocli" + clienthelpers "cosmossdk.io/client/v2/helpers" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/log" + storetypes "cosmossdk.io/store/types" + "cosmossdk.io/x/tx/signing" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/client/flags" + "github.com/cosmos/cosmos-sdk/client/grpc/cmtservice" + nodeservice "github.com/cosmos/cosmos-sdk/client/grpc/node" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/address" + "github.com/cosmos/cosmos-sdk/codec/types" + "github.com/cosmos/cosmos-sdk/runtime" + runtimeservices "github.com/cosmos/cosmos-sdk/runtime/services" + "github.com/cosmos/cosmos-sdk/server" + "github.com/cosmos/cosmos-sdk/server/api" + "github.com/cosmos/cosmos-sdk/server/config" + servertypes "github.com/cosmos/cosmos-sdk/server/types" + "github.com/cosmos/cosmos-sdk/std" + testdata_pulsar "github.com/cosmos/cosmos-sdk/testutil/testdata/testpb" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/module" + sigtypes "github.com/cosmos/cosmos-sdk/types/tx/signing" + "github.com/cosmos/cosmos-sdk/version" + "github.com/cosmos/cosmos-sdk/x/auth" + "github.com/cosmos/cosmos-sdk/x/auth/ante" + authcodec "github.com/cosmos/cosmos-sdk/x/auth/codec" + authkeeper "github.com/cosmos/cosmos-sdk/x/auth/keeper" + "github.com/cosmos/cosmos-sdk/x/auth/posthandler" + authsims "github.com/cosmos/cosmos-sdk/x/auth/simulation" + "github.com/cosmos/cosmos-sdk/x/auth/tx" + authtx "github.com/cosmos/cosmos-sdk/x/auth/tx" + txmodule "github.com/cosmos/cosmos-sdk/x/auth/tx/config" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + "github.com/cosmos/cosmos-sdk/x/auth/vesting" + vestingtypes "github.com/cosmos/cosmos-sdk/x/auth/vesting/types" + "github.com/cosmos/cosmos-sdk/x/authz" + authzkeeper "github.com/cosmos/cosmos-sdk/x/authz/keeper" + authzmodule "github.com/cosmos/cosmos-sdk/x/authz/module" + "github.com/cosmos/cosmos-sdk/x/bank" + bankkeeper "github.com/cosmos/cosmos-sdk/x/bank/keeper" + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" + consensus "github.com/cosmos/cosmos-sdk/x/consensus" + consensusparamkeeper "github.com/cosmos/cosmos-sdk/x/consensus/keeper" + consensusparamtypes "github.com/cosmos/cosmos-sdk/x/consensus/types" + distr "github.com/cosmos/cosmos-sdk/x/distribution" + distrkeeper "github.com/cosmos/cosmos-sdk/x/distribution/keeper" + distrtypes "github.com/cosmos/cosmos-sdk/x/distribution/types" + "github.com/cosmos/cosmos-sdk/x/epochs" + epochskeeper "github.com/cosmos/cosmos-sdk/x/epochs/keeper" + epochstypes "github.com/cosmos/cosmos-sdk/x/epochs/types" + "github.com/cosmos/cosmos-sdk/x/evidence" + evidencekeeper "github.com/cosmos/cosmos-sdk/x/evidence/keeper" + evidencetypes "github.com/cosmos/cosmos-sdk/x/evidence/types" + "github.com/cosmos/cosmos-sdk/x/feegrant" + feegrantkeeper "github.com/cosmos/cosmos-sdk/x/feegrant/keeper" + feegrantmodule "github.com/cosmos/cosmos-sdk/x/feegrant/module" + "github.com/cosmos/cosmos-sdk/x/genutil" + genutiltypes "github.com/cosmos/cosmos-sdk/x/genutil/types" + "github.com/cosmos/cosmos-sdk/x/gov" + govclient "github.com/cosmos/cosmos-sdk/x/gov/client" + govkeeper "github.com/cosmos/cosmos-sdk/x/gov/keeper" + govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" + govv1beta1 "github.com/cosmos/cosmos-sdk/x/gov/types/v1beta1" + "github.com/cosmos/cosmos-sdk/x/mint" + mintkeeper "github.com/cosmos/cosmos-sdk/x/mint/keeper" + minttypes "github.com/cosmos/cosmos-sdk/x/mint/types" + "github.com/cosmos/cosmos-sdk/x/protocolpool" + protocolpoolkeeper "github.com/cosmos/cosmos-sdk/x/protocolpool/keeper" + protocolpooltypes "github.com/cosmos/cosmos-sdk/x/protocolpool/types" + "github.com/cosmos/cosmos-sdk/x/slashing" + slashingkeeper "github.com/cosmos/cosmos-sdk/x/slashing/keeper" + slashingtypes "github.com/cosmos/cosmos-sdk/x/slashing/types" + "github.com/cosmos/cosmos-sdk/x/staking" + stakingkeeper "github.com/cosmos/cosmos-sdk/x/staking/keeper" + stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types" + "github.com/cosmos/cosmos-sdk/x/upgrade" + upgradekeeper "github.com/cosmos/cosmos-sdk/x/upgrade/keeper" + upgradetypes "github.com/cosmos/cosmos-sdk/x/upgrade/types" +) + +const appName = "SimApp" + +var ( + // DefaultNodeHome default home directories for the application daemon + DefaultNodeHome string + + // module account permissions + maccPerms = map[string][]string{ + authtypes.FeeCollectorName: nil, + distrtypes.ModuleName: nil, + minttypes.ModuleName: { + authtypes.Minter +}, + stakingtypes.BondedPoolName: { + authtypes.Burner, authtypes.Staking +}, + stakingtypes.NotBondedPoolName: { + authtypes.Burner, authtypes.Staking +}, + govtypes.ModuleName: { + authtypes.Burner +}, + protocolpooltypes.ModuleName: nil, + protocolpooltypes.ProtocolPoolEscrowAccount: nil +} +) + +var ( + _ runtime.AppI = (*SimApp)(nil) + _ servertypes.Application = (*SimApp)(nil) +) + +// SimApp extends an ABCI application, but with most of its parameters exported. +// They are exported for convenience in creating helper functions, as object +// capabilities aren't needed for testing. +type SimApp struct { + *baseapp.BaseApp + legacyAmino *codec.LegacyAmino + appCodec codec.Codec + txConfig client.TxConfig + interfaceRegistry types.InterfaceRegistry + + // keys to access the substores + keys map[string]*storetypes.KVStoreKey + + // essential keepers + AccountKeeper authkeeper.AccountKeeper + BankKeeper bankkeeper.BaseKeeper + StakingKeeper *stakingkeeper.Keeper + SlashingKeeper slashingkeeper.Keeper + MintKeeper mintkeeper.Keeper + DistrKeeper distrkeeper.Keeper + GovKeeper govkeeper.Keeper + UpgradeKeeper *upgradekeeper.Keeper + EvidenceKeeper evidencekeeper.Keeper + ConsensusParamsKeeper consensusparamkeeper.Keeper + + // supplementary keepers + FeeGrantKeeper feegrantkeeper.Keeper + AuthzKeeper authzkeeper.Keeper + EpochsKeeper epochskeeper.Keeper + ProtocolPoolKeeper protocolpoolkeeper.Keeper + + // the module manager + ModuleManager *module.Manager + BasicModuleManager module.BasicManager + + // simulation manager + sm *module.SimulationManager + + // module configurator + configurator module.Configurator +} + +func init() { + var err error + DefaultNodeHome, err = clienthelpers.GetNodeHomeDirectory(".simapp") + if err != nil { + panic(err) +} +} + +// NewSimApp returns a reference to an initialized SimApp. +func NewSimApp( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), +) *SimApp { + interfaceRegistry, _ := types.NewInterfaceRegistryWithOptions(types.InterfaceRegistryOptions{ + ProtoFiles: proto.HybridResolver, + SigningOptions: signing.Options{ + AddressCodec: address.Bech32Codec{ + Bech32Prefix: sdk.GetConfig().GetBech32AccountAddrPrefix(), +}, + ValidatorAddressCodec: address.Bech32Codec{ + Bech32Prefix: sdk.GetConfig().GetBech32ValidatorAddrPrefix(), +}, +}, +}) + appCodec := codec.NewProtoCodec(interfaceRegistry) + legacyAmino := codec.NewLegacyAmino() + txConfig := tx.NewTxConfig(appCodec, tx.DefaultSignModes) + if err := interfaceRegistry.SigningContext().Validate(); err != nil { + panic(err) +} + +std.RegisterLegacyAminoCodec(legacyAmino) + +std.RegisterInterfaces(interfaceRegistry) + + // Below we could construct and set an application specific mempool and + // ABCI 1.0 PrepareProposal and ProcessProposal handlers. These defaults are + // already set in the SDK's BaseApp, this shows an example of how to override + // them. + // + // Example: + // + // bApp := baseapp.NewBaseApp(...) + // nonceMempool := mempool.NewSenderNonceMempool() + // abciPropHandler := NewDefaultProposalHandler(nonceMempool, bApp) + // + // bApp.SetMempool(nonceMempool) + // bApp.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // bApp.SetProcessProposal(abciPropHandler.ProcessProposalHandler()) + // + // Alternatively, you can construct BaseApp options, append those to + // baseAppOptions and pass them to NewBaseApp. + // + // Example: + // + // prepareOpt = func(app *baseapp.BaseApp) { + // abciPropHandler := baseapp.NewDefaultProposalHandler(nonceMempool, app) + // app.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // +} + // baseAppOptions = append(baseAppOptions, prepareOpt) + + // create and set dummy vote extension handler + voteExtOp := func(bApp *baseapp.BaseApp) { + voteExtHandler := NewVoteExtensionHandler() + +voteExtHandler.SetHandlers(bApp) +} + +baseAppOptions = append(baseAppOptions, voteExtOp, baseapp.SetOptimisticExecution()) + bApp := baseapp.NewBaseApp(appName, logger, db, txConfig.TxDecoder(), baseAppOptions...) + +bApp.SetCommitMultiStoreTracer(traceStore) + +bApp.SetVersion(version.Version) + +bApp.SetInterfaceRegistry(interfaceRegistry) + +bApp.SetTxEncoder(txConfig.TxEncoder()) + keys := storetypes.NewKVStoreKeys( + authtypes.StoreKey, + banktypes.StoreKey, + stakingtypes.StoreKey, + minttypes.StoreKey, + distrtypes.StoreKey, + slashingtypes.StoreKey, + govtypes.StoreKey, + consensusparamtypes.StoreKey, + upgradetypes.StoreKey, + feegrant.StoreKey, + evidencetypes.StoreKey, + authzkeeper.StoreKey, + epochstypes.StoreKey, + protocolpooltypes.StoreKey, + ) + + // register streaming services + if err := bApp.RegisterStreamingServices(appOpts, keys); err != nil { + panic(err) +} + app := &SimApp{ + BaseApp: bApp, + legacyAmino: legacyAmino, + appCodec: appCodec, + txConfig: txConfig, + interfaceRegistry: interfaceRegistry, + keys: keys, +} + + // set the BaseApp's parameter store + app.ConsensusParamsKeeper = consensusparamkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[consensusparamtypes.StoreKey]), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + runtime.EventService{ +}, + ) + +bApp.SetParamStore(app.ConsensusParamsKeeper.ParamsStore) + + // add keepers + app.AccountKeeper = authkeeper.NewAccountKeeper( + appCodec, + runtime.NewKVStoreService(keys[authtypes.StoreKey]), + authtypes.ProtoBaseAccount, + maccPerms, + authcodec.NewBech32Codec(sdk.Bech32MainPrefix), + sdk.Bech32MainPrefix, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + authkeeper.WithUnorderedTransactions(true), + ) + +app.BankKeeper = bankkeeper.NewBaseKeeper( + appCodec, + runtime.NewKVStoreService(keys[banktypes.StoreKey]), + app.AccountKeeper, + BlockedAddresses(), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + logger, + ) + + // optional: enable sign mode textual by overwriting the default tx config (after setting the bank keeper) + enabledSignModes := append(tx.DefaultSignModes, sigtypes.SignMode_SIGN_MODE_TEXTUAL) + txConfigOpts := tx.ConfigOptions{ + EnabledSignModes: enabledSignModes, + TextualCoinMetadataQueryFn: txmodule.NewBankKeeperCoinMetadataQueryFn(app.BankKeeper), +} + +txConfig, err := tx.NewTxConfigWithOptions( + appCodec, + txConfigOpts, + ) + if err != nil { + panic(err) +} + +app.txConfig = txConfig + + app.StakingKeeper = stakingkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[stakingtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + authcodec.NewBech32Codec(sdk.Bech32PrefixValAddr), + authcodec.NewBech32Codec(sdk.Bech32PrefixConsAddr), + ) + +app.MintKeeper = mintkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[minttypes.StoreKey]), + app.StakingKeeper, + app.AccountKeeper, + app.BankKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + // mintkeeper.WithMintFn(mintkeeper.DefaultMintFn(minttypes.DefaultInflationCalculationFn)), custom mintFn can be added here + ) + +app.ProtocolPoolKeeper = protocolpoolkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[protocolpooltypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + +app.DistrKeeper = distrkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[distrtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + app.StakingKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + distrkeeper.WithExternalCommunityPool(app.ProtocolPoolKeeper), + ) + +app.SlashingKeeper = slashingkeeper.NewKeeper( + appCodec, + legacyAmino, + runtime.NewKVStoreService(keys[slashingtypes.StoreKey]), + app.StakingKeeper, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + +app.FeeGrantKeeper = feegrantkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[feegrant.StoreKey]), + app.AccountKeeper, + ) + + // register the staking hooks + // NOTE: stakingKeeper above is passed by reference, so that it will contain these hooks + app.StakingKeeper.SetHooks( + stakingtypes.NewMultiStakingHooks( + app.DistrKeeper.Hooks(), + app.SlashingKeeper.Hooks(), + ), + ) + +app.AuthzKeeper = authzkeeper.NewKeeper( + runtime.NewKVStoreService(keys[authzkeeper.StoreKey]), + appCodec, + app.MsgServiceRouter(), + app.AccountKeeper, + ) + + // get skipUpgradeHeights from the app options + skipUpgradeHeights := map[int64]bool{ +} + for _, h := range cast.ToIntSlice(appOpts.Get(server.FlagUnsafeSkipUpgrades)) { + skipUpgradeHeights[int64(h)] = true +} + homePath := cast.ToString(appOpts.Get(flags.FlagHome)) + // set the governance module account as the authority for conducting upgrades + app.UpgradeKeeper = upgradekeeper.NewKeeper( + skipUpgradeHeights, + runtime.NewKVStoreService(keys[upgradetypes.StoreKey]), + appCodec, + homePath, + app.BaseApp, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + + // Register the proposal types + // Deprecated: Avoid adding new handlers, instead use the new proposal flow + // by granting the governance module the right to execute the message. + // See: https://docs.cosmos.network/main/modules/gov#proposal-messages + govRouter := govv1beta1.NewRouter() + +govRouter.AddRoute(govtypes.RouterKey, govv1beta1.ProposalHandler) + govConfig := govtypes.DefaultConfig() + /* + Example of setting gov params: + govConfig.MaxMetadataLen = 10000 + */ + govKeeper := govkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[govtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + app.StakingKeeper, + app.DistrKeeper, + app.MsgServiceRouter(), + govConfig, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + // govkeeper.WithCustomCalculateVoteResultsAndVotingPowerFn(...), // Add if you want to use a custom vote calculation function. + ) + + // Set legacy router for backwards compatibility with gov v1beta1 + govKeeper.SetLegacyRouter(govRouter) + +app.GovKeeper = *govKeeper.SetHooks( + govtypes.NewMultiGovHooks( + // register the governance hooks + ), + ) + + // create evidence keeper with router + evidenceKeeper := evidencekeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[evidencetypes.StoreKey]), + app.StakingKeeper, + app.SlashingKeeper, + app.AccountKeeper.AddressCodec(), + runtime.ProvideCometInfoService(), + ) + // If evidence needs to be handled for the app, set routes in router here and seal + app.EvidenceKeeper = *evidenceKeeper + + app.EpochsKeeper = epochskeeper.NewKeeper( + runtime.NewKVStoreService(keys[epochstypes.StoreKey]), + appCodec, + ) + +app.EpochsKeeper.SetHooks( + epochstypes.NewMultiEpochHooks( + // insert epoch hooks receivers here + ), + ) + + /**** Module Options ****/ + + // NOTE: Any module instantiated in the module manager that is later modified + // must be passed by reference here. + app.ModuleManager = module.NewManager( + genutil.NewAppModule( + app.AccountKeeper, app.StakingKeeper, app, + txConfig, + ), + auth.NewAppModule(appCodec, app.AccountKeeper, authsims.RandomGenesisAccounts, nil), + vesting.NewAppModule(app.AccountKeeper, app.BankKeeper), + bank.NewAppModule(appCodec, app.BankKeeper, app.AccountKeeper, nil), + feegrantmodule.NewAppModule(appCodec, app.AccountKeeper, app.BankKeeper, app.FeeGrantKeeper, app.interfaceRegistry), + gov.NewAppModule(appCodec, &app.GovKeeper, app.AccountKeeper, app.BankKeeper, nil), + mint.NewAppModule(appCodec, app.MintKeeper, app.AccountKeeper, nil, nil), + slashing.NewAppModule(appCodec, app.SlashingKeeper, app.AccountKeeper, app.BankKeeper, app.StakingKeeper, nil, app.interfaceRegistry), + distr.NewAppModule(appCodec, app.DistrKeeper, app.AccountKeeper, app.BankKeeper, app.StakingKeeper, nil), + staking.NewAppModule(appCodec, app.StakingKeeper, app.AccountKeeper, app.BankKeeper, nil), + upgrade.NewAppModule(app.UpgradeKeeper, app.AccountKeeper.AddressCodec()), + evidence.NewAppModule(app.EvidenceKeeper), + authzmodule.NewAppModule(appCodec, app.AuthzKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry), + consensus.NewAppModule(appCodec, app.ConsensusParamsKeeper), + epochs.NewAppModule(app.EpochsKeeper), + protocolpool.NewAppModule(app.ProtocolPoolKeeper, app.AccountKeeper, app.BankKeeper), + ) + + // BasicModuleManager defines the module BasicManager is in charge of setting up basic, + // non-dependent module elements, such as codec registration and genesis verification. + // By default it is composed of all the module from the module manager. + // Additionally, app module basics can be overwritten by passing them as argument. + app.BasicModuleManager = module.NewBasicManagerFromManager( + app.ModuleManager, + map[string]module.AppModuleBasic{ + genutiltypes.ModuleName: genutil.NewAppModuleBasic(genutiltypes.DefaultMessageValidator), + govtypes.ModuleName: gov.NewAppModuleBasic( + []govclient.ProposalHandler{ +}, + ), +}) + +app.BasicModuleManager.RegisterLegacyAminoCodec(legacyAmino) + +app.BasicModuleManager.RegisterInterfaces(interfaceRegistry) + + // NOTE: upgrade module is required to be prioritized + app.ModuleManager.SetOrderPreBlockers( + upgradetypes.ModuleName, + authtypes.ModuleName, + ) + // During begin block slashing happens after distr.BeginBlocker so that + // there is nothing left over in the validator fee pool, so as to keep the + // CanWithdrawInvariant invariant. + // NOTE: staking module is required if HistoricalEntries param > 0 + app.ModuleManager.SetOrderBeginBlockers( + minttypes.ModuleName, + distrtypes.ModuleName, + protocolpooltypes.ModuleName, + slashingtypes.ModuleName, + evidencetypes.ModuleName, + stakingtypes.ModuleName, + genutiltypes.ModuleName, + authz.ModuleName, + epochstypes.ModuleName, + ) + +app.ModuleManager.SetOrderEndBlockers( + govtypes.ModuleName, + stakingtypes.ModuleName, + genutiltypes.ModuleName, + feegrant.ModuleName, + protocolpooltypes.ModuleName, + ) + + // NOTE: The genutils module must occur after staking so that pools are + // properly initialized with tokens from genesis accounts. + // NOTE: The genutils module must also occur after auth so that it can access the params from auth. + genesisModuleOrder := []string{ + authtypes.ModuleName, + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + consensusparamtypes.ModuleName, + epochstypes.ModuleName, + protocolpooltypes.ModuleName, +} + exportModuleOrder := []string{ + consensusparamtypes.ModuleName, + authtypes.ModuleName, + protocolpooltypes.ModuleName, // Must be exported before bank + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + epochstypes.ModuleName, +} + +app.ModuleManager.SetOrderInitGenesis(genesisModuleOrder...) + +app.ModuleManager.SetOrderExportGenesis(exportModuleOrder...) + + // Uncomment if you want to set a custom migration order here. + // app.ModuleManager.SetOrderMigrations(custom order) + +app.configurator = module.NewConfigurator(app.appCodec, app.MsgServiceRouter(), app.GRPCQueryRouter()) + +err = app.ModuleManager.RegisterServices(app.configurator) + if err != nil { + panic(err) +} + + // RegisterUpgradeHandlers is used for registering any on-chain upgrades. + // Make sure it's called after `app.ModuleManager` and `app.configurator` are set. + app.RegisterUpgradeHandlers() + +autocliv1.RegisterQueryServer(app.GRPCQueryRouter(), runtimeservices.NewAutoCLIQueryService(app.ModuleManager.Modules)) + +reflectionSvc, err := runtimeservices.NewReflectionService() + if err != nil { + panic(err) +} + +reflectionv1.RegisterReflectionServiceServer(app.GRPCQueryRouter(), reflectionSvc) + + // add test gRPC service for testing gRPC queries in isolation + testdata_pulsar.RegisterQueryServer(app.GRPCQueryRouter(), testdata_pulsar.QueryImpl{ +}) + + // create the simulation manager and define the order of the modules for deterministic simulations + // + // NOTE: this is not required apps that don't use the simulator for fuzz testing + // transactions + overrideModules := map[string]module.AppModuleSimulation{ + authtypes.ModuleName: auth.NewAppModule(app.appCodec, app.AccountKeeper, authsims.RandomGenesisAccounts, nil), +} + +app.sm = module.NewSimulationManagerFromAppModules(app.ModuleManager.Modules, overrideModules) + +app.sm.RegisterStoreDecoders() + + // initialize stores + app.MountKVStores(keys) + + // initialize BaseApp + app.SetInitChainer(app.InitChainer) + +app.SetPreBlocker(app.PreBlocker) + +app.SetBeginBlocker(app.BeginBlocker) + +app.SetEndBlocker(app.EndBlocker) + +app.setAnteHandler(txConfig) + + // In v0.46, the SDK introduces _postHandlers_. PostHandlers are like + // antehandlers, but are run _after_ the `runMsgs` execution. They are also + // defined as a chain, and have the same signature as antehandlers. + // + // In baseapp, postHandlers are run in the same store branch as `runMsgs`, + // meaning that both `runMsgs` and `postHandler` state will be committed if + // both are successful, and both will be reverted if any of the two fails. + // + // The SDK exposes a default postHandlers chain + // + // Please note that changing any of the anteHandler or postHandler chain is + // likely to be a state-machine breaking change, which needs a coordinated + // upgrade. + app.setPostHandler() + if loadLatest { + if err := app.LoadLatestVersion(); err != nil { + panic(fmt.Errorf("error loading last version: %w", err)) +} + +} + +return app +} + +func (app *SimApp) + +setAnteHandler(txConfig client.TxConfig) { + anteHandler, err := ante.NewAnteHandler( + ante.HandlerOptions{ + AccountKeeper: app.AccountKeeper, + BankKeeper: app.BankKeeper, + SignModeHandler: txConfig.SignModeHandler(), + FeegrantKeeper: app.FeeGrantKeeper, + SigGasConsumer: ante.DefaultSigVerificationGasConsumer, + SigVerifyOptions: []ante.SigVerificationDecoratorOption{ + // change below as needed. + ante.WithUnorderedTxGasCost(ante.DefaultUnorderedTxGasCost), + ante.WithMaxUnorderedTxTimeoutDuration(ante.DefaultMaxTimeoutDuration), +}, +}, + ) + if err != nil { + panic(err) +} + + // Set the AnteHandler for the app + app.SetAnteHandler(anteHandler) +} + +func (app *SimApp) + +setPostHandler() { + postHandler, err := posthandler.NewPostHandler( + posthandler.HandlerOptions{ +}, + ) + if err != nil { + panic(err) +} + +app.SetPostHandler(postHandler) +} + +// Name returns the name of the App +func (app *SimApp) + +Name() + +string { + return app.BaseApp.Name() +} + +// PreBlocker application updates every pre block +func (app *SimApp) + +PreBlocker(ctx sdk.Context, _ *abci.RequestFinalizeBlock) (*sdk.ResponsePreBlock, error) { + return app.ModuleManager.PreBlock(ctx) +} + +// BeginBlocker application updates every begin block +func (app *SimApp) + +BeginBlocker(ctx sdk.Context) (sdk.BeginBlock, error) { + return app.ModuleManager.BeginBlock(ctx) +} + +// EndBlocker application updates every end block +func (app *SimApp) + +EndBlocker(ctx sdk.Context) (sdk.EndBlock, error) { + return app.ModuleManager.EndBlock(ctx) +} + +func (a *SimApp) + +Configurator() + +module.Configurator { + return a.configurator +} + +// InitChainer application update at chain initialization +func (app *SimApp) + +InitChainer(ctx sdk.Context, req *abci.RequestInitChain) (*abci.ResponseInitChain, error) { + var genesisState GenesisState + if err := json.Unmarshal(req.AppStateBytes, &genesisState); err != nil { + panic(err) +} + +app.UpgradeKeeper.SetModuleVersionMap(ctx, app.ModuleManager.GetVersionMap()) + +return app.ModuleManager.InitGenesis(ctx, app.appCodec, genesisState) +} + +// LoadHeight loads a particular height +func (app *SimApp) + +LoadHeight(height int64) + +error { + return app.LoadVersion(height) +} + +// LegacyAmino returns SimApp's amino codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +LegacyAmino() *codec.LegacyAmino { + return app.legacyAmino +} + +// AppCodec returns SimApp's app codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +AppCodec() + +codec.Codec { + return app.appCodec +} + +// InterfaceRegistry returns SimApp's InterfaceRegistry +func (app *SimApp) + +InterfaceRegistry() + +types.InterfaceRegistry { + return app.interfaceRegistry +} + +// TxConfig returns SimApp's TxConfig +func (app *SimApp) + +TxConfig() + +client.TxConfig { + return app.txConfig +} + +// AutoCliOpts returns the autocli options for the app. +func (app *SimApp) + +AutoCliOpts() + +autocli.AppOptions { + modules := make(map[string]appmodule.AppModule, 0) + for _, m := range app.ModuleManager.Modules { + if moduleWithName, ok := m.(module.HasName); ok { + moduleName := moduleWithName.Name() + if appModule, ok := moduleWithName.(appmodule.AppModule); ok { + modules[moduleName] = appModule +} + +} + +} + +return autocli.AppOptions{ + Modules: modules, + ModuleOptions: runtimeservices.ExtractAutoCLIOptions(app.ModuleManager.Modules), + AddressCodec: authcodec.NewBech32Codec(sdk.GetConfig().GetBech32AccountAddrPrefix()), + ValidatorAddressCodec: authcodec.NewBech32Codec(sdk.GetConfig().GetBech32ValidatorAddrPrefix()), + ConsensusAddressCodec: authcodec.NewBech32Codec(sdk.GetConfig().GetBech32ConsensusAddrPrefix()), +} +} + +// DefaultGenesis returns a default genesis from the registered AppModuleBasic's. +func (a *SimApp) + +DefaultGenesis() + +map[string]json.RawMessage { + return a.BasicModuleManager.DefaultGenesis(a.appCodec) +} + +// GetKey returns the KVStoreKey for the provided store key. +// +// NOTE: This is solely to be used for testing purposes. +func (app *SimApp) + +GetKey(storeKey string) *storetypes.KVStoreKey { + return app.keys[storeKey] +} + +// GetStoreKeys returns all the stored store keys. +func (app *SimApp) + +GetStoreKeys() []storetypes.StoreKey { + keys := make([]storetypes.StoreKey, 0, len(app.keys)) + for _, key := range app.keys { + keys = append(keys, key) +} + +return keys +} + +// SimulationManager implements the SimulationApp interface +func (app *SimApp) + +SimulationManager() *module.SimulationManager { + return app.sm +} + +// RegisterAPIRoutes registers all application module routes with the provided +// API server. +func (app *SimApp) + +RegisterAPIRoutes(apiSvr *api.Server, apiConfig config.APIConfig) { + clientCtx := apiSvr.ClientCtx + // Register new tx routes from grpc-gateway. + authtx.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // Register new CometBFT queries routes from grpc-gateway. + cmtservice.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // Register node gRPC service for grpc-gateway. + nodeservice.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // Register grpc-gateway routes for all modules. + app.BasicModuleManager.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // register swagger API from root so that other applications can override easily + if err := server.RegisterSwaggerAPI(apiSvr.ClientCtx, apiSvr.Router, apiConfig.Swagger); err != nil { + panic(err) +} +} + +// RegisterTxService implements the Application.RegisterTxService method. +func (app *SimApp) + +RegisterTxService(clientCtx client.Context) { + authtx.RegisterTxService(app.BaseApp.GRPCQueryRouter(), clientCtx, app.BaseApp.Simulate, app.interfaceRegistry) +} + +// RegisterTendermintService implements the Application.RegisterTendermintService method. +func (app *SimApp) + +RegisterTendermintService(clientCtx client.Context) { + cmtApp := server.NewCometABCIWrapper(app) + +cmtservice.RegisterTendermintService( + clientCtx, + app.BaseApp.GRPCQueryRouter(), + app.interfaceRegistry, + cmtApp.Query, + ) +} + +func (app *SimApp) + +RegisterNodeService(clientCtx client.Context, cfg config.Config) { + nodeservice.RegisterNodeService(clientCtx, app.GRPCQueryRouter(), cfg) +} + +// GetMaccPerms returns a copy of the module account permissions +// +// NOTE: This is solely to be used for testing purposes. +func GetMaccPerms() + +map[string][]string { + return maps.Clone(maccPerms) +} + +// BlockedAddresses returns all the app's blocked account addresses. +func BlockedAddresses() + +map[string]bool { + modAccAddrs := make(map[string]bool) + for acc := range GetMaccPerms() { + modAccAddrs[authtypes.NewModuleAddress(acc).String()] = true +} + + // allow the following addresses to receive funds + delete(modAccAddrs, authtypes.NewModuleAddress(govtypes.ModuleName).String()) + +return modAccAddrs +} +``` + +Note that you may override some modules. +This is useful if the existing module configuration in the `ModuleManager` should be different in the `SimulationManager`. + +Finally, the application should expose the `SimulationManager` via the following method defined in the `Runtime` interface: + +```go +// SimulationManager implements the SimulationApp interface +func (app *SimApp) + +SimulationManager() *module.SimulationManager { + return app.sm +} +``` + +## Running Simulations + +To run the simulation, use the `simsx` runner. + +Call the following function from the `simsx` package to begin simulating with a default seed: + +```go expandable +package simsx + +import ( + + "encoding/json" + "fmt" + "io" + "math" + "os" + "path/filepath" + "strings" + "testing" + + dbm "github.com/cosmos/cosmos-db" + "github.com/stretchr/testify/require" + "cosmossdk.io/log" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/client/flags" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/runtime" + servertypes "github.com/cosmos/cosmos-sdk/server/types" + simtestutil "github.com/cosmos/cosmos-sdk/testutil/sims" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/module" + simtypes "github.com/cosmos/cosmos-sdk/types/simulation" + "github.com/cosmos/cosmos-sdk/x/simulation" + "github.com/cosmos/cosmos-sdk/x/simulation/client/cli" +) + +const SimAppChainID = "simulation-app" + +// this list of seeds was imported from the original simulation runner: https://github.com/cosmos/tools/blob/v1.0.0/cmd/runsim/main.go#L32 +var defaultSeeds = []int64{ + 1, 2, 4, 7, + 32, 123, 124, 582, 1893, 2989, + 3012, 4728, 37827, 981928, 87821, 891823782, + 989182, 89182391, 11, 22, 44, 77, 99, 2020, + 3232, 123123, 124124, 582582, 18931893, + 29892989, 30123012, 47284728, 7601778, 8090485, + 977367484, 491163361, 424254581, 673398983, +} + +// SimStateFactory is a factory type that provides a convenient way to create a simulation state for testing. +// It contains the following fields: +// - Codec: a codec used for serializing other objects +// - AppStateFn: a function that returns the app state JSON bytes and the genesis accounts +// - BlockedAddr: a map of blocked addresses +// - AccountSource: an interface for retrieving accounts +// - BalanceSource: an interface for retrieving balance-related information +type SimStateFactory struct { + Codec codec.Codec + AppStateFn simtypes.AppStateFn + BlockedAddr map[string]bool + AccountSource AccountSourceX + BalanceSource BalanceSource +} + +// SimulationApp abstract app that is used by sims +type SimulationApp interface { + runtime.AppI + SetNotSigverifyTx() + +GetBaseApp() *baseapp.BaseApp + TxConfig() + +client.TxConfig + Close() + +error +} + +// Run is a helper function that runs a simulation test with the given parameters. +// It calls the RunWithSeeds function with the default seeds and parameters. +// +// This is the entrypoint to run simulation tests that used to run with the runsim binary. +func Run[T SimulationApp]( + t *testing.T, + appFactory func( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), + ) + +T, + setupStateFactory func(app T) + +SimStateFactory, + postRunActions ...func(t testing.TB, app TestInstance[T], accs []simtypes.Account), +) { + t.Helper() + +RunWithSeeds(t, appFactory, setupStateFactory, defaultSeeds, nil, postRunActions...) +} + +// RunWithSeeds is a helper function that runs a simulation test with the given parameters. +// It iterates over the provided seeds and runs the simulation test for each seed in parallel. +// +// It sets up the environment, creates an instance of the simulation app, +// calls the simulation.SimulateFromSeed function to run the simulation, and performs post-run actions for each seed. +// The execution is deterministic and can be used for fuzz tests as well. +// +// The system under test is isolated for each run but unlike the old runsim command, there is no Process separation. +// This means, global caches may be reused for example. This implementation build upon the vanilla Go stdlib test framework. +func RunWithSeeds[T SimulationApp]( + t *testing.T, + appFactory func( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), + ) + +T, + setupStateFactory func(app T) + +SimStateFactory, + seeds []int64, + fuzzSeed []byte, + postRunActions ...func(t testing.TB, app TestInstance[T], accs []simtypes.Account), +) { + t.Helper() + +RunWithSeedsAndRandAcc(t, appFactory, setupStateFactory, seeds, fuzzSeed, simtypes.RandomAccounts, postRunActions...) +} + +// RunWithSeedsAndRandAcc calls RunWithSeeds with randAccFn +func RunWithSeedsAndRandAcc[T SimulationApp]( + t *testing.T, + appFactory func( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), + ) + +T, + setupStateFactory func(app T) + +SimStateFactory, + seeds []int64, + fuzzSeed []byte, + randAccFn simtypes.RandomAccountFn, + postRunActions ...func(t testing.TB, app TestInstance[T], accs []simtypes.Account), +) { + t.Helper() + if deprecatedParams := cli.GetDeprecatedFlagUsed(); len(deprecatedParams) != 0 { + fmt.Printf("Warning: Deprecated flag are used: %s", strings.Join(deprecatedParams, ",")) +} + cfg := cli.NewConfigFromFlags() + +cfg.ChainID = SimAppChainID + for i := range seeds { + seed := seeds[i] + t.Run(fmt.Sprintf("seed: %d", seed), func(t *testing.T) { + t.Parallel() + +RunWithSeed(t, cfg, appFactory, setupStateFactory, seed, fuzzSeed, postRunActions...) +}) +} +} + +// RunWithSeed is a helper function that runs a simulation test with the given parameters. +// It iterates over the provided seeds and runs the simulation test for each seed in parallel. +// +// It sets up the environment, creates an instance of the simulation app, +// calls the simulation.SimulateFromSeed function to run the simulation, and performs post-run actions for the seed. +// The execution is deterministic and can be used for fuzz tests as well. +func RunWithSeed[T SimulationApp]( + tb testing.TB, + cfg simtypes.Config, + appFactory func(logger log.Logger, db dbm.DB, traceStore io.Writer, loadLatest bool, appOpts servertypes.AppOptions, baseAppOptions ...func(*baseapp.BaseApp)) + +T, + setupStateFactory func(app T) + +SimStateFactory, + seed int64, + fuzzSeed []byte, + postRunActions ...func(t testing.TB, app TestInstance[T], accs []simtypes.Account), +) { + tb.Helper() + +RunWithSeedAndRandAcc(tb, cfg, appFactory, setupStateFactory, seed, fuzzSeed, simtypes.RandomAccounts, postRunActions...) +} + +// RunWithSeedAndRandAcc calls RunWithSeed with randAccFn +func RunWithSeedAndRandAcc[T SimulationApp]( + tb testing.TB, + cfg simtypes.Config, + appFactory func(logger log.Logger, db dbm.DB, traceStore io.Writer, loadLatest bool, appOpts servertypes.AppOptions, baseAppOptions ...func(*baseapp.BaseApp)) + +T, + setupStateFactory func(app T) + +SimStateFactory, + seed int64, + fuzzSeed []byte, + randAccFn simtypes.RandomAccountFn, + postRunActions ...func(t testing.TB, app TestInstance[T], accs []simtypes.Account), +) { + tb.Helper() + // setup environment + tCfg := cfg.With(tb, seed, fuzzSeed) + testInstance := NewSimulationAppInstance(tb, tCfg, appFactory) + +var runLogger log.Logger + if cli.FlagVerboseValue { + runLogger = log.NewTestLogger(tb) +} + +else { + runLogger = log.NewTestLoggerInfo(tb) +} + +runLogger = runLogger.With("seed", tCfg.Seed) + app := testInstance.App + stateFactory := setupStateFactory(app) + +ops, reporter := prepareWeightedOps(app.SimulationManager(), stateFactory, tCfg, testInstance.App.TxConfig(), runLogger) + +simParams, accs, err := simulation.SimulateFromSeedX( + tb, + runLogger, + WriteToDebugLog(runLogger), + app.GetBaseApp(), + stateFactory.AppStateFn, + randAccFn, + ops, + stateFactory.BlockedAddr, + tCfg, + stateFactory.Codec, + testInstance.ExecLogWriter, + ) + +require.NoError(tb, err) + +err = simtestutil.CheckExportSimulation(app, tCfg, simParams) + +require.NoError(tb, err) + if tCfg.Commit { + simtestutil.PrintStats(testInstance.DB) +} + // not using tb.Log to always print the summary + fmt.Printf("+++ DONE (seed: %d): \n%s\n", seed, reporter.Summary().String()) + for _, step := range postRunActions { + step(tb, testInstance, accs) +} + +require.NoError(tb, app.Close()) +} + +type ( + HasWeightedOperationsX interface { + WeightedOperationsX(weight WeightSource, reg Registry) +} + +HasWeightedOperationsXWithProposals interface { + WeightedOperationsX(weights WeightSource, reg Registry, proposals WeightedProposalMsgIter, + legacyProposals []simtypes.WeightedProposalContent) //nolint: staticcheck // used for legacy proposal types +} + +HasProposalMsgsX interface { + ProposalMsgsX(weights WeightSource, reg Registry) +} +) + +type ( + HasLegacyWeightedOperations interface { + // WeightedOperations simulation operations (i.e msgs) + +with their respective weight + WeightedOperations(simState module.SimulationState) []simtypes.WeightedOperation +} + // HasLegacyProposalMsgs defines the messages that can be used to simulate governance (v1) + +proposals + // Deprecated replaced by HasProposalMsgsX + HasLegacyProposalMsgs interface { + // ProposalMsgs msg fu nctions used to simulate governance proposals + ProposalMsgs(simState module.SimulationState) []simtypes.WeightedProposalMsg +} + + // HasLegacyProposalContents defines the contents that can be used to simulate legacy governance (v1beta1) + +proposals + // Deprecated replaced by HasProposalMsgsX + HasLegacyProposalContents interface { + // ProposalContents content functions used to simulate governance proposals + ProposalContents(simState module.SimulationState) []simtypes.WeightedProposalContent //nolint:staticcheck // legacy v1beta1 governance +} +) + +// TestInstance is a generic type that represents an instance of a SimulationApp used for testing simulations. +// It contains the following fields: +// - App: The instance of the SimulationApp under test. +// - DB: The LevelDB database for the simulation app. +// - WorkDir: The temporary working directory for the simulation app. +// - Cfg: The configuration flags for the simulator. +// - AppLogger: The logger used for logging in the app during the simulation, with seed value attached. +// - ExecLogWriter: Captures block and operation data coming from the simulation +type TestInstance[T SimulationApp] struct { + App T + DB dbm.DB + WorkDir string + Cfg simtypes.Config + AppLogger log.Logger + ExecLogWriter simulation.LogWriter +} + +// included to avoid cyclic dependency in testutils/sims +func prepareWeightedOps( + sm *module.SimulationManager, + stateFact SimStateFactory, + config simtypes.Config, + txConfig client.TxConfig, + logger log.Logger, +) (simulation.WeightedOperations, *BasicSimulationReporter) { + cdc := stateFact.Codec + simState := module.SimulationState{ + AppParams: make(simtypes.AppParams), + Cdc: cdc, + TxConfig: txConfig, + BondDenom: sdk.DefaultBondDenom, +} + if config.ParamsFile != "" { + bz, err := os.ReadFile(config.ParamsFile) + if err != nil { + panic(err) +} + +err = json.Unmarshal(bz, &simState.AppParams) + if err != nil { + panic(err) +} + +} + weights := ParamWeightSource(simState.AppParams) + reporter := NewBasicSimulationReporter() + pReg := make(UniqueTypeRegistry) + wContent := make([]simtypes.WeightedProposalContent, 0) //nolint:staticcheck // required for legacy type + legacyPReg := NewWeightedFactoryMethods() + // add gov proposals types + for _, m := range sm.Modules { + switch xm := m.(type) { + case HasProposalMsgsX: + xm.ProposalMsgsX(weights, pReg) + case HasLegacyProposalMsgs: + for _, p := range xm.ProposalMsgs(simState) { + weight := weights.Get(p.AppParamsKey(), safeUint(p.DefaultWeight())) + +legacyPReg.Add(weight, legacyToMsgFactoryAdapter(p.MsgSimulatorFn())) +} + case HasLegacyProposalContents: + wContent = append(wContent, xm.ProposalContents(simState)...) +} + +} + oReg := NewSimsMsgRegistryAdapter( + reporter, + stateFact.AccountSource, + stateFact.BalanceSource, + txConfig, + logger, + ) + wOps := make([]simtypes.WeightedOperation, 0, len(sm.Modules)) + for _, m := range sm.Modules { + // add operations + switch xm := m.(type) { + case HasWeightedOperationsX: + xm.WeightedOperationsX(weights, oReg) + case HasWeightedOperationsXWithProposals: + xm.WeightedOperationsX(weights, oReg, AppendIterators(legacyPReg.Iterator(), pReg.Iterator()), wContent) + case HasLegacyWeightedOperations: + wOps = append(wOps, xm.WeightedOperations(simState)...) +} + +} + +return append(wOps, Collect(oReg.items, func(a weightedOperation) + +simtypes.WeightedOperation { + return a +})...), reporter +} + +func safeUint(p int) + +uint32 { + if p < 0 || p > math.MaxUint32 { + panic(fmt.Sprintf("can not cast to uint32: %d", p)) +} + +return uint32(p) +} + +// NewSimulationAppInstance initializes and returns a TestInstance of a SimulationApp. +// The function takes a testing.T instance, a simtypes.Config instance, and an appFactory function as parameters. +// It creates a temporary working directory and a LevelDB database for the simulation app. +// The function then initializes a logger based on the verbosity flag and sets the logger's seed to the test configuration's seed. +// The database is closed and cleaned up on test completion. +func NewSimulationAppInstance[T SimulationApp]( + tb testing.TB, + tCfg simtypes.Config, + appFactory func(logger log.Logger, db dbm.DB, traceStore io.Writer, loadLatest bool, appOpts servertypes.AppOptions, baseAppOptions ...func(*baseapp.BaseApp)) + +T, +) + +TestInstance[T] { + tb.Helper() + workDir := tb.TempDir() + +require.NoError(tb, os.Mkdir(filepath.Join(workDir, "data"), 0o750)) + dbDir := filepath.Join(workDir, "leveldb-app-sim") + +var logger log.Logger + if cli.FlagVerboseValue { + logger = log.NewTestLogger(tb) +} + +else { + logger = log.NewTestLoggerError(tb) +} + +logger = logger.With("seed", tCfg.Seed) + +db, err := dbm.NewDB("Simulation", dbm.BackendType(tCfg.DBBackend), dbDir) + +require.NoError(tb, err) + +tb.Cleanup(func() { + _ = db.Close() // ensure db is closed +}) + appOptions := make(simtestutil.AppOptionsMap) + +appOptions[flags.FlagHome] = workDir + opts := []func(*baseapp.BaseApp) { + baseapp.SetChainID(tCfg.ChainID) +} + if tCfg.FauxMerkle { + opts = append(opts, FauxMerkleModeOpt) +} + app := appFactory(logger, db, nil, true, appOptions, opts...) + if !cli.FlagSigverifyTxValue { + app.SetNotSigverifyTx() +} + +return TestInstance[T]{ + App: app, + DB: db, + WorkDir: workDir, + Cfg: tCfg, + AppLogger: logger, + ExecLogWriter: &simulation.StandardLogWriter{ + Seed: tCfg.Seed +}, +} +} + +var _ io.Writer = writerFn(nil) + +type writerFn func(p []byte) (n int, err error) + +func (w writerFn) + +Write(p []byte) (n int, err error) { + return w(p) +} + +// WriteToDebugLog is an adapter to io.Writer interface +func WriteToDebugLog(logger log.Logger) + +io.Writer { + return writerFn(func(p []byte) (n int, err error) { + logger.Debug(string(p)) + +return len(p), nil +}) +} + +// FauxMerkleModeOpt returns a BaseApp option to use a dbStoreAdapter instead of +// an IAVLStore for faster simulation speed. +func FauxMerkleModeOpt(bapp *baseapp.BaseApp) { + bapp.SetFauxMerkleMode() +} +``` + +If a custom seed is desired, tests should use `RunWithSeed`: + +```go expandable +package simsx + +import ( + + "encoding/json" + "fmt" + "io" + "math" + "os" + "path/filepath" + "strings" + "testing" + + dbm "github.com/cosmos/cosmos-db" + "github.com/stretchr/testify/require" + "cosmossdk.io/log" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/client/flags" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/runtime" + servertypes "github.com/cosmos/cosmos-sdk/server/types" + simtestutil "github.com/cosmos/cosmos-sdk/testutil/sims" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/module" + simtypes "github.com/cosmos/cosmos-sdk/types/simulation" + "github.com/cosmos/cosmos-sdk/x/simulation" + "github.com/cosmos/cosmos-sdk/x/simulation/client/cli" +) + +const SimAppChainID = "simulation-app" + +// this list of seeds was imported from the original simulation runner: https://github.com/cosmos/tools/blob/v1.0.0/cmd/runsim/main.go#L32 +var defaultSeeds = []int64{ + 1, 2, 4, 7, + 32, 123, 124, 582, 1893, 2989, + 3012, 4728, 37827, 981928, 87821, 891823782, + 989182, 89182391, 11, 22, 44, 77, 99, 2020, + 3232, 123123, 124124, 582582, 18931893, + 29892989, 30123012, 47284728, 7601778, 8090485, + 977367484, 491163361, 424254581, 673398983, +} + +// SimStateFactory is a factory type that provides a convenient way to create a simulation state for testing. +// It contains the following fields: +// - Codec: a codec used for serializing other objects +// - AppStateFn: a function that returns the app state JSON bytes and the genesis accounts +// - BlockedAddr: a map of blocked addresses +// - AccountSource: an interface for retrieving accounts +// - BalanceSource: an interface for retrieving balance-related information +type SimStateFactory struct { + Codec codec.Codec + AppStateFn simtypes.AppStateFn + BlockedAddr map[string]bool + AccountSource AccountSourceX + BalanceSource BalanceSource +} + +// SimulationApp abstract app that is used by sims +type SimulationApp interface { + runtime.AppI + SetNotSigverifyTx() + +GetBaseApp() *baseapp.BaseApp + TxConfig() + +client.TxConfig + Close() + +error +} + +// Run is a helper function that runs a simulation test with the given parameters. +// It calls the RunWithSeeds function with the default seeds and parameters. +// +// This is the entrypoint to run simulation tests that used to run with the runsim binary. +func Run[T SimulationApp]( + t *testing.T, + appFactory func( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), + ) + +T, + setupStateFactory func(app T) + +SimStateFactory, + postRunActions ...func(t testing.TB, app TestInstance[T], accs []simtypes.Account), +) { + t.Helper() + +RunWithSeeds(t, appFactory, setupStateFactory, defaultSeeds, nil, postRunActions...) +} + +// RunWithSeeds is a helper function that runs a simulation test with the given parameters. +// It iterates over the provided seeds and runs the simulation test for each seed in parallel. +// +// It sets up the environment, creates an instance of the simulation app, +// calls the simulation.SimulateFromSeed function to run the simulation, and performs post-run actions for each seed. +// The execution is deterministic and can be used for fuzz tests as well. +// +// The system under test is isolated for each run but unlike the old runsim command, there is no Process separation. +// This means, global caches may be reused for example. This implementation build upon the vanilla Go stdlib test framework. +func RunWithSeeds[T SimulationApp]( + t *testing.T, + appFactory func( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), + ) + +T, + setupStateFactory func(app T) + +SimStateFactory, + seeds []int64, + fuzzSeed []byte, + postRunActions ...func(t testing.TB, app TestInstance[T], accs []simtypes.Account), +) { + t.Helper() + +RunWithSeedsAndRandAcc(t, appFactory, setupStateFactory, seeds, fuzzSeed, simtypes.RandomAccounts, postRunActions...) +} + +// RunWithSeedsAndRandAcc calls RunWithSeeds with randAccFn +func RunWithSeedsAndRandAcc[T SimulationApp]( + t *testing.T, + appFactory func( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), + ) + +T, + setupStateFactory func(app T) + +SimStateFactory, + seeds []int64, + fuzzSeed []byte, + randAccFn simtypes.RandomAccountFn, + postRunActions ...func(t testing.TB, app TestInstance[T], accs []simtypes.Account), +) { + t.Helper() + if deprecatedParams := cli.GetDeprecatedFlagUsed(); len(deprecatedParams) != 0 { + fmt.Printf("Warning: Deprecated flag are used: %s", strings.Join(deprecatedParams, ",")) +} + cfg := cli.NewConfigFromFlags() + +cfg.ChainID = SimAppChainID + for i := range seeds { + seed := seeds[i] + t.Run(fmt.Sprintf("seed: %d", seed), func(t *testing.T) { + t.Parallel() + +RunWithSeed(t, cfg, appFactory, setupStateFactory, seed, fuzzSeed, postRunActions...) +}) +} +} + +// RunWithSeed is a helper function that runs a simulation test with the given parameters. +// It iterates over the provided seeds and runs the simulation test for each seed in parallel. +// +// It sets up the environment, creates an instance of the simulation app, +// calls the simulation.SimulateFromSeed function to run the simulation, and performs post-run actions for the seed. +// The execution is deterministic and can be used for fuzz tests as well. +func RunWithSeed[T SimulationApp]( + tb testing.TB, + cfg simtypes.Config, + appFactory func(logger log.Logger, db dbm.DB, traceStore io.Writer, loadLatest bool, appOpts servertypes.AppOptions, baseAppOptions ...func(*baseapp.BaseApp)) + +T, + setupStateFactory func(app T) + +SimStateFactory, + seed int64, + fuzzSeed []byte, + postRunActions ...func(t testing.TB, app TestInstance[T], accs []simtypes.Account), +) { + tb.Helper() + +RunWithSeedAndRandAcc(tb, cfg, appFactory, setupStateFactory, seed, fuzzSeed, simtypes.RandomAccounts, postRunActions...) +} + +// RunWithSeedAndRandAcc calls RunWithSeed with randAccFn +func RunWithSeedAndRandAcc[T SimulationApp]( + tb testing.TB, + cfg simtypes.Config, + appFactory func(logger log.Logger, db dbm.DB, traceStore io.Writer, loadLatest bool, appOpts servertypes.AppOptions, baseAppOptions ...func(*baseapp.BaseApp)) + +T, + setupStateFactory func(app T) + +SimStateFactory, + seed int64, + fuzzSeed []byte, + randAccFn simtypes.RandomAccountFn, + postRunActions ...func(t testing.TB, app TestInstance[T], accs []simtypes.Account), +) { + tb.Helper() + // setup environment + tCfg := cfg.With(tb, seed, fuzzSeed) + testInstance := NewSimulationAppInstance(tb, tCfg, appFactory) + +var runLogger log.Logger + if cli.FlagVerboseValue { + runLogger = log.NewTestLogger(tb) +} + +else { + runLogger = log.NewTestLoggerInfo(tb) +} + +runLogger = runLogger.With("seed", tCfg.Seed) + app := testInstance.App + stateFactory := setupStateFactory(app) + +ops, reporter := prepareWeightedOps(app.SimulationManager(), stateFactory, tCfg, testInstance.App.TxConfig(), runLogger) + +simParams, accs, err := simulation.SimulateFromSeedX( + tb, + runLogger, + WriteToDebugLog(runLogger), + app.GetBaseApp(), + stateFactory.AppStateFn, + randAccFn, + ops, + stateFactory.BlockedAddr, + tCfg, + stateFactory.Codec, + testInstance.ExecLogWriter, + ) + +require.NoError(tb, err) + +err = simtestutil.CheckExportSimulation(app, tCfg, simParams) + +require.NoError(tb, err) + if tCfg.Commit { + simtestutil.PrintStats(testInstance.DB) +} + // not using tb.Log to always print the summary + fmt.Printf("+++ DONE (seed: %d): \n%s\n", seed, reporter.Summary().String()) + for _, step := range postRunActions { + step(tb, testInstance, accs) +} + +require.NoError(tb, app.Close()) +} + +type ( + HasWeightedOperationsX interface { + WeightedOperationsX(weight WeightSource, reg Registry) +} + +HasWeightedOperationsXWithProposals interface { + WeightedOperationsX(weights WeightSource, reg Registry, proposals WeightedProposalMsgIter, + legacyProposals []simtypes.WeightedProposalContent) //nolint: staticcheck // used for legacy proposal types +} + +HasProposalMsgsX interface { + ProposalMsgsX(weights WeightSource, reg Registry) +} +) + +type ( + HasLegacyWeightedOperations interface { + // WeightedOperations simulation operations (i.e msgs) + +with their respective weight + WeightedOperations(simState module.SimulationState) []simtypes.WeightedOperation +} + // HasLegacyProposalMsgs defines the messages that can be used to simulate governance (v1) + +proposals + // Deprecated replaced by HasProposalMsgsX + HasLegacyProposalMsgs interface { + // ProposalMsgs msg fu nctions used to simulate governance proposals + ProposalMsgs(simState module.SimulationState) []simtypes.WeightedProposalMsg +} + + // HasLegacyProposalContents defines the contents that can be used to simulate legacy governance (v1beta1) + +proposals + // Deprecated replaced by HasProposalMsgsX + HasLegacyProposalContents interface { + // ProposalContents content functions used to simulate governance proposals + ProposalContents(simState module.SimulationState) []simtypes.WeightedProposalContent //nolint:staticcheck // legacy v1beta1 governance +} +) + +// TestInstance is a generic type that represents an instance of a SimulationApp used for testing simulations. +// It contains the following fields: +// - App: The instance of the SimulationApp under test. +// - DB: The LevelDB database for the simulation app. +// - WorkDir: The temporary working directory for the simulation app. +// - Cfg: The configuration flags for the simulator. +// - AppLogger: The logger used for logging in the app during the simulation, with seed value attached. +// - ExecLogWriter: Captures block and operation data coming from the simulation +type TestInstance[T SimulationApp] struct { + App T + DB dbm.DB + WorkDir string + Cfg simtypes.Config + AppLogger log.Logger + ExecLogWriter simulation.LogWriter +} + +// included to avoid cyclic dependency in testutils/sims +func prepareWeightedOps( + sm *module.SimulationManager, + stateFact SimStateFactory, + config simtypes.Config, + txConfig client.TxConfig, + logger log.Logger, +) (simulation.WeightedOperations, *BasicSimulationReporter) { + cdc := stateFact.Codec + simState := module.SimulationState{ + AppParams: make(simtypes.AppParams), + Cdc: cdc, + TxConfig: txConfig, + BondDenom: sdk.DefaultBondDenom, +} + if config.ParamsFile != "" { + bz, err := os.ReadFile(config.ParamsFile) + if err != nil { + panic(err) +} + +err = json.Unmarshal(bz, &simState.AppParams) + if err != nil { + panic(err) +} + +} + weights := ParamWeightSource(simState.AppParams) + reporter := NewBasicSimulationReporter() + pReg := make(UniqueTypeRegistry) + wContent := make([]simtypes.WeightedProposalContent, 0) //nolint:staticcheck // required for legacy type + legacyPReg := NewWeightedFactoryMethods() + // add gov proposals types + for _, m := range sm.Modules { + switch xm := m.(type) { + case HasProposalMsgsX: + xm.ProposalMsgsX(weights, pReg) + case HasLegacyProposalMsgs: + for _, p := range xm.ProposalMsgs(simState) { + weight := weights.Get(p.AppParamsKey(), safeUint(p.DefaultWeight())) + +legacyPReg.Add(weight, legacyToMsgFactoryAdapter(p.MsgSimulatorFn())) +} + case HasLegacyProposalContents: + wContent = append(wContent, xm.ProposalContents(simState)...) +} + +} + oReg := NewSimsMsgRegistryAdapter( + reporter, + stateFact.AccountSource, + stateFact.BalanceSource, + txConfig, + logger, + ) + wOps := make([]simtypes.WeightedOperation, 0, len(sm.Modules)) + for _, m := range sm.Modules { + // add operations + switch xm := m.(type) { + case HasWeightedOperationsX: + xm.WeightedOperationsX(weights, oReg) + case HasWeightedOperationsXWithProposals: + xm.WeightedOperationsX(weights, oReg, AppendIterators(legacyPReg.Iterator(), pReg.Iterator()), wContent) + case HasLegacyWeightedOperations: + wOps = append(wOps, xm.WeightedOperations(simState)...) +} + +} + +return append(wOps, Collect(oReg.items, func(a weightedOperation) + +simtypes.WeightedOperation { + return a +})...), reporter +} + +func safeUint(p int) + +uint32 { + if p < 0 || p > math.MaxUint32 { + panic(fmt.Sprintf("can not cast to uint32: %d", p)) +} + +return uint32(p) +} + +// NewSimulationAppInstance initializes and returns a TestInstance of a SimulationApp. +// The function takes a testing.T instance, a simtypes.Config instance, and an appFactory function as parameters. +// It creates a temporary working directory and a LevelDB database for the simulation app. +// The function then initializes a logger based on the verbosity flag and sets the logger's seed to the test configuration's seed. +// The database is closed and cleaned up on test completion. +func NewSimulationAppInstance[T SimulationApp]( + tb testing.TB, + tCfg simtypes.Config, + appFactory func(logger log.Logger, db dbm.DB, traceStore io.Writer, loadLatest bool, appOpts servertypes.AppOptions, baseAppOptions ...func(*baseapp.BaseApp)) + +T, +) + +TestInstance[T] { + tb.Helper() + workDir := tb.TempDir() + +require.NoError(tb, os.Mkdir(filepath.Join(workDir, "data"), 0o750)) + dbDir := filepath.Join(workDir, "leveldb-app-sim") + +var logger log.Logger + if cli.FlagVerboseValue { + logger = log.NewTestLogger(tb) +} + +else { + logger = log.NewTestLoggerError(tb) +} + +logger = logger.With("seed", tCfg.Seed) + +db, err := dbm.NewDB("Simulation", dbm.BackendType(tCfg.DBBackend), dbDir) + +require.NoError(tb, err) + +tb.Cleanup(func() { + _ = db.Close() // ensure db is closed +}) + appOptions := make(simtestutil.AppOptionsMap) + +appOptions[flags.FlagHome] = workDir + opts := []func(*baseapp.BaseApp) { + baseapp.SetChainID(tCfg.ChainID) +} + if tCfg.FauxMerkle { + opts = append(opts, FauxMerkleModeOpt) +} + app := appFactory(logger, db, nil, true, appOptions, opts...) + if !cli.FlagSigverifyTxValue { + app.SetNotSigverifyTx() +} + +return TestInstance[T]{ + App: app, + DB: db, + WorkDir: workDir, + Cfg: tCfg, + AppLogger: logger, + ExecLogWriter: &simulation.StandardLogWriter{ + Seed: tCfg.Seed +}, +} +} + +var _ io.Writer = writerFn(nil) + +type writerFn func(p []byte) (n int, err error) + +func (w writerFn) + +Write(p []byte) (n int, err error) { + return w(p) +} + +// WriteToDebugLog is an adapter to io.Writer interface +func WriteToDebugLog(logger log.Logger) + +io.Writer { + return writerFn(func(p []byte) (n int, err error) { + logger.Debug(string(p)) + +return len(p), nil +}) +} + +// FauxMerkleModeOpt returns a BaseApp option to use a dbStoreAdapter instead of +// an IAVLStore for faster simulation speed. +func FauxMerkleModeOpt(bapp *baseapp.BaseApp) { + bapp.SetFauxMerkleMode() +} +``` + +These functions should be called in tests (i.e., app\_test.go, app\_sim\_test.go, etc.) + +Example: + +```go expandable +//go:build sims + +package simapp + +import ( + + "encoding/binary" + "encoding/json" + "flag" + "io" + "math/rand" + "strings" + "sync" + "testing" + + abci "github.com/cometbft/cometbft/abci/types" + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + dbm "github.com/cosmos/cosmos-db" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "cosmossdk.io/log" + "cosmossdk.io/store" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/baseapp" + servertypes "github.com/cosmos/cosmos-sdk/server/types" + simtestutil "github.com/cosmos/cosmos-sdk/testutil/sims" + sims "github.com/cosmos/cosmos-sdk/testutil/simsx" + sdk "github.com/cosmos/cosmos-sdk/types" + simtypes "github.com/cosmos/cosmos-sdk/types/simulation" + authzkeeper "github.com/cosmos/cosmos-sdk/x/authz/keeper" + "github.com/cosmos/cosmos-sdk/x/feegrant" + "github.com/cosmos/cosmos-sdk/x/simulation" + simcli "github.com/cosmos/cosmos-sdk/x/simulation/client/cli" + slashingtypes "github.com/cosmos/cosmos-sdk/x/slashing/types" + stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types" +) + +var FlagEnableStreamingValue bool + +// Get flags every time the simulator is run +func init() { + simcli.GetSimulatorFlags() + +flag.BoolVar(&FlagEnableStreamingValue, "EnableStreaming", false, "Enable streaming service") +} + +// interBlockCacheOpt returns a BaseApp option function that sets the persistent +// inter-block write-through cache. +func interBlockCacheOpt() + +func(*baseapp.BaseApp) { + return baseapp.SetInterBlockCache(store.NewCommitKVStoreCacheManager()) +} + +func TestFullAppSimulation(t *testing.T) { + sims.Run(t, NewSimApp, setupStateFactory) +} + +func setupStateFactory(app *SimApp) + +sims.SimStateFactory { + return sims.SimStateFactory{ + Codec: app.AppCodec(), + AppStateFn: simtestutil.AppStateFn(app.AppCodec(), app.SimulationManager(), app.DefaultGenesis()), + BlockedAddr: BlockedAddresses(), + AccountSource: app.AccountKeeper, + BalanceSource: app.BankKeeper, +} +} + +var ( + exportAllModules = []string{ +} + +exportWithValidatorSet = []string{ +} +) + +func TestAppImportExport(t *testing.T) { + sims.Run(t, NewSimApp, setupStateFactory, func(tb testing.TB, ti sims.TestInstance[*SimApp], accs []simtypes.Account) { + tb.Helper() + app := ti.App + tb.Log("exporting genesis...\n") + +exported, err := app.ExportAppStateAndValidators(false, exportWithValidatorSet, exportAllModules) + +require.NoError(tb, err) + +tb.Log("importing genesis...\n") + newTestInstance := sims.NewSimulationAppInstance(tb, ti.Cfg, NewSimApp) + newApp := newTestInstance.App + var genesisState GenesisState + require.NoError(tb, json.Unmarshal(exported.AppState, &genesisState)) + ctxB := newApp.NewContextLegacy(true, cmtproto.Header{ + Height: app.LastBlockHeight() +}) + _, err = newApp.ModuleManager.InitGenesis(ctxB, newApp.appCodec, genesisState) + if IsEmptyValidatorSetErr(err) { + tb.Skip("Skipping simulation as all validators have been unbonded") + +return +} + +require.NoError(tb, err) + +err = newApp.StoreConsensusParams(ctxB, exported.ConsensusParams) + +require.NoError(tb, err) + +tb.Log("comparing stores...") + // skip certain prefixes + skipPrefixes := map[string][][]byte{ + stakingtypes.StoreKey: { + stakingtypes.UnbondingQueueKey, stakingtypes.RedelegationQueueKey, stakingtypes.ValidatorQueueKey, + stakingtypes.HistoricalInfoKey, stakingtypes.UnbondingIDKey, stakingtypes.UnbondingIndexKey, + stakingtypes.UnbondingTypeKey, + stakingtypes.ValidatorUpdatesKey, // todo (Alex): double check why there is a diff with test-sim-import-export +}, + authzkeeper.StoreKey: { + authzkeeper.GrantQueuePrefix +}, + feegrant.StoreKey: { + feegrant.FeeAllowanceQueueKeyPrefix +}, + slashingtypes.StoreKey: { + slashingtypes.ValidatorMissedBlockBitmapKeyPrefix +}, +} + +AssertEqualStores(tb, app, newApp, app.SimulationManager().StoreDecoders, skipPrefixes) +}) +} + +// Scenario: +// +// Start a fresh node and run n blocks, export state +// set up a new node instance, Init chain from exported genesis +// run new instance for n blocks +func TestAppSimulationAfterImport(t *testing.T) { + sims.Run(t, NewSimApp, setupStateFactory, func(tb testing.TB, ti sims.TestInstance[*SimApp], accs []simtypes.Account) { + tb.Helper() + app := ti.App + tb.Log("exporting genesis...\n") + +exported, err := app.ExportAppStateAndValidators(false, exportWithValidatorSet, exportAllModules) + +require.NoError(tb, err) + +tb.Log("importing genesis...\n") + newTestInstance := sims.NewSimulationAppInstance(tb, ti.Cfg, NewSimApp) + newApp := newTestInstance.App + _, err = newApp.InitChain(&abci.RequestInitChain{ + AppStateBytes: exported.AppState, + ChainId: sims.SimAppChainID, +}) + if IsEmptyValidatorSetErr(err) { + tb.Skip("Skipping simulation as all validators have been unbonded") + +return +} + +require.NoError(tb, err) + newStateFactory := setupStateFactory(newApp) + _, _, err = simulation.SimulateFromSeedX( + tb, + newTestInstance.AppLogger, + sims.WriteToDebugLog(newTestInstance.AppLogger), + newApp.BaseApp, + newStateFactory.AppStateFn, + simtypes.RandomAccounts, + simtestutil.BuildSimulationOperations(newApp, newApp.AppCodec(), newTestInstance.Cfg, newApp.TxConfig()), + newStateFactory.BlockedAddr, + newTestInstance.Cfg, + newStateFactory.Codec, + ti.ExecLogWriter, + ) + +require.NoError(tb, err) +}) +} + +func IsEmptyValidatorSetErr(err error) + +bool { + return err != nil && strings.Contains(err.Error(), "validator set is empty after InitGenesis") +} + +func TestAppStateDeterminism(t *testing.T) { + const numTimesToRunPerSeed = 3 + var seeds []int64 + if s := simcli.NewConfigFromFlags().Seed; s != simcli.DefaultSeedValue { + // We will be overriding the random seed and just run a single simulation on the provided seed value + for j := 0; j < numTimesToRunPerSeed; j++ { // multiple rounds + seeds = append(seeds, s) +} + +} + +else { + // setup with 3 random seeds + for i := 0; i < 3; i++ { + seed := rand.Int63() + for j := 0; j < numTimesToRunPerSeed; j++ { // multiple rounds + seeds = append(seeds, seed) +} + +} + +} + // overwrite default app config + interBlockCachingAppFactory := func(logger log.Logger, db dbm.DB, traceStore io.Writer, loadLatest bool, appOpts servertypes.AppOptions, baseAppOptions ...func(*baseapp.BaseApp)) *SimApp { + if FlagEnableStreamingValue { + m := map[string]any{ + "streaming.abci.keys": []string{"*" +}, + "streaming.abci.plugin": "abci_v1", + "streaming.abci.stop-node-on-err": true, +} + others := appOpts + appOpts = appOptionsFn(func(k string) + +any { + if v, ok := m[k]; ok { + return v +} + +return others.Get(k) +}) +} + +return NewSimApp(logger, db, nil, true, appOpts, append(baseAppOptions, interBlockCacheOpt())...) +} + +var mx sync.Mutex + appHashResults := make(map[int64][][]byte) + appSimLogger := make(map[int64][]simulation.LogWriter) + captureAndCheckHash := func(tb testing.TB, ti sims.TestInstance[*SimApp], _ []simtypes.Account) { + tb.Helper() + +seed, appHash := ti.Cfg.Seed, ti.App.LastCommitID().Hash + mx.Lock() + +otherHashes, execWriters := appHashResults[seed], appSimLogger[seed] + if len(otherHashes) < numTimesToRunPerSeed-1 { + appHashResults[seed], appSimLogger[seed] = append(otherHashes, appHash), append(execWriters, ti.ExecLogWriter) +} + +else { // cleanup + delete(appHashResults, seed) + +delete(appSimLogger, seed) +} + +mx.Unlock() + +var failNow bool + // and check that all app hashes per seed are equal for each iteration + for i := 0; i < len(otherHashes); i++ { + if !assert.Equal(tb, otherHashes[i], appHash) { + execWriters[i].PrintLogs() + +failNow = true +} + +} + if failNow { + ti.ExecLogWriter.PrintLogs() + +tb.Fatalf("non-determinism in seed %d", seed) +} + +} + // run simulations + sims.RunWithSeeds(t, interBlockCachingAppFactory, setupStateFactory, seeds, []byte{ +}, captureAndCheckHash) +} + +type ComparableStoreApp interface { + LastBlockHeight() + +int64 + NewContextLegacy(isCheckTx bool, header cmtproto.Header) + +sdk.Context + GetKey(storeKey string) *storetypes.KVStoreKey + GetStoreKeys() []storetypes.StoreKey +} + +func AssertEqualStores( + tb testing.TB, + app, newApp ComparableStoreApp, + storeDecoders simtypes.StoreDecoderRegistry, + skipPrefixes map[string][][]byte, +) { + tb.Helper() + ctxA := app.NewContextLegacy(true, cmtproto.Header{ + Height: app.LastBlockHeight() +}) + ctxB := newApp.NewContextLegacy(true, cmtproto.Header{ + Height: app.LastBlockHeight() +}) + storeKeys := app.GetStoreKeys() + +require.NotEmpty(tb, storeKeys) + for _, appKeyA := range storeKeys { + // only compare kvstores + if _, ok := appKeyA.(*storetypes.KVStoreKey); !ok { + continue +} + keyName := appKeyA.Name() + appKeyB := newApp.GetKey(keyName) + storeA := ctxA.KVStore(appKeyA) + storeB := ctxB.KVStore(appKeyB) + +failedKVAs, failedKVBs := simtestutil.DiffKVStores(storeA, storeB, skipPrefixes[keyName]) + +require.Equal(tb, len(failedKVAs), len(failedKVBs), "unequal sets of key-values to compare %s, key stores %s and %s", keyName, appKeyA, appKeyB) + +tb.Logf("compared %d different key/value pairs between %s and %s\n", len(failedKVAs), appKeyA, appKeyB) + if !assert.Equal(tb, 0, len(failedKVAs), simtestutil.GetSimulationLog(keyName, storeDecoders, failedKVAs, failedKVBs)) { + for _, v := range failedKVAs { + tb.Logf("store mismatch: %q\n", v) +} + +tb.FailNow() +} + +} +} + +// appOptionsFn is an adapter to the single method AppOptions interface +type appOptionsFn func(string) + +any + +func (f appOptionsFn) + +Get(k string) + +any { + return f(k) +} + +// FauxMerkleModeOpt returns a BaseApp option to use a dbStoreAdapter instead of +// an IAVLStore for faster simulation speed. +func FauxMerkleModeOpt(bapp *baseapp.BaseApp) { + bapp.SetFauxMerkleMode() +} + +func FuzzFullAppSimulation(f *testing.F) { + f.Fuzz(func(t *testing.T, rawSeed []byte) { + if len(rawSeed) < 8 { + t.Skip() + +return +} + +sims.RunWithSeeds( + t, + NewSimApp, + setupStateFactory, + []int64{ + int64(binary.BigEndian.Uint64(rawSeed)) +}, + rawSeed[8:], + ) +}) +} +``` diff --git a/docs/sdk/next/build/building-modules/structure.mdx b/docs/sdk/next/build/building-modules/structure.mdx new file mode 100644 index 00000000..398ac0a1 --- /dev/null +++ b/docs/sdk/next/build/building-modules/structure.mdx @@ -0,0 +1,93 @@ +--- +title: Recommended Folder Structure +--- + +**Synopsis** +This document outlines the recommended structure of Cosmos SDK modules. These ideas are meant to be applied as suggestions. Application developers are encouraged to improve upon and contribute to module structure and development design. + + +## Structure + +A typical Cosmos SDK module can be structured as follows: + +```shell +proto +└── {project_name} +    └── {module_name} +    └── {proto_version} +       ├── {module_name}.proto +       ├── event.proto +       ├── genesis.proto +       ├── query.proto +       └── tx.proto +``` + +* `{module_name}.proto`: The module's common message type definitions. +* `event.proto`: The module's message type definitions related to events. +* `genesis.proto`: The module's message type definitions related to genesis state. +* `query.proto`: The module's Query service and related message type definitions. +* `tx.proto`: The module's Msg service and related message type definitions. + +```shell expandable +x/{module_name} +├── client +│   ├── cli +│   │ ├── query.go +│   │   └── tx.go +│   └── testutil +│   ├── cli_test.go +│   └── suite.go +├── exported +│   └── exported.go +├── keeper +│   ├── genesis.go +│   ├── grpc_query.go +│   ├── hooks.go +│   ├── invariants.go +│   ├── keeper.go +│   ├── keys.go +│   ├── msg_server.go +│   └── querier.go +├── module +│   └── module.go +│   └── abci.go +│   └── autocli.go +├── simulation +│   ├── decoder.go +│   ├── genesis.go +│   ├── operations.go +│   └── params.go +├── {module_name}.pb.go +├── codec.go +├── errors.go +├── events.go +├── events.pb.go +├── expected_keepers.go +├── genesis.go +├── genesis.pb.go +├── keys.go +├── msgs.go +├── params.go +├── query.pb.go +├── tx.pb.go +└── README.md +``` + +* `client/`: The module's CLI client functionality implementation and the module's CLI testing suite. +* `exported/`: The module's exported types - typically interface types. If a module relies on keepers from another module, it is expected to receive the keepers as interface contracts through the `expected_keepers.go` file (see below) in order to avoid a direct dependency on the module implementing the keepers. However, these interface contracts can define methods that operate on and/or return types that are specific to the module that is implementing the keepers and this is where `exported/` comes into play. The interface types that are defined in `exported/` use canonical types, allowing for the module to receive the keepers as interface contracts through the `expected_keepers.go` file. This pattern allows for code to remain DRY and also alleviates import cycle chaos. +* `keeper/`: The module's `Keeper` and `MsgServer` implementation. +* `module/`: The module's `AppModule` and `AppModuleBasic` implementation. + * `abci.go`: The module's `BeginBlocker` and `EndBlocker` implementations (this file is only required if `BeginBlocker` and/or `EndBlocker` need to be defined). + * `autocli.go`: The module [autocli](https://docs.cosmos.network/main/core/autocli) options. +* `simulation/`: The module's [simulation](/docs/sdk/vnext/build/building-modules/simulator) package defines functions used by the blockchain simulator application (`simapp`). +* `README.md`: The module's specification documents outlining important concepts, state storage structure, and message and event type definitions. Learn more about how to write module specs in the [spec guidelines](/docs/sdk/vnext/../spec/SPEC_MODULE). +* The root directory includes type definitions for messages, events, and genesis state, including the type definitions generated by Protocol Buffers. + * `codec.go`: The module's registry methods for interface types. + * `errors.go`: The module's sentinel errors. + * `events.go`: The module's event types and constructors. + * `expected_keepers.go`: The module's [expected keeper](/docs/sdk/vnext/build/building-modules/keeper#type-definition) interfaces. + * `genesis.go`: The module's genesis state methods and helper functions. + * `keys.go`: The module's store keys and associated helper functions. + * `msgs.go`: The module's message type definitions and associated methods. + * `params.go`: The module's parameter type definitions and associated methods. + * `*.pb.go`: The module's type definitions generated by Protocol Buffers (as defined in the respective `*.proto` files above). diff --git a/docs/sdk/next/build/building-modules/testing.mdx b/docs/sdk/next/build/building-modules/testing.mdx new file mode 100644 index 00000000..3918c8d9 --- /dev/null +++ b/docs/sdk/next/build/building-modules/testing.mdx @@ -0,0 +1,2921 @@ +--- +title: Testing +--- +The Cosmos SDK contains different types of [tests](https://martinfowler.com/articles/practical-test-pyramid.html). +These tests have different goals and are used at different stages of the development cycle. +We advise, as a general rule, to use tests at all stages of the development cycle. +It is advised, as a chain developer, to test your application and modules in a similar way to the SDK. + +The rationale behind testing can be found in [ADR-59](https://docs.cosmos.network/main/build/architecture/adr-059-test-scopes). + +## Unit Tests + +Unit tests are the lowest test category of the [test pyramid](https://martinfowler.com/articles/practical-test-pyramid.html). +All packages and modules should have unit test coverage. Modules should have their dependencies mocked: this means mocking keepers. + +The SDK uses `mockgen` to generate mocks for keepers: + +```go expandable +#!/usr/bin/env bash + +mockgen_cmd="mockgen" +$mockgen_cmd -source=baseapp/abci_utils.go -package mock -destination baseapp/testutil/mock/mocks.go +$mockgen_cmd -source=client/account_retriever.go -package mock -destination testutil/mock/account_retriever.go +$mockgen_cmd -package mock -destination store/mock/cosmos_cosmos_db_DB.go github.com/cosmos/cosmos-db DB +$mockgen_cmd -source=types/module/module.go -package mock -destination testutil/mock/types_module_module.go +$mockgen_cmd -source=types/module/mock_appmodule_test.go -package mock -destination testutil/mock/types_mock_appmodule.go +$mockgen_cmd -source=types/invariant.go -package mock -destination testutil/mock/types_invariant.go +$mockgen_cmd -package mock -destination testutil/mock/grpc_server.go github.com/cosmos/gogoproto/grpc Server +$mockgen_cmd -package mock -destination testutil/mock/logger.go cosmossdk.io/log Logger +$mockgen_cmd -source=x/nft/expected_keepers.go -package testutil -destination x/nft/testutil/expected_keepers_mocks.go +$mockgen_cmd -source=x/feegrant/expected_keepers.go -package testutil -destination x/feegrant/testutil/expected_keepers_mocks.go +$mockgen_cmd -source=x/mint/types/expected_keepers.go -package testutil -destination x/mint/testutil/expected_keepers_mocks.go +$mockgen_cmd -source=x/params/proposal_handler_test.go -package testutil -destination x/params/testutil/staking_keeper_mock.go +$mockgen_cmd -source=x/auth/tx/config/expected_keepers.go -package testutil -destination x/auth/tx/testutil/expected_keepers_mocks.go +$mockgen_cmd -source=x/auth/types/expected_keepers.go -package testutil -destination x/auth/testutil/expected_keepers_mocks.go +$mockgen_cmd -source=x/auth/ante/expected_keepers.go -package testutil -destination x/auth/ante/testutil/expected_keepers_mocks.go +$mockgen_cmd -source=x/authz/expected_keepers.go -package testutil -destination x/authz/testutil/expected_keepers_mocks.go +$mockgen_cmd -source=x/bank/types/expected_keepers.go -package testutil -destination x/bank/testutil/expected_keepers_mocks.go +$mockgen_cmd -source=x/group/testutil/expected_keepers.go -package testutil -destination x/group/testutil/expected_keepers_mocks.go +$mockgen_cmd -source=x/evidence/types/expected_keepers.go -package testutil -destination x/evidence/testutil/expected_keepers_mocks.go +$mockgen_cmd -source=x/distribution/types/expected_keepers.go -package testutil -destination x/distribution/testutil/expected_keepers_mocks.go +$mockgen_cmd -source=x/slashing/types/expected_keepers.go -package testutil -destination x/slashing/testutil/expected_keepers_mocks.go +$mockgen_cmd -source=x/genutil/types/expected_keepers.go -package testutil -destination x/genutil/testutil/expected_keepers_mocks.go +$mockgen_cmd -source=x/gov/testutil/expected_keepers.go -package testutil -destination x/gov/testutil/expected_keepers_mocks.go +$mockgen_cmd -source=x/staking/types/expected_keepers.go -package testutil -destination x/staking/testutil/expected_keepers_mocks.go +$mockgen_cmd -source=x/auth/vesting/types/expected_keepers.go -package testutil -destination x/auth/vesting/testutil/expected_keepers_mocks.go +$mockgen_cmd -source=x/protocolpool/types/expected_keepers.go -package testutil -destination x/protocolpool/testutil/expected_keepers_mocks.go +``` + +You can read more about mockgen [here](https://go.uber.org/mock). + +### Example + +As an example, we will walkthrough the [keeper tests](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/gov/keeper/keeper_test.go) of the `x/gov` module. + +The `x/gov` module has a `Keeper` type, which requires a few external dependencies (ie. imports outside `x/gov` to work properly). + +```go expandable +package keeper + +import ( + + "context" + "fmt" + "time" + "cosmossdk.io/collections" + corestoretypes "cosmossdk.io/core/store" + "cosmossdk.io/log" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/x/gov/types" + v1 "github.com/cosmos/cosmos-sdk/x/gov/types/v1" + "github.com/cosmos/cosmos-sdk/x/gov/types/v1beta1" +) + +// Keeper defines the governance module Keeper +type Keeper struct { + authKeeper types.AccountKeeper + bankKeeper types.BankKeeper + distrKeeper types.DistributionKeeper + + // The reference to the DelegationSet and ValidatorSet to get information about validators and delegators + sk types.StakingKeeper + + // GovHooks + hooks types.GovHooks + + // The (unexposed) + +keys used to access the stores from the Context. + storeService corestoretypes.KVStoreService + + // The codec for binary encoding/decoding. + cdc codec.Codec + + // Legacy Proposal router + legacyRouter v1beta1.Router + + // Msg server router + router baseapp.MessageRouter + + config types.Config + + calculateVoteResultsAndVotingPowerFn CalculateVoteResultsAndVotingPowerFn + + // the address capable of executing a MsgUpdateParams message. Typically, this + // should be the x/gov module account. + authority string + + Schema collections.Schema + Constitution collections.Item[string] + Params collections.Item[v1.Params] + Deposits collections.Map[collections.Pair[uint64, sdk.AccAddress], v1.Deposit] + Votes collections.Map[collections.Pair[uint64, sdk.AccAddress], v1.Vote] + ProposalID collections.Sequence + Proposals collections.Map[uint64, v1.Proposal] + ActiveProposalsQueue collections.Map[collections.Pair[time.Time, uint64], uint64] // TODO(tip): this should be simplified and go into an index. + InactiveProposalsQueue collections.Map[collections.Pair[time.Time, uint64], uint64] // TODO(tip): this should be simplified and go into an index. + VotingPeriodProposals collections.Map[uint64, []byte] // TODO(tip): this could be a keyset or index. +} + +type InitOption func(*Keeper) + +// WithCustomCalculateVoteResultsAndVotingPowerFn is an optional input to set a custom CalculateVoteResultsAndVotingPowerFn. +// If this function is not provided, the default function is used. +func WithCustomCalculateVoteResultsAndVotingPowerFn(calculateVoteResultsAndVotingPowerFn CalculateVoteResultsAndVotingPowerFn) + +InitOption { + return func(k *Keeper) { + if calculateVoteResultsAndVotingPowerFn == nil { + panic("calculateVoteResultsAndVotingPowerFn cannot be nil") +} + +k.calculateVoteResultsAndVotingPowerFn = calculateVoteResultsAndVotingPowerFn +} +} + +// GetAuthority returns the x/gov module's authority. +func (k Keeper) + +GetAuthority() + +string { + return k.authority +} + +// NewKeeper returns a governance keeper. It handles: +// - submitting governance proposals +// - depositing funds into proposals, and activating upon sufficient funds being deposited +// - users voting on proposals, with weight proportional to stake in the system +// - and tallying the result of the vote. +// +// CONTRACT: the parameter Subspace must have the param key table already initialized +func NewKeeper( + cdc codec.Codec, storeService corestoretypes.KVStoreService, authKeeper types.AccountKeeper, + bankKeeper types.BankKeeper, sk types.StakingKeeper, distrKeeper types.DistributionKeeper, + router baseapp.MessageRouter, config types.Config, authority string, initOptions ...InitOption, +) *Keeper { + // ensure governance module account is set + if addr := authKeeper.GetModuleAddress(types.ModuleName); addr == nil { + panic(fmt.Sprintf("%s module account has not been set", types.ModuleName)) +} + if _, err := authKeeper.AddressCodec().StringToBytes(authority); err != nil { + panic(fmt.Sprintf("invalid authority address: %s", authority)) +} + + // If MaxMetadataLen not set by app developer, set to default value. + if config.MaxMetadataLen == 0 { + config.MaxMetadataLen = types.DefaultConfig().MaxMetadataLen +} + sb := collections.NewSchemaBuilder(storeService) + k := &Keeper{ + storeService: storeService, + authKeeper: authKeeper, + bankKeeper: bankKeeper, + distrKeeper: distrKeeper, + sk: sk, + cdc: cdc, + router: router, + config: config, + calculateVoteResultsAndVotingPowerFn: defaultCalculateVoteResultsAndVotingPower, + authority: authority, + Constitution: collections.NewItem(sb, types.ConstitutionKey, "constitution", collections.StringValue), + Params: collections.NewItem(sb, types.ParamsKey, "params", codec.CollValue[v1.Params](cdc)), + Deposits: collections.NewMap(sb, types.DepositsKeyPrefix, "deposits", collections.PairKeyCodec(collections.Uint64Key, sdk.LengthPrefixedAddressKey(sdk.AccAddressKey)), codec.CollValue[v1.Deposit](cdc)), // nolint: staticcheck // sdk.LengthPrefixedAddressKey is needed to retain state compatibility + Votes: collections.NewMap(sb, types.VotesKeyPrefix, "votes", collections.PairKeyCodec(collections.Uint64Key, sdk.LengthPrefixedAddressKey(sdk.AccAddressKey)), codec.CollValue[v1.Vote](cdc)), // nolint: staticcheck // sdk.LengthPrefixedAddressKey is needed to retain state compatibility + ProposalID: collections.NewSequence(sb, types.ProposalIDKey, "proposal_id"), + Proposals: collections.NewMap(sb, types.ProposalsKeyPrefix, "proposals", collections.Uint64Key, codec.CollValue[v1.Proposal](cdc)), + ActiveProposalsQueue: collections.NewMap(sb, types.ActiveProposalQueuePrefix, "active_proposals_queue", collections.PairKeyCodec(sdk.TimeKey, collections.Uint64Key), collections.Uint64Value), // sdk.TimeKey is needed to retain state compatibility + InactiveProposalsQueue: collections.NewMap(sb, types.InactiveProposalQueuePrefix, "inactive_proposals_queue", collections.PairKeyCodec(sdk.TimeKey, collections.Uint64Key), collections.Uint64Value), // sdk.TimeKey is needed to retain state compatibility + VotingPeriodProposals: collections.NewMap(sb, types.VotingPeriodProposalKeyPrefix, "voting_period_proposals", collections.Uint64Key, collections.BytesValue), +} + for _, opt := range initOptions { + opt(k) +} + +schema, err := sb.Build() + if err != nil { + panic(err) +} + +k.Schema = schema + return k +} + +// Hooks gets the hooks for governance *Keeper { + func (k *Keeper) + +Hooks() + +types.GovHooks { + if k.hooks == nil { + // return a no-op implementation if no hooks are set + return types.MultiGovHooks{ +} + +} + +return k.hooks +} + +// SetHooks sets the hooks for governance +func (k *Keeper) + +SetHooks(gh types.GovHooks) *Keeper { + if k.hooks != nil { + panic("cannot set governance hooks twice") +} + +k.hooks = gh + + return k +} + +// SetLegacyRouter sets the legacy router for governance +func (k *Keeper) + +SetLegacyRouter(router v1beta1.Router) { + // It is vital to seal the governance proposal router here as to not allow + // further handlers to be registered after the keeper is created since this + // could create invalid or non-deterministic behavior. + router.Seal() + +k.legacyRouter = router +} + +// Logger returns a module-specific logger. +func (k Keeper) + +Logger(ctx context.Context) + +log.Logger { + sdkCtx := sdk.UnwrapSDKContext(ctx) + +return sdkCtx.Logger().With("module", "x/"+types.ModuleName) +} + +// Router returns the gov keeper's router +func (k Keeper) + +Router() + +baseapp.MessageRouter { + return k.router +} + +// LegacyRouter returns the gov keeper's legacy router +func (k Keeper) + +LegacyRouter() + +v1beta1.Router { + return k.legacyRouter +} + +// GetGovernanceAccount returns the governance ModuleAccount +func (k Keeper) + +GetGovernanceAccount(ctx context.Context) + +sdk.ModuleAccountI { + return k.authKeeper.GetModuleAccount(ctx, types.ModuleName) +} + +// ModuleAccountAddress returns gov module account address +func (k Keeper) + +ModuleAccountAddress() + +sdk.AccAddress { + return k.authKeeper.GetModuleAddress(types.ModuleName) +} + +// assertMetadataLength returns an error if given metadata length +// is greater than a pre-defined MaxMetadataLen. +func (k Keeper) + +assertMetadataLength(metadata string) + +error { + if metadata != "" && uint64(len(metadata)) > k.config.MaxMetadataLen { + return types.ErrMetadataTooLong.Wrapf("got metadata with length %d", len(metadata)) +} + +return nil +} + +// assertSummaryLength returns an error if given summary length +// is greater than a pre-defined 40*MaxMetadataLen. +func (k Keeper) + +assertSummaryLength(summary string) + +error { + if summary != "" && uint64(len(summary)) > 40*k.config.MaxMetadataLen { + return types.ErrSummaryTooLong.Wrapf("got summary with length %d", len(summary)) +} + +return nil +} +``` + +In order to only test `x/gov`, we mock the [expected keepers](https://docs.cosmos.network/v0.46/building-modules/keeper.html#type-definition) and instantiate the `Keeper` with the mocked dependencies. Note that we may need to configure the mocked dependencies to return the expected values: + +```go expandable +package keeper_test + +import ( + + "fmt" + "testing" + + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + cmttime "github.com/cometbft/cometbft/types/time" + "github.com/stretchr/testify/require" + "go.uber.org/mock/gomock" + "cosmossdk.io/math" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/codec/address" + "github.com/cosmos/cosmos-sdk/runtime" + "github.com/cosmos/cosmos-sdk/testutil" + "github.com/cosmos/cosmos-sdk/testutil/testdata" + sdk "github.com/cosmos/cosmos-sdk/types" + moduletestutil "github.com/cosmos/cosmos-sdk/types/module/testutil" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" + disttypes "github.com/cosmos/cosmos-sdk/x/distribution/types" + "github.com/cosmos/cosmos-sdk/x/gov/keeper" + govtestutil "github.com/cosmos/cosmos-sdk/x/gov/testutil" + "github.com/cosmos/cosmos-sdk/x/gov/types" + v1 "github.com/cosmos/cosmos-sdk/x/gov/types/v1" + "github.com/cosmos/cosmos-sdk/x/gov/types/v1beta1" + minttypes "github.com/cosmos/cosmos-sdk/x/mint/types" +) + +var ( + _, _, addr = testdata.KeyTestPubAddr() + +govAcct = authtypes.NewModuleAddress(types.ModuleName) + +distAcct = authtypes.NewModuleAddress(disttypes.ModuleName) + +TestProposal = getTestProposal() +) + +// getTestProposal creates and returns a test proposal message. +func getTestProposal() []sdk.Msg { + legacyProposalMsg, err := v1.NewLegacyContent(v1beta1.NewTextProposal("Title", "description"), authtypes.NewModuleAddress(types.ModuleName).String()) + if err != nil { + panic(err) +} + +return []sdk.Msg{ + banktypes.NewMsgSend(govAcct, addr, sdk.NewCoins(sdk.NewCoin("stake", math.NewInt(1000)))), + legacyProposalMsg, +} +} + +// setupGovKeeper creates a govKeeper as well as all its dependencies. +func setupGovKeeper(t *testing.T) ( + *keeper.Keeper, + *govtestutil.MockAccountKeeper, + *govtestutil.MockBankKeeper, + *govtestutil.MockStakingKeeper, + *govtestutil.MockDistributionKeeper, + moduletestutil.TestEncodingConfig, + sdk.Context, +) { + t.Helper() + key := storetypes.NewKVStoreKey(types.StoreKey) + storeService := runtime.NewKVStoreService(key) + testCtx := testutil.DefaultContextWithDB(t, key, storetypes.NewTransientStoreKey("transient_test")) + ctx := testCtx.Ctx.WithBlockHeader(cmtproto.Header{ + Time: cmttime.Now() +}) + encCfg := moduletestutil.MakeTestEncodingConfig() + +v1.RegisterInterfaces(encCfg.InterfaceRegistry) + +v1beta1.RegisterInterfaces(encCfg.InterfaceRegistry) + +banktypes.RegisterInterfaces(encCfg.InterfaceRegistry) + + // Create MsgServiceRouter, but don't populate it before creating the gov + // keeper. + msr := baseapp.NewMsgServiceRouter() + + // gomock initializations + ctrl := gomock.NewController(t) + acctKeeper := govtestutil.NewMockAccountKeeper(ctrl) + bankKeeper := govtestutil.NewMockBankKeeper(ctrl) + stakingKeeper := govtestutil.NewMockStakingKeeper(ctrl) + distributionKeeper := govtestutil.NewMockDistributionKeeper(ctrl) + +acctKeeper.EXPECT().GetModuleAddress(types.ModuleName).Return(govAcct).AnyTimes() + +acctKeeper.EXPECT().GetModuleAddress(disttypes.ModuleName).Return(distAcct).AnyTimes() + +acctKeeper.EXPECT().GetModuleAccount(gomock.Any(), types.ModuleName).Return(authtypes.NewEmptyModuleAccount(types.ModuleName)).AnyTimes() + +acctKeeper.EXPECT().AddressCodec().Return(address.NewBech32Codec("cosmos")).AnyTimes() + +trackMockBalances(bankKeeper, distributionKeeper) + +stakingKeeper.EXPECT().TokensFromConsensusPower(ctx, gomock.Any()).DoAndReturn(func(ctx sdk.Context, power int64) + +math.Int { + return sdk.TokensFromConsensusPower(power, math.NewIntFromUint64(1000000)) +}).AnyTimes() + +stakingKeeper.EXPECT().BondDenom(ctx).Return("stake", nil).AnyTimes() + +stakingKeeper.EXPECT().IterateBondedValidatorsByPower(gomock.Any(), gomock.Any()).AnyTimes() + +stakingKeeper.EXPECT().IterateDelegations(gomock.Any(), gomock.Any(), gomock.Any()).AnyTimes() + +stakingKeeper.EXPECT().TotalBondedTokens(gomock.Any()).Return(math.NewInt(10000000), nil).AnyTimes() + +distributionKeeper.EXPECT().FundCommunityPool(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil).AnyTimes() + + // Gov keeper initializations + govKeeper := keeper.NewKeeper(encCfg.Codec, storeService, acctKeeper, bankKeeper, stakingKeeper, distributionKeeper, msr, types.DefaultConfig(), govAcct.String()) + +require.NoError(t, govKeeper.ProposalID.Set(ctx, 1)) + govRouter := v1beta1.NewRouter() // Also register legacy gov handlers to test them too. + govRouter.AddRoute(types.RouterKey, v1beta1.ProposalHandler) + +govKeeper.SetLegacyRouter(govRouter) + err := govKeeper.Params.Set(ctx, v1.DefaultParams()) + +require.NoError(t, err) + +err = govKeeper.Constitution.Set(ctx, "constitution") + +require.NoError(t, err) + + // Register all handlers for the MegServiceRouter. + msr.SetInterfaceRegistry(encCfg.InterfaceRegistry) + +v1.RegisterMsgServer(msr, keeper.NewMsgServerImpl(govKeeper)) + +banktypes.RegisterMsgServer(msr, nil) // Nil is fine here as long as we never execute the proposal's Msgs. + + return govKeeper, acctKeeper, bankKeeper, stakingKeeper, distributionKeeper, encCfg, ctx +} + +// trackMockBalances sets up expected calls on the Mock BankKeeper, and also +// locally tracks accounts balances (not modules balances). +func trackMockBalances(bankKeeper *govtestutil.MockBankKeeper, distributionKeeper *govtestutil.MockDistributionKeeper) { + balances := make(map[string]sdk.Coins) + +balances[distAcct.String()] = sdk.NewCoins(sdk.NewCoin(sdk.DefaultBondDenom, math.NewInt(0))) + + // We don't track module account balances. + bankKeeper.EXPECT().MintCoins(gomock.Any(), minttypes.ModuleName, gomock.Any()).AnyTimes() + +bankKeeper.EXPECT().BurnCoins(gomock.Any(), types.ModuleName, gomock.Any()).AnyTimes() + +bankKeeper.EXPECT().SendCoinsFromModuleToModule(gomock.Any(), minttypes.ModuleName, types.ModuleName, gomock.Any()).AnyTimes() + + // But we do track normal account balances. + bankKeeper.EXPECT().SendCoinsFromAccountToModule(gomock.Any(), gomock.Any(), types.ModuleName, gomock.Any()).DoAndReturn(func(_ sdk.Context, sender sdk.AccAddress, _ string, coins sdk.Coins) + +error { + newBalance, negative := balances[sender.String()].SafeSub(coins...) + if negative { + return fmt.Errorf("not enough balance") +} + +balances[sender.String()] = newBalance + return nil +}).AnyTimes() + +bankKeeper.EXPECT().SendCoinsFromModuleToAccount(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(func(_ sdk.Context, module string, rcpt sdk.AccAddress, coins sdk.Coins) + +error { + balances[rcpt.String()] = balances[rcpt.String()].Add(coins...) + +return nil +}).AnyTimes() + +bankKeeper.EXPECT().GetAllBalances(gomock.Any(), gomock.Any()).DoAndReturn(func(_ sdk.Context, addr sdk.AccAddress) + +sdk.Coins { + return balances[addr.String()] +}).AnyTimes() + +bankKeeper.EXPECT().GetBalance(gomock.Any(), gomock.Any(), sdk.DefaultBondDenom).DoAndReturn(func(_ sdk.Context, addr sdk.AccAddress, _ string) + +sdk.Coin { + balances := balances[addr.String()] + for _, balance := range balances { + if balance.Denom == sdk.DefaultBondDenom { + return balance +} + +} + +return sdk.NewCoin(sdk.DefaultBondDenom, math.NewInt(0)) +}).AnyTimes() + +distributionKeeper.EXPECT().FundCommunityPool(gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(func(_ sdk.Context, coins sdk.Coins, sender sdk.AccAddress) + +error { + // sender balance + newBalance, negative := balances[sender.String()].SafeSub(coins...) + if negative { + return fmt.Errorf("not enough balance") +} + +balances[sender.String()] = newBalance + // receiver balance + balances[distAcct.String()] = balances[distAcct.String()].Add(coins...) + +return nil +}).AnyTimes() +} +``` + +This allows us to test the `x/gov` module without having to import other modules. + +```go expandable +package keeper_test + +import ( + + "testing" + "github.com/stretchr/testify/require" + "github.com/stretchr/testify/suite" + "cosmossdk.io/collections" + sdkmath "cosmossdk.io/math" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/address" + simtestutil "github.com/cosmos/cosmos-sdk/testutil/sims" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/x/gov/keeper" + govtestutil "github.com/cosmos/cosmos-sdk/x/gov/testutil" + "github.com/cosmos/cosmos-sdk/x/gov/types" + v1 "github.com/cosmos/cosmos-sdk/x/gov/types/v1" + "github.com/cosmos/cosmos-sdk/x/gov/types/v1beta1" + minttypes "github.com/cosmos/cosmos-sdk/x/mint/types" +) + +var address1 = "cosmos1ghekyjucln7y67ntx7cf27m9dpuxxemn4c8g4r" + +type KeeperTestSuite struct { + suite.Suite + + cdc codec.Codec + ctx sdk.Context + govKeeper *keeper.Keeper + acctKeeper *govtestutil.MockAccountKeeper + bankKeeper *govtestutil.MockBankKeeper + stakingKeeper *govtestutil.MockStakingKeeper + distKeeper *govtestutil.MockDistributionKeeper + queryClient v1.QueryClient + legacyQueryClient v1beta1.QueryClient + addrs []sdk.AccAddress + msgSrvr v1.MsgServer + legacyMsgSrvr v1beta1.MsgServer +} + +func (suite *KeeperTestSuite) + +SetupSuite() { + suite.reset() +} + +func (suite *KeeperTestSuite) + +reset() { + govKeeper, acctKeeper, bankKeeper, stakingKeeper, distKeeper, encCfg, ctx := setupGovKeeper(suite.T()) + + // Populate the gov account with some coins, as the TestProposal we have + // is a MsgSend from the gov account. + coins := sdk.NewCoins(sdk.NewCoin("stake", sdkmath.NewInt(100000))) + err := bankKeeper.MintCoins(suite.ctx, minttypes.ModuleName, coins) + +suite.NoError(err) + +err = bankKeeper.SendCoinsFromModuleToModule(ctx, minttypes.ModuleName, types.ModuleName, coins) + +suite.NoError(err) + queryHelper := baseapp.NewQueryServerTestHelper(ctx, encCfg.InterfaceRegistry) + +v1.RegisterQueryServer(queryHelper, keeper.NewQueryServer(govKeeper)) + legacyQueryHelper := baseapp.NewQueryServerTestHelper(ctx, encCfg.InterfaceRegistry) + +v1beta1.RegisterQueryServer(legacyQueryHelper, keeper.NewLegacyQueryServer(govKeeper)) + queryClient := v1.NewQueryClient(queryHelper) + legacyQueryClient := v1beta1.NewQueryClient(legacyQueryHelper) + +suite.ctx = ctx + suite.govKeeper = govKeeper + suite.acctKeeper = acctKeeper + suite.bankKeeper = bankKeeper + suite.stakingKeeper = stakingKeeper + suite.distKeeper = distKeeper + suite.cdc = encCfg.Codec + suite.queryClient = queryClient + suite.legacyQueryClient = legacyQueryClient + suite.msgSrvr = keeper.NewMsgServerImpl(suite.govKeeper) + +suite.legacyMsgSrvr = keeper.NewLegacyMsgServerImpl(govAcct.String(), suite.msgSrvr) + +suite.addrs = simtestutil.AddTestAddrsIncremental(bankKeeper, stakingKeeper, ctx, 3, sdkmath.NewInt(30000000)) + +suite.acctKeeper.EXPECT().AddressCodec().Return(address.NewBech32Codec("cosmos")).AnyTimes() +} + +func TestIncrementProposalNumber(t *testing.T) { + govKeeper, authKeeper, _, _, _, _, ctx := setupGovKeeper(t) + +authKeeper.EXPECT().AddressCodec().Return(address.NewBech32Codec("cosmos")).AnyTimes() + ac := address.NewBech32Codec("cosmos") + +addrBz, err := ac.StringToBytes(address1) + +require.NoError(t, err) + tp := TestProposal + _, err = govKeeper.SubmitProposal(ctx, tp, "", "test", "summary", addrBz, false) + +require.NoError(t, err) + _, err = govKeeper.SubmitProposal(ctx, tp, "", "test", "summary", addrBz, false) + +require.NoError(t, err) + _, err = govKeeper.SubmitProposal(ctx, tp, "", "test", "summary", addrBz, true) + +require.NoError(t, err) + _, err = govKeeper.SubmitProposal(ctx, tp, "", "test", "summary", addrBz, true) + +require.NoError(t, err) + _, err = govKeeper.SubmitProposal(ctx, tp, "", "test", "summary", addrBz, false) + +require.NoError(t, err) + +proposal6, err := govKeeper.SubmitProposal(ctx, tp, "", "test", "summary", addrBz, false) + +require.NoError(t, err) + +require.Equal(t, uint64(6), proposal6.Id) +} + +func TestProposalQueues(t *testing.T) { + govKeeper, authKeeper, _, _, _, _, ctx := setupGovKeeper(t) + ac := address.NewBech32Codec("cosmos") + +addrBz, err := ac.StringToBytes(address1) + +require.NoError(t, err) + +authKeeper.EXPECT().AddressCodec().Return(address.NewBech32Codec("cosmos")).AnyTimes() + + // create test proposals + tp := TestProposal + proposal, err := govKeeper.SubmitProposal(ctx, tp, "", "test", "summary", addrBz, false) + +require.NoError(t, err) + +has, err := govKeeper.InactiveProposalsQueue.Has(ctx, collections.Join(*proposal.DepositEndTime, proposal.Id)) + +require.NoError(t, err) + +require.True(t, has) + +require.NoError(t, govKeeper.ActivateVotingPeriod(ctx, proposal)) + +proposal, err = govKeeper.Proposals.Get(ctx, proposal.Id) + +require.Nil(t, err) + +has, err = govKeeper.ActiveProposalsQueue.Has(ctx, collections.Join(*proposal.VotingEndTime, proposal.Id)) + +require.NoError(t, err) + +require.True(t, has) +} + +func TestSetHooks(t *testing.T) { + govKeeper, _, _, _, _, _, _ := setupGovKeeper(t) + +require.Empty(t, govKeeper.Hooks()) + govHooksReceiver := MockGovHooksReceiver{ +} + +govKeeper.SetHooks(types.NewMultiGovHooks(&govHooksReceiver)) + +require.NotNil(t, govKeeper.Hooks()) + +require.Panics(t, func() { + govKeeper.SetHooks(&govHooksReceiver) +}) +} + +func TestGetGovGovernanceAndModuleAccountAddress(t *testing.T) { + govKeeper, authKeeper, _, _, _, _, ctx := setupGovKeeper(t) + mAcc := authKeeper.GetModuleAccount(ctx, "gov") + +require.Equal(t, mAcc, govKeeper.GetGovernanceAccount(ctx)) + mAddr := authKeeper.GetModuleAddress("gov") + +require.Equal(t, mAddr, govKeeper.ModuleAccountAddress()) +} + +func TestKeeperTestSuite(t *testing.T) { + suite.Run(t, new(KeeperTestSuite)) +} +``` + +We can then create unit tests using the newly created `Keeper` instance. + +```go expandable +package keeper_test + +import ( + + "testing" + "github.com/stretchr/testify/require" + "github.com/stretchr/testify/suite" + "cosmossdk.io/collections" + sdkmath "cosmossdk.io/math" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/address" + simtestutil "github.com/cosmos/cosmos-sdk/testutil/sims" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/x/gov/keeper" + govtestutil "github.com/cosmos/cosmos-sdk/x/gov/testutil" + "github.com/cosmos/cosmos-sdk/x/gov/types" + v1 "github.com/cosmos/cosmos-sdk/x/gov/types/v1" + "github.com/cosmos/cosmos-sdk/x/gov/types/v1beta1" + minttypes "github.com/cosmos/cosmos-sdk/x/mint/types" +) + +var address1 = "cosmos1ghekyjucln7y67ntx7cf27m9dpuxxemn4c8g4r" + +type KeeperTestSuite struct { + suite.Suite + + cdc codec.Codec + ctx sdk.Context + govKeeper *keeper.Keeper + acctKeeper *govtestutil.MockAccountKeeper + bankKeeper *govtestutil.MockBankKeeper + stakingKeeper *govtestutil.MockStakingKeeper + distKeeper *govtestutil.MockDistributionKeeper + queryClient v1.QueryClient + legacyQueryClient v1beta1.QueryClient + addrs []sdk.AccAddress + msgSrvr v1.MsgServer + legacyMsgSrvr v1beta1.MsgServer +} + +func (suite *KeeperTestSuite) + +SetupSuite() { + suite.reset() +} + +func (suite *KeeperTestSuite) + +reset() { + govKeeper, acctKeeper, bankKeeper, stakingKeeper, distKeeper, encCfg, ctx := setupGovKeeper(suite.T()) + + // Populate the gov account with some coins, as the TestProposal we have + // is a MsgSend from the gov account. + coins := sdk.NewCoins(sdk.NewCoin("stake", sdkmath.NewInt(100000))) + err := bankKeeper.MintCoins(suite.ctx, minttypes.ModuleName, coins) + +suite.NoError(err) + +err = bankKeeper.SendCoinsFromModuleToModule(ctx, minttypes.ModuleName, types.ModuleName, coins) + +suite.NoError(err) + queryHelper := baseapp.NewQueryServerTestHelper(ctx, encCfg.InterfaceRegistry) + +v1.RegisterQueryServer(queryHelper, keeper.NewQueryServer(govKeeper)) + legacyQueryHelper := baseapp.NewQueryServerTestHelper(ctx, encCfg.InterfaceRegistry) + +v1beta1.RegisterQueryServer(legacyQueryHelper, keeper.NewLegacyQueryServer(govKeeper)) + queryClient := v1.NewQueryClient(queryHelper) + legacyQueryClient := v1beta1.NewQueryClient(legacyQueryHelper) + +suite.ctx = ctx + suite.govKeeper = govKeeper + suite.acctKeeper = acctKeeper + suite.bankKeeper = bankKeeper + suite.stakingKeeper = stakingKeeper + suite.distKeeper = distKeeper + suite.cdc = encCfg.Codec + suite.queryClient = queryClient + suite.legacyQueryClient = legacyQueryClient + suite.msgSrvr = keeper.NewMsgServerImpl(suite.govKeeper) + +suite.legacyMsgSrvr = keeper.NewLegacyMsgServerImpl(govAcct.String(), suite.msgSrvr) + +suite.addrs = simtestutil.AddTestAddrsIncremental(bankKeeper, stakingKeeper, ctx, 3, sdkmath.NewInt(30000000)) + +suite.acctKeeper.EXPECT().AddressCodec().Return(address.NewBech32Codec("cosmos")).AnyTimes() +} + +func TestIncrementProposalNumber(t *testing.T) { + govKeeper, authKeeper, _, _, _, _, ctx := setupGovKeeper(t) + +authKeeper.EXPECT().AddressCodec().Return(address.NewBech32Codec("cosmos")).AnyTimes() + ac := address.NewBech32Codec("cosmos") + +addrBz, err := ac.StringToBytes(address1) + +require.NoError(t, err) + tp := TestProposal + _, err = govKeeper.SubmitProposal(ctx, tp, "", "test", "summary", addrBz, false) + +require.NoError(t, err) + _, err = govKeeper.SubmitProposal(ctx, tp, "", "test", "summary", addrBz, false) + +require.NoError(t, err) + _, err = govKeeper.SubmitProposal(ctx, tp, "", "test", "summary", addrBz, true) + +require.NoError(t, err) + _, err = govKeeper.SubmitProposal(ctx, tp, "", "test", "summary", addrBz, true) + +require.NoError(t, err) + _, err = govKeeper.SubmitProposal(ctx, tp, "", "test", "summary", addrBz, false) + +require.NoError(t, err) + +proposal6, err := govKeeper.SubmitProposal(ctx, tp, "", "test", "summary", addrBz, false) + +require.NoError(t, err) + +require.Equal(t, uint64(6), proposal6.Id) +} + +func TestProposalQueues(t *testing.T) { + govKeeper, authKeeper, _, _, _, _, ctx := setupGovKeeper(t) + ac := address.NewBech32Codec("cosmos") + +addrBz, err := ac.StringToBytes(address1) + +require.NoError(t, err) + +authKeeper.EXPECT().AddressCodec().Return(address.NewBech32Codec("cosmos")).AnyTimes() + + // create test proposals + tp := TestProposal + proposal, err := govKeeper.SubmitProposal(ctx, tp, "", "test", "summary", addrBz, false) + +require.NoError(t, err) + +has, err := govKeeper.InactiveProposalsQueue.Has(ctx, collections.Join(*proposal.DepositEndTime, proposal.Id)) + +require.NoError(t, err) + +require.True(t, has) + +require.NoError(t, govKeeper.ActivateVotingPeriod(ctx, proposal)) + +proposal, err = govKeeper.Proposals.Get(ctx, proposal.Id) + +require.Nil(t, err) + +has, err = govKeeper.ActiveProposalsQueue.Has(ctx, collections.Join(*proposal.VotingEndTime, proposal.Id)) + +require.NoError(t, err) + +require.True(t, has) +} + +func TestSetHooks(t *testing.T) { + govKeeper, _, _, _, _, _, _ := setupGovKeeper(t) + +require.Empty(t, govKeeper.Hooks()) + govHooksReceiver := MockGovHooksReceiver{ +} + +govKeeper.SetHooks(types.NewMultiGovHooks(&govHooksReceiver)) + +require.NotNil(t, govKeeper.Hooks()) + +require.Panics(t, func() { + govKeeper.SetHooks(&govHooksReceiver) +}) +} + +func TestGetGovGovernanceAndModuleAccountAddress(t *testing.T) { + govKeeper, authKeeper, _, _, _, _, ctx := setupGovKeeper(t) + mAcc := authKeeper.GetModuleAccount(ctx, "gov") + +require.Equal(t, mAcc, govKeeper.GetGovernanceAccount(ctx)) + mAddr := authKeeper.GetModuleAddress("gov") + +require.Equal(t, mAddr, govKeeper.ModuleAccountAddress()) +} + +func TestKeeperTestSuite(t *testing.T) { + suite.Run(t, new(KeeperTestSuite)) +} +``` + +## Integration Tests + +Integration tests are at the second level of the [test pyramid](https://martinfowler.com/articles/practical-test-pyramid.html). +In the SDK, we locate our integration tests under [`/tests/integrations`](https://github.com/cosmos/cosmos-sdk/tree/main/tests/integration). + +The goal of these integration tests is to test how a component interacts with other dependencies. Compared to unit tests, integration tests do not mock dependencies. Instead, they use the direct dependencies of the component. This differs as well from end-to-end tests, which test the component with a full application. + +Integration tests interact with the tested module via the defined `Msg` and `Query` services. The result of the test can be verified by checking the state of the application, by checking the emitted events or the response. It is advised to combine two of these methods to verify the result of the test. + +The SDK provides small helpers for quickly setting up an integration tests. These helpers can be found at [Link](https://github.com/cosmos/cosmos-sdk/blob/main/testutil/integration). + +### Example + +```go expandable +package integration_test + +import ( + + "fmt" + "io" + + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + "github.com/google/go-cmp/cmp" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/log" + storetypes "cosmossdk.io/store/types" + + addresscodec "github.com/cosmos/cosmos-sdk/codec/address" + "github.com/cosmos/cosmos-sdk/runtime" + "github.com/cosmos/cosmos-sdk/testutil/integration" + sdk "github.com/cosmos/cosmos-sdk/types" + moduletestutil "github.com/cosmos/cosmos-sdk/types/module/testutil" + "github.com/cosmos/cosmos-sdk/x/auth" + authkeeper "github.com/cosmos/cosmos-sdk/x/auth/keeper" + authsims "github.com/cosmos/cosmos-sdk/x/auth/simulation" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + "github.com/cosmos/cosmos-sdk/x/mint" + mintkeeper "github.com/cosmos/cosmos-sdk/x/mint/keeper" + minttypes "github.com/cosmos/cosmos-sdk/x/mint/types" +) + +// Example shows how to use the integration test framework to test the integration of SDK modules. +// Panics are used in this example, but in a real test case, you should use the testing.T object and assertions. +func Example() { + // in this example we are testing the integration of the following modules: + // - mint, which directly depends on auth, bank and staking + encodingCfg := moduletestutil.MakeTestEncodingConfig(auth.AppModuleBasic{ +}, mint.AppModuleBasic{ +}) + keys := storetypes.NewKVStoreKeys(authtypes.StoreKey, minttypes.StoreKey) + authority := authtypes.NewModuleAddress("gov").String() + + // replace the logger by testing values in a real test case (e.g. log.NewTestLogger(t)) + logger := log.NewNopLogger() + cms := integration.CreateMultiStore(keys, logger) + newCtx := sdk.NewContext(cms, cmtproto.Header{ +}, true, logger) + accountKeeper := authkeeper.NewAccountKeeper( + encodingCfg.Codec, + runtime.NewKVStoreService(keys[authtypes.StoreKey]), + authtypes.ProtoBaseAccount, + map[string][]string{ + minttypes.ModuleName: { + authtypes.Minter +}}, + addresscodec.NewBech32Codec("cosmos"), + "cosmos", + authority, + ) + + // subspace is nil because we don't test params (which is legacy anyway) + authModule := auth.NewAppModule(encodingCfg.Codec, accountKeeper, authsims.RandomGenesisAccounts, nil) + + // here bankkeeper and staking keeper is nil because we are not testing them + // subspace is nil because we don't test params (which is legacy anyway) + mintKeeper := mintkeeper.NewKeeper(encodingCfg.Codec, runtime.NewKVStoreService(keys[minttypes.StoreKey]), nil, accountKeeper, nil, authtypes.FeeCollectorName, authority) + mintModule := mint.NewAppModule(encodingCfg.Codec, mintKeeper, accountKeeper, nil, nil) + + // create the application and register all the modules from the previous step + integrationApp := integration.NewIntegrationApp( + newCtx, + logger, + keys, + encodingCfg.Codec, + map[string]appmodule.AppModule{ + authtypes.ModuleName: authModule, + minttypes.ModuleName: mintModule, +}, + ) + + // register the message and query servers + authtypes.RegisterMsgServer(integrationApp.MsgServiceRouter(), authkeeper.NewMsgServerImpl(accountKeeper)) + +minttypes.RegisterMsgServer(integrationApp.MsgServiceRouter(), mintkeeper.NewMsgServerImpl(mintKeeper)) + +minttypes.RegisterQueryServer(integrationApp.QueryHelper(), mintkeeper.NewQueryServerImpl(mintKeeper)) + params := minttypes.DefaultParams() + +params.BlocksPerYear = 10000 + + // now we can use the application to test a mint message + result, err := integrationApp.RunMsg(&minttypes.MsgUpdateParams{ + Authority: authority, + Params: params, +}) + if err != nil { + panic(err) +} + + // in this example the result is an empty response, a nil check is enough + // in other cases, it is recommended to check the result value. + if result == nil { + panic(fmt.Errorf("unexpected nil result")) +} + + // we now check the result + resp := minttypes.MsgUpdateParamsResponse{ +} + +err = encodingCfg.Codec.Unmarshal(result.Value, &resp) + if err != nil { + panic(err) +} + sdkCtx := sdk.UnwrapSDKContext(integrationApp.Context()) + + // we should also check the state of the application + got, err := mintKeeper.Params.Get(sdkCtx) + if err != nil { + panic(err) +} + if diff := cmp.Diff(got, params); diff != "" { + panic(diff) +} + +fmt.Println(got.BlocksPerYear) + // Output: 10000 +} + +// ExampleOneModule shows how to use the integration test framework to test the integration of a single module. +// That module has no dependency on other modules. +func Example_oneModule() { + // in this example we are testing the integration of the auth module: + encodingCfg := moduletestutil.MakeTestEncodingConfig(auth.AppModuleBasic{ +}) + keys := storetypes.NewKVStoreKeys(authtypes.StoreKey) + authority := authtypes.NewModuleAddress("gov").String() + + // replace the logger by testing values in a real test case (e.g. log.NewTestLogger(t)) + logger := log.NewLogger(io.Discard) + cms := integration.CreateMultiStore(keys, logger) + newCtx := sdk.NewContext(cms, cmtproto.Header{ +}, true, logger) + accountKeeper := authkeeper.NewAccountKeeper( + encodingCfg.Codec, + runtime.NewKVStoreService(keys[authtypes.StoreKey]), + authtypes.ProtoBaseAccount, + map[string][]string{ + minttypes.ModuleName: { + authtypes.Minter +}}, + addresscodec.NewBech32Codec("cosmos"), + "cosmos", + authority, + ) + + // subspace is nil because we don't test params (which is legacy anyway) + authModule := auth.NewAppModule(encodingCfg.Codec, accountKeeper, authsims.RandomGenesisAccounts, nil) + + // create the application and register all the modules from the previous step + integrationApp := integration.NewIntegrationApp( + newCtx, + logger, + keys, + encodingCfg.Codec, + map[string]appmodule.AppModule{ + authtypes.ModuleName: authModule, +}, + ) + + // register the message and query servers + authtypes.RegisterMsgServer(integrationApp.MsgServiceRouter(), authkeeper.NewMsgServerImpl(accountKeeper)) + params := authtypes.DefaultParams() + +params.MaxMemoCharacters = 1000 + + // now we can use the application to test a mint message + result, err := integrationApp.RunMsg(&authtypes.MsgUpdateParams{ + Authority: authority, + Params: params, +}, + // this allows to the begin and end blocker of the module before and after the message + integration.WithAutomaticFinalizeBlock(), + // this allows to commit the state after the message + integration.WithAutomaticCommit(), + ) + if err != nil { + panic(err) +} + + // verify that the begin and end blocker were called + // NOTE: in this example, we are testing auth, which doesn't have any begin or end blocker + // so verifying the block height is enough + if integrationApp.LastBlockHeight() != 2 { + panic(fmt.Errorf("expected block height to be 2, got %d", integrationApp.LastBlockHeight())) +} + + // in this example the result is an empty response, a nil check is enough + // in other cases, it is recommended to check the result value. + if result == nil { + panic(fmt.Errorf("unexpected nil result")) +} + + // we now check the result + resp := authtypes.MsgUpdateParamsResponse{ +} + +err = encodingCfg.Codec.Unmarshal(result.Value, &resp) + if err != nil { + panic(err) +} + sdkCtx := sdk.UnwrapSDKContext(integrationApp.Context()) + + // we should also check the state of the application + got := accountKeeper.GetParams(sdkCtx) + if diff := cmp.Diff(got, params); diff != "" { + panic(diff) +} + +fmt.Println(got.MaxMemoCharacters) + // Output: 1000 +} +``` + +## Deterministic and Regression tests + +Tests are written for queries in the Cosmos SDK which have `module_query_safe` Protobuf annotation. + +Each query is tested using 2 methods: + +* Use property-based testing with the [`rapid`](https://pkg.go.dev/pgregory.net/rapid@v0.5.3) library. The property that is tested is that the query response and gas consumption are the same upon 1000 query calls. +* Regression tests are written with hardcoded responses and gas, and verify they don't change upon 1000 calls and between SDK patch versions. + +Here's an example of regression tests: + +```go expandable +package keeper_test + +import ( + + "testing" + + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + "github.com/stretchr/testify/require" + "gotest.tools/v3/assert" + "pgregory.net/rapid" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/log" + "cosmossdk.io/math" + storetypes "cosmossdk.io/store/types" + + addresscodec "github.com/cosmos/cosmos-sdk/codec/address" + "github.com/cosmos/cosmos-sdk/runtime" + "github.com/cosmos/cosmos-sdk/testutil/integration" + "github.com/cosmos/cosmos-sdk/testutil/testdata" + sdk "github.com/cosmos/cosmos-sdk/types" + moduletestutil "github.com/cosmos/cosmos-sdk/types/module/testutil" + "github.com/cosmos/cosmos-sdk/x/auth" + authkeeper "github.com/cosmos/cosmos-sdk/x/auth/keeper" + authsims "github.com/cosmos/cosmos-sdk/x/auth/simulation" + _ "github.com/cosmos/cosmos-sdk/x/auth/tx/config" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + "github.com/cosmos/cosmos-sdk/x/bank" + "github.com/cosmos/cosmos-sdk/x/bank/keeper" + banktestutil "github.com/cosmos/cosmos-sdk/x/bank/testutil" + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" + _ "github.com/cosmos/cosmos-sdk/x/consensus" + minttypes "github.com/cosmos/cosmos-sdk/x/mint/types" + _ "github.com/cosmos/cosmos-sdk/x/params" + _ "github.com/cosmos/cosmos-sdk/x/staking" +) + +var ( + denomRegex = sdk.DefaultCoinDenomRegex() + +addr1 = sdk.MustAccAddressFromBech32("cosmos139f7kncmglres2nf3h4hc4tade85ekfr8sulz5") + +coin1 = sdk.NewCoin("denom", math.NewInt(10)) + +metadataAtom = banktypes.Metadata{ + Description: "The native staking token of the Cosmos Hub.", + DenomUnits: []*banktypes.DenomUnit{ + { + Denom: "uatom", + Exponent: 0, + Aliases: []string{"microatom" +}, +}, + { + Denom: "atom", + Exponent: 6, + Aliases: []string{"ATOM" +}, +}, +}, + Base: "uatom", + Display: "atom", +} +) + +type deterministicFixture struct { + ctx sdk.Context + bankKeeper keeper.BaseKeeper + queryClient banktypes.QueryClient +} + +func initDeterministicFixture(t *testing.T) *deterministicFixture { + t.Helper() + keys := storetypes.NewKVStoreKeys(authtypes.StoreKey, banktypes.StoreKey) + cdc := moduletestutil.MakeTestEncodingConfig(auth.AppModuleBasic{ +}, bank.AppModuleBasic{ +}).Codec + logger := log.NewTestLogger(t) + cms := integration.CreateMultiStore(keys, logger) + newCtx := sdk.NewContext(cms, cmtproto.Header{ +}, true, logger) + authority := authtypes.NewModuleAddress("gov") + maccPerms := map[string][]string{ + minttypes.ModuleName: { + authtypes.Minter +}, +} + accountKeeper := authkeeper.NewAccountKeeper( + cdc, + runtime.NewKVStoreService(keys[authtypes.StoreKey]), + authtypes.ProtoBaseAccount, + maccPerms, + addresscodec.NewBech32Codec(sdk.Bech32MainPrefix), + sdk.Bech32MainPrefix, + authority.String(), + ) + blockedAddresses := map[string]bool{ + accountKeeper.GetAuthority(): false, +} + bankKeeper := keeper.NewBaseKeeper( + cdc, + runtime.NewKVStoreService(keys[banktypes.StoreKey]), + accountKeeper, + blockedAddresses, + authority.String(), + log.NewNopLogger(), + ) + authModule := auth.NewAppModule(cdc, accountKeeper, authsims.RandomGenesisAccounts, nil) + bankModule := bank.NewAppModule(cdc, bankKeeper, accountKeeper, nil) + integrationApp := integration.NewIntegrationApp(newCtx, logger, keys, cdc, map[string]appmodule.AppModule{ + authtypes.ModuleName: authModule, + banktypes.ModuleName: bankModule, +}) + sdkCtx := sdk.UnwrapSDKContext(integrationApp.Context()) + + // Register MsgServer and QueryServer + banktypes.RegisterMsgServer(integrationApp.MsgServiceRouter(), keeper.NewMsgServerImpl(bankKeeper)) + +banktypes.RegisterQueryServer(integrationApp.QueryHelper(), keeper.NewQuerier(&bankKeeper)) + qr := integrationApp.QueryHelper() + queryClient := banktypes.NewQueryClient(qr) + f := deterministicFixture{ + ctx: sdkCtx, + bankKeeper: bankKeeper, + queryClient: queryClient, +} + +return &f +} + +func fundAccount(f *deterministicFixture, addr sdk.AccAddress, coin ...sdk.Coin) { + err := banktestutil.FundAccount(f.ctx, f.bankKeeper, addr, sdk.NewCoins(coin...)) + +assert.NilError(&testing.T{ +}, err) +} + +func getCoin(rt *rapid.T) + +sdk.Coin { + return sdk.NewCoin( + rapid.StringMatching(denomRegex).Draw(rt, "denom"), + math.NewInt(rapid.Int64Min(1).Draw(rt, "amount")), + ) +} + +func TestGRPCQueryBalance(t *testing.T) { + t.Parallel() + f := initDeterministicFixture(t) + +rapid.Check(t, func(rt *rapid.T) { + addr := testdata.AddressGenerator(rt).Draw(rt, "address") + coin := getCoin(rt) + +fundAccount(f, addr, coin) + req := banktypes.NewQueryBalanceRequest(addr, coin.GetDenom()) + +testdata.DeterministicIterations(f.ctx, t, req, f.queryClient.Balance, 0, true) +}) + +fundAccount(f, addr1, coin1) + req := banktypes.NewQueryBalanceRequest(addr1, coin1.GetDenom()) + +testdata.DeterministicIterations(f.ctx, t, req, f.queryClient.Balance, 1087, false) +} + +func TestGRPCQueryAllBalances(t *testing.T) { + t.Parallel() + f := initDeterministicFixture(t) + +rapid.Check(t, func(rt *rapid.T) { + addr := testdata.AddressGenerator(rt).Draw(rt, "address") + numCoins := rapid.IntRange(1, 10).Draw(rt, "num-count") + coins := make(sdk.Coins, 0, numCoins) + for i := 0; i < numCoins; i++ { + coin := getCoin(rt) + + // NewCoins sorts the denoms + coins = sdk.NewCoins(append(coins, coin)...) +} + +fundAccount(f, addr, coins...) + req := banktypes.NewQueryAllBalancesRequest(addr, testdata.PaginationGenerator(rt, uint64(numCoins)).Draw(rt, "pagination"), false) + +testdata.DeterministicIterations(f.ctx, t, req, f.queryClient.AllBalances, 0, true) +}) + coins := sdk.NewCoins( + sdk.NewCoin("stake", math.NewInt(10)), + sdk.NewCoin("denom", math.NewInt(100)), + ) + +fundAccount(f, addr1, coins...) + req := banktypes.NewQueryAllBalancesRequest(addr1, nil, false) + +testdata.DeterministicIterations(f.ctx, t, req, f.queryClient.AllBalances, 357, false) +} + +func TestGRPCQuerySpendableBalances(t *testing.T) { + t.Parallel() + f := initDeterministicFixture(t) + +rapid.Check(t, func(rt *rapid.T) { + addr := testdata.AddressGenerator(rt).Draw(rt, "address") + + // Denoms must be unique, otherwise sdk.NewCoins will panic. + denoms := rapid.SliceOfNDistinct(rapid.StringMatching(denomRegex), 1, 10, rapid.ID[string]).Draw(rt, "denoms") + coins := make(sdk.Coins, 0, len(denoms)) + for _, denom := range denoms { + coin := sdk.NewCoin( + denom, + math.NewInt(rapid.Int64Min(1).Draw(rt, "amount")), + ) + + // NewCoins sorts the denoms + coins = sdk.NewCoins(append(coins, coin)...) +} + err := banktestutil.FundAccount(f.ctx, f.bankKeeper, addr, coins) + +assert.NilError(t, err) + req := banktypes.NewQuerySpendableBalancesRequest(addr, testdata.PaginationGenerator(rt, uint64(len(denoms))).Draw(rt, "pagination")) + +testdata.DeterministicIterations(f.ctx, t, req, f.queryClient.SpendableBalances, 0, true) +}) + coins := sdk.NewCoins( + sdk.NewCoin("stake", math.NewInt(10)), + sdk.NewCoin("denom", math.NewInt(100)), + ) + err := banktestutil.FundAccount(f.ctx, f.bankKeeper, addr1, coins) + +assert.NilError(t, err) + req := banktypes.NewQuerySpendableBalancesRequest(addr1, nil) + +testdata.DeterministicIterations(f.ctx, t, req, f.queryClient.SpendableBalances, 2032, false) +} + +func TestGRPCQueryTotalSupply(t *testing.T) { + t.Parallel() + f := initDeterministicFixture(t) + +res, err := f.queryClient.TotalSupply(f.ctx, &banktypes.QueryTotalSupplyRequest{ +}) + +assert.NilError(t, err) + initialSupply := res.GetSupply() + +rapid.Check(t, func(rt *rapid.T) { + numCoins := rapid.IntRange(1, 3).Draw(rt, "num-count") + coins := make(sdk.Coins, 0, numCoins) + for i := 0; i < numCoins; i++ { + coin := sdk.NewCoin( + rapid.StringMatching(denomRegex).Draw(rt, "denom"), + math.NewInt(rapid.Int64Min(1).Draw(rt, "amount")), + ) + +coins = coins.Add(coin) +} + +assert.NilError(t, f.bankKeeper.MintCoins(f.ctx, minttypes.ModuleName, coins)) + +initialSupply = initialSupply.Add(coins...) + req := &banktypes.QueryTotalSupplyRequest{ + Pagination: testdata.PaginationGenerator(rt, uint64(len(initialSupply))).Draw(rt, "pagination"), +} + +testdata.DeterministicIterations(f.ctx, t, req, f.queryClient.TotalSupply, 0, true) +}) + +f = initDeterministicFixture(t) // reset + coins := sdk.NewCoins( + sdk.NewCoin("foo", math.NewInt(10)), + sdk.NewCoin("bar", math.NewInt(100)), + ) + +assert.NilError(t, f.bankKeeper.MintCoins(f.ctx, minttypes.ModuleName, coins)) + req := &banktypes.QueryTotalSupplyRequest{ +} + +testdata.DeterministicIterations(f.ctx, t, req, f.queryClient.TotalSupply, 150, false) +} + +func TestGRPCQueryTotalSupplyOf(t *testing.T) { + t.Parallel() + f := initDeterministicFixture(t) + +rapid.Check(t, func(rt *rapid.T) { + coin := sdk.NewCoin( + rapid.StringMatching(denomRegex).Draw(rt, "denom"), + math.NewInt(rapid.Int64Min(1).Draw(rt, "amount")), + ) + +assert.NilError(t, f.bankKeeper.MintCoins(f.ctx, minttypes.ModuleName, sdk.NewCoins(coin))) + req := &banktypes.QuerySupplyOfRequest{ + Denom: coin.GetDenom() +} + +testdata.DeterministicIterations(f.ctx, t, req, f.queryClient.SupplyOf, 0, true) +}) + coin := sdk.NewCoin("bar", math.NewInt(100)) + +assert.NilError(t, f.bankKeeper.MintCoins(f.ctx, minttypes.ModuleName, sdk.NewCoins(coin))) + req := &banktypes.QuerySupplyOfRequest{ + Denom: coin.GetDenom() +} + +testdata.DeterministicIterations(f.ctx, t, req, f.queryClient.SupplyOf, 1021, false) +} + +func TestGRPCQueryParams(t *testing.T) { + t.Parallel() + f := initDeterministicFixture(t) + +rapid.Check(t, func(rt *rapid.T) { + enabledStatus := banktypes.SendEnabled{ + Denom: rapid.StringMatching(denomRegex).Draw(rt, "denom"), + Enabled: rapid.Bool().Draw(rt, "status"), +} + params := banktypes.Params{ + SendEnabled: []*banktypes.SendEnabled{&enabledStatus +}, + DefaultSendEnabled: rapid.Bool().Draw(rt, "send"), +} + +require.NoError(t, f.bankKeeper.SetParams(f.ctx, params)) + req := &banktypes.QueryParamsRequest{ +} + +testdata.DeterministicIterations(f.ctx, t, req, f.queryClient.Params, 0, true) +}) + enabledStatus := banktypes.SendEnabled{ + Denom: "denom", + Enabled: true, +} + params := banktypes.Params{ + SendEnabled: []*banktypes.SendEnabled{&enabledStatus +}, + DefaultSendEnabled: false, +} + +require.NoError(t, f.bankKeeper.SetParams(f.ctx, params)) + req := &banktypes.QueryParamsRequest{ +} + +testdata.DeterministicIterations(f.ctx, t, req, f.queryClient.Params, 1003, false) +} + +func createAndReturnMetadatas(t *rapid.T, count int) []banktypes.Metadata { + denomsMetadata := make([]banktypes.Metadata, 0, count) + for i := 0; i < count; i++ { + denom := rapid.StringMatching(denomRegex).Draw(t, "denom") + aliases := rapid.SliceOf(rapid.String()).Draw(t, "aliases") + // In the GRPC server code, empty arrays are returned as nil + if len(aliases) == 0 { + aliases = nil +} + metadata := banktypes.Metadata{ + Description: rapid.StringN(1, 100, 100).Draw(t, "desc"), + DenomUnits: []*banktypes.DenomUnit{ + { + Denom: denom, + Exponent: rapid.Uint32().Draw(t, "exponent"), + Aliases: aliases, +}, +}, + Base: denom, + Display: denom, + Name: rapid.String().Draw(t, "name"), + Symbol: rapid.String().Draw(t, "symbol"), + URI: rapid.String().Draw(t, "uri"), + URIHash: rapid.String().Draw(t, "uri-hash"), +} + +denomsMetadata = append(denomsMetadata, metadata) +} + +return denomsMetadata +} + +func TestGRPCDenomsMetadata(t *testing.T) { + t.Parallel() + f := initDeterministicFixture(t) + +rapid.Check(t, func(rt *rapid.T) { + count := rapid.IntRange(1, 3).Draw(rt, "count") + denomsMetadata := createAndReturnMetadatas(rt, count) + +assert.Assert(t, len(denomsMetadata) == count) + for i := 0; i < count; i++ { + f.bankKeeper.SetDenomMetaData(f.ctx, denomsMetadata[i]) +} + req := &banktypes.QueryDenomsMetadataRequest{ + Pagination: testdata.PaginationGenerator(rt, uint64(count)).Draw(rt, "pagination"), +} + +testdata.DeterministicIterations(f.ctx, t, req, f.queryClient.DenomsMetadata, 0, true) +}) + +f = initDeterministicFixture(t) // reset + + f.bankKeeper.SetDenomMetaData(f.ctx, metadataAtom) + req := &banktypes.QueryDenomsMetadataRequest{ +} + +testdata.DeterministicIterations(f.ctx, t, req, f.queryClient.DenomsMetadata, 660, false) +} + +func TestGRPCDenomMetadata(t *testing.T) { + t.Parallel() + f := initDeterministicFixture(t) + +rapid.Check(t, func(rt *rapid.T) { + denomMetadata := createAndReturnMetadatas(rt, 1) + +assert.Assert(t, len(denomMetadata) == 1) + +f.bankKeeper.SetDenomMetaData(f.ctx, denomMetadata[0]) + req := &banktypes.QueryDenomMetadataRequest{ + Denom: denomMetadata[0].Base, +} + +testdata.DeterministicIterations(f.ctx, t, req, f.queryClient.DenomMetadata, 0, true) +}) + +f.bankKeeper.SetDenomMetaData(f.ctx, metadataAtom) + req := &banktypes.QueryDenomMetadataRequest{ + Denom: metadataAtom.Base, +} + +testdata.DeterministicIterations(f.ctx, t, req, f.queryClient.DenomMetadata, 1300, false) +} + +func TestGRPCSendEnabled(t *testing.T) { + t.Parallel() + f := initDeterministicFixture(t) + allDenoms := []string{ +} + +rapid.Check(t, func(rt *rapid.T) { + count := rapid.IntRange(0, 10).Draw(rt, "count") + denoms := make([]string, 0, count) + for i := 0; i < count; i++ { + coin := banktypes.SendEnabled{ + Denom: rapid.StringMatching(denomRegex).Draw(rt, "denom"), + Enabled: rapid.Bool().Draw(rt, "enabled-status"), +} + +f.bankKeeper.SetSendEnabled(f.ctx, coin.Denom, coin.Enabled) + +denoms = append(denoms, coin.Denom) +} + +allDenoms = append(allDenoms, denoms...) + req := &banktypes.QuerySendEnabledRequest{ + Denoms: denoms, + // Pagination is only taken into account when `denoms` is an empty array + Pagination: testdata.PaginationGenerator(rt, uint64(len(allDenoms))).Draw(rt, "pagination"), +} + +testdata.DeterministicIterations(f.ctx, t, req, f.queryClient.SendEnabled, 0, true) +}) + +coin1 := banktypes.SendEnabled{ + Denom: "falsecoin", + Enabled: false, +} + +coin2 := banktypes.SendEnabled{ + Denom: "truecoin", + Enabled: true, +} + +f.bankKeeper.SetSendEnabled(f.ctx, coin1.Denom, false) + +f.bankKeeper.SetSendEnabled(f.ctx, coin2.Denom, true) + req := &banktypes.QuerySendEnabledRequest{ + Denoms: []string{ + coin1.GetDenom(), coin2.GetDenom() +}, +} + +testdata.DeterministicIterations(f.ctx, t, req, f.queryClient.SendEnabled, 4063, false) +} + +func TestGRPCDenomOwners(t *testing.T) { + t.Parallel() + f := initDeterministicFixture(t) + +rapid.Check(t, func(rt *rapid.T) { + denom := rapid.StringMatching(denomRegex).Draw(rt, "denom") + numAddr := rapid.IntRange(1, 10).Draw(rt, "number-address") + for i := 0; i < numAddr; i++ { + addr := testdata.AddressGenerator(rt).Draw(rt, "address") + coin := sdk.NewCoin( + denom, + math.NewInt(rapid.Int64Min(1).Draw(rt, "amount")), + ) + err := banktestutil.FundAccount(f.ctx, f.bankKeeper, addr, sdk.NewCoins(coin)) + +assert.NilError(t, err) +} + req := &banktypes.QueryDenomOwnersRequest{ + Denom: denom, + Pagination: testdata.PaginationGenerator(rt, uint64(numAddr)).Draw(rt, "pagination"), +} + +testdata.DeterministicIterations(f.ctx, t, req, f.queryClient.DenomOwners, 0, true) +}) + denomOwners := []*banktypes.DenomOwner{ + { + Address: "cosmos1qg65a9q6k2sqq7l3ycp428sqqpmqcucgzze299", + Balance: coin1, +}, + { + Address: "cosmos1qglnsqgpq48l7qqzgs8qdshr6fh3gqq9ej3qut", + Balance: coin1, +}, +} + for i := 0; i < len(denomOwners); i++ { + addr, err := sdk.AccAddressFromBech32(denomOwners[i].Address) + +assert.NilError(t, err) + +err = banktestutil.FundAccount(f.ctx, f.bankKeeper, addr, sdk.NewCoins(coin1)) + +assert.NilError(t, err) +} + req := &banktypes.QueryDenomOwnersRequest{ + Denom: coin1.GetDenom(), +} + +testdata.DeterministicIterations(f.ctx, t, req, f.queryClient.DenomOwners, 2516, false) +} +``` + +## Simulations + +Simulations uses as well a minimal application, built with [`depinject`](/docs/sdk/vnext/build/packages/depinject): + + +You can as well use the `AppConfig` `configurator` for creating an `AppConfig` [inline](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/slashing/app_test.go#L54-L62). There is no difference between those two ways, use whichever you prefer. + + +Following is an example for `x/gov/` simulations: + +```go expandable +package simulation_test + +import ( + + "fmt" + "math/rand" + "testing" + "time" + + abci "github.com/cometbft/cometbft/abci/types" + "github.com/cosmos/gogoproto/proto" + "github.com/stretchr/testify/require" + "cosmossdk.io/depinject" + "cosmossdk.io/log" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/runtime" + "github.com/cosmos/cosmos-sdk/testutil/configurator" + simtestutil "github.com/cosmos/cosmos-sdk/testutil/sims" + sdk "github.com/cosmos/cosmos-sdk/types" + simtypes "github.com/cosmos/cosmos-sdk/types/simulation" + _ "github.com/cosmos/cosmos-sdk/x/auth" + authkeeper "github.com/cosmos/cosmos-sdk/x/auth/keeper" + _ "github.com/cosmos/cosmos-sdk/x/auth/tx/config" + _ "github.com/cosmos/cosmos-sdk/x/bank" + bankkeeper "github.com/cosmos/cosmos-sdk/x/bank/keeper" + "github.com/cosmos/cosmos-sdk/x/bank/testutil" + _ "github.com/cosmos/cosmos-sdk/x/consensus" + _ "github.com/cosmos/cosmos-sdk/x/distribution" + dk "github.com/cosmos/cosmos-sdk/x/distribution/keeper" + _ "github.com/cosmos/cosmos-sdk/x/gov" + "github.com/cosmos/cosmos-sdk/x/gov/keeper" + "github.com/cosmos/cosmos-sdk/x/gov/simulation" + "github.com/cosmos/cosmos-sdk/x/gov/types" + v1 "github.com/cosmos/cosmos-sdk/x/gov/types/v1" + "github.com/cosmos/cosmos-sdk/x/gov/types/v1beta1" + _ "github.com/cosmos/cosmos-sdk/x/params" + _ "github.com/cosmos/cosmos-sdk/x/staking" + stakingkeeper "github.com/cosmos/cosmos-sdk/x/staking/keeper" +) + +var ( + _ simtypes.WeightedProposalMsg = MockWeightedProposals{ +} + //nolint:staticcheck // keeping around for legacy testing + _ simtypes.WeightedProposalContent = MockWeightedProposals{ +} +) + +type MockWeightedProposals struct { + n int +} + +func (m MockWeightedProposals) + +AppParamsKey() + +string { + return fmt.Sprintf("AppParamsKey-%d", m.n) +} + +func (m MockWeightedProposals) + +DefaultWeight() + +int { + return m.n +} + +func (m MockWeightedProposals) + +MsgSimulatorFn() + +simtypes.MsgSimulatorFn { + return func(r *rand.Rand, _ sdk.Context, _ []simtypes.Account) + +sdk.Msg { + return nil +} +} + +//nolint:staticcheck // retaining legacy content to maintain gov functionality +func (m MockWeightedProposals) + +ContentSimulatorFn() + +simtypes.ContentSimulatorFn { + return func(r *rand.Rand, _ sdk.Context, _ []simtypes.Account) + +simtypes.Content { + return v1beta1.NewTextProposal( + fmt.Sprintf("title-%d: %s", m.n, simtypes.RandStringOfLength(r, 100)), + fmt.Sprintf("description-%d: %s", m.n, simtypes.RandStringOfLength(r, 4000)), + ) +} +} + +func mockWeightedProposalMsg(n int) []simtypes.WeightedProposalMsg { + wpc := make([]simtypes.WeightedProposalMsg, n) + for i := range n { + wpc[i] = MockWeightedProposals{ + i +} + +} + +return wpc +} + +// nolint // keeping this legacy proposal for testing +func mockWeightedLegacyProposalContent(n int) []simtypes.WeightedProposalContent { + wpc := make([]simtypes.WeightedProposalContent, n) + for i := range n { + wpc[i] = MockWeightedProposals{ + i +} + +} + +return wpc +} + +// TestWeightedOperations tests the weights of the operations. +func TestWeightedOperations(t *testing.T) { + suite, ctx := createTestSuite(t, false) + app := suite.App + ctx.WithChainID("test-chain") + appParams := make(simtypes.AppParams) + weightesOps := simulation.WeightedOperations(appParams, suite.TxConfig, suite.AccountKeeper, + suite.BankKeeper, suite.GovKeeper, mockWeightedProposalMsg(3), mockWeightedLegacyProposalContent(1), + ) + + // setup 3 accounts + s := rand.NewSource(1) + r := rand.New(s) + accs := getTestingAccounts(t, r, suite.AccountKeeper, suite.BankKeeper, suite.StakingKeeper, ctx, 3) + expected := []struct { + weight int + opMsgRoute string + opMsgName string +}{ + { + simulation.DefaultWeightMsgDeposit, types.ModuleName, simulation.TypeMsgDeposit +}, + { + simulation.DefaultWeightMsgVote, types.ModuleName, simulation.TypeMsgVote +}, + { + simulation.DefaultWeightMsgVoteWeighted, types.ModuleName, simulation.TypeMsgVoteWeighted +}, + { + simulation.DefaultWeightMsgCancelProposal, types.ModuleName, simulation.TypeMsgCancelProposal +}, + {0, types.ModuleName, simulation.TypeMsgSubmitProposal +}, + {1, types.ModuleName, simulation.TypeMsgSubmitProposal +}, + {2, types.ModuleName, simulation.TypeMsgSubmitProposal +}, + {0, types.ModuleName, simulation.TypeMsgSubmitProposal +}, +} + +require.Equal(t, len(weightesOps), len(expected), "number of operations should be the same") + for i, w := range weightesOps { + operationMsg, _, err := w.Op()(r, app.BaseApp, ctx, accs, ctx.ChainID()) + +require.NoError(t, err) + + // the following checks are very much dependent from the ordering of the output given + // by WeightedOperations. if the ordering in WeightedOperations changes some tests + // will fail + require.Equal(t, expected[i].weight, w.Weight(), "weight should be the same") + +require.Equal(t, expected[i].opMsgRoute, operationMsg.Route, "route should be the same") + +require.Equal(t, expected[i].opMsgName, operationMsg.Name, "operation Msg name should be the same") +} +} + +// TestSimulateMsgSubmitProposal tests the normal scenario of a valid message of type TypeMsgSubmitProposal. +// Abnormal scenarios, where errors occur, are not tested here. +func TestSimulateMsgSubmitProposal(t *testing.T) { + suite, ctx := createTestSuite(t, false) + app := suite.App + + // setup 3 accounts + s := rand.NewSource(1) + r := rand.New(s) + accounts := getTestingAccounts(t, r, suite.AccountKeeper, suite.BankKeeper, suite.StakingKeeper, ctx, 3) + + _, err := app.FinalizeBlock(&abci.RequestFinalizeBlock{ + Height: app.LastBlockHeight() + 1, + Hash: app.LastCommitID().Hash, +}) + +require.NoError(t, err) + + // execute operation + op := simulation.SimulateMsgSubmitProposal(suite.TxConfig, suite.AccountKeeper, suite.BankKeeper, suite.GovKeeper, MockWeightedProposals{3 +}.MsgSimulatorFn()) + +operationMsg, _, err := op(r, app.BaseApp, ctx, accounts, "") + +require.NoError(t, err) + +var msg v1.MsgSubmitProposal + err = proto.Unmarshal(operationMsg.Msg, &msg) + +require.NoError(t, err) + +require.True(t, operationMsg.OK) + +require.Equal(t, "cosmos1ghekyjucln7y67ntx7cf27m9dpuxxemn4c8g4r", msg.Proposer) + +require.NotEqual(t, len(msg.InitialDeposit), 0) + +require.Equal(t, "47841094stake", msg.InitialDeposit[0].String()) + +require.Equal(t, simulation.TypeMsgSubmitProposal, sdk.MsgTypeURL(&msg)) +} + +// TestSimulateMsgSubmitProposal tests the normal scenario of a valid message of type TypeMsgSubmitProposal. +// Abnormal scenarios, where errors occur, are not tested here. +func TestSimulateMsgSubmitLegacyProposal(t *testing.T) { + suite, ctx := createTestSuite(t, false) + app := suite.App + + // setup 3 accounts + s := rand.NewSource(1) + r := rand.New(s) + accounts := getTestingAccounts(t, r, suite.AccountKeeper, suite.BankKeeper, suite.StakingKeeper, ctx, 3) + + _, err := app.FinalizeBlock(&abci.RequestFinalizeBlock{ + Height: app.LastBlockHeight() + 1, + Hash: app.LastCommitID().Hash, +}) + +require.NoError(t, err) + // execute operation + op := simulation.SimulateMsgSubmitLegacyProposal(suite.TxConfig, suite.AccountKeeper, suite.BankKeeper, suite.GovKeeper, MockWeightedProposals{3 +}.ContentSimulatorFn()) + +operationMsg, _, err := op(r, app.BaseApp, ctx, accounts, "") + +require.NoError(t, err) + +var msg v1.MsgSubmitProposal + err = proto.Unmarshal(operationMsg.Msg, &msg) + +require.NoError(t, err) + +var msgLegacyContent v1.MsgExecLegacyContent + err = proto.Unmarshal(msg.Messages[0].Value, &msgLegacyContent) + +require.NoError(t, err) + +var textProposal v1beta1.TextProposal + err = proto.Unmarshal(msgLegacyContent.Content.Value, &textProposal) + +require.NoError(t, err) + +require.True(t, operationMsg.OK) + +require.Equal(t, "cosmos1p8wcgrjr4pjju90xg6u9cgq55dxwq8j7u4x9a0", msg.Proposer) + +require.NotEqual(t, len(msg.InitialDeposit), 0) + +require.Equal(t, "25166256stake", msg.InitialDeposit[0].String()) + +require.Equal(t, "title-3: ZBSpYuLyYggwexjxusrBqDOTtGTOWeLrQKjLxzIivHSlcxgdXhhuTSkuxKGLwQvuyNhYFmBZHeAerqyNEUzXPFGkqEGqiQWIXnku", + textProposal.GetTitle()) + +require.Equal(t, "description-3: NJWzHdBNpAXKJPHWQdrGYcAHSctgVlqwqHoLfHsXUdStwfefwzqLuKEhmMyYLdbZrcPgYqjNHxPexsruwEGStAneKbWkQDDIlCWBLSiAASNhZqNFlPtfqPJoxKsgMdzjWqLWdqKQuJqWPMvwPQWZUtVMOTMYKJbfdlZsjdsomuScvDmbDkgRualsxDvRJuCAmPOXitIbcyWsKGSdrEunFAOdmXnsuyFVgJqEjbklvmwrUlsxjRSfKZxGcpayDdgoFcnVSutxjRgOSFzPwidAjubMncNweqpbxhXGchpZUxuFDOtpnhNUycJICRYqsPhPSCjPTWZFLkstHWJxvdPEAyEIxXgLwbNOjrgzmaujiBABBIXvcXpLrbcEWNNQsbjvgJFgJkflpRohHUutvnaUqoopuKjTDaemDeSdqbnOzcfJpcTuAQtZoiLZOoAIlboFDAeGmSNwkvObPRvRWQgWkGkxwtPauYgdkmypLjbqhlHJIQTntgWjXwZdOyYEdQRRLfMSdnxqppqUofqLbLQDUjwKVKfZJUJQPsWIPwIVaSTrmKskoAhvmZyJgeRpkaTfGgrJzAigcxtfshmiDCFkuiluqtMOkidknnTBtumyJYlIsWLnCQclqdVmikUoMOPdPWwYbJxXyqUVicNxFxyqJTenNblyyKSdlCbiXxUiYUiMwXZASYfvMDPFgxniSjWaZTjHkqlJvtBsXqwPpyVxnJVGFWhfSxgOcduoxkiopJvFjMmFabrGYeVtTXLhxVUEiGwYUvndjFGzDVntUvibiyZhfMQdMhgsiuysLMiePBNXifRLMsSmXPkwlPloUbJveCvUlaalhZHuvdkCnkSHbMbmOnrfEGPwQiACiPlnihiaOdbjPqPiTXaHDoJXjSlZmltGqNHHNrcKdlFSCdmVOuvDcBLdSklyGJmcLTbSFtALdGlPkqqecJrpLCXNPWefoTJNgEJlyMEPneVaxxduAAEqQpHWZodWyRkDAxzyMnFMcjSVqeRXLqsNyNtQBbuRvunZflWSbbvXXdkyLikYqutQhLPONXbvhcQZJPSWnOulqQaXmbfFxAkqfYeseSHOQidHwbcsOaMnSrrmGjjRmEMQNuknupMxJiIeVjmgZvbmjPIQTEhQFULQLBMPrxcFPvBinaOPYWGvYGRKxLZdwamfRQQFngcdSlvwjfaPbURasIsGJVHtcEAxnIIrhSriiXLOlbEBLXFElXJFGxHJczRBIxAuPKtBisjKBwfzZFagdNmjdwIRvwzLkFKWRTDPxJCmpzHUcrPiiXXHnOIlqNVoGSXZewdnCRhuxeYGPVTfrNTQNOxZmxInOazUYNTNDgzsxlgiVEHPKMfbesvPHUqpNkUqbzeuzfdrsuLDpKHMUbBMKczKKWOdYoIXoPYtEjfOnlQLoGnbQUCuERdEFaptwnsHzTJDsuZkKtzMpFaZobynZdzNydEeJJHDYaQcwUxcqvwfWwNUsCiLvkZQiSfzAHftYgAmVsXgtmcYgTqJIawstRYJrZdSxlfRiqTufgEQVambeZZmaAyRQbcmdjVUZZCgqDrSeltJGXPMgZnGDZqISrGDOClxXCxMjmKqEPwKHoOfOeyGmqWqihqjINXLqnyTesZePQRqaWDQNqpLgNrAUKulklmckTijUltQKuWQDwpLmDyxLppPVMwsmBIpOwQttYFMjgJQZLYFPmxWFLIeZihkRNnkzoypBICIxgEuYsVWGIGRbbxqVasYnstWomJnHwmtOhAFSpttRYYzBmyEtZXiCthvKvWszTXDbiJbGXMcrYpKAgvUVFtdKUfvdMfhAryctklUCEdjetjuGNfJjajZtvzdYaqInKtFPPLYmRaXPdQzxdSQfmZDEVHlHGEGNSPRFJuIfKLLfUmnHxHnRjmzQPNlqrXgifUdzAGKVabYqvcDeYoTYgPsBUqehrBhmQUgTvDnsdpuhUoxskDdppTsYMcnDIPSwKIqhXDCIxOuXrywahvVavvHkPuaenjLmEbMgrkrQLHEAwrhHkPRNvonNQKqprqOFVZKAtpRSpvQUxMoXCMZLSSbnLEFsjVfANdQNQVwTmGxqVjVqRuxREAhuaDrFgEZpYKhwWPEKBevBfsOIcaZKyykQafzmGPLRAKDtTcJxJVgiiuUkmyMYuDUNEUhBEdoBLJnamtLmMJQgmLiUELIhLpiEvpOXOvXCPUeldLFqkKOwfacqIaRcnnZvERKRMCKUkMABbDHytQqQblrvoxOZkwzosQfDKGtIdfcXRJNqlBNwOCWoQBcEWyqrMlYZIAXYJmLfnjoJepgSFvrgajaBAIksoyeHqgqbGvpAstMIGmIhRYGGNPRIfOQKsGoKgxtsidhTaAePRCBFqZgPDWCIkqOJezGVkjfYUCZTlInbxBXwUAVRsxHTQtJFnnpmMvXDYCVlEmnZBKhmmxQOIQzxFWpJQkQoSAYzTEiDWEOsVLNrbfzeHFRyeYATakQQWmFDLPbVMCJcWjFGJjfqCoVzlbNNEsqxdSmNPjTjHYOkuEMFLkXYGaoJlraLqayMeCsTjWNRDPBywBJLAPVkGQqTwApVVwYAetlwSbzsdHWsTwSIcctkyKDuRWYDQikRqsKTMJchrliONJeaZIzwPQrNbTwxsGdwuduvibtYndRwpdsvyCktRHFalvUuEKMqXbItfGcNGWsGzubdPMYayOUOINjpcFBeESdwpdlTYmrPsLsVDhpTzoMegKrytNVZkfJRPuDCUXxSlSthOohmsuxmIZUedzxKmowKOdXTMcEtdpHaPWgIsIjrViKrQOCONlSuazmLuCUjLltOGXeNgJKedTVrrVCpWYWHyVrdXpKgNaMJVjbXxnVMSChdWKuZdqpisvrkBJPoURDYxWOtpjzZoOpWzyUuYNhCzRoHsMjmmWDcXzQiHIyjwdhPNwiPqFxeUfMVFQGImhykFgMIlQEoZCaRoqSBXTSWAeDumdbsOGtATwEdZlLfoBKiTvodQBGOEcuATWXfiinSjPmJKcWgQrTVYVrwlyMWhxqNbCMpIQNoSMGTiWfPTCezUjYcdWppnsYJihLQCqbNLRGgqrwHuIvsazapTpoPZIyZyeeSueJuTIhpHMEJfJpScshJubJGfkusuVBgfTWQoywSSliQQSfbvaHKiLnyjdSbpMkdBgXepoSsHnCQaYuHQqZsoEOmJCiuQUpJkmfyfbIShzlZpHFmLCsbknEAkKXKfRTRnuwdBeuOGgFbJLbDksHVapaRayWzwoYBEpmrlAxrUxYMUekKbpjPNfjUCjhbdMAnJmYQVZBQZkFVweHDAlaqJjRqoQPoOMLhyvYCzqEuQsAFoxWrzRnTVjStPadhsESlERnKhpEPsfDxNvxqcOyIulaCkmPdambLHvGhTZzysvqFauEgkFRItPfvisehFmoBhQqmkfbHVsgfHXDPJVyhwPllQpuYLRYvGodxKjkarnSNgsXoKEMlaSKxKdcVgvOkuLcfLFfdtXGTclqfPOfeoVLbqcjcXCUEBgAGplrkgsmIEhWRZLlGPGCwKWRaCKMkBHTAcypUrYjWwCLtOPVygMwMANGoQwFnCqFrUGMCRZUGJKTZIGPyldsifauoMnJPLTcDHmilcmahlqOELaAUYDBuzsVywnDQfwRLGIWozYaOAilMBcObErwgTDNGWnwQMUgFFSKtPDMEoEQCTKVREqrXZSGLqwTMcxHfWotDllNkIJPMbXzjDVjPOOjCFuIvTyhXKLyhUScOXvYthRXpPfKwMhptXaxIxgqBoUqzrWbaoLTVpQoottZyPFfNOoMioXHRuFwMRYUiKvcWPkrayyTLOCFJlAyslDameIuqVAuxErqFPEWIScKpBORIuZqoXlZuTvAjEdlEWDODFRregDTqGNoFBIHxvimmIZwLfFyKUfEWAnNBdtdzDmTPXtpHRGdIbuucfTjOygZsTxPjfweXhSUkMhPjMaxKlMIJMOXcnQfyzeOcbWwNbeH", + textProposal.GetDescription()) + +require.Equal(t, simulation.TypeMsgSubmitProposal, sdk.MsgTypeURL(&msg)) +} + +// TestSimulateMsgCancelProposal tests the normal scenario of a valid message of type TypeMsgCancelProposal. +// Abnormal scenarios, where errors occur, are not tested here. +func TestSimulateMsgCancelProposal(t *testing.T) { + suite, ctx := createTestSuite(t, false) + app := suite.App + blockTime := time.Now().UTC() + +ctx = ctx.WithBlockTime(blockTime) + + // setup 3 accounts + s := rand.NewSource(1) + r := rand.New(s) + accounts := getTestingAccounts(t, r, suite.AccountKeeper, suite.BankKeeper, suite.StakingKeeper, ctx, 3) + // setup a proposal + proposer := accounts[0].Address + content := v1beta1.NewTextProposal("Test", "description") + +contentMsg, err := v1.NewLegacyContent(content, suite.GovKeeper.GetGovernanceAccount(ctx).GetAddress().String()) + +require.NoError(t, err) + submitTime := ctx.BlockHeader().Time + params, _ := suite.GovKeeper.Params.Get(ctx) + depositPeriod := params.MaxDepositPeriod + + proposal, err := v1.NewProposal([]sdk.Msg{ + contentMsg +}, 1, submitTime, submitTime.Add(*depositPeriod), "", "title", "summary", proposer, false) + +require.NoError(t, err) + +require.NoError(t, suite.GovKeeper.SetProposal(ctx, proposal)) + + _, err = app.FinalizeBlock(&abci.RequestFinalizeBlock{ + Height: app.LastBlockHeight() + 1, + Hash: app.LastCommitID().Hash, +}) + +require.NoError(t, err) + + // execute operation + op := simulation.SimulateMsgCancelProposal(suite.TxConfig, suite.AccountKeeper, suite.BankKeeper, suite.GovKeeper) + +operationMsg, _, err := op(r, app.BaseApp, ctx, accounts, "") + +require.NoError(t, err) + +var msg v1.MsgCancelProposal + err = proto.Unmarshal(operationMsg.Msg, &msg) + +require.NoError(t, err) + +require.NoError(t, err) + +require.True(t, operationMsg.OK) + +require.Equal(t, uint64(1), msg.ProposalId) + +require.Equal(t, proposer.String(), msg.Proposer) + +require.Equal(t, simulation.TypeMsgCancelProposal, sdk.MsgTypeURL(&msg)) +} + +// TestSimulateMsgDeposit tests the normal scenario of a valid message of type TypeMsgDeposit. +// Abnormal scenarios, where errors occur, are not tested here. +func TestSimulateMsgDeposit(t *testing.T) { + suite, ctx := createTestSuite(t, false) + app := suite.App + blockTime := time.Now().UTC() + +ctx = ctx.WithBlockTime(blockTime) + + // setup 3 accounts + s := rand.NewSource(1) + r := rand.New(s) + accounts := getTestingAccounts(t, r, suite.AccountKeeper, suite.BankKeeper, suite.StakingKeeper, ctx, 3) + + // setup a proposal + content := v1beta1.NewTextProposal("Test", "description") + +contentMsg, err := v1.NewLegacyContent(content, suite.GovKeeper.GetGovernanceAccount(ctx).GetAddress().String()) + +require.NoError(t, err) + submitTime := ctx.BlockHeader().Time + params, _ := suite.GovKeeper.Params.Get(ctx) + depositPeriod := params.MaxDepositPeriod + + proposal, err := v1.NewProposal([]sdk.Msg{ + contentMsg +}, 1, submitTime, submitTime.Add(*depositPeriod), "", "text proposal", "description", sdk.AccAddress("cosmos1ghekyjucln7y67ntx7cf27m9dpuxxemn4c8g4r"), false) + +require.NoError(t, err) + +require.NoError(t, suite.GovKeeper.SetProposal(ctx, proposal)) + + _, err = app.FinalizeBlock(&abci.RequestFinalizeBlock{ + Height: app.LastBlockHeight() + 1, + Hash: app.LastCommitID().Hash, +}) + +require.NoError(t, err) + + // execute operation + op := simulation.SimulateMsgDeposit(suite.TxConfig, suite.AccountKeeper, suite.BankKeeper, suite.GovKeeper) + +operationMsg, _, err := op(r, app.BaseApp, ctx, accounts, "") + +require.NoError(t, err) + +var msg v1.MsgDeposit + err = proto.Unmarshal(operationMsg.Msg, &msg) + +require.NoError(t, err) + +require.True(t, operationMsg.OK) + +require.Equal(t, uint64(1), msg.ProposalId) + +require.Equal(t, "cosmos1ghekyjucln7y67ntx7cf27m9dpuxxemn4c8g4r", msg.Depositor) + +require.NotEqual(t, len(msg.Amount), 0) + +require.Equal(t, "560969stake", msg.Amount[0].String()) + +require.Equal(t, simulation.TypeMsgDeposit, sdk.MsgTypeURL(&msg)) +} + +// TestSimulateMsgVote tests the normal scenario of a valid message of type TypeMsgVote. +// Abnormal scenarios, where errors occur, are not tested here. +func TestSimulateMsgVote(t *testing.T) { + suite, ctx := createTestSuite(t, false) + app := suite.App + blockTime := time.Now().UTC() + +ctx = ctx.WithBlockTime(blockTime) + + // setup 3 accounts + s := rand.NewSource(1) + r := rand.New(s) + accounts := getTestingAccounts(t, r, suite.AccountKeeper, suite.BankKeeper, suite.StakingKeeper, ctx, 3) + + // setup a proposal + govAcc := suite.GovKeeper.GetGovernanceAccount(ctx).GetAddress().String() + +contentMsg, err := v1.NewLegacyContent(v1beta1.NewTextProposal("Test", "description"), govAcc) + +require.NoError(t, err) + submitTime := ctx.BlockHeader().Time + params, _ := suite.GovKeeper.Params.Get(ctx) + depositPeriod := params.MaxDepositPeriod + + proposal, err := v1.NewProposal([]sdk.Msg{ + contentMsg +}, 1, submitTime, submitTime.Add(*depositPeriod), "", "text proposal", "description", sdk.AccAddress("cosmos1ghekyjucln7y67ntx7cf27m9dpuxxemn4c8g4r"), false) + +require.NoError(t, err) + +require.NoError(t, suite.GovKeeper.ActivateVotingPeriod(ctx, proposal)) + + _, err = app.FinalizeBlock(&abci.RequestFinalizeBlock{ + Height: app.LastBlockHeight() + 1, + Hash: app.LastCommitID().Hash, +}) + +require.NoError(t, err) + + // execute operation + op := simulation.SimulateMsgVote(suite.TxConfig, suite.AccountKeeper, suite.BankKeeper, suite.GovKeeper) + +operationMsg, _, err := op(r, app.BaseApp, ctx, accounts, "") + +require.NoError(t, err) + +var msg v1.MsgVote + err = proto.Unmarshal(operationMsg.Msg, &msg) + +require.NoError(t, err) + +require.True(t, operationMsg.OK) + +require.Equal(t, uint64(1), msg.ProposalId) + +require.Equal(t, "cosmos1ghekyjucln7y67ntx7cf27m9dpuxxemn4c8g4r", msg.Voter) + +require.Equal(t, v1.OptionYes, msg.Option) + +require.Equal(t, simulation.TypeMsgVote, sdk.MsgTypeURL(&msg)) +} + +// TestSimulateMsgVoteWeighted tests the normal scenario of a valid message of type TypeMsgVoteWeighted. +// Abnormal scenarios, where errors occur, are not tested here. +func TestSimulateMsgVoteWeighted(t *testing.T) { + suite, ctx := createTestSuite(t, false) + app := suite.App + blockTime := time.Now().UTC() + +ctx = ctx.WithBlockTime(blockTime) + + // setup 3 accounts + s := rand.NewSource(1) + r := rand.New(s) + accounts := getTestingAccounts(t, r, suite.AccountKeeper, suite.BankKeeper, suite.StakingKeeper, ctx, 3) + + // setup a proposal + govAcc := suite.GovKeeper.GetGovernanceAccount(ctx).GetAddress().String() + +contentMsg, err := v1.NewLegacyContent(v1beta1.NewTextProposal("Test", "description"), govAcc) + +require.NoError(t, err) + submitTime := ctx.BlockHeader().Time + params, _ := suite.GovKeeper.Params.Get(ctx) + depositPeriod := params.MaxDepositPeriod + + proposal, err := v1.NewProposal([]sdk.Msg{ + contentMsg +}, 1, submitTime, submitTime.Add(*depositPeriod), "", "text proposal", "test", sdk.AccAddress("cosmos1ghekyjucln7y67ntx7cf27m9dpuxxemn4c8g4r"), false) + +require.NoError(t, err) + +require.NoError(t, suite.GovKeeper.ActivateVotingPeriod(ctx, proposal)) + + _, err = app.FinalizeBlock(&abci.RequestFinalizeBlock{ + Height: app.LastBlockHeight() + 1, + Hash: app.LastCommitID().Hash, +}) + +require.NoError(t, err) + + // execute operation + op := simulation.SimulateMsgVoteWeighted(suite.TxConfig, suite.AccountKeeper, suite.BankKeeper, suite.GovKeeper) + +operationMsg, _, err := op(r, app.BaseApp, ctx, accounts, "") + +require.NoError(t, err) + +var msg v1.MsgVoteWeighted + err = proto.Unmarshal(operationMsg.Msg, &msg) + +require.NoError(t, err) + +require.True(t, operationMsg.OK) + +require.Equal(t, uint64(1), msg.ProposalId) + +require.Equal(t, "cosmos1ghekyjucln7y67ntx7cf27m9dpuxxemn4c8g4r", msg.Voter) + +require.True(t, len(msg.Options) >= 1) + +require.Equal(t, simulation.TypeMsgVoteWeighted, sdk.MsgTypeURL(&msg)) +} + +type suite struct { + TxConfig client.TxConfig + AccountKeeper authkeeper.AccountKeeper + BankKeeper bankkeeper.Keeper + GovKeeper *keeper.Keeper + StakingKeeper *stakingkeeper.Keeper + DistributionKeeper dk.Keeper + App *runtime.App +} + +// returns context and an app with updated mint keeper +func createTestSuite(t *testing.T, isCheckTx bool) (suite, sdk.Context) { + t.Helper() + res := suite{ +} + +app, err := simtestutil.Setup( + depinject.Configs( + configurator.NewAppConfig( + configurator.AuthModule(), + configurator.TxModule(), + configurator.ParamsModule(), + configurator.BankModule(), + configurator.StakingModule(), + configurator.ConsensusModule(), + configurator.DistributionModule(), + configurator.GovModule(), + ), + depinject.Supply(log.NewNopLogger()), + ), + &res.TxConfig, &res.AccountKeeper, &res.BankKeeper, &res.GovKeeper, &res.StakingKeeper, &res.DistributionKeeper) + +require.NoError(t, err) + ctx := app.NewContext(isCheckTx) + +res.App = app + return res, ctx +} + +func getTestingAccounts( + t *testing.T, + r *rand.Rand, + accountKeeper authkeeper.AccountKeeper, + bankKeeper bankkeeper.Keeper, + stakingKeeper *stakingkeeper.Keeper, + ctx sdk.Context, + n int, +) []simtypes.Account { + t.Helper() + accounts := simtypes.RandomAccounts(r, n) + initAmt := stakingKeeper.TokensFromConsensusPower(ctx, 200) + initCoins := sdk.NewCoins(sdk.NewCoin(sdk.DefaultBondDenom, initAmt)) + + // add coins to the accounts + for _, account := range accounts { + acc := accountKeeper.NewAccountWithAddress(ctx, account.Address) + +accountKeeper.SetAccount(ctx, acc) + +require.NoError(t, testutil.FundAccount(ctx, bankKeeper, account.Address, initCoins)) +} + +return accounts +} +``` + +```go expandable +package simulation_test + +import ( + + "fmt" + "math/rand" + "testing" + "time" + + abci "github.com/cometbft/cometbft/abci/types" + "github.com/cosmos/gogoproto/proto" + "github.com/stretchr/testify/require" + "cosmossdk.io/depinject" + "cosmossdk.io/log" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/runtime" + "github.com/cosmos/cosmos-sdk/testutil/configurator" + simtestutil "github.com/cosmos/cosmos-sdk/testutil/sims" + sdk "github.com/cosmos/cosmos-sdk/types" + simtypes "github.com/cosmos/cosmos-sdk/types/simulation" + _ "github.com/cosmos/cosmos-sdk/x/auth" + authkeeper "github.com/cosmos/cosmos-sdk/x/auth/keeper" + _ "github.com/cosmos/cosmos-sdk/x/auth/tx/config" + _ "github.com/cosmos/cosmos-sdk/x/bank" + bankkeeper "github.com/cosmos/cosmos-sdk/x/bank/keeper" + "github.com/cosmos/cosmos-sdk/x/bank/testutil" + _ "github.com/cosmos/cosmos-sdk/x/consensus" + _ "github.com/cosmos/cosmos-sdk/x/distribution" + dk "github.com/cosmos/cosmos-sdk/x/distribution/keeper" + _ "github.com/cosmos/cosmos-sdk/x/gov" + "github.com/cosmos/cosmos-sdk/x/gov/keeper" + "github.com/cosmos/cosmos-sdk/x/gov/simulation" + "github.com/cosmos/cosmos-sdk/x/gov/types" + v1 "github.com/cosmos/cosmos-sdk/x/gov/types/v1" + "github.com/cosmos/cosmos-sdk/x/gov/types/v1beta1" + _ "github.com/cosmos/cosmos-sdk/x/params" + _ "github.com/cosmos/cosmos-sdk/x/staking" + stakingkeeper "github.com/cosmos/cosmos-sdk/x/staking/keeper" +) + +var ( + _ simtypes.WeightedProposalMsg = MockWeightedProposals{ +} + //nolint:staticcheck // keeping around for legacy testing + _ simtypes.WeightedProposalContent = MockWeightedProposals{ +} +) + +type MockWeightedProposals struct { + n int +} + +func (m MockWeightedProposals) + +AppParamsKey() + +string { + return fmt.Sprintf("AppParamsKey-%d", m.n) +} + +func (m MockWeightedProposals) + +DefaultWeight() + +int { + return m.n +} + +func (m MockWeightedProposals) + +MsgSimulatorFn() + +simtypes.MsgSimulatorFn { + return func(r *rand.Rand, _ sdk.Context, _ []simtypes.Account) + +sdk.Msg { + return nil +} +} + +//nolint:staticcheck // retaining legacy content to maintain gov functionality +func (m MockWeightedProposals) + +ContentSimulatorFn() + +simtypes.ContentSimulatorFn { + return func(r *rand.Rand, _ sdk.Context, _ []simtypes.Account) + +simtypes.Content { + return v1beta1.NewTextProposal( + fmt.Sprintf("title-%d: %s", m.n, simtypes.RandStringOfLength(r, 100)), + fmt.Sprintf("description-%d: %s", m.n, simtypes.RandStringOfLength(r, 4000)), + ) +} +} + +func mockWeightedProposalMsg(n int) []simtypes.WeightedProposalMsg { + wpc := make([]simtypes.WeightedProposalMsg, n) + for i := range n { + wpc[i] = MockWeightedProposals{ + i +} + +} + +return wpc +} + +// nolint // keeping this legacy proposal for testing +func mockWeightedLegacyProposalContent(n int) []simtypes.WeightedProposalContent { + wpc := make([]simtypes.WeightedProposalContent, n) + for i := range n { + wpc[i] = MockWeightedProposals{ + i +} + +} + +return wpc +} + +// TestWeightedOperations tests the weights of the operations. +func TestWeightedOperations(t *testing.T) { + suite, ctx := createTestSuite(t, false) + app := suite.App + ctx.WithChainID("test-chain") + appParams := make(simtypes.AppParams) + weightesOps := simulation.WeightedOperations(appParams, suite.TxConfig, suite.AccountKeeper, + suite.BankKeeper, suite.GovKeeper, mockWeightedProposalMsg(3), mockWeightedLegacyProposalContent(1), + ) + + // setup 3 accounts + s := rand.NewSource(1) + r := rand.New(s) + accs := getTestingAccounts(t, r, suite.AccountKeeper, suite.BankKeeper, suite.StakingKeeper, ctx, 3) + expected := []struct { + weight int + opMsgRoute string + opMsgName string +}{ + { + simulation.DefaultWeightMsgDeposit, types.ModuleName, simulation.TypeMsgDeposit +}, + { + simulation.DefaultWeightMsgVote, types.ModuleName, simulation.TypeMsgVote +}, + { + simulation.DefaultWeightMsgVoteWeighted, types.ModuleName, simulation.TypeMsgVoteWeighted +}, + { + simulation.DefaultWeightMsgCancelProposal, types.ModuleName, simulation.TypeMsgCancelProposal +}, + {0, types.ModuleName, simulation.TypeMsgSubmitProposal +}, + {1, types.ModuleName, simulation.TypeMsgSubmitProposal +}, + {2, types.ModuleName, simulation.TypeMsgSubmitProposal +}, + {0, types.ModuleName, simulation.TypeMsgSubmitProposal +}, +} + +require.Equal(t, len(weightesOps), len(expected), "number of operations should be the same") + for i, w := range weightesOps { + operationMsg, _, err := w.Op()(r, app.BaseApp, ctx, accs, ctx.ChainID()) + +require.NoError(t, err) + + // the following checks are very much dependent from the ordering of the output given + // by WeightedOperations. if the ordering in WeightedOperations changes some tests + // will fail + require.Equal(t, expected[i].weight, w.Weight(), "weight should be the same") + +require.Equal(t, expected[i].opMsgRoute, operationMsg.Route, "route should be the same") + +require.Equal(t, expected[i].opMsgName, operationMsg.Name, "operation Msg name should be the same") +} +} + +// TestSimulateMsgSubmitProposal tests the normal scenario of a valid message of type TypeMsgSubmitProposal. +// Abnormal scenarios, where errors occur, are not tested here. +func TestSimulateMsgSubmitProposal(t *testing.T) { + suite, ctx := createTestSuite(t, false) + app := suite.App + + // setup 3 accounts + s := rand.NewSource(1) + r := rand.New(s) + accounts := getTestingAccounts(t, r, suite.AccountKeeper, suite.BankKeeper, suite.StakingKeeper, ctx, 3) + + _, err := app.FinalizeBlock(&abci.RequestFinalizeBlock{ + Height: app.LastBlockHeight() + 1, + Hash: app.LastCommitID().Hash, +}) + +require.NoError(t, err) + + // execute operation + op := simulation.SimulateMsgSubmitProposal(suite.TxConfig, suite.AccountKeeper, suite.BankKeeper, suite.GovKeeper, MockWeightedProposals{3 +}.MsgSimulatorFn()) + +operationMsg, _, err := op(r, app.BaseApp, ctx, accounts, "") + +require.NoError(t, err) + +var msg v1.MsgSubmitProposal + err = proto.Unmarshal(operationMsg.Msg, &msg) + +require.NoError(t, err) + +require.True(t, operationMsg.OK) + +require.Equal(t, "cosmos1ghekyjucln7y67ntx7cf27m9dpuxxemn4c8g4r", msg.Proposer) + +require.NotEqual(t, len(msg.InitialDeposit), 0) + +require.Equal(t, "47841094stake", msg.InitialDeposit[0].String()) + +require.Equal(t, simulation.TypeMsgSubmitProposal, sdk.MsgTypeURL(&msg)) +} + +// TestSimulateMsgSubmitProposal tests the normal scenario of a valid message of type TypeMsgSubmitProposal. +// Abnormal scenarios, where errors occur, are not tested here. +func TestSimulateMsgSubmitLegacyProposal(t *testing.T) { + suite, ctx := createTestSuite(t, false) + app := suite.App + + // setup 3 accounts + s := rand.NewSource(1) + r := rand.New(s) + accounts := getTestingAccounts(t, r, suite.AccountKeeper, suite.BankKeeper, suite.StakingKeeper, ctx, 3) + + _, err := app.FinalizeBlock(&abci.RequestFinalizeBlock{ + Height: app.LastBlockHeight() + 1, + Hash: app.LastCommitID().Hash, +}) + +require.NoError(t, err) + // execute operation + op := simulation.SimulateMsgSubmitLegacyProposal(suite.TxConfig, suite.AccountKeeper, suite.BankKeeper, suite.GovKeeper, MockWeightedProposals{3 +}.ContentSimulatorFn()) + +operationMsg, _, err := op(r, app.BaseApp, ctx, accounts, "") + +require.NoError(t, err) + +var msg v1.MsgSubmitProposal + err = proto.Unmarshal(operationMsg.Msg, &msg) + +require.NoError(t, err) + +var msgLegacyContent v1.MsgExecLegacyContent + err = proto.Unmarshal(msg.Messages[0].Value, &msgLegacyContent) + +require.NoError(t, err) + +var textProposal v1beta1.TextProposal + err = proto.Unmarshal(msgLegacyContent.Content.Value, &textProposal) + +require.NoError(t, err) + +require.True(t, operationMsg.OK) + +require.Equal(t, "cosmos1p8wcgrjr4pjju90xg6u9cgq55dxwq8j7u4x9a0", msg.Proposer) + +require.NotEqual(t, len(msg.InitialDeposit), 0) + +require.Equal(t, "25166256stake", msg.InitialDeposit[0].String()) + +require.Equal(t, "title-3: ZBSpYuLyYggwexjxusrBqDOTtGTOWeLrQKjLxzIivHSlcxgdXhhuTSkuxKGLwQvuyNhYFmBZHeAerqyNEUzXPFGkqEGqiQWIXnku", + textProposal.GetTitle()) + +require.Equal(t, "description-3: NJWzHdBNpAXKJPHWQdrGYcAHSctgVlqwqHoLfHsXUdStwfefwzqLuKEhmMyYLdbZrcPgYqjNHxPexsruwEGStAneKbWkQDDIlCWBLSiAASNhZqNFlPtfqPJoxKsgMdzjWqLWdqKQuJqWPMvwPQWZUtVMOTMYKJbfdlZsjdsomuScvDmbDkgRualsxDvRJuCAmPOXitIbcyWsKGSdrEunFAOdmXnsuyFVgJqEjbklvmwrUlsxjRSfKZxGcpayDdgoFcnVSutxjRgOSFzPwidAjubMncNweqpbxhXGchpZUxuFDOtpnhNUycJICRYqsPhPSCjPTWZFLkstHWJxvdPEAyEIxXgLwbNOjrgzmaujiBABBIXvcXpLrbcEWNNQsbjvgJFgJkflpRohHUutvnaUqoopuKjTDaemDeSdqbnOzcfJpcTuAQtZoiLZOoAIlboFDAeGmSNwkvObPRvRWQgWkGkxwtPauYgdkmypLjbqhlHJIQTntgWjXwZdOyYEdQRRLfMSdnxqppqUofqLbLQDUjwKVKfZJUJQPsWIPwIVaSTrmKskoAhvmZyJgeRpkaTfGgrJzAigcxtfshmiDCFkuiluqtMOkidknnTBtumyJYlIsWLnCQclqdVmikUoMOPdPWwYbJxXyqUVicNxFxyqJTenNblyyKSdlCbiXxUiYUiMwXZASYfvMDPFgxniSjWaZTjHkqlJvtBsXqwPpyVxnJVGFWhfSxgOcduoxkiopJvFjMmFabrGYeVtTXLhxVUEiGwYUvndjFGzDVntUvibiyZhfMQdMhgsiuysLMiePBNXifRLMsSmXPkwlPloUbJveCvUlaalhZHuvdkCnkSHbMbmOnrfEGPwQiACiPlnihiaOdbjPqPiTXaHDoJXjSlZmltGqNHHNrcKdlFSCdmVOuvDcBLdSklyGJmcLTbSFtALdGlPkqqecJrpLCXNPWefoTJNgEJlyMEPneVaxxduAAEqQpHWZodWyRkDAxzyMnFMcjSVqeRXLqsNyNtQBbuRvunZflWSbbvXXdkyLikYqutQhLPONXbvhcQZJPSWnOulqQaXmbfFxAkqfYeseSHOQidHwbcsOaMnSrrmGjjRmEMQNuknupMxJiIeVjmgZvbmjPIQTEhQFULQLBMPrxcFPvBinaOPYWGvYGRKxLZdwamfRQQFngcdSlvwjfaPbURasIsGJVHtcEAxnIIrhSriiXLOlbEBLXFElXJFGxHJczRBIxAuPKtBisjKBwfzZFagdNmjdwIRvwzLkFKWRTDPxJCmpzHUcrPiiXXHnOIlqNVoGSXZewdnCRhuxeYGPVTfrNTQNOxZmxInOazUYNTNDgzsxlgiVEHPKMfbesvPHUqpNkUqbzeuzfdrsuLDpKHMUbBMKczKKWOdYoIXoPYtEjfOnlQLoGnbQUCuERdEFaptwnsHzTJDsuZkKtzMpFaZobynZdzNydEeJJHDYaQcwUxcqvwfWwNUsCiLvkZQiSfzAHftYgAmVsXgtmcYgTqJIawstRYJrZdSxlfRiqTufgEQVambeZZmaAyRQbcmdjVUZZCgqDrSeltJGXPMgZnGDZqISrGDOClxXCxMjmKqEPwKHoOfOeyGmqWqihqjINXLqnyTesZePQRqaWDQNqpLgNrAUKulklmckTijUltQKuWQDwpLmDyxLppPVMwsmBIpOwQttYFMjgJQZLYFPmxWFLIeZihkRNnkzoypBICIxgEuYsVWGIGRbbxqVasYnstWomJnHwmtOhAFSpttRYYzBmyEtZXiCthvKvWszTXDbiJbGXMcrYpKAgvUVFtdKUfvdMfhAryctklUCEdjetjuGNfJjajZtvzdYaqInKtFPPLYmRaXPdQzxdSQfmZDEVHlHGEGNSPRFJuIfKLLfUmnHxHnRjmzQPNlqrXgifUdzAGKVabYqvcDeYoTYgPsBUqehrBhmQUgTvDnsdpuhUoxskDdppTsYMcnDIPSwKIqhXDCIxOuXrywahvVavvHkPuaenjLmEbMgrkrQLHEAwrhHkPRNvonNQKqprqOFVZKAtpRSpvQUxMoXCMZLSSbnLEFsjVfANdQNQVwTmGxqVjVqRuxREAhuaDrFgEZpYKhwWPEKBevBfsOIcaZKyykQafzmGPLRAKDtTcJxJVgiiuUkmyMYuDUNEUhBEdoBLJnamtLmMJQgmLiUELIhLpiEvpOXOvXCPUeldLFqkKOwfacqIaRcnnZvERKRMCKUkMABbDHytQqQblrvoxOZkwzosQfDKGtIdfcXRJNqlBNwOCWoQBcEWyqrMlYZIAXYJmLfnjoJepgSFvrgajaBAIksoyeHqgqbGvpAstMIGmIhRYGGNPRIfOQKsGoKgxtsidhTaAePRCBFqZgPDWCIkqOJezGVkjfYUCZTlInbxBXwUAVRsxHTQtJFnnpmMvXDYCVlEmnZBKhmmxQOIQzxFWpJQkQoSAYzTEiDWEOsVLNrbfzeHFRyeYATakQQWmFDLPbVMCJcWjFGJjfqCoVzlbNNEsqxdSmNPjTjHYOkuEMFLkXYGaoJlraLqayMeCsTjWNRDPBywBJLAPVkGQqTwApVVwYAetlwSbzsdHWsTwSIcctkyKDuRWYDQikRqsKTMJchrliONJeaZIzwPQrNbTwxsGdwuduvibtYndRwpdsvyCktRHFalvUuEKMqXbItfGcNGWsGzubdPMYayOUOINjpcFBeESdwpdlTYmrPsLsVDhpTzoMegKrytNVZkfJRPuDCUXxSlSthOohmsuxmIZUedzxKmowKOdXTMcEtdpHaPWgIsIjrViKrQOCONlSuazmLuCUjLltOGXeNgJKedTVrrVCpWYWHyVrdXpKgNaMJVjbXxnVMSChdWKuZdqpisvrkBJPoURDYxWOtpjzZoOpWzyUuYNhCzRoHsMjmmWDcXzQiHIyjwdhPNwiPqFxeUfMVFQGImhykFgMIlQEoZCaRoqSBXTSWAeDumdbsOGtATwEdZlLfoBKiTvodQBGOEcuATWXfiinSjPmJKcWgQrTVYVrwlyMWhxqNbCMpIQNoSMGTiWfPTCezUjYcdWppnsYJihLQCqbNLRGgqrwHuIvsazapTpoPZIyZyeeSueJuTIhpHMEJfJpScshJubJGfkusuVBgfTWQoywSSliQQSfbvaHKiLnyjdSbpMkdBgXepoSsHnCQaYuHQqZsoEOmJCiuQUpJkmfyfbIShzlZpHFmLCsbknEAkKXKfRTRnuwdBeuOGgFbJLbDksHVapaRayWzwoYBEpmrlAxrUxYMUekKbpjPNfjUCjhbdMAnJmYQVZBQZkFVweHDAlaqJjRqoQPoOMLhyvYCzqEuQsAFoxWrzRnTVjStPadhsESlERnKhpEPsfDxNvxqcOyIulaCkmPdambLHvGhTZzysvqFauEgkFRItPfvisehFmoBhQqmkfbHVsgfHXDPJVyhwPllQpuYLRYvGodxKjkarnSNgsXoKEMlaSKxKdcVgvOkuLcfLFfdtXGTclqfPOfeoVLbqcjcXCUEBgAGplrkgsmIEhWRZLlGPGCwKWRaCKMkBHTAcypUrYjWwCLtOPVygMwMANGoQwFnCqFrUGMCRZUGJKTZIGPyldsifauoMnJPLTcDHmilcmahlqOELaAUYDBuzsVywnDQfwRLGIWozYaOAilMBcObErwgTDNGWnwQMUgFFSKtPDMEoEQCTKVREqrXZSGLqwTMcxHfWotDllNkIJPMbXzjDVjPOOjCFuIvTyhXKLyhUScOXvYthRXpPfKwMhptXaxIxgqBoUqzrWbaoLTVpQoottZyPFfNOoMioXHRuFwMRYUiKvcWPkrayyTLOCFJlAyslDameIuqVAuxErqFPEWIScKpBORIuZqoXlZuTvAjEdlEWDODFRregDTqGNoFBIHxvimmIZwLfFyKUfEWAnNBdtdzDmTPXtpHRGdIbuucfTjOygZsTxPjfweXhSUkMhPjMaxKlMIJMOXcnQfyzeOcbWwNbeH", + textProposal.GetDescription()) + +require.Equal(t, simulation.TypeMsgSubmitProposal, sdk.MsgTypeURL(&msg)) +} + +// TestSimulateMsgCancelProposal tests the normal scenario of a valid message of type TypeMsgCancelProposal. +// Abnormal scenarios, where errors occur, are not tested here. +func TestSimulateMsgCancelProposal(t *testing.T) { + suite, ctx := createTestSuite(t, false) + app := suite.App + blockTime := time.Now().UTC() + +ctx = ctx.WithBlockTime(blockTime) + + // setup 3 accounts + s := rand.NewSource(1) + r := rand.New(s) + accounts := getTestingAccounts(t, r, suite.AccountKeeper, suite.BankKeeper, suite.StakingKeeper, ctx, 3) + // setup a proposal + proposer := accounts[0].Address + content := v1beta1.NewTextProposal("Test", "description") + +contentMsg, err := v1.NewLegacyContent(content, suite.GovKeeper.GetGovernanceAccount(ctx).GetAddress().String()) + +require.NoError(t, err) + submitTime := ctx.BlockHeader().Time + params, _ := suite.GovKeeper.Params.Get(ctx) + depositPeriod := params.MaxDepositPeriod + + proposal, err := v1.NewProposal([]sdk.Msg{ + contentMsg +}, 1, submitTime, submitTime.Add(*depositPeriod), "", "title", "summary", proposer, false) + +require.NoError(t, err) + +require.NoError(t, suite.GovKeeper.SetProposal(ctx, proposal)) + + _, err = app.FinalizeBlock(&abci.RequestFinalizeBlock{ + Height: app.LastBlockHeight() + 1, + Hash: app.LastCommitID().Hash, +}) + +require.NoError(t, err) + + // execute operation + op := simulation.SimulateMsgCancelProposal(suite.TxConfig, suite.AccountKeeper, suite.BankKeeper, suite.GovKeeper) + +operationMsg, _, err := op(r, app.BaseApp, ctx, accounts, "") + +require.NoError(t, err) + +var msg v1.MsgCancelProposal + err = proto.Unmarshal(operationMsg.Msg, &msg) + +require.NoError(t, err) + +require.NoError(t, err) + +require.True(t, operationMsg.OK) + +require.Equal(t, uint64(1), msg.ProposalId) + +require.Equal(t, proposer.String(), msg.Proposer) + +require.Equal(t, simulation.TypeMsgCancelProposal, sdk.MsgTypeURL(&msg)) +} + +// TestSimulateMsgDeposit tests the normal scenario of a valid message of type TypeMsgDeposit. +// Abnormal scenarios, where errors occur, are not tested here. +func TestSimulateMsgDeposit(t *testing.T) { + suite, ctx := createTestSuite(t, false) + app := suite.App + blockTime := time.Now().UTC() + +ctx = ctx.WithBlockTime(blockTime) + + // setup 3 accounts + s := rand.NewSource(1) + r := rand.New(s) + accounts := getTestingAccounts(t, r, suite.AccountKeeper, suite.BankKeeper, suite.StakingKeeper, ctx, 3) + + // setup a proposal + content := v1beta1.NewTextProposal("Test", "description") + +contentMsg, err := v1.NewLegacyContent(content, suite.GovKeeper.GetGovernanceAccount(ctx).GetAddress().String()) + +require.NoError(t, err) + submitTime := ctx.BlockHeader().Time + params, _ := suite.GovKeeper.Params.Get(ctx) + depositPeriod := params.MaxDepositPeriod + + proposal, err := v1.NewProposal([]sdk.Msg{ + contentMsg +}, 1, submitTime, submitTime.Add(*depositPeriod), "", "text proposal", "description", sdk.AccAddress("cosmos1ghekyjucln7y67ntx7cf27m9dpuxxemn4c8g4r"), false) + +require.NoError(t, err) + +require.NoError(t, suite.GovKeeper.SetProposal(ctx, proposal)) + + _, err = app.FinalizeBlock(&abci.RequestFinalizeBlock{ + Height: app.LastBlockHeight() + 1, + Hash: app.LastCommitID().Hash, +}) + +require.NoError(t, err) + + // execute operation + op := simulation.SimulateMsgDeposit(suite.TxConfig, suite.AccountKeeper, suite.BankKeeper, suite.GovKeeper) + +operationMsg, _, err := op(r, app.BaseApp, ctx, accounts, "") + +require.NoError(t, err) + +var msg v1.MsgDeposit + err = proto.Unmarshal(operationMsg.Msg, &msg) + +require.NoError(t, err) + +require.True(t, operationMsg.OK) + +require.Equal(t, uint64(1), msg.ProposalId) + +require.Equal(t, "cosmos1ghekyjucln7y67ntx7cf27m9dpuxxemn4c8g4r", msg.Depositor) + +require.NotEqual(t, len(msg.Amount), 0) + +require.Equal(t, "560969stake", msg.Amount[0].String()) + +require.Equal(t, simulation.TypeMsgDeposit, sdk.MsgTypeURL(&msg)) +} + +// TestSimulateMsgVote tests the normal scenario of a valid message of type TypeMsgVote. +// Abnormal scenarios, where errors occur, are not tested here. +func TestSimulateMsgVote(t *testing.T) { + suite, ctx := createTestSuite(t, false) + app := suite.App + blockTime := time.Now().UTC() + +ctx = ctx.WithBlockTime(blockTime) + + // setup 3 accounts + s := rand.NewSource(1) + r := rand.New(s) + accounts := getTestingAccounts(t, r, suite.AccountKeeper, suite.BankKeeper, suite.StakingKeeper, ctx, 3) + + // setup a proposal + govAcc := suite.GovKeeper.GetGovernanceAccount(ctx).GetAddress().String() + +contentMsg, err := v1.NewLegacyContent(v1beta1.NewTextProposal("Test", "description"), govAcc) + +require.NoError(t, err) + submitTime := ctx.BlockHeader().Time + params, _ := suite.GovKeeper.Params.Get(ctx) + depositPeriod := params.MaxDepositPeriod + + proposal, err := v1.NewProposal([]sdk.Msg{ + contentMsg +}, 1, submitTime, submitTime.Add(*depositPeriod), "", "text proposal", "description", sdk.AccAddress("cosmos1ghekyjucln7y67ntx7cf27m9dpuxxemn4c8g4r"), false) + +require.NoError(t, err) + +require.NoError(t, suite.GovKeeper.ActivateVotingPeriod(ctx, proposal)) + + _, err = app.FinalizeBlock(&abci.RequestFinalizeBlock{ + Height: app.LastBlockHeight() + 1, + Hash: app.LastCommitID().Hash, +}) + +require.NoError(t, err) + + // execute operation + op := simulation.SimulateMsgVote(suite.TxConfig, suite.AccountKeeper, suite.BankKeeper, suite.GovKeeper) + +operationMsg, _, err := op(r, app.BaseApp, ctx, accounts, "") + +require.NoError(t, err) + +var msg v1.MsgVote + err = proto.Unmarshal(operationMsg.Msg, &msg) + +require.NoError(t, err) + +require.True(t, operationMsg.OK) + +require.Equal(t, uint64(1), msg.ProposalId) + +require.Equal(t, "cosmos1ghekyjucln7y67ntx7cf27m9dpuxxemn4c8g4r", msg.Voter) + +require.Equal(t, v1.OptionYes, msg.Option) + +require.Equal(t, simulation.TypeMsgVote, sdk.MsgTypeURL(&msg)) +} + +// TestSimulateMsgVoteWeighted tests the normal scenario of a valid message of type TypeMsgVoteWeighted. +// Abnormal scenarios, where errors occur, are not tested here. +func TestSimulateMsgVoteWeighted(t *testing.T) { + suite, ctx := createTestSuite(t, false) + app := suite.App + blockTime := time.Now().UTC() + +ctx = ctx.WithBlockTime(blockTime) + + // setup 3 accounts + s := rand.NewSource(1) + r := rand.New(s) + accounts := getTestingAccounts(t, r, suite.AccountKeeper, suite.BankKeeper, suite.StakingKeeper, ctx, 3) + + // setup a proposal + govAcc := suite.GovKeeper.GetGovernanceAccount(ctx).GetAddress().String() + +contentMsg, err := v1.NewLegacyContent(v1beta1.NewTextProposal("Test", "description"), govAcc) + +require.NoError(t, err) + submitTime := ctx.BlockHeader().Time + params, _ := suite.GovKeeper.Params.Get(ctx) + depositPeriod := params.MaxDepositPeriod + + proposal, err := v1.NewProposal([]sdk.Msg{ + contentMsg +}, 1, submitTime, submitTime.Add(*depositPeriod), "", "text proposal", "test", sdk.AccAddress("cosmos1ghekyjucln7y67ntx7cf27m9dpuxxemn4c8g4r"), false) + +require.NoError(t, err) + +require.NoError(t, suite.GovKeeper.ActivateVotingPeriod(ctx, proposal)) + + _, err = app.FinalizeBlock(&abci.RequestFinalizeBlock{ + Height: app.LastBlockHeight() + 1, + Hash: app.LastCommitID().Hash, +}) + +require.NoError(t, err) + + // execute operation + op := simulation.SimulateMsgVoteWeighted(suite.TxConfig, suite.AccountKeeper, suite.BankKeeper, suite.GovKeeper) + +operationMsg, _, err := op(r, app.BaseApp, ctx, accounts, "") + +require.NoError(t, err) + +var msg v1.MsgVoteWeighted + err = proto.Unmarshal(operationMsg.Msg, &msg) + +require.NoError(t, err) + +require.True(t, operationMsg.OK) + +require.Equal(t, uint64(1), msg.ProposalId) + +require.Equal(t, "cosmos1ghekyjucln7y67ntx7cf27m9dpuxxemn4c8g4r", msg.Voter) + +require.True(t, len(msg.Options) >= 1) + +require.Equal(t, simulation.TypeMsgVoteWeighted, sdk.MsgTypeURL(&msg)) +} + +type suite struct { + TxConfig client.TxConfig + AccountKeeper authkeeper.AccountKeeper + BankKeeper bankkeeper.Keeper + GovKeeper *keeper.Keeper + StakingKeeper *stakingkeeper.Keeper + DistributionKeeper dk.Keeper + App *runtime.App +} + +// returns context and an app with updated mint keeper +func createTestSuite(t *testing.T, isCheckTx bool) (suite, sdk.Context) { + t.Helper() + res := suite{ +} + +app, err := simtestutil.Setup( + depinject.Configs( + configurator.NewAppConfig( + configurator.AuthModule(), + configurator.TxModule(), + configurator.ParamsModule(), + configurator.BankModule(), + configurator.StakingModule(), + configurator.ConsensusModule(), + configurator.DistributionModule(), + configurator.GovModule(), + ), + depinject.Supply(log.NewNopLogger()), + ), + &res.TxConfig, &res.AccountKeeper, &res.BankKeeper, &res.GovKeeper, &res.StakingKeeper, &res.DistributionKeeper) + +require.NoError(t, err) + ctx := app.NewContext(isCheckTx) + +res.App = app + return res, ctx +} + +func getTestingAccounts( + t *testing.T, + r *rand.Rand, + accountKeeper authkeeper.AccountKeeper, + bankKeeper bankkeeper.Keeper, + stakingKeeper *stakingkeeper.Keeper, + ctx sdk.Context, + n int, +) []simtypes.Account { + t.Helper() + accounts := simtypes.RandomAccounts(r, n) + initAmt := stakingKeeper.TokensFromConsensusPower(ctx, 200) + initCoins := sdk.NewCoins(sdk.NewCoin(sdk.DefaultBondDenom, initAmt)) + + // add coins to the accounts + for _, account := range accounts { + acc := accountKeeper.NewAccountWithAddress(ctx, account.Address) + +accountKeeper.SetAccount(ctx, acc) + +require.NoError(t, testutil.FundAccount(ctx, bankKeeper, account.Address, initCoins)) +} + +return accounts +} +``` + +## End-to-end Tests + +End-to-end tests are at the top of the [test pyramid](https://martinfowler.com/articles/practical-test-pyramid.html). +They must test the whole application flow, from the user perspective (for instance, CLI tests). They are located under [`/tests/e2e`](https://github.com/cosmos/cosmos-sdk/tree/main/tests/e2e). + +{/* @julienrbrt: makes more sense to use an app wired app to have 0 simapp dependencies */} +For that, the SDK is using `simapp` but you should use your own application (`appd`). +Here are some examples: + +* SDK E2E tests: [Link](https://github.com/cosmos/cosmos-sdk/tree/main/tests/e2e). +* Cosmos Hub E2E tests: [Link](https://github.com/cosmos/gaia/tree/main/tests/e2e). +* Osmosis E2E tests: [Link](https://github.com/osmosis-labs/osmosis/tree/main/tests/e2e). + + +**warning** +The SDK is in the process of creating its E2E tests, as defined in [ADR-59](https://docs.cosmos.network/main/build/architecture/adr-059-test-scopes). This page will eventually be updated with better examples. + + +## Learn More + +Learn more about testing scope in [ADR-59](https://docs.cosmos.network/main/build/architecture/adr-059-test-scopes). diff --git a/docs/sdk/next/build/building-modules/upgrade.mdx b/docs/sdk/next/build/building-modules/upgrade.mdx new file mode 100644 index 00000000..84acea6f --- /dev/null +++ b/docs/sdk/next/build/building-modules/upgrade.mdx @@ -0,0 +1,124 @@ +--- +title: Upgrading Modules +--- + +**Synopsis** +[In-Place Store Migrations](/docs/sdk/vnext/learn/advanced/upgrade) allow your modules to upgrade to new versions that include breaking changes. This document outlines how to build modules to take advantage of this functionality. + + + +**Pre-requisite Readings** + +* [In-Place Store Migration](/docs/sdk/vnext/learn/advanced/upgrade) + + + +## Consensus Version + +Successful upgrades of existing modules require each `AppModule` to implement the function `ConsensusVersion() uint64`. + +* The versions must be hard-coded by the module developer. +* The initial version **must** be set to 1. + +Consensus versions serve as state-breaking versions of app modules and must be incremented when the module introduces breaking changes. + +## Registering Migrations + +To register the functionality that takes place during a module upgrade, you must register which migrations you want to take place. + +Migration registration takes place in the `Configurator` using the `RegisterMigration` method. The `AppModule` reference to the configurator is in the `RegisterServices` method. + +You can register one or more migrations. If you register more than one migration script, list the migrations in increasing order and ensure there are enough migrations that lead to the desired consensus version. For example, to migrate to version 3 of a module, register separate migrations for version 1 and version 2 as shown in the following example: + +```go +func (am AppModule) + +RegisterServices(cfg module.Configurator) { + // --snip-- + cfg.RegisterMigration(types.ModuleName, 1, func(ctx sdk.Context) + +error { + // Perform in-place store migrations from ConsensusVersion 1 to 2. +}) + +cfg.RegisterMigration(types.ModuleName, 2, func(ctx sdk.Context) + +error { + // Perform in-place store migrations from ConsensusVersion 2 to 3. +}) +} +``` + +Since these migrations are functions that need access to a Keeper's store, use a wrapper around the keepers called `Migrator` as shown in this example: + +```go expandable +package keeper + +import ( + + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/x/bank/exported" + v2 "github.com/cosmos/cosmos-sdk/x/bank/migrations/v2" + v3 "github.com/cosmos/cosmos-sdk/x/bank/migrations/v3" + v4 "github.com/cosmos/cosmos-sdk/x/bank/migrations/v4" +) + +// Migrator is a struct for handling in-place store migrations. +type Migrator struct { + keeper BaseKeeper + legacySubspace exported.Subspace +} + +// NewMigrator returns a new Migrator. +func NewMigrator(keeper BaseKeeper, legacySubspace exported.Subspace) + +Migrator { + return Migrator{ + keeper: keeper, legacySubspace: legacySubspace +} +} + +// Migrate1to2 migrates from version 1 to 2. +func (m Migrator) + +Migrate1to2(ctx sdk.Context) + +error { + return v2.MigrateStore(ctx, m.keeper.storeService, m.keeper.cdc) +} + +// Migrate2to3 migrates x/bank storage from version 2 to 3. +func (m Migrator) + +Migrate2to3(ctx sdk.Context) + +error { + return v3.MigrateStore(ctx, m.keeper.storeService, m.keeper.cdc) +} + +// Migrate3to4 migrates x/bank storage from version 3 to 4. +func (m Migrator) + +Migrate3to4(ctx sdk.Context) + +error { + return v4.MigrateStore(ctx, m.keeper.storeService, m.legacySubspace, m.keeper.cdc) +} +``` + +## Writing Migration Scripts + +To define the functionality that takes place during an upgrade, write a migration script and place the functions in a `migrations/` directory. For example, to write migration scripts for the bank module, place the functions in `x/bank/migrations/`. Use the recommended naming convention for these functions. For example, `v2bank` is the script that migrates the package `x/bank/migrations/v2`: + +```go +// Migrating bank module from version 1 to 2 +func (m Migrator) + +Migrate1to2(ctx sdk.Context) + +error { + return v2bank.MigrateStore(ctx, m.keeper.storeKey) // v2bank is package `x/bank/migrations/v2`. +} +``` + +To see example code of changes that were implemented in a migration of balance keys, check out [migrateBalanceKeys](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/migrations/v2/store.go#L55-L76). For context, this code introduced migrations of the bank store that updated addresses to be prefixed by their length in bytes as outlined in [ADR-028](/docs/sdk/vnext/../architecture/adr-028-public-key-addresses). diff --git a/docs/sdk/next/build/migrations/intro.mdx b/docs/sdk/next/build/migrations/intro.mdx new file mode 100644 index 00000000..ad2b7dcf --- /dev/null +++ b/docs/sdk/next/build/migrations/intro.mdx @@ -0,0 +1,12 @@ +--- +title: SDK Migrations +--- +To smoothen the update to the latest stable release, the SDK includes a CLI command for hard-fork migrations (under the ` genesis migrate` subcommand). +Additionally, the SDK includes in-place migrations for its core modules. These in-place migrations are useful to migrate between major releases. + +* Hard-fork migrations are supported from the last major release to the current one. +* [In-place module migrations](https://docs.cosmos.network/main/core/upgrade#overwriting-genesis-functions) are supported from the last two major releases to the current one. + +Migration from a version older than the last two major releases is not supported. + +When migrating from a previous version, refer to the [`UPGRADING.md`](/docs/sdk/vnext/../../UPGRADING) and the `CHANGELOG.md` of the version you are migrating to. diff --git a/docs/sdk/next/build/migrations/upgrade-guide.mdx b/docs/sdk/next/build/migrations/upgrade-guide.mdx new file mode 100644 index 00000000..80cb71d8 --- /dev/null +++ b/docs/sdk/next/build/migrations/upgrade-guide.mdx @@ -0,0 +1,518 @@ +--- +title: Upgrade Guide +description: >- + This document provides a full guide for upgrading a Cosmos SDK chain from + v0.50.x to v0.53.x. +--- +This document provides a full guide for upgrading a Cosmos SDK chain from `v0.50.x` to `v0.53.x`. + +This guide includes one **required** change and three **optional** features. + +After completing this guide, applications will have: + +* The `x/protocolpool` module +* The `x/epochs` module +* Unordered Transaction support + +## Table of Contents + +* [App Wiring Changes (REQUIRED)](#app-wiring-changes-required) +* [Adding ProtocolPool Module (OPTIONAL)](#adding-protocolpool-module-optional) + * [ProtocolPool Manual Wiring](#protocolpool-manual-wiring) + * [ProtocolPool DI Wiring](#protocolpool-di-wiring) +* [Adding Epochs Module (OPTIONAL)](#adding-epochs-module-optional) + * [Epochs Manual Wiring](#epochs-manual-wiring) + * [Epochs DI Wiring](#epochs-di-wiring) +* [Enable Unordered Transactions (OPTIONAL)](#enable-unordered-transactions-optional) +* [Upgrade Handler](#upgrade-handler) + +## App Wiring Changes **REQUIRED** + +The `x/auth` module now contains a `PreBlocker` that *must* be set in the module manager's `SetOrderPreBlockers` method. + +```go +app.ModuleManager.SetOrderPreBlockers( + upgradetypes.ModuleName, + authtypes.ModuleName, // NEW +) +``` + +## Adding ProtocolPool Module **OPTIONAL** + + + +Using an external community pool such as `x/protocolpool` will cause the following `x/distribution` handlers to return an error: + +**QueryService** + +* `CommunityPool` + +**MsgService** + +* `CommunityPoolSpend` +* `FundCommunityPool` + +If your services depend on this functionality from `x/distribution`, please update them to use either `x/protocolpool` or your custom external community pool alternatives. + + + +### Manual Wiring + +Import the following: + +```go +import ( + + // ... + "github.com/cosmos/cosmos-sdk/x/protocolpool" + protocolpoolkeeper "github.com/cosmos/cosmos-sdk/x/protocolpool/keeper" + protocolpooltypes "github.com/cosmos/cosmos-sdk/x/protocolpool/types" +) +``` + +Set the module account permissions. + +```go +maccPerms = map[string][]string{ + // ... + protocolpooltypes.ModuleName: nil, + protocolpooltypes.ProtocolPoolEscrowAccount: nil, +} +``` + +Add the protocol pool keeper to your application struct. + +```go +ProtocolPoolKeeper protocolpoolkeeper.Keeper +``` + +Add the store key: + +```go +keys := storetypes.NewKVStoreKeys( + // ... + protocolpooltypes.StoreKey, +) +``` + +Instantiate the keeper. + +Make sure to do this before the distribution module instantiation, as you will pass the keeper there next. + +```go +app.ProtocolPoolKeeper = protocolpoolkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[protocolpooltypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), +) +``` + +Pass the protocolpool keeper to the distribution keeper: + +```go +app.DistrKeeper = distrkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[distrtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + app.StakingKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + distrkeeper.WithExternalCommunityPool(app.ProtocolPoolKeeper), // NEW +) +``` + +Add the protocolpool module to the module manager: + +```go +app.ModuleManager = module.NewManager( + // ... + protocolpool.NewAppModule(appCodec, app.ProtocolPoolKeeper, app.AccountKeeper, app.BankKeeper), +) +``` + +Add an entry for SetOrderBeginBlockers, SetOrderEndBlockers, SetOrderInitGenesis, and SetOrderExportGenesis. + +```go +app.ModuleManager.SetOrderBeginBlockers( + // must come AFTER distribution. + distrtypes.ModuleName, + protocolpooltypes.ModuleName, +) +``` + +```go +app.ModuleManager.SetOrderEndBlockers( + // order does not matter. + protocolpooltypes.ModuleName, +) +``` + +```go +app.ModuleManager.SetOrderInitGenesis( + // order does not matter. + protocolpooltypes.ModuleName, +) +``` + +```go +app.ModuleManager.SetOrderInitGenesis( + protocolpooltypes.ModuleName, // must be exported before bank. + banktypes.ModuleName, +) +``` + +### DI Wiring + +Note: *as long as an external community pool keeper (here, `x/protocolpool`) is wired in DI configs, `x/distribution` will automatically use it for its external pool.* + +First, set up the keeper for the application. + +Import the protocolpool keeper: + +```go +protocolpoolkeeper "github.com/cosmos/cosmos-sdk/x/protocolpool/keeper" +``` + +Add the keeper to your application struct: + +```go +ProtocolPoolKeeper protocolpoolkeeper.Keeper +``` + +Add the keeper to the depinject system: + +```go +depinject.Inject( + appConfig, + &appBuilder, + &app.appCodec, + &app.legacyAmino, + &app.txConfig, + &app.interfaceRegistry, + // ... other modules + &app.ProtocolPoolKeeper, // NEW MODULE! +) +``` + +Next, set up configuration for the module. + +Import the following: + +```go +import ( + + protocolpoolmodulev1 "cosmossdk.io/api/cosmos/protocolpool/module/v1" + + _ "github.com/cosmos/cosmos-sdk/x/protocolpool" // import for side-effects + protocolpooltypes "github.com/cosmos/cosmos-sdk/x/protocolpool/types" +) +``` + +The protocolpool module has module accounts that handle funds. Add them to the module account permission configuration: + +```go +moduleAccPerms = []*authmodulev1.ModuleAccountPermission{ + // ... + { + Account: protocolpooltypes.ModuleName +}, + { + Account: protocolpooltypes.ProtocolPoolEscrowAccount +}, +} +``` + +Next, add an entry for BeginBlockers, EndBlockers, InitGenesis, and ExportGenesis. + +```go +BeginBlockers: []string{ + // ... + // must be AFTER distribution. + distrtypes.ModuleName, + protocolpooltypes.ModuleName, +}, +``` + +```go +EndBlockers: []string{ + // ... + // order for protocolpool does not matter. + protocolpooltypes.ModuleName, +}, +``` + +```go +InitGenesis: []string{ + // ... must be AFTER distribution. + distrtypes.ModuleName, + protocolpooltypes.ModuleName, +}, +``` + +```go +ExportGenesis: []string{ + // ... + // Must be exported before x/bank. + protocolpooltypes.ModuleName, + banktypes.ModuleName, +}, +``` + +Lastly, add an entry for protocolpool in the ModuleConfig. + +```go +{ + Name: protocolpooltypes.ModuleName, + Config: appconfig.WrapAny(&protocolpoolmodulev1.Module{ +}), +}, +``` + +## Adding Epochs Module **OPTIONAL** + +### Manual Wiring + +Import the following: + +```go +import ( + + // ... + "github.com/cosmos/cosmos-sdk/x/epochs" + epochskeeper "github.com/cosmos/cosmos-sdk/x/epochs/keeper" + epochstypes "github.com/cosmos/cosmos-sdk/x/epochs/types" +) +``` + +Add the epochs keeper to your application struct: + +```go +EpochsKeeper epochskeeper.Keeper +``` + +Add the store key: + +```go +keys := storetypes.NewKVStoreKeys( + // ... + epochstypes.StoreKey, +) +``` + +Instantiate the keeper: + +```go +app.EpochsKeeper = epochskeeper.NewKeeper( + runtime.NewKVStoreService(keys[epochstypes.StoreKey]), + appCodec, +) +``` + +Set up hooks for the epochs keeper: + +To learn how to write hooks for the epoch keeper, see the [x/epoch README](https://github.com/cosmos/cosmos-sdk/blob/main/x/epochs/README.md) + +```go +app.EpochsKeeper.SetHooks( + epochstypes.NewMultiEpochHooks( + // insert epoch hooks receivers here + app.SomeOtherModule + ), +) +``` + +Add the epochs module to the module manager: + +```go +app.ModuleManager = module.NewManager( + // ... + epochs.NewAppModule(appCodec, app.EpochsKeeper), +) +``` + +Add entries for SetOrderBeginBlockers and SetOrderInitGenesis: + +```go +app.ModuleManager.SetOrderBeginBlockers( + // ... + epochstypes.ModuleName, +) +``` + +```go +app.ModuleManager.SetOrderInitGenesis( + // ... + epochstypes.ModuleName, +) +``` + +### DI Wiring + +First, set up the keeper for the application. + +Import the epochs keeper: + +```go +epochskeeper "github.com/cosmos/cosmos-sdk/x/epochs/keeper" +``` + +Add the keeper to your application struct: + +```go +EpochsKeeper epochskeeper.Keeper +``` + +Add the keeper to the depinject system: + +```go +depinject.Inject( + appConfig, + &appBuilder, + &app.appCodec, + &app.legacyAmino, + &app.txConfig, + &app.interfaceRegistry, + // ... other modules + &app.EpochsKeeper, // NEW MODULE! +) +``` + +Next, set up configuration for the module. + +Import the following: + +```go +import ( + + epochsmodulev1 "cosmossdk.io/api/cosmos/epochs/module/v1" + + _ "github.com/cosmos/cosmos-sdk/x/epochs" // import for side-effects + epochstypes "github.com/cosmos/cosmos-sdk/x/epochs/types" +) +``` + +Add an entry for BeginBlockers and InitGenesis: + +```go +BeginBlockers: []string{ + // ... + epochstypes.ModuleName, +}, +``` + +```go +InitGenesis: []string{ + // ... + epochstypes.ModuleName, +}, +``` + +Lastly, add an entry for epochs in the ModuleConfig: + +```go +{ + Name: epochstypes.ModuleName, + Config: appconfig.WrapAny(&epochsmodulev1.Module{ +}), +}, +``` + +## Enable Unordered Transactions **OPTIONAL** + +To enable unordered transaction support on an application, the `x/auth` keeper must be supplied with the `WithUnorderedTransactions` option. + +Note that unordered transactions require sequence values to be zero, and will **FAIL** if a non-zero sequence value is set. +Please ensure no sequence value is set when submitting an unordered transaction. +Services that rely on prior assumptions about sequence values should be updated to handle unordered transactions. +Services should be aware that when the transaction is unordered, the transaction sequence will always be zero. + +```go +app.AccountKeeper = authkeeper.NewAccountKeeper( + appCodec, + runtime.NewKVStoreService(keys[authtypes.StoreKey]), + authtypes.ProtoBaseAccount, + maccPerms, + authcodec.NewBech32Codec(sdk.Bech32MainPrefix), + sdk.Bech32MainPrefix, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + authkeeper.WithUnorderedTransactions(true), // new option! + ) +``` + +If using dependency injection, update the auth module config. + +```go +{ + Name: authtypes.ModuleName, + Config: appconfig.WrapAny(&authmodulev1.Module{ + Bech32Prefix: "cosmos", + ModuleAccountPermissions: moduleAccPerms, + EnableUnorderedTransactions: true, // remove this line if you do not want unordered transactions. +}), +}, +``` + +By default, unordered transactions use a transaction timeout duration of 10 minutes and a default gas charge of 2240 gas units. +To modify these default values, pass in the corresponding options to the new `SigVerifyOptions` field in `x/auth's` `ante.HandlerOptions`. + +```go +options := ante.HandlerOptions{ + SigVerifyOptions: []ante.SigVerificationDecoratorOption{ + // change below as needed. + ante.WithUnorderedTxGasCost(ante.DefaultUnorderedTxGasCost), + ante.WithMaxUnorderedTxTimeoutDuration(ante.DefaultMaxTimeoutDuration), +}, +} +``` + +```go +anteDecorators := []sdk.AnteDecorator{ + // ... other decorators ... + ante.NewSigVerificationDecorator(options.AccountKeeper, options.SignModeHandler, options.SigVerifyOptions...), // supply new options +} +``` + +## Upgrade Handler + +The upgrade handler only requires adding the store upgrades for the modules added above. +If your application is not adding `x/protocolpool` or `x/epochs`, you do not need to add the store upgrade. + +```go expandable +// UpgradeName defines the on-chain upgrade name for the sample SimApp upgrade +// from v050 to v053. +// +// NOTE: This upgrade defines a reference implementation of what an upgrade +// could look like when an application is migrating from Cosmos SDK version +// v0.50.x to v0.53.x. +const UpgradeName = "v050-to-v053" + +func (app SimApp) + +RegisterUpgradeHandlers() { + app.UpgradeKeeper.SetUpgradeHandler( + UpgradeName, + func(ctx context.Context, _ upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + return app.ModuleManager.RunMigrations(ctx, app.Configurator(), fromVM) +}, + ) + +upgradeInfo, err := app.UpgradeKeeper.ReadUpgradeInfoFromDisk() + if err != nil { + panic(err) +} + if upgradeInfo.Name == UpgradeName && !app.UpgradeKeeper.IsSkipHeight(upgradeInfo.Height) { + storeUpgrades := storetypes.StoreUpgrades{ + Added: []string{ + epochstypes.ModuleName, // if not adding x/epochs to your chain, remove this line. + protocolpooltypes.ModuleName, // if not adding x/protocolpool to your chain, remove this line. +}, +} + + // configure store loader that checks if version == upgradeHeight and applies store upgrades + app.SetStoreLoader(upgradetypes.UpgradeStoreLoader(upgradeInfo.Height, &storeUpgrades)) +} +} +``` diff --git a/docs/sdk/next/build/migrations/upgrade-reference.mdx b/docs/sdk/next/build/migrations/upgrade-reference.mdx new file mode 100644 index 00000000..f624ad60 --- /dev/null +++ b/docs/sdk/next/build/migrations/upgrade-reference.mdx @@ -0,0 +1,30 @@ +--- +title: Upgrade Reference +description: >- + This document provides a quick reference for the upgrades from v0.53.x to + v0.54.x of Cosmos SDK. +--- +This document provides a quick reference for the upgrades from `v0.53.x` to `v0.54.x` of Cosmos SDK. + +Note, always read the **App Wiring Changes** section for more information on application wiring updates. + +🚨Upgrading to v0.54.x will require a **coordinated** chain upgrade.🚨 + +### TLDR + +**The only major feature in Cosmos SDK v0.54.x is the upgrade from CometBFT v0.x.x to CometBFT v2.** + +For a full list of changes, see the [Changelog](https://github.com/cosmos/cosmos-sdk/blob/release/v0.54.x/CHANGELOG.md). + +#### Deprecation of `TimeoutCommit` + +CometBFT v2 has deprecated the use of `TimeoutCommit` for a new field, `NextBlockDelay`, that is part of the +`FinalizeBlockResponse` ABCI message that is returned to CometBFT via the SDK baseapp. More information from +the CometBFT repo can be found [here](https://github.com/cometbft/cometbft/blob/88ef3d267de491db98a654be0af6d791e8724ed0/spec/abci/abci%2B%2B_methods.md?plain=1#L689). + +For SDK application developers and node runners, this means that the `timeout_commit` value in the `config.toml` file +is still used if `NextBlockDelay` is 0 (its default value). This means that when upgrading to Cosmos SDK v0.54.x, if +the existing `timout_commit` values that validators have been using will be maintained and have the same behavior. + +For setting the field in your application, there is a new `baseapp` option, `SetNextBlockDelay` which can be passed to your application upon +initialization in `app.go`. Setting this value to any non-zero value will override anything that is set in validators' `config.toml`. diff --git a/docs/sdk/next/build/migrations/upgrading.mdx b/docs/sdk/next/build/migrations/upgrading.mdx new file mode 100644 index 00000000..41ab7240 --- /dev/null +++ b/docs/sdk/next/build/migrations/upgrading.mdx @@ -0,0 +1,532 @@ +--- +title: Upgrading Cosmos SDK +description: >- + This guide provides instructions for upgrading to specific versions of Cosmos + SDK. Note, always read the SimApp section for more information on application + wiring updates. +--- +This guide provides instructions for upgrading to specific versions of Cosmos SDK. +Note, always read the **SimApp** section for more information on application wiring updates. + +## [v0.50.x](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.50.0) + +### Migration to CometBFT (Part 2) + +The Cosmos SDK has migrated in its previous versions, to CometBFT. +Some functions have been renamed to reflect the naming change. + +Following an exhaustive list: + +* `client.TendermintRPC` -> `client.CometRPC` +* `clitestutil.MockTendermintRPC` -> `clitestutil.MockCometRPC` +* `clitestutilgenutil.CreateDefaultTendermintConfig` -> `clitestutilgenutil.CreateDefaultCometConfig` +* Package `client/grpc/tmservice` -> `client/grpc/cmtservice` + +Additionally, the commands and flags mentioning `tendermint` have been renamed to `comet`. +These commands and flags are still supported for backward compatibility. + +For backward compatibility, the `**/tendermint/**` gRPC services are still supported. + +Additionally, the SDK is starting its abstraction from CometBFT Go types through the codebase: + +* The usage of the CometBFT logger has been replaced by the Cosmos SDK logger interface (`cosmossdk.io/log.Logger`). +* The usage of `github.com/cometbft/cometbft/libs/bytes.HexByte` has been replaced by `[]byte`. +* Usage of an application genesis (see [genutil](#xgenutil)). + +#### Enable Vote Extensions + + +This is an optional feature that is disabled by default. + + +Once all the code changes required to implement Vote Extensions are in place, +they can be enabled by setting the consensus param `Abci.VoteExtensionsEnableHeight` +to a value greater than zero. + +In a new chain, this can be done in the `genesis.json` file. + +For existing chains this can be done in two ways: + +* During an upgrade the value is set in an upgrade handler. +* A governance proposal that changes the consensus param **after a coordinated upgrade has taken place**. + +### BaseApp + +All ABCI methods now accept a pointer to the request and response types defined +by CometBFT. In addition, they also return errors. An ABCI method should only +return errors in cases where a catastrophic failure has occurred and the application +should halt. However, this is abstracted away from the application developer. Any +handler that an application can define or set that returns an error, will gracefully +by handled by `BaseApp` on behalf of the application. + +BaseApp calls of `BeginBlock` & `Endblock` are now private but are still exposed +to the application to define via the `Manager` type. `FinalizeBlock` is public +and should be used in order to test and run operations. This means that although +`BeginBlock` & `Endblock` no longer exist in the ABCI interface, they are automatically +called by `BaseApp` during `FinalizeBlock`. Specifically, the order of operations +is `BeginBlock` -> `DeliverTx` (for all txs) -> `EndBlock`. + +ABCI++ 2.0 also brings `ExtendVote` and `VerifyVoteExtension` ABCI methods. These +methods allow applications to extend and verify pre-commit votes. The Cosmos SDK +allows an application to define handlers for these methods via `ExtendVoteHandler` +and `VerifyVoteExtensionHandler` respectively. Please see [here](https://docs.cosmos.network/v0.50/build/building-apps/vote-extensions) +for more info. + +#### Set PreBlocker + +A `SetPreBlocker` method has been added to BaseApp. This is essential for BaseApp to run `PreBlock` which runs before begin blocker other modules, and allows to modify consensus parameters, and the changes are visible to the following state machine logics. +Read more about other use cases [here](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-068-preblock.md). + +`depinject` / app di users need to add `x/upgrade` in their `app_config.go` / `app.yml`: + +```diff ++ PreBlockers: []string{ ++ upgradetypes.ModuleName, ++ }, +BeginBlockers: []string{ +- upgradetypes.ModuleName, + minttypes.ModuleName, +} +``` + +When using (legacy) application wiring, the following must be added to `app.go`: + +```diff expandable ++app.ModuleManager.SetOrderPreBlockers( ++ upgradetypes.ModuleName, ++) + +app.ModuleManager.SetOrderBeginBlockers( +- upgradetypes.ModuleName, +) + ++ app.SetPreBlocker(app.PreBlocker) + +// ... // + ++func (app *SimApp) PreBlocker(ctx sdk.Context, req *abci.RequestFinalizeBlock) (*sdk.ResponsePreBlock, error) { ++ return app.ModuleManager.PreBlock(ctx, req) ++} +``` + +#### Events + +The log section of `abci.TxResult` is not populated in the case of successful +msg(s) execution. Instead a new attribute is added to all messages indicating +the `msg_index` which identifies which events and attributes relate the same +transaction. + +`BeginBlock` & `EndBlock` Events are now emitted through `FinalizeBlock` but have +an added attribute, `mode=BeginBlock|EndBlock`, to identify if the event belongs +to `BeginBlock` or `EndBlock`. + +### Config files + +Confix is a new SDK tool for modifying and migrating configuration of the SDK. +It is the replacement of the `config.Cmd` command from the `client/config` package. + +Use the following command to migrate your configuration: + +```bash +simd config migrate v0.50 +``` + +If you were using ` config [key]` or ` config [key] [value]` to set and get values from the `client.toml`, replace it with ` config get client [key]` and ` config set client [key] [value]`. The extra verbosity is due to the extra functionalities added in config. + +More information about [confix](https://docs.cosmos.network/main/tooling/confix) and how to add it in your application binary in the [documentation](https://docs.cosmos.network/main/tooling/confix). + +#### gRPC-Web + +gRPC-Web is now listening to the same address and port as the gRPC Gateway API server (default: `localhost:1317`). +The possibility to listen to a different address has been removed, as well as its settings. +Use `confix` to clean-up your `app.toml`. A nginx (or alike) reverse-proxy can be set to keep the previous behavior. + +#### Database Support + +ClevelDB, BoltDB and BadgerDB are not supported anymore. To migrate from a unsupported database to a supported database please use a database migration tool. + +### Protobuf + +With the deprecation of the Amino JSON codec defined in [cosmos/gogoproto](https://github.com/cosmos/gogoproto) in favor of the protoreflect powered x/tx/aminojson codec, module developers are encouraged verify that their messages have the correct protobuf annotations to deterministically produce identical output from both codecs. + +For core SDK types equivalence is asserted by generative testing of [SignableTypes](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-beta.0/tests/integration/rapidgen/rapidgen.go#L102) in [TestAminoJSON\_Equivalence](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-beta.0/tests/integration/tx/aminojson/aminojson_test.go#L94). + +**TODO: summarize proto annotation requirements.** + +#### Stringer + +The `gogoproto.goproto_stringer = false` annotation has been removed from most proto files. This means that the `String()` method is being generated for types that previously had this annotation. The generated `String()` method uses `proto.CompactTextString` for *stringifying* structs. +[Verify](https://github.com/cosmos/cosmos-sdk/pull/13850#issuecomment-1328889651) the usage of the modified `String()` methods and double-check that they are not used in state-machine code. + +### SimApp + +In this section we describe the changes made in Cosmos SDK' SimApp. +**These changes are directly applicable to your application wiring.** + +#### Module Assertions + +Previously, all modules were required to be set in `OrderBeginBlockers`, `OrderEndBlockers` and `OrderInitGenesis / OrderExportGenesis` in `app.go` / `app_config.go`. This is no longer the case, the assertion has been loosened to only require modules implementing, respectively, the `appmodule.HasBeginBlocker`, `appmodule.HasEndBlocker` and `appmodule.HasGenesis` / `module.HasGenesis` interfaces. + +#### Module wiring + +The following modules `NewKeeper` function now take a `KVStoreService` instead of a `StoreKey`: + +* `x/auth` +* `x/authz` +* `x/bank` +* `x/consensus` +* `x/crisis` +* `x/distribution` +* `x/evidence` +* `x/feegrant` +* `x/gov` +* `x/mint` +* `x/nft` +* `x/slashing` +* `x/upgrade` + +**Users using `depinject` / app di do not need any changes, this is abstracted for them.** + +Users manually wiring their chain need to use the `runtime.NewKVStoreService` method to create a `KVStoreService` from a `StoreKey`: + +```diff +app.ConsensusParamsKeeper = consensusparamkeeper.NewKeeper( + appCodec, +- keys[consensusparamtypes.StoreKey] ++ runtime.NewKVStoreService(keys[consensusparamtypes.StoreKey]), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), +) +``` + +#### Logger + +Replace all your CometBFT logger imports by `cosmossdk.io/log`. + +Additionally, `depinject` / app di users must now supply a logger through the main `depinject.Supply` function instead of passing it to `appBuilder.Build`. + +```diff +appConfig = depinject.Configs( + AppConfig, + depinject.Supply( + // supply the application options + appOpts, ++ logger, + ... +``` + +```diff +- app.App = appBuilder.Build(logger, db, traceStore, baseAppOptions...) ++ app.App = appBuilder.Build(db, traceStore, baseAppOptions...) +``` + +User manually wiring their chain need to add the logger argument when creating the `x/bank` keeper. + +#### Module Basics + +Previously, the `ModuleBasics` was a global variable that was used to register all modules' `AppModuleBasic` implementation. +The global variable has been removed and the basic module manager can be now created from the module manager. + +This is automatically done for `depinject` / app di users, however for supplying different app module implementation, pass them via `depinject.Supply` in the main `AppConfig` (`app_config.go`): + +```go expandable +depinject.Supply( + // supply custom module basics + map[string]module.AppModuleBasic{ + genutiltypes.ModuleName: genutil.NewAppModuleBasic(genutiltypes.DefaultMessageValidator), + govtypes.ModuleName: gov.NewAppModuleBasic( + []govclient.ProposalHandler{ + paramsclient.ProposalHandler, +}, + ), +}, + ) +``` + +Users manually wiring their chain need to use the new `module.NewBasicManagerFromManager` function, after the module manager creation, and pass a `map[string]module.AppModuleBasic` as argument for optionally overriding some module's `AppModuleBasic`. + +#### AutoCLI + +[`AutoCLI`](https://docs.cosmos.network/main/core/autocli) has been implemented by the SDK for all its module CLI queries. This means chains must add the following in their `root.go` to enable `AutoCLI` in their application: + +```go +if err := autoCliOpts.EnhanceRootCommand(rootCmd); err != nil { + panic(err) +} +``` + +Where `autoCliOpts` is the autocli options of the app, containing all modules and codecs. +That value can injected by depinject ([see root\_v2.go](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-beta.0/simapp/simd/cmd/root_v2.go#L49-L67)) or manually provided by the app ([see legacy app.go](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-beta.0/simapp/app.go#L636-L655)). + + +Not doing this will result in all core SDK modules queries not to be included in the binary. + + +Additionally `AutoCLI` automatically adds the custom modules commands to the root command for all modules implementing the [`appmodule.AppModule`](https://pkg.go.dev/cosmossdk.io/core/appmodule#AppModule) interface. +This means, after ensuring all the used modules implement this interface, the following can be removed from your `root.go`: + +```diff +func txCommand() *cobra.Command { + .... +- appd.ModuleBasics.AddTxCommands(cmd) +} +``` + +```diff +func queryCommand() *cobra.Command { + .... +- appd.ModuleBasics.AddQueryCommands(cmd) +} +``` + +### Packages + +#### Math + +References to `types/math.go` which contained aliases for math types aliasing the `cosmossdk.io/math` package have been removed. +Import directly the `cosmossdk.io/math` package instead. + +#### Store + +References to `types/store.go` which contained aliases for store types have been remapped to point to appropriate `store/types`, hence the `types/store.go` file is no longer needed and has been removed. + +##### Extract Store to a standalone module + +The `store` module is extracted to have a separate go.mod file which allows it be a standalone module. +All the store imports are now renamed to use `cosmossdk.io/store` instead of `github.com/cosmos/cosmos-sdk/store` across the SDK. + +##### Streaming + +[ADR-38](https://docs.cosmos.network/main/architecture/adr-038-state-listening) has been implemented in the SDK. + +To continue using state streaming, replace `streaming.LoadStreamingServices` by the following in your `app.go`: + +```go +if err := app.RegisterStreamingServices(appOpts, app.kvStoreKeys()); err != nil { + panic(err) +} +``` + +#### Client + +The return type of the interface method `TxConfig.SignModeHandler()` has been changed from `x/auth/signing.SignModeHandler` to `x/tx/signing.HandlerMap`. This change is transparent to most users as the `TxConfig` interface is typically implemented by private `x/auth/tx.config` struct (as returned by `auth.NewTxConfig`) which has been updated to return the new type. If users have implemented their own `TxConfig` interface, they will need to update their implementation to return the new type. + +##### Textual sign mode + +A new sign mode is available in the SDK that produces more human readable output, currently only available on Ledger +devices but soon to be implemented in other UIs. + + +This sign mode does not allow offline signing + + +When using (legacy) application wiring, the following must be added to `app.go` after setting the app's bank keeper: + +```go expandable +enabledSignModes := append(tx.DefaultSignModes, sigtypes.SignMode_SIGN_MODE_TEXTUAL) + txConfigOpts := tx.ConfigOptions{ + EnabledSignModes: enabledSignModes, + TextualCoinMetadataQueryFn: txmodule.NewBankKeeperCoinMetadataQueryFn(app.BankKeeper), +} + +txConfig, err := tx.NewTxConfigWithOptions( + appCodec, + txConfigOpts, + ) + if err != nil { + log.Fatalf("Failed to create new TxConfig with options: %v", err) +} + +app.txConfig = txConfig +``` + +When using `depinject` / `app di`, **it's enabled by default** if there's a bank keeper present. + +And in the application client (usually `root.go`): + +```go expandable +if !clientCtx.Offline { + txConfigOpts.EnabledSignModes = append(txConfigOpts.EnabledSignModes, signing.SignMode_SIGN_MODE_TEXTUAL) + +txConfigOpts.TextualCoinMetadataQueryFn = txmodule.NewGRPCCoinMetadataQueryFn(clientCtx) + +txConfigWithTextual, err := tx.NewTxConfigWithOptions( + codec.NewProtoCodec(clientCtx.InterfaceRegistry), + txConfigOpts, + ) + if err != nil { + return err +} + +clientCtx = clientCtx.WithTxConfig(txConfigWithTextual) +} +``` + +When using `depinject` / `app di`, the a tx config should be recreated from the `txConfigOpts` to use `NewGRPCCoinMetadataQueryFn` instead of depending on the bank keeper (that is used in the server). + +To learn more see the [docs](https://docs.cosmos.network/main/learn/advanced/transactions#sign_mode_textual) and the [ADR-050](https://docs.cosmos.network/main/build/architecture/adr-050-sign-mode-textual). + +### Modules + +#### `**all**` + +* [RFC 001](https://docs.cosmos.network/main/rfc/rfc-001-tx-validation) has defined a simplification of the message validation process for modules. + The `sdk.Msg` interface has been updated to not require the implementation of the `ValidateBasic` method. + It is now recommended to validate message directly in the message server. When the validation is performed in the message server, the `ValidateBasic` method on a message is no longer required and can be removed. + +* Messages no longer need to implement the `LegacyMsg` interface and implementations of `GetSignBytes` can be deleted. Because of this change, global legacy Amino codec definitions and their registration in `init()` can safely be removed as well. + +* The `AppModuleBasic` interface has been simplified. Defining `GetTxCmd() *cobra.Command` and `GetQueryCmd() *cobra.Command` is no longer required. The module manager detects when module commands are defined. If AutoCLI is enabled, `EnhanceRootCommand()` will add the auto-generated commands to the root command, unless a custom module command is defined and register that one instead. + +* The following modules' `Keeper` methods now take in a `context.Context` instead of `sdk.Context`. Any module that has an interfaces for them (like "expected keepers") will need to update and re-generate mocks if needed: + + * `x/authz` + * `x/bank` + * `x/mint` + * `x/crisis` + * `x/distribution` + * `x/evidence` + * `x/gov` + * `x/slashing` + * `x/upgrade` + +* `BeginBlock` and `EndBlock` have changed their signature, so it is important that any module implementing them are updated accordingly. + +```diff +- BeginBlock(sdk.Context, abci.RequestBeginBlock) ++ BeginBlock(context.Context) error +``` + +```diff +- EndBlock(sdk.Context, abci.RequestEndBlock) []abci.ValidatorUpdate ++ EndBlock(context.Context) error +``` + +In case a module requires to return `abci.ValidatorUpdate` from `EndBlock`, it can use the `HasABCIEndBlock` interface instead. + +```diff +- EndBlock(sdk.Context, abci.RequestEndBlock) []abci.ValidatorUpdate ++ EndBlock(context.Context) ([]abci.ValidatorUpdate, error) +``` + + +It is possible to ensure that a module implements the correct interfaces by using compiler assertions in your `x/{moduleName}/module.go`: + +```go +var ( + _ module.AppModuleBasic = (*AppModule)(nil) + _ module.AppModuleSimulation = (*AppModule)(nil) + _ module.HasGenesis = (*AppModule)(nil) + + _ appmodule.AppModule = (*AppModule)(nil) + _ appmodule.HasBeginBlocker = (*AppModule)(nil) + _ appmodule.HasEndBlocker = (*AppModule)(nil) + ... +) +``` + +Read more on those interfaces [here](https://docs.cosmos.network/v0.50/building-modules/module-manager#application-module-interfaces). + + + +* `GetSigners()` is no longer required to be implemented on `Msg` types. The SDK will automatically infer the signers from the `Signer` field on the message. The signer field is required on all messages unless using a custom signer function. + +To find out more please read the [signer field](/docs/sdk/vnext/build/building-modules/protobuf-annotations#signer) & [here](https://github.com/cosmos/cosmos-sdk/blob/7352d0bce8e72121e824297df453eb1059c28da8/docs/docs/build/building-modules/02-messages-and-queries.md#L40) documentation. +{/* Link to docs once redeployed */} + +#### `x/auth` + +For ante handler construction via `ante.NewAnteHandler`, the field `ante.HandlerOptions.SignModeHandler` has been updated to `x/tx/signing/HandlerMap` from `x/auth/signing/SignModeHandler`. Callers typically fetch this value from `client.TxConfig.SignModeHandler()` (which is also changed) so this change should be transparent to most users. + +#### `x/capability` + +The capability module has been moved to [cosmos/ibc-go](https://github.com/cosmos/ibc-go). IBC v8 will contain the necessary changes to incorporate the new module location. In your `app.go`, you must import the capability module from the new location: + +```diff ++ "github.com/cosmos/ibc-go/modules/capability" ++ capabilitykeeper "github.com/cosmos/ibc-go/modules/capability/keeper" ++ capabilitytypes "github.com/cosmos/ibc-go/modules/capability/types" +- "github.com/cosmos/cosmos-sdk/x/capability/types" +- capabilitykeeper "github.com/cosmos/cosmos-sdk/x/capability/keeper" +- capabilitytypes "github.com/cosmos/cosmos-sdk/x/capability/types" +``` + +Similar to previous versions, your module manager must include the capability module. + +```go +app.ModuleManager = module.NewManager( + capability.NewAppModule(encodingConfig.Codec, *app.CapabilityKeeper, true), + // remaining modules +) +``` + +#### `x/genutil` + +The Cosmos SDK has migrated from a CometBFT genesis to a application managed genesis file. +The genesis is now fully handled by `x/genutil`. This has no consequences for running chains: + +* Importing a CometBFT genesis is still supported. +* Exporting a genesis now exports the genesis as an application genesis. + +When needing to read an application genesis, use the following helpers from the `x/genutil/types` package: + +```go +// AppGenesisFromReader reads the AppGenesis from the reader. +func AppGenesisFromReader(reader io.Reader) (*AppGenesis, error) + +// AppGenesisFromFile reads the AppGenesis from the provided file. +func AppGenesisFromFile(genFile string) (*AppGenesis, error) +``` + +#### `x/gov` + +##### Expedited Proposals + +The `gov` v1 module now supports expedited governance proposals. When a proposal is expedited, the voting period will be shortened to `ExpeditedVotingPeriod` parameter. An expedited proposal must have an higher voting threshold than a classic proposal, that threshold is defined with the `ExpeditedThreshold` parameter. + +##### Cancelling Proposals + +The `gov` module now supports cancelling governance proposals. When a proposal is canceled, all the deposits of the proposal are either burnt or sent to `ProposalCancelDest` address. The deposits burn rate will be determined by a new parameter called `ProposalCancelRatio` parameter. + +```text +1. deposits * proposal_cancel_ratio will be burned or sent to `ProposalCancelDest` address , if `ProposalCancelDest` is empty then deposits will be burned. +2. deposits * (1 - proposal_cancel_ratio) will be sent to depositors. +``` + +By default, the new `ProposalCancelRatio` parameter is set to `0.5` during migration and `ProposalCancelDest` is set to empty string (i.e. burnt). + +#### `x/evidence` + +##### Extract evidence to a standalone module + +The `x/evidence` module is extracted to have a separate go.mod file which allows it be a standalone module. +All the evidence imports are now renamed to use `cosmossdk.io/x/evidence` instead of `github.com/cosmos/cosmos-sdk/x/evidence` across the SDK. + +#### `x/nft` + +##### Extract nft to a standalone module + +The `x/nft` module is extracted to have a separate go.mod file which allows it to be a standalone module. +All the evidence imports are now renamed to use `cosmossdk.io/x/nft` instead of `github.com/cosmos/cosmos-sdk/x/nft` across the SDK. + +#### x/feegrant + +##### Extract feegrant to a standalone module + +The `x/feegrant` module is extracted to have a separate go.mod file which allows it to be a standalone module. +All the feegrant imports are now renamed to use `cosmossdk.io/x/feegrant` instead of `github.com/cosmos/cosmos-sdk/x/feegrant` across the SDK. + +#### `x/upgrade` + +##### Extract upgrade to a standalone module + +The `x/upgrade` module is extracted to have a separate go.mod file which allows it to be a standalone module. +All the upgrade imports are now renamed to use `cosmossdk.io/x/upgrade` instead of `github.com/cosmos/cosmos-sdk/x/upgrade` across the SDK. + +### Tooling + +#### Rosetta + +Rosetta has moved to it's own [repo](https://github.com/cosmos/rosetta) and not imported by the Cosmos SDK SimApp by default. +Any user who is interested on using the tool can connect it standalone to any node without the need to add it as part of the node binary. + +The rosetta tool also allows multi chain connections. diff --git a/docs/sdk/next/build/modules/README.mdx b/docs/sdk/next/build/modules/README.mdx new file mode 100644 index 00000000..e572154e --- /dev/null +++ b/docs/sdk/next/build/modules/README.mdx @@ -0,0 +1,63 @@ +--- +title: List of Modules +description: >- + Here are some production-grade modules that can be used in Cosmos SDK + applications, along with their respective documentation: +--- +Here are some production-grade modules that can be used in Cosmos SDK applications, along with their respective documentation: + +## Essential Modules + +Essential modules include functionality that *must* be included in your Cosmos SDK blockchain. +These modules provide the core behaviors that are needed for users and operators such as balance tracking, +proof-of-stake capabilities and governance. + +* [Auth](/docs/sdk/vnext/build/modules/auth/README) - Authentication of accounts and transactions for Cosmos SDK applications. +* [Bank](/docs/sdk/vnext/build/modules/bank/README) - Token transfer functionalities. +* [Circuit](/docs/sdk/vnext/build/modules/circuit/README) - Circuit breaker module for pausing messages. +* [Consensus](/docs/sdk/vnext/build/modules/consensus/README) - Consensus module for modifying CometBFT's ABCI consensus params. +* [Distribution](/docs/sdk/vnext/build/modules/distribution/README) - Fee distribution, and staking token provision distribution. +* [Evidence](/docs/sdk/vnext/build/modules/evidence/README) - Evidence handling for double signing, misbehaviour, etc. +* [Governance](/docs/sdk/vnext/build/modules/gov/README) - On-chain proposals and voting. +* [Genutil](/docs/sdk/vnext/build/modules/genutil/README) - Genesis utilities for the Cosmos SDK. +* [Mint](/docs/sdk/vnext/build/modules/mint/README) - Creation of new units of staking token. +* [Slashing](/docs/sdk/vnext/build/modules/slashing/README) - Validator punishment mechanisms. +* [Staking](/docs/sdk/vnext/build/modules/staking/README) - Proof-of-Stake layer for public blockchains. +* [Upgrade](/docs/sdk/vnext/build/modules/upgrade/README) - Software upgrades handling and coordination. + +## Supplementary Modules + +Supplementary modules are modules that are maintained in the Cosmos SDK but are not necessary for +the core functionality of your blockchain. They can be thought of as ways to extend the +capabilities of your blockchain or further specialize it. + +* [Authz](/docs/sdk/vnext/build/modules/authz/README) - Authorization for accounts to perform actions on behalf of other accounts. +* [Epochs](/docs/sdk/vnext/build/modules/epochs/README) - Registration so SDK modules can have logic to be executed at the timed tickers. +* [Feegrant](/docs/sdk/vnext/build/modules/feegrant/README) - Grant fee allowances for executing transactions. +* [ProtocolPool](/docs/sdk/vnext/build/modules/protocolpool/README) - Extended management of community pool functionality. + +## Deprecated Modules + +The following modules are deprecated. They will no longer be maintained and eventually will be removed +in an upcoming release of the Cosmos SDK per our [release process](https://github.com/cosmos/cosmos-sdk/blob/main/RELEASE_PROCESS.md). + +* [Crisis](/docs/sdk/vnext/build/modules/crisis/README) - *Deprecated* halting the blockchain under certain circumstances (e.g. if an invariant is broken). +* [Params](/docs/sdk/vnext/build/modules/params/README) - *Deprecated* Globally available parameter store. +* [NFT](/docs/sdk/vnext/build/modules/nft/README) - *Deprecated* NFT module implemented based on [ADR43](https://docs.cosmos.network/main/build/architecture/adr-043-nft-module). This module will be moved to the `cosmos-sdk-legacy` repo for use. +* [Group](/docs/sdk/vnext/build/modules/group/README) - *Deprecated* Allows for the creation and management of on-chain multisig accounts. This module will be moved to the `cosmos-sdk-legacy` repo for legacy use. + +To learn more about the process of building modules, visit the [building modules reference documentation](https://docs.cosmos.network/main/building-modules/intro). + +## IBC + +The IBC module for the SDK is maintained by the IBC Go team in its [own repository](https://github.com/cosmos/ibc-go). + +Additionally, the [capability module](https://github.com/cosmos/ibc-go/tree/fdd664698d79864f1e00e147f9879e58497b5ef1/modules/capability) is from v0.50+ maintained by the IBC Go team in its [own repository](https://github.com/cosmos/ibc-go/tree/fdd664698d79864f1e00e147f9879e58497b5ef1/modules/capability). + +## CosmWasm + +The CosmWasm module enables smart contracts, learn more by going to their [documentation site](https://book.cosmwasm.com/), or visit [the repository](https://github.com/CosmWasm/cosmwasm). + +## EVM + +Read more about writing smart contracts with solidity at the official [`evm` documentation page](https://evm.cosmos.network/). diff --git a/docs/sdk/next/build/modules/auth/README.mdx b/docs/sdk/next/build/modules/auth/README.mdx new file mode 100644 index 00000000..2ed49cc3 --- /dev/null +++ b/docs/sdk/next/build/modules/auth/README.mdx @@ -0,0 +1,737 @@ +--- +title: '`x/auth`' +description: This document specifies the auth module of the Cosmos SDK. +--- +## Abstract + +This document specifies the auth module of the Cosmos SDK. + +The auth module is responsible for specifying the base transaction and account types +for an application, since the SDK itself is agnostic to these particulars. It contains +the middlewares, where all basic transaction validity checks (signatures, nonces, auxiliary fields) +are performed, and exposes the account keeper, which allows other modules to read, write, and modify accounts. + +This module is used in the Cosmos Hub. + +## Contents + +* [Concepts](#concepts) + * [Gas & Fees](#gas--fees) +* [State](#state) + * [Accounts](#accounts) +* [AnteHandlers](#antehandlers) +* [Keepers](#keepers) + * [Account Keeper](#account-keeper) +* [Parameters](#parameters) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) + +## Concepts + +**Note:** The auth module is different from the [authz module](/docs/sdk/vnext/build/modules/authz/). + +The differences are: + +* `auth` - authentication of accounts and transactions for Cosmos SDK applications and is responsible for specifying the base transaction and account types. +* `authz` - authorization for accounts to perform actions on behalf of other accounts and enables a granter to grant authorizations to a grantee that allows the grantee to execute messages on behalf of the granter. + +### Gas & Fees + +Fees serve two purposes for an operator of the network. + +Fees limit the growth of the state stored by every full node and allow for +general purpose censorship of transactions of little economic value. Fees +are best suited as an anti-spam mechanism where validators are disinterested in +the use of the network and identities of users. + +Fees are determined by the gas limits and gas prices transactions provide, where +`fees = ceil(gasLimit * gasPrices)`. Txs incur gas costs for all state reads/writes, +signature verification, as well as costs proportional to the tx size. Operators +should set minimum gas prices when starting their nodes. They must set the unit +costs of gas in each token denomination they wish to support: + +`simd start ... --minimum-gas-prices=0.00001stake;0.05photinos` + +When adding transactions to mempool or gossipping transactions, validators check +if the transaction's gas prices, which are determined by the provided fees, meet +any of the validator's minimum gas prices. In other words, a transaction must +provide a fee of at least one denomination that matches a validator's minimum +gas price. + +CometBFT does not currently provide fee based mempool prioritization, and fee +based mempool filtering is local to node and not part of consensus. But with +minimum gas prices set, such a mechanism could be implemented by node operators. + +Because the market value for tokens will fluctuate, validators are expected to +dynamically adjust their minimum gas prices to a level that would encourage the +use of the network. + +## State + +### Accounts + +Accounts contain authentication information for a uniquely identified external user of an SDK blockchain, +including public key, address, and account number / sequence number for replay protection. For efficiency, +since account balances must also be fetched to pay fees, account structs also store the balance of a user +as `sdk.Coins`. + +Accounts are exposed externally as an interface, and stored internally as +either a base account or vesting account. Module clients wishing to add more +account types may do so. + +* `0x01 | Address -> ProtocolBuffer(account)` + +#### Account Interface + +The account interface exposes methods to read and write standard account information. +Note that all of these methods operate on an account struct conforming to the +interface - in order to write the account to the store, the account keeper will +need to be used. + +```go expandable +// AccountI is an interface used to store coins at a given address within state. +// It presumes a notion of sequence numbers for replay protection, +// a notion of account numbers for replay protection for previously pruned accounts, +// and a pubkey for authentication purposes. +// +// Many complex conditions can be used in the concrete struct which implements AccountI. +type AccountI interface { + proto.Message + + GetAddress() + +sdk.AccAddress + SetAddress(sdk.AccAddress) + +error // errors if already set. + + GetPubKey() + +crypto.PubKey // can return nil. + SetPubKey(crypto.PubKey) + +error + + GetAccountNumber() + +uint64 + SetAccountNumber(uint64) + +error + + GetSequence() + +uint64 + SetSequence(uint64) + +error + + // Ensure that account implements stringer + String() + +string +} +``` + +##### Base Account + +A base account is the simplest and most common account type, which just stores all requisite +fields directly in a struct. + +```protobuf +// BaseAccount defines a base account type. It contains all the necessary fields +// for basic account functionality. Any custom account type should extend this +// type for additional functionality (e.g. vesting). +message BaseAccount { + string address = 1; + google.protobuf.Any pub_key = 2; + uint64 account_number = 3; + uint64 sequence = 4; +} +``` + +### Vesting Account + +See [Vesting](https://docs.cosmos.network/main/modules/auth/vesting/). + +## AnteHandlers + +The `x/auth` module presently has no transaction handlers of its own, but does expose the special `AnteHandler`, used for performing basic validity checks on a transaction, such that it could be thrown out of the mempool. +The `AnteHandler` can be seen as a set of decorators that check transactions within the current context, per [ADR 010](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-010-modular-antehandler.md). + +Note that the `AnteHandler` is called on both `CheckTx` and `DeliverTx`, as CometBFT proposers presently have the ability to include in their proposed block transactions which fail `CheckTx`. + +### Decorators + +The auth module provides `AnteDecorator`s that are recursively chained together into a single `AnteHandler` in the following order: + +* `SetUpContextDecorator`: Sets the `GasMeter` in the `Context` and wraps the next `AnteHandler` with a defer clause to recover from any downstream `OutOfGas` panics in the `AnteHandler` chain to return an error with information on gas provided and gas used. + +* `RejectExtensionOptionsDecorator`: Rejects all extension options which can optionally be included in protobuf transactions. + +* `MempoolFeeDecorator`: Checks if the `tx` fee is above local mempool `minFee` parameter during `CheckTx`. + +* `ValidateBasicDecorator`: Calls `tx.ValidateBasic` and returns any non-nil error. + +* `TxTimeoutHeightDecorator`: Check for a `tx` height timeout. + +* `ValidateMemoDecorator`: Validates `tx` memo with application parameters and returns any non-nil error. + +* `ConsumeGasTxSizeDecorator`: Consumes gas proportional to the `tx` size based on application parameters. + +* `DeductFeeDecorator`: Deducts the `FeeAmount` from first signer of the `tx`. If the `x/feegrant` module is enabled and a fee granter is set, it deducts fees from the fee granter account. + +* `SetPubKeyDecorator`: Sets the pubkey from a `tx`'s signers that does not already have its corresponding pubkey saved in the state machine and in the current context. + +* `ValidateSigCountDecorator`: Validates the number of signatures in `tx` based on app-parameters. + +* `SigGasConsumeDecorator`: Consumes parameter-defined amount of gas for each signature. This requires pubkeys to be set in context for all signers as part of `SetPubKeyDecorator`. + +* `SigVerificationDecorator`: Verifies all signatures are valid. This requires pubkeys to be set in context for all signers as part of `SetPubKeyDecorator`. + +* `IncrementSequenceDecorator`: Increments the account sequence for each signer to prevent replay attacks. + +## Keepers + +The auth module only exposes one keeper, the account keeper, which can be used to read and write accounts. + +### Account Keeper + +Presently only one fully-permissioned account keeper is exposed, which has the ability to both read and write +all fields of all accounts, and to iterate over all stored accounts. + +```go expandable +// AccountKeeperI is the interface contract that x/auth's keeper implements. +type AccountKeeperI interface { + // Return a new account with the next account number and the specified address. Does not save the new account to the store. + NewAccountWithAddress(sdk.Context, sdk.AccAddress) + +types.AccountI + + // Return a new account with the next account number. Does not save the new account to the store. + NewAccount(sdk.Context, types.AccountI) + +types.AccountI + + // Check if an account exists in the store. + HasAccount(sdk.Context, sdk.AccAddress) + +bool + + // Retrieve an account from the store. + GetAccount(sdk.Context, sdk.AccAddress) + +types.AccountI + + // Set an account in the store. + SetAccount(sdk.Context, types.AccountI) + + // Remove an account from the store. + RemoveAccount(sdk.Context, types.AccountI) + + // Iterate over all accounts, calling the provided function. Stop iteration when it returns true. + IterateAccounts(sdk.Context, func(types.AccountI) + +bool) + + // Fetch the public key of an account at a specified address + GetPubKey(sdk.Context, sdk.AccAddress) (crypto.PubKey, error) + + // Fetch the sequence of an account at a specified address. + GetSequence(sdk.Context, sdk.AccAddress) (uint64, error) + + // Fetch the next account number, and increment the internal counter. + NextAccountNumber(sdk.Context) + +uint64 +} +``` + +## Parameters + +The auth module contains the following parameters: + +| Key | Type | Example | +| ---------------------- | ------ | ------- | +| MaxMemoCharacters | uint64 | 256 | +| TxSigLimit | uint64 | 7 | +| TxSizeCostPerByte | uint64 | 10 | +| SigVerifyCostED25519 | uint64 | 590 | +| SigVerifyCostSecp256k1 | uint64 | 1000 | + +## Client + +### CLI + +A user can query and interact with the `auth` module using the CLI. + +### Query + +The `query` commands allow users to query `auth` state. + +```bash +simd query auth --help +``` + +#### account + +The `account` command allow users to query for an account by it's address. + +```bash +simd query auth account [address] [flags] +``` + +Example: + +```bash +simd query auth account cosmos1... +``` + +Example Output: + +```bash +'@type': /cosmos.auth.v1beta1.BaseAccount +account_number: "0" +address: cosmos1zwg6tpl8aw4rawv8sgag9086lpw5hv33u5ctr2 +pub_key: + '@type': /cosmos.crypto.secp256k1.PubKey + key: ApDrE38zZdd7wLmFS9YmqO684y5DG6fjZ4rVeihF/AQD +sequence: "1" +``` + +#### accounts + +The `accounts` command allow users to query all the available accounts. + +```bash +simd query auth accounts [flags] +``` + +Example: + +```bash +simd query auth accounts +``` + +Example Output: + +```bash expandable +accounts: +- '@type': /cosmos.auth.v1beta1.BaseAccount + account_number: "0" + address: cosmos1zwg6tpl8aw4rawv8sgag9086lpw5hv33u5ctr2 + pub_key: + '@type': /cosmos.crypto.secp256k1.PubKey + key: ApDrE38zZdd7wLmFS9YmqO684y5DG6fjZ4rVeihF/AQD + sequence: "1" +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "8" + address: cosmos1yl6hdjhmkf37639730gffanpzndzdpmhwlkfhr + pub_key: null + sequence: "0" + name: transfer + permissions: + - minter + - burner +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "4" + address: cosmos1fl48vsnmsdzcv85q5d2q4z5ajdha8yu34mf0eh + pub_key: null + sequence: "0" + name: bonded_tokens_pool + permissions: + - burner + - staking +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "5" + address: cosmos1tygms3xhhs3yv487phx3dw4a95jn7t7lpm470r + pub_key: null + sequence: "0" + name: not_bonded_tokens_pool + permissions: + - burner + - staking +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "6" + address: cosmos10d07y265gmmuvt4z0w9aw880jnsr700j6zn9kn + pub_key: null + sequence: "0" + name: gov + permissions: + - burner +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "3" + address: cosmos1jv65s3grqf6v6jl3dp4t6c9t9rk99cd88lyufl + pub_key: null + sequence: "0" + name: distribution + permissions: [] +- '@type': /cosmos.auth.v1beta1.BaseAccount + account_number: "1" + address: cosmos147k3r7v2tvwqhcmaxcfql7j8rmkrlsemxshd3j + pub_key: null + sequence: "0" +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "7" + address: cosmos1m3h30wlvsf8llruxtpukdvsy0km2kum8g38c8q + pub_key: null + sequence: "0" + name: mint + permissions: + - minter +- '@type': /cosmos.auth.v1beta1.ModuleAccount + base_account: + account_number: "2" + address: cosmos17xpfvakm2amg962yls6f84z3kell8c5lserqta + pub_key: null + sequence: "0" + name: fee_collector + permissions: [] +pagination: + next_key: null + total: "0" +``` + +#### params + +The `params` command allow users to query the current auth parameters. + +```bash +simd query auth params [flags] +``` + +Example: + +```bash +simd query auth params +``` + +Example Output: + +```bash +max_memo_characters: "256" +sig_verify_cost_ed25519: "590" +sig_verify_cost_secp256k1: "1000" +tx_sig_limit: "7" +tx_size_cost_per_byte: "10" +``` + +### Transactions + +The `auth` module supports transactions commands to help you with signing and more. Compared to other modules you can access directly the `auth` module transactions commands using the only `tx` command. + +Use directly the `--help` flag to get more information about the `tx` command. + +```bash +simd tx --help +``` + +#### `sign` + +The `sign` command allows users to sign transactions that was generated offline. + +```bash +simd tx sign tx.json --from $ALICE > tx.signed.json +``` + +The result is a signed transaction that can be broadcasted to the network thanks to the broadcast command. + +More information about the `sign` command can be found running `simd tx sign --help`. + +#### `sign-batch` + +The `sign-batch` command allows users to sign multiples offline generated transactions. +The transactions can be in one file, with one tx per line, or in multiple files. + +```bash +simd tx sign txs.json --from $ALICE > tx.signed.json +``` + +or + +```bash +simd tx sign tx1.json tx2.json tx3.json --from $ALICE > tx.signed.json +``` + +The result is multiples signed transactions. For combining the signed transactions into one transactions, use the `--append` flag. + +More information about the `sign-batch` command can be found running `simd tx sign-batch --help`. + +#### `multi-sign` + +The `multi-sign` command allows users to sign transactions that was generated offline by a multisig account. + +```bash +simd tx multisign transaction.json k1k2k3 k1sig.json k2sig.json k3sig.json +``` + +Where `k1k2k3` is the multisig account address, `k1sig.json` is the signature of the first signer, `k2sig.json` is the signature of the second signer, and `k3sig.json` is the signature of the third signer. + +##### Nested multisig transactions + +To allow transactions to be signed by nested multisigs, meaning that a participant of a multisig account can be another multisig account, the `--skip-signature-verification` flag must be used. + +```bash +# First aggregate signatures of the multisig participant +simd tx multi-sign transaction.json ms1 ms1p1sig.json ms1p2sig.json --signature-only --skip-signature-verification > ms1sig.json + +# Then use the aggregated signatures and the other signatures to sign the final transaction +simd tx multi-sign transaction.json k1ms1 k1sig.json ms1sig.json --skip-signature-verification +``` + +Where `ms1` is the nested multisig account address, `ms1p1sig.json` is the signature of the first participant of the nested multisig account, `ms1p2sig.json` is the signature of the second participant of the nested multisig account, and `ms1sig.json` is the aggregated signature of the nested multisig account. + +`k1ms1` is a multisig account comprised of an individual signer and another nested multisig account (`ms1`). `k1sig.json` is the signature of the first signer of the individual member. + +More information about the `multi-sign` command can be found running `simd tx multi-sign --help`. + +#### `multisign-batch` + +The `multisign-batch` works the same way as `sign-batch`, but for multisig accounts. +With the difference that the `multisign-batch` command requires all transactions to be in one file, and the `--append` flag does not exist. + +More information about the `multisign-batch` command can be found running `simd tx multisign-batch --help`. + +#### `validate-signatures` + +The `validate-signatures` command allows users to validate the signatures of a signed transaction. + +```bash +$ simd tx validate-signatures tx.signed.json +Signers: + 0: cosmos1l6vsqhh7rnwsyr2kyz3jjg3qduaz8gwgyl8275 + +Signatures: + 0: cosmos1l6vsqhh7rnwsyr2kyz3jjg3qduaz8gwgyl8275 [OK] +``` + +More information about the `validate-signatures` command can be found running `simd tx validate-signatures --help`. + +#### `broadcast` + +The `broadcast` command allows users to broadcast a signed transaction to the network. + +```bash +simd tx broadcast tx.signed.json +``` + +More information about the `broadcast` command can be found running `simd tx broadcast --help`. + +### gRPC + +A user can query the `auth` module using gRPC endpoints. + +#### Account + +The `account` endpoint allow users to query for an account by it's address. + +```bash +cosmos.auth.v1beta1.Query/Account +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"address":"cosmos1.."}' \ + localhost:9090 \ + cosmos.auth.v1beta1.Query/Account +``` + +Example Output: + +```bash expandable +{ + "account":{ + "@type":"/cosmos.auth.v1beta1.BaseAccount", + "address":"cosmos1zwg6tpl8aw4rawv8sgag9086lpw5hv33u5ctr2", + "pubKey":{ + "@type":"/cosmos.crypto.secp256k1.PubKey", + "key":"ApDrE38zZdd7wLmFS9YmqO684y5DG6fjZ4rVeihF/AQD" + }, + "sequence":"1" + } +} +``` + +#### Accounts + +The `accounts` endpoint allow users to query all the available accounts. + +```bash +cosmos.auth.v1beta1.Query/Accounts +``` + +Example: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + cosmos.auth.v1beta1.Query/Accounts +``` + +Example Output: + +```bash expandable +{ + "accounts":[ + { + "@type":"/cosmos.auth.v1beta1.BaseAccount", + "address":"cosmos1zwg6tpl8aw4rawv8sgag9086lpw5hv33u5ctr2", + "pubKey":{ + "@type":"/cosmos.crypto.secp256k1.PubKey", + "key":"ApDrE38zZdd7wLmFS9YmqO684y5DG6fjZ4rVeihF/AQD" + }, + "sequence":"1" + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos1yl6hdjhmkf37639730gffanpzndzdpmhwlkfhr", + "accountNumber":"8" + }, + "name":"transfer", + "permissions":[ + "minter", + "burner" + ] + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos1fl48vsnmsdzcv85q5d2q4z5ajdha8yu34mf0eh", + "accountNumber":"4" + }, + "name":"bonded_tokens_pool", + "permissions":[ + "burner", + "staking" + ] + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos1tygms3xhhs3yv487phx3dw4a95jn7t7lpm470r", + "accountNumber":"5" + }, + "name":"not_bonded_tokens_pool", + "permissions":[ + "burner", + "staking" + ] + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos10d07y265gmmuvt4z0w9aw880jnsr700j6zn9kn", + "accountNumber":"6" + }, + "name":"gov", + "permissions":[ + "burner" + ] + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos1jv65s3grqf6v6jl3dp4t6c9t9rk99cd88lyufl", + "accountNumber":"3" + }, + "name":"distribution" + }, + { + "@type":"/cosmos.auth.v1beta1.BaseAccount", + "accountNumber":"1", + "address":"cosmos147k3r7v2tvwqhcmaxcfql7j8rmkrlsemxshd3j" + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos1m3h30wlvsf8llruxtpukdvsy0km2kum8g38c8q", + "accountNumber":"7" + }, + "name":"mint", + "permissions":[ + "minter" + ] + }, + { + "@type":"/cosmos.auth.v1beta1.ModuleAccount", + "baseAccount":{ + "address":"cosmos17xpfvakm2amg962yls6f84z3kell8c5lserqta", + "accountNumber":"2" + }, + "name":"fee_collector" + } + ], + "pagination":{ + "total":"9" + } +} +``` + +#### Params + +The `params` endpoint allow users to query the current auth parameters. + +```bash +cosmos.auth.v1beta1.Query/Params +``` + +Example: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + cosmos.auth.v1beta1.Query/Params +``` + +Example Output: + +```bash +{ + "params": { + "maxMemoCharacters": "256", + "txSigLimit": "7", + "txSizeCostPerByte": "10", + "sigVerifyCostEd25519": "590", + "sigVerifyCostSecp256k1": "1000" + } +} +``` + +### REST + +A user can query the `auth` module using REST endpoints. + +#### Account + +The `account` endpoint allow users to query for an account by it's address. + +```bash +/cosmos/auth/v1beta1/account?address={address} +``` + +#### Accounts + +The `accounts` endpoint allow users to query all the available accounts. + +```bash +/cosmos/auth/v1beta1/accounts +``` + +#### Params + +The `params` endpoint allow users to query the current auth parameters. + +```bash +/cosmos/auth/v1beta1/params +``` diff --git a/docs/sdk/next/build/modules/auth/tx.mdx b/docs/sdk/next/build/modules/auth/tx.mdx new file mode 100644 index 00000000..a9ae48c1 --- /dev/null +++ b/docs/sdk/next/build/modules/auth/tx.mdx @@ -0,0 +1,271 @@ +--- +title: '`x/auth/tx`' +--- + +**Pre-requisite Readings** + +* [Transactions](https://docs.cosmos.network/main/core/transactions#transaction-generation) +* [Encoding](https://docs.cosmos.network/main/core/encoding#transaction-encoding) + + + +## Abstract + +This document specifies the `x/auth/tx` package of the Cosmos SDK. + +This package represents the Cosmos SDK implementation of the `client.TxConfig`, `client.TxBuilder`, `client.TxEncoder` and `client.TxDecoder` interfaces. + +## Contents + +* [Transactions](#transactions) + * [`TxConfig`](#txconfig) + * [`TxBuilder`](#txbuilder) + * [`TxEncoder`/ `TxDecoder`](#txencoder-txdecoder) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + +## Transactions + +### `TxConfig` + +`client.TxConfig` defines an interface a client can utilize to generate an application-defined concrete transaction type. +The interface defines a set of methods for creating a `client.TxBuilder`. + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/client/tx_config.go#L25-L31 +``` + +The default implementation of `client.TxConfig` is instantiated by `NewTxConfig` in `x/auth/tx` module. + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/x/auth/tx/config.go#L22-L28 +``` + +### `TxBuilder` + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/client/tx_config.go#L33-L50 +``` + +The [`client.TxBuilder`](https://docs.cosmos.network/main/core/transactions#transaction-generation) interface is as well implemented by `x/auth/tx`. +A `client.TxBuilder` can be accessed with `TxConfig.NewTxBuilder()`. + +### `TxEncoder`/ `TxDecoder` + +More information about `TxEncoder` and `TxDecoder` can be found [here](https://docs.cosmos.network/main/core/encoding#transaction-encoding). + +## Client + +### CLI + +#### Query + +The `x/auth/tx` module provides a CLI command to query any transaction, given its hash, transaction sequence or signature. + +Without any argument, the command will query the transaction using the transaction hash. + +```shell +simd query tx DFE87B78A630C0EFDF76C80CD24C997E252792E0317502AE1A02B9809F0D8685 +``` + +When querying a transaction from an account given its sequence, use the `--type=acc_seq` flag: + +```shell +simd query tx --type=acc_seq cosmos1u69uyr6v9qwe6zaaeaqly2h6wnedac0xpxq325/1 +``` + +When querying a transaction given its signature, use the `--type=signature` flag: + +```shell +simd query tx --type=signature Ofjvgrqi8twZfqVDmYIhqwRLQjZZ40XbxEamk/veH3gQpRF0hL2PH4ejRaDzAX+2WChnaWNQJQ41ekToIi5Wqw== +``` + +When querying a transaction given its events, use the `--type=events` flag: + +```shell +simd query txs --events 'message.sender=cosmos...' --page 1 --limit 30 +``` + +The `x/auth/block` module provides a CLI command to query any block, given its hash, height, or events. + +When querying a block by its hash, use the `--type=hash` flag: + +```shell +simd query block --type=hash DFE87B78A630C0EFDF76C80CD24C997E252792E0317502AE1A02B9809F0D8685 +``` + +When querying a block by its height, use the `--type=height` flag: + +```shell +simd query block --type=height 1357 +``` + +When querying a block by its events, use the `--query` flag: + +```shell +simd query blocks --query 'message.sender=cosmos...' --page 1 --limit 30 +``` + +#### Transactions + +The `x/auth/tx` module provides a convenient CLI command for decoding and encoding transactions. + +#### `encode` + +The `encode` command encodes a transaction created with the `--generate-only` flag or signed with the sign command. +The transaction is serialized it to Protobuf and returned as base64. + +```bash +$ simd tx encode tx.json +Co8BCowBChwvY29zbW9zLmJhbmsudjFiZXRhMS5Nc2dTZW5kEmwKLWNvc21vczFsNnZzcWhoN3Jud3N5cjJreXozampnM3FkdWF6OGd3Z3lsODI3NRItY29zbW9zMTU4c2FsZHlnOHBteHU3Znd2dDBkNng3amVzd3A0Z3d5a2xrNnkzGgwKBXN0YWtlEgMxMDASBhIEEMCaDA== +$ simd tx encode tx.signed.json +``` + +More information about the `encode` command can be found running `simd tx encode --help`. + +#### `decode` + +The `decode` commands decodes a transaction encoded with the `encode` command. + +```bash +simd tx decode Co8BCowBChwvY29zbW9zLmJhbmsudjFiZXRhMS5Nc2dTZW5kEmwKLWNvc21vczFsNnZzcWhoN3Jud3N5cjJreXozampnM3FkdWF6OGd3Z3lsODI3NRItY29zbW9zMTU4c2FsZHlnOHBteHU3Znd2dDBkNng3amVzd3A0Z3d5a2xrNnkzGgwKBXN0YWtlEgMxMDASBhIEEMCaDA== +``` + +More information about the `decode` command can be found running `simd tx decode --help`. + +### gRPC + +A user can query the `x/auth/tx` module using gRPC endpoints. + +#### `TxDecode` + +The `TxDecode` endpoint allows to decode a transaction. + +```shell +cosmos.tx.v1beta1.Service/TxDecode +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"tx_bytes":"Co8BCowBChwvY29zbW9zLmJhbmsudjFiZXRhMS5Nc2dTZW5kEmwKLWNvc21vczFsNnZzcWhoN3Jud3N5cjJreXozampnM3FkdWF6OGd3Z3lsODI3NRItY29zbW9zMTU4c2FsZHlnOHBteHU3Znd2dDBkNng3amVzd3A0Z3d5a2xrNnkzGgwKBXN0YWtlEgMxMDASBhIEEMCaDA=="}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/TxDecode +``` + +Example Output: + +```json expandable +{ + "tx": { + "body": { + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "amount": [ + { + "denom": "stake", + "amount": "100" + } + ], + "fromAddress": "cosmos1l6vsqhh7rnwsyr2kyz3jjg3qduaz8gwgyl8275", + "toAddress": "cosmos158saldyg8pmxu7fwvt0d6x7jeswp4gwyklk6y3" + } + ] + }, + "authInfo": { + "fee": { + "gasLimit": "200000" + } + } + } +} +``` + +#### `TxEncode` + +The `TxEncode` endpoint allows to encode a transaction. + +```shell +cosmos.tx.v1beta1.Service/TxEncode +``` + +Example: + +```shell expandable +grpcurl -plaintext \ + -d '{"tx": { + "body": { + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"100"}],"fromAddress":"cosmos1l6vsqhh7rnwsyr2kyz3jjg3qduaz8gwgyl8275","toAddress":"cosmos158saldyg8pmxu7fwvt0d6x7jeswp4gwyklk6y3"} + ] + }, + "authInfo": { + "fee": { + "gasLimit": "200000" + } + } + }}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/TxEncode +``` + +Example Output: + +```json +{ + "txBytes": "Co8BCowBChwvY29zbW9zLmJhbmsudjFiZXRhMS5Nc2dTZW5kEmwKLWNvc21vczFsNnZzcWhoN3Jud3N5cjJreXozampnM3FkdWF6OGd3Z3lsODI3NRItY29zbW9zMTU4c2FsZHlnOHBteHU3Znd2dDBkNng3amVzd3A0Z3d5a2xrNnkzGgwKBXN0YWtlEgMxMDASBhIEEMCaDA==" +} +``` + +#### `TxDecodeAmino` + +The `TxDecode` endpoint allows to decode an amino transaction. + +```shell +cosmos.tx.v1beta1.Service/TxDecodeAmino +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"amino_binary": "KCgWqQpvqKNhmgotY29zbW9zMXRzeno3cDJ6Z2Q3dnZrYWh5ZnJlNHduNXh5dTgwcnB0ZzZ2OWg1Ei1jb3Ntb3MxdHN6ejdwMnpnZDd2dmthaHlmcmU0d241eHl1ODBycHRnNnY5aDUaCwoFc3Rha2USAjEwEhEKCwoFc3Rha2USAjEwEMCaDCIGZm9vYmFy"}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/TxDecodeAmino +``` + +Example Output: + +```json +{ + "aminoJson": "{\"type\":\"cosmos-sdk/StdTx\",\"value\":{\"msg\":[{\"type\":\"cosmos-sdk/MsgSend\",\"value\":{\"from_address\":\"cosmos1tszz7p2zgd7vvkahyfre4wn5xyu80rptg6v9h5\",\"to_address\":\"cosmos1tszz7p2zgd7vvkahyfre4wn5xyu80rptg6v9h5\",\"amount\":[{\"denom\":\"stake\",\"amount\":\"10\"}]}}],\"fee\":{\"amount\":[{\"denom\":\"stake\",\"amount\":\"10\"}],\"gas\":\"200000\"},\"signatures\":null,\"memo\":\"foobar\",\"timeout_height\":\"0\"}}" +} +``` + +#### `TxEncodeAmino` + +The `TxEncodeAmino` endpoint allows to encode an amino transaction. + +```shell +cosmos.tx.v1beta1.Service/TxEncodeAmino +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"amino_json":"{\"type\":\"cosmos-sdk/StdTx\",\"value\":{\"msg\":[{\"type\":\"cosmos-sdk/MsgSend\",\"value\":{\"from_address\":\"cosmos1tszz7p2zgd7vvkahyfre4wn5xyu80rptg6v9h5\",\"to_address\":\"cosmos1tszz7p2zgd7vvkahyfre4wn5xyu80rptg6v9h5\",\"amount\":[{\"denom\":\"stake\",\"amount\":\"10\"}]}}],\"fee\":{\"amount\":[{\"denom\":\"stake\",\"amount\":\"10\"}],\"gas\":\"200000\"},\"signatures\":null,\"memo\":\"foobar\",\"timeout_height\":\"0\"}}"}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/TxEncodeAmino +``` + +Example Output: + +```json +{ + "amino_binary": "KCgWqQpvqKNhmgotY29zbW9zMXRzeno3cDJ6Z2Q3dnZrYWh5ZnJlNHduNXh5dTgwcnB0ZzZ2OWg1Ei1jb3Ntb3MxdHN6ejdwMnpnZDd2dmthaHlmcmU0d241eHl1ODBycHRnNnY5aDUaCwoFc3Rha2USAjEwEhEKCwoFc3Rha2USAjEwEMCaDCIGZm9vYmFy" +} +``` diff --git a/docs/sdk/next/build/modules/auth/vesting.mdx b/docs/sdk/next/build/modules/auth/vesting.mdx new file mode 100644 index 00000000..6fc65844 --- /dev/null +++ b/docs/sdk/next/build/modules/auth/vesting.mdx @@ -0,0 +1,678 @@ +--- +title: '`x/auth/vesting`' +--- +* [Intro and Requirements](#intro-and-requirements) +* [Note](#note) +* [Vesting Account Types](#vesting-account-types) + * [BaseVestingAccount](#basevestingaccount) + * [ContinuousVestingAccount](#continuousvestingaccount) + * [DelayedVestingAccount](#delayedvestingaccount) + * [Period](#period) + * [PeriodicVestingAccount](#periodicvestingaccount) + * [PermanentLockedAccount](#permanentlockedaccount) +* [Vesting Account Specification](#vesting-account-specification) + * [Determining Vesting & Vested Amounts](#determining-vesting--vested-amounts) + * [Periodic Vesting Accounts](#periodic-vesting-accounts) + * [Transferring/Sending](#transferringsending) + * [Delegating](#delegating) + * [Undelegating](#undelegating) +* [Keepers & Handlers](#keepers--handlers) +* [Genesis Initialization](#genesis-initialization) +* [Examples](#examples) + * [Simple](#simple) + * [Slashing](#slashing) + * [Periodic Vesting](#periodic-vesting) +* [Glossary](#glossary) + +## Intro and Requirements + +This specification defines the vesting account implementation that is used by the Cosmos Hub. The requirements for this vesting account is that it should be initialized during genesis with a starting balance `X` and a vesting end time `ET`. A vesting account may be initialized with a vesting start time `ST` and a number of vesting periods `P`. If a vesting start time is included, the vesting period does not begin until start time is reached. If vesting periods are included, the vesting occurs over the specified number of periods. + +For all vesting accounts, the owner of the vesting account is able to delegate and undelegate from validators, however they cannot transfer coins to another account until those coins are vested. This specification allows for four different kinds of vesting: + +* Delayed vesting, where all coins are vested once `ET` is reached. +* Continuous vesting, where coins begin to vest at `ST` and vest linearly with respect to time until `ET` is reached +* Periodic vesting, where coins begin to vest at `ST` and vest periodically according to number of periods and the vesting amount per period. The number of periods, length per period, and amount per period are configurable. A periodic vesting account is distinguished from a continuous vesting account in that coins can be released in staggered tranches. For example, a periodic vesting account could be used for vesting arrangements where coins are released quarterly, yearly, or over any other function of tokens over time. +* Permanent locked vesting, where coins are locked forever. Coins in this account can still be used for delegating and for governance votes even while locked. + +## Note + +Vesting accounts can be initialized with some vesting and non-vesting coins. The non-vesting coins would be immediately transferable. DelayedVesting ContinuousVesting, PeriodicVesting and PermanentVesting accounts can be created with normal messages after genesis. Other types of vesting accounts must be created at genesis, or as part of a manual network upgrade. The current specification only allows for *unconditional* vesting (ie. there is no possibility of reaching `ET` and +having coins fail to vest). + +## Vesting Account Types + +```go expandable +// VestingAccount defines an interface that any vesting account type must +// implement. +type VestingAccount interface { + Account + + GetVestedCoins(Time) + +Coins + GetVestingCoins(Time) + +Coins + + // TrackDelegation performs internal vesting accounting necessary when + // delegating from a vesting account. It accepts the current block time, the + // delegation amount and balance of all coins whose denomination exists in + // the account's original vesting balance. + TrackDelegation(Time, Coins, Coins) + + // TrackUndelegation performs internal vesting accounting necessary when a + // vesting account performs an undelegation. + TrackUndelegation(Coins) + +GetStartTime() + +int64 + GetEndTime() + +int64 +} +``` + +### BaseVestingAccount + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/vesting/v1beta1/vesting.proto#L11-L35 +``` + +### ContinuousVestingAccount + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/vesting/v1beta1/vesting.proto#L37-L46 +``` + +### DelayedVestingAccount + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/vesting/v1beta1/vesting.proto#L48-L57 +``` + +### Period + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/vesting/v1beta1/vesting.proto#L59-L69 +``` + +```go +// Stores all vesting periods passed as part of a PeriodicVestingAccount +type Periods []Period +``` + +### PeriodicVestingAccount + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/vesting/v1beta1/vesting.proto#L71-L81 +``` + +In order to facilitate less ad-hoc type checking and assertions and to support flexibility in account balance usage, the existing `x/bank` `ViewKeeper` interface is updated to contain the following: + +```go +type ViewKeeper interface { + // ... + + // Calculates the total locked account balance. + LockedCoins(ctx sdk.Context, addr sdk.AccAddress) + +sdk.Coins + + // Calculates the total spendable balance that can be sent to other accounts. + SpendableCoins(ctx sdk.Context, addr sdk.AccAddress) + +sdk.Coins +} +``` + +### PermanentLockedAccount + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/vesting/v1beta1/vesting.proto#L83-L94 +``` + +## Vesting Account Specification + +Given a vesting account, we define the following in the proceeding operations: + +* `OV`: The original vesting coin amount. It is a constant value. +* `V`: The number of `OV` coins that are still *vesting*. It is derived by + `OV`, `StartTime` and `EndTime`. This value is computed on demand and not on a per-block basis. +* `V'`: The number of `OV` coins that are *vested* (unlocked). This value is computed on demand and not a per-block basis. +* `DV`: The number of delegated *vesting* coins. It is a variable value. It is stored and modified directly in the vesting account. +* `DF`: The number of delegated *vested* (unlocked) coins. It is a variable value. It is stored and modified directly in the vesting account. +* `BC`: The number of `OV` coins less any coins that are transferred + (which can be negative or delegated). It is considered to be balance of the embedded base account. It is stored and modified directly in the vesting account. + +### Determining Vesting & Vested Amounts + +It is important to note that these values are computed on demand and not on a mandatory per-block basis (e.g. `BeginBlocker` or `EndBlocker`). + +#### Continuously Vesting Accounts + +To determine the amount of coins that are vested for a given block time `T`, the +following is performed: + +1. Compute `X := T - StartTime` +2. Compute `Y := EndTime - StartTime` +3. Compute `V' := OV * (X / Y)` +4. Compute `V := OV - V'` + +Thus, the total amount of *vested* coins is `V'` and the remaining amount, `V`, +is *vesting*. + +```go expandable +func (cva ContinuousVestingAccount) + +GetVestedCoins(t Time) + +Coins { + if t <= cva.StartTime { + // We must handle the case where the start time for a vesting account has + // been set into the future or when the start of the chain is not exactly + // known. + return ZeroCoins +} + +else if t >= cva.EndTime { + return cva.OriginalVesting +} + x := t - cva.StartTime + y := cva.EndTime - cva.StartTime + + return cva.OriginalVesting * (x / y) +} + +func (cva ContinuousVestingAccount) + +GetVestingCoins(t Time) + +Coins { + return cva.OriginalVesting - cva.GetVestedCoins(t) +} +``` + +### Periodic Vesting Accounts + +Periodic vesting accounts require calculating the coins released during each period for a given block time `T`. Note that multiple periods could have passed when calling `GetVestedCoins`, so we must iterate over each period until the end of that period is after `T`. + +1. Set `CT := StartTime` +2. Set `V' := 0` + +For each Period P: + +1. Compute `X := T - CT` +2. IF `X >= P.Length` + 1. Compute `V' += P.Amount` + 2. Compute `CT += P.Length` + 3. ELSE break +3. Compute `V := OV - V'` + +```go expandable +func (pva PeriodicVestingAccount) + +GetVestedCoins(t Time) + +Coins { + if t < pva.StartTime { + return ZeroCoins +} + ct := pva.StartTime // The start of the vesting schedule + vested := 0 + periods = pva.GetPeriods() + for _, period := range periods { + if t - ct < period.Length { + break +} + +vested += period.Amount + ct += period.Length // increment ct to the start of the next vesting period +} + +return vested +} + +func (pva PeriodicVestingAccount) + +GetVestingCoins(t Time) + +Coins { + return pva.OriginalVesting - cva.GetVestedCoins(t) +} +``` + +#### Delayed/Discrete Vesting Accounts + +Delayed vesting accounts are easier to reason about as they only have the full amount vesting up until a certain time, then all the coins become vested (unlocked). This does not include any unlocked coins the account may have initially. + +```go expandable +func (dva DelayedVestingAccount) + +GetVestedCoins(t Time) + +Coins { + if t >= dva.EndTime { + return dva.OriginalVesting +} + +return ZeroCoins +} + +func (dva DelayedVestingAccount) + +GetVestingCoins(t Time) + +Coins { + return dva.OriginalVesting - dva.GetVestedCoins(t) +} +``` + +### Transferring/Sending + +At any given time, a vesting account may transfer: `min((BC + DV) - V, BC)`. + +In other words, a vesting account may transfer the minimum of the base account balance and the base account balance plus the number of currently delegated vesting coins less the number of coins vested so far. + +However, given that account balances are tracked via the `x/bank` module and that we want to avoid loading the entire account balance, we can instead determine the locked balance, which can be defined as `max(V - DV, 0)`, and infer the spendable balance from that. + +```go +func (va VestingAccount) + +LockedCoins(t Time) + +Coins { + return max(va.GetVestingCoins(t) - va.DelegatedVesting, 0) +} +``` + +The `x/bank` `ViewKeeper` can then provide APIs to determine locked and spendable coins for any account: + +```go expandable +func (k Keeper) + +LockedCoins(ctx Context, addr AccAddress) + +Coins { + acc := k.GetAccount(ctx, addr) + if acc != nil { + if acc.IsVesting() { + return acc.LockedCoins(ctx.BlockTime()) +} + +} + + // non-vesting accounts do not have any locked coins + return NewCoins() +} +``` + +#### Keepers/Handlers + +The corresponding `x/bank` keeper should appropriately handle sending coins based on if the account is a vesting account or not. + +```go expandable +func (k Keeper) + +SendCoins(ctx Context, from Account, to Account, amount Coins) { + bc := k.GetBalances(ctx, from) + v := k.LockedCoins(ctx, from) + spendable := bc - v + newCoins := spendable - amount + assert(newCoins >= 0) + +from.SetBalance(newCoins) + +to.AddBalance(amount) + + // save balances... +} +``` + +### Delegating + +For a vesting account attempting to delegate `D` coins, the following is performed: + +1. Verify `BC >= D > 0` +2. Compute `X := min(max(V - DV, 0), D)` (portion of `D` that is vesting) +3. Compute `Y := D - X` (portion of `D` that is free) +4. Set `DV += X` +5. Set `DF += Y` + +```go +func (va VestingAccount) + +TrackDelegation(t Time, balance Coins, amount Coins) { + assert(balance <= amount) + x := min(max(va.GetVestingCoins(t) - va.DelegatedVesting, 0), amount) + y := amount - x + + va.DelegatedVesting += x + va.DelegatedFree += y +} +``` + +**Note** `TrackDelegation` only modifies the `DelegatedVesting` and `DelegatedFree` fields, so upstream callers MUST modify the `Coins` field by subtracting `amount`. + +#### Keepers/Handlers + +```go +func DelegateCoins(t Time, from Account, amount Coins) { + if isVesting(from) { + from.TrackDelegation(t, amount) +} + +else { + from.SetBalance(sc - amount) +} + + // save account... +} +``` + +### Undelegating + +For a vesting account attempting to undelegate `D` coins, the following is performed: + +> NOTE: `DV < D` and `(DV + DF) < D` may be possible due to quirks in the rounding of delegation/undelegation logic. + +1. Verify `D > 0` +2. Compute `X := min(DF, D)` (portion of `D` that should become free, prioritizing free coins) +3. Compute `Y := min(DV, D - X)` (portion of `D` that should remain vesting) +4. Set `DF -= X` +5. Set `DV -= Y` + +```go +func (cva ContinuousVestingAccount) + +TrackUndelegation(amount Coins) { + x := min(cva.DelegatedFree, amount) + y := amount - x + + cva.DelegatedFree -= x + cva.DelegatedVesting -= y +} +``` + +**Note** `TrackUnDelegation` only modifies the `DelegatedVesting` and `DelegatedFree` fields, so upstream callers MUST modify the `Coins` field by adding `amount`. + +**Note**: If a delegation is slashed, the continuous vesting account ends up with an excess `DV` amount, even after all its coins have vested. This is because undelegating free coins are prioritized. + +**Note**: The undelegation (bond refund) amount may exceed the delegated vesting (bond) amount due to the way undelegation truncates the bond refund, which can increase the validator's exchange rate (tokens/shares) slightly if the undelegated tokens are non-integral. + +#### Keepers/Handlers + +```go expandable +func UndelegateCoins(to Account, amount Coins) { + if isVesting(to) { + if to.DelegatedFree + to.DelegatedVesting >= amount { + to.TrackUndelegation(amount) + // save account ... +} + +} + +else { + AddBalance(to, amount) + // save account... +} +} +``` + +## Keepers & Handlers + +The `VestingAccount` implementations reside in `x/auth`. However, any keeper in a module (e.g. staking in `x/staking`) wishing to potentially utilize any vesting coins, must call explicit methods on the `x/bank` keeper (e.g. `DelegateCoins`) opposed to `SendCoins` and `SubtractCoins`. + +In addition, the vesting account should also be able to spend any coins it receives from other users. Thus, the bank module's `MsgSend` handler should error if a vesting account is trying to send an amount that exceeds their unlocked coin amount. + +See the above specification for full implementation details. + +## Genesis Initialization + +To initialize both vesting and non-vesting accounts, the `GenesisAccount` struct includes new fields: `Vesting`, `StartTime`, and `EndTime`. Accounts meant to be of type `BaseAccount` or any non-vesting type have `Vesting = false`. The genesis initialization logic (e.g. `initFromGenesisState`) must parse and return the correct accounts accordingly based off of these fields. + +```go expandable +type GenesisAccount struct { + // ... + + // vesting account fields + OriginalVesting sdk.Coins `json:"original_vesting"` + DelegatedFree sdk.Coins `json:"delegated_free"` + DelegatedVesting sdk.Coins `json:"delegated_vesting"` + StartTime int64 `json:"start_time"` + EndTime int64 `json:"end_time"` +} + +func ToAccount(gacc GenesisAccount) + +Account { + bacc := NewBaseAccount(gacc) + if gacc.OriginalVesting > 0 { + if ga.StartTime != 0 && ga.EndTime != 0 { + // return a continuous vesting account +} + +else if ga.EndTime != 0 { + // return a delayed vesting account +} + +else { + // invalid genesis vesting account provided + panic() +} + +} + +return bacc +} +``` + +## Examples + +### Simple + +Given a continuous vesting account with 10 vesting coins. + +```text +OV = 10 +DF = 0 +DV = 0 +BC = 10 +V = 10 +V' = 0 +``` + +1. Immediately receives 1 coin + + ```text + BC = 11 + ``` + +2. Time passes, 2 coins vest + + ```text + V = 8 + V' = 2 + ``` + +3. Delegates 4 coins to validator A + + ```text + DV = 4 + BC = 7 + ``` + +4. Sends 3 coins + + ```text + BC = 4 + ``` + +5. More time passes, 2 more coins vest + + ```text + V = 6 + V' = 4 + ``` + +6. Sends 2 coins. At this point the account cannot send anymore until further + coins vest or it receives additional coins. It can still however, delegate. + + ```text + BC = 2 + ``` + +### Slashing + +Same initial starting conditions as the simple example. + +1. Time passes, 5 coins vest + + ```text + V = 5 + V' = 5 + ``` + +2. Delegate 5 coins to validator A + + ```text + DV = 5 + BC = 5 + ``` + +3. Delegate 5 coins to validator B + + ```text + DF = 5 + BC = 0 + ``` + +4. Validator A gets slashed by 50%, making the delegation to A now worth 2.5 coins + +5. Undelegate from validator A (2.5 coins) + + ```text + DF = 5 - 2.5 = 2.5 + BC = 0 + 2.5 = 2.5 + ``` + +6. Undelegate from validator B (5 coins). The account at this point can only + send 2.5 coins unless it receives more coins or until more coins vest. + It can still however, delegate. + + ```text + DV = 5 - 2.5 = 2.5 + DF = 2.5 - 2.5 = 0 + BC = 2.5 + 5 = 7.5 + ``` + + Notice how we have an excess amount of `DV`. + +### Periodic Vesting + +A vesting account is created where 100 tokens will be released over 1 year, with +1/4 of tokens vesting each quarter. The vesting schedule would be as follows: + +```yaml +Periods: +- amount: 25stake, length: 7884000 +- amount: 25stake, length: 7884000 +- amount: 25stake, length: 7884000 +- amount: 25stake, length: 7884000 +``` + +```text +OV = 100 +DF = 0 +DV = 0 +BC = 100 +V = 100 +V' = 0 +``` + +1. Immediately receives 1 coin + + ```text + BC = 101 + ``` + +2. Vesting period 1 passes, 25 coins vest + + ```text + V = 75 + V' = 25 + ``` + +3. During vesting period 2, 5 coins are transferred and 5 coins are delegated + + ```text + DV = 5 + BC = 91 + ``` + +4. Vesting period 2 passes, 25 coins vest + + ```text + V = 50 + V' = 50 + ``` + +## Glossary + +* OriginalVesting: The amount of coins (per denomination) that are initially + part of a vesting account. These coins are set at genesis. +* StartTime: The BFT time at which a vesting account starts to vest. +* EndTime: The BFT time at which a vesting account is fully vested. +* DelegatedFree: The tracked amount of coins (per denomination) that are + delegated from a vesting account that have been fully vested at time of delegation. +* DelegatedVesting: The tracked amount of coins (per denomination) that are + delegated from a vesting account that were vesting at time of delegation. +* ContinuousVestingAccount: A vesting account implementation that vests coins + linearly over time. +* DelayedVestingAccount: A vesting account implementation that only fully vests + all coins at a given time. +* PeriodicVestingAccount: A vesting account implementation that vests coins + according to a custom vesting schedule. +* PermanentLockedAccount: It does not ever release coins, locking them indefinitely. + Coins in this account can still be used for delegating and for governance votes even while locked. + +## CLI + +A user can query and interact with the `vesting` module using the CLI. + +### Transactions + +The `tx` commands allow users to interact with the `vesting` module. + +```bash +simd tx vesting --help +``` + +#### create-periodic-vesting-account + +The `create-periodic-vesting-account` command creates a new vesting account funded with an allocation of tokens, where a sequence of coins and period length in seconds. Periods are sequential, in that the duration of a period only starts at the end of the previous period. The duration of the first period starts upon account creation. + +```bash +simd tx vesting create-periodic-vesting-account [to_address] [periods_json_file] [flags] +``` + +Example: + +```bash +simd tx vesting create-periodic-vesting-account cosmos1.. periods.json +``` + +#### create-vesting-account + +The `create-vesting-account` command creates a new vesting account funded with an allocation of tokens. The account can either be a delayed or continuous vesting account, which is determined by the '--delayed' flag. All vesting accounts created will have their start time set by the committed block's time. The end\_time must be provided as a UNIX epoch timestamp. + +```bash +simd tx vesting create-vesting-account [to_address] [amount] [end_time] [flags] +``` + +Example: + +```bash +simd tx vesting create-vesting-account cosmos1.. 100stake 2592000 +``` diff --git a/docs/sdk/next/build/modules/authz/README.mdx b/docs/sdk/next/build/modules/authz/README.mdx new file mode 100644 index 00000000..1dbfe038 --- /dev/null +++ b/docs/sdk/next/build/modules/authz/README.mdx @@ -0,0 +1,1340 @@ +--- +title: '`x/authz`' +--- +## Abstract + +`x/authz` is an implementation of a Cosmos SDK module, per [ADR 30](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-030-authz-module.md), that allows +granting arbitrary privileges from one account (the granter) to another account (the grantee). Authorizations must be granted for a particular Msg service method one by one using an implementation of the `Authorization` interface. + +## Contents + +* [Concepts](#concepts) + * [Authorization and Grant](#authorization-and-grant) + * [Built-in Authorizations](#built-in-authorizations) + * [Gas](#gas) +* [State](#state) + * [Grant](#grant) + * [GrantQueue](#grantqueue) +* [Messages](#messages) + * [MsgGrant](#msggrant) + * [MsgRevoke](#msgrevoke) + * [MsgExec](#msgexec) +* [Events](#events) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) + +## Concepts + +### Authorization and Grant + +The `x/authz` module defines interfaces and messages grant authorizations to perform actions +on behalf of one account to other accounts. The design is defined in the [ADR 030](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-030-authz-module.md). + +A *grant* is an allowance to execute a Msg by the grantee on behalf of the granter. +Authorization is an interface that must be implemented by a concrete authorization logic to validate and execute grants. Authorizations are extensible and can be defined for any Msg service method even outside of the module where the Msg method is defined. See the `SendAuthorization` example in the next section for more details. + +**Note:** The authz module is different from the [auth (authentication)](/docs/sdk/vnext/build/modules/auth/) module that is responsible for specifying the base transaction and account types. + +```go expandable +package authz + +import ( + + "github.com/cosmos/gogoproto/proto" + + sdk "github.com/cosmos/cosmos-sdk/types" +) + +// Authorization represents the interface of various Authorization types implemented +// by other modules. +type Authorization interface { + proto.Message + + // MsgTypeURL returns the fully-qualified Msg service method URL (as described in ADR 031), + // which will process and accept or reject a request. + MsgTypeURL() + +string + + // Accept determines whether this grant permits the provided sdk.Msg to be performed, + // and if so provides an upgraded authorization instance. + Accept(ctx sdk.Context, msg sdk.Msg) (AcceptResponse, error) + + // ValidateBasic does a simple validation check that + // doesn't require access to any other information. + ValidateBasic() + +error +} + +// AcceptResponse instruments the controller of an authz message if the request is accepted +// and if it should be updated or deleted. +type AcceptResponse struct { + // If Accept=true, the controller can accept and authorization and handle the update. + Accept bool + // If Delete=true, the controller must delete the authorization object and release + // storage resources. + Delete bool + // Controller, who is calling Authorization.Accept must check if `Updated != nil`. If yes, + // it must use the updated version and handle the update on the storage level. + Updated Authorization +} +``` + +### Built-in Authorizations + +The Cosmos SDK `x/authz` module comes with following authorization types: + +#### GenericAuthorization + +`GenericAuthorization` implements the `Authorization` interface that gives unrestricted permission to execute the provided Msg on behalf of granter's account. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/authz.proto#L14-L22 +``` + +```go expandable +package authz + +import ( + + sdk "github.com/cosmos/cosmos-sdk/types" +) + +var _ Authorization = &GenericAuthorization{ +} + +// NewGenericAuthorization creates a new GenericAuthorization object. +func NewGenericAuthorization(msgTypeURL string) *GenericAuthorization { + return &GenericAuthorization{ + Msg: msgTypeURL, +} +} + +// MsgTypeURL implements Authorization.MsgTypeURL. +func (a GenericAuthorization) + +MsgTypeURL() + +string { + return a.Msg +} + +// Accept implements Authorization.Accept. +func (a GenericAuthorization) + +Accept(ctx sdk.Context, msg sdk.Msg) (AcceptResponse, error) { + return AcceptResponse{ + Accept: true +}, nil +} + +// ValidateBasic implements Authorization.ValidateBasic. +func (a GenericAuthorization) + +ValidateBasic() + +error { + return nil +} +``` + +* `msg` stores Msg type URL. + +#### SendAuthorization + +`SendAuthorization` implements the `Authorization` interface for the `cosmos.bank.v1beta1.MsgSend` Msg. + +* It takes a (positive) `SpendLimit` that specifies the maximum amount of tokens the grantee can spend. The `SpendLimit` is updated as the tokens are spent. +* It takes an (optional) `AllowList` that specifies to which addresses a grantee can send token. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/authz.proto#L11-L30 +``` + +```go expandable +package types + +import ( + + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/cosmos/cosmos-sdk/x/authz" +) + +// TODO: Revisit this once we have proper gas fee framework. +// Ref: https://github.com/cosmos/cosmos-sdk/issues/9054 +// Ref: https://github.com/cosmos/cosmos-sdk/discussions/9072 +const gasCostPerIteration = uint64(10) + +var _ authz.Authorization = &SendAuthorization{ +} + +// NewSendAuthorization creates a new SendAuthorization object. +func NewSendAuthorization(spendLimit sdk.Coins, allowed []sdk.AccAddress) *SendAuthorization { + return &SendAuthorization{ + AllowList: toBech32Addresses(allowed), + SpendLimit: spendLimit, +} +} + +// MsgTypeURL implements Authorization.MsgTypeURL. +func (a SendAuthorization) + +MsgTypeURL() + +string { + return sdk.MsgTypeURL(&MsgSend{ +}) +} + +// Accept implements Authorization.Accept. +func (a SendAuthorization) + +Accept(ctx sdk.Context, msg sdk.Msg) (authz.AcceptResponse, error) { + mSend, ok := msg.(*MsgSend) + if !ok { + return authz.AcceptResponse{ +}, sdkerrors.ErrInvalidType.Wrap("type mismatch") +} + toAddr := mSend.ToAddress + + limitLeft, isNegative := a.SpendLimit.SafeSub(mSend.Amount...) + if isNegative { + return authz.AcceptResponse{ +}, sdkerrors.ErrInsufficientFunds.Wrapf("requested amount is more than spend limit") +} + if limitLeft.IsZero() { + return authz.AcceptResponse{ + Accept: true, + Delete: true +}, nil +} + isAddrExists := false + allowedList := a.GetAllowList() + for _, addr := range allowedList { + ctx.GasMeter().ConsumeGas(gasCostPerIteration, "send authorization") + if addr == toAddr { + isAddrExists = true + break +} + +} + if len(allowedList) > 0 && !isAddrExists { + return authz.AcceptResponse{ +}, sdkerrors.ErrUnauthorized.Wrapf("cannot send to %s address", toAddr) +} + +return authz.AcceptResponse{ + Accept: true, + Delete: false, + Updated: &SendAuthorization{ + SpendLimit: limitLeft, + AllowList: allowedList +}}, nil +} + +// ValidateBasic implements Authorization.ValidateBasic. +func (a SendAuthorization) + +ValidateBasic() + +error { + if a.SpendLimit == nil { + return sdkerrors.ErrInvalidCoins.Wrap("spend limit cannot be nil") +} + if !a.SpendLimit.IsAllPositive() { + return sdkerrors.ErrInvalidCoins.Wrapf("spend limit must be positive") +} + found := make(map[string]bool, 0) + for i := 0; i < len(a.AllowList); i++ { + if found[a.AllowList[i]] { + return ErrDuplicateEntry +} + +found[a.AllowList[i]] = true +} + +return nil +} + +func toBech32Addresses(allowed []sdk.AccAddress) []string { + if len(allowed) == 0 { + return nil +} + allowedAddrs := make([]string, len(allowed)) + for i, addr := range allowed { + allowedAddrs[i] = addr.String() +} + +return allowedAddrs +} +``` + +* `spend_limit` keeps track of how many coins are left in the authorization. +* `allow_list` specifies an optional list of addresses to whom the grantee can send tokens on behalf of the granter. + +#### StakeAuthorization + +`StakeAuthorization` implements the `Authorization` interface for messages in the [staking module](https://docs.cosmos.network/v0.53/build/modules/staking). It takes an `AuthorizationType` to specify whether you want to authorise delegating, undelegating or redelegating (i.e. these have to be authorised separately). It also takes an optional `MaxTokens` that keeps track of a limit to the amount of tokens that can be delegated/undelegated/redelegated. If left empty, the amount is unlimited. Additionally, this Msg takes an `AllowList` or a `DenyList`, which allows you to select which validators you allow or deny grantees to stake with. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/authz.proto#L11-L35 +``` + +```go expandable +package types + +import ( + + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/cosmos/cosmos-sdk/x/authz" +) + +// TODO: Revisit this once we have propoer gas fee framework. +// Tracking issues https://github.com/cosmos/cosmos-sdk/issues/9054, https://github.com/cosmos/cosmos-sdk/discussions/9072 +const gasCostPerIteration = uint64(10) + +var _ authz.Authorization = &StakeAuthorization{ +} + +// NewStakeAuthorization creates a new StakeAuthorization object. +func NewStakeAuthorization(allowed []sdk.ValAddress, denied []sdk.ValAddress, authzType AuthorizationType, amount *sdk.Coin) (*StakeAuthorization, error) { + allowedValidators, deniedValidators, err := validateAllowAndDenyValidators(allowed, denied) + if err != nil { + return nil, err +} + a := StakeAuthorization{ +} + if allowedValidators != nil { + a.Validators = &StakeAuthorization_AllowList{ + AllowList: &StakeAuthorization_Validators{ + Address: allowedValidators +}} + +} + +else { + a.Validators = &StakeAuthorization_DenyList{ + DenyList: &StakeAuthorization_Validators{ + Address: deniedValidators +}} + +} + if amount != nil { + a.MaxTokens = amount +} + +a.AuthorizationType = authzType + + return &a, nil +} + +// MsgTypeURL implements Authorization.MsgTypeURL. +func (a StakeAuthorization) + +MsgTypeURL() + +string { + authzType, err := normalizeAuthzType(a.AuthorizationType) + if err != nil { + panic(err) +} + +return authzType +} + +func (a StakeAuthorization) + +ValidateBasic() + +error { + if a.MaxTokens != nil && a.MaxTokens.IsNegative() { + return sdkerrors.Wrapf(authz.ErrNegativeMaxTokens, "negative coin amount: %v", a.MaxTokens) +} + if a.AuthorizationType == AuthorizationType_AUTHORIZATION_TYPE_UNSPECIFIED { + return authz.ErrUnknownAuthorizationType +} + +return nil +} + +// Accept implements Authorization.Accept. +func (a StakeAuthorization) + +Accept(ctx sdk.Context, msg sdk.Msg) (authz.AcceptResponse, error) { + var validatorAddress string + var amount sdk.Coin + switch msg := msg.(type) { + case *MsgDelegate: + validatorAddress = msg.ValidatorAddress + amount = msg.Amount + case *MsgUndelegate: + validatorAddress = msg.ValidatorAddress + amount = msg.Amount + case *MsgBeginRedelegate: + validatorAddress = msg.ValidatorDstAddress + amount = msg.Amount + default: + return authz.AcceptResponse{ +}, sdkerrors.ErrInvalidRequest.Wrap("unknown msg type") +} + isValidatorExists := false + allowedList := a.GetAllowList().GetAddress() + for _, validator := range allowedList { + ctx.GasMeter().ConsumeGas(gasCostPerIteration, "stake authorization") + if validator == validatorAddress { + isValidatorExists = true + break +} + +} + denyList := a.GetDenyList().GetAddress() + for _, validator := range denyList { + ctx.GasMeter().ConsumeGas(gasCostPerIteration, "stake authorization") + if validator == validatorAddress { + return authz.AcceptResponse{ +}, sdkerrors.ErrUnauthorized.Wrapf("cannot delegate/undelegate to %s validator", validator) +} + +} + if len(allowedList) > 0 && !isValidatorExists { + return authz.AcceptResponse{ +}, sdkerrors.ErrUnauthorized.Wrapf("cannot delegate/undelegate to %s validator", validatorAddress) +} + if a.MaxTokens == nil { + return authz.AcceptResponse{ + Accept: true, + Delete: false, + Updated: &StakeAuthorization{ + Validators: a.GetValidators(), + AuthorizationType: a.GetAuthorizationType() +}, +}, nil +} + +limitLeft, err := a.MaxTokens.SafeSub(amount) + if err != nil { + return authz.AcceptResponse{ +}, err +} + if limitLeft.IsZero() { + return authz.AcceptResponse{ + Accept: true, + Delete: true +}, nil +} + +return authz.AcceptResponse{ + Accept: true, + Delete: false, + Updated: &StakeAuthorization{ + Validators: a.GetValidators(), + AuthorizationType: a.GetAuthorizationType(), + MaxTokens: &limitLeft +}, +}, nil +} + +func validateAllowAndDenyValidators(allowed []sdk.ValAddress, denied []sdk.ValAddress) ([]string, []string, error) { + if len(allowed) == 0 && len(denied) == 0 { + return nil, nil, sdkerrors.ErrInvalidRequest.Wrap("both allowed & deny list cannot be empty") +} + if len(allowed) > 0 && len(denied) > 0 { + return nil, nil, sdkerrors.ErrInvalidRequest.Wrap("cannot set both allowed & deny list") +} + allowedValidators := make([]string, len(allowed)) + if len(allowed) > 0 { + for i, validator := range allowed { + allowedValidators[i] = validator.String() +} + +return allowedValidators, nil, nil +} + deniedValidators := make([]string, len(denied)) + for i, validator := range denied { + deniedValidators[i] = validator.String() +} + +return nil, deniedValidators, nil +} + +// Normalized Msg type URLs +func normalizeAuthzType(authzType AuthorizationType) (string, error) { + switch authzType { + case AuthorizationType_AUTHORIZATION_TYPE_DELEGATE: + return sdk.MsgTypeURL(&MsgDelegate{ +}), nil + case AuthorizationType_AUTHORIZATION_TYPE_UNDELEGATE: + return sdk.MsgTypeURL(&MsgUndelegate{ +}), nil + case AuthorizationType_AUTHORIZATION_TYPE_REDELEGATE: + return sdk.MsgTypeURL(&MsgBeginRedelegate{ +}), nil + default: + return "", sdkerrors.Wrapf(authz.ErrUnknownAuthorizationType, "cannot normalize authz type with %T", authzType) +} +} +``` + +### Gas + +In order to prevent DoS attacks, granting `StakeAuthorization`s with `x/authz` incurs gas. `StakeAuthorization` allows you to authorize another account to delegate, undelegate, or redelegate to validators. The authorizer can define a list of validators they allow or deny delegations to. The Cosmos SDK iterates over these lists and charge 10 gas for each validator in both of the lists. + +Since the state maintaining a list for granter, grantee pair with same expiration, we are iterating over the list to remove the grant (in case of any revoke of particular `msgType`) from the list and we are charging 20 gas per iteration. + +## State + +### Grant + +Grants are identified by combining granter address (the address bytes of the granter), grantee address (the address bytes of the grantee) and Authorization type (its type URL). Hence we only allow one grant for the (granter, grantee, Authorization) triple. + +* Grant: `0x01 | granter_address_len (1 byte) | granter_address_bytes | grantee_address_len (1 byte) | grantee_address_bytes | msgType_bytes -> ProtocolBuffer(AuthorizationGrant)` + +The grant object encapsulates an `Authorization` type and an expiration timestamp: + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/authz.proto#L24-L32 +``` + +### GrantQueue + +We are maintaining a queue for authz pruning. Whenever a grant is created, an item will be added to `GrantQueue` with a key of expiration, granter, grantee. + +In `EndBlock` (which runs for every block) we continuously check and prune the expired grants by forming a prefix key with current blocktime that passed the stored expiration in `GrantQueue`, we iterate through all the matched records from `GrantQueue` and delete them from the `GrantQueue` & `Grant`s store. + +```go expandable +package keeper + +import ( + + "fmt" + "strconv" + "time" + "github.com/cosmos/gogoproto/proto" + abci "github.com/tendermint/tendermint/abci/types" + "github.com/tendermint/tendermint/libs/log" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/codec" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + storetypes "github.com/cosmos/cosmos-sdk/store/types" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/cosmos/cosmos-sdk/x/authz" +) + +// TODO: Revisit this once we have propoer gas fee framework. +// Tracking issues https://github.com/cosmos/cosmos-sdk/issues/9054, +// https://github.com/cosmos/cosmos-sdk/discussions/9072 +const gasCostPerIteration = uint64(20) + +type Keeper struct { + storeKey storetypes.StoreKey + cdc codec.BinaryCodec + router *baseapp.MsgServiceRouter + authKeeper authz.AccountKeeper +} + +// NewKeeper constructs a message authorization Keeper +func NewKeeper(storeKey storetypes.StoreKey, cdc codec.BinaryCodec, router *baseapp.MsgServiceRouter, ak authz.AccountKeeper) + +Keeper { + return Keeper{ + storeKey: storeKey, + cdc: cdc, + router: router, + authKeeper: ak, +} +} + +// Logger returns a module-specific logger. +func (k Keeper) + +Logger(ctx sdk.Context) + +log.Logger { + return ctx.Logger().With("module", fmt.Sprintf("x/%s", authz.ModuleName)) +} + +// getGrant returns grant stored at skey. +func (k Keeper) + +getGrant(ctx sdk.Context, skey []byte) (grant authz.Grant, found bool) { + store := ctx.KVStore(k.storeKey) + bz := store.Get(skey) + if bz == nil { + return grant, false +} + +k.cdc.MustUnmarshal(bz, &grant) + +return grant, true +} + +func (k Keeper) + +update(ctx sdk.Context, grantee sdk.AccAddress, granter sdk.AccAddress, updated authz.Authorization) + +error { + skey := grantStoreKey(grantee, granter, updated.MsgTypeURL()) + +grant, found := k.getGrant(ctx, skey) + if !found { + return authz.ErrNoAuthorizationFound +} + +msg, ok := updated.(proto.Message) + if !ok { + return sdkerrors.ErrPackAny.Wrapf("cannot proto marshal %T", updated) +} + +any, err := codectypes.NewAnyWithValue(msg) + if err != nil { + return err +} + +grant.Authorization = any + store := ctx.KVStore(k.storeKey) + +store.Set(skey, k.cdc.MustMarshal(&grant)) + +return nil +} + +// DispatchActions attempts to execute the provided messages via authorization +// grants from the message signer to the grantee. +func (k Keeper) + +DispatchActions(ctx sdk.Context, grantee sdk.AccAddress, msgs []sdk.Msg) ([][]byte, error) { + results := make([][]byte, len(msgs)) + now := ctx.BlockTime() + for i, msg := range msgs { + signers := msg.GetSigners() + if len(signers) != 1 { + return nil, authz.ErrAuthorizationNumOfSigners +} + granter := signers[0] + + // If granter != grantee then check authorization.Accept, otherwise we + // implicitly accept. + if !granter.Equals(grantee) { + skey := grantStoreKey(grantee, granter, sdk.MsgTypeURL(msg)) + +grant, found := k.getGrant(ctx, skey) + if !found { + return nil, sdkerrors.Wrapf(authz.ErrNoAuthorizationFound, "failed to update grant with key %s", string(skey)) +} + if grant.Expiration != nil && grant.Expiration.Before(now) { + return nil, authz.ErrAuthorizationExpired +} + +authorization, err := grant.GetAuthorization() + if err != nil { + return nil, err +} + +resp, err := authorization.Accept(ctx, msg) + if err != nil { + return nil, err +} + if resp.Delete { + err = k.DeleteGrant(ctx, grantee, granter, sdk.MsgTypeURL(msg)) +} + +else if resp.Updated != nil { + err = k.update(ctx, grantee, granter, resp.Updated) +} + if err != nil { + return nil, err +} + if !resp.Accept { + return nil, sdkerrors.ErrUnauthorized +} + +} + handler := k.router.Handler(msg) + if handler == nil { + return nil, sdkerrors.ErrUnknownRequest.Wrapf("unrecognized message route: %s", sdk.MsgTypeURL(msg)) +} + +msgResp, err := handler(ctx, msg) + if err != nil { + return nil, sdkerrors.Wrapf(err, "failed to execute message; message %v", msg) +} + +results[i] = msgResp.Data + + // emit the events from the dispatched actions + events := msgResp.Events + sdkEvents := make([]sdk.Event, 0, len(events)) + for _, event := range events { + e := event + e.Attributes = append(e.Attributes, abci.EventAttribute{ + Key: "authz_msg_index", + Value: strconv.Itoa(i) +}) + +sdkEvents = append(sdkEvents, sdk.Event(e)) +} + +ctx.EventManager().EmitEvents(sdkEvents) +} + +return results, nil +} + +// SaveGrant method grants the provided authorization to the grantee on the granter's account +// with the provided expiration time and insert authorization key into the grants queue. If there is an existing authorization grant for the +// same `sdk.Msg` type, this grant overwrites that. +func (k Keeper) + +SaveGrant(ctx sdk.Context, grantee, granter sdk.AccAddress, authorization authz.Authorization, expiration *time.Time) + +error { + store := ctx.KVStore(k.storeKey) + msgType := authorization.MsgTypeURL() + skey := grantStoreKey(grantee, granter, msgType) + +grant, err := authz.NewGrant(ctx.BlockTime(), authorization, expiration) + if err != nil { + return err +} + +var oldExp *time.Time + if oldGrant, found := k.getGrant(ctx, skey); found { + oldExp = oldGrant.Expiration +} + if oldExp != nil && (expiration == nil || !oldExp.Equal(*expiration)) { + if err = k.removeFromGrantQueue(ctx, skey, granter, grantee, *oldExp); err != nil { + return err +} + +} + + // If the expiration didn't change, then we don't remove it and we should not insert again + if expiration != nil && (oldExp == nil || !oldExp.Equal(*expiration)) { + if err = k.insertIntoGrantQueue(ctx, granter, grantee, msgType, *expiration); err != nil { + return err +} + +} + bz := k.cdc.MustMarshal(&grant) + +store.Set(skey, bz) + +return ctx.EventManager().EmitTypedEvent(&authz.EventGrant{ + MsgTypeUrl: authorization.MsgTypeURL(), + Granter: granter.String(), + Grantee: grantee.String(), +}) +} + +// DeleteGrant revokes any authorization for the provided message type granted to the grantee +// by the granter. +func (k Keeper) + +DeleteGrant(ctx sdk.Context, grantee sdk.AccAddress, granter sdk.AccAddress, msgType string) + +error { + store := ctx.KVStore(k.storeKey) + skey := grantStoreKey(grantee, granter, msgType) + +grant, found := k.getGrant(ctx, skey) + if !found { + return sdkerrors.Wrapf(authz.ErrNoAuthorizationFound, "failed to delete grant with key %s", string(skey)) +} + if grant.Expiration != nil { + err := k.removeFromGrantQueue(ctx, skey, granter, grantee, *grant.Expiration) + if err != nil { + return err +} + +} + +store.Delete(skey) + +return ctx.EventManager().EmitTypedEvent(&authz.EventRevoke{ + MsgTypeUrl: msgType, + Granter: granter.String(), + Grantee: grantee.String(), +}) +} + +// GetAuthorizations Returns list of `Authorizations` granted to the grantee by the granter. +func (k Keeper) + +GetAuthorizations(ctx sdk.Context, grantee sdk.AccAddress, granter sdk.AccAddress) ([]authz.Authorization, error) { + store := ctx.KVStore(k.storeKey) + key := grantStoreKey(grantee, granter, "") + iter := sdk.KVStorePrefixIterator(store, key) + +defer iter.Close() + +var authorization authz.Grant + var authorizations []authz.Authorization + for ; iter.Valid(); iter.Next() { + if err := k.cdc.Unmarshal(iter.Value(), &authorization); err != nil { + return nil, err +} + +a, err := authorization.GetAuthorization() + if err != nil { + return nil, err +} + +authorizations = append(authorizations, a) +} + +return authorizations, nil +} + +// GetAuthorization returns an Authorization and it's expiration time. +// A nil Authorization is returned under the following circumstances: +// - No grant is found. +// - A grant is found, but it is expired. +// - There was an error getting the authorization from the grant. +func (k Keeper) + +GetAuthorization(ctx sdk.Context, grantee sdk.AccAddress, granter sdk.AccAddress, msgType string) (authz.Authorization, *time.Time) { + grant, found := k.getGrant(ctx, grantStoreKey(grantee, granter, msgType)) + if !found || (grant.Expiration != nil && grant.Expiration.Before(ctx.BlockHeader().Time)) { + return nil, nil +} + +auth, err := grant.GetAuthorization() + if err != nil { + return nil, nil +} + +return auth, grant.Expiration +} + +// IterateGrants iterates over all authorization grants +// This function should be used with caution because it can involve significant IO operations. +// It should not be used in query or msg services without charging additional gas. +// The iteration stops when the handler function returns true or the iterator exhaust. +func (k Keeper) + +IterateGrants(ctx sdk.Context, + handler func(granterAddr sdk.AccAddress, granteeAddr sdk.AccAddress, grant authz.Grant) + +bool, +) { + store := ctx.KVStore(k.storeKey) + iter := sdk.KVStorePrefixIterator(store, GrantKey) + +defer iter.Close() + for ; iter.Valid(); iter.Next() { + var grant authz.Grant + granterAddr, granteeAddr, _ := parseGrantStoreKey(iter.Key()) + +k.cdc.MustUnmarshal(iter.Value(), &grant) + if handler(granterAddr, granteeAddr, grant) { + break +} + +} +} + +func (k Keeper) + +getGrantQueueItem(ctx sdk.Context, expiration time.Time, granter, grantee sdk.AccAddress) (*authz.GrantQueueItem, error) { + store := ctx.KVStore(k.storeKey) + bz := store.Get(GrantQueueKey(expiration, granter, grantee)) + if bz == nil { + return &authz.GrantQueueItem{ +}, nil +} + +var queueItems authz.GrantQueueItem + if err := k.cdc.Unmarshal(bz, &queueItems); err != nil { + return nil, err +} + +return &queueItems, nil +} + +func (k Keeper) + +setGrantQueueItem(ctx sdk.Context, expiration time.Time, + granter sdk.AccAddress, grantee sdk.AccAddress, queueItems *authz.GrantQueueItem, +) + +error { + store := ctx.KVStore(k.storeKey) + +bz, err := k.cdc.Marshal(queueItems) + if err != nil { + return err +} + +store.Set(GrantQueueKey(expiration, granter, grantee), bz) + +return nil +} + +// insertIntoGrantQueue inserts a grant key into the grant queue +func (k Keeper) + +insertIntoGrantQueue(ctx sdk.Context, granter, grantee sdk.AccAddress, msgType string, expiration time.Time) + +error { + queueItems, err := k.getGrantQueueItem(ctx, expiration, granter, grantee) + if err != nil { + return err +} + if len(queueItems.MsgTypeUrls) == 0 { + k.setGrantQueueItem(ctx, expiration, granter, grantee, &authz.GrantQueueItem{ + MsgTypeUrls: []string{ + msgType +}, +}) +} + +else { + queueItems.MsgTypeUrls = append(queueItems.MsgTypeUrls, msgType) + +k.setGrantQueueItem(ctx, expiration, granter, grantee, queueItems) +} + +return nil +} + +// removeFromGrantQueue removes a grant key from the grant queue +func (k Keeper) + +removeFromGrantQueue(ctx sdk.Context, grantKey []byte, granter, grantee sdk.AccAddress, expiration time.Time) + +error { + store := ctx.KVStore(k.storeKey) + key := GrantQueueKey(expiration, granter, grantee) + bz := store.Get(key) + if bz == nil { + return sdkerrors.Wrap(authz.ErrNoGrantKeyFound, "can't remove grant from the expire queue, grant key not found") +} + +var queueItem authz.GrantQueueItem + if err := k.cdc.Unmarshal(bz, &queueItem); err != nil { + return err +} + + _, _, msgType := parseGrantStoreKey(grantKey) + queueItems := queueItem.MsgTypeUrls + for index, typeURL := range queueItems { + ctx.GasMeter().ConsumeGas(gasCostPerIteration, "grant queue") + if typeURL == msgType { + end := len(queueItem.MsgTypeUrls) - 1 + queueItems[index] = queueItems[end] + queueItems = queueItems[:end] + if err := k.setGrantQueueItem(ctx, expiration, granter, grantee, &authz.GrantQueueItem{ + MsgTypeUrls: queueItems, +}); err != nil { + return err +} + +break +} + +} + +return nil +} + +// DequeueAndDeleteExpiredGrants deletes expired grants from the state and grant queue. +func (k Keeper) + +DequeueAndDeleteExpiredGrants(ctx sdk.Context) + +error { + store := ctx.KVStore(k.storeKey) + iterator := store.Iterator(GrantQueuePrefix, sdk.InclusiveEndBytes(GrantQueueTimePrefix(ctx.BlockTime()))) + +defer iterator.Close() + for ; iterator.Valid(); iterator.Next() { + var queueItem authz.GrantQueueItem + if err := k.cdc.Unmarshal(iterator.Value(), &queueItem); err != nil { + return err +} + + _, granter, grantee, err := parseGrantQueueKey(iterator.Key()) + if err != nil { + return err +} + +store.Delete(iterator.Key()) + for _, typeURL := range queueItem.MsgTypeUrls { + store.Delete(grantStoreKey(grantee, granter, typeURL)) +} + +} + +return nil +} +``` + +* GrantQueue: `0x02 | expiration_bytes | granter_address_len (1 byte) | granter_address_bytes | grantee_address_len (1 byte) | grantee_address_bytes -> ProtocolBuffer(GrantQueueItem)` + +The `expiration_bytes` are the expiration date in UTC with the format `"2006-01-02T15:04:05.000000000"`. + +```go expandable +package keeper + +import ( + + "time" + "github.com/cosmos/cosmos-sdk/internal/conv" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/address" + "github.com/cosmos/cosmos-sdk/types/kv" + "github.com/cosmos/cosmos-sdk/x/authz" +) + +// Keys for store prefixes +// Items are stored with the following key: values +// +// - 0x01: Grant +// - 0x02: GrantQueueItem +var ( + GrantKey = []byte{0x01 +} // prefix for each key + GrantQueuePrefix = []byte{0x02 +} +) + +var lenTime = len(sdk.FormatTimeBytes(time.Now())) + +// StoreKey is the store key string for authz +const StoreKey = authz.ModuleName + +// grantStoreKey - return authorization store key +// Items are stored with the following key: values +// +// - 0x01: Grant +func grantStoreKey(grantee sdk.AccAddress, granter sdk.AccAddress, msgType string) []byte { + m := conv.UnsafeStrToBytes(msgType) + +granter = address.MustLengthPrefix(granter) + +grantee = address.MustLengthPrefix(grantee) + key := sdk.AppendLengthPrefixedBytes(GrantKey, granter, grantee, m) + +return key +} + +// parseGrantStoreKey - split granter, grantee address and msg type from the authorization key +func parseGrantStoreKey(key []byte) (granterAddr, granteeAddr sdk.AccAddress, msgType string) { + // key is of format: + // 0x01 + + granterAddrLen, granterAddrLenEndIndex := sdk.ParseLengthPrefixedBytes(key, 1, 1) // ignore key[0] since it is a prefix key + granterAddr, granterAddrEndIndex := sdk.ParseLengthPrefixedBytes(key, granterAddrLenEndIndex+1, int(granterAddrLen[0])) + +granteeAddrLen, granteeAddrLenEndIndex := sdk.ParseLengthPrefixedBytes(key, granterAddrEndIndex+1, 1) + +granteeAddr, granteeAddrEndIndex := sdk.ParseLengthPrefixedBytes(key, granteeAddrLenEndIndex+1, int(granteeAddrLen[0])) + +kv.AssertKeyAtLeastLength(key, granteeAddrEndIndex+1) + +return granterAddr, granteeAddr, conv.UnsafeBytesToStr(key[(granteeAddrEndIndex + 1):]) +} + +// parseGrantQueueKey split expiration time, granter and grantee from the grant queue key +func parseGrantQueueKey(key []byte) (time.Time, sdk.AccAddress, sdk.AccAddress, error) { + // key is of format: + // 0x02 + + expBytes, expEndIndex := sdk.ParseLengthPrefixedBytes(key, 1, lenTime) + +exp, err := sdk.ParseTimeBytes(expBytes) + if err != nil { + return exp, nil, nil, err +} + +granterAddrLen, granterAddrLenEndIndex := sdk.ParseLengthPrefixedBytes(key, expEndIndex+1, 1) + +granter, granterEndIndex := sdk.ParseLengthPrefixedBytes(key, granterAddrLenEndIndex+1, int(granterAddrLen[0])) + +granteeAddrLen, granteeAddrLenEndIndex := sdk.ParseLengthPrefixedBytes(key, granterEndIndex+1, 1) + +grantee, _ := sdk.ParseLengthPrefixedBytes(key, granteeAddrLenEndIndex+1, int(granteeAddrLen[0])) + +return exp, granter, grantee, nil +} + +// GrantQueueKey - return grant queue store key. If a given grant doesn't have a defined +// expiration, then it should not be used in the pruning queue. +// Key format is: +// +// 0x02: GrantQueueItem +func GrantQueueKey(expiration time.Time, granter sdk.AccAddress, grantee sdk.AccAddress) []byte { + exp := sdk.FormatTimeBytes(expiration) + +granter = address.MustLengthPrefix(granter) + +grantee = address.MustLengthPrefix(grantee) + +return sdk.AppendLengthPrefixedBytes(GrantQueuePrefix, exp, granter, grantee) +} + +// GrantQueueTimePrefix - return grant queue time prefix +func GrantQueueTimePrefix(expiration time.Time) []byte { + return append(GrantQueuePrefix, sdk.FormatTimeBytes(expiration)...) +} + +// firstAddressFromGrantStoreKey parses the first address only +func firstAddressFromGrantStoreKey(key []byte) + +sdk.AccAddress { + addrLen := key[0] + return sdk.AccAddress(key[1 : 1+addrLen]) +} +``` + +The `GrantQueueItem` object contains the list of type urls between granter and grantee that expire at the time indicated in the key. + +## Messages + +In this section we describe the processing of messages for the authz module. + +### MsgGrant + +An authorization grant is created using the `MsgGrant` message. +If there is already a grant for the `(granter, grantee, Authorization)` triple, then the new grant overwrites the previous one. To update or extend an existing grant, a new grant with the same `(granter, grantee, Authorization)` triple should be created. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/tx.proto#L35-L45 +``` + +The message handling should fail if: + +* both granter and grantee have the same address. +* provided `Expiration` time is less than current unix timestamp (but a grant will be created if no `expiration` time is provided since `expiration` is optional). +* provided `Grant.Authorization` is not implemented. +* `Authorization.MsgTypeURL()` is not defined in the router (there is no defined handler in the app router to handle that Msg types). + +### MsgRevoke + +A grant can be removed with the `MsgRevoke` message. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/tx.proto#L69-L78 +``` + +The message handling should fail if: + +* both granter and grantee have the same address. +* provided `MsgTypeUrl` is empty. + +NOTE: The `MsgExec` message removes a grant if the grant has expired. + +### MsgExec + +When a grantee wants to execute a transaction on behalf of a granter, they must send `MsgExec`. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/authz/v1beta1/tx.proto#L52-L63 +``` + +The message handling should fail if: + +* provided `Authorization` is not implemented. +* grantee doesn't have permission to run the transaction. +* if granted authorization is expired. + +## Events + +The authz module emits proto events defined in [the Protobuf reference](https://buf.build/cosmos/cosmos-sdk/docs/main/cosmos.authz.v1beta1#cosmos.authz.v1beta1.EventGrant). + +## Client + +### CLI + +A user can query and interact with the `authz` module using the CLI. + +#### Query + +The `query` commands allow users to query `authz` state. + +```bash +simd query authz --help +``` + +##### grants + +The `grants` command allows users to query grants for a granter-grantee pair. If the message type URL is set, it selects grants only for that message type. + +```bash +simd query authz grants [granter-addr] [grantee-addr] [msg-type-url]? [flags] +``` + +Example: + +```bash +simd query authz grants cosmos1.. cosmos1.. /cosmos.bank.v1beta1.MsgSend +``` + +Example Output: + +```bash +grants: +- authorization: + '@type': /cosmos.bank.v1beta1.SendAuthorization + spend_limit: + - amount: "100" + denom: stake + expiration: "2022-01-01T00:00:00Z" +pagination: null +``` + +#### Transactions + +The `tx` commands allow users to interact with the `authz` module. + +```bash +simd tx authz --help +``` + +##### exec + +The `exec` command allows a grantee to execute a transaction on behalf of granter. + +```bash + simd tx authz exec [tx-json-file] --from [grantee] [flags] +``` + +Example: + +```bash +simd tx authz exec tx.json --from=cosmos1.. +``` + +##### grant + +The `grant` command allows a granter to grant an authorization to a grantee. + +```bash +simd tx authz grant --from [flags] +``` + +* The `send` authorization\_type refers to the built-in `SendAuthorization` type. The custom flags available are `spend-limit` (required) and `allow-list` (optional) , documented [here](#sendauthorization) + +Example: + +```bash + simd tx authz grant cosmos1.. send --spend-limit=100stake --allow-list=cosmos1...,cosmos2... --from=cosmos1.. +``` + +* The `generic` authorization\_type refers to the built-in `GenericAuthorization` type. The custom flag available is `msg-type` (required) documented [here](#genericauthorization). + +> Note: `msg-type` is any valid Cosmos SDK `Msg` type url. + +Example: + +```bash + simd tx authz grant cosmos1.. generic --msg-type=/cosmos.bank.v1beta1.MsgSend --from=cosmos1.. +``` + +* The `delegate`,`unbond`,`redelegate` authorization\_types refer to the built-in `StakeAuthorization` type. The custom flags available are `spend-limit` (optional), `allowed-validators` (optional) and `deny-validators` (optional) documented [here](#stakeauthorization). + +> Note: `allowed-validators` and `deny-validators` cannot both be empty. `spend-limit` represents the `MaxTokens` + +Example: + +```bash +simd tx authz grant cosmos1.. delegate --spend-limit=100stake --allowed-validators=cosmos...,cosmos... --deny-validators=cosmos... --from=cosmos1.. +``` + +##### revoke + +The `revoke` command allows a granter to revoke an authorization from a grantee. + +```bash +simd tx authz revoke [grantee] [msg-type-url] --from=[granter] [flags] +``` + +Example: + +```bash +simd tx authz revoke cosmos1.. /cosmos.bank.v1beta1.MsgSend --from=cosmos1.. +``` + +### gRPC + +A user can query the `authz` module using gRPC endpoints. + +#### Grants + +The `Grants` endpoint allows users to query grants for a granter-grantee pair. If the message type URL is set, it selects grants only for that message type. + +```bash +cosmos.authz.v1beta1.Query/Grants +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"granter":"cosmos1..","grantee":"cosmos1..","msg_type_url":"/cosmos.bank.v1beta1.MsgSend"}' \ + localhost:9090 \ + cosmos.authz.v1beta1.Query/Grants +``` + +Example Output: + +```bash expandable +{ + "grants": [ + { + "authorization": { + "@type": "/cosmos.bank.v1beta1.SendAuthorization", + "spendLimit": [ + { + "denom":"stake", + "amount":"100" + } + ] + }, + "expiration": "2022-01-01T00:00:00Z" + } + ] +} +``` + +### REST + +A user can query the `authz` module using REST endpoints. + +```bash +/cosmos/authz/v1beta1/grants +``` + +Example: + +```bash +curl "localhost:1317/cosmos/authz/v1beta1/grants?granter=cosmos1..&grantee=cosmos1..&msg_type_url=/cosmos.bank.v1beta1.MsgSend" +``` + +Example Output: + +```bash expandable +{ + "grants": [ + { + "authorization": { + "@type": "/cosmos.bank.v1beta1.SendAuthorization", + "spend_limit": [ + { + "denom": "stake", + "amount": "100" + } + ] + }, + "expiration": "2022-01-01T00:00:00Z" + } + ], + "pagination": null +} +``` diff --git a/docs/sdk/next/build/modules/bank/README.mdx b/docs/sdk/next/build/modules/bank/README.mdx new file mode 100644 index 00000000..82886b54 --- /dev/null +++ b/docs/sdk/next/build/modules/bank/README.mdx @@ -0,0 +1,1136 @@ +--- +title: '`x/bank`' +description: This document specifies the bank module of the Cosmos SDK. +--- +## Abstract + +This document specifies the bank module of the Cosmos SDK. + +The bank module is responsible for handling multi-asset coin transfers between +accounts and tracking special-case pseudo-transfers which must work differently +with particular kinds of accounts (notably delegating/undelegating for vesting +accounts). It exposes several interfaces with varying capabilities for secure +interaction with other modules which must alter user balances. + +In addition, the bank module tracks and provides query support for the total +supply of all assets used in the application. + +This module is used in the Cosmos Hub. + +## Contents + +* [Supply](#supply) + * [Total Supply](#total-supply) +* [Module Accounts](#module-accounts) + * [Permissions](#permissions) +* [State](#state) +* [Params](#params) +* [Keepers](#keepers) +* [Messages](#messages) +* [Events](#events) + * [Message Events](#message-events) + * [Keeper Events](#keeper-events) +* [Parameters](#parameters) + * [SendEnabled](#sendenabled) + * [DefaultSendEnabled](#defaultsendenabled) +* [Client](#client) + * [CLI](#cli) + * [Query](#query) + * [Transactions](#transactions) +* [gRPC](#grpc) + +## Supply + +The `supply` functionality: + +* passively tracks the total supply of coins within a chain, +* provides a pattern for modules to hold/interact with `Coins`, and +* introduces the invariant check to verify a chain's total supply. + +### Total Supply + +The total `Supply` of the network is equal to the sum of all coins from the +account. The total supply is updated every time a `Coin` is minted (eg: as part +of the inflation mechanism) or burned (eg: due to slashing or if a governance +proposal is vetoed). + +## Module Accounts + +The supply functionality introduces a new type of `auth.Account` which can be used by +modules to allocate tokens and in special cases mint or burn tokens. At a base +level these module accounts are capable of sending/receiving tokens to and from +`auth.Account`s and other module accounts. This design replaces previous +alternative designs where, to hold tokens, modules would burn the incoming +tokens from the sender account, and then track those tokens internally. Later, +in order to send tokens, the module would need to effectively mint tokens +within a destination account. The new design removes duplicate logic between +modules to perform this accounting. + +The `ModuleAccount` interface is defined as follows: + +```go +type ModuleAccount interface { + auth.Account // same methods as the Account interface + + GetName() + +string // name of the module; used to obtain the address + GetPermissions() []string // permissions of module account + HasPermission(string) + +bool +} +``` + +> **WARNING!** +> Any module or message handler that allows either direct or indirect sending of funds must explicitly guarantee those funds cannot be sent to module accounts (unless allowed). + +The supply `Keeper` also introduces new wrapper functions for the auth `Keeper` +and the bank `Keeper` that are related to `ModuleAccount`s in order to be able +to: + +* Get and set `ModuleAccount`s by providing the `Name`. +* Send coins from and to other `ModuleAccount`s or standard `Account`s + (`BaseAccount` or `VestingAccount`) by passing only the `Name`. +* `Mint` or `Burn` coins for a `ModuleAccount` (restricted to its permissions). + +### Permissions + +Each `ModuleAccount` has a different set of permissions that provide different +object capabilities to perform certain actions. Permissions need to be +registered upon the creation of the supply `Keeper` so that every time a +`ModuleAccount` calls the allowed functions, the `Keeper` can lookup the +permissions to that specific account and perform or not perform the action. + +The available permissions are: + +* `Minter`: allows for a module to mint a specific amount of coins. +* `Burner`: allows for a module to burn a specific amount of coins. +* `Staking`: allows for a module to delegate and undelegate a specific amount of coins. + +## State + +The `x/bank` module keeps state of the following primary objects: + +1. Account balances +2. Denomination metadata +3. The total supply of all balances +4. Information on which denominations are allowed to be sent. + +In addition, the `x/bank` module keeps the following indexes to manage the +aforementioned state: + +* Supply Index: `0x0 | byte(denom) -> byte(amount)` +* Denom Metadata Index: `0x1 | byte(denom) -> ProtocolBuffer(Metadata)` +* Balances Index: `0x2 | byte(address length) | []byte(address) | []byte(balance.Denom) -> ProtocolBuffer(balance)` +* Reverse Denomination to Address Index: `0x03 | byte(denom) | 0x00 | []byte(address) -> 0` + +## Params + +The bank module stores it's params in state with the prefix of `0x05`, +it can be updated with governance or the address with authority. + +* Params: `0x05 | ProtocolBuffer(Params)` + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/bank.proto#L12-L23 +``` + +## Keepers + +The bank module provides these exported keeper interfaces that can be +passed to other modules that read or update account balances. Modules +should use the least-permissive interface that provides the functionality they +require. + +Best practices dictate careful review of `bank` module code to ensure that +permissions are limited in the way that you expect. + +### Denied Addresses + +The `x/bank` module accepts a map of addresses that are considered blocklisted +from directly and explicitly receiving funds through means such as `MsgSend` and +`MsgMultiSend` and direct API calls like `SendCoinsFromModuleToAccount`. + +Typically, these addresses are module accounts. If these addresses receive funds +outside the expected rules of the state machine, invariants are likely to be +broken and could result in a halted network. + +By providing the `x/bank` module with a blocklisted set of addresses, an error occurs for the operation if a user or client attempts to directly or indirectly send funds to a blocklisted account, for example, by using [IBC](https://ibc.cosmos.network). + +### Common Types + +#### Input + +An input of a multiparty transfer + +```protobuf +// Input models transaction input. +message Input { + string address = 1; + repeated cosmos.base.v1beta1.Coin coins = 2; +} +``` + +#### Output + +An output of a multiparty transfer. + +```protobuf +// Output models transaction outputs. +message Output { + string address = 1; + repeated cosmos.base.v1beta1.Coin coins = 2; +} +``` + +### BaseKeeper + +The base keeper provides full-permission access: the ability to arbitrary modify any account's balance and mint or burn coins. + +Restricted permission to mint per module could be achieved by using baseKeeper with `WithMintCoinsRestriction` to give specific restrictions to mint (e.g. only minting certain denom). + +```go expandable +// Keeper defines a module interface that facilitates the transfer of coins +// between accounts. +type Keeper interface { + SendKeeper + WithMintCoinsRestriction(MintingRestrictionFn) + +BaseKeeper + + InitGenesis(context.Context, *types.GenesisState) + +ExportGenesis(context.Context) *types.GenesisState + + GetSupply(ctx context.Context, denom string) + +sdk.Coin + HasSupply(ctx context.Context, denom string) + +bool + GetPaginatedTotalSupply(ctx context.Context, pagination *query.PageRequest) (sdk.Coins, *query.PageResponse, error) + +IterateTotalSupply(ctx context.Context, cb func(sdk.Coin) + +bool) + +GetDenomMetaData(ctx context.Context, denom string) (types.Metadata, bool) + +HasDenomMetaData(ctx context.Context, denom string) + +bool + SetDenomMetaData(ctx context.Context, denomMetaData types.Metadata) + +IterateAllDenomMetaData(ctx context.Context, cb func(types.Metadata) + +bool) + +SendCoinsFromModuleToAccount(ctx context.Context, senderModule string, recipientAddr sdk.AccAddress, amt sdk.Coins) + +error + SendCoinsFromModuleToModule(ctx context.Context, senderModule, recipientModule string, amt sdk.Coins) + +error + SendCoinsFromAccountToModule(ctx context.Context, senderAddr sdk.AccAddress, recipientModule string, amt sdk.Coins) + +error + DelegateCoinsFromAccountToModule(ctx context.Context, senderAddr sdk.AccAddress, recipientModule string, amt sdk.Coins) + +error + UndelegateCoinsFromModuleToAccount(ctx context.Context, senderModule string, recipientAddr sdk.AccAddress, amt sdk.Coins) + +error + MintCoins(ctx context.Context, moduleName string, amt sdk.Coins) + +error + BurnCoins(ctx context.Context, moduleName string, amt sdk.Coins) + +error + + DelegateCoins(ctx context.Context, delegatorAddr, moduleAccAddr sdk.AccAddress, amt sdk.Coins) + +error + UndelegateCoins(ctx context.Context, moduleAccAddr, delegatorAddr sdk.AccAddress, amt sdk.Coins) + +error + + // GetAuthority gets the address capable of executing governance proposal messages. Usually the gov module account. + GetAuthority() + +string + + types.QueryServer +} +``` + +### SendKeeper + +The send keeper provides access to account balances and the ability to transfer coins between +accounts. The send keeper does not alter the total supply (mint or burn coins). + +```go expandable +// SendKeeper defines a module interface that facilitates the transfer of coins +// between accounts without the possibility of creating coins. +type SendKeeper interface { + ViewKeeper + + AppendSendRestriction(restriction SendRestrictionFn) + +PrependSendRestriction(restriction SendRestrictionFn) + +ClearSendRestriction() + +InputOutputCoins(ctx context.Context, input types.Input, outputs []types.Output) + +error + SendCoins(ctx context.Context, fromAddr, toAddr sdk.AccAddress, amt sdk.Coins) + +error + + GetParams(ctx context.Context) + +types.Params + SetParams(ctx context.Context, params types.Params) + +error + + IsSendEnabledDenom(ctx context.Context, denom string) + +bool + SetSendEnabled(ctx context.Context, denom string, value bool) + +SetAllSendEnabled(ctx context.Context, sendEnableds []*types.SendEnabled) + +DeleteSendEnabled(ctx context.Context, denom string) + +IterateSendEnabledEntries(ctx context.Context, cb func(denom string, sendEnabled bool) (stop bool)) + +GetAllSendEnabledEntries(ctx context.Context) []types.SendEnabled + + IsSendEnabledCoin(ctx context.Context, coin sdk.Coin) + +bool + IsSendEnabledCoins(ctx context.Context, coins ...sdk.Coin) + +error + + BlockedAddr(addr sdk.AccAddress) + +bool +} +``` + +#### Send Restrictions + +The `SendKeeper` applies a `SendRestrictionFn` before each transfer of funds. + +```golang +// A SendRestrictionFn can restrict sends and/or provide a new receiver address. +type SendRestrictionFn func(ctx context.Context, fromAddr, toAddr sdk.AccAddress, amt sdk.Coins) (newToAddr sdk.AccAddress, err error) +``` + +After the `SendKeeper` (or `BaseKeeper`) has been created, send restrictions can be added to it using the `AppendSendRestriction` or `PrependSendRestriction` functions. +Both functions compose the provided restriction with any previously provided restrictions. +`AppendSendRestriction` adds the provided restriction to be run after any previously provided send restrictions. +`PrependSendRestriction` adds the restriction to be run before any previously provided send restrictions. +The composition will short-circuit when an error is encountered. I.e. if the first one returns an error, the second is not run. + +During `SendCoins`, the send restriction is applied before coins are removed from the from address and adding them to the to address. +During `InputOutputCoins`, the send restriction is applied after the input coins are removed and once for each output before the funds are added. + +A send restriction function should make use of a custom value in the context to allow bypassing that specific restriction. + +Send Restrictions are not placed on `ModuleToAccount` or `ModuleToModule` transfers. This is done due to modules needing to move funds to user accounts and other module accounts. This is a design decision to allow for more flexibility in the state machine. The state machine should be able to move funds between module accounts and user accounts without restrictions. + +Secondly this limitation would limit the usage of the state machine even for itself. users would not be able to receive rewards, not be able to move funds between module accounts. In the case that a user sends funds from a user account to the community pool and then a governance proposal is used to get those tokens into the users account this would fall under the discretion of the app chain developer to what they would like to do here. We can not make strong assumptions here. +Thirdly, this issue could lead into a chain halt if a token is disabled and the token is moved in the begin/endblock. This is the last reason we see the current change and more damaging then beneficial for users. + +For example, in your module's keeper package, you'd define the send restriction function: + +```golang expandable +var _ banktypes.SendRestrictionFn = Keeper{ +}.SendRestrictionFn + +func (k Keeper) + +SendRestrictionFn(ctx context.Context, fromAddr, toAddr sdk.AccAddress, amt sdk.Coins) (sdk.AccAddress, error) { + // Bypass if the context says to. + if mymodule.HasBypass(ctx) { + return toAddr, nil +} + + // Your custom send restriction logic goes here. + return nil, errors.New("not implemented") +} +``` + +The bank keeper should be provided to your keeper's constructor so the send restriction can be added to it: + +```golang +func NewKeeper(cdc codec.BinaryCodec, storeKey storetypes.StoreKey, bankKeeper mymodule.BankKeeper) + +Keeper { + rv := Keeper{/*...*/ +} + +bankKeeper.AppendSendRestriction(rv.SendRestrictionFn) + +return rv +} +``` + +Then, in the `mymodule` package, define the context helpers: + +```golang expandable +const bypassKey = "bypass-mymodule-restriction" + +// WithBypass returns a new context that will cause the mymodule bank send restriction to be skipped. +func WithBypass(ctx context.Context) + +context.Context { + return sdk.UnwrapSDKContext(ctx).WithValue(bypassKey, true) +} + +// WithoutBypass returns a new context that will cause the mymodule bank send restriction to not be skipped. +func WithoutBypass(ctx context.Context) + +context.Context { + return sdk.UnwrapSDKContext(ctx).WithValue(bypassKey, false) +} + +// HasBypass checks the context to see if the mymodule bank send restriction should be skipped. +func HasBypass(ctx context.Context) + +bool { + bypassValue := ctx.Value(bypassKey) + if bypassValue == nil { + return false +} + +bypass, isBool := bypassValue.(bool) + +return isBool && bypass +} +``` + +Now, anywhere where you want to use `SendCoins` or `InputOutputCoins`, but you don't want your send restriction applied: + +```golang +func (k Keeper) + +DoThing(ctx context.Context, fromAddr, toAddr sdk.AccAddress, amt sdk.Coins) + +error { + return k.bankKeeper.SendCoins(mymodule.WithBypass(ctx), fromAddr, toAddr, amt) +} +``` + +### ViewKeeper + +The view keeper provides read-only access to account balances. The view keeper does not have balance alteration functionality. All balance lookups are `O(1)`. + +```go expandable +// ViewKeeper defines a module interface that facilitates read only access to +// account balances. +type ViewKeeper interface { + ValidateBalance(ctx context.Context, addr sdk.AccAddress) + +error + HasBalance(ctx context.Context, addr sdk.AccAddress, amt sdk.Coin) + +bool + + GetAllBalances(ctx context.Context, addr sdk.AccAddress) + +sdk.Coins + GetAccountsBalances(ctx context.Context) []types.Balance + GetBalance(ctx context.Context, addr sdk.AccAddress, denom string) + +sdk.Coin + LockedCoins(ctx context.Context, addr sdk.AccAddress) + +sdk.Coins + SpendableCoins(ctx context.Context, addr sdk.AccAddress) + +sdk.Coins + SpendableCoin(ctx context.Context, addr sdk.AccAddress, denom string) + +sdk.Coin + + IterateAccountBalances(ctx context.Context, addr sdk.AccAddress, cb func(coin sdk.Coin) (stop bool)) + +IterateAllBalances(ctx context.Context, cb func(address sdk.AccAddress, coin sdk.Coin) (stop bool)) +} +``` + +## Messages + +### MsgSend + +Send coins from one address to another. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/tx.proto#L38-L53 +``` + +The message will fail under the following conditions: + +* The coins do not have sending enabled +* The `to` address is restricted + +### MsgMultiSend + +Send coins from one sender and to a series of different address. If any of the receiving addresses do not correspond to an existing account, a new account is created. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/tx.proto#L58-L69 +``` + +The message will fail under the following conditions: + +* Any of the coins do not have sending enabled +* Any of the `to` addresses are restricted +* Any of the coins are locked +* The inputs and outputs do not correctly correspond to one another + +### MsgUpdateParams + +The `bank` module params can be updated through `MsgUpdateParams`, which can be done using governance proposal. The signer will always be the `gov` module account address. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/tx.proto#L74-L88 +``` + +The message handling can fail if: + +* signer is not the gov module account address. + +### MsgSetSendEnabled + +Used with the x/gov module to set create/edit SendEnabled entries. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/bank/v1beta1/tx.proto#L96-L117 +``` + +The message will fail under the following conditions: + +* The authority is not a bech32 address. +* The authority is not x/gov module's address. +* There are multiple SendEnabled entries with the same Denom. +* One or more SendEnabled entries has an invalid Denom. + +## Events + +The bank module emits the following events: + +### Message Events + +#### MsgSend + +| Type | Attribute Key | Attribute Value | +| -------- | ------------- | ------------------ | +| transfer | recipient | `{recipientAddress}` | +| transfer | amount | `{amount}` | +| message | module | bank | +| message | action | send | +| message | sender | `{senderAddress}` | + +#### MsgMultiSend + +| Type | Attribute Key | Attribute Value | +| -------- | ------------- | ------------------ | +| transfer | recipient | `{recipientAddress}` | +| transfer | amount | `{amount}` | +| message | module | bank | +| message | action | multisend | +| message | sender | `{senderAddress}` | + +### Keeper Events + +In addition to message events, the bank keeper will produce events when the following methods are called (or any method which ends up calling them) + +#### MintCoins + +```json expandable +{ + "type": "coinbase", + "attributes": [ + { + "key": "minter", + "value": "{{sdk.AccAddress of the module minting coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being minted}}", + "index": true + } + ] +} +``` + +```json expandable +{ + "type": "coin_received", + "attributes": [ + { + "key": "receiver", + "value": "{{sdk.AccAddress of the module minting coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being received}}", + "index": true + } + ] +} +``` + +#### BurnCoins + +```json expandable +{ + "type": "burn", + "attributes": [ + { + "key": "burner", + "value": "{{sdk.AccAddress of the module burning coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being burned}}", + "index": true + } + ] +} +``` + +```json expandable +{ + "type": "coin_spent", + "attributes": [ + { + "key": "spender", + "value": "{{sdk.AccAddress of the module burning coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being burned}}", + "index": true + } + ] +} +``` + +#### addCoins + +```json expandable +{ + "type": "coin_received", + "attributes": [ + { + "key": "receiver", + "value": "{{sdk.AccAddress of the address beneficiary of the coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being received}}", + "index": true + } + ] +} +``` + +#### subUnlockedCoins/DelegateCoins + +```json expandable +{ + "type": "coin_spent", + "attributes": [ + { + "key": "spender", + "value": "{{sdk.AccAddress of the address which is spending coins}}", + "index": true + }, + { + "key": "amount", + "value": "{{sdk.Coins being spent}}", + "index": true + } + ] +} +``` + +## Parameters + +The bank module contains the following parameters + +### SendEnabled + +The SendEnabled parameter is now deprecated and not to be use. It is replaced +with state store records. + +### DefaultSendEnabled + +The default send enabled value controls send transfer capability for all +coin denominations unless specifically included in the array of `SendEnabled` +parameters. + +## Client + +### CLI + +A user can query and interact with the `bank` module using the CLI. + +#### Query + +The `query` commands allow users to query `bank` state. + +```shell +simd query bank --help +``` + +##### balances + +The `balances` command allows users to query account balances by address. + +```shell +simd query bank balances [address] [flags] +``` + +Example: + +```shell +simd query bank balances cosmos1.. +``` + +Example Output: + +```yml +balances: +- amount: "1000000000" + denom: stake +pagination: + next_key: null + total: "0" +``` + +##### denom-metadata + +The `denom-metadata` command allows users to query metadata for coin denominations. A user can query metadata for a single denomination using the `--denom` flag or all denominations without it. + +```shell +simd query bank denom-metadata [flags] +``` + +Example: + +```shell +simd query bank denom-metadata --denom stake +``` + +Example Output: + +```yml +metadata: + base: stake + denom_units: + - aliases: + - STAKE + denom: stake + description: native staking token of simulation app + display: stake + name: SimApp Token + symbol: STK +``` + +##### total + +The `total` command allows users to query the total supply of coins. A user can query the total supply for a single coin using the `--denom` flag or all coins without it. + +```shell +simd query bank total [flags] +``` + +Example: + +```shell +simd query bank total --denom stake +``` + +Example Output: + +```yml +amount: "10000000000" +denom: stake +``` + +##### send-enabled + +The `send-enabled` command allows users to query for all or some SendEnabled entries. + +```shell +simd query bank send-enabled [denom1 ...] [flags] +``` + +Example: + +```shell +simd query bank send-enabled +``` + +Example output: + +```yml +send_enabled: +- denom: foocoin + enabled: true +- denom: barcoin +pagination: + next-key: null + total: 2 +``` + +#### Transactions + +The `tx` commands allow users to interact with the `bank` module. + +```shell +simd tx bank --help +``` + +##### send + +The `send` command allows users to send funds from one account to another. + +```shell +simd tx bank send [from_key_or_address] [to_address] [amount] [flags] +``` + +Example: + +```shell +simd tx bank send cosmos1.. cosmos1.. 100stake +``` + +## gRPC + +A user can query the `bank` module using gRPC endpoints. + +### Balance + +The `Balance` endpoint allows users to query account balance by address for a given denomination. + +```shell +cosmos.bank.v1beta1.Query/Balance +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"address":"cosmos1..","denom":"stake"}' \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/Balance +``` + +Example Output: + +```json +{ + "balance": { + "denom": "stake", + "amount": "1000000000" + } +} +``` + +### AllBalances + +The `AllBalances` endpoint allows users to query account balance by address for all denominations. + +```shell +cosmos.bank.v1beta1.Query/AllBalances +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"address":"cosmos1.."}' \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/AllBalances +``` + +Example Output: + +```json expandable +{ + "balances": [ + { + "denom": "stake", + "amount": "1000000000" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### DenomMetadata + +The `DenomMetadata` endpoint allows users to query metadata for a single coin denomination. + +```shell +cosmos.bank.v1beta1.Query/DenomMetadata +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"denom":"stake"}' \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/DenomMetadata +``` + +Example Output: + +```json expandable +{ + "metadata": { + "description": "native staking token of simulation app", + "denomUnits": [ + { + "denom": "stake", + "aliases": [ + "STAKE" + ] + } + ], + "base": "stake", + "display": "stake", + "name": "SimApp Token", + "symbol": "STK" + } +} +``` + +### DenomsMetadata + +The `DenomsMetadata` endpoint allows users to query metadata for all coin denominations. + +```shell +cosmos.bank.v1beta1.Query/DenomsMetadata +``` + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/DenomsMetadata +``` + +Example Output: + +```json expandable +{ + "metadatas": [ + { + "description": "native staking token of simulation app", + "denomUnits": [ + { + "denom": "stake", + "aliases": [ + "STAKE" + ] + } + ], + "base": "stake", + "display": "stake", + "name": "SimApp Token", + "symbol": "STK" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### DenomOwners + +The `DenomOwners` endpoint allows users to query metadata for a single coin denomination. + +```shell +cosmos.bank.v1beta1.Query/DenomOwners +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"denom":"stake"}' \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/DenomOwners +``` + +Example Output: + +```json expandable +{ + "denomOwners": [ + { + "address": "cosmos1..", + "balance": { + "denom": "stake", + "amount": "5000000000" + } + +}, + { + "address": "cosmos1..", + "balance": { + "denom": "stake", + "amount": "5000000000" + } + +}, + ], + "pagination": { + "total": "2" + } +} +``` + +### TotalSupply + +The `TotalSupply` endpoint allows users to query the total supply of all coins. + +```shell +cosmos.bank.v1beta1.Query/TotalSupply +``` + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/TotalSupply +``` + +Example Output: + +```json expandable +{ + "supply": [ + { + "denom": "stake", + "amount": "10000000000" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### SupplyOf + +The `SupplyOf` endpoint allows users to query the total supply of a single coin. + +```shell +cosmos.bank.v1beta1.Query/SupplyOf +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"denom":"stake"}' \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/SupplyOf +``` + +Example Output: + +```json +{ + "amount": { + "denom": "stake", + "amount": "10000000000" + } +} +``` + +### Params + +The `Params` endpoint allows users to query the parameters of the `bank` module. + +```shell +cosmos.bank.v1beta1.Query/Params +``` + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/Params +``` + +Example Output: + +```json +{ + "params": { + "defaultSendEnabled": true + } +} +``` + +### SendEnabled + +The `SendEnabled` endpoints allows users to query the SendEnabled entries of the `bank` module. + +Any denominations NOT returned, use the `Params.DefaultSendEnabled` value. + +```shell +cosmos.bank.v1beta1.Query/SendEnabled +``` + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/SendEnabled +``` + +Example Output: + +```json expandable +{ + "send_enabled": [ + { + "denom": "foocoin", + "enabled": true + }, + { + "denom": "barcoin" + } + ], + "pagination": { + "next-key": null, + "total": 2 + } +} +``` diff --git a/docs/sdk/next/build/modules/circuit/README.mdx b/docs/sdk/next/build/modules/circuit/README.mdx new file mode 100644 index 00000000..4e58647a --- /dev/null +++ b/docs/sdk/next/build/modules/circuit/README.mdx @@ -0,0 +1,592 @@ +--- +title: '`x/circuit`' +--- +## Concepts + +Circuit Breaker is a module that is meant to avoid a chain needing to halt/shut down in the presence of a vulnerability, instead the module will allow specific messages or all messages to be disabled. When operating a chain, if it is app specific then a halt of the chain is less detrimental, but if there are applications built on top of the chain then halting is expensive due to the disturbance to applications. + +Circuit Breaker works with the idea that an address or set of addresses have the right to block messages from being executed and/or included in the mempool. Any address with a permission is able to reset the circuit breaker for the message. + +The transactions are checked and can be rejected at two points: + +* In `CircuitBreakerDecorator` [ante handler](https://docs.cosmos.network/main/learn/advanced/baseapp#antehandler): + +```go expandable +package ante + +import ( + + "context" + "github.com/cockroachdb/errors" + + sdk "github.com/cosmos/cosmos-sdk/types" +) + +// CircuitBreaker is an interface that defines the methods for a circuit breaker. +type CircuitBreaker interface { + IsAllowed(ctx context.Context, typeURL string) (bool, error) +} + +// CircuitBreakerDecorator is an AnteDecorator that checks if the transaction type is allowed to enter the mempool or be executed +type CircuitBreakerDecorator struct { + circuitKeeper CircuitBreaker +} + +func NewCircuitBreakerDecorator(ck CircuitBreaker) + +CircuitBreakerDecorator { + return CircuitBreakerDecorator{ + circuitKeeper: ck, +} +} + +func (cbd CircuitBreakerDecorator) + +AnteHandle(ctx sdk.Context, tx sdk.Tx, simulate bool, next sdk.AnteHandler) (sdk.Context, error) { + // loop through all the messages and check if the message type is allowed + for _, msg := range tx.GetMsgs() { + isAllowed, err := cbd.circuitKeeper.IsAllowed(ctx, sdk.MsgTypeURL(msg)) + if err != nil { + return ctx, err +} + if !isAllowed { + return ctx, errors.New("tx type not allowed") +} + +} + +return next(ctx, tx, simulate) +} +``` + +* With a [message router check](https://docs.cosmos.network/main/learn/advanced/baseapp#msg-service-router): + +```go expandable +package baseapp + +import ( + + "context" + "fmt" + + gogogrpc "github.com/cosmos/gogoproto/grpc" + "github.com/cosmos/gogoproto/proto" + "google.golang.org/grpc" + "google.golang.org/protobuf/runtime/protoiface" + + errorsmod "cosmossdk.io/errors" + "github.com/cosmos/cosmos-sdk/baseapp/internal/protocompat" + "github.com/cosmos/cosmos-sdk/codec" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" +) + +// MessageRouter ADR 031 request type routing +// https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-031-msg-service.md +type MessageRouter interface { + Handler(msg sdk.Msg) + +MsgServiceHandler + HandlerByTypeURL(typeURL string) + +MsgServiceHandler +} + +// MsgServiceRouter routes fully-qualified Msg service methods to their handler. +type MsgServiceRouter struct { + interfaceRegistry codectypes.InterfaceRegistry + routes map[string]MsgServiceHandler + hybridHandlers map[string]func(ctx context.Context, req, resp protoiface.MessageV1) + +error + circuitBreaker CircuitBreaker +} + +var _ gogogrpc.Server = &MsgServiceRouter{ +} + +// NewMsgServiceRouter creates a new MsgServiceRouter. +func NewMsgServiceRouter() *MsgServiceRouter { + return &MsgServiceRouter{ + routes: map[string]MsgServiceHandler{ +}, + hybridHandlers: map[string]func(ctx context.Context, req, resp protoiface.MessageV1) + +error{ +}, +} +} + +func (msr *MsgServiceRouter) + +SetCircuit(cb CircuitBreaker) { + msr.circuitBreaker = cb +} + +// MsgServiceHandler defines a function type which handles Msg service message. +type MsgServiceHandler = func(ctx sdk.Context, req sdk.Msg) (*sdk.Result, error) + +// Handler returns the MsgServiceHandler for a given msg or nil if not found. +func (msr *MsgServiceRouter) + +Handler(msg sdk.Msg) + +MsgServiceHandler { + return msr.routes[sdk.MsgTypeURL(msg)] +} + +// HandlerByTypeURL returns the MsgServiceHandler for a given query route path or nil +// if not found. +func (msr *MsgServiceRouter) + +HandlerByTypeURL(typeURL string) + +MsgServiceHandler { + return msr.routes[typeURL] +} + +// RegisterService implements the gRPC Server.RegisterService method. sd is a gRPC +// service description, handler is an object which implements that gRPC service. +// +// This function PANICs: +// - if it is called before the service `Msg`s have been registered using +// RegisterInterfaces, +// - or if a service is being registered twice. +func (msr *MsgServiceRouter) + +RegisterService(sd *grpc.ServiceDesc, handler interface{ +}) { + // Adds a top-level query handler based on the gRPC service name. + for _, method := range sd.Methods { + err := msr.registerMsgServiceHandler(sd, method, handler) + if err != nil { + panic(err) +} + +err = msr.registerHybridHandler(sd, method, handler) + if err != nil { + panic(err) +} + +} +} + +func (msr *MsgServiceRouter) + +HybridHandlerByMsgName(msgName string) + +func(ctx context.Context, req, resp protoiface.MessageV1) + +error { + return msr.hybridHandlers[msgName] +} + +func (msr *MsgServiceRouter) + +registerHybridHandler(sd *grpc.ServiceDesc, method grpc.MethodDesc, handler interface{ +}) + +error { + inputName, err := protocompat.RequestFullNameFromMethodDesc(sd, method) + if err != nil { + return err +} + cdc := codec.NewProtoCodec(msr.interfaceRegistry) + +hybridHandler, err := protocompat.MakeHybridHandler(cdc, sd, method, handler) + if err != nil { + return err +} + // if circuit breaker is not nil, then we decorate the hybrid handler with the circuit breaker + if msr.circuitBreaker == nil { + msr.hybridHandlers[string(inputName)] = hybridHandler + return nil +} + // decorate the hybrid handler with the circuit breaker + circuitBreakerHybridHandler := func(ctx context.Context, req, resp protoiface.MessageV1) + +error { + messageName := codectypes.MsgTypeURL(req) + +allowed, err := msr.circuitBreaker.IsAllowed(ctx, messageName) + if err != nil { + return err +} + if !allowed { + return fmt.Errorf("circuit breaker disallows execution of message %s", messageName) +} + +return hybridHandler(ctx, req, resp) +} + +msr.hybridHandlers[string(inputName)] = circuitBreakerHybridHandler + return nil +} + +func (msr *MsgServiceRouter) + +registerMsgServiceHandler(sd *grpc.ServiceDesc, method grpc.MethodDesc, handler interface{ +}) + +error { + fqMethod := fmt.Sprintf("/%s/%s", sd.ServiceName, method.MethodName) + methodHandler := method.Handler + + var requestTypeName string + + // NOTE: This is how we pull the concrete request type for each handler for registering in the InterfaceRegistry. + // This approach is maybe a bit hacky, but less hacky than reflecting on the handler object itself. + // We use a no-op interceptor to avoid actually calling into the handler itself. + _, _ = methodHandler(nil, context.Background(), func(i interface{ +}) + +error { + msg, ok := i.(sdk.Msg) + if !ok { + // We panic here because there is no other alternative and the app cannot be initialized correctly + // this should only happen if there is a problem with code generation in which case the app won't + // work correctly anyway. + panic(fmt.Errorf("unable to register service method %s: %T does not implement sdk.Msg", fqMethod, i)) +} + +requestTypeName = sdk.MsgTypeURL(msg) + +return nil +}, noopInterceptor) + + // Check that the service Msg fully-qualified method name has already + // been registered (via RegisterInterfaces). If the user registers a + // service without registering according service Msg type, there might be + // some unexpected behavior down the road. Since we can't return an error + // (`Server.RegisterService` interface restriction) + +we panic (at startup). + reqType, err := msr.interfaceRegistry.Resolve(requestTypeName) + if err != nil || reqType == nil { + return fmt.Errorf( + "type_url %s has not been registered yet. "+ + "Before calling RegisterService, you must register all interfaces by calling the `RegisterInterfaces` "+ + "method on module.BasicManager. Each module should call `msgservice.RegisterMsgServiceDesc` inside its "+ + "`RegisterInterfaces` method with the `_Msg_serviceDesc` generated by proto-gen", + requestTypeName, + ) +} + + // Check that each service is only registered once. If a service is + // registered more than once, then we should error. Since we can't + // return an error (`Server.RegisterService` interface restriction) + +we + // panic (at startup). + _, found := msr.routes[requestTypeName] + if found { + return fmt.Errorf( + "msg service %s has already been registered. Please make sure to only register each service once. "+ + "This usually means that there are conflicting modules registering the same msg service", + fqMethod, + ) +} + +msr.routes[requestTypeName] = func(ctx sdk.Context, msg sdk.Msg) (*sdk.Result, error) { + ctx = ctx.WithEventManager(sdk.NewEventManager()) + interceptor := func(goCtx context.Context, _ interface{ +}, _ *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{ +}, error) { + goCtx = context.WithValue(goCtx, sdk.SdkContextKey, ctx) + +return handler(goCtx, msg) +} + if m, ok := msg.(sdk.HasValidateBasic); ok { + if err := m.ValidateBasic(); err != nil { + return nil, err +} + +} + if msr.circuitBreaker != nil { + msgURL := sdk.MsgTypeURL(msg) + +isAllowed, err := msr.circuitBreaker.IsAllowed(ctx, msgURL) + if err != nil { + return nil, err +} + if !isAllowed { + return nil, fmt.Errorf("circuit breaker disables execution of this message: %s", msgURL) +} + +} + + // Call the method handler from the service description with the handler object. + // We don't do any decoding here because the decoding was already done. + res, err := methodHandler(handler, ctx, noopDecoder, interceptor) + if err != nil { + return nil, err +} + +resMsg, ok := res.(proto.Message) + if !ok { + return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidType, "Expecting proto.Message, got %T", resMsg) +} + +return sdk.WrapServiceResult(ctx, resMsg, err) +} + +return nil +} + +// SetInterfaceRegistry sets the interface registry for the router. +func (msr *MsgServiceRouter) + +SetInterfaceRegistry(interfaceRegistry codectypes.InterfaceRegistry) { + msr.interfaceRegistry = interfaceRegistry +} + +func noopDecoder(_ interface{ +}) + +error { + return nil +} + +func noopInterceptor(_ context.Context, _ interface{ +}, _ *grpc.UnaryServerInfo, _ grpc.UnaryHandler) (interface{ +}, error) { + return nil, nil +} +``` + + +The `CircuitBreakerDecorator` works for most use cases, but [does not check the inner messages of a transaction](https://docs.cosmos.network/main/learn/beginner/tx-lifecycle#antehandler). This means some transactions (such as `x/authz` transactions or some `x/gov` transactions) may pass the ante handler. **This does not affect the circuit breaker** as the message router check will still fail the transaction. +This tradeoff is to avoid introducing more dependencies in the `x/circuit` module. Chains can re-define the `CircuitBreakerDecorator` to check for inner messages if they wish to do so. + + +## State + +### Accounts + +* AccountPermissions `0x1 | account_address -> ProtocolBuffer(CircuitBreakerPermissions)` + +```go expandable +type level int32 + +const ( + // LEVEL_NONE_UNSPECIFIED indicates that the account will have no circuit + // breaker permissions. + LEVEL_NONE_UNSPECIFIED = iota + // LEVEL_SOME_MSGS indicates that the account will have permission to + // trip or reset the circuit breaker for some Msg type URLs. If this level + // is chosen, a non-empty list of Msg type URLs must be provided in + // limit_type_urls. + LEVEL_SOME_MSGS + // LEVEL_ALL_MSGS indicates that the account can trip or reset the circuit + // breaker for Msg's of all type URLs. + LEVEL_ALL_MSGS + // LEVEL_SUPER_ADMIN indicates that the account can take all circuit breaker + // actions and can grant permissions to other accounts. + LEVEL_SUPER_ADMIN +) + +type Access struct { + level int32 + msgs []string // if full permission, msgs can be empty +} +``` + +### Disable List + +List of type urls that are disabled. + +* DisableList `0x2 | msg_type_url -> []byte{}` {/* - should this be stored in json to skip encoding and decoding each block, does it matter? */} + +## State Transitions + +### Authorize + +Authorize, is called by the module authority (default governance module account) or any account with `LEVEL_SUPER_ADMIN` to give permission to disable/enable messages to another account. There are three levels of permissions that can be granted. `LEVEL_SOME_MSGS` limits the number of messages that can be disabled. `LEVEL_ALL_MSGS` permits all messages to be disabled. `LEVEL_SUPER_ADMIN` allows an account to take all circuit breaker actions including authorizing and deauthorizing other accounts. + +```protobuf + // AuthorizeCircuitBreaker allows a super-admin to grant (or revoke) another + // account's circuit breaker permissions. + rpc AuthorizeCircuitBreaker(MsgAuthorizeCircuitBreaker) returns (MsgAuthorizeCircuitBreakerResponse); +``` + +### Trip + +Trip, is called by an authorized account to disable message execution for a specific msgURL. If empty, all the msgs will be disabled. + +```protobuf + // TripCircuitBreaker pauses processing of Msg's in the state machine. + rpc TripCircuitBreaker(MsgTripCircuitBreaker) returns (MsgTripCircuitBreakerResponse); +``` + +### Reset + +Reset is called by an authorized account to enable execution for a specific msgURL of previously disabled message. If empty, all the disabled messages will be enabled. + +```protobuf + // ResetCircuitBreaker resumes processing of Msg's in the state machine that + // have been paused using TripCircuitBreaker. + rpc ResetCircuitBreaker(MsgResetCircuitBreaker) returns (MsgResetCircuitBreakerResponse); +``` + +## Messages + +### MsgAuthorizeCircuitBreaker + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/main/proto/cosmos/circuit/v1/tx.proto#L25-L75 +``` + +This message is expected to fail if: + +* the granter is not an account with permission level `LEVEL_SUPER_ADMIN` or the module authority + +### MsgTripCircuitBreaker + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/main/proto/cosmos/circuit/v1/tx.proto#L77-L93 +``` + +This message is expected to fail if: + +* if the signer does not have a permission level with the ability to disable the specified type url message + +### MsgResetCircuitBreaker + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/main/proto/cosmos/circuit/v1/tx.proto#L95-109 +``` + +This message is expected to fail if: + +* if the type url is not disabled + +## Events - list and describe event tags + +The circuit module emits the following events: + +### Message Events + +#### MsgAuthorizeCircuitBreaker + +| Type | Attribute Key | Attribute Value | +| ------- | ------------- | --------------------------- | +| string | granter | `{granterAddress}` | +| string | grantee | `{granteeAddress}` | +| string | permission | `{granteePermissions}` | +| message | module | circuit | +| message | action | authorize\_circuit\_breaker | + +#### MsgTripCircuitBreaker + +| Type | Attribute Key | Attribute Value | +| --------- | ------------- | ---------------------- | +| string | authority | `{authorityAddress}` | +| \[]string | msg\_urls | \[]string`{msg\_urls}` | +| message | module | circuit | +| message | action | trip\_circuit\_breaker | + +#### ResetCircuitBreaker + +| Type | Attribute Key | Attribute Value | +| --------- | ------------- | ----------------------- | +| string | authority | `{authorityAddress}` | +| \[]string | msg\_urls | \[]string`{msg\_urls}` | +| message | module | circuit | +| message | action | reset\_circuit\_breaker | + +## Keys - list of key prefixes used by the circuit module + +* `AccountPermissionPrefix` - `0x01` +* `DisableListPrefix` - `0x02` + +## Client - list and describe CLI commands and gRPC and REST endpoints + +## Examples: Using Circuit Breaker CLI Commands + +This section provides practical examples for using the Circuit Breaker module through the command-line interface (CLI). These examples demonstrate how to authorize accounts, disable (trip) specific message types, and re-enable (reset) them when needed. + +### Querying Circuit Breaker Permissions + +Check an account's current circuit breaker permissions: + +```bash +# Query permissions for a specific account + query circuit account-permissions + +# Example: +simd query circuit account-permissions cosmos1... +``` + +Check which message types are currently disabled: + +```bash +# Query all disabled message types + query circuit disabled-list + +# Example: +simd query circuit disabled-list +``` + +### Authorizing an Account as Circuit Breaker + +Only a super-admin or the module authority (typically the governance module account) can grant circuit breaker permissions to other accounts: + +```bash +# Grant LEVEL_ALL_MSGS permission (can disable any message type) + tx circuit authorize --level=ALL_MSGS --from= --gas=auto --gas-adjustment=1.5 + +# Grant LEVEL_SOME_MSGS permission (can only disable specific message types) + tx circuit authorize --level=SOME_MSGS --limit-type-urls="/cosmos.bank.v1beta1.MsgSend,/cosmos.staking.v1beta1.MsgDelegate" --from= --gas=auto --gas-adjustment=1.5 + +# Grant LEVEL_SUPER_ADMIN permission (can disable messages and authorize other accounts) + tx circuit authorize --level=SUPER_ADMIN --from= --gas=auto --gas-adjustment=1.5 +``` + +### Disabling Message Processing (Trip) + +Disable specific message types to prevent their execution (requires authorization): + +```bash +# Disable a single message type + tx circuit trip --type-urls="/cosmos.bank.v1beta1.MsgSend" --from= --gas=auto --gas-adjustment=1.5 + +# Disable multiple message types + tx circuit trip --type-urls="/cosmos.bank.v1beta1.MsgSend,/cosmos.staking.v1beta1.MsgDelegate" --from= --gas=auto --gas-adjustment=1.5 + +# Disable all message types (emergency measure) + tx circuit trip --from= --gas=auto --gas-adjustment=1.5 +``` + +### Re-enabling Message Processing (Reset) + +Re-enable previously disabled message types (requires authorization): + +```bash +# Re-enable a single message type + tx circuit reset --type-urls="/cosmos.bank.v1beta1.MsgSend" --from= --gas=auto --gas-adjustment=1.5 + +# Re-enable multiple message types + tx circuit reset --type-urls="/cosmos.bank.v1beta1.MsgSend,/cosmos.staking.v1beta1.MsgDelegate" --from= --gas=auto --gas-adjustment=1.5 + +# Re-enable all disabled message types + tx circuit reset --from= --gas=auto --gas-adjustment=1.5 +``` + +### Usage in Emergency Scenarios + +In case of a critical vulnerability in a specific message type: + +1. Quickly disable the vulnerable message type: + + ```bash + tx circuit trip --type-urls="/cosmos.vulnerable.v1beta1.MsgVulnerable" --from= --gas=auto --gas-adjustment=1.5 + ``` + +2. After a fix is deployed, re-enable the message type: + + ```bash + tx circuit reset --type-urls="/cosmos.vulnerable.v1beta1.MsgVulnerable" --from= --gas=auto --gas-adjustment=1.5 + ``` + +This allows chains to surgically disable problematic functionality without halting the entire chain, providing time for developers to implement and deploy fixes. diff --git a/docs/sdk/next/build/modules/consensus/README.mdx b/docs/sdk/next/build/modules/consensus/README.mdx new file mode 100644 index 00000000..e01dee71 --- /dev/null +++ b/docs/sdk/next/build/modules/consensus/README.mdx @@ -0,0 +1,5 @@ +--- +title: '`x/consensus`' +description: Functionality to modify CometBFT's ABCI consensus params. +--- +Functionality to modify CometBFT's ABCI consensus params. diff --git a/docs/sdk/next/build/modules/crisis/README.mdx b/docs/sdk/next/build/modules/crisis/README.mdx new file mode 100644 index 00000000..9df4bb4f --- /dev/null +++ b/docs/sdk/next/build/modules/crisis/README.mdx @@ -0,0 +1,112 @@ +--- +title: '`x/crisis`' +description: >- + NOTE: x/crisis is deprecated as of Cosmos SDK v0.53 and will be removed in the + next release. +--- +NOTE: `x/crisis` is deprecated as of Cosmos SDK v0.53 and will be removed in the next release. + +## Overview + +The crisis module halts the blockchain under the circumstance that a blockchain +invariant is broken. Invariants can be registered with the application during the +application initialization process. + +## Contents + +* [State](#state) +* [Messages](#messages) +* [Events](#events) +* [Parameters](#parameters) +* [Client](#client) + * [CLI](#cli) + +## State + +### ConstantFee + +Due to the anticipated large gas cost requirement to verify an invariant (and +potential to exceed the maximum allowable block gas limit) a constant fee is +used instead of the standard gas consumption method. The constant fee is +intended to be larger than the anticipated gas cost of running the invariant +with the standard gas consumption method. + +The ConstantFee param is stored in the module params state with the prefix of `0x01`, +it can be updated with governance or the address with authority. + +* Params: `mint/params -> legacy_amino(sdk.Coin)` + +## Messages + +In this section we describe the processing of the crisis messages and the +corresponding updates to the state. + +### MsgVerifyInvariant + +Blockchain invariants can be checked using the `MsgVerifyInvariant` message. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/crisis/v1beta1/tx.proto#L26-L42 +``` + +This message is expected to fail if: + +* the sender does not have enough coins for the constant fee +* the invariant route is not registered + +This message checks the invariant provided, and if the invariant is broken it +panics, halting the blockchain. If the invariant is broken, the constant fee is +never deducted as the transaction is never committed to a block (equivalent to +being refunded). However, if the invariant is not broken, the constant fee will +not be refunded. + +## Events + +The crisis module emits the following events: + +### Handlers + +#### MsgVerifyInvariant + +| Type | Attribute Key | Attribute Value | +| --------- | ------------- | ----------------- | +| invariant | route | `{invariantRoute}` | +| message | module | crisis | +| message | action | verify\_invariant | +| message | sender | `{senderAddress}` | + +## Parameters + +The crisis module contains the following parameters: + +| Key | Type | Example | +| ----------- | ------------- | --------------------------------- | +| ConstantFee | object (coin) | `{"denom":"uatom","amount":"1000"}` | + +## Client + +### CLI + +A user can query and interact with the `crisis` module using the CLI. + +#### Transactions + +The `tx` commands allow users to interact with the `crisis` module. + +```bash +simd tx crisis --help +``` + +##### invariant-broken + +The `invariant-broken` command submits proof when an invariant was broken to halt the chain + +```bash +simd tx crisis invariant-broken [module-name] [invariant-route] [flags] +``` + +Example: + +```bash +simd tx crisis invariant-broken bank total-supply --from=[keyname or address] +``` diff --git a/docs/sdk/next/build/modules/distribution/README.mdx b/docs/sdk/next/build/modules/distribution/README.mdx new file mode 100644 index 00000000..7bf29f9e --- /dev/null +++ b/docs/sdk/next/build/modules/distribution/README.mdx @@ -0,0 +1,1148 @@ +--- +title: '`x/distribution`' +--- +## Overview + +This *simple* distribution mechanism describes a functional way to passively +distribute rewards between validators and delegators. Note that this mechanism does +not distribute funds in as precisely as active reward distribution mechanisms and +will therefore be upgraded in the future. + +The mechanism operates as follows. Collected rewards are pooled globally and +divided out passively to validators and delegators. Each validator has the +opportunity to charge commission to the delegators on the rewards collected on +behalf of the delegators. Fees are collected directly into a global reward pool +and validator proposer-reward pool. Due to the nature of passive accounting, +whenever changes to parameters which affect the rate of reward distribution +occurs, withdrawal of rewards must also occur. + +* Whenever withdrawing, one must withdraw the maximum amount they are entitled + to, leaving nothing in the pool. +* Whenever bonding, unbonding, or re-delegating tokens to an existing account, a + full withdrawal of the rewards must occur (as the rules for lazy accounting + change). +* Whenever a validator chooses to change the commission on rewards, all accumulated + commission rewards must be simultaneously withdrawn. + +The above scenarios are covered in `hooks.md`. + +The distribution mechanism outlined herein is used to lazily distribute the +following rewards between validators and associated delegators: + +* multi-token fees to be socially distributed +* inflated staked asset provisions +* validator commission on all rewards earned by their delegators stake + +Fees are pooled within a global pool. The mechanisms used allow for validators +and delegators to independently and lazily withdraw their rewards. + +## Shortcomings + +As a part of the lazy computations, each delegator holds an accumulation term +specific to each validator which is used to estimate what their approximate +fair portion of tokens held in the global fee pool is owed to them. + +```text +entitlement = delegator-accumulation / all-delegators-accumulation +``` + +Under the circumstance that there was constant and equal flow of incoming +reward tokens every block, this distribution mechanism would be equal to the +active distribution (distribute individually to all delegators each block). +However, this is unrealistic so deviations from the active distribution will +occur based on fluctuations of incoming reward tokens as well as timing of +reward withdrawal by other delegators. + +If you happen to know that incoming rewards are about to significantly increase, +you are incentivized to not withdraw until after this event, increasing the +worth of your existing *accum*. See [#2764](https://github.com/cosmos/cosmos-sdk/issues/2764) +for further details. + +## Effect on Staking + +Charging commission on Atom provisions while also allowing for Atom-provisions +to be auto-bonded (distributed directly to the validators bonded stake) is +problematic within BPoS. Fundamentally, these two mechanisms are mutually +exclusive. If both commission and auto-bonding mechanisms are simultaneously +applied to the staking-token then the distribution of staking-tokens between +any validator and its delegators will change with each block. This then +necessitates a calculation for each delegation records for each block - +which is considered computationally expensive. + +In conclusion, we can only have Atom commission and unbonded atoms +provisions or bonded atom provisions with no Atom commission, and we elect to +implement the former. Stakeholders wishing to rebond their provisions may elect +to set up a script to periodically withdraw and rebond rewards. + +## Contents + +* [Concepts](#concepts) +* [State](#state) + * [FeePool](#feepool) + * [Validator Distribution](#validator-distribution) + * [Delegation Distribution](#delegation-distribution) + * [Params](#params) +* [Begin Block](#begin-block) +* [Messages](#messages) +* [Hooks](#hooks) +* [Events](#events) +* [Parameters](#parameters) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + +## Concepts + +In Proof of Stake (PoS) blockchains, rewards gained from transaction fees are paid to validators. The fee distribution module fairly distributes the rewards to the validators' constituent delegators. + +Rewards are calculated per period. The period is updated each time a validator's delegation changes, for example, when the validator receives a new delegation. +The rewards for a single validator can then be calculated by taking the total rewards for the period before the delegation started, minus the current total rewards. +To learn more, see the [F1 Fee Distribution paper](https://github.com/cosmos/cosmos-sdk/tree/main/docs/spec/fee_distribution/f1_fee_distr.pdf). + +The commission to the validator is paid when the validator is removed or when the validator requests a withdrawal. +The commission is calculated and incremented at every `BeginBlock` operation to update accumulated fee amounts. + +The rewards to a delegator are distributed when the delegation is changed or removed, or a withdrawal is requested. +Before rewards are distributed, all slashes to the validator that occurred during the current delegation are applied. + +### Reference Counting in F1 Fee Distribution + +In F1 fee distribution, the rewards a delegator receives are calculated when their delegation is withdrawn. This calculation must read the terms of the summation of rewards divided by the share of tokens from the period which they ended when they delegated, and the final period that was created for the withdrawal. + +Additionally, as slashes change the amount of tokens a delegation will have (but we calculate this lazily, +only when a delegator un-delegates), we must calculate rewards in separate periods before / after any slashes +which occurred in between when a delegator delegated and when they withdrew their rewards. Thus slashes, like +delegations, reference the period which was ended by the slash event. + +All stored historical rewards records for periods which are no longer referenced by any delegations +or any slashes can thus be safely removed, as they will never be read (future delegations and future +slashes will always reference future periods). This is implemented by tracking a `ReferenceCount` +along with each historical reward storage entry. Each time a new object (delegation or slash) +is created which might need to reference the historical record, the reference count is incremented. +Each time one object which previously needed to reference the historical record is deleted, the reference +count is decremented. If the reference count hits zero, the historical record is deleted. + +### External Community Pool Keepers + +An external pool community keeper is defined as: + +```go expandable +// ExternalCommunityPoolKeeper is the interface that an external community pool module keeper must fulfill +// for x/distribution to properly accept it as a community pool fund destination. +type ExternalCommunityPoolKeeper interface { + // GetCommunityPoolModule gets the module name that funds should be sent to for the community pool. + // This is the address that x/distribution will send funds to for external management. + GetCommunityPoolModule() + +string + // FundCommunityPool allows an account to directly fund the community fund pool. + FundCommunityPool(ctx sdk.Context, amount sdk.Coins, senderAddr sdk.AccAddress) + +error + // DistributeFromCommunityPool distributes funds from the community pool module account to + // a receiver address. + DistributeFromCommunityPool(ctx sdk.Context, amount sdk.Coins, receiveAddr sdk.AccAddress) + +error +} +``` + +By default, the distribution module will use a community pool implementation that is internal. An external community pool +can be provided to the module which will have funds be diverted to it instead of the internal implementation. The reference +external community pool maintained by the Cosmos SDK is [`x/protocolpool`](/docs/sdk/vnext/build/modules/protocolpool/README). + +## State + +### FeePool + +All globally tracked parameters for distribution are stored within +`FeePool`. Rewards are collected and added to the reward pool and +distributed to validators/delegators from here. + +Note that the reward pool holds decimal coins (`DecCoins`) to allow +for fractions of coins to be received from operations like inflation. +When coins are distributed from the pool they are truncated back to +`sdk.Coins` which are non-decimal. + +* FeePool: `0x00 -> ProtocolBuffer(FeePool)` + +```go +// coins with decimal +type DecCoins []DecCoin + +type DecCoin struct { + Amount math.LegacyDec + Denom string +} +``` + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/distribution/v1beta1/distribution.proto#L116-L123 +``` + +### Validator Distribution + +Validator distribution information for the relevant validator is updated each time: + +1. delegation amount to a validator is updated, +2. any delegator withdraws from a validator, or +3. the validator withdraws its commission. + +* ValidatorDistInfo: `0x02 | ValOperatorAddrLen (1 byte) | ValOperatorAddr -> ProtocolBuffer(validatorDistribution)` + +```go +type ValidatorDistInfo struct { + OperatorAddress sdk.AccAddress + SelfBondRewards sdkmath.DecCoins + ValidatorCommission types.ValidatorAccumulatedCommission +} +``` + +### Delegation Distribution + +Each delegation distribution only needs to record the height at which it last +withdrew fees. Because a delegation must withdraw fees each time it's +properties change (aka bonded tokens etc.) its properties will remain constant +and the delegator's *accumulation* factor can be calculated passively knowing +only the height of the last withdrawal and its current properties. + +* DelegationDistInfo: `0x02 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValOperatorAddrLen (1 byte) | ValOperatorAddr -> ProtocolBuffer(delegatorDist)` + +```go +type DelegationDistInfo struct { + WithdrawalHeight int64 // last time this delegation withdrew rewards +} +``` + +### Params + +The distribution module stores it's params in state with the prefix of `0x09`, +it can be updated with governance or the address with authority. + +* Params: `0x09 | ProtocolBuffer(Params)` + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/distribution/v1beta1/distribution.proto#L12-L42 +``` + +## Begin Block + +At each `BeginBlock`, all fees received in the previous block are transferred to +the distribution `ModuleAccount` account. When a delegator or validator +withdraws their rewards, they are taken out of the `ModuleAccount`. During begin +block, the different claims on the fees collected are updated as follows: + +* The reserve community tax is charged. +* The remainder is distributed proportionally by voting power to all bonded validators + +### The Distribution Scheme + +See [params](#params) for description of parameters. + +Let `fees` be the total fees collected in the previous block, including +inflationary rewards to the stake. All fees are collected in a specific module +account during the block. During `BeginBlock`, they are sent to the +`"distribution"` `ModuleAccount`. No other sending of tokens occurs. Instead, the +rewards each account is entitled to are stored, and withdrawals can be triggered +through the messages `FundCommunityPool`, `WithdrawValidatorCommission` and +`WithdrawDelegatorReward`. + +#### Reward to the Community Pool + +The community pool gets `community_tax * fees`, plus any remaining dust after +validators get their rewards that are always rounded down to the nearest +integer value. + +#### Using an External Community Pool + +Starting with Cosmos SDK v0.53.0, an external community pool, such as `x/protocolpool`, can be used in place of the `x/distribution` managed community pool. + +Please view the warning in the next section before deciding to use an external community pool. + +```go expandable +// ExternalCommunityPoolKeeper is the interface that an external community pool module keeper must fulfill +// for x/distribution to properly accept it as a community pool fund destination. +type ExternalCommunityPoolKeeper interface { + // GetCommunityPoolModule gets the module name that funds should be sent to for the community pool. + // This is the address that x/distribution will send funds to for external management. + GetCommunityPoolModule() + +string + // FundCommunityPool allows an account to directly fund the community fund pool. + FundCommunityPool(ctx sdk.Context, amount sdk.Coins, senderAddr sdk.AccAddress) + +error + // DistributeFromCommunityPool distributes funds from the community pool module account to + // a receiver address. + DistributeFromCommunityPool(ctx sdk.Context, amount sdk.Coins, receiveAddr sdk.AccAddress) + +error +} +``` + +```go +app.DistrKeeper = distrkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[distrtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + app.StakingKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + distrkeeper.WithExternalCommunityPool(app.ProtocolPoolKeeper), // New option. +) +``` + +#### External Community Pool Usage Warning + +When using an external community pool with `x/distribution`, the following handlers will return an error: + +**QueryService** + +* `CommunityPool` + +**MsgService** + +* `CommunityPoolSpend` +* `FundCommunityPool` + +If you have services that rely on this functionality from `x/distribution`, please update them to use the `x/protocolpool` equivalents. + +#### Reward To the Validators + +The proposer receives no extra rewards. All fees are distributed among all the +bonded validators, including the proposer, in proportion to their consensus power. + +```text +powFrac = validator power / total bonded validator power +voteMul = 1 - community_tax +``` + +All validators receive `fees * voteMul * powFrac`. + +#### Rewards to Delegators + +Each validator's rewards are distributed to its delegators. The validator also +has a self-delegation that is treated like a regular delegation in +distribution calculations. + +The validator sets a commission rate. The commission rate is flexible, but each +validator sets a maximum rate and a maximum daily increase. These maximums cannot be exceeded and protect delegators from sudden increases of validator commission rates to prevent validators from taking all of the rewards. + +The outstanding rewards that the operator is entitled to are stored in +`ValidatorAccumulatedCommission`, while the rewards the delegators are entitled +to are stored in `ValidatorCurrentRewards`. The [F1 fee distribution scheme](#concepts) is used to calculate the rewards per delegator as they +withdraw or update their delegation, and is thus not handled in `BeginBlock`. + +#### Example Distribution + +For this example distribution, the underlying consensus engine selects block proposers in +proportion to their power relative to the entire bonded power. + +All validators are equally performant at including pre-commits in their proposed +blocks. Then hold `(pre_commits included) / (total bonded validator power)` +constant so that the amortized block reward for the validator is `( validator power / total bonded power) * (1 - community tax rate)` of +the total rewards. Consequently, the reward for a single delegator is: + +```text +(delegator proportion of the validator power / validator power) * (validator power / total bonded power) + * (1 - community tax rate) * (1 - validator commission rate) += (delegator proportion of the validator power / total bonded power) * (1 - +community tax rate) * (1 - validator commission rate) +``` + +## Messages + +### MsgSetWithdrawAddress + +By default, the withdraw address is the delegator address. To change its withdraw address, a delegator must send a `MsgSetWithdrawAddress` message. +Changing the withdraw address is possible only if the parameter `WithdrawAddrEnabled` is set to `true`. + +The withdraw address cannot be any of the module accounts. These accounts are blocked from being withdraw addresses by being added to the distribution keeper's `blockedAddrs` array at initialization. + +Response: + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/distribution/v1beta1/tx.proto#L49-L60 +``` + +```go +func (k Keeper) + +SetWithdrawAddr(ctx context.Context, delegatorAddr sdk.AccAddress, withdrawAddr sdk.AccAddress) + +error + if k.blockedAddrs[withdrawAddr.String()] { + fail with "`{ + withdrawAddr +}` is not allowed to receive external funds" +} + if !k.GetWithdrawAddrEnabled(ctx) { + fail with `ErrSetWithdrawAddrDisabled` +} + +k.SetDelegatorWithdrawAddr(ctx, delegatorAddr, withdrawAddr) +``` + +### MsgWithdrawDelegatorReward + +A delegator can withdraw its rewards. +Internally in the distribution module, this transaction simultaneously removes the previous delegation with associated rewards, the same as if the delegator simply started a new delegation of the same value. +The rewards are sent immediately from the distribution `ModuleAccount` to the withdraw address. +Any remainder (truncated decimals) are sent to the community pool. +The starting height of the delegation is set to the current validator period, and the reference count for the previous period is decremented. +The amount withdrawn is deducted from the `ValidatorOutstandingRewards` variable for the validator. + +In the F1 distribution, the total rewards are calculated per validator period, and a delegator receives a piece of those rewards in proportion to their stake in the validator. +In basic F1, the total rewards that all the delegators are entitled to between to periods is calculated the following way. +Let `R(X)` be the total accumulated rewards up to period `X` divided by the tokens staked at that time. The delegator allocation is `R(X) * delegator_stake`. +Then the rewards for all the delegators for staking between periods `A` and `B` are `(R(B) - R(A)) * total stake`. +However, these calculated rewards don't account for slashing. + +Taking the slashes into account requires iteration. +Let `F(X)` be the fraction a validator is to be slashed for a slashing event that happened at period `X`. +If the validator was slashed at periods `P1, ..., PN`, where `A < P1`, `PN < B`, the distribution module calculates the individual delegator's rewards, `T(A, B)`, as follows: + +```go +stake := initial stake + rewards := 0 + previous := A + for P in P1, ..., PN`: + rewards = (R(P) - previous) * stake + stake = stake * F(P) + +previous = P +rewards = rewards + (R(B) - R(PN)) * stake +``` + +The historical rewards are calculated retroactively by playing back all the slashes and then attenuating the delegator's stake at each step. +The final calculated stake is equivalent to the actual staked coins in the delegation with a margin of error due to rounding errors. + +Response: + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/distribution/v1beta1/tx.proto#L66-L77 +``` + +### WithdrawValidatorCommission + +The validator can send the WithdrawValidatorCommission message to withdraw their accumulated commission. +The commission is calculated in every block during `BeginBlock`, so no iteration is required to withdraw. +The amount withdrawn is deducted from the `ValidatorOutstandingRewards` variable for the validator. +Only integer amounts can be sent. If the accumulated awards have decimals, the amount is truncated before the withdrawal is sent, and the remainder is left to be withdrawn later. + +### FundCommunityPool + + + +This handler will return an error if an `ExternalCommunityPool` is used. + + + +This message sends coins directly from the sender to the community pool. + +The transaction fails if the amount cannot be transferred from the sender to the distribution module account. + +```go expandable +func (k Keeper) + +FundCommunityPool(ctx context.Context, amount sdk.Coins, sender sdk.AccAddress) + +error { + if err := k.bankKeeper.SendCoinsFromAccountToModule(ctx, sender, types.ModuleName, amount); err != nil { + return err +} + +feePool, err := k.FeePool.Get(ctx) + if err != nil { + return err +} + +feePool.CommunityPool = feePool.CommunityPool.Add(sdk.NewDecCoinsFromCoins(amount...)...) + if err := k.FeePool.Set(ctx, feePool); err != nil { + return err +} + +return nil +} +``` + +### Common distribution operations + +These operations take place during many different messages. + +#### Initialize delegation + +Each time a delegation is changed, the rewards are withdrawn and the delegation is reinitialized. +Initializing a delegation increments the validator period and keeps track of the starting period of the delegation. + +```go expandable +// initialize starting info for a new delegation +func (k Keeper) + +initializeDelegation(ctx context.Context, val sdk.ValAddress, del sdk.AccAddress) { + // period has already been incremented - we want to store the period ended by this delegation action + previousPeriod := k.GetValidatorCurrentRewards(ctx, val).Period - 1 + + // increment reference count for the period we're going to track + k.incrementReferenceCount(ctx, val, previousPeriod) + validator := k.stakingKeeper.Validator(ctx, val) + delegation := k.stakingKeeper.Delegation(ctx, del, val) + + // calculate delegation stake in tokens + // we don't store directly, so multiply delegation shares * (tokens per share) + // note: necessary to truncate so we don't allow withdrawing more rewards than owed + stake := validator.TokensFromSharesTruncated(delegation.GetShares()) + +k.SetDelegatorStartingInfo(ctx, val, del, types.NewDelegatorStartingInfo(previousPeriod, stake, uint64(ctx.BlockHeight()))) +} +``` + +### MsgUpdateParams + +Distribution module params can be updated through `MsgUpdateParams`, which can be done using governance proposal and the signer will always be gov module account address. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/distribution/v1beta1/tx.proto#L133-L147 +``` + +The message handling can fail if: + +* signer is not the gov module account address. + +## Hooks + +Available hooks that can be called by and from this module. + +### Create or modify delegation distribution + +* triggered-by: `staking.MsgDelegate`, `staking.MsgBeginRedelegate`, `staking.MsgUndelegate` + +#### Before + +* The delegation rewards are withdrawn to the withdraw address of the delegator. + The rewards include the current period and exclude the starting period. +* The validator period is incremented. + The validator period is incremented because the validator's power and share distribution might have changed. +* The reference count for the delegator's starting period is decremented. + +#### After + +The starting height of the delegation is set to the previous period. +Because of the `Before`-hook, this period is the last period for which the delegator was rewarded. + +### Validator created + +* triggered-by: `staking.MsgCreateValidator` + +When a validator is created, the following validator variables are initialized: + +* Historical rewards +* Current accumulated rewards +* Accumulated commission +* Total outstanding rewards +* Period + +By default, all values are set to a `0`, except period, which is set to `1`. + +### Validator removed + +* triggered-by: `staking.RemoveValidator` + +Outstanding commission is sent to the validator's self-delegation withdrawal address. +Remaining delegator rewards get sent to the community fee pool. + +Note: The validator gets removed only when it has no remaining delegations. +At that time, all outstanding delegator rewards will have been withdrawn. +Any remaining rewards are dust amounts. + +### Validator is slashed + +* triggered-by: `staking.Slash` +* The current validator period reference count is incremented. + The reference count is incremented because the slash event has created a reference to it. +* The validator period is incremented. +* The slash event is stored for later use. + The slash event will be referenced when calculating delegator rewards. + +## Events + +The distribution module emits the following events: + +### BeginBlocker + +| Type | Attribute Key | Attribute Value | +| ---------------- | ------------- | ------------------ | +| proposer\_reward | validator | `{validatorAddress}` | +| proposer\_reward | reward | `{proposerReward}` | +| commission | amount | `{commissionAmount}` | +| commission | validator | `{validatorAddress}` | +| rewards | amount | `{rewardAmount}` | +| rewards | validator | `{validatorAddress}` | + +### Handlers + +#### MsgSetWithdrawAddress + +| Type | Attribute Key | Attribute Value | +| ---------------------- | ----------------- | ---------------------- | +| set\_withdraw\_address | withdraw\_address | `{withdrawAddress}` | +| message | module | distribution | +| message | action | set\_withdraw\_address | +| message | sender | `{senderAddress}` | + +#### MsgWithdrawDelegatorReward + +| Type | Attribute Key | Attribute Value | +| ----------------- | ------------- | --------------------------- | +| withdraw\_rewards | amount | `{rewardAmount}` | +| withdraw\_rewards | validator | `{validatorAddress}` | +| message | module | distribution | +| message | action | withdraw\_delegator\_reward | +| message | sender | `{senderAddress}` | + +#### MsgWithdrawValidatorCommission + +| Type | Attribute Key | Attribute Value | +| -------------------- | ------------- | ------------------------------- | +| withdraw\_commission | amount | `{commissionAmount}` | +| message | module | distribution | +| message | action | withdraw\_validator\_commission | +| message | sender | `{senderAddress}` | + +## Parameters + +The distribution module contains the following parameters: + +| Key | Type | Example | +| ------------------- | ------------ | --------------------------- | +| communitytax | string (dec) | "0.020000000000000000" \[0] | +| withdrawaddrenabled | bool | true | + +* \[0] `communitytax` must be positive and cannot exceed 1.00. +* `baseproposerreward` and `bonusproposerreward` were parameters that are deprecated in v0.47 and are not used. + + +The reserve pool is the pool of collected funds for use by governance taken via the `CommunityTax`. +Currently with the Cosmos SDK, tokens collected by the CommunityTax are accounted for but unspendable. + + +## Client + +## CLI + +A user can query and interact with the `distribution` module using the CLI. + +#### Query + +The `query` commands allow users to query `distribution` state. + +```shell +simd query distribution --help +``` + +##### commission + +The `commission` command allows users to query validator commission rewards by address. + +```shell +simd query distribution commission [address] [flags] +``` + +Example: + +```shell +simd query distribution commission cosmosvaloper1... +``` + +Example Output: + +```yml +commission: +- amount: "1000000.000000000000000000" + denom: stake +``` + +##### community-pool + +The `community-pool` command allows users to query all coin balances within the community pool. + +```shell +simd query distribution community-pool [flags] +``` + +Example: + +```shell +simd query distribution community-pool +``` + +Example Output: + +```yml +pool: +- amount: "1000000.000000000000000000" + denom: stake +``` + +##### params + +The `params` command allows users to query the parameters of the `distribution` module. + +```shell +simd query distribution params [flags] +``` + +Example: + +```shell +simd query distribution params +``` + +Example Output: + +```yml +base_proposer_reward: "0.000000000000000000" +bonus_proposer_reward: "0.000000000000000000" +community_tax: "0.020000000000000000" +withdraw_addr_enabled: true +``` + +##### rewards + +The `rewards` command allows users to query delegator rewards. Users can optionally include the validator address to query rewards earned from a specific validator. + +```shell +simd query distribution rewards [delegator-addr] [validator-addr] [flags] +``` + +Example: + +```shell +simd query distribution rewards cosmos1... +``` + +Example Output: + +```yml +rewards: +- reward: + - amount: "1000000.000000000000000000" + denom: stake + validator_address: cosmosvaloper1.. +total: +- amount: "1000000.000000000000000000" + denom: stake +``` + +##### slashes + +The `slashes` command allows users to query all slashes for a given block range. + +```shell +simd query distribution slashes [validator] [start-height] [end-height] [flags] +``` + +Example: + +```shell +simd query distribution slashes cosmosvaloper1... 1 1000 +``` + +Example Output: + +```yml +pagination: + next_key: null + total: "0" +slashes: +- validator_period: 20, + fraction: "0.009999999999999999" +``` + +##### validator-outstanding-rewards + +The `validator-outstanding-rewards` command allows users to query all outstanding (un-withdrawn) rewards for a validator and all their delegations. + +```shell +simd query distribution validator-outstanding-rewards [validator] [flags] +``` + +Example: + +```shell +simd query distribution validator-outstanding-rewards cosmosvaloper1... +``` + +Example Output: + +```yml +rewards: +- amount: "1000000.000000000000000000" + denom: stake +``` + +##### validator-distribution-info + +The `validator-distribution-info` command allows users to query validator commission and self-delegation rewards for validator. + +````shell expandable +simd query distribution validator-distribution-info cosmosvaloper1... +``` + +Example Output: + +```yml +commission: +- amount: "100000.000000000000000000" + denom: stake +operator_address: cosmosvaloper1... +self_bond_rewards: +- amount: "100000.000000000000000000" + denom: stake +``` + +#### Transactions + +The `tx` commands allow users to interact with the `distribution` module. + +```shell +simd tx distribution --help +``` + +##### fund-community-pool + +The `fund-community-pool` command allows users to send funds to the community pool. + +```shell +simd tx distribution fund-community-pool [amount] [flags] +``` + +Example: + +```shell +simd tx distribution fund-community-pool 100stake --from cosmos1... +``` + +##### set-withdraw-addr + +The `set-withdraw-addr` command allows users to set the withdraw address for rewards associated with a delegator address. + +```shell +simd tx distribution set-withdraw-addr [withdraw-addr] [flags] +``` + +Example: + +```shell +simd tx distribution set-withdraw-addr cosmos1... --from cosmos1... +``` + +##### withdraw-all-rewards + +The `withdraw-all-rewards` command allows users to withdraw all rewards for a delegator. + +```shell +simd tx distribution withdraw-all-rewards [flags] +``` + +Example: + +```shell +simd tx distribution withdraw-all-rewards --from cosmos1... +``` + +##### withdraw-rewards + +The `withdraw-rewards` command allows users to withdraw all rewards from a given delegation address, +and optionally withdraw validator commission if the delegation address given is a validator operator and the user proves the `--commission` flag. + +```shell +simd tx distribution withdraw-rewards [validator-addr] [flags] +``` + +Example: + +```shell +simd tx distribution withdraw-rewards cosmosvaloper1... --from cosmos1... --commission +``` + +### gRPC + +A user can query the `distribution` module using gRPC endpoints. + +#### Params + +The `Params` endpoint allows users to query parameters of the `distribution` module. + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/Params +``` + +Example Output: + +```json +{ + "params": { + "communityTax": "20000000000000000", + "baseProposerReward": "00000000000000000", + "bonusProposerReward": "00000000000000000", + "withdrawAddrEnabled": true + } +} +``` + +#### ValidatorDistributionInfo + +The `ValidatorDistributionInfo` queries validator commission and self-delegation rewards for validator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"validator_address":"cosmosvalop1..."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/ValidatorDistributionInfo +``` + +Example Output: + +```json +{ + "commission": { + "commission": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] + }, + "self_bond_rewards": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ], + "validator_address": "cosmosvalop1..." +} +``` + +#### ValidatorOutstandingRewards + +The `ValidatorOutstandingRewards` endpoint allows users to query rewards of a validator address. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"validator_address":"cosmosvalop1.."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/ValidatorOutstandingRewards +``` + +Example Output: + +```json +{ + "rewards": { + "rewards": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] + } +} +``` + +#### ValidatorCommission + +The `ValidatorCommission` endpoint allows users to query accumulated commission for a validator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"validator_address":"cosmosvalop1.."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/ValidatorCommission +``` + +Example Output: + +```json +{ + "commission": { + "commission": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] + } +} +``` + +#### ValidatorSlashes + +The `ValidatorSlashes` endpoint allows users to query slash events of a validator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"validator_address":"cosmosvalop1.."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/ValidatorSlashes +``` + +Example Output: + +```json +{ + "slashes": [ + { + "validator_period": "20", + "fraction": "0.009999999999999999" + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### DelegationRewards + +The `DelegationRewards` endpoint allows users to query the total rewards accrued by a delegation. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"delegator_address":"cosmos1...","validator_address":"cosmosvalop1..."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/DelegationRewards +``` + +Example Output: + +```json +{ + "rewards": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] +} +``` + +#### DelegationTotalRewards + +The `DelegationTotalRewards` endpoint allows users to query the total rewards accrued by each validator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"delegator_address":"cosmos1..."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/DelegationTotalRewards +``` + +Example Output: + +```json +{ + "rewards": [ + { + "validatorAddress": "cosmosvaloper1...", + "reward": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] + } + ], + "total": [ + { + "denom": "stake", + "amount": "1000000000000000" + } + ] +} +``` + +#### DelegatorValidators + +The `DelegatorValidators` endpoint allows users to query all validators for given delegator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"delegator_address":"cosmos1..."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/DelegatorValidators +``` + +Example Output: + +```json +{ + "validators": ["cosmosvaloper1..."] +} +``` + +#### DelegatorWithdrawAddress + +The `DelegatorWithdrawAddress` endpoint allows users to query the withdraw address of a delegator. + +Example: + +```shell +grpcurl -plaintext \ + -d '{"delegator_address":"cosmos1..."}' \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/DelegatorWithdrawAddress +``` + +Example Output: + +```json +{ + "withdrawAddress": "cosmos1..." +} +``` + +#### CommunityPool + +The `CommunityPool` endpoint allows users to query the community pool coins. + +Example: + +```shell +grpcurl -plaintext \ + localhost:9090 \ + cosmos.distribution.v1beta1.Query/CommunityPool +``` + +Example Output: + +```json +{ + "pool": [ + { + "denom": "stake", + "amount": "1000000000000000000" + } + ] +} +``` +```` diff --git a/docs/sdk/next/build/modules/epochs/README.mdx b/docs/sdk/next/build/modules/epochs/README.mdx new file mode 100644 index 00000000..d22b2ada --- /dev/null +++ b/docs/sdk/next/build/modules/epochs/README.mdx @@ -0,0 +1,178 @@ +--- +title: '`x/epochs`' +--- +## Abstract + +Often in the SDK, we would like to run certain code every so often. The +purpose of `epochs` module is to allow other modules to set that they +would like to be signaled once every period. So another module can +specify it wants to execute code once a week, starting at UTC-time = x. +`epochs` creates a generalized epoch interface to other modules so that +they can easily be signaled upon such events. + +## Contents + +1. **[Concept](#concepts)** +2. **[State](#state)** +3. **[Events](#events)** +4. **[Keeper](#keepers)** +5. **[Hooks](#hooks)** +6. **[Queries](#queries)** + +## Concepts + +The epochs module defines on-chain timers that execute at fixed time intervals. +Other SDK modules can then register logic to be executed at the timer ticks. +We refer to the period in between two timer ticks as an "epoch". + +Every timer has a unique identifier. +Every epoch will have a start time, and an end time, where `end time = start time + timer interval`. +On mainnet, we only utilize one identifier, with a time interval of `one day`. + +The timer will tick at the first block whose block time is greater than the timer end time, +and set the start as the prior timer end time. (Notably, it's not set to the block time!) +This means that if the chain has been down for a while, you will get one timer tick per block, +until the timer has caught up. + +## State + +The Epochs module keeps a single `EpochInfo` per identifier. +This contains the current state of the timer with the corresponding identifier. +Its fields are modified at every timer tick. +EpochInfos are initialized as part of genesis initialization or upgrade logic, +and are only modified on begin blockers. + +## Events + +The `epochs` module emits the following events: + +### BeginBlocker + +| Type | Attribute Key | Attribute Value | +| ------------ | ------------- | --------------- | +| epoch\_start | epoch\_number | `{epoch\_number}` | +| epoch\_start | start\_time | `{start\_time}` | + +### EndBlocker + +| Type | Attribute Key | Attribute Value | +| ---------- | ------------- | --------------- | +| epoch\_end | epoch\_number | `{epoch\_number}` | + +## Keepers + +### Keeper functions + +Epochs keeper module provides utility functions to manage epochs. + +## Hooks + +```go +// the first block whose timestamp is after the duration is counted as the end of the epoch + AfterEpochEnd(ctx sdk.Context, epochIdentifier string, epochNumber int64) + // new epoch is next block of epoch end block + BeforeEpochStart(ctx sdk.Context, epochIdentifier string, epochNumber int64) +``` + +### How modules receive hooks + +On hook receiver function of other modules, they need to filter +`epochIdentifier` and only do executions for only specific +epochIdentifier. Filtering epochIdentifier could be in `Params` of other +modules so that they can be modified by governance. + +This is the standard dev UX of this: + +```golang +func (k MyModuleKeeper) + +AfterEpochEnd(ctx sdk.Context, epochIdentifier string, epochNumber int64) { + params := k.GetParams(ctx) + if epochIdentifier == params.DistrEpochIdentifier { + // my logic +} +} +``` + +### Panic isolation + +If a given epoch hook panics, its state update is reverted, but we keep +proceeding through the remaining hooks. This allows more advanced epoch +logic to be used, without concern over state machine halting, or halting +subsequent modules. + +This does mean that if there is behavior you expect from a prior epoch +hook, and that epoch hook reverted, your hook may also have an issue. So +do keep in mind "what if a prior hook didn't get executed" in the safety +checks you consider for a new epoch hook. + +## Queries + +The Epochs module provides the following queries to check the module's state. + +```protobuf +service Query { + // EpochInfos provide running epochInfos + rpc EpochInfos(QueryEpochsInfoRequest) returns (QueryEpochsInfoResponse) {} + // CurrentEpoch provide current epoch of specified identifier + rpc CurrentEpoch(QueryCurrentEpochRequest) returns (QueryCurrentEpochResponse) {} +} +``` + +### Epoch Infos + +Query the currently running epochInfos + +```sh + query epochs epoch-infos +``` + + +**Example** + +An example output: + +```sh expandable +epochs: +- current_epoch: "183" + current_epoch_start_height: "2438409" + current_epoch_start_time: "2021-12-18T17:16:09.898160996Z" + duration: 86400s + epoch_counting_started: true + identifier: day + start_time: "2021-06-18T17:00:00Z" +- current_epoch: "26" + current_epoch_start_height: "2424854" + current_epoch_start_time: "2021-12-17T17:02:07.229632445Z" + duration: 604800s + epoch_counting_started: true + identifier: week + start_time: "2021-06-18T17:00:00Z" +``` + + + +### Current Epoch + +Query the current epoch by the specified identifier + +```sh + query epochs current-epoch [identifier] +``` + + +**Example** + +Query the current `day` epoch: + +```sh + query epochs current-epoch day +``` + +Which in this example outputs: + +```sh +current_epoch: "183" +``` + + diff --git a/docs/sdk/next/build/modules/evidence/README.mdx b/docs/sdk/next/build/modules/evidence/README.mdx new file mode 100644 index 00000000..115f859c --- /dev/null +++ b/docs/sdk/next/build/modules/evidence/README.mdx @@ -0,0 +1,460 @@ +--- +title: '`x/evidence`' +description: Concepts State Messages Events Parameters BeginBlock Client CLI REST gRPC +--- +* [Concepts](#concepts) +* [State](#state) +* [Messages](#messages) +* [Events](#events) +* [Parameters](#parameters) +* [BeginBlock](#beginblock) +* [Client](#client) + * [CLI](#cli) + * [REST](#rest) + * [gRPC](#grpc) + +## Abstract + +`x/evidence` is an implementation of a Cosmos SDK module, per [ADR 009](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-009-evidence-module.md), +that allows for the submission and handling of arbitrary evidence of misbehavior such +as equivocation and counterfactual signing. + +The evidence module differs from standard evidence handling which typically expects the +underlying consensus engine, e.g. CometBFT, to automatically submit evidence when +it is discovered by allowing clients and foreign chains to submit more complex evidence +directly. + +All concrete evidence types must implement the `Evidence` interface contract. Submitted +`Evidence` is first routed through the evidence module's `Router` in which it attempts +to find a corresponding registered `Handler` for that specific `Evidence` type. +Each `Evidence` type must have a `Handler` registered with the evidence module's +keeper in order for it to be successfully routed and executed. + +Each corresponding handler must also fulfill the `Handler` interface contract. The +`Handler` for a given `Evidence` type can perform any arbitrary state transitions +such as slashing, jailing, and tombstoning. + +## Concepts + +### Evidence + +Any concrete type of evidence submitted to the `x/evidence` module must fulfill the +`Evidence` contract outlined below. Not all concrete types of evidence will fulfill +this contract in the same way and some data may be entirely irrelevant to certain +types of evidence. An additional `ValidatorEvidence`, which extends `Evidence`, +has also been created to define a contract for evidence against malicious validators. + +```go expandable +// Evidence defines the contract which concrete evidence types of misbehavior +// must implement. +type Evidence interface { + proto.Message + + Route() + +string + String() + +string + Hash() []byte + ValidateBasic() + +error + + // Height at which the infraction occurred + GetHeight() + +int64 +} + +// ValidatorEvidence extends Evidence interface to define contract +// for evidence against malicious validators +type ValidatorEvidence interface { + Evidence + + // The consensus address of the malicious validator at time of infraction + GetConsensusAddress() + +sdk.ConsAddress + + // The total power of the malicious validator at time of infraction + GetValidatorPower() + +int64 + + // The total validator set power at time of infraction + GetTotalPower() + +int64 +} +``` + +### Registration & Handling + +The `x/evidence` module must first know about all types of evidence it is expected +to handle. This is accomplished by registering the `Route` method in the `Evidence` +contract with what is known as a `Router` (defined below). The `Router` accepts +`Evidence` and attempts to find the corresponding `Handler` for the `Evidence` +via the `Route` method. + +```go +type Router interface { + AddRoute(r string, h Handler) + +Router + HasRoute(r string) + +bool + GetRoute(path string) + +Handler + Seal() + +Sealed() + +bool +} +``` + +The `Handler` (defined below) is responsible for executing the entirety of the +business logic for handling `Evidence`. This typically includes validating the +evidence, both stateless checks via `ValidateBasic` and stateful checks via any +keepers provided to the `Handler`. In addition, the `Handler` may also perform +capabilities such as slashing and jailing a validator. All `Evidence` handled +by the `Handler` should be persisted. + +```go +// Handler defines an agnostic Evidence handler. The handler is responsible +// for executing all corresponding business logic necessary for verifying the +// evidence as valid. In addition, the Handler may execute any necessary +// slashing and potential jailing. +type Handler func(context.Context, Evidence) + +error +``` + +## State + +Currently the `x/evidence` module only stores valid submitted `Evidence` in state. +The evidence state is also stored and exported in the `x/evidence` module's `GenesisState`. + +```protobuf +// GenesisState defines the evidence module's genesis state. +message GenesisState { + // evidence defines all the evidence at genesis. + repeated google.protobuf.Any evidence = 1; +} + +``` + +All `Evidence` is retrieved and stored via a prefix `KVStore` using prefix `0x00` (`KeyPrefixEvidence`). + +## Messages + +### MsgSubmitEvidence + +Evidence is submitted through a `MsgSubmitEvidence` message: + +```protobuf +// MsgSubmitEvidence represents a message that supports submitting arbitrary +// Evidence of misbehavior such as equivocation or counterfactual signing. +message MsgSubmitEvidence { + string submitter = 1; + google.protobuf.Any evidence = 2; +} +``` + +Note, the `Evidence` of a `MsgSubmitEvidence` message must have a corresponding +`Handler` registered with the `x/evidence` module's `Router` in order to be processed +and routed correctly. + +Given the `Evidence` is registered with a corresponding `Handler`, it is processed +as follows: + +```go expandable +func SubmitEvidence(ctx Context, evidence Evidence) + +error { + if _, err := GetEvidence(ctx, evidence.Hash()); err == nil { + return errorsmod.Wrap(types.ErrEvidenceExists, strings.ToUpper(hex.EncodeToString(evidence.Hash()))) +} + if !router.HasRoute(evidence.Route()) { + return errorsmod.Wrap(types.ErrNoEvidenceHandlerExists, evidence.Route()) +} + handler := router.GetRoute(evidence.Route()) + if err := handler(ctx, evidence); err != nil { + return errorsmod.Wrap(types.ErrInvalidEvidence, err.Error()) +} + +ctx.EventManager().EmitEvent( + sdk.NewEvent( + types.EventTypeSubmitEvidence, + sdk.NewAttribute(types.AttributeKeyEvidenceHash, strings.ToUpper(hex.EncodeToString(evidence.Hash()))), + ), + ) + +SetEvidence(ctx, evidence) + +return nil +} +``` + +First, there must not already exist valid submitted `Evidence` of the exact same +type. Secondly, the `Evidence` is routed to the `Handler` and executed. Finally, +if there is no error in handling the `Evidence`, an event is emitted and it is persisted to state. + +## Events + +The `x/evidence` module emits the following events: + +### Handlers + +#### MsgSubmitEvidence + +| Type | Attribute Key | Attribute Value | +| ---------------- | -------------- | ---------------- | +| submit\_evidence | evidence\_hash | `{evidenceHash}` | +| message | module | evidence | +| message | sender | `{senderAddress}` | +| message | action | submit\_evidence | + +## Parameters + +The evidence module does not contain any parameters. + +## BeginBlock + +### Evidence Handling + +CometBFT blocks can include +[Evidence](https://github.com/cometbft/cometbft/blob/main/spec/abci/abci%2B%2B_basic_concepts.md#evidence) that indicates if a validator committed malicious behavior. The relevant information is forwarded to the application as ABCI Evidence in `abci.RequestBeginBlock` so that the validator can be punished accordingly. + +#### Equivocation + +The Cosmos SDK handles two types of evidence inside the ABCI `BeginBlock`: + +* `DuplicateVoteEvidence`, +* `LightClientAttackEvidence`. + +The evidence module handles these two evidence types the same way. First, the Cosmos SDK converts the CometBFT concrete evidence type to an SDK `Evidence` interface using `Equivocation` as the concrete type. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/evidence/v1beta1/evidence.proto#L12-L32 +``` + +For some `Equivocation` submitted in `block` to be valid, it must satisfy: + +`Evidence.Timestamp >= block.Timestamp - MaxEvidenceAge` + +Where: + +* `Evidence.Timestamp` is the timestamp in the block at height `Evidence.Height` +* `block.Timestamp` is the current block timestamp. + +If valid `Equivocation` evidence is included in a block, the validator's stake is +reduced (slashed) by `SlashFractionDoubleSign` as defined by the `x/slashing` module +of what their stake was when the infraction occurred, rather than when the evidence was discovered. +We want to "follow the stake", i.e., the stake that contributed to the infraction +should be slashed, even if it has since been redelegated or started unbonding. + +In addition, the validator is permanently jailed and tombstoned to make it impossible for that +validator to ever re-enter the validator set. + +The `Equivocation` evidence is handled as follows: + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/x/evidence/keeper/infraction.go#L26-L140 +``` + +**Note:** The slashing, jailing, and tombstoning calls are delegated through the `x/slashing` module +that emits informative events and finally delegates calls to the `x/staking` module. See documentation +on slashing and jailing in [State Transitions](/docs/sdk/vnext/build/modules/staking/README#state-transitions). + +## Client + +### CLI + +A user can query and interact with the `evidence` module using the CLI. + +#### Query + +The `query` commands allows users to query `evidence` state. + +```bash +simd query evidence --help +``` + +#### evidence + +The `evidence` command allows users to list all evidence or evidence by hash. + +Usage: + +```bash +simd query evidence [flags] +``` + +To query evidence by hash + +Example: + +```bash +simd query evidence evidence "DF0C23E8634E480F84B9D5674A7CDC9816466DEC28A3358F73260F68D28D7660" +``` + +Example Output: + +```bash +evidence: + consensus_address: cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h + height: 11 + power: 100 + time: "2021-10-20T16:08:38.194017624Z" +``` + +To get all evidence + +Example: + +```bash +simd query evidence list +``` + +Example Output: + +```bash +evidence: + consensus_address: cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h + height: 11 + power: 100 + time: "2021-10-20T16:08:38.194017624Z" +pagination: + next_key: null + total: "1" +``` + +### REST + +A user can query the `evidence` module using REST endpoints. + +#### Evidence + +Get evidence by hash + +```bash +/cosmos/evidence/v1beta1/evidence/{hash} +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/evidence/v1beta1/evidence/DF0C23E8634E480F84B9D5674A7CDC9816466DEC28A3358F73260F68D28D7660" +``` + +Example Output: + +```bash +{ + "evidence": { + "consensus_address": "cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h", + "height": "11", + "power": "100", + "time": "2021-10-20T16:08:38.194017624Z" + } +} +``` + +#### All evidence + +Get all evidence + +```bash +/cosmos/evidence/v1beta1/evidence +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/evidence/v1beta1/evidence" +``` + +Example Output: + +```bash expandable +{ + "evidence": [ + { + "consensus_address": "cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h", + "height": "11", + "power": "100", + "time": "2021-10-20T16:08:38.194017624Z" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### gRPC + +A user can query the `evidence` module using gRPC endpoints. + +#### Evidence + +Get evidence by hash + +```bash +cosmos.evidence.v1beta1.Query/Evidence +``` + +Example: + +```bash +grpcurl -plaintext -d '{"evidence_hash":"DF0C23E8634E480F84B9D5674A7CDC9816466DEC28A3358F73260F68D28D7660"}' localhost:9090 cosmos.evidence.v1beta1.Query/Evidence +``` + +Example Output: + +```bash +{ + "evidence": { + "consensus_address": "cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h", + "height": "11", + "power": "100", + "time": "2021-10-20T16:08:38.194017624Z" + } +} +``` + +#### All evidence + +Get all evidence + +```bash +cosmos.evidence.v1beta1.Query/AllEvidence +``` + +Example: + +```bash +grpcurl -plaintext localhost:9090 cosmos.evidence.v1beta1.Query/AllEvidence +``` + +Example Output: + +```bash expandable +{ + "evidence": [ + { + "consensus_address": "cosmosvalcons1ntk8eualewuprz0gamh8hnvcem2nrcdsgz563h", + "height": "11", + "power": "100", + "time": "2021-10-20T16:08:38.194017624Z" + } + ], + "pagination": { + "total": "1" + } +} +``` diff --git a/docs/sdk/next/build/modules/feegrant/README.mdx b/docs/sdk/next/build/modules/feegrant/README.mdx new file mode 100644 index 00000000..ed9c37be --- /dev/null +++ b/docs/sdk/next/build/modules/feegrant/README.mdx @@ -0,0 +1,3654 @@ +--- +title: '`x/feegrant`' +description: >- + This document specifies the fee grant module. For the full ADR, please see Fee + Grant ADR-029. +--- +## Abstract + +This document specifies the fee grant module. For the full ADR, please see [Fee Grant ADR-029](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-029-fee-grant-module.md). + +This module allows accounts to grant fee allowances and to use fees from their accounts. Grantees can execute any transaction without the need to maintain sufficient fees. + +## Contents + +* [Concepts](#concepts) +* [State](#state) + * [FeeAllowance](#feeallowance) + * [FeeAllowanceQueue](#feeallowancequeue) +* [Messages](#messages) + * [Msg/GrantAllowance](#msggrantallowance) + * [Msg/RevokeAllowance](#msgrevokeallowance) +* [Events](#events) +* [Msg Server](#msg-server) + * [MsgGrantAllowance](#msggrantallowance-1) + * [MsgRevokeAllowance](#msgrevokeallowance-1) + * [Exec fee allowance](#exec-fee-allowance) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + +## Concepts + +### Grant + +`Grant` is stored in the KVStore to record a grant with full context. Every grant will contain `granter`, `grantee` and what kind of `allowance` is granted. `granter` is an account address who is giving permission to `grantee` (the beneficiary account address) to pay for some or all of `grantee`'s transaction fees. `allowance` defines what kind of fee allowance (`BasicAllowance` or `PeriodicAllowance`, see below) is granted to `grantee`. `allowance` accepts an interface which implements `FeeAllowanceI`, encoded as `Any` type. There can be only one existing fee grant allowed for a `grantee` and `granter`, self grants are not allowed. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/feegrant.proto#L83-L93 +``` + +`FeeAllowanceI` looks like: + +```go expandable +package feegrant + +import ( + + "time" + + sdk "github.com/cosmos/cosmos-sdk/types" +) + +// FeeAllowance implementations are tied to a given fee delegator and delegatee, +// and are used to enforce fee grant limits. +type FeeAllowanceI interface { + // Accept can use fee payment requested as well as timestamp of the current block + // to determine whether or not to process this. This is checked in + // Keeper.UseGrantedFees and the return values should match how it is handled there. + // + // If it returns an error, the fee payment is rejected, otherwise it is accepted. + // The FeeAllowance implementation is expected to update it's internal state + // and will be saved again after an acceptance. + // + // If remove is true (regardless of the error), the FeeAllowance will be deleted from storage + // (eg. when it is used up). (See call to RevokeAllowance in Keeper.UseGrantedFees) + +Accept(ctx sdk.Context, fee sdk.Coins, msgs []sdk.Msg) (remove bool, err error) + + // ValidateBasic should evaluate this FeeAllowance for internal consistency. + // Don't allow negative amounts, or negative periods for example. + ValidateBasic() + +error + + // ExpiresAt returns the expiry time of the allowance. + ExpiresAt() (*time.Time, error) +} +``` + +### Fee Allowance types + +There are two types of fee allowances present at the moment: + +* `BasicAllowance` +* `PeriodicAllowance` +* `AllowedMsgAllowance` + +### BasicAllowance + +`BasicAllowance` is permission for `grantee` to use fee from a `granter`'s account. If any of the `spend_limit` or `expiration` reaches its limit, the grant will be removed from the state. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/feegrant.proto#L15-L28 +``` + +* `spend_limit` is the limit of coins that are allowed to be used from the `granter` account. If it is empty, it assumes there's no spend limit, `grantee` can use any number of available coins from `granter` account address before the expiration. + +* `expiration` specifies an optional time when this allowance expires. If the value is left empty, there is no expiry for the grant. + +* When a grant is created with empty values for `spend_limit` and `expiration`, it is still a valid grant. It won't restrict the `grantee` to use any number of coins from `granter` and it won't have any expiration. The only way to restrict the `grantee` is by revoking the grant. + +### PeriodicAllowance + +`PeriodicAllowance` is a repeating fee allowance for the mentioned period, we can mention when the grant can expire as well as when a period can reset. We can also define the maximum number of coins that can be used in a mentioned period of time. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/feegrant.proto#L34-L68 +``` + +* `basic` is the instance of `BasicAllowance` which is optional for periodic fee allowance. If empty, the grant will have no `expiration` and no `spend_limit`. + +* `period` is the specific period of time, after each period passes, `period_can_spend` will be reset. + +* `period_spend_limit` specifies the maximum number of coins that can be spent in the period. + +* `period_can_spend` is the number of coins left to be spent before the period\_reset time. + +* `period_reset` keeps track of when a next period reset should happen. + +### AllowedMsgAllowance + +`AllowedMsgAllowance` is a fee allowance, it can be any of `BasicFeeAllowance`, `PeriodicAllowance` but restricted only to the allowed messages mentioned by the granter. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/feegrant.proto#L70-L81 +``` + +* `allowance` is either `BasicAllowance` or `PeriodicAllowance`. + +* `allowed_messages` is array of messages allowed to execute the given allowance. + +### FeeGranter flag + +`feegrant` module introduces a `FeeGranter` flag for CLI for the sake of executing transactions with fee granter. When this flag is set, `clientCtx` will append the granter account address for transactions generated through CLI. + +```go expandable +package client + +import ( + + "crypto/tls" + "fmt" + "strings" + "github.com/pkg/errors" + "github.com/spf13/cobra" + "github.com/spf13/pflag" + "github.com/tendermint/tendermint/libs/cli" + "google.golang.org/grpc" + "google.golang.org/grpc/credentials" + "google.golang.org/grpc/credentials/insecure" + "github.com/cosmos/cosmos-sdk/client/flags" + "github.com/cosmos/cosmos-sdk/crypto/keyring" + sdk "github.com/cosmos/cosmos-sdk/types" +) + +// ClientContextKey defines the context key used to retrieve a client.Context from +// a command's Context. +const ClientContextKey = sdk.ContextKey("client.context") + +// SetCmdClientContextHandler is to be used in a command pre-hook execution to +// read flags that populate a Context and sets that to the command's Context. +func SetCmdClientContextHandler(clientCtx Context, cmd *cobra.Command) (err error) { + clientCtx, err = ReadPersistentCommandFlags(clientCtx, cmd.Flags()) + if err != nil { + return err +} + +return SetCmdClientContext(cmd, clientCtx) +} + +// ValidateCmd returns unknown command error or Help display if help flag set +func ValidateCmd(cmd *cobra.Command, args []string) + +error { + var unknownCmd string + var skipNext bool + for _, arg := range args { + // search for help flag + if arg == "--help" || arg == "-h" { + return cmd.Help() +} + + // check if the current arg is a flag + switch { + case len(arg) > 0 && (arg[0] == '-'): + // the next arg should be skipped if the current arg is a + // flag and does not use "=" to assign the flag's value + if !strings.Contains(arg, "=") { + skipNext = true +} + +else { + skipNext = false +} + case skipNext: + // skip current arg + skipNext = false + case unknownCmd == "": + // unknown command found + // continue searching for help flag + unknownCmd = arg +} + +} + + // return the help screen if no unknown command is found + if unknownCmd != "" { + err := fmt.Sprintf("unknown command \"%s\" for \"%s\"", unknownCmd, cmd.CalledAs()) + + // build suggestions for unknown argument + if suggestions := cmd.SuggestionsFor(unknownCmd); len(suggestions) > 0 { + err += "\n\nDid you mean this?\n" + for _, s := range suggestions { + err += fmt.Sprintf("\t%v\n", s) +} + +} + +return errors.New(err) +} + +return cmd.Help() +} + +// ReadPersistentCommandFlags returns a Context with fields set for "persistent" +// or common flags that do not necessarily change with context. +// +// Note, the provided clientCtx may have field pre-populated. The following order +// of precedence occurs: +// +// - client.Context field not pre-populated & flag not set: uses default flag value +// - client.Context field not pre-populated & flag set: uses set flag value +// - client.Context field pre-populated & flag not set: uses pre-populated value +// - client.Context field pre-populated & flag set: uses set flag value +func ReadPersistentCommandFlags(clientCtx Context, flagSet *pflag.FlagSet) (Context, error) { + if clientCtx.OutputFormat == "" || flagSet.Changed(cli.OutputFlag) { + output, _ := flagSet.GetString(cli.OutputFlag) + +clientCtx = clientCtx.WithOutputFormat(output) +} + if clientCtx.HomeDir == "" || flagSet.Changed(flags.FlagHome) { + homeDir, _ := flagSet.GetString(flags.FlagHome) + +clientCtx = clientCtx.WithHomeDir(homeDir) +} + if !clientCtx.Simulate || flagSet.Changed(flags.FlagDryRun) { + dryRun, _ := flagSet.GetBool(flags.FlagDryRun) + +clientCtx = clientCtx.WithSimulation(dryRun) +} + if clientCtx.KeyringDir == "" || flagSet.Changed(flags.FlagKeyringDir) { + keyringDir, _ := flagSet.GetString(flags.FlagKeyringDir) + + // The keyring directory is optional and falls back to the home directory + // if omitted. + if keyringDir == "" { + keyringDir = clientCtx.HomeDir +} + +clientCtx = clientCtx.WithKeyringDir(keyringDir) +} + if clientCtx.ChainID == "" || flagSet.Changed(flags.FlagChainID) { + chainID, _ := flagSet.GetString(flags.FlagChainID) + +clientCtx = clientCtx.WithChainID(chainID) +} + if clientCtx.Keyring == nil || flagSet.Changed(flags.FlagKeyringBackend) { + keyringBackend, _ := flagSet.GetString(flags.FlagKeyringBackend) + if keyringBackend != "" { + kr, err := NewKeyringFromBackend(clientCtx, keyringBackend) + if err != nil { + return clientCtx, err +} + +clientCtx = clientCtx.WithKeyring(kr) +} + +} + if clientCtx.Client == nil || flagSet.Changed(flags.FlagNode) { + rpcURI, _ := flagSet.GetString(flags.FlagNode) + if rpcURI != "" { + clientCtx = clientCtx.WithNodeURI(rpcURI) + +client, err := NewClientFromNode(rpcURI) + if err != nil { + return clientCtx, err +} + +clientCtx = clientCtx.WithClient(client) +} + +} + if clientCtx.GRPCClient == nil || flagSet.Changed(flags.FlagGRPC) { + grpcURI, _ := flagSet.GetString(flags.FlagGRPC) + if grpcURI != "" { + var dialOpts []grpc.DialOption + + useInsecure, _ := flagSet.GetBool(flags.FlagGRPCInsecure) + if useInsecure { + dialOpts = append(dialOpts, grpc.WithTransportCredentials(insecure.NewCredentials())) +} + +else { + dialOpts = append(dialOpts, grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{ + MinVersion: tls.VersionTLS12, +}))) +} + +grpcClient, err := grpc.Dial(grpcURI, dialOpts...) + if err != nil { + return Context{ +}, err +} + +clientCtx = clientCtx.WithGRPCClient(grpcClient) +} + +} + +return clientCtx, nil +} + +// readQueryCommandFlags returns an updated Context with fields set based on flags +// defined in AddQueryFlagsToCmd. An error is returned if any flag query fails. +// +// Note, the provided clientCtx may have field pre-populated. The following order +// of precedence occurs: +// +// - client.Context field not pre-populated & flag not set: uses default flag value +// - client.Context field not pre-populated & flag set: uses set flag value +// - client.Context field pre-populated & flag not set: uses pre-populated value +// - client.Context field pre-populated & flag set: uses set flag value +func readQueryCommandFlags(clientCtx Context, flagSet *pflag.FlagSet) (Context, error) { + if clientCtx.Height == 0 || flagSet.Changed(flags.FlagHeight) { + height, _ := flagSet.GetInt64(flags.FlagHeight) + +clientCtx = clientCtx.WithHeight(height) +} + if !clientCtx.UseLedger || flagSet.Changed(flags.FlagUseLedger) { + useLedger, _ := flagSet.GetBool(flags.FlagUseLedger) + +clientCtx = clientCtx.WithUseLedger(useLedger) +} + +return ReadPersistentCommandFlags(clientCtx, flagSet) +} + +// readTxCommandFlags returns an updated Context with fields set based on flags +// defined in AddTxFlagsToCmd. An error is returned if any flag query fails. +// +// Note, the provided clientCtx may have field pre-populated. The following order +// of precedence occurs: +// +// - client.Context field not pre-populated & flag not set: uses default flag value +// - client.Context field not pre-populated & flag set: uses set flag value +// - client.Context field pre-populated & flag not set: uses pre-populated value +// - client.Context field pre-populated & flag set: uses set flag value +func readTxCommandFlags(clientCtx Context, flagSet *pflag.FlagSet) (Context, error) { + clientCtx, err := ReadPersistentCommandFlags(clientCtx, flagSet) + if err != nil { + return clientCtx, err +} + if !clientCtx.GenerateOnly || flagSet.Changed(flags.FlagGenerateOnly) { + genOnly, _ := flagSet.GetBool(flags.FlagGenerateOnly) + +clientCtx = clientCtx.WithGenerateOnly(genOnly) +} + if !clientCtx.Offline || flagSet.Changed(flags.FlagOffline) { + offline, _ := flagSet.GetBool(flags.FlagOffline) + +clientCtx = clientCtx.WithOffline(offline) +} + if !clientCtx.UseLedger || flagSet.Changed(flags.FlagUseLedger) { + useLedger, _ := flagSet.GetBool(flags.FlagUseLedger) + +clientCtx = clientCtx.WithUseLedger(useLedger) +} + if clientCtx.BroadcastMode == "" || flagSet.Changed(flags.FlagBroadcastMode) { + bMode, _ := flagSet.GetString(flags.FlagBroadcastMode) + +clientCtx = clientCtx.WithBroadcastMode(bMode) +} + if !clientCtx.SkipConfirm || flagSet.Changed(flags.FlagSkipConfirmation) { + skipConfirm, _ := flagSet.GetBool(flags.FlagSkipConfirmation) + +clientCtx = clientCtx.WithSkipConfirmation(skipConfirm) +} + if clientCtx.SignModeStr == "" || flagSet.Changed(flags.FlagSignMode) { + signModeStr, _ := flagSet.GetString(flags.FlagSignMode) + +clientCtx = clientCtx.WithSignModeStr(signModeStr) +} + if clientCtx.FeePayer == nil || flagSet.Changed(flags.FlagFeePayer) { + payer, _ := flagSet.GetString(flags.FlagFeePayer) + if payer != "" { + payerAcc, err := sdk.AccAddressFromBech32(payer) + if err != nil { + return clientCtx, err +} + +clientCtx = clientCtx.WithFeePayerAddress(payerAcc) +} + +} + if clientCtx.FeeGranter == nil || flagSet.Changed(flags.FlagFeeGranter) { + granter, _ := flagSet.GetString(flags.FlagFeeGranter) + if granter != "" { + granterAcc, err := sdk.AccAddressFromBech32(granter) + if err != nil { + return clientCtx, err +} + +clientCtx = clientCtx.WithFeeGranterAddress(granterAcc) +} + +} + if clientCtx.From == "" || flagSet.Changed(flags.FlagFrom) { + from, _ := flagSet.GetString(flags.FlagFrom) + +fromAddr, fromName, keyType, err := GetFromFields(clientCtx, clientCtx.Keyring, from) + if err != nil { + return clientCtx, err +} + +clientCtx = clientCtx.WithFrom(from).WithFromAddress(fromAddr).WithFromName(fromName) + + // If the `from` signer account is a ledger key, we need to use + // SIGN_MODE_AMINO_JSON, because ledger doesn't support proto yet. + // ref: https://github.com/cosmos/cosmos-sdk/issues/8109 + if keyType == keyring.TypeLedger && clientCtx.SignModeStr != flags.SignModeLegacyAminoJSON && !clientCtx.LedgerHasProtobuf { + fmt.Println("Default sign-mode 'direct' not supported by Ledger, using sign-mode 'amino-json'.") + +clientCtx = clientCtx.WithSignModeStr(flags.SignModeLegacyAminoJSON) +} + +} + if !clientCtx.IsAux || flagSet.Changed(flags.FlagAux) { + isAux, _ := flagSet.GetBool(flags.FlagAux) + +clientCtx = clientCtx.WithAux(isAux) + if isAux { + // If the user didn't explicitly set an --output flag, use JSON by + // default. + if clientCtx.OutputFormat == "" || !flagSet.Changed(cli.OutputFlag) { + clientCtx = clientCtx.WithOutputFormat("json") +} + + // If the user didn't explicitly set a --sign-mode flag, use + // DIRECT_AUX by default. + if clientCtx.SignModeStr == "" || !flagSet.Changed(flags.FlagSignMode) { + clientCtx = clientCtx.WithSignModeStr(flags.SignModeDirectAux) +} + +} + +} + +return clientCtx, nil +} + +// GetClientQueryContext returns a Context from a command with fields set based on flags +// defined in AddQueryFlagsToCmd. An error is returned if any flag query fails. +// +// - client.Context field not pre-populated & flag not set: uses default flag value +// - client.Context field not pre-populated & flag set: uses set flag value +// - client.Context field pre-populated & flag not set: uses pre-populated value +// - client.Context field pre-populated & flag set: uses set flag value +func GetClientQueryContext(cmd *cobra.Command) (Context, error) { + ctx := GetClientContextFromCmd(cmd) + +return readQueryCommandFlags(ctx, cmd.Flags()) +} + +// GetClientTxContext returns a Context from a command with fields set based on flags +// defined in AddTxFlagsToCmd. An error is returned if any flag query fails. +// +// - client.Context field not pre-populated & flag not set: uses default flag value +// - client.Context field not pre-populated & flag set: uses set flag value +// - client.Context field pre-populated & flag not set: uses pre-populated value +// - client.Context field pre-populated & flag set: uses set flag value +func GetClientTxContext(cmd *cobra.Command) (Context, error) { + ctx := GetClientContextFromCmd(cmd) + +return readTxCommandFlags(ctx, cmd.Flags()) +} + +// GetClientContextFromCmd returns a Context from a command or an empty Context +// if it has not been set. +func GetClientContextFromCmd(cmd *cobra.Command) + +Context { + if v := cmd.Context().Value(ClientContextKey); v != nil { + clientCtxPtr := v.(*Context) + +return *clientCtxPtr +} + +return Context{ +} +} + +// SetCmdClientContext sets a command's Context value to the provided argument. +func SetCmdClientContext(cmd *cobra.Command, clientCtx Context) + +error { + v := cmd.Context().Value(ClientContextKey) + if v == nil { + return errors.New("client context not set") +} + clientCtxPtr := v.(*Context) + *clientCtxPtr = clientCtx + + return nil +} +``` + +```go expandable +package tx + +import ( + + "bufio" + "context" + "encoding/json" + "errors" + "fmt" + "os" + + gogogrpc "github.com/cosmos/gogoproto/grpc" + "github.com/spf13/pflag" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/client/input" + cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/cosmos/cosmos-sdk/types/tx" + "github.com/cosmos/cosmos-sdk/types/tx/signing" + authsigning "github.com/cosmos/cosmos-sdk/x/auth/signing" +) + +// GenerateOrBroadcastTxCLI will either generate and print and unsigned transaction +// or sign it and broadcast it returning an error upon failure. +func GenerateOrBroadcastTxCLI(clientCtx client.Context, flagSet *pflag.FlagSet, msgs ...sdk.Msg) + +error { + txf := NewFactoryCLI(clientCtx, flagSet) + +return GenerateOrBroadcastTxWithFactory(clientCtx, txf, msgs...) +} + +// GenerateOrBroadcastTxWithFactory will either generate and print and unsigned transaction +// or sign it and broadcast it returning an error upon failure. +func GenerateOrBroadcastTxWithFactory(clientCtx client.Context, txf Factory, msgs ...sdk.Msg) + +error { + // Validate all msgs before generating or broadcasting the tx. + // We were calling ValidateBasic separately in each CLI handler before. + // Right now, we're factorizing that call inside this function. + // ref: https://github.com/cosmos/cosmos-sdk/pull/9236#discussion_r623803504 + for _, msg := range msgs { + if err := msg.ValidateBasic(); err != nil { + return err +} + +} + + // If the --aux flag is set, we simply generate and print the AuxSignerData. + if clientCtx.IsAux { + auxSignerData, err := makeAuxSignerData(clientCtx, txf, msgs...) + if err != nil { + return err +} + +return clientCtx.PrintProto(&auxSignerData) +} + if clientCtx.GenerateOnly { + return txf.PrintUnsignedTx(clientCtx, msgs...) +} + +return BroadcastTx(clientCtx, txf, msgs...) +} + +// BroadcastTx attempts to generate, sign and broadcast a transaction with the +// given set of messages. It will also simulate gas requirements if necessary. +// It will return an error upon failure. +func BroadcastTx(clientCtx client.Context, txf Factory, msgs ...sdk.Msg) + +error { + txf, err := txf.Prepare(clientCtx) + if err != nil { + return err +} + if txf.SimulateAndExecute() || clientCtx.Simulate { + _, adjusted, err := CalculateGas(clientCtx, txf, msgs...) + if err != nil { + return err +} + +txf = txf.WithGas(adjusted) + _, _ = fmt.Fprintf(os.Stderr, "%s\n", GasEstimateResponse{ + GasEstimate: txf.Gas() +}) +} + if clientCtx.Simulate { + return nil +} + +tx, err := txf.BuildUnsignedTx(msgs...) + if err != nil { + return err +} + if !clientCtx.SkipConfirm { + txBytes, err := clientCtx.TxConfig.TxJSONEncoder()(tx.GetTx()) + if err != nil { + return err +} + if err := clientCtx.PrintRaw(json.RawMessage(txBytes)); err != nil { + _, _ = fmt.Fprintf(os.Stderr, "%s\n", txBytes) +} + buf := bufio.NewReader(os.Stdin) + +ok, err := input.GetConfirmation("confirm transaction before signing and broadcasting", buf, os.Stderr) + if err != nil || !ok { + _, _ = fmt.Fprintf(os.Stderr, "%s\n", "cancelled transaction") + +return err +} + +} + +err = Sign(txf, clientCtx.GetFromName(), tx, true) + if err != nil { + return err +} + +txBytes, err := clientCtx.TxConfig.TxEncoder()(tx.GetTx()) + if err != nil { + return err +} + + // broadcast to a Tendermint node + res, err := clientCtx.BroadcastTx(txBytes) + if err != nil { + return err +} + +return clientCtx.PrintProto(res) +} + +// CalculateGas simulates the execution of a transaction and returns the +// simulation response obtained by the query and the adjusted gas amount. +func CalculateGas( + clientCtx gogogrpc.ClientConn, txf Factory, msgs ...sdk.Msg, +) (*tx.SimulateResponse, uint64, error) { + txBytes, err := txf.BuildSimTx(msgs...) + if err != nil { + return nil, 0, err +} + txSvcClient := tx.NewServiceClient(clientCtx) + +simRes, err := txSvcClient.Simulate(context.Background(), &tx.SimulateRequest{ + TxBytes: txBytes, +}) + if err != nil { + return nil, 0, err +} + +return simRes, uint64(txf.GasAdjustment() * float64(simRes.GasInfo.GasUsed)), nil +} + +// SignWithPrivKey signs a given tx with the given private key, and returns the +// corresponding SignatureV2 if the signing is successful. +func SignWithPrivKey( + signMode signing.SignMode, signerData authsigning.SignerData, + txBuilder client.TxBuilder, priv cryptotypes.PrivKey, txConfig client.TxConfig, + accSeq uint64, +) (signing.SignatureV2, error) { + var sigV2 signing.SignatureV2 + + // Generate the bytes to be signed. + signBytes, err := txConfig.SignModeHandler().GetSignBytes(signMode, signerData, txBuilder.GetTx()) + if err != nil { + return sigV2, err +} + + // Sign those bytes + signature, err := priv.Sign(signBytes) + if err != nil { + return sigV2, err +} + + // Construct the SignatureV2 struct + sigData := signing.SingleSignatureData{ + SignMode: signMode, + Signature: signature, +} + +sigV2 = signing.SignatureV2{ + PubKey: priv.PubKey(), + Data: &sigData, + Sequence: accSeq, +} + +return sigV2, nil +} + +// countDirectSigners counts the number of DIRECT signers in a signature data. +func countDirectSigners(data signing.SignatureData) + +int { + switch data := data.(type) { + case *signing.SingleSignatureData: + if data.SignMode == signing.SignMode_SIGN_MODE_DIRECT { + return 1 +} + +return 0 + case *signing.MultiSignatureData: + directSigners := 0 + for _, d := range data.Signatures { + directSigners += countDirectSigners(d) +} + +return directSigners + default: + panic("unreachable case") +} +} + +// checkMultipleSigners checks that there can be maximum one DIRECT signer in +// a tx. +func checkMultipleSigners(tx authsigning.Tx) + +error { + directSigners := 0 + sigsV2, err := tx.GetSignaturesV2() + if err != nil { + return err +} + for _, sig := range sigsV2 { + directSigners += countDirectSigners(sig.Data) + if directSigners > 1 { + return sdkerrors.ErrNotSupported.Wrap("txs signed with CLI can have maximum 1 DIRECT signer") +} + +} + +return nil +} + +// Sign signs a given tx with a named key. The bytes signed over are canconical. +// The resulting signature will be added to the transaction builder overwriting the previous +// ones if overwrite=true (otherwise, the signature will be appended). +// Signing a transaction with mutltiple signers in the DIRECT mode is not supprted and will +// return an error. +// An error is returned upon failure. +func Sign(txf Factory, name string, txBuilder client.TxBuilder, overwriteSig bool) + +error { + if txf.keybase == nil { + return errors.New("keybase must be set prior to signing a transaction") +} + signMode := txf.signMode + if signMode == signing.SignMode_SIGN_MODE_UNSPECIFIED { + // use the SignModeHandler's default mode if unspecified + signMode = txf.txConfig.SignModeHandler().DefaultMode() +} + +k, err := txf.keybase.Key(name) + if err != nil { + return err +} + +pubKey, err := k.GetPubKey() + if err != nil { + return err +} + signerData := authsigning.SignerData{ + ChainID: txf.chainID, + AccountNumber: txf.accountNumber, + Sequence: txf.sequence, + PubKey: pubKey, + Address: sdk.AccAddress(pubKey.Address()).String(), +} + + // For SIGN_MODE_DIRECT, calling SetSignatures calls setSignerInfos on + // TxBuilder under the hood, and SignerInfos is needed to generated the + // sign bytes. This is the reason for setting SetSignatures here, with a + // nil signature. + // + // Note: this line is not needed for SIGN_MODE_LEGACY_AMINO, but putting it + // also doesn't affect its generated sign bytes, so for code's simplicity + // sake, we put it here. + sigData := signing.SingleSignatureData{ + SignMode: signMode, + Signature: nil, +} + sig := signing.SignatureV2{ + PubKey: pubKey, + Data: &sigData, + Sequence: txf.Sequence(), +} + +var prevSignatures []signing.SignatureV2 + if !overwriteSig { + prevSignatures, err = txBuilder.GetTx().GetSignaturesV2() + if err != nil { + return err +} + +} + // Overwrite or append signer infos. + var sigs []signing.SignatureV2 + if overwriteSig { + sigs = []signing.SignatureV2{ + sig +} + +} + +else { + sigs = append(sigs, prevSignatures...) + +sigs = append(sigs, sig) +} + if err := txBuilder.SetSignatures(sigs...); err != nil { + return err +} + if err := checkMultipleSigners(txBuilder.GetTx()); err != nil { + return err +} + + // Generate the bytes to be signed. + bytesToSign, err := txf.txConfig.SignModeHandler().GetSignBytes(signMode, signerData, txBuilder.GetTx()) + if err != nil { + return err +} + + // Sign those bytes + sigBytes, _, err := txf.keybase.Sign(name, bytesToSign) + if err != nil { + return err +} + + // Construct the SignatureV2 struct + sigData = signing.SingleSignatureData{ + SignMode: signMode, + Signature: sigBytes, +} + +sig = signing.SignatureV2{ + PubKey: pubKey, + Data: &sigData, + Sequence: txf.Sequence(), +} + if overwriteSig { + err = txBuilder.SetSignatures(sig) +} + +else { + prevSignatures = append(prevSignatures, sig) + +err = txBuilder.SetSignatures(prevSignatures...) +} + if err != nil { + return fmt.Errorf("unable to set signatures on payload: %w", err) +} + + // Run optional preprocessing if specified. By default, this is unset + // and will return nil. + return txf.PreprocessTx(name, txBuilder) +} + +// GasEstimateResponse defines a response definition for tx gas estimation. +type GasEstimateResponse struct { + GasEstimate uint64 `json:"gas_estimate" yaml:"gas_estimate"` +} + +func (gr GasEstimateResponse) + +String() + +string { + return fmt.Sprintf("gas estimate: %d", gr.GasEstimate) +} + +// makeAuxSignerData generates an AuxSignerData from the client inputs. +func makeAuxSignerData(clientCtx client.Context, f Factory, msgs ...sdk.Msg) (tx.AuxSignerData, error) { + b := NewAuxTxBuilder() + +fromAddress, name, _, err := client.GetFromFields(clientCtx, clientCtx.Keyring, clientCtx.From) + if err != nil { + return tx.AuxSignerData{ +}, err +} + +b.SetAddress(fromAddress.String()) + if clientCtx.Offline { + b.SetAccountNumber(f.accountNumber) + +b.SetSequence(f.sequence) +} + +else { + accNum, seq, err := clientCtx.AccountRetriever.GetAccountNumberSequence(clientCtx, fromAddress) + if err != nil { + return tx.AuxSignerData{ +}, err +} + +b.SetAccountNumber(accNum) + +b.SetSequence(seq) +} + +err = b.SetMsgs(msgs...) + if err != nil { + return tx.AuxSignerData{ +}, err +} + if f.tip != nil { + if _, err := sdk.AccAddressFromBech32(f.tip.Tipper); err != nil { + return tx.AuxSignerData{ +}, sdkerrors.ErrInvalidAddress.Wrap("tipper must be a bech32 address") +} + +b.SetTip(f.tip) +} + +err = b.SetSignMode(f.SignMode()) + if err != nil { + return tx.AuxSignerData{ +}, err +} + +key, err := clientCtx.Keyring.Key(name) + if err != nil { + return tx.AuxSignerData{ +}, err +} + +pub, err := key.GetPubKey() + if err != nil { + return tx.AuxSignerData{ +}, err +} + +err = b.SetPubKey(pub) + if err != nil { + return tx.AuxSignerData{ +}, err +} + +b.SetChainID(clientCtx.ChainID) + +signBz, err := b.GetSignBytes() + if err != nil { + return tx.AuxSignerData{ +}, err +} + +sig, _, err := clientCtx.Keyring.Sign(name, signBz) + if err != nil { + return tx.AuxSignerData{ +}, err +} + +b.SetSignature(sig) + +return b.GetAuxSignerData() +} +``` + +```go expandable +package tx + +import ( + + "github.com/cosmos/gogoproto/proto" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/cosmos/cosmos-sdk/types/tx" + "github.com/cosmos/cosmos-sdk/types/tx/signing" + "github.com/cosmos/cosmos-sdk/x/auth/ante" + authsigning "github.com/cosmos/cosmos-sdk/x/auth/signing" +) + +// wrapper is a wrapper around the tx.Tx proto.Message which retain the raw +// body and auth_info bytes. +type wrapper struct { + cdc codec.Codec + + tx *tx.Tx + + // bodyBz represents the protobuf encoding of TxBody. This should be encoding + // from the client using TxRaw if the tx was decoded from the wire + bodyBz []byte + + // authInfoBz represents the protobuf encoding of TxBody. This should be encoding + // from the client using TxRaw if the tx was decoded from the wire + authInfoBz []byte + + txBodyHasUnknownNonCriticals bool +} + +var ( + _ authsigning.Tx = &wrapper{ +} + _ client.TxBuilder = &wrapper{ +} + _ tx.TipTx = &wrapper{ +} + _ ante.HasExtensionOptionsTx = &wrapper{ +} + _ ExtensionOptionsTxBuilder = &wrapper{ +} + _ tx.TipTx = &wrapper{ +} +) + +// ExtensionOptionsTxBuilder defines a TxBuilder that can also set extensions. +type ExtensionOptionsTxBuilder interface { + client.TxBuilder + + SetExtensionOptions(...*codectypes.Any) + +SetNonCriticalExtensionOptions(...*codectypes.Any) +} + +func newBuilder(cdc codec.Codec) *wrapper { + return &wrapper{ + cdc: cdc, + tx: &tx.Tx{ + Body: &tx.TxBody{ +}, + AuthInfo: &tx.AuthInfo{ + Fee: &tx.Fee{ +}, +}, +}, +} +} + +func (w *wrapper) + +GetMsgs() []sdk.Msg { + return w.tx.GetMsgs() +} + +func (w *wrapper) + +ValidateBasic() + +error { + return w.tx.ValidateBasic() +} + +func (w *wrapper) + +getBodyBytes() []byte { + if len(w.bodyBz) == 0 { + // if bodyBz is empty, then marshal the body. bodyBz will generally + // be set to nil whenever SetBody is called so the result of calling + // this method should always return the correct bytes. Note that after + // decoding bodyBz is derived from TxRaw so that it matches what was + // transmitted over the wire + var err error + w.bodyBz, err = proto.Marshal(w.tx.Body) + if err != nil { + panic(err) +} + +} + +return w.bodyBz +} + +func (w *wrapper) + +getAuthInfoBytes() []byte { + if len(w.authInfoBz) == 0 { + // if authInfoBz is empty, then marshal the body. authInfoBz will generally + // be set to nil whenever SetAuthInfo is called so the result of calling + // this method should always return the correct bytes. Note that after + // decoding authInfoBz is derived from TxRaw so that it matches what was + // transmitted over the wire + var err error + w.authInfoBz, err = proto.Marshal(w.tx.AuthInfo) + if err != nil { + panic(err) +} + +} + +return w.authInfoBz +} + +func (w *wrapper) + +GetSigners() []sdk.AccAddress { + return w.tx.GetSigners() +} + +func (w *wrapper) + +GetPubKeys() ([]cryptotypes.PubKey, error) { + signerInfos := w.tx.AuthInfo.SignerInfos + pks := make([]cryptotypes.PubKey, len(signerInfos)) + for i, si := range signerInfos { + // NOTE: it is okay to leave this nil if there is no PubKey in the SignerInfo. + // PubKey's can be left unset in SignerInfo. + if si.PublicKey == nil { + continue +} + pkAny := si.PublicKey.GetCachedValue() + +pk, ok := pkAny.(cryptotypes.PubKey) + if ok { + pks[i] = pk +} + +else { + return nil, sdkerrors.Wrapf(sdkerrors.ErrLogic, "Expecting PubKey, got: %T", pkAny) +} + +} + +return pks, nil +} + +func (w *wrapper) + +GetGas() + +uint64 { + return w.tx.AuthInfo.Fee.GasLimit +} + +func (w *wrapper) + +GetFee() + +sdk.Coins { + return w.tx.AuthInfo.Fee.Amount +} + +func (w *wrapper) + +FeePayer() + +sdk.AccAddress { + feePayer := w.tx.AuthInfo.Fee.Payer + if feePayer != "" { + return sdk.MustAccAddressFromBech32(feePayer) +} + // use first signer as default if no payer specified + return w.GetSigners()[0] +} + +func (w *wrapper) + +FeeGranter() + +sdk.AccAddress { + feePayer := w.tx.AuthInfo.Fee.Granter + if feePayer != "" { + return sdk.MustAccAddressFromBech32(feePayer) +} + +return nil +} + +func (w *wrapper) + +GetTip() *tx.Tip { + return w.tx.AuthInfo.Tip +} + +func (w *wrapper) + +GetMemo() + +string { + return w.tx.Body.Memo +} + +// GetTimeoutHeight returns the transaction's timeout height (if set). +func (w *wrapper) + +GetTimeoutHeight() + +uint64 { + return w.tx.Body.TimeoutHeight +} + +func (w *wrapper) + +GetSignaturesV2() ([]signing.SignatureV2, error) { + signerInfos := w.tx.AuthInfo.SignerInfos + sigs := w.tx.Signatures + pubKeys, err := w.GetPubKeys() + if err != nil { + return nil, err +} + n := len(signerInfos) + res := make([]signing.SignatureV2, n) + for i, si := range signerInfos { + // handle nil signatures (in case of simulation) + if si.ModeInfo == nil { + res[i] = signing.SignatureV2{ + PubKey: pubKeys[i], +} + +} + +else { + var err error + sigData, err := ModeInfoAndSigToSignatureData(si.ModeInfo, sigs[i]) + if err != nil { + return nil, err +} + // sequence number is functionally a transaction nonce and referred to as such in the SDK + nonce := si.GetSequence() + +res[i] = signing.SignatureV2{ + PubKey: pubKeys[i], + Data: sigData, + Sequence: nonce, +} + + +} + +} + +return res, nil +} + +func (w *wrapper) + +SetMsgs(msgs ...sdk.Msg) + +error { + anys, err := tx.SetMsgs(msgs) + if err != nil { + return err +} + +w.tx.Body.Messages = anys + + // set bodyBz to nil because the cached bodyBz no longer matches tx.Body + w.bodyBz = nil + + return nil +} + +// SetTimeoutHeight sets the transaction's height timeout. +func (w *wrapper) + +SetTimeoutHeight(height uint64) { + w.tx.Body.TimeoutHeight = height + + // set bodyBz to nil because the cached bodyBz no longer matches tx.Body + w.bodyBz = nil +} + +func (w *wrapper) + +SetMemo(memo string) { + w.tx.Body.Memo = memo + + // set bodyBz to nil because the cached bodyBz no longer matches tx.Body + w.bodyBz = nil +} + +func (w *wrapper) + +SetGasLimit(limit uint64) { + if w.tx.AuthInfo.Fee == nil { + w.tx.AuthInfo.Fee = &tx.Fee{ +} + +} + +w.tx.AuthInfo.Fee.GasLimit = limit + + // set authInfoBz to nil because the cached authInfoBz no longer matches tx.AuthInfo + w.authInfoBz = nil +} + +func (w *wrapper) + +SetFeeAmount(coins sdk.Coins) { + if w.tx.AuthInfo.Fee == nil { + w.tx.AuthInfo.Fee = &tx.Fee{ +} + +} + +w.tx.AuthInfo.Fee.Amount = coins + + // set authInfoBz to nil because the cached authInfoBz no longer matches tx.AuthInfo + w.authInfoBz = nil +} + +func (w *wrapper) + +SetTip(tip *tx.Tip) { + w.tx.AuthInfo.Tip = tip + + // set authInfoBz to nil because the cached authInfoBz no longer matches tx.AuthInfo + w.authInfoBz = nil +} + +func (w *wrapper) + +SetFeePayer(feePayer sdk.AccAddress) { + if w.tx.AuthInfo.Fee == nil { + w.tx.AuthInfo.Fee = &tx.Fee{ +} + +} + +w.tx.AuthInfo.Fee.Payer = feePayer.String() + + // set authInfoBz to nil because the cached authInfoBz no longer matches tx.AuthInfo + w.authInfoBz = nil +} + +func (w *wrapper) + +SetFeeGranter(feeGranter sdk.AccAddress) { + if w.tx.AuthInfo.Fee == nil { + w.tx.AuthInfo.Fee = &tx.Fee{ +} + +} + +w.tx.AuthInfo.Fee.Granter = feeGranter.String() + + // set authInfoBz to nil because the cached authInfoBz no longer matches tx.AuthInfo + w.authInfoBz = nil +} + +func (w *wrapper) + +SetSignatures(signatures ...signing.SignatureV2) + +error { + n := len(signatures) + signerInfos := make([]*tx.SignerInfo, n) + rawSigs := make([][]byte, n) + for i, sig := range signatures { + var modeInfo *tx.ModeInfo + modeInfo, rawSigs[i] = SignatureDataToModeInfoAndSig(sig.Data) + +any, err := codectypes.NewAnyWithValue(sig.PubKey) + if err != nil { + return err +} + +signerInfos[i] = &tx.SignerInfo{ + PublicKey: any, + ModeInfo: modeInfo, + Sequence: sig.Sequence, +} + +} + +w.setSignerInfos(signerInfos) + +w.setSignatures(rawSigs) + +return nil +} + +func (w *wrapper) + +setSignerInfos(infos []*tx.SignerInfo) { + w.tx.AuthInfo.SignerInfos = infos + // set authInfoBz to nil because the cached authInfoBz no longer matches tx.AuthInfo + w.authInfoBz = nil +} + +func (w *wrapper) + +setSignerInfoAtIndex(index int, info *tx.SignerInfo) { + if w.tx.AuthInfo.SignerInfos == nil { + w.tx.AuthInfo.SignerInfos = make([]*tx.SignerInfo, len(w.GetSigners())) +} + +w.tx.AuthInfo.SignerInfos[index] = info + // set authInfoBz to nil because the cached authInfoBz no longer matches tx.AuthInfo + w.authInfoBz = nil +} + +func (w *wrapper) + +setSignatures(sigs [][]byte) { + w.tx.Signatures = sigs +} + +func (w *wrapper) + +setSignatureAtIndex(index int, sig []byte) { + if w.tx.Signatures == nil { + w.tx.Signatures = make([][]byte, len(w.GetSigners())) +} + +w.tx.Signatures[index] = sig +} + +func (w *wrapper) + +GetTx() + +authsigning.Tx { + return w +} + +func (w *wrapper) + +GetProtoTx() *tx.Tx { + return w.tx +} + +// Deprecated: AsAny extracts proto Tx and wraps it into Any. +// NOTE: You should probably use `GetProtoTx` if you want to serialize the transaction. +func (w *wrapper) + +AsAny() *codectypes.Any { + return codectypes.UnsafePackAny(w.tx) +} + +// WrapTx creates a TxBuilder wrapper around a tx.Tx proto message. +func WrapTx(protoTx *tx.Tx) + +client.TxBuilder { + return &wrapper{ + tx: protoTx, +} +} + +func (w *wrapper) + +GetExtensionOptions() []*codectypes.Any { + return w.tx.Body.ExtensionOptions +} + +func (w *wrapper) + +GetNonCriticalExtensionOptions() []*codectypes.Any { + return w.tx.Body.NonCriticalExtensionOptions +} + +func (w *wrapper) + +SetExtensionOptions(extOpts ...*codectypes.Any) { + w.tx.Body.ExtensionOptions = extOpts + w.bodyBz = nil +} + +func (w *wrapper) + +SetNonCriticalExtensionOptions(extOpts ...*codectypes.Any) { + w.tx.Body.NonCriticalExtensionOptions = extOpts + w.bodyBz = nil +} + +func (w *wrapper) + +AddAuxSignerData(data tx.AuxSignerData) + +error { + err := data.ValidateBasic() + if err != nil { + return err +} + +w.bodyBz = data.SignDoc.BodyBytes + + var body tx.TxBody + err = w.cdc.Unmarshal(w.bodyBz, &body) + if err != nil { + return err +} + if w.tx.Body.Memo != "" && w.tx.Body.Memo != body.Memo { + return sdkerrors.ErrInvalidRequest.Wrapf("TxBuilder has memo %s, got %s in AuxSignerData", w.tx.Body.Memo, body.Memo) +} + if w.tx.Body.TimeoutHeight != 0 && w.tx.Body.TimeoutHeight != body.TimeoutHeight { + return sdkerrors.ErrInvalidRequest.Wrapf("TxBuilder has timeout height %d, got %d in AuxSignerData", w.tx.Body.TimeoutHeight, body.TimeoutHeight) +} + if len(w.tx.Body.ExtensionOptions) != 0 { + if len(w.tx.Body.ExtensionOptions) != len(body.ExtensionOptions) { + return sdkerrors.ErrInvalidRequest.Wrapf("TxBuilder has %d extension options, got %d in AuxSignerData", len(w.tx.Body.ExtensionOptions), len(body.ExtensionOptions)) +} + for i, o := range w.tx.Body.ExtensionOptions { + if !o.Equal(body.ExtensionOptions[i]) { + return sdkerrors.ErrInvalidRequest.Wrapf("TxBuilder has extension option %+v at index %d, got %+v in AuxSignerData", o, i, body.ExtensionOptions[i]) +} + +} + +} + if len(w.tx.Body.NonCriticalExtensionOptions) != 0 { + if len(w.tx.Body.NonCriticalExtensionOptions) != len(body.NonCriticalExtensionOptions) { + return sdkerrors.ErrInvalidRequest.Wrapf("TxBuilder has %d non-critical extension options, got %d in AuxSignerData", len(w.tx.Body.NonCriticalExtensionOptions), len(body.NonCriticalExtensionOptions)) +} + for i, o := range w.tx.Body.NonCriticalExtensionOptions { + if !o.Equal(body.NonCriticalExtensionOptions[i]) { + return sdkerrors.ErrInvalidRequest.Wrapf("TxBuilder has non-critical extension option %+v at index %d, got %+v in AuxSignerData", o, i, body.NonCriticalExtensionOptions[i]) +} + +} + +} + if len(w.tx.Body.Messages) != 0 { + if len(w.tx.Body.Messages) != len(body.Messages) { + return sdkerrors.ErrInvalidRequest.Wrapf("TxBuilder has %d Msgs, got %d in AuxSignerData", len(w.tx.Body.Messages), len(body.Messages)) +} + for i, o := range w.tx.Body.Messages { + if !o.Equal(body.Messages[i]) { + return sdkerrors.ErrInvalidRequest.Wrapf("TxBuilder has Msg %+v at index %d, got %+v in AuxSignerData", o, i, body.Messages[i]) +} + +} + +} + if w.tx.AuthInfo.Tip != nil && data.SignDoc.Tip != nil { + if !w.tx.AuthInfo.Tip.Amount.IsEqual(data.SignDoc.Tip.Amount) { + return sdkerrors.ErrInvalidRequest.Wrapf("TxBuilder has tip %+v, got %+v in AuxSignerData", w.tx.AuthInfo.Tip.Amount, data.SignDoc.Tip.Amount) +} + if w.tx.AuthInfo.Tip.Tipper != data.SignDoc.Tip.Tipper { + return sdkerrors.ErrInvalidRequest.Wrapf("TxBuilder has tipper %s, got %s in AuxSignerData", w.tx.AuthInfo.Tip.Tipper, data.SignDoc.Tip.Tipper) +} + +} + +w.SetMemo(body.Memo) + +w.SetTimeoutHeight(body.TimeoutHeight) + +w.SetExtensionOptions(body.ExtensionOptions...) + +w.SetNonCriticalExtensionOptions(body.NonCriticalExtensionOptions...) + msgs := make([]sdk.Msg, len(body.Messages)) + for i, msgAny := range body.Messages { + msgs[i] = msgAny.GetCachedValue().(sdk.Msg) +} + +w.SetMsgs(msgs...) + +w.SetTip(data.GetSignDoc().GetTip()) + + // Get the aux signer's index in GetSigners. + signerIndex := -1 + for i, signer := range w.GetSigners() { + if signer.String() == data.Address { + signerIndex = i +} + +} + if signerIndex < 0 { + return sdkerrors.ErrLogic.Wrapf("address %s is not a signer", data.Address) +} + +w.setSignerInfoAtIndex(signerIndex, &tx.SignerInfo{ + PublicKey: data.SignDoc.PublicKey, + ModeInfo: &tx.ModeInfo{ + Sum: &tx.ModeInfo_Single_{ + Single: &tx.ModeInfo_Single{ + Mode: data.Mode +}}}, + Sequence: data.SignDoc.Sequence, +}) + +w.setSignatureAtIndex(signerIndex, data.Sig) + +return nil +} +``` + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/tx/v1beta1/tx.proto#L203-L224 +``` + +Example cmd: + +```go +./simd tx gov submit-proposal --title="Test Proposal" --description="My awesome proposal" --type="Text" --from validator-key --fee-granter=cosmos1xh44hxt7spr67hqaa7nyx5gnutrz5fraw6grxn --chain-id=testnet --fees="10stake" +``` + +### Granted Fee Deductions + +Fees are deducted from grants in the `x/auth` ante handler. To learn more about how ante handlers work, read the [Auth Module AnteHandlers Guide](/docs/sdk/vnext/build/modules/auth/README#antehandlers). + +### Gas + +In order to prevent DoS attacks, using a filtered `x/feegrant` incurs gas. The SDK must assure that the `grantee`'s transactions all conform to the filter set by the `granter`. The SDK does this by iterating over the allowed messages in the filter and charging 10 gas per filtered message. The SDK will then iterate over the messages being sent by the `grantee` to ensure the messages adhere to the filter, also charging 10 gas per message. The SDK will stop iterating and fail the transaction if it finds a message that does not conform to the filter. + +**WARNING**: The gas is charged against the granted allowance. Ensure your messages conform to the filter, if any, before sending transactions using your allowance. + +### Pruning + +A queue in the state maintained with the prefix of expiration of the grants and checks them on EndBlock with the current block time for every block to prune. + +## State + +### FeeAllowance + +Fee Allowances are identified by combining `Grantee` (the account address of fee allowance grantee) with the `Granter` (the account address of fee allowance granter). + +Fee allowance grants are stored in the state as follows: + +* Grant: `0x00 | grantee_addr_len (1 byte) | grantee_addr_bytes | granter_addr_len (1 byte) | granter_addr_bytes -> ProtocolBuffer(Grant)` + +```go expandable +// Code generated by protoc-gen-gogo. DO NOT EDIT. +// source: cosmos/feegrant/v1beta1/feegrant.proto + +package feegrant + +import ( + + fmt "fmt" + _ "github.com/cosmos/cosmos-proto" + types1 "github.com/cosmos/cosmos-sdk/codec/types" + github_com_cosmos_cosmos_sdk_types "github.com/cosmos/cosmos-sdk/types" + types "github.com/cosmos/cosmos-sdk/types" + _ "github.com/cosmos/cosmos-sdk/types/tx/amino" + _ "github.com/cosmos/gogoproto/gogoproto" + proto "github.com/cosmos/gogoproto/proto" + github_com_cosmos_gogoproto_types "github.com/cosmos/gogoproto/types" + _ "google.golang.org/protobuf/types/known/durationpb" + _ "google.golang.org/protobuf/types/known/timestamppb" + io "io" + math "math" + math_bits "math/bits" + time "time" +) + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf +var _ = time.Kitchen + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package + +// BasicAllowance implements Allowance with a one-time grant of coins +// that optionally expires. The grantee can use up to SpendLimit to cover fees. +type BasicAllowance struct { + // spend_limit specifies the maximum amount of coins that can be spent + // by this allowance and will be updated as coins are spent. If it is + // empty, there is no spend limit and any amount of coins can be spent. + SpendLimit github_com_cosmos_cosmos_sdk_types.Coins `protobuf:"bytes,1,rep,name=spend_limit,json=spendLimit,proto3,castrepeated=github.com/cosmos/cosmos-sdk/types.Coins" json:"spend_limit"` + // expiration specifies an optional time when this allowance expires + Expiration *time.Time `protobuf:"bytes,2,opt,name=expiration,proto3,stdtime" json:"expiration,omitempty"` +} + +func (m *BasicAllowance) + +Reset() { *m = BasicAllowance{ +} +} + +func (m *BasicAllowance) + +String() + +string { + return proto.CompactTextString(m) +} + +func (*BasicAllowance) + +ProtoMessage() { +} + +func (*BasicAllowance) + +Descriptor() ([]byte, []int) { + return fileDescriptor_7279582900c30aea, []int{0 +} +} + +func (m *BasicAllowance) + +XXX_Unmarshal(b []byte) + +error { + return m.Unmarshal(b) +} + +func (m *BasicAllowance) + +XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_BasicAllowance.Marshal(b, m, deterministic) +} + +else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err +} + +return b[:n], nil +} +} + +func (m *BasicAllowance) + +XXX_Merge(src proto.Message) { + xxx_messageInfo_BasicAllowance.Merge(m, src) +} + +func (m *BasicAllowance) + +XXX_Size() + +int { + return m.Size() +} + +func (m *BasicAllowance) + +XXX_DiscardUnknown() { + xxx_messageInfo_BasicAllowance.DiscardUnknown(m) +} + +var xxx_messageInfo_BasicAllowance proto.InternalMessageInfo + +func (m *BasicAllowance) + +GetSpendLimit() + +github_com_cosmos_cosmos_sdk_types.Coins { + if m != nil { + return m.SpendLimit +} + +return nil +} + +func (m *BasicAllowance) + +GetExpiration() *time.Time { + if m != nil { + return m.Expiration +} + +return nil +} + +// PeriodicAllowance extends Allowance to allow for both a maximum cap, +// as well as a limit per time period. +type PeriodicAllowance struct { + // basic specifies a struct of `BasicAllowance` + Basic BasicAllowance `protobuf:"bytes,1,opt,name=basic,proto3" json:"basic"` + // period specifies the time duration in which period_spend_limit coins can + // be spent before that allowance is reset + Period time.Duration `protobuf:"bytes,2,opt,name=period,proto3,stdduration" json:"period"` + // period_spend_limit specifies the maximum number of coins that can be spent + // in the period + PeriodSpendLimit github_com_cosmos_cosmos_sdk_types.Coins `protobuf:"bytes,3,rep,name=period_spend_limit,json=periodSpendLimit,proto3,castrepeated=github.com/cosmos/cosmos-sdk/types.Coins" json:"period_spend_limit"` + // period_can_spend is the number of coins left to be spent before the period_reset time + PeriodCanSpend github_com_cosmos_cosmos_sdk_types.Coins `protobuf:"bytes,4,rep,name=period_can_spend,json=periodCanSpend,proto3,castrepeated=github.com/cosmos/cosmos-sdk/types.Coins" json:"period_can_spend"` + // period_reset is the time at which this period resets and a new one begins, + // it is calculated from the start time of the first transaction after the + // last period ended + PeriodReset time.Time `protobuf:"bytes,5,opt,name=period_reset,json=periodReset,proto3,stdtime" json:"period_reset"` +} + +func (m *PeriodicAllowance) + +Reset() { *m = PeriodicAllowance{ +} +} + +func (m *PeriodicAllowance) + +String() + +string { + return proto.CompactTextString(m) +} + +func (*PeriodicAllowance) + +ProtoMessage() { +} + +func (*PeriodicAllowance) + +Descriptor() ([]byte, []int) { + return fileDescriptor_7279582900c30aea, []int{1 +} +} + +func (m *PeriodicAllowance) + +XXX_Unmarshal(b []byte) + +error { + return m.Unmarshal(b) +} + +func (m *PeriodicAllowance) + +XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_PeriodicAllowance.Marshal(b, m, deterministic) +} + +else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err +} + +return b[:n], nil +} +} + +func (m *PeriodicAllowance) + +XXX_Merge(src proto.Message) { + xxx_messageInfo_PeriodicAllowance.Merge(m, src) +} + +func (m *PeriodicAllowance) + +XXX_Size() + +int { + return m.Size() +} + +func (m *PeriodicAllowance) + +XXX_DiscardUnknown() { + xxx_messageInfo_PeriodicAllowance.DiscardUnknown(m) +} + +var xxx_messageInfo_PeriodicAllowance proto.InternalMessageInfo + +func (m *PeriodicAllowance) + +GetBasic() + +BasicAllowance { + if m != nil { + return m.Basic +} + +return BasicAllowance{ +} +} + +func (m *PeriodicAllowance) + +GetPeriod() + +time.Duration { + if m != nil { + return m.Period +} + +return 0 +} + +func (m *PeriodicAllowance) + +GetPeriodSpendLimit() + +github_com_cosmos_cosmos_sdk_types.Coins { + if m != nil { + return m.PeriodSpendLimit +} + +return nil +} + +func (m *PeriodicAllowance) + +GetPeriodCanSpend() + +github_com_cosmos_cosmos_sdk_types.Coins { + if m != nil { + return m.PeriodCanSpend +} + +return nil +} + +func (m *PeriodicAllowance) + +GetPeriodReset() + +time.Time { + if m != nil { + return m.PeriodReset +} + +return time.Time{ +} +} + +// AllowedMsgAllowance creates allowance only for specified message types. +type AllowedMsgAllowance struct { + // allowance can be any of basic and periodic fee allowance. + Allowance *types1.Any `protobuf:"bytes,1,opt,name=allowance,proto3" json:"allowance,omitempty"` + // allowed_messages are the messages for which the grantee has the access. + AllowedMessages []string `protobuf:"bytes,2,rep,name=allowed_messages,json=allowedMessages,proto3" json:"allowed_messages,omitempty"` +} + +func (m *AllowedMsgAllowance) + +Reset() { *m = AllowedMsgAllowance{ +} +} + +func (m *AllowedMsgAllowance) + +String() + +string { + return proto.CompactTextString(m) +} + +func (*AllowedMsgAllowance) + +ProtoMessage() { +} + +func (*AllowedMsgAllowance) + +Descriptor() ([]byte, []int) { + return fileDescriptor_7279582900c30aea, []int{2 +} +} + +func (m *AllowedMsgAllowance) + +XXX_Unmarshal(b []byte) + +error { + return m.Unmarshal(b) +} + +func (m *AllowedMsgAllowance) + +XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_AllowedMsgAllowance.Marshal(b, m, deterministic) +} + +else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err +} + +return b[:n], nil +} +} + +func (m *AllowedMsgAllowance) + +XXX_Merge(src proto.Message) { + xxx_messageInfo_AllowedMsgAllowance.Merge(m, src) +} + +func (m *AllowedMsgAllowance) + +XXX_Size() + +int { + return m.Size() +} + +func (m *AllowedMsgAllowance) + +XXX_DiscardUnknown() { + xxx_messageInfo_AllowedMsgAllowance.DiscardUnknown(m) +} + +var xxx_messageInfo_AllowedMsgAllowance proto.InternalMessageInfo + +// Grant is stored in the KVStore to record a grant with full context +type Grant struct { + // granter is the address of the user granting an allowance of their funds. + Granter string `protobuf:"bytes,1,opt,name=granter,proto3" json:"granter,omitempty"` + // grantee is the address of the user being granted an allowance of another user's funds. + Grantee string `protobuf:"bytes,2,opt,name=grantee,proto3" json:"grantee,omitempty"` + // allowance can be any of basic, periodic, allowed fee allowance. + Allowance *types1.Any `protobuf:"bytes,3,opt,name=allowance,proto3" json:"allowance,omitempty"` +} + +func (m *Grant) + +Reset() { *m = Grant{ +} +} + +func (m *Grant) + +String() + +string { + return proto.CompactTextString(m) +} + +func (*Grant) + +ProtoMessage() { +} + +func (*Grant) + +Descriptor() ([]byte, []int) { + return fileDescriptor_7279582900c30aea, []int{3 +} +} + +func (m *Grant) + +XXX_Unmarshal(b []byte) + +error { + return m.Unmarshal(b) +} + +func (m *Grant) + +XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_Grant.Marshal(b, m, deterministic) +} + +else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err +} + +return b[:n], nil +} +} + +func (m *Grant) + +XXX_Merge(src proto.Message) { + xxx_messageInfo_Grant.Merge(m, src) +} + +func (m *Grant) + +XXX_Size() + +int { + return m.Size() +} + +func (m *Grant) + +XXX_DiscardUnknown() { + xxx_messageInfo_Grant.DiscardUnknown(m) +} + +var xxx_messageInfo_Grant proto.InternalMessageInfo + +func (m *Grant) + +GetGranter() + +string { + if m != nil { + return m.Granter +} + +return "" +} + +func (m *Grant) + +GetGrantee() + +string { + if m != nil { + return m.Grantee +} + +return "" +} + +func (m *Grant) + +GetAllowance() *types1.Any { + if m != nil { + return m.Allowance +} + +return nil +} + +func init() { + proto.RegisterType((*BasicAllowance)(nil), "cosmos.feegrant.v1beta1.BasicAllowance") + +proto.RegisterType((*PeriodicAllowance)(nil), "cosmos.feegrant.v1beta1.PeriodicAllowance") + +proto.RegisterType((*AllowedMsgAllowance)(nil), "cosmos.feegrant.v1beta1.AllowedMsgAllowance") + +proto.RegisterType((*Grant)(nil), "cosmos.feegrant.v1beta1.Grant") +} + +func init() { + proto.RegisterFile("cosmos/feegrant/v1beta1/feegrant.proto", fileDescriptor_7279582900c30aea) +} + +var fileDescriptor_7279582900c30aea = []byte{ + // 639 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x55, 0x3f, 0x6f, 0xd3, 0x40, + 0x14, 0x8f, 0x9b, 0xb6, 0x28, 0x17, 0x28, 0xad, 0xa9, 0x84, 0x53, 0x21, 0xbb, 0x8a, 0x04, 0x4d, + 0x2b, 0xd5, 0x56, 0x8b, 0x58, 0x3a, 0x35, 0x2e, 0xa2, 0x80, 0x5a, 0xa9, 0x72, 0x99, 0x90, 0x50, + 0x74, 0xb6, 0xaf, 0xe6, 0x44, 0xec, 0x33, 0x3e, 0x17, 0x1a, 0x06, 0x66, 0xc4, 0x80, 0x32, 0x32, + 0x32, 0x22, 0xa6, 0x0e, 0xe5, 0x3b, 0x54, 0x0c, 0xa8, 0x62, 0x62, 0x22, 0x28, 0x19, 0x3a, 0xf3, + 0x0d, 0x90, 0xef, 0xce, 0x8e, 0x9b, 0x50, 0x68, 0x25, 0xba, 0x24, 0x77, 0xef, 0xde, 0xfb, 0xfd, + 0x79, 0xef, 0x45, 0x01, 0xb7, 0x1c, 0x42, 0x7d, 0x42, 0x8d, 0x1d, 0x84, 0xbc, 0x08, 0x06, 0xb1, + 0xf1, 0x62, 0xc9, 0x46, 0x31, 0x5c, 0xca, 0x02, 0x7a, 0x18, 0x91, 0x98, 0xc8, 0xd7, 0x79, 0x9e, + 0x9e, 0x85, 0x45, 0xde, 0xcc, 0xb4, 0x47, 0x3c, 0xc2, 0x72, 0x8c, 0xe4, 0xc4, 0xd3, 0x67, 0x2a, + 0x1e, 0x21, 0x5e, 0x13, 0x19, 0xec, 0x66, 0xef, 0xee, 0x18, 0x30, 0x68, 0xa5, 0x4f, 0x1c, 0xa9, + 0xc1, 0x6b, 0x04, 0x2c, 0x7f, 0x52, 0x85, 0x18, 0x1b, 0x52, 0x94, 0x09, 0x71, 0x08, 0x0e, 0xc4, + 0xfb, 0x14, 0xf4, 0x71, 0x40, 0x0c, 0xf6, 0x29, 0x42, 0xda, 0x20, 0x51, 0x8c, 0x7d, 0x44, 0x63, + 0xe8, 0x87, 0x29, 0xe6, 0x60, 0x82, 0xbb, 0x1b, 0xc1, 0x18, 0x13, 0x81, 0x59, 0x7d, 0x37, 0x02, + 0x26, 0x4c, 0x48, 0xb1, 0x53, 0x6f, 0x36, 0xc9, 0x4b, 0x18, 0x38, 0x48, 0x7e, 0x0e, 0xca, 0x34, + 0x44, 0x81, 0xdb, 0x68, 0x62, 0x1f, 0xc7, 0x8a, 0x34, 0x5b, 0xac, 0x95, 0x97, 0x2b, 0xba, 0x90, + 0x9a, 0x88, 0x4b, 0xdd, 0xeb, 0x6b, 0x04, 0x07, 0xe6, 0x9d, 0xc3, 0x1f, 0x5a, 0xe1, 0x53, 0x47, + 0xab, 0x79, 0x38, 0x7e, 0xba, 0x6b, 0xeb, 0x0e, 0xf1, 0x85, 0x2f, 0xf1, 0xb5, 0x48, 0xdd, 0x67, + 0x46, 0xdc, 0x0a, 0x11, 0x65, 0x05, 0xf4, 0xe3, 0xf1, 0xfe, 0x82, 0x64, 0x01, 0x46, 0xb2, 0x91, + 0x70, 0xc8, 0xab, 0x00, 0xa0, 0xbd, 0x10, 0x73, 0x65, 0xca, 0xc8, 0xac, 0x54, 0x2b, 0x2f, 0xcf, + 0xe8, 0x5c, 0xba, 0x9e, 0x4a, 0xd7, 0x1f, 0xa5, 0xde, 0xcc, 0xd1, 0x76, 0x47, 0x93, 0xac, 0x5c, + 0xcd, 0xca, 0xfa, 0x97, 0x83, 0xc5, 0x9b, 0xa7, 0x0c, 0x49, 0xbf, 0x87, 0x50, 0x66, 0xef, 0xc1, + 0xdb, 0xe3, 0xfd, 0x85, 0x4a, 0x4e, 0xd8, 0x49, 0xf7, 0xd5, 0xcf, 0xa3, 0x60, 0x6a, 0x0b, 0x45, + 0x98, 0xb8, 0xf9, 0x9e, 0xdc, 0x07, 0x63, 0x76, 0x92, 0xa7, 0x48, 0x4c, 0xdb, 0x9c, 0x7e, 0x1a, + 0xd5, 0x49, 0x34, 0xb3, 0x94, 0xf4, 0x86, 0xfb, 0xe5, 0x00, 0xf2, 0x2a, 0x18, 0x0f, 0x19, 0xbc, + 0xb0, 0x59, 0x19, 0xb2, 0x79, 0x57, 0x4c, 0xc8, 0xbc, 0x92, 0x14, 0xbf, 0xef, 0x68, 0x12, 0x07, + 0x10, 0x75, 0xf2, 0x6b, 0x20, 0xf3, 0x53, 0x23, 0x3f, 0xa6, 0xe2, 0x05, 0x8d, 0x69, 0x92, 0x73, + 0x6d, 0xf7, 0x87, 0xf5, 0x0a, 0x88, 0x58, 0xc3, 0x81, 0x01, 0xd7, 0xa0, 0x8c, 0x5e, 0x10, 0xfb, + 0x04, 0x67, 0x5a, 0x83, 0x01, 0x13, 0x20, 0x6f, 0x80, 0xcb, 0x82, 0x3b, 0x42, 0x14, 0xc5, 0xca, + 0xd8, 0x3f, 0x57, 0x85, 0x35, 0xb1, 0x9d, 0x35, 0xb1, 0xcc, 0xcb, 0xad, 0xa4, 0x7a, 0xe5, 0xe1, + 0xb9, 0x96, 0xe6, 0x46, 0x4e, 0xe8, 0xd0, 0x86, 0x54, 0x7f, 0x49, 0xe0, 0x1a, 0xbb, 0x21, 0x77, + 0x93, 0x7a, 0xfd, 0xcd, 0x79, 0x02, 0x4a, 0x30, 0xbd, 0x88, 0xed, 0x99, 0x1e, 0x92, 0x5b, 0x0f, + 0x5a, 0xe6, 0xfc, 0x99, 0xc5, 0x58, 0x7d, 0x44, 0x79, 0x1e, 0x4c, 0x42, 0xce, 0xda, 0xf0, 0x11, + 0xa5, 0xd0, 0x43, 0x54, 0x19, 0x99, 0x2d, 0xd6, 0x4a, 0xd6, 0x55, 0x11, 0xdf, 0x14, 0xe1, 0x95, + 0xad, 0x37, 0x1f, 0xb4, 0xc2, 0xb9, 0x1c, 0xab, 0x39, 0xc7, 0x7f, 0xf0, 0x56, 0xfd, 0x2a, 0x81, + 0xb1, 0xf5, 0x04, 0x42, 0x5e, 0x06, 0x97, 0x18, 0x16, 0x8a, 0x98, 0xc7, 0x92, 0xa9, 0x7c, 0x3b, + 0x58, 0x9c, 0x16, 0x44, 0x75, 0xd7, 0x8d, 0x10, 0xa5, 0xdb, 0x71, 0x84, 0x03, 0xcf, 0x4a, 0x13, + 0xfb, 0x35, 0x88, 0xfd, 0x14, 0xce, 0x50, 0x33, 0xd0, 0xcd, 0xe2, 0xff, 0xee, 0xa6, 0x59, 0x3f, + 0xec, 0xaa, 0xd2, 0x51, 0x57, 0x95, 0x7e, 0x76, 0x55, 0xa9, 0xdd, 0x53, 0x0b, 0x47, 0x3d, 0xb5, + 0xf0, 0xbd, 0xa7, 0x16, 0x1e, 0xcf, 0xfd, 0x75, 0x6f, 0xf7, 0xb2, 0xff, 0x0b, 0x7b, 0x9c, 0xc9, + 0xb8, 0xfd, 0x3b, 0x00, 0x00, 0xff, 0xff, 0xe4, 0x3d, 0x09, 0x1d, 0x5a, 0x06, 0x00, 0x00, +} + +func (m *BasicAllowance) + +Marshal() (dAtA []byte, err error) { + size := m.Size() + +dAtA = make([]byte, size) + +n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err +} + +return dAtA[:n], nil +} + +func (m *BasicAllowance) + +MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + +return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *BasicAllowance) + +MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.Expiration != nil { + n1, err1 := github_com_cosmos_gogoproto_types.StdTimeMarshalTo(*m.Expiration, dAtA[i-github_com_cosmos_gogoproto_types.SizeOfStdTime(*m.Expiration):]) + if err1 != nil { + return 0, err1 +} + +i -= n1 + i = encodeVarintFeegrant(dAtA, i, uint64(n1)) + +i-- + dAtA[i] = 0x12 +} + if len(m.SpendLimit) > 0 { + for iNdEx := len(m.SpendLimit) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.SpendLimit[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err +} + +i -= size + i = encodeVarintFeegrant(dAtA, i, uint64(size)) +} + +i-- + dAtA[i] = 0xa +} + +} + +return len(dAtA) - i, nil +} + +func (m *PeriodicAllowance) + +Marshal() (dAtA []byte, err error) { + size := m.Size() + +dAtA = make([]byte, size) + +n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err +} + +return dAtA[:n], nil +} + +func (m *PeriodicAllowance) + +MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + +return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *PeriodicAllowance) + +MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + n2, err2 := github_com_cosmos_gogoproto_types.StdTimeMarshalTo(m.PeriodReset, dAtA[i-github_com_cosmos_gogoproto_types.SizeOfStdTime(m.PeriodReset):]) + if err2 != nil { + return 0, err2 +} + +i -= n2 + i = encodeVarintFeegrant(dAtA, i, uint64(n2)) + +i-- + dAtA[i] = 0x2a + if len(m.PeriodCanSpend) > 0 { + for iNdEx := len(m.PeriodCanSpend) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.PeriodCanSpend[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err +} + +i -= size + i = encodeVarintFeegrant(dAtA, i, uint64(size)) +} + +i-- + dAtA[i] = 0x22 +} + +} + if len(m.PeriodSpendLimit) > 0 { + for iNdEx := len(m.PeriodSpendLimit) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.PeriodSpendLimit[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err +} + +i -= size + i = encodeVarintFeegrant(dAtA, i, uint64(size)) +} + +i-- + dAtA[i] = 0x1a +} + +} + +n3, err3 := github_com_cosmos_gogoproto_types.StdDurationMarshalTo(m.Period, dAtA[i-github_com_cosmos_gogoproto_types.SizeOfStdDuration(m.Period):]) + if err3 != nil { + return 0, err3 +} + +i -= n3 + i = encodeVarintFeegrant(dAtA, i, uint64(n3)) + +i-- + dAtA[i] = 0x12 + { + size, err := m.Basic.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err +} + +i -= size + i = encodeVarintFeegrant(dAtA, i, uint64(size)) +} + +i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *AllowedMsgAllowance) + +Marshal() (dAtA []byte, err error) { + size := m.Size() + +dAtA = make([]byte, size) + +n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err +} + +return dAtA[:n], nil +} + +func (m *AllowedMsgAllowance) + +MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + +return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *AllowedMsgAllowance) + +MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.AllowedMessages) > 0 { + for iNdEx := len(m.AllowedMessages) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.AllowedMessages[iNdEx]) + +copy(dAtA[i:], m.AllowedMessages[iNdEx]) + +i = encodeVarintFeegrant(dAtA, i, uint64(len(m.AllowedMessages[iNdEx]))) + +i-- + dAtA[i] = 0x12 +} + +} + if m.Allowance != nil { + { + size, err := m.Allowance.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err +} + +i -= size + i = encodeVarintFeegrant(dAtA, i, uint64(size)) +} + +i-- + dAtA[i] = 0xa +} + +return len(dAtA) - i, nil +} + +func (m *Grant) + +Marshal() (dAtA []byte, err error) { + size := m.Size() + +dAtA = make([]byte, size) + +n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err +} + +return dAtA[:n], nil +} + +func (m *Grant) + +MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + +return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *Grant) + +MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.Allowance != nil { + { + size, err := m.Allowance.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err +} + +i -= size + i = encodeVarintFeegrant(dAtA, i, uint64(size)) +} + +i-- + dAtA[i] = 0x1a +} + if len(m.Grantee) > 0 { + i -= len(m.Grantee) + +copy(dAtA[i:], m.Grantee) + +i = encodeVarintFeegrant(dAtA, i, uint64(len(m.Grantee))) + +i-- + dAtA[i] = 0x12 +} + if len(m.Granter) > 0 { + i -= len(m.Granter) + +copy(dAtA[i:], m.Granter) + +i = encodeVarintFeegrant(dAtA, i, uint64(len(m.Granter))) + +i-- + dAtA[i] = 0xa +} + +return len(dAtA) - i, nil +} + +func encodeVarintFeegrant(dAtA []byte, offset int, v uint64) + +int { + offset -= sovFeegrant(v) + base := offset + for v >= 1<<7 { + dAtA[offset] = uint8(v&0x7f | 0x80) + +v >>= 7 + offset++ +} + +dAtA[offset] = uint8(v) + +return base +} + +func (m *BasicAllowance) + +Size() (n int) { + if m == nil { + return 0 +} + +var l int + _ = l + if len(m.SpendLimit) > 0 { + for _, e := range m.SpendLimit { + l = e.Size() + +n += 1 + l + sovFeegrant(uint64(l)) +} + +} + if m.Expiration != nil { + l = github_com_cosmos_gogoproto_types.SizeOfStdTime(*m.Expiration) + +n += 1 + l + sovFeegrant(uint64(l)) +} + +return n +} + +func (m *PeriodicAllowance) + +Size() (n int) { + if m == nil { + return 0 +} + +var l int + _ = l + l = m.Basic.Size() + +n += 1 + l + sovFeegrant(uint64(l)) + +l = github_com_cosmos_gogoproto_types.SizeOfStdDuration(m.Period) + +n += 1 + l + sovFeegrant(uint64(l)) + if len(m.PeriodSpendLimit) > 0 { + for _, e := range m.PeriodSpendLimit { + l = e.Size() + +n += 1 + l + sovFeegrant(uint64(l)) +} + +} + if len(m.PeriodCanSpend) > 0 { + for _, e := range m.PeriodCanSpend { + l = e.Size() + +n += 1 + l + sovFeegrant(uint64(l)) +} + +} + +l = github_com_cosmos_gogoproto_types.SizeOfStdTime(m.PeriodReset) + +n += 1 + l + sovFeegrant(uint64(l)) + +return n +} + +func (m *AllowedMsgAllowance) + +Size() (n int) { + if m == nil { + return 0 +} + +var l int + _ = l + if m.Allowance != nil { + l = m.Allowance.Size() + +n += 1 + l + sovFeegrant(uint64(l)) +} + if len(m.AllowedMessages) > 0 { + for _, s := range m.AllowedMessages { + l = len(s) + +n += 1 + l + sovFeegrant(uint64(l)) +} + +} + +return n +} + +func (m *Grant) + +Size() (n int) { + if m == nil { + return 0 +} + +var l int + _ = l + l = len(m.Granter) + if l > 0 { + n += 1 + l + sovFeegrant(uint64(l)) +} + +l = len(m.Grantee) + if l > 0 { + n += 1 + l + sovFeegrant(uint64(l)) +} + if m.Allowance != nil { + l = m.Allowance.Size() + +n += 1 + l + sovFeegrant(uint64(l)) +} + +return n +} + +func sovFeegrant(x uint64) (n int) { + return (math_bits.Len64(x|1) + 6) / 7 +} + +func sozFeegrant(x uint64) (n int) { + return sovFeegrant(uint64((x << 1) ^ uint64((int64(x) >> 63)))) +} + +func (m *BasicAllowance) + +Unmarshal(dAtA []byte) + +error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowFeegrant +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break +} + +} + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: BasicAllowance: wiretype end group for non-group") +} + if fieldNum <= 0 { + return fmt.Errorf("proto: BasicAllowance: illegal tag %d (wire type %d)", fieldNum, wire) +} + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SpendLimit", wireType) +} + +var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowFeegrant +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break +} + +} + if msglen < 0 { + return ErrInvalidLengthFeegrant +} + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthFeegrant +} + if postIndex > l { + return io.ErrUnexpectedEOF +} + +m.SpendLimit = append(m.SpendLimit, types.Coin{ +}) + if err := m.SpendLimit[len(m.SpendLimit)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err +} + +iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Expiration", wireType) +} + +var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowFeegrant +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break +} + +} + if msglen < 0 { + return ErrInvalidLengthFeegrant +} + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthFeegrant +} + if postIndex > l { + return io.ErrUnexpectedEOF +} + if m.Expiration == nil { + m.Expiration = new(time.Time) +} + if err := github_com_cosmos_gogoproto_types.StdTimeUnmarshal(m.Expiration, dAtA[iNdEx:postIndex]); err != nil { + return err +} + +iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipFeegrant(dAtA[iNdEx:]) + if err != nil { + return err +} + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthFeegrant +} + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF +} + +iNdEx += skippy +} + +} + if iNdEx > l { + return io.ErrUnexpectedEOF +} + +return nil +} + +func (m *PeriodicAllowance) + +Unmarshal(dAtA []byte) + +error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowFeegrant +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break +} + +} + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: PeriodicAllowance: wiretype end group for non-group") +} + if fieldNum <= 0 { + return fmt.Errorf("proto: PeriodicAllowance: illegal tag %d (wire type %d)", fieldNum, wire) +} + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Basic", wireType) +} + +var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowFeegrant +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break +} + +} + if msglen < 0 { + return ErrInvalidLengthFeegrant +} + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthFeegrant +} + if postIndex > l { + return io.ErrUnexpectedEOF +} + if err := m.Basic.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err +} + +iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Period", wireType) +} + +var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowFeegrant +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break +} + +} + if msglen < 0 { + return ErrInvalidLengthFeegrant +} + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthFeegrant +} + if postIndex > l { + return io.ErrUnexpectedEOF +} + if err := github_com_cosmos_gogoproto_types.StdDurationUnmarshal(&m.Period, dAtA[iNdEx:postIndex]); err != nil { + return err +} + +iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field PeriodSpendLimit", wireType) +} + +var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowFeegrant +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break +} + +} + if msglen < 0 { + return ErrInvalidLengthFeegrant +} + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthFeegrant +} + if postIndex > l { + return io.ErrUnexpectedEOF +} + +m.PeriodSpendLimit = append(m.PeriodSpendLimit, types.Coin{ +}) + if err := m.PeriodSpendLimit[len(m.PeriodSpendLimit)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err +} + +iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field PeriodCanSpend", wireType) +} + +var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowFeegrant +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break +} + +} + if msglen < 0 { + return ErrInvalidLengthFeegrant +} + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthFeegrant +} + if postIndex > l { + return io.ErrUnexpectedEOF +} + +m.PeriodCanSpend = append(m.PeriodCanSpend, types.Coin{ +}) + if err := m.PeriodCanSpend[len(m.PeriodCanSpend)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err +} + +iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field PeriodReset", wireType) +} + +var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowFeegrant +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break +} + +} + if msglen < 0 { + return ErrInvalidLengthFeegrant +} + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthFeegrant +} + if postIndex > l { + return io.ErrUnexpectedEOF +} + if err := github_com_cosmos_gogoproto_types.StdTimeUnmarshal(&m.PeriodReset, dAtA[iNdEx:postIndex]); err != nil { + return err +} + +iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipFeegrant(dAtA[iNdEx:]) + if err != nil { + return err +} + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthFeegrant +} + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF +} + +iNdEx += skippy +} + +} + if iNdEx > l { + return io.ErrUnexpectedEOF +} + +return nil +} + +func (m *AllowedMsgAllowance) + +Unmarshal(dAtA []byte) + +error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowFeegrant +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break +} + +} + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: AllowedMsgAllowance: wiretype end group for non-group") +} + if fieldNum <= 0 { + return fmt.Errorf("proto: AllowedMsgAllowance: illegal tag %d (wire type %d)", fieldNum, wire) +} + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Allowance", wireType) +} + +var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowFeegrant +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break +} + +} + if msglen < 0 { + return ErrInvalidLengthFeegrant +} + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthFeegrant +} + if postIndex > l { + return io.ErrUnexpectedEOF +} + if m.Allowance == nil { + m.Allowance = &types1.Any{ +} + +} + if err := m.Allowance.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err +} + +iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AllowedMessages", wireType) +} + +var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowFeegrant +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break +} + +} + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthFeegrant +} + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthFeegrant +} + if postIndex > l { + return io.ErrUnexpectedEOF +} + +m.AllowedMessages = append(m.AllowedMessages, string(dAtA[iNdEx:postIndex])) + +iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipFeegrant(dAtA[iNdEx:]) + if err != nil { + return err +} + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthFeegrant +} + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF +} + +iNdEx += skippy +} + +} + if iNdEx > l { + return io.ErrUnexpectedEOF +} + +return nil +} + +func (m *Grant) + +Unmarshal(dAtA []byte) + +error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowFeegrant +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break +} + +} + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: Grant: wiretype end group for non-group") +} + if fieldNum <= 0 { + return fmt.Errorf("proto: Grant: illegal tag %d (wire type %d)", fieldNum, wire) +} + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Granter", wireType) +} + +var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowFeegrant +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break +} + +} + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthFeegrant +} + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthFeegrant +} + if postIndex > l { + return io.ErrUnexpectedEOF +} + +m.Granter = string(dAtA[iNdEx:postIndex]) + +iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Grantee", wireType) +} + +var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowFeegrant +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break +} + +} + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthFeegrant +} + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthFeegrant +} + if postIndex > l { + return io.ErrUnexpectedEOF +} + +m.Grantee = string(dAtA[iNdEx:postIndex]) + +iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Allowance", wireType) +} + +var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowFeegrant +} + if iNdEx >= l { + return io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break +} + +} + if msglen < 0 { + return ErrInvalidLengthFeegrant +} + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthFeegrant +} + if postIndex > l { + return io.ErrUnexpectedEOF +} + if m.Allowance == nil { + m.Allowance = &types1.Any{ +} + +} + if err := m.Allowance.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err +} + +iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipFeegrant(dAtA[iNdEx:]) + if err != nil { + return err +} + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthFeegrant +} + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF +} + +iNdEx += skippy +} + +} + if iNdEx > l { + return io.ErrUnexpectedEOF +} + +return nil +} + +func skipFeegrant(dAtA []byte) (n int, err error) { + l := len(dAtA) + iNdEx := 0 + depth := 0 + for iNdEx < l { + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowFeegrant +} + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break +} + +} + wireType := int(wire & 0x7) + switch wireType { + case 0: + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowFeegrant +} + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF +} + +iNdEx++ + if dAtA[iNdEx-1] < 0x80 { + break +} + +} + case 1: + iNdEx += 8 + case 2: + var length int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowFeegrant +} + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF +} + b := dAtA[iNdEx] + iNdEx++ + length |= (int(b) & 0x7F) << shift + if b < 0x80 { + break +} + +} + if length < 0 { + return 0, ErrInvalidLengthFeegrant +} + +iNdEx += length + case 3: + depth++ + case 4: + if depth == 0 { + return 0, ErrUnexpectedEndOfGroupFeegrant +} + +depth-- + case 5: + iNdEx += 4 + default: + return 0, fmt.Errorf("proto: illegal wireType %d", wireType) +} + if iNdEx < 0 { + return 0, ErrInvalidLengthFeegrant +} + if depth == 0 { + return iNdEx, nil +} + +} + +return 0, io.ErrUnexpectedEOF +} + +var ( + ErrInvalidLengthFeegrant = fmt.Errorf("proto: negative length found during unmarshaling") + +ErrIntOverflowFeegrant = fmt.Errorf("proto: integer overflow") + +ErrUnexpectedEndOfGroupFeegrant = fmt.Errorf("proto: unexpected end of group") +) +``` + +### FeeAllowanceQueue + +Fee Allowances queue items are identified by combining the `FeeAllowancePrefixQueue` (i.e., 0x01), `expiration`, `grantee` (the account address of fee allowance grantee), `granter` (the account address of fee allowance granter). Endblocker checks `FeeAllowanceQueue` state for the expired grants and prunes them from `FeeAllowance` if there are any found. + +Fee allowance queue keys are stored in the state as follows: + +* Grant: `0x01 | expiration_bytes | grantee_addr_len (1 byte) | grantee_addr_bytes | granter_addr_len (1 byte) | granter_addr_bytes -> EmptyBytes` + +## Messages + +### Msg/GrantAllowance + +A fee allowance grant will be created with the `MsgGrantAllowance` message. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/tx.proto#L25-L39 +``` + +### Msg/RevokeAllowance + +An allowed grant fee allowance can be removed with the `MsgRevokeAllowance` message. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/feegrant/v1beta1/tx.proto#L41-L54 +``` + +## Events + +The feegrant module emits the following events: + +## Msg Server + +### MsgGrantAllowance + +| Type | Attribute Key | Attribute Value | +| ------- | ------------- | ---------------- | +| message | action | set\_feegrant | +| message | granter | `{granterAddress}` | +| message | grantee | `{granteeAddress}` | + +### MsgRevokeAllowance + +| Type | Attribute Key | Attribute Value | +| ------- | ------------- | ---------------- | +| message | action | revoke\_feegrant | +| message | granter | `{granterAddress}` | +| message | grantee | `{granteeAddress}` | + +### Exec fee allowance + +| Type | Attribute Key | Attribute Value | +| ------- | ------------- | ---------------- | +| message | action | use\_feegrant | +| message | granter | `{granterAddress}` | +| message | grantee | `{granteeAddress}` | + +### Prune fee allowances + +| Type | Attribute Key | Attribute Value | +| ------- | ------------- | --------------- | +| message | action | prune\_feegrant | +| message | pruner | `{prunerAddress}` | + +## Client + +### CLI + +A user can query and interact with the `feegrant` module using the CLI. + +#### Query + +The `query` commands allow users to query `feegrant` state. + +```shell +simd query feegrant --help +``` + +##### grant + +The `grant` command allows users to query a grant for a given granter-grantee pair. + +```shell +simd query feegrant grant [granter] [grantee] [flags] +``` + +Example: + +```shell +simd query feegrant grant cosmos1.. cosmos1.. +``` + +Example Output: + +```yml +allowance: + '@type': /cosmos.feegrant.v1beta1.BasicAllowance + expiration: null + spend_limit: + - amount: "100" + denom: stake +grantee: cosmos1.. +granter: cosmos1.. +``` + +##### grants + +The `grants` command allows users to query all grants for a given grantee. + +```shell +simd query feegrant grants [grantee] [flags] +``` + +Example: + +```shell +simd query feegrant grants cosmos1.. +``` + +Example Output: + +```yml expandable +allowances: +- allowance: + '@type': /cosmos.feegrant.v1beta1.BasicAllowance + expiration: null + spend_limit: + - amount: "100" + denom: stake + grantee: cosmos1.. + granter: cosmos1.. +pagination: + next_key: null + total: "0" +``` + +#### Transactions + +The `tx` commands allow users to interact with the `feegrant` module. + +```shell +simd tx feegrant --help +``` + +##### grant + +The `grant` command allows users to grant fee allowances to another account. The fee allowance can have an expiration date, a total spend limit, and/or a periodic spend limit. + +```shell +simd tx feegrant grant [granter] [grantee] [flags] +``` + +Example (one-time spend limit): + +```shell +simd tx feegrant grant cosmos1.. cosmos1.. --spend-limit 100stake +``` + +Example (periodic spend limit): + +```shell +simd tx feegrant grant cosmos1.. cosmos1.. --period 3600 --period-limit 10stake +``` + +##### revoke + +The `revoke` command allows users to revoke a granted fee allowance. + +```shell +simd tx feegrant revoke [granter] [grantee] [flags] +``` + +Example: + +```shell +simd tx feegrant revoke cosmos1.. cosmos1.. +``` + +### gRPC + +A user can query the `feegrant` module using gRPC endpoints. + +#### Allowance + +The `Allowance` endpoint allows users to query a granted fee allowance. + +```shell +cosmos.feegrant.v1beta1.Query/Allowance +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"grantee":"cosmos1..","granter":"cosmos1.."}' \ + localhost:9090 \ + cosmos.feegrant.v1beta1.Query/Allowance +``` + +Example Output: + +```json +{ + "allowance": { + "granter": "cosmos1..", + "grantee": "cosmos1..", + "allowance": { + "@type": "/cosmos.feegrant.v1beta1.BasicAllowance", + "spendLimit": [ + { + "denom": "stake", + "amount": "100" + } + ] + } + } +} +``` + +#### Allowances + +The `Allowances` endpoint allows users to query all granted fee allowances for a given grantee. + +```shell +cosmos.feegrant.v1beta1.Query/Allowances +``` + +Example: + +```shell +grpcurl -plaintext \ + -d '{"address":"cosmos1.."}' \ + localhost:9090 \ + cosmos.feegrant.v1beta1.Query/Allowances +``` + +Example Output: + +```json expandable +{ + "allowances": [ + { + "granter": "cosmos1..", + "grantee": "cosmos1..", + "allowance": { + "@type": "/cosmos.feegrant.v1beta1.BasicAllowance", + "spendLimit": [ + { + "denom": "stake", + "amount": "100" + } + ] + } + } + ], + "pagination": { + "total": "1" + } +} +``` diff --git a/docs/sdk/next/build/modules/genutil/README.mdx b/docs/sdk/next/build/modules/genutil/README.mdx new file mode 100644 index 00000000..d9e3fe3f --- /dev/null +++ b/docs/sdk/next/build/modules/genutil/README.mdx @@ -0,0 +1,1250 @@ +--- +title: '`x/genutil`' +description: >- + The genutil package contains a variety of genesis utility functionalities for + usage within a blockchain application. Namely: +--- +## Concepts + +The `genutil` package contains a variety of genesis utility functionalities for usage within a blockchain application. Namely: + +* Genesis transactions related (gentx) +* Commands for collection and creation of gentxs +* `InitChain` processing of gentxs +* Genesis file creation +* Genesis file validation +* Genesis file migration +* CometBFT related initialization + * Translation of an app genesis to a CometBFT genesis + +## Genesis + +Genutil contains the data structure that defines an application genesis. +An application genesis consists of a consensus genesis (g.e. CometBFT genesis) and application related genesis data. + +```go expandable +package types + +import ( + + "bytes" + "encoding/json" + "errors" + "fmt" + "os" + "time" + + cmtjson "github.com/cometbft/cometbft/libs/json" + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + cmttypes "github.com/cometbft/cometbft/types" + cmttime "github.com/cometbft/cometbft/types/time" + "github.com/cosmos/cosmos-sdk/version" +) + +const ( + // MaxChainIDLen is the maximum length of a chain ID. + MaxChainIDLen = cmttypes.MaxChainIDLen +) + +// AppGenesis defines the app's genesis. +type AppGenesis struct { + AppName string `json:"app_name"` + AppVersion string `json:"app_version"` + GenesisTime time.Time `json:"genesis_time"` + ChainID string `json:"chain_id"` + InitialHeight int64 `json:"initial_height"` + AppHash []byte `json:"app_hash"` + AppState json.RawMessage `json:"app_state,omitempty"` + Consensus *ConsensusGenesis `json:"consensus,omitempty"` +} + +// NewAppGenesisWithVersion returns a new AppGenesis with the app name and app version already. +func NewAppGenesisWithVersion(chainID string, appState json.RawMessage) *AppGenesis { + return &AppGenesis{ + AppName: version.AppName, + AppVersion: version.Version, + ChainID: chainID, + AppState: appState, + Consensus: &ConsensusGenesis{ + Validators: nil, +}, +} +} + +// ValidateAndComplete performs validation and completes the AppGenesis. +func (ag *AppGenesis) + +ValidateAndComplete() + +error { + if ag.ChainID == "" { + return errors.New("genesis doc must include non-empty chain_id") +} + if len(ag.ChainID) > MaxChainIDLen { + return fmt.Errorf("chain_id in genesis doc is too long (max: %d)", MaxChainIDLen) +} + if ag.InitialHeight < 0 { + return fmt.Errorf("initial_height cannot be negative (got %v)", ag.InitialHeight) +} + if ag.InitialHeight == 0 { + ag.InitialHeight = 1 +} + if ag.GenesisTime.IsZero() { + ag.GenesisTime = cmttime.Now() +} + if err := ag.Consensus.ValidateAndComplete(); err != nil { + return err +} + +return nil +} + +// SaveAs is a utility method for saving AppGenesis as a JSON file. +func (ag *AppGenesis) + +SaveAs(file string) + +error { + appGenesisBytes, err := json.MarshalIndent(ag, "", " + ") + if err != nil { + return err +} + +return os.WriteFile(file, appGenesisBytes, 0o600) +} + +// AppGenesisFromFile reads the AppGenesis from the provided file. +func AppGenesisFromFile(genFile string) (*AppGenesis, error) { + jsonBlob, err := os.ReadFile(genFile) + if err != nil { + return nil, fmt.Errorf("couldn't read AppGenesis file (%s): %w", genFile, err) +} + +var appGenesis AppGenesis + if err := json.Unmarshal(jsonBlob, &appGenesis); err != nil { + // fallback to CometBFT genesis + var ctmGenesis cmttypes.GenesisDoc + if err2 := cmtjson.Unmarshal(jsonBlob, &ctmGenesis); err2 != nil { + return nil, fmt.Errorf("error unmarshalling AppGenesis at %s: %w\n failed fallback to CometBFT GenDoc: %w", genFile, err, err2) +} + +appGenesis = AppGenesis{ + AppName: version.AppName, + // AppVersion is not filled as we do not know it from a CometBFT genesis + GenesisTime: ctmGenesis.GenesisTime, + ChainID: ctmGenesis.ChainID, + InitialHeight: ctmGenesis.InitialHeight, + AppHash: ctmGenesis.AppHash, + AppState: ctmGenesis.AppState, + Consensus: &ConsensusGenesis{ + Validators: ctmGenesis.Validators, + Params: ctmGenesis.ConsensusParams, +}, +} + +} + +return &appGenesis, nil +} + +// -------------------------- +// CometBFT Genesis Handling +// -------------------------- + +// ToGenesisDoc converts the AppGenesis to a CometBFT GenesisDoc. +func (ag *AppGenesis) + +ToGenesisDoc() (*cmttypes.GenesisDoc, error) { + return &cmttypes.GenesisDoc{ + GenesisTime: ag.GenesisTime, + ChainID: ag.ChainID, + InitialHeight: ag.InitialHeight, + AppHash: ag.AppHash, + AppState: ag.AppState, + Validators: ag.Consensus.Validators, + ConsensusParams: ag.Consensus.Params, +}, nil +} + +// ConsensusGenesis defines the consensus layer's genesis. +// TODO(@julienrbrt) + +eventually abstract from CometBFT types +type ConsensusGenesis struct { + Validators []cmttypes.GenesisValidator `json:"validators,omitempty"` + Params *cmttypes.ConsensusParams `json:"params,omitempty"` +} + +// NewConsensusGenesis returns a ConsensusGenesis with given values. +// It takes a proto consensus params so it can called from server export command. +func NewConsensusGenesis(params cmtproto.ConsensusParams, validators []cmttypes.GenesisValidator) *ConsensusGenesis { + return &ConsensusGenesis{ + Params: &cmttypes.ConsensusParams{ + Block: cmttypes.BlockParams{ + MaxBytes: params.Block.MaxBytes, + MaxGas: params.Block.MaxGas, +}, + Evidence: cmttypes.EvidenceParams{ + MaxAgeNumBlocks: params.Evidence.MaxAgeNumBlocks, + MaxAgeDuration: params.Evidence.MaxAgeDuration, + MaxBytes: params.Evidence.MaxBytes, +}, + Validator: cmttypes.ValidatorParams{ + PubKeyTypes: params.Validator.PubKeyTypes, +}, +}, + Validators: validators, +} +} + +func (cs *ConsensusGenesis) + +MarshalJSON() ([]byte, error) { + type Alias ConsensusGenesis + return cmtjson.Marshal(&Alias{ + Validators: cs.Validators, + Params: cs.Params, +}) +} + +func (cs *ConsensusGenesis) + +UnmarshalJSON(b []byte) + +error { + type Alias ConsensusGenesis + result := Alias{ +} + if err := cmtjson.Unmarshal(b, &result); err != nil { + return err +} + +cs.Params = result.Params + cs.Validators = result.Validators + + return nil +} + +func (cs *ConsensusGenesis) + +ValidateAndComplete() + +error { + if cs == nil { + return fmt.Errorf("consensus genesis cannot be nil") +} + if cs.Params == nil { + cs.Params = cmttypes.DefaultConsensusParams() +} + +else if err := cs.Params.ValidateBasic(); err != nil { + return err +} + for i, v := range cs.Validators { + if v.Power == 0 { + return fmt.Errorf("the genesis file cannot contain validators with no voting power: %v", v) +} + if len(v.Address) > 0 && !bytes.Equal(v.PubKey.Address(), v.Address) { + return fmt.Errorf("incorrect address for validator %v in the genesis file, should be %v", v, v.PubKey.Address()) +} + if len(v.Address) == 0 { + cs.Validators[i].Address = v.PubKey.Address() +} + +} + +return nil +} +``` + +The application genesis can then be translated to the consensus engine to the right format: + +```go expandable +package types + +import ( + + "bytes" + "encoding/json" + "errors" + "fmt" + "os" + "time" + + cmtjson "github.com/cometbft/cometbft/libs/json" + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + cmttypes "github.com/cometbft/cometbft/types" + cmttime "github.com/cometbft/cometbft/types/time" + "github.com/cosmos/cosmos-sdk/version" +) + +const ( + // MaxChainIDLen is the maximum length of a chain ID. + MaxChainIDLen = cmttypes.MaxChainIDLen +) + +// AppGenesis defines the app's genesis. +type AppGenesis struct { + AppName string `json:"app_name"` + AppVersion string `json:"app_version"` + GenesisTime time.Time `json:"genesis_time"` + ChainID string `json:"chain_id"` + InitialHeight int64 `json:"initial_height"` + AppHash []byte `json:"app_hash"` + AppState json.RawMessage `json:"app_state,omitempty"` + Consensus *ConsensusGenesis `json:"consensus,omitempty"` +} + +// NewAppGenesisWithVersion returns a new AppGenesis with the app name and app version already. +func NewAppGenesisWithVersion(chainID string, appState json.RawMessage) *AppGenesis { + return &AppGenesis{ + AppName: version.AppName, + AppVersion: version.Version, + ChainID: chainID, + AppState: appState, + Consensus: &ConsensusGenesis{ + Validators: nil, +}, +} +} + +// ValidateAndComplete performs validation and completes the AppGenesis. +func (ag *AppGenesis) + +ValidateAndComplete() + +error { + if ag.ChainID == "" { + return errors.New("genesis doc must include non-empty chain_id") +} + if len(ag.ChainID) > MaxChainIDLen { + return fmt.Errorf("chain_id in genesis doc is too long (max: %d)", MaxChainIDLen) +} + if ag.InitialHeight < 0 { + return fmt.Errorf("initial_height cannot be negative (got %v)", ag.InitialHeight) +} + if ag.InitialHeight == 0 { + ag.InitialHeight = 1 +} + if ag.GenesisTime.IsZero() { + ag.GenesisTime = cmttime.Now() +} + if err := ag.Consensus.ValidateAndComplete(); err != nil { + return err +} + +return nil +} + +// SaveAs is a utility method for saving AppGenesis as a JSON file. +func (ag *AppGenesis) + +SaveAs(file string) + +error { + appGenesisBytes, err := json.MarshalIndent(ag, "", " + ") + if err != nil { + return err +} + +return os.WriteFile(file, appGenesisBytes, 0o600) +} + +// AppGenesisFromFile reads the AppGenesis from the provided file. +func AppGenesisFromFile(genFile string) (*AppGenesis, error) { + jsonBlob, err := os.ReadFile(genFile) + if err != nil { + return nil, fmt.Errorf("couldn't read AppGenesis file (%s): %w", genFile, err) +} + +var appGenesis AppGenesis + if err := json.Unmarshal(jsonBlob, &appGenesis); err != nil { + // fallback to CometBFT genesis + var ctmGenesis cmttypes.GenesisDoc + if err2 := cmtjson.Unmarshal(jsonBlob, &ctmGenesis); err2 != nil { + return nil, fmt.Errorf("error unmarshalling AppGenesis at %s: %w\n failed fallback to CometBFT GenDoc: %w", genFile, err, err2) +} + +appGenesis = AppGenesis{ + AppName: version.AppName, + // AppVersion is not filled as we do not know it from a CometBFT genesis + GenesisTime: ctmGenesis.GenesisTime, + ChainID: ctmGenesis.ChainID, + InitialHeight: ctmGenesis.InitialHeight, + AppHash: ctmGenesis.AppHash, + AppState: ctmGenesis.AppState, + Consensus: &ConsensusGenesis{ + Validators: ctmGenesis.Validators, + Params: ctmGenesis.ConsensusParams, +}, +} + +} + +return &appGenesis, nil +} + +// -------------------------- +// CometBFT Genesis Handling +// -------------------------- + +// ToGenesisDoc converts the AppGenesis to a CometBFT GenesisDoc. +func (ag *AppGenesis) + +ToGenesisDoc() (*cmttypes.GenesisDoc, error) { + return &cmttypes.GenesisDoc{ + GenesisTime: ag.GenesisTime, + ChainID: ag.ChainID, + InitialHeight: ag.InitialHeight, + AppHash: ag.AppHash, + AppState: ag.AppState, + Validators: ag.Consensus.Validators, + ConsensusParams: ag.Consensus.Params, +}, nil +} + +// ConsensusGenesis defines the consensus layer's genesis. +// TODO(@julienrbrt) + +eventually abstract from CometBFT types +type ConsensusGenesis struct { + Validators []cmttypes.GenesisValidator `json:"validators,omitempty"` + Params *cmttypes.ConsensusParams `json:"params,omitempty"` +} + +// NewConsensusGenesis returns a ConsensusGenesis with given values. +// It takes a proto consensus params so it can called from server export command. +func NewConsensusGenesis(params cmtproto.ConsensusParams, validators []cmttypes.GenesisValidator) *ConsensusGenesis { + return &ConsensusGenesis{ + Params: &cmttypes.ConsensusParams{ + Block: cmttypes.BlockParams{ + MaxBytes: params.Block.MaxBytes, + MaxGas: params.Block.MaxGas, +}, + Evidence: cmttypes.EvidenceParams{ + MaxAgeNumBlocks: params.Evidence.MaxAgeNumBlocks, + MaxAgeDuration: params.Evidence.MaxAgeDuration, + MaxBytes: params.Evidence.MaxBytes, +}, + Validator: cmttypes.ValidatorParams{ + PubKeyTypes: params.Validator.PubKeyTypes, +}, +}, + Validators: validators, +} +} + +func (cs *ConsensusGenesis) + +MarshalJSON() ([]byte, error) { + type Alias ConsensusGenesis + return cmtjson.Marshal(&Alias{ + Validators: cs.Validators, + Params: cs.Params, +}) +} + +func (cs *ConsensusGenesis) + +UnmarshalJSON(b []byte) + +error { + type Alias ConsensusGenesis + result := Alias{ +} + if err := cmtjson.Unmarshal(b, &result); err != nil { + return err +} + +cs.Params = result.Params + cs.Validators = result.Validators + + return nil +} + +func (cs *ConsensusGenesis) + +ValidateAndComplete() + +error { + if cs == nil { + return fmt.Errorf("consensus genesis cannot be nil") +} + if cs.Params == nil { + cs.Params = cmttypes.DefaultConsensusParams() +} + +else if err := cs.Params.ValidateBasic(); err != nil { + return err +} + for i, v := range cs.Validators { + if v.Power == 0 { + return fmt.Errorf("the genesis file cannot contain validators with no voting power: %v", v) +} + if len(v.Address) > 0 && !bytes.Equal(v.PubKey.Address(), v.Address) { + return fmt.Errorf("incorrect address for validator %v in the genesis file, should be %v", v, v.PubKey.Address()) +} + if len(v.Address) == 0 { + cs.Validators[i].Address = v.PubKey.Address() +} + +} + +return nil +} +``` + +```go expandable +package server + +import ( + + "context" + "errors" + "fmt" + "io" + "net" + "os" + "runtime/pprof" + "github.com/cometbft/cometbft/abci/server" + cmtcmd "github.com/cometbft/cometbft/cmd/cometbft/commands" + cmtcfg "github.com/cometbft/cometbft/config" + "github.com/cometbft/cometbft/node" + "github.com/cometbft/cometbft/p2p" + pvm "github.com/cometbft/cometbft/privval" + "github.com/cometbft/cometbft/proxy" + "github.com/cometbft/cometbft/rpc/client/local" + cmttypes "github.com/cometbft/cometbft/types" + dbm "github.com/cosmos/cosmos-db" + "github.com/hashicorp/go-metrics" + "github.com/spf13/cobra" + "github.com/spf13/pflag" + "golang.org/x/sync/errgroup" + "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" + + pruningtypes "cosmossdk.io/store/pruning/types" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/client/flags" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/server/api" + serverconfig "github.com/cosmos/cosmos-sdk/server/config" + servergrpc "github.com/cosmos/cosmos-sdk/server/grpc" + servercmtlog "github.com/cosmos/cosmos-sdk/server/log" + "github.com/cosmos/cosmos-sdk/server/types" + "github.com/cosmos/cosmos-sdk/telemetry" + "github.com/cosmos/cosmos-sdk/types/mempool" + "github.com/cosmos/cosmos-sdk/version" + genutiltypes "github.com/cosmos/cosmos-sdk/x/genutil/types" +) + +const ( + // CometBFT full-node start flags + flagWithComet = "with-comet" + flagAddress = "address" + flagTransport = "transport" + flagTraceStore = "trace-store" + flagCPUProfile = "cpu-profile" + FlagMinGasPrices = "minimum-gas-prices" + FlagQueryGasLimit = "query-gas-limit" + FlagHaltHeight = "halt-height" + FlagHaltTime = "halt-time" + FlagInterBlockCache = "inter-block-cache" + FlagUnsafeSkipUpgrades = "unsafe-skip-upgrades" + FlagTrace = "trace" + FlagInvCheckPeriod = "inv-check-period" + + FlagPruning = "pruning" + FlagPruningKeepRecent = "pruning-keep-recent" + FlagPruningInterval = "pruning-interval" + FlagIndexEvents = "index-events" + FlagMinRetainBlocks = "min-retain-blocks" + FlagIAVLCacheSize = "iavl-cache-size" + FlagDisableIAVLFastNode = "iavl-disable-fastnode" + + // state sync-related flags + FlagStateSyncSnapshotInterval = "state-sync.snapshot-interval" + FlagStateSyncSnapshotKeepRecent = "state-sync.snapshot-keep-recent" + + // api-related flags + FlagAPIEnable = "api.enable" + FlagAPISwagger = "api.swagger" + FlagAPIAddress = "api.address" + FlagAPIMaxOpenConnections = "api.max-open-connections" + FlagRPCReadTimeout = "api.rpc-read-timeout" + FlagRPCWriteTimeout = "api.rpc-write-timeout" + FlagRPCMaxBodyBytes = "api.rpc-max-body-bytes" + FlagAPIEnableUnsafeCORS = "api.enabled-unsafe-cors" + + // gRPC-related flags + flagGRPCOnly = "grpc-only" + flagGRPCEnable = "grpc.enable" + flagGRPCAddress = "grpc.address" + flagGRPCWebEnable = "grpc-web.enable" + + // mempool flags + FlagMempoolMaxTxs = "mempool.max-txs" +) + +// StartCmdOptions defines options that can be customized in `StartCmdWithOptions`, +type StartCmdOptions struct { + // DBOpener can be used to customize db opening, for example customize db options or support different db backends, + // default to the builtin db opener. + DBOpener func(rootDir string, backendType dbm.BackendType) (dbm.DB, error) + // PostSetup can be used to setup extra services under the same cancellable context, + // it's not called in stand-alone mode, only for in-process mode. + PostSetup func(svrCtx *Context, clientCtx client.Context, ctx context.Context, g *errgroup.Group) + +error + // AddFlags add custom flags to start cmd + AddFlags func(cmd *cobra.Command) +} + +// StartCmd runs the service passed in, either stand-alone or in-process with +// CometBFT. +func StartCmd(appCreator types.AppCreator, defaultNodeHome string) *cobra.Command { + return StartCmdWithOptions(appCreator, defaultNodeHome, StartCmdOptions{ +}) +} + +// StartCmdWithOptions runs the service passed in, either stand-alone or in-process with +// CometBFT. +func StartCmdWithOptions(appCreator types.AppCreator, defaultNodeHome string, opts StartCmdOptions) *cobra.Command { + if opts.DBOpener == nil { + opts.DBOpener = openDB +} + cmd := &cobra.Command{ + Use: "start", + Short: "Run the full node", + Long: `Run the full node application with CometBFT in or out of process. By +default, the application will run with CometBFT in process. + +Pruning options can be provided via the '--pruning' flag or alternatively with '--pruning-keep-recent', and +'pruning-interval' together. + +For '--pruning' the options are as follows: + +default: the last 362880 states are kept, pruning at 10 block intervals +nothing: all historic states will be saved, nothing will be deleted (i.e. archiving node) + +everything: 2 latest states will be kept; pruning at 10 block intervals. +custom: allow pruning options to be manually specified through 'pruning-keep-recent', and 'pruning-interval' + +Node halting configurations exist in the form of two flags: '--halt-height' and '--halt-time'. During +the ABCI Commit phase, the node will check if the current block height is greater than or equal to +the halt-height or if the current block time is greater than or equal to the halt-time. If so, the +node will attempt to gracefully shutdown and the block will not be committed. In addition, the node +will not be able to commit subsequent blocks. + +For profiling and benchmarking purposes, CPU profiling can be enabled via the '--cpu-profile' flag +which accepts a path for the resulting pprof file. + +The node may be started in a 'query only' mode where only the gRPC and JSON HTTP +API services are enabled via the 'grpc-only' flag. In this mode, CometBFT is +bypassed and can be used when legacy queries are needed after an on-chain upgrade +is performed. Note, when enabled, gRPC will also be automatically enabled. +`, + PreRunE: func(cmd *cobra.Command, _ []string) + +error { + serverCtx := GetServerContextFromCmd(cmd) + + // Bind flags to the Context's Viper so the app construction can set + // options accordingly. + if err := serverCtx.Viper.BindPFlags(cmd.Flags()); err != nil { + return err +} + + _, err := GetPruningOptionsFromFlags(serverCtx.Viper) + +return err +}, + RunE: func(cmd *cobra.Command, _ []string) + +error { + serverCtx := GetServerContextFromCmd(cmd) + +clientCtx, err := client.GetClientQueryContext(cmd) + if err != nil { + return err +} + +withCMT, _ := cmd.Flags().GetBool(flagWithComet) + if !withCMT { + serverCtx.Logger.Info("starting ABCI without CometBFT") +} + +return wrapCPUProfile(serverCtx, func() + +error { + return start(serverCtx, clientCtx, appCreator, withCMT, opts) +}) +}, +} + +cmd.Flags().String(flags.FlagHome, defaultNodeHome, "The application home directory") + +cmd.Flags().Bool(flagWithComet, true, "Run abci app embedded in-process with CometBFT") + +cmd.Flags().String(flagAddress, "tcp://0.0.0.0:26658", "Listen address") + +cmd.Flags().String(flagTransport, "socket", "Transport protocol: socket, grpc") + +cmd.Flags().String(flagTraceStore, "", "Enable KVStore tracing to an output file") + +cmd.Flags().String(FlagMinGasPrices, "", "Minimum gas prices to accept for transactions; Any fee in a tx must meet this minimum (e.g. 0.01photino;0.0001stake)") + +cmd.Flags().Uint64(FlagQueryGasLimit, 0, "Maximum gas a Rest/Grpc query can consume. Blank and 0 imply unbounded.") + +cmd.Flags().IntSlice(FlagUnsafeSkipUpgrades, []int{ +}, "Skip a set of upgrade heights to continue the old binary") + +cmd.Flags().Uint64(FlagHaltHeight, 0, "Block height at which to gracefully halt the chain and shutdown the node") + +cmd.Flags().Uint64(FlagHaltTime, 0, "Minimum block time (in Unix seconds) + +at which to gracefully halt the chain and shutdown the node") + +cmd.Flags().Bool(FlagInterBlockCache, true, "Enable inter-block caching") + +cmd.Flags().String(flagCPUProfile, "", "Enable CPU profiling and write to the provided file") + +cmd.Flags().Bool(FlagTrace, false, "Provide full stack traces for errors in ABCI Log") + +cmd.Flags().String(FlagPruning, pruningtypes.PruningOptionDefault, "Pruning strategy (default|nothing|everything|custom)") + +cmd.Flags().Uint64(FlagPruningKeepRecent, 0, "Number of recent heights to keep on disk (ignored if pruning is not 'custom')") + +cmd.Flags().Uint64(FlagPruningInterval, 0, "Height interval at which pruned heights are removed from disk (ignored if pruning is not 'custom')") + +cmd.Flags().Uint(FlagInvCheckPeriod, 0, "Assert registered invariants every N blocks") + +cmd.Flags().Uint64(FlagMinRetainBlocks, 0, "Minimum block height offset during ABCI commit to prune CometBFT blocks") + +cmd.Flags().Bool(FlagAPIEnable, false, "Define if the API server should be enabled") + +cmd.Flags().Bool(FlagAPISwagger, false, "Define if swagger documentation should automatically be registered (Note: the API must also be enabled)") + +cmd.Flags().String(FlagAPIAddress, serverconfig.DefaultAPIAddress, "the API server address to listen on") + +cmd.Flags().Uint(FlagAPIMaxOpenConnections, 1000, "Define the number of maximum open connections") + +cmd.Flags().Uint(FlagRPCReadTimeout, 10, "Define the CometBFT RPC read timeout (in seconds)") + +cmd.Flags().Uint(FlagRPCWriteTimeout, 0, "Define the CometBFT RPC write timeout (in seconds)") + +cmd.Flags().Uint(FlagRPCMaxBodyBytes, 1000000, "Define the CometBFT maximum request body (in bytes)") + +cmd.Flags().Bool(FlagAPIEnableUnsafeCORS, false, "Define if CORS should be enabled (unsafe - use it at your own risk)") + +cmd.Flags().Bool(flagGRPCOnly, false, "Start the node in gRPC query only mode (no CometBFT process is started)") + +cmd.Flags().Bool(flagGRPCEnable, true, "Define if the gRPC server should be enabled") + +cmd.Flags().String(flagGRPCAddress, serverconfig.DefaultGRPCAddress, "the gRPC server address to listen on") + +cmd.Flags().Bool(flagGRPCWebEnable, true, "Define if the gRPC-Web server should be enabled. (Note: gRPC must also be enabled)") + +cmd.Flags().Uint64(FlagStateSyncSnapshotInterval, 0, "State sync snapshot interval") + +cmd.Flags().Uint32(FlagStateSyncSnapshotKeepRecent, 2, "State sync snapshot to keep") + +cmd.Flags().Bool(FlagDisableIAVLFastNode, false, "Disable fast node for IAVL tree") + +cmd.Flags().Int(FlagMempoolMaxTxs, mempool.DefaultMaxTx, "Sets MaxTx value for the app-side mempool") + + // support old flags name for backwards compatibility + cmd.Flags().SetNormalizeFunc(func(f *pflag.FlagSet, name string) + +pflag.NormalizedName { + if name == "with-tendermint" { + name = flagWithComet +} + +return pflag.NormalizedName(name) +}) + + // add support for all CometBFT-specific command line options + cmtcmd.AddNodeFlags(cmd) + if opts.AddFlags != nil { + opts.AddFlags(cmd) +} + +return cmd +} + +func start(svrCtx *Context, clientCtx client.Context, appCreator types.AppCreator, withCmt bool, opts StartCmdOptions) + +error { + svrCfg, err := getAndValidateConfig(svrCtx) + if err != nil { + return err +} + +app, appCleanupFn, err := startApp(svrCtx, appCreator, opts) + if err != nil { + return err +} + +defer appCleanupFn() + +metrics, err := startTelemetry(svrCfg) + if err != nil { + return err +} + +emitServerInfoMetrics() + if !withCmt { + return startStandAlone(svrCtx, app, opts) +} + +return startInProcess(svrCtx, svrCfg, clientCtx, app, metrics, opts) +} + +func startStandAlone(svrCtx *Context, app types.Application, opts StartCmdOptions) + +error { + addr := svrCtx.Viper.GetString(flagAddress) + transport := svrCtx.Viper.GetString(flagTransport) + cmtApp := NewCometABCIWrapper(app) + +svr, err := server.NewServer(addr, transport, cmtApp) + if err != nil { + return fmt.Errorf("error creating listener: %v", err) +} + +svr.SetLogger(servercmtlog.CometLoggerWrapper{ + Logger: svrCtx.Logger.With("module", "abci-server") +}) + +g, ctx := getCtx(svrCtx, false) + +g.Go(func() + +error { + if err := svr.Start(); err != nil { + svrCtx.Logger.Error("failed to start out-of-process ABCI server", "err", err) + +return err +} + + // Wait for the calling process to be canceled or close the provided context, + // so we can gracefully stop the ABCI server. + <-ctx.Done() + +svrCtx.Logger.Info("stopping the ABCI server...") + +return errors.Join(svr.Stop(), app.Close()) +}) + +return g.Wait() +} + +func startInProcess(svrCtx *Context, svrCfg serverconfig.Config, clientCtx client.Context, app types.Application, + metrics *telemetry.Metrics, opts StartCmdOptions, +) + +error { + cmtCfg := svrCtx.Config + home := cmtCfg.RootDir + gRPCOnly := svrCtx.Viper.GetBool(flagGRPCOnly) + +g, ctx := getCtx(svrCtx, true) + if gRPCOnly { + // TODO: Generalize logic so that gRPC only is really in startStandAlone + svrCtx.Logger.Info("starting node in gRPC only mode; CometBFT is disabled") + +svrCfg.GRPC.Enable = true +} + +else { + svrCtx.Logger.Info("starting node with ABCI CometBFT in-process") + +tmNode, cleanupFn, err := startCmtNode(ctx, cmtCfg, app, svrCtx) + if err != nil { + return err +} + +defer cleanupFn() + + // Add the tx service to the gRPC router. We only need to register this + // service if API or gRPC is enabled, and avoid doing so in the general + // case, because it spawns a new local CometBFT RPC client. + if svrCfg.API.Enable || svrCfg.GRPC.Enable { + // Re-assign for making the client available below do not use := to avoid + // shadowing the clientCtx variable. + clientCtx = clientCtx.WithClient(local.New(tmNode)) + +app.RegisterTxService(clientCtx) + +app.RegisterTendermintService(clientCtx) + +app.RegisterNodeService(clientCtx, svrCfg) +} + +} + +grpcSrv, clientCtx, err := startGrpcServer(ctx, g, svrCfg.GRPC, clientCtx, svrCtx, app) + if err != nil { + return err +} + +err = startAPIServer(ctx, g, cmtCfg, svrCfg, clientCtx, svrCtx, app, home, grpcSrv, metrics) + if err != nil { + return err +} + if opts.PostSetup != nil { + if err := opts.PostSetup(svrCtx, clientCtx, ctx, g); err != nil { + return err +} + +} + + // wait for signal capture and gracefully return + // we are guaranteed to be waiting for the "ListenForQuitSignals" goroutine. + return g.Wait() +} + +// TODO: Move nodeKey into being created within the function. +func startCmtNode( + ctx context.Context, + cfg *cmtcfg.Config, + app types.Application, + svrCtx *Context, +) (tmNode *node.Node, cleanupFn func(), err error) { + nodeKey, err := p2p.LoadOrGenNodeKey(cfg.NodeKeyFile()) + if err != nil { + return nil, cleanupFn, err +} + cmtApp := NewCometABCIWrapper(app) + +tmNode, err = node.NewNodeWithContext( + ctx, + cfg, + pvm.LoadOrGenFilePV(cfg.PrivValidatorKeyFile(), cfg.PrivValidatorStateFile()), + nodeKey, + proxy.NewLocalClientCreator(cmtApp), + getGenDocProvider(cfg), + cmtcfg.DefaultDBProvider, + node.DefaultMetricsProvider(cfg.Instrumentation), + servercmtlog.CometLoggerWrapper{ + Logger: svrCtx.Logger +}, + ) + if err != nil { + return tmNode, cleanupFn, err +} + if err := tmNode.Start(); err != nil { + return tmNode, cleanupFn, err +} + +cleanupFn = func() { + if tmNode != nil && tmNode.IsRunning() { + _ = tmNode.Stop() + _ = app.Close() +} + +} + +return tmNode, cleanupFn, nil +} + +func getAndValidateConfig(svrCtx *Context) (serverconfig.Config, error) { + config, err := serverconfig.GetConfig(svrCtx.Viper) + if err != nil { + return config, err +} + if err := config.ValidateBasic(); err != nil { + return config, err +} + +return config, nil +} + +// returns a function which returns the genesis doc from the genesis file. +func getGenDocProvider(cfg *cmtcfg.Config) + +func() (*cmttypes.GenesisDoc, error) { + return func() (*cmttypes.GenesisDoc, error) { + appGenesis, err := genutiltypes.AppGenesisFromFile(cfg.GenesisFile()) + if err != nil { + return nil, err +} + +return appGenesis.ToGenesisDoc() +} +} + +func setupTraceWriter(svrCtx *Context) (traceWriter io.WriteCloser, cleanup func(), err error) { + // clean up the traceWriter when the server is shutting down + cleanup = func() { +} + traceWriterFile := svrCtx.Viper.GetString(flagTraceStore) + +traceWriter, err = openTraceWriter(traceWriterFile) + if err != nil { + return traceWriter, cleanup, err +} + + // if flagTraceStore is not used then traceWriter is nil + if traceWriter != nil { + cleanup = func() { + if err = traceWriter.Close(); err != nil { + svrCtx.Logger.Error("failed to close trace writer", "err", err) +} + +} + +} + +return traceWriter, cleanup, nil +} + +func startGrpcServer( + ctx context.Context, + g *errgroup.Group, + config serverconfig.GRPCConfig, + clientCtx client.Context, + svrCtx *Context, + app types.Application, +) (*grpc.Server, client.Context, error) { + if !config.Enable { + // return grpcServer as nil if gRPC is disabled + return nil, clientCtx, nil +} + _, port, err := net.SplitHostPort(config.Address) + if err != nil { + return nil, clientCtx, err +} + maxSendMsgSize := config.MaxSendMsgSize + if maxSendMsgSize == 0 { + maxSendMsgSize = serverconfig.DefaultGRPCMaxSendMsgSize +} + maxRecvMsgSize := config.MaxRecvMsgSize + if maxRecvMsgSize == 0 { + maxRecvMsgSize = serverconfig.DefaultGRPCMaxRecvMsgSize +} + grpcAddress := fmt.Sprintf("127.0.0.1:%s", port) + + // if gRPC is enabled, configure gRPC client for gRPC gateway + grpcClient, err := grpc.Dial( + grpcAddress, + grpc.WithTransportCredentials(insecure.NewCredentials()), + grpc.WithDefaultCallOptions( + grpc.ForceCodec(codec.NewProtoCodec(clientCtx.InterfaceRegistry).GRPCCodec()), + grpc.MaxCallRecvMsgSize(maxRecvMsgSize), + grpc.MaxCallSendMsgSize(maxSendMsgSize), + ), + ) + if err != nil { + return nil, clientCtx, err +} + +clientCtx = clientCtx.WithGRPCClient(grpcClient) + +svrCtx.Logger.Debug("gRPC client assigned to client context", "target", grpcAddress) + +grpcSrv, err := servergrpc.NewGRPCServer(clientCtx, app, config) + if err != nil { + return nil, clientCtx, err +} + + // Start the gRPC server in a goroutine. Note, the provided ctx will ensure + // that the server is gracefully shut down. + g.Go(func() + +error { + return servergrpc.StartGRPCServer(ctx, svrCtx.Logger.With("module", "grpc-server"), config, grpcSrv) +}) + +return grpcSrv, clientCtx, nil +} + +func startAPIServer( + ctx context.Context, + g *errgroup.Group, + cmtCfg *cmtcfg.Config, + svrCfg serverconfig.Config, + clientCtx client.Context, + svrCtx *Context, + app types.Application, + home string, + grpcSrv *grpc.Server, + metrics *telemetry.Metrics, +) + +error { + if !svrCfg.API.Enable { + return nil +} + +clientCtx = clientCtx.WithHomeDir(home) + apiSrv := api.New(clientCtx, svrCtx.Logger.With("module", "api-server"), grpcSrv) + +app.RegisterAPIRoutes(apiSrv, svrCfg.API) + if svrCfg.Telemetry.Enabled { + apiSrv.SetTelemetry(metrics) +} + +g.Go(func() + +error { + return apiSrv.Start(ctx, svrCfg) +}) + +return nil +} + +func startTelemetry(cfg serverconfig.Config) (*telemetry.Metrics, error) { + if !cfg.Telemetry.Enabled { + return nil, nil +} + +return telemetry.New(cfg.Telemetry) +} + +// wrapCPUProfile starts CPU profiling, if enabled, and executes the provided +// callbackFn in a separate goroutine, then will wait for that callback to +// return. +// +// NOTE: We expect the caller to handle graceful shutdown and signal handling. +func wrapCPUProfile(svrCtx *Context, callbackFn func() + +error) + +error { + if cpuProfile := svrCtx.Viper.GetString(flagCPUProfile); cpuProfile != "" { + f, err := os.Create(cpuProfile) + if err != nil { + return err +} + +svrCtx.Logger.Info("starting CPU profiler", "profile", cpuProfile) + if err := pprof.StartCPUProfile(f); err != nil { + return err +} + +defer func() { + svrCtx.Logger.Info("stopping CPU profiler", "profile", cpuProfile) + +pprof.StopCPUProfile() + if err := f.Close(); err != nil { + svrCtx.Logger.Info("failed to close cpu-profile file", "profile", cpuProfile, "err", err.Error()) +} + +}() +} + +return callbackFn() +} + +// emitServerInfoMetrics emits server info related metrics using application telemetry. +func emitServerInfoMetrics() { + var ls []metrics.Label + versionInfo := version.NewInfo() + if len(versionInfo.GoVersion) > 0 { + ls = append(ls, telemetry.NewLabel("go", versionInfo.GoVersion)) +} + if len(versionInfo.CosmosSdkVersion) > 0 { + ls = append(ls, telemetry.NewLabel("version", versionInfo.CosmosSdkVersion)) +} + if len(ls) == 0 { + return +} + +telemetry.SetGaugeWithLabels([]string{"server", "info" +}, 1, ls) +} + +func getCtx(svrCtx *Context, block bool) (*errgroup.Group, context.Context) { + ctx, cancelFn := context.WithCancel(context.Background()) + +g, ctx := errgroup.WithContext(ctx) + // listen for quit signals so the calling parent process can gracefully exit + ListenForQuitSignals(g, block, cancelFn, svrCtx.Logger) + +return g, ctx +} + +func startApp(svrCtx *Context, appCreator types.AppCreator, opts StartCmdOptions) (app types.Application, cleanupFn func(), err error) { + traceWriter, traceCleanupFn, err := setupTraceWriter(svrCtx) + if err != nil { + return app, traceCleanupFn, err +} + home := svrCtx.Config.RootDir + db, err := opts.DBOpener(home, GetAppDBBackend(svrCtx.Viper)) + if err != nil { + return app, traceCleanupFn, err +} + +app = appCreator(svrCtx.Logger, db, traceWriter, svrCtx.Viper) + +cleanupFn = func() { + traceCleanupFn() + if localErr := app.Close(); localErr != nil { + svrCtx.Logger.Error(localErr.Error()) +} + +} + +return app, cleanupFn, nil +} +``` + +## Client + +### CLI + +The genutil commands are available under the `genesis` subcommand. + +#### add-genesis-account + +Add a genesis account to `genesis.json`. Learn more [here](https://docs.cosmos.network/main/run-node/run-node#adding-genesis-accounts). + +#### collect-gentxs + +Collect genesis txs and output a `genesis.json` file. + +```shell +simd genesis collect-gentxs +``` + +This will create a new `genesis.json` file that includes data from all the validators (we sometimes call it the "super genesis file" to distinguish it from single-validator genesis files). + +#### gentx + +Generate a genesis tx carrying a self delegation. + +```shell +simd genesis gentx [key_name] [amount] --chain-id [chain-id] +``` + +This will create the genesis transaction for your new chain. Here `amount` should be at least `1000000000stake`. +If you provide too much or too little, you will encounter an error when starting a node. + +#### migrate + +Migrate genesis to a specified target (SDK) version. + +```shell +simd genesis migrate [target-version] +``` + + +The `migrate` command is extensible and takes a `MigrationMap`. This map is a mapping of target versions to genesis migrations functions. +When not using the default `MigrationMap`, it is recommended to still call the default `MigrationMap` corresponding the SDK version of the chain and prepend/append your own genesis migrations. + + +#### validate-genesis + +Validates the genesis file at the default location or at the location passed as an argument. + +```shell +simd genesis validate-genesis +``` + + +Validate genesis only validates if the genesis is valid at the **current application binary**. For validating a genesis from a previous version of the application, use the `migrate` command to migrate the genesis to the current version. + diff --git a/docs/sdk/next/build/modules/gov/README.mdx b/docs/sdk/next/build/modules/gov/README.mdx new file mode 100644 index 00000000..4f28142d --- /dev/null +++ b/docs/sdk/next/build/modules/gov/README.mdx @@ -0,0 +1,2816 @@ +--- +title: '`x/gov`' +description: >- + This paper specifies the Governance module of the Cosmos SDK, which was first + described in the Cosmos Whitepaper in June 2016. +--- +## Abstract + +This paper specifies the Governance module of the Cosmos SDK, which was first +described in the [Cosmos Whitepaper](https://cosmos.network/about/whitepaper) in +June 2016. + +The module enables Cosmos SDK based blockchain to support an on-chain governance +system. In this system, holders of the native staking token of the chain can vote +on proposals on a 1 token 1 vote basis. Next is a list of features the module +currently supports: + +* **Proposal submission:** Users can submit proposals with a deposit. Once the + minimum deposit is reached, the proposal enters voting period. The minimum deposit can be reached by collecting deposits from different users (including proposer) within deposit period. +* **Vote:** Participants can vote on proposals that reached MinDeposit and entered voting period. +* **Inheritance and penalties:** Delegators inherit their validator's vote if + they don't vote themselves. +* **Claiming deposit:** Users that deposited on proposals can recover their + deposits if the proposal was accepted or rejected. If the proposal was vetoed, or never entered voting period (minimum deposit not reached within deposit period), the deposit is burned. + +This module is in use on the Cosmos Hub (a.k.a [gaia](https://github.com/cosmos/gaia)). +Features that may be added in the future are described in [Future Improvements](#future-improvements). + +## Contents + +The following specification uses *ATOM* as the native staking token. The module +can be adapted to any Proof-Of-Stake blockchain by replacing *ATOM* with the native +staking token of the chain. + +* [Concepts](#concepts) + * [Proposal submission](#proposal-submission) + * [Deposit](#deposit) + * [Vote](#vote) + * [Software Upgrade](#software-upgrade) +* [State](#state) + * [Proposals](#proposals) + * [Parameters and base types](#parameters-and-base-types) + * [Deposit](#deposit-1) + * [ValidatorGovInfo](#validatorgovinfo) + * [Stores](#stores) + * [Proposal Processing Queue](#proposal-processing-queue) + * [Legacy Proposal](#legacy-proposal) +* [Messages](#messages) + * [Proposal Submission](#proposal-submission-1) + * [Deposit](#deposit-2) + * [Vote](#vote-1) +* [Events](#events) + * [EndBlocker](#endblocker) + * [Handlers](#handlers) +* [Parameters](#parameters) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) +* [Metadata](#metadata) + * [Proposal](#proposal-3) + * [Vote](#vote-5) +* [Future Improvements](#future-improvements) + +## Concepts + +*Disclaimer: This is work in progress. Mechanisms are susceptible to change.* + +The governance process is divided in a few steps that are outlined below: + +* **Proposal submission:** Proposal is submitted to the blockchain with a + deposit. +* **Vote:** Once deposit reaches a certain value (`MinDeposit`), proposal is + confirmed and vote opens. Bonded Atom holders can then send `TxGovVote` + transactions to vote on the proposal. +* **Execution** After a period of time, the votes are tallied and depending + on the result, the messages in the proposal will be executed. + +### Proposal submission + +#### Right to submit a proposal + +Every account can submit proposals by sending a `MsgSubmitProposal` transaction. +Once a proposal is submitted, it is identified by its unique `proposalID`. + +#### Proposal Messages + +A proposal includes an array of `sdk.Msg`s which are executed automatically if the +proposal passes. The messages are executed by the governance `ModuleAccount` itself. Modules +such as `x/upgrade`, that want to allow certain messages to be executed by governance +only should add a whitelist within the respective msg server, granting the governance +module the right to execute the message once a quorum has been reached. The governance +module uses the `MsgServiceRouter` to check that these messages are correctly constructed +and have a respective path to execute on but do not perform a full validity check. + +### Deposit + +To prevent spam, proposals must be submitted with a deposit in the coins defined by +the `MinDeposit` param. + +When a proposal is submitted, it has to be accompanied with a deposit that must be +strictly positive, but can be inferior to `MinDeposit`. The submitter doesn't need +to pay for the entire deposit on their own. The newly created proposal is stored in +an *inactive proposal queue* and stays there until its deposit passes the `MinDeposit`. +Other token holders can increase the proposal's deposit by sending a `Deposit` +transaction. If a proposal doesn't pass the `MinDeposit` before the deposit end time +(the time when deposits are no longer accepted), the proposal will be destroyed: the +proposal will be removed from state and the deposit will be burned (see x/gov `EndBlocker`). +When a proposal deposit passes the `MinDeposit` threshold (even during the proposal +submission) before the deposit end time, the proposal will be moved into the +*active proposal queue* and the voting period will begin. + +The deposit is kept in escrow and held by the governance `ModuleAccount` until the +proposal is finalized (passed or rejected). + +#### Deposit refund and burn + +When a proposal is finalized, the coins from the deposit are either refunded or burned +according to the final tally of the proposal: + +* If the proposal is approved or rejected but *not* vetoed, each deposit will be + automatically refunded to its respective depositor (transferred from the governance + `ModuleAccount`). +* When the proposal is vetoed with greater than 1/3, deposits will be burned from the + governance `ModuleAccount` and the proposal information along with its deposit + information will be removed from state. +* All refunded or burned deposits are removed from the state. Events are issued when + burning or refunding a deposit. + +### Vote + +#### Participants + +*Participants* are users that have the right to vote on proposals. On the +Cosmos Hub, participants are bonded Atom holders. Unbonded Atom holders and +other users do not get the right to participate in governance. However, they +can submit and deposit on proposals. + +Note that when *participants* have bonded and unbonded Atoms, their voting power is calculated from their bonded Atom holdings only. + +#### Voting period + +Once a proposal reaches `MinDeposit`, it immediately enters `Voting period`. We +define `Voting period` as the interval between the moment the vote opens and +the moment the vote closes. The initial value of `Voting period` is 2 weeks. + +#### Option set + +The option set of a proposal refers to the set of choices a participant can +choose from when casting its vote. + +The initial option set includes the following options: + +* `Yes` +* `No` +* `NoWithVeto` +* `Abstain` + +`NoWithVeto` counts as `No` but also adds a `Veto` vote. `Abstain` option +allows voters to signal that they do not intend to vote in favor or against the +proposal but accept the result of the vote. + +*Note: from the UI, for urgent proposals we should maybe add a ‘Not Urgent’ option that casts a `NoWithVeto` vote.* + +#### Weighted Votes + +[ADR-037](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-037-gov-split-vote.md) introduces the weighted vote feature which allows a staker to split their votes into several voting options. For example, it could use 70% of its voting power to vote Yes and 30% of its voting power to vote No. + +Often times the entity owning that address might not be a single individual. For example, a company might have different stakeholders who want to vote differently, and so it makes sense to allow them to split their voting power. Currently, it is not possible for them to do "passthrough voting" and giving their users voting rights over their tokens. However, with this system, exchanges can poll their users for voting preferences, and then vote on-chain proportionally to the results of the poll. + +To represent weighted vote on chain, we use the following Protobuf message. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1beta1/gov.proto#L34-L47 +``` + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1beta1/gov.proto#L181-L201 +``` + +For a weighted vote to be valid, the `options` field must not contain duplicate vote options, and the sum of weights of all options must be equal to 1. + +#### Custom Vote Calculation + +Cosmos SDK v0.53.0 introduced an option for developers to define a custom vote result and voting power calculation function. + +```go expandable +package keeper + +import ( + + "context" + "fmt" + "cosmossdk.io/collections" + "cosmossdk.io/math" + + sdk "github.com/cosmos/cosmos-sdk/types" + v1 "github.com/cosmos/cosmos-sdk/x/gov/types/v1" + stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types" +) + +// CalculateVoteResultsAndVotingPowerFn is a function signature for calculating vote results and voting power +// It can be overridden to customize the voting power calculation for proposals +// It gets the proposal tallied and the validators governance infos (bonded tokens, voting power, etc.) +// It must return the total voting power and the results of the vote +type CalculateVoteResultsAndVotingPowerFn func( + ctx context.Context, + k Keeper, + proposal v1.Proposal, + validators map[string]v1.ValidatorGovInfo, +) (totalVoterPower math.LegacyDec, results map[v1.VoteOption]math.LegacyDec, err error) + +func defaultCalculateVoteResultsAndVotingPower( + ctx context.Context, + k Keeper, + proposal v1.Proposal, + validators map[string]v1.ValidatorGovInfo, +) (totalVoterPower math.LegacyDec, results map[v1.VoteOption]math.LegacyDec, err error) { + totalVotingPower := math.LegacyZeroDec() + +results = make(map[v1.VoteOption]math.LegacyDec) + +results[v1.OptionYes] = math.LegacyZeroDec() + +results[v1.OptionAbstain] = math.LegacyZeroDec() + +results[v1.OptionNo] = math.LegacyZeroDec() + +results[v1.OptionNoWithVeto] = math.LegacyZeroDec() + rng := collections.NewPrefixedPairRange[uint64, sdk.AccAddress](proposal.Id) + votesToRemove := []collections.Pair[uint64, sdk.AccAddress]{ +} + +err = k.Votes.Walk(ctx, rng, func(key collections.Pair[uint64, sdk.AccAddress], vote v1.Vote) (bool, error) { + // if validator, just record it in the map + voter, err := k.authKeeper.AddressCodec().StringToBytes(vote.Voter) + if err != nil { + return false, err +} + +valAddrStr, err := k.sk.ValidatorAddressCodec().BytesToString(voter) + if err != nil { + return false, err +} + if val, ok := validators[valAddrStr]; ok { + val.Vote = vote.Options + validators[valAddrStr] = val +} + + // iterate over all delegations from voter, deduct from any delegated-to validators + err = k.sk.IterateDelegations(ctx, voter, func(index int64, delegation stakingtypes.DelegationI) (stop bool) { + valAddrStr := delegation.GetValidatorAddr() + if val, ok := validators[valAddrStr]; ok { + // There is no need to handle the special case that validator address equal to voter address. + // Because voter's voting power will tally again even if there will be deduction of voter's voting power from validator. + val.DelegatorDeductions = val.DelegatorDeductions.Add(delegation.GetShares()) + +validators[valAddrStr] = val + + // delegation shares * bonded / total shares + votingPower := delegation.GetShares().MulInt(val.BondedTokens).Quo(val.DelegatorShares) + for _, option := range vote.Options { + weight, _ := math.LegacyNewDecFromStr(option.Weight) + subPower := votingPower.Mul(weight) + +results[option.Option] = results[option.Option].Add(subPower) +} + +totalVotingPower = totalVotingPower.Add(votingPower) +} + +return false +}) + if err != nil { + return false, err +} + +votesToRemove = append(votesToRemove, key) + +return false, nil +}) + if err != nil { + return math.LegacyZeroDec(), nil, fmt.Errorf("error while iterating delegations: %w", err) +} + + // remove all votes from store + for _, key := range votesToRemove { + if err := k.Votes.Remove(ctx, key); err != nil { + return math.LegacyDec{ +}, nil, fmt.Errorf("error while removing vote (%d/%s): %w", key.K1(), key.K2(), err) +} + +} + + // iterate over the validators again to tally their voting power + for _, val := range validators { + if len(val.Vote) == 0 { + continue +} + sharesAfterDeductions := val.DelegatorShares.Sub(val.DelegatorDeductions) + votingPower := sharesAfterDeductions.MulInt(val.BondedTokens).Quo(val.DelegatorShares) + for _, option := range val.Vote { + weight, _ := math.LegacyNewDecFromStr(option.Weight) + subPower := votingPower.Mul(weight) + +results[option.Option] = results[option.Option].Add(subPower) +} + +totalVotingPower = totalVotingPower.Add(votingPower) +} + +return totalVotingPower, results, nil +} + +// getCurrentValidators fetches all the bonded validators, insert them into currValidators +func (k Keeper) + +getCurrentValidators(ctx context.Context) (map[string]v1.ValidatorGovInfo, error) { + currValidators := make(map[string]v1.ValidatorGovInfo) + if err := k.sk.IterateBondedValidatorsByPower(ctx, func(index int64, validator stakingtypes.ValidatorI) (stop bool) { + valBz, err := k.sk.ValidatorAddressCodec().StringToBytes(validator.GetOperator()) + if err != nil { + return false +} + +currValidators[validator.GetOperator()] = v1.NewValidatorGovInfo( + valBz, + validator.GetBondedTokens(), + validator.GetDelegatorShares(), + math.LegacyZeroDec(), + v1.WeightedVoteOptions{ +}, + ) + +return false +}); err != nil { + return nil, err +} + +return currValidators, nil +} + +// Tally iterates over the votes and updates the tally of a proposal based on the voting power of the +// voters +func (k Keeper) + +Tally(ctx context.Context, proposal v1.Proposal) (passes, burnDeposits bool, tallyResults v1.TallyResult, err error) { + currValidators, err := k.getCurrentValidators(ctx) + if err != nil { + return false, false, tallyResults, fmt.Errorf("error while getting current validators: %w", err) +} + tallyFn := k.calculateVoteResultsAndVotingPowerFn + totalVotingPower, results, err := tallyFn(ctx, k, proposal, currValidators) + if err != nil { + return false, false, tallyResults, fmt.Errorf("error while calculating tally results: %w", err) +} + +tallyResults = v1.NewTallyResultFromMap(results) + + // TODO: Upgrade the spec to cover all of these cases & remove pseudocode. + // If there is no staked coins, the proposal fails + totalBonded, err := k.sk.TotalBondedTokens(ctx) + if err != nil { + return false, false, tallyResults, err +} + if totalBonded.IsZero() { + return false, false, tallyResults, nil +} + +params, err := k.Params.Get(ctx) + if err != nil { + return false, false, tallyResults, fmt.Errorf("error while getting params: %w", err) +} + + // If there is not enough quorum of votes, the proposal fails + percentVoting := totalVotingPower.Quo(math.LegacyNewDecFromInt(totalBonded)) + +quorum, _ := math.LegacyNewDecFromStr(params.Quorum) + if percentVoting.LT(quorum) { + return false, params.BurnVoteQuorum, tallyResults, nil +} + + // If no one votes (everyone abstains), proposal fails + if totalVotingPower.Sub(results[v1.OptionAbstain]).Equal(math.LegacyZeroDec()) { + return false, false, tallyResults, nil +} + + // If more than 1/3 of voters veto, proposal fails + vetoThreshold, _ := math.LegacyNewDecFromStr(params.VetoThreshold) + if results[v1.OptionNoWithVeto].Quo(totalVotingPower).GT(vetoThreshold) { + return false, params.BurnVoteVeto, tallyResults, nil +} + + // If more than 1/2 of non-abstaining voters vote Yes, proposal passes + // For expedited 2/3 + var thresholdStr string + if proposal.Expedited { + thresholdStr = params.GetExpeditedThreshold() +} + +else { + thresholdStr = params.GetThreshold() +} + +threshold, _ := math.LegacyNewDecFromStr(thresholdStr) + if results[v1.OptionYes].Quo(totalVotingPower.Sub(results[v1.OptionAbstain])).GT(threshold) { + return true, false, tallyResults, nil +} + + // If more than 1/2 of non-abstaining voters vote No, proposal fails + return false, false, tallyResults, nil +} +``` + +This gives developers a more expressive way to handle governance on their appchains. +Developers can now build systems with: + +* Quadratic Voting +* Time-weighted Voting +* Reputation-Based voting + +##### Example + +```go expandable +func myCustomVotingFunction( + ctx context.Context, + k Keeper, + proposal v1.Proposal, + validators map[string]v1.ValidatorGovInfo, +) (totalVoterPower math.LegacyDec, results map[v1.VoteOption]math.LegacyDec, err error) { + // ... tally logic +} + govKeeper := govkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[govtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + app.StakingKeeper, + app.DistrKeeper, + app.MsgServiceRouter(), + govConfig, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + govkeeper.WithCustomCalculateVoteResultsAndVotingPowerFn(myCustomVotingFunction), +) +``` + +### Quorum + +Quorum is defined as the minimum percentage of voting power that needs to be +cast on a proposal for the result to be valid. + +### Expedited Proposals + +A proposal can be expedited, making the proposal use shorter voting duration and a higher tally threshold by its default. If an expedited proposal fails to meet the threshold within the scope of shorter voting duration, the expedited proposal is then converted to a regular proposal and restarts voting under regular voting conditions. + +#### Threshold + +Threshold is defined as the minimum proportion of `Yes` votes (excluding +`Abstain` votes) for the proposal to be accepted. + +Initially, the threshold is set at 50% of `Yes` votes, excluding `Abstain` +votes. A possibility to veto exists if more than 1/3rd of all votes are +`NoWithVeto` votes. Note, both of these values are derived from the `TallyParams` +on-chain parameter, which is modifiable by governance. +This means that proposals are accepted iff: + +* There exist bonded tokens. +* Quorum has been achieved. +* The proportion of `Abstain` votes is inferior to 1/1. +* The proportion of `NoWithVeto` votes is inferior to 1/3, including + `Abstain` votes. +* The proportion of `Yes` votes, excluding `Abstain` votes, at the end of + the voting period is superior to 1/2. + +For expedited proposals, by default, the threshold is higher than with a *normal proposal*, namely, 66.7%. + +#### Inheritance + +If a delegator does not vote, it will inherit its validator vote. + +* If the delegator votes before its validator, it will not inherit from the + validator's vote. +* If the delegator votes after its validator, it will override its validator + vote with its own. If the proposal is urgent, it is possible + that the vote will close before delegators have a chance to react and + override their validator's vote. This is not a problem, as proposals require more than 2/3rd of the total voting power to pass, when tallied at the end of the voting period. Because as little as 1/3 + 1 validation power could collude to censor transactions, non-collusion is already assumed for ranges exceeding this threshold. + +#### Validator’s punishment for non-voting + +At present, validators are not punished for failing to vote. + +#### Governance address + +Later, we may add permissioned keys that could only sign txs from certain modules. For the MVP, the `Governance address` will be the main validator address generated at account creation. This address corresponds to a different PrivKey than the CometBFT PrivKey which is responsible for signing consensus messages. Validators thus do not have to sign governance transactions with the sensitive CometBFT PrivKey. + +#### Burnable Params + +There are three parameters that define if the deposit of a proposal should be burned or returned to the depositors. + +* `BurnVoteVeto` burns the proposal deposit if the proposal gets vetoed. +* `BurnVoteQuorum` burns the proposal deposit if the proposal deposit if the vote does not reach quorum. +* `BurnProposalDepositPrevote` burns the proposal deposit if it does not enter the voting phase. + +> Note: These parameters are modifiable via governance. + +## State + +### Constitution + +`Constitution` is found in the genesis state. It is a string field intended to be used to describe the purpose of a particular blockchain, and its expected norms. A few examples of how the constitution field can be used: + +* define the purpose of the chain, laying a foundation for its future development +* set expectations for delegators +* set expectations for validators +* define the chain's relationship to "meatspace" entities, like a foundation or corporation + +Since this is more of a social feature than a technical feature, we'll now get into some items that may have been useful to have in a genesis constitution: + +* What limitations on governance exist, if any? + * is it okay for the community to slash the wallet of a whale that they no longer feel that they want around? (viz: Juno Proposal 4 and 16) + * can governance "socially slash" a validator who is using unapproved MEV? (viz: commonwealth.im/osmosis) + * In the event of an economic emergency, what should validators do? + * Terra crash of May, 2022, saw validators choose to run a new binary with code that had not been approved by governance, because the governance token had been inflated to nothing. +* What is the purpose of the chain, specifically? + * best example of this is the Cosmos hub, where different founding groups, have different interpretations of the purpose of the network. + +This genesis entry, "constitution" hasn't been designed for existing chains, who should likely just ratify a constitution using their governance system. Instead, this is for new chains. It will allow for validators to have a much clearer idea of purpose and the expectations placed on them while operating their nodes. Likewise, for community members, the constitution will give them some idea of what to expect from both the "chain team" and the validators, respectively. + +This constitution is designed to be immutable, and placed only in genesis, though that could change over time by a pull request to the cosmos-sdk that allows for the constitution to be changed by governance. Communities whishing to make amendments to their original constitution should use the governance mechanism and a "signaling proposal" to do exactly that. + +**Ideal use scenario for a cosmos chain constitution** + +As a chain developer, you decide that you'd like to provide clarity to your key user groups: + +* validators +* token holders +* developers (yourself) + +You use the constitution to immutably store some Markdown in genesis, so that when difficult questions come up, the constitution can provide guidance to the community. + +### Proposals + +`Proposal` objects are used to tally votes and generally track the proposal's state. +They contain an array of arbitrary `sdk.Msg`'s which the governance module will attempt +to resolve and then execute if the proposal passes. `Proposal`'s are identified by a +unique id and contains a series of timestamps: `submit_time`, `deposit_end_time`, +`voting_start_time`, `voting_end_time` which track the lifecycle of a proposal + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/gov.proto#L51-L99 +``` + +A proposal will generally require more than just a set of messages to explain its +purpose but need some greater justification and allow a means for interested participants +to discuss and debate the proposal. +In most cases, **it is encouraged to have an off-chain system that supports the on-chain governance process**. +To accommodate for this, a proposal contains a special **`metadata`** field, a string, +which can be used to add context to the proposal. The `metadata` field allows custom use for networks, +however, it is expected that the field contains a URL or some form of CID using a system such as +[IPFS](https://docs.ipfs.io/concepts/content-addressing/). To support the case of +interoperability across networks, the SDK recommends that the `metadata` represents +the following `JSON` template: + +```json +{ + "title": "...", + "description": "...", + "forum": "...", // a link to the discussion platform (i.e. Discord) + "other": "..." // any extra data that doesn't correspond to the other fields +} +``` + +This makes it far easier for clients to support multiple networks. + +The metadata has a maximum length that is chosen by the app developer, and +passed into the gov keeper as a config. The default maximum length in the SDK is 255 characters. + +#### Writing a module that uses governance + +There are many aspects of a chain, or of the individual modules that you may want to +use governance to perform such as changing various parameters. This is very simple +to do. First, write out your message types and `MsgServer` implementation. Add an +`authority` field to the keeper which will be populated in the constructor with the +governance module account: `govKeeper.GetGovernanceAccount().GetAddress()`. Then for +the methods in the `msg_server.go`, perform a check on the message that the signer +matches `authority`. This will prevent any user from executing that message. + +### Parameters and base types + +`Parameters` define the rules according to which votes are run. There can only +be one active parameter set at any given time. If governance wants to change a +parameter set, either to modify a value or add/remove a parameter field, a new +parameter set has to be created and the previous one rendered inactive. + +#### DepositParams + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/gov.proto#L152-L162 +``` + +#### VotingParams + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/gov.proto#L164-L168 +``` + +#### TallyParams + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/gov.proto#L170-L182 +``` + +Parameters are stored in a global `GlobalParams` KVStore. + +Additionally, we introduce some basic types: + +```go expandable +type Vote byte + +const ( + VoteYes = 0x1 + VoteNo = 0x2 + VoteNoWithVeto = 0x3 + VoteAbstain = 0x4 +) + +type ProposalType string + +const ( + ProposalTypePlainText = "Text" + ProposalTypeSoftwareUpgrade = "SoftwareUpgrade" +) + +type ProposalStatus byte + +const ( + StatusNil ProposalStatus = 0x00 + StatusDepositPeriod ProposalStatus = 0x01 // Proposal is submitted. Participants can deposit on it but not vote + StatusVotingPeriod ProposalStatus = 0x02 // MinDeposit is reached, participants can vote + StatusPassed ProposalStatus = 0x03 // Proposal passed and successfully executed + StatusRejected ProposalStatus = 0x04 // Proposal has been rejected + StatusFailed ProposalStatus = 0x05 // Proposal passed but failed execution +) +``` + +### Deposit + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/gov.proto#L38-L49 +``` + +### ValidatorGovInfo + +This type is used in a temp map when tallying + +```go +type ValidatorGovInfo struct { + Minus sdk.Dec + Vote Vote +} +``` + +## Stores + + +Stores are KVStores in the multi-store. The key to find the store is the first parameter in the list + + +We will use one KVStore `Governance` to store four mappings: + +* A mapping from `proposalID|'proposal'` to `Proposal`. +* A mapping from `proposalID|'addresses'|address` to `Vote`. This mapping allows + us to query all addresses that voted on the proposal along with their vote by + doing a range query on `proposalID:addresses`. +* A mapping from `ParamsKey|'Params'` to `Params`. This map allows to query all + x/gov params. +* A mapping from `VotingPeriodProposalKeyPrefix|proposalID` to a single byte. This allows + us to know if a proposal is in the voting period or not with very low gas cost. + +For pseudocode purposes, here are the two function we will use to read or write in stores: + +* `load(StoreKey, Key)`: Retrieve item stored at key `Key` in store found at key `StoreKey` in the multistore +* `store(StoreKey, Key, value)`: Write value `Value` at key `Key` in store found at key `StoreKey` in the multistore + +### Proposal Processing Queue + +**Store:** + +* `ProposalProcessingQueue`: A queue `queue[proposalID]` containing all the + `ProposalIDs` of proposals that reached `MinDeposit`. During each `EndBlock`, + all the proposals that have reached the end of their voting period are processed. + To process a finished proposal, the application tallies the votes, computes the + votes of each validator and checks if every validator in the validator set has + voted. If the proposal is accepted, deposits are refunded. Finally, the proposal + content `Handler` is executed. + +And the pseudocode for the `ProposalProcessingQueue`: + +```go expandable +in EndBlock do + for finishedProposalID in GetAllFinishedProposalIDs(block.Time) + +proposal = load(Governance, ) // proposal is a const key + + validators = Keeper.getAllValidators() + tmpValMap := map(sdk.AccAddress) + +ValidatorGovInfo + + // Initiate mapping at 0. This is the amount of shares of the validator's vote that will be overridden by their delegator's votes + for each validator in validators + tmpValMap(validator.OperatorAddr).Minus = 0 + + // Tally + voterIterator = rangeQuery(Governance, ) //return all the addresses that voted on the proposal + for each (voterAddress, vote) + +in voterIterator + delegations = stakingKeeper.getDelegations(voterAddress) // get all delegations for current voter + for each delegation in delegations + // make sure delegation.Shares does NOT include shares being unbonded + tmpValMap(delegation.ValidatorAddr).Minus += delegation.Shares + proposal.updateTally(vote, delegation.Shares) + + _, isVal = stakingKeeper.getValidator(voterAddress) + if (isVal) + +tmpValMap(voterAddress).Vote = vote + + tallyingParam = load(GlobalParams, 'TallyingParam') + + // Update tally if validator voted + for each validator in validators + if tmpValMap(validator).HasVoted + proposal.updateTally(tmpValMap(validator).Vote, (validator.TotalShares - tmpValMap(validator).Minus)) + + // Check if proposal is accepted or rejected + totalNonAbstain := proposal.YesVotes + proposal.NoVotes + proposal.NoWithVetoVotes + if (proposal.Votes.YesVotes/totalNonAbstain > tallyingParam.Threshold AND proposal.Votes.NoWithVetoVotes/totalNonAbstain < tallyingParam.Veto) + // proposal was accepted at the end of the voting period + // refund deposits (non-voters already punished) + for each (amount, depositor) + +in proposal.Deposits + depositor.AtomBalance += amount + + stateWriter, err := proposal.Handler() + if err != nil + // proposal passed but failed during state execution + proposal.CurrentStatus = ProposalStatusFailed + else + // proposal pass and state is persisted + proposal.CurrentStatus = ProposalStatusAccepted + stateWriter.save() + +else + // proposal was rejected + proposal.CurrentStatus = ProposalStatusRejected + + store(Governance, , proposal) +``` + +### Legacy Proposal + + +Legacy proposals are deprecated. Use the new proposal flow by granting the governance module the right to execute the message. + + +A legacy proposal is the old implementation of governance proposal. +Contrary to proposal that can contain any messages, a legacy proposal allows to submit a set of pre-defined proposals. +These proposals are defined by their types and handled by handlers that are registered in the gov v1beta1 router. + +More information on how to submit proposals in the [client section](#client). + +## Messages + +### Proposal Submission + +Proposals can be submitted by any account via a `MsgSubmitProposal` transaction. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/tx.proto#L42-L69 +``` + +All `sdk.Msgs` passed into the `messages` field of a `MsgSubmitProposal` message +must be registered in the app's `MsgServiceRouter`. Each of these messages must +have one signer, namely the gov module account. And finally, the metadata length +must not be larger than the `maxMetadataLen` config passed into the gov keeper. +The `initialDeposit` must be strictly positive and conform to the accepted denom of the `MinDeposit` param. + +**State modifications:** + +* Generate new `proposalID` +* Create new `Proposal` +* Initialise `Proposal`'s attributes +* Decrease balance of sender by `InitialDeposit` +* If `MinDeposit` is reached: + * Push `proposalID` in `ProposalProcessingQueue` +* Transfer `InitialDeposit` from the `Proposer` to the governance `ModuleAccount` + +### Deposit + +Once a proposal is submitted, if `Proposal.TotalDeposit < ActiveParam.MinDeposit`, Atom holders can send +`MsgDeposit` transactions to increase the proposal's deposit. + +A deposit is accepted iff: + +* The proposal exists +* The proposal is not in the voting period +* The deposited coins are conform to the accepted denom from the `MinDeposit` param + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/tx.proto#L134-L147 +``` + +**State modifications:** + +* Decrease balance of sender by `deposit` +* Add `deposit` of sender in `proposal.Deposits` +* Increase `proposal.TotalDeposit` by sender's `deposit` +* If `MinDeposit` is reached: + * Push `proposalID` in `ProposalProcessingQueueEnd` +* Transfer `Deposit` from the `proposer` to the governance `ModuleAccount` + +### Vote + +Once `ActiveParam.MinDeposit` is reached, voting period starts. From there, +bonded Atom holders are able to send `MsgVote` transactions to cast their +vote on the proposal. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/gov/v1/tx.proto#L92-L108 +``` + +**State modifications:** + +* Record `Vote` of sender + + +Gas cost for this message has to take into account the future tallying of the vote in EndBlocker. + + +## Events + +The governance module emits the following events: + +### EndBlocker + +| Type | Attribute Key | Attribute Value | +| ------------------ | ---------------- | ---------------- | +| inactive\_proposal | proposal\_id | `{proposalID}` | +| inactive\_proposal | proposal\_result | `{proposalResult}` | +| active\_proposal | proposal\_id | `{proposalID}` | +| active\_proposal | proposal\_result | `{proposalResult}` | + +### Handlers + +#### MsgSubmitProposal + +| Type | Attribute Key | Attribute Value | +| --------------------- | --------------------- | ---------------- | +| submit\_proposal | proposal\_id | `{proposalID}` | +| submit\_proposal \[0] | voting\_period\_start | `{proposalID}` | +| proposal\_deposit | amount | `{depositAmount}` | +| proposal\_deposit | proposal\_id | `{proposalID}` | +| message | module | governance | +| message | action | submit\_proposal | +| message | sender | `{senderAddress}` | + +* \[0] Event only emitted if the voting period starts during the submission. + +#### MsgVote + +| Type | Attribute Key | Attribute Value | +| -------------- | ------------- | --------------- | +| proposal\_vote | option | `{voteOption}` | +| proposal\_vote | proposal\_id | `{proposalID}` | +| message | module | governance | +| message | action | vote | +| message | sender | `{senderAddress}` | + +#### MsgVoteWeighted + +| Type | Attribute Key | Attribute Value | +| -------------- | ------------- | --------------------- | +| proposal\_vote | option | `{weightedVoteOptions}` | +| proposal\_vote | proposal\_id | `{proposalID}` | +| message | module | governance | +| message | action | vote | +| message | sender | `{senderAddress}` | + +#### MsgDeposit + +| Type | Attribute Key | Attribute Value | +| ---------------------- | --------------------- | --------------- | +| proposal\_deposit | amount | `{depositAmount}` | +| proposal\_deposit | proposal\_id | `{proposalID}` | +| proposal\_deposit \[0] | voting\_period\_start | `{proposalID}` | +| message | module | governance | +| message | action | deposit | +| message | sender | `{senderAddress}` | + +* \[0] Event only emitted if the voting period starts during the submission. + +## Parameters + +The governance module contains the following parameters: + +| Key | Type | Example | +| -------------------------------- | ---------------- | ---------------------------------------- | +| min\_deposit | array (coins) | \[`{"denom":"uatom","amount":"10000000"}`] | +| max\_deposit\_period | string (time ns) | "172800000000000" (17280s) | +| voting\_period | string (time ns) | "172800000000000" (17280s) | +| quorum | string (dec) | "0.334000000000000000" | +| threshold | string (dec) | "0.500000000000000000" | +| veto | string (dec) | "0.334000000000000000" | +| expedited\_threshold | string (time ns) | "0.667000000000000000" | +| expedited\_voting\_period | string (time ns) | "86400000000000" (8600s) | +| expedited\_min\_deposit | array (coins) | \[`{"denom":"uatom","amount":"50000000"}`] | +| burn\_proposal\_deposit\_prevote | bool | false | +| burn\_vote\_quorum | bool | false | +| burn\_vote\_veto | bool | true | +| min\_initial\_deposit\_ratio | string | "0.1" | + +**NOTE**: The governance module contains parameters that are objects unlike other +modules. If only a subset of parameters are desired to be changed, only they need +to be included and not the entire parameter object structure. + +## Client + +### CLI + +A user can query and interact with the `gov` module using the CLI. + +#### Query + +The `query` commands allow users to query `gov` state. + +```bash +simd query gov --help +``` + +##### deposit + +The `deposit` command allows users to query a deposit for a given proposal from a given depositor. + +```bash +simd query gov deposit [proposal-id] [depositor-addr] [flags] +``` + +Example: + +```bash +simd query gov deposit 1 cosmos1.. +``` + +Example Output: + +```bash +amount: +- amount: "100" + denom: stake +depositor: cosmos1.. +proposal_id: "1" +``` + +##### deposits + +The `deposits` command allows users to query all deposits for a given proposal. + +```bash +simd query gov deposits [proposal-id] [flags] +``` + +Example: + +```bash +simd query gov deposits 1 +``` + +Example Output: + +```bash +deposits: +- amount: + - amount: "100" + denom: stake + depositor: cosmos1.. + proposal_id: "1" +pagination: + next_key: null + total: "0" +``` + +##### param + +The `param` command allows users to query a given parameter for the `gov` module. + +```bash +simd query gov param [param-type] [flags] +``` + +Example: + +```bash +simd query gov param voting +``` + +Example Output: + +```bash +voting_period: "172800000000000" +``` + +##### params + +The `params` command allows users to query all parameters for the `gov` module. + +```bash +simd query gov params [flags] +``` + +Example: + +```bash +simd query gov params +``` + +Example Output: + +```bash expandable +deposit_params: + max_deposit_period: 172800s + min_deposit: + - amount: "10000000" + denom: stake +params: + expedited_min_deposit: + - amount: "50000000" + denom: stake + expedited_threshold: "0.670000000000000000" + expedited_voting_period: 86400s + max_deposit_period: 172800s + min_deposit: + - amount: "10000000" + denom: stake + min_initial_deposit_ratio: "0.000000000000000000" + proposal_cancel_burn_rate: "0.500000000000000000" + quorum: "0.334000000000000000" + threshold: "0.500000000000000000" + veto_threshold: "0.334000000000000000" + voting_period: 172800s +tally_params: + quorum: "0.334000000000000000" + threshold: "0.500000000000000000" + veto_threshold: "0.334000000000000000" +voting_params: + voting_period: 172800s +``` + +##### proposal + +The `proposal` command allows users to query a given proposal. + +```bash +simd query gov proposal [proposal-id] [flags] +``` + +Example: + +```bash +simd query gov proposal 1 +``` + +Example Output: + +```bash expandable +deposit_end_time: "2022-03-30T11:50:20.819676256Z" +final_tally_result: + abstain_count: "0" + no_count: "0" + no_with_veto_count: "0" + yes_count: "0" +id: "1" +messages: +- '@type': /cosmos.bank.v1beta1.MsgSend + amount: + - amount: "10" + denom: stake + from_address: cosmos1.. + to_address: cosmos1.. +metadata: AQ== +status: PROPOSAL_STATUS_DEPOSIT_PERIOD +submit_time: "2022-03-28T11:50:20.819676256Z" +total_deposit: +- amount: "10" + denom: stake +voting_end_time: null +voting_start_time: null +``` + +##### proposals + +The `proposals` command allows users to query all proposals with optional filters. + +```bash +simd query gov proposals [flags] +``` + +Example: + +```bash +simd query gov proposals +``` + +Example Output: + +```bash expandable +pagination: + next_key: null + total: "0" +proposals: +- deposit_end_time: "2022-03-30T11:50:20.819676256Z" + final_tally_result: + abstain_count: "0" + no_count: "0" + no_with_veto_count: "0" + yes_count: "0" + id: "1" + messages: + - '@type': /cosmos.bank.v1beta1.MsgSend + amount: + - amount: "10" + denom: stake + from_address: cosmos1.. + to_address: cosmos1.. + metadata: AQ== + status: PROPOSAL_STATUS_DEPOSIT_PERIOD + submit_time: "2022-03-28T11:50:20.819676256Z" + total_deposit: + - amount: "10" + denom: stake + voting_end_time: null + voting_start_time: null +- deposit_end_time: "2022-03-30T14:02:41.165025015Z" + final_tally_result: + abstain_count: "0" + no_count: "0" + no_with_veto_count: "0" + yes_count: "0" + id: "2" + messages: + - '@type': /cosmos.bank.v1beta1.MsgSend + amount: + - amount: "10" + denom: stake + from_address: cosmos1.. + to_address: cosmos1.. + metadata: AQ== + status: PROPOSAL_STATUS_DEPOSIT_PERIOD + submit_time: "2022-03-28T14:02:41.165025015Z" + total_deposit: + - amount: "10" + denom: stake + voting_end_time: null + voting_start_time: null +``` + +##### proposer + +The `proposer` command allows users to query the proposer for a given proposal. + +```bash +simd query gov proposer [proposal-id] [flags] +``` + +Example: + +```bash +simd query gov proposer 1 +``` + +Example Output: + +```bash +proposal_id: "1" +proposer: cosmos1.. +``` + +##### tally + +The `tally` command allows users to query the tally of a given proposal vote. + +```bash +simd query gov tally [proposal-id] [flags] +``` + +Example: + +```bash +simd query gov tally 1 +``` + +Example Output: + +```bash +abstain: "0" +"no": "0" +no_with_veto: "0" +"yes": "1" +``` + +##### vote + +The `vote` command allows users to query a vote for a given proposal. + +```bash +simd query gov vote [proposal-id] [voter-addr] [flags] +``` + +Example: + +```bash +simd query gov vote 1 cosmos1.. +``` + +Example Output: + +```bash +option: VOTE_OPTION_YES +options: +- option: VOTE_OPTION_YES + weight: "1.000000000000000000" +proposal_id: "1" +voter: cosmos1.. +``` + +##### votes + +The `votes` command allows users to query all votes for a given proposal. + +```bash +simd query gov votes [proposal-id] [flags] +``` + +Example: + +```bash +simd query gov votes 1 +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "0" +votes: +- option: VOTE_OPTION_YES + options: + - option: VOTE_OPTION_YES + weight: "1.000000000000000000" + proposal_id: "1" + voter: cosmos1.. +``` + +#### Transactions + +The `tx` commands allow users to interact with the `gov` module. + +```bash +simd tx gov --help +``` + +##### deposit + +The `deposit` command allows users to deposit tokens for a given proposal. + +```bash +simd tx gov deposit [proposal-id] [deposit] [flags] +``` + +Example: + +```bash +simd tx gov deposit 1 10000000stake --from cosmos1.. +``` + +##### draft-proposal + +The `draft-proposal` command allows users to draft any type of proposal. +The command returns a `draft_proposal.json`, to be used by `submit-proposal` after being completed. +The `draft_metadata.json` is meant to be uploaded to [IPFS](#metadata). + +```bash +simd tx gov draft-proposal +``` + +##### submit-proposal + +The `submit-proposal` command allows users to submit a governance proposal along with some messages and metadata. +Messages, metadata and deposit are defined in a JSON file. + +```bash +simd tx gov submit-proposal [path-to-proposal-json] [flags] +``` + +Example: + +```bash +simd tx gov submit-proposal /path/to/proposal.json --from cosmos1.. +``` + +where `proposal.json` contains: + +```json expandable +{ + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1...", // The gov module address + "to_address": "cosmos1...", + "amount":[{ + "denom": "stake", + "amount": "10"}] + } + ], + "metadata": "AQ==", + "deposit": "10stake", + "title": "Proposal Title", + "summary": "Proposal Summary" +} +``` + + +By default the metadata, summary and title are both limited by 255 characters, this can be overridden by the application developer. + + + +When metadata is not specified, the title is limited to 255 characters and the summary 40x the title length. + + +##### submit-legacy-proposal + +The `submit-legacy-proposal` command allows users to submit a governance legacy proposal along with an initial deposit. + +```bash +simd tx gov submit-legacy-proposal [command] [flags] +``` + +Example: + +```bash +simd tx gov submit-legacy-proposal --title="Test Proposal" --description="testing" --type="Text" --deposit="100000000stake" --from cosmos1.. +``` + +Example (`param-change`): + +```bash +simd tx gov submit-legacy-proposal param-change proposal.json --from cosmos1.. +``` + +```json expandable +{ + "title": "Test Proposal", + "description": "testing, testing, 1, 2, 3", + "changes": [ + { + "subspace": "staking", + "key": "MaxValidators", + "value": 100 + } + ], + "deposit": "10000000stake" +} +``` + +#### cancel-proposal + +Once proposal is canceled, from the deposits of proposal `deposits * proposal_cancel_ratio` will be burned or sent to `ProposalCancelDest` address , if `ProposalCancelDest` is empty then deposits will be burned. The `remaining deposits` will be sent to depositors. + +```bash +simd tx gov cancel-proposal [proposal-id] [flags] +``` + +Example: + +```bash +simd tx gov cancel-proposal 1 --from cosmos1... +``` + +##### vote + +The `vote` command allows users to submit a vote for a given governance proposal. + +```bash +simd tx gov vote [command] [flags] +``` + +Example: + +```bash +simd tx gov vote 1 yes --from cosmos1.. +``` + +##### weighted-vote + +The `weighted-vote` command allows users to submit a weighted vote for a given governance proposal. + +```bash +simd tx gov weighted-vote [proposal-id] [weighted-options] [flags] +``` + +Example: + +```bash +simd tx gov weighted-vote 1 yes=0.5,no=0.5 --from cosmos1.. +``` + +### gRPC + +A user can query the `gov` module using gRPC endpoints. + +#### Proposal + +The `Proposal` endpoint allows users to query a given proposal. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Proposal +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Proposal +``` + +Example Output: + +```bash expandable +{ + "proposal": { + "proposalId": "1", + "content": {"@type":"/cosmos.gov.v1beta1.TextProposal","description":"testing, testing, 1, 2, 3","title":"Test Proposal"}, + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "finalTallyResult": { + "yes": "0", + "abstain": "0", + "no": "0", + "noWithVeto": "0" + }, + "submitTime": "2021-09-16T19:40:08.712440474Z", + "depositEndTime": "2021-09-18T19:40:08.712440474Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10000000" + } + ], + "votingStartTime": "2021-09-16T19:40:08.712440474Z", + "votingEndTime": "2021-09-18T19:40:08.712440474Z", + "title": "Test Proposal", + "summary": "testing, testing, 1, 2, 3" + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Proposal +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Proposal +``` + +Example Output: + +```bash expandable +{ + "proposal": { + "id": "1", + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"10"}],"fromAddress":"cosmos1..","toAddress":"cosmos1.."} + ], + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "finalTallyResult": { + "yesCount": "0", + "abstainCount": "0", + "noCount": "0", + "noWithVetoCount": "0" + }, + "submitTime": "2022-03-28T11:50:20.819676256Z", + "depositEndTime": "2022-03-30T11:50:20.819676256Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10000000" + } + ], + "votingStartTime": "2022-03-28T14:25:26.644857113Z", + "votingEndTime": "2022-03-30T14:25:26.644857113Z", + "metadata": "AQ==", + "title": "Test Proposal", + "summary": "testing, testing, 1, 2, 3" + } +} +``` + +#### Proposals + +The `Proposals` endpoint allows users to query all proposals with optional filters. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Proposals +``` + +Example: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Proposals +``` + +Example Output: + +```bash expandable +{ + "proposals": [ + { + "proposalId": "1", + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "finalTallyResult": { + "yes": "0", + "abstain": "0", + "no": "0", + "noWithVeto": "0" + }, + "submitTime": "2022-03-28T11:50:20.819676256Z", + "depositEndTime": "2022-03-30T11:50:20.819676256Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10000000010" + } + ], + "votingStartTime": "2022-03-28T14:25:26.644857113Z", + "votingEndTime": "2022-03-30T14:25:26.644857113Z" + }, + { + "proposalId": "2", + "status": "PROPOSAL_STATUS_DEPOSIT_PERIOD", + "finalTallyResult": { + "yes": "0", + "abstain": "0", + "no": "0", + "noWithVeto": "0" + }, + "submitTime": "2022-03-28T14:02:41.165025015Z", + "depositEndTime": "2022-03-30T14:02:41.165025015Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10" + } + ], + "votingStartTime": "0001-01-01T00:00:00Z", + "votingEndTime": "0001-01-01T00:00:00Z" + } + ], + "pagination": { + "total": "2" + } +} + +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Proposals +``` + +Example: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + cosmos.gov.v1.Query/Proposals +``` + +Example Output: + +```bash expandable +{ + "proposals": [ + { + "id": "1", + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"10"}],"fromAddress":"cosmos1..","toAddress":"cosmos1.."} + ], + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "finalTallyResult": { + "yesCount": "0", + "abstainCount": "0", + "noCount": "0", + "noWithVetoCount": "0" + }, + "submitTime": "2022-03-28T11:50:20.819676256Z", + "depositEndTime": "2022-03-30T11:50:20.819676256Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10000000010" + } + ], + "votingStartTime": "2022-03-28T14:25:26.644857113Z", + "votingEndTime": "2022-03-30T14:25:26.644857113Z", + "metadata": "AQ==", + "title": "Proposal Title", + "summary": "Proposal Summary" + }, + { + "id": "2", + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"10"}],"fromAddress":"cosmos1..","toAddress":"cosmos1.."} + ], + "status": "PROPOSAL_STATUS_DEPOSIT_PERIOD", + "finalTallyResult": { + "yesCount": "0", + "abstainCount": "0", + "noCount": "0", + "noWithVetoCount": "0" + }, + "submitTime": "2022-03-28T14:02:41.165025015Z", + "depositEndTime": "2022-03-30T14:02:41.165025015Z", + "totalDeposit": [ + { + "denom": "stake", + "amount": "10" + } + ], + "metadata": "AQ==", + "title": "Proposal Title", + "summary": "Proposal Summary" + } + ], + "pagination": { + "total": "2" + } +} +``` + +#### Vote + +The `Vote` endpoint allows users to query a vote for a given proposal. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Vote +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1","voter":"cosmos1.."}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Vote +``` + +Example Output: + +```bash expandable +{ + "vote": { + "proposalId": "1", + "voter": "cosmos1..", + "option": "VOTE_OPTION_YES", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1000000000000000000" + } + ] + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Vote +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1","voter":"cosmos1.."}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Vote +``` + +Example Output: + +```bash expandable +{ + "vote": { + "proposalId": "1", + "voter": "cosmos1..", + "option": "VOTE_OPTION_YES", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ] + } +} +``` + +#### Votes + +The `Votes` endpoint allows users to query all votes for a given proposal. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Votes +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Votes +``` + +Example Output: + +```bash expandable +{ + "votes": [ + { + "proposalId": "1", + "voter": "cosmos1..", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1000000000000000000" + } + ] + } + ], + "pagination": { + "total": "1" + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Votes +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Votes +``` + +Example Output: + +```bash expandable +{ + "votes": [ + { + "proposalId": "1", + "voter": "cosmos1..", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ] + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### Params + +The `Params` endpoint allows users to query all parameters for the `gov` module. + +{/* TODO: #10197 Querying governance params outputs nil values */} + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Params +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"params_type":"voting"}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Params +``` + +Example Output: + +```bash expandable +{ + "votingParams": { + "votingPeriod": "172800s" + }, + "depositParams": { + "maxDepositPeriod": "0s" + }, + "tallyParams": { + "quorum": "MA==", + "threshold": "MA==", + "vetoThreshold": "MA==" + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Params +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"params_type":"voting"}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Params +``` + +Example Output: + +```bash +{ + "votingParams": { + "votingPeriod": "172800s" + } +} +``` + +#### Deposit + +The `Deposit` endpoint allows users to query a deposit for a given proposal from a given depositor. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Deposit +``` + +Example: + +```bash +grpcurl -plaintext \ + '{"proposal_id":"1","depositor":"cosmos1.."}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Deposit +``` + +Example Output: + +```bash expandable +{ + "deposit": { + "proposalId": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Deposit +``` + +Example: + +```bash +grpcurl -plaintext \ + '{"proposal_id":"1","depositor":"cosmos1.."}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Deposit +``` + +Example Output: + +```bash expandable +{ + "deposit": { + "proposalId": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } +} +``` + +#### deposits + +The `Deposits` endpoint allows users to query all deposits for a given proposal. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/Deposits +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/Deposits +``` + +Example Output: + +```bash expandable +{ + "deposits": [ + { + "proposalId": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } + ], + "pagination": { + "total": "1" + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/Deposits +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1.Query/Deposits +``` + +Example Output: + +```bash expandable +{ + "deposits": [ + { + "proposalId": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### TallyResult + +The `TallyResult` endpoint allows users to query the tally of a given proposal. + +Using legacy v1beta1: + +```bash +cosmos.gov.v1beta1.Query/TallyResult +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1beta1.Query/TallyResult +``` + +Example Output: + +```bash +{ + "tally": { + "yes": "1000000", + "abstain": "0", + "no": "0", + "noWithVeto": "0" + } +} +``` + +Using v1: + +```bash +cosmos.gov.v1.Query/TallyResult +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' \ + localhost:9090 \ + cosmos.gov.v1.Query/TallyResult +``` + +Example Output: + +```bash +{ + "tally": { + "yes": "1000000", + "abstain": "0", + "no": "0", + "noWithVeto": "0" + } +} +``` + +### REST + +A user can query the `gov` module using REST endpoints. + +#### proposal + +The `proposals` endpoint allows users to query a given proposal. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1 +``` + +Example Output: + +```bash expandable +{ + "proposal": { + "proposal_id": "1", + "content": null, + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "final_tally_result": { + "yes": "0", + "abstain": "0", + "no": "0", + "no_with_veto": "0" + }, + "submit_time": "2022-03-28T11:50:20.819676256Z", + "deposit_end_time": "2022-03-30T11:50:20.819676256Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10000000010" + } + ], + "voting_start_time": "2022-03-28T14:25:26.644857113Z", + "voting_end_time": "2022-03-30T14:25:26.644857113Z" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1 +``` + +Example Output: + +```bash expandable +{ + "proposal": { + "id": "1", + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1..", + "to_address": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10" + } + ] + } + ], + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "final_tally_result": { + "yes_count": "0", + "abstain_count": "0", + "no_count": "0", + "no_with_veto_count": "0" + }, + "submit_time": "2022-03-28T11:50:20.819676256Z", + "deposit_end_time": "2022-03-30T11:50:20.819676256Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10000000" + } + ], + "voting_start_time": "2022-03-28T14:25:26.644857113Z", + "voting_end_time": "2022-03-30T14:25:26.644857113Z", + "metadata": "AQ==", + "title": "Proposal Title", + "summary": "Proposal Summary" + } +} +``` + +#### proposals + +The `proposals` endpoint also allows users to query all proposals with optional filters. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals +``` + +Example Output: + +```bash expandable +{ + "proposals": [ + { + "proposal_id": "1", + "content": null, + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "final_tally_result": { + "yes": "0", + "abstain": "0", + "no": "0", + "no_with_veto": "0" + }, + "submit_time": "2022-03-28T11:50:20.819676256Z", + "deposit_end_time": "2022-03-30T11:50:20.819676256Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10000000" + } + ], + "voting_start_time": "2022-03-28T14:25:26.644857113Z", + "voting_end_time": "2022-03-30T14:25:26.644857113Z" + }, + { + "proposal_id": "2", + "content": null, + "status": "PROPOSAL_STATUS_DEPOSIT_PERIOD", + "final_tally_result": { + "yes": "0", + "abstain": "0", + "no": "0", + "no_with_veto": "0" + }, + "submit_time": "2022-03-28T14:02:41.165025015Z", + "deposit_end_time": "2022-03-30T14:02:41.165025015Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10" + } + ], + "voting_start_time": "0001-01-01T00:00:00Z", + "voting_end_time": "0001-01-01T00:00:00Z" + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals +``` + +Example Output: + +```bash expandable +{ + "proposals": [ + { + "id": "1", + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1..", + "to_address": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10" + } + ] + } + ], + "status": "PROPOSAL_STATUS_VOTING_PERIOD", + "final_tally_result": { + "yes_count": "0", + "abstain_count": "0", + "no_count": "0", + "no_with_veto_count": "0" + }, + "submit_time": "2022-03-28T11:50:20.819676256Z", + "deposit_end_time": "2022-03-30T11:50:20.819676256Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10000000010" + } + ], + "voting_start_time": "2022-03-28T14:25:26.644857113Z", + "voting_end_time": "2022-03-30T14:25:26.644857113Z", + "metadata": "AQ==", + "title": "Proposal Title", + "summary": "Proposal Summary" + }, + { + "id": "2", + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1..", + "to_address": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10" + } + ] + } + ], + "status": "PROPOSAL_STATUS_DEPOSIT_PERIOD", + "final_tally_result": { + "yes_count": "0", + "abstain_count": "0", + "no_count": "0", + "no_with_veto_count": "0" + }, + "submit_time": "2022-03-28T14:02:41.165025015Z", + "deposit_end_time": "2022-03-30T14:02:41.165025015Z", + "total_deposit": [ + { + "denom": "stake", + "amount": "10" + } + ], + "voting_start_time": null, + "voting_end_time": null, + "metadata": "AQ==", + "title": "Proposal Title", + "summary": "Proposal Summary" + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +#### voter vote + +The `votes` endpoint allows users to query a vote for a given proposal. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id}/votes/{voter} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1/votes/cosmos1.. +``` + +Example Output: + +```bash expandable +{ + "vote": { + "proposal_id": "1", + "voter": "cosmos1..", + "option": "VOTE_OPTION_YES", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ] + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id}/votes/{voter} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1/votes/cosmos1.. +``` + +Example Output: + +```bash expandable +{ + "vote": { + "proposal_id": "1", + "voter": "cosmos1..", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ], + "metadata": "" + } +} +``` + +#### votes + +The `votes` endpoint allows users to query all votes for a given proposal. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id}/votes +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1/votes +``` + +Example Output: + +```bash expandable +{ + "votes": [ + { + "proposal_id": "1", + "voter": "cosmos1..", + "option": "VOTE_OPTION_YES", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id}/votes +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1/votes +``` + +Example Output: + +```bash expandable +{ + "votes": [ + { + "proposal_id": "1", + "voter": "cosmos1..", + "options": [ + { + "option": "VOTE_OPTION_YES", + "weight": "1.000000000000000000" + } + ], + "metadata": "" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### params + +The `params` endpoint allows users to query all parameters for the `gov` module. + +{/* TODO: #10197 Querying governance params outputs nil values */} + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/params/{params_type} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/params/voting +``` + +Example Output: + +```bash expandable +{ + "voting_params": { + "voting_period": "172800s" + }, + "deposit_params": { + "min_deposit": [ + ], + "max_deposit_period": "0s" + }, + "tally_params": { + "quorum": "0.000000000000000000", + "threshold": "0.000000000000000000", + "veto_threshold": "0.000000000000000000" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/params/{params_type} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/params/voting +``` + +Example Output: + +```bash expandable +{ + "voting_params": { + "voting_period": "172800s" + }, + "deposit_params": { + "min_deposit": [ + ], + "max_deposit_period": "0s" + }, + "tally_params": { + "quorum": "0.000000000000000000", + "threshold": "0.000000000000000000", + "veto_threshold": "0.000000000000000000" + } +} +``` + +#### deposits + +The `deposits` endpoint allows users to query a deposit for a given proposal from a given depositor. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id}/deposits/{depositor} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1/deposits/cosmos1.. +``` + +Example Output: + +```bash expandable +{ + "deposit": { + "proposal_id": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id}/deposits/{depositor} +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1/deposits/cosmos1.. +``` + +Example Output: + +```bash expandable +{ + "deposit": { + "proposal_id": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } +} +``` + +#### proposal deposits + +The `deposits` endpoint allows users to query all deposits for a given proposal. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id}/deposits +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1/deposits +``` + +Example Output: + +```bash expandable +{ + "deposits": [ + { + "proposal_id": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id}/deposits +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1/deposits +``` + +Example Output: + +```bash expandable +{ + "deposits": [ + { + "proposal_id": "1", + "depositor": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "10000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### tally + +The `tally` endpoint allows users to query the tally of a given proposal. + +Using legacy v1beta1: + +```bash +/cosmos/gov/v1beta1/proposals/{proposal_id}/tally +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1beta1/proposals/1/tally +``` + +Example Output: + +```bash +{ + "tally": { + "yes": "1000000", + "abstain": "0", + "no": "0", + "no_with_veto": "0" + } +} +``` + +Using v1: + +```bash +/cosmos/gov/v1/proposals/{proposal_id}/tally +``` + +Example: + +```bash +curl localhost:1317/cosmos/gov/v1/proposals/1/tally +``` + +Example Output: + +```bash +{ + "tally": { + "yes": "1000000", + "abstain": "0", + "no": "0", + "no_with_veto": "0" + } +} +``` + +## Metadata + +The gov module has two locations for metadata where users can provide further context about the on-chain actions they are taking. By default all metadata fields have a 255 character length field where metadata can be stored in json format, either on-chain or off-chain depending on the amount of data required. Here we provide a recommendation for the json structure and where the data should be stored. There are two important factors in making these recommendations. First, that the gov and group modules are consistent with one another, note the number of proposals made by all groups may be quite large. Second, that client applications such as block explorers and governance interfaces have confidence in the consistency of metadata structure across chains. + +### Proposal + +Location: off-chain as json object stored on IPFS (mirrors [group proposal](/docs/sdk/vnext/build/modules/group/README#metadata)) + +```json +{ + "title": "", + "authors": [""], + "summary": "", + "details": "", + "proposal_forum_url": "", + "vote_option_context": "", +} +``` + + +The `authors` field is an array of strings, this is to allow for multiple authors to be listed in the metadata. +In v0.46, the `authors` field is a comma-separated string. Frontends are encouraged to support both formats for backwards compatibility. + + +### Vote + +Location: on-chain as json within 255 character limit (mirrors [group vote](/docs/sdk/vnext/build/modules/group/README#metadata)) + +```json +{ + "justification": "", +} +``` + +## Future Improvements + +The current documentation only describes the minimum viable product for the +governance module. Future improvements may include: + +* **`BountyProposals`:** If accepted, a `BountyProposal` creates an open + bounty. The `BountyProposal` specifies how many Atoms will be given upon + completion. These Atoms will be taken from the `reserve pool`. After a + `BountyProposal` is accepted by governance, anybody can submit a + `SoftwareUpgradeProposal` with the code to claim the bounty. Note that once a + `BountyProposal` is accepted, the corresponding funds in the `reserve pool` + are locked so that payment can always be honored. In order to link a + `SoftwareUpgradeProposal` to an open bounty, the submitter of the + `SoftwareUpgradeProposal` will use the `Proposal.LinkedProposal` attribute. + If a `SoftwareUpgradeProposal` linked to an open bounty is accepted by + governance, the funds that were reserved are automatically transferred to the + submitter. +* **Complex delegation:** Delegators could choose other representatives than + their validators. Ultimately, the chain of representatives would always end + up to a validator, but delegators could inherit the vote of their chosen + representative before they inherit the vote of their validator. In other + words, they would only inherit the vote of their validator if their other + appointed representative did not vote. +* **Better process for proposal review:** There would be two parts to + `proposal.Deposit`, one for anti-spam (same as in MVP) and an other one to + reward third party auditors. diff --git a/docs/sdk/next/build/modules/group/README.mdx b/docs/sdk/next/build/modules/group/README.mdx new file mode 100644 index 00000000..cb540a95 --- /dev/null +++ b/docs/sdk/next/build/modules/group/README.mdx @@ -0,0 +1,2168 @@ +--- +title: '`x/group`' +description: >- + ⚠️ DEPRECATED: This package is deprecated and will be removed in the next + major release. The x/group module will be moved to a separate repo + github.com/cosmos/cosmos-sdk-legacy. +--- +⚠️ **DEPRECATED**: This package is deprecated and will be removed in the next major release. The `x/group` module will be moved to a separate repo `github.com/cosmos/cosmos-sdk-legacy`. + +## Abstract + +The following documents specify the group module. + +This module allows the creation and management of on-chain multisig accounts and enables voting for message execution based on configurable decision policies. + +## Contents + +* [Concepts](#concepts) + * [Group](#group) + * [Group Policy](#group-policy) + * [Decision Policy](#decision-policy) + * [Proposal](#proposal) + * [Pruning](#pruning) +* [State](#state) + * [Group Table](#group-table) + * [Group Member Table](#group-member-table) + * [Group Policy Table](#group-policy-table) + * [Proposal Table](#proposal-table) + * [Vote Table](#vote-table) +* [Msg Service](#msg-service) + * [Msg/CreateGroup](#msgcreategroup) + * [Msg/UpdateGroupMembers](#msgupdategroupmembers) + * [Msg/UpdateGroupAdmin](#msgupdategroupadmin) + * [Msg/UpdateGroupMetadata](#msgupdategroupmetadata) + * [Msg/CreateGroupPolicy](#msgcreategrouppolicy) + * [Msg/CreateGroupWithPolicy](#msgcreategroupwithpolicy) + * [Msg/UpdateGroupPolicyAdmin](#msgupdategrouppolicyadmin) + * [Msg/UpdateGroupPolicyDecisionPolicy](#msgupdategrouppolicydecisionpolicy) + * [Msg/UpdateGroupPolicyMetadata](#msgupdategrouppolicymetadata) + * [Msg/SubmitProposal](#msgsubmitproposal) + * [Msg/WithdrawProposal](#msgwithdrawproposal) + * [Msg/Vote](#msgvote) + * [Msg/Exec](#msgexec) + * [Msg/LeaveGroup](#msgleavegroup) +* [Events](#events) + * [EventCreateGroup](#eventcreategroup) + * [EventUpdateGroup](#eventupdategroup) + * [EventCreateGroupPolicy](#eventcreategrouppolicy) + * [EventUpdateGroupPolicy](#eventupdategrouppolicy) + * [EventCreateProposal](#eventcreateproposal) + * [EventWithdrawProposal](#eventwithdrawproposal) + * [EventVote](#eventvote) + * [EventExec](#eventexec) + * [EventLeaveGroup](#eventleavegroup) + * [EventProposalPruned](#eventproposalpruned) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) +* [Metadata](#metadata) + +## Concepts + +### Group + +A group is simply an aggregation of accounts with associated weights. It is not +an account and doesn't have a balance. It doesn't in and of itself have any +sort of voting or decision weight. It does have an "administrator" which has +the ability to add, remove and update members in the group. Note that a +group policy account could be an administrator of a group, and that the +administrator doesn't necessarily have to be a member of the group. + +### Group Policy + +A group policy is an account associated with a group and a decision policy. +Group policies are abstracted from groups because a single group may have +multiple decision policies for different types of actions. Managing group +membership separately from decision policies results in the least overhead +and keeps membership consistent across different policies. The pattern that +is recommended is to have a single master group policy for a given group, +and then to create separate group policies with different decision policies +and delegate the desired permissions from the master account to +those "sub-accounts" using the `x/authz` module. + +### Decision Policy + +A decision policy is the mechanism by which members of a group can vote on +proposals, as well as the rules that dictate whether a proposal should pass +or not based on its tally outcome. + +All decision policies generally would have a minimum execution period and a +maximum voting window. The minimum execution period is the minimum amount of time +that must pass after submission in order for a proposal to potentially be executed, and it may +be set to 0. The maximum voting window is the maximum time after submission that a proposal may +be voted on before it is tallied. + +The chain developer also defines an app-wide maximum execution period, which is +the maximum amount of time after a proposal's voting period end where users are +allowed to execute a proposal. + +The current group module comes shipped with two decision policies: threshold +and percentage. Any chain developer can extend upon these two, by creating +custom decision policies, as long as they adhere to the `DecisionPolicy` +interface: + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/x/group/types.go#L27-L45 +``` + +#### Threshold decision policy + +A threshold decision policy defines a threshold of yes votes (based on a tally +of voter weights) that must be achieved in order for a proposal to pass. For +this decision policy, abstain and veto are simply treated as no's. + +This decision policy also has a VotingPeriod window and a MinExecutionPeriod +window. The former defines the duration after proposal submission where members +are allowed to vote, after which tallying is performed. The latter specifies +the minimum duration after proposal submission where the proposal can be +executed. If set to 0, then the proposal is allowed to be executed immediately +on submission (using the `TRY_EXEC` option). Obviously, MinExecutionPeriod +cannot be greater than VotingPeriod+MaxExecutionPeriod (where MaxExecution is +the app-defined duration that specifies the window after voting ended where a +proposal can be executed). + +#### Percentage decision policy + +A percentage decision policy is similar to a threshold decision policy, except +that the threshold is not defined as a constant weight, but as a percentage. +It's more suited for groups where the group members' weights can be updated, as +the percentage threshold stays the same, and doesn't depend on how those member +weights get updated. + +Same as the Threshold decision policy, the percentage decision policy has the +two VotingPeriod and MinExecutionPeriod parameters. + +### Proposal + +Any member(s) of a group can submit a proposal for a group policy account to decide upon. +A proposal consists of a set of messages that will be executed if the proposal +passes as well as any metadata associated with the proposal. + +#### Voting + +There are four choices to choose while voting - yes, no, abstain and veto. Not +all decision policies will take the four choices into account. Votes can contain some optional metadata. +In the current implementation, the voting window begins as soon as a proposal +is submitted, and the end is defined by the group policy's decision policy. + +#### Withdrawing Proposals + +Proposals can be withdrawn any time before the voting period end, either by the +admin of the group policy or by one of the proposers. Once withdrawn, it is +marked as `PROPOSAL_STATUS_WITHDRAWN`, and no more voting or execution is +allowed on it. + +#### Aborted Proposals + +If the group policy is updated during the voting period of the proposal, then +the proposal is marked as `PROPOSAL_STATUS_ABORTED`, and no more voting or +execution is allowed on it. This is because the group policy defines the rules +of proposal voting and execution, so if those rules change during the lifecycle +of a proposal, then the proposal should be marked as stale. + +#### Tallying + +Tallying is the counting of all votes on a proposal. It happens only once in +the lifecycle of a proposal, but can be triggered by two factors, whichever +happens first: + +* either someone tries to execute the proposal (see next section), which can + happen on a `Msg/Exec` transaction, or a `Msg/{SubmitProposal,Vote}` + transaction with the `Exec` field set. When a proposal execution is attempted, + a tally is done first to make sure the proposal passes. +* or on `EndBlock` when the proposal's voting period end just passed. + +If the tally result passes the decision policy's rules, then the proposal is +marked as `PROPOSAL_STATUS_ACCEPTED`, or else it is marked as +`PROPOSAL_STATUS_REJECTED`. In any case, no more voting is allowed anymore, and the tally +result is persisted to state in the proposal's `FinalTallyResult`. + +#### Executing Proposals + +Proposals are executed only when the tallying is done, and the group account's +decision policy allows the proposal to pass based on the tally outcome. They +are marked by the status `PROPOSAL_STATUS_ACCEPTED`. Execution must happen +before a duration of `MaxExecutionPeriod` (set by the chain developer) after +each proposal's voting period end. + +Proposals will not be automatically executed by the chain in this current design, +but rather a user must submit a `Msg/Exec` transaction to attempt to execute the +proposal based on the current votes and decision policy. Any user (not only the +group members) can execute proposals that have been accepted, and execution fees are +paid by the proposal executor. +It's also possible to try to execute a proposal immediately on creation or on +new votes using the `Exec` field of `Msg/SubmitProposal` and `Msg/Vote` requests. +In the former case, proposers signatures are considered as yes votes. +In these cases, if the proposal can't be executed (i.e. it didn't pass the +decision policy's rules), it will still be opened for new votes and +could be tallied and executed later on. + +A successful proposal execution will have its `ExecutorResult` marked as +`PROPOSAL_EXECUTOR_RESULT_SUCCESS`. The proposal will be automatically pruned +after execution. On the other hand, a failed proposal execution will be marked +as `PROPOSAL_EXECUTOR_RESULT_FAILURE`. Such a proposal can be re-executed +multiple times, until it expires after `MaxExecutionPeriod` after voting period +end. + +### Pruning + +Proposals and votes are automatically pruned to avoid state bloat. + +Votes are pruned: + +* either after a successful tally, i.e. a tally whose result passes the decision + policy's rules, which can be triggered by a `Msg/Exec` or a + `Msg/{SubmitProposal,Vote}` with the `Exec` field set, +* or on `EndBlock` right after the proposal's voting period end. This applies to proposals with status `aborted` or `withdrawn` too. + +whichever happens first. + +Proposals are pruned: + +* on `EndBlock` whose proposal status is `withdrawn` or `aborted` on proposal's voting period end before tallying, +* and either after a successful proposal execution, +* or on `EndBlock` right after the proposal's `voting_period_end` + + `max_execution_period` (defined as an app-wide configuration) is passed, + +whichever happens first. + +## State + +The `group` module uses the `orm` package which provides table storage with support for +primary keys and secondary indexes. `orm` also defines `Sequence` which is a persistent unique key generator based on a counter that can be used along with `Table`s. + +Here's the list of tables and associated sequences and indexes stored as part of the `group` module. + +### Group Table + +The `groupTable` stores `GroupInfo`: `0x0 | BigEndian(GroupId) -> ProtocolBuffer(GroupInfo)`. + +#### groupSeq + +The value of `groupSeq` is incremented when creating a new group and corresponds to the new `GroupId`: `0x1 | 0x1 -> BigEndian`. + +The second `0x1` corresponds to the ORM `sequenceStorageKey`. + +#### groupByAdminIndex + +`groupByAdminIndex` allows to retrieve groups by admin address: +`0x2 | len([]byte(group.Admin)) | []byte(group.Admin) | BigEndian(GroupId) -> []byte()`. + +### Group Member Table + +The `groupMemberTable` stores `GroupMember`s: `0x10 | BigEndian(GroupId) | []byte(member.Address) -> ProtocolBuffer(GroupMember)`. + +The `groupMemberTable` is a primary key table and its `PrimaryKey` is given by +`BigEndian(GroupId) | []byte(member.Address)` which is used by the following indexes. + +#### groupMemberByGroupIndex + +`groupMemberByGroupIndex` allows to retrieve group members by group id: +`0x11 | BigEndian(GroupId) | PrimaryKey -> []byte()`. + +#### groupMemberByMemberIndex + +`groupMemberByMemberIndex` allows to retrieve group members by member address: +`0x12 | len([]byte(member.Address)) | []byte(member.Address) | PrimaryKey -> []byte()`. + +### Group Policy Table + +The `groupPolicyTable` stores `GroupPolicyInfo`: `0x20 | len([]byte(Address)) | []byte(Address) -> ProtocolBuffer(GroupPolicyInfo)`. + +The `groupPolicyTable` is a primary key table and its `PrimaryKey` is given by +`len([]byte(Address)) | []byte(Address)` which is used by the following indexes. + +#### groupPolicySeq + +The value of `groupPolicySeq` is incremented when creating a new group policy and is used to generate the new group policy account `Address`: +`0x21 | 0x1 -> BigEndian`. + +The second `0x1` corresponds to the ORM `sequenceStorageKey`. + +#### groupPolicyByGroupIndex + +`groupPolicyByGroupIndex` allows to retrieve group policies by group id: +`0x22 | BigEndian(GroupId) | PrimaryKey -> []byte()`. + +#### groupPolicyByAdminIndex + +`groupPolicyByAdminIndex` allows to retrieve group policies by admin address: +`0x23 | len([]byte(Address)) | []byte(Address) | PrimaryKey -> []byte()`. + +### Proposal Table + +The `proposalTable` stores `Proposal`s: `0x30 | BigEndian(ProposalId) -> ProtocolBuffer(Proposal)`. + +#### proposalSeq + +The value of `proposalSeq` is incremented when creating a new proposal and corresponds to the new `ProposalId`: `0x31 | 0x1 -> BigEndian`. + +The second `0x1` corresponds to the ORM `sequenceStorageKey`. + +#### proposalByGroupPolicyIndex + +`proposalByGroupPolicyIndex` allows to retrieve proposals by group policy account address: +`0x32 | len([]byte(account.Address)) | []byte(account.Address) | BigEndian(ProposalId) -> []byte()`. + +#### ProposalsByVotingPeriodEndIndex + +`proposalsByVotingPeriodEndIndex` allows to retrieve proposals sorted by chronological `voting_period_end`: +`0x33 | sdk.FormatTimeBytes(proposal.VotingPeriodEnd) | BigEndian(ProposalId) -> []byte()`. + +This index is used when tallying the proposal votes at the end of the voting period, and for pruning proposals at `VotingPeriodEnd + MaxExecutionPeriod`. + +### Vote Table + +The `voteTable` stores `Vote`s: `0x40 | BigEndian(ProposalId) | []byte(voter.Address) -> ProtocolBuffer(Vote)`. + +The `voteTable` is a primary key table and its `PrimaryKey` is given by +`BigEndian(ProposalId) | []byte(voter.Address)` which is used by the following indexes. + +#### voteByProposalIndex + +`voteByProposalIndex` allows to retrieve votes by proposal id: +`0x41 | BigEndian(ProposalId) | PrimaryKey -> []byte()`. + +#### voteByVoterIndex + +`voteByVoterIndex` allows to retrieve votes by voter address: +`0x42 | len([]byte(voter.Address)) | []byte(voter.Address) | PrimaryKey -> []byte()`. + +## Msg Service + +### Msg/CreateGroup + +A new group can be created with the `MsgCreateGroup`, which has an admin address, a list of members and some optional metadata. + +The metadata has a maximum length that is chosen by the app developer, and +passed into the group keeper as a config. + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L67-L80 +``` + +It's expected to fail if + +* metadata length is greater than `MaxMetadataLen` config +* members are not correctly set (e.g. wrong address format, duplicates, or with 0 weight). + +### Msg/UpdateGroupMembers + +Group members can be updated with the `UpdateGroupMembers`. + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L88-L102 +``` + +In the list of `MemberUpdates`, an existing member can be removed by setting its weight to 0. + +It's expected to fail if: + +* the signer is not the admin of the group. +* for any one of the associated group policies, if its decision policy's `Validate()` method fails against the updated group. + +### Msg/UpdateGroupAdmin + +The `UpdateGroupAdmin` can be used to update a group admin. + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L107-L120 +``` + +It's expected to fail if the signer is not the admin of the group. + +### Msg/UpdateGroupMetadata + +The `UpdateGroupMetadata` can be used to update a group metadata. + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L125-L138 +``` + +It's expected to fail if: + +* new metadata length is greater than `MaxMetadataLen` config. +* the signer is not the admin of the group. + +### Msg/CreateGroupPolicy + +A new group policy can be created with the `MsgCreateGroupPolicy`, which has an admin address, a group id, a decision policy and some optional metadata. + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L147-L165 +``` + +It's expected to fail if: + +* the signer is not the admin of the group. +* metadata length is greater than `MaxMetadataLen` config. +* the decision policy's `Validate()` method doesn't pass against the group. + +### Msg/CreateGroupWithPolicy + +A new group with policy can be created with the `MsgCreateGroupWithPolicy`, which has an admin address, a list of members, a decision policy, a `group_policy_as_admin` field to optionally set group and group policy admin with group policy address and some optional metadata for group and group policy. + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L191-L215 +``` + +It's expected to fail for the same reasons as `Msg/CreateGroup` and `Msg/CreateGroupPolicy`. + +### Msg/UpdateGroupPolicyAdmin + +The `UpdateGroupPolicyAdmin` can be used to update a group policy admin. + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L173-L186 +``` + +It's expected to fail if the signer is not the admin of the group policy. + +### Msg/UpdateGroupPolicyDecisionPolicy + +The `UpdateGroupPolicyDecisionPolicy` can be used to update a decision policy. + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L226-L241 +``` + +It's expected to fail if: + +* the signer is not the admin of the group policy. +* the new decision policy's `Validate()` method doesn't pass against the group. + +### Msg/UpdateGroupPolicyMetadata + +The `UpdateGroupPolicyMetadata` can be used to update a group policy metadata. + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L246-L259 +``` + +It's expected to fail if: + +* new metadata length is greater than `MaxMetadataLen` config. +* the signer is not the admin of the group. + +### Msg/SubmitProposal + +A new proposal can be created with the `MsgSubmitProposal`, which has a group policy account address, a list of proposers addresses, a list of messages to execute if the proposal is accepted and some optional metadata. +An optional `Exec` value can be provided to try to execute the proposal immediately after proposal creation. Proposers signatures are considered as yes votes in this case. + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L281-L315 +``` + +It's expected to fail if: + +* metadata, title, or summary length is greater than `MaxMetadataLen` config. +* if any of the proposers is not a group member. + +### Msg/WithdrawProposal + +A proposal can be withdrawn using `MsgWithdrawProposal` which has an `address` (can be either a proposer or the group policy admin) and a `proposal_id` (which has to be withdrawn). + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L323-L333 +``` + +It's expected to fail if: + +* the signer is neither the group policy admin nor proposer of the proposal. +* the proposal is already closed or aborted. + +### Msg/Vote + +A new vote can be created with the `MsgVote`, given a proposal id, a voter address, a choice (yes, no, veto or abstain) and some optional metadata. +An optional `Exec` value can be provided to try to execute the proposal immediately after voting. + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L338-L358 +``` + +It's expected to fail if: + +* metadata length is greater than `MaxMetadataLen` config. +* the proposal is not in voting period anymore. + +### Msg/Exec + +A proposal can be executed with the `MsgExec`. + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L363-L373 +``` + +The messages that are part of this proposal won't be executed if: + +* the proposal has not been accepted by the group policy. +* the proposal has already been successfully executed. + +### Msg/LeaveGroup + +The `MsgLeaveGroup` allows group member to leave a group. + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/proto/cosmos/group/v1/tx.proto#L381-L391 +``` + +It's expected to fail if: + +* the group member is not part of the group. +* for any one of the associated group policies, if its decision policy's `Validate()` method fails against the updated group. + +## Events + +The group module emits the following events: + +### EventCreateGroup + +| Type | Attribute Key | Attribute Value | +| -------------------------------- | ------------- | -------------------------------- | +| message | action | /cosmos.group.v1.Msg/CreateGroup | +| cosmos.group.v1.EventCreateGroup | group\_id | `{groupId}` | + +### EventUpdateGroup + +| Type | Attribute Key | Attribute Value | +| -------------------------------- | ------------- | ---------------------------------------------------------- | +| message | action | `/cosmos.group.v1.Msg/UpdateGroup{Admin\|Metadata\|Members}` | +| cosmos.group.v1.EventUpdateGroup | group\_id | `{groupId}` | + +### EventCreateGroupPolicy + +| Type | Attribute Key | Attribute Value | +| -------------------------------------- | ------------- | -------------------------------------- | +| message | action | /cosmos.group.v1.Msg/CreateGroupPolicy | +| cosmos.group.v1.EventCreateGroupPolicy | address | `{groupPolicyAddress}` | + +### EventUpdateGroupPolicy + +| Type | Attribute Key | Attribute Value | +| -------------------------------------- | ------------- | ----------------------------------------------------------------------- | +| message | action | `/cosmos.group.v1.Msg/UpdateGroupPolicy{Admin\|Metadata\|DecisionPolicy}` | +| cosmos.group.v1.EventUpdateGroupPolicy | address | `{groupPolicyAddress}` | + +### EventCreateProposal + +| Type | Attribute Key | Attribute Value | +| ----------------------------------- | ------------- | ----------------------------------- | +| message | action | /cosmos.group.v1.Msg/CreateProposal | +| cosmos.group.v1.EventCreateProposal | proposal\_id | `{proposalId}` | + +### EventWithdrawProposal + +| Type | Attribute Key | Attribute Value | +| ------------------------------------- | ------------- | ------------------------------------- | +| message | action | /cosmos.group.v1.Msg/WithdrawProposal | +| cosmos.group.v1.EventWithdrawProposal | proposal\_id | `{proposalId}` | + +### EventVote + +| Type | Attribute Key | Attribute Value | +| ------------------------- | ------------- | ------------------------- | +| message | action | /cosmos.group.v1.Msg/Vote | +| cosmos.group.v1.EventVote | proposal\_id | `{proposalId}` | + +## EventExec + +| Type | Attribute Key | Attribute Value | +| ------------------------- | ------------- | ------------------------- | +| message | action | /cosmos.group.v1.Msg/Exec | +| cosmos.group.v1.EventExec | proposal\_id | `{proposalId}` | +| cosmos.group.v1.EventExec | logs | `{logs\_string}` | + +### EventLeaveGroup + +| Type | Attribute Key | Attribute Value | +| ------------------------------- | ------------- | ------------------------------- | +| message | action | /cosmos.group.v1.Msg/LeaveGroup | +| cosmos.group.v1.EventLeaveGroup | proposal\_id | `{proposalId}` | +| cosmos.group.v1.EventLeaveGroup | address | `{address}` | + +### EventProposalPruned + +| Type | Attribute Key | Attribute Value | +| ----------------------------------- | ------------- | ------------------------------- | +| message | action | /cosmos.group.v1.Msg/LeaveGroup | +| cosmos.group.v1.EventProposalPruned | proposal\_id | `{proposalId}` | +| cosmos.group.v1.EventProposalPruned | status | `{ProposalStatus}` | +| cosmos.group.v1.EventProposalPruned | tally\_result | `{TallyResult}` | + +## Client + +### CLI + +A user can query and interact with the `group` module using the CLI. + +#### Query + +The `query` commands allow users to query `group` state. + +```bash +simd query group --help +``` + +##### group-info + +The `group-info` command allows users to query for group info by given group id. + +```bash +simd query group group-info [id] [flags] +``` + +Example: + +```bash +simd query group group-info 1 +``` + +Example Output: + +```bash +admin: cosmos1.. +group_id: "1" +metadata: AQ== +total_weight: "3" +version: "1" +``` + +##### group-policy-info + +The `group-policy-info` command allows users to query for group policy info by account address of group policy . + +```bash +simd query group group-policy-info [group-policy-account] [flags] +``` + +Example: + +```bash +simd query group group-policy-info cosmos1.. +``` + +Example Output: + +```bash expandable +address: cosmos1.. +admin: cosmos1.. +decision_policy: + '@type': /cosmos.group.v1.ThresholdDecisionPolicy + threshold: "1" + windows: + min_execution_period: 0s + voting_period: 432000s +group_id: "1" +metadata: AQ== +version: "1" +``` + +##### group-members + +The `group-members` command allows users to query for group members by group id with pagination flags. + +```bash +simd query group group-members [id] [flags] +``` + +Example: + +```bash +simd query group group-members 1 +``` + +Example Output: + +```bash expandable +members: +- group_id: "1" + member: + address: cosmos1.. + metadata: AQ== + weight: "2" +- group_id: "1" + member: + address: cosmos1.. + metadata: AQ== + weight: "1" +pagination: + next_key: null + total: "2" +``` + +##### groups-by-admin + +The `groups-by-admin` command allows users to query for groups by admin account address with pagination flags. + +```bash +simd query group groups-by-admin [admin] [flags] +``` + +Example: + +```bash +simd query group groups-by-admin cosmos1.. +``` + +Example Output: + +```bash expandable +groups: +- admin: cosmos1.. + group_id: "1" + metadata: AQ== + total_weight: "3" + version: "1" +- admin: cosmos1.. + group_id: "2" + metadata: AQ== + total_weight: "3" + version: "1" +pagination: + next_key: null + total: "2" +``` + +##### group-policies-by-group + +The `group-policies-by-group` command allows users to query for group policies by group id with pagination flags. + +```bash +simd query group group-policies-by-group [group-id] [flags] +``` + +Example: + +```bash +simd query group group-policies-by-group 1 +``` + +Example Output: + +```bash expandable +group_policies: +- address: cosmos1.. + admin: cosmos1.. + decision_policy: + '@type': /cosmos.group.v1.ThresholdDecisionPolicy + threshold: "1" + windows: + min_execution_period: 0s + voting_period: 432000s + group_id: "1" + metadata: AQ== + version: "1" +- address: cosmos1.. + admin: cosmos1.. + decision_policy: + '@type': /cosmos.group.v1.ThresholdDecisionPolicy + threshold: "1" + windows: + min_execution_period: 0s + voting_period: 432000s + group_id: "1" + metadata: AQ== + version: "1" +pagination: + next_key: null + total: "2" +``` + +##### group-policies-by-admin + +The `group-policies-by-admin` command allows users to query for group policies by admin account address with pagination flags. + +```bash +simd query group group-policies-by-admin [admin] [flags] +``` + +Example: + +```bash +simd query group group-policies-by-admin cosmos1.. +``` + +Example Output: + +```bash expandable +group_policies: +- address: cosmos1.. + admin: cosmos1.. + decision_policy: + '@type': /cosmos.group.v1.ThresholdDecisionPolicy + threshold: "1" + windows: + min_execution_period: 0s + voting_period: 432000s + group_id: "1" + metadata: AQ== + version: "1" +- address: cosmos1.. + admin: cosmos1.. + decision_policy: + '@type': /cosmos.group.v1.ThresholdDecisionPolicy + threshold: "1" + windows: + min_execution_period: 0s + voting_period: 432000s + group_id: "1" + metadata: AQ== + version: "1" +pagination: + next_key: null + total: "2" +``` + +##### proposal + +The `proposal` command allows users to query for proposal by id. + +```bash +simd query group proposal [id] [flags] +``` + +Example: + +```bash +simd query group proposal 1 +``` + +Example Output: + +```bash expandable +proposal: + address: cosmos1.. + executor_result: EXECUTOR_RESULT_NOT_RUN + group_policy_version: "1" + group_version: "1" + metadata: AQ== + msgs: + - '@type': /cosmos.bank.v1beta1.MsgSend + amount: + - amount: "100000000" + denom: stake + from_address: cosmos1.. + to_address: cosmos1.. + proposal_id: "1" + proposers: + - cosmos1.. + result: RESULT_UNFINALIZED + status: STATUS_SUBMITTED + submitted_at: "2021-12-17T07:06:26.310638964Z" + windows: + min_execution_period: 0s + voting_period: 432000s + vote_state: + abstain_count: "0" + no_count: "0" + veto_count: "0" + yes_count: "0" + summary: "Summary" + title: "Title" +``` + +##### proposals-by-group-policy + +The `proposals-by-group-policy` command allows users to query for proposals by account address of group policy with pagination flags. + +```bash +simd query group proposals-by-group-policy [group-policy-account] [flags] +``` + +Example: + +```bash +simd query group proposals-by-group-policy cosmos1.. +``` + +Example Output: + +```bash expandable +pagination: + next_key: null + total: "1" +proposals: +- address: cosmos1.. + executor_result: EXECUTOR_RESULT_NOT_RUN + group_policy_version: "1" + group_version: "1" + metadata: AQ== + msgs: + - '@type': /cosmos.bank.v1beta1.MsgSend + amount: + - amount: "100000000" + denom: stake + from_address: cosmos1.. + to_address: cosmos1.. + proposal_id: "1" + proposers: + - cosmos1.. + result: RESULT_UNFINALIZED + status: STATUS_SUBMITTED + submitted_at: "2021-12-17T07:06:26.310638964Z" + windows: + min_execution_period: 0s + voting_period: 432000s + vote_state: + abstain_count: "0" + no_count: "0" + veto_count: "0" + yes_count: "0" + summary: "Summary" + title: "Title" +``` + +##### vote + +The `vote` command allows users to query for vote by proposal id and voter account address. + +```bash +simd query group vote [proposal-id] [voter] [flags] +``` + +Example: + +```bash +simd query group vote 1 cosmos1.. +``` + +Example Output: + +```bash +vote: + choice: CHOICE_YES + metadata: AQ== + proposal_id: "1" + submitted_at: "2021-12-17T08:05:02.490164009Z" + voter: cosmos1.. +``` + +##### votes-by-proposal + +The `votes-by-proposal` command allows users to query for votes by proposal id with pagination flags. + +```bash +simd query group votes-by-proposal [proposal-id] [flags] +``` + +Example: + +```bash +simd query group votes-by-proposal 1 +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "1" +votes: +- choice: CHOICE_YES + metadata: AQ== + proposal_id: "1" + submitted_at: "2021-12-17T08:05:02.490164009Z" + voter: cosmos1.. +``` + +##### votes-by-voter + +The `votes-by-voter` command allows users to query for votes by voter account address with pagination flags. + +```bash +simd query group votes-by-voter [voter] [flags] +``` + +Example: + +```bash +simd query group votes-by-voter cosmos1.. +``` + +Example Output: + +```bash +pagination: + next_key: null + total: "1" +votes: +- choice: CHOICE_YES + metadata: AQ== + proposal_id: "1" + submitted_at: "2021-12-17T08:05:02.490164009Z" + voter: cosmos1.. +``` + +### Transactions + +The `tx` commands allow users to interact with the `group` module. + +```bash +simd tx group --help +``` + +#### create-group + +The `create-group` command allows users to create a group which is an aggregation of member accounts with associated weights and +an administrator account. + +```bash +simd tx group create-group [admin] [metadata] [members-json-file] +``` + +Example: + +```bash +simd tx group create-group cosmos1.. "AQ==" members.json +``` + +#### update-group-admin + +The `update-group-admin` command allows users to update a group's admin. + +```bash +simd tx group update-group-admin [admin] [group-id] [new-admin] [flags] +``` + +Example: + +```bash +simd tx group update-group-admin cosmos1.. 1 cosmos1.. +``` + +#### update-group-members + +The `update-group-members` command allows users to update a group's members. + +```bash +simd tx group update-group-members [admin] [group-id] [members-json-file] [flags] +``` + +Example: + +```bash +simd tx group update-group-members cosmos1.. 1 members.json +``` + +#### update-group-metadata + +The `update-group-metadata` command allows users to update a group's metadata. + +```bash +simd tx group update-group-metadata [admin] [group-id] [metadata] [flags] +``` + +Example: + +```bash +simd tx group update-group-metadata cosmos1.. 1 "AQ==" +``` + +#### create-group-policy + +The `create-group-policy` command allows users to create a group policy which is an account associated with a group and a decision policy. + +```bash +simd tx group create-group-policy [admin] [group-id] [metadata] [decision-policy] [flags] +``` + +Example: + +```bash +simd tx group create-group-policy cosmos1.. 1 "AQ==" '{"@type":"/cosmos.group.v1.ThresholdDecisionPolicy", "threshold":"1", "windows": {"voting_period": "120h", "min_execution_period": "0s"}}' +``` + +#### create-group-with-policy + +The `create-group-with-policy` command allows users to create a group which is an aggregation of member accounts with associated weights and an administrator account with decision policy. If the `--group-policy-as-admin` flag is set to `true`, the group policy address becomes the group and group policy admin. + +```bash +simd tx group create-group-with-policy [admin] [group-metadata] [group-policy-metadata] [members-json-file] [decision-policy] [flags] +``` + +Example: + +```bash +simd tx group create-group-with-policy cosmos1.. "AQ==" "AQ==" members.json '{"@type":"/cosmos.group.v1.ThresholdDecisionPolicy", "threshold":"1", "windows": {"voting_period": "120h", "min_execution_period": "0s"}}' +``` + +#### update-group-policy-admin + +The `update-group-policy-admin` command allows users to update a group policy admin. + +```bash +simd tx group update-group-policy-admin [admin] [group-policy-account] [new-admin] [flags] +``` + +Example: + +```bash +simd tx group update-group-policy-admin cosmos1.. cosmos1.. cosmos1.. +``` + +#### update-group-policy-metadata + +The `update-group-policy-metadata` command allows users to update a group policy metadata. + +```bash +simd tx group update-group-policy-metadata [admin] [group-policy-account] [new-metadata] [flags] +``` + +Example: + +```bash +simd tx group update-group-policy-metadata cosmos1.. cosmos1.. "AQ==" +``` + +#### update-group-policy-decision-policy + +The `update-group-policy-decision-policy` command allows users to update a group policy's decision policy. + +```bash +simd tx group update-group-policy-decision-policy [admin] [group-policy-account] [decision-policy] [flags] +``` + +Example: + +```bash +simd tx group update-group-policy-decision-policy cosmos1.. cosmos1.. '{"@type":"/cosmos.group.v1.ThresholdDecisionPolicy", "threshold":"2", "windows": {"voting_period": "120h", "min_execution_period": "0s"}}' +``` + +#### submit-proposal + +The `submit-proposal` command allows users to submit a new proposal. + +```bash +simd tx group submit-proposal [group-policy-account] [proposer[,proposer]*] [msg_tx_json_file] [metadata] [flags] +``` + +Example: + +```bash +simd tx group submit-proposal cosmos1.. cosmos1.. msg_tx.json "AQ==" +``` + +#### withdraw-proposal + +The `withdraw-proposal` command allows users to withdraw a proposal. + +```bash +simd tx group withdraw-proposal [proposal-id] [group-policy-admin-or-proposer] +``` + +Example: + +```bash +simd tx group withdraw-proposal 1 cosmos1.. +``` + +#### vote + +The `vote` command allows users to vote on a proposal. + +```bash +simd tx group vote proposal-id] [voter] [choice] [metadata] [flags] +``` + +Example: + +```bash +simd tx group vote 1 cosmos1.. CHOICE_YES "AQ==" +``` + +#### exec + +The `exec` command allows users to execute a proposal. + +```bash +simd tx group exec [proposal-id] [flags] +``` + +Example: + +```bash +simd tx group exec 1 +``` + +#### leave-group + +The `leave-group` command allows group member to leave the group. + +```bash +simd tx group leave-group [member-address] [group-id] +``` + +Example: + +```bash +simd tx group leave-group cosmos1... 1 +``` + +### gRPC + +A user can query the `group` module using gRPC endpoints. + +#### GroupInfo + +The `GroupInfo` endpoint allows users to query for group info by given group id. + +```bash +cosmos.group.v1.Query/GroupInfo +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"group_id":1}' localhost:9090 cosmos.group.v1.Query/GroupInfo +``` + +Example Output: + +```bash +{ + "info": { + "groupId": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "totalWeight": "3" + } +} +``` + +#### GroupPolicyInfo + +The `GroupPolicyInfo` endpoint allows users to query for group policy info by account address of group policy. + +```bash +cosmos.group.v1.Query/GroupPolicyInfo +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"address":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/GroupPolicyInfo +``` + +Example Output: + +```bash +{ + "info": { + "address": "cosmos1..", + "groupId": "1", + "admin": "cosmos1..", + "version": "1", + "decisionPolicy": {"@type":"/cosmos.group.v1.ThresholdDecisionPolicy","threshold":"1","windows": {"voting_period": "120h", "min_execution_period": "0s"}}, + } +} +``` + +#### GroupMembers + +The `GroupMembers` endpoint allows users to query for group members by group id with pagination flags. + +```bash +cosmos.group.v1.Query/GroupMembers +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"group_id":"1"}' localhost:9090 cosmos.group.v1.Query/GroupMembers +``` + +Example Output: + +```bash expandable +{ + "members": [ + { + "groupId": "1", + "member": { + "address": "cosmos1..", + "weight": "1" + } + }, + { + "groupId": "1", + "member": { + "address": "cosmos1..", + "weight": "2" + } + } + ], + "pagination": { + "total": "2" + } +} +``` + +#### GroupsByAdmin + +The `GroupsByAdmin` endpoint allows users to query for groups by admin account address with pagination flags. + +```bash +cosmos.group.v1.Query/GroupsByAdmin +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"admin":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/GroupsByAdmin +``` + +Example Output: + +```bash expandable +{ + "groups": [ + { + "groupId": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "totalWeight": "3" + }, + { + "groupId": "2", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "totalWeight": "3" + } + ], + "pagination": { + "total": "2" + } +} +``` + +#### GroupPoliciesByGroup + +The `GroupPoliciesByGroup` endpoint allows users to query for group policies by group id with pagination flags. + +```bash +cosmos.group.v1.Query/GroupPoliciesByGroup +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"group_id":"1"}' localhost:9090 cosmos.group.v1.Query/GroupPoliciesByGroup +``` + +Example Output: + +```bash expandable +{ + "GroupPolicies": [ + { + "address": "cosmos1..", + "groupId": "1", + "admin": "cosmos1..", + "version": "1", + "decisionPolicy": {"@type":"/cosmos.group.v1.ThresholdDecisionPolicy","threshold":"1","windows":{"voting_period": "120h", "min_execution_period": "0s"}}, + }, + { + "address": "cosmos1..", + "groupId": "1", + "admin": "cosmos1..", + "version": "1", + "decisionPolicy": {"@type":"/cosmos.group.v1.ThresholdDecisionPolicy","threshold":"1","windows":{"voting_period": "120h", "min_execution_period": "0s"}}, + } + ], + "pagination": { + "total": "2" + } +} +``` + +#### GroupPoliciesByAdmin + +The `GroupPoliciesByAdmin` endpoint allows users to query for group policies by admin account address with pagination flags. + +```bash +cosmos.group.v1.Query/GroupPoliciesByAdmin +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"admin":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/GroupPoliciesByAdmin +``` + +Example Output: + +```bash expandable +{ + "GroupPolicies": [ + { + "address": "cosmos1..", + "groupId": "1", + "admin": "cosmos1..", + "version": "1", + "decisionPolicy": {"@type":"/cosmos.group.v1.ThresholdDecisionPolicy","threshold":"1","windows":{"voting_period": "120h", "min_execution_period": "0s"}}, + }, + { + "address": "cosmos1..", + "groupId": "1", + "admin": "cosmos1..", + "version": "1", + "decisionPolicy": {"@type":"/cosmos.group.v1.ThresholdDecisionPolicy","threshold":"1","windows":{"voting_period": "120h", "min_execution_period": "0s"}}, + } + ], + "pagination": { + "total": "2" + } +} +``` + +#### Proposal + +The `Proposal` endpoint allows users to query for proposal by id. + +```bash +cosmos.group.v1.Query/Proposal +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' localhost:9090 cosmos.group.v1.Query/Proposal +``` + +Example Output: + +```bash expandable +{ + "proposal": { + "proposalId": "1", + "address": "cosmos1..", + "proposers": [ + "cosmos1.." + ], + "submittedAt": "2021-12-17T07:06:26.310638964Z", + "groupVersion": "1", + "GroupPolicyVersion": "1", + "status": "STATUS_SUBMITTED", + "result": "RESULT_UNFINALIZED", + "voteState": { + "yesCount": "0", + "noCount": "0", + "abstainCount": "0", + "vetoCount": "0" + }, + "windows": { + "min_execution_period": "0s", + "voting_period": "432000s" + }, + "executorResult": "EXECUTOR_RESULT_NOT_RUN", + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"100000000"}],"fromAddress":"cosmos1..","toAddress":"cosmos1.."} + ], + "title": "Title", + "summary": "Summary", + } +} +``` + +#### ProposalsByGroupPolicy + +The `ProposalsByGroupPolicy` endpoint allows users to query for proposals by account address of group policy with pagination flags. + +```bash +cosmos.group.v1.Query/ProposalsByGroupPolicy +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"address":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/ProposalsByGroupPolicy +``` + +Example Output: + +```bash expandable +{ + "proposals": [ + { + "proposalId": "1", + "address": "cosmos1..", + "proposers": [ + "cosmos1.." + ], + "submittedAt": "2021-12-17T08:03:27.099649352Z", + "groupVersion": "1", + "GroupPolicyVersion": "1", + "status": "STATUS_CLOSED", + "result": "RESULT_ACCEPTED", + "voteState": { + "yesCount": "1", + "noCount": "0", + "abstainCount": "0", + "vetoCount": "0" + }, + "windows": { + "min_execution_period": "0s", + "voting_period": "432000s" + }, + "executorResult": "EXECUTOR_RESULT_NOT_RUN", + "messages": [ + {"@type":"/cosmos.bank.v1beta1.MsgSend","amount":[{"denom":"stake","amount":"100000000"}],"fromAddress":"cosmos1..","toAddress":"cosmos1.."} + ], + "title": "Title", + "summary": "Summary", + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### VoteByProposalVoter + +The `VoteByProposalVoter` endpoint allows users to query for vote by proposal id and voter account address. + +```bash +cosmos.group.v1.Query/VoteByProposalVoter +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1","voter":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/VoteByProposalVoter +``` + +Example Output: + +```bash +{ + "vote": { + "proposalId": "1", + "voter": "cosmos1..", + "choice": "CHOICE_YES", + "submittedAt": "2021-12-17T08:05:02.490164009Z" + } +} +``` + +#### VotesByProposal + +The `VotesByProposal` endpoint allows users to query for votes by proposal id with pagination flags. + +```bash +cosmos.group.v1.Query/VotesByProposal +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"proposal_id":"1"}' localhost:9090 cosmos.group.v1.Query/VotesByProposal +``` + +Example Output: + +```bash expandable +{ + "votes": [ + { + "proposalId": "1", + "voter": "cosmos1..", + "choice": "CHOICE_YES", + "submittedAt": "2021-12-17T08:05:02.490164009Z" + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### VotesByVoter + +The `VotesByVoter` endpoint allows users to query for votes by voter account address with pagination flags. + +```bash +cosmos.group.v1.Query/VotesByVoter +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"voter":"cosmos1.."}' localhost:9090 cosmos.group.v1.Query/VotesByVoter +``` + +Example Output: + +```bash expandable +{ + "votes": [ + { + "proposalId": "1", + "voter": "cosmos1..", + "choice": "CHOICE_YES", + "submittedAt": "2021-12-17T08:05:02.490164009Z" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### REST + +A user can query the `group` module using REST endpoints. + +#### GroupInfo + +The `GroupInfo` endpoint allows users to query for group info by given group id. + +```bash +/cosmos/group/v1/group_info/{group_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/group_info/1 +``` + +Example Output: + +```bash +{ + "info": { + "id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "total_weight": "3" + } +} +``` + +#### GroupPolicyInfo + +The `GroupPolicyInfo` endpoint allows users to query for group policy info by account address of group policy. + +```bash +/cosmos/group/v1/group_policy_info/{address} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/group_policy_info/cosmos1.. +``` + +Example Output: + +```bash expandable +{ + "info": { + "address": "cosmos1..", + "group_id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "decision_policy": { + "@type": "/cosmos.group.v1.ThresholdDecisionPolicy", + "threshold": "1", + "windows": { + "voting_period": "120h", + "min_execution_period": "0s" + } + }, + } +} +``` + +#### GroupMembers + +The `GroupMembers` endpoint allows users to query for group members by group id with pagination flags. + +```bash +/cosmos/group/v1/group_members/{group_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/group_members/1 +``` + +Example Output: + +```bash expandable +{ + "members": [ + { + "group_id": "1", + "member": { + "address": "cosmos1..", + "weight": "1", + "metadata": "AQ==" + } + }, + { + "group_id": "1", + "member": { + "address": "cosmos1..", + "weight": "2", + "metadata": "AQ==" + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +#### GroupsByAdmin + +The `GroupsByAdmin` endpoint allows users to query for groups by admin account address with pagination flags. + +```bash +/cosmos/group/v1/groups_by_admin/{admin} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/groups_by_admin/cosmos1.. +``` + +Example Output: + +```bash expandable +{ + "groups": [ + { + "id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "total_weight": "3" + }, + { + "id": "2", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "total_weight": "3" + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +#### GroupPoliciesByGroup + +The `GroupPoliciesByGroup` endpoint allows users to query for group policies by group id with pagination flags. + +```bash +/cosmos/group/v1/group_policies_by_group/{group_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/group_policies_by_group/1 +``` + +Example Output: + +```bash expandable +{ + "group_policies": [ + { + "address": "cosmos1..", + "group_id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "decision_policy": { + "@type": "/cosmos.group.v1.ThresholdDecisionPolicy", + "threshold": "1", + "windows": { + "voting_period": "120h", + "min_execution_period": "0s" + } + }, + }, + { + "address": "cosmos1..", + "group_id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "decision_policy": { + "@type": "/cosmos.group.v1.ThresholdDecisionPolicy", + "threshold": "1", + "windows": { + "voting_period": "120h", + "min_execution_period": "0s" + } + }, + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +#### GroupPoliciesByAdmin + +The `GroupPoliciesByAdmin` endpoint allows users to query for group policies by admin account address with pagination flags. + +```bash +/cosmos/group/v1/group_policies_by_admin/{admin} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/group_policies_by_admin/cosmos1.. +``` + +Example Output: + +```bash expandable +{ + "group_policies": [ + { + "address": "cosmos1..", + "group_id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "decision_policy": { + "@type": "/cosmos.group.v1.ThresholdDecisionPolicy", + "threshold": "1", + "windows": { + "voting_period": "120h", + "min_execution_period": "0s" + } + }, + }, + { + "address": "cosmos1..", + "group_id": "1", + "admin": "cosmos1..", + "metadata": "AQ==", + "version": "1", + "decision_policy": { + "@type": "/cosmos.group.v1.ThresholdDecisionPolicy", + "threshold": "1", + "windows": { + "voting_period": "120h", + "min_execution_period": "0s" + } + }, + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +``` + +#### Proposal + +The `Proposal` endpoint allows users to query for proposal by id. + +```bash +/cosmos/group/v1/proposal/{proposal_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/proposal/1 +``` + +Example Output: + +```bash expandable +{ + "proposal": { + "proposal_id": "1", + "address": "cosmos1..", + "metadata": "AQ==", + "proposers": [ + "cosmos1.." + ], + "submitted_at": "2021-12-17T07:06:26.310638964Z", + "group_version": "1", + "group_policy_version": "1", + "status": "STATUS_SUBMITTED", + "result": "RESULT_UNFINALIZED", + "vote_state": { + "yes_count": "0", + "no_count": "0", + "abstain_count": "0", + "veto_count": "0" + }, + "windows": { + "min_execution_period": "0s", + "voting_period": "432000s" + }, + "executor_result": "EXECUTOR_RESULT_NOT_RUN", + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1..", + "to_address": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "100000000" + } + ] + } + ], + "title": "Title", + "summary": "Summary", + } +} +``` + +#### ProposalsByGroupPolicy + +The `ProposalsByGroupPolicy` endpoint allows users to query for proposals by account address of group policy with pagination flags. + +```bash +/cosmos/group/v1/proposals_by_group_policy/{address} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/proposals_by_group_policy/cosmos1.. +``` + +Example Output: + +```bash expandable +{ + "proposals": [ + { + "id": "1", + "group_policy_address": "cosmos1..", + "metadata": "AQ==", + "proposers": [ + "cosmos1.." + ], + "submit_time": "2021-12-17T08:03:27.099649352Z", + "group_version": "1", + "group_policy_version": "1", + "status": "STATUS_CLOSED", + "result": "RESULT_ACCEPTED", + "vote_state": { + "yes_count": "1", + "no_count": "0", + "abstain_count": "0", + "veto_count": "0" + }, + "windows": { + "min_execution_period": "0s", + "voting_period": "432000s" + }, + "executor_result": "EXECUTOR_RESULT_NOT_RUN", + "messages": [ + { + "@type": "/cosmos.bank.v1beta1.MsgSend", + "from_address": "cosmos1..", + "to_address": "cosmos1..", + "amount": [ + { + "denom": "stake", + "amount": "100000000" + } + ] + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### VoteByProposalVoter + +The `VoteByProposalVoter` endpoint allows users to query for vote by proposal id and voter account address. + +```bash +/cosmos/group/v1/vote_by_proposal_voter/{proposal_id}/{voter} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1beta1/vote_by_proposal_voter/1/cosmos1.. +``` + +Example Output: + +```bash +{ + "vote": { + "proposal_id": "1", + "voter": "cosmos1..", + "choice": "CHOICE_YES", + "metadata": "AQ==", + "submitted_at": "2021-12-17T08:05:02.490164009Z" + } +} +``` + +#### VotesByProposal + +The `VotesByProposal` endpoint allows users to query for votes by proposal id with pagination flags. + +```bash +/cosmos/group/v1/votes_by_proposal/{proposal_id} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/votes_by_proposal/1 +``` + +Example Output: + +```bash expandable +{ + "votes": [ + { + "proposal_id": "1", + "voter": "cosmos1..", + "option": "CHOICE_YES", + "metadata": "AQ==", + "submit_time": "2021-12-17T08:05:02.490164009Z" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### VotesByVoter + +The `VotesByVoter` endpoint allows users to query for votes by voter account address with pagination flags. + +```bash +/cosmos/group/v1/votes_by_voter/{voter} +``` + +Example: + +```bash +curl localhost:1317/cosmos/group/v1/votes_by_voter/cosmos1.. +``` + +Example Output: + +```bash expandable +{ + "votes": [ + { + "proposal_id": "1", + "voter": "cosmos1..", + "choice": "CHOICE_YES", + "metadata": "AQ==", + "submitted_at": "2021-12-17T08:05:02.490164009Z" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +## Metadata + +The group module has four locations for metadata where users can provide further context about the on-chain actions they are taking. By default all metadata fields have a 255 character length field where metadata can be stored in json format, either on-chain or off-chain depending on the amount of data required. Here we provide a recommendation for the json structure and where the data should be stored. There are two important factors in making these recommendations. First, that the group and gov modules are consistent with one another, note the number of proposals made by all groups may be quite large. Second, that client applications such as block explorers and governance interfaces have confidence in the consistency of metadata structure across chains. + +### Proposal + +Location: off-chain as json object stored on IPFS (mirrors [gov proposal](/docs/sdk/vnext/build/modules/gov/README#metadata)) + +```json +{ + "title": "", + "authors": [""], + "summary": "", + "details": "", + "proposal_forum_url": "", + "vote_option_context": "", +} +``` + + +The `authors` field is an array of strings, this is to allow for multiple authors to be listed in the metadata. +In v0.46, the `authors` field is a comma-separated string. Frontends are encouraged to support both formats for backwards compatibility. + + +### Vote + +Location: on-chain as json within 255 character limit (mirrors [gov vote](/docs/sdk/vnext/build/modules/gov/README#metadata)) + +```json +{ + "justification": "", +} +``` + +### Group + +Location: off-chain as json object stored on IPFS + +```json +{ + "name": "", + "description": "", + "group_website_url": "", + "group_forum_url": "", +} +``` + +### Decision policy + +Location: on-chain as json within 255 character limit + +```json +{ + "name": "", + "description": "", +} +``` diff --git a/docs/sdk/next/build/modules/mint/README.mdx b/docs/sdk/next/build/modules/mint/README.mdx new file mode 100644 index 00000000..8912345f --- /dev/null +++ b/docs/sdk/next/build/modules/mint/README.mdx @@ -0,0 +1,470 @@ +--- +title: '`x/mint`' +description: >- + The x/mint module handles the regular minting of new tokens in a configurable + manner. +--- +The `x/mint` module handles the regular minting of new tokens in a configurable manner. + +## Contents + +* [State](#state) + * [Minter](#minter) + * [Params](#params) +* [Begin-Block](#begin-block) + * [NextInflationRate](#nextinflationrate) + * [NextAnnualProvisions](#nextannualprovisions) + * [BlockProvision](#blockprovision) +* [Parameters](#parameters) +* [Events](#events) + * [BeginBlocker](#beginblocker) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) + +## Concepts + +### The Minting Mechanism + +The default minting mechanism was designed to: + +* allow for a flexible inflation rate determined by market demand targeting a particular bonded-stake ratio +* effect a balance between market liquidity and staked supply + +In order to best determine the appropriate market rate for inflation rewards, a +moving change rate is used. The moving change rate mechanism ensures that if +the % bonded is either over or under the goal %-bonded, the inflation rate will +adjust to further incentivize or disincentivize being bonded, respectively. Setting the goal +%-bonded at less than 100% encourages the network to maintain some non-staked tokens +which should help provide some liquidity. + +It can be broken down in the following way: + +* If the actual percentage of bonded tokens is below the goal %-bonded the inflation rate will + increase until a maximum value is reached +* If the goal % bonded (67% in Cosmos-Hub) is maintained, then the inflation + rate will stay constant +* If the actual percentage of bonded tokens is above the goal %-bonded the inflation rate will + decrease until a minimum value is reached + +### Custom Minters + +As of Cosmos SDK v0.53.0, developers can set a custom `MintFn` for the module for specialized token minting logic. + +The function signature that a `MintFn` must implement is as follows: + +```go +// MintFn defines the function that needs to be implemented in order to customize the minting process. +type MintFn func(ctx sdk.Context, k *Keeper) + +error +``` + +This can be passed to the `Keeper` upon creation with an additional `Option`: + +```go +app.MintKeeper = mintkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[minttypes.StoreKey]), + app.StakingKeeper, + app.AccountKeeper, + app.BankKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + // mintkeeper.WithMintFn(CUSTOM_MINT_FN), // custom mintFn can be added here + ) +``` + +#### Custom Minter DI Example + +Below is a simple approach to creating a custom mint function with extra dependencies in DI configurations. +For this basic example, we will make the minter simply double the supply of `foo` coin. + +First, we will define a function that takes our required dependencies, and returns a `MintFn`. + +```go expandable +// MyCustomMintFunction is a custom mint function that doubles the supply of `foo` coin. +func MyCustomMintFunction(bank bankkeeper.BaseKeeper) + +mintkeeper.MintFn { + return func(ctx sdk.Context, k *mintkeeper.Keeper) + +error { + supply := bank.GetSupply(ctx, "foo") + err := k.MintCoins(ctx, sdk.NewCoins(supply.Add(supply))) + if err != nil { + return err +} + +return nil +} +} +``` + +Then, pass the function defined above into the `depinject.Supply` function with the required dependencies. + +```go expandable +// NewSimApp returns a reference to an initialized SimApp. +func NewSimApp( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), +) *SimApp { + var ( + app = &SimApp{ +} + +appBuilder *runtime.AppBuilder + appConfig = depinject.Configs( + AppConfig, + depinject.Supply( + appOpts, + logger, + // our custom mint function with the necessary dependency passed in. + MyCustomMintFunction(app.BankKeeper), + ), + ) + ) + // ... +} +``` + +## State + +### Minter + +The minter is a space for holding current inflation information. + +* Minter: `0x00 -> ProtocolBuffer(minter)` + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/mint/v1beta1/mint.proto#L10-L24 +``` + +### Params + +The mint module stores its params in state with the prefix of `0x01`, +it can be updated with governance or the address with authority. + +* Params: `mint/params -> legacy_amino(params)` + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/mint/v1beta1/mint.proto#L26-L59 +``` + +## Begin-Block + +Minting parameters are recalculated and inflation paid at the beginning of each block. + +### Inflation rate calculation + +Inflation rate is calculated using an "inflation calculation function" that's +passed to the `NewAppModule` function. If no function is passed, then the SDK's +default inflation function will be used (`NextInflationRate`). In case a custom +inflation calculation logic is needed, this can be achieved by defining and +passing a function that matches `InflationCalculationFn`'s signature. + +```go +type InflationCalculationFn func(ctx sdk.Context, minter Minter, params Params, bondedRatio math.LegacyDec) + +math.LegacyDec +``` + +#### NextInflationRate + +The target annual inflation rate is recalculated each block. +The inflation is also subject to a rate change (positive or negative) +depending on the distance from the desired ratio (67%). The maximum rate change +possible is defined to be 13% per year, however, the annual inflation is capped +as between 7% and 20%. + +```go expandable +NextInflationRate(params Params, bondedRatio math.LegacyDec) (inflation math.LegacyDec) { + inflationRateChangePerYear = (1 - bondedRatio/params.GoalBonded) * params.InflationRateChange + inflationRateChange = inflationRateChangePerYear/blocksPerYr + + // increase the new annual inflation for this next block + inflation += inflationRateChange + if inflation > params.InflationMax { + inflation = params.InflationMax +} + if inflation < params.InflationMin { + inflation = params.InflationMin +} + +return inflation +} +``` + +### NextAnnualProvisions + +Calculate the annual provisions based on current total supply and inflation +rate. This parameter is calculated once per block. + +```go +NextAnnualProvisions(params Params, totalSupply math.LegacyDec) (provisions math.LegacyDec) { + return Inflation * totalSupply +``` + +### BlockProvision + +Calculate the provisions generated for each block based on current annual provisions. The provisions are then minted by the `mint` module's `ModuleMinterAccount` and then transferred to the `auth`'s `FeeCollector` `ModuleAccount`. + +```go +BlockProvision(params Params) + +sdk.Coin { + provisionAmt = AnnualProvisions/ params.BlocksPerYear + return sdk.NewCoin(params.MintDenom, provisionAmt.Truncate()) +``` + +## Parameters + +The minting module contains the following parameters: + +| Key | Type | Example | +| ------------------- | --------------- | ---------------------- | +| MintDenom | string | "uatom" | +| InflationRateChange | string (dec) | "0.130000000000000000" | +| InflationMax | string (dec) | "0.200000000000000000" | +| InflationMin | string (dec) | "0.070000000000000000" | +| GoalBonded | string (dec) | "0.670000000000000000" | +| BlocksPerYear | string (uint64) | "6311520" | + +## Events + +The minting module emits the following events: + +### BeginBlocker + +| Type | Attribute Key | Attribute Value | +| ---- | ------------------ | ------------------ | +| mint | bonded\_ratio | `{bondedRatio}` | +| mint | inflation | `{inflation}` | +| mint | annual\_provisions | `{annualProvisions}` | +| mint | amount | `{amount}` | + +## Client + +### CLI + +A user can query and interact with the `mint` module using the CLI. + +#### Query + +The `query` commands allows users to query `mint` state. + +```shell +simd query mint --help +``` + +##### annual-provisions + +The `annual-provisions` command allows users to query the current minting annual provisions value + +```shell +simd query mint annual-provisions [flags] +``` + +Example: + +```shell +simd query mint annual-provisions +``` + +Example Output: + +```shell +22268504368893.612100895088410693 +``` + +##### inflation + +The `inflation` command allows users to query the current minting inflation value + +```shell +simd query mint inflation [flags] +``` + +Example: + +```shell +simd query mint inflation +``` + +Example Output: + +```shell +0.199200302563256955 +``` + +##### params + +The `params` command allows users to query the current minting parameters + +```shell +simd query mint params [flags] +``` + +Example: + +```yml +blocks_per_year: "4360000" +goal_bonded: "0.670000000000000000" +inflation_max: "0.200000000000000000" +inflation_min: "0.070000000000000000" +inflation_rate_change: "0.130000000000000000" +mint_denom: stake +``` + +### gRPC + +A user can query the `mint` module using gRPC endpoints. + +#### AnnualProvisions + +The `AnnualProvisions` endpoint allows users to query the current minting annual provisions value + +```shell +/cosmos.mint.v1beta1.Query/AnnualProvisions +``` + +Example: + +```shell +grpcurl -plaintext localhost:9090 cosmos.mint.v1beta1.Query/AnnualProvisions +``` + +Example Output: + +```json +{ + "annualProvisions": "1432452520532626265712995618" +} +``` + +#### Inflation + +The `Inflation` endpoint allows users to query the current minting inflation value + +```shell +/cosmos.mint.v1beta1.Query/Inflation +``` + +Example: + +```shell +grpcurl -plaintext localhost:9090 cosmos.mint.v1beta1.Query/Inflation +``` + +Example Output: + +```json +{ + "inflation": "130197115720711261" +} +``` + +#### Params + +The `Params` endpoint allows users to query the current minting parameters + +```shell +/cosmos.mint.v1beta1.Query/Params +``` + +Example: + +```shell +grpcurl -plaintext localhost:9090 cosmos.mint.v1beta1.Query/Params +``` + +Example Output: + +```json +{ + "params": { + "mintDenom": "stake", + "inflationRateChange": "130000000000000000", + "inflationMax": "200000000000000000", + "inflationMin": "70000000000000000", + "goalBonded": "670000000000000000", + "blocksPerYear": "6311520" + } +} +``` + +### REST + +A user can query the `mint` module using REST endpoints. + +#### annual-provisions + +```shell +/cosmos/mint/v1beta1/annual_provisions +``` + +Example: + +```shell +curl "localhost:1317/cosmos/mint/v1beta1/annual_provisions" +``` + +Example Output: + +```json +{ + "annualProvisions": "1432452520532626265712995618" +} +``` + +#### inflation + +```shell +/cosmos/mint/v1beta1/inflation +``` + +Example: + +```shell +curl "localhost:1317/cosmos/mint/v1beta1/inflation" +``` + +Example Output: + +```json +{ + "inflation": "130197115720711261" +} +``` + +#### params + +```shell +/cosmos/mint/v1beta1/params +``` + +Example: + +```shell +curl "localhost:1317/cosmos/mint/v1beta1/params" +``` + +Example Output: + +```json +{ + "params": { + "mintDenom": "stake", + "inflationRateChange": "130000000000000000", + "inflationMax": "200000000000000000", + "inflationMin": "70000000000000000", + "goalBonded": "670000000000000000", + "blocksPerYear": "6311520" + } +} +``` diff --git a/docs/sdk/next/build/modules/nft/README.mdx b/docs/sdk/next/build/modules/nft/README.mdx new file mode 100644 index 00000000..64ee61d5 --- /dev/null +++ b/docs/sdk/next/build/modules/nft/README.mdx @@ -0,0 +1,92 @@ +--- +title: '`x/nft`' +description: >- + ⚠️ DEPRECATED: This package is deprecated and will be removed in the next + major release. The x/nft module will be moved to a separate repo + github.com/cosmos/cosmos-sdk-legacy. +--- +⚠️ **DEPRECATED**: This package is deprecated and will be removed in the next major release. The `x/nft` module will be moved to a separate repo `github.com/cosmos/cosmos-sdk-legacy`. + +## Contents + +## Abstract + +`x/nft` is an implementation of a Cosmos SDK module, per [ADR 43](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-043-nft-module.md), that allows you to create nft classification, create nft, transfer nft, update nft, and support various queries by integrating the module. It is fully compatible with the ERC721 specification. + +* [Concepts](#concepts) + * [Class](#class) + * [NFT](#nft) +* [State](#state) + * [Class](#class-1) + * [NFT](#nft-1) + * [NFTOfClassByOwner](#nftofclassbyowner) + * [Owner](#owner) + * [TotalSupply](#totalsupply) +* [Messages](#messages) + * [MsgSend](#msgsend) +* [Events](#events) + +## Concepts + +### Class + +`x/nft` module defines a struct `Class` to describe the common characteristics of a class of nft, under this class, you can create a variety of nft, which is equivalent to an erc721 contract for Ethereum. The design is defined in the [ADR 043](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-043-nft-module.md). + +### NFT + +The full name of NFT is Non-Fungible Tokens. Because of the irreplaceable nature of NFT, it means that it can be used to represent unique things. The nft implemented by this module is fully compatible with Ethereum ERC721 standard. + +## State + +### Class + +Class is mainly composed of `id`, `name`, `symbol`, `description`, `uri`, `uri_hash`,`data` where `id` is the unique identifier of the class, similar to the Ethereum ERC721 contract address, the others are optional. + +* Class: `0x01 | classID | -> ProtocolBuffer(Class)` + +### NFT + +NFT is mainly composed of `class_id`, `id`, `uri`, `uri_hash` and `data`. Among them, `class_id` and `id` are two-tuples that identify the uniqueness of nft, `uri` and `uri_hash` is optional, which identifies the off-chain storage location of the nft, and `data` is an Any type. Use Any chain of `x/nft` modules can be customized by extending this field + +* NFT: `0x02 | classID | 0x00 | nftID |-> ProtocolBuffer(NFT)` + +### NFTOfClassByOwner + +NFTOfClassByOwner is mainly to realize the function of querying all nfts using classID and owner, without other redundant functions. + +* NFTOfClassByOwner: `0x03 | owner | 0x00 | classID | 0x00 | nftID |-> 0x01` + +### Owner + +Since there is no extra field in NFT to indicate the owner of nft, an additional key-value pair is used to save the ownership of nft. With the transfer of nft, the key-value pair is updated synchronously. + +* OwnerKey: `0x04 | classID | 0x00 | nftID |-> owner` + +### TotalSupply + +TotalSupply is responsible for tracking the number of all nfts under a certain class. Mint operation is performed under the changed class, supply increases by one, burn operation, and supply decreases by one. + +* OwnerKey: `0x05 | classID |-> totalSupply` + +## Messages + +In this section we describe the processing of messages for the NFT module. + + +The validation of `ClassID` and `NftID` is left to the app developer.\ +The SDK does not provide any validation for these fields. + + +### MsgSend + +You can use the `MsgSend` message to transfer the ownership of nft. This is a function provided by the `x/nft` module. Of course, you can use the `Transfer` method to implement your own transfer logic, but you need to pay extra attention to the transfer permissions. + +The message handling should fail if: + +* provided `ClassID` does not exist. +* provided `Id` does not exist. +* provided `Sender` does not the owner of nft. + +## Events + +The nft module emits proto events defined in [the Protobuf reference](https://buf.build/cosmos/cosmos-sdk/docs/main:cosmos.nft.v1beta1). diff --git a/docs/sdk/next/build/modules/params/README.mdx b/docs/sdk/next/build/modules/params/README.mdx new file mode 100644 index 00000000..f8f69612 --- /dev/null +++ b/docs/sdk/next/build/modules/params/README.mdx @@ -0,0 +1,81 @@ +--- +title: '`x/params`' +description: >- + NOTE: x/params is deprecated as of Cosmos SDK v0.53 and will be removed in the + next release. +--- +NOTE: `x/params` is deprecated as of Cosmos SDK v0.53 and will be removed in the next release. + +## Abstract + +Package params provides a globally available parameter store. + +There are two main types, Keeper and Subspace. Subspace is an isolated namespace for a +paramstore, where keys are prefixed by preconfigured spacename. Keeper has a +permission to access all existing spaces. + +Subspace can be used by the individual keepers, which need a private parameter store +that the other keepers cannot modify. The params Keeper can be used to add a route to `x/gov` router in order to modify any parameter in case a proposal passes. + +The following contents explains how to use params module for master and user modules. + +## Contents + +* [Keeper](#keeper) +* [Subspace](#subspace) + * [Key](#key) + * [KeyTable](#keytable) + * [ParamSet](#paramset) + +## Keeper + +In the app initialization stage, [subspaces](#subspace) can be allocated for other modules' keeper using `Keeper.Subspace` and are stored in `Keeper.spaces`. Then, those modules can have a reference to their specific parameter store through `Keeper.GetSubspace`. + +Example: + +```go +type ExampleKeeper struct { + paramSpace paramtypes.Subspace +} + +func (k ExampleKeeper) + +SetParams(ctx sdk.Context, params types.Params) { + k.paramSpace.SetParamSet(ctx, ¶ms) +} +``` + +## Subspace + +`Subspace` is a prefixed subspace of the parameter store. Each module which uses the +parameter store will take a `Subspace` to isolate permission to access. + +### Key + +Parameter keys are human readable alphanumeric strings. A parameter for the key +`"ExampleParameter"` is stored under `[]byte("SubspaceName" + "/" + "ExampleParameter")`, +where `"SubspaceName"` is the name of the subspace. + +Subkeys are secondary parameter keys those are used along with a primary parameter key. +Subkeys can be used for grouping or dynamic parameter key generation during runtime. + +### KeyTable + +All of the parameter keys that will be used should be registered at the compile +time. `KeyTable` is essentially a `map[string]attribute`, where the `string` is a parameter key. + +Currently, `attribute` consists of a `reflect.Type`, which indicates the parameter +type to check that provided key and value are compatible and registered, as well as a function `ValueValidatorFn` to validate values. + +Only primary keys have to be registered on the `KeyTable`. Subkeys inherit the +attribute of the primary key. + +### ParamSet + +Modules often define parameters as a proto message. The generated struct can implement +`ParamSet` interface to be used with the following methods: + +* `KeyTable.RegisterParamSet()`: registers all parameters in the struct +* `Subspace.{Get, Set}ParamSet()`: Get to & Set from the struct + +The implementer should be a pointer in order to use `GetParamSet()`. diff --git a/docs/sdk/next/build/modules/protocolpool/README.mdx b/docs/sdk/next/build/modules/protocolpool/README.mdx new file mode 100644 index 00000000..b799fc27 --- /dev/null +++ b/docs/sdk/next/build/modules/protocolpool/README.mdx @@ -0,0 +1,656 @@ +--- +title: '`x/protocolpool`' +--- +## Concepts + +`x/protocolpool` is a supplemental Cosmos SDK module that handles functionality for community pool funds. The module provides a separate module account for the community pool making it easier to track the pool assets. Starting with v0.53 of the Cosmos SDK, community funds can be tracked using this module instead of the `x/distribution` module. Funds are migrated from the `x/distribution` module's community pool to `x/protocolpool`'s module account automatically. + +This module is `supplemental`; it is not required to run a Cosmos SDK chain. `x/protocolpool` enhances the community pool functionality provided by `x/distribution` and enables custom modules to further extend the community pool. + +Note: *as long as an external community pool keeper (here, `x/protocolpool`) is wired in DI configs, `x/distribution` will automatically use it for its external pool.* + +## Usage Limitations + +The following `x/distribution` handlers will now return an error when the `protocolpool` module is used with `x/distribution`: + +**QueryService** + +* `CommunityPool` + +**MsgService** + +* `CommunityPoolSpend` +* `FundCommunityPool` + +If you have services that rely on this functionality from `x/distribution`, please update them to use the `x/protocolpool` equivalents. + +## State Transitions + +### FundCommunityPool + +FundCommunityPool can be called by any valid account to send funds to the `x/protocolpool` module account. + +```protobuf + // FundCommunityPool defines a method to allow an account to directly + // fund the community pool. + rpc FundCommunityPool(MsgFundCommunityPool) returns (MsgFundCommunityPoolResponse); +``` + +### CommunityPoolSpend + +CommunityPoolSpend can be called by the module authority (default governance module account) or any account with authorization to spend funds from the `x/protocolpool` module account to a receiver address. + +```protobuf + // CommunityPoolSpend defines a governance operation for sending tokens from + // the community pool in the x/protocolpool module to another account, which + // could be the governance module itself. The authority is defined in the + // keeper. + rpc CommunityPoolSpend(MsgCommunityPoolSpend) returns (MsgCommunityPoolSpendResponse); +``` + +### CreateContinuousFund + +CreateContinuousFund is a message used to initiate a continuous fund for a specific recipient. The proposed percentage of funds will be distributed only on withdraw request for the recipient. The fund distribution continues until expiry time is reached or continuous fund request is canceled. +NOTE: This feature is designed to work with the SDK's default bond denom. + +```protobuf + // CreateContinuousFund defines a method to distribute a percentage of funds to an address continuously. + // This ContinuousFund can be indefinite or run until a given expiry time. + // Funds come from validator block rewards from x/distribution, but may also come from + // any user who funds the ProtocolPoolEscrow module account directly through x/bank. + rpc CreateContinuousFund(MsgCreateContinuousFund) returns (MsgCreateContinuousFundResponse); +``` + +### CancelContinuousFund + +CancelContinuousFund is a message used to cancel an existing continuous fund proposal for a specific recipient. Cancelling a continuous fund stops further distribution of funds, and the state object is removed from storage. + +```protobuf + // CancelContinuousFund defines a method for cancelling continuous fund. + rpc CancelContinuousFund(MsgCancelContinuousFund) returns (MsgCancelContinuousFundResponse); +``` + +## Messages + +### MsgFundCommunityPool + +This message sends coins directly from the sender to the community pool. + + +If you know the `x/protocolpool` module account address, you can directly use bank `send` transaction instead. + + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/proto/cosmos/protocolpool/v1/tx.proto#L43-L53 +``` + +* The msg will fail if the amount cannot be transferred from the sender to the `x/protocolpool` module account. + +```go +func (k Keeper) + +FundCommunityPool(ctx context.Context, amount sdk.Coins, sender sdk.AccAddress) + +error { + return k.bankKeeper.SendCoinsFromAccountToModule(ctx, sender, types.ModuleName, amount) +} +``` + +### MsgCommunityPoolSpend + +This message distributes funds from the `x/protocolpool` module account to the recipient using `DistributeFromCommunityPool` keeper method. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/proto/cosmos/protocolpool/v1/tx.proto#L58-L69 +``` + +The message will fail under the following conditions: + +* The amount cannot be transferred to the recipient from the `x/protocolpool` module account. +* The `recipient` address is restricted + +```go +func (k Keeper) + +DistributeFromCommunityPool(ctx context.Context, amount sdk.Coins, receiveAddr sdk.AccAddress) + +error { + return k.bankKeeper.SendCoinsFromModuleToAccount(ctx, types.ModuleName, receiveAddr, amount) +} +``` + +### MsgCreateContinuousFund + +This message is used to create a continuous fund for a specific recipient. The proposed percentage of funds will be distributed only on withdraw request for the recipient. This fund distribution continues until expiry time is reached or continuous fund request is canceled. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/proto/cosmos/protocolpool/v1/tx.proto#L114-L130 +``` + +The message will fail under the following conditions: + +* The recipient address is empty or restricted. +* The percentage is zero/negative/greater than one. +* The Expiry time is less than the current block time. + + +If two continuous fund proposals to the same address are created, the previous ContinuousFund will be updated with the new ContinuousFund. + + +```go expandable +package keeper + +import ( + + "context" + "fmt" + "cosmossdk.io/math" + + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/cosmos/cosmos-sdk/x/protocolpool/types" +) + +type MsgServer struct { + Keeper +} + +var _ types.MsgServer = MsgServer{ +} + +// NewMsgServerImpl returns an implementation of the protocolpool MsgServer interface +// for the provided Keeper. +func NewMsgServerImpl(keeper Keeper) + +types.MsgServer { + return &MsgServer{ + Keeper: keeper +} +} + +func (k MsgServer) + +FundCommunityPool(ctx context.Context, msg *types.MsgFundCommunityPool) (*types.MsgFundCommunityPoolResponse, error) { + sdkCtx := sdk.UnwrapSDKContext(ctx) + +depositor, err := k.authKeeper.AddressCodec().StringToBytes(msg.Depositor) + if err != nil { + return nil, sdkerrors.ErrInvalidAddress.Wrapf("invalid depositor address: %s", err) +} + if err := validateAmount(msg.Amount); err != nil { + return nil, err +} + + // send funds to community pool module account + if err := k.Keeper.FundCommunityPool(sdkCtx, msg.Amount, depositor); err != nil { + return nil, err +} + +return &types.MsgFundCommunityPoolResponse{ +}, nil +} + +func (k MsgServer) + +CommunityPoolSpend(ctx context.Context, msg *types.MsgCommunityPoolSpend) (*types.MsgCommunityPoolSpendResponse, error) { + sdkCtx := sdk.UnwrapSDKContext(ctx) + if err := k.validateAuthority(msg.Authority); err != nil { + return nil, err +} + if err := validateAmount(msg.Amount); err != nil { + return nil, err +} + +recipient, err := k.authKeeper.AddressCodec().StringToBytes(msg.Recipient) + if err != nil { + return nil, err +} + + // distribute funds from community pool module account + if err := k.DistributeFromCommunityPool(sdkCtx, msg.Amount, recipient); err != nil { + return nil, err +} + +sdkCtx.Logger().Debug("transferred from the community pool", "amount", msg.Amount.String(), "recipient", msg.Recipient) + +return &types.MsgCommunityPoolSpendResponse{ +}, nil +} + +func (k MsgServer) + +CreateContinuousFund(ctx context.Context, msg *types.MsgCreateContinuousFund) (*types.MsgCreateContinuousFundResponse, error) { + sdkCtx := sdk.UnwrapSDKContext(ctx) + if err := k.validateAuthority(msg.Authority); err != nil { + return nil, err +} + +recipient, err := k.Keeper.authKeeper.AddressCodec().StringToBytes(msg.Recipient) + if err != nil { + return nil, err +} + + // deny creation if we know this address is blocked from receiving funds + if k.bankKeeper.BlockedAddr(recipient) { + return nil, fmt.Errorf("recipient is blocked in the bank keeper: %s", msg.Recipient) +} + +has, err := k.ContinuousFunds.Has(sdkCtx, recipient) + if err != nil { + return nil, err +} + if has { + return nil, fmt.Errorf("continuous fund already exists for recipient %s", msg.Recipient) +} + + // Validate the message fields + err = validateContinuousFund(sdkCtx, *msg) + if err != nil { + return nil, err +} + + // Check if total funds percentage exceeds 100% + // If exceeds, we should not setup continuous fund proposal. + totalStreamFundsPercentage := math.LegacyZeroDec() + +err = k.ContinuousFunds.Walk(sdkCtx, nil, func(key sdk.AccAddress, value types.ContinuousFund) (stop bool, err error) { + totalStreamFundsPercentage = totalStreamFundsPercentage.Add(value.Percentage) + +return false, nil +}) + if err != nil { + return nil, err +} + +totalStreamFundsPercentage = totalStreamFundsPercentage.Add(msg.Percentage) + if totalStreamFundsPercentage.GT(math.LegacyOneDec()) { + return nil, fmt.Errorf("cannot set continuous fund proposal\ntotal funds percentage exceeds 100\ncurrent total percentage: %s", totalStreamFundsPercentage.Sub(msg.Percentage).MulInt64(100).TruncateInt().String()) +} + + // Create continuous fund proposal + cf := types.ContinuousFund{ + Recipient: msg.Recipient, + Percentage: msg.Percentage, + Expiry: msg.Expiry, +} + + // Set continuous fund to the state + err = k.ContinuousFunds.Set(sdkCtx, recipient, cf) + if err != nil { + return nil, err +} + +return &types.MsgCreateContinuousFundResponse{ +}, nil +} + +func (k MsgServer) + +CancelContinuousFund(ctx context.Context, msg *types.MsgCancelContinuousFund) (*types.MsgCancelContinuousFundResponse, error) { + sdkCtx := sdk.UnwrapSDKContext(ctx) + if err := k.validateAuthority(msg.Authority); err != nil { + return nil, err +} + +recipient, err := k.Keeper.authKeeper.AddressCodec().StringToBytes(msg.Recipient) + if err != nil { + return nil, err +} + canceledHeight := sdkCtx.BlockHeight() + canceledTime := sdkCtx.BlockTime() + +has, err := k.ContinuousFunds.Has(sdkCtx, recipient) + if err != nil { + return nil, fmt.Errorf("cannot get continuous fund for recipient %w", err) +} + if !has { + return nil, fmt.Errorf("cannot cancel continuous fund for recipient %s - does not exist", msg.Recipient) +} + if err := k.ContinuousFunds.Remove(sdkCtx, recipient); err != nil { + return nil, fmt.Errorf("failed to remove continuous fund for recipient %s: %w", msg.Recipient, err) +} + +return &types.MsgCancelContinuousFundResponse{ + CanceledTime: canceledTime, + CanceledHeight: uint64(canceledHeight), + Recipient: msg.Recipient, +}, nil +} + +func (k MsgServer) + +UpdateParams(ctx context.Context, msg *types.MsgUpdateParams) (*types.MsgUpdateParamsResponse, error) { + sdkCtx := sdk.UnwrapSDKContext(ctx) + if err := k.validateAuthority(msg.GetAuthority()); err != nil { + return nil, err +} + if err := msg.Params.Validate(); err != nil { + return nil, fmt.Errorf("invalid params: %w", err) +} + if err := k.Params.Set(sdkCtx, msg.Params); err != nil { + return nil, fmt.Errorf("failed to set params: %w", err) +} + +return &types.MsgUpdateParamsResponse{ +}, nil +} +``` + +### MsgCancelContinuousFund + +This message is used to cancel an existing continuous fund proposal for a specific recipient. Once canceled, the continuous fund will no longer distribute funds at each begin block, and the state object will be removed. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/x/protocolpool/proto/cosmos/protocolpool/v1/tx.proto#L136-L161 +``` + +The message will fail under the following conditions: + +* The recipient address is empty or restricted. +* The ContinuousFund for the recipient does not exist. + +```go expandable +package keeper + +import ( + + "context" + "fmt" + "cosmossdk.io/math" + + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/cosmos/cosmos-sdk/x/protocolpool/types" +) + +type MsgServer struct { + Keeper +} + +var _ types.MsgServer = MsgServer{ +} + +// NewMsgServerImpl returns an implementation of the protocolpool MsgServer interface +// for the provided Keeper. +func NewMsgServerImpl(keeper Keeper) + +types.MsgServer { + return &MsgServer{ + Keeper: keeper +} +} + +func (k MsgServer) + +FundCommunityPool(ctx context.Context, msg *types.MsgFundCommunityPool) (*types.MsgFundCommunityPoolResponse, error) { + sdkCtx := sdk.UnwrapSDKContext(ctx) + +depositor, err := k.authKeeper.AddressCodec().StringToBytes(msg.Depositor) + if err != nil { + return nil, sdkerrors.ErrInvalidAddress.Wrapf("invalid depositor address: %s", err) +} + if err := validateAmount(msg.Amount); err != nil { + return nil, err +} + + // send funds to community pool module account + if err := k.Keeper.FundCommunityPool(sdkCtx, msg.Amount, depositor); err != nil { + return nil, err +} + +return &types.MsgFundCommunityPoolResponse{ +}, nil +} + +func (k MsgServer) + +CommunityPoolSpend(ctx context.Context, msg *types.MsgCommunityPoolSpend) (*types.MsgCommunityPoolSpendResponse, error) { + sdkCtx := sdk.UnwrapSDKContext(ctx) + if err := k.validateAuthority(msg.Authority); err != nil { + return nil, err +} + if err := validateAmount(msg.Amount); err != nil { + return nil, err +} + +recipient, err := k.authKeeper.AddressCodec().StringToBytes(msg.Recipient) + if err != nil { + return nil, err +} + + // distribute funds from community pool module account + if err := k.DistributeFromCommunityPool(sdkCtx, msg.Amount, recipient); err != nil { + return nil, err +} + +sdkCtx.Logger().Debug("transferred from the community pool", "amount", msg.Amount.String(), "recipient", msg.Recipient) + +return &types.MsgCommunityPoolSpendResponse{ +}, nil +} + +func (k MsgServer) + +CreateContinuousFund(ctx context.Context, msg *types.MsgCreateContinuousFund) (*types.MsgCreateContinuousFundResponse, error) { + sdkCtx := sdk.UnwrapSDKContext(ctx) + if err := k.validateAuthority(msg.Authority); err != nil { + return nil, err +} + +recipient, err := k.Keeper.authKeeper.AddressCodec().StringToBytes(msg.Recipient) + if err != nil { + return nil, err +} + + // deny creation if we know this address is blocked from receiving funds + if k.bankKeeper.BlockedAddr(recipient) { + return nil, fmt.Errorf("recipient is blocked in the bank keeper: %s", msg.Recipient) +} + +has, err := k.ContinuousFunds.Has(sdkCtx, recipient) + if err != nil { + return nil, err +} + if has { + return nil, fmt.Errorf("continuous fund already exists for recipient %s", msg.Recipient) +} + + // Validate the message fields + err = validateContinuousFund(sdkCtx, *msg) + if err != nil { + return nil, err +} + + // Check if total funds percentage exceeds 100% + // If exceeds, we should not setup continuous fund proposal. + totalStreamFundsPercentage := math.LegacyZeroDec() + +err = k.ContinuousFunds.Walk(sdkCtx, nil, func(key sdk.AccAddress, value types.ContinuousFund) (stop bool, err error) { + totalStreamFundsPercentage = totalStreamFundsPercentage.Add(value.Percentage) + +return false, nil +}) + if err != nil { + return nil, err +} + +totalStreamFundsPercentage = totalStreamFundsPercentage.Add(msg.Percentage) + if totalStreamFundsPercentage.GT(math.LegacyOneDec()) { + return nil, fmt.Errorf("cannot set continuous fund proposal\ntotal funds percentage exceeds 100\ncurrent total percentage: %s", totalStreamFundsPercentage.Sub(msg.Percentage).MulInt64(100).TruncateInt().String()) +} + + // Create continuous fund proposal + cf := types.ContinuousFund{ + Recipient: msg.Recipient, + Percentage: msg.Percentage, + Expiry: msg.Expiry, +} + + // Set continuous fund to the state + err = k.ContinuousFunds.Set(sdkCtx, recipient, cf) + if err != nil { + return nil, err +} + +return &types.MsgCreateContinuousFundResponse{ +}, nil +} + +func (k MsgServer) + +CancelContinuousFund(ctx context.Context, msg *types.MsgCancelContinuousFund) (*types.MsgCancelContinuousFundResponse, error) { + sdkCtx := sdk.UnwrapSDKContext(ctx) + if err := k.validateAuthority(msg.Authority); err != nil { + return nil, err +} + +recipient, err := k.Keeper.authKeeper.AddressCodec().StringToBytes(msg.Recipient) + if err != nil { + return nil, err +} + canceledHeight := sdkCtx.BlockHeight() + canceledTime := sdkCtx.BlockTime() + +has, err := k.ContinuousFunds.Has(sdkCtx, recipient) + if err != nil { + return nil, fmt.Errorf("cannot get continuous fund for recipient %w", err) +} + if !has { + return nil, fmt.Errorf("cannot cancel continuous fund for recipient %s - does not exist", msg.Recipient) +} + if err := k.ContinuousFunds.Remove(sdkCtx, recipient); err != nil { + return nil, fmt.Errorf("failed to remove continuous fund for recipient %s: %w", msg.Recipient, err) +} + +return &types.MsgCancelContinuousFundResponse{ + CanceledTime: canceledTime, + CanceledHeight: uint64(canceledHeight), + Recipient: msg.Recipient, +}, nil +} + +func (k MsgServer) + +UpdateParams(ctx context.Context, msg *types.MsgUpdateParams) (*types.MsgUpdateParamsResponse, error) { + sdkCtx := sdk.UnwrapSDKContext(ctx) + if err := k.validateAuthority(msg.GetAuthority()); err != nil { + return nil, err +} + if err := msg.Params.Validate(); err != nil { + return nil, fmt.Errorf("invalid params: %w", err) +} + if err := k.Params.Set(sdkCtx, msg.Params); err != nil { + return nil, fmt.Errorf("failed to set params: %w", err) +} + +return &types.MsgUpdateParamsResponse{ +}, nil +} +``` + +## Client + +It takes the advantage of `AutoCLI` + +```go expandable +package protocolpool + +import ( + + "fmt" + + autocliv1 "cosmossdk.io/api/cosmos/autocli/v1" + poolv1 "cosmossdk.io/api/cosmos/protocolpool/v1" + "github.com/cosmos/cosmos-sdk/version" +) + +// AutoCLIOptions implements the autocli.HasAutoCLIConfig interface. +func (am AppModule) + +AutoCLIOptions() *autocliv1.ModuleOptions { + return &autocliv1.ModuleOptions{ + Query: &autocliv1.ServiceCommandDescriptor{ + Service: poolv1.Query_ServiceDesc.ServiceName, + RpcCommandOptions: []*autocliv1.RpcCommandOptions{ + { + RpcMethod: "CommunityPool", + Use: "community-pool", + Short: "Query the amount of coins in the community pool", + Example: fmt.Sprintf(`%s query protocolpool community-pool`, version.AppName), +}, + { + RpcMethod: "ContinuousFunds", + Use: "continuous-funds", + Short: "Query all continuous funds", + Example: fmt.Sprintf(`%s query protocolpool continuous-funds`, version.AppName), +}, + { + RpcMethod: "ContinuousFund", + Use: "continuous-fund ", + Short: "Query a continuous fund by its recipient address", + Example: fmt.Sprintf(`%s query protocolpool continuous-fund cosmos1...`, version.AppName), + PositionalArgs: []*autocliv1.PositionalArgDescriptor{{ + ProtoField: "recipient" +}}, +}, +}, +}, + Tx: &autocliv1.ServiceCommandDescriptor{ + Service: poolv1.Msg_ServiceDesc.ServiceName, + RpcCommandOptions: []*autocliv1.RpcCommandOptions{ + { + RpcMethod: "FundCommunityPool", + Use: "fund-community-pool ", + Short: "Funds the community pool with the specified amount", + Example: fmt.Sprintf(`%s tx protocolpool fund-community-pool 100uatom --from mykey`, version.AppName), + PositionalArgs: []*autocliv1.PositionalArgDescriptor{{ + ProtoField: "amount" +}}, +}, + { + RpcMethod: "CreateContinuousFund", + Use: "create-continuous-fund ", + Short: "Create continuous fund for a recipient with optional expiry", + Example: fmt.Sprintf(`%s tx protocolpool create-continuous-fund cosmos1... 0.2 2023-11-31T12:34:56.789Z --from mykey`, version.AppName), + PositionalArgs: []*autocliv1.PositionalArgDescriptor{ + { + ProtoField: "recipient" +}, + { + ProtoField: "percentage" +}, + { + ProtoField: "expiry", + Optional: true +}, +}, + GovProposal: true, +}, + { + RpcMethod: "CancelContinuousFund", + Use: "cancel-continuous-fund ", + Short: "Cancel continuous fund for a specific recipient", + Example: fmt.Sprintf(`%s tx protocolpool cancel-continuous-fund cosmos1... --from mykey`, version.AppName), + PositionalArgs: []*autocliv1.PositionalArgDescriptor{ + { + ProtoField: "recipient" +}, +}, + GovProposal: true, +}, + { + RpcMethod: "UpdateParams", + Use: "update-params-proposal ", + Short: "Submit a proposal to update protocolpool module params. Note: the entire params must be provided.", + Example: fmt.Sprintf(`%s tx protocolpool update-params-proposal '{ "enabled_distribution_denoms": ["stake", "foo"] +}'`, version.AppName), + PositionalArgs: []*autocliv1.PositionalArgDescriptor{{ + ProtoField: "params" +}}, + GovProposal: true, +}, +}, +}, +} +} +``` diff --git a/docs/sdk/next/build/modules/slashing/README.mdx b/docs/sdk/next/build/modules/slashing/README.mdx new file mode 100644 index 00000000..5b261ba4 --- /dev/null +++ b/docs/sdk/next/build/modules/slashing/README.mdx @@ -0,0 +1,813 @@ +--- +title: '`x/slashing`' +description: >- + This section specifies the slashing module of the Cosmos SDK, which implements + functionality first outlined in the Cosmos Whitepaper in June 2016. +--- +## Abstract + +This section specifies the slashing module of the Cosmos SDK, which implements functionality +first outlined in the [Cosmos Whitepaper](https://cosmos.network/about/whitepaper) in June 2016. + +The slashing module enables Cosmos SDK-based blockchains to disincentivize any attributable action +by a protocol-recognized actor with value at stake by penalizing them ("slashing"). + +Penalties may include, but are not limited to: + +* Burning some amount of their stake +* Removing their ability to vote on future blocks for a period of time. + +This module will be used by the Cosmos Hub, the first hub in the Cosmos ecosystem. + +## Contents + +* [Concepts](#concepts) + * [States](#states) + * [Tombstone Caps](#tombstone-caps) + * [Infraction Timelines](#infraction-timelines) +* [State](#state) + * [Signing Info (Liveness)](#signing-info-liveness) + * [Params](#params) +* [Messages](#messages) + * [Unjail](#unjail) +* [BeginBlock](#beginblock) + * [Liveness Tracking](#liveness-tracking) +* [Hooks](#hooks) +* [Events](#events) +* [Staking Tombstone](#staking-tombstone) +* [Parameters](#parameters) +* [CLI](#cli) + * [Query](#query) + * [Transactions](#transactions) + * [gRPC](#grpc) + * [REST](#rest) + +## Concepts + +### States + +At any given time, there are any number of validators registered in the state +machine. Each block, the top `MaxValidators` (defined by `x/staking`) validators +who are not jailed become *bonded*, meaning that they may propose and vote on +blocks. Validators who are *bonded* are *at stake*, meaning that part or all of +their stake and their delegators' stake is at risk if they commit a protocol fault. + +For each of these validators we keep a `ValidatorSigningInfo` record that contains +information pertaining to validator's liveness and other infraction related +attributes. + +### Tombstone Caps + +In order to mitigate the impact of initially likely categories of non-malicious +protocol faults, the Cosmos Hub implements for each validator +a *tombstone* cap, which only allows a validator to be slashed once for a double +sign fault. For example, if you misconfigure your HSM and double-sign a bunch of +old blocks, you'll only be punished for the first double-sign (and then immediately tombstoned). This will still be quite expensive and desirable to avoid, but tombstone caps +somewhat blunt the economic impact of unintentional misconfiguration. + +Liveness faults do not have caps, as they can't stack upon each other. Liveness bugs are "detected" as soon as the infraction occurs, and the validators are immediately put in jail, so it is not possible for them to commit multiple liveness faults without unjailing in between. + +### Infraction Timelines + +To illustrate how the `x/slashing` module handles submitted evidence through +CometBFT consensus, consider the following examples: + +**Definitions**: + +*\[* : timeline start\ +*]* : timeline end\ +*Cn* : infraction `n` committed\ +*Dn* : infraction `n` discovered\ +*Vb* : validator bonded\ +*Vu* : validator unbonded + +#### Single Double Sign Infraction + +\[----------C1----D1,Vu-----] + +A single infraction is committed then later discovered, at which point the +validator is unbonded and slashed at the full amount for the infraction. + +#### Multiple Double Sign Infractions + +\[----------C1--C2---C3---D1,D2,D3Vu-----] + +Multiple infractions are committed and then later discovered, at which point the +validator is jailed and slashed for only one infraction. Because the validator +is also tombstoned, they can not rejoin the validator set. + +## State + +### Signing Info (Liveness) + +Every block includes a set of precommits by the validators for the previous block, +known as the `LastCommitInfo` provided by CometBFT. A `LastCommitInfo` is valid so +long as it contains precommits from +2/3 of total voting power. + +Proposers are incentivized to include precommits from all validators in the CometBFT `LastCommitInfo` +by receiving additional fees proportional to the difference between the voting +power included in the `LastCommitInfo` and +2/3 (see [fee distribution](/docs/sdk/vnext/build/modules/distribution/README#begin-block)). + +```go +type LastCommitInfo struct { + Round int32 + Votes []VoteInfo +} +``` + +Validators are penalized for failing to be included in the `LastCommitInfo` for some +number of blocks by being automatically jailed, potentially slashed, and unbonded. + +Information about validator's liveness activity is tracked through `ValidatorSigningInfo`. +It is indexed in the store as follows: + +* ValidatorSigningInfo: `0x01 | ConsAddrLen (1 byte) | ConsAddress -> ProtocolBuffer(ValSigningInfo)` +* MissedBlocksBitArray: `0x02 | ConsAddrLen (1 byte) | ConsAddress | LittleEndianUint64(signArrayIndex) -> VarInt(didMiss)` (varint is a number encoding format) + +The first mapping allows us to easily lookup the recent signing info for a +validator based on the validator's consensus address. + +The second mapping (`MissedBlocksBitArray`) acts +as a bit-array of size `SignedBlocksWindow` that tells us if the validator missed +the block for a given index in the bit-array. The index in the bit-array is given +as little endian uint64. +The result is a `varint` that takes on `0` or `1`, where `0` indicates the +validator did not miss (did sign) the corresponding block, and `1` indicates +they missed the block (did not sign). + +Note that the `MissedBlocksBitArray` is not explicitly initialized up-front. Keys +are added as we progress through the first `SignedBlocksWindow` blocks for a newly +bonded validator. The `SignedBlocksWindow` parameter defines the size +(number of blocks) of the sliding window used to track validator liveness. + +The information stored for tracking validator liveness is as follows: + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/slashing/v1beta1/slashing.proto#L13-L35 +``` + +### Params + +The slashing module stores it's params in state with the prefix of `0x00`, +it can be updated with governance or the address with authority. + +* Params: `0x00 | ProtocolBuffer(Params)` + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/slashing/v1beta1/slashing.proto#L37-L59 +``` + +## Messages + +In this section we describe the processing of messages for the `slashing` module. + +### Unjail + +If a validator was automatically unbonded due to downtime and wishes to come back online & +possibly rejoin the bonded set, it must send `MsgUnjail`: + +```protobuf +// MsgUnjail is an sdk.Msg used for unjailing a jailed validator, thus returning +// them into the bonded validator set, so they can begin receiving provisions +// and rewards again. +message MsgUnjail { + string validator_addr = 1; +} +``` + +Below is a pseudocode of the `MsgSrv/Unjail` RPC: + +```go expandable +unjail(tx MsgUnjail) + +validator = getValidator(tx.ValidatorAddr) + if validator == nil + fail with "No validator found" + if getSelfDelegation(validator) == 0 + fail with "validator must self delegate before unjailing" + if !validator.Jailed + fail with "Validator not jailed, cannot unjail" + + info = GetValidatorSigningInfo(operator) + if info.Tombstoned + fail with "Tombstoned validator cannot be unjailed" + if block time < info.JailedUntil + fail with "Validator still jailed, cannot unjail until period has expired" + + validator.Jailed = false + setValidator(validator) + +return +``` + +If the validator has enough stake to be in the top `n = MaximumBondedValidators`, it will be automatically rebonded, +and all delegators still delegated to the validator will be rebonded and begin to again collect +provisions and rewards. + +## BeginBlock + +### Liveness Tracking + +At the beginning of each block, we update the `ValidatorSigningInfo` for each +validator and check if they've crossed below the liveness threshold over a +sliding window. This sliding window is defined by `SignedBlocksWindow` and the +index in this window is determined by `IndexOffset` found in the validator's +`ValidatorSigningInfo`. For each block processed, the `IndexOffset` is incremented +regardless if the validator signed or not. Once the index is determined, the +`MissedBlocksBitArray` and `MissedBlocksCounter` are updated accordingly. + +Finally, in order to determine if a validator crosses below the liveness threshold, +we fetch the maximum number of blocks missed, `maxMissed`, which is +`SignedBlocksWindow - (MinSignedPerWindow * SignedBlocksWindow)` and the minimum +height at which we can determine liveness, `minHeight`. If the current block is +greater than `minHeight` and the validator's `MissedBlocksCounter` is greater than +`maxMissed`, they will be slashed by `SlashFractionDowntime`, will be jailed +for `DowntimeJailDuration`, and have the following values reset: +`MissedBlocksBitArray`, `MissedBlocksCounter`, and `IndexOffset`. + +**Note**: Liveness slashes do **NOT** lead to a tombstoning. + +```go expandable +height := block.Height + for vote in block.LastCommitInfo.Votes { + signInfo := GetValidatorSigningInfo(vote.Validator.Address) + + // This is a relative index, so we count blocks the validator SHOULD have + // signed. We use the 0-value default signing info if not present, except for + // start height. + index := signInfo.IndexOffset % SignedBlocksWindow() + +signInfo.IndexOffset++ + + // Update MissedBlocksBitArray and MissedBlocksCounter. The MissedBlocksCounter + // just tracks the sum of MissedBlocksBitArray. That way we avoid needing to + // read/write the whole array each time. + missedPrevious := GetValidatorMissedBlockBitArray(vote.Validator.Address, index) + missed := !signed + switch { + case !missedPrevious && missed: + // array index has changed from not missed to missed, increment counter + SetValidatorMissedBlockBitArray(vote.Validator.Address, index, true) + +signInfo.MissedBlocksCounter++ + case missedPrevious && !missed: + // array index has changed from missed to not missed, decrement counter + SetValidatorMissedBlockBitArray(vote.Validator.Address, index, false) + +signInfo.MissedBlocksCounter-- + + default: + // array index at this index has not changed; no need to update counter +} + if missed { + // emit events... +} + minHeight := signInfo.StartHeight + SignedBlocksWindow() + maxMissed := SignedBlocksWindow() - MinSignedPerWindow() + + // If we are past the minimum height and the validator has missed too many + // jail and slash them. + if height > minHeight && signInfo.MissedBlocksCounter > maxMissed { + validator := ValidatorByConsAddr(vote.Validator.Address) + + // emit events... + + // We need to retrieve the stake distribution which signed the block, so we + // subtract ValidatorUpdateDelay from the block height, and subtract an + // additional 1 since this is the LastCommit. + // + // Note, that this CAN result in a negative "distributionHeight" up to + // -ValidatorUpdateDelay-1, i.e. at the end of the pre-genesis block (none) = at the beginning of the genesis block. + // That's fine since this is just used to filter unbonding delegations & redelegations. + distributionHeight := height - sdk.ValidatorUpdateDelay - 1 + + SlashWithInfractionReason(vote.Validator.Address, distributionHeight, vote.Validator.Power, SlashFractionDowntime(), stakingtypes.Downtime) + +Jail(vote.Validator.Address) + +signInfo.JailedUntil = block.Time.Add(DowntimeJailDuration()) + + // We need to reset the counter & array so that the validator won't be + // immediately slashed for downtime upon rebonding. + signInfo.MissedBlocksCounter = 0 + signInfo.IndexOffset = 0 + ClearValidatorMissedBlockBitArray(vote.Validator.Address) +} + +SetValidatorSigningInfo(vote.Validator.Address, signInfo) +} +``` + +## Hooks + +This section contains a description of the module's `hooks`. Hooks are operations that are executed automatically when events are raised. + +### Staking hooks + +The slashing module implements the `StakingHooks` defined in `x/staking` and are used as record-keeping of validators information. During the app initialization, these hooks should be registered in the staking module struct. + +The following hooks impact the slashing state: + +* `AfterValidatorBonded` creates a `ValidatorSigningInfo` instance as described in the following section. +* `AfterValidatorCreated` stores a validator's consensus key. +* `AfterValidatorRemoved` removes a validator's consensus key. + +### Validator Bonded + +Upon successful first-time bonding of a new validator, we create a new `ValidatorSigningInfo` structure for the +now-bonded validator, which `StartHeight` of the current block. + +If the validator was out of the validator set and gets bonded again, its new bonded height is set. + +```go expandable +onValidatorBonded(address sdk.ValAddress) + +signingInfo, found = GetValidatorSigningInfo(address) + if !found { + signingInfo = ValidatorSigningInfo { + StartHeight : CurrentHeight, + IndexOffset : 0, + JailedUntil : time.Unix(0, 0), + Tombstone : false, + MissedBlockCounter : 0 +} + +else { + signingInfo.StartHeight = CurrentHeight +} + +setValidatorSigningInfo(signingInfo) +} + +return +``` + +## Events + +The slashing module emits the following events: + +### MsgServer + +#### MsgUnjail + +| Type | Attribute Key | Attribute Value | +| ------- | ------------- | ------------------ | +| message | module | slashing | +| message | sender | `{validatorAddress}` | + +### Keeper + +### BeginBlocker: HandleValidatorSignature + +| Type | Attribute Key | Attribute Value | +| ----- | ------------- | --------------------------- | +| slash | address | `{validatorConsensusAddress}` | +| slash | power | `{validatorPower}` | +| slash | reason | `{slashReason}` | +| slash | jailed \[0] | `{validatorConsensusAddress}` | +| slash | burned coins | `{math.Int}` | + +* \[0] Only included if the validator is jailed. + +| Type | Attribute Key | Attribute Value | +| -------- | -------------- | --------------------------- | +| liveness | address | `{validatorConsensusAddress}` | +| liveness | missed\_blocks | `{missedBlocksCounter}` | +| liveness | height | `{blockHeight}` | + +#### Slash + +* same as `"slash"` event from `HandleValidatorSignature`, but without the `jailed` attribute. + +#### Jail + +| Type | Attribute Key | Attribute Value | +| ----- | ------------- | ------------------ | +| slash | jailed | `{validatorAddress}` | + +## Staking Tombstone + +### Abstract + +In the current implementation of the `slashing` module, when the consensus engine +informs the state machine of a validator's consensus fault, the validator is +partially slashed, and put into a "jail period", a period of time in which they +are not allowed to rejoin the validator set. However, because of the nature of +consensus faults and ABCI, there can be a delay between an infraction occurring, +and evidence of the infraction reaching the state machine (this is one of the +primary reasons for the existence of the unbonding period). + +> Note: The tombstone concept, only applies to faults that have a delay between +> the infraction occurring and evidence reaching the state machine. For example, +> evidence of a validator double signing may take a while to reach the state machine +> due to unpredictable evidence gossip layer delays and the ability of validators to +> selectively reveal double-signatures (e.g. to infrequently-online light clients). +> Liveness slashing, on the other hand, is detected immediately as soon as the +> infraction occurs, and therefore no slashing period is needed. A validator is +> immediately put into jail period, and they cannot commit another liveness fault +> until they unjail. In the future, there may be other types of byzantine faults +> that have delays (for example, submitting evidence of an invalid proposal as a transaction). +> When implemented, it will have to be decided whether these future types of +> byzantine faults will result in a tombstoning (and if not, the slash amounts +> will not be capped by a slashing period). + +In the current system design, once a validator is put in the jail for a consensus +fault, after the `JailPeriod` they are allowed to send a transaction to `unjail` +themselves, and thus rejoin the validator set. + +One of the "design desires" of the `slashing` module is that if multiple +infractions occur before evidence is executed (and a validator is put in jail), +they should only be punished for single worst infraction, but not cumulatively. +For example, if the sequence of events is: + +1. Validator A commits Infraction 1 (worth 30% slash) +2. Validator A commits Infraction 2 (worth 40% slash) +3. Validator A commits Infraction 3 (worth 35% slash) +4. Evidence for Infraction 1 reaches state machine (and validator is put in jail) +5. Evidence for Infraction 2 reaches state machine +6. Evidence for Infraction 3 reaches state machine + +Only Infraction 2 should have its slash take effect, as it is the highest. This +is done, so that in the case of the compromise of a validator's consensus key, +they will only be punished once, even if the hacker double-signs many blocks. +Because, the unjailing has to be done with the validator's operator key, they +have a chance to re-secure their consensus key, and then signal that they are +ready using their operator key. We call this period during which we track only +the max infraction, the "slashing period". + +Once, a validator rejoins by unjailing themselves, we begin a new slashing period; +if they commit a new infraction after unjailing, it gets slashed cumulatively on +top of the worst infraction from the previous slashing period. + +However, while infractions are grouped based off of the slashing periods, because +evidence can be submitted up to an `unbondingPeriod` after the infraction, we +still have to allow for evidence to be submitted for previous slashing periods. +For example, if the sequence of events is: + +1. Validator A commits Infraction 1 (worth 30% slash) +2. Validator A commits Infraction 2 (worth 40% slash) +3. Evidence for Infraction 1 reaches state machine (and Validator A is put in jail) +4. Validator A unjails + +We are now in a new slashing period, however we still have to keep the door open +for the previous infraction, as the evidence for Infraction 2 may still come in. +As the number of slashing periods increase, it creates more complexity as we have +to keep track of the highest infraction amount for every single slashing period. + +> Note: Currently, according to the `slashing` module spec, a new slashing period +> is created every time a validator is unbonded then rebonded. This should probably +> be changed to jailed/unjailed. See issue [#3205](https://github.com/cosmos/cosmos-sdk/issues/3205) +> for further details. For the remainder of this, I will assume that we only start +> a new slashing period when a validator gets unjailed. + +The maximum number of slashing periods is the `len(UnbondingPeriod) / len(JailPeriod)`. +The current defaults in Gaia for the `UnbondingPeriod` and `JailPeriod` are 3 weeks +and 2 days, respectively. This means there could potentially be up to 11 slashing +periods concurrently being tracked per validator. If we set the `JailPeriod >= UnbondingPeriod`, +we only have to track 1 slashing period (i.e not have to track slashing periods). + +Currently, in the jail period implementation, once a validator unjails, all of +their delegators who are delegated to them (haven't unbonded / redelegated away), +stay with them. Given that consensus safety faults are so egregious +(way more so than liveness faults), it is probably prudent to have delegators not +"auto-rebond" to the validator. + +#### Proposal: infinite jail + +We propose setting the "jail time" for a +validator who commits a consensus safety fault, to `infinite` (i.e. a tombstone state). +This essentially kicks the validator out of the validator set and does not allow +them to re-enter the validator set. All of their delegators (including the operator themselves) +have to either unbond or redelegate away. The validator operator can create a new +validator if they would like, with a new operator key and consensus key, but they +have to "re-earn" their delegations back. + +Implementing the tombstone system and getting rid of the slashing period tracking +will make the `slashing` module way simpler, especially because we can remove all +of the hooks defined in the `slashing` module consumed by the `staking` module +(the `slashing` module still consumes hooks defined in `staking`). + +#### Single slashing amount + +Another optimization that can be made is that if we assume that all ABCI faults +for CometBFT consensus are slashed at the same level, we don't have to keep +track of "max slash". Once an ABCI fault happens, we don't have to worry about +comparing potential future ones to find the max. + +Currently the only CometBFT ABCI fault is: + +* Unjustified precommits (double signs) + +It is currently planned to include the following fault in the near future: + +* Signing a precommit when you're in unbonding phase (needed to make light client bisection safe) + +Given that these faults are both attributable byzantine faults, we will likely +want to slash them equally, and thus we can enact the above change. + +> Note: This change may make sense for current CometBFT consensus, but maybe +> not for a different consensus algorithm or future versions of CometBFT that +> may want to punish at different levels (for example, partial slashing). + +## Parameters + +The slashing module contains the following parameters: + +| Key | Type | Example | +| ----------------------- | -------------- | ---------------------- | +| SignedBlocksWindow | string (int64) | "100" | +| MinSignedPerWindow | string (dec) | "0.500000000000000000" | +| DowntimeJailDuration | string (ns) | "600000000000" | +| SlashFractionDoubleSign | string (dec) | "0.050000000000000000" | +| SlashFractionDowntime | string (dec) | "0.010000000000000000" | + +## CLI + +A user can query and interact with the `slashing` module using the CLI. + +### Query + +The `query` commands allow users to query `slashing` state. + +```shell +simd query slashing --help +``` + +#### params + +The `params` command allows users to query genesis parameters for the slashing module. + +```shell +simd query slashing params [flags] +``` + +Example: + +```shell +simd query slashing params +``` + +Example Output: + +```yml +downtime_jail_duration: 600s +min_signed_per_window: "0.500000000000000000" +signed_blocks_window: "100" +slash_fraction_double_sign: "0.050000000000000000" +slash_fraction_downtime: "0.010000000000000000" +``` + +#### signing-info + +The `signing-info` command allows users to query signing-info of the validator using consensus public key. + +```shell +simd query slashing signing-infos [flags] +``` + +Example: + +```shell +simd query slashing signing-info '{"@type":"/cosmos.crypto.ed25519.PubKey","key":"Auxs3865HpB/EfssYOzfqNhEJjzys6jD5B6tPgC8="}' + +``` + +Example Output: + +```yml +address: cosmosvalcons1nrqsld3aw6lh6t082frdqc84uwxn0t958c +index_offset: "2068" +jailed_until: "1970-01-01T00:00:00Z" +missed_blocks_counter: "0" +start_height: "0" +tombstoned: false +``` + +#### signing-infos + +The `signing-infos` command allows users to query signing infos of all validators. + +```shell +simd query slashing signing-infos [flags] +``` + +Example: + +```shell +simd query slashing signing-infos +``` + +Example Output: + +```yml +info: +- address: cosmosvalcons1nrqsld3aw6lh6t082frdqc84uwxn0t958c + index_offset: "2075" + jailed_until: "1970-01-01T00:00:00Z" + missed_blocks_counter: "0" + start_height: "0" + tombstoned: false +pagination: + next_key: null + total: "0" +``` + +### Transactions + +The `tx` commands allow users to interact with the `slashing` module. + +```bash +simd tx slashing --help +``` + +#### unjail + +The `unjail` command allows users to unjail a validator previously jailed for downtime. + +```bash +simd tx slashing unjail --from mykey [flags] +``` + +Example: + +```bash +simd tx slashing unjail --from mykey +``` + +### gRPC + +A user can query the `slashing` module using gRPC endpoints. + +#### Params + +The `Params` endpoint allows users to query the parameters of slashing module. + +```shell +cosmos.slashing.v1beta1.Query/Params +``` + +Example: + +```shell +grpcurl -plaintext localhost:9090 cosmos.slashing.v1beta1.Query/Params +``` + +Example Output: + +```json +{ + "params": { + "signedBlocksWindow": "100", + "minSignedPerWindow": "NTAwMDAwMDAwMDAwMDAwMDAw", + "downtimeJailDuration": "600s", + "slashFractionDoubleSign": "NTAwMDAwMDAwMDAwMDAwMDA=", + "slashFractionDowntime": "MTAwMDAwMDAwMDAwMDAwMDA=" + } +} +``` + +#### SigningInfo + +The SigningInfo queries the signing info of given cons address. + +```shell +cosmos.slashing.v1beta1.Query/SigningInfo +``` + +Example: + +```shell +grpcurl -plaintext -d '{"cons_address":"cosmosvalcons1nrqsld3aw6lh6t082frdqc84uwxn0t958c"}' localhost:9090 cosmos.slashing.v1beta1.Query/SigningInfo +``` + +Example Output: + +```json +{ + "valSigningInfo": { + "address": "cosmosvalcons1nrqsld3aw6lh6t082frdqc84uwxn0t958c", + "indexOffset": "3493", + "jailedUntil": "1970-01-01T00:00:00Z" + } +} +``` + +#### SigningInfos + +The SigningInfos queries signing info of all validators. + +```shell +cosmos.slashing.v1beta1.Query/SigningInfos +``` + +Example: + +```shell +grpcurl -plaintext localhost:9090 cosmos.slashing.v1beta1.Query/SigningInfos +``` + +Example Output: + +```json expandable +{ + "info": [ + { + "address": "cosmosvalcons1nrqslkwd3pz096lh6t082frdqc84uwxn0t958c", + "indexOffset": "2467", + "jailedUntil": "1970-01-01T00:00:00Z" + } + ], + "pagination": { + "total": "1" + } +} +``` + +### REST + +A user can query the `slashing` module using REST endpoints. + +#### Params + +```shell +/cosmos/slashing/v1beta1/params +``` + +Example: + +```shell +curl "localhost:1317/cosmos/slashing/v1beta1/params" +``` + +Example Output: + +```json +{ + "params": { + "signed_blocks_window": "100", + "min_signed_per_window": "0.500000000000000000", + "downtime_jail_duration": "600s", + "slash_fraction_double_sign": "0.050000000000000000", + "slash_fraction_downtime": "0.010000000000000000" +} +``` + +#### signing\_info + +```shell +/cosmos/slashing/v1beta1/signing_infos/%s +``` + +Example: + +```shell +curl "localhost:1317/cosmos/slashing/v1beta1/signing_infos/cosmosvalcons1nrqslkwd3pz096lh6t082frdqc84uwxn0t958c" +``` + +Example Output: + +```json +{ + "val_signing_info": { + "address": "cosmosvalcons1nrqslkwd3pz096lh6t082frdqc84uwxn0t958c", + "start_height": "0", + "index_offset": "4184", + "jailed_until": "1970-01-01T00:00:00Z", + "tombstoned": false, + "missed_blocks_counter": "0" + } +} +``` + +#### signing\_infos + +```shell +/cosmos/slashing/v1beta1/signing_infos +``` + +Example: + +```shell +curl "localhost:1317/cosmos/slashing/v1beta1/signing_infos +``` + +Example Output: + +```json expandable +{ + "info": [ + { + "address": "cosmosvalcons1nrqslkwd3pz096lh6t082frdqc84uwxn0t958c", + "start_height": "0", + "index_offset": "4169", + "jailed_until": "1970-01-01T00:00:00Z", + "tombstoned": false, + "missed_blocks_counter": "0" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` diff --git a/docs/sdk/next/build/modules/staking/README.mdx b/docs/sdk/next/build/modules/staking/README.mdx new file mode 100644 index 00000000..8a6c3453 --- /dev/null +++ b/docs/sdk/next/build/modules/staking/README.mdx @@ -0,0 +1,3461 @@ +--- +title: '`x/staking`' +description: >- + This paper specifies the Staking module of the Cosmos SDK that was first + described in the Cosmos Whitepaper in June 2016. +--- +## Abstract + +This paper specifies the Staking module of the Cosmos SDK that was first +described in the [Cosmos Whitepaper](https://cosmos.network/about/whitepaper) +in June 2016. + +The module enables Cosmos SDK-based blockchain to support an advanced +Proof-of-Stake (PoS) system. In this system, holders of the native staking token of +the chain can become validators and can delegate tokens to validators, +ultimately determining the effective validator set for the system. + +This module is used in the Cosmos Hub, the first Hub in the Cosmos +network. + +## Contents + +* [State](#state) + * [Pool](#pool) + * [LastTotalPower](#lasttotalpower) + * [ValidatorUpdates](#validatorupdates) + * [UnbondingID](#unbondingid) + * [Params](#params) + * [Validator](#validator) + * [Delegation](#delegation) + * [UnbondingDelegation](#unbondingdelegation) + * [Redelegation](#redelegation) + * [Queues](#queues) + * [HistoricalInfo](#historicalinfo) +* [State Transitions](#state-transitions) + * [Validators](#validators) + * [Delegations](#delegations) + * [Slashing](#slashing) + * [How Shares are calculated](#how-shares-are-calculated) +* [Messages](#messages) + * [MsgCreateValidator](#msgcreatevalidator) + * [MsgEditValidator](#msgeditvalidator) + * [MsgDelegate](#msgdelegate) + * [MsgUndelegate](#msgundelegate) + * [MsgCancelUnbondingDelegation](#msgcancelunbondingdelegation) + * [MsgBeginRedelegate](#msgbeginredelegate) + * [MsgUpdateParams](#msgupdateparams) +* [Begin-Block](#begin-block) + * [Historical Info Tracking](#historical-info-tracking) +* [End-Block](#end-block) + * [Validator Set Changes](#validator-set-changes) + * [Queues](#queues-1) +* [Hooks](#hooks) +* [Events](#events) + * [EndBlocker](#endblocker) + * [Msg's](#msgs) +* [Parameters](#parameters) +* [Client](#client) + * [CLI](#cli) + * [gRPC](#grpc) + * [REST](#rest) + +## State + +### Pool + +Pool is used for tracking bonded and not-bonded token supply of the bond denomination. + +### LastTotalPower + +LastTotalPower tracks the total amounts of bonded tokens recorded during the previous end block. +Store entries prefixed with "Last" must remain unchanged until EndBlock. + +* LastTotalPower: `0x12 -> ProtocolBuffer(math.Int)` + +### ValidatorUpdates + +ValidatorUpdates contains the validator updates returned to ABCI at the end of every block. +The values are overwritten in every block. + +* ValidatorUpdates `0x61 -> []abci.ValidatorUpdate` + +### UnbondingID + +UnbondingID stores the ID of the latest unbonding operation. It enables creating unique IDs for unbonding operations, i.e., UnbondingID is incremented every time a new unbonding operation (validator unbonding, unbonding delegation, redelegation) is initiated. + +* UnbondingID: `0x37 -> uint64` + +### Params + +The staking module stores its params in state with the prefix of `0x51`, +it can be updated with governance or the address with authority. + +* Params: `0x51 | ProtocolBuffer(Params)` + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L310-L333 +``` + +### Validator + +Validators can have one of three statuses + +* `Unbonded`: The validator is not in the active set. They cannot sign blocks and do not earn + rewards. They can receive delegations. +* `Bonded`: Once the validator receives sufficient bonded tokens they automatically join the + active set during [`EndBlock`](#validator-set-changes) and their status is updated to `Bonded`. + They are signing blocks and receiving rewards. They can receive further delegations. + They can be slashed for misbehavior. Delegators to this validator who unbond their delegation + must wait the duration of the UnbondingTime, a chain-specific param, during which time + they are still slashable for offences of the source validator if those offences were committed + during the period of time that the tokens were bonded. +* `Unbonding`: When a validator leaves the active set, either by choice or due to slashing, jailing or + tombstoning, an unbonding of all their delegations begins. All delegations must then wait the UnbondingTime + before their tokens are moved to their accounts from the `BondedPool`. + + +Tombstoning is permanent, once tombstoned a validator's consensus key can not be reused within the chain where the tombstoning happened. + + +Validators objects should be primarily stored and accessed by the +`OperatorAddr`, an SDK validator address for the operator of the validator. Two +additional indices are maintained per validator object in order to fulfill +required lookups for slashing and validator-set updates. A third special index +(`LastValidatorPower`) is also maintained which however remains constant +throughout each block, unlike the first two indices which mirror the validator +records within a block. + +* Validators: `0x21 | OperatorAddrLen (1 byte) | OperatorAddr -> ProtocolBuffer(validator)` +* ValidatorsByConsAddr: `0x22 | ConsAddrLen (1 byte) | ConsAddr -> OperatorAddr` +* ValidatorsByPower: `0x23 | BigEndian(ConsensusPower) | OperatorAddrLen (1 byte) | OperatorAddr -> OperatorAddr` +* LastValidatorsPower: `0x11 | OperatorAddrLen (1 byte) | OperatorAddr -> ProtocolBuffer(ConsensusPower)` +* ValidatorsByUnbondingID: `0x38 | UnbondingID -> 0x21 | OperatorAddrLen (1 byte) | OperatorAddr` + +`Validators` is the primary index - it ensures that each operator can have only one +associated validator, where the public key of that validator can change in the +future. Delegators can refer to the immutable operator of the validator, without +concern for the changing public key. + +`ValidatorsByUnbondingID` is an additional index that enables lookups for +validators by the unbonding IDs corresponding to their current unbonding. + +`ValidatorByConsAddr` is an additional index that enables lookups for slashing. +When CometBFT reports evidence, it provides the validator address, so this +map is needed to find the operator. Note that the `ConsAddr` corresponds to the +address which can be derived from the validator's `ConsPubKey`. + +`ValidatorsByPower` is an additional index that provides a sorted list of +potential validators to quickly determine the current active set. Here +ConsensusPower is validator.Tokens/10^6 by default. Note that all validators +where `Jailed` is true are not stored within this index. + +`LastValidatorsPower` is a special index that provides a historical list of the +last-block's bonded validators. This index remains constant during a block but +is updated during the validator set update process which takes place in [`EndBlock`](#end-block). + +Each validator's state is stored in a `Validator` struct: + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L82-L138 +``` + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L26-L80 +``` + +### Delegation + +Delegations are identified by combining `DelegatorAddr` (the address of the delegator) +with the `ValidatorAddr` Delegators are indexed in the store as follows: + +* Delegation: `0x31 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValidatorAddrLen (1 byte) | ValidatorAddr -> ProtocolBuffer(delegation)` + +Stake holders may delegate coins to validators; under this circumstance their +funds are held in a `Delegation` data structure. It is owned by one +delegator, and is associated with the shares for one validator. The sender of +the transaction is the owner of the bond. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L198-L216 +``` + +#### Delegator Shares + +When one delegates tokens to a Validator, they are issued a number of delegator shares based on a +dynamic exchange rate, calculated as follows from the total number of tokens delegated to the +validator and the number of shares issued so far: + +`Shares per Token = validator.TotalShares() / validator.Tokens()` + +Only the number of shares received is stored on the DelegationEntry. When a delegator then +Undelegates, the token amount they receive is calculated from the number of shares they currently +hold and the inverse exchange rate: + +`Tokens per Share = validator.Tokens() / validatorShares()` + +These `Shares` are simply an accounting mechanism. They are not a fungible asset. The reason for +this mechanism is to simplify the accounting around slashing. Rather than iteratively slashing the +tokens of every delegation entry, instead the Validator's total bonded tokens can be slashed, +effectively reducing the value of each issued delegator share. + +### UnbondingDelegation + +Shares in a `Delegation` can be unbonded, but they must for some time exist as +an `UnbondingDelegation`, where shares can be reduced if Byzantine behavior is +detected. + +`UnbondingDelegation` are indexed in the store as: + +* UnbondingDelegation: `0x32 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValidatorAddrLen (1 byte) | ValidatorAddr -> ProtocolBuffer(unbondingDelegation)` +* UnbondingDelegationsFromValidator: `0x33 | ValidatorAddrLen (1 byte) | ValidatorAddr | DelegatorAddrLen (1 byte) | DelegatorAddr -> nil` +* UnbondingDelegationByUnbondingId: `0x38 | UnbondingId -> 0x32 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValidatorAddrLen (1 byte) | ValidatorAddr` + `UnbondingDelegation` is used in queries, to lookup all unbonding delegations for + a given delegator. + +`UnbondingDelegationsFromValidator` is used in slashing, to lookup all +unbonding delegations associated with a given validator that need to be +slashed. + +`UnbondingDelegationByUnbondingId` is an additional index that enables +lookups for unbonding delegations by the unbonding IDs of the containing +unbonding delegation entries. + +A UnbondingDelegation object is created every time an unbonding is initiated. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L218-L261 +``` + +### Redelegation + +The bonded tokens worth of a `Delegation` may be instantly redelegated from a +source validator to a different validator (destination validator). However when +this occurs they must be tracked in a `Redelegation` object, whereby their +shares can be slashed if their tokens have contributed to a Byzantine fault +committed by the source validator. + +`Redelegation` are indexed in the store as: + +* Redelegations: `0x34 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValidatorAddrLen (1 byte) | ValidatorSrcAddr | ValidatorDstAddr -> ProtocolBuffer(redelegation)` +* RedelegationsBySrc: `0x35 | ValidatorSrcAddrLen (1 byte) | ValidatorSrcAddr | ValidatorDstAddrLen (1 byte) | ValidatorDstAddr | DelegatorAddrLen (1 byte) | DelegatorAddr -> nil` +* RedelegationsByDst: `0x36 | ValidatorDstAddrLen (1 byte) | ValidatorDstAddr | ValidatorSrcAddrLen (1 byte) | ValidatorSrcAddr | DelegatorAddrLen (1 byte) | DelegatorAddr -> nil` +* RedelegationByUnbondingId: `0x38 | UnbondingId -> 0x34 | DelegatorAddrLen (1 byte) | DelegatorAddr | ValidatorAddrLen (1 byte) | ValidatorSrcAddr | ValidatorDstAddr` + +`Redelegations` is used for queries, to lookup all redelegations for a given +delegator. + +`RedelegationsBySrc` is used for slashing based on the `ValidatorSrcAddr`. + +`RedelegationsByDst` is used for slashing based on the `ValidatorDstAddr` + +The first map here is used for queries, to lookup all redelegations for a given +delegator. The second map is used for slashing based on the `ValidatorSrcAddr`, +while the third map is for slashing based on the `ValidatorDstAddr`. + +`RedelegationByUnbondingId` is an additional index that enables +lookups for redelegations by the unbonding IDs of the containing +redelegation entries. + +A redelegation object is created every time a redelegation occurs. To prevent +"redelegation hopping" redelegations may not occur under the situation that: + +* the (re)delegator already has another immature redelegation in progress + with a destination to a validator (let's call it `Validator X`) +* and, the (re)delegator is attempting to create a *new* redelegation + where the source validator for this new redelegation is `Validator X`. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L263-L308 +``` + +### Queues + +All queue objects are sorted by timestamp. The time used within any queue is +firstly converted to UTC, rounded to the nearest nanosecond then sorted. The sortable time format +used is a slight modification of the RFC3339Nano and uses the format string +`"2006-01-02T15:04:05.000000000"`. Notably this format: + +* right pads all zeros +* drops the time zone info (we already use UTC) + +In all cases, the stored timestamp represents the maturation time of the queue +element. + +#### UnbondingDelegationQueue + +For the purpose of tracking progress of unbonding delegations the unbonding +delegations queue is kept. + +* UnbondingDelegation: `0x41 | format(time) -> []DVPair` + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L162-L172 +``` + +#### RedelegationQueue + +For the purpose of tracking progress of redelegations the redelegation queue is +kept. + +* RedelegationQueue: `0x42 | format(time) -> []DVVTriplet` + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/staking.proto#L179-L191 +``` + +#### ValidatorQueue + +For the purpose of tracking progress of unbonding validators the validator +queue is kept. + +* ValidatorQueueTime: `0x43 | format(time) -> []sdk.ValAddress` + +The stored object by each key is an array of validator operator addresses from +which the validator object can be accessed. Typically it is expected that only +a single validator record will be associated with a given timestamp however it is possible +that multiple validators exist in the queue at the same location. + +### HistoricalInfo + +HistoricalInfo objects are stored and pruned at each block such that the staking keeper persists +the `n` most recent historical info defined by staking module parameter: `HistoricalEntries`. + +```go expandable +syntax = "proto3"; +package cosmos.staking.v1beta1; + +import "gogoproto/gogo.proto"; +import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/timestamp.proto"; + +import "cosmos_proto/cosmos.proto"; +import "cosmos/base/v1beta1/coin.proto"; +import "amino/amino.proto"; +import "tendermint/types/types.proto"; +import "tendermint/abci/types.proto"; + +option go_package = "github.com/cosmos/cosmos-sdk/x/staking/types"; + +// HistoricalInfo contains header and validator information for a given block. +// It is stored as part of staking module's state, which persists the `n` most +// recent HistoricalInfo +// (`n` is set by the staking module's `historical_entries` parameter). +message HistoricalInfo { + tendermint.types.Header header = 1 [(gogoproto.nullable) = false, (amino.dont_omitempty) = true]; + repeated Validator valset = 2 [(gogoproto.nullable) = false, (amino.dont_omitempty) = true]; +} + +// CommissionRates defines the initial commission rates to be used for creating +// a validator. +message CommissionRates { + option (gogoproto.equal) = true; + option (gogoproto.goproto_stringer) = false; + + // rate is the commission rate charged to delegators, as a fraction. + string rate = 1 [ + (cosmos_proto.scalar) = "cosmos.Dec", + (gogoproto.customtype) = "github.com/cosmos/cosmos-sdk/types.Dec", + (gogoproto.nullable) = false + ]; + // max_rate defines the maximum commission rate which validator can ever charge, as a fraction. + string max_rate = 2 [ + (cosmos_proto.scalar) = "cosmos.Dec", + (gogoproto.customtype) = "github.com/cosmos/cosmos-sdk/types.Dec", + (gogoproto.nullable) = false + ]; + // max_change_rate defines the maximum daily increase of the validator commission, as a fraction. + string max_change_rate = 3 [ + (cosmos_proto.scalar) = "cosmos.Dec", + (gogoproto.customtype) = "github.com/cosmos/cosmos-sdk/types.Dec", + (gogoproto.nullable) = false + ]; +} + +// Commission defines commission parameters for a given validator. +message Commission { + option (gogoproto.equal) = true; + option (gogoproto.goproto_stringer) = false; + + // commission_rates defines the initial commission rates to be used for creating a validator. + CommissionRates commission_rates = 1 + [(gogoproto.embed) = true, (gogoproto.nullable) = false, (amino.dont_omitempty) = true]; + // update_time is the last time the commission rate was changed. + google.protobuf.Timestamp update_time = 2 + [(gogoproto.nullable) = false, (amino.dont_omitempty) = true, (gogoproto.stdtime) = true]; +} + +// Description defines a validator description. +message Description { + option (gogoproto.equal) = true; + option (gogoproto.goproto_stringer) = false; + + // moniker defines a human-readable name for the validator. + string moniker = 1; + // identity defines an optional identity signature (ex. UPort or Keybase). + string identity = 2; + // website defines an optional website link. + string website = 3; + // security_contact defines an optional email for security contact. + string security_contact = 4; + // details define other optional details. + string details = 5; +} + +// Validator defines a validator, together with the total amount of the +// Validator's bond shares and their exchange rate to coins. Slashing results in +// a decrease in the exchange rate, allowing correct calculation of future +// undelegations without iterating over delegators. When coins are delegated to +// this validator, the validator is credited with a delegation whose number of +// bond shares is based on the amount of coins delegated divided by the current +// exchange rate. Voting power can be calculated as total bonded shares +// multiplied by exchange rate. +message Validator { + option (gogoproto.equal) = false; + option (gogoproto.goproto_stringer) = false; + option (gogoproto.goproto_getters) = false; + + // operator_address defines the address of the validator's operator; bech encoded in JSON. + string operator_address = 1 [(cosmos_proto.scalar) = "cosmos.AddressString"]; + // consensus_pubkey is the consensus public key of the validator, as a Protobuf Any. + google.protobuf.Any consensus_pubkey = 2 [(cosmos_proto.accepts_interface) = "cosmos.crypto.PubKey"]; + // jailed defined whether the validator has been jailed from bonded status or not. + bool jailed = 3; + // status is the validator status (bonded/unbonding/unbonded). + BondStatus status = 4; + // tokens define the delegated tokens (incl. self-delegation). + string tokens = 5 [ + (cosmos_proto.scalar) = "cosmos.Int", + (gogoproto.customtype) = "github.com/cosmos/cosmos-sdk/types.Int", + (gogoproto.nullable) = false + ]; + // delegator_shares defines total shares issued to a validator's delegators. + string delegator_shares = 6 [ + (cosmos_proto.scalar) = "cosmos.Dec", + (gogoproto.customtype) = "github.com/cosmos/cosmos-sdk/types.Dec", + (gogoproto.nullable) = false + ]; + // description defines the description terms for the validator. + Description description = 7 [(gogoproto.nullable) = false, (amino.dont_omitempty) = true]; + // unbonding_height defines, if unbonding, the height at which this validator has begun unbonding. + int64 unbonding_height = 8; + // unbonding_time defines, if unbonding, the min time for the validator to complete unbonding. + google.protobuf.Timestamp unbonding_time = 9 + [(gogoproto.nullable) = false, (amino.dont_omitempty) = true, (gogoproto.stdtime) = true]; + // commission defines the commission parameters. + Commission commission = 10 [(gogoproto.nullable) = false, (amino.dont_omitempty) = true]; + // min_self_delegation is the validator's self declared minimum self delegation. + // + // Since: cosmos-sdk 0.46 + string min_self_delegation = 11 [ + (cosmos_proto.scalar) = "cosmos.Int", + (gogoproto.customtype) = "github.com/cosmos/cosmos-sdk/types.Int", + (gogoproto.nullable) = false + ]; + + // strictly positive if this validator's unbonding has been stopped by external modules + int64 unbonding_on_hold_ref_count = 12; + + // list of unbonding ids, each uniquely identifing an unbonding of this validator + repeated uint64 unbonding_ids = 13; +} + +// BondStatus is the status of a validator. +enum BondStatus { + option (gogoproto.goproto_enum_prefix) = false; + + // UNSPECIFIED defines an invalid validator status. + BOND_STATUS_UNSPECIFIED = 0 [(gogoproto.enumvalue_customname) = "Unspecified"]; + // UNBONDED defines a validator that is not bonded. + BOND_STATUS_UNBONDED = 1 [(gogoproto.enumvalue_customname) = "Unbonded"]; + // UNBONDING defines a validator that is unbonding. + BOND_STATUS_UNBONDING = 2 [(gogoproto.enumvalue_customname) = "Unbonding"]; + // BONDED defines a validator that is bonded. + BOND_STATUS_BONDED = 3 [(gogoproto.enumvalue_customname) = "Bonded"]; +} + +// ValAddresses defines a repeated set of validator addresses. +message ValAddresses { + option (gogoproto.goproto_stringer) = false; + option (gogoproto.stringer) = true; + + repeated string addresses = 1 [(cosmos_proto.scalar) = "cosmos.AddressString"]; +} + +// DVPair is struct that just has a delegator-validator pair with no other data. +// It is intended to be used as a marshalable pointer. For example, a DVPair can +// be used to construct the key to getting an UnbondingDelegation from state. +message DVPair { + option (gogoproto.equal) = false; + option (gogoproto.goproto_getters) = false; + option (gogoproto.goproto_stringer) = false; + + string delegator_address = 1 [(cosmos_proto.scalar) = "cosmos.AddressString"]; + string validator_address = 2 [(cosmos_proto.scalar) = "cosmos.AddressString"]; +} + +// DVPairs defines an array of DVPair objects. +message DVPairs { + repeated DVPair pairs = 1 [(gogoproto.nullable) = false, (amino.dont_omitempty) = true]; +} + +// DVVTriplet is struct that just has a delegator-validator-validator triplet +// with no other data. It is intended to be used as a marshalable pointer. For +// example, a DVVTriplet can be used to construct the key to getting a +// Redelegation from state. +message DVVTriplet { + option (gogoproto.equal) = false; + option (gogoproto.goproto_getters) = false; + option (gogoproto.goproto_stringer) = false; + + string delegator_address = 1 [(cosmos_proto.scalar) = "cosmos.AddressString"]; + string validator_src_address = 2 [(cosmos_proto.scalar) = "cosmos.AddressString"]; + string validator_dst_address = 3 [(cosmos_proto.scalar) = "cosmos.AddressString"]; +} + +// DVVTriplets defines an array of DVVTriplet objects. +message DVVTriplets { + repeated DVVTriplet triplets = 1 [(gogoproto.nullable) = false, (amino.dont_omitempty) = true]; +} + +// Delegation represents the bond with tokens held by an account. It is +// owned by one delegator, and is associated with the voting power of one +// validator. +message Delegation { + option (gogoproto.equal) = false; + option (gogoproto.goproto_getters) = false; + option (gogoproto.goproto_stringer) = false; + + // delegator_address is the bech32-encoded address of the delegator. + string delegator_address = 1 [(cosmos_proto.scalar) = "cosmos.AddressString"]; + // validator_address is the bech32-encoded address of the validator. + string validator_address = 2 [(cosmos_proto.scalar) = "cosmos.AddressString"]; + // shares define the delegation shares received. + string shares = 3 [ + (cosmos_proto.scalar) = "cosmos.Dec", + (gogoproto.customtype) = "github.com/cosmos/cosmos-sdk/types.Dec", + (gogoproto.nullable) = false + ]; +} + +// UnbondingDelegation stores all of a single delegator's unbonding bonds +// for a single validator in an time-ordered list. +message UnbondingDelegation { + option (gogoproto.equal) = false; + option (gogoproto.goproto_getters) = false; + option (gogoproto.goproto_stringer) = false; + + // delegator_address is the bech32-encoded address of the delegator. + string delegator_address = 1 [(cosmos_proto.scalar) = "cosmos.AddressString"]; + // validator_address is the bech32-encoded address of the validator. + string validator_address = 2 [(cosmos_proto.scalar) = "cosmos.AddressString"]; + // entries are the unbonding delegation entries. + repeated UnbondingDelegationEntry entries = 3 + [(gogoproto.nullable) = false, (amino.dont_omitempty) = true]; // unbonding delegation entries +} + +// UnbondingDelegationEntry defines an unbonding object with relevant metadata. +message UnbondingDelegationEntry { + option (gogoproto.equal) = true; + option (gogoproto.goproto_stringer) = false; + + // creation_height is the height which the unbonding took place. + int64 creation_height = 1; + // completion_time is the unix time for unbonding completion. + google.protobuf.Timestamp completion_time = 2 + [(gogoproto.nullable) = false, (amino.dont_omitempty) = true, (gogoproto.stdtime) = true]; + // initial_balance defines the tokens initially scheduled to receive at completion. + string initial_balance = 3 [ + (cosmos_proto.scalar) = "cosmos.Int", + (gogoproto.customtype) = "github.com/cosmos/cosmos-sdk/types.Int", + (gogoproto.nullable) = false + ]; + // balance defines the tokens to receive at completion. + string balance = 4 [ + (cosmos_proto.scalar) = "cosmos.Int", + (gogoproto.customtype) = "github.com/cosmos/cosmos-sdk/types.Int", + (gogoproto.nullable) = false + ]; + // Incrementing id that uniquely identifies this entry + uint64 unbonding_id = 5; + + // Strictly positive if this entry's unbonding has been stopped by external modules + int64 unbonding_on_hold_ref_count = 6; +} + +// RedelegationEntry defines a redelegation object with relevant metadata. +message RedelegationEntry { + option (gogoproto.equal) = true; + option (gogoproto.goproto_stringer) = false; + + // creation_height defines the height which the redelegation took place. + int64 creation_height = 1; + // completion_time defines the unix time for redelegation completion. + google.protobuf.Timestamp completion_time = 2 + [(gogoproto.nullable) = false, (amino.dont_omitempty) = true, (gogoproto.stdtime) = true]; + // initial_balance defines the initial balance when redelegation started. + string initial_balance = 3 [ + (cosmos_proto.scalar) = "cosmos.Int", + (gogoproto.customtype) = "github.com/cosmos/cosmos-sdk/types.Int", + (gogoproto.nullable) = false + ]; + // shares_dst is the amount of destination-validator shares created by redelegation. + string shares_dst = 4 [ + (cosmos_proto.scalar) = "cosmos.Dec", + (gogoproto.customtype) = "github.com/cosmos/cosmos-sdk/types.Dec", + (gogoproto.nullable) = false + ]; + // Incrementing id that uniquely identifies this entry + uint64 unbonding_id = 5; + + // Strictly positive if this entry's unbonding has been stopped by external modules + int64 unbonding_on_hold_ref_count = 6; +} + +// Redelegation contains the list of a particular delegator's redelegating bonds +// from a particular source validator to a particular destination validator. +message Redelegation { + option (gogoproto.equal) = false; + option (gogoproto.goproto_getters) = false; + option (gogoproto.goproto_stringer) = false; + + // delegator_address is the bech32-encoded address of the delegator. + string delegator_address = 1 [(cosmos_proto.scalar) = "cosmos.AddressString"]; + // validator_src_address is the validator redelegation source operator address. + string validator_src_address = 2 [(cosmos_proto.scalar) = "cosmos.AddressString"]; + // validator_dst_address is the validator redelegation destination operator address. + string validator_dst_address = 3 [(cosmos_proto.scalar) = "cosmos.AddressString"]; + // entries are the redelegation entries. + repeated RedelegationEntry entries = 4 + [(gogoproto.nullable) = false, (amino.dont_omitempty) = true]; // redelegation entries +} + +// Params defines the parameters for the x/staking module. +message Params { + option (amino.name) = "cosmos-sdk/x/staking/Params"; + option (gogoproto.equal) = true; + option (gogoproto.goproto_stringer) = false; + + // unbonding_time is the time duration of unbonding. + google.protobuf.Duration unbonding_time = 1 + [(gogoproto.nullable) = false, (amino.dont_omitempty) = true, (gogoproto.stdduration) = true]; + // max_validators is the maximum number of validators. + uint32 max_validators = 2; + // max_entries is the max entries for either unbonding delegation or redelegation (per pair/trio). + uint32 max_entries = 3; + // historical_entries is the number of historical entries to persist. + uint32 historical_entries = 4; + // bond_denom defines the bondable coin denomination. + string bond_denom = 5; + // min_commission_rate is the chain-wide minimum commission rate that a validator can charge their delegators + string min_commission_rate = 6 [ + (gogoproto.moretags) = "yaml:\"min_commission_rate\"", + (gogoproto.customtype) = "github.com/cosmos/cosmos-sdk/types.Dec", + (gogoproto.nullable) = false + ]; +} + +// DelegationResponse is equivalent to Delegation except that it contains a +// balance in addition to shares which is more suitable for client responses. +message DelegationResponse { + option (gogoproto.equal) = false; + option (gogoproto.goproto_stringer) = false; + + Delegation delegation = 1 [(gogoproto.nullable) = false, (amino.dont_omitempty) = true]; + + cosmos.base.v1beta1.Coin balance = 2 [(gogoproto.nullable) = false, (amino.dont_omitempty) = true]; +} + +// RedelegationEntryResponse is equivalent to a RedelegationEntry except that it +// contains a balance in addition to shares which is more suitable for client +// responses. +message RedelegationEntryResponse { + option (gogoproto.equal) = true; + + RedelegationEntry redelegation_entry = 1 [(gogoproto.nullable) = false, (amino.dont_omitempty) = true]; + string balance = 4 [ + (cosmos_proto.scalar) = "cosmos.Int", + (gogoproto.customtype) = "github.com/cosmos/cosmos-sdk/types.Int", + (gogoproto.nullable) = false + ]; +} + +// RedelegationResponse is equivalent to a Redelegation except that its entries +// contain a balance in addition to shares which is more suitable for client +// responses. +message RedelegationResponse { + option (gogoproto.equal) = false; + + Redelegation redelegation = 1 [(gogoproto.nullable) = false, (amino.dont_omitempty) = true]; + repeated RedelegationEntryResponse entries = 2 [(gogoproto.nullable) = false, (amino.dont_omitempty) = true]; +} + +// Pool is used for tracking bonded and not-bonded token supply of the bond +// denomination. +message Pool { + option (gogoproto.description) = true; + option (gogoproto.equal) = true; + string not_bonded_tokens = 1 [ + (cosmos_proto.scalar) = "cosmos.Int", + (gogoproto.customtype) = "github.com/cosmos/cosmos-sdk/types.Int", + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "not_bonded_tokens", + (amino.dont_omitempty) = true + ]; + string bonded_tokens = 2 [ + (cosmos_proto.scalar) = "cosmos.Int", + (gogoproto.customtype) = "github.com/cosmos/cosmos-sdk/types.Int", + (gogoproto.nullable) = false, + (gogoproto.jsontag) = "bonded_tokens", + (amino.dont_omitempty) = true + ]; +} + +// Infraction indicates the infraction a validator commited. +enum Infraction { + // UNSPECIFIED defines an empty infraction. + INFRACTION_UNSPECIFIED = 0; + // DOUBLE_SIGN defines a validator that double-signs a block. + INFRACTION_DOUBLE_SIGN = 1; + // DOWNTIME defines a validator that missed signing too many blocks. + INFRACTION_DOWNTIME = 2; +} + +// ValidatorUpdates defines an array of abci.ValidatorUpdate objects. +// TODO: explore moving this to proto/cosmos/base to separate modules from tendermint dependence +message ValidatorUpdates { + repeated tendermint.abci.ValidatorUpdate updates = 1 [(gogoproto.nullable) = false, (amino.dont_omitempty) = true]; +} +``` + +At each BeginBlock, the staking keeper will persist the current Header and the Validators that committed +the current block in a `HistoricalInfo` object. The Validators are sorted on their address to ensure that +they are in a deterministic order. +The oldest HistoricalEntries will be pruned to ensure that there only exist the parameter-defined number of +historical entries. + +## State Transitions + +### Validators + +State transitions in validators are performed on every [`EndBlock`](#validator-set-changes) +in order to check for changes in the active `ValidatorSet`. + +A validator can be `Unbonded`, `Unbonding` or `Bonded`. `Unbonded` +and `Unbonding` are collectively called `Not Bonded`. A validator can move +directly between all the states, except for from `Bonded` to `Unbonded`. + +#### Not bonded to Bonded + +The following transition occurs when a validator's ranking in the `ValidatorPowerIndex` surpasses +that of the `LastValidator`. + +* set `validator.Status` to `Bonded` +* send the `validator.Tokens` from the `NotBondedTokens` to the `BondedPool` `ModuleAccount` +* delete the existing record from `ValidatorByPowerIndex` +* add a new updated record to the `ValidatorByPowerIndex` +* update the `Validator` object for this validator +* if it exists, delete any `ValidatorQueue` record for this validator + +#### Bonded to Unbonding + +When a validator begins the unbonding process the following operations occur: + +* send the `validator.Tokens` from the `BondedPool` to the `NotBondedTokens` `ModuleAccount` +* set `validator.Status` to `Unbonding` +* delete the existing record from `ValidatorByPowerIndex` +* add a new updated record to the `ValidatorByPowerIndex` +* update the `Validator` object for this validator +* insert a new record into the `ValidatorQueue` for this validator + +#### Unbonding to Unbonded + +A validator moves from unbonding to unbonded when the `ValidatorQueue` object +moves from bonded to unbonded + +* update the `Validator` object for this validator +* set `validator.Status` to `Unbonded` + +#### Jail/Unjail + +when a validator is jailed it is effectively removed from the CometBFT set. +this process may be also be reversed. the following operations occur: + +* set `Validator.Jailed` and update object +* if jailed delete record from `ValidatorByPowerIndex` +* if unjailed add record to `ValidatorByPowerIndex` + +Jailed validators are not present in any of the following stores: + +* the power store (from consensus power to address) + +### Delegations + +#### Delegate + +When a delegation occurs both the validator and the delegation objects are affected + +* determine the delegators shares based on tokens delegated and the validator's exchange rate +* remove tokens from the sending account +* add shares the delegation object or add them to a created validator object +* add new delegator shares and update the `Validator` object +* transfer the `delegation.Amount` from the delegator's account to the `BondedPool` or the `NotBondedPool` `ModuleAccount` depending if the `validator.Status` is `Bonded` or not +* delete the existing record from `ValidatorByPowerIndex` +* add an new updated record to the `ValidatorByPowerIndex` + +#### Begin Unbonding + +As a part of the Undelegate and Complete Unbonding state transitions Unbond +Delegation may be called. + +* subtract the unbonded shares from delegator +* add the unbonded tokens to an `UnbondingDelegationEntry` +* update the delegation or remove the delegation if there are no more shares +* if the delegation is the operator of the validator and no more shares exist then trigger a jail validator +* update the validator with removed the delegator shares and associated coins +* if the validator state is `Bonded`, transfer the `Coins` worth of the unbonded + shares from the `BondedPool` to the `NotBondedPool` `ModuleAccount` +* remove the validator if it is unbonded and there are no more delegation shares. +* remove the validator if it is unbonded and there are no more delegation shares +* get a unique `unbondingId` and map it to the `UnbondingDelegationEntry` in `UnbondingDelegationByUnbondingId` +* call the `AfterUnbondingInitiated(unbondingId)` hook +* add the unbonding delegation to `UnbondingDelegationQueue` with the completion time set to `UnbondingTime` + +#### Cancel an `UnbondingDelegation` Entry + +When a `cancel unbond delegation` occurs both the `validator`, the `delegation` and an `UnbondingDelegationQueue` state will be updated. + +* if cancel unbonding delegation amount equals to the `UnbondingDelegation` entry `balance`, then the `UnbondingDelegation` entry deleted from `UnbondingDelegationQueue`. +* if the `cancel unbonding delegation amount is less than the `UnbondingDelegation`entry balance, then the`UnbondingDelegation`entry will be updated with new balance in the`UnbondingDelegationQueue\`. +* cancel `amount` is [Delegated](#delegations) back to the original `validator`. + +#### Complete Unbonding + +For undelegations which do not complete immediately, the following operations +occur when the unbonding delegation queue element matures: + +* remove the entry from the `UnbondingDelegation` object +* transfer the tokens from the `NotBondedPool` `ModuleAccount` to the delegator `Account` + +#### Begin Redelegation + +Redelegations affect the delegation, source and destination validators. + +* perform an `unbond` delegation from the source validator to retrieve the tokens worth of the unbonded shares +* using the unbonded tokens, `Delegate` them to the destination validator +* if the `sourceValidator.Status` is `Bonded`, and the `destinationValidator` is not, + transfer the newly delegated tokens from the `BondedPool` to the `NotBondedPool` `ModuleAccount` +* otherwise, if the `sourceValidator.Status` is not `Bonded`, and the `destinationValidator` + is `Bonded`, transfer the newly delegated tokens from the `NotBondedPool` to the `BondedPool` `ModuleAccount` +* record the token amount in an new entry in the relevant `Redelegation` + +From when a redelegation begins until it completes, the delegator is in a state of "pseudo-unbonding", and can still be +slashed for infractions that occurred before the redelegation began. + +#### Complete Redelegation + +When a redelegations complete the following occurs: + +* remove the entry from the `Redelegation` object + +### Slashing + +#### Slash Validator + +When a Validator is slashed, the following occurs: + +* The total `slashAmount` is calculated as the `slashFactor` (a chain parameter) \* `TokensFromConsensusPower`, + the total number of tokens bonded to the validator at the time of the infraction. +* Every unbonding delegation and pseudo-unbonding redelegation such that the infraction occurred before the unbonding or + redelegation began from the validator are slashed by the `slashFactor` percentage of the initialBalance. +* Each amount slashed from redelegations and unbonding delegations is subtracted from the + total slash amount. +* The `remainingSlashAmount` is then slashed from the validator's tokens in the `BondedPool` or + `NonBondedPool` depending on the validator's status. This reduces the total supply of tokens. + +In the case of a slash due to any infraction that requires evidence to submitted (for example double-sign), the slash +occurs at the block where the evidence is included, not at the block where the infraction occurred. +Put otherwise, validators are not slashed retroactively, only when they are caught. + +#### Slash Unbonding Delegation + +When a validator is slashed, so are those unbonding delegations from the validator that began unbonding +after the time of the infraction. Every entry in every unbonding delegation from the validator +is slashed by `slashFactor`. The amount slashed is calculated from the `InitialBalance` of the +delegation and is capped to prevent a resulting negative balance. Completed (or mature) unbondings are not slashed. + +#### Slash Redelegation + +When a validator is slashed, so are all redelegations from the validator that began after the +infraction. Redelegations are slashed by `slashFactor`. +Redelegations that began before the infraction are not slashed. +The amount slashed is calculated from the `InitialBalance` of the delegation and is capped to +prevent a resulting negative balance. +Mature redelegations (that have completed pseudo-unbonding) are not slashed. + +### How Shares are calculated + +At any given point in time, each validator has a number of tokens, `T`, and has a number of shares issued, `S`. +Each delegator, `i`, holds a number of shares, `S_i`. +The number of tokens is the sum of all tokens delegated to the validator, plus the rewards, minus the slashes. + +The delegator is entitled to a portion of the underlying tokens proportional to their proportion of shares. +So delegator `i` is entitled to `T * S_i / S` of the validator's tokens. + +When a delegator delegates new tokens to the validator, they receive a number of shares proportional to their contribution. +So when delegator `j` delegates `T_j` tokens, they receive `S_j = S * T_j / T` shares. +The total number of tokens is now `T + T_j`, and the total number of shares is `S + S_j`. +`j`s proportion of the shares is the same as their proportion of the total tokens contributed: `(S + S_j) / S = (T + T_j) / T`. + +A special case is the initial delegation, when `T = 0` and `S = 0`, so `T_j / T` is undefined. +For the initial delegation, delegator `j` who delegates `T_j` tokens receive `S_j = T_j` shares. +So a validator that hasn't received any rewards and has not been slashed will have `T = S`. + +## Messages + +In this section we describe the processing of the staking messages and the corresponding updates to the state. All created/modified state objects specified by each message are defined within the [state](#state) section. + +### MsgCreateValidator + +A validator is created using the `MsgCreateValidator` message. +The validator must be created with an initial delegation from the operator. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L20-L21 +``` + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L50-L73 +``` + +This message is expected to fail if: + +* another validator with this operator address is already registered +* another validator with this pubkey is already registered +* the initial self-delegation tokens are of a denom not specified as the bonding denom +* the commission parameters are faulty, namely: + * `MaxRate` is either > 1 or < 0 + * the initial `Rate` is either negative or > `MaxRate` + * the initial `MaxChangeRate` is either negative or > `MaxRate` +* the description fields are too large + +This message creates and stores the `Validator` object at appropriate indexes. +Additionally a self-delegation is made with the initial tokens delegation +tokens `Delegation`. The validator always starts as unbonded but may be bonded +in the first end-block. + +### MsgEditValidator + +The `Description`, `CommissionRate` of a validator can be updated using the +`MsgEditValidator` message. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L23-L24 +``` + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L78-L97 +``` + +This message is expected to fail if: + +* the initial `CommissionRate` is either negative or > `MaxRate` +* the `CommissionRate` has already been updated within the previous 24 hours +* the `CommissionRate` is > `MaxChangeRate` +* the description fields are too large + +This message stores the updated `Validator` object. + +### MsgDelegate + +Within this message the delegator provides coins, and in return receives +some amount of their validator's (newly created) delegator-shares that are +assigned to `Delegation.Shares`. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L26-L28 +``` + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L102-L114 +``` + +This message is expected to fail if: + +* the validator does not exist +* the `Amount` `Coin` has a denomination different than one defined by `params.BondDenom` +* the exchange rate is invalid, meaning the validator has no tokens (due to slashing) but there are outstanding shares +* the amount delegated is less than the minimum allowed delegation + +If an existing `Delegation` object for provided addresses does not already +exist then it is created as part of this message otherwise the existing +`Delegation` is updated to include the newly received shares. + +The delegator receives newly minted shares at the current exchange rate. +The exchange rate is the number of existing shares in the validator divided by +the number of currently delegated tokens. + +The validator is updated in the `ValidatorByPower` index, and the delegation is +tracked in validator object in the `Validators` index. + +It is possible to delegate to a jailed validator, the only difference being it +will not be added to the power index until it is unjailed. + +![Delegation sequence](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/delegation_sequence.svg) + +### MsgUndelegate + +The `MsgUndelegate` message allows delegators to undelegate their tokens from +validator. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L34-L36 +``` + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L140-L152 +``` + +This message returns a response containing the completion time of the undelegation: + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L154-L158 +``` + +This message is expected to fail if: + +* the delegation doesn't exist +* the validator doesn't exist +* the delegation has less shares than the ones worth of `Amount` +* existing `UnbondingDelegation` has maximum entries as defined by `params.MaxEntries` +* the `Amount` has a denomination different than one defined by `params.BondDenom` + +When this message is processed the following actions occur: + +* validator's `DelegatorShares` and the delegation's `Shares` are both reduced by the message `SharesAmount` +* calculate the token worth of the shares remove that amount tokens held within the validator +* with those removed tokens, if the validator is: + * `Bonded` - add them to an entry in `UnbondingDelegation` (create `UnbondingDelegation` if it doesn't exist) with a completion time a full unbonding period from the current time. Update pool shares to reduce BondedTokens and increase NotBondedTokens by token worth of the shares. + * `Unbonding` - add them to an entry in `UnbondingDelegation` (create `UnbondingDelegation` if it doesn't exist) with the same completion time as the validator (`UnbondingMinTime`). + * `Unbonded` - then send the coins the message `DelegatorAddr` +* if there are no more `Shares` in the delegation, then the delegation object is removed from the store + * under this situation if the delegation is the validator's self-delegation then also jail the validator. + +![Unbond sequence](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/unbond_sequence.svg) + +### MsgCancelUnbondingDelegation + +The `MsgCancelUnbondingDelegation` message allows delegators to cancel the `unbondingDelegation` entry and delegate back to a previous validator. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L38-L42 +``` + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L160-L175 +``` + +This message is expected to fail if: + +* the `unbondingDelegation` entry is already processed. +* the `cancel unbonding delegation` amount is greater than the `unbondingDelegation` entry balance. +* the `cancel unbonding delegation` height doesn't exist in the `unbondingDelegationQueue` of the delegator. + +When this message is processed the following actions occur: + +* if the `unbondingDelegation` Entry balance is zero + * in this condition `unbondingDelegation` entry will be removed from `unbondingDelegationQueue`. + * otherwise `unbondingDelegationQueue` will be updated with new `unbondingDelegation` entry balance and initial balance +* the validator's `DelegatorShares` and the delegation's `Shares` are both increased by the message `Amount`. + +### MsgBeginRedelegate + +The redelegation command allows delegators to instantly switch validators. Once +the unbonding period has passed, the redelegation is automatically completed in +the EndBlocker. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L30-L32 +``` + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L119-L132 +``` + +This message returns a response containing the completion time of the redelegation: + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L133-L138 +``` + +This message is expected to fail if: + +* the delegation doesn't exist +* the source or destination validators don't exist +* the delegation has less shares than the ones worth of `Amount` +* the source validator has a receiving redelegation which is not matured (aka. the redelegation may be transitive) +* existing `Redelegation` has maximum entries as defined by `params.MaxEntries` +* the `Amount` `Coin` has a denomination different than one defined by `params.BondDenom` + +When this message is processed the following actions occur: + +* the source validator's `DelegatorShares` and the delegations `Shares` are both reduced by the message `SharesAmount` +* calculate the token worth of the shares remove that amount tokens held within the source validator. +* if the source validator is: + * `Bonded` - add an entry to the `Redelegation` (create `Redelegation` if it doesn't exist) with a completion time a full unbonding period from the current time. Update pool shares to reduce BondedTokens and increase NotBondedTokens by token worth of the shares (this may be effectively reversed in the next step however). + * `Unbonding` - add an entry to the `Redelegation` (create `Redelegation` if it doesn't exist) with the same completion time as the validator (`UnbondingMinTime`). + * `Unbonded` - no action required in this step +* Delegate the token worth to the destination validator, possibly moving tokens back to the bonded state. +* if there are no more `Shares` in the source delegation, then the source delegation object is removed from the store + * under this situation if the delegation is the validator's self-delegation then also jail the validator. + +![Begin redelegation sequence](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/begin_redelegation_sequence.svg) + +### MsgUpdateParams + +The `MsgUpdateParams` update the staking module parameters. +The params are updated through a governance proposal where the signer is the gov module account address. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/staking/v1beta1/tx.proto#L182-L195 +``` + +The message handling can fail if: + +* signer is not the authority defined in the staking keeper (usually the gov module account). + +## Begin-Block + +Each abci begin block call, the historical info will get stored and pruned +according to the `HistoricalEntries` parameter. + +### Historical Info Tracking + +If the `HistoricalEntries` parameter is 0, then the `BeginBlock` performs a no-op. + +Otherwise, the latest historical info is stored under the key `historicalInfoKey|height`, while any entries older than `height - HistoricalEntries` is deleted. +In most cases, this results in a single entry being pruned per block. +However, if the parameter `HistoricalEntries` has changed to a lower value there will be multiple entries in the store that must be pruned. + +## End-Block + +Each abci end block call, the operations to update queues and validator set +changes are specified to execute. + +### Validator Set Changes + +The staking validator set is updated during this process by state transitions +that run at the end of every block. As a part of this process any updated +validators are also returned back to CometBFT for inclusion in the CometBFT +validator set which is responsible for validating CometBFT messages at the +consensus layer. Operations are as following: + +* the new validator set is taken as the top `params.MaxValidators` number of + validators retrieved from the `ValidatorsByPower` index +* the previous validator set is compared with the new validator set: + * missing validators begin unbonding and their `Tokens` are transferred from the + `BondedPool` to the `NotBondedPool` `ModuleAccount` + * new validators are instantly bonded and their `Tokens` are transferred from the + `NotBondedPool` to the `BondedPool` `ModuleAccount` + +In all cases, any validators leaving or entering the bonded validator set or +changing balances and staying within the bonded validator set incur an update +message reporting their new consensus power which is passed back to CometBFT. + +The `LastTotalPower` and `LastValidatorsPower` hold the state of the total power +and validator power from the end of the last block, and are used to check for +changes that have occurred in `ValidatorsByPower` and the total new power, which +is calculated during `EndBlock`. + +### Queues + +Within staking, certain state-transitions are not instantaneous but take place +over a duration of time (typically the unbonding period). When these +transitions are mature certain operations must take place in order to complete +the state operation. This is achieved through the use of queues which are +checked/processed at the end of each block. + +#### Unbonding Validators + +When a validator is kicked out of the bonded validator set (either through +being jailed, or not having sufficient bonded tokens) it begins the unbonding +process along with all its delegations begin unbonding (while still being +delegated to this validator). At this point the validator is said to be an +"unbonding validator", whereby it will mature to become an "unbonded validator" +after the unbonding period has passed. + +Each block the validator queue is to be checked for mature unbonding validators +(namely with a completion time `<=` current time and completion height `<=` current +block height). At this point any mature validators which do not have any +delegations remaining are deleted from state. For all other mature unbonding +validators that still have remaining delegations, the `validator.Status` is +switched from `types.Unbonding` to +`types.Unbonded`. + +Unbonding operations can be put on hold by external modules via the `PutUnbondingOnHold(unbondingId)` method. +As a result, an unbonding operation (e.g., an unbonding delegation) that is on hold, cannot complete +even if it reaches maturity. For an unbonding operation with `unbondingId` to eventually complete +(after it reaches maturity), every call to `PutUnbondingOnHold(unbondingId)` must be matched +by a call to `UnbondingCanComplete(unbondingId)`. + +#### Unbonding Delegations + +Complete the unbonding of all mature `UnbondingDelegations.Entries` within the +`UnbondingDelegations` queue with the following procedure: + +* transfer the balance coins to the delegator's wallet address +* remove the mature entry from `UnbondingDelegation.Entries` +* remove the `UnbondingDelegation` object from the store if there are no + remaining entries. + +#### Redelegations + +Complete the unbonding of all mature `Redelegation.Entries` within the +`Redelegations` queue with the following procedure: + +* remove the mature entry from `Redelegation.Entries` +* remove the `Redelegation` object from the store if there are no + remaining entries. + +## Hooks + +Other modules may register operations to execute when a certain event has +occurred within staking. These events can be registered to execute either +right `Before` or `After` the staking event (as per the hook name). The +following hooks can registered with staking: + +* `AfterValidatorCreated(Context, ValAddress) error` + * called when a validator is created +* `BeforeValidatorModified(Context, ValAddress) error` + * called when a validator's state is changed +* `AfterValidatorRemoved(Context, ConsAddress, ValAddress) error` + * called when a validator is deleted +* `AfterValidatorBonded(Context, ConsAddress, ValAddress) error` + * called when a validator is bonded +* `AfterValidatorBeginUnbonding(Context, ConsAddress, ValAddress) error` + * called when a validator begins unbonding +* `BeforeDelegationCreated(Context, AccAddress, ValAddress) error` + * called when a delegation is created +* `BeforeDelegationSharesModified(Context, AccAddress, ValAddress) error` + * called when a delegation's shares are modified +* `AfterDelegationModified(Context, AccAddress, ValAddress) error` + * called when a delegation is created or modified +* `BeforeDelegationRemoved(Context, AccAddress, ValAddress) error` + * called when a delegation is removed +* `AfterUnbondingInitiated(Context, UnbondingID)` + * called when an unbonding operation (validator unbonding, unbonding delegation, redelegation) was initiated + +## Events + +The staking module emits the following events: + +### EndBlocker + +| Type | Attribute Key | Attribute Value | +| ---------------------- | ---------------------- | ------------------------- | +| complete\_unbonding | amount | `{totalUnbondingAmount}` | +| complete\_unbonding | validator | `{validatorAddress}` | +| complete\_unbonding | delegator | `{delegatorAddress}` | +| complete\_redelegation | amount | `{totalRedelegationAmount}` | +| complete\_redelegation | source\_validator | `{srcValidatorAddress}` | +| complete\_redelegation | destination\_validator | `{dstValidatorAddress}` | +| complete\_redelegation | delegator | `{delegatorAddress}` | + +## Msg's + +### MsgCreateValidator + +| Type | Attribute Key | Attribute Value | +| ----------------- | ------------- | ------------------ | +| create\_validator | validator | `{validatorAddress}` | +| create\_validator | amount | `{delegationAmount}` | +| message | module | staking | +| message | action | create\_validator | +| message | sender | `{senderAddress}` | + +### MsgEditValidator + +| Type | Attribute Key | Attribute Value | +| --------------- | --------------------- | ------------------- | +| edit\_validator | commission\_rate | `{commissionRate}` | +| edit\_validator | min\_self\_delegation | `{minSelfDelegation}` | +| message | module | staking | +| message | action | edit\_validator | +| message | sender | `{senderAddress}` | + +### MsgDelegate + +| Type | Attribute Key | Attribute Value | +| -------- | ------------- | ------------------ | +| delegate | validator | `{validatorAddress}` | +| delegate | amount | `{delegationAmount}` | +| message | module | staking | +| message | action | delegate | +| message | sender | `{senderAddress}` | + +### MsgUndelegate + +| Type | Attribute Key | Attribute Value | +| ------- | --------------------- | ------------------ | +| unbond | validator | `{validatorAddress}` | +| unbond | amount | `{unbondAmount}` | +| unbond | completion\_time \[0] | `{completionTime}` | +| message | module | staking | +| message | action | begin\_unbonding | +| message | sender | `{senderAddress}` | + +* \[0] Time is formatted in the RFC3339 standard + +### MsgCancelUnbondingDelegation + +| Type | Attribute Key | Attribute Value | +| ----------------------------- | ---------------- | --------------------------------- | +| cancel\_unbonding\_delegation | validator | `{validatorAddress}` | +| cancel\_unbonding\_delegation | delegator | `{delegatorAddress}` | +| cancel\_unbonding\_delegation | amount | `{cancelUnbondingDelegationAmount}` | +| cancel\_unbonding\_delegation | creation\_height | `{unbondingCreationHeight}` | +| message | module | staking | +| message | action | cancel\_unbond | +| message | sender | `{senderAddress}` | + +### MsgBeginRedelegate + +| Type | Attribute Key | Attribute Value | +| ---------- | ---------------------- | --------------------- | +| redelegate | source\_validator | `{srcValidatorAddress}` | +| redelegate | destination\_validator | `{dstValidatorAddress}` | +| redelegate | amount | `{unbondAmount}` | +| redelegate | completion\_time \[0] | `{completionTime}` | +| message | module | staking | +| message | action | begin\_redelegate | +| message | sender | `{senderAddress}` | + +* \[0] Time is formatted in the RFC3339 standard + +## Parameters + +The staking module contains the following parameters: + +| Key | Type | Example | +| ----------------- | ---------------- | ---------------------- | +| UnbondingTime | string (time ns) | "259200000000000" | +| MaxValidators | uint16 | 100 | +| KeyMaxEntries | uint16 | 7 | +| HistoricalEntries | uint16 | 3 | +| BondDenom | string | "stake" | +| MinCommissionRate | string | "0.000000000000000000" | + +## Client + +### CLI + +A user can query and interact with the `staking` module using the CLI. + +#### Query + +The `query` commands allows users to query `staking` state. + +```bash +simd query staking --help +``` + +##### delegation + +The `delegation` command allows users to query delegations for an individual delegator on an individual validator. + +Usage: + +```bash +simd query staking delegation [delegator-addr] [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking delegation cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +balance: + amount: "10000000000" + denom: stake +delegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + shares: "10000000000.000000000000000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +##### delegations + +The `delegations` command allows users to query delegations for an individual delegator on all validators. + +Usage: + +```bash +simd query staking delegations [delegator-addr] [flags] +``` + +Example: + +```bash +simd query staking delegations cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p +``` + +Example Output: + +```bash expandable +delegation_responses: +- balance: + amount: "10000000000" + denom: stake + delegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + shares: "10000000000.000000000000000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +- balance: + amount: "10000000000" + denom: stake + delegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + shares: "10000000000.000000000000000000" + validator_address: cosmosvaloper1x20lytyf6zkcrv5edpkfkn8sz578qg5sqfyqnp +pagination: + next_key: null + total: "0" +``` + +##### delegations-to + +The `delegations-to` command allows users to query delegations on an individual validator. + +Usage: + +```bash +simd query staking delegations-to [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking delegations-to cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash expandable +- balance: + amount: "504000000" + denom: stake + delegation: + delegator_address: cosmos1q2qwwynhv8kh3lu5fkeex4awau9x8fwt45f5cp + shares: "504000000.000000000000000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +- balance: + amount: "78125000000" + denom: uixo + delegation: + delegator_address: cosmos1qvppl3479hw4clahe0kwdlfvf8uvjtcd99m2ca + shares: "78125000000.000000000000000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +pagination: + next_key: null + total: "0" +``` + +##### historical-info + +The `historical-info` command allows users to query historical information at given height. + +Usage: + +```bash +simd query staking historical-info [height] [flags] +``` + +Example: + +```bash +simd query staking historical-info 10 +``` + +Example Output: + +```bash expandable +header: + app_hash: Lbx8cXpI868wz8sgp4qPYVrlaKjevR5WP/IjUxwp3oo= + chain_id: testnet + consensus_hash: BICRvH3cKD93v7+R1zxE2ljD34qcvIZ0Bdi389qtoi8= + data_hash: 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= + evidence_hash: 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= + height: "10" + last_block_id: + hash: RFbkpu6pWfSThXxKKl6EZVDnBSm16+U0l0xVjTX08Fk= + part_set_header: + hash: vpIvXD4rxD5GM4MXGz0Sad9I7//iVYLzZsEU4BVgWIU= + total: 1 + last_commit_hash: Ne4uXyx4QtNp4Zx89kf9UK7oG9QVbdB6e7ZwZkhy8K0= + last_results_hash: 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= + next_validators_hash: nGBgKeWBjoxeKFti00CxHsnULORgKY4LiuQwBuUrhCs= + proposer_address: mMEP2c2IRPLr99LedSRtBg9eONM= + time: "2021-10-01T06:00:49.785790894Z" + validators_hash: nGBgKeWBjoxeKFti00CxHsnULORgKY4LiuQwBuUrhCs= + version: + app: "0" + block: "11" +valset: +- commission: + commission_rates: + max_change_rate: "0.010000000000000000" + max_rate: "0.200000000000000000" + rate: "0.100000000000000000" + update_time: "2021-10-01T05:52:50.380144238Z" + consensus_pubkey: + '@type': /cosmos.crypto.ed25519.PubKey + key: Auxs3865HpB/EfssYOzfqNhEJjzys2Fo6jD5B8tPgC8= + delegator_shares: "10000000.000000000000000000" + description: + details: "" + identity: "" + moniker: myvalidator + security_contact: "" + website: "" + jailed: false + min_self_delegation: "1" + operator_address: cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc + status: BOND_STATUS_BONDED + tokens: "10000000" + unbonding_height: "0" + unbonding_time: "1970-01-01T00:00:00Z" +``` + +##### params + +The `params` command allows users to query values set as staking parameters. + +Usage: + +```bash +simd query staking params [flags] +``` + +Example: + +```bash +simd query staking params +``` + +Example Output: + +```bash +bond_denom: stake +historical_entries: 10000 +max_entries: 7 +max_validators: 50 +unbonding_time: 1814400s +``` + +##### pool + +The `pool` command allows users to query values for amounts stored in the staking pool. + +Usage: + +```bash +simd q staking pool [flags] +``` + +Example: + +```bash +simd q staking pool +``` + +Example Output: + +```bash +bonded_tokens: "10000000" +not_bonded_tokens: "0" +``` + +##### redelegation + +The `redelegation` command allows users to query a redelegation record based on delegator and a source and destination validator address. + +Usage: + +```bash +simd query staking redelegation [delegator-addr] [src-validator-addr] [dst-validator-addr] [flags] +``` + +Example: + +```bash +simd query staking redelegation cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p cosmosvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash expandable +pagination: null +redelegation_responses: +- entries: + - balance: "50000000" + redelegation_entry: + completion_time: "2021-10-24T20:33:21.960084845Z" + creation_height: 2.382847e+06 + initial_balance: "50000000" + shares_dst: "50000000.000000000000000000" + - balance: "5000000000" + redelegation_entry: + completion_time: "2021-10-25T21:33:54.446846862Z" + creation_height: 2.397271e+06 + initial_balance: "5000000000" + shares_dst: "5000000000.000000000000000000" + redelegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + entries: null + validator_dst_address: cosmosvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm + validator_src_address: cosmosvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm +``` + +##### redelegations + +The `redelegations` command allows users to query all redelegation records for an individual delegator. + +Usage: + +```bash +simd query staking redelegations [delegator-addr] [flags] +``` + +Example: + +```bash +simd query staking redelegation cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p +``` + +Example Output: + +```bash expandable +pagination: + next_key: null + total: "0" +redelegation_responses: +- entries: + - balance: "50000000" + redelegation_entry: + completion_time: "2021-10-24T20:33:21.960084845Z" + creation_height: 2.382847e+06 + initial_balance: "50000000" + shares_dst: "50000000.000000000000000000" + - balance: "5000000000" + redelegation_entry: + completion_time: "2021-10-25T21:33:54.446846862Z" + creation_height: 2.397271e+06 + initial_balance: "5000000000" + shares_dst: "5000000000.000000000000000000" + redelegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + entries: null + validator_dst_address: cosmosvaloper1uccl5ugxrm7vqlzwqr04pjd320d2fz0z3hc6vm + validator_src_address: cosmosvaloper1zppjyal5emta5cquje8ndkpz0rs046m7zqxrpp +- entries: + - balance: "562770000000" + redelegation_entry: + completion_time: "2021-10-25T21:42:07.336911677Z" + creation_height: 2.39735e+06 + initial_balance: "562770000000" + shares_dst: "562770000000.000000000000000000" + redelegation: + delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + entries: null + validator_dst_address: cosmosvaloper1uccl5ugxrm7vqlzwqr04pjd320d2fz0z3hc6vm + validator_src_address: cosmosvaloper1zppjyal5emta5cquje8ndkpz0rs046m7zqxrpp +``` + +##### redelegations-from + +The `redelegations-from` command allows users to query delegations that are redelegating *from* a validator. + +Usage: + +```bash +simd query staking redelegations-from [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking redelegations-from cosmosvaloper1y4rzzrgl66eyhzt6gse2k7ej3zgwmngeleucjy +``` + +Example Output: + +```bash expandable +pagination: + next_key: null + total: "0" +redelegation_responses: +- entries: + - balance: "50000000" + redelegation_entry: + completion_time: "2021-10-24T20:33:21.960084845Z" + creation_height: 2.382847e+06 + initial_balance: "50000000" + shares_dst: "50000000.000000000000000000" + - balance: "5000000000" + redelegation_entry: + completion_time: "2021-10-25T21:33:54.446846862Z" + creation_height: 2.397271e+06 + initial_balance: "5000000000" + shares_dst: "5000000000.000000000000000000" + redelegation: + delegator_address: cosmos1pm6e78p4pgn0da365plzl4t56pxy8hwtqp2mph + entries: null + validator_dst_address: cosmosvaloper1uccl5ugxrm7vqlzwqr04pjd320d2fz0z3hc6vm + validator_src_address: cosmosvaloper1y4rzzrgl66eyhzt6gse2k7ej3zgwmngeleucjy +- entries: + - balance: "221000000" + redelegation_entry: + completion_time: "2021-10-05T21:05:45.669420544Z" + creation_height: 2.120693e+06 + initial_balance: "221000000" + shares_dst: "221000000.000000000000000000" + redelegation: + delegator_address: cosmos1zqv8qxy2zgn4c58fz8jt8jmhs3d0attcussrf6 + entries: null + validator_dst_address: cosmosvaloper10mseqwnwtjaqfrwwp2nyrruwmjp6u5jhah4c3y + validator_src_address: cosmosvaloper1y4rzzrgl66eyhzt6gse2k7ej3zgwmngeleucjy +``` + +##### unbonding-delegation + +The `unbonding-delegation` command allows users to query unbonding delegations for an individual delegator on an individual validator. + +Usage: + +```bash +simd query staking unbonding-delegation [delegator-addr] [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking unbonding-delegation cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash +delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p +entries: +- balance: "52000000" + completion_time: "2021-11-02T11:35:55.391594709Z" + creation_height: "55078" + initial_balance: "52000000" +validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +##### unbonding-delegations + +The `unbonding-delegations` command allows users to query all unbonding-delegations records for one delegator. + +Usage: + +```bash +simd query staking unbonding-delegations [delegator-addr] [flags] +``` + +Example: + +```bash +simd query staking unbonding-delegations cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p +``` + +Example Output: + +```bash expandable +pagination: + next_key: null + total: "0" +unbonding_responses: +- delegator_address: cosmos1gghjut3ccd8ay0zduzj64hwre2fxs9ld75ru9p + entries: + - balance: "52000000" + completion_time: "2021-11-02T11:35:55.391594709Z" + creation_height: "55078" + initial_balance: "52000000" + validator_address: cosmosvaloper1t8ehvswxjfn3ejzkjtntcyrqwvmvuknzmvtaaa + +``` + +##### unbonding-delegations-from + +The `unbonding-delegations-from` command allows users to query delegations that are unbonding *from* a validator. + +Usage: + +```bash +simd query staking unbonding-delegations-from [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking unbonding-delegations-from cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash expandable +pagination: + next_key: null + total: "0" +unbonding_responses: +- delegator_address: cosmos1qqq9txnw4c77sdvzx0tkedsafl5s3vk7hn53fn + entries: + - balance: "150000000" + completion_time: "2021-11-01T21:41:13.098141574Z" + creation_height: "46823" + initial_balance: "150000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +- delegator_address: cosmos1peteje73eklqau66mr7h7rmewmt2vt99y24f5z + entries: + - balance: "24000000" + completion_time: "2021-10-31T02:57:18.192280361Z" + creation_height: "21516" + initial_balance: "24000000" + validator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +##### validator + +The `validator` command allows users to query details about an individual validator. + +Usage: + +```bash +simd query staking validator [validator-addr] [flags] +``` + +Example: + +```bash +simd query staking validator cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +``` + +Example Output: + +```bash expandable +commission: + commission_rates: + max_change_rate: "0.020000000000000000" + max_rate: "0.200000000000000000" + rate: "0.050000000000000000" + update_time: "2021-10-01T19:24:52.663191049Z" +consensus_pubkey: + '@type': /cosmos.crypto.ed25519.PubKey + key: sIiexdJdYWn27+7iUHQJDnkp63gq/rzUq1Y+fxoGjXc= +delegator_shares: "32948270000.000000000000000000" +description: + details: Witval is the validator arm from Vitwit. Vitwit is into software consulting + and services business since 2015. We are working closely with Cosmos ecosystem + since 2018. We are also building tools for the ecosystem, Aneka is our explorer + for the cosmos ecosystem. + identity: 51468B615127273A + moniker: Witval + security_contact: "" + website: "" +jailed: false +min_self_delegation: "1" +operator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj +status: BOND_STATUS_BONDED +tokens: "32948270000" +unbonding_height: "0" +unbonding_time: "1970-01-01T00:00:00Z" +``` + +##### validators + +The `validators` command allows users to query details about all validators on a network. + +Usage: + +```bash +simd query staking validators [flags] +``` + +Example: + +```bash +simd query staking validators +``` + +Example Output: + +```bash expandable +pagination: + next_key: FPTi7TKAjN63QqZh+BaXn6gBmD5/ + total: "0" +validators: +commission: + commission_rates: + max_change_rate: "0.020000000000000000" + max_rate: "0.200000000000000000" + rate: "0.050000000000000000" + update_time: "2021-10-01T19:24:52.663191049Z" +consensus_pubkey: + '@type': /cosmos.crypto.ed25519.PubKey + key: sIiexdJdYWn27+7iUHQJDnkp63gq/rzUq1Y+fxoGjXc= +delegator_shares: "32948270000.000000000000000000" +description: + details: Witval is the validator arm from Vitwit. Vitwit is into software consulting + and services business since 2015. We are working closely with Cosmos ecosystem + since 2018. We are also building tools for the ecosystem, Aneka is our explorer + for the cosmos ecosystem. + identity: 51468B615127273A + moniker: Witval + security_contact: "" + website: "" + jailed: false + min_self_delegation: "1" + operator_address: cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj + status: BOND_STATUS_BONDED + tokens: "32948270000" + unbonding_height: "0" + unbonding_time: "1970-01-01T00:00:00Z" +- commission: + commission_rates: + max_change_rate: "0.100000000000000000" + max_rate: "0.200000000000000000" + rate: "0.050000000000000000" + update_time: "2021-10-04T18:02:21.446645619Z" + consensus_pubkey: + '@type': /cosmos.crypto.ed25519.PubKey + key: GDNpuKDmCg9GnhnsiU4fCWktuGUemjNfvpCZiqoRIYA= + delegator_shares: "559343421.000000000000000000" + description: + details: Noderunners is a professional validator in POS networks. We have a huge + node running experience, reliable soft and hardware. Our commissions are always + low, our support to delegators is always full. Stake with us and start receiving + your Cosmos rewards now! + identity: 812E82D12FEA3493 + moniker: Noderunners + security_contact: info@noderunners.biz + website: http://noderunners.biz + jailed: false + min_self_delegation: "1" + operator_address: cosmosvaloper1q5ku90atkhktze83j9xjaks2p7uruag5zp6wt7 + status: BOND_STATUS_BONDED + tokens: "559343421" + unbonding_height: "0" + unbonding_time: "1970-01-01T00:00:00Z" +``` + +#### Transactions + +The `tx` commands allows users to interact with the `staking` module. + +```bash +simd tx staking --help +``` + +##### create-validator + +The command `create-validator` allows users to create new validator initialized with a self-delegation to it. + +Usage: + +```bash +simd tx staking create-validator [path/to/validator.json] [flags] +``` + +Example: + +```bash +simd tx staking create-validator /path/to/validator.json \ + --chain-id="name_of_chain_id" \ + --gas="auto" \ + --gas-adjustment="1.2" \ + --gas-prices="0.025stake" \ + --from=mykey +``` + +where `validator.json` contains: + +```json expandable +{ + "pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "BnbwFpeONLqvWqJb3qaUbL5aoIcW3fSuAp9nT3z5f20=" + }, + "amount": "1000000stake", + "moniker": "my-moniker", + "website": "https://myweb.site", + "security": "security-contact@gmail.com", + "details": "description of your validator", + "commission-rate": "0.10", + "commission-max-rate": "0.20", + "commission-max-change-rate": "0.01", + "min-self-delegation": "1" +} +``` + +and pubkey can be obtained by using `simd tendermint show-validator` command. + +##### delegate + +The command `delegate` allows users to delegate liquid tokens to a validator. + +Usage: + +```bash +simd tx staking delegate [validator-addr] [amount] [flags] +``` + +Example: + +```bash +simd tx staking delegate cosmosvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm 1000stake --from mykey +``` + +##### edit-validator + +The command `edit-validator` allows users to edit an existing validator account. + +Usage: + +```bash +simd tx staking edit-validator [flags] +``` + +Example: + +```bash +simd tx staking edit-validator --moniker "new_moniker_name" --website "new_website_url" --from mykey +``` + +##### redelegate + +The command `redelegate` allows users to redelegate illiquid tokens from one validator to another. + +Usage: + +```bash +simd tx staking redelegate [src-validator-addr] [dst-validator-addr] [amount] [flags] +``` + +Example: + +```bash +simd tx staking redelegate cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj cosmosvaloper1l2rsakp388kuv9k8qzq6lrm9taddae7fpx59wm 100stake --from mykey +``` + +##### unbond + +The command `unbond` allows users to unbond shares from a validator. + +Usage: + +```bash +simd tx staking unbond [validator-addr] [amount] [flags] +``` + +Example: + +```bash +simd tx staking unbond cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj 100stake --from mykey +``` + +##### cancel unbond + +The command `cancel-unbond` allow users to cancel the unbonding delegation entry and delegate back to the original validator. + +Usage: + +```bash +simd tx staking cancel-unbond [validator-addr] [amount] [creation-height] +``` + +Example: + +```bash +simd tx staking cancel-unbond cosmosvaloper1gghjut3ccd8ay0zduzj64hwre2fxs9ldmqhffj 100stake 123123 --from mykey +``` + +### gRPC + +A user can query the `staking` module using gRPC endpoints. + +#### Validators + +The `Validators` endpoint queries all validators that match the given status. + +```bash +cosmos.staking.v1beta1.Query/Validators +``` + +Example: + +```bash +grpcurl -plaintext localhost:9090 cosmos.staking.v1beta1.Query/Validators +``` + +Example Output: + +```bash expandable +{ + "validators": [ + { + "operatorAddress": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "consensusPubkey": {"@type":"/cosmos.crypto.ed25519.PubKey","key":"Auxs3865HpB/EfssYOzfqNhEJjzys2Fo6jD5B8tPgC8="}, + "status": "BOND_STATUS_BONDED", + "tokens": "10000000", + "delegatorShares": "10000000000000000000000000", + "description": { + "moniker": "myvalidator" + }, + "unbondingTime": "1970-01-01T00:00:00Z", + "commission": { + "commissionRates": { + "rate": "100000000000000000", + "maxRate": "200000000000000000", + "maxChangeRate": "10000000000000000" + }, + "updateTime": "2021-10-01T05:52:50.380144238Z" + }, + "minSelfDelegation": "1" + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### Validator + +The `Validator` endpoint queries validator information for given validator address. + +```bash +cosmos.staking.v1beta1.Query/Validator +``` + +Example: + +```bash +grpcurl -plaintext -d '{"validator_addr":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/Validator +``` + +Example Output: + +```bash expandable +{ + "validator": { + "operatorAddress": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "consensusPubkey": {"@type":"/cosmos.crypto.ed25519.PubKey","key":"Auxs3865HpB/EfssYOzfqNhEJjzys2Fo6jD5B8tPgC8="}, + "status": "BOND_STATUS_BONDED", + "tokens": "10000000", + "delegatorShares": "10000000000000000000000000", + "description": { + "moniker": "myvalidator" + }, + "unbondingTime": "1970-01-01T00:00:00Z", + "commission": { + "commissionRates": { + "rate": "100000000000000000", + "maxRate": "200000000000000000", + "maxChangeRate": "10000000000000000" + }, + "updateTime": "2021-10-01T05:52:50.380144238Z" + }, + "minSelfDelegation": "1" + } +} +``` + +#### ValidatorDelegations + +The `ValidatorDelegations` endpoint queries delegate information for given validator. + +```bash +cosmos.staking.v1beta1.Query/ValidatorDelegations +``` + +Example: + +```bash +grpcurl -plaintext -d '{"validator_addr":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/ValidatorDelegations +``` + +Example Output: + +```bash expandable +{ + "delegationResponses": [ + { + "delegation": { + "delegatorAddress": "cosmos1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgy3ua5t", + "validatorAddress": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "shares": "10000000000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "10000000" + } + } + ], + "pagination": { + "total": "1" + } +} +``` + +#### ValidatorUnbondingDelegations + +The `ValidatorUnbondingDelegations` endpoint queries delegate information for given validator. + +```bash +cosmos.staking.v1beta1.Query/ValidatorUnbondingDelegations +``` + +Example: + +```bash +grpcurl -plaintext -d '{"validator_addr":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/ValidatorUnbondingDelegations +``` + +Example Output: + +```bash expandable +{ + "unbonding_responses": [ + { + "delegator_address": "cosmos1z3pzzw84d6xn00pw9dy3yapqypfde7vg6965fy", + "validator_address": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "entries": [ + { + "creation_height": "25325", + "completion_time": "2021-10-31T09:24:36.797320636Z", + "initial_balance": "20000000", + "balance": "20000000" + } + ] + }, + { + "delegator_address": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", + "validator_address": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "entries": [ + { + "creation_height": "13100", + "completion_time": "2021-10-30T12:53:02.272266791Z", + "initial_balance": "1000000", + "balance": "1000000" + } + ] + }, + ], + "pagination": { + "next_key": null, + "total": "8" + } +} +``` + +#### Delegation + +The `Delegation` endpoint queries delegate information for given validator delegator pair. + +```bash +cosmos.staking.v1beta1.Query/Delegation +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", validator_addr":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/Delegation +``` + +Example Output: + +```bash expandable +{ + "delegation_response": + { + "delegation": + { + "delegator_address":"cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", + "validator_address":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "shares":"25083119936.000000000000000000" + }, + "balance": + { + "denom":"stake", + "amount":"25083119936" + } + } +} +``` + +#### UnbondingDelegation + +The `UnbondingDelegation` endpoint queries unbonding information for given validator delegator. + +```bash +cosmos.staking.v1beta1.Query/UnbondingDelegation +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", validator_addr":"cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/UnbondingDelegation +``` + +Example Output: + +```bash expandable +{ + "unbond": { + "delegator_address": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", + "validator_address": "cosmosvaloper1rne8lgs98p0jqe82sgt0qr4rdn4hgvmgp9ggcc", + "entries": [ + { + "creation_height": "136984", + "completion_time": "2021-11-08T05:38:47.505593891Z", + "initial_balance": "400000000", + "balance": "400000000" + }, + { + "creation_height": "137005", + "completion_time": "2021-11-08T05:40:53.526196312Z", + "initial_balance": "385000000", + "balance": "385000000" + } + ] + } +} +``` + +#### DelegatorDelegations + +The `DelegatorDelegations` endpoint queries all delegations of a given delegator address. + +```bash +cosmos.staking.v1beta1.Query/DelegatorDelegations +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/DelegatorDelegations +``` + +Example Output: + +```bash +{ + "delegation_responses": [ + {"delegation":{"delegator_address":"cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77","validator_address":"cosmosvaloper1eh5mwu044gd5ntkkc2xgfg8247mgc56fww3vc8","shares":"25083339023.000000000000000000"},"balance":{"denom":"stake","amount":"25083339023"}} + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### DelegatorUnbondingDelegations + +The `DelegatorUnbondingDelegations` endpoint queries all unbonding delegations of a given delegator address. + +```bash +cosmos.staking.v1beta1.Query/DelegatorUnbondingDelegations +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/DelegatorUnbondingDelegations +``` + +Example Output: + +```bash expandable +{ + "unbonding_responses": [ + { + "delegator_address": "cosmos1y8nyfvmqh50p6ldpzljk3yrglppdv3t8phju77", + "validator_address": "cosmosvaloper1sjllsnramtg3ewxqwwrwjxfgc4n4ef9uxyejze", + "entries": [ + { + "creation_height": "136984", + "completion_time": "2021-11-08T05:38:47.505593891Z", + "initial_balance": "400000000", + "balance": "400000000" + }, + { + "creation_height": "137005", + "completion_time": "2021-11-08T05:40:53.526196312Z", + "initial_balance": "385000000", + "balance": "385000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### Redelegations + +The `Redelegations` endpoint queries redelegations of given address. + +```bash +cosmos.staking.v1beta1.Query/Redelegations +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1ld5p7hn43yuh8ht28gm9pfjgj2fctujp2tgwvf", "src_validator_addr" : "cosmosvaloper1j7euyj85fv2jugejrktj540emh9353ltgppc3g", "dst_validator_addr" : "cosmosvaloper1yy3tnegzmkdcm7czzcy3flw5z0zyr9vkkxrfse"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/Redelegations +``` + +Example Output: + +```bash expandable +{ + "redelegation_responses": [ + { + "redelegation": { + "delegator_address": "cosmos1ld5p7hn43yuh8ht28gm9pfjgj2fctujp2tgwvf", + "validator_src_address": "cosmosvaloper1j7euyj85fv2jugejrktj540emh9353ltgppc3g", + "validator_dst_address": "cosmosvaloper1yy3tnegzmkdcm7czzcy3flw5z0zyr9vkkxrfse", + "entries": null + }, + "entries": [ + { + "redelegation_entry": { + "creation_height": 135932, + "completion_time": "2021-11-08T03:52:55.299147901Z", + "initial_balance": "2900000", + "shares_dst": "2900000.000000000000000000" + }, + "balance": "2900000" + } + ] + } + ], + "pagination": null +} +``` + +#### DelegatorValidators + +The `DelegatorValidators` endpoint queries all validators information for given delegator. + +```bash +cosmos.staking.v1beta1.Query/DelegatorValidators +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1ld5p7hn43yuh8ht28gm9pfjgj2fctujp2tgwvf"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/DelegatorValidators +``` + +Example Output: + +```bash expandable +{ + "validators": [ + { + "operator_address": "cosmosvaloper1eh5mwu044gd5ntkkc2xgfg8247mgc56fww3vc8", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "UPwHWxH1zHJWGOa/m6JB3f5YjHMvPQPkVbDqqi+U7Uw=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "347260647559", + "delegator_shares": "347260647559.000000000000000000", + "description": { + "moniker": "BouBouNode", + "identity": "", + "website": "https://boubounode.com", + "security_contact": "", + "details": "AI-based Validator. #1 AI Validator on Game of Stakes. Fairly priced. Don't trust (humans), verify. Made with BouBou love." + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.061000000000000000", + "max_rate": "0.300000000000000000", + "max_change_rate": "0.150000000000000000" + }, + "update_time": "2021-10-01T15:00:00Z" + }, + "min_self_delegation": "1" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### DelegatorValidator + +The `DelegatorValidator` endpoint queries validator information for given delegator validator + +```bash +cosmos.staking.v1beta1.Query/DelegatorValidator +``` + +Example: + +```bash +grpcurl -plaintext \ +-d '{"delegator_addr": "cosmos1eh5mwu044gd5ntkkc2xgfg8247mgc56f3n8rr7", "validator_addr": "cosmosvaloper1eh5mwu044gd5ntkkc2xgfg8247mgc56fww3vc8"}' \ +localhost:9090 cosmos.staking.v1beta1.Query/DelegatorValidator +``` + +Example Output: + +```bash expandable +{ + "validator": { + "operator_address": "cosmosvaloper1eh5mwu044gd5ntkkc2xgfg8247mgc56fww3vc8", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "UPwHWxH1zHJWGOa/m6JB3f5YjHMvPQPkVbDqqi+U7Uw=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "347262754841", + "delegator_shares": "347262754841.000000000000000000", + "description": { + "moniker": "BouBouNode", + "identity": "", + "website": "https://boubounode.com", + "security_contact": "", + "details": "AI-based Validator. #1 AI Validator on Game of Stakes. Fairly priced. Don't trust (humans), verify. Made with BouBou love." + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.061000000000000000", + "max_rate": "0.300000000000000000", + "max_change_rate": "0.150000000000000000" + }, + "update_time": "2021-10-01T15:00:00Z" + }, + "min_self_delegation": "1" + } +} +``` + +#### HistoricalInfo + +```bash +cosmos.staking.v1beta1.Query/HistoricalInfo +``` + +Example: + +```bash +grpcurl -plaintext -d '{"height" : 1}' localhost:9090 cosmos.staking.v1beta1.Query/HistoricalInfo +``` + +Example Output: + +```bash expandable +{ + "hist": { + "header": { + "version": { + "block": "11", + "app": "0" + }, + "chain_id": "simd-1", + "height": "140142", + "time": "2021-10-11T10:56:29.720079569Z", + "last_block_id": { + "hash": "9gri/4LLJUBFqioQ3NzZIP9/7YHR9QqaM6B2aJNQA7o=", + "part_set_header": { + "total": 1, + "hash": "Hk1+C864uQkl9+I6Zn7IurBZBKUevqlVtU7VqaZl1tc=" + } + }, + "last_commit_hash": "VxrcS27GtvGruS3I9+AlpT7udxIT1F0OrRklrVFSSKc=", + "data_hash": "80BjOrqNYUOkTnmgWyz9AQ8n7SoEmPVi4QmAe8RbQBY=", + "validators_hash": "95W49n2hw8RWpr1GPTAO5MSPi6w6Wjr3JjjS7AjpBho=", + "next_validators_hash": "95W49n2hw8RWpr1GPTAO5MSPi6w6Wjr3JjjS7AjpBho=", + "consensus_hash": "BICRvH3cKD93v7+R1zxE2ljD34qcvIZ0Bdi389qtoi8=", + "app_hash": "ZZaxnSY3E6Ex5Bvkm+RigYCK82g8SSUL53NymPITeOE=", + "last_results_hash": "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=", + "evidence_hash": "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=", + "proposer_address": "aH6dO428B+ItuoqPq70efFHrSMY=" + }, + "valset": [ + { + "operator_address": "cosmosvaloper196ax4vc0lwpxndu9dyhvca7jhxp70rmcqcnylw", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "/O7BtNW0pafwfvomgR4ZnfldwPXiFfJs9mHg3gwfv5Q=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "1426045203613", + "delegator_shares": "1426045203613.000000000000000000", + "description": { + "moniker": "SG-1", + "identity": "48608633F99D1B60", + "website": "https://sg-1.online", + "security_contact": "", + "details": "SG-1 - your favorite validator on Witval. We offer 100% Soft Slash protection." + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.037500000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.030000000000000000" + }, + "update_time": "2021-10-01T15:00:00Z" + }, + "min_self_delegation": "1" + } + ] + } +} + +``` + +#### Pool + +The `Pool` endpoint queries the pool information. + +```bash +cosmos.staking.v1beta1.Query/Pool +``` + +Example: + +```bash +grpcurl -plaintext -d localhost:9090 cosmos.staking.v1beta1.Query/Pool +``` + +Example Output: + +```bash +{ + "pool": { + "not_bonded_tokens": "369054400189", + "bonded_tokens": "15657192425623" + } +} +``` + +#### Params + +The `Params` endpoint queries the pool information. + +```bash +cosmos.staking.v1beta1.Query/Params +``` + +Example: + +```bash +grpcurl -plaintext localhost:9090 cosmos.staking.v1beta1.Query/Params +``` + +Example Output: + +```bash +{ + "params": { + "unbondingTime": "1814400s", + "maxValidators": 100, + "maxEntries": 7, + "historicalEntries": 10000, + "bondDenom": "stake" + } +} +``` + +### REST + +A user can query the `staking` module using REST endpoints. + +#### DelegatorDelegations + +The `DelegatorDelegations` REST endpoint queries all delegations of a given delegator address. + +```bash +/cosmos/staking/v1beta1/delegations/{delegatorAddr} +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/delegations/cosmos1vcs68xf2tnqes5tg0khr0vyevm40ff6zdxatp5" -H "accept: application/json" +``` + +Example Output: + +```bash expandable +{ + "delegation_responses": [ + { + "delegation": { + "delegator_address": "cosmos1vcs68xf2tnqes5tg0khr0vyevm40ff6zdxatp5", + "validator_address": "cosmosvaloper1quqxfrxkycr0uzt4yk0d57tcq3zk7srm7sm6r8", + "shares": "256250000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "256250000" + } + }, + { + "delegation": { + "delegator_address": "cosmos1vcs68xf2tnqes5tg0khr0vyevm40ff6zdxatp5", + "validator_address": "cosmosvaloper194v8uwee2fvs2s8fa5k7j03ktwc87h5ym39jfv", + "shares": "255150000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "255150000" + } + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` + +#### Redelegations + +The `Redelegations` REST endpoint queries redelegations of given address. + +```bash +/cosmos/staking/v1beta1/delegators/{delegatorAddr}/redelegations +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/delegators/cosmos1thfntksw0d35n2tkr0k8v54fr8wxtxwxl2c56e/redelegations?srcValidatorAddr=cosmosvaloper1lzhlnpahvznwfv4jmay2tgaha5kmz5qx4cuznf&dstValidatorAddr=cosmosvaloper1vq8tw77kp8lvxq9u3c8eeln9zymn68rng8pgt4" \ +-H "accept: application/json" +``` + +Example Output: + +```bash expandable +{ + "redelegation_responses": [ + { + "redelegation": { + "delegator_address": "cosmos1thfntksw0d35n2tkr0k8v54fr8wxtxwxl2c56e", + "validator_src_address": "cosmosvaloper1lzhlnpahvznwfv4jmay2tgaha5kmz5qx4cuznf", + "validator_dst_address": "cosmosvaloper1vq8tw77kp8lvxq9u3c8eeln9zymn68rng8pgt4", + "entries": null + }, + "entries": [ + { + "redelegation_entry": { + "creation_height": 151523, + "completion_time": "2021-11-09T06:03:25.640682116Z", + "initial_balance": "200000000", + "shares_dst": "200000000.000000000000000000" + }, + "balance": "200000000" + } + ] + } + ], + "pagination": null +} +``` + +#### DelegatorUnbondingDelegations + +The `DelegatorUnbondingDelegations` REST endpoint queries all unbonding delegations of a given delegator address. + +```bash +/cosmos/staking/v1beta1/delegators/{delegatorAddr}/unbonding_delegations +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/delegators/cosmos1nxv42u3lv642q0fuzu2qmrku27zgut3n3z7lll/unbonding_delegations" \ +-H "accept: application/json" +``` + +Example Output: + +```bash expandable +{ + "unbonding_responses": [ + { + "delegator_address": "cosmos1nxv42u3lv642q0fuzu2qmrku27zgut3n3z7lll", + "validator_address": "cosmosvaloper1e7mvqlz50ch6gw4yjfemsc069wfre4qwmw53kq", + "entries": [ + { + "creation_height": "2442278", + "completion_time": "2021-10-12T10:59:03.797335857Z", + "initial_balance": "50000000000", + "balance": "50000000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### DelegatorValidators + +The `DelegatorValidators` REST endpoint queries all validators information for given delegator address. + +```bash +/cosmos/staking/v1beta1/delegators/{delegatorAddr}/validators +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/delegators/cosmos1xwazl8ftks4gn00y5x3c47auquc62ssune9ppv/validators" \ +-H "accept: application/json" +``` + +Example Output: + +```bash expandable +{ + "validators": [ + { + "operator_address": "cosmosvaloper1xwazl8ftks4gn00y5x3c47auquc62ssuvynw64", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "5v4n3px3PkfNnKflSgepDnsMQR1hiNXnqOC11Y72/PQ=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "21592843799", + "delegator_shares": "21592843799.000000000000000000", + "description": { + "moniker": "jabbey", + "identity": "", + "website": "https://twitter.com/JoeAbbey", + "security_contact": "", + "details": "just another dad in the cosmos" + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.100000000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.100000000000000000" + }, + "update_time": "2021-10-09T19:03:54.984821705Z" + }, + "min_self_delegation": "1" + } + ], + "pagination": { + "next_key": null, + "total": "1" + } +} +``` + +#### DelegatorValidator + +The `DelegatorValidator` REST endpoint queries validator information for given delegator validator pair. + +```bash +/cosmos/staking/v1beta1/delegators/{delegatorAddr}/validators/{validatorAddr} +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/delegators/cosmos1xwazl8ftks4gn00y5x3c47auquc62ssune9ppv/validators/cosmosvaloper1xwazl8ftks4gn00y5x3c47auquc62ssuvynw64" \ +-H "accept: application/json" +``` + +Example Output: + +```bash expandable +{ + "validator": { + "operator_address": "cosmosvaloper1xwazl8ftks4gn00y5x3c47auquc62ssuvynw64", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "5v4n3px3PkfNnKflSgepDnsMQR1hiNXnqOC11Y72/PQ=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "21592843799", + "delegator_shares": "21592843799.000000000000000000", + "description": { + "moniker": "jabbey", + "identity": "", + "website": "https://twitter.com/JoeAbbey", + "security_contact": "", + "details": "just another dad in the cosmos" + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.100000000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.100000000000000000" + }, + "update_time": "2021-10-09T19:03:54.984821705Z" + }, + "min_self_delegation": "1" + } +} +``` + +#### HistoricalInfo + +The `HistoricalInfo` REST endpoint queries the historical information for given height. + +```bash +/cosmos/staking/v1beta1/historical_info/{height} +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/historical_info/153332" -H "accept: application/json" +``` + +Example Output: + +```bash expandable +{ + "hist": { + "header": { + "version": { + "block": "11", + "app": "0" + }, + "chain_id": "cosmos-1", + "height": "153332", + "time": "2021-10-12T09:05:35.062230221Z", + "last_block_id": { + "hash": "NX8HevR5khb7H6NGKva+jVz7cyf0skF1CrcY9A0s+d8=", + "part_set_header": { + "total": 1, + "hash": "zLQ2FiKM5tooL3BInt+VVfgzjlBXfq0Hc8Iux/xrhdg=" + } + }, + "last_commit_hash": "P6IJrK8vSqU3dGEyRHnAFocoDGja0bn9euLuy09s350=", + "data_hash": "eUd+6acHWrNXYju8Js449RJ99lOYOs16KpqQl4SMrEM=", + "validators_hash": "mB4pravvMsJKgi+g8aYdSeNlt0kPjnRFyvtAQtaxcfw=", + "next_validators_hash": "mB4pravvMsJKgi+g8aYdSeNlt0kPjnRFyvtAQtaxcfw=", + "consensus_hash": "BICRvH3cKD93v7+R1zxE2ljD34qcvIZ0Bdi389qtoi8=", + "app_hash": "fuELArKRK+CptnZ8tu54h6xEleSWenHNmqC84W866fU=", + "last_results_hash": "p/BPexV4LxAzlVcPRvW+lomgXb6Yze8YLIQUo/4Kdgc=", + "evidence_hash": "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=", + "proposer_address": "G0MeY8xQx7ooOsni8KE/3R/Ib3Q=" + }, + "valset": [ + { + "operator_address": "cosmosvaloper196ax4vc0lwpxndu9dyhvca7jhxp70rmcqcnylw", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "/O7BtNW0pafwfvomgR4ZnfldwPXiFfJs9mHg3gwfv5Q=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "1416521659632", + "delegator_shares": "1416521659632.000000000000000000", + "description": { + "moniker": "SG-1", + "identity": "48608633F99D1B60", + "website": "https://sg-1.online", + "security_contact": "", + "details": "SG-1 - your favorite validator on cosmos. We offer 100% Soft Slash protection." + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.037500000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.030000000000000000" + }, + "update_time": "2021-10-01T15:00:00Z" + }, + "min_self_delegation": "1" + }, + { + "operator_address": "cosmosvaloper1t8ehvswxjfn3ejzkjtntcyrqwvmvuknzmvtaaa", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "uExZyjNLtr2+FFIhNDAMcQ8+yTrqE7ygYTsI7khkA5Y=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "1348298958808", + "delegator_shares": "1348298958808.000000000000000000", + "description": { + "moniker": "Cosmostation", + "identity": "AE4C403A6E7AA1AC", + "website": "https://www.cosmostation.io", + "security_contact": "admin@stamper.network", + "details": "Cosmostation validator node. Delegate your tokens and Start Earning Staking Rewards" + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.050000000000000000", + "max_rate": "1.000000000000000000", + "max_change_rate": "0.200000000000000000" + }, + "update_time": "2021-10-01T15:06:38.821314287Z" + }, + "min_self_delegation": "1" + } + ] + } +} +``` + +#### Parameters + +The `Parameters` REST endpoint queries the staking parameters. + +```bash +/cosmos/staking/v1beta1/params +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/params" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "params": { + "unbonding_time": "2419200s", + "max_validators": 100, + "max_entries": 7, + "historical_entries": 10000, + "bond_denom": "stake" + } +} +``` + +#### Pool + +The `Pool` REST endpoint queries the pool information. + +```bash +/cosmos/staking/v1beta1/pool +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/pool" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "pool": { + "not_bonded_tokens": "432805737458", + "bonded_tokens": "15783637712645" + } +} +``` + +#### Validators + +The `Validators` REST endpoint queries all validators that match the given status. + +```bash +/cosmos/staking/v1beta1/validators +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/validators" -H "accept: application/json" +``` + +Example Output: + +```bash expandable +{ + "validators": [ + { + "operator_address": "cosmosvaloper1q3jsx9dpfhtyqqgetwpe5tmk8f0ms5qywje8tw", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "N7BPyek2aKuNZ0N/8YsrqSDhGZmgVaYUBuddY8pwKaE=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "383301887799", + "delegator_shares": "383301887799.000000000000000000", + "description": { + "moniker": "SmartNodes", + "identity": "D372724899D1EDC8", + "website": "https://smartnodes.co", + "security_contact": "", + "details": "Earn Rewards with Crypto Staking & Node Deployment" + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.050000000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.100000000000000000" + }, + "update_time": "2021-10-01T15:51:31.596618510Z" + }, + "min_self_delegation": "1" + }, + { + "operator_address": "cosmosvaloper1q5ku90atkhktze83j9xjaks2p7uruag5zp6wt7", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "GDNpuKDmCg9GnhnsiU4fCWktuGUemjNfvpCZiqoRIYA=" + }, + "jailed": false, + "status": "BOND_STATUS_UNBONDING", + "tokens": "1017819654", + "delegator_shares": "1017819654.000000000000000000", + "description": { + "moniker": "Noderunners", + "identity": "812E82D12FEA3493", + "website": "http://noderunners.biz", + "security_contact": "info@noderunners.biz", + "details": "Noderunners is a professional validator in POS networks. We have a huge node running experience, reliable soft and hardware. Our commissions are always low, our support to delegators is always full. Stake with us and start receiving your cosmos rewards now!" + }, + "unbonding_height": "147302", + "unbonding_time": "2021-11-08T22:58:53.718662452Z", + "commission": { + "commission_rates": { + "rate": "0.050000000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.100000000000000000" + }, + "update_time": "2021-10-04T18:02:21.446645619Z" + }, + "min_self_delegation": "1" + } + ], + "pagination": { + "next_key": "FONDBFkE4tEEf7yxWWKOD49jC2NK", + "total": "2" + } +} +``` + +#### Validator + +The `Validator` REST endpoint queries validator information for given validator address. + +```bash +/cosmos/staking/v1beta1/validators/{validatorAddr} +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/validators/cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q" \ +-H "accept: application/json" +``` + +Example Output: + +```bash expandable +{ + "validator": { + "operator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "consensus_pubkey": { + "@type": "/cosmos.crypto.ed25519.PubKey", + "key": "sIiexdJdYWn27+7iUHQJDnkp63gq/rzUq1Y+fxoGjXc=" + }, + "jailed": false, + "status": "BOND_STATUS_BONDED", + "tokens": "33027900000", + "delegator_shares": "33027900000.000000000000000000", + "description": { + "moniker": "Witval", + "identity": "51468B615127273A", + "website": "", + "security_contact": "", + "details": "Witval is the validator arm from Vitwit. Vitwit is into software consulting and services business since 2015. We are working closely with Cosmos ecosystem since 2018. We are also building tools for the ecosystem, Aneka is our explorer for the cosmos ecosystem." + }, + "unbonding_height": "0", + "unbonding_time": "1970-01-01T00:00:00Z", + "commission": { + "commission_rates": { + "rate": "0.050000000000000000", + "max_rate": "0.200000000000000000", + "max_change_rate": "0.020000000000000000" + }, + "update_time": "2021-10-01T19:24:52.663191049Z" + }, + "min_self_delegation": "1" + } +} +``` + +#### ValidatorDelegations + +The `ValidatorDelegations` REST endpoint queries delegate information for given validator. + +```bash +/cosmos/staking/v1beta1/validators/{validatorAddr}/delegations +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/staking/v1beta1/validators/cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q/delegations" -H "accept: application/json" +``` + +Example Output: + +```bash expandable +{ + "delegation_responses": [ + { + "delegation": { + "delegator_address": "cosmos190g5j8aszqhvtg7cprmev8xcxs6csra7xnk3n3", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "31000000000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "31000000000" + } + }, + { + "delegation": { + "delegator_address": "cosmos1ddle9tczl87gsvmeva3c48nenyng4n56qwq4ee", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "628470000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "628470000" + } + }, + { + "delegation": { + "delegator_address": "cosmos10fdvkczl76m040smd33lh9xn9j0cf26kk4s2nw", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "838120000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "838120000" + } + }, + { + "delegation": { + "delegator_address": "cosmos1n8f5fknsv2yt7a8u6nrx30zqy7lu9jfm0t5lq8", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "500000000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "500000000" + } + }, + { + "delegation": { + "delegator_address": "cosmos16msryt3fqlxtvsy8u5ay7wv2p8mglfg9hrek2e", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "61310000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "61310000" + } + } + ], + "pagination": { + "next_key": null, + "total": "5" + } +} +``` + +#### Delegation + +The `Delegation` REST endpoint queries delegate information for given validator delegator pair. + +```bash +/cosmos/staking/v1beta1/validators/{validatorAddr}/delegations/{delegatorAddr} +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/validators/cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q/delegations/cosmos1n8f5fknsv2yt7a8u6nrx30zqy7lu9jfm0t5lq8" \ +-H "accept: application/json" +``` + +Example Output: + +```bash expandable +{ + "delegation_response": { + "delegation": { + "delegator_address": "cosmos1n8f5fknsv2yt7a8u6nrx30zqy7lu9jfm0t5lq8", + "validator_address": "cosmosvaloper16msryt3fqlxtvsy8u5ay7wv2p8mglfg9g70e3q", + "shares": "500000000.000000000000000000" + }, + "balance": { + "denom": "stake", + "amount": "500000000" + } + } +} +``` + +#### UnbondingDelegation + +The `UnbondingDelegation` REST endpoint queries unbonding information for given validator delegator pair. + +```bash +/cosmos/staking/v1beta1/validators/{validatorAddr}/delegations/{delegatorAddr}/unbonding_delegation +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/validators/cosmosvaloper13v4spsah85ps4vtrw07vzea37gq5la5gktlkeu/delegations/cosmos1ze2ye5u5k3qdlexvt2e0nn0508p04094ya0qpm/unbonding_delegation" \ +-H "accept: application/json" +``` + +Example Output: + +```bash expandable +{ + "unbond": { + "delegator_address": "cosmos1ze2ye5u5k3qdlexvt2e0nn0508p04094ya0qpm", + "validator_address": "cosmosvaloper13v4spsah85ps4vtrw07vzea37gq5la5gktlkeu", + "entries": [ + { + "creation_height": "153687", + "completion_time": "2021-11-09T09:41:18.352401903Z", + "initial_balance": "525111", + "balance": "525111" + } + ] + } +} +``` + +#### ValidatorUnbondingDelegations + +The `ValidatorUnbondingDelegations` REST endpoint queries unbonding delegations of a validator. + +```bash +/cosmos/staking/v1beta1/validators/{validatorAddr}/unbonding_delegations +``` + +Example: + +```bash +curl -X GET \ +"http://localhost:1317/cosmos/staking/v1beta1/validators/cosmosvaloper13v4spsah85ps4vtrw07vzea37gq5la5gktlkeu/unbonding_delegations" \ +-H "accept: application/json" +``` + +Example Output: + +```bash expandable +{ + "unbonding_responses": [ + { + "delegator_address": "cosmos1q9snn84jfrd9ge8t46kdcggpe58dua82vnj7uy", + "validator_address": "cosmosvaloper13v4spsah85ps4vtrw07vzea37gq5la5gktlkeu", + "entries": [ + { + "creation_height": "90998", + "completion_time": "2021-11-05T00:14:37.005841058Z", + "initial_balance": "24000000", + "balance": "24000000" + } + ] + }, + { + "delegator_address": "cosmos1qf36e6wmq9h4twhdvs6pyq9qcaeu7ye0s3dqq2", + "validator_address": "cosmosvaloper13v4spsah85ps4vtrw07vzea37gq5la5gktlkeu", + "entries": [ + { + "creation_height": "47478", + "completion_time": "2021-11-01T22:47:26.714116854Z", + "initial_balance": "8000000", + "balance": "8000000" + } + ] + } + ], + "pagination": { + "next_key": null, + "total": "2" + } +} +``` diff --git a/docs/sdk/next/build/modules/upgrade/README.mdx b/docs/sdk/next/build/modules/upgrade/README.mdx new file mode 100644 index 00000000..89e83c26 --- /dev/null +++ b/docs/sdk/next/build/modules/upgrade/README.mdx @@ -0,0 +1,608 @@ +--- +title: '`x/upgrade`' +--- +## Abstract + +`x/upgrade` is an implementation of a Cosmos SDK module that facilitates smoothly +upgrading a live Cosmos chain to a new (breaking) software version. It accomplishes this by +providing a `PreBlocker` hook that prevents the blockchain state machine from +proceeding once a pre-defined upgrade block height has been reached. + +The module does not prescribe anything regarding how governance decides to do an +upgrade, but just the mechanism for coordinating the upgrade safely. Without software +support for upgrades, upgrading a live chain is risky because all of the validators +need to pause their state machines at exactly the same point in the process. If +this is not done correctly, there can be state inconsistencies which are hard to +recover from. + +* [Concepts](#concepts) +* [State](#state) +* [Events](#events) +* [Client](#client) + * [CLI](#cli) + * [REST](#rest) + * [gRPC](#grpc) +* [Resources](#resources) + +## Concepts + +### Plan + +The `x/upgrade` module defines a `Plan` type in which a live upgrade is scheduled +to occur. A `Plan` can be scheduled at a specific block height. +A `Plan` is created once a (frozen) release candidate along with an appropriate upgrade +`Handler` (see below) is agreed upon, where the `Name` of a `Plan` corresponds to a +specific `Handler`. Typically, a `Plan` is created through a governance proposal +process, where if voted upon and passed, will be scheduled. The `Info` of a `Plan` +may contain various metadata about the upgrade, typically application specific +upgrade info to be included on-chain such as a git commit that validators could +automatically upgrade to. + +```go +type Plan struct { + Name string + Height int64 + Info string +} +``` + +#### Sidecar Process + +If an operator running the application binary also runs a sidecar process to assist +in the automatic download and upgrade of a binary, the `Info` allows this process to +be seamless. This tool is [Cosmovisor](https://github.com/cosmos/cosmos-sdk/tree/main/tools/cosmovisor#readme). + +### Handler + +The `x/upgrade` module facilitates upgrading from major version X to major version Y. To +accomplish this, node operators must first upgrade their current binary to a new +binary that has a corresponding `Handler` for the new version Y. It is assumed that +this version has fully been tested and approved by the community at large. This +`Handler` defines what state migrations need to occur before the new binary Y +can successfully run the chain. Naturally, this `Handler` is application specific +and not defined on a per-module basis. Registering a `Handler` is done via +`Keeper#SetUpgradeHandler` in the application. + +```go +type UpgradeHandler func(Context, Plan, VersionMap) (VersionMap, error) +``` + +During each `EndBlock` execution, the `x/upgrade` module checks if there exists a +`Plan` that should execute (is scheduled at that height). If so, the corresponding +`Handler` is executed. If the `Plan` is expected to execute but no `Handler` is registered +or if the binary was upgraded too early, the node will gracefully panic and exit. + +### StoreLoader + +The `x/upgrade` module also facilitates store migrations as part of the upgrade. The +`StoreLoader` sets the migrations that need to occur before the new binary can +successfully run the chain. This `StoreLoader` is also application specific and +not defined on a per-module basis. Registering this `StoreLoader` is done via +`app#SetStoreLoader` in the application. + +```go +func UpgradeStoreLoader (upgradeHeight int64, storeUpgrades *store.StoreUpgrades) + +baseapp.StoreLoader +``` + +If there's a planned upgrade and the upgrade height is reached, the old binary writes `Plan` to the disk before panicking. + +This information is critical to ensure the `StoreUpgrades` happens smoothly at correct height and +expected upgrade. It eliminates the chances for the new binary to execute `StoreUpgrades` multiple +times every time on restart. Also if there are multiple upgrades planned on same height, the `Name` +will ensure these `StoreUpgrades` takes place only in planned upgrade handler. + +### Proposal + +Typically, a `Plan` is proposed and submitted through governance via a proposal +containing a `MsgSoftwareUpgrade` message. +This proposal prescribes to the standard governance process. If the proposal passes, +the `Plan`, which targets a specific `Handler`, is persisted and scheduled. The +upgrade can be delayed or hastened by updating the `Plan.Height` in a new proposal. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/upgrade/v1beta1/tx.proto#L29-L41 +``` + +#### Cancelling Upgrade Proposals + +Upgrade proposals can be cancelled. There exists a gov-enabled `MsgCancelUpgrade` +message type, which can be embedded in a proposal, voted on and, if passed, will +remove the scheduled upgrade `Plan`. +Of course this requires that the upgrade was known to be a bad idea well before the +upgrade itself, to allow time for a vote. + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/proto/cosmos/upgrade/v1beta1/tx.proto#L48-L57 +``` + +If such a possibility is desired, the upgrade height is to be +`2 * (VotingPeriod + DepositPeriod) + (SafetyDelta)` from the beginning of the +upgrade proposal. The `SafetyDelta` is the time available from the success of an +upgrade proposal and the realization it was a bad idea (due to external social consensus). + +A `MsgCancelUpgrade` proposal can also be made while the original +`MsgSoftwareUpgrade` proposal is still being voted upon, as long as the `VotingPeriod` +ends after the `MsgSoftwareUpgrade` proposal. + +## State + +The internal state of the `x/upgrade` module is relatively minimal and simple. The +state contains the currently active upgrade `Plan` (if one exists) by key +`0x0` and if a `Plan` is marked as "done" by key `0x1`. The state +contains the consensus versions of all app modules in the application. The versions +are stored as big endian `uint64`, and can be accessed with prefix `0x2` appended +by the corresponding module name of type `string`. The state maintains a +`Protocol Version` which can be accessed by key `0x3`. + +* Plan: `0x0 -> Plan` +* Done: `0x1 | byte(plan name) -> BigEndian(Block Height)` +* ConsensusVersion: `0x2 | byte(module name) -> BigEndian(Module Consensus Version)` +* ProtocolVersion: `0x3 -> BigEndian(Protocol Version)` + +The `x/upgrade` module contains no genesis state. + +## Events + +The `x/upgrade` does not emit any events by itself. Any and all proposal related +events are emitted through the `x/gov` module. + +## Client + +### CLI + +A user can query and interact with the `upgrade` module using the CLI. + +#### Query + +The `query` commands allow users to query `upgrade` state. + +```bash +simd query upgrade --help +``` + +##### applied + +The `applied` command allows users to query the block header for height at which a completed upgrade was applied. + +```bash +simd query upgrade applied [upgrade-name] [flags] +``` + +If upgrade-name was previously executed on the chain, this returns the header for the block at which it was applied. +This helps a client determine which binary was valid over a given range of blocks, as well as more context to understand past migrations. + +Example: + +```bash +simd query upgrade applied "test-upgrade" +``` + +Example Output: + +```bash expandable +"block_id": { + "hash": "A769136351786B9034A5F196DC53F7E50FCEB53B48FA0786E1BFC45A0BB646B5", + "parts": { + "total": 1, + "hash": "B13CBD23011C7480E6F11BE4594EE316548648E6A666B3575409F8F16EC6939E" + } + }, + "block_size": "7213", + "header": { + "version": { + "block": "11" + }, + "chain_id": "testnet-2", + "height": "455200", + "time": "2021-04-10T04:37:57.085493838Z", + "last_block_id": { + "hash": "0E8AD9309C2DC411DF98217AF59E044A0E1CCEAE7C0338417A70338DF50F4783", + "parts": { + "total": 1, + "hash": "8FE572A48CD10BC2CBB02653CA04CA247A0F6830FF19DC972F64D339A355E77D" + } + }, + "last_commit_hash": "DE890239416A19E6164C2076B837CC1D7F7822FC214F305616725F11D2533140", + "data_hash": "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855", + "validators_hash": "A31047ADE54AE9072EE2A12FF260A8990BA4C39F903EAF5636B50D58DBA72582", + "next_validators_hash": "A31047ADE54AE9072EE2A12FF260A8990BA4C39F903EAF5636B50D58DBA72582", + "consensus_hash": "048091BC7DDC283F77BFBF91D73C44DA58C3DF8A9CBC867405D8B7F3DAADA22F", + "app_hash": "28ECC486AFC332BA6CC976706DBDE87E7D32441375E3F10FD084CD4BAF0DA021", + "last_results_hash": "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855", + "evidence_hash": "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855", + "proposer_address": "2ABC4854B1A1C5AA8403C4EA853A81ACA901CC76" + }, + "num_txs": "0" +} +``` + +##### module versions + +The `module_versions` command gets a list of module names and their respective consensus versions. + +Following the command with a specific module name will return only +that module's information. + +```bash +simd query upgrade module_versions [optional module_name] [flags] +``` + +Example: + +```bash +simd query upgrade module_versions +``` + +Example Output: + +```bash expandable +module_versions: +- name: auth + version: "2" +- name: authz + version: "1" +- name: bank + version: "2" +- name: distribution + version: "2" +- name: evidence + version: "1" +- name: feegrant + version: "1" +- name: genutil + version: "1" +- name: gov + version: "2" +- name: ibc + version: "2" +- name: mint + version: "1" +- name: params + version: "1" +- name: slashing + version: "2" +- name: staking + version: "2" +- name: transfer + version: "1" +- name: upgrade + version: "1" +- name: vesting + version: "1" +``` + +Example: + +```bash +regen query upgrade module_versions ibc +``` + +Example Output: + +```bash +module_versions: +- name: ibc + version: "2" +``` + +##### plan + +The `plan` command gets the currently scheduled upgrade plan, if one exists. + +```bash +regen query upgrade plan [flags] +``` + +Example: + +```bash +simd query upgrade plan +``` + +Example Output: + +```bash +height: "130" +info: "" +name: test-upgrade +time: "0001-01-01T00:00:00Z" +upgraded_client_state: null +``` + +#### Transactions + +The upgrade module supports the following transactions: + +* `software-proposal` - submits an upgrade proposal: + +```bash +simd tx upgrade software-upgrade v2 --title="Test Proposal" --summary="testing" --deposit="100000000stake" --upgrade-height 1000000 \ +--upgrade-info '{ "binaries": { "linux/amd64":"https://example.com/simd.zip?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f" } }' --from cosmos1.. +``` + +* `cancel-software-upgrade` - cancels a previously submitted upgrade proposal: + +```bash +simd tx upgrade cancel-software-upgrade --title="Test Proposal" --summary="testing" --deposit="100000000stake" --from cosmos1.. +``` + +### REST + +A user can query the `upgrade` module using REST endpoints. + +#### Applied Plan + +`AppliedPlan` queries a previously applied upgrade plan by its name. + +```bash +/cosmos/upgrade/v1beta1/applied_plan/{name} +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/upgrade/v1beta1/applied_plan/v2.0-upgrade" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "height": "30" +} +``` + +#### Current Plan + +`CurrentPlan` queries the current upgrade plan. + +```bash +/cosmos/upgrade/v1beta1/current_plan +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/upgrade/v1beta1/current_plan" -H "accept: application/json" +``` + +Example Output: + +```bash +{ + "plan": "v2.1-upgrade" +} +``` + +#### Module versions + +`ModuleVersions` queries the list of module versions from state. + +```bash +/cosmos/upgrade/v1beta1/module_versions +``` + +Example: + +```bash +curl -X GET "http://localhost:1317/cosmos/upgrade/v1beta1/module_versions" -H "accept: application/json" +``` + +Example Output: + +```bash expandable +{ + "module_versions": [ + { + "name": "auth", + "version": "2" + }, + { + "name": "authz", + "version": "1" + }, + { + "name": "bank", + "version": "2" + }, + { + "name": "distribution", + "version": "2" + }, + { + "name": "evidence", + "version": "1" + }, + { + "name": "feegrant", + "version": "1" + }, + { + "name": "genutil", + "version": "1" + }, + { + "name": "gov", + "version": "2" + }, + { + "name": "ibc", + "version": "2" + }, + { + "name": "mint", + "version": "1" + }, + { + "name": "params", + "version": "1" + }, + { + "name": "slashing", + "version": "2" + }, + { + "name": "staking", + "version": "2" + }, + { + "name": "transfer", + "version": "1" + }, + { + "name": "upgrade", + "version": "1" + }, + { + "name": "vesting", + "version": "1" + } + ] +} +``` + +### gRPC + +A user can query the `upgrade` module using gRPC endpoints. + +#### Applied Plan + +`AppliedPlan` queries a previously applied upgrade plan by its name. + +```bash +cosmos.upgrade.v1beta1.Query/AppliedPlan +``` + +Example: + +```bash +grpcurl -plaintext \ + -d '{"name":"v2.0-upgrade"}' \ + localhost:9090 \ + cosmos.upgrade.v1beta1.Query/AppliedPlan +``` + +Example Output: + +```bash +{ + "height": "30" +} +``` + +#### Current Plan + +`CurrentPlan` queries the current upgrade plan. + +```bash +cosmos.upgrade.v1beta1.Query/CurrentPlan +``` + +Example: + +```bash +grpcurl -plaintext localhost:9090 cosmos.slashing.v1beta1.Query/CurrentPlan +``` + +Example Output: + +```bash +{ + "plan": "v2.1-upgrade" +} +``` + +#### Module versions + +`ModuleVersions` queries the list of module versions from state. + +```bash +cosmos.upgrade.v1beta1.Query/ModuleVersions +``` + +Example: + +```bash +grpcurl -plaintext localhost:9090 cosmos.slashing.v1beta1.Query/ModuleVersions +``` + +Example Output: + +```bash expandable +{ + "module_versions": [ + { + "name": "auth", + "version": "2" + }, + { + "name": "authz", + "version": "1" + }, + { + "name": "bank", + "version": "2" + }, + { + "name": "distribution", + "version": "2" + }, + { + "name": "evidence", + "version": "1" + }, + { + "name": "feegrant", + "version": "1" + }, + { + "name": "genutil", + "version": "1" + }, + { + "name": "gov", + "version": "2" + }, + { + "name": "ibc", + "version": "2" + }, + { + "name": "mint", + "version": "1" + }, + { + "name": "params", + "version": "1" + }, + { + "name": "slashing", + "version": "2" + }, + { + "name": "staking", + "version": "2" + }, + { + "name": "transfer", + "version": "1" + }, + { + "name": "upgrade", + "version": "1" + }, + { + "name": "vesting", + "version": "1" + } + ] +} +``` + +## Resources + +A list of (external) resources to learn more about the `x/upgrade` module. + +* [Cosmos Dev Series: Cosmos Blockchain Upgrade](https://medium.com/web3-surfers/cosmos-dev-series-cosmos-sdk-based-blockchain-upgrade-b5e99181554c) - The blog post that explains how software upgrades work in detail. diff --git a/docs/sdk/next/build/packages/README.mdx b/docs/sdk/next/build/packages/README.mdx new file mode 100644 index 00000000..8694f8cf --- /dev/null +++ b/docs/sdk/next/build/packages/README.mdx @@ -0,0 +1,39 @@ +--- +title: Packages +description: >- + The Cosmos SDK is a collection of Go modules. This section provides + documentation on various packages that can be used when developing a Cosmos + SDK chain. It lists all standalone Go modules that are part of the Cosmos SDK. +--- +The Cosmos SDK is a collection of Go modules. This section provides documentation on various packages that can be used when developing a Cosmos SDK chain. +It lists all standalone Go modules that are part of the Cosmos SDK. + + +For more information on SDK modules, see the [SDK Modules](https://docs.cosmos.network/main/modules) section. +For more information on SDK tooling, see the [Tooling](https://docs.cosmos.network/main/tooling) section. + + +## Core + +* [Core](https://pkg.go.dev/cosmossdk.io/core) - Core library defining SDK interfaces ([ADR-063](https://docs.cosmos.network/main/architecture/adr-063-core-module-api)) +* [API](https://pkg.go.dev/cosmossdk.io/api) - API library containing generated SDK Pulsar API +* [Store](https://pkg.go.dev/cosmossdk.io/store) - Implementation of the Cosmos SDK store + +## State Management + +* [Collections](/docs/sdk/vnext/build/packages/collections) - State management library + +## Automation + +* [Depinject](/docs/sdk/vnext/build/packages/depinject) - Dependency injection framework +* [Client/v2](https://pkg.go.dev/cosmossdk.io/client/v2) - Library powering [AutoCLI](https://docs.cosmos.network/main/core/autocli) + +## Utilities + +* [Log](https://pkg.go.dev/cosmossdk.io/log) - Logging library +* [Errors](https://pkg.go.dev/cosmossdk.io/errors) - Error handling library +* [Math](https://pkg.go.dev/cosmossdk.io/math) - Math library for SDK arithmetic operations + +## Example + +* [SimApp](https://pkg.go.dev/cosmossdk.io/simapp) - SimApp is **the** sample Cosmos SDK chain. This package should not be imported in your application. diff --git a/docs/sdk/next/build/packages/collections.mdx b/docs/sdk/next/build/packages/collections.mdx new file mode 100644 index 00000000..13320ba4 --- /dev/null +++ b/docs/sdk/next/build/packages/collections.mdx @@ -0,0 +1,1373 @@ +--- +title: Collections +description: >- + Collections is a library meant to simplify the experience with respect to + module state handling. +--- +Collections is a library meant to simplify the experience with respect to module state handling. + +Cosmos SDK modules handle their state using the `KVStore` interface. The problem with working with +`KVStore` is that it forces you to think of state as a bytes KV pairings when in reality the majority of +state comes from complex concrete golang objects (strings, ints, structs, etc.). + +Collections allows you to work with state as if they were normal golang objects and removes the need +for you to think of your state as raw bytes in your code. + +It also allows you to migrate your existing state without causing any state breakage that forces you into +tedious and complex chain state migrations. + +## Installation + +To install collections in your cosmos-sdk chain project, run the following command: + +```shell +go get cosmossdk.io/collections +``` + +## Core types + +Collections offers 5 different APIs to work with state, which will be explored in the next sections, these APIs are: + +* `Map`: to work with typed arbitrary KV pairings. +* `KeySet`: to work with just typed keys +* `Item`: to work with just one typed value +* `Sequence`: which is a monotonically increasing number. +* `IndexedMap`: which combines `Map` and `KeySet` to provide a `Map` with indexing capabilities. + +## Preliminary components + +Before exploring the different collections types and their capability it is necessary to introduce +the three components that every collection shares. In fact when instantiating a collection type by doing, for example, +`collections.NewMap/collections.NewItem/...` you will find yourself having to pass them some common arguments. + +For example, in code: + +```go expandable +package collections + +import ( + + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + sdk "github.com/cosmos/cosmos-sdk/types" +) + +var AllowListPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + AllowList collections.KeySet[string] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) + +Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + +return Keeper{ + AllowList: collections.NewKeySet(sb, AllowListPrefix, "allow_list", collections.StringKey), +} +} +``` + +Let's analyse the shared arguments, what they do, and why we need them. + +### SchemaBuilder + +The first argument passed is the `SchemaBuilder` + +`SchemaBuilder` is a structure that keeps track of all the state of a module, it is not required by the collections +to deal with state but it offers a dynamic and reflective way for clients to explore a module's state. + +We instantiate a `SchemaBuilder` by passing it a function that given the modules store key returns the module's specific store. + +We then need to pass the schema builder to every collection type we instantiate in our keeper, in our case the `AllowList`. + +### Prefix + +The second argument passed to our `KeySet` is a `collections.Prefix`, a prefix represents a partition of the module's `KVStore` +where all the state of a specific collection will be saved. + +Since a module can have multiple collections, the following is expected: + +* module params will become a `collections.Item` +* the `AllowList` is a `collections.KeySet` + +We don't want a collection to write over the state of the other collection so we pass it a prefix, which defines a storage +partition owned by the collection. + +If you already built modules, the prefix translates to the items you were creating in your `types/keys.go` file, example: [Link](https://github.com/cosmos/cosmos-sdk/blob/v0.52.0-rc.1/x/feegrant/key.go#L16~L22) + +your old: + +```go +var ( + // FeeAllowanceKeyPrefix is the set of the kvstore for fee allowance data + // - 0x00: allowance + FeeAllowanceKeyPrefix = []byte{0x00 +} + + // FeeAllowanceQueueKeyPrefix is the set of the kvstore for fee allowance keys data + // - 0x01: + FeeAllowanceQueueKeyPrefix = []byte{0x01 +} +) +``` + +becomes: + +```go +var ( + // FeeAllowanceKeyPrefix is the set of the kvstore for fee allowance data + // - 0x00: allowance + FeeAllowanceKeyPrefix = collections.NewPrefix(0) + + // FeeAllowanceQueueKeyPrefix is the set of the kvstore for fee allowance keys data + // - 0x01: + FeeAllowanceQueueKeyPrefix = collections.NewPrefix(1) +) +``` + +#### Rules + +`collections.NewPrefix` accepts either `uint8`, `string` or `[]bytes` it's good practice to use an always increasing `uint8`for disk space efficiency. + +A collection **MUST NOT** share the same prefix as another collection in the same module, and a collection prefix **MUST NEVER** start with the same prefix as another, examples: + +```go +prefix1 := collections.NewPrefix("prefix") + +prefix2 := collections.NewPrefix("prefix") // THIS IS BAD! +``` + +```go +prefix1 := collections.NewPrefix("a") + +prefix2 := collections.NewPrefix("aa") // prefix2 starts with the same as prefix1: BAD!!! +``` + +### Human-Readable Name + +The third parameter we pass to a collection is a string, which is a human-readable name. +It is needed to make the role of a collection understandable by clients who have no clue about +what a module is storing in state. + +#### Rules + +Each collection in a module **MUST** have a unique humanised name. + +## Key and Value Codecs + +A collection is generic over the type you can use as keys or values. +This makes collections dumb, but also means that hypothetically we can store everything +that can be a go type into a collection. We are not bounded to any type of encoding (be it proto, json or whatever) + +So a collection needs to be given a way to understand how to convert your keys and values to bytes. +This is achieved through `KeyCodec` and `ValueCodec`, which are arguments that you pass to your +collections when you're instantiating them using the `collections.NewMap/collections.NewItem/...` +instantiation functions. + +NOTE: Generally speaking you will never be required to implement your own `Key/ValueCodec` as +the SDK and collections libraries already come with default, safe and fast implementation of those. +You might need to implement them only if you're migrating to collections and there are state layout incompatibilities. + +Let's explore an example: + +```go expandable +package collections + +import ( + + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + sdk "github.com/cosmos/cosmos-sdk/types" +) + +var IDsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + IDs collections.Map[string, uint64] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) + +Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + +return Keeper{ + IDs: collections.NewMap(sb, IDsPrefix, "ids", collections.StringKey, collections.Uint64Value), +} +} +``` + +We're now instantiating a map where the key is string and the value is `uint64`. +We already know the first three arguments of the `NewMap` function. + +The fourth parameter is our `KeyCodec`, we know that the `Map` has `string` as key so we pass it a `KeyCodec` that handles strings as keys. + +The fifth parameter is our `ValueCodec`, we know that the `Map` has a `uint64` as value so we pass it a `ValueCodec` that handles uint64. + +Collections already comes with all the required implementations for golang primitive types. + +Let's make another example, this falls closer to what we build using cosmos SDK, let's say we want +to create a `collections.Map` that maps account addresses to their base account. So we want to map an `sdk.AccAddress` to an `auth.BaseAccount` (which is a proto): + +```go expandable +package collections + +import ( + + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts collections.Map[sdk.AccAddress, authtypes.BaseAccount] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) + +Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + +return Keeper{ + Accounts: collections.NewMap(sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollValue[authtypes.BaseAccount](cdc)), +} +} +``` + +As we can see here since our `collections.Map` maps `sdk.AccAddress` to `authtypes.BaseAccount`, +we use the `sdk.AccAddressKey` which is the `KeyCodec` implementation for `AccAddress` and we use `codec.CollValue` to +encode our proto type `BaseAccount`. + +Generally speaking you will always find the respective key and value codecs for types in the `go.mod` path you're using +to import that type. If you want to encode proto values refer to the codec `codec.CollValue` function, which allows you +to encode any type implement the `proto.Message` interface. + +## Map + +We analyse the first and most important collection type, the `collections.Map`. +This is the type that everything else builds on top of. + +### Use case + +A `collections.Map` is used to map arbitrary keys with arbitrary values. + +### Example + +It's easier to explain a `collections.Map` capabilities through an example: + +```go expandable +package collections + +import ( + + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "fmt" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts collections.Map[sdk.AccAddress, authtypes.BaseAccount] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) + +Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + +return Keeper{ + Accounts: collections.NewMap(sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollValue[authtypes.BaseAccount](cdc)), +} +} + +func (k Keeper) + +CreateAccount(ctx sdk.Context, addr sdk.AccAddress, account authtypes.BaseAccount) + +error { + has, err := k.Accounts.Has(ctx, addr) + if err != nil { + return err +} + if has { + return fmt.Errorf("account already exists: %s", addr) +} + +err = k.Accounts.Set(ctx, addr, account) + if err != nil { + return err +} + +return nil +} + +func (k Keeper) + +GetAccount(ctx sdk.Context, addr sdk.AccAddress) (authtypes.BaseAccount, error) { + acc, err := k.Accounts.Get(ctx, addr) + if err != nil { + return authtypes.BaseAccount{ +}, err +} + +return acc, nil +} + +func (k Keeper) + +RemoveAccount(ctx sdk.Context, addr sdk.AccAddress) + +error { + err := k.Accounts.Remove(ctx, addr) + if err != nil { + return err +} + +return nil +} +``` + +#### Set method + +Set maps with the provided `AccAddress` (the key) to the `auth.BaseAccount` (the value). + +Under the hood the `collections.Map` will convert the key and value to bytes using the [key and value codec](/docs/sdk/vnext/build/packages/README#key-and-value-codecs). +It will prepend to our bytes key the [prefix](/docs/sdk/vnext/build/packages/README#prefix) and store it in the KVStore of the module. + +#### Has method + +The has method reports if the provided key exists in the store. + +#### Get method + +The get method accepts the `AccAddress` and returns the associated `auth.BaseAccount` if it exists, otherwise it errors. + +#### Remove method + +The remove method accepts the `AccAddress` and removes it from the store. It won't report errors +if it does not exist, to check for existence before removal use the `Has` method. + +#### Iteration + +Iteration has a separate section. + +## KeySet + +The second type of collection is `collections.KeySet`, as the word suggests it maintains +only a set of keys without values. + +#### Implementation curiosity + +A `collections.KeySet` is just a `collections.Map` with a `key` but no value. +The value internally is always the same and is represented as an empty byte slice `[]byte{}`. + +### Example + +As always we explore the collection type through an example: + +```go expandable +package collections + +import ( + + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "fmt" + sdk "github.com/cosmos/cosmos-sdk/types" +) + +var ValidatorsSetPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + ValidatorsSet collections.KeySet[sdk.ValAddress] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) + +Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + +return Keeper{ + ValidatorsSet: collections.NewKeySet(sb, ValidatorsSetPrefix, "validators_set", sdk.ValAddressKey), +} +} + +func (k Keeper) + +AddValidator(ctx sdk.Context, validator sdk.ValAddress) + +error { + has, err := k.ValidatorsSet.Has(ctx, validator) + if err != nil { + return err +} + if has { + return fmt.Errorf("validator already in set: %s", validator) +} + +err = k.ValidatorsSet.Set(ctx, validator) + if err != nil { + return err +} + +return nil +} + +func (k Keeper) + +RemoveValidator(ctx sdk.Context, validator sdk.ValAddress) + +error { + err := k.ValidatorsSet.Remove(ctx, validator) + if err != nil { + return err +} + +return nil +} +``` + +The first difference we notice is that `KeySet` needs use to specify only one type parameter: the key (`sdk.ValAddress` in this case). +The second difference we notice is that `KeySet` in its `NewKeySet` function does not require +us to specify a `ValueCodec` but only a `KeyCodec`. This is because a `KeySet` only saves keys and not values. + +Let's explore the methods. + +#### Has method + +Has allows us to understand if a key is present in the `collections.KeySet` or not, functions in the same way as `collections.Map.Has +` + +#### Set method + +Set inserts the provided key in the `KeySet`. + +#### Remove method + +Remove removes the provided key from the `KeySet`, it does not error if the key does not exist, +if existence check before removal is required it needs to be coupled with the `Has` method. + +## Item + +The third type of collection is the `collections.Item`. +It stores only one single item, it's useful for example for parameters, there's only one instance +of parameters in state always. + +### implementation curiosity + +A `collections.Item` is just a `collections.Map` with no key but just a value. +The key is the prefix of the collection! + +### Example + +```go expandable +package collections + +import ( + + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + stakingtypes "cosmossdk.io/x/staking/types" +) + +var ParamsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Params collections.Item[stakingtypes.Params] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) + +Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + +return Keeper{ + Params: collections.NewItem(sb, ParamsPrefix, "params", codec.CollValue[stakingtypes.Params](cdc)), +} +} + +func (k Keeper) + +UpdateParams(ctx sdk.Context, params stakingtypes.Params) + +error { + err := k.Params.Set(ctx, params) + if err != nil { + return err +} + +return nil +} + +func (k Keeper) + +GetParams(ctx sdk.Context) (stakingtypes.Params, error) { + return k.Params.Get(ctx) +} +``` + +The first key difference we notice is that we specify only one type parameter, which is the value we're storing. +The second key difference is that we don't specify the `KeyCodec`, since we store only one item we already know the key +and the fact that it is constant. + +## Iteration + +One of the key features of the `KVStore` is iterating over keys. + +Collections which deal with keys (so `Map`, `KeySet` and `IndexedMap`) allow you to iterate +over keys in a safe and typed way. They all share the same API, the only difference being +that `KeySet` returns a different type of `Iterator` because `KeySet` only deals with keys. + + + +Every collection shares the same `Iterator` semantics. + + + +Let's have a look at the `Map.Iterate` method: + +```go +func (m Map[K, V]) + +Iterate(ctx context.Context, ranger Ranger[K]) (Iterator[K, V], error) +``` + +It accepts a `collections.Ranger[K]`, which is an API that instructs map on how to iterate over keys. +As always we don't need to implement anything here as `collections` already provides some generic `Ranger` implementers +that expose all you need to work with ranges. + +### Example + +We have a `collections.Map` that maps accounts using `uint64` IDs. + +```go expandable +package collections + +import ( + + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts collections.Map[uint64, authtypes.BaseAccount] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) + +Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + +return Keeper{ + Accounts: collections.NewMap(sb, AccountsPrefix, "accounts", collections.Uint64Key, codec.CollValue[authtypes.BaseAccount](cdc)), +} +} + +func (k Keeper) + +GetAllAccounts(ctx sdk.Context) ([]authtypes.BaseAccount, error) { + // passing a nil Ranger equals to: iterate over every possible key + iter, err := k.Accounts.Iterate(ctx, nil) + if err != nil { + return nil, err +} + +accounts, err := iter.Values() + if err != nil { + return nil, err +} + +return accounts, err +} + +func (k Keeper) + +IterateAccountsBetween(ctx sdk.Context, start, end uint64) ([]authtypes.BaseAccount, error) { + // The collections.Range API offers a lot of capabilities + // like defining where the iteration starts or ends. + rng := new(collections.Range[uint64]). + StartInclusive(start). + EndExclusive(end). + Descending() + +iter, err := k.Accounts.Iterate(ctx, rng) + if err != nil { + return nil, err +} + +accounts, err := iter.Values() + if err != nil { + return nil, err +} + +return accounts, nil +} + +func (k Keeper) + +IterateAccounts(ctx sdk.Context, do func(id uint64, acc authtypes.BaseAccount) (stop bool)) + +error { + iter, err := k.Accounts.Iterate(ctx, nil) + if err != nil { + return err +} + +defer iter.Close() + for ; iter.Valid(); iter.Next() { + kv, err := iter.KeyValue() + if err != nil { + return err +} + if do(kv.Key, kv.Value) { + break +} + +} + +return nil +} +``` + +Let's analyse each method in the example and how it makes use of the `Iterate` and the returned `Iterator` API. + +#### GetAllAccounts + +In `GetAllAccounts` we pass to our `Iterate` a nil `Ranger`. This means that the returned `Iterator` will include +all the existing keys within the collection. + +Then we use the `Values` method from the returned `Iterator` API to collect all the values into a slice. + +`Iterator` offers other methods such as `Keys()` to collect only the keys and not the values and `KeyValues` to collect +all the keys and values. + +#### IterateAccountsBetween + +Here we make use of the `collections.Range` helper to specialise our range. +We make it start in a point through `StartInclusive` and end in the other with `EndExclusive`, then +we instruct it to report us results in reverse order through `Descending` + +Then we pass the range instruction to `Iterate` and get an `Iterator`, which will contain only the results +we specified in the range. + +Then we use again the `Values` method of the `Iterator` to collect all the results. + +`collections.Range` also offers a `Prefix` API which is not applicable to all keys types, +for example uint64 cannot be prefix because it is of constant size, but a `string` key +can be prefixed. + +#### IterateAccounts + +Here we showcase how to lazily collect values from an Iterator. + + + +`Keys/Values/KeyValues` fully consume and close the `Iterator`, here we need to explicitly do a `defer iterator.Close()` call. + + + +`Iterator` also exposes a `Value` and `Key` method to collect only the current value or key, if collecting both is not needed. + + + +For this `callback` pattern, collections expose a `Walk` API. + + + +## Composite keys + +So far we've worked only with simple keys, like `uint64`, the account address, etc. +There are some more complex cases in, which we need to deal with composite keys. + +A key is composite when it is composed of multiple keys, for example bank balances as stored as the composite key +`(AccAddress, string)` where the first part is the address holding the coins and the second part is the denom. + +Example, let's say address `BOB` holds `10atom,15osmo`, this is how it is stored in state: + +```javascript +(bob, atom) => 10 +(bob, osmos) => 15 +``` + +Now this allows to efficiently get a specific denom balance of an address, by simply `getting` `(address, denom)`, or getting all the balances +of an address by prefixing over `(address)`. + +Let's see now how we can work with composite keys using collections. + +### Example + +In our example we will show-case how we can use collections when we are dealing with balances, similar to bank, +a balance is a mapping between `(address, denom) => math.Int` the composite key in our case is `(address, denom)`. + +## Instantiation of a composite key collection + +```go expandable +package collections + +import ( + + "cosmossdk.io/collections" + "cosmossdk.io/math" + storetypes "cosmossdk.io/store/types" + sdk "github.com/cosmos/cosmos-sdk/types" +) + +var BalancesPrefix = collections.NewPrefix(1) + +type Keeper struct { + Schema collections.Schema + Balances collections.Map[collections.Pair[sdk.AccAddress, string], math.Int] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) + +Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + +return Keeper{ + Balances: collections.NewMap( + sb, BalancesPrefix, "balances", + collections.PairKeyCodec(sdk.AccAddressKey, collections.StringKey), + sdk.IntValue, + ), +} +} +``` + +### The Map Key definition + +First of all we can see that in order to define a composite key of two elements we use the `collections.Pair` type: + +```go +collections.Map[collections.Pair[sdk.AccAddress, string], math.Int] +``` + +`collections.Pair` defines a key composed of two other keys, in our case the first part is `sdk.AccAddress`, the second +part is `string`. + +#### The Key Codec instantiation + +The arguments to instantiate are always the same, the only thing that changes is how we instantiate +the `KeyCodec`, since this key is composed of two keys we use `collections.PairKeyCodec`, which generates +a `KeyCodec` composed of two key codecs. The first one will encode the first part of the key, the second one will +encode the second part of the key. + +### Working with composite key collections + +Let's expand on the example we used before: + +```go expandable +var BalancesPrefix = collections.NewPrefix(1) + +type Keeper struct { + Schema collections.Schema + Balances collections.Map[collections.Pair[sdk.AccAddress, string], math.Int] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) + +Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + +return Keeper{ + Balances: collections.NewMap( + sb, BalancesPrefix, "balances", + collections.PairKeyCodec(sdk.AccAddressKey, collections.StringKey), + sdk.IntValue, + ), +} +} + +func (k Keeper) + +SetBalance(ctx sdk.Context, address sdk.AccAddress, denom string, amount math.Int) + +error { + key := collections.Join(address, denom) + +return k.Balances.Set(ctx, key, amount) +} + +func (k Keeper) + +GetBalance(ctx sdk.Context, address sdk.AccAddress, denom string) (math.Int, error) { + return k.Balances.Get(ctx, collections.Join(address, denom)) +} + +func (k Keeper) + +GetAllAddressBalances(ctx sdk.Context, address sdk.AccAddress) (sdk.Coins, error) { + balances := sdk.NewCoins() + rng := collections.NewPrefixedPairRange[sdk.AccAddress, string](address) + +iter, err := k.Balances.Iterate(ctx, rng) + if err != nil { + return nil, err +} + +kvs, err := iter.KeyValues() + if err != nil { + return nil, err +} + for _, kv := range kvs { + balances = balances.Add(sdk.NewCoin(kv.Key.K2(), kv.Value)) +} + +return balances, nil +} + +func (k Keeper) + +GetAllAddressBalancesBetween(ctx sdk.Context, address sdk.AccAddress, startDenom, endDenom string) (sdk.Coins, error) { + rng := collections.NewPrefixedPairRange[sdk.AccAddress, string](address). + StartInclusive(startDenom). + EndInclusive(endDenom) + +iter, err := k.Balances.Iterate(ctx, rng) + if err != nil { + return nil, err +} + ... +} +``` + +#### SetBalance + +As we can see here we're setting the balance of an address for a specific denom. +We use the `collections.Join` function to generate the composite key. +`collections.Join` returns a `collections.Pair` (which is the key of our `collections.Map`) + +`collections.Pair` contains the two keys we have joined, it also exposes two methods: `K1` to fetch the 1st part of the +key and `K2` to fetch the second part. + +As always, we use the `collections.Map.Set` method to map the composite key to our value (`math.Int` in this case) + +#### GetBalance + +To get a value in composite key collection, we simply use `collections.Join` to compose the key. + +#### GetAllAddressBalances + +We use `collections.PrefixedPairRange` to iterate over all the keys starting with the provided address. +Concretely the iteration will report all the balances belonging to the provided address. + +The first part is that we instantiate a `PrefixedPairRange`, which is a `Ranger` implementer aimed to help +in `Pair` keys iterations. + +```go +rng := collections.NewPrefixedPairRange[sdk.AccAddress, string](address) +``` + +As we can see here we're passing the type parameters of the `collections.Pair` because golang type inference +with respect to generics is not as permissive as other languages, so we need to explicitly say what are the types of the pair key. + +#### GetAllAddressesBalancesBetween + +This showcases how we can further specialise our range to limit the results further, by specifying +the range between the second part of the key (in our case the denoms, which are strings). + +## IndexedMap + +`collections.IndexedMap` is a collection that uses under the hood a `collections.Map`, and has a struct, which contains the indexes that we need to define. + +### Example + +Let's say we have an `auth.BaseAccount` struct which looks like the following: + +```go +type BaseAccount struct { + AccountNumber uint64 `protobuf:"varint,3,opt,name=account_number,json=accountNumber,proto3" json:"account_number,omitempty"` + Sequence uint64 `protobuf:"varint,4,opt,name=sequence,proto3" json:"sequence,omitempty"` +} +``` + +First of all, when we save our accounts in state we map them using a primary key `sdk.AccAddress`. +If it were to be a `collections.Map` it would be `collections.Map[sdk.AccAddress, authtypes.BaseAccount]`. + +Then we also want to be able to get an account not only by its `sdk.AccAddress`, but also by its `AccountNumber`. + +So we can say we want to create an `Index` that maps our `BaseAccount` to its `AccountNumber`. + +We also know that this `Index` is unique. Unique means that there can only be one `BaseAccount` that maps to a specific +`AccountNumber`. + +First of all, we start by defining the object that contains our index: + +```go expandable +var AccountsNumberIndexPrefix = collections.NewPrefix(1) + +type AccountsIndexes struct { + Number *indexes.Unique[uint64, sdk.AccAddress, authtypes.BaseAccount] +} + +func NewAccountIndexes(sb *collections.SchemaBuilder) + +AccountsIndexes { + return AccountsIndexes{ + Number: indexes.NewUnique( + sb, AccountsNumberIndexPrefix, "accounts_by_number", + collections.Uint64Key, sdk.AccAddressKey, + func(_ sdk.AccAddress, v authtypes.BaseAccount) (uint64, error) { + return v.AccountNumber, nil +}, + ), +} +} +``` + +We create an `AccountIndexes` struct which contains a field: `Number`. This field represents our `AccountNumber` index. +`AccountNumber` is a field of `authtypes.BaseAccount` and it's a `uint64`. + +Then we can see in our `AccountIndexes` struct the `Number` field is defined as: + +```go +*indexes.Unique[uint64, sdk.AccAddress, authtypes.BaseAccount] +``` + +Where the first type parameter is `uint64`, which is the field type of our index. +The second type parameter is the primary key `sdk.AccAddress`. +And the third type parameter is the actual object we're storing `authtypes.BaseAccount`. + +Then we create a `NewAccountIndexes` function that instantiates and returns the `AccountsIndexes` struct. + +The function takes a `SchemaBuilder`. Then we instantiate our `indexes.Unique`, let's analyse the arguments we pass to +`indexes.NewUnique`. + +#### NOTE: indexes list + +The `AccountsIndexes` struct contains the indexes, the `NewIndexedMap` function will infer the indexes form that struct +using reflection, this happens only at init and is not computationally expensive. In case you want to explicitly declare +indexes: implement the `Indexes` interface in the `AccountsIndexes` struct: + +```go +func (a AccountsIndexes) + +IndexesList() []collections.Index[sdk.AccAddress, authtypes.BaseAccount] { + return []collections.Index[sdk.AccAddress, authtypes.BaseAccount]{ + a.Number +} +} +``` + +#### Instantiating a `indexes.Unique` + +The first three arguments, we already know them, they are: `SchemaBuilder`, `Prefix` which is our index prefix (the partition +where index keys relationship for the `Number` index will be maintained), and the human name for the `Number` index. + +The second argument is a `collections.Uint64Key` which is a key codec to deal with `uint64` keys, we pass that because +the key we're trying to index is a `uint64` key (the account number), and then we pass as fifth argument the primary key codec, +which in our case is `sdk.AccAddress` (remember: we're mapping `sdk.AccAddress` => `BaseAccount`). + +Then as last parameter we pass a function that: given the `BaseAccount` returns its `AccountNumber`. + +After this we can proceed instantiating our `IndexedMap`. + +```go expandable +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts *collections.IndexedMap[sdk.AccAddress, authtypes.BaseAccount, AccountsIndexes] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) + +Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + +return Keeper{ + Accounts: collections.NewIndexedMap( + sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollValue[authtypes.BaseAccount](cdc), + NewAccountIndexes(sb), + ), +} +} +``` + +As we can see here what we do, for now, is the same thing as we did for `collections.Map`. +We pass it the `SchemaBuilder`, the `Prefix` where we plan to store the mapping between `sdk.AccAddress` and `authtypes.BaseAccount`, +the human name and the respective `sdk.AccAddress` key codec and `authtypes.BaseAccount` value codec. + +Then we pass the instantiation of our `AccountIndexes` through `NewAccountIndexes`. + +Full example: + +```go expandable +package docs + +import ( + + "cosmossdk.io/collections" + "cosmossdk.io/collections/indexes" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsNumberIndexPrefix = collections.NewPrefix(1) + +type AccountsIndexes struct { + Number *indexes.Unique[uint64, sdk.AccAddress, authtypes.BaseAccount] +} + +func (a AccountsIndexes) + +IndexesList() []collections.Index[sdk.AccAddress, authtypes.BaseAccount] { + return []collections.Index[sdk.AccAddress, authtypes.BaseAccount]{ + a.Number +} +} + +func NewAccountIndexes(sb *collections.SchemaBuilder) + +AccountsIndexes { + return AccountsIndexes{ + Number: indexes.NewUnique( + sb, AccountsNumberIndexPrefix, "accounts_by_number", + collections.Uint64Key, sdk.AccAddressKey, + func(_ sdk.AccAddress, v authtypes.BaseAccount) (uint64, error) { + return v.AccountNumber, nil +}, + ), +} +} + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts *collections.IndexedMap[sdk.AccAddress, authtypes.BaseAccount, AccountsIndexes] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) + +Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + +return Keeper{ + Accounts: collections.NewIndexedMap( + sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollValue[authtypes.BaseAccount](cdc), + NewAccountIndexes(sb), + ), +} +} +``` + +### Working with IndexedMaps + +Whilst instantiating `collections.IndexedMap` is tedious, working with them is extremely smooth. + +Let's take the full example, and expand it with some use-cases. + +```go expandable +package docs + +import ( + + "cosmossdk.io/collections" + "cosmossdk.io/collections/indexes" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsNumberIndexPrefix = collections.NewPrefix(1) + +type AccountsIndexes struct { + Number *indexes.Unique[uint64, sdk.AccAddress, authtypes.BaseAccount] +} + +func (a AccountsIndexes) + +IndexesList() []collections.Index[sdk.AccAddress, authtypes.BaseAccount] { + return []collections.Index[sdk.AccAddress, authtypes.BaseAccount]{ + a.Number +} +} + +func NewAccountIndexes(sb *collections.SchemaBuilder) + +AccountsIndexes { + return AccountsIndexes{ + Number: indexes.NewUnique( + sb, AccountsNumberIndexPrefix, "accounts_by_number", + collections.Uint64Key, sdk.AccAddressKey, + func(_ sdk.AccAddress, v authtypes.BaseAccount) (uint64, error) { + return v.AccountNumber, nil +}, + ), +} +} + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts *collections.IndexedMap[sdk.AccAddress, authtypes.BaseAccount, AccountsIndexes] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey, cdc codec.BinaryCodec) + +Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + +return Keeper{ + Accounts: collections.NewIndexedMap( + sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollValue[authtypes.BaseAccount](cdc), + NewAccountIndexes(sb), + ), +} +} + +func (k Keeper) + +CreateAccount(ctx sdk.Context, addr sdk.AccAddress) + +error { + nextAccountNumber := k.getNextAccountNumber() + newAcc := authtypes.BaseAccount{ + AccountNumber: nextAccountNumber, + Sequence: 0, +} + +return k.Accounts.Set(ctx, addr, newAcc) +} + +func (k Keeper) + +RemoveAccount(ctx sdk.Context, addr sdk.AccAddress) + +error { + return k.Accounts.Remove(ctx, addr) +} + +func (k Keeper) + +GetAccountByNumber(ctx sdk.Context, accNumber uint64) (sdk.AccAddress, authtypes.BaseAccount, error) { + accAddress, err := k.Accounts.Indexes.Number.MatchExact(ctx, accNumber) + if err != nil { + return nil, authtypes.BaseAccount{ +}, err +} + +acc, err := k.Accounts.Get(ctx, accAddress) + +return accAddress, acc, nil +} + +func (k Keeper) + +GetAccountsByNumber(ctx sdk.Context, startAccNum, endAccNum uint64) ([]authtypes.BaseAccount, error) { + rng := new(collections.Range[uint64]). + StartInclusive(startAccNum). + EndInclusive(endAccNum) + +iter, err := k.Accounts.Indexes.Number.Iterate(ctx, rng) + if err != nil { + return nil, err +} + +return indexes.CollectValues(ctx, k.Accounts, iter) +} + +func (k Keeper) + +getNextAccountNumber() + +uint64 { + return 0 +} +``` + +## Collections with interfaces as values + +Although cosmos-sdk is shifting away from the usage of interface registry, there are still some places where it is used. +In order to support old code, we have to support collections with interface values. + +The generic `codec.CollValue` is not able to handle interface values, so we need to use a special type `codec.CollValueInterface`. +`codec.CollValueInterface` takes a `codec.BinaryCodec` as an argument, and uses it to marshal and unmarshal values as interfaces. +The `codec.CollValueInterface` lives in the `codec` package, whose import path is `github.com/cosmos/cosmos-sdk/codec`. + +### Instantiating Collections with interface values + +In order to instantiate a collection with interface values, we need to use `codec.CollValueInterface` instead of `codec.CollValue`. + +```go expandable +package example + +import ( + + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" +) + +var AccountsPrefix = collections.NewPrefix(0) + +type Keeper struct { + Schema collections.Schema + Accounts *collections.Map[sdk.AccAddress, sdk.AccountI] +} + +func NewKeeper(cdc codec.BinaryCodec, storeKey *storetypes.KVStoreKey) + +Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + +return Keeper{ + Accounts: collections.NewMap( + sb, AccountsPrefix, "accounts", + sdk.AccAddressKey, codec.CollInterfaceValue[sdk.AccountI](cdc), + ), +} +} + +func (k Keeper) + +SaveBaseAccount(ctx sdk.Context, account authtypes.BaseAccount) + +error { + return k.Accounts.Set(ctx, account.GetAddress(), account) +} + +func (k Keeper) + +SaveModuleAccount(ctx sdk.Context, account authtypes.ModuleAccount) + +error { + return k.Accounts.Set(ctx, account.GetAddress(), account) +} + +func (k Keeper) + +GetAccount(ctx sdk.context, addr sdk.AccAddress) (sdk.AccountI, error) { + return k.Accounts.Get(ctx, addr) +} +``` + +## Triple key + +The `collections.Triple` is a special type of key composed of three keys, it's identical to `collections.Pair`. + +Let's see an example. + +```go expandable +package example + +import ( + + "context" + "cosmossdk.io/collections" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" +) + +type AccAddress = string +type ValAddress = string + +type Keeper struct { + // let's simulate we have redelegations which are stored as a triple key composed of + // the delegator, the source validator and the destination validator. + Redelegations collections.KeySet[collections.Triple[AccAddress, ValAddress, ValAddress]] +} + +func NewKeeper(storeKey *storetypes.KVStoreKey) + +Keeper { + sb := collections.NewSchemaBuilder(sdk.OpenKVStore(storeKey)) + +return Keeper{ + Redelegations: collections.NewKeySet(sb, collections.NewPrefix(0), "redelegations", collections.TripleKeyCodec(collections.StringKey, collections.StringKey, collections.StringKey) +} +} + +// RedelegationsByDelegator iterates over all the redelegations of a given delegator and calls onResult providing +// each redelegation from source validator towards the destination validator. +func (k Keeper) + +RedelegationsByDelegator(ctx context.Context, delegator AccAddress, onResult func(src, dst ValAddress) (stop bool, err error)) + +error { + rng := collections.NewPrefixedTripleRange[AccAddress, ValAddress, ValAddress](delegator) + +return k.Redelegations.Walk(ctx, rng, func(key collections.Triple[AccAddress, ValAddress, ValAddress]) (stop bool, err error) { + return onResult(key.K2(), key.K3()) +}) +} + +// RedelegationsByDelegatorAndValidator iterates over all the redelegations of a given delegator and its source validator and calls onResult for each +// destination validator. +func (k Keeper) + +RedelegationsByDelegatorAndValidator(ctx context.Context, delegator AccAddress, validator ValAddress, onResult func(dst ValAddress) (stop bool, err error)) + +error { + rng := collections.NewSuperPrefixedTripleRange[AccAddress, ValAddress, ValAddress](delegator, validator) + +return k.Redelegations.Walk(ctx, rng, func(key collections.Triple[AccAddress, ValAddress, ValAddress]) (stop bool, err error) { + return onResult(key.K3()) +}) +} +``` + +## Advanced Usages + +### Alternative Value Codec + +The `codec.AltValueCodec` allows a collection to decode values using a different codec than the one used to encode them. +Basically it enables to decode two different byte representations of the same concrete value. +It can be used to lazily migrate values from one bytes representation to another, as long as the new representation is +not able to decode the old one. + +A concrete example can be found in `x/bank` where the balance was initially stored as `Coin` and then migrated to `Int`. + +```go +var BankBalanceValueCodec = codec.NewAltValueCodec(sdk.IntValue, func(b []byte) (sdk.Int, error) { + coin := sdk.Coin{ +} + err := coin.Unmarshal(b) + if err != nil { + return sdk.Int{ +}, err +} + +return coin.Amount, nil +}) +``` + +The above example shows how to create an `AltValueCodec` that can decode both `sdk.Int` and `sdk.Coin` values. The provided +decoder function will be used as a fallback in case the default decoder fails. When the value will be encoded back into state +it will use the default encoder. This allows to lazily migrate values to a new bytes representation. diff --git a/docs/sdk/next/build/packages/depinject.mdx b/docs/sdk/next/build/packages/depinject.mdx new file mode 100644 index 00000000..50d28edd --- /dev/null +++ b/docs/sdk/next/build/packages/depinject.mdx @@ -0,0 +1,677 @@ +--- +title: Depinject +--- +> **DISCLAIMER**: This is a **beta** package. The SDK team is actively working on this feature and we are looking for feedback from the community. Please try it out and let us know what you think. + +## Overview + +`depinject` is a dependency injection (DI) framework for the Cosmos SDK, designed to streamline the process of building and configuring blockchain applications. It works in conjunction with the `core/appconfig` module to replace the majority of boilerplate code in `app.go` with a configuration file in Go, YAML, or JSON format. + +`depinject` is particularly useful for developing blockchain applications: + +* With multiple interdependent components, modules, or services. Helping manage their dependencies effectively. +* That require decoupling of these components, making it easier to test, modify, or replace individual parts without affecting the entire system. +* That are wanting to simplify the setup and initialisation of modules and their dependencies by reducing boilerplate code and automating dependency management. + +By using `depinject`, developers can achieve: + +* Cleaner and more organised code. + +* Improved modularity and maintainability. + +* A more maintainable and modular structure for their blockchain applications, ultimately enhancing development velocity and code quality. + +* [Go Doc](https://pkg.go.dev/cosmossdk.io/depinject) + +## Usage + +The `depinject` framework, based on dependency injection concepts, streamlines the management of dependencies within your blockchain application using its Configuration API. This API offers a set of functions and methods to create easy to use configurations, making it simple to define, modify, and access dependencies and their relationships. + +A core component of the [Configuration API](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/depinject#Config) is the `Provide` function, which allows you to register provider functions that supply dependencies. Inspired by constructor injection, these provider functions form the basis of the dependency tree, enabling the management and resolution of dependencies in a structured and maintainable manner. Additionally, `depinject` supports interface types as inputs to provider functions, offering flexibility and decoupling between components, similar to interface injection concepts. + +By leveraging `depinject` and its Configuration API, you can efficiently handle dependencies in your blockchain application, ensuring a clean, modular, and well-organised codebase. + +Example: + +```go expandable +package main + +import ( + + "fmt" + "cosmossdk.io/depinject" +) + +type AnotherInt int + +func GetInt() + +int { + return 1 +} + +func GetAnotherInt() + +AnotherInt { + return 2 +} + +func main() { + var ( + x int + y AnotherInt + ) + +fmt.Printf("Before (%v, %v)\n", x, y) + +depinject.Inject( + depinject.Provide( + GetInt, + GetAnotherInt, + ), + &x, + &y, + ) + +fmt.Printf("After (%v, %v)\n", x, y) +} +``` + +In this example, `depinject.Provide` registers two provider functions that return `int` and `AnotherInt` values. The `depinject.Inject` function is then used to inject these values into the variables `x` and `y`. + +Provider functions serve as the basis for the dependency tree. They are analysed to identify their inputs as dependencies and their outputs as dependents. These dependents can either be used by another provider function or be stored outside the DI container (e.g., `&x` and `&y` in the example above). Provider functions must be exported. + +### Interface type resolution + +`depinject` supports the use of interface types as inputs to provider functions, which helps decouple dependencies between modules. This approach is particularly useful for managing complex systems with multiple modules, such as the Cosmos SDK, where dependencies need to be flexible and maintainable. + +For example, `x/bank` expects an [AccountKeeper](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/x/bank/types#AccountKeeper) interface as [input to ProvideModule](https://github.com/cosmos/cosmos-sdk/tree/release/v0.50.x/x/bank/module.go#L208-L260). `SimApp` uses the implementation in `x/auth`, but the modular design allows for easy changes to the implementation if needed. + +Consider the following example: + +```go expandable +package duck + +type Duck interface { + quack() +} + +type AlsoDuck interface { + quack() +} + +type Mallard struct{ +} + +type Canvasback struct{ +} + +func (duck Mallard) + +quack() { +} + +func (duck Canvasback) + +quack() { +} + +type Pond struct { + Duck AlsoDuck +} +``` + +And the following provider functions: + +```go expandable +func GetMallard() + +duck.Mallard { + return Mallard{ +} +} + +func GetPond(duck Duck) + +Pond { + return Pond{ + Duck: duck +} +} + +func GetCanvasback() + +Canvasback { + return Canvasback{ +} +} +``` + +In this example, there's a `Pond` struct that has a `Duck` field of type `AlsoDuck`. The `depinject` framework can automatically resolve the appropriate implementation when there's only one available, as shown below: + +```go +var pond Pond + +depinject.Inject( + depinject.Provide( + GetMallard, + GetPond, + ), + &pond) +``` + +This code snippet results in the `Duck` field of `Pond` being implicitly bound to the `Mallard` implementation because it's the only implementation of the `Duck` interface in the container. + +However, if there are multiple implementations of the `Duck` interface, as in the following example, you'll encounter an error: + +```go +var pond Pond + +depinject.Inject( + depinject.Provide( + GetMallard, + GetCanvasback, + GetPond, + ), + &pond) +``` + +A specific binding preference for `Duck` is required. + +#### `BindInterface` API + +In the above situation registering a binding for a given interface binding may look like: + +```go expandable +depinject.Inject( + depinject.Configs( + depinject.BindInterface( + "duck/duck.Duck", + "duck/duck.Mallard", + ), + depinject.Provide( + GetMallard, + GetCanvasback, + GetPond, + ), + ), + &pond) +``` + +Now `depinject` has enough information to provide `Mallard` as an input to `APond`. + +### Full example in real app + + +When using `depinject.Inject`, the injected types must be pointers. + + +```go expandable +//go:build !app_v1 + +package simapp + +import ( + + "io" + + dbm "github.com/cosmos/cosmos-db" + + clienthelpers "cosmossdk.io/client/v2/helpers" + "cosmossdk.io/depinject" + "cosmossdk.io/log" + storetypes "cosmossdk.io/store/types" + circuitkeeper "cosmossdk.io/x/circuit/keeper" + evidencekeeper "cosmossdk.io/x/evidence/keeper" + feegrantkeeper "cosmossdk.io/x/feegrant/keeper" + nftkeeper "cosmossdk.io/x/nft/keeper" + upgradekeeper "cosmossdk.io/x/upgrade/keeper" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + "github.com/cosmos/cosmos-sdk/runtime" + "github.com/cosmos/cosmos-sdk/server" + "github.com/cosmos/cosmos-sdk/server/api" + "github.com/cosmos/cosmos-sdk/server/config" + servertypes "github.com/cosmos/cosmos-sdk/server/types" + testdata_pulsar "github.com/cosmos/cosmos-sdk/testutil/testdata/testpb" + "github.com/cosmos/cosmos-sdk/types/module" + "github.com/cosmos/cosmos-sdk/x/auth" + "github.com/cosmos/cosmos-sdk/x/auth/ante" + authkeeper "github.com/cosmos/cosmos-sdk/x/auth/keeper" + authsims "github.com/cosmos/cosmos-sdk/x/auth/simulation" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + authzkeeper "github.com/cosmos/cosmos-sdk/x/authz/keeper" + bankkeeper "github.com/cosmos/cosmos-sdk/x/bank/keeper" + consensuskeeper "github.com/cosmos/cosmos-sdk/x/consensus/keeper" + distrkeeper "github.com/cosmos/cosmos-sdk/x/distribution/keeper" + epochskeeper "github.com/cosmos/cosmos-sdk/x/epochs/keeper" + govkeeper "github.com/cosmos/cosmos-sdk/x/gov/keeper" + groupkeeper "github.com/cosmos/cosmos-sdk/x/group/keeper" + mintkeeper "github.com/cosmos/cosmos-sdk/x/mint/keeper" + protocolpoolkeeper "github.com/cosmos/cosmos-sdk/x/protocolpool/keeper" + slashingkeeper "github.com/cosmos/cosmos-sdk/x/slashing/keeper" + stakingkeeper "github.com/cosmos/cosmos-sdk/x/staking/keeper" +) + +// DefaultNodeHome default home directories for the application daemon +var DefaultNodeHome string + +var ( + _ runtime.AppI = (*SimApp)(nil) + _ servertypes.Application = (*SimApp)(nil) +) + +// SimApp extends an ABCI application, but with most of its parameters exported. +// They are exported for convenience in creating helper functions, as object +// capabilities aren't needed for testing. +type SimApp struct { + *runtime.App + legacyAmino *codec.LegacyAmino + appCodec codec.Codec + txConfig client.TxConfig + interfaceRegistry codectypes.InterfaceRegistry + + // essential keepers + AccountKeeper authkeeper.AccountKeeper + BankKeeper bankkeeper.BaseKeeper + StakingKeeper *stakingkeeper.Keeper + SlashingKeeper slashingkeeper.Keeper + MintKeeper mintkeeper.Keeper + DistrKeeper distrkeeper.Keeper + GovKeeper *govkeeper.Keeper + UpgradeKeeper *upgradekeeper.Keeper + EvidenceKeeper evidencekeeper.Keeper + ConsensusParamsKeeper consensuskeeper.Keeper + CircuitKeeper circuitkeeper.Keeper + + // supplementary keepers + FeeGrantKeeper feegrantkeeper.Keeper + GroupKeeper groupkeeper.Keeper + AuthzKeeper authzkeeper.Keeper + NFTKeeper nftkeeper.Keeper + EpochsKeeper epochskeeper.Keeper + ProtocolPoolKeeper protocolpoolkeeper.Keeper + + // simulation manager + sm *module.SimulationManager +} + +func init() { + var err error + DefaultNodeHome, err = clienthelpers.GetNodeHomeDirectory(".simapp") + if err != nil { + panic(err) +} +} + +// NewSimApp returns a reference to an initialized SimApp. +func NewSimApp( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), +) *SimApp { + var ( + app = &SimApp{ +} + +appBuilder *runtime.AppBuilder + + // merge the AppConfig and other configuration in one config + appConfig = depinject.Configs( + AppConfig, + depinject.Supply( + // supply the application options + appOpts, + // supply the logger + logger, + + // ADVANCED CONFIGURATION + + // + // AUTH + // + // For providing a custom function required in auth to generate custom account types + // add it below. By default the auth module uses simulation.RandomGenesisAccounts. + // + // authtypes.RandomGenesisAccountsFn(simulation.RandomGenesisAccounts), + // + // For providing a custom a base account type add it below. + // By default the auth module uses authtypes.ProtoBaseAccount(). + // + // func() + +sdk.AccountI { + return authtypes.ProtoBaseAccount() +}, + // + // For providing a different address codec, add it below. + // By default the auth module uses a Bech32 address codec, + // with the prefix defined in the auth module configuration. + // + // func() + +address.Codec { + return <- custom address codec type -> +} + // + // STAKING + // + // For provinding a different validator and consensus address codec, add it below. + // By default the staking module uses the bech32 prefix provided in the auth config, + // and appends "valoper" and "valcons" for validator and consensus addresses respectively. + // When providing a custom address codec in auth, custom address codecs must be provided here as well. + // + // func() + +runtime.ValidatorAddressCodec { + return <- custom validator address codec type -> +} + // func() + +runtime.ConsensusAddressCodec { + return <- custom consensus address codec type -> +} + + // + // MINT + // + + // For providing a custom inflation function for x/mint add here your + // custom minting function that implements the mintkeeper.MintFn + // interface. + ), + ) + ) + if err := depinject.Inject(appConfig, + &appBuilder, + &app.appCodec, + &app.legacyAmino, + &app.txConfig, + &app.interfaceRegistry, + &app.AccountKeeper, + &app.BankKeeper, + &app.StakingKeeper, + &app.SlashingKeeper, + &app.MintKeeper, + &app.DistrKeeper, + &app.GovKeeper, + &app.UpgradeKeeper, + &app.AuthzKeeper, + &app.EvidenceKeeper, + &app.FeeGrantKeeper, + &app.GroupKeeper, + &app.NFTKeeper, + &app.ConsensusParamsKeeper, + &app.CircuitKeeper, + &app.EpochsKeeper, + &app.ProtocolPoolKeeper, + ); err != nil { + panic(err) +} + + // Below we could construct and set an application specific mempool and + // ABCI 1.0 PrepareProposal and ProcessProposal handlers. These defaults are + // already set in the SDK's BaseApp, this shows an example of how to override + // them. + // + // Example: + // + // app.App = appBuilder.Build(...) + // nonceMempool := mempool.NewSenderNonceMempool() + // abciPropHandler := NewDefaultProposalHandler(nonceMempool, app.App.BaseApp) + // + // app.App.BaseApp.SetMempool(nonceMempool) + // app.App.BaseApp.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // app.App.BaseApp.SetProcessProposal(abciPropHandler.ProcessProposalHandler()) + // + // Alternatively, you can construct BaseApp options, append those to + // baseAppOptions and pass them to the appBuilder. + // + // Example: + // + // prepareOpt = func(app *baseapp.BaseApp) { + // abciPropHandler := baseapp.NewDefaultProposalHandler(nonceMempool, app) + // app.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // +} + // baseAppOptions = append(baseAppOptions, prepareOpt) + + // create and set dummy vote extension handler + voteExtOp := func(bApp *baseapp.BaseApp) { + voteExtHandler := NewVoteExtensionHandler() + +voteExtHandler.SetHandlers(bApp) +} + +baseAppOptions = append(baseAppOptions, voteExtOp, baseapp.SetOptimisticExecution()) + +app.App = appBuilder.Build(db, traceStore, baseAppOptions...) + + // register streaming services + if err := app.RegisterStreamingServices(appOpts, app.kvStoreKeys()); err != nil { + panic(err) +} + + /**** Module Options ****/ + + // RegisterUpgradeHandlers is used for registering any on-chain upgrades. + app.RegisterUpgradeHandlers() + + // add test gRPC service for testing gRPC queries in isolation + testdata_pulsar.RegisterQueryServer(app.GRPCQueryRouter(), testdata_pulsar.QueryImpl{ +}) + + // create the simulation manager and define the order of the modules for deterministic simulations + // + // NOTE: this is not required apps that don't use the simulator for fuzz testing + // transactions + overrideModules := map[string]module.AppModuleSimulation{ + authtypes.ModuleName: auth.NewAppModule(app.appCodec, app.AccountKeeper, authsims.RandomGenesisAccounts, nil), +} + +app.sm = module.NewSimulationManagerFromAppModules(app.ModuleManager.Modules, overrideModules) + +app.sm.RegisterStoreDecoders() + + // A custom InitChainer can be set if extra pre-init-genesis logic is required. + // By default, when using app wiring enabled module, this is not required. + // For instance, the upgrade module will set automatically the module version map in its init genesis thanks to app wiring. + // However, when registering a module manually (i.e. that does not support app wiring), the module version map + // must be set manually as follow. The upgrade module will de-duplicate the module version map. + // + // app.SetInitChainer(func(ctx sdk.Context, req *abci.RequestInitChain) (*abci.ResponseInitChain, error) { + // app.UpgradeKeeper.SetModuleVersionMap(ctx, app.ModuleManager.GetVersionMap()) + // return app.App.InitChainer(ctx, req) + // +}) + + // set custom ante handler + app.setAnteHandler(app.txConfig) + if err := app.Load(loadLatest); err != nil { + panic(err) +} + +return app +} + +// setAnteHandler sets custom ante handlers. +// "x/auth/tx" pre-defined ante handler have been disabled in app_config. +func (app *SimApp) + +setAnteHandler(txConfig client.TxConfig) { + anteHandler, err := NewAnteHandler( + HandlerOptions{ + ante.HandlerOptions{ + AccountKeeper: app.AccountKeeper, + BankKeeper: app.BankKeeper, + SignModeHandler: txConfig.SignModeHandler(), + FeegrantKeeper: app.FeeGrantKeeper, + SigGasConsumer: ante.DefaultSigVerificationGasConsumer, +}, + &app.CircuitKeeper, +}, + ) + if err != nil { + panic(err) +} + + // Set the AnteHandler for the app + app.SetAnteHandler(anteHandler) +} + +// LegacyAmino returns SimApp's amino codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +LegacyAmino() *codec.LegacyAmino { + return app.legacyAmino +} + +// AppCodec returns SimApp's app codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +AppCodec() + +codec.Codec { + return app.appCodec +} + +// InterfaceRegistry returns SimApp's InterfaceRegistry. +func (app *SimApp) + +InterfaceRegistry() + +codectypes.InterfaceRegistry { + return app.interfaceRegistry +} + +// TxConfig returns SimApp's TxConfig +func (app *SimApp) + +TxConfig() + +client.TxConfig { + return app.txConfig +} + +// GetKey returns the KVStoreKey for the provided store key. +// +// NOTE: This is solely to be used for testing purposes. +func (app *SimApp) + +GetKey(storeKey string) *storetypes.KVStoreKey { + sk := app.UnsafeFindStoreKey(storeKey) + +kvStoreKey, ok := sk.(*storetypes.KVStoreKey) + if !ok { + return nil +} + +return kvStoreKey +} + +func (app *SimApp) + +kvStoreKeys() + +map[string]*storetypes.KVStoreKey { + keys := make(map[string]*storetypes.KVStoreKey) + for _, k := range app.GetStoreKeys() { + if kv, ok := k.(*storetypes.KVStoreKey); ok { + keys[kv.Name()] = kv +} + +} + +return keys +} + +// SimulationManager implements the SimulationApp interface +func (app *SimApp) + +SimulationManager() *module.SimulationManager { + return app.sm +} + +// RegisterAPIRoutes registers all application module routes with the provided +// API server. +func (app *SimApp) + +RegisterAPIRoutes(apiSvr *api.Server, apiConfig config.APIConfig) { + app.App.RegisterAPIRoutes(apiSvr, apiConfig) + // register swagger API in app.go so that other applications can override easily + if err := server.RegisterSwaggerAPI(apiSvr.ClientCtx, apiSvr.Router, apiConfig.Swagger); err != nil { + panic(err) +} +} + +// GetMaccPerms returns a copy of the module account permissions +// +// NOTE: This is solely to be used for testing purposes. +func GetMaccPerms() + +map[string][]string { + dup := make(map[string][]string) + for _, perms := range moduleAccPerms { + dup[perms.Account] = perms.Permissions +} + +return dup +} + +// BlockedAddresses returns all the app's blocked account addresses. +func BlockedAddresses() + +map[string]bool { + result := make(map[string]bool) + if len(blockAccAddrs) > 0 { + for _, addr := range blockAccAddrs { + result[addr] = true +} + +} + +else { + for addr := range GetMaccPerms() { + result[addr] = true +} + +} + +return result +} +``` + +## Debugging + +Issues with resolving dependencies in the container can be done with logs and [Graphviz](https://graphviz.org) renderings of the container tree. +By default, whenever there is an error, logs will be printed to stderr and a rendering of the dependency graph in Graphviz DOT format will be saved to `debug_container.dot`. + +Here is an example Graphviz rendering of a successful build of a dependency graph: +![Graphviz Example](https://raw.githubusercontent.com/cosmos/cosmos-sdk/ff39d243d421442b400befcd959ec3ccd2525154/depinject/testdata/example.svg) + +Rectangles represent functions, ovals represent types, rounded rectangles represent modules and the single hexagon +represents the function which called `Build`. Black-colored shapes mark functions and types that were called/resolved +without an error. Gray-colored nodes mark functions and types that could have been called/resolved in the container but +were left unused. + +Here is an example Graphviz rendering of a dependency graph build which failed: +![Graphviz Error Example](https://raw.githubusercontent.com/cosmos/cosmos-sdk/ff39d243d421442b400befcd959ec3ccd2525154/depinject/testdata/example_error.svg) + +Graphviz DOT files can be converted into SVG's for viewing in a web browser using the `dot` command-line tool, ex: + +```txt +dot -Tsvg debug_container.dot > debug_container.svg +``` + +Many other tools including some IDEs support working with DOT files. diff --git a/docs/sdk/next/build/rfc/PROCESS.mdx b/docs/sdk/next/build/rfc/PROCESS.mdx new file mode 100644 index 00000000..cea5a4aa --- /dev/null +++ b/docs/sdk/next/build/rfc/PROCESS.mdx @@ -0,0 +1,63 @@ +--- +title: RFC Creation Process +--- +1. Copy the `rfc-template.md` file. Use the following filename pattern: `rfc-next_number-title.md` +2. Create a draft Pull Request if you want to get an early feedback. +3. Make sure the context and a solution is clear and well documented. +4. Add an entry to a list in the [README](/docs/sdk/vnext/build/rfc/README) file. +5. Create a Pull Request to propose a new ADR. + +## What is an RFC? + +An RFC is a sort of async whiteboarding session. It is meant to replace the need for a distributed team to come together to make a decision. Currently, the Cosmos SDK team and contributors are distributed around the world. The team conducts working groups to have a synchronous discussion and an RFC can be used to capture the discussion for a wider audience to better understand the changes that are coming to the software. + +The main difference the Cosmos SDK is defining as a differentiation between RFC and ADRs is that one is to come to consensus and circulate information about a potential change or feature. An ADR is used if there is already consensus on a feature or change and there is not a need to articulate the change coming to the software. An ADR will articulate the changes and have a lower amount of communication . + +## RFC life cycle + +RFC creation is an **iterative** process. An RFC is meant as a distributed colloboration session, it may have many comments and is usually the bi-product of no working group or synchornous communication + +1. Proposals could start with a new GitHub Issue, be a result of existing Issues or a discussion. + +2. An RFC doesn't have to arrive to `main` with an *accepted* status in a single PR. If the motivation is clear and the solution is sound, we SHOULD be able to merge it and keep a *proposed* status. It's preferable to have an iterative approach rather than long, not merged Pull Requests. + +3. If a *proposed* RFC is merged, then it should clearly document outstanding issues either in the RFC document notes or in a GitHub Issue. + +4. The PR SHOULD always be merged. In the case of a faulty RFC, we still prefer to merge it with a *rejected* status. The only time the RFC SHOULD NOT be merged is if the author abandons it. + +5. Merged RFCs SHOULD NOT be pruned. + +6. If there is consensus and enough feedback then the RFC can be accepted. + +> Note: An RFC is written when there is no working group or team session on the problem. RFC's are meant as a distributed white boarding session. If there is a working group on the proposal there is no need to have an RFC as there is synchornous whiteboarding going on. + +### RFC status + +Status has two components: + +```text +{CONSENSUS STATUS} +``` + +#### Consensus Status + +```text +DRAFT -> PROPOSED -> LAST CALL yyyy-mm-dd -> ACCEPTED | REJECTED -> SUPERSEDED by ADR-xxx + \ | + \ | + v v + ABANDONED +``` + +* `DRAFT`: \[optional] an ADR which is work in progress, not being ready for a general review. This is to present an early work and get an early feedback in a Draft Pull Request form. +* `PROPOSED`: an ADR covering a full solution architecture and still in the review - project stakeholders haven't reached an agreed yet. +* `LAST CALL `: \[optional] clear notify that we are close to accept updates. Changing a status to `LAST CALL` means that social consensus (of Cosmos SDK maintainers) has been reached and we still want to give it a time to let the community react or analyze. +* `ACCEPTED`: ADR which will represent a currently implemented or to be implemented architecture design. +* `REJECTED`: ADR can go from PROPOSED or ACCEPTED to rejected if the consensus among project stakeholders will decide so. +* `SUPERSEEDED by ADR-xxx`: ADR which has been superseded by a new ADR. +* `ABANDONED`: the ADR is no longer pursued by the original authors. + +## Language used in RFC + +* The background/goal should be written in the present tense. +* Avoid using a first, personal form. diff --git a/docs/sdk/next/build/rfc/README.mdx b/docs/sdk/next/build/rfc/README.mdx new file mode 100644 index 00000000..8ad884df --- /dev/null +++ b/docs/sdk/next/build/rfc/README.mdx @@ -0,0 +1,39 @@ +--- +title: Requests for Comments +description: >- + A Request for Comments (RFC) is a record of discussion on an open-ended topic + related to the design and implementation of the Cosmos SDK, for which no + immediate decision is required. +--- +A Request for Comments (RFC) is a record of discussion on an open-ended topic +related to the design and implementation of the Cosmos SDK, for which no +immediate decision is required. + +The purpose of an RFC is to serve as a historical record of a high-level +discussion that might otherwise only be recorded in an ad-hoc way (for example, +via gists or Google docs) that are difficult to discover for someone after the +fact. An RFC *may* give rise to more specific architectural *decisions* for +the Cosmos SDK, but those decisions must be recorded separately in +[Architecture Decision Records (ADR)](/docs/sdk/vnext/build/architecture). + +As a rule of thumb, if you can articulate a specific question that needs to be +answered, write an ADR. If you need to explore the topic and get input from +others to know what questions need to be answered, an RFC may be appropriate. + +## RFC Content + +An RFC should provide: + +* A **changelog**, documenting when and how the RFC has changed. +* An **abstract**, briefly summarizing the topic so the reader can quickly tell + whether it is relevant to their interest. +* Any **background** a reader will need to understand and participate in the + substance of the discussion (links to other documents are fine here). +* The **discussion**, the primary content of the document. + +The [rfc-template.md](/docs/sdk/vnext/build/rfc/rfc-template) file includes placeholders for these +sections. + +## Table of Contents + +* [RFC-001: Tx Validation](/docs/sdk/vnext/build/rfc/rfc-001-tx-validation) diff --git a/docs/sdk/next/build/rfc/rfc-001-tx-validation.mdx b/docs/sdk/next/build/rfc/rfc-001-tx-validation.mdx new file mode 100644 index 00000000..64a474db --- /dev/null +++ b/docs/sdk/next/build/rfc/rfc-001-tx-validation.mdx @@ -0,0 +1,27 @@ +--- +title: 'RFC 001: Transaction Validation' +description: '2023-03-12: Proposed' +--- +## Changelog + +* 2023-03-12: Proposed + +## Background + +Transation Validation is crucial to a functioning state machine. Within the Cosmos SDK there are two validation flows, one is outside the message server and the other within. The flow outside of the message server is the `ValidateBasic` function. It is called in the antehandler on both `CheckTx` and `DeliverTx`. There is an overhead and sometimes duplication of validation within these two flows. This extra validation provides an additional check before entering the mempool. + +With the deprecation of [`GetSigners`](https://github.com/cosmos/cosmos-sdk/issues/11275) we have the optionality to remove [sdk.Msg](https://github.com/cosmos/cosmos-sdk/blob/16a5404f8e00ddcf8857c8a55dca2f7c109c29bc/types/tx_msg.go#L16) and the `ValidateBasic` function. + +With the separation of CometBFT and Cosmos-SDK, there is a lack of control of what transactions get broadcasted and included in a block. This extra validation in the antehandler is meant to help in this case. In most cases the transaction is or should be simulated against a node for validation. With this flow transactions will be treated the same. + +## Proposal + +The acceptance of this RFC would move validation within `ValidateBasic` to the message server in modules, update tutorials and docs to remove mention of using `ValidateBasic` in favour of handling all validation for a message where it is executed. + +We can and will still support the `Validatebasic` function for users and provide an extension interface of the function once `sdk.Msg` is depreacted. + +> Note: This is how messages are handled in VMs like Ethereum and CosmWasm. + +### Consequences + +The consequence of updating the transaction flow is that transaction that may have failed before with the `ValidateBasic` flow will now be included in a block and fees charged. diff --git a/docs/sdk/next/build/rfc/rfc-template.mdx b/docs/sdk/next/build/rfc/rfc-template.mdx new file mode 100644 index 00000000..4b22021b --- /dev/null +++ b/docs/sdk/next/build/rfc/rfc-template.mdx @@ -0,0 +1,77 @@ +## Changelog + +* `{date}`: `{changelog}` + +## Background + +> The next section is the "Background" section. This section should be at least two paragraphs and can take up to a whole +> page in some cases. The guiding goal of the background section is: as a newcomer to this project (new employee, team +> transfer), can I read the background section and follow any links to get the full context of why this change is\ +> necessary? +> +> If you can't show a random engineer the background section and have them acquire nearly full context on the necessity +> for the RFC, then the background section is not full enough. To help achieve this, link to prior RFCs, discussions, and +> more here as necessary to provide context so you don't have to simply repeat yourself. + +## Proposal + +> The next required section is "Proposal" or "Goal". Given the background above, this section proposes a solution. +> This should be an overview of the "how" for the solution, but for details further sections will be used. + +## Abandoned Ideas (Optional) + +> As RFCs evolve, it is common that there are ideas that are abandoned. Rather than simply deleting them from the +> document, you should try to organize them into sections that make it clear they're abandoned while explaining why they +> were abandoned. +> +> When sharing your RFC with others or having someone look back on your RFC in the future, it is common to walk the same +> path and fall into the same pitfalls that we've since matured from. Abandoned ideas are a way to recognize that path +> and explain the pitfalls and why they were abandoned. + +## Descision + +> This section describes alternative designs to the chosen design. This section +> is important and if an adr does not have any alternatives then it should be +> considered that the ADR was not thought through. + +## Consequences (optional) + +> This section describes the resulting context, after applying the decision. All +> consequences should be listed here, not just the "positive" ones. A particular +> decision may have positive, negative, and neutral consequences, but all of them +> affect the team and project in the future. + +### Backwards Compatibility + +> All ADRs that introduce backwards incompatibilities must include a section +> describing these incompatibilities and their severity. The ADR must explain +> how the author proposes to deal with these incompatibilities. ADR submissions +> without a sufficient backwards compatibility treatise may be rejected outright. + +### Positive + +> `{positive consequences}` + +### Negative + +> `{negative consequences}` + +### Neutral + +> `{neutral consequences}` + +### References + +> Links to external materials needed to follow the discussion may be added here. +> +> In addition, if the discussion in a request for comments leads to any design +> decisions, it may be helpful to add links to the ADR documents here after the +> discussion has settled. + +## Discussion + +> This section contains the core of the discussion. +> +> There is no fixed format for this section, but ideally changes to this +> section should be updated before merging to reflect any discussion that took +> place on the PR that made those changes. diff --git a/docs/sdk/next/build/rfc/rfc/PROCESS.mdx b/docs/sdk/next/build/rfc/rfc/PROCESS.mdx new file mode 100644 index 00000000..166a439a --- /dev/null +++ b/docs/sdk/next/build/rfc/rfc/PROCESS.mdx @@ -0,0 +1,63 @@ +--- +title: RFC Creation Process +--- +1. Copy the `rfc-template.md` file. Use the following filename pattern: `rfc-next_number-title.md` +2. Create a draft Pull Request if you want to get an early feedback. +3. Make sure the context and a solution is clear and well documented. +4. Add an entry to a list in the [README](/docs/sdk/vnext/build/rfc/rfc/README) file. +5. Create a Pull Request to propose a new ADR. + +## What is an RFC? + +An RFC is a sort of async whiteboarding session. It is meant to replace the need for a distributed team to come together to make a decision. Currently, the Cosmos SDK team and contributors are distributed around the world. The team conducts working groups to have a synchronous discussion and an RFC can be used to capture the discussion for a wider audience to better understand the changes that are coming to the software. + +The main difference the Cosmos SDK is defining as a differentiation between RFC and ADRs is that one is to come to consensus and circulate information about a potential change or feature. An ADR is used if there is already consensus on a feature or change and there is not a need to articulate the change coming to the software. An ADR will articulate the changes and have a lower amount of communication. + +## RFC life cycle + +RFC creation is an **iterative** process. An RFC is meant as a distributed collaboration session, it may have many comments and is usually the by-product of no working group or synchronous communication + +1. Proposals could start with a new GitHub Issue, be a result of existing Issues or a discussion. + +2. An RFC doesn't have to arrive to `main` with an *accepted* status in a single PR. If the motivation is clear and the solution is sound, we SHOULD be able to merge it and keep a *proposed* status. It's preferable to have an iterative approach rather than long, not merged Pull Requests. + +3. If a *proposed* RFC is merged, then it should clearly document outstanding issues either in the RFC document notes or in a GitHub Issue. + +4. The PR SHOULD always be merged. In the case of a faulty RFC, we still prefer to merge it with a *rejected* status. The only time the RFC SHOULD NOT be merged is if the author abandons it. + +5. Merged RFCs SHOULD NOT be pruned. + +6. If there is consensus and enough feedback then the RFC can be accepted. + +> Note: An RFC is written when there is no working group or team session on the problem. RFC's are meant as a distributed white boarding session. If there is a working group on the proposal there is no need to have an RFC as there is synchronous whiteboarding going on. + +### RFC status + +Status has two components: + +```text +{CONSENSUS STATUS} +``` + +#### Consensus Status + +```text +DRAFT -> PROPOSED -> LAST CALL yyyy-mm-dd -> ACCEPTED | REJECTED -> SUPERSEDED by ADR-xxx + \ | + \ | + v v + ABANDONED +``` + +* `DRAFT`: \[optional] an ADR which is work in progress, not being ready for a general review. This is to present an early work and get an early feedback in a Draft Pull Request form. +* `PROPOSED`: an ADR covering a full solution architecture and still in the review - project stakeholders haven't reached an agreed yet. +* `LAST CALL `: \[optional] clear notify that we are close to accept updates. Changing a status to `LAST CALL` means that social consensus (of Cosmos SDK maintainers) has been reached and we still want to give it a time to let the community react or analyze. +* `ACCEPTED`: ADR which will represent a currently implemented or to be implemented architecture design. +* `REJECTED`: ADR can go from PROPOSED or ACCEPTED to rejected if the consensus among project stakeholders will decide so. +* `SUPERSEDED by ADR-xxx`: ADR which has been superseded by a new ADR. +* `ABANDONED`: the ADR is no longer pursued by the original authors. + +## Language used in RFC + +* The background/goal should be written in the present tense. +* Avoid using a first, personal form. diff --git a/docs/sdk/next/build/rfc/rfc/README.mdx b/docs/sdk/next/build/rfc/rfc/README.mdx new file mode 100644 index 00000000..8ad884df --- /dev/null +++ b/docs/sdk/next/build/rfc/rfc/README.mdx @@ -0,0 +1,39 @@ +--- +title: Requests for Comments +description: >- + A Request for Comments (RFC) is a record of discussion on an open-ended topic + related to the design and implementation of the Cosmos SDK, for which no + immediate decision is required. +--- +A Request for Comments (RFC) is a record of discussion on an open-ended topic +related to the design and implementation of the Cosmos SDK, for which no +immediate decision is required. + +The purpose of an RFC is to serve as a historical record of a high-level +discussion that might otherwise only be recorded in an ad-hoc way (for example, +via gists or Google docs) that are difficult to discover for someone after the +fact. An RFC *may* give rise to more specific architectural *decisions* for +the Cosmos SDK, but those decisions must be recorded separately in +[Architecture Decision Records (ADR)](/docs/sdk/vnext/build/architecture). + +As a rule of thumb, if you can articulate a specific question that needs to be +answered, write an ADR. If you need to explore the topic and get input from +others to know what questions need to be answered, an RFC may be appropriate. + +## RFC Content + +An RFC should provide: + +* A **changelog**, documenting when and how the RFC has changed. +* An **abstract**, briefly summarizing the topic so the reader can quickly tell + whether it is relevant to their interest. +* Any **background** a reader will need to understand and participate in the + substance of the discussion (links to other documents are fine here). +* The **discussion**, the primary content of the document. + +The [rfc-template.md](/docs/sdk/vnext/build/rfc/rfc-template) file includes placeholders for these +sections. + +## Table of Contents + +* [RFC-001: Tx Validation](/docs/sdk/vnext/build/rfc/rfc-001-tx-validation) diff --git a/docs/sdk/next/build/rfc/rfc/rfc-001-tx-validation.mdx b/docs/sdk/next/build/rfc/rfc/rfc-001-tx-validation.mdx new file mode 100644 index 00000000..95cfb245 --- /dev/null +++ b/docs/sdk/next/build/rfc/rfc/rfc-001-tx-validation.mdx @@ -0,0 +1,27 @@ +--- +title: 'RFC 001: Transaction Validation' +description: '2023-03-12: Proposed' +--- +## Changelog + +* 2023-03-12: Proposed + +## Background + +Transaction Validation is crucial to a functioning state machine. Within the Cosmos SDK there are two validation flows, one is outside the message server and the other within. The flow outside of the message server is the `ValidateBasic` function. It is called in the antehandler on both `CheckTx` and `DeliverTx`. There is an overhead and sometimes duplication of validation within these two flows. This extra validation provides an additional check before entering the mempool. + +With the deprecation of [`GetSigners`](https://github.com/cosmos/cosmos-sdk/issues/11275) we have the optionality to remove [sdk.Msg](https://github.com/cosmos/cosmos-sdk/blob/16a5404f8e00ddcf8857c8a55dca2f7c109c29bc/types/tx_msg.go#L16) and the `ValidateBasic` function. + +With the separation of CometBFT and Cosmos-SDK, there is a lack of control of what transactions get broadcasted and included in a block. This extra validation in the antehandler is meant to help in this case. In most cases the transaction is or should be simulated against a node for validation. With this flow transactions will be treated the same. + +## Proposal + +The acceptance of this RFC would move validation within `ValidateBasic` to the message server in modules, update tutorials and docs to remove mention of using `ValidateBasic` in favour of handling all validation for a message where it is executed. + +We can and will still support the `ValidateBasic` function for users and provide an extension interface of the function once `sdk.Msg` is deprecated. + +> Note: This is how messages are handled in VMs like Ethereum and CosmWasm. + +### Consequences + +The consequence of updating the transaction flow is that transaction that may have failed before with the `ValidateBasic` flow will now be included in a block and the fees charged. diff --git a/docs/sdk/next/build/rfc/rfc/rfc-template.mdx b/docs/sdk/next/build/rfc/rfc/rfc-template.mdx new file mode 100644 index 00000000..ac765155 --- /dev/null +++ b/docs/sdk/next/build/rfc/rfc/rfc-template.mdx @@ -0,0 +1,77 @@ +## Changelog + +* `{date}`: `{changelog}` + +## Background + +> The next section is the "Background" section. This section should be at least two paragraphs and can take up to a whole +> page in some cases. The guiding goal of the background section is: as a newcomer to this project (new employee, team +> transfer), can I read the background section and follow any links to get the full context of why this change is\ +> necessary? +> +> If you can't show a random engineer the background section and have them acquire nearly full context on the necessity +> for the RFC, then the background section is not full enough. To help achieve this, link to prior RFCs, discussions, and +> more here as necessary to provide context so you don't have to simply repeat yourself. + +## Proposal + +> The next required section is "Proposal" or "Goal". Given the background above, this section proposes a solution. +> This should be an overview of the "how" for the solution, but for details further sections will be used. + +## Abandoned Ideas (Optional) + +> As RFCs evolve, it is common that there are ideas that are abandoned. Rather than simply deleting them from the +> document, you should try to organize them into sections that make it clear they're abandoned while explaining why they +> were abandoned. +> +> When sharing your RFC with others or having someone look back on your RFC in the future, it is common to walk the same +> path and fall into the same pitfalls that we've since matured from. Abandoned ideas are a way to recognize that path +> and explain the pitfalls and why they were abandoned. + +## Decision + +> This section describes alternative designs to the chosen design. This section +> is important and if an adr does not have any alternatives then it should be +> considered that the ADR was not thought through. + +## Consequences (optional) + +> This section describes the resulting context, after applying the decision. All +> consequences should be listed here, not just the "positive" ones. A particular +> decision may have positive, negative, and neutral consequences, but all of them +> affect the team and project in the future. + +### Backwards Compatibility + +> All ADRs that introduce backwards incompatibilities must include a section +> describing these incompatibilities and their severity. The ADR must explain +> how the author proposes to deal with these incompatibilities. ADR submissions +> without a sufficient backwards compatibility treatise may be rejected outright. + +### Positive + +> `{positive consequences}` + +### Negative + +> `{negative consequences}` + +### Neutral + +> `{neutral consequences}` + +### References + +> Links to external materials needed to follow the discussion may be added here. +> +> In addition, if the discussion in a request for comments leads to any design +> decisions, it may be helpful to add links to the ADR documents here after the +> discussion has settled. + +## Discussion + +> This section contains the core of the discussion. +> +> There is no fixed format for this section, but ideally changes to this +> section should be updated before merging to reflect any discussion that took +> place on the PR that made those changes. diff --git a/docs/sdk/next/build/spec/README.mdx b/docs/sdk/next/build/spec/README.mdx new file mode 100644 index 00000000..586b55cc --- /dev/null +++ b/docs/sdk/next/build/spec/README.mdx @@ -0,0 +1,25 @@ +--- +title: Specifications +description: >- + This directory contains specifications for the modules of the Cosmos SDK as + well as Interchain Standards (ICS) and other specifications. +--- +This directory contains specifications for the modules of the Cosmos SDK as well as Interchain Standards (ICS) and other specifications. + +Cosmos SDK applications hold this state in a Merkle store. Updates to +the store may be made during transactions and at the beginning and end of every +block. + +## Cosmos SDK specifications + +* [Store](/docs/sdk/vnext/build/spec/store) - The core Merkle store that holds the state. +* [Bech32](/docs/sdk/vnext/build/spec/addresses/bech32) - Address format for Cosmos SDK applications. + +## Modules specifications + +Go to the [module directory](https://docs.cosmos.network/main/modules) + +## CometBFT + +For details on the underlying blockchain and p2p protocols, see +the [CometBFT specification](https://github.com/cometbft/cometbft/tree/main/spec). diff --git a/docs/sdk/next/build/spec/SPEC_MODULE.mdx b/docs/sdk/next/build/spec/SPEC_MODULE.mdx new file mode 100644 index 00000000..f88aca82 --- /dev/null +++ b/docs/sdk/next/build/spec/SPEC_MODULE.mdx @@ -0,0 +1,64 @@ +--- +title: Specification of Modules +description: >- + This file intends to outline the common structure for specifications within + this directory. +--- +This file intends to outline the common structure for specifications within +this directory. + +## Tense + +For consistency, specs should be written in passive present tense. + +## Pseudo-Code + +Generally, pseudo-code should be minimized throughout the spec. Often, simple +bulleted-lists which describe a function's operations are sufficient and should +be considered preferable. In certain instances, due to the complex nature of +the functionality being described pseudo-code may the most suitable form of +specification. In these cases use of pseudo-code is permissible, but should be +presented in a concise manner, ideally restricted to only the complex +element as a part of a larger description. + +## Common Layout + +The following generalized `README` structure should be used to breakdown +specifications for modules. The following list is nonbinding and all sections are optional. + +* `# {Module Name}` - overview of the module +* `## Concepts` - describe specialized concepts and definitions used throughout the spec +* `## State` - specify and describe structures expected to be marshaled into the store, and their keys +* `## State Transitions` - standard state transition operations triggered by hooks, messages, etc. +* `## Messages` - specify message structure(s) and expected state machine behavior(s) +* `## Begin Block` - specify any begin-block operations +* `## End Block` - specify any end-block operations +* `## Hooks` - describe available hooks to be called by/from this module +* `## Events` - list and describe event tags used +* `## Client` - list and describe CLI commands and gRPC and REST endpoints +* `## Params` - list all module parameters, their types (in JSON) and examples +* `## Future Improvements` - describe future improvements of this module +* `## Tests` - acceptance tests +* `## Appendix` - supplementary details referenced elsewhere within the spec + +### Notation for key-value mapping + +Within `## State` the following notation `->` should be used to describe key to +value mapping: + +```text +key -> value +``` + +to represent byte concatenation the `|` may be used. In addition, encoding +type may be specified, for example: + +```text +0x00 | addressBytes | address2Bytes -> amino(value_object) +``` + +Additionally, index mappings may be specified by mapping to the `nil` value, for example: + +```text +0x01 | address2Bytes | addressBytes -> nil +``` diff --git a/docs/sdk/next/build/spec/SPEC_STANDARD.mdx b/docs/sdk/next/build/spec/SPEC_STANDARD.mdx new file mode 100644 index 00000000..7db12b37 --- /dev/null +++ b/docs/sdk/next/build/spec/SPEC_STANDARD.mdx @@ -0,0 +1,127 @@ +--- +title: What is an SDK standard? +--- +An SDK standard is a design document describing a particular protocol, standard, or feature expected to be used by the Cosmos SDK. An SDK standard should list the desired properties of the standard, explain the design rationale, and provide a concise but comprehensive technical specification. The primary author is responsible for pushing the proposal through the standardization process, soliciting input and support from the community, and communicating with relevant stakeholders to ensure (social) consensus. + +## Sections + +An SDK standard consists of: + +* a synopsis, +* overview and basic concepts, +* technical specification, +* history log, and +* copyright notice. + +All top-level sections are required. References should be included inline as links, or tabulated at the bottom of the section if necessary. Included subsections should be listed in the order specified below. + +### Table Of Contents + +Provide a table of contents at the top of the file to help readers. + +### Synopsis + +The document should include a brief (\~200 word) synopsis providing a high-level description of and rationale for the specification. + +### Overview and basic concepts + +This section should include a motivation subsection and a definition subsection if required: + +* *Motivation* - A rationale for the existence of the proposed feature, or the proposed changes to an existing feature. +* *Definitions* - A list of new terms or concepts used in the document or required to understand it. + +### System model and properties + +This section should include an assumption subsection if any, the mandatory properties subsection, and a dependency subsection. Note that the first two subsections are tightly coupled: how to enforce a property will depend directly on the assumptions made. This subsection is important to capture the interactions of the specified feature with the "rest-of-the-world," i.e., with other features of the ecosystem. + +* *Assumptions* - A list of any assumptions made by the feature designer. It should capture which features are used by the feature under specification, and what do we expect from them. +* *Properties* - A list of the desired properties or characteristics of the feature specified, and expected effects or failures when the properties are violated. In case it is relevant, it can also include a list of properties that the feature does not guarantee. +* *Dependencies* - A list of the features that use the feature under specification and how. + +### Technical specification + +This is the main section of the document, and should contain protocol documentation, design rationale, required references, and technical details where appropriate. +The section may have any or all of the following subsections, as appropriate to the particular specification. The API subsection is especially encouraged when appropriate. + +* *API* - A detailed description of the feature's API. +* *Technical Details* - All technical details including syntax, diagrams, semantics, protocols, data structures, algorithms, and pseudocode as appropriate. The technical specification should be detailed enough such that separate correct implementations of the specification without knowledge of each other are compatible. +* *Backwards Compatibility* - A discussion of compatibility (or lack thereof) with previous feature or protocol versions. +* *Known Issues* - A list of known issues. This subsection is specially important for specifications of already in-use features. +* *Example Implementation* - A concrete example implementation or description of an expected implementation to serve as the primary reference for implementers. + +### History + +A specification should include a history section, listing any inspiring documents and a plaintext log of significant changes. + +See an example history section [below](#history-1). + +### Copyright + +A specification should include a copyright section waiving rights via [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0). + +## Formatting + +### General + +Specifications must be written in GitHub-flavored Markdown. + +For a GitHub-flavored Markdown cheat sheet, see [here](https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet). For a local Markdown renderer, see [here](https://github.com/joeyespo/grip). + +### Language + +Specifications should be written in Simple English, avoiding obscure terminology and unnecessary jargon. For excellent examples of Simple English, please see the [Simple English Wikipedia](https://simple.wikipedia.org/wiki/Main_Page). + +The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in specifications are to be interpreted as described in [RFC 2119](https://tools.ietf.org/html/rfc2119). + +### Pseudocode + +Pseudocode in specifications should be language-agnostic and formatted in a simple imperative standard, with line numbers, variables, simple conditional blocks, for loops, and +English fragments where necessary to explain further functionality such as scheduling timeouts. LaTeX images should be avoided because they are challenging to review in diff form. + +Pseudocode for structs can be written in a simple language like TypeScript or golang, as interfaces. + +Example Golang pseudocode struct: + +```go +type CacheKVStore interface { + cache: map[Key]Value + parent: KVStore + deleted: Key +} +``` + +Pseudocode for algorithms should be written in simple Golang, as functions. + +Example pseudocode algorithm: + +```go expandable +func get( + store CacheKVStore, + key Key) + +Value { + value = store.cache.get(Key) + if (value !== null) { + return value +} + +else { + value = store.parent.get(key) + +store.cache.set(key, value) + +return value +} +} +``` + +## History + +This specification was significantly inspired by and derived from IBC's [ICS](https://github.com/cosmos/ibc/blob/main/spec/ics-001-ics-standard/README.md), which +was in turn derived from Ethereum's [EIP 1](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-1.md). + +Nov 24, 2022 - Initial draft finished and submitted as a PR + +## Copyright + +All content herein is licensed under [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0). diff --git a/docs/sdk/next/build/spec/_ics/README.mdx b/docs/sdk/next/build/spec/_ics/README.mdx new file mode 100644 index 00000000..79f2e81b --- /dev/null +++ b/docs/sdk/next/build/spec/_ics/README.mdx @@ -0,0 +1,5 @@ +--- +title: Cosmos ICS +description: ICS030 - Signed Messages +--- +* [ICS030 - Signed Messages](/docs/sdk/vnext/build/spec/_ics/ics-030-signed-messages) diff --git a/docs/sdk/next/build/spec/_ics/ics-030-signed-messages.mdx b/docs/sdk/next/build/spec/_ics/ics-030-signed-messages.mdx new file mode 100644 index 00000000..05fd019f --- /dev/null +++ b/docs/sdk/next/build/spec/_ics/ics-030-signed-messages.mdx @@ -0,0 +1,193 @@ +--- +title: 'ICS 030: Cosmos Signed Messages' +--- +> TODO: Replace with valid ICS number and possibly move to new location. + +* [Changelog](#changelog) +* [Abstract](#abstract) +* [Preliminary](#preliminary) +* [Specification](#specification) +* [Future Adaptations](#future-adaptations) +* [API](#api) +* [References](#references) + +## Status + +Proposed. + +## Changelog + +## Abstract + +Having the ability to sign messages off-chain has proven to be a fundamental aspect +of nearly any blockchain. The notion of signing messages off-chain has many +added benefits such as saving on computational costs and reducing transaction +throughput and overhead. Within the context of the Cosmos, some of the major +applications of signing such data includes, but is not limited to, providing a +cryptographic secure and verifiable means of proving validator identity and +possibly associating it with some other framework or organization. In addition, +having the ability to sign Cosmos messages with a Ledger or similar HSM device. + +A standardized protocol for hashing, signing, and verifying messages that can be +implemented by the Cosmos SDK and other third-party organizations is needed. Such a +standardized protocol subscribes to the following: + +* Contains a specification of human-readable and machine-verifiable typed structured data +* Contains a framework for deterministic and injective encoding of structured data +* Utilizes cryptographic secure hashing and signing algorithms +* A framework for supporting extensions and domain separation +* Is invulnerable to chosen ciphertext attacks +* Has protection against potentially signing transactions a user did not intend to + +This specification is only concerned with the rationale and the standardized +implementation of Cosmos signed messages. It does **not** concern itself with the +concept of replay attacks as that will be left up to the higher-level application +implementation. If you view signed messages in the means of authorizing some +action or data, then such an application would have to either treat this as +idempotent or have mechanisms in place to reject known signed messages. + +## Preliminary + +The Cosmos message signing protocol will be parameterized with a cryptographic +secure hashing algorithm `SHA-256` and a signing algorithm `S` that contains +the operations `sign` and `verify` which provide a digital signature over a set +of bytes and verification of a signature respectively. + +Note, our goal here is not to provide context and reasoning about why necessarily +these algorithms were chosen apart from the fact they are the defacto algorithms +used in CometBFT and the Cosmos SDK and that they satisfy our needs for such +cryptographic algorithms such as having resistance to collision and second +pre-image attacks, as well as being [deterministic](https://en.wikipedia.org/wiki/Hash_function#Determinism) and [uniform](https://en.wikipedia.org/wiki/Hash_function#Uniformity). + +## Specification + +CometBFT has a well established protocol for signing messages using a canonical +JSON representation as defined [here](https://github.com/cometbft/cometbft/blob/master/types/canonical.go). + +An example of such a canonical JSON structure is CometBFT's vote structure: + +```go +type CanonicalJSONVote struct { + ChainID string `json:"@chain_id"` + Type string `json:"@type"` + BlockID CanonicalJSONBlockID `json:"block_id"` + Height int64 `json:"height"` + Round int `json:"round"` + Timestamp string `json:"timestamp"` + VoteType byte `json:"type"` +} +``` + +With such canonical JSON structures, the specification requires that they include +meta fields: `@chain_id` and `@type`. These meta fields are reserved and must be +included. They are both of type `string`. In addition, fields must be ordered +in lexicographically ascending order. + +For the purposes of signing Cosmos messages, the `@chain_id` field must correspond +to the Cosmos chain identifier. The user-agent should **refuse** signing if the +`@chain_id` field does not match the currently active chain! The `@type` field +must equal the constant `"message"`. The `@type` field corresponds to the type of +structure the user will be signing in an application. For now, a user is only +allowed to sign bytes of valid ASCII text ([see here](https://github.com/cometbft/cometbft/blob/v0.37.0/libs/strings/string.go#L35-L64)). +However, this will change and evolve to support additional application-specific +structures that are human-readable and machine-verifiable ([see Future Adaptations](#future-adaptations)). + +Thus, we can have a canonical JSON structure for signing Cosmos messages using +the [JSON schema](http://json-schema.org/) specification as such: + +```json expandable +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "$id": "cosmos/signing/typeData/schema", + "title": "The Cosmos signed message typed data schema.", + "type": "object", + "properties": { + "@chain_id": { + "type": "string", + "description": "The corresponding Cosmos chain identifier.", + "minLength": 1 + }, + "@type": { + "type": "string", + "description": "The message type. It must be 'message'.", + "enum": [ + "message" + ] + }, + "text": { + "type": "string", + "description": "The valid ASCII text to sign.", + "pattern": "^[\\x20-\\x7E]+$", + "minLength": 1 + } + }, + "required": [ + "@chain_id", + "@type", + "text" + ] +} +``` + +e.g. + +```json +{ + "@chain_id": "1", + "@type": "message", + "text": "Hello, you can identify me as XYZ on keybase." +} +``` + +## Future Adaptations + +As applications can vary greatly in domain, it will be vital to support both +domain separation and human-readable and machine-verifiable structures. + +Domain separation will allow for application developers to prevent collisions of +otherwise identical structures. It should be designed to be unique per application +use and should directly be used in the signature encoding itself. + +Human-readable and machine-verifiable structures will allow end users to sign +more complex structures, apart from just string messages, and still be able to +know exactly what they are signing (opposed to signing a bunch of arbitrary bytes). + +Thus, in the future, the Cosmos signing message specification will be expected +to expand upon it's canonical JSON structure to include such functionality. + +## API + +Application developers and designers should formalize a standard set of APIs that +adhere to the following specification: + +*** + +### **cosmosSignBytes** + +Params: + +* `data`: the Cosmos signed message canonical JSON structure +* `address`: the Bech32 Cosmos account address to sign data with + +Returns: + +* `signature`: the Cosmos signature derived using signing algorithm `S` + +*** + +### Examples + +Using the `secp256k1` as the DSA, `S`: + +```javascript +data = { + "@chain_id": "1", + "@type": "message", + "text": "I hereby claim I am ABC on Keybase!" +} + +cosmosSignBytes(data, "cosmos1pvsch6cddahhrn5e8ekw0us50dpnugwnlfngt3") +> "0x7fc4a495473045022100dec81a9820df0102381cdbf7e8b0f1e2cb64c58e0ecda1324543742e0388e41a02200df37905a6505c1b56a404e23b7473d2c0bc5bcda96771d2dda59df6ed2b98f8" +``` + +## References diff --git a/docs/sdk/next/build/spec/addresses/README.mdx b/docs/sdk/next/build/spec/addresses/README.mdx new file mode 100644 index 00000000..d0967469 --- /dev/null +++ b/docs/sdk/next/build/spec/addresses/README.mdx @@ -0,0 +1,4 @@ +--- +title: Addresses spec +--- +* [Bech32](/docs/sdk/vnext/build/spec/addresses/bech32) diff --git a/docs/sdk/next/build/spec/addresses/bech32.mdx b/docs/sdk/next/build/spec/addresses/bech32.mdx new file mode 100644 index 00000000..1fb4fb6b --- /dev/null +++ b/docs/sdk/next/build/spec/addresses/bech32.mdx @@ -0,0 +1,22 @@ +--- +title: Bech32 on Cosmos +--- +The Cosmos network prefers to use the Bech32 address format wherever users must handle binary data. Bech32 encoding provides robust integrity checks on data and the human readable part (HRP) provides contextual hints that can assist UI developers with providing informative error messages. + +In the Cosmos network, keys and addresses may refer to a number of different roles in the network like accounts, validators etc. + +## HRP table + +| HRP | Definition | +| ------------- | ---------------------------------- | +| cosmos | Cosmos Account Address | +| cosmosvalcons | Cosmos Validator Consensus Address | +| cosmosvaloper | Cosmos Validator Operator Address | + +## Encoding + +While all user facing interfaces to Cosmos software should exposed Bech32 interfaces, many internal interfaces encode binary value in hex or base64 encoded form. + +To convert between other binary representation of addresses and keys, it is important to first apply the Amino encoding process before Bech32 encoding. + +A complete implementation of the Amino serialization format is unnecessary in most cases. Simply prepending bytes from this [table](https://github.com/cometbft/cometbft/blob/main/spec/blockchain/encoding.md) to the byte string payload before Bech32 encoding will be sufficient for compatible representation. diff --git a/docs/sdk/next/build/spec/store/README.mdx b/docs/sdk/next/build/spec/store/README.mdx new file mode 100644 index 00000000..a2187c89 --- /dev/null +++ b/docs/sdk/next/build/spec/store/README.mdx @@ -0,0 +1,241 @@ +--- +title: Store +--- +The store package defines the interfaces, types and abstractions for Cosmos SDK +modules to read and write to Merkleized state within a Cosmos SDK application. +The store package provides many primitives for developers to use in order to +work with both state storage and state commitment. Below we describe the various +abstractions. + +## Types + +### `Store` + +The bulk of the store interfaces are defined [here](https://github.com/cosmos/cosmos-sdk/blob/main/store/types/store.go), +where the base primitive interface, for which other interfaces build off of, is +the `Store` type. The `Store` interface defines the ability to tell the type of +the implementing store and the ability to cache wrap via the `CacheWrapper` interface. + +### `CacheWrapper` & `CacheWrap` + +One of the most important features a store has the ability to perform is the +ability to cache wrap. Cache wrapping is essentially the underlying store wrapping +itself within another store type that performs caching for both reads and writes +with the ability to flush writes via `Write()`. + +### `KVStore` & `CacheKVStore` + +One of the most important interfaces that both developers and modules interface +with, which also provides the basis of most state storage and commitment operations, +is the `KVStore`. The `KVStore` interface provides basic CRUD abilities and +prefix-based iteration, including reverse iteration. + +Typically, each module has it's own dedicated `KVStore` instance, which it can +get access to via the `sdk.Context` and the use of a pointer-based named key -- +`KVStoreKey`. The `KVStoreKey` provides pseudo-OCAP. How a exactly a `KVStoreKey` +maps to a `KVStore` will be illustrated below through the `CommitMultiStore`. + +Note, a `KVStore` cannot directly commit state. Instead, a `KVStore` can be wrapped +by a `CacheKVStore` which extends a `KVStore` and provides the ability for the +caller to execute `Write()` which commits state to the underlying state storage. +Note, this doesn't actually flush writes to disk as writes are held in memory +until `Commit()` is called on the `CommitMultiStore`. + +### `CommitMultiStore` + +The `CommitMultiStore` interface exposes the top-level interface that is used +to manage state commitment and storage by an SDK application and abstracts the +concept of multiple `KVStore`s which are used by multiple modules. Specifically, +it supports the following high-level primitives: + +* Allows for a caller to retrieve a `KVStore` by providing a `KVStoreKey`. +* Exposes pruning mechanisms to remove state pinned against a specific height/version + in the past. +* Allows for loading state storage at a particular height/version in the past to + provide current head and historical queries. +* Provides the ability to rollback state to a previous height/version. +* Provides the ability to load state storage at a particular height/version + while also performing store upgrades, which are used during live hard-fork + application state migrations. +* Provides the ability to commit all current accumulated state to disk and performs + Merkle commitment. + +## Implementation Details + +While there are many interfaces that the `store` package provides, there is +typically a core implementation for each main interface that modules and +developers interact with that are defined in the Cosmos SDK. + +### `iavl.Store` + +The `iavl.Store` provides the core implementation for state storage and commitment +by implementing the following interfaces: + +* `KVStore` +* `CommitStore` +* `CommitKVStore` +* `Queryable` +* `StoreWithInitialVersion` + +It allows for all CRUD operations to be performed along with allowing current +and historical state queries, prefix iteration, and state commitment along with +Merkle proof operations. The `iavl.Store` also provides the ability to remove +historical state from the state commitment layer. + +An overview of the IAVL implementation can be found [here](https://github.com/cosmos/iavl/blob/master/docs/overview.md). +It is important to note that the IAVL store provides both state commitment and +logical storage operations, which comes with drawbacks as there are various +performance impacts, some of which are very drastic, when it comes to the +operations mentioned above. + +When dealing with state management in modules and clients, the Cosmos SDK provides +various layers of abstractions or "store wrapping", where the `iavl.Store` is the +bottom most layer. When requesting a store to perform reads or writes in a module, +the typical abstraction layer in order is defined as follows: + +```text +iavl.Store <- cachekv.Store <- gaskv.Store <- cachemulti.Store <- rootmulti.Store +``` + +### Concurrent use of IAVL store + +The tree under `iavl.Store` is not safe for concurrent use. It is the +responsibility of the caller to ensure that concurrent access to the store is +not performed. + +The main issue with concurrent use is when data is written at the same time as +it's being iterated over. Doing so will cause an irrecoverable fatal error because +of concurrent reads and writes to an internal map. + +Although it's not recommended, you can iterate through values while writing to +it by disabling "FastNode" **without guarantees that the values being written will +be returned during the iteration** (if you need this, you might want to reconsider +the design of your application). This is done by setting `iavl-disable-fastnode` +to `true` in the config TOML file. + +### `cachekv.Store` + +The `cachekv.Store` store wraps an underlying `KVStore`, typically a `iavl.Store` +and contains an in-memory cache for storing pending writes to underlying `KVStore`. +`Set` and `Delete` calls are executed on the in-memory cache, whereas `Has` calls +are proxied to the underlying `KVStore`. + +One of the most important calls to a `cachekv.Store` is `Write()`, which ensures +that key-value pairs are written to the underlying `KVStore` in a deterministic +and ordered manner by sorting the keys first. The store keeps track of "dirty" +keys and uses these to determine what keys to sort. In addition, it also keeps +track of deleted keys and ensures these are also removed from the underlying +`KVStore`. + +The `cachekv.Store` also provides the ability to perform iteration and reverse +iteration. Iteration is performed through the `cacheMergeIterator` type and uses +both the dirty cache and underlying `KVStore` to iterate over key-value pairs. + +Note, all calls to CRUD and iteration operations on a `cachekv.Store` are thread-safe. + +### `gaskv.Store` + +The `gaskv.Store` store provides a simple implementation of a `KVStore`. +Specifically, it just wraps an existing `KVStore`, such as a cache-wrapped +`iavl.Store`, and incurs configurable gas costs for CRUD operations via +`ConsumeGas()` calls defined on the `GasMeter` which exists in a `sdk.Context` +and then proxies the underlying CRUD call to the underlying store. Note, the +`GasMeter` is reset on each block. + +### `cachemulti.Store` & `rootmulti.Store` + +The `rootmulti.Store` acts as an abstraction around a series of stores. Namely, +it implements the `CommitMultiStore` an `Queryable` interfaces. Through the +`rootmulti.Store`, an SDK module can request access to a `KVStore` to perform +state CRUD operations and queries by holding access to a unique `KVStoreKey`. + +The `rootmulti.Store` ensures these queries and state operations are performed +through cached-wrapped instances of `cachekv.Store` which is described above. The +`rootmulti.Store` implementation is also responsible for committing all accumulated +state from each `KVStore` to disk and returning an application state Merkle root. + +Queries can be performed to return state data along with associated state +commitment proofs for both previous heights/versions and the current state root. +Queries are routed based on store name, i.e. a module, along with other parameters +which are defined in `abci.QueryRequest`. + +The `rootmulti.Store` also provides primitives for pruning data at a given +height/version from state storage. When a height is committed, the `rootmulti.Store` +will determine if other previous heights should be considered for removal based +on the operator's pruning settings defined by `PruningOptions`, which defines +how many recent versions to keep on disk and the interval at which to remove +"staged" pruned heights from disk. During each interval, the staged heights are +removed from each `KVStore`. Note, it is up to the underlying `KVStore` +implementation to determine how pruning is actually performed. The `PruningOptions` +are defined as follows: + +```go +type PruningOptions struct { + // KeepRecent defines how many recent heights to keep on disk. + KeepRecent uint64 + + // Interval defines when the pruned heights are removed from disk. + Interval uint64 + + // Strategy defines the kind of pruning strategy. See below for more information on each. + Strategy PruningStrategy +} +``` + +The Cosmos SDK defines a preset number of pruning "strategies": `default`, `everything` +`nothing`, and `custom`. + +It is important to note that the `rootmulti.Store` considers each `KVStore` as a +separate logical store. In other words, they do not share a Merkle tree or +comparable data structure. This means that when state is committed via +`rootmulti.Store`, each store is committed in sequence and thus is not atomic. + +In terms of store construction and wiring, each Cosmos SDK application contains +a `BaseApp` instance which internally has a reference to a `CommitMultiStore` +that is implemented by a `rootmulti.Store`. The application then registers one or +more `KVStoreKey` that pertain to a unique module and thus a `KVStore`. Through +the use of an `sdk.Context` and a `KVStoreKey`, each module can get direct access +to it's respective `KVStore` instance. + +Example: + +```go expandable +func NewApp(...) + +Application { + // ... + bApp := baseapp.NewBaseApp(appName, logger, db, txConfig.TxDecoder(), baseAppOptions...) + +bApp.SetCommitMultiStoreTracer(traceStore) + +bApp.SetVersion(version.Version) + +bApp.SetInterfaceRegistry(interfaceRegistry) + + // ... + keys := sdk.NewKVStoreKeys(...) + transientKeys := sdk.NewTransientStoreKeys(...) + memKeys := sdk.NewMemoryStoreKeys(...) + + // ... + + // initialize stores + app.MountKVStores(keys) + +app.MountTransientStores(transientKeys) + +app.MountMemoryStores(memKeys) + + // ... +} +``` + +The `rootmulti.Store` itself can be cache-wrapped which returns an instance of a +`cachemulti.Store`. For each block, `BaseApp` ensures that the proper abstractions +are created on the `CommitMultiStore`, i.e. ensuring that the `rootmulti.Store` +is cached-wrapped and uses the resulting `cachemulti.Store` to be set on the +`sdk.Context` which is then used for block and transaction execution. As a result, +all state mutations due to block and transaction execution are actually held +ephemerally until `Commit()` is called by the ABCI client. This concept is further +expanded upon when the AnteHandler is executed per transaction to ensure state +is not committed for transactions that failed CheckTx. diff --git a/docs/sdk/next/build/spec/store/interblock-cache.mdx b/docs/sdk/next/build/spec/store/interblock-cache.mdx new file mode 100644 index 00000000..2a87606a --- /dev/null +++ b/docs/sdk/next/build/spec/store/interblock-cache.mdx @@ -0,0 +1,313 @@ +--- +title: Inter-block Cache +--- +* [Inter-block Cache](#inter-block-cache) + * [Synopsis](#synopsis) + * [Overview and basic concepts](#overview-and-basic-concepts) + * [Motivation](#motivation) + * [Definitions](#definitions) + * [System model and properties](#system-model-and-properties) + * [Assumptions](#assumptions) + * [Properties](#properties) + * [Thread safety](#thread-safety) + * [Crash recovery](#crash-recovery) + * [Iteration](#iteration) + * [Technical specification](#technical-specification) + * [General design](#general-design) + * [API](#api) + * [CommitKVCacheManager](#commitkvcachemanager) + * [CommitKVStoreCache](#commitkvstorecache) + * [Implementation details](#implementation-details) + * [History](#history) + * [Copyright](#copyright) + +## Synopsis + +The inter-block cache is an in-memory cache storing (in-most-cases) immutable state that modules need to read in between blocks. When enabled, all sub-stores of a multi store, e.g., `rootmulti`, are wrapped. + +## Overview and basic concepts + +### Motivation + +The goal of the inter-block cache is to allow SDK modules to have fast access to data that it is typically queried during the execution of every block. This is data that do not change often, e.g. module parameters. The inter-block cache wraps each `CommitKVStore` of a multi store such as `rootmulti` with a fixed size, write-through cache. Caches are not cleared after a block is committed, as opposed to other caching layers such as `cachekv`. + +### Definitions + +* `Store key` uniquely identifies a store. +* `KVCache` is a `CommitKVStore` wrapped with a cache. +* `Cache manager` is a key component of the inter-block cache responsible for maintaining a map from `store keys` to `KVCaches`. + +## System model and properties + +### Assumptions + +This specification assumes that there exists a cache implementation accessible to the inter-block cache feature. + +> The implementation uses adaptive replacement cache (ARC), an enhancement over the standard last-recently-used (LRU) cache in that tracks both frequency and recency of use. + +The inter-block cache requires that the cache implementation to provide methods to create a cache, add a key/value pair, remove a key/value pair and retrieve the value associated to a key. In this specification, we assume that a `Cache` feature offers this functionality through the following methods: + +* `NewCache(size int)` creates a new cache with `size` capacity and returns it. +* `Get(key string)` attempts to retrieve a key/value pair from `Cache.` It returns `(value []byte, success bool)`. If `Cache` contains the key, it `value` contains the associated value and `success=true`. Otherwise, `success=false` and `value` should be ignored. +* `Add(key string, value []byte)` inserts a key/value pair into the `Cache`. +* `Remove(key string)` removes the key/value pair identified by `key` from `Cache`. + +The specification also assumes that `CommitKVStore` offers the following API: + +* `Get(key string)` attempts to retrieve a key/value pair from `CommitKVStore`. +* `Set(key, string, value []byte)` inserts a key/value pair into the `CommitKVStore`. +* `Delete(key string)` removes the key/value pair identified by `key` from `CommitKVStore`. + +> Ideally, both `Cache` and `CommitKVStore` should be specified in a different document and referenced here. + +### Properties + +#### Thread safety + +Accessing the `cache manager` or a `KVCache` is not thread-safe: no method is guarded with a lock. +Note that this is true even if the cache implementation is thread-safe. + +> For instance, assume that two `Set` operations are executed concurrently on the same key, each writing a different value. After both are executed, the cache and the underlying store may be inconsistent, each storing a different value under the same key. + +#### Crash recovery + +The inter-block cache transparently delegates `Commit()` to its aggregate `CommitKVStore`. If the +aggregate `CommitKVStore` supports atomic writes and use them to guarantee that the store is always in a consistent state in disk, the inter-block cache can be transparently moved to a consistent state when a failure occurs. + +> Note that this is the case for `IAVLStore`, the preferred `CommitKVStore`. On commit, it calls `SaveVersion()` on the underlying `MutableTree`. `SaveVersion` writes to disk are atomic via batching. This means that only consistent versions of the store (the tree) are written to the disk. Thus, in case of a failure during a `SaveVersion` call, on recovery from disk, the version of the store will be consistent. + +#### Iteration + +Iteration over each wrapped store is supported via the embedded `CommitKVStore` interface. + +## Technical specification + +### General design + +The inter-block cache feature is composed by two components: `CommitKVCacheManager` and `CommitKVCache`. + +`CommitKVCacheManager` implements the cache manager. It maintains a mapping from a store key to a `KVStore`. + +```go +type CommitKVStoreCacheManager interface{ + cacheSize uint + caches map[string]CommitKVStore +} +``` + +`CommitKVStoreCache` implements a `KVStore`: a write-through cache that wraps a `CommitKVStore`. This means that deletes and writes always happen to both the cache and the underlying `CommitKVStore`. Reads on the other hand first hit the internal cache. During a cache miss, the read is delegated to the underlying `CommitKVStore` and cached. + +```go +type CommitKVStoreCache interface{ + store CommitKVStore + cache Cache +} +``` + +To enable inter-block cache on `rootmulti`, one needs to instantiate a `CommitKVCacheManager` and set it by calling `SetInterBlockCache()` before calling one of `LoadLatestVersion()`, `LoadLatestVersionAndUpgrade(...)`, `LoadVersionAndUpgrade(...)` and `LoadVersion(version)`. + +### API + +#### CommitKVCacheManager + +The method `NewCommitKVStoreCacheManager` creates a new cache manager and returns it. + +| Name | Type | Description | +| ---- | ------- | ------------------------------------------------------------------------ | +| size | integer | Determines the capacity of each of the KVCache maintained by the manager | + +```go +func NewCommitKVStoreCacheManager(size uint) + +CommitKVStoreCacheManager { + manager = CommitKVStoreCacheManager{ + size, make(map[string]CommitKVStore) +} + +return manager +} +``` + +`GetStoreCache` returns a cache from the CommitStoreCacheManager for a given store key. If no cache exists for the store key, then one is created and set. + +| Name | Type | Description | +| -------- | --------------------------- | -------------------------------------------------------------------------------------- | +| manager | `CommitKVStoreCacheManager` | The cache manager | +| storeKey | string | The store key of the store being retrieved | +| store | `CommitKVStore` | The store that it is cached in case the manager does not have any in its map of caches | + +```go expandable +func GetStoreCache( + manager CommitKVStoreCacheManager, + storeKey string, + store CommitKVStore) + +CommitKVStore { + if manager.caches.has(storeKey) { + return manager.caches.get(storeKey) +} + +else { + cache = CommitKVStoreCacheManager{ + store, manager.cacheSize +} + +manager.set(storeKey, cache) + +return cache +} +} +``` + +`Unwrap` returns the underlying CommitKVStore for a given store key. + +| Name | Type | Description | +| -------- | --------------------------- | ------------------------------------------ | +| manager | `CommitKVStoreCacheManager` | The cache manager | +| storeKey | string | The store key of the store being unwrapped | + +```go expandable +func Unwrap( + manager CommitKVStoreCacheManager, + storeKey string) + +CommitKVStore { + if manager.caches.has(storeKey) { + cache = manager.caches.get(storeKey) + +return cache.store +} + +else { + return nil +} +} +``` + +`Reset` resets the manager's map of caches. + +| Name | Type | Description | +| ------- | --------------------------- | ----------------- | +| manager | `CommitKVStoreCacheManager` | The cache manager | + +```go +function Reset(manager CommitKVStoreCacheManager) { + for (let storeKey of manager.caches.keys()) { + manager.caches.delete(storeKey) +} +} +``` + +#### CommitKVStoreCache + +`NewCommitKVStoreCache` creates a new `CommitKVStoreCache` and returns it. + +| Name | Type | Description | +| ----- | ------------- | -------------------------------------------------- | +| store | CommitKVStore | The store to be cached | +| size | string | Determines the capacity of the cache being created | + +```go +func NewCommitKVStoreCache( + store CommitKVStore, + size uint) + +CommitKVStoreCache { + KVCache = CommitKVStoreCache{ + store, NewCache(size) +} + +return KVCache +} +``` + +`Get` retrieves a value by key. It first looks in the cache. If the key is not in the cache, the query is delegated to the underlying `CommitKVStore`. In the latter case, the key/value pair is cached. The method returns the value. + +| Name | Type | Description | +| ------- | -------------------- | ------------------------------------------------------------------- | +| KVCache | `CommitKVStoreCache` | The `CommitKVStoreCache` from which the key/value pair is retrieved | +| key | string | Key of the key/value pair being retrieved | + +```go expandable +func Get( + KVCache CommitKVStoreCache, + key string) []byte { + valueCache, success := KVCache.cache.Get(key) + if success { + // cache hit + return valueCache +} + +else { + // cache miss + valueStore = KVCache.store.Get(key) + +KVCache.cache.Add(key, valueStore) + +return valueStore +} +} +``` + +`Set` inserts a key/value pair into both the write-through cache and the underlying `CommitKVStore`. + +| Name | Type | Description | +| ------- | -------------------- | ---------------------------------------------------------------- | +| KVCache | `CommitKVStoreCache` | The `CommitKVStoreCache` to which the key/value pair is inserted | +| key | string | Key of the key/value pair being inserted | +| value | \[]byte | Value of the key/value pair being inserted | + +```go +func Set( + KVCache CommitKVStoreCache, + key string, + value []byte) { + KVCache.cache.Add(key, value) + +KVCache.store.Set(key, value) +} +``` + +`Delete` removes a key/value pair from both the write-through cache and the underlying `CommitKVStore`. + +| Name | Type | Description | +| ------- | -------------------- | ----------------------------------------------------------------- | +| KVCache | `CommitKVStoreCache` | The `CommitKVStoreCache` from which the key/value pair is deleted | +| key | string | Key of the key/value pair being deleted | + +```go +func Delete( + KVCache CommitKVStoreCache, + key string) { + KVCache.cache.Remove(key) + +KVCache.store.Delete(key) +} +``` + +`CacheWrap` wraps a `CommitKVStoreCache` with another caching layer (`CacheKV`). + +> It is unclear whether there is a use case for `CacheWrap`. + +| Name | Type | Description | +| ------- | -------------------- | -------------------------------------- | +| KVCache | `CommitKVStoreCache` | The `CommitKVStoreCache` being wrapped | + +```go +func CacheWrap( + KVCache CommitKVStoreCache) { + return CacheKV.NewStore(KVCache) +} +``` + +### Implementation details + +The inter-block cache implementation uses a fixed-sized adaptive replacement cache (ARC) as cache. [The ARC implementation](https://github.com/hashicorp/golang-lru/blob/main/arc/arc.go) is thread-safe. ARC is an enhancement over the standard LRU cache in that tracks both frequency and recency of use. This avoids a burst in access to new entries from evicting the frequently used older entries. It adds some additional tracking overhead to a standard LRU cache, computationally it is roughly `2x` the cost, and the extra memory overhead is linear with the size of the cache. The default cache size is `1000`. + +## History + +Dec 20, 2022 - Initial draft finished and submitted as a PR + +## Copyright + +All content herein is licensed under [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0). diff --git a/docs/sdk/next/build/tooling/README.mdx b/docs/sdk/next/build/tooling/README.mdx new file mode 100644 index 00000000..80be7827 --- /dev/null +++ b/docs/sdk/next/build/tooling/README.mdx @@ -0,0 +1,18 @@ +--- +title: Tools +description: >- + This section provides documentation on various tooling maintained by the SDK + team. This includes tools for development, operating a node, and ease of use + of a Cosmos SDK chain. +--- +This section provides documentation on various tooling maintained by the SDK team. +This includes tools for development, operating a node, and ease of use of a Cosmos SDK chain. + +## CLI Tools + +* [Cosmovisor](/docs/sdk/vnext/../tools/cosmovisor/README) +* [Confix](/docs/sdk/vnext/../tools/confix/README) + +## Other Tools + +* [Protocol Buffers](/docs/sdk/vnext/build/tooling/protobuf) diff --git a/docs/sdk/next/build/tooling/confix.mdx b/docs/sdk/next/build/tooling/confix.mdx new file mode 100644 index 00000000..45e6ce41 --- /dev/null +++ b/docs/sdk/next/build/tooling/confix.mdx @@ -0,0 +1,156 @@ +--- +title: Confix +description: >- + Confix is a configuration management tool that allows you to manage your + configuration via CLI. +--- +`Confix` is a configuration management tool that allows you to manage your configuration via CLI. + +It is based on the [CometBFT RFC 019](https://github.com/cometbft/cometbft/blob/5013bc3f4a6d64dcc2bf02ccc002ebc9881c62e4/docs/rfc/rfc-019-config-version.md). + +## Installation + +### Add Config Command + +To add the confix tool, it's required to add the `ConfigCommand` to your application's root command file (e.g. `/cmd/root.go`). + +Import the `confixCmd` package: + +```go +import "cosmossdk.io/tools/confix/cmd" +``` + +Find the following line: + +```go +initRootCmd(rootCmd, moduleManager) +``` + +After that line, add the following: + +```go +rootCmd.AddCommand( + confixcmd.ConfigCommand(), +) +``` + +The `ConfixCommand` function builds the `config` root command and is defined in the `confixCmd` package (`cosmossdk.io/tools/confix/cmd`). +An implementation example can be found in `simapp`. + +The command will be available as `simd config`. + + +Using confix directly in the application can have less features than using it standalone. +This is because confix is versioned with the SDK, while `latest` is the standalone version. + + +### Using Confix Standalone + +To use Confix standalone, without having to add it in your application, install it with the following command: + +```bash +go install cosmossdk.io/tools/confix/cmd/confix@latest +``` + +Alternatively, for building from source, simply run `make confix`. The binary will be located in `tools/confix`. + +## Usage + +Use standalone: + +```shell +confix --help +``` + +Use in simd: + +```shell +simd config fix --help +``` + +### Get + +Get a configuration value, e.g.: + +```shell +simd config get app pruning # gets the value pruning from app.toml +simd config get client chain-id # gets the value chain-id from client.toml +``` + +```shell +confix get ~/.simapp/config/app.toml pruning # gets the value pruning from app.toml +confix get ~/.simapp/config/client.toml chain-id # gets the value chain-id from client.toml +``` + +### Set + +Set a configuration value, e.g.: + +```shell +simd config set app pruning "enabled" # sets the value pruning from app.toml +simd config set client chain-id "foo-1" # sets the value chain-id from client.toml +``` + +```shell +confix set ~/.simapp/config/app.toml pruning "enabled" # sets the value pruning from app.toml +confix set ~/.simapp/config/client.toml chain-id "foo-1" # sets the value chain-id from client.toml +``` + +### Migrate + +Migrate a configuration file to a new version, config type defaults to `app.toml`, if you want to change it to `client.toml`, please indicate it by adding the optional parameter, e.g.: + +```shell +simd config migrate v0.50 # migrates defaultHome/config/app.toml to the latest v0.50 config +simd config migrate v0.50 --client # migrates defaultHome/config/client.toml to the latest v0.50 config +``` + +```shell +confix migrate v0.50 ~/.simapp/config/app.toml # migrate ~/.simapp/config/app.toml to the latest v0.50 config +confix migrate v0.50 ~/.simapp/config/client.toml --client # migrate ~/.simapp/config/client.toml to the latest v0.50 config +``` + +### Diff + +Get the diff between a given configuration file and the default configuration file, e.g.: + +```shell +simd config diff v0.47 # gets the diff between defaultHome/config/app.toml and the latest v0.47 config +simd config diff v0.47 --client # gets the diff between defaultHome/config/client.toml and the latest v0.47 config +``` + +```shell +confix diff v0.47 ~/.simapp/config/app.toml # gets the diff between ~/.simapp/config/app.toml and the latest v0.47 config +confix diff v0.47 ~/.simapp/config/client.toml --client # gets the diff between ~/.simapp/config/client.toml and the latest v0.47 config +``` + +### View + +View a configuration file, e.g: + +```shell +simd config view client # views the current app client config +``` + +```shell +confix view ~/.simapp/config/client.toml # views the current app client conf +``` + +### Maintainer + +At each SDK modification of the default configuration, add the default SDK config under `data/vXX-app.toml`. +This allows users to use the tool standalone. + +### Compatibility + +The recommended standalone version is `latest`, which is using the latest development version of the Confix. + +| SDK Version | Confix Version | +| ----------- | -------------- | +| v0.50 | v0.1.x | +| v0.52 | v0.2.x | +| v2 | v0.2.x | + +## Credits + +This project is based on the [CometBFT RFC 019](https://github.com/cometbft/cometbft/blob/5013bc3f4a6d64dcc2bf02ccc002ebc9881c62e4/docs/rfc/rfc-019-config-version.md) and their never released own implementation of [confix](https://github.com/cometbft/cometbft/blob/v0.36.x/scripts/confix/confix.go). diff --git a/docs/sdk/next/build/tooling/cosmovisor.mdx b/docs/sdk/next/build/tooling/cosmovisor.mdx new file mode 100644 index 00000000..2ffffa0d --- /dev/null +++ b/docs/sdk/next/build/tooling/cosmovisor.mdx @@ -0,0 +1,408 @@ +--- +title: Cosmovisor +--- +`cosmovisor` is a process manager for Cosmos SDK application binaries that automates application binary switch at chain upgrades. +It polls the `upgrade-info.json` file that is created by the x/upgrade module at upgrade height, and then can automatically download the new binary, stop the current binary, switch from the old binary to the new one, and finally restart the node with the new binary. + +* [Design](#design) +* [Contributing](#contributing) +* [Setup](#setup) + * [Installation](#installation) + * [Command Line Arguments And Environment Variables](#command-line-arguments-and-environment-variables) + * [Folder Layout](#folder-layout) +* [Usage](#usage) + * [Initialization](#initialization) + * [Detecting Upgrades](#detecting-upgrades) + * [Adding Upgrade Binary](#adding-upgrade-binary) + * [Auto-Download](#auto-download) + * [Preparing for an Upgrade](#preparing-for-an-upgrade) +* [Example: SimApp Upgrade](#example-simapp-upgrade) + * [Chain Setup](#chain-setup) + * [Prepare Cosmovisor and Start the Chain](#prepare-cosmovisor-and-start-the-chain) + * [Update App](#update-app) + +## Design + +Cosmovisor is designed to be used as a wrapper for a `Cosmos SDK` app: + +* it will pass arguments to the associated app (configured by `DAEMON_NAME` env variable). + Running `cosmovisor run arg1 arg2 ....` will run `app arg1 arg2 ...`; +* it will manage an app by restarting and upgrading if needed; +* it is configured using environment variables, not positional arguments. + +*Note: If new versions of the application are not set up to run in-place store migrations, migrations will need to be run manually before restarting `cosmovisor` with the new binary. For this reason, we recommend applications adopt in-place store migrations.* + + +Only the latest version of cosmovisor is actively developed/maintained. + + + +Versions prior to v1.0.0 have a vulnerability that could lead to a DOS. Please upgrade to the latest version. + + +## Contributing + +Cosmovisor is part of the Cosmos SDK monorepo, but it's a separate module with it's own release schedule. + +Release branches have the following format `release/cosmovisor/vA.B.x`, where A and B are a number (e.g. `release/cosmovisor/v1.3.x`). Releases are tagged using the following format: `cosmovisor/vA.B.C`. + +## Setup + +### Installation + +You can download Cosmovisor from the [GitHub releases](https://github.com/cosmos/cosmos-sdk/releases/tag/cosmovisor%2Fv1.5.0). + +To install the latest version of `cosmovisor`, run the following command: + +```shell +go install cosmossdk.io/tools/cosmovisor/cmd/cosmovisor@latest +``` + +To install a specific version, you can specify the version: + +```shell +go install cosmossdk.io/tools/cosmovisor/cmd/cosmovisor@v1.5.0 +``` + +Run `cosmovisor version` to check the cosmovisor version. + +Alternatively, for building from source, simply run `make cosmovisor`. The binary will be located in `tools/cosmovisor`. + + +Installing cosmovisor using `go install` will display the correct `cosmovisor` version. +Building from source (`make cosmovisor`) or installing `cosmovisor` by other means won't display the correct version. + + +### Command Line Arguments And Environment Variables + +The first argument passed to `cosmovisor` is the action for `cosmovisor` to take. Options are: + +* `help`, `--help`, or `-h` - Output `cosmovisor` help information and check your `cosmovisor` configuration. +* `run` - Run the configured binary using the rest of the provided arguments. +* `version` - Output the `cosmovisor` version and also run the binary with the `version` argument. +* `config` - Display the current `cosmovisor` configuration, that means displaying the environment variables value that `cosmovisor` is using. +* `add-upgrade` - Add an upgrade manually to `cosmovisor`. This command allow you to easily add the binary corresponding to an upgrade in cosmovisor. + +All arguments passed to `cosmovisor run` will be passed to the application binary (as a subprocess). `cosmovisor` will return `/dev/stdout` and `/dev/stderr` of the subprocess as its own. For this reason, `cosmovisor run` cannot accept any command-line arguments other than those available to the application binary. + +`cosmovisor` reads its configuration from environment variables, or its configuration file (use `--cosmovisor-config `): + +* `DAEMON_HOME` is the location where the `cosmovisor/` directory is kept that contains the genesis binary, the upgrade binaries, and any additional auxiliary files associated with each binary (e.g. `$HOME/.gaiad`, `$HOME/.regend`, `$HOME/.simd`, etc.). +* `DAEMON_NAME` is the name of the binary itself (e.g. `gaiad`, `regend`, `simd`, etc.). +* `DAEMON_ALLOW_DOWNLOAD_BINARIES` (*optional*), if set to `true`, will enable auto-downloading of new binaries (for security reasons, this is intended for full nodes rather than validators). By default, `cosmovisor` will not auto-download new binaries. +* `DAEMON_DOWNLOAD_MUST_HAVE_CHECKSUM` (*optional*, default = `false`), if `true` cosmovisor will require that a checksum is provided in the upgrade plan for the binary to be downloaded. If `false`, cosmovisor will not require a checksum to be provided, but still check the checksum if one is provided. +* `DAEMON_RESTART_AFTER_UPGRADE` (*optional*, default = `true`), if `true`, restarts the subprocess with the same command-line arguments and flags (but with the new binary) after a successful upgrade. Otherwise (`false`), `cosmovisor` stops running after an upgrade and requires the system administrator to manually restart it. Note restart is only after the upgrade and does not auto-restart the subprocess after an error occurs. +* `DAEMON_RESTART_DELAY` (*optional*, default none), allow a node operator to define a delay between the node halt (for upgrade) and backup by the specified time. The value must be a duration (e.g. `1s`). +* `DAEMON_SHUTDOWN_GRACE` (*optional*, default none), if set, send interrupt to binary and wait the specified time to allow for cleanup/cache flush to disk before sending the kill signal. The value must be a duration (e.g. `1s`). +* `DAEMON_POLL_INTERVAL` (*optional*, default 300 milliseconds), is the interval length for polling the upgrade plan file. The value must be a duration (e.g. `1s`). +* `DAEMON_DATA_BACKUP_DIR` option to set a custom backup directory. If not set, `DAEMON_HOME` is used. +* `UNSAFE_SKIP_BACKUP` (defaults to `false`), if set to `true`, upgrades directly without performing a backup. Otherwise (`false`, default) backs up the data before trying the upgrade. The default value of false is useful and recommended in case of failures and when a backup needed to rollback. We recommend using the default backup option `UNSAFE_SKIP_BACKUP=false`. +* `DAEMON_PREUPGRADE_MAX_RETRIES` (defaults to `0`). The maximum number of times to call [`pre-upgrade`](https://docs.cosmos.network/main/build/building-apps/app-upgrade#pre-upgrade-handling) in the application after exit status of `31`. After the maximum number of retries, Cosmovisor fails the upgrade. +* `COSMOVISOR_DISABLE_LOGS` (defaults to `false`). If set to true, this will disable Cosmovisor logs (but not the underlying process) completely. This may be useful, for example, when a Cosmovisor subcommand you are executing returns a valid JSON you are then parsing, as logs added by Cosmovisor make this output not a valid JSON. +* `COSMOVISOR_COLOR_LOGS` (defaults to `true`). If set to true, this will colorise Cosmovisor logs (but not the underlying process). +* `COSMOVISOR_TIMEFORMAT_LOGS` (defaults to `kitchen`). If set to a value (`layout|ansic|unixdate|rubydate|rfc822|rfc822z|rfc850|rfc1123|rfc1123z|rfc3339|rfc3339nano|kitchen`), this will add timestamp prefix to Cosmovisor logs (but not the underlying process). +* `COSMOVISOR_CUSTOM_PREUPGRADE` (defaults to \`\`). If set, this will run $DAEMON\_HOME/cosmovisor/$COSMOVISOR\_CUSTOM\_PREUPGRADE prior to upgrade with the arguments \[ upgrade.Name, upgrade.Height ]. Executes a custom script (separate and prior to the chain daemon pre-upgrade command) +* `COSMOVISOR_DISABLE_RECASE` (defaults to `false`). If set to true, the upgrade directory will expected to match the upgrade plan name without any case changes + +### Folder Layout + +`$DAEMON_HOME/cosmovisor` is expected to belong completely to `cosmovisor` and the subprocesses that are controlled by it. The folder content is organized as follows: + +```text expandable +. +├── current -> genesis or upgrades/ +├── genesis +│   └── bin +│   └── $DAEMON_NAME +└── upgrades +│ └── +│ ├── bin +│ │   └── $DAEMON_NAME +│ └── upgrade-info.json +└── preupgrade.sh (optional) +``` + +The `cosmovisor/` directory includes a subdirectory for each version of the application (i.e. `genesis` or `upgrades/`). Within each subdirectory is the application binary (i.e. `bin/$DAEMON_NAME`) and any additional auxiliary files associated with each binary. `current` is a symbolic link to the currently active directory (i.e. `genesis` or `upgrades/`). The `name` variable in `upgrades/` is the lowercased URI-encoded name of the upgrade as specified in the upgrade module plan. Note that the upgrade name path are normalized to be lowercased: for instance, `MyUpgrade` is normalized to `myupgrade`, and its path is `upgrades/myupgrade`. + +Please note that `$DAEMON_HOME/cosmovisor` only stores the *application binaries*. The `cosmovisor` binary itself can be stored in any typical location (e.g. `/usr/local/bin`). The application will continue to store its data in the default data directory (e.g. `$HOME/.simapp`) or the data directory specified with the `--home` flag. `$DAEMON_HOME` is dependent of the data directory and must be set to the same directory as the data directory, you will end up with a configuration like the following: + +```text +.simapp +├── config +├── data +└── cosmovisor +``` + +## Usage + +The system administrator is responsible for: + +* installing the `cosmovisor` binary +* configuring the host's init system (e.g. `systemd`, `launchd`, etc.) +* appropriately setting the environmental variables +* creating the `/cosmovisor` directory +* creating the `/cosmovisor/genesis/bin` folder +* creating the `/cosmovisor/upgrades//bin` folders +* placing the different versions of the `` executable in the appropriate `bin` folders. + +`cosmovisor` will set the `current` link to point to `genesis` at first start (i.e. when no `current` link exists) and then handle switching binaries at the correct points in time so that the system administrator can prepare days in advance and relax at upgrade time. + +In order to support downloadable binaries, a tarball for each upgrade binary will need to be packaged up and made available through a canonical URL. Additionally, a tarball that includes the genesis binary and all available upgrade binaries can be packaged up and made available so that all the necessary binaries required to sync a fullnode from start can be easily downloaded. + +The `DAEMON` specific code and operations (e.g. cometBFT config, the application db, syncing blocks, etc.) all work as expected. The application binaries' directives such as command-line flags and environment variables also work as expected. + +### Initialization + +The `cosmovisor init ` command creates the folder structure required for using cosmovisor. + +It does the following: + +* creates the `/cosmovisor` folder if it doesn't yet exist +* creates the `/cosmovisor/genesis/bin` folder if it doesn't yet exist +* copies the provided executable file to `/cosmovisor/genesis/bin/` +* creates the `current` link, pointing to the `genesis` folder + +It uses the `DAEMON_HOME` and `DAEMON_NAME` environment variables for folder location and executable name. + +The `cosmovisor init` command is specifically for initializing cosmovisor, and should not be confused with a chain's `init` command (e.g. `cosmovisor run init`). + +### Detecting Upgrades + +`cosmovisor` is polling the `$DAEMON_HOME/data/upgrade-info.json` file for new upgrade instructions. The file is created by the x/upgrade module in `BeginBlocker` when an upgrade is detected and the blockchain reaches the upgrade height. +The following heuristic is applied to detect the upgrade: + +* When starting, `cosmovisor` doesn't know much about currently running upgrade, except the binary which is `current/bin/`. It tries to read the `current/update-info.json` file to get information about the current upgrade name. +* If neither `cosmovisor/current/upgrade-info.json` nor `data/upgrade-info.json` exist, then `cosmovisor` will wait for `data/upgrade-info.json` file to trigger an upgrade. +* If `cosmovisor/current/upgrade-info.json` doesn't exist but `data/upgrade-info.json` exists, then `cosmovisor` assumes that whatever is in `data/upgrade-info.json` is a valid upgrade request. In this case `cosmovisor` tries immediately to make an upgrade according to the `name` attribute in `data/upgrade-info.json`. +* Otherwise, `cosmovisor` waits for changes in `upgrade-info.json`. As soon as a new upgrade name is recorded in the file, `cosmovisor` will trigger an upgrade mechanism. + +When the upgrade mechanism is triggered, `cosmovisor` will: + +1. if `DAEMON_ALLOW_DOWNLOAD_BINARIES` is enabled, start by auto-downloading a new binary into `cosmovisor//bin` (where `` is the `upgrade-info.json:name` attribute); +2. update the `current` symbolic link to point to the new directory and save `data/upgrade-info.json` to `cosmovisor/current/upgrade-info.json`. + +### Adding Upgrade Binary + +`cosmovisor` has an `add-upgrade` command that allows to easily link a binary to an upgrade. It creates a new folder in `cosmovisor/upgrades/` and copies the provided executable file to `cosmovisor/upgrades//bin/`. + +Using the `--upgrade-height` flag allows to specify at which height the binary should be switched, without going via a governance proposal. +This enables support for an emergency coordinated upgrades where the binary must be switched at a specific height, but there is no time to go through a governance proposal. + + +`--upgrade-height` creates an `upgrade-info.json` file. This means if a chain upgrade via governance proposal is executed before the specified height with `--upgrade-height`, the governance proposal will overwrite the `upgrade-info.json` plan created by `add-upgrade --upgrade-height `. +Take this into consideration when using `--upgrade-height`. + + +### Auto-Download + +Generally, `cosmovisor` requires that the system administrator place all relevant binaries on disk before the upgrade happens. However, for people who don't need such control and want an automated setup (maybe they are syncing a non-validating fullnode and want to do little maintenance), there is another option. + +**NOTE: we don't recommend using auto-download** because it doesn't verify in advance if a binary is available. If there will be any issue with downloading a binary, the cosmovisor will stop and won't restart an App (which could lead to a chain halt). + +If `DAEMON_ALLOW_DOWNLOAD_BINARIES` is set to `true`, and no local binary can be found when an upgrade is triggered, `cosmovisor` will attempt to download and install the binary itself based on the instructions in the `info` attribute in the `data/upgrade-info.json` file. The files is constructed by the x/upgrade module and contains data from the upgrade `Plan` object. The `Plan` has an info field that is expected to have one of the following two valid formats to specify a download: + +1. Store an os/architecture -> binary URI map in the upgrade plan info field as JSON under the `"binaries"` key. For example: + + ```json + { + "binaries": { + "linux/amd64": "https://example.com/gaia.zip?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f" + } + } + ``` + + You can include multiple binaries at once to ensure more than one environment will receive the correct binaries: + + ```json + { + "binaries": { + "linux/amd64": "https://example.com/gaia.zip?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f", + "linux/arm64": "https://example.com/gaia.zip?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f", + "darwin/amd64": "https://example.com/gaia.zip?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f" + } + } + ``` + + When submitting this as a proposal ensure there are no spaces. An example command using `gaiad` could look like: + + ```shell expandable + > gaiad tx upgrade software-upgrade Vega \ + --title Vega \ + --deposit 100uatom \ + --upgrade-height 7368420 \ + --upgrade-info '{"binaries":{"linux/amd64":"https://github.com/cosmos/gaia/releases/download/v6.0.0-rc1/gaiad-v6.0.0-rc1-linux-amd64","linux/arm64":"https://github.com/cosmos/gaia/releases/download/v6.0.0-rc1/gaiad-v6.0.0-rc1-linux-arm64","darwin/amd64":"https://github.com/cosmos/gaia/releases/download/v6.0.0-rc1/gaiad-v6.0.0-rc1-darwin-amd64"}}' \ + --summary "upgrade to Vega" \ + --gas 400000 \ + --from user \ + --chain-id test \ + --home test/val2 \ + --node tcp://localhost:36657 \ + --yes + ``` + +2. Store a link to a file that contains all information in the above format (e.g. if you want to specify lots of binaries, changelog info, etc. without filling up the blockchain). For example: + + ```text + https://example.com/testnet-1001-info.json?checksum=sha256:deaaa99fda9407c4dbe1d04bd49bab0cc3c1dd76fa392cd55a9425be074af01e + ``` + +When `cosmovisor` is triggered to download the new binary, `cosmovisor` will parse the `"binaries"` field, download the new binary with [go-getter](https://github.com/hashicorp/go-getter), and unpack the new binary in the `upgrades/` folder so that it can be run as if it was installed manually. + +Note that for this mechanism to provide strong security guarantees, all URLs should include a SHA 256/512 checksum. This ensures that no false binary is run, even if someone hacks the server or hijacks the DNS. `go-getter` will always ensure the downloaded file matches the checksum if it is provided. `go-getter` will also handle unpacking archives into directories (in this case the download link should point to a `zip` file of all data in the `bin` directory). + +To properly create a sha256 checksum on linux, you can use the `sha256sum` utility. For example: + +```shell +sha256sum ./testdata/repo/zip_directory/autod.zip +``` + +The result will look something like the following: `29139e1381b8177aec909fab9a75d11381cab5adf7d3af0c05ff1c9c117743a7`. + +You can also use `sha512sum` if you would prefer to use longer hashes, or `md5sum` if you would prefer to use broken hashes. Whichever you choose, make sure to set the hash algorithm properly in the checksum argument to the URL. + +### Preparing for an Upgrade + +To prepare for an upgrade, use the `prepare-upgrade` command: + +```shell +cosmovisor prepare-upgrade +``` + +This command performs the following actions: + +1. Retrieves upgrade information directly from the blockchain about the next scheduled upgrade. +2. Downloads the new binary specified in the upgrade plan. +3. Verifies the binary's checksum (if required by configuration). +4. Places the new binary in the appropriate directory for Cosmovisor to use during the upgrade. + +The `prepare-upgrade` command provides detailed logging throughout the process, including: + +* The name and height of the upcoming upgrade +* The URL from which the new binary is being downloaded +* Confirmation of successful download and verification +* The path where the new binary has been placed + +Example output: + +```bash +INFO Preparing for upgrade name=v1.0.0 height=1000000 +INFO Downloading upgrade binary url=https://example.com/binary/v1.0.0?checksum=sha256:339911508de5e20b573ce902c500ee670589073485216bee8b045e853f24bce8 +INFO Upgrade preparation complete name=v1.0.0 height=1000000 +``` + +*Note: The current way of downloading manually and placing the binary at the right place would still work.* + +## Example: SimApp Upgrade + +The following instructions provide a demonstration of `cosmovisor` using the simulation application (`simapp`) shipped with the Cosmos SDK's source code. The following commands are to be run from within the `cosmos-sdk` repository. + +### Chain Setup + +Let's create a new chain using the `v0.47.4` version of simapp (the Cosmos SDK demo app): + +```shell +git checkout v0.47.4 +make build +``` + +Clean `~/.simapp` (never do this in a production environment): + +```shell +./build/simd tendermint unsafe-reset-all +``` + +Set up app config: + +```shell +./build/simd config chain-id test +./build/simd config keyring-backend test +./build/simd config broadcast-mode sync +``` + +Initialize the node and overwrite any previous genesis file (never do this in a production environment): + +```shell +./build/simd init test --chain-id test --overwrite +``` + +For the sake of this demonstration, amend `voting_period` in `genesis.json` to a reduced time of 20 seconds (`20s`): + +```shell +cat <<< $(jq '.app_state.gov.params.voting_period = "20s"' $HOME/.simapp/config/genesis.json) > $HOME/.simapp/config/genesis.json +``` + +Create a validator, and setup genesis transaction: + +```shell +./build/simd keys add validator +./build/simd genesis add-genesis-account validator 1000000000stake --keyring-backend test +./build/simd genesis gentx validator 1000000stake --chain-id test +./build/simd genesis collect-gentxs +``` + +#### Prepare Cosmovisor and Start the Chain + +Set the required environment variables: + +```shell +export DAEMON_NAME=simd +export DAEMON_HOME=$HOME/.simapp +``` + +Set the optional environment variable to trigger an automatic app restart: + +```shell +export DAEMON_RESTART_AFTER_UPGRADE=true +``` + +Initialize cosmovisor with the current binary: + +```shell +cosmovisor init ./build/simd +``` + +Now you can run cosmovisor with simapp v0.47.4: + +```shell +cosmovisor run start +``` + +### Update App + +Update app to the latest version (e.g. v0.50.0). + + + +Migration plans are defined using the `x/upgrade` module and described in [In-Place Store Migrations](https://github.com/cosmos/cosmos-sdk/blob/main/docs/learn/advanced/15-upgrade.md). Migrations can perform any deterministic state change. + +The migration plan to upgrade the simapp from v0.47 to v0.50 is defined in `simapp/upgrade.go`. + + + +Build the new version `simd` binary: + +```shell +make build +``` + +Add the new `simd` binary and the upgrade name: + + + +The migration name must match the one defined in the migration plan. + + + +```shell +cosmovisor add-upgrade v047-to-v050 ./build/simd +``` + +Open a new terminal window and submit an upgrade proposal along with a deposit and a vote (these commands must be run within 20 seconds of each other): + +```shell +./build/simd tx upgrade software-upgrade v047-to-v050 --title upgrade --summary upgrade --upgrade-height 200 --upgrade-info "{}" --no-validate --from validator --yes +./build/simd tx gov deposit 1 10000000stake --from validator --yes +./build/simd tx gov vote 1 yes --from validator --yes +``` + +The upgrade will occur automatically at height 200. Note: you may need to change the upgrade height in the snippet above if your test play takes more time. diff --git a/docs/sdk/next/build/tooling/hubl.mdx b/docs/sdk/next/build/tooling/hubl.mdx new file mode 100644 index 00000000..01b9139a --- /dev/null +++ b/docs/sdk/next/build/tooling/hubl.mdx @@ -0,0 +1,70 @@ +--- +title: Hubl +--- +`Hubl` is a tool that allows you to query any Cosmos SDK based blockchain. +It takes advantage of the new [AutoCLI](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/client/v2@v2.0.0-20220916140313-c5245716b516/cli) feature {/* TODO replace with AutoCLI docs */} of the Cosmos SDK. + +## Installation + +Hubl can be installed using `go install`: + +```shell +go install cosmossdk.io/tools/hubl/cmd/hubl@latest +``` + +Or build from source: + +```shell +git clone --depth=1 https://github.com/cosmos/cosmos-sdk +make hubl +``` + +The binary will be located in `tools/hubl`. + +## Usage + +```shell +hubl --help +``` + +### Add chain + +To configure a new chain just run this command using the --init flag and the name of the chain as it's listed in the chain registry ([Link](https://github.com/cosmos/chain-registry)). + +If the chain is not listed in the chain registry, you can use any unique name. + +```shell +hubl init [chain-name] +hubl init regen +``` + +The chain configuration is stored in `~/.hubl/config.toml`. + + + +When using an unsecure gRPC endpoint, change the `insecure` field to `true` in the config file. + +```toml +[chains] +[chains.regen] +[[chains.regen.trusted-grpc-endpoints]] +endpoint = 'localhost:9090' +insecure = true +``` + +Or use the `--insecure` flag: + +```shell +hubl init regen --insecure +``` + + + +### Query + +To query a chain, you can use the `query` command. +Then specify which module you want to query and the query itself. + +```shell +hubl regen query auth module-accounts +``` diff --git a/docs/sdk/next/build/tooling/protobuf.mdx b/docs/sdk/next/build/tooling/protobuf.mdx new file mode 100644 index 00000000..fdf4c119 --- /dev/null +++ b/docs/sdk/next/build/tooling/protobuf.mdx @@ -0,0 +1,807 @@ +--- +title: Protocol Buffers +description: >- + It is known that Cosmos SDK uses protocol buffers extensively, this document + is meant to provide a guide on how it is used in the cosmos-sdk. +--- +It is known that Cosmos SDK uses protocol buffers extensively, this document is meant to provide a guide on how it is used in the cosmos-sdk. + +To generate the proto file, the Cosmos SDK uses a docker image, this image is provided to all to use as well. The latest version is `ghcr.io/cosmos/proto-builder:0.17.0` + +Below is the example of the Cosmos SDK's commands for generating, linting, and formatting protobuf files that can be reused in any applications makefile. + +```go expandable +#!/usr/bin/make -f + +PACKAGES_NOSIMULATION=$(shell go list ./... | grep -v '/simulation') + +PACKAGES_SIMTEST=$(shell go list ./... | grep '/simulation') + +export VERSION := $(shell echo $(shell git describe --tags --always --match "v*") | sed 's/^v//') + +export CMTVERSION := $(shell go list -m github.com/cometbft/cometbft | sed 's:.* ::') + +export COMMIT := $(shell git log -1 --format='%H') + +LEDGER_ENABLED ?= true +BINDIR ?= $(GOPATH)/bin +BUILDDIR ?= $(CURDIR)/build +SIMAPP = ./simapp +MOCKS_DIR = $(CURDIR)/tests/mocks +HTTPS_GIT := https://github.com/cosmos/cosmos-sdk.git +DOCKER := $(shell which docker) + +PROJECT_NAME = $(shell git remote get-url origin | xargs basename -s .git) + +# process build tags +build_tags = netgo + ifeq ($(LEDGER_ENABLED),true) + ifeq ($(OS),Windows_NT) + +GCCEXE = $(shell where gcc.exe 2> NUL) + ifeq ($(GCCEXE),) + $(error gcc.exe not installed for ledger support, please install or set LEDGER_ENABLED=false) + +else + build_tags += ledger + endif + else + UNAME_S = $(shell uname -s) + ifeq ($(UNAME_S),OpenBSD) + $(warning OpenBSD detected, disabling ledger support (https://github.com/cosmos/cosmos-sdk/issues/1988)) + +else + GCC = $(shell command -v gcc 2> /dev/null) + ifeq ($(GCC),) + $(error gcc not installed for ledger support, please install or set LEDGER_ENABLED=false) + +else + build_tags += ledger + endif + endif + endif +endif + ifeq (secp,$(findstring secp,$(COSMOS_BUILD_OPTIONS))) + +build_tags += libsecp256k1_sdk +endif + ifeq (legacy,$(findstring legacy,$(COSMOS_BUILD_OPTIONS))) + +build_tags += app_v1 +endif + whitespace := +whitespace += $(whitespace) + comma := , +build_tags_comma_sep := $(subst $(whitespace),$(comma),$(build_tags)) + +# process linker flags + +ldflags = -X github.com/cosmos/cosmos-sdk/version.Name=sim \ + -X github.com/cosmos/cosmos-sdk/version.AppName=simd \ + -X github.com/cosmos/cosmos-sdk/version.Version=$(VERSION) \ + -X github.com/cosmos/cosmos-sdk/version.Commit=$(COMMIT) \ + -X "github.com/cosmos/cosmos-sdk/version.BuildTags=$(build_tags_comma_sep)" \ + -X github.com/cometbft/cometbft/version.TMCoreSemVer=$(CMTVERSION) + +# DB backend selection + ifeq (cleveldb,$(findstring cleveldb,$(COSMOS_BUILD_OPTIONS))) + +build_tags += gcc +endif + ifeq (badgerdb,$(findstring badgerdb,$(COSMOS_BUILD_OPTIONS))) + +build_tags += badgerdb +endif +# handle rocksdb + ifeq (rocksdb,$(findstring rocksdb,$(COSMOS_BUILD_OPTIONS))) + +CGO_ENABLED=1 + build_tags += rocksdb +endif +# handle boltdb + ifeq (boltdb,$(findstring boltdb,$(COSMOS_BUILD_OPTIONS))) + +build_tags += boltdb +endif + ifeq (,$(findstring nostrip,$(COSMOS_BUILD_OPTIONS))) + +ldflags += -w -s +endif +ldflags += $(LDFLAGS) + ldflags := $(strip $(ldflags)) + +build_tags += $(BUILD_TAGS) + +build_tags := $(strip $(build_tags)) + +BUILD_FLAGS := -tags "$(build_tags)" -ldflags '$(ldflags)' +# check for nostrip option + ifeq (,$(findstring nostrip,$(COSMOS_BUILD_OPTIONS))) + +BUILD_FLAGS += -trimpath +endif + +# Check for debug option + ifeq (debug,$(findstring debug,$(COSMOS_BUILD_OPTIONS))) + +BUILD_FLAGS += -gcflags "all=-N -l" +endif + +all: tools build lint test vulncheck + +# The below include contains the tools and runsim targets. +include contrib/devtools/Makefile + +############################################################################### +### Build ### +############################################################################### + +BUILD_TARGETS := build install + +build: BUILD_ARGS=-o $(BUILDDIR)/ + +build-linux-amd64: + GOOS=linux GOARCH=amd64 LEDGER_ENABLED=false $(MAKE) + +build + +build-linux-arm64: + GOOS=linux GOARCH=arm64 LEDGER_ENABLED=false $(MAKE) + +build + +$(BUILD_TARGETS): go.sum $(BUILDDIR)/ + cd ${ + CURRENT_DIR +}/simapp && go $@ -mod=readonly $(BUILD_FLAGS) $(BUILD_ARGS) ./... + +$(BUILDDIR)/: + mkdir -p $(BUILDDIR)/ + +cosmovisor: + $(MAKE) -C tools/cosmovisor cosmovisor + +rosetta: + $(MAKE) -C tools/rosetta rosetta + +confix: + $(MAKE) -C tools/confix confix + +hubl: + $(MAKE) -C tools/hubl hubl + +.PHONY: build build-linux-amd64 build-linux-arm64 cosmovisor rosetta confix + +mocks: $(MOCKS_DIR) + @go install github.com/golang/mock/mockgen@v1.6.0 + sh ./scripts/mockgen.sh +.PHONY: mocks + +vulncheck: $(BUILDDIR)/ + GOBIN=$(BUILDDIR) + +go install golang.org/x/vuln/cmd/govulncheck@latest + $(BUILDDIR)/govulncheck ./... + +$(MOCKS_DIR): + mkdir -p $(MOCKS_DIR) + +distclean: clean tools-clean +clean: + rm -rf \ + $(BUILDDIR)/ \ + artifacts/ \ + tmp-swagger-gen/ \ + .testnets + +.PHONY: distclean clean + +############################################################################### +### Tools & Dependencies ### +############################################################################### + +go.sum: go.mod + echo "Ensure dependencies have not been modified ..." >&2 + go mod verify + go mod tidy + +############################################################################### +### Documentation ### +############################################################################### + +godocs: + @echo "--> Wait a few seconds and visit http://localhost:6060/pkg/github.com/cosmos/cosmos-sdk/types" + go install golang.org/x/tools/cmd/godoc@latest + godoc -http=:6060 + +build-docs: + @cd docs && DOCS_DOMAIN=docs.cosmos.network sh ./build-all.sh + +.PHONY: build-docs + +############################################################################### +### Tests & Simulation ### +############################################################################### + +# make init-simapp initializes a single local node network +# it is useful for testing and development +# Usage: make install && make init-simapp && simd start +# Warning: make init-simapp will remove all data in simapp home directory +init-simapp: + ./scripts/init-simapp.sh + +test: test-unit +test-e2e: + $(MAKE) -C tests test-e2e +test-e2e-cov: + $(MAKE) -C tests test-e2e-cov +test-integration: + $(MAKE) -C tests test-integration +test-integration-cov: + $(MAKE) -C tests test-integration-cov +test-all: test-unit test-e2e test-integration test-ledger-mock test-race + +TEST_PACKAGES=./... +TEST_TARGETS := test-unit test-unit-amino test-unit-proto test-ledger-mock test-race test-ledger test-race + +# Test runs-specific rules. To add a new test target, just add +# a new rule, customise ARGS or TEST_PACKAGES ad libitum, and +# append the new rule to the TEST_TARGETS list. +test-unit: test_tags += cgo ledger test_ledger_mock norace +test-unit-amino: test_tags += ledger test_ledger_mock test_amino norace +test-ledger: test_tags += cgo ledger norace +test-ledger-mock: test_tags += ledger test_ledger_mock norace +test-race: test_tags += cgo ledger test_ledger_mock +test-race: ARGS=-race +test-race: TEST_PACKAGES=$(PACKAGES_NOSIMULATION) +$(TEST_TARGETS): run-tests + +# check-* compiles and collects tests without running them +# note: go test -c doesn't support multiple packages yet (https://github.com/golang/go/issues/15513) + +CHECK_TEST_TARGETS := check-test-unit check-test-unit-amino +check-test-unit: test_tags += cgo ledger test_ledger_mock norace +check-test-unit-amino: test_tags += ledger test_ledger_mock test_amino norace +$(CHECK_TEST_TARGETS): EXTRA_ARGS=-run=none +$(CHECK_TEST_TARGETS): run-tests + +ARGS += -tags "$(test_tags)" +SUB_MODULES = $(shell find . -type f -name 'go.mod' -print0 | xargs -0 -n1 dirname | sort) + +CURRENT_DIR = $(shell pwd) + +run-tests: + ifneq (,$(shell which tparse 2>/dev/null)) + @echo "Starting unit tests"; \ + finalec=0; \ + for module in $(SUB_MODULES); do \ + cd ${ + CURRENT_DIR +}/$module; \ + echo "Running unit tests for $(grep '^module' go.mod)"; \ + go test -mod=readonly -json $(ARGS) $(TEST_PACKAGES) ./... | tparse; \ + ec=$?; \ + if [ "$ec" -ne '0' ]; then finalec=$ec; fi; \ + done; \ + exit $finalec +else + @echo "Starting unit tests"; \ + finalec=0; \ + for module in $(SUB_MODULES); do \ + cd ${ + CURRENT_DIR +}/$module; \ + echo "Running unit tests for $(grep '^module' go.mod)"; \ + go test -mod=readonly $(ARGS) $(TEST_PACKAGES) ./... ; \ + ec=$?; \ + if [ "$ec" -ne '0' ]; then finalec=$ec; fi; \ + done; \ + exit $finalec +endif + +.PHONY: run-tests test test-all $(TEST_TARGETS) + +test-sim-nondeterminism: + @echo "Running non-determinism test..." + @cd ${ + CURRENT_DIR +}/simapp && go test -mod=readonly -run TestAppStateDeterminism -Enabled=true \ + -NumBlocks=100 -BlockSize=200 -Commit=true -Period=0 -v -timeout 24h + +# Requires an exported plugin. See store/streaming/README.md for documentation. +# +# example: +# export COSMOS_SDK_ABCI_V1= +# make test-sim-nondeterminism-streaming +# +# Using the built-in examples: +# export COSMOS_SDK_ABCI_V1=/store/streaming/abci/examples/file/file +# make test-sim-nondeterminism-streaming +test-sim-nondeterminism-streaming: + @echo "Running non-determinism-streaming test..." + @cd ${ + CURRENT_DIR +}/simapp && go test -mod=readonly -run TestAppStateDeterminism -Enabled=true \ + -NumBlocks=100 -BlockSize=200 -Commit=true -Period=0 -v -timeout 24h -EnableStreaming=true + +test-sim-custom-genesis-fast: + @echo "Running custom genesis simulation..." + @echo "By default, ${ + HOME +}/.gaiad/config/genesis.json will be used." + @cd ${ + CURRENT_DIR +}/simapp && go test -mod=readonly -run TestFullAppSimulation -Genesis=${ + HOME +}/.gaiad/config/genesis.json \ + -Enabled=true -NumBlocks=100 -BlockSize=200 -Commit=true -Seed=99 -Period=5 -v -timeout 24h + +test-sim-import-export: runsim + @echo "Running application import/export simulation. This may take several minutes..." + @cd ${ + CURRENT_DIR +}/simapp && $(BINDIR)/runsim -Jobs=4 -SimAppPkg=. -ExitOnFail 50 5 TestAppImportExport + +test-sim-after-import: runsim + @echo "Running application simulation-after-import. This may take several minutes..." + @cd ${ + CURRENT_DIR +}/simapp && $(BINDIR)/runsim -Jobs=4 -SimAppPkg=. -ExitOnFail 50 5 TestAppSimulationAfterImport + +test-sim-custom-genesis-multi-seed: runsim + @echo "Running multi-seed custom genesis simulation..." + @echo "By default, ${ + HOME +}/.gaiad/config/genesis.json will be used." + @cd ${ + CURRENT_DIR +}/simapp && $(BINDIR)/runsim -Genesis=${ + HOME +}/.gaiad/config/genesis.json -SimAppPkg=. -ExitOnFail 400 5 TestFullAppSimulation + +test-sim-multi-seed-long: runsim + @echo "Running long multi-seed application simulation. This may take awhile!" + @cd ${ + CURRENT_DIR +}/simapp && $(BINDIR)/runsim -Jobs=4 -SimAppPkg=. -ExitOnFail 500 50 TestFullAppSimulation + +test-sim-multi-seed-short: runsim + @echo "Running short multi-seed application simulation. This may take awhile!" + @cd ${ + CURRENT_DIR +}/simapp && $(BINDIR)/runsim -Jobs=4 -SimAppPkg=. -ExitOnFail 50 10 TestFullAppSimulation + +test-sim-benchmark-invariants: + @echo "Running simulation invariant benchmarks..." + cd ${ + CURRENT_DIR +}/simapp && @go test -mod=readonly -benchmem -bench=BenchmarkInvariants -run=^$ \ + -Enabled=true -NumBlocks=1000 -BlockSize=200 \ + -Period=1 -Commit=true -Seed=57 -v -timeout 24h + +.PHONY: \ +test-sim-nondeterminism \ +test-sim-nondeterminism-streaming \ +test-sim-custom-genesis-fast \ +test-sim-import-export \ +test-sim-after-import \ +test-sim-custom-genesis-multi-seed \ +test-sim-multi-seed-short \ +test-sim-multi-seed-long \ +test-sim-benchmark-invariants + +SIM_NUM_BLOCKS ?= 500 +SIM_BLOCK_SIZE ?= 200 +SIM_COMMIT ?= true + +test-sim-benchmark: + @echo "Running application benchmark for numBlocks=$(SIM_NUM_BLOCKS), blockSize=$(SIM_BLOCK_SIZE). This may take awhile!" + @cd ${ + CURRENT_DIR +}/simapp && go test -mod=readonly -run=^$ $(.) -bench ^BenchmarkFullAppSimulation$ \ + -Enabled=true -NumBlocks=$(SIM_NUM_BLOCKS) -BlockSize=$(SIM_BLOCK_SIZE) -Commit=$(SIM_COMMIT) -timeout 24h + +# Requires an exported plugin. See store/streaming/README.md for documentation. +# +# example: +# export COSMOS_SDK_ABCI_V1= +# make test-sim-benchmark-streaming +# +# Using the built-in examples: +# export COSMOS_SDK_ABCI_V1=/store/streaming/abci/examples/file/file +# make test-sim-benchmark-streaming +test-sim-benchmark-streaming: + @echo "Running application benchmark for numBlocks=$(SIM_NUM_BLOCKS), blockSize=$(SIM_BLOCK_SIZE). This may take awhile!" + @cd ${ + CURRENT_DIR +}/simapp && go test -mod=readonly -run=^$ $(.) -bench ^BenchmarkFullAppSimulation$ \ + -Enabled=true -NumBlocks=$(SIM_NUM_BLOCKS) -BlockSize=$(SIM_BLOCK_SIZE) -Commit=$(SIM_COMMIT) -timeout 24h -EnableStreaming=true + +test-sim-profile: + @echo "Running application benchmark for numBlocks=$(SIM_NUM_BLOCKS), blockSize=$(SIM_BLOCK_SIZE). This may take awhile!" + @cd ${ + CURRENT_DIR +}/simapp && go test -mod=readonly -benchmem -run=^$ $(.) -bench ^BenchmarkFullAppSimulation$ \ + -Enabled=true -NumBlocks=$(SIM_NUM_BLOCKS) -BlockSize=$(SIM_BLOCK_SIZE) -Commit=$(SIM_COMMIT) -timeout 24h -cpuprofile cpu.out -memprofile mem.out + +# Requires an exported plugin. See store/streaming/README.md for documentation. +# +# example: +# export COSMOS_SDK_ABCI_V1= +# make test-sim-profile-streaming +# +# Using the built-in examples: +# export COSMOS_SDK_ABCI_V1=/store/streaming/abci/examples/file/file +# make test-sim-profile-streaming +test-sim-profile-streaming: + @echo "Running application benchmark for numBlocks=$(SIM_NUM_BLOCKS), blockSize=$(SIM_BLOCK_SIZE). This may take awhile!" + @cd ${ + CURRENT_DIR +}/simapp && go test -mod=readonly -benchmem -run=^$ $(.) -bench ^BenchmarkFullAppSimulation$ \ + -Enabled=true -NumBlocks=$(SIM_NUM_BLOCKS) -BlockSize=$(SIM_BLOCK_SIZE) -Commit=$(SIM_COMMIT) -timeout 24h -cpuprofile cpu.out -memprofile mem.out -EnableStreaming=true + +.PHONY: test-sim-profile test-sim-benchmark + +test-rosetta: + docker build -t rosetta-ci:latest -f contrib/rosetta/rosetta-ci/Dockerfile . + docker-compose -f contrib/rosetta/docker-compose.yaml up --abort-on-container-exit --exit-code-from test_rosetta --build +.PHONY: test-rosetta + +benchmark: + @go test -mod=readonly -bench=. $(PACKAGES_NOSIMULATION) +.PHONY: benchmark + +############################################################################### +### Linting ### +############################################################################### + +golangci_lint_cmd=golangci-lint +golangci_version=v1.51.2 + +lint: + @echo "--> Running linter" + @go install github.com/golangci/golangci-lint/cmd/golangci-lint@$(golangci_version) + @./scripts/go-lint-all.bash --timeout=15m + +lint-fix: + @echo "--> Running linter" + @go install github.com/golangci/golangci-lint/cmd/golangci-lint@$(golangci_version) + @./scripts/go-lint-all.bash --fix + +.PHONY: lint lint-fix + +############################################################################### +### Protobuf ### +############################################################################### + +protoVer=0.13.2 +protoImageName=ghcr.io/cosmos/proto-builder:$(protoVer) + +protoImage=$(DOCKER) + +run --rm -v $(CURDIR):/workspace --workdir /workspace $(protoImageName) + +proto-all: proto-format proto-lint proto-gen + +proto-gen: + @echo "Generating Protobuf files" + @$(protoImage) + +sh ./scripts/protocgen.sh + +proto-swagger-gen: + @echo "Generating Protobuf Swagger" + @$(protoImage) + +sh ./scripts/protoc-swagger-gen.sh + +proto-format: + @$(protoImage) + +find ./ -name "*.proto" -exec clang-format -i { +} \; + +proto-lint: + @$(protoImage) + +buf lint --error-format=json + +proto-check-breaking: + @$(protoImage) + +buf breaking --against $(HTTPS_GIT)#branch=main + +CMT_URL = https://raw.githubusercontent.com/cometbft/cometbft/v0.38.0-alpha.2/proto/tendermint + +CMT_CRYPTO_TYPES = proto/tendermint/crypto +CMT_ABCI_TYPES = proto/tendermint/abci +CMT_TYPES = proto/tendermint/types +CMT_VERSION = proto/tendermint/version +CMT_LIBS = proto/tendermint/libs/bits +CMT_P2P = proto/tendermint/p2p + +proto-update-deps: + @echo "Updating Protobuf dependencies" + + @mkdir -p $(CMT_ABCI_TYPES) + @curl -sSL $(CMT_URL)/abci/types.proto > $(CMT_ABCI_TYPES)/types.proto + + @mkdir -p $(CMT_VERSION) + @curl -sSL $(CMT_URL)/version/types.proto > $(CMT_VERSION)/types.proto + + @mkdir -p $(CMT_TYPES) + @curl -sSL $(CMT_URL)/types/types.proto > $(CMT_TYPES)/types.proto + @curl -sSL $(CMT_URL)/types/evidence.proto > $(CMT_TYPES)/evidence.proto + @curl -sSL $(CMT_URL)/types/params.proto > $(CMT_TYPES)/params.proto + @curl -sSL $(CMT_URL)/types/validator.proto > $(CMT_TYPES)/validator.proto + @curl -sSL $(CMT_URL)/types/block.proto > $(CMT_TYPES)/block.proto + + @mkdir -p $(CMT_CRYPTO_TYPES) + @curl -sSL $(CMT_URL)/crypto/proof.proto > $(CMT_CRYPTO_TYPES)/proof.proto + @curl -sSL $(CMT_URL)/crypto/keys.proto > $(CMT_CRYPTO_TYPES)/keys.proto + + @mkdir -p $(CMT_LIBS) + @curl -sSL $(CMT_URL)/libs/bits/types.proto > $(CMT_LIBS)/types.proto + + @mkdir -p $(CMT_P2P) + @curl -sSL $(CMT_URL)/p2p/types.proto > $(CMT_P2P)/types.proto + + $(DOCKER) + +run --rm -v $(CURDIR)/proto:/workspace --workdir /workspace $(protoImageName) + +buf mod update + +.PHONY: proto-all proto-gen proto-swagger-gen proto-format proto-lint proto-check-breaking proto-update-deps + +############################################################################### +### Localnet ### +############################################################################### + +localnet-build-env: + $(MAKE) -C contrib/images simd-env +localnet-build-dlv: + $(MAKE) -C contrib/images simd-dlv + +localnet-build-nodes: + $(DOCKER) + +run --rm -v $(CURDIR)/.testnets:/data cosmossdk/simd \ + testnet init-files --v 4 -o /data --starting-ip-address 192.168.10.2 --keyring-backend=test + docker-compose up -d + +localnet-stop: + docker-compose down + +# localnet-start will run a 4-node testnet locally. The nodes are +# based off the docker images in: ./contrib/images/simd-env +localnet-start: localnet-stop localnet-build-env localnet-build-nodes + +# localnet-debug will run a 4-node testnet locally in debug mode +# you can read more about the debug mode here: ./contrib/images/simd-dlv/README.md +localnet-debug: localnet-stop localnet-build-dlv localnet-build-nodes + +.PHONY: localnet-start localnet-stop localnet-debug localnet-build-env localnet-build-dlv localnet-build-nodes + +############################################################################### +### rosetta ### +############################################################################### +# builds rosetta test data dir +rosetta-data: + -docker container rm data_dir_build + docker build -t rosetta-ci:latest -f contrib/rosetta/rosetta-ci/Dockerfile . + docker run --name data_dir_build -t rosetta-ci:latest sh /rosetta/data.sh + docker cp data_dir_build:/tmp/data.tar.gz "$(CURDIR)/contrib/rosetta/rosetta-ci/data.tar.gz" + docker container rm data_dir_build +.PHONY: rosetta-data +``` + +The script used to generate the protobuf files can be found in the `scripts/` directory. + +```shell +# Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/scripts/protocgen.sh +``` + +## Buf + +[Buf](https://buf.build) is a protobuf tool that abstracts the need to use the complicated `protoc` toolchain on top of various other things that ensure you are using protobuf in accordance with the majority of the ecosystem. Within the cosmos-sdk repository there are a few files that have a buf prefix. Lets start with the top level and then dive into the various directories. + +### Workspace + +At the root level directory a workspace is defined using [buf workspaces](https://docs.buf.build/configuration/v1/buf-work-yaml). This helps if there are one or more protobuf containing directories in your project. + +Cosmos SDK example: + +```go +version: v1 +directories: + - proto +``` + +### Proto Directory + +Next is the `proto/` directory where all of our protobuf files live. In here there are many different buf files defined each serving a different purpose. + +```bash +├── README.md +├── buf.gen.gogo.yaml +├── buf.gen.pulsar.yaml +├── buf.gen.swagger.yaml +├── buf.lock +├── buf.md +├── buf.yaml +├── cosmos +└── tendermint +``` + +The above diagram shows all the files and directories within the Cosmos SDK `proto/` directory. + +#### `buf.gen.gogo.yaml` + +`buf.gen.gogo.yaml` defines how the protobuf files should be generated for use with in the module. This file uses [gogoproto](https://github.com/gogo/protobuf), a separate generator from the google go-proto generator that makes working with various objects more ergonomic, and it has more performant encode and decode steps + +```go +version: v1 +plugins: + - name: gocosmos + out: .. + opt: plugins=grpc,Mgoogle/protobuf/any.proto=github.com/cosmos/gogoproto/types/any + - name: grpc-gateway + out: .. + opt: logtostderr=true,allow_colon_final_segments=true +``` + + +Example of how to define `gen` files can be found [here](https://docs.buf.build/generate/overview) + + +#### `buf.gen.pulsar.yaml` + +`buf.gen.pulsar.yaml` defines how protobuf files should be generated using the [new golang apiv2 of protobuf](https://go.dev/blog/protobuf-apiv2). This generator is used instead of the google go-proto generator because it has some extra helpers for Cosmos SDK applications and will have more performant encode and decode than the google go-proto generator. You can follow the development of this generator [here](https://github.com/cosmos/cosmos-proto). + +```go expandable +version: v1 +managed: + enabled: true + go_package_prefix: + default: cosmossdk.io/api + except: + - buf.build/googleapis/googleapis + - buf.build/cosmos/gogo-proto + - buf.build/cosmos/cosmos-proto + override: +plugins: + - name: go-pulsar + out: ../api + opt: paths=source_relative + - name: go-grpc + out: ../api + opt: paths=source_relative +``` + + +Example of how to define `gen` files can be found [here](https://docs.buf.build/generate/overview) + + +#### `buf.gen.swagger.yaml` + +`buf.gen.swagger.yaml` generates the swagger documentation for the query and messages of the chain. This will only define the REST API endpoints that were defined in the query and msg servers. You can find examples of this [here](https://github.com/cosmos/cosmos-sdk/blob/main/proto/cosmos/bank/v1beta1/query.proto#L19) + +```go +version: v1 +plugins: + - name: swagger + out: ../tmp-swagger-gen + opt: logtostderr=true,fqn_for_swagger_name=true,simple_operation_ids=true +``` + + +Example of how to define `gen` files can be found [here](https://docs.buf.build/generate/overview) + + +#### `buf.lock` + +This is an autogenerated file based on the dependencies required by the `.gen` files. There is no need to copy the current one. If you depend on cosmos-sdk proto definitions a new entry for the Cosmos SDK will need to be provided. The dependency you will need to use is `buf.build/cosmos/cosmos-sdk`. + +```go expandable +# Generated by buf. DO NOT EDIT. +version: v1 +deps: + - remote: buf.build + owner: cosmos + repository: cosmos-proto + commit: 04467658e59e44bbb22fe568206e1f70 + digest: shake256:73a640bd60e0c523b0f8237ff34eab67c45a38b64bbbde1d80224819d272dbf316ac183526bd245f994af6608b025f5130483d0133c5edd385531326b5990466 + - remote: buf.build + owner: cosmos + repository: gogo-proto + commit: 88ef6483f90f478fb938c37dde52ece3 + digest: shake256:89c45df2aa11e0cff97b0d695436713db3d993d76792e9f8dc1ae90e6ab9a9bec55503d48ceedd6b86069ab07d3041b32001b2bfe0227fa725dd515ff381e5ba + - remote: buf.build + owner: googleapis + repository: googleapis + commit: 751cbe31638d43a9bfb6162cd2352e67 + digest: shake256:87f55470d9d124e2d1dedfe0231221f4ed7efbc55bc5268917c678e2d9b9c41573a7f9a557f6d8539044524d9fc5ca8fbb7db05eb81379d168285d76b57eb8a4 + - remote: buf.build + owner: protocolbuffers + repository: wellknowntypes + commit: 3ddd61d1f53d485abd3d3a2b47a62b8e + digest: shake256:9e6799d56700d0470c3723a2fd027e8b4a41a07085a0c90c58e05f6c0038fac9b7a0170acd7692707a849983b1b8189aa33e7b73f91d68157f7136823115546b +``` + +#### `buf.yaml` + +`buf.yaml` defines the [name of your package](https://github.com/cosmos/cosmos-sdk/blob/main/proto/buf.yaml#L3), which [breakage checker](https://docs.buf.build/breaking/overview) to use and how to [lint your protobuf files](https://buf.build/docs/tutorials/getting-started-with-buf-cli#lint-your-api). + +```go expandable +# This module represents buf.build/cosmos/cosmos-sdk +version: v1 +name: buf.build/cosmos/cosmos-sdk +deps: + - buf.build/cosmos/cosmos-proto + - buf.build/cosmos/gogo-proto + - buf.build/googleapis/googleapis + - buf.build/protocolbuffers/wellknowntypes +breaking: + use: + - FILE + ignore: + - testpb +lint: + use: + - STANDARD + - COMMENTS + - FILE_LOWER_SNAKE_CASE + except: + - UNARY_RPC + - COMMENT_FIELD + - SERVICE_SUFFIX + - PACKAGE_VERSION_SUFFIX + - RPC_REQUEST_STANDARD_NAME + ignore: + - tendermint +``` + +We use a variety of linters for the Cosmos SDK protobuf files. The repo also checks this in ci. + +A reference to the github actions can be found [here](https://github.com/cosmos/cosmos-sdk/blob/main/.github/workflows/proto.yml#L1-L32) + +```go expandable +name: Protobuf +# Protobuf runs buf (https://buf.build/) + +lint and check-breakage +# This workflow is only run when a .proto file has been changed +on: + pull_request: + paths: + - "proto/**" + +permissions: + contents: read + +jobs: + lint: + runs-on: depot-ubuntu-22.04-4 + timeout-minutes: 5 + steps: + - uses: actions/checkout@v5 + - uses: bufbuild/buf-setup-action@v1.50.0 + - uses: bufbuild/buf-lint-action@v1 + with: + input: "proto" + + break-check: + runs-on: depot-ubuntu-22.04-4 + steps: + - uses: actions/checkout@v5 + - uses: bufbuild/buf-setup-action@v1.50.0 + - uses: bufbuild/buf-breaking-action@v1 + with: + input: "proto" + against: "https://github.com/${{ + github.repository +}}.git#branch=${{ + github.event.pull_request.base.ref +}},ref=HEAD~1,subdir=proto" +``` diff --git a/docs/sdk/next/coming-soon.mdx b/docs/sdk/next/coming-soon.mdx deleted file mode 100644 index 08708a40..00000000 --- a/docs/sdk/next/coming-soon.mdx +++ /dev/null @@ -1,3 +0,0 @@ ---- -title: Coming Soon ---- \ No newline at end of file diff --git a/docs/sdk/next/learn/advanced/autocli.mdx b/docs/sdk/next/learn/advanced/autocli.mdx new file mode 100644 index 00000000..5e4f8e2a --- /dev/null +++ b/docs/sdk/next/learn/advanced/autocli.mdx @@ -0,0 +1,725 @@ +--- +title: AutoCLI +--- + +**Synopsis** +This document details how to build CLI and REST interfaces for a module. Examples from various Cosmos SDK modules are included. + + + +**Pre-requisite Readings** + +* [CLI](https://docs.cosmos.network/main/core/cli) + + + +The `autocli` (also known as `client/v2`) package is a [Go library](https://pkg.go.dev/cosmossdk.io/client/v2/autocli) for generating CLI (command line interface) interfaces for Cosmos SDK-based applications. It provides a simple way to add CLI commands to your application by generating them automatically based on your gRPC service definitions. Autocli generates CLI commands and flags directly from your protobuf messages, including options, input parameters, and output parameters. This means that you can easily add a CLI interface to your application without having to manually create and manage commands. + +## Overview + +`autocli` generates CLI commands and flags for each method defined in your gRPC service. By default, it generates commands for each gRPC services. The commands are named based on the name of the service method. + +For example, given the following protobuf definition for a service: + +```protobuf +service MyService { + rpc MyMethod(MyRequest) returns (MyResponse) {} +} +``` + +For instance, `autocli` would generate a command named `my-method` for the `MyMethod` method. The command will have flags for each field in the `MyRequest` message. + +It is possible to customize the generation of transactions and queries by defining options for each service. + +## Application Wiring + +Here are the steps to use AutoCLI: + +1. Ensure your app's modules implements the `appmodule.AppModule` interface. +2. (optional) Configure how behave `autocli` command generation, by implementing the `func (am AppModule) AutoCLIOptions() *autocliv1.ModuleOptions` method on the module. +3. Use the `autocli.AppOptions` struct to specify the modules you defined. If you are using `depinject`, it can automatically create an instance of `autocli.AppOptions` based on your app's configuration. +4. Use the `EnhanceRootCommand()` method provided by `autocli` to add the CLI commands for the specified modules to your root command. + + +AutoCLI is additive only, meaning *enhancing* the root command will only add subcommands that are not already registered. This means that you can use AutoCLI alongside other custom commands within your app. + + +Here's an example of how to use `autocli` in your app: + +```go expandable +// Define your app's modules + testModules := map[string]appmodule.AppModule{ + "testModule": &TestModule{ +}, +} + +// Define the autocli AppOptions + autoCliOpts := autocli.AppOptions{ + Modules: testModules, +} + +// Create the root command + rootCmd := &cobra.Command{ + Use: "app", +} + if err := appOptions.EnhanceRootCommand(rootCmd); err != nil { + return err +} + +// Run the root command + if err := rootCmd.Execute(); err != nil { + return err +} +``` + +### Keyring + +`autocli` uses a keyring for key name resolving names and signing transactions. + + +AutoCLI provides a better UX than normal CLI as it allows to resolve key names directly from the keyring in all transactions and commands. + +```sh + q bank balances alice + tx bank send alice bob 1000denom +``` + + + +The keyring used for resolving names and signing transactions is provided via the `client.Context`. +The keyring is then converted to the `client/v2/autocli/keyring` interface. +If no keyring is provided, the `autocli` generated command will not be able to sign transactions, but will still be able to query the chain. + + +The Cosmos SDK keyring implements the `client/v2/autocli/keyring` interface, thanks to the following wrapper: + +```go +keyring.NewAutoCLIKeyring(kb) +``` + + + +## Signing + +`autocli` supports signing transactions with the keyring. +The [`cosmos.msg.v1.signer` protobuf annotation](https://docs.cosmos.network/main/build/building-modules/protobuf-annotations) defines the signer field of the message. +This field is automatically filled when using the `--from` flag or defining the signer as a positional argument. + + +AutoCLI currently supports only one signer per transaction. + + +## Module wiring & Customization + +The `AutoCLIOptions()` method on your module allows to specify custom commands, sub-commands or flags for each service, as it was a `cobra.Command` instance, within the `RpcCommandOptions` struct. Defining such options will customize the behavior of the `autocli` command generation, which by default generates a command for each method in your gRPC service. + +```go +*autocliv1.RpcCommandOptions{ + RpcMethod: "Params", // The name of the gRPC service + Use: "params", // Command usage that is displayed in the help + Short: "Query the parameters of the governance process", // Short description of the command + Long: "Query the parameters of the governance process. Specify specific param types (voting|tallying|deposit) + +to filter results.", // Long description of the command + PositionalArgs: []*autocliv1.PositionalArgDescriptor{ + { + ProtoField: "params_type", + Optional: true +}, // Transform a flag into a positional argument +}, +} +``` + + +AutoCLI can create a gov proposal of any tx by simply setting the `GovProposal` field to `true` in the `autocli.RpcCommandOptions` struct. +Users can however use the `--no-proposal` flag to disable the proposal creation (which is useful if the authority isn't the gov module on a chain). + + +### Specifying Subcommands + +By default, `autocli` generates a command for each method in your gRPC service. However, you can specify subcommands to group related commands together. To specify subcommands, use the `autocliv1.ServiceCommandDescriptor` struct. + +This example shows how to use the `autocliv1.ServiceCommandDescriptor` struct to group related commands together and specify subcommands in your gRPC service by defining an instance of `autocliv1.ModuleOptions` in your `autocli.go`. + +```go expandable +package gov + +import ( + + "fmt" + + autocliv1 "cosmossdk.io/api/cosmos/autocli/v1" + govv1 "cosmossdk.io/api/cosmos/gov/v1" + govv1beta1 "cosmossdk.io/api/cosmos/gov/v1beta1" + "github.com/cosmos/cosmos-sdk/version" +) + +// AutoCLIOptions implements the autocli.HasAutoCLIConfig interface. +func (am AppModule) + +AutoCLIOptions() *autocliv1.ModuleOptions { + return &autocliv1.ModuleOptions{ + Query: &autocliv1.ServiceCommandDescriptor{ + Service: govv1.Query_ServiceDesc.ServiceName, + RpcCommandOptions: []*autocliv1.RpcCommandOptions{ + { + RpcMethod: "Params", + Use: "params", + Short: "Query the parameters of the governance process", + Long: "Query the parameters of the governance process. Specify specific param types (voting|tallying|deposit) + +to filter results.", + PositionalArgs: []*autocliv1.PositionalArgDescriptor{ + { + ProtoField: "params_type", + Optional: true +}, +}, +}, + { + RpcMethod: "Proposals", + Use: "proposals", + Short: "Query proposals with optional filters", + Example: fmt.Sprintf("%[1]s query gov proposals --depositor cosmos1...\n%[1]s query gov proposals --voter cosmos1...\n%[1]s query gov proposals --proposal-status (PROPOSAL_STATUS_DEPOSIT_PERIOD|PROPOSAL_STATUS_VOTING_PERIOD|PROPOSAL_STATUS_PASSED|PROPOSAL_STATUS_REJECTED|PROPOSAL_STATUS_FAILED)", version.AppName), +}, + { + RpcMethod: "Proposal", + Use: "proposal [proposal-id]", + Short: "Query details of a single proposal", + Example: fmt.Sprintf("%s query gov proposal 1", version.AppName), + PositionalArgs: []*autocliv1.PositionalArgDescriptor{ + { + ProtoField: "proposal_id" +}, +}, +}, + { + RpcMethod: "Vote", + Use: "vote [proposal-id] [voter-addr]", + Short: "Query details of a single vote", + Example: fmt.Sprintf("%s query gov vote 1 cosmos1...", version.AppName), + PositionalArgs: []*autocliv1.PositionalArgDescriptor{ + { + ProtoField: "proposal_id" +}, + { + ProtoField: "voter" +}, +}, +}, + { + RpcMethod: "Votes", + Use: "votes [proposal-id]", + Short: "Query votes of a single proposal", + Example: fmt.Sprintf("%s query gov votes 1", version.AppName), + PositionalArgs: []*autocliv1.PositionalArgDescriptor{ + { + ProtoField: "proposal_id" +}, +}, +}, + { + RpcMethod: "Deposit", + Use: "deposit [proposal-id] [depositer-addr]", + Short: "Query details of a deposit", + PositionalArgs: []*autocliv1.PositionalArgDescriptor{ + { + ProtoField: "proposal_id" +}, + { + ProtoField: "depositor" +}, +}, +}, + { + RpcMethod: "Deposits", + Use: "deposits [proposal-id]", + Short: "Query deposits on a proposal", + PositionalArgs: []*autocliv1.PositionalArgDescriptor{ + { + ProtoField: "proposal_id" +}, +}, +}, + { + RpcMethod: "TallyResult", + Use: "tally [proposal-id]", + Short: "Query the tally of a proposal vote", + Example: fmt.Sprintf("%s query gov tally 1", version.AppName), + PositionalArgs: []*autocliv1.PositionalArgDescriptor{ + { + ProtoField: "proposal_id" +}, +}, +}, + { + RpcMethod: "Constitution", + Use: "constitution", + Short: "Query the current chain constitution", +}, +}, + // map v1beta1 as a sub-command + SubCommands: map[string]*autocliv1.ServiceCommandDescriptor{ + "v1beta1": { + Service: govv1beta1.Query_ServiceDesc.ServiceName +}, +}, +}, + Tx: &autocliv1.ServiceCommandDescriptor{ + Service: govv1.Msg_ServiceDesc.ServiceName, + // map v1beta1 as a sub-command + SubCommands: map[string]*autocliv1.ServiceCommandDescriptor{ + "v1beta1": { + Service: govv1beta1.Msg_ServiceDesc.ServiceName +}, +}, +}, +} +} +``` + +### Positional Arguments + +By default `autocli` generates a flag for each field in your protobuf message. However, you can choose to use positional arguments instead of flags for certain fields. + +To add positional arguments to a command, use the `autocliv1.PositionalArgDescriptor` struct, as seen in the example below. Specify the `ProtoField` parameter, which is the name of the protobuf field that should be used as the positional argument. In addition, if the parameter is a variable-length argument, you can specify the `Varargs` parameter as `true`. This can only be applied to the last positional parameter, and the `ProtoField` must be a repeated field. + +Here's an example of how to define a positional argument for the `Account` method of the `auth` service: + +```go expandable +package auth + +import ( + + "fmt" + + authv1beta1 "cosmossdk.io/api/cosmos/auth/v1beta1" + autocliv1 "cosmossdk.io/api/cosmos/autocli/v1" + _ "cosmossdk.io/api/cosmos/crypto/secp256k1" // register to that it shows up in protoregistry.GlobalTypes + _ "cosmossdk.io/api/cosmos/crypto/secp256r1" // register to that it shows up in protoregistry.GlobalTypes + + "github.com/cosmos/cosmos-sdk/version" +) + +// AutoCLIOptions implements the autocli.HasAutoCLIConfig interface. +func (am AppModule) + +AutoCLIOptions() *autocliv1.ModuleOptions { + return &autocliv1.ModuleOptions{ + Query: &autocliv1.ServiceCommandDescriptor{ + Service: authv1beta1.Query_ServiceDesc.ServiceName, + RpcCommandOptions: []*autocliv1.RpcCommandOptions{ + { + RpcMethod: "Accounts", + Use: "accounts", + Short: "Query all the accounts", +}, + { + RpcMethod: "Account", + Use: "account [address]", + Short: "Query account by address", + PositionalArgs: []*autocliv1.PositionalArgDescriptor{{ + ProtoField: "address" +}}, +}, + { + RpcMethod: "AccountInfo", + Use: "account-info [address]", + Short: "Query account info which is common to all account types.", + PositionalArgs: []*autocliv1.PositionalArgDescriptor{{ + ProtoField: "address" +}}, +}, + { + RpcMethod: "AccountAddressByID", + Use: "address-by-acc-num [acc-num]", + Short: "Query account address by account number", + PositionalArgs: []*autocliv1.PositionalArgDescriptor{{ + ProtoField: "id" +}}, +}, + { + RpcMethod: "ModuleAccounts", + Use: "module-accounts", + Short: "Query all module accounts", +}, + { + RpcMethod: "ModuleAccountByName", + Use: "module-account [module-name]", + Short: "Query module account info by module name", + Example: fmt.Sprintf("%s q auth module-account gov", version.AppName), + PositionalArgs: []*autocliv1.PositionalArgDescriptor{{ + ProtoField: "name" +}}, +}, + { + RpcMethod: "AddressBytesToString", + Use: "address-bytes-to-string [address-bytes]", + Short: "Transform an address bytes to string", + PositionalArgs: []*autocliv1.PositionalArgDescriptor{{ + ProtoField: "address_bytes" +}}, +}, + { + RpcMethod: "AddressStringToBytes", + Use: "address-string-to-bytes [address-string]", + Short: "Transform an address string to bytes", + PositionalArgs: []*autocliv1.PositionalArgDescriptor{{ + ProtoField: "address_string" +}}, +}, + { + RpcMethod: "Bech32Prefix", + Use: "bech32-prefix", + Short: "Query the chain bech32 prefix (if applicable)", +}, + { + RpcMethod: "Params", + Use: "params", + Short: "Query the current auth parameters", +}, +}, +}, + // Tx is purposely left empty, as the only tx is MsgUpdateParams which is gov gated. +} +} +``` + +Then the command can be used as follows, instead of having to specify the `--address` flag: + +```bash + query auth account cosmos1abcd...xyz +``` + +#### Flattened Fields in Positional Arguments + +AutoCLI also supports flattening nested message fields as positional arguments. This means you can access nested fields +using dot notation in the `ProtoField` parameter. This is particularly useful when you want to directly set nested +message fields as positional arguments. + +For example, if you have a nested message structure like this: + +```protobuf +message Permissions { + string level = 1; + repeated string limit_type_urls = 2; +} + +message MsgAuthorizeCircuitBreaker { + string grantee = 1; + Permissions permissions = 2; +} +``` + +You can flatten the fields in your AutoCLI configuration: + +```go +{ + RpcMethod: "AuthorizeCircuitBreaker", + Use: "authorize ", + PositionalArgs: []*autocliv1.PositionalArgDescriptor{ + { + ProtoField: "grantee" +}, + { + ProtoField: "permissions.level" +}, + { + ProtoField: "permissions.limit_type_urls" +}, +}, +} +``` + +This allows users to provide values for nested fields directly as positional arguments: + +```bash + tx circuit authorize cosmos1... super-admin "/cosmos.bank.v1beta1.MsgSend,/cosmos.bank.v1beta1.MsgMultiSend" +``` + +Instead of having to provide a complex JSON structure for nested fields, flattening makes the CLI more user-friendly by allowing direct access to nested fields. + +#### Customising Flag Names + +By default, `autocli` generates flag names based on the names of the fields in your protobuf message. However, you can customise the flag names by providing a `FlagOptions`. This parameter allows you to specify custom names for flags based on the names of the message fields. + +For example, if you have a message with the fields `test` and `test1`, you can use the following naming options to customise the flags: + +```go +autocliv1.RpcCommandOptions{ + FlagOptions: map[string]*autocliv1.FlagOptions{ + "test": { + Name: "custom_name", +}, + "test1": { + Name: "other_name", +}, +}, +} +``` + +`FlagsOptions` is defined like sub commands in the `AutoCLIOptions()` method on your module. + +### Combining AutoCLI with Other Commands Within A Module + +AutoCLI can be used alongside other commands within a module. For example, the `gov` module uses AutoCLI to generate commands for the `query` subcommand, but also defines custom commands for the `proposer` subcommands. + +In order to enable this behavior, set in `AutoCLIOptions()` the `EnhanceCustomCommand` field to `true`, for the command type (queries and/or transactions) you want to enhance. + +```go expandable +package gov + +import ( + + "fmt" + + autocliv1 "cosmossdk.io/api/cosmos/autocli/v1" + govv1 "cosmossdk.io/api/cosmos/gov/v1" + govv1beta1 "cosmossdk.io/api/cosmos/gov/v1beta1" + "github.com/cosmos/cosmos-sdk/version" +) + +// AutoCLIOptions implements the autocli.HasAutoCLIConfig interface. +func (am AppModule) + +AutoCLIOptions() *autocliv1.ModuleOptions { + return &autocliv1.ModuleOptions{ + Query: &autocliv1.ServiceCommandDescriptor{ + Service: govv1.Query_ServiceDesc.ServiceName, + RpcCommandOptions: []*autocliv1.RpcCommandOptions{ + { + RpcMethod: "Params", + Use: "params", + Short: "Query the parameters of the governance process", + Long: "Query the parameters of the governance process. Specify specific param types (voting|tallying|deposit) + +to filter results.", + PositionalArgs: []*autocliv1.PositionalArgDescriptor{ + { + ProtoField: "params_type", + Optional: true +}, +}, +}, + { + RpcMethod: "Proposals", + Use: "proposals", + Short: "Query proposals with optional filters", + Example: fmt.Sprintf("%[1]s query gov proposals --depositor cosmos1...\n%[1]s query gov proposals --voter cosmos1...\n%[1]s query gov proposals --proposal-status (PROPOSAL_STATUS_DEPOSIT_PERIOD|PROPOSAL_STATUS_VOTING_PERIOD|PROPOSAL_STATUS_PASSED|PROPOSAL_STATUS_REJECTED|PROPOSAL_STATUS_FAILED)", version.AppName), +}, + { + RpcMethod: "Proposal", + Use: "proposal [proposal-id]", + Short: "Query details of a single proposal", + Example: fmt.Sprintf("%s query gov proposal 1", version.AppName), + PositionalArgs: []*autocliv1.PositionalArgDescriptor{ + { + ProtoField: "proposal_id" +}, +}, +}, + { + RpcMethod: "Vote", + Use: "vote [proposal-id] [voter-addr]", + Short: "Query details of a single vote", + Example: fmt.Sprintf("%s query gov vote 1 cosmos1...", version.AppName), + PositionalArgs: []*autocliv1.PositionalArgDescriptor{ + { + ProtoField: "proposal_id" +}, + { + ProtoField: "voter" +}, +}, +}, + { + RpcMethod: "Votes", + Use: "votes [proposal-id]", + Short: "Query votes of a single proposal", + Example: fmt.Sprintf("%s query gov votes 1", version.AppName), + PositionalArgs: []*autocliv1.PositionalArgDescriptor{ + { + ProtoField: "proposal_id" +}, +}, +}, + { + RpcMethod: "Deposit", + Use: "deposit [proposal-id] [depositer-addr]", + Short: "Query details of a deposit", + PositionalArgs: []*autocliv1.PositionalArgDescriptor{ + { + ProtoField: "proposal_id" +}, + { + ProtoField: "depositor" +}, +}, +}, + { + RpcMethod: "Deposits", + Use: "deposits [proposal-id]", + Short: "Query deposits on a proposal", + PositionalArgs: []*autocliv1.PositionalArgDescriptor{ + { + ProtoField: "proposal_id" +}, +}, +}, + { + RpcMethod: "TallyResult", + Use: "tally [proposal-id]", + Short: "Query the tally of a proposal vote", + Example: fmt.Sprintf("%s query gov tally 1", version.AppName), + PositionalArgs: []*autocliv1.PositionalArgDescriptor{ + { + ProtoField: "proposal_id" +}, +}, +}, + { + RpcMethod: "Constitution", + Use: "constitution", + Short: "Query the current chain constitution", +}, +}, + // map v1beta1 as a sub-command + SubCommands: map[string]*autocliv1.ServiceCommandDescriptor{ + "v1beta1": { + Service: govv1beta1.Query_ServiceDesc.ServiceName +}, +}, + EnhanceCustomCommand: true, // We still have manual commands in gov that we want to keep +}, + Tx: &autocliv1.ServiceCommandDescriptor{ + Service: govv1.Msg_ServiceDesc.ServiceName, + // map v1beta1 as a sub-command + SubCommands: map[string]*autocliv1.ServiceCommandDescriptor{ + "v1beta1": { + Service: govv1beta1.Msg_ServiceDesc.ServiceName +}, +}, +}, +} +} +``` + +If not set to true, `AutoCLI` will not generate commands for the module if there are already commands registered for the module (when `GetTxCmd()` or `GetTxCmd()` are defined). + +### Skip a command + +AutoCLI automatically skips unsupported commands when [`cosmos_proto.method_added_in` protobuf annotation](https://docs.cosmos.network/main/build/building-modules/protobuf-annotations) is present. + +Additionally, a command can be manually skipped using the `autocliv1.RpcCommandOptions`: + +```go +*autocliv1.RpcCommandOptions{ + RpcMethod: "Params", // The name of the gRPC service + Skip: true, +} +``` + +### Use AutoCLI for non module commands + +It is possible to use `AutoCLI` for non module commands. The trick is still to implement the `appmodule.Module` interface and append it to the `appOptions.ModuleOptions` map. + +For example, here is how the SDK does it for `cometbft` gRPC commands: + +```go expandable +package cmtservice + +import ( + + autocliv1 "cosmossdk.io/api/cosmos/autocli/v1" + cmtv1beta1 "cosmossdk.io/api/cosmos/base/tendermint/v1beta1" +) + +var CometBFTAutoCLIDescriptor = &autocliv1.ServiceCommandDescriptor{ + Service: cmtv1beta1.Service_ServiceDesc.ServiceName, + RpcCommandOptions: []*autocliv1.RpcCommandOptions{ + { + RpcMethod: "GetNodeInfo", + Use: "node-info", + Short: "Query the current node info", +}, + { + RpcMethod: "GetSyncing", + Use: "syncing", + Short: "Query node syncing status", +}, + { + RpcMethod: "GetLatestBlock", + Use: "block-latest", + Short: "Query for the latest committed block", +}, + { + RpcMethod: "GetBlockByHeight", + Use: "block-by-height [height]", + Short: "Query for a committed block by height", + Long: "Query for a specific committed block using the CometBFT RPC `block_by_height` method", + PositionalArgs: []*autocliv1.PositionalArgDescriptor{{ + ProtoField: "height" +}}, +}, + { + RpcMethod: "GetLatestValidatorSet", + Use: "validator-set", + Alias: []string{"validator-set-latest", "comet-validator-set", "cometbft-validator-set", "tendermint-validator-set" +}, + Short: "Query for the latest validator set", +}, + { + RpcMethod: "GetValidatorSetByHeight", + Use: "validator-set-by-height [height]", + Short: "Query for a validator set by height", + PositionalArgs: []*autocliv1.PositionalArgDescriptor{{ + ProtoField: "height" +}}, +}, + { + RpcMethod: "ABCIQuery", + Skip: true, +}, +}, +} + +// NewCometBFTCommands is a fake `appmodule.Module` to be considered as a module +// and be added in AutoCLI. +func NewCometBFTCommands() *cometModule { //nolint:revive // fake module and limiting import of core + return &cometModule{ +} +} + +type cometModule struct{ +} + +func (m cometModule) + +IsOnePerModuleType() { +} + +func (m cometModule) + +IsAppModule() { +} + +func (m cometModule) + +Name() + +string { + return "comet" +} + +func (m cometModule) + +AutoCLIOptions() *autocliv1.ModuleOptions { + return &autocliv1.ModuleOptions{ + Query: CometBFTAutoCLIDescriptor, +} +} +``` + +## Summary + +`autocli` lets you generate CLI for your Cosmos SDK-based applications without any cobra boilerplate. It allows you to easily generate CLI commands and flags from your protobuf messages, and provides many options for customising the behavior of your CLI application. diff --git a/docs/sdk/next/learn/advanced/baseapp.mdx b/docs/sdk/next/learn/advanced/baseapp.mdx new file mode 100644 index 00000000..2b410511 --- /dev/null +++ b/docs/sdk/next/learn/advanced/baseapp.mdx @@ -0,0 +1,11308 @@ +--- +title: BaseApp +--- + +**Synopsis** +This document describes `BaseApp`, the abstraction that implements the core functionalities of a Cosmos SDK application. + + + +**Pre-requisite Readings** + +* [Anatomy of a Cosmos SDK application](/docs/sdk/vnext/learn/beginner/app-anatomy) +* [Lifecycle of a Cosmos SDK transaction](/docs/sdk/vnext/learn/beginner/tx-lifecycle) + + + +## Introduction + +`BaseApp` is a base type that implements the core of a Cosmos SDK application, namely: + +* The [Application Blockchain Interface](#main-abci-messages), for the state-machine to communicate with the underlying consensus engine (e.g. CometBFT). +* [Service Routers](#service-routers), to route messages and queries to the appropriate module. +* Different [states](#state-updates), as the state-machine can have different volatile states updated based on the ABCI message received. + +The goal of `BaseApp` is to provide the fundamental layer of a Cosmos SDK application +that developers can easily extend to build their own custom application. Usually, +developers will create a custom type for their application, like so: + +```go +type App struct { + // reference to a BaseApp + *baseapp.BaseApp + + // list of application store keys + + // list of application keepers + + // module manager +} +``` + +Extending the application with `BaseApp` gives the former access to all of `BaseApp`'s methods. +This allows developers to compose their custom application with the modules they want, while not +having to concern themselves with the hard work of implementing the ABCI, the service routers and state +management logic. + +## Type Definition + +The `BaseApp` type holds many important parameters for any Cosmos SDK based application. + +```go expandable +package baseapp + +import ( + + "context" + "fmt" + "maps" + "math" + "slices" + "strconv" + "sync" + "github.com/cockroachdb/errors" + abci "github.com/cometbft/cometbft/abci/types" + "github.com/cometbft/cometbft/crypto/tmhash" + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + dbm "github.com/cosmos/cosmos-db" + "github.com/cosmos/gogoproto/proto" + protov2 "google.golang.org/protobuf/proto" + "cosmossdk.io/core/header" + errorsmod "cosmossdk.io/errors" + "cosmossdk.io/log" + "cosmossdk.io/store" + storemetrics "cosmossdk.io/store/metrics" + "cosmossdk.io/store/snapshots" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/baseapp/oe" + "github.com/cosmos/cosmos-sdk/codec" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + servertypes "github.com/cosmos/cosmos-sdk/server/types" + "github.com/cosmos/cosmos-sdk/telemetry" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/cosmos/cosmos-sdk/types/mempool" + "github.com/cosmos/cosmos-sdk/types/msgservice" +) + +type ( + execMode uint8 + + // StoreLoader defines a customizable function to control how we load the + // CommitMultiStore from disk. This is useful for state migration, when + // loading a datastore written with an older version of the software. In + // particular, if a module changed the substore key name (or removed a substore) + // between two versions of the software. + StoreLoader func(ms storetypes.CommitMultiStore) + +error +) + +const ( + execModeCheck execMode = iota // Check a transaction + execModeReCheck // Recheck a (pending) + +transaction after a commit + execModeSimulate // Simulate a transaction + execModePrepareProposal // Prepare a block proposal + execModeProcessProposal // Process a block proposal + execModeVoteExtension // Extend or verify a pre-commit vote + execModeVerifyVoteExtension // Verify a vote extension + execModeFinalize // Finalize a block proposal +) + +var _ servertypes.ABCI = (*BaseApp)(nil) + +// BaseApp reflects the ABCI application implementation. +type BaseApp struct { + // initialized on creation + mu sync.Mutex // mu protects the fields below. + logger log.Logger + name string // application name from abci.BlockInfo + db dbm.DB // common DB backend + cms storetypes.CommitMultiStore // Main (uncached) + +state + qms storetypes.MultiStore // Optional alternative multistore for querying only. + storeLoader StoreLoader // function to handle store loading, may be overridden with SetStoreLoader() + +grpcQueryRouter *GRPCQueryRouter // router for redirecting gRPC query calls + msgServiceRouter *MsgServiceRouter // router for redirecting Msg service messages + interfaceRegistry codectypes.InterfaceRegistry + txDecoder sdk.TxDecoder // unmarshal []byte into sdk.Tx + txEncoder sdk.TxEncoder // marshal sdk.Tx into []byte + + mempool mempool.Mempool // application side mempool + anteHandler sdk.AnteHandler // ante handler for fee and auth + postHandler sdk.PostHandler // post handler, optional + + checkTxHandler sdk.CheckTxHandler // ABCI CheckTx handler + initChainer sdk.InitChainer // ABCI InitChain handler + preBlocker sdk.PreBlocker // logic to run before BeginBlocker + beginBlocker sdk.BeginBlocker // (legacy ABCI) + +BeginBlock handler + endBlocker sdk.EndBlocker // (legacy ABCI) + +EndBlock handler + processProposal sdk.ProcessProposalHandler // ABCI ProcessProposal handler + prepareProposal sdk.PrepareProposalHandler // ABCI PrepareProposal + extendVote sdk.ExtendVoteHandler // ABCI ExtendVote handler + verifyVoteExt sdk.VerifyVoteExtensionHandler // ABCI VerifyVoteExtension handler + prepareCheckStater sdk.PrepareCheckStater // logic to run during commit using the checkState + precommiter sdk.Precommiter // logic to run during commit using the deliverState + + addrPeerFilter sdk.PeerFilter // filter peers by address and port + idPeerFilter sdk.PeerFilter // filter peers by node ID + fauxMerkleMode bool // if true, IAVL MountStores uses MountStoresDB for simulation speed. + sigverifyTx bool // in the simulation test, since the account does not have a private key, we have to ignore the tx sigverify. + + // manages snapshots, i.e. dumps of app state at certain intervals + snapshotManager *snapshots.Manager + + // volatile states: + // + // - checkState is set on InitChain and reset on Commit + // - finalizeBlockState is set on InitChain and FinalizeBlock and set to nil + // on Commit. + // + // - checkState: Used for CheckTx, which is set based on the previous block's + // state. This state is never committed. + // + // - prepareProposalState: Used for PrepareProposal, which is set based on the + // previous block's state. This state is never committed. In case of multiple + // consensus rounds, the state is always reset to the previous block's state. + // + // - processProposalState: Used for ProcessProposal, which is set based on the + // the previous block's state. This state is never committed. In case of + // multiple rounds, the state is always reset to the previous block's state. + // + // - finalizeBlockState: Used for FinalizeBlock, which is set based on the + // previous block's state. This state is committed. + checkState *state + prepareProposalState *state + processProposalState *state + finalizeBlockState *state + + // An inter-block write-through cache provided to the context during the ABCI + // FinalizeBlock call. + interBlockCache storetypes.MultiStorePersistentCache + + // paramStore is used to query for ABCI consensus parameters from an + // application parameter store. + paramStore ParamStore + + // queryGasLimit defines the maximum gas for queries; unbounded if 0. + queryGasLimit uint64 + + // The minimum gas prices a validator is willing to accept for processing a + // transaction. This is mainly used for DoS and spam prevention. + minGasPrices sdk.DecCoins + + // initialHeight is the initial height at which we start the BaseApp + initialHeight int64 + + // flag for sealing options and parameters to a BaseApp + sealed bool + + // block height at which to halt the chain and gracefully shutdown + haltHeight uint64 + + // minimum block time (in Unix seconds) + +at which to halt the chain and gracefully shutdown + haltTime uint64 + + // minRetainBlocks defines the minimum block height offset from the current + // block being committed, such that all blocks past this offset are pruned + // from CometBFT. It is used as part of the process of determining the + // ResponseCommit.RetainHeight value during ABCI Commit. A value of 0 indicates + // that no blocks should be pruned. + // + // Note: CometBFT block pruning is dependant on this parameter in conjunction + // with the unbonding (safety threshold) + +period, state pruning and state sync + // snapshot parameters to determine the correct minimum value of + // ResponseCommit.RetainHeight. + minRetainBlocks uint64 + + // application's version string + version string + + // application's protocol version that increments on every upgrade + // if BaseApp is passed to the upgrade keeper's NewKeeper method. + appVersion uint64 + + // recovery handler for app.runTx method + runTxRecoveryMiddleware recoveryMiddleware + + // trace set will return full stack traces for errors in ABCI Log field + trace bool + + // indexEvents defines the set of events in the form { + eventType +}.{ + attributeKey +}, + // which informs CometBFT what to index. If empty, all events will be indexed. + indexEvents map[string]struct{ +} + + // streamingManager for managing instances and configuration of ABCIListener services + streamingManager storetypes.StreamingManager + + chainID string + + cdc codec.Codec + + // optimisticExec contains the context required for Optimistic Execution, + // including the goroutine handling.This is experimental and must be enabled + // by developers. + optimisticExec *oe.OptimisticExecution + + // disableBlockGasMeter will disable the block gas meter if true, block gas meter is tricky to support + // when executing transactions in parallel. + // when disabled, the block gas meter in context is a noop one. + // + // SAFETY: it's safe to do if validators validate the total gas wanted in the `ProcessProposal`, which is the case in the default handler. + disableBlockGasMeter bool +} + +// NewBaseApp returns a reference to an initialized BaseApp. It accepts a +// variadic number of option functions, which act on the BaseApp to set +// configuration choices. +func NewBaseApp( + name string, logger log.Logger, db dbm.DB, txDecoder sdk.TxDecoder, options ...func(*BaseApp), +) *BaseApp { + app := &BaseApp{ + logger: logger.With(log.ModuleKey, "baseapp"), + name: name, + db: db, + cms: store.NewCommitMultiStore(db, logger, storemetrics.NewNoOpMetrics()), // by default we use a no-op metric gather in store + storeLoader: DefaultStoreLoader, + grpcQueryRouter: NewGRPCQueryRouter(), + msgServiceRouter: NewMsgServiceRouter(), + txDecoder: txDecoder, + fauxMerkleMode: false, + sigverifyTx: true, + queryGasLimit: math.MaxUint64, +} + for _, option := range options { + option(app) +} + if app.mempool == nil { + app.SetMempool(mempool.NoOpMempool{ +}) +} + abciProposalHandler := NewDefaultProposalHandler(app.mempool, app) + if app.prepareProposal == nil { + app.SetPrepareProposal(abciProposalHandler.PrepareProposalHandler()) +} + if app.processProposal == nil { + app.SetProcessProposal(abciProposalHandler.ProcessProposalHandler()) +} + if app.extendVote == nil { + app.SetExtendVoteHandler(NoOpExtendVote()) +} + if app.verifyVoteExt == nil { + app.SetVerifyVoteExtensionHandler(NoOpVerifyVoteExtensionHandler()) +} + if app.interBlockCache != nil { + app.cms.SetInterBlockCache(app.interBlockCache) +} + +app.runTxRecoveryMiddleware = newDefaultRecoveryMiddleware() + + // Initialize with an empty interface registry to avoid nil pointer dereference. + // Unless SetInterfaceRegistry is called with an interface registry with proper address codecs baseapp will panic. + app.cdc = codec.NewProtoCodec(codectypes.NewInterfaceRegistry()) + +protoFiles, err := proto.MergedRegistry() + if err != nil { + logger.Warn("error creating merged proto registry", "error", err) +} + +else { + err = msgservice.ValidateProtoAnnotations(protoFiles) + if err != nil { + // Once we switch to using protoreflect-based antehandlers, we might + // want to panic here instead of logging a warning. + logger.Warn("error validating merged proto registry annotations", "error", err) +} + +} + +return app +} + +// Name returns the name of the BaseApp. +func (app *BaseApp) + +Name() + +string { + return app.name +} + +// AppVersion returns the application's protocol version. +func (app *BaseApp) + +AppVersion() + +uint64 { + return app.appVersion +} + +// Version returns the application's version string. +func (app *BaseApp) + +Version() + +string { + return app.version +} + +// Logger returns the logger of the BaseApp. +func (app *BaseApp) + +Logger() + +log.Logger { + return app.logger +} + +// Trace returns the boolean value for logging error stack traces. +func (app *BaseApp) + +Trace() + +bool { + return app.trace +} + +// MsgServiceRouter returns the MsgServiceRouter of a BaseApp. +func (app *BaseApp) + +MsgServiceRouter() *MsgServiceRouter { + return app.msgServiceRouter +} + +// GRPCQueryRouter returns the GRPCQueryRouter of a BaseApp. +func (app *BaseApp) + +GRPCQueryRouter() *GRPCQueryRouter { + return app.grpcQueryRouter +} + +// MountStores mounts all IAVL or DB stores to the provided keys in the BaseApp +// multistore. +func (app *BaseApp) + +MountStores(keys ...storetypes.StoreKey) { + for _, key := range keys { + switch key.(type) { + case *storetypes.KVStoreKey: + if !app.fauxMerkleMode { + app.MountStore(key, storetypes.StoreTypeIAVL) +} + +else { + // StoreTypeDB doesn't do anything upon commit, and it doesn't + // retain history, but it's useful for faster simulation. + app.MountStore(key, storetypes.StoreTypeDB) +} + case *storetypes.TransientStoreKey: + app.MountStore(key, storetypes.StoreTypeTransient) + case *storetypes.MemoryStoreKey: + app.MountStore(key, storetypes.StoreTypeMemory) + +default: + panic(fmt.Sprintf("Unrecognized store key type :%T", key)) +} + +} +} + +// MountKVStores mounts all IAVL or DB stores to the provided keys in the +// BaseApp multistore. +func (app *BaseApp) + +MountKVStores(keys map[string]*storetypes.KVStoreKey) { + for _, key := range keys { + if !app.fauxMerkleMode { + app.MountStore(key, storetypes.StoreTypeIAVL) +} + +else { + // StoreTypeDB doesn't do anything upon commit, and it doesn't + // retain history, but it's useful for faster simulation. + app.MountStore(key, storetypes.StoreTypeDB) +} + +} +} + +// MountTransientStores mounts all transient stores to the provided keys in +// the BaseApp multistore. +func (app *BaseApp) + +MountTransientStores(keys map[string]*storetypes.TransientStoreKey) { + for _, key := range keys { + app.MountStore(key, storetypes.StoreTypeTransient) +} +} + +// MountMemoryStores mounts all in-memory KVStores with the BaseApp's internal +// commit multi-store. +func (app *BaseApp) + +MountMemoryStores(keys map[string]*storetypes.MemoryStoreKey) { + skeys := slices.Sorted(maps.Keys(keys)) + for _, key := range skeys { + memKey := keys[key] + app.MountStore(memKey, storetypes.StoreTypeMemory) +} +} + +// MountStore mounts a store to the provided key in the BaseApp multistore, +// using the default DB. +func (app *BaseApp) + +MountStore(key storetypes.StoreKey, typ storetypes.StoreType) { + app.cms.MountStoreWithDB(key, typ, nil) +} + +// LoadLatestVersion loads the latest application version. It will panic if +// called more than once on a running BaseApp. +func (app *BaseApp) + +LoadLatestVersion() + +error { + err := app.storeLoader(app.cms) + if err != nil { + return fmt.Errorf("failed to load latest version: %w", err) +} + +return app.Init() +} + +// DefaultStoreLoader will be used by default and loads the latest version +func DefaultStoreLoader(ms storetypes.CommitMultiStore) + +error { + return ms.LoadLatestVersion() +} + +// CommitMultiStore returns the root multi-store. +// App constructor can use this to access the `cms`. +// UNSAFE: must not be used during the abci life cycle. +func (app *BaseApp) + +CommitMultiStore() + +storetypes.CommitMultiStore { + return app.cms +} + +// SnapshotManager returns the snapshot manager. +// application use this to register extra extension snapshotters. +func (app *BaseApp) + +SnapshotManager() *snapshots.Manager { + return app.snapshotManager +} + +// LoadVersion loads the BaseApp application version. It will panic if called +// more than once on a running baseapp. +func (app *BaseApp) + +LoadVersion(version int64) + +error { + app.logger.Info("NOTICE: this could take a long time to migrate IAVL store to fastnode if you enable Fast Node.\n") + err := app.cms.LoadVersion(version) + if err != nil { + return fmt.Errorf("failed to load version %d: %w", version, err) +} + +return app.Init() +} + +// LastCommitID returns the last CommitID of the multistore. +func (app *BaseApp) + +LastCommitID() + +storetypes.CommitID { + return app.cms.LastCommitID() +} + +// LastBlockHeight returns the last committed block height. +func (app *BaseApp) + +LastBlockHeight() + +int64 { + return app.cms.LastCommitID().Version +} + +// ChainID returns the chainID of the app. +func (app *BaseApp) + +ChainID() + +string { + return app.chainID +} + +// AnteHandler returns the AnteHandler of the app. +func (app *BaseApp) + +AnteHandler() + +sdk.AnteHandler { + return app.anteHandler +} + +// Mempool returns the Mempool of the app. +func (app *BaseApp) + +Mempool() + +mempool.Mempool { + return app.mempool +} + +// Init initializes the app. It seals the app, preventing any +// further modifications. In addition, it validates the app against +// the earlier provided settings. Returns an error if validation fails. +// nil otherwise. Panics if the app is already sealed. +func (app *BaseApp) + +Init() + +error { + if app.sealed { + panic("cannot call initFromMainStore: baseapp already sealed") +} + if app.cms == nil { + return errors.New("commit multi-store must not be nil") +} + emptyHeader := cmtproto.Header{ + ChainID: app.chainID +} + + // needed for the export command which inits from store but never calls initchain + app.setState(execModeCheck, emptyHeader) + +app.Seal() + +return app.cms.GetPruning().Validate() +} + +func (app *BaseApp) + +setMinGasPrices(gasPrices sdk.DecCoins) { + app.minGasPrices = gasPrices +} + +func (app *BaseApp) + +setHaltHeight(haltHeight uint64) { + app.haltHeight = haltHeight +} + +func (app *BaseApp) + +setHaltTime(haltTime uint64) { + app.haltTime = haltTime +} + +func (app *BaseApp) + +setMinRetainBlocks(minRetainBlocks uint64) { + app.minRetainBlocks = minRetainBlocks +} + +func (app *BaseApp) + +setInterBlockCache(cache storetypes.MultiStorePersistentCache) { + app.interBlockCache = cache +} + +func (app *BaseApp) + +setTrace(trace bool) { + app.trace = trace +} + +func (app *BaseApp) + +setIndexEvents(ie []string) { + app.indexEvents = make(map[string]struct{ +}) + for _, e := range ie { + app.indexEvents[e] = struct{ +}{ +} + +} +} + +// Seal seals a BaseApp. It prohibits any further modifications to a BaseApp. +func (app *BaseApp) + +Seal() { + app.sealed = true +} + +// IsSealed returns true if the BaseApp is sealed and false otherwise. +func (app *BaseApp) + +IsSealed() + +bool { + return app.sealed +} + +// setState sets the BaseApp's state for the corresponding mode with a branched +// multi-store (i.e. a CacheMultiStore) + +and a new Context with the same +// multi-store branch, and provided header. +func (app *BaseApp) + +setState(mode execMode, h cmtproto.Header) { + ms := app.cms.CacheMultiStore() + headerInfo := header.Info{ + Height: h.Height, + Time: h.Time, + ChainID: h.ChainID, + AppHash: h.AppHash, +} + baseState := &state{ + ms: ms, + ctx: sdk.NewContext(ms, h, false, app.logger). + WithStreamingManager(app.streamingManager). + WithHeaderInfo(headerInfo), +} + switch mode { + case execModeCheck: + baseState.SetContext(baseState.Context().WithIsCheckTx(true).WithMinGasPrices(app.minGasPrices)) + +app.checkState = baseState + case execModePrepareProposal: + app.prepareProposalState = baseState + case execModeProcessProposal: + app.processProposalState = baseState + case execModeFinalize: + app.finalizeBlockState = baseState + + default: + panic(fmt.Sprintf("invalid runTxMode for setState: %d", mode)) +} +} + +// SetCircuitBreaker sets the circuit breaker for the BaseApp. +// The circuit breaker is checked on every message execution to verify if a transaction should be executed or not. +func (app *BaseApp) + +SetCircuitBreaker(cb CircuitBreaker) { + if app.msgServiceRouter == nil { + panic("cannot set circuit breaker with no msg service router set") +} + +app.msgServiceRouter.SetCircuit(cb) +} + +// GetConsensusParams returns the current consensus parameters from the BaseApp's +// ParamStore. If the BaseApp has no ParamStore defined, nil is returned. +func (app *BaseApp) + +GetConsensusParams(ctx sdk.Context) + +cmtproto.ConsensusParams { + if app.paramStore == nil { + return cmtproto.ConsensusParams{ +} + +} + +cp, err := app.paramStore.Get(ctx) + if err != nil { + // This could happen while migrating from v0.45/v0.46 to v0.50, we should + // allow it to happen so during preblock the upgrade plan can be executed + // and the consensus params set for the first time in the new format. + app.logger.Error("failed to get consensus params", "err", err) + +return cmtproto.ConsensusParams{ +} + +} + +return cp +} + +// StoreConsensusParams sets the consensus parameters to the BaseApp's param +// store. +// +// NOTE: We're explicitly not storing the CometBFT app_version in the param store. +// It's stored instead in the x/upgrade store, with its own bump logic. +func (app *BaseApp) + +StoreConsensusParams(ctx sdk.Context, cp cmtproto.ConsensusParams) + +error { + if app.paramStore == nil { + return errors.New("cannot store consensus params with no params store set") +} + +return app.paramStore.Set(ctx, cp) +} + +// AddRunTxRecoveryHandler adds custom app.runTx method panic handlers. +func (app *BaseApp) + +AddRunTxRecoveryHandler(handlers ...RecoveryHandler) { + for _, h := range handlers { + app.runTxRecoveryMiddleware = newRecoveryMiddleware(h, app.runTxRecoveryMiddleware) +} +} + +// GetMaximumBlockGas gets the maximum gas from the consensus params. It panics +// if maximum block gas is less than negative one and returns zero if negative +// one. +func (app *BaseApp) + +GetMaximumBlockGas(ctx sdk.Context) + +uint64 { + cp := app.GetConsensusParams(ctx) + if cp.Block == nil { + return 0 +} + maxGas := cp.Block.MaxGas + switch { + case maxGas < -1: + panic(fmt.Sprintf("invalid maximum block gas: %d", maxGas)) + case maxGas == -1: + return 0 + + default: + return uint64(maxGas) +} +} + +func (app *BaseApp) + +validateFinalizeBlockHeight(req *abci.RequestFinalizeBlock) + +error { + if req.Height < 1 { + return fmt.Errorf("invalid height: %d", req.Height) +} + lastBlockHeight := app.LastBlockHeight() + + // expectedHeight holds the expected height to validate + var expectedHeight int64 + if lastBlockHeight == 0 && app.initialHeight > 1 { + // In this case, we're validating the first block of the chain, i.e no + // previous commit. The height we're expecting is the initial height. + expectedHeight = app.initialHeight +} + +else { + // This case can mean two things: + // + // - Either there was already a previous commit in the store, in which + // case we increment the version from there. + // - Or there was no previous commit, in which case we start at version 1. + expectedHeight = lastBlockHeight + 1 +} + if req.Height != expectedHeight { + return fmt.Errorf("invalid height: %d; expected: %d", req.Height, expectedHeight) +} + +return nil +} + +// validateBasicTxMsgs executes basic validator calls for messages. +func validateBasicTxMsgs(msgs []sdk.Msg) + +error { + if len(msgs) == 0 { + return errorsmod.Wrap(sdkerrors.ErrInvalidRequest, "must contain at least one message") +} + for _, msg := range msgs { + m, ok := msg.(sdk.HasValidateBasic) + if !ok { + continue +} + if err := m.ValidateBasic(); err != nil { + return err +} + +} + +return nil +} + +func (app *BaseApp) + +getState(mode execMode) *state { + switch mode { + case execModeFinalize: + return app.finalizeBlockState + case execModePrepareProposal: + return app.prepareProposalState + case execModeProcessProposal: + return app.processProposalState + + default: + return app.checkState +} +} + +func (app *BaseApp) + +getBlockGasMeter(ctx sdk.Context) + +storetypes.GasMeter { + if app.disableBlockGasMeter { + return noopGasMeter{ +} + +} + if maxGas := app.GetMaximumBlockGas(ctx); maxGas > 0 { + return storetypes.NewGasMeter(maxGas) +} + +return storetypes.NewInfiniteGasMeter() +} + +// retrieve the context for the tx w/ txBytes and other memoized values. +func (app *BaseApp) + +getContextForTx(mode execMode, txBytes []byte) + +sdk.Context { + app.mu.Lock() + +defer app.mu.Unlock() + modeState := app.getState(mode) + if modeState == nil { + panic(fmt.Sprintf("state is nil for mode %v", mode)) +} + ctx := modeState.Context(). + WithTxBytes(txBytes). + WithGasMeter(storetypes.NewInfiniteGasMeter()) + // WithVoteInfos(app.voteInfos) // TODO: identify if this is needed + + ctx = ctx.WithIsSigverifyTx(app.sigverifyTx) + +ctx = ctx.WithConsensusParams(app.GetConsensusParams(ctx)) + if mode == execModeReCheck { + ctx = ctx.WithIsReCheckTx(true) +} + if mode == execModeSimulate { + ctx, _ = ctx.CacheContext() + +ctx = ctx.WithExecMode(sdk.ExecMode(execModeSimulate)) +} + +return ctx +} + +// cacheTxContext returns a new context based off of the provided context with +// a branched multi-store. +func (app *BaseApp) + +cacheTxContext(ctx sdk.Context, txBytes []byte) (sdk.Context, storetypes.CacheMultiStore) { + ms := ctx.MultiStore() + msCache := ms.CacheMultiStore() + if msCache.TracingEnabled() { + msCache = msCache.SetTracingContext( + storetypes.TraceContext( + map[string]any{ + "txHash": fmt.Sprintf("%X", tmhash.Sum(txBytes)), +}, + ), + ).(storetypes.CacheMultiStore) +} + +return ctx.WithMultiStore(msCache), msCache +} + +func (app *BaseApp) + +preBlock(req *abci.RequestFinalizeBlock) ([]abci.Event, error) { + var events []abci.Event + if app.preBlocker != nil { + ctx := app.finalizeBlockState.Context().WithEventManager(sdk.NewEventManager()) + +rsp, err := app.preBlocker(ctx, req) + if err != nil { + return nil, err +} + // rsp.ConsensusParamsChanged is true from preBlocker means ConsensusParams in store get changed + // write the consensus parameters in store to context + if rsp.ConsensusParamsChanged { + ctx = ctx.WithConsensusParams(app.GetConsensusParams(ctx)) + // GasMeter must be set after we get a context with updated consensus params. + gasMeter := app.getBlockGasMeter(ctx) + +ctx = ctx.WithBlockGasMeter(gasMeter) + +app.finalizeBlockState.SetContext(ctx) +} + +events = ctx.EventManager().ABCIEvents() +} + +return events, nil +} + +func (app *BaseApp) + +beginBlock(_ *abci.RequestFinalizeBlock) (sdk.BeginBlock, error) { + var ( + resp sdk.BeginBlock + err error + ) + if app.beginBlocker != nil { + resp, err = app.beginBlocker(app.finalizeBlockState.Context()) + if err != nil { + return resp, err +} + + // append BeginBlock attributes to all events in the EndBlock response + for i, event := range resp.Events { + resp.Events[i].Attributes = append( + event.Attributes, + abci.EventAttribute{ + Key: "mode", + Value: "BeginBlock" +}, + ) +} + +resp.Events = sdk.MarkEventsToIndex(resp.Events, app.indexEvents) +} + +return resp, nil +} + +func (app *BaseApp) + +deliverTx(tx []byte) *abci.ExecTxResult { + gInfo := sdk.GasInfo{ +} + resultStr := "successful" + + var resp *abci.ExecTxResult + + defer func() { + telemetry.IncrCounter(1, "tx", "count") + +telemetry.IncrCounter(1, "tx", resultStr) + +telemetry.SetGauge(float32(gInfo.GasUsed), "tx", "gas", "used") + +telemetry.SetGauge(float32(gInfo.GasWanted), "tx", "gas", "wanted") +}() + +gInfo, result, anteEvents, err := app.runTx(execModeFinalize, tx, nil) + if err != nil { + resultStr = "failed" + resp = sdkerrors.ResponseExecTxResultWithEvents( + err, + gInfo.GasWanted, + gInfo.GasUsed, + sdk.MarkEventsToIndex(anteEvents, app.indexEvents), + app.trace, + ) + +return resp +} + +resp = &abci.ExecTxResult{ + GasWanted: int64(gInfo.GasWanted), + GasUsed: int64(gInfo.GasUsed), + Log: result.Log, + Data: result.Data, + Events: sdk.MarkEventsToIndex(result.Events, app.indexEvents), +} + +return resp +} + +// endBlock is an application-defined function that is called after transactions +// have been processed in FinalizeBlock. +func (app *BaseApp) + +endBlock(_ context.Context) (sdk.EndBlock, error) { + var endblock sdk.EndBlock + if app.endBlocker != nil { + eb, err := app.endBlocker(app.finalizeBlockState.Context()) + if err != nil { + return endblock, err +} + + // append EndBlock attributes to all events in the EndBlock response + for i, event := range eb.Events { + eb.Events[i].Attributes = append( + event.Attributes, + abci.EventAttribute{ + Key: "mode", + Value: "EndBlock" +}, + ) +} + +eb.Events = sdk.MarkEventsToIndex(eb.Events, app.indexEvents) + +endblock = eb +} + +return endblock, nil +} + +// runTx processes a transaction within a given execution mode, encoded transaction +// bytes, and the decoded transaction itself. All state transitions occur through +// a cached Context depending on the mode provided. State only gets persisted +// if all messages get executed successfully and the execution mode is DeliverTx. +// Note, gas execution info is always returned. A reference to a Result is +// returned if the tx does not run out of gas and if all the messages are valid +// and execute successfully. An error is returned otherwise. +// both txbytes and the decoded tx are passed to runTx to avoid the state machine encoding the tx and decoding the transaction twice +// passing the decoded tx to runTX is optional, it will be decoded if the tx is nil +func (app *BaseApp) + +runTx(mode execMode, txBytes []byte, tx sdk.Tx) (gInfo sdk.GasInfo, result *sdk.Result, anteEvents []abci.Event, err error) { + // NOTE: GasWanted should be returned by the AnteHandler. GasUsed is + // determined by the GasMeter. We need access to the context to get the gas + // meter, so we initialize upfront. + var gasWanted uint64 + ctx := app.getContextForTx(mode, txBytes) + ms := ctx.MultiStore() + + // only run the tx if there is block gas remaining + if mode == execModeFinalize && ctx.BlockGasMeter().IsOutOfGas() { + return gInfo, nil, nil, errorsmod.Wrap(sdkerrors.ErrOutOfGas, "no block gas left to run tx") +} + +defer func() { + if r := recover(); r != nil { + recoveryMW := newOutOfGasRecoveryMiddleware(gasWanted, ctx, app.runTxRecoveryMiddleware) + +err, result = processRecovery(r, recoveryMW), nil + ctx.Logger().Error("panic recovered in runTx", "err", err) +} + +gInfo = sdk.GasInfo{ + GasWanted: gasWanted, + GasUsed: ctx.GasMeter().GasConsumed() +} + +}() + blockGasConsumed := false + + // consumeBlockGas makes sure block gas is consumed at most once. It must + // happen after tx processing, and must be executed even if tx processing + // fails. Hence, it's execution is deferred. + consumeBlockGas := func() { + if !blockGasConsumed { + blockGasConsumed = true + ctx.BlockGasMeter().ConsumeGas( + ctx.GasMeter().GasConsumedToLimit(), "block gas meter", + ) +} + +} + + // If BlockGasMeter() + +panics it will be caught by the above recover and will + // return an error - in any case BlockGasMeter will consume gas past the limit. + // + // NOTE: consumeBlockGas must exist in a separate defer function from the + // general deferred recovery function to recover from consumeBlockGas as it'll + // be executed first (deferred statements are executed as stack). + if mode == execModeFinalize { + defer consumeBlockGas() +} + + // if the transaction is not decoded, decode it here + if tx == nil { + tx, err = app.txDecoder(txBytes) + if err != nil { + return sdk.GasInfo{ + GasUsed: 0, + GasWanted: 0 +}, nil, nil, sdkerrors.ErrTxDecode.Wrap(err.Error()) +} + +} + msgs := tx.GetMsgs() + if err := validateBasicTxMsgs(msgs); err != nil { + return sdk.GasInfo{ +}, nil, nil, err +} + for _, msg := range msgs { + handler := app.msgServiceRouter.Handler(msg) + if handler == nil { + return sdk.GasInfo{ +}, nil, nil, errorsmod.Wrapf(sdkerrors.ErrUnknownRequest, "no message handler found for %T", msg) +} + +} + if app.anteHandler != nil { + var ( + anteCtx sdk.Context + msCache storetypes.CacheMultiStore + ) + + // Branch context before AnteHandler call in case it aborts. + // This is required for both CheckTx and DeliverTx. + // Ref: https://github.com/cosmos/cosmos-sdk/issues/2772 + // + // NOTE: Alternatively, we could require that AnteHandler ensures that + // writes do not happen if aborted/failed. This may have some + // performance benefits, but it'll be more difficult to get right. + anteCtx, msCache = app.cacheTxContext(ctx, txBytes) + +anteCtx = anteCtx.WithEventManager(sdk.NewEventManager()) + +newCtx, err := app.anteHandler(anteCtx, tx, mode == execModeSimulate) + if !newCtx.IsZero() { + // At this point, newCtx.MultiStore() + +is a store branch, or something else + // replaced by the AnteHandler. We want the original multistore. + // + // Also, in the case of the tx aborting, we need to track gas consumed via + // the instantiated gas meter in the AnteHandler, so we update the context + // prior to returning. + ctx = newCtx.WithMultiStore(ms) +} + events := ctx.EventManager().Events() + + // GasMeter expected to be set in AnteHandler + gasWanted = ctx.GasMeter().Limit() + if err != nil { + if mode == execModeReCheck { + // if the ante handler fails on recheck, we want to remove the tx from the mempool + if mempoolErr := app.mempool.Remove(tx); mempoolErr != nil { + return gInfo, nil, anteEvents, errors.Join(err, mempoolErr) +} + +} + +return gInfo, nil, nil, err +} + +msCache.Write() + +anteEvents = events.ToABCIEvents() +} + switch mode { + case execModeCheck: + err = app.mempool.Insert(ctx, tx) + if err != nil { + return gInfo, nil, anteEvents, err +} + case execModeFinalize: + err = app.mempool.Remove(tx) + if err != nil && !errors.Is(err, mempool.ErrTxNotFound) { + return gInfo, nil, anteEvents, + fmt.Errorf("failed to remove tx from mempool: %w", err) +} + +} + + // Create a new Context based off of the existing Context with a MultiStore branch + // in case message processing fails. At this point, the MultiStore + // is a branch of a branch. + runMsgCtx, msCache := app.cacheTxContext(ctx, txBytes) + + // Attempt to execute all messages and only update state if all messages pass + // and we're in DeliverTx. Note, runMsgs will never return a reference to a + // Result if any single message fails or does not have a registered Handler. + msgsV2, err := tx.GetMsgsV2() + if err == nil { + result, err = app.runMsgs(runMsgCtx, msgs, msgsV2, mode) +} + + // Run optional postHandlers (should run regardless of the execution result). + // + // Note: If the postHandler fails, we also revert the runMsgs state. + if app.postHandler != nil { + // The runMsgCtx context currently contains events emitted by the ante handler. + // We clear this to correctly order events without duplicates. + // Note that the state is still preserved. + postCtx := runMsgCtx.WithEventManager(sdk.NewEventManager()) + +newCtx, errPostHandler := app.postHandler(postCtx, tx, mode == execModeSimulate, err == nil) + if errPostHandler != nil { + if err == nil { + // when the msg was handled successfully, return the post handler error only + return gInfo, nil, anteEvents, errPostHandler +} + // otherwise append to the msg error so that we keep the original error code for better user experience + return gInfo, nil, anteEvents, errorsmod.Wrapf(err, "postHandler: %s", errPostHandler) +} + + // we don't want runTx to panic if runMsgs has failed earlier + if result == nil { + result = &sdk.Result{ +} + +} + +result.Events = append(result.Events, newCtx.EventManager().ABCIEvents()...) +} + if err == nil { + if mode == execModeFinalize { + // When block gas exceeds, it'll panic and won't commit the cached store. + consumeBlockGas() + +msCache.Write() +} + if len(anteEvents) > 0 && (mode == execModeFinalize || mode == execModeSimulate) { + // append the events in the order of occurrence + result.Events = append(anteEvents, result.Events...) +} + +} + +return gInfo, result, anteEvents, err +} + +// runMsgs iterates through a list of messages and executes them with the provided +// Context and execution mode. Messages will only be executed during simulation +// and DeliverTx. An error is returned if any single message fails or if a +// Handler does not exist for a given message route. Otherwise, a reference to a +// Result is returned. The caller must not commit state if an error is returned. +func (app *BaseApp) + +runMsgs(ctx sdk.Context, msgs []sdk.Msg, msgsV2 []protov2.Message, mode execMode) (*sdk.Result, error) { + events := sdk.EmptyEvents() + +var msgResponses []*codectypes.Any + + // NOTE: GasWanted is determined by the AnteHandler and GasUsed by the GasMeter. + for i, msg := range msgs { + if mode != execModeFinalize && mode != execModeSimulate { + break +} + handler := app.msgServiceRouter.Handler(msg) + if handler == nil { + return nil, errorsmod.Wrapf(sdkerrors.ErrUnknownRequest, "no message handler found for %T", msg) +} + + // ADR 031 request type routing + msgResult, err := handler(ctx, msg) + if err != nil { + return nil, errorsmod.Wrapf(err, "failed to execute message; message index: %d", i) +} + + // create message events + msgEvents, err := createEvents(app.cdc, msgResult.GetEvents(), msg, msgsV2[i]) + if err != nil { + return nil, errorsmod.Wrapf(err, "failed to create message events; message index: %d", i) +} + + // append message events and data + // + // Note: Each message result's data must be length-prefixed in order to + // separate each result. + for j, event := range msgEvents { + // append message index to all events + msgEvents[j] = event.AppendAttributes(sdk.NewAttribute("msg_index", strconv.Itoa(i))) +} + +events = events.AppendEvents(msgEvents) + + // Each individual sdk.Result that went through the MsgServiceRouter + // (which should represent 99% of the Msgs now, since everyone should + // be using protobuf Msgs) + +has exactly one Msg response, set inside + // `WrapServiceResult`. We take that Msg response, and aggregate it + // into an array. + if len(msgResult.MsgResponses) > 0 { + msgResponse := msgResult.MsgResponses[0] + if msgResponse == nil { + return nil, sdkerrors.ErrLogic.Wrapf("got nil Msg response at index %d for msg %s", i, sdk.MsgTypeURL(msg)) +} + +msgResponses = append(msgResponses, msgResponse) +} + + +} + +data, err := makeABCIData(msgResponses) + if err != nil { + return nil, errorsmod.Wrap(err, "failed to marshal tx data") +} + +return &sdk.Result{ + Data: data, + Events: events.ToABCIEvents(), + MsgResponses: msgResponses, +}, nil +} + +// makeABCIData generates the Data field to be sent to ABCI Check/DeliverTx. +func makeABCIData(msgResponses []*codectypes.Any) ([]byte, error) { + return proto.Marshal(&sdk.TxMsgData{ + MsgResponses: msgResponses +}) +} + +func createEvents(cdc codec.Codec, events sdk.Events, msg sdk.Msg, msgV2 protov2.Message) (sdk.Events, error) { + eventMsgName := sdk.MsgTypeURL(msg) + msgEvent := sdk.NewEvent(sdk.EventTypeMessage, sdk.NewAttribute(sdk.AttributeKeyAction, eventMsgName)) + + // we set the signer attribute as the sender + signers, err := cdc.GetMsgV2Signers(msgV2) + if err != nil { + return nil, err +} + if len(signers) > 0 && signers[0] != nil { + addrStr, err := cdc.InterfaceRegistry().SigningContext().AddressCodec().BytesToString(signers[0]) + if err != nil { + return nil, err +} + +msgEvent = msgEvent.AppendAttributes(sdk.NewAttribute(sdk.AttributeKeySender, addrStr)) +} + + // verify that events have no module attribute set + if _, found := events.GetAttributes(sdk.AttributeKeyModule); !found { + if moduleName := sdk.GetModuleNameFromTypeURL(eventMsgName); moduleName != "" { + msgEvent = msgEvent.AppendAttributes(sdk.NewAttribute(sdk.AttributeKeyModule, moduleName)) +} + +} + +return sdk.Events{ + msgEvent +}.AppendEvents(events), nil +} + +// PrepareProposalVerifyTx performs transaction verification when a proposer is +// creating a block proposal during PrepareProposal. Any state committed to the +// PrepareProposal state internally will be discarded. will be +// returned if the transaction cannot be encoded. will be returned if +// the transaction is valid, otherwise will be returned. +func (app *BaseApp) + +PrepareProposalVerifyTx(tx sdk.Tx) ([]byte, error) { + bz, err := app.txEncoder(tx) + if err != nil { + return nil, err +} + + _, _, _, err = app.runTx(execModePrepareProposal, bz, tx) + if err != nil { + return nil, err +} + +return bz, nil +} + +// ProcessProposalVerifyTx performs transaction verification when receiving a +// block proposal during ProcessProposal. Any state committed to the +// ProcessProposal state internally will be discarded. will be +// returned if the transaction cannot be decoded. will be returned if +// the transaction is valid, otherwise will be returned. +func (app *BaseApp) + +ProcessProposalVerifyTx(txBz []byte) (sdk.Tx, error) { + tx, err := app.txDecoder(txBz) + if err != nil { + return nil, err +} + + _, _, _, err = app.runTx(execModeProcessProposal, txBz, tx) + if err != nil { + return nil, err +} + +return tx, nil +} + +func (app *BaseApp) + +TxDecode(txBytes []byte) (sdk.Tx, error) { + return app.txDecoder(txBytes) +} + +func (app *BaseApp) + +TxEncode(tx sdk.Tx) ([]byte, error) { + return app.txEncoder(tx) +} + +func (app *BaseApp) + +StreamingManager() + +storetypes.StreamingManager { + return app.streamingManager +} + +// Close is called in start cmd to gracefully cleanup resources. +func (app *BaseApp) + +Close() + +error { + var errs []error + + // Close app.db (opened by cosmos-sdk/server/start.go call to openDB) + if app.db != nil { + app.logger.Info("Closing application.db") + if err := app.db.Close(); err != nil { + errs = append(errs, err) +} + +} + + // Close app.snapshotManager + // - opened when app chains use cosmos-sdk/server/util.go/DefaultBaseappOptions (boilerplate) + // - which calls cosmos-sdk/server/util.go/GetSnapshotStore + // - which is passed to baseapp/options.go/SetSnapshot + // - to set app.snapshotManager = snapshots.NewManager + if app.snapshotManager != nil { + app.logger.Info("Closing snapshots/metadata.db") + if err := app.snapshotManager.Close(); err != nil { + errs = append(errs, err) +} + +} + +return errors.Join(errs...) +} + +// GetBaseApp returns the pointer to itself. +func (app *BaseApp) + +GetBaseApp() *BaseApp { + return app +} +``` + +Let us go through the most important components. + +> **Note**: Not all parameters are described, only the most important ones. Refer to the +> type definition for the full list. + +First, the important parameters that are initialized during the bootstrapping of the application: + +* [`CommitMultiStore`](/docs/sdk/vnext/learn/advanced/store#commitmultistore): This is the main store of the application, + which holds the canonical state that is committed at the [end of each block](#commit). This store + is **not** cached, meaning it is not used to update the application's volatile (un-committed) states. + The `CommitMultiStore` is a multi-store, meaning a store of stores. Each module of the application + uses one or multiple `KVStores` in the multi-store to persist their subset of the state. +* Database: The `db` is used by the `CommitMultiStore` to handle data persistence. +* [`Msg` Service Router](#msg-service-router): The `msgServiceRouter` facilitates the routing of `sdk.Msg` requests to the appropriate + module `Msg` service for processing. Here a `sdk.Msg` refers to the transaction component that needs to be + processed by a service in order to update the application state, and not to ABCI message which implements + the interface between the application and the underlying consensus engine. +* [gRPC Query Router](#grpc-query-router): The `grpcQueryRouter` facilitates the routing of gRPC queries to the + appropriate module for it to be processed. These queries are not ABCI messages themselves, but they + are relayed to the relevant module's gRPC `Query` service. +* [`TxDecoder`](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/types#TxDecoder): It is used to decode + raw transaction bytes relayed by the underlying CometBFT engine. +* [`AnteHandler`](#antehandler): This handler is used to handle signature verification, fee payment, + and other pre-message execution checks when a transaction is received. It's executed during + [`CheckTx/RecheckTx`](#checktx) and [`FinalizeBlock`](#finalizeblock). +* [`InitChainer`](/docs/sdk/vnext/learn/beginner/app-anatomy#initchainer), [`PreBlocker`](/docs/sdk/vnext/learn/beginner/app-anatomy#preblocker), [`BeginBlocker` and `EndBlocker`](/docs/sdk/vnext/learn/beginner/app-anatomy#beginblocker-and-endblocker): These are + the functions executed when the application receives the `InitChain` and `FinalizeBlock` + ABCI messages from the underlying CometBFT engine. + +Then, parameters used to define [volatile states](#state-updates) (i.e. cached states): + +* `checkState`: This state is updated during [`CheckTx`](#checktx), and reset on [`Commit`](#commit). +* `finalizeBlockState`: This state is updated during [`FinalizeBlock`](#finalizeblock), and set to `nil` on + [`Commit`](#commit) and gets re-initialized on `FinalizeBlock`. +* `processProposalState`: This state is updated during [`ProcessProposal`](#process-proposal). +* `prepareProposalState`: This state is updated during [`PrepareProposal`](#prepare-proposal). + +Finally, a few more important parameters: + +* `voteInfos`: This parameter carries the list of validators whose precommit is missing, either + because they did not vote or because the proposer did not include their vote. This information is + carried by the [Context](/docs/sdk/vnext/learn/advanced/context) and can be used by the application for various things like + punishing absent validators. +* `minGasPrices`: This parameter defines the minimum gas prices accepted by the node. This is a + **local** parameter, meaning each full-node can set a different `minGasPrices`. It is used in the + `AnteHandler` during [`CheckTx`](#checktx), mainly as a spam protection mechanism. The transaction + enters the [mempool](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#mempool-methods) + only if the gas prices of the transaction are greater than one of the minimum gas price in + `minGasPrices` (e.g. if `minGasPrices == 1uatom,1photon`, the `gas-price` of the transaction must be + greater than `1uatom` OR `1photon`). +* `appVersion`: Version of the application. It is set in the + [application's constructor function](/docs/sdk/vnext/learn/beginner/app-anatomy#constructor-function). + +## Constructor + +```go +func NewBaseApp( + name string, logger log.Logger, db dbm.DB, txDecoder sdk.TxDecoder, options ...func(*BaseApp), +) *BaseApp { + + // ... +} +``` + +The `BaseApp` constructor function is pretty straightforward. The only thing worth noting is the +possibility to provide additional [`options`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/options.go) +to the `BaseApp`, which will execute them in order. The `options` are generally `setter` functions +for important parameters, like `SetPruning()` to set pruning options or `SetMinGasPrices()` to set +the node's `min-gas-prices`. + +Naturally, developers can add additional `options` based on their application's needs. + +## State Updates + +The `BaseApp` maintains four primary volatile states and a root or main state. The main state +is the canonical state of the application and the volatile states, `checkState`, `prepareProposalState`, `processProposalState` and `finalizeBlockState` +are used to handle state transitions in-between the main state made during [`Commit`](#commit). + +Internally, there is only a single `CommitMultiStore` which we refer to as the main or root state. +From this root state, we derive four volatile states by using a mechanism called *store branching* (performed by `CacheWrap` function). +The types can be illustrated as follows: + +![Types](../../../images/learn/advanced/baseapp_state.png) + +### InitChain State Updates + +During `InitChain`, the four volatile states, `checkState`, `prepareProposalState`, `processProposalState` +and `finalizeBlockState` are set by branching the root `CommitMultiStore`. Any subsequent reads and writes happen +on branched versions of the `CommitMultiStore`. +To avoid unnecessary roundtrip to the main state, all reads to the branched store are cached. + +![InitChain](../../../images/learn/advanced/baseapp_state-initchain.png) + +### CheckTx State Updates + +During `CheckTx`, the `checkState`, which is based off of the last committed state from the root +store, is used for any reads and writes. Here we only execute the `AnteHandler` and verify a service router +exists for every message in the transaction. Note, when we execute the `AnteHandler`, we branch +the already branched `checkState`. +This has the side effect that if the `AnteHandler` fails, the state transitions won't be reflected in the `checkState` +\-- i.e. `checkState` is only updated on success. + +![CheckTx](../../../images/learn/advanced/baseapp_state-checktx.png) + +### PrepareProposal State Updates + +During `PrepareProposal`, the `prepareProposalState` is set by branching the root `CommitMultiStore`. +The `prepareProposalState` is used for any reads and writes that occur during the `PrepareProposal` phase. +The function uses the `Select()` method of the mempool to iterate over the transactions. `runTx` is then called, +which encodes and validates each transaction and from there the `AnteHandler` is executed. +If successful, valid transactions are returned inclusive of the events, tags, and data generated +during the execution of the proposal. +The described behavior is that of the default handler, applications have the flexibility to define their own +[custom mempool handlers](https://docs.cosmos.network/main/build/building-apps/app-mempool). + +![ProcessProposal](../../../images/learn/advanced/baseapp_state-prepareproposal.png) + +### ProcessProposal State Updates + +During `ProcessProposal`, the `processProposalState` is set based off of the last committed state +from the root store and is used to process a signed proposal received from a validator. +In this state, `runTx` is called and the `AnteHandler` is executed and the context used in this state is built with information +from the header and the main state, including the minimum gas prices, which are also set. +Again we want to highlight that the described behavior is that of the default handler and applications have the flexibility to define their own +[custom mempool handlers](https://docs.cosmos.network/main/build/building-apps/app-mempool). + +![ProcessProposal](../../../images/learn/advanced/baseapp_state-processproposal.png) + +### FinalizeBlock State Updates + +During `FinalizeBlock`, the `finalizeBlockState` is set for use during transaction execution and endblock. The +`finalizeBlockState` is based off of the last committed state from the root store and is branched. +Note, the `finalizeBlockState` is set to `nil` on [`Commit`](#commit). + +The state flow for transaction execution is nearly identical to `CheckTx` except state transitions occur on +the `finalizeBlockState` and messages in a transaction are executed. Similarly to `CheckTx`, state transitions +occur on a doubly branched state -- `finalizeBlockState`. Successful message execution results in +writes being committed to `finalizeBlockState`. Note, if message execution fails, state transitions from +the AnteHandler are persisted. + +### Commit State Updates + +During `Commit` all the state transitions that occurred in the `finalizeBlockState` are finally written to +the root `CommitMultiStore` which in turn is committed to disk and results in a new application +root hash. These state transitions are now considered final. Finally, the `checkState` is set to the +newly committed state and `finalizeBlockState` is set to `nil` to be reset on `FinalizeBlock`. + +![Commit](../../../images/learn/advanced/baseapp_state-commit.png) + +## ParamStore + +During `InitChain`, the `RequestInitChain` provides `ConsensusParams` which contains parameters +related to block execution such as maximum gas and size in addition to evidence parameters. If these +parameters are non-nil, they are set in the BaseApp's `ParamStore`. Behind the scenes, the `ParamStore` +is managed by an `x/consensus_params` module. This allows the parameters to be tweaked via +on-chain governance. + +## Service Routers + +When messages and queries are received by the application, they must be routed to the appropriate module in order to be processed. Routing is done via `BaseApp`, which holds a `msgServiceRouter` for messages, and a `grpcQueryRouter` for queries. + +### `Msg` Service Router + +[`sdk.Msg`s](/docs/sdk/vnext/build/building-modules/messages-and-queries#messages) need to be routed after they are extracted from transactions, which are sent from the underlying CometBFT engine via the [`CheckTx`](#checktx) and [`FinalizeBlock`](#finalizeblock) ABCI messages. To do so, `BaseApp` holds a `msgServiceRouter` which maps fully-qualified service methods (`string`, defined in each module's Protobuf `Msg` service) to the appropriate module's `MsgServer` implementation. + +The [default `msgServiceRouter` included in `BaseApp`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/msg_service_router.go) is stateless. However, some applications may want to make use of more stateful routing mechanisms such as allowing governance to disable certain routes or point them to new modules for upgrade purposes. For this reason, the `sdk.Context` is also passed into each [route handler inside `msgServiceRouter`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/baseapp/msg_service_router.go#L35-L36). For a stateless router that doesn't want to make use of this, you can just ignore the `ctx`. + +The application's `msgServiceRouter` is initialized with all the routes using the application's [module manager](/docs/sdk/vnext/build/building-modules/module-manager#manager) (via the `RegisterServices` method), which itself is initialized with all the application's modules in the application's [constructor](/docs/sdk/vnext/learn/beginner/app-anatomy#constructor-function). + +### gRPC Query Router + +Similar to `sdk.Msg`s, [`queries`](/docs/sdk/vnext/build/building-modules/messages-and-queries#queries) need to be routed to the appropriate module's [`Query` service](/docs/sdk/vnext/build/building-modules/query-services). To do so, `BaseApp` holds a `grpcQueryRouter`, which maps modules' fully-qualified service methods (`string`, defined in their Protobuf `Query` gRPC) to their `QueryServer` implementation. The `grpcQueryRouter` is called during the initial stages of query processing, which can be either by directly sending a gRPC query to the gRPC endpoint, or via the [`Query` ABCI message](#query) on the CometBFT RPC endpoint. + +Just like the `msgServiceRouter`, the `grpcQueryRouter` is initialized with all the query routes using the application's [module manager](/docs/sdk/vnext/build/building-modules/module-manager) (via the `RegisterServices` method), which itself is initialized with all the application's modules in the application's [constructor](/docs/sdk/vnext/learn/beginner/app-anatomy#app-constructor). + +## Main ABCI 2.0 Messages + +The [Application-Blockchain Interface](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md) (ABCI) is a generic interface that connects a state-machine with a consensus engine to form a functional full-node. It can be wrapped in any language, and needs to be implemented by each application-specific blockchain built on top of an ABCI-compatible consensus engine like CometBFT. + +The consensus engine handles two main tasks: + +* The networking logic, which mainly consists in gossiping block parts, transactions and consensus votes. +* The consensus logic, which results in the deterministic ordering of transactions in the form of blocks. + +It is **not** the role of the consensus engine to define the state or the validity of transactions. Generally, transactions are handled by the consensus engine in the form of `[]bytes`, and relayed to the application via the ABCI to be decoded and processed. At keys moments in the networking and consensus processes (e.g. beginning of a block, commit of a block, reception of an unconfirmed transaction, ...), the consensus engine emits ABCI messages for the state-machine to act on. + +Developers building on top of the Cosmos SDK need not implement the ABCI themselves, as `BaseApp` comes with a built-in implementation of the interface. Let us go through the main ABCI messages that `BaseApp` implements: + +* [`Prepare Proposal`](#prepare-proposal) +* [`Process Proposal`](#process-proposal) +* [`CheckTx`](#checktx) +* [`FinalizeBlock`](#finalizeblock) +* [`ExtendVote`](#extendvote) +* [`VerifyVoteExtension`](#verifyvoteextension) + +### Prepare Proposal + +The `PrepareProposal` function is part of the new methods introduced in Application Blockchain Interface (ABCI++) in CometBFT and is an important part of the application's overall governance system. In the Cosmos SDK, it allows the application to have more fine-grained control over the transactions that are processed, and ensures that only valid transactions are committed to the blockchain. + +Here is how the `PrepareProposal` function can be implemented: + +1. Extract the `sdk.Msg`s from the transaction. +2. Perform *stateful* checks by calling `Validate()` on each of the `sdk.Msg`'s. This is done after *stateless* checks as *stateful* checks are more computationally expensive. If `Validate()` fails, `PrepareProposal` returns before running further checks, which saves resources. +3. Perform any additional checks that are specific to the application, such as checking account balances, or ensuring that certain conditions are met before a transaction is proposed.hey are processed by the consensus engine, if necessary. +4. Return the updated transactions to be processed by the consensus engine + +Note that, unlike `CheckTx()`, `PrepareProposal` process `sdk.Msg`s, so it can directly update the state. However, unlike `FinalizeBlock()`, it does not commit the state updates. It's important to exercise caution when using `PrepareProposal` as incorrect coding could affect the overall liveness of the network. + +It's important to note that `PrepareProposal` complements the `ProcessProposal` method which is executed after this method. The combination of these two methods means that it is possible to guarantee that no invalid transactions are ever committed. Furthermore, such a setup can give rise to other interesting use cases such as Oracles, threshold decryption and more. + +`PrepareProposal` returns a response to the underlying consensus engine of type [`abci.CheckTxResponse`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#processproposal). The response contains: + +* `Code (uint32)`: Response Code. `0` if successful. +* `Data ([]byte)`: Result bytes, if any. +* `Log (string):` The output of the application's logger. May be non-deterministic. +* `Info (string):` Additional information. May be non-deterministic. + +### Process Proposal + +The `ProcessProposal` function is called by the BaseApp as part of the ABCI message flow, and is executed during the `FinalizeBlock` phase of the consensus process. The purpose of this function is to give more control to the application for block validation, allowing it to check all transactions in a proposed block before the validator sends the prevote for the block. It allows a validator to perform application-dependent work in a proposed block, enabling features such as immediate block execution, and allows the Application to reject invalid blocks. + +The `ProcessProposal` function performs several key tasks, including: + +1. Validating the proposed block by checking all transactions in it. +2. Checking the proposed block against the current state of the application, to ensure that it is valid and that it can be executed. +3. Updating the application's state based on the proposal, if it is valid and passes all checks. +4. Returning a response to CometBFT indicating the result of the proposal processing. + +The `ProcessProposal` is an important part of the application's overall governance system. It is used to manage the network's parameters and other key aspects of its operation. It also ensures that the coherence property is adhered to i.e. all honest validators must accept a proposal by an honest proposer. + +It's important to note that `ProcessProposal` complements the `PrepareProposal` method which enables the application to have more fine-grained transaction control by allowing it to reorder, drop, delay, modify, and even add transactions as they see necessary. The combination of these two methods means that it is possible to guarantee that no invalid transactions are ever committed. Furthermore, such a setup can give rise to other interesting use cases such as Oracles, threshold decryption and more. + +CometBFT calls it when it receives a proposal and the CometBFT algorithm has not locked on a value. The Application cannot modify the proposal at this point but can reject it if it is invalid. If that is the case, CometBFT will prevote `nil` on the proposal, which has strong liveness implications for CometBFT. As a general rule, the Application SHOULD accept a prepared proposal passed via `ProcessProposal`, even if a part of the proposal is invalid (e.g., an invalid transaction); the Application can ignore the invalid part of the prepared proposal at block execution time. + +However, developers must exercise greater caution when using these methods. Incorrectly coding these methods could affect liveness as CometBFT is unable to receive 2/3 valid precommits to finalize a block. + +`ProcessProposal` returns a response to the underlying consensus engine of type [`abci.CheckTxResponse`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#processproposal). The response contains: + +* `Code (uint32)`: Response Code. `0` if successful. +* `Data ([]byte)`: Result bytes, if any. +* `Log (string):` The output of the application's logger. May be non-deterministic. +* `Info (string):` Additional information. May be non-deterministic. + +### CheckTx + +`CheckTx` is sent by the underlying consensus engine when a new unconfirmed (i.e. not yet included in a valid block) +transaction is received by a full-node. The role of `CheckTx` is to guard the full-node's mempool +(where unconfirmed transactions are stored until they are included in a block) from spam transactions. +Unconfirmed transactions are relayed to peers only if they pass `CheckTx`. + +`CheckTx()` can perform both *stateful* and *stateless* checks, but developers should strive to +make the checks **lightweight** because gas fees are not charged for the resources (CPU, data load...) used during the `CheckTx`. + +In the Cosmos SDK, after [decoding transactions](/docs/sdk/vnext/learn/advanced/encoding), `CheckTx()` is implemented +to do the following checks: + +1. Extract the `sdk.Msg`s from the transaction. +2. **Optionally** perform *stateless* checks by calling `ValidateBasic()` on each of the `sdk.Msg`s. This is done + first, as *stateless* checks are less computationally expensive than *stateful* checks. If + `ValidateBasic()` fail, `CheckTx` returns before running *stateful* checks, which saves resources. + This check is still performed for messages that have not yet migrated to the new message validation mechanism defined in [RFC 001](https://docs.cosmos.network/main/rfc/rfc-001-tx-validation) and still have a `ValidateBasic()` method. +3. Perform non-module related *stateful* checks on the [account](/docs/sdk/vnext/learn/beginner/accounts). This step is mainly about checking + that the `sdk.Msg` signatures are valid, that enough fees are provided and that the sending account + has enough funds to pay for said fees. Note that no precise [`gas`](/docs/sdk/vnext/learn/beginner/gas-fees) counting occurs here, + as `sdk.Msg`s are not processed. Usually, the [`AnteHandler`](/docs/sdk/vnext/learn/beginner/gas-fees#antehandler) will check that the `gas` provided + with the transaction is superior to a minimum reference gas amount based on the raw transaction size, + in order to avoid spam with transactions that provide 0 gas. + +`CheckTx` does **not** process `sdk.Msg`s - they only need to be processed when the canonical state needs to be updated, which happens during `FinalizeBlock`. + +Steps 2. and 3. are performed by the [`AnteHandler`](/docs/sdk/vnext/learn/beginner/gas-fees#antehandler) in the [`RunTx()`](#runtx-antehandler-and-runmsgs) +function, which `CheckTx()` calls with the `runTxModeCheck` mode. During each step of `CheckTx()`, a +special [volatile state](#state-updates) called `checkState` is updated. This state is used to keep +track of the temporary changes triggered by the `CheckTx()` calls of each transaction without modifying +the [main canonical state](#main-state). For example, when a transaction goes through `CheckTx()`, the +transaction's fees are deducted from the sender's account in `checkState`. If a second transaction is +received from the same account before the first is processed, and the account has consumed all its +funds in `checkState` during the first transaction, the second transaction will fail `CheckTx`() and +be rejected. In any case, the sender's account will not actually pay the fees until the transaction +is actually included in a block, because `checkState` never gets committed to the main state. The +`checkState` is reset to the latest state of the main state each time a blocks gets [committed](#commit). + +`CheckTx` returns a response to the underlying consensus engine of type [`abci.CheckTxResponse`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#checktx). +The response contains: + +* `Code (uint32)`: Response Code. `0` if successful. +* `Data ([]byte)`: Result bytes, if any. +* `Log (string):` The output of the application's logger. May be non-deterministic. +* `Info (string):` Additional information. May be non-deterministic. +* `GasWanted (int64)`: Amount of gas requested for transaction. It is provided by users when they generate the transaction. +* `GasUsed (int64)`: Amount of gas consumed by transaction. During `CheckTx`, this value is computed by multiplying the standard cost of a transaction byte by the size of the raw transaction. Next is an example: + +```go expandable +package ante + +import ( + + "slices" + "time" + + errorsmod "cosmossdk.io/errors" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec/legacy" + "github.com/cosmos/cosmos-sdk/crypto/keys/multisig" + cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/cosmos/cosmos-sdk/types/tx/signing" + "github.com/cosmos/cosmos-sdk/x/auth/migrations/legacytx" + authsigning "github.com/cosmos/cosmos-sdk/x/auth/signing" +) + +// ValidateBasicDecorator will call tx.ValidateBasic and return any non-nil error. +// If ValidateBasic passes, decorator calls next AnteHandler in chain. Note, +// ValidateBasicDecorator decorator will not get executed on ReCheckTx since it +// is not dependent on application state. +type ValidateBasicDecorator struct{ +} + +func NewValidateBasicDecorator() + +ValidateBasicDecorator { + return ValidateBasicDecorator{ +} +} + +func (vbd ValidateBasicDecorator) + +AnteHandle(ctx sdk.Context, tx sdk.Tx, simulate bool, next sdk.AnteHandler) (sdk.Context, error) { + // no need to validate basic on recheck tx, call next antehandler + if ctx.IsReCheckTx() { + return next(ctx, tx, simulate) +} + if validateBasic, ok := tx.(sdk.HasValidateBasic); ok { + if err := validateBasic.ValidateBasic(); err != nil { + return ctx, err +} + +} + +return next(ctx, tx, simulate) +} + +// ValidateMemoDecorator will validate memo given the parameters passed in +// If memo is too large decorator returns with error, otherwise call next AnteHandler +// CONTRACT: Tx must implement TxWithMemo interface +type ValidateMemoDecorator struct { + ak AccountKeeper +} + +func NewValidateMemoDecorator(ak AccountKeeper) + +ValidateMemoDecorator { + return ValidateMemoDecorator{ + ak: ak, +} +} + +func (vmd ValidateMemoDecorator) + +AnteHandle(ctx sdk.Context, tx sdk.Tx, simulate bool, next sdk.AnteHandler) (sdk.Context, error) { + memoTx, ok := tx.(sdk.TxWithMemo) + if !ok { + return ctx, errorsmod.Wrap(sdkerrors.ErrTxDecode, "invalid transaction type") +} + memoLength := len(memoTx.GetMemo()) + if memoLength > 0 { + params := vmd.ak.GetParams(ctx) + if uint64(memoLength) > params.MaxMemoCharacters { + return ctx, errorsmod.Wrapf(sdkerrors.ErrMemoTooLarge, + "maximum number of characters is %d but received %d characters", + params.MaxMemoCharacters, memoLength, + ) +} + +} + +return next(ctx, tx, simulate) +} + +// ConsumeTxSizeGasDecorator will take in parameters and consume gas proportional +// to the size of tx before calling next AnteHandler. Note, the gas costs will be +// slightly over estimated due to the fact that any given signing account may need +// to be retrieved from state. +// +// CONTRACT: If simulate=true, then signatures must either be completely filled +// in or empty. +// CONTRACT: To use this decorator, signatures of transaction must be represented +// as legacytx.StdSignature otherwise simulate mode will incorrectly estimate gas cost. +type ConsumeTxSizeGasDecorator struct { + ak AccountKeeper +} + +func NewConsumeGasForTxSizeDecorator(ak AccountKeeper) + +ConsumeTxSizeGasDecorator { + return ConsumeTxSizeGasDecorator{ + ak: ak, +} +} + +func (cgts ConsumeTxSizeGasDecorator) + +AnteHandle(ctx sdk.Context, tx sdk.Tx, simulate bool, next sdk.AnteHandler) (sdk.Context, error) { + sigTx, ok := tx.(authsigning.SigVerifiableTx) + if !ok { + return ctx, errorsmod.Wrap(sdkerrors.ErrTxDecode, "invalid tx type") +} + params := cgts.ak.GetParams(ctx) + +ctx.GasMeter().ConsumeGas(params.TxSizeCostPerByte*storetypes.Gas(len(ctx.TxBytes())), "txSize") + + // simulate gas cost for signatures in simulate mode + if simulate { + // in simulate mode, each element should be a nil signature + sigs, err := sigTx.GetSignaturesV2() + if err != nil { + return ctx, err +} + n := len(sigs) + +signers, err := sigTx.GetSigners() + if err != nil { + return sdk.Context{ +}, err +} + for i, signer := range signers { + // if signature is already filled in, no need to simulate gas cost + if i < n && !isIncompleteSignature(sigs[i].Data) { + continue +} + +var pubkey cryptotypes.PubKey + acc := cgts.ak.GetAccount(ctx, signer) + + // use placeholder simSecp256k1Pubkey if sig is nil + if acc == nil || acc.GetPubKey() == nil { + pubkey = simSecp256k1Pubkey +} + +else { + pubkey = acc.GetPubKey() +} + + // use stdsignature to mock the size of a full signature + simSig := legacytx.StdSignature{ //nolint:staticcheck // SA1019: legacytx.StdSignature is deprecated + Signature: simSecp256k1Sig[:], + PubKey: pubkey, +} + sigBz := legacy.Cdc.MustMarshal(simSig) + cost := storetypes.Gas(len(sigBz) + 6) + + // If the pubkey is a multi-signature pubkey, then we estimate for the maximum + // number of signers. + if _, ok := pubkey.(*multisig.LegacyAminoPubKey); ok { + cost *= params.TxSigLimit +} + +ctx.GasMeter().ConsumeGas(params.TxSizeCostPerByte*cost, "txSize") +} + +} + +return next(ctx, tx, simulate) +} + +// isIncompleteSignature tests whether SignatureData is fully filled in for simulation purposes +func isIncompleteSignature(data signing.SignatureData) + +bool { + if data == nil { + return true +} + switch data := data.(type) { + case *signing.SingleSignatureData: + return len(data.Signature) == 0 + case *signing.MultiSignatureData: + if len(data.Signatures) == 0 { + return true +} + if slices.ContainsFunc(data.Signatures, isIncompleteSignature) { + return true +} + +} + +return false +} + +type ( + // TxTimeoutHeightDecorator defines an AnteHandler decorator that checks for a + // tx height timeout. + TxTimeoutHeightDecorator struct{ +} + + // TxWithTimeoutHeight defines the interface a tx must implement in order for + // TxHeightTimeoutDecorator to process the tx. + TxWithTimeoutHeight interface { + sdk.Tx + + GetTimeoutHeight() + +uint64 + GetTimeoutTimeStamp() + +time.Time +} +) + +// TxTimeoutHeightDecorator defines an AnteHandler decorator that checks for a +// tx height timeout. +func NewTxTimeoutHeightDecorator() + +TxTimeoutHeightDecorator { + return TxTimeoutHeightDecorator{ +} +} + +// AnteHandle implements an AnteHandler decorator for the TxHeightTimeoutDecorator +// type where the current block height is checked against the tx's height timeout. +// If a height timeout is provided (non-zero) + +and is less than the current block +// height, then an error is returned. +func (txh TxTimeoutHeightDecorator) + +AnteHandle(ctx sdk.Context, tx sdk.Tx, simulate bool, next sdk.AnteHandler) (sdk.Context, error) { + timeoutTx, ok := tx.(TxWithTimeoutHeight) + if !ok { + return ctx, errorsmod.Wrap(sdkerrors.ErrTxDecode, "expected tx to implement TxWithTimeoutHeight") +} + timeoutHeight := timeoutTx.GetTimeoutHeight() + if timeoutHeight > 0 && uint64(ctx.BlockHeight()) > timeoutHeight { + return ctx, errorsmod.Wrapf( + sdkerrors.ErrTxTimeoutHeight, "block height: %d, timeout height: %d", ctx.BlockHeight(), timeoutHeight, + ) +} + timeoutTimestamp := timeoutTx.GetTimeoutTimeStamp() + blockTime := ctx.BlockHeader().Time + if !timeoutTimestamp.IsZero() && timeoutTimestamp.Unix() != 0 && timeoutTimestamp.Before(blockTime) { + return ctx, errorsmod.Wrapf( + sdkerrors.ErrTxTimeout, "block time: %s, timeout timestamp: %s", blockTime, timeoutTimestamp.String(), + ) +} + +return next(ctx, tx, simulate) +} +``` + +* `Events ([]cmn.KVPair)`: Key-Value tags for filtering and indexing transactions (eg. by account). See [`event`s](/docs/sdk/vnext/learn/advanced/events) for more. +* `Codespace (string)`: Namespace for the Code. + +#### RecheckTx + +After `Commit`, `CheckTx` is run again on all transactions that remain in the node's local mempool +excluding the transactions that are included in the block. To prevent the mempool from rechecking all transactions +every time a block is committed, the configuration option `mempool.recheck=false` can be set. As of +Tendermint v0.32.1, an additional `Type` parameter is made available to the `CheckTx` function that +indicates whether an incoming transaction is new (`CheckTxType_New`), or a recheck (`CheckTxType_Recheck`). +This allows certain checks like signature verification can be skipped during `CheckTxType_Recheck`. + +## RunTx, AnteHandler, RunMsgs, PostHandler + +### RunTx + +`RunTx` is called from `CheckTx`/`Finalizeblock` to handle the transaction, with `execModeCheck` or `execModeFinalize` as parameter to differentiate between the two modes of execution. Note that when `RunTx` receives a transaction, it has already been decoded. + +The first thing `RunTx` does upon being called is to retrieve the `context`'s `CacheMultiStore` by calling the `getContextForTx()` function with the appropriate mode (either `runTxModeCheck` or `execModeFinalize`). This `CacheMultiStore` is a branch of the main store, with cache functionality (for query requests), instantiated during `FinalizeBlock` for transaction execution and during the `Commit` of the previous block for `CheckTx`. After that, two `defer func()` are called for [`gas`](/docs/sdk/vnext/learn/beginner/gas-fees) management. They are executed when `runTx` returns and make sure `gas` is actually consumed, and will throw errors, if any. + +After that, `RunTx()` calls `ValidateBasic()`, when available and for backward compatibility, on each `sdk.Msg`in the `Tx`, which runs preliminary *stateless* validity checks. If any `sdk.Msg` fails to pass `ValidateBasic()`, `RunTx()` returns with an error. + +Then, the [`anteHandler`](#antehandler) of the application is run (if it exists). In preparation of this step, both the `checkState`/`finalizeBlockState`'s `context` and `context`'s `CacheMultiStore` are branched using the `cacheTxContext()` function. + +```go expandable +package baseapp + +import ( + + "context" + "fmt" + "maps" + "math" + "slices" + "strconv" + "sync" + "github.com/cockroachdb/errors" + abci "github.com/cometbft/cometbft/abci/types" + "github.com/cometbft/cometbft/crypto/tmhash" + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + dbm "github.com/cosmos/cosmos-db" + "github.com/cosmos/gogoproto/proto" + protov2 "google.golang.org/protobuf/proto" + "cosmossdk.io/core/header" + errorsmod "cosmossdk.io/errors" + "cosmossdk.io/log" + "cosmossdk.io/store" + storemetrics "cosmossdk.io/store/metrics" + "cosmossdk.io/store/snapshots" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/baseapp/oe" + "github.com/cosmos/cosmos-sdk/codec" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + servertypes "github.com/cosmos/cosmos-sdk/server/types" + "github.com/cosmos/cosmos-sdk/telemetry" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/cosmos/cosmos-sdk/types/mempool" + "github.com/cosmos/cosmos-sdk/types/msgservice" +) + +type ( + execMode uint8 + + // StoreLoader defines a customizable function to control how we load the + // CommitMultiStore from disk. This is useful for state migration, when + // loading a datastore written with an older version of the software. In + // particular, if a module changed the substore key name (or removed a substore) + // between two versions of the software. + StoreLoader func(ms storetypes.CommitMultiStore) + +error +) + +const ( + execModeCheck execMode = iota // Check a transaction + execModeReCheck // Recheck a (pending) + +transaction after a commit + execModeSimulate // Simulate a transaction + execModePrepareProposal // Prepare a block proposal + execModeProcessProposal // Process a block proposal + execModeVoteExtension // Extend or verify a pre-commit vote + execModeVerifyVoteExtension // Verify a vote extension + execModeFinalize // Finalize a block proposal +) + +var _ servertypes.ABCI = (*BaseApp)(nil) + +// BaseApp reflects the ABCI application implementation. +type BaseApp struct { + // initialized on creation + mu sync.Mutex // mu protects the fields below. + logger log.Logger + name string // application name from abci.BlockInfo + db dbm.DB // common DB backend + cms storetypes.CommitMultiStore // Main (uncached) + +state + qms storetypes.MultiStore // Optional alternative multistore for querying only. + storeLoader StoreLoader // function to handle store loading, may be overridden with SetStoreLoader() + +grpcQueryRouter *GRPCQueryRouter // router for redirecting gRPC query calls + msgServiceRouter *MsgServiceRouter // router for redirecting Msg service messages + interfaceRegistry codectypes.InterfaceRegistry + txDecoder sdk.TxDecoder // unmarshal []byte into sdk.Tx + txEncoder sdk.TxEncoder // marshal sdk.Tx into []byte + + mempool mempool.Mempool // application side mempool + anteHandler sdk.AnteHandler // ante handler for fee and auth + postHandler sdk.PostHandler // post handler, optional + + checkTxHandler sdk.CheckTxHandler // ABCI CheckTx handler + initChainer sdk.InitChainer // ABCI InitChain handler + preBlocker sdk.PreBlocker // logic to run before BeginBlocker + beginBlocker sdk.BeginBlocker // (legacy ABCI) + +BeginBlock handler + endBlocker sdk.EndBlocker // (legacy ABCI) + +EndBlock handler + processProposal sdk.ProcessProposalHandler // ABCI ProcessProposal handler + prepareProposal sdk.PrepareProposalHandler // ABCI PrepareProposal + extendVote sdk.ExtendVoteHandler // ABCI ExtendVote handler + verifyVoteExt sdk.VerifyVoteExtensionHandler // ABCI VerifyVoteExtension handler + prepareCheckStater sdk.PrepareCheckStater // logic to run during commit using the checkState + precommiter sdk.Precommiter // logic to run during commit using the deliverState + + addrPeerFilter sdk.PeerFilter // filter peers by address and port + idPeerFilter sdk.PeerFilter // filter peers by node ID + fauxMerkleMode bool // if true, IAVL MountStores uses MountStoresDB for simulation speed. + sigverifyTx bool // in the simulation test, since the account does not have a private key, we have to ignore the tx sigverify. + + // manages snapshots, i.e. dumps of app state at certain intervals + snapshotManager *snapshots.Manager + + // volatile states: + // + // - checkState is set on InitChain and reset on Commit + // - finalizeBlockState is set on InitChain and FinalizeBlock and set to nil + // on Commit. + // + // - checkState: Used for CheckTx, which is set based on the previous block's + // state. This state is never committed. + // + // - prepareProposalState: Used for PrepareProposal, which is set based on the + // previous block's state. This state is never committed. In case of multiple + // consensus rounds, the state is always reset to the previous block's state. + // + // - processProposalState: Used for ProcessProposal, which is set based on the + // the previous block's state. This state is never committed. In case of + // multiple rounds, the state is always reset to the previous block's state. + // + // - finalizeBlockState: Used for FinalizeBlock, which is set based on the + // previous block's state. This state is committed. + checkState *state + prepareProposalState *state + processProposalState *state + finalizeBlockState *state + + // An inter-block write-through cache provided to the context during the ABCI + // FinalizeBlock call. + interBlockCache storetypes.MultiStorePersistentCache + + // paramStore is used to query for ABCI consensus parameters from an + // application parameter store. + paramStore ParamStore + + // queryGasLimit defines the maximum gas for queries; unbounded if 0. + queryGasLimit uint64 + + // The minimum gas prices a validator is willing to accept for processing a + // transaction. This is mainly used for DoS and spam prevention. + minGasPrices sdk.DecCoins + + // initialHeight is the initial height at which we start the BaseApp + initialHeight int64 + + // flag for sealing options and parameters to a BaseApp + sealed bool + + // block height at which to halt the chain and gracefully shutdown + haltHeight uint64 + + // minimum block time (in Unix seconds) + +at which to halt the chain and gracefully shutdown + haltTime uint64 + + // minRetainBlocks defines the minimum block height offset from the current + // block being committed, such that all blocks past this offset are pruned + // from CometBFT. It is used as part of the process of determining the + // ResponseCommit.RetainHeight value during ABCI Commit. A value of 0 indicates + // that no blocks should be pruned. + // + // Note: CometBFT block pruning is dependant on this parameter in conjunction + // with the unbonding (safety threshold) + +period, state pruning and state sync + // snapshot parameters to determine the correct minimum value of + // ResponseCommit.RetainHeight. + minRetainBlocks uint64 + + // application's version string + version string + + // application's protocol version that increments on every upgrade + // if BaseApp is passed to the upgrade keeper's NewKeeper method. + appVersion uint64 + + // recovery handler for app.runTx method + runTxRecoveryMiddleware recoveryMiddleware + + // trace set will return full stack traces for errors in ABCI Log field + trace bool + + // indexEvents defines the set of events in the form { + eventType +}.{ + attributeKey +}, + // which informs CometBFT what to index. If empty, all events will be indexed. + indexEvents map[string]struct{ +} + + // streamingManager for managing instances and configuration of ABCIListener services + streamingManager storetypes.StreamingManager + + chainID string + + cdc codec.Codec + + // optimisticExec contains the context required for Optimistic Execution, + // including the goroutine handling.This is experimental and must be enabled + // by developers. + optimisticExec *oe.OptimisticExecution + + // disableBlockGasMeter will disable the block gas meter if true, block gas meter is tricky to support + // when executing transactions in parallel. + // when disabled, the block gas meter in context is a noop one. + // + // SAFETY: it's safe to do if validators validate the total gas wanted in the `ProcessProposal`, which is the case in the default handler. + disableBlockGasMeter bool +} + +// NewBaseApp returns a reference to an initialized BaseApp. It accepts a +// variadic number of option functions, which act on the BaseApp to set +// configuration choices. +func NewBaseApp( + name string, logger log.Logger, db dbm.DB, txDecoder sdk.TxDecoder, options ...func(*BaseApp), +) *BaseApp { + app := &BaseApp{ + logger: logger.With(log.ModuleKey, "baseapp"), + name: name, + db: db, + cms: store.NewCommitMultiStore(db, logger, storemetrics.NewNoOpMetrics()), // by default we use a no-op metric gather in store + storeLoader: DefaultStoreLoader, + grpcQueryRouter: NewGRPCQueryRouter(), + msgServiceRouter: NewMsgServiceRouter(), + txDecoder: txDecoder, + fauxMerkleMode: false, + sigverifyTx: true, + queryGasLimit: math.MaxUint64, +} + for _, option := range options { + option(app) +} + if app.mempool == nil { + app.SetMempool(mempool.NoOpMempool{ +}) +} + abciProposalHandler := NewDefaultProposalHandler(app.mempool, app) + if app.prepareProposal == nil { + app.SetPrepareProposal(abciProposalHandler.PrepareProposalHandler()) +} + if app.processProposal == nil { + app.SetProcessProposal(abciProposalHandler.ProcessProposalHandler()) +} + if app.extendVote == nil { + app.SetExtendVoteHandler(NoOpExtendVote()) +} + if app.verifyVoteExt == nil { + app.SetVerifyVoteExtensionHandler(NoOpVerifyVoteExtensionHandler()) +} + if app.interBlockCache != nil { + app.cms.SetInterBlockCache(app.interBlockCache) +} + +app.runTxRecoveryMiddleware = newDefaultRecoveryMiddleware() + + // Initialize with an empty interface registry to avoid nil pointer dereference. + // Unless SetInterfaceRegistry is called with an interface registry with proper address codecs baseapp will panic. + app.cdc = codec.NewProtoCodec(codectypes.NewInterfaceRegistry()) + +protoFiles, err := proto.MergedRegistry() + if err != nil { + logger.Warn("error creating merged proto registry", "error", err) +} + +else { + err = msgservice.ValidateProtoAnnotations(protoFiles) + if err != nil { + // Once we switch to using protoreflect-based antehandlers, we might + // want to panic here instead of logging a warning. + logger.Warn("error validating merged proto registry annotations", "error", err) +} + +} + +return app +} + +// Name returns the name of the BaseApp. +func (app *BaseApp) + +Name() + +string { + return app.name +} + +// AppVersion returns the application's protocol version. +func (app *BaseApp) + +AppVersion() + +uint64 { + return app.appVersion +} + +// Version returns the application's version string. +func (app *BaseApp) + +Version() + +string { + return app.version +} + +// Logger returns the logger of the BaseApp. +func (app *BaseApp) + +Logger() + +log.Logger { + return app.logger +} + +// Trace returns the boolean value for logging error stack traces. +func (app *BaseApp) + +Trace() + +bool { + return app.trace +} + +// MsgServiceRouter returns the MsgServiceRouter of a BaseApp. +func (app *BaseApp) + +MsgServiceRouter() *MsgServiceRouter { + return app.msgServiceRouter +} + +// GRPCQueryRouter returns the GRPCQueryRouter of a BaseApp. +func (app *BaseApp) + +GRPCQueryRouter() *GRPCQueryRouter { + return app.grpcQueryRouter +} + +// MountStores mounts all IAVL or DB stores to the provided keys in the BaseApp +// multistore. +func (app *BaseApp) + +MountStores(keys ...storetypes.StoreKey) { + for _, key := range keys { + switch key.(type) { + case *storetypes.KVStoreKey: + if !app.fauxMerkleMode { + app.MountStore(key, storetypes.StoreTypeIAVL) +} + +else { + // StoreTypeDB doesn't do anything upon commit, and it doesn't + // retain history, but it's useful for faster simulation. + app.MountStore(key, storetypes.StoreTypeDB) +} + case *storetypes.TransientStoreKey: + app.MountStore(key, storetypes.StoreTypeTransient) + case *storetypes.MemoryStoreKey: + app.MountStore(key, storetypes.StoreTypeMemory) + +default: + panic(fmt.Sprintf("Unrecognized store key type :%T", key)) +} + +} +} + +// MountKVStores mounts all IAVL or DB stores to the provided keys in the +// BaseApp multistore. +func (app *BaseApp) + +MountKVStores(keys map[string]*storetypes.KVStoreKey) { + for _, key := range keys { + if !app.fauxMerkleMode { + app.MountStore(key, storetypes.StoreTypeIAVL) +} + +else { + // StoreTypeDB doesn't do anything upon commit, and it doesn't + // retain history, but it's useful for faster simulation. + app.MountStore(key, storetypes.StoreTypeDB) +} + +} +} + +// MountTransientStores mounts all transient stores to the provided keys in +// the BaseApp multistore. +func (app *BaseApp) + +MountTransientStores(keys map[string]*storetypes.TransientStoreKey) { + for _, key := range keys { + app.MountStore(key, storetypes.StoreTypeTransient) +} +} + +// MountMemoryStores mounts all in-memory KVStores with the BaseApp's internal +// commit multi-store. +func (app *BaseApp) + +MountMemoryStores(keys map[string]*storetypes.MemoryStoreKey) { + skeys := slices.Sorted(maps.Keys(keys)) + for _, key := range skeys { + memKey := keys[key] + app.MountStore(memKey, storetypes.StoreTypeMemory) +} +} + +// MountStore mounts a store to the provided key in the BaseApp multistore, +// using the default DB. +func (app *BaseApp) + +MountStore(key storetypes.StoreKey, typ storetypes.StoreType) { + app.cms.MountStoreWithDB(key, typ, nil) +} + +// LoadLatestVersion loads the latest application version. It will panic if +// called more than once on a running BaseApp. +func (app *BaseApp) + +LoadLatestVersion() + +error { + err := app.storeLoader(app.cms) + if err != nil { + return fmt.Errorf("failed to load latest version: %w", err) +} + +return app.Init() +} + +// DefaultStoreLoader will be used by default and loads the latest version +func DefaultStoreLoader(ms storetypes.CommitMultiStore) + +error { + return ms.LoadLatestVersion() +} + +// CommitMultiStore returns the root multi-store. +// App constructor can use this to access the `cms`. +// UNSAFE: must not be used during the abci life cycle. +func (app *BaseApp) + +CommitMultiStore() + +storetypes.CommitMultiStore { + return app.cms +} + +// SnapshotManager returns the snapshot manager. +// application use this to register extra extension snapshotters. +func (app *BaseApp) + +SnapshotManager() *snapshots.Manager { + return app.snapshotManager +} + +// LoadVersion loads the BaseApp application version. It will panic if called +// more than once on a running baseapp. +func (app *BaseApp) + +LoadVersion(version int64) + +error { + app.logger.Info("NOTICE: this could take a long time to migrate IAVL store to fastnode if you enable Fast Node.\n") + err := app.cms.LoadVersion(version) + if err != nil { + return fmt.Errorf("failed to load version %d: %w", version, err) +} + +return app.Init() +} + +// LastCommitID returns the last CommitID of the multistore. +func (app *BaseApp) + +LastCommitID() + +storetypes.CommitID { + return app.cms.LastCommitID() +} + +// LastBlockHeight returns the last committed block height. +func (app *BaseApp) + +LastBlockHeight() + +int64 { + return app.cms.LastCommitID().Version +} + +// ChainID returns the chainID of the app. +func (app *BaseApp) + +ChainID() + +string { + return app.chainID +} + +// AnteHandler returns the AnteHandler of the app. +func (app *BaseApp) + +AnteHandler() + +sdk.AnteHandler { + return app.anteHandler +} + +// Mempool returns the Mempool of the app. +func (app *BaseApp) + +Mempool() + +mempool.Mempool { + return app.mempool +} + +// Init initializes the app. It seals the app, preventing any +// further modifications. In addition, it validates the app against +// the earlier provided settings. Returns an error if validation fails. +// nil otherwise. Panics if the app is already sealed. +func (app *BaseApp) + +Init() + +error { + if app.sealed { + panic("cannot call initFromMainStore: baseapp already sealed") +} + if app.cms == nil { + return errors.New("commit multi-store must not be nil") +} + emptyHeader := cmtproto.Header{ + ChainID: app.chainID +} + + // needed for the export command which inits from store but never calls initchain + app.setState(execModeCheck, emptyHeader) + +app.Seal() + +return app.cms.GetPruning().Validate() +} + +func (app *BaseApp) + +setMinGasPrices(gasPrices sdk.DecCoins) { + app.minGasPrices = gasPrices +} + +func (app *BaseApp) + +setHaltHeight(haltHeight uint64) { + app.haltHeight = haltHeight +} + +func (app *BaseApp) + +setHaltTime(haltTime uint64) { + app.haltTime = haltTime +} + +func (app *BaseApp) + +setMinRetainBlocks(minRetainBlocks uint64) { + app.minRetainBlocks = minRetainBlocks +} + +func (app *BaseApp) + +setInterBlockCache(cache storetypes.MultiStorePersistentCache) { + app.interBlockCache = cache +} + +func (app *BaseApp) + +setTrace(trace bool) { + app.trace = trace +} + +func (app *BaseApp) + +setIndexEvents(ie []string) { + app.indexEvents = make(map[string]struct{ +}) + for _, e := range ie { + app.indexEvents[e] = struct{ +}{ +} + +} +} + +// Seal seals a BaseApp. It prohibits any further modifications to a BaseApp. +func (app *BaseApp) + +Seal() { + app.sealed = true +} + +// IsSealed returns true if the BaseApp is sealed and false otherwise. +func (app *BaseApp) + +IsSealed() + +bool { + return app.sealed +} + +// setState sets the BaseApp's state for the corresponding mode with a branched +// multi-store (i.e. a CacheMultiStore) + +and a new Context with the same +// multi-store branch, and provided header. +func (app *BaseApp) + +setState(mode execMode, h cmtproto.Header) { + ms := app.cms.CacheMultiStore() + headerInfo := header.Info{ + Height: h.Height, + Time: h.Time, + ChainID: h.ChainID, + AppHash: h.AppHash, +} + baseState := &state{ + ms: ms, + ctx: sdk.NewContext(ms, h, false, app.logger). + WithStreamingManager(app.streamingManager). + WithHeaderInfo(headerInfo), +} + switch mode { + case execModeCheck: + baseState.SetContext(baseState.Context().WithIsCheckTx(true).WithMinGasPrices(app.minGasPrices)) + +app.checkState = baseState + case execModePrepareProposal: + app.prepareProposalState = baseState + case execModeProcessProposal: + app.processProposalState = baseState + case execModeFinalize: + app.finalizeBlockState = baseState + + default: + panic(fmt.Sprintf("invalid runTxMode for setState: %d", mode)) +} +} + +// SetCircuitBreaker sets the circuit breaker for the BaseApp. +// The circuit breaker is checked on every message execution to verify if a transaction should be executed or not. +func (app *BaseApp) + +SetCircuitBreaker(cb CircuitBreaker) { + if app.msgServiceRouter == nil { + panic("cannot set circuit breaker with no msg service router set") +} + +app.msgServiceRouter.SetCircuit(cb) +} + +// GetConsensusParams returns the current consensus parameters from the BaseApp's +// ParamStore. If the BaseApp has no ParamStore defined, nil is returned. +func (app *BaseApp) + +GetConsensusParams(ctx sdk.Context) + +cmtproto.ConsensusParams { + if app.paramStore == nil { + return cmtproto.ConsensusParams{ +} + +} + +cp, err := app.paramStore.Get(ctx) + if err != nil { + // This could happen while migrating from v0.45/v0.46 to v0.50, we should + // allow it to happen so during preblock the upgrade plan can be executed + // and the consensus params set for the first time in the new format. + app.logger.Error("failed to get consensus params", "err", err) + +return cmtproto.ConsensusParams{ +} + +} + +return cp +} + +// StoreConsensusParams sets the consensus parameters to the BaseApp's param +// store. +// +// NOTE: We're explicitly not storing the CometBFT app_version in the param store. +// It's stored instead in the x/upgrade store, with its own bump logic. +func (app *BaseApp) + +StoreConsensusParams(ctx sdk.Context, cp cmtproto.ConsensusParams) + +error { + if app.paramStore == nil { + return errors.New("cannot store consensus params with no params store set") +} + +return app.paramStore.Set(ctx, cp) +} + +// AddRunTxRecoveryHandler adds custom app.runTx method panic handlers. +func (app *BaseApp) + +AddRunTxRecoveryHandler(handlers ...RecoveryHandler) { + for _, h := range handlers { + app.runTxRecoveryMiddleware = newRecoveryMiddleware(h, app.runTxRecoveryMiddleware) +} +} + +// GetMaximumBlockGas gets the maximum gas from the consensus params. It panics +// if maximum block gas is less than negative one and returns zero if negative +// one. +func (app *BaseApp) + +GetMaximumBlockGas(ctx sdk.Context) + +uint64 { + cp := app.GetConsensusParams(ctx) + if cp.Block == nil { + return 0 +} + maxGas := cp.Block.MaxGas + switch { + case maxGas < -1: + panic(fmt.Sprintf("invalid maximum block gas: %d", maxGas)) + case maxGas == -1: + return 0 + + default: + return uint64(maxGas) +} +} + +func (app *BaseApp) + +validateFinalizeBlockHeight(req *abci.RequestFinalizeBlock) + +error { + if req.Height < 1 { + return fmt.Errorf("invalid height: %d", req.Height) +} + lastBlockHeight := app.LastBlockHeight() + + // expectedHeight holds the expected height to validate + var expectedHeight int64 + if lastBlockHeight == 0 && app.initialHeight > 1 { + // In this case, we're validating the first block of the chain, i.e no + // previous commit. The height we're expecting is the initial height. + expectedHeight = app.initialHeight +} + +else { + // This case can mean two things: + // + // - Either there was already a previous commit in the store, in which + // case we increment the version from there. + // - Or there was no previous commit, in which case we start at version 1. + expectedHeight = lastBlockHeight + 1 +} + if req.Height != expectedHeight { + return fmt.Errorf("invalid height: %d; expected: %d", req.Height, expectedHeight) +} + +return nil +} + +// validateBasicTxMsgs executes basic validator calls for messages. +func validateBasicTxMsgs(msgs []sdk.Msg) + +error { + if len(msgs) == 0 { + return errorsmod.Wrap(sdkerrors.ErrInvalidRequest, "must contain at least one message") +} + for _, msg := range msgs { + m, ok := msg.(sdk.HasValidateBasic) + if !ok { + continue +} + if err := m.ValidateBasic(); err != nil { + return err +} + +} + +return nil +} + +func (app *BaseApp) + +getState(mode execMode) *state { + switch mode { + case execModeFinalize: + return app.finalizeBlockState + case execModePrepareProposal: + return app.prepareProposalState + case execModeProcessProposal: + return app.processProposalState + + default: + return app.checkState +} +} + +func (app *BaseApp) + +getBlockGasMeter(ctx sdk.Context) + +storetypes.GasMeter { + if app.disableBlockGasMeter { + return noopGasMeter{ +} + +} + if maxGas := app.GetMaximumBlockGas(ctx); maxGas > 0 { + return storetypes.NewGasMeter(maxGas) +} + +return storetypes.NewInfiniteGasMeter() +} + +// retrieve the context for the tx w/ txBytes and other memoized values. +func (app *BaseApp) + +getContextForTx(mode execMode, txBytes []byte) + +sdk.Context { + app.mu.Lock() + +defer app.mu.Unlock() + modeState := app.getState(mode) + if modeState == nil { + panic(fmt.Sprintf("state is nil for mode %v", mode)) +} + ctx := modeState.Context(). + WithTxBytes(txBytes). + WithGasMeter(storetypes.NewInfiniteGasMeter()) + // WithVoteInfos(app.voteInfos) // TODO: identify if this is needed + + ctx = ctx.WithIsSigverifyTx(app.sigverifyTx) + +ctx = ctx.WithConsensusParams(app.GetConsensusParams(ctx)) + if mode == execModeReCheck { + ctx = ctx.WithIsReCheckTx(true) +} + if mode == execModeSimulate { + ctx, _ = ctx.CacheContext() + +ctx = ctx.WithExecMode(sdk.ExecMode(execModeSimulate)) +} + +return ctx +} + +// cacheTxContext returns a new context based off of the provided context with +// a branched multi-store. +func (app *BaseApp) + +cacheTxContext(ctx sdk.Context, txBytes []byte) (sdk.Context, storetypes.CacheMultiStore) { + ms := ctx.MultiStore() + msCache := ms.CacheMultiStore() + if msCache.TracingEnabled() { + msCache = msCache.SetTracingContext( + storetypes.TraceContext( + map[string]any{ + "txHash": fmt.Sprintf("%X", tmhash.Sum(txBytes)), +}, + ), + ).(storetypes.CacheMultiStore) +} + +return ctx.WithMultiStore(msCache), msCache +} + +func (app *BaseApp) + +preBlock(req *abci.RequestFinalizeBlock) ([]abci.Event, error) { + var events []abci.Event + if app.preBlocker != nil { + ctx := app.finalizeBlockState.Context().WithEventManager(sdk.NewEventManager()) + +rsp, err := app.preBlocker(ctx, req) + if err != nil { + return nil, err +} + // rsp.ConsensusParamsChanged is true from preBlocker means ConsensusParams in store get changed + // write the consensus parameters in store to context + if rsp.ConsensusParamsChanged { + ctx = ctx.WithConsensusParams(app.GetConsensusParams(ctx)) + // GasMeter must be set after we get a context with updated consensus params. + gasMeter := app.getBlockGasMeter(ctx) + +ctx = ctx.WithBlockGasMeter(gasMeter) + +app.finalizeBlockState.SetContext(ctx) +} + +events = ctx.EventManager().ABCIEvents() +} + +return events, nil +} + +func (app *BaseApp) + +beginBlock(_ *abci.RequestFinalizeBlock) (sdk.BeginBlock, error) { + var ( + resp sdk.BeginBlock + err error + ) + if app.beginBlocker != nil { + resp, err = app.beginBlocker(app.finalizeBlockState.Context()) + if err != nil { + return resp, err +} + + // append BeginBlock attributes to all events in the EndBlock response + for i, event := range resp.Events { + resp.Events[i].Attributes = append( + event.Attributes, + abci.EventAttribute{ + Key: "mode", + Value: "BeginBlock" +}, + ) +} + +resp.Events = sdk.MarkEventsToIndex(resp.Events, app.indexEvents) +} + +return resp, nil +} + +func (app *BaseApp) + +deliverTx(tx []byte) *abci.ExecTxResult { + gInfo := sdk.GasInfo{ +} + resultStr := "successful" + + var resp *abci.ExecTxResult + + defer func() { + telemetry.IncrCounter(1, "tx", "count") + +telemetry.IncrCounter(1, "tx", resultStr) + +telemetry.SetGauge(float32(gInfo.GasUsed), "tx", "gas", "used") + +telemetry.SetGauge(float32(gInfo.GasWanted), "tx", "gas", "wanted") +}() + +gInfo, result, anteEvents, err := app.runTx(execModeFinalize, tx, nil) + if err != nil { + resultStr = "failed" + resp = sdkerrors.ResponseExecTxResultWithEvents( + err, + gInfo.GasWanted, + gInfo.GasUsed, + sdk.MarkEventsToIndex(anteEvents, app.indexEvents), + app.trace, + ) + +return resp +} + +resp = &abci.ExecTxResult{ + GasWanted: int64(gInfo.GasWanted), + GasUsed: int64(gInfo.GasUsed), + Log: result.Log, + Data: result.Data, + Events: sdk.MarkEventsToIndex(result.Events, app.indexEvents), +} + +return resp +} + +// endBlock is an application-defined function that is called after transactions +// have been processed in FinalizeBlock. +func (app *BaseApp) + +endBlock(_ context.Context) (sdk.EndBlock, error) { + var endblock sdk.EndBlock + if app.endBlocker != nil { + eb, err := app.endBlocker(app.finalizeBlockState.Context()) + if err != nil { + return endblock, err +} + + // append EndBlock attributes to all events in the EndBlock response + for i, event := range eb.Events { + eb.Events[i].Attributes = append( + event.Attributes, + abci.EventAttribute{ + Key: "mode", + Value: "EndBlock" +}, + ) +} + +eb.Events = sdk.MarkEventsToIndex(eb.Events, app.indexEvents) + +endblock = eb +} + +return endblock, nil +} + +// runTx processes a transaction within a given execution mode, encoded transaction +// bytes, and the decoded transaction itself. All state transitions occur through +// a cached Context depending on the mode provided. State only gets persisted +// if all messages get executed successfully and the execution mode is DeliverTx. +// Note, gas execution info is always returned. A reference to a Result is +// returned if the tx does not run out of gas and if all the messages are valid +// and execute successfully. An error is returned otherwise. +// both txbytes and the decoded tx are passed to runTx to avoid the state machine encoding the tx and decoding the transaction twice +// passing the decoded tx to runTX is optional, it will be decoded if the tx is nil +func (app *BaseApp) + +runTx(mode execMode, txBytes []byte, tx sdk.Tx) (gInfo sdk.GasInfo, result *sdk.Result, anteEvents []abci.Event, err error) { + // NOTE: GasWanted should be returned by the AnteHandler. GasUsed is + // determined by the GasMeter. We need access to the context to get the gas + // meter, so we initialize upfront. + var gasWanted uint64 + ctx := app.getContextForTx(mode, txBytes) + ms := ctx.MultiStore() + + // only run the tx if there is block gas remaining + if mode == execModeFinalize && ctx.BlockGasMeter().IsOutOfGas() { + return gInfo, nil, nil, errorsmod.Wrap(sdkerrors.ErrOutOfGas, "no block gas left to run tx") +} + +defer func() { + if r := recover(); r != nil { + recoveryMW := newOutOfGasRecoveryMiddleware(gasWanted, ctx, app.runTxRecoveryMiddleware) + +err, result = processRecovery(r, recoveryMW), nil + ctx.Logger().Error("panic recovered in runTx", "err", err) +} + +gInfo = sdk.GasInfo{ + GasWanted: gasWanted, + GasUsed: ctx.GasMeter().GasConsumed() +} + +}() + blockGasConsumed := false + + // consumeBlockGas makes sure block gas is consumed at most once. It must + // happen after tx processing, and must be executed even if tx processing + // fails. Hence, it's execution is deferred. + consumeBlockGas := func() { + if !blockGasConsumed { + blockGasConsumed = true + ctx.BlockGasMeter().ConsumeGas( + ctx.GasMeter().GasConsumedToLimit(), "block gas meter", + ) +} + +} + + // If BlockGasMeter() + +panics it will be caught by the above recover and will + // return an error - in any case BlockGasMeter will consume gas past the limit. + // + // NOTE: consumeBlockGas must exist in a separate defer function from the + // general deferred recovery function to recover from consumeBlockGas as it'll + // be executed first (deferred statements are executed as stack). + if mode == execModeFinalize { + defer consumeBlockGas() +} + + // if the transaction is not decoded, decode it here + if tx == nil { + tx, err = app.txDecoder(txBytes) + if err != nil { + return sdk.GasInfo{ + GasUsed: 0, + GasWanted: 0 +}, nil, nil, sdkerrors.ErrTxDecode.Wrap(err.Error()) +} + +} + msgs := tx.GetMsgs() + if err := validateBasicTxMsgs(msgs); err != nil { + return sdk.GasInfo{ +}, nil, nil, err +} + for _, msg := range msgs { + handler := app.msgServiceRouter.Handler(msg) + if handler == nil { + return sdk.GasInfo{ +}, nil, nil, errorsmod.Wrapf(sdkerrors.ErrUnknownRequest, "no message handler found for %T", msg) +} + +} + if app.anteHandler != nil { + var ( + anteCtx sdk.Context + msCache storetypes.CacheMultiStore + ) + + // Branch context before AnteHandler call in case it aborts. + // This is required for both CheckTx and DeliverTx. + // Ref: https://github.com/cosmos/cosmos-sdk/issues/2772 + // + // NOTE: Alternatively, we could require that AnteHandler ensures that + // writes do not happen if aborted/failed. This may have some + // performance benefits, but it'll be more difficult to get right. + anteCtx, msCache = app.cacheTxContext(ctx, txBytes) + +anteCtx = anteCtx.WithEventManager(sdk.NewEventManager()) + +newCtx, err := app.anteHandler(anteCtx, tx, mode == execModeSimulate) + if !newCtx.IsZero() { + // At this point, newCtx.MultiStore() + +is a store branch, or something else + // replaced by the AnteHandler. We want the original multistore. + // + // Also, in the case of the tx aborting, we need to track gas consumed via + // the instantiated gas meter in the AnteHandler, so we update the context + // prior to returning. + ctx = newCtx.WithMultiStore(ms) +} + events := ctx.EventManager().Events() + + // GasMeter expected to be set in AnteHandler + gasWanted = ctx.GasMeter().Limit() + if err != nil { + if mode == execModeReCheck { + // if the ante handler fails on recheck, we want to remove the tx from the mempool + if mempoolErr := app.mempool.Remove(tx); mempoolErr != nil { + return gInfo, nil, anteEvents, errors.Join(err, mempoolErr) +} + +} + +return gInfo, nil, nil, err +} + +msCache.Write() + +anteEvents = events.ToABCIEvents() +} + switch mode { + case execModeCheck: + err = app.mempool.Insert(ctx, tx) + if err != nil { + return gInfo, nil, anteEvents, err +} + case execModeFinalize: + err = app.mempool.Remove(tx) + if err != nil && !errors.Is(err, mempool.ErrTxNotFound) { + return gInfo, nil, anteEvents, + fmt.Errorf("failed to remove tx from mempool: %w", err) +} + +} + + // Create a new Context based off of the existing Context with a MultiStore branch + // in case message processing fails. At this point, the MultiStore + // is a branch of a branch. + runMsgCtx, msCache := app.cacheTxContext(ctx, txBytes) + + // Attempt to execute all messages and only update state if all messages pass + // and we're in DeliverTx. Note, runMsgs will never return a reference to a + // Result if any single message fails or does not have a registered Handler. + msgsV2, err := tx.GetMsgsV2() + if err == nil { + result, err = app.runMsgs(runMsgCtx, msgs, msgsV2, mode) +} + + // Run optional postHandlers (should run regardless of the execution result). + // + // Note: If the postHandler fails, we also revert the runMsgs state. + if app.postHandler != nil { + // The runMsgCtx context currently contains events emitted by the ante handler. + // We clear this to correctly order events without duplicates. + // Note that the state is still preserved. + postCtx := runMsgCtx.WithEventManager(sdk.NewEventManager()) + +newCtx, errPostHandler := app.postHandler(postCtx, tx, mode == execModeSimulate, err == nil) + if errPostHandler != nil { + if err == nil { + // when the msg was handled successfully, return the post handler error only + return gInfo, nil, anteEvents, errPostHandler +} + // otherwise append to the msg error so that we keep the original error code for better user experience + return gInfo, nil, anteEvents, errorsmod.Wrapf(err, "postHandler: %s", errPostHandler) +} + + // we don't want runTx to panic if runMsgs has failed earlier + if result == nil { + result = &sdk.Result{ +} + +} + +result.Events = append(result.Events, newCtx.EventManager().ABCIEvents()...) +} + if err == nil { + if mode == execModeFinalize { + // When block gas exceeds, it'll panic and won't commit the cached store. + consumeBlockGas() + +msCache.Write() +} + if len(anteEvents) > 0 && (mode == execModeFinalize || mode == execModeSimulate) { + // append the events in the order of occurrence + result.Events = append(anteEvents, result.Events...) +} + +} + +return gInfo, result, anteEvents, err +} + +// runMsgs iterates through a list of messages and executes them with the provided +// Context and execution mode. Messages will only be executed during simulation +// and DeliverTx. An error is returned if any single message fails or if a +// Handler does not exist for a given message route. Otherwise, a reference to a +// Result is returned. The caller must not commit state if an error is returned. +func (app *BaseApp) + +runMsgs(ctx sdk.Context, msgs []sdk.Msg, msgsV2 []protov2.Message, mode execMode) (*sdk.Result, error) { + events := sdk.EmptyEvents() + +var msgResponses []*codectypes.Any + + // NOTE: GasWanted is determined by the AnteHandler and GasUsed by the GasMeter. + for i, msg := range msgs { + if mode != execModeFinalize && mode != execModeSimulate { + break +} + handler := app.msgServiceRouter.Handler(msg) + if handler == nil { + return nil, errorsmod.Wrapf(sdkerrors.ErrUnknownRequest, "no message handler found for %T", msg) +} + + // ADR 031 request type routing + msgResult, err := handler(ctx, msg) + if err != nil { + return nil, errorsmod.Wrapf(err, "failed to execute message; message index: %d", i) +} + + // create message events + msgEvents, err := createEvents(app.cdc, msgResult.GetEvents(), msg, msgsV2[i]) + if err != nil { + return nil, errorsmod.Wrapf(err, "failed to create message events; message index: %d", i) +} + + // append message events and data + // + // Note: Each message result's data must be length-prefixed in order to + // separate each result. + for j, event := range msgEvents { + // append message index to all events + msgEvents[j] = event.AppendAttributes(sdk.NewAttribute("msg_index", strconv.Itoa(i))) +} + +events = events.AppendEvents(msgEvents) + + // Each individual sdk.Result that went through the MsgServiceRouter + // (which should represent 99% of the Msgs now, since everyone should + // be using protobuf Msgs) + +has exactly one Msg response, set inside + // `WrapServiceResult`. We take that Msg response, and aggregate it + // into an array. + if len(msgResult.MsgResponses) > 0 { + msgResponse := msgResult.MsgResponses[0] + if msgResponse == nil { + return nil, sdkerrors.ErrLogic.Wrapf("got nil Msg response at index %d for msg %s", i, sdk.MsgTypeURL(msg)) +} + +msgResponses = append(msgResponses, msgResponse) +} + + +} + +data, err := makeABCIData(msgResponses) + if err != nil { + return nil, errorsmod.Wrap(err, "failed to marshal tx data") +} + +return &sdk.Result{ + Data: data, + Events: events.ToABCIEvents(), + MsgResponses: msgResponses, +}, nil +} + +// makeABCIData generates the Data field to be sent to ABCI Check/DeliverTx. +func makeABCIData(msgResponses []*codectypes.Any) ([]byte, error) { + return proto.Marshal(&sdk.TxMsgData{ + MsgResponses: msgResponses +}) +} + +func createEvents(cdc codec.Codec, events sdk.Events, msg sdk.Msg, msgV2 protov2.Message) (sdk.Events, error) { + eventMsgName := sdk.MsgTypeURL(msg) + msgEvent := sdk.NewEvent(sdk.EventTypeMessage, sdk.NewAttribute(sdk.AttributeKeyAction, eventMsgName)) + + // we set the signer attribute as the sender + signers, err := cdc.GetMsgV2Signers(msgV2) + if err != nil { + return nil, err +} + if len(signers) > 0 && signers[0] != nil { + addrStr, err := cdc.InterfaceRegistry().SigningContext().AddressCodec().BytesToString(signers[0]) + if err != nil { + return nil, err +} + +msgEvent = msgEvent.AppendAttributes(sdk.NewAttribute(sdk.AttributeKeySender, addrStr)) +} + + // verify that events have no module attribute set + if _, found := events.GetAttributes(sdk.AttributeKeyModule); !found { + if moduleName := sdk.GetModuleNameFromTypeURL(eventMsgName); moduleName != "" { + msgEvent = msgEvent.AppendAttributes(sdk.NewAttribute(sdk.AttributeKeyModule, moduleName)) +} + +} + +return sdk.Events{ + msgEvent +}.AppendEvents(events), nil +} + +// PrepareProposalVerifyTx performs transaction verification when a proposer is +// creating a block proposal during PrepareProposal. Any state committed to the +// PrepareProposal state internally will be discarded. will be +// returned if the transaction cannot be encoded. will be returned if +// the transaction is valid, otherwise will be returned. +func (app *BaseApp) + +PrepareProposalVerifyTx(tx sdk.Tx) ([]byte, error) { + bz, err := app.txEncoder(tx) + if err != nil { + return nil, err +} + + _, _, _, err = app.runTx(execModePrepareProposal, bz, tx) + if err != nil { + return nil, err +} + +return bz, nil +} + +// ProcessProposalVerifyTx performs transaction verification when receiving a +// block proposal during ProcessProposal. Any state committed to the +// ProcessProposal state internally will be discarded. will be +// returned if the transaction cannot be decoded. will be returned if +// the transaction is valid, otherwise will be returned. +func (app *BaseApp) + +ProcessProposalVerifyTx(txBz []byte) (sdk.Tx, error) { + tx, err := app.txDecoder(txBz) + if err != nil { + return nil, err +} + + _, _, _, err = app.runTx(execModeProcessProposal, txBz, tx) + if err != nil { + return nil, err +} + +return tx, nil +} + +func (app *BaseApp) + +TxDecode(txBytes []byte) (sdk.Tx, error) { + return app.txDecoder(txBytes) +} + +func (app *BaseApp) + +TxEncode(tx sdk.Tx) ([]byte, error) { + return app.txEncoder(tx) +} + +func (app *BaseApp) + +StreamingManager() + +storetypes.StreamingManager { + return app.streamingManager +} + +// Close is called in start cmd to gracefully cleanup resources. +func (app *BaseApp) + +Close() + +error { + var errs []error + + // Close app.db (opened by cosmos-sdk/server/start.go call to openDB) + if app.db != nil { + app.logger.Info("Closing application.db") + if err := app.db.Close(); err != nil { + errs = append(errs, err) +} + +} + + // Close app.snapshotManager + // - opened when app chains use cosmos-sdk/server/util.go/DefaultBaseappOptions (boilerplate) + // - which calls cosmos-sdk/server/util.go/GetSnapshotStore + // - which is passed to baseapp/options.go/SetSnapshot + // - to set app.snapshotManager = snapshots.NewManager + if app.snapshotManager != nil { + app.logger.Info("Closing snapshots/metadata.db") + if err := app.snapshotManager.Close(); err != nil { + errs = append(errs, err) +} + +} + +return errors.Join(errs...) +} + +// GetBaseApp returns the pointer to itself. +func (app *BaseApp) + +GetBaseApp() *BaseApp { + return app +} +``` + +This allows `RunTx` not to commit the changes made to the state during the execution of `anteHandler` if it ends up failing. It also prevents the module implementing the `anteHandler` from writing to state, which is an important part of the [object-capabilities](/docs/sdk/vnext/learn/advanced/ocap) of the Cosmos SDK. + +Finally, the [`RunMsgs()`](#runmsgs) function is called to process the `sdk.Msg`s in the `Tx`. In preparation of this step, just like with the `anteHandler`, both the `checkState`/`finalizeBlockState`'s `context` and `context`'s `CacheMultiStore` are branched using the `cacheTxContext()` function. + +### AnteHandler + +The `AnteHandler` is a special handler that implements the `AnteHandler` interface and is used to authenticate the transaction before the transaction's internal messages are processed. + +```go expandable +package types + +// AnteHandler authenticates transactions, before their internal messages are handled. +// If newCtx.IsZero(), ctx is used instead. +type AnteHandler func(ctx Context, tx Tx, simulate bool) (newCtx Context, err error) + +// PostHandler like AnteHandler but it executes after RunMsgs. Runs on success +// or failure and enables use cases like gas refunding. +type PostHandler func(ctx Context, tx Tx, simulate, success bool) (newCtx Context, err error) + +// AnteDecorator wraps the next AnteHandler to perform custom pre-processing. +type AnteDecorator interface { + AnteHandle(ctx Context, tx Tx, simulate bool, next AnteHandler) (newCtx Context, err error) +} + +// PostDecorator wraps the next PostHandler to perform custom post-processing. +type PostDecorator interface { + PostHandle(ctx Context, tx Tx, simulate, success bool, next PostHandler) (newCtx Context, err error) +} + +// ChainAnteDecorators ChainDecorator chains AnteDecorators together with each AnteDecorator +// wrapping over the decorators further along chain and returns a single AnteHandler. +// +// NOTE: The first element is outermost decorator, while the last element is innermost +// decorator. Decorator ordering is critical since some decorators will expect +// certain checks and updates to be performed (e.g. the Context) + +before the decorator +// is run. These expectations should be documented clearly in a CONTRACT docline +// in the decorator's godoc. +// +// NOTE: Any application that uses GasMeter to limit transaction processing cost +// MUST set GasMeter with the FIRST AnteDecorator. Failing to do so will cause +// transactions to be processed with an infinite gasmeter and open a DOS attack vector. +// Use `ante.SetUpContextDecorator` or a custom Decorator with similar functionality. +// Returns nil when no AnteDecorator are supplied. +func ChainAnteDecorators(chain ...AnteDecorator) + +AnteHandler { + if len(chain) == 0 { + return nil +} + handlerChain := make([]AnteHandler, len(chain)+1) + // set the terminal AnteHandler decorator + handlerChain[len(chain)] = func(ctx Context, tx Tx, simulate bool) (Context, error) { + return ctx, nil +} + for i := range chain { + ii := i + handlerChain[ii] = func(ctx Context, tx Tx, simulate bool) (Context, error) { + return chain[ii].AnteHandle(ctx, tx, simulate, handlerChain[ii+1]) +} + +} + +return handlerChain[0] +} + +// ChainPostDecorators chains PostDecorators together with each PostDecorator +// wrapping over the decorators further along chain and returns a single PostHandler. +// +// NOTE: The first element is outermost decorator, while the last element is innermost +// decorator. Decorator ordering is critical since some decorators will expect +// certain checks and updates to be performed (e.g. the Context) + +before the decorator +// is run. These expectations should be documented clearly in a CONTRACT docline +// in the decorator's godoc. +func ChainPostDecorators(chain ...PostDecorator) + +PostHandler { + if len(chain) == 0 { + return nil +} + handlerChain := make([]PostHandler, len(chain)+1) + // set the terminal PostHandler decorator + handlerChain[len(chain)] = func(ctx Context, tx Tx, simulate, success bool) (Context, error) { + return ctx, nil +} + for i := range chain { + ii := i + handlerChain[ii] = func(ctx Context, tx Tx, simulate, success bool) (Context, error) { + return chain[ii].PostHandle(ctx, tx, simulate, success, handlerChain[ii+1]) +} + +} + +return handlerChain[0] +} + +// Terminator AnteDecorator will get added to the chain to simplify decorator code +// Don't need to check if next == nil further up the chain +// +// ______ +// <((((((\\\ +// / . +}\ +// ;--..--._| +} +// (\ '--/\--' ) +// \\ | '-' :'| +// \\ . -==- .-| +// \\ \.__.' \--._ +// [\\ __.--| // _/'--. +// \ \\ .'-._ ('-----'/ __/ \ +// \ \\ / __>| | '--. | +// \ \\ | \ | / / / +// \ '\ / \ | | _/ / +// \ \ \ | | / / +// snd \ \ \ / +// +// Deprecated: Terminator is retired (ref https://github.com/cosmos/cosmos-sdk/pull/16076). +type Terminator struct{ +} + +// AnteHandle returns the provided Context and nil error +func (t Terminator) + +AnteHandle(ctx Context, _ Tx, _ bool, _ AnteHandler) (Context, error) { + return ctx, nil +} + +// PostHandle returns the provided Context and nil error +func (t Terminator) + +PostHandle(ctx Context, _ Tx, _, _ bool, _ PostHandler) (Context, error) { + return ctx, nil +} +``` + +The `AnteHandler` is theoretically optional, but still a very important component of public blockchain networks. It serves 3 primary purposes: + +* Be a primary line of defense against spam and second line of defense (the first one being the mempool) against transaction replay with fees deduction and [`sequence`](/docs/sdk/vnext/learn/advanced/transactions#transaction-generation) checking. +* Perform preliminary *stateful* validity checks like ensuring signatures are valid or that the sender has enough funds to pay for fees. +* Play a role in the incentivization of stakeholders via the collection of transaction fees. + +`BaseApp` holds an `anteHandler` as parameter that is initialized in the [application's constructor](/docs/sdk/vnext/learn/beginner/app-anatomy#application-constructor). The most widely used `anteHandler` is the [`auth` module](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/ante/ante.go). + +Click [here](/docs/sdk/vnext/learn/beginner/gas-fees#antehandler) for more on the `anteHandler`. + +### RunMsgs + +`RunMsgs` is called from `RunTx` with `runTxModeCheck` as parameter to check the existence of a route for each message the transaction, and with `execModeFinalize` to actually process the `sdk.Msg`s. + +First, it retrieves the `sdk.Msg`'s fully-qualified type name, by checking the `type_url` of the Protobuf `Any` representing the `sdk.Msg`. Then, using the application's [`msgServiceRouter`](#msg-service-router), it checks for the existence of `Msg` service method related to that `type_url`. At this point, if `mode == runTxModeCheck`, `RunMsgs` returns. Otherwise, if `mode == execModeFinalize`, the [`Msg` service](/docs/sdk/vnext/build/building-modules/msg-services) RPC is executed, before `RunMsgs` returns. + +### PostHandler + +`PostHandler` is similar to `AnteHandler`, but it, as the name suggests, executes custom post tx processing logic after [`RunMsgs`](#runmsgs) is called. `PostHandler` receives the `Result` of the `RunMsgs` in order to enable this customizable behavior. + +Like `AnteHandler`s, `PostHandler`s are theoretically optional. + +Other use cases like unused gas refund can also be enabled by `PostHandler`s. + +```go expandable +package posthandler + +import ( + + sdk "github.com/cosmos/cosmos-sdk/types" +) + +// HandlerOptions are the options required for constructing a default SDK PostHandler. +type HandlerOptions struct{ +} + +// NewPostHandler returns an empty PostHandler chain. +func NewPostHandler(_ HandlerOptions) (sdk.PostHandler, error) { + postDecorators := []sdk.PostDecorator{ +} + +return sdk.ChainPostDecorators(postDecorators...), nil +} +``` + +Note, when `PostHandler`s fail, the state from `runMsgs` is also reverted, effectively making the transaction fail. + +## Other ABCI Messages + +### InitChain + +The [`InitChain` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#method-overview) is sent from the underlying CometBFT engine when the chain is first started. It is mainly used to **initialize** parameters and state like: + +* [Consensus Parameters](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_app_requirements.md#consensus-parameters) via `setConsensusParams`. +* [`checkState` and `finalizeBlockState`](#state-updates) via `setState`. +* The [block gas meter](/docs/sdk/vnext/learn/beginner/gas-fees#block-gas-meter), with infinite gas to process genesis transactions. + +Finally, the `InitChain(req abci.InitChainRequest)` method of `BaseApp` calls the [`initChainer()`](/docs/sdk/vnext/learn/beginner/app-anatomy#initchainer) of the application in order to initialize the main state of the application from the `genesis file` and, if defined, call the [`InitGenesis`](/docs/sdk/vnext/build/building-modules/genesis#initgenesis) function of each of the application's modules. + +### FinalizeBlock + +The [`FinalizeBlock` ABCI message](https://github.com/cometbft/cometbft/blob/v0.38.x/spec/abci/abci++_basic_concepts.md#method-overview) is sent from the underlying CometBFT engine when a block proposal created by the correct proposer is received. The previous `BeginBlock, DeliverTx and Endblock` calls are private methods on the BaseApp struct. + +```go expandable +package baseapp + +import ( + + "context" + "fmt" + "sort" + "strings" + "time" + "github.com/cockroachdb/errors" + abci "github.com/cometbft/cometbft/abci/types" + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + "github.com/cosmos/gogoproto/proto" + "google.golang.org/grpc/codes" + grpcstatus "google.golang.org/grpc/status" + + coreheader "cosmossdk.io/core/header" + errorsmod "cosmossdk.io/errors" + "cosmossdk.io/store/rootmulti" + snapshottypes "cosmossdk.io/store/snapshots/types" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/telemetry" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" +) + +// Supported ABCI Query prefixes and paths +const ( + QueryPathApp = "app" + QueryPathCustom = "custom" + QueryPathP2P = "p2p" + QueryPathStore = "store" + + QueryPathBroadcastTx = "/cosmos.tx.v1beta1.Service/BroadcastTx" +) + +func (app *BaseApp) + +InitChain(req *abci.RequestInitChain) (*abci.ResponseInitChain, error) { + if req.ChainId != app.chainID { + return nil, fmt.Errorf("invalid chain-id on InitChain; expected: %s, got: %s", app.chainID, req.ChainId) +} + + // On a new chain, we consider the init chain block height as 0, even though + // req.InitialHeight is 1 by default. + initHeader := cmtproto.Header{ + ChainID: req.ChainId, + Time: req.Time +} + +app.logger.Info("InitChain", "initialHeight", req.InitialHeight, "chainID", req.ChainId) + + // Set the initial height, which will be used to determine if we are proposing + // or processing the first block or not. + app.initialHeight = req.InitialHeight + if app.initialHeight == 0 { // If initial height is 0, set it to 1 + app.initialHeight = 1 +} + + // if req.InitialHeight is > 1, then we set the initial version on all stores + if req.InitialHeight > 1 { + initHeader.Height = req.InitialHeight + if err := app.cms.SetInitialVersion(req.InitialHeight); err != nil { + return nil, err +} + +} + + // initialize states with a correct header + app.setState(execModeFinalize, initHeader) + +app.setState(execModeCheck, initHeader) + + // Store the consensus params in the BaseApp's param store. Note, this must be + // done after the finalizeBlockState and context have been set as it's persisted + // to state. + if req.ConsensusParams != nil { + err := app.StoreConsensusParams(app.finalizeBlockState.Context(), *req.ConsensusParams) + if err != nil { + return nil, err +} + +} + +defer func() { + // InitChain represents the state of the application BEFORE the first block, + // i.e. the genesis block. This means that when processing the app's InitChain + // handler, the block height is zero by default. However, after Commit is called + // the height needs to reflect the true block height. + initHeader.Height = req.InitialHeight + app.checkState.SetContext(app.checkState.Context().WithBlockHeader(initHeader). + WithHeaderInfo(coreheader.Info{ + ChainID: req.ChainId, + Height: req.InitialHeight, + Time: req.Time, +})) + +app.finalizeBlockState.SetContext(app.finalizeBlockState.Context().WithBlockHeader(initHeader). + WithHeaderInfo(coreheader.Info{ + ChainID: req.ChainId, + Height: req.InitialHeight, + Time: req.Time, +})) +}() + if app.initChainer == nil { + return &abci.ResponseInitChain{ +}, nil +} + + // add block gas meter for any genesis transactions (allow infinite gas) + +app.finalizeBlockState.SetContext(app.finalizeBlockState.Context().WithBlockGasMeter(storetypes.NewInfiniteGasMeter())) + +res, err := app.initChainer(app.finalizeBlockState.Context(), req) + if err != nil { + return nil, err +} + if len(req.Validators) > 0 { + if len(req.Validators) != len(res.Validators) { + return nil, fmt.Errorf( + "len(RequestInitChain.Validators) != len(GenesisValidators) (%d != %d)", + len(req.Validators), len(res.Validators), + ) +} + +sort.Sort(abci.ValidatorUpdates(req.Validators)) + +sort.Sort(abci.ValidatorUpdates(res.Validators)) + for i := range res.Validators { + if !proto.Equal(&res.Validators[i], &req.Validators[i]) { + return nil, fmt.Errorf("genesisValidators[%d] != req.Validators[%d] ", i, i) +} + +} + +} + + // NOTE: We don't commit, but FinalizeBlock for block InitialHeight starts from + // this FinalizeBlockState. + return &abci.ResponseInitChain{ + ConsensusParams: res.ConsensusParams, + Validators: res.Validators, + AppHash: app.LastCommitID().Hash, +}, nil +} + +func (app *BaseApp) + +Info(_ *abci.RequestInfo) (*abci.ResponseInfo, error) { + lastCommitID := app.cms.LastCommitID() + +return &abci.ResponseInfo{ + Data: app.name, + Version: app.version, + AppVersion: app.appVersion, + LastBlockHeight: lastCommitID.Version, + LastBlockAppHash: lastCommitID.Hash, +}, nil +} + +// Query implements the ABCI interface. It delegates to CommitMultiStore if it +// implements Queryable. +func (app *BaseApp) + +Query(_ context.Context, req *abci.RequestQuery) (resp *abci.ResponseQuery, err error) { + // add panic recovery for all queries + // + // Ref: https://github.com/cosmos/cosmos-sdk/pull/8039 + defer func() { + if r := recover(); r != nil { + resp = sdkerrors.QueryResult(errorsmod.Wrapf(sdkerrors.ErrPanic, "%v", r), app.trace) +} + +}() + + // when a client did not provide a query height, manually inject the latest + if req.Height == 0 { + req.Height = app.LastBlockHeight() +} + +telemetry.IncrCounter(1, "query", "count") + +telemetry.IncrCounter(1, "query", req.Path) + +defer telemetry.MeasureSince(telemetry.Now(), req.Path) + if req.Path == QueryPathBroadcastTx { + return sdkerrors.QueryResult(errorsmod.Wrap(sdkerrors.ErrInvalidRequest, "can't route a broadcast tx message"), app.trace), nil +} + + // handle gRPC routes first rather than calling splitPath because '/' characters + // are used as part of gRPC paths + if grpcHandler := app.grpcQueryRouter.Route(req.Path); grpcHandler != nil { + return app.handleQueryGRPC(grpcHandler, req), nil +} + path := SplitABCIQueryPath(req.Path) + if len(path) == 0 { + return sdkerrors.QueryResult(errorsmod.Wrap(sdkerrors.ErrUnknownRequest, "no query path provided"), app.trace), nil +} + switch path[0] { + case QueryPathApp: + // "/app" prefix for special application queries + resp = handleQueryApp(app, path, req) + case QueryPathStore: + resp = handleQueryStore(app, path, *req) + case QueryPathP2P: + resp = handleQueryP2P(app, path) + +default: + resp = sdkerrors.QueryResult(errorsmod.Wrap(sdkerrors.ErrUnknownRequest, "unknown query path"), app.trace) +} + +return resp, nil +} + +// ListSnapshots implements the ABCI interface. It delegates to app.snapshotManager if set. +func (app *BaseApp) + +ListSnapshots(req *abci.RequestListSnapshots) (*abci.ResponseListSnapshots, error) { + resp := &abci.ResponseListSnapshots{ + Snapshots: []*abci.Snapshot{ +}} + if app.snapshotManager == nil { + return resp, nil +} + +snapshots, err := app.snapshotManager.List() + if err != nil { + app.logger.Error("failed to list snapshots", "err", err) + +return nil, err +} + for _, snapshot := range snapshots { + abciSnapshot, err := snapshot.ToABCI() + if err != nil { + app.logger.Error("failed to convert ABCI snapshots", "err", err) + +return nil, err +} + +resp.Snapshots = append(resp.Snapshots, &abciSnapshot) +} + +return resp, nil +} + +// LoadSnapshotChunk implements the ABCI interface. It delegates to app.snapshotManager if set. +func (app *BaseApp) + +LoadSnapshotChunk(req *abci.RequestLoadSnapshotChunk) (*abci.ResponseLoadSnapshotChunk, error) { + if app.snapshotManager == nil { + return &abci.ResponseLoadSnapshotChunk{ +}, nil +} + +chunk, err := app.snapshotManager.LoadChunk(req.Height, req.Format, req.Chunk) + if err != nil { + app.logger.Error( + "failed to load snapshot chunk", + "height", req.Height, + "format", req.Format, + "chunk", req.Chunk, + "err", err, + ) + +return nil, err +} + +return &abci.ResponseLoadSnapshotChunk{ + Chunk: chunk +}, nil +} + +// OfferSnapshot implements the ABCI interface. It delegates to app.snapshotManager if set. +func (app *BaseApp) + +OfferSnapshot(req *abci.RequestOfferSnapshot) (*abci.ResponseOfferSnapshot, error) { + if app.snapshotManager == nil { + app.logger.Error("snapshot manager not configured") + +return &abci.ResponseOfferSnapshot{ + Result: abci.ResponseOfferSnapshot_ABORT +}, nil +} + if req.Snapshot == nil { + app.logger.Error("received nil snapshot") + +return &abci.ResponseOfferSnapshot{ + Result: abci.ResponseOfferSnapshot_REJECT +}, nil +} + +snapshot, err := snapshottypes.SnapshotFromABCI(req.Snapshot) + if err != nil { + app.logger.Error("failed to decode snapshot metadata", "err", err) + +return &abci.ResponseOfferSnapshot{ + Result: abci.ResponseOfferSnapshot_REJECT +}, nil +} + +err = app.snapshotManager.Restore(snapshot) + switch { + case err == nil: + return &abci.ResponseOfferSnapshot{ + Result: abci.ResponseOfferSnapshot_ACCEPT +}, nil + case errors.Is(err, snapshottypes.ErrUnknownFormat): + return &abci.ResponseOfferSnapshot{ + Result: abci.ResponseOfferSnapshot_REJECT_FORMAT +}, nil + case errors.Is(err, snapshottypes.ErrInvalidMetadata): + app.logger.Error( + "rejecting invalid snapshot", + "height", req.Snapshot.Height, + "format", req.Snapshot.Format, + "err", err, + ) + +return &abci.ResponseOfferSnapshot{ + Result: abci.ResponseOfferSnapshot_REJECT +}, nil + + default: + // CometBFT errors are defined here: https://github.com/cometbft/cometbft/blob/main/statesync/syncer.go + // It may happen that in case of a CometBFT error, such as a timeout (which occurs after two minutes), + // the process is aborted. This is done intentionally because deleting the database programmatically + // can lead to more complicated situations. + app.logger.Error( + "failed to restore snapshot", + "height", req.Snapshot.Height, + "format", req.Snapshot.Format, + "err", err, + ) + + // We currently don't support resetting the IAVL stores and retrying a + // different snapshot, so we ask CometBFT to abort all snapshot restoration. + return &abci.ResponseOfferSnapshot{ + Result: abci.ResponseOfferSnapshot_ABORT +}, nil +} +} + +// ApplySnapshotChunk implements the ABCI interface. It delegates to app.snapshotManager if set. +func (app *BaseApp) + +ApplySnapshotChunk(req *abci.RequestApplySnapshotChunk) (*abci.ResponseApplySnapshotChunk, error) { + if app.snapshotManager == nil { + app.logger.Error("snapshot manager not configured") + +return &abci.ResponseApplySnapshotChunk{ + Result: abci.ResponseApplySnapshotChunk_ABORT +}, nil +} + + _, err := app.snapshotManager.RestoreChunk(req.Chunk) + switch { + case err == nil: + return &abci.ResponseApplySnapshotChunk{ + Result: abci.ResponseApplySnapshotChunk_ACCEPT +}, nil + case errors.Is(err, snapshottypes.ErrChunkHashMismatch): + app.logger.Error( + "chunk checksum mismatch; rejecting sender and requesting refetch", + "chunk", req.Index, + "sender", req.Sender, + "err", err, + ) + +return &abci.ResponseApplySnapshotChunk{ + Result: abci.ResponseApplySnapshotChunk_RETRY, + RefetchChunks: []uint32{ + req.Index +}, + RejectSenders: []string{ + req.Sender +}, +}, nil + + default: + app.logger.Error("failed to restore snapshot", "err", err) + +return &abci.ResponseApplySnapshotChunk{ + Result: abci.ResponseApplySnapshotChunk_ABORT +}, nil +} +} + +// CheckTx implements the ABCI interface and executes a tx in CheckTx mode. In +// CheckTx mode, messages are not executed. This means messages are only validated +// and only the AnteHandler is executed. State is persisted to the BaseApp's +// internal CheckTx state if the AnteHandler passes. Otherwise, the ResponseCheckTx +// will contain relevant error information. Regardless of tx execution outcome, +// the ResponseCheckTx will contain relevant gas execution context. +func (app *BaseApp) + +CheckTx(req *abci.RequestCheckTx) (*abci.ResponseCheckTx, error) { + var mode execMode + switch req.Type { + case abci.CheckTxType_New: + mode = execModeCheck + case abci.CheckTxType_Recheck: + mode = execModeReCheck + + default: + return nil, fmt.Errorf("unknown RequestCheckTx type: %s", req.Type) +} + if app.checkTxHandler == nil { + gInfo, result, anteEvents, err := app.runTx(mode, req.Tx, nil) + if err != nil { + return sdkerrors.ResponseCheckTxWithEvents(err, gInfo.GasWanted, gInfo.GasUsed, anteEvents, app.trace), nil +} + +return &abci.ResponseCheckTx{ + GasWanted: int64(gInfo.GasWanted), // TODO: Should type accept unsigned ints? + GasUsed: int64(gInfo.GasUsed), // TODO: Should type accept unsigned ints? + Log: result.Log, + Data: result.Data, + Events: sdk.MarkEventsToIndex(result.Events, app.indexEvents), +}, nil +} + + // Create wrapper to avoid users overriding the execution mode + runTx := func(txBytes []byte, tx sdk.Tx) (gInfo sdk.GasInfo, result *sdk.Result, anteEvents []abci.Event, err error) { + return app.runTx(mode, txBytes, tx) +} + +return app.checkTxHandler(runTx, req) +} + +// PrepareProposal implements the PrepareProposal ABCI method and returns a +// ResponsePrepareProposal object to the client. The PrepareProposal method is +// responsible for allowing the block proposer to perform application-dependent +// work in a block before proposing it. +// +// Transactions can be modified, removed, or added by the application. Since the +// application maintains its own local mempool, it will ignore the transactions +// provided to it in RequestPrepareProposal. Instead, it will determine which +// transactions to return based on the mempool's semantics and the MaxTxBytes +// provided by the client's request. +// +// Ref: https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-060-abci-1.0.md +// Ref: https://github.com/cometbft/cometbft/blob/main/spec/abci/abci%2B%2B_basic_concepts.md +func (app *BaseApp) + +PrepareProposal(req *abci.RequestPrepareProposal) (resp *abci.ResponsePrepareProposal, err error) { + if app.prepareProposal == nil { + return nil, errors.New("PrepareProposal handler not set") +} + + // Always reset state given that PrepareProposal can timeout and be called + // again in a subsequent round. + header := cmtproto.Header{ + ChainID: app.chainID, + Height: req.Height, + Time: req.Time, + ProposerAddress: req.ProposerAddress, + NextValidatorsHash: req.NextValidatorsHash, + AppHash: app.LastCommitID().Hash, +} + +app.setState(execModePrepareProposal, header) + + // CometBFT must never call PrepareProposal with a height of 0. + // + // Ref: https://github.com/cometbft/cometbft/blob/059798a4f5b0c9f52aa8655fa619054a0154088c/spec/core/state.md?plain=1#L37-L38 + if req.Height < 1 { + return nil, errors.New("PrepareProposal called with invalid height") +} + +app.prepareProposalState.SetContext(app.getContextForProposal(app.prepareProposalState.Context(), req.Height). + WithVoteInfos(toVoteInfo(req.LocalLastCommit.Votes)). // this is a set of votes that are not finalized yet, wait for commit + WithBlockHeight(req.Height). + WithBlockTime(req.Time). + WithProposer(req.ProposerAddress). + WithExecMode(sdk.ExecModePrepareProposal). + WithCometInfo(prepareProposalInfo{ + req +}). + WithHeaderInfo(coreheader.Info{ + ChainID: app.chainID, + Height: req.Height, + Time: req.Time, +})) + +app.prepareProposalState.SetContext(app.prepareProposalState.Context(). + WithConsensusParams(app.GetConsensusParams(app.prepareProposalState.Context())). + WithBlockGasMeter(app.getBlockGasMeter(app.prepareProposalState.Context()))) + +defer func() { + if err := recover(); err != nil { + app.logger.Error( + "panic recovered in PrepareProposal", + "height", req.Height, + "time", req.Time, + "panic", err, + ) + +resp = &abci.ResponsePrepareProposal{ + Txs: req.Txs +} + +} + +}() + +resp, err = app.prepareProposal(app.prepareProposalState.Context(), req) + if err != nil { + app.logger.Error("failed to prepare proposal", "height", req.Height, "time", req.Time, "err", err) + +return &abci.ResponsePrepareProposal{ + Txs: req.Txs +}, nil +} + +return resp, nil +} + +// ProcessProposal implements the ProcessProposal ABCI method and returns a +// ResponseProcessProposal object to the client. The ProcessProposal method is +// responsible for allowing execution of application-dependent work in a proposed +// block. Note, the application defines the exact implementation details of +// ProcessProposal. In general, the application must at the very least ensure +// that all transactions are valid. If all transactions are valid, then we inform +// CometBFT that the Status is ACCEPT. However, the application is also able +// to implement optimizations such as executing the entire proposed block +// immediately. +// +// If a panic is detected during execution of an application's ProcessProposal +// handler, it will be recovered and we will reject the proposal. +// +// Ref: https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-060-abci-1.0.md +// Ref: https://github.com/cometbft/cometbft/blob/main/spec/abci/abci%2B%2B_basic_concepts.md +func (app *BaseApp) + +ProcessProposal(req *abci.RequestProcessProposal) (resp *abci.ResponseProcessProposal, err error) { + if app.processProposal == nil { + return nil, errors.New("ProcessProposal handler not set") +} + + // CometBFT must never call ProcessProposal with a height of 0. + // Ref: https://github.com/cometbft/cometbft/blob/059798a4f5b0c9f52aa8655fa619054a0154088c/spec/core/state.md?plain=1#L37-L38 + if req.Height < 1 { + return nil, errors.New("ProcessProposal called with invalid height") +} + + // Always reset state given that ProcessProposal can timeout and be called + // again in a subsequent round. + header := cmtproto.Header{ + ChainID: app.chainID, + Height: req.Height, + Time: req.Time, + ProposerAddress: req.ProposerAddress, + NextValidatorsHash: req.NextValidatorsHash, + AppHash: app.LastCommitID().Hash, +} + +app.setState(execModeProcessProposal, header) + + // Since the application can get access to FinalizeBlock state and write to it, + // we must be sure to reset it in case ProcessProposal timeouts and is called + // again in a subsequent round. However, we only want to do this after we've + // processed the first block, as we want to avoid overwriting the finalizeState + // after state changes during InitChain. + if req.Height > app.initialHeight { + // abort any running OE + app.optimisticExec.Abort() + +app.setState(execModeFinalize, header) +} + +app.processProposalState.SetContext(app.getContextForProposal(app.processProposalState.Context(), req.Height). + WithVoteInfos(req.ProposedLastCommit.Votes). // this is a set of votes that are not finalized yet, wait for commit + WithBlockHeight(req.Height). + WithBlockTime(req.Time). + WithHeaderHash(req.Hash). + WithProposer(req.ProposerAddress). + WithCometInfo(cometInfo{ + ProposerAddress: req.ProposerAddress, + ValidatorsHash: req.NextValidatorsHash, + Misbehavior: req.Misbehavior, + LastCommit: req.ProposedLastCommit +}). + WithExecMode(sdk.ExecModeProcessProposal). + WithHeaderInfo(coreheader.Info{ + ChainID: app.chainID, + Height: req.Height, + Time: req.Time, +})) + +app.processProposalState.SetContext(app.processProposalState.Context(). + WithConsensusParams(app.GetConsensusParams(app.processProposalState.Context())). + WithBlockGasMeter(app.getBlockGasMeter(app.processProposalState.Context()))) + +defer func() { + if err := recover(); err != nil { + app.logger.Error( + "panic recovered in ProcessProposal", + "height", req.Height, + "time", req.Time, + "hash", fmt.Sprintf("%X", req.Hash), + "panic", err, + ) + +resp = &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_REJECT +} + +} + +}() + +resp, err = app.processProposal(app.processProposalState.Context(), req) + if err != nil { + app.logger.Error("failed to process proposal", "height", req.Height, "time", req.Time, "hash", fmt.Sprintf("%X", req.Hash), "err", err) + +return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_REJECT +}, nil +} + + // Only execute optimistic execution if the proposal is accepted, OE is + // enabled and the block height is greater than the initial height. During + // the first block we'll be carrying state from InitChain, so it would be + // impossible for us to easily revert. + // After the first block has been processed, the next blocks will get executed + // optimistically, so that when the ABCI client calls `FinalizeBlock` the app + // can have a response ready. + if resp.Status == abci.ResponseProcessProposal_ACCEPT && + app.optimisticExec.Enabled() && + req.Height > app.initialHeight { + app.optimisticExec.Execute(req) +} + +return resp, nil +} + +// ExtendVote implements the ExtendVote ABCI method and returns a ResponseExtendVote. +// It calls the application's ExtendVote handler which is responsible for performing +// application-specific business logic when sending a pre-commit for the NEXT +// block height. The extensions response may be non-deterministic but must always +// be returned, even if empty. +// +// Agreed upon vote extensions are made available to the proposer of the next +// height and are committed in the subsequent height, i.e. H+2. An error is +// returned if vote extensions are not enabled or if extendVote fails or panics. +func (app *BaseApp) + +ExtendVote(_ context.Context, req *abci.RequestExtendVote) (resp *abci.ResponseExtendVote, err error) { + // Always reset state given that ExtendVote and VerifyVoteExtension can timeout + // and be called again in a subsequent round. + var ctx sdk.Context + + // If we're extending the vote for the initial height, we need to use the + // finalizeBlockState context, otherwise we don't get the uncommitted data + // from InitChain. + if req.Height == app.initialHeight { + ctx, _ = app.finalizeBlockState.Context().CacheContext() +} + +else { + emptyHeader := cmtproto.Header{ + ChainID: app.chainID, + Height: req.Height +} + ms := app.cms.CacheMultiStore() + +ctx = sdk.NewContext(ms, emptyHeader, false, app.logger).WithStreamingManager(app.streamingManager) +} + if app.extendVote == nil { + return nil, errors.New("application ExtendVote handler not set") +} + + // If vote extensions are not enabled, as a safety precaution, we return an + // error. + cp := app.GetConsensusParams(ctx) + + // Note: In this case, we do want to extend vote if the height is equal or + // greater than VoteExtensionsEnableHeight. This defers from the check done + // in ValidateVoteExtensions and PrepareProposal in which we'll check for + // vote extensions on VoteExtensionsEnableHeight+1. + extsEnabled := cp.Abci != nil && req.Height >= cp.Abci.VoteExtensionsEnableHeight && cp.Abci.VoteExtensionsEnableHeight != 0 + if !extsEnabled { + return nil, fmt.Errorf("vote extensions are not enabled; unexpected call to ExtendVote at height %d", req.Height) +} + +ctx = ctx. + WithConsensusParams(cp). + WithBlockGasMeter(storetypes.NewInfiniteGasMeter()). + WithBlockHeight(req.Height). + WithHeaderHash(req.Hash). + WithExecMode(sdk.ExecModeVoteExtension). + WithHeaderInfo(coreheader.Info{ + ChainID: app.chainID, + Height: req.Height, + Hash: req.Hash, +}) + + // add a deferred recover handler in case extendVote panics + defer func() { + if r := recover(); r != nil { + app.logger.Error( + "panic recovered in ExtendVote", + "height", req.Height, + "hash", fmt.Sprintf("%X", req.Hash), + "panic", err, + ) + +err = fmt.Errorf("recovered application panic in ExtendVote: %v", r) +} + +}() + +resp, err = app.extendVote(ctx, req) + if err != nil { + app.logger.Error("failed to extend vote", "height", req.Height, "hash", fmt.Sprintf("%X", req.Hash), "err", err) + +return &abci.ResponseExtendVote{ + VoteExtension: []byte{ +}}, nil +} + +return resp, err +} + +// VerifyVoteExtension implements the VerifyVoteExtension ABCI method and returns +// a ResponseVerifyVoteExtension. It calls the applications' VerifyVoteExtension +// handler which is responsible for performing application-specific business +// logic in verifying a vote extension from another validator during the pre-commit +// phase. The response MUST be deterministic. An error is returned if vote +// extensions are not enabled or if verifyVoteExt fails or panics. +func (app *BaseApp) + +VerifyVoteExtension(req *abci.RequestVerifyVoteExtension) (resp *abci.ResponseVerifyVoteExtension, err error) { + if app.verifyVoteExt == nil { + return nil, errors.New("application VerifyVoteExtension handler not set") +} + +var ctx sdk.Context + + // If we're verifying the vote for the initial height, we need to use the + // finalizeBlockState context, otherwise we don't get the uncommitted data + // from InitChain. + if req.Height == app.initialHeight { + ctx, _ = app.finalizeBlockState.Context().CacheContext() +} + +else { + emptyHeader := cmtproto.Header{ + ChainID: app.chainID, + Height: req.Height +} + ms := app.cms.CacheMultiStore() + +ctx = sdk.NewContext(ms, emptyHeader, false, app.logger).WithStreamingManager(app.streamingManager) +} + + // If vote extensions are not enabled, as a safety precaution, we return an + // error. + cp := app.GetConsensusParams(ctx) + + // Note: we verify votes extensions on VoteExtensionsEnableHeight+1. Check + // comment in ExtendVote and ValidateVoteExtensions for more details. + extsEnabled := cp.Abci != nil && req.Height >= cp.Abci.VoteExtensionsEnableHeight && cp.Abci.VoteExtensionsEnableHeight != 0 + if !extsEnabled { + return nil, fmt.Errorf("vote extensions are not enabled; unexpected call to VerifyVoteExtension at height %d", req.Height) +} + + // add a deferred recover handler in case verifyVoteExt panics + defer func() { + if r := recover(); r != nil { + app.logger.Error( + "panic recovered in VerifyVoteExtension", + "height", req.Height, + "hash", fmt.Sprintf("%X", req.Hash), + "validator", fmt.Sprintf("%X", req.ValidatorAddress), + "panic", r, + ) + +err = fmt.Errorf("recovered application panic in VerifyVoteExtension: %v", r) +} + +}() + +ctx = ctx. + WithConsensusParams(cp). + WithBlockGasMeter(storetypes.NewInfiniteGasMeter()). + WithBlockHeight(req.Height). + WithHeaderHash(req.Hash). + WithExecMode(sdk.ExecModeVerifyVoteExtension). + WithHeaderInfo(coreheader.Info{ + ChainID: app.chainID, + Height: req.Height, + Hash: req.Hash, +}) + +resp, err = app.verifyVoteExt(ctx, req) + if err != nil { + app.logger.Error("failed to verify vote extension", "height", req.Height, "err", err) + +return &abci.ResponseVerifyVoteExtension{ + Status: abci.ResponseVerifyVoteExtension_REJECT +}, nil +} + +return resp, err +} + +// internalFinalizeBlock executes the block, called by the Optimistic +// Execution flow or by the FinalizeBlock ABCI method. The context received is +// only used to handle early cancellation, for anything related to state app.finalizeBlockState.Context() +// must be used. +func (app *BaseApp) + +internalFinalizeBlock(ctx context.Context, req *abci.RequestFinalizeBlock) (*abci.ResponseFinalizeBlock, error) { + var events []abci.Event + if err := app.checkHalt(req.Height, req.Time); err != nil { + return nil, err +} + if err := app.validateFinalizeBlockHeight(req); err != nil { + return nil, err +} + if app.cms.TracingEnabled() { + app.cms.SetTracingContext(storetypes.TraceContext( + map[string]any{"blockHeight": req.Height +}, + )) +} + header := cmtproto.Header{ + ChainID: app.chainID, + Height: req.Height, + Time: req.Time, + ProposerAddress: req.ProposerAddress, + NextValidatorsHash: req.NextValidatorsHash, + AppHash: app.LastCommitID().Hash, +} + + // finalizeBlockState should be set on InitChain or ProcessProposal. If it is + // nil, it means we are replaying this block and we need to set the state here + // given that during block replay ProcessProposal is not executed by CometBFT. + if app.finalizeBlockState == nil { + app.setState(execModeFinalize, header) +} + + // Context is now updated with Header information. + app.finalizeBlockState.SetContext(app.finalizeBlockState.Context(). + WithBlockHeader(header). + WithHeaderHash(req.Hash). + WithHeaderInfo(coreheader.Info{ + ChainID: app.chainID, + Height: req.Height, + Time: req.Time, + Hash: req.Hash, + AppHash: app.LastCommitID().Hash, +}). + WithConsensusParams(app.GetConsensusParams(app.finalizeBlockState.Context())). + WithVoteInfos(req.DecidedLastCommit.Votes). + WithExecMode(sdk.ExecModeFinalize). + WithCometInfo(cometInfo{ + Misbehavior: req.Misbehavior, + ValidatorsHash: req.NextValidatorsHash, + ProposerAddress: req.ProposerAddress, + LastCommit: req.DecidedLastCommit, +})) + + // GasMeter must be set after we get a context with updated consensus params. + gasMeter := app.getBlockGasMeter(app.finalizeBlockState.Context()) + +app.finalizeBlockState.SetContext(app.finalizeBlockState.Context().WithBlockGasMeter(gasMeter)) + if app.checkState != nil { + app.checkState.SetContext(app.checkState.Context(). + WithBlockGasMeter(gasMeter). + WithHeaderHash(req.Hash)) +} + +preblockEvents, err := app.preBlock(req) + if err != nil { + return nil, err +} + +events = append(events, preblockEvents...) + +beginBlock, err := app.beginBlock(req) + if err != nil { + return nil, err +} + + // First check for an abort signal after beginBlock, as it's the first place + // we spend any significant amount of time. + select { + case <-ctx.Done(): + return nil, ctx.Err() + +default: + // continue +} + +events = append(events, beginBlock.Events...) + + // Reset the gas meter so that the AnteHandlers aren't required to + gasMeter = app.getBlockGasMeter(app.finalizeBlockState.Context()) + +app.finalizeBlockState.SetContext(app.finalizeBlockState.Context().WithBlockGasMeter(gasMeter)) + + // Iterate over all raw transactions in the proposal and attempt to execute + // them, gathering the execution results. + // + // NOTE: Not all raw transactions may adhere to the sdk.Tx interface, e.g. + // vote extensions, so skip those. + txResults := make([]*abci.ExecTxResult, 0, len(req.Txs)) + for _, rawTx := range req.Txs { + var response *abci.ExecTxResult + if _, err := app.txDecoder(rawTx); err == nil { + response = app.deliverTx(rawTx) +} + +else { + // In the case where a transaction included in a block proposal is malformed, + // we still want to return a default response to comet. This is because comet + // expects a response for each transaction included in a block proposal. + response = sdkerrors.ResponseExecTxResultWithEvents( + sdkerrors.ErrTxDecode, + 0, + 0, + nil, + false, + ) +} + + // check after every tx if we should abort + select { + case <-ctx.Done(): + return nil, ctx.Err() + +default: + // continue +} + +txResults = append(txResults, response) +} + if app.finalizeBlockState.ms.TracingEnabled() { + app.finalizeBlockState.ms = app.finalizeBlockState.ms.SetTracingContext(nil).(storetypes.CacheMultiStore) +} + +endBlock, err := app.endBlock(app.finalizeBlockState.Context()) + if err != nil { + return nil, err +} + + // check after endBlock if we should abort, to avoid propagating the result + select { + case <-ctx.Done(): + return nil, ctx.Err() + +default: + // continue +} + +events = append(events, endBlock.Events...) + cp := app.GetConsensusParams(app.finalizeBlockState.Context()) + +return &abci.ResponseFinalizeBlock{ + Events: events, + TxResults: txResults, + ValidatorUpdates: endBlock.ValidatorUpdates, + ConsensusParamUpdates: &cp, +}, nil +} + +// FinalizeBlock will execute the block proposal provided by RequestFinalizeBlock. +// Specifically, it will execute an application's BeginBlock (if defined), followed +// by the transactions in the proposal, finally followed by the application's +// EndBlock (if defined). +// +// For each raw transaction, i.e. a byte slice, BaseApp will only execute it if +// it adheres to the sdk.Tx interface. Otherwise, the raw transaction will be +// skipped. This is to support compatibility with proposers injecting vote +// extensions into the proposal, which should not themselves be executed in cases +// where they adhere to the sdk.Tx interface. +func (app *BaseApp) + +FinalizeBlock(req *abci.RequestFinalizeBlock) (res *abci.ResponseFinalizeBlock, err error) { + defer func() { + if res == nil { + return +} + // call the streaming service hooks with the FinalizeBlock messages + for _, streamingListener := range app.streamingManager.ABCIListeners { + if err := streamingListener.ListenFinalizeBlock(app.finalizeBlockState.Context(), *req, *res); err != nil { + app.logger.Error("ListenFinalizeBlock listening hook failed", "height", req.Height, "err", err) +} + +} + +}() + if app.optimisticExec.Initialized() { + // check if the hash we got is the same as the one we are executing + aborted := app.optimisticExec.AbortIfNeeded(req.Hash) + // Wait for the OE to finish, regardless of whether it was aborted or not + res, err = app.optimisticExec.WaitResult() + + // only return if we are not aborting + if !aborted { + if res != nil { + res.AppHash = app.workingHash() +} + +return res, err +} + + // if it was aborted, we need to reset the state + app.finalizeBlockState = nil + app.optimisticExec.Reset() +} + + // if no OE is running, just run the block (this is either a block replay or a OE that got aborted) + +res, err = app.internalFinalizeBlock(context.Background(), req) + if res != nil { + res.AppHash = app.workingHash() +} + +return res, err +} + +// checkHalt checkes if height or time exceeds halt-height or halt-time respectively. +func (app *BaseApp) + +checkHalt(height int64, time time.Time) + +error { + var halt bool + switch { + case app.haltHeight > 0 && uint64(height) >= app.haltHeight: + halt = true + case app.haltTime > 0 && time.Unix() >= int64(app.haltTime): + halt = true +} + if halt { + return fmt.Errorf("halt per configuration height %d time %d", app.haltHeight, app.haltTime) +} + +return nil +} + +// Commit implements the ABCI interface. It will commit all state that exists in +// the deliver state's multi-store and includes the resulting commit ID in the +// returned abci.ResponseCommit. Commit will set the check state based on the +// latest header and reset the deliver state. Also, if a non-zero halt height is +// defined in config, Commit will execute a deferred function call to check +// against that height and gracefully halt if it matches the latest committed +// height. +func (app *BaseApp) + +Commit() (*abci.ResponseCommit, error) { + header := app.finalizeBlockState.Context().BlockHeader() + retainHeight := app.GetBlockRetentionHeight(header.Height) + if app.precommiter != nil { + app.precommiter(app.finalizeBlockState.Context()) +} + +rms, ok := app.cms.(*rootmulti.Store) + if ok { + rms.SetCommitHeader(header) +} + +app.cms.Commit() + resp := &abci.ResponseCommit{ + RetainHeight: retainHeight, +} + abciListeners := app.streamingManager.ABCIListeners + if len(abciListeners) > 0 { + ctx := app.finalizeBlockState.Context() + blockHeight := ctx.BlockHeight() + changeSet := app.cms.PopStateCache() + for _, abciListener := range abciListeners { + if err := abciListener.ListenCommit(ctx, *resp, changeSet); err != nil { + app.logger.Error("Commit listening hook failed", "height", blockHeight, "err", err) +} + +} + +} + + // Reset the CheckTx state to the latest committed. + // + // NOTE: This is safe because CometBFT holds a lock on the mempool for + // Commit. Use the header from this latest block. + app.setState(execModeCheck, header) + +app.finalizeBlockState = nil + if app.prepareCheckStater != nil { + app.prepareCheckStater(app.checkState.Context()) +} + + // The SnapshotIfApplicable method will create the snapshot by starting the goroutine + app.snapshotManager.SnapshotIfApplicable(header.Height) + +return resp, nil +} + +// workingHash gets the apphash that will be finalized in commit. +// These writes will be persisted to the root multi-store (app.cms) + +and flushed to +// disk in the Commit phase. This means when the ABCI client requests Commit(), the application +// state transitions will be flushed to disk and as a result, but we already have +// an application Merkle root. +func (app *BaseApp) + +workingHash() []byte { + // Write the FinalizeBlock state into branched storage and commit the MultiStore. + // The write to the FinalizeBlock state writes all state transitions to the root + // MultiStore (app.cms) + +so when Commit() + +is called it persists those values. + app.finalizeBlockState.ms.Write() + + // Get the hash of all writes in order to return the apphash to the comet in finalizeBlock. + commitHash := app.cms.WorkingHash() + +app.logger.Debug("hash of all writes", "workingHash", fmt.Sprintf("%X", commitHash)) + +return commitHash +} + +func handleQueryApp(app *BaseApp, path []string, req *abci.RequestQuery) *abci.ResponseQuery { + if len(path) >= 2 { + switch path[1] { + case "simulate": + txBytes := req.Data + + gInfo, res, err := app.Simulate(txBytes) + if err != nil { + return sdkerrors.QueryResult(errorsmod.Wrap(err, "failed to simulate tx"), app.trace) +} + simRes := &sdk.SimulationResponse{ + GasInfo: gInfo, + Result: res, +} + +bz, err := codec.ProtoMarshalJSON(simRes, app.interfaceRegistry) + if err != nil { + return sdkerrors.QueryResult(errorsmod.Wrap(err, "failed to JSON encode simulation response"), app.trace) +} + +return &abci.ResponseQuery{ + Codespace: sdkerrors.RootCodespace, + Height: req.Height, + Value: bz, +} + case "version": + return &abci.ResponseQuery{ + Codespace: sdkerrors.RootCodespace, + Height: req.Height, + Value: []byte(app.version), +} + +default: + return sdkerrors.QueryResult(errorsmod.Wrapf(sdkerrors.ErrUnknownRequest, "unknown query: %s", path), app.trace) +} + +} + +return sdkerrors.QueryResult( + errorsmod.Wrap( + sdkerrors.ErrUnknownRequest, + "expected second parameter to be either 'simulate' or 'version', neither was present", + ), app.trace) +} + +func handleQueryStore(app *BaseApp, path []string, req abci.RequestQuery) *abci.ResponseQuery { + // "/store" prefix for store queries + queryable, ok := app.cms.(storetypes.Queryable) + if !ok { + return sdkerrors.QueryResult(errorsmod.Wrap(sdkerrors.ErrUnknownRequest, "multi-store does not support queries"), app.trace) +} + +req.Path = "/" + strings.Join(path[1:], "/") + if req.Height <= 1 && req.Prove { + return sdkerrors.QueryResult( + errorsmod.Wrap( + sdkerrors.ErrInvalidRequest, + "cannot query with proof when height <= 1; please provide a valid height", + ), app.trace) +} + sdkReq := storetypes.RequestQuery(req) + +resp, err := queryable.Query(&sdkReq) + if err != nil { + return sdkerrors.QueryResult(err, app.trace) +} + +resp.Height = req.Height + abciResp := abci.ResponseQuery(*resp) + +return &abciResp +} + +func handleQueryP2P(app *BaseApp, path []string) *abci.ResponseQuery { + // "/p2p" prefix for p2p queries + if len(path) < 4 { + return sdkerrors.QueryResult(errorsmod.Wrap(sdkerrors.ErrUnknownRequest, "path should be p2p filter "), app.trace) +} + +var resp *abci.ResponseQuery + + cmd, typ, arg := path[1], path[2], path[3] + switch cmd { + case "filter": + switch typ { + case "addr": + resp = app.FilterPeerByAddrPort(arg) + case "id": + resp = app.FilterPeerByID(arg) +} + +default: + resp = sdkerrors.QueryResult(errorsmod.Wrap(sdkerrors.ErrUnknownRequest, "expected second parameter to be 'filter'"), app.trace) +} + +return resp +} + +// SplitABCIQueryPath splits a string path using the delimiter '/'. +// +// e.g. "this/is/funny" becomes []string{"this", "is", "funny" +} + +func SplitABCIQueryPath(requestPath string) (path []string) { + path = strings.Split(requestPath, "/") + + // first element is empty string + if len(path) > 0 && path[0] == "" { + path = path[1:] +} + +return path +} + +// FilterPeerByAddrPort filters peers by address/port. +func (app *BaseApp) + +FilterPeerByAddrPort(info string) *abci.ResponseQuery { + if app.addrPeerFilter != nil { + return app.addrPeerFilter(info) +} + +return &abci.ResponseQuery{ +} +} + +// FilterPeerByID filters peers by node ID. +func (app *BaseApp) + +FilterPeerByID(info string) *abci.ResponseQuery { + if app.idPeerFilter != nil { + return app.idPeerFilter(info) +} + +return &abci.ResponseQuery{ +} +} + +// getContextForProposal returns the correct Context for PrepareProposal and +// ProcessProposal. We use finalizeBlockState on the first block to be able to +// access any state changes made in InitChain. +func (app *BaseApp) + +getContextForProposal(ctx sdk.Context, height int64) + +sdk.Context { + if height == app.initialHeight { + ctx, _ = app.finalizeBlockState.Context().CacheContext() + + // clear all context data set during InitChain to avoid inconsistent behavior + ctx = ctx.WithBlockHeader(cmtproto.Header{ +}).WithHeaderInfo(coreheader.Info{ +}) + +return ctx +} + +return ctx +} + +func (app *BaseApp) + +handleQueryGRPC(handler GRPCQueryHandler, req *abci.RequestQuery) *abci.ResponseQuery { + ctx, err := app.CreateQueryContext(req.Height, req.Prove) + if err != nil { + return sdkerrors.QueryResult(err, app.trace) +} + +resp, err := handler(ctx, req) + if err != nil { + resp = sdkerrors.QueryResult(gRPCErrorToSDKError(err), app.trace) + +resp.Height = req.Height + return resp +} + +return resp +} + +func gRPCErrorToSDKError(err error) + +error { + status, ok := grpcstatus.FromError(err) + if !ok { + return errorsmod.Wrap(sdkerrors.ErrInvalidRequest, err.Error()) +} + switch status.Code() { + case codes.NotFound: + return errorsmod.Wrap(sdkerrors.ErrKeyNotFound, err.Error()) + case codes.InvalidArgument: + return errorsmod.Wrap(sdkerrors.ErrInvalidRequest, err.Error()) + case codes.FailedPrecondition: + return errorsmod.Wrap(sdkerrors.ErrInvalidRequest, err.Error()) + case codes.Unauthenticated: + return errorsmod.Wrap(sdkerrors.ErrUnauthorized, err.Error()) + +default: + return errorsmod.Wrap(sdkerrors.ErrUnknownRequest, err.Error()) +} +} + +func checkNegativeHeight(height int64) + +error { + if height < 0 { + return errorsmod.Wrap(sdkerrors.ErrInvalidRequest, "cannot query with height < 0; please provide a valid height") +} + +return nil +} + +// CreateQueryContext creates a new sdk.Context for a query, taking as args +// the block height and whether the query needs a proof or not. +func (app *BaseApp) + +CreateQueryContext(height int64, prove bool) (sdk.Context, error) { + return app.CreateQueryContextWithCheckHeader(height, prove, true) +} + +// CreateQueryContextWithCheckHeader creates a new sdk.Context for a query, taking as args +// the block height, whether the query needs a proof or not, and whether to check the header or not. +func (app *BaseApp) + +CreateQueryContextWithCheckHeader(height int64, prove, checkHeader bool) (sdk.Context, error) { + if err := checkNegativeHeight(height); err != nil { + return sdk.Context{ +}, err +} + + // use custom query multi-store if provided + qms := app.qms + if qms == nil { + qms = app.cms.(storetypes.MultiStore) +} + lastBlockHeight := qms.LatestVersion() + if lastBlockHeight == 0 { + return sdk.Context{ +}, errorsmod.Wrapf(sdkerrors.ErrInvalidHeight, "%s is not ready; please wait for first block", app.Name()) +} + if height > lastBlockHeight { + return sdk.Context{ +}, + errorsmod.Wrap( + sdkerrors.ErrInvalidHeight, + "cannot query with height in the future; please provide a valid height", + ) +} + if height == 1 && prove { + return sdk.Context{ +}, + errorsmod.Wrap( + sdkerrors.ErrInvalidRequest, + "cannot query with proof when height <= 1; please provide a valid height", + ) +} + +var header *cmtproto.Header + isLatest := height == 0 + for _, state := range []*state{ + app.checkState, + app.finalizeBlockState, +} { + if state != nil { + // branch the commit multi-store for safety + h := state.Context().BlockHeader() + if isLatest { + lastBlockHeight = qms.LatestVersion() +} + if !checkHeader || !isLatest || isLatest && h.Height == lastBlockHeight { + header = &h + break +} + +} + +} + if header == nil { + return sdk.Context{ +}, + errorsmod.Wrapf( + sdkerrors.ErrInvalidHeight, + "context did not contain latest block height in either check state or finalize block state (%d)", lastBlockHeight, + ) +} + + // when a client did not provide a query height, manually inject the latest + if isLatest { + height = lastBlockHeight +} + +cacheMS, err := qms.CacheMultiStoreWithVersion(height) + if err != nil { + return sdk.Context{ +}, + errorsmod.Wrapf( + sdkerrors.ErrNotFound, + "failed to load state at height %d; %s (latest height: %d)", height, err, lastBlockHeight, + ) +} + + // branch the commit multi-store for safety + ctx := sdk.NewContext(cacheMS, *header, true, app.logger). + WithMinGasPrices(app.minGasPrices). + WithGasMeter(storetypes.NewGasMeter(app.queryGasLimit)). + WithBlockHeader(*header). + WithBlockHeight(height) + if !isLatest { + rms, ok := app.cms.(*rootmulti.Store) + if ok { + cInfo, err := rms.GetCommitInfo(height) + if cInfo != nil && err == nil { + ctx = ctx.WithBlockHeight(height).WithBlockTime(cInfo.Timestamp) +} + +} + +} + +return ctx, nil +} + +// GetBlockRetentionHeight returns the height for which all blocks below this height +// are pruned from CometBFT. Given a commitment height and a non-zero local +// minRetainBlocks configuration, the retentionHeight is the smallest height that +// satisfies: +// +// - Unbonding (safety threshold) + +time: The block interval in which validators +// can be economically punished for misbehavior. Blocks in this interval must be +// auditable e.g. by the light client. +// +// - Logical store snapshot interval: The block interval at which the underlying +// logical store database is persisted to disk, e.g. every 10000 heights. Blocks +// since the last IAVL snapshot must be available for replay on application restart. +// +// - State sync snapshots: Blocks since the oldest available snapshot must be +// available for state sync nodes to catch up (oldest because a node may be +// restoring an old snapshot while a new snapshot was taken). +// +// - Local (minRetainBlocks) + +config: Archive nodes may want to retain more or +// all blocks, e.g. via a local config option min-retain-blocks. There may also +// be a need to vary retention for other nodes, e.g. sentry nodes which do not +// need historical blocks. +func (app *BaseApp) + +GetBlockRetentionHeight(commitHeight int64) + +int64 { + // If minRetainBlocks is zero, pruning is disabled and we return 0 + // If commitHeight is less than or equal to minRetainBlocks, return 0 since there are not enough + // blocks to trigger pruning yet. This ensures we keep all blocks until we have at least minRetainBlocks. + retentionBlockWindow := commitHeight - int64(app.minRetainBlocks) + if app.minRetainBlocks == 0 || retentionBlockWindow <= 0 { + return 0 +} + minNonZero := func(x, y int64) + +int64 { + switch { + case x == 0: + return y + case y == 0: + return x + case x < y: + return x + + default: + return y +} + +} + + // Define retentionHeight as the minimum value that satisfies all non-zero + // constraints. All blocks below (commitHeight-retentionHeight) + +are pruned + // from CometBFT. + var retentionHeight int64 + + // Define the number of blocks needed to protect against misbehaving validators + // which allows light clients to operate safely. Note, we piggy back of the + // evidence parameters instead of computing an estimated number of blocks based + // on the unbonding period and block commitment time as the two should be + // equivalent. + cp := app.GetConsensusParams(app.finalizeBlockState.Context()) + if cp.Evidence != nil && cp.Evidence.MaxAgeNumBlocks > 0 { + retentionHeight = commitHeight - cp.Evidence.MaxAgeNumBlocks +} + if app.snapshotManager != nil { + snapshotRetentionHeights := app.snapshotManager.GetSnapshotBlockRetentionHeights() + if snapshotRetentionHeights > 0 { + retentionHeight = minNonZero(retentionHeight, commitHeight-snapshotRetentionHeights) +} + +} + +retentionHeight = minNonZero(retentionHeight, retentionBlockWindow) + if retentionHeight <= 0 { + // prune nothing in the case of a non-positive height + return 0 +} + +return retentionHeight +} + +// toVoteInfo converts the new ExtendedVoteInfo to VoteInfo. +func toVoteInfo(votes []abci.ExtendedVoteInfo) []abci.VoteInfo { + legacyVotes := make([]abci.VoteInfo, len(votes)) + for i, vote := range votes { + legacyVotes[i] = abci.VoteInfo{ + Validator: abci.Validator{ + Address: vote.Validator.Address, + Power: vote.Validator.Power, +}, + BlockIdFlag: vote.BlockIdFlag, +} + +} + +return legacyVotes +} +``` + +#### PreBlock + +* Run the application's [`preBlocker()`](/docs/sdk/vnext/learn/beginner/app-anatomy#preblocker), which mainly runs the [`PreBlocker()`](/docs/sdk/vnext/build/building-modules/preblock#preblock) method of each of the modules. + +#### BeginBlock + +* Initialize [`finalizeBlockState`](#state-updates) with the latest header using the `req abci.FinalizeBlockRequest` passed as parameter via the `setState` function. + + ```go expandable + package baseapp + + import ( + + "context" + "fmt" + "maps" + "math" + "slices" + "strconv" + "sync" + "github.com/cockroachdb/errors" + abci "github.com/cometbft/cometbft/abci/types" + "github.com/cometbft/cometbft/crypto/tmhash" + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + dbm "github.com/cosmos/cosmos-db" + "github.com/cosmos/gogoproto/proto" + protov2 "google.golang.org/protobuf/proto" + "cosmossdk.io/core/header" + errorsmod "cosmossdk.io/errors" + "cosmossdk.io/log" + "cosmossdk.io/store" + storemetrics "cosmossdk.io/store/metrics" + "cosmossdk.io/store/snapshots" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/baseapp/oe" + "github.com/cosmos/cosmos-sdk/codec" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + servertypes "github.com/cosmos/cosmos-sdk/server/types" + "github.com/cosmos/cosmos-sdk/telemetry" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/cosmos/cosmos-sdk/types/mempool" + "github.com/cosmos/cosmos-sdk/types/msgservice" + ) + + type ( + execMode uint8 + + // StoreLoader defines a customizable function to control how we load the + // CommitMultiStore from disk. This is useful for state migration, when + // loading a datastore written with an older version of the software. In + // particular, if a module changed the substore key name (or removed a substore) + // between two versions of the software. + StoreLoader func(ms storetypes.CommitMultiStore) + + error + ) + + const ( + execModeCheck execMode = iota // Check a transaction + execModeReCheck // Recheck a (pending) + + transaction after a commit + execModeSimulate // Simulate a transaction + execModePrepareProposal // Prepare a block proposal + execModeProcessProposal // Process a block proposal + execModeVoteExtension // Extend or verify a pre-commit vote + execModeVerifyVoteExtension // Verify a vote extension + execModeFinalize // Finalize a block proposal + ) + + var _ servertypes.ABCI = (*BaseApp)(nil) + + // BaseApp reflects the ABCI application implementation. + type BaseApp struct { + // initialized on creation + mu sync.Mutex // mu protects the fields below. + logger log.Logger + name string // application name from abci.BlockInfo + db dbm.DB // common DB backend + cms storetypes.CommitMultiStore // Main (uncached) + + state + qms storetypes.MultiStore // Optional alternative multistore for querying only. + storeLoader StoreLoader // function to handle store loading, may be overridden with SetStoreLoader() + + grpcQueryRouter *GRPCQueryRouter // router for redirecting gRPC query calls + msgServiceRouter *MsgServiceRouter // router for redirecting Msg service messages + interfaceRegistry codectypes.InterfaceRegistry + txDecoder sdk.TxDecoder // unmarshal []byte into sdk.Tx + txEncoder sdk.TxEncoder // marshal sdk.Tx into []byte + + mempool mempool.Mempool // application side mempool + anteHandler sdk.AnteHandler // ante handler for fee and auth + postHandler sdk.PostHandler // post handler, optional + + checkTxHandler sdk.CheckTxHandler // ABCI CheckTx handler + initChainer sdk.InitChainer // ABCI InitChain handler + preBlocker sdk.PreBlocker // logic to run before BeginBlocker + beginBlocker sdk.BeginBlocker // (legacy ABCI) + + BeginBlock handler + endBlocker sdk.EndBlocker // (legacy ABCI) + + EndBlock handler + processProposal sdk.ProcessProposalHandler // ABCI ProcessProposal handler + prepareProposal sdk.PrepareProposalHandler // ABCI PrepareProposal + extendVote sdk.ExtendVoteHandler // ABCI ExtendVote handler + verifyVoteExt sdk.VerifyVoteExtensionHandler // ABCI VerifyVoteExtension handler + prepareCheckStater sdk.PrepareCheckStater // logic to run during commit using the checkState + precommiter sdk.Precommiter // logic to run during commit using the deliverState + + addrPeerFilter sdk.PeerFilter // filter peers by address and port + idPeerFilter sdk.PeerFilter // filter peers by node ID + fauxMerkleMode bool // if true, IAVL MountStores uses MountStoresDB for simulation speed. + sigverifyTx bool // in the simulation test, since the account does not have a private key, we have to ignore the tx sigverify. + + // manages snapshots, i.e. dumps of app state at certain intervals + snapshotManager *snapshots.Manager + + // volatile states: + // + // - checkState is set on InitChain and reset on Commit + // - finalizeBlockState is set on InitChain and FinalizeBlock and set to nil + // on Commit. + // + // - checkState: Used for CheckTx, which is set based on the previous block's + // state. This state is never committed. + // + // - prepareProposalState: Used for PrepareProposal, which is set based on the + // previous block's state. This state is never committed. In case of multiple + // consensus rounds, the state is always reset to the previous block's state. + // + // - processProposalState: Used for ProcessProposal, which is set based on the + // the previous block's state. This state is never committed. In case of + // multiple rounds, the state is always reset to the previous block's state. + // + // - finalizeBlockState: Used for FinalizeBlock, which is set based on the + // previous block's state. This state is committed. + checkState *state + prepareProposalState *state + processProposalState *state + finalizeBlockState *state + + // An inter-block write-through cache provided to the context during the ABCI + // FinalizeBlock call. + interBlockCache storetypes.MultiStorePersistentCache + + // paramStore is used to query for ABCI consensus parameters from an + // application parameter store. + paramStore ParamStore + + // queryGasLimit defines the maximum gas for queries; unbounded if 0. + queryGasLimit uint64 + + // The minimum gas prices a validator is willing to accept for processing a + // transaction. This is mainly used for DoS and spam prevention. + minGasPrices sdk.DecCoins + + // initialHeight is the initial height at which we start the BaseApp + initialHeight int64 + + // flag for sealing options and parameters to a BaseApp + sealed bool + + // block height at which to halt the chain and gracefully shutdown + haltHeight uint64 + + // minimum block time (in Unix seconds) + + at which to halt the chain and gracefully shutdown + haltTime uint64 + + // minRetainBlocks defines the minimum block height offset from the current + // block being committed, such that all blocks past this offset are pruned + // from CometBFT. It is used as part of the process of determining the + // ResponseCommit.RetainHeight value during ABCI Commit. A value of 0 indicates + // that no blocks should be pruned. + // + // Note: CometBFT block pruning is dependant on this parameter in conjunction + // with the unbonding (safety threshold) + + period, state pruning and state sync + // snapshot parameters to determine the correct minimum value of + // ResponseCommit.RetainHeight. + minRetainBlocks uint64 + + // application's version string + version string + + // application's protocol version that increments on every upgrade + // if BaseApp is passed to the upgrade keeper's NewKeeper method. + appVersion uint64 + + // recovery handler for app.runTx method + runTxRecoveryMiddleware recoveryMiddleware + + // trace set will return full stack traces for errors in ABCI Log field + trace bool + + // indexEvents defines the set of events in the form { + eventType + }.{ + attributeKey + }, + // which informs CometBFT what to index. If empty, all events will be indexed. + indexEvents map[string]struct{ + } + + // streamingManager for managing instances and configuration of ABCIListener services + streamingManager storetypes.StreamingManager + + chainID string + + cdc codec.Codec + + // optimisticExec contains the context required for Optimistic Execution, + // including the goroutine handling.This is experimental and must be enabled + // by developers. + optimisticExec *oe.OptimisticExecution + + // disableBlockGasMeter will disable the block gas meter if true, block gas meter is tricky to support + // when executing transactions in parallel. + // when disabled, the block gas meter in context is a noop one. + // + // SAFETY: it's safe to do if validators validate the total gas wanted in the `ProcessProposal`, which is the case in the default handler. + disableBlockGasMeter bool + } + + // NewBaseApp returns a reference to an initialized BaseApp. It accepts a + // variadic number of option functions, which act on the BaseApp to set + // configuration choices. + func NewBaseApp( + name string, logger log.Logger, db dbm.DB, txDecoder sdk.TxDecoder, options ...func(*BaseApp), + ) *BaseApp { + app := &BaseApp{ + logger: logger.With(log.ModuleKey, "baseapp"), + name: name, + db: db, + cms: store.NewCommitMultiStore(db, logger, storemetrics.NewNoOpMetrics()), // by default we use a no-op metric gather in store + storeLoader: DefaultStoreLoader, + grpcQueryRouter: NewGRPCQueryRouter(), + msgServiceRouter: NewMsgServiceRouter(), + txDecoder: txDecoder, + fauxMerkleMode: false, + sigverifyTx: true, + queryGasLimit: math.MaxUint64, + } + for _, option := range options { + option(app) + } + if app.mempool == nil { + app.SetMempool(mempool.NoOpMempool{ + }) + } + abciProposalHandler := NewDefaultProposalHandler(app.mempool, app) + if app.prepareProposal == nil { + app.SetPrepareProposal(abciProposalHandler.PrepareProposalHandler()) + } + if app.processProposal == nil { + app.SetProcessProposal(abciProposalHandler.ProcessProposalHandler()) + } + if app.extendVote == nil { + app.SetExtendVoteHandler(NoOpExtendVote()) + } + if app.verifyVoteExt == nil { + app.SetVerifyVoteExtensionHandler(NoOpVerifyVoteExtensionHandler()) + } + if app.interBlockCache != nil { + app.cms.SetInterBlockCache(app.interBlockCache) + } + + app.runTxRecoveryMiddleware = newDefaultRecoveryMiddleware() + + // Initialize with an empty interface registry to avoid nil pointer dereference. + // Unless SetInterfaceRegistry is called with an interface registry with proper address codecs baseapp will panic. + app.cdc = codec.NewProtoCodec(codectypes.NewInterfaceRegistry()) + + protoFiles, err := proto.MergedRegistry() + if err != nil { + logger.Warn("error creating merged proto registry", "error", err) + } + + else { + err = msgservice.ValidateProtoAnnotations(protoFiles) + if err != nil { + // Once we switch to using protoreflect-based antehandlers, we might + // want to panic here instead of logging a warning. + logger.Warn("error validating merged proto registry annotations", "error", err) + } + + } + + return app + } + + // Name returns the name of the BaseApp. + func (app *BaseApp) + + Name() + + string { + return app.name + } + + // AppVersion returns the application's protocol version. + func (app *BaseApp) + + AppVersion() + + uint64 { + return app.appVersion + } + + // Version returns the application's version string. + func (app *BaseApp) + + Version() + + string { + return app.version + } + + // Logger returns the logger of the BaseApp. + func (app *BaseApp) + + Logger() + + log.Logger { + return app.logger + } + + // Trace returns the boolean value for logging error stack traces. + func (app *BaseApp) + + Trace() + + bool { + return app.trace + } + + // MsgServiceRouter returns the MsgServiceRouter of a BaseApp. + func (app *BaseApp) + + MsgServiceRouter() *MsgServiceRouter { + return app.msgServiceRouter + } + + // GRPCQueryRouter returns the GRPCQueryRouter of a BaseApp. + func (app *BaseApp) + + GRPCQueryRouter() *GRPCQueryRouter { + return app.grpcQueryRouter + } + + // MountStores mounts all IAVL or DB stores to the provided keys in the BaseApp + // multistore. + func (app *BaseApp) + + MountStores(keys ...storetypes.StoreKey) { + for _, key := range keys { + switch key.(type) { + case *storetypes.KVStoreKey: + if !app.fauxMerkleMode { + app.MountStore(key, storetypes.StoreTypeIAVL) + } + + else { + // StoreTypeDB doesn't do anything upon commit, and it doesn't + // retain history, but it's useful for faster simulation. + app.MountStore(key, storetypes.StoreTypeDB) + } + case *storetypes.TransientStoreKey: + app.MountStore(key, storetypes.StoreTypeTransient) + case *storetypes.MemoryStoreKey: + app.MountStore(key, storetypes.StoreTypeMemory) + + default: + panic(fmt.Sprintf("Unrecognized store key type :%T", key)) + } + + } + } + + // MountKVStores mounts all IAVL or DB stores to the provided keys in the + // BaseApp multistore. + func (app *BaseApp) + + MountKVStores(keys map[string]*storetypes.KVStoreKey) { + for _, key := range keys { + if !app.fauxMerkleMode { + app.MountStore(key, storetypes.StoreTypeIAVL) + } + + else { + // StoreTypeDB doesn't do anything upon commit, and it doesn't + // retain history, but it's useful for faster simulation. + app.MountStore(key, storetypes.StoreTypeDB) + } + + } + } + + // MountTransientStores mounts all transient stores to the provided keys in + // the BaseApp multistore. + func (app *BaseApp) + + MountTransientStores(keys map[string]*storetypes.TransientStoreKey) { + for _, key := range keys { + app.MountStore(key, storetypes.StoreTypeTransient) + } + } + + // MountMemoryStores mounts all in-memory KVStores with the BaseApp's internal + // commit multi-store. + func (app *BaseApp) + + MountMemoryStores(keys map[string]*storetypes.MemoryStoreKey) { + skeys := slices.Sorted(maps.Keys(keys)) + for _, key := range skeys { + memKey := keys[key] + app.MountStore(memKey, storetypes.StoreTypeMemory) + } + } + + // MountStore mounts a store to the provided key in the BaseApp multistore, + // using the default DB. + func (app *BaseApp) + + MountStore(key storetypes.StoreKey, typ storetypes.StoreType) { + app.cms.MountStoreWithDB(key, typ, nil) + } + + // LoadLatestVersion loads the latest application version. It will panic if + // called more than once on a running BaseApp. + func (app *BaseApp) + + LoadLatestVersion() + + error { + err := app.storeLoader(app.cms) + if err != nil { + return fmt.Errorf("failed to load latest version: %w", err) + } + + return app.Init() + } + + // DefaultStoreLoader will be used by default and loads the latest version + func DefaultStoreLoader(ms storetypes.CommitMultiStore) + + error { + return ms.LoadLatestVersion() + } + + // CommitMultiStore returns the root multi-store. + // App constructor can use this to access the `cms`. + // UNSAFE: must not be used during the abci life cycle. + func (app *BaseApp) + + CommitMultiStore() + + storetypes.CommitMultiStore { + return app.cms + } + + // SnapshotManager returns the snapshot manager. + // application use this to register extra extension snapshotters. + func (app *BaseApp) + + SnapshotManager() *snapshots.Manager { + return app.snapshotManager + } + + // LoadVersion loads the BaseApp application version. It will panic if called + // more than once on a running baseapp. + func (app *BaseApp) + + LoadVersion(version int64) + + error { + app.logger.Info("NOTICE: this could take a long time to migrate IAVL store to fastnode if you enable Fast Node.\n") + err := app.cms.LoadVersion(version) + if err != nil { + return fmt.Errorf("failed to load version %d: %w", version, err) + } + + return app.Init() + } + + // LastCommitID returns the last CommitID of the multistore. + func (app *BaseApp) + + LastCommitID() + + storetypes.CommitID { + return app.cms.LastCommitID() + } + + // LastBlockHeight returns the last committed block height. + func (app *BaseApp) + + LastBlockHeight() + + int64 { + return app.cms.LastCommitID().Version + } + + // ChainID returns the chainID of the app. + func (app *BaseApp) + + ChainID() + + string { + return app.chainID + } + + // AnteHandler returns the AnteHandler of the app. + func (app *BaseApp) + + AnteHandler() + + sdk.AnteHandler { + return app.anteHandler + } + + // Mempool returns the Mempool of the app. + func (app *BaseApp) + + Mempool() + + mempool.Mempool { + return app.mempool + } + + // Init initializes the app. It seals the app, preventing any + // further modifications. In addition, it validates the app against + // the earlier provided settings. Returns an error if validation fails. + // nil otherwise. Panics if the app is already sealed. + func (app *BaseApp) + + Init() + + error { + if app.sealed { + panic("cannot call initFromMainStore: baseapp already sealed") + } + if app.cms == nil { + return errors.New("commit multi-store must not be nil") + } + emptyHeader := cmtproto.Header{ + ChainID: app.chainID + } + + // needed for the export command which inits from store but never calls initchain + app.setState(execModeCheck, emptyHeader) + + app.Seal() + + return app.cms.GetPruning().Validate() + } + + func (app *BaseApp) + + setMinGasPrices(gasPrices sdk.DecCoins) { + app.minGasPrices = gasPrices + } + + func (app *BaseApp) + + setHaltHeight(haltHeight uint64) { + app.haltHeight = haltHeight + } + + func (app *BaseApp) + + setHaltTime(haltTime uint64) { + app.haltTime = haltTime + } + + func (app *BaseApp) + + setMinRetainBlocks(minRetainBlocks uint64) { + app.minRetainBlocks = minRetainBlocks + } + + func (app *BaseApp) + + setInterBlockCache(cache storetypes.MultiStorePersistentCache) { + app.interBlockCache = cache + } + + func (app *BaseApp) + + setTrace(trace bool) { + app.trace = trace + } + + func (app *BaseApp) + + setIndexEvents(ie []string) { + app.indexEvents = make(map[string]struct{ + }) + for _, e := range ie { + app.indexEvents[e] = struct{ + }{ + } + + } + } + + // Seal seals a BaseApp. It prohibits any further modifications to a BaseApp. + func (app *BaseApp) + + Seal() { + app.sealed = true + } + + // IsSealed returns true if the BaseApp is sealed and false otherwise. + func (app *BaseApp) + + IsSealed() + + bool { + return app.sealed + } + + // setState sets the BaseApp's state for the corresponding mode with a branched + // multi-store (i.e. a CacheMultiStore) + + and a new Context with the same + // multi-store branch, and provided header. + func (app *BaseApp) + + setState(mode execMode, h cmtproto.Header) { + ms := app.cms.CacheMultiStore() + headerInfo := header.Info{ + Height: h.Height, + Time: h.Time, + ChainID: h.ChainID, + AppHash: h.AppHash, + } + baseState := &state{ + ms: ms, + ctx: sdk.NewContext(ms, h, false, app.logger). + WithStreamingManager(app.streamingManager). + WithHeaderInfo(headerInfo), + } + switch mode { + case execModeCheck: + baseState.SetContext(baseState.Context().WithIsCheckTx(true).WithMinGasPrices(app.minGasPrices)) + + app.checkState = baseState + case execModePrepareProposal: + app.prepareProposalState = baseState + case execModeProcessProposal: + app.processProposalState = baseState + case execModeFinalize: + app.finalizeBlockState = baseState + + default: + panic(fmt.Sprintf("invalid runTxMode for setState: %d", mode)) + } + } + + // SetCircuitBreaker sets the circuit breaker for the BaseApp. + // The circuit breaker is checked on every message execution to verify if a transaction should be executed or not. + func (app *BaseApp) + + SetCircuitBreaker(cb CircuitBreaker) { + if app.msgServiceRouter == nil { + panic("cannot set circuit breaker with no msg service router set") + } + + app.msgServiceRouter.SetCircuit(cb) + } + + // GetConsensusParams returns the current consensus parameters from the BaseApp's + // ParamStore. If the BaseApp has no ParamStore defined, nil is returned. + func (app *BaseApp) + + GetConsensusParams(ctx sdk.Context) + + cmtproto.ConsensusParams { + if app.paramStore == nil { + return cmtproto.ConsensusParams{ + } + + } + + cp, err := app.paramStore.Get(ctx) + if err != nil { + // This could happen while migrating from v0.45/v0.46 to v0.50, we should + // allow it to happen so during preblock the upgrade plan can be executed + // and the consensus params set for the first time in the new format. + app.logger.Error("failed to get consensus params", "err", err) + + return cmtproto.ConsensusParams{ + } + + } + + return cp + } + + // StoreConsensusParams sets the consensus parameters to the BaseApp's param + // store. + // + // NOTE: We're explicitly not storing the CometBFT app_version in the param store. + // It's stored instead in the x/upgrade store, with its own bump logic. + func (app *BaseApp) + + StoreConsensusParams(ctx sdk.Context, cp cmtproto.ConsensusParams) + + error { + if app.paramStore == nil { + return errors.New("cannot store consensus params with no params store set") + } + + return app.paramStore.Set(ctx, cp) + } + + // AddRunTxRecoveryHandler adds custom app.runTx method panic handlers. + func (app *BaseApp) + + AddRunTxRecoveryHandler(handlers ...RecoveryHandler) { + for _, h := range handlers { + app.runTxRecoveryMiddleware = newRecoveryMiddleware(h, app.runTxRecoveryMiddleware) + } + } + + // GetMaximumBlockGas gets the maximum gas from the consensus params. It panics + // if maximum block gas is less than negative one and returns zero if negative + // one. + func (app *BaseApp) + + GetMaximumBlockGas(ctx sdk.Context) + + uint64 { + cp := app.GetConsensusParams(ctx) + if cp.Block == nil { + return 0 + } + maxGas := cp.Block.MaxGas + switch { + case maxGas < -1: + panic(fmt.Sprintf("invalid maximum block gas: %d", maxGas)) + case maxGas == -1: + return 0 + + default: + return uint64(maxGas) + } + } + + func (app *BaseApp) + + validateFinalizeBlockHeight(req *abci.RequestFinalizeBlock) + + error { + if req.Height < 1 { + return fmt.Errorf("invalid height: %d", req.Height) + } + lastBlockHeight := app.LastBlockHeight() + + // expectedHeight holds the expected height to validate + var expectedHeight int64 + if lastBlockHeight == 0 && app.initialHeight > 1 { + // In this case, we're validating the first block of the chain, i.e no + // previous commit. The height we're expecting is the initial height. + expectedHeight = app.initialHeight + } + + else { + // This case can mean two things: + // + // - Either there was already a previous commit in the store, in which + // case we increment the version from there. + // - Or there was no previous commit, in which case we start at version 1. + expectedHeight = lastBlockHeight + 1 + } + if req.Height != expectedHeight { + return fmt.Errorf("invalid height: %d; expected: %d", req.Height, expectedHeight) + } + + return nil + } + + // validateBasicTxMsgs executes basic validator calls for messages. + func validateBasicTxMsgs(msgs []sdk.Msg) + + error { + if len(msgs) == 0 { + return errorsmod.Wrap(sdkerrors.ErrInvalidRequest, "must contain at least one message") + } + for _, msg := range msgs { + m, ok := msg.(sdk.HasValidateBasic) + if !ok { + continue + } + if err := m.ValidateBasic(); err != nil { + return err + } + + } + + return nil + } + + func (app *BaseApp) + + getState(mode execMode) *state { + switch mode { + case execModeFinalize: + return app.finalizeBlockState + case execModePrepareProposal: + return app.prepareProposalState + case execModeProcessProposal: + return app.processProposalState + + default: + return app.checkState + } + } + + func (app *BaseApp) + + getBlockGasMeter(ctx sdk.Context) + + storetypes.GasMeter { + if app.disableBlockGasMeter { + return noopGasMeter{ + } + + } + if maxGas := app.GetMaximumBlockGas(ctx); maxGas > 0 { + return storetypes.NewGasMeter(maxGas) + } + + return storetypes.NewInfiniteGasMeter() + } + + // retrieve the context for the tx w/ txBytes and other memoized values. + func (app *BaseApp) + + getContextForTx(mode execMode, txBytes []byte) + + sdk.Context { + app.mu.Lock() + + defer app.mu.Unlock() + modeState := app.getState(mode) + if modeState == nil { + panic(fmt.Sprintf("state is nil for mode %v", mode)) + } + ctx := modeState.Context(). + WithTxBytes(txBytes). + WithGasMeter(storetypes.NewInfiniteGasMeter()) + // WithVoteInfos(app.voteInfos) // TODO: identify if this is needed + + ctx = ctx.WithIsSigverifyTx(app.sigverifyTx) + + ctx = ctx.WithConsensusParams(app.GetConsensusParams(ctx)) + if mode == execModeReCheck { + ctx = ctx.WithIsReCheckTx(true) + } + if mode == execModeSimulate { + ctx, _ = ctx.CacheContext() + + ctx = ctx.WithExecMode(sdk.ExecMode(execModeSimulate)) + } + + return ctx + } + + // cacheTxContext returns a new context based off of the provided context with + // a branched multi-store. + func (app *BaseApp) + + cacheTxContext(ctx sdk.Context, txBytes []byte) (sdk.Context, storetypes.CacheMultiStore) { + ms := ctx.MultiStore() + msCache := ms.CacheMultiStore() + if msCache.TracingEnabled() { + msCache = msCache.SetTracingContext( + storetypes.TraceContext( + map[string]any{ + "txHash": fmt.Sprintf("%X", tmhash.Sum(txBytes)), + }, + ), + ).(storetypes.CacheMultiStore) + } + + return ctx.WithMultiStore(msCache), msCache + } + + func (app *BaseApp) + + preBlock(req *abci.RequestFinalizeBlock) ([]abci.Event, error) { + var events []abci.Event + if app.preBlocker != nil { + ctx := app.finalizeBlockState.Context().WithEventManager(sdk.NewEventManager()) + + rsp, err := app.preBlocker(ctx, req) + if err != nil { + return nil, err + } + // rsp.ConsensusParamsChanged is true from preBlocker means ConsensusParams in store get changed + // write the consensus parameters in store to context + if rsp.ConsensusParamsChanged { + ctx = ctx.WithConsensusParams(app.GetConsensusParams(ctx)) + // GasMeter must be set after we get a context with updated consensus params. + gasMeter := app.getBlockGasMeter(ctx) + + ctx = ctx.WithBlockGasMeter(gasMeter) + + app.finalizeBlockState.SetContext(ctx) + } + + events = ctx.EventManager().ABCIEvents() + } + + return events, nil + } + + func (app *BaseApp) + + beginBlock(_ *abci.RequestFinalizeBlock) (sdk.BeginBlock, error) { + var ( + resp sdk.BeginBlock + err error + ) + if app.beginBlocker != nil { + resp, err = app.beginBlocker(app.finalizeBlockState.Context()) + if err != nil { + return resp, err + } + + // append BeginBlock attributes to all events in the EndBlock response + for i, event := range resp.Events { + resp.Events[i].Attributes = append( + event.Attributes, + abci.EventAttribute{ + Key: "mode", + Value: "BeginBlock" + }, + ) + } + + resp.Events = sdk.MarkEventsToIndex(resp.Events, app.indexEvents) + } + + return resp, nil + } + + func (app *BaseApp) + + deliverTx(tx []byte) *abci.ExecTxResult { + gInfo := sdk.GasInfo{ + } + resultStr := "successful" + + var resp *abci.ExecTxResult + + defer func() { + telemetry.IncrCounter(1, "tx", "count") + + telemetry.IncrCounter(1, "tx", resultStr) + + telemetry.SetGauge(float32(gInfo.GasUsed), "tx", "gas", "used") + + telemetry.SetGauge(float32(gInfo.GasWanted), "tx", "gas", "wanted") + }() + + gInfo, result, anteEvents, err := app.runTx(execModeFinalize, tx, nil) + if err != nil { + resultStr = "failed" + resp = sdkerrors.ResponseExecTxResultWithEvents( + err, + gInfo.GasWanted, + gInfo.GasUsed, + sdk.MarkEventsToIndex(anteEvents, app.indexEvents), + app.trace, + ) + + return resp + } + + resp = &abci.ExecTxResult{ + GasWanted: int64(gInfo.GasWanted), + GasUsed: int64(gInfo.GasUsed), + Log: result.Log, + Data: result.Data, + Events: sdk.MarkEventsToIndex(result.Events, app.indexEvents), + } + + return resp + } + + // endBlock is an application-defined function that is called after transactions + // have been processed in FinalizeBlock. + func (app *BaseApp) + + endBlock(_ context.Context) (sdk.EndBlock, error) { + var endblock sdk.EndBlock + if app.endBlocker != nil { + eb, err := app.endBlocker(app.finalizeBlockState.Context()) + if err != nil { + return endblock, err + } + + // append EndBlock attributes to all events in the EndBlock response + for i, event := range eb.Events { + eb.Events[i].Attributes = append( + event.Attributes, + abci.EventAttribute{ + Key: "mode", + Value: "EndBlock" + }, + ) + } + + eb.Events = sdk.MarkEventsToIndex(eb.Events, app.indexEvents) + + endblock = eb + } + + return endblock, nil + } + + // runTx processes a transaction within a given execution mode, encoded transaction + // bytes, and the decoded transaction itself. All state transitions occur through + // a cached Context depending on the mode provided. State only gets persisted + // if all messages get executed successfully and the execution mode is DeliverTx. + // Note, gas execution info is always returned. A reference to a Result is + // returned if the tx does not run out of gas and if all the messages are valid + // and execute successfully. An error is returned otherwise. + // both txbytes and the decoded tx are passed to runTx to avoid the state machine encoding the tx and decoding the transaction twice + // passing the decoded tx to runTX is optional, it will be decoded if the tx is nil + func (app *BaseApp) + + runTx(mode execMode, txBytes []byte, tx sdk.Tx) (gInfo sdk.GasInfo, result *sdk.Result, anteEvents []abci.Event, err error) { + // NOTE: GasWanted should be returned by the AnteHandler. GasUsed is + // determined by the GasMeter. We need access to the context to get the gas + // meter, so we initialize upfront. + var gasWanted uint64 + ctx := app.getContextForTx(mode, txBytes) + ms := ctx.MultiStore() + + // only run the tx if there is block gas remaining + if mode == execModeFinalize && ctx.BlockGasMeter().IsOutOfGas() { + return gInfo, nil, nil, errorsmod.Wrap(sdkerrors.ErrOutOfGas, "no block gas left to run tx") + } + + defer func() { + if r := recover(); r != nil { + recoveryMW := newOutOfGasRecoveryMiddleware(gasWanted, ctx, app.runTxRecoveryMiddleware) + + err, result = processRecovery(r, recoveryMW), nil + ctx.Logger().Error("panic recovered in runTx", "err", err) + } + + gInfo = sdk.GasInfo{ + GasWanted: gasWanted, + GasUsed: ctx.GasMeter().GasConsumed() + } + + }() + blockGasConsumed := false + + // consumeBlockGas makes sure block gas is consumed at most once. It must + // happen after tx processing, and must be executed even if tx processing + // fails. Hence, it's execution is deferred. + consumeBlockGas := func() { + if !blockGasConsumed { + blockGasConsumed = true + ctx.BlockGasMeter().ConsumeGas( + ctx.GasMeter().GasConsumedToLimit(), "block gas meter", + ) + } + + } + + // If BlockGasMeter() + + panics it will be caught by the above recover and will + // return an error - in any case BlockGasMeter will consume gas past the limit. + // + // NOTE: consumeBlockGas must exist in a separate defer function from the + // general deferred recovery function to recover from consumeBlockGas as it'll + // be executed first (deferred statements are executed as stack). + if mode == execModeFinalize { + defer consumeBlockGas() + } + + // if the transaction is not decoded, decode it here + if tx == nil { + tx, err = app.txDecoder(txBytes) + if err != nil { + return sdk.GasInfo{ + GasUsed: 0, + GasWanted: 0 + }, nil, nil, sdkerrors.ErrTxDecode.Wrap(err.Error()) + } + + } + msgs := tx.GetMsgs() + if err := validateBasicTxMsgs(msgs); err != nil { + return sdk.GasInfo{ + }, nil, nil, err + } + for _, msg := range msgs { + handler := app.msgServiceRouter.Handler(msg) + if handler == nil { + return sdk.GasInfo{ + }, nil, nil, errorsmod.Wrapf(sdkerrors.ErrUnknownRequest, "no message handler found for %T", msg) + } + + } + if app.anteHandler != nil { + var ( + anteCtx sdk.Context + msCache storetypes.CacheMultiStore + ) + + // Branch context before AnteHandler call in case it aborts. + // This is required for both CheckTx and DeliverTx. + // Ref: https://github.com/cosmos/cosmos-sdk/issues/2772 + // + // NOTE: Alternatively, we could require that AnteHandler ensures that + // writes do not happen if aborted/failed. This may have some + // performance benefits, but it'll be more difficult to get right. + anteCtx, msCache = app.cacheTxContext(ctx, txBytes) + + anteCtx = anteCtx.WithEventManager(sdk.NewEventManager()) + + newCtx, err := app.anteHandler(anteCtx, tx, mode == execModeSimulate) + if !newCtx.IsZero() { + // At this point, newCtx.MultiStore() + + is a store branch, or something else + // replaced by the AnteHandler. We want the original multistore. + // + // Also, in the case of the tx aborting, we need to track gas consumed via + // the instantiated gas meter in the AnteHandler, so we update the context + // prior to returning. + ctx = newCtx.WithMultiStore(ms) + } + events := ctx.EventManager().Events() + + // GasMeter expected to be set in AnteHandler + gasWanted = ctx.GasMeter().Limit() + if err != nil { + if mode == execModeReCheck { + // if the ante handler fails on recheck, we want to remove the tx from the mempool + if mempoolErr := app.mempool.Remove(tx); mempoolErr != nil { + return gInfo, nil, anteEvents, errors.Join(err, mempoolErr) + } + + } + + return gInfo, nil, nil, err + } + + msCache.Write() + + anteEvents = events.ToABCIEvents() + } + switch mode { + case execModeCheck: + err = app.mempool.Insert(ctx, tx) + if err != nil { + return gInfo, nil, anteEvents, err + } + case execModeFinalize: + err = app.mempool.Remove(tx) + if err != nil && !errors.Is(err, mempool.ErrTxNotFound) { + return gInfo, nil, anteEvents, + fmt.Errorf("failed to remove tx from mempool: %w", err) + } + + } + + // Create a new Context based off of the existing Context with a MultiStore branch + // in case message processing fails. At this point, the MultiStore + // is a branch of a branch. + runMsgCtx, msCache := app.cacheTxContext(ctx, txBytes) + + // Attempt to execute all messages and only update state if all messages pass + // and we're in DeliverTx. Note, runMsgs will never return a reference to a + // Result if any single message fails or does not have a registered Handler. + msgsV2, err := tx.GetMsgsV2() + if err == nil { + result, err = app.runMsgs(runMsgCtx, msgs, msgsV2, mode) + } + + // Run optional postHandlers (should run regardless of the execution result). + // + // Note: If the postHandler fails, we also revert the runMsgs state. + if app.postHandler != nil { + // The runMsgCtx context currently contains events emitted by the ante handler. + // We clear this to correctly order events without duplicates. + // Note that the state is still preserved. + postCtx := runMsgCtx.WithEventManager(sdk.NewEventManager()) + + newCtx, errPostHandler := app.postHandler(postCtx, tx, mode == execModeSimulate, err == nil) + if errPostHandler != nil { + if err == nil { + // when the msg was handled successfully, return the post handler error only + return gInfo, nil, anteEvents, errPostHandler + } + // otherwise append to the msg error so that we keep the original error code for better user experience + return gInfo, nil, anteEvents, errorsmod.Wrapf(err, "postHandler: %s", errPostHandler) + } + + // we don't want runTx to panic if runMsgs has failed earlier + if result == nil { + result = &sdk.Result{ + } + + } + + result.Events = append(result.Events, newCtx.EventManager().ABCIEvents()...) + } + if err == nil { + if mode == execModeFinalize { + // When block gas exceeds, it'll panic and won't commit the cached store. + consumeBlockGas() + + msCache.Write() + } + if len(anteEvents) > 0 && (mode == execModeFinalize || mode == execModeSimulate) { + // append the events in the order of occurrence + result.Events = append(anteEvents, result.Events...) + } + + } + + return gInfo, result, anteEvents, err + } + + // runMsgs iterates through a list of messages and executes them with the provided + // Context and execution mode. Messages will only be executed during simulation + // and DeliverTx. An error is returned if any single message fails or if a + // Handler does not exist for a given message route. Otherwise, a reference to a + // Result is returned. The caller must not commit state if an error is returned. + func (app *BaseApp) + + runMsgs(ctx sdk.Context, msgs []sdk.Msg, msgsV2 []protov2.Message, mode execMode) (*sdk.Result, error) { + events := sdk.EmptyEvents() + + var msgResponses []*codectypes.Any + + // NOTE: GasWanted is determined by the AnteHandler and GasUsed by the GasMeter. + for i, msg := range msgs { + if mode != execModeFinalize && mode != execModeSimulate { + break + } + handler := app.msgServiceRouter.Handler(msg) + if handler == nil { + return nil, errorsmod.Wrapf(sdkerrors.ErrUnknownRequest, "no message handler found for %T", msg) + } + + // ADR 031 request type routing + msgResult, err := handler(ctx, msg) + if err != nil { + return nil, errorsmod.Wrapf(err, "failed to execute message; message index: %d", i) + } + + // create message events + msgEvents, err := createEvents(app.cdc, msgResult.GetEvents(), msg, msgsV2[i]) + if err != nil { + return nil, errorsmod.Wrapf(err, "failed to create message events; message index: %d", i) + } + + // append message events and data + // + // Note: Each message result's data must be length-prefixed in order to + // separate each result. + for j, event := range msgEvents { + // append message index to all events + msgEvents[j] = event.AppendAttributes(sdk.NewAttribute("msg_index", strconv.Itoa(i))) + } + + events = events.AppendEvents(msgEvents) + + // Each individual sdk.Result that went through the MsgServiceRouter + // (which should represent 99% of the Msgs now, since everyone should + // be using protobuf Msgs) + + has exactly one Msg response, set inside + // `WrapServiceResult`. We take that Msg response, and aggregate it + // into an array. + if len(msgResult.MsgResponses) > 0 { + msgResponse := msgResult.MsgResponses[0] + if msgResponse == nil { + return nil, sdkerrors.ErrLogic.Wrapf("got nil Msg response at index %d for msg %s", i, sdk.MsgTypeURL(msg)) + } + + msgResponses = append(msgResponses, msgResponse) + } + + + } + + data, err := makeABCIData(msgResponses) + if err != nil { + return nil, errorsmod.Wrap(err, "failed to marshal tx data") + } + + return &sdk.Result{ + Data: data, + Events: events.ToABCIEvents(), + MsgResponses: msgResponses, + }, nil + } + + // makeABCIData generates the Data field to be sent to ABCI Check/DeliverTx. + func makeABCIData(msgResponses []*codectypes.Any) ([]byte, error) { + return proto.Marshal(&sdk.TxMsgData{ + MsgResponses: msgResponses + }) + } + + func createEvents(cdc codec.Codec, events sdk.Events, msg sdk.Msg, msgV2 protov2.Message) (sdk.Events, error) { + eventMsgName := sdk.MsgTypeURL(msg) + msgEvent := sdk.NewEvent(sdk.EventTypeMessage, sdk.NewAttribute(sdk.AttributeKeyAction, eventMsgName)) + + // we set the signer attribute as the sender + signers, err := cdc.GetMsgV2Signers(msgV2) + if err != nil { + return nil, err + } + if len(signers) > 0 && signers[0] != nil { + addrStr, err := cdc.InterfaceRegistry().SigningContext().AddressCodec().BytesToString(signers[0]) + if err != nil { + return nil, err + } + + msgEvent = msgEvent.AppendAttributes(sdk.NewAttribute(sdk.AttributeKeySender, addrStr)) + } + + // verify that events have no module attribute set + if _, found := events.GetAttributes(sdk.AttributeKeyModule); !found { + if moduleName := sdk.GetModuleNameFromTypeURL(eventMsgName); moduleName != "" { + msgEvent = msgEvent.AppendAttributes(sdk.NewAttribute(sdk.AttributeKeyModule, moduleName)) + } + + } + + return sdk.Events{ + msgEvent + }.AppendEvents(events), nil + } + + // PrepareProposalVerifyTx performs transaction verification when a proposer is + // creating a block proposal during PrepareProposal. Any state committed to the + // PrepareProposal state internally will be discarded. will be + // returned if the transaction cannot be encoded. will be returned if + // the transaction is valid, otherwise will be returned. + func (app *BaseApp) + + PrepareProposalVerifyTx(tx sdk.Tx) ([]byte, error) { + bz, err := app.txEncoder(tx) + if err != nil { + return nil, err + } + + _, _, _, err = app.runTx(execModePrepareProposal, bz, tx) + if err != nil { + return nil, err + } + + return bz, nil + } + + // ProcessProposalVerifyTx performs transaction verification when receiving a + // block proposal during ProcessProposal. Any state committed to the + // ProcessProposal state internally will be discarded. will be + // returned if the transaction cannot be decoded. will be returned if + // the transaction is valid, otherwise will be returned. + func (app *BaseApp) + + ProcessProposalVerifyTx(txBz []byte) (sdk.Tx, error) { + tx, err := app.txDecoder(txBz) + if err != nil { + return nil, err + } + + _, _, _, err = app.runTx(execModeProcessProposal, txBz, tx) + if err != nil { + return nil, err + } + + return tx, nil + } + + func (app *BaseApp) + + TxDecode(txBytes []byte) (sdk.Tx, error) { + return app.txDecoder(txBytes) + } + + func (app *BaseApp) + + TxEncode(tx sdk.Tx) ([]byte, error) { + return app.txEncoder(tx) + } + + func (app *BaseApp) + + StreamingManager() + + storetypes.StreamingManager { + return app.streamingManager + } + + // Close is called in start cmd to gracefully cleanup resources. + func (app *BaseApp) + + Close() + + error { + var errs []error + + // Close app.db (opened by cosmos-sdk/server/start.go call to openDB) + if app.db != nil { + app.logger.Info("Closing application.db") + if err := app.db.Close(); err != nil { + errs = append(errs, err) + } + + } + + // Close app.snapshotManager + // - opened when app chains use cosmos-sdk/server/util.go/DefaultBaseappOptions (boilerplate) + // - which calls cosmos-sdk/server/util.go/GetSnapshotStore + // - which is passed to baseapp/options.go/SetSnapshot + // - to set app.snapshotManager = snapshots.NewManager + if app.snapshotManager != nil { + app.logger.Info("Closing snapshots/metadata.db") + if err := app.snapshotManager.Close(); err != nil { + errs = append(errs, err) + } + + } + + return errors.Join(errs...) + } + + // GetBaseApp returns the pointer to itself. + func (app *BaseApp) + + GetBaseApp() *BaseApp { + return app + } + ``` + + This function also resets the [main gas meter](/docs/sdk/vnext/learn/beginner/gas-fees#main-gas-meter). + +* Initialize the [block gas meter](/docs/sdk/vnext/learn/beginner/gas-fees#block-gas-meter) with the `maxGas` limit. The `gas` consumed within the block cannot go above `maxGas`. This parameter is defined in the application's consensus parameters. + +* Run the application's [`beginBlocker()`](/docs/sdk/vnext/learn/beginner/app-anatomy#beginblocker-and-endblocker), which mainly runs the [`BeginBlocker()`](/docs/sdk/vnext/build/building-modules/beginblock-endblock#beginblock) method of each of the modules. + +* Set the [`VoteInfos`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#voteinfo) of the application, i.e. the list of validators whose *precommit* for the previous block was included by the proposer of the current block. This information is carried into the [`Context`](/docs/sdk/vnext/learn/advanced/context) so that it can be used during transaction execution and EndBlock. + +#### Transaction Execution + +When the underlying consensus engine receives a block proposal, each transaction in the block needs to be processed by the application. To that end, the underlying consensus engine sends the transactions in FinalizeBlock message to the application for each transaction in a sequential order. + +Before the first transaction of a given block is processed, a [volatile state](#state-updates) called `finalizeBlockState` is initialized during FinalizeBlock. This state is updated each time a transaction is processed via `FinalizeBlock`, and committed to the [main state](#main-state) when the block is [committed](#commit), after what it is set to `nil`. + +```go expandable +package baseapp + +import ( + + "context" + "fmt" + "maps" + "math" + "slices" + "strconv" + "sync" + "github.com/cockroachdb/errors" + abci "github.com/cometbft/cometbft/abci/types" + "github.com/cometbft/cometbft/crypto/tmhash" + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + dbm "github.com/cosmos/cosmos-db" + "github.com/cosmos/gogoproto/proto" + protov2 "google.golang.org/protobuf/proto" + "cosmossdk.io/core/header" + errorsmod "cosmossdk.io/errors" + "cosmossdk.io/log" + "cosmossdk.io/store" + storemetrics "cosmossdk.io/store/metrics" + "cosmossdk.io/store/snapshots" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/baseapp/oe" + "github.com/cosmos/cosmos-sdk/codec" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + servertypes "github.com/cosmos/cosmos-sdk/server/types" + "github.com/cosmos/cosmos-sdk/telemetry" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/cosmos/cosmos-sdk/types/mempool" + "github.com/cosmos/cosmos-sdk/types/msgservice" +) + +type ( + execMode uint8 + + // StoreLoader defines a customizable function to control how we load the + // CommitMultiStore from disk. This is useful for state migration, when + // loading a datastore written with an older version of the software. In + // particular, if a module changed the substore key name (or removed a substore) + // between two versions of the software. + StoreLoader func(ms storetypes.CommitMultiStore) + +error +) + +const ( + execModeCheck execMode = iota // Check a transaction + execModeReCheck // Recheck a (pending) + +transaction after a commit + execModeSimulate // Simulate a transaction + execModePrepareProposal // Prepare a block proposal + execModeProcessProposal // Process a block proposal + execModeVoteExtension // Extend or verify a pre-commit vote + execModeVerifyVoteExtension // Verify a vote extension + execModeFinalize // Finalize a block proposal +) + +var _ servertypes.ABCI = (*BaseApp)(nil) + +// BaseApp reflects the ABCI application implementation. +type BaseApp struct { + // initialized on creation + mu sync.Mutex // mu protects the fields below. + logger log.Logger + name string // application name from abci.BlockInfo + db dbm.DB // common DB backend + cms storetypes.CommitMultiStore // Main (uncached) + +state + qms storetypes.MultiStore // Optional alternative multistore for querying only. + storeLoader StoreLoader // function to handle store loading, may be overridden with SetStoreLoader() + +grpcQueryRouter *GRPCQueryRouter // router for redirecting gRPC query calls + msgServiceRouter *MsgServiceRouter // router for redirecting Msg service messages + interfaceRegistry codectypes.InterfaceRegistry + txDecoder sdk.TxDecoder // unmarshal []byte into sdk.Tx + txEncoder sdk.TxEncoder // marshal sdk.Tx into []byte + + mempool mempool.Mempool // application side mempool + anteHandler sdk.AnteHandler // ante handler for fee and auth + postHandler sdk.PostHandler // post handler, optional + + checkTxHandler sdk.CheckTxHandler // ABCI CheckTx handler + initChainer sdk.InitChainer // ABCI InitChain handler + preBlocker sdk.PreBlocker // logic to run before BeginBlocker + beginBlocker sdk.BeginBlocker // (legacy ABCI) + +BeginBlock handler + endBlocker sdk.EndBlocker // (legacy ABCI) + +EndBlock handler + processProposal sdk.ProcessProposalHandler // ABCI ProcessProposal handler + prepareProposal sdk.PrepareProposalHandler // ABCI PrepareProposal + extendVote sdk.ExtendVoteHandler // ABCI ExtendVote handler + verifyVoteExt sdk.VerifyVoteExtensionHandler // ABCI VerifyVoteExtension handler + prepareCheckStater sdk.PrepareCheckStater // logic to run during commit using the checkState + precommiter sdk.Precommiter // logic to run during commit using the deliverState + + addrPeerFilter sdk.PeerFilter // filter peers by address and port + idPeerFilter sdk.PeerFilter // filter peers by node ID + fauxMerkleMode bool // if true, IAVL MountStores uses MountStoresDB for simulation speed. + sigverifyTx bool // in the simulation test, since the account does not have a private key, we have to ignore the tx sigverify. + + // manages snapshots, i.e. dumps of app state at certain intervals + snapshotManager *snapshots.Manager + + // volatile states: + // + // - checkState is set on InitChain and reset on Commit + // - finalizeBlockState is set on InitChain and FinalizeBlock and set to nil + // on Commit. + // + // - checkState: Used for CheckTx, which is set based on the previous block's + // state. This state is never committed. + // + // - prepareProposalState: Used for PrepareProposal, which is set based on the + // previous block's state. This state is never committed. In case of multiple + // consensus rounds, the state is always reset to the previous block's state. + // + // - processProposalState: Used for ProcessProposal, which is set based on the + // the previous block's state. This state is never committed. In case of + // multiple rounds, the state is always reset to the previous block's state. + // + // - finalizeBlockState: Used for FinalizeBlock, which is set based on the + // previous block's state. This state is committed. + checkState *state + prepareProposalState *state + processProposalState *state + finalizeBlockState *state + + // An inter-block write-through cache provided to the context during the ABCI + // FinalizeBlock call. + interBlockCache storetypes.MultiStorePersistentCache + + // paramStore is used to query for ABCI consensus parameters from an + // application parameter store. + paramStore ParamStore + + // queryGasLimit defines the maximum gas for queries; unbounded if 0. + queryGasLimit uint64 + + // The minimum gas prices a validator is willing to accept for processing a + // transaction. This is mainly used for DoS and spam prevention. + minGasPrices sdk.DecCoins + + // initialHeight is the initial height at which we start the BaseApp + initialHeight int64 + + // flag for sealing options and parameters to a BaseApp + sealed bool + + // block height at which to halt the chain and gracefully shutdown + haltHeight uint64 + + // minimum block time (in Unix seconds) + +at which to halt the chain and gracefully shutdown + haltTime uint64 + + // minRetainBlocks defines the minimum block height offset from the current + // block being committed, such that all blocks past this offset are pruned + // from CometBFT. It is used as part of the process of determining the + // ResponseCommit.RetainHeight value during ABCI Commit. A value of 0 indicates + // that no blocks should be pruned. + // + // Note: CometBFT block pruning is dependant on this parameter in conjunction + // with the unbonding (safety threshold) + +period, state pruning and state sync + // snapshot parameters to determine the correct minimum value of + // ResponseCommit.RetainHeight. + minRetainBlocks uint64 + + // application's version string + version string + + // application's protocol version that increments on every upgrade + // if BaseApp is passed to the upgrade keeper's NewKeeper method. + appVersion uint64 + + // recovery handler for app.runTx method + runTxRecoveryMiddleware recoveryMiddleware + + // trace set will return full stack traces for errors in ABCI Log field + trace bool + + // indexEvents defines the set of events in the form { + eventType +}.{ + attributeKey +}, + // which informs CometBFT what to index. If empty, all events will be indexed. + indexEvents map[string]struct{ +} + + // streamingManager for managing instances and configuration of ABCIListener services + streamingManager storetypes.StreamingManager + + chainID string + + cdc codec.Codec + + // optimisticExec contains the context required for Optimistic Execution, + // including the goroutine handling.This is experimental and must be enabled + // by developers. + optimisticExec *oe.OptimisticExecution + + // disableBlockGasMeter will disable the block gas meter if true, block gas meter is tricky to support + // when executing transactions in parallel. + // when disabled, the block gas meter in context is a noop one. + // + // SAFETY: it's safe to do if validators validate the total gas wanted in the `ProcessProposal`, which is the case in the default handler. + disableBlockGasMeter bool +} + +// NewBaseApp returns a reference to an initialized BaseApp. It accepts a +// variadic number of option functions, which act on the BaseApp to set +// configuration choices. +func NewBaseApp( + name string, logger log.Logger, db dbm.DB, txDecoder sdk.TxDecoder, options ...func(*BaseApp), +) *BaseApp { + app := &BaseApp{ + logger: logger.With(log.ModuleKey, "baseapp"), + name: name, + db: db, + cms: store.NewCommitMultiStore(db, logger, storemetrics.NewNoOpMetrics()), // by default we use a no-op metric gather in store + storeLoader: DefaultStoreLoader, + grpcQueryRouter: NewGRPCQueryRouter(), + msgServiceRouter: NewMsgServiceRouter(), + txDecoder: txDecoder, + fauxMerkleMode: false, + sigverifyTx: true, + queryGasLimit: math.MaxUint64, +} + for _, option := range options { + option(app) +} + if app.mempool == nil { + app.SetMempool(mempool.NoOpMempool{ +}) +} + abciProposalHandler := NewDefaultProposalHandler(app.mempool, app) + if app.prepareProposal == nil { + app.SetPrepareProposal(abciProposalHandler.PrepareProposalHandler()) +} + if app.processProposal == nil { + app.SetProcessProposal(abciProposalHandler.ProcessProposalHandler()) +} + if app.extendVote == nil { + app.SetExtendVoteHandler(NoOpExtendVote()) +} + if app.verifyVoteExt == nil { + app.SetVerifyVoteExtensionHandler(NoOpVerifyVoteExtensionHandler()) +} + if app.interBlockCache != nil { + app.cms.SetInterBlockCache(app.interBlockCache) +} + +app.runTxRecoveryMiddleware = newDefaultRecoveryMiddleware() + + // Initialize with an empty interface registry to avoid nil pointer dereference. + // Unless SetInterfaceRegistry is called with an interface registry with proper address codecs baseapp will panic. + app.cdc = codec.NewProtoCodec(codectypes.NewInterfaceRegistry()) + +protoFiles, err := proto.MergedRegistry() + if err != nil { + logger.Warn("error creating merged proto registry", "error", err) +} + +else { + err = msgservice.ValidateProtoAnnotations(protoFiles) + if err != nil { + // Once we switch to using protoreflect-based antehandlers, we might + // want to panic here instead of logging a warning. + logger.Warn("error validating merged proto registry annotations", "error", err) +} + +} + +return app +} + +// Name returns the name of the BaseApp. +func (app *BaseApp) + +Name() + +string { + return app.name +} + +// AppVersion returns the application's protocol version. +func (app *BaseApp) + +AppVersion() + +uint64 { + return app.appVersion +} + +// Version returns the application's version string. +func (app *BaseApp) + +Version() + +string { + return app.version +} + +// Logger returns the logger of the BaseApp. +func (app *BaseApp) + +Logger() + +log.Logger { + return app.logger +} + +// Trace returns the boolean value for logging error stack traces. +func (app *BaseApp) + +Trace() + +bool { + return app.trace +} + +// MsgServiceRouter returns the MsgServiceRouter of a BaseApp. +func (app *BaseApp) + +MsgServiceRouter() *MsgServiceRouter { + return app.msgServiceRouter +} + +// GRPCQueryRouter returns the GRPCQueryRouter of a BaseApp. +func (app *BaseApp) + +GRPCQueryRouter() *GRPCQueryRouter { + return app.grpcQueryRouter +} + +// MountStores mounts all IAVL or DB stores to the provided keys in the BaseApp +// multistore. +func (app *BaseApp) + +MountStores(keys ...storetypes.StoreKey) { + for _, key := range keys { + switch key.(type) { + case *storetypes.KVStoreKey: + if !app.fauxMerkleMode { + app.MountStore(key, storetypes.StoreTypeIAVL) +} + +else { + // StoreTypeDB doesn't do anything upon commit, and it doesn't + // retain history, but it's useful for faster simulation. + app.MountStore(key, storetypes.StoreTypeDB) +} + case *storetypes.TransientStoreKey: + app.MountStore(key, storetypes.StoreTypeTransient) + case *storetypes.MemoryStoreKey: + app.MountStore(key, storetypes.StoreTypeMemory) + +default: + panic(fmt.Sprintf("Unrecognized store key type :%T", key)) +} + +} +} + +// MountKVStores mounts all IAVL or DB stores to the provided keys in the +// BaseApp multistore. +func (app *BaseApp) + +MountKVStores(keys map[string]*storetypes.KVStoreKey) { + for _, key := range keys { + if !app.fauxMerkleMode { + app.MountStore(key, storetypes.StoreTypeIAVL) +} + +else { + // StoreTypeDB doesn't do anything upon commit, and it doesn't + // retain history, but it's useful for faster simulation. + app.MountStore(key, storetypes.StoreTypeDB) +} + +} +} + +// MountTransientStores mounts all transient stores to the provided keys in +// the BaseApp multistore. +func (app *BaseApp) + +MountTransientStores(keys map[string]*storetypes.TransientStoreKey) { + for _, key := range keys { + app.MountStore(key, storetypes.StoreTypeTransient) +} +} + +// MountMemoryStores mounts all in-memory KVStores with the BaseApp's internal +// commit multi-store. +func (app *BaseApp) + +MountMemoryStores(keys map[string]*storetypes.MemoryStoreKey) { + skeys := slices.Sorted(maps.Keys(keys)) + for _, key := range skeys { + memKey := keys[key] + app.MountStore(memKey, storetypes.StoreTypeMemory) +} +} + +// MountStore mounts a store to the provided key in the BaseApp multistore, +// using the default DB. +func (app *BaseApp) + +MountStore(key storetypes.StoreKey, typ storetypes.StoreType) { + app.cms.MountStoreWithDB(key, typ, nil) +} + +// LoadLatestVersion loads the latest application version. It will panic if +// called more than once on a running BaseApp. +func (app *BaseApp) + +LoadLatestVersion() + +error { + err := app.storeLoader(app.cms) + if err != nil { + return fmt.Errorf("failed to load latest version: %w", err) +} + +return app.Init() +} + +// DefaultStoreLoader will be used by default and loads the latest version +func DefaultStoreLoader(ms storetypes.CommitMultiStore) + +error { + return ms.LoadLatestVersion() +} + +// CommitMultiStore returns the root multi-store. +// App constructor can use this to access the `cms`. +// UNSAFE: must not be used during the abci life cycle. +func (app *BaseApp) + +CommitMultiStore() + +storetypes.CommitMultiStore { + return app.cms +} + +// SnapshotManager returns the snapshot manager. +// application use this to register extra extension snapshotters. +func (app *BaseApp) + +SnapshotManager() *snapshots.Manager { + return app.snapshotManager +} + +// LoadVersion loads the BaseApp application version. It will panic if called +// more than once on a running baseapp. +func (app *BaseApp) + +LoadVersion(version int64) + +error { + app.logger.Info("NOTICE: this could take a long time to migrate IAVL store to fastnode if you enable Fast Node.\n") + err := app.cms.LoadVersion(version) + if err != nil { + return fmt.Errorf("failed to load version %d: %w", version, err) +} + +return app.Init() +} + +// LastCommitID returns the last CommitID of the multistore. +func (app *BaseApp) + +LastCommitID() + +storetypes.CommitID { + return app.cms.LastCommitID() +} + +// LastBlockHeight returns the last committed block height. +func (app *BaseApp) + +LastBlockHeight() + +int64 { + return app.cms.LastCommitID().Version +} + +// ChainID returns the chainID of the app. +func (app *BaseApp) + +ChainID() + +string { + return app.chainID +} + +// AnteHandler returns the AnteHandler of the app. +func (app *BaseApp) + +AnteHandler() + +sdk.AnteHandler { + return app.anteHandler +} + +// Mempool returns the Mempool of the app. +func (app *BaseApp) + +Mempool() + +mempool.Mempool { + return app.mempool +} + +// Init initializes the app. It seals the app, preventing any +// further modifications. In addition, it validates the app against +// the earlier provided settings. Returns an error if validation fails. +// nil otherwise. Panics if the app is already sealed. +func (app *BaseApp) + +Init() + +error { + if app.sealed { + panic("cannot call initFromMainStore: baseapp already sealed") +} + if app.cms == nil { + return errors.New("commit multi-store must not be nil") +} + emptyHeader := cmtproto.Header{ + ChainID: app.chainID +} + + // needed for the export command which inits from store but never calls initchain + app.setState(execModeCheck, emptyHeader) + +app.Seal() + +return app.cms.GetPruning().Validate() +} + +func (app *BaseApp) + +setMinGasPrices(gasPrices sdk.DecCoins) { + app.minGasPrices = gasPrices +} + +func (app *BaseApp) + +setHaltHeight(haltHeight uint64) { + app.haltHeight = haltHeight +} + +func (app *BaseApp) + +setHaltTime(haltTime uint64) { + app.haltTime = haltTime +} + +func (app *BaseApp) + +setMinRetainBlocks(minRetainBlocks uint64) { + app.minRetainBlocks = minRetainBlocks +} + +func (app *BaseApp) + +setInterBlockCache(cache storetypes.MultiStorePersistentCache) { + app.interBlockCache = cache +} + +func (app *BaseApp) + +setTrace(trace bool) { + app.trace = trace +} + +func (app *BaseApp) + +setIndexEvents(ie []string) { + app.indexEvents = make(map[string]struct{ +}) + for _, e := range ie { + app.indexEvents[e] = struct{ +}{ +} + +} +} + +// Seal seals a BaseApp. It prohibits any further modifications to a BaseApp. +func (app *BaseApp) + +Seal() { + app.sealed = true +} + +// IsSealed returns true if the BaseApp is sealed and false otherwise. +func (app *BaseApp) + +IsSealed() + +bool { + return app.sealed +} + +// setState sets the BaseApp's state for the corresponding mode with a branched +// multi-store (i.e. a CacheMultiStore) + +and a new Context with the same +// multi-store branch, and provided header. +func (app *BaseApp) + +setState(mode execMode, h cmtproto.Header) { + ms := app.cms.CacheMultiStore() + headerInfo := header.Info{ + Height: h.Height, + Time: h.Time, + ChainID: h.ChainID, + AppHash: h.AppHash, +} + baseState := &state{ + ms: ms, + ctx: sdk.NewContext(ms, h, false, app.logger). + WithStreamingManager(app.streamingManager). + WithHeaderInfo(headerInfo), +} + switch mode { + case execModeCheck: + baseState.SetContext(baseState.Context().WithIsCheckTx(true).WithMinGasPrices(app.minGasPrices)) + +app.checkState = baseState + case execModePrepareProposal: + app.prepareProposalState = baseState + case execModeProcessProposal: + app.processProposalState = baseState + case execModeFinalize: + app.finalizeBlockState = baseState + + default: + panic(fmt.Sprintf("invalid runTxMode for setState: %d", mode)) +} +} + +// SetCircuitBreaker sets the circuit breaker for the BaseApp. +// The circuit breaker is checked on every message execution to verify if a transaction should be executed or not. +func (app *BaseApp) + +SetCircuitBreaker(cb CircuitBreaker) { + if app.msgServiceRouter == nil { + panic("cannot set circuit breaker with no msg service router set") +} + +app.msgServiceRouter.SetCircuit(cb) +} + +// GetConsensusParams returns the current consensus parameters from the BaseApp's +// ParamStore. If the BaseApp has no ParamStore defined, nil is returned. +func (app *BaseApp) + +GetConsensusParams(ctx sdk.Context) + +cmtproto.ConsensusParams { + if app.paramStore == nil { + return cmtproto.ConsensusParams{ +} + +} + +cp, err := app.paramStore.Get(ctx) + if err != nil { + // This could happen while migrating from v0.45/v0.46 to v0.50, we should + // allow it to happen so during preblock the upgrade plan can be executed + // and the consensus params set for the first time in the new format. + app.logger.Error("failed to get consensus params", "err", err) + +return cmtproto.ConsensusParams{ +} + +} + +return cp +} + +// StoreConsensusParams sets the consensus parameters to the BaseApp's param +// store. +// +// NOTE: We're explicitly not storing the CometBFT app_version in the param store. +// It's stored instead in the x/upgrade store, with its own bump logic. +func (app *BaseApp) + +StoreConsensusParams(ctx sdk.Context, cp cmtproto.ConsensusParams) + +error { + if app.paramStore == nil { + return errors.New("cannot store consensus params with no params store set") +} + +return app.paramStore.Set(ctx, cp) +} + +// AddRunTxRecoveryHandler adds custom app.runTx method panic handlers. +func (app *BaseApp) + +AddRunTxRecoveryHandler(handlers ...RecoveryHandler) { + for _, h := range handlers { + app.runTxRecoveryMiddleware = newRecoveryMiddleware(h, app.runTxRecoveryMiddleware) +} +} + +// GetMaximumBlockGas gets the maximum gas from the consensus params. It panics +// if maximum block gas is less than negative one and returns zero if negative +// one. +func (app *BaseApp) + +GetMaximumBlockGas(ctx sdk.Context) + +uint64 { + cp := app.GetConsensusParams(ctx) + if cp.Block == nil { + return 0 +} + maxGas := cp.Block.MaxGas + switch { + case maxGas < -1: + panic(fmt.Sprintf("invalid maximum block gas: %d", maxGas)) + case maxGas == -1: + return 0 + + default: + return uint64(maxGas) +} +} + +func (app *BaseApp) + +validateFinalizeBlockHeight(req *abci.RequestFinalizeBlock) + +error { + if req.Height < 1 { + return fmt.Errorf("invalid height: %d", req.Height) +} + lastBlockHeight := app.LastBlockHeight() + + // expectedHeight holds the expected height to validate + var expectedHeight int64 + if lastBlockHeight == 0 && app.initialHeight > 1 { + // In this case, we're validating the first block of the chain, i.e no + // previous commit. The height we're expecting is the initial height. + expectedHeight = app.initialHeight +} + +else { + // This case can mean two things: + // + // - Either there was already a previous commit in the store, in which + // case we increment the version from there. + // - Or there was no previous commit, in which case we start at version 1. + expectedHeight = lastBlockHeight + 1 +} + if req.Height != expectedHeight { + return fmt.Errorf("invalid height: %d; expected: %d", req.Height, expectedHeight) +} + +return nil +} + +// validateBasicTxMsgs executes basic validator calls for messages. +func validateBasicTxMsgs(msgs []sdk.Msg) + +error { + if len(msgs) == 0 { + return errorsmod.Wrap(sdkerrors.ErrInvalidRequest, "must contain at least one message") +} + for _, msg := range msgs { + m, ok := msg.(sdk.HasValidateBasic) + if !ok { + continue +} + if err := m.ValidateBasic(); err != nil { + return err +} + +} + +return nil +} + +func (app *BaseApp) + +getState(mode execMode) *state { + switch mode { + case execModeFinalize: + return app.finalizeBlockState + case execModePrepareProposal: + return app.prepareProposalState + case execModeProcessProposal: + return app.processProposalState + + default: + return app.checkState +} +} + +func (app *BaseApp) + +getBlockGasMeter(ctx sdk.Context) + +storetypes.GasMeter { + if app.disableBlockGasMeter { + return noopGasMeter{ +} + +} + if maxGas := app.GetMaximumBlockGas(ctx); maxGas > 0 { + return storetypes.NewGasMeter(maxGas) +} + +return storetypes.NewInfiniteGasMeter() +} + +// retrieve the context for the tx w/ txBytes and other memoized values. +func (app *BaseApp) + +getContextForTx(mode execMode, txBytes []byte) + +sdk.Context { + app.mu.Lock() + +defer app.mu.Unlock() + modeState := app.getState(mode) + if modeState == nil { + panic(fmt.Sprintf("state is nil for mode %v", mode)) +} + ctx := modeState.Context(). + WithTxBytes(txBytes). + WithGasMeter(storetypes.NewInfiniteGasMeter()) + // WithVoteInfos(app.voteInfos) // TODO: identify if this is needed + + ctx = ctx.WithIsSigverifyTx(app.sigverifyTx) + +ctx = ctx.WithConsensusParams(app.GetConsensusParams(ctx)) + if mode == execModeReCheck { + ctx = ctx.WithIsReCheckTx(true) +} + if mode == execModeSimulate { + ctx, _ = ctx.CacheContext() + +ctx = ctx.WithExecMode(sdk.ExecMode(execModeSimulate)) +} + +return ctx +} + +// cacheTxContext returns a new context based off of the provided context with +// a branched multi-store. +func (app *BaseApp) + +cacheTxContext(ctx sdk.Context, txBytes []byte) (sdk.Context, storetypes.CacheMultiStore) { + ms := ctx.MultiStore() + msCache := ms.CacheMultiStore() + if msCache.TracingEnabled() { + msCache = msCache.SetTracingContext( + storetypes.TraceContext( + map[string]any{ + "txHash": fmt.Sprintf("%X", tmhash.Sum(txBytes)), +}, + ), + ).(storetypes.CacheMultiStore) +} + +return ctx.WithMultiStore(msCache), msCache +} + +func (app *BaseApp) + +preBlock(req *abci.RequestFinalizeBlock) ([]abci.Event, error) { + var events []abci.Event + if app.preBlocker != nil { + ctx := app.finalizeBlockState.Context().WithEventManager(sdk.NewEventManager()) + +rsp, err := app.preBlocker(ctx, req) + if err != nil { + return nil, err +} + // rsp.ConsensusParamsChanged is true from preBlocker means ConsensusParams in store get changed + // write the consensus parameters in store to context + if rsp.ConsensusParamsChanged { + ctx = ctx.WithConsensusParams(app.GetConsensusParams(ctx)) + // GasMeter must be set after we get a context with updated consensus params. + gasMeter := app.getBlockGasMeter(ctx) + +ctx = ctx.WithBlockGasMeter(gasMeter) + +app.finalizeBlockState.SetContext(ctx) +} + +events = ctx.EventManager().ABCIEvents() +} + +return events, nil +} + +func (app *BaseApp) + +beginBlock(_ *abci.RequestFinalizeBlock) (sdk.BeginBlock, error) { + var ( + resp sdk.BeginBlock + err error + ) + if app.beginBlocker != nil { + resp, err = app.beginBlocker(app.finalizeBlockState.Context()) + if err != nil { + return resp, err +} + + // append BeginBlock attributes to all events in the EndBlock response + for i, event := range resp.Events { + resp.Events[i].Attributes = append( + event.Attributes, + abci.EventAttribute{ + Key: "mode", + Value: "BeginBlock" +}, + ) +} + +resp.Events = sdk.MarkEventsToIndex(resp.Events, app.indexEvents) +} + +return resp, nil +} + +func (app *BaseApp) + +deliverTx(tx []byte) *abci.ExecTxResult { + gInfo := sdk.GasInfo{ +} + resultStr := "successful" + + var resp *abci.ExecTxResult + + defer func() { + telemetry.IncrCounter(1, "tx", "count") + +telemetry.IncrCounter(1, "tx", resultStr) + +telemetry.SetGauge(float32(gInfo.GasUsed), "tx", "gas", "used") + +telemetry.SetGauge(float32(gInfo.GasWanted), "tx", "gas", "wanted") +}() + +gInfo, result, anteEvents, err := app.runTx(execModeFinalize, tx, nil) + if err != nil { + resultStr = "failed" + resp = sdkerrors.ResponseExecTxResultWithEvents( + err, + gInfo.GasWanted, + gInfo.GasUsed, + sdk.MarkEventsToIndex(anteEvents, app.indexEvents), + app.trace, + ) + +return resp +} + +resp = &abci.ExecTxResult{ + GasWanted: int64(gInfo.GasWanted), + GasUsed: int64(gInfo.GasUsed), + Log: result.Log, + Data: result.Data, + Events: sdk.MarkEventsToIndex(result.Events, app.indexEvents), +} + +return resp +} + +// endBlock is an application-defined function that is called after transactions +// have been processed in FinalizeBlock. +func (app *BaseApp) + +endBlock(_ context.Context) (sdk.EndBlock, error) { + var endblock sdk.EndBlock + if app.endBlocker != nil { + eb, err := app.endBlocker(app.finalizeBlockState.Context()) + if err != nil { + return endblock, err +} + + // append EndBlock attributes to all events in the EndBlock response + for i, event := range eb.Events { + eb.Events[i].Attributes = append( + event.Attributes, + abci.EventAttribute{ + Key: "mode", + Value: "EndBlock" +}, + ) +} + +eb.Events = sdk.MarkEventsToIndex(eb.Events, app.indexEvents) + +endblock = eb +} + +return endblock, nil +} + +// runTx processes a transaction within a given execution mode, encoded transaction +// bytes, and the decoded transaction itself. All state transitions occur through +// a cached Context depending on the mode provided. State only gets persisted +// if all messages get executed successfully and the execution mode is DeliverTx. +// Note, gas execution info is always returned. A reference to a Result is +// returned if the tx does not run out of gas and if all the messages are valid +// and execute successfully. An error is returned otherwise. +// both txbytes and the decoded tx are passed to runTx to avoid the state machine encoding the tx and decoding the transaction twice +// passing the decoded tx to runTX is optional, it will be decoded if the tx is nil +func (app *BaseApp) + +runTx(mode execMode, txBytes []byte, tx sdk.Tx) (gInfo sdk.GasInfo, result *sdk.Result, anteEvents []abci.Event, err error) { + // NOTE: GasWanted should be returned by the AnteHandler. GasUsed is + // determined by the GasMeter. We need access to the context to get the gas + // meter, so we initialize upfront. + var gasWanted uint64 + ctx := app.getContextForTx(mode, txBytes) + ms := ctx.MultiStore() + + // only run the tx if there is block gas remaining + if mode == execModeFinalize && ctx.BlockGasMeter().IsOutOfGas() { + return gInfo, nil, nil, errorsmod.Wrap(sdkerrors.ErrOutOfGas, "no block gas left to run tx") +} + +defer func() { + if r := recover(); r != nil { + recoveryMW := newOutOfGasRecoveryMiddleware(gasWanted, ctx, app.runTxRecoveryMiddleware) + +err, result = processRecovery(r, recoveryMW), nil + ctx.Logger().Error("panic recovered in runTx", "err", err) +} + +gInfo = sdk.GasInfo{ + GasWanted: gasWanted, + GasUsed: ctx.GasMeter().GasConsumed() +} + +}() + blockGasConsumed := false + + // consumeBlockGas makes sure block gas is consumed at most once. It must + // happen after tx processing, and must be executed even if tx processing + // fails. Hence, it's execution is deferred. + consumeBlockGas := func() { + if !blockGasConsumed { + blockGasConsumed = true + ctx.BlockGasMeter().ConsumeGas( + ctx.GasMeter().GasConsumedToLimit(), "block gas meter", + ) +} + +} + + // If BlockGasMeter() + +panics it will be caught by the above recover and will + // return an error - in any case BlockGasMeter will consume gas past the limit. + // + // NOTE: consumeBlockGas must exist in a separate defer function from the + // general deferred recovery function to recover from consumeBlockGas as it'll + // be executed first (deferred statements are executed as stack). + if mode == execModeFinalize { + defer consumeBlockGas() +} + + // if the transaction is not decoded, decode it here + if tx == nil { + tx, err = app.txDecoder(txBytes) + if err != nil { + return sdk.GasInfo{ + GasUsed: 0, + GasWanted: 0 +}, nil, nil, sdkerrors.ErrTxDecode.Wrap(err.Error()) +} + +} + msgs := tx.GetMsgs() + if err := validateBasicTxMsgs(msgs); err != nil { + return sdk.GasInfo{ +}, nil, nil, err +} + for _, msg := range msgs { + handler := app.msgServiceRouter.Handler(msg) + if handler == nil { + return sdk.GasInfo{ +}, nil, nil, errorsmod.Wrapf(sdkerrors.ErrUnknownRequest, "no message handler found for %T", msg) +} + +} + if app.anteHandler != nil { + var ( + anteCtx sdk.Context + msCache storetypes.CacheMultiStore + ) + + // Branch context before AnteHandler call in case it aborts. + // This is required for both CheckTx and DeliverTx. + // Ref: https://github.com/cosmos/cosmos-sdk/issues/2772 + // + // NOTE: Alternatively, we could require that AnteHandler ensures that + // writes do not happen if aborted/failed. This may have some + // performance benefits, but it'll be more difficult to get right. + anteCtx, msCache = app.cacheTxContext(ctx, txBytes) + +anteCtx = anteCtx.WithEventManager(sdk.NewEventManager()) + +newCtx, err := app.anteHandler(anteCtx, tx, mode == execModeSimulate) + if !newCtx.IsZero() { + // At this point, newCtx.MultiStore() + +is a store branch, or something else + // replaced by the AnteHandler. We want the original multistore. + // + // Also, in the case of the tx aborting, we need to track gas consumed via + // the instantiated gas meter in the AnteHandler, so we update the context + // prior to returning. + ctx = newCtx.WithMultiStore(ms) +} + events := ctx.EventManager().Events() + + // GasMeter expected to be set in AnteHandler + gasWanted = ctx.GasMeter().Limit() + if err != nil { + if mode == execModeReCheck { + // if the ante handler fails on recheck, we want to remove the tx from the mempool + if mempoolErr := app.mempool.Remove(tx); mempoolErr != nil { + return gInfo, nil, anteEvents, errors.Join(err, mempoolErr) +} + +} + +return gInfo, nil, nil, err +} + +msCache.Write() + +anteEvents = events.ToABCIEvents() +} + switch mode { + case execModeCheck: + err = app.mempool.Insert(ctx, tx) + if err != nil { + return gInfo, nil, anteEvents, err +} + case execModeFinalize: + err = app.mempool.Remove(tx) + if err != nil && !errors.Is(err, mempool.ErrTxNotFound) { + return gInfo, nil, anteEvents, + fmt.Errorf("failed to remove tx from mempool: %w", err) +} + +} + + // Create a new Context based off of the existing Context with a MultiStore branch + // in case message processing fails. At this point, the MultiStore + // is a branch of a branch. + runMsgCtx, msCache := app.cacheTxContext(ctx, txBytes) + + // Attempt to execute all messages and only update state if all messages pass + // and we're in DeliverTx. Note, runMsgs will never return a reference to a + // Result if any single message fails or does not have a registered Handler. + msgsV2, err := tx.GetMsgsV2() + if err == nil { + result, err = app.runMsgs(runMsgCtx, msgs, msgsV2, mode) +} + + // Run optional postHandlers (should run regardless of the execution result). + // + // Note: If the postHandler fails, we also revert the runMsgs state. + if app.postHandler != nil { + // The runMsgCtx context currently contains events emitted by the ante handler. + // We clear this to correctly order events without duplicates. + // Note that the state is still preserved. + postCtx := runMsgCtx.WithEventManager(sdk.NewEventManager()) + +newCtx, errPostHandler := app.postHandler(postCtx, tx, mode == execModeSimulate, err == nil) + if errPostHandler != nil { + if err == nil { + // when the msg was handled successfully, return the post handler error only + return gInfo, nil, anteEvents, errPostHandler +} + // otherwise append to the msg error so that we keep the original error code for better user experience + return gInfo, nil, anteEvents, errorsmod.Wrapf(err, "postHandler: %s", errPostHandler) +} + + // we don't want runTx to panic if runMsgs has failed earlier + if result == nil { + result = &sdk.Result{ +} + +} + +result.Events = append(result.Events, newCtx.EventManager().ABCIEvents()...) +} + if err == nil { + if mode == execModeFinalize { + // When block gas exceeds, it'll panic and won't commit the cached store. + consumeBlockGas() + +msCache.Write() +} + if len(anteEvents) > 0 && (mode == execModeFinalize || mode == execModeSimulate) { + // append the events in the order of occurrence + result.Events = append(anteEvents, result.Events...) +} + +} + +return gInfo, result, anteEvents, err +} + +// runMsgs iterates through a list of messages and executes them with the provided +// Context and execution mode. Messages will only be executed during simulation +// and DeliverTx. An error is returned if any single message fails or if a +// Handler does not exist for a given message route. Otherwise, a reference to a +// Result is returned. The caller must not commit state if an error is returned. +func (app *BaseApp) + +runMsgs(ctx sdk.Context, msgs []sdk.Msg, msgsV2 []protov2.Message, mode execMode) (*sdk.Result, error) { + events := sdk.EmptyEvents() + +var msgResponses []*codectypes.Any + + // NOTE: GasWanted is determined by the AnteHandler and GasUsed by the GasMeter. + for i, msg := range msgs { + if mode != execModeFinalize && mode != execModeSimulate { + break +} + handler := app.msgServiceRouter.Handler(msg) + if handler == nil { + return nil, errorsmod.Wrapf(sdkerrors.ErrUnknownRequest, "no message handler found for %T", msg) +} + + // ADR 031 request type routing + msgResult, err := handler(ctx, msg) + if err != nil { + return nil, errorsmod.Wrapf(err, "failed to execute message; message index: %d", i) +} + + // create message events + msgEvents, err := createEvents(app.cdc, msgResult.GetEvents(), msg, msgsV2[i]) + if err != nil { + return nil, errorsmod.Wrapf(err, "failed to create message events; message index: %d", i) +} + + // append message events and data + // + // Note: Each message result's data must be length-prefixed in order to + // separate each result. + for j, event := range msgEvents { + // append message index to all events + msgEvents[j] = event.AppendAttributes(sdk.NewAttribute("msg_index", strconv.Itoa(i))) +} + +events = events.AppendEvents(msgEvents) + + // Each individual sdk.Result that went through the MsgServiceRouter + // (which should represent 99% of the Msgs now, since everyone should + // be using protobuf Msgs) + +has exactly one Msg response, set inside + // `WrapServiceResult`. We take that Msg response, and aggregate it + // into an array. + if len(msgResult.MsgResponses) > 0 { + msgResponse := msgResult.MsgResponses[0] + if msgResponse == nil { + return nil, sdkerrors.ErrLogic.Wrapf("got nil Msg response at index %d for msg %s", i, sdk.MsgTypeURL(msg)) +} + +msgResponses = append(msgResponses, msgResponse) +} + + +} + +data, err := makeABCIData(msgResponses) + if err != nil { + return nil, errorsmod.Wrap(err, "failed to marshal tx data") +} + +return &sdk.Result{ + Data: data, + Events: events.ToABCIEvents(), + MsgResponses: msgResponses, +}, nil +} + +// makeABCIData generates the Data field to be sent to ABCI Check/DeliverTx. +func makeABCIData(msgResponses []*codectypes.Any) ([]byte, error) { + return proto.Marshal(&sdk.TxMsgData{ + MsgResponses: msgResponses +}) +} + +func createEvents(cdc codec.Codec, events sdk.Events, msg sdk.Msg, msgV2 protov2.Message) (sdk.Events, error) { + eventMsgName := sdk.MsgTypeURL(msg) + msgEvent := sdk.NewEvent(sdk.EventTypeMessage, sdk.NewAttribute(sdk.AttributeKeyAction, eventMsgName)) + + // we set the signer attribute as the sender + signers, err := cdc.GetMsgV2Signers(msgV2) + if err != nil { + return nil, err +} + if len(signers) > 0 && signers[0] != nil { + addrStr, err := cdc.InterfaceRegistry().SigningContext().AddressCodec().BytesToString(signers[0]) + if err != nil { + return nil, err +} + +msgEvent = msgEvent.AppendAttributes(sdk.NewAttribute(sdk.AttributeKeySender, addrStr)) +} + + // verify that events have no module attribute set + if _, found := events.GetAttributes(sdk.AttributeKeyModule); !found { + if moduleName := sdk.GetModuleNameFromTypeURL(eventMsgName); moduleName != "" { + msgEvent = msgEvent.AppendAttributes(sdk.NewAttribute(sdk.AttributeKeyModule, moduleName)) +} + +} + +return sdk.Events{ + msgEvent +}.AppendEvents(events), nil +} + +// PrepareProposalVerifyTx performs transaction verification when a proposer is +// creating a block proposal during PrepareProposal. Any state committed to the +// PrepareProposal state internally will be discarded. will be +// returned if the transaction cannot be encoded. will be returned if +// the transaction is valid, otherwise will be returned. +func (app *BaseApp) + +PrepareProposalVerifyTx(tx sdk.Tx) ([]byte, error) { + bz, err := app.txEncoder(tx) + if err != nil { + return nil, err +} + + _, _, _, err = app.runTx(execModePrepareProposal, bz, tx) + if err != nil { + return nil, err +} + +return bz, nil +} + +// ProcessProposalVerifyTx performs transaction verification when receiving a +// block proposal during ProcessProposal. Any state committed to the +// ProcessProposal state internally will be discarded. will be +// returned if the transaction cannot be decoded. will be returned if +// the transaction is valid, otherwise will be returned. +func (app *BaseApp) + +ProcessProposalVerifyTx(txBz []byte) (sdk.Tx, error) { + tx, err := app.txDecoder(txBz) + if err != nil { + return nil, err +} + + _, _, _, err = app.runTx(execModeProcessProposal, txBz, tx) + if err != nil { + return nil, err +} + +return tx, nil +} + +func (app *BaseApp) + +TxDecode(txBytes []byte) (sdk.Tx, error) { + return app.txDecoder(txBytes) +} + +func (app *BaseApp) + +TxEncode(tx sdk.Tx) ([]byte, error) { + return app.txEncoder(tx) +} + +func (app *BaseApp) + +StreamingManager() + +storetypes.StreamingManager { + return app.streamingManager +} + +// Close is called in start cmd to gracefully cleanup resources. +func (app *BaseApp) + +Close() + +error { + var errs []error + + // Close app.db (opened by cosmos-sdk/server/start.go call to openDB) + if app.db != nil { + app.logger.Info("Closing application.db") + if err := app.db.Close(); err != nil { + errs = append(errs, err) +} + +} + + // Close app.snapshotManager + // - opened when app chains use cosmos-sdk/server/util.go/DefaultBaseappOptions (boilerplate) + // - which calls cosmos-sdk/server/util.go/GetSnapshotStore + // - which is passed to baseapp/options.go/SetSnapshot + // - to set app.snapshotManager = snapshots.NewManager + if app.snapshotManager != nil { + app.logger.Info("Closing snapshots/metadata.db") + if err := app.snapshotManager.Close(); err != nil { + errs = append(errs, err) +} + +} + +return errors.Join(errs...) +} + +// GetBaseApp returns the pointer to itself. +func (app *BaseApp) + +GetBaseApp() *BaseApp { + return app +} +``` + +Transaction execution within `FinalizeBlock` performs the **exact same steps as `CheckTx`**, with a little caveat at step 3 and the addition of a fifth step: + +1. The `AnteHandler` does **not** check that the transaction's `gas-prices` is sufficient. That is because the `min-gas-prices` value `gas-prices` is checked against is local to the node, and therefore what is enough for one full-node might not be for another. This means that the proposer can potentially include transactions for free, although they are not incentivized to do so, as they earn a bonus on the total fee of the block they propose. +2. For each `sdk.Msg` in the transaction, route to the appropriate module's Protobuf [`Msg` service](/docs/sdk/vnext/build/building-modules/msg-services). Additional *stateful* checks are performed, and the branched multistore held in `finalizeBlockState`'s `context` is updated by the module's `keeper`. If the `Msg` service returns successfully, the branched multistore held in `context` is written to `finalizeBlockState` `CacheMultiStore`. + +During the additional fifth step outlined in (2), each read/write to the store increases the value of `GasConsumed`. You can find the default cost of each operation: + +```go expandable +package types + +import ( + + "fmt" + "math" +) + +// Gas consumption descriptors. +const ( + GasIterNextCostFlatDesc = "IterNextFlat" + GasValuePerByteDesc = "ValuePerByte" + GasWritePerByteDesc = "WritePerByte" + GasReadPerByteDesc = "ReadPerByte" + GasWriteCostFlatDesc = "WriteFlat" + GasReadCostFlatDesc = "ReadFlat" + GasHasDesc = "Has" + GasDeleteDesc = "Delete" +) + +// Gas measured by the SDK +type Gas = uint64 + +// ErrorNegativeGasConsumed defines an error thrown when the amount of gas refunded results in a +// negative gas consumed amount. +type ErrorNegativeGasConsumed struct { + Descriptor string +} + +// ErrorOutOfGas defines an error thrown when an action results in out of gas. +type ErrorOutOfGas struct { + Descriptor string +} + +// ErrorGasOverflow defines an error thrown when an action results gas consumption +// unsigned integer overflow. +type ErrorGasOverflow struct { + Descriptor string +} + +// GasMeter interface to track gas consumption +type GasMeter interface { + GasConsumed() + +Gas + GasConsumedToLimit() + +Gas + GasRemaining() + +Gas + Limit() + +Gas + ConsumeGas(amount Gas, descriptor string) + +RefundGas(amount Gas, descriptor string) + +IsPastLimit() + +bool + IsOutOfGas() + +bool + String() + +string +} + +type basicGasMeter struct { + limit Gas + consumed Gas +} + +// NewGasMeter returns a reference to a new basicGasMeter. +func NewGasMeter(limit Gas) + +GasMeter { + return &basicGasMeter{ + limit: limit, + consumed: 0, +} +} + +// GasConsumed returns the gas consumed from the GasMeter. +func (g *basicGasMeter) + +GasConsumed() + +Gas { + return g.consumed +} + +// GasRemaining returns the gas left in the GasMeter. +func (g *basicGasMeter) + +GasRemaining() + +Gas { + if g.IsPastLimit() { + return 0 +} + +return g.limit - g.consumed +} + +// Limit returns the gas limit of the GasMeter. +func (g *basicGasMeter) + +Limit() + +Gas { + return g.limit +} + +// GasConsumedToLimit returns the gas limit if gas consumed is past the limit, +// otherwise it returns the consumed gas. +// +// NOTE: This behavior is only called when recovering from panic when +// BlockGasMeter consumes gas past the limit. +func (g *basicGasMeter) + +GasConsumedToLimit() + +Gas { + if g.IsPastLimit() { + return g.limit +} + +return g.consumed +} + +// addUint64Overflow performs the addition operation on two uint64 integers and +// returns a boolean on whether or not the result overflows. +func addUint64Overflow(a, b uint64) (uint64, bool) { + if math.MaxUint64-a < b { + return 0, true +} + +return a + b, false +} + +// ConsumeGas adds the given amount of gas to the gas consumed and panics if it overflows the limit or out of gas. +func (g *basicGasMeter) + +ConsumeGas(amount Gas, descriptor string) { + var overflow bool + g.consumed, overflow = addUint64Overflow(g.consumed, amount) + if overflow { + g.consumed = math.MaxUint64 + panic(ErrorGasOverflow{ + descriptor +}) +} + if g.consumed > g.limit { + panic(ErrorOutOfGas{ + descriptor +}) +} +} + +// RefundGas will deduct the given amount from the gas consumed. If the amount is greater than the +// gas consumed, the function will panic. +// +// Use case: This functionality enables refunding gas to the transaction or block gas pools so that +// EVM-compatible chains can fully support the go-ethereum StateDb interface. +// See https://github.com/cosmos/cosmos-sdk/pull/9403 for reference. +func (g *basicGasMeter) + +RefundGas(amount Gas, descriptor string) { + if g.consumed < amount { + panic(ErrorNegativeGasConsumed{ + Descriptor: descriptor +}) +} + +g.consumed -= amount +} + +// IsPastLimit returns true if gas consumed is past limit, otherwise it returns false. +func (g *basicGasMeter) + +IsPastLimit() + +bool { + return g.consumed > g.limit +} + +// IsOutOfGas returns true if gas consumed is greater than or equal to gas limit, otherwise it returns false. +func (g *basicGasMeter) + +IsOutOfGas() + +bool { + return g.consumed >= g.limit +} + +// String returns the BasicGasMeter's gas limit and gas consumed. +func (g *basicGasMeter) + +String() + +string { + return fmt.Sprintf("BasicGasMeter:\n limit: %d\n consumed: %d", g.limit, g.consumed) +} + +type infiniteGasMeter struct { + consumed Gas +} + +// NewInfiniteGasMeter returns a new gas meter without a limit. +func NewInfiniteGasMeter() + +GasMeter { + return &infiniteGasMeter{ + consumed: 0, +} +} + +// GasConsumed returns the gas consumed from the GasMeter. +func (g *infiniteGasMeter) + +GasConsumed() + +Gas { + return g.consumed +} + +// GasConsumedToLimit returns the gas consumed from the GasMeter since the gas is not confined to a limit. +// NOTE: This behavior is only called when recovering from panic when BlockGasMeter consumes gas past the limit. +func (g *infiniteGasMeter) + +GasConsumedToLimit() + +Gas { + return g.consumed +} + +// GasRemaining returns MaxUint64 since limit is not confined in infiniteGasMeter. +func (g *infiniteGasMeter) + +GasRemaining() + +Gas { + return math.MaxUint64 +} + +// Limit returns MaxUint64 since limit is not confined in infiniteGasMeter. +func (g *infiniteGasMeter) + +Limit() + +Gas { + return math.MaxUint64 +} + +// ConsumeGas adds the given amount of gas to the gas consumed and panics if it overflows the limit. +func (g *infiniteGasMeter) + +ConsumeGas(amount Gas, descriptor string) { + var overflow bool + // TODO: Should we set the consumed field after overflow checking? + g.consumed, overflow = addUint64Overflow(g.consumed, amount) + if overflow { + panic(ErrorGasOverflow{ + descriptor +}) +} +} + +// RefundGas will deduct the given amount from the gas consumed. If the amount is greater than the +// gas consumed, the function will panic. +// +// Use case: This functionality enables refunding gas to the trasaction or block gas pools so that +// EVM-compatible chains can fully support the go-ethereum StateDb interface. +// See https://github.com/cosmos/cosmos-sdk/pull/9403 for reference. +func (g *infiniteGasMeter) + +RefundGas(amount Gas, descriptor string) { + if g.consumed < amount { + panic(ErrorNegativeGasConsumed{ + Descriptor: descriptor +}) +} + +g.consumed -= amount +} + +// IsPastLimit returns false since the gas limit is not confined. +func (g *infiniteGasMeter) + +IsPastLimit() + +bool { + return false +} + +// IsOutOfGas returns false since the gas limit is not confined. +func (g *infiniteGasMeter) + +IsOutOfGas() + +bool { + return false +} + +// String returns the InfiniteGasMeter's gas consumed. +func (g *infiniteGasMeter) + +String() + +string { + return fmt.Sprintf("InfiniteGasMeter:\n consumed: %d", g.consumed) +} + +// GasConfig defines gas cost for each operation on KVStores +type GasConfig struct { + HasCost Gas + DeleteCost Gas + ReadCostFlat Gas + ReadCostPerByte Gas + WriteCostFlat Gas + WriteCostPerByte Gas + IterNextCostFlat Gas +} + +// KVGasConfig returns a default gas config for KVStores. +func KVGasConfig() + +GasConfig { + return GasConfig{ + HasCost: 1000, + DeleteCost: 1000, + ReadCostFlat: 1000, + ReadCostPerByte: 3, + WriteCostFlat: 2000, + WriteCostPerByte: 30, + IterNextCostFlat: 30, +} +} + +// TransientGasConfig returns a default gas config for TransientStores. +func TransientGasConfig() + +GasConfig { + return GasConfig{ + HasCost: 100, + DeleteCost: 100, + ReadCostFlat: 100, + ReadCostPerByte: 0, + WriteCostFlat: 200, + WriteCostPerByte: 3, + IterNextCostFlat: 3, +} +} +``` + +At any point, if `GasConsumed > GasWanted`, the function returns with `Code != 0` and the execution fails. + +Each transactions returns a response to the underlying consensus engine of type [`abci.ExecTxResult`](https://github.com/cometbft/cometbft/blob/v0.38.0-rc1/spec/abci/abci%2B%2B_methods.md#exectxresult). The response contains: + +* `Code (uint32)`: Response Code. `0` if successful. +* `Data ([]byte)`: Result bytes, if any. +* `Log (string):` The output of the application's logger. May be non-deterministic. +* `Info (string):` Additional information. May be non-deterministic. +* `GasWanted (int64)`: Amount of gas requested for transaction. It is provided by users when they generate the transaction. +* `GasUsed (int64)`: Amount of gas consumed by transaction. During transaction execution, this value is computed by multiplying the standard cost of a transaction byte by the size of the raw transaction, and by adding gas each time a read/write to the store occurs. +* `Events ([]cmn.KVPair)`: Key-Value tags for filtering and indexing transactions (eg. by account). See [`event`s](/docs/sdk/vnext/learn/advanced/events) for more. +* `Codespace (string)`: Namespace for the Code. + +#### EndBlock + +EndBlock is run after transaction execution completes. It allows developers to have logic be executed at the end of each block. In the Cosmos SDK, the bulk EndBlock() method is to run the application's EndBlocker(), which mainly runs the EndBlocker() method of each of the application's modules. + +```go expandable +package baseapp + +import ( + + "context" + "fmt" + "maps" + "math" + "slices" + "strconv" + "sync" + "github.com/cockroachdb/errors" + abci "github.com/cometbft/cometbft/abci/types" + "github.com/cometbft/cometbft/crypto/tmhash" + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + dbm "github.com/cosmos/cosmos-db" + "github.com/cosmos/gogoproto/proto" + protov2 "google.golang.org/protobuf/proto" + "cosmossdk.io/core/header" + errorsmod "cosmossdk.io/errors" + "cosmossdk.io/log" + "cosmossdk.io/store" + storemetrics "cosmossdk.io/store/metrics" + "cosmossdk.io/store/snapshots" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/baseapp/oe" + "github.com/cosmos/cosmos-sdk/codec" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + servertypes "github.com/cosmos/cosmos-sdk/server/types" + "github.com/cosmos/cosmos-sdk/telemetry" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/cosmos/cosmos-sdk/types/mempool" + "github.com/cosmos/cosmos-sdk/types/msgservice" +) + +type ( + execMode uint8 + + // StoreLoader defines a customizable function to control how we load the + // CommitMultiStore from disk. This is useful for state migration, when + // loading a datastore written with an older version of the software. In + // particular, if a module changed the substore key name (or removed a substore) + // between two versions of the software. + StoreLoader func(ms storetypes.CommitMultiStore) + +error +) + +const ( + execModeCheck execMode = iota // Check a transaction + execModeReCheck // Recheck a (pending) + +transaction after a commit + execModeSimulate // Simulate a transaction + execModePrepareProposal // Prepare a block proposal + execModeProcessProposal // Process a block proposal + execModeVoteExtension // Extend or verify a pre-commit vote + execModeVerifyVoteExtension // Verify a vote extension + execModeFinalize // Finalize a block proposal +) + +var _ servertypes.ABCI = (*BaseApp)(nil) + +// BaseApp reflects the ABCI application implementation. +type BaseApp struct { + // initialized on creation + mu sync.Mutex // mu protects the fields below. + logger log.Logger + name string // application name from abci.BlockInfo + db dbm.DB // common DB backend + cms storetypes.CommitMultiStore // Main (uncached) + +state + qms storetypes.MultiStore // Optional alternative multistore for querying only. + storeLoader StoreLoader // function to handle store loading, may be overridden with SetStoreLoader() + +grpcQueryRouter *GRPCQueryRouter // router for redirecting gRPC query calls + msgServiceRouter *MsgServiceRouter // router for redirecting Msg service messages + interfaceRegistry codectypes.InterfaceRegistry + txDecoder sdk.TxDecoder // unmarshal []byte into sdk.Tx + txEncoder sdk.TxEncoder // marshal sdk.Tx into []byte + + mempool mempool.Mempool // application side mempool + anteHandler sdk.AnteHandler // ante handler for fee and auth + postHandler sdk.PostHandler // post handler, optional + + checkTxHandler sdk.CheckTxHandler // ABCI CheckTx handler + initChainer sdk.InitChainer // ABCI InitChain handler + preBlocker sdk.PreBlocker // logic to run before BeginBlocker + beginBlocker sdk.BeginBlocker // (legacy ABCI) + +BeginBlock handler + endBlocker sdk.EndBlocker // (legacy ABCI) + +EndBlock handler + processProposal sdk.ProcessProposalHandler // ABCI ProcessProposal handler + prepareProposal sdk.PrepareProposalHandler // ABCI PrepareProposal + extendVote sdk.ExtendVoteHandler // ABCI ExtendVote handler + verifyVoteExt sdk.VerifyVoteExtensionHandler // ABCI VerifyVoteExtension handler + prepareCheckStater sdk.PrepareCheckStater // logic to run during commit using the checkState + precommiter sdk.Precommiter // logic to run during commit using the deliverState + + addrPeerFilter sdk.PeerFilter // filter peers by address and port + idPeerFilter sdk.PeerFilter // filter peers by node ID + fauxMerkleMode bool // if true, IAVL MountStores uses MountStoresDB for simulation speed. + sigverifyTx bool // in the simulation test, since the account does not have a private key, we have to ignore the tx sigverify. + + // manages snapshots, i.e. dumps of app state at certain intervals + snapshotManager *snapshots.Manager + + // volatile states: + // + // - checkState is set on InitChain and reset on Commit + // - finalizeBlockState is set on InitChain and FinalizeBlock and set to nil + // on Commit. + // + // - checkState: Used for CheckTx, which is set based on the previous block's + // state. This state is never committed. + // + // - prepareProposalState: Used for PrepareProposal, which is set based on the + // previous block's state. This state is never committed. In case of multiple + // consensus rounds, the state is always reset to the previous block's state. + // + // - processProposalState: Used for ProcessProposal, which is set based on the + // the previous block's state. This state is never committed. In case of + // multiple rounds, the state is always reset to the previous block's state. + // + // - finalizeBlockState: Used for FinalizeBlock, which is set based on the + // previous block's state. This state is committed. + checkState *state + prepareProposalState *state + processProposalState *state + finalizeBlockState *state + + // An inter-block write-through cache provided to the context during the ABCI + // FinalizeBlock call. + interBlockCache storetypes.MultiStorePersistentCache + + // paramStore is used to query for ABCI consensus parameters from an + // application parameter store. + paramStore ParamStore + + // queryGasLimit defines the maximum gas for queries; unbounded if 0. + queryGasLimit uint64 + + // The minimum gas prices a validator is willing to accept for processing a + // transaction. This is mainly used for DoS and spam prevention. + minGasPrices sdk.DecCoins + + // initialHeight is the initial height at which we start the BaseApp + initialHeight int64 + + // flag for sealing options and parameters to a BaseApp + sealed bool + + // block height at which to halt the chain and gracefully shutdown + haltHeight uint64 + + // minimum block time (in Unix seconds) + +at which to halt the chain and gracefully shutdown + haltTime uint64 + + // minRetainBlocks defines the minimum block height offset from the current + // block being committed, such that all blocks past this offset are pruned + // from CometBFT. It is used as part of the process of determining the + // ResponseCommit.RetainHeight value during ABCI Commit. A value of 0 indicates + // that no blocks should be pruned. + // + // Note: CometBFT block pruning is dependant on this parameter in conjunction + // with the unbonding (safety threshold) + +period, state pruning and state sync + // snapshot parameters to determine the correct minimum value of + // ResponseCommit.RetainHeight. + minRetainBlocks uint64 + + // application's version string + version string + + // application's protocol version that increments on every upgrade + // if BaseApp is passed to the upgrade keeper's NewKeeper method. + appVersion uint64 + + // recovery handler for app.runTx method + runTxRecoveryMiddleware recoveryMiddleware + + // trace set will return full stack traces for errors in ABCI Log field + trace bool + + // indexEvents defines the set of events in the form { + eventType +}.{ + attributeKey +}, + // which informs CometBFT what to index. If empty, all events will be indexed. + indexEvents map[string]struct{ +} + + // streamingManager for managing instances and configuration of ABCIListener services + streamingManager storetypes.StreamingManager + + chainID string + + cdc codec.Codec + + // optimisticExec contains the context required for Optimistic Execution, + // including the goroutine handling.This is experimental and must be enabled + // by developers. + optimisticExec *oe.OptimisticExecution + + // disableBlockGasMeter will disable the block gas meter if true, block gas meter is tricky to support + // when executing transactions in parallel. + // when disabled, the block gas meter in context is a noop one. + // + // SAFETY: it's safe to do if validators validate the total gas wanted in the `ProcessProposal`, which is the case in the default handler. + disableBlockGasMeter bool +} + +// NewBaseApp returns a reference to an initialized BaseApp. It accepts a +// variadic number of option functions, which act on the BaseApp to set +// configuration choices. +func NewBaseApp( + name string, logger log.Logger, db dbm.DB, txDecoder sdk.TxDecoder, options ...func(*BaseApp), +) *BaseApp { + app := &BaseApp{ + logger: logger.With(log.ModuleKey, "baseapp"), + name: name, + db: db, + cms: store.NewCommitMultiStore(db, logger, storemetrics.NewNoOpMetrics()), // by default we use a no-op metric gather in store + storeLoader: DefaultStoreLoader, + grpcQueryRouter: NewGRPCQueryRouter(), + msgServiceRouter: NewMsgServiceRouter(), + txDecoder: txDecoder, + fauxMerkleMode: false, + sigverifyTx: true, + queryGasLimit: math.MaxUint64, +} + for _, option := range options { + option(app) +} + if app.mempool == nil { + app.SetMempool(mempool.NoOpMempool{ +}) +} + abciProposalHandler := NewDefaultProposalHandler(app.mempool, app) + if app.prepareProposal == nil { + app.SetPrepareProposal(abciProposalHandler.PrepareProposalHandler()) +} + if app.processProposal == nil { + app.SetProcessProposal(abciProposalHandler.ProcessProposalHandler()) +} + if app.extendVote == nil { + app.SetExtendVoteHandler(NoOpExtendVote()) +} + if app.verifyVoteExt == nil { + app.SetVerifyVoteExtensionHandler(NoOpVerifyVoteExtensionHandler()) +} + if app.interBlockCache != nil { + app.cms.SetInterBlockCache(app.interBlockCache) +} + +app.runTxRecoveryMiddleware = newDefaultRecoveryMiddleware() + + // Initialize with an empty interface registry to avoid nil pointer dereference. + // Unless SetInterfaceRegistry is called with an interface registry with proper address codecs baseapp will panic. + app.cdc = codec.NewProtoCodec(codectypes.NewInterfaceRegistry()) + +protoFiles, err := proto.MergedRegistry() + if err != nil { + logger.Warn("error creating merged proto registry", "error", err) +} + +else { + err = msgservice.ValidateProtoAnnotations(protoFiles) + if err != nil { + // Once we switch to using protoreflect-based antehandlers, we might + // want to panic here instead of logging a warning. + logger.Warn("error validating merged proto registry annotations", "error", err) +} + +} + +return app +} + +// Name returns the name of the BaseApp. +func (app *BaseApp) + +Name() + +string { + return app.name +} + +// AppVersion returns the application's protocol version. +func (app *BaseApp) + +AppVersion() + +uint64 { + return app.appVersion +} + +// Version returns the application's version string. +func (app *BaseApp) + +Version() + +string { + return app.version +} + +// Logger returns the logger of the BaseApp. +func (app *BaseApp) + +Logger() + +log.Logger { + return app.logger +} + +// Trace returns the boolean value for logging error stack traces. +func (app *BaseApp) + +Trace() + +bool { + return app.trace +} + +// MsgServiceRouter returns the MsgServiceRouter of a BaseApp. +func (app *BaseApp) + +MsgServiceRouter() *MsgServiceRouter { + return app.msgServiceRouter +} + +// GRPCQueryRouter returns the GRPCQueryRouter of a BaseApp. +func (app *BaseApp) + +GRPCQueryRouter() *GRPCQueryRouter { + return app.grpcQueryRouter +} + +// MountStores mounts all IAVL or DB stores to the provided keys in the BaseApp +// multistore. +func (app *BaseApp) + +MountStores(keys ...storetypes.StoreKey) { + for _, key := range keys { + switch key.(type) { + case *storetypes.KVStoreKey: + if !app.fauxMerkleMode { + app.MountStore(key, storetypes.StoreTypeIAVL) +} + +else { + // StoreTypeDB doesn't do anything upon commit, and it doesn't + // retain history, but it's useful for faster simulation. + app.MountStore(key, storetypes.StoreTypeDB) +} + case *storetypes.TransientStoreKey: + app.MountStore(key, storetypes.StoreTypeTransient) + case *storetypes.MemoryStoreKey: + app.MountStore(key, storetypes.StoreTypeMemory) + +default: + panic(fmt.Sprintf("Unrecognized store key type :%T", key)) +} + +} +} + +// MountKVStores mounts all IAVL or DB stores to the provided keys in the +// BaseApp multistore. +func (app *BaseApp) + +MountKVStores(keys map[string]*storetypes.KVStoreKey) { + for _, key := range keys { + if !app.fauxMerkleMode { + app.MountStore(key, storetypes.StoreTypeIAVL) +} + +else { + // StoreTypeDB doesn't do anything upon commit, and it doesn't + // retain history, but it's useful for faster simulation. + app.MountStore(key, storetypes.StoreTypeDB) +} + +} +} + +// MountTransientStores mounts all transient stores to the provided keys in +// the BaseApp multistore. +func (app *BaseApp) + +MountTransientStores(keys map[string]*storetypes.TransientStoreKey) { + for _, key := range keys { + app.MountStore(key, storetypes.StoreTypeTransient) +} +} + +// MountMemoryStores mounts all in-memory KVStores with the BaseApp's internal +// commit multi-store. +func (app *BaseApp) + +MountMemoryStores(keys map[string]*storetypes.MemoryStoreKey) { + skeys := slices.Sorted(maps.Keys(keys)) + for _, key := range skeys { + memKey := keys[key] + app.MountStore(memKey, storetypes.StoreTypeMemory) +} +} + +// MountStore mounts a store to the provided key in the BaseApp multistore, +// using the default DB. +func (app *BaseApp) + +MountStore(key storetypes.StoreKey, typ storetypes.StoreType) { + app.cms.MountStoreWithDB(key, typ, nil) +} + +// LoadLatestVersion loads the latest application version. It will panic if +// called more than once on a running BaseApp. +func (app *BaseApp) + +LoadLatestVersion() + +error { + err := app.storeLoader(app.cms) + if err != nil { + return fmt.Errorf("failed to load latest version: %w", err) +} + +return app.Init() +} + +// DefaultStoreLoader will be used by default and loads the latest version +func DefaultStoreLoader(ms storetypes.CommitMultiStore) + +error { + return ms.LoadLatestVersion() +} + +// CommitMultiStore returns the root multi-store. +// App constructor can use this to access the `cms`. +// UNSAFE: must not be used during the abci life cycle. +func (app *BaseApp) + +CommitMultiStore() + +storetypes.CommitMultiStore { + return app.cms +} + +// SnapshotManager returns the snapshot manager. +// application use this to register extra extension snapshotters. +func (app *BaseApp) + +SnapshotManager() *snapshots.Manager { + return app.snapshotManager +} + +// LoadVersion loads the BaseApp application version. It will panic if called +// more than once on a running baseapp. +func (app *BaseApp) + +LoadVersion(version int64) + +error { + app.logger.Info("NOTICE: this could take a long time to migrate IAVL store to fastnode if you enable Fast Node.\n") + err := app.cms.LoadVersion(version) + if err != nil { + return fmt.Errorf("failed to load version %d: %w", version, err) +} + +return app.Init() +} + +// LastCommitID returns the last CommitID of the multistore. +func (app *BaseApp) + +LastCommitID() + +storetypes.CommitID { + return app.cms.LastCommitID() +} + +// LastBlockHeight returns the last committed block height. +func (app *BaseApp) + +LastBlockHeight() + +int64 { + return app.cms.LastCommitID().Version +} + +// ChainID returns the chainID of the app. +func (app *BaseApp) + +ChainID() + +string { + return app.chainID +} + +// AnteHandler returns the AnteHandler of the app. +func (app *BaseApp) + +AnteHandler() + +sdk.AnteHandler { + return app.anteHandler +} + +// Mempool returns the Mempool of the app. +func (app *BaseApp) + +Mempool() + +mempool.Mempool { + return app.mempool +} + +// Init initializes the app. It seals the app, preventing any +// further modifications. In addition, it validates the app against +// the earlier provided settings. Returns an error if validation fails. +// nil otherwise. Panics if the app is already sealed. +func (app *BaseApp) + +Init() + +error { + if app.sealed { + panic("cannot call initFromMainStore: baseapp already sealed") +} + if app.cms == nil { + return errors.New("commit multi-store must not be nil") +} + emptyHeader := cmtproto.Header{ + ChainID: app.chainID +} + + // needed for the export command which inits from store but never calls initchain + app.setState(execModeCheck, emptyHeader) + +app.Seal() + +return app.cms.GetPruning().Validate() +} + +func (app *BaseApp) + +setMinGasPrices(gasPrices sdk.DecCoins) { + app.minGasPrices = gasPrices +} + +func (app *BaseApp) + +setHaltHeight(haltHeight uint64) { + app.haltHeight = haltHeight +} + +func (app *BaseApp) + +setHaltTime(haltTime uint64) { + app.haltTime = haltTime +} + +func (app *BaseApp) + +setMinRetainBlocks(minRetainBlocks uint64) { + app.minRetainBlocks = minRetainBlocks +} + +func (app *BaseApp) + +setInterBlockCache(cache storetypes.MultiStorePersistentCache) { + app.interBlockCache = cache +} + +func (app *BaseApp) + +setTrace(trace bool) { + app.trace = trace +} + +func (app *BaseApp) + +setIndexEvents(ie []string) { + app.indexEvents = make(map[string]struct{ +}) + for _, e := range ie { + app.indexEvents[e] = struct{ +}{ +} + +} +} + +// Seal seals a BaseApp. It prohibits any further modifications to a BaseApp. +func (app *BaseApp) + +Seal() { + app.sealed = true +} + +// IsSealed returns true if the BaseApp is sealed and false otherwise. +func (app *BaseApp) + +IsSealed() + +bool { + return app.sealed +} + +// setState sets the BaseApp's state for the corresponding mode with a branched +// multi-store (i.e. a CacheMultiStore) + +and a new Context with the same +// multi-store branch, and provided header. +func (app *BaseApp) + +setState(mode execMode, h cmtproto.Header) { + ms := app.cms.CacheMultiStore() + headerInfo := header.Info{ + Height: h.Height, + Time: h.Time, + ChainID: h.ChainID, + AppHash: h.AppHash, +} + baseState := &state{ + ms: ms, + ctx: sdk.NewContext(ms, h, false, app.logger). + WithStreamingManager(app.streamingManager). + WithHeaderInfo(headerInfo), +} + switch mode { + case execModeCheck: + baseState.SetContext(baseState.Context().WithIsCheckTx(true).WithMinGasPrices(app.minGasPrices)) + +app.checkState = baseState + case execModePrepareProposal: + app.prepareProposalState = baseState + case execModeProcessProposal: + app.processProposalState = baseState + case execModeFinalize: + app.finalizeBlockState = baseState + + default: + panic(fmt.Sprintf("invalid runTxMode for setState: %d", mode)) +} +} + +// SetCircuitBreaker sets the circuit breaker for the BaseApp. +// The circuit breaker is checked on every message execution to verify if a transaction should be executed or not. +func (app *BaseApp) + +SetCircuitBreaker(cb CircuitBreaker) { + if app.msgServiceRouter == nil { + panic("cannot set circuit breaker with no msg service router set") +} + +app.msgServiceRouter.SetCircuit(cb) +} + +// GetConsensusParams returns the current consensus parameters from the BaseApp's +// ParamStore. If the BaseApp has no ParamStore defined, nil is returned. +func (app *BaseApp) + +GetConsensusParams(ctx sdk.Context) + +cmtproto.ConsensusParams { + if app.paramStore == nil { + return cmtproto.ConsensusParams{ +} + +} + +cp, err := app.paramStore.Get(ctx) + if err != nil { + // This could happen while migrating from v0.45/v0.46 to v0.50, we should + // allow it to happen so during preblock the upgrade plan can be executed + // and the consensus params set for the first time in the new format. + app.logger.Error("failed to get consensus params", "err", err) + +return cmtproto.ConsensusParams{ +} + +} + +return cp +} + +// StoreConsensusParams sets the consensus parameters to the BaseApp's param +// store. +// +// NOTE: We're explicitly not storing the CometBFT app_version in the param store. +// It's stored instead in the x/upgrade store, with its own bump logic. +func (app *BaseApp) + +StoreConsensusParams(ctx sdk.Context, cp cmtproto.ConsensusParams) + +error { + if app.paramStore == nil { + return errors.New("cannot store consensus params with no params store set") +} + +return app.paramStore.Set(ctx, cp) +} + +// AddRunTxRecoveryHandler adds custom app.runTx method panic handlers. +func (app *BaseApp) + +AddRunTxRecoveryHandler(handlers ...RecoveryHandler) { + for _, h := range handlers { + app.runTxRecoveryMiddleware = newRecoveryMiddleware(h, app.runTxRecoveryMiddleware) +} +} + +// GetMaximumBlockGas gets the maximum gas from the consensus params. It panics +// if maximum block gas is less than negative one and returns zero if negative +// one. +func (app *BaseApp) + +GetMaximumBlockGas(ctx sdk.Context) + +uint64 { + cp := app.GetConsensusParams(ctx) + if cp.Block == nil { + return 0 +} + maxGas := cp.Block.MaxGas + switch { + case maxGas < -1: + panic(fmt.Sprintf("invalid maximum block gas: %d", maxGas)) + case maxGas == -1: + return 0 + + default: + return uint64(maxGas) +} +} + +func (app *BaseApp) + +validateFinalizeBlockHeight(req *abci.RequestFinalizeBlock) + +error { + if req.Height < 1 { + return fmt.Errorf("invalid height: %d", req.Height) +} + lastBlockHeight := app.LastBlockHeight() + + // expectedHeight holds the expected height to validate + var expectedHeight int64 + if lastBlockHeight == 0 && app.initialHeight > 1 { + // In this case, we're validating the first block of the chain, i.e no + // previous commit. The height we're expecting is the initial height. + expectedHeight = app.initialHeight +} + +else { + // This case can mean two things: + // + // - Either there was already a previous commit in the store, in which + // case we increment the version from there. + // - Or there was no previous commit, in which case we start at version 1. + expectedHeight = lastBlockHeight + 1 +} + if req.Height != expectedHeight { + return fmt.Errorf("invalid height: %d; expected: %d", req.Height, expectedHeight) +} + +return nil +} + +// validateBasicTxMsgs executes basic validator calls for messages. +func validateBasicTxMsgs(msgs []sdk.Msg) + +error { + if len(msgs) == 0 { + return errorsmod.Wrap(sdkerrors.ErrInvalidRequest, "must contain at least one message") +} + for _, msg := range msgs { + m, ok := msg.(sdk.HasValidateBasic) + if !ok { + continue +} + if err := m.ValidateBasic(); err != nil { + return err +} + +} + +return nil +} + +func (app *BaseApp) + +getState(mode execMode) *state { + switch mode { + case execModeFinalize: + return app.finalizeBlockState + case execModePrepareProposal: + return app.prepareProposalState + case execModeProcessProposal: + return app.processProposalState + + default: + return app.checkState +} +} + +func (app *BaseApp) + +getBlockGasMeter(ctx sdk.Context) + +storetypes.GasMeter { + if app.disableBlockGasMeter { + return noopGasMeter{ +} + +} + if maxGas := app.GetMaximumBlockGas(ctx); maxGas > 0 { + return storetypes.NewGasMeter(maxGas) +} + +return storetypes.NewInfiniteGasMeter() +} + +// retrieve the context for the tx w/ txBytes and other memoized values. +func (app *BaseApp) + +getContextForTx(mode execMode, txBytes []byte) + +sdk.Context { + app.mu.Lock() + +defer app.mu.Unlock() + modeState := app.getState(mode) + if modeState == nil { + panic(fmt.Sprintf("state is nil for mode %v", mode)) +} + ctx := modeState.Context(). + WithTxBytes(txBytes). + WithGasMeter(storetypes.NewInfiniteGasMeter()) + // WithVoteInfos(app.voteInfos) // TODO: identify if this is needed + + ctx = ctx.WithIsSigverifyTx(app.sigverifyTx) + +ctx = ctx.WithConsensusParams(app.GetConsensusParams(ctx)) + if mode == execModeReCheck { + ctx = ctx.WithIsReCheckTx(true) +} + if mode == execModeSimulate { + ctx, _ = ctx.CacheContext() + +ctx = ctx.WithExecMode(sdk.ExecMode(execModeSimulate)) +} + +return ctx +} + +// cacheTxContext returns a new context based off of the provided context with +// a branched multi-store. +func (app *BaseApp) + +cacheTxContext(ctx sdk.Context, txBytes []byte) (sdk.Context, storetypes.CacheMultiStore) { + ms := ctx.MultiStore() + msCache := ms.CacheMultiStore() + if msCache.TracingEnabled() { + msCache = msCache.SetTracingContext( + storetypes.TraceContext( + map[string]any{ + "txHash": fmt.Sprintf("%X", tmhash.Sum(txBytes)), +}, + ), + ).(storetypes.CacheMultiStore) +} + +return ctx.WithMultiStore(msCache), msCache +} + +func (app *BaseApp) + +preBlock(req *abci.RequestFinalizeBlock) ([]abci.Event, error) { + var events []abci.Event + if app.preBlocker != nil { + ctx := app.finalizeBlockState.Context().WithEventManager(sdk.NewEventManager()) + +rsp, err := app.preBlocker(ctx, req) + if err != nil { + return nil, err +} + // rsp.ConsensusParamsChanged is true from preBlocker means ConsensusParams in store get changed + // write the consensus parameters in store to context + if rsp.ConsensusParamsChanged { + ctx = ctx.WithConsensusParams(app.GetConsensusParams(ctx)) + // GasMeter must be set after we get a context with updated consensus params. + gasMeter := app.getBlockGasMeter(ctx) + +ctx = ctx.WithBlockGasMeter(gasMeter) + +app.finalizeBlockState.SetContext(ctx) +} + +events = ctx.EventManager().ABCIEvents() +} + +return events, nil +} + +func (app *BaseApp) + +beginBlock(_ *abci.RequestFinalizeBlock) (sdk.BeginBlock, error) { + var ( + resp sdk.BeginBlock + err error + ) + if app.beginBlocker != nil { + resp, err = app.beginBlocker(app.finalizeBlockState.Context()) + if err != nil { + return resp, err +} + + // append BeginBlock attributes to all events in the EndBlock response + for i, event := range resp.Events { + resp.Events[i].Attributes = append( + event.Attributes, + abci.EventAttribute{ + Key: "mode", + Value: "BeginBlock" +}, + ) +} + +resp.Events = sdk.MarkEventsToIndex(resp.Events, app.indexEvents) +} + +return resp, nil +} + +func (app *BaseApp) + +deliverTx(tx []byte) *abci.ExecTxResult { + gInfo := sdk.GasInfo{ +} + resultStr := "successful" + + var resp *abci.ExecTxResult + + defer func() { + telemetry.IncrCounter(1, "tx", "count") + +telemetry.IncrCounter(1, "tx", resultStr) + +telemetry.SetGauge(float32(gInfo.GasUsed), "tx", "gas", "used") + +telemetry.SetGauge(float32(gInfo.GasWanted), "tx", "gas", "wanted") +}() + +gInfo, result, anteEvents, err := app.runTx(execModeFinalize, tx, nil) + if err != nil { + resultStr = "failed" + resp = sdkerrors.ResponseExecTxResultWithEvents( + err, + gInfo.GasWanted, + gInfo.GasUsed, + sdk.MarkEventsToIndex(anteEvents, app.indexEvents), + app.trace, + ) + +return resp +} + +resp = &abci.ExecTxResult{ + GasWanted: int64(gInfo.GasWanted), + GasUsed: int64(gInfo.GasUsed), + Log: result.Log, + Data: result.Data, + Events: sdk.MarkEventsToIndex(result.Events, app.indexEvents), +} + +return resp +} + +// endBlock is an application-defined function that is called after transactions +// have been processed in FinalizeBlock. +func (app *BaseApp) + +endBlock(_ context.Context) (sdk.EndBlock, error) { + var endblock sdk.EndBlock + if app.endBlocker != nil { + eb, err := app.endBlocker(app.finalizeBlockState.Context()) + if err != nil { + return endblock, err +} + + // append EndBlock attributes to all events in the EndBlock response + for i, event := range eb.Events { + eb.Events[i].Attributes = append( + event.Attributes, + abci.EventAttribute{ + Key: "mode", + Value: "EndBlock" +}, + ) +} + +eb.Events = sdk.MarkEventsToIndex(eb.Events, app.indexEvents) + +endblock = eb +} + +return endblock, nil +} + +// runTx processes a transaction within a given execution mode, encoded transaction +// bytes, and the decoded transaction itself. All state transitions occur through +// a cached Context depending on the mode provided. State only gets persisted +// if all messages get executed successfully and the execution mode is DeliverTx. +// Note, gas execution info is always returned. A reference to a Result is +// returned if the tx does not run out of gas and if all the messages are valid +// and execute successfully. An error is returned otherwise. +// both txbytes and the decoded tx are passed to runTx to avoid the state machine encoding the tx and decoding the transaction twice +// passing the decoded tx to runTX is optional, it will be decoded if the tx is nil +func (app *BaseApp) + +runTx(mode execMode, txBytes []byte, tx sdk.Tx) (gInfo sdk.GasInfo, result *sdk.Result, anteEvents []abci.Event, err error) { + // NOTE: GasWanted should be returned by the AnteHandler. GasUsed is + // determined by the GasMeter. We need access to the context to get the gas + // meter, so we initialize upfront. + var gasWanted uint64 + ctx := app.getContextForTx(mode, txBytes) + ms := ctx.MultiStore() + + // only run the tx if there is block gas remaining + if mode == execModeFinalize && ctx.BlockGasMeter().IsOutOfGas() { + return gInfo, nil, nil, errorsmod.Wrap(sdkerrors.ErrOutOfGas, "no block gas left to run tx") +} + +defer func() { + if r := recover(); r != nil { + recoveryMW := newOutOfGasRecoveryMiddleware(gasWanted, ctx, app.runTxRecoveryMiddleware) + +err, result = processRecovery(r, recoveryMW), nil + ctx.Logger().Error("panic recovered in runTx", "err", err) +} + +gInfo = sdk.GasInfo{ + GasWanted: gasWanted, + GasUsed: ctx.GasMeter().GasConsumed() +} + +}() + blockGasConsumed := false + + // consumeBlockGas makes sure block gas is consumed at most once. It must + // happen after tx processing, and must be executed even if tx processing + // fails. Hence, it's execution is deferred. + consumeBlockGas := func() { + if !blockGasConsumed { + blockGasConsumed = true + ctx.BlockGasMeter().ConsumeGas( + ctx.GasMeter().GasConsumedToLimit(), "block gas meter", + ) +} + +} + + // If BlockGasMeter() + +panics it will be caught by the above recover and will + // return an error - in any case BlockGasMeter will consume gas past the limit. + // + // NOTE: consumeBlockGas must exist in a separate defer function from the + // general deferred recovery function to recover from consumeBlockGas as it'll + // be executed first (deferred statements are executed as stack). + if mode == execModeFinalize { + defer consumeBlockGas() +} + + // if the transaction is not decoded, decode it here + if tx == nil { + tx, err = app.txDecoder(txBytes) + if err != nil { + return sdk.GasInfo{ + GasUsed: 0, + GasWanted: 0 +}, nil, nil, sdkerrors.ErrTxDecode.Wrap(err.Error()) +} + +} + msgs := tx.GetMsgs() + if err := validateBasicTxMsgs(msgs); err != nil { + return sdk.GasInfo{ +}, nil, nil, err +} + for _, msg := range msgs { + handler := app.msgServiceRouter.Handler(msg) + if handler == nil { + return sdk.GasInfo{ +}, nil, nil, errorsmod.Wrapf(sdkerrors.ErrUnknownRequest, "no message handler found for %T", msg) +} + +} + if app.anteHandler != nil { + var ( + anteCtx sdk.Context + msCache storetypes.CacheMultiStore + ) + + // Branch context before AnteHandler call in case it aborts. + // This is required for both CheckTx and DeliverTx. + // Ref: https://github.com/cosmos/cosmos-sdk/issues/2772 + // + // NOTE: Alternatively, we could require that AnteHandler ensures that + // writes do not happen if aborted/failed. This may have some + // performance benefits, but it'll be more difficult to get right. + anteCtx, msCache = app.cacheTxContext(ctx, txBytes) + +anteCtx = anteCtx.WithEventManager(sdk.NewEventManager()) + +newCtx, err := app.anteHandler(anteCtx, tx, mode == execModeSimulate) + if !newCtx.IsZero() { + // At this point, newCtx.MultiStore() + +is a store branch, or something else + // replaced by the AnteHandler. We want the original multistore. + // + // Also, in the case of the tx aborting, we need to track gas consumed via + // the instantiated gas meter in the AnteHandler, so we update the context + // prior to returning. + ctx = newCtx.WithMultiStore(ms) +} + events := ctx.EventManager().Events() + + // GasMeter expected to be set in AnteHandler + gasWanted = ctx.GasMeter().Limit() + if err != nil { + if mode == execModeReCheck { + // if the ante handler fails on recheck, we want to remove the tx from the mempool + if mempoolErr := app.mempool.Remove(tx); mempoolErr != nil { + return gInfo, nil, anteEvents, errors.Join(err, mempoolErr) +} + +} + +return gInfo, nil, nil, err +} + +msCache.Write() + +anteEvents = events.ToABCIEvents() +} + switch mode { + case execModeCheck: + err = app.mempool.Insert(ctx, tx) + if err != nil { + return gInfo, nil, anteEvents, err +} + case execModeFinalize: + err = app.mempool.Remove(tx) + if err != nil && !errors.Is(err, mempool.ErrTxNotFound) { + return gInfo, nil, anteEvents, + fmt.Errorf("failed to remove tx from mempool: %w", err) +} + +} + + // Create a new Context based off of the existing Context with a MultiStore branch + // in case message processing fails. At this point, the MultiStore + // is a branch of a branch. + runMsgCtx, msCache := app.cacheTxContext(ctx, txBytes) + + // Attempt to execute all messages and only update state if all messages pass + // and we're in DeliverTx. Note, runMsgs will never return a reference to a + // Result if any single message fails or does not have a registered Handler. + msgsV2, err := tx.GetMsgsV2() + if err == nil { + result, err = app.runMsgs(runMsgCtx, msgs, msgsV2, mode) +} + + // Run optional postHandlers (should run regardless of the execution result). + // + // Note: If the postHandler fails, we also revert the runMsgs state. + if app.postHandler != nil { + // The runMsgCtx context currently contains events emitted by the ante handler. + // We clear this to correctly order events without duplicates. + // Note that the state is still preserved. + postCtx := runMsgCtx.WithEventManager(sdk.NewEventManager()) + +newCtx, errPostHandler := app.postHandler(postCtx, tx, mode == execModeSimulate, err == nil) + if errPostHandler != nil { + if err == nil { + // when the msg was handled successfully, return the post handler error only + return gInfo, nil, anteEvents, errPostHandler +} + // otherwise append to the msg error so that we keep the original error code for better user experience + return gInfo, nil, anteEvents, errorsmod.Wrapf(err, "postHandler: %s", errPostHandler) +} + + // we don't want runTx to panic if runMsgs has failed earlier + if result == nil { + result = &sdk.Result{ +} + +} + +result.Events = append(result.Events, newCtx.EventManager().ABCIEvents()...) +} + if err == nil { + if mode == execModeFinalize { + // When block gas exceeds, it'll panic and won't commit the cached store. + consumeBlockGas() + +msCache.Write() +} + if len(anteEvents) > 0 && (mode == execModeFinalize || mode == execModeSimulate) { + // append the events in the order of occurrence + result.Events = append(anteEvents, result.Events...) +} + +} + +return gInfo, result, anteEvents, err +} + +// runMsgs iterates through a list of messages and executes them with the provided +// Context and execution mode. Messages will only be executed during simulation +// and DeliverTx. An error is returned if any single message fails or if a +// Handler does not exist for a given message route. Otherwise, a reference to a +// Result is returned. The caller must not commit state if an error is returned. +func (app *BaseApp) + +runMsgs(ctx sdk.Context, msgs []sdk.Msg, msgsV2 []protov2.Message, mode execMode) (*sdk.Result, error) { + events := sdk.EmptyEvents() + +var msgResponses []*codectypes.Any + + // NOTE: GasWanted is determined by the AnteHandler and GasUsed by the GasMeter. + for i, msg := range msgs { + if mode != execModeFinalize && mode != execModeSimulate { + break +} + handler := app.msgServiceRouter.Handler(msg) + if handler == nil { + return nil, errorsmod.Wrapf(sdkerrors.ErrUnknownRequest, "no message handler found for %T", msg) +} + + // ADR 031 request type routing + msgResult, err := handler(ctx, msg) + if err != nil { + return nil, errorsmod.Wrapf(err, "failed to execute message; message index: %d", i) +} + + // create message events + msgEvents, err := createEvents(app.cdc, msgResult.GetEvents(), msg, msgsV2[i]) + if err != nil { + return nil, errorsmod.Wrapf(err, "failed to create message events; message index: %d", i) +} + + // append message events and data + // + // Note: Each message result's data must be length-prefixed in order to + // separate each result. + for j, event := range msgEvents { + // append message index to all events + msgEvents[j] = event.AppendAttributes(sdk.NewAttribute("msg_index", strconv.Itoa(i))) +} + +events = events.AppendEvents(msgEvents) + + // Each individual sdk.Result that went through the MsgServiceRouter + // (which should represent 99% of the Msgs now, since everyone should + // be using protobuf Msgs) + +has exactly one Msg response, set inside + // `WrapServiceResult`. We take that Msg response, and aggregate it + // into an array. + if len(msgResult.MsgResponses) > 0 { + msgResponse := msgResult.MsgResponses[0] + if msgResponse == nil { + return nil, sdkerrors.ErrLogic.Wrapf("got nil Msg response at index %d for msg %s", i, sdk.MsgTypeURL(msg)) +} + +msgResponses = append(msgResponses, msgResponse) +} + + +} + +data, err := makeABCIData(msgResponses) + if err != nil { + return nil, errorsmod.Wrap(err, "failed to marshal tx data") +} + +return &sdk.Result{ + Data: data, + Events: events.ToABCIEvents(), + MsgResponses: msgResponses, +}, nil +} + +// makeABCIData generates the Data field to be sent to ABCI Check/DeliverTx. +func makeABCIData(msgResponses []*codectypes.Any) ([]byte, error) { + return proto.Marshal(&sdk.TxMsgData{ + MsgResponses: msgResponses +}) +} + +func createEvents(cdc codec.Codec, events sdk.Events, msg sdk.Msg, msgV2 protov2.Message) (sdk.Events, error) { + eventMsgName := sdk.MsgTypeURL(msg) + msgEvent := sdk.NewEvent(sdk.EventTypeMessage, sdk.NewAttribute(sdk.AttributeKeyAction, eventMsgName)) + + // we set the signer attribute as the sender + signers, err := cdc.GetMsgV2Signers(msgV2) + if err != nil { + return nil, err +} + if len(signers) > 0 && signers[0] != nil { + addrStr, err := cdc.InterfaceRegistry().SigningContext().AddressCodec().BytesToString(signers[0]) + if err != nil { + return nil, err +} + +msgEvent = msgEvent.AppendAttributes(sdk.NewAttribute(sdk.AttributeKeySender, addrStr)) +} + + // verify that events have no module attribute set + if _, found := events.GetAttributes(sdk.AttributeKeyModule); !found { + if moduleName := sdk.GetModuleNameFromTypeURL(eventMsgName); moduleName != "" { + msgEvent = msgEvent.AppendAttributes(sdk.NewAttribute(sdk.AttributeKeyModule, moduleName)) +} + +} + +return sdk.Events{ + msgEvent +}.AppendEvents(events), nil +} + +// PrepareProposalVerifyTx performs transaction verification when a proposer is +// creating a block proposal during PrepareProposal. Any state committed to the +// PrepareProposal state internally will be discarded. will be +// returned if the transaction cannot be encoded. will be returned if +// the transaction is valid, otherwise will be returned. +func (app *BaseApp) + +PrepareProposalVerifyTx(tx sdk.Tx) ([]byte, error) { + bz, err := app.txEncoder(tx) + if err != nil { + return nil, err +} + + _, _, _, err = app.runTx(execModePrepareProposal, bz, tx) + if err != nil { + return nil, err +} + +return bz, nil +} + +// ProcessProposalVerifyTx performs transaction verification when receiving a +// block proposal during ProcessProposal. Any state committed to the +// ProcessProposal state internally will be discarded. will be +// returned if the transaction cannot be decoded. will be returned if +// the transaction is valid, otherwise will be returned. +func (app *BaseApp) + +ProcessProposalVerifyTx(txBz []byte) (sdk.Tx, error) { + tx, err := app.txDecoder(txBz) + if err != nil { + return nil, err +} + + _, _, _, err = app.runTx(execModeProcessProposal, txBz, tx) + if err != nil { + return nil, err +} + +return tx, nil +} + +func (app *BaseApp) + +TxDecode(txBytes []byte) (sdk.Tx, error) { + return app.txDecoder(txBytes) +} + +func (app *BaseApp) + +TxEncode(tx sdk.Tx) ([]byte, error) { + return app.txEncoder(tx) +} + +func (app *BaseApp) + +StreamingManager() + +storetypes.StreamingManager { + return app.streamingManager +} + +// Close is called in start cmd to gracefully cleanup resources. +func (app *BaseApp) + +Close() + +error { + var errs []error + + // Close app.db (opened by cosmos-sdk/server/start.go call to openDB) + if app.db != nil { + app.logger.Info("Closing application.db") + if err := app.db.Close(); err != nil { + errs = append(errs, err) +} + +} + + // Close app.snapshotManager + // - opened when app chains use cosmos-sdk/server/util.go/DefaultBaseappOptions (boilerplate) + // - which calls cosmos-sdk/server/util.go/GetSnapshotStore + // - which is passed to baseapp/options.go/SetSnapshot + // - to set app.snapshotManager = snapshots.NewManager + if app.snapshotManager != nil { + app.logger.Info("Closing snapshots/metadata.db") + if err := app.snapshotManager.Close(); err != nil { + errs = append(errs, err) +} + +} + +return errors.Join(errs...) +} + +// GetBaseApp returns the pointer to itself. +func (app *BaseApp) + +GetBaseApp() *BaseApp { + return app +} +``` + +### Commit + +The [`Commit` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#method-overview) is sent from the underlying CometBFT engine after the full-node has received *precommits* from 2/3+ of validators (weighted by voting power). On the `BaseApp` end, the `Commit(res abci.CommitResponse)` function is implemented to commit all the valid state transitions that occurred during `FinalizeBlock` and to reset state for the next block. + +To commit state-transitions, the `Commit` function calls the `Write()` function on `finalizeBlockState.ms`, where `finalizeBlockState.ms` is a branched multistore of the main store `app.cms`. Then, the `Commit` function sets `checkState` to the latest header (obtained from `finalizeBlockState.ctx.BlockHeader`) and `finalizeBlockState` to `nil`. + +Finally, `Commit` returns the hash of the commitment of `app.cms` back to the underlying consensus engine. This hash is used as a reference in the header of the next block. + +### Info + +The [`Info` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#info-methods) is a simple query from the underlying consensus engine, notably used to sync the latter with the application during a handshake that happens on startup. When called, the `Info(res abci.InfoResponse)` function from `BaseApp` will return the application's name, version and the hash of the last commit of `app.cms`. + +### Query + +The [`Query` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_basic_concepts.md#info-methods) is used to serve queries received from the underlying consensus engine, including queries received via RPC like CometBFT RPC. It used to be the main entrypoint to build interfaces with the application, but with the introduction of [gRPC queries](/docs/sdk/vnext/build/building-modules/query-services) in Cosmos SDK v0.40, its usage is more limited. The application must respect a few rules when implementing the `Query` method, which are outlined [here](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_app_requirements.md#query). + +Each CometBFT `query` comes with a `path`, which is a `string` which denotes what to query. If the `path` matches a gRPC fully-qualified service method, then `BaseApp` will defer the query to the `grpcQueryRouter` and let it handle it like explained [above](#grpc-query-router). Otherwise, the `path` represents a query that is not (yet) handled by the gRPC router. `BaseApp` splits the `path` string with the `/` delimiter. By convention, the first element of the split string (`split[0]`) contains the category of `query` (`app`, `p2p`, `store` or `custom` ). The `BaseApp` implementation of the `Query(req abci.QueryRequest)` method is a simple dispatcher serving these 4 main categories of queries: + +* Application-related queries like querying the application's version, which are served via the `handleQueryApp` method. +* Direct queries to the multistore, which are served by the `handlerQueryStore` method. These direct queries are different from custom queries which go through `app.queryRouter`, and are mainly used by third-party service provider like block explorers. +* P2P queries, which are served via the `handleQueryP2P` method. These queries return either `app.addrPeerFilter` or `app.ipPeerFilter` that contain the list of peers filtered by address or IP respectively. These lists are first initialized via `options` in `BaseApp`'s [constructor](#constructor). + +### ExtendVote + +`ExtendVote` allows an application to extend a pre-commit vote with arbitrary data. This process does NOT have to be deterministic and the data returned can be unique to the validator process. + +In the Cosmos-SDK this is implemented as a NoOp: + +```go expandable +package baseapp + +import ( + + "bytes" + "context" + "fmt" + "slices" + "github.com/cockroachdb/errors" + abci "github.com/cometbft/cometbft/abci/types" + cryptoenc "github.com/cometbft/cometbft/crypto/encoding" + cmtprotocrypto "github.com/cometbft/cometbft/proto/tendermint/crypto" + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + cmttypes "github.com/cometbft/cometbft/types" + protoio "github.com/cosmos/gogoproto/io" + "github.com/cosmos/gogoproto/proto" + "cosmossdk.io/core/comet" + + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/mempool" +) + +type ( + // ValidatorStore defines the interface contract required for verifying vote + // extension signatures. Typically, this will be implemented by the x/staking + // module, which has knowledge of the CometBFT public key. + ValidatorStore interface { + GetPubKeyByConsAddr(context.Context, sdk.ConsAddress) (cmtprotocrypto.PublicKey, error) +} + + // GasTx defines the contract that a transaction with a gas limit must implement. + GasTx interface { + GetGas() + +uint64 +} +) + +// ValidateVoteExtensions defines a helper function for verifying vote extension +// signatures that may be passed or manually injected into a block proposal from +// a proposer in PrepareProposal. It returns an error if any signature is invalid +// or if unexpected vote extensions and/or signatures are found or less than 2/3 +// power is received. +// NOTE: From v0.50.5 `currentHeight` and `chainID` arguments are ignored for fixing an issue. +// They will be removed from the function in v0.51+. +func ValidateVoteExtensions( + ctx sdk.Context, + valStore ValidatorStore, + _ int64, + _ string, + extCommit abci.ExtendedCommitInfo, +) + +error { + // Get values from context + cp := ctx.ConsensusParams() + currentHeight := ctx.HeaderInfo().Height + chainID := ctx.HeaderInfo().ChainID + commitInfo := ctx.CometInfo().GetLastCommit() + + // Check that both extCommit + commit are ordered in accordance with vp/address. + if err := validateExtendedCommitAgainstLastCommit(extCommit, commitInfo); err != nil { + return err +} + + // Start checking vote extensions only **after** the vote extensions enable + // height, because when `currentHeight == VoteExtensionsEnableHeight` + // PrepareProposal doesn't get any vote extensions in its request. + extsEnabled := cp.Abci != nil && currentHeight > cp.Abci.VoteExtensionsEnableHeight && cp.Abci.VoteExtensionsEnableHeight != 0 + marshalDelimitedFn := func(msg proto.Message) ([]byte, error) { + var buf bytes.Buffer + if err := protoio.NewDelimitedWriter(&buf).WriteMsg(msg); err != nil { + return nil, err +} + +return buf.Bytes(), nil +} + +var ( + // Total voting power of all vote extensions. + totalVP int64 + // Total voting power of all validators that submitted valid vote extensions. + sumVP int64 + ) + for _, vote := range extCommit.Votes { + totalVP += vote.Validator.Power + + // Only check + include power if the vote is a commit vote. There must be super-majority, otherwise the + // previous block (the block the vote is for) + +could not have been committed. + if vote.BlockIdFlag != cmtproto.BlockIDFlagCommit { + continue +} + if !extsEnabled { + if len(vote.VoteExtension) > 0 { + return fmt.Errorf("vote extensions disabled; received non-empty vote extension at height %d", currentHeight) +} + if len(vote.ExtensionSignature) > 0 { + return fmt.Errorf("vote extensions disabled; received non-empty vote extension signature at height %d", currentHeight) +} + +continue +} + if len(vote.ExtensionSignature) == 0 { + return fmt.Errorf("vote extensions enabled; received empty vote extension signature at height %d", currentHeight) +} + valConsAddr := sdk.ConsAddress(vote.Validator.Address) + +pubKeyProto, err := valStore.GetPubKeyByConsAddr(ctx, valConsAddr) + if err != nil { + return fmt.Errorf("failed to get validator %X public key: %w", valConsAddr, err) +} + +cmtPubKey, err := cryptoenc.PubKeyFromProto(pubKeyProto) + if err != nil { + return fmt.Errorf("failed to convert validator %X public key: %w", valConsAddr, err) +} + cve := cmtproto.CanonicalVoteExtension{ + Extension: vote.VoteExtension, + Height: currentHeight - 1, // the vote extension was signed in the previous height + Round: int64(extCommit.Round), + ChainId: chainID, +} + +extSignBytes, err := marshalDelimitedFn(&cve) + if err != nil { + return fmt.Errorf("failed to encode CanonicalVoteExtension: %w", err) +} + if !cmtPubKey.VerifySignature(extSignBytes, vote.ExtensionSignature) { + return fmt.Errorf("failed to verify validator %X vote extension signature", valConsAddr) +} + +sumVP += vote.Validator.Power +} + + // This check is probably unnecessary, but better safe than sorry. + if totalVP <= 0 { + return fmt.Errorf("total voting power must be positive, got: %d", totalVP) +} + + // If the sum of the voting power has not reached (2/3 + 1) + +we need to error. + if requiredVP := ((totalVP * 2) / 3) + 1; sumVP < requiredVP { + return fmt.Errorf( + "insufficient cumulative voting power received to verify vote extensions; got: %d, expected: >=%d", + sumVP, requiredVP, + ) +} + +return nil +} + +// validateExtendedCommitAgainstLastCommit validates an ExtendedCommitInfo against a LastCommit. Specifically, +// it checks that the ExtendedCommit + LastCommit (for the same height), are consistent with each other + that +// they are ordered correctly (by voting power) + +in accordance with +// [comet](https://github.com/cometbft/cometbft/blob/4ce0277b35f31985bbf2c25d3806a184a4510010/types/validator_set.go#L784). +func validateExtendedCommitAgainstLastCommit(ec abci.ExtendedCommitInfo, lc comet.CommitInfo) + +error { + // check that the rounds are the same + if ec.Round != lc.Round() { + return fmt.Errorf("extended commit round %d does not match last commit round %d", ec.Round, lc.Round()) +} + + // check that the # of votes are the same + if len(ec.Votes) != lc.Votes().Len() { + return fmt.Errorf("extended commit votes length %d does not match last commit votes length %d", len(ec.Votes), lc.Votes().Len()) +} + + // check sort order of extended commit votes + if !slices.IsSortedFunc(ec.Votes, func(vote1, vote2 abci.ExtendedVoteInfo) + +int { + if vote1.Validator.Power == vote2.Validator.Power { + return bytes.Compare(vote1.Validator.Address, vote2.Validator.Address) // addresses sorted in ascending order (used to break vp conflicts) +} + +return -int(vote1.Validator.Power - vote2.Validator.Power) // vp sorted in descending order +}) { + return fmt.Errorf("extended commit votes are not sorted by voting power") +} + addressCache := make(map[string]struct{ +}, len(ec.Votes)) + // check that consistency between LastCommit and ExtendedCommit + for i, vote := range ec.Votes { + // cache addresses to check for duplicates + if _, ok := addressCache[string(vote.Validator.Address)]; ok { + return fmt.Errorf("extended commit vote address %X is duplicated", vote.Validator.Address) +} + +addressCache[string(vote.Validator.Address)] = struct{ +}{ +} + if !bytes.Equal(vote.Validator.Address, lc.Votes().Get(i).Validator().Address()) { + return fmt.Errorf("extended commit vote address %X does not match last commit vote address %X", vote.Validator.Address, lc.Votes().Get(i).Validator().Address()) +} + if vote.Validator.Power != lc.Votes().Get(i).Validator().Power() { + return fmt.Errorf("extended commit vote power %d does not match last commit vote power %d", vote.Validator.Power, lc.Votes().Get(i).Validator().Power()) +} + +} + +return nil +} + +type ( + // ProposalTxVerifier defines the interface that is implemented by BaseApp, + // that any custom ABCI PrepareProposal and ProcessProposal handler can use + // to verify a transaction. + ProposalTxVerifier interface { + PrepareProposalVerifyTx(tx sdk.Tx) ([]byte, error) + +ProcessProposalVerifyTx(txBz []byte) (sdk.Tx, error) + +TxDecode(txBz []byte) (sdk.Tx, error) + +TxEncode(tx sdk.Tx) ([]byte, error) +} + + // DefaultProposalHandler defines the default ABCI PrepareProposal and + // ProcessProposal handlers. + DefaultProposalHandler struct { + mempool mempool.Mempool + txVerifier ProposalTxVerifier + txSelector TxSelector + signerExtAdapter mempool.SignerExtractionAdapter +} +) + +func NewDefaultProposalHandler(mp mempool.Mempool, txVerifier ProposalTxVerifier) *DefaultProposalHandler { + return &DefaultProposalHandler{ + mempool: mp, + txVerifier: txVerifier, + txSelector: NewDefaultTxSelector(), + signerExtAdapter: mempool.NewDefaultSignerExtractionAdapter(), +} +} + +// SetTxSelector sets the TxSelector function on the DefaultProposalHandler. +func (h *DefaultProposalHandler) + +SetTxSelector(ts TxSelector) { + h.txSelector = ts +} + +// PrepareProposalHandler returns the default implementation for processing an +// ABCI proposal. The application's mempool is enumerated and all valid +// transactions are added to the proposal. Transactions are valid if they: +// +// 1) + +Successfully encode to bytes. +// 2) + +Are valid (i.e. pass runTx, AnteHandler only). +// +// Enumeration is halted once RequestPrepareProposal.MaxBytes of transactions is +// reached or the mempool is exhausted. +// +// Note: +// +// - Step (2) + +is identical to the validation step performed in +// DefaultProcessProposal. It is very important that the same validation logic +// is used in both steps, and applications must ensure that this is the case in +// non-default handlers. +// +// - If no mempool is set or if the mempool is a no-op mempool, the transactions +// requested from CometBFT will simply be returned, which, by default, are in +// FIFO order. +func (h *DefaultProposalHandler) + +PrepareProposalHandler() + +sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + var maxBlockGas uint64 + if b := ctx.ConsensusParams().Block; b != nil { + maxBlockGas = uint64(b.MaxGas) +} + +defer h.txSelector.Clear() + + // If the mempool is nil or NoOp we simply return the transactions + // requested from CometBFT, which, by default, should be in FIFO order. + // + // Note, we still need to ensure the transactions returned respect req.MaxTxBytes. + _, isNoOp := h.mempool.(mempool.NoOpMempool) + if h.mempool == nil || isNoOp { + for _, txBz := range req.Txs { + tx, err := h.txVerifier.TxDecode(txBz) + if err != nil { + return nil, err +} + stop := h.txSelector.SelectTxForProposal(ctx, uint64(req.MaxTxBytes), maxBlockGas, tx, txBz) + if stop { + break +} + +} + +return &abci.ResponsePrepareProposal{ + Txs: h.txSelector.SelectedTxs(ctx) +}, nil +} + selectedTxsSignersSeqs := make(map[string]uint64) + +var ( + resError error + selectedTxsNums int + invalidTxs []sdk.Tx // invalid txs to be removed out of the loop to avoid dead lock + ) + +mempool.SelectBy(ctx, h.mempool, req.Txs, func(memTx sdk.Tx) + +bool { + unorderedTx, ok := memTx.(sdk.TxWithUnordered) + isUnordered := ok && unorderedTx.GetUnordered() + txSignersSeqs := make(map[string]uint64) + + // if the tx is unordered, we don't need to check the sequence, we just add it + if !isUnordered { + signerData, err := h.signerExtAdapter.GetSigners(memTx) + if err != nil { + // propagate the error to the caller + resError = err + return false +} + + // If the signers aren't in selectedTxsSignersSeqs then we haven't seen them before + // so we add them and continue given that we don't need to check the sequence. + shouldAdd := true + for _, signer := range signerData { + seq, ok := selectedTxsSignersSeqs[signer.Signer.String()] + if !ok { + txSignersSeqs[signer.Signer.String()] = signer.Sequence + continue +} + + // If we have seen this signer before in this block, we must make + // sure that the current sequence is seq+1; otherwise is invalid + // and we skip it. + if seq+1 != signer.Sequence { + shouldAdd = false + break +} + +txSignersSeqs[signer.Signer.String()] = signer.Sequence +} + if !shouldAdd { + return true +} + +} + + // NOTE: Since transaction verification was already executed in CheckTx, + // which calls mempool.Insert, in theory everything in the pool should be + // valid. But some mempool implementations may insert invalid txs, so we + // check again. + txBz, err := h.txVerifier.PrepareProposalVerifyTx(memTx) + if err != nil { + invalidTxs = append(invalidTxs, memTx) +} + +else { + stop := h.txSelector.SelectTxForProposal(ctx, uint64(req.MaxTxBytes), maxBlockGas, memTx, txBz) + if stop { + return false +} + txsLen := len(h.txSelector.SelectedTxs(ctx)) + // If the tx is unordered, we don't need to update the sender sequence. + if !isUnordered { + for sender, seq := range txSignersSeqs { + // If txsLen != selectedTxsNums is true, it means that we've + // added a new tx to the selected txs, so we need to update + // the sequence of the sender. + if txsLen != selectedTxsNums { + selectedTxsSignersSeqs[sender] = seq +} + +else if _, ok := selectedTxsSignersSeqs[sender]; !ok { + // The transaction hasn't been added but it passed the + // verification, so we know that the sequence is correct. + // So we set this sender's sequence to seq-1, in order + // to avoid unnecessary calls to PrepareProposalVerifyTx. + selectedTxsSignersSeqs[sender] = seq - 1 +} + +} + +} + +selectedTxsNums = txsLen +} + +return true +}) + if resError != nil { + return nil, resError +} + for _, tx := range invalidTxs { + err := h.mempool.Remove(tx) + if err != nil && !errors.Is(err, mempool.ErrTxNotFound) { + return nil, err +} + +} + +return &abci.ResponsePrepareProposal{ + Txs: h.txSelector.SelectedTxs(ctx) +}, nil +} +} + +// ProcessProposalHandler returns the default implementation for processing an +// ABCI proposal. Every transaction in the proposal must pass 2 conditions: +// +// 1. The transaction bytes must decode to a valid transaction. +// 2. The transaction must be valid (i.e. pass runTx, AnteHandler only) +// +// If any transaction fails to pass either condition, the proposal is rejected. +// Note that step (2) + +is identical to the validation step performed in +// DefaultPrepareProposal. It is very important that the same validation logic +// is used in both steps, and applications must ensure that this is the case in +// non-default handlers. +func (h *DefaultProposalHandler) + +ProcessProposalHandler() + +sdk.ProcessProposalHandler { + // If the mempool is nil or NoOp we simply return ACCEPT, + // because PrepareProposal may have included txs that could fail verification. + _, isNoOp := h.mempool.(mempool.NoOpMempool) + if h.mempool == nil || isNoOp { + return NoOpProcessProposal() +} + +return func(ctx sdk.Context, req *abci.RequestProcessProposal) (*abci.ResponseProcessProposal, error) { + var totalTxGas uint64 + + var maxBlockGas int64 + if b := ctx.ConsensusParams().Block; b != nil { + maxBlockGas = b.MaxGas +} + for _, txBytes := range req.Txs { + tx, err := h.txVerifier.ProcessProposalVerifyTx(txBytes) + if err != nil { + return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_REJECT +}, nil +} + if maxBlockGas > 0 { + gasTx, ok := tx.(GasTx) + if ok { + totalTxGas += gasTx.GetGas() +} + if totalTxGas > uint64(maxBlockGas) { + return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_REJECT +}, nil +} + +} + +} + +return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_ACCEPT +}, nil +} +} + +// NoOpPrepareProposal defines a no-op PrepareProposal handler. It will always +// return the transactions sent by the client's request. +func NoOpPrepareProposal() + +sdk.PrepareProposalHandler { + return func(_ sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + return &abci.ResponsePrepareProposal{ + Txs: req.Txs +}, nil +} +} + +// NoOpProcessProposal defines a no-op ProcessProposal Handler. It will always +// return ACCEPT. +func NoOpProcessProposal() + +sdk.ProcessProposalHandler { + return func(_ sdk.Context, _ *abci.RequestProcessProposal) (*abci.ResponseProcessProposal, error) { + return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_ACCEPT +}, nil +} +} + +// NoOpExtendVote defines a no-op ExtendVote handler. It will always return an +// empty byte slice as the vote extension. +func NoOpExtendVote() + +sdk.ExtendVoteHandler { + return func(_ sdk.Context, _ *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + return &abci.ResponseExtendVote{ + VoteExtension: []byte{ +}}, nil +} +} + +// NoOpVerifyVoteExtensionHandler defines a no-op VerifyVoteExtension handler. It +// will always return an ACCEPT status with no error. +func NoOpVerifyVoteExtensionHandler() + +sdk.VerifyVoteExtensionHandler { + return func(_ sdk.Context, _ *abci.RequestVerifyVoteExtension) (*abci.ResponseVerifyVoteExtension, error) { + return &abci.ResponseVerifyVoteExtension{ + Status: abci.ResponseVerifyVoteExtension_ACCEPT +}, nil +} +} + +// TxSelector defines a helper type that assists in selecting transactions during +// mempool transaction selection in PrepareProposal. It keeps track of the total +// number of bytes and total gas of the selected transactions. It also keeps +// track of the selected transactions themselves. +type TxSelector interface { + // SelectedTxs should return a copy of the selected transactions. + SelectedTxs(ctx context.Context) [][]byte + + // Clear should clear the TxSelector, nulling out all relevant fields. + Clear() + + // SelectTxForProposal should attempt to select a transaction for inclusion in + // a proposal based on inclusion criteria defined by the TxSelector. It must + // return if the caller should halt the transaction selection loop + // (typically over a mempool) + +or otherwise. + SelectTxForProposal(ctx context.Context, maxTxBytes, maxBlockGas uint64, memTx sdk.Tx, txBz []byte) + +bool +} + +type defaultTxSelector struct { + totalTxBytes uint64 + totalTxGas uint64 + selectedTxs [][]byte +} + +func NewDefaultTxSelector() + +TxSelector { + return &defaultTxSelector{ +} +} + +func (ts *defaultTxSelector) + +SelectedTxs(_ context.Context) [][]byte { + txs := make([][]byte, len(ts.selectedTxs)) + +copy(txs, ts.selectedTxs) + +return txs +} + +func (ts *defaultTxSelector) + +Clear() { + ts.totalTxBytes = 0 + ts.totalTxGas = 0 + ts.selectedTxs = nil +} + +func (ts *defaultTxSelector) + +SelectTxForProposal(_ context.Context, maxTxBytes, maxBlockGas uint64, memTx sdk.Tx, txBz []byte) + +bool { + txSize := uint64(cmttypes.ComputeProtoSizeForTxs([]cmttypes.Tx{ + txBz +})) + +var txGasLimit uint64 + if memTx != nil { + if gasTx, ok := memTx.(GasTx); ok { + txGasLimit = gasTx.GetGas() +} + +} + + // only add the transaction to the proposal if we have enough capacity + if (txSize + ts.totalTxBytes) <= maxTxBytes { + // If there is a max block gas limit, add the tx only if the limit has + // not been met. + if maxBlockGas > 0 { + if (txGasLimit + ts.totalTxGas) <= maxBlockGas { + ts.totalTxGas += txGasLimit + ts.totalTxBytes += txSize + ts.selectedTxs = append(ts.selectedTxs, txBz) +} + +} + +else { + ts.totalTxBytes += txSize + ts.selectedTxs = append(ts.selectedTxs, txBz) +} + +} + + // check if we've reached capacity; if so, we cannot select any more transactions + return ts.totalTxBytes >= maxTxBytes || (maxBlockGas > 0 && (ts.totalTxGas >= maxBlockGas)) +} +``` + +### VerifyVoteExtension + +`VerifyVoteExtension` allows an application to verify that the data returned by `ExtendVote` is valid. This process MUST be deterministic. Moreover, the value of ResponseVerifyVoteExtension.status MUST exclusively depend on the parameters passed in the call to RequestVerifyVoteExtension, and the last committed Application state. + +In the Cosmos-SDK this is implemented as a NoOp: + +```go expandable +package baseapp + +import ( + + "bytes" + "context" + "fmt" + "slices" + "github.com/cockroachdb/errors" + abci "github.com/cometbft/cometbft/abci/types" + cryptoenc "github.com/cometbft/cometbft/crypto/encoding" + cmtprotocrypto "github.com/cometbft/cometbft/proto/tendermint/crypto" + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + cmttypes "github.com/cometbft/cometbft/types" + protoio "github.com/cosmos/gogoproto/io" + "github.com/cosmos/gogoproto/proto" + "cosmossdk.io/core/comet" + + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/mempool" +) + +type ( + // ValidatorStore defines the interface contract required for verifying vote + // extension signatures. Typically, this will be implemented by the x/staking + // module, which has knowledge of the CometBFT public key. + ValidatorStore interface { + GetPubKeyByConsAddr(context.Context, sdk.ConsAddress) (cmtprotocrypto.PublicKey, error) +} + + // GasTx defines the contract that a transaction with a gas limit must implement. + GasTx interface { + GetGas() + +uint64 +} +) + +// ValidateVoteExtensions defines a helper function for verifying vote extension +// signatures that may be passed or manually injected into a block proposal from +// a proposer in PrepareProposal. It returns an error if any signature is invalid +// or if unexpected vote extensions and/or signatures are found or less than 2/3 +// power is received. +// NOTE: From v0.50.5 `currentHeight` and `chainID` arguments are ignored for fixing an issue. +// They will be removed from the function in v0.51+. +func ValidateVoteExtensions( + ctx sdk.Context, + valStore ValidatorStore, + _ int64, + _ string, + extCommit abci.ExtendedCommitInfo, +) + +error { + // Get values from context + cp := ctx.ConsensusParams() + currentHeight := ctx.HeaderInfo().Height + chainID := ctx.HeaderInfo().ChainID + commitInfo := ctx.CometInfo().GetLastCommit() + + // Check that both extCommit + commit are ordered in accordance with vp/address. + if err := validateExtendedCommitAgainstLastCommit(extCommit, commitInfo); err != nil { + return err +} + + // Start checking vote extensions only **after** the vote extensions enable + // height, because when `currentHeight == VoteExtensionsEnableHeight` + // PrepareProposal doesn't get any vote extensions in its request. + extsEnabled := cp.Abci != nil && currentHeight > cp.Abci.VoteExtensionsEnableHeight && cp.Abci.VoteExtensionsEnableHeight != 0 + marshalDelimitedFn := func(msg proto.Message) ([]byte, error) { + var buf bytes.Buffer + if err := protoio.NewDelimitedWriter(&buf).WriteMsg(msg); err != nil { + return nil, err +} + +return buf.Bytes(), nil +} + +var ( + // Total voting power of all vote extensions. + totalVP int64 + // Total voting power of all validators that submitted valid vote extensions. + sumVP int64 + ) + for _, vote := range extCommit.Votes { + totalVP += vote.Validator.Power + + // Only check + include power if the vote is a commit vote. There must be super-majority, otherwise the + // previous block (the block the vote is for) + +could not have been committed. + if vote.BlockIdFlag != cmtproto.BlockIDFlagCommit { + continue +} + if !extsEnabled { + if len(vote.VoteExtension) > 0 { + return fmt.Errorf("vote extensions disabled; received non-empty vote extension at height %d", currentHeight) +} + if len(vote.ExtensionSignature) > 0 { + return fmt.Errorf("vote extensions disabled; received non-empty vote extension signature at height %d", currentHeight) +} + +continue +} + if len(vote.ExtensionSignature) == 0 { + return fmt.Errorf("vote extensions enabled; received empty vote extension signature at height %d", currentHeight) +} + valConsAddr := sdk.ConsAddress(vote.Validator.Address) + +pubKeyProto, err := valStore.GetPubKeyByConsAddr(ctx, valConsAddr) + if err != nil { + return fmt.Errorf("failed to get validator %X public key: %w", valConsAddr, err) +} + +cmtPubKey, err := cryptoenc.PubKeyFromProto(pubKeyProto) + if err != nil { + return fmt.Errorf("failed to convert validator %X public key: %w", valConsAddr, err) +} + cve := cmtproto.CanonicalVoteExtension{ + Extension: vote.VoteExtension, + Height: currentHeight - 1, // the vote extension was signed in the previous height + Round: int64(extCommit.Round), + ChainId: chainID, +} + +extSignBytes, err := marshalDelimitedFn(&cve) + if err != nil { + return fmt.Errorf("failed to encode CanonicalVoteExtension: %w", err) +} + if !cmtPubKey.VerifySignature(extSignBytes, vote.ExtensionSignature) { + return fmt.Errorf("failed to verify validator %X vote extension signature", valConsAddr) +} + +sumVP += vote.Validator.Power +} + + // This check is probably unnecessary, but better safe than sorry. + if totalVP <= 0 { + return fmt.Errorf("total voting power must be positive, got: %d", totalVP) +} + + // If the sum of the voting power has not reached (2/3 + 1) + +we need to error. + if requiredVP := ((totalVP * 2) / 3) + 1; sumVP < requiredVP { + return fmt.Errorf( + "insufficient cumulative voting power received to verify vote extensions; got: %d, expected: >=%d", + sumVP, requiredVP, + ) +} + +return nil +} + +// validateExtendedCommitAgainstLastCommit validates an ExtendedCommitInfo against a LastCommit. Specifically, +// it checks that the ExtendedCommit + LastCommit (for the same height), are consistent with each other + that +// they are ordered correctly (by voting power) + +in accordance with +// [comet](https://github.com/cometbft/cometbft/blob/4ce0277b35f31985bbf2c25d3806a184a4510010/types/validator_set.go#L784). +func validateExtendedCommitAgainstLastCommit(ec abci.ExtendedCommitInfo, lc comet.CommitInfo) + +error { + // check that the rounds are the same + if ec.Round != lc.Round() { + return fmt.Errorf("extended commit round %d does not match last commit round %d", ec.Round, lc.Round()) +} + + // check that the # of votes are the same + if len(ec.Votes) != lc.Votes().Len() { + return fmt.Errorf("extended commit votes length %d does not match last commit votes length %d", len(ec.Votes), lc.Votes().Len()) +} + + // check sort order of extended commit votes + if !slices.IsSortedFunc(ec.Votes, func(vote1, vote2 abci.ExtendedVoteInfo) + +int { + if vote1.Validator.Power == vote2.Validator.Power { + return bytes.Compare(vote1.Validator.Address, vote2.Validator.Address) // addresses sorted in ascending order (used to break vp conflicts) +} + +return -int(vote1.Validator.Power - vote2.Validator.Power) // vp sorted in descending order +}) { + return fmt.Errorf("extended commit votes are not sorted by voting power") +} + addressCache := make(map[string]struct{ +}, len(ec.Votes)) + // check that consistency between LastCommit and ExtendedCommit + for i, vote := range ec.Votes { + // cache addresses to check for duplicates + if _, ok := addressCache[string(vote.Validator.Address)]; ok { + return fmt.Errorf("extended commit vote address %X is duplicated", vote.Validator.Address) +} + +addressCache[string(vote.Validator.Address)] = struct{ +}{ +} + if !bytes.Equal(vote.Validator.Address, lc.Votes().Get(i).Validator().Address()) { + return fmt.Errorf("extended commit vote address %X does not match last commit vote address %X", vote.Validator.Address, lc.Votes().Get(i).Validator().Address()) +} + if vote.Validator.Power != lc.Votes().Get(i).Validator().Power() { + return fmt.Errorf("extended commit vote power %d does not match last commit vote power %d", vote.Validator.Power, lc.Votes().Get(i).Validator().Power()) +} + +} + +return nil +} + +type ( + // ProposalTxVerifier defines the interface that is implemented by BaseApp, + // that any custom ABCI PrepareProposal and ProcessProposal handler can use + // to verify a transaction. + ProposalTxVerifier interface { + PrepareProposalVerifyTx(tx sdk.Tx) ([]byte, error) + +ProcessProposalVerifyTx(txBz []byte) (sdk.Tx, error) + +TxDecode(txBz []byte) (sdk.Tx, error) + +TxEncode(tx sdk.Tx) ([]byte, error) +} + + // DefaultProposalHandler defines the default ABCI PrepareProposal and + // ProcessProposal handlers. + DefaultProposalHandler struct { + mempool mempool.Mempool + txVerifier ProposalTxVerifier + txSelector TxSelector + signerExtAdapter mempool.SignerExtractionAdapter +} +) + +func NewDefaultProposalHandler(mp mempool.Mempool, txVerifier ProposalTxVerifier) *DefaultProposalHandler { + return &DefaultProposalHandler{ + mempool: mp, + txVerifier: txVerifier, + txSelector: NewDefaultTxSelector(), + signerExtAdapter: mempool.NewDefaultSignerExtractionAdapter(), +} +} + +// SetTxSelector sets the TxSelector function on the DefaultProposalHandler. +func (h *DefaultProposalHandler) + +SetTxSelector(ts TxSelector) { + h.txSelector = ts +} + +// PrepareProposalHandler returns the default implementation for processing an +// ABCI proposal. The application's mempool is enumerated and all valid +// transactions are added to the proposal. Transactions are valid if they: +// +// 1) + +Successfully encode to bytes. +// 2) + +Are valid (i.e. pass runTx, AnteHandler only). +// +// Enumeration is halted once RequestPrepareProposal.MaxBytes of transactions is +// reached or the mempool is exhausted. +// +// Note: +// +// - Step (2) + +is identical to the validation step performed in +// DefaultProcessProposal. It is very important that the same validation logic +// is used in both steps, and applications must ensure that this is the case in +// non-default handlers. +// +// - If no mempool is set or if the mempool is a no-op mempool, the transactions +// requested from CometBFT will simply be returned, which, by default, are in +// FIFO order. +func (h *DefaultProposalHandler) + +PrepareProposalHandler() + +sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + var maxBlockGas uint64 + if b := ctx.ConsensusParams().Block; b != nil { + maxBlockGas = uint64(b.MaxGas) +} + +defer h.txSelector.Clear() + + // If the mempool is nil or NoOp we simply return the transactions + // requested from CometBFT, which, by default, should be in FIFO order. + // + // Note, we still need to ensure the transactions returned respect req.MaxTxBytes. + _, isNoOp := h.mempool.(mempool.NoOpMempool) + if h.mempool == nil || isNoOp { + for _, txBz := range req.Txs { + tx, err := h.txVerifier.TxDecode(txBz) + if err != nil { + return nil, err +} + stop := h.txSelector.SelectTxForProposal(ctx, uint64(req.MaxTxBytes), maxBlockGas, tx, txBz) + if stop { + break +} + +} + +return &abci.ResponsePrepareProposal{ + Txs: h.txSelector.SelectedTxs(ctx) +}, nil +} + selectedTxsSignersSeqs := make(map[string]uint64) + +var ( + resError error + selectedTxsNums int + invalidTxs []sdk.Tx // invalid txs to be removed out of the loop to avoid dead lock + ) + +mempool.SelectBy(ctx, h.mempool, req.Txs, func(memTx sdk.Tx) + +bool { + unorderedTx, ok := memTx.(sdk.TxWithUnordered) + isUnordered := ok && unorderedTx.GetUnordered() + txSignersSeqs := make(map[string]uint64) + + // if the tx is unordered, we don't need to check the sequence, we just add it + if !isUnordered { + signerData, err := h.signerExtAdapter.GetSigners(memTx) + if err != nil { + // propagate the error to the caller + resError = err + return false +} + + // If the signers aren't in selectedTxsSignersSeqs then we haven't seen them before + // so we add them and continue given that we don't need to check the sequence. + shouldAdd := true + for _, signer := range signerData { + seq, ok := selectedTxsSignersSeqs[signer.Signer.String()] + if !ok { + txSignersSeqs[signer.Signer.String()] = signer.Sequence + continue +} + + // If we have seen this signer before in this block, we must make + // sure that the current sequence is seq+1; otherwise is invalid + // and we skip it. + if seq+1 != signer.Sequence { + shouldAdd = false + break +} + +txSignersSeqs[signer.Signer.String()] = signer.Sequence +} + if !shouldAdd { + return true +} + +} + + // NOTE: Since transaction verification was already executed in CheckTx, + // which calls mempool.Insert, in theory everything in the pool should be + // valid. But some mempool implementations may insert invalid txs, so we + // check again. + txBz, err := h.txVerifier.PrepareProposalVerifyTx(memTx) + if err != nil { + invalidTxs = append(invalidTxs, memTx) +} + +else { + stop := h.txSelector.SelectTxForProposal(ctx, uint64(req.MaxTxBytes), maxBlockGas, memTx, txBz) + if stop { + return false +} + txsLen := len(h.txSelector.SelectedTxs(ctx)) + // If the tx is unordered, we don't need to update the sender sequence. + if !isUnordered { + for sender, seq := range txSignersSeqs { + // If txsLen != selectedTxsNums is true, it means that we've + // added a new tx to the selected txs, so we need to update + // the sequence of the sender. + if txsLen != selectedTxsNums { + selectedTxsSignersSeqs[sender] = seq +} + +else if _, ok := selectedTxsSignersSeqs[sender]; !ok { + // The transaction hasn't been added but it passed the + // verification, so we know that the sequence is correct. + // So we set this sender's sequence to seq-1, in order + // to avoid unnecessary calls to PrepareProposalVerifyTx. + selectedTxsSignersSeqs[sender] = seq - 1 +} + +} + +} + +selectedTxsNums = txsLen +} + +return true +}) + if resError != nil { + return nil, resError +} + for _, tx := range invalidTxs { + err := h.mempool.Remove(tx) + if err != nil && !errors.Is(err, mempool.ErrTxNotFound) { + return nil, err +} + +} + +return &abci.ResponsePrepareProposal{ + Txs: h.txSelector.SelectedTxs(ctx) +}, nil +} +} + +// ProcessProposalHandler returns the default implementation for processing an +// ABCI proposal. Every transaction in the proposal must pass 2 conditions: +// +// 1. The transaction bytes must decode to a valid transaction. +// 2. The transaction must be valid (i.e. pass runTx, AnteHandler only) +// +// If any transaction fails to pass either condition, the proposal is rejected. +// Note that step (2) + +is identical to the validation step performed in +// DefaultPrepareProposal. It is very important that the same validation logic +// is used in both steps, and applications must ensure that this is the case in +// non-default handlers. +func (h *DefaultProposalHandler) + +ProcessProposalHandler() + +sdk.ProcessProposalHandler { + // If the mempool is nil or NoOp we simply return ACCEPT, + // because PrepareProposal may have included txs that could fail verification. + _, isNoOp := h.mempool.(mempool.NoOpMempool) + if h.mempool == nil || isNoOp { + return NoOpProcessProposal() +} + +return func(ctx sdk.Context, req *abci.RequestProcessProposal) (*abci.ResponseProcessProposal, error) { + var totalTxGas uint64 + + var maxBlockGas int64 + if b := ctx.ConsensusParams().Block; b != nil { + maxBlockGas = b.MaxGas +} + for _, txBytes := range req.Txs { + tx, err := h.txVerifier.ProcessProposalVerifyTx(txBytes) + if err != nil { + return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_REJECT +}, nil +} + if maxBlockGas > 0 { + gasTx, ok := tx.(GasTx) + if ok { + totalTxGas += gasTx.GetGas() +} + if totalTxGas > uint64(maxBlockGas) { + return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_REJECT +}, nil +} + +} + +} + +return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_ACCEPT +}, nil +} +} + +// NoOpPrepareProposal defines a no-op PrepareProposal handler. It will always +// return the transactions sent by the client's request. +func NoOpPrepareProposal() + +sdk.PrepareProposalHandler { + return func(_ sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + return &abci.ResponsePrepareProposal{ + Txs: req.Txs +}, nil +} +} + +// NoOpProcessProposal defines a no-op ProcessProposal Handler. It will always +// return ACCEPT. +func NoOpProcessProposal() + +sdk.ProcessProposalHandler { + return func(_ sdk.Context, _ *abci.RequestProcessProposal) (*abci.ResponseProcessProposal, error) { + return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_ACCEPT +}, nil +} +} + +// NoOpExtendVote defines a no-op ExtendVote handler. It will always return an +// empty byte slice as the vote extension. +func NoOpExtendVote() + +sdk.ExtendVoteHandler { + return func(_ sdk.Context, _ *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + return &abci.ResponseExtendVote{ + VoteExtension: []byte{ +}}, nil +} +} + +// NoOpVerifyVoteExtensionHandler defines a no-op VerifyVoteExtension handler. It +// will always return an ACCEPT status with no error. +func NoOpVerifyVoteExtensionHandler() + +sdk.VerifyVoteExtensionHandler { + return func(_ sdk.Context, _ *abci.RequestVerifyVoteExtension) (*abci.ResponseVerifyVoteExtension, error) { + return &abci.ResponseVerifyVoteExtension{ + Status: abci.ResponseVerifyVoteExtension_ACCEPT +}, nil +} +} + +// TxSelector defines a helper type that assists in selecting transactions during +// mempool transaction selection in PrepareProposal. It keeps track of the total +// number of bytes and total gas of the selected transactions. It also keeps +// track of the selected transactions themselves. +type TxSelector interface { + // SelectedTxs should return a copy of the selected transactions. + SelectedTxs(ctx context.Context) [][]byte + + // Clear should clear the TxSelector, nulling out all relevant fields. + Clear() + + // SelectTxForProposal should attempt to select a transaction for inclusion in + // a proposal based on inclusion criteria defined by the TxSelector. It must + // return if the caller should halt the transaction selection loop + // (typically over a mempool) + +or otherwise. + SelectTxForProposal(ctx context.Context, maxTxBytes, maxBlockGas uint64, memTx sdk.Tx, txBz []byte) + +bool +} + +type defaultTxSelector struct { + totalTxBytes uint64 + totalTxGas uint64 + selectedTxs [][]byte +} + +func NewDefaultTxSelector() + +TxSelector { + return &defaultTxSelector{ +} +} + +func (ts *defaultTxSelector) + +SelectedTxs(_ context.Context) [][]byte { + txs := make([][]byte, len(ts.selectedTxs)) + +copy(txs, ts.selectedTxs) + +return txs +} + +func (ts *defaultTxSelector) + +Clear() { + ts.totalTxBytes = 0 + ts.totalTxGas = 0 + ts.selectedTxs = nil +} + +func (ts *defaultTxSelector) + +SelectTxForProposal(_ context.Context, maxTxBytes, maxBlockGas uint64, memTx sdk.Tx, txBz []byte) + +bool { + txSize := uint64(cmttypes.ComputeProtoSizeForTxs([]cmttypes.Tx{ + txBz +})) + +var txGasLimit uint64 + if memTx != nil { + if gasTx, ok := memTx.(GasTx); ok { + txGasLimit = gasTx.GetGas() +} + +} + + // only add the transaction to the proposal if we have enough capacity + if (txSize + ts.totalTxBytes) <= maxTxBytes { + // If there is a max block gas limit, add the tx only if the limit has + // not been met. + if maxBlockGas > 0 { + if (txGasLimit + ts.totalTxGas) <= maxBlockGas { + ts.totalTxGas += txGasLimit + ts.totalTxBytes += txSize + ts.selectedTxs = append(ts.selectedTxs, txBz) +} + +} + +else { + ts.totalTxBytes += txSize + ts.selectedTxs = append(ts.selectedTxs, txBz) +} + +} + + // check if we've reached capacity; if so, we cannot select any more transactions + return ts.totalTxBytes >= maxTxBytes || (maxBlockGas > 0 && (ts.totalTxGas >= maxBlockGas)) +} +``` diff --git a/docs/sdk/next/learn/advanced/cli.mdx b/docs/sdk/next/learn/advanced/cli.mdx new file mode 100644 index 00000000..b4bfe010 --- /dev/null +++ b/docs/sdk/next/learn/advanced/cli.mdx @@ -0,0 +1,230 @@ +--- +title: Command-Line Interface +--- + +**Synopsis** +This document describes how command-line interface (CLI) works on a high-level, for an [**application**](/docs/sdk/vnext/learn/beginner/app-anatomy). A separate document for implementing a CLI for a Cosmos SDK [**module**](/docs/sdk/vnext/build/building-modules/intro) can be found [here](/docs/sdk/vnext/build/building-modules/module-interfaces#cli). + + +## Command-Line Interface + +### Example Command + +There is no set way to create a CLI, but Cosmos SDK modules typically use the [Cobra Library](https://github.com/spf13/cobra). Building a CLI with Cobra entails defining commands, arguments, and flags. [**Commands**](#root-command) understand the actions users wish to take, such as `tx` for creating a transaction and `query` for querying the application. Each command can also have nested subcommands, necessary for naming the specific transaction type. Users also supply **Arguments**, such as account numbers to send coins to, and [**Flags**](#flags) to modify various aspects of the commands, such as gas prices or which node to broadcast to. + +Here is an example of a command a user might enter to interact with the simapp CLI `simd` in order to send some tokens: + +```bash +simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake --gas auto --gas-prices +``` + +The first four strings specify the command: + +* The root command for the entire application `simd`. +* The subcommand `tx`, which contains all commands that let users create transactions. +* The subcommand `bank` to indicate which module to route the command to ([`x/bank`](/docs/sdk/vnext/build/modules/bank/README) module in this case). +* The type of transaction `send`. + +The next two strings are arguments: the `from_address` the user wishes to send from, the `to_address` of the recipient, and the `amount` they want to send. Finally, the last few strings of the command are optional flags to indicate how much the user is willing to pay in fees (calculated using the amount of gas used to execute the transaction and the gas prices provided by the user). + +The CLI interacts with a [node](/docs/sdk/vnext/learn/advanced/node) to handle this command. The interface itself is defined in a `main.go` file. + +### Building the CLI + +The `main.go` file needs to have a `main()` function that creates a root command, to which all the application commands will be added as subcommands. The root command additionally handles: + +* **setting configurations** by reading in configuration files (e.g. the Cosmos SDK config file). +* **adding any flags** to it, such as `--chain-id`. +* **instantiating the `codec`** by injecting the application codecs. The [`codec`](/docs/sdk/vnext/learn/advanced/encoding) is used to encode and decode data structures for the application - stores can only persist `[]byte`s so the developer must define a serialization format for their data structures or use the default, Protobuf. +* **adding subcommand** for all the possible user interactions, including [transaction commands](#transaction-commands) and [query commands](#query-commands). + +The `main()` function finally creates an executor and [execute](https://pkg.go.dev/github.com/spf13/cobra#Command.Execute) the root command. See an example of `main()` function from the `simapp` application: + +```go expandable +package main + +import ( + + "fmt" + "os" + + clientv2helpers "cosmossdk.io/client/v2/helpers" + "cosmossdk.io/simapp" + "cosmossdk.io/simapp/simd/cmd" + + svrcmd "github.com/cosmos/cosmos-sdk/server/cmd" +) + +func main() { + rootCmd := cmd.NewRootCmd() + if err := svrcmd.Execute(rootCmd, clientv2helpers.EnvPrefix, simapp.DefaultNodeHome); err != nil { + fmt.Fprintln(rootCmd.OutOrStderr(), err) + +os.Exit(1) +} +} +``` + +The rest of the document will detail what needs to be implemented for each step and include smaller portions of code from the `simapp` CLI files. + +## Adding Commands to the CLI + +Every application CLI first constructs a root command, then adds functionality by aggregating subcommands (often with further nested subcommands) using `rootCmd.AddCommand()`. The bulk of an application's unique capabilities lies in its transaction and query commands, called `TxCmd` and `QueryCmd` respectively. + +### Root Command + +The root command (called `rootCmd`) is what the user first types into the command line to indicate which application they wish to interact with. The string used to invoke the command (the "Use" field) is typically the name of the application suffixed with `-d`, e.g. `simd` or `gaiad`. The root command typically includes the following commands to support basic functionality in the application. + +* **Status** command from the Cosmos SDK rpc client tools, which prints information about the status of the connected [`Node`](/docs/sdk/vnext/learn/advanced/node). The Status of a node includes `NodeInfo`,`SyncInfo` and `ValidatorInfo`. +* **Keys** [commands](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/keys) from the Cosmos SDK client tools, which includes a collection of subcommands for using the key functions in the Cosmos SDK crypto tools, including adding a new key and saving it to the keyring, listing all public keys stored in the keyring, and deleting a key. For example, users can type `simd keys add ` to add a new key and save an encrypted copy to the keyring, using the flag `--recover` to recover a private key from a seed phrase or the flag `--multisig` to group multiple keys together to create a multisig key. For full details on the `add` key command, see the code [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/client/keys/add.go). For more details about usage of `--keyring-backend` for storage of key credentials look at the [keyring docs](/docs/sdk/vnext/user/run-node/keyring). +* **Server** commands from the Cosmos SDK server package. These commands are responsible for providing the mechanisms necessary to start an ABCI CometBFT application and provides the CLI framework (based on [cobra](https://github.com/spf13/cobra)) necessary to fully bootstrap an application. The package exposes two core functions: `StartCmd` and `ExportCmd` which creates commands to start the application and export state respectively. + Learn more [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server). +* [**Transaction**](#transaction-commands) commands. +* [**Query**](#query-commands) commands. + +Next is an example `rootCmd` function from the `simapp` application. It instantiates the root command, adds a [*persistent* flag](#flags) and `PreRun` function to be run before every execution, and adds all of the necessary subcommands. + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L47-L130 +``` + + +Use the `EnhanceRootCommand()` from the AutoCLI options to automatically add auto-generated commands from the modules to the root command. +Additionally it adds all manually defined modules commands (`tx` and `query`) as well. +Read more about [AutoCLI](https://docs.cosmos.network/main/core/autocli) in its dedicated section. + + +`rootCmd` has a function called `initAppConfig()` which is useful for setting the application's custom configs. +By default app uses CometBFT app config template from Cosmos SDK, which can be over-written via `initAppConfig()`. +Here's an example code to override default `app.toml` template. + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L144-L199 +``` + +The `initAppConfig()` also allows overriding the default Cosmos SDK's [server config](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/server/config/config.go#L231). One example is the `min-gas-prices` config, which defines the minimum gas prices a validator is willing to accept for processing a transaction. By default, the Cosmos SDK sets this parameter to `""` (empty string), which forces all validators to tweak their own `app.toml` and set a non-empty value, or else the node will halt on startup. This might not be the best UX for validators, so the chain developer can set a default `app.toml` value for validators inside this `initAppConfig()` function. + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L164-L180 +``` + +The root-level `status` and `keys` subcommands are common across most applications and do not interact with application state. The bulk of an application's functionality - what users can actually *do* with it - is enabled by its `tx` and `query` commands. + +### Transaction Commands + +[Transactions](/docs/sdk/vnext/learn/advanced/transactions) are objects wrapping [`Msg`s](/docs/sdk/vnext/build/building-modules/messages-and-queries#messages) that trigger state changes. To enable the creation of transactions using the CLI interface, a function `txCommand` is generally added to the `rootCmd`: + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L222-L229 +``` + +This `txCommand` function adds all the transaction available to end-users for the application. This typically includes: + +* **Sign command** from the [`auth`](/docs/sdk/vnext/build/modules/auth/README) module that signs messages in a transaction. To enable multisig, add the `auth` module's `MultiSign` command. Since every transaction requires some sort of signature in order to be valid, the signing command is necessary for every application. +* **Broadcast command** from the Cosmos SDK client tools, to broadcast transactions. +* **All [module transaction commands](/docs/sdk/vnext/build/building-modules/module-interfaces#transaction-commands)** the application is dependent on, retrieved by using the [basic module manager's](/docs/sdk/vnext/build/building-modules/module-manager#basic-manager) `AddTxCommands()` function, or enhanced by [AutoCLI](https://docs.cosmos.network/main/core/autocli). + +Here is an example of a `txCommand` aggregating these subcommands from the `simapp` application: + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L270-L292 +``` + + +When using AutoCLI to generate module transaction commands, `EnhanceRootCommand()` automatically adds the module `tx` command to the root command. +Read more about [AutoCLI](https://docs.cosmos.network/main/core/autocli) in its dedicated section. + + +### Query Commands + +[**Queries**](/docs/sdk/vnext/build/building-modules/messages-and-queries#queries) are objects that allow users to retrieve information about the application's state. To enable the creation of queries using the CLI interface, a function `queryCommand` is generally added to the `rootCmd`: + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L222-L229 +``` + +This `queryCommand` function adds all the queries available to end-users for the application. This typically includes: + +* **QueryTx** and/or other transaction query commands from the `auth` module which allow the user to search for a transaction by inputting its hash, a list of tags, or a block height. These queries allow users to see if transactions have been included in a block. +* **Account command** from the `auth` module, which displays the state (e.g. account balance) of an account given an address. +* **Validator command** from the Cosmos SDK rpc client tools, which displays the validator set of a given height. +* **Block command** from the Cosmos SDK RPC client tools, which displays the block data for a given height. +* **All [module query commands](/docs/sdk/vnext/build/building-modules/module-interfaces#query-commands)** the application is dependent on, retrieved by using the [basic module manager's](/docs/sdk/vnext/build/building-modules/module-manager#basic-manager) `AddQueryCommands()` function, or enhanced by [AutoCLI](https://docs.cosmos.network/main/core/autocli). + +Here is an example of a `queryCommand` aggregating subcommands from the `simapp` application: + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L249-L268 +``` + + +When using AutoCLI to generate module query commands, `EnhanceRootCommand()` automatically adds the module `query` command to the root command. +Read more about [AutoCLI](https://docs.cosmos.network/main/core/autocli) in its dedicated section. + + +## Flags + +Flags are used to modify commands; developers can include them in a `flags.go` file with their CLI. Users can explicitly include them in commands or pre-configure them by inside their [`app.toml`](/docs/sdk/vnext/user/run-node/run-node#configuring-the-node-using-apptoml-and-configtoml). Commonly pre-configured flags include the `--node` to connect to and `--chain-id` of the blockchain the user wishes to interact with. + +A *persistent* flag (as opposed to a *local* flag) added to a command transcends all of its children: subcommands will inherit the configured values for these flags. Additionally, all flags have default values when they are added to commands; some toggle an option off but others are empty values that the user needs to override to create valid commands. A flag can be explicitly marked as *required* so that an error is automatically thrown if the user does not provide a value, but it is also acceptable to handle unexpected missing flags differently. + +Flags are added to commands directly (generally in the [module's CLI file](/docs/sdk/vnext/build/building-modules/module-interfaces#flags) where module commands are defined) and no flag except for the `rootCmd` persistent flags has to be added at application level. It is common to add a *persistent* flag for `--chain-id`, the unique identifier of the blockchain the application pertains to, to the root command. Adding this flag can be done in the `main()` function. Adding this flag makes sense as the chain ID should not be changing across commands in this application CLI. + +## Environment variables + +Each flag is bound to its respective named environment variable. The name of the environment variable consist of two parts - capital case `basename` followed by flag name of the flag. `-` must be substituted with `_`. For example flag `--node` for application with basename `GAIA` is bound to `GAIA_NODE`. It allows reducing the amount of flags typed for routine operations. For example instead of: + +```shell +gaia --home=./ --node= --chain-id="testchain-1" --keyring-backend=test tx ... --from= +``` + +this will be more convenient: + +```shell +# define env variables in .env, .envrc etc +GAIA_HOME= +GAIA_NODE= +GAIA_CHAIN_ID="testchain-1" +GAIA_KEYRING_BACKEND="test" + +# and later just use +gaia tx ... --from= +``` + +## Configurations + +It is vital that the root command of an application uses `PersistentPreRun()` cobra command property for executing the command, so all child commands have access to the server and client contexts. These contexts are set as their default values initially and may be modified, scoped to the command, in their respective `PersistentPreRun()` functions. Note that the `client.Context` is typically pre-populated with "default" values that may be useful for all commands to inherit and override if necessary. + +Here is an example of an `PersistentPreRun()` function from `simapp`: + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L81-L120 +``` + +The `SetCmdClientContextHandler` call reads persistent flags via `ReadPersistentCommandFlags` which creates a `client.Context` and sets that on the root command's `Context`. + +The `InterceptConfigsPreRunHandler` call creates a viper literal, default `server.Context`, and a logger and sets that on the root command's `Context`. The `server.Context` will be modified and saved to disk. The internal `interceptConfigs` call reads or creates a CometBFT configuration based on the home path provided. In addition, `interceptConfigs` also reads and loads the application configuration, `app.toml`, and binds that to the `server.Context` viper literal. This is vital so the application can get access to not only the CLI flags, but also to the application configuration values provided by this file. + + +When willing to configure which logger is used, do not use `InterceptConfigsPreRunHandler`, which sets the default SDK logger, but instead use `InterceptConfigsAndCreateContext` and set the server context and the logger manually: + +```diff expandable +-return server.InterceptConfigsPreRunHandler(cmd, customAppTemplate, customAppConfig, customCMTConfig) + ++serverCtx, err := server.InterceptConfigsAndCreateContext(cmd, customAppTemplate, customAppConfig, customCMTConfig) ++if err != nil { ++ return err ++} + ++// overwrite default server logger ++logger, err := server.CreateSDKLogger(serverCtx, cmd.OutOrStdout()) ++if err != nil { ++ return err ++} ++serverCtx.Logger = logger.With(log.ModuleKey, "server") + ++// set server context ++return server.SetCmdServerContext(cmd, serverCtx) +``` + + diff --git a/docs/sdk/next/learn/advanced/config.mdx b/docs/sdk/next/learn/advanced/config.mdx new file mode 100644 index 00000000..661c7083 --- /dev/null +++ b/docs/sdk/next/learn/advanced/config.mdx @@ -0,0 +1,25 @@ +--- +title: Configuration +description: >- + This documentation refers to the app.toml, if you'd like to read about the + config.toml please visit CometBFT docs. +--- +This documentation refers to the app.toml, if you'd like to read about the config.toml please visit [CometBFT docs](https://docs.cometbft.com/v0.37/). + +{/* the following is not a python reference, however syntax coloring makes the file more readable in the docs */} + +```python +# Reference: https://github.com/cosmos/cosmos-sdk/blob/main/tools/confix/data/v0.47-app.toml +``` + +## inter-block-cache + +This feature will consume more ram than a normal node, if enabled. + +## iavl-cache-size + +Using this feature will increase ram consumption + +## iavl-lazy-loading + +This feature is to be used for archive nodes, allowing them to have a faster start up time. diff --git a/docs/sdk/next/learn/advanced/context.mdx b/docs/sdk/next/learn/advanced/context.mdx new file mode 100644 index 00000000..f70fff46 --- /dev/null +++ b/docs/sdk/next/learn/advanced/context.mdx @@ -0,0 +1,821 @@ +--- +title: Context +--- + +**Synopsis** +The `context` is a data structure intended to be passed from function to function that carries information about the current state of the application. It provides access to a branched storage (a safe branch of the entire state) as well as useful objects and information like `gasMeter`, `block height`, `consensus parameters` and more. + + + +**Pre-requisite Readings** + +* [Anatomy of a Cosmos SDK Application](/docs/sdk/vnext/learn/beginner/app-anatomy) +* [Lifecycle of a Transaction](/docs/sdk/vnext/learn/beginner/tx-lifecycle) + + + +## Context Definition + +The Cosmos SDK `Context` is a custom data structure that contains Go's stdlib [`context`](https://pkg.go.dev/context) as its base, and has many additional types within its definition that are specific to the Cosmos SDK. The `Context` is integral to transaction processing in that it allows modules to easily access their respective [store](/docs/sdk/vnext/learn/advanced/store#base-layer-kvstores) in the [`multistore`](/docs/sdk/vnext/learn/advanced/store#multistore) and retrieve transactional context such as the block header and gas meter. + +```go expandable +package types + +import ( + + "context" + "time" + + abci "github.com/cometbft/cometbft/abci/types" + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + "cosmossdk.io/core/comet" + "cosmossdk.io/core/header" + "cosmossdk.io/log" + "cosmossdk.io/store/gaskv" + storetypes "cosmossdk.io/store/types" +) + +// ExecMode defines the execution mode which can be set on a Context. +type ExecMode uint8 + +// All possible execution modes. +const ( + ExecModeCheck ExecMode = iota + ExecModeReCheck + ExecModeSimulate + ExecModePrepareProposal + ExecModeProcessProposal + ExecModeVoteExtension + ExecModeVerifyVoteExtension + ExecModeFinalize +) + +/* +Context is an immutable object contains all information needed to +process a request. + +It contains a context.Context object inside if you want to use that, +but please do not over-use it. We try to keep all data structured +and standard additions here would be better just to add to the Context struct +*/ +type Context struct { + baseCtx context.Context + ms storetypes.MultiStore + // Deprecated: Use HeaderService for height, time, and chainID and CometService for the rest + header cmtproto.Header + // Deprecated: Use HeaderService for hash + headerHash []byte + // Deprecated: Use HeaderService for chainID and CometService for the rest + chainID string + txBytes []byte + logger log.Logger + voteInfo []abci.VoteInfo + gasMeter storetypes.GasMeter + blockGasMeter storetypes.GasMeter + checkTx bool + recheckTx bool // if recheckTx == true, then checkTx must also be true + sigverifyTx bool // when run simulation, because the private key corresponding to the account in the genesis.json randomly generated, we must skip the sigverify. + execMode ExecMode + minGasPrice DecCoins + consParams cmtproto.ConsensusParams + eventManager EventManagerI + priority int64 // The tx priority, only relevant in CheckTx + kvGasConfig storetypes.GasConfig + transientKVGasConfig storetypes.GasConfig + streamingManager storetypes.StreamingManager + cometInfo comet.BlockInfo + headerInfo header.Info +} + +// Proposed rename, not done to avoid API breakage +type Request = Context + +// Read-only accessors +func (c Context) + +Context() + +context.Context { + return c.baseCtx +} + +func (c Context) + +MultiStore() + +storetypes.MultiStore { + return c.ms +} + +func (c Context) + +BlockHeight() + +int64 { + return c.header.Height +} + +func (c Context) + +BlockTime() + +time.Time { + return c.header.Time +} + +func (c Context) + +ChainID() + +string { + return c.chainID +} + +func (c Context) + +TxBytes() []byte { + return c.txBytes +} + +func (c Context) + +Logger() + +log.Logger { + return c.logger +} + +func (c Context) + +VoteInfos() []abci.VoteInfo { + return c.voteInfo +} + +func (c Context) + +GasMeter() + +storetypes.GasMeter { + return c.gasMeter +} + +func (c Context) + +BlockGasMeter() + +storetypes.GasMeter { + return c.blockGasMeter +} + +func (c Context) + +IsCheckTx() + +bool { + return c.checkTx +} + +func (c Context) + +IsReCheckTx() + +bool { + return c.recheckTx +} + +func (c Context) + +IsSigverifyTx() + +bool { + return c.sigverifyTx +} + +func (c Context) + +ExecMode() + +ExecMode { + return c.execMode +} + +func (c Context) + +MinGasPrices() + +DecCoins { + return c.minGasPrice +} + +func (c Context) + +EventManager() + +EventManagerI { + return c.eventManager +} + +func (c Context) + +Priority() + +int64 { + return c.priority +} + +func (c Context) + +KVGasConfig() + +storetypes.GasConfig { + return c.kvGasConfig +} + +func (c Context) + +TransientKVGasConfig() + +storetypes.GasConfig { + return c.transientKVGasConfig +} + +func (c Context) + +StreamingManager() + +storetypes.StreamingManager { + return c.streamingManager +} + +func (c Context) + +CometInfo() + +comet.BlockInfo { + return c.cometInfo +} + +func (c Context) + +HeaderInfo() + +header.Info { + return c.headerInfo +} + +// BlockHeader returns the header by value. +func (c Context) + +BlockHeader() + +cmtproto.Header { + return c.header +} + +// HeaderHash returns a copy of the header hash obtained during abci.RequestBeginBlock +func (c Context) + +HeaderHash() []byte { + hash := make([]byte, len(c.headerHash)) + +copy(hash, c.headerHash) + +return hash +} + +func (c Context) + +ConsensusParams() + +cmtproto.ConsensusParams { + return c.consParams +} + +func (c Context) + +Deadline() (deadline time.Time, ok bool) { + return c.baseCtx.Deadline() +} + +func (c Context) + +Done() <-chan struct{ +} { + return c.baseCtx.Done() +} + +func (c Context) + +Err() + +error { + return c.baseCtx.Err() +} + +// create a new context +func NewContext(ms storetypes.MultiStore, header cmtproto.Header, isCheckTx bool, logger log.Logger) + +Context { + // https://github.com/gogo/protobuf/issues/519 + header.Time = header.Time.UTC() + +return Context{ + baseCtx: context.Background(), + ms: ms, + header: header, + chainID: header.ChainID, + checkTx: isCheckTx, + sigverifyTx: true, + logger: logger, + gasMeter: storetypes.NewInfiniteGasMeter(), + minGasPrice: DecCoins{ +}, + eventManager: NewEventManager(), + kvGasConfig: storetypes.KVGasConfig(), + transientKVGasConfig: storetypes.TransientGasConfig(), +} +} + +// WithContext returns a Context with an updated context.Context. +func (c Context) + +WithContext(ctx context.Context) + +Context { + c.baseCtx = ctx + return c +} + +// WithMultiStore returns a Context with an updated MultiStore. +func (c Context) + +WithMultiStore(ms storetypes.MultiStore) + +Context { + c.ms = ms + return c +} + +// WithBlockHeader returns a Context with an updated CometBFT block header in UTC time. +func (c Context) + +WithBlockHeader(header cmtproto.Header) + +Context { + // https://github.com/gogo/protobuf/issues/519 + header.Time = header.Time.UTC() + +c.header = header + return c +} + +// WithHeaderHash returns a Context with an updated CometBFT block header hash. +func (c Context) + +WithHeaderHash(hash []byte) + +Context { + temp := make([]byte, len(hash)) + +copy(temp, hash) + +c.headerHash = temp + return c +} + +// WithBlockTime returns a Context with an updated CometBFT block header time in UTC with no monotonic component. +// Stripping the monotonic component is for time equality. +func (c Context) + +WithBlockTime(newTime time.Time) + +Context { + newHeader := c.BlockHeader() + // https://github.com/gogo/protobuf/issues/519 + newHeader.Time = newTime.Round(0).UTC() + +return c.WithBlockHeader(newHeader) +} + +// WithProposer returns a Context with an updated proposer consensus address. +func (c Context) + +WithProposer(addr ConsAddress) + +Context { + newHeader := c.BlockHeader() + +newHeader.ProposerAddress = addr.Bytes() + +return c.WithBlockHeader(newHeader) +} + +// WithBlockHeight returns a Context with an updated block height. +func (c Context) + +WithBlockHeight(height int64) + +Context { + newHeader := c.BlockHeader() + +newHeader.Height = height + return c.WithBlockHeader(newHeader) +} + +// WithChainID returns a Context with an updated chain identifier. +func (c Context) + +WithChainID(chainID string) + +Context { + c.chainID = chainID + return c +} + +// WithTxBytes returns a Context with an updated txBytes. +func (c Context) + +WithTxBytes(txBytes []byte) + +Context { + c.txBytes = txBytes + return c +} + +// WithLogger returns a Context with an updated logger. +func (c Context) + +WithLogger(logger log.Logger) + +Context { + c.logger = logger + return c +} + +// WithVoteInfos returns a Context with an updated consensus VoteInfo. +func (c Context) + +WithVoteInfos(voteInfo []abci.VoteInfo) + +Context { + c.voteInfo = voteInfo + return c +} + +// WithGasMeter returns a Context with an updated transaction GasMeter. +func (c Context) + +WithGasMeter(meter storetypes.GasMeter) + +Context { + c.gasMeter = meter + return c +} + +// WithBlockGasMeter returns a Context with an updated block GasMeter +func (c Context) + +WithBlockGasMeter(meter storetypes.GasMeter) + +Context { + c.blockGasMeter = meter + return c +} + +// WithKVGasConfig returns a Context with an updated gas configuration for +// the KVStore +func (c Context) + +WithKVGasConfig(gasConfig storetypes.GasConfig) + +Context { + c.kvGasConfig = gasConfig + return c +} + +// WithTransientKVGasConfig returns a Context with an updated gas configuration for +// the transient KVStore +func (c Context) + +WithTransientKVGasConfig(gasConfig storetypes.GasConfig) + +Context { + c.transientKVGasConfig = gasConfig + return c +} + +// WithIsCheckTx enables or disables CheckTx value for verifying transactions and returns an updated Context +func (c Context) + +WithIsCheckTx(isCheckTx bool) + +Context { + c.checkTx = isCheckTx + c.execMode = ExecModeCheck + return c +} + +// WithIsRecheckTx called with true will also set true on checkTx in order to +// enforce the invariant that if recheckTx = true then checkTx = true as well. +func (c Context) + +WithIsReCheckTx(isRecheckTx bool) + +Context { + if isRecheckTx { + c.checkTx = true +} + +c.recheckTx = isRecheckTx + c.execMode = ExecModeReCheck + return c +} + +// WithIsSigverifyTx called with true will sigverify in auth module +func (c Context) + +WithIsSigverifyTx(isSigverifyTx bool) + +Context { + c.sigverifyTx = isSigverifyTx + return c +} + +// WithExecMode returns a Context with an updated ExecMode. +func (c Context) + +WithExecMode(m ExecMode) + +Context { + c.execMode = m + return c +} + +// WithMinGasPrices returns a Context with an updated minimum gas price value +func (c Context) + +WithMinGasPrices(gasPrices DecCoins) + +Context { + c.minGasPrice = gasPrices + return c +} + +// WithConsensusParams returns a Context with an updated consensus params +func (c Context) + +WithConsensusParams(params cmtproto.ConsensusParams) + +Context { + c.consParams = params + return c +} + +// WithEventManager returns a Context with an updated event manager +func (c Context) + +WithEventManager(em EventManagerI) + +Context { + c.eventManager = em + return c +} + +// WithPriority returns a Context with an updated tx priority +func (c Context) + +WithPriority(p int64) + +Context { + c.priority = p + return c +} + +// WithStreamingManager returns a Context with an updated streaming manager +func (c Context) + +WithStreamingManager(sm storetypes.StreamingManager) + +Context { + c.streamingManager = sm + return c +} + +// WithCometInfo returns a Context with an updated comet info +func (c Context) + +WithCometInfo(cometInfo comet.BlockInfo) + +Context { + c.cometInfo = cometInfo + return c +} + +// WithHeaderInfo returns a Context with an updated header info +func (c Context) + +WithHeaderInfo(headerInfo header.Info) + +Context { + // Settime to UTC + headerInfo.Time = headerInfo.Time.UTC() + +c.headerInfo = headerInfo + return c +} + +// TODO: remove??? +func (c Context) + +IsZero() + +bool { + return c.ms == nil +} + +func (c Context) + +WithValue(key, value interface{ +}) + +Context { + c.baseCtx = context.WithValue(c.baseCtx, key, value) + +return c +} + +func (c Context) + +Value(key interface{ +}) + +interface{ +} { + if key == SdkContextKey { + return c +} + +return c.baseCtx.Value(key) +} + +// ---------------------------------------------------------------------------- +// Store / Caching +// ---------------------------------------------------------------------------- + +// KVStore fetches a KVStore from the MultiStore. +func (c Context) + +KVStore(key storetypes.StoreKey) + +storetypes.KVStore { + return gaskv.NewStore(c.ms.GetKVStore(key), c.gasMeter, c.kvGasConfig) +} + +// TransientStore fetches a TransientStore from the MultiStore. +func (c Context) + +TransientStore(key storetypes.StoreKey) + +storetypes.KVStore { + return gaskv.NewStore(c.ms.GetKVStore(key), c.gasMeter, c.transientKVGasConfig) +} + +// CacheContext returns a new Context with the multi-store cached and a new +// EventManager. The cached context is written to the context when writeCache +// is called. Note, events are automatically emitted on the parent context's +// EventManager when the caller executes the write. +func (c Context) + +CacheContext() (cc Context, writeCache func()) { + cms := c.ms.CacheMultiStore() + +cc = c.WithMultiStore(cms).WithEventManager(NewEventManager()) + +writeCache = func() { + c.EventManager().EmitEvents(cc.EventManager().Events()) + +cms.Write() +} + +return cc, writeCache +} + +var ( + _ context.Context = Context{ +} + _ storetypes.Context = Context{ +} +) + +// ContextKey defines a type alias for a stdlib Context key. +type ContextKey string + +// SdkContextKey is the key in the context.Context which holds the sdk.Context. +const SdkContextKey ContextKey = "sdk-context" + +// WrapSDKContext returns a stdlib context.Context with the provided sdk.Context's internal +// context as a value. It is useful for passing an sdk.Context through methods that take a +// stdlib context.Context parameter such as generated gRPC methods. To get the original +// sdk.Context back, call UnwrapSDKContext. +// +// Deprecated: there is no need to wrap anymore as the Cosmos SDK context implements context.Context. +func WrapSDKContext(ctx Context) + +context.Context { + return ctx +} + +// UnwrapSDKContext retrieves a Context from a context.Context instance +// attached with WrapSDKContext. It panics if a Context was not properly +// attached +func UnwrapSDKContext(ctx context.Context) + +Context { + if sdkCtx, ok := ctx.(Context); ok { + return sdkCtx +} + +return ctx.Value(SdkContextKey).(Context) +} +``` + +* **Base Context:** The base type is a Go [Context](https://pkg.go.dev/context), which is explained further in the [Go Context Package](#go-context-package) section below. +* **Multistore:** Every application's `BaseApp` contains a [`CommitMultiStore`](/docs/sdk/vnext/learn/advanced/store#multistore) which is provided when a `Context` is created. Calling the `KVStore()` and `TransientStore()` methods allows modules to fetch their respective [`KVStore`](/docs/sdk/vnext/learn/advanced/store#base-layer-kvstores) using their unique `StoreKey`. +* **Header:** The [header](https://docs.cometbft.com/v0.37/spec/core/data_structures#header) is a Blockchain type. It carries important information about the state of the blockchain, such as block height and proposer of the current block. +* **Header Hash:** The current block header hash, obtained during `abci.FinalizeBlock`. +* **Chain ID:** The unique identification number of the blockchain a block pertains to. +* **Transaction Bytes:** The `[]byte` representation of a transaction being processed using the context. Every transaction is processed by various parts of the Cosmos SDK and consensus engine (e.g. CometBFT) throughout its [lifecycle](/docs/sdk/vnext/learn/beginner/tx-lifecycle), some of which do not have any understanding of transaction types. Thus, transactions are marshaled into the generic `[]byte` type using some kind of [encoding format](/docs/sdk/vnext/learn/advanced/encoding) such as [Amino](/docs/sdk/vnext/learn/advanced/encoding). +* **Logger:** A `logger` from the CometBFT libraries. Learn more about logs [here](https://docs.cometbft.com/v0.37/core/configuration). Modules call this method to create their own unique module-specific logger. +* **VoteInfo:** A list of the ABCI type [`VoteInfo`](https://docs.cometbft.com/main/spec/abci/abci++_methods.html#voteinfo), which includes the name of a validator and a boolean indicating whether they have signed the block. +* **Gas Meters:** Specifically, a [`gasMeter`](/docs/sdk/vnext/learn/beginner/gas-fees#main-gas-meter) for the transaction currently being processed using the context and a [`blockGasMeter`](/docs/sdk/vnext/learn/beginner/gas-fees#block-gas-meter) for the entire block it belongs to. Users specify how much in fees they wish to pay for the execution of their transaction; these gas meters keep track of how much [gas](/docs/sdk/vnext/learn/beginner/gas-fees) has been used in the transaction or block so far. If the gas meter runs out, execution halts. +* **CheckTx Mode:** A boolean value indicating whether a transaction should be processed in `CheckTx` or `DeliverTx` mode. +* **Min Gas Price:** The minimum [gas](/docs/sdk/vnext/learn/beginner/gas-fees) price a node is willing to take in order to include a transaction in its block. This price is a local value configured by each node individually, and should therefore **not be used in any functions used in sequences leading to state-transitions**. +* **Consensus Params:** The ABCI type [Consensus Parameters](https://docs.cometbft.com/v0.37/spec/abci/abci++_app_requirements#consensus-parameters), which specify certain limits for the blockchain, such as maximum gas for a block. +* **Event Manager:** The event manager allows any caller with access to a `Context` to emit [`Events`](/docs/sdk/vnext/learn/advanced/events). Modules may define module specific + `Events` by defining various `Types` and `Attributes` or use the common definitions found in `types/`. Clients can subscribe or query for these `Events`. These `Events` are collected throughout `FinalizeBlock` and are returned to CometBFT for indexing. +* **Priority:** The transaction priority, only relevant in `CheckTx`. +* **KV `GasConfig`:** Enables applications to set a custom `GasConfig` for the `KVStore`. +* **Transient KV `GasConfig`:** Enables applications to set a custom `GasConfig` for the transient `KVStore`. +* **StreamingManager:** The streamingManager field provides access to the streaming manager, which allows modules to subscribe to state changes emitted by the blockchain. The streaming manager is used by the state listening API, which is described in [ADR 038](https://docs.cosmos.network/main/architecture/adr-038-state-listening). +* **CometInfo:** A lightweight field that contains information about the current block, such as the block height, time, and hash. This information can be used for validating evidence, providing historical data, and enhancing the user experience. For further details see [here](https://github.com/cosmos/cosmos-sdk/blob/main/core/comet/service.go#L14). +* **HeaderInfo:** The `headerInfo` field contains information about the current block header, such as the chain ID, gas limit, and timestamp. For further details see [here](https://github.com/cosmos/cosmos-sdk/blob/main/core/header/service.go#L14). + +## Go Context Package + +A basic `Context` is defined in the [Golang Context Package](https://pkg.go.dev/context). A `Context` +is an immutable data structure that carries request-scoped data across APIs and processes. Contexts +are also designed to enable concurrency and to be used in goroutines. + +Contexts are intended to be **immutable**; they should never be edited. Instead, the convention is +to create a child context from its parent using a `With` function. For example: + +```go +childCtx = parentCtx.WithBlockHeader(header) +``` + +The [Golang Context Package](https://pkg.go.dev/context) documentation instructs developers to +explicitly pass a context `ctx` as the first argument of a process. + +## Store branching + +The `Context` contains a `MultiStore`, which allows for branching and caching functionality using `CacheMultiStore` +(queries in `CacheMultiStore` are cached to avoid future round trips). +Each `KVStore` is branched in a safe and isolated ephemeral storage. Processes are free to write changes to +the `CacheMultiStore`. If a state-transition sequence is performed without issue, the store branch can +be committed to the underlying store at the end of the sequence or disregard them if something +goes wrong. The pattern of usage for a Context is as follows: + +1. A process receives a Context `ctx` from its parent process, which provides information needed to + perform the process. +2. The `ctx.ms` is a **branched store**, i.e. a branch of the [multistore](/docs/sdk/vnext/learn/advanced/store#multistore) is made so that the process can make changes to the state as it executes, without changing the original `ctx.ms`. This is useful to protect the underlying multistore in case the changes need to be reverted at some point in the execution. +3. The process may read and write from `ctx` as it is executing. It may call a subprocess and pass + `ctx` to it as needed. +4. When a subprocess returns, it checks if the result is a success or failure. If a failure, nothing + needs to be done - the branch `ctx` is simply discarded. If successful, the changes made to + the `CacheMultiStore` can be committed to the original `ctx.ms` via `Write()`. + +For example, here is a snippet from the [`runTx`](/docs/sdk/vnext/learn/advanced/baseapp#runtx-antehandler-runmsgs-posthandler) function in [`baseapp`](/docs/sdk/vnext/learn/advanced/baseapp): + +```go +runMsgCtx, msCache := app.cacheTxContext(ctx, txBytes) + +result = app.runMsgs(runMsgCtx, msgs, mode) + +result.GasWanted = gasWanted + if mode != runTxModeDeliver { + return result +} + if result.IsOK() { + msCache.Write() +} +``` + +Here is the process: + +1. Prior to calling `runMsgs` on the message(s) in the transaction, it uses `app.cacheTxContext()` + to branch and cache the context and multistore. +2. `runMsgCtx` - the context with branched store, is used in `runMsgs` to return a result. +3. If the process is running in [`checkTxMode`](/docs/sdk/vnext/learn/advanced/baseapp#checktx), there is no need to write the + changes - the result is returned immediately. +4. If the process is running in [`deliverTxMode`](/docs/sdk/vnext/learn/advanced/baseapp#delivertx) and the result indicates + a successful run over all the messages, the branched multistore is written back to the original. diff --git a/docs/sdk/next/learn/advanced/encoding.mdx b/docs/sdk/next/learn/advanced/encoding.mdx new file mode 100644 index 00000000..3d442a74 --- /dev/null +++ b/docs/sdk/next/learn/advanced/encoding.mdx @@ -0,0 +1,1976 @@ +--- +title: Encoding +--- + +**Synopsis** +While encoding in the Cosmos SDK used to be mainly handled by `go-amino` codec, the Cosmos SDK is moving towards using `gogoprotobuf` for both state and client-side encoding. + + + +**Pre-requisite Readings** + +* [Anatomy of a Cosmos SDK application](/docs/sdk/vnext/learn/beginner/app-anatomy) + + + +## Encoding + +The Cosmos SDK utilizes two binary wire encoding protocols, [Amino](https://github.com/tendermint/go-amino/) which is an object encoding specification and [Protocol Buffers](https://developers.google.com/protocol-buffers), a subset of Proto3 with an extension for +interface support. See the [Proto3 spec](https://developers.google.com/protocol-buffers/docs/proto3) +for more information on Proto3, which Amino is largely compatible with (but not with Proto2). + +Due to Amino having significant performance drawbacks, being reflection-based, and +not having any meaningful cross-language/client support, Protocol Buffers, specifically +[gogoprotobuf](https://github.com/cosmos/gogoproto/), is being used in place of Amino. +Note, this process of using Protocol Buffers over Amino is still an ongoing process. + +Binary wire encoding of types in the Cosmos SDK can be broken down into two main +categories, client encoding and store encoding. Client encoding mainly revolves +around transaction processing and signing, whereas store encoding revolves around +types used in state-machine transitions and what is ultimately stored in the Merkle +tree. + +For store encoding, protobuf definitions can exist for any type and will typically +have an Amino-based "intermediary" type. Specifically, the protobuf-based type +definition is used for serialization and persistence, whereas the Amino-based type +is used for business logic in the state-machine where they may convert back-n-forth. +Note, the Amino-based types may slowly be phased-out in the future, so developers +should take note to use the protobuf message definitions where possible. + +In the `codec` package, there exists two core interfaces, `BinaryCodec` and `JSONCodec`, +where the former encapsulates the current Amino interface except it operates on +types implementing the latter instead of generic `interface{}` types. + +The `ProtoCodec`, where both binary and JSON serialization is handled +via Protobuf. This means that modules may use Protobuf encoding, but the types must +implement `ProtoMarshaler`. If modules wish to avoid implementing this interface +for their types, this is autogenerated via [buf](https://buf.build/) + +If modules use [Collections](/docs/sdk/vnext/build/packages/collections), encoding and decoding are handled, marshal and unmarshal should not be handled manually unless for specific cases identified by the developer. + +### Gogoproto + +Modules are encouraged to utilize Protobuf encoding for their respective types. In the Cosmos SDK, we use the [Gogoproto](https://github.com/cosmos/gogoproto) specific implementation of the Protobuf spec that offers speed and DX improvements compared to the official [Google protobuf implementation](https://github.com/protocolbuffers/protobuf). + +### Guidelines for protobuf message definitions + +In addition to [following official Protocol Buffer guidelines](https://developers.google.com/protocol-buffers/docs/proto3#simple), we recommend using these annotations in .proto files when dealing with interfaces: + +* use `cosmos_proto.accepts_interface` to annotate `Any` fields that accept interfaces + * pass the same fully qualified name as `protoName` to `InterfaceRegistry.RegisterInterface` + * example: `(cosmos_proto.accepts_interface) = "cosmos.gov.v1beta1.Content"` (and not just `Content`) +* annotate interface implementations with `cosmos_proto.implements_interface` + * pass the same fully qualified name as `protoName` to `InterfaceRegistry.RegisterInterface` + * example: `(cosmos_proto.implements_interface) = "cosmos.authz.v1beta1.Authorization"` (and not just `Authorization`) + +Code generators can then match the `accepts_interface` and `implements_interface` annotations to know whether some Protobuf messages are allowed to be packed in a given `Any` field or not. + +### Transaction Encoding + +Another important use of Protobuf is the encoding and decoding of +[transactions](/docs/sdk/vnext/learn/advanced/transactions). Transactions are defined by the application or +the Cosmos SDK but are then passed to the underlying consensus engine to be relayed to +other peers. Since the underlying consensus engine is agnostic to the application, +the consensus engine accepts only transactions in the form of raw bytes. + +* The `TxEncoder` object performs the encoding. +* The `TxDecoder` object performs the decoding. + +```go expandable +package types + +import ( + + "encoding/json" + fmt "fmt" + strings "strings" + "time" + "github.com/cosmos/gogoproto/proto" + protov2 "google.golang.org/protobuf/proto" + "github.com/cosmos/cosmos-sdk/codec" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" +) + +type ( + // Msg defines the interface a transaction message needed to fulfill. + Msg = proto.Message + + // LegacyMsg defines the interface a transaction message needed to fulfill up through + // v0.47. + LegacyMsg interface { + Msg + + // GetSigners returns the addrs of signers that must sign. + // CONTRACT: All signatures must be present to be valid. + // CONTRACT: Returns addrs in some deterministic order. + GetSigners() []AccAddress +} + + // Fee defines an interface for an application application-defined concrete + // transaction type to be able to set and return the transaction fee. + Fee interface { + GetGas() + +uint64 + GetAmount() + +Coins +} + + // Signature defines an interface for an application application-defined + // concrete transaction type to be able to set and return transaction signatures. + Signature interface { + GetPubKey() + +cryptotypes.PubKey + GetSignature() []byte +} + + // HasMsgs defines an interface a transaction must fulfill. + HasMsgs interface { + // GetMsgs gets the all the transaction's messages. + GetMsgs() []Msg +} + + // Tx defines an interface a transaction must fulfill. + Tx interface { + HasMsgs + + // GetMsgsV2 gets the transaction's messages as google.golang.org/protobuf/proto.Message's. + GetMsgsV2() ([]protov2.Message, error) +} + + // FeeTx defines the interface to be implemented by Tx to use the FeeDecorators + FeeTx interface { + Tx + GetGas() + +uint64 + GetFee() + +Coins + FeePayer() []byte + FeeGranter() []byte +} + + // TxWithMemo must have GetMemo() + +method to use ValidateMemoDecorator + TxWithMemo interface { + Tx + GetMemo() + +string +} + + // TxWithTimeoutTimeStamp extends the Tx interface by allowing a transaction to + // set a timeout timestamp. + TxWithTimeoutTimeStamp interface { + Tx + + GetTimeoutTimeStamp() + +time.Time +} + + // TxWithTimeoutHeight extends the Tx interface by allowing a transaction to + // set a height timeout. + TxWithTimeoutHeight interface { + Tx + + GetTimeoutHeight() + +uint64 +} + + // TxWithUnordered extends the Tx interface by allowing a transaction to set + // the unordered field, which implicitly relies on TxWithTimeoutTimeStamp. + TxWithUnordered interface { + TxWithTimeoutTimeStamp + + GetUnordered() + +bool +} + + // HasValidateBasic defines a type that has a ValidateBasic method. + // ValidateBasic is deprecated and now facultative. + // Prefer validating messages directly in the msg server. + HasValidateBasic interface { + // ValidateBasic does a simple validation check that + // doesn't require access to any other information. + ValidateBasic() + +error +} +) + +// TxDecoder unmarshals transaction bytes +type TxDecoder func(txBytes []byte) (Tx, error) + +// TxEncoder marshals transaction to bytes +type TxEncoder func(tx Tx) ([]byte, error) + +// MsgTypeURL returns the TypeURL of a `sdk.Msg`. +var MsgTypeURL = codectypes.MsgTypeURL + +// GetMsgFromTypeURL returns a `sdk.Msg` message type from a type URL +func GetMsgFromTypeURL(cdc codec.Codec, input string) (Msg, error) { + var msg Msg + bz, err := json.Marshal(struct { + Type string `json:"@type"` +}{ + Type: input, +}) + if err != nil { + return nil, err +} + if err := cdc.UnmarshalInterfaceJSON(bz, &msg); err != nil { + return nil, fmt.Errorf("failed to determine sdk.Msg for %s URL : %w", input, err) +} + +return msg, nil +} + +// GetModuleNameFromTypeURL assumes that module name is the second element of the msg type URL +// e.g. "cosmos.bank.v1beta1.MsgSend" => "bank" +// It returns an empty string if the input is not a valid type URL +func GetModuleNameFromTypeURL(input string) + +string { + moduleName := strings.Split(input, ".") + if len(moduleName) > 1 { + return moduleName[1] +} + +return "" +} +``` + +A standard implementation of both these objects can be found in the [`auth/tx` module](/docs/sdk/vnext/build/modules/auth/tx): + +```go expandable +package tx + +import ( + + "fmt" + "google.golang.org/protobuf/encoding/protowire" + + errorsmod "cosmossdk.io/errors" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/unknownproto" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/cosmos/cosmos-sdk/types/tx" +) + +// DefaultTxDecoder returns a default protobuf TxDecoder using the provided Marshaler. +func DefaultTxDecoder(cdc codec.Codec) + +sdk.TxDecoder { + return func(txBytes []byte) (sdk.Tx, error) { + // Make sure txBytes follow ADR-027. + err := rejectNonADR027TxRaw(txBytes) + if err != nil { + return nil, errorsmod.Wrap(sdkerrors.ErrTxDecode, err.Error()) +} + +var raw tx.TxRaw + + // reject all unknown proto fields in the root TxRaw + err = unknownproto.RejectUnknownFieldsStrict(txBytes, &raw, cdc.InterfaceRegistry()) + if err != nil { + return nil, errorsmod.Wrap(sdkerrors.ErrTxDecode, err.Error()) +} + +err = cdc.Unmarshal(txBytes, &raw) + if err != nil { + return nil, err +} + +var body tx.TxBody + + // allow non-critical unknown fields in TxBody + txBodyHasUnknownNonCriticals, err := unknownproto.RejectUnknownFields(raw.BodyBytes, &body, true, cdc.InterfaceRegistry()) + if err != nil { + return nil, errorsmod.Wrap(sdkerrors.ErrTxDecode, err.Error()) +} + +err = cdc.Unmarshal(raw.BodyBytes, &body) + if err != nil { + return nil, errorsmod.Wrap(sdkerrors.ErrTxDecode, err.Error()) +} + +var authInfo tx.AuthInfo + + // reject all unknown proto fields in AuthInfo + err = unknownproto.RejectUnknownFieldsStrict(raw.AuthInfoBytes, &authInfo, cdc.InterfaceRegistry()) + if err != nil { + return nil, errorsmod.Wrap(sdkerrors.ErrTxDecode, err.Error()) +} + +err = cdc.Unmarshal(raw.AuthInfoBytes, &authInfo) + if err != nil { + return nil, errorsmod.Wrap(sdkerrors.ErrTxDecode, err.Error()) +} + theTx := &tx.Tx{ + Body: &body, + AuthInfo: &authInfo, + Signatures: raw.Signatures, +} + +return &wrapper{ + tx: theTx, + bodyBz: raw.BodyBytes, + authInfoBz: raw.AuthInfoBytes, + txBodyHasUnknownNonCriticals: txBodyHasUnknownNonCriticals, + cdc: cdc, +}, nil +} +} + +// DefaultJSONTxDecoder returns a default protobuf JSON TxDecoder using the provided Marshaler. +func DefaultJSONTxDecoder(cdc codec.Codec) + +sdk.TxDecoder { + return func(txBytes []byte) (sdk.Tx, error) { + var theTx tx.Tx + err := cdc.UnmarshalJSON(txBytes, &theTx) + if err != nil { + return nil, errorsmod.Wrap(sdkerrors.ErrTxDecode, err.Error()) +} + +return &wrapper{ + tx: &theTx, + cdc: cdc, +}, nil +} +} + +// rejectNonADR027TxRaw rejects txBytes that do not follow ADR-027. This is NOT +// a generic ADR-027 checker, it only applies decoding TxRaw. Specifically, it +// only checks that: +// - field numbers are in ascending order (1, 2, and potentially multiple 3s), +// - and varints are as short as possible. +// All other ADR-027 edge cases (e.g. default values) + +are not applicable with +// TxRaw. +func rejectNonADR027TxRaw(txBytes []byte) + +error { + // Make sure all fields are ordered in ascending order with this variable. + prevTagNum := protowire.Number(0) + for len(txBytes) > 0 { + tagNum, wireType, m := protowire.ConsumeTag(txBytes) + if m < 0 { + return fmt.Errorf("invalid length; %w", protowire.ParseError(m)) +} + // TxRaw only has bytes fields. + if wireType != protowire.BytesType { + return fmt.Errorf("expected %d wire type, got %d", protowire.BytesType, wireType) +} + // Make sure fields are ordered in ascending order. + if tagNum < prevTagNum { + return fmt.Errorf("txRaw must follow ADR-027, got tagNum %d after tagNum %d", tagNum, prevTagNum) +} + +prevTagNum = tagNum + + // All 3 fields of TxRaw have wireType == 2, so their next component + // is a varint, so we can safely call ConsumeVarint here. + // Byte structure: + // Inner fields are verified in `DefaultTxDecoder` + lengthPrefix, m := protowire.ConsumeVarint(txBytes[m:]) + if m < 0 { + return fmt.Errorf("invalid length; %w", protowire.ParseError(m)) +} + // We make sure that this varint is as short as possible. + n := varintMinLength(lengthPrefix) + if n != m { + return fmt.Errorf("length prefix varint for tagNum %d is not as short as possible, read %d, only need %d", tagNum, m, n) +} + + // Skip over the bytes that store fieldNumber and wireType bytes. + _, _, m = protowire.ConsumeField(txBytes) + if m < 0 { + return fmt.Errorf("invalid length; %w", protowire.ParseError(m)) +} + +txBytes = txBytes[m:] +} + +return nil +} + +// varintMinLength returns the minimum number of bytes necessary to encode an +// uint using varint encoding. +func varintMinLength(n uint64) + +int { + switch { + // Note: 1< valz[j].ConsensusPower(r) +} + +func (valz ValidatorsByVotingPower) + +Swap(i, j int) { + valz[i], valz[j] = valz[j], valz[i] +} + +// UnpackInterfaces implements UnpackInterfacesMessage.UnpackInterfaces +func (v Validators) + +UnpackInterfaces(c codectypes.AnyUnpacker) + +error { + for i := range v.Validators { + if err := v.Validators[i].UnpackInterfaces(c); err != nil { + return err +} + +} + +return nil +} + +// return the redelegation +func MustMarshalValidator(cdc codec.BinaryCodec, validator *Validator) []byte { + return cdc.MustMarshal(validator) +} + +// unmarshal a redelegation from a store value +func MustUnmarshalValidator(cdc codec.BinaryCodec, value []byte) + +Validator { + validator, err := UnmarshalValidator(cdc, value) + if err != nil { + panic(err) +} + +return validator +} + +// unmarshal a redelegation from a store value +func UnmarshalValidator(cdc codec.BinaryCodec, value []byte) (v Validator, err error) { + err = cdc.Unmarshal(value, &v) + +return v, err +} + +// IsBonded checks if the validator status equals Bonded +func (v Validator) + +IsBonded() + +bool { + return v.GetStatus() == Bonded +} + +// IsUnbonded checks if the validator status equals Unbonded +func (v Validator) + +IsUnbonded() + +bool { + return v.GetStatus() == Unbonded +} + +// IsUnbonding checks if the validator status equals Unbonding +func (v Validator) + +IsUnbonding() + +bool { + return v.GetStatus() == Unbonding +} + +// constant used in flags to indicate that description field should not be updated +const DoNotModifyDesc = "[do-not-modify]" + +func NewDescription(moniker, identity, website, securityContact, details string) + +Description { + return Description{ + Moniker: moniker, + Identity: identity, + Website: website, + SecurityContact: securityContact, + Details: details, +} +} + +// UpdateDescription updates the fields of a given description. An error is +// returned if the resulting description contains an invalid length. +func (d Description) + +UpdateDescription(d2 Description) (Description, error) { + if d2.Moniker == DoNotModifyDesc { + d2.Moniker = d.Moniker +} + if d2.Identity == DoNotModifyDesc { + d2.Identity = d.Identity +} + if d2.Website == DoNotModifyDesc { + d2.Website = d.Website +} + if d2.SecurityContact == DoNotModifyDesc { + d2.SecurityContact = d.SecurityContact +} + if d2.Details == DoNotModifyDesc { + d2.Details = d.Details +} + +return NewDescription( + d2.Moniker, + d2.Identity, + d2.Website, + d2.SecurityContact, + d2.Details, + ).EnsureLength() +} + +// EnsureLength ensures the length of a validator's description. +func (d Description) + +EnsureLength() (Description, error) { + if len(d.Moniker) > MaxMonikerLength { + return d, errors.Wrapf(sdkerrors.ErrInvalidRequest, "invalid moniker length; got: %d, max: %d", len(d.Moniker), MaxMonikerLength) +} + if len(d.Identity) > MaxIdentityLength { + return d, errors.Wrapf(sdkerrors.ErrInvalidRequest, "invalid identity length; got: %d, max: %d", len(d.Identity), MaxIdentityLength) +} + if len(d.Website) > MaxWebsiteLength { + return d, errors.Wrapf(sdkerrors.ErrInvalidRequest, "invalid website length; got: %d, max: %d", len(d.Website), MaxWebsiteLength) +} + if len(d.SecurityContact) > MaxSecurityContactLength { + return d, errors.Wrapf(sdkerrors.ErrInvalidRequest, "invalid security contact length; got: %d, max: %d", len(d.SecurityContact), MaxSecurityContactLength) +} + if len(d.Details) > MaxDetailsLength { + return d, errors.Wrapf(sdkerrors.ErrInvalidRequest, "invalid details length; got: %d, max: %d", len(d.Details), MaxDetailsLength) +} + +return d, nil +} + +// ABCIValidatorUpdate returns an abci.ValidatorUpdate from a staking validator type +// with the full validator power +func (v Validator) + +ABCIValidatorUpdate(r math.Int) + +abci.ValidatorUpdate { + tmProtoPk, err := v.TmConsPublicKey() + if err != nil { + panic(err) +} + +return abci.ValidatorUpdate{ + PubKey: tmProtoPk, + Power: v.ConsensusPower(r), +} +} + +// ABCIValidatorUpdateZero returns an abci.ValidatorUpdate from a staking validator type +// with zero power used for validator updates. +func (v Validator) + +ABCIValidatorUpdateZero() + +abci.ValidatorUpdate { + tmProtoPk, err := v.TmConsPublicKey() + if err != nil { + panic(err) +} + +return abci.ValidatorUpdate{ + PubKey: tmProtoPk, + Power: 0, +} +} + +// SetInitialCommission attempts to set a validator's initial commission. An +// error is returned if the commission is invalid. +func (v Validator) + +SetInitialCommission(commission Commission) (Validator, error) { + if err := commission.Validate(); err != nil { + return v, err +} + +v.Commission = commission + + return v, nil +} + +// In some situations, the exchange rate becomes invalid, e.g. if +// Validator loses all tokens due to slashing. In this case, +// make all future delegations invalid. +func (v Validator) + +InvalidExRate() + +bool { + return v.Tokens.IsZero() && v.DelegatorShares.IsPositive() +} + +// calculate the token worth of provided shares +func (v Validator) + +TokensFromShares(shares math.LegacyDec) + +math.LegacyDec { + return (shares.MulInt(v.Tokens)).Quo(v.DelegatorShares) +} + +// calculate the token worth of provided shares, truncated +func (v Validator) + +TokensFromSharesTruncated(shares math.LegacyDec) + +math.LegacyDec { + return (shares.MulInt(v.Tokens)).QuoTruncate(v.DelegatorShares) +} + +// TokensFromSharesRoundUp returns the token worth of provided shares, rounded +// up. +func (v Validator) + +TokensFromSharesRoundUp(shares math.LegacyDec) + +math.LegacyDec { + return (shares.MulInt(v.Tokens)).QuoRoundUp(v.DelegatorShares) +} + +// SharesFromTokens returns the shares of a delegation given a bond amount. It +// returns an error if the validator has no tokens. +func (v Validator) + +SharesFromTokens(amt math.Int) (math.LegacyDec, error) { + if v.Tokens.IsZero() { + return math.LegacyZeroDec(), ErrInsufficientShares +} + +return v.GetDelegatorShares().MulInt(amt).QuoInt(v.GetTokens()), nil +} + +// SharesFromTokensTruncated returns the truncated shares of a delegation given +// a bond amount. It returns an error if the validator has no tokens. +func (v Validator) + +SharesFromTokensTruncated(amt math.Int) (math.LegacyDec, error) { + if v.Tokens.IsZero() { + return math.LegacyZeroDec(), ErrInsufficientShares +} + +return v.GetDelegatorShares().MulInt(amt).QuoTruncate(math.LegacyNewDecFromInt(v.GetTokens())), nil +} + +// get the bonded tokens which the validator holds +func (v Validator) + +BondedTokens() + +math.Int { + if v.IsBonded() { + return v.Tokens +} + +return math.ZeroInt() +} + +// ConsensusPower gets the consensus-engine power. Aa reduction of 10^6 from +// validator tokens is applied +func (v Validator) + +ConsensusPower(r math.Int) + +int64 { + if v.IsBonded() { + return v.PotentialConsensusPower(r) +} + +return 0 +} + +// PotentialConsensusPower returns the potential consensus-engine power. +func (v Validator) + +PotentialConsensusPower(r math.Int) + +int64 { + return sdk.TokensToConsensusPower(v.Tokens, r) +} + +// UpdateStatus updates the location of the shares within a validator +// to reflect the new status +func (v Validator) + +UpdateStatus(newStatus BondStatus) + +Validator { + v.Status = newStatus + return v +} + +// AddTokensFromDel adds tokens to a validator +func (v Validator) + +AddTokensFromDel(amount math.Int) (Validator, math.LegacyDec) { + // calculate the shares to issue + var issuedShares math.LegacyDec + if v.DelegatorShares.IsZero() { + // the first delegation to a validator sets the exchange rate to one + issuedShares = math.LegacyNewDecFromInt(amount) +} + +else { + shares, err := v.SharesFromTokens(amount) + if err != nil { + panic(err) +} + +issuedShares = shares +} + +v.Tokens = v.Tokens.Add(amount) + +v.DelegatorShares = v.DelegatorShares.Add(issuedShares) + +return v, issuedShares +} + +// RemoveTokens removes tokens from a validator +func (v Validator) + +RemoveTokens(tokens math.Int) + +Validator { + if tokens.IsNegative() { + panic(fmt.Sprintf("should not happen: trying to remove negative tokens %v", tokens)) +} + if v.Tokens.LT(tokens) { + panic(fmt.Sprintf("should not happen: only have %v tokens, trying to remove %v", v.Tokens, tokens)) +} + +v.Tokens = v.Tokens.Sub(tokens) + +return v +} + +// RemoveDelShares removes delegator shares from a validator. +// NOTE: because token fractions are left in the valiadator, +// +// the exchange rate of future shares of this validator can increase. +func (v Validator) + +RemoveDelShares(delShares math.LegacyDec) (Validator, math.Int) { + remainingShares := v.DelegatorShares.Sub(delShares) + +var issuedTokens math.Int + if remainingShares.IsZero() { + // last delegation share gets any trimmings + issuedTokens = v.Tokens + v.Tokens = math.ZeroInt() +} + +else { + // leave excess tokens in the validator + // however fully use all the delegator shares + issuedTokens = v.TokensFromShares(delShares).TruncateInt() + +v.Tokens = v.Tokens.Sub(issuedTokens) + if v.Tokens.IsNegative() { + panic("attempting to remove more tokens than available in validator") +} + +} + +v.DelegatorShares = remainingShares + + return v, issuedTokens +} + +// MinEqual defines a more minimum set of equality conditions when comparing two +// validators. +func (v *Validator) + +MinEqual(other *Validator) + +bool { + return v.OperatorAddress == other.OperatorAddress && + v.Status == other.Status && + v.Tokens.Equal(other.Tokens) && + v.DelegatorShares.Equal(other.DelegatorShares) && + v.Description.Equal(other.Description) && + v.Commission.Equal(other.Commission) && + v.Jailed == other.Jailed && + v.MinSelfDelegation.Equal(other.MinSelfDelegation) && + v.ConsensusPubkey.Equal(other.ConsensusPubkey) +} + +// Equal checks if the receiver equals the parameter +func (v *Validator) + +Equal(v2 *Validator) + +bool { + return v.MinEqual(v2) && + v.UnbondingHeight == v2.UnbondingHeight && + v.UnbondingTime.Equal(v2.UnbondingTime) +} + +func (v Validator) + +IsJailed() + +bool { + return v.Jailed +} + +func (v Validator) + +GetMoniker() + +string { + return v.Description.Moniker +} + +func (v Validator) + +GetStatus() + +BondStatus { + return v.Status +} + +func (v Validator) + +GetOperator() + +string { + return v.OperatorAddress +} + +// ConsPubKey returns the validator PubKey as a cryptotypes.PubKey. +func (v Validator) + +ConsPubKey() (cryptotypes.PubKey, error) { + pk, ok := v.ConsensusPubkey.GetCachedValue().(cryptotypes.PubKey) + if !ok { + return nil, errors.Wrapf(sdkerrors.ErrInvalidType, "expecting cryptotypes.PubKey, got %T", pk) +} + +return pk, nil +} + +// Deprecated: use CmtConsPublicKey instead +func (v Validator) + +TmConsPublicKey() (cmtprotocrypto.PublicKey, error) { + return v.CmtConsPublicKey() +} + +// CmtConsPublicKey casts Validator.ConsensusPubkey to cmtprotocrypto.PubKey. +func (v Validator) + +CmtConsPublicKey() (cmtprotocrypto.PublicKey, error) { + pk, err := v.ConsPubKey() + if err != nil { + return cmtprotocrypto.PublicKey{ +}, err +} + +tmPk, err := cryptocodec.ToCmtProtoPublicKey(pk) + if err != nil { + return cmtprotocrypto.PublicKey{ +}, err +} + +return tmPk, nil +} + +// GetConsAddr extracts Consensus key address +func (v Validator) + +GetConsAddr() ([]byte, error) { + pk, ok := v.ConsensusPubkey.GetCachedValue().(cryptotypes.PubKey) + if !ok { + return nil, errors.Wrapf(sdkerrors.ErrInvalidType, "expecting cryptotypes.PubKey, got %T", pk) +} + +return pk.Address().Bytes(), nil +} + +func (v Validator) + +GetTokens() + +math.Int { + return v.Tokens +} + +func (v Validator) + +GetBondedTokens() + +math.Int { + return v.BondedTokens() +} + +func (v Validator) + +GetConsensusPower(r math.Int) + +int64 { + return v.ConsensusPower(r) +} + +func (v Validator) + +GetCommission() + +math.LegacyDec { + return v.Commission.Rate +} + +func (v Validator) + +GetMinSelfDelegation() + +math.Int { + return v.MinSelfDelegation +} + +func (v Validator) + +GetDelegatorShares() + +math.LegacyDec { + return v.DelegatorShares +} + +// UnpackInterfaces implements UnpackInterfacesMessage.UnpackInterfaces +func (v Validator) + +UnpackInterfaces(unpacker codectypes.AnyUnpacker) + +error { + var pk cryptotypes.PubKey + return unpacker.UnpackAny(v.ConsensusPubkey, &pk) +} +``` + +#### `Any`'s TypeURL + +When packing a protobuf message inside an `Any`, the message's type is uniquely defined by its type URL, which is the message's fully qualified name prefixed by a `/` (slash) character. In some implementations of `Any`, like the gogoproto one, there's generally [a resolvable prefix, e.g. `type.googleapis.com`](https://github.com/gogo/protobuf/blob/b03c65ea87cdc3521ede29f62fe3ce239267c1bc/protobuf/google/protobuf/any.proto#L87-L91). However, in the Cosmos SDK, we made the decision to not include such prefix, to have shorter type URLs. The Cosmos SDK's own `Any` implementation can be found in `github.com/cosmos/cosmos-sdk/codec/types`. + +The Cosmos SDK is also switching away from gogoproto to the official `google.golang.org/protobuf` (known as the Protobuf API v2). Its default `Any` implementation also contains the [`type.googleapis.com`](https://github.com/protocolbuffers/protobuf-go/blob/v1.28.1/types/known/anypb/any.pb.go#L266) prefix. To maintain compatibility with the SDK, the following methods from `"google.golang.org/protobuf/types/known/anypb"` should not be used: + +* `anypb.New` +* `anypb.MarshalFrom` +* `anypb.Any#MarshalFrom` + +Instead, the Cosmos SDK provides helper functions in `"github.com/cosmos/cosmos-proto/anyutil"`, which create an official `anypb.Any` without inserting the prefixes: + +* `anyutil.New` +* `anyutil.MarshalFrom` + +For example, to pack a `sdk.Msg` called `internalMsg`, use: + +```diff +import ( +- "google.golang.org/protobuf/types/known/anypb" ++ "github.com/cosmos/cosmos-proto/anyutil" +) + +- anyMsg, err := anypb.New(internalMsg.Message().Interface()) ++ anyMsg, err := anyutil.New(internalMsg.Message().Interface()) + +- fmt.Println(anyMsg.TypeURL) // type.googleapis.com/cosmos.bank.v1beta1.MsgSend ++ fmt.Println(anyMsg.TypeURL) // /cosmos.bank.v1beta1.MsgSend +``` + +## FAQ + +### How to create modules using protobuf encoding + +#### Defining module types + +Protobuf types can be defined to encode: + +* state +* [`Msg`s](/docs/sdk/vnext/build/building-modules/messages-and-queries#messages) +* [Query services](/docs/sdk/vnext/build/building-modules/query-services) +* [genesis](/docs/sdk/vnext/build/building-modules/genesis) + +#### Naming and conventions + +We encourage developers to follow industry guidelines: [Protocol Buffers style guide](https://developers.google.com/protocol-buffers/docs/style) +and [Buf](https://buf.build/docs/style-guide), see more details in [ADR 023](https://github.com/cosmos/cosmos-sdk/blob/release/v0.53.x/docs/architecture/adr-023-protobuf-naming.md) + +### How to update modules to protobuf encoding + +If modules do not contain any interfaces (e.g. `Account` or `Content`), then they +may simply migrate any existing types that +are encoded and persisted via their concrete Amino codec to Protobuf (see 1. for further guidelines) and accept a `Marshaler` as the codec which is implemented via the `ProtoCodec` +without any further customization. + +However, if a module type composes an interface, it must wrap it in the `sdk.Any` (from `/types` package) type. To do that, a module-level .proto file must use [`google.protobuf.Any`](https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/any.proto) for respective message type interface types. + +For example, in the `x/evidence` module defines an `Evidence` interface, which is used by the `MsgSubmitEvidence`. The structure definition must use `sdk.Any` to wrap the evidence file. In the proto file we define it as follows: + +```protobuf +// proto/cosmos/evidence/v1beta1/tx.proto + +message MsgSubmitEvidence { + string submitter = 1; + google.protobuf.Any evidence = 2 [(cosmos_proto.accepts_interface) = "cosmos.evidence.v1beta1.Evidence"]; +} +``` + +The Cosmos SDK `codec.Codec` interface provides support methods `MarshalInterface` and `UnmarshalInterface` for easy encoding of state to `Any`. + +Module should register interfaces using `InterfaceRegistry` which provides a mechanism for registering interfaces: `RegisterInterface(protoName string, iface interface{}, impls ...proto.Message)` and implementations: `RegisterImplementations(iface interface{}, impls ...proto.Message)` that can be safely unpacked from Any, similarly to type registration with Amino: + +```go expandable +package types + +import ( + + "errors" + "fmt" + "reflect" + "github.com/cosmos/gogoproto/jsonpb" + "github.com/cosmos/gogoproto/proto" + "google.golang.org/protobuf/reflect/protodesc" + "google.golang.org/protobuf/reflect/protoreflect" + "cosmossdk.io/x/tx/signing" +) + +var ( + + // MaxUnpackAnySubCalls extension point that defines the maximum number of sub-calls allowed during the unpacking + // process of protobuf Any messages. + MaxUnpackAnySubCalls = 100 + + // MaxUnpackAnyRecursionDepth extension point that defines the maximum allowed recursion depth during protobuf Any + // message unpacking. + MaxUnpackAnyRecursionDepth = 10 +) + +// AnyUnpacker is an interface which allows safely unpacking types packed +// in Any's against a whitelist of registered types +type AnyUnpacker interface { + // UnpackAny unpacks the value in any to the interface pointer passed in as + // iface. Note that the type in any must have been registered in the + // underlying whitelist registry as a concrete type for that interface + // Ex: + // var msg sdk.Msg + // err := cdc.UnpackAny(any, &msg) + // ... + UnpackAny(any *Any, iface interface{ +}) + +error +} + +// InterfaceRegistry provides a mechanism for registering interfaces and +// implementations that can be safely unpacked from Any +type InterfaceRegistry interface { + AnyUnpacker + jsonpb.AnyResolver + + // RegisterInterface associates protoName as the public name for the + // interface passed in as iface. This is to be used primarily to create + // a public facing registry of interface implementations for clients. + // protoName should be a well-chosen public facing name that remains stable. + // RegisterInterface takes an optional list of impls to be registered + // as implementations of iface. + // + // Ex: + // registry.RegisterInterface("cosmos.base.v1beta1.Msg", (*sdk.Msg)(nil)) + +RegisterInterface(protoName string, iface interface{ +}, impls ...proto.Message) + + // RegisterImplementations registers impls as concrete implementations of + // the interface iface. + // + // Ex: + // registry.RegisterImplementations((*sdk.Msg)(nil), &MsgSend{ +}, &MsgMultiSend{ +}) + +RegisterImplementations(iface interface{ +}, impls ...proto.Message) + + // ListAllInterfaces list the type URLs of all registered interfaces. + ListAllInterfaces() []string + + // ListImplementations lists the valid type URLs for the given interface name that can be used + // for the provided interface type URL. + ListImplementations(ifaceTypeURL string) []string + + // EnsureRegistered ensures there is a registered interface for the given concrete type. + EnsureRegistered(iface interface{ +}) + +error + + protodesc.Resolver + + // RangeFiles iterates over all registered files and calls f on each one. This + // implements the part of protoregistry.Files that is needed for reflecting over + // the entire FileDescriptorSet. + RangeFiles(f func(protoreflect.FileDescriptor) + +bool) + +SigningContext() *signing.Context + + // mustEmbedInterfaceRegistry requires that all implementations of InterfaceRegistry embed an official implementation + // from this package. This allows new methods to be added to the InterfaceRegistry interface without breaking + // backwards compatibility. + mustEmbedInterfaceRegistry() +} + +// UnpackInterfacesMessage is meant to extend protobuf types (which implement +// proto.Message) + +to support a post-deserialization phase which unpacks +// types packed within Any's using the whitelist provided by AnyUnpacker +type UnpackInterfacesMessage interface { + // UnpackInterfaces is implemented in order to unpack values packed within + // Any's using the AnyUnpacker. It should generally be implemented as + // follows: + // func (s *MyStruct) + +UnpackInterfaces(unpacker AnyUnpacker) + +error { + // var x AnyInterface + // // where X is an Any field on MyStruct + // err := unpacker.UnpackAny(s.X, &x) + // if err != nil { + // return nil + // +} + // // where Y is a field on MyStruct that implements UnpackInterfacesMessage itself + // err = s.Y.UnpackInterfaces(unpacker) + // if err != nil { + // return nil + // +} + // return nil + // +} + +UnpackInterfaces(unpacker AnyUnpacker) + +error +} + +type interfaceRegistry struct { + signing.ProtoFileResolver + interfaceNames map[string]reflect.Type + interfaceImpls map[reflect.Type]interfaceMap + implInterfaces map[reflect.Type]reflect.Type + typeURLMap map[string]reflect.Type + signingCtx *signing.Context +} + +type interfaceMap = map[string]reflect.Type + +// NewInterfaceRegistry returns a new InterfaceRegistry +func NewInterfaceRegistry() + +InterfaceRegistry { + registry, err := NewInterfaceRegistryWithOptions(InterfaceRegistryOptions{ + ProtoFiles: proto.HybridResolver, + SigningOptions: signing.Options{ + AddressCodec: failingAddressCodec{ +}, + ValidatorAddressCodec: failingAddressCodec{ +}, +}, +}) + if err != nil { + panic(err) +} + +return registry +} + +// InterfaceRegistryOptions are options for creating a new InterfaceRegistry. +type InterfaceRegistryOptions struct { + // ProtoFiles is the set of files to use for the registry. It is required. + ProtoFiles signing.ProtoFileResolver + + // SigningOptions are the signing options to use for the registry. + SigningOptions signing.Options +} + +// NewInterfaceRegistryWithOptions returns a new InterfaceRegistry with the given options. +func NewInterfaceRegistryWithOptions(options InterfaceRegistryOptions) (InterfaceRegistry, error) { + if options.ProtoFiles == nil { + return nil, fmt.Errorf("proto files must be provided") +} + +options.SigningOptions.FileResolver = options.ProtoFiles + signingCtx, err := signing.NewContext(options.SigningOptions) + if err != nil { + return nil, err +} + +return &interfaceRegistry{ + interfaceNames: map[string]reflect.Type{ +}, + interfaceImpls: map[reflect.Type]interfaceMap{ +}, + implInterfaces: map[reflect.Type]reflect.Type{ +}, + typeURLMap: map[string]reflect.Type{ +}, + ProtoFileResolver: options.ProtoFiles, + signingCtx: signingCtx, +}, nil +} + +func (registry *interfaceRegistry) + +RegisterInterface(protoName string, iface interface{ +}, impls ...proto.Message) { + typ := reflect.TypeOf(iface) + if typ.Elem().Kind() != reflect.Interface { + panic(fmt.Errorf("%T is not an interface type", iface)) +} + +registry.interfaceNames[protoName] = typ + registry.RegisterImplementations(iface, impls...) +} + +// EnsureRegistered ensures there is a registered interface for the given concrete type. +// +// Returns an error if not, and nil if so. +func (registry *interfaceRegistry) + +EnsureRegistered(impl interface{ +}) + +error { + if reflect.ValueOf(impl).Kind() != reflect.Ptr { + return fmt.Errorf("%T is not a pointer", impl) +} + if _, found := registry.implInterfaces[reflect.TypeOf(impl)]; !found { + return fmt.Errorf("%T does not have a registered interface", impl) +} + +return nil +} + +// RegisterImplementations registers a concrete proto Message which implements +// the given interface. +// +// This function PANICs if different concrete types are registered under the +// same typeURL. +func (registry *interfaceRegistry) + +RegisterImplementations(iface interface{ +}, impls ...proto.Message) { + for _, impl := range impls { + typeURL := MsgTypeURL(impl) + +registry.registerImpl(iface, typeURL, impl) +} +} + +// RegisterCustomTypeURL registers a concrete type which implements the given +// interface under `typeURL`. +// +// This function PANICs if different concrete types are registered under the +// same typeURL. +func (registry *interfaceRegistry) + +RegisterCustomTypeURL(iface interface{ +}, typeURL string, impl proto.Message) { + registry.registerImpl(iface, typeURL, impl) +} + +// registerImpl registers a concrete type which implements the given +// interface under `typeURL`. +// +// This function PANICs if different concrete types are registered under the +// same typeURL. +func (registry *interfaceRegistry) + +registerImpl(iface interface{ +}, typeURL string, impl proto.Message) { + ityp := reflect.TypeOf(iface).Elem() + +imap, found := registry.interfaceImpls[ityp] + if !found { + imap = map[string]reflect.Type{ +} + +} + implType := reflect.TypeOf(impl) + if !implType.AssignableTo(ityp) { + panic(fmt.Errorf("type %T doesn't actually implement interface %+v", impl, ityp)) +} + + // Check if we already registered something under the given typeURL. It's + // okay to register the same concrete type again, but if we are registering + // a new concrete type under the same typeURL, then we throw an error (here, + // we panic). + foundImplType, found := imap[typeURL] + if found && foundImplType != implType { + panic( + fmt.Errorf( + "concrete type %s has already been registered under typeURL %s, cannot register %s under same typeURL. "+ + "This usually means that there are conflicting modules registering different concrete types "+ + "for a same interface implementation", + foundImplType, + typeURL, + implType, + ), + ) +} + +imap[typeURL] = implType + registry.typeURLMap[typeURL] = implType + registry.implInterfaces[implType] = ityp + registry.interfaceImpls[ityp] = imap +} + +func (registry *interfaceRegistry) + +ListAllInterfaces() []string { + interfaceNames := registry.interfaceNames + keys := make([]string, 0, len(interfaceNames)) + for key := range interfaceNames { + keys = append(keys, key) +} + +return keys +} + +func (registry *interfaceRegistry) + +ListImplementations(ifaceName string) []string { + typ, ok := registry.interfaceNames[ifaceName] + if !ok { + return []string{ +} + +} + +impls, ok := registry.interfaceImpls[typ.Elem()] + if !ok { + return []string{ +} + +} + keys := make([]string, 0, len(impls)) + for key := range impls { + keys = append(keys, key) +} + +return keys +} + +func (registry *interfaceRegistry) + +UnpackAny(any *Any, iface interface{ +}) + +error { + unpacker := &statefulUnpacker{ + registry: registry, + maxDepth: MaxUnpackAnyRecursionDepth, + maxCalls: &sharedCounter{ + count: MaxUnpackAnySubCalls +}, +} + +return unpacker.UnpackAny(any, iface) +} + +// sharedCounter is a type that encapsulates a counter value +type sharedCounter struct { + count int +} + +// statefulUnpacker is a struct that helps in deserializing and unpacking +// protobuf Any messages while maintaining certain stateful constraints. +type statefulUnpacker struct { + registry *interfaceRegistry + maxDepth int + maxCalls *sharedCounter +} + +// cloneForRecursion returns a new statefulUnpacker instance with maxDepth reduced by one, preserving the registry and maxCalls. +func (r statefulUnpacker) + +cloneForRecursion() *statefulUnpacker { + return &statefulUnpacker{ + registry: r.registry, + maxDepth: r.maxDepth - 1, + maxCalls: r.maxCalls, +} +} + +// UnpackAny deserializes a protobuf Any message into the provided interface, ensuring the interface is a pointer. +// It applies stateful constraints such as max depth and call limits, and unpacks interfaces if required. +func (r *statefulUnpacker) + +UnpackAny(any *Any, iface interface{ +}) + +error { + if r.maxDepth == 0 { + return errors.New("max depth exceeded") +} + if r.maxCalls.count == 0 { + return errors.New("call limit exceeded") +} + // here we gracefully handle the case in which `any` itself is `nil`, which may occur in message decoding + if any == nil { + return nil +} + if any.TypeUrl == "" { + // if TypeUrl is empty return nil because without it we can't actually unpack anything + return nil +} + +r.maxCalls.count-- + rv := reflect.ValueOf(iface) + if rv.Kind() != reflect.Ptr { + return fmt.Errorf("UnpackAny expects a pointer") +} + rt := rv.Elem().Type() + cachedValue := any.cachedValue + if cachedValue != nil { + if reflect.TypeOf(cachedValue).AssignableTo(rt) { + rv.Elem().Set(reflect.ValueOf(cachedValue)) + +return nil +} + +} + +imap, found := r.registry.interfaceImpls[rt] + if !found { + return fmt.Errorf("no registered implementations of type %+v", rt) +} + +typ, found := imap[any.TypeUrl] + if !found { + return fmt.Errorf("no concrete type registered for type URL %s against interface %T", any.TypeUrl, iface) +} + +msg, ok := reflect.New(typ.Elem()).Interface().(proto.Message) + if !ok { + return fmt.Errorf("can't proto unmarshal %T", msg) +} + err := proto.Unmarshal(any.Value, msg) + if err != nil { + return err +} + +err = UnpackInterfaces(msg, r.cloneForRecursion()) + if err != nil { + return err +} + +rv.Elem().Set(reflect.ValueOf(msg)) + +any.cachedValue = msg + + return nil +} + +// Resolve returns the proto message given its typeURL. It works with types +// registered with RegisterInterface/RegisterImplementations, as well as those +// registered with RegisterWithCustomTypeURL. +func (registry *interfaceRegistry) + +Resolve(typeURL string) (proto.Message, error) { + typ, found := registry.typeURLMap[typeURL] + if !found { + return nil, fmt.Errorf("unable to resolve type URL %s", typeURL) +} + +msg, ok := reflect.New(typ.Elem()).Interface().(proto.Message) + if !ok { + return nil, fmt.Errorf("can't resolve type URL %s", typeURL) +} + +return msg, nil +} + +func (registry *interfaceRegistry) + +SigningContext() *signing.Context { + return registry.signingCtx +} + +func (registry *interfaceRegistry) + +mustEmbedInterfaceRegistry() { +} + +// UnpackInterfaces is a convenience function that calls UnpackInterfaces +// on x if x implements UnpackInterfacesMessage +func UnpackInterfaces(x interface{ +}, unpacker AnyUnpacker) + +error { + if msg, ok := x.(UnpackInterfacesMessage); ok { + return msg.UnpackInterfaces(unpacker) +} + +return nil +} + +type failingAddressCodec struct{ +} + +func (f failingAddressCodec) + +StringToBytes(string) ([]byte, error) { + return nil, fmt.Errorf("InterfaceRegistry requires a proper address codec implementation to do address conversion") +} + +func (f failingAddressCodec) + +BytesToString([]byte) (string, error) { + return "", fmt.Errorf("InterfaceRegistry requires a proper address codec implementation to do address conversion") +} +``` + +In addition, an `UnpackInterfaces` phase should be introduced to deserialization to unpack interfaces before they're needed. Protobuf types that contain a protobuf `Any` either directly or via one of their members should implement the `UnpackInterfacesMessage` interface: + +```go +type UnpackInterfacesMessage interface { + UnpackInterfaces(InterfaceUnpacker) + +error +} +``` diff --git a/docs/sdk/next/learn/advanced/events.mdx b/docs/sdk/next/learn/advanced/events.mdx new file mode 100644 index 00000000..a511001b --- /dev/null +++ b/docs/sdk/next/learn/advanced/events.mdx @@ -0,0 +1,2335 @@ +--- +title: Events +--- + +**Synopsis** +`Event`s are objects that contain information about the execution of the application. They are mainly used by service providers like block explorers and wallet to track the execution of various messages and index transactions. + + + +**Pre-requisite Readings** + +* [Anatomy of a Cosmos SDK application](/docs/sdk/vnext/learn/beginner/app-anatomy) +* [CometBFT Documentation on Events](https://docs.cometbft.com/v0.37/spec/abci/abci++_basic_concepts#events) + + + +## Events + +Events are implemented in the Cosmos SDK as an alias of the ABCI `Event` type and +take the form of: `{eventType}.{attributeKey}={attributeValue}`. + +```protobuf +// Reference: https://github.com/cometbft/cometbft/blob/v0.37.0/proto/tendermint/abci/types.proto#L334-L343 +``` + +An Event contains: + +* A `type` to categorize the Event at a high-level; for example, the Cosmos SDK uses the `"message"` type to filter Events by `Msg`s. +* A list of `attributes` are key-value pairs that give more information about the categorized Event. For example, for the `"message"` type, we can filter Events by key-value pairs using `message.action={some_action}`, `message.module={some_module}` or `message.sender={some_sender}`. +* A `msg_index` to identify which messages relate to the same transaction + + +To parse the attribute values as strings, make sure to add `'` (single quotes) around each attribute value. + + +*Typed Events* are Protobuf-defined [messages](/docs/sdk/vnext/../architecture/adr-032-typed-events) used by the Cosmos SDK +for emitting and querying Events. They are defined in a `event.proto` file, on a **per-module basis** and are read as `proto.Message`. +*Legacy Events* are defined on a **per-module basis** in the module's `/types/events.go` file. +They are triggered from the module's Protobuf [`Msg` service](/docs/sdk/vnext/build/building-modules/msg-services) +by using the [`EventManager`](#eventmanager). + +In addition, each module documents its events under in the `Events` sections of its specs (x/`{moduleName}`/`README.md`). + +Lastly, Events are returned to the underlying consensus engine in the response of the following ABCI messages: + +* [`BeginBlock`](/docs/sdk/vnext/learn/advanced/baseapp#beginblock) +* [`EndBlock`](/docs/sdk/vnext/learn/advanced/baseapp#endblock) +* [`CheckTx`](/docs/sdk/vnext/learn/advanced/baseapp#checktx) +* [`Transaction Execution`](/docs/sdk/vnext/learn/advanced/baseapp#transactionexecution) + +### Examples + +The following examples show how to query Events using the Cosmos SDK. + +| Event | Description | +| ------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `tx.height=23` | Query all transactions at height 23 | +| `message.action='/cosmos.bank.v1beta1.Msg/Send'` | Query all transactions containing a x/bank `Send` [Service `Msg`](/docs/sdk/vnext/build/building-modules/msg-services). Note the `'`s around the value. | +| `message.module='bank'` | Query all transactions containing messages from the x/bank module. Note the `'`s around the value. | +| `create_validator.validator='cosmosval1...'` | x/staking-specific Event, see [x/staking SPEC](/docs/sdk/vnext/../../x/staking/README). | + +## EventManager + +In Cosmos SDK applications, Events are managed by an abstraction called the `EventManager`. +Internally, the `EventManager` tracks a list of Events for the entire execution flow of `FinalizeBlock` +(i.e. transaction execution, `BeginBlock`, `EndBlock`). + +```go expandable +package types + +import ( + + "encoding/json" + "fmt" + "maps" + "reflect" + "slices" + "strings" + + abci "github.com/cometbft/cometbft/abci/types" + "github.com/cosmos/gogoproto/jsonpb" + proto "github.com/cosmos/gogoproto/proto" + "github.com/cosmos/cosmos-sdk/codec" +) + +type EventManagerI interface { + Events() + +Events + ABCIEvents() []abci.Event + EmitTypedEvent(tev proto.Message) + +error + EmitTypedEvents(tevs ...proto.Message) + +error + EmitEvent(event Event) + +EmitEvents(events Events) +} + +// ---------------------------------------------------------------------------- +// Event Manager +// ---------------------------------------------------------------------------- + +var _ EventManagerI = (*EventManager)(nil) + +// EventManager implements a simple wrapper around a slice of Event objects that +// can be emitted from. +type EventManager struct { + events Events +} + +func NewEventManager() *EventManager { + return &EventManager{ + EmptyEvents() +} +} + +func (em *EventManager) + +Events() + +Events { + return em.events +} + +// EmitEvent stores a single Event object. +// Deprecated: Use EmitTypedEvent +func (em *EventManager) + +EmitEvent(event Event) { + em.events = em.events.AppendEvent(event) +} + +// EmitEvents stores a series of Event objects. +// Deprecated: Use EmitTypedEvents +func (em *EventManager) + +EmitEvents(events Events) { + em.events = em.events.AppendEvents(events) +} + +// ABCIEvents returns all stored Event objects as abci.Event objects. +func (em EventManager) + +ABCIEvents() []abci.Event { + return em.events.ToABCIEvents() +} + +// EmitTypedEvent takes typed event and emits converting it into Event +func (em *EventManager) + +EmitTypedEvent(tev proto.Message) + +error { + event, err := TypedEventToEvent(tev) + if err != nil { + return err +} + +em.EmitEvent(event) + +return nil +} + +// EmitTypedEvents takes series of typed events and emit +func (em *EventManager) + +EmitTypedEvents(tevs ...proto.Message) + +error { + events := make(Events, len(tevs)) + for i, tev := range tevs { + res, err := TypedEventToEvent(tev) + if err != nil { + return err +} + +events[i] = res +} + +em.EmitEvents(events) + +return nil +} + +// TypedEventToEvent takes typed event and converts to Event object +func TypedEventToEvent(tev proto.Message) (Event, error) { + evtType := proto.MessageName(tev) + +evtJSON, err := codec.ProtoMarshalJSON(tev, nil) + if err != nil { + return Event{ +}, err +} + +var attrMap map[string]json.RawMessage + err = json.Unmarshal(evtJSON, &attrMap) + if err != nil { + return Event{ +}, err +} + + // sort the keys to ensure the order is always the same + keys := slices.Sorted(maps.Keys(attrMap)) + attrs := make([]abci.EventAttribute, 0, len(attrMap)) + for _, k := range keys { + v := attrMap[k] + attrs = append(attrs, abci.EventAttribute{ + Key: k, + Value: string(v), +}) +} + +return Event{ + Type: evtType, + Attributes: attrs, +}, nil +} + +// ParseTypedEvent converts abci.Event back to a typed event. +func ParseTypedEvent(event abci.Event) (proto.Message, error) { + concreteGoType := proto.MessageType(event.Type) + if concreteGoType == nil { + return nil, fmt.Errorf("failed to retrieve the message of type %q", event.Type) +} + +var value reflect.Value + if concreteGoType.Kind() == reflect.Ptr { + value = reflect.New(concreteGoType.Elem()) +} + +else { + value = reflect.Zero(concreteGoType) +} + +protoMsg, ok := value.Interface().(proto.Message) + if !ok { + return nil, fmt.Errorf("%q does not implement proto.Message", event.Type) +} + attrMap := make(map[string]json.RawMessage) + for _, attr := range event.Attributes { + attrMap[attr.Key] = json.RawMessage(attr.Value) +} + +attrBytes, err := json.Marshal(attrMap) + if err != nil { + return nil, err +} + unmarshaler := jsonpb.Unmarshaler{ + AllowUnknownFields: true +} + if err := unmarshaler.Unmarshal(strings.NewReader(string(attrBytes)), protoMsg); err != nil { + return nil, err +} + +return protoMsg, nil +} + +// ---------------------------------------------------------------------------- +// Events +// ---------------------------------------------------------------------------- + +type ( + // Event is a type alias for an ABCI Event + Event abci.Event + + // Events defines a slice of Event objects + Events []Event +) + +// NewEvent creates a new Event object with a given type and slice of one or more +// attributes. +func NewEvent(ty string, attrs ...Attribute) + +Event { + e := Event{ + Type: ty +} + for _, attr := range attrs { + e.Attributes = append(e.Attributes, attr.ToKVPair()) +} + +return e +} + +// NewAttribute returns a new key/value Attribute object. +func NewAttribute(k, v string) + +Attribute { + return Attribute{ + k, v +} +} + +// EmptyEvents returns an empty slice of events. +func EmptyEvents() + +Events { + return make(Events, 0) +} + +func (a Attribute) + +String() + +string { + return fmt.Sprintf("%s: %s", a.Key, a.Value) +} + +// ToKVPair converts an Attribute object into a CometBFT key/value pair. +func (a Attribute) + +ToKVPair() + +abci.EventAttribute { + return abci.EventAttribute{ + Key: a.Key, + Value: a.Value +} +} + +// AppendAttributes adds one or more attributes to an Event. +func (e Event) + +AppendAttributes(attrs ...Attribute) + +Event { + for _, attr := range attrs { + e.Attributes = append(e.Attributes, attr.ToKVPair()) +} + +return e +} + +// GetAttribute returns an attribute for a given key present in an event. +// If the key is not found, the boolean value will be false. +func (e Event) + +GetAttribute(key string) (Attribute, bool) { + for _, attr := range e.Attributes { + if attr.Key == key { + return Attribute{ + Key: attr.Key, + Value: attr.Value +}, true +} + +} + +return Attribute{ +}, false +} + +// AppendEvent adds an Event to a slice of events. +func (e Events) + +AppendEvent(event Event) + +Events { + return append(e, event) +} + +// AppendEvents adds a slice of Event objects to an exist slice of Event objects. +func (e Events) + +AppendEvents(events Events) + +Events { + return append(e, events...) +} + +// ToABCIEvents converts a slice of Event objects to a slice of abci.Event +// objects. +func (e Events) + +ToABCIEvents() []abci.Event { + res := make([]abci.Event, len(e)) + for i, ev := range e { + res[i] = abci.Event{ + Type: ev.Type, + Attributes: ev.Attributes +} + +} + +return res +} + +// GetAttributes returns all attributes matching a given key present in events. +// If the key is not found, the boolean value will be false. +func (e Events) + +GetAttributes(key string) ([]Attribute, bool) { + attrs := make([]Attribute, 0) + for _, event := range e { + if attr, found := event.GetAttribute(key); found { + attrs = append(attrs, attr) +} + +} + +return attrs, len(attrs) > 0 +} + +// Common event types and attribute keys +const ( + EventTypeTx = "tx" + + AttributeKeyAccountSequence = "acc_seq" + AttributeKeySignature = "signature" + AttributeKeyFee = "fee" + AttributeKeyFeePayer = "fee_payer" + + EventTypeMessage = "message" + + AttributeKeyAction = "action" + AttributeKeyModule = "module" + AttributeKeySender = "sender" + AttributeKeyAmount = "amount" +) + +type ( + // StringAttributes defines a slice of StringEvents objects. + StringEvents []StringEvent +) + +func (se StringEvents) + +String() + +string { + var sb strings.Builder + for _, e := range se { + fmt.Fprintf(&sb, "\t\t- %s\n", e.Type) + for _, attr := range e.Attributes { + fmt.Fprintf(&sb, "\t\t\t- %s\n", attr) +} + +} + +return strings.TrimRight(sb.String(), "\n") +} + +// StringifyEvent converts an Event object to a StringEvent object. +func StringifyEvent(e abci.Event) + +StringEvent { + res := StringEvent{ + Type: e.Type +} + for _, attr := range e.Attributes { + res.Attributes = append( + res.Attributes, + Attribute{ + Key: attr.Key, + Value: attr.Value +}, + ) +} + +return res +} + +// StringifyEvents converts a slice of Event objects into a slice of StringEvent +// objects. +func StringifyEvents(events []abci.Event) + +StringEvents { + res := make(StringEvents, 0, len(events)) + for _, e := range events { + res = append(res, StringifyEvent(e)) +} + +return res +} + +// MarkEventsToIndex returns the set of ABCI events, where each event's attribute +// has it's index value marked based on the provided set of events to index. +func MarkEventsToIndex(events []abci.Event, indexSet map[string]struct{ +}) []abci.Event { + indexAll := len(indexSet) == 0 + updatedEvents := make([]abci.Event, len(events)) + for i, e := range events { + updatedEvent := abci.Event{ + Type: e.Type, + Attributes: make([]abci.EventAttribute, len(e.Attributes)), +} + for j, attr := range e.Attributes { + _, index := indexSet[fmt.Sprintf("%s.%s", e.Type, attr.Key)] + updatedAttr := abci.EventAttribute{ + Key: attr.Key, + Value: attr.Value, + Index: index || indexAll, +} + +updatedEvent.Attributes[j] = updatedAttr +} + +updatedEvents[i] = updatedEvent +} + +return updatedEvents +} +``` + +The `EventManager` comes with a set of useful methods to manage Events. The method +that is used most by module and application developers is `EmitTypedEvent` or `EmitEvent` that tracks +an Event in the `EventManager`. + +```go expandable +package types + +import ( + + "encoding/json" + "fmt" + "maps" + "reflect" + "slices" + "strings" + + abci "github.com/cometbft/cometbft/abci/types" + "github.com/cosmos/gogoproto/jsonpb" + proto "github.com/cosmos/gogoproto/proto" + "github.com/cosmos/cosmos-sdk/codec" +) + +type EventManagerI interface { + Events() + +Events + ABCIEvents() []abci.Event + EmitTypedEvent(tev proto.Message) + +error + EmitTypedEvents(tevs ...proto.Message) + +error + EmitEvent(event Event) + +EmitEvents(events Events) +} + +// ---------------------------------------------------------------------------- +// Event Manager +// ---------------------------------------------------------------------------- + +var _ EventManagerI = (*EventManager)(nil) + +// EventManager implements a simple wrapper around a slice of Event objects that +// can be emitted from. +type EventManager struct { + events Events +} + +func NewEventManager() *EventManager { + return &EventManager{ + EmptyEvents() +} +} + +func (em *EventManager) + +Events() + +Events { + return em.events +} + +// EmitEvent stores a single Event object. +// Deprecated: Use EmitTypedEvent +func (em *EventManager) + +EmitEvent(event Event) { + em.events = em.events.AppendEvent(event) +} + +// EmitEvents stores a series of Event objects. +// Deprecated: Use EmitTypedEvents +func (em *EventManager) + +EmitEvents(events Events) { + em.events = em.events.AppendEvents(events) +} + +// ABCIEvents returns all stored Event objects as abci.Event objects. +func (em EventManager) + +ABCIEvents() []abci.Event { + return em.events.ToABCIEvents() +} + +// EmitTypedEvent takes typed event and emits converting it into Event +func (em *EventManager) + +EmitTypedEvent(tev proto.Message) + +error { + event, err := TypedEventToEvent(tev) + if err != nil { + return err +} + +em.EmitEvent(event) + +return nil +} + +// EmitTypedEvents takes series of typed events and emit +func (em *EventManager) + +EmitTypedEvents(tevs ...proto.Message) + +error { + events := make(Events, len(tevs)) + for i, tev := range tevs { + res, err := TypedEventToEvent(tev) + if err != nil { + return err +} + +events[i] = res +} + +em.EmitEvents(events) + +return nil +} + +// TypedEventToEvent takes typed event and converts to Event object +func TypedEventToEvent(tev proto.Message) (Event, error) { + evtType := proto.MessageName(tev) + +evtJSON, err := codec.ProtoMarshalJSON(tev, nil) + if err != nil { + return Event{ +}, err +} + +var attrMap map[string]json.RawMessage + err = json.Unmarshal(evtJSON, &attrMap) + if err != nil { + return Event{ +}, err +} + + // sort the keys to ensure the order is always the same + keys := slices.Sorted(maps.Keys(attrMap)) + attrs := make([]abci.EventAttribute, 0, len(attrMap)) + for _, k := range keys { + v := attrMap[k] + attrs = append(attrs, abci.EventAttribute{ + Key: k, + Value: string(v), +}) +} + +return Event{ + Type: evtType, + Attributes: attrs, +}, nil +} + +// ParseTypedEvent converts abci.Event back to a typed event. +func ParseTypedEvent(event abci.Event) (proto.Message, error) { + concreteGoType := proto.MessageType(event.Type) + if concreteGoType == nil { + return nil, fmt.Errorf("failed to retrieve the message of type %q", event.Type) +} + +var value reflect.Value + if concreteGoType.Kind() == reflect.Ptr { + value = reflect.New(concreteGoType.Elem()) +} + +else { + value = reflect.Zero(concreteGoType) +} + +protoMsg, ok := value.Interface().(proto.Message) + if !ok { + return nil, fmt.Errorf("%q does not implement proto.Message", event.Type) +} + attrMap := make(map[string]json.RawMessage) + for _, attr := range event.Attributes { + attrMap[attr.Key] = json.RawMessage(attr.Value) +} + +attrBytes, err := json.Marshal(attrMap) + if err != nil { + return nil, err +} + unmarshaler := jsonpb.Unmarshaler{ + AllowUnknownFields: true +} + if err := unmarshaler.Unmarshal(strings.NewReader(string(attrBytes)), protoMsg); err != nil { + return nil, err +} + +return protoMsg, nil +} + +// ---------------------------------------------------------------------------- +// Events +// ---------------------------------------------------------------------------- + +type ( + // Event is a type alias for an ABCI Event + Event abci.Event + + // Events defines a slice of Event objects + Events []Event +) + +// NewEvent creates a new Event object with a given type and slice of one or more +// attributes. +func NewEvent(ty string, attrs ...Attribute) + +Event { + e := Event{ + Type: ty +} + for _, attr := range attrs { + e.Attributes = append(e.Attributes, attr.ToKVPair()) +} + +return e +} + +// NewAttribute returns a new key/value Attribute object. +func NewAttribute(k, v string) + +Attribute { + return Attribute{ + k, v +} +} + +// EmptyEvents returns an empty slice of events. +func EmptyEvents() + +Events { + return make(Events, 0) +} + +func (a Attribute) + +String() + +string { + return fmt.Sprintf("%s: %s", a.Key, a.Value) +} + +// ToKVPair converts an Attribute object into a CometBFT key/value pair. +func (a Attribute) + +ToKVPair() + +abci.EventAttribute { + return abci.EventAttribute{ + Key: a.Key, + Value: a.Value +} +} + +// AppendAttributes adds one or more attributes to an Event. +func (e Event) + +AppendAttributes(attrs ...Attribute) + +Event { + for _, attr := range attrs { + e.Attributes = append(e.Attributes, attr.ToKVPair()) +} + +return e +} + +// GetAttribute returns an attribute for a given key present in an event. +// If the key is not found, the boolean value will be false. +func (e Event) + +GetAttribute(key string) (Attribute, bool) { + for _, attr := range e.Attributes { + if attr.Key == key { + return Attribute{ + Key: attr.Key, + Value: attr.Value +}, true +} + +} + +return Attribute{ +}, false +} + +// AppendEvent adds an Event to a slice of events. +func (e Events) + +AppendEvent(event Event) + +Events { + return append(e, event) +} + +// AppendEvents adds a slice of Event objects to an exist slice of Event objects. +func (e Events) + +AppendEvents(events Events) + +Events { + return append(e, events...) +} + +// ToABCIEvents converts a slice of Event objects to a slice of abci.Event +// objects. +func (e Events) + +ToABCIEvents() []abci.Event { + res := make([]abci.Event, len(e)) + for i, ev := range e { + res[i] = abci.Event{ + Type: ev.Type, + Attributes: ev.Attributes +} + +} + +return res +} + +// GetAttributes returns all attributes matching a given key present in events. +// If the key is not found, the boolean value will be false. +func (e Events) + +GetAttributes(key string) ([]Attribute, bool) { + attrs := make([]Attribute, 0) + for _, event := range e { + if attr, found := event.GetAttribute(key); found { + attrs = append(attrs, attr) +} + +} + +return attrs, len(attrs) > 0 +} + +// Common event types and attribute keys +const ( + EventTypeTx = "tx" + + AttributeKeyAccountSequence = "acc_seq" + AttributeKeySignature = "signature" + AttributeKeyFee = "fee" + AttributeKeyFeePayer = "fee_payer" + + EventTypeMessage = "message" + + AttributeKeyAction = "action" + AttributeKeyModule = "module" + AttributeKeySender = "sender" + AttributeKeyAmount = "amount" +) + +type ( + // StringAttributes defines a slice of StringEvents objects. + StringEvents []StringEvent +) + +func (se StringEvents) + +String() + +string { + var sb strings.Builder + for _, e := range se { + fmt.Fprintf(&sb, "\t\t- %s\n", e.Type) + for _, attr := range e.Attributes { + fmt.Fprintf(&sb, "\t\t\t- %s\n", attr) +} + +} + +return strings.TrimRight(sb.String(), "\n") +} + +// StringifyEvent converts an Event object to a StringEvent object. +func StringifyEvent(e abci.Event) + +StringEvent { + res := StringEvent{ + Type: e.Type +} + for _, attr := range e.Attributes { + res.Attributes = append( + res.Attributes, + Attribute{ + Key: attr.Key, + Value: attr.Value +}, + ) +} + +return res +} + +// StringifyEvents converts a slice of Event objects into a slice of StringEvent +// objects. +func StringifyEvents(events []abci.Event) + +StringEvents { + res := make(StringEvents, 0, len(events)) + for _, e := range events { + res = append(res, StringifyEvent(e)) +} + +return res +} + +// MarkEventsToIndex returns the set of ABCI events, where each event's attribute +// has it's index value marked based on the provided set of events to index. +func MarkEventsToIndex(events []abci.Event, indexSet map[string]struct{ +}) []abci.Event { + indexAll := len(indexSet) == 0 + updatedEvents := make([]abci.Event, len(events)) + for i, e := range events { + updatedEvent := abci.Event{ + Type: e.Type, + Attributes: make([]abci.EventAttribute, len(e.Attributes)), +} + for j, attr := range e.Attributes { + _, index := indexSet[fmt.Sprintf("%s.%s", e.Type, attr.Key)] + updatedAttr := abci.EventAttribute{ + Key: attr.Key, + Value: attr.Value, + Index: index || indexAll, +} + +updatedEvent.Attributes[j] = updatedAttr +} + +updatedEvents[i] = updatedEvent +} + +return updatedEvents +} +``` + +Module developers should handle Event emission via the `EventManager#EmitTypedEvent` or `EventManager#EmitEvent` in each message +`Handler` and in each `BeginBlock`/`EndBlock` handler. The `EventManager` is accessed via +the [`Context`](/docs/sdk/vnext/learn/advanced/context), where Event should be already registered, and emitted like this: + +**Typed events:** + +```go expandable +package keeper + +import ( + + "bytes" + "context" + "encoding/binary" + "encoding/json" + "fmt" + "slices" + "strings" + + errorsmod "cosmossdk.io/errors" + + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" + "github.com/cosmos/cosmos-sdk/x/group" + "github.com/cosmos/cosmos-sdk/x/group/errors" + "github.com/cosmos/cosmos-sdk/x/group/internal/math" + "github.com/cosmos/cosmos-sdk/x/group/internal/orm" +) + +var _ group.MsgServer = Keeper{ +} + +// TODO: Revisit this once we have proper gas fee framework. +// Tracking issues https://github.com/cosmos/cosmos-sdk/issues/9054, https://github.com/cosmos/cosmos-sdk/discussions/9072 +const gasCostPerIteration = uint64(20) + +func (k Keeper) + +CreateGroup(goCtx context.Context, msg *group.MsgCreateGroup) (*group.MsgCreateGroupResponse, error) { + if _, err := k.accKeeper.AddressCodec().StringToBytes(msg.Admin); err != nil { + return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidAddress, "invalid admin address: %s", msg.Admin) +} + if err := k.validateMembers(msg.Members); err != nil { + return nil, errorsmod.Wrap(err, "members") +} + if err := k.assertMetadataLength(msg.Metadata, "group metadata"); err != nil { + return nil, err +} + totalWeight := math.NewDecFromInt64(0) + for _, m := range msg.Members { + if err := k.assertMetadataLength(m.Metadata, "member metadata"); err != nil { + return nil, err +} + + // Members of a group must have a positive weight. + // NOTE: group member with zero weight are only allowed when updating group members. + // If the member has a zero weight, it will be removed from the group. + weight, err := math.NewPositiveDecFromString(m.Weight) + if err != nil { + return nil, err +} + + // Adding up members weights to compute group total weight. + totalWeight, err = totalWeight.Add(weight) + if err != nil { + return nil, err +} + +} + + // Create a new group in the groupTable. + ctx := sdk.UnwrapSDKContext(goCtx) + groupInfo := &group.GroupInfo{ + Id: k.groupTable.Sequence().PeekNextVal(ctx.KVStore(k.key)), + Admin: msg.Admin, + Metadata: msg.Metadata, + Version: 1, + TotalWeight: totalWeight.String(), + CreatedAt: ctx.BlockTime(), +} + +groupID, err := k.groupTable.Create(ctx.KVStore(k.key), groupInfo) + if err != nil { + return nil, errorsmod.Wrap(err, "could not create group") +} + + // Create new group members in the groupMemberTable. + for i, m := range msg.Members { + err := k.groupMemberTable.Create(ctx.KVStore(k.key), &group.GroupMember{ + GroupId: groupID, + Member: &group.Member{ + Address: m.Address, + Weight: m.Weight, + Metadata: m.Metadata, + AddedAt: ctx.BlockTime(), +}, +}) + if err != nil { + return nil, errorsmod.Wrapf(err, "could not store member %d", i) +} + +} + if err := ctx.EventManager().EmitTypedEvent(&group.EventCreateGroup{ + GroupId: groupID +}); err != nil { + return nil, err +} + +return &group.MsgCreateGroupResponse{ + GroupId: groupID +}, nil +} + +func (k Keeper) + +UpdateGroupMembers(goCtx context.Context, msg *group.MsgUpdateGroupMembers) (*group.MsgUpdateGroupMembersResponse, error) { + if msg.GroupId == 0 { + return nil, errorsmod.Wrap(errors.ErrEmpty, "group id") +} + if len(msg.MemberUpdates) == 0 { + return nil, errorsmod.Wrap(errors.ErrEmpty, "member updates") +} + if err := k.validateMembers(msg.MemberUpdates); err != nil { + return nil, errorsmod.Wrap(err, "members") +} + ctx := sdk.UnwrapSDKContext(goCtx) + action := func(g *group.GroupInfo) + +error { + totalWeight, err := math.NewNonNegativeDecFromString(g.TotalWeight) + if err != nil { + return errorsmod.Wrap(err, "group total weight") +} + for _, member := range msg.MemberUpdates { + if err := k.assertMetadataLength(member.Metadata, "group member metadata"); err != nil { + return err +} + groupMember := group.GroupMember{ + GroupId: msg.GroupId, + Member: &group.Member{ + Address: member.Address, + Weight: member.Weight, + Metadata: member.Metadata, +}, +} + + // Checking if the group member is already part of the group + var found bool + var prevGroupMember group.GroupMember + switch err := k.groupMemberTable.GetOne(ctx.KVStore(k.key), orm.PrimaryKey(&groupMember), &prevGroupMember); { + case err == nil: + found = true + case sdkerrors.ErrNotFound.Is(err): + found = false + default: + return errorsmod.Wrap(err, "get group member") +} + +newMemberWeight, err := math.NewNonNegativeDecFromString(groupMember.Member.Weight) + if err != nil { + return err +} + + // Handle delete for members with zero weight. + if newMemberWeight.IsZero() { + // We can't delete a group member that doesn't already exist. + if !found { + return errorsmod.Wrap(sdkerrors.ErrNotFound, "unknown member") +} + +previousMemberWeight, err := math.NewPositiveDecFromString(prevGroupMember.Member.Weight) + if err != nil { + return err +} + + // Subtract the weight of the group member to delete from the group total weight. + totalWeight, err = math.SubNonNegative(totalWeight, previousMemberWeight) + if err != nil { + return err +} + + // Delete group member in the groupMemberTable. + if err := k.groupMemberTable.Delete(ctx.KVStore(k.key), &groupMember); err != nil { + return errorsmod.Wrap(err, "delete member") +} + +continue +} + // If group member already exists, handle update + if found { + previousMemberWeight, err := math.NewPositiveDecFromString(prevGroupMember.Member.Weight) + if err != nil { + return err +} + // Subtract previous weight from the group total weight. + totalWeight, err = math.SubNonNegative(totalWeight, previousMemberWeight) + if err != nil { + return err +} + // Save updated group member in the groupMemberTable. + groupMember.Member.AddedAt = prevGroupMember.Member.AddedAt + if err := k.groupMemberTable.Update(ctx.KVStore(k.key), &groupMember); err != nil { + return errorsmod.Wrap(err, "add member") +} + +} + +else { // else handle create. + groupMember.Member.AddedAt = ctx.BlockTime() + if err := k.groupMemberTable.Create(ctx.KVStore(k.key), &groupMember); err != nil { + return errorsmod.Wrap(err, "add member") +} + +} + // In both cases (handle + update), we need to add the new member's weight to the group total weight. + totalWeight, err = totalWeight.Add(newMemberWeight) + if err != nil { + return err +} + +} + // ensure that group has one or more members + if totalWeight.IsZero() { + return errorsmod.Wrap(errors.ErrInvalid, "group must not be empty") +} + // Update group in the groupTable. + g.TotalWeight = totalWeight.String() + +g.Version++ + if err := k.validateDecisionPolicies(ctx, *g); err != nil { + return err +} + +return k.groupTable.Update(ctx.KVStore(k.key), g.Id, g) +} + if err := k.doUpdateGroup(ctx, msg.GetGroupID(), msg.GetAdmin(), action, "members updated"); err != nil { + return nil, err +} + +return &group.MsgUpdateGroupMembersResponse{ +}, nil +} + +func (k Keeper) + +UpdateGroupAdmin(goCtx context.Context, msg *group.MsgUpdateGroupAdmin) (*group.MsgUpdateGroupAdminResponse, error) { + if msg.GroupId == 0 { + return nil, errorsmod.Wrap(errors.ErrEmpty, "group id") +} + if strings.EqualFold(msg.Admin, msg.NewAdmin) { + return nil, errorsmod.Wrap(errors.ErrInvalid, "new and old admin are the same") +} + if _, err := k.accKeeper.AddressCodec().StringToBytes(msg.Admin); err != nil { + return nil, errorsmod.Wrap(sdkerrors.ErrInvalidAddress, "admin address") +} + if _, err := k.accKeeper.AddressCodec().StringToBytes(msg.NewAdmin); err != nil { + return nil, errorsmod.Wrap(sdkerrors.ErrInvalidAddress, "new admin address") +} + ctx := sdk.UnwrapSDKContext(goCtx) + action := func(g *group.GroupInfo) + +error { + g.Admin = msg.NewAdmin + g.Version++ + + return k.groupTable.Update(ctx.KVStore(k.key), g.Id, g) +} + if err := k.doUpdateGroup(ctx, msg.GetGroupID(), msg.GetAdmin(), action, "admin updated"); err != nil { + return nil, err +} + +return &group.MsgUpdateGroupAdminResponse{ +}, nil +} + +func (k Keeper) + +UpdateGroupMetadata(goCtx context.Context, msg *group.MsgUpdateGroupMetadata) (*group.MsgUpdateGroupMetadataResponse, error) { + if msg.GroupId == 0 { + return nil, errorsmod.Wrap(errors.ErrEmpty, "group id") +} + if err := k.assertMetadataLength(msg.Metadata, "group metadata"); err != nil { + return nil, err +} + if _, err := k.accKeeper.AddressCodec().StringToBytes(msg.Admin); err != nil { + return nil, errorsmod.Wrap(sdkerrors.ErrInvalidAddress, "admin address") +} + ctx := sdk.UnwrapSDKContext(goCtx) + action := func(g *group.GroupInfo) + +error { + g.Metadata = msg.Metadata + g.Version++ + return k.groupTable.Update(ctx.KVStore(k.key), g.Id, g) +} + if err := k.doUpdateGroup(ctx, msg.GetGroupID(), msg.GetAdmin(), action, "metadata updated"); err != nil { + return nil, err +} + +return &group.MsgUpdateGroupMetadataResponse{ +}, nil +} + +func (k Keeper) + +CreateGroupWithPolicy(ctx context.Context, msg *group.MsgCreateGroupWithPolicy) (*group.MsgCreateGroupWithPolicyResponse, error) { + // NOTE: admin, and group message validation is performed in the CreateGroup method + groupRes, err := k.CreateGroup(ctx, &group.MsgCreateGroup{ + Admin: msg.Admin, + Members: msg.Members, + Metadata: msg.GroupMetadata, +}) + if err != nil { + return nil, errorsmod.Wrap(err, "group response") +} + groupID := groupRes.GroupId + + // NOTE: group policy message validation is performed in the CreateGroupPolicy method + groupPolicyRes, err := k.CreateGroupPolicy(ctx, &group.MsgCreateGroupPolicy{ + Admin: msg.Admin, + GroupId: groupID, + Metadata: msg.GroupPolicyMetadata, + DecisionPolicy: msg.DecisionPolicy, +}) + if err != nil { + return nil, errorsmod.Wrap(err, "group policy response") +} + if msg.GroupPolicyAsAdmin { + updateAdminReq := &group.MsgUpdateGroupAdmin{ + GroupId: groupID, + Admin: msg.Admin, + NewAdmin: groupPolicyRes.Address, +} + _, err = k.UpdateGroupAdmin(ctx, updateAdminReq) + if err != nil { + return nil, err +} + updatePolicyAddressReq := &group.MsgUpdateGroupPolicyAdmin{ + Admin: msg.Admin, + GroupPolicyAddress: groupPolicyRes.Address, + NewAdmin: groupPolicyRes.Address, +} + _, err = k.UpdateGroupPolicyAdmin(ctx, updatePolicyAddressReq) + if err != nil { + return nil, err +} + +} + +return &group.MsgCreateGroupWithPolicyResponse{ + GroupId: groupID, + GroupPolicyAddress: groupPolicyRes.Address +}, nil +} + +func (k Keeper) + +CreateGroupPolicy(goCtx context.Context, msg *group.MsgCreateGroupPolicy) (*group.MsgCreateGroupPolicyResponse, error) { + if msg.GroupId == 0 { + return nil, errorsmod.Wrap(errors.ErrEmpty, "group id") +} + if err := k.assertMetadataLength(msg.GetMetadata(), "group policy metadata"); err != nil { + return nil, err +} + +policy, err := msg.GetDecisionPolicy() + if err != nil { + return nil, errorsmod.Wrap(err, "request decision policy") +} + if err := policy.ValidateBasic(); err != nil { + return nil, errorsmod.Wrap(err, "decision policy") +} + +reqGroupAdmin, err := k.accKeeper.AddressCodec().StringToBytes(msg.GetAdmin()) + if err != nil { + return nil, errorsmod.Wrap(err, "request admin") +} + ctx := sdk.UnwrapSDKContext(goCtx) + +groupInfo, err := k.getGroupInfo(ctx, msg.GetGroupID()) + if err != nil { + return nil, err +} + +groupAdmin, err := k.accKeeper.AddressCodec().StringToBytes(groupInfo.Admin) + if err != nil { + return nil, errorsmod.Wrap(err, "group admin") +} + + // Only current group admin is authorized to create a group policy for this + if !bytes.Equal(groupAdmin, reqGroupAdmin) { + return nil, errorsmod.Wrap(sdkerrors.ErrUnauthorized, "not group admin") +} + if err := policy.Validate(groupInfo, k.config); err != nil { + return nil, err +} + + // Generate account address of group policy. + var accountAddr sdk.AccAddress + // loop here in the rare case where a ADR-028-derived address creates a + // collision with an existing address. + for { + nextAccVal := k.groupPolicySeq.NextVal(ctx.KVStore(k.key)) + derivationKey := make([]byte, 8) + +binary.BigEndian.PutUint64(derivationKey, nextAccVal) + +ac, err := authtypes.NewModuleCredential(group.ModuleName, []byte{ + GroupPolicyTablePrefix +}, derivationKey) + if err != nil { + return nil, err +} + +accountAddr = sdk.AccAddress(ac.Address()) + if k.accKeeper.GetAccount(ctx, accountAddr) != nil { + // handle a rare collision, in which case we just go on to the + // next sequence value and derive a new address. + continue +} + + // group policy accounts are unclaimable base accounts + account, err := authtypes.NewBaseAccountWithPubKey(ac) + if err != nil { + return nil, errorsmod.Wrap(err, "could not create group policy account") +} + acc := k.accKeeper.NewAccount(ctx, account) + +k.accKeeper.SetAccount(ctx, acc) + +break +} + +groupPolicy, err := group.NewGroupPolicyInfo( + accountAddr, + msg.GetGroupID(), + reqGroupAdmin, + msg.GetMetadata(), + 1, + policy, + ctx.BlockTime(), + ) + if err != nil { + return nil, err +} + if err := k.groupPolicyTable.Create(ctx.KVStore(k.key), &groupPolicy); err != nil { + return nil, errorsmod.Wrap(err, "could not create group policy") +} + if err := ctx.EventManager().EmitTypedEvent(&group.EventCreateGroupPolicy{ + Address: accountAddr.String() +}); err != nil { + return nil, err +} + +return &group.MsgCreateGroupPolicyResponse{ + Address: accountAddr.String() +}, nil +} + +func (k Keeper) + +UpdateGroupPolicyAdmin(goCtx context.Context, msg *group.MsgUpdateGroupPolicyAdmin) (*group.MsgUpdateGroupPolicyAdminResponse, error) { + if strings.EqualFold(msg.Admin, msg.NewAdmin) { + return nil, errorsmod.Wrap(errors.ErrInvalid, "new and old admin are same") +} + if _, err := k.accKeeper.AddressCodec().StringToBytes(msg.NewAdmin); err != nil { + return nil, errorsmod.Wrap(sdkerrors.ErrInvalidAddress, "new admin address") +} + ctx := sdk.UnwrapSDKContext(goCtx) + action := func(groupPolicy *group.GroupPolicyInfo) + +error { + groupPolicy.Admin = msg.NewAdmin + groupPolicy.Version++ + return k.groupPolicyTable.Update(ctx.KVStore(k.key), groupPolicy) +} + if err := k.doUpdateGroupPolicy(ctx, msg.GroupPolicyAddress, msg.Admin, action, "group policy admin updated"); err != nil { + return nil, err +} + +return &group.MsgUpdateGroupPolicyAdminResponse{ +}, nil +} + +func (k Keeper) + +UpdateGroupPolicyDecisionPolicy(goCtx context.Context, msg *group.MsgUpdateGroupPolicyDecisionPolicy) (*group.MsgUpdateGroupPolicyDecisionPolicyResponse, error) { + policy, err := msg.GetDecisionPolicy() + if err != nil { + return nil, errorsmod.Wrap(err, "decision policy") +} + if err := policy.ValidateBasic(); err != nil { + return nil, errorsmod.Wrap(err, "decision policy") +} + ctx := sdk.UnwrapSDKContext(goCtx) + action := func(groupPolicy *group.GroupPolicyInfo) + +error { + groupInfo, err := k.getGroupInfo(ctx, groupPolicy.GroupId) + if err != nil { + return err +} + +err = policy.Validate(groupInfo, k.config) + if err != nil { + return err +} + +err = groupPolicy.SetDecisionPolicy(policy) + if err != nil { + return err +} + +groupPolicy.Version++ + return k.groupPolicyTable.Update(ctx.KVStore(k.key), groupPolicy) +} + if err = k.doUpdateGroupPolicy(ctx, msg.GroupPolicyAddress, msg.Admin, action, "group policy's decision policy updated"); err != nil { + return nil, err +} + +return &group.MsgUpdateGroupPolicyDecisionPolicyResponse{ +}, nil +} + +func (k Keeper) + +UpdateGroupPolicyMetadata(goCtx context.Context, msg *group.MsgUpdateGroupPolicyMetadata) (*group.MsgUpdateGroupPolicyMetadataResponse, error) { + ctx := sdk.UnwrapSDKContext(goCtx) + metadata := msg.GetMetadata() + action := func(groupPolicy *group.GroupPolicyInfo) + +error { + groupPolicy.Metadata = metadata + groupPolicy.Version++ + return k.groupPolicyTable.Update(ctx.KVStore(k.key), groupPolicy) +} + if err := k.assertMetadataLength(metadata, "group policy metadata"); err != nil { + return nil, err +} + err := k.doUpdateGroupPolicy(ctx, msg.GroupPolicyAddress, msg.Admin, action, "group policy metadata updated") + if err != nil { + return nil, err +} + +return &group.MsgUpdateGroupPolicyMetadataResponse{ +}, nil +} + +func (k Keeper) + +SubmitProposal(goCtx context.Context, msg *group.MsgSubmitProposal) (*group.MsgSubmitProposalResponse, error) { + if len(msg.Proposers) == 0 { + return nil, errorsmod.Wrap(errors.ErrEmpty, "proposers") +} + if err := k.validateProposers(msg.Proposers); err != nil { + return nil, err +} + +groupPolicyAddr, err := k.accKeeper.AddressCodec().StringToBytes(msg.GroupPolicyAddress) + if err != nil { + return nil, errorsmod.Wrap(err, "request account address of group policy") +} + if err := k.assertMetadataLength(msg.Title, "proposal Title"); err != nil { + return nil, err +} + if err := k.assertSummaryLength(msg.Summary); err != nil { + return nil, err +} + if err := k.assertMetadataLength(msg.Metadata, "metadata"); err != nil { + return nil, err +} + + // verify that if present, the metadata title and summary equals the proposal title and summary + if len(msg.Metadata) != 0 { + proposalMetadata := govtypes.ProposalMetadata{ +} + if err := json.Unmarshal([]byte(msg.Metadata), &proposalMetadata); err == nil { + if proposalMetadata.Title != msg.Title { + return nil, fmt.Errorf("metadata title '%s' must equal proposal title '%s'", proposalMetadata.Title, msg.Title) +} + if proposalMetadata.Summary != msg.Summary { + return nil, fmt.Errorf("metadata summary '%s' must equal proposal summary '%s'", proposalMetadata.Summary, msg.Summary) +} + +} + + // if we can't unmarshal the metadata, this means the client didn't use the recommended metadata format + // nothing can be done here, and this is still a valid case, so we ignore the error +} + +msgs, err := msg.GetMsgs() + if err != nil { + return nil, errorsmod.Wrap(err, "request msgs") +} + if err := validateMsgs(msgs); err != nil { + return nil, err +} + ctx := sdk.UnwrapSDKContext(goCtx) + +policyAcc, err := k.getGroupPolicyInfo(ctx, msg.GroupPolicyAddress) + if err != nil { + return nil, errorsmod.Wrapf(err, "load group policy: %s", msg.GroupPolicyAddress) +} + +groupInfo, err := k.getGroupInfo(ctx, policyAcc.GroupId) + if err != nil { + return nil, errorsmod.Wrap(err, "get group by groupId of group policy") +} + + // Only members of the group can submit a new proposal. + for _, proposer := range msg.Proposers { + if !k.groupMemberTable.Has(ctx.KVStore(k.key), orm.PrimaryKey(&group.GroupMember{ + GroupId: groupInfo.Id, + Member: &group.Member{ + Address: proposer +}})) { + return nil, errorsmod.Wrapf(errors.ErrUnauthorized, "not in group: %s", proposer) +} + +} + + // Check that if the messages require signers, they are all equal to the given account address of group policy. + if err := ensureMsgAuthZ(msgs, groupPolicyAddr, k.cdc); err != nil { + return nil, err +} + +policy, err := policyAcc.GetDecisionPolicy() + if err != nil { + return nil, errorsmod.Wrap(err, "proposal group policy decision policy") +} + + // Prevent proposal that cannot succeed. + if err = policy.Validate(groupInfo, k.config); err != nil { + return nil, err +} + m := &group.Proposal{ + Id: k.proposalTable.Sequence().PeekNextVal(ctx.KVStore(k.key)), + GroupPolicyAddress: msg.GroupPolicyAddress, + Metadata: msg.Metadata, + Proposers: msg.Proposers, + SubmitTime: ctx.BlockTime(), + GroupVersion: groupInfo.Version, + GroupPolicyVersion: policyAcc.Version, + Status: group.PROPOSAL_STATUS_SUBMITTED, + ExecutorResult: group.PROPOSAL_EXECUTOR_RESULT_NOT_RUN, + VotingPeriodEnd: ctx.BlockTime().Add(policy.GetVotingPeriod()), // The voting window begins as soon as the proposal is submitted. + FinalTallyResult: group.DefaultTallyResult(), + Title: msg.Title, + Summary: msg.Summary, +} + if err := m.SetMsgs(msgs); err != nil { + return nil, errorsmod.Wrap(err, "create proposal") +} + +id, err := k.proposalTable.Create(ctx.KVStore(k.key), m) + if err != nil { + return nil, errorsmod.Wrap(err, "create proposal") +} + if err := ctx.EventManager().EmitTypedEvent(&group.EventSubmitProposal{ + ProposalId: id +}); err != nil { + return nil, err +} + + // Try to execute proposal immediately + if msg.Exec == group.Exec_EXEC_TRY { + // Consider proposers as Yes votes + for _, proposer := range msg.Proposers { + ctx.GasMeter().ConsumeGas(gasCostPerIteration, "vote on proposal") + _, err = k.Vote(ctx, &group.MsgVote{ + ProposalId: id, + Voter: proposer, + Option: group.VOTE_OPTION_YES, +}) + if err != nil { + return &group.MsgSubmitProposalResponse{ + ProposalId: id +}, errorsmod.Wrapf(err, "the proposal was created but failed on vote for voter %s", proposer) +} + +} + + // Then try to execute the proposal + _, err = k.Exec(ctx, &group.MsgExec{ + ProposalId: id, + // We consider the first proposer as the MsgExecRequest signer + // but that could be revisited (eg using the group policy) + +Executor: msg.Proposers[0], +}) + if err != nil { + return &group.MsgSubmitProposalResponse{ + ProposalId: id +}, errorsmod.Wrap(err, "the proposal was created but failed on exec") +} + +} + +return &group.MsgSubmitProposalResponse{ + ProposalId: id +}, nil +} + +func (k Keeper) + +WithdrawProposal(goCtx context.Context, msg *group.MsgWithdrawProposal) (*group.MsgWithdrawProposalResponse, error) { + if msg.ProposalId == 0 { + return nil, errorsmod.Wrap(errors.ErrEmpty, "proposal id") +} + if _, err := k.accKeeper.AddressCodec().StringToBytes(msg.Address); err != nil { + return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidAddress, "invalid group policy admin / proposer address: %s", msg.Address) +} + ctx := sdk.UnwrapSDKContext(goCtx) + +proposal, err := k.getProposal(ctx, msg.ProposalId) + if err != nil { + return nil, err +} + + // Ensure the proposal can be withdrawn. + if proposal.Status != group.PROPOSAL_STATUS_SUBMITTED { + return nil, errorsmod.Wrapf(errors.ErrInvalid, "cannot withdraw a proposal with the status of %s", proposal.Status.String()) +} + +var policyInfo group.GroupPolicyInfo + if policyInfo, err = k.getGroupPolicyInfo(ctx, proposal.GroupPolicyAddress); err != nil { + return nil, errorsmod.Wrap(err, "load group policy") +} + + // check address is the group policy admin he is in proposers list.. + if msg.Address != policyInfo.Admin && !isProposer(proposal, msg.Address) { + return nil, errorsmod.Wrapf(errors.ErrUnauthorized, "given address is neither group policy admin nor in proposers: %s", msg.Address) +} + +proposal.Status = group.PROPOSAL_STATUS_WITHDRAWN + if err := k.proposalTable.Update(ctx.KVStore(k.key), msg.ProposalId, &proposal); err != nil { + return nil, err +} + if err := ctx.EventManager().EmitTypedEvent(&group.EventWithdrawProposal{ + ProposalId: msg.ProposalId +}); err != nil { + return nil, err +} + +return &group.MsgWithdrawProposalResponse{ +}, nil +} + +func (k Keeper) + +Vote(goCtx context.Context, msg *group.MsgVote) (*group.MsgVoteResponse, error) { + if msg.ProposalId == 0 { + return nil, errorsmod.Wrap(errors.ErrEmpty, "proposal id") +} + + // verify vote options + if msg.Option == group.VOTE_OPTION_UNSPECIFIED { + return nil, errorsmod.Wrap(errors.ErrEmpty, "vote option") +} + if _, ok := group.VoteOption_name[int32(msg.Option)]; !ok { + return nil, errorsmod.Wrap(errors.ErrInvalid, "vote option") +} + if err := k.assertMetadataLength(msg.Metadata, "metadata"); err != nil { + return nil, err +} + if _, err := k.accKeeper.AddressCodec().StringToBytes(msg.Voter); err != nil { + return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidAddress, "invalid voter address: %s", msg.Voter) +} + ctx := sdk.UnwrapSDKContext(goCtx) + +proposal, err := k.getProposal(ctx, msg.ProposalId) + if err != nil { + return nil, err +} + + // Ensure that we can still accept votes for this proposal. + if proposal.Status != group.PROPOSAL_STATUS_SUBMITTED { + return nil, errorsmod.Wrap(errors.ErrInvalid, "proposal not open for voting") +} + if ctx.BlockTime().After(proposal.VotingPeriodEnd) { + return nil, errorsmod.Wrap(errors.ErrExpired, "voting period has ended already") +} + +policyInfo, err := k.getGroupPolicyInfo(ctx, proposal.GroupPolicyAddress) + if err != nil { + return nil, errorsmod.Wrap(err, "load group policy") +} + +groupInfo, err := k.getGroupInfo(ctx, policyInfo.GroupId) + if err != nil { + return nil, err +} + + // Count and store votes. + voter := group.GroupMember{ + GroupId: groupInfo.Id, + Member: &group.Member{ + Address: msg.Voter +}} + if err := k.groupMemberTable.GetOne(ctx.KVStore(k.key), orm.PrimaryKey(&voter), &voter); err != nil { + return nil, errorsmod.Wrapf(err, "voter address: %s", msg.Voter) +} + newVote := group.Vote{ + ProposalId: msg.ProposalId, + Voter: msg.Voter, + Option: msg.Option, + Metadata: msg.Metadata, + SubmitTime: ctx.BlockTime(), +} + + // The ORM will return an error if the vote already exists, + // making sure than a voter hasn't already voted. + if err := k.voteTable.Create(ctx.KVStore(k.key), &newVote); err != nil { + return nil, errorsmod.Wrap(err, "store vote") +} + if err := ctx.EventManager().EmitTypedEvent(&group.EventVote{ + ProposalId: msg.ProposalId +}); err != nil { + return nil, err +} + + // Try to execute proposal immediately + if msg.Exec == group.Exec_EXEC_TRY { + _, err = k.Exec(ctx, &group.MsgExec{ + ProposalId: msg.ProposalId, + Executor: msg.Voter +}) + if err != nil { + return nil, err +} + +} + +return &group.MsgVoteResponse{ +}, nil +} + +// doTallyAndUpdate performs a tally, and, if the tally result is final, then: +// - updates the proposal's `Status` and `FinalTallyResult` fields, +// - prune all the votes. +func (k Keeper) + +doTallyAndUpdate(ctx sdk.Context, proposal *group.Proposal, groupInfo group.GroupInfo, policyInfo group.GroupPolicyInfo) + +error { + policy, err := policyInfo.GetDecisionPolicy() + if err != nil { + return err +} + +var result group.DecisionPolicyResult + tallyResult, err := k.Tally(ctx, *proposal, policyInfo.GroupId) + if err == nil { + result, err = policy.Allow(tallyResult, groupInfo.TotalWeight) +} + if err != nil { + if err := k.pruneVotes(ctx, proposal.Id); err != nil { + return err +} + +proposal.Status = group.PROPOSAL_STATUS_REJECTED + return ctx.EventManager().EmitTypedEvents( + &group.EventTallyError{ + ProposalId: proposal.Id, + ErrorMessage: err.Error(), +}) +} + + // If the result was final (i.e. enough votes to pass) + +or if the voting + // period ended, then we consider the proposal as final. + if isFinal := result.Final || ctx.BlockTime().After(proposal.VotingPeriodEnd); isFinal { + if err := k.pruneVotes(ctx, proposal.Id); err != nil { + return err +} + +proposal.FinalTallyResult = tallyResult + if result.Allow { + proposal.Status = group.PROPOSAL_STATUS_ACCEPTED +} + +else { + proposal.Status = group.PROPOSAL_STATUS_REJECTED +} + + +} + +return nil +} + +// Exec executes the messages from a proposal. +func (k Keeper) + +Exec(goCtx context.Context, msg *group.MsgExec) (*group.MsgExecResponse, error) { + if msg.ProposalId == 0 { + return nil, errorsmod.Wrap(errors.ErrEmpty, "proposal id") +} + ctx := sdk.UnwrapSDKContext(goCtx) + +proposal, err := k.getProposal(ctx, msg.ProposalId) + if err != nil { + return nil, err +} + if proposal.Status != group.PROPOSAL_STATUS_SUBMITTED && proposal.Status != group.PROPOSAL_STATUS_ACCEPTED { + return nil, errorsmod.Wrapf(errors.ErrInvalid, "not possible to exec with proposal status %s", proposal.Status.String()) +} + +policyInfo, err := k.getGroupPolicyInfo(ctx, proposal.GroupPolicyAddress) + if err != nil { + return nil, errorsmod.Wrap(err, "load group policy") +} + + // If proposal is still in SUBMITTED phase, it means that the voting period + // didn't end yet, and tallying hasn't been done. In this case, we need to + // tally first. + if proposal.Status == group.PROPOSAL_STATUS_SUBMITTED { + groupInfo, err := k.getGroupInfo(ctx, policyInfo.GroupId) + if err != nil { + return nil, errorsmod.Wrap(err, "load group") +} + if err = k.doTallyAndUpdate(ctx, &proposal, groupInfo, policyInfo); err != nil { + return nil, err +} + +} + + // Execute proposal payload. + var logs string + if proposal.Status == group.PROPOSAL_STATUS_ACCEPTED && proposal.ExecutorResult != group.PROPOSAL_EXECUTOR_RESULT_SUCCESS { + // Caching context so that we don't update the store in case of failure. + cacheCtx, flush := ctx.CacheContext() + +addr, err := k.accKeeper.AddressCodec().StringToBytes(policyInfo.Address) + if err != nil { + return nil, err +} + decisionPolicy := policyInfo.DecisionPolicy.GetCachedValue().(group.DecisionPolicy) + if results, err := k.doExecuteMsgs(cacheCtx, k.router, proposal, addr, decisionPolicy); err != nil { + proposal.ExecutorResult = group.PROPOSAL_EXECUTOR_RESULT_FAILURE + logs = fmt.Sprintf("proposal execution failed on proposal %d, because of error %s", proposal.Id, err.Error()) + +k.Logger(ctx).Info("proposal execution failed", "cause", err, "proposalID", proposal.Id) +} + +else { + proposal.ExecutorResult = group.PROPOSAL_EXECUTOR_RESULT_SUCCESS + flush() + for _, res := range results { + // NOTE: The sdk msg handler creates a new EventManager, so events must be correctly propagated back to the current context + ctx.EventManager().EmitEvents(res.GetEvents()) +} + +} + +} + + // Update proposal in proposalTable + // If proposal has successfully run, delete it from state. + if proposal.ExecutorResult == group.PROPOSAL_EXECUTOR_RESULT_SUCCESS { + if err := k.pruneProposal(ctx, proposal.Id); err != nil { + return nil, err +} + + // Emit event for proposal finalized with its result + if err := ctx.EventManager().EmitTypedEvent( + &group.EventProposalPruned{ + ProposalId: proposal.Id, + Status: proposal.Status, + TallyResult: &proposal.FinalTallyResult, +}); err != nil { + return nil, err +} + +} + +else { + store := ctx.KVStore(k.key) + if err := k.proposalTable.Update(store, proposal.Id, &proposal); err != nil { + return nil, err +} + +} + if err := ctx.EventManager().EmitTypedEvent(&group.EventExec{ + ProposalId: proposal.Id, + Logs: logs, + Result: proposal.ExecutorResult, +}); err != nil { + return nil, err +} + +return &group.MsgExecResponse{ + Result: proposal.ExecutorResult, +}, nil +} + +// LeaveGroup implements the MsgServer/LeaveGroup method. +func (k Keeper) + +LeaveGroup(goCtx context.Context, msg *group.MsgLeaveGroup) (*group.MsgLeaveGroupResponse, error) { + if msg.GroupId == 0 { + return nil, errorsmod.Wrap(errors.ErrEmpty, "group-id") +} + + _, err := k.accKeeper.AddressCodec().StringToBytes(msg.Address) + if err != nil { + return nil, errorsmod.Wrap(err, "group member") +} + ctx := sdk.UnwrapSDKContext(goCtx) + +groupInfo, err := k.getGroupInfo(ctx, msg.GroupId) + if err != nil { + return nil, errorsmod.Wrap(err, "group") +} + +groupWeight, err := math.NewNonNegativeDecFromString(groupInfo.TotalWeight) + if err != nil { + return nil, err +} + +gm, err := k.getGroupMember(ctx, &group.GroupMember{ + GroupId: msg.GroupId, + Member: &group.Member{ + Address: msg.Address +}, +}) + if err != nil { + return nil, err +} + +memberWeight, err := math.NewPositiveDecFromString(gm.Member.Weight) + if err != nil { + return nil, err +} + +updatedWeight, err := math.SubNonNegative(groupWeight, memberWeight) + if err != nil { + return nil, err +} + + // delete group member in the groupMemberTable. + if err := k.groupMemberTable.Delete(ctx.KVStore(k.key), gm); err != nil { + return nil, errorsmod.Wrap(err, "group member") +} + + // update group weight + groupInfo.TotalWeight = updatedWeight.String() + +groupInfo.Version++ + if err := k.validateDecisionPolicies(ctx, groupInfo); err != nil { + return nil, err +} + if err := k.groupTable.Update(ctx.KVStore(k.key), groupInfo.Id, &groupInfo); err != nil { + return nil, err +} + if err := ctx.EventManager().EmitTypedEvent(&group.EventLeaveGroup{ + GroupId: msg.GroupId, + Address: msg.Address, +}); err != nil { + return nil, err +} + +return &group.MsgLeaveGroupResponse{ +}, nil +} + +func (k Keeper) + +getGroupMember(ctx sdk.Context, member *group.GroupMember) (*group.GroupMember, error) { + var groupMember group.GroupMember + switch err := k.groupMemberTable.GetOne(ctx.KVStore(k.key), + orm.PrimaryKey(member), &groupMember); { + case err == nil: + break + case sdkerrors.ErrNotFound.Is(err): + return nil, sdkerrors.ErrNotFound.Wrapf("%s is not part of group %d", member.Member.Address, member.GroupId) + +default: + return nil, err +} + +return &groupMember, nil +} + +type ( + actionFn func(m *group.GroupInfo) + +error + groupPolicyActionFn func(m *group.GroupPolicyInfo) + +error +) + +// doUpdateGroupPolicy first makes sure that the group policy admin initiated the group policy update, +// before performing the group policy update and emitting an event. +func (k Keeper) + +doUpdateGroupPolicy(ctx sdk.Context, reqGroupPolicy, reqAdmin string, action groupPolicyActionFn, note string) + +error { + groupPolicyAddr, err := k.accKeeper.AddressCodec().StringToBytes(reqGroupPolicy) + if err != nil { + return errorsmod.Wrap(err, "group policy address") +} + + _, err = k.accKeeper.AddressCodec().StringToBytes(reqAdmin) + if err != nil { + return errorsmod.Wrap(err, "group policy admin") +} + +groupPolicyInfo, err := k.getGroupPolicyInfo(ctx, reqGroupPolicy) + if err != nil { + return errorsmod.Wrap(err, "load group policy") +} + + // Only current group policy admin is authorized to update a group policy. + if reqAdmin != groupPolicyInfo.Admin { + return errorsmod.Wrap(sdkerrors.ErrUnauthorized, "not group policy admin") +} + if err := action(&groupPolicyInfo); err != nil { + return errorsmod.Wrap(err, note) +} + if err = k.abortProposals(ctx, groupPolicyAddr); err != nil { + return err +} + if err = ctx.EventManager().EmitTypedEvent(&group.EventUpdateGroupPolicy{ + Address: groupPolicyInfo.Address +}); err != nil { + return err +} + +return nil +} + +// doUpdateGroup first makes sure that the group admin initiated the group update, +// before performing the group update and emitting an event. +func (k Keeper) + +doUpdateGroup(ctx sdk.Context, groupID uint64, reqGroupAdmin string, action actionFn, errNote string) + +error { + groupInfo, err := k.getGroupInfo(ctx, groupID) + if err != nil { + return err +} + if !strings.EqualFold(groupInfo.Admin, reqGroupAdmin) { + return errorsmod.Wrapf(sdkerrors.ErrUnauthorized, "not group admin; got %s, expected %s", reqGroupAdmin, groupInfo.Admin) +} + if err := action(&groupInfo); err != nil { + return errorsmod.Wrap(err, errNote) +} + if err := ctx.EventManager().EmitTypedEvent(&group.EventUpdateGroup{ + GroupId: groupID +}); err != nil { + return err +} + +return nil +} + +// assertMetadataLength returns an error if given metadata length +// is greater than a pre-defined maxMetadataLen. +func (k Keeper) + +assertMetadataLength(metadata, description string) + +error { + if metadata != "" && uint64(len(metadata)) > k.config.MaxMetadataLen { + return errorsmod.Wrapf(errors.ErrMaxLimit, description) +} + +return nil +} + +// assertSummaryLength returns an error if given summary length +// is greater than a pre-defined 40*MaxMetadataLen. +func (k Keeper) + +assertSummaryLength(summary string) + +error { + if summary != "" && uint64(len(summary)) > 40*k.config.MaxMetadataLen { + return errorsmod.Wrapf(errors.ErrMaxLimit, "proposal summary is too long") +} + +return nil +} + +// validateDecisionPolicies loops through all decision policies from the group, +// and calls each of their Validate() + +method. +func (k Keeper) + +validateDecisionPolicies(ctx sdk.Context, g group.GroupInfo) + +error { + it, err := k.groupPolicyByGroupIndex.Get(ctx.KVStore(k.key), g.Id) + if err != nil { + return err +} + +defer it.Close() + for { + var groupPolicy group.GroupPolicyInfo + _, err = it.LoadNext(&groupPolicy) + if errors.ErrORMIteratorDone.Is(err) { + break +} + if err != nil { + return err +} + +err = groupPolicy.DecisionPolicy.GetCachedValue().(group.DecisionPolicy).Validate(g, k.config) + if err != nil { + return err +} + +} + +return nil +} + +// validateProposers checks that all proposers addresses are valid. +// It as well verifies that there is no duplicate address. +func (k Keeper) + +validateProposers(proposers []string) + +error { + index := make(map[string]struct{ +}, len(proposers)) + for _, proposer := range proposers { + if _, exists := index[proposer]; exists { + return errorsmod.Wrapf(errors.ErrDuplicate, "address: %s", proposer) +} + + _, err := k.accKeeper.AddressCodec().StringToBytes(proposer) + if err != nil { + return errorsmod.Wrapf(err, "proposer address %s", proposer) +} + +index[proposer] = struct{ +}{ +} + +} + +return nil +} + +// validateMembers checks that all members addresses are valid. +// additionally it verifies that there is no duplicate address +// and the member weight is non-negative. +// Note: in state, a member's weight MUST be positive. However, in some Msgs, +// it's possible to set a zero member weight, for example in +// MsgUpdateGroupMembers to denote that we're removing a member. +// It returns an error if any of the above conditions is not met. +func (k Keeper) + +validateMembers(members []group.MemberRequest) + +error { + index := make(map[string]struct{ +}, len(members)) + for _, member := range members { + if _, exists := index[member.Address]; exists { + return errorsmod.Wrapf(errors.ErrDuplicate, "address: %s", member.Address) +} + + _, err := k.accKeeper.AddressCodec().StringToBytes(member.Address) + if err != nil { + return errorsmod.Wrapf(err, "member address %s", member.Address) +} + if _, err := math.NewNonNegativeDecFromString(member.Weight); err != nil { + return errorsmod.Wrap(err, "weight must be non negative") +} + +index[member.Address] = struct{ +}{ +} + +} + +return nil +} + +// isProposer checks that an address is a proposer of a given proposal. +func isProposer(proposal group.Proposal, address string) + +bool { + return slices.Contains(proposal.Proposers, address) +} + +func validateMsgs(msgs []sdk.Msg) + +error { + for i, msg := range msgs { + m, ok := msg.(sdk.HasValidateBasic) + if !ok { + continue +} + if err := m.ValidateBasic(); err != nil { + return errorsmod.Wrapf(err, "msg %d", i) +} + +} + +return nil +} +``` + +**Legacy events:** + +```go +ctx.EventManager().EmitEvent( + sdk.NewEvent(eventType, sdk.NewAttribute(attributeKey, attributeValue)), +) +``` + +Where the `EventManager` is accessed via the [`Context`](/docs/sdk/vnext/learn/advanced/context). + +See the [`Msg` services](/docs/sdk/vnext/build/building-modules/msg-services) concept doc for a more detailed +view on how to typically implement Events and use the `EventManager` in modules. + +## Subscribing to Events + +You can use CometBFT's [Websocket](https://docs.cometbft.com/v0.37/core/subscription) to subscribe to Events by calling the `subscribe` RPC method: + +```json +{ + "jsonrpc": "2.0", + "method": "subscribe", + "id": "0", + "params": { + "query": "tm.event='eventCategory' AND eventType.eventAttribute='attributeValue'" + } +} +``` + +The main `eventCategory` you can subscribe to are: + +* `NewBlock`: Contains Events triggered during `BeginBlock` and `EndBlock`. +* `Tx`: Contains Events triggered during `DeliverTx` (i.e. transaction processing). +* `ValidatorSetUpdates`: Contains validator set updates for the block. + +These Events are triggered from the `state` package after a block is committed. You can get the +full list of Event categories [on the CometBFT Go documentation](https://pkg.go.dev/github.com/cometbft/cometbft/types#pkg-constants). + +The `type` and `attribute` value of the `query` allow you to filter the specific Event you are looking for. For example, a `Mint` transaction triggers an Event of type `EventMint` and has an `Id` and an `Owner` as `attributes` (as defined in the [`events.proto` file of the `NFT` module](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/proto/cosmos/nft/v1beta1/event.proto#L21-L31)). + +Subscribing to this Event would be done like so: + +```json +{ + "jsonrpc": "2.0", + "method": "subscribe", + "id": "0", + "params": { + "query": "tm.event='Tx' AND mint.owner='ownerAddress'" + } +} +``` + +where `ownerAddress` is an address following the [`AccAddress`](/docs/sdk/vnext/learn/beginner/accounts#addresses) format. + +The same way can be used to subscribe to [legacy events](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/bank/types/events.go). + +## Default Events + +There are a few events that are automatically emitted for all messages, directly from `baseapp`. + +* `message.action`: The name of the message type. +* `message.sender`: The address of the message signer. +* `message.module`: The name of the module that emitted the message. + + +The module name is assumed by `baseapp` to be the second element of the message route: `"cosmos.bank.v1beta1.MsgSend" -> "bank"`. +In case a module does not follow the standard message path, (e.g. IBC), it is advised to keep emitting the module name event. +`Baseapp` only emits that event if the module have not already done so. + diff --git a/docs/sdk/next/learn/advanced/grpc_rest.mdx b/docs/sdk/next/learn/advanced/grpc_rest.mdx new file mode 100644 index 00000000..8e271729 --- /dev/null +++ b/docs/sdk/next/learn/advanced/grpc_rest.mdx @@ -0,0 +1,210 @@ +--- +title: 'gRPC, REST, and CometBFT Endpoints' +--- + +**Synopsis** +This document presents an overview of all the endpoints a node exposes: gRPC, REST as well as some other endpoints. + + +## An Overview of All Endpoints + +Each node exposes the following endpoints for users to interact with a node, each endpoint is served on a different port. Details on how to configure each endpoint is provided in the endpoint's own section. + +* the gRPC server (default port: `9090`), +* the REST server (default port: `1317`), +* the CometBFT RPC endpoint (default port: `26657`). + + +The node also exposes some other endpoints, such as the CometBFT P2P endpoint, or the [Prometheus endpoint](https://docs.cometbft.com/v0.37/core/metrics), which are not directly related to the Cosmos SDK. Please refer to the [CometBFT documentation](https://docs.cometbft.com/v0.37/core/configuration) for more information about these endpoints. + + + +All endpoints are defaulted to localhost and must be modified to be exposed to the public internet. + + +## gRPC Server + +In the Cosmos SDK, Protobuf is the main [encoding](/docs/sdk/vnext/learn/advanced/encoding) library. This brings a wide range of Protobuf-based tools that can be plugged into the Cosmos SDK. One such tool is [gRPC](https://grpc.io), a modern open-source high performance RPC framework that has decent client support in several languages. + +Each module exposes a [Protobuf `Query` service](/docs/sdk/vnext/build/building-modules/messages-and-queries#queries) that defines state queries. The `Query` services and a transaction service used to broadcast transactions are hooked up to the gRPC server via the following function inside the application: + +```go expandable +package types + +import ( + + "encoding/json" + "io" + + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + cmttypes "github.com/cometbft/cometbft/types" + dbm "github.com/cosmos/cosmos-db" + "github.com/cosmos/gogoproto/grpc" + "github.com/spf13/cobra" + "cosmossdk.io/log" + "cosmossdk.io/store/snapshots" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/server/api" + "github.com/cosmos/cosmos-sdk/server/config" +) + +type ( + // AppOptions defines an interface that is passed into an application + // constructor, typically used to set BaseApp options that are either supplied + // via config file or through CLI arguments/flags. The underlying implementation + // is defined by the server package and is typically implemented via a Viper + // literal defined on the server Context. Note, casting Get calls may not yield + // the expected types and could result in type assertion errors. It is recommend + // to either use the cast package or perform manual conversion for safety. + AppOptions interface { + Get(string) + +interface{ +} + +} + + // Application defines an application interface that wraps abci.Application. + // The interface defines the necessary contracts to be implemented in order + // to fully bootstrap and start an application. + Application interface { + ABCI + + RegisterAPIRoutes(*api.Server, config.APIConfig) + + // RegisterGRPCServerWithSkipCheckHeader registers gRPC services directly with the gRPC + // server and bypass check header flag. + RegisterGRPCServerWithSkipCheckHeader(grpc.Server, bool) + + // RegisterTxService registers the gRPC Query service for tx (such as tx + // simulation, fetching txs by hash...). + RegisterTxService(client.Context) + + // RegisterTendermintService registers the gRPC Query service for CometBFT queries. + RegisterTendermintService(client.Context) + + // RegisterNodeService registers the node gRPC Query service. + RegisterNodeService(client.Context, config.Config) + + // CommitMultiStore return the multistore instance + CommitMultiStore() + +storetypes.CommitMultiStore + + // Return the snapshot manager + SnapshotManager() *snapshots.Manager + + // Close is called in start cmd to gracefully cleanup resources. + // Must be safe to be called multiple times. + Close() + +error +} + + // AppCreator is a function that allows us to lazily initialize an + // application using various configurations. + AppCreator func(log.Logger, dbm.DB, io.Writer, AppOptions) + +Application + + // ModuleInitFlags takes a start command and adds modules specific init flags. + ModuleInitFlags func(startCmd *cobra.Command) + + // ExportedApp represents an exported app state, along with + // validators, consensus params and latest app height. + ExportedApp struct { + // AppState is the application state as JSON. + AppState json.RawMessage + // Validators is the exported validator set. + Validators []cmttypes.GenesisValidator + // Height is the app's latest block height. + Height int64 + // ConsensusParams are the exported consensus params for ABCI. + ConsensusParams cmtproto.ConsensusParams +} + + // AppExporter is a function that dumps all app state to + // JSON-serializable structure and returns the current validator set. + AppExporter func( + logger log.Logger, + db dbm.DB, + traceWriter io.Writer, + height int64, + forZeroHeight bool, + jailAllowedAddrs []string, + opts AppOptions, + modulesToExport []string, + ) (ExportedApp, error) +) +``` + +Note: It is not possible to expose any [Protobuf `Msg` service](/docs/sdk/vnext/build/building-modules/messages-and-queries#messages) endpoints via gRPC. Transactions must be generated and signed using the CLI or programmatically before they can be broadcasted using gRPC. See [Generating, Signing, and Broadcasting Transactions](/docs/sdk/vnext/user/run-node/txs) for more information. + +The `grpc.Server` is a concrete gRPC server, which spawns and serves all gRPC query requests and a broadcast transaction request. This server can be configured inside `~/.simapp/config/app.toml`: + +* `grpc.enable = true|false` field defines if the gRPC server should be enabled. Defaults to `true`. +* `grpc.address = {string}` field defines the `ip:port` the server should bind to. Defaults to `localhost:9090`. + + +`~/.simapp` is the directory where the node's configuration and databases are stored. By default, it's set to `~/.{app_name}`. + + +Once the gRPC server is started, you can send requests to it using a gRPC client. Some examples are given in our [Interact with the Node](/docs/sdk/vnext/user/run-node/interact-node#using-grpc) tutorial. + +An overview of all available gRPC endpoints shipped with the Cosmos SDK is [Protobuf documentation](https://buf.build/cosmos/cosmos-sdk). + +## REST Server + +Cosmos SDK supports REST routes via gRPC-gateway. + +All routes are configured under the following fields in `~/.simapp/config/app.toml`: + +* `api.enable = true|false` field defines if the REST server should be enabled. Defaults to `false`. +* `api.address = {string}` field defines the `ip:port` the server should bind to. Defaults to `tcp://localhost:1317`. +* some additional API configuration options are defined in `~/.simapp/config/app.toml`, along with comments, please refer to that file directly. + +### gRPC-gateway REST Routes + +If, for various reasons, you cannot use gRPC (for example, you are building a web application, and browsers don't support HTTP2 on which gRPC is built), then the Cosmos SDK offers REST routes via gRPC-gateway. + +[gRPC-gateway](https://grpc-ecosystem.github.io/grpc-gateway/) is a tool to expose gRPC endpoints as REST endpoints. For each gRPC endpoint defined in a Protobuf `Query` service, the Cosmos SDK offers a REST equivalent. For instance, querying a balance could be done via the `/cosmos.bank.v1beta1.QueryAllBalances` gRPC endpoint, or alternatively via the gRPC-gateway `"/cosmos/bank/v1beta1/balances/{address}"` REST endpoint: both will return the same result. For each RPC method defined in a Protobuf `Query` service, the corresponding REST endpoint is defined as an option: + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/proto/cosmos/bank/v1beta1/query.proto#L23-L30 +``` + +For application developers, gRPC-gateway REST routes needs to be wired up to the REST server, this is done by calling the `RegisterGRPCGatewayRoutes` function on the ModuleManager. + +### Swagger + +A [Swagger](https://swagger.io/) (or OpenAPIv2) specification file is exposed under the `/swagger` route on the API server. Swagger is an open specification describing the API endpoints a server serves, including description, input arguments, return types and much more about each endpoint. + +Enabling the `/swagger` endpoint is configurable inside `~/.simapp/config/app.toml` via the `api.swagger` field, which is set to false by default. + +For application developers, you may want to generate your own Swagger definitions based on your custom modules. +The Cosmos SDK's [Swagger generation script](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/scripts/protoc-swagger-gen.sh) is a good place to start. + +## CometBFT RPC + +Independently from the Cosmos SDK, CometBFT also exposes a RPC server. This RPC server can be configured by tuning parameters under the `rpc` table in the `~/.simapp/config/config.toml`, the default listening address is `tcp://localhost:26657`. An OpenAPI specification of all CometBFT RPC endpoints is available [here](https://docs.cometbft.com/main/rpc/). + +Some CometBFT RPC endpoints are directly related to the Cosmos SDK: + +* `/abci_query`: this endpoint will query the application for state. As the `path` parameter, you can send the following strings: + * any Protobuf fully-qualified service method, such as `/cosmos.bank.v1beta1.Query/AllBalances`. The `data` field should then include the method's request parameter(s) encoded as bytes using Protobuf. + * `/app/simulate`: this will simulate a transaction, and return some information such as gas used. + * `/app/version`: this will return the application's version. + * `/store/{storeName}/key`: this will directly query the named store for data associated with the key represented in the `data` parameter. + * `/store/{storeName}/subspace`: this will directly query the named store for key/value pairs in which the key has the value of the `data` parameter as a prefix. + * `/p2p/filter/addr/{port}`: this will return a filtered list of the node's P2P peers by address port. + * `/p2p/filter/id/{id}`: this will return a filtered list of the node's P2P peers by ID. +* `/broadcast_tx_{sync,async,commit}`: these 3 endpoints will broadcast a transaction to other peers. CLI, gRPC and REST expose [a way to broadcast transactions](/docs/sdk/vnext/learn/advanced/transactions#broadcasting-the-transaction), but they all use these 3 CometBFT RPCs under the hood. + +## Comparison Table + +| Name | Advantages | Disadvantages | +| ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | +| gRPC | - can use code-generated stubs in various languages
    - supports streaming and bidirectional communication (HTTP2)
    - small wire binary sizes, faster transmission | - based on HTTP2, not available in browsers
    - learning curve (mostly due to Protobuf) | +| REST | - ubiquitous
    - client libraries in all languages, faster implementation
    | - only supports unary request-response communication (HTTP1.1)
    - bigger over-the-wire message sizes (JSON) | +| CometBFT RPC | - easy to use | - bigger over-the-wire message sizes (JSON) | diff --git a/docs/sdk/next/learn/advanced/node.mdx b/docs/sdk/next/learn/advanced/node.mdx new file mode 100644 index 00000000..e323d740 --- /dev/null +++ b/docs/sdk/next/learn/advanced/node.mdx @@ -0,0 +1,4192 @@ +--- +title: Node Client (Daemon) +--- + +**Synopsis** +The main endpoint of a Cosmos SDK application is the daemon client, otherwise known as the full-node client. The full-node runs the state-machine, starting from a genesis file. It connects to peers running the same client in order to receive and relay transactions, block proposals and signatures. The full-node is constituted of the application, defined with the Cosmos SDK, and of a consensus engine connected to the application via the ABCI. + + + +**Pre-requisite Readings** + +* [Anatomy of an SDK application](/docs/sdk/vnext/learn/beginner/app-anatomy) + + + +## `main` function + +The full-node client of any Cosmos SDK application is built by running a `main` function. The client is generally named by appending the `-d` suffix to the application name (e.g. `appd` for an application named `app`), and the `main` function is defined in a `./appd/cmd/main.go` file. Running this function creates an executable `appd` that comes with a set of commands. For an app named `app`, the main command is [`appd start`](#start-command), which starts the full-node. + +In general, developers will implement the `main.go` function with the following structure: + +* First, an [`encodingCodec`](/docs/sdk/vnext/learn/advanced/encoding) is instantiated for the application. +* Then, the `config` is retrieved and config parameters are set. This mainly involves setting the Bech32 prefixes for [addresses](/docs/sdk/vnext/learn/beginner/accounts#addresses). + +```go expandable +package types + +import ( + + "context" + "fmt" + "sync" + "github.com/cosmos/cosmos-sdk/version" +) + +// DefaultKeyringServiceName defines a default service name for the keyring. +const DefaultKeyringServiceName = "cosmos" + +// Config is the structure that holds the SDK configuration parameters. +// This could be used to initialize certain configuration parameters for the SDK. +type Config struct { + fullFundraiserPath string + bech32AddressPrefix map[string]string + txEncoder TxEncoder + addressVerifier func([]byte) + +error + mtx sync.RWMutex + + // SLIP-44 related + purpose uint32 + coinType uint32 + + sealed bool + sealedch chan struct{ +} +} + +// cosmos-sdk wide global singleton +var ( + sdkConfig *Config + initConfig sync.Once +) + +// New returns a new Config with default values. +func NewConfig() *Config { + return &Config{ + sealedch: make(chan struct{ +}), + bech32AddressPrefix: map[string]string{ + "account_addr": Bech32PrefixAccAddr, + "validator_addr": Bech32PrefixValAddr, + "consensus_addr": Bech32PrefixConsAddr, + "account_pub": Bech32PrefixAccPub, + "validator_pub": Bech32PrefixValPub, + "consensus_pub": Bech32PrefixConsPub, +}, + fullFundraiserPath: FullFundraiserPath, + + purpose: Purpose, + coinType: CoinType, + txEncoder: nil, +} +} + +// GetConfig returns the config instance for the SDK. +func GetConfig() *Config { + initConfig.Do(func() { + sdkConfig = NewConfig() +}) + +return sdkConfig +} + +// GetSealedConfig returns the config instance for the SDK if/once it is sealed. +func GetSealedConfig(ctx context.Context) (*Config, error) { + config := GetConfig() + +select { + case <-config.sealedch: + return config, nil + case <-ctx.Done(): + return nil, ctx.Err() +} +} + +func (config *Config) + +assertNotSealed() { + config.mtx.RLock() + +defer config.mtx.RUnlock() + if config.sealed { + panic("Config is sealed") +} +} + +// SetBech32PrefixForAccount builds the Config with Bech32 addressPrefix and publKeyPrefix for accounts +// and returns the config instance +func (config *Config) + +SetBech32PrefixForAccount(addressPrefix, pubKeyPrefix string) { + config.assertNotSealed() + +config.bech32AddressPrefix["account_addr"] = addressPrefix + config.bech32AddressPrefix["account_pub"] = pubKeyPrefix +} + +// SetBech32PrefixForValidator builds the Config with Bech32 addressPrefix and publKeyPrefix for validators +// +// and returns the config instance +func (config *Config) + +SetBech32PrefixForValidator(addressPrefix, pubKeyPrefix string) { + config.assertNotSealed() + +config.bech32AddressPrefix["validator_addr"] = addressPrefix + config.bech32AddressPrefix["validator_pub"] = pubKeyPrefix +} + +// SetBech32PrefixForConsensusNode builds the Config with Bech32 addressPrefix and publKeyPrefix for consensus nodes +// and returns the config instance +func (config *Config) + +SetBech32PrefixForConsensusNode(addressPrefix, pubKeyPrefix string) { + config.assertNotSealed() + +config.bech32AddressPrefix["consensus_addr"] = addressPrefix + config.bech32AddressPrefix["consensus_pub"] = pubKeyPrefix +} + +// SetTxEncoder builds the Config with TxEncoder used to marshal StdTx to bytes +func (config *Config) + +SetTxEncoder(encoder TxEncoder) { + config.assertNotSealed() + +config.txEncoder = encoder +} + +// SetAddressVerifier builds the Config with the provided function for verifying that addresses +// have the correct format +func (config *Config) + +SetAddressVerifier(addressVerifier func([]byte) + +error) { + config.assertNotSealed() + +config.addressVerifier = addressVerifier +} + +// Set the FullFundraiserPath (BIP44Prefix) + +on the config. +// +// Deprecated: This method is supported for backward compatibility only and will be removed in a future release. Use SetPurpose and SetCoinType instead. +func (config *Config) + +SetFullFundraiserPath(fullFundraiserPath string) { + config.assertNotSealed() + +config.fullFundraiserPath = fullFundraiserPath +} + +// Set the BIP-0044 Purpose code on the config +func (config *Config) + +SetPurpose(purpose uint32) { + config.assertNotSealed() + +config.purpose = purpose +} + +// Set the BIP-0044 CoinType code on the config +func (config *Config) + +SetCoinType(coinType uint32) { + config.assertNotSealed() + +config.coinType = coinType +} + +// Seal seals the config such that the config state could not be modified further +func (config *Config) + +Seal() *Config { + config.mtx.Lock() + if config.sealed { + config.mtx.Unlock() + +return config +} + + // signal sealed after state exposed/unlocked + config.sealed = true + config.mtx.Unlock() + +close(config.sealedch) + +return config +} + +// GetBech32AccountAddrPrefix returns the Bech32 prefix for account address +func (config *Config) + +GetBech32AccountAddrPrefix() + +string { + return config.bech32AddressPrefix["account_addr"] +} + +// GetBech32ValidatorAddrPrefix returns the Bech32 prefix for validator address +func (config *Config) + +GetBech32ValidatorAddrPrefix() + +string { + return config.bech32AddressPrefix["validator_addr"] +} + +// GetBech32ConsensusAddrPrefix returns the Bech32 prefix for consensus node address +func (config *Config) + +GetBech32ConsensusAddrPrefix() + +string { + return config.bech32AddressPrefix["consensus_addr"] +} + +// GetBech32AccountPubPrefix returns the Bech32 prefix for account public key +func (config *Config) + +GetBech32AccountPubPrefix() + +string { + return config.bech32AddressPrefix["account_pub"] +} + +// GetBech32ValidatorPubPrefix returns the Bech32 prefix for validator public key +func (config *Config) + +GetBech32ValidatorPubPrefix() + +string { + return config.bech32AddressPrefix["validator_pub"] +} + +// GetBech32ConsensusPubPrefix returns the Bech32 prefix for consensus node public key +func (config *Config) + +GetBech32ConsensusPubPrefix() + +string { + return config.bech32AddressPrefix["consensus_pub"] +} + +// GetTxEncoder return function to encode transactions +func (config *Config) + +GetTxEncoder() + +TxEncoder { + return config.txEncoder +} + +// GetAddressVerifier returns the function to verify that addresses have the correct format +func (config *Config) + +GetAddressVerifier() + +func([]byte) + +error { + return config.addressVerifier +} + +// GetPurpose returns the BIP-0044 Purpose code on the config. +func (config *Config) + +GetPurpose() + +uint32 { + return config.purpose +} + +// GetCoinType returns the BIP-0044 CoinType code on the config. +func (config *Config) + +GetCoinType() + +uint32 { + return config.coinType +} + +// GetFullFundraiserPath returns the BIP44Prefix. +// +// Deprecated: This method is supported for backward compatibility only and will be removed in a future release. Use GetFullBIP44Path instead. +func (config *Config) + +GetFullFundraiserPath() + +string { + return config.fullFundraiserPath +} + +// GetFullBIP44Path returns the BIP44Prefix. +func (config *Config) + +GetFullBIP44Path() + +string { + return fmt.Sprintf("m/%d'/%d'/0'/0/0", config.purpose, config.coinType) +} + +func KeyringServiceName() + +string { + if len(version.Name) == 0 { + return DefaultKeyringServiceName +} + +return version.Name +} +``` + +* Using [cobra](https://github.com/spf13/cobra), the root command of the full-node client is created. After that, all the custom commands of the application are added using the `AddCommand()` method of `rootCmd`. +* Add default server commands to `rootCmd` using the `server.AddCommands()` method. These commands are separated from the ones added above since they are standard and defined at Cosmos SDK level. They should be shared by all Cosmos SDK-based applications. They include the most important command: the [`start` command](#start-command). +* Prepare and execute the `executor`. + +```go expandable +package cli + +import ( + + "fmt" + "os" + "path/filepath" + "runtime" + "strings" + "github.com/spf13/cobra" + "github.com/spf13/viper" +) + +const ( + HomeFlag = "home" + TraceFlag = "trace" + OutputFlag = "output" + EncodingFlag = "encoding" +) + +// Executable is the minimal interface to *corba.Command, so we can +// wrap if desired before the test +type Executable interface { + Execute() + +error +} + +// PrepareBaseCmd is meant for CometBFT and other servers +func PrepareBaseCmd(cmd *cobra.Command, envPrefix, defaultHome string) + +Executor { + cobra.OnInitialize(func() { + initEnv(envPrefix) +}) + +cmd.PersistentFlags().StringP(HomeFlag, "", defaultHome, "directory for config and data") + +cmd.PersistentFlags().Bool(TraceFlag, false, "print out full stack trace on errors") + +cmd.PersistentPreRunE = concatCobraCmdFuncs(bindFlagsLoadViper, cmd.PersistentPreRunE) + +return Executor{ + cmd, os.Exit +} +} + +// PrepareMainCmd is meant for client side libs that want some more flags +// +// This adds --encoding (hex, btc, base64) + +and --output (text, json) + +to +// the command. These only really make sense in interactive commands. +func PrepareMainCmd(cmd *cobra.Command, envPrefix, defaultHome string) + +Executor { + cmd.PersistentFlags().StringP(EncodingFlag, "e", "hex", "Binary encoding (hex|b64|btc)") + +cmd.PersistentFlags().StringP(OutputFlag, "o", "text", "Output format (text|json)") + +cmd.PersistentPreRunE = concatCobraCmdFuncs(validateOutput, cmd.PersistentPreRunE) + +return PrepareBaseCmd(cmd, envPrefix, defaultHome) +} + +// initEnv sets to use ENV variables if set. +func initEnv(prefix string) { + copyEnvVars(prefix) + + // env variables with TM prefix (eg. TM_ROOT) + +viper.SetEnvPrefix(prefix) + +viper.SetEnvKeyReplacer(strings.NewReplacer(".", "_", "-", "_")) + +viper.AutomaticEnv() +} + +// This copies all variables like TMROOT to TM_ROOT, +// so we can support both formats for the user +func copyEnvVars(prefix string) { + prefix = strings.ToUpper(prefix) + ps := prefix + "_" + for _, e := range os.Environ() { + kv := strings.SplitN(e, "=", 2) + if len(kv) == 2 { + k, v := kv[0], kv[1] + if strings.HasPrefix(k, prefix) && !strings.HasPrefix(k, ps) { + k2 := strings.Replace(k, prefix, ps, 1) + +os.Setenv(k2, v) +} + +} + +} +} + +// Executor wraps the cobra Command with a nicer Execute method +type Executor struct { + *cobra.Command + Exit func(int) // this is os.Exit by default, override in tests +} + +type ExitCoder interface { + ExitCode() + +int +} + +// execute adds all child commands to the root command sets flags appropriately. +// This is called by main.main(). It only needs to happen once to the rootCmd. +func (e Executor) + +Execute() + +error { + e.SilenceUsage = true + e.SilenceErrors = true + err := e.Command.Execute() + if err != nil { + if viper.GetBool(TraceFlag) { + const size = 64 << 10 + buf := make([]byte, size) + +buf = buf[:runtime.Stack(buf, false)] + fmt.Fprintf(os.Stderr, "ERROR: %v\n%s\n", err, buf) +} + +else { + fmt.Fprintf(os.Stderr, "ERROR: %v\n", err) +} + + // return error code 1 by default, can override it with a special error type + exitCode := 1 + if ec, ok := err.(ExitCoder); ok { + exitCode = ec.ExitCode() +} + +e.Exit(exitCode) +} + +return err +} + +type cobraCmdFunc func(cmd *cobra.Command, args []string) + +error + +// Returns a single function that calls each argument function in sequence +// RunE, PreRunE, PersistentPreRunE, etc. all have this same signature +func concatCobraCmdFuncs(fs ...cobraCmdFunc) + +cobraCmdFunc { + return func(cmd *cobra.Command, args []string) + +error { + for _, f := range fs { + if f != nil { + if err := f(cmd, args); err != nil { + return err +} + +} + +} + +return nil +} +} + +// Bind all flags and read the config into viper +func bindFlagsLoadViper(cmd *cobra.Command, args []string) + +error { + // cmd.Flags() + +includes flags from this command and all persistent flags from the parent + if err := viper.BindPFlags(cmd.Flags()); err != nil { + return err +} + homeDir := viper.GetString(HomeFlag) + +viper.Set(HomeFlag, homeDir) + +viper.SetConfigName("config") // name of config file (without extension) + +viper.AddConfigPath(homeDir) // search root directory + viper.AddConfigPath(filepath.Join(homeDir, "config")) // search root directory /config + + // If a config file is found, read it in. + if err := viper.ReadInConfig(); err == nil { + // stderr, so if we redirect output to json file, this doesn't appear + // fmt.Fprintln(os.Stderr, "Using config file:", viper.ConfigFileUsed()) +} + +else if _, ok := err.(viper.ConfigFileNotFoundError); !ok { + // ignore not found error, return other errors + return err +} + +return nil +} + +func validateOutput(cmd *cobra.Command, args []string) + +error { + // validate output format + output := viper.GetString(OutputFlag) + switch output { + case "text", "json": + default: + return fmt.Errorf("unsupported output format: %s", output) +} + +return nil +} +``` + +See an example of `main` function from the `simapp` application, the Cosmos SDK's application for demo purposes: + +```go expandable +package main + +import ( + + "fmt" + "os" + + clientv2helpers "cosmossdk.io/client/v2/helpers" + "cosmossdk.io/simapp" + "cosmossdk.io/simapp/simd/cmd" + + svrcmd "github.com/cosmos/cosmos-sdk/server/cmd" +) + +func main() { + rootCmd := cmd.NewRootCmd() + if err := svrcmd.Execute(rootCmd, clientv2helpers.EnvPrefix, simapp.DefaultNodeHome); err != nil { + fmt.Fprintln(rootCmd.OutOrStderr(), err) + +os.Exit(1) +} +} +``` + +## `start` command + +The `start` command is defined in the `/server` folder of the Cosmos SDK. It is added to the root command of the full-node client in the [`main` function](#main-function) and called by the end-user to start their node: + +```bash +# For an example app named "app", the following command starts the full-node. +appd start + +# Using the Cosmos SDK's own simapp, the following commands start the simapp node. +simd start +``` + +As a reminder, the full-node is composed of three conceptual layers: the networking layer, the consensus layer and the application layer. The first two are generally bundled together in an entity called the consensus engine (CometBFT by default), while the third is the state-machine defined with the help of the Cosmos SDK. Currently, the Cosmos SDK uses CometBFT as the default consensus engine, meaning the start command is implemented to boot up a CometBFT node. + +The flow of the `start` command is pretty straightforward. First, it retrieves the `config` from the `context` in order to open the `db` (a [`leveldb`](https://github.com/syndtr/goleveldb) instance by default). This `db` contains the latest known state of the application (empty if the application is started from the first time. + +With the `db`, the `start` command creates a new instance of the application using an `appCreator` function: + +```go expandable +package server + +import ( + + "bufio" + "context" + "fmt" + "io" + "net" + "os" + "path/filepath" + "runtime/pprof" + "strings" + "time" + "github.com/cometbft/cometbft/abci/server" + cmtcmd "github.com/cometbft/cometbft/cmd/cometbft/commands" + cmtcfg "github.com/cometbft/cometbft/config" + cmtjson "github.com/cometbft/cometbft/libs/json" + "github.com/cometbft/cometbft/node" + "github.com/cometbft/cometbft/p2p" + pvm "github.com/cometbft/cometbft/privval" + cmtstate "github.com/cometbft/cometbft/proto/tendermint/state" + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + "github.com/cometbft/cometbft/proxy" + rpchttp "github.com/cometbft/cometbft/rpc/client/http" + "github.com/cometbft/cometbft/rpc/client/local" + sm "github.com/cometbft/cometbft/state" + "github.com/cometbft/cometbft/store" + cmttypes "github.com/cometbft/cometbft/types" + dbm "github.com/cosmos/cosmos-db" + "github.com/hashicorp/go-metrics" + "github.com/spf13/cobra" + "github.com/spf13/pflag" + "golang.org/x/sync/errgroup" + "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" + + pruningtypes "cosmossdk.io/store/pruning/types" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/client/flags" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/server/api" + serverconfig "github.com/cosmos/cosmos-sdk/server/config" + servergrpc "github.com/cosmos/cosmos-sdk/server/grpc" + servercmtlog "github.com/cosmos/cosmos-sdk/server/log" + "github.com/cosmos/cosmos-sdk/server/types" + "github.com/cosmos/cosmos-sdk/telemetry" + "github.com/cosmos/cosmos-sdk/types/mempool" + "github.com/cosmos/cosmos-sdk/version" + genutiltypes "github.com/cosmos/cosmos-sdk/x/genutil/types" +) + +const ( + // CometBFT full-node start flags + flagWithComet = "with-comet" + flagAddress = "address" + flagTransport = "transport" + flagTraceStore = "trace-store" + flagCPUProfile = "cpu-profile" + FlagMinGasPrices = "minimum-gas-prices" + FlagQueryGasLimit = "query-gas-limit" + FlagHaltHeight = "halt-height" + FlagHaltTime = "halt-time" + FlagInterBlockCache = "inter-block-cache" + FlagUnsafeSkipUpgrades = "unsafe-skip-upgrades" + FlagTrace = "trace" + FlagInvCheckPeriod = "inv-check-period" + + FlagPruning = "pruning" + FlagPruningKeepRecent = "pruning-keep-recent" + FlagPruningInterval = "pruning-interval" + FlagIndexEvents = "index-events" + FlagMinRetainBlocks = "min-retain-blocks" + FlagIAVLCacheSize = "iavl-cache-size" + FlagDisableIAVLFastNode = "iavl-disable-fastnode" + FlagIAVLSyncPruning = "iavl-sync-pruning" + FlagShutdownGrace = "shutdown-grace" + + // state sync-related flags + FlagStateSyncSnapshotInterval = "state-sync.snapshot-interval" + FlagStateSyncSnapshotKeepRecent = "state-sync.snapshot-keep-recent" + + // api-related flags + FlagAPIEnable = "api.enable" + FlagAPISwagger = "api.swagger" + FlagAPIAddress = "api.address" + FlagAPIMaxOpenConnections = "api.max-open-connections" + FlagRPCReadTimeout = "api.rpc-read-timeout" + FlagRPCWriteTimeout = "api.rpc-write-timeout" + FlagRPCMaxBodyBytes = "api.rpc-max-body-bytes" + FlagAPIEnableUnsafeCORS = "api.enabled-unsafe-cors" + + // gRPC-related flags + flagGRPCOnly = "grpc-only" + flagGRPCEnable = "grpc.enable" + flagGRPCAddress = "grpc.address" + flagGRPCWebEnable = "grpc-web.enable" + flagGRPCSkipCheckHeader = "grpc.skip-check-header" + + // mempool flags + FlagMempoolMaxTxs = "mempool.max-txs" + + // testnet keys + KeyIsTestnet = "is-testnet" + KeyNewChainID = "new-chain-ID" + KeyNewOpAddr = "new-operator-addr" + KeyNewValAddr = "new-validator-addr" + KeyUserPubKey = "user-pub-key" + KeyTriggerTestnetUpgrade = "trigger-testnet-upgrade" +) + +// StartCmdOptions defines options that can be customized in `StartCmdWithOptions`, +type StartCmdOptions struct { + // DBOpener can be used to customize db opening, for example customize db options or support different db backends, + // default to the builtin db opener. + DBOpener func(rootDir string, backendType dbm.BackendType) (dbm.DB, error) + // PostSetup can be used to setup extra services under the same cancellable context, + // it's not called in stand-alone mode, only for in-process mode. + PostSetup func(svrCtx *Context, clientCtx client.Context, ctx context.Context, g *errgroup.Group) + +error + // PostSetupStandalone can be used to setup extra services under the same cancellable context, + PostSetupStandalone func(svrCtx *Context, clientCtx client.Context, ctx context.Context, g *errgroup.Group) + +error + // AddFlags add custom flags to start cmd + AddFlags func(cmd *cobra.Command) + // StartCommandHanlder can be used to customize the start command handler + StartCommandHandler func(svrCtx *Context, clientCtx client.Context, appCreator types.AppCreator, inProcessConsensus bool, opts StartCmdOptions) + +error +} + +// StartCmd runs the service passed in, either stand-alone or in-process with +// CometBFT. +func StartCmd(appCreator types.AppCreator, defaultNodeHome string) *cobra.Command { + return StartCmdWithOptions(appCreator, defaultNodeHome, StartCmdOptions{ +}) +} + +// StartCmdWithOptions runs the service passed in, either stand-alone or in-process with +// CometBFT. +func StartCmdWithOptions(appCreator types.AppCreator, defaultNodeHome string, opts StartCmdOptions) *cobra.Command { + if opts.DBOpener == nil { + opts.DBOpener = openDB +} + if opts.StartCommandHandler == nil { + opts.StartCommandHandler = start +} + cmd := &cobra.Command{ + Use: "start", + Short: "Run the full node", + Long: `Run the full node application with CometBFT in or out of process. By +default, the application will run with CometBFT in process. + +Pruning options can be provided via the '--pruning' flag or alternatively with '--pruning-keep-recent', and +'pruning-interval' together. + +For '--pruning' the options are as follows: + +default: the last 362880 states are kept, pruning at 10 block intervals +nothing: all historic states will be saved, nothing will be deleted (i.e. archiving node) + +everything: 2 latest states will be kept; pruning at 10 block intervals. +custom: allow pruning options to be manually specified through 'pruning-keep-recent', and 'pruning-interval' + +Node halting configurations exist in the form of two flags: '--halt-height' and '--halt-time'. During +the ABCI Commit phase, the node will check if the current block height is greater than or equal to +the halt-height or if the current block time is greater than or equal to the halt-time. If so, the +node will attempt to gracefully shutdown and the block will not be committed. In addition, the node +will not be able to commit subsequent blocks. + +For profiling and benchmarking purposes, CPU profiling can be enabled via the '--cpu-profile' flag +which accepts a path for the resulting pprof file. + +The node may be started in a 'query only' mode where only the gRPC and JSON HTTP +API services are enabled via the 'grpc-only' flag. In this mode, CometBFT is +bypassed and can be used when legacy queries are needed after an on-chain upgrade +is performed. Note, when enabled, gRPC will also be automatically enabled. +`, + RunE: func(cmd *cobra.Command, _ []string) + +error { + serverCtx := GetServerContextFromCmd(cmd) + + _, err := GetPruningOptionsFromFlags(serverCtx.Viper) + if err != nil { + return err +} + +clientCtx, err := client.GetClientQueryContext(cmd) + if err != nil { + return err +} + +withCMT, _ := cmd.Flags().GetBool(flagWithComet) + if !withCMT { + serverCtx.Logger.Info("starting ABCI without CometBFT") +} + +err = wrapCPUProfile(serverCtx, func() + +error { + return opts.StartCommandHandler(serverCtx, clientCtx, appCreator, withCMT, opts) +}) + +serverCtx.Logger.Debug("received quit signal") + +graceDuration, _ := cmd.Flags().GetDuration(FlagShutdownGrace) + if graceDuration > 0 { + serverCtx.Logger.Info("graceful shutdown start", FlagShutdownGrace, graceDuration) + <-time.After(graceDuration) + +serverCtx.Logger.Info("graceful shutdown complete") +} + +return err +}, +} + +cmd.Flags().String(flags.FlagHome, defaultNodeHome, "The application home directory") + +addStartNodeFlags(cmd, opts) + +return cmd +} + +func start(svrCtx *Context, clientCtx client.Context, appCreator types.AppCreator, withCmt bool, opts StartCmdOptions) + +error { + svrCfg, err := getAndValidateConfig(svrCtx) + if err != nil { + return err +} + +app, appCleanupFn, err := startApp(svrCtx, appCreator, opts) + if err != nil { + return err +} + +defer appCleanupFn() + +metrics, err := startTelemetry(svrCfg) + if err != nil { + return err +} + +emitServerInfoMetrics() + if !withCmt { + return startStandAlone(svrCtx, svrCfg, clientCtx, app, metrics, opts) +} + +return startInProcess(svrCtx, svrCfg, clientCtx, app, metrics, opts) +} + +func startStandAlone(svrCtx *Context, svrCfg serverconfig.Config, clientCtx client.Context, app types.Application, metrics *telemetry.Metrics, opts StartCmdOptions) + +error { + addr := svrCtx.Viper.GetString(flagAddress) + transport := svrCtx.Viper.GetString(flagTransport) + cmtApp := NewCometABCIWrapper(app) + +svr, err := server.NewServer(addr, transport, cmtApp) + if err != nil { + return fmt.Errorf("error creating listener: %w", err) +} + +svr.SetLogger(servercmtlog.CometLoggerWrapper{ + Logger: svrCtx.Logger.With("module", "abci-server") +}) + +g, ctx := getCtx(svrCtx, false) + + // Add the tx service to the gRPC router. We only need to register this + // service if API or gRPC is enabled, and avoid doing so in the general + // case, because it spawns a new local CometBFT RPC client. + if svrCfg.API.Enable || svrCfg.GRPC.Enable { + // create tendermint client + // assumes the rpc listen address is where tendermint has its rpc server + rpcclient, err := rpchttp.New(svrCtx.Config.RPC.ListenAddress, "/websocket") + if err != nil { + return err +} + // re-assign for making the client available below + // do not use := to avoid shadowing clientCtx + clientCtx = clientCtx.WithClient(rpcclient) + + // use the provided clientCtx to register the services + app.RegisterTxService(clientCtx) + +app.RegisterTendermintService(clientCtx) + +app.RegisterNodeService(clientCtx, svrCfg) +} + +grpcSrv, clientCtx, err := startGrpcServer(ctx, g, svrCfg.GRPC, clientCtx, svrCtx, app) + if err != nil { + return err +} + +err = startAPIServer(ctx, g, svrCfg, clientCtx, svrCtx, app, svrCtx.Config.RootDir, grpcSrv, metrics) + if err != nil { + return err +} + if opts.PostSetupStandalone != nil { + if err := opts.PostSetupStandalone(svrCtx, clientCtx, ctx, g); err != nil { + return err +} + +} + +g.Go(func() + +error { + if err := svr.Start(); err != nil { + svrCtx.Logger.Error("failed to start out-of-process ABCI server", "err", err) + +return err +} + + // Wait for the calling process to be canceled or close the provided context, + // so we can gracefully stop the ABCI server. + <-ctx.Done() + +svrCtx.Logger.Info("stopping the ABCI server...") + +return svr.Stop() +}) + +return g.Wait() +} + +func startInProcess(svrCtx *Context, svrCfg serverconfig.Config, clientCtx client.Context, app types.Application, + metrics *telemetry.Metrics, opts StartCmdOptions, +) + +error { + cmtCfg := svrCtx.Config + gRPCOnly := svrCtx.Viper.GetBool(flagGRPCOnly) + +g, ctx := getCtx(svrCtx, true) + if gRPCOnly { + // TODO: Generalize logic so that gRPC only is really in startStandAlone + svrCtx.Logger.Info("starting node in gRPC only mode; CometBFT is disabled") + +svrCfg.GRPC.Enable = true +} + +else { + svrCtx.Logger.Info("starting node with ABCI CometBFT in-process") + +tmNode, cleanupFn, err := startCmtNode(ctx, cmtCfg, app, svrCtx) + if err != nil { + return err +} + +defer cleanupFn() + + // Add the tx service to the gRPC router. We only need to register this + // service if API or gRPC is enabled, and avoid doing so in the general + // case, because it spawns a new local CometBFT RPC client. + if svrCfg.API.Enable || svrCfg.GRPC.Enable { + // Re-assign for making the client available below do not use := to avoid + // shadowing the clientCtx variable. + clientCtx = clientCtx.WithClient(local.New(tmNode)) + +app.RegisterTxService(clientCtx) + +app.RegisterTendermintService(clientCtx) + +app.RegisterNodeService(clientCtx, svrCfg) +} + +} + +grpcSrv, clientCtx, err := startGrpcServer(ctx, g, svrCfg.GRPC, clientCtx, svrCtx, app) + if err != nil { + return err +} + +err = startAPIServer(ctx, g, svrCfg, clientCtx, svrCtx, app, cmtCfg.RootDir, grpcSrv, metrics) + if err != nil { + return err +} + if opts.PostSetup != nil { + if err := opts.PostSetup(svrCtx, clientCtx, ctx, g); err != nil { + return err +} + +} + + // wait for signal capture and gracefully return + // we are guaranteed to be waiting for the "ListenForQuitSignals" goroutine. + return g.Wait() +} + +// TODO: Move nodeKey into being created within the function. +func startCmtNode( + ctx context.Context, + cfg *cmtcfg.Config, + app types.Application, + svrCtx *Context, +) (tmNode *node.Node, cleanupFn func(), err error) { + nodeKey, err := p2p.LoadOrGenNodeKey(cfg.NodeKeyFile()) + if err != nil { + return nil, cleanupFn, err +} + cmtApp := NewCometABCIWrapper(app) + +tmNode, err = node.NewNodeWithContext( + ctx, + cfg, + pvm.LoadOrGenFilePV(cfg.PrivValidatorKeyFile(), cfg.PrivValidatorStateFile()), + nodeKey, + proxy.NewLocalClientCreator(cmtApp), + getGenDocProvider(cfg), + cmtcfg.DefaultDBProvider, + node.DefaultMetricsProvider(cfg.Instrumentation), + servercmtlog.CometLoggerWrapper{ + Logger: svrCtx.Logger +}, + ) + if err != nil { + return tmNode, cleanupFn, err +} + if err := tmNode.Start(); err != nil { + return tmNode, cleanupFn, err +} + +cleanupFn = func() { + if tmNode != nil && tmNode.IsRunning() { + _ = tmNode.Stop() +} + +} + +return tmNode, cleanupFn, nil +} + +func getAndValidateConfig(svrCtx *Context) (serverconfig.Config, error) { + config, err := serverconfig.GetConfig(svrCtx.Viper) + if err != nil { + return config, err +} + if err := config.ValidateBasic(); err != nil { + return config, err +} + +return config, nil +} + +// returns a function which returns the genesis doc from the genesis file. +func getGenDocProvider(cfg *cmtcfg.Config) + +func() (*cmttypes.GenesisDoc, error) { + return func() (*cmttypes.GenesisDoc, error) { + appGenesis, err := genutiltypes.AppGenesisFromFile(cfg.GenesisFile()) + if err != nil { + return nil, err +} + +return appGenesis.ToGenesisDoc() +} +} + +func setupTraceWriter(svrCtx *Context) (traceWriter io.WriteCloser, cleanup func(), err error) { + // clean up the traceWriter when the server is shutting down + cleanup = func() { +} + traceWriterFile := svrCtx.Viper.GetString(flagTraceStore) + +traceWriter, err = openTraceWriter(traceWriterFile) + if err != nil { + return traceWriter, cleanup, err +} + + // if flagTraceStore is not used then traceWriter is nil + if traceWriter != nil { + cleanup = func() { + if err = traceWriter.Close(); err != nil { + svrCtx.Logger.Error("failed to close trace writer", "err", err) +} + +} + +} + +return traceWriter, cleanup, nil +} + +func startGrpcServer( + ctx context.Context, + g *errgroup.Group, + config serverconfig.GRPCConfig, + clientCtx client.Context, + svrCtx *Context, + app types.Application, +) (*grpc.Server, client.Context, error) { + if !config.Enable { + // return grpcServer as nil if gRPC is disabled + return nil, clientCtx, nil +} + _, _, err := net.SplitHostPort(config.Address) + if err != nil { + return nil, clientCtx, err +} + maxSendMsgSize := config.MaxSendMsgSize + if maxSendMsgSize == 0 { + maxSendMsgSize = serverconfig.DefaultGRPCMaxSendMsgSize +} + maxRecvMsgSize := config.MaxRecvMsgSize + if maxRecvMsgSize == 0 { + maxRecvMsgSize = serverconfig.DefaultGRPCMaxRecvMsgSize +} + + // if gRPC is enabled, configure gRPC client for gRPC gateway + grpcClient, err := grpc.Dial( //nolint: staticcheck // ignore this line for this linter + config.Address, + grpc.WithTransportCredentials(insecure.NewCredentials()), + grpc.WithDefaultCallOptions( + grpc.ForceCodec(codec.NewProtoCodec(clientCtx.InterfaceRegistry).GRPCCodec()), + grpc.MaxCallRecvMsgSize(maxRecvMsgSize), + grpc.MaxCallSendMsgSize(maxSendMsgSize), + ), + ) + if err != nil { + return nil, clientCtx, err +} + +clientCtx = clientCtx.WithGRPCClient(grpcClient) + +svrCtx.Logger.Debug("gRPC client assigned to client context", "target", config.Address) + +grpcSrv, err := servergrpc.NewGRPCServer(clientCtx, app, config) + if err != nil { + return nil, clientCtx, err +} + + // Start the gRPC server in a goroutine. Note, the provided ctx will ensure + // that the server is gracefully shut down. + g.Go(func() + +error { + return servergrpc.StartGRPCServer(ctx, svrCtx.Logger.With("module", "grpc-server"), config, grpcSrv) +}) + +return grpcSrv, clientCtx, nil +} + +func startAPIServer( + ctx context.Context, + g *errgroup.Group, + svrCfg serverconfig.Config, + clientCtx client.Context, + svrCtx *Context, + app types.Application, + home string, + grpcSrv *grpc.Server, + metrics *telemetry.Metrics, +) + +error { + if !svrCfg.API.Enable { + return nil +} + +clientCtx = clientCtx.WithHomeDir(home) + apiSrv := api.New(clientCtx, svrCtx.Logger.With("module", "api-server"), grpcSrv) + +app.RegisterAPIRoutes(apiSrv, svrCfg.API) + if svrCfg.Telemetry.Enabled { + apiSrv.SetTelemetry(metrics) +} + +g.Go(func() + +error { + return apiSrv.Start(ctx, svrCfg) +}) + +return nil +} + +func startTelemetry(cfg serverconfig.Config) (*telemetry.Metrics, error) { + return telemetry.New(cfg.Telemetry) +} + +// wrapCPUProfile starts CPU profiling, if enabled, and executes the provided +// callbackFn in a separate goroutine, then will wait for that callback to +// return. +// +// NOTE: We expect the caller to handle graceful shutdown and signal handling. +func wrapCPUProfile(svrCtx *Context, callbackFn func() + +error) + +error { + if cpuProfile := svrCtx.Viper.GetString(flagCPUProfile); cpuProfile != "" { + f, err := os.Create(cpuProfile) + if err != nil { + return err +} + +svrCtx.Logger.Info("starting CPU profiler", "profile", cpuProfile) + if err := pprof.StartCPUProfile(f); err != nil { + return err +} + +defer func() { + svrCtx.Logger.Info("stopping CPU profiler", "profile", cpuProfile) + +pprof.StopCPUProfile() + if err := f.Close(); err != nil { + svrCtx.Logger.Info("failed to close cpu-profile file", "profile", cpuProfile, "err", err.Error()) +} + +}() +} + +return callbackFn() +} + +// emitServerInfoMetrics emits server info related metrics using application telemetry. +func emitServerInfoMetrics() { + var ls []metrics.Label + versionInfo := version.NewInfo() + if len(versionInfo.GoVersion) > 0 { + ls = append(ls, telemetry.NewLabel("go", versionInfo.GoVersion)) +} + if len(versionInfo.CosmosSdkVersion) > 0 { + ls = append(ls, telemetry.NewLabel("version", versionInfo.CosmosSdkVersion)) +} + if len(ls) == 0 { + return +} + +telemetry.SetGaugeWithLabels([]string{"server", "info" +}, 1, ls) +} + +func getCtx(svrCtx *Context, block bool) (*errgroup.Group, context.Context) { + ctx, cancelFn := context.WithCancel(context.Background()) + +g, ctx := errgroup.WithContext(ctx) + // listen for quit signals so the calling parent process can gracefully exit + ListenForQuitSignals(g, block, cancelFn, svrCtx.Logger) + +return g, ctx +} + +func startApp(svrCtx *Context, appCreator types.AppCreator, opts StartCmdOptions) (app types.Application, cleanupFn func(), err error) { + traceWriter, traceCleanupFn, err := setupTraceWriter(svrCtx) + if err != nil { + return app, traceCleanupFn, err +} + home := svrCtx.Config.RootDir + db, err := opts.DBOpener(home, GetAppDBBackend(svrCtx.Viper)) + if err != nil { + return app, traceCleanupFn, err +} + if isTestnet, ok := svrCtx.Viper.Get(KeyIsTestnet).(bool); ok && isTestnet { + app, err = testnetify(svrCtx, appCreator, db, traceWriter) + if err != nil { + return app, traceCleanupFn, err +} + +} + +else { + app = appCreator(svrCtx.Logger, db, traceWriter, svrCtx.Viper) +} + +cleanupFn = func() { + traceCleanupFn() + if localErr := app.Close(); localErr != nil { + svrCtx.Logger.Error(localErr.Error()) +} + +} + +return app, cleanupFn, nil +} + +// InPlaceTestnetCreator utilizes the provided chainID and operatorAddress as well as the local private validator key to +// control the network represented in the data folder. This is useful to create testnets nearly identical to your +// mainnet environment. +func InPlaceTestnetCreator(testnetAppCreator types.AppCreator) *cobra.Command { + opts := StartCmdOptions{ +} + if opts.DBOpener == nil { + opts.DBOpener = openDB +} + if opts.StartCommandHandler == nil { + opts.StartCommandHandler = start +} + cmd := &cobra.Command{ + Use: "in-place-testnet [newChainID] [newOperatorAddress]", + Short: "Create and start a testnet from current local state", + Long: `Create and start a testnet from current local state. +After utilizing this command the network will start. If the network is stopped, +the normal "start" command should be used. Re-using this command on state that +has already been modified by this command could result in unexpected behavior. + +Additionally, the first block may take up to one minute to be committed, depending +on how old the block is. For instance, if a snapshot was taken weeks ago and we want +to turn this into a testnet, it is possible lots of pending state needs to be committed +(expiring locks, etc.). It is recommended that you should wait for this block to be committed +before stopping the daemon. + +If the --trigger-testnet-upgrade flag is set, the upgrade handler specified by the flag will be run +on the first block of the testnet. + +Regardless of whether the flag is set or not, if any new stores are introduced in the daemon being run, +those stores will be registered in order to prevent panics. Therefore, you only need to set the flag if +you want to test the upgrade handler itself. +`, + Example: "in-place-testnet localosmosis osmo12smx2wdlyttvyzvzg54y2vnqwq2qjateuf7thj", + Args: cobra.ExactArgs(2), + RunE: func(cmd *cobra.Command, args []string) + +error { + serverCtx := GetServerContextFromCmd(cmd) + _, err := GetPruningOptionsFromFlags(serverCtx.Viper) + if err != nil { + return err +} + +clientCtx, err := client.GetClientQueryContext(cmd) + if err != nil { + return err +} + +withCMT, _ := cmd.Flags().GetBool(flagWithComet) + if !withCMT { + serverCtx.Logger.Info("starting ABCI without CometBFT") +} + newChainID := args[0] + newOperatorAddress := args[1] + + skipConfirmation, _ := cmd.Flags().GetBool("skip-confirmation") + if !skipConfirmation { + // Confirmation prompt to prevent accidental modification of state. + reader := bufio.NewReader(os.Stdin) + +fmt.Println("This operation will modify state in your data folder and cannot be undone. Do you want to continue? (y/n)") + +text, _ := reader.ReadString('\n') + response := strings.TrimSpace(strings.ToLower(text)) + if response != "y" && response != "yes" { + fmt.Println("Operation canceled.") + +return nil +} + +} + + // Set testnet keys to be used by the application. + // This is done to prevent changes to existing start API. + serverCtx.Viper.Set(KeyIsTestnet, true) + +serverCtx.Viper.Set(KeyNewChainID, newChainID) + +serverCtx.Viper.Set(KeyNewOpAddr, newOperatorAddress) + +err = wrapCPUProfile(serverCtx, func() + +error { + return opts.StartCommandHandler(serverCtx, clientCtx, testnetAppCreator, withCMT, opts) +}) + +serverCtx.Logger.Debug("received quit signal") + +graceDuration, _ := cmd.Flags().GetDuration(FlagShutdownGrace) + if graceDuration > 0 { + serverCtx.Logger.Info("graceful shutdown start", FlagShutdownGrace, graceDuration) + <-time.After(graceDuration) + +serverCtx.Logger.Info("graceful shutdown complete") +} + +return err +}, +} + +addStartNodeFlags(cmd, opts) + +cmd.Flags().String(KeyTriggerTestnetUpgrade, "", "If set (example: \"v21\"), triggers the v21 upgrade handler to run on the first block of the testnet") + +cmd.Flags().Bool("skip-confirmation", false, "Skip the confirmation prompt") + +return cmd +} + +// testnetify modifies both state and blockStore, allowing the provided operator address and local validator key to control the network +// that the state in the data folder represents. The chainID of the local genesis file is modified to match the provided chainID. +func testnetify(ctx *Context, testnetAppCreator types.AppCreator, db dbm.DB, traceWriter io.WriteCloser) (types.Application, error) { + config := ctx.Config + + newChainID, ok := ctx.Viper.Get(KeyNewChainID).(string) + if !ok { + return nil, fmt.Errorf("expected string for key %s", KeyNewChainID) +} + + // Modify app genesis chain ID and save to genesis file. + genFilePath := config.GenesisFile() + +appGen, err := genutiltypes.AppGenesisFromFile(genFilePath) + if err != nil { + return nil, err +} + +appGen.ChainID = newChainID + if err := appGen.ValidateAndComplete(); err != nil { + return nil, err +} + if err := appGen.SaveAs(genFilePath); err != nil { + return nil, err +} + + // Regenerate addrbook.json to prevent peers on old network from causing error logs. + addrBookPath := filepath.Join(config.RootDir, "config", "addrbook.json") + if err := os.Remove(addrBookPath); err != nil && !os.IsNotExist(err) { + return nil, fmt.Errorf("failed to remove existing addrbook.json: %w", err) +} + emptyAddrBook := []byte("{ +}") + if err := os.WriteFile(addrBookPath, emptyAddrBook, 0o600); err != nil { + return nil, fmt.Errorf("failed to create empty addrbook.json: %w", err) +} + + // Load the comet genesis doc provider. + genDocProvider := node.DefaultGenesisDocProviderFunc(config) + + // Initialize blockStore and stateDB. + blockStoreDB, err := cmtcfg.DefaultDBProvider(&cmtcfg.DBContext{ + ID: "blockstore", + Config: config +}) + if err != nil { + return nil, err +} + blockStore := store.NewBlockStore(blockStoreDB) + +stateDB, err := cmtcfg.DefaultDBProvider(&cmtcfg.DBContext{ + ID: "state", + Config: config +}) + if err != nil { + return nil, err +} + +defer blockStore.Close() + +defer stateDB.Close() + privValidator := pvm.LoadOrGenFilePV(config.PrivValidatorKeyFile(), config.PrivValidatorStateFile()) + +userPubKey, err := privValidator.GetPubKey() + if err != nil { + return nil, err +} + validatorAddress := userPubKey.Address() + stateStore := sm.NewStore(stateDB, sm.StoreOptions{ + DiscardABCIResponses: config.Storage.DiscardABCIResponses, +}) + +state, genDoc, err := node.LoadStateFromDBOrGenesisDocProvider(stateDB, genDocProvider) + if err != nil { + return nil, err +} + +ctx.Viper.Set(KeyNewValAddr, validatorAddress) + +ctx.Viper.Set(KeyUserPubKey, userPubKey) + testnetApp := testnetAppCreator(ctx.Logger, db, traceWriter, ctx.Viper) + + // We need to create a temporary proxyApp to get the initial state of the application. + // Depending on how the node was stopped, the application height can differ from the blockStore height. + // This height difference changes how we go about modifying the state. + cmtApp := NewCometABCIWrapper(testnetApp) + _, context := getCtx(ctx, true) + clientCreator := proxy.NewLocalClientCreator(cmtApp) + metrics := node.DefaultMetricsProvider(cmtcfg.DefaultConfig().Instrumentation) + _, _, _, _, proxyMetrics, _, _ := metrics(genDoc.ChainID) + proxyApp := proxy.NewAppConns(clientCreator, proxyMetrics) + if err := proxyApp.Start(); err != nil { + return nil, fmt.Errorf("error starting proxy app connections: %w", err) +} + +res, err := proxyApp.Query().Info(context, proxy.RequestInfo) + if err != nil { + return nil, fmt.Errorf("error calling Info: %w", err) +} + +err = proxyApp.Stop() + if err != nil { + return nil, err +} + appHash := res.LastBlockAppHash + appHeight := res.LastBlockHeight + + var block *cmttypes.Block + switch { + case appHeight == blockStore.Height(): + block = blockStore.LoadBlock(blockStore.Height()) + // If the state's last blockstore height does not match the app and blockstore height, we likely stopped with the halt height flag. + if state.LastBlockHeight != appHeight { + state.LastBlockHeight = appHeight + block.AppHash = appHash + state.AppHash = appHash +} + +else { + // Node was likely stopped via SIGTERM, delete the next block's seen commit + err := blockStoreDB.Delete(fmt.Appendf(nil, "SC:%v", blockStore.Height()+1)) + if err != nil { + return nil, err +} + +} + case blockStore.Height() > state.LastBlockHeight: + // This state usually occurs when we gracefully stop the node. + err = blockStore.DeleteLatestBlock() + if err != nil { + return nil, err +} + +block = blockStore.LoadBlock(blockStore.Height()) + +default: + // If there is any other state, we just load the block + block = blockStore.LoadBlock(blockStore.Height()) +} + +block.ChainID = newChainID + state.ChainID = newChainID + + block.LastBlockID = state.LastBlockID + block.LastCommit.BlockID = state.LastBlockID + + // Create a vote from our validator + vote := cmttypes.Vote{ + Type: cmtproto.PrecommitType, + Height: state.LastBlockHeight, + Round: 0, + BlockID: state.LastBlockID, + Timestamp: time.Now(), + ValidatorAddress: validatorAddress, + ValidatorIndex: 0, + Signature: []byte{ +}, +} + + // Sign the vote, and copy the proto changes from the act of signing to the vote itself + voteProto := vote.ToProto() + +err = privValidator.SignVote(newChainID, voteProto) + if err != nil { + return nil, err +} + +vote.Signature = voteProto.Signature + vote.Timestamp = voteProto.Timestamp + + // Modify the block's lastCommit to be signed only by our validator + block.LastCommit.Signatures[0].ValidatorAddress = validatorAddress + block.LastCommit.Signatures[0].Signature = vote.Signature + block.LastCommit.Signatures = []cmttypes.CommitSig{ + block.LastCommit.Signatures[0] +} + + // Load the seenCommit of the lastBlockHeight and modify it to be signed from our validator + seenCommit := blockStore.LoadSeenCommit(state.LastBlockHeight) + +seenCommit.BlockID = state.LastBlockID + seenCommit.Round = vote.Round + seenCommit.Signatures[0].Signature = vote.Signature + seenCommit.Signatures[0].ValidatorAddress = validatorAddress + seenCommit.Signatures[0].Timestamp = vote.Timestamp + seenCommit.Signatures = []cmttypes.CommitSig{ + seenCommit.Signatures[0] +} + +err = blockStore.SaveSeenCommit(state.LastBlockHeight, seenCommit) + if err != nil { + return nil, err +} + + // Create ValidatorSet struct containing just our valdiator. + newVal := &cmttypes.Validator{ + Address: validatorAddress, + PubKey: userPubKey, + VotingPower: 900000000000000, +} + newValSet := &cmttypes.ValidatorSet{ + Validators: []*cmttypes.Validator{ + newVal +}, + Proposer: newVal, +} + + // Replace all valSets in state to be the valSet with just our validator. + state.Validators = newValSet + state.LastValidators = newValSet + state.NextValidators = newValSet + state.LastHeightValidatorsChanged = blockStore.Height() + +err = stateStore.Save(state) + if err != nil { + return nil, err +} + + // Create a ValidatorsInfo struct to store in stateDB. + valSet, err := state.Validators.ToProto() + if err != nil { + return nil, err +} + valInfo := &cmtstate.ValidatorsInfo{ + ValidatorSet: valSet, + LastHeightChanged: state.LastBlockHeight, +} + +buf, err := valInfo.Marshal() + if err != nil { + return nil, err +} + + // Modfiy Validators stateDB entry. + err = stateDB.Set(fmt.Appendf(nil, "validatorsKey:%v", blockStore.Height()), buf) + if err != nil { + return nil, err +} + + // Modify LastValidators stateDB entry. + err = stateDB.Set(fmt.Appendf(nil, "validatorsKey:%v", blockStore.Height()-1), buf) + if err != nil { + return nil, err +} + + // Modify NextValidators stateDB entry. + err = stateDB.Set(fmt.Appendf(nil, "validatorsKey:%v", blockStore.Height()+1), buf) + if err != nil { + return nil, err +} + + // Since we modified the chainID, we set the new genesisDoc in the stateDB. + b, err := cmtjson.Marshal(genDoc) + if err != nil { + return nil, err +} + if err := stateDB.SetSync([]byte("genesisDoc"), b); err != nil { + return nil, err +} + +return testnetApp, err +} + +// addStartNodeFlags should be added to any CLI commands that start the network. +func addStartNodeFlags(cmd *cobra.Command, opts StartCmdOptions) { + cmd.Flags().Bool(flagWithComet, true, "Run abci app embedded in-process with CometBFT") + +cmd.Flags().String(flagAddress, "tcp://127.0.0.1:26658", "Listen address") + +cmd.Flags().String(flagTransport, "socket", "Transport protocol: socket, grpc") + +cmd.Flags().String(flagTraceStore, "", "Enable KVStore tracing to an output file") + +cmd.Flags().String(FlagMinGasPrices, "", "Minimum gas prices to accept for transactions; Any fee in a tx must meet this minimum (e.g. 0.01photino;0.0001stake)") + +cmd.Flags().Uint64(FlagQueryGasLimit, 0, "Maximum gas a Rest/Grpc query can consume. Blank and 0 imply unbounded.") + +cmd.Flags().IntSlice(FlagUnsafeSkipUpgrades, []int{ +}, "Skip a set of upgrade heights to continue the old binary") + +cmd.Flags().Uint64(FlagHaltHeight, 0, "Block height at which to gracefully halt the chain and shutdown the node") + +cmd.Flags().Uint64(FlagHaltTime, 0, "Minimum block time (in Unix seconds) + +at which to gracefully halt the chain and shutdown the node") + +cmd.Flags().Bool(FlagInterBlockCache, true, "Enable inter-block caching") + +cmd.Flags().String(flagCPUProfile, "", "Enable CPU profiling and write to the provided file") + +cmd.Flags().Bool(FlagTrace, false, "Provide full stack traces for errors in ABCI Log") + +cmd.Flags().String(FlagPruning, pruningtypes.PruningOptionDefault, "Pruning strategy (default|nothing|everything|custom)") + +cmd.Flags().Uint64(FlagPruningKeepRecent, 0, "Number of recent heights to keep on disk (ignored if pruning is not 'custom')") + +cmd.Flags().Uint64(FlagPruningInterval, 0, "Height interval at which pruned heights are removed from disk (ignored if pruning is not 'custom')") + +cmd.Flags().Uint(FlagInvCheckPeriod, 0, "Assert registered invariants every N blocks") + +cmd.Flags().Uint64(FlagMinRetainBlocks, 0, "Minimum block height offset during ABCI commit to prune CometBFT blocks") + +cmd.Flags().Bool(FlagAPIEnable, false, "Define if the API server should be enabled") + +cmd.Flags().Bool(FlagAPISwagger, false, "Define if swagger documentation should automatically be registered (Note: the API must also be enabled)") + +cmd.Flags().String(FlagAPIAddress, serverconfig.DefaultAPIAddress, "the API server address to listen on") + +cmd.Flags().Uint(FlagAPIMaxOpenConnections, 1000, "Define the number of maximum open connections") + +cmd.Flags().Uint(FlagRPCReadTimeout, 10, "Define the CometBFT RPC read timeout (in seconds)") + +cmd.Flags().Uint(FlagRPCWriteTimeout, 0, "Define the CometBFT RPC write timeout (in seconds)") + +cmd.Flags().Uint(FlagRPCMaxBodyBytes, 1000000, "Define the CometBFT maximum request body (in bytes)") + +cmd.Flags().Bool(FlagAPIEnableUnsafeCORS, false, "Define if CORS should be enabled (unsafe - use it at your own risk)") + +cmd.Flags().Bool(flagGRPCOnly, false, "Start the node in gRPC query only mode (no CometBFT process is started)") + +cmd.Flags().Bool(flagGRPCEnable, true, "Define if the gRPC server should be enabled") + +cmd.Flags().String(flagGRPCAddress, serverconfig.DefaultGRPCAddress, "the gRPC server address to listen on") + +cmd.Flags().Bool(flagGRPCWebEnable, true, "Define if the gRPC-Web server should be enabled. (Note: gRPC must also be enabled)") + +cmd.Flags().Uint64(FlagStateSyncSnapshotInterval, 0, "State sync snapshot interval") + +cmd.Flags().Uint32(FlagStateSyncSnapshotKeepRecent, 2, "State sync snapshot to keep") + +cmd.Flags().Bool(FlagDisableIAVLFastNode, false, "Disable fast node for IAVL tree") + +cmd.Flags().Int(FlagMempoolMaxTxs, mempool.DefaultMaxTx, "Sets MaxTx value for the app-side mempool") + +cmd.Flags().Duration(FlagShutdownGrace, 0*time.Second, "On Shutdown, duration to wait for resource clean up") + + // support old flags name for backwards compatibility + cmd.Flags().SetNormalizeFunc(func(f *pflag.FlagSet, name string) + +pflag.NormalizedName { + if name == "with-tendermint" { + name = flagWithComet +} + +return pflag.NormalizedName(name) +}) + + // add support for all CometBFT-specific command line options + cmtcmd.AddNodeFlags(cmd) + if opts.AddFlags != nil { + opts.AddFlags(cmd) +} +} +``` + +Note that an `appCreator` is a function that fulfills the `AppCreator` signature: + +```go expandable +package types + +import ( + + "encoding/json" + "io" + + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + cmttypes "github.com/cometbft/cometbft/types" + dbm "github.com/cosmos/cosmos-db" + "github.com/cosmos/gogoproto/grpc" + "github.com/spf13/cobra" + "cosmossdk.io/log" + "cosmossdk.io/store/snapshots" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/server/api" + "github.com/cosmos/cosmos-sdk/server/config" +) + +type ( + // AppOptions defines an interface that is passed into an application + // constructor, typically used to set BaseApp options that are either supplied + // via config file or through CLI arguments/flags. The underlying implementation + // is defined by the server package and is typically implemented via a Viper + // literal defined on the server Context. Note, casting Get calls may not yield + // the expected types and could result in type assertion errors. It is recommend + // to either use the cast package or perform manual conversion for safety. + AppOptions interface { + Get(string) + +any +} + + // Application defines an application interface that wraps abci.Application. + // The interface defines the necessary contracts to be implemented in order + // to fully bootstrap and start an application. + Application interface { + ABCI + + RegisterAPIRoutes(*api.Server, config.APIConfig) + + // RegisterGRPCServerWithSkipCheckHeader registers gRPC services directly with the gRPC + // server and bypass check header flag. + RegisterGRPCServerWithSkipCheckHeader(grpc.Server, bool) + + // RegisterTxService registers the gRPC Query service for tx (such as tx + // simulation, fetching txs by hash...). + RegisterTxService(client.Context) + + // RegisterTendermintService registers the gRPC Query service for CometBFT queries. + RegisterTendermintService(client.Context) + + // RegisterNodeService registers the node gRPC Query service. + RegisterNodeService(client.Context, config.Config) + + // CommitMultiStore return the multistore instance + CommitMultiStore() + +storetypes.CommitMultiStore + + // Return the snapshot manager + SnapshotManager() *snapshots.Manager + + // Close is called in start cmd to gracefully cleanup resources. + // Must be safe to be called multiple times. + Close() + +error +} + + // AppCreator is a function that allows us to lazily initialize an + // application using various configurations. + AppCreator func(log.Logger, dbm.DB, io.Writer, AppOptions) + +Application + + // ModuleInitFlags takes a start command and adds modules specific init flags. + ModuleInitFlags func(startCmd *cobra.Command) + + // ExportedApp represents an exported app state, along with + // validators, consensus params and latest app height. + ExportedApp struct { + // AppState is the application state as JSON. + AppState json.RawMessage + // Validators is the exported validator set. + Validators []cmttypes.GenesisValidator + // Height is the app's latest block height. + Height int64 + // ConsensusParams are the exported consensus params for ABCI. + ConsensusParams cmtproto.ConsensusParams +} + + // AppExporter is a function that dumps all app state to + // JSON-serializable structure and returns the current validator set. + AppExporter func( + logger log.Logger, + db dbm.DB, + traceWriter io.Writer, + height int64, + forZeroHeight bool, + jailAllowedAddrs []string, + opts AppOptions, + modulesToExport []string, + ) (ExportedApp, error) +) +``` + +In practice, the [constructor of the application](/docs/sdk/vnext/learn/beginner/app-anatomy#constructor-function) is passed as the `appCreator`. + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/simapp/simd/cmd/root_v2.go#L294-L308 +``` + +Then, the instance of `app` is used to instantiate a new CometBFT node: + +```go expandable +package server + +import ( + + "bufio" + "context" + "fmt" + "io" + "net" + "os" + "path/filepath" + "runtime/pprof" + "strings" + "time" + "github.com/cometbft/cometbft/abci/server" + cmtcmd "github.com/cometbft/cometbft/cmd/cometbft/commands" + cmtcfg "github.com/cometbft/cometbft/config" + cmtjson "github.com/cometbft/cometbft/libs/json" + "github.com/cometbft/cometbft/node" + "github.com/cometbft/cometbft/p2p" + pvm "github.com/cometbft/cometbft/privval" + cmtstate "github.com/cometbft/cometbft/proto/tendermint/state" + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + "github.com/cometbft/cometbft/proxy" + rpchttp "github.com/cometbft/cometbft/rpc/client/http" + "github.com/cometbft/cometbft/rpc/client/local" + sm "github.com/cometbft/cometbft/state" + "github.com/cometbft/cometbft/store" + cmttypes "github.com/cometbft/cometbft/types" + dbm "github.com/cosmos/cosmos-db" + "github.com/hashicorp/go-metrics" + "github.com/spf13/cobra" + "github.com/spf13/pflag" + "golang.org/x/sync/errgroup" + "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" + + pruningtypes "cosmossdk.io/store/pruning/types" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/client/flags" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/server/api" + serverconfig "github.com/cosmos/cosmos-sdk/server/config" + servergrpc "github.com/cosmos/cosmos-sdk/server/grpc" + servercmtlog "github.com/cosmos/cosmos-sdk/server/log" + "github.com/cosmos/cosmos-sdk/server/types" + "github.com/cosmos/cosmos-sdk/telemetry" + "github.com/cosmos/cosmos-sdk/types/mempool" + "github.com/cosmos/cosmos-sdk/version" + genutiltypes "github.com/cosmos/cosmos-sdk/x/genutil/types" +) + +const ( + // CometBFT full-node start flags + flagWithComet = "with-comet" + flagAddress = "address" + flagTransport = "transport" + flagTraceStore = "trace-store" + flagCPUProfile = "cpu-profile" + FlagMinGasPrices = "minimum-gas-prices" + FlagQueryGasLimit = "query-gas-limit" + FlagHaltHeight = "halt-height" + FlagHaltTime = "halt-time" + FlagInterBlockCache = "inter-block-cache" + FlagUnsafeSkipUpgrades = "unsafe-skip-upgrades" + FlagTrace = "trace" + FlagInvCheckPeriod = "inv-check-period" + + FlagPruning = "pruning" + FlagPruningKeepRecent = "pruning-keep-recent" + FlagPruningInterval = "pruning-interval" + FlagIndexEvents = "index-events" + FlagMinRetainBlocks = "min-retain-blocks" + FlagIAVLCacheSize = "iavl-cache-size" + FlagDisableIAVLFastNode = "iavl-disable-fastnode" + FlagIAVLSyncPruning = "iavl-sync-pruning" + FlagShutdownGrace = "shutdown-grace" + + // state sync-related flags + FlagStateSyncSnapshotInterval = "state-sync.snapshot-interval" + FlagStateSyncSnapshotKeepRecent = "state-sync.snapshot-keep-recent" + + // api-related flags + FlagAPIEnable = "api.enable" + FlagAPISwagger = "api.swagger" + FlagAPIAddress = "api.address" + FlagAPIMaxOpenConnections = "api.max-open-connections" + FlagRPCReadTimeout = "api.rpc-read-timeout" + FlagRPCWriteTimeout = "api.rpc-write-timeout" + FlagRPCMaxBodyBytes = "api.rpc-max-body-bytes" + FlagAPIEnableUnsafeCORS = "api.enabled-unsafe-cors" + + // gRPC-related flags + flagGRPCOnly = "grpc-only" + flagGRPCEnable = "grpc.enable" + flagGRPCAddress = "grpc.address" + flagGRPCWebEnable = "grpc-web.enable" + flagGRPCSkipCheckHeader = "grpc.skip-check-header" + + // mempool flags + FlagMempoolMaxTxs = "mempool.max-txs" + + // testnet keys + KeyIsTestnet = "is-testnet" + KeyNewChainID = "new-chain-ID" + KeyNewOpAddr = "new-operator-addr" + KeyNewValAddr = "new-validator-addr" + KeyUserPubKey = "user-pub-key" + KeyTriggerTestnetUpgrade = "trigger-testnet-upgrade" +) + +// StartCmdOptions defines options that can be customized in `StartCmdWithOptions`, +type StartCmdOptions struct { + // DBOpener can be used to customize db opening, for example customize db options or support different db backends, + // default to the builtin db opener. + DBOpener func(rootDir string, backendType dbm.BackendType) (dbm.DB, error) + // PostSetup can be used to setup extra services under the same cancellable context, + // it's not called in stand-alone mode, only for in-process mode. + PostSetup func(svrCtx *Context, clientCtx client.Context, ctx context.Context, g *errgroup.Group) + +error + // PostSetupStandalone can be used to setup extra services under the same cancellable context, + PostSetupStandalone func(svrCtx *Context, clientCtx client.Context, ctx context.Context, g *errgroup.Group) + +error + // AddFlags add custom flags to start cmd + AddFlags func(cmd *cobra.Command) + // StartCommandHanlder can be used to customize the start command handler + StartCommandHandler func(svrCtx *Context, clientCtx client.Context, appCreator types.AppCreator, inProcessConsensus bool, opts StartCmdOptions) + +error +} + +// StartCmd runs the service passed in, either stand-alone or in-process with +// CometBFT. +func StartCmd(appCreator types.AppCreator, defaultNodeHome string) *cobra.Command { + return StartCmdWithOptions(appCreator, defaultNodeHome, StartCmdOptions{ +}) +} + +// StartCmdWithOptions runs the service passed in, either stand-alone or in-process with +// CometBFT. +func StartCmdWithOptions(appCreator types.AppCreator, defaultNodeHome string, opts StartCmdOptions) *cobra.Command { + if opts.DBOpener == nil { + opts.DBOpener = openDB +} + if opts.StartCommandHandler == nil { + opts.StartCommandHandler = start +} + cmd := &cobra.Command{ + Use: "start", + Short: "Run the full node", + Long: `Run the full node application with CometBFT in or out of process. By +default, the application will run with CometBFT in process. + +Pruning options can be provided via the '--pruning' flag or alternatively with '--pruning-keep-recent', and +'pruning-interval' together. + +For '--pruning' the options are as follows: + +default: the last 362880 states are kept, pruning at 10 block intervals +nothing: all historic states will be saved, nothing will be deleted (i.e. archiving node) + +everything: 2 latest states will be kept; pruning at 10 block intervals. +custom: allow pruning options to be manually specified through 'pruning-keep-recent', and 'pruning-interval' + +Node halting configurations exist in the form of two flags: '--halt-height' and '--halt-time'. During +the ABCI Commit phase, the node will check if the current block height is greater than or equal to +the halt-height or if the current block time is greater than or equal to the halt-time. If so, the +node will attempt to gracefully shutdown and the block will not be committed. In addition, the node +will not be able to commit subsequent blocks. + +For profiling and benchmarking purposes, CPU profiling can be enabled via the '--cpu-profile' flag +which accepts a path for the resulting pprof file. + +The node may be started in a 'query only' mode where only the gRPC and JSON HTTP +API services are enabled via the 'grpc-only' flag. In this mode, CometBFT is +bypassed and can be used when legacy queries are needed after an on-chain upgrade +is performed. Note, when enabled, gRPC will also be automatically enabled. +`, + RunE: func(cmd *cobra.Command, _ []string) + +error { + serverCtx := GetServerContextFromCmd(cmd) + + _, err := GetPruningOptionsFromFlags(serverCtx.Viper) + if err != nil { + return err +} + +clientCtx, err := client.GetClientQueryContext(cmd) + if err != nil { + return err +} + +withCMT, _ := cmd.Flags().GetBool(flagWithComet) + if !withCMT { + serverCtx.Logger.Info("starting ABCI without CometBFT") +} + +err = wrapCPUProfile(serverCtx, func() + +error { + return opts.StartCommandHandler(serverCtx, clientCtx, appCreator, withCMT, opts) +}) + +serverCtx.Logger.Debug("received quit signal") + +graceDuration, _ := cmd.Flags().GetDuration(FlagShutdownGrace) + if graceDuration > 0 { + serverCtx.Logger.Info("graceful shutdown start", FlagShutdownGrace, graceDuration) + <-time.After(graceDuration) + +serverCtx.Logger.Info("graceful shutdown complete") +} + +return err +}, +} + +cmd.Flags().String(flags.FlagHome, defaultNodeHome, "The application home directory") + +addStartNodeFlags(cmd, opts) + +return cmd +} + +func start(svrCtx *Context, clientCtx client.Context, appCreator types.AppCreator, withCmt bool, opts StartCmdOptions) + +error { + svrCfg, err := getAndValidateConfig(svrCtx) + if err != nil { + return err +} + +app, appCleanupFn, err := startApp(svrCtx, appCreator, opts) + if err != nil { + return err +} + +defer appCleanupFn() + +metrics, err := startTelemetry(svrCfg) + if err != nil { + return err +} + +emitServerInfoMetrics() + if !withCmt { + return startStandAlone(svrCtx, svrCfg, clientCtx, app, metrics, opts) +} + +return startInProcess(svrCtx, svrCfg, clientCtx, app, metrics, opts) +} + +func startStandAlone(svrCtx *Context, svrCfg serverconfig.Config, clientCtx client.Context, app types.Application, metrics *telemetry.Metrics, opts StartCmdOptions) + +error { + addr := svrCtx.Viper.GetString(flagAddress) + transport := svrCtx.Viper.GetString(flagTransport) + cmtApp := NewCometABCIWrapper(app) + +svr, err := server.NewServer(addr, transport, cmtApp) + if err != nil { + return fmt.Errorf("error creating listener: %w", err) +} + +svr.SetLogger(servercmtlog.CometLoggerWrapper{ + Logger: svrCtx.Logger.With("module", "abci-server") +}) + +g, ctx := getCtx(svrCtx, false) + + // Add the tx service to the gRPC router. We only need to register this + // service if API or gRPC is enabled, and avoid doing so in the general + // case, because it spawns a new local CometBFT RPC client. + if svrCfg.API.Enable || svrCfg.GRPC.Enable { + // create tendermint client + // assumes the rpc listen address is where tendermint has its rpc server + rpcclient, err := rpchttp.New(svrCtx.Config.RPC.ListenAddress, "/websocket") + if err != nil { + return err +} + // re-assign for making the client available below + // do not use := to avoid shadowing clientCtx + clientCtx = clientCtx.WithClient(rpcclient) + + // use the provided clientCtx to register the services + app.RegisterTxService(clientCtx) + +app.RegisterTendermintService(clientCtx) + +app.RegisterNodeService(clientCtx, svrCfg) +} + +grpcSrv, clientCtx, err := startGrpcServer(ctx, g, svrCfg.GRPC, clientCtx, svrCtx, app) + if err != nil { + return err +} + +err = startAPIServer(ctx, g, svrCfg, clientCtx, svrCtx, app, svrCtx.Config.RootDir, grpcSrv, metrics) + if err != nil { + return err +} + if opts.PostSetupStandalone != nil { + if err := opts.PostSetupStandalone(svrCtx, clientCtx, ctx, g); err != nil { + return err +} + +} + +g.Go(func() + +error { + if err := svr.Start(); err != nil { + svrCtx.Logger.Error("failed to start out-of-process ABCI server", "err", err) + +return err +} + + // Wait for the calling process to be canceled or close the provided context, + // so we can gracefully stop the ABCI server. + <-ctx.Done() + +svrCtx.Logger.Info("stopping the ABCI server...") + +return svr.Stop() +}) + +return g.Wait() +} + +func startInProcess(svrCtx *Context, svrCfg serverconfig.Config, clientCtx client.Context, app types.Application, + metrics *telemetry.Metrics, opts StartCmdOptions, +) + +error { + cmtCfg := svrCtx.Config + gRPCOnly := svrCtx.Viper.GetBool(flagGRPCOnly) + +g, ctx := getCtx(svrCtx, true) + if gRPCOnly { + // TODO: Generalize logic so that gRPC only is really in startStandAlone + svrCtx.Logger.Info("starting node in gRPC only mode; CometBFT is disabled") + +svrCfg.GRPC.Enable = true +} + +else { + svrCtx.Logger.Info("starting node with ABCI CometBFT in-process") + +tmNode, cleanupFn, err := startCmtNode(ctx, cmtCfg, app, svrCtx) + if err != nil { + return err +} + +defer cleanupFn() + + // Add the tx service to the gRPC router. We only need to register this + // service if API or gRPC is enabled, and avoid doing so in the general + // case, because it spawns a new local CometBFT RPC client. + if svrCfg.API.Enable || svrCfg.GRPC.Enable { + // Re-assign for making the client available below do not use := to avoid + // shadowing the clientCtx variable. + clientCtx = clientCtx.WithClient(local.New(tmNode)) + +app.RegisterTxService(clientCtx) + +app.RegisterTendermintService(clientCtx) + +app.RegisterNodeService(clientCtx, svrCfg) +} + +} + +grpcSrv, clientCtx, err := startGrpcServer(ctx, g, svrCfg.GRPC, clientCtx, svrCtx, app) + if err != nil { + return err +} + +err = startAPIServer(ctx, g, svrCfg, clientCtx, svrCtx, app, cmtCfg.RootDir, grpcSrv, metrics) + if err != nil { + return err +} + if opts.PostSetup != nil { + if err := opts.PostSetup(svrCtx, clientCtx, ctx, g); err != nil { + return err +} + +} + + // wait for signal capture and gracefully return + // we are guaranteed to be waiting for the "ListenForQuitSignals" goroutine. + return g.Wait() +} + +// TODO: Move nodeKey into being created within the function. +func startCmtNode( + ctx context.Context, + cfg *cmtcfg.Config, + app types.Application, + svrCtx *Context, +) (tmNode *node.Node, cleanupFn func(), err error) { + nodeKey, err := p2p.LoadOrGenNodeKey(cfg.NodeKeyFile()) + if err != nil { + return nil, cleanupFn, err +} + cmtApp := NewCometABCIWrapper(app) + +tmNode, err = node.NewNodeWithContext( + ctx, + cfg, + pvm.LoadOrGenFilePV(cfg.PrivValidatorKeyFile(), cfg.PrivValidatorStateFile()), + nodeKey, + proxy.NewLocalClientCreator(cmtApp), + getGenDocProvider(cfg), + cmtcfg.DefaultDBProvider, + node.DefaultMetricsProvider(cfg.Instrumentation), + servercmtlog.CometLoggerWrapper{ + Logger: svrCtx.Logger +}, + ) + if err != nil { + return tmNode, cleanupFn, err +} + if err := tmNode.Start(); err != nil { + return tmNode, cleanupFn, err +} + +cleanupFn = func() { + if tmNode != nil && tmNode.IsRunning() { + _ = tmNode.Stop() +} + +} + +return tmNode, cleanupFn, nil +} + +func getAndValidateConfig(svrCtx *Context) (serverconfig.Config, error) { + config, err := serverconfig.GetConfig(svrCtx.Viper) + if err != nil { + return config, err +} + if err := config.ValidateBasic(); err != nil { + return config, err +} + +return config, nil +} + +// returns a function which returns the genesis doc from the genesis file. +func getGenDocProvider(cfg *cmtcfg.Config) + +func() (*cmttypes.GenesisDoc, error) { + return func() (*cmttypes.GenesisDoc, error) { + appGenesis, err := genutiltypes.AppGenesisFromFile(cfg.GenesisFile()) + if err != nil { + return nil, err +} + +return appGenesis.ToGenesisDoc() +} +} + +func setupTraceWriter(svrCtx *Context) (traceWriter io.WriteCloser, cleanup func(), err error) { + // clean up the traceWriter when the server is shutting down + cleanup = func() { +} + traceWriterFile := svrCtx.Viper.GetString(flagTraceStore) + +traceWriter, err = openTraceWriter(traceWriterFile) + if err != nil { + return traceWriter, cleanup, err +} + + // if flagTraceStore is not used then traceWriter is nil + if traceWriter != nil { + cleanup = func() { + if err = traceWriter.Close(); err != nil { + svrCtx.Logger.Error("failed to close trace writer", "err", err) +} + +} + +} + +return traceWriter, cleanup, nil +} + +func startGrpcServer( + ctx context.Context, + g *errgroup.Group, + config serverconfig.GRPCConfig, + clientCtx client.Context, + svrCtx *Context, + app types.Application, +) (*grpc.Server, client.Context, error) { + if !config.Enable { + // return grpcServer as nil if gRPC is disabled + return nil, clientCtx, nil +} + _, _, err := net.SplitHostPort(config.Address) + if err != nil { + return nil, clientCtx, err +} + maxSendMsgSize := config.MaxSendMsgSize + if maxSendMsgSize == 0 { + maxSendMsgSize = serverconfig.DefaultGRPCMaxSendMsgSize +} + maxRecvMsgSize := config.MaxRecvMsgSize + if maxRecvMsgSize == 0 { + maxRecvMsgSize = serverconfig.DefaultGRPCMaxRecvMsgSize +} + + // if gRPC is enabled, configure gRPC client for gRPC gateway + grpcClient, err := grpc.Dial( //nolint: staticcheck // ignore this line for this linter + config.Address, + grpc.WithTransportCredentials(insecure.NewCredentials()), + grpc.WithDefaultCallOptions( + grpc.ForceCodec(codec.NewProtoCodec(clientCtx.InterfaceRegistry).GRPCCodec()), + grpc.MaxCallRecvMsgSize(maxRecvMsgSize), + grpc.MaxCallSendMsgSize(maxSendMsgSize), + ), + ) + if err != nil { + return nil, clientCtx, err +} + +clientCtx = clientCtx.WithGRPCClient(grpcClient) + +svrCtx.Logger.Debug("gRPC client assigned to client context", "target", config.Address) + +grpcSrv, err := servergrpc.NewGRPCServer(clientCtx, app, config) + if err != nil { + return nil, clientCtx, err +} + + // Start the gRPC server in a goroutine. Note, the provided ctx will ensure + // that the server is gracefully shut down. + g.Go(func() + +error { + return servergrpc.StartGRPCServer(ctx, svrCtx.Logger.With("module", "grpc-server"), config, grpcSrv) +}) + +return grpcSrv, clientCtx, nil +} + +func startAPIServer( + ctx context.Context, + g *errgroup.Group, + svrCfg serverconfig.Config, + clientCtx client.Context, + svrCtx *Context, + app types.Application, + home string, + grpcSrv *grpc.Server, + metrics *telemetry.Metrics, +) + +error { + if !svrCfg.API.Enable { + return nil +} + +clientCtx = clientCtx.WithHomeDir(home) + apiSrv := api.New(clientCtx, svrCtx.Logger.With("module", "api-server"), grpcSrv) + +app.RegisterAPIRoutes(apiSrv, svrCfg.API) + if svrCfg.Telemetry.Enabled { + apiSrv.SetTelemetry(metrics) +} + +g.Go(func() + +error { + return apiSrv.Start(ctx, svrCfg) +}) + +return nil +} + +func startTelemetry(cfg serverconfig.Config) (*telemetry.Metrics, error) { + return telemetry.New(cfg.Telemetry) +} + +// wrapCPUProfile starts CPU profiling, if enabled, and executes the provided +// callbackFn in a separate goroutine, then will wait for that callback to +// return. +// +// NOTE: We expect the caller to handle graceful shutdown and signal handling. +func wrapCPUProfile(svrCtx *Context, callbackFn func() + +error) + +error { + if cpuProfile := svrCtx.Viper.GetString(flagCPUProfile); cpuProfile != "" { + f, err := os.Create(cpuProfile) + if err != nil { + return err +} + +svrCtx.Logger.Info("starting CPU profiler", "profile", cpuProfile) + if err := pprof.StartCPUProfile(f); err != nil { + return err +} + +defer func() { + svrCtx.Logger.Info("stopping CPU profiler", "profile", cpuProfile) + +pprof.StopCPUProfile() + if err := f.Close(); err != nil { + svrCtx.Logger.Info("failed to close cpu-profile file", "profile", cpuProfile, "err", err.Error()) +} + +}() +} + +return callbackFn() +} + +// emitServerInfoMetrics emits server info related metrics using application telemetry. +func emitServerInfoMetrics() { + var ls []metrics.Label + versionInfo := version.NewInfo() + if len(versionInfo.GoVersion) > 0 { + ls = append(ls, telemetry.NewLabel("go", versionInfo.GoVersion)) +} + if len(versionInfo.CosmosSdkVersion) > 0 { + ls = append(ls, telemetry.NewLabel("version", versionInfo.CosmosSdkVersion)) +} + if len(ls) == 0 { + return +} + +telemetry.SetGaugeWithLabels([]string{"server", "info" +}, 1, ls) +} + +func getCtx(svrCtx *Context, block bool) (*errgroup.Group, context.Context) { + ctx, cancelFn := context.WithCancel(context.Background()) + +g, ctx := errgroup.WithContext(ctx) + // listen for quit signals so the calling parent process can gracefully exit + ListenForQuitSignals(g, block, cancelFn, svrCtx.Logger) + +return g, ctx +} + +func startApp(svrCtx *Context, appCreator types.AppCreator, opts StartCmdOptions) (app types.Application, cleanupFn func(), err error) { + traceWriter, traceCleanupFn, err := setupTraceWriter(svrCtx) + if err != nil { + return app, traceCleanupFn, err +} + home := svrCtx.Config.RootDir + db, err := opts.DBOpener(home, GetAppDBBackend(svrCtx.Viper)) + if err != nil { + return app, traceCleanupFn, err +} + if isTestnet, ok := svrCtx.Viper.Get(KeyIsTestnet).(bool); ok && isTestnet { + app, err = testnetify(svrCtx, appCreator, db, traceWriter) + if err != nil { + return app, traceCleanupFn, err +} + +} + +else { + app = appCreator(svrCtx.Logger, db, traceWriter, svrCtx.Viper) +} + +cleanupFn = func() { + traceCleanupFn() + if localErr := app.Close(); localErr != nil { + svrCtx.Logger.Error(localErr.Error()) +} + +} + +return app, cleanupFn, nil +} + +// InPlaceTestnetCreator utilizes the provided chainID and operatorAddress as well as the local private validator key to +// control the network represented in the data folder. This is useful to create testnets nearly identical to your +// mainnet environment. +func InPlaceTestnetCreator(testnetAppCreator types.AppCreator) *cobra.Command { + opts := StartCmdOptions{ +} + if opts.DBOpener == nil { + opts.DBOpener = openDB +} + if opts.StartCommandHandler == nil { + opts.StartCommandHandler = start +} + cmd := &cobra.Command{ + Use: "in-place-testnet [newChainID] [newOperatorAddress]", + Short: "Create and start a testnet from current local state", + Long: `Create and start a testnet from current local state. +After utilizing this command the network will start. If the network is stopped, +the normal "start" command should be used. Re-using this command on state that +has already been modified by this command could result in unexpected behavior. + +Additionally, the first block may take up to one minute to be committed, depending +on how old the block is. For instance, if a snapshot was taken weeks ago and we want +to turn this into a testnet, it is possible lots of pending state needs to be committed +(expiring locks, etc.). It is recommended that you should wait for this block to be committed +before stopping the daemon. + +If the --trigger-testnet-upgrade flag is set, the upgrade handler specified by the flag will be run +on the first block of the testnet. + +Regardless of whether the flag is set or not, if any new stores are introduced in the daemon being run, +those stores will be registered in order to prevent panics. Therefore, you only need to set the flag if +you want to test the upgrade handler itself. +`, + Example: "in-place-testnet localosmosis osmo12smx2wdlyttvyzvzg54y2vnqwq2qjateuf7thj", + Args: cobra.ExactArgs(2), + RunE: func(cmd *cobra.Command, args []string) + +error { + serverCtx := GetServerContextFromCmd(cmd) + _, err := GetPruningOptionsFromFlags(serverCtx.Viper) + if err != nil { + return err +} + +clientCtx, err := client.GetClientQueryContext(cmd) + if err != nil { + return err +} + +withCMT, _ := cmd.Flags().GetBool(flagWithComet) + if !withCMT { + serverCtx.Logger.Info("starting ABCI without CometBFT") +} + newChainID := args[0] + newOperatorAddress := args[1] + + skipConfirmation, _ := cmd.Flags().GetBool("skip-confirmation") + if !skipConfirmation { + // Confirmation prompt to prevent accidental modification of state. + reader := bufio.NewReader(os.Stdin) + +fmt.Println("This operation will modify state in your data folder and cannot be undone. Do you want to continue? (y/n)") + +text, _ := reader.ReadString('\n') + response := strings.TrimSpace(strings.ToLower(text)) + if response != "y" && response != "yes" { + fmt.Println("Operation canceled.") + +return nil +} + +} + + // Set testnet keys to be used by the application. + // This is done to prevent changes to existing start API. + serverCtx.Viper.Set(KeyIsTestnet, true) + +serverCtx.Viper.Set(KeyNewChainID, newChainID) + +serverCtx.Viper.Set(KeyNewOpAddr, newOperatorAddress) + +err = wrapCPUProfile(serverCtx, func() + +error { + return opts.StartCommandHandler(serverCtx, clientCtx, testnetAppCreator, withCMT, opts) +}) + +serverCtx.Logger.Debug("received quit signal") + +graceDuration, _ := cmd.Flags().GetDuration(FlagShutdownGrace) + if graceDuration > 0 { + serverCtx.Logger.Info("graceful shutdown start", FlagShutdownGrace, graceDuration) + <-time.After(graceDuration) + +serverCtx.Logger.Info("graceful shutdown complete") +} + +return err +}, +} + +addStartNodeFlags(cmd, opts) + +cmd.Flags().String(KeyTriggerTestnetUpgrade, "", "If set (example: \"v21\"), triggers the v21 upgrade handler to run on the first block of the testnet") + +cmd.Flags().Bool("skip-confirmation", false, "Skip the confirmation prompt") + +return cmd +} + +// testnetify modifies both state and blockStore, allowing the provided operator address and local validator key to control the network +// that the state in the data folder represents. The chainID of the local genesis file is modified to match the provided chainID. +func testnetify(ctx *Context, testnetAppCreator types.AppCreator, db dbm.DB, traceWriter io.WriteCloser) (types.Application, error) { + config := ctx.Config + + newChainID, ok := ctx.Viper.Get(KeyNewChainID).(string) + if !ok { + return nil, fmt.Errorf("expected string for key %s", KeyNewChainID) +} + + // Modify app genesis chain ID and save to genesis file. + genFilePath := config.GenesisFile() + +appGen, err := genutiltypes.AppGenesisFromFile(genFilePath) + if err != nil { + return nil, err +} + +appGen.ChainID = newChainID + if err := appGen.ValidateAndComplete(); err != nil { + return nil, err +} + if err := appGen.SaveAs(genFilePath); err != nil { + return nil, err +} + + // Regenerate addrbook.json to prevent peers on old network from causing error logs. + addrBookPath := filepath.Join(config.RootDir, "config", "addrbook.json") + if err := os.Remove(addrBookPath); err != nil && !os.IsNotExist(err) { + return nil, fmt.Errorf("failed to remove existing addrbook.json: %w", err) +} + emptyAddrBook := []byte("{ +}") + if err := os.WriteFile(addrBookPath, emptyAddrBook, 0o600); err != nil { + return nil, fmt.Errorf("failed to create empty addrbook.json: %w", err) +} + + // Load the comet genesis doc provider. + genDocProvider := node.DefaultGenesisDocProviderFunc(config) + + // Initialize blockStore and stateDB. + blockStoreDB, err := cmtcfg.DefaultDBProvider(&cmtcfg.DBContext{ + ID: "blockstore", + Config: config +}) + if err != nil { + return nil, err +} + blockStore := store.NewBlockStore(blockStoreDB) + +stateDB, err := cmtcfg.DefaultDBProvider(&cmtcfg.DBContext{ + ID: "state", + Config: config +}) + if err != nil { + return nil, err +} + +defer blockStore.Close() + +defer stateDB.Close() + privValidator := pvm.LoadOrGenFilePV(config.PrivValidatorKeyFile(), config.PrivValidatorStateFile()) + +userPubKey, err := privValidator.GetPubKey() + if err != nil { + return nil, err +} + validatorAddress := userPubKey.Address() + stateStore := sm.NewStore(stateDB, sm.StoreOptions{ + DiscardABCIResponses: config.Storage.DiscardABCIResponses, +}) + +state, genDoc, err := node.LoadStateFromDBOrGenesisDocProvider(stateDB, genDocProvider) + if err != nil { + return nil, err +} + +ctx.Viper.Set(KeyNewValAddr, validatorAddress) + +ctx.Viper.Set(KeyUserPubKey, userPubKey) + testnetApp := testnetAppCreator(ctx.Logger, db, traceWriter, ctx.Viper) + + // We need to create a temporary proxyApp to get the initial state of the application. + // Depending on how the node was stopped, the application height can differ from the blockStore height. + // This height difference changes how we go about modifying the state. + cmtApp := NewCometABCIWrapper(testnetApp) + _, context := getCtx(ctx, true) + clientCreator := proxy.NewLocalClientCreator(cmtApp) + metrics := node.DefaultMetricsProvider(cmtcfg.DefaultConfig().Instrumentation) + _, _, _, _, proxyMetrics, _, _ := metrics(genDoc.ChainID) + proxyApp := proxy.NewAppConns(clientCreator, proxyMetrics) + if err := proxyApp.Start(); err != nil { + return nil, fmt.Errorf("error starting proxy app connections: %w", err) +} + +res, err := proxyApp.Query().Info(context, proxy.RequestInfo) + if err != nil { + return nil, fmt.Errorf("error calling Info: %w", err) +} + +err = proxyApp.Stop() + if err != nil { + return nil, err +} + appHash := res.LastBlockAppHash + appHeight := res.LastBlockHeight + + var block *cmttypes.Block + switch { + case appHeight == blockStore.Height(): + block = blockStore.LoadBlock(blockStore.Height()) + // If the state's last blockstore height does not match the app and blockstore height, we likely stopped with the halt height flag. + if state.LastBlockHeight != appHeight { + state.LastBlockHeight = appHeight + block.AppHash = appHash + state.AppHash = appHash +} + +else { + // Node was likely stopped via SIGTERM, delete the next block's seen commit + err := blockStoreDB.Delete(fmt.Appendf(nil, "SC:%v", blockStore.Height()+1)) + if err != nil { + return nil, err +} + +} + case blockStore.Height() > state.LastBlockHeight: + // This state usually occurs when we gracefully stop the node. + err = blockStore.DeleteLatestBlock() + if err != nil { + return nil, err +} + +block = blockStore.LoadBlock(blockStore.Height()) + +default: + // If there is any other state, we just load the block + block = blockStore.LoadBlock(blockStore.Height()) +} + +block.ChainID = newChainID + state.ChainID = newChainID + + block.LastBlockID = state.LastBlockID + block.LastCommit.BlockID = state.LastBlockID + + // Create a vote from our validator + vote := cmttypes.Vote{ + Type: cmtproto.PrecommitType, + Height: state.LastBlockHeight, + Round: 0, + BlockID: state.LastBlockID, + Timestamp: time.Now(), + ValidatorAddress: validatorAddress, + ValidatorIndex: 0, + Signature: []byte{ +}, +} + + // Sign the vote, and copy the proto changes from the act of signing to the vote itself + voteProto := vote.ToProto() + +err = privValidator.SignVote(newChainID, voteProto) + if err != nil { + return nil, err +} + +vote.Signature = voteProto.Signature + vote.Timestamp = voteProto.Timestamp + + // Modify the block's lastCommit to be signed only by our validator + block.LastCommit.Signatures[0].ValidatorAddress = validatorAddress + block.LastCommit.Signatures[0].Signature = vote.Signature + block.LastCommit.Signatures = []cmttypes.CommitSig{ + block.LastCommit.Signatures[0] +} + + // Load the seenCommit of the lastBlockHeight and modify it to be signed from our validator + seenCommit := blockStore.LoadSeenCommit(state.LastBlockHeight) + +seenCommit.BlockID = state.LastBlockID + seenCommit.Round = vote.Round + seenCommit.Signatures[0].Signature = vote.Signature + seenCommit.Signatures[0].ValidatorAddress = validatorAddress + seenCommit.Signatures[0].Timestamp = vote.Timestamp + seenCommit.Signatures = []cmttypes.CommitSig{ + seenCommit.Signatures[0] +} + +err = blockStore.SaveSeenCommit(state.LastBlockHeight, seenCommit) + if err != nil { + return nil, err +} + + // Create ValidatorSet struct containing just our valdiator. + newVal := &cmttypes.Validator{ + Address: validatorAddress, + PubKey: userPubKey, + VotingPower: 900000000000000, +} + newValSet := &cmttypes.ValidatorSet{ + Validators: []*cmttypes.Validator{ + newVal +}, + Proposer: newVal, +} + + // Replace all valSets in state to be the valSet with just our validator. + state.Validators = newValSet + state.LastValidators = newValSet + state.NextValidators = newValSet + state.LastHeightValidatorsChanged = blockStore.Height() + +err = stateStore.Save(state) + if err != nil { + return nil, err +} + + // Create a ValidatorsInfo struct to store in stateDB. + valSet, err := state.Validators.ToProto() + if err != nil { + return nil, err +} + valInfo := &cmtstate.ValidatorsInfo{ + ValidatorSet: valSet, + LastHeightChanged: state.LastBlockHeight, +} + +buf, err := valInfo.Marshal() + if err != nil { + return nil, err +} + + // Modfiy Validators stateDB entry. + err = stateDB.Set(fmt.Appendf(nil, "validatorsKey:%v", blockStore.Height()), buf) + if err != nil { + return nil, err +} + + // Modify LastValidators stateDB entry. + err = stateDB.Set(fmt.Appendf(nil, "validatorsKey:%v", blockStore.Height()-1), buf) + if err != nil { + return nil, err +} + + // Modify NextValidators stateDB entry. + err = stateDB.Set(fmt.Appendf(nil, "validatorsKey:%v", blockStore.Height()+1), buf) + if err != nil { + return nil, err +} + + // Since we modified the chainID, we set the new genesisDoc in the stateDB. + b, err := cmtjson.Marshal(genDoc) + if err != nil { + return nil, err +} + if err := stateDB.SetSync([]byte("genesisDoc"), b); err != nil { + return nil, err +} + +return testnetApp, err +} + +// addStartNodeFlags should be added to any CLI commands that start the network. +func addStartNodeFlags(cmd *cobra.Command, opts StartCmdOptions) { + cmd.Flags().Bool(flagWithComet, true, "Run abci app embedded in-process with CometBFT") + +cmd.Flags().String(flagAddress, "tcp://127.0.0.1:26658", "Listen address") + +cmd.Flags().String(flagTransport, "socket", "Transport protocol: socket, grpc") + +cmd.Flags().String(flagTraceStore, "", "Enable KVStore tracing to an output file") + +cmd.Flags().String(FlagMinGasPrices, "", "Minimum gas prices to accept for transactions; Any fee in a tx must meet this minimum (e.g. 0.01photino;0.0001stake)") + +cmd.Flags().Uint64(FlagQueryGasLimit, 0, "Maximum gas a Rest/Grpc query can consume. Blank and 0 imply unbounded.") + +cmd.Flags().IntSlice(FlagUnsafeSkipUpgrades, []int{ +}, "Skip a set of upgrade heights to continue the old binary") + +cmd.Flags().Uint64(FlagHaltHeight, 0, "Block height at which to gracefully halt the chain and shutdown the node") + +cmd.Flags().Uint64(FlagHaltTime, 0, "Minimum block time (in Unix seconds) + +at which to gracefully halt the chain and shutdown the node") + +cmd.Flags().Bool(FlagInterBlockCache, true, "Enable inter-block caching") + +cmd.Flags().String(flagCPUProfile, "", "Enable CPU profiling and write to the provided file") + +cmd.Flags().Bool(FlagTrace, false, "Provide full stack traces for errors in ABCI Log") + +cmd.Flags().String(FlagPruning, pruningtypes.PruningOptionDefault, "Pruning strategy (default|nothing|everything|custom)") + +cmd.Flags().Uint64(FlagPruningKeepRecent, 0, "Number of recent heights to keep on disk (ignored if pruning is not 'custom')") + +cmd.Flags().Uint64(FlagPruningInterval, 0, "Height interval at which pruned heights are removed from disk (ignored if pruning is not 'custom')") + +cmd.Flags().Uint(FlagInvCheckPeriod, 0, "Assert registered invariants every N blocks") + +cmd.Flags().Uint64(FlagMinRetainBlocks, 0, "Minimum block height offset during ABCI commit to prune CometBFT blocks") + +cmd.Flags().Bool(FlagAPIEnable, false, "Define if the API server should be enabled") + +cmd.Flags().Bool(FlagAPISwagger, false, "Define if swagger documentation should automatically be registered (Note: the API must also be enabled)") + +cmd.Flags().String(FlagAPIAddress, serverconfig.DefaultAPIAddress, "the API server address to listen on") + +cmd.Flags().Uint(FlagAPIMaxOpenConnections, 1000, "Define the number of maximum open connections") + +cmd.Flags().Uint(FlagRPCReadTimeout, 10, "Define the CometBFT RPC read timeout (in seconds)") + +cmd.Flags().Uint(FlagRPCWriteTimeout, 0, "Define the CometBFT RPC write timeout (in seconds)") + +cmd.Flags().Uint(FlagRPCMaxBodyBytes, 1000000, "Define the CometBFT maximum request body (in bytes)") + +cmd.Flags().Bool(FlagAPIEnableUnsafeCORS, false, "Define if CORS should be enabled (unsafe - use it at your own risk)") + +cmd.Flags().Bool(flagGRPCOnly, false, "Start the node in gRPC query only mode (no CometBFT process is started)") + +cmd.Flags().Bool(flagGRPCEnable, true, "Define if the gRPC server should be enabled") + +cmd.Flags().String(flagGRPCAddress, serverconfig.DefaultGRPCAddress, "the gRPC server address to listen on") + +cmd.Flags().Bool(flagGRPCWebEnable, true, "Define if the gRPC-Web server should be enabled. (Note: gRPC must also be enabled)") + +cmd.Flags().Uint64(FlagStateSyncSnapshotInterval, 0, "State sync snapshot interval") + +cmd.Flags().Uint32(FlagStateSyncSnapshotKeepRecent, 2, "State sync snapshot to keep") + +cmd.Flags().Bool(FlagDisableIAVLFastNode, false, "Disable fast node for IAVL tree") + +cmd.Flags().Int(FlagMempoolMaxTxs, mempool.DefaultMaxTx, "Sets MaxTx value for the app-side mempool") + +cmd.Flags().Duration(FlagShutdownGrace, 0*time.Second, "On Shutdown, duration to wait for resource clean up") + + // support old flags name for backwards compatibility + cmd.Flags().SetNormalizeFunc(func(f *pflag.FlagSet, name string) + +pflag.NormalizedName { + if name == "with-tendermint" { + name = flagWithComet +} + +return pflag.NormalizedName(name) +}) + + // add support for all CometBFT-specific command line options + cmtcmd.AddNodeFlags(cmd) + if opts.AddFlags != nil { + opts.AddFlags(cmd) +} +} +``` + +The CometBFT node can be created with `app` because the latter satisfies the [`abci.Application` interface](https://github.com/cometbft/cometbft/blob/v0.37.0/abci/types/application.go#L9-L35) (given that `app` extends [`baseapp`](/docs/sdk/vnext/learn/advanced/baseapp)). As part of the `node.New` method, CometBFT makes sure that the height of the application (i.e. number of blocks since genesis) is equal to the height of the CometBFT node. The difference between these two heights should always be negative or null. If it is strictly negative, `node.New` will replay blocks until the height of the application reaches the height of the CometBFT node. Finally, if the height of the application is `0`, the CometBFT node will call [`InitChain`](/docs/sdk/vnext/learn/advanced/baseapp#initchain) on the application to initialize the state from the genesis file. + +Once the CometBFT node is instantiated and in sync with the application, the node can be started: + +```go expandable +package server + +import ( + + "bufio" + "context" + "fmt" + "io" + "net" + "os" + "path/filepath" + "runtime/pprof" + "strings" + "time" + "github.com/cometbft/cometbft/abci/server" + cmtcmd "github.com/cometbft/cometbft/cmd/cometbft/commands" + cmtcfg "github.com/cometbft/cometbft/config" + cmtjson "github.com/cometbft/cometbft/libs/json" + "github.com/cometbft/cometbft/node" + "github.com/cometbft/cometbft/p2p" + pvm "github.com/cometbft/cometbft/privval" + cmtstate "github.com/cometbft/cometbft/proto/tendermint/state" + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + "github.com/cometbft/cometbft/proxy" + rpchttp "github.com/cometbft/cometbft/rpc/client/http" + "github.com/cometbft/cometbft/rpc/client/local" + sm "github.com/cometbft/cometbft/state" + "github.com/cometbft/cometbft/store" + cmttypes "github.com/cometbft/cometbft/types" + dbm "github.com/cosmos/cosmos-db" + "github.com/hashicorp/go-metrics" + "github.com/spf13/cobra" + "github.com/spf13/pflag" + "golang.org/x/sync/errgroup" + "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" + + pruningtypes "cosmossdk.io/store/pruning/types" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/client/flags" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/server/api" + serverconfig "github.com/cosmos/cosmos-sdk/server/config" + servergrpc "github.com/cosmos/cosmos-sdk/server/grpc" + servercmtlog "github.com/cosmos/cosmos-sdk/server/log" + "github.com/cosmos/cosmos-sdk/server/types" + "github.com/cosmos/cosmos-sdk/telemetry" + "github.com/cosmos/cosmos-sdk/types/mempool" + "github.com/cosmos/cosmos-sdk/version" + genutiltypes "github.com/cosmos/cosmos-sdk/x/genutil/types" +) + +const ( + // CometBFT full-node start flags + flagWithComet = "with-comet" + flagAddress = "address" + flagTransport = "transport" + flagTraceStore = "trace-store" + flagCPUProfile = "cpu-profile" + FlagMinGasPrices = "minimum-gas-prices" + FlagQueryGasLimit = "query-gas-limit" + FlagHaltHeight = "halt-height" + FlagHaltTime = "halt-time" + FlagInterBlockCache = "inter-block-cache" + FlagUnsafeSkipUpgrades = "unsafe-skip-upgrades" + FlagTrace = "trace" + FlagInvCheckPeriod = "inv-check-period" + + FlagPruning = "pruning" + FlagPruningKeepRecent = "pruning-keep-recent" + FlagPruningInterval = "pruning-interval" + FlagIndexEvents = "index-events" + FlagMinRetainBlocks = "min-retain-blocks" + FlagIAVLCacheSize = "iavl-cache-size" + FlagDisableIAVLFastNode = "iavl-disable-fastnode" + FlagIAVLSyncPruning = "iavl-sync-pruning" + FlagShutdownGrace = "shutdown-grace" + + // state sync-related flags + FlagStateSyncSnapshotInterval = "state-sync.snapshot-interval" + FlagStateSyncSnapshotKeepRecent = "state-sync.snapshot-keep-recent" + + // api-related flags + FlagAPIEnable = "api.enable" + FlagAPISwagger = "api.swagger" + FlagAPIAddress = "api.address" + FlagAPIMaxOpenConnections = "api.max-open-connections" + FlagRPCReadTimeout = "api.rpc-read-timeout" + FlagRPCWriteTimeout = "api.rpc-write-timeout" + FlagRPCMaxBodyBytes = "api.rpc-max-body-bytes" + FlagAPIEnableUnsafeCORS = "api.enabled-unsafe-cors" + + // gRPC-related flags + flagGRPCOnly = "grpc-only" + flagGRPCEnable = "grpc.enable" + flagGRPCAddress = "grpc.address" + flagGRPCWebEnable = "grpc-web.enable" + flagGRPCSkipCheckHeader = "grpc.skip-check-header" + + // mempool flags + FlagMempoolMaxTxs = "mempool.max-txs" + + // testnet keys + KeyIsTestnet = "is-testnet" + KeyNewChainID = "new-chain-ID" + KeyNewOpAddr = "new-operator-addr" + KeyNewValAddr = "new-validator-addr" + KeyUserPubKey = "user-pub-key" + KeyTriggerTestnetUpgrade = "trigger-testnet-upgrade" +) + +// StartCmdOptions defines options that can be customized in `StartCmdWithOptions`, +type StartCmdOptions struct { + // DBOpener can be used to customize db opening, for example customize db options or support different db backends, + // default to the builtin db opener. + DBOpener func(rootDir string, backendType dbm.BackendType) (dbm.DB, error) + // PostSetup can be used to setup extra services under the same cancellable context, + // it's not called in stand-alone mode, only for in-process mode. + PostSetup func(svrCtx *Context, clientCtx client.Context, ctx context.Context, g *errgroup.Group) + +error + // PostSetupStandalone can be used to setup extra services under the same cancellable context, + PostSetupStandalone func(svrCtx *Context, clientCtx client.Context, ctx context.Context, g *errgroup.Group) + +error + // AddFlags add custom flags to start cmd + AddFlags func(cmd *cobra.Command) + // StartCommandHanlder can be used to customize the start command handler + StartCommandHandler func(svrCtx *Context, clientCtx client.Context, appCreator types.AppCreator, inProcessConsensus bool, opts StartCmdOptions) + +error +} + +// StartCmd runs the service passed in, either stand-alone or in-process with +// CometBFT. +func StartCmd(appCreator types.AppCreator, defaultNodeHome string) *cobra.Command { + return StartCmdWithOptions(appCreator, defaultNodeHome, StartCmdOptions{ +}) +} + +// StartCmdWithOptions runs the service passed in, either stand-alone or in-process with +// CometBFT. +func StartCmdWithOptions(appCreator types.AppCreator, defaultNodeHome string, opts StartCmdOptions) *cobra.Command { + if opts.DBOpener == nil { + opts.DBOpener = openDB +} + if opts.StartCommandHandler == nil { + opts.StartCommandHandler = start +} + cmd := &cobra.Command{ + Use: "start", + Short: "Run the full node", + Long: `Run the full node application with CometBFT in or out of process. By +default, the application will run with CometBFT in process. + +Pruning options can be provided via the '--pruning' flag or alternatively with '--pruning-keep-recent', and +'pruning-interval' together. + +For '--pruning' the options are as follows: + +default: the last 362880 states are kept, pruning at 10 block intervals +nothing: all historic states will be saved, nothing will be deleted (i.e. archiving node) + +everything: 2 latest states will be kept; pruning at 10 block intervals. +custom: allow pruning options to be manually specified through 'pruning-keep-recent', and 'pruning-interval' + +Node halting configurations exist in the form of two flags: '--halt-height' and '--halt-time'. During +the ABCI Commit phase, the node will check if the current block height is greater than or equal to +the halt-height or if the current block time is greater than or equal to the halt-time. If so, the +node will attempt to gracefully shutdown and the block will not be committed. In addition, the node +will not be able to commit subsequent blocks. + +For profiling and benchmarking purposes, CPU profiling can be enabled via the '--cpu-profile' flag +which accepts a path for the resulting pprof file. + +The node may be started in a 'query only' mode where only the gRPC and JSON HTTP +API services are enabled via the 'grpc-only' flag. In this mode, CometBFT is +bypassed and can be used when legacy queries are needed after an on-chain upgrade +is performed. Note, when enabled, gRPC will also be automatically enabled. +`, + RunE: func(cmd *cobra.Command, _ []string) + +error { + serverCtx := GetServerContextFromCmd(cmd) + + _, err := GetPruningOptionsFromFlags(serverCtx.Viper) + if err != nil { + return err +} + +clientCtx, err := client.GetClientQueryContext(cmd) + if err != nil { + return err +} + +withCMT, _ := cmd.Flags().GetBool(flagWithComet) + if !withCMT { + serverCtx.Logger.Info("starting ABCI without CometBFT") +} + +err = wrapCPUProfile(serverCtx, func() + +error { + return opts.StartCommandHandler(serverCtx, clientCtx, appCreator, withCMT, opts) +}) + +serverCtx.Logger.Debug("received quit signal") + +graceDuration, _ := cmd.Flags().GetDuration(FlagShutdownGrace) + if graceDuration > 0 { + serverCtx.Logger.Info("graceful shutdown start", FlagShutdownGrace, graceDuration) + <-time.After(graceDuration) + +serverCtx.Logger.Info("graceful shutdown complete") +} + +return err +}, +} + +cmd.Flags().String(flags.FlagHome, defaultNodeHome, "The application home directory") + +addStartNodeFlags(cmd, opts) + +return cmd +} + +func start(svrCtx *Context, clientCtx client.Context, appCreator types.AppCreator, withCmt bool, opts StartCmdOptions) + +error { + svrCfg, err := getAndValidateConfig(svrCtx) + if err != nil { + return err +} + +app, appCleanupFn, err := startApp(svrCtx, appCreator, opts) + if err != nil { + return err +} + +defer appCleanupFn() + +metrics, err := startTelemetry(svrCfg) + if err != nil { + return err +} + +emitServerInfoMetrics() + if !withCmt { + return startStandAlone(svrCtx, svrCfg, clientCtx, app, metrics, opts) +} + +return startInProcess(svrCtx, svrCfg, clientCtx, app, metrics, opts) +} + +func startStandAlone(svrCtx *Context, svrCfg serverconfig.Config, clientCtx client.Context, app types.Application, metrics *telemetry.Metrics, opts StartCmdOptions) + +error { + addr := svrCtx.Viper.GetString(flagAddress) + transport := svrCtx.Viper.GetString(flagTransport) + cmtApp := NewCometABCIWrapper(app) + +svr, err := server.NewServer(addr, transport, cmtApp) + if err != nil { + return fmt.Errorf("error creating listener: %w", err) +} + +svr.SetLogger(servercmtlog.CometLoggerWrapper{ + Logger: svrCtx.Logger.With("module", "abci-server") +}) + +g, ctx := getCtx(svrCtx, false) + + // Add the tx service to the gRPC router. We only need to register this + // service if API or gRPC is enabled, and avoid doing so in the general + // case, because it spawns a new local CometBFT RPC client. + if svrCfg.API.Enable || svrCfg.GRPC.Enable { + // create tendermint client + // assumes the rpc listen address is where tendermint has its rpc server + rpcclient, err := rpchttp.New(svrCtx.Config.RPC.ListenAddress, "/websocket") + if err != nil { + return err +} + // re-assign for making the client available below + // do not use := to avoid shadowing clientCtx + clientCtx = clientCtx.WithClient(rpcclient) + + // use the provided clientCtx to register the services + app.RegisterTxService(clientCtx) + +app.RegisterTendermintService(clientCtx) + +app.RegisterNodeService(clientCtx, svrCfg) +} + +grpcSrv, clientCtx, err := startGrpcServer(ctx, g, svrCfg.GRPC, clientCtx, svrCtx, app) + if err != nil { + return err +} + +err = startAPIServer(ctx, g, svrCfg, clientCtx, svrCtx, app, svrCtx.Config.RootDir, grpcSrv, metrics) + if err != nil { + return err +} + if opts.PostSetupStandalone != nil { + if err := opts.PostSetupStandalone(svrCtx, clientCtx, ctx, g); err != nil { + return err +} + +} + +g.Go(func() + +error { + if err := svr.Start(); err != nil { + svrCtx.Logger.Error("failed to start out-of-process ABCI server", "err", err) + +return err +} + + // Wait for the calling process to be canceled or close the provided context, + // so we can gracefully stop the ABCI server. + <-ctx.Done() + +svrCtx.Logger.Info("stopping the ABCI server...") + +return svr.Stop() +}) + +return g.Wait() +} + +func startInProcess(svrCtx *Context, svrCfg serverconfig.Config, clientCtx client.Context, app types.Application, + metrics *telemetry.Metrics, opts StartCmdOptions, +) + +error { + cmtCfg := svrCtx.Config + gRPCOnly := svrCtx.Viper.GetBool(flagGRPCOnly) + +g, ctx := getCtx(svrCtx, true) + if gRPCOnly { + // TODO: Generalize logic so that gRPC only is really in startStandAlone + svrCtx.Logger.Info("starting node in gRPC only mode; CometBFT is disabled") + +svrCfg.GRPC.Enable = true +} + +else { + svrCtx.Logger.Info("starting node with ABCI CometBFT in-process") + +tmNode, cleanupFn, err := startCmtNode(ctx, cmtCfg, app, svrCtx) + if err != nil { + return err +} + +defer cleanupFn() + + // Add the tx service to the gRPC router. We only need to register this + // service if API or gRPC is enabled, and avoid doing so in the general + // case, because it spawns a new local CometBFT RPC client. + if svrCfg.API.Enable || svrCfg.GRPC.Enable { + // Re-assign for making the client available below do not use := to avoid + // shadowing the clientCtx variable. + clientCtx = clientCtx.WithClient(local.New(tmNode)) + +app.RegisterTxService(clientCtx) + +app.RegisterTendermintService(clientCtx) + +app.RegisterNodeService(clientCtx, svrCfg) +} + +} + +grpcSrv, clientCtx, err := startGrpcServer(ctx, g, svrCfg.GRPC, clientCtx, svrCtx, app) + if err != nil { + return err +} + +err = startAPIServer(ctx, g, svrCfg, clientCtx, svrCtx, app, cmtCfg.RootDir, grpcSrv, metrics) + if err != nil { + return err +} + if opts.PostSetup != nil { + if err := opts.PostSetup(svrCtx, clientCtx, ctx, g); err != nil { + return err +} + +} + + // wait for signal capture and gracefully return + // we are guaranteed to be waiting for the "ListenForQuitSignals" goroutine. + return g.Wait() +} + +// TODO: Move nodeKey into being created within the function. +func startCmtNode( + ctx context.Context, + cfg *cmtcfg.Config, + app types.Application, + svrCtx *Context, +) (tmNode *node.Node, cleanupFn func(), err error) { + nodeKey, err := p2p.LoadOrGenNodeKey(cfg.NodeKeyFile()) + if err != nil { + return nil, cleanupFn, err +} + cmtApp := NewCometABCIWrapper(app) + +tmNode, err = node.NewNodeWithContext( + ctx, + cfg, + pvm.LoadOrGenFilePV(cfg.PrivValidatorKeyFile(), cfg.PrivValidatorStateFile()), + nodeKey, + proxy.NewLocalClientCreator(cmtApp), + getGenDocProvider(cfg), + cmtcfg.DefaultDBProvider, + node.DefaultMetricsProvider(cfg.Instrumentation), + servercmtlog.CometLoggerWrapper{ + Logger: svrCtx.Logger +}, + ) + if err != nil { + return tmNode, cleanupFn, err +} + if err := tmNode.Start(); err != nil { + return tmNode, cleanupFn, err +} + +cleanupFn = func() { + if tmNode != nil && tmNode.IsRunning() { + _ = tmNode.Stop() +} + +} + +return tmNode, cleanupFn, nil +} + +func getAndValidateConfig(svrCtx *Context) (serverconfig.Config, error) { + config, err := serverconfig.GetConfig(svrCtx.Viper) + if err != nil { + return config, err +} + if err := config.ValidateBasic(); err != nil { + return config, err +} + +return config, nil +} + +// returns a function which returns the genesis doc from the genesis file. +func getGenDocProvider(cfg *cmtcfg.Config) + +func() (*cmttypes.GenesisDoc, error) { + return func() (*cmttypes.GenesisDoc, error) { + appGenesis, err := genutiltypes.AppGenesisFromFile(cfg.GenesisFile()) + if err != nil { + return nil, err +} + +return appGenesis.ToGenesisDoc() +} +} + +func setupTraceWriter(svrCtx *Context) (traceWriter io.WriteCloser, cleanup func(), err error) { + // clean up the traceWriter when the server is shutting down + cleanup = func() { +} + traceWriterFile := svrCtx.Viper.GetString(flagTraceStore) + +traceWriter, err = openTraceWriter(traceWriterFile) + if err != nil { + return traceWriter, cleanup, err +} + + // if flagTraceStore is not used then traceWriter is nil + if traceWriter != nil { + cleanup = func() { + if err = traceWriter.Close(); err != nil { + svrCtx.Logger.Error("failed to close trace writer", "err", err) +} + +} + +} + +return traceWriter, cleanup, nil +} + +func startGrpcServer( + ctx context.Context, + g *errgroup.Group, + config serverconfig.GRPCConfig, + clientCtx client.Context, + svrCtx *Context, + app types.Application, +) (*grpc.Server, client.Context, error) { + if !config.Enable { + // return grpcServer as nil if gRPC is disabled + return nil, clientCtx, nil +} + _, _, err := net.SplitHostPort(config.Address) + if err != nil { + return nil, clientCtx, err +} + maxSendMsgSize := config.MaxSendMsgSize + if maxSendMsgSize == 0 { + maxSendMsgSize = serverconfig.DefaultGRPCMaxSendMsgSize +} + maxRecvMsgSize := config.MaxRecvMsgSize + if maxRecvMsgSize == 0 { + maxRecvMsgSize = serverconfig.DefaultGRPCMaxRecvMsgSize +} + + // if gRPC is enabled, configure gRPC client for gRPC gateway + grpcClient, err := grpc.Dial( //nolint: staticcheck // ignore this line for this linter + config.Address, + grpc.WithTransportCredentials(insecure.NewCredentials()), + grpc.WithDefaultCallOptions( + grpc.ForceCodec(codec.NewProtoCodec(clientCtx.InterfaceRegistry).GRPCCodec()), + grpc.MaxCallRecvMsgSize(maxRecvMsgSize), + grpc.MaxCallSendMsgSize(maxSendMsgSize), + ), + ) + if err != nil { + return nil, clientCtx, err +} + +clientCtx = clientCtx.WithGRPCClient(grpcClient) + +svrCtx.Logger.Debug("gRPC client assigned to client context", "target", config.Address) + +grpcSrv, err := servergrpc.NewGRPCServer(clientCtx, app, config) + if err != nil { + return nil, clientCtx, err +} + + // Start the gRPC server in a goroutine. Note, the provided ctx will ensure + // that the server is gracefully shut down. + g.Go(func() + +error { + return servergrpc.StartGRPCServer(ctx, svrCtx.Logger.With("module", "grpc-server"), config, grpcSrv) +}) + +return grpcSrv, clientCtx, nil +} + +func startAPIServer( + ctx context.Context, + g *errgroup.Group, + svrCfg serverconfig.Config, + clientCtx client.Context, + svrCtx *Context, + app types.Application, + home string, + grpcSrv *grpc.Server, + metrics *telemetry.Metrics, +) + +error { + if !svrCfg.API.Enable { + return nil +} + +clientCtx = clientCtx.WithHomeDir(home) + apiSrv := api.New(clientCtx, svrCtx.Logger.With("module", "api-server"), grpcSrv) + +app.RegisterAPIRoutes(apiSrv, svrCfg.API) + if svrCfg.Telemetry.Enabled { + apiSrv.SetTelemetry(metrics) +} + +g.Go(func() + +error { + return apiSrv.Start(ctx, svrCfg) +}) + +return nil +} + +func startTelemetry(cfg serverconfig.Config) (*telemetry.Metrics, error) { + return telemetry.New(cfg.Telemetry) +} + +// wrapCPUProfile starts CPU profiling, if enabled, and executes the provided +// callbackFn in a separate goroutine, then will wait for that callback to +// return. +// +// NOTE: We expect the caller to handle graceful shutdown and signal handling. +func wrapCPUProfile(svrCtx *Context, callbackFn func() + +error) + +error { + if cpuProfile := svrCtx.Viper.GetString(flagCPUProfile); cpuProfile != "" { + f, err := os.Create(cpuProfile) + if err != nil { + return err +} + +svrCtx.Logger.Info("starting CPU profiler", "profile", cpuProfile) + if err := pprof.StartCPUProfile(f); err != nil { + return err +} + +defer func() { + svrCtx.Logger.Info("stopping CPU profiler", "profile", cpuProfile) + +pprof.StopCPUProfile() + if err := f.Close(); err != nil { + svrCtx.Logger.Info("failed to close cpu-profile file", "profile", cpuProfile, "err", err.Error()) +} + +}() +} + +return callbackFn() +} + +// emitServerInfoMetrics emits server info related metrics using application telemetry. +func emitServerInfoMetrics() { + var ls []metrics.Label + versionInfo := version.NewInfo() + if len(versionInfo.GoVersion) > 0 { + ls = append(ls, telemetry.NewLabel("go", versionInfo.GoVersion)) +} + if len(versionInfo.CosmosSdkVersion) > 0 { + ls = append(ls, telemetry.NewLabel("version", versionInfo.CosmosSdkVersion)) +} + if len(ls) == 0 { + return +} + +telemetry.SetGaugeWithLabels([]string{"server", "info" +}, 1, ls) +} + +func getCtx(svrCtx *Context, block bool) (*errgroup.Group, context.Context) { + ctx, cancelFn := context.WithCancel(context.Background()) + +g, ctx := errgroup.WithContext(ctx) + // listen for quit signals so the calling parent process can gracefully exit + ListenForQuitSignals(g, block, cancelFn, svrCtx.Logger) + +return g, ctx +} + +func startApp(svrCtx *Context, appCreator types.AppCreator, opts StartCmdOptions) (app types.Application, cleanupFn func(), err error) { + traceWriter, traceCleanupFn, err := setupTraceWriter(svrCtx) + if err != nil { + return app, traceCleanupFn, err +} + home := svrCtx.Config.RootDir + db, err := opts.DBOpener(home, GetAppDBBackend(svrCtx.Viper)) + if err != nil { + return app, traceCleanupFn, err +} + if isTestnet, ok := svrCtx.Viper.Get(KeyIsTestnet).(bool); ok && isTestnet { + app, err = testnetify(svrCtx, appCreator, db, traceWriter) + if err != nil { + return app, traceCleanupFn, err +} + +} + +else { + app = appCreator(svrCtx.Logger, db, traceWriter, svrCtx.Viper) +} + +cleanupFn = func() { + traceCleanupFn() + if localErr := app.Close(); localErr != nil { + svrCtx.Logger.Error(localErr.Error()) +} + +} + +return app, cleanupFn, nil +} + +// InPlaceTestnetCreator utilizes the provided chainID and operatorAddress as well as the local private validator key to +// control the network represented in the data folder. This is useful to create testnets nearly identical to your +// mainnet environment. +func InPlaceTestnetCreator(testnetAppCreator types.AppCreator) *cobra.Command { + opts := StartCmdOptions{ +} + if opts.DBOpener == nil { + opts.DBOpener = openDB +} + if opts.StartCommandHandler == nil { + opts.StartCommandHandler = start +} + cmd := &cobra.Command{ + Use: "in-place-testnet [newChainID] [newOperatorAddress]", + Short: "Create and start a testnet from current local state", + Long: `Create and start a testnet from current local state. +After utilizing this command the network will start. If the network is stopped, +the normal "start" command should be used. Re-using this command on state that +has already been modified by this command could result in unexpected behavior. + +Additionally, the first block may take up to one minute to be committed, depending +on how old the block is. For instance, if a snapshot was taken weeks ago and we want +to turn this into a testnet, it is possible lots of pending state needs to be committed +(expiring locks, etc.). It is recommended that you should wait for this block to be committed +before stopping the daemon. + +If the --trigger-testnet-upgrade flag is set, the upgrade handler specified by the flag will be run +on the first block of the testnet. + +Regardless of whether the flag is set or not, if any new stores are introduced in the daemon being run, +those stores will be registered in order to prevent panics. Therefore, you only need to set the flag if +you want to test the upgrade handler itself. +`, + Example: "in-place-testnet localosmosis osmo12smx2wdlyttvyzvzg54y2vnqwq2qjateuf7thj", + Args: cobra.ExactArgs(2), + RunE: func(cmd *cobra.Command, args []string) + +error { + serverCtx := GetServerContextFromCmd(cmd) + _, err := GetPruningOptionsFromFlags(serverCtx.Viper) + if err != nil { + return err +} + +clientCtx, err := client.GetClientQueryContext(cmd) + if err != nil { + return err +} + +withCMT, _ := cmd.Flags().GetBool(flagWithComet) + if !withCMT { + serverCtx.Logger.Info("starting ABCI without CometBFT") +} + newChainID := args[0] + newOperatorAddress := args[1] + + skipConfirmation, _ := cmd.Flags().GetBool("skip-confirmation") + if !skipConfirmation { + // Confirmation prompt to prevent accidental modification of state. + reader := bufio.NewReader(os.Stdin) + +fmt.Println("This operation will modify state in your data folder and cannot be undone. Do you want to continue? (y/n)") + +text, _ := reader.ReadString('\n') + response := strings.TrimSpace(strings.ToLower(text)) + if response != "y" && response != "yes" { + fmt.Println("Operation canceled.") + +return nil +} + +} + + // Set testnet keys to be used by the application. + // This is done to prevent changes to existing start API. + serverCtx.Viper.Set(KeyIsTestnet, true) + +serverCtx.Viper.Set(KeyNewChainID, newChainID) + +serverCtx.Viper.Set(KeyNewOpAddr, newOperatorAddress) + +err = wrapCPUProfile(serverCtx, func() + +error { + return opts.StartCommandHandler(serverCtx, clientCtx, testnetAppCreator, withCMT, opts) +}) + +serverCtx.Logger.Debug("received quit signal") + +graceDuration, _ := cmd.Flags().GetDuration(FlagShutdownGrace) + if graceDuration > 0 { + serverCtx.Logger.Info("graceful shutdown start", FlagShutdownGrace, graceDuration) + <-time.After(graceDuration) + +serverCtx.Logger.Info("graceful shutdown complete") +} + +return err +}, +} + +addStartNodeFlags(cmd, opts) + +cmd.Flags().String(KeyTriggerTestnetUpgrade, "", "If set (example: \"v21\"), triggers the v21 upgrade handler to run on the first block of the testnet") + +cmd.Flags().Bool("skip-confirmation", false, "Skip the confirmation prompt") + +return cmd +} + +// testnetify modifies both state and blockStore, allowing the provided operator address and local validator key to control the network +// that the state in the data folder represents. The chainID of the local genesis file is modified to match the provided chainID. +func testnetify(ctx *Context, testnetAppCreator types.AppCreator, db dbm.DB, traceWriter io.WriteCloser) (types.Application, error) { + config := ctx.Config + + newChainID, ok := ctx.Viper.Get(KeyNewChainID).(string) + if !ok { + return nil, fmt.Errorf("expected string for key %s", KeyNewChainID) +} + + // Modify app genesis chain ID and save to genesis file. + genFilePath := config.GenesisFile() + +appGen, err := genutiltypes.AppGenesisFromFile(genFilePath) + if err != nil { + return nil, err +} + +appGen.ChainID = newChainID + if err := appGen.ValidateAndComplete(); err != nil { + return nil, err +} + if err := appGen.SaveAs(genFilePath); err != nil { + return nil, err +} + + // Regenerate addrbook.json to prevent peers on old network from causing error logs. + addrBookPath := filepath.Join(config.RootDir, "config", "addrbook.json") + if err := os.Remove(addrBookPath); err != nil && !os.IsNotExist(err) { + return nil, fmt.Errorf("failed to remove existing addrbook.json: %w", err) +} + emptyAddrBook := []byte("{ +}") + if err := os.WriteFile(addrBookPath, emptyAddrBook, 0o600); err != nil { + return nil, fmt.Errorf("failed to create empty addrbook.json: %w", err) +} + + // Load the comet genesis doc provider. + genDocProvider := node.DefaultGenesisDocProviderFunc(config) + + // Initialize blockStore and stateDB. + blockStoreDB, err := cmtcfg.DefaultDBProvider(&cmtcfg.DBContext{ + ID: "blockstore", + Config: config +}) + if err != nil { + return nil, err +} + blockStore := store.NewBlockStore(blockStoreDB) + +stateDB, err := cmtcfg.DefaultDBProvider(&cmtcfg.DBContext{ + ID: "state", + Config: config +}) + if err != nil { + return nil, err +} + +defer blockStore.Close() + +defer stateDB.Close() + privValidator := pvm.LoadOrGenFilePV(config.PrivValidatorKeyFile(), config.PrivValidatorStateFile()) + +userPubKey, err := privValidator.GetPubKey() + if err != nil { + return nil, err +} + validatorAddress := userPubKey.Address() + stateStore := sm.NewStore(stateDB, sm.StoreOptions{ + DiscardABCIResponses: config.Storage.DiscardABCIResponses, +}) + +state, genDoc, err := node.LoadStateFromDBOrGenesisDocProvider(stateDB, genDocProvider) + if err != nil { + return nil, err +} + +ctx.Viper.Set(KeyNewValAddr, validatorAddress) + +ctx.Viper.Set(KeyUserPubKey, userPubKey) + testnetApp := testnetAppCreator(ctx.Logger, db, traceWriter, ctx.Viper) + + // We need to create a temporary proxyApp to get the initial state of the application. + // Depending on how the node was stopped, the application height can differ from the blockStore height. + // This height difference changes how we go about modifying the state. + cmtApp := NewCometABCIWrapper(testnetApp) + _, context := getCtx(ctx, true) + clientCreator := proxy.NewLocalClientCreator(cmtApp) + metrics := node.DefaultMetricsProvider(cmtcfg.DefaultConfig().Instrumentation) + _, _, _, _, proxyMetrics, _, _ := metrics(genDoc.ChainID) + proxyApp := proxy.NewAppConns(clientCreator, proxyMetrics) + if err := proxyApp.Start(); err != nil { + return nil, fmt.Errorf("error starting proxy app connections: %w", err) +} + +res, err := proxyApp.Query().Info(context, proxy.RequestInfo) + if err != nil { + return nil, fmt.Errorf("error calling Info: %w", err) +} + +err = proxyApp.Stop() + if err != nil { + return nil, err +} + appHash := res.LastBlockAppHash + appHeight := res.LastBlockHeight + + var block *cmttypes.Block + switch { + case appHeight == blockStore.Height(): + block = blockStore.LoadBlock(blockStore.Height()) + // If the state's last blockstore height does not match the app and blockstore height, we likely stopped with the halt height flag. + if state.LastBlockHeight != appHeight { + state.LastBlockHeight = appHeight + block.AppHash = appHash + state.AppHash = appHash +} + +else { + // Node was likely stopped via SIGTERM, delete the next block's seen commit + err := blockStoreDB.Delete(fmt.Appendf(nil, "SC:%v", blockStore.Height()+1)) + if err != nil { + return nil, err +} + +} + case blockStore.Height() > state.LastBlockHeight: + // This state usually occurs when we gracefully stop the node. + err = blockStore.DeleteLatestBlock() + if err != nil { + return nil, err +} + +block = blockStore.LoadBlock(blockStore.Height()) + +default: + // If there is any other state, we just load the block + block = blockStore.LoadBlock(blockStore.Height()) +} + +block.ChainID = newChainID + state.ChainID = newChainID + + block.LastBlockID = state.LastBlockID + block.LastCommit.BlockID = state.LastBlockID + + // Create a vote from our validator + vote := cmttypes.Vote{ + Type: cmtproto.PrecommitType, + Height: state.LastBlockHeight, + Round: 0, + BlockID: state.LastBlockID, + Timestamp: time.Now(), + ValidatorAddress: validatorAddress, + ValidatorIndex: 0, + Signature: []byte{ +}, +} + + // Sign the vote, and copy the proto changes from the act of signing to the vote itself + voteProto := vote.ToProto() + +err = privValidator.SignVote(newChainID, voteProto) + if err != nil { + return nil, err +} + +vote.Signature = voteProto.Signature + vote.Timestamp = voteProto.Timestamp + + // Modify the block's lastCommit to be signed only by our validator + block.LastCommit.Signatures[0].ValidatorAddress = validatorAddress + block.LastCommit.Signatures[0].Signature = vote.Signature + block.LastCommit.Signatures = []cmttypes.CommitSig{ + block.LastCommit.Signatures[0] +} + + // Load the seenCommit of the lastBlockHeight and modify it to be signed from our validator + seenCommit := blockStore.LoadSeenCommit(state.LastBlockHeight) + +seenCommit.BlockID = state.LastBlockID + seenCommit.Round = vote.Round + seenCommit.Signatures[0].Signature = vote.Signature + seenCommit.Signatures[0].ValidatorAddress = validatorAddress + seenCommit.Signatures[0].Timestamp = vote.Timestamp + seenCommit.Signatures = []cmttypes.CommitSig{ + seenCommit.Signatures[0] +} + +err = blockStore.SaveSeenCommit(state.LastBlockHeight, seenCommit) + if err != nil { + return nil, err +} + + // Create ValidatorSet struct containing just our valdiator. + newVal := &cmttypes.Validator{ + Address: validatorAddress, + PubKey: userPubKey, + VotingPower: 900000000000000, +} + newValSet := &cmttypes.ValidatorSet{ + Validators: []*cmttypes.Validator{ + newVal +}, + Proposer: newVal, +} + + // Replace all valSets in state to be the valSet with just our validator. + state.Validators = newValSet + state.LastValidators = newValSet + state.NextValidators = newValSet + state.LastHeightValidatorsChanged = blockStore.Height() + +err = stateStore.Save(state) + if err != nil { + return nil, err +} + + // Create a ValidatorsInfo struct to store in stateDB. + valSet, err := state.Validators.ToProto() + if err != nil { + return nil, err +} + valInfo := &cmtstate.ValidatorsInfo{ + ValidatorSet: valSet, + LastHeightChanged: state.LastBlockHeight, +} + +buf, err := valInfo.Marshal() + if err != nil { + return nil, err +} + + // Modfiy Validators stateDB entry. + err = stateDB.Set(fmt.Appendf(nil, "validatorsKey:%v", blockStore.Height()), buf) + if err != nil { + return nil, err +} + + // Modify LastValidators stateDB entry. + err = stateDB.Set(fmt.Appendf(nil, "validatorsKey:%v", blockStore.Height()-1), buf) + if err != nil { + return nil, err +} + + // Modify NextValidators stateDB entry. + err = stateDB.Set(fmt.Appendf(nil, "validatorsKey:%v", blockStore.Height()+1), buf) + if err != nil { + return nil, err +} + + // Since we modified the chainID, we set the new genesisDoc in the stateDB. + b, err := cmtjson.Marshal(genDoc) + if err != nil { + return nil, err +} + if err := stateDB.SetSync([]byte("genesisDoc"), b); err != nil { + return nil, err +} + +return testnetApp, err +} + +// addStartNodeFlags should be added to any CLI commands that start the network. +func addStartNodeFlags(cmd *cobra.Command, opts StartCmdOptions) { + cmd.Flags().Bool(flagWithComet, true, "Run abci app embedded in-process with CometBFT") + +cmd.Flags().String(flagAddress, "tcp://127.0.0.1:26658", "Listen address") + +cmd.Flags().String(flagTransport, "socket", "Transport protocol: socket, grpc") + +cmd.Flags().String(flagTraceStore, "", "Enable KVStore tracing to an output file") + +cmd.Flags().String(FlagMinGasPrices, "", "Minimum gas prices to accept for transactions; Any fee in a tx must meet this minimum (e.g. 0.01photino;0.0001stake)") + +cmd.Flags().Uint64(FlagQueryGasLimit, 0, "Maximum gas a Rest/Grpc query can consume. Blank and 0 imply unbounded.") + +cmd.Flags().IntSlice(FlagUnsafeSkipUpgrades, []int{ +}, "Skip a set of upgrade heights to continue the old binary") + +cmd.Flags().Uint64(FlagHaltHeight, 0, "Block height at which to gracefully halt the chain and shutdown the node") + +cmd.Flags().Uint64(FlagHaltTime, 0, "Minimum block time (in Unix seconds) + +at which to gracefully halt the chain and shutdown the node") + +cmd.Flags().Bool(FlagInterBlockCache, true, "Enable inter-block caching") + +cmd.Flags().String(flagCPUProfile, "", "Enable CPU profiling and write to the provided file") + +cmd.Flags().Bool(FlagTrace, false, "Provide full stack traces for errors in ABCI Log") + +cmd.Flags().String(FlagPruning, pruningtypes.PruningOptionDefault, "Pruning strategy (default|nothing|everything|custom)") + +cmd.Flags().Uint64(FlagPruningKeepRecent, 0, "Number of recent heights to keep on disk (ignored if pruning is not 'custom')") + +cmd.Flags().Uint64(FlagPruningInterval, 0, "Height interval at which pruned heights are removed from disk (ignored if pruning is not 'custom')") + +cmd.Flags().Uint(FlagInvCheckPeriod, 0, "Assert registered invariants every N blocks") + +cmd.Flags().Uint64(FlagMinRetainBlocks, 0, "Minimum block height offset during ABCI commit to prune CometBFT blocks") + +cmd.Flags().Bool(FlagAPIEnable, false, "Define if the API server should be enabled") + +cmd.Flags().Bool(FlagAPISwagger, false, "Define if swagger documentation should automatically be registered (Note: the API must also be enabled)") + +cmd.Flags().String(FlagAPIAddress, serverconfig.DefaultAPIAddress, "the API server address to listen on") + +cmd.Flags().Uint(FlagAPIMaxOpenConnections, 1000, "Define the number of maximum open connections") + +cmd.Flags().Uint(FlagRPCReadTimeout, 10, "Define the CometBFT RPC read timeout (in seconds)") + +cmd.Flags().Uint(FlagRPCWriteTimeout, 0, "Define the CometBFT RPC write timeout (in seconds)") + +cmd.Flags().Uint(FlagRPCMaxBodyBytes, 1000000, "Define the CometBFT maximum request body (in bytes)") + +cmd.Flags().Bool(FlagAPIEnableUnsafeCORS, false, "Define if CORS should be enabled (unsafe - use it at your own risk)") + +cmd.Flags().Bool(flagGRPCOnly, false, "Start the node in gRPC query only mode (no CometBFT process is started)") + +cmd.Flags().Bool(flagGRPCEnable, true, "Define if the gRPC server should be enabled") + +cmd.Flags().String(flagGRPCAddress, serverconfig.DefaultGRPCAddress, "the gRPC server address to listen on") + +cmd.Flags().Bool(flagGRPCWebEnable, true, "Define if the gRPC-Web server should be enabled. (Note: gRPC must also be enabled)") + +cmd.Flags().Uint64(FlagStateSyncSnapshotInterval, 0, "State sync snapshot interval") + +cmd.Flags().Uint32(FlagStateSyncSnapshotKeepRecent, 2, "State sync snapshot to keep") + +cmd.Flags().Bool(FlagDisableIAVLFastNode, false, "Disable fast node for IAVL tree") + +cmd.Flags().Int(FlagMempoolMaxTxs, mempool.DefaultMaxTx, "Sets MaxTx value for the app-side mempool") + +cmd.Flags().Duration(FlagShutdownGrace, 0*time.Second, "On Shutdown, duration to wait for resource clean up") + + // support old flags name for backwards compatibility + cmd.Flags().SetNormalizeFunc(func(f *pflag.FlagSet, name string) + +pflag.NormalizedName { + if name == "with-tendermint" { + name = flagWithComet +} + +return pflag.NormalizedName(name) +}) + + // add support for all CometBFT-specific command line options + cmtcmd.AddNodeFlags(cmd) + if opts.AddFlags != nil { + opts.AddFlags(cmd) +} +} +``` + +Upon starting, the node will bootstrap its RPC and P2P server and start dialing peers. During handshake with its peers, if the node realizes they are ahead, it will query all the blocks sequentially in order to catch up. Then, it will wait for new block proposals and block signatures from validators in order to make progress. + +## Other commands + +To discover how to concretely run a node and interact with it, please refer to our [Running a Node, API and CLI](/docs/sdk/vnext/user/run-node/run-node) guide. diff --git a/docs/sdk/next/learn/advanced/ocap.mdx b/docs/sdk/next/learn/advanced/ocap.mdx new file mode 100644 index 00000000..6e754f6a --- /dev/null +++ b/docs/sdk/next/learn/advanced/ocap.mdx @@ -0,0 +1,1097 @@ +--- +title: Object-Capability Model +description: >- + When thinking about security, it is good to start with a specific threat + model. Our threat model is the following: +--- +## Intro + +When thinking about security, it is good to start with a specific threat model. Our threat model is the following: + +> We assume that a thriving ecosystem of Cosmos SDK modules that are easy to compose into a blockchain application will contain faulty or malicious modules. + +The Cosmos SDK is designed to address this threat by being the +foundation of an object capability system. + +> The structural properties of object capability systems favor +> modularity in code design and ensure reliable encapsulation in +> code implementation. +> +> These structural properties facilitate the analysis of some +> security properties of an object-capability program or operating +> system. Some of these — in particular, information flow properties +> — can be analyzed at the level of object references and +> connectivity, independent of any knowledge or analysis of the code +> that determines the behavior of the objects. +> +> As a consequence, these security properties can be established +> and maintained in the presence of new objects that contain unknown +> and possibly malicious code. +> +> These structural properties stem from the two rules governing +> access to existing objects: +> +> 1. An object A can send a message to B only if object A holds a +> reference to B. +> 2. An object A can obtain a reference to C only +> if object A receives a message containing a reference to C. As a +> consequence of these two rules, an object can obtain a reference +> to another object only through a preexisting chain of references. +> In short, "Only connectivity begets connectivity." + +For an introduction to object-capabilities, see this [Wikipedia article](https://en.wikipedia.org/wiki/Object-capability_model). + +## Ocaps in practice + +The idea is to only reveal what is necessary to get the work done. + +For example, the following code snippet violates the object capabilities +principle: + +```go +type AppAccount struct {... +} + account := &AppAccount{ + Address: pub.Address(), + Coins: sdk.Coins{ + sdk.NewInt64Coin("ATM", 100) +}, +} + sumValue := externalModule.ComputeSumValue(account) +``` + +The method `ComputeSumValue` implies a pure function, yet the implied +capability of accepting a pointer value is the capability to modify that +value. The preferred method signature should take a copy instead. + +```go +sumValue := externalModule.ComputeSumValue(*account) +``` + +In the Cosmos SDK, you can see the application of this principle in simapp. + +```go expandable +//go:build app_v1 + +package simapp + +import ( + + "encoding/json" + "fmt" + "io" + "maps" + "os" + + abci "github.com/cometbft/cometbft/abci/types" + dbm "github.com/cosmos/cosmos-db" + "github.com/cosmos/gogoproto/proto" + "github.com/spf13/cast" + + autocliv1 "cosmossdk.io/api/cosmos/autocli/v1" + reflectionv1 "cosmossdk.io/api/cosmos/reflection/v1" + "cosmossdk.io/client/v2/autocli" + clienthelpers "cosmossdk.io/client/v2/helpers" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/log" + storetypes "cosmossdk.io/store/types" + "cosmossdk.io/x/circuit" + circuitkeeper "cosmossdk.io/x/circuit/keeper" + circuittypes "cosmossdk.io/x/circuit/types" + "cosmossdk.io/x/evidence" + evidencekeeper "cosmossdk.io/x/evidence/keeper" + evidencetypes "cosmossdk.io/x/evidence/types" + "cosmossdk.io/x/feegrant" + feegrantkeeper "cosmossdk.io/x/feegrant/keeper" + feegrantmodule "cosmossdk.io/x/feegrant/module" + "cosmossdk.io/x/nft" + nftkeeper "cosmossdk.io/x/nft/keeper" + nftmodule "cosmossdk.io/x/nft/module" + "cosmossdk.io/x/tx/signing" + "cosmossdk.io/x/upgrade" + upgradekeeper "cosmossdk.io/x/upgrade/keeper" + upgradetypes "cosmossdk.io/x/upgrade/types" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/client/flags" + "github.com/cosmos/cosmos-sdk/client/grpc/cmtservice" + nodeservice "github.com/cosmos/cosmos-sdk/client/grpc/node" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/address" + "github.com/cosmos/cosmos-sdk/codec/types" + "github.com/cosmos/cosmos-sdk/runtime" + runtimeservices "github.com/cosmos/cosmos-sdk/runtime/services" + "github.com/cosmos/cosmos-sdk/server" + "github.com/cosmos/cosmos-sdk/server/api" + "github.com/cosmos/cosmos-sdk/server/config" + servertypes "github.com/cosmos/cosmos-sdk/server/types" + "github.com/cosmos/cosmos-sdk/std" + testdata_pulsar "github.com/cosmos/cosmos-sdk/testutil/testdata/testpb" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/module" + "github.com/cosmos/cosmos-sdk/types/msgservice" + sigtypes "github.com/cosmos/cosmos-sdk/types/tx/signing" + "github.com/cosmos/cosmos-sdk/version" + "github.com/cosmos/cosmos-sdk/x/auth" + "github.com/cosmos/cosmos-sdk/x/auth/ante" + authcodec "github.com/cosmos/cosmos-sdk/x/auth/codec" + authkeeper "github.com/cosmos/cosmos-sdk/x/auth/keeper" + "github.com/cosmos/cosmos-sdk/x/auth/posthandler" + authsims "github.com/cosmos/cosmos-sdk/x/auth/simulation" + "github.com/cosmos/cosmos-sdk/x/auth/tx" + authtx "github.com/cosmos/cosmos-sdk/x/auth/tx" + txmodule "github.com/cosmos/cosmos-sdk/x/auth/tx/config" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + "github.com/cosmos/cosmos-sdk/x/auth/vesting" + vestingtypes "github.com/cosmos/cosmos-sdk/x/auth/vesting/types" + "github.com/cosmos/cosmos-sdk/x/authz" + authzkeeper "github.com/cosmos/cosmos-sdk/x/authz/keeper" + authzmodule "github.com/cosmos/cosmos-sdk/x/authz/module" + "github.com/cosmos/cosmos-sdk/x/bank" + bankkeeper "github.com/cosmos/cosmos-sdk/x/bank/keeper" + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" + consensus "github.com/cosmos/cosmos-sdk/x/consensus" + consensusparamkeeper "github.com/cosmos/cosmos-sdk/x/consensus/keeper" + consensusparamtypes "github.com/cosmos/cosmos-sdk/x/consensus/types" + distr "github.com/cosmos/cosmos-sdk/x/distribution" + distrkeeper "github.com/cosmos/cosmos-sdk/x/distribution/keeper" + distrtypes "github.com/cosmos/cosmos-sdk/x/distribution/types" + "github.com/cosmos/cosmos-sdk/x/epochs" + epochskeeper "github.com/cosmos/cosmos-sdk/x/epochs/keeper" + epochstypes "github.com/cosmos/cosmos-sdk/x/epochs/types" + "github.com/cosmos/cosmos-sdk/x/genutil" + genutiltypes "github.com/cosmos/cosmos-sdk/x/genutil/types" + "github.com/cosmos/cosmos-sdk/x/gov" + govclient "github.com/cosmos/cosmos-sdk/x/gov/client" + govkeeper "github.com/cosmos/cosmos-sdk/x/gov/keeper" + govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" + govv1beta1 "github.com/cosmos/cosmos-sdk/x/gov/types/v1beta1" + "github.com/cosmos/cosmos-sdk/x/group" + groupkeeper "github.com/cosmos/cosmos-sdk/x/group/keeper" + groupmodule "github.com/cosmos/cosmos-sdk/x/group/module" + "github.com/cosmos/cosmos-sdk/x/mint" + mintkeeper "github.com/cosmos/cosmos-sdk/x/mint/keeper" + minttypes "github.com/cosmos/cosmos-sdk/x/mint/types" + "github.com/cosmos/cosmos-sdk/x/protocolpool" + protocolpoolkeeper "github.com/cosmos/cosmos-sdk/x/protocolpool/keeper" + protocolpooltypes "github.com/cosmos/cosmos-sdk/x/protocolpool/types" + "github.com/cosmos/cosmos-sdk/x/slashing" + slashingkeeper "github.com/cosmos/cosmos-sdk/x/slashing/keeper" + slashingtypes "github.com/cosmos/cosmos-sdk/x/slashing/types" + "github.com/cosmos/cosmos-sdk/x/staking" + stakingkeeper "github.com/cosmos/cosmos-sdk/x/staking/keeper" + stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types" +) + +const appName = "SimApp" + +var ( + // DefaultNodeHome default home directories for the application daemon + DefaultNodeHome string + + // module account permissions + maccPerms = map[string][]string{ + authtypes.FeeCollectorName: nil, + distrtypes.ModuleName: nil, + minttypes.ModuleName: { + authtypes.Minter +}, + stakingtypes.BondedPoolName: { + authtypes.Burner, authtypes.Staking +}, + stakingtypes.NotBondedPoolName: { + authtypes.Burner, authtypes.Staking +}, + govtypes.ModuleName: { + authtypes.Burner +}, + nft.ModuleName: nil, + protocolpooltypes.ModuleName: nil, + protocolpooltypes.ProtocolPoolEscrowAccount: nil +} +) + +var ( + _ runtime.AppI = (*SimApp)(nil) + _ servertypes.Application = (*SimApp)(nil) +) + +// SimApp extends an ABCI application, but with most of its parameters exported. +// They are exported for convenience in creating helper functions, as object +// capabilities aren't needed for testing. +type SimApp struct { + *baseapp.BaseApp + legacyAmino *codec.LegacyAmino + appCodec codec.Codec + txConfig client.TxConfig + interfaceRegistry types.InterfaceRegistry + + // keys to access the substores + keys map[string]*storetypes.KVStoreKey + + // essential keepers + AccountKeeper authkeeper.AccountKeeper + BankKeeper bankkeeper.BaseKeeper + StakingKeeper *stakingkeeper.Keeper + SlashingKeeper slashingkeeper.Keeper + MintKeeper mintkeeper.Keeper + DistrKeeper distrkeeper.Keeper + GovKeeper govkeeper.Keeper + UpgradeKeeper *upgradekeeper.Keeper + EvidenceKeeper evidencekeeper.Keeper + ConsensusParamsKeeper consensusparamkeeper.Keeper + CircuitKeeper circuitkeeper.Keeper + + // supplementary keepers + FeeGrantKeeper feegrantkeeper.Keeper + GroupKeeper groupkeeper.Keeper + AuthzKeeper authzkeeper.Keeper + NFTKeeper nftkeeper.Keeper + EpochsKeeper epochskeeper.Keeper + ProtocolPoolKeeper protocolpoolkeeper.Keeper + + // the module manager + ModuleManager *module.Manager + BasicModuleManager module.BasicManager + + // simulation manager + sm *module.SimulationManager + + // module configurator + configurator module.Configurator +} + +func init() { + var err error + DefaultNodeHome, err = clienthelpers.GetNodeHomeDirectory(".simapp") + if err != nil { + panic(err) +} +} + +// NewSimApp returns a reference to an initialized SimApp. +func NewSimApp( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), +) *SimApp { + interfaceRegistry, _ := types.NewInterfaceRegistryWithOptions(types.InterfaceRegistryOptions{ + ProtoFiles: proto.HybridResolver, + SigningOptions: signing.Options{ + AddressCodec: address.Bech32Codec{ + Bech32Prefix: sdk.GetConfig().GetBech32AccountAddrPrefix(), +}, + ValidatorAddressCodec: address.Bech32Codec{ + Bech32Prefix: sdk.GetConfig().GetBech32ValidatorAddrPrefix(), +}, +}, +}) + appCodec := codec.NewProtoCodec(interfaceRegistry) + legacyAmino := codec.NewLegacyAmino() + txConfig := tx.NewTxConfig(appCodec, tx.DefaultSignModes) + if err := interfaceRegistry.SigningContext().Validate(); err != nil { + panic(err) +} + +std.RegisterLegacyAminoCodec(legacyAmino) + +std.RegisterInterfaces(interfaceRegistry) + + // Below we could construct and set an application specific mempool and + // ABCI 1.0 PrepareProposal and ProcessProposal handlers. These defaults are + // already set in the SDK's BaseApp, this shows an example of how to override + // them. + // + // Example: + // + // bApp := baseapp.NewBaseApp(...) + // nonceMempool := mempool.NewSenderNonceMempool() + // abciPropHandler := NewDefaultProposalHandler(nonceMempool, bApp) + // + // bApp.SetMempool(nonceMempool) + // bApp.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // bApp.SetProcessProposal(abciPropHandler.ProcessProposalHandler()) + // + // Alternatively, you can construct BaseApp options, append those to + // baseAppOptions and pass them to NewBaseApp. + // + // Example: + // + // prepareOpt = func(app *baseapp.BaseApp) { + // abciPropHandler := baseapp.NewDefaultProposalHandler(nonceMempool, app) + // app.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // +} + // baseAppOptions = append(baseAppOptions, prepareOpt) + + // create and set dummy vote extension handler + voteExtOp := func(bApp *baseapp.BaseApp) { + voteExtHandler := NewVoteExtensionHandler() + +voteExtHandler.SetHandlers(bApp) +} + +baseAppOptions = append(baseAppOptions, voteExtOp, baseapp.SetOptimisticExecution()) + bApp := baseapp.NewBaseApp(appName, logger, db, txConfig.TxDecoder(), baseAppOptions...) + +bApp.SetCommitMultiStoreTracer(traceStore) + +bApp.SetVersion(version.Version) + +bApp.SetInterfaceRegistry(interfaceRegistry) + +bApp.SetTxEncoder(txConfig.TxEncoder()) + keys := storetypes.NewKVStoreKeys( + authtypes.StoreKey, + banktypes.StoreKey, + stakingtypes.StoreKey, + minttypes.StoreKey, + distrtypes.StoreKey, + slashingtypes.StoreKey, + govtypes.StoreKey, + consensusparamtypes.StoreKey, + upgradetypes.StoreKey, + feegrant.StoreKey, + evidencetypes.StoreKey, + circuittypes.StoreKey, + authzkeeper.StoreKey, + nftkeeper.StoreKey, + group.StoreKey, + epochstypes.StoreKey, + protocolpooltypes.StoreKey, + ) + + // register streaming services + if err := bApp.RegisterStreamingServices(appOpts, keys); err != nil { + panic(err) +} + app := &SimApp{ + BaseApp: bApp, + legacyAmino: legacyAmino, + appCodec: appCodec, + txConfig: txConfig, + interfaceRegistry: interfaceRegistry, + keys: keys, +} + + // set the BaseApp's parameter store + app.ConsensusParamsKeeper = consensusparamkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[consensusparamtypes.StoreKey]), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + runtime.EventService{ +}, + ) + +bApp.SetParamStore(app.ConsensusParamsKeeper.ParamsStore) + + // add keepers + app.AccountKeeper = authkeeper.NewAccountKeeper( + appCodec, + runtime.NewKVStoreService(keys[authtypes.StoreKey]), + authtypes.ProtoBaseAccount, + maccPerms, + authcodec.NewBech32Codec(sdk.Bech32MainPrefix), + sdk.Bech32MainPrefix, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + +app.BankKeeper = bankkeeper.NewBaseKeeper( + appCodec, + runtime.NewKVStoreService(keys[banktypes.StoreKey]), + app.AccountKeeper, + BlockedAddresses(), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + logger, + ) + + // optional: enable sign mode textual by overwriting the default tx config (after setting the bank keeper) + enabledSignModes := append(tx.DefaultSignModes, sigtypes.SignMode_SIGN_MODE_TEXTUAL) + txConfigOpts := tx.ConfigOptions{ + EnabledSignModes: enabledSignModes, + TextualCoinMetadataQueryFn: txmodule.NewBankKeeperCoinMetadataQueryFn(app.BankKeeper), +} + +txConfig, err := tx.NewTxConfigWithOptions( + appCodec, + txConfigOpts, + ) + if err != nil { + panic(err) +} + +app.txConfig = txConfig + + app.StakingKeeper = stakingkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[stakingtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + authcodec.NewBech32Codec(sdk.Bech32PrefixValAddr), + authcodec.NewBech32Codec(sdk.Bech32PrefixConsAddr), + ) + +app.MintKeeper = mintkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[minttypes.StoreKey]), + app.StakingKeeper, + app.AccountKeeper, + app.BankKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + +app.ProtocolPoolKeeper = protocolpoolkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[protocolpooltypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + +app.DistrKeeper = distrkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[distrtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + app.StakingKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + distrkeeper.WithExternalCommunityPool(app.ProtocolPoolKeeper), + ) + +app.SlashingKeeper = slashingkeeper.NewKeeper( + appCodec, + legacyAmino, + runtime.NewKVStoreService(keys[slashingtypes.StoreKey]), + app.StakingKeeper, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + +app.FeeGrantKeeper = feegrantkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[feegrant.StoreKey]), + app.AccountKeeper, + ) + + // register the staking hooks + // NOTE: stakingKeeper above is passed by reference, so that it will contain these hooks + app.StakingKeeper.SetHooks( + stakingtypes.NewMultiStakingHooks( + app.DistrKeeper.Hooks(), + app.SlashingKeeper.Hooks(), + ), + ) + +app.CircuitKeeper = circuitkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[circuittypes.StoreKey]), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + app.AccountKeeper.AddressCodec(), + ) + +app.BaseApp.SetCircuitBreaker(&app.CircuitKeeper) + +app.AuthzKeeper = authzkeeper.NewKeeper( + runtime.NewKVStoreService(keys[authzkeeper.StoreKey]), + appCodec, + app.MsgServiceRouter(), + app.AccountKeeper, + ) + groupConfig := group.DefaultConfig() + /* + Example of setting group params: + groupConfig.MaxMetadataLen = 1000 + */ + app.GroupKeeper = groupkeeper.NewKeeper( + keys[group.StoreKey], + appCodec, + app.MsgServiceRouter(), + app.AccountKeeper, + groupConfig, + ) + + // get skipUpgradeHeights from the app options + skipUpgradeHeights := map[int64]bool{ +} + for _, h := range cast.ToIntSlice(appOpts.Get(server.FlagUnsafeSkipUpgrades)) { + skipUpgradeHeights[int64(h)] = true +} + homePath := cast.ToString(appOpts.Get(flags.FlagHome)) + // set the governance module account as the authority for conducting upgrades + app.UpgradeKeeper = upgradekeeper.NewKeeper( + skipUpgradeHeights, + runtime.NewKVStoreService(keys[upgradetypes.StoreKey]), + appCodec, + homePath, + app.BaseApp, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + + // Register the proposal types + // Deprecated: Avoid adding new handlers, instead use the new proposal flow + // by granting the governance module the right to execute the message. + // See: https://docs.cosmos.network/main/modules/gov#proposal-messages + govRouter := govv1beta1.NewRouter() + +govRouter.AddRoute(govtypes.RouterKey, govv1beta1.ProposalHandler) + govConfig := govtypes.DefaultConfig() + /* + Example of setting gov params: + govConfig.MaxMetadataLen = 10000 + */ + govKeeper := govkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[govtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + app.StakingKeeper, + app.DistrKeeper, + app.MsgServiceRouter(), + govConfig, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + + // Set legacy router for backwards compatibility with gov v1beta1 + govKeeper.SetLegacyRouter(govRouter) + +app.GovKeeper = *govKeeper.SetHooks( + govtypes.NewMultiGovHooks( + // register the governance hooks + ), + ) + +app.NFTKeeper = nftkeeper.NewKeeper( + runtime.NewKVStoreService(keys[nftkeeper.StoreKey]), + appCodec, + app.AccountKeeper, + app.BankKeeper, + ) + + // create evidence keeper with router + evidenceKeeper := evidencekeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[evidencetypes.StoreKey]), + app.StakingKeeper, + app.SlashingKeeper, + app.AccountKeeper.AddressCodec(), + runtime.ProvideCometInfoService(), + ) + // If evidence needs to be handled for the app, set routes in router here and seal + app.EvidenceKeeper = *evidenceKeeper + + app.EpochsKeeper = epochskeeper.NewKeeper( + runtime.NewKVStoreService(keys[epochstypes.StoreKey]), + appCodec, + ) + +app.EpochsKeeper.SetHooks( + epochstypes.NewMultiEpochHooks( + // insert epoch hooks receivers here + ), + ) + + /**** Module Options ****/ + + // NOTE: Any module instantiated in the module manager that is later modified + // must be passed by reference here. + app.ModuleManager = module.NewManager( + genutil.NewAppModule( + app.AccountKeeper, app.StakingKeeper, app, + txConfig, + ), + auth.NewAppModule(appCodec, app.AccountKeeper, authsims.RandomGenesisAccounts, nil), + vesting.NewAppModule(app.AccountKeeper, app.BankKeeper), + bank.NewAppModule(appCodec, app.BankKeeper, app.AccountKeeper, nil), + feegrantmodule.NewAppModule(appCodec, app.AccountKeeper, app.BankKeeper, app.FeeGrantKeeper, app.interfaceRegistry), + gov.NewAppModule(appCodec, &app.GovKeeper, app.AccountKeeper, app.BankKeeper, nil), + mint.NewAppModule(appCodec, app.MintKeeper, app.AccountKeeper, nil, nil), + slashing.NewAppModule(appCodec, app.SlashingKeeper, app.AccountKeeper, app.BankKeeper, app.StakingKeeper, nil, app.interfaceRegistry), + distr.NewAppModule(appCodec, app.DistrKeeper, app.AccountKeeper, app.BankKeeper, app.StakingKeeper, nil), + staking.NewAppModule(appCodec, app.StakingKeeper, app.AccountKeeper, app.BankKeeper, nil), + upgrade.NewAppModule(app.UpgradeKeeper, app.AccountKeeper.AddressCodec()), + evidence.NewAppModule(app.EvidenceKeeper), + authzmodule.NewAppModule(appCodec, app.AuthzKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry), + groupmodule.NewAppModule(appCodec, app.GroupKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry), + nftmodule.NewAppModule(appCodec, app.NFTKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry), + consensus.NewAppModule(appCodec, app.ConsensusParamsKeeper), + circuit.NewAppModule(appCodec, app.CircuitKeeper), + epochs.NewAppModule(appCodec, app.EpochsKeeper), + protocolpool.NewAppModule(appCodec, app.ProtocolPoolKeeper, app.AccountKeeper, app.BankKeeper), + ) + + // BasicModuleManager defines the module BasicManager is in charge of setting up basic, + // non-dependant module elements, such as codec registration and genesis verification. + // By default it is composed of all the module from the module manager. + // Additionally, app module basics can be overwritten by passing them as argument. + app.BasicModuleManager = module.NewBasicManagerFromManager( + app.ModuleManager, + map[string]module.AppModuleBasic{ + genutiltypes.ModuleName: genutil.NewAppModuleBasic(genutiltypes.DefaultMessageValidator), + govtypes.ModuleName: gov.NewAppModuleBasic( + []govclient.ProposalHandler{ +}, + ), +}) + +app.BasicModuleManager.RegisterLegacyAminoCodec(legacyAmino) + +app.BasicModuleManager.RegisterInterfaces(interfaceRegistry) + + // NOTE: upgrade module is required to be prioritized + app.ModuleManager.SetOrderPreBlockers( + upgradetypes.ModuleName, + authtypes.ModuleName, + ) + // During begin block slashing happens after distr.BeginBlocker so that + // there is nothing left over in the validator fee pool, so as to keep the + // CanWithdrawInvariant invariant. + // NOTE: staking module is required if HistoricalEntries param > 0 + app.ModuleManager.SetOrderBeginBlockers( + minttypes.ModuleName, + distrtypes.ModuleName, + protocolpooltypes.ModuleName, + slashingtypes.ModuleName, + evidencetypes.ModuleName, + stakingtypes.ModuleName, + genutiltypes.ModuleName, + authz.ModuleName, + epochstypes.ModuleName, + ) + +app.ModuleManager.SetOrderEndBlockers( + govtypes.ModuleName, + stakingtypes.ModuleName, + genutiltypes.ModuleName, + feegrant.ModuleName, + group.ModuleName, + protocolpooltypes.ModuleName, + ) + + // NOTE: The genutils module must occur after staking so that pools are + // properly initialized with tokens from genesis accounts. + // NOTE: The genutils module must also occur after auth so that it can access the params from auth. + genesisModuleOrder := []string{ + authtypes.ModuleName, + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + nft.ModuleName, + group.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + consensusparamtypes.ModuleName, + circuittypes.ModuleName, + epochstypes.ModuleName, + protocolpooltypes.ModuleName, +} + exportModuleOrder := []string{ + consensusparamtypes.ModuleName, + authtypes.ModuleName, + protocolpooltypes.ModuleName, // Must be exported before bank + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + nft.ModuleName, + group.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + circuittypes.ModuleName, + epochstypes.ModuleName, +} + +app.ModuleManager.SetOrderInitGenesis(genesisModuleOrder...) + +app.ModuleManager.SetOrderExportGenesis(exportModuleOrder...) + + // Uncomment if you want to set a custom migration order here. + // app.ModuleManager.SetOrderMigrations(custom order) + +app.configurator = module.NewConfigurator(app.appCodec, app.MsgServiceRouter(), app.GRPCQueryRouter()) + +err = app.ModuleManager.RegisterServices(app.configurator) + if err != nil { + panic(err) +} + + // RegisterUpgradeHandlers is used for registering any on-chain upgrades. + // Make sure it's called after `app.ModuleManager` and `app.configurator` are set. + app.RegisterUpgradeHandlers() + +autocliv1.RegisterQueryServer(app.GRPCQueryRouter(), runtimeservices.NewAutoCLIQueryService(app.ModuleManager.Modules)) + +reflectionSvc, err := runtimeservices.NewReflectionService() + if err != nil { + panic(err) +} + +reflectionv1.RegisterReflectionServiceServer(app.GRPCQueryRouter(), reflectionSvc) + + // add test gRPC service for testing gRPC queries in isolation + testdata_pulsar.RegisterQueryServer(app.GRPCQueryRouter(), testdata_pulsar.QueryImpl{ +}) + + // create the simulation manager and define the order of the modules for deterministic simulations + // + // NOTE: this is not required apps that don't use the simulator for fuzz testing + // transactions + overrideModules := map[string]module.AppModuleSimulation{ + authtypes.ModuleName: auth.NewAppModule(app.appCodec, app.AccountKeeper, authsims.RandomGenesisAccounts, nil), +} + +app.sm = module.NewSimulationManagerFromAppModules(app.ModuleManager.Modules, overrideModules) + +app.sm.RegisterStoreDecoders() + + // initialize stores + app.MountKVStores(keys) + + // initialize BaseApp + app.SetInitChainer(app.InitChainer) + +app.SetPreBlocker(app.PreBlocker) + +app.SetBeginBlocker(app.BeginBlocker) + +app.SetEndBlocker(app.EndBlocker) + +app.setAnteHandler(txConfig) + + // In v0.46, the SDK introduces _postHandlers_. PostHandlers are like + // antehandlers, but are run _after_ the `runMsgs` execution. They are also + // defined as a chain, and have the same signature as antehandlers. + // + // In baseapp, postHandlers are run in the same store branch as `runMsgs`, + // meaning that both `runMsgs` and `postHandler` state will be committed if + // both are successful, and both will be reverted if any of the two fails. + // + // The SDK exposes a default postHandlers chain + // + // Please note that changing any of the anteHandler or postHandler chain is + // likely to be a state-machine breaking change, which needs a coordinated + // upgrade. + app.setPostHandler() + + // At startup, after all modules have been registered, check that all prot + // annotations are correct. + protoFiles, err := proto.MergedRegistry() + if err != nil { + panic(err) +} + +err = msgservice.ValidateProtoAnnotations(protoFiles) + if err != nil { + // Once we switch to using protoreflect-based antehandlers, we might + // want to panic here instead of logging a warning. + fmt.Fprintln(os.Stderr, err.Error()) +} + if loadLatest { + if err := app.LoadLatestVersion(); err != nil { + panic(fmt.Errorf("error loading last version: %w", err)) +} + +} + +return app +} + +func (app *SimApp) + +setAnteHandler(txConfig client.TxConfig) { + anteHandler, err := NewAnteHandler( + HandlerOptions{ + ante.HandlerOptions{ + UnorderedNonceManager: app.AccountKeeper, + AccountKeeper: app.AccountKeeper, + BankKeeper: app.BankKeeper, + SignModeHandler: txConfig.SignModeHandler(), + FeegrantKeeper: app.FeeGrantKeeper, + SigGasConsumer: ante.DefaultSigVerificationGasConsumer, +}, + &app.CircuitKeeper, +}, + ) + if err != nil { + panic(err) +} + + // Set the AnteHandler for the app + app.SetAnteHandler(anteHandler) +} + +func (app *SimApp) + +setPostHandler() { + postHandler, err := posthandler.NewPostHandler( + posthandler.HandlerOptions{ +}, + ) + if err != nil { + panic(err) +} + +app.SetPostHandler(postHandler) +} + +// Name returns the name of the App +func (app *SimApp) + +Name() + +string { + return app.BaseApp.Name() +} + +// PreBlocker application updates every pre block +func (app *SimApp) + +PreBlocker(ctx sdk.Context, _ *abci.RequestFinalizeBlock) (*sdk.ResponsePreBlock, error) { + return app.ModuleManager.PreBlock(ctx) +} + +// BeginBlocker application updates every begin block +func (app *SimApp) + +BeginBlocker(ctx sdk.Context) (sdk.BeginBlock, error) { + return app.ModuleManager.BeginBlock(ctx) +} + +// EndBlocker application updates every end block +func (app *SimApp) + +EndBlocker(ctx sdk.Context) (sdk.EndBlock, error) { + return app.ModuleManager.EndBlock(ctx) +} + +func (a *SimApp) + +Configurator() + +module.Configurator { + return a.configurator +} + +// InitChainer application update at chain initialization +func (app *SimApp) + +InitChainer(ctx sdk.Context, req *abci.RequestInitChain) (*abci.ResponseInitChain, error) { + var genesisState GenesisState + if err := json.Unmarshal(req.AppStateBytes, &genesisState); err != nil { + panic(err) +} + +app.UpgradeKeeper.SetModuleVersionMap(ctx, app.ModuleManager.GetVersionMap()) + +return app.ModuleManager.InitGenesis(ctx, app.appCodec, genesisState) +} + +// LoadHeight loads a particular height +func (app *SimApp) + +LoadHeight(height int64) + +error { + return app.LoadVersion(height) +} + +// LegacyAmino returns SimApp's amino codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +LegacyAmino() *codec.LegacyAmino { + return app.legacyAmino +} + +// AppCodec returns SimApp's app codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +AppCodec() + +codec.Codec { + return app.appCodec +} + +// InterfaceRegistry returns SimApp's InterfaceRegistry +func (app *SimApp) + +InterfaceRegistry() + +types.InterfaceRegistry { + return app.interfaceRegistry +} + +// TxConfig returns SimApp's TxConfig +func (app *SimApp) + +TxConfig() + +client.TxConfig { + return app.txConfig +} + +// AutoCliOpts returns the autocli options for the app. +func (app *SimApp) + +AutoCliOpts() + +autocli.AppOptions { + modules := make(map[string]appmodule.AppModule, 0) + for _, m := range app.ModuleManager.Modules { + if moduleWithName, ok := m.(module.HasName); ok { + moduleName := moduleWithName.Name() + if appModule, ok := moduleWithName.(appmodule.AppModule); ok { + modules[moduleName] = appModule +} + +} + +} + +return autocli.AppOptions{ + Modules: modules, + ModuleOptions: runtimeservices.ExtractAutoCLIOptions(app.ModuleManager.Modules), + AddressCodec: authcodec.NewBech32Codec(sdk.GetConfig().GetBech32AccountAddrPrefix()), + ValidatorAddressCodec: authcodec.NewBech32Codec(sdk.GetConfig().GetBech32ValidatorAddrPrefix()), + ConsensusAddressCodec: authcodec.NewBech32Codec(sdk.GetConfig().GetBech32ConsensusAddrPrefix()), +} +} + +// DefaultGenesis returns a default genesis from the registered AppModuleBasic's. +func (a *SimApp) + +DefaultGenesis() + +map[string]json.RawMessage { + return a.BasicModuleManager.DefaultGenesis(a.appCodec) +} + +// GetKey returns the KVStoreKey for the provided store key. +// +// NOTE: This is solely to be used for testing purposes. +func (app *SimApp) + +GetKey(storeKey string) *storetypes.KVStoreKey { + return app.keys[storeKey] +} + +// GetStoreKeys returns all the stored store keys. +func (app *SimApp) + +GetStoreKeys() []storetypes.StoreKey { + keys := make([]storetypes.StoreKey, 0, len(app.keys)) + for _, key := range app.keys { + keys = append(keys, key) +} + +return keys +} + +// SimulationManager implements the SimulationApp interface +func (app *SimApp) + +SimulationManager() *module.SimulationManager { + return app.sm +} + +// RegisterAPIRoutes registers all application module routes with the provided +// API server. +func (app *SimApp) + +RegisterAPIRoutes(apiSvr *api.Server, apiConfig config.APIConfig) { + clientCtx := apiSvr.ClientCtx + // Register new tx routes from grpc-gateway. + authtx.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // Register new CometBFT queries routes from grpc-gateway. + cmtservice.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // Register node gRPC service for grpc-gateway. + nodeservice.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // Register grpc-gateway routes for all modules. + app.BasicModuleManager.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // register swagger API from root so that other applications can override easily + if err := server.RegisterSwaggerAPI(apiSvr.ClientCtx, apiSvr.Router, apiConfig.Swagger); err != nil { + panic(err) +} +} + +// RegisterTxService implements the Application.RegisterTxService method. +func (app *SimApp) + +RegisterTxService(clientCtx client.Context) { + authtx.RegisterTxService(app.BaseApp.GRPCQueryRouter(), clientCtx, app.BaseApp.Simulate, app.interfaceRegistry) +} + +// RegisterTendermintService implements the Application.RegisterTendermintService method. +func (app *SimApp) + +RegisterTendermintService(clientCtx client.Context) { + cmtApp := server.NewCometABCIWrapper(app) + +cmtservice.RegisterTendermintService( + clientCtx, + app.BaseApp.GRPCQueryRouter(), + app.interfaceRegistry, + cmtApp.Query, + ) +} + +func (app *SimApp) + +RegisterNodeService(clientCtx client.Context, cfg config.Config) { + nodeservice.RegisterNodeService(clientCtx, app.GRPCQueryRouter(), cfg) +} + +// GetMaccPerms returns a copy of the module account permissions +// +// NOTE: This is solely to be used for testing purposes. +func GetMaccPerms() + +map[string][]string { + return maps.Clone(maccPerms) +} + +// BlockedAddresses returns all the app's blocked account addresses. +func BlockedAddresses() + +map[string]bool { + modAccAddrs := make(map[string]bool) + for acc := range GetMaccPerms() { + modAccAddrs[authtypes.NewModuleAddress(acc).String()] = true +} + + // allow the following addresses to receive funds + delete(modAccAddrs, authtypes.NewModuleAddress(govtypes.ModuleName).String()) + +return modAccAddrs +} +``` + +The following diagram shows the current dependencies between keepers. + +![Keeper dependencies](https://raw.githubusercontent.com/cosmos/cosmos-sdk/release/v0.46.x/docs/uml/svg/keeper_dependencies.svg) diff --git a/docs/sdk/next/learn/advanced/proto-docs.mdx b/docs/sdk/next/learn/advanced/proto-docs.mdx new file mode 100644 index 00000000..57eaab93 --- /dev/null +++ b/docs/sdk/next/learn/advanced/proto-docs.mdx @@ -0,0 +1,5 @@ +--- +title: Protobuf Documentation +description: See Cosmos SDK Buf Proto-docs +--- +See [Cosmos SDK Buf Proto-docs](https://buf.build/cosmos/cosmos-sdk/docs/main) diff --git a/docs/sdk/next/learn/advanced/runtx_middleware.mdx b/docs/sdk/next/learn/advanced/runtx_middleware.mdx new file mode 100644 index 00000000..ec31b2e7 --- /dev/null +++ b/docs/sdk/next/learn/advanced/runtx_middleware.mdx @@ -0,0 +1,178 @@ +--- +title: RunTx recovery middleware +--- +`BaseApp.runTx()` function handles Go panics that might occur during transactions execution, for example, keeper has faced an invalid state and panicked. +Depending on the panic type different handler is used, for instance the default one prints an error log message. +Recovery middleware is used to add custom panic recovery for Cosmos SDK application developers. + +More context can found in the corresponding [ADR-022](/docs/sdk/vnext/build/architecture/adr-022-custom-panic-handling) and the implementation in [recovery.go](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/baseapp/recovery.go). + +## Interface + +```go expandable +package baseapp + +import ( + + "fmt" + "runtime/debug" + + errorsmod "cosmossdk.io/errors" + storetypes "cosmossdk.io/store/types" + + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" +) + +// RecoveryHandler handles recovery() + +object. +// Return a non-nil error if recoveryObj was processed. +// Return nil if recoveryObj was not processed. +type RecoveryHandler func(recoveryObj interface{ +}) + +error + +// recoveryMiddleware is wrapper for RecoveryHandler to create chained recovery handling. +// returns (recoveryMiddleware, nil) + if recoveryObj was not processed and should be passed to the next middleware in chain. +// returns (nil, error) + if recoveryObj was processed and middleware chain processing should be stopped. +type recoveryMiddleware func(recoveryObj interface{ +}) (recoveryMiddleware, error) + +// processRecovery processes recoveryMiddleware chain for recovery() + +object. +// Chain processing stops on non-nil error or when chain is processed. +func processRecovery(recoveryObj interface{ +}, middleware recoveryMiddleware) + +error { + if middleware == nil { + return nil +} + +next, err := middleware(recoveryObj) + if err != nil { + return err +} + +return processRecovery(recoveryObj, next) +} + +// newRecoveryMiddleware creates a RecoveryHandler middleware. +func newRecoveryMiddleware(handler RecoveryHandler, next recoveryMiddleware) + +recoveryMiddleware { + return func(recoveryObj interface{ +}) (recoveryMiddleware, error) { + if err := handler(recoveryObj); err != nil { + return nil, err +} + +return next, nil +} +} + +// newOutOfGasRecoveryMiddleware creates a standard OutOfGas recovery middleware for app.runTx method. +func newOutOfGasRecoveryMiddleware(gasWanted uint64, ctx sdk.Context, next recoveryMiddleware) + +recoveryMiddleware { + handler := func(recoveryObj interface{ +}) + +error { + err, ok := recoveryObj.(storetypes.ErrorOutOfGas) + if !ok { + return nil +} + +return errorsmod.Wrap( + sdkerrors.ErrOutOfGas, fmt.Sprintf( + "out of gas in location: %v; gasWanted: %d, gasUsed: %d", + err.Descriptor, gasWanted, ctx.GasMeter().GasConsumed(), + ), + ) +} + +return newRecoveryMiddleware(handler, next) +} + +// newDefaultRecoveryMiddleware creates a default (last in chain) + +recovery middleware for app.runTx method. +func newDefaultRecoveryMiddleware() + +recoveryMiddleware { + handler := func(recoveryObj interface{ +}) + +error { + return errorsmod.Wrap( + sdkerrors.ErrPanic, fmt.Sprintf( + "recovered: %v\nstack:\n%v", recoveryObj, string(debug.Stack()), + ), + ) +} + +return newRecoveryMiddleware(handler, nil) +} +``` + +`recoveryObj` is a return value for `recover()` function from the `building` Go package. + +**Contract:** + +* RecoveryHandler returns `nil` if `recoveryObj` wasn't handled and should be passed to the next recovery middleware; +* RecoveryHandler returns a non-nil `error` if `recoveryObj` was handled; + +## Custom RecoveryHandler register + +`BaseApp.AddRunTxRecoveryHandler(handlers ...RecoveryHandler)` + +BaseApp method adds recovery middleware to the default recovery chain. + +## Example + +Lets assume we want to emit the "Consensus failure" chain state if some particular error occurred. + +We have a module keeper that panics: + +```go +func (k FooKeeper) + +Do(obj interface{ +}) { + if obj == nil { + // that shouldn't happen, we need to crash the app + err := errorsmod.Wrap(fooTypes.InternalError, "obj is nil") + +panic(err) +} +} +``` + +By default that panic would be recovered and an error message will be printed to log. To override that behavior we should register a custom RecoveryHandler: + +```go expandable +// Cosmos SDK application constructor + customHandler := func(recoveryObj interface{ +}) + +error { + err, ok := recoveryObj.(error) + if !ok { + return nil +} + if fooTypes.InternalError.Is(err) { + panic(fmt.Errorf("FooKeeper did panic with error: %w", err)) +} + +return nil +} + baseApp := baseapp.NewBaseApp(...) + +baseApp.AddRunTxRecoveryHandler(customHandler) +``` diff --git a/docs/sdk/next/learn/advanced/simulation.mdx b/docs/sdk/next/learn/advanced/simulation.mdx new file mode 100644 index 00000000..1130221e --- /dev/null +++ b/docs/sdk/next/learn/advanced/simulation.mdx @@ -0,0 +1,94 @@ +--- +title: Cosmos Blockchain Simulator +description: >- + The Cosmos SDK offers a full fledged simulation framework to fuzz test every + message defined by a module. +--- +The Cosmos SDK offers a full fledged simulation framework to fuzz test every +message defined by a module. + +On the Cosmos SDK, this functionality is provided by [`SimApp`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/simapp/app_di.go), which is a +`Baseapp` application that is used for running the [`simulation`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/simulation) module. +This module defines all the simulation logic as well as the operations for +randomized parameters like accounts, balances etc. + +## Goals + +The blockchain simulator tests how the blockchain application would behave under +real life circumstances by generating and sending randomized messages. +The goal of this is to detect and debug failures that could halt a live chain, +by providing logs and statistics about the operations run by the simulator as +well as exporting the latest application state when a failure was found. + +Its main difference with integration testing is that the simulator app allows +you to pass parameters to customize the chain that's being simulated. +This comes in handy when trying to reproduce bugs that were generated in the +provided operations (randomized or not). + +## Simulation commands + +The simulation app has different commands, each of which tests a different +failure type: + +* `AppImportExport`: The simulator exports the initial app state and then it + creates a new app with the exported `genesis.json` as an input, checking for + inconsistencies between the stores. +* `AppSimulationAfterImport`: Queues two simulations together. The first one provides the app state (*i.e* genesis) to the second. Useful to test software upgrades or hard-forks from a live chain. +* `AppStateDeterminism`: Checks that all the nodes return the same values, in the same order. +* `FullAppSimulation`: General simulation mode. Runs the chain and the specified operations for a given number of blocks. Tests that there're no `panics` on the simulation. + +Each simulation must receive a set of inputs (*i.e* flags) such as the number of +blocks that the simulation is run, seed, block size, etc. +Check the full list of flags [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/simulation/client/cli/flags.go#L43-L70). + +## Simulator Modes + +In addition to the various inputs and commands, the simulator runs in three modes: + +1. Completely random where the initial state, module parameters and simulation + parameters are **pseudo-randomly generated**. +2. From a `genesis.json` file where the initial state and the module parameters are defined. + This mode is helpful for running simulations on a known state such as a live network export where a new (mostly likely breaking) version of the application needs to be tested. +3. From a `params.json` file where the initial state is pseudo-randomly generated but the module and simulation parameters can be provided manually. + This allows for a more controlled and deterministic simulation setup while allowing the state space to still be pseudo-randomly simulated. + The list of available parameters are listed [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/simulation/client/cli/flags.go#L72-L90). + + +These modes are not mutually exclusive. So you can for example run a randomly +generated genesis state (`1`) with manually generated simulation params (`3`). + + +## Usage + +This is a general example of how simulations are run. For more specific examples +check the Cosmos SDK [Makefile](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/Makefile#L285-L320). + +```bash + $ go test -mod=readonly github.com/cosmos/cosmos-sdk/simapp \ + -run=TestApp \ + ... + -v -timeout 24h +``` + +## Debugging Tips + +Here are some suggestions when encountering a simulation failure: + +* Export the app state at the height where the failure was found. You can do this + by passing the `-ExportStatePath` flag to the simulator. +* Use `-Verbose` logs. They could give you a better hint on all the operations + involved. +* Try using another `-Seed`. If it can reproduce the same error and if it fails + sooner, you will spend less time running the simulations. +* Reduce the `-NumBlocks` . How's the app state at the height previous to the + failure? +* Try adding logs to operations that are not logged. You will have to define a + [Logger](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/x/staking/keeper/keeper.go#L77-L81) on your `Keeper`. + +## Use simulation in your Cosmos SDK-based application + +Learn how you can build the simulation into your Cosmos SDK-based application: + +* Application Simulation Manager +* [Building modules: Simulator](/docs/sdk/vnext/build/building-modules/simulator) +* Simulator tests diff --git a/docs/sdk/next/learn/advanced/store.mdx b/docs/sdk/next/learn/advanced/store.mdx new file mode 100644 index 00000000..609efdb7 --- /dev/null +++ b/docs/sdk/next/learn/advanced/store.mdx @@ -0,0 +1,11855 @@ +--- +title: Store +--- + +**Synopsis** +A store is a data structure that holds the state of the application. + + + +**Pre-requisite Readings** + +* [Anatomy of a Cosmos SDK application](/docs/sdk/vnext/learn/beginner/app-anatomy) + + + +## Introduction to Cosmos SDK Stores + +The Cosmos SDK comes with a large set of stores to persist the state of applications. By default, the main store of Cosmos SDK applications is a `multistore`, i.e. a store of stores. Developers can add any number of key-value stores to the multistore, depending on their application needs. The multistore exists to support the modularity of the Cosmos SDK, as it lets each module declare and manage their own subset of the state. Key-value stores in the multistore can only be accessed with a specific capability `key`, which is typically held in the [`keeper`](/docs/sdk/vnext/build/building-modules/keeper) of the module that declared the store. + +```text expandable ++-----------------------------------------------------+ +| | +| +--------------------------------------------+ | +| | | | +| | KVStore 1 - Manage by keeper of Module 1 | +| | | | +| +--------------------------------------------+ | +| | +| +--------------------------------------------+ | +| | | | +| | KVStore 2 - Manage by keeper of Module 2 | | +| | | | +| +--------------------------------------------+ | +| | +| +--------------------------------------------+ | +| | | | +| | KVStore 3 - Manage by keeper of Module 2 | | +| | | | +| +--------------------------------------------+ | +| | +| +--------------------------------------------+ | +| | | | +| | KVStore 4 - Manage by keeper of Module 3 | | +| | | | +| +--------------------------------------------+ | +| | +| +--------------------------------------------+ | +| | | | +| | KVStore 5 - Manage by keeper of Module 4 | | +| | | | +| +--------------------------------------------+ | +| | +| Main Multistore | +| | ++-----------------------------------------------------+ + + Application's State +``` + +### Store Interface + +At its very core, a Cosmos SDK `store` is an object that holds a `CacheWrapper` and has a `GetStoreType()` method: + +```go expandable +package types + +import ( + + "fmt" + "io" + "maps" + "slices" + "github.com/cometbft/cometbft/proto/tendermint/crypto" + dbm "github.com/cosmos/cosmos-db" + "cosmossdk.io/store/metrics" + pruningtypes "cosmossdk.io/store/pruning/types" + snapshottypes "cosmossdk.io/store/snapshots/types" +) + +type Store interface { + GetStoreType() + +StoreType + CacheWrapper +} + +// something that can persist to disk +type Committer interface { + Commit() + +CommitID + LastCommitID() + +CommitID + + // WorkingHash returns the hash of the KVStore's state before commit. + WorkingHash() []byte + + SetPruning(pruningtypes.PruningOptions) + +GetPruning() + +pruningtypes.PruningOptions +} + +// Stores of MultiStore must implement CommitStore. +type CommitStore interface { + Committer + Store +} + +// Queryable allows a Store to expose internal state to the abci.Query +// interface. Multistore can route requests to the proper Store. +// +// This is an optional, but useful extension to any CommitStore +type Queryable interface { + Query(*RequestQuery) (*ResponseQuery, error) +} + +type RequestQuery struct { + Data []byte + Path string + Height int64 + Prove bool +} + +type ResponseQuery struct { + Code uint32 + Log string + Info string + Index int64 + Key []byte + Value []byte + ProofOps *crypto.ProofOps + Height int64 + Codespace string +} + +//---------------------------------------- +// MultiStore + +// StoreUpgrades defines a series of transformations to apply the multistore db upon load +type StoreUpgrades struct { + Added []string `json:"added"` + Renamed []StoreRename `json:"renamed"` + Deleted []string `json:"deleted"` +} + +// StoreRename defines a name change of a sub-store. +// All data previously under a PrefixStore with OldKey will be copied +// to a PrefixStore with NewKey, then deleted from OldKey store. +type StoreRename struct { + OldKey string `json:"old_key"` + NewKey string `json:"new_key"` +} + +// IsAdded returns true if the given key should be added +func (s *StoreUpgrades) + +IsAdded(key string) + +bool { + if s == nil { + return false +} + +return slices.Contains(s.Added, key) +} + +// IsDeleted returns true if the given key should be deleted +func (s *StoreUpgrades) + +IsDeleted(key string) + +bool { + if s == nil { + return false +} + +return slices.Contains(s.Deleted, key) +} + +// RenamedFrom returns the oldKey if it was renamed +// Returns "" if it was not renamed +func (s *StoreUpgrades) + +RenamedFrom(key string) + +string { + if s == nil { + return "" +} + for _, re := range s.Renamed { + if re.NewKey == key { + return re.OldKey +} + +} + +return "" +} + +type MultiStore interface { + Store + + // Branches MultiStore into a cached storage object. + // NOTE: Caller should probably not call .Write() + +on each, but + // call CacheMultiStore.Write(). + CacheMultiStore() + +CacheMultiStore + + // CacheMultiStoreWithVersion branches the underlying MultiStore where + // each stored is loaded at a specific version (height). + CacheMultiStoreWithVersion(version int64) (CacheMultiStore, error) + + // Convenience for fetching substores. + // If the store does not exist, panics. + GetStore(StoreKey) + +Store + GetKVStore(StoreKey) + +KVStore + + // TracingEnabled returns if tracing is enabled for the MultiStore. + TracingEnabled() + +bool + + // SetTracer sets the tracer for the MultiStore that the underlying + // stores will utilize to trace operations. The modified MultiStore is + // returned. + SetTracer(w io.Writer) + +MultiStore + + // SetTracingContext sets the tracing context for a MultiStore. It is + // implied that the caller should update the context when necessary between + // tracing operations. The modified MultiStore is returned. + SetTracingContext(TraceContext) + +MultiStore + + // LatestVersion returns the latest version in the store + LatestVersion() + +int64 +} + +// From MultiStore.CacheMultiStore().... +type CacheMultiStore interface { + MultiStore + Write() // Writes operations to underlying KVStore +} + +// CommitMultiStore is an interface for a MultiStore without cache capabilities. +type CommitMultiStore interface { + Committer + MultiStore + snapshottypes.Snapshotter + + // Mount a store of type using the given db. + // If db == nil, the new store will use the CommitMultiStore db. + MountStoreWithDB(key StoreKey, typ StoreType, db dbm.DB) + + // Panics on a nil key. + GetCommitStore(key StoreKey) + +CommitStore + + // Panics on a nil key. + GetCommitKVStore(key StoreKey) + +CommitKVStore + + // Load the latest persisted version. Called once after all calls to + // Mount*Store() + +are complete. + LoadLatestVersion() + +error + + // LoadLatestVersionAndUpgrade will load the latest version, but also + // rename/delete/create sub-store keys, before registering all the keys + // in order to handle breaking formats in migrations + LoadLatestVersionAndUpgrade(upgrades *StoreUpgrades) + +error + + // LoadVersionAndUpgrade will load the named version, but also + // rename/delete/create sub-store keys, before registering all the keys + // in order to handle breaking formats in migrations + LoadVersionAndUpgrade(ver int64, upgrades *StoreUpgrades) + +error + + // Load a specific persisted version. When you load an old version, or when + // the last commit attempt didn't complete, the next commit after loading + // must be idempotent (return the same commit id). Otherwise the behavior is + // undefined. + LoadVersion(ver int64) + +error + + // Set an inter-block (persistent) + +cache that maintains a mapping from + // StoreKeys to CommitKVStores. + SetInterBlockCache(MultiStorePersistentCache) + + // SetInitialVersion sets the initial version of the IAVL tree. It is used when + // starting a new chain at an arbitrary height. + SetInitialVersion(version int64) + +error + + // SetIAVLCacheSize sets the cache size of the IAVL tree. + SetIAVLCacheSize(size int) + + // SetIAVLDisableFastNode enables/disables fastnode feature on iavl. + SetIAVLDisableFastNode(disable bool) + + // SetIAVLSyncPruning set sync/async pruning on iavl. + // It is not recommended to use this option. + // It is here to enable the prune command to force this to true, allowing the command to wait + // for the pruning to finish before returning. + SetIAVLSyncPruning(sync bool) + + // RollbackToVersion rollback the db to specific version(height). + RollbackToVersion(version int64) + +error + + // ListeningEnabled returns if listening is enabled for the KVStore belonging the provided StoreKey + ListeningEnabled(key StoreKey) + +bool + + // AddListeners adds a listener for the KVStore belonging to the provided StoreKey + AddListeners(keys []StoreKey) + + // PopStateCache returns the accumulated state change messages from the CommitMultiStore + PopStateCache() []*StoreKVPair + + // SetMetrics sets the metrics for the KVStore + SetMetrics(metrics metrics.StoreMetrics) +} + +//---------subsp------------------------------- +// KVStore + +// BasicKVStore is a simple interface to get/set data +type BasicKVStore interface { + // Get returns nil if key doesn't exist. Panics on nil key. + Get(key []byte) []byte + + // Has checks if a key exists. Panics on nil key. + Has(key []byte) + +bool + + // Set sets the key. Panics on nil key or value. + Set(key, value []byte) + + // Delete deletes the key. Panics on nil key. + Delete(key []byte) +} + +// KVStore additionally provides iteration and deletion +type KVStore interface { + Store + BasicKVStore + + // Iterator over a domain of keys in ascending order. End is exclusive. + // Start must be less than end, or the Iterator is invalid. + // Iterator must be closed by caller. + // To iterate over entire domain, use store.Iterator(nil, nil) + // CONTRACT: No writes may happen within a domain while an iterator exists over it. + // Exceptionally allowed for cachekv.Store, safe to write in the modules. + Iterator(start, end []byte) + +Iterator + + // Iterator over a domain of keys in descending order. End is exclusive. + // Start must be less than end, or the Iterator is invalid. + // Iterator must be closed by caller. + // CONTRACT: No writes may happen within a domain while an iterator exists over it. + // Exceptionally allowed for cachekv.Store, safe to write in the modules. + ReverseIterator(start, end []byte) + +Iterator +} + +// Iterator is an alias db's Iterator for convenience. +type Iterator = dbm.Iterator + +// CacheKVStore branches a KVStore and provides read cache functionality. +// After calling .Write() + +on the CacheKVStore, all previously created +// CacheKVStores on the object expire. +type CacheKVStore interface { + KVStore + + // Writes operations to underlying KVStore + Write() +} + +// CommitKVStore is an interface for MultiStore. +type CommitKVStore interface { + Committer + KVStore +} + +//---------------------------------------- +// CacheWrap + +// CacheWrap is the most appropriate interface for store ephemeral branching and cache. +// For example, IAVLStore.CacheWrap() + +returns a CacheKVStore. CacheWrap should not return +// a Committer, since Commit ephemeral store make no sense. It can return KVStore, +// HeapStore, SpaceStore, etc. +type CacheWrap interface { + // Write syncs with the underlying store. + Write() + + // CacheWrap recursively wraps again. + CacheWrap() + +CacheWrap + + // CacheWrapWithTrace recursively wraps again with tracing enabled. + CacheWrapWithTrace(w io.Writer, tc TraceContext) + +CacheWrap +} + +type CacheWrapper interface { + // CacheWrap branches a store. + CacheWrap() + +CacheWrap + + // CacheWrapWithTrace branches a store with tracing enabled. + CacheWrapWithTrace(w io.Writer, tc TraceContext) + +CacheWrap +} + +func (cid CommitID) + +IsZero() + +bool { + return cid.Version == 0 && len(cid.Hash) == 0 +} + +func (cid CommitID) + +String() + +string { + return fmt.Sprintf("CommitID{%v:%X +}", cid.Hash, cid.Version) +} + +//---------------------------------------- +// Store types + +// kind of store +type StoreType int + +const ( + StoreTypeMulti StoreType = iota + StoreTypeDB + StoreTypeIAVL + StoreTypeTransient + StoreTypeMemory + StoreTypeSMT + StoreTypePersistent +) + +func (st StoreType) + +String() + +string { + switch st { + case StoreTypeMulti: + return "StoreTypeMulti" + case StoreTypeDB: + return "StoreTypeDB" + case StoreTypeIAVL: + return "StoreTypeIAVL" + case StoreTypeTransient: + return "StoreTypeTransient" + case StoreTypeMemory: + return "StoreTypeMemory" + case StoreTypeSMT: + return "StoreTypeSMT" + case StoreTypePersistent: + return "StoreTypePersistent" +} + +return "unknown store type" +} + +//---------------------------------------- +// Keys for accessing substores + +// StoreKey is a key used to index stores in a MultiStore. +type StoreKey interface { + Name() + +string + String() + +string +} + +// CapabilityKey represent the Cosmos SDK keys for object-capability +// generation in the IBC protocol as defined in https://github.com/cosmos/ibc/tree/master/spec/core/ics-005-port-allocation#data-structures +type CapabilityKey StoreKey + +// KVStoreKey is used for accessing substores. +// Only the pointer value should ever be used - it functions as a capabilities key. +type KVStoreKey struct { + name string +} + +// NewKVStoreKey returns a new pointer to a KVStoreKey. +// Use a pointer so keys don't collide. +func NewKVStoreKey(name string) *KVStoreKey { + if name == "" { + panic("empty key name not allowed") +} + +return &KVStoreKey{ + name: name, +} +} + +// NewKVStoreKeys returns a map of new pointers to KVStoreKey's. +// The function will panic if there is a potential conflict in names (see `assertNoPrefix` +// function for more details). +func NewKVStoreKeys(names ...string) + +map[string]*KVStoreKey { + assertNoCommonPrefix(names) + keys := make(map[string]*KVStoreKey, len(names)) + for _, n := range names { + keys[n] = NewKVStoreKey(n) +} + +return keys +} + +func (key *KVStoreKey) + +Name() + +string { + return key.name +} + +func (key *KVStoreKey) + +String() + +string { + return fmt.Sprintf("KVStoreKey{%p, %s +}", key, key.name) +} + +// TransientStoreKey is used for indexing transient stores in a MultiStore +type TransientStoreKey struct { + name string +} + +// Constructs new TransientStoreKey +// Must return a pointer according to the ocap principle +func NewTransientStoreKey(name string) *TransientStoreKey { + return &TransientStoreKey{ + name: name, +} +} + +// Implements StoreKey +func (key *TransientStoreKey) + +Name() + +string { + return key.name +} + +// Implements StoreKey +func (key *TransientStoreKey) + +String() + +string { + return fmt.Sprintf("TransientStoreKey{%p, %s +}", key, key.name) +} + +// MemoryStoreKey defines a typed key to be used with an in-memory KVStore. +type MemoryStoreKey struct { + name string +} + +func NewMemoryStoreKey(name string) *MemoryStoreKey { + return &MemoryStoreKey{ + name: name +} +} + +// Name returns the name of the MemoryStoreKey. +func (key *MemoryStoreKey) + +Name() + +string { + return key.name +} + +// String returns a stringified representation of the MemoryStoreKey. +func (key *MemoryStoreKey) + +String() + +string { + return fmt.Sprintf("MemoryStoreKey{%p, %s +}", key, key.name) +} + +//---------------------------------------- + +// TraceContext contains TraceKVStore context data. It will be written with +// every trace operation. +type TraceContext map[string]interface{ +} + +// Clone clones tc into another instance of TraceContext. +func (tc TraceContext) + +Clone() + +TraceContext { + ret := TraceContext{ +} + +maps.Copy(ret, tc) + +return ret +} + +// Merge merges value of newTc into tc. +func (tc TraceContext) + +Merge(newTc TraceContext) + +TraceContext { + if tc == nil { + tc = TraceContext{ +} + +} + +maps.Copy(tc, newTc) + +return tc +} + +// MultiStorePersistentCache defines an interface which provides inter-block +// (persistent) + +caching capabilities for multiple CommitKVStores based on StoreKeys. +type MultiStorePersistentCache interface { + // Wrap and return the provided CommitKVStore with an inter-block (persistent) + // cache. + GetStoreCache(key StoreKey, store CommitKVStore) + +CommitKVStore + + // Return the underlying CommitKVStore for a StoreKey. + Unwrap(key StoreKey) + +CommitKVStore + + // Reset the entire set of internal caches. + Reset() +} + +// StoreWithInitialVersion is a store that can have an arbitrary initial +// version. +type StoreWithInitialVersion interface { + // SetInitialVersion sets the initial version of the IAVL tree. It is used when + // starting a new chain at an arbitrary height. + SetInitialVersion(version int64) +} + +// NewTransientStoreKeys constructs a new map of TransientStoreKey's +// Must return pointers according to the ocap principle +// The function will panic if there is a potential conflict in names +// see `assertNoCommonPrefix` function for more details. +func NewTransientStoreKeys(names ...string) + +map[string]*TransientStoreKey { + assertNoCommonPrefix(names) + keys := make(map[string]*TransientStoreKey) + for _, n := range names { + keys[n] = NewTransientStoreKey(n) +} + +return keys +} + +// NewMemoryStoreKeys constructs a new map matching store key names to their +// respective MemoryStoreKey references. +// The function will panic if there is a potential conflict in names (see `assertNoPrefix` +// function for more details). +func NewMemoryStoreKeys(names ...string) + +map[string]*MemoryStoreKey { + assertNoCommonPrefix(names) + keys := make(map[string]*MemoryStoreKey) + for _, n := range names { + keys[n] = NewMemoryStoreKey(n) +} + +return keys +} +``` + +The `GetStoreType` is a simple method that returns the type of store, whereas a `CacheWrapper` is a simple interface that implements store read caching and write branching through `Write` method: + +```go expandable +package types + +import ( + + "fmt" + "io" + "maps" + "slices" + "github.com/cometbft/cometbft/proto/tendermint/crypto" + dbm "github.com/cosmos/cosmos-db" + "cosmossdk.io/store/metrics" + pruningtypes "cosmossdk.io/store/pruning/types" + snapshottypes "cosmossdk.io/store/snapshots/types" +) + +type Store interface { + GetStoreType() + +StoreType + CacheWrapper +} + +// something that can persist to disk +type Committer interface { + Commit() + +CommitID + LastCommitID() + +CommitID + + // WorkingHash returns the hash of the KVStore's state before commit. + WorkingHash() []byte + + SetPruning(pruningtypes.PruningOptions) + +GetPruning() + +pruningtypes.PruningOptions +} + +// Stores of MultiStore must implement CommitStore. +type CommitStore interface { + Committer + Store +} + +// Queryable allows a Store to expose internal state to the abci.Query +// interface. Multistore can route requests to the proper Store. +// +// This is an optional, but useful extension to any CommitStore +type Queryable interface { + Query(*RequestQuery) (*ResponseQuery, error) +} + +type RequestQuery struct { + Data []byte + Path string + Height int64 + Prove bool +} + +type ResponseQuery struct { + Code uint32 + Log string + Info string + Index int64 + Key []byte + Value []byte + ProofOps *crypto.ProofOps + Height int64 + Codespace string +} + +//---------------------------------------- +// MultiStore + +// StoreUpgrades defines a series of transformations to apply the multistore db upon load +type StoreUpgrades struct { + Added []string `json:"added"` + Renamed []StoreRename `json:"renamed"` + Deleted []string `json:"deleted"` +} + +// StoreRename defines a name change of a sub-store. +// All data previously under a PrefixStore with OldKey will be copied +// to a PrefixStore with NewKey, then deleted from OldKey store. +type StoreRename struct { + OldKey string `json:"old_key"` + NewKey string `json:"new_key"` +} + +// IsAdded returns true if the given key should be added +func (s *StoreUpgrades) + +IsAdded(key string) + +bool { + if s == nil { + return false +} + +return slices.Contains(s.Added, key) +} + +// IsDeleted returns true if the given key should be deleted +func (s *StoreUpgrades) + +IsDeleted(key string) + +bool { + if s == nil { + return false +} + +return slices.Contains(s.Deleted, key) +} + +// RenamedFrom returns the oldKey if it was renamed +// Returns "" if it was not renamed +func (s *StoreUpgrades) + +RenamedFrom(key string) + +string { + if s == nil { + return "" +} + for _, re := range s.Renamed { + if re.NewKey == key { + return re.OldKey +} + +} + +return "" +} + +type MultiStore interface { + Store + + // Branches MultiStore into a cached storage object. + // NOTE: Caller should probably not call .Write() + +on each, but + // call CacheMultiStore.Write(). + CacheMultiStore() + +CacheMultiStore + + // CacheMultiStoreWithVersion branches the underlying MultiStore where + // each stored is loaded at a specific version (height). + CacheMultiStoreWithVersion(version int64) (CacheMultiStore, error) + + // Convenience for fetching substores. + // If the store does not exist, panics. + GetStore(StoreKey) + +Store + GetKVStore(StoreKey) + +KVStore + + // TracingEnabled returns if tracing is enabled for the MultiStore. + TracingEnabled() + +bool + + // SetTracer sets the tracer for the MultiStore that the underlying + // stores will utilize to trace operations. The modified MultiStore is + // returned. + SetTracer(w io.Writer) + +MultiStore + + // SetTracingContext sets the tracing context for a MultiStore. It is + // implied that the caller should update the context when necessary between + // tracing operations. The modified MultiStore is returned. + SetTracingContext(TraceContext) + +MultiStore + + // LatestVersion returns the latest version in the store + LatestVersion() + +int64 +} + +// From MultiStore.CacheMultiStore().... +type CacheMultiStore interface { + MultiStore + Write() // Writes operations to underlying KVStore +} + +// CommitMultiStore is an interface for a MultiStore without cache capabilities. +type CommitMultiStore interface { + Committer + MultiStore + snapshottypes.Snapshotter + + // Mount a store of type using the given db. + // If db == nil, the new store will use the CommitMultiStore db. + MountStoreWithDB(key StoreKey, typ StoreType, db dbm.DB) + + // Panics on a nil key. + GetCommitStore(key StoreKey) + +CommitStore + + // Panics on a nil key. + GetCommitKVStore(key StoreKey) + +CommitKVStore + + // Load the latest persisted version. Called once after all calls to + // Mount*Store() + +are complete. + LoadLatestVersion() + +error + + // LoadLatestVersionAndUpgrade will load the latest version, but also + // rename/delete/create sub-store keys, before registering all the keys + // in order to handle breaking formats in migrations + LoadLatestVersionAndUpgrade(upgrades *StoreUpgrades) + +error + + // LoadVersionAndUpgrade will load the named version, but also + // rename/delete/create sub-store keys, before registering all the keys + // in order to handle breaking formats in migrations + LoadVersionAndUpgrade(ver int64, upgrades *StoreUpgrades) + +error + + // Load a specific persisted version. When you load an old version, or when + // the last commit attempt didn't complete, the next commit after loading + // must be idempotent (return the same commit id). Otherwise the behavior is + // undefined. + LoadVersion(ver int64) + +error + + // Set an inter-block (persistent) + +cache that maintains a mapping from + // StoreKeys to CommitKVStores. + SetInterBlockCache(MultiStorePersistentCache) + + // SetInitialVersion sets the initial version of the IAVL tree. It is used when + // starting a new chain at an arbitrary height. + SetInitialVersion(version int64) + +error + + // SetIAVLCacheSize sets the cache size of the IAVL tree. + SetIAVLCacheSize(size int) + + // SetIAVLDisableFastNode enables/disables fastnode feature on iavl. + SetIAVLDisableFastNode(disable bool) + + // SetIAVLSyncPruning set sync/async pruning on iavl. + // It is not recommended to use this option. + // It is here to enable the prune command to force this to true, allowing the command to wait + // for the pruning to finish before returning. + SetIAVLSyncPruning(sync bool) + + // RollbackToVersion rollback the db to specific version(height). + RollbackToVersion(version int64) + +error + + // ListeningEnabled returns if listening is enabled for the KVStore belonging the provided StoreKey + ListeningEnabled(key StoreKey) + +bool + + // AddListeners adds a listener for the KVStore belonging to the provided StoreKey + AddListeners(keys []StoreKey) + + // PopStateCache returns the accumulated state change messages from the CommitMultiStore + PopStateCache() []*StoreKVPair + + // SetMetrics sets the metrics for the KVStore + SetMetrics(metrics metrics.StoreMetrics) +} + +//---------subsp------------------------------- +// KVStore + +// BasicKVStore is a simple interface to get/set data +type BasicKVStore interface { + // Get returns nil if key doesn't exist. Panics on nil key. + Get(key []byte) []byte + + // Has checks if a key exists. Panics on nil key. + Has(key []byte) + +bool + + // Set sets the key. Panics on nil key or value. + Set(key, value []byte) + + // Delete deletes the key. Panics on nil key. + Delete(key []byte) +} + +// KVStore additionally provides iteration and deletion +type KVStore interface { + Store + BasicKVStore + + // Iterator over a domain of keys in ascending order. End is exclusive. + // Start must be less than end, or the Iterator is invalid. + // Iterator must be closed by caller. + // To iterate over entire domain, use store.Iterator(nil, nil) + // CONTRACT: No writes may happen within a domain while an iterator exists over it. + // Exceptionally allowed for cachekv.Store, safe to write in the modules. + Iterator(start, end []byte) + +Iterator + + // Iterator over a domain of keys in descending order. End is exclusive. + // Start must be less than end, or the Iterator is invalid. + // Iterator must be closed by caller. + // CONTRACT: No writes may happen within a domain while an iterator exists over it. + // Exceptionally allowed for cachekv.Store, safe to write in the modules. + ReverseIterator(start, end []byte) + +Iterator +} + +// Iterator is an alias db's Iterator for convenience. +type Iterator = dbm.Iterator + +// CacheKVStore branches a KVStore and provides read cache functionality. +// After calling .Write() + +on the CacheKVStore, all previously created +// CacheKVStores on the object expire. +type CacheKVStore interface { + KVStore + + // Writes operations to underlying KVStore + Write() +} + +// CommitKVStore is an interface for MultiStore. +type CommitKVStore interface { + Committer + KVStore +} + +//---------------------------------------- +// CacheWrap + +// CacheWrap is the most appropriate interface for store ephemeral branching and cache. +// For example, IAVLStore.CacheWrap() + +returns a CacheKVStore. CacheWrap should not return +// a Committer, since Commit ephemeral store make no sense. It can return KVStore, +// HeapStore, SpaceStore, etc. +type CacheWrap interface { + // Write syncs with the underlying store. + Write() + + // CacheWrap recursively wraps again. + CacheWrap() + +CacheWrap + + // CacheWrapWithTrace recursively wraps again with tracing enabled. + CacheWrapWithTrace(w io.Writer, tc TraceContext) + +CacheWrap +} + +type CacheWrapper interface { + // CacheWrap branches a store. + CacheWrap() + +CacheWrap + + // CacheWrapWithTrace branches a store with tracing enabled. + CacheWrapWithTrace(w io.Writer, tc TraceContext) + +CacheWrap +} + +func (cid CommitID) + +IsZero() + +bool { + return cid.Version == 0 && len(cid.Hash) == 0 +} + +func (cid CommitID) + +String() + +string { + return fmt.Sprintf("CommitID{%v:%X +}", cid.Hash, cid.Version) +} + +//---------------------------------------- +// Store types + +// kind of store +type StoreType int + +const ( + StoreTypeMulti StoreType = iota + StoreTypeDB + StoreTypeIAVL + StoreTypeTransient + StoreTypeMemory + StoreTypeSMT + StoreTypePersistent +) + +func (st StoreType) + +String() + +string { + switch st { + case StoreTypeMulti: + return "StoreTypeMulti" + case StoreTypeDB: + return "StoreTypeDB" + case StoreTypeIAVL: + return "StoreTypeIAVL" + case StoreTypeTransient: + return "StoreTypeTransient" + case StoreTypeMemory: + return "StoreTypeMemory" + case StoreTypeSMT: + return "StoreTypeSMT" + case StoreTypePersistent: + return "StoreTypePersistent" +} + +return "unknown store type" +} + +//---------------------------------------- +// Keys for accessing substores + +// StoreKey is a key used to index stores in a MultiStore. +type StoreKey interface { + Name() + +string + String() + +string +} + +// CapabilityKey represent the Cosmos SDK keys for object-capability +// generation in the IBC protocol as defined in https://github.com/cosmos/ibc/tree/master/spec/core/ics-005-port-allocation#data-structures +type CapabilityKey StoreKey + +// KVStoreKey is used for accessing substores. +// Only the pointer value should ever be used - it functions as a capabilities key. +type KVStoreKey struct { + name string +} + +// NewKVStoreKey returns a new pointer to a KVStoreKey. +// Use a pointer so keys don't collide. +func NewKVStoreKey(name string) *KVStoreKey { + if name == "" { + panic("empty key name not allowed") +} + +return &KVStoreKey{ + name: name, +} +} + +// NewKVStoreKeys returns a map of new pointers to KVStoreKey's. +// The function will panic if there is a potential conflict in names (see `assertNoPrefix` +// function for more details). +func NewKVStoreKeys(names ...string) + +map[string]*KVStoreKey { + assertNoCommonPrefix(names) + keys := make(map[string]*KVStoreKey, len(names)) + for _, n := range names { + keys[n] = NewKVStoreKey(n) +} + +return keys +} + +func (key *KVStoreKey) + +Name() + +string { + return key.name +} + +func (key *KVStoreKey) + +String() + +string { + return fmt.Sprintf("KVStoreKey{%p, %s +}", key, key.name) +} + +// TransientStoreKey is used for indexing transient stores in a MultiStore +type TransientStoreKey struct { + name string +} + +// Constructs new TransientStoreKey +// Must return a pointer according to the ocap principle +func NewTransientStoreKey(name string) *TransientStoreKey { + return &TransientStoreKey{ + name: name, +} +} + +// Implements StoreKey +func (key *TransientStoreKey) + +Name() + +string { + return key.name +} + +// Implements StoreKey +func (key *TransientStoreKey) + +String() + +string { + return fmt.Sprintf("TransientStoreKey{%p, %s +}", key, key.name) +} + +// MemoryStoreKey defines a typed key to be used with an in-memory KVStore. +type MemoryStoreKey struct { + name string +} + +func NewMemoryStoreKey(name string) *MemoryStoreKey { + return &MemoryStoreKey{ + name: name +} +} + +// Name returns the name of the MemoryStoreKey. +func (key *MemoryStoreKey) + +Name() + +string { + return key.name +} + +// String returns a stringified representation of the MemoryStoreKey. +func (key *MemoryStoreKey) + +String() + +string { + return fmt.Sprintf("MemoryStoreKey{%p, %s +}", key, key.name) +} + +//---------------------------------------- + +// TraceContext contains TraceKVStore context data. It will be written with +// every trace operation. +type TraceContext map[string]interface{ +} + +// Clone clones tc into another instance of TraceContext. +func (tc TraceContext) + +Clone() + +TraceContext { + ret := TraceContext{ +} + +maps.Copy(ret, tc) + +return ret +} + +// Merge merges value of newTc into tc. +func (tc TraceContext) + +Merge(newTc TraceContext) + +TraceContext { + if tc == nil { + tc = TraceContext{ +} + +} + +maps.Copy(tc, newTc) + +return tc +} + +// MultiStorePersistentCache defines an interface which provides inter-block +// (persistent) + +caching capabilities for multiple CommitKVStores based on StoreKeys. +type MultiStorePersistentCache interface { + // Wrap and return the provided CommitKVStore with an inter-block (persistent) + // cache. + GetStoreCache(key StoreKey, store CommitKVStore) + +CommitKVStore + + // Return the underlying CommitKVStore for a StoreKey. + Unwrap(key StoreKey) + +CommitKVStore + + // Reset the entire set of internal caches. + Reset() +} + +// StoreWithInitialVersion is a store that can have an arbitrary initial +// version. +type StoreWithInitialVersion interface { + // SetInitialVersion sets the initial version of the IAVL tree. It is used when + // starting a new chain at an arbitrary height. + SetInitialVersion(version int64) +} + +// NewTransientStoreKeys constructs a new map of TransientStoreKey's +// Must return pointers according to the ocap principle +// The function will panic if there is a potential conflict in names +// see `assertNoCommonPrefix` function for more details. +func NewTransientStoreKeys(names ...string) + +map[string]*TransientStoreKey { + assertNoCommonPrefix(names) + keys := make(map[string]*TransientStoreKey) + for _, n := range names { + keys[n] = NewTransientStoreKey(n) +} + +return keys +} + +// NewMemoryStoreKeys constructs a new map matching store key names to their +// respective MemoryStoreKey references. +// The function will panic if there is a potential conflict in names (see `assertNoPrefix` +// function for more details). +func NewMemoryStoreKeys(names ...string) + +map[string]*MemoryStoreKey { + assertNoCommonPrefix(names) + keys := make(map[string]*MemoryStoreKey) + for _, n := range names { + keys[n] = NewMemoryStoreKey(n) +} + +return keys +} +``` + +Branching and cache is used ubiquitously in the Cosmos SDK and required to be implemented on every store type. A storage branch creates an isolated, ephemeral branch of a store that can be passed around and updated without affecting the main underlying store. This is used to trigger temporary state-transitions that may be reverted later should an error occur. Read more about it in [context](/docs/sdk/vnext/learn/advanced/context#Store-branching) + +### Commit Store + +A commit store is a store that has the ability to commit changes made to the underlying tree or db. The Cosmos SDK differentiates simple stores from commit stores by extending the basic store interfaces with a `Committer`: + +```go expandable +package types + +import ( + + "fmt" + "io" + "maps" + "slices" + "github.com/cometbft/cometbft/proto/tendermint/crypto" + dbm "github.com/cosmos/cosmos-db" + "cosmossdk.io/store/metrics" + pruningtypes "cosmossdk.io/store/pruning/types" + snapshottypes "cosmossdk.io/store/snapshots/types" +) + +type Store interface { + GetStoreType() + +StoreType + CacheWrapper +} + +// something that can persist to disk +type Committer interface { + Commit() + +CommitID + LastCommitID() + +CommitID + + // WorkingHash returns the hash of the KVStore's state before commit. + WorkingHash() []byte + + SetPruning(pruningtypes.PruningOptions) + +GetPruning() + +pruningtypes.PruningOptions +} + +// Stores of MultiStore must implement CommitStore. +type CommitStore interface { + Committer + Store +} + +// Queryable allows a Store to expose internal state to the abci.Query +// interface. Multistore can route requests to the proper Store. +// +// This is an optional, but useful extension to any CommitStore +type Queryable interface { + Query(*RequestQuery) (*ResponseQuery, error) +} + +type RequestQuery struct { + Data []byte + Path string + Height int64 + Prove bool +} + +type ResponseQuery struct { + Code uint32 + Log string + Info string + Index int64 + Key []byte + Value []byte + ProofOps *crypto.ProofOps + Height int64 + Codespace string +} + +//---------------------------------------- +// MultiStore + +// StoreUpgrades defines a series of transformations to apply the multistore db upon load +type StoreUpgrades struct { + Added []string `json:"added"` + Renamed []StoreRename `json:"renamed"` + Deleted []string `json:"deleted"` +} + +// StoreRename defines a name change of a sub-store. +// All data previously under a PrefixStore with OldKey will be copied +// to a PrefixStore with NewKey, then deleted from OldKey store. +type StoreRename struct { + OldKey string `json:"old_key"` + NewKey string `json:"new_key"` +} + +// IsAdded returns true if the given key should be added +func (s *StoreUpgrades) + +IsAdded(key string) + +bool { + if s == nil { + return false +} + +return slices.Contains(s.Added, key) +} + +// IsDeleted returns true if the given key should be deleted +func (s *StoreUpgrades) + +IsDeleted(key string) + +bool { + if s == nil { + return false +} + +return slices.Contains(s.Deleted, key) +} + +// RenamedFrom returns the oldKey if it was renamed +// Returns "" if it was not renamed +func (s *StoreUpgrades) + +RenamedFrom(key string) + +string { + if s == nil { + return "" +} + for _, re := range s.Renamed { + if re.NewKey == key { + return re.OldKey +} + +} + +return "" +} + +type MultiStore interface { + Store + + // Branches MultiStore into a cached storage object. + // NOTE: Caller should probably not call .Write() + +on each, but + // call CacheMultiStore.Write(). + CacheMultiStore() + +CacheMultiStore + + // CacheMultiStoreWithVersion branches the underlying MultiStore where + // each stored is loaded at a specific version (height). + CacheMultiStoreWithVersion(version int64) (CacheMultiStore, error) + + // Convenience for fetching substores. + // If the store does not exist, panics. + GetStore(StoreKey) + +Store + GetKVStore(StoreKey) + +KVStore + + // TracingEnabled returns if tracing is enabled for the MultiStore. + TracingEnabled() + +bool + + // SetTracer sets the tracer for the MultiStore that the underlying + // stores will utilize to trace operations. The modified MultiStore is + // returned. + SetTracer(w io.Writer) + +MultiStore + + // SetTracingContext sets the tracing context for a MultiStore. It is + // implied that the caller should update the context when necessary between + // tracing operations. The modified MultiStore is returned. + SetTracingContext(TraceContext) + +MultiStore + + // LatestVersion returns the latest version in the store + LatestVersion() + +int64 +} + +// From MultiStore.CacheMultiStore().... +type CacheMultiStore interface { + MultiStore + Write() // Writes operations to underlying KVStore +} + +// CommitMultiStore is an interface for a MultiStore without cache capabilities. +type CommitMultiStore interface { + Committer + MultiStore + snapshottypes.Snapshotter + + // Mount a store of type using the given db. + // If db == nil, the new store will use the CommitMultiStore db. + MountStoreWithDB(key StoreKey, typ StoreType, db dbm.DB) + + // Panics on a nil key. + GetCommitStore(key StoreKey) + +CommitStore + + // Panics on a nil key. + GetCommitKVStore(key StoreKey) + +CommitKVStore + + // Load the latest persisted version. Called once after all calls to + // Mount*Store() + +are complete. + LoadLatestVersion() + +error + + // LoadLatestVersionAndUpgrade will load the latest version, but also + // rename/delete/create sub-store keys, before registering all the keys + // in order to handle breaking formats in migrations + LoadLatestVersionAndUpgrade(upgrades *StoreUpgrades) + +error + + // LoadVersionAndUpgrade will load the named version, but also + // rename/delete/create sub-store keys, before registering all the keys + // in order to handle breaking formats in migrations + LoadVersionAndUpgrade(ver int64, upgrades *StoreUpgrades) + +error + + // Load a specific persisted version. When you load an old version, or when + // the last commit attempt didn't complete, the next commit after loading + // must be idempotent (return the same commit id). Otherwise the behavior is + // undefined. + LoadVersion(ver int64) + +error + + // Set an inter-block (persistent) + +cache that maintains a mapping from + // StoreKeys to CommitKVStores. + SetInterBlockCache(MultiStorePersistentCache) + + // SetInitialVersion sets the initial version of the IAVL tree. It is used when + // starting a new chain at an arbitrary height. + SetInitialVersion(version int64) + +error + + // SetIAVLCacheSize sets the cache size of the IAVL tree. + SetIAVLCacheSize(size int) + + // SetIAVLDisableFastNode enables/disables fastnode feature on iavl. + SetIAVLDisableFastNode(disable bool) + + // SetIAVLSyncPruning set sync/async pruning on iavl. + // It is not recommended to use this option. + // It is here to enable the prune command to force this to true, allowing the command to wait + // for the pruning to finish before returning. + SetIAVLSyncPruning(sync bool) + + // RollbackToVersion rollback the db to specific version(height). + RollbackToVersion(version int64) + +error + + // ListeningEnabled returns if listening is enabled for the KVStore belonging the provided StoreKey + ListeningEnabled(key StoreKey) + +bool + + // AddListeners adds a listener for the KVStore belonging to the provided StoreKey + AddListeners(keys []StoreKey) + + // PopStateCache returns the accumulated state change messages from the CommitMultiStore + PopStateCache() []*StoreKVPair + + // SetMetrics sets the metrics for the KVStore + SetMetrics(metrics metrics.StoreMetrics) +} + +//---------subsp------------------------------- +// KVStore + +// BasicKVStore is a simple interface to get/set data +type BasicKVStore interface { + // Get returns nil if key doesn't exist. Panics on nil key. + Get(key []byte) []byte + + // Has checks if a key exists. Panics on nil key. + Has(key []byte) + +bool + + // Set sets the key. Panics on nil key or value. + Set(key, value []byte) + + // Delete deletes the key. Panics on nil key. + Delete(key []byte) +} + +// KVStore additionally provides iteration and deletion +type KVStore interface { + Store + BasicKVStore + + // Iterator over a domain of keys in ascending order. End is exclusive. + // Start must be less than end, or the Iterator is invalid. + // Iterator must be closed by caller. + // To iterate over entire domain, use store.Iterator(nil, nil) + // CONTRACT: No writes may happen within a domain while an iterator exists over it. + // Exceptionally allowed for cachekv.Store, safe to write in the modules. + Iterator(start, end []byte) + +Iterator + + // Iterator over a domain of keys in descending order. End is exclusive. + // Start must be less than end, or the Iterator is invalid. + // Iterator must be closed by caller. + // CONTRACT: No writes may happen within a domain while an iterator exists over it. + // Exceptionally allowed for cachekv.Store, safe to write in the modules. + ReverseIterator(start, end []byte) + +Iterator +} + +// Iterator is an alias db's Iterator for convenience. +type Iterator = dbm.Iterator + +// CacheKVStore branches a KVStore and provides read cache functionality. +// After calling .Write() + +on the CacheKVStore, all previously created +// CacheKVStores on the object expire. +type CacheKVStore interface { + KVStore + + // Writes operations to underlying KVStore + Write() +} + +// CommitKVStore is an interface for MultiStore. +type CommitKVStore interface { + Committer + KVStore +} + +//---------------------------------------- +// CacheWrap + +// CacheWrap is the most appropriate interface for store ephemeral branching and cache. +// For example, IAVLStore.CacheWrap() + +returns a CacheKVStore. CacheWrap should not return +// a Committer, since Commit ephemeral store make no sense. It can return KVStore, +// HeapStore, SpaceStore, etc. +type CacheWrap interface { + // Write syncs with the underlying store. + Write() + + // CacheWrap recursively wraps again. + CacheWrap() + +CacheWrap + + // CacheWrapWithTrace recursively wraps again with tracing enabled. + CacheWrapWithTrace(w io.Writer, tc TraceContext) + +CacheWrap +} + +type CacheWrapper interface { + // CacheWrap branches a store. + CacheWrap() + +CacheWrap + + // CacheWrapWithTrace branches a store with tracing enabled. + CacheWrapWithTrace(w io.Writer, tc TraceContext) + +CacheWrap +} + +func (cid CommitID) + +IsZero() + +bool { + return cid.Version == 0 && len(cid.Hash) == 0 +} + +func (cid CommitID) + +String() + +string { + return fmt.Sprintf("CommitID{%v:%X +}", cid.Hash, cid.Version) +} + +//---------------------------------------- +// Store types + +// kind of store +type StoreType int + +const ( + StoreTypeMulti StoreType = iota + StoreTypeDB + StoreTypeIAVL + StoreTypeTransient + StoreTypeMemory + StoreTypeSMT + StoreTypePersistent +) + +func (st StoreType) + +String() + +string { + switch st { + case StoreTypeMulti: + return "StoreTypeMulti" + case StoreTypeDB: + return "StoreTypeDB" + case StoreTypeIAVL: + return "StoreTypeIAVL" + case StoreTypeTransient: + return "StoreTypeTransient" + case StoreTypeMemory: + return "StoreTypeMemory" + case StoreTypeSMT: + return "StoreTypeSMT" + case StoreTypePersistent: + return "StoreTypePersistent" +} + +return "unknown store type" +} + +//---------------------------------------- +// Keys for accessing substores + +// StoreKey is a key used to index stores in a MultiStore. +type StoreKey interface { + Name() + +string + String() + +string +} + +// CapabilityKey represent the Cosmos SDK keys for object-capability +// generation in the IBC protocol as defined in https://github.com/cosmos/ibc/tree/master/spec/core/ics-005-port-allocation#data-structures +type CapabilityKey StoreKey + +// KVStoreKey is used for accessing substores. +// Only the pointer value should ever be used - it functions as a capabilities key. +type KVStoreKey struct { + name string +} + +// NewKVStoreKey returns a new pointer to a KVStoreKey. +// Use a pointer so keys don't collide. +func NewKVStoreKey(name string) *KVStoreKey { + if name == "" { + panic("empty key name not allowed") +} + +return &KVStoreKey{ + name: name, +} +} + +// NewKVStoreKeys returns a map of new pointers to KVStoreKey's. +// The function will panic if there is a potential conflict in names (see `assertNoPrefix` +// function for more details). +func NewKVStoreKeys(names ...string) + +map[string]*KVStoreKey { + assertNoCommonPrefix(names) + keys := make(map[string]*KVStoreKey, len(names)) + for _, n := range names { + keys[n] = NewKVStoreKey(n) +} + +return keys +} + +func (key *KVStoreKey) + +Name() + +string { + return key.name +} + +func (key *KVStoreKey) + +String() + +string { + return fmt.Sprintf("KVStoreKey{%p, %s +}", key, key.name) +} + +// TransientStoreKey is used for indexing transient stores in a MultiStore +type TransientStoreKey struct { + name string +} + +// Constructs new TransientStoreKey +// Must return a pointer according to the ocap principle +func NewTransientStoreKey(name string) *TransientStoreKey { + return &TransientStoreKey{ + name: name, +} +} + +// Implements StoreKey +func (key *TransientStoreKey) + +Name() + +string { + return key.name +} + +// Implements StoreKey +func (key *TransientStoreKey) + +String() + +string { + return fmt.Sprintf("TransientStoreKey{%p, %s +}", key, key.name) +} + +// MemoryStoreKey defines a typed key to be used with an in-memory KVStore. +type MemoryStoreKey struct { + name string +} + +func NewMemoryStoreKey(name string) *MemoryStoreKey { + return &MemoryStoreKey{ + name: name +} +} + +// Name returns the name of the MemoryStoreKey. +func (key *MemoryStoreKey) + +Name() + +string { + return key.name +} + +// String returns a stringified representation of the MemoryStoreKey. +func (key *MemoryStoreKey) + +String() + +string { + return fmt.Sprintf("MemoryStoreKey{%p, %s +}", key, key.name) +} + +//---------------------------------------- + +// TraceContext contains TraceKVStore context data. It will be written with +// every trace operation. +type TraceContext map[string]interface{ +} + +// Clone clones tc into another instance of TraceContext. +func (tc TraceContext) + +Clone() + +TraceContext { + ret := TraceContext{ +} + +maps.Copy(ret, tc) + +return ret +} + +// Merge merges value of newTc into tc. +func (tc TraceContext) + +Merge(newTc TraceContext) + +TraceContext { + if tc == nil { + tc = TraceContext{ +} + +} + +maps.Copy(tc, newTc) + +return tc +} + +// MultiStorePersistentCache defines an interface which provides inter-block +// (persistent) + +caching capabilities for multiple CommitKVStores based on StoreKeys. +type MultiStorePersistentCache interface { + // Wrap and return the provided CommitKVStore with an inter-block (persistent) + // cache. + GetStoreCache(key StoreKey, store CommitKVStore) + +CommitKVStore + + // Return the underlying CommitKVStore for a StoreKey. + Unwrap(key StoreKey) + +CommitKVStore + + // Reset the entire set of internal caches. + Reset() +} + +// StoreWithInitialVersion is a store that can have an arbitrary initial +// version. +type StoreWithInitialVersion interface { + // SetInitialVersion sets the initial version of the IAVL tree. It is used when + // starting a new chain at an arbitrary height. + SetInitialVersion(version int64) +} + +// NewTransientStoreKeys constructs a new map of TransientStoreKey's +// Must return pointers according to the ocap principle +// The function will panic if there is a potential conflict in names +// see `assertNoCommonPrefix` function for more details. +func NewTransientStoreKeys(names ...string) + +map[string]*TransientStoreKey { + assertNoCommonPrefix(names) + keys := make(map[string]*TransientStoreKey) + for _, n := range names { + keys[n] = NewTransientStoreKey(n) +} + +return keys +} + +// NewMemoryStoreKeys constructs a new map matching store key names to their +// respective MemoryStoreKey references. +// The function will panic if there is a potential conflict in names (see `assertNoPrefix` +// function for more details). +func NewMemoryStoreKeys(names ...string) + +map[string]*MemoryStoreKey { + assertNoCommonPrefix(names) + keys := make(map[string]*MemoryStoreKey) + for _, n := range names { + keys[n] = NewMemoryStoreKey(n) +} + +return keys +} +``` + +The `Committer` is an interface that defines methods to persist changes to disk: + +```go expandable +package types + +import ( + + "fmt" + "io" + "maps" + "slices" + "github.com/cometbft/cometbft/proto/tendermint/crypto" + dbm "github.com/cosmos/cosmos-db" + "cosmossdk.io/store/metrics" + pruningtypes "cosmossdk.io/store/pruning/types" + snapshottypes "cosmossdk.io/store/snapshots/types" +) + +type Store interface { + GetStoreType() + +StoreType + CacheWrapper +} + +// something that can persist to disk +type Committer interface { + Commit() + +CommitID + LastCommitID() + +CommitID + + // WorkingHash returns the hash of the KVStore's state before commit. + WorkingHash() []byte + + SetPruning(pruningtypes.PruningOptions) + +GetPruning() + +pruningtypes.PruningOptions +} + +// Stores of MultiStore must implement CommitStore. +type CommitStore interface { + Committer + Store +} + +// Queryable allows a Store to expose internal state to the abci.Query +// interface. Multistore can route requests to the proper Store. +// +// This is an optional, but useful extension to any CommitStore +type Queryable interface { + Query(*RequestQuery) (*ResponseQuery, error) +} + +type RequestQuery struct { + Data []byte + Path string + Height int64 + Prove bool +} + +type ResponseQuery struct { + Code uint32 + Log string + Info string + Index int64 + Key []byte + Value []byte + ProofOps *crypto.ProofOps + Height int64 + Codespace string +} + +//---------------------------------------- +// MultiStore + +// StoreUpgrades defines a series of transformations to apply the multistore db upon load +type StoreUpgrades struct { + Added []string `json:"added"` + Renamed []StoreRename `json:"renamed"` + Deleted []string `json:"deleted"` +} + +// StoreRename defines a name change of a sub-store. +// All data previously under a PrefixStore with OldKey will be copied +// to a PrefixStore with NewKey, then deleted from OldKey store. +type StoreRename struct { + OldKey string `json:"old_key"` + NewKey string `json:"new_key"` +} + +// IsAdded returns true if the given key should be added +func (s *StoreUpgrades) + +IsAdded(key string) + +bool { + if s == nil { + return false +} + +return slices.Contains(s.Added, key) +} + +// IsDeleted returns true if the given key should be deleted +func (s *StoreUpgrades) + +IsDeleted(key string) + +bool { + if s == nil { + return false +} + +return slices.Contains(s.Deleted, key) +} + +// RenamedFrom returns the oldKey if it was renamed +// Returns "" if it was not renamed +func (s *StoreUpgrades) + +RenamedFrom(key string) + +string { + if s == nil { + return "" +} + for _, re := range s.Renamed { + if re.NewKey == key { + return re.OldKey +} + +} + +return "" +} + +type MultiStore interface { + Store + + // Branches MultiStore into a cached storage object. + // NOTE: Caller should probably not call .Write() + +on each, but + // call CacheMultiStore.Write(). + CacheMultiStore() + +CacheMultiStore + + // CacheMultiStoreWithVersion branches the underlying MultiStore where + // each stored is loaded at a specific version (height). + CacheMultiStoreWithVersion(version int64) (CacheMultiStore, error) + + // Convenience for fetching substores. + // If the store does not exist, panics. + GetStore(StoreKey) + +Store + GetKVStore(StoreKey) + +KVStore + + // TracingEnabled returns if tracing is enabled for the MultiStore. + TracingEnabled() + +bool + + // SetTracer sets the tracer for the MultiStore that the underlying + // stores will utilize to trace operations. The modified MultiStore is + // returned. + SetTracer(w io.Writer) + +MultiStore + + // SetTracingContext sets the tracing context for a MultiStore. It is + // implied that the caller should update the context when necessary between + // tracing operations. The modified MultiStore is returned. + SetTracingContext(TraceContext) + +MultiStore + + // LatestVersion returns the latest version in the store + LatestVersion() + +int64 +} + +// From MultiStore.CacheMultiStore().... +type CacheMultiStore interface { + MultiStore + Write() // Writes operations to underlying KVStore +} + +// CommitMultiStore is an interface for a MultiStore without cache capabilities. +type CommitMultiStore interface { + Committer + MultiStore + snapshottypes.Snapshotter + + // Mount a store of type using the given db. + // If db == nil, the new store will use the CommitMultiStore db. + MountStoreWithDB(key StoreKey, typ StoreType, db dbm.DB) + + // Panics on a nil key. + GetCommitStore(key StoreKey) + +CommitStore + + // Panics on a nil key. + GetCommitKVStore(key StoreKey) + +CommitKVStore + + // Load the latest persisted version. Called once after all calls to + // Mount*Store() + +are complete. + LoadLatestVersion() + +error + + // LoadLatestVersionAndUpgrade will load the latest version, but also + // rename/delete/create sub-store keys, before registering all the keys + // in order to handle breaking formats in migrations + LoadLatestVersionAndUpgrade(upgrades *StoreUpgrades) + +error + + // LoadVersionAndUpgrade will load the named version, but also + // rename/delete/create sub-store keys, before registering all the keys + // in order to handle breaking formats in migrations + LoadVersionAndUpgrade(ver int64, upgrades *StoreUpgrades) + +error + + // Load a specific persisted version. When you load an old version, or when + // the last commit attempt didn't complete, the next commit after loading + // must be idempotent (return the same commit id). Otherwise the behavior is + // undefined. + LoadVersion(ver int64) + +error + + // Set an inter-block (persistent) + +cache that maintains a mapping from + // StoreKeys to CommitKVStores. + SetInterBlockCache(MultiStorePersistentCache) + + // SetInitialVersion sets the initial version of the IAVL tree. It is used when + // starting a new chain at an arbitrary height. + SetInitialVersion(version int64) + +error + + // SetIAVLCacheSize sets the cache size of the IAVL tree. + SetIAVLCacheSize(size int) + + // SetIAVLDisableFastNode enables/disables fastnode feature on iavl. + SetIAVLDisableFastNode(disable bool) + + // SetIAVLSyncPruning set sync/async pruning on iavl. + // It is not recommended to use this option. + // It is here to enable the prune command to force this to true, allowing the command to wait + // for the pruning to finish before returning. + SetIAVLSyncPruning(sync bool) + + // RollbackToVersion rollback the db to specific version(height). + RollbackToVersion(version int64) + +error + + // ListeningEnabled returns if listening is enabled for the KVStore belonging the provided StoreKey + ListeningEnabled(key StoreKey) + +bool + + // AddListeners adds a listener for the KVStore belonging to the provided StoreKey + AddListeners(keys []StoreKey) + + // PopStateCache returns the accumulated state change messages from the CommitMultiStore + PopStateCache() []*StoreKVPair + + // SetMetrics sets the metrics for the KVStore + SetMetrics(metrics metrics.StoreMetrics) +} + +//---------subsp------------------------------- +// KVStore + +// BasicKVStore is a simple interface to get/set data +type BasicKVStore interface { + // Get returns nil if key doesn't exist. Panics on nil key. + Get(key []byte) []byte + + // Has checks if a key exists. Panics on nil key. + Has(key []byte) + +bool + + // Set sets the key. Panics on nil key or value. + Set(key, value []byte) + + // Delete deletes the key. Panics on nil key. + Delete(key []byte) +} + +// KVStore additionally provides iteration and deletion +type KVStore interface { + Store + BasicKVStore + + // Iterator over a domain of keys in ascending order. End is exclusive. + // Start must be less than end, or the Iterator is invalid. + // Iterator must be closed by caller. + // To iterate over entire domain, use store.Iterator(nil, nil) + // CONTRACT: No writes may happen within a domain while an iterator exists over it. + // Exceptionally allowed for cachekv.Store, safe to write in the modules. + Iterator(start, end []byte) + +Iterator + + // Iterator over a domain of keys in descending order. End is exclusive. + // Start must be less than end, or the Iterator is invalid. + // Iterator must be closed by caller. + // CONTRACT: No writes may happen within a domain while an iterator exists over it. + // Exceptionally allowed for cachekv.Store, safe to write in the modules. + ReverseIterator(start, end []byte) + +Iterator +} + +// Iterator is an alias db's Iterator for convenience. +type Iterator = dbm.Iterator + +// CacheKVStore branches a KVStore and provides read cache functionality. +// After calling .Write() + +on the CacheKVStore, all previously created +// CacheKVStores on the object expire. +type CacheKVStore interface { + KVStore + + // Writes operations to underlying KVStore + Write() +} + +// CommitKVStore is an interface for MultiStore. +type CommitKVStore interface { + Committer + KVStore +} + +//---------------------------------------- +// CacheWrap + +// CacheWrap is the most appropriate interface for store ephemeral branching and cache. +// For example, IAVLStore.CacheWrap() + +returns a CacheKVStore. CacheWrap should not return +// a Committer, since Commit ephemeral store make no sense. It can return KVStore, +// HeapStore, SpaceStore, etc. +type CacheWrap interface { + // Write syncs with the underlying store. + Write() + + // CacheWrap recursively wraps again. + CacheWrap() + +CacheWrap + + // CacheWrapWithTrace recursively wraps again with tracing enabled. + CacheWrapWithTrace(w io.Writer, tc TraceContext) + +CacheWrap +} + +type CacheWrapper interface { + // CacheWrap branches a store. + CacheWrap() + +CacheWrap + + // CacheWrapWithTrace branches a store with tracing enabled. + CacheWrapWithTrace(w io.Writer, tc TraceContext) + +CacheWrap +} + +func (cid CommitID) + +IsZero() + +bool { + return cid.Version == 0 && len(cid.Hash) == 0 +} + +func (cid CommitID) + +String() + +string { + return fmt.Sprintf("CommitID{%v:%X +}", cid.Hash, cid.Version) +} + +//---------------------------------------- +// Store types + +// kind of store +type StoreType int + +const ( + StoreTypeMulti StoreType = iota + StoreTypeDB + StoreTypeIAVL + StoreTypeTransient + StoreTypeMemory + StoreTypeSMT + StoreTypePersistent +) + +func (st StoreType) + +String() + +string { + switch st { + case StoreTypeMulti: + return "StoreTypeMulti" + case StoreTypeDB: + return "StoreTypeDB" + case StoreTypeIAVL: + return "StoreTypeIAVL" + case StoreTypeTransient: + return "StoreTypeTransient" + case StoreTypeMemory: + return "StoreTypeMemory" + case StoreTypeSMT: + return "StoreTypeSMT" + case StoreTypePersistent: + return "StoreTypePersistent" +} + +return "unknown store type" +} + +//---------------------------------------- +// Keys for accessing substores + +// StoreKey is a key used to index stores in a MultiStore. +type StoreKey interface { + Name() + +string + String() + +string +} + +// CapabilityKey represent the Cosmos SDK keys for object-capability +// generation in the IBC protocol as defined in https://github.com/cosmos/ibc/tree/master/spec/core/ics-005-port-allocation#data-structures +type CapabilityKey StoreKey + +// KVStoreKey is used for accessing substores. +// Only the pointer value should ever be used - it functions as a capabilities key. +type KVStoreKey struct { + name string +} + +// NewKVStoreKey returns a new pointer to a KVStoreKey. +// Use a pointer so keys don't collide. +func NewKVStoreKey(name string) *KVStoreKey { + if name == "" { + panic("empty key name not allowed") +} + +return &KVStoreKey{ + name: name, +} +} + +// NewKVStoreKeys returns a map of new pointers to KVStoreKey's. +// The function will panic if there is a potential conflict in names (see `assertNoPrefix` +// function for more details). +func NewKVStoreKeys(names ...string) + +map[string]*KVStoreKey { + assertNoCommonPrefix(names) + keys := make(map[string]*KVStoreKey, len(names)) + for _, n := range names { + keys[n] = NewKVStoreKey(n) +} + +return keys +} + +func (key *KVStoreKey) + +Name() + +string { + return key.name +} + +func (key *KVStoreKey) + +String() + +string { + return fmt.Sprintf("KVStoreKey{%p, %s +}", key, key.name) +} + +// TransientStoreKey is used for indexing transient stores in a MultiStore +type TransientStoreKey struct { + name string +} + +// Constructs new TransientStoreKey +// Must return a pointer according to the ocap principle +func NewTransientStoreKey(name string) *TransientStoreKey { + return &TransientStoreKey{ + name: name, +} +} + +// Implements StoreKey +func (key *TransientStoreKey) + +Name() + +string { + return key.name +} + +// Implements StoreKey +func (key *TransientStoreKey) + +String() + +string { + return fmt.Sprintf("TransientStoreKey{%p, %s +}", key, key.name) +} + +// MemoryStoreKey defines a typed key to be used with an in-memory KVStore. +type MemoryStoreKey struct { + name string +} + +func NewMemoryStoreKey(name string) *MemoryStoreKey { + return &MemoryStoreKey{ + name: name +} +} + +// Name returns the name of the MemoryStoreKey. +func (key *MemoryStoreKey) + +Name() + +string { + return key.name +} + +// String returns a stringified representation of the MemoryStoreKey. +func (key *MemoryStoreKey) + +String() + +string { + return fmt.Sprintf("MemoryStoreKey{%p, %s +}", key, key.name) +} + +//---------------------------------------- + +// TraceContext contains TraceKVStore context data. It will be written with +// every trace operation. +type TraceContext map[string]interface{ +} + +// Clone clones tc into another instance of TraceContext. +func (tc TraceContext) + +Clone() + +TraceContext { + ret := TraceContext{ +} + +maps.Copy(ret, tc) + +return ret +} + +// Merge merges value of newTc into tc. +func (tc TraceContext) + +Merge(newTc TraceContext) + +TraceContext { + if tc == nil { + tc = TraceContext{ +} + +} + +maps.Copy(tc, newTc) + +return tc +} + +// MultiStorePersistentCache defines an interface which provides inter-block +// (persistent) + +caching capabilities for multiple CommitKVStores based on StoreKeys. +type MultiStorePersistentCache interface { + // Wrap and return the provided CommitKVStore with an inter-block (persistent) + // cache. + GetStoreCache(key StoreKey, store CommitKVStore) + +CommitKVStore + + // Return the underlying CommitKVStore for a StoreKey. + Unwrap(key StoreKey) + +CommitKVStore + + // Reset the entire set of internal caches. + Reset() +} + +// StoreWithInitialVersion is a store that can have an arbitrary initial +// version. +type StoreWithInitialVersion interface { + // SetInitialVersion sets the initial version of the IAVL tree. It is used when + // starting a new chain at an arbitrary height. + SetInitialVersion(version int64) +} + +// NewTransientStoreKeys constructs a new map of TransientStoreKey's +// Must return pointers according to the ocap principle +// The function will panic if there is a potential conflict in names +// see `assertNoCommonPrefix` function for more details. +func NewTransientStoreKeys(names ...string) + +map[string]*TransientStoreKey { + assertNoCommonPrefix(names) + keys := make(map[string]*TransientStoreKey) + for _, n := range names { + keys[n] = NewTransientStoreKey(n) +} + +return keys +} + +// NewMemoryStoreKeys constructs a new map matching store key names to their +// respective MemoryStoreKey references. +// The function will panic if there is a potential conflict in names (see `assertNoPrefix` +// function for more details). +func NewMemoryStoreKeys(names ...string) + +map[string]*MemoryStoreKey { + assertNoCommonPrefix(names) + keys := make(map[string]*MemoryStoreKey) + for _, n := range names { + keys[n] = NewMemoryStoreKey(n) +} + +return keys +} +``` + +The `CommitID` is a deterministic commit of the state tree. Its hash is returned to the underlying consensus engine and stored in the block header. Note that commit store interfaces exist for various purposes, one of which is to make sure not every object can commit the store. As part of the [object-capabilities model](/docs/sdk/vnext/learn/advanced/ocap) of the Cosmos SDK, only `baseapp` should have the ability to commit stores. For example, this is the reason why the `ctx.KVStore()` method by which modules typically access stores returns a `KVStore` and not a `CommitKVStore`. + +The Cosmos SDK comes with many types of stores, the most used being [`CommitMultiStore`](#multistore), [`KVStore`](#kvstore) and [`GasKv` store](#gaskv-store). [Other types of stores](#other-stores) include `Transient` and `TraceKV` stores. + +## Multistore + +### Multistore Interface + +Each Cosmos SDK application holds a multistore at its root to persist its state. The multistore is a store of `KVStores` that follows the `Multistore` interface: + +```go expandable +package types + +import ( + + "fmt" + "io" + "maps" + "slices" + "github.com/cometbft/cometbft/proto/tendermint/crypto" + dbm "github.com/cosmos/cosmos-db" + "cosmossdk.io/store/metrics" + pruningtypes "cosmossdk.io/store/pruning/types" + snapshottypes "cosmossdk.io/store/snapshots/types" +) + +type Store interface { + GetStoreType() + +StoreType + CacheWrapper +} + +// something that can persist to disk +type Committer interface { + Commit() + +CommitID + LastCommitID() + +CommitID + + // WorkingHash returns the hash of the KVStore's state before commit. + WorkingHash() []byte + + SetPruning(pruningtypes.PruningOptions) + +GetPruning() + +pruningtypes.PruningOptions +} + +// Stores of MultiStore must implement CommitStore. +type CommitStore interface { + Committer + Store +} + +// Queryable allows a Store to expose internal state to the abci.Query +// interface. Multistore can route requests to the proper Store. +// +// This is an optional, but useful extension to any CommitStore +type Queryable interface { + Query(*RequestQuery) (*ResponseQuery, error) +} + +type RequestQuery struct { + Data []byte + Path string + Height int64 + Prove bool +} + +type ResponseQuery struct { + Code uint32 + Log string + Info string + Index int64 + Key []byte + Value []byte + ProofOps *crypto.ProofOps + Height int64 + Codespace string +} + +//---------------------------------------- +// MultiStore + +// StoreUpgrades defines a series of transformations to apply the multistore db upon load +type StoreUpgrades struct { + Added []string `json:"added"` + Renamed []StoreRename `json:"renamed"` + Deleted []string `json:"deleted"` +} + +// StoreRename defines a name change of a sub-store. +// All data previously under a PrefixStore with OldKey will be copied +// to a PrefixStore with NewKey, then deleted from OldKey store. +type StoreRename struct { + OldKey string `json:"old_key"` + NewKey string `json:"new_key"` +} + +// IsAdded returns true if the given key should be added +func (s *StoreUpgrades) + +IsAdded(key string) + +bool { + if s == nil { + return false +} + +return slices.Contains(s.Added, key) +} + +// IsDeleted returns true if the given key should be deleted +func (s *StoreUpgrades) + +IsDeleted(key string) + +bool { + if s == nil { + return false +} + +return slices.Contains(s.Deleted, key) +} + +// RenamedFrom returns the oldKey if it was renamed +// Returns "" if it was not renamed +func (s *StoreUpgrades) + +RenamedFrom(key string) + +string { + if s == nil { + return "" +} + for _, re := range s.Renamed { + if re.NewKey == key { + return re.OldKey +} + +} + +return "" +} + +type MultiStore interface { + Store + + // Branches MultiStore into a cached storage object. + // NOTE: Caller should probably not call .Write() + +on each, but + // call CacheMultiStore.Write(). + CacheMultiStore() + +CacheMultiStore + + // CacheMultiStoreWithVersion branches the underlying MultiStore where + // each stored is loaded at a specific version (height). + CacheMultiStoreWithVersion(version int64) (CacheMultiStore, error) + + // Convenience for fetching substores. + // If the store does not exist, panics. + GetStore(StoreKey) + +Store + GetKVStore(StoreKey) + +KVStore + + // TracingEnabled returns if tracing is enabled for the MultiStore. + TracingEnabled() + +bool + + // SetTracer sets the tracer for the MultiStore that the underlying + // stores will utilize to trace operations. The modified MultiStore is + // returned. + SetTracer(w io.Writer) + +MultiStore + + // SetTracingContext sets the tracing context for a MultiStore. It is + // implied that the caller should update the context when necessary between + // tracing operations. The modified MultiStore is returned. + SetTracingContext(TraceContext) + +MultiStore + + // LatestVersion returns the latest version in the store + LatestVersion() + +int64 +} + +// From MultiStore.CacheMultiStore().... +type CacheMultiStore interface { + MultiStore + Write() // Writes operations to underlying KVStore +} + +// CommitMultiStore is an interface for a MultiStore without cache capabilities. +type CommitMultiStore interface { + Committer + MultiStore + snapshottypes.Snapshotter + + // Mount a store of type using the given db. + // If db == nil, the new store will use the CommitMultiStore db. + MountStoreWithDB(key StoreKey, typ StoreType, db dbm.DB) + + // Panics on a nil key. + GetCommitStore(key StoreKey) + +CommitStore + + // Panics on a nil key. + GetCommitKVStore(key StoreKey) + +CommitKVStore + + // Load the latest persisted version. Called once after all calls to + // Mount*Store() + +are complete. + LoadLatestVersion() + +error + + // LoadLatestVersionAndUpgrade will load the latest version, but also + // rename/delete/create sub-store keys, before registering all the keys + // in order to handle breaking formats in migrations + LoadLatestVersionAndUpgrade(upgrades *StoreUpgrades) + +error + + // LoadVersionAndUpgrade will load the named version, but also + // rename/delete/create sub-store keys, before registering all the keys + // in order to handle breaking formats in migrations + LoadVersionAndUpgrade(ver int64, upgrades *StoreUpgrades) + +error + + // Load a specific persisted version. When you load an old version, or when + // the last commit attempt didn't complete, the next commit after loading + // must be idempotent (return the same commit id). Otherwise the behavior is + // undefined. + LoadVersion(ver int64) + +error + + // Set an inter-block (persistent) + +cache that maintains a mapping from + // StoreKeys to CommitKVStores. + SetInterBlockCache(MultiStorePersistentCache) + + // SetInitialVersion sets the initial version of the IAVL tree. It is used when + // starting a new chain at an arbitrary height. + SetInitialVersion(version int64) + +error + + // SetIAVLCacheSize sets the cache size of the IAVL tree. + SetIAVLCacheSize(size int) + + // SetIAVLDisableFastNode enables/disables fastnode feature on iavl. + SetIAVLDisableFastNode(disable bool) + + // SetIAVLSyncPruning set sync/async pruning on iavl. + // It is not recommended to use this option. + // It is here to enable the prune command to force this to true, allowing the command to wait + // for the pruning to finish before returning. + SetIAVLSyncPruning(sync bool) + + // RollbackToVersion rollback the db to specific version(height). + RollbackToVersion(version int64) + +error + + // ListeningEnabled returns if listening is enabled for the KVStore belonging the provided StoreKey + ListeningEnabled(key StoreKey) + +bool + + // AddListeners adds a listener for the KVStore belonging to the provided StoreKey + AddListeners(keys []StoreKey) + + // PopStateCache returns the accumulated state change messages from the CommitMultiStore + PopStateCache() []*StoreKVPair + + // SetMetrics sets the metrics for the KVStore + SetMetrics(metrics metrics.StoreMetrics) +} + +//---------subsp------------------------------- +// KVStore + +// BasicKVStore is a simple interface to get/set data +type BasicKVStore interface { + // Get returns nil if key doesn't exist. Panics on nil key. + Get(key []byte) []byte + + // Has checks if a key exists. Panics on nil key. + Has(key []byte) + +bool + + // Set sets the key. Panics on nil key or value. + Set(key, value []byte) + + // Delete deletes the key. Panics on nil key. + Delete(key []byte) +} + +// KVStore additionally provides iteration and deletion +type KVStore interface { + Store + BasicKVStore + + // Iterator over a domain of keys in ascending order. End is exclusive. + // Start must be less than end, or the Iterator is invalid. + // Iterator must be closed by caller. + // To iterate over entire domain, use store.Iterator(nil, nil) + // CONTRACT: No writes may happen within a domain while an iterator exists over it. + // Exceptionally allowed for cachekv.Store, safe to write in the modules. + Iterator(start, end []byte) + +Iterator + + // Iterator over a domain of keys in descending order. End is exclusive. + // Start must be less than end, or the Iterator is invalid. + // Iterator must be closed by caller. + // CONTRACT: No writes may happen within a domain while an iterator exists over it. + // Exceptionally allowed for cachekv.Store, safe to write in the modules. + ReverseIterator(start, end []byte) + +Iterator +} + +// Iterator is an alias db's Iterator for convenience. +type Iterator = dbm.Iterator + +// CacheKVStore branches a KVStore and provides read cache functionality. +// After calling .Write() + +on the CacheKVStore, all previously created +// CacheKVStores on the object expire. +type CacheKVStore interface { + KVStore + + // Writes operations to underlying KVStore + Write() +} + +// CommitKVStore is an interface for MultiStore. +type CommitKVStore interface { + Committer + KVStore +} + +//---------------------------------------- +// CacheWrap + +// CacheWrap is the most appropriate interface for store ephemeral branching and cache. +// For example, IAVLStore.CacheWrap() + +returns a CacheKVStore. CacheWrap should not return +// a Committer, since Commit ephemeral store make no sense. It can return KVStore, +// HeapStore, SpaceStore, etc. +type CacheWrap interface { + // Write syncs with the underlying store. + Write() + + // CacheWrap recursively wraps again. + CacheWrap() + +CacheWrap + + // CacheWrapWithTrace recursively wraps again with tracing enabled. + CacheWrapWithTrace(w io.Writer, tc TraceContext) + +CacheWrap +} + +type CacheWrapper interface { + // CacheWrap branches a store. + CacheWrap() + +CacheWrap + + // CacheWrapWithTrace branches a store with tracing enabled. + CacheWrapWithTrace(w io.Writer, tc TraceContext) + +CacheWrap +} + +func (cid CommitID) + +IsZero() + +bool { + return cid.Version == 0 && len(cid.Hash) == 0 +} + +func (cid CommitID) + +String() + +string { + return fmt.Sprintf("CommitID{%v:%X +}", cid.Hash, cid.Version) +} + +//---------------------------------------- +// Store types + +// kind of store +type StoreType int + +const ( + StoreTypeMulti StoreType = iota + StoreTypeDB + StoreTypeIAVL + StoreTypeTransient + StoreTypeMemory + StoreTypeSMT + StoreTypePersistent +) + +func (st StoreType) + +String() + +string { + switch st { + case StoreTypeMulti: + return "StoreTypeMulti" + case StoreTypeDB: + return "StoreTypeDB" + case StoreTypeIAVL: + return "StoreTypeIAVL" + case StoreTypeTransient: + return "StoreTypeTransient" + case StoreTypeMemory: + return "StoreTypeMemory" + case StoreTypeSMT: + return "StoreTypeSMT" + case StoreTypePersistent: + return "StoreTypePersistent" +} + +return "unknown store type" +} + +//---------------------------------------- +// Keys for accessing substores + +// StoreKey is a key used to index stores in a MultiStore. +type StoreKey interface { + Name() + +string + String() + +string +} + +// CapabilityKey represent the Cosmos SDK keys for object-capability +// generation in the IBC protocol as defined in https://github.com/cosmos/ibc/tree/master/spec/core/ics-005-port-allocation#data-structures +type CapabilityKey StoreKey + +// KVStoreKey is used for accessing substores. +// Only the pointer value should ever be used - it functions as a capabilities key. +type KVStoreKey struct { + name string +} + +// NewKVStoreKey returns a new pointer to a KVStoreKey. +// Use a pointer so keys don't collide. +func NewKVStoreKey(name string) *KVStoreKey { + if name == "" { + panic("empty key name not allowed") +} + +return &KVStoreKey{ + name: name, +} +} + +// NewKVStoreKeys returns a map of new pointers to KVStoreKey's. +// The function will panic if there is a potential conflict in names (see `assertNoPrefix` +// function for more details). +func NewKVStoreKeys(names ...string) + +map[string]*KVStoreKey { + assertNoCommonPrefix(names) + keys := make(map[string]*KVStoreKey, len(names)) + for _, n := range names { + keys[n] = NewKVStoreKey(n) +} + +return keys +} + +func (key *KVStoreKey) + +Name() + +string { + return key.name +} + +func (key *KVStoreKey) + +String() + +string { + return fmt.Sprintf("KVStoreKey{%p, %s +}", key, key.name) +} + +// TransientStoreKey is used for indexing transient stores in a MultiStore +type TransientStoreKey struct { + name string +} + +// Constructs new TransientStoreKey +// Must return a pointer according to the ocap principle +func NewTransientStoreKey(name string) *TransientStoreKey { + return &TransientStoreKey{ + name: name, +} +} + +// Implements StoreKey +func (key *TransientStoreKey) + +Name() + +string { + return key.name +} + +// Implements StoreKey +func (key *TransientStoreKey) + +String() + +string { + return fmt.Sprintf("TransientStoreKey{%p, %s +}", key, key.name) +} + +// MemoryStoreKey defines a typed key to be used with an in-memory KVStore. +type MemoryStoreKey struct { + name string +} + +func NewMemoryStoreKey(name string) *MemoryStoreKey { + return &MemoryStoreKey{ + name: name +} +} + +// Name returns the name of the MemoryStoreKey. +func (key *MemoryStoreKey) + +Name() + +string { + return key.name +} + +// String returns a stringified representation of the MemoryStoreKey. +func (key *MemoryStoreKey) + +String() + +string { + return fmt.Sprintf("MemoryStoreKey{%p, %s +}", key, key.name) +} + +//---------------------------------------- + +// TraceContext contains TraceKVStore context data. It will be written with +// every trace operation. +type TraceContext map[string]interface{ +} + +// Clone clones tc into another instance of TraceContext. +func (tc TraceContext) + +Clone() + +TraceContext { + ret := TraceContext{ +} + +maps.Copy(ret, tc) + +return ret +} + +// Merge merges value of newTc into tc. +func (tc TraceContext) + +Merge(newTc TraceContext) + +TraceContext { + if tc == nil { + tc = TraceContext{ +} + +} + +maps.Copy(tc, newTc) + +return tc +} + +// MultiStorePersistentCache defines an interface which provides inter-block +// (persistent) + +caching capabilities for multiple CommitKVStores based on StoreKeys. +type MultiStorePersistentCache interface { + // Wrap and return the provided CommitKVStore with an inter-block (persistent) + // cache. + GetStoreCache(key StoreKey, store CommitKVStore) + +CommitKVStore + + // Return the underlying CommitKVStore for a StoreKey. + Unwrap(key StoreKey) + +CommitKVStore + + // Reset the entire set of internal caches. + Reset() +} + +// StoreWithInitialVersion is a store that can have an arbitrary initial +// version. +type StoreWithInitialVersion interface { + // SetInitialVersion sets the initial version of the IAVL tree. It is used when + // starting a new chain at an arbitrary height. + SetInitialVersion(version int64) +} + +// NewTransientStoreKeys constructs a new map of TransientStoreKey's +// Must return pointers according to the ocap principle +// The function will panic if there is a potential conflict in names +// see `assertNoCommonPrefix` function for more details. +func NewTransientStoreKeys(names ...string) + +map[string]*TransientStoreKey { + assertNoCommonPrefix(names) + keys := make(map[string]*TransientStoreKey) + for _, n := range names { + keys[n] = NewTransientStoreKey(n) +} + +return keys +} + +// NewMemoryStoreKeys constructs a new map matching store key names to their +// respective MemoryStoreKey references. +// The function will panic if there is a potential conflict in names (see `assertNoPrefix` +// function for more details). +func NewMemoryStoreKeys(names ...string) + +map[string]*MemoryStoreKey { + assertNoCommonPrefix(names) + keys := make(map[string]*MemoryStoreKey) + for _, n := range names { + keys[n] = NewMemoryStoreKey(n) +} + +return keys +} +``` + +If tracing is enabled, then branching the multistore will firstly wrap all the underlying `KVStore` in [`TraceKv.Store`](#tracekv-store). + +### CommitMultiStore + +The main type of `Multistore` used in the Cosmos SDK is `CommitMultiStore`, which is an extension of the `Multistore` interface: + +```go expandable +package types + +import ( + + "fmt" + "io" + "maps" + "slices" + "github.com/cometbft/cometbft/proto/tendermint/crypto" + dbm "github.com/cosmos/cosmos-db" + "cosmossdk.io/store/metrics" + pruningtypes "cosmossdk.io/store/pruning/types" + snapshottypes "cosmossdk.io/store/snapshots/types" +) + +type Store interface { + GetStoreType() + +StoreType + CacheWrapper +} + +// something that can persist to disk +type Committer interface { + Commit() + +CommitID + LastCommitID() + +CommitID + + // WorkingHash returns the hash of the KVStore's state before commit. + WorkingHash() []byte + + SetPruning(pruningtypes.PruningOptions) + +GetPruning() + +pruningtypes.PruningOptions +} + +// Stores of MultiStore must implement CommitStore. +type CommitStore interface { + Committer + Store +} + +// Queryable allows a Store to expose internal state to the abci.Query +// interface. Multistore can route requests to the proper Store. +// +// This is an optional, but useful extension to any CommitStore +type Queryable interface { + Query(*RequestQuery) (*ResponseQuery, error) +} + +type RequestQuery struct { + Data []byte + Path string + Height int64 + Prove bool +} + +type ResponseQuery struct { + Code uint32 + Log string + Info string + Index int64 + Key []byte + Value []byte + ProofOps *crypto.ProofOps + Height int64 + Codespace string +} + +//---------------------------------------- +// MultiStore + +// StoreUpgrades defines a series of transformations to apply the multistore db upon load +type StoreUpgrades struct { + Added []string `json:"added"` + Renamed []StoreRename `json:"renamed"` + Deleted []string `json:"deleted"` +} + +// StoreRename defines a name change of a sub-store. +// All data previously under a PrefixStore with OldKey will be copied +// to a PrefixStore with NewKey, then deleted from OldKey store. +type StoreRename struct { + OldKey string `json:"old_key"` + NewKey string `json:"new_key"` +} + +// IsAdded returns true if the given key should be added +func (s *StoreUpgrades) + +IsAdded(key string) + +bool { + if s == nil { + return false +} + +return slices.Contains(s.Added, key) +} + +// IsDeleted returns true if the given key should be deleted +func (s *StoreUpgrades) + +IsDeleted(key string) + +bool { + if s == nil { + return false +} + +return slices.Contains(s.Deleted, key) +} + +// RenamedFrom returns the oldKey if it was renamed +// Returns "" if it was not renamed +func (s *StoreUpgrades) + +RenamedFrom(key string) + +string { + if s == nil { + return "" +} + for _, re := range s.Renamed { + if re.NewKey == key { + return re.OldKey +} + +} + +return "" +} + +type MultiStore interface { + Store + + // Branches MultiStore into a cached storage object. + // NOTE: Caller should probably not call .Write() + +on each, but + // call CacheMultiStore.Write(). + CacheMultiStore() + +CacheMultiStore + + // CacheMultiStoreWithVersion branches the underlying MultiStore where + // each stored is loaded at a specific version (height). + CacheMultiStoreWithVersion(version int64) (CacheMultiStore, error) + + // Convenience for fetching substores. + // If the store does not exist, panics. + GetStore(StoreKey) + +Store + GetKVStore(StoreKey) + +KVStore + + // TracingEnabled returns if tracing is enabled for the MultiStore. + TracingEnabled() + +bool + + // SetTracer sets the tracer for the MultiStore that the underlying + // stores will utilize to trace operations. The modified MultiStore is + // returned. + SetTracer(w io.Writer) + +MultiStore + + // SetTracingContext sets the tracing context for a MultiStore. It is + // implied that the caller should update the context when necessary between + // tracing operations. The modified MultiStore is returned. + SetTracingContext(TraceContext) + +MultiStore + + // LatestVersion returns the latest version in the store + LatestVersion() + +int64 +} + +// From MultiStore.CacheMultiStore().... +type CacheMultiStore interface { + MultiStore + Write() // Writes operations to underlying KVStore +} + +// CommitMultiStore is an interface for a MultiStore without cache capabilities. +type CommitMultiStore interface { + Committer + MultiStore + snapshottypes.Snapshotter + + // Mount a store of type using the given db. + // If db == nil, the new store will use the CommitMultiStore db. + MountStoreWithDB(key StoreKey, typ StoreType, db dbm.DB) + + // Panics on a nil key. + GetCommitStore(key StoreKey) + +CommitStore + + // Panics on a nil key. + GetCommitKVStore(key StoreKey) + +CommitKVStore + + // Load the latest persisted version. Called once after all calls to + // Mount*Store() + +are complete. + LoadLatestVersion() + +error + + // LoadLatestVersionAndUpgrade will load the latest version, but also + // rename/delete/create sub-store keys, before registering all the keys + // in order to handle breaking formats in migrations + LoadLatestVersionAndUpgrade(upgrades *StoreUpgrades) + +error + + // LoadVersionAndUpgrade will load the named version, but also + // rename/delete/create sub-store keys, before registering all the keys + // in order to handle breaking formats in migrations + LoadVersionAndUpgrade(ver int64, upgrades *StoreUpgrades) + +error + + // Load a specific persisted version. When you load an old version, or when + // the last commit attempt didn't complete, the next commit after loading + // must be idempotent (return the same commit id). Otherwise the behavior is + // undefined. + LoadVersion(ver int64) + +error + + // Set an inter-block (persistent) + +cache that maintains a mapping from + // StoreKeys to CommitKVStores. + SetInterBlockCache(MultiStorePersistentCache) + + // SetInitialVersion sets the initial version of the IAVL tree. It is used when + // starting a new chain at an arbitrary height. + SetInitialVersion(version int64) + +error + + // SetIAVLCacheSize sets the cache size of the IAVL tree. + SetIAVLCacheSize(size int) + + // SetIAVLDisableFastNode enables/disables fastnode feature on iavl. + SetIAVLDisableFastNode(disable bool) + + // SetIAVLSyncPruning set sync/async pruning on iavl. + // It is not recommended to use this option. + // It is here to enable the prune command to force this to true, allowing the command to wait + // for the pruning to finish before returning. + SetIAVLSyncPruning(sync bool) + + // RollbackToVersion rollback the db to specific version(height). + RollbackToVersion(version int64) + +error + + // ListeningEnabled returns if listening is enabled for the KVStore belonging the provided StoreKey + ListeningEnabled(key StoreKey) + +bool + + // AddListeners adds a listener for the KVStore belonging to the provided StoreKey + AddListeners(keys []StoreKey) + + // PopStateCache returns the accumulated state change messages from the CommitMultiStore + PopStateCache() []*StoreKVPair + + // SetMetrics sets the metrics for the KVStore + SetMetrics(metrics metrics.StoreMetrics) +} + +//---------subsp------------------------------- +// KVStore + +// BasicKVStore is a simple interface to get/set data +type BasicKVStore interface { + // Get returns nil if key doesn't exist. Panics on nil key. + Get(key []byte) []byte + + // Has checks if a key exists. Panics on nil key. + Has(key []byte) + +bool + + // Set sets the key. Panics on nil key or value. + Set(key, value []byte) + + // Delete deletes the key. Panics on nil key. + Delete(key []byte) +} + +// KVStore additionally provides iteration and deletion +type KVStore interface { + Store + BasicKVStore + + // Iterator over a domain of keys in ascending order. End is exclusive. + // Start must be less than end, or the Iterator is invalid. + // Iterator must be closed by caller. + // To iterate over entire domain, use store.Iterator(nil, nil) + // CONTRACT: No writes may happen within a domain while an iterator exists over it. + // Exceptionally allowed for cachekv.Store, safe to write in the modules. + Iterator(start, end []byte) + +Iterator + + // Iterator over a domain of keys in descending order. End is exclusive. + // Start must be less than end, or the Iterator is invalid. + // Iterator must be closed by caller. + // CONTRACT: No writes may happen within a domain while an iterator exists over it. + // Exceptionally allowed for cachekv.Store, safe to write in the modules. + ReverseIterator(start, end []byte) + +Iterator +} + +// Iterator is an alias db's Iterator for convenience. +type Iterator = dbm.Iterator + +// CacheKVStore branches a KVStore and provides read cache functionality. +// After calling .Write() + +on the CacheKVStore, all previously created +// CacheKVStores on the object expire. +type CacheKVStore interface { + KVStore + + // Writes operations to underlying KVStore + Write() +} + +// CommitKVStore is an interface for MultiStore. +type CommitKVStore interface { + Committer + KVStore +} + +//---------------------------------------- +// CacheWrap + +// CacheWrap is the most appropriate interface for store ephemeral branching and cache. +// For example, IAVLStore.CacheWrap() + +returns a CacheKVStore. CacheWrap should not return +// a Committer, since Commit ephemeral store make no sense. It can return KVStore, +// HeapStore, SpaceStore, etc. +type CacheWrap interface { + // Write syncs with the underlying store. + Write() + + // CacheWrap recursively wraps again. + CacheWrap() + +CacheWrap + + // CacheWrapWithTrace recursively wraps again with tracing enabled. + CacheWrapWithTrace(w io.Writer, tc TraceContext) + +CacheWrap +} + +type CacheWrapper interface { + // CacheWrap branches a store. + CacheWrap() + +CacheWrap + + // CacheWrapWithTrace branches a store with tracing enabled. + CacheWrapWithTrace(w io.Writer, tc TraceContext) + +CacheWrap +} + +func (cid CommitID) + +IsZero() + +bool { + return cid.Version == 0 && len(cid.Hash) == 0 +} + +func (cid CommitID) + +String() + +string { + return fmt.Sprintf("CommitID{%v:%X +}", cid.Hash, cid.Version) +} + +//---------------------------------------- +// Store types + +// kind of store +type StoreType int + +const ( + StoreTypeMulti StoreType = iota + StoreTypeDB + StoreTypeIAVL + StoreTypeTransient + StoreTypeMemory + StoreTypeSMT + StoreTypePersistent +) + +func (st StoreType) + +String() + +string { + switch st { + case StoreTypeMulti: + return "StoreTypeMulti" + case StoreTypeDB: + return "StoreTypeDB" + case StoreTypeIAVL: + return "StoreTypeIAVL" + case StoreTypeTransient: + return "StoreTypeTransient" + case StoreTypeMemory: + return "StoreTypeMemory" + case StoreTypeSMT: + return "StoreTypeSMT" + case StoreTypePersistent: + return "StoreTypePersistent" +} + +return "unknown store type" +} + +//---------------------------------------- +// Keys for accessing substores + +// StoreKey is a key used to index stores in a MultiStore. +type StoreKey interface { + Name() + +string + String() + +string +} + +// CapabilityKey represent the Cosmos SDK keys for object-capability +// generation in the IBC protocol as defined in https://github.com/cosmos/ibc/tree/master/spec/core/ics-005-port-allocation#data-structures +type CapabilityKey StoreKey + +// KVStoreKey is used for accessing substores. +// Only the pointer value should ever be used - it functions as a capabilities key. +type KVStoreKey struct { + name string +} + +// NewKVStoreKey returns a new pointer to a KVStoreKey. +// Use a pointer so keys don't collide. +func NewKVStoreKey(name string) *KVStoreKey { + if name == "" { + panic("empty key name not allowed") +} + +return &KVStoreKey{ + name: name, +} +} + +// NewKVStoreKeys returns a map of new pointers to KVStoreKey's. +// The function will panic if there is a potential conflict in names (see `assertNoPrefix` +// function for more details). +func NewKVStoreKeys(names ...string) + +map[string]*KVStoreKey { + assertNoCommonPrefix(names) + keys := make(map[string]*KVStoreKey, len(names)) + for _, n := range names { + keys[n] = NewKVStoreKey(n) +} + +return keys +} + +func (key *KVStoreKey) + +Name() + +string { + return key.name +} + +func (key *KVStoreKey) + +String() + +string { + return fmt.Sprintf("KVStoreKey{%p, %s +}", key, key.name) +} + +// TransientStoreKey is used for indexing transient stores in a MultiStore +type TransientStoreKey struct { + name string +} + +// Constructs new TransientStoreKey +// Must return a pointer according to the ocap principle +func NewTransientStoreKey(name string) *TransientStoreKey { + return &TransientStoreKey{ + name: name, +} +} + +// Implements StoreKey +func (key *TransientStoreKey) + +Name() + +string { + return key.name +} + +// Implements StoreKey +func (key *TransientStoreKey) + +String() + +string { + return fmt.Sprintf("TransientStoreKey{%p, %s +}", key, key.name) +} + +// MemoryStoreKey defines a typed key to be used with an in-memory KVStore. +type MemoryStoreKey struct { + name string +} + +func NewMemoryStoreKey(name string) *MemoryStoreKey { + return &MemoryStoreKey{ + name: name +} +} + +// Name returns the name of the MemoryStoreKey. +func (key *MemoryStoreKey) + +Name() + +string { + return key.name +} + +// String returns a stringified representation of the MemoryStoreKey. +func (key *MemoryStoreKey) + +String() + +string { + return fmt.Sprintf("MemoryStoreKey{%p, %s +}", key, key.name) +} + +//---------------------------------------- + +// TraceContext contains TraceKVStore context data. It will be written with +// every trace operation. +type TraceContext map[string]interface{ +} + +// Clone clones tc into another instance of TraceContext. +func (tc TraceContext) + +Clone() + +TraceContext { + ret := TraceContext{ +} + +maps.Copy(ret, tc) + +return ret +} + +// Merge merges value of newTc into tc. +func (tc TraceContext) + +Merge(newTc TraceContext) + +TraceContext { + if tc == nil { + tc = TraceContext{ +} + +} + +maps.Copy(tc, newTc) + +return tc +} + +// MultiStorePersistentCache defines an interface which provides inter-block +// (persistent) + +caching capabilities for multiple CommitKVStores based on StoreKeys. +type MultiStorePersistentCache interface { + // Wrap and return the provided CommitKVStore with an inter-block (persistent) + // cache. + GetStoreCache(key StoreKey, store CommitKVStore) + +CommitKVStore + + // Return the underlying CommitKVStore for a StoreKey. + Unwrap(key StoreKey) + +CommitKVStore + + // Reset the entire set of internal caches. + Reset() +} + +// StoreWithInitialVersion is a store that can have an arbitrary initial +// version. +type StoreWithInitialVersion interface { + // SetInitialVersion sets the initial version of the IAVL tree. It is used when + // starting a new chain at an arbitrary height. + SetInitialVersion(version int64) +} + +// NewTransientStoreKeys constructs a new map of TransientStoreKey's +// Must return pointers according to the ocap principle +// The function will panic if there is a potential conflict in names +// see `assertNoCommonPrefix` function for more details. +func NewTransientStoreKeys(names ...string) + +map[string]*TransientStoreKey { + assertNoCommonPrefix(names) + keys := make(map[string]*TransientStoreKey) + for _, n := range names { + keys[n] = NewTransientStoreKey(n) +} + +return keys +} + +// NewMemoryStoreKeys constructs a new map matching store key names to their +// respective MemoryStoreKey references. +// The function will panic if there is a potential conflict in names (see `assertNoPrefix` +// function for more details). +func NewMemoryStoreKeys(names ...string) + +map[string]*MemoryStoreKey { + assertNoCommonPrefix(names) + keys := make(map[string]*MemoryStoreKey) + for _, n := range names { + keys[n] = NewMemoryStoreKey(n) +} + +return keys +} +``` + +As for concrete implementation, the \[`rootMulti.Store`] is the go-to implementation of the `CommitMultiStore` interface. + +```go expandable +package rootmulti + +import ( + + "crypto/sha256" + "errors" + "fmt" + "io" + "maps" + "math" + "sort" + "strings" + "sync" + + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + dbm "github.com/cosmos/cosmos-db" + protoio "github.com/cosmos/gogoproto/io" + gogotypes "github.com/cosmos/gogoproto/types" + iavltree "github.com/cosmos/iavl" + + errorsmod "cosmossdk.io/errors" + "cosmossdk.io/log" + "cosmossdk.io/store/cachemulti" + "cosmossdk.io/store/dbadapter" + "cosmossdk.io/store/iavl" + "cosmossdk.io/store/listenkv" + "cosmossdk.io/store/mem" + "cosmossdk.io/store/metrics" + "cosmossdk.io/store/pruning" + pruningtypes "cosmossdk.io/store/pruning/types" + snapshottypes "cosmossdk.io/store/snapshots/types" + "cosmossdk.io/store/tracekv" + "cosmossdk.io/store/transient" + "cosmossdk.io/store/types" +) + +const ( + latestVersionKey = "s/latest" + commitInfoKeyFmt = "s/%d" // s/ +) + +const iavlDisablefastNodeDefault = false + +// keysFromStoreKeyMap returns a slice of keys for the provided map lexically sorted by StoreKey.Name() + +func keysFromStoreKeyMap[V any](m map[types.StoreKey]V) []types.StoreKey { + keys := make([]types.StoreKey, 0, len(m)) + for key := range m { + keys = append(keys, key) +} + +sort.Slice(keys, func(i, j int) + +bool { + ki, kj := keys[i], keys[j] + return ki.Name() < kj.Name() +}) + +return keys +} + +// Store is composed of many CommitStores. Name contrasts with +// cacheMultiStore which is used for branching other MultiStores. It implements +// the CommitMultiStore interface. +type Store struct { + db dbm.DB + logger log.Logger + lastCommitInfo *types.CommitInfo + pruningManager *pruning.Manager + iavlCacheSize int + iavlDisableFastNode bool + // iavlSyncPruning should rarely be set to true. + // The Prune command will automatically set this to true. + // This allows the prune command to wait for the pruning to finish before returning. + iavlSyncPruning bool + storesParams map[types.StoreKey]storeParams + stores map[types.StoreKey]types.CommitKVStore + keysByName map[string]types.StoreKey + initialVersion int64 + removalMap map[types.StoreKey]bool + traceWriter io.Writer + traceContext types.TraceContext + traceContextMutex sync.Mutex + interBlockCache types.MultiStorePersistentCache + listeners map[types.StoreKey]*types.MemoryListener + metrics metrics.StoreMetrics + commitHeader cmtproto.Header +} + +var ( + _ types.CommitMultiStore = (*Store)(nil) + _ types.Queryable = (*Store)(nil) +) + +// NewStore returns a reference to a new Store object with the provided DB. The +// store will be created with a PruneNothing pruning strategy by default. After +// a store is created, KVStores must be mounted and finally LoadLatestVersion or +// LoadVersion must be called. +func NewStore(db dbm.DB, logger log.Logger, metricGatherer metrics.StoreMetrics) *Store { + return &Store{ + db: db, + logger: logger, + iavlCacheSize: iavl.DefaultIAVLCacheSize, + iavlDisableFastNode: iavlDisablefastNodeDefault, + storesParams: make(map[types.StoreKey]storeParams), + stores: make(map[types.StoreKey]types.CommitKVStore), + keysByName: make(map[string]types.StoreKey), + listeners: make(map[types.StoreKey]*types.MemoryListener), + removalMap: make(map[types.StoreKey]bool), + pruningManager: pruning.NewManager(db, logger), + metrics: metricGatherer, +} +} + +// GetPruning fetches the pruning strategy from the root store. +func (rs *Store) + +GetPruning() + +pruningtypes.PruningOptions { + return rs.pruningManager.GetOptions() +} + +// SetPruning sets the pruning strategy on the root store and all the sub-stores. +// Note, calling SetPruning on the root store prior to LoadVersion or +// LoadLatestVersion performs a no-op as the stores aren't mounted yet. +func (rs *Store) + +SetPruning(pruningOpts pruningtypes.PruningOptions) { + rs.pruningManager.SetOptions(pruningOpts) +} + +// SetMetrics sets the metrics gatherer for the store package +func (rs *Store) + +SetMetrics(metrics metrics.StoreMetrics) { + rs.metrics = metrics +} + +// SetSnapshotInterval sets the interval at which the snapshots are taken. +// It is used by the store to determine which heights to retain until after the snapshot is complete. +func (rs *Store) + +SetSnapshotInterval(snapshotInterval uint64) { + rs.pruningManager.SetSnapshotInterval(snapshotInterval) +} + +func (rs *Store) + +SetIAVLCacheSize(cacheSize int) { + rs.iavlCacheSize = cacheSize +} + +func (rs *Store) + +SetIAVLDisableFastNode(disableFastNode bool) { + rs.iavlDisableFastNode = disableFastNode +} + +func (rs *Store) + +SetIAVLSyncPruning(syncPruning bool) { + rs.iavlSyncPruning = syncPruning +} + +// GetStoreType implements Store. +func (rs *Store) + +GetStoreType() + +types.StoreType { + return types.StoreTypeMulti +} + +// MountStoreWithDB implements CommitMultiStore. +func (rs *Store) + +MountStoreWithDB(key types.StoreKey, typ types.StoreType, db dbm.DB) { + if key == nil { + panic("MountIAVLStore() + +key cannot be nil") +} + if _, ok := rs.storesParams[key]; ok { + panic(fmt.Sprintf("store duplicate store key %v", key)) +} + if _, ok := rs.keysByName[key.Name()]; ok { + panic(fmt.Sprintf("store duplicate store key name %v", key)) +} + +rs.storesParams[key] = newStoreParams(key, db, typ, 0) + +rs.keysByName[key.Name()] = key +} + +// GetCommitStore returns a mounted CommitStore for a given StoreKey. If the +// store is wrapped in an inter-block cache, it will be unwrapped before returning. +func (rs *Store) + +GetCommitStore(key types.StoreKey) + +types.CommitStore { + return rs.GetCommitKVStore(key) +} + +// GetCommitKVStore returns a mounted CommitKVStore for a given StoreKey. If the +// store is wrapped in an inter-block cache, it will be unwrapped before returning. +func (rs *Store) + +GetCommitKVStore(key types.StoreKey) + +types.CommitKVStore { + // If the Store has an inter-block cache, first attempt to lookup and unwrap + // the underlying CommitKVStore by StoreKey. If it does not exist, fallback to + // the main mapping of CommitKVStores. + if rs.interBlockCache != nil { + if store := rs.interBlockCache.Unwrap(key); store != nil { + return store +} + +} + +return rs.stores[key] +} + +// StoreKeysByName returns mapping storeNames -> StoreKeys +func (rs *Store) + +StoreKeysByName() + +map[string]types.StoreKey { + return rs.keysByName +} + +// LoadLatestVersionAndUpgrade implements CommitMultiStore +func (rs *Store) + +LoadLatestVersionAndUpgrade(upgrades *types.StoreUpgrades) + +error { + ver := GetLatestVersion(rs.db) + +return rs.loadVersion(ver, upgrades) +} + +// LoadVersionAndUpgrade allows us to rename substores while loading an older version +func (rs *Store) + +LoadVersionAndUpgrade(ver int64, upgrades *types.StoreUpgrades) + +error { + return rs.loadVersion(ver, upgrades) +} + +// LoadLatestVersion implements CommitMultiStore. +func (rs *Store) + +LoadLatestVersion() + +error { + ver := GetLatestVersion(rs.db) + +return rs.loadVersion(ver, nil) +} + +// LoadVersion implements CommitMultiStore. +func (rs *Store) + +LoadVersion(ver int64) + +error { + return rs.loadVersion(ver, nil) +} + +func (rs *Store) + +loadVersion(ver int64, upgrades *types.StoreUpgrades) + +error { + infos := make(map[string]types.StoreInfo) + +rs.logger.Debug("loadVersion", "ver", ver) + cInfo := &types.CommitInfo{ +} + + // load old data if we are not version 0 + if ver != 0 { + var err error + cInfo, err = rs.GetCommitInfo(ver) + if err != nil { + return err +} + + // convert StoreInfos slice to map + for _, storeInfo := range cInfo.StoreInfos { + infos[storeInfo.Name] = storeInfo +} + +} + + // load each Store (note this doesn't panic on unmounted keys now) + newStores := make(map[types.StoreKey]types.CommitKVStore) + storesKeys := make([]types.StoreKey, 0, len(rs.storesParams)) + for key := range rs.storesParams { + storesKeys = append(storesKeys, key) +} + if upgrades != nil { + // deterministic iteration order for upgrades + // (as the underlying store may change and + // upgrades make store changes where the execution order may matter) + +sort.Slice(storesKeys, func(i, j int) + +bool { + return storesKeys[i].Name() < storesKeys[j].Name() +}) +} + for _, key := range storesKeys { + storeParams := rs.storesParams[key] + commitID := rs.getCommitID(infos, key.Name()) + +rs.logger.Debug("loadVersion commitID", "key", key, "ver", ver, "hash", fmt.Sprintf("%x", commitID.Hash)) + + // If it has been added, set the initial version + if upgrades.IsAdded(key.Name()) || upgrades.RenamedFrom(key.Name()) != "" { + storeParams.initialVersion = uint64(ver) + 1 +} + +else if commitID.Version != ver && storeParams.typ == types.StoreTypeIAVL { + return fmt.Errorf("version of store %s mismatch root store's version; expected %d got %d; new stores should be added using StoreUpgrades", key.Name(), ver, commitID.Version) +} + +store, err := rs.loadCommitStoreFromParams(key, commitID, storeParams) + if err != nil { + return errorsmod.Wrap(err, "failed to load store") +} + +newStores[key] = store + + // If it was deleted, remove all data + if upgrades.IsDeleted(key.Name()) { + if err := deleteKVStore(store.(types.KVStore)); err != nil { + return errorsmod.Wrapf(err, "failed to delete store %s", key.Name()) +} + +rs.removalMap[key] = true +} + +else if oldName := upgrades.RenamedFrom(key.Name()); oldName != "" { + // handle renames specially + // make an unregistered key to satisfy loadCommitStore params + oldKey := types.NewKVStoreKey(oldName) + oldParams := newStoreParams(oldKey, storeParams.db, storeParams.typ, 0) + + // load from the old name + oldStore, err := rs.loadCommitStoreFromParams(oldKey, rs.getCommitID(infos, oldName), oldParams) + if err != nil { + return errorsmod.Wrapf(err, "failed to load old store %s", oldName) +} + + // move all data + if err := moveKVStoreData(oldStore.(types.KVStore), store.(types.KVStore)); err != nil { + return errorsmod.Wrapf(err, "failed to move store %s -> %s", oldName, key.Name()) +} + + // add the old key so its deletion is committed + newStores[oldKey] = oldStore + // this will ensure it's not perpetually stored in commitInfo + rs.removalMap[oldKey] = true +} + +} + +rs.lastCommitInfo = cInfo + rs.stores = newStores + + // load any snapshot heights we missed from disk to be pruned on the next run + if err := rs.pruningManager.LoadSnapshotHeights(rs.db); err != nil { + return err +} + +return nil +} + +func (rs *Store) + +getCommitID(infos map[string]types.StoreInfo, name string) + +types.CommitID { + info, ok := infos[name] + if !ok { + return types.CommitID{ +} + +} + +return info.CommitId +} + +func deleteKVStore(kv types.KVStore) + +error { + // Note that we cannot write while iterating, so load all keys here, delete below + var keys [][]byte + itr := kv.Iterator(nil, nil) + for itr.Valid() { + keys = append(keys, itr.Key()) + +itr.Next() +} + if err := itr.Close(); err != nil { + return err +} + for _, k := range keys { + kv.Delete(k) +} + +return nil +} + +// we simulate move by a copy and delete +func moveKVStoreData(oldDB, newDB types.KVStore) + +error { + // we read from one and write to another + itr := oldDB.Iterator(nil, nil) + for itr.Valid() { + newDB.Set(itr.Key(), itr.Value()) + +itr.Next() +} + if err := itr.Close(); err != nil { + return err +} + + // then delete the old store + return deleteKVStore(oldDB) +} + +// PruneSnapshotHeight prunes the given height according to the prune strategy. +// If the strategy is PruneNothing, this is a no-op. +// For other strategies, this height is persisted until the snapshot is operated. +func (rs *Store) + +PruneSnapshotHeight(height int64) { + rs.pruningManager.HandleSnapshotHeight(height) +} + +// SetInterBlockCache sets the Store's internal inter-block (persistent) + +cache. +// When this is defined, all CommitKVStores will be wrapped with their respective +// inter-block cache. +func (rs *Store) + +SetInterBlockCache(c types.MultiStorePersistentCache) { + rs.interBlockCache = c +} + +// SetTracer sets the tracer for the MultiStore that the underlying +// stores will utilize to trace operations. A MultiStore is returned. +func (rs *Store) + +SetTracer(w io.Writer) + +types.MultiStore { + rs.traceWriter = w + return rs +} + +// SetTracingContext updates the tracing context for the MultiStore by merging +// the given context with the existing context by key. Any existing keys will +// be overwritten. It is implied that the caller should update the context when +// necessary between tracing operations. It returns a modified MultiStore. +func (rs *Store) + +SetTracingContext(tc types.TraceContext) + +types.MultiStore { + rs.traceContextMutex.Lock() + +defer rs.traceContextMutex.Unlock() + +rs.traceContext = rs.traceContext.Merge(tc) + +return rs +} + +func (rs *Store) + +getTracingContext() + +types.TraceContext { + rs.traceContextMutex.Lock() + +defer rs.traceContextMutex.Unlock() + if rs.traceContext == nil { + return nil +} + ctx := types.TraceContext{ +} + +maps.Copy(ctx, rs.traceContext) + +return ctx +} + +// TracingEnabled returns if tracing is enabled for the MultiStore. +func (rs *Store) + +TracingEnabled() + +bool { + return rs.traceWriter != nil +} + +// AddListeners adds a listener for the KVStore belonging to the provided StoreKey +func (rs *Store) + +AddListeners(keys []types.StoreKey) { + for i := range keys { + listener := rs.listeners[keys[i]] + if listener == nil { + rs.listeners[keys[i]] = types.NewMemoryListener() +} + +} +} + +// ListeningEnabled returns if listening is enabled for a specific KVStore +func (rs *Store) + +ListeningEnabled(key types.StoreKey) + +bool { + if ls, ok := rs.listeners[key]; ok { + return ls != nil +} + +return false +} + +// PopStateCache returns the accumulated state change messages from the CommitMultiStore +// Calling PopStateCache destroys only the currently accumulated state in each listener +// not the state in the store itself. This is a mutating and destructive operation. +// This method has been synchronized. +func (rs *Store) + +PopStateCache() []*types.StoreKVPair { + var cache []*types.StoreKVPair + for key := range rs.listeners { + ls := rs.listeners[key] + if ls != nil { + cache = append(cache, ls.PopStateCache()...) +} + +} + +sort.SliceStable(cache, func(i, j int) + +bool { + return cache[i].StoreKey < cache[j].StoreKey +}) + +return cache +} + +// LatestVersion returns the latest version in the store +func (rs *Store) + +LatestVersion() + +int64 { + return rs.LastCommitID().Version +} + +// LastCommitID implements Committer/CommitStore. +func (rs *Store) + +LastCommitID() + +types.CommitID { + if rs.lastCommitInfo == nil { + emptyHash := sha256.Sum256([]byte{ +}) + appHash := emptyHash[:] + return types.CommitID{ + Version: GetLatestVersion(rs.db), + Hash: appHash, // set empty apphash to sha256([]byte{ +}) + if info is nil +} + +} + if len(rs.lastCommitInfo.CommitID().Hash) == 0 { + emptyHash := sha256.Sum256([]byte{ +}) + appHash := emptyHash[:] + return types.CommitID{ + Version: rs.lastCommitInfo.Version, + Hash: appHash, // set empty apphash to sha256([]byte{ +}) + if hash is nil +} + +} + +return rs.lastCommitInfo.CommitID() +} + +// Commit implements Committer/CommitStore. +func (rs *Store) + +Commit() + +types.CommitID { + var previousHeight, version int64 + if rs.lastCommitInfo.GetVersion() == 0 && rs.initialVersion > 1 { + // This case means that no commit has been made in the store, we + // start from initialVersion. + version = rs.initialVersion +} + +else { + // This case can means two things: + // - either there was already a previous commit in the store, in which + // case we increment the version from there, + // - or there was no previous commit, and initial version was not set, + // in which case we start at version 1. + previousHeight = rs.lastCommitInfo.GetVersion() + +version = previousHeight + 1 +} + if rs.commitHeader.Height != version { + rs.logger.Debug("commit header and version mismatch", "header_height", rs.commitHeader.Height, "version", version) +} + +rs.lastCommitInfo = commitStores(version, rs.stores, rs.removalMap) + +rs.lastCommitInfo.Timestamp = rs.commitHeader.Time + defer rs.flushMetadata(rs.db, version, rs.lastCommitInfo) + + // remove remnants of removed stores + for sk := range rs.removalMap { + if _, ok := rs.stores[sk]; ok { + delete(rs.stores, sk) + +delete(rs.storesParams, sk) + +delete(rs.keysByName, sk.Name()) +} + +} + + // reset the removalMap + rs.removalMap = make(map[types.StoreKey]bool) + if err := rs.handlePruning(version); err != nil { + rs.logger.Error( + "failed to prune store, please check your pruning configuration", + "err", err, + ) +} + +return types.CommitID{ + Version: version, + Hash: rs.lastCommitInfo.Hash(), +} +} + +// WorkingHash returns the current hash of the store. +// it will be used to get the current app hash before commit. +func (rs *Store) + +WorkingHash() []byte { + storeInfos := make([]types.StoreInfo, 0, len(rs.stores)) + storeKeys := keysFromStoreKeyMap(rs.stores) + for _, key := range storeKeys { + store := rs.stores[key] + if store.GetStoreType() != types.StoreTypeIAVL { + continue +} + if !rs.removalMap[key] { + si := types.StoreInfo{ + Name: key.Name(), + CommitId: types.CommitID{ + Hash: store.WorkingHash(), +}, +} + +storeInfos = append(storeInfos, si) +} + +} + +sort.SliceStable(storeInfos, func(i, j int) + +bool { + return storeInfos[i].Name < storeInfos[j].Name +}) + +return types.CommitInfo{ + StoreInfos: storeInfos +}.Hash() +} + +// CacheWrap implements CacheWrapper/Store/CommitStore. +func (rs *Store) + +CacheWrap() + +types.CacheWrap { + return rs.CacheMultiStore().(types.CacheWrap) +} + +// CacheWrapWithTrace implements the CacheWrapper interface. +func (rs *Store) + +CacheWrapWithTrace(_ io.Writer, _ types.TraceContext) + +types.CacheWrap { + return rs.CacheWrap() +} + +// CacheMultiStore creates ephemeral branch of the multi-store and returns a CacheMultiStore. +// It implements the MultiStore interface. +func (rs *Store) + +CacheMultiStore() + +types.CacheMultiStore { + stores := make(map[types.StoreKey]types.CacheWrapper) + for k, v := range rs.stores { + store := types.KVStore(v) + // Wire the listenkv.Store to allow listeners to observe the writes from the cache store, + // set same listeners on cache store will observe duplicated writes. + if rs.ListeningEnabled(k) { + store = listenkv.NewStore(store, k, rs.listeners[k]) +} + +stores[k] = store +} + +return cachemulti.NewStore(rs.db, stores, rs.keysByName, rs.traceWriter, rs.getTracingContext()) +} + +// CacheMultiStoreWithVersion is analogous to CacheMultiStore except that it +// attempts to load stores at a given version (height). An error is returned if +// any store cannot be loaded. This should only be used for querying and +// iterating at past heights. +func (rs *Store) + +CacheMultiStoreWithVersion(version int64) (types.CacheMultiStore, error) { + cachedStores := make(map[types.StoreKey]types.CacheWrapper) + +var commitInfo *types.CommitInfo + storeInfos := map[string]bool{ +} + for key, store := range rs.stores { + var cacheStore types.KVStore + switch store.GetStoreType() { + case types.StoreTypeIAVL: + // If the store is wrapped with an inter-block cache, we must first unwrap + // it to get the underlying IAVL store. + store = rs.GetCommitKVStore(key) + + // Attempt to lazy-load an already saved IAVL store version. If the + // version does not exist or is pruned, an error should be returned. + var err error + cacheStore, err = store.(*iavl.Store).GetImmutable(version) + // if we got error from loading a module store + // we fetch commit info of this version + // we use commit info to check if the store existed at this version or not + if err != nil { + if commitInfo == nil { + var errCommitInfo error + commitInfo, errCommitInfo = rs.GetCommitInfo(version) + if errCommitInfo != nil { + return nil, errCommitInfo +} + for _, storeInfo := range commitInfo.StoreInfos { + storeInfos[storeInfo.Name] = true +} + +} + + // If the store existed at this version, it means there's actually an error + // getting the root store at this version. + if storeInfos[key.Name()] { + return nil, err +} + +} + +default: + cacheStore = store +} + + // Wire the listenkv.Store to allow listeners to observe the writes from the cache store, + // set same listeners on cache store will observe duplicated writes. + if rs.ListeningEnabled(key) { + cacheStore = listenkv.NewStore(cacheStore, key, rs.listeners[key]) +} + +cachedStores[key] = cacheStore +} + +return cachemulti.NewStore(rs.db, cachedStores, rs.keysByName, rs.traceWriter, rs.getTracingContext()), nil +} + +// GetStore returns a mounted Store for a given StoreKey. If the StoreKey does +// not exist, it will panic. If the Store is wrapped in an inter-block cache, it +// will be unwrapped prior to being returned. +// +// TODO: This isn't used directly upstream. Consider returning the Store as-is +// instead of unwrapping. +func (rs *Store) + +GetStore(key types.StoreKey) + +types.Store { + store := rs.GetCommitKVStore(key) + if store == nil { + panic(fmt.Sprintf("store does not exist for key: %s", key.Name())) +} + +return store +} + +// GetKVStore returns a mounted KVStore for a given StoreKey. If tracing is +// enabled on the KVStore, a wrapped TraceKVStore will be returned with the root +// store's tracer, otherwise, the original KVStore will be returned. +// +// NOTE: The returned KVStore may be wrapped in an inter-block cache if it is +// set on the root store. +func (rs *Store) + +GetKVStore(key types.StoreKey) + +types.KVStore { + s := rs.stores[key] + if s == nil { + panic(fmt.Sprintf("store does not exist for key: %s", key.Name())) +} + store := types.KVStore(s) + if rs.TracingEnabled() { + store = tracekv.NewStore(store, rs.traceWriter, rs.getTracingContext()) +} + if rs.ListeningEnabled(key) { + store = listenkv.NewStore(store, key, rs.listeners[key]) +} + +return store +} + +func (rs *Store) + +handlePruning(version int64) + +error { + pruneHeight := rs.pruningManager.GetPruningHeight(version) + +rs.logger.Debug("prune start", "height", version) + +defer rs.logger.Debug("prune end", "height", version) + +return rs.PruneStores(pruneHeight) +} + +// PruneStores prunes all history upto the specific height of the multi store. +func (rs *Store) + +PruneStores(pruningHeight int64) (err error) { + if pruningHeight <= 0 { + rs.logger.Debug("pruning skipped, height is less than or equal to 0") + +return nil +} + +rs.logger.Debug("pruning store", "heights", pruningHeight) + for key, store := range rs.stores { + rs.logger.Debug("pruning store", "key", key) // Also log store.name (a private variable)? + + // If the store is wrapped with an inter-block cache, we must first unwrap + // it to get the underlying IAVL store. + if store.GetStoreType() != types.StoreTypeIAVL { + continue +} + +store = rs.GetCommitKVStore(key) + err := store.(*iavl.Store).DeleteVersionsTo(pruningHeight) + if err == nil { + continue +} + if errors.Is(err, iavltree.ErrVersionDoesNotExist) { + return err +} + +rs.logger.Error("failed to prune store", "key", key, "err", err) +} + +return nil +} + +// getStoreByName performs a lookup of a StoreKey given a store name typically +// provided in a path. The StoreKey is then used to perform a lookup and return +// a Store. If the Store is wrapped in an inter-block cache, it will be unwrapped +// prior to being returned. If the StoreKey does not exist, nil is returned. +func (rs *Store) + +GetStoreByName(name string) + +types.Store { + key := rs.keysByName[name] + if key == nil { + return nil +} + +return rs.GetCommitKVStore(key) +} + +// Query calls substore.Query with the same `req` where `req.Path` is +// modified to remove the substore prefix. +// Ie. `req.Path` here is `//`, and trimmed to `/` for the substore. +// TODO: add proof for `multistore -> substore`. +func (rs *Store) + +Query(req *types.RequestQuery) (*types.ResponseQuery, error) { + path := req.Path + storeName, subpath, err := parsePath(path) + if err != nil { + return &types.ResponseQuery{ +}, err +} + store := rs.GetStoreByName(storeName) + if store == nil { + return &types.ResponseQuery{ +}, errorsmod.Wrapf(types.ErrUnknownRequest, "no such store: %s", storeName) +} + +queryable, ok := store.(types.Queryable) + if !ok { + return &types.ResponseQuery{ +}, errorsmod.Wrapf(types.ErrUnknownRequest, "store %s (type %T) + +doesn't support queries", storeName, store) +} + + // trim the path and make the query + req.Path = subpath + res, err := queryable.Query(req) + if !req.Prove || !RequireProof(subpath) { + return res, err +} + if res.ProofOps == nil || len(res.ProofOps.Ops) == 0 { + return &types.ResponseQuery{ +}, errorsmod.Wrap(types.ErrInvalidRequest, "proof is unexpectedly empty; ensure height has not been pruned") +} + + // If the request's height is the latest height we've committed, then utilize + // the store's lastCommitInfo as this commit info may not be flushed to disk. + // Otherwise, we query for the commit info from disk. + var commitInfo *types.CommitInfo + if res.Height == rs.lastCommitInfo.Version { + commitInfo = rs.lastCommitInfo +} + +else { + commitInfo, err = rs.GetCommitInfo(res.Height) + if err != nil { + return &types.ResponseQuery{ +}, err +} + +} + + // Restore origin path and append proof op. + res.ProofOps.Ops = append(res.ProofOps.Ops, commitInfo.ProofOp(storeName)) + +return res, nil +} + +// SetInitialVersion sets the initial version of the IAVL tree. It is used when +// starting a new chain at an arbitrary height. +func (rs *Store) + +SetInitialVersion(version int64) + +error { + rs.initialVersion = version + + // Loop through all the stores, if it's an IAVL store, then set initial + // version on it. + for key, store := range rs.stores { + if store.GetStoreType() == types.StoreTypeIAVL { + // If the store is wrapped with an inter-block cache, we must first unwrap + // it to get the underlying IAVL store. + store = rs.GetCommitKVStore(key) + +store.(types.StoreWithInitialVersion).SetInitialVersion(version) +} + +} + +return nil +} + +// parsePath expects a format like /[/] +// Must start with /, subpath may be empty +// Returns error if it doesn't start with / +func parsePath(path string) (storeName, subpath string, err error) { + if !strings.HasPrefix(path, "/") { + return storeName, subpath, errorsmod.Wrapf(types.ErrUnknownRequest, "invalid path: %s", path) +} + +storeName, subpath, found := strings.Cut(path[1:], "/") + if !found { + return storeName, subpath, nil +} + +return storeName, "/" + subpath, nil +} + +//---------------------- Snapshotting ------------------ + +// Snapshot implements snapshottypes.Snapshotter. The snapshot output for a given format must be +// identical across nodes such that chunks from different sources fit together. If the output for a +// given format changes (at the byte level), the snapshot format must be bumped - see +// TestMultistoreSnapshot_Checksum test. +func (rs *Store) + +Snapshot(height uint64, protoWriter protoio.Writer) + +error { + if height == 0 { + return errorsmod.Wrap(types.ErrLogic, "cannot snapshot height 0") +} + if height > uint64(GetLatestVersion(rs.db)) { + return errorsmod.Wrapf(types.ErrLogic, "cannot snapshot future height %v", height) +} + + // Collect stores to snapshot (only IAVL stores are supported) + +type namedStore struct { + *iavl.Store + name string +} + stores := []namedStore{ +} + keys := keysFromStoreKeyMap(rs.stores) + for _, key := range keys { + switch store := rs.GetCommitKVStore(key).(type) { + case *iavl.Store: + stores = append(stores, namedStore{ + name: key.Name(), + Store: store +}) + case *transient.Store, *mem.Store: + // Non-persisted stores shouldn't be snapshotted + continue + default: + return errorsmod.Wrapf(types.ErrLogic, + "don't know how to snapshot store %q of type %T", key.Name(), store) +} + +} + +sort.Slice(stores, func(i, j int) + +bool { + return strings.Compare(stores[i].name, stores[j].name) == -1 +}) + + // Export each IAVL store. Stores are serialized as a stream of SnapshotItem Protobuf + // messages. The first item contains a SnapshotStore with store metadata (i.e. name), + // and the following messages contain a SnapshotNode (i.e. an ExportNode). Store changes + // are demarcated by new SnapshotStore items. + for _, store := range stores { + rs.logger.Debug("starting snapshot", "store", store.name, "height", height) + +exporter, err := store.Export(int64(height)) + if err != nil { + rs.logger.Error("snapshot failed; exporter error", "store", store.name, "err", err) + +return err +} + +err = func() + +error { + defer exporter.Close() + err := protoWriter.WriteMsg(&snapshottypes.SnapshotItem{ + Item: &snapshottypes.SnapshotItem_Store{ + Store: &snapshottypes.SnapshotStoreItem{ + Name: store.name, +}, +}, +}) + if err != nil { + rs.logger.Error("snapshot failed; item store write failed", "store", store.name, "err", err) + +return err +} + nodeCount := 0 + for { + node, err := exporter.Next() + if errors.Is(err, iavltree.ErrorExportDone) { + rs.logger.Debug("snapshot Done", "store", store.name, "nodeCount", nodeCount) + +break +} + +else if err != nil { + return err +} + +err = protoWriter.WriteMsg(&snapshottypes.SnapshotItem{ + Item: &snapshottypes.SnapshotItem_IAVL{ + IAVL: &snapshottypes.SnapshotIAVLItem{ + Key: node.Key, + Value: node.Value, + Height: int32(node.Height), + Version: node.Version, +}, +}, +}) + if err != nil { + return err +} + +nodeCount++ +} + +return nil +}() + if err != nil { + return err +} + +} + +return nil +} + +// Restore implements snapshottypes.Snapshotter. +// returns next snapshot item and error. +func (rs *Store) + +Restore( + height uint64, format uint32, protoReader protoio.Reader, +) (snapshottypes.SnapshotItem, error) { + // Import nodes into stores. The first item is expected to be a SnapshotItem containing + // a SnapshotStoreItem, telling us which store to import into. The following items will contain + // SnapshotNodeItem (i.e. ExportNode) + +until we reach the next SnapshotStoreItem or EOF. + var importer *iavltree.Importer + var snapshotItem snapshottypes.SnapshotItem +loop: + for { + snapshotItem = snapshottypes.SnapshotItem{ +} + err := protoReader.ReadMsg(&snapshotItem) + if errors.Is(err, io.EOF) { + break +} + +else if err != nil { + return snapshottypes.SnapshotItem{ +}, errorsmod.Wrap(err, "invalid protobuf message") +} + switch item := snapshotItem.Item.(type) { + case *snapshottypes.SnapshotItem_Store: + if importer != nil { + err = importer.Commit() + if err != nil { + return snapshottypes.SnapshotItem{ +}, errorsmod.Wrap(err, "IAVL commit failed") +} + +importer.Close() +} + +store, ok := rs.GetStoreByName(item.Store.Name).(*iavl.Store) + if !ok || store == nil { + return snapshottypes.SnapshotItem{ +}, errorsmod.Wrapf(types.ErrLogic, "cannot import into non-IAVL store %q", item.Store.Name) +} + +importer, err = store.Import(int64(height)) + if err != nil { + return snapshottypes.SnapshotItem{ +}, errorsmod.Wrap(err, "import failed") +} + +defer importer.Close() + // Importer height must reflect the node height (which usually matches the block height, but not always) + +rs.logger.Debug("restoring snapshot", "store", item.Store.Name) + case *snapshottypes.SnapshotItem_IAVL: + if importer == nil { + rs.logger.Error("failed to restore; received IAVL node item before store item") + +return snapshottypes.SnapshotItem{ +}, errorsmod.Wrap(types.ErrLogic, "received IAVL node item before store item") +} + if item.IAVL.Height > math.MaxInt8 { + return snapshottypes.SnapshotItem{ +}, errorsmod.Wrapf(types.ErrLogic, "node height %v cannot exceed %v", + item.IAVL.Height, math.MaxInt8) +} + node := &iavltree.ExportNode{ + Key: item.IAVL.Key, + Value: item.IAVL.Value, + Height: int8(item.IAVL.Height), + Version: item.IAVL.Version, +} + // Protobuf does not differentiate between []byte{ +} + +as nil, but fortunately IAVL does + // not allow nil keys nor nil values for leaf nodes, so we can always set them to empty. + if node.Key == nil { + node.Key = []byte{ +} + +} + if node.Height == 0 && node.Value == nil { + node.Value = []byte{ +} + +} + err := importer.Add(node) + if err != nil { + return snapshottypes.SnapshotItem{ +}, errorsmod.Wrap(err, "IAVL node import failed") +} + +default: + break loop +} + +} + if importer != nil { + err := importer.Commit() + if err != nil { + return snapshottypes.SnapshotItem{ +}, errorsmod.Wrap(err, "IAVL commit failed") +} + +importer.Close() +} + +rs.flushMetadata(rs.db, int64(height), rs.buildCommitInfo(int64(height))) + +return snapshotItem, rs.LoadLatestVersion() +} + +func (rs *Store) + +loadCommitStoreFromParams(key types.StoreKey, id types.CommitID, params storeParams) (types.CommitKVStore, error) { + var db dbm.DB + if params.db != nil { + db = dbm.NewPrefixDB(params.db, []byte("s/_/")) +} + +else { + prefix := "s/k:" + params.key.Name() + "/" + db = dbm.NewPrefixDB(rs.db, []byte(prefix)) +} + switch params.typ { + case types.StoreTypeMulti: + panic("recursive MultiStores not yet supported") + case types.StoreTypeIAVL: + store, err := iavl.LoadStoreWithOpts(db, rs.logger, key, id, params.initialVersion, rs.iavlCacheSize, rs.iavlDisableFastNode, rs.metrics, iavltree.AsyncPruningOption(!rs.iavlSyncPruning)) + if err != nil { + return nil, err +} + if rs.interBlockCache != nil { + // Wrap and get a CommitKVStore with inter-block caching. Note, this should + // only wrap the primary CommitKVStore, not any store that is already + // branched as that will create unexpected behavior. + store = rs.interBlockCache.GetStoreCache(key, store) +} + +return store, err + case types.StoreTypeDB: + return commitDBStoreAdapter{ + Store: dbadapter.Store{ + DB: db +}}, nil + case types.StoreTypeTransient: + _, ok := key.(*types.TransientStoreKey) + if !ok { + return nil, fmt.Errorf("invalid StoreKey for StoreTypeTransient: %s", key.String()) +} + +return transient.NewStore(), nil + case types.StoreTypeMemory: + if _, ok := key.(*types.MemoryStoreKey); !ok { + return nil, fmt.Errorf("unexpected key type for a MemoryStoreKey; got: %s", key.String()) +} + +return mem.NewStore(), nil + + default: + panic(fmt.Sprintf("unrecognized store type %v", params.typ)) +} +} + +func (rs *Store) + +buildCommitInfo(version int64) *types.CommitInfo { + keys := keysFromStoreKeyMap(rs.stores) + storeInfos := []types.StoreInfo{ +} + for _, key := range keys { + store := rs.stores[key] + storeType := store.GetStoreType() + if storeType == types.StoreTypeTransient || storeType == types.StoreTypeMemory { + continue +} + +storeInfos = append(storeInfos, types.StoreInfo{ + Name: key.Name(), + CommitId: store.LastCommitID(), +}) +} + +return &types.CommitInfo{ + Version: version, + StoreInfos: storeInfos, +} +} + +// RollbackToVersion delete the versions after `target` and update the latest version. +func (rs *Store) + +RollbackToVersion(target int64) + +error { + if target <= 0 { + return fmt.Errorf("invalid rollback height target: %d", target) +} + for key, store := range rs.stores { + if store.GetStoreType() == types.StoreTypeIAVL { + // If the store is wrapped with an inter-block cache, we must first unwrap + // it to get the underlying IAVL store. + store = rs.GetCommitKVStore(key) + err := store.(*iavl.Store).LoadVersionForOverwriting(target) + if err != nil { + return err +} + +} + +} + +rs.flushMetadata(rs.db, target, rs.buildCommitInfo(target)) + +return rs.LoadLatestVersion() +} + +// SetCommitHeader sets the commit block header of the store. +func (rs *Store) + +SetCommitHeader(h cmtproto.Header) { + rs.commitHeader = h +} + +// GetCommitInfo attempts to retrieve CommitInfo for a given version/height. It +// will return an error if no CommitInfo exists, we fail to unmarshal the record +// or if we cannot retrieve the object from the DB. +func (rs *Store) + +GetCommitInfo(ver int64) (*types.CommitInfo, error) { + cInfoKey := fmt.Sprintf(commitInfoKeyFmt, ver) + +bz, err := rs.db.Get([]byte(cInfoKey)) + if err != nil { + return nil, errorsmod.Wrap(err, "failed to get commit info") +} + +else if bz == nil { + return nil, errors.New("no commit info found") +} + cInfo := &types.CommitInfo{ +} + if err = cInfo.Unmarshal(bz); err != nil { + return nil, errorsmod.Wrap(err, "failed unmarshal commit info") +} + +return cInfo, nil +} + +func (rs *Store) + +flushMetadata(db dbm.DB, version int64, cInfo *types.CommitInfo) { + rs.logger.Debug("flushing metadata", "height", version) + batch := db.NewBatch() + +defer func() { + _ = batch.Close() +}() + if cInfo != nil { + flushCommitInfo(batch, version, cInfo) +} + +else { + rs.logger.Debug("commitInfo is nil, not flushed", "height", version) +} + +flushLatestVersion(batch, version) + if err := batch.WriteSync(); err != nil { + panic(fmt.Errorf("error on batch write %w", err)) +} + +rs.logger.Debug("flushing metadata finished", "height", version) +} + +type storeParams struct { + key types.StoreKey + db dbm.DB + typ types.StoreType + initialVersion uint64 +} + +func newStoreParams(key types.StoreKey, db dbm.DB, typ types.StoreType, initialVersion uint64) + +storeParams { + return storeParams{ + key: key, + db: db, + typ: typ, + initialVersion: initialVersion, +} +} + +func GetLatestVersion(db dbm.DB) + +int64 { + bz, err := db.Get([]byte(latestVersionKey)) + if err != nil { + panic(err) +} + +else if bz == nil { + return 0 +} + +var latestVersion int64 + if err := gogotypes.StdInt64Unmarshal(&latestVersion, bz); err != nil { + panic(err) +} + +return latestVersion +} + +// Commits each store and returns a new commitInfo. +func commitStores(version int64, storeMap map[types.StoreKey]types.CommitKVStore, removalMap map[types.StoreKey]bool) *types.CommitInfo { + storeInfos := make([]types.StoreInfo, 0, len(storeMap)) + storeKeys := keysFromStoreKeyMap(storeMap) + for _, key := range storeKeys { + store := storeMap[key] + last := store.LastCommitID() + + // If a commit event execution is interrupted, a new iavl store's version + // will be larger than the RMS's metadata, when the block is replayed, we + // should avoid committing that iavl store again. + var commitID types.CommitID + if last.Version >= version { + last.Version = version + commitID = last +} + +else { + commitID = store.Commit() +} + storeType := store.GetStoreType() + if storeType == types.StoreTypeTransient || storeType == types.StoreTypeMemory { + continue +} + if !removalMap[key] { + si := types.StoreInfo{ +} + +si.Name = key.Name() + +si.CommitId = commitID + storeInfos = append(storeInfos, si) +} + +} + +sort.SliceStable(storeInfos, func(i, j int) + +bool { + return strings.Compare(storeInfos[i].Name, storeInfos[j].Name) < 0 +}) + +return &types.CommitInfo{ + Version: version, + StoreInfos: storeInfos, +} +} + +func flushCommitInfo(batch dbm.Batch, version int64, cInfo *types.CommitInfo) { + bz, err := cInfo.Marshal() + if err != nil { + panic(err) +} + cInfoKey := fmt.Sprintf(commitInfoKeyFmt, version) + +err = batch.Set([]byte(cInfoKey), bz) + if err != nil { + panic(err) +} +} + +func flushLatestVersion(batch dbm.Batch, version int64) { + bz, err := gogotypes.StdInt64Marshal(version) + if err != nil { + panic(err) +} + +err = batch.Set([]byte(latestVersionKey), bz) + if err != nil { + panic(err) +} +} +``` + +The `rootMulti.Store` is a base-layer multistore built around a `db` on top of which multiple `KVStores` can be mounted, and is the default multistore store used in [`baseapp`](/docs/sdk/vnext/learn/advanced/baseapp). + +### CacheMultiStore + +Whenever the `rootMulti.Store` needs to be branched, a [`cachemulti.Store`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/cachemulti/store.go) is used. + +```go expandable +package cachemulti + +import ( + + "fmt" + "io" + "maps" + + dbm "github.com/cosmos/cosmos-db" + "cosmossdk.io/store/cachekv" + "cosmossdk.io/store/dbadapter" + "cosmossdk.io/store/tracekv" + "cosmossdk.io/store/types" +) + +// storeNameCtxKey is the TraceContext metadata key that identifies +// the store which emitted a given trace. +const storeNameCtxKey = "store_name" + +//---------------------------------------- +// Store + +// Store holds many branched stores. +// Implements MultiStore. +// NOTE: a Store (and MultiStores in general) + +should never expose the +// keys for the substores. +type Store struct { + db types.CacheKVStore + stores map[types.StoreKey]types.CacheWrap + keys map[string]types.StoreKey + + traceWriter io.Writer + traceContext types.TraceContext +} + +var _ types.CacheMultiStore = Store{ +} + +// NewFromKVStore creates a new Store object from a mapping of store keys to +// CacheWrapper objects and a KVStore as the database. Each CacheWrapper store +// is a branched store. +func NewFromKVStore( + store types.KVStore, stores map[types.StoreKey]types.CacheWrapper, + keys map[string]types.StoreKey, traceWriter io.Writer, traceContext types.TraceContext, +) + +Store { + cms := Store{ + db: cachekv.NewStore(store), + stores: make(map[types.StoreKey]types.CacheWrap, len(stores)), + keys: keys, + traceWriter: traceWriter, + traceContext: traceContext, +} + for key, store := range stores { + if cms.TracingEnabled() { + tctx := cms.traceContext.Clone().Merge(types.TraceContext{ + storeNameCtxKey: key.Name(), +}) + +store = tracekv.NewStore(store.(types.KVStore), cms.traceWriter, tctx) +} + +cms.stores[key] = cachekv.NewStore(store.(types.KVStore)) +} + +return cms +} + +// NewStore creates a new Store object from a mapping of store keys to +// CacheWrapper objects. Each CacheWrapper store is a branched store. +func NewStore( + db dbm.DB, stores map[types.StoreKey]types.CacheWrapper, keys map[string]types.StoreKey, + traceWriter io.Writer, traceContext types.TraceContext, +) + +Store { + return NewFromKVStore(dbadapter.Store{ + DB: db +}, stores, keys, traceWriter, traceContext) +} + +func newCacheMultiStoreFromCMS(cms Store) + +Store { + stores := make(map[types.StoreKey]types.CacheWrapper) + for k, v := range cms.stores { + stores[k] = v +} + +return NewFromKVStore(cms.db, stores, nil, cms.traceWriter, cms.traceContext) +} + +// SetTracer sets the tracer for the MultiStore that the underlying +// stores will utilize to trace operations. A MultiStore is returned. +func (cms Store) + +SetTracer(w io.Writer) + +types.MultiStore { + cms.traceWriter = w + return cms +} + +// SetTracingContext updates the tracing context for the MultiStore by merging +// the given context with the existing context by key. Any existing keys will +// be overwritten. It is implied that the caller should update the context when +// necessary between tracing operations. It returns a modified MultiStore. +func (cms Store) + +SetTracingContext(tc types.TraceContext) + +types.MultiStore { + if cms.traceContext != nil { + maps.Copy(cms.traceContext, tc) +} + +else { + cms.traceContext = tc +} + +return cms +} + +// TracingEnabled returns if tracing is enabled for the MultiStore. +func (cms Store) + +TracingEnabled() + +bool { + return cms.traceWriter != nil +} + +// LatestVersion returns the branch version of the store +func (cms Store) + +LatestVersion() + +int64 { + panic("cannot get latest version from branch cached multi-store") +} + +// GetStoreType returns the type of the store. +func (cms Store) + +GetStoreType() + +types.StoreType { + return types.StoreTypeMulti +} + +// Write calls Write on each underlying store. +func (cms Store) + +Write() { + cms.db.Write() + for _, store := range cms.stores { + store.Write() +} +} + +// Implements CacheWrapper. +func (cms Store) + +CacheWrap() + +types.CacheWrap { + return cms.CacheMultiStore().(types.CacheWrap) +} + +// CacheWrapWithTrace implements the CacheWrapper interface. +func (cms Store) + +CacheWrapWithTrace(_ io.Writer, _ types.TraceContext) + +types.CacheWrap { + return cms.CacheWrap() +} + +// Implements MultiStore. +func (cms Store) + +CacheMultiStore() + +types.CacheMultiStore { + return newCacheMultiStoreFromCMS(cms) +} + +// CacheMultiStoreWithVersion implements the MultiStore interface. It will panic +// as an already cached multi-store cannot load previous versions. +// +// TODO: The store implementation can possibly be modified to support this as it +// seems safe to load previous versions (heights). +func (cms Store) + +CacheMultiStoreWithVersion(_ int64) (types.CacheMultiStore, error) { + panic("cannot branch cached multi-store with a version") +} + +// GetStore returns an underlying Store by key. +func (cms Store) + +GetStore(key types.StoreKey) + +types.Store { + s := cms.stores[key] + if key == nil || s == nil { + panic(fmt.Sprintf("kv store with key %v has not been registered in stores", key)) +} + +return s.(types.Store) +} + +// GetKVStore returns an underlying KVStore by key. +func (cms Store) + +GetKVStore(key types.StoreKey) + +types.KVStore { + store := cms.stores[key] + if key == nil || store == nil { + panic(fmt.Sprintf("kv store with key %v has not been registered in stores", key)) +} + +return store.(types.KVStore) +} +``` + +`cachemulti.Store` branches all substores (creates a virtual store for each substore) in its constructor and hold them in `Store.stores`. Moreover caches all read queries. `Store.GetKVStore()` returns the store from `Store.stores`, and `Store.Write()` recursively calls `CacheWrap.Write()` on all the substores. + +## Base-layer KVStores + +### `KVStore` and `CommitKVStore` Interfaces + +A `KVStore` is a simple key-value store used to store and retrieve data. A `CommitKVStore` is a `KVStore` that also implements a `Committer`. By default, stores mounted in `baseapp`'s main `CommitMultiStore` are `CommitKVStore`s. The `KVStore` interface is primarily used to restrict modules from accessing the committer. + +Individual `KVStore`s are used by modules to manage a subset of the global state. `KVStores` can be accessed by objects that hold a specific key. This `key` should only be exposed to the [`keeper`](/docs/sdk/vnext/build/building-modules/keeper) of the module that defines the store. + +`CommitKVStore`s are declared by proxy of their respective `key` and mounted on the application's [multistore](#multistore) in the [main application file](/docs/sdk/vnext/learn/beginner/app-anatomy#core-application-file). In the same file, the `key` is also passed to the module's `keeper` that is responsible for managing the store. + +```go expandable +package types + +import ( + + "fmt" + "io" + "maps" + "slices" + "github.com/cometbft/cometbft/proto/tendermint/crypto" + dbm "github.com/cosmos/cosmos-db" + "cosmossdk.io/store/metrics" + pruningtypes "cosmossdk.io/store/pruning/types" + snapshottypes "cosmossdk.io/store/snapshots/types" +) + +type Store interface { + GetStoreType() + +StoreType + CacheWrapper +} + +// something that can persist to disk +type Committer interface { + Commit() + +CommitID + LastCommitID() + +CommitID + + // WorkingHash returns the hash of the KVStore's state before commit. + WorkingHash() []byte + + SetPruning(pruningtypes.PruningOptions) + +GetPruning() + +pruningtypes.PruningOptions +} + +// Stores of MultiStore must implement CommitStore. +type CommitStore interface { + Committer + Store +} + +// Queryable allows a Store to expose internal state to the abci.Query +// interface. Multistore can route requests to the proper Store. +// +// This is an optional, but useful extension to any CommitStore +type Queryable interface { + Query(*RequestQuery) (*ResponseQuery, error) +} + +type RequestQuery struct { + Data []byte + Path string + Height int64 + Prove bool +} + +type ResponseQuery struct { + Code uint32 + Log string + Info string + Index int64 + Key []byte + Value []byte + ProofOps *crypto.ProofOps + Height int64 + Codespace string +} + +//---------------------------------------- +// MultiStore + +// StoreUpgrades defines a series of transformations to apply the multistore db upon load +type StoreUpgrades struct { + Added []string `json:"added"` + Renamed []StoreRename `json:"renamed"` + Deleted []string `json:"deleted"` +} + +// StoreRename defines a name change of a sub-store. +// All data previously under a PrefixStore with OldKey will be copied +// to a PrefixStore with NewKey, then deleted from OldKey store. +type StoreRename struct { + OldKey string `json:"old_key"` + NewKey string `json:"new_key"` +} + +// IsAdded returns true if the given key should be added +func (s *StoreUpgrades) + +IsAdded(key string) + +bool { + if s == nil { + return false +} + +return slices.Contains(s.Added, key) +} + +// IsDeleted returns true if the given key should be deleted +func (s *StoreUpgrades) + +IsDeleted(key string) + +bool { + if s == nil { + return false +} + +return slices.Contains(s.Deleted, key) +} + +// RenamedFrom returns the oldKey if it was renamed +// Returns "" if it was not renamed +func (s *StoreUpgrades) + +RenamedFrom(key string) + +string { + if s == nil { + return "" +} + for _, re := range s.Renamed { + if re.NewKey == key { + return re.OldKey +} + +} + +return "" +} + +type MultiStore interface { + Store + + // Branches MultiStore into a cached storage object. + // NOTE: Caller should probably not call .Write() + +on each, but + // call CacheMultiStore.Write(). + CacheMultiStore() + +CacheMultiStore + + // CacheMultiStoreWithVersion branches the underlying MultiStore where + // each stored is loaded at a specific version (height). + CacheMultiStoreWithVersion(version int64) (CacheMultiStore, error) + + // Convenience for fetching substores. + // If the store does not exist, panics. + GetStore(StoreKey) + +Store + GetKVStore(StoreKey) + +KVStore + + // TracingEnabled returns if tracing is enabled for the MultiStore. + TracingEnabled() + +bool + + // SetTracer sets the tracer for the MultiStore that the underlying + // stores will utilize to trace operations. The modified MultiStore is + // returned. + SetTracer(w io.Writer) + +MultiStore + + // SetTracingContext sets the tracing context for a MultiStore. It is + // implied that the caller should update the context when necessary between + // tracing operations. The modified MultiStore is returned. + SetTracingContext(TraceContext) + +MultiStore + + // LatestVersion returns the latest version in the store + LatestVersion() + +int64 +} + +// From MultiStore.CacheMultiStore().... +type CacheMultiStore interface { + MultiStore + Write() // Writes operations to underlying KVStore +} + +// CommitMultiStore is an interface for a MultiStore without cache capabilities. +type CommitMultiStore interface { + Committer + MultiStore + snapshottypes.Snapshotter + + // Mount a store of type using the given db. + // If db == nil, the new store will use the CommitMultiStore db. + MountStoreWithDB(key StoreKey, typ StoreType, db dbm.DB) + + // Panics on a nil key. + GetCommitStore(key StoreKey) + +CommitStore + + // Panics on a nil key. + GetCommitKVStore(key StoreKey) + +CommitKVStore + + // Load the latest persisted version. Called once after all calls to + // Mount*Store() + +are complete. + LoadLatestVersion() + +error + + // LoadLatestVersionAndUpgrade will load the latest version, but also + // rename/delete/create sub-store keys, before registering all the keys + // in order to handle breaking formats in migrations + LoadLatestVersionAndUpgrade(upgrades *StoreUpgrades) + +error + + // LoadVersionAndUpgrade will load the named version, but also + // rename/delete/create sub-store keys, before registering all the keys + // in order to handle breaking formats in migrations + LoadVersionAndUpgrade(ver int64, upgrades *StoreUpgrades) + +error + + // Load a specific persisted version. When you load an old version, or when + // the last commit attempt didn't complete, the next commit after loading + // must be idempotent (return the same commit id). Otherwise the behavior is + // undefined. + LoadVersion(ver int64) + +error + + // Set an inter-block (persistent) + +cache that maintains a mapping from + // StoreKeys to CommitKVStores. + SetInterBlockCache(MultiStorePersistentCache) + + // SetInitialVersion sets the initial version of the IAVL tree. It is used when + // starting a new chain at an arbitrary height. + SetInitialVersion(version int64) + +error + + // SetIAVLCacheSize sets the cache size of the IAVL tree. + SetIAVLCacheSize(size int) + + // SetIAVLDisableFastNode enables/disables fastnode feature on iavl. + SetIAVLDisableFastNode(disable bool) + + // SetIAVLSyncPruning set sync/async pruning on iavl. + // It is not recommended to use this option. + // It is here to enable the prune command to force this to true, allowing the command to wait + // for the pruning to finish before returning. + SetIAVLSyncPruning(sync bool) + + // RollbackToVersion rollback the db to specific version(height). + RollbackToVersion(version int64) + +error + + // ListeningEnabled returns if listening is enabled for the KVStore belonging the provided StoreKey + ListeningEnabled(key StoreKey) + +bool + + // AddListeners adds a listener for the KVStore belonging to the provided StoreKey + AddListeners(keys []StoreKey) + + // PopStateCache returns the accumulated state change messages from the CommitMultiStore + PopStateCache() []*StoreKVPair + + // SetMetrics sets the metrics for the KVStore + SetMetrics(metrics metrics.StoreMetrics) +} + +//---------subsp------------------------------- +// KVStore + +// BasicKVStore is a simple interface to get/set data +type BasicKVStore interface { + // Get returns nil if key doesn't exist. Panics on nil key. + Get(key []byte) []byte + + // Has checks if a key exists. Panics on nil key. + Has(key []byte) + +bool + + // Set sets the key. Panics on nil key or value. + Set(key, value []byte) + + // Delete deletes the key. Panics on nil key. + Delete(key []byte) +} + +// KVStore additionally provides iteration and deletion +type KVStore interface { + Store + BasicKVStore + + // Iterator over a domain of keys in ascending order. End is exclusive. + // Start must be less than end, or the Iterator is invalid. + // Iterator must be closed by caller. + // To iterate over entire domain, use store.Iterator(nil, nil) + // CONTRACT: No writes may happen within a domain while an iterator exists over it. + // Exceptionally allowed for cachekv.Store, safe to write in the modules. + Iterator(start, end []byte) + +Iterator + + // Iterator over a domain of keys in descending order. End is exclusive. + // Start must be less than end, or the Iterator is invalid. + // Iterator must be closed by caller. + // CONTRACT: No writes may happen within a domain while an iterator exists over it. + // Exceptionally allowed for cachekv.Store, safe to write in the modules. + ReverseIterator(start, end []byte) + +Iterator +} + +// Iterator is an alias db's Iterator for convenience. +type Iterator = dbm.Iterator + +// CacheKVStore branches a KVStore and provides read cache functionality. +// After calling .Write() + +on the CacheKVStore, all previously created +// CacheKVStores on the object expire. +type CacheKVStore interface { + KVStore + + // Writes operations to underlying KVStore + Write() +} + +// CommitKVStore is an interface for MultiStore. +type CommitKVStore interface { + Committer + KVStore +} + +//---------------------------------------- +// CacheWrap + +// CacheWrap is the most appropriate interface for store ephemeral branching and cache. +// For example, IAVLStore.CacheWrap() + +returns a CacheKVStore. CacheWrap should not return +// a Committer, since Commit ephemeral store make no sense. It can return KVStore, +// HeapStore, SpaceStore, etc. +type CacheWrap interface { + // Write syncs with the underlying store. + Write() + + // CacheWrap recursively wraps again. + CacheWrap() + +CacheWrap + + // CacheWrapWithTrace recursively wraps again with tracing enabled. + CacheWrapWithTrace(w io.Writer, tc TraceContext) + +CacheWrap +} + +type CacheWrapper interface { + // CacheWrap branches a store. + CacheWrap() + +CacheWrap + + // CacheWrapWithTrace branches a store with tracing enabled. + CacheWrapWithTrace(w io.Writer, tc TraceContext) + +CacheWrap +} + +func (cid CommitID) + +IsZero() + +bool { + return cid.Version == 0 && len(cid.Hash) == 0 +} + +func (cid CommitID) + +String() + +string { + return fmt.Sprintf("CommitID{%v:%X +}", cid.Hash, cid.Version) +} + +//---------------------------------------- +// Store types + +// kind of store +type StoreType int + +const ( + StoreTypeMulti StoreType = iota + StoreTypeDB + StoreTypeIAVL + StoreTypeTransient + StoreTypeMemory + StoreTypeSMT + StoreTypePersistent +) + +func (st StoreType) + +String() + +string { + switch st { + case StoreTypeMulti: + return "StoreTypeMulti" + case StoreTypeDB: + return "StoreTypeDB" + case StoreTypeIAVL: + return "StoreTypeIAVL" + case StoreTypeTransient: + return "StoreTypeTransient" + case StoreTypeMemory: + return "StoreTypeMemory" + case StoreTypeSMT: + return "StoreTypeSMT" + case StoreTypePersistent: + return "StoreTypePersistent" +} + +return "unknown store type" +} + +//---------------------------------------- +// Keys for accessing substores + +// StoreKey is a key used to index stores in a MultiStore. +type StoreKey interface { + Name() + +string + String() + +string +} + +// CapabilityKey represent the Cosmos SDK keys for object-capability +// generation in the IBC protocol as defined in https://github.com/cosmos/ibc/tree/master/spec/core/ics-005-port-allocation#data-structures +type CapabilityKey StoreKey + +// KVStoreKey is used for accessing substores. +// Only the pointer value should ever be used - it functions as a capabilities key. +type KVStoreKey struct { + name string +} + +// NewKVStoreKey returns a new pointer to a KVStoreKey. +// Use a pointer so keys don't collide. +func NewKVStoreKey(name string) *KVStoreKey { + if name == "" { + panic("empty key name not allowed") +} + +return &KVStoreKey{ + name: name, +} +} + +// NewKVStoreKeys returns a map of new pointers to KVStoreKey's. +// The function will panic if there is a potential conflict in names (see `assertNoPrefix` +// function for more details). +func NewKVStoreKeys(names ...string) + +map[string]*KVStoreKey { + assertNoCommonPrefix(names) + keys := make(map[string]*KVStoreKey, len(names)) + for _, n := range names { + keys[n] = NewKVStoreKey(n) +} + +return keys +} + +func (key *KVStoreKey) + +Name() + +string { + return key.name +} + +func (key *KVStoreKey) + +String() + +string { + return fmt.Sprintf("KVStoreKey{%p, %s +}", key, key.name) +} + +// TransientStoreKey is used for indexing transient stores in a MultiStore +type TransientStoreKey struct { + name string +} + +// Constructs new TransientStoreKey +// Must return a pointer according to the ocap principle +func NewTransientStoreKey(name string) *TransientStoreKey { + return &TransientStoreKey{ + name: name, +} +} + +// Implements StoreKey +func (key *TransientStoreKey) + +Name() + +string { + return key.name +} + +// Implements StoreKey +func (key *TransientStoreKey) + +String() + +string { + return fmt.Sprintf("TransientStoreKey{%p, %s +}", key, key.name) +} + +// MemoryStoreKey defines a typed key to be used with an in-memory KVStore. +type MemoryStoreKey struct { + name string +} + +func NewMemoryStoreKey(name string) *MemoryStoreKey { + return &MemoryStoreKey{ + name: name +} +} + +// Name returns the name of the MemoryStoreKey. +func (key *MemoryStoreKey) + +Name() + +string { + return key.name +} + +// String returns a stringified representation of the MemoryStoreKey. +func (key *MemoryStoreKey) + +String() + +string { + return fmt.Sprintf("MemoryStoreKey{%p, %s +}", key, key.name) +} + +//---------------------------------------- + +// TraceContext contains TraceKVStore context data. It will be written with +// every trace operation. +type TraceContext map[string]interface{ +} + +// Clone clones tc into another instance of TraceContext. +func (tc TraceContext) + +Clone() + +TraceContext { + ret := TraceContext{ +} + +maps.Copy(ret, tc) + +return ret +} + +// Merge merges value of newTc into tc. +func (tc TraceContext) + +Merge(newTc TraceContext) + +TraceContext { + if tc == nil { + tc = TraceContext{ +} + +} + +maps.Copy(tc, newTc) + +return tc +} + +// MultiStorePersistentCache defines an interface which provides inter-block +// (persistent) + +caching capabilities for multiple CommitKVStores based on StoreKeys. +type MultiStorePersistentCache interface { + // Wrap and return the provided CommitKVStore with an inter-block (persistent) + // cache. + GetStoreCache(key StoreKey, store CommitKVStore) + +CommitKVStore + + // Return the underlying CommitKVStore for a StoreKey. + Unwrap(key StoreKey) + +CommitKVStore + + // Reset the entire set of internal caches. + Reset() +} + +// StoreWithInitialVersion is a store that can have an arbitrary initial +// version. +type StoreWithInitialVersion interface { + // SetInitialVersion sets the initial version of the IAVL tree. It is used when + // starting a new chain at an arbitrary height. + SetInitialVersion(version int64) +} + +// NewTransientStoreKeys constructs a new map of TransientStoreKey's +// Must return pointers according to the ocap principle +// The function will panic if there is a potential conflict in names +// see `assertNoCommonPrefix` function for more details. +func NewTransientStoreKeys(names ...string) + +map[string]*TransientStoreKey { + assertNoCommonPrefix(names) + keys := make(map[string]*TransientStoreKey) + for _, n := range names { + keys[n] = NewTransientStoreKey(n) +} + +return keys +} + +// NewMemoryStoreKeys constructs a new map matching store key names to their +// respective MemoryStoreKey references. +// The function will panic if there is a potential conflict in names (see `assertNoPrefix` +// function for more details). +func NewMemoryStoreKeys(names ...string) + +map[string]*MemoryStoreKey { + assertNoCommonPrefix(names) + keys := make(map[string]*MemoryStoreKey) + for _, n := range names { + keys[n] = NewMemoryStoreKey(n) +} + +return keys +} +``` + +Apart from the traditional `Get` and `Set` methods, that a `KVStore` must implement via the `BasicKVStore` interface; a `KVStore` must provide an `Iterator(start, end)` method which returns an `Iterator` object. It is used to iterate over a range of keys, typically keys that share a common prefix. Below is an example from the bank's module keeper, used to iterate over all account balances: + +```go expandable +package keeper + +import ( + + "context" + "fmt" + "cosmossdk.io/collections" + "cosmossdk.io/collections/indexes" + "cosmossdk.io/core/store" + errorsmod "cosmossdk.io/errors" + "cosmossdk.io/log" + "cosmossdk.io/math" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/cosmos/cosmos-sdk/x/bank/types" +) + +var _ ViewKeeper = (*BaseViewKeeper)(nil) + +// ViewKeeper defines a module interface that facilitates read only access to +// account balances. +type ViewKeeper interface { + ValidateBalance(ctx context.Context, addr sdk.AccAddress) + +error + HasBalance(ctx context.Context, addr sdk.AccAddress, amt sdk.Coin) + +bool + + GetAllBalances(ctx context.Context, addr sdk.AccAddress) + +sdk.Coins + GetAccountsBalances(ctx context.Context) []types.Balance + GetBalance(ctx context.Context, addr sdk.AccAddress, denom string) + +sdk.Coin + LockedCoins(ctx context.Context, addr sdk.AccAddress) + +sdk.Coins + SpendableCoins(ctx context.Context, addr sdk.AccAddress) + +sdk.Coins + SpendableCoin(ctx context.Context, addr sdk.AccAddress, denom string) + +sdk.Coin + + IterateAccountBalances(ctx context.Context, addr sdk.AccAddress, cb func(coin sdk.Coin) (stop bool)) + +IterateAllBalances(ctx context.Context, cb func(address sdk.AccAddress, coin sdk.Coin) (stop bool)) +} + +func newBalancesIndexes(sb *collections.SchemaBuilder) + +BalancesIndexes { + return BalancesIndexes{ + Denom: indexes.NewReversePair[math.Int]( + sb, types.DenomAddressPrefix, "address_by_denom_index", + collections.PairKeyCodec(sdk.LengthPrefixedAddressKey(sdk.AccAddressKey), collections.StringKey), // nolint:staticcheck // Note: refer to the LengthPrefixedAddressKey docs to understand why we do this. + indexes.WithReversePairUncheckedValue(), // denom to address indexes were stored as Key: Join(denom, address) + +Value: []byte{0 +}, this will migrate the value to []byte{ +} + +in a lazy way. + ), +} +} + +type BalancesIndexes struct { + Denom *indexes.ReversePair[sdk.AccAddress, string, math.Int] +} + +func (b BalancesIndexes) + +IndexesList() []collections.Index[collections.Pair[sdk.AccAddress, string], math.Int] { + return []collections.Index[collections.Pair[sdk.AccAddress, string], math.Int]{ + b.Denom +} +} + +// BaseViewKeeper implements a read only keeper implementation of ViewKeeper. +type BaseViewKeeper struct { + cdc codec.BinaryCodec + storeService store.KVStoreService + ak types.AccountKeeper + logger log.Logger + + Schema collections.Schema + Supply collections.Map[string, math.Int] + DenomMetadata collections.Map[string, types.Metadata] + SendEnabled collections.Map[string, bool] + Balances *collections.IndexedMap[collections.Pair[sdk.AccAddress, string], math.Int, BalancesIndexes] + Params collections.Item[types.Params] +} + +// NewBaseViewKeeper returns a new BaseViewKeeper. +func NewBaseViewKeeper(cdc codec.BinaryCodec, storeService store.KVStoreService, ak types.AccountKeeper, logger log.Logger) + +BaseViewKeeper { + sb := collections.NewSchemaBuilder(storeService) + k := BaseViewKeeper{ + cdc: cdc, + storeService: storeService, + ak: ak, + logger: logger, + Supply: collections.NewMap(sb, types.SupplyKey, "supply", collections.StringKey, sdk.IntValue), + DenomMetadata: collections.NewMap(sb, types.DenomMetadataPrefix, "denom_metadata", collections.StringKey, codec.CollValue[types.Metadata](cdc)), + SendEnabled: collections.NewMap(sb, types.SendEnabledPrefix, "send_enabled", collections.StringKey, codec.BoolValue), // NOTE: we use a bool value which uses protobuf to retain state backwards compat + Balances: collections.NewIndexedMap(sb, types.BalancesPrefix, "balances", collections.PairKeyCodec(sdk.AccAddressKey, collections.StringKey), types.BalanceValueCodec, newBalancesIndexes(sb)), + Params: collections.NewItem(sb, types.ParamsKey, "params", codec.CollValue[types.Params](cdc)), +} + +schema, err := sb.Build() + if err != nil { + panic(err) +} + +k.Schema = schema + return k +} + +// HasBalance returns whether or not an account has at least amt balance. +func (k BaseViewKeeper) + +HasBalance(ctx context.Context, addr sdk.AccAddress, amt sdk.Coin) + +bool { + return k.GetBalance(ctx, addr, amt.Denom).IsGTE(amt) +} + +// Logger returns a module-specific logger. +func (k BaseViewKeeper) + +Logger() + +log.Logger { + return k.logger +} + +// GetAllBalances returns all the account balances for the given account address. +func (k BaseViewKeeper) + +GetAllBalances(ctx context.Context, addr sdk.AccAddress) + +sdk.Coins { + balances := sdk.NewCoins() + +k.IterateAccountBalances(ctx, addr, func(balance sdk.Coin) + +bool { + balances = balances.Add(balance) + +return false +}) + +return balances.Sort() +} + +// GetAccountsBalances returns all the accounts balances from the store. +func (k BaseViewKeeper) + +GetAccountsBalances(ctx context.Context) []types.Balance { + balances := make([]types.Balance, 0) + mapAddressToBalancesIdx := make(map[string]int) + +k.IterateAllBalances(ctx, func(addr sdk.AccAddress, balance sdk.Coin) + +bool { + idx, ok := mapAddressToBalancesIdx[addr.String()] + if ok { + // address is already on the set of accounts balances + balances[idx].Coins = balances[idx].Coins.Add(balance) + +balances[idx].Coins.Sort() + +return false +} + accountBalance := types.Balance{ + Address: addr.String(), + Coins: sdk.NewCoins(balance), +} + +balances = append(balances, accountBalance) + +mapAddressToBalancesIdx[addr.String()] = len(balances) - 1 + return false +}) + +return balances +} + +// GetBalance returns the balance of a specific denomination for a given account +// by address. +func (k BaseViewKeeper) + +GetBalance(ctx context.Context, addr sdk.AccAddress, denom string) + +sdk.Coin { + amt, err := k.Balances.Get(ctx, collections.Join(addr, denom)) + if err != nil { + return sdk.NewCoin(denom, math.ZeroInt()) +} + +return sdk.NewCoin(denom, amt) +} + +// IterateAccountBalances iterates over the balances of a single account and +// provides the token balance to a callback. If true is returned from the +// callback, iteration is halted. +func (k BaseViewKeeper) + +IterateAccountBalances(ctx context.Context, addr sdk.AccAddress, cb func(sdk.Coin) + +bool) { + err := k.Balances.Walk(ctx, collections.NewPrefixedPairRange[sdk.AccAddress, string](addr), func(key collections.Pair[sdk.AccAddress, string], value math.Int) (stop bool, err error) { + return cb(sdk.NewCoin(key.K2(), value)), nil +}) + if err != nil { + panic(err) +} +} + +// IterateAllBalances iterates over all the balances of all accounts and +// denominations that are provided to a callback. If true is returned from the +// callback, iteration is halted. +func (k BaseViewKeeper) + +IterateAllBalances(ctx context.Context, cb func(sdk.AccAddress, sdk.Coin) + +bool) { + err := k.Balances.Walk(ctx, nil, func(key collections.Pair[sdk.AccAddress, string], value math.Int) (stop bool, err error) { + return cb(key.K1(), sdk.NewCoin(key.K2(), value)), nil +}) + if err != nil { + panic(err) +} +} + +// LockedCoins returns all the coins that are not spendable (i.e. locked) + for an +// account by address. For standard accounts, the result will always be no coins. +// For vesting accounts, LockedCoins is delegated to the concrete vesting account +// type. +func (k BaseViewKeeper) + +LockedCoins(ctx context.Context, addr sdk.AccAddress) + +sdk.Coins { + acc := k.ak.GetAccount(ctx, addr) + if acc != nil { + vacc, ok := acc.(types.VestingAccount) + if ok { + sdkCtx := sdk.UnwrapSDKContext(ctx) + +return vacc.LockedCoins(sdkCtx.BlockTime()) +} + +} + +return sdk.NewCoins() +} + +// SpendableCoins returns the total balances of spendable coins for an account +// by address. If the account has no spendable coins, an empty Coins slice is +// returned. +func (k BaseViewKeeper) + +SpendableCoins(ctx context.Context, addr sdk.AccAddress) + +sdk.Coins { + spendable, _ := k.spendableCoins(ctx, addr) + +return spendable +} + +// SpendableCoin returns the balance of specific denomination of spendable coins +// for an account by address. If the account has no spendable coin, a zero Coin +// is returned. +func (k BaseViewKeeper) + +SpendableCoin(ctx context.Context, addr sdk.AccAddress, denom string) + +sdk.Coin { + balance := k.GetBalance(ctx, addr, denom) + locked := k.LockedCoins(ctx, addr) + +return balance.SubAmount(locked.AmountOf(denom)) +} + +// spendableCoins returns the coins the given address can spend alongside the total amount of coins it holds. +// It exists for gas efficiency, in order to avoid to have to get balance multiple times. +func (k BaseViewKeeper) + +spendableCoins(ctx context.Context, addr sdk.AccAddress) (spendable, total sdk.Coins) { + total = k.GetAllBalances(ctx, addr) + locked := k.LockedCoins(ctx, addr) + +spendable, hasNeg := total.SafeSub(locked...) + if hasNeg { + spendable = sdk.NewCoins() + +return +} + +return +} + +// ValidateBalance validates all balances for a given account address returning +// an error if any balance is invalid. It will check for vesting account types +// and validate the balances against the original vesting balances. +// +// CONTRACT: ValidateBalance should only be called upon genesis state. In the +// case of vesting accounts, balances may change in a valid manner that would +// otherwise yield an error from this call. +func (k BaseViewKeeper) + +ValidateBalance(ctx context.Context, addr sdk.AccAddress) + +error { + acc := k.ak.GetAccount(ctx, addr) + if acc == nil { + return errorsmod.Wrapf(sdkerrors.ErrUnknownAddress, "account %s does not exist", addr) +} + balances := k.GetAllBalances(ctx, addr) + if !balances.IsValid() { + return fmt.Errorf("account balance of %s is invalid", balances) +} + +vacc, ok := acc.(types.VestingAccount) + if ok { + ogv := vacc.GetOriginalVesting() + if ogv.IsAnyGT(balances) { + return fmt.Errorf("vesting amount %s cannot be greater than total amount %s", ogv, balances) +} + +} + +return nil +} +``` + +### `IAVL` Store + +The default implementation of `KVStore` and `CommitKVStore` used in `baseapp` is the `iavl.Store`. + +```go expandable +package iavl + +import ( + + "errors" + "fmt" + "io" + + cmtprotocrypto "github.com/cometbft/cometbft/proto/tendermint/crypto" + dbm "github.com/cosmos/cosmos-db" + "github.com/cosmos/iavl" + ics23 "github.com/cosmos/ics23/go" + + errorsmod "cosmossdk.io/errors" + "cosmossdk.io/log" + "cosmossdk.io/store/cachekv" + "cosmossdk.io/store/internal/kv" + "cosmossdk.io/store/metrics" + pruningtypes "cosmossdk.io/store/pruning/types" + "cosmossdk.io/store/tracekv" + "cosmossdk.io/store/types" + "cosmossdk.io/store/wrapper" +) + +const ( + DefaultIAVLCacheSize = 500000 +) + +var ( + _ types.KVStore = (*Store)(nil) + _ types.CommitStore = (*Store)(nil) + _ types.CommitKVStore = (*Store)(nil) + _ types.Queryable = (*Store)(nil) + _ types.StoreWithInitialVersion = (*Store)(nil) +) + +// Store Implements types.KVStore and CommitKVStore. +type Store struct { + tree Tree + logger log.Logger + metrics metrics.StoreMetrics +} + +// LoadStore returns an IAVL Store as a CommitKVStore. Internally, it will load the +// store's version (id) + +from the provided DB. An error is returned if the version +// fails to load, or if called with a positive version on an empty tree. +func LoadStore(db dbm.DB, logger log.Logger, key types.StoreKey, id types.CommitID, cacheSize int, disableFastNode bool, metrics metrics.StoreMetrics) (types.CommitKVStore, error) { + return LoadStoreWithInitialVersion(db, logger, key, id, 0, cacheSize, disableFastNode, metrics) +} + +// LoadStoreWithInitialVersion returns an IAVL Store as a CommitKVStore setting its initialVersion +// to the one given. Internally, it will load the store's version (id) + +from the +// provided DB. An error is returned if the version fails to load, or if called with a positive +// version on an empty tree. +func LoadStoreWithInitialVersion(db dbm.DB, logger log.Logger, key types.StoreKey, id types.CommitID, initialVersion uint64, cacheSize int, disableFastNode bool, metrics metrics.StoreMetrics) (types.CommitKVStore, error) { + return LoadStoreWithOpts(db, logger, key, id, initialVersion, cacheSize, disableFastNode, metrics, iavl.AsyncPruningOption(true)) +} + +func LoadStoreWithOpts(db dbm.DB, logger log.Logger, key types.StoreKey, id types.CommitID, initialVersion uint64, cacheSize int, disableFastNode bool, metrics metrics.StoreMetrics, opts ...iavl.Option) (types.CommitKVStore, error) { + // store/v1 and app/v1 flows never require an initial version of 0 + if initialVersion == 0 { + initialVersion = 1 +} + +opts = append(opts, iavl.InitialVersionOption(initialVersion)) + tree := iavl.NewMutableTree(wrapper.NewDBWrapper(db), cacheSize, disableFastNode, logger, opts...) + +isUpgradeable, err := tree.IsUpgradeable() + if err != nil { + return nil, err +} + if isUpgradeable && logger != nil { + logger.Info( + "Upgrading IAVL storage for faster queries + execution on live state. This may take a while", + "store_key", key.String(), + "version", initialVersion, + "commit", fmt.Sprintf("%X", id), + ) +} + + _, err = tree.LoadVersion(id.Version) + if err != nil { + return nil, err +} + if logger != nil { + logger.Debug("Finished loading IAVL tree") +} + +return &Store{ + tree: tree, + logger: logger, + metrics: metrics, +}, nil +} + +// UnsafeNewStore returns a reference to a new IAVL Store with a given mutable +// IAVL tree reference. It should only be used for testing purposes. +// +// CONTRACT: The IAVL tree should be fully loaded. +// CONTRACT: PruningOptions passed in as argument must be the same as pruning options +// passed into iavl.MutableTree +func UnsafeNewStore(tree *iavl.MutableTree) *Store { + return &Store{ + tree: tree, + metrics: metrics.NewNoOpMetrics(), +} +} + +// GetImmutable returns a reference to a new store backed by an immutable IAVL +// tree at a specific version (height) + +without any pruning options. This should +// be used for querying and iteration only. If the version does not exist or has +// been pruned, an empty immutable IAVL tree will be used. +// Any mutable operations executed will result in a panic. +func (st *Store) + +GetImmutable(version int64) (*Store, error) { + if !st.VersionExists(version) { + return nil, errors.New("version mismatch on immutable IAVL tree; version does not exist. Version has either been pruned, or is for a future block height") +} + +iTree, err := st.tree.GetImmutable(version) + if err != nil { + return nil, err +} + +return &Store{ + tree: &immutableTree{ + iTree +}, + metrics: st.metrics, +}, nil +} + +// Commit commits the current store state and returns a CommitID with the new +// version and hash. +func (st *Store) + +Commit() + +types.CommitID { + defer st.metrics.MeasureSince("store", "iavl", "commit") + +hash, version, err := st.tree.SaveVersion() + if err != nil { + panic(err) +} + +return types.CommitID{ + Version: version, + Hash: hash, +} +} + +// WorkingHash returns the hash of the current working tree. +func (st *Store) + +WorkingHash() []byte { + return st.tree.WorkingHash() +} + +// LastCommitID implements Committer. +func (st *Store) + +LastCommitID() + +types.CommitID { + return types.CommitID{ + Version: st.tree.Version(), + Hash: st.tree.Hash(), +} +} + +// SetPruning panics as pruning options should be provided at initialization +// since IAVl accepts pruning options directly. +func (st *Store) + +SetPruning(_ pruningtypes.PruningOptions) { + panic("cannot set pruning options on an initialized IAVL store") +} + +// SetPruning panics as pruning options should be provided at initialization +// since IAVl accepts pruning options directly. +func (st *Store) + +GetPruning() + +pruningtypes.PruningOptions { + panic("cannot get pruning options on an initialized IAVL store") +} + +// VersionExists returns whether or not a given version is stored. +func (st *Store) + +VersionExists(version int64) + +bool { + return st.tree.VersionExists(version) +} + +// GetAllVersions returns all versions in the iavl tree +func (st *Store) + +GetAllVersions() []int { + return st.tree.AvailableVersions() +} + +// Implements Store. +func (st *Store) + +GetStoreType() + +types.StoreType { + return types.StoreTypeIAVL +} + +// Implements Store. +func (st *Store) + +CacheWrap() + +types.CacheWrap { + return cachekv.NewStore(st) +} + +// CacheWrapWithTrace implements the Store interface. +func (st *Store) + +CacheWrapWithTrace(w io.Writer, tc types.TraceContext) + +types.CacheWrap { + return cachekv.NewStore(tracekv.NewStore(st, w, tc)) +} + +// Implements types.KVStore. +func (st *Store) + +Set(key, value []byte) { + types.AssertValidKey(key) + +types.AssertValidValue(value) + _, err := st.tree.Set(key, value) + if err != nil && st.logger != nil { + st.logger.Error("iavl set error", "error", err.Error()) +} +} + +// Implements types.KVStore. +func (st *Store) + +Get(key []byte) []byte { + defer st.metrics.MeasureSince("store", "iavl", "get") + +value, err := st.tree.Get(key) + if err != nil { + panic(err) +} + +return value +} + +// Implements types.KVStore. +func (st *Store) + +Has(key []byte) (exists bool) { + defer st.metrics.MeasureSince("store", "iavl", "has") + +has, err := st.tree.Has(key) + if err != nil { + panic(err) +} + +return has +} + +// Implements types.KVStore. +func (st *Store) + +Delete(key []byte) { + defer st.metrics.MeasureSince("store", "iavl", "delete") + _, _, err := st.tree.Remove(key) + if err != nil { + panic(err) +} +} + +// DeleteVersionsTo deletes versions upto the given version from the MutableTree. An error +// is returned if any single version is invalid or the delete fails. All writes +// happen in a single batch with a single commit. +func (st *Store) + +DeleteVersionsTo(version int64) + +error { + return st.tree.DeleteVersionsTo(version) +} + +// LoadVersionForOverwriting attempts to load a tree at a previously committed +// version. Any versions greater than targetVersion will be deleted. +func (st *Store) + +LoadVersionForOverwriting(targetVersion int64) + +error { + return st.tree.LoadVersionForOverwriting(targetVersion) +} + +// Implements types.KVStore. +func (st *Store) + +Iterator(start, end []byte) + +types.Iterator { + iterator, err := st.tree.Iterator(start, end, true) + if err != nil { + panic(err) +} + +return iterator +} + +// Implements types.KVStore. +func (st *Store) + +ReverseIterator(start, end []byte) + +types.Iterator { + iterator, err := st.tree.Iterator(start, end, false) + if err != nil { + panic(err) +} + +return iterator +} + +// SetInitialVersion sets the initial version of the IAVL tree. It is used when +// starting a new chain at an arbitrary height. +func (st *Store) + +SetInitialVersion(version int64) { + st.tree.SetInitialVersion(uint64(version)) +} + +// Exports the IAVL store at the given version, returning an iavl.Exporter for the tree. +func (st *Store) + +Export(version int64) (*iavl.Exporter, error) { + istore, err := st.GetImmutable(version) + if err != nil { + return nil, errorsmod.Wrapf(err, "iavl export failed for version %v", version) +} + +tree, ok := istore.tree.(*immutableTree) + if !ok || tree == nil { + return nil, fmt.Errorf("iavl export failed: unable to fetch tree for version %v", version) +} + +return tree.Export() +} + +// Import imports an IAVL tree at the given version, returning an iavl.Importer for importing. +func (st *Store) + +Import(version int64) (*iavl.Importer, error) { + tree, ok := st.tree.(*iavl.MutableTree) + if !ok { + return nil, errors.New("iavl import failed: unable to find mutable tree") +} + +return tree.Import(version) +} + +// Handle gatest the latest height, if height is 0 +func getHeight(tree Tree, req *types.RequestQuery) + +int64 { + height := req.Height + if height == 0 { + latest := tree.Version() + if tree.VersionExists(latest - 1) { + height = latest - 1 +} + +else { + height = latest +} + +} + +return height +} + +// Query implements ABCI interface, allows queries +// +// by default we will return from (latest height -1), +// as we will have merkle proofs immediately (header height = data height + 1) +// If latest-1 is not present, use latest (which must be present) +// if you care to have the latest data to see a tx results, you must +// explicitly set the height you want to see +func (st *Store) + +Query(req *types.RequestQuery) (res *types.ResponseQuery, err error) { + defer st.metrics.MeasureSince("store", "iavl", "query") + if len(req.Data) == 0 { + return &types.ResponseQuery{ +}, errorsmod.Wrap(types.ErrTxDecode, "query cannot be zero length") +} + tree := st.tree + + // store the height we chose in the response, with 0 being changed to the + // latest height + res = &types.ResponseQuery{ + Height: getHeight(tree, req), +} + switch req.Path { + case "/key": // get by key + key := req.Data // data holds the key bytes + + res.Key = key + if !st.VersionExists(res.Height) { + res.Log = iavl.ErrVersionDoesNotExist.Error() + +break +} + +value, err := tree.GetVersioned(key, res.Height) + if err != nil { + panic(err) +} + +res.Value = value + if !req.Prove { + break +} + + // Continue to prove existence/absence of value + // Must convert store.Tree to iavl.MutableTree with given version to use in CreateProof + iTree, err := tree.GetImmutable(res.Height) + if err != nil { + // sanity check: If value for given version was retrieved, immutable tree must also be retrievable + panic(fmt.Sprintf("version exists in store but could not retrieve corresponding versioned tree in store, %s", err.Error())) +} + mtree := &iavl.MutableTree{ + ImmutableTree: iTree, +} + + // get proof from tree and convert to merkle.Proof before adding to result + res.ProofOps = getProofFromTree(mtree, req.Data, res.Value != nil) + case "/subspace": + pairs := kv.Pairs{ + Pairs: make([]kv.Pair, 0), +} + subspace := req.Data + res.Key = subspace + iterator := types.KVStorePrefixIterator(st, subspace) + for ; iterator.Valid(); iterator.Next() { + pairs.Pairs = append(pairs.Pairs, kv.Pair{ + Key: iterator.Key(), + Value: iterator.Value() +}) +} + if err := iterator.Close(); err != nil { + panic(fmt.Errorf("failed to close iterator: %w", err)) +} + +bz, err := pairs.Marshal() + if err != nil { + panic(fmt.Errorf("failed to marshal KV pairs: %w", err)) +} + +res.Value = bz + + default: + return &types.ResponseQuery{ +}, errorsmod.Wrapf(types.ErrUnknownRequest, "unexpected query path: %v", req.Path) +} + +return res, err +} + +// TraverseStateChanges traverses the state changes between two versions and calls the given function. +func (st *Store) + +TraverseStateChanges(startVersion, endVersion int64, fn func(version int64, changeSet *iavl.ChangeSet) + +error) + +error { + return st.tree.TraverseStateChanges(startVersion, endVersion, fn) +} + +// Takes a MutableTree, a key, and a flag for creating existence or absence proof and returns the +// appropriate merkle.Proof. Since this must be called after querying for the value, this function should never error +// Thus, it will panic on error rather than returning it +func getProofFromTree(tree *iavl.MutableTree, key []byte, exists bool) *cmtprotocrypto.ProofOps { + var ( + commitmentProof *ics23.CommitmentProof + err error + ) + if exists { + // value was found + commitmentProof, err = tree.GetMembershipProof(key) + if err != nil { + // sanity check: If value was found, membership proof must be creatable + panic(fmt.Sprintf("unexpected value for empty proof: %s", err.Error())) +} + +} + +else { + // value wasn't found + commitmentProof, err = tree.GetNonMembershipProof(key) + if err != nil { + // sanity check: If value wasn't found, nonmembership proof must be creatable + panic(fmt.Sprintf("unexpected error for nonexistence proof: %s", err.Error())) +} + +} + op := types.NewIavlCommitmentOp(key, commitmentProof) + +return &cmtprotocrypto.ProofOps{ + Ops: []cmtprotocrypto.ProofOp{ + op.ProofOp() +}} +} +``` + +`iavl` stores are based around an [IAVL Tree](https://github.com/cosmos/iavl), a self-balancing binary tree which guarantees that: + +* `Get` and `Set` operations are O(log n), where n is the number of elements in the tree. +* Iteration efficiently returns the sorted elements within the range. +* Each tree version is immutable and can be retrieved even after a commit (depending on the pruning settings). + +The documentation on the IAVL Tree is located [here](https://github.com/cosmos/iavl/blob/master/docs/overview.md). + +### `DbAdapter` Store + +`dbadapter.Store` is an adapter for `dbm.DB` making it fulfilling the `KVStore` interface. + +```go expandable +package dbadapter + +import ( + + "io" + + dbm "github.com/cosmos/cosmos-db" + "cosmossdk.io/store/cachekv" + "cosmossdk.io/store/tracekv" + "cosmossdk.io/store/types" +) + +// Wrapper type for dbm.Db with implementation of KVStore +type Store struct { + dbm.DB +} + +// Get wraps the underlying DB's Get method panicing on error. +func (dsa Store) + +Get(key []byte) []byte { + v, err := dsa.DB.Get(key) + if err != nil { + panic(err) +} + +return v +} + +// Has wraps the underlying DB's Has method panicing on error. +func (dsa Store) + +Has(key []byte) + +bool { + ok, err := dsa.DB.Has(key) + if err != nil { + panic(err) +} + +return ok +} + +// Set wraps the underlying DB's Set method panicing on error. +func (dsa Store) + +Set(key, value []byte) { + types.AssertValidKey(key) + +types.AssertValidValue(value) + if err := dsa.DB.Set(key, value); err != nil { + panic(err) +} +} + +// Delete wraps the underlying DB's Delete method panicing on error. +func (dsa Store) + +Delete(key []byte) { + if err := dsa.DB.Delete(key); err != nil { + panic(err) +} +} + +// Iterator wraps the underlying DB's Iterator method panicing on error. +func (dsa Store) + +Iterator(start, end []byte) + +types.Iterator { + iter, err := dsa.DB.Iterator(start, end) + if err != nil { + panic(err) +} + +return iter +} + +// ReverseIterator wraps the underlying DB's ReverseIterator method panicing on error. +func (dsa Store) + +ReverseIterator(start, end []byte) + +types.Iterator { + iter, err := dsa.DB.ReverseIterator(start, end) + if err != nil { + panic(err) +} + +return iter +} + +// GetStoreType returns the type of the store. +func (Store) + +GetStoreType() + +types.StoreType { + return types.StoreTypeDB +} + +// CacheWrap branches the underlying store. +func (dsa Store) + +CacheWrap() + +types.CacheWrap { + return cachekv.NewStore(dsa) +} + +// CacheWrapWithTrace implements KVStore. +func (dsa Store) + +CacheWrapWithTrace(w io.Writer, tc types.TraceContext) + +types.CacheWrap { + return cachekv.NewStore(tracekv.NewStore(dsa, w, tc)) +} + +// dbm.DB implements KVStore so we can CacheKVStore it. +var _ types.KVStore = Store{ +} +``` + +`dbadapter.Store` embeds `dbm.DB`, meaning most of the `KVStore` interface functions are implemented. The other functions (mostly miscellaneous) are manually implemented. This store is primarily used within [Transient Stores](#transient-store) + +### `Transient` Store + +`Transient.Store` is a base-layer `KVStore` which is automatically discarded at the end of the block. + +```go expandable +package transient + +import ( + + dbm "github.com/cosmos/cosmos-db" + "cosmossdk.io/store/dbadapter" + pruningtypes "cosmossdk.io/store/pruning/types" + "cosmossdk.io/store/types" +) + +var ( + _ types.Committer = (*Store)(nil) + _ types.KVStore = (*Store)(nil) +) + +// Store is a wrapper for a MemDB with Commiter implementation +type Store struct { + dbadapter.Store +} + +// Constructs new MemDB adapter +func NewStore() *Store { + return &Store{ + Store: dbadapter.Store{ + DB: dbm.NewMemDB() +}} +} + +// Implements CommitStore +// Commit cleans up Store. +func (ts *Store) + +Commit() (id types.CommitID) { + ts.Store = dbadapter.Store{ + DB: dbm.NewMemDB() +} + +return +} + +func (ts *Store) + +SetPruning(_ pruningtypes.PruningOptions) { +} + +// GetPruning is a no-op as pruning options cannot be directly set on this store. +// They must be set on the root commit multi-store. +func (ts *Store) + +GetPruning() + +pruningtypes.PruningOptions { + return pruningtypes.NewPruningOptions(pruningtypes.PruningUndefined) +} + +// Implements CommitStore +func (ts *Store) + +LastCommitID() + +types.CommitID { + return types.CommitID{ +} +} + +func (ts *Store) + +WorkingHash() []byte { + return []byte{ +} +} + +// Implements Store. +func (ts *Store) + +GetStoreType() + +types.StoreType { + return types.StoreTypeTransient +} +``` + +`Transient.Store` is a `dbadapter.Store` with a `dbm.NewMemDB()`. All `KVStore` methods are reused. When `Store.Commit()` is called, a new `dbadapter.Store` is assigned, discarding previous reference and making it garbage collected. + +This type of store is useful to persist information that is only relevant per-block. One example would be to store parameter changes (i.e. a bool set to `true` if a parameter changed in a block). + +```go expandable +package types + +import ( + + "fmt" + "maps" + "reflect" + "cosmossdk.io/store/prefix" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" +) + +const ( + // StoreKey is the string store key for the param store + StoreKey = "params" + + // TStoreKey is the string store key for the param transient store + TStoreKey = "transient_params" +) + +// Individual parameter store for each keeper +// Transient store persists for a block, so we use it for +// recording whether the parameter has been changed or not +type Subspace struct { + cdc codec.BinaryCodec + legacyAmino *codec.LegacyAmino + key storetypes.StoreKey // []byte -> []byte, stores parameter + tkey storetypes.StoreKey // []byte -> bool, stores parameter change + name []byte + table KeyTable +} + +// NewSubspace constructs a store with namestore +func NewSubspace(cdc codec.BinaryCodec, legacyAmino *codec.LegacyAmino, key, tkey storetypes.StoreKey, name string) + +Subspace { + return Subspace{ + cdc: cdc, + legacyAmino: legacyAmino, + key: key, + tkey: tkey, + name: []byte(name), + table: NewKeyTable(), +} +} + +// HasKeyTable returns if the Subspace has a KeyTable registered. +func (s Subspace) + +HasKeyTable() + +bool { + return len(s.table.m) > 0 +} + +// WithKeyTable initializes KeyTable and returns modified Subspace +func (s Subspace) + +WithKeyTable(table KeyTable) + +Subspace { + if table.m == nil { + panic("WithKeyTable() + +called with nil KeyTable") +} + if len(s.table.m) != 0 { + panic("WithKeyTable() + +called on already initialized Subspace") +} + +maps.Copy(s.table.m, table.m) + + // Allocate additional capacity for Subspace.name + // So we don't have to allocate extra space each time appending to the key + name := s.name + s.name = make([]byte, len(name), len(name)+table.maxKeyLength()) + +copy(s.name, name) + +return s +} + +// Returns a KVStore identical with ctx.KVStore(s.key).Prefix() + +func (s Subspace) + +kvStore(ctx sdk.Context) + +storetypes.KVStore { + // append here is safe, appends within a function won't cause + // weird side effects when its singlethreaded + return prefix.NewStore(ctx.KVStore(s.key), append(s.name, '/')) +} + +// Returns a transient store for modification +func (s Subspace) + +transientStore(ctx sdk.Context) + +storetypes.KVStore { + // append here is safe, appends within a function won't cause + // weird side effects when its singlethreaded + return prefix.NewStore(ctx.TransientStore(s.tkey), append(s.name, '/')) +} + +// Validate attempts to validate a parameter value by its key. If the key is not +// registered or if the validation of the value fails, an error is returned. +func (s Subspace) + +Validate(ctx sdk.Context, key []byte, value any) + +error { + attr, ok := s.table.m[string(key)] + if !ok { + return fmt.Errorf("parameter %s not registered", key) +} + if err := attr.vfn(value); err != nil { + return fmt.Errorf("invalid parameter value: %w", err) +} + +return nil +} + +// Get queries for a parameter by key from the Subspace's KVStore and sets the +// value to the provided pointer. If the value does not exist, it will panic. +func (s Subspace) + +Get(ctx sdk.Context, key []byte, ptr any) { + s.checkType(key, ptr) + store := s.kvStore(ctx) + bz := store.Get(key) + if err := s.legacyAmino.UnmarshalJSON(bz, ptr); err != nil { + panic(err) +} +} + +// GetIfExists queries for a parameter by key from the Subspace's KVStore and +// sets the value to the provided pointer. If the value does not exist, it will +// perform a no-op. +func (s Subspace) + +GetIfExists(ctx sdk.Context, key []byte, ptr any) { + store := s.kvStore(ctx) + bz := store.Get(key) + if bz == nil { + return +} + +s.checkType(key, ptr) + if err := s.legacyAmino.UnmarshalJSON(bz, ptr); err != nil { + panic(err) +} +} + +// IterateKeys iterates over all the keys in the subspace and executes the +// provided callback. If the callback returns true for a given key, iteration +// will halt. +func (s Subspace) + +IterateKeys(ctx sdk.Context, cb func(key []byte) + +bool) { + store := s.kvStore(ctx) + iter := storetypes.KVStorePrefixIterator(store, nil) + +defer iter.Close() + for ; iter.Valid(); iter.Next() { + if cb(iter.Key()) { + break +} + +} +} + +// GetRaw queries for the raw values bytes for a parameter by key. +func (s Subspace) + +GetRaw(ctx sdk.Context, key []byte) []byte { + store := s.kvStore(ctx) + +return store.Get(key) +} + +// Has returns if a parameter key exists or not in the Subspace's KVStore. +func (s Subspace) + +Has(ctx sdk.Context, key []byte) + +bool { + store := s.kvStore(ctx) + +return store.Has(key) +} + +// Modified returns true if the parameter key is set in the Subspace's transient +// KVStore. +func (s Subspace) + +Modified(ctx sdk.Context, key []byte) + +bool { + tstore := s.transientStore(ctx) + +return tstore.Has(key) +} + +// checkType verifies that the provided key and value are comptable and registered. +func (s Subspace) + +checkType(key []byte, value any) { + attr, ok := s.table.m[string(key)] + if !ok { + panic(fmt.Sprintf("parameter %s not registered", key)) +} + ty := attr.ty + pty := reflect.TypeOf(value) + if pty.Kind() == reflect.Ptr { + pty = pty.Elem() +} + if pty != ty { + panic("type mismatch with registered table") +} +} + +// Set stores a value for given a parameter key assuming the parameter type has +// been registered. It will panic if the parameter type has not been registered +// or if the value cannot be encoded. A change record is also set in the Subspace's +// transient KVStore to mark the parameter as modified. +func (s Subspace) + +Set(ctx sdk.Context, key []byte, value any) { + s.checkType(key, value) + store := s.kvStore(ctx) + +bz, err := s.legacyAmino.MarshalJSON(value) + if err != nil { + panic(err) +} + +store.Set(key, bz) + tstore := s.transientStore(ctx) + +tstore.Set(key, []byte{ +}) +} + +// Update stores an updated raw value for a given parameter key assuming the +// parameter type has been registered. It will panic if the parameter type has +// not been registered or if the value cannot be encoded. An error is returned +// if the raw value is not compatible with the registered type for the parameter +// key or if the new value is invalid as determined by the registered type's +// validation function. +func (s Subspace) + +Update(ctx sdk.Context, key, value []byte) + +error { + attr, ok := s.table.m[string(key)] + if !ok { + panic(fmt.Sprintf("parameter %s not registered", key)) +} + ty := attr.ty + dest := reflect.New(ty).Interface() + +s.GetIfExists(ctx, key, dest) + if err := s.legacyAmino.UnmarshalJSON(value, dest); err != nil { + return err +} + + // destValue contains the dereferenced value of dest so validation function do + // not have to operate on pointers. + destValue := reflect.Indirect(reflect.ValueOf(dest)).Interface() + if err := s.Validate(ctx, key, destValue); err != nil { + return err +} + +s.Set(ctx, key, dest) + +return nil +} + +// GetParamSet iterates through each ParamSetPair where for each pair, it will +// retrieve the value and set it to the corresponding value pointer provided +// in the ParamSetPair by calling Subspace#Get. +func (s Subspace) + +GetParamSet(ctx sdk.Context, ps ParamSet) { + for _, pair := range ps.ParamSetPairs() { + s.Get(ctx, pair.Key, pair.Value) +} +} + +// GetParamSetIfExists iterates through each ParamSetPair where for each pair, it will +// retrieve the value and set it to the corresponding value pointer provided +// in the ParamSetPair by calling Subspace#GetIfExists. +func (s Subspace) + +GetParamSetIfExists(ctx sdk.Context, ps ParamSet) { + for _, pair := range ps.ParamSetPairs() { + s.GetIfExists(ctx, pair.Key, pair.Value) +} +} + +// SetParamSet iterates through each ParamSetPair and sets the value with the +// corresponding parameter key in the Subspace's KVStore. +func (s Subspace) + +SetParamSet(ctx sdk.Context, ps ParamSet) { + for _, pair := range ps.ParamSetPairs() { + // pair.Field is a pointer to the field, so indirecting the ptr. + // go-amino automatically handles it but just for sure, + // since SetStruct is meant to be used in InitGenesis + // so this method will not be called frequently + v := reflect.Indirect(reflect.ValueOf(pair.Value)).Interface() + if err := pair.ValidatorFn(v); err != nil { + panic(fmt.Sprintf("value from ParamSetPair is invalid: %s", err)) +} + +s.Set(ctx, pair.Key, v) +} +} + +// Name returns the name of the Subspace. +func (s Subspace) + +Name() + +string { + return string(s.name) +} + +// Wrapper of Subspace, provides immutable functions only +type ReadOnlySubspace struct { + s Subspace +} + +// Get delegates a read-only Get call to the Subspace. +func (ros ReadOnlySubspace) + +Get(ctx sdk.Context, key []byte, ptr any) { + ros.s.Get(ctx, key, ptr) +} + +// GetRaw delegates a read-only GetRaw call to the Subspace. +func (ros ReadOnlySubspace) + +GetRaw(ctx sdk.Context, key []byte) []byte { + return ros.s.GetRaw(ctx, key) +} + +// Has delegates a read-only Has call to the Subspace. +func (ros ReadOnlySubspace) + +Has(ctx sdk.Context, key []byte) + +bool { + return ros.s.Has(ctx, key) +} + +// Modified delegates a read-only Modified call to the Subspace. +func (ros ReadOnlySubspace) + +Modified(ctx sdk.Context, key []byte) + +bool { + return ros.s.Modified(ctx, key) +} + +// Name delegates a read-only Name call to the Subspace. +func (ros ReadOnlySubspace) + +Name() + +string { + return ros.s.Name() +} +``` + +Transient stores are typically accessed via the [`context`](/docs/sdk/vnext/learn/advanced/context) via the `TransientStore()` method: + +```go expandable +package types + +import ( + + "context" + "time" + + abci "github.com/cometbft/cometbft/abci/types" + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + "cosmossdk.io/core/comet" + "cosmossdk.io/core/header" + "cosmossdk.io/log" + "cosmossdk.io/store/gaskv" + storetypes "cosmossdk.io/store/types" +) + +// ExecMode defines the execution mode which can be set on a Context. +type ExecMode uint8 + +// All possible execution modes. +const ( + ExecModeCheck ExecMode = iota + ExecModeReCheck + ExecModeSimulate + ExecModePrepareProposal + ExecModeProcessProposal + ExecModeVoteExtension + ExecModeVerifyVoteExtension + ExecModeFinalize +) + +/* +Context is an immutable object contains all information needed to +process a request. + +It contains a context.Context object inside if you want to use that, +but please do not over-use it. We try to keep all data structured +and standard additions here would be better just to add to the Context struct +*/ +type Context struct { + baseCtx context.Context + ms storetypes.MultiStore + // Deprecated: Use HeaderService for height, time, and chainID and CometService for the rest + header cmtproto.Header + // Deprecated: Use HeaderService for hash + headerHash []byte + // Deprecated: Use HeaderService for chainID and CometService for the rest + chainID string + txBytes []byte + logger log.Logger + voteInfo []abci.VoteInfo + gasMeter storetypes.GasMeter + blockGasMeter storetypes.GasMeter + checkTx bool + recheckTx bool // if recheckTx == true, then checkTx must also be true + sigverifyTx bool // when run simulation, because the private key corresponding to the account in the genesis.json randomly generated, we must skip the sigverify. + execMode ExecMode + minGasPrice DecCoins + consParams cmtproto.ConsensusParams + eventManager EventManagerI + priority int64 // The tx priority, only relevant in CheckTx + kvGasConfig storetypes.GasConfig + transientKVGasConfig storetypes.GasConfig + streamingManager storetypes.StreamingManager + cometInfo comet.BlockInfo + headerInfo header.Info +} + +// Proposed rename, not done to avoid API breakage +type Request = Context + +// Read-only accessors +func (c Context) + +Context() + +context.Context { + return c.baseCtx +} + +func (c Context) + +MultiStore() + +storetypes.MultiStore { + return c.ms +} + +func (c Context) + +BlockHeight() + +int64 { + return c.header.Height +} + +func (c Context) + +BlockTime() + +time.Time { + return c.header.Time +} + +func (c Context) + +ChainID() + +string { + return c.chainID +} + +func (c Context) + +TxBytes() []byte { + return c.txBytes +} + +func (c Context) + +Logger() + +log.Logger { + return c.logger +} + +func (c Context) + +VoteInfos() []abci.VoteInfo { + return c.voteInfo +} + +func (c Context) + +GasMeter() + +storetypes.GasMeter { + return c.gasMeter +} + +func (c Context) + +BlockGasMeter() + +storetypes.GasMeter { + return c.blockGasMeter +} + +func (c Context) + +IsCheckTx() + +bool { + return c.checkTx +} + +func (c Context) + +IsReCheckTx() + +bool { + return c.recheckTx +} + +func (c Context) + +IsSigverifyTx() + +bool { + return c.sigverifyTx +} + +func (c Context) + +ExecMode() + +ExecMode { + return c.execMode +} + +func (c Context) + +MinGasPrices() + +DecCoins { + return c.minGasPrice +} + +func (c Context) + +EventManager() + +EventManagerI { + return c.eventManager +} + +func (c Context) + +Priority() + +int64 { + return c.priority +} + +func (c Context) + +KVGasConfig() + +storetypes.GasConfig { + return c.kvGasConfig +} + +func (c Context) + +TransientKVGasConfig() + +storetypes.GasConfig { + return c.transientKVGasConfig +} + +func (c Context) + +StreamingManager() + +storetypes.StreamingManager { + return c.streamingManager +} + +func (c Context) + +CometInfo() + +comet.BlockInfo { + return c.cometInfo +} + +func (c Context) + +HeaderInfo() + +header.Info { + return c.headerInfo +} + +// BlockHeader returns the header by value. +func (c Context) + +BlockHeader() + +cmtproto.Header { + return c.header +} + +// HeaderHash returns a copy of the header hash obtained during abci.RequestBeginBlock +func (c Context) + +HeaderHash() []byte { + hash := make([]byte, len(c.headerHash)) + +copy(hash, c.headerHash) + +return hash +} + +func (c Context) + +ConsensusParams() + +cmtproto.ConsensusParams { + return c.consParams +} + +func (c Context) + +Deadline() (deadline time.Time, ok bool) { + return c.baseCtx.Deadline() +} + +func (c Context) + +Done() <-chan struct{ +} { + return c.baseCtx.Done() +} + +func (c Context) + +Err() + +error { + return c.baseCtx.Err() +} + +// create a new context +func NewContext(ms storetypes.MultiStore, header cmtproto.Header, isCheckTx bool, logger log.Logger) + +Context { + // https://github.com/gogo/protobuf/issues/519 + header.Time = header.Time.UTC() + +return Context{ + baseCtx: context.Background(), + ms: ms, + header: header, + chainID: header.ChainID, + checkTx: isCheckTx, + sigverifyTx: true, + logger: logger, + gasMeter: storetypes.NewInfiniteGasMeter(), + minGasPrice: DecCoins{ +}, + eventManager: NewEventManager(), + kvGasConfig: storetypes.KVGasConfig(), + transientKVGasConfig: storetypes.TransientGasConfig(), +} +} + +// WithContext returns a Context with an updated context.Context. +func (c Context) + +WithContext(ctx context.Context) + +Context { + c.baseCtx = ctx + return c +} + +// WithMultiStore returns a Context with an updated MultiStore. +func (c Context) + +WithMultiStore(ms storetypes.MultiStore) + +Context { + c.ms = ms + return c +} + +// WithBlockHeader returns a Context with an updated CometBFT block header in UTC time. +func (c Context) + +WithBlockHeader(header cmtproto.Header) + +Context { + // https://github.com/gogo/protobuf/issues/519 + header.Time = header.Time.UTC() + +c.header = header + return c +} + +// WithHeaderHash returns a Context with an updated CometBFT block header hash. +func (c Context) + +WithHeaderHash(hash []byte) + +Context { + temp := make([]byte, len(hash)) + +copy(temp, hash) + +c.headerHash = temp + return c +} + +// WithBlockTime returns a Context with an updated CometBFT block header time in UTC with no monotonic component. +// Stripping the monotonic component is for time equality. +func (c Context) + +WithBlockTime(newTime time.Time) + +Context { + newHeader := c.BlockHeader() + // https://github.com/gogo/protobuf/issues/519 + newHeader.Time = newTime.Round(0).UTC() + +return c.WithBlockHeader(newHeader) +} + +// WithProposer returns a Context with an updated proposer consensus address. +func (c Context) + +WithProposer(addr ConsAddress) + +Context { + newHeader := c.BlockHeader() + +newHeader.ProposerAddress = addr.Bytes() + +return c.WithBlockHeader(newHeader) +} + +// WithBlockHeight returns a Context with an updated block height. +func (c Context) + +WithBlockHeight(height int64) + +Context { + newHeader := c.BlockHeader() + +newHeader.Height = height + return c.WithBlockHeader(newHeader) +} + +// WithChainID returns a Context with an updated chain identifier. +func (c Context) + +WithChainID(chainID string) + +Context { + c.chainID = chainID + return c +} + +// WithTxBytes returns a Context with an updated txBytes. +func (c Context) + +WithTxBytes(txBytes []byte) + +Context { + c.txBytes = txBytes + return c +} + +// WithLogger returns a Context with an updated logger. +func (c Context) + +WithLogger(logger log.Logger) + +Context { + c.logger = logger + return c +} + +// WithVoteInfos returns a Context with an updated consensus VoteInfo. +func (c Context) + +WithVoteInfos(voteInfo []abci.VoteInfo) + +Context { + c.voteInfo = voteInfo + return c +} + +// WithGasMeter returns a Context with an updated transaction GasMeter. +func (c Context) + +WithGasMeter(meter storetypes.GasMeter) + +Context { + c.gasMeter = meter + return c +} + +// WithBlockGasMeter returns a Context with an updated block GasMeter +func (c Context) + +WithBlockGasMeter(meter storetypes.GasMeter) + +Context { + c.blockGasMeter = meter + return c +} + +// WithKVGasConfig returns a Context with an updated gas configuration for +// the KVStore +func (c Context) + +WithKVGasConfig(gasConfig storetypes.GasConfig) + +Context { + c.kvGasConfig = gasConfig + return c +} + +// WithTransientKVGasConfig returns a Context with an updated gas configuration for +// the transient KVStore +func (c Context) + +WithTransientKVGasConfig(gasConfig storetypes.GasConfig) + +Context { + c.transientKVGasConfig = gasConfig + return c +} + +// WithIsCheckTx enables or disables CheckTx value for verifying transactions and returns an updated Context +func (c Context) + +WithIsCheckTx(isCheckTx bool) + +Context { + c.checkTx = isCheckTx + c.execMode = ExecModeCheck + return c +} + +// WithIsRecheckTx called with true will also set true on checkTx in order to +// enforce the invariant that if recheckTx = true then checkTx = true as well. +func (c Context) + +WithIsReCheckTx(isRecheckTx bool) + +Context { + if isRecheckTx { + c.checkTx = true +} + +c.recheckTx = isRecheckTx + c.execMode = ExecModeReCheck + return c +} + +// WithIsSigverifyTx called with true will sigverify in auth module +func (c Context) + +WithIsSigverifyTx(isSigverifyTx bool) + +Context { + c.sigverifyTx = isSigverifyTx + return c +} + +// WithExecMode returns a Context with an updated ExecMode. +func (c Context) + +WithExecMode(m ExecMode) + +Context { + c.execMode = m + return c +} + +// WithMinGasPrices returns a Context with an updated minimum gas price value +func (c Context) + +WithMinGasPrices(gasPrices DecCoins) + +Context { + c.minGasPrice = gasPrices + return c +} + +// WithConsensusParams returns a Context with an updated consensus params +func (c Context) + +WithConsensusParams(params cmtproto.ConsensusParams) + +Context { + c.consParams = params + return c +} + +// WithEventManager returns a Context with an updated event manager +func (c Context) + +WithEventManager(em EventManagerI) + +Context { + c.eventManager = em + return c +} + +// WithPriority returns a Context with an updated tx priority +func (c Context) + +WithPriority(p int64) + +Context { + c.priority = p + return c +} + +// WithStreamingManager returns a Context with an updated streaming manager +func (c Context) + +WithStreamingManager(sm storetypes.StreamingManager) + +Context { + c.streamingManager = sm + return c +} + +// WithCometInfo returns a Context with an updated comet info +func (c Context) + +WithCometInfo(cometInfo comet.BlockInfo) + +Context { + c.cometInfo = cometInfo + return c +} + +// WithHeaderInfo returns a Context with an updated header info +func (c Context) + +WithHeaderInfo(headerInfo header.Info) + +Context { + // Settime to UTC + headerInfo.Time = headerInfo.Time.UTC() + +c.headerInfo = headerInfo + return c +} + +// TODO: remove??? +func (c Context) + +IsZero() + +bool { + return c.ms == nil +} + +func (c Context) + +WithValue(key, value any) + +Context { + c.baseCtx = context.WithValue(c.baseCtx, key, value) + +return c +} + +func (c Context) + +Value(key any) + +any { + if key == SdkContextKey { + return c +} + +return c.baseCtx.Value(key) +} + +// ---------------------------------------------------------------------------- +// Store / Caching +// ---------------------------------------------------------------------------- + +// KVStore fetches a KVStore from the MultiStore. +func (c Context) + +KVStore(key storetypes.StoreKey) + +storetypes.KVStore { + return gaskv.NewStore(c.ms.GetKVStore(key), c.gasMeter, c.kvGasConfig) +} + +// TransientStore fetches a TransientStore from the MultiStore. +func (c Context) + +TransientStore(key storetypes.StoreKey) + +storetypes.KVStore { + return gaskv.NewStore(c.ms.GetKVStore(key), c.gasMeter, c.transientKVGasConfig) +} + +// CacheContext returns a new Context with the multi-store cached and a new +// EventManager. The cached context is written to the context when writeCache +// is called. Note, events are automatically emitted on the parent context's +// EventManager when the caller executes the write. +func (c Context) + +CacheContext() (cc Context, writeCache func()) { + cms := c.ms.CacheMultiStore() + +cc = c.WithMultiStore(cms).WithEventManager(NewEventManager()) + +writeCache = func() { + c.EventManager().EmitEvents(cc.EventManager().Events()) + +cms.Write() +} + +return cc, writeCache +} + +var ( + _ context.Context = Context{ +} + _ storetypes.Context = Context{ +} +) + +// ContextKey defines a type alias for a stdlib Context key. +type ContextKey string + +// SdkContextKey is the key in the context.Context which holds the sdk.Context. +const SdkContextKey ContextKey = "sdk-context" + +// WrapSDKContext returns a stdlib context.Context with the provided sdk.Context's internal +// context as a value. It is useful for passing an sdk.Context through methods that take a +// stdlib context.Context parameter such as generated gRPC methods. To get the original +// sdk.Context back, call UnwrapSDKContext. +// +// Deprecated: there is no need to wrap anymore as the Cosmos SDK context implements context.Context. +func WrapSDKContext(ctx Context) + +context.Context { + return ctx +} + +// UnwrapSDKContext retrieves a Context from a context.Context instance +// attached with WrapSDKContext. It panics if a Context was not properly +// attached +func UnwrapSDKContext(ctx context.Context) + +Context { + if sdkCtx, ok := ctx.(Context); ok { + return sdkCtx +} + +return ctx.Value(SdkContextKey).(Context) +} +``` + +## KVStore Wrappers + +### CacheKVStore + +`cachekv.Store` is a wrapper `KVStore` which provides buffered writing / cached reading functionalities over the underlying `KVStore`. + +```go expandable +package cachekv + +import ( + + "bytes" + "io" + "sort" + "sync" + + dbm "github.com/cosmos/cosmos-db" + "cosmossdk.io/math" + "cosmossdk.io/store/cachekv/internal" + "cosmossdk.io/store/internal/conv" + "cosmossdk.io/store/internal/kv" + "cosmossdk.io/store/tracekv" + "cosmossdk.io/store/types" +) + +// cValue represents a cached value. +// If dirty is true, it indicates the cached value is different from the underlying value. +type cValue struct { + value []byte + dirty bool +} + +// Store wraps an in-memory cache around an underlying types.KVStore. +type Store struct { + mtx sync.Mutex + cache map[string]*cValue + unsortedCache map[string]struct{ +} + +sortedCache internal.BTree // always ascending sorted + parent types.KVStore +} + +var _ types.CacheKVStore = (*Store)(nil) + +// NewStore creates a new Store object +func NewStore(parent types.KVStore) *Store { + return &Store{ + cache: make(map[string]*cValue), + unsortedCache: make(map[string]struct{ +}), + sortedCache: internal.NewBTree(), + parent: parent, +} +} + +// GetStoreType implements Store. +func (store *Store) + +GetStoreType() + +types.StoreType { + return store.parent.GetStoreType() +} + +// Get implements types.KVStore. +func (store *Store) + +Get(key []byte) (value []byte) { + store.mtx.Lock() + +defer store.mtx.Unlock() + +types.AssertValidKey(key) + +cacheValue, ok := store.cache[conv.UnsafeBytesToStr(key)] + if !ok { + value = store.parent.Get(key) + +store.setCacheValue(key, value, false) +} + +else { + value = cacheValue.value +} + +return value +} + +// Set implements types.KVStore. +func (store *Store) + +Set(key, value []byte) { + types.AssertValidKey(key) + +types.AssertValidValue(value) + +store.mtx.Lock() + +defer store.mtx.Unlock() + +store.setCacheValue(key, value, true) +} + +// Has implements types.KVStore. +func (store *Store) + +Has(key []byte) + +bool { + value := store.Get(key) + +return value != nil +} + +// Delete implements types.KVStore. +func (store *Store) + +Delete(key []byte) { + types.AssertValidKey(key) + +store.mtx.Lock() + +defer store.mtx.Unlock() + +store.setCacheValue(key, nil, true) +} + +func (store *Store) + +resetCaches() { + if len(store.cache) > 100_000 { + // Cache is too large. We likely did something linear time + // (e.g. Epoch block, Genesis block, etc). Free the old caches from memory, and let them get re-allocated. + // TODO: In a future CacheKV redesign, such linear workloads should get into a different cache instantiation. + // 100_000 is arbitrarily chosen as it solved Osmosis' InitGenesis RAM problem. + store.cache = make(map[string]*cValue) + +store.unsortedCache = make(map[string]struct{ +}) +} + +else { + // Clear the cache using the map clearing idiom + // and not allocating fresh objects. + // Please see https://bencher.orijtech.com/perfclinic/mapclearing/ + for key := range store.cache { + delete(store.cache, key) +} + for key := range store.unsortedCache { + delete(store.unsortedCache, key) +} + +} + +store.sortedCache = internal.NewBTree() +} + +// Implements Cachetypes.KVStore. +func (store *Store) + +Write() { + store.mtx.Lock() + +defer store.mtx.Unlock() + if len(store.cache) == 0 && len(store.unsortedCache) == 0 { + store.sortedCache = internal.NewBTree() + +return +} + +type cEntry struct { + key string + val *cValue +} + + // We need a copy of all of the keys. + // Not the best. To reduce RAM pressure, we copy the values as well + // and clear out the old caches right after the copy. + sortedCache := make([]cEntry, 0, len(store.cache)) + for key, dbValue := range store.cache { + if dbValue.dirty { + sortedCache = append(sortedCache, cEntry{ + key, dbValue +}) +} + +} + +store.resetCaches() + +sort.Slice(sortedCache, func(i, j int) + +bool { + return sortedCache[i].key < sortedCache[j].key +}) + + // TODO: Consider allowing usage of Batch, which would allow the write to + // at least happen atomically. + for _, obj := range sortedCache { + // We use []byte(key) + +instead of conv.UnsafeStrToBytes because we cannot + // be sure if the underlying store might do a save with the byteslice or + // not. Once we get confirmation that .Delete is guaranteed not to + // save the byteslice, then we can assume only a read-only copy is sufficient. + if obj.val.value != nil { + // It already exists in the parent, hence update it. + store.parent.Set([]byte(obj.key), obj.val.value) +} + +else { + store.parent.Delete([]byte(obj.key)) +} + +} +} + +// CacheWrap implements CacheWrapper. +func (store *Store) + +CacheWrap() + +types.CacheWrap { + return NewStore(store) +} + +// CacheWrapWithTrace implements the CacheWrapper interface. +func (store *Store) + +CacheWrapWithTrace(w io.Writer, tc types.TraceContext) + +types.CacheWrap { + return NewStore(tracekv.NewStore(store, w, tc)) +} + +//---------------------------------------- +// Iteration + +// Iterator implements types.KVStore. +func (store *Store) + +Iterator(start, end []byte) + +types.Iterator { + return store.iterator(start, end, true) +} + +// ReverseIterator implements types.KVStore. +func (store *Store) + +ReverseIterator(start, end []byte) + +types.Iterator { + return store.iterator(start, end, false) +} + +func (store *Store) + +iterator(start, end []byte, ascending bool) + +types.Iterator { + store.mtx.Lock() + +defer store.mtx.Unlock() + +store.dirtyItems(start, end) + isoSortedCache := store.sortedCache.Copy() + +var ( + err error + parent, cache types.Iterator + ) + if ascending { + parent = store.parent.Iterator(start, end) + +cache, err = isoSortedCache.Iterator(start, end) +} + +else { + parent = store.parent.ReverseIterator(start, end) + +cache, err = isoSortedCache.ReverseIterator(start, end) +} + if err != nil { + panic(err) +} + +return internal.NewCacheMergeIterator(parent, cache, ascending) +} + +func findStartIndex(strL []string, startQ string) + +int { + // Modified binary search to find the very first element in >=startQ. + if len(strL) == 0 { + return -1 +} + +var left, right, mid int + right = len(strL) - 1 + for left <= right { + mid = (left + right) >> 1 + midStr := strL[mid] + if midStr == startQ { + // Handle condition where there might be multiple values equal to startQ. + // We are looking for the very first value < midStL, that i+1 will be the first + // element >= midStr. + for i := mid - 1; i >= 0; i-- { + if strL[i] != midStr { + return i + 1 +} + +} + +return 0 +} + if midStr < startQ { + left = mid + 1 +} + +else { // midStrL > startQ + right = mid - 1 +} + +} + if left >= 0 && left < len(strL) && strL[left] >= startQ { + return left +} + +return -1 +} + +func findEndIndex(strL []string, endQ string) + +int { + if len(strL) == 0 { + return -1 +} + + // Modified binary search to find the very first element > 1 + midStr := strL[mid] + if midStr == endQ { + // Handle condition where there might be multiple values equal to startQ. + // We are looking for the very first value < midStL, that i+1 will be the first + // element >= midStr. + for i := mid - 1; i >= 0; i-- { + if strL[i] < midStr { + return i + 1 +} + +} + +return 0 +} + if midStr < endQ { + left = mid + 1 +} + +else { // midStrL > startQ + right = mid - 1 +} + +} + + // Binary search failed, now let's find a value less than endQ. + for i := right; i >= 0; i-- { + if strL[i] < endQ { + return i +} + +} + +return -1 +} + +type sortState int + +const ( + stateUnsorted sortState = iota + stateAlreadySorted +) + +const minSortSize = 1024 + +// Constructs a slice of dirty items, to use w/ memIterator. +func (store *Store) + +dirtyItems(start, end []byte) { + startStr, endStr := conv.UnsafeBytesToStr(start), conv.UnsafeBytesToStr(end) + if end != nil && startStr > endStr { + // Nothing to do here. + return +} + n := len(store.unsortedCache) + unsorted := make([]*kv.Pair, 0) + // If the unsortedCache is too big, its costs too much to determine + // whats in the subset we are concerned about. + // If you are interleaving iterator calls with writes, this can easily become an + // O(N^2) + +overhead. + // Even without that, too many range checks eventually becomes more expensive + // than just not having the cache. + if n < minSortSize { + for key := range store.unsortedCache { + // dbm.IsKeyInDomain is nil safe and returns true iff key is greater than start + if dbm.IsKeyInDomain(conv.UnsafeStrToBytes(key), start, end) { + cacheValue := store.cache[key] + unsorted = append(unsorted, &kv.Pair{ + Key: []byte(key), + Value: cacheValue.value +}) +} + +} + +store.clearUnsortedCacheSubset(unsorted, stateUnsorted) + +return +} + + // Otherwise it is large so perform a modified binary search to find + // the target ranges for the keys that we should be looking for. + strL := make([]string, 0, n) + for key := range store.unsortedCache { + strL = append(strL, key) +} + +sort.Strings(strL) + + // Now find the values within the domain + // [start, end) + startIndex := findStartIndex(strL, startStr) + if startIndex < 0 { + startIndex = 0 +} + +var endIndex int + if end == nil { + endIndex = len(strL) - 1 +} + +else { + endIndex = findEndIndex(strL, endStr) +} + if endIndex < 0 { + endIndex = len(strL) - 1 +} + + // Since we spent cycles to sort the values, we should process and remove a reasonable amount + // ensure start to end is at least minSortSize in size + // if below minSortSize, expand it to cover additional values + // this amortizes the cost of processing elements across multiple calls + if endIndex-startIndex < minSortSize { + endIndex = math.Min(startIndex+minSortSize, len(strL)-1) + if endIndex-startIndex < minSortSize { + startIndex = math.Max(endIndex-minSortSize, 0) +} + +} + kvL := make([]*kv.Pair, 0, 1+endIndex-startIndex) + for i := startIndex; i <= endIndex; i++ { + key := strL[i] + cacheValue := store.cache[key] + kvL = append(kvL, &kv.Pair{ + Key: []byte(key), + Value: cacheValue.value +}) +} + + // kvL was already sorted so pass it in as is. + store.clearUnsortedCacheSubset(kvL, stateAlreadySorted) +} + +func (store *Store) + +clearUnsortedCacheSubset(unsorted []*kv.Pair, sortState sortState) { + n := len(store.unsortedCache) + if len(unsorted) == n { // This pattern allows the Go compiler to emit the map clearing idiom for the entire map. + for key := range store.unsortedCache { + delete(store.unsortedCache, key) +} + +} + +else { // Otherwise, normally delete the unsorted keys from the map. + for _, kv := range unsorted { + delete(store.unsortedCache, conv.UnsafeBytesToStr(kv.Key)) +} + +} + if sortState == stateUnsorted { + sort.Slice(unsorted, func(i, j int) + +bool { + return bytes.Compare(unsorted[i].Key, unsorted[j].Key) < 0 +}) +} + for _, item := range unsorted { + // sortedCache is able to store `nil` value to represent deleted items. + store.sortedCache.Set(item.Key, item.Value) +} +} + +//---------------------------------------- +// etc + +// Only entrypoint to mutate store.cache. +// A `nil` value means a deletion. +func (store *Store) + +setCacheValue(key, value []byte, dirty bool) { + keyStr := conv.UnsafeBytesToStr(key) + +store.cache[keyStr] = &cValue{ + value: value, + dirty: dirty, +} + if dirty { + store.unsortedCache[keyStr] = struct{ +}{ +} + +} +} +``` + +This is the type used whenever an IAVL Store needs to be branched to create an isolated store (typically when we need to mutate a state that might be reverted later). + +#### `Get` + +`Store.Get()` firstly checks if `Store.cache` has an associated value with the key. If the value exists, the function returns it. If not, the function calls `Store.parent.Get()`, caches the result in `Store.cache`, and returns it. + +#### `Set` + +`Store.Set()` sets the key-value pair to the `Store.cache`. `cValue` has the field dirty bool which indicates whether the cached value is different from the underlying value. When `Store.Set()` caches a new pair, the `cValue.dirty` is set `true` so when `Store.Write()` is called it can be written to the underlying store. + +#### `Iterator` + +`Store.Iterator()` has to traverse on both cached items and the original items. In `Store.iterator()`, two iterators are generated for each of them, and merged. `memIterator` is essentially a slice of the `KVPairs`, used for cached items. `mergeIterator` is a combination of two iterators, where traverse happens ordered on both iterators. + +### `GasKv` Store + +Cosmos SDK applications use [`gas`](/docs/sdk/vnext/learn/beginner/gas-fees) to track resources usage and prevent spam. [`GasKv.Store`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/store/gaskv/store.go) is a `KVStore` wrapper that enables automatic gas consumption each time a read or write to the store is made. It is the solution of choice to track storage usage in Cosmos SDK applications. + +```go expandable +package gaskv + +import ( + + "io" + "cosmossdk.io/store/types" +) + +var _ types.KVStore = &Store{ +} + +// Store applies gas tracking to an underlying KVStore. It implements the +// KVStore interface. +type Store struct { + gasMeter types.GasMeter + gasConfig types.GasConfig + parent types.KVStore +} + +// NewStore returns a reference to a new GasKVStore. +func NewStore(parent types.KVStore, gasMeter types.GasMeter, gasConfig types.GasConfig) *Store { + kvs := &Store{ + gasMeter: gasMeter, + gasConfig: gasConfig, + parent: parent, +} + +return kvs +} + +// Implements Store. +func (gs *Store) + +GetStoreType() + +types.StoreType { + return gs.parent.GetStoreType() +} + +// Implements KVStore. +func (gs *Store) + +Get(key []byte) (value []byte) { + gs.gasMeter.ConsumeGas(gs.gasConfig.ReadCostFlat, types.GasReadCostFlatDesc) + +value = gs.parent.Get(key) + + // TODO overflow-safe math? + gs.gasMeter.ConsumeGas(gs.gasConfig.ReadCostPerByte*types.Gas(len(key)), types.GasReadPerByteDesc) + +gs.gasMeter.ConsumeGas(gs.gasConfig.ReadCostPerByte*types.Gas(len(value)), types.GasReadPerByteDesc) + +return value +} + +// Implements KVStore. +func (gs *Store) + +Set(key, value []byte) { + types.AssertValidKey(key) + +types.AssertValidValue(value) + +gs.gasMeter.ConsumeGas(gs.gasConfig.WriteCostFlat, types.GasWriteCostFlatDesc) + // TODO overflow-safe math? + gs.gasMeter.ConsumeGas(gs.gasConfig.WriteCostPerByte*types.Gas(len(key)), types.GasWritePerByteDesc) + +gs.gasMeter.ConsumeGas(gs.gasConfig.WriteCostPerByte*types.Gas(len(value)), types.GasWritePerByteDesc) + +gs.parent.Set(key, value) +} + +// Implements KVStore. +func (gs *Store) + +Has(key []byte) + +bool { + gs.gasMeter.ConsumeGas(gs.gasConfig.HasCost, types.GasHasDesc) + +return gs.parent.Has(key) +} + +// Implements KVStore. +func (gs *Store) + +Delete(key []byte) { + // charge gas to prevent certain attack vectors even though space is being freed + gs.gasMeter.ConsumeGas(gs.gasConfig.DeleteCost, types.GasDeleteDesc) + +gs.parent.Delete(key) +} + +// Iterator implements the KVStore interface. It returns an iterator which +// incurs a flat gas cost for seeking to the first key/value pair and a variable +// gas cost based on the current value's length if the iterator is valid. +func (gs *Store) + +Iterator(start, end []byte) + +types.Iterator { + return gs.iterator(start, end, true) +} + +// ReverseIterator implements the KVStore interface. It returns a reverse +// iterator which incurs a flat gas cost for seeking to the first key/value pair +// and a variable gas cost based on the current value's length if the iterator +// is valid. +func (gs *Store) + +ReverseIterator(start, end []byte) + +types.Iterator { + return gs.iterator(start, end, false) +} + +// Implements KVStore. +func (gs *Store) + +CacheWrap() + +types.CacheWrap { + panic("cannot CacheWrap a GasKVStore") +} + +// CacheWrapWithTrace implements the KVStore interface. +func (gs *Store) + +CacheWrapWithTrace(_ io.Writer, _ types.TraceContext) + +types.CacheWrap { + panic("cannot CacheWrapWithTrace a GasKVStore") +} + +func (gs *Store) + +iterator(start, end []byte, ascending bool) + +types.Iterator { + var parent types.Iterator + if ascending { + parent = gs.parent.Iterator(start, end) +} + +else { + parent = gs.parent.ReverseIterator(start, end) +} + gi := newGasIterator(gs.gasMeter, gs.gasConfig, parent) + +gi.(*gasIterator).consumeSeekGas() + +return gi +} + +type gasIterator struct { + gasMeter types.GasMeter + gasConfig types.GasConfig + parent types.Iterator +} + +func newGasIterator(gasMeter types.GasMeter, gasConfig types.GasConfig, parent types.Iterator) + +types.Iterator { + return &gasIterator{ + gasMeter: gasMeter, + gasConfig: gasConfig, + parent: parent, +} +} + +// Implements Iterator. +func (gi *gasIterator) + +Domain() (start, end []byte) { + return gi.parent.Domain() +} + +// Implements Iterator. +func (gi *gasIterator) + +Valid() + +bool { + return gi.parent.Valid() +} + +// Next implements the Iterator interface. It seeks to the next key/value pair +// in the iterator. It incurs a flat gas cost for seeking and a variable gas +// cost based on the current value's length if the iterator is valid. +func (gi *gasIterator) + +Next() { + gi.consumeSeekGas() + +gi.parent.Next() +} + +// Key implements the Iterator interface. It returns the current key and it does +// not incur any gas cost. +func (gi *gasIterator) + +Key() (key []byte) { + key = gi.parent.Key() + +return key +} + +// Value implements the Iterator interface. It returns the current value and it +// does not incur any gas cost. +func (gi *gasIterator) + +Value() (value []byte) { + value = gi.parent.Value() + +return value +} + +// Implements Iterator. +func (gi *gasIterator) + +Close() + +error { + return gi.parent.Close() +} + +// Error delegates the Error call to the parent iterator. +func (gi *gasIterator) + +Error() + +error { + return gi.parent.Error() +} + +// consumeSeekGas consumes on each iteration step a flat gas cost and a variable gas cost +// based on the current value's length. +func (gi *gasIterator) + +consumeSeekGas() { + if gi.Valid() { + key := gi.Key() + value := gi.Value() + +gi.gasMeter.ConsumeGas(gi.gasConfig.ReadCostPerByte*types.Gas(len(key)), types.GasValuePerByteDesc) + +gi.gasMeter.ConsumeGas(gi.gasConfig.ReadCostPerByte*types.Gas(len(value)), types.GasValuePerByteDesc) +} + +gi.gasMeter.ConsumeGas(gi.gasConfig.IterNextCostFlat, types.GasIterNextCostFlatDesc) +} +``` + +When methods of the parent `KVStore` are called, `GasKv.Store` automatically consumes appropriate amount of gas depending on the `Store.gasConfig`: + +```go expandable +package types + +import ( + + "fmt" + "math" +) + +// Gas consumption descriptors. +const ( + GasIterNextCostFlatDesc = "IterNextFlat" + GasValuePerByteDesc = "ValuePerByte" + GasWritePerByteDesc = "WritePerByte" + GasReadPerByteDesc = "ReadPerByte" + GasWriteCostFlatDesc = "WriteFlat" + GasReadCostFlatDesc = "ReadFlat" + GasHasDesc = "Has" + GasDeleteDesc = "Delete" +) + +// Gas measured by the SDK +type Gas = uint64 + +// ErrorNegativeGasConsumed defines an error thrown when the amount of gas refunded results in a +// negative gas consumed amount. +type ErrorNegativeGasConsumed struct { + Descriptor string +} + +// ErrorOutOfGas defines an error thrown when an action results in out of gas. +type ErrorOutOfGas struct { + Descriptor string +} + +// ErrorGasOverflow defines an error thrown when an action results gas consumption +// unsigned integer overflow. +type ErrorGasOverflow struct { + Descriptor string +} + +// GasMeter interface to track gas consumption +type GasMeter interface { + GasConsumed() + +Gas + GasConsumedToLimit() + +Gas + GasRemaining() + +Gas + Limit() + +Gas + ConsumeGas(amount Gas, descriptor string) + +RefundGas(amount Gas, descriptor string) + +IsPastLimit() + +bool + IsOutOfGas() + +bool + String() + +string +} + +type basicGasMeter struct { + limit Gas + consumed Gas +} + +// NewGasMeter returns a reference to a new basicGasMeter. +func NewGasMeter(limit Gas) + +GasMeter { + return &basicGasMeter{ + limit: limit, + consumed: 0, +} +} + +// GasConsumed returns the gas consumed from the GasMeter. +func (g *basicGasMeter) + +GasConsumed() + +Gas { + return g.consumed +} + +// GasRemaining returns the gas left in the GasMeter. +func (g *basicGasMeter) + +GasRemaining() + +Gas { + if g.IsPastLimit() { + return 0 +} + +return g.limit - g.consumed +} + +// Limit returns the gas limit of the GasMeter. +func (g *basicGasMeter) + +Limit() + +Gas { + return g.limit +} + +// GasConsumedToLimit returns the gas limit if gas consumed is past the limit, +// otherwise it returns the consumed gas. +// +// NOTE: This behavior is only called when recovering from panic when +// BlockGasMeter consumes gas past the limit. +func (g *basicGasMeter) + +GasConsumedToLimit() + +Gas { + if g.IsPastLimit() { + return g.limit +} + +return g.consumed +} + +// addUint64Overflow performs the addition operation on two uint64 integers and +// returns a boolean on whether or not the result overflows. +func addUint64Overflow(a, b uint64) (uint64, bool) { + if math.MaxUint64-a < b { + return 0, true +} + +return a + b, false +} + +// ConsumeGas adds the given amount of gas to the gas consumed and panics if it overflows the limit or out of gas. +func (g *basicGasMeter) + +ConsumeGas(amount Gas, descriptor string) { + var overflow bool + g.consumed, overflow = addUint64Overflow(g.consumed, amount) + if overflow { + g.consumed = math.MaxUint64 + panic(ErrorGasOverflow{ + descriptor +}) +} + if g.consumed > g.limit { + panic(ErrorOutOfGas{ + descriptor +}) +} +} + +// RefundGas will deduct the given amount from the gas consumed. If the amount is greater than the +// gas consumed, the function will panic. +// +// Use case: This functionality enables refunding gas to the transaction or block gas pools so that +// EVM-compatible chains can fully support the go-ethereum StateDb interface. +// See https://github.com/cosmos/cosmos-sdk/pull/9403 for reference. +func (g *basicGasMeter) + +RefundGas(amount Gas, descriptor string) { + if g.consumed < amount { + panic(ErrorNegativeGasConsumed{ + Descriptor: descriptor +}) +} + +g.consumed -= amount +} + +// IsPastLimit returns true if gas consumed is past limit, otherwise it returns false. +func (g *basicGasMeter) + +IsPastLimit() + +bool { + return g.consumed > g.limit +} + +// IsOutOfGas returns true if gas consumed is greater than or equal to gas limit, otherwise it returns false. +func (g *basicGasMeter) + +IsOutOfGas() + +bool { + return g.consumed >= g.limit +} + +// String returns the BasicGasMeter's gas limit and gas consumed. +func (g *basicGasMeter) + +String() + +string { + return fmt.Sprintf("BasicGasMeter:\n limit: %d\n consumed: %d", g.limit, g.consumed) +} + +type infiniteGasMeter struct { + consumed Gas +} + +// NewInfiniteGasMeter returns a new gas meter without a limit. +func NewInfiniteGasMeter() + +GasMeter { + return &infiniteGasMeter{ + consumed: 0, +} +} + +// GasConsumed returns the gas consumed from the GasMeter. +func (g *infiniteGasMeter) + +GasConsumed() + +Gas { + return g.consumed +} + +// GasConsumedToLimit returns the gas consumed from the GasMeter since the gas is not confined to a limit. +// NOTE: This behavior is only called when recovering from panic when BlockGasMeter consumes gas past the limit. +func (g *infiniteGasMeter) + +GasConsumedToLimit() + +Gas { + return g.consumed +} + +// GasRemaining returns MaxUint64 since limit is not confined in infiniteGasMeter. +func (g *infiniteGasMeter) + +GasRemaining() + +Gas { + return math.MaxUint64 +} + +// Limit returns MaxUint64 since limit is not confined in infiniteGasMeter. +func (g *infiniteGasMeter) + +Limit() + +Gas { + return math.MaxUint64 +} + +// ConsumeGas adds the given amount of gas to the gas consumed and panics if it overflows the limit. +func (g *infiniteGasMeter) + +ConsumeGas(amount Gas, descriptor string) { + var overflow bool + // TODO: Should we set the consumed field after overflow checking? + g.consumed, overflow = addUint64Overflow(g.consumed, amount) + if overflow { + panic(ErrorGasOverflow{ + descriptor +}) +} +} + +// RefundGas will deduct the given amount from the gas consumed. If the amount is greater than the +// gas consumed, the function will panic. +// +// Use case: This functionality enables refunding gas to the trasaction or block gas pools so that +// EVM-compatible chains can fully support the go-ethereum StateDb interface. +// See https://github.com/cosmos/cosmos-sdk/pull/9403 for reference. +func (g *infiniteGasMeter) + +RefundGas(amount Gas, descriptor string) { + if g.consumed < amount { + panic(ErrorNegativeGasConsumed{ + Descriptor: descriptor +}) +} + +g.consumed -= amount +} + +// IsPastLimit returns false since the gas limit is not confined. +func (g *infiniteGasMeter) + +IsPastLimit() + +bool { + return false +} + +// IsOutOfGas returns false since the gas limit is not confined. +func (g *infiniteGasMeter) + +IsOutOfGas() + +bool { + return false +} + +// String returns the InfiniteGasMeter's gas consumed. +func (g *infiniteGasMeter) + +String() + +string { + return fmt.Sprintf("InfiniteGasMeter:\n consumed: %d", g.consumed) +} + +// GasConfig defines gas cost for each operation on KVStores +type GasConfig struct { + HasCost Gas + DeleteCost Gas + ReadCostFlat Gas + ReadCostPerByte Gas + WriteCostFlat Gas + WriteCostPerByte Gas + IterNextCostFlat Gas +} + +// KVGasConfig returns a default gas config for KVStores. +func KVGasConfig() + +GasConfig { + return GasConfig{ + HasCost: 1000, + DeleteCost: 1000, + ReadCostFlat: 1000, + ReadCostPerByte: 3, + WriteCostFlat: 2000, + WriteCostPerByte: 30, + IterNextCostFlat: 30, +} +} + +// TransientGasConfig returns a default gas config for TransientStores. +func TransientGasConfig() + +GasConfig { + return GasConfig{ + HasCost: 100, + DeleteCost: 100, + ReadCostFlat: 100, + ReadCostPerByte: 0, + WriteCostFlat: 200, + WriteCostPerByte: 3, + IterNextCostFlat: 3, +} +} +``` + +By default, all `KVStores` are wrapped in `GasKv.Stores` when retrieved. This is done in the `KVStore()` method of the [`context`](/docs/sdk/vnext/learn/advanced/context): + +```go expandable +package types + +import ( + + "context" + "time" + + abci "github.com/cometbft/cometbft/abci/types" + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + "cosmossdk.io/core/comet" + "cosmossdk.io/core/header" + "cosmossdk.io/log" + "cosmossdk.io/store/gaskv" + storetypes "cosmossdk.io/store/types" +) + +// ExecMode defines the execution mode which can be set on a Context. +type ExecMode uint8 + +// All possible execution modes. +const ( + ExecModeCheck ExecMode = iota + ExecModeReCheck + ExecModeSimulate + ExecModePrepareProposal + ExecModeProcessProposal + ExecModeVoteExtension + ExecModeVerifyVoteExtension + ExecModeFinalize +) + +/* +Context is an immutable object contains all information needed to +process a request. + +It contains a context.Context object inside if you want to use that, +but please do not over-use it. We try to keep all data structured +and standard additions here would be better just to add to the Context struct +*/ +type Context struct { + baseCtx context.Context + ms storetypes.MultiStore + // Deprecated: Use HeaderService for height, time, and chainID and CometService for the rest + header cmtproto.Header + // Deprecated: Use HeaderService for hash + headerHash []byte + // Deprecated: Use HeaderService for chainID and CometService for the rest + chainID string + txBytes []byte + logger log.Logger + voteInfo []abci.VoteInfo + gasMeter storetypes.GasMeter + blockGasMeter storetypes.GasMeter + checkTx bool + recheckTx bool // if recheckTx == true, then checkTx must also be true + sigverifyTx bool // when run simulation, because the private key corresponding to the account in the genesis.json randomly generated, we must skip the sigverify. + execMode ExecMode + minGasPrice DecCoins + consParams cmtproto.ConsensusParams + eventManager EventManagerI + priority int64 // The tx priority, only relevant in CheckTx + kvGasConfig storetypes.GasConfig + transientKVGasConfig storetypes.GasConfig + streamingManager storetypes.StreamingManager + cometInfo comet.BlockInfo + headerInfo header.Info +} + +// Proposed rename, not done to avoid API breakage +type Request = Context + +// Read-only accessors +func (c Context) + +Context() + +context.Context { + return c.baseCtx +} + +func (c Context) + +MultiStore() + +storetypes.MultiStore { + return c.ms +} + +func (c Context) + +BlockHeight() + +int64 { + return c.header.Height +} + +func (c Context) + +BlockTime() + +time.Time { + return c.header.Time +} + +func (c Context) + +ChainID() + +string { + return c.chainID +} + +func (c Context) + +TxBytes() []byte { + return c.txBytes +} + +func (c Context) + +Logger() + +log.Logger { + return c.logger +} + +func (c Context) + +VoteInfos() []abci.VoteInfo { + return c.voteInfo +} + +func (c Context) + +GasMeter() + +storetypes.GasMeter { + return c.gasMeter +} + +func (c Context) + +BlockGasMeter() + +storetypes.GasMeter { + return c.blockGasMeter +} + +func (c Context) + +IsCheckTx() + +bool { + return c.checkTx +} + +func (c Context) + +IsReCheckTx() + +bool { + return c.recheckTx +} + +func (c Context) + +IsSigverifyTx() + +bool { + return c.sigverifyTx +} + +func (c Context) + +ExecMode() + +ExecMode { + return c.execMode +} + +func (c Context) + +MinGasPrices() + +DecCoins { + return c.minGasPrice +} + +func (c Context) + +EventManager() + +EventManagerI { + return c.eventManager +} + +func (c Context) + +Priority() + +int64 { + return c.priority +} + +func (c Context) + +KVGasConfig() + +storetypes.GasConfig { + return c.kvGasConfig +} + +func (c Context) + +TransientKVGasConfig() + +storetypes.GasConfig { + return c.transientKVGasConfig +} + +func (c Context) + +StreamingManager() + +storetypes.StreamingManager { + return c.streamingManager +} + +func (c Context) + +CometInfo() + +comet.BlockInfo { + return c.cometInfo +} + +func (c Context) + +HeaderInfo() + +header.Info { + return c.headerInfo +} + +// BlockHeader returns the header by value. +func (c Context) + +BlockHeader() + +cmtproto.Header { + return c.header +} + +// HeaderHash returns a copy of the header hash obtained during abci.RequestBeginBlock +func (c Context) + +HeaderHash() []byte { + hash := make([]byte, len(c.headerHash)) + +copy(hash, c.headerHash) + +return hash +} + +func (c Context) + +ConsensusParams() + +cmtproto.ConsensusParams { + return c.consParams +} + +func (c Context) + +Deadline() (deadline time.Time, ok bool) { + return c.baseCtx.Deadline() +} + +func (c Context) + +Done() <-chan struct{ +} { + return c.baseCtx.Done() +} + +func (c Context) + +Err() + +error { + return c.baseCtx.Err() +} + +// create a new context +func NewContext(ms storetypes.MultiStore, header cmtproto.Header, isCheckTx bool, logger log.Logger) + +Context { + // https://github.com/gogo/protobuf/issues/519 + header.Time = header.Time.UTC() + +return Context{ + baseCtx: context.Background(), + ms: ms, + header: header, + chainID: header.ChainID, + checkTx: isCheckTx, + sigverifyTx: true, + logger: logger, + gasMeter: storetypes.NewInfiniteGasMeter(), + minGasPrice: DecCoins{ +}, + eventManager: NewEventManager(), + kvGasConfig: storetypes.KVGasConfig(), + transientKVGasConfig: storetypes.TransientGasConfig(), +} +} + +// WithContext returns a Context with an updated context.Context. +func (c Context) + +WithContext(ctx context.Context) + +Context { + c.baseCtx = ctx + return c +} + +// WithMultiStore returns a Context with an updated MultiStore. +func (c Context) + +WithMultiStore(ms storetypes.MultiStore) + +Context { + c.ms = ms + return c +} + +// WithBlockHeader returns a Context with an updated CometBFT block header in UTC time. +func (c Context) + +WithBlockHeader(header cmtproto.Header) + +Context { + // https://github.com/gogo/protobuf/issues/519 + header.Time = header.Time.UTC() + +c.header = header + return c +} + +// WithHeaderHash returns a Context with an updated CometBFT block header hash. +func (c Context) + +WithHeaderHash(hash []byte) + +Context { + temp := make([]byte, len(hash)) + +copy(temp, hash) + +c.headerHash = temp + return c +} + +// WithBlockTime returns a Context with an updated CometBFT block header time in UTC with no monotonic component. +// Stripping the monotonic component is for time equality. +func (c Context) + +WithBlockTime(newTime time.Time) + +Context { + newHeader := c.BlockHeader() + // https://github.com/gogo/protobuf/issues/519 + newHeader.Time = newTime.Round(0).UTC() + +return c.WithBlockHeader(newHeader) +} + +// WithProposer returns a Context with an updated proposer consensus address. +func (c Context) + +WithProposer(addr ConsAddress) + +Context { + newHeader := c.BlockHeader() + +newHeader.ProposerAddress = addr.Bytes() + +return c.WithBlockHeader(newHeader) +} + +// WithBlockHeight returns a Context with an updated block height. +func (c Context) + +WithBlockHeight(height int64) + +Context { + newHeader := c.BlockHeader() + +newHeader.Height = height + return c.WithBlockHeader(newHeader) +} + +// WithChainID returns a Context with an updated chain identifier. +func (c Context) + +WithChainID(chainID string) + +Context { + c.chainID = chainID + return c +} + +// WithTxBytes returns a Context with an updated txBytes. +func (c Context) + +WithTxBytes(txBytes []byte) + +Context { + c.txBytes = txBytes + return c +} + +// WithLogger returns a Context with an updated logger. +func (c Context) + +WithLogger(logger log.Logger) + +Context { + c.logger = logger + return c +} + +// WithVoteInfos returns a Context with an updated consensus VoteInfo. +func (c Context) + +WithVoteInfos(voteInfo []abci.VoteInfo) + +Context { + c.voteInfo = voteInfo + return c +} + +// WithGasMeter returns a Context with an updated transaction GasMeter. +func (c Context) + +WithGasMeter(meter storetypes.GasMeter) + +Context { + c.gasMeter = meter + return c +} + +// WithBlockGasMeter returns a Context with an updated block GasMeter +func (c Context) + +WithBlockGasMeter(meter storetypes.GasMeter) + +Context { + c.blockGasMeter = meter + return c +} + +// WithKVGasConfig returns a Context with an updated gas configuration for +// the KVStore +func (c Context) + +WithKVGasConfig(gasConfig storetypes.GasConfig) + +Context { + c.kvGasConfig = gasConfig + return c +} + +// WithTransientKVGasConfig returns a Context with an updated gas configuration for +// the transient KVStore +func (c Context) + +WithTransientKVGasConfig(gasConfig storetypes.GasConfig) + +Context { + c.transientKVGasConfig = gasConfig + return c +} + +// WithIsCheckTx enables or disables CheckTx value for verifying transactions and returns an updated Context +func (c Context) + +WithIsCheckTx(isCheckTx bool) + +Context { + c.checkTx = isCheckTx + c.execMode = ExecModeCheck + return c +} + +// WithIsRecheckTx called with true will also set true on checkTx in order to +// enforce the invariant that if recheckTx = true then checkTx = true as well. +func (c Context) + +WithIsReCheckTx(isRecheckTx bool) + +Context { + if isRecheckTx { + c.checkTx = true +} + +c.recheckTx = isRecheckTx + c.execMode = ExecModeReCheck + return c +} + +// WithIsSigverifyTx called with true will sigverify in auth module +func (c Context) + +WithIsSigverifyTx(isSigverifyTx bool) + +Context { + c.sigverifyTx = isSigverifyTx + return c +} + +// WithExecMode returns a Context with an updated ExecMode. +func (c Context) + +WithExecMode(m ExecMode) + +Context { + c.execMode = m + return c +} + +// WithMinGasPrices returns a Context with an updated minimum gas price value +func (c Context) + +WithMinGasPrices(gasPrices DecCoins) + +Context { + c.minGasPrice = gasPrices + return c +} + +// WithConsensusParams returns a Context with an updated consensus params +func (c Context) + +WithConsensusParams(params cmtproto.ConsensusParams) + +Context { + c.consParams = params + return c +} + +// WithEventManager returns a Context with an updated event manager +func (c Context) + +WithEventManager(em EventManagerI) + +Context { + c.eventManager = em + return c +} + +// WithPriority returns a Context with an updated tx priority +func (c Context) + +WithPriority(p int64) + +Context { + c.priority = p + return c +} + +// WithStreamingManager returns a Context with an updated streaming manager +func (c Context) + +WithStreamingManager(sm storetypes.StreamingManager) + +Context { + c.streamingManager = sm + return c +} + +// WithCometInfo returns a Context with an updated comet info +func (c Context) + +WithCometInfo(cometInfo comet.BlockInfo) + +Context { + c.cometInfo = cometInfo + return c +} + +// WithHeaderInfo returns a Context with an updated header info +func (c Context) + +WithHeaderInfo(headerInfo header.Info) + +Context { + // Settime to UTC + headerInfo.Time = headerInfo.Time.UTC() + +c.headerInfo = headerInfo + return c +} + +// TODO: remove??? +func (c Context) + +IsZero() + +bool { + return c.ms == nil +} + +func (c Context) + +WithValue(key, value any) + +Context { + c.baseCtx = context.WithValue(c.baseCtx, key, value) + +return c +} + +func (c Context) + +Value(key any) + +any { + if key == SdkContextKey { + return c +} + +return c.baseCtx.Value(key) +} + +// ---------------------------------------------------------------------------- +// Store / Caching +// ---------------------------------------------------------------------------- + +// KVStore fetches a KVStore from the MultiStore. +func (c Context) + +KVStore(key storetypes.StoreKey) + +storetypes.KVStore { + return gaskv.NewStore(c.ms.GetKVStore(key), c.gasMeter, c.kvGasConfig) +} + +// TransientStore fetches a TransientStore from the MultiStore. +func (c Context) + +TransientStore(key storetypes.StoreKey) + +storetypes.KVStore { + return gaskv.NewStore(c.ms.GetKVStore(key), c.gasMeter, c.transientKVGasConfig) +} + +// CacheContext returns a new Context with the multi-store cached and a new +// EventManager. The cached context is written to the context when writeCache +// is called. Note, events are automatically emitted on the parent context's +// EventManager when the caller executes the write. +func (c Context) + +CacheContext() (cc Context, writeCache func()) { + cms := c.ms.CacheMultiStore() + +cc = c.WithMultiStore(cms).WithEventManager(NewEventManager()) + +writeCache = func() { + c.EventManager().EmitEvents(cc.EventManager().Events()) + +cms.Write() +} + +return cc, writeCache +} + +var ( + _ context.Context = Context{ +} + _ storetypes.Context = Context{ +} +) + +// ContextKey defines a type alias for a stdlib Context key. +type ContextKey string + +// SdkContextKey is the key in the context.Context which holds the sdk.Context. +const SdkContextKey ContextKey = "sdk-context" + +// WrapSDKContext returns a stdlib context.Context with the provided sdk.Context's internal +// context as a value. It is useful for passing an sdk.Context through methods that take a +// stdlib context.Context parameter such as generated gRPC methods. To get the original +// sdk.Context back, call UnwrapSDKContext. +// +// Deprecated: there is no need to wrap anymore as the Cosmos SDK context implements context.Context. +func WrapSDKContext(ctx Context) + +context.Context { + return ctx +} + +// UnwrapSDKContext retrieves a Context from a context.Context instance +// attached with WrapSDKContext. It panics if a Context was not properly +// attached +func UnwrapSDKContext(ctx context.Context) + +Context { + if sdkCtx, ok := ctx.(Context); ok { + return sdkCtx +} + +return ctx.Value(SdkContextKey).(Context) +} +``` + +In this case, the gas configuration set in the `context` is used. The gas configuration can be set using the `WithKVGasConfig` method of the `context`. +Otherwise it uses the following default: + +```go expandable +package types + +import ( + + "fmt" + "math" +) + +// Gas consumption descriptors. +const ( + GasIterNextCostFlatDesc = "IterNextFlat" + GasValuePerByteDesc = "ValuePerByte" + GasWritePerByteDesc = "WritePerByte" + GasReadPerByteDesc = "ReadPerByte" + GasWriteCostFlatDesc = "WriteFlat" + GasReadCostFlatDesc = "ReadFlat" + GasHasDesc = "Has" + GasDeleteDesc = "Delete" +) + +// Gas measured by the SDK +type Gas = uint64 + +// ErrorNegativeGasConsumed defines an error thrown when the amount of gas refunded results in a +// negative gas consumed amount. +type ErrorNegativeGasConsumed struct { + Descriptor string +} + +// ErrorOutOfGas defines an error thrown when an action results in out of gas. +type ErrorOutOfGas struct { + Descriptor string +} + +// ErrorGasOverflow defines an error thrown when an action results gas consumption +// unsigned integer overflow. +type ErrorGasOverflow struct { + Descriptor string +} + +// GasMeter interface to track gas consumption +type GasMeter interface { + GasConsumed() + +Gas + GasConsumedToLimit() + +Gas + GasRemaining() + +Gas + Limit() + +Gas + ConsumeGas(amount Gas, descriptor string) + +RefundGas(amount Gas, descriptor string) + +IsPastLimit() + +bool + IsOutOfGas() + +bool + String() + +string +} + +type basicGasMeter struct { + limit Gas + consumed Gas +} + +// NewGasMeter returns a reference to a new basicGasMeter. +func NewGasMeter(limit Gas) + +GasMeter { + return &basicGasMeter{ + limit: limit, + consumed: 0, +} +} + +// GasConsumed returns the gas consumed from the GasMeter. +func (g *basicGasMeter) + +GasConsumed() + +Gas { + return g.consumed +} + +// GasRemaining returns the gas left in the GasMeter. +func (g *basicGasMeter) + +GasRemaining() + +Gas { + if g.IsPastLimit() { + return 0 +} + +return g.limit - g.consumed +} + +// Limit returns the gas limit of the GasMeter. +func (g *basicGasMeter) + +Limit() + +Gas { + return g.limit +} + +// GasConsumedToLimit returns the gas limit if gas consumed is past the limit, +// otherwise it returns the consumed gas. +// +// NOTE: This behavior is only called when recovering from panic when +// BlockGasMeter consumes gas past the limit. +func (g *basicGasMeter) + +GasConsumedToLimit() + +Gas { + if g.IsPastLimit() { + return g.limit +} + +return g.consumed +} + +// addUint64Overflow performs the addition operation on two uint64 integers and +// returns a boolean on whether or not the result overflows. +func addUint64Overflow(a, b uint64) (uint64, bool) { + if math.MaxUint64-a < b { + return 0, true +} + +return a + b, false +} + +// ConsumeGas adds the given amount of gas to the gas consumed and panics if it overflows the limit or out of gas. +func (g *basicGasMeter) + +ConsumeGas(amount Gas, descriptor string) { + var overflow bool + g.consumed, overflow = addUint64Overflow(g.consumed, amount) + if overflow { + g.consumed = math.MaxUint64 + panic(ErrorGasOverflow{ + descriptor +}) +} + if g.consumed > g.limit { + panic(ErrorOutOfGas{ + descriptor +}) +} +} + +// RefundGas will deduct the given amount from the gas consumed. If the amount is greater than the +// gas consumed, the function will panic. +// +// Use case: This functionality enables refunding gas to the transaction or block gas pools so that +// EVM-compatible chains can fully support the go-ethereum StateDb interface. +// See https://github.com/cosmos/cosmos-sdk/pull/9403 for reference. +func (g *basicGasMeter) + +RefundGas(amount Gas, descriptor string) { + if g.consumed < amount { + panic(ErrorNegativeGasConsumed{ + Descriptor: descriptor +}) +} + +g.consumed -= amount +} + +// IsPastLimit returns true if gas consumed is past limit, otherwise it returns false. +func (g *basicGasMeter) + +IsPastLimit() + +bool { + return g.consumed > g.limit +} + +// IsOutOfGas returns true if gas consumed is greater than or equal to gas limit, otherwise it returns false. +func (g *basicGasMeter) + +IsOutOfGas() + +bool { + return g.consumed >= g.limit +} + +// String returns the BasicGasMeter's gas limit and gas consumed. +func (g *basicGasMeter) + +String() + +string { + return fmt.Sprintf("BasicGasMeter:\n limit: %d\n consumed: %d", g.limit, g.consumed) +} + +type infiniteGasMeter struct { + consumed Gas +} + +// NewInfiniteGasMeter returns a new gas meter without a limit. +func NewInfiniteGasMeter() + +GasMeter { + return &infiniteGasMeter{ + consumed: 0, +} +} + +// GasConsumed returns the gas consumed from the GasMeter. +func (g *infiniteGasMeter) + +GasConsumed() + +Gas { + return g.consumed +} + +// GasConsumedToLimit returns the gas consumed from the GasMeter since the gas is not confined to a limit. +// NOTE: This behavior is only called when recovering from panic when BlockGasMeter consumes gas past the limit. +func (g *infiniteGasMeter) + +GasConsumedToLimit() + +Gas { + return g.consumed +} + +// GasRemaining returns MaxUint64 since limit is not confined in infiniteGasMeter. +func (g *infiniteGasMeter) + +GasRemaining() + +Gas { + return math.MaxUint64 +} + +// Limit returns MaxUint64 since limit is not confined in infiniteGasMeter. +func (g *infiniteGasMeter) + +Limit() + +Gas { + return math.MaxUint64 +} + +// ConsumeGas adds the given amount of gas to the gas consumed and panics if it overflows the limit. +func (g *infiniteGasMeter) + +ConsumeGas(amount Gas, descriptor string) { + var overflow bool + // TODO: Should we set the consumed field after overflow checking? + g.consumed, overflow = addUint64Overflow(g.consumed, amount) + if overflow { + panic(ErrorGasOverflow{ + descriptor +}) +} +} + +// RefundGas will deduct the given amount from the gas consumed. If the amount is greater than the +// gas consumed, the function will panic. +// +// Use case: This functionality enables refunding gas to the trasaction or block gas pools so that +// EVM-compatible chains can fully support the go-ethereum StateDb interface. +// See https://github.com/cosmos/cosmos-sdk/pull/9403 for reference. +func (g *infiniteGasMeter) + +RefundGas(amount Gas, descriptor string) { + if g.consumed < amount { + panic(ErrorNegativeGasConsumed{ + Descriptor: descriptor +}) +} + +g.consumed -= amount +} + +// IsPastLimit returns false since the gas limit is not confined. +func (g *infiniteGasMeter) + +IsPastLimit() + +bool { + return false +} + +// IsOutOfGas returns false since the gas limit is not confined. +func (g *infiniteGasMeter) + +IsOutOfGas() + +bool { + return false +} + +// String returns the InfiniteGasMeter's gas consumed. +func (g *infiniteGasMeter) + +String() + +string { + return fmt.Sprintf("InfiniteGasMeter:\n consumed: %d", g.consumed) +} + +// GasConfig defines gas cost for each operation on KVStores +type GasConfig struct { + HasCost Gas + DeleteCost Gas + ReadCostFlat Gas + ReadCostPerByte Gas + WriteCostFlat Gas + WriteCostPerByte Gas + IterNextCostFlat Gas +} + +// KVGasConfig returns a default gas config for KVStores. +func KVGasConfig() + +GasConfig { + return GasConfig{ + HasCost: 1000, + DeleteCost: 1000, + ReadCostFlat: 1000, + ReadCostPerByte: 3, + WriteCostFlat: 2000, + WriteCostPerByte: 30, + IterNextCostFlat: 30, +} +} + +// TransientGasConfig returns a default gas config for TransientStores. +func TransientGasConfig() + +GasConfig { + return GasConfig{ + HasCost: 100, + DeleteCost: 100, + ReadCostFlat: 100, + ReadCostPerByte: 0, + WriteCostFlat: 200, + WriteCostPerByte: 3, + IterNextCostFlat: 3, +} +} +``` + +### `TraceKv` Store + +`tracekv.Store` is a wrapper `KVStore` which provides operation tracing functionalities over the underlying `KVStore`. It is applied automatically by the Cosmos SDK on all `KVStore` if tracing is enabled on the parent `MultiStore`. + +```go expandable +package tracekv + +import ( + + "encoding/base64" + "encoding/json" + "io" + "cosmossdk.io/errors" + "cosmossdk.io/store/types" +) + +const ( + writeOp operation = "write" + readOp operation = "read" + deleteOp operation = "delete" + iterKeyOp operation = "iterKey" + iterValueOp operation = "iterValue" +) + +type ( + // Store implements the KVStore interface with tracing enabled. + // Operations are traced on each core KVStore call and written to the + // underlying io.writer. + // + // TODO: Should we use a buffered writer and implement Commit on + // Store? + Store struct { + parent types.KVStore + writer io.Writer + context types.TraceContext +} + + // operation represents an IO operation + operation string + + // traceOperation implements a traced KVStore operation + traceOperation struct { + Operation operation `json:"operation"` + Key string `json:"key"` + Value string `json:"value"` + Metadata map[string]interface{ +} `json:"metadata"` +} +) + +// NewStore returns a reference to a new traceKVStore given a parent +// KVStore implementation and a buffered writer. +func NewStore(parent types.KVStore, writer io.Writer, tc types.TraceContext) *Store { + return &Store{ + parent: parent, writer: writer, context: tc +} +} + +// Get implements the KVStore interface. It traces a read operation and +// delegates a Get call to the parent KVStore. +func (tkv *Store) + +Get(key []byte) []byte { + value := tkv.parent.Get(key) + +writeOperation(tkv.writer, readOp, tkv.context, key, value) + +return value +} + +// Set implements the KVStore interface. It traces a write operation and +// delegates the Set call to the parent KVStore. +func (tkv *Store) + +Set(key, value []byte) { + types.AssertValidKey(key) + +writeOperation(tkv.writer, writeOp, tkv.context, key, value) + +tkv.parent.Set(key, value) +} + +// Delete implements the KVStore interface. It traces a write operation and +// delegates the Delete call to the parent KVStore. +func (tkv *Store) + +Delete(key []byte) { + writeOperation(tkv.writer, deleteOp, tkv.context, key, nil) + +tkv.parent.Delete(key) +} + +// Has implements the KVStore interface. It delegates the Has call to the +// parent KVStore. +func (tkv *Store) + +Has(key []byte) + +bool { + return tkv.parent.Has(key) +} + +// Iterator implements the KVStore interface. It delegates the Iterator call +// to the parent KVStore. +func (tkv *Store) + +Iterator(start, end []byte) + +types.Iterator { + return tkv.iterator(start, end, true) +} + +// ReverseIterator implements the KVStore interface. It delegates the +// ReverseIterator call to the parent KVStore. +func (tkv *Store) + +ReverseIterator(start, end []byte) + +types.Iterator { + return tkv.iterator(start, end, false) +} + +// iterator facilitates iteration over a KVStore. It delegates the necessary +// calls to it's parent KVStore. +func (tkv *Store) + +iterator(start, end []byte, ascending bool) + +types.Iterator { + var parent types.Iterator + if ascending { + parent = tkv.parent.Iterator(start, end) +} + +else { + parent = tkv.parent.ReverseIterator(start, end) +} + +return newTraceIterator(tkv.writer, parent, tkv.context) +} + +type traceIterator struct { + parent types.Iterator + writer io.Writer + context types.TraceContext +} + +func newTraceIterator(w io.Writer, parent types.Iterator, tc types.TraceContext) + +types.Iterator { + return &traceIterator{ + writer: w, parent: parent, context: tc +} +} + +// Domain implements the Iterator interface. +func (ti *traceIterator) + +Domain() (start, end []byte) { + return ti.parent.Domain() +} + +// Valid implements the Iterator interface. +func (ti *traceIterator) + +Valid() + +bool { + return ti.parent.Valid() +} + +// Next implements the Iterator interface. +func (ti *traceIterator) + +Next() { + ti.parent.Next() +} + +// Key implements the Iterator interface. +func (ti *traceIterator) + +Key() []byte { + key := ti.parent.Key() + +writeOperation(ti.writer, iterKeyOp, ti.context, key, nil) + +return key +} + +// Value implements the Iterator interface. +func (ti *traceIterator) + +Value() []byte { + value := ti.parent.Value() + +writeOperation(ti.writer, iterValueOp, ti.context, nil, value) + +return value +} + +// Close implements the Iterator interface. +func (ti *traceIterator) + +Close() + +error { + return ti.parent.Close() +} + +// Error delegates the Error call to the parent iterator. +func (ti *traceIterator) + +Error() + +error { + return ti.parent.Error() +} + +// GetStoreType implements the KVStore interface. It returns the underlying +// KVStore type. +func (tkv *Store) + +GetStoreType() + +types.StoreType { + return tkv.parent.GetStoreType() +} + +// CacheWrap implements the KVStore interface. It panics because a Store +// cannot be branched. +func (tkv *Store) + +CacheWrap() + +types.CacheWrap { + panic("cannot CacheWrap a TraceKVStore") +} + +// CacheWrapWithTrace implements the KVStore interface. It panics as a +// Store cannot be branched. +func (tkv *Store) + +CacheWrapWithTrace(_ io.Writer, _ types.TraceContext) + +types.CacheWrap { + panic("cannot CacheWrapWithTrace a TraceKVStore") +} + +// writeOperation writes a KVStore operation to the underlying io.Writer as +// JSON-encoded data where the key/value pair is base64 encoded. +func writeOperation(w io.Writer, op operation, tc types.TraceContext, key, value []byte) { + traceOp := traceOperation{ + Operation: op, + Key: base64.StdEncoding.EncodeToString(key), + Value: base64.StdEncoding.EncodeToString(value), +} + if tc != nil { + traceOp.Metadata = tc +} + +raw, err := json.Marshal(traceOp) + if err != nil { + panic(errors.Wrap(err, "failed to serialize trace operation")) +} + if _, err := w.Write(raw); err != nil { + panic(errors.Wrap(err, "failed to write trace operation")) +} + + _, err = io.WriteString(w, "\n") + if err != nil { + panic(errors.Wrap(err, "failed to write newline")) +} +} +``` + +When each `KVStore` methods are called, `tracekv.Store` automatically logs `traceOperation` to the `Store.writer`. `traceOperation.Metadata` is filled with `Store.context` when it is not nil. `TraceContext` is a `map[string]interface{}`. + +### `Prefix` Store + +`prefix.Store` is a wrapper `KVStore` which provides automatic key-prefixing functionalities over the underlying `KVStore`. + +```go expandable +package prefix + +import ( + + "bytes" + "errors" + "io" + "cosmossdk.io/store/cachekv" + "cosmossdk.io/store/tracekv" + "cosmossdk.io/store/types" +) + +var _ types.KVStore = Store{ +} + +// Store is similar with cometbft/cometbft/libs/db/prefix_db +// both gives access only to the limited subset of the store +// for convinience or safety +type Store struct { + parent types.KVStore + prefix []byte +} + +func NewStore(parent types.KVStore, prefix []byte) + +Store { + return Store{ + parent: parent, + prefix: prefix, +} +} + +func cloneAppend(bz, tail []byte) (res []byte) { + res = make([]byte, len(bz)+len(tail)) + +copy(res, bz) + +copy(res[len(bz):], tail) + +return +} + +func (s Store) + +key(key []byte) (res []byte) { + if key == nil { + panic("nil key on Store") +} + +res = cloneAppend(s.prefix, key) + +return +} + +// Implements Store +func (s Store) + +GetStoreType() + +types.StoreType { + return s.parent.GetStoreType() +} + +// Implements CacheWrap +func (s Store) + +CacheWrap() + +types.CacheWrap { + return cachekv.NewStore(s) +} + +// CacheWrapWithTrace implements the KVStore interface. +func (s Store) + +CacheWrapWithTrace(w io.Writer, tc types.TraceContext) + +types.CacheWrap { + return cachekv.NewStore(tracekv.NewStore(s, w, tc)) +} + +// Implements KVStore +func (s Store) + +Get(key []byte) []byte { + res := s.parent.Get(s.key(key)) + +return res +} + +// Implements KVStore +func (s Store) + +Has(key []byte) + +bool { + return s.parent.Has(s.key(key)) +} + +// Implements KVStore +func (s Store) + +Set(key, value []byte) { + types.AssertValidKey(key) + +types.AssertValidValue(value) + +s.parent.Set(s.key(key), value) +} + +// Implements KVStore +func (s Store) + +Delete(key []byte) { + s.parent.Delete(s.key(key)) +} + +// Implements KVStore +// Check https://github.com/cometbft/cometbft/blob/master/libs/db/prefix_db.go#L106 +func (s Store) + +Iterator(start, end []byte) + +types.Iterator { + newstart := cloneAppend(s.prefix, start) + +var newend []byte + if end == nil { + newend = cpIncr(s.prefix) +} + +else { + newend = cloneAppend(s.prefix, end) +} + iter := s.parent.Iterator(newstart, newend) + +return newPrefixIterator(s.prefix, start, end, iter) +} + +// ReverseIterator implements KVStore +// Check https://github.com/cometbft/cometbft/blob/master/libs/db/prefix_db.go#L129 +func (s Store) + +ReverseIterator(start, end []byte) + +types.Iterator { + newstart := cloneAppend(s.prefix, start) + +var newend []byte + if end == nil { + newend = cpIncr(s.prefix) +} + +else { + newend = cloneAppend(s.prefix, end) +} + iter := s.parent.ReverseIterator(newstart, newend) + +return newPrefixIterator(s.prefix, start, end, iter) +} + +var _ types.Iterator = (*prefixIterator)(nil) + +type prefixIterator struct { + prefix []byte + start []byte + end []byte + iter types.Iterator + valid bool +} + +func newPrefixIterator(prefix, start, end []byte, parent types.Iterator) *prefixIterator { + return &prefixIterator{ + prefix: prefix, + start: start, + end: end, + iter: parent, + valid: parent.Valid() && bytes.HasPrefix(parent.Key(), prefix), +} +} + +// Implements Iterator +func (pi *prefixIterator) + +Domain() ([]byte, []byte) { + return pi.start, pi.end +} + +// Implements Iterator +func (pi *prefixIterator) + +Valid() + +bool { + return pi.valid && pi.iter.Valid() +} + +// Implements Iterator +func (pi *prefixIterator) + +Next() { + if !pi.valid { + panic("prefixIterator invalid, cannot call Next()") +} + if pi.iter.Next(); !pi.iter.Valid() || !bytes.HasPrefix(pi.iter.Key(), pi.prefix) { + // TODO: shouldn't pi be set to nil instead? + pi.valid = false +} +} + +// Implements Iterator +func (pi *prefixIterator) + +Key() (key []byte) { + if !pi.valid { + panic("prefixIterator invalid, cannot call Key()") +} + +key = pi.iter.Key() + +key = stripPrefix(key, pi.prefix) + +return +} + +// Implements Iterator +func (pi *prefixIterator) + +Value() []byte { + if !pi.valid { + panic("prefixIterator invalid, cannot call Value()") +} + +return pi.iter.Value() +} + +// Implements Iterator +func (pi *prefixIterator) + +Close() + +error { + return pi.iter.Close() +} + +// Error returns an error if the prefixIterator is invalid defined by the Valid +// method. +func (pi *prefixIterator) + +Error() + +error { + if !pi.Valid() { + return errors.New("invalid prefixIterator") +} + +return nil +} + +// copied from github.com/cometbft/cometbft/libs/db/prefix_db.go +func stripPrefix(key, prefix []byte) []byte { + if len(key) < len(prefix) || !bytes.Equal(key[:len(prefix)], prefix) { + panic("should not happen") +} + +return key[len(prefix):] +} + +// wrapping types.PrefixEndBytes +func cpIncr(bz []byte) []byte { + return types.PrefixEndBytes(bz) +} +``` + +When `Store.{Get, Set}()` is called, the store forwards the call to its parent, with the key prefixed with the `Store.prefix`. + +When `Store.Iterator()` is called, it does not simply prefix the `Store.prefix`, since it does not work as intended. In that case, some of the elements are traversed even if they are not starting with the prefix. + +### `ListenKv` Store + +`listenkv.Store` is a wrapper `KVStore` which provides state listening capabilities over the underlying `KVStore`. +It is applied automatically by the Cosmos SDK on any `KVStore` whose `StoreKey` is specified during state streaming configuration. +Additional information about state streaming configuration can be found in the [store/streaming/README.md](https://github.com/cosmos/cosmos-sdk/tree/v0.53.0/store/streaming). + +```go expandable +package listenkv + +import ( + + "io" + "cosmossdk.io/store/types" +) + +var _ types.KVStore = &Store{ +} + +// Store implements the KVStore interface with listening enabled. +// Operations are traced on each core KVStore call and written to any of the +// underlying listeners with the proper key and operation permissions +type Store struct { + parent types.KVStore + listener *types.MemoryListener + parentStoreKey types.StoreKey +} + +// NewStore returns a reference to a new traceKVStore given a parent +// KVStore implementation and a buffered writer. +func NewStore(parent types.KVStore, parentStoreKey types.StoreKey, listener *types.MemoryListener) *Store { + return &Store{ + parent: parent, listener: listener, parentStoreKey: parentStoreKey +} +} + +// Get implements the KVStore interface. It traces a read operation and +// delegates a Get call to the parent KVStore. +func (s *Store) + +Get(key []byte) []byte { + value := s.parent.Get(key) + +return value +} + +// Set implements the KVStore interface. It traces a write operation and +// delegates the Set call to the parent KVStore. +func (s *Store) + +Set(key, value []byte) { + types.AssertValidKey(key) + +s.parent.Set(key, value) + +s.listener.OnWrite(s.parentStoreKey, key, value, false) +} + +// Delete implements the KVStore interface. It traces a write operation and +// delegates the Delete call to the parent KVStore. +func (s *Store) + +Delete(key []byte) { + s.parent.Delete(key) + +s.listener.OnWrite(s.parentStoreKey, key, nil, true) +} + +// Has implements the KVStore interface. It delegates the Has call to the +// parent KVStore. +func (s *Store) + +Has(key []byte) + +bool { + return s.parent.Has(key) +} + +// Iterator implements the KVStore interface. It delegates the Iterator call +// the to the parent KVStore. +func (s *Store) + +Iterator(start, end []byte) + +types.Iterator { + return s.iterator(start, end, true) +} + +// ReverseIterator implements the KVStore interface. It delegates the +// ReverseIterator call the to the parent KVStore. +func (s *Store) + +ReverseIterator(start, end []byte) + +types.Iterator { + return s.iterator(start, end, false) +} + +// iterator facilitates iteration over a KVStore. It delegates the necessary +// calls to it's parent KVStore. +func (s *Store) + +iterator(start, end []byte, ascending bool) + +types.Iterator { + var parent types.Iterator + if ascending { + parent = s.parent.Iterator(start, end) +} + +else { + parent = s.parent.ReverseIterator(start, end) +} + +return newTraceIterator(parent, s.listener) +} + +type listenIterator struct { + parent types.Iterator + listener *types.MemoryListener +} + +func newTraceIterator(parent types.Iterator, listener *types.MemoryListener) + +types.Iterator { + return &listenIterator{ + parent: parent, listener: listener +} +} + +// Domain implements the Iterator interface. +func (li *listenIterator) + +Domain() (start, end []byte) { + return li.parent.Domain() +} + +// Valid implements the Iterator interface. +func (li *listenIterator) + +Valid() + +bool { + return li.parent.Valid() +} + +// Next implements the Iterator interface. +func (li *listenIterator) + +Next() { + li.parent.Next() +} + +// Key implements the Iterator interface. +func (li *listenIterator) + +Key() []byte { + key := li.parent.Key() + +return key +} + +// Value implements the Iterator interface. +func (li *listenIterator) + +Value() []byte { + value := li.parent.Value() + +return value +} + +// Close implements the Iterator interface. +func (li *listenIterator) + +Close() + +error { + return li.parent.Close() +} + +// Error delegates the Error call to the parent iterator. +func (li *listenIterator) + +Error() + +error { + return li.parent.Error() +} + +// GetStoreType implements the KVStore interface. It returns the underlying +// KVStore type. +func (s *Store) + +GetStoreType() + +types.StoreType { + return s.parent.GetStoreType() +} + +// CacheWrap implements the KVStore interface. It panics as a Store +// cannot be cache wrapped. +func (s *Store) + +CacheWrap() + +types.CacheWrap { + panic("cannot CacheWrap a ListenKVStore") +} + +// CacheWrapWithTrace implements the KVStore interface. It panics as a +// Store cannot be cache wrapped. +func (s *Store) + +CacheWrapWithTrace(_ io.Writer, _ types.TraceContext) + +types.CacheWrap { + panic("cannot CacheWrapWithTrace a ListenKVStore") +} +``` + +When `KVStore.Set` or `KVStore.Delete` methods are called, `listenkv.Store` automatically writes the operations to the set of `Store.listeners`. + +## `BasicKVStore` interface + +An interface providing only the basic CRUD functionality (`Get`, `Set`, `Has`, and `Delete` methods), without iteration or caching. This is used to partially expose components of a larger store. diff --git a/docs/sdk/next/learn/advanced/telemetry.mdx b/docs/sdk/next/learn/advanced/telemetry.mdx new file mode 100644 index 00000000..0c30da5b --- /dev/null +++ b/docs/sdk/next/learn/advanced/telemetry.mdx @@ -0,0 +1,126 @@ +--- +title: Telemetry +--- + +**Synopsis** +Gather relevant insights about your application and modules with custom metrics and telemetry. + + +The Cosmos SDK enables operators and developers to gain insight into the performance and behavior of +their application through the use of the `telemetry` package. To enable telemetry, set `telemetry.enabled = true` in the app.toml config file. + +The Cosmos SDK currently supports enabling in-memory and prometheus as telemetry sinks. In-memory sink is always attached (when the telemetry is enabled) with 10 second interval and 1 minute retention. This means that metrics will be aggregated over 10 seconds, and metrics will be kept alive for 1 minute. + +To query active metrics (see retention note above) you have to enable API server (`api.enabled = true` in the app.toml). Single API endpoint is exposed: `http://localhost:1317/metrics?format={text|prometheus}`, the default being `text`. + +## Emitting metrics + +If telemetry is enabled via configuration, a single global metrics collector is registered via the +[go-metrics](https://github.com/hashicorp/go-metrics) library. This allows emitting and collecting +metrics through simple [API](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/telemetry/wrapper.go). Example: + +```go +func EndBlocker(ctx sdk.Context, k keeper.Keeper) { + defer telemetry.ModuleMeasureSince(types.ModuleName, time.Now(), telemetry.MetricKeyEndBlocker) + + // ... +} +``` + +Developers may use the `telemetry` package directly, which provides wrappers around metric APIs +that include adding useful labels, or they must use the `go-metrics` library directly. It is preferable +to add as much context and adequate dimensionality to metrics as possible, so the `telemetry` package +is advised. Regardless of the package or method used, the Cosmos SDK supports the following metrics +types: + +* gauges +* summaries +* counters + +## Labels + +Certain components of modules will have their name automatically added as a label (e.g. `BeginBlock`). +Operators may also supply the application with a global set of labels that will be applied to all +metrics emitted using the `telemetry` package (e.g. chain-id). Global labels are supplied as a list +of \[name, value] tuples. + +Example: + +```toml +global-labels = [ + ["chain_id", "chain-OfXo4V"], +] +``` + +## Cardinality + +Cardinality is key, specifically label and key cardinality. Cardinality is how many unique values of +something there are. So there is naturally a tradeoff between granularity and how much stress is put +on the telemetry sink in terms of indexing, scrape, and query performance. + +Developers should take care to support metrics with enough dimensionality and granularity to be +useful, but not increase the cardinality beyond the sink's limits. A general rule of thumb is to not +exceed a cardinality of 10. + +Consider the following examples with enough granularity and adequate cardinality: + +* begin/end blocker time +* tx gas used +* block gas used +* amount of tokens minted +* amount of accounts created + +The following examples expose too much cardinality and may not even prove to be useful: + +* transfers between accounts with amount +* voting/deposit amount from unique addresses + +## Supported Metrics + +| Metric | Description | Unit | Type | +| :------------------------------ | :---------------------------------------------------------------------------------------- | :-------------- | :------ | +| `tx_count` | Total number of txs processed via `DeliverTx` | tx | counter | +| `tx_successful` | Total number of successful txs processed via `DeliverTx` | tx | counter | +| `tx_failed` | Total number of failed txs processed via `DeliverTx` | tx | counter | +| `tx_gas_used` | The total amount of gas used by a tx | gas | gauge | +| `tx_gas_wanted` | The total amount of gas requested by a tx | gas | gauge | +| `tx_msg_send` | The total amount of tokens sent in a `MsgSend` (per denom) | token | gauge | +| `tx_msg_withdraw_reward` | The total amount of tokens withdrawn in a `MsgWithdrawDelegatorReward` (per denom) | token | gauge | +| `tx_msg_withdraw_commission` | The total amount of tokens withdrawn in a `MsgWithdrawValidatorCommission` (per denom) | token | gauge | +| `tx_msg_delegate` | The total amount of tokens delegated in a `MsgDelegate` | token | gauge | +| `tx_msg_begin_unbonding` | The total amount of tokens undelegated in a `MsgUndelegate` | token | gauge | +| `tx_msg_begin_redelegate` | The total amount of tokens redelegated in a `MsgBeginRedelegate` | token | gauge | +| `tx_msg_ibc_transfer` | The total amount of tokens transferred via IBC in a `MsgTransfer` (source or sink chain) | token | gauge | +| `ibc_transfer_packet_receive` | The total amount of tokens received in a `FungibleTokenPacketData` (source or sink chain) | token | gauge | +| `new_account` | Total number of new accounts created | account | counter | +| `gov_proposal` | Total number of governance proposals | proposal | counter | +| `gov_vote` | Total number of governance votes for a proposal | vote | counter | +| `gov_deposit` | Total number of governance deposits for a proposal | deposit | counter | +| `staking_delegate` | Total number of delegations | delegation | counter | +| `staking_undelegate` | Total number of undelegations | undelegation | counter | +| `staking_redelegate` | Total number of redelegations | redelegation | counter | +| `ibc_transfer_send` | Total number of IBC transfers sent from a chain (source or sink) | transfer | counter | +| `ibc_transfer_receive` | Total number of IBC transfers received to a chain (source or sink) | transfer | counter | +| `ibc_client_create` | Total number of clients created | create | counter | +| `ibc_client_update` | Total number of client updates | update | counter | +| `ibc_client_upgrade` | Total number of client upgrades | upgrade | counter | +| `ibc_client_misbehaviour` | Total number of client misbehaviours | misbehaviour | counter | +| `ibc_connection_open-init` | Total number of connection `OpenInit` handshakes | handshake | counter | +| `ibc_connection_open-try` | Total number of connection `OpenTry` handshakes | handshake | counter | +| `ibc_connection_open-ack` | Total number of connection `OpenAck` handshakes | handshake | counter | +| `ibc_connection_open-confirm` | Total number of connection `OpenConfirm` handshakes | handshake | counter | +| `ibc_channel_open-init` | Total number of channel `OpenInit` handshakes | handshake | counter | +| `ibc_channel_open-try` | Total number of channel `OpenTry` handshakes | handshake | counter | +| `ibc_channel_open-ack` | Total number of channel `OpenAck` handshakes | handshake | counter | +| `ibc_channel_open-confirm` | Total number of channel `OpenConfirm` handshakes | handshake | counter | +| `ibc_channel_close-init` | Total number of channel `CloseInit` handshakes | handshake | counter | +| `ibc_channel_close-confirm` | Total number of channel `CloseConfirm` handshakes | handshake | counter | +| `tx_msg_ibc_recv_packet` | Total number of IBC packets received | packet | counter | +| `tx_msg_ibc_acknowledge_packet` | Total number of IBC packets acknowledged | acknowledgement | counter | +| `ibc_timeout_packet` | Total number of IBC timeout packets | timeout | counter | +| `store_iavl_get` | Duration of an IAVL `Store#Get` call | ms | summary | +| `store_iavl_set` | Duration of an IAVL `Store#Set` call | ms | summary | +| `store_iavl_has` | Duration of an IAVL `Store#Has` call | ms | summary | +| `store_iavl_delete` | Duration of an IAVL `Store#Delete` call | ms | summary | +| `store_iavl_commit` | Duration of an IAVL `Store#Commit` call | ms | summary | +| `store_iavl_query` | Duration of an IAVL `Store#Query` call | ms | summary | diff --git a/docs/sdk/next/learn/advanced/transactions.mdx b/docs/sdk/next/learn/advanced/transactions.mdx new file mode 100644 index 00000000..52d67186 --- /dev/null +++ b/docs/sdk/next/learn/advanced/transactions.mdx @@ -0,0 +1,1335 @@ +--- +title: Transactions +--- + +**Synopsis** +`Transactions` are objects created by end-users to trigger state changes in the application. + + + +**Pre-requisite Readings** + +* [Anatomy of a Cosmos SDK Application](/docs/sdk/vnext/learn/beginner/app-anatomy) + + + +## Transactions + +Transactions are comprised of metadata held in [contexts](/docs/sdk/vnext/learn/advanced/context) and [`sdk.Msg`s](/docs/sdk/vnext/build/building-modules/messages-and-queries) that trigger state changes within a module through the module's Protobuf [`Msg` service](/docs/sdk/vnext/build/building-modules/msg-services). + +When users want to interact with an application and make state changes (e.g. sending coins), they create transactions. Each of a transaction's `sdk.Msg` must be signed using the private key associated with the appropriate account(s), before the transaction is broadcasted to the network. A transaction must then be included in a block, validated, and approved by the network through the consensus process. To read more about the lifecycle of a transaction, click [here](/docs/sdk/vnext/learn/beginner/tx-lifecycle). + +## Type Definition + +Transaction objects are Cosmos SDK types that implement the `Tx` interface + +```go expandable +package types + +import ( + + "encoding/json" + fmt "fmt" + strings "strings" + "time" + "github.com/cosmos/gogoproto/proto" + protov2 "google.golang.org/protobuf/proto" + "github.com/cosmos/cosmos-sdk/codec" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" +) + +type ( + // Msg defines the interface a transaction message needed to fulfill. + Msg = proto.Message + + // LegacyMsg defines the interface a transaction message needed to fulfill up through + // v0.47. + LegacyMsg interface { + Msg + + // GetSigners returns the addrs of signers that must sign. + // CONTRACT: All signatures must be present to be valid. + // CONTRACT: Returns addrs in some deterministic order. + GetSigners() []AccAddress +} + + // Fee defines an interface for an application application-defined concrete + // transaction type to be able to set and return the transaction fee. + Fee interface { + GetGas() + +uint64 + GetAmount() + +Coins +} + + // Signature defines an interface for an application application-defined + // concrete transaction type to be able to set and return transaction signatures. + Signature interface { + GetPubKey() + +cryptotypes.PubKey + GetSignature() []byte +} + + // HasMsgs defines an interface a transaction must fulfill. + HasMsgs interface { + // GetMsgs gets the all the transaction's messages. + GetMsgs() []Msg +} + + // Tx defines an interface a transaction must fulfill. + Tx interface { + HasMsgs + + // GetMsgsV2 gets the transaction's messages as google.golang.org/protobuf/proto.Message's. + GetMsgsV2() ([]protov2.Message, error) +} + + // FeeTx defines the interface to be implemented by Tx to use the FeeDecorators + FeeTx interface { + Tx + GetGas() + +uint64 + GetFee() + +Coins + FeePayer() []byte + FeeGranter() []byte +} + + // TxWithMemo must have GetMemo() + +method to use ValidateMemoDecorator + TxWithMemo interface { + Tx + GetMemo() + +string +} + + // TxWithTimeoutTimeStamp extends the Tx interface by allowing a transaction to + // set a timeout timestamp. + TxWithTimeoutTimeStamp interface { + Tx + + // GetTimeoutTimeStamp gets the timeout timestamp for the tx. + // IMPORTANT: when the uint value is needed here, you MUST use UnixNano. + GetTimeoutTimeStamp() + +time.Time +} + + // TxWithTimeoutHeight extends the Tx interface by allowing a transaction to + // set a height timeout. + TxWithTimeoutHeight interface { + Tx + + GetTimeoutHeight() + +uint64 +} + + // TxWithUnordered extends the Tx interface by allowing a transaction to set + // the unordered field, which implicitly relies on TxWithTimeoutTimeStamp. + TxWithUnordered interface { + TxWithTimeoutTimeStamp + + GetUnordered() + +bool +} + + // HasValidateBasic defines a type that has a ValidateBasic method. + // ValidateBasic is deprecated and now facultative. + // Prefer validating messages directly in the msg server. + HasValidateBasic interface { + // ValidateBasic does a simple validation check that + // doesn't require access to any other information. + ValidateBasic() + +error +} +) + +// TxDecoder unmarshals transaction bytes +type TxDecoder func(txBytes []byte) (Tx, error) + +// TxEncoder marshals transaction to bytes +type TxEncoder func(tx Tx) ([]byte, error) + +// MsgTypeURL returns the TypeURL of a `sdk.Msg`. +var MsgTypeURL = codectypes.MsgTypeURL + +// GetMsgFromTypeURL returns a `sdk.Msg` message type from a type URL +func GetMsgFromTypeURL(cdc codec.Codec, input string) (Msg, error) { + var msg Msg + bz, err := json.Marshal(struct { + Type string `json:"@type"` +}{ + Type: input, +}) + if err != nil { + return nil, err +} + if err := cdc.UnmarshalInterfaceJSON(bz, &msg); err != nil { + return nil, fmt.Errorf("failed to determine sdk.Msg for %s URL : %w", input, err) +} + +return msg, nil +} + +// GetModuleNameFromTypeURL assumes that module name is the second element of the msg type URL +// e.g. "cosmos.bank.v1beta1.MsgSend" => "bank" +// It returns an empty string if the input is not a valid type URL +func GetModuleNameFromTypeURL(input string) + +string { + moduleName := strings.Split(input, ".") + if len(moduleName) > 1 { + return moduleName[1] +} + +return "" +} +``` + +It contains the following methods: + +* **GetMsgs:** unwraps the transaction and returns a list of contained `sdk.Msg`s - one transaction may have one or multiple messages, which are defined by module developers. + +As a developer, you should rarely manipulate `Tx` directly, as `Tx` is an intermediate type used for transaction generation. Instead, developers should prefer the `TxBuilder` interface, which you can learn more about [below](#transaction-generation). + +### Signing Transactions + +Every message in a transaction must be signed by the addresses specified by its `GetSigners`. The Cosmos SDK currently allows signing transactions in two different ways. + +#### `SIGN_MODE_DIRECT` (preferred) + +The most used implementation of the `Tx` interface is the Protobuf `Tx` message, which is used in `SIGN_MODE_DIRECT`: + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/v1beta1/tx.proto#L15-L28 +``` + +Because Protobuf serialization is not deterministic, the Cosmos SDK uses an additional `TxRaw` type to denote the pinned bytes over which a transaction is signed. Any user can generate a valid `body` and `auth_info` for a transaction, and serialize these two messages using Protobuf. `TxRaw` then pins the user's exact binary representation of `body` and `auth_info`, called respectively `body_bytes` and `auth_info_bytes`. The document that is signed by all signers of the transaction is `SignDoc` (deterministically serialized using [ADR-027](/docs/sdk/vnext/build/architecture/adr-027-deterministic-protobuf-serialization)): + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/v1beta1/tx.proto#L50-L67 +``` + +Once signed by all signers, the `body_bytes`, `auth_info_bytes` and `signatures` are gathered into `TxRaw`, whose serialized bytes are broadcasted over the network. + +#### `SIGN_MODE_LEGACY_AMINO_JSON` + +The legacy implementation of the `Tx` interface is the `StdTx` struct from `x/auth`: + +```go expandable +package legacytx + +import ( + + errorsmod "cosmossdk.io/errors" + "cosmossdk.io/math" + "github.com/cosmos/cosmos-sdk/codec/legacy" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/tx/signing" +) + +// Interface implementation checks +var ( + _ codectypes.UnpackInterfacesMessage = (*StdTx)(nil) + + _ codectypes.UnpackInterfacesMessage = (*StdSignature)(nil) +) + +// StdFee includes the amount of coins paid in fees and the maximum +// gas to be used by the transaction. The ratio yields an effective "gasprice", +// which must be above some miminum to be accepted into the mempool. +// [Deprecated] +type StdFee struct { + Amount sdk.Coins `json:"amount" yaml:"amount"` + Gas uint64 `json:"gas" yaml:"gas"` + Payer string `json:"payer,omitempty" yaml:"payer"` + Granter string `json:"granter,omitempty" yaml:"granter"` +} + +// Deprecated: NewStdFee returns a new instance of StdFee +func NewStdFee(gas uint64, amount sdk.Coins) + +StdFee { + return StdFee{ + Amount: amount, + Gas: gas, +} +} + +// GetGas returns the fee's (wanted) + +gas. +func (fee StdFee) + +GetGas() + +uint64 { + return fee.Gas +} + +// GetAmount returns the fee's amount. +func (fee StdFee) + +GetAmount() + +sdk.Coins { + return fee.Amount +} + +// Bytes returns the encoded bytes of a StdFee. +func (fee StdFee) + +Bytes() []byte { + if len(fee.Amount) == 0 { + fee.Amount = sdk.NewCoins() +} + +bz, err := legacy.Cdc.MarshalJSON(fee) + if err != nil { + panic(err) +} + +return bz +} + +// GasPrices returns the gas prices for a StdFee. +// +// NOTE: The gas prices returned are not the true gas prices that were +// originally part of the submitted transaction because the fee is computed +// as fee = ceil(gasWanted * gasPrices). +func (fee StdFee) + +GasPrices() + +sdk.DecCoins { + return sdk.NewDecCoinsFromCoins(fee.Amount...).QuoDec(math.LegacyNewDec(int64(fee.Gas))) +} + +// StdTip is the tips used in a tipped transaction. +type StdTip struct { + Amount sdk.Coins `json:"amount" yaml:"amount"` + Tipper string `json:"tipper" yaml:"tipper"` +} + +// StdTx is the legacy transaction format for wrapping a Msg with Fee and Signatures. +// It only works with Amino, please prefer the new protobuf Tx in types/tx. +// NOTE: the first signature is the fee payer (Signatures must not be nil). +// Deprecated +type StdTx struct { + Msgs []sdk.Msg `json:"msg" yaml:"msg"` + Fee StdFee `json:"fee" yaml:"fee"` + Signatures []StdSignature `json:"signatures" yaml:"signatures"` + Memo string `json:"memo" yaml:"memo"` + TimeoutHeight uint64 `json:"timeout_height" yaml:"timeout_height"` +} + +// Deprecated +func NewStdTx(msgs []sdk.Msg, fee StdFee, sigs []StdSignature, memo string) + +StdTx { + return StdTx{ + Msgs: msgs, + Fee: fee, + Signatures: sigs, + Memo: memo, +} +} + +// GetMsgs returns the all the transaction's messages. +func (tx StdTx) + +GetMsgs() []sdk.Msg { + return tx.Msgs +} + +// Deprecated: AsAny implements intoAny. It doesn't work for protobuf serialization, +// so it can't be saved into protobuf configured storage. We are using it only for API +// compatibility. +func (tx *StdTx) + +AsAny() *codectypes.Any { + return codectypes.UnsafePackAny(tx) +} + +// GetMemo returns the memo +func (tx StdTx) + +GetMemo() + +string { + return tx.Memo +} + +// GetTimeoutHeight returns the transaction's timeout height (if set). +func (tx StdTx) + +GetTimeoutHeight() + +uint64 { + return tx.TimeoutHeight +} + +// GetSignatures returns the signature of signers who signed the Msg. +// CONTRACT: Length returned is same as length of +// pubkeys returned from MsgKeySigners, and the order +// matches. +// CONTRACT: If the signature is missing (ie the Msg is +// invalid), then the corresponding signature is +// .Empty(). +func (tx StdTx) + +GetSignatures() [][]byte { + sigs := make([][]byte, len(tx.Signatures)) + for i, stdSig := range tx.Signatures { + sigs[i] = stdSig.Signature +} + +return sigs +} + +// GetSignaturesV2 implements SigVerifiableTx.GetSignaturesV2 +func (tx StdTx) + +GetSignaturesV2() ([]signing.SignatureV2, error) { + res := make([]signing.SignatureV2, len(tx.Signatures)) + for i, sig := range tx.Signatures { + var err error + res[i], err = StdSignatureToSignatureV2(legacy.Cdc, sig) + if err != nil { + return nil, errorsmod.Wrapf(err, "Unable to convert signature %v to V2", sig) +} + +} + +return res, nil +} + +// GetPubkeys returns the pubkeys of signers if the pubkey is included in the signature +// If pubkey is not included in the signature, then nil is in the slice instead +func (tx StdTx) + +GetPubKeys() ([]cryptotypes.PubKey, error) { + pks := make([]cryptotypes.PubKey, len(tx.Signatures)) + for i, stdSig := range tx.Signatures { + pks[i] = stdSig.GetPubKey() +} + +return pks, nil +} + +// GetGas returns the Gas in StdFee +func (tx StdTx) + +GetGas() + +uint64 { + return tx.Fee.Gas +} + +// GetFee returns the FeeAmount in StdFee +func (tx StdTx) + +GetFee() + +sdk.Coins { + return tx.Fee.Amount +} + +// FeeGranter always returns nil for StdTx +func (tx StdTx) + +FeeGranter() + +sdk.AccAddress { + return nil +} + +func (tx StdTx) + +UnpackInterfaces(unpacker codectypes.AnyUnpacker) + +error { + for _, m := range tx.Msgs { + err := codectypes.UnpackInterfaces(m, unpacker) + if err != nil { + return err +} + +} + + // Signatures contain PubKeys, which need to be unpacked. + for _, s := range tx.Signatures { + err := s.UnpackInterfaces(unpacker) + if err != nil { + return err +} + +} + +return nil +} +``` + +The document signed by all signers is `StdSignDoc`: + +```go expandable +package legacytx + +import ( + + "encoding/json" + "fmt" + "sigs.k8s.io/yaml" + "cosmossdk.io/errors" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/legacy" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" + "github.com/cosmos/cosmos-sdk/crypto/types/multisig" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/tx/signing" +) + +// LegacyMsg defines the old interface a message must fulfill, +// containing Amino signing method. +// Deprecated: Please use `Msg` instead. +type LegacyMsg interface { + sdk.Msg + + // Get the canonical byte representation of the Msg. + GetSignBytes() []byte +} + +// StdSignDoc is replay-prevention structure. +// It includes the result of msg.GetSignBytes(), +// as well as the ChainID (prevent cross chain replay) +// and the Sequence numbers for each signature (prevent +// inchain replay and enforce tx ordering per account). +type StdSignDoc struct { + AccountNumber uint64 `json:"account_number" yaml:"account_number"` + Sequence uint64 `json:"sequence" yaml:"sequence"` + TimeoutHeight uint64 `json:"timeout_height,omitempty" yaml:"timeout_height"` + ChainID string `json:"chain_id" yaml:"chain_id"` + Memo string `json:"memo" yaml:"memo"` + Fee json.RawMessage `json:"fee" yaml:"fee"` + Msgs []json.RawMessage `json:"msgs" yaml:"msgs"` +} + +var RegressionTestingAminoCodec *codec.LegacyAmino + +// Deprecated: please delete this code eventually. +func mustSortJSON(bz []byte) []byte { + var c any + err := json.Unmarshal(bz, &c) + if err != nil { + panic(err) +} + +js, err := json.Marshal(c) + if err != nil { + panic(err) +} + +return js +} + +// StdSignBytes returns the bytes to sign for a transaction. +// Deprecated: Please use x/tx/signing/aminojson instead. +func StdSignBytes(chainID string, accnum, sequence, timeout uint64, fee StdFee, msgs []sdk.Msg, memo string) []byte { + if RegressionTestingAminoCodec == nil { + panic(fmt.Errorf("must set RegressionTestingAminoCodec before calling StdSignBytes")) +} + msgsBytes := make([]json.RawMessage, 0, len(msgs)) + for _, msg := range msgs { + bz := RegressionTestingAminoCodec.MustMarshalJSON(msg) + +msgsBytes = append(msgsBytes, mustSortJSON(bz)) +} + +bz, err := legacy.Cdc.MarshalJSON(StdSignDoc{ + AccountNumber: accnum, + ChainID: chainID, + Fee: json.RawMessage(fee.Bytes()), + Memo: memo, + Msgs: msgsBytes, + Sequence: sequence, + TimeoutHeight: timeout, +}) + if err != nil { + panic(err) +} + +return mustSortJSON(bz) +} + +// Deprecated: StdSignature represents a sig +type StdSignature struct { + cryptotypes.PubKey `json:"pub_key" yaml:"pub_key"` // optional + Signature []byte `json:"signature" yaml:"signature"` +} + +// Deprecated +func NewStdSignature(pk cryptotypes.PubKey, sig []byte) + +StdSignature { + return StdSignature{ + PubKey: pk, + Signature: sig +} +} + +// GetSignature returns the raw signature bytes. +func (ss StdSignature) + +GetSignature() []byte { + return ss.Signature +} + +// GetPubKey returns the public key of a signature as a cryptotypes.PubKey using the +// Amino codec. +func (ss StdSignature) + +GetPubKey() + +cryptotypes.PubKey { + return ss.PubKey +} + +// MarshalYAML returns the YAML representation of the signature. +func (ss StdSignature) + +MarshalYAML() (any, error) { + pk := "" + if ss.PubKey != nil { + pk = ss.String() +} + +bz, err := yaml.Marshal(struct { + PubKey string `json:"pub_key"` + Signature string `json:"signature"` +}{ + pk, + fmt.Sprintf("%X", ss.Signature), +}) + if err != nil { + return nil, err +} + +return string(bz), nil +} + +func (ss StdSignature) + +UnpackInterfaces(unpacker codectypes.AnyUnpacker) + +error { + return codectypes.UnpackInterfaces(ss.PubKey, unpacker) +} + +// StdSignatureToSignatureV2 converts a StdSignature to a SignatureV2 +func StdSignatureToSignatureV2(cdc *codec.LegacyAmino, sig StdSignature) (signing.SignatureV2, error) { + pk := sig.GetPubKey() + +data, err := pubKeySigToSigData(cdc, pk, sig.Signature) + if err != nil { + return signing.SignatureV2{ +}, err +} + +return signing.SignatureV2{ + PubKey: pk, + Data: data, +}, nil +} + +func pubKeySigToSigData(cdc *codec.LegacyAmino, key cryptotypes.PubKey, sig []byte) (signing.SignatureData, error) { + multiPK, ok := key.(multisig.PubKey) + if !ok { + return &signing.SingleSignatureData{ + SignMode: signing.SignMode_SIGN_MODE_LEGACY_AMINO_JSON, + Signature: sig, +}, nil +} + +var multiSig multisig.AminoMultisignature + err := cdc.Unmarshal(sig, &multiSig) + if err != nil { + return nil, err +} + sigs := multiSig.Sigs + sigDatas := make([]signing.SignatureData, len(sigs)) + pubKeys := multiPK.GetPubKeys() + bitArray := multiSig.BitArray + n := multiSig.BitArray.Count() + signatures := multisig.NewMultisig(n) + sigIdx := 0 + for i := range n { + if bitArray.GetIndex(i) { + data, err := pubKeySigToSigData(cdc, pubKeys[i], multiSig.Sigs[sigIdx]) + if err != nil { + return nil, errors.Wrapf(err, "Unable to convert Signature to SigData %d", sigIdx) +} + +sigDatas[sigIdx] = data + multisig.AddSignature(signatures, data, sigIdx) + +sigIdx++ +} + +} + +return signatures, nil +} +``` + +which is encoded into bytes using Amino JSON. Once all signatures are gathered into `StdTx`, `StdTx` is serialized using Amino JSON, and these bytes are broadcasted over the network. + +#### Other Sign Modes + +The Cosmos SDK also provides a couple of other sign modes for particular use cases. + +#### `SIGN_MODE_DIRECT_AUX` + +`SIGN_MODE_DIRECT_AUX` is a sign mode released in the Cosmos SDK v0.46 which targets transactions with multiple signers. Whereas `SIGN_MODE_DIRECT` expects each signer to sign over both `TxBody` and `AuthInfo` (which includes all other signers' signer infos, i.e. their account sequence, public key and mode info), `SIGN_MODE_DIRECT_AUX` allows N-1 signers to only sign over `TxBody` and *their own* signer info. Moreover, each auxiliary signer (i.e. a signer using `SIGN_MODE_DIRECT_AUX`) doesn't +need to sign over the fees: + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/v1beta1/tx.proto#L68-L93 +``` + +The use case is a multi-signer transaction, where one of the signers is appointed to gather all signatures, broadcast the signature and pay for fees, and the others only care about the transaction body. This generally allows for a better multi-signing UX. If Alice, Bob and Charlie are part of a 3-signer transaction, then Alice and Bob can both use `SIGN_MODE_DIRECT_AUX` to sign over the `TxBody` and their own signer info (no need an additional step to gather other signers' ones, like in `SIGN_MODE_DIRECT`), without specifying a fee in their SignDoc. Charlie can then gather both signatures from Alice and Bob, and +create the final transaction by appending a fee. Note that the fee payer of the transaction (in our case Charlie) must sign over the fees, so must use `SIGN_MODE_DIRECT` or `SIGN_MODE_LEGACY_AMINO_JSON`. + +#### `SIGN_MODE_TEXTUAL` + +`SIGN_MODE_TEXTUAL` is a new sign mode for delivering a better signing experience on hardware wallets and it is included in the v0.50 release. In this mode, the signer signs over the human-readable string representation of the transaction (CBOR) and makes all data being displayed easier to read. The data is formatted as screens, and each screen is meant to be displayed in its entirety even on small devices like the Ledger Nano. + +There are also *expert* screens, which will only be displayed if the user has chosen that option in its hardware device. These screens contain things like account number, account sequence and the sign data hash. + +Data is formatted using a set of `ValueRenderer` which the SDK provides defaults for all the known messages and value types. Chain developers can also opt to implement their own `ValueRenderer` for a type/message if they'd like to display information differently. + +If you wish to learn more, please refer to [ADR-050](/docs/sdk/vnext/build/architecture/adr-050-sign-mode-textual). + +#### Custom Sign modes + +There is an opportunity to add your own custom sign mode to the Cosmos-SDK. While we can not accept the implementation of the sign mode to the repository, we can accept a pull request to add the custom signmode to the SignMode enum located [here](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/signing/v1beta1/signing.proto#L17) + +## Transaction Process + +The process of an end-user sending a transaction is: + +* decide on the messages to put into the transaction, +* generate the transaction using the Cosmos SDK's `TxBuilder`, +* broadcast the transaction using one of the available interfaces. + +The next paragraphs will describe each of these components, in this order. + +### Messages + + +Module `sdk.Msg`s are not to be confused with [ABCI Messages](https://docs.cometbft.com/v0.37/spec/abci/) which define interactions between the CometBFT and application layers. + + +**Messages** (or `sdk.Msg`s) are module-specific objects that trigger state transitions within the scope of the module they belong to. Module developers define the messages for their module by adding methods to the Protobuf [`Msg` service](/docs/sdk/vnext/build/building-modules/msg-services), and also implement the corresponding `MsgServer`. + +Each `sdk.Msg`s is related to exactly one Protobuf [`Msg` service](/docs/sdk/vnext/build/building-modules/msg-services) RPC, defined inside each module's `tx.proto` file. A SDK app router automatically maps every `sdk.Msg` to a corresponding RPC. Protobuf generates a `MsgServer` interface for each module `Msg` service, and the module developer needs to implement this interface. +This design puts more responsibility on module developers, allowing application developers to reuse common functionalities without having to implement state transition logic repetitively. + +To learn more about Protobuf `Msg` services and how to implement `MsgServer`, click [here](/docs/sdk/vnext/build/building-modules/msg-services). + +While messages contain the information for state transition logic, a transaction's other metadata and relevant information are stored in the `TxBuilder` and `Context`. + +### Transaction Generation + +The `TxBuilder` interface contains data closely related with the generation of transactions, which an end-user can set to generate the desired transaction: + +```go expandable +package client + +import ( + + "time" + + txsigning "cosmossdk.io/x/tx/signing" + + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/tx" + signingtypes "github.com/cosmos/cosmos-sdk/types/tx/signing" + "github.com/cosmos/cosmos-sdk/x/auth/signing" +) + +type ( + // TxEncodingConfig defines an interface that contains transaction + // encoders and decoders + TxEncodingConfig interface { + TxEncoder() + +sdk.TxEncoder + TxDecoder() + +sdk.TxDecoder + TxJSONEncoder() + +sdk.TxEncoder + TxJSONDecoder() + +sdk.TxDecoder + MarshalSignatureJSON([]signingtypes.SignatureV2) ([]byte, error) + +UnmarshalSignatureJSON([]byte) ([]signingtypes.SignatureV2, error) +} + + // TxConfig defines an interface a client can utilize to generate an + // application-defined concrete transaction type. The type returned must + // implement TxBuilder. + TxConfig interface { + TxEncodingConfig + + NewTxBuilder() + +TxBuilder + WrapTxBuilder(sdk.Tx) (TxBuilder, error) + +SignModeHandler() *txsigning.HandlerMap + SigningContext() *txsigning.Context +} + + // TxBuilder defines an interface which an application-defined concrete transaction + // type must implement. Namely, it must be able to set messages, generate + // signatures, and provide canonical bytes to sign over. The transaction must + // also know how to encode itself. + TxBuilder interface { + GetTx() + +signing.Tx + + SetMsgs(msgs ...sdk.Msg) + +error + SetSignatures(signatures ...signingtypes.SignatureV2) + +error + SetMemo(memo string) + +SetFeeAmount(amount sdk.Coins) + +SetFeePayer(feePayer sdk.AccAddress) + +SetGasLimit(limit uint64) + +SetTimeoutHeight(height uint64) + +SetTimeoutTimestamp(timestamp time.Time) + +SetUnordered(v bool) + +SetFeeGranter(feeGranter sdk.AccAddress) + +AddAuxSignerData(tx.AuxSignerData) + +error +} + + // ExtendedTxBuilder extends the TxBuilder interface, + // which is used to set extension options to be included in a transaction. + ExtendedTxBuilder interface { + SetExtensionOptions(extOpts ...*codectypes.Any) +} +) +``` + +* `Msg`s, the array of [messages](#messages) included in the transaction. +* `GasLimit`, option chosen by the users for how to calculate how much gas they will need to pay. +* `Memo`, a note or comment to send with the transaction. +* `FeeAmount`, the maximum amount the user is willing to pay in fees. +* `TimeoutHeight`, block height until which the transaction is valid. +* `Unordered`, an option indicating this transaction may be executed in any order (requires Sequence to be unset.) +* `TimeoutTimestamp`, the timeout timestamp (unordered nonce) of the transaction (required to be used with Unordered). +* `Signatures`, the array of signatures from all signers of the transaction. + +As there are currently two sign modes for signing transactions, there are also two implementations of `TxBuilder`: + +* [wrapper](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/tx/builder.go#L27-L44) for creating transactions for `SIGN_MODE_DIRECT`, +* [StdTxBuilder](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/auth/migrations/legacytx/stdtx_builder.go#L14-L17) for `SIGN_MODE_LEGACY_AMINO_JSON`. + +However, the two implementations of `TxBuilder` should be hidden away from end-users, as they should prefer using the overarching `TxConfig` interface: + +```go expandable +package client + +import ( + + "time" + + txsigning "cosmossdk.io/x/tx/signing" + + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/tx" + signingtypes "github.com/cosmos/cosmos-sdk/types/tx/signing" + "github.com/cosmos/cosmos-sdk/x/auth/signing" +) + +type ( + // TxEncodingConfig defines an interface that contains transaction + // encoders and decoders + TxEncodingConfig interface { + TxEncoder() + +sdk.TxEncoder + TxDecoder() + +sdk.TxDecoder + TxJSONEncoder() + +sdk.TxEncoder + TxJSONDecoder() + +sdk.TxDecoder + MarshalSignatureJSON([]signingtypes.SignatureV2) ([]byte, error) + +UnmarshalSignatureJSON([]byte) ([]signingtypes.SignatureV2, error) +} + + // TxConfig defines an interface a client can utilize to generate an + // application-defined concrete transaction type. The type returned must + // implement TxBuilder. + TxConfig interface { + TxEncodingConfig + + NewTxBuilder() + +TxBuilder + WrapTxBuilder(sdk.Tx) (TxBuilder, error) + +SignModeHandler() *txsigning.HandlerMap + SigningContext() *txsigning.Context +} + + // TxBuilder defines an interface which an application-defined concrete transaction + // type must implement. Namely, it must be able to set messages, generate + // signatures, and provide canonical bytes to sign over. The transaction must + // also know how to encode itself. + TxBuilder interface { + GetTx() + +signing.Tx + + SetMsgs(msgs ...sdk.Msg) + +error + SetSignatures(signatures ...signingtypes.SignatureV2) + +error + SetMemo(memo string) + +SetFeeAmount(amount sdk.Coins) + +SetFeePayer(feePayer sdk.AccAddress) + +SetGasLimit(limit uint64) + +SetTimeoutHeight(height uint64) + +SetTimeoutTimestamp(timestamp time.Time) + +SetUnordered(v bool) + +SetFeeGranter(feeGranter sdk.AccAddress) + +AddAuxSignerData(tx.AuxSignerData) + +error +} + + // ExtendedTxBuilder extends the TxBuilder interface, + // which is used to set extension options to be included in a transaction. + ExtendedTxBuilder interface { + SetExtensionOptions(extOpts ...*codectypes.Any) +} +) +``` + +`TxConfig` is an app-wide configuration for managing transactions. Most importantly, it holds the information about whether to sign each transaction with `SIGN_MODE_DIRECT` or `SIGN_MODE_LEGACY_AMINO_JSON`. By calling `txBuilder := txConfig.NewTxBuilder()`, a new `TxBuilder` will be created with the appropriate sign mode. + +Once `TxBuilder` is correctly populated with the setters exposed above, `TxConfig` will also take care of correctly encoding the bytes (again, either using `SIGN_MODE_DIRECT` or `SIGN_MODE_LEGACY_AMINO_JSON`). Here's a pseudo-code snippet of how to generate and encode a transaction, using the `TxEncoder()` method: + +```go +txBuilder := txConfig.NewTxBuilder() + +txBuilder.SetMsgs(...) // and other setters on txBuilder + +bz, err := txConfig.TxEncoder()(txBuilder.GetTx()) +// bz are bytes to be broadcasted over the network +``` + +### Broadcasting the Transaction + +Once the transaction bytes are generated, there are currently three ways of broadcasting it. + +#### CLI + +Application developers create entry points to the application by creating a [command-line interface](/docs/sdk/vnext/learn/advanced/cli), [gRPC and/or REST interface](/docs/sdk/vnext/learn/advanced/grpc_rest), typically found in the application's `./cmd` folder. These interfaces allow users to interact with the application through command-line. + +For the [command-line interface](/docs/sdk/vnext/build/building-modules/module-interfaces#cli), module developers create subcommands to add as children to the application top-level transaction command `TxCmd`. CLI commands actually bundle all the steps of transaction processing into one simple command: creating messages, generating transactions and broadcasting. For concrete examples, see the [Interacting with a Node](/docs/sdk/vnext/user/run-node/interact-node) section. An example transaction made using CLI looks like: + +```bash +simd tx send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake +``` + +#### gRPC + +[gRPC](https://grpc.io) is the main component for the Cosmos SDK's RPC layer. Its principal usage is in the context of modules' [`Query` services](/docs/sdk/vnext/build/building-modules/query-services). However, the Cosmos SDK also exposes a few other module-agnostic gRPC services, one of them being the `Tx` service: + +```go expandable +syntax = "proto3"; +package cosmos.tx.v1beta1; + +import "google/api/annotations.proto"; +import "cosmos/base/abci/v1beta1/abci.proto"; +import "cosmos/tx/v1beta1/tx.proto"; +import "cosmos/base/query/v1beta1/pagination.proto"; +import "tendermint/types/block.proto"; +import "tendermint/types/types.proto"; +import "cosmos_proto/cosmos.proto"; + +option go_package = "github.com/cosmos/cosmos-sdk/types/tx"; + +// Service defines a gRPC service for interacting with transactions. +service Service { + // Simulate simulates executing a transaction for estimating gas usage. + rpc Simulate(SimulateRequest) + +returns (SimulateResponse) { + option (google.api.http) = { + post: "/cosmos/tx/v1beta1/simulate" + body: "*" +}; +} + // GetTx fetches a tx by hash. + rpc GetTx(GetTxRequest) + +returns (GetTxResponse) { + option (google.api.http).get = "/cosmos/tx/v1beta1/txs/{ + hash +}"; +} + // BroadcastTx broadcast transaction. + rpc BroadcastTx(BroadcastTxRequest) + +returns (BroadcastTxResponse) { + option (google.api.http) = { + post: "/cosmos/tx/v1beta1/txs" + body: "*" +}; +} + // GetTxsEvent fetches txs by event. + rpc GetTxsEvent(GetTxsEventRequest) + +returns (GetTxsEventResponse) { + option (google.api.http).get = "/cosmos/tx/v1beta1/txs"; +} + // GetBlockWithTxs fetches a block with decoded txs. + rpc GetBlockWithTxs(GetBlockWithTxsRequest) + +returns (GetBlockWithTxsResponse) { + option (cosmos_proto.method_added_in) = "cosmos-sdk 0.45.2"; + option (google.api.http).get = "/cosmos/tx/v1beta1/txs/block/{ + height +}"; +} + // TxDecode decodes the transaction. + rpc TxDecode(TxDecodeRequest) + +returns (TxDecodeResponse) { + option (google.api.http) = { + post: "/cosmos/tx/v1beta1/decode" + body: "*" +}; + option (cosmos_proto.method_added_in) = "cosmos-sdk 0.47"; +} + // TxEncode encodes the transaction. + rpc TxEncode(TxEncodeRequest) + +returns (TxEncodeResponse) { + option (google.api.http) = { + post: "/cosmos/tx/v1beta1/encode" + body: "*" +}; + option (cosmos_proto.method_added_in) = "cosmos-sdk 0.47"; +} + // TxEncodeAmino encodes an Amino transaction from JSON to encoded bytes. + rpc TxEncodeAmino(TxEncodeAminoRequest) + +returns (TxEncodeAminoResponse) { + option (google.api.http) = { + post: "/cosmos/tx/v1beta1/encode/amino" + body: "*" +}; + option (cosmos_proto.method_added_in) = "cosmos-sdk 0.47"; +} + // TxDecodeAmino decodes an Amino transaction from encoded bytes to JSON. + rpc TxDecodeAmino(TxDecodeAminoRequest) + +returns (TxDecodeAminoResponse) { + option (google.api.http) = { + post: "/cosmos/tx/v1beta1/decode/amino" + body: "*" +}; + option (cosmos_proto.method_added_in) = "cosmos-sdk 0.47"; +} +} + +// GetTxsEventRequest is the request type for the Service.TxsByEvents +// RPC method. +message GetTxsEventRequest { + // events is the list of transaction event type. + // Deprecated post v0.47.x: use query instead, which should contain a valid + // events query. + repeated string events = 1 [deprecated = true]; + + // pagination defines a pagination for the request. + // Deprecated post v0.46.x: use page and limit instead. + cosmos.base.query.v1beta1.PageRequest pagination = 2 [deprecated = true]; + + OrderBy order_by = 3; + + // page is the page number to query, starts at 1. If not provided, will + // default to first page. + uint64 page = 4; + + // limit is the total number of results to be returned in the result page. + // If left empty it will default to a value to be set by each app. + uint64 limit = 5; + + // query defines the transaction event query that is proxied to Tendermint's + // TxSearch RPC method. The query must be valid. + string query = 6 [(cosmos_proto.field_added_in) = "cosmos-sdk 0.50"]; +} + +// OrderBy defines the sorting order +enum OrderBy { + // ORDER_BY_UNSPECIFIED specifies an unknown sorting order. OrderBy defaults + // to ASC in this case. + ORDER_BY_UNSPECIFIED = 0; + // ORDER_BY_ASC defines ascending order + ORDER_BY_ASC = 1; + // ORDER_BY_DESC defines descending order + ORDER_BY_DESC = 2; +} + +// GetTxsEventResponse is the response type for the Service.TxsByEvents +// RPC method. +message GetTxsEventResponse { + // txs is the list of queried transactions. + repeated cosmos.tx.v1beta1.Tx txs = 1; + // tx_responses is the list of queried TxResponses. + repeated cosmos.base.abci.v1beta1.TxResponse tx_responses = 2; + // pagination defines a pagination for the response. + // Deprecated post v0.46.x: use total instead. + cosmos.base.query.v1beta1.PageResponse pagination = 3 [deprecated = true]; + // total is total number of results available + uint64 total = 4; +} + +// BroadcastTxRequest is the request type for the Service.BroadcastTxRequest +// RPC method. +message BroadcastTxRequest { + // tx_bytes is the raw transaction. + bytes tx_bytes = 1; + BroadcastMode mode = 2; +} + +// BroadcastMode specifies the broadcast mode for the TxService.Broadcast RPC +// method. +enum BroadcastMode { + // zero-value for mode ordering + BROADCAST_MODE_UNSPECIFIED = 0; + // DEPRECATED: use BROADCAST_MODE_SYNC instead, + // BROADCAST_MODE_BLOCK is not supported by the SDK from v0.47.x onwards. + BROADCAST_MODE_BLOCK = 1 [deprecated = true]; + // BROADCAST_MODE_SYNC defines a tx broadcasting mode where the client waits + // for a CheckTx execution response only. + BROADCAST_MODE_SYNC = 2; + // BROADCAST_MODE_ASYNC defines a tx broadcasting mode where the client + // returns immediately. + BROADCAST_MODE_ASYNC = 3; +} + +// BroadcastTxResponse is the response type for the +// Service.BroadcastTx method. +message BroadcastTxResponse { + // tx_response is the queried TxResponses. + cosmos.base.abci.v1beta1.TxResponse tx_response = 1; +} + +// SimulateRequest is the request type for the Service.Simulate +// RPC method. +message SimulateRequest { + // tx is the transaction to simulate. + // Deprecated. Send raw tx bytes instead. + cosmos.tx.v1beta1.Tx tx = 1 [deprecated = true]; + // tx_bytes is the raw transaction. + bytes tx_bytes = 2 [(cosmos_proto.field_added_in) = "cosmos-sdk 0.43"]; +} + +// SimulateResponse is the response type for the +// Service.SimulateRPC method. +message SimulateResponse { + // gas_info is the information about gas used in the simulation. + cosmos.base.abci.v1beta1.GasInfo gas_info = 1; + // result is the result of the simulation. + cosmos.base.abci.v1beta1.Result result = 2; +} + +// GetTxRequest is the request type for the Service.GetTx +// RPC method. +message GetTxRequest { + // hash is the tx hash to query, encoded as a hex string. + string hash = 1; +} + +// GetTxResponse is the response type for the Service.GetTx method. +message GetTxResponse { + // tx is the queried transaction. + cosmos.tx.v1beta1.Tx tx = 1; + // tx_response is the queried TxResponses. + cosmos.base.abci.v1beta1.TxResponse tx_response = 2; +} + +// GetBlockWithTxsRequest is the request type for the Service.GetBlockWithTxs +// RPC method. +message GetBlockWithTxsRequest { + option (cosmos_proto.message_added_in) = "cosmos-sdk 0.45.2"; + // height is the height of the block to query. + int64 height = 1; + // pagination defines a pagination for the request. + cosmos.base.query.v1beta1.PageRequest pagination = 2; +} + +// GetBlockWithTxsResponse is the response type for the Service.GetBlockWithTxs +// method. +message GetBlockWithTxsResponse { + option (cosmos_proto.message_added_in) = "cosmos-sdk 0.45.2"; + // txs are the transactions in the block. + repeated cosmos.tx.v1beta1.Tx txs = 1; + .tendermint.types.BlockID block_id = 2; + .tendermint.types.Block block = 3; + // pagination defines a pagination for the response. + cosmos.base.query.v1beta1.PageResponse pagination = 4; +} + +// TxDecodeRequest is the request type for the Service.TxDecode +// RPC method. +message TxDecodeRequest { + option (cosmos_proto.message_added_in) = "cosmos-sdk 0.47"; + // tx_bytes is the raw transaction. + bytes tx_bytes = 1; +} + +// TxDecodeResponse is the response type for the +// Service.TxDecode method. +message TxDecodeResponse { + option (cosmos_proto.message_added_in) = "cosmos-sdk 0.47"; + // tx is the decoded transaction. + cosmos.tx.v1beta1.Tx tx = 1; +} + +// TxEncodeRequest is the request type for the Service.TxEncode +// RPC method. +message TxEncodeRequest { + option (cosmos_proto.message_added_in) = "cosmos-sdk 0.47"; + // tx is the transaction to encode. + cosmos.tx.v1beta1.Tx tx = 1; +} + +// TxEncodeResponse is the response type for the +// Service.TxEncode method. +message TxEncodeResponse { + option (cosmos_proto.message_added_in) = "cosmos-sdk 0.47"; + // tx_bytes is the encoded transaction bytes. + bytes tx_bytes = 1; +} + +// TxEncodeAminoRequest is the request type for the Service.TxEncodeAmino +// RPC method. +message TxEncodeAminoRequest { + option (cosmos_proto.message_added_in) = "cosmos-sdk 0.47"; + string amino_json = 1; +} + +// TxEncodeAminoResponse is the response type for the Service.TxEncodeAmino +// RPC method. +message TxEncodeAminoResponse { + option (cosmos_proto.message_added_in) = "cosmos-sdk 0.47"; + bytes amino_binary = 1; +} + +// TxDecodeAminoRequest is the request type for the Service.TxDecodeAmino +// RPC method. +message TxDecodeAminoRequest { + option (cosmos_proto.message_added_in) = "cosmos-sdk 0.47"; + bytes amino_binary = 1; +} + +// TxDecodeAminoResponse is the response type for the Service.TxDecodeAmino +// RPC method. +message TxDecodeAminoResponse { + option (cosmos_proto.message_added_in) = "cosmos-sdk 0.47"; + string amino_json = 1; +} +``` + +The `Tx` service exposes a handful of utility functions, such as simulating a transaction or querying a transaction, and also one method to broadcast transactions. + +Examples of broadcasting and simulating a transaction are shown [here](/docs/sdk/vnext/user/run-node/txs#programmatically-with-go). + +#### REST + +Each gRPC method has its corresponding REST endpoint, generated using [gRPC-gateway](https://github.com/grpc-ecosystem/grpc-gateway). Therefore, instead of using gRPC, you can also use HTTP to broadcast the same transaction, on the `POST /cosmos/tx/v1beta1/txs` endpoint. + +An example can be seen [here](/docs/sdk/vnext/user/run-node/txs#using-rest) + +#### CometBFT RPC + +The three methods presented above are actually higher abstractions over the CometBFT RPC `/broadcast_tx_{async,sync,commit}` endpoints, documented [here](https://docs.cometbft.com/v0.37/core/rpc). This means that you can use the CometBFT RPC endpoints directly to broadcast the transaction, if you wish so. + +### Unordered Transactions + + + +Looking to enable unordered transactions on your chain? +Check out the [v0.53.0 Upgrade Guide](https://docs.cosmos.network/v0.53/build/migrations/upgrade-guide#enable-unordered-transactions-optional) + + + + + +Unordered transactions MUST leave sequence values unset. When a transaction is both unordered and contains a non-zero sequence value, +the transaction will be rejected. Services that operate on prior assumptions about transaction sequence values should be updated to handle unordered transactions. +Services should be aware that when the transaction is unordered, the transaction sequence will always be zero. + + + +Beginning with Cosmos SDK v0.53.0, chains may enable unordered transaction support. +Unordered transactions work by using a timestamp as the transaction's nonce value. The sequence value must NOT be set in the signature(s) of the transaction. +The timestamp must be greater than the current block time and not exceed the chain's configured max unordered timeout timestamp duration. +Senders must use a unique timestamp for each distinct transaction. The difference may be as small as a nanosecond, however. + +These unique timestamps serve as a one-shot nonce, and their lifespan in state is short-lived. +Upon transaction inclusion, an entry consisting of timeout timestamp and account address will be recorded to state. +Once the block time is passed the timeout timestamp value, the entry will be removed. This ensures that unordered nonces do not indefinitely fill up the chain's storage. diff --git a/docs/sdk/next/learn/advanced/upgrade.mdx b/docs/sdk/next/learn/advanced/upgrade.mdx new file mode 100644 index 00000000..5fb575a7 --- /dev/null +++ b/docs/sdk/next/learn/advanced/upgrade.mdx @@ -0,0 +1,163 @@ +--- +title: In-Place Store Migrations +--- + +Read and understand all the in-place store migration documentation before you run a migration on a live chain. + + + +**Synopsis** +Upgrade your app modules smoothly with custom in-place store migration logic. + + +The Cosmos SDK uses two methods to perform upgrades: + +* Exporting the entire application state to a JSON file using the `export` CLI command, making changes, and then starting a new binary with the changed JSON file as the genesis file. + +* Perform upgrades in place, which significantly decrease the upgrade time for chains with a larger state. Use the [Module Upgrade Guide](/docs/sdk/vnext/build/building-modules/upgrade) to set up your application modules to take advantage of in-place upgrades. + +This document provides steps to use the In-Place Store Migrations upgrade method. + +## Tracking Module Versions + +Each module gets assigned a consensus version by the module developer. The consensus version serves as the breaking change version of the module. The Cosmos SDK keeps track of all module consensus versions in the x/upgrade `VersionMap` store. During an upgrade, the difference between the old `VersionMap` stored in state and the new `VersionMap` is calculated by the Cosmos SDK. For each identified difference, the module-specific migrations are run and the respective consensus version of each upgraded module is incremented. + +### Consensus Version + +The consensus version is defined on each app module by the module developer and serves as the breaking change version of the module. The consensus version informs the Cosmos SDK on which modules need to be upgraded. For example, if the bank module was version 2 and an upgrade introduces bank module 3, the Cosmos SDK upgrades the bank module and runs the "version 2 to 3" migration script. + +### Version Map + +The version map is a mapping of module names to consensus versions. The map is persisted to x/upgrade's state for use during in-place migrations. When migrations finish, the updated version map is persisted in the state. + +## Upgrade Handlers + +Upgrades use an `UpgradeHandler` to facilitate migrations. The `UpgradeHandler` functions implemented by the app developer must conform to the following function signature. These functions retrieve the `VersionMap` from x/upgrade's state and return the new `VersionMap` to be stored in x/upgrade after the upgrade. The diff between the two `VersionMap`s determines which modules need upgrading. + +```go +type UpgradeHandler func(ctx sdk.Context, plan Plan, fromVM VersionMap) (VersionMap, error) +``` + +Inside these functions, you must perform any upgrade logic to include in the provided `plan`. All upgrade handler functions must end with the following line of code: + +```go +return app.mm.RunMigrations(ctx, cfg, fromVM) +``` + +## Running Migrations + +Migrations are run inside of an `UpgradeHandler` using `app.mm.RunMigrations(ctx, cfg, vm)`. The `UpgradeHandler` functions describe the functionality to occur during an upgrade. The `RunMigration` function loops through the `VersionMap` argument and runs the migration scripts for all versions that are less than the versions of the new binary app module. After the migrations are finished, a new `VersionMap` is returned to persist the upgraded module versions to state. + +```go +cfg := module.NewConfigurator(...) + +app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + + // ... + // additional upgrade logic + // ... + + // returns a VersionMap with the updated module ConsensusVersions + return app.mm.RunMigrations(ctx, fromVM) +}) +``` + +To learn more about configuring migration scripts for your modules, see the [Module Upgrade Guide](/docs/sdk/vnext/build/building-modules/upgrade). + +### Order Of Migrations + +By default, all migrations are run in module name alphabetical ascending order, except `x/auth` which is run last. The reason is state dependencies between x/auth and other modules (you can read more in [issue #10606](https://github.com/cosmos/cosmos-sdk/issues/10606)). + +If you want to change the order of migration, then you should call `app.mm.SetOrderMigrations(module1, module2, ...)` in your app.go file. The function will panic if you forget to include a module in the argument list. + +## Adding New Modules During Upgrades + +You can introduce entirely new modules to the application during an upgrade. New modules are recognized because they have not yet been registered in `x/upgrade`'s `VersionMap` store. In this case, `RunMigrations` calls the `InitGenesis` function from the corresponding module to set up its initial state. + +### Add StoreUpgrades for New Modules + +All chains preparing to run in-place store migrations will need to manually add store upgrades for new modules and then configure the store loader to apply those upgrades. This ensures that the new module's stores are added to the multistore before the migrations begin. + +```go expandable +upgradeInfo, err := app.UpgradeKeeper.ReadUpgradeInfoFromDisk() + if err != nil { + panic(err) +} + if upgradeInfo.Name == "my-plan" && !app.UpgradeKeeper.IsSkipHeight(upgradeInfo.Height) { + storeUpgrades := storetypes.StoreUpgrades{ + // add store upgrades for new modules + // Example: + // Added: []string{"foo", "bar" +}, + // ... +} + + // configure store loader that checks if version == upgradeHeight and applies store upgrades + app.SetStoreLoader(upgradetypes.UpgradeStoreLoader(upgradeInfo.Height, &storeUpgrades)) +} +``` + +## Genesis State + +When starting a new chain, the consensus version of each module MUST be saved to state during the application's genesis. To save the consensus version, add the following line to the `InitChainer` method in `app.go`: + +```diff +func (app *MyApp) InitChainer(ctx sdk.Context, req abci.InitChainRequest) abci.InitChainResponse { + ... ++ app.UpgradeKeeper.SetModuleVersionMap(ctx, app.mm.GetVersionMap()) + ... +} +``` + +This information is used by the Cosmos SDK to detect when modules with newer versions are introduced to the app. + +For a new module `foo`, `InitGenesis` is called by `RunMigration` only when `foo` is registered in the module manager but it's not set in the `fromVM`. Therefore, if you want to skip `InitGenesis` when a new module is added to the app, then you should set its module version in `fromVM` to the module consensus version: + +```go +app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + // ... + + // Set foo's version to the latest ConsensusVersion in the VersionMap. + // This will skip running InitGenesis on Foo + fromVM[foo.ModuleName] = foo.AppModule{ +}.ConsensusVersion() + +return app.mm.RunMigrations(ctx, fromVM) +}) +``` + +### Overwriting Genesis Functions + +The Cosmos SDK offers modules that the application developer can import in their app. These modules often have an `InitGenesis` function already defined. + +You can write your own `InitGenesis` function for an imported module. To do this, manually trigger your custom genesis function in the upgrade handler. + + +You MUST manually set the consensus version in the version map passed to the `UpgradeHandler` function. Without this, the SDK will run the Module's existing `InitGenesis` code even if you triggered your custom function in the `UpgradeHandler`. + + +```go expandable +import foo "github.com/my/module/foo" + +app.UpgradeKeeper.SetUpgradeHandler("my-plan", func(ctx sdk.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + + // Register the consensus version in the version map + // to avoid the SDK from triggering the default + // InitGenesis function. + fromVM["foo"] = foo.AppModule{ +}.ConsensusVersion() + + // Run custom InitGenesis for foo + app.mm["foo"].InitGenesis(ctx, app.appCodec, myCustomGenesisState) + +return app.mm.RunMigrations(ctx, cfg, fromVM) +}) +``` + +## Syncing a Full Node to an Upgraded Blockchain + +You can sync a full node to an existing blockchain which has been upgraded using Cosmovisor + +To successfully sync, you must start with the initial binary that the blockchain started with at genesis. If all Software Upgrade Plans contain binary instruction, then you can run Cosmovisor with auto-download option to automatically handle downloading and switching to the binaries associated with each sequential upgrade. Otherwise, you need to manually provide all binaries to Cosmovisor. + +To learn more about Cosmovisor, see the [Cosmovisor Quick Start](/docs/sdk/vnext/../../tools/cosmovisor/README). diff --git a/docs/sdk/next/learn/beginner/accounts.mdx b/docs/sdk/next/learn/beginner/accounts.mdx new file mode 100644 index 00000000..0c8e8326 --- /dev/null +++ b/docs/sdk/next/learn/beginner/accounts.mdx @@ -0,0 +1,3573 @@ +--- +title: Accounts +--- + +**Synopsis** +This document describes the in-built account and public key system of the Cosmos SDK. + + + +**Pre-requisite Readings** + +* [Anatomy of a Cosmos SDK Application](/docs/sdk/vnext/learn/beginner/app-anatomy) + + + +## Account Definition + +In the Cosmos SDK, an *account* designates a pair of *public key* `PubKey` and *private key* `PrivKey`. The `PubKey` can be derived to generate various `Addresses`, which are used to identify users (among other parties) in the application. `Addresses` are also associated with [`message`s](/docs/sdk/vnext/build/building-modules/messages-and-queries#messages) to identify the sender of the `message`. The `PrivKey` is used to generate [digital signatures](#signatures) to prove that an `Address` associated with the `PrivKey` approved of a given `message`. + +For HD key derivation the Cosmos SDK uses a standard called [BIP32](https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki). The BIP32 allows users to create an HD wallet (as specified in [BIP44](https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki)) - a set of accounts derived from an initial secret seed. A seed is usually created from a 12- or 24-word mnemonic. A single seed can derive any number of `PrivKey`s using a one-way cryptographic function. Then, a `PubKey` can be derived from the `PrivKey`. Naturally, the mnemonic is the most sensitive information, as private keys can always be re-generated if the mnemonic is preserved. + +```text expandable + Account 0 Account 1 Account 2 + ++------------------+ +------------------+ +------------------+ +| | | | | | +| Address 0 | | Address 1 | | Address 2 | +| ^ | | ^ | | ^ | +| | | | | | | | | +| | | | | | | | | +| | | | | | | | | +| + | | + | | + | +| Public key 0 | | Public key 1 | | Public key 2 | +| ^ | | ^ | | ^ | +| | | | | | | | | +| | | | | | | | | +| | | | | | | | | +| + | | + | | + | +| Private key 0 | | Private key 1 | | Private key 2 | +| ^ | | ^ | | ^ | ++------------------+ +------------------+ +------------------+ + | | | + | | | + | | | + +--------------------------------------------------------------------+ + | + | + +---------+---------+ + | | + | Master PrivKey | + | | + +-------------------+ + | + | + +---------+---------+ + | | + | Mnemonic (Seed) | + | | + +-------------------+ +``` + +In the Cosmos SDK, keys are stored and managed by using an object called a [`Keyring`](#keyring). + +## Keys, accounts, addresses, and signatures + +The principal way of authenticating a user is done using [digital signatures](https://en.wikipedia.org/wiki/Digital_signature). Users sign transactions using their own private key. Signature verification is done with the associated public key. For on-chain signature verification purposes, we store the public key in an `Account` object (alongside other data required for a proper transaction validation). + +In the node, all data is stored using Protocol Buffers serialization. + +The Cosmos SDK supports the following digital key schemes for creating digital signatures: + +* `secp256k1`, as implemented in the [Cosmos SDK's `crypto/keys/secp256k1` package](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keys/secp256k1/secp256k1.go). +* `secp256r1`, as implemented in the [Cosmos SDK's `crypto/keys/secp256r1` package](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keys/secp256r1/pubkey.go). +* `tm-ed25519`, as implemented in the [Cosmos SDK `crypto/keys/ed25519` package](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keys/ed25519/ed25519.go). This scheme is supported only for the consensus validation. + +| | Address length in bytes | Public key length in bytes | Used for transaction authentication | Used for consensus (cometbft) | +| :----------: | :---------------------: | :------------------------: | :---------------------------------: | :---------------------------: | +| `secp256k1` | 20 | 33 | yes | no | +| `secp256r1` | 32 | 33 | yes | no | +| `tm-ed25519` | -- not used -- | 32 | no | yes | + +## Addresses + +`Addresses` and `PubKey`s are both public information that identifies actors in the application. `Account` is used to store authentication information. The basic account implementation is provided by a `BaseAccount` object. + +Each account is identified using `Address` which is a sequence of bytes derived from a public key. In the Cosmos SDK, we define 3 types of addresses that specify a context where an account is used: + +* `AccAddress` identifies users (the sender of a `message`). +* `ValAddress` identifies validator operators. +* `ConsAddress` identifies validator nodes that are participating in consensus. Validator nodes are derived using the **`ed25519`** curve. + +These types implement the `Address` interface: + +```go expandable +package types + +import ( + + "bytes" + "encoding/hex" + "encoding/json" + "errors" + "fmt" + "strings" + "sync" + "sync/atomic" + "github.com/hashicorp/golang-lru/simplelru" + "sigs.k8s.io/yaml" + + errorsmod "cosmossdk.io/errors" + + cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" + "github.com/cosmos/cosmos-sdk/internal/conv" + "github.com/cosmos/cosmos-sdk/types/address" + "github.com/cosmos/cosmos-sdk/types/bech32" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" +) + +const ( + // Constants defined here are the defaults value for address. + // You can use the specific values for your project. + // Add the follow lines to the `main()` of your server. + // + // config := sdk.GetConfig() + // config.SetBech32PrefixForAccount(yourBech32PrefixAccAddr, yourBech32PrefixAccPub) + // config.SetBech32PrefixForValidator(yourBech32PrefixValAddr, yourBech32PrefixValPub) + // config.SetBech32PrefixForConsensusNode(yourBech32PrefixConsAddr, yourBech32PrefixConsPub) + // config.SetPurpose(yourPurpose) + // config.SetCoinType(yourCoinType) + // config.Seal() + + // Bech32MainPrefix defines the main SDK Bech32 prefix of an account's address + Bech32MainPrefix = "cosmos" + + // Purpose is the ATOM purpose as defined in SLIP44 (https://github.com/satoshilabs/slips/blob/master/slip-0044.md) + +Purpose = 44 + + // CoinType is the ATOM coin type as defined in SLIP44 (https://github.com/satoshilabs/slips/blob/master/slip-0044.md) + +CoinType = 118 + + // FullFundraiserPath is the parts of the BIP44 HD path that are fixed by + // what we used during the ATOM fundraiser. + FullFundraiserPath = "m/44'/118'/0'/0/0" + + // PrefixAccount is the prefix for account keys + PrefixAccount = "acc" + // PrefixValidator is the prefix for validator keys + PrefixValidator = "val" + // PrefixConsensus is the prefix for consensus keys + PrefixConsensus = "cons" + // PrefixPublic is the prefix for public keys + PrefixPublic = "pub" + // PrefixOperator is the prefix for operator keys + PrefixOperator = "oper" + + // PrefixAddress is the prefix for addresses + PrefixAddress = "addr" + + // Bech32PrefixAccAddr defines the Bech32 prefix of an account's address + Bech32PrefixAccAddr = Bech32MainPrefix + // Bech32PrefixAccPub defines the Bech32 prefix of an account's public key + Bech32PrefixAccPub = Bech32MainPrefix + PrefixPublic + // Bech32PrefixValAddr defines the Bech32 prefix of a validator's operator address + Bech32PrefixValAddr = Bech32MainPrefix + PrefixValidator + PrefixOperator + // Bech32PrefixValPub defines the Bech32 prefix of a validator's operator public key + Bech32PrefixValPub = Bech32MainPrefix + PrefixValidator + PrefixOperator + PrefixPublic + // Bech32PrefixConsAddr defines the Bech32 prefix of a consensus node address + Bech32PrefixConsAddr = Bech32MainPrefix + PrefixValidator + PrefixConsensus + // Bech32PrefixConsPub defines the Bech32 prefix of a consensus node public key + Bech32PrefixConsPub = Bech32MainPrefix + PrefixValidator + PrefixConsensus + PrefixPublic +) + +// cache variables +var ( + // AccAddress.String() + +is expensive and if unoptimized dominantly showed up in profiles, + // yet has no mechanisms to trivially cache the result given that AccAddress is a []byte type. + accAddrMu sync.Mutex + accAddrCache *simplelru.LRU + consAddrMu sync.Mutex + consAddrCache *simplelru.LRU + valAddrMu sync.Mutex + valAddrCache *simplelru.LRU + + isCachingEnabled atomic.Bool +) + +// sentinel errors +var ( + ErrEmptyHexAddress = errors.New("decoding address from hex string failed: empty address") +) + +func init() { + var err error + SetAddrCacheEnabled(true) + + // in total the cache size is 61k entries. Key is 32 bytes and value is around 50-70 bytes. + // That will make around 92 * 61k * 2 (LRU) + +bytes ~ 11 MB + if accAddrCache, err = simplelru.NewLRU(60000, nil); err != nil { + panic(err) +} + if consAddrCache, err = simplelru.NewLRU(500, nil); err != nil { + panic(err) +} + if valAddrCache, err = simplelru.NewLRU(500, nil); err != nil { + panic(err) +} +} + +// SetAddrCacheEnabled enables or disables accAddrCache, consAddrCache, and valAddrCache. By default, caches are enabled. +func SetAddrCacheEnabled(enabled bool) { + isCachingEnabled.Store(enabled) +} + +// IsAddrCacheEnabled returns if the address caches are enabled. +func IsAddrCacheEnabled() + +bool { + return isCachingEnabled.Load() +} + +// Address is a common interface for different types of addresses used by the SDK +type Address interface { + Equals(Address) + +bool + Empty() + +bool + Marshal() ([]byte, error) + +MarshalJSON() ([]byte, error) + +Bytes() []byte + String() + +string + Format(s fmt.State, verb rune) +} + +// Ensure that different address types implement the interface +var ( + _ Address = AccAddress{ +} + _ Address = ValAddress{ +} + _ Address = ConsAddress{ +} +) + +// ---------------------------------------------------------------------------- +// account +// ---------------------------------------------------------------------------- + +// AccAddress a wrapper around bytes meant to represent an account address. +// When marshaled to a string or JSON, it uses Bech32. +type AccAddress []byte + +// AccAddressFromHexUnsafe creates an AccAddress from a HEX-encoded string. +// +// Note, this function is considered unsafe as it may produce an AccAddress from +// otherwise invalid input, such as a transaction hash. Please use +// AccAddressFromBech32. +func AccAddressFromHexUnsafe(address string) (addr AccAddress, err error) { + bz, err := addressBytesFromHexString(address) + +return AccAddress(bz), err +} + +// VerifyAddressFormat verifies that the provided bytes form a valid address +// according to the default address rules or a custom address verifier set by +// GetConfig().SetAddressVerifier(). +// TODO make an issue to get rid of global Config +// ref: https://github.com/cosmos/cosmos-sdk/issues/9690 +func VerifyAddressFormat(bz []byte) + +error { + verifier := GetConfig().GetAddressVerifier() + if verifier != nil { + return verifier(bz) +} + if len(bz) == 0 { + return errorsmod.Wrap(sdkerrors.ErrUnknownAddress, "addresses cannot be empty") +} + if len(bz) > address.MaxAddrLen { + return errorsmod.Wrapf(sdkerrors.ErrUnknownAddress, "address max length is %d, got %d", address.MaxAddrLen, len(bz)) +} + +return nil +} + +// MustAccAddressFromBech32 calls AccAddressFromBech32 and panics on error. +func MustAccAddressFromBech32(address string) + +AccAddress { + addr, err := AccAddressFromBech32(address) + if err != nil { + panic(err) +} + +return addr +} + +// AccAddressFromBech32 creates an AccAddress from a Bech32 string. +func AccAddressFromBech32(address string) (addr AccAddress, err error) { + if len(strings.TrimSpace(address)) == 0 { + return AccAddress{ +}, errors.New("empty address string is not allowed") +} + +bech32PrefixAccAddr := GetConfig().GetBech32AccountAddrPrefix() + +bz, err := GetFromBech32(address, bech32PrefixAccAddr) + if err != nil { + return nil, err +} + +err = VerifyAddressFormat(bz) + if err != nil { + return nil, err +} + +return AccAddress(bz), nil +} + +// Returns boolean for whether two AccAddresses are Equal +func (aa AccAddress) + +Equals(aa2 Address) + +bool { + if aa.Empty() && aa2.Empty() { + return true +} + +return bytes.Equal(aa.Bytes(), aa2.Bytes()) +} + +// Returns boolean for whether an AccAddress is empty +func (aa AccAddress) + +Empty() + +bool { + return len(aa) == 0 +} + +// Marshal returns the raw address bytes. It is needed for protobuf +// compatibility. +func (aa AccAddress) + +Marshal() ([]byte, error) { + return aa, nil +} + +// Unmarshal sets the address to the given data. It is needed for protobuf +// compatibility. +func (aa *AccAddress) + +Unmarshal(data []byte) + +error { + *aa = data + return nil +} + +// MarshalJSON marshals to JSON using Bech32. +func (aa AccAddress) + +MarshalJSON() ([]byte, error) { + return json.Marshal(aa.String()) +} + +// MarshalYAML marshals to YAML using Bech32. +func (aa AccAddress) + +MarshalYAML() (any, error) { + return aa.String(), nil +} + +// UnmarshalJSON unmarshals from JSON assuming Bech32 encoding. +func (aa *AccAddress) + +UnmarshalJSON(data []byte) + +error { + var s string + err := json.Unmarshal(data, &s) + if err != nil { + return err +} + if s == "" { + *aa = AccAddress{ +} + +return nil +} + +aa2, err := AccAddressFromBech32(s) + if err != nil { + return err +} + + *aa = aa2 + return nil +} + +// UnmarshalYAML unmarshals from JSON assuming Bech32 encoding. +func (aa *AccAddress) + +UnmarshalYAML(data []byte) + +error { + var s string + err := yaml.Unmarshal(data, &s) + if err != nil { + return err +} + if s == "" { + *aa = AccAddress{ +} + +return nil +} + +aa2, err := AccAddressFromBech32(s) + if err != nil { + return err +} + + *aa = aa2 + return nil +} + +// Bytes returns the raw address bytes. +func (aa AccAddress) + +Bytes() []byte { + return aa +} + +// String implements the Stringer interface. +func (aa AccAddress) + +String() + +string { + if aa.Empty() { + return "" +} + key := conv.UnsafeBytesToStr(aa) + if IsAddrCacheEnabled() { + accAddrMu.Lock() + +defer accAddrMu.Unlock() + +addr, ok := accAddrCache.Get(key) + if ok { + return addr.(string) +} + +} + +return cacheBech32Addr(GetConfig().GetBech32AccountAddrPrefix(), aa, accAddrCache, key) +} + +// Format implements the fmt.Formatter interface. + +func (aa AccAddress) + +Format(s fmt.State, verb rune) { + switch verb { + case 's': + _, _ = s.Write([]byte(aa.String())) + case 'p': + _, _ = fmt.Fprintf(s, "%p", aa) + +default: + _, _ = fmt.Fprintf(s, "%X", []byte(aa)) +} +} + +// ---------------------------------------------------------------------------- +// validator operator +// ---------------------------------------------------------------------------- + +// ValAddress defines a wrapper around bytes meant to present a validator's +// operator. When marshaled to a string or JSON, it uses Bech32. +type ValAddress []byte + +// ValAddressFromHex creates a ValAddress from a hex string. +func ValAddressFromHex(address string) (addr ValAddress, err error) { + bz, err := addressBytesFromHexString(address) + +return ValAddress(bz), err +} + +// ValAddressFromBech32 creates a ValAddress from a Bech32 string. +func ValAddressFromBech32(address string) (addr ValAddress, err error) { + if len(strings.TrimSpace(address)) == 0 { + return ValAddress{ +}, errors.New("empty address string is not allowed") +} + +bech32PrefixValAddr := GetConfig().GetBech32ValidatorAddrPrefix() + +bz, err := GetFromBech32(address, bech32PrefixValAddr) + if err != nil { + return nil, err +} + +err = VerifyAddressFormat(bz) + if err != nil { + return nil, err +} + +return ValAddress(bz), nil +} + +// MustValAddressFromBech32 calls ValAddressFromBech32 and panics on error. +func MustValAddressFromBech32(address string) + +ValAddress { + addr, err := ValAddressFromBech32(address) + if err != nil { + panic(err) +} + +return addr +} + +// Returns boolean for whether two ValAddresses are Equal +func (va ValAddress) + +Equals(va2 Address) + +bool { + if va.Empty() && va2.Empty() { + return true +} + +return bytes.Equal(va.Bytes(), va2.Bytes()) +} + +// Returns boolean for whether an ValAddress is empty +func (va ValAddress) + +Empty() + +bool { + return len(va) == 0 +} + +// Marshal returns the raw address bytes. It is needed for protobuf +// compatibility. +func (va ValAddress) + +Marshal() ([]byte, error) { + return va, nil +} + +// Unmarshal sets the address to the given data. It is needed for protobuf +// compatibility. +func (va *ValAddress) + +Unmarshal(data []byte) + +error { + *va = data + return nil +} + +// MarshalJSON marshals to JSON using Bech32. +func (va ValAddress) + +MarshalJSON() ([]byte, error) { + return json.Marshal(va.String()) +} + +// MarshalYAML marshals to YAML using Bech32. +func (va ValAddress) + +MarshalYAML() (any, error) { + return va.String(), nil +} + +// UnmarshalJSON unmarshals from JSON assuming Bech32 encoding. +func (va *ValAddress) + +UnmarshalJSON(data []byte) + +error { + var s string + err := json.Unmarshal(data, &s) + if err != nil { + return err +} + if s == "" { + *va = ValAddress{ +} + +return nil +} + +va2, err := ValAddressFromBech32(s) + if err != nil { + return err +} + + *va = va2 + return nil +} + +// UnmarshalYAML unmarshals from YAML assuming Bech32 encoding. +func (va *ValAddress) + +UnmarshalYAML(data []byte) + +error { + var s string + err := yaml.Unmarshal(data, &s) + if err != nil { + return err +} + if s == "" { + *va = ValAddress{ +} + +return nil +} + +va2, err := ValAddressFromBech32(s) + if err != nil { + return err +} + + *va = va2 + return nil +} + +// Bytes returns the raw address bytes. +func (va ValAddress) + +Bytes() []byte { + return va +} + +// String implements the Stringer interface. +func (va ValAddress) + +String() + +string { + if va.Empty() { + return "" +} + key := conv.UnsafeBytesToStr(va) + if IsAddrCacheEnabled() { + valAddrMu.Lock() + +defer valAddrMu.Unlock() + +addr, ok := valAddrCache.Get(key) + if ok { + return addr.(string) +} + +} + +return cacheBech32Addr(GetConfig().GetBech32ValidatorAddrPrefix(), va, valAddrCache, key) +} + +// Format implements the fmt.Formatter interface. + +func (va ValAddress) + +Format(s fmt.State, verb rune) { + switch verb { + case 's': + _, _ = s.Write([]byte(va.String())) + case 'p': + _, _ = fmt.Fprintf(s, "%p", va) + +default: + _, _ = fmt.Fprintf(s, "%X", []byte(va)) +} +} + +// ---------------------------------------------------------------------------- +// consensus node +// ---------------------------------------------------------------------------- + +// ConsAddress defines a wrapper around bytes meant to present a consensus node. +// When marshaled to a string or JSON, it uses Bech32. +type ConsAddress []byte + +// ConsAddressFromHex creates a ConsAddress from a hex string. +// Deprecated: use ConsensusAddressCodec from Staking keeper +func ConsAddressFromHex(address string) (addr ConsAddress, err error) { + bz, err := addressBytesFromHexString(address) + +return ConsAddress(bz), err +} + +// ConsAddressFromBech32 creates a ConsAddress from a Bech32 string. +func ConsAddressFromBech32(address string) (addr ConsAddress, err error) { + if len(strings.TrimSpace(address)) == 0 { + return ConsAddress{ +}, errors.New("empty address string is not allowed") +} + +bech32PrefixConsAddr := GetConfig().GetBech32ConsensusAddrPrefix() + +bz, err := GetFromBech32(address, bech32PrefixConsAddr) + if err != nil { + return nil, err +} + +err = VerifyAddressFormat(bz) + if err != nil { + return nil, err +} + +return ConsAddress(bz), nil +} + +// get ConsAddress from pubkey +func GetConsAddress(pubkey cryptotypes.PubKey) + +ConsAddress { + return ConsAddress(pubkey.Address()) +} + +// Returns boolean for whether two ConsAddress are Equal +func (ca ConsAddress) + +Equals(ca2 Address) + +bool { + if ca.Empty() && ca2.Empty() { + return true +} + +return bytes.Equal(ca.Bytes(), ca2.Bytes()) +} + +// Returns boolean for whether an ConsAddress is empty +func (ca ConsAddress) + +Empty() + +bool { + return len(ca) == 0 +} + +// Marshal returns the raw address bytes. It is needed for protobuf +// compatibility. +func (ca ConsAddress) + +Marshal() ([]byte, error) { + return ca, nil +} + +// Unmarshal sets the address to the given data. It is needed for protobuf +// compatibility. +func (ca *ConsAddress) + +Unmarshal(data []byte) + +error { + *ca = data + return nil +} + +// MarshalJSON marshals to JSON using Bech32. +func (ca ConsAddress) + +MarshalJSON() ([]byte, error) { + return json.Marshal(ca.String()) +} + +// MarshalYAML marshals to YAML using Bech32. +func (ca ConsAddress) + +MarshalYAML() (any, error) { + return ca.String(), nil +} + +// UnmarshalJSON unmarshals from JSON assuming Bech32 encoding. +func (ca *ConsAddress) + +UnmarshalJSON(data []byte) + +error { + var s string + err := json.Unmarshal(data, &s) + if err != nil { + return err +} + if s == "" { + *ca = ConsAddress{ +} + +return nil +} + +ca2, err := ConsAddressFromBech32(s) + if err != nil { + return err +} + + *ca = ca2 + return nil +} + +// UnmarshalYAML unmarshals from YAML assuming Bech32 encoding. +func (ca *ConsAddress) + +UnmarshalYAML(data []byte) + +error { + var s string + err := yaml.Unmarshal(data, &s) + if err != nil { + return err +} + if s == "" { + *ca = ConsAddress{ +} + +return nil +} + +ca2, err := ConsAddressFromBech32(s) + if err != nil { + return err +} + + *ca = ca2 + return nil +} + +// Bytes returns the raw address bytes. +func (ca ConsAddress) + +Bytes() []byte { + return ca +} + +// String implements the Stringer interface. +func (ca ConsAddress) + +String() + +string { + if ca.Empty() { + return "" +} + key := conv.UnsafeBytesToStr(ca) + if IsAddrCacheEnabled() { + consAddrMu.Lock() + +defer consAddrMu.Unlock() + +addr, ok := consAddrCache.Get(key) + if ok { + return addr.(string) +} + +} + +return cacheBech32Addr(GetConfig().GetBech32ConsensusAddrPrefix(), ca, consAddrCache, key) +} + +// Bech32ifyAddressBytes returns a bech32 representation of address bytes. +// Returns an empty sting if the byte slice is 0-length. Returns an error if the bech32 conversion +// fails or the prefix is empty. +func Bech32ifyAddressBytes(prefix string, bs []byte) (string, error) { + if len(bs) == 0 { + return "", nil +} + if len(prefix) == 0 { + return "", errors.New("prefix cannot be empty") +} + +return bech32.ConvertAndEncode(prefix, bs) +} + +// MustBech32ifyAddressBytes returns a bech32 representation of address bytes. +// Returns an empty sting if the byte slice is 0-length. It panics if the bech32 conversion +// fails or the prefix is empty. +func MustBech32ifyAddressBytes(prefix string, bs []byte) + +string { + s, err := Bech32ifyAddressBytes(prefix, bs) + if err != nil { + panic(err) +} + +return s +} + +// Format implements the fmt.Formatter interface. + +func (ca ConsAddress) + +Format(s fmt.State, verb rune) { + switch verb { + case 's': + _, _ = s.Write([]byte(ca.String())) + case 'p': + _, _ = fmt.Fprintf(s, "%p", ca) + +default: + _, _ = fmt.Fprintf(s, "%X", []byte(ca)) +} +} + +// ---------------------------------------------------------------------------- +// auxiliary +// ---------------------------------------------------------------------------- + +var errBech32EmptyAddress = errors.New("decoding Bech32 address failed: must provide a non empty address") + +// GetFromBech32 decodes a bytestring from a Bech32 encoded string. +func GetFromBech32(bech32str, prefix string) ([]byte, error) { + if len(bech32str) == 0 { + return nil, errBech32EmptyAddress +} + +hrp, bz, err := bech32.DecodeAndConvert(bech32str) + if err != nil { + return nil, err +} + if hrp != prefix { + return nil, fmt.Errorf("invalid Bech32 prefix; expected %s, got %s", prefix, hrp) +} + +return bz, nil +} + +func addressBytesFromHexString(address string) ([]byte, error) { + if len(address) == 0 { + return nil, ErrEmptyHexAddress +} + +return hex.DecodeString(address) +} + +// cacheBech32Addr is not concurrency safe. Concurrent access to cache causes race condition. +func cacheBech32Addr(prefix string, addr []byte, cache *simplelru.LRU, cacheKey string) + +string { + bech32Addr, err := bech32.ConvertAndEncode(prefix, addr) + if err != nil { + panic(err) +} + if IsAddrCacheEnabled() { + cache.Add(cacheKey, bech32Addr) +} + +return bech32Addr +} +``` + +Address construction algorithm is defined in [ADR-28](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-028-public-key-addresses.md). +Here is the standard way to obtain an account address from a `pub` public key: + +```go +sdk.AccAddress(pub.Address().Bytes()) +``` + +Of note, the `Marshal()` and `Bytes()` method both return the same raw `[]byte` form of the address. `Marshal()` is required for Protobuf compatibility. + +For user interaction, addresses are formatted using [Bech32](https://en.bitcoin.it/wiki/Bech32) and implemented by the `String` method. The Bech32 method is the only supported format to use when interacting with a blockchain. The Bech32 human-readable part (Bech32 prefix) is used to denote an address type. Example: + +```go expandable +package types + +import ( + + "bytes" + "encoding/hex" + "encoding/json" + "errors" + "fmt" + "strings" + "sync" + "sync/atomic" + "github.com/hashicorp/golang-lru/simplelru" + "sigs.k8s.io/yaml" + + errorsmod "cosmossdk.io/errors" + + cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" + "github.com/cosmos/cosmos-sdk/internal/conv" + "github.com/cosmos/cosmos-sdk/types/address" + "github.com/cosmos/cosmos-sdk/types/bech32" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" +) + +const ( + // Constants defined here are the defaults value for address. + // You can use the specific values for your project. + // Add the follow lines to the `main()` of your server. + // + // config := sdk.GetConfig() + // config.SetBech32PrefixForAccount(yourBech32PrefixAccAddr, yourBech32PrefixAccPub) + // config.SetBech32PrefixForValidator(yourBech32PrefixValAddr, yourBech32PrefixValPub) + // config.SetBech32PrefixForConsensusNode(yourBech32PrefixConsAddr, yourBech32PrefixConsPub) + // config.SetPurpose(yourPurpose) + // config.SetCoinType(yourCoinType) + // config.Seal() + + // Bech32MainPrefix defines the main SDK Bech32 prefix of an account's address + Bech32MainPrefix = "cosmos" + + // Purpose is the ATOM purpose as defined in SLIP44 (https://github.com/satoshilabs/slips/blob/master/slip-0044.md) + +Purpose = 44 + + // CoinType is the ATOM coin type as defined in SLIP44 (https://github.com/satoshilabs/slips/blob/master/slip-0044.md) + +CoinType = 118 + + // FullFundraiserPath is the parts of the BIP44 HD path that are fixed by + // what we used during the ATOM fundraiser. + FullFundraiserPath = "m/44'/118'/0'/0/0" + + // PrefixAccount is the prefix for account keys + PrefixAccount = "acc" + // PrefixValidator is the prefix for validator keys + PrefixValidator = "val" + // PrefixConsensus is the prefix for consensus keys + PrefixConsensus = "cons" + // PrefixPublic is the prefix for public keys + PrefixPublic = "pub" + // PrefixOperator is the prefix for operator keys + PrefixOperator = "oper" + + // PrefixAddress is the prefix for addresses + PrefixAddress = "addr" + + // Bech32PrefixAccAddr defines the Bech32 prefix of an account's address + Bech32PrefixAccAddr = Bech32MainPrefix + // Bech32PrefixAccPub defines the Bech32 prefix of an account's public key + Bech32PrefixAccPub = Bech32MainPrefix + PrefixPublic + // Bech32PrefixValAddr defines the Bech32 prefix of a validator's operator address + Bech32PrefixValAddr = Bech32MainPrefix + PrefixValidator + PrefixOperator + // Bech32PrefixValPub defines the Bech32 prefix of a validator's operator public key + Bech32PrefixValPub = Bech32MainPrefix + PrefixValidator + PrefixOperator + PrefixPublic + // Bech32PrefixConsAddr defines the Bech32 prefix of a consensus node address + Bech32PrefixConsAddr = Bech32MainPrefix + PrefixValidator + PrefixConsensus + // Bech32PrefixConsPub defines the Bech32 prefix of a consensus node public key + Bech32PrefixConsPub = Bech32MainPrefix + PrefixValidator + PrefixConsensus + PrefixPublic +) + +// cache variables +var ( + // AccAddress.String() + +is expensive and if unoptimized dominantly showed up in profiles, + // yet has no mechanisms to trivially cache the result given that AccAddress is a []byte type. + accAddrMu sync.Mutex + accAddrCache *simplelru.LRU + consAddrMu sync.Mutex + consAddrCache *simplelru.LRU + valAddrMu sync.Mutex + valAddrCache *simplelru.LRU + + isCachingEnabled atomic.Bool +) + +// sentinel errors +var ( + ErrEmptyHexAddress = errors.New("decoding address from hex string failed: empty address") +) + +func init() { + var err error + SetAddrCacheEnabled(true) + + // in total the cache size is 61k entries. Key is 32 bytes and value is around 50-70 bytes. + // That will make around 92 * 61k * 2 (LRU) + +bytes ~ 11 MB + if accAddrCache, err = simplelru.NewLRU(60000, nil); err != nil { + panic(err) +} + if consAddrCache, err = simplelru.NewLRU(500, nil); err != nil { + panic(err) +} + if valAddrCache, err = simplelru.NewLRU(500, nil); err != nil { + panic(err) +} +} + +// SetAddrCacheEnabled enables or disables accAddrCache, consAddrCache, and valAddrCache. By default, caches are enabled. +func SetAddrCacheEnabled(enabled bool) { + isCachingEnabled.Store(enabled) +} + +// IsAddrCacheEnabled returns if the address caches are enabled. +func IsAddrCacheEnabled() + +bool { + return isCachingEnabled.Load() +} + +// Address is a common interface for different types of addresses used by the SDK +type Address interface { + Equals(Address) + +bool + Empty() + +bool + Marshal() ([]byte, error) + +MarshalJSON() ([]byte, error) + +Bytes() []byte + String() + +string + Format(s fmt.State, verb rune) +} + +// Ensure that different address types implement the interface +var ( + _ Address = AccAddress{ +} + _ Address = ValAddress{ +} + _ Address = ConsAddress{ +} +) + +// ---------------------------------------------------------------------------- +// account +// ---------------------------------------------------------------------------- + +// AccAddress a wrapper around bytes meant to represent an account address. +// When marshaled to a string or JSON, it uses Bech32. +type AccAddress []byte + +// AccAddressFromHexUnsafe creates an AccAddress from a HEX-encoded string. +// +// Note, this function is considered unsafe as it may produce an AccAddress from +// otherwise invalid input, such as a transaction hash. Please use +// AccAddressFromBech32. +func AccAddressFromHexUnsafe(address string) (addr AccAddress, err error) { + bz, err := addressBytesFromHexString(address) + +return AccAddress(bz), err +} + +// VerifyAddressFormat verifies that the provided bytes form a valid address +// according to the default address rules or a custom address verifier set by +// GetConfig().SetAddressVerifier(). +// TODO make an issue to get rid of global Config +// ref: https://github.com/cosmos/cosmos-sdk/issues/9690 +func VerifyAddressFormat(bz []byte) + +error { + verifier := GetConfig().GetAddressVerifier() + if verifier != nil { + return verifier(bz) +} + if len(bz) == 0 { + return errorsmod.Wrap(sdkerrors.ErrUnknownAddress, "addresses cannot be empty") +} + if len(bz) > address.MaxAddrLen { + return errorsmod.Wrapf(sdkerrors.ErrUnknownAddress, "address max length is %d, got %d", address.MaxAddrLen, len(bz)) +} + +return nil +} + +// MustAccAddressFromBech32 calls AccAddressFromBech32 and panics on error. +func MustAccAddressFromBech32(address string) + +AccAddress { + addr, err := AccAddressFromBech32(address) + if err != nil { + panic(err) +} + +return addr +} + +// AccAddressFromBech32 creates an AccAddress from a Bech32 string. +func AccAddressFromBech32(address string) (addr AccAddress, err error) { + if len(strings.TrimSpace(address)) == 0 { + return AccAddress{ +}, errors.New("empty address string is not allowed") +} + +bech32PrefixAccAddr := GetConfig().GetBech32AccountAddrPrefix() + +bz, err := GetFromBech32(address, bech32PrefixAccAddr) + if err != nil { + return nil, err +} + +err = VerifyAddressFormat(bz) + if err != nil { + return nil, err +} + +return AccAddress(bz), nil +} + +// Returns boolean for whether two AccAddresses are Equal +func (aa AccAddress) + +Equals(aa2 Address) + +bool { + if aa.Empty() && aa2.Empty() { + return true +} + +return bytes.Equal(aa.Bytes(), aa2.Bytes()) +} + +// Returns boolean for whether an AccAddress is empty +func (aa AccAddress) + +Empty() + +bool { + return len(aa) == 0 +} + +// Marshal returns the raw address bytes. It is needed for protobuf +// compatibility. +func (aa AccAddress) + +Marshal() ([]byte, error) { + return aa, nil +} + +// Unmarshal sets the address to the given data. It is needed for protobuf +// compatibility. +func (aa *AccAddress) + +Unmarshal(data []byte) + +error { + *aa = data + return nil +} + +// MarshalJSON marshals to JSON using Bech32. +func (aa AccAddress) + +MarshalJSON() ([]byte, error) { + return json.Marshal(aa.String()) +} + +// MarshalYAML marshals to YAML using Bech32. +func (aa AccAddress) + +MarshalYAML() (any, error) { + return aa.String(), nil +} + +// UnmarshalJSON unmarshals from JSON assuming Bech32 encoding. +func (aa *AccAddress) + +UnmarshalJSON(data []byte) + +error { + var s string + err := json.Unmarshal(data, &s) + if err != nil { + return err +} + if s == "" { + *aa = AccAddress{ +} + +return nil +} + +aa2, err := AccAddressFromBech32(s) + if err != nil { + return err +} + + *aa = aa2 + return nil +} + +// UnmarshalYAML unmarshals from JSON assuming Bech32 encoding. +func (aa *AccAddress) + +UnmarshalYAML(data []byte) + +error { + var s string + err := yaml.Unmarshal(data, &s) + if err != nil { + return err +} + if s == "" { + *aa = AccAddress{ +} + +return nil +} + +aa2, err := AccAddressFromBech32(s) + if err != nil { + return err +} + + *aa = aa2 + return nil +} + +// Bytes returns the raw address bytes. +func (aa AccAddress) + +Bytes() []byte { + return aa +} + +// String implements the Stringer interface. +func (aa AccAddress) + +String() + +string { + if aa.Empty() { + return "" +} + key := conv.UnsafeBytesToStr(aa) + if IsAddrCacheEnabled() { + accAddrMu.Lock() + +defer accAddrMu.Unlock() + +addr, ok := accAddrCache.Get(key) + if ok { + return addr.(string) +} + +} + +return cacheBech32Addr(GetConfig().GetBech32AccountAddrPrefix(), aa, accAddrCache, key) +} + +// Format implements the fmt.Formatter interface. + +func (aa AccAddress) + +Format(s fmt.State, verb rune) { + switch verb { + case 's': + _, _ = s.Write([]byte(aa.String())) + case 'p': + _, _ = fmt.Fprintf(s, "%p", aa) + +default: + _, _ = fmt.Fprintf(s, "%X", []byte(aa)) +} +} + +// ---------------------------------------------------------------------------- +// validator operator +// ---------------------------------------------------------------------------- + +// ValAddress defines a wrapper around bytes meant to present a validator's +// operator. When marshaled to a string or JSON, it uses Bech32. +type ValAddress []byte + +// ValAddressFromHex creates a ValAddress from a hex string. +func ValAddressFromHex(address string) (addr ValAddress, err error) { + bz, err := addressBytesFromHexString(address) + +return ValAddress(bz), err +} + +// ValAddressFromBech32 creates a ValAddress from a Bech32 string. +func ValAddressFromBech32(address string) (addr ValAddress, err error) { + if len(strings.TrimSpace(address)) == 0 { + return ValAddress{ +}, errors.New("empty address string is not allowed") +} + +bech32PrefixValAddr := GetConfig().GetBech32ValidatorAddrPrefix() + +bz, err := GetFromBech32(address, bech32PrefixValAddr) + if err != nil { + return nil, err +} + +err = VerifyAddressFormat(bz) + if err != nil { + return nil, err +} + +return ValAddress(bz), nil +} + +// MustValAddressFromBech32 calls ValAddressFromBech32 and panics on error. +func MustValAddressFromBech32(address string) + +ValAddress { + addr, err := ValAddressFromBech32(address) + if err != nil { + panic(err) +} + +return addr +} + +// Returns boolean for whether two ValAddresses are Equal +func (va ValAddress) + +Equals(va2 Address) + +bool { + if va.Empty() && va2.Empty() { + return true +} + +return bytes.Equal(va.Bytes(), va2.Bytes()) +} + +// Returns boolean for whether an ValAddress is empty +func (va ValAddress) + +Empty() + +bool { + return len(va) == 0 +} + +// Marshal returns the raw address bytes. It is needed for protobuf +// compatibility. +func (va ValAddress) + +Marshal() ([]byte, error) { + return va, nil +} + +// Unmarshal sets the address to the given data. It is needed for protobuf +// compatibility. +func (va *ValAddress) + +Unmarshal(data []byte) + +error { + *va = data + return nil +} + +// MarshalJSON marshals to JSON using Bech32. +func (va ValAddress) + +MarshalJSON() ([]byte, error) { + return json.Marshal(va.String()) +} + +// MarshalYAML marshals to YAML using Bech32. +func (va ValAddress) + +MarshalYAML() (any, error) { + return va.String(), nil +} + +// UnmarshalJSON unmarshals from JSON assuming Bech32 encoding. +func (va *ValAddress) + +UnmarshalJSON(data []byte) + +error { + var s string + err := json.Unmarshal(data, &s) + if err != nil { + return err +} + if s == "" { + *va = ValAddress{ +} + +return nil +} + +va2, err := ValAddressFromBech32(s) + if err != nil { + return err +} + + *va = va2 + return nil +} + +// UnmarshalYAML unmarshals from YAML assuming Bech32 encoding. +func (va *ValAddress) + +UnmarshalYAML(data []byte) + +error { + var s string + err := yaml.Unmarshal(data, &s) + if err != nil { + return err +} + if s == "" { + *va = ValAddress{ +} + +return nil +} + +va2, err := ValAddressFromBech32(s) + if err != nil { + return err +} + + *va = va2 + return nil +} + +// Bytes returns the raw address bytes. +func (va ValAddress) + +Bytes() []byte { + return va +} + +// String implements the Stringer interface. +func (va ValAddress) + +String() + +string { + if va.Empty() { + return "" +} + key := conv.UnsafeBytesToStr(va) + if IsAddrCacheEnabled() { + valAddrMu.Lock() + +defer valAddrMu.Unlock() + +addr, ok := valAddrCache.Get(key) + if ok { + return addr.(string) +} + +} + +return cacheBech32Addr(GetConfig().GetBech32ValidatorAddrPrefix(), va, valAddrCache, key) +} + +// Format implements the fmt.Formatter interface. + +func (va ValAddress) + +Format(s fmt.State, verb rune) { + switch verb { + case 's': + _, _ = s.Write([]byte(va.String())) + case 'p': + _, _ = fmt.Fprintf(s, "%p", va) + +default: + _, _ = fmt.Fprintf(s, "%X", []byte(va)) +} +} + +// ---------------------------------------------------------------------------- +// consensus node +// ---------------------------------------------------------------------------- + +// ConsAddress defines a wrapper around bytes meant to present a consensus node. +// When marshaled to a string or JSON, it uses Bech32. +type ConsAddress []byte + +// ConsAddressFromHex creates a ConsAddress from a hex string. +// Deprecated: use ConsensusAddressCodec from Staking keeper +func ConsAddressFromHex(address string) (addr ConsAddress, err error) { + bz, err := addressBytesFromHexString(address) + +return ConsAddress(bz), err +} + +// ConsAddressFromBech32 creates a ConsAddress from a Bech32 string. +func ConsAddressFromBech32(address string) (addr ConsAddress, err error) { + if len(strings.TrimSpace(address)) == 0 { + return ConsAddress{ +}, errors.New("empty address string is not allowed") +} + +bech32PrefixConsAddr := GetConfig().GetBech32ConsensusAddrPrefix() + +bz, err := GetFromBech32(address, bech32PrefixConsAddr) + if err != nil { + return nil, err +} + +err = VerifyAddressFormat(bz) + if err != nil { + return nil, err +} + +return ConsAddress(bz), nil +} + +// get ConsAddress from pubkey +func GetConsAddress(pubkey cryptotypes.PubKey) + +ConsAddress { + return ConsAddress(pubkey.Address()) +} + +// Returns boolean for whether two ConsAddress are Equal +func (ca ConsAddress) + +Equals(ca2 Address) + +bool { + if ca.Empty() && ca2.Empty() { + return true +} + +return bytes.Equal(ca.Bytes(), ca2.Bytes()) +} + +// Returns boolean for whether an ConsAddress is empty +func (ca ConsAddress) + +Empty() + +bool { + return len(ca) == 0 +} + +// Marshal returns the raw address bytes. It is needed for protobuf +// compatibility. +func (ca ConsAddress) + +Marshal() ([]byte, error) { + return ca, nil +} + +// Unmarshal sets the address to the given data. It is needed for protobuf +// compatibility. +func (ca *ConsAddress) + +Unmarshal(data []byte) + +error { + *ca = data + return nil +} + +// MarshalJSON marshals to JSON using Bech32. +func (ca ConsAddress) + +MarshalJSON() ([]byte, error) { + return json.Marshal(ca.String()) +} + +// MarshalYAML marshals to YAML using Bech32. +func (ca ConsAddress) + +MarshalYAML() (any, error) { + return ca.String(), nil +} + +// UnmarshalJSON unmarshals from JSON assuming Bech32 encoding. +func (ca *ConsAddress) + +UnmarshalJSON(data []byte) + +error { + var s string + err := json.Unmarshal(data, &s) + if err != nil { + return err +} + if s == "" { + *ca = ConsAddress{ +} + +return nil +} + +ca2, err := ConsAddressFromBech32(s) + if err != nil { + return err +} + + *ca = ca2 + return nil +} + +// UnmarshalYAML unmarshals from YAML assuming Bech32 encoding. +func (ca *ConsAddress) + +UnmarshalYAML(data []byte) + +error { + var s string + err := yaml.Unmarshal(data, &s) + if err != nil { + return err +} + if s == "" { + *ca = ConsAddress{ +} + +return nil +} + +ca2, err := ConsAddressFromBech32(s) + if err != nil { + return err +} + + *ca = ca2 + return nil +} + +// Bytes returns the raw address bytes. +func (ca ConsAddress) + +Bytes() []byte { + return ca +} + +// String implements the Stringer interface. +func (ca ConsAddress) + +String() + +string { + if ca.Empty() { + return "" +} + key := conv.UnsafeBytesToStr(ca) + if IsAddrCacheEnabled() { + consAddrMu.Lock() + +defer consAddrMu.Unlock() + +addr, ok := consAddrCache.Get(key) + if ok { + return addr.(string) +} + +} + +return cacheBech32Addr(GetConfig().GetBech32ConsensusAddrPrefix(), ca, consAddrCache, key) +} + +// Bech32ifyAddressBytes returns a bech32 representation of address bytes. +// Returns an empty sting if the byte slice is 0-length. Returns an error if the bech32 conversion +// fails or the prefix is empty. +func Bech32ifyAddressBytes(prefix string, bs []byte) (string, error) { + if len(bs) == 0 { + return "", nil +} + if len(prefix) == 0 { + return "", errors.New("prefix cannot be empty") +} + +return bech32.ConvertAndEncode(prefix, bs) +} + +// MustBech32ifyAddressBytes returns a bech32 representation of address bytes. +// Returns an empty sting if the byte slice is 0-length. It panics if the bech32 conversion +// fails or the prefix is empty. +func MustBech32ifyAddressBytes(prefix string, bs []byte) + +string { + s, err := Bech32ifyAddressBytes(prefix, bs) + if err != nil { + panic(err) +} + +return s +} + +// Format implements the fmt.Formatter interface. + +func (ca ConsAddress) + +Format(s fmt.State, verb rune) { + switch verb { + case 's': + _, _ = s.Write([]byte(ca.String())) + case 'p': + _, _ = fmt.Fprintf(s, "%p", ca) + +default: + _, _ = fmt.Fprintf(s, "%X", []byte(ca)) +} +} + +// ---------------------------------------------------------------------------- +// auxiliary +// ---------------------------------------------------------------------------- + +var errBech32EmptyAddress = errors.New("decoding Bech32 address failed: must provide a non empty address") + +// GetFromBech32 decodes a bytestring from a Bech32 encoded string. +func GetFromBech32(bech32str, prefix string) ([]byte, error) { + if len(bech32str) == 0 { + return nil, errBech32EmptyAddress +} + +hrp, bz, err := bech32.DecodeAndConvert(bech32str) + if err != nil { + return nil, err +} + if hrp != prefix { + return nil, fmt.Errorf("invalid Bech32 prefix; expected %s, got %s", prefix, hrp) +} + +return bz, nil +} + +func addressBytesFromHexString(address string) ([]byte, error) { + if len(address) == 0 { + return nil, ErrEmptyHexAddress +} + +return hex.DecodeString(address) +} + +// cacheBech32Addr is not concurrency safe. Concurrent access to cache causes race condition. +func cacheBech32Addr(prefix string, addr []byte, cache *simplelru.LRU, cacheKey string) + +string { + bech32Addr, err := bech32.ConvertAndEncode(prefix, addr) + if err != nil { + panic(err) +} + if IsAddrCacheEnabled() { + cache.Add(cacheKey, bech32Addr) +} + +return bech32Addr +} +``` + +| | Address Bech32 Prefix | +| ------------------ | --------------------- | +| Accounts | cosmos | +| Validator Operator | cosmosvaloper | +| Consensus Nodes | cosmosvalcons | + +### Public Keys + +Public keys in Cosmos SDK are defined by `cryptotypes.PubKey` interface. Since public keys are saved in a store, `cryptotypes.PubKey` extends the `proto.Message` interface: + +```go expandable +package types + +import ( + + cmtcrypto "github.com/cometbft/cometbft/crypto" + proto "github.com/cosmos/gogoproto/proto" +) + +// PubKey defines a public key and extends proto.Message. +type PubKey interface { + proto.Message + + Address() + +Address + Bytes() []byte + VerifySignature(msg, sig []byte) + +bool + Equals(PubKey) + +bool + Type() + +string +} + +// LedgerPrivKey defines a private key that is not a proto message. For now, +// LedgerSecp256k1 keys are not converted to proto.Message yet, this is why +// they use LedgerPrivKey instead of PrivKey. All other keys must use PrivKey +// instead of LedgerPrivKey. +// TODO https://github.com/cosmos/cosmos-sdk/issues/7357. +type LedgerPrivKey interface { + Bytes() []byte + Sign(msg []byte) ([]byte, error) + +PubKey() + +PubKey + Equals(LedgerPrivKey) + +bool + Type() + +string +} + +// LedgerPrivKeyAminoJSON is a Ledger PrivKey type that supports signing with +// SIGN_MODE_LEGACY_AMINO_JSON. It is added as a non-breaking change, instead of directly +// on the LedgerPrivKey interface (whose Sign method will sign with TEXTUAL), +// and will be deprecated/removed once LEGACY_AMINO_JSON is removed. +type LedgerPrivKeyAminoJSON interface { + LedgerPrivKey + // SignLedgerAminoJSON signs a messages on the Ledger device using + // SIGN_MODE_LEGACY_AMINO_JSON. + SignLedgerAminoJSON(msg []byte) ([]byte, error) +} + +// PrivKey defines a private key and extends proto.Message. For now, it extends +// LedgerPrivKey (see godoc for LedgerPrivKey). Ultimately, we should remove +// LedgerPrivKey and add its methods here directly. +// TODO https://github.com/cosmos/cosmos-sdk/issues/7357. +type PrivKey interface { + proto.Message + LedgerPrivKey +} + +type ( + Address = cmtcrypto.Address +) +``` + +A compressed format is used for `secp256k1` and `secp256r1` serialization. + +* The first byte is a `0x02` byte if the `y`-coordinate is the lexicographically largest of the two associated with the `x`-coordinate. +* Otherwise the first byte is a `0x03`. + +This prefix is followed by the `x`-coordinate. + +Public Keys are not used to reference accounts (or users) and in general are not used when composing transaction messages (with few exceptions: `MsgCreateValidator`, `Validator` and `Multisig` messages). +For user interactions, `PubKey` is formatted using Protobufs JSON ([ProtoMarshalJSON](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/codec/json.go#L14-L34) function). Example: + +```go expandable +package keys + +import ( + + "github.com/cosmos/cosmos-sdk/codec" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + "github.com/cosmos/cosmos-sdk/crypto/keyring" + cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" + sdk "github.com/cosmos/cosmos-sdk/types" +) + +// Use protobuf interface marshaler rather then generic JSON + +// KeyOutput defines a structure wrapping around an Info object used for output +// functionality. +type KeyOutput struct { + Name string `json:"name" yaml:"name"` + Type string `json:"type" yaml:"type"` + Address string `json:"address" yaml:"address"` + PubKey string `json:"pubkey" yaml:"pubkey"` + Mnemonic string `json:"mnemonic,omitempty" yaml:"mnemonic"` +} + +// NewKeyOutput creates a default KeyOutput instance without Mnemonic, Threshold and PubKeys +func NewKeyOutput(name string, keyType keyring.KeyType, a sdk.Address, pk cryptotypes.PubKey) (KeyOutput, error) { + apk, err := codectypes.NewAnyWithValue(pk) + if err != nil { + return KeyOutput{ +}, err +} + +bz, err := codec.ProtoMarshalJSON(apk, nil) + if err != nil { + return KeyOutput{ +}, err +} + +return KeyOutput{ + Name: name, + Type: keyType.String(), + Address: a.String(), + PubKey: string(bz), +}, nil +} + +// MkConsKeyOutput create a KeyOutput in with "cons" Bech32 prefixes. +func MkConsKeyOutput(k *keyring.Record) (KeyOutput, error) { + pk, err := k.GetPubKey() + if err != nil { + return KeyOutput{ +}, err +} + addr := sdk.ConsAddress(pk.Address()) + +return NewKeyOutput(k.Name, k.GetType(), addr, pk) +} + +// MkValKeyOutput create a KeyOutput in with "val" Bech32 prefixes. +func MkValKeyOutput(k *keyring.Record) (KeyOutput, error) { + pk, err := k.GetPubKey() + if err != nil { + return KeyOutput{ +}, err +} + addr := sdk.ValAddress(pk.Address()) + +return NewKeyOutput(k.Name, k.GetType(), addr, pk) +} + +// MkAccKeyOutput create a KeyOutput in with "acc" Bech32 prefixes. If the +// public key is a multisig public key, then the threshold and constituent +// public keys will be added. +func MkAccKeyOutput(k *keyring.Record) (KeyOutput, error) { + pk, err := k.GetPubKey() + if err != nil { + return KeyOutput{ +}, err +} + addr := sdk.AccAddress(pk.Address()) + +return NewKeyOutput(k.Name, k.GetType(), addr, pk) +} + +// MkAccKeysOutput returns a slice of KeyOutput objects, each with the "acc" +// Bech32 prefixes, given a slice of Record objects. It returns an error if any +// call to MkKeyOutput fails. +func MkAccKeysOutput(records []*keyring.Record) ([]KeyOutput, error) { + kos := make([]KeyOutput, len(records)) + +var err error + for i, r := range records { + kos[i], err = MkAccKeyOutput(r) + if err != nil { + return nil, err +} + +} + +return kos, nil +} +``` + +## Keyring + +A `Keyring` is an object that stores and manages accounts. In the Cosmos SDK, a `Keyring` implementation follows the `Keyring` interface: + +```go expandable +package keyring + +import ( + + "bufio" + "encoding/hex" + "fmt" + "io" + "os" + "path/filepath" + "sort" + "strings" + "github.com/99designs/keyring" + "github.com/cockroachdb/errors" + "github.com/cosmos/go-bip39" + "golang.org/x/crypto/bcrypt" + + errorsmod "cosmossdk.io/errors" + "github.com/cosmos/cosmos-sdk/client/input" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/crypto" + "github.com/cosmos/cosmos-sdk/crypto/hd" + "github.com/cosmos/cosmos-sdk/crypto/ledger" + "github.com/cosmos/cosmos-sdk/crypto/types" + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/cosmos/cosmos-sdk/types/tx/signing" +) + +// Backend options for Keyring +const ( + BackendFile = "file" + BackendOS = "os" + BackendKWallet = "kwallet" + BackendPass = "pass" + BackendTest = "test" + BackendMemory = "memory" +) + +const ( + keyringFileDirName = "keyring-file" + keyringTestDirName = "keyring-test" + passKeyringPrefix = "keyring-%s" + + // temporary pass phrase for exporting a key during a key rename + passPhrase = "temp" + // prefix for exported hex private keys + hexPrefix = "0x" +) + +var ( + _ Keyring = &keystore{ +} + _ KeyringWithDB = &keystore{ +} + +maxPassphraseEntryAttempts = 3 +) + +// Keyring exposes operations over a backend supported by github.com/99designs/keyring. +type Keyring interface { + // Get the backend type used in the keyring config: "file", "os", "kwallet", "pass", "test", "memory". + Backend() + +string + // List all keys. + List() ([]*Record, error) + + // Supported signing algorithms for Keyring and Ledger respectively. + SupportedAlgorithms() (SigningAlgoList, SigningAlgoList) + + // Key and KeyByAddress return keys by uid and address respectively. + Key(uid string) (*Record, error) + +KeyByAddress(address sdk.Address) (*Record, error) + + // Delete and DeleteByAddress remove keys from the keyring. + Delete(uid string) + +error + DeleteByAddress(address sdk.Address) + +error + + // Rename an existing key from the Keyring + Rename(from, to string) + +error + + // NewMnemonic generates a new mnemonic, derives a hierarchical deterministic key from it, and + // persists the key to storage. Returns the generated mnemonic and the key Info. + // It returns an error if it fails to generate a key for the given algo type, or if + // another key is already stored under the same name or address. + // + // A passphrase set to the empty string will set the passphrase to the DefaultBIP39Passphrase value. + NewMnemonic(uid string, language Language, hdPath, bip39Passphrase string, algo SignatureAlgo) (*Record, string, error) + + // NewAccount converts a mnemonic to a private key and BIP-39 HD Path and persists it. + // It fails if there is an existing key Info with the same address. + NewAccount(uid, mnemonic, bip39Passphrase, hdPath string, algo SignatureAlgo) (*Record, error) + + // SaveLedgerKey retrieves a public key reference from a Ledger device and persists it. + SaveLedgerKey(uid string, algo SignatureAlgo, hrp string, coinType, account, index uint32) (*Record, error) + + // SaveOfflineKey stores a public key and returns the persisted Info structure. + SaveOfflineKey(uid string, pubkey types.PubKey) (*Record, error) + + // SaveMultisig stores and returns a new multsig (offline) + +key reference. + SaveMultisig(uid string, pubkey types.PubKey) (*Record, error) + +Signer + + Importer + Exporter + + Migrator +} + +type KeyringWithDB interface { + Keyring + + // Get the db keyring used in the keystore. + DB() + +keyring.Keyring +} + +// Signer is implemented by key stores that want to provide signing capabilities. +type Signer interface { + // Sign sign byte messages with a user key. + Sign(uid string, msg []byte, signMode signing.SignMode) ([]byte, types.PubKey, error) + + // SignByAddress sign byte messages with a user key providing the address. + SignByAddress(address sdk.Address, msg []byte, signMode signing.SignMode) ([]byte, types.PubKey, error) +} + +// Importer is implemented by key stores that support import of public and private keys. +type Importer interface { + // ImportPrivKey imports ASCII armored passphrase-encrypted private keys. + ImportPrivKey(uid, armor, passphrase string) + +error + // ImportPrivKeyHex imports hex encoded keys. + ImportPrivKeyHex(uid, privKey, algoStr string) + +error + // ImportPubKey imports ASCII armored public keys. + ImportPubKey(uid, armor string) + +error +} + +// Migrator is implemented by key stores and enables migration of keys from amino to proto +type Migrator interface { + MigrateAll() ([]*Record, error) +} + +// Exporter is implemented by key stores that support export of public and private keys. +type Exporter interface { + // Export public key + ExportPubKeyArmor(uid string) (string, error) + +ExportPubKeyArmorByAddress(address sdk.Address) (string, error) + + // ExportPrivKeyArmor returns a private key in ASCII armored format. + // It returns an error if the key does not exist or a wrong encryption passphrase is supplied. + ExportPrivKeyArmor(uid, encryptPassphrase string) (armor string, err error) + +ExportPrivKeyArmorByAddress(address sdk.Address, encryptPassphrase string) (armor string, err error) +} + +// Option overrides keyring configuration options. +type Option func(options *Options) + +// NewInMemory creates a transient keyring useful for testing +// purposes and on-the-fly key generation. +// Keybase options can be applied when generating this new Keybase. +func NewInMemory(cdc codec.Codec, opts ...Option) + +Keyring { + return NewInMemoryWithKeyring(keyring.NewArrayKeyring(nil), cdc, opts...) +} + +// NewInMemoryWithKeyring returns an in memory keyring using the specified keyring.Keyring +// as the backing keyring. +func NewInMemoryWithKeyring(kr keyring.Keyring, cdc codec.Codec, opts ...Option) + +Keyring { + return newKeystore(kr, cdc, BackendMemory, opts...) +} + +// New creates a new instance of a keyring. +// Keyring options can be applied when generating the new instance. +// Available backends are "os", "file", "kwallet", "memory", "pass", "test". +func newKeyringGeneric( + appName, backend, rootDir string, userInput io.Reader, cdc codec.Codec, opts ...Option, +) (Keyring, error) { + var ( + db keyring.Keyring + err error + ) + switch backend { + case BackendMemory: + return NewInMemory(cdc, opts...), err + case BackendTest: + db, err = keyring.Open(newTestBackendKeyringConfig(appName, rootDir)) + case BackendFile: + db, err = keyring.Open(newFileBackendKeyringConfig(appName, rootDir, userInput)) + case BackendOS: + db, err = keyring.Open(newOSBackendKeyringConfig(appName, rootDir, userInput)) + case BackendKWallet: + db, err = keyring.Open(newKWalletBackendKeyringConfig(appName, rootDir, userInput)) + case BackendPass: + db, err = keyring.Open(newPassBackendKeyringConfig(appName, rootDir, userInput)) + +default: + return nil, errorsmod.Wrap(ErrUnknownBacked, backend) +} + if err != nil { + return nil, err +} + +return newKeystore(db, cdc, backend, opts...), nil +} + +type keystore struct { + db keyring.Keyring + cdc codec.Codec + backend string + options Options +} + +func newKeystore(kr keyring.Keyring, cdc codec.Codec, backend string, opts ...Option) + +keystore { + // Default options for keybase, these can be overwritten using the + // Option function + options := Options{ + SupportedAlgos: SigningAlgoList{ + hd.Secp256k1 +}, + SupportedAlgosLedger: SigningAlgoList{ + hd.Secp256k1 +}, +} + for _, optionFn := range opts { + optionFn(&options) +} + if options.LedgerDerivation != nil { + ledger.SetDiscoverLedger(options.LedgerDerivation) +} + if options.LedgerCreateKey != nil { + ledger.SetCreatePubkey(options.LedgerCreateKey) +} + if options.LedgerAppName != "" { + ledger.SetAppName(options.LedgerAppName) +} + if options.LedgerSigSkipDERConv { + ledger.SetSkipDERConversion() +} + +return keystore{ + db: kr, + cdc: cdc, + backend: backend, + options: options, +} +} + +// Backend returns the keyring backend option used in the config +func (ks keystore) + +Backend() + +string { + return ks.backend +} + +func (ks keystore) + +ExportPubKeyArmor(uid string) (string, error) { + k, err := ks.Key(uid) + if err != nil { + return "", err +} + +key, err := k.GetPubKey() + if err != nil { + return "", err +} + +bz, err := ks.cdc.MarshalInterface(key) + if err != nil { + return "", err +} + +return crypto.ArmorPubKeyBytes(bz, key.Type()), nil +} + +// DB returns the db keyring used in the keystore +func (ks keystore) + +DB() + +keyring.Keyring { + return ks.db +} + +func (ks keystore) + +ExportPubKeyArmorByAddress(address sdk.Address) (string, error) { + k, err := ks.KeyByAddress(address) + if err != nil { + return "", err +} + +return ks.ExportPubKeyArmor(k.Name) +} + +// ExportPrivKeyArmor exports encrypted privKey +func (ks keystore) + +ExportPrivKeyArmor(uid, encryptPassphrase string) (armor string, err error) { + priv, err := ks.ExportPrivateKeyObject(uid) + if err != nil { + return "", err +} + +return crypto.EncryptArmorPrivKey(priv, encryptPassphrase, priv.Type()), nil +} + +// ExportPrivateKeyObject exports an armored private key object. +func (ks keystore) + +ExportPrivateKeyObject(uid string) (types.PrivKey, error) { + k, err := ks.Key(uid) + if err != nil { + return nil, err +} + +priv, err := extractPrivKeyFromRecord(k) + if err != nil { + return nil, err +} + +return priv, err +} + +func (ks keystore) + +ExportPrivKeyArmorByAddress(address sdk.Address, encryptPassphrase string) (armor string, err error) { + k, err := ks.KeyByAddress(address) + if err != nil { + return "", err +} + +return ks.ExportPrivKeyArmor(k.Name, encryptPassphrase) +} + +func (ks keystore) + +ImportPrivKey(uid, armor, passphrase string) + +error { + if k, err := ks.Key(uid); err == nil { + if uid == k.Name { + return errorsmod.Wrap(ErrOverwriteKey, uid) +} + +} + +privKey, _, err := crypto.UnarmorDecryptPrivKey(armor, passphrase) + if err != nil { + return errorsmod.Wrap(err, "failed to decrypt private key") +} + + _, err = ks.writeLocalKey(uid, privKey) + if err != nil { + return err +} + +return nil +} + +func (ks keystore) + +ImportPrivKeyHex(uid, privKey, algoStr string) + +error { + if _, err := ks.Key(uid); err == nil { + return errorsmod.Wrap(ErrOverwriteKey, uid) +} + if privKey[:2] == hexPrefix { + privKey = privKey[2:] +} + +decodedPriv, err := hex.DecodeString(privKey) + if err != nil { + return err +} + +algo, err := NewSigningAlgoFromString(algoStr, ks.options.SupportedAlgos) + if err != nil { + return err +} + priv := algo.Generate()(decodedPriv) + _, err = ks.writeLocalKey(uid, priv) + if err != nil { + return err +} + +return nil +} + +func (ks keystore) + +ImportPubKey(uid, armor string) + +error { + if _, err := ks.Key(uid); err == nil { + return errorsmod.Wrap(ErrOverwriteKey, uid) +} + +pubBytes, _, err := crypto.UnarmorPubKeyBytes(armor) + if err != nil { + return err +} + +var pubKey types.PubKey + if err := ks.cdc.UnmarshalInterface(pubBytes, &pubKey); err != nil { + return err +} + + _, err = ks.writeOfflineKey(uid, pubKey) + if err != nil { + return err +} + +return nil +} + +func (ks keystore) + +Sign(uid string, msg []byte, signMode signing.SignMode) ([]byte, types.PubKey, error) { + k, err := ks.Key(uid) + if err != nil { + return nil, nil, err +} + switch { + case k.GetLocal() != nil: + priv, err := extractPrivKeyFromLocal(k.GetLocal()) + if err != nil { + return nil, nil, err +} + +sig, err := priv.Sign(msg) + if err != nil { + return nil, nil, err +} + +return sig, priv.PubKey(), nil + case k.GetLedger() != nil: + return SignWithLedger(k, msg, signMode) + + // multi or offline record + default: + pub, err := k.GetPubKey() + if err != nil { + return nil, nil, err +} + +return nil, pub, ErrOfflineSign +} +} + +func (ks keystore) + +SignByAddress(address sdk.Address, msg []byte, signMode signing.SignMode) ([]byte, types.PubKey, error) { + k, err := ks.KeyByAddress(address) + if err != nil { + return nil, nil, err +} + +return ks.Sign(k.Name, msg, signMode) +} + +func (ks keystore) + +SaveLedgerKey(uid string, algo SignatureAlgo, hrp string, coinType, account, index uint32) (*Record, error) { + if !ks.options.SupportedAlgosLedger.Contains(algo) { + return nil, errorsmod.Wrap(ErrUnsupportedSigningAlgo, fmt.Sprintf("signature algo %s is not defined in the keyring options", algo.Name())) +} + hdPath := hd.NewFundraiserParams(account, coinType, index) + +priv, _, err := ledger.NewPrivKeySecp256k1(*hdPath, hrp) + if err != nil { + return nil, errors.CombineErrors(ErrLedgerGenerateKey, err) +} + +return ks.writeLedgerKey(uid, priv.PubKey(), hdPath) +} + +func (ks keystore) + +writeLedgerKey(name string, pk types.PubKey, path *hd.BIP44Params) (*Record, error) { + k, err := NewLedgerRecord(name, pk, path) + if err != nil { + return nil, err +} + +return k, ks.writeRecord(k) +} + +func (ks keystore) + +SaveMultisig(uid string, pubkey types.PubKey) (*Record, error) { + return ks.writeMultisigKey(uid, pubkey) +} + +func (ks keystore) + +SaveOfflineKey(uid string, pubkey types.PubKey) (*Record, error) { + return ks.writeOfflineKey(uid, pubkey) +} + +func (ks keystore) + +DeleteByAddress(address sdk.Address) + +error { + k, err := ks.KeyByAddress(address) + if err != nil { + return err +} + +err = ks.Delete(k.Name) + if err != nil { + return err +} + +return nil +} + +func (ks keystore) + +Rename(oldName, newName string) + +error { + _, err := ks.Key(newName) + if err == nil { + return errorsmod.Wrap(ErrKeyAlreadyExists, fmt.Sprintf("rename failed, %s", newName)) +} + +armor, err := ks.ExportPrivKeyArmor(oldName, passPhrase) + if err != nil { + return err +} + if err := ks.Delete(oldName); err != nil { + return err +} + if err := ks.ImportPrivKey(newName, armor, passPhrase); err != nil { + return err +} + +return nil +} + +// Delete deletes a key in the keyring. `uid` represents the key name, without +// the `.info` suffix. +func (ks keystore) + +Delete(uid string) + +error { + k, err := ks.Key(uid) + if err != nil { + return err +} + +addr, err := k.GetAddress() + if err != nil { + return err +} + +err = ks.db.Remove(addrHexKeyAsString(addr)) + if err != nil { + return err +} + +err = ks.db.Remove(infoKey(uid)) + if err != nil { + return err +} + +return nil +} + +func (ks keystore) + +KeyByAddress(address sdk.Address) (*Record, error) { + ik, err := ks.db.Get(addrHexKeyAsString(address)) + if err != nil { + return nil, wrapKeyNotFound(err, fmt.Sprintf("key with address %s not found", address.String())) +} + if len(ik.Data) == 0 { + return nil, wrapKeyNotFound(err, fmt.Sprintf("key with address %s not found", address.String())) +} + +return ks.Key(string(ik.Data)) +} + +func wrapKeyNotFound(err error, msg string) + +error { + if errors.Is(err, keyring.ErrKeyNotFound) { + return errorsmod.Wrap(sdkerrors.ErrKeyNotFound, msg) +} + +return err +} + +func (ks keystore) + +List() ([]*Record, error) { + return ks.MigrateAll() +} + +func (ks keystore) + +NewMnemonic(uid string, language Language, hdPath, bip39Passphrase string, algo SignatureAlgo) (*Record, string, error) { + if language != English { + return nil, "", ErrUnsupportedLanguage +} + if !ks.isSupportedSigningAlgo(algo) { + return nil, "", ErrUnsupportedSigningAlgo +} + + // Default number of words (24): This generates a mnemonic directly from the + // number of words by reading system entropy. + entropy, err := bip39.NewEntropy(defaultEntropySize) + if err != nil { + return nil, "", err +} + +mnemonic, err := bip39.NewMnemonic(entropy) + if err != nil { + return nil, "", err +} + if bip39Passphrase == "" { + bip39Passphrase = DefaultBIP39Passphrase +} + +k, err := ks.NewAccount(uid, mnemonic, bip39Passphrase, hdPath, algo) + if err != nil { + return nil, "", err +} + +return k, mnemonic, nil +} + +func (ks keystore) + +NewAccount(name, mnemonic, bip39Passphrase, hdPath string, algo SignatureAlgo) (*Record, error) { + if !ks.isSupportedSigningAlgo(algo) { + return nil, ErrUnsupportedSigningAlgo +} + + // create master key and derive first key for keyring + derivedPriv, err := algo.Derive()(mnemonic, bip39Passphrase, hdPath) + if err != nil { + return nil, err +} + privKey := algo.Generate()(derivedPriv) + + // check if the key already exists with the same address and return an error + // if found + address := sdk.AccAddress(privKey.PubKey().Address()) + if _, err := ks.KeyByAddress(address); err == nil { + return nil, ErrDuplicatedAddress +} + +return ks.writeLocalKey(name, privKey) +} + +func (ks keystore) + +isSupportedSigningAlgo(algo SignatureAlgo) + +bool { + return ks.options.SupportedAlgos.Contains(algo) +} + +func (ks keystore) + +Key(uid string) (*Record, error) { + k, err := ks.migrate(uid) + if err != nil { + return nil, err +} + +return k, nil +} + +// SupportedAlgorithms returns the keystore Options' supported signing algorithm. +// for the keyring and Ledger. +func (ks keystore) + +SupportedAlgorithms() (SigningAlgoList, SigningAlgoList) { + return ks.options.SupportedAlgos, ks.options.SupportedAlgosLedger +} + +// SignWithLedger signs a binary message with the ledger device referenced by an Info object +// and returns the signed bytes and the public key. It returns an error if the device could +// not be queried or it returned an error. +func SignWithLedger(k *Record, msg []byte, signMode signing.SignMode) (sig []byte, pub types.PubKey, err error) { + ledgerInfo := k.GetLedger() + if ledgerInfo == nil { + return nil, nil, ErrNotLedgerObj +} + path := ledgerInfo.GetPath() + +priv, err := ledger.NewPrivKeySecp256k1Unsafe(*path) + if err != nil { + return nil, nil, err +} + ledgerPubKey := priv.PubKey() + +pubKey, err := k.GetPubKey() + if err != nil { + return nil, nil, err +} + if !pubKey.Equals(ledgerPubKey) { + return nil, nil, fmt.Errorf("the public key that the user attempted to sign with does not match the public key on the ledger device. %v does not match %v", pubKey.String(), ledgerPubKey.String()) +} + switch signMode { + case signing.SignMode_SIGN_MODE_TEXTUAL: + sig, err = priv.Sign(msg) + if err != nil { + return nil, nil, err +} + case signing.SignMode_SIGN_MODE_LEGACY_AMINO_JSON: + sig, err = priv.SignLedgerAminoJSON(msg) + if err != nil { + return nil, nil, err +} + +default: + return nil, nil, errorsmod.Wrap(ErrInvalidSignMode, fmt.Sprintf("%v", signMode)) +} + if !priv.PubKey().VerifySignature(msg, sig) { + return nil, nil, ErrLedgerInvalidSignature +} + +return sig, priv.PubKey(), nil +} + +func newOSBackendKeyringConfig(appName, dir string, buf io.Reader) + +keyring.Config { + return keyring.Config{ + ServiceName: appName, + FileDir: dir, + KeychainTrustApplication: true, + FilePasswordFunc: newRealPrompt(dir, buf), +} +} + +func newTestBackendKeyringConfig(appName, dir string) + +keyring.Config { + return keyring.Config{ + AllowedBackends: []keyring.BackendType{ + keyring.FileBackend +}, + ServiceName: appName, + FileDir: filepath.Join(dir, keyringTestDirName), + FilePasswordFunc: func(_ string) (string, error) { + return "test", nil +}, +} +} + +func newKWalletBackendKeyringConfig(appName, _ string, _ io.Reader) + +keyring.Config { + return keyring.Config{ + AllowedBackends: []keyring.BackendType{ + keyring.KWalletBackend +}, + ServiceName: "kdewallet", + KWalletAppID: appName, + KWalletFolder: "", +} +} + +func newPassBackendKeyringConfig(appName, _ string, _ io.Reader) + +keyring.Config { + prefix := fmt.Sprintf(passKeyringPrefix, appName) + +return keyring.Config{ + AllowedBackends: []keyring.BackendType{ + keyring.PassBackend +}, + ServiceName: appName, + PassPrefix: prefix, +} +} + +func newFileBackendKeyringConfig(name, dir string, buf io.Reader) + +keyring.Config { + fileDir := filepath.Join(dir, keyringFileDirName) + +return keyring.Config{ + AllowedBackends: []keyring.BackendType{ + keyring.FileBackend +}, + ServiceName: name, + FileDir: fileDir, + FilePasswordFunc: newRealPrompt(fileDir, buf), +} +} + +func newRealPrompt(dir string, buf io.Reader) + +func(string) (string, error) { + return func(prompt string) (string, error) { + keyhashStored := false + keyhashFilePath := filepath.Join(dir, "keyhash") + +var keyhash []byte + + _, err := os.Stat(keyhashFilePath) + switch { + case err == nil: + keyhash, err = os.ReadFile(keyhashFilePath) + if err != nil { + return "", errorsmod.Wrap(err, fmt.Sprintf("failed to read %s", keyhashFilePath)) +} + +keyhashStored = true + case os.IsNotExist(err): + keyhashStored = false + + default: + return "", errorsmod.Wrap(err, fmt.Sprintf("failed to open %s", keyhashFilePath)) +} + failureCounter := 0 + for { + failureCounter++ + if failureCounter > maxPassphraseEntryAttempts { + return "", ErrMaxPassPhraseAttempts +} + buf := bufio.NewReader(buf) + +pass, err := input.GetPassword(fmt.Sprintf("Enter keyring passphrase (attempt %d/%d):", failureCounter, maxPassphraseEntryAttempts), buf) + if err != nil { + // NOTE: LGTM.io reports a false positive alert that states we are printing the password, + // but we only log the error. + // + // lgtm [go/clear-text-logging] + fmt.Fprintln(os.Stderr, err) + +continue +} + if keyhashStored { + if err := bcrypt.CompareHashAndPassword(keyhash, []byte(pass)); err != nil { + fmt.Fprintln(os.Stderr, "incorrect passphrase") + +continue +} + +return pass, nil +} + +reEnteredPass, err := input.GetPassword("Re-enter keyring passphrase:", buf) + if err != nil { + // NOTE: LGTM.io reports a false positive alert that states we are printing the password, + // but we only log the error. + // + // lgtm [go/clear-text-logging] + fmt.Fprintln(os.Stderr, err) + +continue +} + if pass != reEnteredPass { + fmt.Fprintln(os.Stderr, "passphrase do not match") + +continue +} + +passwordHash, err := bcrypt.GenerateFromPassword([]byte(pass), 2) + if err != nil { + fmt.Fprintln(os.Stderr, err) + +continue +} + if err := os.WriteFile(keyhashFilePath, passwordHash, 0o600); err != nil { + return "", err +} + +return pass, nil +} + +} +} + +func (ks keystore) + +writeLocalKey(name string, privKey types.PrivKey) (*Record, error) { + k, err := NewLocalRecord(name, privKey, privKey.PubKey()) + if err != nil { + return nil, err +} + +return k, ks.writeRecord(k) +} + +// writeRecord persists a keyring item in keystore if it does not exist there. +// For each key record, we actually write 2 items: +// - one with key `.info`, with Data = the serialized protobuf key +// - another with key `.address`, with Data = the uid (i.e. the key name) +// This is to be able to query keys both by name and by address. +func (ks keystore) + +writeRecord(k *Record) + +error { + addr, err := k.GetAddress() + if err != nil { + return err +} + key := infoKey(k.Name) + +exists, err := ks.existsInDb(addr, key) + if err != nil { + return err +} + if exists { + return errorsmod.Wrap(ErrKeyAlreadyExists, key) +} + +serializedRecord, err := ks.cdc.Marshal(k) + if err != nil { + return errors.CombineErrors(ErrUnableToSerialize, err) +} + item := keyring.Item{ + Key: key, + Data: serializedRecord, +} + if err := ks.SetItem(item); err != nil { + return err +} + +item = keyring.Item{ + Key: addrHexKeyAsString(addr), + Data: []byte(key), +} + if err := ks.SetItem(item); err != nil { + return err +} + +return nil +} + +// existsInDb returns (true, nil) + if either addr or name exist is in keystore DB. +// On the other hand, it returns (false, error) + if Get method returns error different from keyring.ErrKeyNotFound +// In case of inconsistent keyring, it recovers it automatically. +func (ks keystore) + +existsInDb(addr sdk.Address, name string) (bool, error) { + _, errAddr := ks.db.Get(addrHexKeyAsString(addr)) + if errAddr != nil && !errors.Is(errAddr, keyring.ErrKeyNotFound) { + return false, errAddr +} + + _, errInfo := ks.db.Get(infoKey(name)) + if errInfo == nil { + return true, nil // uid lookup succeeds - info exists +} + +else if !errors.Is(errInfo, keyring.ErrKeyNotFound) { + return false, errInfo // received unexpected error - returns +} + + // looking for an issue, record with meta (getByAddress) + +exists, but record with public key itself does not + if errAddr == nil && errors.Is(errInfo, keyring.ErrKeyNotFound) { + fmt.Fprintf(os.Stderr, "address \"%s\" exists but pubkey itself does not\n", hex.EncodeToString(addr.Bytes())) + +fmt.Fprintln(os.Stderr, "recreating pubkey record") + err := ks.db.Remove(addrHexKeyAsString(addr)) + if err != nil { + return true, err +} + +return false, nil +} + + // both lookups failed, info does not exist + return false, nil +} + +func (ks keystore) + +writeOfflineKey(name string, pk types.PubKey) (*Record, error) { + k, err := NewOfflineRecord(name, pk) + if err != nil { + return nil, err +} + +return k, ks.writeRecord(k) +} + +// writeMultisigKey investigate where thisf function is called maybe remove it +func (ks keystore) + +writeMultisigKey(name string, pk types.PubKey) (*Record, error) { + k, err := NewMultiRecord(name, pk) + if err != nil { + return nil, err +} + +return k, ks.writeRecord(k) +} + +func (ks keystore) + +MigrateAll() ([]*Record, error) { + keys, err := ks.db.Keys() + if err != nil { + return nil, err +} + if len(keys) == 0 { + return nil, nil +} + +sort.Strings(keys) + +var recs []*Record + for _, key := range keys { + // The keyring items only with `.info` consists the key info. + if !strings.HasSuffix(key, infoSuffix) { + continue +} + +rec, err := ks.migrate(key) + if err != nil { + fmt.Fprintf(os.Stderr, "migrate err for key %s: %q\n", key, err) + +continue +} + +recs = append(recs, rec) +} + +return recs, nil +} + +// migrate converts keyring.Item from amino to proto serialization format. +// the `key` argument can be a key uid (e.g. "alice") + +or with the '.info' +// suffix (e.g. "alice.info"). +// +// It operates as follows: +// 1. retrieve any key +// 2. try to decode it using protobuf +// 3. if ok, then return the key, do nothing else +// 4. if it fails, then try to decode it using amino +// 5. convert from the amino struct to the protobuf struct +// 6. write the proto-encoded key back to the keyring +func (ks keystore) + +migrate(key string) (*Record, error) { + if !strings.HasSuffix(key, infoSuffix) { + key = infoKey(key) +} + + // 1. get the key. + item, err := ks.db.Get(key) + if err != nil { + if key == fmt.Sprintf(".%s", infoSuffix) { + return nil, errors.New("no key name or address provided; have you forgotten the --from flag?") +} + +return nil, wrapKeyNotFound(err, key) +} + if len(item.Data) == 0 { + return nil, errorsmod.Wrap(sdkerrors.ErrKeyNotFound, key) +} + + // 2. Try to deserialize using proto + k, err := ks.protoUnmarshalRecord(item.Data) + // 3. If ok then return the key + if err == nil { + return k, nil +} + + // 4. Try to decode with amino + legacyInfo, err := unMarshalLegacyInfo(item.Data) + if err != nil { + return nil, errorsmod.Wrap(err, "unable to unmarshal item.Data") +} + + // 5. Convert and serialize info using proto + k, err = ks.convertFromLegacyInfo(legacyInfo) + if err != nil { + return nil, errorsmod.Wrap(err, "convertFromLegacyInfo") +} + +serializedRecord, err := ks.cdc.Marshal(k) + if err != nil { + return nil, errors.CombineErrors(ErrUnableToSerialize, err) +} + +item = keyring.Item{ + Key: key, + Data: serializedRecord, +} + + // 6. Overwrite the keyring entry with the new proto-encoded key. + if err := ks.SetItem(item); err != nil { + return nil, errorsmod.Wrap(err, "unable to set keyring.Item") +} + +fmt.Fprintf(os.Stderr, "Successfully migrated key %s.\n", key) + +return k, nil +} + +func (ks keystore) + +protoUnmarshalRecord(bz []byte) (*Record, error) { + k := new(Record) + if err := ks.cdc.Unmarshal(bz, k); err != nil { + return nil, err +} + +return k, nil +} + +func (ks keystore) + +SetItem(item keyring.Item) + +error { + return ks.db.Set(item) +} + +func (ks keystore) + +convertFromLegacyInfo(info LegacyInfo) (*Record, error) { + if info == nil { + return nil, errorsmod.Wrap(ErrLegacyToRecord, "info is nil") +} + name := info.GetName() + pk := info.GetPubKey() + switch info.GetType() { + case TypeLocal: + priv, err := privKeyFromLegacyInfo(info) + if err != nil { + return nil, err +} + +return NewLocalRecord(name, priv, pk) + case TypeOffline: + return NewOfflineRecord(name, pk) + case TypeMulti: + return NewMultiRecord(name, pk) + case TypeLedger: + path, err := info.GetPath() + if err != nil { + return nil, err +} + +return NewLedgerRecord(name, pk, path) + +default: + return nil, ErrUnknownLegacyType +} +} + +func addrHexKeyAsString(address sdk.Address) + +string { + return fmt.Sprintf("%s.%s", hex.EncodeToString(address.Bytes()), addressSuffix) +} +``` + +The default implementation of `Keyring` comes from the third-party [`99designs/keyring`](https://github.com/99designs/keyring) library. + +A few notes on the `Keyring` methods: + +* `Sign(uid string, msg []byte) ([]byte, types.PubKey, error)` strictly deals with the signature of the `msg` bytes. You must prepare and encode the transaction into a canonical `[]byte` form. Because protobuf is not deterministic, it has been decided in [ADR-020](/docs/sdk/vnext/build/architecture/adr-020-protobuf-transaction-encoding) that the canonical `payload` to sign is the `SignDoc` struct, deterministically encoded using [ADR-027](/docs/sdk/vnext/build/architecture/adr-027-deterministic-protobuf-serialization). Note that signature verification is not implemented in the Cosmos SDK by default, it is deferred to the [`anteHandler`](/docs/sdk/vnext/learn/advanced/baseapp#antehandler). + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/tx/v1beta1/tx.proto#L50-L67 +``` + +* `NewAccount(uid, mnemonic, bip39Passphrase, hdPath string, algo SignatureAlgo) (*Record, error)` creates a new account based on the [`bip44 path`](https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki) and persists it on disk. The `PrivKey` is **never stored unencrypted**, instead it is [encrypted with a passphrase](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/armor.go) before being persisted. In the context of this method, the key type and sequence number refer to the segment of the BIP44 derivation path (for example, `0`, `1`, `2`, ...) that is used to derive a private and a public key from the mnemonic. Using the same mnemonic and derivation path, the same `PrivKey`, `PubKey` and `Address` is generated. The following keys are supported by the keyring: + +* `secp256k1` + +* `ed25519` + +* `ExportPrivKeyArmor(uid, encryptPassphrase string) (armor string, err error)` exports a private key in ASCII-armored encrypted format using the given passphrase. You can then either import the private key again into the keyring using the `ImportPrivKey(uid, armor, passphrase string)` function or decrypt it into a raw private key using the `UnarmorDecryptPrivKey(armorStr string, passphrase string)` function. + +### Create New Key Type + +To create a new key type for using in keyring, `keyring.SignatureAlgo` interface must be fulfilled. + +```go expandable +package keyring + +import ( + + "strings" + "github.com/cockroachdb/errors" + "github.com/cosmos/cosmos-sdk/crypto/hd" +) + +// SignatureAlgo defines the interface for a keyring supported algorithm. +type SignatureAlgo interface { + Name() + +hd.PubKeyType + Derive() + +hd.DeriveFn + Generate() + +hd.GenerateFn +} + +// NewSigningAlgoFromString creates a supported SignatureAlgo. +func NewSigningAlgoFromString(str string, algoList SigningAlgoList) (SignatureAlgo, error) { + for _, algo := range algoList { + if str == string(algo.Name()) { + return algo, nil +} + +} + +return nil, errors.Wrap(ErrUnsupportedSigningAlgo, str) +} + +// SigningAlgoList is a slice of signature algorithms +type SigningAlgoList []SignatureAlgo + +// Contains returns true if the SigningAlgoList the given SignatureAlgo. +func (sal SigningAlgoList) + +Contains(algo SignatureAlgo) + +bool { + for _, cAlgo := range sal { + if cAlgo.Name() == algo.Name() { + return true +} + +} + +return false +} + +// String returns a comma separated string of the signature algorithm names in the list. +func (sal SigningAlgoList) + +String() + +string { + names := make([]string, len(sal)) + for i := range sal { + names[i] = string(sal[i].Name()) +} + +return strings.Join(names, ",") +} +``` + +The interface consists of three methods where `Name()` returns the name of the algorithm as a `hd.PubKeyType` and `Derive()` and `Generate()` must return the following functions respectively: + +```go expandable +package hd + +import ( + + "github.com/cosmos/go-bip39" + "github.com/cosmos/cosmos-sdk/crypto/keys/secp256k1" + "github.com/cosmos/cosmos-sdk/crypto/types" +) + +// PubKeyType defines an algorithm to derive key-pairs which can be used for cryptographic signing. +type PubKeyType string + +const ( + // MultiType implies that a pubkey is a multisignature + MultiType = PubKeyType("multi") + // Secp256k1Type uses the Bitcoin secp256k1 ECDSA parameters. + Secp256k1Type = PubKeyType("secp256k1") + // Ed25519Type represents the Ed25519Type signature system. + // It is currently not supported for end-user keys (wallets/ledgers). + Ed25519Type = PubKeyType("ed25519") + // Sr25519Type represents the Sr25519Type signature system. + Sr25519Type = PubKeyType("sr25519") +) + +// Secp256k1 uses the Bitcoin secp256k1 ECDSA parameters. +var Secp256k1 = secp256k1Algo{ +} + +type ( + DeriveFn func(mnemonic, bip39Passphrase, hdPath string) ([]byte, error) + +GenerateFn func(bz []byte) + +types.PrivKey +) + +type WalletGenerator interface { + Derive(mnemonic, bip39Passphrase, hdPath string) ([]byte, error) + +Generate(bz []byte) + +types.PrivKey +} + +type secp256k1Algo struct{ +} + +func (s secp256k1Algo) + +Name() + +PubKeyType { + return Secp256k1Type +} + +// Derive derives and returns the secp256k1 private key for the given seed and HD path. +func (s secp256k1Algo) + +Derive() + +DeriveFn { + return func(mnemonic, bip39Passphrase, hdPath string) ([]byte, error) { + seed, err := bip39.NewSeedWithErrorChecking(mnemonic, bip39Passphrase) + if err != nil { + return nil, err +} + +masterPriv, ch := ComputeMastersFromSeed(seed) + if len(hdPath) == 0 { + return masterPriv[:], nil +} + +derivedKey, err := DerivePrivateKeyForPath(masterPriv, ch, hdPath) + +return derivedKey, err +} +} + +// Generate generates a secp256k1 private key from the given bytes. +func (s secp256k1Algo) + +Generate() + +GenerateFn { + return func(bz []byte) + +types.PrivKey { + bzArr := make([]byte, secp256k1.PrivKeySize) + +copy(bzArr, bz) + +return &secp256k1.PrivKey{ + Key: bzArr +} + +} +} +``` + +Once the `keyring.SignatureAlgo` has been implemented it must be added to the [list of supported algos](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keyring/keyring.go#L209) of the keyring. + +For simplicity the implementation of a new key type should be done inside the `crypto/hd` package. +There is an example of a working `secp256k1` implementation in [algo.go](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/hd/algo.go#L38). + +#### Implementing secp256r1 algo + +Here is an example of how secp256r1 could be implemented. + +First a new function to create a private key from a secret number is needed in the secp256r1 package. This function could look like this: + +```go expandable +// cosmos-sdk/crypto/keys/secp256r1/privkey.go + +// NewPrivKeyFromSecret creates a private key derived for the secret number +// represented in big-endian. The `secret` must be a valid ECDSA field element. +func NewPrivKeyFromSecret(secret []byte) (*PrivKey, error) { + var d = new(big.Int).SetBytes(secret) + if d.Cmp(secp256r1.Params().N) >= 1 { + return nil, errorsmod.Wrap(errors.ErrInvalidRequest, "secret not in the curve base field") +} + sk := new(ecdsa.PrivKey) + +return &PrivKey{&ecdsaSK{*sk +}}, nil +} +``` + +After that `secp256r1Algo` can be implemented. + +```go expandable +// cosmos-sdk/crypto/hd/secp256r1Algo.go + +package hd + +import ( + + "github.com/cosmos/go-bip39" + "github.com/cosmos/cosmos-sdk/crypto/keys/secp256r1" + "github.com/cosmos/cosmos-sdk/crypto/types" +) + +// Secp256r1Type uses the secp256r1 ECDSA parameters. +const Secp256r1Type = PubKeyType("secp256r1") + +var Secp256r1 = secp256r1Algo{ +} + +type secp256r1Algo struct{ +} + +func (s secp256r1Algo) + +Name() + +PubKeyType { + return Secp256r1Type +} + +// Derive derives and returns the secp256r1 private key for the given seed and HD path. +func (s secp256r1Algo) + +Derive() + +DeriveFn { + return func(mnemonic string, bip39Passphrase, hdPath string) ([]byte, error) { + seed, err := bip39.NewSeedWithErrorChecking(mnemonic, bip39Passphrase) + if err != nil { + return nil, err +} + +masterPriv, ch := ComputeMastersFromSeed(seed) + if len(hdPath) == 0 { + return masterPriv[:], nil +} + +derivedKey, err := DerivePrivateKeyForPath(masterPriv, ch, hdPath) + +return derivedKey, err +} +} + +// Generate generates a secp256r1 private key from the given bytes. +func (s secp256r1Algo) + +Generate() + +GenerateFn { + return func(bz []byte) + +types.PrivKey { + key, err := secp256r1.NewPrivKeyFromSecret(bz) + if err != nil { + panic(err) +} + +return key +} +} +``` + +Finally, the algo must be added to the list of [supported algos](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/crypto/keyring/keyring.go#L209) by the keyring. + +```go +// cosmos-sdk/crypto/keyring/keyring.go + +func newKeystore(kr keyring.Keyring, cdc codec.Codec, backend string, opts ...Option) + +keystore { + // Default options for keybase, these can be overwritten using the + // Option function + options := Options{ + SupportedAlgos: SigningAlgoList{ + hd.Secp256k1, hd.Secp256r1 +}, // added here + SupportedAlgosLedger: SigningAlgoList{ + hd.Secp256k1 +}, +} +... +``` + +Hereafter to create new keys using your algo, you must specify it with the flag `--algo` : + +`simd keys add myKey --algo secp256r1` diff --git a/docs/sdk/next/learn/beginner/app-anatomy.mdx b/docs/sdk/next/learn/beginner/app-anatomy.mdx new file mode 100644 index 00000000..02e9bd1f --- /dev/null +++ b/docs/sdk/next/learn/beginner/app-anatomy.mdx @@ -0,0 +1,4484 @@ +--- +title: Anatomy of a Cosmos SDK Application +--- + +**Synopsis** +This document describes the core parts of a Cosmos SDK application, represented throughout the document as a placeholder application named `app`. + + +## Node Client + +The Daemon, or [Full-Node Client](/docs/sdk/vnext/learn/advanced/node), is the core process of a Cosmos SDK-based blockchain. Participants in the network run this process to initialize their state-machine, connect with other full-nodes, and update their state-machine as new blocks come in. + +```text expandable + ^ +-------------------------------+ ^ + | | | | + | | State-machine = Application | | + | | | | Built with Cosmos SDK + | | ^ + | | + | +----------- | ABCI | ----------+ v + | | + v | ^ + | | | | +Blockchain Node | | Consensus | | + | | | | + | +-------------------------------+ | CometBFT + | | | | + | | Networking | | + | | | | + v +-------------------------------+ v +``` + +The blockchain full-node presents itself as a binary, generally suffixed by `-d` for "daemon" (e.g. `appd` for `app` or `gaiad` for `gaia`). This binary is built by running a simple [`main.go`](/docs/sdk/vnext/learn/advanced/node#main-function) function placed in `./cmd/appd/`. This operation usually happens through the [Makefile](#dependencies-and-makefile). + +Once the main binary is built, the node can be started by running the [`start` command](/docs/sdk/vnext/learn/advanced/node#start-command). This command function primarily does three things: + +1. Create an instance of the state-machine defined in [`app.go`](#core-application-file). +2. Initialize the state-machine with the latest known state, extracted from the `db` stored in the `~/.app/data` folder. At this point, the state-machine is at height `appBlockHeight`. +3. Create and start a new CometBFT instance. Among other things, the node performs a handshake with its peers. It gets the latest `blockHeight` from them and replays blocks to sync to this height if it is greater than the local `appBlockHeight`. The node starts from genesis and CometBFT sends an `InitChain` message via the ABCI to the `app`, which triggers the [`InitChainer`](#initchainer). + + +When starting a CometBFT instance, the genesis file is the `0` height and the state within the genesis file is committed at block height `1`. When querying the state of the node, querying block height 0 will return an error. + + +## Core Application File + +In general, the core of the state-machine is defined in a file called `app.go`. This file mainly contains the **type definition of the application** and functions to **create and initialize it**. + +### Type Definition of the Application + +The first thing defined in `app.go` is the `type` of the application. It is generally comprised of the following parts: + +* **Embedding [runtime.App](/docs/sdk/vnext/build/building-apps/runtime)** The runtime package manages the application's core components and modules through dependency injection. It provides declarative configuration for module management, state storage, and ABCI handling. + * `Runtime` wraps `BaseApp`, meaning when a transaction is relayed by CometBFT to the application, `app` uses `runtime`'s methods to route them to the appropriate module. `BaseApp` implements all the [ABCI methods](https://docs.cometbft.com/v0.38/spec/abci/) and the [routing logic](/docs/sdk/vnext/learn/advanced/baseapp#service-routers). + * It automatically configures the **[module manager](/docs/sdk/vnext/build/building-modules/module-manager#manager)** based on the app wiring configuration. The module manager facilitates operations related to these modules, like registering their [`Msg` service](/docs/sdk/vnext/build/building-modules/msg-services) and [gRPC `Query` service](#grpc-query-services), or setting the order of execution between modules for various functions like [`InitChainer`](#initchainer), [`PreBlocker`](#preblocker) and [`BeginBlocker` and `EndBlocker`](#beginblocker-and-endblocker). +* [**An App Wiring configuration file**](/docs/sdk/vnext/build/building-apps/runtime) The app wiring configuration file contains the list of application's modules that `runtime` must instantiate. The instantiation of the modules is done using `depinject`. It also contains the order in which all modules' `InitGenesis` and `Pre/Begin/EndBlocker` methods should be executed. +* **A reference to an [`appCodec`](/docs/sdk/vnext/learn/advanced/encoding).** The application's `appCodec` is used to serialize and deserialize data structures in order to store them, as stores can only persist `[]bytes`. The default codec is [Protocol Buffers](/docs/sdk/vnext/learn/advanced/encoding). +* **A reference to a [`legacyAmino`](/docs/sdk/vnext/learn/advanced/encoding) codec.** Some parts of the Cosmos SDK have not been migrated to use the `appCodec` above, and are still hardcoded to use Amino. Other parts explicitly use Amino for backwards compatibility. For these reasons, the application still holds a reference to the legacy Amino codec. Please note that the Amino codec will be removed from the SDK in the upcoming releases. + +See an example of application type definition from `simapp`, the Cosmos SDK's own app used for demo and testing purposes: + +```go expandable +//go:build !app_v1 + +package simapp + +import ( + + "io" + + dbm "github.com/cosmos/cosmos-db" + + clienthelpers "cosmossdk.io/client/v2/helpers" + "cosmossdk.io/depinject" + "cosmossdk.io/log" + storetypes "cosmossdk.io/store/types" + circuitkeeper "cosmossdk.io/x/circuit/keeper" + evidencekeeper "cosmossdk.io/x/evidence/keeper" + feegrantkeeper "cosmossdk.io/x/feegrant/keeper" + nftkeeper "cosmossdk.io/x/nft/keeper" + upgradekeeper "cosmossdk.io/x/upgrade/keeper" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + "github.com/cosmos/cosmos-sdk/runtime" + "github.com/cosmos/cosmos-sdk/server" + "github.com/cosmos/cosmos-sdk/server/api" + "github.com/cosmos/cosmos-sdk/server/config" + servertypes "github.com/cosmos/cosmos-sdk/server/types" + testdata_pulsar "github.com/cosmos/cosmos-sdk/testutil/testdata/testpb" + "github.com/cosmos/cosmos-sdk/types/module" + "github.com/cosmos/cosmos-sdk/x/auth" + "github.com/cosmos/cosmos-sdk/x/auth/ante" + authkeeper "github.com/cosmos/cosmos-sdk/x/auth/keeper" + authsims "github.com/cosmos/cosmos-sdk/x/auth/simulation" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + authzkeeper "github.com/cosmos/cosmos-sdk/x/authz/keeper" + bankkeeper "github.com/cosmos/cosmos-sdk/x/bank/keeper" + consensuskeeper "github.com/cosmos/cosmos-sdk/x/consensus/keeper" + distrkeeper "github.com/cosmos/cosmos-sdk/x/distribution/keeper" + epochskeeper "github.com/cosmos/cosmos-sdk/x/epochs/keeper" + govkeeper "github.com/cosmos/cosmos-sdk/x/gov/keeper" + groupkeeper "github.com/cosmos/cosmos-sdk/x/group/keeper" + mintkeeper "github.com/cosmos/cosmos-sdk/x/mint/keeper" + protocolpoolkeeper "github.com/cosmos/cosmos-sdk/x/protocolpool/keeper" + slashingkeeper "github.com/cosmos/cosmos-sdk/x/slashing/keeper" + stakingkeeper "github.com/cosmos/cosmos-sdk/x/staking/keeper" +) + +// DefaultNodeHome default home directories for the application daemon +var DefaultNodeHome string + +var ( + _ runtime.AppI = (*SimApp)(nil) + _ servertypes.Application = (*SimApp)(nil) +) + +// SimApp extends an ABCI application, but with most of its parameters exported. +// They are exported for convenience in creating helper functions, as object +// capabilities aren't needed for testing. +type SimApp struct { + *runtime.App + legacyAmino *codec.LegacyAmino + appCodec codec.Codec + txConfig client.TxConfig + interfaceRegistry codectypes.InterfaceRegistry + + // essential keepers + AccountKeeper authkeeper.AccountKeeper + BankKeeper bankkeeper.BaseKeeper + StakingKeeper *stakingkeeper.Keeper + SlashingKeeper slashingkeeper.Keeper + MintKeeper mintkeeper.Keeper + DistrKeeper distrkeeper.Keeper + GovKeeper *govkeeper.Keeper + UpgradeKeeper *upgradekeeper.Keeper + EvidenceKeeper evidencekeeper.Keeper + ConsensusParamsKeeper consensuskeeper.Keeper + CircuitKeeper circuitkeeper.Keeper + + // supplementary keepers + FeeGrantKeeper feegrantkeeper.Keeper + GroupKeeper groupkeeper.Keeper + AuthzKeeper authzkeeper.Keeper + NFTKeeper nftkeeper.Keeper + EpochsKeeper epochskeeper.Keeper + ProtocolPoolKeeper protocolpoolkeeper.Keeper + + // simulation manager + sm *module.SimulationManager +} + +func init() { + var err error + DefaultNodeHome, err = clienthelpers.GetNodeHomeDirectory(".simapp") + if err != nil { + panic(err) +} +} + +// NewSimApp returns a reference to an initialized SimApp. +func NewSimApp( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), +) *SimApp { + var ( + app = &SimApp{ +} + +appBuilder *runtime.AppBuilder + + // merge the AppConfig and other configuration in one config + appConfig = depinject.Configs( + AppConfig, + depinject.Supply( + // supply the application options + appOpts, + // supply the logger + logger, + + // ADVANCED CONFIGURATION + + // + // AUTH + // + // For providing a custom function required in auth to generate custom account types + // add it below. By default the auth module uses simulation.RandomGenesisAccounts. + // + // authtypes.RandomGenesisAccountsFn(simulation.RandomGenesisAccounts), + // + // For providing a custom a base account type add it below. + // By default the auth module uses authtypes.ProtoBaseAccount(). + // + // func() + +sdk.AccountI { + return authtypes.ProtoBaseAccount() +}, + // + // For providing a different address codec, add it below. + // By default the auth module uses a Bech32 address codec, + // with the prefix defined in the auth module configuration. + // + // func() + +address.Codec { + return <- custom address codec type -> +} + // + // STAKING + // + // For provinding a different validator and consensus address codec, add it below. + // By default the staking module uses the bech32 prefix provided in the auth config, + // and appends "valoper" and "valcons" for validator and consensus addresses respectively. + // When providing a custom address codec in auth, custom address codecs must be provided here as well. + // + // func() + +runtime.ValidatorAddressCodec { + return <- custom validator address codec type -> +} + // func() + +runtime.ConsensusAddressCodec { + return <- custom consensus address codec type -> +} + + // + // MINT + // + + // For providing a custom inflation function for x/mint add here your + // custom minting function that implements the mintkeeper.MintFn + // interface. + ), + ) + ) + if err := depinject.Inject(appConfig, + &appBuilder, + &app.appCodec, + &app.legacyAmino, + &app.txConfig, + &app.interfaceRegistry, + &app.AccountKeeper, + &app.BankKeeper, + &app.StakingKeeper, + &app.SlashingKeeper, + &app.MintKeeper, + &app.DistrKeeper, + &app.GovKeeper, + &app.UpgradeKeeper, + &app.AuthzKeeper, + &app.EvidenceKeeper, + &app.FeeGrantKeeper, + &app.GroupKeeper, + &app.NFTKeeper, + &app.ConsensusParamsKeeper, + &app.CircuitKeeper, + &app.EpochsKeeper, + &app.ProtocolPoolKeeper, + ); err != nil { + panic(err) +} + + // Below we could construct and set an application specific mempool and + // ABCI 1.0 PrepareProposal and ProcessProposal handlers. These defaults are + // already set in the SDK's BaseApp, this shows an example of how to override + // them. + // + // Example: + // + // app.App = appBuilder.Build(...) + // nonceMempool := mempool.NewSenderNonceMempool() + // abciPropHandler := NewDefaultProposalHandler(nonceMempool, app.App.BaseApp) + // + // app.App.BaseApp.SetMempool(nonceMempool) + // app.App.BaseApp.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // app.App.BaseApp.SetProcessProposal(abciPropHandler.ProcessProposalHandler()) + // + // Alternatively, you can construct BaseApp options, append those to + // baseAppOptions and pass them to the appBuilder. + // + // Example: + // + // prepareOpt = func(app *baseapp.BaseApp) { + // abciPropHandler := baseapp.NewDefaultProposalHandler(nonceMempool, app) + // app.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // +} + // baseAppOptions = append(baseAppOptions, prepareOpt) + + // create and set dummy vote extension handler + voteExtOp := func(bApp *baseapp.BaseApp) { + voteExtHandler := NewVoteExtensionHandler() + +voteExtHandler.SetHandlers(bApp) +} + +baseAppOptions = append(baseAppOptions, voteExtOp, baseapp.SetOptimisticExecution()) + +app.App = appBuilder.Build(db, traceStore, baseAppOptions...) + + // register streaming services + if err := app.RegisterStreamingServices(appOpts, app.kvStoreKeys()); err != nil { + panic(err) +} + + /**** Module Options ****/ + + // RegisterUpgradeHandlers is used for registering any on-chain upgrades. + app.RegisterUpgradeHandlers() + + // add test gRPC service for testing gRPC queries in isolation + testdata_pulsar.RegisterQueryServer(app.GRPCQueryRouter(), testdata_pulsar.QueryImpl{ +}) + + // create the simulation manager and define the order of the modules for deterministic simulations + // + // NOTE: this is not required apps that don't use the simulator for fuzz testing + // transactions + overrideModules := map[string]module.AppModuleSimulation{ + authtypes.ModuleName: auth.NewAppModule(app.appCodec, app.AccountKeeper, authsims.RandomGenesisAccounts, nil), +} + +app.sm = module.NewSimulationManagerFromAppModules(app.ModuleManager.Modules, overrideModules) + +app.sm.RegisterStoreDecoders() + + // A custom InitChainer can be set if extra pre-init-genesis logic is required. + // By default, when using app wiring enabled module, this is not required. + // For instance, the upgrade module will set automatically the module version map in its init genesis thanks to app wiring. + // However, when registering a module manually (i.e. that does not support app wiring), the module version map + // must be set manually as follow. The upgrade module will de-duplicate the module version map. + // + // app.SetInitChainer(func(ctx sdk.Context, req *abci.RequestInitChain) (*abci.ResponseInitChain, error) { + // app.UpgradeKeeper.SetModuleVersionMap(ctx, app.ModuleManager.GetVersionMap()) + // return app.App.InitChainer(ctx, req) + // +}) + + // set custom ante handler + app.setAnteHandler(app.txConfig) + if err := app.Load(loadLatest); err != nil { + panic(err) +} + +return app +} + +// setAnteHandler sets custom ante handlers. +// "x/auth/tx" pre-defined ante handler have been disabled in app_config. +func (app *SimApp) + +setAnteHandler(txConfig client.TxConfig) { + anteHandler, err := NewAnteHandler( + HandlerOptions{ + ante.HandlerOptions{ + AccountKeeper: app.AccountKeeper, + BankKeeper: app.BankKeeper, + SignModeHandler: txConfig.SignModeHandler(), + FeegrantKeeper: app.FeeGrantKeeper, + SigGasConsumer: ante.DefaultSigVerificationGasConsumer, +}, + &app.CircuitKeeper, +}, + ) + if err != nil { + panic(err) +} + + // Set the AnteHandler for the app + app.SetAnteHandler(anteHandler) +} + +// LegacyAmino returns SimApp's amino codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +LegacyAmino() *codec.LegacyAmino { + return app.legacyAmino +} + +// AppCodec returns SimApp's app codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +AppCodec() + +codec.Codec { + return app.appCodec +} + +// InterfaceRegistry returns SimApp's InterfaceRegistry. +func (app *SimApp) + +InterfaceRegistry() + +codectypes.InterfaceRegistry { + return app.interfaceRegistry +} + +// TxConfig returns SimApp's TxConfig +func (app *SimApp) + +TxConfig() + +client.TxConfig { + return app.txConfig +} + +// GetKey returns the KVStoreKey for the provided store key. +// +// NOTE: This is solely to be used for testing purposes. +func (app *SimApp) + +GetKey(storeKey string) *storetypes.KVStoreKey { + sk := app.UnsafeFindStoreKey(storeKey) + +kvStoreKey, ok := sk.(*storetypes.KVStoreKey) + if !ok { + return nil +} + +return kvStoreKey +} + +func (app *SimApp) + +kvStoreKeys() + +map[string]*storetypes.KVStoreKey { + keys := make(map[string]*storetypes.KVStoreKey) + for _, k := range app.GetStoreKeys() { + if kv, ok := k.(*storetypes.KVStoreKey); ok { + keys[kv.Name()] = kv +} + +} + +return keys +} + +// SimulationManager implements the SimulationApp interface +func (app *SimApp) + +SimulationManager() *module.SimulationManager { + return app.sm +} + +// RegisterAPIRoutes registers all application module routes with the provided +// API server. +func (app *SimApp) + +RegisterAPIRoutes(apiSvr *api.Server, apiConfig config.APIConfig) { + app.App.RegisterAPIRoutes(apiSvr, apiConfig) + // register swagger API in app.go so that other applications can override easily + if err := server.RegisterSwaggerAPI(apiSvr.ClientCtx, apiSvr.Router, apiConfig.Swagger); err != nil { + panic(err) +} +} + +// GetMaccPerms returns a copy of the module account permissions +// +// NOTE: This is solely to be used for testing purposes. +func GetMaccPerms() + +map[string][]string { + dup := make(map[string][]string) + for _, perms := range moduleAccPerms { + dup[perms.Account] = perms.Permissions +} + +return dup +} + +// BlockedAddresses returns all the app's blocked account addresses. +func BlockedAddresses() + +map[string]bool { + result := make(map[string]bool) + if len(blockAccAddrs) > 0 { + for _, addr := range blockAccAddrs { + result[addr] = true +} + +} + +else { + for addr := range GetMaccPerms() { + result[addr] = true +} + +} + +return result +} +``` + +### Constructor Function + +Also defined in `app.go` is the constructor function, which constructs a new application of the type defined in the preceding section. The function must fulfill the `AppCreator` signature in order to be used in the [`start` command](/docs/sdk/vnext/learn/advanced/node#start-command) of the application's daemon command. + +```go expandable +package types + +import ( + + "encoding/json" + "io" + + cmtproto "github.com/cometbft/cometbft/proto/tendermint/types" + cmttypes "github.com/cometbft/cometbft/types" + dbm "github.com/cosmos/cosmos-db" + "github.com/cosmos/gogoproto/grpc" + "github.com/spf13/cobra" + "cosmossdk.io/log" + "cosmossdk.io/store/snapshots" + storetypes "cosmossdk.io/store/types" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/server/api" + "github.com/cosmos/cosmos-sdk/server/config" +) + +type ( + // AppOptions defines an interface that is passed into an application + // constructor, typically used to set BaseApp options that are either supplied + // via config file or through CLI arguments/flags. The underlying implementation + // is defined by the server package and is typically implemented via a Viper + // literal defined on the server Context. Note, casting Get calls may not yield + // the expected types and could result in type assertion errors. It is recommend + // to either use the cast package or perform manual conversion for safety. + AppOptions interface { + Get(string) + +any +} + + // Application defines an application interface that wraps abci.Application. + // The interface defines the necessary contracts to be implemented in order + // to fully bootstrap and start an application. + Application interface { + ABCI + + RegisterAPIRoutes(*api.Server, config.APIConfig) + + // RegisterGRPCServerWithSkipCheckHeader registers gRPC services directly with the gRPC + // server and bypass check header flag. + RegisterGRPCServerWithSkipCheckHeader(grpc.Server, bool) + + // RegisterTxService registers the gRPC Query service for tx (such as tx + // simulation, fetching txs by hash...). + RegisterTxService(client.Context) + + // RegisterTendermintService registers the gRPC Query service for CometBFT queries. + RegisterTendermintService(client.Context) + + // RegisterNodeService registers the node gRPC Query service. + RegisterNodeService(client.Context, config.Config) + + // CommitMultiStore return the multistore instance + CommitMultiStore() + +storetypes.CommitMultiStore + + // Return the snapshot manager + SnapshotManager() *snapshots.Manager + + // Close is called in start cmd to gracefully cleanup resources. + // Must be safe to be called multiple times. + Close() + +error +} + + // AppCreator is a function that allows us to lazily initialize an + // application using various configurations. + AppCreator func(log.Logger, dbm.DB, io.Writer, AppOptions) + +Application + + // ModuleInitFlags takes a start command and adds modules specific init flags. + ModuleInitFlags func(startCmd *cobra.Command) + + // ExportedApp represents an exported app state, along with + // validators, consensus params and latest app height. + ExportedApp struct { + // AppState is the application state as JSON. + AppState json.RawMessage + // Validators is the exported validator set. + Validators []cmttypes.GenesisValidator + // Height is the app's latest block height. + Height int64 + // ConsensusParams are the exported consensus params for ABCI. + ConsensusParams cmtproto.ConsensusParams +} + + // AppExporter is a function that dumps all app state to + // JSON-serializable structure and returns the current validator set. + AppExporter func( + logger log.Logger, + db dbm.DB, + traceWriter io.Writer, + height int64, + forZeroHeight bool, + jailAllowedAddrs []string, + opts AppOptions, + modulesToExport []string, + ) (ExportedApp, error) +) +``` + +Here are the main actions performed by this function: + +* Instantiate a new [`codec`](/docs/sdk/vnext/learn/advanced/encoding) and initialize the `codec` of each of the application's modules using the [basic manager](/docs/sdk/vnext/build/building-modules/module-manager#basicmanager). +* Instantiate a new application with a reference to a `baseapp` instance, a codec, and all the appropriate store keys. +* Instantiate all the [`keeper`](#keeper) objects defined in the application's `type` using the `NewKeeper` function of each of the application's modules. Note that keepers must be instantiated in the correct order, as the `NewKeeper` of one module might require a reference to another module's `keeper`. +* Instantiate the application's [module manager](/docs/sdk/vnext/build/building-modules/module-manager#manager) with the [`AppModule`](#application-module-interface) object of each of the application's modules. +* With the module manager, initialize the application's [`Msg` services](/docs/sdk/vnext/learn/advanced/baseapp#msg-services), [gRPC `Query` services](/docs/sdk/vnext/learn/advanced/baseapp#grpc-query-services), [legacy `Msg` routes](/docs/sdk/vnext/learn/advanced/baseapp#routing), and [legacy query routes](/docs/sdk/vnext/learn/advanced/baseapp#query-routing). When a transaction is relayed to the application by CometBFT via the ABCI, it is routed to the appropriate module's [`Msg` service](#msg-services) using the routes defined here. Likewise, when a gRPC query request is received by the application, it is routed to the appropriate module's [`gRPC query service`](#grpc-query-services) using the gRPC routes defined here. The Cosmos SDK still supports legacy `Msg`s and legacy CometBFT queries, which are routed using the legacy `Msg` routes and the legacy query routes, respectively. +* With the module manager, register the [application's modules' invariants](/docs/sdk/vnext/build/building-modules/invariants). Invariants are variables (e.g. total supply of a token) that are evaluated at the end of each block. The process of checking invariants is done via a special module called the [`InvariantsRegistry`](/docs/sdk/vnext/build/building-modules/invariants#invariant-registry). The value of the invariant should be equal to a predicted value defined in the module. Should the value be different than the predicted one, special logic defined in the invariant registry is triggered (usually the chain is halted). This is useful to make sure that no critical bug goes unnoticed, producing long-lasting effects that are hard to fix. +* With the module manager, set the order of execution between the `InitGenesis`, `PreBlocker`, `BeginBlocker`, and `EndBlocker` functions of each of the [application's modules](#application-module-interface). Note that not all modules implement these functions. +* Set the remaining application parameters: + * [`InitChainer`](#initchainer): used to initialize the application when it is first started. + * [`PreBlocker`](#preblocker): called before BeginBlock. + * [`BeginBlocker`, `EndBlocker`](#beginblocker-and-endblocker): called at the beginning and at the end of every block. + * [`anteHandler`](/docs/sdk/vnext/learn/advanced/baseapp#antehandler): used to handle fees and signature verification. +* Mount the stores. +* Return the application. + +Note that the constructor function only creates an instance of the app, while the actual state is either carried over from the `~/.app/data` folder if the node is restarted, or generated from the genesis file if the node is started for the first time. + +See an example of application constructor from `simapp`: + +```go expandable +//go:build app_v1 + +package simapp + +import ( + + "encoding/json" + "fmt" + "io" + "maps" + + abci "github.com/cometbft/cometbft/abci/types" + dbm "github.com/cosmos/cosmos-db" + "github.com/cosmos/gogoproto/proto" + "github.com/spf13/cast" + + autocliv1 "cosmossdk.io/api/cosmos/autocli/v1" + reflectionv1 "cosmossdk.io/api/cosmos/reflection/v1" + "cosmossdk.io/client/v2/autocli" + clienthelpers "cosmossdk.io/client/v2/helpers" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/log" + storetypes "cosmossdk.io/store/types" + "cosmossdk.io/x/circuit" + circuitkeeper "cosmossdk.io/x/circuit/keeper" + circuittypes "cosmossdk.io/x/circuit/types" + "cosmossdk.io/x/evidence" + evidencekeeper "cosmossdk.io/x/evidence/keeper" + evidencetypes "cosmossdk.io/x/evidence/types" + "cosmossdk.io/x/feegrant" + feegrantkeeper "cosmossdk.io/x/feegrant/keeper" + feegrantmodule "cosmossdk.io/x/feegrant/module" + "cosmossdk.io/x/nft" + nftkeeper "cosmossdk.io/x/nft/keeper" + nftmodule "cosmossdk.io/x/nft/module" + "cosmossdk.io/x/tx/signing" + "cosmossdk.io/x/upgrade" + upgradekeeper "cosmossdk.io/x/upgrade/keeper" + upgradetypes "cosmossdk.io/x/upgrade/types" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/client/flags" + "github.com/cosmos/cosmos-sdk/client/grpc/cmtservice" + nodeservice "github.com/cosmos/cosmos-sdk/client/grpc/node" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/address" + "github.com/cosmos/cosmos-sdk/codec/types" + "github.com/cosmos/cosmos-sdk/runtime" + runtimeservices "github.com/cosmos/cosmos-sdk/runtime/services" + "github.com/cosmos/cosmos-sdk/server" + "github.com/cosmos/cosmos-sdk/server/api" + "github.com/cosmos/cosmos-sdk/server/config" + servertypes "github.com/cosmos/cosmos-sdk/server/types" + "github.com/cosmos/cosmos-sdk/std" + testdata_pulsar "github.com/cosmos/cosmos-sdk/testutil/testdata/testpb" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/module" + sigtypes "github.com/cosmos/cosmos-sdk/types/tx/signing" + "github.com/cosmos/cosmos-sdk/version" + "github.com/cosmos/cosmos-sdk/x/auth" + "github.com/cosmos/cosmos-sdk/x/auth/ante" + authcodec "github.com/cosmos/cosmos-sdk/x/auth/codec" + authkeeper "github.com/cosmos/cosmos-sdk/x/auth/keeper" + "github.com/cosmos/cosmos-sdk/x/auth/posthandler" + authsims "github.com/cosmos/cosmos-sdk/x/auth/simulation" + "github.com/cosmos/cosmos-sdk/x/auth/tx" + authtx "github.com/cosmos/cosmos-sdk/x/auth/tx" + txmodule "github.com/cosmos/cosmos-sdk/x/auth/tx/config" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + "github.com/cosmos/cosmos-sdk/x/auth/vesting" + vestingtypes "github.com/cosmos/cosmos-sdk/x/auth/vesting/types" + "github.com/cosmos/cosmos-sdk/x/authz" + authzkeeper "github.com/cosmos/cosmos-sdk/x/authz/keeper" + authzmodule "github.com/cosmos/cosmos-sdk/x/authz/module" + "github.com/cosmos/cosmos-sdk/x/bank" + bankkeeper "github.com/cosmos/cosmos-sdk/x/bank/keeper" + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" + consensus "github.com/cosmos/cosmos-sdk/x/consensus" + consensusparamkeeper "github.com/cosmos/cosmos-sdk/x/consensus/keeper" + consensusparamtypes "github.com/cosmos/cosmos-sdk/x/consensus/types" + distr "github.com/cosmos/cosmos-sdk/x/distribution" + distrkeeper "github.com/cosmos/cosmos-sdk/x/distribution/keeper" + distrtypes "github.com/cosmos/cosmos-sdk/x/distribution/types" + "github.com/cosmos/cosmos-sdk/x/epochs" + epochskeeper "github.com/cosmos/cosmos-sdk/x/epochs/keeper" + epochstypes "github.com/cosmos/cosmos-sdk/x/epochs/types" + "github.com/cosmos/cosmos-sdk/x/genutil" + genutiltypes "github.com/cosmos/cosmos-sdk/x/genutil/types" + "github.com/cosmos/cosmos-sdk/x/gov" + govclient "github.com/cosmos/cosmos-sdk/x/gov/client" + govkeeper "github.com/cosmos/cosmos-sdk/x/gov/keeper" + govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" + govv1beta1 "github.com/cosmos/cosmos-sdk/x/gov/types/v1beta1" + "github.com/cosmos/cosmos-sdk/x/group" + groupkeeper "github.com/cosmos/cosmos-sdk/x/group/keeper" + groupmodule "github.com/cosmos/cosmos-sdk/x/group/module" + "github.com/cosmos/cosmos-sdk/x/mint" + mintkeeper "github.com/cosmos/cosmos-sdk/x/mint/keeper" + minttypes "github.com/cosmos/cosmos-sdk/x/mint/types" + "github.com/cosmos/cosmos-sdk/x/protocolpool" + protocolpoolkeeper "github.com/cosmos/cosmos-sdk/x/protocolpool/keeper" + protocolpooltypes "github.com/cosmos/cosmos-sdk/x/protocolpool/types" + "github.com/cosmos/cosmos-sdk/x/slashing" + slashingkeeper "github.com/cosmos/cosmos-sdk/x/slashing/keeper" + slashingtypes "github.com/cosmos/cosmos-sdk/x/slashing/types" + "github.com/cosmos/cosmos-sdk/x/staking" + stakingkeeper "github.com/cosmos/cosmos-sdk/x/staking/keeper" + stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types" +) + +const appName = "SimApp" + +var ( + // DefaultNodeHome default home directories for the application daemon + DefaultNodeHome string + + // module account permissions + maccPerms = map[string][]string{ + authtypes.FeeCollectorName: nil, + distrtypes.ModuleName: nil, + minttypes.ModuleName: { + authtypes.Minter +}, + stakingtypes.BondedPoolName: { + authtypes.Burner, authtypes.Staking +}, + stakingtypes.NotBondedPoolName: { + authtypes.Burner, authtypes.Staking +}, + govtypes.ModuleName: { + authtypes.Burner +}, + nft.ModuleName: nil, + protocolpooltypes.ModuleName: nil, + protocolpooltypes.ProtocolPoolEscrowAccount: nil +} +) + +var ( + _ runtime.AppI = (*SimApp)(nil) + _ servertypes.Application = (*SimApp)(nil) +) + +// SimApp extends an ABCI application, but with most of its parameters exported. +// They are exported for convenience in creating helper functions, as object +// capabilities aren't needed for testing. +type SimApp struct { + *baseapp.BaseApp + legacyAmino *codec.LegacyAmino + appCodec codec.Codec + txConfig client.TxConfig + interfaceRegistry types.InterfaceRegistry + + // keys to access the substores + keys map[string]*storetypes.KVStoreKey + + // essential keepers + AccountKeeper authkeeper.AccountKeeper + BankKeeper bankkeeper.BaseKeeper + StakingKeeper *stakingkeeper.Keeper + SlashingKeeper slashingkeeper.Keeper + MintKeeper mintkeeper.Keeper + DistrKeeper distrkeeper.Keeper + GovKeeper govkeeper.Keeper + UpgradeKeeper *upgradekeeper.Keeper + EvidenceKeeper evidencekeeper.Keeper + ConsensusParamsKeeper consensusparamkeeper.Keeper + CircuitKeeper circuitkeeper.Keeper + + // supplementary keepers + FeeGrantKeeper feegrantkeeper.Keeper + GroupKeeper groupkeeper.Keeper + AuthzKeeper authzkeeper.Keeper + NFTKeeper nftkeeper.Keeper + EpochsKeeper epochskeeper.Keeper + ProtocolPoolKeeper protocolpoolkeeper.Keeper + + // the module manager + ModuleManager *module.Manager + BasicModuleManager module.BasicManager + + // simulation manager + sm *module.SimulationManager + + // module configurator + configurator module.Configurator +} + +func init() { + var err error + DefaultNodeHome, err = clienthelpers.GetNodeHomeDirectory(".simapp") + if err != nil { + panic(err) +} +} + +// NewSimApp returns a reference to an initialized SimApp. +func NewSimApp( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), +) *SimApp { + interfaceRegistry, _ := types.NewInterfaceRegistryWithOptions(types.InterfaceRegistryOptions{ + ProtoFiles: proto.HybridResolver, + SigningOptions: signing.Options{ + AddressCodec: address.Bech32Codec{ + Bech32Prefix: sdk.GetConfig().GetBech32AccountAddrPrefix(), +}, + ValidatorAddressCodec: address.Bech32Codec{ + Bech32Prefix: sdk.GetConfig().GetBech32ValidatorAddrPrefix(), +}, +}, +}) + appCodec := codec.NewProtoCodec(interfaceRegistry) + legacyAmino := codec.NewLegacyAmino() + txConfig := tx.NewTxConfig(appCodec, tx.DefaultSignModes) + if err := interfaceRegistry.SigningContext().Validate(); err != nil { + panic(err) +} + +std.RegisterLegacyAminoCodec(legacyAmino) + +std.RegisterInterfaces(interfaceRegistry) + + // Below we could construct and set an application specific mempool and + // ABCI 1.0 PrepareProposal and ProcessProposal handlers. These defaults are + // already set in the SDK's BaseApp, this shows an example of how to override + // them. + // + // Example: + // + // bApp := baseapp.NewBaseApp(...) + // nonceMempool := mempool.NewSenderNonceMempool() + // abciPropHandler := NewDefaultProposalHandler(nonceMempool, bApp) + // + // bApp.SetMempool(nonceMempool) + // bApp.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // bApp.SetProcessProposal(abciPropHandler.ProcessProposalHandler()) + // + // Alternatively, you can construct BaseApp options, append those to + // baseAppOptions and pass them to NewBaseApp. + // + // Example: + // + // prepareOpt = func(app *baseapp.BaseApp) { + // abciPropHandler := baseapp.NewDefaultProposalHandler(nonceMempool, app) + // app.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // +} + // baseAppOptions = append(baseAppOptions, prepareOpt) + + // create and set dummy vote extension handler + voteExtOp := func(bApp *baseapp.BaseApp) { + voteExtHandler := NewVoteExtensionHandler() + +voteExtHandler.SetHandlers(bApp) +} + +baseAppOptions = append(baseAppOptions, voteExtOp, baseapp.SetOptimisticExecution()) + bApp := baseapp.NewBaseApp(appName, logger, db, txConfig.TxDecoder(), baseAppOptions...) + +bApp.SetCommitMultiStoreTracer(traceStore) + +bApp.SetVersion(version.Version) + +bApp.SetInterfaceRegistry(interfaceRegistry) + +bApp.SetTxEncoder(txConfig.TxEncoder()) + keys := storetypes.NewKVStoreKeys( + authtypes.StoreKey, + banktypes.StoreKey, + stakingtypes.StoreKey, + minttypes.StoreKey, + distrtypes.StoreKey, + slashingtypes.StoreKey, + govtypes.StoreKey, + consensusparamtypes.StoreKey, + upgradetypes.StoreKey, + feegrant.StoreKey, + evidencetypes.StoreKey, + circuittypes.StoreKey, + authzkeeper.StoreKey, + nftkeeper.StoreKey, + group.StoreKey, + epochstypes.StoreKey, + protocolpooltypes.StoreKey, + ) + + // register streaming services + if err := bApp.RegisterStreamingServices(appOpts, keys); err != nil { + panic(err) +} + app := &SimApp{ + BaseApp: bApp, + legacyAmino: legacyAmino, + appCodec: appCodec, + txConfig: txConfig, + interfaceRegistry: interfaceRegistry, + keys: keys, +} + + // set the BaseApp's parameter store + app.ConsensusParamsKeeper = consensusparamkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[consensusparamtypes.StoreKey]), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + runtime.EventService{ +}, + ) + +bApp.SetParamStore(app.ConsensusParamsKeeper.ParamsStore) + + // add keepers + app.AccountKeeper = authkeeper.NewAccountKeeper( + appCodec, + runtime.NewKVStoreService(keys[authtypes.StoreKey]), + authtypes.ProtoBaseAccount, + maccPerms, + authcodec.NewBech32Codec(sdk.Bech32MainPrefix), + sdk.Bech32MainPrefix, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + authkeeper.WithUnorderedTransactions(true), + ) + +app.BankKeeper = bankkeeper.NewBaseKeeper( + appCodec, + runtime.NewKVStoreService(keys[banktypes.StoreKey]), + app.AccountKeeper, + BlockedAddresses(), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + logger, + ) + + // optional: enable sign mode textual by overwriting the default tx config (after setting the bank keeper) + enabledSignModes := append(tx.DefaultSignModes, sigtypes.SignMode_SIGN_MODE_TEXTUAL) + txConfigOpts := tx.ConfigOptions{ + EnabledSignModes: enabledSignModes, + TextualCoinMetadataQueryFn: txmodule.NewBankKeeperCoinMetadataQueryFn(app.BankKeeper), +} + +txConfig, err := tx.NewTxConfigWithOptions( + appCodec, + txConfigOpts, + ) + if err != nil { + panic(err) +} + +app.txConfig = txConfig + + app.StakingKeeper = stakingkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[stakingtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + authcodec.NewBech32Codec(sdk.Bech32PrefixValAddr), + authcodec.NewBech32Codec(sdk.Bech32PrefixConsAddr), + ) + +app.MintKeeper = mintkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[minttypes.StoreKey]), + app.StakingKeeper, + app.AccountKeeper, + app.BankKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + // mintkeeper.WithMintFn(mintkeeper.DefaultMintFn(minttypes.DefaultInflationCalculationFn)), custom mintFn can be added here + ) + +app.ProtocolPoolKeeper = protocolpoolkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[protocolpooltypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + +app.DistrKeeper = distrkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[distrtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + app.StakingKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + distrkeeper.WithExternalCommunityPool(app.ProtocolPoolKeeper), + ) + +app.SlashingKeeper = slashingkeeper.NewKeeper( + appCodec, + legacyAmino, + runtime.NewKVStoreService(keys[slashingtypes.StoreKey]), + app.StakingKeeper, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + +app.FeeGrantKeeper = feegrantkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[feegrant.StoreKey]), + app.AccountKeeper, + ) + + // register the staking hooks + // NOTE: stakingKeeper above is passed by reference, so that it will contain these hooks + app.StakingKeeper.SetHooks( + stakingtypes.NewMultiStakingHooks( + app.DistrKeeper.Hooks(), + app.SlashingKeeper.Hooks(), + ), + ) + +app.CircuitKeeper = circuitkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[circuittypes.StoreKey]), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + app.AccountKeeper.AddressCodec(), + ) + +app.BaseApp.SetCircuitBreaker(&app.CircuitKeeper) + +app.AuthzKeeper = authzkeeper.NewKeeper( + runtime.NewKVStoreService(keys[authzkeeper.StoreKey]), + appCodec, + app.MsgServiceRouter(), + app.AccountKeeper, + ) + groupConfig := group.DefaultConfig() + /* + Example of setting group params: + groupConfig.MaxMetadataLen = 1000 + */ + app.GroupKeeper = groupkeeper.NewKeeper( + keys[group.StoreKey], + appCodec, + app.MsgServiceRouter(), + app.AccountKeeper, + groupConfig, + ) + + // get skipUpgradeHeights from the app options + skipUpgradeHeights := map[int64]bool{ +} + for _, h := range cast.ToIntSlice(appOpts.Get(server.FlagUnsafeSkipUpgrades)) { + skipUpgradeHeights[int64(h)] = true +} + homePath := cast.ToString(appOpts.Get(flags.FlagHome)) + // set the governance module account as the authority for conducting upgrades + app.UpgradeKeeper = upgradekeeper.NewKeeper( + skipUpgradeHeights, + runtime.NewKVStoreService(keys[upgradetypes.StoreKey]), + appCodec, + homePath, + app.BaseApp, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + + // Register the proposal types + // Deprecated: Avoid adding new handlers, instead use the new proposal flow + // by granting the governance module the right to execute the message. + // See: https://docs.cosmos.network/main/modules/gov#proposal-messages + govRouter := govv1beta1.NewRouter() + +govRouter.AddRoute(govtypes.RouterKey, govv1beta1.ProposalHandler) + govConfig := govtypes.DefaultConfig() + /* + Example of setting gov params: + govConfig.MaxMetadataLen = 10000 + */ + govKeeper := govkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[govtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + app.StakingKeeper, + app.DistrKeeper, + app.MsgServiceRouter(), + govConfig, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + // govkeeper.WithCustomCalculateVoteResultsAndVotingPowerFn(...), // Add if you want to use a custom vote calculation function. + ) + + // Set legacy router for backwards compatibility with gov v1beta1 + govKeeper.SetLegacyRouter(govRouter) + +app.GovKeeper = *govKeeper.SetHooks( + govtypes.NewMultiGovHooks( + // register the governance hooks + ), + ) + +app.NFTKeeper = nftkeeper.NewKeeper( + runtime.NewKVStoreService(keys[nftkeeper.StoreKey]), + appCodec, + app.AccountKeeper, + app.BankKeeper, + ) + + // create evidence keeper with router + evidenceKeeper := evidencekeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[evidencetypes.StoreKey]), + app.StakingKeeper, + app.SlashingKeeper, + app.AccountKeeper.AddressCodec(), + runtime.ProvideCometInfoService(), + ) + // If evidence needs to be handled for the app, set routes in router here and seal + app.EvidenceKeeper = *evidenceKeeper + + app.EpochsKeeper = epochskeeper.NewKeeper( + runtime.NewKVStoreService(keys[epochstypes.StoreKey]), + appCodec, + ) + +app.EpochsKeeper.SetHooks( + epochstypes.NewMultiEpochHooks( + // insert epoch hooks receivers here + ), + ) + + /**** Module Options ****/ + + // NOTE: Any module instantiated in the module manager that is later modified + // must be passed by reference here. + app.ModuleManager = module.NewManager( + genutil.NewAppModule( + app.AccountKeeper, app.StakingKeeper, app, + txConfig, + ), + auth.NewAppModule(appCodec, app.AccountKeeper, authsims.RandomGenesisAccounts, nil), + vesting.NewAppModule(app.AccountKeeper, app.BankKeeper), + bank.NewAppModule(appCodec, app.BankKeeper, app.AccountKeeper, nil), + feegrantmodule.NewAppModule(appCodec, app.AccountKeeper, app.BankKeeper, app.FeeGrantKeeper, app.interfaceRegistry), + gov.NewAppModule(appCodec, &app.GovKeeper, app.AccountKeeper, app.BankKeeper, nil), + mint.NewAppModule(appCodec, app.MintKeeper, app.AccountKeeper, nil, nil), + slashing.NewAppModule(appCodec, app.SlashingKeeper, app.AccountKeeper, app.BankKeeper, app.StakingKeeper, nil, app.interfaceRegistry), + distr.NewAppModule(appCodec, app.DistrKeeper, app.AccountKeeper, app.BankKeeper, app.StakingKeeper, nil), + staking.NewAppModule(appCodec, app.StakingKeeper, app.AccountKeeper, app.BankKeeper, nil), + upgrade.NewAppModule(app.UpgradeKeeper, app.AccountKeeper.AddressCodec()), + evidence.NewAppModule(app.EvidenceKeeper), + authzmodule.NewAppModule(appCodec, app.AuthzKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry), + groupmodule.NewAppModule(appCodec, app.GroupKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry), + nftmodule.NewAppModule(appCodec, app.NFTKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry), + consensus.NewAppModule(appCodec, app.ConsensusParamsKeeper), + circuit.NewAppModule(appCodec, app.CircuitKeeper), + epochs.NewAppModule(app.EpochsKeeper), + protocolpool.NewAppModule(app.ProtocolPoolKeeper, app.AccountKeeper, app.BankKeeper), + ) + + // BasicModuleManager defines the module BasicManager is in charge of setting up basic, + // non-dependant module elements, such as codec registration and genesis verification. + // By default it is composed of all the module from the module manager. + // Additionally, app module basics can be overwritten by passing them as argument. + app.BasicModuleManager = module.NewBasicManagerFromManager( + app.ModuleManager, + map[string]module.AppModuleBasic{ + genutiltypes.ModuleName: genutil.NewAppModuleBasic(genutiltypes.DefaultMessageValidator), + govtypes.ModuleName: gov.NewAppModuleBasic( + []govclient.ProposalHandler{ +}, + ), +}) + +app.BasicModuleManager.RegisterLegacyAminoCodec(legacyAmino) + +app.BasicModuleManager.RegisterInterfaces(interfaceRegistry) + + // NOTE: upgrade module is required to be prioritized + app.ModuleManager.SetOrderPreBlockers( + upgradetypes.ModuleName, + authtypes.ModuleName, + ) + // During begin block slashing happens after distr.BeginBlocker so that + // there is nothing left over in the validator fee pool, so as to keep the + // CanWithdrawInvariant invariant. + // NOTE: staking module is required if HistoricalEntries param > 0 + app.ModuleManager.SetOrderBeginBlockers( + minttypes.ModuleName, + distrtypes.ModuleName, + protocolpooltypes.ModuleName, + slashingtypes.ModuleName, + evidencetypes.ModuleName, + stakingtypes.ModuleName, + genutiltypes.ModuleName, + authz.ModuleName, + epochstypes.ModuleName, + ) + +app.ModuleManager.SetOrderEndBlockers( + govtypes.ModuleName, + stakingtypes.ModuleName, + genutiltypes.ModuleName, + feegrant.ModuleName, + group.ModuleName, + protocolpooltypes.ModuleName, + ) + + // NOTE: The genutils module must occur after staking so that pools are + // properly initialized with tokens from genesis accounts. + // NOTE: The genutils module must also occur after auth so that it can access the params from auth. + genesisModuleOrder := []string{ + authtypes.ModuleName, + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + nft.ModuleName, + group.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + consensusparamtypes.ModuleName, + circuittypes.ModuleName, + epochstypes.ModuleName, + protocolpooltypes.ModuleName, +} + exportModuleOrder := []string{ + consensusparamtypes.ModuleName, + authtypes.ModuleName, + protocolpooltypes.ModuleName, // Must be exported before bank + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + nft.ModuleName, + group.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + circuittypes.ModuleName, + epochstypes.ModuleName, +} + +app.ModuleManager.SetOrderInitGenesis(genesisModuleOrder...) + +app.ModuleManager.SetOrderExportGenesis(exportModuleOrder...) + + // Uncomment if you want to set a custom migration order here. + // app.ModuleManager.SetOrderMigrations(custom order) + +app.configurator = module.NewConfigurator(app.appCodec, app.MsgServiceRouter(), app.GRPCQueryRouter()) + +err = app.ModuleManager.RegisterServices(app.configurator) + if err != nil { + panic(err) +} + + // RegisterUpgradeHandlers is used for registering any on-chain upgrades. + // Make sure it's called after `app.ModuleManager` and `app.configurator` are set. + app.RegisterUpgradeHandlers() + +autocliv1.RegisterQueryServer(app.GRPCQueryRouter(), runtimeservices.NewAutoCLIQueryService(app.ModuleManager.Modules)) + +reflectionSvc, err := runtimeservices.NewReflectionService() + if err != nil { + panic(err) +} + +reflectionv1.RegisterReflectionServiceServer(app.GRPCQueryRouter(), reflectionSvc) + + // add test gRPC service for testing gRPC queries in isolation + testdata_pulsar.RegisterQueryServer(app.GRPCQueryRouter(), testdata_pulsar.QueryImpl{ +}) + + // create the simulation manager and define the order of the modules for deterministic simulations + // + // NOTE: this is not required apps that don't use the simulator for fuzz testing + // transactions + overrideModules := map[string]module.AppModuleSimulation{ + authtypes.ModuleName: auth.NewAppModule(app.appCodec, app.AccountKeeper, authsims.RandomGenesisAccounts, nil), +} + +app.sm = module.NewSimulationManagerFromAppModules(app.ModuleManager.Modules, overrideModules) + +app.sm.RegisterStoreDecoders() + + // initialize stores + app.MountKVStores(keys) + + // initialize BaseApp + app.SetInitChainer(app.InitChainer) + +app.SetPreBlocker(app.PreBlocker) + +app.SetBeginBlocker(app.BeginBlocker) + +app.SetEndBlocker(app.EndBlocker) + +app.setAnteHandler(txConfig) + + // In v0.46, the SDK introduces _postHandlers_. PostHandlers are like + // antehandlers, but are run _after_ the `runMsgs` execution. They are also + // defined as a chain, and have the same signature as antehandlers. + // + // In baseapp, postHandlers are run in the same store branch as `runMsgs`, + // meaning that both `runMsgs` and `postHandler` state will be committed if + // both are successful, and both will be reverted if any of the two fails. + // + // The SDK exposes a default postHandlers chain + // + // Please note that changing any of the anteHandler or postHandler chain is + // likely to be a state-machine breaking change, which needs a coordinated + // upgrade. + app.setPostHandler() + if loadLatest { + if err := app.LoadLatestVersion(); err != nil { + panic(fmt.Errorf("error loading last version: %w", err)) +} + +} + +return app +} + +func (app *SimApp) + +setAnteHandler(txConfig client.TxConfig) { + anteHandler, err := NewAnteHandler( + HandlerOptions{ + ante.HandlerOptions{ + AccountKeeper: app.AccountKeeper, + BankKeeper: app.BankKeeper, + SignModeHandler: txConfig.SignModeHandler(), + FeegrantKeeper: app.FeeGrantKeeper, + SigGasConsumer: ante.DefaultSigVerificationGasConsumer, + SigVerifyOptions: []ante.SigVerificationDecoratorOption{ + // change below as needed. + ante.WithUnorderedTxGasCost(ante.DefaultUnorderedTxGasCost), + ante.WithMaxUnorderedTxTimeoutDuration(ante.DefaultMaxTimeoutDuration), +}, +}, + &app.CircuitKeeper, +}, + ) + if err != nil { + panic(err) +} + + // Set the AnteHandler for the app + app.SetAnteHandler(anteHandler) +} + +func (app *SimApp) + +setPostHandler() { + postHandler, err := posthandler.NewPostHandler( + posthandler.HandlerOptions{ +}, + ) + if err != nil { + panic(err) +} + +app.SetPostHandler(postHandler) +} + +// Name returns the name of the App +func (app *SimApp) + +Name() + +string { + return app.BaseApp.Name() +} + +// PreBlocker application updates every pre block +func (app *SimApp) + +PreBlocker(ctx sdk.Context, _ *abci.RequestFinalizeBlock) (*sdk.ResponsePreBlock, error) { + return app.ModuleManager.PreBlock(ctx) +} + +// BeginBlocker application updates every begin block +func (app *SimApp) + +BeginBlocker(ctx sdk.Context) (sdk.BeginBlock, error) { + return app.ModuleManager.BeginBlock(ctx) +} + +// EndBlocker application updates every end block +func (app *SimApp) + +EndBlocker(ctx sdk.Context) (sdk.EndBlock, error) { + return app.ModuleManager.EndBlock(ctx) +} + +func (a *SimApp) + +Configurator() + +module.Configurator { + return a.configurator +} + +// InitChainer application update at chain initialization +func (app *SimApp) + +InitChainer(ctx sdk.Context, req *abci.RequestInitChain) (*abci.ResponseInitChain, error) { + var genesisState GenesisState + if err := json.Unmarshal(req.AppStateBytes, &genesisState); err != nil { + panic(err) +} + +app.UpgradeKeeper.SetModuleVersionMap(ctx, app.ModuleManager.GetVersionMap()) + +return app.ModuleManager.InitGenesis(ctx, app.appCodec, genesisState) +} + +// LoadHeight loads a particular height +func (app *SimApp) + +LoadHeight(height int64) + +error { + return app.LoadVersion(height) +} + +// LegacyAmino returns SimApp's amino codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +LegacyAmino() *codec.LegacyAmino { + return app.legacyAmino +} + +// AppCodec returns SimApp's app codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +AppCodec() + +codec.Codec { + return app.appCodec +} + +// InterfaceRegistry returns SimApp's InterfaceRegistry +func (app *SimApp) + +InterfaceRegistry() + +types.InterfaceRegistry { + return app.interfaceRegistry +} + +// TxConfig returns SimApp's TxConfig +func (app *SimApp) + +TxConfig() + +client.TxConfig { + return app.txConfig +} + +// AutoCliOpts returns the autocli options for the app. +func (app *SimApp) + +AutoCliOpts() + +autocli.AppOptions { + modules := make(map[string]appmodule.AppModule, 0) + for _, m := range app.ModuleManager.Modules { + if moduleWithName, ok := m.(module.HasName); ok { + moduleName := moduleWithName.Name() + if appModule, ok := moduleWithName.(appmodule.AppModule); ok { + modules[moduleName] = appModule +} + +} + +} + +return autocli.AppOptions{ + Modules: modules, + ModuleOptions: runtimeservices.ExtractAutoCLIOptions(app.ModuleManager.Modules), + AddressCodec: authcodec.NewBech32Codec(sdk.GetConfig().GetBech32AccountAddrPrefix()), + ValidatorAddressCodec: authcodec.NewBech32Codec(sdk.GetConfig().GetBech32ValidatorAddrPrefix()), + ConsensusAddressCodec: authcodec.NewBech32Codec(sdk.GetConfig().GetBech32ConsensusAddrPrefix()), +} +} + +// DefaultGenesis returns a default genesis from the registered AppModuleBasic's. +func (a *SimApp) + +DefaultGenesis() + +map[string]json.RawMessage { + return a.BasicModuleManager.DefaultGenesis(a.appCodec) +} + +// GetKey returns the KVStoreKey for the provided store key. +// +// NOTE: This is solely to be used for testing purposes. +func (app *SimApp) + +GetKey(storeKey string) *storetypes.KVStoreKey { + return app.keys[storeKey] +} + +// GetStoreKeys returns all the stored store keys. +func (app *SimApp) + +GetStoreKeys() []storetypes.StoreKey { + keys := make([]storetypes.StoreKey, 0, len(app.keys)) + for _, key := range app.keys { + keys = append(keys, key) +} + +return keys +} + +// SimulationManager implements the SimulationApp interface +func (app *SimApp) + +SimulationManager() *module.SimulationManager { + return app.sm +} + +// RegisterAPIRoutes registers all application module routes with the provided +// API server. +func (app *SimApp) + +RegisterAPIRoutes(apiSvr *api.Server, apiConfig config.APIConfig) { + clientCtx := apiSvr.ClientCtx + // Register new tx routes from grpc-gateway. + authtx.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // Register new CometBFT queries routes from grpc-gateway. + cmtservice.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // Register node gRPC service for grpc-gateway. + nodeservice.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // Register grpc-gateway routes for all modules. + app.BasicModuleManager.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // register swagger API from root so that other applications can override easily + if err := server.RegisterSwaggerAPI(apiSvr.ClientCtx, apiSvr.Router, apiConfig.Swagger); err != nil { + panic(err) +} +} + +// RegisterTxService implements the Application.RegisterTxService method. +func (app *SimApp) + +RegisterTxService(clientCtx client.Context) { + authtx.RegisterTxService(app.BaseApp.GRPCQueryRouter(), clientCtx, app.BaseApp.Simulate, app.interfaceRegistry) +} + +// RegisterTendermintService implements the Application.RegisterTendermintService method. +func (app *SimApp) + +RegisterTendermintService(clientCtx client.Context) { + cmtApp := server.NewCometABCIWrapper(app) + +cmtservice.RegisterTendermintService( + clientCtx, + app.BaseApp.GRPCQueryRouter(), + app.interfaceRegistry, + cmtApp.Query, + ) +} + +func (app *SimApp) + +RegisterNodeService(clientCtx client.Context, cfg config.Config) { + nodeservice.RegisterNodeService(clientCtx, app.GRPCQueryRouter(), cfg) +} + +// GetMaccPerms returns a copy of the module account permissions +// +// NOTE: This is solely to be used for testing purposes. +func GetMaccPerms() + +map[string][]string { + return maps.Clone(maccPerms) +} + +// BlockedAddresses returns all the app's blocked account addresses. +func BlockedAddresses() + +map[string]bool { + modAccAddrs := make(map[string]bool) + for acc := range GetMaccPerms() { + modAccAddrs[authtypes.NewModuleAddress(acc).String()] = true +} + + // allow the following addresses to receive funds + delete(modAccAddrs, authtypes.NewModuleAddress(govtypes.ModuleName).String()) + +return modAccAddrs +} +``` + +### InitChainer + +The `InitChainer` is a function that initializes the state of the application from a genesis file (i.e. token balances of genesis accounts). It is called when the application receives the `InitChain` message from the CometBFT engine, which happens when the node is started at `appBlockHeight == 0` (i.e. on genesis). The application must set the `InitChainer` in its [constructor](#constructor-function) via the [`SetInitChainer`](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/baseapp#BaseApp.SetInitChainer) method. + +In general, the `InitChainer` is mostly composed of the [`InitGenesis`](/docs/sdk/vnext/build/building-modules/genesis#initgenesis) function of each of the application's modules. This is done by calling the `InitGenesis` function of the module manager, which in turn calls the `InitGenesis` function of each of the modules it contains. Note that the order in which the modules' `InitGenesis` functions must be called has to be set in the module manager using the [module manager's](/docs/sdk/vnext/build/building-modules/module-manager) `SetOrderInitGenesis` method. This is done in the [application's constructor](#constructor-function), and the `SetOrderInitGenesis` has to be called before the `SetInitChainer`. + +See an example of an `InitChainer` from `simapp`: + +```go expandable +//go:build app_v1 + +package simapp + +import ( + + "encoding/json" + "fmt" + "io" + "maps" + + abci "github.com/cometbft/cometbft/abci/types" + dbm "github.com/cosmos/cosmos-db" + "github.com/cosmos/gogoproto/proto" + "github.com/spf13/cast" + + autocliv1 "cosmossdk.io/api/cosmos/autocli/v1" + reflectionv1 "cosmossdk.io/api/cosmos/reflection/v1" + "cosmossdk.io/client/v2/autocli" + clienthelpers "cosmossdk.io/client/v2/helpers" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/log" + storetypes "cosmossdk.io/store/types" + "cosmossdk.io/x/circuit" + circuitkeeper "cosmossdk.io/x/circuit/keeper" + circuittypes "cosmossdk.io/x/circuit/types" + "cosmossdk.io/x/evidence" + evidencekeeper "cosmossdk.io/x/evidence/keeper" + evidencetypes "cosmossdk.io/x/evidence/types" + "cosmossdk.io/x/feegrant" + feegrantkeeper "cosmossdk.io/x/feegrant/keeper" + feegrantmodule "cosmossdk.io/x/feegrant/module" + "cosmossdk.io/x/nft" + nftkeeper "cosmossdk.io/x/nft/keeper" + nftmodule "cosmossdk.io/x/nft/module" + "cosmossdk.io/x/tx/signing" + "cosmossdk.io/x/upgrade" + upgradekeeper "cosmossdk.io/x/upgrade/keeper" + upgradetypes "cosmossdk.io/x/upgrade/types" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/client/flags" + "github.com/cosmos/cosmos-sdk/client/grpc/cmtservice" + nodeservice "github.com/cosmos/cosmos-sdk/client/grpc/node" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/address" + "github.com/cosmos/cosmos-sdk/codec/types" + "github.com/cosmos/cosmos-sdk/runtime" + runtimeservices "github.com/cosmos/cosmos-sdk/runtime/services" + "github.com/cosmos/cosmos-sdk/server" + "github.com/cosmos/cosmos-sdk/server/api" + "github.com/cosmos/cosmos-sdk/server/config" + servertypes "github.com/cosmos/cosmos-sdk/server/types" + "github.com/cosmos/cosmos-sdk/std" + testdata_pulsar "github.com/cosmos/cosmos-sdk/testutil/testdata/testpb" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/module" + sigtypes "github.com/cosmos/cosmos-sdk/types/tx/signing" + "github.com/cosmos/cosmos-sdk/version" + "github.com/cosmos/cosmos-sdk/x/auth" + "github.com/cosmos/cosmos-sdk/x/auth/ante" + authcodec "github.com/cosmos/cosmos-sdk/x/auth/codec" + authkeeper "github.com/cosmos/cosmos-sdk/x/auth/keeper" + "github.com/cosmos/cosmos-sdk/x/auth/posthandler" + authsims "github.com/cosmos/cosmos-sdk/x/auth/simulation" + "github.com/cosmos/cosmos-sdk/x/auth/tx" + authtx "github.com/cosmos/cosmos-sdk/x/auth/tx" + txmodule "github.com/cosmos/cosmos-sdk/x/auth/tx/config" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + "github.com/cosmos/cosmos-sdk/x/auth/vesting" + vestingtypes "github.com/cosmos/cosmos-sdk/x/auth/vesting/types" + "github.com/cosmos/cosmos-sdk/x/authz" + authzkeeper "github.com/cosmos/cosmos-sdk/x/authz/keeper" + authzmodule "github.com/cosmos/cosmos-sdk/x/authz/module" + "github.com/cosmos/cosmos-sdk/x/bank" + bankkeeper "github.com/cosmos/cosmos-sdk/x/bank/keeper" + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" + consensus "github.com/cosmos/cosmos-sdk/x/consensus" + consensusparamkeeper "github.com/cosmos/cosmos-sdk/x/consensus/keeper" + consensusparamtypes "github.com/cosmos/cosmos-sdk/x/consensus/types" + distr "github.com/cosmos/cosmos-sdk/x/distribution" + distrkeeper "github.com/cosmos/cosmos-sdk/x/distribution/keeper" + distrtypes "github.com/cosmos/cosmos-sdk/x/distribution/types" + "github.com/cosmos/cosmos-sdk/x/epochs" + epochskeeper "github.com/cosmos/cosmos-sdk/x/epochs/keeper" + epochstypes "github.com/cosmos/cosmos-sdk/x/epochs/types" + "github.com/cosmos/cosmos-sdk/x/genutil" + genutiltypes "github.com/cosmos/cosmos-sdk/x/genutil/types" + "github.com/cosmos/cosmos-sdk/x/gov" + govclient "github.com/cosmos/cosmos-sdk/x/gov/client" + govkeeper "github.com/cosmos/cosmos-sdk/x/gov/keeper" + govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" + govv1beta1 "github.com/cosmos/cosmos-sdk/x/gov/types/v1beta1" + "github.com/cosmos/cosmos-sdk/x/group" + groupkeeper "github.com/cosmos/cosmos-sdk/x/group/keeper" + groupmodule "github.com/cosmos/cosmos-sdk/x/group/module" + "github.com/cosmos/cosmos-sdk/x/mint" + mintkeeper "github.com/cosmos/cosmos-sdk/x/mint/keeper" + minttypes "github.com/cosmos/cosmos-sdk/x/mint/types" + "github.com/cosmos/cosmos-sdk/x/protocolpool" + protocolpoolkeeper "github.com/cosmos/cosmos-sdk/x/protocolpool/keeper" + protocolpooltypes "github.com/cosmos/cosmos-sdk/x/protocolpool/types" + "github.com/cosmos/cosmos-sdk/x/slashing" + slashingkeeper "github.com/cosmos/cosmos-sdk/x/slashing/keeper" + slashingtypes "github.com/cosmos/cosmos-sdk/x/slashing/types" + "github.com/cosmos/cosmos-sdk/x/staking" + stakingkeeper "github.com/cosmos/cosmos-sdk/x/staking/keeper" + stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types" +) + +const appName = "SimApp" + +var ( + // DefaultNodeHome default home directories for the application daemon + DefaultNodeHome string + + // module account permissions + maccPerms = map[string][]string{ + authtypes.FeeCollectorName: nil, + distrtypes.ModuleName: nil, + minttypes.ModuleName: { + authtypes.Minter +}, + stakingtypes.BondedPoolName: { + authtypes.Burner, authtypes.Staking +}, + stakingtypes.NotBondedPoolName: { + authtypes.Burner, authtypes.Staking +}, + govtypes.ModuleName: { + authtypes.Burner +}, + nft.ModuleName: nil, + protocolpooltypes.ModuleName: nil, + protocolpooltypes.ProtocolPoolEscrowAccount: nil +} +) + +var ( + _ runtime.AppI = (*SimApp)(nil) + _ servertypes.Application = (*SimApp)(nil) +) + +// SimApp extends an ABCI application, but with most of its parameters exported. +// They are exported for convenience in creating helper functions, as object +// capabilities aren't needed for testing. +type SimApp struct { + *baseapp.BaseApp + legacyAmino *codec.LegacyAmino + appCodec codec.Codec + txConfig client.TxConfig + interfaceRegistry types.InterfaceRegistry + + // keys to access the substores + keys map[string]*storetypes.KVStoreKey + + // essential keepers + AccountKeeper authkeeper.AccountKeeper + BankKeeper bankkeeper.BaseKeeper + StakingKeeper *stakingkeeper.Keeper + SlashingKeeper slashingkeeper.Keeper + MintKeeper mintkeeper.Keeper + DistrKeeper distrkeeper.Keeper + GovKeeper govkeeper.Keeper + UpgradeKeeper *upgradekeeper.Keeper + EvidenceKeeper evidencekeeper.Keeper + ConsensusParamsKeeper consensusparamkeeper.Keeper + CircuitKeeper circuitkeeper.Keeper + + // supplementary keepers + FeeGrantKeeper feegrantkeeper.Keeper + GroupKeeper groupkeeper.Keeper + AuthzKeeper authzkeeper.Keeper + NFTKeeper nftkeeper.Keeper + EpochsKeeper epochskeeper.Keeper + ProtocolPoolKeeper protocolpoolkeeper.Keeper + + // the module manager + ModuleManager *module.Manager + BasicModuleManager module.BasicManager + + // simulation manager + sm *module.SimulationManager + + // module configurator + configurator module.Configurator +} + +func init() { + var err error + DefaultNodeHome, err = clienthelpers.GetNodeHomeDirectory(".simapp") + if err != nil { + panic(err) +} +} + +// NewSimApp returns a reference to an initialized SimApp. +func NewSimApp( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), +) *SimApp { + interfaceRegistry, _ := types.NewInterfaceRegistryWithOptions(types.InterfaceRegistryOptions{ + ProtoFiles: proto.HybridResolver, + SigningOptions: signing.Options{ + AddressCodec: address.Bech32Codec{ + Bech32Prefix: sdk.GetConfig().GetBech32AccountAddrPrefix(), +}, + ValidatorAddressCodec: address.Bech32Codec{ + Bech32Prefix: sdk.GetConfig().GetBech32ValidatorAddrPrefix(), +}, +}, +}) + appCodec := codec.NewProtoCodec(interfaceRegistry) + legacyAmino := codec.NewLegacyAmino() + txConfig := tx.NewTxConfig(appCodec, tx.DefaultSignModes) + if err := interfaceRegistry.SigningContext().Validate(); err != nil { + panic(err) +} + +std.RegisterLegacyAminoCodec(legacyAmino) + +std.RegisterInterfaces(interfaceRegistry) + + // Below we could construct and set an application specific mempool and + // ABCI 1.0 PrepareProposal and ProcessProposal handlers. These defaults are + // already set in the SDK's BaseApp, this shows an example of how to override + // them. + // + // Example: + // + // bApp := baseapp.NewBaseApp(...) + // nonceMempool := mempool.NewSenderNonceMempool() + // abciPropHandler := NewDefaultProposalHandler(nonceMempool, bApp) + // + // bApp.SetMempool(nonceMempool) + // bApp.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // bApp.SetProcessProposal(abciPropHandler.ProcessProposalHandler()) + // + // Alternatively, you can construct BaseApp options, append those to + // baseAppOptions and pass them to NewBaseApp. + // + // Example: + // + // prepareOpt = func(app *baseapp.BaseApp) { + // abciPropHandler := baseapp.NewDefaultProposalHandler(nonceMempool, app) + // app.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // +} + // baseAppOptions = append(baseAppOptions, prepareOpt) + + // create and set dummy vote extension handler + voteExtOp := func(bApp *baseapp.BaseApp) { + voteExtHandler := NewVoteExtensionHandler() + +voteExtHandler.SetHandlers(bApp) +} + +baseAppOptions = append(baseAppOptions, voteExtOp, baseapp.SetOptimisticExecution()) + bApp := baseapp.NewBaseApp(appName, logger, db, txConfig.TxDecoder(), baseAppOptions...) + +bApp.SetCommitMultiStoreTracer(traceStore) + +bApp.SetVersion(version.Version) + +bApp.SetInterfaceRegistry(interfaceRegistry) + +bApp.SetTxEncoder(txConfig.TxEncoder()) + keys := storetypes.NewKVStoreKeys( + authtypes.StoreKey, + banktypes.StoreKey, + stakingtypes.StoreKey, + minttypes.StoreKey, + distrtypes.StoreKey, + slashingtypes.StoreKey, + govtypes.StoreKey, + consensusparamtypes.StoreKey, + upgradetypes.StoreKey, + feegrant.StoreKey, + evidencetypes.StoreKey, + circuittypes.StoreKey, + authzkeeper.StoreKey, + nftkeeper.StoreKey, + group.StoreKey, + epochstypes.StoreKey, + protocolpooltypes.StoreKey, + ) + + // register streaming services + if err := bApp.RegisterStreamingServices(appOpts, keys); err != nil { + panic(err) +} + app := &SimApp{ + BaseApp: bApp, + legacyAmino: legacyAmino, + appCodec: appCodec, + txConfig: txConfig, + interfaceRegistry: interfaceRegistry, + keys: keys, +} + + // set the BaseApp's parameter store + app.ConsensusParamsKeeper = consensusparamkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[consensusparamtypes.StoreKey]), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + runtime.EventService{ +}, + ) + +bApp.SetParamStore(app.ConsensusParamsKeeper.ParamsStore) + + // add keepers + app.AccountKeeper = authkeeper.NewAccountKeeper( + appCodec, + runtime.NewKVStoreService(keys[authtypes.StoreKey]), + authtypes.ProtoBaseAccount, + maccPerms, + authcodec.NewBech32Codec(sdk.Bech32MainPrefix), + sdk.Bech32MainPrefix, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + authkeeper.WithUnorderedTransactions(true), + ) + +app.BankKeeper = bankkeeper.NewBaseKeeper( + appCodec, + runtime.NewKVStoreService(keys[banktypes.StoreKey]), + app.AccountKeeper, + BlockedAddresses(), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + logger, + ) + + // optional: enable sign mode textual by overwriting the default tx config (after setting the bank keeper) + enabledSignModes := append(tx.DefaultSignModes, sigtypes.SignMode_SIGN_MODE_TEXTUAL) + txConfigOpts := tx.ConfigOptions{ + EnabledSignModes: enabledSignModes, + TextualCoinMetadataQueryFn: txmodule.NewBankKeeperCoinMetadataQueryFn(app.BankKeeper), +} + +txConfig, err := tx.NewTxConfigWithOptions( + appCodec, + txConfigOpts, + ) + if err != nil { + panic(err) +} + +app.txConfig = txConfig + + app.StakingKeeper = stakingkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[stakingtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + authcodec.NewBech32Codec(sdk.Bech32PrefixValAddr), + authcodec.NewBech32Codec(sdk.Bech32PrefixConsAddr), + ) + +app.MintKeeper = mintkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[minttypes.StoreKey]), + app.StakingKeeper, + app.AccountKeeper, + app.BankKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + // mintkeeper.WithMintFn(mintkeeper.DefaultMintFn(minttypes.DefaultInflationCalculationFn)), custom mintFn can be added here + ) + +app.ProtocolPoolKeeper = protocolpoolkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[protocolpooltypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + +app.DistrKeeper = distrkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[distrtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + app.StakingKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + distrkeeper.WithExternalCommunityPool(app.ProtocolPoolKeeper), + ) + +app.SlashingKeeper = slashingkeeper.NewKeeper( + appCodec, + legacyAmino, + runtime.NewKVStoreService(keys[slashingtypes.StoreKey]), + app.StakingKeeper, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + +app.FeeGrantKeeper = feegrantkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[feegrant.StoreKey]), + app.AccountKeeper, + ) + + // register the staking hooks + // NOTE: stakingKeeper above is passed by reference, so that it will contain these hooks + app.StakingKeeper.SetHooks( + stakingtypes.NewMultiStakingHooks( + app.DistrKeeper.Hooks(), + app.SlashingKeeper.Hooks(), + ), + ) + +app.CircuitKeeper = circuitkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[circuittypes.StoreKey]), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + app.AccountKeeper.AddressCodec(), + ) + +app.BaseApp.SetCircuitBreaker(&app.CircuitKeeper) + +app.AuthzKeeper = authzkeeper.NewKeeper( + runtime.NewKVStoreService(keys[authzkeeper.StoreKey]), + appCodec, + app.MsgServiceRouter(), + app.AccountKeeper, + ) + groupConfig := group.DefaultConfig() + /* + Example of setting group params: + groupConfig.MaxMetadataLen = 1000 + */ + app.GroupKeeper = groupkeeper.NewKeeper( + keys[group.StoreKey], + appCodec, + app.MsgServiceRouter(), + app.AccountKeeper, + groupConfig, + ) + + // get skipUpgradeHeights from the app options + skipUpgradeHeights := map[int64]bool{ +} + for _, h := range cast.ToIntSlice(appOpts.Get(server.FlagUnsafeSkipUpgrades)) { + skipUpgradeHeights[int64(h)] = true +} + homePath := cast.ToString(appOpts.Get(flags.FlagHome)) + // set the governance module account as the authority for conducting upgrades + app.UpgradeKeeper = upgradekeeper.NewKeeper( + skipUpgradeHeights, + runtime.NewKVStoreService(keys[upgradetypes.StoreKey]), + appCodec, + homePath, + app.BaseApp, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + + // Register the proposal types + // Deprecated: Avoid adding new handlers, instead use the new proposal flow + // by granting the governance module the right to execute the message. + // See: https://docs.cosmos.network/main/modules/gov#proposal-messages + govRouter := govv1beta1.NewRouter() + +govRouter.AddRoute(govtypes.RouterKey, govv1beta1.ProposalHandler) + govConfig := govtypes.DefaultConfig() + /* + Example of setting gov params: + govConfig.MaxMetadataLen = 10000 + */ + govKeeper := govkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[govtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + app.StakingKeeper, + app.DistrKeeper, + app.MsgServiceRouter(), + govConfig, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + // govkeeper.WithCustomCalculateVoteResultsAndVotingPowerFn(...), // Add if you want to use a custom vote calculation function. + ) + + // Set legacy router for backwards compatibility with gov v1beta1 + govKeeper.SetLegacyRouter(govRouter) + +app.GovKeeper = *govKeeper.SetHooks( + govtypes.NewMultiGovHooks( + // register the governance hooks + ), + ) + +app.NFTKeeper = nftkeeper.NewKeeper( + runtime.NewKVStoreService(keys[nftkeeper.StoreKey]), + appCodec, + app.AccountKeeper, + app.BankKeeper, + ) + + // create evidence keeper with router + evidenceKeeper := evidencekeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[evidencetypes.StoreKey]), + app.StakingKeeper, + app.SlashingKeeper, + app.AccountKeeper.AddressCodec(), + runtime.ProvideCometInfoService(), + ) + // If evidence needs to be handled for the app, set routes in router here and seal + app.EvidenceKeeper = *evidenceKeeper + + app.EpochsKeeper = epochskeeper.NewKeeper( + runtime.NewKVStoreService(keys[epochstypes.StoreKey]), + appCodec, + ) + +app.EpochsKeeper.SetHooks( + epochstypes.NewMultiEpochHooks( + // insert epoch hooks receivers here + ), + ) + + /**** Module Options ****/ + + // NOTE: Any module instantiated in the module manager that is later modified + // must be passed by reference here. + app.ModuleManager = module.NewManager( + genutil.NewAppModule( + app.AccountKeeper, app.StakingKeeper, app, + txConfig, + ), + auth.NewAppModule(appCodec, app.AccountKeeper, authsims.RandomGenesisAccounts, nil), + vesting.NewAppModule(app.AccountKeeper, app.BankKeeper), + bank.NewAppModule(appCodec, app.BankKeeper, app.AccountKeeper, nil), + feegrantmodule.NewAppModule(appCodec, app.AccountKeeper, app.BankKeeper, app.FeeGrantKeeper, app.interfaceRegistry), + gov.NewAppModule(appCodec, &app.GovKeeper, app.AccountKeeper, app.BankKeeper, nil), + mint.NewAppModule(appCodec, app.MintKeeper, app.AccountKeeper, nil, nil), + slashing.NewAppModule(appCodec, app.SlashingKeeper, app.AccountKeeper, app.BankKeeper, app.StakingKeeper, nil, app.interfaceRegistry), + distr.NewAppModule(appCodec, app.DistrKeeper, app.AccountKeeper, app.BankKeeper, app.StakingKeeper, nil), + staking.NewAppModule(appCodec, app.StakingKeeper, app.AccountKeeper, app.BankKeeper, nil), + upgrade.NewAppModule(app.UpgradeKeeper, app.AccountKeeper.AddressCodec()), + evidence.NewAppModule(app.EvidenceKeeper), + authzmodule.NewAppModule(appCodec, app.AuthzKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry), + groupmodule.NewAppModule(appCodec, app.GroupKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry), + nftmodule.NewAppModule(appCodec, app.NFTKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry), + consensus.NewAppModule(appCodec, app.ConsensusParamsKeeper), + circuit.NewAppModule(appCodec, app.CircuitKeeper), + epochs.NewAppModule(app.EpochsKeeper), + protocolpool.NewAppModule(app.ProtocolPoolKeeper, app.AccountKeeper, app.BankKeeper), + ) + + // BasicModuleManager defines the module BasicManager is in charge of setting up basic, + // non-dependant module elements, such as codec registration and genesis verification. + // By default it is composed of all the module from the module manager. + // Additionally, app module basics can be overwritten by passing them as argument. + app.BasicModuleManager = module.NewBasicManagerFromManager( + app.ModuleManager, + map[string]module.AppModuleBasic{ + genutiltypes.ModuleName: genutil.NewAppModuleBasic(genutiltypes.DefaultMessageValidator), + govtypes.ModuleName: gov.NewAppModuleBasic( + []govclient.ProposalHandler{ +}, + ), +}) + +app.BasicModuleManager.RegisterLegacyAminoCodec(legacyAmino) + +app.BasicModuleManager.RegisterInterfaces(interfaceRegistry) + + // NOTE: upgrade module is required to be prioritized + app.ModuleManager.SetOrderPreBlockers( + upgradetypes.ModuleName, + authtypes.ModuleName, + ) + // During begin block slashing happens after distr.BeginBlocker so that + // there is nothing left over in the validator fee pool, so as to keep the + // CanWithdrawInvariant invariant. + // NOTE: staking module is required if HistoricalEntries param > 0 + app.ModuleManager.SetOrderBeginBlockers( + minttypes.ModuleName, + distrtypes.ModuleName, + protocolpooltypes.ModuleName, + slashingtypes.ModuleName, + evidencetypes.ModuleName, + stakingtypes.ModuleName, + genutiltypes.ModuleName, + authz.ModuleName, + epochstypes.ModuleName, + ) + +app.ModuleManager.SetOrderEndBlockers( + govtypes.ModuleName, + stakingtypes.ModuleName, + genutiltypes.ModuleName, + feegrant.ModuleName, + group.ModuleName, + protocolpooltypes.ModuleName, + ) + + // NOTE: The genutils module must occur after staking so that pools are + // properly initialized with tokens from genesis accounts. + // NOTE: The genutils module must also occur after auth so that it can access the params from auth. + genesisModuleOrder := []string{ + authtypes.ModuleName, + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + nft.ModuleName, + group.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + consensusparamtypes.ModuleName, + circuittypes.ModuleName, + epochstypes.ModuleName, + protocolpooltypes.ModuleName, +} + exportModuleOrder := []string{ + consensusparamtypes.ModuleName, + authtypes.ModuleName, + protocolpooltypes.ModuleName, // Must be exported before bank + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + nft.ModuleName, + group.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + circuittypes.ModuleName, + epochstypes.ModuleName, +} + +app.ModuleManager.SetOrderInitGenesis(genesisModuleOrder...) + +app.ModuleManager.SetOrderExportGenesis(exportModuleOrder...) + + // Uncomment if you want to set a custom migration order here. + // app.ModuleManager.SetOrderMigrations(custom order) + +app.configurator = module.NewConfigurator(app.appCodec, app.MsgServiceRouter(), app.GRPCQueryRouter()) + +err = app.ModuleManager.RegisterServices(app.configurator) + if err != nil { + panic(err) +} + + // RegisterUpgradeHandlers is used for registering any on-chain upgrades. + // Make sure it's called after `app.ModuleManager` and `app.configurator` are set. + app.RegisterUpgradeHandlers() + +autocliv1.RegisterQueryServer(app.GRPCQueryRouter(), runtimeservices.NewAutoCLIQueryService(app.ModuleManager.Modules)) + +reflectionSvc, err := runtimeservices.NewReflectionService() + if err != nil { + panic(err) +} + +reflectionv1.RegisterReflectionServiceServer(app.GRPCQueryRouter(), reflectionSvc) + + // add test gRPC service for testing gRPC queries in isolation + testdata_pulsar.RegisterQueryServer(app.GRPCQueryRouter(), testdata_pulsar.QueryImpl{ +}) + + // create the simulation manager and define the order of the modules for deterministic simulations + // + // NOTE: this is not required apps that don't use the simulator for fuzz testing + // transactions + overrideModules := map[string]module.AppModuleSimulation{ + authtypes.ModuleName: auth.NewAppModule(app.appCodec, app.AccountKeeper, authsims.RandomGenesisAccounts, nil), +} + +app.sm = module.NewSimulationManagerFromAppModules(app.ModuleManager.Modules, overrideModules) + +app.sm.RegisterStoreDecoders() + + // initialize stores + app.MountKVStores(keys) + + // initialize BaseApp + app.SetInitChainer(app.InitChainer) + +app.SetPreBlocker(app.PreBlocker) + +app.SetBeginBlocker(app.BeginBlocker) + +app.SetEndBlocker(app.EndBlocker) + +app.setAnteHandler(txConfig) + + // In v0.46, the SDK introduces _postHandlers_. PostHandlers are like + // antehandlers, but are run _after_ the `runMsgs` execution. They are also + // defined as a chain, and have the same signature as antehandlers. + // + // In baseapp, postHandlers are run in the same store branch as `runMsgs`, + // meaning that both `runMsgs` and `postHandler` state will be committed if + // both are successful, and both will be reverted if any of the two fails. + // + // The SDK exposes a default postHandlers chain + // + // Please note that changing any of the anteHandler or postHandler chain is + // likely to be a state-machine breaking change, which needs a coordinated + // upgrade. + app.setPostHandler() + if loadLatest { + if err := app.LoadLatestVersion(); err != nil { + panic(fmt.Errorf("error loading last version: %w", err)) +} + +} + +return app +} + +func (app *SimApp) + +setAnteHandler(txConfig client.TxConfig) { + anteHandler, err := NewAnteHandler( + HandlerOptions{ + ante.HandlerOptions{ + AccountKeeper: app.AccountKeeper, + BankKeeper: app.BankKeeper, + SignModeHandler: txConfig.SignModeHandler(), + FeegrantKeeper: app.FeeGrantKeeper, + SigGasConsumer: ante.DefaultSigVerificationGasConsumer, + SigVerifyOptions: []ante.SigVerificationDecoratorOption{ + // change below as needed. + ante.WithUnorderedTxGasCost(ante.DefaultUnorderedTxGasCost), + ante.WithMaxUnorderedTxTimeoutDuration(ante.DefaultMaxTimeoutDuration), +}, +}, + &app.CircuitKeeper, +}, + ) + if err != nil { + panic(err) +} + + // Set the AnteHandler for the app + app.SetAnteHandler(anteHandler) +} + +func (app *SimApp) + +setPostHandler() { + postHandler, err := posthandler.NewPostHandler( + posthandler.HandlerOptions{ +}, + ) + if err != nil { + panic(err) +} + +app.SetPostHandler(postHandler) +} + +// Name returns the name of the App +func (app *SimApp) + +Name() + +string { + return app.BaseApp.Name() +} + +// PreBlocker application updates every pre block +func (app *SimApp) + +PreBlocker(ctx sdk.Context, _ *abci.RequestFinalizeBlock) (*sdk.ResponsePreBlock, error) { + return app.ModuleManager.PreBlock(ctx) +} + +// BeginBlocker application updates every begin block +func (app *SimApp) + +BeginBlocker(ctx sdk.Context) (sdk.BeginBlock, error) { + return app.ModuleManager.BeginBlock(ctx) +} + +// EndBlocker application updates every end block +func (app *SimApp) + +EndBlocker(ctx sdk.Context) (sdk.EndBlock, error) { + return app.ModuleManager.EndBlock(ctx) +} + +func (a *SimApp) + +Configurator() + +module.Configurator { + return a.configurator +} + +// InitChainer application update at chain initialization +func (app *SimApp) + +InitChainer(ctx sdk.Context, req *abci.RequestInitChain) (*abci.ResponseInitChain, error) { + var genesisState GenesisState + if err := json.Unmarshal(req.AppStateBytes, &genesisState); err != nil { + panic(err) +} + +app.UpgradeKeeper.SetModuleVersionMap(ctx, app.ModuleManager.GetVersionMap()) + +return app.ModuleManager.InitGenesis(ctx, app.appCodec, genesisState) +} + +// LoadHeight loads a particular height +func (app *SimApp) + +LoadHeight(height int64) + +error { + return app.LoadVersion(height) +} + +// LegacyAmino returns SimApp's amino codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +LegacyAmino() *codec.LegacyAmino { + return app.legacyAmino +} + +// AppCodec returns SimApp's app codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +AppCodec() + +codec.Codec { + return app.appCodec +} + +// InterfaceRegistry returns SimApp's InterfaceRegistry +func (app *SimApp) + +InterfaceRegistry() + +types.InterfaceRegistry { + return app.interfaceRegistry +} + +// TxConfig returns SimApp's TxConfig +func (app *SimApp) + +TxConfig() + +client.TxConfig { + return app.txConfig +} + +// AutoCliOpts returns the autocli options for the app. +func (app *SimApp) + +AutoCliOpts() + +autocli.AppOptions { + modules := make(map[string]appmodule.AppModule, 0) + for _, m := range app.ModuleManager.Modules { + if moduleWithName, ok := m.(module.HasName); ok { + moduleName := moduleWithName.Name() + if appModule, ok := moduleWithName.(appmodule.AppModule); ok { + modules[moduleName] = appModule +} + +} + +} + +return autocli.AppOptions{ + Modules: modules, + ModuleOptions: runtimeservices.ExtractAutoCLIOptions(app.ModuleManager.Modules), + AddressCodec: authcodec.NewBech32Codec(sdk.GetConfig().GetBech32AccountAddrPrefix()), + ValidatorAddressCodec: authcodec.NewBech32Codec(sdk.GetConfig().GetBech32ValidatorAddrPrefix()), + ConsensusAddressCodec: authcodec.NewBech32Codec(sdk.GetConfig().GetBech32ConsensusAddrPrefix()), +} +} + +// DefaultGenesis returns a default genesis from the registered AppModuleBasic's. +func (a *SimApp) + +DefaultGenesis() + +map[string]json.RawMessage { + return a.BasicModuleManager.DefaultGenesis(a.appCodec) +} + +// GetKey returns the KVStoreKey for the provided store key. +// +// NOTE: This is solely to be used for testing purposes. +func (app *SimApp) + +GetKey(storeKey string) *storetypes.KVStoreKey { + return app.keys[storeKey] +} + +// GetStoreKeys returns all the stored store keys. +func (app *SimApp) + +GetStoreKeys() []storetypes.StoreKey { + keys := make([]storetypes.StoreKey, 0, len(app.keys)) + for _, key := range app.keys { + keys = append(keys, key) +} + +return keys +} + +// SimulationManager implements the SimulationApp interface +func (app *SimApp) + +SimulationManager() *module.SimulationManager { + return app.sm +} + +// RegisterAPIRoutes registers all application module routes with the provided +// API server. +func (app *SimApp) + +RegisterAPIRoutes(apiSvr *api.Server, apiConfig config.APIConfig) { + clientCtx := apiSvr.ClientCtx + // Register new tx routes from grpc-gateway. + authtx.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // Register new CometBFT queries routes from grpc-gateway. + cmtservice.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // Register node gRPC service for grpc-gateway. + nodeservice.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // Register grpc-gateway routes for all modules. + app.BasicModuleManager.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // register swagger API from root so that other applications can override easily + if err := server.RegisterSwaggerAPI(apiSvr.ClientCtx, apiSvr.Router, apiConfig.Swagger); err != nil { + panic(err) +} +} + +// RegisterTxService implements the Application.RegisterTxService method. +func (app *SimApp) + +RegisterTxService(clientCtx client.Context) { + authtx.RegisterTxService(app.BaseApp.GRPCQueryRouter(), clientCtx, app.BaseApp.Simulate, app.interfaceRegistry) +} + +// RegisterTendermintService implements the Application.RegisterTendermintService method. +func (app *SimApp) + +RegisterTendermintService(clientCtx client.Context) { + cmtApp := server.NewCometABCIWrapper(app) + +cmtservice.RegisterTendermintService( + clientCtx, + app.BaseApp.GRPCQueryRouter(), + app.interfaceRegistry, + cmtApp.Query, + ) +} + +func (app *SimApp) + +RegisterNodeService(clientCtx client.Context, cfg config.Config) { + nodeservice.RegisterNodeService(clientCtx, app.GRPCQueryRouter(), cfg) +} + +// GetMaccPerms returns a copy of the module account permissions +// +// NOTE: This is solely to be used for testing purposes. +func GetMaccPerms() + +map[string][]string { + return maps.Clone(maccPerms) +} + +// BlockedAddresses returns all the app's blocked account addresses. +func BlockedAddresses() + +map[string]bool { + modAccAddrs := make(map[string]bool) + for acc := range GetMaccPerms() { + modAccAddrs[authtypes.NewModuleAddress(acc).String()] = true +} + + // allow the following addresses to receive funds + delete(modAccAddrs, authtypes.NewModuleAddress(govtypes.ModuleName).String()) + +return modAccAddrs +} +``` + +### PreBlocker + +There are two semantics around the new lifecycle method: + +* It runs before the `BeginBlocker` of all modules +* It can modify consensus parameters in storage, and signal the caller through the return value. + +When it returns `ConsensusParamsChanged=true`, the caller must refresh the consensus parameter in the finalize context: + +```go +app.finalizeBlockState.ctx = app.finalizeBlockState.ctx.WithConsensusParams(app.GetConsensusParams()) +``` + +The new ctx must be passed to all the other lifecycle methods. + +### BeginBlocker and EndBlocker + +The Cosmos SDK offers developers the possibility to implement automatic execution of code as part of their application. This is implemented through two functions called `BeginBlocker` and `EndBlocker`. They are called when the application receives the `FinalizeBlock` messages from the CometBFT consensus engine, which happens respectively at the beginning and at the end of each block. The application must set the `BeginBlocker` and `EndBlocker` in its [constructor](#constructor-function) via the [`SetBeginBlocker`](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/baseapp#BaseApp.SetBeginBlocker) and [`SetEndBlocker`](https://pkg.go.dev/github.com/cosmos/cosmos-sdk/baseapp#BaseApp.SetEndBlocker) methods. + +In general, the `BeginBlocker` and `EndBlocker` functions are mostly composed of the [`BeginBlock` and `EndBlock`](/docs/sdk/vnext/build/building-modules/beginblock-endblock) functions of each of the application's modules. This is done by calling the `BeginBlock` and `EndBlock` functions of the module manager, which in turn calls the `BeginBlock` and `EndBlock` functions of each of the modules it contains. Note that the order in which the modules' `BeginBlock` and `EndBlock` functions must be called has to be set in the module manager using the `SetOrderBeginBlockers` and `SetOrderEndBlockers` methods, respectively. This is done via the [module manager](/docs/sdk/vnext/build/building-modules/module-manager) in the [application's constructor](#application-constructor), and the `SetOrderBeginBlockers` and `SetOrderEndBlockers` methods have to be called before the `SetBeginBlocker` and `SetEndBlocker` functions. + +As a sidenote, it is important to remember that application-specific blockchains are deterministic. Developers must be careful not to introduce non-determinism in `BeginBlocker` or `EndBlocker`, and must also be careful not to make them too computationally expensive, as [gas](/docs/sdk/vnext/learn/beginner/gas-fees) does not constrain the cost of `BeginBlocker` and `EndBlocker` execution. + +See an example of `BeginBlocker` and `EndBlocker` functions from `simapp`: + +```go expandable +//go:build app_v1 + +package simapp + +import ( + + "encoding/json" + "fmt" + "io" + "maps" + + abci "github.com/cometbft/cometbft/abci/types" + dbm "github.com/cosmos/cosmos-db" + "github.com/cosmos/gogoproto/proto" + "github.com/spf13/cast" + + autocliv1 "cosmossdk.io/api/cosmos/autocli/v1" + reflectionv1 "cosmossdk.io/api/cosmos/reflection/v1" + "cosmossdk.io/client/v2/autocli" + clienthelpers "cosmossdk.io/client/v2/helpers" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/log" + storetypes "cosmossdk.io/store/types" + "cosmossdk.io/x/circuit" + circuitkeeper "cosmossdk.io/x/circuit/keeper" + circuittypes "cosmossdk.io/x/circuit/types" + "cosmossdk.io/x/evidence" + evidencekeeper "cosmossdk.io/x/evidence/keeper" + evidencetypes "cosmossdk.io/x/evidence/types" + "cosmossdk.io/x/feegrant" + feegrantkeeper "cosmossdk.io/x/feegrant/keeper" + feegrantmodule "cosmossdk.io/x/feegrant/module" + "cosmossdk.io/x/nft" + nftkeeper "cosmossdk.io/x/nft/keeper" + nftmodule "cosmossdk.io/x/nft/module" + "cosmossdk.io/x/tx/signing" + "cosmossdk.io/x/upgrade" + upgradekeeper "cosmossdk.io/x/upgrade/keeper" + upgradetypes "cosmossdk.io/x/upgrade/types" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/client/flags" + "github.com/cosmos/cosmos-sdk/client/grpc/cmtservice" + nodeservice "github.com/cosmos/cosmos-sdk/client/grpc/node" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/address" + "github.com/cosmos/cosmos-sdk/codec/types" + "github.com/cosmos/cosmos-sdk/runtime" + runtimeservices "github.com/cosmos/cosmos-sdk/runtime/services" + "github.com/cosmos/cosmos-sdk/server" + "github.com/cosmos/cosmos-sdk/server/api" + "github.com/cosmos/cosmos-sdk/server/config" + servertypes "github.com/cosmos/cosmos-sdk/server/types" + "github.com/cosmos/cosmos-sdk/std" + testdata_pulsar "github.com/cosmos/cosmos-sdk/testutil/testdata/testpb" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/module" + sigtypes "github.com/cosmos/cosmos-sdk/types/tx/signing" + "github.com/cosmos/cosmos-sdk/version" + "github.com/cosmos/cosmos-sdk/x/auth" + "github.com/cosmos/cosmos-sdk/x/auth/ante" + authcodec "github.com/cosmos/cosmos-sdk/x/auth/codec" + authkeeper "github.com/cosmos/cosmos-sdk/x/auth/keeper" + "github.com/cosmos/cosmos-sdk/x/auth/posthandler" + authsims "github.com/cosmos/cosmos-sdk/x/auth/simulation" + "github.com/cosmos/cosmos-sdk/x/auth/tx" + authtx "github.com/cosmos/cosmos-sdk/x/auth/tx" + txmodule "github.com/cosmos/cosmos-sdk/x/auth/tx/config" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + "github.com/cosmos/cosmos-sdk/x/auth/vesting" + vestingtypes "github.com/cosmos/cosmos-sdk/x/auth/vesting/types" + "github.com/cosmos/cosmos-sdk/x/authz" + authzkeeper "github.com/cosmos/cosmos-sdk/x/authz/keeper" + authzmodule "github.com/cosmos/cosmos-sdk/x/authz/module" + "github.com/cosmos/cosmos-sdk/x/bank" + bankkeeper "github.com/cosmos/cosmos-sdk/x/bank/keeper" + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" + consensus "github.com/cosmos/cosmos-sdk/x/consensus" + consensusparamkeeper "github.com/cosmos/cosmos-sdk/x/consensus/keeper" + consensusparamtypes "github.com/cosmos/cosmos-sdk/x/consensus/types" + distr "github.com/cosmos/cosmos-sdk/x/distribution" + distrkeeper "github.com/cosmos/cosmos-sdk/x/distribution/keeper" + distrtypes "github.com/cosmos/cosmos-sdk/x/distribution/types" + "github.com/cosmos/cosmos-sdk/x/epochs" + epochskeeper "github.com/cosmos/cosmos-sdk/x/epochs/keeper" + epochstypes "github.com/cosmos/cosmos-sdk/x/epochs/types" + "github.com/cosmos/cosmos-sdk/x/genutil" + genutiltypes "github.com/cosmos/cosmos-sdk/x/genutil/types" + "github.com/cosmos/cosmos-sdk/x/gov" + govclient "github.com/cosmos/cosmos-sdk/x/gov/client" + govkeeper "github.com/cosmos/cosmos-sdk/x/gov/keeper" + govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" + govv1beta1 "github.com/cosmos/cosmos-sdk/x/gov/types/v1beta1" + "github.com/cosmos/cosmos-sdk/x/group" + groupkeeper "github.com/cosmos/cosmos-sdk/x/group/keeper" + groupmodule "github.com/cosmos/cosmos-sdk/x/group/module" + "github.com/cosmos/cosmos-sdk/x/mint" + mintkeeper "github.com/cosmos/cosmos-sdk/x/mint/keeper" + minttypes "github.com/cosmos/cosmos-sdk/x/mint/types" + "github.com/cosmos/cosmos-sdk/x/protocolpool" + protocolpoolkeeper "github.com/cosmos/cosmos-sdk/x/protocolpool/keeper" + protocolpooltypes "github.com/cosmos/cosmos-sdk/x/protocolpool/types" + "github.com/cosmos/cosmos-sdk/x/slashing" + slashingkeeper "github.com/cosmos/cosmos-sdk/x/slashing/keeper" + slashingtypes "github.com/cosmos/cosmos-sdk/x/slashing/types" + "github.com/cosmos/cosmos-sdk/x/staking" + stakingkeeper "github.com/cosmos/cosmos-sdk/x/staking/keeper" + stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types" +) + +const appName = "SimApp" + +var ( + // DefaultNodeHome default home directories for the application daemon + DefaultNodeHome string + + // module account permissions + maccPerms = map[string][]string{ + authtypes.FeeCollectorName: nil, + distrtypes.ModuleName: nil, + minttypes.ModuleName: { + authtypes.Minter +}, + stakingtypes.BondedPoolName: { + authtypes.Burner, authtypes.Staking +}, + stakingtypes.NotBondedPoolName: { + authtypes.Burner, authtypes.Staking +}, + govtypes.ModuleName: { + authtypes.Burner +}, + nft.ModuleName: nil, + protocolpooltypes.ModuleName: nil, + protocolpooltypes.ProtocolPoolEscrowAccount: nil +} +) + +var ( + _ runtime.AppI = (*SimApp)(nil) + _ servertypes.Application = (*SimApp)(nil) +) + +// SimApp extends an ABCI application, but with most of its parameters exported. +// They are exported for convenience in creating helper functions, as object +// capabilities aren't needed for testing. +type SimApp struct { + *baseapp.BaseApp + legacyAmino *codec.LegacyAmino + appCodec codec.Codec + txConfig client.TxConfig + interfaceRegistry types.InterfaceRegistry + + // keys to access the substores + keys map[string]*storetypes.KVStoreKey + + // essential keepers + AccountKeeper authkeeper.AccountKeeper + BankKeeper bankkeeper.BaseKeeper + StakingKeeper *stakingkeeper.Keeper + SlashingKeeper slashingkeeper.Keeper + MintKeeper mintkeeper.Keeper + DistrKeeper distrkeeper.Keeper + GovKeeper govkeeper.Keeper + UpgradeKeeper *upgradekeeper.Keeper + EvidenceKeeper evidencekeeper.Keeper + ConsensusParamsKeeper consensusparamkeeper.Keeper + CircuitKeeper circuitkeeper.Keeper + + // supplementary keepers + FeeGrantKeeper feegrantkeeper.Keeper + GroupKeeper groupkeeper.Keeper + AuthzKeeper authzkeeper.Keeper + NFTKeeper nftkeeper.Keeper + EpochsKeeper epochskeeper.Keeper + ProtocolPoolKeeper protocolpoolkeeper.Keeper + + // the module manager + ModuleManager *module.Manager + BasicModuleManager module.BasicManager + + // simulation manager + sm *module.SimulationManager + + // module configurator + configurator module.Configurator +} + +func init() { + var err error + DefaultNodeHome, err = clienthelpers.GetNodeHomeDirectory(".simapp") + if err != nil { + panic(err) +} +} + +// NewSimApp returns a reference to an initialized SimApp. +func NewSimApp( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), +) *SimApp { + interfaceRegistry, _ := types.NewInterfaceRegistryWithOptions(types.InterfaceRegistryOptions{ + ProtoFiles: proto.HybridResolver, + SigningOptions: signing.Options{ + AddressCodec: address.Bech32Codec{ + Bech32Prefix: sdk.GetConfig().GetBech32AccountAddrPrefix(), +}, + ValidatorAddressCodec: address.Bech32Codec{ + Bech32Prefix: sdk.GetConfig().GetBech32ValidatorAddrPrefix(), +}, +}, +}) + appCodec := codec.NewProtoCodec(interfaceRegistry) + legacyAmino := codec.NewLegacyAmino() + txConfig := tx.NewTxConfig(appCodec, tx.DefaultSignModes) + if err := interfaceRegistry.SigningContext().Validate(); err != nil { + panic(err) +} + +std.RegisterLegacyAminoCodec(legacyAmino) + +std.RegisterInterfaces(interfaceRegistry) + + // Below we could construct and set an application specific mempool and + // ABCI 1.0 PrepareProposal and ProcessProposal handlers. These defaults are + // already set in the SDK's BaseApp, this shows an example of how to override + // them. + // + // Example: + // + // bApp := baseapp.NewBaseApp(...) + // nonceMempool := mempool.NewSenderNonceMempool() + // abciPropHandler := NewDefaultProposalHandler(nonceMempool, bApp) + // + // bApp.SetMempool(nonceMempool) + // bApp.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // bApp.SetProcessProposal(abciPropHandler.ProcessProposalHandler()) + // + // Alternatively, you can construct BaseApp options, append those to + // baseAppOptions and pass them to NewBaseApp. + // + // Example: + // + // prepareOpt = func(app *baseapp.BaseApp) { + // abciPropHandler := baseapp.NewDefaultProposalHandler(nonceMempool, app) + // app.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // +} + // baseAppOptions = append(baseAppOptions, prepareOpt) + + // create and set dummy vote extension handler + voteExtOp := func(bApp *baseapp.BaseApp) { + voteExtHandler := NewVoteExtensionHandler() + +voteExtHandler.SetHandlers(bApp) +} + +baseAppOptions = append(baseAppOptions, voteExtOp, baseapp.SetOptimisticExecution()) + bApp := baseapp.NewBaseApp(appName, logger, db, txConfig.TxDecoder(), baseAppOptions...) + +bApp.SetCommitMultiStoreTracer(traceStore) + +bApp.SetVersion(version.Version) + +bApp.SetInterfaceRegistry(interfaceRegistry) + +bApp.SetTxEncoder(txConfig.TxEncoder()) + keys := storetypes.NewKVStoreKeys( + authtypes.StoreKey, + banktypes.StoreKey, + stakingtypes.StoreKey, + minttypes.StoreKey, + distrtypes.StoreKey, + slashingtypes.StoreKey, + govtypes.StoreKey, + consensusparamtypes.StoreKey, + upgradetypes.StoreKey, + feegrant.StoreKey, + evidencetypes.StoreKey, + circuittypes.StoreKey, + authzkeeper.StoreKey, + nftkeeper.StoreKey, + group.StoreKey, + epochstypes.StoreKey, + protocolpooltypes.StoreKey, + ) + + // register streaming services + if err := bApp.RegisterStreamingServices(appOpts, keys); err != nil { + panic(err) +} + app := &SimApp{ + BaseApp: bApp, + legacyAmino: legacyAmino, + appCodec: appCodec, + txConfig: txConfig, + interfaceRegistry: interfaceRegistry, + keys: keys, +} + + // set the BaseApp's parameter store + app.ConsensusParamsKeeper = consensusparamkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[consensusparamtypes.StoreKey]), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + runtime.EventService{ +}, + ) + +bApp.SetParamStore(app.ConsensusParamsKeeper.ParamsStore) + + // add keepers + app.AccountKeeper = authkeeper.NewAccountKeeper( + appCodec, + runtime.NewKVStoreService(keys[authtypes.StoreKey]), + authtypes.ProtoBaseAccount, + maccPerms, + authcodec.NewBech32Codec(sdk.Bech32MainPrefix), + sdk.Bech32MainPrefix, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + authkeeper.WithUnorderedTransactions(true), + ) + +app.BankKeeper = bankkeeper.NewBaseKeeper( + appCodec, + runtime.NewKVStoreService(keys[banktypes.StoreKey]), + app.AccountKeeper, + BlockedAddresses(), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + logger, + ) + + // optional: enable sign mode textual by overwriting the default tx config (after setting the bank keeper) + enabledSignModes := append(tx.DefaultSignModes, sigtypes.SignMode_SIGN_MODE_TEXTUAL) + txConfigOpts := tx.ConfigOptions{ + EnabledSignModes: enabledSignModes, + TextualCoinMetadataQueryFn: txmodule.NewBankKeeperCoinMetadataQueryFn(app.BankKeeper), +} + +txConfig, err := tx.NewTxConfigWithOptions( + appCodec, + txConfigOpts, + ) + if err != nil { + panic(err) +} + +app.txConfig = txConfig + + app.StakingKeeper = stakingkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[stakingtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + authcodec.NewBech32Codec(sdk.Bech32PrefixValAddr), + authcodec.NewBech32Codec(sdk.Bech32PrefixConsAddr), + ) + +app.MintKeeper = mintkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[minttypes.StoreKey]), + app.StakingKeeper, + app.AccountKeeper, + app.BankKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + // mintkeeper.WithMintFn(mintkeeper.DefaultMintFn(minttypes.DefaultInflationCalculationFn)), custom mintFn can be added here + ) + +app.ProtocolPoolKeeper = protocolpoolkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[protocolpooltypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + +app.DistrKeeper = distrkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[distrtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + app.StakingKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + distrkeeper.WithExternalCommunityPool(app.ProtocolPoolKeeper), + ) + +app.SlashingKeeper = slashingkeeper.NewKeeper( + appCodec, + legacyAmino, + runtime.NewKVStoreService(keys[slashingtypes.StoreKey]), + app.StakingKeeper, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + +app.FeeGrantKeeper = feegrantkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[feegrant.StoreKey]), + app.AccountKeeper, + ) + + // register the staking hooks + // NOTE: stakingKeeper above is passed by reference, so that it will contain these hooks + app.StakingKeeper.SetHooks( + stakingtypes.NewMultiStakingHooks( + app.DistrKeeper.Hooks(), + app.SlashingKeeper.Hooks(), + ), + ) + +app.CircuitKeeper = circuitkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[circuittypes.StoreKey]), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + app.AccountKeeper.AddressCodec(), + ) + +app.BaseApp.SetCircuitBreaker(&app.CircuitKeeper) + +app.AuthzKeeper = authzkeeper.NewKeeper( + runtime.NewKVStoreService(keys[authzkeeper.StoreKey]), + appCodec, + app.MsgServiceRouter(), + app.AccountKeeper, + ) + groupConfig := group.DefaultConfig() + /* + Example of setting group params: + groupConfig.MaxMetadataLen = 1000 + */ + app.GroupKeeper = groupkeeper.NewKeeper( + keys[group.StoreKey], + appCodec, + app.MsgServiceRouter(), + app.AccountKeeper, + groupConfig, + ) + + // get skipUpgradeHeights from the app options + skipUpgradeHeights := map[int64]bool{ +} + for _, h := range cast.ToIntSlice(appOpts.Get(server.FlagUnsafeSkipUpgrades)) { + skipUpgradeHeights[int64(h)] = true +} + homePath := cast.ToString(appOpts.Get(flags.FlagHome)) + // set the governance module account as the authority for conducting upgrades + app.UpgradeKeeper = upgradekeeper.NewKeeper( + skipUpgradeHeights, + runtime.NewKVStoreService(keys[upgradetypes.StoreKey]), + appCodec, + homePath, + app.BaseApp, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + + // Register the proposal types + // Deprecated: Avoid adding new handlers, instead use the new proposal flow + // by granting the governance module the right to execute the message. + // See: https://docs.cosmos.network/main/modules/gov#proposal-messages + govRouter := govv1beta1.NewRouter() + +govRouter.AddRoute(govtypes.RouterKey, govv1beta1.ProposalHandler) + govConfig := govtypes.DefaultConfig() + /* + Example of setting gov params: + govConfig.MaxMetadataLen = 10000 + */ + govKeeper := govkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[govtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + app.StakingKeeper, + app.DistrKeeper, + app.MsgServiceRouter(), + govConfig, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + // govkeeper.WithCustomCalculateVoteResultsAndVotingPowerFn(...), // Add if you want to use a custom vote calculation function. + ) + + // Set legacy router for backwards compatibility with gov v1beta1 + govKeeper.SetLegacyRouter(govRouter) + +app.GovKeeper = *govKeeper.SetHooks( + govtypes.NewMultiGovHooks( + // register the governance hooks + ), + ) + +app.NFTKeeper = nftkeeper.NewKeeper( + runtime.NewKVStoreService(keys[nftkeeper.StoreKey]), + appCodec, + app.AccountKeeper, + app.BankKeeper, + ) + + // create evidence keeper with router + evidenceKeeper := evidencekeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[evidencetypes.StoreKey]), + app.StakingKeeper, + app.SlashingKeeper, + app.AccountKeeper.AddressCodec(), + runtime.ProvideCometInfoService(), + ) + // If evidence needs to be handled for the app, set routes in router here and seal + app.EvidenceKeeper = *evidenceKeeper + + app.EpochsKeeper = epochskeeper.NewKeeper( + runtime.NewKVStoreService(keys[epochstypes.StoreKey]), + appCodec, + ) + +app.EpochsKeeper.SetHooks( + epochstypes.NewMultiEpochHooks( + // insert epoch hooks receivers here + ), + ) + + /**** Module Options ****/ + + // NOTE: Any module instantiated in the module manager that is later modified + // must be passed by reference here. + app.ModuleManager = module.NewManager( + genutil.NewAppModule( + app.AccountKeeper, app.StakingKeeper, app, + txConfig, + ), + auth.NewAppModule(appCodec, app.AccountKeeper, authsims.RandomGenesisAccounts, nil), + vesting.NewAppModule(app.AccountKeeper, app.BankKeeper), + bank.NewAppModule(appCodec, app.BankKeeper, app.AccountKeeper, nil), + feegrantmodule.NewAppModule(appCodec, app.AccountKeeper, app.BankKeeper, app.FeeGrantKeeper, app.interfaceRegistry), + gov.NewAppModule(appCodec, &app.GovKeeper, app.AccountKeeper, app.BankKeeper, nil), + mint.NewAppModule(appCodec, app.MintKeeper, app.AccountKeeper, nil, nil), + slashing.NewAppModule(appCodec, app.SlashingKeeper, app.AccountKeeper, app.BankKeeper, app.StakingKeeper, nil, app.interfaceRegistry), + distr.NewAppModule(appCodec, app.DistrKeeper, app.AccountKeeper, app.BankKeeper, app.StakingKeeper, nil), + staking.NewAppModule(appCodec, app.StakingKeeper, app.AccountKeeper, app.BankKeeper, nil), + upgrade.NewAppModule(app.UpgradeKeeper, app.AccountKeeper.AddressCodec()), + evidence.NewAppModule(app.EvidenceKeeper), + authzmodule.NewAppModule(appCodec, app.AuthzKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry), + groupmodule.NewAppModule(appCodec, app.GroupKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry), + nftmodule.NewAppModule(appCodec, app.NFTKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry), + consensus.NewAppModule(appCodec, app.ConsensusParamsKeeper), + circuit.NewAppModule(appCodec, app.CircuitKeeper), + epochs.NewAppModule(app.EpochsKeeper), + protocolpool.NewAppModule(app.ProtocolPoolKeeper, app.AccountKeeper, app.BankKeeper), + ) + + // BasicModuleManager defines the module BasicManager is in charge of setting up basic, + // non-dependant module elements, such as codec registration and genesis verification. + // By default it is composed of all the module from the module manager. + // Additionally, app module basics can be overwritten by passing them as argument. + app.BasicModuleManager = module.NewBasicManagerFromManager( + app.ModuleManager, + map[string]module.AppModuleBasic{ + genutiltypes.ModuleName: genutil.NewAppModuleBasic(genutiltypes.DefaultMessageValidator), + govtypes.ModuleName: gov.NewAppModuleBasic( + []govclient.ProposalHandler{ +}, + ), +}) + +app.BasicModuleManager.RegisterLegacyAminoCodec(legacyAmino) + +app.BasicModuleManager.RegisterInterfaces(interfaceRegistry) + + // NOTE: upgrade module is required to be prioritized + app.ModuleManager.SetOrderPreBlockers( + upgradetypes.ModuleName, + authtypes.ModuleName, + ) + // During begin block slashing happens after distr.BeginBlocker so that + // there is nothing left over in the validator fee pool, so as to keep the + // CanWithdrawInvariant invariant. + // NOTE: staking module is required if HistoricalEntries param > 0 + app.ModuleManager.SetOrderBeginBlockers( + minttypes.ModuleName, + distrtypes.ModuleName, + protocolpooltypes.ModuleName, + slashingtypes.ModuleName, + evidencetypes.ModuleName, + stakingtypes.ModuleName, + genutiltypes.ModuleName, + authz.ModuleName, + epochstypes.ModuleName, + ) + +app.ModuleManager.SetOrderEndBlockers( + govtypes.ModuleName, + stakingtypes.ModuleName, + genutiltypes.ModuleName, + feegrant.ModuleName, + group.ModuleName, + protocolpooltypes.ModuleName, + ) + + // NOTE: The genutils module must occur after staking so that pools are + // properly initialized with tokens from genesis accounts. + // NOTE: The genutils module must also occur after auth so that it can access the params from auth. + genesisModuleOrder := []string{ + authtypes.ModuleName, + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + nft.ModuleName, + group.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + consensusparamtypes.ModuleName, + circuittypes.ModuleName, + epochstypes.ModuleName, + protocolpooltypes.ModuleName, +} + exportModuleOrder := []string{ + consensusparamtypes.ModuleName, + authtypes.ModuleName, + protocolpooltypes.ModuleName, // Must be exported before bank + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + nft.ModuleName, + group.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + circuittypes.ModuleName, + epochstypes.ModuleName, +} + +app.ModuleManager.SetOrderInitGenesis(genesisModuleOrder...) + +app.ModuleManager.SetOrderExportGenesis(exportModuleOrder...) + + // Uncomment if you want to set a custom migration order here. + // app.ModuleManager.SetOrderMigrations(custom order) + +app.configurator = module.NewConfigurator(app.appCodec, app.MsgServiceRouter(), app.GRPCQueryRouter()) + +err = app.ModuleManager.RegisterServices(app.configurator) + if err != nil { + panic(err) +} + + // RegisterUpgradeHandlers is used for registering any on-chain upgrades. + // Make sure it's called after `app.ModuleManager` and `app.configurator` are set. + app.RegisterUpgradeHandlers() + +autocliv1.RegisterQueryServer(app.GRPCQueryRouter(), runtimeservices.NewAutoCLIQueryService(app.ModuleManager.Modules)) + +reflectionSvc, err := runtimeservices.NewReflectionService() + if err != nil { + panic(err) +} + +reflectionv1.RegisterReflectionServiceServer(app.GRPCQueryRouter(), reflectionSvc) + + // add test gRPC service for testing gRPC queries in isolation + testdata_pulsar.RegisterQueryServer(app.GRPCQueryRouter(), testdata_pulsar.QueryImpl{ +}) + + // create the simulation manager and define the order of the modules for deterministic simulations + // + // NOTE: this is not required apps that don't use the simulator for fuzz testing + // transactions + overrideModules := map[string]module.AppModuleSimulation{ + authtypes.ModuleName: auth.NewAppModule(app.appCodec, app.AccountKeeper, authsims.RandomGenesisAccounts, nil), +} + +app.sm = module.NewSimulationManagerFromAppModules(app.ModuleManager.Modules, overrideModules) + +app.sm.RegisterStoreDecoders() + + // initialize stores + app.MountKVStores(keys) + + // initialize BaseApp + app.SetInitChainer(app.InitChainer) + +app.SetPreBlocker(app.PreBlocker) + +app.SetBeginBlocker(app.BeginBlocker) + +app.SetEndBlocker(app.EndBlocker) + +app.setAnteHandler(txConfig) + + // In v0.46, the SDK introduces _postHandlers_. PostHandlers are like + // antehandlers, but are run _after_ the `runMsgs` execution. They are also + // defined as a chain, and have the same signature as antehandlers. + // + // In baseapp, postHandlers are run in the same store branch as `runMsgs`, + // meaning that both `runMsgs` and `postHandler` state will be committed if + // both are successful, and both will be reverted if any of the two fails. + // + // The SDK exposes a default postHandlers chain + // + // Please note that changing any of the anteHandler or postHandler chain is + // likely to be a state-machine breaking change, which needs a coordinated + // upgrade. + app.setPostHandler() + if loadLatest { + if err := app.LoadLatestVersion(); err != nil { + panic(fmt.Errorf("error loading last version: %w", err)) +} + +} + +return app +} + +func (app *SimApp) + +setAnteHandler(txConfig client.TxConfig) { + anteHandler, err := NewAnteHandler( + HandlerOptions{ + ante.HandlerOptions{ + AccountKeeper: app.AccountKeeper, + BankKeeper: app.BankKeeper, + SignModeHandler: txConfig.SignModeHandler(), + FeegrantKeeper: app.FeeGrantKeeper, + SigGasConsumer: ante.DefaultSigVerificationGasConsumer, + SigVerifyOptions: []ante.SigVerificationDecoratorOption{ + // change below as needed. + ante.WithUnorderedTxGasCost(ante.DefaultUnorderedTxGasCost), + ante.WithMaxUnorderedTxTimeoutDuration(ante.DefaultMaxTimeoutDuration), +}, +}, + &app.CircuitKeeper, +}, + ) + if err != nil { + panic(err) +} + + // Set the AnteHandler for the app + app.SetAnteHandler(anteHandler) +} + +func (app *SimApp) + +setPostHandler() { + postHandler, err := posthandler.NewPostHandler( + posthandler.HandlerOptions{ +}, + ) + if err != nil { + panic(err) +} + +app.SetPostHandler(postHandler) +} + +// Name returns the name of the App +func (app *SimApp) + +Name() + +string { + return app.BaseApp.Name() +} + +// PreBlocker application updates every pre block +func (app *SimApp) + +PreBlocker(ctx sdk.Context, _ *abci.RequestFinalizeBlock) (*sdk.ResponsePreBlock, error) { + return app.ModuleManager.PreBlock(ctx) +} + +// BeginBlocker application updates every begin block +func (app *SimApp) + +BeginBlocker(ctx sdk.Context) (sdk.BeginBlock, error) { + return app.ModuleManager.BeginBlock(ctx) +} + +// EndBlocker application updates every end block +func (app *SimApp) + +EndBlocker(ctx sdk.Context) (sdk.EndBlock, error) { + return app.ModuleManager.EndBlock(ctx) +} + +func (a *SimApp) + +Configurator() + +module.Configurator { + return a.configurator +} + +// InitChainer application update at chain initialization +func (app *SimApp) + +InitChainer(ctx sdk.Context, req *abci.RequestInitChain) (*abci.ResponseInitChain, error) { + var genesisState GenesisState + if err := json.Unmarshal(req.AppStateBytes, &genesisState); err != nil { + panic(err) +} + +app.UpgradeKeeper.SetModuleVersionMap(ctx, app.ModuleManager.GetVersionMap()) + +return app.ModuleManager.InitGenesis(ctx, app.appCodec, genesisState) +} + +// LoadHeight loads a particular height +func (app *SimApp) + +LoadHeight(height int64) + +error { + return app.LoadVersion(height) +} + +// LegacyAmino returns SimApp's amino codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +LegacyAmino() *codec.LegacyAmino { + return app.legacyAmino +} + +// AppCodec returns SimApp's app codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +AppCodec() + +codec.Codec { + return app.appCodec +} + +// InterfaceRegistry returns SimApp's InterfaceRegistry +func (app *SimApp) + +InterfaceRegistry() + +types.InterfaceRegistry { + return app.interfaceRegistry +} + +// TxConfig returns SimApp's TxConfig +func (app *SimApp) + +TxConfig() + +client.TxConfig { + return app.txConfig +} + +// AutoCliOpts returns the autocli options for the app. +func (app *SimApp) + +AutoCliOpts() + +autocli.AppOptions { + modules := make(map[string]appmodule.AppModule, 0) + for _, m := range app.ModuleManager.Modules { + if moduleWithName, ok := m.(module.HasName); ok { + moduleName := moduleWithName.Name() + if appModule, ok := moduleWithName.(appmodule.AppModule); ok { + modules[moduleName] = appModule +} + +} + +} + +return autocli.AppOptions{ + Modules: modules, + ModuleOptions: runtimeservices.ExtractAutoCLIOptions(app.ModuleManager.Modules), + AddressCodec: authcodec.NewBech32Codec(sdk.GetConfig().GetBech32AccountAddrPrefix()), + ValidatorAddressCodec: authcodec.NewBech32Codec(sdk.GetConfig().GetBech32ValidatorAddrPrefix()), + ConsensusAddressCodec: authcodec.NewBech32Codec(sdk.GetConfig().GetBech32ConsensusAddrPrefix()), +} +} + +// DefaultGenesis returns a default genesis from the registered AppModuleBasic's. +func (a *SimApp) + +DefaultGenesis() + +map[string]json.RawMessage { + return a.BasicModuleManager.DefaultGenesis(a.appCodec) +} + +// GetKey returns the KVStoreKey for the provided store key. +// +// NOTE: This is solely to be used for testing purposes. +func (app *SimApp) + +GetKey(storeKey string) *storetypes.KVStoreKey { + return app.keys[storeKey] +} + +// GetStoreKeys returns all the stored store keys. +func (app *SimApp) + +GetStoreKeys() []storetypes.StoreKey { + keys := make([]storetypes.StoreKey, 0, len(app.keys)) + for _, key := range app.keys { + keys = append(keys, key) +} + +return keys +} + +// SimulationManager implements the SimulationApp interface +func (app *SimApp) + +SimulationManager() *module.SimulationManager { + return app.sm +} + +// RegisterAPIRoutes registers all application module routes with the provided +// API server. +func (app *SimApp) + +RegisterAPIRoutes(apiSvr *api.Server, apiConfig config.APIConfig) { + clientCtx := apiSvr.ClientCtx + // Register new tx routes from grpc-gateway. + authtx.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // Register new CometBFT queries routes from grpc-gateway. + cmtservice.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // Register node gRPC service for grpc-gateway. + nodeservice.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // Register grpc-gateway routes for all modules. + app.BasicModuleManager.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // register swagger API from root so that other applications can override easily + if err := server.RegisterSwaggerAPI(apiSvr.ClientCtx, apiSvr.Router, apiConfig.Swagger); err != nil { + panic(err) +} +} + +// RegisterTxService implements the Application.RegisterTxService method. +func (app *SimApp) + +RegisterTxService(clientCtx client.Context) { + authtx.RegisterTxService(app.BaseApp.GRPCQueryRouter(), clientCtx, app.BaseApp.Simulate, app.interfaceRegistry) +} + +// RegisterTendermintService implements the Application.RegisterTendermintService method. +func (app *SimApp) + +RegisterTendermintService(clientCtx client.Context) { + cmtApp := server.NewCometABCIWrapper(app) + +cmtservice.RegisterTendermintService( + clientCtx, + app.BaseApp.GRPCQueryRouter(), + app.interfaceRegistry, + cmtApp.Query, + ) +} + +func (app *SimApp) + +RegisterNodeService(clientCtx client.Context, cfg config.Config) { + nodeservice.RegisterNodeService(clientCtx, app.GRPCQueryRouter(), cfg) +} + +// GetMaccPerms returns a copy of the module account permissions +// +// NOTE: This is solely to be used for testing purposes. +func GetMaccPerms() + +map[string][]string { + return maps.Clone(maccPerms) +} + +// BlockedAddresses returns all the app's blocked account addresses. +func BlockedAddresses() + +map[string]bool { + modAccAddrs := make(map[string]bool) + for acc := range GetMaccPerms() { + modAccAddrs[authtypes.NewModuleAddress(acc).String()] = true +} + + // allow the following addresses to receive funds + delete(modAccAddrs, authtypes.NewModuleAddress(govtypes.ModuleName).String()) + +return modAccAddrs +} +``` + +### Register Codec + +The `EncodingConfig` structure is the last important part of the `app.go` file. The goal of this structure is to define the codecs that will be used throughout the app. + +```go expandable +package params + +import ( + + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/types" +) + +// EncodingConfig specifies the concrete encoding types to use for a given app. +// This is provided for compatibility between protobuf and amino implementations. +type EncodingConfig struct { + InterfaceRegistry types.InterfaceRegistry + Codec codec.Codec + TxConfig client.TxConfig + Amino *codec.LegacyAmino +} +``` + +Here are descriptions of what each of the four fields means: + +* `InterfaceRegistry`: The `InterfaceRegistry` is used by the Protobuf codec to handle interfaces that are encoded and decoded (we also say "unpacked") using [`google.protobuf.Any`](https://github.com/protocolbuffers/protobuf/blob/master/src/google/protobuf/any.proto). `Any` could be thought as a struct that contains a `type_url` (name of a concrete type implementing the interface) and a `value` (its encoded bytes). `InterfaceRegistry` provides a mechanism for registering interfaces and implementations that can be safely unpacked from `Any`. Each application module implements the `RegisterInterfaces` method that can be used to register the module's own interfaces and implementations. + * You can read more about `Any` in [ADR-019](/docs/sdk/vnext/build/architecture/adr-019-protobuf-state-encoding). + * To go more into details, the Cosmos SDK uses an implementation of the Protobuf specification called [`gogoprotobuf`](https://github.com/cosmos/gogoproto). By default, the [gogo protobuf implementation of `Any`](https://pkg.go.dev/github.com/cosmos/gogoproto/types) uses [global type registration](https://github.com/cosmos/gogoproto/blob/master/proto/properties.go#L540) to decode values packed in `Any` into concrete Go types. This introduces a vulnerability where any malicious module in the dependency tree could register a type with the global protobuf registry and cause it to be loaded and unmarshaled by a transaction that referenced it in the `type_url` field. For more information, please refer to [ADR-019](/docs/sdk/vnext/build/architecture/adr-019-protobuf-state-encoding). +* `Codec`: The default codec used throughout the Cosmos SDK. It is composed of a `BinaryCodec` used to encode and decode state, and a `JSONCodec` used to output data to the users (for example, in the [CLI](#cli)). By default, the SDK uses Protobuf as `Codec`. +* `TxConfig`: `TxConfig` defines an interface a client can utilize to generate an application-defined concrete transaction type. Currently, the SDK handles two transaction types: `SIGN_MODE_DIRECT` (which uses Protobuf binary as over-the-wire encoding) and `SIGN_MODE_LEGACY_AMINO_JSON` (which depends on Amino). Read more about transactions [here](/docs/sdk/vnext/learn/advanced/transactions). +* `Amino`: Some legacy parts of the Cosmos SDK still use Amino for backwards-compatibility. Each module exposes a `RegisterLegacyAmino` method to register the module's specific types within Amino. This `Amino` codec should not be used by app developers anymore, and will be removed in future releases. + +An application should create its own encoding config. +See an example of a `simappparams.EncodingConfig` from `simapp`: + +```go expandable +package params + +import ( + + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/types" +) + +// EncodingConfig specifies the concrete encoding types to use for a given app. +// This is provided for compatibility between protobuf and amino implementations. +type EncodingConfig struct { + InterfaceRegistry types.InterfaceRegistry + Codec codec.Codec + TxConfig client.TxConfig + Amino *codec.LegacyAmino +} +``` + +## Modules + +[Modules](/docs/sdk/vnext/build/building-modules/intro) are the heart and soul of Cosmos SDK applications. They can be considered as state-machines nested within the state-machine. When a transaction is relayed from the underlying CometBFT engine via the ABCI to the application, it is routed by [`baseapp`](/docs/sdk/vnext/learn/advanced/baseapp) to the appropriate module in order to be processed. This paradigm enables developers to easily build complex state-machines, as most of the modules they need often already exist. **For developers, most of the work involved in building a Cosmos SDK application revolves around building custom modules required by their application that do not exist yet, and integrating them with modules that do already exist into one coherent application**. In the application directory, the standard practice is to store modules in the `x/` folder (not to be confused with the Cosmos SDK's `x/` folder, which contains already-built modules). + +### Application Module Interface + +Modules must implement [interfaces](/docs/sdk/vnext/build/building-modules/module-manager#application-module-interfaces) defined in the Cosmos SDK, [`AppModuleBasic`](/docs/sdk/vnext/build/building-modules/module-manager#appmodulebasic) and [`AppModule`](/docs/sdk/vnext/build/building-modules/module-manager#appmodule). The former implements basic non-dependent elements of the module, such as the `codec`, while the latter handles the bulk of the module methods (including methods that require references to other modules' `keeper`s). Both the `AppModule` and `AppModuleBasic` types are, by convention, defined in a file called `module.go`. + +`AppModule` exposes a collection of useful methods on the module that facilitates the composition of modules into a coherent application. These methods are called from the [`module manager`](/docs/sdk/vnext/build/building-modules/module-manager#manager), which manages the application's collection of modules. + +### `Msg` Services + +Each application module defines two [Protobuf services](https://developers.google.com/protocol-buffers/docs/proto#services): one `Msg` service to handle messages, and one gRPC `Query` service to handle queries. If we consider the module as a state-machine, then a `Msg` service is a set of state transition RPC methods. +Each Protobuf `Msg` service method is 1:1 related to a Protobuf request type, which must implement `sdk.Msg` interface. +Note that `sdk.Msg`s are bundled in [transactions](/docs/sdk/vnext/learn/advanced/transactions), and each transaction contains one or multiple messages. + +When a valid block of transactions is received by the full-node, CometBFT relays each one to the application via [`DeliverTx`](https://docs.cometbft.com/v0.37/spec/abci/abci++_app_requirements#specifics-of-responsedelivertx). Then, the application handles the transaction: + +1. Upon receiving the transaction, the application first unmarshals it from `[]byte`. +2. Then, it verifies a few things about the transaction like [fee payment and signatures](/docs/sdk/vnext/learn/beginner/gas-fees#antehandler) before extracting the `Msg`(s) contained in the transaction. +3. `sdk.Msg`s are encoded using Protobuf [`Any`s](#register-codec). By analyzing each `Any`'s `type_url`, baseapp's `msgServiceRouter` routes the `sdk.Msg` to the corresponding module's `Msg` service. +4. If the message is successfully processed, the state is updated. + +For more details, see [transaction lifecycle](/docs/sdk/vnext/learn/beginner/tx-lifecycle). + +Module developers create custom `Msg` services when they build their own module. The general practice is to define the `Msg` Protobuf service in a `tx.proto` file. For example, the `x/bank` module defines a service with two methods to transfer tokens: + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/proto/cosmos/bank/v1beta1/tx.proto#L13-L36 +``` + +Service methods use `keeper` in order to update the module state. + +Each module should also implement the `RegisterServices` method as part of the [`AppModule` interface](#application-module-interface). This method should call the `RegisterMsgServer` function provided by the generated Protobuf code. + +### gRPC `Query` Services + +gRPC `Query` services allow users to query the state using [gRPC](https://grpc.io). They are enabled by default, and can be configured under the `grpc.enable` and `grpc.address` fields inside [`app.toml`](/docs/sdk/vnext/user/run-node/run-node#configuring-the-node-using-apptoml-and-configtoml). + +gRPC `Query` services are defined in the module's Protobuf definition files, specifically inside `query.proto`. The `query.proto` definition file exposes a single `Query` [Protobuf service](https://developers.google.com/protocol-buffers/docs/proto#services). Each gRPC query endpoint corresponds to a service method, starting with the `rpc` keyword, inside the `Query` service. + +Protobuf generates a `QueryServer` interface for each module, containing all the service methods. A module's [`keeper`](#keeper) then needs to implement this `QueryServer` interface, by providing the concrete implementation of each service method. This concrete implementation is the handler of the corresponding gRPC query endpoint. + +Finally, each module should also implement the `RegisterServices` method as part of the [`AppModule` interface](#application-module-interface). This method should call the `RegisterQueryServer` function provided by the generated Protobuf code. + +### Keeper + +[`Keepers`](/docs/sdk/vnext/build/building-modules/keeper) are the gatekeepers of their module's store(s). To read or write in a module's store, it is mandatory to go through one of its `keeper`'s methods. This is ensured by the [object-capabilities](/docs/sdk/vnext/learn/advanced/ocap) model of the Cosmos SDK. Only objects that hold the key to a store can access it, and only the module's `keeper` should hold the key(s) to the module's store(s). + +`Keepers` are generally defined in a file called `keeper.go`. It contains the `keeper`'s type definition and methods. + +The `keeper` type definition generally consists of the following: + +* **Key(s)** to the module's store(s) in the multistore. +* Reference to **other module's `keepers`**. Only needed if the `keeper` needs to access other module's store(s) (either to read or write from them). +* A reference to the application's **codec**. The `keeper` needs it to marshal structs before storing them, or to unmarshal them when it retrieves them, because stores only accept `[]bytes` as value. + +Along with the type definition, the next important component of the `keeper.go` file is the `keeper`'s constructor function, `NewKeeper`. This function instantiates a new `keeper` of the type defined above with a `codec`, stores `keys` and potentially references other modules' `keeper`s as parameters. The `NewKeeper` function is called from the [application's constructor](#constructor-function). The rest of the file defines the `keeper`'s methods, which are primarily getters and setters. + +### Command-Line, gRPC Services and REST Interfaces + +Each module defines command-line commands, gRPC services, and REST routes to be exposed to the end-user via the [application's interfaces](#application-interfaces). This enables end-users to create messages of the types defined in the module, or to query the subset of the state managed by the module. + +#### CLI + +Generally, the [commands related to a module](/docs/sdk/vnext/build/building-modules/module-interfaces#cli) are defined in a folder called `client/cli` in the module's folder. The CLI divides commands into two categories, transactions and queries, defined in `client/cli/tx.go` and `client/cli/query.go`, respectively. Both commands are built on top of the [Cobra Library](https://github.com/spf13/cobra): + +* Transactions commands let users generate new transactions so that they can be included in a block and eventually update the state. One command should be created for each [message type](#message-types) defined in the module. The command calls the constructor of the message with the parameters provided by the end-user, and wraps it into a transaction. The Cosmos SDK handles signing and the addition of other transaction metadata. +* Queries let users query the subset of the state defined by the module. Query commands forward queries to the [application's query router](/docs/sdk/vnext/learn/advanced/baseapp#query-routing), which routes them to the appropriate [querier](#querier) the `queryRoute` parameter supplied. + +#### gRPC + +[gRPC](https://grpc.io) is a modern open-source high performance RPC framework that has support in multiple languages. It is the recommended way for external clients (such as wallets, browsers and other backend services) to interact with a node. + +Each module can expose gRPC endpoints called [service methods](https://grpc.io/docs/what-is-grpc/core-concepts/#service-definition), which are defined in the [module's Protobuf `query.proto` file](#grpc-query-services). A service method is defined by its name, input arguments, and output response. The module then needs to perform the following actions: + +* Define a `RegisterGRPCGatewayRoutes` method on `AppModuleBasic` to wire the client gRPC requests to the correct handler inside the module. +* For each service method, define a corresponding handler. The handler implements the core logic necessary to serve the gRPC request, and is located in the `keeper/grpc_query.go` file. + +#### gRPC-gateway REST Endpoints + +Some external clients may not wish to use gRPC. In this case, the Cosmos SDK provides a gRPC gateway service, which exposes each gRPC service as a corresponding REST endpoint. Please refer to the [grpc-gateway](https://grpc-ecosystem.github.io/grpc-gateway/) documentation to learn more. + +The REST endpoints are defined in the Protobuf files, along with the gRPC services, using Protobuf annotations. Modules that want to expose REST queries should add `google.api.http` annotations to their `rpc` methods. By default, all REST endpoints defined in the SDK have a URL starting with the `/cosmos/` prefix. + +The Cosmos SDK also provides a development endpoint to generate [Swagger](https://swagger.io/) definition files for these REST endpoints. This endpoint can be enabled inside the [`app.toml`](/docs/sdk/vnext/user/run-node/run-node#configuring-the-node-using-apptoml-and-configtoml) config file, under the `api.swagger` key. + +## Application Interface + +[Interfaces](#command-line-grpc-services-and-rest-interfaces) let end-users interact with full-node clients. This means querying data from the full-node or creating and sending new transactions to be relayed by the full-node and eventually included in a block. + +The main interface is the [Command-Line Interface](/docs/sdk/vnext/learn/advanced/cli). The CLI of a Cosmos SDK application is built by aggregating [CLI commands](#cli) defined in each of the modules used by the application. The CLI of an application is the same as the daemon (e.g. `appd`), and is defined in a file called `appd/main.go`. The file contains the following: + +* **A `main()` function**, which is executed to build the `appd` interface client. This function prepares each command and adds them to the `rootCmd` before building them. At the root of `appd`, the function adds generic commands like `status`, `keys`, and `config`, query commands, tx commands, and `rest-server`. +* **Query commands**, which are added by calling the `queryCmd` function. This function returns a Cobra command that contains the query commands defined in each of the application's modules (passed as an array of `sdk.ModuleClients` from the `main()` function), as well as some other lower level query commands such as block or validator queries. Query command are called by using the command `appd query [query]` of the CLI. +* **Transaction commands**, which are added by calling the `txCmd` function. Similar to `queryCmd`, the function returns a Cobra command that contains the tx commands defined in each of the application's modules, as well as lower level tx commands like transaction signing or broadcasting. Tx commands are called by using the command `appd tx [tx]` of the CLI. + +See an example of an application's main command-line file from the [Cosmos Hub](https://github.com/cosmos/gaia). + +```go expandable +package cmd + +import ( + + "errors" + "io" + "os" + "path/filepath" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/client/config" + "github.com/cosmos/cosmos-sdk/client/debug" + "github.com/cosmos/cosmos-sdk/client/flags" + "github.com/cosmos/cosmos-sdk/client/keys" + "github.com/cosmos/cosmos-sdk/client/rpc" + "github.com/cosmos/cosmos-sdk/server" + serverconfig "github.com/cosmos/cosmos-sdk/server/config" + servertypes "github.com/cosmos/cosmos-sdk/server/types" + "github.com/cosmos/cosmos-sdk/snapshots" + snapshottypes "github.com/cosmos/cosmos-sdk/snapshots/types" + "github.com/cosmos/cosmos-sdk/store" + sdk "github.com/cosmos/cosmos-sdk/types" + authcmd "github.com/cosmos/cosmos-sdk/x/auth/client/cli" + "github.com/cosmos/cosmos-sdk/x/auth/types" + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" + "github.com/cosmos/cosmos-sdk/x/crisis" + genutilcli "github.com/cosmos/cosmos-sdk/x/genutil/client/cli" + "github.com/spf13/cast" + "github.com/spf13/cobra" + tmcfg "github.com/tendermint/tendermint/config" + tmcli "github.com/tendermint/tendermint/libs/cli" + "github.com/tendermint/tendermint/libs/log" + dbm "github.com/tendermint/tm-db" + + gaia "github.com/cosmos/gaia/v8/app" + "github.com/cosmos/gaia/v8/app/params" +) + +// NewRootCmd creates a new root command for simd. It is called once in the +// main function. +func NewRootCmd() (*cobra.Command, params.EncodingConfig) { + encodingConfig := gaia.MakeTestEncodingConfig() + initClientCtx := client.Context{ +}. + WithCodec(encodingConfig.Codec). + WithInterfaceRegistry(encodingConfig.InterfaceRegistry). + WithTxConfig(encodingConfig.TxConfig). + WithLegacyAmino(encodingConfig.Amino). + WithInput(os.Stdin). + WithAccountRetriever(types.AccountRetriever{ +}). + WithHomeDir(gaia.DefaultNodeHome). + WithViper("") + rootCmd := &cobra.Command{ + Use: "gaiad", + Short: "Stargate Cosmos Hub App", + PersistentPreRunE: func(cmd *cobra.Command, _ []string) + +error { + initClientCtx, err := client.ReadPersistentCommandFlags(initClientCtx, cmd.Flags()) + if err != nil { + return err +} + +initClientCtx, err = config.ReadFromClientConfig(initClientCtx) + if err != nil { + return err +} + if err = client.SetCmdClientContextHandler(initClientCtx, cmd); err != nil { + return err +} + +customTemplate, customGaiaConfig := initAppConfig() + customTMConfig := initTendermintConfig() + +return server.InterceptConfigsPreRunHandler(cmd, customTemplate, customGaiaConfig, customTMConfig) +}, +} + +initRootCmd(rootCmd, encodingConfig) + +return rootCmd, encodingConfig +} + +// initTendermintConfig helps to override default Tendermint Config values. +// return tmcfg.DefaultConfig if no custom configuration is required for the application. +func initTendermintConfig() *tmcfg.Config { + cfg := tmcfg.DefaultConfig() + + // these values put a higher strain on node memory + // cfg.P2P.MaxNumInboundPeers = 100 + // cfg.P2P.MaxNumOutboundPeers = 40 + + return cfg +} + +func initAppConfig() (string, interface{ +}) { + srvCfg := serverconfig.DefaultConfig() + +srvCfg.StateSync.SnapshotInterval = 1000 + srvCfg.StateSync.SnapshotKeepRecent = 10 + + return params.CustomConfigTemplate(), params.CustomAppConfig{ + Config: *srvCfg, + BypassMinFeeMsgTypes: gaia.GetDefaultBypassFeeMessages(), +} +} + +func initRootCmd(rootCmd *cobra.Command, encodingConfig params.EncodingConfig) { + cfg := sdk.GetConfig() + +cfg.Seal() + +rootCmd.AddCommand( + genutilcli.InitCmd(gaia.ModuleBasics, gaia.DefaultNodeHome), + genutilcli.CollectGenTxsCmd(banktypes.GenesisBalancesIterator{ +}, gaia.DefaultNodeHome), + genutilcli.GenTxCmd(gaia.ModuleBasics, encodingConfig.TxConfig, banktypes.GenesisBalancesIterator{ +}, gaia.DefaultNodeHome), + genutilcli.ValidateGenesisCmd(gaia.ModuleBasics), + AddGenesisAccountCmd(gaia.DefaultNodeHome), + tmcli.NewCompletionCmd(rootCmd, true), + testnetCmd(gaia.ModuleBasics, banktypes.GenesisBalancesIterator{ +}), + debug.Cmd(), + config.Cmd(), + ) + ac := appCreator{ + encCfg: encodingConfig, +} + +server.AddCommands(rootCmd, gaia.DefaultNodeHome, ac.newApp, ac.appExport, addModuleInitFlags) + + // add keybase, auxiliary RPC, query, and tx child commands + rootCmd.AddCommand( + rpc.StatusCommand(), + queryCommand(), + txCommand(), + keys.Commands(gaia.DefaultNodeHome), + ) + +rootCmd.AddCommand(server.RosettaCommand(encodingConfig.InterfaceRegistry, encodingConfig.Codec)) +} + +func addModuleInitFlags(startCmd *cobra.Command) { + crisis.AddModuleInitFlags(startCmd) +} + +func queryCommand() *cobra.Command { + cmd := &cobra.Command{ + Use: "query", + Aliases: []string{"q" +}, + Short: "Querying subcommands", + DisableFlagParsing: true, + SuggestionsMinimumDistance: 2, + RunE: client.ValidateCmd, +} + +cmd.AddCommand( + authcmd.GetAccountCmd(), + rpc.ValidatorCommand(), + rpc.BlockCommand(), + authcmd.QueryTxsByEventsCmd(), + authcmd.QueryTxCmd(), + ) + +gaia.ModuleBasics.AddQueryCommands(cmd) + +cmd.PersistentFlags().String(flags.FlagChainID, "", "The network chain ID") + +return cmd +} + +func txCommand() *cobra.Command { + cmd := &cobra.Command{ + Use: "tx", + Short: "Transactions subcommands", + DisableFlagParsing: true, + SuggestionsMinimumDistance: 2, + RunE: client.ValidateCmd, +} + +cmd.AddCommand( + authcmd.GetSignCommand(), + authcmd.GetSignBatchCommand(), + authcmd.GetMultiSignCommand(), + authcmd.GetMultiSignBatchCmd(), + authcmd.GetValidateSignaturesCommand(), + flags.LineBreak, + authcmd.GetBroadcastCommand(), + authcmd.GetEncodeCommand(), + authcmd.GetDecodeCommand(), + authcmd.GetAuxToFeeCommand(), + ) + +gaia.ModuleBasics.AddTxCommands(cmd) + +cmd.PersistentFlags().String(flags.FlagChainID, "", "The network chain ID") + +return cmd +} + +type appCreator struct { + encCfg params.EncodingConfig +} + +func (ac appCreator) + +newApp( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + appOpts servertypes.AppOptions, +) + +servertypes.Application { + var cache sdk.MultiStorePersistentCache + if cast.ToBool(appOpts.Get(server.FlagInterBlockCache)) { + cache = store.NewCommitKVStoreCacheManager() +} + skipUpgradeHeights := make(map[int64]bool) + for _, h := range cast.ToIntSlice(appOpts.Get(server.FlagUnsafeSkipUpgrades)) { + skipUpgradeHeights[int64(h)] = true +} + +pruningOpts, err := server.GetPruningOptionsFromFlags(appOpts) + if err != nil { + panic(err) +} + snapshotDir := filepath.Join(cast.ToString(appOpts.Get(flags.FlagHome)), "data", "snapshots") + +snapshotDB, err := dbm.NewDB("metadata", server.GetAppDBBackend(appOpts), snapshotDir) + if err != nil { + panic(err) +} + +snapshotStore, err := snapshots.NewStore(snapshotDB, snapshotDir) + if err != nil { + panic(err) +} + snapshotOptions := snapshottypes.NewSnapshotOptions( + cast.ToUint64(appOpts.Get(server.FlagStateSyncSnapshotInterval)), + cast.ToUint32(appOpts.Get(server.FlagStateSyncSnapshotKeepRecent)), + ) + +return gaia.NewGaiaApp( + logger, db, traceStore, true, skipUpgradeHeights, + cast.ToString(appOpts.Get(flags.FlagHome)), + cast.ToUint(appOpts.Get(server.FlagInvCheckPeriod)), + ac.encCfg, + appOpts, + baseapp.SetPruning(pruningOpts), + baseapp.SetMinGasPrices(cast.ToString(appOpts.Get(server.FlagMinGasPrices))), + baseapp.SetHaltHeight(cast.ToUint64(appOpts.Get(server.FlagHaltHeight))), + baseapp.SetHaltTime(cast.ToUint64(appOpts.Get(server.FlagHaltTime))), + baseapp.SetMinRetainBlocks(cast.ToUint64(appOpts.Get(server.FlagMinRetainBlocks))), + baseapp.SetInterBlockCache(cache), + baseapp.SetTrace(cast.ToBool(appOpts.Get(server.FlagTrace))), + baseapp.SetIndexEvents(cast.ToStringSlice(appOpts.Get(server.FlagIndexEvents))), + baseapp.SetSnapshot(snapshotStore, snapshotOptions), + ) +} + +func (ac appCreator) + +appExport( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + height int64, + forZeroHeight bool, + jailAllowedAddrs []string, + appOpts servertypes.AppOptions, +) (servertypes.ExportedApp, error) { + homePath, ok := appOpts.Get(flags.FlagHome).(string) + if !ok || homePath == "" { + return servertypes.ExportedApp{ +}, errors.New("application home is not set") +} + +var loadLatest bool + if height == -1 { + loadLatest = true +} + gaiaApp := gaia.NewGaiaApp( + logger, + db, + traceStore, + loadLatest, + map[int64]bool{ +}, + homePath, + cast.ToUint(appOpts.Get(server.FlagInvCheckPeriod)), + ac.encCfg, + appOpts, + ) + if height != -1 { + if err := gaiaApp.LoadHeight(height); err != nil { + return servertypes.ExportedApp{ +}, err +} + +} + +return gaiaApp.ExportAppStateAndValidators(forZeroHeight, jailAllowedAddrs) +} +``` + +## Dependencies and Makefile + +This section is optional, as developers are free to choose their dependency manager and project building method. That said, the current most used framework for versioning control is [`go.mod`](https://github.com/golang/go/wiki/Modules). It ensures each of the libraries used throughout the application are imported with the correct version. + +The following is the `go.mod` of the [Cosmos Hub](https://github.com/cosmos/gaia), provided as an example. + +```go expandable +module github.com/cosmos/gaia/v8 + +go 1.18 + +require ( + cosmossdk.io/math v1.0.0-beta.3 + github.com/cosmos/cosmos-sdk v0.46.2 + github.com/cosmos/go-bip39 v1.0.0 // indirect + github.com/cosmos/ibc-go/v5 v5.0.0 + github.com/gogo/protobuf v1.3.3 + github.com/golang/protobuf v1.5.2 + github.com/golangci/golangci-lint v1.50.0 + github.com/gorilla/mux v1.8.0 + github.com/gravity-devs/liquidity/v2 v2.0.0 + github.com/grpc-ecosystem/grpc-gateway v1.16.0 + github.com/pkg/errors v0.9.1 + github.com/rakyll/statik v0.1.7 + github.com/spf13/cast v1.5.0 + github.com/spf13/cobra v1.6.0 + github.com/spf13/pflag v1.0.5 + github.com/spf13/viper v1.13.0 + github.com/strangelove-ventures/packet-forward-middleware/v2 v2.1.4-0.20220802012200-5a62a55a7f1d + github.com/stretchr/testify v1.8.0 + github.com/tendermint/tendermint v0.34.21 + github.com/tendermint/tm-db v0.6.7 + google.golang.org/genproto v0.0.0-20220815135757-37a418bb8959 + google.golang.org/grpc v1.50.0 +) + +require ( + 4d63.com/gochecknoglobals v0.1.0 // indirect + cloud.google.com/go v0.102.1 // indirect + cloud.google.com/go/compute v1.7.0 // indirect + cloud.google.com/go/iam v0.4.0 // indirect + cloud.google.com/go/storage v1.22.1 // indirect + cosmossdk.io/errors v1.0.0-beta.7 // indirect + filippo.io/edwards25519 v1.0.0-rc.1 // indirect + github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4 // indirect + github.com/99designs/keyring v1.2.1 // indirect + github.com/Abirdcfly/dupword v0.0.7 // indirect + github.com/Antonboom/errname v0.1.7 // indirect + github.com/Antonboom/nilnil v0.1.1 // indirect + github.com/BurntSushi/toml v1.2.0 // indirect + github.com/ChainSafe/go-schnorrkel v0.0.0-20200405005733-88cbf1b4c40d // indirect + github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24 // indirect + github.com/GaijinEntertainment/go-exhaustruct/v2 v2.3.0 // indirect + github.com/Masterminds/semver v1.5.0 // indirect + github.com/OpenPeeDeeP/depguard v1.1.1 // indirect + github.com/Workiva/go-datastructures v1.0.53 // indirect + github.com/alexkohler/prealloc v1.0.0 // indirect + github.com/alingse/asasalint v0.0.11 // indirect + github.com/armon/go-metrics v0.4.0 // indirect + github.com/ashanbrown/forbidigo v1.3.0 // indirect + github.com/ashanbrown/makezero v1.1.1 // indirect + github.com/aws/aws-sdk-go v1.40.45 // indirect + github.com/beorn7/perks v1.0.1 // indirect + github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect + github.com/bgentry/speakeasy v0.1.0 // indirect + github.com/bkielbasa/cyclop v1.2.0 // indirect + github.com/blizzy78/varnamelen v0.8.0 // indirect + github.com/bombsimon/wsl/v3 v3.3.0 // indirect + github.com/breml/bidichk v0.2.3 // indirect + github.com/breml/errchkjson v0.3.0 // indirect + github.com/btcsuite/btcd v0.22.1 // indirect + github.com/butuzov/ireturn v0.1.1 // indirect + github.com/cenkalti/backoff/v4 v4.1.3 // indirect + github.com/cespare/xxhash v1.1.0 // indirect + github.com/cespare/xxhash/v2 v2.1.2 // indirect + github.com/charithe/durationcheck v0.0.9 // indirect + github.com/chavacava/garif v0.0.0-20220630083739-93517212f375 // indirect + github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e // indirect + github.com/cockroachdb/apd/v2 v2.0.2 // indirect + github.com/coinbase/rosetta-sdk-go v0.7.9 // indirect + github.com/confio/ics23/go v0.7.0 // indirect + github.com/cosmos/btcutil v1.0.4 // indirect + github.com/cosmos/cosmos-proto v1.0.0-alpha7 // indirect + github.com/cosmos/gorocksdb v1.2.0 // indirect + github.com/cosmos/iavl v0.19.2-0.20220916140702-9b6be3095313 // indirect + github.com/cosmos/ledger-cosmos-go v0.11.1 // indirect + github.com/cosmos/ledger-go v0.9.3 // indirect + github.com/creachadair/taskgroup v0.3.2 // indirect + github.com/curioswitch/go-reassign v0.2.0 // indirect + github.com/daixiang0/gci v0.8.0 // indirect + github.com/danieljoos/wincred v1.1.2 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/denis-tingaikin/go-header v0.4.3 // indirect + github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f // indirect + github.com/dgraph-io/badger/v2 v2.2007.4 // indirect + github.com/dgraph-io/ristretto v0.1.0 // indirect + github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 // indirect + github.com/dustin/go-humanize v1.0.0 // indirect + github.com/dvsekhvalnov/jose2go v1.5.0 // indirect + github.com/esimonov/ifshort v1.0.4 // indirect + github.com/ettle/strcase v0.1.1 // indirect + github.com/fatih/color v1.13.0 // indirect + github.com/fatih/structtag v1.2.0 // indirect + github.com/felixge/httpsnoop v1.0.1 // indirect + github.com/firefart/nonamedreturns v1.0.4 // indirect + github.com/fsnotify/fsnotify v1.5.4 // indirect + github.com/fzipp/gocyclo v0.6.0 // indirect + github.com/go-critic/go-critic v0.6.5 // indirect + github.com/go-kit/kit v0.12.0 // indirect + github.com/go-kit/log v0.2.1 // indirect + github.com/go-logfmt/logfmt v0.5.1 // indirect + github.com/go-playground/validator/v10 v10.4.1 // indirect + github.com/go-toolsmith/astcast v1.0.0 // indirect + github.com/go-toolsmith/astcopy v1.0.2 // indirect + github.com/go-toolsmith/astequal v1.0.3 // indirect + github.com/go-toolsmith/astfmt v1.0.0 // indirect + github.com/go-toolsmith/astp v1.0.0 // indirect + github.com/go-toolsmith/strparse v1.0.0 // indirect + github.com/go-toolsmith/typep v1.0.2 // indirect + github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b // indirect + github.com/gobwas/glob v0.2.3 // indirect + github.com/godbus/dbus v0.0.0-20190726142602-4481cbc300e2 // indirect + github.com/gofrs/flock v0.8.1 // indirect + github.com/gogo/gateway v1.1.0 // indirect + github.com/golang/glog v1.0.0 // indirect + github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect + github.com/golang/snappy v0.0.4 // indirect + github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2 // indirect + github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a // indirect + github.com/golangci/go-misc v0.0.0-20220329215616-d24fe342adfe // indirect + github.com/golangci/gofmt v0.0.0-20220901101216-f2edd75033f2 // indirect + github.com/golangci/lint-1 v0.0.0-20191013205115-297bf364a8e0 // indirect + github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca // indirect + github.com/golangci/misspell v0.3.5 // indirect + github.com/golangci/revgrep v0.0.0-20220804021717-745bb2f7c2e6 // indirect + github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4 // indirect + github.com/google/btree v1.0.1 // indirect + github.com/google/go-cmp v0.5.9 // indirect + github.com/google/orderedcode v0.0.1 // indirect + github.com/google/uuid v1.3.0 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.1.0 // indirect + github.com/googleapis/gax-go/v2 v2.4.0 // indirect + github.com/googleapis/go-type-adapters v1.0.0 // indirect + github.com/gordonklaus/ineffassign v0.0.0-20210914165742-4cc7213b9bc8 // indirect + github.com/gorilla/handlers v1.5.1 // indirect + github.com/gorilla/websocket v1.5.0 // indirect + github.com/gostaticanalysis/analysisutil v0.7.1 // indirect + github.com/gostaticanalysis/comment v1.4.2 // indirect + github.com/gostaticanalysis/forcetypeassert v0.1.0 // indirect + github.com/gostaticanalysis/nilerr v0.1.1 // indirect + github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.0.1 // indirect + github.com/gsterjov/go-libsecret v0.0.0-20161001094733-a6f4afe4910c // indirect + github.com/gtank/merlin v0.1.1 // indirect + github.com/gtank/ristretto255 v0.1.2 // indirect + github.com/hashicorp/errwrap v1.1.0 // indirect + github.com/hashicorp/go-cleanhttp v0.5.2 // indirect + github.com/hashicorp/go-getter v1.6.1 // indirect + github.com/hashicorp/go-immutable-radix v1.3.1 // indirect + github.com/hashicorp/go-multierror v1.1.1 // indirect + github.com/hashicorp/go-safetemp v1.0.0 // indirect + github.com/hashicorp/go-version v1.6.0 // indirect + github.com/hashicorp/golang-lru v0.5.5-0.20210104140557-80c98217689d // indirect + github.com/hashicorp/hcl v1.0.0 // indirect + github.com/hdevalence/ed25519consensus v0.0.0-20220222234857-c00d1f31bab3 // indirect + github.com/hexops/gotextdiff v1.0.3 // indirect + github.com/improbable-eng/grpc-web v0.15.0 // indirect + github.com/inconshreveable/mousetrap v1.0.1 // indirect + github.com/jgautheron/goconst v1.5.1 // indirect + github.com/jingyugao/rowserrcheck v1.1.1 // indirect + github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af // indirect + github.com/jmespath/go-jmespath v0.4.0 // indirect + github.com/jmhodges/levigo v1.0.0 // indirect + github.com/julz/importas v0.1.0 // indirect + github.com/kisielk/errcheck v1.6.2 // indirect + github.com/kisielk/gotool v1.0.0 // indirect + github.com/kkHAIKE/contextcheck v1.1.2 // indirect + github.com/klauspost/compress v1.15.9 // indirect + github.com/kulti/thelper v0.6.3 // indirect + github.com/kunwardeep/paralleltest v1.0.6 // indirect + github.com/kyoh86/exportloopref v0.1.8 // indirect + github.com/ldez/gomoddirectives v0.2.3 // indirect + github.com/ldez/tagliatelle v0.3.1 // indirect + github.com/leonklingele/grouper v1.1.0 // indirect + github.com/lib/pq v1.10.6 // indirect + github.com/libp2p/go-buffer-pool v0.1.0 // indirect + github.com/lufeee/execinquery v1.2.1 // indirect + github.com/magiconair/properties v1.8.6 // indirect + github.com/manifoldco/promptui v0.9.0 // indirect + github.com/maratori/testableexamples v1.0.0 // indirect + github.com/maratori/testpackage v1.1.0 // indirect + github.com/matoous/godox v0.0.0-20210227103229-6504466cf951 // indirect + github.com/mattn/go-colorable v0.1.13 // indirect + github.com/mattn/go-isatty v0.0.16 // indirect + github.com/mattn/go-runewidth v0.0.9 // indirect + github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect + github.com/mbilski/exhaustivestruct v1.2.0 // indirect + github.com/mgechev/revive v1.2.4 // indirect + github.com/mimoo/StrobeGo v0.0.0-20181016162300-f8f6d4d2b643 // indirect + github.com/minio/highwayhash v1.0.2 // indirect + github.com/mitchellh/go-homedir v1.1.0 // indirect + github.com/mitchellh/go-testing-interface v1.0.0 // indirect + github.com/mitchellh/mapstructure v1.5.0 // indirect + github.com/moricho/tparallel v0.2.1 // indirect + github.com/mtibben/percent v0.2.1 // indirect + github.com/nakabonne/nestif v0.3.1 // indirect + github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 // indirect + github.com/nishanths/exhaustive v0.8.3 // indirect + github.com/nishanths/predeclared v0.2.2 // indirect + github.com/olekukonko/tablewriter v0.0.5 // indirect + github.com/pelletier/go-toml v1.9.5 // indirect + github.com/pelletier/go-toml/v2 v2.0.5 // indirect + github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5 // indirect + github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/polyfloyd/go-errorlint v1.0.5 // indirect + github.com/prometheus/client_golang v1.12.2 // indirect + github.com/prometheus/client_model v0.2.0 // indirect + github.com/prometheus/common v0.34.0 // indirect + github.com/prometheus/procfs v0.7.3 // indirect + github.com/quasilyte/go-ruleguard v0.3.18 // indirect + github.com/quasilyte/gogrep v0.0.0-20220828223005-86e4605de09f // indirect + github.com/quasilyte/regex/syntax v0.0.0-20200407221936-30656e2c4a95 // indirect + github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 // indirect + github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 // indirect + github.com/regen-network/cosmos-proto v0.3.1 // indirect + github.com/rs/cors v1.8.2 // indirect + github.com/rs/zerolog v1.27.0 // indirect + github.com/ryancurrah/gomodguard v1.2.4 // indirect + github.com/ryanrolds/sqlclosecheck v0.3.0 // indirect + github.com/sanposhiho/wastedassign/v2 v2.0.6 // indirect + github.com/sasha-s/go-deadlock v0.2.1-0.20190427202633-1595213edefa // indirect + github.com/sashamelentyev/interfacebloat v1.1.0 // indirect + github.com/sashamelentyev/usestdlibvars v1.20.0 // indirect + github.com/securego/gosec/v2 v2.13.1 // indirect + github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c // indirect + github.com/sirupsen/logrus v1.9.0 // indirect + github.com/sivchari/containedctx v1.0.2 // indirect + github.com/sivchari/nosnakecase v1.7.0 // indirect + github.com/sivchari/tenv v1.7.0 // indirect + github.com/sonatard/noctx v0.0.1 // indirect + github.com/sourcegraph/go-diff v0.6.1 // indirect + github.com/spf13/afero v1.8.2 // indirect + github.com/spf13/jwalterweatherman v1.1.0 // indirect + github.com/ssgreg/nlreturn/v2 v2.2.1 // indirect + github.com/stbenjam/no-sprintf-host-port v0.1.1 // indirect + github.com/stretchr/objx v0.4.0 // indirect + github.com/subosito/gotenv v1.4.1 // indirect + github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7 // indirect + github.com/tdakkota/asciicheck v0.1.1 // indirect + github.com/tendermint/btcd v0.1.1 // indirect + github.com/tendermint/crypto v0.0.0-20191022145703-50d29ede1e15 // indirect + github.com/tendermint/go-amino v0.16.0 // indirect + github.com/tetafro/godot v1.4.11 // indirect + github.com/timakin/bodyclose v0.0.0-20210704033933-f49887972144 // indirect + github.com/timonwong/loggercheck v0.9.3 // indirect + github.com/tomarrell/wrapcheck/v2 v2.6.2 // indirect + github.com/tommy-muehle/go-mnd/v2 v2.5.0 // indirect + github.com/ulikunitz/xz v0.5.8 // indirect + github.com/ultraware/funlen v0.0.3 // indirect + github.com/ultraware/whitespace v0.0.5 // indirect + github.com/uudashr/gocognit v1.0.6 // indirect + github.com/yagipy/maintidx v1.0.0 // indirect + github.com/yeya24/promlinter v0.2.0 // indirect + github.com/zondax/hid v0.9.1-0.20220302062450-5552068d2266 // indirect + gitlab.com/bosi/decorder v0.2.3 // indirect + go.etcd.io/bbolt v1.3.6 // indirect + go.opencensus.io v0.23.0 // indirect + go.uber.org/atomic v1.9.0 // indirect + go.uber.org/multierr v1.8.0 // indirect + go.uber.org/zap v1.21.0 // indirect + golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa // indirect + golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect + golang.org/x/exp/typeparams v0.0.0-20220827204233-334a2380cb91 // indirect + golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect + golang.org/x/net v0.0.0-20220726230323-06994584191e // indirect + golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2 // indirect + golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde // indirect + golang.org/x/sys v0.0.0-20220915200043-7b5979e65e41 // indirect + golang.org/x/term v0.0.0-20220722155259-a9ba230a4035 // indirect + golang.org/x/text v0.3.7 // indirect + golang.org/x/tools v0.1.12 // indirect + golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect + google.golang.org/api v0.93.0 // indirect + google.golang.org/appengine v1.6.7 // indirect + google.golang.org/protobuf v1.28.1 // indirect + gopkg.in/ini.v1 v1.67.0 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + honnef.co/go/tools v0.3.3 // indirect + mvdan.cc/gofumpt v0.4.0 // indirect + mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed // indirect + mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b // indirect + mvdan.cc/unparam v0.0.0-20220706161116-678bad134442 // indirect + nhooyr.io/websocket v1.8.6 // indirect + sigs.k8s.io/yaml v1.3.0 // indirect +) + +replace ( + github.com/gogo/protobuf => github.com/regen-network/protobuf v1.3.3-alpha.regen.1 + github.com/zondax/hid => github.com/zondax/hid v0.9.0 +) +``` + +For building the application, a [Makefile](https://en.wikipedia.org/wiki/Makefile) is generally used. The Makefile primarily ensures that the `go.mod` is run before building the two entrypoints to the application, [`Node Client`](#node-client) and [`Application Interface`](#application-interface). + +Here is an example of the [Cosmos Hub Makefile](https://github.com/cosmos/gaia/blob/main/Makefile). diff --git a/docs/sdk/next/learn/beginner/gas-fees.mdx b/docs/sdk/next/learn/beginner/gas-fees.mdx new file mode 100644 index 00000000..ed03cd77 --- /dev/null +++ b/docs/sdk/next/learn/beginner/gas-fees.mdx @@ -0,0 +1,623 @@ +--- +title: Gas and Fees +--- + +**Synopsis** +This document describes the default strategies to handle gas and fees within a Cosmos SDK application. + + + +**Pre-requisite Readings** + +* [Anatomy of a Cosmos SDK Application](/docs/sdk/vnext/learn/beginner/app-anatomy) + + + +## Introduction to `Gas` and `Fees` + +In the Cosmos SDK, `gas` is a special unit that is used to track the consumption of resources during execution. `gas` is typically consumed whenever read and writes are made to the store, but it can also be consumed if expensive computation needs to be done. It serves two main purposes: + +* Make sure blocks are not consuming too many resources and are finalized. This is implemented by default in the Cosmos SDK via the [block gas meter](#block-gas-meter). +* Prevent spam and abuse from end-user. To this end, `gas` consumed during [`message`](/docs/sdk/vnext/build/building-modules/messages-and-queries#messages) execution is typically priced, resulting in a `fee` (`fees = gas * gas-prices`). `fees` generally have to be paid by the sender of the `message`. Note that the Cosmos SDK does not enforce `gas` pricing by default, as there may be other ways to prevent spam (e.g. bandwidth schemes). Still, most applications implement `fee` mechanisms to prevent spam by using the [`AnteHandler`](#antehandler). + +## Gas Meter + +In the Cosmos SDK, `gas` is a simple alias for `uint64`, and is managed by an object called a *gas meter*. Gas meters implement the `GasMeter` interface: + +```go expandable +package types + +import ( + + "fmt" + "math" +) + +// Gas consumption descriptors. +const ( + GasIterNextCostFlatDesc = "IterNextFlat" + GasValuePerByteDesc = "ValuePerByte" + GasWritePerByteDesc = "WritePerByte" + GasReadPerByteDesc = "ReadPerByte" + GasWriteCostFlatDesc = "WriteFlat" + GasReadCostFlatDesc = "ReadFlat" + GasHasDesc = "Has" + GasDeleteDesc = "Delete" +) + +// Gas measured by the SDK +type Gas = uint64 + +// ErrorNegativeGasConsumed defines an error thrown when the amount of gas refunded results in a +// negative gas consumed amount. +type ErrorNegativeGasConsumed struct { + Descriptor string +} + +// ErrorOutOfGas defines an error thrown when an action results in out of gas. +type ErrorOutOfGas struct { + Descriptor string +} + +// ErrorGasOverflow defines an error thrown when an action results gas consumption +// unsigned integer overflow. +type ErrorGasOverflow struct { + Descriptor string +} + +// GasMeter interface to track gas consumption +type GasMeter interface { + GasConsumed() + +Gas + GasConsumedToLimit() + +Gas + GasRemaining() + +Gas + Limit() + +Gas + ConsumeGas(amount Gas, descriptor string) + +RefundGas(amount Gas, descriptor string) + +IsPastLimit() + +bool + IsOutOfGas() + +bool + String() + +string +} + +type basicGasMeter struct { + limit Gas + consumed Gas +} + +// NewGasMeter returns a reference to a new basicGasMeter. +func NewGasMeter(limit Gas) + +GasMeter { + return &basicGasMeter{ + limit: limit, + consumed: 0, +} +} + +// GasConsumed returns the gas consumed from the GasMeter. +func (g *basicGasMeter) + +GasConsumed() + +Gas { + return g.consumed +} + +// GasRemaining returns the gas left in the GasMeter. +func (g *basicGasMeter) + +GasRemaining() + +Gas { + if g.IsPastLimit() { + return 0 +} + +return g.limit - g.consumed +} + +// Limit returns the gas limit of the GasMeter. +func (g *basicGasMeter) + +Limit() + +Gas { + return g.limit +} + +// GasConsumedToLimit returns the gas limit if gas consumed is past the limit, +// otherwise it returns the consumed gas. +// +// NOTE: This behavior is only called when recovering from panic when +// BlockGasMeter consumes gas past the limit. +func (g *basicGasMeter) + +GasConsumedToLimit() + +Gas { + if g.IsPastLimit() { + return g.limit +} + +return g.consumed +} + +// addUint64Overflow performs the addition operation on two uint64 integers and +// returns a boolean on whether or not the result overflows. +func addUint64Overflow(a, b uint64) (uint64, bool) { + if math.MaxUint64-a < b { + return 0, true +} + +return a + b, false +} + +// ConsumeGas adds the given amount of gas to the gas consumed and panics if it overflows the limit or out of gas. +func (g *basicGasMeter) + +ConsumeGas(amount Gas, descriptor string) { + var overflow bool + g.consumed, overflow = addUint64Overflow(g.consumed, amount) + if overflow { + g.consumed = math.MaxUint64 + panic(ErrorGasOverflow{ + descriptor +}) +} + if g.consumed > g.limit { + panic(ErrorOutOfGas{ + descriptor +}) +} +} + +// RefundGas will deduct the given amount from the gas consumed. If the amount is greater than the +// gas consumed, the function will panic. +// +// Use case: This functionality enables refunding gas to the transaction or block gas pools so that +// EVM-compatible chains can fully support the go-ethereum StateDb interface. +// See https://github.com/cosmos/cosmos-sdk/pull/9403 for reference. +func (g *basicGasMeter) + +RefundGas(amount Gas, descriptor string) { + if g.consumed < amount { + panic(ErrorNegativeGasConsumed{ + Descriptor: descriptor +}) +} + +g.consumed -= amount +} + +// IsPastLimit returns true if gas consumed is past limit, otherwise it returns false. +func (g *basicGasMeter) + +IsPastLimit() + +bool { + return g.consumed > g.limit +} + +// IsOutOfGas returns true if gas consumed is greater than or equal to gas limit, otherwise it returns false. +func (g *basicGasMeter) + +IsOutOfGas() + +bool { + return g.consumed >= g.limit +} + +// String returns the BasicGasMeter's gas limit and gas consumed. +func (g *basicGasMeter) + +String() + +string { + return fmt.Sprintf("BasicGasMeter:\n limit: %d\n consumed: %d", g.limit, g.consumed) +} + +type infiniteGasMeter struct { + consumed Gas +} + +// NewInfiniteGasMeter returns a new gas meter without a limit. +func NewInfiniteGasMeter() + +GasMeter { + return &infiniteGasMeter{ + consumed: 0, +} +} + +// GasConsumed returns the gas consumed from the GasMeter. +func (g *infiniteGasMeter) + +GasConsumed() + +Gas { + return g.consumed +} + +// GasConsumedToLimit returns the gas consumed from the GasMeter since the gas is not confined to a limit. +// NOTE: This behavior is only called when recovering from panic when BlockGasMeter consumes gas past the limit. +func (g *infiniteGasMeter) + +GasConsumedToLimit() + +Gas { + return g.consumed +} + +// GasRemaining returns MaxUint64 since limit is not confined in infiniteGasMeter. +func (g *infiniteGasMeter) + +GasRemaining() + +Gas { + return math.MaxUint64 +} + +// Limit returns MaxUint64 since limit is not confined in infiniteGasMeter. +func (g *infiniteGasMeter) + +Limit() + +Gas { + return math.MaxUint64 +} + +// ConsumeGas adds the given amount of gas to the gas consumed and panics if it overflows the limit. +func (g *infiniteGasMeter) + +ConsumeGas(amount Gas, descriptor string) { + var overflow bool + // TODO: Should we set the consumed field after overflow checking? + g.consumed, overflow = addUint64Overflow(g.consumed, amount) + if overflow { + panic(ErrorGasOverflow{ + descriptor +}) +} +} + +// RefundGas will deduct the given amount from the gas consumed. If the amount is greater than the +// gas consumed, the function will panic. +// +// Use case: This functionality enables refunding gas to the trasaction or block gas pools so that +// EVM-compatible chains can fully support the go-ethereum StateDb interface. +// See https://github.com/cosmos/cosmos-sdk/pull/9403 for reference. +func (g *infiniteGasMeter) + +RefundGas(amount Gas, descriptor string) { + if g.consumed < amount { + panic(ErrorNegativeGasConsumed{ + Descriptor: descriptor +}) +} + +g.consumed -= amount +} + +// IsPastLimit returns false since the gas limit is not confined. +func (g *infiniteGasMeter) + +IsPastLimit() + +bool { + return false +} + +// IsOutOfGas returns false since the gas limit is not confined. +func (g *infiniteGasMeter) + +IsOutOfGas() + +bool { + return false +} + +// String returns the InfiniteGasMeter's gas consumed. +func (g *infiniteGasMeter) + +String() + +string { + return fmt.Sprintf("InfiniteGasMeter:\n consumed: %d", g.consumed) +} + +// GasConfig defines gas cost for each operation on KVStores +type GasConfig struct { + HasCost Gas + DeleteCost Gas + ReadCostFlat Gas + ReadCostPerByte Gas + WriteCostFlat Gas + WriteCostPerByte Gas + IterNextCostFlat Gas +} + +// KVGasConfig returns a default gas config for KVStores. +func KVGasConfig() + +GasConfig { + return GasConfig{ + HasCost: 1000, + DeleteCost: 1000, + ReadCostFlat: 1000, + ReadCostPerByte: 3, + WriteCostFlat: 2000, + WriteCostPerByte: 30, + IterNextCostFlat: 30, +} +} + +// TransientGasConfig returns a default gas config for TransientStores. +func TransientGasConfig() + +GasConfig { + return GasConfig{ + HasCost: 100, + DeleteCost: 100, + ReadCostFlat: 100, + ReadCostPerByte: 0, + WriteCostFlat: 200, + WriteCostPerByte: 3, + IterNextCostFlat: 3, +} +} +``` + +where: + +* `GasConsumed()` returns the amount of gas that was consumed by the gas meter instance. +* `GasConsumedToLimit()` returns the amount of gas that was consumed by the gas meter instance, or the limit if it is reached. +* `GasRemaining()` returns the gas left in the GasMeter. +* `Limit()` returns the limit of the gas meter instance. `0` if the gas meter is infinite. +* `ConsumeGas(amount Gas, descriptor string)` consumes the amount of `gas` provided. If the `gas` overflows, it panics with the `descriptor` message. If the gas meter is not infinite, it panics if `gas` consumed goes above the limit. +* `RefundGas()` deducts the given amount from the gas consumed. This functionality enables refunding gas to the transaction or block gas pools so that EVM-compatible chains can fully support the go-ethereum StateDB interface. +* `IsPastLimit()` returns `true` if the amount of gas consumed by the gas meter instance is strictly above the limit, `false` otherwise. +* `IsOutOfGas()` returns `true` if the amount of gas consumed by the gas meter instance is above or equal to the limit, `false` otherwise. + +The gas meter is generally held in [`ctx`](/docs/sdk/vnext/learn/advanced/context), and consuming gas is done with the following pattern: + +```go +ctx.GasMeter().ConsumeGas(amount, "description") +``` + +By default, the Cosmos SDK makes use of two different gas meters, the [main gas meter](#main-gas-meter) and the [block gas meter](#block-gas-meter). + +### Main Gas Meter + +`ctx.GasMeter()` is the main gas meter of the application. The main gas meter is initialized in `FinalizeBlock` via `setFinalizeBlockState`, and then tracks gas consumption during execution sequences that lead to state-transitions, i.e. those originally triggered by [`FinalizeBlock`](/docs/sdk/vnext/learn/advanced/baseapp#finalizeblock). At the beginning of each transaction execution, the main gas meter **must be set to 0** in the [`AnteHandler`](#antehandler), so that it can track gas consumption per-transaction. + +Gas consumption can be done manually, generally by the module developer in the [`BeginBlocker`, `EndBlocker`](/docs/sdk/vnext/build/building-modules/beginblock-endblock) or [`Msg` service](/docs/sdk/vnext/build/building-modules/msg-services), but most of the time it is done automatically whenever there is a read or write to the store. This automatic gas consumption logic is implemented in a special store called [`GasKv`](/docs/sdk/vnext/learn/advanced/store#gaskv-store). + +### Block Gas Meter + +`ctx.BlockGasMeter()` is the gas meter used to track gas consumption per block and make sure it does not go above a certain limit. + +During the genesis phase, gas consumption is unlimited to accommodate initialization transactions. + +```go +app.finalizeBlockState.SetContext(app.finalizeBlockState.Context().WithBlockGasMeter(storetypes.NewInfiniteGasMeter())) +``` + +Following the genesis block, the block gas meter is set to a finite value by the SDK. This transition is facilitated by the consensus engine (e.g., CometBFT) calling the `RequestFinalizeBlock` function, which in turn triggers the SDK's `FinalizeBlock` method. Within `FinalizeBlock`, `internalFinalizeBlock` is executed, performing necessary state updates and function executions. The block gas meter, initialized each with a finite limit, is then incorporated into the context for transaction execution, ensuring gas consumption does not exceed the block's gas limit and is reset at the end of each block. + +Modules within the Cosmos SDK can consume block gas at any point during their execution by utilizing the `ctx`. This gas consumption primarily occurs during state read/write operations and transaction processing. The block gas meter, accessible via `ctx.BlockGasMeter()`, monitors the total gas usage within a block, enforcing the gas limit to prevent excessive computation. This ensures that gas limits are adhered to on a per-block basis, starting from the first block post-genesis. + +```go +gasMeter := app.getBlockGasMeter(app.finalizeBlockState.Context()) + +app.finalizeBlockState.SetContext(app.finalizeBlockState.Context().WithBlockGasMeter(gasMeter)) +``` + +The above shows the general mechanism for setting the block gas meter with a finite limit based on the block's consensus parameters. + +## AnteHandler + +The `AnteHandler` is run for every transaction during `CheckTx` and `FinalizeBlock`, before a Protobuf `Msg` service method for each `sdk.Msg` in the transaction. + +The anteHandler is not implemented in the core Cosmos SDK but in a module. That said, most applications today use the default implementation defined in the [`auth` module](https://github.com/cosmos/cosmos-sdk/tree/main/x/auth). Here is what the `anteHandler` is intended to do in a normal Cosmos SDK application: + +* Verify that the transactions are of the correct type. Transaction types are defined in the module that implements the `anteHandler`, and they follow the transaction interface: + +```go expandable +package types + +import ( + + "encoding/json" + fmt "fmt" + strings "strings" + "time" + "github.com/cosmos/gogoproto/proto" + protov2 "google.golang.org/protobuf/proto" + "github.com/cosmos/cosmos-sdk/codec" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" +) + +type ( + // Msg defines the interface a transaction message needed to fulfill. + Msg = proto.Message + + // LegacyMsg defines the interface a transaction message needed to fulfill up through + // v0.47. + LegacyMsg interface { + Msg + + // GetSigners returns the addrs of signers that must sign. + // CONTRACT: All signatures must be present to be valid. + // CONTRACT: Returns addrs in some deterministic order. + GetSigners() []AccAddress +} + + // Fee defines an interface for an application application-defined concrete + // transaction type to be able to set and return the transaction fee. + Fee interface { + GetGas() + +uint64 + GetAmount() + +Coins +} + + // Signature defines an interface for an application application-defined + // concrete transaction type to be able to set and return transaction signatures. + Signature interface { + GetPubKey() + +cryptotypes.PubKey + GetSignature() []byte +} + + // HasMsgs defines an interface a transaction must fulfill. + HasMsgs interface { + // GetMsgs gets the all the transaction's messages. + GetMsgs() []Msg +} + + // Tx defines an interface a transaction must fulfill. + Tx interface { + HasMsgs + + // GetMsgsV2 gets the transaction's messages as google.golang.org/protobuf/proto.Message's. + GetMsgsV2() ([]protov2.Message, error) +} + + // FeeTx defines the interface to be implemented by Tx to use the FeeDecorators + FeeTx interface { + Tx + GetGas() + +uint64 + GetFee() + +Coins + FeePayer() []byte + FeeGranter() []byte +} + + // TxWithMemo must have GetMemo() + +method to use ValidateMemoDecorator + TxWithMemo interface { + Tx + GetMemo() + +string +} + + // TxWithTimeoutTimeStamp extends the Tx interface by allowing a transaction to + // set a timeout timestamp. + TxWithTimeoutTimeStamp interface { + Tx + + GetTimeoutTimeStamp() + +time.Time +} + + // TxWithTimeoutHeight extends the Tx interface by allowing a transaction to + // set a height timeout. + TxWithTimeoutHeight interface { + Tx + + GetTimeoutHeight() + +uint64 +} + + // TxWithUnordered extends the Tx interface by allowing a transaction to set + // the unordered field, which implicitly relies on TxWithTimeoutTimeStamp. + TxWithUnordered interface { + TxWithTimeoutTimeStamp + + GetUnordered() + +bool +} + + // HasValidateBasic defines a type that has a ValidateBasic method. + // ValidateBasic is deprecated and now facultative. + // Prefer validating messages directly in the msg server. + HasValidateBasic interface { + // ValidateBasic does a simple validation check that + // doesn't require access to any other information. + ValidateBasic() + +error +} +) + +// TxDecoder unmarshals transaction bytes +type TxDecoder func(txBytes []byte) (Tx, error) + +// TxEncoder marshals transaction to bytes +type TxEncoder func(tx Tx) ([]byte, error) + +// MsgTypeURL returns the TypeURL of a `sdk.Msg`. +var MsgTypeURL = codectypes.MsgTypeURL + +// GetMsgFromTypeURL returns a `sdk.Msg` message type from a type URL +func GetMsgFromTypeURL(cdc codec.Codec, input string) (Msg, error) { + var msg Msg + bz, err := json.Marshal(struct { + Type string `json:"@type"` +}{ + Type: input, +}) + if err != nil { + return nil, err +} + if err := cdc.UnmarshalInterfaceJSON(bz, &msg); err != nil { + return nil, fmt.Errorf("failed to determine sdk.Msg for %s URL : %w", input, err) +} + +return msg, nil +} + +// GetModuleNameFromTypeURL assumes that module name is the second element of the msg type URL +// e.g. "cosmos.bank.v1beta1.MsgSend" => "bank" +// It returns an empty string if the input is not a valid type URL +func GetModuleNameFromTypeURL(input string) + +string { + moduleName := strings.Split(input, ".") + if len(moduleName) > 1 { + return moduleName[1] +} + +return "" +} +``` + +This enables developers to play with various types for the transaction of their application. In the default `auth` module, the default transaction type is `Tx`: + +```protobuf +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.53.0-rc.2/proto/cosmos/tx/v1beta1/tx.proto#L15-L28 +``` + +* Verify signatures for each [`message`](/docs/sdk/vnext/build/building-modules/messages-and-queries#messages) contained in the transaction. Each `message` should be signed by one or multiple sender(s), and these signatures must be verified in the `anteHandler`. +* During `CheckTx`, verify that the gas prices provided with the transaction are greater than the local `min-gas-prices` (as a reminder, gas-prices can be deducted from the following equation: `fees = gas * gas-prices`). `min-gas-prices` is a parameter local to each full-node and used during `CheckTx` to discard transactions that do not provide a minimum amount of fees. This ensures that the mempool cannot be spammed with garbage transactions. +* Verify that the sender of the transaction has enough funds to cover for the `fees`. When the end-user generates a transaction, they must indicate 2 of the 3 following parameters (the third one being implicit): `fees`, `gas` and `gas-prices`. This signals how much they are willing to pay for nodes to execute their transaction. The provided `gas` value is stored in a parameter called `GasWanted` for later use. +* Set `newCtx.GasMeter` to 0, with a limit of `GasWanted`. **This step is crucial**, as it not only makes sure the transaction cannot consume infinite gas, but also that `ctx.GasMeter` is reset in-between each transaction (`ctx` is set to `newCtx` after `anteHandler` is run, and the `anteHandler` is run each time a transaction executes). + +As explained above, the `anteHandler` returns a maximum limit of `gas` the transaction can consume during execution called `GasWanted`. The actual amount consumed in the end is denominated `GasUsed`, and we must therefore have `GasUsed =< GasWanted`. Both `GasWanted` and `GasUsed` are relayed to the underlying consensus engine when [`FinalizeBlock`](/docs/sdk/vnext/learn/advanced/baseapp#finalizeblock) returns. diff --git a/docs/sdk/next/learn/beginner/query-lifecycle.mdx b/docs/sdk/next/learn/beginner/query-lifecycle.mdx new file mode 100644 index 00000000..4302b177 --- /dev/null +++ b/docs/sdk/next/learn/beginner/query-lifecycle.mdx @@ -0,0 +1,1592 @@ +--- +title: Query Lifecycle +--- + +**Synopsis** +This document describes the lifecycle of a query in a Cosmos SDK application, from the user interface to application stores and back. The query is referred to as `MyQuery`. + + + +**Pre-requisite Readings** + +* [Transaction Lifecycle](/docs/sdk/vnext/learn/beginner/tx-lifecycle) + + +## Query Creation + +A [**query**](/docs/sdk/vnext/build/building-modules/messages-and-queries#queries) is a request for information made by end-users of applications through an interface and processed by a full-node. Users can query information about the network, the application itself, and application state directly from the application's stores or modules. Note that queries are different from [transactions](/docs/sdk/vnext/learn/advanced/transactions) (view the lifecycle [here](/docs/sdk/vnext/learn/beginner/tx-lifecycle)), particularly in that they do not require consensus to be processed (as they do not trigger state-transitions); they can be fully handled by one full-node. + +For the purpose of explaining the query lifecycle, let's say the query, `MyQuery`, is requesting a list of delegations made by a certain delegator address in the application called `simapp`. As is to be expected, the [`staking`](/docs/sdk/vnext/../../x/staking/README) module handles this query. But first, there are a few ways `MyQuery` can be created by users. + +### CLI + +The main interface for an application is the command-line interface. Users connect to a full-node and run the CLI directly from their machines - the CLI interacts directly with the full-node. To create `MyQuery` from their terminal, users type the following command: + +```bash +simd query staking delegations +``` + +This query command was defined by the [`staking`](/docs/sdk/vnext/../../x/staking/README) module developer and added to the list of subcommands by the application developer when creating the CLI. + +Note that the general format is as follows: + +```bash +simd query [moduleName] [command] --flag +``` + +To provide values such as `--node` (the full-node the CLI connects to), the user can use the [`app.toml`](/docs/sdk/vnext/user/run-node/run-node#configuring-the-node-using-apptoml-and-configtoml) config file to set them or provide them as flags. + +The CLI understands a specific set of commands, defined in a hierarchical structure by the application developer: from the [root command](/docs/sdk/vnext/learn/advanced/cli#root-command) (`simd`), the type of command (`Myquery`), the module that contains the command (`staking`), and command itself (`delegations`). Thus, the CLI knows exactly which module handles this command and directly passes the call there. + +### gRPC + +Another interface through which users can make queries is [gRPC](https://grpc.io) requests to a [gRPC server](/docs/sdk/vnext/learn/advanced/grpc_rest#grpc-server). The endpoints are defined as [Protocol Buffers](https://developers.google.com/protocol-buffers) service methods inside `.proto` files, written in Protobuf's own language-agnostic interface definition language (IDL). The Protobuf ecosystem developed tools for code-generation from `*.proto` files into various languages. These tools allow to build gRPC clients easily. + +One such tool is [grpcurl](https://github.com/fullstorydev/grpcurl), and a gRPC request for `MyQuery` using this client looks like: + +```bash +grpcurl \ + -plaintext # We want results in plain text + -import-path ./proto \ # Import these .proto files + -proto ./proto/cosmos/staking/v1beta1/query.proto \ # Look into this .proto file for the Query protobuf service + -d '{"address":"$MY_DELEGATOR"}' \ # Query arguments + localhost:9090 \ # gRPC server endpoint + cosmos.staking.v1beta1.Query/Delegations # Fully-qualified service method name +``` + +### REST + +Another interface through which users can make queries is through HTTP Requests to a [REST server](/docs/sdk/vnext/learn/advanced/grpc_rest#rest-server). The REST server is fully auto-generated from Protobuf services, using [gRPC-gateway](https://github.com/grpc-ecosystem/grpc-gateway). + +An example HTTP request for `MyQuery` looks like: + +```bash +GET http://localhost:1317/cosmos/staking/v1beta1/delegators/{delegatorAddr}/delegations +``` + +## How Queries are Handled by the CLI + +The preceding examples show how an external user can interact with a node by querying its state. To understand in more detail the exact lifecycle of a query, let's dig into how the CLI prepares the query, and how the node handles it. The interactions from the users' perspective are a bit different, but the underlying functions are almost identical because they are implementations of the same command defined by the module developer. This step of processing happens within the CLI, gRPC, or REST server, and heavily involves a `client.Context`. + +### Context + +The first thing that is created in the execution of a CLI command is a `client.Context`. A `client.Context` is an object that stores all the data needed to process a request on the user side. In particular, a `client.Context` stores the following: + +* **Codec**: The [encoder/decoder](/docs/sdk/vnext/learn/advanced/encoding) used by the application, used to marshal the parameters and query before making the CometBFT RPC request and unmarshal the returned response into a JSON object. The default codec used by the CLI is Protobuf. +* **Account Decoder**: The account decoder from the [`auth`](/docs/sdk/vnext/../../x/auth/README) module, which translates `[]byte`s into accounts. +* **RPC Client**: The CometBFT RPC Client, or node, to which requests are relayed. +* **Keyring**: A [Key Manager](/docs/sdk/vnext/learn/beginner/accounts#keyring) used to sign transactions and handle other operations with keys. +* **Output Writer**: A [Writer](https://pkg.go.dev/io/#Writer) used to output the response. +* **Configurations**: The flags configured by the user for this command, including `--height`, specifying the height of the blockchain to query, and `--indent`, which indicates to add an indent to the JSON response. + +The `client.Context` also contains various functions such as `Query()`, which retrieves the RPC Client and makes an ABCI call to relay a query to a full-node. + +```go expandable +package client + +import ( + + "bufio" + "context" + "encoding/json" + "fmt" + "io" + "os" + "path" + "strings" + "github.com/cosmos/gogoproto/proto" + "github.com/spf13/viper" + "google.golang.org/grpc" + "sigs.k8s.io/yaml" + "github.com/cosmos/cosmos-sdk/codec" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + "github.com/cosmos/cosmos-sdk/crypto/keyring" + sdk "github.com/cosmos/cosmos-sdk/types" +) + +// PreprocessTxFn defines a hook by which chains can preprocess transactions before broadcasting +type PreprocessTxFn func(chainID string, key keyring.KeyType, tx TxBuilder) + +error + +// Context implements a typical context created in SDK modules for transaction +// handling and queries. +type Context struct { + FromAddress sdk.AccAddress + Client CometRPC + GRPCClient *grpc.ClientConn + ChainID string + Codec codec.Codec + InterfaceRegistry codectypes.InterfaceRegistry + Input io.Reader + Keyring keyring.Keyring + KeyringOptions []keyring.Option + KeyringDir string + KeyringDefaultKeyName string + Output io.Writer + OutputFormat string + Height int64 + HomeDir string + From string + BroadcastMode string + FromName string + SignModeStr string + UseLedger bool + Simulate bool + GenerateOnly bool + Offline bool + SkipConfirm bool + TxConfig TxConfig + AccountRetriever AccountRetriever + NodeURI string + FeePayer sdk.AccAddress + FeeGranter sdk.AccAddress + Viper *viper.Viper + LedgerHasProtobuf bool + PreprocessTxHook PreprocessTxFn + + // IsAux is true when the signer is an auxiliary signer (e.g. the tipper). + IsAux bool + + // TODO: Deprecated (remove). + LegacyAmino *codec.LegacyAmino + + // CmdContext is the context.Context from the Cobra command. + CmdContext context.Context +} + +// WithCmdContext returns a copy of the context with an updated context.Context, +// usually set to the cobra cmd context. +func (ctx Context) + +WithCmdContext(c context.Context) + +Context { + ctx.CmdContext = c + return ctx +} + +// WithKeyring returns a copy of the context with an updated keyring. +func (ctx Context) + +WithKeyring(k keyring.Keyring) + +Context { + ctx.Keyring = k + return ctx +} + +// WithKeyringOptions returns a copy of the context with an updated keyring. +func (ctx Context) + +WithKeyringOptions(opts ...keyring.Option) + +Context { + ctx.KeyringOptions = opts + return ctx +} + +// WithInput returns a copy of the context with an updated input. +func (ctx Context) + +WithInput(r io.Reader) + +Context { + // convert to a bufio.Reader to have a shared buffer between the keyring and the + // the Commands, ensuring a read from one advance the read pointer for the other. + // see https://github.com/cosmos/cosmos-sdk/issues/9566. + ctx.Input = bufio.NewReader(r) + +return ctx +} + +// WithCodec returns a copy of the Context with an updated Codec. +func (ctx Context) + +WithCodec(m codec.Codec) + +Context { + ctx.Codec = m + return ctx +} + +// WithLegacyAmino returns a copy of the context with an updated LegacyAmino codec. +// TODO: Deprecated (remove). +func (ctx Context) + +WithLegacyAmino(cdc *codec.LegacyAmino) + +Context { + ctx.LegacyAmino = cdc + return ctx +} + +// WithOutput returns a copy of the context with an updated output writer (e.g. stdout). +func (ctx Context) + +WithOutput(w io.Writer) + +Context { + ctx.Output = w + return ctx +} + +// WithFrom returns a copy of the context with an updated from address or name. +func (ctx Context) + +WithFrom(from string) + +Context { + ctx.From = from + return ctx +} + +// WithOutputFormat returns a copy of the context with an updated OutputFormat field. +func (ctx Context) + +WithOutputFormat(format string) + +Context { + ctx.OutputFormat = format + return ctx +} + +// WithNodeURI returns a copy of the context with an updated node URI. +func (ctx Context) + +WithNodeURI(nodeURI string) + +Context { + ctx.NodeURI = nodeURI + return ctx +} + +// WithHeight returns a copy of the context with an updated height. +func (ctx Context) + +WithHeight(height int64) + +Context { + ctx.Height = height + return ctx +} + +// WithClient returns a copy of the context with an updated RPC client +// instance. +func (ctx Context) + +WithClient(client CometRPC) + +Context { + ctx.Client = client + return ctx +} + +// WithGRPCClient returns a copy of the context with an updated GRPC client +// instance. +func (ctx Context) + +WithGRPCClient(grpcClient *grpc.ClientConn) + +Context { + ctx.GRPCClient = grpcClient + return ctx +} + +// WithUseLedger returns a copy of the context with an updated UseLedger flag. +func (ctx Context) + +WithUseLedger(useLedger bool) + +Context { + ctx.UseLedger = useLedger + return ctx +} + +// WithChainID returns a copy of the context with an updated chain ID. +func (ctx Context) + +WithChainID(chainID string) + +Context { + ctx.ChainID = chainID + return ctx +} + +// WithHomeDir returns a copy of the Context with HomeDir set. +func (ctx Context) + +WithHomeDir(dir string) + +Context { + if dir != "" { + ctx.HomeDir = dir +} + +return ctx +} + +// WithKeyringDir returns a copy of the Context with KeyringDir set. +func (ctx Context) + +WithKeyringDir(dir string) + +Context { + ctx.KeyringDir = dir + return ctx +} + +// WithKeyringDefaultKeyName returns a copy of the Context with KeyringDefaultKeyName set. +func (ctx Context) + +WithKeyringDefaultKeyName(keyName string) + +Context { + ctx.KeyringDefaultKeyName = keyName + return ctx +} + +// WithGenerateOnly returns a copy of the context with updated GenerateOnly value +func (ctx Context) + +WithGenerateOnly(generateOnly bool) + +Context { + ctx.GenerateOnly = generateOnly + return ctx +} + +// WithSimulation returns a copy of the context with updated Simulate value +func (ctx Context) + +WithSimulation(simulate bool) + +Context { + ctx.Simulate = simulate + return ctx +} + +// WithOffline returns a copy of the context with updated Offline value. +func (ctx Context) + +WithOffline(offline bool) + +Context { + ctx.Offline = offline + return ctx +} + +// WithFromName returns a copy of the context with an updated from account name. +func (ctx Context) + +WithFromName(name string) + +Context { + ctx.FromName = name + return ctx +} + +// WithFromAddress returns a copy of the context with an updated from account +// address. +func (ctx Context) + +WithFromAddress(addr sdk.AccAddress) + +Context { + ctx.FromAddress = addr + return ctx +} + +// WithFeePayerAddress returns a copy of the context with an updated fee payer account +// address. +func (ctx Context) + +WithFeePayerAddress(addr sdk.AccAddress) + +Context { + ctx.FeePayer = addr + return ctx +} + +// WithFeeGranterAddress returns a copy of the context with an updated fee granter account +// address. +func (ctx Context) + +WithFeeGranterAddress(addr sdk.AccAddress) + +Context { + ctx.FeeGranter = addr + return ctx +} + +// WithBroadcastMode returns a copy of the context with an updated broadcast +// mode. +func (ctx Context) + +WithBroadcastMode(mode string) + +Context { + ctx.BroadcastMode = mode + return ctx +} + +// WithSignModeStr returns a copy of the context with an updated SignMode +// value. +func (ctx Context) + +WithSignModeStr(signModeStr string) + +Context { + ctx.SignModeStr = signModeStr + return ctx +} + +// WithSkipConfirmation returns a copy of the context with an updated SkipConfirm +// value. +func (ctx Context) + +WithSkipConfirmation(skip bool) + +Context { + ctx.SkipConfirm = skip + return ctx +} + +// WithTxConfig returns the context with an updated TxConfig +func (ctx Context) + +WithTxConfig(generator TxConfig) + +Context { + ctx.TxConfig = generator + return ctx +} + +// WithAccountRetriever returns the context with an updated AccountRetriever +func (ctx Context) + +WithAccountRetriever(retriever AccountRetriever) + +Context { + ctx.AccountRetriever = retriever + return ctx +} + +// WithInterfaceRegistry returns the context with an updated InterfaceRegistry +func (ctx Context) + +WithInterfaceRegistry(interfaceRegistry codectypes.InterfaceRegistry) + +Context { + ctx.InterfaceRegistry = interfaceRegistry + return ctx +} + +// WithViper returns the context with Viper field. This Viper instance is used to read +// client-side config from the config file. +func (ctx Context) + +WithViper(prefix string) + +Context { + v := viper.New() + if prefix == "" { + executableName, _ := os.Executable() + +prefix = path.Base(executableName) +} + +v.SetEnvPrefix(prefix) + +v.SetEnvKeyReplacer(strings.NewReplacer(".", "_", "-", "_")) + +v.AutomaticEnv() + +ctx.Viper = v + return ctx +} + +// WithAux returns a copy of the context with an updated IsAux value. +func (ctx Context) + +WithAux(isAux bool) + +Context { + ctx.IsAux = isAux + return ctx +} + +// WithLedgerHasProto returns the context with the provided boolean value, indicating +// whether the target Ledger application can support Protobuf payloads. +func (ctx Context) + +WithLedgerHasProtobuf(val bool) + +Context { + ctx.LedgerHasProtobuf = val + return ctx +} + +// WithPreprocessTxHook returns the context with the provided preprocessing hook, which +// enables chains to preprocess the transaction using the builder. +func (ctx Context) + +WithPreprocessTxHook(preprocessFn PreprocessTxFn) + +Context { + ctx.PreprocessTxHook = preprocessFn + return ctx +} + +// PrintString prints the raw string to ctx.Output if it's defined, otherwise to os.Stdout +func (ctx Context) + +PrintString(str string) + +error { + return ctx.PrintBytes([]byte(str)) +} + +// PrintBytes prints the raw bytes to ctx.Output if it's defined, otherwise to os.Stdout. +// NOTE: for printing a complex state object, you should use ctx.PrintOutput +func (ctx Context) + +PrintBytes(o []byte) + +error { + writer := ctx.Output + if writer == nil { + writer = os.Stdout +} + + _, err := writer.Write(o) + +return err +} + +// PrintProto outputs toPrint to the ctx.Output based on ctx.OutputFormat which is +// either text or json. If text, toPrint will be YAML encoded. Otherwise, toPrint +// will be JSON encoded using ctx.Codec. An error is returned upon failure. +func (ctx Context) + +PrintProto(toPrint proto.Message) + +error { + // always serialize JSON initially because proto json can't be directly YAML encoded + out, err := ctx.Codec.MarshalJSON(toPrint) + if err != nil { + return err +} + +return ctx.printOutput(out) +} + +// PrintObjectLegacy is a variant of PrintProto that doesn't require a proto.Message type +// and uses amino JSON encoding. +// Deprecated: It will be removed in the near future! +func (ctx Context) + +PrintObjectLegacy(toPrint any) + +error { + out, err := ctx.LegacyAmino.MarshalJSON(toPrint) + if err != nil { + return err +} + +return ctx.printOutput(out) +} + +// PrintRaw is a variant of PrintProto that doesn't require a proto.Message type +// and uses a raw JSON message. No marshaling is performed. +func (ctx Context) + +PrintRaw(toPrint json.RawMessage) + +error { + return ctx.printOutput(toPrint) +} + +func (ctx Context) + +printOutput(out []byte) + +error { + var err error + if ctx.OutputFormat == "text" { + out, err = yaml.JSONToYAML(out) + if err != nil { + return err +} + +} + writer := ctx.Output + if writer == nil { + writer = os.Stdout +} + + _, err = writer.Write(out) + if err != nil { + return err +} + if ctx.OutputFormat != "text" { + // append new-line for formats besides YAML + _, err = writer.Write([]byte("\n")) + if err != nil { + return err +} + +} + +return nil +} + +// GetFromFields returns a from account address, account name and keyring type, given either an address or key name. +// If clientCtx.Simulate is true the keystore is not accessed and a valid address must be provided +// If clientCtx.GenerateOnly is true the keystore is only accessed if a key name is provided +// If from is empty, the default key if specified in the context will be used +func GetFromFields(clientCtx Context, kr keyring.Keyring, from string) (sdk.AccAddress, string, keyring.KeyType, error) { + if from == "" && clientCtx.KeyringDefaultKeyName != "" { + from = clientCtx.KeyringDefaultKeyName + _ = clientCtx.PrintString(fmt.Sprintf("No key name or address provided; using the default key: %s\n", clientCtx.KeyringDefaultKeyName)) +} + if from == "" { + return nil, "", 0, nil +} + +addr, err := sdk.AccAddressFromBech32(from) + switch { + case clientCtx.Simulate: + if err != nil { + return nil, "", 0, fmt.Errorf("a valid bech32 address must be provided in simulation mode: %w", err) +} + +return addr, "", 0, nil + case clientCtx.GenerateOnly: + if err == nil { + return addr, "", 0, nil +} + +} + +var k *keyring.Record + if err == nil { + k, err = kr.KeyByAddress(addr) + if err != nil { + return nil, "", 0, err +} + +} + +else { + k, err = kr.Key(from) + if err != nil { + return nil, "", 0, err +} + +} + +addr, err = k.GetAddress() + if err != nil { + return nil, "", 0, err +} + +return addr, k.Name, k.GetType(), nil +} + +// NewKeyringFromBackend gets a Keyring object from a backend +func NewKeyringFromBackend(ctx Context, backend string) (keyring.Keyring, error) { + if ctx.Simulate { + backend = keyring.BackendMemory +} + +return keyring.New(sdk.KeyringServiceName(), backend, ctx.KeyringDir, ctx.Input, ctx.Codec, ctx.KeyringOptions...) +} +``` + +The `client.Context`'s primary role is to store data used during interactions with the end-user and provide methods to interact with this data - it is used before and after the query is processed by the full-node. Specifically, in handling `MyQuery`, the `client.Context` is utilized to encode the query parameters, retrieve the full-node, and write the output. Prior to being relayed to a full-node, the query needs to be encoded into a `[]byte` form, as full-nodes are application-agnostic and do not understand specific types. The full-node (RPC Client) itself is retrieved using the `client.Context`, which knows which node the user CLI is connected to. The query is relayed to this full-node to be processed. Finally, the `client.Context` contains a `Writer` to write output when the response is returned. These steps are further described in later sections. + +### Arguments and Route Creation + +At this point in the lifecycle, the user has created a CLI command with all of the data they wish to include in their query. A `client.Context` exists to assist in the rest of the `MyQuery`'s journey. Now, the next step is to parse the command or request, extract the arguments, and encode everything. These steps all happen on the user side within the interface they are interacting with. + +#### Encoding + +In our case (querying an address's delegations), `MyQuery` contains an [address](/docs/sdk/vnext/learn/beginner/accounts#addresses) `delegatorAddress` as its only argument. However, the request can only contain `[]byte`s, as it is ultimately relayed to a consensus engine (e.g. CometBFT) of a full-node that has no inherent knowledge of the application types. Thus, the `codec` of `client.Context` is used to marshal the address. + +Here is what the code looks like for the CLI command: + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/staking/client/cli/query.go#L315-L318 +``` + +#### gRPC Query Client Creation + +The Cosmos SDK leverages code generated from Protobuf services to make queries. The `staking` module's `MyQuery` service generates a `queryClient`, which the CLI uses to make queries. Here is the relevant code: + +```go +// Reference: https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/x/staking/client/cli/query.go#L308-L343 +``` + +Under the hood, the `client.Context` has a `Query()` function used to retrieve the pre-configured node and relay a query to it; the function takes the query fully-qualified service method name as path (in our case: `/cosmos.staking.v1beta1.Query/Delegations`), and arguments as parameters. It first retrieves the RPC Client (called the [**node**](/docs/sdk/vnext/learn/advanced/node)) configured by the user to relay this query to, and creates the `ABCIQueryOptions` (parameters formatted for the ABCI call). The node is then used to make the ABCI call, `ABCIQueryWithOptions()`. + +Here is what the code looks like: + +```go expandable +package client + +import ( + + "context" + "fmt" + "strings" + "github.com/cockroachdb/errors" + abci "github.com/cometbft/cometbft/abci/types" + rpcclient "github.com/cometbft/cometbft/rpc/client" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + "cosmossdk.io/store/rootmulti" + + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" +) + +// GetNode returns an RPC client. If the context's client is not defined, an +// error is returned. +func (ctx Context) + +GetNode() (CometRPC, error) { + if ctx.Client == nil { + return nil, errors.New("no RPC client is defined in offline mode") +} + +return ctx.Client, nil +} + +// Query performs a query to a CometBFT node with the provided path. +// It returns the result and height of the query upon success or an error if +// the query fails. +func (ctx Context) + +Query(path string) ([]byte, int64, error) { + return ctx.query(path, nil) +} + +// QueryWithData performs a query to a CometBFT node with the provided path +// and a data payload. It returns the result and height of the query upon success +// or an error if the query fails. +func (ctx Context) + +QueryWithData(path string, data []byte) ([]byte, int64, error) { + return ctx.query(path, data) +} + +// QueryStore performs a query to a CometBFT node with the provided key and +// store name. It returns the result and height of the query upon success +// or an error if the query fails. +func (ctx Context) + +QueryStore(key []byte, storeName string) ([]byte, int64, error) { + return ctx.queryStore(key, storeName, "key") +} + +// QueryABCI performs a query to a CometBFT node with the provide RequestQuery. +// It returns the ResultQuery obtained from the query. The height used to perform +// the query is the RequestQuery Height if it is non-zero, otherwise the context +// height is used. +func (ctx Context) + +QueryABCI(req abci.RequestQuery) (abci.ResponseQuery, error) { + return ctx.queryABCI(req) +} + +// GetFromAddress returns the from address from the context's name. +func (ctx Context) + +GetFromAddress() + +sdk.AccAddress { + return ctx.FromAddress +} + +// GetFeePayerAddress returns the fee granter address from the context +func (ctx Context) + +GetFeePayerAddress() + +sdk.AccAddress { + return ctx.FeePayer +} + +// GetFeeGranterAddress returns the fee granter address from the context +func (ctx Context) + +GetFeeGranterAddress() + +sdk.AccAddress { + return ctx.FeeGranter +} + +// GetFromName returns the key name for the current context. +func (ctx Context) + +GetFromName() + +string { + return ctx.FromName +} + +func (ctx Context) + +queryABCI(req abci.RequestQuery) (abci.ResponseQuery, error) { + node, err := ctx.GetNode() + if err != nil { + return abci.ResponseQuery{ +}, err +} + +var queryHeight int64 + if req.Height != 0 { + queryHeight = req.Height +} + +else { + // fallback on the context height + queryHeight = ctx.Height +} + opts := rpcclient.ABCIQueryOptions{ + Height: queryHeight, + Prove: req.Prove, +} + +result, err := node.ABCIQueryWithOptions(context.Background(), req.Path, req.Data, opts) + if err != nil { + return abci.ResponseQuery{ +}, err +} + if !result.Response.IsOK() { + return abci.ResponseQuery{ +}, sdkErrorToGRPCError(result.Response) +} + + // data from trusted node or subspace query doesn't need verification + if !opts.Prove || !isQueryStoreWithProof(req.Path) { + return result.Response, nil +} + +return result.Response, nil +} + +func sdkErrorToGRPCError(resp abci.ResponseQuery) + +error { + switch resp.Code { + case sdkerrors.ErrInvalidRequest.ABCICode(): + return status.Error(codes.InvalidArgument, resp.Log) + case sdkerrors.ErrUnauthorized.ABCICode(): + return status.Error(codes.Unauthenticated, resp.Log) + case sdkerrors.ErrKeyNotFound.ABCICode(): + return status.Error(codes.NotFound, resp.Log) + +default: + return status.Error(codes.Unknown, resp.Log) +} +} + +// query performs a query to a CometBFT node with the provided store name +// and path. It returns the result and height of the query upon success +// or an error if the query fails. +func (ctx Context) + +query(path string, key []byte) ([]byte, int64, error) { + resp, err := ctx.queryABCI(abci.RequestQuery{ + Path: path, + Data: key, + Height: ctx.Height, +}) + if err != nil { + return nil, 0, err +} + +return resp.Value, resp.Height, nil +} + +// queryStore performs a query to a CometBFT node with the provided a store +// name and path. It returns the result and height of the query upon success +// or an error if the query fails. +func (ctx Context) + +queryStore(key []byte, storeName, endPath string) ([]byte, int64, error) { + path := fmt.Sprintf("/store/%s/%s", storeName, endPath) + +return ctx.query(path, key) +} + +// isQueryStoreWithProof expects a format like /// +// queryType must be "store" and subpath must be "key" to require a proof. +func isQueryStoreWithProof(path string) + +bool { + if !strings.HasPrefix(path, "/") { + return false +} + paths := strings.SplitN(path[1:], "/", 3) + switch { + case len(paths) != 3: + return false + case paths[0] != "store": + return false + case rootmulti.RequireProof("/" + paths[2]): + return true +} + +return false +} +``` + +## RPC + +With a call to `ABCIQueryWithOptions()`, `MyQuery` is received by a [full-node](/docs/sdk/vnext/learn/advanced/encoding) which then processes the request. Note that, while the RPC is made to the consensus engine (e.g. CometBFT) of a full-node, queries are not part of consensus and so are not broadcasted to the rest of the network, as they do not require anything the network needs to agree upon. + +Read more about ABCI Clients and CometBFT RPC in the [CometBFT documentation](https://docs.cometbft.com/v0.37/spec/rpc/). + +## Application Query Handling + +When a query is received by the full-node after it has been relayed from the underlying consensus engine, it is at that point being handled within an environment that understands application-specific types and has a copy of the state. [`baseapp`](/docs/sdk/vnext/learn/advanced/baseapp) implements the ABCI [`Query()`](/docs/sdk/vnext/learn/advanced/baseapp#query) function and handles gRPC queries. The query route is parsed, and it matches the fully-qualified service method name of an existing service method (most likely in one of the modules), then `baseapp` relays the request to the relevant module. + +Since `MyQuery` has a Protobuf fully-qualified service method name from the `staking` module (recall `/cosmos.staking.v1beta1.Query/Delegations`), `baseapp` first parses the path, then uses its own internal `GRPCQueryRouter` to retrieve the corresponding gRPC handler, and routes the query to the module. The gRPC handler is responsible for recognizing this query, retrieving the appropriate values from the application's stores, and returning a response. Read more about query services [here](/docs/sdk/vnext/build/building-modules/query-services). + +Once a result is received from the querier, `baseapp` begins the process of returning a response to the user. + +## Response + +Since `Query()` is an ABCI function, `baseapp` returns the response as an [`abci.QueryResponse`](https://docs.cometbft.com/main/spec/abci/abci++_methods#query) type. The `client.Context` `Query()` routine receives the response and processes it. + +### CLI Response + +The application [`codec`](/docs/sdk/vnext/learn/advanced/encoding) is used to unmarshal the response to a JSON and the `client.Context` prints the output to the command line, applying any configurations such as the output type (text, JSON or YAML). + +```go expandable +package client + +import ( + + "bufio" + "context" + "encoding/json" + "fmt" + "io" + "os" + "path" + "strings" + "github.com/cosmos/gogoproto/proto" + "github.com/spf13/viper" + "google.golang.org/grpc" + "sigs.k8s.io/yaml" + "github.com/cosmos/cosmos-sdk/codec" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + "github.com/cosmos/cosmos-sdk/crypto/keyring" + sdk "github.com/cosmos/cosmos-sdk/types" +) + +// PreprocessTxFn defines a hook by which chains can preprocess transactions before broadcasting +type PreprocessTxFn func(chainID string, key keyring.KeyType, tx TxBuilder) + +error + +// Context implements a typical context created in SDK modules for transaction +// handling and queries. +type Context struct { + FromAddress sdk.AccAddress + Client CometRPC + GRPCClient *grpc.ClientConn + ChainID string + Codec codec.Codec + InterfaceRegistry codectypes.InterfaceRegistry + Input io.Reader + Keyring keyring.Keyring + KeyringOptions []keyring.Option + KeyringDir string + KeyringDefaultKeyName string + Output io.Writer + OutputFormat string + Height int64 + HomeDir string + From string + BroadcastMode string + FromName string + SignModeStr string + UseLedger bool + Simulate bool + GenerateOnly bool + Offline bool + SkipConfirm bool + TxConfig TxConfig + AccountRetriever AccountRetriever + NodeURI string + FeePayer sdk.AccAddress + FeeGranter sdk.AccAddress + Viper *viper.Viper + LedgerHasProtobuf bool + PreprocessTxHook PreprocessTxFn + + // IsAux is true when the signer is an auxiliary signer (e.g. the tipper). + IsAux bool + + // TODO: Deprecated (remove). + LegacyAmino *codec.LegacyAmino + + // CmdContext is the context.Context from the Cobra command. + CmdContext context.Context +} + +// WithCmdContext returns a copy of the context with an updated context.Context, +// usually set to the cobra cmd context. +func (ctx Context) + +WithCmdContext(c context.Context) + +Context { + ctx.CmdContext = c + return ctx +} + +// WithKeyring returns a copy of the context with an updated keyring. +func (ctx Context) + +WithKeyring(k keyring.Keyring) + +Context { + ctx.Keyring = k + return ctx +} + +// WithKeyringOptions returns a copy of the context with an updated keyring. +func (ctx Context) + +WithKeyringOptions(opts ...keyring.Option) + +Context { + ctx.KeyringOptions = opts + return ctx +} + +// WithInput returns a copy of the context with an updated input. +func (ctx Context) + +WithInput(r io.Reader) + +Context { + // convert to a bufio.Reader to have a shared buffer between the keyring and the + // the Commands, ensuring a read from one advance the read pointer for the other. + // see https://github.com/cosmos/cosmos-sdk/issues/9566. + ctx.Input = bufio.NewReader(r) + +return ctx +} + +// WithCodec returns a copy of the Context with an updated Codec. +func (ctx Context) + +WithCodec(m codec.Codec) + +Context { + ctx.Codec = m + return ctx +} + +// WithLegacyAmino returns a copy of the context with an updated LegacyAmino codec. +// TODO: Deprecated (remove). +func (ctx Context) + +WithLegacyAmino(cdc *codec.LegacyAmino) + +Context { + ctx.LegacyAmino = cdc + return ctx +} + +// WithOutput returns a copy of the context with an updated output writer (e.g. stdout). +func (ctx Context) + +WithOutput(w io.Writer) + +Context { + ctx.Output = w + return ctx +} + +// WithFrom returns a copy of the context with an updated from address or name. +func (ctx Context) + +WithFrom(from string) + +Context { + ctx.From = from + return ctx +} + +// WithOutputFormat returns a copy of the context with an updated OutputFormat field. +func (ctx Context) + +WithOutputFormat(format string) + +Context { + ctx.OutputFormat = format + return ctx +} + +// WithNodeURI returns a copy of the context with an updated node URI. +func (ctx Context) + +WithNodeURI(nodeURI string) + +Context { + ctx.NodeURI = nodeURI + return ctx +} + +// WithHeight returns a copy of the context with an updated height. +func (ctx Context) + +WithHeight(height int64) + +Context { + ctx.Height = height + return ctx +} + +// WithClient returns a copy of the context with an updated RPC client +// instance. +func (ctx Context) + +WithClient(client CometRPC) + +Context { + ctx.Client = client + return ctx +} + +// WithGRPCClient returns a copy of the context with an updated GRPC client +// instance. +func (ctx Context) + +WithGRPCClient(grpcClient *grpc.ClientConn) + +Context { + ctx.GRPCClient = grpcClient + return ctx +} + +// WithUseLedger returns a copy of the context with an updated UseLedger flag. +func (ctx Context) + +WithUseLedger(useLedger bool) + +Context { + ctx.UseLedger = useLedger + return ctx +} + +// WithChainID returns a copy of the context with an updated chain ID. +func (ctx Context) + +WithChainID(chainID string) + +Context { + ctx.ChainID = chainID + return ctx +} + +// WithHomeDir returns a copy of the Context with HomeDir set. +func (ctx Context) + +WithHomeDir(dir string) + +Context { + if dir != "" { + ctx.HomeDir = dir +} + +return ctx +} + +// WithKeyringDir returns a copy of the Context with KeyringDir set. +func (ctx Context) + +WithKeyringDir(dir string) + +Context { + ctx.KeyringDir = dir + return ctx +} + +// WithKeyringDefaultKeyName returns a copy of the Context with KeyringDefaultKeyName set. +func (ctx Context) + +WithKeyringDefaultKeyName(keyName string) + +Context { + ctx.KeyringDefaultKeyName = keyName + return ctx +} + +// WithGenerateOnly returns a copy of the context with updated GenerateOnly value +func (ctx Context) + +WithGenerateOnly(generateOnly bool) + +Context { + ctx.GenerateOnly = generateOnly + return ctx +} + +// WithSimulation returns a copy of the context with updated Simulate value +func (ctx Context) + +WithSimulation(simulate bool) + +Context { + ctx.Simulate = simulate + return ctx +} + +// WithOffline returns a copy of the context with updated Offline value. +func (ctx Context) + +WithOffline(offline bool) + +Context { + ctx.Offline = offline + return ctx +} + +// WithFromName returns a copy of the context with an updated from account name. +func (ctx Context) + +WithFromName(name string) + +Context { + ctx.FromName = name + return ctx +} + +// WithFromAddress returns a copy of the context with an updated from account +// address. +func (ctx Context) + +WithFromAddress(addr sdk.AccAddress) + +Context { + ctx.FromAddress = addr + return ctx +} + +// WithFeePayerAddress returns a copy of the context with an updated fee payer account +// address. +func (ctx Context) + +WithFeePayerAddress(addr sdk.AccAddress) + +Context { + ctx.FeePayer = addr + return ctx +} + +// WithFeeGranterAddress returns a copy of the context with an updated fee granter account +// address. +func (ctx Context) + +WithFeeGranterAddress(addr sdk.AccAddress) + +Context { + ctx.FeeGranter = addr + return ctx +} + +// WithBroadcastMode returns a copy of the context with an updated broadcast +// mode. +func (ctx Context) + +WithBroadcastMode(mode string) + +Context { + ctx.BroadcastMode = mode + return ctx +} + +// WithSignModeStr returns a copy of the context with an updated SignMode +// value. +func (ctx Context) + +WithSignModeStr(signModeStr string) + +Context { + ctx.SignModeStr = signModeStr + return ctx +} + +// WithSkipConfirmation returns a copy of the context with an updated SkipConfirm +// value. +func (ctx Context) + +WithSkipConfirmation(skip bool) + +Context { + ctx.SkipConfirm = skip + return ctx +} + +// WithTxConfig returns the context with an updated TxConfig +func (ctx Context) + +WithTxConfig(generator TxConfig) + +Context { + ctx.TxConfig = generator + return ctx +} + +// WithAccountRetriever returns the context with an updated AccountRetriever +func (ctx Context) + +WithAccountRetriever(retriever AccountRetriever) + +Context { + ctx.AccountRetriever = retriever + return ctx +} + +// WithInterfaceRegistry returns the context with an updated InterfaceRegistry +func (ctx Context) + +WithInterfaceRegistry(interfaceRegistry codectypes.InterfaceRegistry) + +Context { + ctx.InterfaceRegistry = interfaceRegistry + return ctx +} + +// WithViper returns the context with Viper field. This Viper instance is used to read +// client-side config from the config file. +func (ctx Context) + +WithViper(prefix string) + +Context { + v := viper.New() + if prefix == "" { + executableName, _ := os.Executable() + +prefix = path.Base(executableName) +} + +v.SetEnvPrefix(prefix) + +v.SetEnvKeyReplacer(strings.NewReplacer(".", "_", "-", "_")) + +v.AutomaticEnv() + +ctx.Viper = v + return ctx +} + +// WithAux returns a copy of the context with an updated IsAux value. +func (ctx Context) + +WithAux(isAux bool) + +Context { + ctx.IsAux = isAux + return ctx +} + +// WithLedgerHasProto returns the context with the provided boolean value, indicating +// whether the target Ledger application can support Protobuf payloads. +func (ctx Context) + +WithLedgerHasProtobuf(val bool) + +Context { + ctx.LedgerHasProtobuf = val + return ctx +} + +// WithPreprocessTxHook returns the context with the provided preprocessing hook, which +// enables chains to preprocess the transaction using the builder. +func (ctx Context) + +WithPreprocessTxHook(preprocessFn PreprocessTxFn) + +Context { + ctx.PreprocessTxHook = preprocessFn + return ctx +} + +// PrintString prints the raw string to ctx.Output if it's defined, otherwise to os.Stdout +func (ctx Context) + +PrintString(str string) + +error { + return ctx.PrintBytes([]byte(str)) +} + +// PrintBytes prints the raw bytes to ctx.Output if it's defined, otherwise to os.Stdout. +// NOTE: for printing a complex state object, you should use ctx.PrintOutput +func (ctx Context) + +PrintBytes(o []byte) + +error { + writer := ctx.Output + if writer == nil { + writer = os.Stdout +} + + _, err := writer.Write(o) + +return err +} + +// PrintProto outputs toPrint to the ctx.Output based on ctx.OutputFormat which is +// either text or json. If text, toPrint will be YAML encoded. Otherwise, toPrint +// will be JSON encoded using ctx.Codec. An error is returned upon failure. +func (ctx Context) + +PrintProto(toPrint proto.Message) + +error { + // always serialize JSON initially because proto json can't be directly YAML encoded + out, err := ctx.Codec.MarshalJSON(toPrint) + if err != nil { + return err +} + +return ctx.printOutput(out) +} + +// PrintObjectLegacy is a variant of PrintProto that doesn't require a proto.Message type +// and uses amino JSON encoding. +// Deprecated: It will be removed in the near future! +func (ctx Context) + +PrintObjectLegacy(toPrint any) + +error { + out, err := ctx.LegacyAmino.MarshalJSON(toPrint) + if err != nil { + return err +} + +return ctx.printOutput(out) +} + +// PrintRaw is a variant of PrintProto that doesn't require a proto.Message type +// and uses a raw JSON message. No marshaling is performed. +func (ctx Context) + +PrintRaw(toPrint json.RawMessage) + +error { + return ctx.printOutput(toPrint) +} + +func (ctx Context) + +printOutput(out []byte) + +error { + var err error + if ctx.OutputFormat == "text" { + out, err = yaml.JSONToYAML(out) + if err != nil { + return err +} + +} + writer := ctx.Output + if writer == nil { + writer = os.Stdout +} + + _, err = writer.Write(out) + if err != nil { + return err +} + if ctx.OutputFormat != "text" { + // append new-line for formats besides YAML + _, err = writer.Write([]byte("\n")) + if err != nil { + return err +} + +} + +return nil +} + +// GetFromFields returns a from account address, account name and keyring type, given either an address or key name. +// If clientCtx.Simulate is true the keystore is not accessed and a valid address must be provided +// If clientCtx.GenerateOnly is true the keystore is only accessed if a key name is provided +// If from is empty, the default key if specified in the context will be used +func GetFromFields(clientCtx Context, kr keyring.Keyring, from string) (sdk.AccAddress, string, keyring.KeyType, error) { + if from == "" && clientCtx.KeyringDefaultKeyName != "" { + from = clientCtx.KeyringDefaultKeyName + _ = clientCtx.PrintString(fmt.Sprintf("No key name or address provided; using the default key: %s\n", clientCtx.KeyringDefaultKeyName)) +} + if from == "" { + return nil, "", 0, nil +} + +addr, err := sdk.AccAddressFromBech32(from) + switch { + case clientCtx.Simulate: + if err != nil { + return nil, "", 0, fmt.Errorf("a valid bech32 address must be provided in simulation mode: %w", err) +} + +return addr, "", 0, nil + case clientCtx.GenerateOnly: + if err == nil { + return addr, "", 0, nil +} + +} + +var k *keyring.Record + if err == nil { + k, err = kr.KeyByAddress(addr) + if err != nil { + return nil, "", 0, err +} + +} + +else { + k, err = kr.Key(from) + if err != nil { + return nil, "", 0, err +} + +} + +addr, err = k.GetAddress() + if err != nil { + return nil, "", 0, err +} + +return addr, k.Name, k.GetType(), nil +} + +// NewKeyringFromBackend gets a Keyring object from a backend +func NewKeyringFromBackend(ctx Context, backend string) (keyring.Keyring, error) { + if ctx.Simulate { + backend = keyring.BackendMemory +} + +return keyring.New(sdk.KeyringServiceName(), backend, ctx.KeyringDir, ctx.Input, ctx.Codec, ctx.KeyringOptions...) +} +``` + +And that's a wrap! The result of the query is outputted to the console by the CLI. diff --git a/docs/sdk/next/learn/beginner/tx-lifecycle.mdx b/docs/sdk/next/learn/beginner/tx-lifecycle.mdx new file mode 100644 index 00000000..dab34cd2 --- /dev/null +++ b/docs/sdk/next/learn/beginner/tx-lifecycle.mdx @@ -0,0 +1,283 @@ +--- +title: Transaction Lifecycle +--- + +**Synopsis** +This document describes the lifecycle of a transaction from creation to committed state changes. Transaction definition is described in a [different doc](/docs/sdk/vnext/learn/advanced/transactions). The transaction is referred to as `Tx`. + + + +**Pre-requisite Readings** + +* [Anatomy of a Cosmos SDK Application](/docs/sdk/vnext/learn/beginner/app-anatomy) + + +## Creation + +### Transaction Creation + +One of the main application interfaces is the command-line interface. The transaction `Tx` can be created by the user inputting a command in the following format from the [command-line](/docs/sdk/vnext/learn/advanced/cli), providing the type of transaction in `[command]`, arguments in `[args]`, and configurations such as gas prices in `[flags]`: + +```bash +[appname] tx [command] [args] [flags] +``` + +This command automatically **creates** the transaction, **signs** it using the account's private key, and **broadcasts** it to the specified peer node. + +There are several required and optional flags for transaction creation. The `--from` flag specifies which [account](/docs/sdk/vnext/learn/beginner/accounts) the transaction is originating from. For example, if the transaction is sending coins, the funds are drawn from the specified `from` address. + +#### Gas and Fees + +Additionally, there are several [flags](/docs/sdk/vnext/learn/advanced/cli) users can use to indicate how much they are willing to pay in [fees](/docs/sdk/vnext/learn/beginner/gas-fees): + +* `--gas` refers to how much [gas](/docs/sdk/vnext/learn/beginner/gas-fees), which represents computational resources, `Tx` consumes. Gas is dependent on the transaction and is not precisely calculated until execution, but can be estimated by providing `auto` as the value for `--gas`. +* `--gas-adjustment` (optional) can be used to scale `gas` up in order to avoid underestimating. For example, users can specify their gas adjustment as 1.5 to use 1.5 times the estimated gas. +* `--gas-prices` specifies how much the user is willing to pay per unit of gas, which can be one or multiple denominations of tokens. For example, `--gas-prices=0.025uatom, 0.025upho` means the user is willing to pay 0.025uatom AND 0.025upho per unit of gas. +* `--fees` specifies how much in fees the user is willing to pay in total. +* `--timeout-height` specifies a block timeout height to prevent the tx from being committed past a certain height. + +The ultimate value of the fees paid is equal to the gas multiplied by the gas prices. In other words, `fees = ceil(gas * gasPrices)`. Thus, since fees can be calculated using gas prices and vice versa, the users specify only one of the two. + +Later, validators decide whether to include the transaction in their block by comparing the given or calculated `gas-prices` to their local `min-gas-prices`. `Tx` is rejected if its `gas-prices` is not high enough, so users are incentivized to pay more. + +#### Unordered Transactions + +With Cosmos SDK v0.53.0, users may send unordered transactions to chains that have this feature enabled. +The following flags allow a user to build an unordered transaction from the CLI. + +* `--unordered` specifies that this transaction should be unordered. (transaction sequence must be unset) +* `--timeout-duration` specifies the amount of time the unordered transaction should be valid in the mempool. The transaction's unordered nonce will be set to the time of transaction creation + timeout duration. + + + +Unordered transactions MUST leave sequence values unset. When a transaction is both unordered and contains a non-zero sequence value, +the transaction will be rejected. External services that operate on prior assumptions about transaction sequence values should be updated to handle unordered transactions. +Services should be aware that when the transaction is unordered, the transaction sequence will always be zero. + + + +#### CLI Example + +Users of the application `app` can enter the following command into their CLI to generate a transaction to send 1000uatom from a `senderAddress` to a `recipientAddress`. The command specifies how much gas they are willing to pay: an automatic estimate scaled up by 1.5 times, with a gas price of 0.025uatom per unit gas. + +```bash +appd tx send 1000uatom --from --gas auto --gas-adjustment 1.5 --gas-prices 0.025uatom +``` + +#### Other Transaction Creation Methods + +The command-line is an easy way to interact with an application, but `Tx` can also be created using a [gRPC or REST interface](/docs/sdk/vnext/learn/advanced/grpc_rest) or some other entry point defined by the application developer. From the user's perspective, the interaction depends on the web interface or wallet they are using (e.g. creating `Tx` using [Lunie.io](https://lunie.io/#/) and signing it with a Ledger Nano S). + +## Addition to Mempool + +Each full-node (running CometBFT) that receives a `Tx` sends an [ABCI message](https://docs.cometbft.com/v0.37/spec/p2p/legacy-docs/messages/), +`CheckTx`, to the application layer to check for validity, and receives an `abci.CheckTxResponse`. If the `Tx` passes the checks, it is held in the node's +[**Mempool**](https://docs.cometbft.com/v0.37/spec/p2p/legacy-docs/messages/mempool), an in-memory pool of transactions unique to each node, pending inclusion in a block - honest nodes discard a `Tx` if it is found to be invalid. Prior to consensus, nodes continuously check incoming transactions and gossip them to their peers. + +### Types of Checks + +The full-nodes perform stateless, then stateful checks on `Tx` during `CheckTx`, with the goal to +identify and reject an invalid transaction as early on as possible to avoid wasted computation. + +***Stateless*** checks do not require nodes to access state - light clients or offline nodes can do +them - and are thus less computationally expensive. Stateless checks include making sure addresses +are not empty, enforcing nonnegative numbers, and other logic specified in the definitions. + +***Stateful*** checks validate transactions and messages based on a committed state. Examples +include checking that the relevant values exist and can be transacted with, the address +has sufficient funds, and the sender is authorized or has the correct ownership to transact. +At any given moment, full-nodes typically have [multiple versions](/docs/sdk/vnext/learn/advanced/baseapp#state-updates) +of the application's internal state for different purposes. For example, nodes execute state +changes while in the process of verifying transactions, but still need a copy of the last committed +state in order to answer queries - they should not respond using state with uncommitted changes. + +In order to verify a `Tx`, full-nodes call `CheckTx`, which includes both *stateless* and *stateful* +checks. Further validation happens later in the [`DeliverTx`](#delivertx) stage. `CheckTx` goes +through several steps, beginning with decoding `Tx`. + +### Decoding + +When `Tx` is received by the application from the underlying consensus engine (e.g. CometBFT), it is still in its [encoded](/docs/sdk/vnext/learn/advanced/encoding) `[]byte` form and needs to be unmarshaled in order to be processed. Then, the [`runTx`](/docs/sdk/vnext/learn/advanced/baseapp#runtx-antehandler-runmsgs-posthandler) function is called to run in `runTxModeCheck` mode, meaning the function runs all checks but exits before executing messages and writing state changes. + +### ValidateBasic (deprecated) + +Messages ([`sdk.Msg`](/docs/sdk/vnext/learn/advanced/transactions#messages)) are extracted from transactions (`Tx`). The `ValidateBasic` method of the `sdk.Msg` interface implemented by the module developer is run for each transaction. +To discard obviously invalid messages, the `BaseApp` type calls the `ValidateBasic` method very early in the processing of the message in the [`CheckTx`](/docs/sdk/vnext/learn/advanced/baseapp#checktx) and [`DeliverTx`](/docs/sdk/vnext/learn/advanced/baseapp#delivertx) transactions. +`ValidateBasic` can include only **stateless** checks (the checks that do not require access to the state). + + +The `ValidateBasic` method on messages has been deprecated in favor of validating messages directly in their respective [`Msg` services](/docs/sdk/vnext/build/building-modules/msg-services#Validation). + +Read [RFC 001](https://docs.cosmos.network/main/rfc/rfc-001-tx-validation) for more details. + + + +`BaseApp` still calls `ValidateBasic` on messages that implement that method for backwards compatibility. + + +#### Guideline + +`ValidateBasic` should not be used anymore. Message validation should be performed in the `Msg` service when [handling a message](/docs/sdk/vnext/build/building-modules/msg-services#Validation) in a module Msg Server. + +### AnteHandler + +`AnteHandler`s even though optional, are in practice very often used to perform signature verification, gas calculation, fee deduction, and other core operations related to blockchain transactions. + +A copy of the cached context is provided to the `AnteHandler`, which performs limited checks specified for the transaction type. Using a copy allows the `AnteHandler` to do stateful checks for `Tx` without modifying the last committed state, and revert back to the original if the execution fails. + +For example, the [`auth`](https://github.com/cosmos/cosmos-sdk/blob/main/x/auth/README.md) module `AnteHandler` checks and increments sequence numbers, checks signatures and account numbers, and deducts fees from the first signer of the transaction - all state changes are made using the `checkState`. + + +Ante handlers only run on a transaction. If a transaction embeds multiple messages (like some x/authz, x/gov transactions for instance), the ante handlers only have awareness of the outer message. Inner messages are mostly directly routed to the [message router](https://docs.cosmos.network/main/learn/advanced/baseapp#msg-service-router) and will skip the chain of ante handlers. Keep that in mind when designing your own ante handler. + + +### Gas + +The [`Context`](/docs/sdk/vnext/learn/advanced/context), which keeps a `GasMeter` that tracks how much gas is used during the execution of `Tx`, is initialized. The user-provided amount of gas for `Tx` is known as `GasWanted`. If `GasConsumed`, the amount of gas consumed during execution, ever exceeds `GasWanted`, the execution stops and the changes made to the cached copy of the state are not committed. Otherwise, `CheckTx` sets `GasUsed` equal to `GasConsumed` and returns it in the result. After calculating the gas and fee values, validator-nodes check that the user-specified `gas-prices` is greater than their locally defined `min-gas-prices`. + +### Discard or Addition to Mempool + +If at any point during `CheckTx` the `Tx` fails, it is discarded and the transaction lifecycle ends +there. Otherwise, if it passes `CheckTx` successfully, the default protocol is to relay it to peer +nodes and add it to the Mempool so that the `Tx` becomes a candidate to be included in the next block. + +The **mempool** serves the purpose of keeping track of transactions seen by all full-nodes. +Full-nodes keep a **mempool cache** of the last `mempool.cache_size` transactions they have seen, as a first line of +defense to prevent replay attacks. Ideally, `mempool.cache_size` is large enough to encompass all +of the transactions in the full mempool. If the mempool cache is too small to keep track of all +the transactions, `CheckTx` is responsible for identifying and rejecting replayed transactions. + +Currently existing preventative measures include fees and a `sequence` (nonce) counter to distinguish +replayed transactions from identical but valid ones. If an attacker tries to spam nodes with many +copies of a `Tx`, full-nodes keeping a mempool cache reject all identical copies instead of running +`CheckTx` on them. Even if the copies have incremented `sequence` numbers, attackers are +disincentivized by the need to pay fees. + +Validator nodes keep a mempool to prevent replay attacks, just as full-nodes do, but also use it as +a pool of unconfirmed transactions in preparation of block inclusion. Note that even if a `Tx` +passes all checks at this stage, it is still possible to be found invalid later on, because +`CheckTx` does not fully validate the transaction (that is, it does not actually execute the messages). + +## Inclusion in a Block + +Consensus, the process through which validator nodes come to agreement on which transactions to +accept, happens in **rounds**. Each round begins with a proposer creating a block of the most +recent transactions and ends with **validators**, special full-nodes with voting power responsible +for consensus, agreeing to accept the block or go with a `nil` block instead. Validator nodes +execute the consensus algorithm, such as [CometBFT](https://docs.cometbft.com/v0.37/spec/consensus/), +confirming the transactions using ABCI requests to the application, in order to come to this agreement. + +The first step of consensus is the **block proposal**. One proposer amongst the validators is chosen +by the consensus algorithm to create and propose a block - in order for a `Tx` to be included, it +must be in this proposer's mempool. + +## State Changes + +The next step of consensus is to execute the transactions to fully validate them. All full-nodes +that receive a block proposal from the correct proposer execute the transactions by calling the ABCI function `FinalizeBlock`. +As mentioned throughout the documentation `BeginBlock`, `ExecuteTx` and `EndBlock` are called within FinalizeBlock. +Although every full-node operates individually and locally, the outcome is always consistent and unequivocal. This is because the state changes brought about by the messages are predictable, and the transactions are specifically sequenced in the proposed block. + +```text expandable + -------------------------- + | Receive Block Proposal | + -------------------------- + | + v + ------------------------- + | FinalizeBlock | + ------------------------- + | + v + ------------------- + | BeginBlock | + ------------------- + | + v + -------------------- + | ExecuteTx(tx0) | + | ExecuteTx(tx1) | + | ExecuteTx(tx2) | + | ExecuteTx(tx3) | + | . | + | . | + | . | + ------------------- + | + v + -------------------- + | EndBlock | + -------------------- + | + v + ------------------------- + | Consensus | + ------------------------- + | + v + ------------------------- + | Commit | + ------------------------- +``` + +### Transaction Execution + +The `FinalizeBlock` ABCI function defined in [`BaseApp`](/docs/sdk/vnext/learn/advanced/baseapp) does the bulk of the +state transitions: it is run for each transaction in the block in sequential order as committed +to during consensus. Under the hood, transaction execution is almost identical to `CheckTx` but calls the +[`runTx`](/docs/sdk/vnext/learn/advanced/baseapp#runtx) function in deliver mode instead of check mode. +Instead of using their `checkState`, full-nodes use `finalizeblock`: + +* **Decoding:** Since `FinalizeBlock` is an ABCI call, `Tx` is received in the encoded `[]byte` form. + Nodes first unmarshal the transaction, using the [`TxConfig`](/docs/sdk/vnext/learn/beginner/app-anatomy#register-codec) defined in the app, then call `runTx` in `execModeFinalize`, which is very similar to `CheckTx` but also executes and writes state changes. + +* **Checks and `AnteHandler`:** Full-nodes call `validateBasicMsgs` and `AnteHandler` again. This second check + happens because they may not have seen the same transactions during the addition to Mempool stage + and a malicious proposer may have included invalid ones. One difference here is that the + `AnteHandler` does not compare `gas-prices` to the node's `min-gas-prices` since that value is local + to each node - differing values across nodes yield nondeterministic results. + +* **`MsgServiceRouter`:** After `CheckTx` exits, `FinalizeBlock` continues to run + [`runMsgs`](/docs/sdk/vnext/learn/advanced/baseapp#runtx-antehandler-runmsgs-posthandler) to fully execute each `Msg` within the transaction. + Since the transaction may have messages from different modules, `BaseApp` needs to know which module + to find the appropriate handler. This is achieved using `BaseApp`'s `MsgServiceRouter` so that it can be processed by the module's Protobuf [`Msg` service](/docs/sdk/vnext/build/building-modules/msg-services). + For `LegacyMsg` routing, the `Route` function is called via the [module manager](/docs/sdk/vnext/build/building-modules/module-manager) to retrieve the route name and find the legacy [`Handler`](/docs/sdk/vnext/build/building-modules/msg-services#handler-type) within the module. + +* **`Msg` service:** Protobuf `Msg` service is responsible for executing each message in the `Tx` and causes state transitions to persist in `finalizeBlockState`. + +* **PostHandlers:** [`PostHandler`](/docs/sdk/vnext/learn/advanced/baseapp#posthandler)s run after the execution of the message. If they fail, the state change of `runMsgs`, as well of `PostHandlers`, are both reverted. + +* **Gas:** While a `Tx` is being delivered, a `GasMeter` is used to keep track of how much + gas is being used; if execution completes, `GasUsed` is set and returned in the + `abci.ExecTxResult`. If execution halts because `BlockGasMeter` or `GasMeter` has run out or something else goes + wrong, a deferred function at the end appropriately errors or panics. + +If there are any failed state changes resulting from a `Tx` being invalid or `GasMeter` running out, +the transaction processing terminates and any state changes are reverted. Invalid transactions in a +block proposal cause validator nodes to reject the block and vote for a `nil` block instead. + +### Commit + +The final step is for nodes to commit the block and state changes. Validator nodes +perform the previous step of executing state transitions in order to validate the transactions, +then sign the block to confirm it. Full nodes that are not validators do not +participate in consensus - i.e. they cannot vote - but listen for votes to understand whether or +not they should commit the state changes. + +When they receive enough validator votes (2/3+ *precommits* weighted by voting power), full nodes commit to a new block to be added to the blockchain and +finalize the state transitions in the application layer. A new state root is generated to serve as +a merkle proof for the state transitions. Applications use the [`Commit`](/docs/sdk/vnext/learn/advanced/baseapp#commit) +ABCI method inherited from [Baseapp](/docs/sdk/vnext/learn/advanced/baseapp); it syncs all the state transitions by +writing the `deliverState` into the application's internal state. As soon as the state changes are +committed, `checkState` starts afresh from the most recently committed state and `deliverState` +resets to `nil` in order to be consistent and reflect the changes. + +Note that not all blocks have the same number of transactions and it is possible for consensus to +result in a `nil` block or one with none at all. In a public blockchain network, it is also possible +for validators to be **byzantine**, or malicious, which may prevent a `Tx` from being committed in +the blockchain. Possible malicious behaviors include the proposer deciding to censor a `Tx` by +excluding it from the block or a validator voting against the block. + +At this point, the transaction lifecycle of a `Tx` is over: nodes have verified its validity, +delivered it by executing its state changes, and committed those changes. The `Tx` itself, +in `[]byte` form, is stored in a block and appended to the blockchain. diff --git a/docs/sdk/next/learn/intro/overview.mdx b/docs/sdk/next/learn/intro/overview.mdx new file mode 100644 index 00000000..9a4e5a04 --- /dev/null +++ b/docs/sdk/next/learn/intro/overview.mdx @@ -0,0 +1,40 @@ +--- +title: What is the Cosmos SDK +--- +The [Cosmos SDK](https://github.com/cosmos/cosmos-sdk) is an open-source toolkit for building multi-asset public Proof-of-Stake (PoS) blockchains, like the Cosmos Hub, as well as permissioned Proof-of-Authority (PoA) blockchains. Blockchains built with the Cosmos SDK are generally referred to as **application-specific blockchains**. + +The goal of the Cosmos SDK is to allow developers to easily create custom blockchains from scratch that can natively interoperate with other blockchains. +We further this modular approach by allowing developers to plug and play with different consensus engines this can range from the [CometBFT](https://github.com/cometbft/cometbft) or [Rollkit](https://rollkit.dev/). + +SDK-based blockchains have the choice to use the predefined modules or to build their own modules. What this means is that developers can build a blockchain that is tailored to their specific use case, without having to worry about the low-level details of building a blockchain from scratch. Predefined modules include staking, governance, and token issuance, among others. + +What's more, the Cosmos SDK is a capabilities-based system that allows developers to better reason about the security of interactions between modules. For a deeper look at capabilities, jump to [Object-Capability Model](/docs/sdk/vnext/learn/advanced/ocap). + +How you can look at this is if we imagine that the SDK is like a lego kit. You can choose to build the basic house from the instructions or you can choose to modify your house and add more floors, more doors, more windows. The choice is yours. + +## What are Application-Specific Blockchains + +One development paradigm in the blockchain world today is that of virtual-machine blockchains like Ethereum, where development generally revolves around building decentralized applications on top of an existing blockchain as a set of smart contracts. While smart contracts can be very good for some use cases like single-use applications (e.g. ICOs), they often fall short for building complex decentralized platforms. More generally, smart contracts can be limiting in terms of flexibility, sovereignty and performance. + +Application-specific blockchains offer a radically different development paradigm than virtual-machine blockchains. An application-specific blockchain is a blockchain customized to operate a single application: developers have all the freedom to make the design decisions required for the application to run optimally. They can also provide better sovereignty, security and performance. + +Learn more about [application-specific blockchains](/docs/sdk/vnext/learn/intro/why-app-specific). + +## What is Modularity + +Today there is a lot of talk around modularity and discussions between monolithic and modular. Originally the Cosmos SDK was built with a vision of modularity in mind. Modularity is derived from splitting a blockchain into customizable layers of execution, consensus, settlement and data availability, which is what the Cosmos SDK enables. This means that developers can plug and play, making their blockchain customisable by using different software for different layers. For example you can choose to build a vanilla chain and use the Cosmos SDK with CometBFT. CometBFT will be your consensus layer and the chain itself would be the settlement and execution layer. Another route could be to use the SDK with Rollkit and Celestia as your consensus and data availability layer. The benefit of modularity is that you can customize your chain to your specific use case. + +## Why the Cosmos SDK + +The Cosmos SDK is the most advanced framework for building custom modular application-specific blockchains today. Here are a few reasons why you might want to consider building your decentralized application with the Cosmos SDK: + +* It allows you to plug and play and customize your consensus layer. As above you can use Rollkit and Celestia as your consensus and data availability layer. This offers a lot of flexibility and customisation. +* Previously the default consensus engine available within the Cosmos SDK is [CometBFT](https://github.com/cometbft/cometbft). CometBFT is the most mature BFT consensus engine in existence. It is widely used across the industry and is considered the gold standard consensus engine for building Proof-of-Stake systems. +* The Cosmos SDK is open-source and designed to make it easy to build blockchains out of composable [modules](/docs/sdk/vnext/build/modules). As the ecosystem of open-source Cosmos SDK modules grows, it will become increasingly easier to build complex decentralized platforms with it. +* The Cosmos SDK is inspired by capabilities-based security, and informed by years of wrestling with blockchain state-machines. This makes the Cosmos SDK a very secure environment to build blockchains. +* Most importantly, the Cosmos SDK has already been used to build many application-specific blockchains that are already in production. Among others, we can cite [Cosmos Hub](https://hub.cosmos.network), [IRIS Hub](https://irisnet.org), [Binance Chain](https://docs.binance.org/), [Terra](https://terra.money/) or [Kava](https://www.kava.io/). [Many more](https://cosmos.network/ecosystem) are building on the Cosmos SDK. + +## Getting started with the Cosmos SDK + +* Learn more about the [architecture of a Cosmos SDK application](/docs/sdk/vnext/learn/intro/sdk-app-architecture) +* Learn how to build an application-specific blockchain from scratch with the [Cosmos SDK Tutorial](https://cosmos.network/docs/tutorial) diff --git a/docs/sdk/next/learn/intro/sdk-app-architecture.mdx b/docs/sdk/next/learn/intro/sdk-app-architecture.mdx new file mode 100644 index 00000000..68a94aaf --- /dev/null +++ b/docs/sdk/next/learn/intro/sdk-app-architecture.mdx @@ -0,0 +1,91 @@ +--- +title: Blockchain Architecture +description: 'At its core, a blockchain is a replicated deterministic state machine.' +--- +## State machine + +At its core, a blockchain is a [replicated deterministic state machine](https://en.wikipedia.org/wiki/State_machine_replication). + +A state machine is a computer science concept whereby a machine can have multiple states, but only one at any given time. There is a `state`, which describes the current state of the system, and `transactions`, that trigger state transitions. + +Given a state S and a transaction T, the state machine will return a new state S'. + +```text ++--------+ +--------+ +| | | | +| S +---------------->+ S' | +| | apply(T) | | ++--------+ +--------+ +``` + +In practice, the transactions are bundled in blocks to make the process more efficient. Given a state S and a block of transactions B, the state machine will return a new state S'. + +```text ++--------+ +--------+ +| | | | +| S +----------------------------> | S' | +| | For each T in B: apply(T) | | ++--------+ +--------+ +``` + +In a blockchain context, the state machine is deterministic. This means that if a node is started at a given state and replays the same sequence of transactions, it will always end up with the same final state. + +The Cosmos SDK gives developers maximum flexibility to define the state of their application, transaction types and state transition functions. The process of building state-machines with the Cosmos SDK will be described more in depth in the following sections. But first, let us see how the state-machine is replicated using **CometBFT**. + +## CometBFT + +Thanks to the Cosmos SDK, developers just have to define the state machine, and [*CometBFT*](https://docs.cometbft.com/v0.37/introduction/what-is-cometbft) will handle replication over the network for them. + +```text expandable + ^ +-------------------------------+ ^ + | | | | Built with Cosmos SDK + | | State-machine = Application | | + | | | v + | +-------------------------------+ + | | | ^ +Blockchain node | | Consensus | | + | | | | + | +-------------------------------+ | CometBFT + | | | | + | | Networking | | + | | | | + v +-------------------------------+ v +``` + +[CometBFT](https://docs.cometbft.com/v0.37/introduction/what-is-cometbft) is an application-agnostic engine that is responsible for handling the *networking* and *consensus* layers of a blockchain. In practice, this means that CometBFT is responsible for propagating and ordering transaction bytes. CometBFT relies on an eponymous Byzantine-Fault-Tolerant (BFT) algorithm to reach consensus on the order of transactions. + +The CometBFT [consensus algorithm](https://docs.cometbft.com/v0.37/introduction/what-is-cometbft#consensus-overview) works with a set of special nodes called *Validators*. Validators are responsible for adding blocks of transactions to the blockchain. At any given block, there is a validator set V. A validator in V is chosen by the algorithm to be the proposer of the next block. This block is considered valid if more than two thirds of V signed a `prevote` and a `precommit` on it, and if all the transactions that it contains are valid. The validator set can be changed by rules written in the state-machine. + +## ABCI + +CometBFT passes transactions to the application through an interface called the [ABCI](https://docs.cometbft.com/v0.37/spec/abci/), which the application must implement. + +```text expandable + +---------------------+ + | | + | Application | + | | + +--------+---+--------+ + ^ | + | | ABCI + | v + +--------+---+--------+ + | | + | | + | CometBFT | + | | + | | + +---------------------+ +``` + +Note that **CometBFT only handles transaction bytes**. It has no knowledge of what these bytes mean. All CometBFT does is order these transaction bytes deterministically. CometBFT passes the bytes to the application via the ABCI, and expects a return code to inform it if the messages contained in the transactions were successfully processed or not. + +Here are the most important messages of the ABCI: + +* `CheckTx`: When a transaction is received by CometBFT, it is passed to the application to check if a few basic requirements are met. `CheckTx` is used to protect the mempool of full-nodes against spam transactions. A special handler called the [`AnteHandler`](/docs/sdk/vnext/learn/beginner/gas-fees#antehandler) is used to execute a series of validation steps such as checking for sufficient fees and validating the signatures. If the checks are valid, the transaction is added to the [mempool](https://docs.cometbft.com/v0.37/spec/p2p/legacy-docs/messages/mempool) and relayed to peer nodes. Note that transactions are not processed (i.e. no modification of the state occurs) with `CheckTx` since they have not been included in a block yet. +* `DeliverTx`: When a [valid block](https://docs.cometbft.com/v0.37/spec/core/data_structures#block) is received by CometBFT, each transaction in the block is passed to the application via `DeliverTx` in order to be processed. It is during this stage that the state transitions occur. The `AnteHandler` executes again, along with the actual [`Msg` service](/docs/sdk/vnext/build/building-modules/msg-services) RPC for each message in the transaction. +* `BeginBlock`/`EndBlock`: These messages are executed at the beginning and the end of each block, whether the block contains transactions or not. It is useful to trigger automatic execution of logic. Proceed with caution though, as computationally expensive loops could slow down your blockchain, or even freeze it if the loop is infinite. + +Find a more detailed view of the ABCI methods from the [CometBFT docs](https://docs.cometbft.com/v0.37/spec/abci/). + +Any application built on CometBFT needs to implement the ABCI interface in order to communicate with the underlying local CometBFT engine. Fortunately, you do not have to implement the ABCI interface. The Cosmos SDK provides a boilerplate implementation of it in the form of [baseapp](/docs/sdk/vnext/learn/intro/sdk-design#baseapp). diff --git a/docs/sdk/next/learn/intro/sdk-design.mdx b/docs/sdk/next/learn/intro/sdk-design.mdx new file mode 100644 index 00000000..fd82099f --- /dev/null +++ b/docs/sdk/next/learn/intro/sdk-design.mdx @@ -0,0 +1,1070 @@ +--- +title: Main Components of the Cosmos SDK +--- +The Cosmos SDK is a framework that facilitates the development of secure state-machines on top of CometBFT. At its core, the Cosmos SDK is a boilerplate implementation of the [ABCI](/docs/sdk/vnext/learn/intro/sdk-app-architecture#abci) in Golang. It comes with a [`multistore`](/docs/sdk/vnext/learn/advanced/store#multistore) to persist data and a [`router`](/docs/sdk/vnext/learn/advanced/baseapp#routing) to handle transactions. + +Here is a simplified view of how transactions are handled by an application built on top of the Cosmos SDK when transferred from CometBFT via `DeliverTx`: + +1. Decode `transactions` received from the CometBFT consensus engine (remember that CometBFT only deals with `[]bytes`). +2. Extract `messages` from `transactions` and do basic sanity checks. +3. Route each message to the appropriate module so that it can be processed. +4. Commit state changes. + +## `baseapp` + +`baseapp` is the boilerplate implementation of a Cosmos SDK application. It comes with an implementation of the ABCI to handle the connection with the underlying consensus engine. Typically, a Cosmos SDK application extends `baseapp` by embedding it in [`app.go`](/docs/sdk/vnext/learn/beginner/app-anatomy#core-application-file). + +Here is an example of this from `simapp`, the Cosmos SDK demonstration app: + +```go expandable +//go:build app_v1 + +package simapp + +import ( + + "encoding/json" + "fmt" + "io" + "maps" + + abci "github.com/cometbft/cometbft/abci/types" + dbm "github.com/cosmos/cosmos-db" + "github.com/cosmos/gogoproto/proto" + "github.com/spf13/cast" + + autocliv1 "cosmossdk.io/api/cosmos/autocli/v1" + reflectionv1 "cosmossdk.io/api/cosmos/reflection/v1" + "cosmossdk.io/client/v2/autocli" + clienthelpers "cosmossdk.io/client/v2/helpers" + "cosmossdk.io/core/appmodule" + "cosmossdk.io/log" + storetypes "cosmossdk.io/store/types" + "cosmossdk.io/x/circuit" + circuitkeeper "cosmossdk.io/x/circuit/keeper" + circuittypes "cosmossdk.io/x/circuit/types" + "cosmossdk.io/x/evidence" + evidencekeeper "cosmossdk.io/x/evidence/keeper" + evidencetypes "cosmossdk.io/x/evidence/types" + "cosmossdk.io/x/feegrant" + feegrantkeeper "cosmossdk.io/x/feegrant/keeper" + feegrantmodule "cosmossdk.io/x/feegrant/module" + "cosmossdk.io/x/nft" + nftkeeper "cosmossdk.io/x/nft/keeper" + nftmodule "cosmossdk.io/x/nft/module" + "cosmossdk.io/x/tx/signing" + "cosmossdk.io/x/upgrade" + upgradekeeper "cosmossdk.io/x/upgrade/keeper" + upgradetypes "cosmossdk.io/x/upgrade/types" + "github.com/cosmos/cosmos-sdk/baseapp" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/client/flags" + "github.com/cosmos/cosmos-sdk/client/grpc/cmtservice" + nodeservice "github.com/cosmos/cosmos-sdk/client/grpc/node" + "github.com/cosmos/cosmos-sdk/codec" + "github.com/cosmos/cosmos-sdk/codec/address" + "github.com/cosmos/cosmos-sdk/codec/types" + "github.com/cosmos/cosmos-sdk/runtime" + runtimeservices "github.com/cosmos/cosmos-sdk/runtime/services" + "github.com/cosmos/cosmos-sdk/server" + "github.com/cosmos/cosmos-sdk/server/api" + "github.com/cosmos/cosmos-sdk/server/config" + servertypes "github.com/cosmos/cosmos-sdk/server/types" + "github.com/cosmos/cosmos-sdk/std" + testdata_pulsar "github.com/cosmos/cosmos-sdk/testutil/testdata/testpb" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/module" + sigtypes "github.com/cosmos/cosmos-sdk/types/tx/signing" + "github.com/cosmos/cosmos-sdk/version" + "github.com/cosmos/cosmos-sdk/x/auth" + "github.com/cosmos/cosmos-sdk/x/auth/ante" + authcodec "github.com/cosmos/cosmos-sdk/x/auth/codec" + authkeeper "github.com/cosmos/cosmos-sdk/x/auth/keeper" + "github.com/cosmos/cosmos-sdk/x/auth/posthandler" + authsims "github.com/cosmos/cosmos-sdk/x/auth/simulation" + "github.com/cosmos/cosmos-sdk/x/auth/tx" + authtx "github.com/cosmos/cosmos-sdk/x/auth/tx" + txmodule "github.com/cosmos/cosmos-sdk/x/auth/tx/config" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + "github.com/cosmos/cosmos-sdk/x/auth/vesting" + vestingtypes "github.com/cosmos/cosmos-sdk/x/auth/vesting/types" + "github.com/cosmos/cosmos-sdk/x/authz" + authzkeeper "github.com/cosmos/cosmos-sdk/x/authz/keeper" + authzmodule "github.com/cosmos/cosmos-sdk/x/authz/module" + "github.com/cosmos/cosmos-sdk/x/bank" + bankkeeper "github.com/cosmos/cosmos-sdk/x/bank/keeper" + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" + consensus "github.com/cosmos/cosmos-sdk/x/consensus" + consensusparamkeeper "github.com/cosmos/cosmos-sdk/x/consensus/keeper" + consensusparamtypes "github.com/cosmos/cosmos-sdk/x/consensus/types" + distr "github.com/cosmos/cosmos-sdk/x/distribution" + distrkeeper "github.com/cosmos/cosmos-sdk/x/distribution/keeper" + distrtypes "github.com/cosmos/cosmos-sdk/x/distribution/types" + "github.com/cosmos/cosmos-sdk/x/epochs" + epochskeeper "github.com/cosmos/cosmos-sdk/x/epochs/keeper" + epochstypes "github.com/cosmos/cosmos-sdk/x/epochs/types" + "github.com/cosmos/cosmos-sdk/x/genutil" + genutiltypes "github.com/cosmos/cosmos-sdk/x/genutil/types" + "github.com/cosmos/cosmos-sdk/x/gov" + govclient "github.com/cosmos/cosmos-sdk/x/gov/client" + govkeeper "github.com/cosmos/cosmos-sdk/x/gov/keeper" + govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" + govv1beta1 "github.com/cosmos/cosmos-sdk/x/gov/types/v1beta1" + "github.com/cosmos/cosmos-sdk/x/group" + groupkeeper "github.com/cosmos/cosmos-sdk/x/group/keeper" + groupmodule "github.com/cosmos/cosmos-sdk/x/group/module" + "github.com/cosmos/cosmos-sdk/x/mint" + mintkeeper "github.com/cosmos/cosmos-sdk/x/mint/keeper" + minttypes "github.com/cosmos/cosmos-sdk/x/mint/types" + "github.com/cosmos/cosmos-sdk/x/protocolpool" + protocolpoolkeeper "github.com/cosmos/cosmos-sdk/x/protocolpool/keeper" + protocolpooltypes "github.com/cosmos/cosmos-sdk/x/protocolpool/types" + "github.com/cosmos/cosmos-sdk/x/slashing" + slashingkeeper "github.com/cosmos/cosmos-sdk/x/slashing/keeper" + slashingtypes "github.com/cosmos/cosmos-sdk/x/slashing/types" + "github.com/cosmos/cosmos-sdk/x/staking" + stakingkeeper "github.com/cosmos/cosmos-sdk/x/staking/keeper" + stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types" +) + +const appName = "SimApp" + +var ( + // DefaultNodeHome default home directories for the application daemon + DefaultNodeHome string + + // module account permissions + maccPerms = map[string][]string{ + authtypes.FeeCollectorName: nil, + distrtypes.ModuleName: nil, + minttypes.ModuleName: { + authtypes.Minter +}, + stakingtypes.BondedPoolName: { + authtypes.Burner, authtypes.Staking +}, + stakingtypes.NotBondedPoolName: { + authtypes.Burner, authtypes.Staking +}, + govtypes.ModuleName: { + authtypes.Burner +}, + nft.ModuleName: nil, + protocolpooltypes.ModuleName: nil, + protocolpooltypes.ProtocolPoolEscrowAccount: nil +} +) + +var ( + _ runtime.AppI = (*SimApp)(nil) + _ servertypes.Application = (*SimApp)(nil) +) + +// SimApp extends an ABCI application, but with most of its parameters exported. +// They are exported for convenience in creating helper functions, as object +// capabilities aren't needed for testing. +type SimApp struct { + *baseapp.BaseApp + legacyAmino *codec.LegacyAmino + appCodec codec.Codec + txConfig client.TxConfig + interfaceRegistry types.InterfaceRegistry + + // keys to access the substores + keys map[string]*storetypes.KVStoreKey + + // essential keepers + AccountKeeper authkeeper.AccountKeeper + BankKeeper bankkeeper.BaseKeeper + StakingKeeper *stakingkeeper.Keeper + SlashingKeeper slashingkeeper.Keeper + MintKeeper mintkeeper.Keeper + DistrKeeper distrkeeper.Keeper + GovKeeper govkeeper.Keeper + UpgradeKeeper *upgradekeeper.Keeper + EvidenceKeeper evidencekeeper.Keeper + ConsensusParamsKeeper consensusparamkeeper.Keeper + CircuitKeeper circuitkeeper.Keeper + + // supplementary keepers + FeeGrantKeeper feegrantkeeper.Keeper + GroupKeeper groupkeeper.Keeper + AuthzKeeper authzkeeper.Keeper + NFTKeeper nftkeeper.Keeper + EpochsKeeper epochskeeper.Keeper + ProtocolPoolKeeper protocolpoolkeeper.Keeper + + // the module manager + ModuleManager *module.Manager + BasicModuleManager module.BasicManager + + // simulation manager + sm *module.SimulationManager + + // module configurator + configurator module.Configurator +} + +func init() { + var err error + DefaultNodeHome, err = clienthelpers.GetNodeHomeDirectory(".simapp") + if err != nil { + panic(err) +} +} + +// NewSimApp returns a reference to an initialized SimApp. +func NewSimApp( + logger log.Logger, + db dbm.DB, + traceStore io.Writer, + loadLatest bool, + appOpts servertypes.AppOptions, + baseAppOptions ...func(*baseapp.BaseApp), +) *SimApp { + interfaceRegistry, _ := types.NewInterfaceRegistryWithOptions(types.InterfaceRegistryOptions{ + ProtoFiles: proto.HybridResolver, + SigningOptions: signing.Options{ + AddressCodec: address.Bech32Codec{ + Bech32Prefix: sdk.GetConfig().GetBech32AccountAddrPrefix(), +}, + ValidatorAddressCodec: address.Bech32Codec{ + Bech32Prefix: sdk.GetConfig().GetBech32ValidatorAddrPrefix(), +}, +}, +}) + appCodec := codec.NewProtoCodec(interfaceRegistry) + legacyAmino := codec.NewLegacyAmino() + txConfig := tx.NewTxConfig(appCodec, tx.DefaultSignModes) + if err := interfaceRegistry.SigningContext().Validate(); err != nil { + panic(err) +} + +std.RegisterLegacyAminoCodec(legacyAmino) + +std.RegisterInterfaces(interfaceRegistry) + + // Below we could construct and set an application specific mempool and + // ABCI 1.0 PrepareProposal and ProcessProposal handlers. These defaults are + // already set in the SDK's BaseApp, this shows an example of how to override + // them. + // + // Example: + // + // bApp := baseapp.NewBaseApp(...) + // nonceMempool := mempool.NewSenderNonceMempool() + // abciPropHandler := NewDefaultProposalHandler(nonceMempool, bApp) + // + // bApp.SetMempool(nonceMempool) + // bApp.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // bApp.SetProcessProposal(abciPropHandler.ProcessProposalHandler()) + // + // Alternatively, you can construct BaseApp options, append those to + // baseAppOptions and pass them to NewBaseApp. + // + // Example: + // + // prepareOpt = func(app *baseapp.BaseApp) { + // abciPropHandler := baseapp.NewDefaultProposalHandler(nonceMempool, app) + // app.SetPrepareProposal(abciPropHandler.PrepareProposalHandler()) + // +} + // baseAppOptions = append(baseAppOptions, prepareOpt) + + // create and set dummy vote extension handler + voteExtOp := func(bApp *baseapp.BaseApp) { + voteExtHandler := NewVoteExtensionHandler() + +voteExtHandler.SetHandlers(bApp) +} + +baseAppOptions = append(baseAppOptions, voteExtOp, baseapp.SetOptimisticExecution()) + bApp := baseapp.NewBaseApp(appName, logger, db, txConfig.TxDecoder(), baseAppOptions...) + +bApp.SetCommitMultiStoreTracer(traceStore) + +bApp.SetVersion(version.Version) + +bApp.SetInterfaceRegistry(interfaceRegistry) + +bApp.SetTxEncoder(txConfig.TxEncoder()) + keys := storetypes.NewKVStoreKeys( + authtypes.StoreKey, + banktypes.StoreKey, + stakingtypes.StoreKey, + minttypes.StoreKey, + distrtypes.StoreKey, + slashingtypes.StoreKey, + govtypes.StoreKey, + consensusparamtypes.StoreKey, + upgradetypes.StoreKey, + feegrant.StoreKey, + evidencetypes.StoreKey, + circuittypes.StoreKey, + authzkeeper.StoreKey, + nftkeeper.StoreKey, + group.StoreKey, + epochstypes.StoreKey, + protocolpooltypes.StoreKey, + ) + + // register streaming services + if err := bApp.RegisterStreamingServices(appOpts, keys); err != nil { + panic(err) +} + app := &SimApp{ + BaseApp: bApp, + legacyAmino: legacyAmino, + appCodec: appCodec, + txConfig: txConfig, + interfaceRegistry: interfaceRegistry, + keys: keys, +} + + // set the BaseApp's parameter store + app.ConsensusParamsKeeper = consensusparamkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[consensusparamtypes.StoreKey]), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + runtime.EventService{ +}, + ) + +bApp.SetParamStore(app.ConsensusParamsKeeper.ParamsStore) + + // add keepers + app.AccountKeeper = authkeeper.NewAccountKeeper( + appCodec, + runtime.NewKVStoreService(keys[authtypes.StoreKey]), + authtypes.ProtoBaseAccount, + maccPerms, + authcodec.NewBech32Codec(sdk.Bech32MainPrefix), + sdk.Bech32MainPrefix, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + authkeeper.WithUnorderedTransactions(true), + ) + +app.BankKeeper = bankkeeper.NewBaseKeeper( + appCodec, + runtime.NewKVStoreService(keys[banktypes.StoreKey]), + app.AccountKeeper, + BlockedAddresses(), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + logger, + ) + + // optional: enable sign mode textual by overwriting the default tx config (after setting the bank keeper) + enabledSignModes := append(tx.DefaultSignModes, sigtypes.SignMode_SIGN_MODE_TEXTUAL) + txConfigOpts := tx.ConfigOptions{ + EnabledSignModes: enabledSignModes, + TextualCoinMetadataQueryFn: txmodule.NewBankKeeperCoinMetadataQueryFn(app.BankKeeper), +} + +txConfig, err := tx.NewTxConfigWithOptions( + appCodec, + txConfigOpts, + ) + if err != nil { + panic(err) +} + +app.txConfig = txConfig + + app.StakingKeeper = stakingkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[stakingtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + authcodec.NewBech32Codec(sdk.Bech32PrefixValAddr), + authcodec.NewBech32Codec(sdk.Bech32PrefixConsAddr), + ) + +app.MintKeeper = mintkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[minttypes.StoreKey]), + app.StakingKeeper, + app.AccountKeeper, + app.BankKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + // mintkeeper.WithMintFn(mintkeeper.DefaultMintFn(minttypes.DefaultInflationCalculationFn)), custom mintFn can be added here + ) + +app.ProtocolPoolKeeper = protocolpoolkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[protocolpooltypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + +app.DistrKeeper = distrkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[distrtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + app.StakingKeeper, + authtypes.FeeCollectorName, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + distrkeeper.WithExternalCommunityPool(app.ProtocolPoolKeeper), + ) + +app.SlashingKeeper = slashingkeeper.NewKeeper( + appCodec, + legacyAmino, + runtime.NewKVStoreService(keys[slashingtypes.StoreKey]), + app.StakingKeeper, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + +app.FeeGrantKeeper = feegrantkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[feegrant.StoreKey]), + app.AccountKeeper, + ) + + // register the staking hooks + // NOTE: stakingKeeper above is passed by reference, so that it will contain these hooks + app.StakingKeeper.SetHooks( + stakingtypes.NewMultiStakingHooks( + app.DistrKeeper.Hooks(), + app.SlashingKeeper.Hooks(), + ), + ) + +app.CircuitKeeper = circuitkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[circuittypes.StoreKey]), + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + app.AccountKeeper.AddressCodec(), + ) + +app.BaseApp.SetCircuitBreaker(&app.CircuitKeeper) + +app.AuthzKeeper = authzkeeper.NewKeeper( + runtime.NewKVStoreService(keys[authzkeeper.StoreKey]), + appCodec, + app.MsgServiceRouter(), + app.AccountKeeper, + ) + groupConfig := group.DefaultConfig() + /* + Example of setting group params: + groupConfig.MaxMetadataLen = 1000 + */ + app.GroupKeeper = groupkeeper.NewKeeper( + keys[group.StoreKey], + appCodec, + app.MsgServiceRouter(), + app.AccountKeeper, + groupConfig, + ) + + // get skipUpgradeHeights from the app options + skipUpgradeHeights := map[int64]bool{ +} + for _, h := range cast.ToIntSlice(appOpts.Get(server.FlagUnsafeSkipUpgrades)) { + skipUpgradeHeights[int64(h)] = true +} + homePath := cast.ToString(appOpts.Get(flags.FlagHome)) + // set the governance module account as the authority for conducting upgrades + app.UpgradeKeeper = upgradekeeper.NewKeeper( + skipUpgradeHeights, + runtime.NewKVStoreService(keys[upgradetypes.StoreKey]), + appCodec, + homePath, + app.BaseApp, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + ) + + // Register the proposal types + // Deprecated: Avoid adding new handlers, instead use the new proposal flow + // by granting the governance module the right to execute the message. + // See: https://docs.cosmos.network/main/modules/gov#proposal-messages + govRouter := govv1beta1.NewRouter() + +govRouter.AddRoute(govtypes.RouterKey, govv1beta1.ProposalHandler) + govConfig := govtypes.DefaultConfig() + /* + Example of setting gov params: + govConfig.MaxMetadataLen = 10000 + */ + govKeeper := govkeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[govtypes.StoreKey]), + app.AccountKeeper, + app.BankKeeper, + app.StakingKeeper, + app.DistrKeeper, + app.MsgServiceRouter(), + govConfig, + authtypes.NewModuleAddress(govtypes.ModuleName).String(), + // govkeeper.WithCustomCalculateVoteResultsAndVotingPowerFn(...), // Add if you want to use a custom vote calculation function. + ) + + // Set legacy router for backwards compatibility with gov v1beta1 + govKeeper.SetLegacyRouter(govRouter) + +app.GovKeeper = *govKeeper.SetHooks( + govtypes.NewMultiGovHooks( + // register the governance hooks + ), + ) + +app.NFTKeeper = nftkeeper.NewKeeper( + runtime.NewKVStoreService(keys[nftkeeper.StoreKey]), + appCodec, + app.AccountKeeper, + app.BankKeeper, + ) + + // create evidence keeper with router + evidenceKeeper := evidencekeeper.NewKeeper( + appCodec, + runtime.NewKVStoreService(keys[evidencetypes.StoreKey]), + app.StakingKeeper, + app.SlashingKeeper, + app.AccountKeeper.AddressCodec(), + runtime.ProvideCometInfoService(), + ) + // If evidence needs to be handled for the app, set routes in router here and seal + app.EvidenceKeeper = *evidenceKeeper + + app.EpochsKeeper = epochskeeper.NewKeeper( + runtime.NewKVStoreService(keys[epochstypes.StoreKey]), + appCodec, + ) + +app.EpochsKeeper.SetHooks( + epochstypes.NewMultiEpochHooks( + // insert epoch hooks receivers here + ), + ) + + /**** Module Options ****/ + + // NOTE: Any module instantiated in the module manager that is later modified + // must be passed by reference here. + app.ModuleManager = module.NewManager( + genutil.NewAppModule( + app.AccountKeeper, app.StakingKeeper, app, + txConfig, + ), + auth.NewAppModule(appCodec, app.AccountKeeper, authsims.RandomGenesisAccounts, nil), + vesting.NewAppModule(app.AccountKeeper, app.BankKeeper), + bank.NewAppModule(appCodec, app.BankKeeper, app.AccountKeeper, nil), + feegrantmodule.NewAppModule(appCodec, app.AccountKeeper, app.BankKeeper, app.FeeGrantKeeper, app.interfaceRegistry), + gov.NewAppModule(appCodec, &app.GovKeeper, app.AccountKeeper, app.BankKeeper, nil), + mint.NewAppModule(appCodec, app.MintKeeper, app.AccountKeeper, nil, nil), + slashing.NewAppModule(appCodec, app.SlashingKeeper, app.AccountKeeper, app.BankKeeper, app.StakingKeeper, nil, app.interfaceRegistry), + distr.NewAppModule(appCodec, app.DistrKeeper, app.AccountKeeper, app.BankKeeper, app.StakingKeeper, nil), + staking.NewAppModule(appCodec, app.StakingKeeper, app.AccountKeeper, app.BankKeeper, nil), + upgrade.NewAppModule(app.UpgradeKeeper, app.AccountKeeper.AddressCodec()), + evidence.NewAppModule(app.EvidenceKeeper), + authzmodule.NewAppModule(appCodec, app.AuthzKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry), + groupmodule.NewAppModule(appCodec, app.GroupKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry), + nftmodule.NewAppModule(appCodec, app.NFTKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry), + consensus.NewAppModule(appCodec, app.ConsensusParamsKeeper), + circuit.NewAppModule(appCodec, app.CircuitKeeper), + epochs.NewAppModule(app.EpochsKeeper), + protocolpool.NewAppModule(app.ProtocolPoolKeeper, app.AccountKeeper, app.BankKeeper), + ) + + // BasicModuleManager defines the module BasicManager is in charge of setting up basic, + // non-dependant module elements, such as codec registration and genesis verification. + // By default it is composed of all the module from the module manager. + // Additionally, app module basics can be overwritten by passing them as argument. + app.BasicModuleManager = module.NewBasicManagerFromManager( + app.ModuleManager, + map[string]module.AppModuleBasic{ + genutiltypes.ModuleName: genutil.NewAppModuleBasic(genutiltypes.DefaultMessageValidator), + govtypes.ModuleName: gov.NewAppModuleBasic( + []govclient.ProposalHandler{ +}, + ), +}) + +app.BasicModuleManager.RegisterLegacyAminoCodec(legacyAmino) + +app.BasicModuleManager.RegisterInterfaces(interfaceRegistry) + + // NOTE: upgrade module is required to be prioritized + app.ModuleManager.SetOrderPreBlockers( + upgradetypes.ModuleName, + authtypes.ModuleName, + ) + // During begin block slashing happens after distr.BeginBlocker so that + // there is nothing left over in the validator fee pool, so as to keep the + // CanWithdrawInvariant invariant. + // NOTE: staking module is required if HistoricalEntries param > 0 + app.ModuleManager.SetOrderBeginBlockers( + minttypes.ModuleName, + distrtypes.ModuleName, + protocolpooltypes.ModuleName, + slashingtypes.ModuleName, + evidencetypes.ModuleName, + stakingtypes.ModuleName, + genutiltypes.ModuleName, + authz.ModuleName, + epochstypes.ModuleName, + ) + +app.ModuleManager.SetOrderEndBlockers( + govtypes.ModuleName, + stakingtypes.ModuleName, + genutiltypes.ModuleName, + feegrant.ModuleName, + group.ModuleName, + protocolpooltypes.ModuleName, + ) + + // NOTE: The genutils module must occur after staking so that pools are + // properly initialized with tokens from genesis accounts. + // NOTE: The genutils module must also occur after auth so that it can access the params from auth. + genesisModuleOrder := []string{ + authtypes.ModuleName, + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + nft.ModuleName, + group.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + consensusparamtypes.ModuleName, + circuittypes.ModuleName, + epochstypes.ModuleName, + protocolpooltypes.ModuleName, +} + exportModuleOrder := []string{ + consensusparamtypes.ModuleName, + authtypes.ModuleName, + protocolpooltypes.ModuleName, // Must be exported before bank + banktypes.ModuleName, + distrtypes.ModuleName, + stakingtypes.ModuleName, + slashingtypes.ModuleName, + govtypes.ModuleName, + minttypes.ModuleName, + genutiltypes.ModuleName, + evidencetypes.ModuleName, + authz.ModuleName, + feegrant.ModuleName, + nft.ModuleName, + group.ModuleName, + upgradetypes.ModuleName, + vestingtypes.ModuleName, + circuittypes.ModuleName, + epochstypes.ModuleName, +} + +app.ModuleManager.SetOrderInitGenesis(genesisModuleOrder...) + +app.ModuleManager.SetOrderExportGenesis(exportModuleOrder...) + + // Uncomment if you want to set a custom migration order here. + // app.ModuleManager.SetOrderMigrations(custom order) + +app.configurator = module.NewConfigurator(app.appCodec, app.MsgServiceRouter(), app.GRPCQueryRouter()) + +err = app.ModuleManager.RegisterServices(app.configurator) + if err != nil { + panic(err) +} + + // RegisterUpgradeHandlers is used for registering any on-chain upgrades. + // Make sure it's called after `app.ModuleManager` and `app.configurator` are set. + app.RegisterUpgradeHandlers() + +autocliv1.RegisterQueryServer(app.GRPCQueryRouter(), runtimeservices.NewAutoCLIQueryService(app.ModuleManager.Modules)) + +reflectionSvc, err := runtimeservices.NewReflectionService() + if err != nil { + panic(err) +} + +reflectionv1.RegisterReflectionServiceServer(app.GRPCQueryRouter(), reflectionSvc) + + // add test gRPC service for testing gRPC queries in isolation + testdata_pulsar.RegisterQueryServer(app.GRPCQueryRouter(), testdata_pulsar.QueryImpl{ +}) + + // create the simulation manager and define the order of the modules for deterministic simulations + // + // NOTE: this is not required apps that don't use the simulator for fuzz testing + // transactions + overrideModules := map[string]module.AppModuleSimulation{ + authtypes.ModuleName: auth.NewAppModule(app.appCodec, app.AccountKeeper, authsims.RandomGenesisAccounts, nil), +} + +app.sm = module.NewSimulationManagerFromAppModules(app.ModuleManager.Modules, overrideModules) + +app.sm.RegisterStoreDecoders() + + // initialize stores + app.MountKVStores(keys) + + // initialize BaseApp + app.SetInitChainer(app.InitChainer) + +app.SetPreBlocker(app.PreBlocker) + +app.SetBeginBlocker(app.BeginBlocker) + +app.SetEndBlocker(app.EndBlocker) + +app.setAnteHandler(txConfig) + + // In v0.46, the SDK introduces _postHandlers_. PostHandlers are like + // antehandlers, but are run _after_ the `runMsgs` execution. They are also + // defined as a chain, and have the same signature as antehandlers. + // + // In baseapp, postHandlers are run in the same store branch as `runMsgs`, + // meaning that both `runMsgs` and `postHandler` state will be committed if + // both are successful, and both will be reverted if any of the two fails. + // + // The SDK exposes a default postHandlers chain + // + // Please note that changing any of the anteHandler or postHandler chain is + // likely to be a state-machine breaking change, which needs a coordinated + // upgrade. + app.setPostHandler() + if loadLatest { + if err := app.LoadLatestVersion(); err != nil { + panic(fmt.Errorf("error loading last version: %w", err)) +} + +} + +return app +} + +func (app *SimApp) + +setAnteHandler(txConfig client.TxConfig) { + anteHandler, err := NewAnteHandler( + HandlerOptions{ + ante.HandlerOptions{ + AccountKeeper: app.AccountKeeper, + BankKeeper: app.BankKeeper, + SignModeHandler: txConfig.SignModeHandler(), + FeegrantKeeper: app.FeeGrantKeeper, + SigGasConsumer: ante.DefaultSigVerificationGasConsumer, + SigVerifyOptions: []ante.SigVerificationDecoratorOption{ + // change below as needed. + ante.WithUnorderedTxGasCost(ante.DefaultUnorderedTxGasCost), + ante.WithMaxUnorderedTxTimeoutDuration(ante.DefaultMaxTimeoutDuration), +}, +}, + &app.CircuitKeeper, +}, + ) + if err != nil { + panic(err) +} + + // Set the AnteHandler for the app + app.SetAnteHandler(anteHandler) +} + +func (app *SimApp) + +setPostHandler() { + postHandler, err := posthandler.NewPostHandler( + posthandler.HandlerOptions{ +}, + ) + if err != nil { + panic(err) +} + +app.SetPostHandler(postHandler) +} + +// Name returns the name of the App +func (app *SimApp) + +Name() + +string { + return app.BaseApp.Name() +} + +// PreBlocker application updates every pre block +func (app *SimApp) + +PreBlocker(ctx sdk.Context, _ *abci.RequestFinalizeBlock) (*sdk.ResponsePreBlock, error) { + return app.ModuleManager.PreBlock(ctx) +} + +// BeginBlocker application updates every begin block +func (app *SimApp) + +BeginBlocker(ctx sdk.Context) (sdk.BeginBlock, error) { + return app.ModuleManager.BeginBlock(ctx) +} + +// EndBlocker application updates every end block +func (app *SimApp) + +EndBlocker(ctx sdk.Context) (sdk.EndBlock, error) { + return app.ModuleManager.EndBlock(ctx) +} + +func (a *SimApp) + +Configurator() + +module.Configurator { + return a.configurator +} + +// InitChainer application update at chain initialization +func (app *SimApp) + +InitChainer(ctx sdk.Context, req *abci.RequestInitChain) (*abci.ResponseInitChain, error) { + var genesisState GenesisState + if err := json.Unmarshal(req.AppStateBytes, &genesisState); err != nil { + panic(err) +} + +app.UpgradeKeeper.SetModuleVersionMap(ctx, app.ModuleManager.GetVersionMap()) + +return app.ModuleManager.InitGenesis(ctx, app.appCodec, genesisState) +} + +// LoadHeight loads a particular height +func (app *SimApp) + +LoadHeight(height int64) + +error { + return app.LoadVersion(height) +} + +// LegacyAmino returns SimApp's amino codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +LegacyAmino() *codec.LegacyAmino { + return app.legacyAmino +} + +// AppCodec returns SimApp's app codec. +// +// NOTE: This is solely to be used for testing purposes as it may be desirable +// for modules to register their own custom testing types. +func (app *SimApp) + +AppCodec() + +codec.Codec { + return app.appCodec +} + +// InterfaceRegistry returns SimApp's InterfaceRegistry +func (app *SimApp) + +InterfaceRegistry() + +types.InterfaceRegistry { + return app.interfaceRegistry +} + +// TxConfig returns SimApp's TxConfig +func (app *SimApp) + +TxConfig() + +client.TxConfig { + return app.txConfig +} + +// AutoCliOpts returns the autocli options for the app. +func (app *SimApp) + +AutoCliOpts() + +autocli.AppOptions { + modules := make(map[string]appmodule.AppModule, 0) + for _, m := range app.ModuleManager.Modules { + if moduleWithName, ok := m.(module.HasName); ok { + moduleName := moduleWithName.Name() + if appModule, ok := moduleWithName.(appmodule.AppModule); ok { + modules[moduleName] = appModule +} + +} + +} + +return autocli.AppOptions{ + Modules: modules, + ModuleOptions: runtimeservices.ExtractAutoCLIOptions(app.ModuleManager.Modules), + AddressCodec: authcodec.NewBech32Codec(sdk.GetConfig().GetBech32AccountAddrPrefix()), + ValidatorAddressCodec: authcodec.NewBech32Codec(sdk.GetConfig().GetBech32ValidatorAddrPrefix()), + ConsensusAddressCodec: authcodec.NewBech32Codec(sdk.GetConfig().GetBech32ConsensusAddrPrefix()), +} +} + +// DefaultGenesis returns a default genesis from the registered AppModuleBasic's. +func (a *SimApp) + +DefaultGenesis() + +map[string]json.RawMessage { + return a.BasicModuleManager.DefaultGenesis(a.appCodec) +} + +// GetKey returns the KVStoreKey for the provided store key. +// +// NOTE: This is solely to be used for testing purposes. +func (app *SimApp) + +GetKey(storeKey string) *storetypes.KVStoreKey { + return app.keys[storeKey] +} + +// GetStoreKeys returns all the stored store keys. +func (app *SimApp) + +GetStoreKeys() []storetypes.StoreKey { + keys := make([]storetypes.StoreKey, 0, len(app.keys)) + for _, key := range app.keys { + keys = append(keys, key) +} + +return keys +} + +// SimulationManager implements the SimulationApp interface +func (app *SimApp) + +SimulationManager() *module.SimulationManager { + return app.sm +} + +// RegisterAPIRoutes registers all application module routes with the provided +// API server. +func (app *SimApp) + +RegisterAPIRoutes(apiSvr *api.Server, apiConfig config.APIConfig) { + clientCtx := apiSvr.ClientCtx + // Register new tx routes from grpc-gateway. + authtx.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // Register new CometBFT queries routes from grpc-gateway. + cmtservice.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // Register node gRPC service for grpc-gateway. + nodeservice.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // Register grpc-gateway routes for all modules. + app.BasicModuleManager.RegisterGRPCGatewayRoutes(clientCtx, apiSvr.GRPCGatewayRouter) + + // register swagger API from root so that other applications can override easily + if err := server.RegisterSwaggerAPI(apiSvr.ClientCtx, apiSvr.Router, apiConfig.Swagger); err != nil { + panic(err) +} +} + +// RegisterTxService implements the Application.RegisterTxService method. +func (app *SimApp) + +RegisterTxService(clientCtx client.Context) { + authtx.RegisterTxService(app.BaseApp.GRPCQueryRouter(), clientCtx, app.BaseApp.Simulate, app.interfaceRegistry) +} + +// RegisterTendermintService implements the Application.RegisterTendermintService method. +func (app *SimApp) + +RegisterTendermintService(clientCtx client.Context) { + cmtApp := server.NewCometABCIWrapper(app) + +cmtservice.RegisterTendermintService( + clientCtx, + app.BaseApp.GRPCQueryRouter(), + app.interfaceRegistry, + cmtApp.Query, + ) +} + +func (app *SimApp) + +RegisterNodeService(clientCtx client.Context, cfg config.Config) { + nodeservice.RegisterNodeService(clientCtx, app.GRPCQueryRouter(), cfg) +} + +// GetMaccPerms returns a copy of the module account permissions +// +// NOTE: This is solely to be used for testing purposes. +func GetMaccPerms() + +map[string][]string { + return maps.Clone(maccPerms) +} + +// BlockedAddresses returns all the app's blocked account addresses. +func BlockedAddresses() + +map[string]bool { + modAccAddrs := make(map[string]bool) + for acc := range GetMaccPerms() { + modAccAddrs[authtypes.NewModuleAddress(acc).String()] = true +} + + // allow the following addresses to receive funds + delete(modAccAddrs, authtypes.NewModuleAddress(govtypes.ModuleName).String()) + +return modAccAddrs +} +``` + +The goal of `baseapp` is to provide a secure interface between the store and the extensible state machine while defining as little about the state machine as possible (staying true to the ABCI). + +For more on `baseapp`, please click [here](/docs/sdk/vnext/learn/advanced/baseapp). + +## Multistore + +The Cosmos SDK provides a [`multistore`](/docs/sdk/vnext/learn/advanced/store#multistore) for persisting state. The multistore allows developers to declare any number of [`KVStores`](/docs/sdk/vnext/learn/advanced/store#base-layer-kvstores). These `KVStores` only accept the `[]byte` type as value and therefore any custom structure needs to be marshalled using [a codec](/docs/sdk/vnext/learn/advanced/encoding) before being stored. + +The multistore abstraction is used to divide the state in distinct compartments, each managed by its own module. For more on the multistore, click [here](/docs/sdk/vnext/learn/advanced/store#multistore) + +## Modules + +The power of the Cosmos SDK lies in its modularity. Cosmos SDK applications are built by aggregating a collection of interoperable modules. Each module defines a subset of the state and contains its own message/transaction processor, while the Cosmos SDK is responsible for routing each message to its respective module. + +Here is a simplified view of how a transaction is processed by the application of each full-node when it is received in a valid block: + +```mermaid expandable + flowchart TD + A[Transaction relayed from the full-node's CometBFT engine to the node's application via DeliverTx] --> B[APPLICATION] + B -->|"Using baseapp's methods: Decode the Tx, extract and route the message(s)"| C[Message routed to the correct module to be processed] + C --> D1[AUTH MODULE] + C --> D2[BANK MODULE] + C --> D3[STAKING MODULE] + C --> D4[GOV MODULE] + D1 -->|Handle message, Update state| E["Return result to CometBFT (0=Ok, 1=Err)"] + D2 -->|Handle message, Update state| E["Return result to CometBFT (0=Ok, 1=Err)"] + D3 -->|Handle message, Update state| E["Return result to CometBFT (0=Ok, 1=Err)"] + D4 -->|Handle message, Update state| E["Return result to CometBFT (0=Ok, 1=Err)"] +``` + +Each module can be seen as a little state-machine. Developers need to define the subset of the state handled by the module, as well as custom message types that modify the state (*Note:* `messages` are extracted from `transactions` by `baseapp`). In general, each module declares its own `KVStore` in the `multistore` to persist the subset of the state it defines. Most developers will need to access other 3rd party modules when building their own modules. Given that the Cosmos SDK is an open framework, some of the modules may be malicious, which means there is a need for security principles to reason about inter-module interactions. These principles are based on [object-capabilities](/docs/sdk/vnext/learn/advanced/ocap). In practice, this means that instead of having each module keep an access control list for other modules, each module implements special objects called `keepers` that can be passed to other modules to grant a pre-defined set of capabilities. + +Cosmos SDK modules are defined in the `x/` folder of the Cosmos SDK. Some core modules include: + +* `x/auth`: Used to manage accounts and signatures. +* `x/bank`: Used to enable tokens and token transfers. +* `x/staking` + `x/slashing`: Used to build Proof-of-Stake blockchains. + +In addition to the already existing modules in `x/`, which anyone can use in their app, the Cosmos SDK lets you build your own custom modules. You can check an [example of that in the tutorial](https://tutorials.cosmos.network/). diff --git a/docs/sdk/next/learn/intro/why-app-specific.mdx b/docs/sdk/next/learn/intro/why-app-specific.mdx new file mode 100644 index 00000000..b2779218 --- /dev/null +++ b/docs/sdk/next/learn/intro/why-app-specific.mdx @@ -0,0 +1,81 @@ +--- +title: Application-Specific Blockchains +--- + +**Synopsis** +This document explains what application-specific blockchains are, and why developers would want to build one as opposed to writing Smart Contracts. + + +## What are application-specific blockchains + +Application-specific blockchains are blockchains customized to operate a single application. Instead of building a decentralized application on top of an underlying blockchain like Ethereum, developers build their own blockchain from the ground up. This means building a full-node client, a light-client, and all the necessary interfaces (CLI, REST, ...) to interact with the nodes. + +```text expandable + ^ +-------------------------------+ ^ + | | | | Built with Cosmos SDK + | | State-machine = Application | | + | | | v + | +-------------------------------+ + | | | ^ +Blockchain node | | Consensus | | + | | | | + | +-------------------------------+ | CometBFT + | | | | + | | Networking | | + | | | | + v +-------------------------------+ v +``` + +## What are the shortcomings of Smart Contracts + +Virtual-machine blockchains like Ethereum addressed the demand for more programmability back in 2014. At the time, the options available for building decentralized applications were quite limited. Most developers would build on top of the complex and limited Bitcoin scripting language, or fork the Bitcoin codebase which was hard to work with and customize. + +Virtual-machine blockchains came in with a new value proposition. Their state-machine incorporates a virtual-machine that is able to interpret turing-complete programs called Smart Contracts. These Smart Contracts are very good for use cases like one-time events (e.g. ICOs), but they can fall short for building complex decentralized platforms. Here is why: + +* Smart Contracts are generally developed with specific programming languages that can be interpreted by the underlying virtual-machine. These programming languages are often immature and inherently limited by the constraints of the virtual-machine itself. For example, the Ethereum Virtual Machine does not allow developers to implement automatic execution of code. Developers are also limited to the account-based system of the EVM, and they can only choose from a limited set of functions for their cryptographic operations. These are examples, but they hint at the lack of **flexibility** that a smart contract environment often entails. +* Smart Contracts are all run by the same virtual machine. This means that they compete for resources, which can severely restrain **performance**. And even if the state-machine were to be split in multiple subsets (e.g. via sharding), Smart Contracts would still need to be interpreted by a virtual machine, which would limit performance compared to a native application implemented at state-machine level (our benchmarks show an improvement on the order of 10x in performance when the virtual-machine is removed). +* Another issue with the fact that Smart Contracts share the same underlying environment is the resulting limitation in **sovereignty**. A decentralized application is an ecosystem that involves multiple players. If the application is built on a general-purpose virtual-machine blockchain, stakeholders have very limited sovereignty over their application, and are ultimately superseded by the governance of the underlying blockchain. If there is a bug in the application, very little can be done about it. + +Application-Specific Blockchains are designed to address these shortcomings. + +## Application-Specific Blockchains Benefits + +### Flexibility + +Application-specific blockchains give maximum flexibility to developers: + +* In Cosmos blockchains, the state-machine is typically connected to the underlying consensus engine via an interface called the [ABCI](https://docs.cometbft.com/v0.37/spec/abci/). This interface can be wrapped in any programming language, meaning developers can build their state-machine in the programming language of their choice. + +* Developers can choose among multiple frameworks to build their state-machine. The most widely used today is the Cosmos SDK, but others exist (e.g. [Lotion](https://github.com/nomic-io/lotion), [Weave](https://github.com/iov-one/weave), ...). Typically the choice will be made based on the programming language they want to use (Cosmos SDK and Weave are in Golang, Lotion is in Javascript, ...). + +* The ABCI also allows developers to swap the consensus engine of their application-specific blockchain. Today, only CometBFT is production-ready, but in the future other consensus engines are expected to emerge. + +* Even when they settle for a framework and consensus engine, developers still have the freedom to tweak them if they don't perfectly match their requirements in their pristine forms. + +* Developers are free to explore the full spectrum of tradeoffs (e.g. number of validators vs transaction throughput, safety vs availability in asynchrony, ...) and design choices (DB or IAVL tree for storage, UTXO or account model, ...). + +* Developers can implement automatic execution of code. In the Cosmos SDK, logic can be automatically triggered at the beginning and the end of each block. They are also free to choose the cryptographic library used in their application, as opposed to being constrained by what is made available by the underlying environment in the case of virtual-machine blockchains. + +The list above contains a few examples that show how much flexibility application-specific blockchains give to developers. The goal of Cosmos and the Cosmos SDK is to make developer tooling as generic and composable as possible, so that each part of the stack can be forked, tweaked and improved without losing compatibility. As the community grows, more alternatives for each of the core building blocks will emerge, giving more options to developers. + +### Performance + +Decentralized applications built with Smart Contracts are inherently capped in performance by the underlying environment. For a decentralized application to optimise performance, it needs to be built as an application-specific blockchain. Next are some of the benefits an application-specific blockchain brings in terms of performance: + +* Developers of application-specific blockchains can choose to operate with a novel consensus engine such as CometBFT. Compared to Proof-of-Work (used by most virtual-machine blockchains today), it offers significant gains in throughput. +* An application-specific blockchain only operates a single application, so that the application does not compete with others for computation and storage. This is the opposite of most non-sharded virtual-machine blockchains today, where smart contracts all compete for computation and storage. +* Even if a virtual-machine blockchain offered application-based sharding coupled with an efficient consensus algorithm, performance would still be limited by the virtual-machine itself. The real throughput bottleneck is the state-machine, and requiring transactions to be interpreted by a virtual-machine significantly increases the computational complexity of processing them. + +### Security + +Security is hard to quantify, and greatly varies from platform to platform. That said here are some important benefits an application-specific blockchain can bring in terms of security: + +* Developers can choose proven programming languages like Go when building their application-specific blockchains, as opposed to smart contract programming languages that are often more immature. +* Developers are not constrained by the cryptographic functions made available by the underlying virtual-machines. They can use their own custom cryptography, and rely on well-audited crypto libraries. +* Developers do not have to worry about potential bugs or exploitable mechanisms in the underlying virtual-machine, making it easier to reason about the security of the application. + +### Sovereignty + +One of the major benefits of application-specific blockchains is sovereignty. A decentralized application is an ecosystem that involves many actors: users, developers, third-party services, and more. When developers build on a virtual-machine blockchain where many decentralized applications coexist, the community of the application is different than the community of the underlying blockchain, and the latter supersedes the former in the governance process. If there is a bug or if a new feature is needed, stakeholders of the application have very little leeway to upgrade the code. If the community of the underlying blockchain refuses to act, nothing can happen. + +The fundamental issue here is that the governance of the application and the governance of the network are not aligned. This issue is solved by application-specific blockchains. Because application-specific blockchains specialize to operate a single application, stakeholders of the application have full control over the entire chain. This ensures that the community will not be stuck if a bug is discovered, and that it has the freedom to choose how it is going to evolve. diff --git a/docs/sdk/next/learn/learn.mdx b/docs/sdk/next/learn/learn.mdx new file mode 100644 index 00000000..1a33c4f0 --- /dev/null +++ b/docs/sdk/next/learn/learn.mdx @@ -0,0 +1,9 @@ +--- +title: Learn +--- +* [Introduction](/docs/sdk/vnext/learn/intro/overview) - Dive into the fundamentals of Cosmos SDK with an insightful introduction, + laying the groundwork for understanding blockchain development. In this section we provide a High-Level Overview of the SDK, then dive deeper into Core concepts such as Application-Specific Blockchains, Blockchain Architecture, and finally we begin to explore the main components of the SDK. +* [Beginner](/docs/sdk/vnext/learn/beginner/app-anatomy) - Start your journey with beginner-friendly resources in the Cosmos SDK's "Learn" + section, providing a gentle entry point for newcomers to blockchain development. Here we focus on a little more detail, covering the Anatomy of a Cosmos SDK Application, Transaction Lifecycles, Accounts and lastly, Gas and Fees. +* [Advanced](/docs/sdk/vnext/learn/advanced/baseapp) - Level up your Cosmos SDK expertise with advanced topics, tailored for experienced + developers diving into intricate blockchain application development. We cover the Cosmos SDK on a lower level as we dive into the core of the SDK with BaseApp, Transactions, Context, Node Client (Daemon), Store, Encoding, gRPC, REST, and CometBFT Endpoints, CLI, Events, Telemetry, Object-Capability Model, RunTx recovery middleware, Cosmos Blockchain Simulator, Protobuf Documentation, In-Place Store Migrations, Configuration and AutoCLI. diff --git a/docs/sdk/next/tutorials/transactions/building-a-transaction.mdx b/docs/sdk/next/tutorials/transactions/building-a-transaction.mdx new file mode 100644 index 00000000..601b8f5a --- /dev/null +++ b/docs/sdk/next/tutorials/transactions/building-a-transaction.mdx @@ -0,0 +1,192 @@ +--- +title: Building a Transaction +description: >- + These are the steps to build, sign and broadcast a transaction using v2 + semantics. +--- +These are the steps to build, sign and broadcast a transaction using v2 semantics. + +1. Correctly set up imports + +```go expandable +import ( + + "context" + "fmt" + "log" + "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" + + apisigning "cosmossdk.io/api/cosmos/tx/signing/v1beta1" + "cosmossdk.io/client/v2/broadcast/comet" + "cosmossdk.io/client/v2/tx" + "cosmossdk.io/core/transaction" + "cosmossdk.io/math" + banktypes "cosmossdk.io/x/bank/types" + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + cryptocodec "github.com/cosmos/cosmos-sdk/crypto/codec" + "github.com/cosmos/cosmos-sdk/crypto/keyring" + authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" + "github.com/cosmos/cosmos-sdk/codec" + addrcodec "github.com/cosmos/cosmos-sdk/codec/address" + sdk "github.com/cosmos/cosmos-sdk/types" +) +``` + +2. Create a gRPC connection + +```go +clientConn, err := grpc.NewClient("127.0.0.1:9090", grpc.WithTransportCredentials(insecure.NewCredentials())) + if err != nil { + log.Fatal(err) +} +``` + +3. Setup codec and interface registry + +```go +// Setup interface registry and register necessary interfaces + interfaceRegistry := codectypes.NewInterfaceRegistry() + +banktypes.RegisterInterfaces(interfaceRegistry) + +authtypes.RegisterInterfaces(interfaceRegistry) + +cryptocodec.RegisterInterfaces(interfaceRegistry) + + // Create a ProtoCodec for encoding/decoding + protoCodec := codec.NewProtoCodec(interfaceRegistry) +``` + +4. Initialize keyring + +```go expandable +ckr, err := keyring.New("autoclikeyring", "test", home, nil, protoCodec) + if err != nil { + log.Fatal("error creating keyring", err) +} + +kr, err := keyring.NewAutoCLIKeyring(ckr, addrcodec.NewBech32Codec("cosmos")) + if err != nil { + log.Fatal("error creating auto cli keyring", err) +} +``` + +5. Setup transaction parameters + +```go expandable +// Setup transaction parameters + txParams := tx.TxParameters{ + ChainID: "simapp-v2-chain", + SignMode: apisigning.SignMode_SIGN_MODE_DIRECT, + AccountConfig: tx.AccountConfig{ + FromAddress: "cosmos1t0fmn0lyp2v99ga55mm37mpnqrlnc4xcs2hhhy", + FromName: "alice", +}, +} + + // Configure gas settings + gasConfig, err := tx.NewGasConfig(100, 100, "0stake") + if err != nil { + log.Fatal("error creating gas config: ", err) +} + +txParams.GasConfig = gasConfig + + // Create auth query client + authClient := authtypes.NewQueryClient(clientConn) + + // Retrieve account information for the sender + fromAccount, err := getAccount("cosmos1t0fmn0lyp2v99ga55mm37mpnqrlnc4xcs2hhhy", authClient, protoCodec) + if err != nil { + log.Fatal("error getting from account: ", err) +} + + // Update txParams with the correct account number and sequence + txParams.AccountConfig.AccountNumber = fromAccount.GetAccountNumber() + +txParams.AccountConfig.Sequence = fromAccount.GetSequence() + + // Retrieve account information for the recipient + toAccount, err := getAccount("cosmos1e2wanzh89mlwct7cs7eumxf7mrh5m3ykpsh66m", authClient, protoCodec) + if err != nil { + log.Fatal("error getting to account: ", err) +} + + // Configure transaction settings + txConf, _ := tx.NewTxConfig(tx.ConfigOptions{ + AddressCodec: addrcodec.NewBech32Codec("cosmos"), + Cdc: protoCodec, + ValidatorAddressCodec: addrcodec.NewBech32Codec("cosmosval"), + EnabledSignModes: []apisigning.SignMode{ + apisigning.SignMode_SIGN_MODE_DIRECT +}, +}) +``` + +6. Build the transaction + +```go expandable +// Create a transaction factory + f, err := tx.NewFactory(kr, codec.NewProtoCodec(codectypes.NewInterfaceRegistry()), nil, txConf, addrcodec.NewBech32Codec("cosmos"), clientConn, txParams) + if err != nil { + log.Fatal("error creating factory", err) +} + + // Define the transaction message + msgs := []transaction.Msg{ + &banktypes.MsgSend{ + FromAddress: fromAccount.GetAddress().String(), + ToAddress: toAccount.GetAddress().String(), + Amount: sdk.Coins{ + sdk.NewCoin("stake", math.NewInt(1000000)), +}, +}, +} + + // Build and sign the transaction + tx, err := f.BuildsSignedTx(context.Background(), msgs...) + if err != nil { + log.Fatal("error building signed tx", err) +} +``` + +7. Broadcast the transaction + +```go expandable +// Create a broadcaster for the transaction + c, err := comet.NewCometBFTBroadcaster("http://127.0.0.1:26657", comet.BroadcastSync, protoCodec) + if err != nil { + log.Fatal("error creating comet broadcaster", err) +} + + // Broadcast the transaction + res, err := c.Broadcast(context.Background(), tx.Bytes()) + if err != nil { + log.Fatal("error broadcasting tx", err) +} +``` + +8. Helpers + +```go expandable +// getAccount retrieves account information using the provided address +func getAccount(address string, authClient authtypes.QueryClient, codec codec.Codec) (sdk.AccountI, error) { + // Query account info + accountQuery, err := authClient.Account(context.Background(), &authtypes.QueryAccountRequest{ + Address: string(address), +}) + if err != nil { + return nil, fmt.Errorf("error getting account: %w", err) +} + + // Unpack the account information + var account sdk.AccountI + err = codec.InterfaceRegistry().UnpackAny(accountQuery.Account, &account) + if err != nil { + return nil, fmt.Errorf("error unpacking account: %w", err) +} + +return account, nil +} +``` diff --git a/docs/sdk/next/tutorials/tutorials.mdx b/docs/sdk/next/tutorials/tutorials.mdx new file mode 100644 index 00000000..70f5d656 --- /dev/null +++ b/docs/sdk/next/tutorials/tutorials.mdx @@ -0,0 +1,10 @@ +--- +title: Tutorials +--- +## Advanced Tutorials + +This section provides a concise overview of tutorials focused on implementing vote extensions in the Cosmos SDK. Vote extensions are a powerful feature for enhancing the security and fairness of blockchain applications, particularly in scenarios like implementing oracles and mitigating auction front-running. + +* **Implementing Oracle with Vote Extensions** - This tutorial details how to use vote extensions for the implementation of a secure and reliable oracle within a blockchain application. It demonstrates the use of vote extensions to securely include oracle data submissions in blocks, ensuring the data's integrity and reliability for the blockchain. + +* **Mitigating Auction Front-Running with Vote Extensions** - Explore how to prevent auction front-running using vote extensions. This tutorial outlines the creation of a module aimed at mitigating front-running in nameservice auctions, emphasising the `ExtendVote`, `PrepareProposal`, and `ProcessProposal` functions to facilitate a fair auction process. diff --git a/docs/sdk/next/tutorials/vote-extensions/auction-frontrunning/demo-of-mitigating-front-running.mdx b/docs/sdk/next/tutorials/vote-extensions/auction-frontrunning/demo-of-mitigating-front-running.mdx new file mode 100644 index 00000000..34158120 --- /dev/null +++ b/docs/sdk/next/tutorials/vote-extensions/auction-frontrunning/demo-of-mitigating-front-running.mdx @@ -0,0 +1,108 @@ +--- +title: Demo of Mitigating Front-Running with Vote Extensions +--- +The purpose of this demo is to test the implementation of the `VoteExtensionHandler` and `PrepareProposalHandler` that we have just added to the codebase. These handlers are designed to mitigate front-running by ensuring that all validators have a consistent view of the mempool when preparing proposals. + +In this demo, we are using a 3 validator network. The Beacon validator is special because it has a custom transaction provider enabled. This means that it can potentially manipulate the order of transactions in a proposal to its advantage (i.e., front-running). + +1. Bootstrap the validator network: This sets up a network with 3 validators. The script \`./scripts/configure.sh is used to configure the network and the validators. + +```shell +cd scripts +configure.sh +``` + +If this doesn't work please ensure you have run `make build` in the `tutorials/nameservice/base` directory. + +{/* nolint:all */} +2\. Have alice attempt to reserve `bob.cosmos`: This is a normal transaction that alice wants to execute. The script \`\`./scripts/reserve.sh "bob.cosmos"\` is used to send this transaction. + +```shell +reserve.sh "bob.cosmos" +``` + +{/* //nolint:all */} +3\. Query to verify the name has been reserved: This is to check the result of the transaction. The script `./scripts/whois.sh "bob.cosmos"` is used to query the state of the blockchain. + +```shell +whois.sh "bob.cosmos" +``` + +It should return: + +```{ expandable + "name": { + "name": "bob.cosmos", + "owner": "cosmos1nq9wuvuju4jdmpmzvxmg8zhhu2ma2y2l2pnu6w", + "resolve_address": "cosmos1h6zy2kn9efxtw5z22rc5k9qu7twl70z24kr3ht", + "amount": [ + { + "denom": "uatom", + "amount": "1000" + } + ] + } +} +``` + +To detect front-running attempts by the beacon, scrutinise the logs during the `ProcessProposal` stage. Open the logs for each validator, including the beacon, `val1`, and `val2`, to observe the following behavior. Open the log file of the validator node. The location of this file can vary depending on your setup, but it's typically located in a directory like `$HOME/cosmos/nodes/#{validator}/logs`. The directory in this case will be under the validator so, `beacon` `val1` or `val2`. Run the following to tail the logs of the validator or beacon: + +```shell +tail -f $HOME/cosmos/nodes/#{validator}/logs +``` + +```shell +2:47PM ERR :: Detected invalid proposal bid :: name:"bob.cosmos" resolveAddress:"cosmos1wmuwv38pdur63zw04t0c78r2a8dyt08hf9tpvd" owner:"cosmos1wmuwv38pdur63zw04t0c78r2a8dyt08hf9tpvd" amount: module=server +2:47PM ERR :: Unable to validate bids in Process Proposal :: module=server +2:47PM ERR prevote step: state machine rejected a proposed block; this should not happen:the proposer may be misbehaving; prevoting nil err=null height=142 module=consensus round=0 +``` + +{/* //nolint:all */} +4\. List the Beacon's keys: This is to verify the addresses of the validators. The script `./scripts/list-beacon-keys.sh` is used to list the keys. + +```shell +list-beacon-keys.sh +``` + +We should receive something similar to the following: + +```shell expandable +[ + { + "name": "alice", + "type": "local", + "address": "cosmos1h6zy2kn9efxtw5z22rc5k9qu7twl70z24kr3ht", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"A32cvBUkNJz+h2vld4A5BxvU5Rd+HyqpR3aGtvEhlm4C\"}" + }, + { + "name": "barbara", + "type": "local", + "address": "cosmos1nq9wuvuju4jdmpmzvxmg8zhhu2ma2y2l2pnu6w", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"Ag9PFsNyTQPoJdbyCWia5rZH9CrvSrjMsk7Oz4L3rXQ5\"}" + }, + { + "name": "beacon-key", + "type": "local", + "address": "cosmos1ez9a6x7lz4gvn27zr368muw8jeyas7sv84lfup", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"AlzJZMWyN7lass710TnAhyuFKAFIaANJyw5ad5P2kpcH\"}" + }, + { + "name": "cindy", + "type": "local", + "address": "cosmos1m5j6za9w4qc2c5ljzxmm2v7a63mhjeag34pa3g", + "pubkey": "{\"@type\":\"/cosmos.crypto.secp256k1.PubKey\",\"key\":\"A6F1/3yot5OpyXoSkBbkyl+3rqBkxzRVSJfvSpm/AvW5\"}" + } +] +``` + +This allows us to match up the addresses and see that the bid was not front run by the beacon due as the resolve address is Alice's address and not the beacons address. + +By running this demo, we can verify that the `VoteExtensionHandler` and `PrepareProposalHandler` are working as expected and that they are able to prevent front-running. + +## Conclusion + +In this tutorial, we've tackled front-running and MEV, focusing on nameservice auctions' vulnerability to these issues. We've explored vote extensions, a key feature of ABCI 2.0, and integrated them into a Cosmos SDK application. + +Through practical exercises, you've implemented vote extensions, and tested their effectiveness in creating a fair auction system. You've gained practical insights by configuring a validator network and analysing blockchain logs. + +Keep experimenting with these concepts, engage with the community, and stay updated on new advancements. The knowledge you've acquired here is crucial for developing secure and fair blockchain applications. diff --git a/docs/sdk/next/tutorials/vote-extensions/auction-frontrunning/getting-started.mdx b/docs/sdk/next/tutorials/vote-extensions/auction-frontrunning/getting-started.mdx new file mode 100644 index 00000000..5befa09c --- /dev/null +++ b/docs/sdk/next/tutorials/vote-extensions/auction-frontrunning/getting-started.mdx @@ -0,0 +1,44 @@ +--- +title: Getting Started +description: >- + - Getting Started - Understanding Front-Running - Mitigating Front-running + with Vote Extensions - Demo of Mitigating Front-Running +--- +## Table of Contents + +* [Getting Started](#overview-of-the-project) +* [Understanding Front-Running](/docs/sdk/vnext/tutorials/vote-extensions/auction-frontrunning/understanding-frontrunning) +* [Mitigating Front-running with Vote Extensions](/docs/sdk/vnext/tutorials/vote-extensions/auction-frontrunning/mitigating-front-running-with-vote-extesions) +* [Demo of Mitigating Front-Running](/docs/sdk/vnext/tutorials/vote-extensions/auction-frontrunning/demo-of-mitigating-front-running) + +## Getting Started + +### Overview of the Project + +This tutorial outlines the development of a module designed to mitigate front-running in nameservice auctions. The following functions are central to this module: + +* `ExtendVote`: Gathers bids from the mempool and includes them in the vote extension to ensure a fair and transparent auction process. +* `PrepareProposal`: Processes the vote extensions from the previous block, creating a special transaction that encapsulates bids to be included in the current proposal. +* `ProcessProposal`: Validates that the first transaction in the proposal is the special transaction containing the vote extensions and ensures the integrity of the bids. + +In this advanced tutorial, we will be working with an example application that facilitates the auctioning of nameservices. To see what frontrunning and nameservices are [here](/docs/sdk/vnext/tutorials/vote-extensions/auction-frontrunning/understanding-frontrunning) This application provides a practical use case to explore the prevention of auction front-running, also known as "bid sniping", where a validator takes advantage of seeing a bid in the mempool to place their own higher bid before the original bid is processed. + +The tutorial will guide you through using the Cosmos SDK to mitigate front-running using vote extensions. The module will be built on top of the base blockchain provided in the `tutorials/base` directory and will use the `auction` module as a foundation. By the end of this tutorial, you will have a better understanding of how to prevent front-running in blockchain auctions, specifically in the context of nameservice auctioning. + +## What are Vote extensions? + +Vote extensions is arbitrary information which can be inserted into a block. This feature is part of ABCI 2.0, which is available for use in the SDK 0.50 release and part of the 0.38 CometBFT release. + +More information about vote extensions can be seen [here](https://docs.cosmos.network/main/build/abci/vote-extensions). + +## Requirements and Setup + +Before diving into the advanced tutorial on auction front-running simulation, ensure you meet the following requirements: + +* [Golang >1.21.5](https://golang.org/doc/install) installed +* Familiarity with the concepts of front-running and MEV, as detailed in [Understanding Front-Running](/docs/sdk/vnext/tutorials/vote-extensions/auction-frontrunning/understanding-frontrunning) +* Understanding of Vote Extensions as described [here](https://docs.cosmos.network/main/build/abci/vote-extensions) + +You will also need a foundational blockchain to build upon coupled with your own module. The `tutorials/base` directory has the necessary blockchain code to start your custom project with the Cosmos SDK. For the module, you can use the `auction` module provided in the `tutorials/auction/x/auction` directory as a reference but please be aware that all of the code needed to implement vote extensions is already implemented in this module. + +This will set up a strong base for your blockchain, enabling the integration of advanced features such as auction front-running simulation. diff --git a/docs/sdk/next/tutorials/vote-extensions/auction-frontrunning/mitigating-front-running-with-vote-extensions.mdx b/docs/sdk/next/tutorials/vote-extensions/auction-frontrunning/mitigating-front-running-with-vote-extensions.mdx new file mode 100644 index 00000000..967ee546 --- /dev/null +++ b/docs/sdk/next/tutorials/vote-extensions/auction-frontrunning/mitigating-front-running-with-vote-extensions.mdx @@ -0,0 +1,379 @@ +--- +title: Mitigating Front-running with Vote Extensions +description: >- + Prerequisites Implementing Structs for Vote Extensions Implementing Handlers + and Configuring Handlers +--- +## Table of Contents + +* [Prerequisites](#prerequisites) +* [Implementing Structs for Vote Extensions](#implementing-structs-for-vote-extensions) +* [Implementing Handlers and Configuring Handlers](#implementing-handlers-and-configuring-handlers) + +## Prerequisites + +Before implementing vote extensions to mitigate front-running, ensure you have a module ready to implement the vote extensions with. If you need to create or reference a similar module, see `x/auction` for guidance. + +In this section, we will discuss the steps to mitigate front-running using vote extensions. We will introduce new types within the `abci/types.go` file. These types will be used to handle the process of preparing proposals, processing proposals, and handling vote extensions. + +### Implementing Structs for Vote Extensions + +First, copy the following structs into the `abci/types.go` and each of these structs serves a specific purpose in the process of mitigating front-running using vote extensions: + +```go expandable +package abci + +import ( + + //import the necessary files +) + +type PrepareProposalHandler struct { + logger log.Logger + txConfig client.TxConfig + cdc codec.Codec + mempool *mempool.ThresholdMempool + txProvider provider.TxProvider + keyname string + runProvider bool +} +``` + +The `PrepareProposalHandler` struct is used to handle the preparation of a proposal in the consensus process. It contains several fields: logger for logging information and errors, txConfig for transaction configuration, cdc (Codec) for encoding and decoding transactions, mempool for referencing the set of unconfirmed transactions, txProvider for building the proposal with transactions, keyname for the name of the key used for signing transactions, and runProvider, a boolean flag indicating whether the provider should be run to build the proposal. + +```go +type ProcessProposalHandler struct { + TxConfig client.TxConfig + Codec codec.Codec + Logger log.Logger +} +``` + +After the proposal has been prepared and vote extensions have been included, the `ProcessProposalHandler` is used to process the proposal. This includes validating the proposal and the included vote extensions. The `ProcessProposalHandler` allows you to access the transaction configuration and codec, which are necessary for processing the vote extensions. + +```go +type VoteExtHandler struct { + logger log.Logger + currentBlock int64 + mempool *mempool.ThresholdMempool + cdc codec.Codec +} +``` + +This struct is used to handle vote extensions. It contains a logger for logging events, the current block number, a mempool for storing transactions, and a codec for encoding and decoding. Vote extensions are a key part of the process to mitigate front-running, as they allow for additional information to be included with each vote. + +```go +type InjectedVoteExt struct { + VoteExtSigner []byte + Bids [][]byte +} + +type InjectedVotes struct { + Votes []InjectedVoteExt +} +``` + +These structs are used to handle injected vote extensions. They include the signer of the vote extension and the bids associated with the vote extension. Each byte array in Bids is a serialised form of a bid transaction. Injected vote extensions are used to add additional information to a vote after it has been created, which can be useful for adding context or additional data to a vote. The serialised bid transactions provide a way to include complex transaction data in a compact, efficient format. + +```go +type AppVoteExtension struct { + Height int64 + Bids [][]byte +} +``` + +This struct is used for application vote extensions. It includes the height of the block and the bids associated with the vote extension. Application vote extensions are used to add additional information to a vote at the application level, which can be useful for adding context or additional data to a vote that is specific to the application. + +```go +type SpecialTransaction struct { + Height int + Bids [][]byte +} +``` + +This struct is used for special transactions. It includes the height of the block and the bids associated with the transaction. Special transactions are used for transactions that need to be handled differently from regular transactions, such as transactions that are part of the process to mitigate front-running. + +### Implementing Handlers and Configuring Handlers + +To establish the `VoteExtensionHandler`, follow these steps: + +1. Navigate to the `abci/proposal.go` file. This is where we will implement the \`VoteExtensionHandler\`\`. + +2. Implement the `NewVoteExtensionHandler` function. This function is a constructor for the `VoteExtHandler` struct. It takes a logger, a mempool, and a codec as parameters and returns a new instance of `VoteExtHandler`. + +```go +func NewVoteExtensionHandler(lg log.Logger, mp *mempool.ThresholdMempool, cdc codec.Codec) *VoteExtHandler { + return &VoteExtHandler{ + logger: lg, + mempool: mp, + cdc: cdc, +} +} +``` + +3. Implement the `ExtendVoteHandler()` method. This method should handle the logic of extending votes, including inspecting the mempool and submitting a list of all pending bids. This will allow you to access the list of unconfirmed transactions in the abci.`RequestPrepareProposal` during the ensuing block. + +```go expandable +func (h *VoteExtHandler) + +ExtendVoteHandler() + +sdk.ExtendVoteHandler { + return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + h.logger.Info(fmt.Sprintf("Extending votes at block height : %v", req.Height)) + voteExtBids := [][]byte{ +} + + // Get mempool txs + itr := h.mempool.SelectPending(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + sdkMsgs := tmptx.GetMsgs() + + // Iterate through msgs, check for any bids + for _, msg := range sdkMsgs { + switch msg := msg.(type) { + case *nstypes.MsgBid: + // Marshal sdk bids to []byte + bz, err := h.cdc.Marshal(msg) + if err != nil { + h.logger.Error(fmt.Sprintf("Error marshalling VE Bid : %v", err)) + +break +} + +voteExtBids = append(voteExtBids, bz) + +default: +} + +} + + // Move tx to ready pool + err := h.mempool.Update(context.Background(), tmptx) + + // Remove tx from app side mempool + if err != nil { + h.logger.Info(fmt.Sprintf("Unable to update mempool tx: %v", err)) +} + +itr = itr.Next() +} + + // Create vote extension + voteExt := AppVoteExtension{ + Height: req.Height, + Bids: voteExtBids, +} + + // Encode Vote Extension + bz, err := json.Marshal(voteExt) + if err != nil { + return nil, fmt.Errorf("Error marshalling VE: %w", err) +} + +return &abci.ResponseExtendVote{ + VoteExtension: bz +}, nil +} +``` + +4. Configure the handler in `app/app.go` as shown below + +```go +bApp := baseapp.NewBaseApp(AppName, logger, db, txConfig.TxDecoder(), baseAppOptions...) + voteExtHandler := abci2.NewVoteExtensionHandler(logger, mempool, appCodec) + +bApp.SetExtendVoteHandler(voteExtHandler.ExtendVoteHandler()) +``` + +To give a bit of context on what is happening above, we first create a new instance of `VoteExtensionHandler` with the necessary dependencies (logger, mempool, and codec). Then, we set this handler as the `ExtendVoteHandler` for our application. This means that whenever a vote needs to be extended, our custom `ExtendVoteHandler()` method will be called. + +To test if vote extensions have been propagated, add the following to the `PrepareProposalHandler`: + +```go +if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + +h.logger.Info(fmt.Sprintf(" :: Get vote extensions: %v", voteExt)) +} +``` + +This is how the whole function should look: + +```go expandable +func (h *PrepareProposalHandler) + +PrepareProposalHandler() + +sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + h.logger.Info(fmt.Sprintf(" :: Prepare Proposal")) + +var proposalTxs [][]byte + + var txs []sdk.Tx + + // Get Vote Extensions + if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + +h.logger.Info(fmt.Sprintf(" :: Get vote extensions: %v", voteExt)) +} + itr := h.mempool.Select(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + +txs = append(txs, tmptx) + +itr = itr.Next() +} + +h.logger.Info(fmt.Sprintf(" :: Number of Transactions available from mempool: %v", len(txs))) + if h.runProvider { + tmpMsgs, err := h.txProvider.BuildProposal(ctx, txs) + if err != nil { + h.logger.Error(fmt.Sprintf(" :: Error Building Custom Proposal: %v", err)) +} + +txs = tmpMsgs +} + for _, sdkTxs := range txs { + txBytes, err := h.txConfig.TxEncoder()(sdkTxs) + if err != nil { + h.logger.Info(fmt.Sprintf("~Error encoding transaction: %v", err.Error())) +} + +proposalTxs = append(proposalTxs, txBytes) +} + +h.logger.Info(fmt.Sprintf(" :: Number of Transactions in proposal: %v", len(proposalTxs))) + +return &abci.ResponsePrepareProposal{ + Txs: proposalTxs +}, nil +} +} +``` + +As mentioned above, we check if vote extensions have been propagated, you can do this by checking the logs for any relevant messages such as ` :: Get vote extensions:`. If the logs do not provide enough information, you can also reinitialise your local testing environment by running the `./scripts/single_node/setup.sh` script again. + +5. Implement the `ProcessProposalHandler()`. This function is responsible for processing the proposal. It should handle the logic of processing vote extensions, including inspecting the proposal and validating the bids. + +```go expandable +func (h *ProcessProposalHandler) + +ProcessProposalHandler() + +sdk.ProcessProposalHandler { + return func(ctx sdk.Context, req *abci.RequestProcessProposal) (resp *abci.ResponseProcessProposal, err error) { + h.Logger.Info(fmt.Sprintf(" :: Process Proposal")) + + // The first transaction will always be the Special Transaction + numTxs := len(req.Txs) + +h.Logger.Info(fmt.Sprintf(":: Number of transactions :: %v", numTxs)) + if numTxs >= 1 { + var st SpecialTransaction + err = json.Unmarshal(req.Txs[0], &st) + if err != nil { + h.Logger.Error(fmt.Sprintf(":: Error unmarshalling special Tx in Process Proposal :: %v", err)) +} + if len(st.Bids) > 0 { + h.Logger.Info(fmt.Sprintf(":: There are bids in the Special Transaction")) + +var bids []nstypes.MsgBid + for i, b := range st.Bids { + var bid nstypes.MsgBid + h.Codec.Unmarshal(b, &bid) + +h.Logger.Info(fmt.Sprintf(":: Special Transaction Bid No %v :: %v", i, bid)) + +bids = append(bids, bid) +} + // Validate Bids in Tx + txs := req.Txs[1:] + ok, err := ValidateBids(h.TxConfig, bids, txs, h.Logger) + if err != nil { + h.Logger.Error(fmt.Sprintf(":: Error validating bids in Process Proposal :: %v", err)) + +return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_REJECT +}, nil +} + if !ok { + h.Logger.Error(fmt.Sprintf(":: Unable to validate bids in Process Proposal :: %v", err)) + +return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_REJECT +}, nil +} + +h.Logger.Info(":: Successfully validated bids in Process Proposal") +} + +} + +return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_ACCEPT +}, nil +} +} +``` + +6. Implement the `ProcessVoteExtensions()` function. This function should handle the logic of processing vote extensions, including validating the bids. + +```go expandable +func processVoteExtensions(req *abci.RequestPrepareProposal, log log.Logger) (SpecialTransaction, error) { + log.Info(fmt.Sprintf(" :: Process Vote Extensions")) + + // Create empty response + st := SpecialTransaction{ + 0, + [][]byte{ +}, +} + + // Get Vote Ext for H-1 from Req + voteExt := req.GetLocalLastCommit() + votes := voteExt.Votes + + // Iterate through votes + var ve AppVoteExtension + for _, vote := range votes { + // Unmarshal to AppExt + err := json.Unmarshal(vote.VoteExtension, &ve) + if err != nil { + log.Error(fmt.Sprintf(" :: Error unmarshalling Vote Extension")) +} + +st.Height = int(ve.Height) + + // If Bids in VE, append to Special Transaction + if len(ve.Bids) > 0 { + log.Info(" :: Bids in VE") + for _, b := range ve.Bids { + st.Bids = append(st.Bids, b) +} + +} + +} + +return st, nil +} +``` + +7. Configure the `ProcessProposalHandler()` in app/app.go: + +```go +processPropHandler := abci2.ProcessProposalHandler{ + app.txConfig, appCodec, logger +} + +bApp.SetProcessProposal(processPropHandler.ProcessProposalHandler()) +``` + +This sets the `ProcessProposalHandler()` for our application. This means that whenever a proposal needs to be processed, our custom `ProcessProposalHandler()` method will be called. + +To test if the proposal processing and vote extensions are working correctly, you can check the logs for any relevant messages. If the logs do not provide enough information, you can also reinitialize your local testing environment by running `./scripts/single_node/setup.sh` script. diff --git a/docs/sdk/next/tutorials/vote-extensions/auction-frontrunning/mitigating-front-running-with-vote-extesions.mdx b/docs/sdk/next/tutorials/vote-extensions/auction-frontrunning/mitigating-front-running-with-vote-extesions.mdx new file mode 100644 index 00000000..8282acef --- /dev/null +++ b/docs/sdk/next/tutorials/vote-extensions/auction-frontrunning/mitigating-front-running-with-vote-extesions.mdx @@ -0,0 +1,379 @@ +--- +title: Mitigating Front-running with Vote Extensions +description: >- + - Prerequisites - Implementing Structs for Vote Extensions - Implementing + Handlers and Configuring Handlers +--- +## Table of Contents + +* [Prerequisites](#prerequisites) +* [Implementing Structs for Vote Extensions](#implementing-structs-for-vote-extensions) +* [Implementing Handlers and Configuring Handlers](#implementing-handlers-and-configuring-handlers) + +## Prerequisites + +Before implementing vote extensions to mitigate front-running, ensure you have a module ready to implement the vote extensions with. If you need to create or reference a similar module, see `x/auction` for guidance. + +In this section, we will discuss the steps to mitigate front-running using vote extensions. We will introduce new types within the `abci/types.go` file. These types will be used to handle the process of preparing proposals, processing proposals, and handling vote extensions. + +### Implementing Structs for Vote Extensions + +First, copy the following structs into the `abci/types.go` and each of these structs serves a specific purpose in the process of mitigating front-running using vote extensions: + +```go expandable +package abci + +import ( + + //import the necessary files +) + +type PrepareProposalHandler struct { + logger log.Logger + txConfig client.TxConfig + cdc codec.Codec + mempool *mempool.ThresholdMempool + txProvider provider.TxProvider + keyname string + runProvider bool +} +``` + +The `PrepareProposalHandler` struct is used to handle the preparation of a proposal in the consensus process. It contains several fields: logger for logging information and errors, txConfig for transaction configuration, cdc (Codec) for encoding and decoding transactions, mempool for referencing the set of unconfirmed transactions, txProvider for building the proposal with transactions, keyname for the name of the key used for signing transactions, and runProvider, a boolean flag indicating whether the provider should be run to build the proposal. + +```go +type ProcessProposalHandler struct { + TxConfig client.TxConfig + Codec codec.Codec + Logger log.Logger +} +``` + +After the proposal has been prepared and vote extensions have been included, the `ProcessProposalHandler` is used to process the proposal. This includes validating the proposal and the included vote extensions. The `ProcessProposalHandler` allows you to access the transaction configuration and codec, which are necessary for processing the vote extensions. + +```go +type VoteExtHandler struct { + logger log.Logger + currentBlock int64 + mempool *mempool.ThresholdMempool + cdc codec.Codec +} +``` + +This struct is used to handle vote extensions. It contains a logger for logging events, the current block number, a mempool for storing transactions, and a codec for encoding and decoding. Vote extensions are a key part of the process to mitigate front-running, as they allow for additional information to be included with each vote. + +```go +type InjectedVoteExt struct { + VoteExtSigner []byte + Bids [][]byte +} + +type InjectedVotes struct { + Votes []InjectedVoteExt +} +``` + +These structs are used to handle injected vote extensions. They include the signer of the vote extension and the bids associated with the vote extension. Each byte array in Bids is a serialised form of a bid transaction. Injected vote extensions are used to add additional information to a vote after it has been created, which can be useful for adding context or additional data to a vote. The serialised bid transactions provide a way to include complex transaction data in a compact, efficient format. + +```go +type AppVoteExtension struct { + Height int64 + Bids [][]byte +} +``` + +This struct is used for application vote extensions. It includes the height of the block and the bids associated with the vote extension. Application vote extensions are used to add additional information to a vote at the application level, which can be useful for adding context or additional data to a vote that is specific to the application. + +```go +type SpecialTransaction struct { + Height int + Bids [][]byte +} +``` + +This struct is used for special transactions. It includes the height of the block and the bids associated with the transaction. Special transactions are used for transactions that need to be handled differently from regular transactions, such as transactions that are part of the process to mitigate front-running. + +### Implementing Handlers and Configuring Handlers + +To establish the `VoteExtensionHandler`, follow these steps: + +1. Navigate to the `abci/proposal.go` file. This is where we will implement the \`VoteExtensionHandler\`\`. + +2. Implement the `NewVoteExtensionHandler` function. This function is a constructor for the `VoteExtHandler` struct. It takes a logger, a mempool, and a codec as parameters and returns a new instance of `VoteExtHandler`. + +```go +func NewVoteExtensionHandler(lg log.Logger, mp *mempool.ThresholdMempool, cdc codec.Codec) *VoteExtHandler { + return &VoteExtHandler{ + logger: lg, + mempool: mp, + cdc: cdc, +} +} +``` + +3. Implement the `ExtendVoteHandler()` method. This method should handle the logic of extending votes, including inspecting the mempool and submitting a list of all pending bids. This will allow you to access the list of unconfirmed transactions in the abci.`RequestPrepareProposal` during the ensuing block. + +```go expandable +func (h *VoteExtHandler) + +ExtendVoteHandler() + +sdk.ExtendVoteHandler { + return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + h.logger.Info(fmt.Sprintf("Extending votes at block height : %v", req.Height)) + voteExtBids := [][]byte{ +} + + // Get mempool txs + itr := h.mempool.SelectPending(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + sdkMsgs := tmptx.GetMsgs() + + // Iterate through msgs, check for any bids + for _, msg := range sdkMsgs { + switch msg := msg.(type) { + case *nstypes.MsgBid: + // Marshal sdk bids to []byte + bz, err := h.cdc.Marshal(msg) + if err != nil { + h.logger.Error(fmt.Sprintf("Error marshalling VE Bid : %v", err)) + +break +} + +voteExtBids = append(voteExtBids, bz) + +default: +} + +} + + // Move tx to ready pool + err := h.mempool.Update(context.Background(), tmptx) + + // Remove tx from app side mempool + if err != nil { + h.logger.Info(fmt.Sprintf("Unable to update mempool tx: %v", err)) +} + +itr = itr.Next() +} + + // Create vote extension + voteExt := AppVoteExtension{ + Height: req.Height, + Bids: voteExtBids, +} + + // Encode Vote Extension + bz, err := json.Marshal(voteExt) + if err != nil { + return nil, fmt.Errorf("Error marshalling VE: %w", err) +} + +return &abci.ResponseExtendVote{ + VoteExtension: bz +}, nil +} +``` + +4. Configure the handler in `app/app.go` as shown below + +```go +bApp := baseapp.NewBaseApp(AppName, logger, db, txConfig.TxDecoder(), baseAppOptions...) + voteExtHandler := abci2.NewVoteExtensionHandler(logger, mempool, appCodec) + +bApp.SetExtendVoteHandler(voteExtHandler.ExtendVoteHandler()) +``` + +To give a bit of context on what is happening above, we first create a new instance of `VoteExtensionHandler` with the necessary dependencies (logger, mempool, and codec). Then, we set this handler as the `ExtendVoteHandler` for our application. This means that whenever a vote needs to be extended, our custom `ExtendVoteHandler()` method will be called. + +To test if vote extensions have been propagated, add the following to the `PrepareProposalHandler`: + +```go +if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + +h.logger.Info(fmt.Sprintf(" :: Get vote extensions: %v", voteExt)) +} +``` + +This is how the whole function should look: + +```go expandable +func (h *PrepareProposalHandler) + +PrepareProposalHandler() + +sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + h.logger.Info(fmt.Sprintf(" :: Prepare Proposal")) + +var proposalTxs [][]byte + + var txs []sdk.Tx + + // Get Vote Extensions + if req.Height > 2 { + voteExt := req.GetLocalLastCommit() + +h.logger.Info(fmt.Sprintf(" :: Get vote extensions: %v", voteExt)) +} + itr := h.mempool.Select(context.Background(), nil) + for itr != nil { + tmptx := itr.Tx() + +txs = append(txs, tmptx) + +itr = itr.Next() +} + +h.logger.Info(fmt.Sprintf(" :: Number of Transactions available from mempool: %v", len(txs))) + if h.runProvider { + tmpMsgs, err := h.txProvider.BuildProposal(ctx, txs) + if err != nil { + h.logger.Error(fmt.Sprintf(" :: Error Building Custom Proposal: %v", err)) +} + +txs = tmpMsgs +} + for _, sdkTxs := range txs { + txBytes, err := h.txConfig.TxEncoder()(sdkTxs) + if err != nil { + h.logger.Info(fmt.Sprintf("~Error encoding transaction: %v", err.Error())) +} + +proposalTxs = append(proposalTxs, txBytes) +} + +h.logger.Info(fmt.Sprintf(" :: Number of Transactions in proposal: %v", len(proposalTxs))) + +return &abci.ResponsePrepareProposal{ + Txs: proposalTxs +}, nil +} +} +``` + +As mentioned above, we check if vote extensions have been propagated, you can do this by checking the logs for any relevant messages such as ` :: Get vote extensions:`. If the logs do not provide enough information, you can also reinitialise your local testing environment by running the `./scripts/single_node/setup.sh` script again. + +5. Implement the `ProcessProposalHandler()`. This function is responsible for processing the proposal. It should handle the logic of processing vote extensions, including inspecting the proposal and validating the bids. + +```go expandable +func (h *ProcessProposalHandler) + +ProcessProposalHandler() + +sdk.ProcessProposalHandler { + return func(ctx sdk.Context, req *abci.RequestProcessProposal) (resp *abci.ResponseProcessProposal, err error) { + h.Logger.Info(fmt.Sprintf(" :: Process Proposal")) + + // The first transaction will always be the Special Transaction + numTxs := len(req.Txs) + +h.Logger.Info(fmt.Sprintf(":: Number of transactions :: %v", numTxs)) + if numTxs >= 1 { + var st SpecialTransaction + err = json.Unmarshal(req.Txs[0], &st) + if err != nil { + h.Logger.Error(fmt.Sprintf(":: Error unmarshalling special Tx in Process Proposal :: %v", err)) +} + if len(st.Bids) > 0 { + h.Logger.Info(fmt.Sprintf(":: There are bids in the Special Transaction")) + +var bids []nstypes.MsgBid + for i, b := range st.Bids { + var bid nstypes.MsgBid + h.Codec.Unmarshal(b, &bid) + +h.Logger.Info(fmt.Sprintf(":: Special Transaction Bid No %v :: %v", i, bid)) + +bids = append(bids, bid) +} + // Validate Bids in Tx + txs := req.Txs[1:] + ok, err := ValidateBids(h.TxConfig, bids, txs, h.Logger) + if err != nil { + h.Logger.Error(fmt.Sprintf(":: Error validating bids in Process Proposal :: %v", err)) + +return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_REJECT +}, nil +} + if !ok { + h.Logger.Error(fmt.Sprintf(":: Unable to validate bids in Process Proposal :: %v", err)) + +return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_REJECT +}, nil +} + +h.Logger.Info(":: Successfully validated bids in Process Proposal") +} + +} + +return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_ACCEPT +}, nil +} +} +``` + +6. Implement the `ProcessVoteExtensions()` function. This function should handle the logic of processing vote extensions, including validating the bids. + +```go expandable +func processVoteExtensions(req *abci.RequestPrepareProposal, log log.Logger) (SpecialTransaction, error) { + log.Info(fmt.Sprintf(" :: Process Vote Extensions")) + + // Create empty response + st := SpecialTransaction{ + 0, + [][]byte{ +}, +} + + // Get Vote Ext for H-1 from Req + voteExt := req.GetLocalLastCommit() + votes := voteExt.Votes + + // Iterate through votes + var ve AppVoteExtension + for _, vote := range votes { + // Unmarshal to AppExt + err := json.Unmarshal(vote.VoteExtension, &ve) + if err != nil { + log.Error(fmt.Sprintf(" :: Error unmarshalling Vote Extension")) +} + +st.Height = int(ve.Height) + + // If Bids in VE, append to Special Transaction + if len(ve.Bids) > 0 { + log.Info(" :: Bids in VE") + for _, b := range ve.Bids { + st.Bids = append(st.Bids, b) +} + +} + +} + +return st, nil +} +``` + +7. Configure the `ProcessProposalHandler()` in app/app.go: + +```go +processPropHandler := abci2.ProcessProposalHandler{ + app.txConfig, appCodec, logger +} + +bApp.SetProcessProposal(processPropHandler.ProcessProposalHandler()) +``` + +This sets the `ProcessProposalHandler()` for our application. This means that whenever a proposal needs to be processed, our custom `ProcessProposalHandler()` method will be called. + +To test if the proposal processing and vote extensions are working correctly, you can check the logs for any relevant messages. If the logs do not provide enough information, you can also reinitialize your local testing environment by running `./scripts/single_node/setup.sh` script. diff --git a/docs/sdk/next/tutorials/vote-extensions/auction-frontrunning/understanding-frontrunning.mdx b/docs/sdk/next/tutorials/vote-extensions/auction-frontrunning/understanding-frontrunning.mdx new file mode 100644 index 00000000..67618ad2 --- /dev/null +++ b/docs/sdk/next/tutorials/vote-extensions/auction-frontrunning/understanding-frontrunning.mdx @@ -0,0 +1,47 @@ +--- +title: Understanding Front-Running and more +description: >- + Blockchain technology is vulnerable to practices that can affect the fairness + and security of the network. Two such practices are front-running and Maximal + Extractable Value (MEV), which are important for blockchain participants to + understand. +--- +## Introduction + +Blockchain technology is vulnerable to practices that can affect the fairness and security of the network. Two such practices are front-running and Maximal Extractable Value (MEV), which are important for blockchain participants to understand. + +## What is Front-Running? + +Front-running is when someone, such as a validator, uses their ability to see pending transactions to execute their own transactions first, benefiting from the knowledge of upcoming transactions. In nameservice auctions, a front-runner might place a higher bid before the original bid is confirmed, unfairly winning the auction. + +## Nameservices and Nameservice Auctions + +Nameservices are human-readable identifiers on a blockchain, akin to internet domain names, that correspond to specific addresses or resources. They simplify interactions with typically long and complex blockchain addresses, allowing users to have a memorable and unique identifier for their blockchain address or smart contract. + +Nameservice auctions are the process by which these identifiers are bid on and acquired. To combat front-running—where someone might use knowledge of pending bids to place a higher bid first—mechanisms such as commit-reveal schemes, auction extensions, and fair sequencing are implemented. These strategies ensure a transparent and fair bidding process, reducing the potential for Maximal Extractable Value (MEV) exploitation. + +## What is Maximal Extractable Value (MEV)? + +MEV is the highest value that can be extracted by manipulating the order of transactions within a block, beyond the standard block rewards and fees. This has become more prominent with the growth of decentralised finance (DeFi), where transaction order can greatly affect profits. + +## Implications of MEV + +MEV can lead to: + +* **Network Security**: Potential centralisation, as those with more computational power might dominate the process, increasing the risk of attacks. +* **Market Fairness**: An uneven playing field where only a few can gain at the expense of the majority. +* **User Experience**: Higher fees and network congestion due to the competition for MEV. + +## Mitigating MEV and Front-Running + +Some solutions being developed to mitigate MEV and front-running, including: + +* **Time-delayed Transactions**: Random delays to make transaction timing unpredictable. +* **Private Transaction Pools**: Concealing transactions until they are mined. +* **Fair Sequencing Services**: Processing transactions in the order they are received. + +For this tutorial, we will be exploring the last solution, fair sequencing services, in the context of nameservice auctions. + +## Conclusion + +MEV and front-running are challenges to blockchain integrity and fairness. Ongoing innovation and implementation of mitigation strategies are crucial for the ecosystem's health and success. diff --git a/docs/sdk/next/tutorials/vote-extensions/oracle/getting-started.mdx b/docs/sdk/next/tutorials/vote-extensions/oracle/getting-started.mdx new file mode 100644 index 00000000..c918e8f9 --- /dev/null +++ b/docs/sdk/next/tutorials/vote-extensions/oracle/getting-started.mdx @@ -0,0 +1,38 @@ +--- +title: Getting Started +description: What is an Oracle? Implementing Vote Extensions Testing the Oracle Module +--- +## Table of Contents + +* [What is an Oracle?](/docs/sdk/vnext/tutorials/vote-extensions/oracle/what-is-an-oracle) +* [Implementing Vote Extensions](/docs/sdk/vnext/tutorials/vote-extensions/oracle/implementing-vote-extensions) +* [Testing the Oracle Module](/docs/sdk/vnext/tutorials/vote-extensions/oracle/testing-oracle) + +## Prerequisites + +Before you start with this tutorial, make sure you have: + +* A working chain project. This tutorial won't cover the steps of creating a new chain/module. +* Familiarity with the Cosmos SDK. If you're not, we suggest you start with [Cosmos SDK Tutorials](https://tutorials.cosmos.network), as ABCI++ is considered an advanced topic. +* Read and understood [What is an Oracle?](/docs/sdk/vnext/tutorials/vote-extensions/oracle/what-is-an-oracle). This provides necessary background information for understanding the Oracle module. +* Basic understanding of Go programming language. + +## What are Vote extensions? + +Vote extensions is arbitrary information which can be inserted into a block. This feature is part of ABCI 2.0, which is available for use in the SDK 0.50 release and part of the 0.38 CometBFT release. + +More information about vote extensions can be seen [here](https://docs.cosmos.network/main/build/abci/vote-extensions). + +## Overview of the project + +We’ll go through the creation of a simple price oracle module focusing on the vote extensions implementation, ignoring the details inside the price oracle itself. + +We’ll go through the implementation of: + +* `ExtendVote` to get information from external price APIs. +* `VerifyVoteExtension` to check that the format of the provided votes is correct. +* `PrepareProposal` to process the vote extensions from the previous block and include them into the proposal as a transaction. +* `ProcessProposal` to check that the first transaction in the proposal is actually a “special tx” that contains the price information. +* `PreBlocker` to make price information available during FinalizeBlock. + +If you would like to see the complete working oracle module please see [here](https://github.com/cosmos/sdk-tutorials/blob/master/tutorials/oracle/base/x/oracle) diff --git a/docs/sdk/next/tutorials/vote-extensions/oracle/implementing-vote-extensions.mdx b/docs/sdk/next/tutorials/vote-extensions/oracle/implementing-vote-extensions.mdx new file mode 100644 index 00000000..78986d10 --- /dev/null +++ b/docs/sdk/next/tutorials/vote-extensions/oracle/implementing-vote-extensions.mdx @@ -0,0 +1,253 @@ +--- +title: Implementing Vote Extensions +description: >- + First we’ll create the OracleVoteExtension struct, this is the object that + will be marshaled as bytes and signed by the validator. +--- +## Implement ExtendVote + +First we’ll create the `OracleVoteExtension` struct, this is the object that will be marshaled as bytes and signed by the validator. + +In our example we’ll use JSON to marshal the vote extension for simplicity but we recommend to find an encoding that produces a smaller output, given that large vote extensions could impact CometBFT’s performance. Custom encodings and compressed bytes can be used out of the box. + +```go +// OracleVoteExtension defines the canonical vote extension structure. +type OracleVoteExtension struct { + Height int64 + Prices map[string]math.LegacyDec +} +``` + +Then we’ll create a `VoteExtensionsHandler` struct that contains everything we need to query for prices. + +```go +type VoteExtHandler struct { + logger log.Logger + currentBlock int64 // current block height + lastPriceSyncTS time.Time // last time we synced prices + providerTimeout time.Duration // timeout for fetching prices from providers + providers map[string]Provider // mapping of provider name to provider (e.g. Binance -> BinanceProvider) + +providerPairs map[string][]keeper.CurrencyPair // mapping of provider name to supported pairs (e.g. Binance -> [ATOM/USD]) + +Keeper keeper.Keeper // keeper of our oracle module +} +``` + +Finally, a function that returns `sdk.ExtendVoteHandler` is needed too, and this is where our vote extension logic will live. + +```go expandable +func (h *VoteExtHandler) + +ExtendVoteHandler() + +sdk.ExtendVoteHandler { + return func(ctx sdk.Context, req *abci.RequestExtendVote) (*abci.ResponseExtendVote, error) { + // here we'd have a helper function that gets all the prices and does a weighted average using the volume of each market + prices := h.getAllVolumeWeightedPrices() + voteExt := OracleVoteExtension{ + Height: req.Height, + Prices: prices, +} + +bz, err := json.Marshal(voteExt) + if err != nil { + return nil, fmt.Errorf("failed to marshal vote extension: %w", err) +} + +return &abci.ResponseExtendVote{ + VoteExtension: bz +}, nil +} +} +``` + +As you can see above, the creation of a vote extension is pretty simple and we just have to return bytes. CometBFT will handle the signing of these bytes for us. We ignored the process of getting the prices but you can see a more complete example [here:](https://github.com/cosmos/sdk-tutorials/blob/master/tutorials/oracle/base/x/oracle/abci/vote_extensions.go) + +Here we’ll do some simple checks like: + +* Is the vote extension unmarshaled correctly? +* Is the vote extension for the right height? +* Some other validation, for example, are the prices from this extension too deviated from my own prices? Or maybe checks that can detect malicious behavior. + +```go expandable +func (h *VoteExtHandler) + +VerifyVoteExtensionHandler() + +sdk.VerifyVoteExtensionHandler { + return func(ctx sdk.Context, req *abci.RequestVerifyVoteExtension) (*abci.ResponseVerifyVoteExtension, error) { + var voteExt OracleVoteExtension + err := json.Unmarshal(req.VoteExtension, &voteExt) + if err != nil { + return nil, fmt.Errorf("failed to unmarshal vote extension: %w", err) +} + if voteExt.Height != req.Height { + return nil, fmt.Errorf("vote extension height does not match request height; expected: %d, got: %d", req.Height, voteExt.Height) +} + + // Verify incoming prices from a validator are valid. Note, verification during + // VerifyVoteExtensionHandler MUST be deterministic. For brevity and demo + // purposes, we omit implementation. + if err := h.verifyOraclePrices(ctx, voteExt.Prices); err != nil { + return nil, fmt.Errorf("failed to verify oracle prices from validator %X: %w", req.ValidatorAddress, err) +} + +return &abci.ResponseVerifyVoteExtension{ + Status: abci.ResponseVerifyVoteExtension_ACCEPT +}, nil +} +} +``` + +## Implement PrepareProposal + +```go +type ProposalHandler struct { + logger log.Logger + keeper keeper.Keeper // our oracle module keeper + valStore baseapp.ValidatorStore // to get the current validators' pubkeys +} +``` + +And we create the struct for our “special tx”, that will contain the prices and the votes so validators can later re-check in ProcessPRoposal that they get the same result than the block’s proposer. With this we could also check if all the votes have been used by comparing the votes received in ProcessProposal. + +```go +type StakeWeightedPrices struct { + StakeWeightedPrices map[string]math.LegacyDec + ExtendedCommitInfo abci.ExtendedCommitInfo +} +``` + +Now we create the `PrepareProposalHandler`. In this step we’ll first check if the vote extensions’ signatures are correct using a helper function called ValidateVoteExtensions from the baseapp package. + +```go +func (h *ProposalHandler) + +PrepareProposal() + +sdk.PrepareProposalHandler { + return func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) { + err := baseapp.ValidateVoteExtensions(ctx, h.valStore, req.Height, ctx.ChainID(), req.LocalLastCommit) + if err != nil { + return nil, err +} +... +``` + +Then we proceed to make the calculations only if the current height if higher than the height at which vote extensions have been enabled. Remember that vote extensions are made available to the block proposer on the next block at which they are produced/enabled. + +```go expandable +... + proposalTxs := req.Txs + if req.Height > ctx.ConsensusParams().Abci.VoteExtensionsEnableHeight { + stakeWeightedPrices, err := h.computeStakeWeightedOraclePrices(ctx, req.LocalLastCommit) + if err != nil { + return nil, errors.New("failed to compute stake-weighted oracle prices") +} + injectedVoteExtTx := StakeWeightedPrices{ + StakeWeightedPrices: stakeWeightedPrices, + ExtendedCommitInfo: req.LocalLastCommit, +} +... +``` + +Finally we inject the result as a transaction at a specific location, usually at the beginning of the block: + +## Implement ProcessProposal + +Now we can implement the method that all validators will execute to ensure the proposer is doing his work correctly. + +Here, if vote extensions are enabled, we’ll check if the tx at index 0 is an injected vote extension + +```go +func (h *ProposalHandler) + +ProcessProposal() + +sdk.ProcessProposalHandler { + return func(ctx sdk.Context, req *abci.RequestProcessProposal) (*abci.ResponseProcessProposal, error) { + if req.Height > ctx.ConsensusParams().Abci.VoteExtensionsEnableHeight { + var injectedVoteExtTx StakeWeightedPrices + if err := json.Unmarshal(req.Txs[0], &injectedVoteExtTx); err != nil { + h.logger.Error("failed to decode injected vote extension tx", "err", err) + +return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_REJECT +}, nil +} +... +``` + +Then we re-validate the vote extensions signatures using +baseapp.ValidateVoteExtensions, re-calculate the results (just like in PrepareProposal) and compare them with the results we got from the injected tx. + +```go expandable +err := baseapp.ValidateVoteExtensions(ctx, h.valStore, req.Height, ctx.ChainID(), injectedVoteExtTx.ExtendedCommitInfo) + if err != nil { + return nil, err +} + + // Verify the proposer's stake-weighted oracle prices by computing the same + // calculation and comparing the results. We omit verification for brevity + // and demo purposes. + stakeWeightedPrices, err := h.computeStakeWeightedOraclePrices(ctx, injectedVoteExtTx.ExtendedCommitInfo) + if err != nil { + return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_REJECT +}, nil +} + if err := compareOraclePrices(injectedVoteExtTx.StakeWeightedPrices, stakeWeightedPrices); err != nil { + return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_REJECT +}, nil +} + +} + +return &abci.ResponseProcessProposal{ + Status: abci.ResponseProcessProposal_ACCEPT +}, nil +} +} +``` + +Important: In this example we avoided using the mempool and other basics, please refer to the DefaultProposalHandler for a complete implementation: [Link](https://github.com/cosmos/cosmos-sdk/blob/v0.50.1/baseapp/abci_utils.go) + +## Implement PreBlocker + +Now validators are extending their vote, verifying other votes and including the result in the block. But how do we actually make use of this result? This is done in the PreBlocker which is code that is run before any other code during FinalizeBlock so we make sure we make this information available to the chain and its modules during the entire block execution (from BeginBlock). + +At this step we know that the injected tx is well-formatted and has been verified by the validators participating in consensus, so making use of it is straightforward. Just check if vote extensions are enabled, pick up the first transaction and use a method in your module’s keeper to set the result. + +```go expandable +func (h *ProposalHandler) + +PreBlocker(ctx sdk.Context, req *abci.RequestFinalizeBlock) (*sdk.ResponsePreBlock, error) { + res := &sdk.ResponsePreBlock{ +} + if len(req.Txs) == 0 { + return res, nil +} + if req.Height > ctx.ConsensusParams().Abci.VoteExtensionsEnableHeight { + var injectedVoteExtTx StakeWeightedPrices + if err := json.Unmarshal(req.Txs[0], &injectedVoteExtTx); err != nil { + h.logger.Error("failed to decode injected vote extension tx", "err", err) + +return nil, err +} + + // set oracle prices using the passed in context, which will make these prices available in the current block + if err := h.keeper.SetOraclePrices(ctx, injectedVoteExtTx.StakeWeightedPrices); err != nil { + return nil, err +} + +} + +return res, nil +} +``` + +## Conclusion + +In this tutorial, we've created a simple price oracle module that incorporates vote extensions. We've seen how to implement `ExtendVote`, `VerifyVoteExtension`, `PrepareProposal`, `ProcessProposal`, and `PreBlocker` to handle the voting and verification process of vote extensions, as well as how to make use of the results during the block execution. diff --git a/docs/sdk/next/tutorials/vote-extensions/oracle/testing-oracle.mdx b/docs/sdk/next/tutorials/vote-extensions/oracle/testing-oracle.mdx new file mode 100644 index 00000000..e143a577 --- /dev/null +++ b/docs/sdk/next/tutorials/vote-extensions/oracle/testing-oracle.mdx @@ -0,0 +1,63 @@ +--- +title: Testing the Oracle Module +description: >- + We will guide you through the process of testing the Oracle module in your + application. The Oracle module uses vote extensions to provide current price + data. If you would like to see the complete working oracle module please see + here. +--- +We will guide you through the process of testing the Oracle module in your application. The Oracle module uses vote extensions to provide current price data. If you would like to see the complete working oracle module please see [here](https://github.com/cosmos/sdk-tutorials/blob/master/tutorials/oracle/base/x/oracle). + +## Step 1: Compile and Install the Application + +First, we need to compile and install the application. Please ensure you are in the `tutorials/oracle/base` directory. Run the following command in your terminal: + +```shell +make install +``` + +This command compiles the application and moves the resulting binary to a location in your system's PATH. + +## Step 2: Initialise the Application + +Next, we need to initialise the application. Run the following command in your terminal: + +```shell +make init +``` + +This command runs the script `tutorials/oracle/base/scripts/init.sh`, which sets up the necessary configuration for your application to run. This includes creating the `app.toml` configuration file and initialising the blockchain with a genesis block. + +## Step 3: Start the Application + +Now, we can start the application. Run the following command in your terminal: + +```shell +exampled start +``` + +This command starts your application, begins the blockchain node, and starts processing transactions. + +## Step 4: Query the Oracle Prices + +Finally, we can query the current prices from the Oracle module. Run the following command in your terminal: + +```shell +exampled q oracle prices +``` + +This command queries the current prices from the Oracle module. The expected output shows that the vote extensions were successfully included in the block and the Oracle module was able to retrieve the price data. + +## Understanding Vote Extensions in Oracle + +In the Oracle module, the `ExtendVoteHandler` function is responsible for creating the vote extensions. This function fetches the current prices from the provider, creates a `OracleVoteExtension` struct with these prices, and then marshals this struct into bytes. These bytes are then set as the vote extension. + +In the context of testing, the Oracle module uses a mock provider to simulate the behavior of a real price provider. This mock provider is defined in the mockprovider package and is used to return predefined prices for specific currency pairs. + +## Conclusion + +In this tutorial, we've delved into the concept of Oracle's in blockchain technology, focusing on their role in providing external data to a blockchain network. We've explored vote extensions, a powerful feature of ABCI++, and integrated them into a Cosmos SDK application to create a price oracle module. + +Through hands-on exercises, you've implemented vote extensions, and tested their effectiveness in providing timely and accurate asset price information. You've gained practical insights by setting up a mock provider for testing and analysing the process of extending votes, verifying vote extensions, and preparing and processing proposals. + +Keep experimenting with these concepts, engage with the community, and stay updated on new advancements. The knowledge you've acquired here is crucial for developing robust and reliable blockchain applications that can interact with real-world data. diff --git a/docs/sdk/next/tutorials/vote-extensions/oracle/what-is-an-oracle.mdx b/docs/sdk/next/tutorials/vote-extensions/oracle/what-is-an-oracle.mdx new file mode 100644 index 00000000..492bc8c3 --- /dev/null +++ b/docs/sdk/next/tutorials/vote-extensions/oracle/what-is-an-oracle.mdx @@ -0,0 +1,14 @@ +--- +title: What is an Oracle? +--- +An oracle in blockchain technology is a system that provides external data to a blockchain network. It acts as a source of information that is not natively accessible within the blockchain's closed environment. This can range from financial market prices to real-world event, making it crucial for decentralised applications. + +## Oracle in the Cosmos SDK + +In the Cosmos SDK, an oracle module can be implemented to provide external data to the blockchain. This module can use features like vote extensions to submit additional data during the consensus process, which can then be used by the blockchain to update its state with information from the outside world. + +For instance, a price oracle module in the Cosmos SDK could supply timely and accurate asset price information, which is vital for various financial operations within the blockchain ecosystem. + +## Conclusion + +Oracles are essential for blockchains to interact with external data, enabling them to respond to real-world information and events. Their implementation is key to the reliability and robustness of blockchain networks. diff --git a/docs/sdk/next/user/run-node/interact-node.mdx b/docs/sdk/next/user/run-node/interact-node.mdx new file mode 100644 index 00000000..8be06b28 --- /dev/null +++ b/docs/sdk/next/user/run-node/interact-node.mdx @@ -0,0 +1,298 @@ +--- +title: Interacting with the Node +--- + +**Synopsis** +There are multiple ways to interact with a node: using the CLI, using gRPC or using the REST endpoints. + + + +**Pre-requisite Readings** + +* [gRPC, REST and CometBFT Endpoints](/docs/sdk/vnext/learn/advanced/grpc_rest) +* [Running a Node](/docs/sdk/vnext/user/run-node/run-node) + + + +## Using the CLI + +Now that your chain is running, it is time to try sending tokens from the first account you created to a second account. In a new terminal window, start by running the following query command: + +```bash +simd query bank balances $MY_VALIDATOR_ADDRESS +``` + +You should see the current balance of the account you created, equal to the original balance of `stake` you granted it minus the amount you delegated via the `gentx`. Now, create a second account: + +```bash +simd keys add recipient --keyring-backend test + +# Put the generated address in a variable for later use. +RECIPIENT=$(simd keys show recipient -a --keyring-backend test) +``` + +The command above creates a local key-pair that is not yet registered on the chain. An account is created the first time it receives tokens from another account. Now, run the following command to send tokens to the `recipient` account: + +```bash +simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000000stake --chain-id my-test-chain --keyring-backend test + +# Check that the recipient account did receive the tokens. +simd query bank balances $RECIPIENT +``` + +Finally, delegate some of the stake tokens sent to the `recipient` account to the validator: + +```bash +simd tx staking delegate $(simd keys show my_validator --bech val -a --keyring-backend test) 500stake --from recipient --chain-id my-test-chain --keyring-backend test + +# Query the total delegations to `validator`. +simd query staking delegations-to $(simd keys show my_validator --bech val -a --keyring-backend test) +``` + +You should see two delegations, the first one made from the `gentx`, and the second one you just performed from the `recipient` account. + +## Using gRPC + +The Protobuf ecosystem developed tools for different use cases, including code-generation from `*.proto` files into various languages. These tools allow the building of clients easily. Often, the client connection (i.e. the transport) can be plugged and replaced very easily. Let's explore one of the most popular transports: [gRPC](/docs/sdk/vnext/learn/advanced/grpc_rest). + +Since the code generation library largely depends on your own tech stack, we will only present three alternatives: + +* `grpcurl` for generic debugging and testing, +* programmatically via Go, +* CosmJS for JavaScript/TypeScript developers. + +### grpcurl + +[grpcurl](https://github.com/fullstorydev/grpcurl) is like `curl` but for gRPC. It is also available as a Go library, but we will use it only as a CLI command for debugging and testing purposes. Follow the instructions in the previous link to install it. + +Assuming you have a local node running (either a localnet, or connected to a live network), you should be able to run the following command to list the Protobuf services available (you can replace `localhost:9000` by the gRPC server endpoint of another node, which is configured under the `grpc.address` field inside [`app.toml`](/docs/sdk/vnext/user/run-node/run-node#configuring-the-node-using-apptoml-and-configtoml)): + +```bash +grpcurl -plaintext localhost:9090 list +``` + +You should see a list of gRPC services, like `cosmos.bank.v1beta1.Query`. This is called reflection, which is a Protobuf endpoint returning a description of all available endpoints. Each of these represents a different Protobuf service, and each service exposes multiple RPC methods you can query against. + +In order to get a description of the service you can run the following command: + +```bash +grpcurl -plaintext \ + localhost:9090 \ + describe cosmos.bank.v1beta1.Query # Service we want to inspect +``` + +It's also possible to execute an RPC call to query the node for information: + +```bash +grpcurl \ + -plaintext \ + -d "{\"address\":\"$MY_VALIDATOR_ADDRESS\"}" \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/AllBalances +``` + +The list of all available gRPC query endpoints is [coming soon](https://github.com/cosmos/cosmos-sdk/issues/7786). + +#### Query for historical state using grpcurl + +You may also query for historical data by passing some [gRPC metadata](https://github.com/grpc/grpc-go/blob/master/Documentation/grpc-metadata.md) to the query: the `x-cosmos-block-height` metadata should contain the block to query. Using grpcurl as above, the command looks like: + +```bash +grpcurl \ + -plaintext \ + -H "x-cosmos-block-height: 123" \ + -d "{\"address\":\"$MY_VALIDATOR_ADDRESS\"}" \ + localhost:9090 \ + cosmos.bank.v1beta1.Query/AllBalances +``` + +Assuming the state at that block has not yet been pruned by the node, this query should return a non-empty response. + +### Programmatically via Go + +The following snippet shows how to query the state using gRPC inside a Go program. The idea is to create a gRPC connection, and use the Protobuf-generated client code to query the gRPC server. + +#### Install Cosmos SDK + +```bash +go get github.com/cosmos/cosmos-sdk@main +``` + +```go expandable +package main + +import ( + + "context" + "fmt" + "google.golang.org/grpc" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" +) + +func queryState() + +error { + myAddress, err := sdk.AccAddressFromBech32("cosmos1...") // the my_validator or recipient address. + if err != nil { + return err +} + + // Create a connection to the gRPC server. + grpcConn, err := grpc.Dial( + "127.0.0.1:9090", // your gRPC server address. + grpc.WithInsecure(), // The Cosmos SDK doesn't support any transport security mechanism. + // This instantiates a general gRPC codec which handles proto bytes. We pass in a nil interface registry + // if the request/response types contain interface instead of 'nil' you should pass the application specific codec. + grpc.WithDefaultCallOptions(grpc.ForceCodec(codec.NewProtoCodec(nil).GRPCCodec())), + ) + if err != nil { + return err +} + +defer grpcConn.Close() + + // This creates a gRPC client to query the x/bank service. + bankClient := banktypes.NewQueryClient(grpcConn) + +bankRes, err := bankClient.Balance( + context.Background(), + &banktypes.QueryBalanceRequest{ + Address: myAddress.String(), + Denom: "stake" +}, + ) + if err != nil { + return err +} + +fmt.Println(bankRes.GetBalance()) // Prints the account balance + + return nil +} + +func main() { + if err := queryState(); err != nil { + panic(err) +} +} +``` + +You can replace the query client (here we are using `x/bank`'s) with one generated from any other Protobuf service. The list of all available gRPC query endpoints is [coming soon](https://github.com/cosmos/cosmos-sdk/issues/7786). + +#### Query for historical state using Go + +Querying for historical blocks is done by adding the block height metadata in the gRPC request. + +```go expandable +package main + +import ( + + "context" + "fmt" + "google.golang.org/grpc" + "google.golang.org/grpc/metadata" + "github.com/cosmos/cosmos-sdk/codec" + sdk "github.com/cosmos/cosmos-sdk/types" + grpctypes "github.com/cosmos/cosmos-sdk/types/grpc" + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" +) + +func queryState() + +error { + myAddress, err := sdk.AccAddressFromBech32("cosmos1yerherx4d43gj5wa3zl5vflj9d4pln42n7kuzu") // the my_validator or recipient address. + if err != nil { + return err +} + + // Create a connection to the gRPC server. + grpcConn, err := grpc.Dial( + "127.0.0.1:9090", // your gRPC server address. + grpc.WithInsecure(), // The Cosmos SDK doesn't support any transport security mechanism. + // This instantiates a general gRPC codec which handles proto bytes. We pass in a nil interface registry + // if the request/response types contain interface instead of 'nil' you should pass the application specific codec. + grpc.WithDefaultCallOptions(grpc.ForceCodec(codec.NewProtoCodec(nil).GRPCCodec())), + ) + if err != nil { + return err +} + +defer grpcConn.Close() + + // This creates a gRPC client to query the x/bank service. + bankClient := banktypes.NewQueryClient(grpcConn) + +var header metadata.MD + _, err = bankClient.Balance( + metadata.AppendToOutgoingContext(context.Background(), grpctypes.GRPCBlockHeightHeader, "12"), // Add metadata to request + &banktypes.QueryBalanceRequest{ + Address: myAddress.String(), + Denom: "stake" +}, + grpc.Header(&header), // Retrieve header from response + ) + if err != nil { + return err +} + blockHeight := header.Get(grpctypes.GRPCBlockHeightHeader) + +fmt.Println(blockHeight) // Prints the block height (12) + +return nil +} + +func main() { + if err := queryState(); err != nil { + panic(err) +} +} +``` + +### CosmJS + +CosmJS documentation can be found at [Link](https://cosmos.github.io/cosmjs). As of January 2021, CosmJS documentation is still a work in progress. + +## Using the REST Endpoints + +As described in the [gRPC guide](/docs/sdk/vnext/learn/advanced/grpc_rest), all gRPC services on the Cosmos SDK are made available for more convenient REST-based queries through gRPC-gateway. The format of the URL path is based on the Protobuf service method's full-qualified name, but may contain small customizations so that final URLs look more idiomatic. For example, the REST endpoint for the `cosmos.bank.v1beta1.Query/AllBalances` method is `GET /cosmos/bank/v1beta1/balances/{address}`. Request arguments are passed as query parameters. + +Note that the REST endpoints are not enabled by default. To enable them, edit the `api` section of your `~/.simapp/config/app.toml` file: + +```toml +# Enable defines if the API server should be enabled. +enable = true +``` + +As a concrete example, the `curl` command to make balances request is: + +```bash +curl \ + -X GET \ + -H "Content-Type: application/json" \ + http://localhost:1317/cosmos/bank/v1beta1/balances/$MY_VALIDATOR_ADDRESS +``` + +Make sure to replace `localhost:1317` with the REST endpoint of your node, configured under the `api.address` field. + +The list of all available REST endpoints is available as a Swagger specification file, it can be viewed at `localhost:1317/swagger`. Make sure that the `api.swagger` field is set to true in your [`app.toml`](/docs/sdk/vnext/user/run-node/run-node#configuring-the-node-using-apptoml-and-configtoml) file. + +### Query for historical state using REST + +Querying for historical state is done using the HTTP header `x-cosmos-block-height`. For example, a curl command would look like: + +```bash +curl \ + -X GET \ + -H "Content-Type: application/json" \ + -H "x-cosmos-block-height: 123" \ + http://localhost:1317/cosmos/bank/v1beta1/balances/$MY_VALIDATOR_ADDRESS +``` + +Assuming the state at that block has not yet been pruned by the node, this query should return a non-empty response. + +### Cross-Origin Resource Sharing (CORS) + +[CORS policies](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) are not enabled by default to help with security. If you would like to use the rest-server in a public environment we recommend you provide a reverse proxy, this can be done with [nginx](https://www.nginx.com/). For testing and development purposes there is an `enabled-unsafe-cors` field inside [`app.toml`](/docs/sdk/vnext/user/run-node/run-node#configuring-the-node-using-apptoml-and-configtoml). diff --git a/docs/sdk/next/user/run-node/keyring.mdx b/docs/sdk/next/user/run-node/keyring.mdx new file mode 100644 index 00000000..2e8cc647 --- /dev/null +++ b/docs/sdk/next/user/run-node/keyring.mdx @@ -0,0 +1,143 @@ +--- +title: Setting up the keyring +--- + +**Synopsis** +This document describes how to configure and use the keyring and its various backends for an [**application**](/docs/sdk/vnext/learn/beginner/app-anatomy). + + +The keyring holds the private/public key pairs used to interact with a node. For instance, a validator key needs to be set up before running the blockchain node, so that blocks can be correctly signed. The private key can be stored in different locations, called "backends," such as a file or the operating system's own key storage. + +## Available backends for the keyring + +Starting with the v0.38.0 release, Cosmos SDK comes with a new keyring implementation +that provides a set of commands to manage cryptographic keys in a secure fashion. The +new keyring supports multiple storage backends, some of which may not be available on +all operating systems. + +### The `os` backend + +The `os` backend relies on operating system-specific defaults to handle key storage +securely. Typically, an operating system's credential subsystem handles password prompts, +private keys storage, and user sessions according to the user's password policies. Here +is a list of the most popular operating systems and their respective password managers: + +* macOS: [Keychain](https://support.apple.com/en-gb/guide/keychain-access/welcome/mac) +* Windows: [Credentials Management API](https://docs.microsoft.com/en-us/windows/win32/secauthn/credentials-management) +* GNU/Linux: + * [libsecret](https://gitlab.gnome.org/GNOME/libsecret) + * [kwallet](https://api.kde.org/frameworks/kwallet/html/index.html) + * [keyctl](https://www.kernel.org/doc/html/latest/security/keys/core.html) + +GNU/Linux distributions that use GNOME as the default desktop environment typically come with +[Seahorse](https://wiki.gnome.org/Apps/Seahorse). Users of KDE based distributions are +commonly provided with [KDE Wallet Manager](https://userbase.kde.org/KDE_Wallet_Manager). +Whilst the former is in fact a `libsecret` convenient frontend, the latter is a `kwallet` +client. `keyctl` is a secure backend that leverages the Linux kernel security key management system +to store cryptographic keys securely in memory. + +`os` is the default option since operating system's default credentials managers are +designed to meet users' most common needs and provide them with a comfortable +experience without compromising on security. + +The recommended backends for headless environments are `file` and `pass`. + +### The `file` backend + +The `file` backend more closely resembles the keybase implementation used prior to +v0.38.1. It stores the keyring encrypted within the app's configuration directory. This +keyring will request a password each time it is accessed, which may occur multiple +times in a single command resulting in repeated password prompts. If using bash scripts +to execute commands using the `file` option you may want to utilize the following format +for multiple prompts: + +```shell +# assuming that KEYPASSWD is set in the environment +$ gaiacli config keyring-backend file # use file backend +$ (echo $KEYPASSWD; echo $KEYPASSWD) | gaiacli keys add me # multiple prompts +$ echo $KEYPASSWD | gaiacli keys show me # single prompt +``` + + +The first time you add a key to an empty keyring, you will be prompted to type the password twice. + + +### The `pass` backend + +The `pass` backend uses the [pass](https://www.passwordstore.org/) utility to manage on-disk +encryption of keys' sensitive data and metadata. Keys are stored inside `gpg` encrypted files +within app-specific directories. `pass` is available for the most popular UNIX +operating systems as well as GNU/Linux distributions. Please refer to its manual page for +information on how to download and install it. + + +**pass** uses [GnuPG](https://gnupg.org/) for encryption. `gpg` automatically invokes the `gpg-agent` +daemon upon execution, which handles the caching of GnuPG credentials. Please refer to `gpg-agent` +man page for more information on how to configure cache parameters such as credentials TTL and +passphrase expiration. + + +The password store must be set up prior to first use: + +```shell +pass init +``` + +Replace `` with your GPG key ID. You can use your personal GPG key or an alternative +one you may want to use specifically to encrypt the password store. + +### The `kwallet` backend + +The `kwallet` backend uses `KDE Wallet Manager`, which comes installed by default on the +GNU/Linux distributions that ship KDE as the default desktop environment. Please refer to +[KWallet API documentation](https://api.kde.org/frameworks/kwallet/html/index.html) for more +information. + +### The `keyctl` backend + +The *Kernel Key Retention Service* is a security facility that +has been added to the Linux kernel relatively recently. It allows sensitive +cryptographic data such as passwords, private key, authentication tokens, etc +to be stored securely in memory. + +The `keyctl` backend is available on Linux platforms only. + +### The `test` backend + +The `test` backend is a password-less variation of the `file` backend. Keys are stored +unencrypted on disk. + +**Provided for testing purposes only. The `test` backend is not recommended for use in production environments**. + +### The `memory` backend + +The `memory` backend stores keys in memory. The keys are immediately deleted after the program has exited. + +**Provided for testing purposes only. The `memory` backend is not recommended for use in production environments**. + +### Setting backend using an env variable + +You can set the keyring-backend using env variable: `BINNAME_KEYRING_BACKEND`. For example, if your binary name is `gaia-v5` then set: `export GAIA_V5_KEYRING_BACKEND=pass` + +## Adding keys to the keyring + + +Make sure you can build your own binary, and replace `simd` with the name of your binary in the snippets. + + +Applications developed using the Cosmos SDK come with the `keys` subcommand. For the purpose of this tutorial, we're running the `simd` CLI, which is an application built using the Cosmos SDK for testing and educational purposes. For more information, see [`simapp`](https://github.com/cosmos/cosmos-sdk/tree/main/simapp). + +You can use `simd keys` for help about the keys command and `simd keys [command] --help` for more information about a particular subcommand. + +To create a new key in the keyring, run the `add` subcommand with a `` argument. For the purpose of this tutorial, we will solely use the `test` backend, and call our new key `my_validator`. This key will be used in the next section. + +```bash +$ simd keys add my_validator --keyring-backend test + +# Put the generated address in a variable for later use. +MY_VALIDATOR_ADDRESS=$(simd keys show my_validator -a --keyring-backend test) +``` + +This command generates a new 24-word mnemonic phrase, persists it to the relevant backend, and outputs information about the keypair. If this keypair will be used to hold value-bearing tokens, be sure to write down the mnemonic phrase somewhere safe! + +By default, the keyring generates a `secp256k1` keypair. The keyring also supports `ed25519` keys, which may be created by passing the `--algo ed25519` flag. A keyring can of course hold both types of keys simultaneously, and the Cosmos SDK's `x/auth` module supports natively these two public key algorithms. diff --git a/docs/sdk/next/user/run-node/rosetta.mdx b/docs/sdk/next/user/run-node/rosetta.mdx new file mode 100644 index 00000000..c7267537 --- /dev/null +++ b/docs/sdk/next/user/run-node/rosetta.mdx @@ -0,0 +1,154 @@ +--- +title: Rosetta +description: >- + The rosetta project implements Coinbase's Rosetta API. This document provides + instructions on how to use the Rosetta API integration. For information about + the motivation and design choices, refer to ADR 035. +--- +The `rosetta` project implements Coinbase's [Rosetta API](https://www.rosetta-api.org). This document provides instructions on how to use the Rosetta API integration. For information about the motivation and design choices, refer to [ADR 035](https://docs.cosmos.network/main/architecture/adr-035-rosetta-api-support). + +## Installing Rosetta + +The Rosetta API server is a stand-alone server that connects to a node of a chain developed with Cosmos SDK. + +Rosetta can be added to any cosmos chain node. standalone or natively. + +### Standalone + +Rosetta can be executed as a standalone service, it connects to the node endpoints and expose the required endpoints. + +Install Rosetta standalone server with the following command: + +```bash +go install github.com/cosmos/rosetta +``` + +Alternatively, for building from source, simply run `make build`. The binary will be located in the root folder. + +### Native - As a node command + +To enable Native Rosetta API support, it's required to add the `RosettaCommand` to your application's root command file (e.g. `simd/cmd/root.go`). + +Import the `rosettaCmd` package: + +```go +import "github.com/cosmos/rosetta/cmd" +``` + +Find the following line: + +```go +initRootCmd(rootCmd, encodingConfig) +``` + +After that line, add the following: + +```go +rootCmd.AddCommand( + rosettaCmd.RosettaCommand(encodingConfig.InterfaceRegistry, encodingConfig.Codec) +) +``` + +The `RosettaCommand` function builds the `rosetta` root command and is defined in the `rosettaCmd` package (`github.com/cosmos/rosetta/cmd`). + +Since we’ve updated the Cosmos SDK to work with the Rosetta API, updating the application's root command file is all you need to do. + +An implementation example can be found in `simapp` package. + +## Use Rosetta Command + +To run Rosetta in your application CLI, use the following command: + +> **Note:** if using the native approach, add your node name before any rosetta command. + +```shell +rosetta --help +``` + +To test and run Rosetta API endpoints for applications that are running and exposed, use the following command: + +```shell +rosetta + --blockchain "your application name (ex: gaia)" + --network "your chain identifier (ex: testnet-1)" + --tendermint "tendermint endpoint (ex: localhost:26657)" + --grpc "gRPC endpoint (ex: localhost:9090)" + --addr "rosetta binding address (ex: :8080)" + --grpc-types-server (optional) "gRPC endpoint for message descriptor types" +``` + +## Plugins - Multi chain connections + +Rosetta will try to reflect the node types trough reflection over the node gRPC endpoints, there may be cases were this approach is not enough. It is possible to extend or implement the required types easily through plugins. + +To use Rosetta over any chain, it is required to set up prefixes and registering zone specific interfaces through plugins. + +Each plugin is a minimalist implementation of `InitZone` and `RegisterInterfaces` which allow Rosetta to parse chain specific data. There is an example for cosmos-hub chain under `plugins/cosmos-hun/` folder + +* **InitZone**: An empty method that is executed first and defines prefixes, parameters and other settings. +* **RegisterInterfaces**: This method receives an interface registry which is were the zone specific types and interfaces will be loaded + +In order to add a new plugin: + +1. Create a folder over `plugins` folder with the name of the desired zone +2. Add a `main.go` file with the mentioned methods above. +3. Build the code binary through `go build -buildmode=plugin -o main.so main.go` + +The plugin folder is selected through the cli `--plugin` flag and loaded into the Rosetta server. + +## Extensions + +There are two ways in which you can customize and extend the implementation with your custom settings. + +### Message extension + +In order to make an `sdk.Msg` understandable by rosetta the only thing which is required is adding the methods to your messages that satisfy the `rosetta.Msg` interface. Examples on how to do so can be found in the staking types such as `MsgDelegate`, or in bank types such as `MsgSend`. + +### Client interface override + +In case more customization is required, it's possible to embed the Client type and override the methods which require customizations. + +Example: + +```go expandable +package custom_client +import ( + + +"context" + "github.com/coinbase/rosetta-sdk-go/types" + "github.com/cosmos/rosetta/lib" +) + +// CustomClient embeds the standard cosmos client +// which means that it implements the cosmos-rosetta-gateway Client +// interface while at the same time allowing to customize certain methods +type CustomClient struct { + *rosetta.Client +} + +func (c *CustomClient) + +ConstructionPayload(_ context.Context, request *types.ConstructionPayloadsRequest) (resp *types.ConstructionPayloadsResponse, err error) { + // provide custom signature bytes + panic("implement me") +} +``` + +NOTE: when using a customized client, the command cannot be used as the constructors required **may** differ, so it's required to create a new one. We intend to provide a way to init a customized client without writing extra code in the future. + +### Error extension + +Since rosetta requires to provide 'returned' errors to network options. In order to declare a new rosetta error, we use the `errors` package in cosmos-rosetta-gateway. + +Example: + +```go +package custom_errors +import crgerrs "github.com/cosmos/rosetta/lib/errors" + +var customErrRetriable = true +var CustomError = crgerrs.RegisterError(100, "custom message", customErrRetriable, "description") +``` + +Note: errors must be registered before cosmos-rosetta-gateway's `Server`.`Start` method is called. Otherwise the registration will be ignored. Errors with same code will be ignored too. diff --git a/docs/sdk/next/user/run-node/run-node.mdx b/docs/sdk/next/user/run-node/run-node.mdx new file mode 100644 index 00000000..728ad96a --- /dev/null +++ b/docs/sdk/next/user/run-node/run-node.mdx @@ -0,0 +1,217 @@ +--- +title: Running a Node +--- + +**Synopsis** +Now that the application is ready and the keyring populated, it's time to see how to run the blockchain node. In this section, the application we are running is called [`simapp`](https://github.com/cosmos/cosmos-sdk/tree/main/simapp), and its corresponding CLI binary `simd`. + + + +**Pre-requisite Readings** + +* [Anatomy of a Cosmos SDK Application](/docs/sdk/vnext/learn/beginner/app-anatomy) +* [Setting up the keyring](/docs/sdk/vnext/user/run-node/keyring) + + + +## Initialize the Chain + + +Make sure you can build your own binary, and replace `simd` with the name of your binary in the snippets. + + +Before actually running the node, we need to initialize the chain, and most importantly, its genesis file. This is done with the `init` subcommand: + +```bash +# The argument is the custom username of your node, it should be human-readable. +simd init --chain-id my-test-chain +``` + +The command above creates all the configuration files needed for your node to run, as well as a default genesis file, which defines the initial state of the network. + + +All these configuration files are in `~/.simapp` by default, but you can overwrite the location of this folder by passing the `--home` flag to each command, +or set an `$APPD_HOME` environment variable (where `APPD` is the name of the binary). + + +The `~/.simapp` folder has the following structure: + +```bash +. # ~/.simapp + |- data # Contains the databases used by the node. + |- config/ + |- app.toml # Application-related configuration file. + |- config.toml # CometBFT-related configuration file. + |- genesis.json # The genesis file. + |- node_key.json # Private key to use for node authentication in the p2p protocol. + |- priv_validator_key.json # Private key to use as a validator in the consensus protocol. +``` + +## Updating Some Default Settings + +If you want to change any field values in configuration files (for ex: genesis.json) you can use `jq` ([installation](https://stedolan.github.io/jq/download/) & [docs](https://stedolan.github.io/jq/manual/#Assignment)) & `sed` commands to do that. A few examples are listed here. + +```bash expandable +# to change the chain-id +jq '.chain_id = "testing"' genesis.json > temp.json && mv temp.json genesis.json + +# to enable the api server +sed -i '/\[api\]/,+3 s/enable = false/enable = true/' app.toml + +# to change the voting_period +jq '.app_state.gov.voting_params.voting_period = "600s"' genesis.json > temp.json && mv temp.json genesis.json + +# to change the inflation +jq '.app_state.mint.minter.inflation = "0.300000000000000000"' genesis.json > temp.json && mv temp.json genesis.json +``` + +### Client Interaction + +When instantiating a node, GRPC and REST are defaulted to localhost to avoid unknown exposure of your node to the public. It is recommended not to expose these endpoints without a proxy that can handle load balancing or authentication set up between your node and the public. + + +A commonly used tool for this is [nginx](https://nginx.org). + + +## Adding Genesis Accounts + +Before starting the chain, you need to populate the state with at least one account. To do so, first [create a new account in the keyring](/docs/sdk/vnext/user/run-node/keyring#adding-keys-to-the-keyring) named `my_validator` under the `test` keyring backend (feel free to choose another name and another backend). + +Now that you have created a local account, go ahead and grant it some `stake` tokens in your chain's genesis file. Doing so will also make sure your chain is aware of this account's existence: + +```bash +simd genesis add-genesis-account $MY_VALIDATOR_ADDRESS 100000000000stake +``` + +Recall that `$MY_VALIDATOR_ADDRESS` is a variable that holds the address of the `my_validator` key in the [keyring](/docs/sdk/vnext/user/run-node/keyring#adding-keys-to-the-keyring). Also note that the tokens in the Cosmos SDK have the `{amount}{denom}` format: `amount` is an 18-digit-precision decimal number, and `denom` is the unique token identifier with its denomination key (e.g. `atom` or `uatom`). Here, we are granting `stake` tokens, as `stake` is the token identifier used for staking in [`simapp`](https://github.com/cosmos/cosmos-sdk/tree/main/simapp). For your own chain with its own staking denom, that token identifier should be used instead. + +Now that your account has some tokens, you need to add a validator to your chain. Validators are special full-nodes that participate in the consensus process (implemented in the [underlying consensus engine](/docs/sdk/vnext/learn/intro/sdk-app-architecture#cometbft)) in order to add new blocks to the chain. Any account can declare its intention to become a validator operator, but only those with sufficient delegation get to enter the active set (for example, only the top 125 validator candidates with the most delegation get to be validators in the Cosmos Hub). For this guide, you will add your local node (created via the `init` command above) as a validator of your chain. Validators can be declared before a chain is first started via a special transaction included in the genesis file called a `gentx`: + +```bash +# Create a gentx. +simd genesis gentx my_validator 100000000stake --chain-id my-test-chain --keyring-backend test + +# Add the gentx to the genesis file. +simd genesis collect-gentxs +``` + +A `gentx` does three things: + +1. Registers the `validator` account you created as a validator operator account (i.e., the account that controls the validator). +2. Self-delegates the provided `amount` of staking tokens. +3. Link the operator account with a CometBFT node pubkey that will be used for signing blocks. If no `--pubkey` flag is provided, it defaults to the local node pubkey created via the `simd init` command above. + +For more information on `gentx`, use the following command: + +```bash +simd genesis gentx --help +``` + +## Configuring the Node Using `app.toml` and `config.toml` + +The Cosmos SDK automatically generates two configuration files inside `~/.simapp/config`: + +* `config.toml`: used to configure the CometBFT, learn more on [CometBFT's documentation](https://docs.cometbft.com/v0.37/core/configuration), +* `app.toml`: generated by the Cosmos SDK, and used to configure your app, such as state pruning strategies, telemetry, gRPC and REST servers configuration, state sync... + +Both files are heavily commented, please refer to them directly to tweak your node. + +One example config to tweak is the `minimum-gas-prices` field inside `app.toml`, which defines the minimum gas prices the validator node is willing to accept for processing a transaction. Depending on the chain, it might be an empty string or not. If it's empty, make sure to edit the field with some value, for example `10token`, or else the node will halt on startup. For the purpose of this tutorial, let's set the minimum gas price to 0: + +```toml + # The minimum gas prices a validator is willing to accept for processing a + # transaction. A transaction's fees must meet the minimum of any denomination + # specified in this config (e.g. 0.25token1;0.0001token2). + minimum-gas-prices = "0stake" +``` + + +When running a node (not a validator!) and not wanting to run the application mempool, set the `max-txs` field to `-1`. + +```toml +[mempool] +# Setting max-txs to 0 will allow for an unbounded amount of transactions in the mempool. +# Setting max_txs to negative 1 (-1) will disable transactions from being inserted into the mempool. +# Setting max_txs to a positive number (> 0) will limit the number of transactions in the mempool, by the specified amount. +# +# Note, this configuration only applies to SDK built-in app-side mempool +# implementations. +max-txs = "-1" +``` + + + +## Run a Localnet + +Now that everything is set up, you can finally start your node: + +```bash +simd start +``` + +You should see blocks come in. + +The previous command allows you to run a single node. This is enough for the next section on interacting with this node, but you may wish to run multiple nodes at the same time, and see how consensus happens between them. + +The naive way would be to run the same commands again in separate terminal windows. This is possible, however, in the Cosmos SDK, we leverage the power of [Docker Compose](https://docs.docker.com/compose/) to run a localnet. If you need inspiration on how to set up your own localnet with Docker Compose, you can have a look at the Cosmos SDK's [`docker-compose.yml`](https://github.com/cosmos/cosmos-sdk/blob/v0.53.0/docker-compose.yml). + +### Standalone App/CometBFT + +By default, the Cosmos SDK runs CometBFT in-process with the application +If you want to run the application and CometBFT in separate processes, +start the application with the `--with-comet=false` flag +and set `rpc.laddr` in `config.toml` to the CometBFT node's RPC address. + +## Logging + +Logging provides a way to see what is going on with a node. The default logging level is info. This is a global level and all info logs will be outputted to the terminal. If you would like to filter specific logs to the terminal instead of all, then setting `module:log_level` is how this can work. + +Example: + +In config.toml: + +```toml +log_level: "state:info,p2p:info,consensus:info,x/staking:info,x/ibc:info,*error" +``` + +## State Sync + +State sync is the act in which a node syncs the latest or close to the latest state of a blockchain. This is useful for users who don't want to sync all the blocks in history. Read more in [CometBFT documentation](https://docs.cometbft.com/v0.37/core/state-sync). + +State sync works thanks to snapshots. Read how the SDK handles snapshots [here](https://github.com/cosmos/cosmos-sdk/blob/825245d/store/snapshots/README.md). + +### Local State Sync + +Local state sync works similar to normal state sync except that it works off a local snapshot of state instead of one provided via the p2p network. The steps to start local state sync are similar to normal state sync with a few different designs. + +1. As mentioned in [Link](https://docs.cometbft.com/v0.37/core/state-sync), one must set a height and hash in the config.toml along with a few rpc servers (the aforementioned link has instructions on how to do this). +2. Run ` ` to restore a local snapshot (note: first load it from a file with the *load* command). +3. Bootstrapping Comet state to start the node after the snapshot has been ingested. This can be done with the bootstrap command ` comet bootstrap-state` + +### Snapshots Commands + +The Cosmos SDK provides commands for managing snapshots. +These commands can be added in an app with the following snippet in `cmd//root.go`: + +```go +import ( + + "github.com/cosmos/cosmos-sdk/client/snapshot" +) + +func initRootCmd(/* ... */) { + // ... + rootCmd.AddCommand( + snapshot.Cmd(appCreator), + ) +} +``` + +Then the following commands are available at ` snapshots [command]`: + +* **list**: list local snapshots +* **load**: Load a snapshot archive file into snapshot store +* **restore**: Restore app state from local snapshot +* **export**: Export app state to snapshot store +* **dump**: Dump the snapshot as portable archive format +* **delete**: Delete a local snapshot diff --git a/docs/sdk/next/user/run-node/run-production.mdx b/docs/sdk/next/user/run-node/run-production.mdx new file mode 100644 index 00000000..6e62182c --- /dev/null +++ b/docs/sdk/next/user/run-node/run-production.mdx @@ -0,0 +1,267 @@ +--- +title: Running in Production +--- + +**Synopsis** +This section describes how to securely run a node in a public setting and/or on a mainnet on one of the many Cosmos SDK public blockchains. + + +When operating a node, full node or validator, in production it is important to set your server up securely. + + +There are many different ways to secure a server and your node, the described steps here is one way. To see another way of setting up a server see the [run in production tutorial](https://tutorials.cosmos.network/hands-on-exercise/4-run-in-prod). + + + +This walkthrough assumes the underlying operating system is Ubuntu. + + +## Server Setup + +### User + +When creating a server most times it is created as user `root`. This user has heightened privileges on the server. When operating a node, it is recommended to not run your node as the root user. + +1. Create a new user + +```bash +sudo adduser change_me +``` + +2. We want to allow this user to perform sudo tasks + +```bash +sudo usermod -aG sudo change_me +``` + +Now when logging into the server, the non `root` user can be used. + +### Go + +1. Install the [Go](https://go.dev/doc/install) version preconized by the application. + + +In the past, validators [have had issues](https://github.com/cosmos/cosmos-sdk/issues/13976) when using different versions of Go. It is recommended that the whole validator set uses the version of Go that is preconized by the application. + + +### Firewall + +Nodes should not have all ports open to the public, this is a simple way to get DDOS'd. Secondly it is recommended by [CometBFT](https://github.com/cometbft/cometbft) to never expose ports that are not required to operate a node. + +When setting up a firewall there are a few ports that can be open when operating a Cosmos SDK node. There is the CometBFT json-RPC, prometheus, p2p, remote signer and Cosmos SDK GRPC and REST. If the node is being operated as a node that does not offer endpoints to be used for submission or querying then a max of three endpoints are needed. + +Most, if not all servers come equipped with [ufw](https://help.ubuntu.com/community/UFW). Ufw will be used in this tutorial. + +1. Reset UFW to disallow all incoming connections and allow outgoing + +```bash +sudo ufw default deny incoming +sudo ufw default allow outgoing +``` + +2. Lets make sure that port 22 (ssh) stays open. + +```bash +sudo ufw allow ssh +``` + +or + +```bash +sudo ufw allow 22 +``` + +Both of the above commands are the same. + +3. Allow Port 26656 (cometbft p2p port). If the node has a modified p2p port then that port must be used here. + +```bash +sudo ufw allow 26656/tcp +``` + +4. Allow port 26660 (cometbft [prometheus](https://prometheus.io)). This acts as the applications monitoring port as well. + +```bash +sudo ufw allow 26660/tcp +``` + +5. IF the node which is being setup would like to expose CometBFTs jsonRPC and Cosmos SDK GRPC and REST then follow this step. (Optional) + +##### CometBFT JsonRPC + +```bash +sudo ufw allow 26657/tcp +``` + +##### Cosmos SDK GRPC + +```bash +sudo ufw allow 9090/tcp +``` + +##### Cosmos SDK REST + +```bash +sudo ufw allow 1317/tcp +``` + +6. Lastly, enable ufw + +```bash +sudo ufw enable +``` + +### Signing + +If the node that is being started is a validator there are multiple ways a validator could sign blocks. + +#### File + +File based signing is the simplest and default approach. This approach works by storing the consensus key, generated on initialization, to sign blocks. This approach is only as safe as your server setup as if the server is compromised so is your key. This key is located in the `config/priv_val_key.json` directory generated on initialization. + +A second file exists that user must be aware of, the file is located in the data directory `data/priv_val_state.json`. This file protects your node from double signing. It keeps track of the consensus keys last sign height, round and latest signature. If the node crashes and needs to be recovered this file must be kept in order to ensure that the consensus key will not be used for signing a block that was previously signed. + +#### Remote Signer + +A remote signer is a secondary server that is separate from the running node that signs blocks with the consensus key. This means that the consensus key does not live on the node itself. This increases security because your full node which is connected to the remote signer can be swapped without missing blocks. + +The two most used remote signers are [tmkms](https://github.com/iqlusioninc/tmkms) from [Iqlusion](https://www.iqlusion.io) and [horcrux](https://github.com/strangelove-ventures/horcrux) from [Strangelove](https://strange.love). + +##### TMKMS + +###### Dependencies + +1. Update server dependencies and install extras needed. + +```sh +sudo apt update -y && sudo apt install build-essential curl jq -y +``` + +2. Install Rust: + +```sh +curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh +``` + +3. Install Libusb: + +```sh +sudo apt install libusb-1.0-0-dev +``` + +###### Setup + +There are two ways to install tmkms, from source or `cargo install`. In the examples we will cover downloading or building from source and using softsign. Softsign stands for software signing, but you could use a [yubihsm](https://www.yubico.com/products/hardware-security-module/) as your signing key if you wish. + +1. Build: + +From source: + +```bash +cd $HOME +git clone https://github.com/iqlusioninc/tmkms.git +cd $HOME/tmkms +cargo install tmkms --features=softsign +tmkms init config +tmkms softsign keygen ./config/secrets/secret_connection_key +``` + +or + +Cargo install: + +```bash +cargo install tmkms --features=softsign +tmkms init config +tmkms softsign keygen ./config/secrets/secret_connection_key +``` + + +To use tmkms with a yubikey install the binary with `--features=yubihsm`. + + +2. Migrate the validator key from the full node to the new tmkms instance. + +```bash +scp user@123.456.32.123:~/.simd/config/priv_validator_key.json ~/tmkms/config/secrets +``` + +3. Import the validator key into tmkms. + +```bash +tmkms softsign import $HOME/tmkms/config/secrets/priv_validator_key.json $HOME/tmkms/config/secrets/priv_validator_key +``` + +At this point, it is necessary to delete the `priv_validator_key.json` from the validator node and the tmkms node. Since the key has been imported into tmkms (above) it is no longer necessary on the nodes. The key can be safely stored offline. + +4. Modify the `tmkms.toml`. + +```bash +vim $HOME/tmkms/config/tmkms.toml +``` + +This example shows a configuration that could be used for soft signing. The example has an IP of `123.456.12.345` with a port of `26659` a chain\_id of `test-chain-waSDSe`. These are items that must be modified for the usecase of tmkms and the network. + +```toml expandable +# CometBFT KMS configuration file + +## Chain Configuration + +[[chain]] +id = "osmosis-1" +key_format = { type = "bech32", account_key_prefix = "cosmospub", consensus_key_prefix = "cosmosvalconspub" } +state_file = "/root/tmkms/config/state/priv_validator_state.json" + +## Signing Provider Configuration + +### Software-based Signer Configuration + +[[providers.softsign]] +chain_ids = ["test-chain-waSDSe"] +key_type = "consensus" +path = "/root/tmkms/config/secrets/priv_validator_key" + +## Validator Configuration + +[[validator]] +chain_id = "test-chain-waSDSe" +addr = "tcp://123.456.12.345:26659" +secret_key = "/root/tmkms/config/secrets/secret_connection_key" +protocol_version = "v0.34" +reconnect = true +``` + +5. Set the address of the tmkms instance. + +```bash +vim $HOME/.simd/config/config.toml + +priv_validator_laddr = "tcp://0.0.0.0:26659" +``` + + +The above address it set to `0.0.0.0` but it is recommended to set the tmkms server to secure the startup + + + +It is recommended to comment or delete the lines that specify the path of the validator key and validator: + +```toml +# Path to the JSON file containing the private key to use as a validator in the consensus protocol +# priv_validator_key_file = "config/priv_validator_key.json" + +# Path to the JSON file containing the last sign state of a validator +# priv_validator_state_file = "data/priv_validator_state.json" +``` + + + +6. Start the two processes. + +```bash +tmkms start -c $HOME/tmkms/config/tmkms.toml +``` + +```bash +simd start +``` diff --git a/docs/sdk/next/user/run-node/run-testnet.mdx b/docs/sdk/next/user/run-node/run-testnet.mdx new file mode 100644 index 00000000..9f420c83 --- /dev/null +++ b/docs/sdk/next/user/run-node/run-testnet.mdx @@ -0,0 +1,97 @@ +--- +title: Running a Testnet +--- + +**Synopsis** +The `simd testnet` subcommand makes it easy to initialize and start a simulated test network for testing purposes. + + +In addition to the commands for [running a node](/docs/sdk/vnext/user/run-node/run-node), the `simd` binary also includes a `testnet` command that allows you to start a simulated test network in-process or to initialize files for a simulated test network that runs in a separate process. + +## Initialize Files + +First, let's take a look at the `init-files` subcommand. + +This is similar to the `init` command when initializing a single node, but in this case we are initializing multiple nodes, generating the genesis transactions for each node, and then collecting those transactions. + +The `init-files` subcommand initializes the necessary files to run a test network in a separate process (i.e. using a Docker container). Running this command is not a prerequisite for the `start` subcommand ([see below](#start-testnet)). + +In order to initialize the files for a test network, run the following command: + +```bash +simd testnet init-files +``` + +You should see the following output in your terminal: + +```bash +Successfully initialized 4 node directories +``` + +The default output directory is a relative `.testnets` directory. Let's take a look at the files created within the `.testnets` directory. + +### gentxs + +The `gentxs` directory includes a genesis transaction for each validator node. Each file includes a JSON encoded genesis transaction used to register a validator node at the time of genesis. The genesis transactions are added to the `genesis.json` file within each node directory during the initialization process. + +### nodes + +A node directory is created for each validator node. Within each node directory is a `simd` directory. The `simd` directory is the home directory for each node, which includes the configuration and data files for that node (i.e. the same files included in the default `~/.simapp` directory when running a single node). + +## Start Testnet + +Now, let's take a look at the `start` subcommand. + +The `start` subcommand both initializes and starts an in-process test network. This is the fastest way to spin up a local test network for testing purposes. + +You can start the local test network by running the following command: + +```bash +simd testnet start +``` + +You should see something similar to the following: + +```bash expandable +acquiring test network lock +preparing test network with chain-id "chain-mtoD9v" + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++ THIS MNEMONIC IS FOR TESTING PURPOSES ONLY ++ +++ DO NOT USE IN PRODUCTION ++ +++ ++ +++ sustain know debris minute gate hybrid stereo custom ++ +++ divorce cross spoon machine latin vibrant term oblige ++ +++ moment beauty laundry repeat grab game bronze truly ++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +starting test network... +started test network +press the Enter Key to terminate +``` + +The first validator node is now running in-process, which means the test network will terminate once you either close the terminal window or you press the Enter key. In the output, the mnemonic phrase for the first validator node is provided for testing purposes. The validator node is using the same default addresses being used when initializing and starting a single node (no need to provide a `--node` flag). + +Check the status of the first validator node: + +```shell +simd status +``` + +Import the key from the provided mnemonic: + +```shell +simd keys add test --recover --keyring-backend test +``` + +Check the balance of the account address: + +```shell +simd q bank balances [address] +``` + +Use this test account to manually test against the test network. + +## Testnet Options + +You can customize the configuration of the test network with flags. In order to see all flag options, append the `--help` flag to each command. diff --git a/docs/sdk/next/user/run-node/txs.mdx b/docs/sdk/next/user/run-node/txs.mdx new file mode 100644 index 00000000..b673b3a0 --- /dev/null +++ b/docs/sdk/next/user/run-node/txs.mdx @@ -0,0 +1,553 @@ +--- +title: 'Generating, Signing and Broadcasting Transactions' +--- + +**Synopsis** +This document describes how to generate an (unsigned) transaction, signing it (with one or multiple keys), and broadcasting it to the network. + + +## Using the CLI + +The easiest way to send transactions is using the CLI, as we have seen in the previous page when [interacting with a node](/docs/sdk/vnext/user/run-node/interact-node#using-the-cli). For example, running the following command + +```bash +simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake --chain-id my-test-chain --keyring-backend test +``` + +will run the following steps: + +* generate a transaction with one `Msg` (`x/bank`'s `MsgSend`), and print the generated transaction to the console. +* ask the user for confirmation to send the transaction from the `$MY_VALIDATOR_ADDRESS` account. +* fetch `$MY_VALIDATOR_ADDRESS` from the keyring. This is possible because we have [set up the CLI's keyring](/docs/sdk/vnext/user/run-node/keyring) in a previous step. +* sign the generated transaction with the keyring's account. +* broadcast the signed transaction to the network. This is possible because the CLI connects to the node's CometBFT RPC endpoint. + +The CLI bundles all the necessary steps into a simple-to-use user experience. However, it's possible to run all the steps individually too. + +### Generating a Transaction + +Generating a transaction can simply be done by appending the `--generate-only` flag on any `tx` command, e.g.: + +```bash +simd tx bank send $MY_VALIDATOR_ADDRESS $RECIPIENT 1000stake --chain-id my-test-chain --generate-only +``` + +This will output the unsigned transaction as JSON in the console. We can also save the unsigned transaction to a file (to be passed around between signers more easily) by appending `> unsigned_tx.json` to the above command. + +### Signing a Transaction + +Signing a transaction using the CLI requires the unsigned transaction to be saved in a file. Let's assume the unsigned transaction is in a file called `unsigned_tx.json` in the current directory (see previous paragraph on how to do that). Then, simply run the following command: + +```bash +simd tx sign unsigned_tx.json --chain-id my-test-chain --keyring-backend test --from $MY_VALIDATOR_ADDRESS +``` + +This command will decode the unsigned transaction and sign it with `SIGN_MODE_DIRECT` with `$MY_VALIDATOR_ADDRESS`'s key, which we already set up in the keyring. The signed transaction will be output as JSON to the console, and, as above, we can save it to a file by appending `--output-document signed_tx.json`. + +Some useful flags to consider in the `tx sign` command: + +* `--sign-mode`: you may use `amino-json` to sign the transaction using `SIGN_MODE_LEGACY_AMINO_JSON`, +* `--offline`: sign in offline mode. This means that the `tx sign` command doesn't connect to the node to retrieve the signer's account number and sequence, both needed for signing. In this case, you must manually supply the `--account-number` and `--sequence` flags. This is useful for offline signing, i.e. signing in a secure environment which doesn't have access to the internet. + +#### Signing with Multiple Signers + + +Please note that signing a transaction with multiple signers or with a multisig account, where at least one signer uses `SIGN_MODE_DIRECT`, is not yet possible. You may follow [this Github issue](https://github.com/cosmos/cosmos-sdk/issues/8141) for more info. + + +Signing with multiple signers is done with the `tx multisign` command. This command assumes that all signers use `SIGN_MODE_LEGACY_AMINO_JSON`. The flow is similar to the `tx sign` command flow, but instead of signing an unsigned transaction file, each signer signs the file signed by previous signer(s). The `tx multisign` command will append signatures to the existing transactions. It is important that signers sign the transaction **in the same order** as given by the transaction, which is retrievable using the `GetSigners()` method. + +For example, starting with the `unsigned_tx.json`, and assuming the transaction has 4 signers, we would run: + +```bash +# Let signer1 sign the unsigned tx. +simd tx multisign unsigned_tx.json signer_key_1 --chain-id my-test-chain --keyring-backend test > partial_tx_1.json +# Now signer1 will send the partial_tx_1.json to the signer2. +# Signer2 appends their signature: +simd tx multisign partial_tx_1.json signer_key_2 --chain-id my-test-chain --keyring-backend test > partial_tx_2.json +# Signer2 sends the partial_tx_2.json file to signer3, and signer3 can append his signature: +simd tx multisign partial_tx_2.json signer_key_3 --chain-id my-test-chain --keyring-backend test > partial_tx_3.json +``` + +### Broadcasting a Transaction + +Broadcasting a transaction is done using the following command: + +```bash +simd tx broadcast tx_signed.json +``` + +You may optionally pass the `--broadcast-mode` flag to specify which response to receive from the node: + +* `sync`: the CLI waits for a CheckTx execution response only. +* `async`: the CLI returns immediately (transaction might fail). + +### Encoding a Transaction + +In order to broadcast a transaction using the gRPC or REST endpoints, the transaction will need to be encoded first. This can be done using the CLI. + +Encoding a transaction is done using the following command: + +```bash +simd tx encode tx_signed.json +``` + +This will read the transaction from the file, serialize it using Protobuf, and output the transaction bytes as base64 in the console. + +### Decoding a Transaction + +The CLI can also be used to decode transaction bytes. + +Decoding a transaction is done using the following command: + +```bash +simd tx decode [protobuf-byte-string] +``` + +This will decode the transaction bytes and output the transaction as JSON in the console. You can also save the transaction to a file by appending `> tx.json` to the above command. + +## Programmatically with Go + +It is possible to manipulate transactions programmatically via Go using the Cosmos SDK's `TxBuilder` interface. + +### Generating a Transaction + +Before generating a transaction, a new instance of a `TxBuilder` needs to be created. Since the Cosmos SDK supports both Amino and Protobuf transactions, the first step would be to decide which encoding scheme to use. All the subsequent steps remain unchanged, whether you're using Amino or Protobuf, as `TxBuilder` abstracts the encoding mechanisms. In the following snippet, we will use Protobuf. + +```go expandable +import ( + + "github.com/cosmos/cosmos-sdk/simapp" +) + +func sendTx() + +error { + // Choose your codec: Amino or Protobuf. Here, we use Protobuf, given by the following function. + app := simapp.NewSimApp(...) + + // Create a new TxBuilder. + txBuilder := app.TxConfig().NewTxBuilder() + + // --snip-- +} +``` + +We can also set up some keys and addresses that will send and receive the transactions. Here, for the purpose of the tutorial, we will be using some dummy data to create keys. + +```go +import ( + + "github.com/cosmos/cosmos-sdk/testutil/testdata" +) + +priv1, _, addr1 := testdata.KeyTestPubAddr() + +priv2, _, addr2 := testdata.KeyTestPubAddr() + +priv3, _, addr3 := testdata.KeyTestPubAddr() +``` + +Populating the `TxBuilder` can be done via its methods: + +```go expandable +package client + +import ( + + "time" + + txsigning "cosmossdk.io/x/tx/signing" + + codectypes "github.com/cosmos/cosmos-sdk/codec/types" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/tx" + signingtypes "github.com/cosmos/cosmos-sdk/types/tx/signing" + "github.com/cosmos/cosmos-sdk/x/auth/signing" +) + +type ( + // TxEncodingConfig defines an interface that contains transaction + // encoders and decoders + TxEncodingConfig interface { + TxEncoder() + +sdk.TxEncoder + TxDecoder() + +sdk.TxDecoder + TxJSONEncoder() + +sdk.TxEncoder + TxJSONDecoder() + +sdk.TxDecoder + MarshalSignatureJSON([]signingtypes.SignatureV2) ([]byte, error) + +UnmarshalSignatureJSON([]byte) ([]signingtypes.SignatureV2, error) +} + + // TxConfig defines an interface a client can utilize to generate an + // application-defined concrete transaction type. The type returned must + // implement TxBuilder. + TxConfig interface { + TxEncodingConfig + + NewTxBuilder() + +TxBuilder + WrapTxBuilder(sdk.Tx) (TxBuilder, error) + +SignModeHandler() *txsigning.HandlerMap + SigningContext() *txsigning.Context +} + + // TxBuilder defines an interface which an application-defined concrete transaction + // type must implement. Namely, it must be able to set messages, generate + // signatures, and provide canonical bytes to sign over. The transaction must + // also know how to encode itself. + TxBuilder interface { + GetTx() + +signing.Tx + + SetMsgs(msgs ...sdk.Msg) + +error + SetSignatures(signatures ...signingtypes.SignatureV2) + +error + SetMemo(memo string) + +SetFeeAmount(amount sdk.Coins) + +SetFeePayer(feePayer sdk.AccAddress) + +SetGasLimit(limit uint64) + +SetTimeoutHeight(height uint64) + +SetTimeoutTimestamp(timestamp time.Time) + +SetUnordered(v bool) + +SetFeeGranter(feeGranter sdk.AccAddress) + +AddAuxSignerData(tx.AuxSignerData) + +error +} + + // ExtendedTxBuilder extends the TxBuilder interface, + // which is used to set extension options to be included in a transaction. + ExtendedTxBuilder interface { + SetExtensionOptions(extOpts ...*codectypes.Any) +} +) +``` + +```go expandable +import ( + + banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" +) + +func sendTx() + +error { + // --snip-- + + // Define two x/bank MsgSend messages: + // - from addr1 to addr3, + // - from addr2 to addr3. + // This means that the transaction needs two signers: addr1 and addr2. + msg1 := banktypes.NewMsgSend(addr1, addr3, types.NewCoins(types.NewInt64Coin("atom", 12))) + +msg2 := banktypes.NewMsgSend(addr2, addr3, types.NewCoins(types.NewInt64Coin("atom", 34))) + err := txBuilder.SetMsgs(msg1, msg2) + if err != nil { + return err +} + +txBuilder.SetGasLimit(...) + +txBuilder.SetFeeAmount(...) + +txBuilder.SetMemo(...) + +txBuilder.SetTimeoutHeight(...) +} +``` + +At this point, `TxBuilder`'s underlying transaction is ready to be signed. + +#### Generating an Unordered Transaction + +Starting with Cosmos SDK v0.53.0, users may send unordered transactions to chains that have the feature enabled. + + + +Unordered transactions MUST leave sequence values unset. When a transaction is both unordered and contains a non-zero sequence value, +the transaction will be rejected. External services that operate on prior assumptions about transaction sequence values should be updated to handle unordered transactions. +Services should be aware that when the transaction is unordered, the transaction sequence will always be zero. + + + +Using the example above, we can set the required fields to mark a transaction as unordered. +By default, unordered transactions charge an extra 2240 units of gas to offset the additional storage overhead that supports their functionality. +The extra units of gas are customizable and therefore vary by chain, so be sure to check the chain's ante handler for the gas value set, if any. + +```go +func sendTx() + +error { + // --snip-- + expiration := 5 * time.Minute + txBuilder.SetUnordered(true) + +txBuilder.SetTimeoutTimestamp(time.Now().Add(expiration + (1 * time.Nanosecond))) +} +``` + +Unordered transactions from the same account must use a unique timeout timestamp value. The difference between each timeout timestamp value may be as small as a nanosecond, however. + +```go expandable +import ( + + "github.com/cosmos/cosmos-sdk/client" +) + +func sendMessages(txBuilders []client.TxBuilder) + +error { + // --snip-- + expiration := 5 * time.Minute + for _, txb := range txBuilders { + txb.SetUnordered(true) + +txb.SetTimeoutTimestamp(time.Now().Add(expiration + (1 * time.Nanosecond))) +} +} +``` + +### Signing a Transaction + +We set encoding config to use Protobuf, which will use `SIGN_MODE_DIRECT` by default. As per [ADR-020](https://github.com/cosmos/cosmos-sdk/blob/main/docs/architecture/adr-020-protobuf-transaction-encoding.md), each signer needs to sign the `SignerInfo`s of all other signers. This means that we need to perform two steps sequentially: + +* for each signer, populate the signer's `SignerInfo` inside `TxBuilder`, +* once all `SignerInfo`s are populated, for each signer, sign the `SignDoc` (the payload to be signed). + +In the current `TxBuilder`'s API, both steps are done using the same method: `SetSignatures()`. The current API requires us to first perform a round of `SetSignatures()` *with empty signatures*, only to populate `SignerInfo`s, and a second round of `SetSignatures()` to actually sign the correct payload. + +```go expandable +import ( + + cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" + "github.com/cosmos/cosmos-sdk/types/tx/signing" + xauthsigning "github.com/cosmos/cosmos-sdk/x/auth/signing" +) + +func sendTx() + +error { + // --snip-- + privs := []cryptotypes.PrivKey{ + priv1, priv2 +} + accNums:= []uint64{..., ... +} // The accounts' account numbers + accSeqs:= []uint64{..., ... +} // The accounts' sequence numbers + + // First round: we gather all the signer infos. We use the "set empty + // signature" hack to do that. + var sigsV2 []signing.SignatureV2 + for i, priv := range privs { + sigV2 := signing.SignatureV2{ + PubKey: priv.PubKey(), + Data: &signing.SingleSignatureData{ + SignMode: encCfg.TxConfig.SignModeHandler().DefaultMode(), + Signature: nil, +}, + Sequence: accSeqs[i], +} + +sigsV2 = append(sigsV2, sigV2) +} + err := txBuilder.SetSignatures(sigsV2...) + if err != nil { + return err +} + + // Second round: all signer infos are set, so each signer can sign. + sigsV2 = []signing.SignatureV2{ +} + for i, priv := range privs { + signerData := xauthsigning.SignerData{ + ChainID: chainID, + AccountNumber: accNums[i], + Sequence: accSeqs[i], +} + +sigV2, err := tx.SignWithPrivKey( + encCfg.TxConfig.SignModeHandler().DefaultMode(), signerData, + txBuilder, priv, encCfg.TxConfig, accSeqs[i]) + if err != nil { + return nil, err +} + +sigsV2 = append(sigsV2, sigV2) +} + +err = txBuilder.SetSignatures(sigsV2...) + if err != nil { + return err +} +} +``` + +The `TxBuilder` is now correctly populated. To print it, you can use the `TxConfig` interface from the initial encoding config `encCfg`: + +```go expandable +func sendTx() + +error { + // --snip-- + + // Generated Protobuf-encoded bytes. + txBytes, err := encCfg.TxConfig.TxEncoder()(txBuilder.GetTx()) + if err != nil { + return err +} + + // Generate a JSON string. + txJSONBytes, err := encCfg.TxConfig.TxJSONEncoder()(txBuilder.GetTx()) + if err != nil { + return err +} + txJSON := string(txJSONBytes) +} +``` + +### Broadcasting a Transaction + +The preferred way to broadcast a transaction is to use gRPC, though using REST (via `gRPC-gateway`) or the CometBFT RPC is also possible. An overview of the differences between these methods is exposed [here](/docs/sdk/vnext/learn/advanced/grpc_rest). For this tutorial, we will only describe the gRPC method. + +```go expandable +import ( + + "context" + "fmt" + "google.golang.org/grpc" + "github.com/cosmos/cosmos-sdk/types/tx" +) + +func sendTx(ctx context.Context) + +error { + // --snip-- + + // Create a connection to the gRPC server. + grpcConn := grpc.Dial( + "127.0.0.1:9090", // Or your gRPC server address. + grpc.WithInsecure(), // The Cosmos SDK doesn't support any transport security mechanism. + ) + +defer grpcConn.Close() + + // Broadcast the tx via gRPC. We create a new client for the Protobuf Tx + // service. + txClient := tx.NewServiceClient(grpcConn) + // We then call the BroadcastTx method on this client. + grpcRes, err := txClient.BroadcastTx( + ctx, + &tx.BroadcastTxRequest{ + Mode: tx.BroadcastMode_BROADCAST_MODE_SYNC, + TxBytes: txBytes, // Proto-binary of the signed transaction, see previous step. +}, + ) + if err != nil { + return err +} + +fmt.Println(grpcRes.TxResponse.Code) // Should be `0` if the tx is successful + + return nil +} +``` + +#### Simulating a Transaction + +Before broadcasting a transaction, we sometimes may want to dry-run the transaction, to estimate some information about the transaction without actually committing it. This is called simulating a transaction, and can be done as follows: + +```go expandable +import ( + + "context" + "fmt" + "testing" + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/types/tx" + authtx "github.com/cosmos/cosmos-sdk/x/auth/tx" +) + +func simulateTx() + +error { + // --snip-- + + // Simulate the tx via gRPC. We create a new client for the Protobuf Tx + // service. + txClient := tx.NewServiceClient(grpcConn) + txBytes := /* Fill in with your signed transaction bytes. */ + + // We then call the Simulate method on this client. + grpcRes, err := txClient.Simulate( + context.Background(), + &tx.SimulateRequest{ + TxBytes: txBytes, +}, + ) + if err != nil { + return err +} + +fmt.Println(grpcRes.GasInfo) // Prints estimated gas used. + + return nil +} +``` + +## Using gRPC + +It is not possible to generate or sign a transaction using gRPC, only to broadcast one. In order to broadcast a transaction using gRPC, you will need to generate, sign, and encode the transaction using either the CLI or programmatically with Go. + +### Broadcasting a Transaction + +Broadcasting a transaction using the gRPC endpoint can be done by sending a `BroadcastTx` request as follows, where the `txBytes` are the protobuf-encoded bytes of a signed transaction: + +```bash +grpcurl -plaintext \ + -d '{"tx_bytes":"{{txBytes}}","mode":"BROADCAST_MODE_SYNC"}' \ + localhost:9090 \ + cosmos.tx.v1beta1.Service/BroadcastTx +``` + +## Using REST + +It is not possible to generate or sign a transaction using REST, only to broadcast one. In order to broadcast a transaction using REST, you will need to generate, sign, and encode the transaction using either the CLI or programmatically with Go. + +### Broadcasting a Transaction + +Broadcasting a transaction using the REST endpoint (served by `gRPC-gateway`) can be done by sending a POST request as follows, where the `txBytes` are the protobuf-encoded bytes of a signed transaction: + +```bash +curl -X POST \ + -H "Content-Type: application/json" \ + -d' {"tx_bytes":"{{txBytes}}","mode":"BROADCAST_MODE_SYNC"}' \ + localhost:1317/cosmos/tx/v1beta1/txs +``` + +## Using CosmJS (JavaScript & TypeScript) + +CosmJS aims to build client libraries in JavaScript that can be embedded in web applications. Please see [Link](https://cosmos.github.io/cosmjs) for more information. As of January 2021, CosmJS documentation is still a work in progress. diff --git a/docs/sdk/next/user/user.mdx b/docs/sdk/next/user/user.mdx new file mode 100644 index 00000000..afe93381 --- /dev/null +++ b/docs/sdk/next/user/user.mdx @@ -0,0 +1,12 @@ +--- +title: User Guides +description: >- + This section is designed for developers who are using the Cosmos SDK to build + applications. It provides essential guides and references to effectively use + the SDK's features. +--- +This section is designed for developers who are using the Cosmos SDK to build applications. It provides essential guides and references to effectively use the SDK's features. + +* [Setting up keys](/docs/sdk/vnext/user/run-node/keyring) - Learn how to set up secure key management using the Cosmos SDK's keyring feature. This guide provides a streamlined approach to cryptographic key handling, which is crucial for securing your application. +* [Running a node](/docs/sdk/vnext/user/run-node/run-node) - This guide provides step-by-step instructions to deploy and manage a node in the Cosmos network. It ensures a smooth and reliable operation of your blockchain application by covering all the necessary setup and maintenance steps. +* [CLI](/docs/sdk/vnext/user/run-node/interact-node) - Discover how to navigate and interact with the Cosmos SDK using the Command Line Interface (CLI). This section covers efficient and powerful command-based operations that can help you manage your application effectively. From 7ba67e6a9c78a39df7f516c5408f63b86109901e Mon Sep 17 00:00:00 2001 From: Cordt Date: Thu, 16 Oct 2025 11:44:34 -0600 Subject: [PATCH 07/26] add missing steps + overview of chain build process --- .../build-a-chain/initial-setup.mdx | 326 ++++++++++++++++++ .../build-a-chain/overview.mdx | 77 ++--- docs/evm/next/documentation/overview.mdx | 11 +- 3 files changed, 356 insertions(+), 58 deletions(-) create mode 100644 docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx diff --git a/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx b/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx new file mode 100644 index 00000000..2f9c6ed8 --- /dev/null +++ b/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx @@ -0,0 +1,326 @@ +--- +title: "Initial Setup" +description: "Fork the evmd repository and prepare your development environment for building your EVM L1 chain." +--- + +This guide walks you through the initial steps of creating your own Cosmos EVM chain, from forking the repository to preparing your development environment. Once complete, you'll be ready to begin configuring your chain's parameters. + +## Prerequisites + +Building Cosmos EVM requires several tools and dependencies. Installation varies by operating system and architecture. + +### Required Dependencies + +- **Go 1.22+** - Required for building the blockchain binary +- **Git** - For version control and repository management +- **Make** - For using build commands +- **GCC/Build Tools** - Required for CGo compilation +- **curl/wget** - For downloading dependencies (usually pre-installed) + +### Installation by Platform + + + + +#### Using Homebrew (Recommended) + +Install Homebrew if you haven't already: + +```bash expandable +/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" +``` + +Install the required dependencies: + +```bash expandable +# Install build essentials +brew install git make gcc + +# Install Go +brew install go@1.22 + +# Add Go to your PATH (add to ~/.zshrc or ~/.bash_profile) +echo 'export PATH="/usr/local/opt/go@1.22/bin:$PATH"' >> ~/.zshrc +source ~/.zshrc +``` + +Verify installations: + +```bash expandable +go version # Should show 1.22 or higher +git --version +make --version +gcc --version +``` + + + + +#### Using Homebrew (Recommended) + +Install Homebrew if you haven't already: + +```bash expandable +/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" +``` + + +After installing Homebrew on Apple Silicon, you may need to add it to your PATH: +```bash +echo 'eval "$(/opt/homebrew/bin/brew shellenv)"' >> ~/.zprofile +eval "$(/opt/homebrew/bin/brew shellenv)" +``` + + +Install the required dependencies: + +```bash expandable +# Install build essentials +brew install git make gcc + +# Install Go +brew install go@1.22 + +# Add Go to your PATH (add to ~/.zshrc) +echo 'export PATH="/opt/homebrew/opt/go@1.22/bin:$PATH"' >> ~/.zshrc +source ~/.zshrc + +# Set up Go environment +mkdir -p $HOME/go/{bin,src,pkg} +echo 'export GOPATH=$HOME/go' >> ~/.zshrc +echo 'export PATH=$PATH:$GOPATH/bin' >> ~/.zshrc +source ~/.zshrc +``` + +Verify installations: + +```bash expandable +go version # Should show 1.22 or higher +git --version +make --version +gcc --version +``` + + + + +#### Using APT Package Manager + +Update package lists and install build essentials: + +```bash expandable +# Update package lists +sudo apt update && sudo apt upgrade -y + +# Install build essentials and dependencies +sudo apt install -y build-essential git make gcc curl wget +``` + +Install Go 1.22: + +```bash expandable +# Download Go 1.22 +wget https://go.dev/dl/go1.22.0.linux-amd64.tar.gz + +# Remove old Go installation (if exists) +sudo rm -rf /usr/local/go + +# Extract and install +sudo tar -C /usr/local -xzf go1.22.0.linux-amd64.tar.gz + +# Clean up +rm go1.22.0.linux-amd64.tar.gz + +# Add Go to PATH (add to ~/.bashrc or ~/.profile) +echo 'export PATH=$PATH:/usr/local/go/bin' >> ~/.bashrc +echo 'export GOPATH=$HOME/go' >> ~/.bashrc +echo 'export PATH=$PATH:$GOPATH/bin' >> ~/.bashrc +source ~/.bashrc + +# Create Go workspace directories +mkdir -p $HOME/go/{bin,src,pkg} +``` + +Verify installations: + +```bash expandable +go version # Should show 1.22 or higher +git --version +make --version +gcc --version +``` + + + + +#### Using Pacman Package Manager + +Update system and install dependencies: + +```bash expandable +# Update system +sudo pacman -Syu + +# Install build essentials and dependencies +sudo pacman -S base-devel git go make gcc curl wget +``` + + +Arch Linux's `go` package is typically very up-to-date. Verify the version meets requirements: +```bash +go version # Should be 1.22 or higher +``` +If the version is lower, you may need to install from source or use a version manager. + + +Set up Go environment: + +```bash expandable +# Add Go environment variables (add to ~/.bashrc) +echo 'export GOPATH=$HOME/go' >> ~/.bashrc +echo 'export PATH=$PATH:$GOPATH/bin' >> ~/.bashrc +source ~/.bashrc + +# Create Go workspace directories +mkdir -p $HOME/go/{bin,src,pkg} +``` + +Verify installations: + +```bash expandable +go version # Should show 1.22 or higher +git --version +make --version +gcc --version +``` + + + + +### Additional Setup + +After installing the base dependencies, configure Git with your identity: + +```bash expandable +git config --global user.name "Your Name" +git config --global user.email "your.email@example.com" +``` + +## Fork and Clone the Repository + +Start by creating your own copy of the evmd repository: + +1. **Fork the repository** on GitHub by visiting [github.com/cosmos/evm](https://github.com/cosmos/evm) and clicking the "Fork" button + +2. **Clone your forked repository**: + ```bash + git clone https://github.com/YOUR_USERNAME/evm.git + cd evm + ``` + +3. **Add upstream remote** to stay synchronized with updates: + ```bash + git remote add upstream https://github.com/cosmos/evm.git + ``` + + +Keeping your fork synchronized with upstream allows you to receive bug fixes, security patches, and new features from the core development team. + + +## Understanding the Project Structure + +The evmd repository is organized into several key directories: + +``` +evm/ +├── app/ # Application configuration and module integration +├── cmd/evmd/ # Binary entrypoint and CLI commands +├── precompiles/ # EVM precompile implementations +├── x/ # Custom Cosmos SDK modules +│ ├── erc20/ # ERC20 token module +│ ├── evm/ # Core EVM module +│ └── feemarket/ # EIP-1559 fee market +├── scripts/ # Utility scripts including local_node.sh +└── tests/ # Test suites +``` + +## Build and Test + +Verify your environment is properly set up by building the binary: + +```bash +make install +``` + +This compiles the `evmd` binary and installs it to your `$GOPATH/bin` directory. Verify the installation: + +```bash +evmd version +``` + + +Before making any changes, it's recommended to run the test suite to ensure everything works correctly: + +```bash +make test +``` + + +## Review Key Resources + +Before diving into configuration, familiarize yourself with these important resources: + +### Security & Audits +Review the comprehensive [security audits](/docs/evm/next/documentation/overview#audits) conducted on Cosmos EVM (v0.4.x and later). Understanding the audit findings and their resolutions will help you make informed security decisions for your chain. + +### Cosmos SDK Modules +Explore the [Cosmos SDK modules](/docs/evm/next/documentation/cosmos-sdk) that provide core blockchain functionality: +- **Bank** - Token transfers and balances +- **Staking** - Validator delegation and rewards +- **Governance** - On-chain voting and proposals +- **Slashing** - Validator penalty enforcement +- **Distribution** - Fee and reward distribution + +### Precompiles +Learn about [precompiled contracts](/docs/evm/next/documentation/smart-contracts/precompiles) that bridge EVM smart contracts with Cosmos SDK functionality. These enable Solidity contracts to interact with native modules for staking, IBC transfers, and more. + +## Quick Testing with local_node.sh + +The repository includes a development script that launches a fully configured local testnet. This is useful for: +- Understanding the complete initialization sequence +- Testing your changes quickly +- Learning how different parameters affect the chain + +Run the script: + +```bash expandable +./local_node.sh -y +``` + +This starts a local chain at `http://localhost:8545` that you can connect to with MetaMask or other Ethereum wallets (chain ID: `262144`). + + +The `local_node.sh` script demonstrates a complete configuration in a single file. While you'll customize these settings for your production chain, reviewing the script provides valuable insight into the initialization sequence. See the [Configuration Reference](/docs/evm/next/documentation/getting-started/build-a-chain/configuration-reference#understanding-local_nodesh) for a detailed explanation. + + +## Next Steps + +With your development environment ready, you're now prepared to begin configuring your chain. The configuration process is divided into three phases: + +1. **Pre-Genesis Configuration** - Set chain identity and compile source code customizations +2. **Genesis Configuration** - Initialize the chain and configure genesis.json parameters +3. **Runtime Configuration** - Set up node-level settings and launch the network + +Proceed to the [Pre-Genesis & Genesis Setup](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup) guide to begin customizing your chain's identity and parameters. + + +Configure your chain's identity, parameters, and genesis file + + +## Additional Configuration Resources + +Throughout your configuration journey, refer to these resources: + +- **[Configuration Reference](/docs/evm/next/documentation/getting-started/build-a-chain/configuration-reference)** - Comprehensive command reference with examples for different configurations +- **[EVM Mempool Integration](/docs/evm/next/documentation/getting-started/build-a-chain/additional-configuration/mempool-integration)** - Advanced mempool customization +- **[Predeployed Contracts](/docs/evm/next/documentation/getting-started/build-a-chain/additional-configuration/predeployed-contracts)** - Deploy standard contracts at genesis diff --git a/docs/evm/next/documentation/getting-started/build-a-chain/overview.mdx b/docs/evm/next/documentation/getting-started/build-a-chain/overview.mdx index 7c8791eb..ef397f27 100644 --- a/docs/evm/next/documentation/getting-started/build-a-chain/overview.mdx +++ b/docs/evm/next/documentation/getting-started/build-a-chain/overview.mdx @@ -3,81 +3,54 @@ title: "Introduction" description: "Everything you need to build your own custom blockchain with full EVM compatibility." --- -Building a production-ready blockchain with Cosmos EVM involves configuring parameters across three main phases: pre-genesis setup, genesis configuration, and runtime deployment. This guide provides a structured approach to each phase. +Building a production-ready blockchain with Cosmos EVM involves configuring parameters across three main phases: pre-genesis setup, genesis configuration, and runtime deployment. This guide provides a structured approach to launching your own EVM-compatible Layer 1 chain. -## Where To Start +## Why Start with evmd The Cosmos EVM repository includes `evmd`, a fully functional blockchain that integrates the Cosmos SDK with the EVM module. Because `evmd` is developed and maintained alongside the module itself, it serves as the canonical reference implementation with production-ready defaults and best practices. Starting with `evmd` provides several advantages: -- **Greater compatibility** - Direct alignment with the module's development ensures the configurations as described here work as intended -- **Improved troubleshooting** - Greater similarity to the base project makes it simpler to diagnose issues and find solutions, if they arise -- **Proven logic** - Take advantage of integration approaches used by the core development team are readily available on Github -- **Peace of mind** - Fully audited (as of v0.4.x) -- **Developer Community** - Besides the advantage of being EVM compatible, Cosmos-EVM already powers multiople projects. With many more planning to migrate in the naer future, there is no shortage of experience and knowledge to draw from (and contribute to!)! +- **Greater compatibility** - Direct alignment with the module's development ensures the configurations work as intended +- **Improved troubleshooting** - Greater similarity to the base project makes it simpler to diagnose issues and find solutions +- **Proven logic** - Integration approaches used by the core development team are readily available and battle-tested +- **Peace of mind** - Fully audited (as of v0.4.x) with comprehensive [security audits](/docs/evm/next/documentation/overview#audits) +- **Developer Community** - Cosmos EVM already powers multiple projects, with many more planning to migrate. There's no shortage of experience and knowledge to draw from and contribute to! Rather than assembling components from scratch, fork `evmd` and customize it for your specific needs. This approach lets you focus on what makes your chain unique rather than debugging basic integration issues. -## Main Configuration Guides +## Configuration Guides + +The following three guides will walk you through building and launching your own EVM L1 chain:
    - -Complete guide to parameters set before and during initialization + +Fork the repository and prepare your development environment
    -Configure your chain's identity and core parameters. This includes both source code customization and genesis file preparation. - -Compiled into your binary and set before running `init`: - -- [Binary Name](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup#binary-name) - Your chain's executable name -- [Bech32 Address Prefix](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup#bech32-address-prefix) - Unique address format for your chain -- [BIP44 Coin Type](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup#bip44-coin-type) - HD wallet derivation path -- [EVM Chain ID](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup#evm-chain-id) - Ethereum replay protection identifier -- [Token Decimal Precision](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup#token-decimal-precision) - Choose between 18 or 6 decimals -- [Default Denomination](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup#default-denomination-in-source) - Base token name in source code - -Configured in `genesis.json` after initialization: - -- [Cosmos Chain ID](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup#cosmos-chain-id) - String identifier for your chain -- [Genesis Time](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup#genesis-time) - Network launch timestamp -- [Bank Metadata](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup#bank-denomination-metadata) - Token display configuration -- [VM Parameters](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup#vm-parameters) - EVM gas token and execution settings -- [Active Precompiles](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup#active-precompiles) - Enable Cosmos SDK access from smart contracts -- [ERC20 Module](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup#erc20-module) - Native token representation -- [Fee Market](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup#fee-market-eip-1559) - EIP-1559 configuration -- [Staking, Slashing, Governance](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup#staking-parameters) - Validator economics and governance -- [Initial Accounts](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup#initial-accounts-and-validators) - Genesis funding and validator setup - - +
    + +Configure chain identity, parameters, and genesis file + +
    -Node configuration, network launch, and post-launch operations +Set up node configuration and coordinate network launch
    -Set up node-level settings and coordinate network deployment. - -- [app.toml](/docs/evm/next/documentation/getting-started/build-a-chain/runtime-and-launch#apptoml-configuration) - Minimum gas prices, JSON-RPC endpoints, mempool settings -- [config.toml](/docs/evm/next/documentation/getting-started/build-a-chain/runtime-and-launch#configtoml-configuration) - P2P networking, consensus parameters, RPC settings -- [client.toml](/docs/evm/next/documentation/getting-started/build-a-chain/runtime-and-launch#clienttoml-configuration) - CLI defaults and broadcast mode - -- [Validator Coordination](/docs/evm/next/documentation/getting-started/build-a-chain/runtime-and-launch#network-launch-coordination) - Collecting gentxs and distributing final genesis -- [Starting Your Node](/docs/evm/next/documentation/getting-started/build-a-chain/runtime-and-launch#starting-your-node) - Launch procedures and verification -- [Post-Launch Operations](/docs/evm/next/documentation/getting-started/build-a-chain/runtime-and-launch#post-launch-operations) - Monitoring, upgrades, and maintenance +These guides are designed to be followed in order, taking you from an empty repository to a running blockchain network. For a comprehensive reference of all commands and configuration options, see the [Configuration Reference](/docs/evm/next/documentation/getting-started/build-a-chain/configuration-reference). +## Understanding the Stack +Before diving into configuration, it's helpful to understand what you're building with: -## Additional Resources - -
    - -Quick reference for commands, defaults, and examples - -
    +- **[Cosmos SDK Modules](/docs/evm/next/documentation/cosmos-sdk)** - Core blockchain functionality including staking, governance, and token management +- **[Precompiles](/docs/evm/next/documentation/smart-contracts/precompiles)** - Smart contract interfaces that bridge EVM and Cosmos SDK capabilities +- **[Security & Audits](/docs/evm/next/documentation/overview#audits)** - Third-party security assessments of the codebase -Command cheatsheet with complete setup examples for different configurations. +The [Configuration Reference](/docs/evm/next/documentation/getting-started/build-a-chain/configuration-reference) provides detailed examples and command references that complement the main guides, useful when you need to look up specific syntax or troubleshoot particular settings. diff --git a/docs/evm/next/documentation/overview.mdx b/docs/evm/next/documentation/overview.mdx index 478bc2b5..17ab34e8 100644 --- a/docs/evm/next/documentation/overview.mdx +++ b/docs/evm/next/documentation/overview.mdx @@ -6,12 +6,6 @@ mode: "wide" import { EthereumOutlineIcon, CosmosOutlineIcon } from '/snippets/icons.mdx' - -**About the examples in this documentation** - -Code and CLI examples use `evmd`, the reference implementation from [cosmos/evm](https://github.com/cosmos/evm). Examples can be run directly without modification using the native token denominations `test` (display) and `atest` (base, 18 decimals). To get started quickly, see [Local Node Setup](/docs/evm/next/documentation/getting-started/local-node-setup). - - Bootstrapping and customizing your own blockchain with full EVM compatibility, from start to finish. @@ -31,3 +25,8 @@ Code and CLI examples use `evmd`, the reference implementation from [cosmos/evm] + +**About the examples in this documentation** + +All code examples, migration guides and other material in these docs pertain soecifically to the [`cosmos/evm`](https://github.com/cosmos/evm) module or `evmd`, the reference implementation of the module in a "simapp" within the same project repo. + From e0a476e3a12d6390a5bfc6b5146758625c98514b Mon Sep 17 00:00:00 2001 From: Cordt Date: Thu, 16 Oct 2025 12:24:42 -0600 Subject: [PATCH 08/26] improve wording --- docs.json | 1 + .../build-a-chain/overview.mdx | 2 +- docs/evm/next/documentation/overview.mdx | 43 +++++++++++++++++-- 3 files changed, 41 insertions(+), 5 deletions(-) diff --git a/docs.json b/docs.json index 7f56dfd4..7f2b3971 100644 --- a/docs.json +++ b/docs.json @@ -201,6 +201,7 @@ "group": "Build Your Own Chain", "pages": [ "docs/evm/next/documentation/getting-started/build-a-chain/overview", + "docs/evm/next/documentation/getting-started/build-a-chain/initial-setup", "docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup", "docs/evm/next/documentation/getting-started/build-a-chain/runtime-and-launch", { diff --git a/docs/evm/next/documentation/getting-started/build-a-chain/overview.mdx b/docs/evm/next/documentation/getting-started/build-a-chain/overview.mdx index ef397f27..527f1292 100644 --- a/docs/evm/next/documentation/getting-started/build-a-chain/overview.mdx +++ b/docs/evm/next/documentation/getting-started/build-a-chain/overview.mdx @@ -5,7 +5,7 @@ description: "Everything you need to build your own custom blockchain with full Building a production-ready blockchain with Cosmos EVM involves configuring parameters across three main phases: pre-genesis setup, genesis configuration, and runtime deployment. This guide provides a structured approach to launching your own EVM-compatible Layer 1 chain. -## Why Start with evmd +## Why Cosmos-EVM? The Cosmos EVM repository includes `evmd`, a fully functional blockchain that integrates the Cosmos SDK with the EVM module. Because `evmd` is developed and maintained alongside the module itself, it serves as the canonical reference implementation with production-ready defaults and best practices. diff --git a/docs/evm/next/documentation/overview.mdx b/docs/evm/next/documentation/overview.mdx index 17ab34e8..39224258 100644 --- a/docs/evm/next/documentation/overview.mdx +++ b/docs/evm/next/documentation/overview.mdx @@ -25,8 +25,43 @@ import { EthereumOutlineIcon, CosmosOutlineIcon } from '/snippets/icons.mdx' - -**About the examples in this documentation** +## Why Cosmos EVM + +Cosmos EVM provides a production-ready foundation for building EVM-compatible blockchains with the full power of the Cosmos SDK. The repository includes `evmd`, a fully functional reference implementation that serves as the canonical starting point for teams launching their own chains. + +### Complete EVM Compatibility + +From a developer's perspective, chains built with Cosmos EVM are **indistinguishable from canonical EVM chains** like Ethereum mainnet. Your existing tooling, workflows, and even AI coding assistants work without modification: + +- **Deploy contracts** using Hardhat, Foundry, or Remix exactly as you would on Ethereum +- **Connect wallets** like MetaMask, WalletConnect, or Rabby without custom configuration +- **Use standard libraries** such as ethers.js, viem, and web3.js with zero changes +- **AI tools work seamlessly** - Claude, ChatGPT, and other AI assistants treat your local testnet as if it's Ethereum mainnet, deploying contracts and interacting with them using standard Ethereum patterns + +All user-facing components are identical. The difference lies in what happens under the hood: instant finality, native IBC interoperability, and direct access to Cosmos SDK modules from your smart contracts. + +## The Easiest Way To Launch an EVM Layer 1 + +### Advantages of Starting with Cosmos-EVM + +Building with `Cosmos-EVM` comes with numerous benefits:: + +- **Greater compatibility** - Direct alignment with the module's development ensures configurations work as intended +- **Improved troubleshooting** - Similarity to the base project simplifies diagnosing and resolving issues +- **Proven architecture** - At the core of Cosmos-SDK is `go-ethereum` (Geth), the most widely used and battle-tested Ethereum client +- **Production ready** - Fully audited codebase [(read our audit)](#audits) +- **Active ecosystem** - Join a growing number of projects already running Cosmos EVM and be part of the shift to more efficient, affordable networks + + + Rather than assembling components from scratch, fork `evmd` and customize it for your specific needs. This approach lets you focus on what makes your chain unique rather than debugging basic integration issues. + + + +## Audits + +Cosmos EVM has undergone comprehensive third-party security audits to ensure production readiness: + + + Comprehensive security assessment of Cosmos EVM + -All code examples, migration guides and other material in these docs pertain soecifically to the [`cosmos/evm`](https://github.com/cosmos/evm) module or `evmd`, the reference implementation of the module in a "simapp" within the same project repo. - From 32cf70f6d2d7c7f4d55168bb00077dbd15567044 Mon Sep 17 00:00:00 2001 From: Cordt Date: Thu, 16 Oct 2025 12:37:15 -0600 Subject: [PATCH 09/26] improve copy on main overview --- docs/evm/next/documentation/overview.mdx | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/docs/evm/next/documentation/overview.mdx b/docs/evm/next/documentation/overview.mdx index 39224258..0dcf85f7 100644 --- a/docs/evm/next/documentation/overview.mdx +++ b/docs/evm/next/documentation/overview.mdx @@ -6,10 +6,6 @@ mode: "wide" import { EthereumOutlineIcon, CosmosOutlineIcon } from '/snippets/icons.mdx' - - Bootstrapping and customizing your own blockchain with full EVM compatibility, from start to finish. - - } href="/docs/evm/next/documentation/evm-compatibility/overview"> Deploy existing Solidity contracts, use familiar tools like MetaMask, Hardhat, and Foundry @@ -51,17 +47,13 @@ Building with `Cosmos-EVM` comes with numerous benefits:: - **Proven architecture** - At the core of Cosmos-SDK is `go-ethereum` (Geth), the most widely used and battle-tested Ethereum client - **Production ready** - Fully audited codebase [(read our audit)](#audits) - **Active ecosystem** - Join a growing number of projects already running Cosmos EVM and be part of the shift to more efficient, affordable networks +- **Faster go-to-market** - Launch your EVM-compatible chain in weeks, not months by using `evmd` as a foundation - - Rather than assembling components from scratch, fork `evmd` and customize it for your specific needs. This approach lets you focus on what makes your chain unique rather than debugging basic integration issues. + +Use our `evmd` reference network as a starting point for bootstrapping your own blockchain with full EVM compatibility, from start to finish. - ## Audits -Cosmos EVM has undergone comprehensive third-party security audits to ensure production readiness: - - - Comprehensive security assessment of Cosmos EVM - - +The [Cosoms/EVM](https://gitjub.com/cosmos/evm) codebase has undergone comprehensive third-party security audits and a full internal review by [Cosmos Labs](https://cosmoslabs.io) most experienced senior engineers: +[Read the full audit reports here.](https://github.com/cosmos/evm/blob/main/docs/audits/sherlock_2025_07_28_final.pdf) From 6e89d6cf7e9cbed269f9a31a8f27eb9b49618482 Mon Sep 17 00:00:00 2001 From: Cordt Date: Fri, 17 Oct 2025 10:14:15 -0600 Subject: [PATCH 10/26] remove redundant info --- .../pre-genesis-and-genesis-setup.mdx | 20 +- .../getting-started/local-node-setup.mdx | 760 ++---------------- 2 files changed, 56 insertions(+), 724 deletions(-) diff --git a/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup.mdx b/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup.mdx index 382f01e9..772a80dd 100644 --- a/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup.mdx +++ b/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup.mdx @@ -152,7 +152,7 @@ Confirm these parameters before running `yourchain init`. These parameters are c -```bash expandable +```bash # 1. Navigate to evm repository cd /path/to/evm @@ -182,18 +182,18 @@ make build **1. Rename the binary directory:** -```bash expandable +```bash mv evmd yourchain ``` **2. Update Go imports in all `.go` files:** -```bash expandable +```bash find . -type f -name "*.go" -exec sed -i '' \ 's|github.com/cosmos/evm/evmd|github.com/your-org/your-chain/yourchain|g' {} \; ``` **3. Update `go.mod` module declaration:** -```go expandable +```go // From: module github.com/cosmos/evm @@ -202,17 +202,17 @@ module github.com/your-org/your-chain ``` **4. Update Makefile references:** -```bash expandable +```bash sed -i '' 's/evmd/yourchain/g' Makefile ``` **5. Run go mod tidy:** -```bash expandable +```bash go mod tidy ``` **6. Build and verify:** -```bash expandable +```bash make build ./build/yourchain version ``` @@ -226,7 +226,7 @@ The renaming process updates: - `evmd/cmd/evmd/` → `yourchain/cmd/yourchain/` **Go Import Paths:** -```go expandable +```go // Before import "github.com/cosmos/evm/evmd/cmd" @@ -235,7 +235,7 @@ import "github.com/your-org/your-chain/yourchain/cmd" ``` **Module Declaration:** -```go expandable +```go // go.mod before module github.com/cosmos/evm @@ -296,7 +296,7 @@ const ( ``` **After changing, rebuild:** -```bash expandable +```bash make build ``` diff --git a/docs/evm/next/documentation/getting-started/local-node-setup.mdx b/docs/evm/next/documentation/getting-started/local-node-setup.mdx index f7fe4f63..b73e4df8 100644 --- a/docs/evm/next/documentation/getting-started/local-node-setup.mdx +++ b/docs/evm/next/documentation/getting-started/local-node-setup.mdx @@ -4,24 +4,6 @@ description: 'Quickly test and iterate over your ideas using a local network, cu --- The `local_node.sh` script can quickly set up a preconfigured local blockchain, complete with pre-funded accounts, streamlined consensus parameters, and all available endpoints exposed. This is ideal for development, testing, and experimentation. -If that setup is suitable for your needs, you can just run the script from the root of the repository. -If your needs are more complex, you can adjust the script or use it as a reference for your own setup. - - -## Overview - -The local node script automates the entire process of: -- Building and installing the chain binary -- Creating a fresh chain with proper configuration -- Setting up multiple pre-funded development accounts -- Configuring optimized parameters for fast local testing -- Enabling all APIs and metrics for development - -This makes it ideal for: -- Testing configuration changes during chain customization -- Rapid iteration on smart contracts and applications -- Integration testing with a complete local environment -- Learning and experimenting with the platform ## Quick Start @@ -39,9 +21,12 @@ This will: - Start the node with all APIs enabled -The script requires `jq` to be installed. If you don't have it: -- macOS: `brew install jq` -- Linux: `apt install jq` or `yum install jq` +**Prerequisites:** +- **Go toolchain** - Required for building the binary +- **Make** - Used to build and install `evmd` +- **jq** - JSON processor for genesis modifications + - macOS: `brew install jq` + - Linux: `apt install jq` or `yum install jq` ## Command-Line Options @@ -100,9 +85,9 @@ mnemonics: - "your third mnemonic phrase here" ``` - + You cannot use both `--mnemonics-input` and `--additional-users` together. Use `--mnemonics-input` to provide all accounts, or use `--additional-users` to generate additional random accounts. - + ## Default Configuration @@ -182,143 +167,31 @@ These are **well-known test accounts**. Never use them on public networks or wit ## Genesis Configuration -The script applies numerous genesis customizations to create an optimal development environment: - -### Token Configuration - -```json -{ - "staking": { "bond_denom": "atest" }, - "evm": { "evm_denom": "atest" }, - "mint": { "mint_denom": "atest" }, - "gov": { - "min_deposit": [{ "denom": "atest" }], - "expedited_min_deposit": [{ "denom": "atest" }] - } -} -``` - -All modules use `atest` as the base denomination. - -### Denomination Metadata - -```json -{ - "base": "atest", - "display": "test", - "name": "Test Token", - "symbol": "TEST", - "denom_units": [ - { "denom": "atest", "exponent": 0, "aliases": ["attotest"] }, - { "denom": "test", "exponent": 18, "aliases": [] } - ] -} -``` - -### ERC20 Configuration - -A native precompile is configured for the test token: - -```json -{ - "native_precompiles": ["0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE"], - "token_pairs": [{ - "contract_owner": 1, - "erc20_address": "0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE", - "denom": "atest", - "enabled": true - }] -} -``` +The script applies numerous genesis customizations optimized for development: -This allows the native token to be used as an ERC20 at the special address `0xEeee...EEeE`. - -### Active Precompiles - -All standard precompiles are enabled: - -```json -[ - "0x0000000000000000000000000000000000000100", // P256 - "0x0000000000000000000000000000000000000400", // Bech32 - "0x0000000000000000000000000000000000000800", // Staking - "0x0000000000000000000000000000000000000801", // Distribution - "0x0000000000000000000000000000000000000802", // ICS20 - "0x0000000000000000000000000000000000000803", // Vesting - "0x0000000000000000000000000000000000000804", // Bank - "0x0000000000000000000000000000000000000805", // Governance - "0x0000000000000000000000000000000000000806", // Slashing - "0x0000000000000000000000000000000000000807" // [UNDEFINED - script error] -] -``` - - -The address `0x807` is included in the script but does not correspond to any precompile in the codebase. - +- **Token denomination**: `atest` (18 decimals) configured across all modules +- **ERC20 native token**: Available at `0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE` +- **Precompiles**: All standard precompiles enabled (P256, Bech32, Staking, Distribution, ICS20, Vesting, Bank, Governance, Slashing) +- **Governance**: Fast testing periods (30s voting, 15s expedited) +- **Block gas**: 10M gas per block -### Governance Parameters - -Proposal periods are dramatically shortened for fast testing: - -```json -{ - "max_deposit_period": "30s", // Down from 48 hours - "voting_period": "30s", // Down from 48 hours - "expedited_voting_period": "15s" // Down from 24 hours -} -``` - -### Block Parameters - -```json -{ - "max_gas": "10000000" // 10M gas per block -} -``` + +For complete parameter descriptions and customization options, see the [Configuration Reference](/docs/evm/next/documentation/getting-started/build-a-chain/configuration-reference). + ## Node Configuration -### Consensus Timeouts (config.toml) - -All consensus timeouts are optimized for fast block production: - -| Parameter | Default | Local Node | Purpose | -|-----------|---------|------------|---------| -| `timeout_propose` | 3s | **2s** | Block proposal timeout | -| `timeout_propose_delta` | 500ms | **200ms** | Proposal timeout increase per round | -| `timeout_prevote` | 1s | **500ms** | Prevote timeout | -| `timeout_prevote_delta` | 500ms | **200ms** | Prevote timeout increase per round | -| `timeout_precommit` | 1s | **500ms** | Precommit timeout | -| `timeout_precommit_delta` | 500ms | **200ms** | Precommit timeout increase per round | -| `timeout_commit` | 5s | **1s** | Time to wait after commit before starting new height | -| `timeout_broadcast_tx_commit` | 10s | **5s** | Transaction broadcast timeout | +The script optimizes several runtime configurations for local development: -These faster timeouts result in ~1 second block times instead of the default ~5 seconds. +### Consensus & Block Times +- **Fast consensus**: Reduced timeouts result in ~1 second block times (vs default ~5 seconds) +- **Quick commit**: `timeout_commit = 1s` for rapid iteration -### API Configuration (app.toml) +### APIs & Endpoints +- **All APIs enabled**: gRPC, REST, JSON-RPC (eth, txpool, personal, net, debug, web3) +- **Metrics enabled**: Prometheus metrics available at `http://localhost:26660/metrics` -All APIs are enabled for maximum development flexibility: - -```toml -[api] -enable = true # gRPC Gateway (REST) -enabled = true # Additional APIs - -[json-rpc] -# Enabled APIs: eth, txpool, personal, net, debug, web3 -``` - -### Metrics (config.toml & app.toml) - -```toml -[instrumentation] -prometheus = true # Enable Prometheus metrics - -[telemetry] -prometheus-retention-time = "1000000000000" # Very long retention -``` - -Access metrics at `http://localhost:26660/metrics` (Tendermint) and configured app ports. +See the [Configuration Reference](/docs/evm/next/documentation/getting-started/build-a-chain/configuration-reference) for detailed parameter descriptions. ## Node Startup Configuration @@ -348,573 +221,32 @@ evmd start \ ## Customizing the Local Node Script -The `local_node.sh` script is designed for easy modification to test different chain configurations. All customizations are made by editing the script directly before running. - -### Script Variables - -Edit at the top of `local_node.sh`: - -| Variable | Line | Default | Purpose | -|----------|------|---------|---------| -| `CHAINID` | 3 | `9001` | Cosmos chain ID (overridable via `CHAIN_ID` env var) | -| `MONIKER` | 4 | `localtestnet` | Node identifier | -| `LOGLEVEL` | 11 | `info` | Log verbosity: `debug`, `info`, `warn`, `error` | -| `BASEFEE` | 15 | `10000000` | Initial EIP-1559 base fee | - - -```bash Environment variable -export CHAIN_ID=1234 -./local_node.sh -``` - -```bash Edit script -# Edit local_node.sh lines 11 and 15: -LOGLEVEL="debug" -BASEFEE=1000000 - -./local_node.sh -``` - - -### Validator Configuration - -The validator account is created with: -- Key name: `mykey` -- Funded with: `100000000000000000000000000atest` (100M TEST) -- Self-delegation: `1000000000000000000000atest` (1000 TEST) -- Mnemonic: `gesture inject test cycle original hollow...` (see script) - -### Genesis Parameter Customization - -The script modifies `genesis.json` to configure the chain. To customize parameters: - -1. **Open the script**: Edit `/path/to/evm/local_node.sh` in your text editor -2. **Locate the genesis customization section**: Lines 233-255 contain `jq` commands that modify `genesis.json` -3. **Add or modify `jq` commands**: Insert your customizations in this section -4. **Run the script**: Execute `./local_node.sh -y` to apply changes - -Below are commonly adjusted parameters with specific instructions on where and how to modify them. - - - - -#### x/vm (EVM) Module - -Core EVM behavior. Modified in genesis customization section (lines 238-245): - - - - -The denomination used for gas payments and EVM state transitions. - -**Where to modify:** Lines 238 and 245 in `local_node.sh` - -**How to modify:** -1. Open `local_node.sh` in your editor -2. Find lines 238 and 245 (both set `evm_denom`) -3. Change `"atest"` to your desired denomination -4. Save and run `./local_node.sh -y` - -**Default (18-decimal token):** -```bash -jq '.app_state["evm"]["params"]["evm_denom"]="atest"' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" -``` - -**For 6-decimal token:** -```bash -jq '.app_state["evm"]["params"]["evm_denom"]="utest"' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" -``` - - -With 6-decimal base denoms like `utest`, the `x/precisebank` module automatically extends precision to 18 decimals for EVM compatibility. - - +The `local_node.sh` script can be customized to test different chain configurations. To modify parameters: - - -Controls which precompiled contracts are enabled. - -**Where to modify:** Line 243 in `local_node.sh` - -**How to modify:** -1. Open `local_node.sh` in your editor -2. Find line 243 (the `active_static_precompiles` array) -3. Add or remove addresses from the array -4. Ensure addresses remain sorted in ascending order -5. Save and run `./local_node.sh -y` - -**Available Precompiles:** - -| Address | Precompile | Purpose | -|---------|------------|---------| -| `0x...0100` | P256 | secp256r1 signature verification | -| `0x...0400` | Bech32 | Address format conversion | -| `0x...0800` | Staking | Validator and delegation operations | -| `0x...0801` | Distribution | Staking rewards withdrawal | -| `0x...0802` | ICS20 | IBC token transfers | -| `0x...0803` | Vesting | Vesting account operations | -| `0x...0804` | Bank | Native token balance queries | -| `0x...0805` | Governance | On-chain governance | -| `0x...0806` | Slashing | Validator slashing management | - -```bash expandable title="Example: All Precompiles (edit line 243)" -jq '.app_state["evm"]["params"]["active_static_precompiles"]=[ - "0x0000000000000000000000000000000000000100", - "0x0000000000000000000000000000000000000400", - "0x0000000000000000000000000000000000000800", - "0x0000000000000000000000000000000000000801", - "0x0000000000000000000000000000000000000802", - "0x0000000000000000000000000000000000000803", - "0x0000000000000000000000000000000000000804", - "0x0000000000000000000000000000000000000805", - "0x0000000000000000000000000000000000000806" -]' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" -``` +1. **Open the script** in your text editor +2. **Locate the genesis customization section** (lines 233-255 with `jq` commands) +3. **Add or modify `jq` commands** for your desired parameters +4. **Run the script** with `./local_node.sh -y` to apply changes -```bash -# Example: Only staking and bank (edit line 243) -jq '.app_state["evm"]["params"]["active_static_precompiles"]=[ - "0x0000000000000000000000000000000000000800", - "0x0000000000000000000000000000000000000804" -]' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" -``` +### Quick Customization Options - -Addresses must be sorted in ascending order. The script currently includes `0x807` which is not defined in the codebase. - - - - - -Additional Ethereum Improvement Proposals to enable. - -**Where to modify:** Add after line 245 in `local_node.sh` - -**How to modify:** -1. Open `local_node.sh` in your editor -2. After line 245 (after the second `evm_denom` setting), add a new line -3. Insert the `jq` command below with your desired EIP numbers -4. Save and run `./local_node.sh -y` - -```bash -# Example: Enable EIP-3855 (PUSH0) and EIP-3860 (Limit initcode) -jq '.app_state["evm"]["params"]["extra_eips"]=[3855, 3860]' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" -``` - - - - -Permission policy for contract creation and calls. - -**Where to modify:** Add after line 245 in `local_node.sh` - -**How to modify:** -1. Open `local_node.sh` in your editor -2. After line 245, add new lines for access control configuration -3. Insert one of the `jq` commands below depending on your needs -4. Save and run `./local_node.sh -y` - -**Access Types:** -- `ACCESS_TYPE_PERMISSIONLESS`: No restrictions -- `ACCESS_TYPE_RESTRICTED`: Operation blocked for everyone -- `ACCESS_TYPE_PERMISSIONED`: Only whitelisted addresses allowed - -```bash expandable title="Access Control Examples" -# Permissionless (default - no changes needed) -jq '.app_state["evm"]["params"]["access_control"]={ - "create": {"access_type": "ACCESS_TYPE_PERMISSIONLESS", "access_control_list": []}, - "call": {"access_type": "ACCESS_TYPE_PERMISSIONLESS", "access_control_list": []} -}' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" - -# Restrict contract creation entirely -jq '.app_state["evm"]["params"]["access_control"]["create"]["access_type"]="ACCESS_TYPE_RESTRICTED"' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" - -# Whitelist specific addresses for contract creation -jq '.app_state["evm"]["params"]["access_control"]["create"]={ - "access_type": "ACCESS_TYPE_PERMISSIONED", - "access_control_list": ["0xC6Fe5D33615a1C52c08018c47E8Bc53646A0E101"] -}' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" -``` - - - - -Number of historical blocks available for EIP-2935 block hash queries. - -**Where to modify:** Add after line 245 in `local_node.sh` - -**How to modify:** -1. Open `local_node.sh` in your editor -2. After line 245, add a new line -3. Insert the `jq` command below with your desired window size -4. Save and run `./local_node.sh -y` - -```bash -# Default: 8192 blocks -jq '.app_state["evm"]["params"]["history_serve_window"]=8192' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" - -# Example: Increase for more historical data -jq '.app_state["evm"]["params"]["history_serve_window"]=100000' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" -``` - - - -#### x/erc20 Module - -Native Cosmos token to ERC20 token conversion. - - - - -Native tokens exposed as ERC20 contracts at fixed addresses. - -**Where to modify:** Line 247 in `local_node.sh` - -**How to modify:** -1. Open `local_node.sh` in your editor -2. Find line 247 (`native_precompiles` array) -3. Modify the array to include your token addresses -4. Save and run `./local_node.sh -y` - -```bash -# Default: TEST token at special address -jq '.app_state.erc20.native_precompiles=["0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE"]' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" -``` - - - - -Registered mappings between Cosmos denoms and ERC20 addresses. - -**Where to modify:** Line 248 in `local_node.sh` - -**How to modify:** -1. Open `local_node.sh` in your editor -2. Find line 248 (`token_pairs` array) -3. Modify the array to match your denomination and ERC20 address -4. Save and run `./local_node.sh -y` - -```bash -# Default: Register native token -jq '.app_state.erc20.token_pairs=[{ - contract_owner: 1, - erc20_address: "0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE", - denom: "atest", - enabled: true -}]' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" -``` - - - - -**Where to modify:** Add after line 248 in `local_node.sh` - -**How to modify:** -1. Open `local_node.sh` in your editor -2. After line 248, add a new line -3. Insert the `jq` command below -4. Save and run `./local_node.sh -y` - -```bash -jq '.app_state.erc20.params={ - "enable_erc20": true, - "permissionless_registration": false -}' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" -``` - -| Parameter | Description | -|-----------|-------------| -| `enable_erc20` | Enable/disable ERC20 token conversions | -| `permissionless_registration` | Allow permissionless ERC20 registration | - - - -#### x/feemarket Module - -EIP-1559 fee mechanism. - -**Where to modify:** Add after line 250 in `local_node.sh` - -**How to modify:** -1. Open `local_node.sh` in your editor -2. After line 250 (the `max_gas` setting), add new lines -3. Insert the `jq` command below with your fee market configuration -4. Save and run `./local_node.sh -y` - -```bash expandable title="Fee Market Configuration" -jq '.app_state.feemarket.params={ - "no_base_fee": false, - "base_fee_change_denominator": 8, - "elasticity_multiplier": 2, - "enable_height": 0, - "base_fee": "10000000", - "min_gas_price": "0.0", - "min_gas_multiplier": "0.5" -}' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" -``` - -| Parameter | Default | Description | -|-----------|---------|-------------| -| `no_base_fee` | `false` | Disable base fee calculation (forces to 0) | -| `base_fee_change_denominator` | `8` | Bounds base fee change between blocks | -| `elasticity_multiplier` | `2` | Max gas = block target × this value | -| `base_fee` | `10000000` | Initial base fee for EIP-1559 | -| `min_gas_price` | `0.0` | Minimum gas price floor | -| `min_gas_multiplier` | `0.5` | Minimum gas charged based on limit | - - - - - -#### x/staking Module - -Proof-of-Stake consensus and validator operations. - -**Where to modify:** Add after line 250 in `local_node.sh` - -**How to modify:** -1. Open `local_node.sh` in your editor -2. After line 250, add new lines for staking parameters -3. Insert the `jq` commands below for parameters you want to customize -4. Save and run `./local_node.sh -y` - -```bash expandable title="Staking Parameters" -# Unbonding time (default: 1814400s = 21 days) -jq '.app_state.staking.params.unbonding_time="300s"' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" - -# Max validators (default: 100) -jq '.app_state.staking.params.max_validators=50' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" - -# Min commission rate (default: 0%) -jq '.app_state.staking.params.min_commission_rate="0.050000000000000000"' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" - -# Max entries (default: 7) -jq '.app_state.staking.params.max_entries=10' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" - -# Historical entries (default: 10000) -jq '.app_state.staking.params.historical_entries=1000' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" -``` - -| Parameter | Description | -|-----------|-------------| -| `unbonding_time` | Time for tokens to unbond before withdrawal | -| `max_validators` | Maximum active validator set size | -| `min_commission_rate` | Minimum commission validators must charge | -| `max_entries` | Max unbonding/redelegation entries per pair | -| `historical_entries` | Historical info entries kept | - -#### x/slashing Module - -Validator penalties for misbehavior. - -**Where to modify:** Add after line 250 in `local_node.sh` - -**How to modify:** -1. Open `local_node.sh` in your editor -2. After line 250, add new lines for slashing parameters -3. Insert the `jq` commands below for parameters you want to customize -4. Save and run `./local_node.sh -y` - -```bash expandable title="Slashing Parameters" -# Slash fraction for double signing (default: 0.05 = 5%) -jq '.app_state.slashing.params.slash_fraction_double_sign="0.100000000000000000"' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" - -# Slash fraction for downtime (default: 0.01 = 1%) -jq '.app_state.slashing.params.slash_fraction_downtime="0.005000000000000000"' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" - -# Downtime jail duration (default: 600s) -jq '.app_state.slashing.params.downtime_jail_duration="60s"' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" - -# Signed blocks window (default: 100) -jq '.app_state.slashing.params.signed_blocks_window="1000"' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" - -# Min signed per window (default: 0.5 = 50%) -jq '.app_state.slashing.params.min_signed_per_window="0.900000000000000000"' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" -``` - -| Parameter | Description | -|-----------|-------------| -| `slash_fraction_double_sign` | Stake slashed for equivocation | -| `slash_fraction_downtime` | Stake slashed for extended downtime | -| `downtime_jail_duration` | Jail time for downtime infraction | -| `signed_blocks_window` | Window for downtime tracking | -| `min_signed_per_window` | Minimum blocks signed to avoid jail | - - - - - -#### x/gov Module - -On-chain governance proposals and voting. - -**Where to modify:** Lines 253-255 in `local_node.sh` (already configured), or add after line 250 for additional params - -**How to modify:** -1. Open `local_node.sh` in your editor -2. Lines 253-255 already modify governance periods with `sed` commands - edit these values directly -3. For additional parameters (deposit, quorum, threshold), add `jq` commands after line 250 -4. Save and run `./local_node.sh -y` - -```bash expandable title="Governance Parameters" -# Voting period (ALREADY AT LINE 254 - edit directly) -sed -i.bak 's/"voting_period": "172800s"/"voting_period": "10s"/g' "$GENESIS" - -# Expedited voting period (ALREADY AT LINE 255 - edit directly) -sed -i.bak 's/"expedited_voting_period": "86400s"/"expedited_voting_period": "5s"/g' "$GENESIS" - -# Max deposit period (ALREADY AT LINE 253 - edit directly) -sed -i.bak 's/"max_deposit_period": "172800s"/"max_deposit_period": "60s"/g' "$GENESIS" - -# Additional parameters (ADD AFTER LINE 250): -# Minimum deposit amount -jq '.app_state.gov.params.min_deposit=[{"denom":"atest","amount":"1000000000000000000"}]' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" - -# Quorum (default: 0.334 = 33.4%) -jq '.app_state.gov.params.quorum="0.500000000000000000"' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" - -# Threshold (default: 0.5 = 50%) -jq '.app_state.gov.params.threshold="0.667000000000000000"' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" -``` - -| Parameter | Description | -|-----------|-------------| -| `voting_period` | Duration of voting period | -| `expedited_voting_period` | Duration for expedited proposals | -| `max_deposit_period` | Time to reach minimum deposit | -| `min_deposit` | Minimum deposit to enter voting | -| `quorum` | Minimum participation for validity | -| `threshold` | Minimum yes votes to pass | - -#### x/mint Module - -Token inflation and minting. - -**Where to modify:** Add after line 250 in `local_node.sh` - -**How to modify:** -1. Open `local_node.sh` in your editor -2. After line 250, add new lines for mint parameters -3. Insert the `jq` commands below for parameters you want to customize -4. Save and run `./local_node.sh -y` - -```bash expandable title="Mint Parameters" -# Inflation max (default: 0.20 = 20%) -jq '.app_state.mint.params.inflation_max="0.100000000000000000"' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" - -# Inflation min (default: 0.07 = 7%) -jq '.app_state.mint.params.inflation_min="0.050000000000000000"' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" - -# Inflation rate change (default: 0.13 = 13%) -jq '.app_state.mint.params.inflation_rate_change="0.080000000000000000"' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" - -# Goal bonded ratio (default: 0.67 = 67%) -jq '.app_state.mint.params.goal_bonded="0.500000000000000000"' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" - -# Blocks per year (default: 6311520) -jq '.app_state.mint.params.blocks_per_year="31557600"' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" -``` - -| Parameter | Description | -|-----------|-------------| -| `inflation_max` | Maximum annual inflation rate | -| `inflation_min` | Minimum annual inflation rate | -| `inflation_rate_change` | Max inflation change per year | -| `goal_bonded` | Target bonded token ratio | -| `blocks_per_year` | Expected blocks per year | - -#### x/distribution Module - -Staking rewards distribution. - -**Where to modify:** Add after line 250 in `local_node.sh` - -**How to modify:** -1. Open `local_node.sh` in your editor -2. After line 250, add new lines for distribution parameters -3. Insert the `jq` commands below -4. Save and run `./local_node.sh -y` - -```bash -# Community tax (default: 0.02 = 2%) -jq '.app_state.distribution.params.community_tax="0.100000000000000000"' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" - -# Withdraw address enabled (default: true) -jq '.app_state.distribution.params.withdraw_addr_enabled=false' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" -``` - -| Parameter | Description | -|-----------|-------------| -| `community_tax` | Percentage of rewards to community pool | -| `withdraw_addr_enabled` | Allow setting custom withdrawal addresses | - - - - - -#### Block Parameters - -**Where to modify:** Line 250 in `local_node.sh` (already configured) - -**How to modify:** -1. Open `local_node.sh` in your editor -2. Find line 250 (sets `max_gas`) -3. Edit the value `"10000000"` to your desired gas limit -4. Save and run `./local_node.sh -y` - -```bash -# Default modified to 10M gas (edit line 250 directly) -jq '.consensus.params.block.max_gas="10000000"' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" - -# Example: High throughput (100M gas) -jq '.consensus.params.block.max_gas="100000000"' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" - -# Example: Unlimited gas (use with caution) -jq '.consensus.params.block.max_gas="-1"' "$GENESIS" >"$TMP_GENESIS" && mv "$TMP_GENESIS" "$GENESIS" -``` - -#### Consensus Timeouts - -**Where to modify:** Lines 261-268 in `local_node.sh` (already configured) - -**How to modify:** -1. Open `local_node.sh` in your editor -2. Find lines 261-268 (contains `sed` commands modifying `config.toml`) -3. Edit the timeout values in these `sed` commands directly -4. Save and run `./local_node.sh -y` - - -These modify `config.toml` (not `genesis.json`). The `timeout_commit` parameter determines block time. - - -```bash expandable title="Consensus Timeout Configuration" -# Block proposal timeout (LINE 261 - currently set to 2s) -sed -i.bak 's/timeout_propose = "3s"/timeout_propose = "1s"/g' "$CONFIG_TOML" - -# Commit timeout = block time (LINE 267 - currently set to 1s) -sed -i.bak 's/timeout_commit = "5s"/timeout_commit = "500ms"/g' "$CONFIG_TOML" - -# Prevote timeout (LINE 263 - currently set to 500ms) -sed -i.bak 's/timeout_prevote = "1s"/timeout_prevote = "250ms"/g' "$CONFIG_TOML" - -# Precommit timeout (LINE 265 - currently set to 500ms) -sed -i.bak 's/timeout_precommit = "1s"/timeout_precommit = "250ms"/g' "$CONFIG_TOML" - -# Timeout deltas (LINES 262, 264, 266 - currently set to 200ms) -sed -i.bak 's/timeout_propose_delta = "500ms"/timeout_propose_delta = "100ms"/g' "$CONFIG_TOML" -sed -i.bak 's/timeout_prevote_delta = "500ms"/timeout_prevote_delta = "100ms"/g' "$CONFIG_TOML" -sed -i.bak 's/timeout_precommit_delta = "500ms"/timeout_precommit_delta = "100ms"/g' "$CONFIG_TOML" -``` +**Top-level variables** (edit at top of script): +- `CHAINID` (line 3) - Cosmos chain ID, default: `9001` +- `MONIKER` (line 4) - Node identifier, default: `localtestnet` +- `LOGLEVEL` (line 11) - Log verbosity: `debug`, `info`, `warn`, `error` +- `BASEFEE` (line 15) - Initial EIP-1559 base fee, default: `10000000` -| Parameter | Description | -|-----------|-------------| -| `timeout_propose` | Time to propose a block | -| `timeout_commit` | Time before starting next height (determines block time) | -| `timeout_prevote` | Time for prevote step | -| `timeout_precommit` | Time for precommit step | +**Common customizations**: +- Token denomination and metadata +- Active precompiles +- Access control policies +- Fee market parameters +- Governance timing +- Consensus timeouts - - + +For complete parameter descriptions and examples, see the [Configuration Reference](/docs/evm/next/documentation/getting-started/build-a-chain/configuration-reference) and [Chain Configuration Guide](/docs/evm/next/documentation/getting-started/build-a-chain/configuration-parameters). + ## Connecting to the Local Node From 6c5802d01a302be592c52892a07ab94e4ff3e292 Mon Sep 17 00:00:00 2001 From: Cordt Date: Fri, 17 Oct 2025 10:29:50 -0600 Subject: [PATCH 11/26] condense / optimize overall size of config pages --- .../build-a-chain/initial-setup.mdx | 28 ++--- .../pre-genesis-and-genesis-setup.mdx | 106 +++++++++++++----- 2 files changed, 88 insertions(+), 46 deletions(-) diff --git a/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx b/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx index 2f9c6ed8..70bdfbc6 100644 --- a/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx +++ b/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx @@ -3,7 +3,7 @@ title: "Initial Setup" description: "Fork the evmd repository and prepare your development environment for building your EVM L1 chain." --- -This guide walks you through the initial steps of creating your own Cosmos EVM chain, from forking the repository to preparing your development environment. Once complete, you'll be ready to begin configuring your chain's parameters. +This page provides a very basic starting point for newer developers, or those who are unfamiliar with the Cosmos SDK. You can skip to the [Pre-Genesis & Genesis Setup](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup) page if you are already comfortable with the stack. ## Prerequisites @@ -26,13 +26,13 @@ Building Cosmos EVM requires several tools and dependencies. Installation varies Install Homebrew if you haven't already: -```bash expandable +```bash /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" ``` Install the required dependencies: -```bash expandable +```bash # Install build essentials brew install git make gcc @@ -46,7 +46,7 @@ source ~/.zshrc Verify installations: -```bash expandable +```bash go version # Should show 1.22 or higher git --version make --version @@ -60,7 +60,7 @@ gcc --version Install Homebrew if you haven't already: -```bash expandable +```bash /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" ``` @@ -94,7 +94,7 @@ source ~/.zshrc Verify installations: -```bash expandable +```bash go version # Should show 1.22 or higher git --version make --version @@ -108,7 +108,7 @@ gcc --version Update package lists and install build essentials: -```bash expandable +```bash # Update package lists sudo apt update && sudo apt upgrade -y @@ -143,7 +143,7 @@ mkdir -p $HOME/go/{bin,src,pkg} Verify installations: -```bash expandable +```bash go version # Should show 1.22 or higher git --version make --version @@ -157,7 +157,7 @@ gcc --version Update system and install dependencies: -```bash expandable +```bash # Update system sudo pacman -Syu @@ -175,7 +175,7 @@ If the version is lower, you may need to install from source or use a version ma Set up Go environment: -```bash expandable +```bash # Add Go environment variables (add to ~/.bashrc) echo 'export GOPATH=$HOME/go' >> ~/.bashrc echo 'export PATH=$PATH:$GOPATH/bin' >> ~/.bashrc @@ -201,7 +201,7 @@ gcc --version After installing the base dependencies, configure Git with your identity: -```bash expandable +```bash git config --global user.name "Your Name" git config --global user.email "your.email@example.com" ``` @@ -293,16 +293,12 @@ The repository includes a development script that launches a fully configured lo Run the script: -```bash expandable +```bash ./local_node.sh -y ``` This starts a local chain at `http://localhost:8545` that you can connect to with MetaMask or other Ethereum wallets (chain ID: `262144`). - -The `local_node.sh` script demonstrates a complete configuration in a single file. While you'll customize these settings for your production chain, reviewing the script provides valuable insight into the initialization sequence. See the [Configuration Reference](/docs/evm/next/documentation/getting-started/build-a-chain/configuration-reference#understanding-local_nodesh) for a detailed explanation. - - ## Next Steps With your development environment ready, you're now prepared to begin configuring your chain. The configuration process is divided into three phases: diff --git a/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup.mdx b/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup.mdx index 772a80dd..0210c3d9 100644 --- a/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup.mdx +++ b/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup.mdx @@ -142,6 +142,8 @@ Confirm these parameters before running `yourchain init`. These parameters are c ### Binary Name + + **Description**: The name of your compiled blockchain executable. **Default**: `evmd` @@ -152,7 +154,7 @@ Confirm these parameters before running `yourchain init`. These parameters are c -```bash +```bash expandable # 1. Navigate to evm repository cd /path/to/evm @@ -182,18 +184,18 @@ make build **1. Rename the binary directory:** -```bash +```bash expandable mv evmd yourchain ``` **2. Update Go imports in all `.go` files:** -```bash +```bash expandable find . -type f -name "*.go" -exec sed -i '' \ 's|github.com/cosmos/evm/evmd|github.com/your-org/your-chain/yourchain|g' {} \; ``` **3. Update `go.mod` module declaration:** -```go +```go expandable // From: module github.com/cosmos/evm @@ -202,17 +204,17 @@ module github.com/your-org/your-chain ``` **4. Update Makefile references:** -```bash +```bash expandable sed -i '' 's/evmd/yourchain/g' Makefile ``` **5. Run go mod tidy:** -```bash +```bash expandable go mod tidy ``` **6. Build and verify:** -```bash +```bash expandable make build ./build/yourchain version ``` @@ -226,7 +228,7 @@ The renaming process updates: - `evmd/cmd/evmd/` → `yourchain/cmd/yourchain/` **Go Import Paths:** -```go +```go expandable // Before import "github.com/cosmos/evm/evmd/cmd" @@ -235,7 +237,7 @@ import "github.com/your-org/your-chain/yourchain/cmd" ``` **Module Declaration:** -```go +```go expandable // go.mod before module github.com/cosmos/evm @@ -244,7 +246,7 @@ module github.com/your-org/your-chain ``` **Makefile:** -```makefile +```makefile expandable # Before BINARY_NAME := evmd @@ -256,10 +258,12 @@ BINARY_NAME := yourchain **Result**: Your binary will be named `yourchain` and all commands will use this name (e.g., `yourchain start`, `yourchain init`). - + ### Bech32 Address Prefix + + **Description**: Your chain's address format (e.g., `cosmos1...`, `evmos1...`, `yourchain1...`). **Default**: `cosmos` @@ -296,7 +300,7 @@ const ( ``` **After changing, rebuild:** -```bash +```bash expandable make build ``` @@ -342,10 +346,12 @@ Expected output: **Source**: [config/config.go:60-74](https://github.com/cosmos/evm/blob/main/config/config.go#L60-L74) - + ### BIP44 Coin Type + + **Description**: The HD wallet derivation path for key generation according to [BIP-44](https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki). **Default**: `60` (Ethereum) @@ -419,10 +425,12 @@ make build **Source**: [crypto/hd/hdpath.go:7-13](https://github.com/cosmos/evm/blob/main/crypto/hd/hdpath.go#L7-L13) - + ### EVM Chain ID + + **Description**: The EIP-155 chain ID used for Ethereum transaction replay protection. **Default**: `262144` @@ -535,10 +543,12 @@ const tx = { **Source**: [config/config.go:78](https://github.com/cosmos/evm/blob/main/config/config.go#L78) - + ### Token Decimal Precision + + **Description**: Determines whether your native token uses 18 decimals (like ETH) or another precision (like ATOM's 6 decimals). **Default**: 18 decimals @@ -694,10 +704,12 @@ app.ModuleManager = module.NewManager( - [Precision Handling Concepts](/docs/evm/next/documentation/concepts/precision-handling) - [PreciseBank Module Reference](/docs/evm/next/documentation/cosmos-sdk/modules/precisebank) - + ### Default Denomination in Source + + **Description**: Default token denominations hardcoded in source files that are used when generating configuration files. **Default**: `aatom` / `atom` @@ -842,6 +854,8 @@ If verification succeeds, your defaults are correctly configured. - [x/vm/types/params.go:21-25](https://github.com/cosmos/evm/blob/main/x/vm/types/params.go#L21-L25) - [config/constants.go:5-8](https://github.com/cosmos/evm/blob/main/config/constants.go#L5-L8) + + ## Genesis Configuration @@ -854,6 +868,8 @@ Genesis parameters can be modified until you distribute the genesis file to vali ### Initialize Your Chain + + First, initialize the chain to create the default genesis file: ```bash expandable @@ -873,10 +889,12 @@ This creates: Now proceed with genesis configuration below. - + ### Cosmos Chain ID + + **Description**: The unique string identifier for your blockchain in the Cosmos ecosystem. **Format**: Flexible string, commonly `{name}-{version}` @@ -960,10 +978,12 @@ dev-1 - Chain ID is included in all transactions and blocks - Cannot be changed after genesis without coordinated upgrade - + ### Genesis Time + + **Description**: UTC timestamp when the chain starts producing blocks. **Format**: RFC3339 timestamp (e.g., `"2024-12-01T00:00:00Z"`) @@ -1038,10 +1058,12 @@ T+10m: Verify all validators online **Important**: All validators must have identical `genesis_time` in their genesis files. - + ### Bank Denomination Metadata + + **Description**: Your token's base denomination, decimal precision, and display properties. **Genesis Location**: `app_state.bank.denom_metadata` @@ -1117,10 +1139,12 @@ jq '.app_state.gov.params.min_deposit[0].denom' $GENESIS - `app_state.evm.params.evm_denom` - `app_state.gov.params.min_deposit[0].denom` - + ### VM Parameters + + **Description**: Core EVM module configuration including gas token, extended denom options, and chain behavior. **Genesis Location**: `app_state.evm.params` @@ -1212,10 +1236,12 @@ jq '.app_state.evm.params.extra_eips = []' \ - + ### Active Precompiles + + **Description**: Enabled precompiled contracts that expose Cosmos SDK functionality to EVM smart contracts. **Genesis Location**: `app_state.evm.params.active_static_precompiles` @@ -1302,10 +1328,12 @@ jq '.app_state.evm.params.active_static_precompiles = []' \ **Source**: [x/vm/types/precompiles.go:22-32](https://github.com/cosmos/evm/blob/main/x/vm/types/precompiles.go#L22-L32) - + ### ERC20 Module + + **Description**: Configured token pairs between Cosmos bank denoms and ERC20 representations, implementing Single Token Representation v2 (STRv2). **Genesis Location**: `app_state.erc20` @@ -1393,10 +1421,12 @@ jq '.app_state.erc20.params.permissionless_registration = false' \ - + ### Fee Market (EIP-1559) + + **Description**: Dynamic fee pricing mechanism based on EIP-1559, controlling how transaction fees adjust based on network congestion. **Genesis Location**: `app_state.feemarket.params` @@ -1488,10 +1518,12 @@ jq '.app_state.feemarket.params = { **Source**: [x/feemarket/types/params.go:13-21](https://github.com/cosmos/evm/blob/main/x/feemarket/types/params.go#L13-L21) - + ### EVM Access Control + + **Description**: Permissions for deploying and calling smart contracts. **Genesis Location**: `app_state.evm.params.access_control` @@ -1572,10 +1604,12 @@ jq '.app_state.evm.params.access_control.create = { **Source**: [x/vm/types/params.go:160-165](https://github.com/cosmos/evm/blob/main/x/vm/types/params.go#L160-L165) - + ### Staking Parameters + + **Description**: Staking module behavior, including bond denom, unbonding time, and validator set size. **Genesis Location**: `app_state.staking.params` @@ -1659,10 +1693,12 @@ jq '.app_state.staking.params.max_validators = 100' \ - + ### Slashing Parameters + + **Description**: Thresholds and penalties for validator downtime or misbehavior. **Genesis Location**: `app_state.slashing.params` @@ -1749,10 +1785,12 @@ jq '.app_state.slashing.params = { - + ### Governance Parameters + + **Description**: Settings for on-chain governance including voting periods, quorum, and deposit requirements. **Genesis Location**: `app_state.gov.params` @@ -1840,10 +1878,12 @@ jq '.app_state.gov.params.expedited_voting_period = "86400s"' \ - + ### Mint Parameters + + **Description**: Token inflation and minting schedule. **Genesis Location**: `app_state.mint.params` @@ -1891,10 +1931,12 @@ jq '.app_state.mint.params = { - + ### Distribution Parameters + + **Description**: Token / reward distribution including community tax and proposer rewards. **Genesis Location**: `app_state.distribution.params` @@ -1930,10 +1972,12 @@ jq '.app_state.distribution.params = { - + ### Initial Accounts and Validators + + After configuring all genesis parameters, add initial accounts and collect validator gentxs. @@ -2049,6 +2093,8 @@ jq '.app_state.genutil.gen_txs | length' $GENESIS + + ## Next Steps From 020cfa31cdc3793f442dc931508d2f6cbb3627f4 Mon Sep 17 00:00:00 2001 From: Cordt Date: Fri, 17 Oct 2025 11:16:22 -0600 Subject: [PATCH 12/26] clean up and condense all chain build guides --- .../pre-genesis-and-genesis-setup.mdx | 140 ++++----- .../build-a-chain/runtime-and-launch.mdx | 280 +++++++----------- .../getting-started/build-a-chain/text | 21 -- 3 files changed, 175 insertions(+), 266 deletions(-) delete mode 100644 docs/evm/next/documentation/getting-started/build-a-chain/text diff --git a/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup.mdx b/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup.mdx index 0210c3d9..9001d83f 100644 --- a/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup.mdx +++ b/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup.mdx @@ -154,7 +154,8 @@ Confirm these parameters before running `yourchain init`. These parameters are c -```bash expandable + +```bash # 1. Navigate to evm repository cd /path/to/evm @@ -180,22 +181,26 @@ make build # 7. Verify ./build/yourchain version ``` + **1. Rename the binary directory:** -```bash expandable + +```bash mv evmd yourchain ``` **2. Update Go imports in all `.go` files:** -```bash expandable + +```bash find . -type f -name "*.go" -exec sed -i '' \ 's|github.com/cosmos/evm/evmd|github.com/your-org/your-chain/yourchain|g' {} \; ``` **3. Update `go.mod` module declaration:** -```go expandable + +```go // From: module github.com/cosmos/evm @@ -204,17 +209,19 @@ module github.com/your-org/your-chain ``` **4. Update Makefile references:** -```bash expandable + +```bash sed -i '' 's/evmd/yourchain/g' Makefile ``` **5. Run go mod tidy:** -```bash expandable +```bash go mod tidy ``` **6. Build and verify:** -```bash expandable + +```bash make build ./build/yourchain version ``` @@ -228,7 +235,8 @@ The renaming process updates: - `evmd/cmd/evmd/` → `yourchain/cmd/yourchain/` **Go Import Paths:** -```go expandable + +```go // Before import "github.com/cosmos/evm/evmd/cmd" @@ -237,7 +245,8 @@ import "github.com/your-org/your-chain/yourchain/cmd" ``` **Module Declaration:** -```go expandable + +```go // go.mod before module github.com/cosmos/evm @@ -246,7 +255,8 @@ module github.com/your-org/your-chain ``` **Makefile:** -```makefile expandable + +```makefile # Before BINARY_NAME := evmd @@ -300,7 +310,8 @@ const ( ``` **After changing, rebuild:** -```bash expandable + +```bash make build ``` @@ -323,7 +334,7 @@ All these are automatically derived from the base `Bech32Prefix`. After building with your new prefix, verify it works: -```bash expandable +```bash # Initialize chain ./build/yourchain init test --chain-id test-1 @@ -364,7 +375,7 @@ Expected output: **For EVM-compatible chains, use the default:** -```go expandable +```go var ( // Bip44CoinType satisfies EIP84 for Ethereum compatibility Bip44CoinType uint32 = 60 @@ -390,7 +401,7 @@ var ( 3. **Update the code** in `crypto/hd/hdpath.go`: -```go expandable +```go var ( // Bip44CoinType for your chain Bip44CoinType uint32 = 12345 // Your registered number @@ -401,7 +412,8 @@ var ( ``` 4. **Rebuild the binary:** -```bash expandable + +```bash make build ``` @@ -447,7 +459,7 @@ The EVM Chain ID must be set in source code **before building your binary**. It **1. Edit `config/config.go` and change the `EVMChainID` constant:** -```go expandable +```go const ( // ... other constants ... @@ -457,17 +469,20 @@ const ( ``` **2. Rebuild the binary:** -```bash expandable + +```bash make build ``` **3. Initialize your chain:** -```bash expandable + +```bash ./build/yourchain init mynode --chain-id mychain-1 ``` **4. Verify the chain ID was set correctly:** -```bash expandable + +```bash grep 'evm-chain-id' ~/.yourchain/config/app.toml # Should show: evm-chain-id = 123456 ``` @@ -507,6 +522,7 @@ Do not edit `app.toml` to change the EVM chain ID after initialization. The chai The EVM Chain ID is used for: **Transaction Signing:** + ```javascript expandable // EIP-155 transaction signature includes chain ID const tx = { @@ -521,6 +537,7 @@ const tx = { ``` **Wallet Configuration:** + ```javascript expandable // MetaMask network configuration { @@ -583,6 +600,7 @@ This decision affects your entire architecture and cannot be changed after genes ``` **In Genesis:** + ```json expandable { "app_state": { @@ -606,7 +624,6 @@ This decision affects your entire architecture and cannot be changed after genes } ``` -✅ **Recommended for new EVM chains** @@ -728,7 +745,8 @@ This step must be completed **before** running `yourchain init`. The defaults ar **File**: [`server/config/migration/v0.50-app.toml:11`](https://github.com/cosmos/evm/blob/main/server/config/migration/v0.50-app.toml#L11) **Change:** -```toml expandable + +```toml # From: minimum-gas-prices = "0aatom" @@ -740,6 +758,7 @@ minimum-gas-prices = "0atoken" **File**: [`x/vm/types/params.go:21-25`](https://github.com/cosmos/evm/blob/main/x/vm/types/params.go#L21-L25) **Change:** + ```go expandable // From: var ( @@ -760,6 +779,7 @@ var ( **File**: [`config/constants.go:5-8`](https://github.com/cosmos/evm/blob/main/config/constants.go#L5-L8) **Change:** + ```go expandable // From: const ( @@ -783,13 +803,13 @@ const ( sed -i '' 's/minimum-gas-prices = "0aatom"/minimum-gas-prices = "0atoken"/' \ server/config/migration/v0.50-app.toml -# 2. Update EVM module defaults (requires manual edit) +# 2. Update EVM module defaults # Open x/vm/types/params.go and change lines 21-25: # DefaultEVMDenom = "atoken" # DefaultEVMExtendedDenom = "atoken" # DefaultEVMDisplayDenom = "token" -# 3. Update example constants (requires manual edit) +# 3. Update example constants for consistency # Open config/constants.go and change lines 5-8: # ExampleChainDenom = "atoken" # ExampleDisplayDenom = "token" @@ -805,7 +825,7 @@ grep "minimum-gas-prices" ~/.yourchain/config/app.toml **For 6-decimal tokens (Cosmos standard):** -```bash expandable +```bash # Update the same files but use "utoken" instead: # DefaultEVMDenom = "utoken" # DefaultEVMExtendedDenom = "atoken" # Still needs extended for EVM @@ -870,14 +890,19 @@ Genesis parameters can be modified until you distribute the genesis file to vali + +**For Production Chains**: Before running `init`, ensure you have completed all [Pre-Genesis Setup](#pre-genesis-setup) steps, especially [Binary Name](#binary-name) configuration. Organizations deploying their own chain should rename the binary from `evmd` to their own chain name (e.g., `yourchain`) to brand their network and avoid confusion with the reference implementation. + + First, initialize the chain to create the default genesis file: -```bash expandable +```bash yourchain init --chain-id ``` Example: -```bash expandable + +```bash yourchain init mynode --chain-id mychain-1 ``` @@ -907,13 +932,13 @@ Now proceed with genesis configuration below. The Cosmos Chain ID is typically set during initialization: -```bash expandable +```bash yourchain init mynode --chain-id mychain-1 ``` This writes the chain ID to `genesis.json`. You must also set it in `client.toml`: -```bash expandable +```bash yourchain config set client chain-id mychain-1 ``` @@ -921,7 +946,7 @@ yourchain config set client chain-id mychain-1 To change the chain ID after initialization: -```bash expandable +```bash # Update genesis.json jq '.chain_id = "mychain-1"' ~/.yourchain/config/genesis.json > tmp && \ mv tmp ~/.yourchain/config/genesis.json @@ -931,7 +956,7 @@ yourchain config set client chain-id mychain-1 --home ~/.yourchain ``` **Verify:** -```bash expandable +```bash jq '.chain_id' ~/.yourchain/config/genesis.json grep 'chain-id' ~/.yourchain/config/client.toml ``` @@ -992,69 +1017,26 @@ dev-1 **Why Important**: Coordinates synchronized network launch across all validators. - - -Set the genesis time to a future UTC timestamp: +**Set the genesis time:** -```bash expandable +```bash jq '.genesis_time = "2024-12-01T00:00:00Z"' ~/.yourchain/config/genesis.json > tmp && \ mv tmp ~/.yourchain/config/genesis.json ``` **Verify:** -```bash expandable +```bash jq '.genesis_time' ~/.yourchain/config/genesis.json ``` - - - -**Launch Sequence:** -1. **Coordinator sets genesis_time** to a future timestamp -2. **Genesis file distributed** to all validators -3. **Validators start nodes** before the genesis time -4. **Nodes wait** until genesis_time is reached -5. **Consensus begins** automatically at genesis_time - -**Validator Experience:** -```bash expandable -# Start node before genesis time -yourchain start - -# Output while waiting: -# Genesis time is in the future. Waiting... -# Time until genesis: 29m 45s - -# At genesis time: -# Starting consensus... -# Producing block height=1 -``` - - - **Timing Recommendations:** - **Testnet**: 1-2 hours ahead (allows validator setup) - **Mainnet**: 24-48 hours ahead (allows thorough preparation) - **Local Dev**: Use past time (starts immediately) -**Coordination:** -1. Choose time that works across all validator timezones -2. Communicate clearly to all validators -3. Ensure all validators have genesis file with same time -4. Have validators start 30-60 minutes early -5. Monitor validator status before launch - -**Example Timeline:** -``` -T-48h: Announce genesis time -T-24h: Distribute final genesis file -T-2h: Validators verify genesis hash -T-1h: Validators start nodes -T-0: Genesis time - network starts -T+10m: Verify all validators online -``` - - + +**Network Launch Details**: For complete launch coordination procedures, validator startup instructions, and timing best practices, see [Coordinate Launch Time](/docs/evm/next/documentation/getting-started/build-a-chain/runtime-and-launch#coordinate-launch-time) in the Runtime Configuration & Network Launch guide. + **Important**: All validators must have identical `genesis_time` in their genesis files. diff --git a/docs/evm/next/documentation/getting-started/build-a-chain/runtime-and-launch.mdx b/docs/evm/next/documentation/getting-started/build-a-chain/runtime-and-launch.mdx index 931aee02..cbd9acf4 100644 --- a/docs/evm/next/documentation/getting-started/build-a-chain/runtime-and-launch.mdx +++ b/docs/evm/next/documentation/getting-started/build-a-chain/runtime-and-launch.mdx @@ -46,6 +46,8 @@ Located at `~/.yourchain/config/app.toml`, this file controls application-level ### Minimum Gas Prices + + **What It Is**: Node-level minimum gas price to accept transactions into mempool. **Section**: Root level @@ -54,7 +56,7 @@ Located at `~/.yourchain/config/app.toml`, this file controls application-level Edit `app.toml`: -```toml expandable +```toml # Minimum gas prices for the node to accept transactions minimum-gas-prices = "1000000000atoken" ``` @@ -74,17 +76,17 @@ minimum-gas-prices = "1000000000atoken" **For 18-decimal tokens:** -```toml expandable +```toml minimum-gas-prices = "1000000000atoken" # 1 gwei ``` **For 6-decimal tokens:** -```toml expandable +```toml minimum-gas-prices = "1000utoken" # 0.001 token ``` **Testing/Development:** -```toml expandable +```toml minimum-gas-prices = "0atoken" # Accept all (not for production) ``` @@ -95,10 +97,12 @@ minimum-gas-prices = "0atoken" # Accept all (not for production) - + ### JSON-RPC Configuration + + **What It Is**: Ethereum-compatible RPC endpoints for EVM interactions. **Section**: `[json-rpc]` @@ -164,12 +168,12 @@ enable-indexer = false | `debug` | Debug/trace endpoints | ❌ Dev only | **Production configuration:** -```toml expandable +```toml api = ["eth", "net", "web3"] ``` **Development configuration:** -```toml expandable +```toml api = ["eth", "net", "web3", "txpool", "debug"] ``` @@ -210,16 +214,19 @@ block-range-cap = 10000 **Default Port**: `8545` (HTTP), `8546` (WebSocket) - + ### EVM Configuration + + **What It Is**: EVM module settings including chain ID, tracer, and gas limits. **Section**: `[evm]` + ```toml expandable [evm] # EVM chain ID (set during init from config/config.go) @@ -263,34 +270,14 @@ min-tip = 0 - `0`: Accept all transactions - `1000000000`: Require at least 1 gwei tip - - -**Production:** -```toml expandable -[evm] -evm-chain-id = 123456 # Your chain ID -tracer = "" # No tracing -max-tx-gas-wanted = 0 # Unlimited (or set limit) -cache-preimage = false -min-tip = 1000000000 # 1 gwei minimum -``` - -**Development:** -```toml expandable -[evm] -evm-chain-id = 262144 -tracer = "json" # Enable debugging -max-tx-gas-wanted = 0 -cache-preimage = false -min-tip = 0 # No minimum -``` - - + ### EVM Mempool Configuration + + **What It Is**: Transaction pool behavior including price limits, queue sizes, and lifetime. **Section**: `[evm.mempool]` @@ -301,6 +288,7 @@ min-tip = 0 # No minimum + ```toml expandable [evm.mempool] # Minimum gas price to accept into pool (in wei) @@ -361,44 +349,15 @@ lifetime = "3h0m0s" - Default: `"3h0m0s"` (3 hours) - Format: Go duration (e.g., `"1h30m"`, `"24h0m0s"`) - - -**High-throughput chain:** -```toml expandable -[evm.mempool] -price-limit = 100000000 # 0.1 gwei minimum -global-slots = 10240 -global-queue = 2048 -lifetime = "6h0m0s" -``` - -**Low-resource node:** -```toml expandable -[evm.mempool] -price-limit = 1 -global-slots = 2048 -global-queue = 512 -account-slots = 8 -lifetime = "1h0m0s" -``` - -**Strict spam prevention:** -```toml expandable -[evm.mempool] -price-limit = 1000000000 # 1 gwei minimum -price-bump = 20 # 20% increase to replace -lifetime = "30m0s" # 30 minute lifetime -``` - **Source**: [server/config/config.go:158-187](https://github.com/cosmos/evm/blob/main/server/config/config.go#L158-L187) -**Advanced Mempool Configuration**: For detailed information on integrating the full EVM mempool with nonce gap handling and custom transaction prioritization, see the [EVM Mempool Integration](/docs/evm/next/documentation/getting-started/build-a-chain/additional-configuration/mempool-integration) guide. +**Advanced Mempool Configuration**: For detailed information on integrating the EVM mempool, see the [EVM Mempool Integration](/docs/evm/next/documentation/getting-started/build-a-chain/additional-configuration/mempool-integration) guide. - + ## config.toml Configuration @@ -406,6 +365,8 @@ Located at `~/.yourchain/config/config.toml`, this file controls CometBFT (conse ### Persistent Peers + + **What It Is**: List of nodes to maintain persistent connections to. **Section**: `[p2p]` @@ -414,21 +375,21 @@ Located at `~/.yourchain/config/config.toml`, this file controls CometBFT (conse Edit `config.toml`: -```toml expandable +```toml [p2p] # Comma separated list of nodes to keep persistent connections to persistent_peers = "node_id@ip:port,node_id2@ip:port" ``` **Example:** -```toml expandable +```toml persistent_peers = "7c90e16cca334eb7@192.168.1.100:26656,abc123def456@192.168.1.101:26656" ``` **Each validator runs:** -```bash expandable +```bash yourchain comet show-node-id ``` @@ -455,24 +416,26 @@ Create a coordination sheet for validators: **Verification:** -```bash expandable +```bash # Check connected peers curl localhost:26657/net_info | jq '.result.peers' ``` **Default P2P Port**: `26656` - + ### Consensus Timeouts + + **What It Is**: Timing parameters for consensus protocol. **Section**: `[consensus]` - -**Standard Cosmos values** (recommended for production): + +**Default values**: ```toml expandable [consensus] @@ -485,11 +448,11 @@ timeout_precommit_delta = "500ms" timeout_commit = "5s" ``` -These are the defaults and work well for most networks. +Typically you do not need to adjust these. -**Faster block times** for local development: +Faster block times for local developmen or testingt: ```toml expandable [consensus] @@ -502,7 +465,7 @@ timeout_precommit_delta = "200ms" timeout_commit = "1s" ``` -**Note**: Used by `local_node.sh` for quick local testing. +These are the parameters used in `./local_node.sh`. @@ -525,15 +488,17 @@ timeout_commit = "1s" - + ### Prometheus Metrics + + **What It Is**: Enable metrics collection for monitoring. **Section**: `[instrumentation]` -```toml expandable +```toml [instrumentation] # Enable Prometheus metrics prometheus = true @@ -543,13 +508,13 @@ prometheus_listen_addr = ":26660" ``` **Access metrics:** -```bash expandable +```bash curl http://localhost:26660/metrics ``` -**Recommended**: Enable for production to monitor chain health. - +Enable for production to monitor node and overall network health. + ## client.toml Configuration @@ -557,58 +522,44 @@ Located at `~/.yourchain/config/client.toml`, this file configures client behavi ### Set Client Chain ID + + **What It Is**: Chain ID for CLI client operations. -The node reads `chain-id` from `client.toml` at startup. If this doesn't match `genesis.json`, the node will fail to start with: -``` -error during handshake: error on replay: invalid chain-id on InitChain -``` +The node reads `chain-id` from `client.toml` at startup. If this doesn't match `genesis.json`, the node will fail to start. -```bash expandable +```bash yourchain config set client chain-id mychain-1 --home ~/.yourchain ``` **Or edit `client.toml` directly:** -```toml expandable +```toml chain-id = "mychain-1" ``` - - -```bash expandable -# Verify chain-id matches genesis -jq '.chain_id' ~/.yourchain/config/genesis.json -# Output: "mychain-1" - -# Verify chain-id in client.toml -grep 'chain-id' ~/.yourchain/config/client.toml -# Output: chain-id = "mychain-1" -``` - -Both must match for the node to start successfully. - **Other client settings:** ```toml expandable -# Keyring backend +# Keyring backend - This can be changed to "file", or "test" to create additional keys in different formats. +# "Test" creates an UNSAFE key that requires no password to submit txs for quicker iteration when testing. keyring-backend = "os" # Output format output = "text" -# Node RPC address +# Node RPC address - This can be canged to a public endpoint to use the light client without syncinc the full node. node = "tcp://localhost:26657" # Broadcast mode broadcast-mode = "sync" ``` - + ## Network Launch @@ -616,6 +567,8 @@ After all validators have configured their nodes, coordinate the network launch. ### Pre-Launch Checklist + + - All genesis parameters configured @@ -645,10 +598,12 @@ After all validators have configured their nodes, coordinate the network launch. - + ### Distribute Genesis File + + After finalizing your genesis file, distribute it to all validators. @@ -671,7 +626,7 @@ wget https://github.com/yourorg/yourchain/releases/download/v1.0.0-genesis/genes **Recommended for decentralization:** -```bash expandable +```bash # Coordinator uploads ipfs add ~/.yourchain/config/genesis.json # Returns: QmXyz123... @@ -680,30 +635,21 @@ ipfs add ~/.yourchain/config/genesis.json ipfs get QmXyz123... -o ~/.yourchain/config/genesis.json ``` - - -**For private networks:** - -```bash expandable -# Coordinator shares via secure channel -# Validators receive and copy to ~/.yourchain/config/genesis.json -``` - -**Important**: Use secure, verified channels to prevent tampering. - - + ### Verify Genesis Hash + + **Critical**: All validators must verify they have the identical genesis file. **Each validator runs:** -```bash expandable +```bash jq -S -c . ~/.yourchain/config/genesis.json | shasum -a 256 ``` @@ -715,7 +661,7 @@ a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6 - **1. Coordinator publishes canonical hash:** -```bash expandable +```bash # Generate and save hash jq -S -c . ~/.yourchain/config/genesis.json | shasum -a 256 > genesis_hash.txt @@ -724,12 +670,11 @@ cat genesis_hash.txt ``` **2. All validators verify:** -```bash expandable +```bash # Each validator generates hash jq -S -c . ~/.yourchain/config/genesis.json | shasum -a 256 # Compare with published hash -# Must match exactly ``` **3. All validators confirm:** @@ -738,10 +683,12 @@ jq -S -c . ~/.yourchain/config/genesis.json | shasum -a 256 - + ### Exchange Peer Information + + Validators need each other's peer information to connect. @@ -768,7 +715,7 @@ yourchain comet show-node-id **Each validator updates `config.toml`:** -```bash expandable +```bash # Edit ~/.yourchain/config/config.toml # Add all other validators to persistent_peers @@ -782,7 +729,7 @@ persistent_peers = "7c90e16c@192.168.1.100:26656,abc123de@192.168.1.101:26656,de **After starting nodes, verify connectivity:** -```bash expandable +```bash # Check number of connected peers curl localhost:26657/net_info | jq '.result.n_peers' @@ -797,17 +744,19 @@ curl localhost:26657/net_info | jq '.result.peers' - + ### Coordinate Launch Time + + Set and coordinate the exact launch time across all validators. **Coordinator sets future genesis time:** -```bash expandable +```bash jq '.genesis_time = "2024-12-01T00:00:00Z"' \ ~/.yourchain/config/genesis.json > tmp && mv tmp ~/.yourchain/config/genesis.json ``` @@ -837,7 +786,7 @@ T+1h: Monitor network health **Validators start early:** -```bash expandable +```bash # Start node before genesis time yourchain start @@ -856,14 +805,17 @@ INF finalizing commit of block hash=DEF456... height=2 - + ### Start Validator Nodes + + After configuration and coordination, start the nodes. + ```bash expandable # Standard startup yourchain start @@ -880,7 +832,8 @@ nohup yourchain start > yourchain.log 2>&1 & -```bash expandable + +```bash # Follow logs yourchain start 2>&1 | grep "finalizing commit" @@ -916,6 +869,7 @@ WantedBy=multi-user.target ``` **Enable and start:** + ```bash expandable sudo systemctl enable yourchain sudo systemctl start yourchain @@ -924,22 +878,24 @@ sudo systemctl start yourchain sudo systemctl status yourchain # View logs -sudo journalctl -u yourchain -f +sudo journalctl -fu yourchain -ocat ``` - + ### Verify Network Health + + After launch, verify the network is operating correctly. **Check block height increasing:** -```bash expandable +```bash # Via CometBFT RPC curl localhost:26657/status | jq '.result.sync_info.latest_block_height' @@ -956,7 +912,7 @@ curl http://localhost:8545 \ **Check validator set:** -```bash expandable +```bash # Number of validators curl localhost:26657/validators | jq '.result.validators | length' @@ -974,7 +930,7 @@ curl localhost:26657/validators | \ **Check peers:** -```bash expandable +```bash # Number of connected peers curl localhost:26657/net_info | jq '.result.n_peers' @@ -988,13 +944,13 @@ curl localhost:26657/net_info | jq '.result.peers[].node_info.moniker' **CometBFT health:** -```bash expandable +```bash curl localhost:26657/health # Returns: {} (empty object = healthy) ``` **Node status:** -```bash expandable +```bash curl localhost:26657/status | jq '.result' ``` @@ -1032,7 +988,7 @@ curl http://localhost:8545 \ - + ## Post-Launch Operations @@ -1040,11 +996,13 @@ After successful launch, maintain healthy network operation. ### Validator Operations + + **If validator gets jailed for downtime:** -```bash expandable +```bash # Check if jailed yourchain query staking validator $(yourchain keys show validator --bech val -a) @@ -1059,7 +1017,7 @@ yourchain tx slashing unjail \ **Update validator information:** -```bash expandable +```bash yourchain tx staking edit-validator \ --moniker "New Moniker" \ --website "https://example.com" \ @@ -1074,7 +1032,7 @@ yourchain tx staking edit-validator \ **Track validator performance:** -```bash expandable +```bash # Check signing info yourchain query slashing signing-info $(yourchain comet show-validator) @@ -1088,10 +1046,12 @@ yourchain query distribution validator-outstanding-rewards \ - + ### Monitoring and Alerting + + **Monitor these metrics:** @@ -1128,15 +1088,17 @@ yourchain query distribution validator-outstanding-rewards \ - + ### Backup and Recovery + + **What to backup:** -```bash expandable +```bash # Validator private key cp ~/.yourchain/config/priv_validator_key.json /secure/backup/ @@ -1158,7 +1120,13 @@ cp ~/.yourchain/config/genesis.json /secure/backup/ **If validator node fails:** 1. **Restore on new hardware:** -```bash expandable + + +**IMPORTANTE** +Never run two validators with same private key simultaneously (double-sign risk). Before putting your keys onto another running node make sure there is _absolutely no chance_ of the previous one starting back up. + + +```bash # Install binary # Copy priv_validator_key.json # Copy node_key.json @@ -1167,45 +1135,25 @@ cp ~/.yourchain/config/genesis.json /secure/backup/ ``` 2. **Sync options:** -- Full sync from genesis (slow) +- Full sync from genesis or snapshot (slow, not recommended in this case) - State sync from snapshot (fast) -- Copy data directory from backup +- Copy data directory from backup or additional node (if available) 3. **Restart validator:** -```bash expandable +```bash yourchain start ``` -**Critical**: Never run two validators with same private key simultaneously (double-sign risk). - + ## Next Steps -Your chain is now launched and operational! - -**For ongoing operations:** -- Monitor network health continuously -- Maintain validator uptime -- Coordinate upgrades via governance -- Build community and ecosystem +Your chain should now be launched and operational! If not, start the process over from the beginning, or [contact us](https://cosmos.network/contact)! **Further resources:** - [Configuration Reference](/docs/evm/next/documentation/getting-started/build-a-chain/configuration-reference) - Complete command reference and examples - [VM Module Documentation](/docs/evm/next/documentation/cosmos-sdk/modules/vm) - EVM configuration details - [Cosmos SDK Documentation](https://docs.cosmos.network) - General Cosmos SDK operations - - - -## Summary - -This guide covered: -- ✅ Runtime configuration (`app.toml`, `config.toml`, `client.toml`) -- ✅ Network launch coordination -- ✅ Genesis file distribution and verification -- ✅ Node startup and monitoring -- ✅ Post-launch operations and maintenance - -Your Cosmos EVM chain is now running and ready for use! \ No newline at end of file diff --git a/docs/evm/next/documentation/getting-started/build-a-chain/text b/docs/evm/next/documentation/getting-started/build-a-chain/text deleted file mode 100644 index 9ea51cc5..00000000 --- a/docs/evm/next/documentation/getting-started/build-a-chain/text +++ /dev/null @@ -1,21 +0,0 @@ -# Combined ultra doc - -We now have three docs that all have significant overlap: - -1. `docs/evm/next/documentation/getting-started/build-a-chain/chain-configuration-reference.mdx` - Nice structure, with additional guidance or context for decisions. It is lacking some of the broader scope and details that can be found in doc 2 and/or 3. We should use this as the target format, with some adjustments and added content+context from the other two docs. Each section and sub-section should follow a consistent structure as much as possible. - -2. `docs/evm/next/documentation/getting-started/build-a-chain/chain-customization-checklist.mdx` - very comprehensive, but lacking in guidance and some details, not a very nice structure to follow in terms of readability. The final doc should cover the complete range of configs/parameters and the whole scope including post-launch and validator operations in the way this doc does. We also need to take example of how to condense the additional content within each section from this doc. - -3. `docs/evm/next/documentation/getting-started/build-a-chain/configuration-parameters.mdx` no guidance, strictly technical reference that should be used to add complete detail to each different item in the final doc. - -We need to combine the best qualities of these three, and also simplify the initial "planning" phase by clearly listing the parameters that can be changed within each section, (list them in their relevant groups, and in the order they are detailed in the document). We should note those of which can usually be left to defaults or are not commonly modified, and instruct the reader to make their own note/document for these before proceeding with the rest of the chain setup. This will reduce a large portion of text that does not really provide value by condensing the 'planning' to the top of the document, where it makes the most sense. - -Then we can move on to the actual configurations, which is already documented fairly well in each of docs 1 and 2.. However, the entire process as shown in doc 2 should be split into 2 pages -- one for pre-genesis and genesis configs, and one for the network launch, which should be preceeded bt the runtime configuration, as (an optional) continuiation of the first doc. -The configuration sections within the document should also be listed in the correct sequence of operations, so that a reader who prefers that style of doc can still easily follow the procedure. (this is already pretty solid in both docs 1 and 2) -We also want to have each "step" or section remain consistently structured like you can see in doc 1, but we should add the complete details for each relevant item that can be seen in doc 3. Finally, since we are adding significant amounts of detail from doc 3, we must condense some of the additional information that more experienced teams may not need by containing it in each section with the expandable or accordion components. -Finally,we need to both double-check that none of this information is either conflicting (use doc 1 and 2 as the source of truth in the event of any direct conflicts), or redundant. - -Optionally, if it makes sense and there is significant content from the three original docs that does not fit into this "master" chain setup doc, we can make a "quick-reference" as a third page which contains the miscellaneous info like any command "cheat-sheets" and various code snippets and config examples etc. -In this list, add a link to the relevant section of the document that describes each parameter and the relevant details for it. This will make navigating the document seamless. - -There is a quick draft of this page 'build-chain-final.mdx' but I don't like this one very much. It's too long (since it is not separeted like what I requested above) and each section is too condensed into accordions and does not contain enough of the context or guidance that I think it should have. Only the actual code/examples content should be condensed, and we should use some better components to organize each section into its own self contained "block" like the tabs or code groups components. Some good examples of this can be seen in doc 1. From 962a63df0b135701718eab2daa86d0f3bccce048 Mon Sep 17 00:00:00 2001 From: Cordt Date: Fri, 17 Oct 2025 12:08:22 -0600 Subject: [PATCH 13/26] tweak title --- .../getting-started/build-a-chain/initial-setup.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx b/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx index 70bdfbc6..561535cd 100644 --- a/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx +++ b/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx @@ -1,6 +1,6 @@ --- title: "Initial Setup" -description: "Fork the evmd repository and prepare your development environment for building your EVM L1 chain." +description: "Preparation for building your custom EVM chain." --- This page provides a very basic starting point for newer developers, or those who are unfamiliar with the Cosmos SDK. You can skip to the [Pre-Genesis & Genesis Setup](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup) page if you are already comfortable with the stack. From 0a6bfeeff382850eb3639e322504d7407f6acdd4 Mon Sep 17 00:00:00 2001 From: Cordt Date: Fri, 17 Oct 2025 12:29:15 -0600 Subject: [PATCH 14/26] slight wording changes --- .../build-a-chain/pre-genesis-and-genesis-setup.mdx | 8 ++++---- .../getting-started/build-a-chain/runtime-and-launch.mdx | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup.mdx b/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup.mdx index 9001d83f..33692f7b 100644 --- a/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup.mdx +++ b/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup.mdx @@ -2083,11 +2083,11 @@ jq '.app_state.genutil.gen_txs | length' $GENESIS Your genesis file is now complete! Next: -1. **Distribute Genesis File** to all validators -2. **Configure Runtime Settings** (`app.toml`, `config.toml`) -3. **Launch Network** with coordinated genesis time +1. **Distribute Genesis File** to validators +2. **Configure Runtime Settings** +3. **Launch Network** -Continue to [Runtime Configuration & Network Launch](/docs/evm/next/documentation/getting-started/build-a-chain/runtime-and-launch) for the next phase. +Continue to [Runtime Configuration & Network Launch](/docs/evm/next/documentation/getting-started/build-a-chain/runtime-and-launch) for full details. diff --git a/docs/evm/next/documentation/getting-started/build-a-chain/runtime-and-launch.mdx b/docs/evm/next/documentation/getting-started/build-a-chain/runtime-and-launch.mdx index cbd9acf4..6e782dbe 100644 --- a/docs/evm/next/documentation/getting-started/build-a-chain/runtime-and-launch.mdx +++ b/docs/evm/next/documentation/getting-started/build-a-chain/runtime-and-launch.mdx @@ -1,6 +1,6 @@ --- title: "Runtime Configuration & Network Launch" -description: "Configure runtime settings and launch your blockchain network - from app.toml configuration to coordinated genesis launch." +description: "Configure your validator and coordinate the network launch." --- This guide covers runtime configuration (`app.toml`, `config.toml`) and network launch procedures. Complete these steps after your genesis file is finalized. From 830e1060a6f0bda1cea9c541767aae26f130bfe9 Mon Sep 17 00:00:00 2001 From: Cordt Date: Sun, 19 Oct 2025 21:15:48 -0600 Subject: [PATCH 15/26] remove temp files --- tmp/changelog.md | 88 ------------------------------------------- tmp/release-notes.mdx | 88 ------------------------------------------- 2 files changed, 176 deletions(-) delete mode 100644 tmp/changelog.md delete mode 100644 tmp/release-notes.mdx diff --git a/tmp/changelog.md b/tmp/changelog.md deleted file mode 100644 index 4e3ad482..00000000 --- a/tmp/changelog.md +++ /dev/null @@ -1,88 +0,0 @@ -# CHANGELOG - -## UNRELEASED - -### DEPENDENCIES - -### BUG FIXES - -- [\#471](https://github.com/cosmos/evm/pull/471) Notify new block for mempool in time. -- [\#492](https://github.com/cosmos/evm/pull/492) Duplicate case switch to avoid empty execution block - -### IMPROVEMENTS - -- [\#467](https://github.com/cosmos/evm/pull/467) Replace GlobalEVMMempool by passing to JSONRPC on initiate. -- [\#352](https://github.com/cosmos/evm/pull/352) Remove the creation of a Geth EVM instance, stateDB during the AnteHandler balance check. - -### FEATURES - -- [\#346](https://github.com/cosmos/evm/pull/346) Add eth_createAccessList method and implementation - -### STATE BREAKING - -### API-BREAKING - -- [\#477](https://github.com/cosmos/evm/pull/477) Refactor precompile constructors to accept keeper interfaces instead of concrete implementations, breaking the existing `NewPrecompile` function signatures. - -## v0.4.1 - -### DEPENDENCIES - -- [\#459](https://github.com/cosmos/evm/pull/459) Update `cosmossdk.io/log` to `v1.6.1` to support Go `v1.25.0+`. -- [\#435](https://github.com/cosmos/evm/pull/435) Update Cosmos SDK to `v0.53.4` and CometBFT to `v0.38.18`. - -### BUG FIXES - -- [\#179](https://github.com/cosmos/evm/pull/179) Fix compilation error in server/start.go -- [\#245](https://github.com/cosmos/evm/pull/245) Use PriorityMempool with signer extractor to prevent missing signers error in tx execution -- [\#289](https://github.com/cosmos/evm/pull/289) Align revert reason format with go-ethereum (return hex-encoded result) -- [\#291](https://github.com/cosmos/evm/pull/291) Use proper address codecs in precompiles for bech32/hex conversion -- [\#296](https://github.com/cosmos/evm/pull/296) Add sanity checks to trace_tx RPC endpoint -- [\#316](https://github.com/cosmos/evm/pull/316) Fix estimate gas to handle missing fields for new transaction types -- [\#330](https://github.com/cosmos/evm/pull/330) Fix error propagation in BlockHash RPCs and address test flakiness -- [\#332](https://github.com/cosmos/evm/pull/332) Fix non-determinism in state transitions -- [\#350](https://github.com/cosmos/evm/pull/350) Fix p256 precompile test flakiness -- [\#376](https://github.com/cosmos/evm/pull/376) Fix precompile initialization for local node development script -- [\#384](https://github.com/cosmos/evm/pull/384) Fix debug_traceTransaction RPC failing with block height mismatch errors -- [\#441](https://github.com/cosmos/evm/pull/441) Align precompiles map with available static check to Prague. -- [\#452](https://github.com/cosmos/evm/pull/452) Cleanup unused cancel function in filter. -- [\#454](https://github.com/cosmos/evm/pull/454) Align multi decode functions instead of string contains check in HexAddressFromBech32String. -- [\#468](https://github.com/cosmos/evm/pull/468) Add pagination flags to `token-pairs` to improve query flexibility. - -### IMPROVEMENTS - -- [\#294](https://github.com/cosmos/evm/pull/294) Enforce single EVM transaction per Cosmos transaction for security -- [\#299](https://github.com/cosmos/evm/pull/299) Update dependencies for security and performance improvements -- [\#307](https://github.com/cosmos/evm/pull/307) Preallocate EVM access_list for better performance -- [\#317](https://github.com/cosmos/evm/pull/317) Fix EmitApprovalEvent to use owner address instead of precompile address -- [\#345](https://github.com/cosmos/evm/pull/345) Fix gas cap calculation and fee rounding errors in ante handler benchmarks -- [\#347](https://github.com/cosmos/evm/pull/347) Add loop break labels for optimization -- [\#370](https://github.com/cosmos/evm/pull/370) Use larger CI runners for resource-intensive tests -- [\#373](https://github.com/cosmos/evm/pull/373) Apply security audit patches -- [\#377](https://github.com/cosmos/evm/pull/377) Apply audit-related commit 388b5c0 -- [\#382](https://github.com/cosmos/evm/pull/382) Post-audit security fixes (batch 1) -- [\#388](https://github.com/cosmos/evm/pull/388) Post-audit security fixes (batch 2) -- [\#389](https://github.com/cosmos/evm/pull/389) Post-audit security fixes (batch 3) -- [\#392](https://github.com/cosmos/evm/pull/392) Post-audit security fixes (batch 5) -- [\#398](https://github.com/cosmos/evm/pull/398) Post-audit security fixes (batch 4) -- [\#442](https://github.com/cosmos/evm/pull/442) Prevent nil pointer by checking error in gov precompile FromResponse. -- [\#387](https://github.com/cosmos/evm/pull/387) (Experimental) EVM-compatible appside mempool -- [\#476](https://github.com/cosmos/evm/pull/476) Add revert error e2e tests for contract and precompile calls - -### FEATURES - -- [\#253](https://github.com/cosmos/evm/pull/253) Add comprehensive Solidity-based end-to-end tests for precompiles -- [\#301](https://github.com/cosmos/evm/pull/301) Add 4-node localnet infrastructure for testing multi-validator setups -- [\#304](https://github.com/cosmos/evm/pull/304) Add system test framework for integration testing -- [\#344](https://github.com/cosmos/evm/pull/344) Add txpool RPC namespace stubs in preparation for app-side mempool implementation -- [\#440](https://github.com/cosmos/evm/pull/440) Enforce app creator returning application implement AppWithPendingTxStream in build time. - -### STATE BREAKING - -### API-BREAKING - -- [\#456](https://github.com/cosmos/evm/pull/456) Remove non–go-ethereum JSON-RPC methods to align with Geth’s surface -- [\#443](https://github.com/cosmos/evm/pull/443) Move `ante` logic from the `evmd` Go package to the `evm` package to -be exported as a library. -- [\#422](https://github.com/cosmos/evm/pull/422) Align function and package names for consistency. -- [\#305](https://github.com/cosmos/evm/pull/305) Remove evidence precompile due to lack of use cases diff --git a/tmp/release-notes.mdx b/tmp/release-notes.mdx deleted file mode 100644 index 28c9d602..00000000 --- a/tmp/release-notes.mdx +++ /dev/null @@ -1,88 +0,0 @@ ---- -title: "Release Notes" -description: "Release history and changelog for Cosmos EVM" -mode: "center" ---- - - - This page tracks all releases and changes from the [cosmos/evm](https://github.com/cosmos/evm) repository. - For the latest development updates, see the [UNRELEASED](https://github.com/cosmos/evm/blob/main/CHANGELOG.md#unreleased) section. - - - -## Features - -* Add comprehensive Solidity-based end-to-end tests for precompiles ([#253](https://github.com/cosmos/evm/pull/253)) -* Add 4-node localnet infrastructure for testing multi-validator setups ([#301](https://github.com/cosmos/evm/pull/301)) -* Add system test framework for integration testing ([#304](https://github.com/cosmos/evm/pull/304)) -* Add txpool RPC namespace stubs in preparation for app-side mempool implementation ([#344](https://github.com/cosmos/evm/pull/344)) -* Enforce app creator returning application implement AppWithPendingTxStream in build time. ([#440](https://github.com/cosmos/evm/pull/440)) - -## Improvements - -* Enforce single EVM transaction per Cosmos transaction for security ([#294](https://github.com/cosmos/evm/pull/294)) -* Update dependencies for security and performance improvements ([#299](https://github.com/cosmos/evm/pull/299)) -* Preallocate EVM access_list for better performance ([#307](https://github.com/cosmos/evm/pull/307)) -* Fix EmitApprovalEvent to use owner address instead of precompile address ([#317](https://github.com/cosmos/evm/pull/317)) -* Fix gas cap calculation and fee rounding errors in ante handler benchmarks ([#345](https://github.com/cosmos/evm/pull/345)) -* Add loop break labels for optimization ([#347](https://github.com/cosmos/evm/pull/347)) -* Use larger CI runners for resource-intensive tests ([#370](https://github.com/cosmos/evm/pull/370)) -* Apply security audit patches ([#373](https://github.com/cosmos/evm/pull/373)) -* Apply audit-related commit 388b5c0 ([#377](https://github.com/cosmos/evm/pull/377)) -* Post-audit security fixes (batch 1) ([#382](https://github.com/cosmos/evm/pull/382)) -* Post-audit security fixes (batch 2) ([#388](https://github.com/cosmos/evm/pull/388)) -* Post-audit security fixes (batch 3) ([#389](https://github.com/cosmos/evm/pull/389)) -* Post-audit security fixes (batch 5) ([#392](https://github.com/cosmos/evm/pull/392)) -* Post-audit security fixes (batch 4) ([#398](https://github.com/cosmos/evm/pull/398)) -* Prevent nil pointer by checking error in gov precompile FromResponse. ([#442](https://github.com/cosmos/evm/pull/442)) -* (Experimental) EVM-compatible appside mempool ([#387](https://github.com/cosmos/evm/pull/387)) -* Add revert error e2e tests for contract and precompile calls ([#476](https://github.com/cosmos/evm/pull/476)) - -## Bug Fixes - -* Fix compilation error in server/start.go ([#179](https://github.com/cosmos/evm/pull/179)) -* Use PriorityMempool with signer extractor to prevent missing signers error in tx execution ([#245](https://github.com/cosmos/evm/pull/245)) -* Align revert reason format with go-ethereum (return hex-encoded result) ([#289](https://github.com/cosmos/evm/pull/289)) -* Use proper address codecs in precompiles for bech32/hex conversion ([#291](https://github.com/cosmos/evm/pull/291)) -* Add sanity checks to trace_tx RPC endpoint ([#296](https://github.com/cosmos/evm/pull/296)) -* Fix estimate gas to handle missing fields for new transaction types ([#316](https://github.com/cosmos/evm/pull/316)) -* Fix error propagation in BlockHash RPCs and address test flakiness ([#330](https://github.com/cosmos/evm/pull/330)) -* Fix non-determinism in state transitions ([#332](https://github.com/cosmos/evm/pull/332)) -* Fix p256 precompile test flakiness ([#350](https://github.com/cosmos/evm/pull/350)) -* Fix precompile initialization for local node development script ([#376](https://github.com/cosmos/evm/pull/376)) -* Fix debug_traceTransaction RPC failing with block height mismatch errors ([#384](https://github.com/cosmos/evm/pull/384)) -* Align precompiles map with available static check to Prague. ([#441](https://github.com/cosmos/evm/pull/441)) -* Cleanup unused cancel function in filter. ([#452](https://github.com/cosmos/evm/pull/452)) -* Align multi decode functions instead of string contains check in HexAddressFromBech32String. ([#454](https://github.com/cosmos/evm/pull/454)) -* Add pagination flags to `token-pairs` to improve query flexibility. ([#468](https://github.com/cosmos/evm/pull/468)) - -## Dependencies - -* Update `cosmossdk.io/log` to `v1.6.1` to support Go `v1.25.0+`. ([#459](https://github.com/cosmos/evm/pull/459)) -* Update Cosmos SDK to `v0.53.4` and CometBFT to `v0.38.18`. ([#435](https://github.com/cosmos/evm/pull/435)) - -## API Breaking - -* Remove non–go-ethereum JSON-RPC methods to align with Geth’s surface ([#456](https://github.com/cosmos/evm/pull/456)) -* Move `ante` logic from the `evmd` Go package to the `evm` package to ([#443](https://github.com/cosmos/evm/pull/443)) -* Align function and package names for consistency. ([#422](https://github.com/cosmos/evm/pull/422)) -* Remove evidence precompile due to lack of use cases ([#305](https://github.com/cosmos/evm/pull/305)) - -## API Breaking - -* Remove non–go-ethereum JSON-RPC methods to align with Geth’s surface ([#456](https://github.com/cosmos/evm/pull/456)) -* Move `ante` logic from the `evmd` Go package to the `evm` package to ([#443](https://github.com/cosmos/evm/pull/443)) -* Align function and package names for consistency. ([#422](https://github.com/cosmos/evm/pull/422)) -* Remove evidence precompile due to lack of use cases ([#305](https://github.com/cosmos/evm/pull/305)) - - ---- - - - - See the complete changelog on GitHub - - - Report bugs or request features - - From a4155de856ffa3322d95481683b8546fdcac8e44 Mon Sep 17 00:00:00 2001 From: Cordt Date: Mon, 20 Oct 2025 13:37:21 -0600 Subject: [PATCH 16/26] further refine build a chain docs --- .../comprehensive-configuration-reference.mdx | 3502 +++++++++++++++++ .../build-a-chain/configuration-reference.mdx | 17 +- .../build-a-chain/initial-setup.mdx | 43 +- .../pre-genesis-and-genesis-setup.mdx | 496 ++- .../build-a-chain/runtime-and-launch.mdx | 141 +- 5 files changed, 3934 insertions(+), 265 deletions(-) create mode 100644 docs/evm/next/documentation/getting-started/build-a-chain/comprehensive-configuration-reference.mdx diff --git a/docs/evm/next/documentation/getting-started/build-a-chain/comprehensive-configuration-reference.mdx b/docs/evm/next/documentation/getting-started/build-a-chain/comprehensive-configuration-reference.mdx new file mode 100644 index 00000000..7b0868d5 --- /dev/null +++ b/docs/evm/next/documentation/getting-started/build-a-chain/comprehensive-configuration-reference.mdx @@ -0,0 +1,3502 @@ +--- +title: "Comprehensive Configuration Reference" +description: "Complete technical encyclopedia of all configurable parameters in Cosmos EVM - pre-genesis source code settings, genesis parameters, runtime configuration, and node-level parameters." +--- + +This reference provides comprehensive documentation for every configurable parameter in Cosmos EVM chains. Parameters are organized by configuration phase and category with complete technical details, defaults, and source code locations. + + +**Related Documentation:** +- [Pre-Genesis & Genesis Setup](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup) - Step-by-step configuration guide +- [Runtime Configuration & Launch](/docs/evm/next/documentation/getting-started/build-a-chain/runtime-and-launch) - Network launch procedures +- [Configuration Reference](/docs/evm/next/documentation/getting-started/build-a-chain/configuration-reference) - Quick reference with commands and examples + + + +This is a technical reference. For step-by-step configuration instructions, see the [Pre-Genesis & Genesis Setup](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup) guide. + + +## Configuration Phase Overview + +Cosmos EVM configuration occurs in four distinct phases: + + + +Parameters compiled into binary before `init` +- Binary name +- Bech32 prefix +- BIP44 coin type +- EVM chain ID +- Default denominations + + + +Parameters set in `genesis.json` +- Module parameters +- Initial accounts +- Validator genesis transactions +- Network consensus rules + + + +Node-specific settings in TOML files +- `app.toml` - Application settings +- `config.toml` - CometBFT settings +- `client.toml` - CLI client settings + + + +Parameters changeable after genesis +- Module parameters via proposals +- Access control modifications +- Precompile activation/deactivation + + + +--- + +## Pre-Genesis Parameters (Source Code) + +These parameters must be configured in source code **before** building your binary and running `yourchain init`. Changes after genesis require rebuilding the binary and coordinating a hard fork. + +### Binary Name + + + +| Parameter | Value | +|-----------|-------| +| **Description** | Name of your compiled blockchain executable | +| **Default** | `evmd` | +| **File Locations** | Directory name, all Go imports, Makefile | +| **When to Configure** | Before first build | +| **Can Change After Genesis** | Yes, but requires coordinated binary replacement | +| **Source** | Repository-wide (all files) | + +**What It Controls:** +- Binary executable name (`./build/yourchain`) +- Installation location (`$GOPATH/bin/yourchain`) +- CLI command prefix (`yourchain start`, `yourchain init`, etc.) +- Module import paths +- Home directory default (`~/.yourchain`) + +**Files Affected:** +- Go package names +- Import paths in `.go` files +- Module declaration in `go.mod` +- Makefile build targets +- Shell scripts and documentation +- Docker configurations + +**Configuration Method:** +```bash expandable +# Rename directory +mv evmd yourchain +mv yourchain/cmd/evmd yourchain/cmd/yourchain + +# Update all references +find . -type f -name "*.go" -exec sed -i 's/evmd/yourchain/g' {} \; +find . -type f -name "*.go" -exec sed -i 's/\.evmd/.yourchain/g' {} \; + +# Update go.mod module path +# Edit: module github.com/your-org/your-chain/yourchain + +# Rebuild +go mod tidy +make build +``` + +**Validation:** +```bash expandable +# Verify binary name +ls ./build/ +# Should show: yourchain + +# Verify it runs +./build/yourchain version +``` + + + +### Bech32 Address Prefix + + + +| Parameter | Value | +|-----------|-------| +| **Description** | Address format prefix for all Cosmos addresses on your chain | +| **Default** | `cosmos` | +| **File Location** | [`config/config.go:62`](https://github.com/cosmos/evm/blob/main/config/config.go#L62) | +| **When to Configure** | Before `yourchain init` | +| **Can Change After Genesis** | No (requires hard fork and state migration) | +| **Format** | Lowercase alphanumeric string | + +**What It Controls:** +- Account addresses: `yourchain1...` +- Account public keys: `yourchainpub1...` +- Validator operator addresses: `yourchainvaloper1...` +- Validator operator public keys: `yourchainvaloperpub1...` +- Consensus addresses: `yourchainvalcons1...` +- Consensus public keys: `yourchainvalconspub1...` + +**Configuration Method:** +Edit `config/config.go`: +```go expandable +const ( + // Bech32Prefix defines the Bech32 prefix for all accounts + Bech32Prefix = "yourchain" + + // Derived prefixes (do not modify these) + Bech32PrefixAccAddr = Bech32Prefix + Bech32PrefixAccPub = Bech32Prefix + sdk.PrefixPublic + Bech32PrefixValAddr = Bech32Prefix + sdk.PrefixValidator + sdk.PrefixOperator + Bech32PrefixValPub = Bech32Prefix + sdk.PrefixValidator + sdk.PrefixOperator + sdk.PrefixPublic + Bech32PrefixConsAddr = Bech32Prefix + sdk.PrefixValidator + sdk.PrefixConsensus + Bech32PrefixConsPub = Bech32Prefix + sdk.PrefixValidator + sdk.PrefixConsensus + sdk.PrefixPublic +) +``` + +**Rebuild Required:** +```bash expandable +make build +./build/yourchain init test --chain-id test-1 +./build/yourchain keys add testkey --keyring-backend test +# Verify address starts with yourchain1... +``` + +**Naming Guidelines:** +- Use lowercase only +- Keep it short (3-10 characters) +- Make it unique and recognizable +- Avoid conflicts with existing chains + +**Examples:** +- `cosmos` - Cosmos Hub +- `osmosis` - Osmosis DEX +- `evmos` - Evmos (EVM on Cosmos) +- `juno` - Juno Network +- `yourchain` - Your custom chain + + + +### BIP44 Coin Type + + + +| Parameter | Value | +|-----------|-------| +| **Description** | HD wallet derivation path coin type per BIP-44 | +| **Default** | `60` (Ethereum) | +| **File Location** | [`crypto/hd/hdpath.go:9`](https://github.com/cosmos/evm/blob/main/crypto/hd/hdpath.go#L9) | +| **When to Configure** | Before `yourchain init` | +| **Can Change After Genesis** | No (breaks existing wallets) | +| **Standard** | [SLIP-0044](https://github.com/satoshilabs/slips/blob/master/slip-0044.md) | + +**What It Controls:** +- HD wallet key derivation path: `m/44'/COIN_TYPE'/0'/0/0` +- Wallet compatibility (MetaMask, Ledger, Keplr) +- Key generation algorithm + +**Configuration Method:** +Edit `crypto/hd/hdpath.go`: +```go expandable +var ( + // Bip44CoinType satisfies EIP84 for Ethereum compatibility + // OR use a registered unique coin type + Bip44CoinType uint32 = 60 // Change this value + + // BIP44HDPath is derived from coin type + BIP44HDPath = fmt.Sprintf("m/44'/%d'/0'/0/0", Bip44CoinType) +) +``` + +**Common Values:** +| Coin Type | Chain | Use Case | +|-----------|-------|----------| +| `60` | Ethereum | **EVM chains (recommended)** - MetaMask compatible | +| `118` | Cosmos Hub | Traditional Cosmos SDK chains | +| `330` | Terra | Terra ecosystem | +| `529` | Secret Network | Secret Network | +| `852` | Desmos | Desmos Network | + +**Recommendations:** +- **EVM-compatible chains:** Use `60` for maximum wallet compatibility +- **Cosmos-focused chains:** Register unique value via SLIP-0044 +- **Hybrid chains:** Use `60` if EVM is primary interface + +**Registration Process:** +1. Check [SLIP-0044 registry](https://github.com/satoshilabs/slips/blob/master/slip-0044.md) +2. Submit PR to register your coin type +3. Wait for approval before mainnet launch +4. Update code with registered number + +**Important Notes:** +- Changing this breaks wallet compatibility +- Users cannot recover keys with different coin type +- Hardware wallet support depends on coin type +- Consider ecosystem compatibility + + + +### EVM Chain ID + + + +| Parameter | Value | +|-----------|-------| +| **Description** | EIP-155 replay protection chain ID for Ethereum transactions | +| **Default** | `262144` | +| **File Location** | [`config/config.go:78`](https://github.com/cosmos/evm/blob/main/config/config.go#L78) | +| **When to Configure** | Before building binary | +| **Can Change After Genesis** | **No** - breaks transaction replay protection | +| **Format** | Unsigned integer (uint64) | +| **Standard** | [EIP-155](https://eips.ethereum.org/EIPS/eip-155) | + +**What It Controls:** +- Transaction signature verification +- Replay attack protection +- Wallet network configuration +- MetaMask/hardware wallet display +- `eth_chainId` JSON-RPC response + +**Configuration Method:** +Edit `config/config.go`: +```go expandable +const ( + // EVMChainID defines the EIP-155 replay-protection chain ID + EVMChainID = 123456 // Change to your unique chain ID +) +``` + +**Build and Verify:** +```bash expandable +make build +./build/yourchain init test --chain-id test-1 +grep 'evm-chain-id' ~/.yourchain/config/app.toml +# Should show: evm-chain-id = 123456 +``` + +**Choosing a Chain ID:** + +**Reserved IDs (Do Not Use):** +- `1` - Ethereum Mainnet +- `137` - Polygon +- `56` - BNB Chain +- `43114` - Avalanche C-Chain +- `10` - Optimism +- `42161` - Arbitrum One +- `8453` - Base +- See [chainlist.org](https://chainlist.org) for complete list + +**ID Ranges:** +- `1-999`: Reserved for major networks +- `1000-99999`: Public production chains +- `100000+`: Private/test networks + +**Selection Process:** +1. Visit [chainlist.org](https://chainlist.org) +2. Search to verify ID is not taken +3. For mainnet: Submit to chain registry +4. For testnet/devnet: Use any unused high number +5. Document publicly before launch + +**MetaMask Configuration:** +Users will configure with this ID: +```javascript expandable +{ + chainId: '0x1E240', // Hex of your chain ID + chainName: 'My Chain', + rpcUrls: ['https://rpc.mychain.network'], + nativeCurrency: { + name: 'Token', + symbol: 'TKN', + decimals: 18 + }, + blockExplorerUrls: ['https://explorer.mychain.network'] +} +``` + +**Critical Warnings:** +- **Never change after genesis** - breaks all signed transactions +- **Must be unique** - collision causes replay attacks +- **Register before mainnet** - avoid conflicts +- **Document prominently** - users need it for wallets + + + +### Default Denomination in Source + + + +| Parameter | Value | +|-----------|-------| +| **Description** | Default token denominations compiled into configuration templates | +| **Default** | `aatom` (extended), `uatom` (base), `atom` (display) | +| **When to Configure** | Before `yourchain init` | +| **Can Change After Genesis** | Yes (in genesis.json), but defaults are already written to generated files | + +**What It Controls:** +- Default values in generated `app.toml` +- Default values in generated `genesis.json` +- Module parameter defaults +- Configuration file templates + +**Files to Modify:** + +**1. Server Config Template** +`server/config/migration/v0.50-app.toml:11` +```toml expandable +# Change from: +minimum-gas-prices = "0aatom" + +# To: +minimum-gas-prices = "0atoken" +``` +**Source:** [`server/config/migration/v0.50-app.toml:11`](https://github.com/cosmos/evm/blob/main/server/config/migration/v0.50-app.toml#L11) + +**2. EVM Module Defaults** +`x/vm/types/params.go:21-25` +```go expandable +// Change from: +var ( + DefaultEVMDenom = "uatom" + DefaultEVMExtendedDenom = "aatom" + DefaultEVMDisplayDenom = "atom" +) + +// To (18 decimals): +var ( + DefaultEVMDenom = "atoken" + DefaultEVMExtendedDenom = "atoken" + DefaultEVMDisplayDenom = "token" +) + +// Or (6 decimals): +var ( + DefaultEVMDenom = "utoken" + DefaultEVMExtendedDenom = "atoken" + DefaultEVMDisplayDenom = "token" +) +``` +**Source:** [`x/vm/types/params.go:21-25`](https://github.com/cosmos/evm/blob/main/x/vm/types/params.go#L21-L25) + +**3. Example Constants** +`config/constants.go:5-8` +```go expandable +// Change from: +const ( + ExampleChainDenom = "aatom" + ExampleDisplayDenom = "atom" +) + +// To: +const ( + ExampleChainDenom = "atoken" + ExampleDisplayDenom = "token" +) +``` +**Source:** [`config/constants.go:5-8`](https://github.com/cosmos/evm/blob/main/config/constants.go#L5-L8) + +**Token Denomination Guidelines:** + +**For 18-Decimal Tokens:** +- Base denom: `atoken` (atto-prefix, 10^-18) +- Extended denom: `atoken` (same as base) +- Display denom: `token` +- Example: `1 token = 1,000,000,000,000,000,000 atoken` + +**For 6-Decimal Tokens:** +- Base denom: `utoken` (micro-prefix, 10^-6) +- Extended denom: `atoken` (for EVM, 10^-18) +- Display denom: `token` +- Example: `1 token = 1,000,000 utoken = 1,000,000,000,000,000,000 atoken (in EVM)` + +**SI Metric Prefixes:** +| Prefix | Symbol | Decimals | Example | Common Use | +|--------|--------|----------|---------|------------| +| atto | `a` | 18 | `atoken` | EVM chains | +| femto | `f` | 15 | `ftoken` | Rare | +| pico | `p` | 12 | `ptoken` | Rare | +| nano | `n` | 9 | `ntoken` | Some Cosmos chains | +| micro | `u` | 6 | `uatom` | **Cosmos standard** | +| milli | `m` | 3 | `mtoken` | Rare | + +**Rebuild and Verify:** +```bash expandable +make build +./build/yourchain init test --chain-id test-1 +grep "minimum-gas-prices" ~/.yourchain/config/app.toml +jq '.app_state.evm.params.evm_denom' ~/.yourchain/config/genesis.json +``` + + + +--- + +## Genesis Parameters (genesis.json) + +These parameters are configured in `genesis.json` after running `yourchain init`. They can be modified until the genesis file is distributed to validators. After network launch, most can only be changed through governance proposals. + + +Genesis file location: `~/.yourchain/config/genesis.json` + + +### Root-Level Parameters + + + +**Cosmos Chain ID** + +| Parameter | Value | +|-----------|-------| +| **Description** | Unique string identifier for the blockchain | +| **Genesis Location** | Root: `chain_id` | +| **Default** | User-defined (set during `init`) | +| **Format** | String | +| **Can Change After Genesis** | Yes (via coordinated upgrade/hard fork) | + +```json expandable +{ + "chain_id": "mychain-1" +} +``` + +**Naming Conventions:** +- Mainnet: `mychain-1`, `mychain-2` (increment for major upgrades) +- Testnet: `mychain-testnet-1` +- Devnet: `mychain-devnet-1`, `test-1` + +**Important for:** +- IBC client identification +- Transaction signing +- CometBFT consensus +- Client configuration + +--- + +**Genesis Time** + +| Parameter | Value | +|-----------|-------| +| **Description** | UTC timestamp when the chain starts producing blocks | +| **Genesis Location** | Root: `genesis_time` | +| **Default** | Auto-generated during `init` | +| **Format** | RFC3339 timestamp | + +```json expandable +{ + "genesis_time": "2024-12-01T00:00:00Z" +} +``` + +**Configuration:** +```bash expandable +jq '.genesis_time = "2024-12-01T00:00:00Z"' genesis.json > tmp && mv tmp genesis.json +``` + +**Timing Recommendations:** +- Testnet: 1-2 hours ahead +- Mainnet: 24-48 hours ahead +- Local dev: Past time (starts immediately) + +--- + +**Initial Height** + +| Parameter | Value | +|-----------|-------| +| **Description** | Starting block height | +| **Genesis Location** | Root: `initial_height` | +| **Default** | `"1"` | +| **Format** | String (numeric) | + +```json expandable +{ + "initial_height": "1" +} +``` + +**Use Cases:** +- Usually `"1"` for new chains +- Higher for chain upgrades/migrations +- Maintains block height continuity + + + +### VM Module Parameters (x/vm) + + + +**evm_denom** + +| Parameter | Value | +|-----------|-------| +| **Description** | Bank denomination used for EVM gas payments | +| **Genesis Location** | `app_state.evm.params.evm_denom` | +| **Default** | `"aatom"` (from source defaults) | +| **Format** | String | +| **Can Change After Genesis** | Via governance | +| **Source** | [`x/vm/types/params.go:21`](https://github.com/cosmos/evm/blob/main/x/vm/types/params.go#L21) | + +```json expandable +{ + "app_state": { + "evm": { + "params": { + "evm_denom": "atoken" + } + } + } +} +``` + +**Configuration:** +```bash expandable +jq '.app_state.evm.params.evm_denom = "atoken"' genesis.json > tmp && mv tmp genesis.json +``` + +**Must Match:** +- `app_state.staking.params.bond_denom` +- `app_state.mint.params.mint_denom` +- `app_state.gov.params.min_deposit[0].denom` +- `app_state.bank.denom_metadata[0].base` + +--- + +**extended_denom_options** + +| Parameter | Value | +|-----------|-------| +| **Description** | Extended denomination for non-18 decimal tokens (enables PreciseBank conversion) | +| **Genesis Location** | `app_state.evm.params.extended_denom_options` | +| **Default** | `null` (not used for 18-decimal tokens) | +| **Required For** | 6-decimal tokens, 8-decimal tokens, any non-18 decimal precision | +| **Source** | [`x/vm/types/params.go:76`](https://github.com/cosmos/evm/blob/main/x/vm/types/params.go#L76) | + +```json expandable +{ + "app_state": { + "evm": { + "params": { + "evm_denom": "utoken", + "extended_denom_options": { + "extended_denom": "atoken" + } + } + } + } +} +``` + +**When to Use:** +- ✅ **Required** for 6-decimal tokens (e.g., `utoken`) +- ✅ **Required** for 8-decimal tokens (e.g., `sats`) +- ❌ **Not needed** for 18-decimal tokens (e.g., `atoken`) + +**Example (6 decimals):** +```bash expandable +jq '.app_state.evm.params.extended_denom_options = { + "extended_denom": "atoken" +}' genesis.json > tmp && mv tmp genesis.json +``` + +**Important:** +- Requires `x/precisebank` module in `app.go` +- Provides 18-decimal EVM representation +- Handles fractional conversions automatically +- See [Precision Handling](/docs/evm/next/documentation/concepts/precision-handling) + +--- + +**history_serve_window** + +| Parameter | Value | +|-----------|-------| +| **Description** | Number of blocks to keep historical state for queries | +| **Genesis Location** | `app_state.evm.params.history_serve_window` | +| **Default** | `8192` blocks (same as EIP-2935) | +| **Format** | Integer | +| **Source** | [`x/vm/types/params.go:50`](https://github.com/cosmos/evm/blob/main/x/vm/types/params.go#L50) | + +```json expandable +{ + "app_state": { + "evm": { + "params": { + "history_serve_window": 8192 + } + } + } +} +``` + +**Values:** +- `0` = Unlimited (keep all historical state, growing disk usage) +- `8192` = ~18 hours at 8s blocks (recommended) +- `86400` = ~8 days at 8s blocks +- Higher = More disk space, better historical query support + +**Trade-offs:** +- Higher value → More disk space, supports older queries +- Lower value → Less disk space, limited historical data +- `0` → Archive node, maximum compatibility + +--- + +**extra_eips** + +| Parameter | Value | +|-----------|-------| +| **Description** | Additional Ethereum Improvement Proposals to enable beyond default EVM configuration | +| **Genesis Location** | `app_state.evm.params.extra_eips` | +| **Default** | `[]` (empty - use standard EVM feature set) | +| **Format** | Array of integers | +| **Source** | [`x/vm/types/params.go:33`](https://github.com/cosmos/evm/blob/main/x/vm/types/params.go#L33) | + +```json expandable +{ + "app_state": { + "evm": { + "params": { + "extra_eips": [] + } + } + } +} +``` + +**When to Use:** +- Most chains should use empty array `[]` +- Add specific EIP numbers only if you need features not in default config +- Example: `[1153, 3855]` to enable specific EIPs + +**Example (enabling additional EIPs):** +```json expandable +{ + "extra_eips": [1153] // Enable transient storage opcodes +} +``` + +**Validation:** +- EIPs must be activatable via go-ethereum +- Invalid EIPs cause genesis validation failure +- See `vm.ValidEip()` for allowed values + +--- + +**active_static_precompiles** + +| Parameter | Value | +|-----------|-------| +| **Description** | List of enabled precompiled contracts exposing Cosmos SDK functionality to EVM | +| **Genesis Location** | `app_state.evm.params.active_static_precompiles` | +| **Default** | `[]` (empty - no precompiles enabled) | +| **Format** | Array of hex addresses (must be sorted) | +| **Can Change After Genesis** | Via governance | +| **Source** | [`x/vm/types/precompiles.go:22-32`](https://github.com/cosmos/evm/blob/main/x/vm/types/precompiles.go#L22-L32) | + +```json expandable +{ + "app_state": { + "evm": { + "params": { + "active_static_precompiles": [ + "0x0000000000000000000000000000000000000100", + "0x0000000000000000000000000000000000000400", + "0x0000000000000000000000000000000000000800", + "0x0000000000000000000000000000000000000801", + "0x0000000000000000000000000000000000000802", + "0x0000000000000000000000000000000000000803", + "0x0000000000000000000000000000000000000804", + "0x0000000000000000000000000000000000000805", + "0x0000000000000000000000000000000000000806" + ] + } + } + } +} +``` + +**Available Precompiles:** + +| Address | Name | Purpose | +|---------|------|---------| +| `0x0100` | P256 | Cryptographic operations for Web3 auth | +| `0x0400` | Bech32 | Cosmos ↔ Ethereum address conversion | +| `0x0800` | Staking | Validator staking operations | +| `0x0801` | Distribution | Reward distribution and claiming | +| `0x0802` | ICS20 | IBC token transfers | +| `0x0803` | Vesting | Token vesting operations | +| `0x0804` | Bank | Bank module operations | +| `0x0805` | Governance | Submit/vote on proposals | +| `0x0806` | Slashing | Slashing queries | + +**Configuration Examples:** + +Enable all precompiles: +```bash expandable +jq '.app_state.evm.params.active_static_precompiles = [ + "0x0000000000000000000000000000000000000100", + "0x0000000000000000000000000000000000000400", + "0x0000000000000000000000000000000000000800", + "0x0000000000000000000000000000000000000801", + "0x0000000000000000000000000000000000000802", + "0x0000000000000000000000000000000000000803", + "0x0000000000000000000000000000000000000804", + "0x0000000000000000000000000000000000000805", + "0x0000000000000000000000000000000000000806" +]' genesis.json > tmp && mv tmp genesis.json +``` + +Enable only specific precompiles: +```json expandable +{ + "active_static_precompiles": [ + "0x0000000000000000000000000000000000000100", // P256 + "0x0000000000000000000000000000000000000400", // Bech32 + "0x0000000000000000000000000000000000000800", // Staking + "0x0000000000000000000000000000000000000804" // Bank + ] +} +``` + +**Important:** +- Array must be sorted in ascending order (validation requirement) +- Can enable/disable via governance after genesis +- See [Precompiles Overview](/docs/evm/next/documentation/smart-contracts/precompiles/overview) + +--- + +**evm_channels** + +| Parameter | Value | +|-----------|-------| +| **Description** | List of IBC channels connecting to EVM chains (for special handling) | +| **Genesis Location** | `app_state.evm.params.evm_channels` | +| **Default** | `[]` (empty) | +| **Format** | Array of IBC channel IDs | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "evm": { + "params": { + "evm_channels": [] + } + } + } +} +``` + +**Use Cases:** +- Special handling for IBC transfers to/from EVM chains +- Coordinate with IBC module configuration +- Usually empty for new chains + +**Example:** +```json expandable +{ + "evm_channels": ["channel-0", "channel-5"] +} +``` + +--- + +**access_control** + +| Parameter | Value | +|-----------|-------| +| **Description** | Permissions for deploying and calling smart contracts | +| **Genesis Location** | `app_state.evm.params.access_control` | +| **Default** | Permissionless (anyone can deploy and call) | +| **Can Change After Genesis** | Via governance | +| **Source** | [`x/vm/types/params.go:160-165`](https://github.com/cosmos/evm/blob/main/x/vm/types/params.go#L160-L165) | + +```json expandable +{ + "app_state": { + "evm": { + "params": { + "access_control": { + "create": { + "access_type": 0, + "access_control_list": [] + }, + "call": { + "access_type": 0, + "access_control_list": [] + } + } + } + } + } +} +``` + +**Access Types:** + +| Type | Value | Behavior | List Usage | +|------|-------|----------|-----------| +| Permissionless | `0` | Anyone can perform action | Ignored | +| Restricted | `1` | Block addresses in list | Blocklist | +| Permissioned | `2` | Only addresses in list | Allowlist | + +**Examples:** + +Permissionless (default): +```json expandable +{ + "access_control": { + "create": { + "access_type": 0, + "access_control_list": [] + }, + "call": { + "access_type": 0, + "access_control_list": [] + } + } +} +``` + +Permissioned deployment, open calls: +```json expandable +{ + "access_control": { + "create": { + "access_type": 2, + "access_control_list": [ + "0x1234567890123456789012345678901234567890", + "0xabcdefabcdefabcdefabcdefabcdefabcdefabcd" + ] + }, + "call": { + "access_type": 0, + "access_control_list": [] + } + } +} +``` + +Restricted (blocklist): +```json expandable +{ + "access_control": { + "create": { + "access_type": 1, + "access_control_list": [ + "0xbadaddr1234567890123456789012345678901234" + ] + }, + "call": { + "access_type": 0, + "access_control_list": [] + } + } +} +``` + + + +### FeeMarket Module Parameters (x/feemarket) + + + +The feemarket module implements EIP-1559 dynamic fee pricing for EVM transactions. + +**no_base_fee** + +| Parameter | Value | +|-----------|-------| +| **Description** | Disables EIP-1559 base fee mechanism | +| **Genesis Location** | `app_state.feemarket.params.no_base_fee` | +| **Default** | `false` (EIP-1559 enabled) | +| **Format** | Boolean | +| **Source** | [`x/feemarket/types/params.go:21`](https://github.com/cosmos/evm/blob/main/x/feemarket/types/params.go#L21) | + +```json expandable +{ + "app_state": { + "feemarket": { + "params": { + "no_base_fee": false + } + } + } +} +``` + +**Values:** +- `false` = EIP-1559 enabled (recommended for EVM chains) +- `true` = Fixed gas pricing (traditional Cosmos style) + +--- + +**base_fee** + +| Parameter | Value | +|-----------|-------| +| **Description** | Initial base fee per gas in wei | +| **Genesis Location** | `app_state.feemarket.params.base_fee` | +| **Default** | `"1000000000"` (1 gwei) | +| **Format** | String (decimal) | +| **Source** | [`x/feemarket/types/params.go:13`](https://github.com/cosmos/evm/blob/main/x/feemarket/types/params.go#L13) | + +```json expandable +{ + "app_state": { + "feemarket": { + "params": { + "base_fee": "1000000000" + } + } + } +} +``` + +**Common Values:** +- `"100000000"` = 0.1 gwei (low fee chains) +- `"1000000000"` = 1 gwei (standard, Ethereum-like) +- `"10000000000"` = 10 gwei (higher fee chains) + +--- + +**base_fee_change_denominator** + +| Parameter | Value | +|-----------|-------| +| **Description** | Controls how quickly base fee adjusts (max % change per block = 1/denominator) | +| **Genesis Location** | `app_state.feemarket.params.base_fee_change_denominator` | +| **Default** | `8` (±12.5% max change per block) | +| **Format** | Unsigned 32-bit integer | + +```json expandable +{ + "app_state": { + "feemarket": { + "params": { + "base_fee_change_denominator": 8 + } + } + } +} +``` + +**Values:** +- `8` = ±12.5% max change (Ethereum standard) +- `50` = ±2% max change (slower adjustment) +- Lower denominator = faster price adjustment +- Higher denominator = slower, smoother adjustment + +--- + +**elasticity_multiplier** + +| Parameter | Value | +|-----------|-------| +| **Description** | Determines gas target (target = max_gas / elasticity_multiplier) | +| **Genesis Location** | `app_state.feemarket.params.elasticity_multiplier` | +| **Default** | `2` (target is 50% of max gas) | +| **Format** | Unsigned 32-bit integer | + +```json expandable +{ + "app_state": { + "feemarket": { + "params": { + "elasticity_multiplier": 2 + } + } + } +} +``` + +**How It Works:** +- Block gas usage > target → base fee increases +- Block gas usage < target → base fee decreases +- `2` = target is 50% of max block gas (standard) + +--- + +**min_gas_price** + +| Parameter | Value | +|-----------|-------| +| **Description** | Network-wide minimum gas price floor | +| **Genesis Location** | `app_state.feemarket.params.min_gas_price` | +| **Default** | `"0"` (no floor) | +| **Format** | String (decimal) | +| **Source** | [`x/feemarket/types/params.go:17`](https://github.com/cosmos/evm/blob/main/x/feemarket/types/params.go#L17) | + +```json expandable +{ + "app_state": { + "feemarket": { + "params": { + "min_gas_price": "0" + } + } + } +} +``` + +**Values:** +- `"0"` = No minimum floor (standard EIP-1559) +- `"500000000"` = 0.5 gwei minimum +- Prevents base fee from dropping too low + +--- + +**min_gas_multiplier** + +| Parameter | Value | +|-----------|-------| +| **Description** | Minimum gas price as fraction of base fee | +| **Genesis Location** | `app_state.feemarket.params.min_gas_multiplier` | +| **Default** | `"0.5"` (50% of base fee) | +| **Format** | String (decimal, 0-1) | +| **Source** | [`x/feemarket/types/params.go:15`](https://github.com/cosmos/evm/blob/main/x/feemarket/types/params.go#L15) | + +```json expandable +{ + "app_state": { + "feemarket": { + "params": { + "min_gas_multiplier": "0.5" + } + } + } +} +``` + +**Values:** +- `"0.5"` = 50% of base fee (standard) +- `"1.0"` = 100% of base fee (stricter) +- Must be between 0 and 1 + +--- + +**enable_height** + +| Parameter | Value | +|-----------|-------| +| **Description** | Block height to activate EIP-1559 | +| **Genesis Location** | `app_state.feemarket.params.enable_height` | +| **Default** | `0` (enabled from genesis) | +| **Format** | Integer (int64) | +| **Source** | [`x/feemarket/types/params.go:19`](https://github.com/cosmos/evm/blob/main/x/feemarket/types/params.go#L19) | + +```json expandable +{ + "app_state": { + "feemarket": { + "params": { + "enable_height": 0 + } + } + } +} +``` + +**Values:** +- `0` = Enabled from genesis (recommended) +- `> 0` = Activate at specific block height + +**Complete Example:** +```json expandable +{ + "app_state": { + "feemarket": { + "params": { + "no_base_fee": false, + "base_fee": "1000000000", + "base_fee_change_denominator": 8, + "elasticity_multiplier": 2, + "min_gas_price": "0", + "min_gas_multiplier": "0.5", + "enable_height": 0 + } + } + } +} +``` + +See [EIP-1559 Fee Market](/docs/evm/next/documentation/concepts/eip-1559-feemarket) for detailed explanation. + + + +### ERC20 Module Parameters (x/erc20) + + + +The ERC20 module implements Single Token Representation v2 (STRv2), providing unified token handling across Cosmos and EVM. + +**enable_erc20** + +| Parameter | Value | +|-----------|-------| +| **Description** | Global enable/disable for ERC20 module functionality | +| **Genesis Location** | `app_state.erc20.params.enable_erc20` | +| **Default** | `true` | +| **Format** | Boolean | +| **Can Change After Genesis** | Via governance | +| **Source** | [`x/erc20/types/params.go:26`](https://github.com/cosmos/evm/blob/main/x/erc20/types/params.go#L26) | + +```json expandable +{ + "app_state": { + "erc20": { + "params": { + "enable_erc20": true + } + } + } +} +``` + +**Values:** +- `true` = ERC20 module enabled (standard) +- `false` = Disable all ERC20 functionality + +--- + +**permissionless_registration** + +| Parameter | Value | +|-----------|-------| +| **Description** | Allow anyone to register new token pairs | +| **Genesis Location** | `app_state.erc20.params.permissionless_registration` | +| **Default** | `true` | +| **Format** | Boolean | +| **Can Change After Genesis** | Via governance | +| **Source** | [`x/erc20/types/params.go:27`](https://github.com/cosmos/evm/blob/main/x/erc20/types/params.go#L27) | + +```json expandable +{ + "app_state": { + "erc20": { + "params": { + "permissionless_registration": true + } + } + } +} +``` + +**Values:** +- `true` = Anyone can register token pairs (public DeFi chains) +- `false` = Only governance can register pairs (controlled environments) + +--- + +**native_precompiles** + +| Parameter | Value | +|-----------|-------| +| **Description** | List of ERC20 precompile addresses for native Cosmos tokens | +| **Genesis Location** | `app_state.erc20.native_precompiles` | +| **Default** | `[]` | +| **Format** | Array of hex addresses | + +```json expandable +{ + "app_state": { + "erc20": { + "native_precompiles": [ + "0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE" + ] + } + } +} +``` + +**Standard Native Token Address:** +- `0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE` = Native token precompile + +--- + +**token_pairs** + +| Parameter | Value | +|-----------|-------| +| **Description** | Registered token pairs between Cosmos denoms and ERC20 addresses | +| **Genesis Location** | `app_state.erc20.token_pairs` | +| **Default** | `[]` | +| **Format** | Array of token pair objects | + +```json expandable +{ + "app_state": { + "erc20": { + "token_pairs": [ + { + "erc20_address": "0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE", + "denom": "atoken", + "enabled": true, + "contract_owner": 1 + } + ] + } + } +} +``` + +**Token Pair Fields:** +- `erc20_address` - ERC20 contract address (or precompile address) +- `denom` - Cosmos bank denomination +- `enabled` - Whether the pair is active +- `contract_owner`: + - `0` = External owner + - `1` = Module owner (standard for native tokens) + +**Complete Configuration Example:** +```json expandable +{ + "app_state": { + "erc20": { + "params": { + "enable_erc20": true, + "permissionless_registration": true + }, + "native_precompiles": [ + "0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE" + ], + "token_pairs": [ + { + "erc20_address": "0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE", + "denom": "atoken", + "enabled": true, + "contract_owner": 1 + } + ] + } + } +} +``` + +See [Single Token Representation](/docs/evm/next/documentation/concepts/single-token-representation) and [ERC20 Module](/docs/evm/next/documentation/cosmos-sdk/modules/erc20) for details. + + + +### Bank Module Parameters + + + +**denom_metadata** + +| Parameter | Value | +|-----------|-------| +| **Description** | Token denomination metadata including units, decimals, and display properties | +| **Genesis Location** | `app_state.bank.denom_metadata` | +| **Default** | `[]` | +| **Format** | Array of metadata objects | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "bank": { + "denom_metadata": [ + { + "description": "The native staking and gas token", + "denom_units": [ + { + "denom": "atoken", + "exponent": 0, + "aliases": ["attotoken"] + }, + { + "denom": "token", + "exponent": 18, + "aliases": [] + } + ], + "base": "atoken", + "display": "token", + "name": "My Token", + "symbol": "TKN", + "uri": "", + "uri_hash": "" + } + ] + } + } +} +``` + +**Fields:** +- `description` - Human-readable description +- `denom_units` - Array of denomination units + - `denom` - Unit denomination + - `exponent` - Decimal places (0 for base, 6 or 18 for display) + - `aliases` - Alternative names +- `base` - Smallest unit stored on-chain +- `display` - Human-readable unit +- `name` - Full token name +- `symbol` - Ticker symbol +- `uri` - Optional metadata URI +- `uri_hash` - Optional hash of metadata + +**18-Decimal Configuration:** +```json expandable +{ + "denom_units": [ + {"denom": "atoken", "exponent": 0, "aliases": ["attotoken"]}, + {"denom": "token", "exponent": 18, "aliases": []} + ], + "base": "atoken", + "display": "token" +} +``` + +**6-Decimal Configuration:** +```json expandable +{ + "denom_units": [ + {"denom": "utoken", "exponent": 0, "aliases": ["microtoken"]}, + {"denom": "token", "exponent": 6, "aliases": []} + ], + "base": "utoken", + "display": "token" +} +``` + +**Important:** +- `base` must match all module denomination parameters +- Determines wallet display formatting +- Cannot have multiple metadata entries with same base denom + + + +### Staking Module Parameters + + + +**bond_denom** + +| Parameter | Value | +|-----------|-------| +| **Description** | Denomination accepted for staking | +| **Genesis Location** | `app_state.staking.params.bond_denom` | +| **Default** | `"stake"` (Cosmos SDK default) | +| **Format** | String | +| **Can Change After Genesis** | Via governance (but not recommended) | + +```json expandable +{ + "app_state": { + "staking": { + "params": { + "bond_denom": "atoken" + } + } + } +} +``` + +**Must Match:** +- `app_state.evm.params.evm_denom` +- `app_state.mint.params.mint_denom` +- `app_state.bank.denom_metadata[0].base` + +--- + +**unbonding_time** + +| Parameter | Value | +|-----------|-------| +| **Description** | Duration tokens remain locked after unstaking | +| **Genesis Location** | `app_state.staking.params.unbonding_time` | +| **Default** | `"1814400s"` (21 days) | +| **Format** | Duration string (Go duration format) | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "staking": { + "params": { + "unbonding_time": "1814400s" + } + } + } +} +``` + +**Common Values:** +- `"120s"` = 2 minutes (testing only) +- `"86400s"` = 1 day +- `"604800s"` = 7 days +- `"1814400s"` = 21 days (Cosmos standard) +- `"2419200s"` = 28 days + +**Security Considerations:** +- Longer = More secure (validators accountable for longer period) +- Shorter = Better UX (faster liquidity) +- During unbonding, tokens can still be slashed + +--- + +**max_validators** + +| Parameter | Value | +|-----------|-------| +| **Description** | Maximum number of validators in active set | +| **Genesis Location** | `app_state.staking.params.max_validators` | +| **Default** | `100` | +| **Format** | Unsigned 32-bit integer | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "staking": { + "params": { + "max_validators": 100 + } + } + } +} +``` + +**Common Values:** +- `50` - Smaller validator set (faster consensus) +- `100` - Cosmos Hub standard +- `125`, `150`, `175` - Larger sets (more decentralized) + +**Trade-offs:** +- Higher = More decentralized but potentially slower +- Lower = Faster consensus but more centralized + +--- + +**max_entries** + +| Parameter | Value | +|-----------|-------| +| **Description** | Maximum concurrent unbonding/redelegation operations per delegator-validator pair | +| **Genesis Location** | `app_state.staking.params.max_entries` | +| **Default** | `7` | +| **Format** | Unsigned 32-bit integer | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "staking": { + "params": { + "max_entries": 7 + } + } + } +} +``` + +**Purpose:** +- Prevents spam on unbonding queue +- Limits simultaneous operations +- Cosmos SDK standard is `7` + +--- + +**historical_entries** + +| Parameter | Value | +|-----------|-------| +| **Description** | Number of historical validator set entries to keep | +| **Genesis Location** | `app_state.staking.params.historical_entries` | +| **Default** | `10000` | +| **Format** | Unsigned 32-bit integer | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "staking": { + "params": { + "historical_entries": 10000 + } + } + } +} +``` + +**Purpose:** +- Required for IBC light client verification +- Higher = Better IBC compatibility, more storage +- Lower = Less storage, limited historical queries + +--- + +**min_commission_rate** + +| Parameter | Value | +|-----------|-------| +| **Description** | Minimum commission rate validators must charge | +| **Genesis Location** | `app_state.staking.params.min_commission_rate` | +| **Default** | `"0.000000000000000000"` (0%, no minimum) | +| **Format** | String (decimal, 18 decimal places) | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "staking": { + "params": { + "min_commission_rate": "0.050000000000000000" + } + } + } +} +``` + +**Values:** +- `"0.000000000000000000"` = 0% (no minimum) +- `"0.050000000000000000"` = 5% minimum +- `"0.100000000000000000"` = 10% minimum + +**Purpose:** +- Prevents race to zero on validator commissions +- Ensures sustainable validator economics +- Many chains enforce 5% minimum + + + +### Slashing Module Parameters + + + +**signed_blocks_window** + +| Parameter | Value | +|-----------|-------| +| **Description** | Number of blocks to track for validator liveness | +| **Genesis Location** | `app_state.slashing.params.signed_blocks_window` | +| **Default** | `"10000"` | +| **Format** | String (integer) | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "slashing": { + "params": { + "signed_blocks_window": "10000" + } + } + } +} +``` + +**Common Values:** +- `"100"` = ~13 minutes at 8s blocks (testing) +- `"10000"` = ~22 hours (Cosmos standard) +- `"20000"` = ~44 hours + +--- + +**min_signed_per_window** + +| Parameter | Value | +|-----------|-------| +| **Description** | Minimum fraction of blocks validator must sign within window | +| **Genesis Location** | `app_state.slashing.params.min_signed_per_window` | +| **Default** | `"0.500000000000000000"` (50%) | +| **Format** | String (decimal) | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "slashing": { + "params": { + "min_signed_per_window": "0.500000000000000000" + } + } + } +} +``` + +**Example:** +- Window = 10000 blocks +- Min signed = 0.5 (50%) +- Validator must sign ≥ 5000 blocks + +--- + +**downtime_jail_duration** + +| Parameter | Value | +|-----------|-------| +| **Description** | Duration validator is jailed for downtime | +| **Genesis Location** | `app_state.slashing.params.downtime_jail_duration` | +| **Default** | `"600s"` (10 minutes) | +| **Format** | Duration string | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "slashing": { + "params": { + "downtime_jail_duration": "600s" + } + } + } +} +``` + +**Common Values:** +- `"60s"` = 1 minute +- `"600s"` = 10 minutes (standard) +- `"3600s"` = 1 hour +- `"86400s"` = 1 day + +--- + +**slash_fraction_double_sign** + +| Parameter | Value | +|-----------|-------| +| **Description** | Percentage of stake slashed for double-signing (equivocation) | +| **Genesis Location** | `app_state.slashing.params.slash_fraction_double_sign` | +| **Default** | `"0.050000000000000000"` (5%) | +| **Format** | String (decimal) | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "slashing": { + "params": { + "slash_fraction_double_sign": "0.050000000000000000" + } + } + } +} +``` + +**Common Values:** +- `"0.050000000000000000"` = 5% (Cosmos standard) +- `"0.100000000000000000"` = 10% +- `"0.200000000000000000"` = 20% + +**Important:** +- Double-signing also results in permanent tombstoning +- Validator cannot rejoin validator set + +--- + +**slash_fraction_downtime** + +| Parameter | Value | +|-----------|-------| +| **Description** | Percentage of stake slashed for downtime | +| **Genesis Location** | `app_state.slashing.params.slash_fraction_downtime` | +| **Default** | `"0.010000000000000000"` (1%) | +| **Format** | String (decimal) | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "slashing": { + "params": { + "slash_fraction_downtime": "0.010000000000000000" + } + } + } +} +``` + +**Common Values:** +- `"0.000100000000000000"` = 0.01% +- `"0.010000000000000000"` = 1% (standard) +- `"0.050000000000000000"` = 5% + +**Note:** +- Less severe than double-sign slashing +- Validator can unjail after jail period + + + +### Governance Module Parameters + + + +**min_deposit** + +| Parameter | Value | +|-----------|-------| +| **Description** | Minimum token deposit to submit a governance proposal | +| **Genesis Location** | `app_state.gov.params.min_deposit` | +| **Default** | Varies by chain | +| **Format** | Array of coin objects | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "gov": { + "params": { + "min_deposit": [ + { + "denom": "atoken", + "amount": "10000000000000000000" + } + ] + } + } + } +} +``` + +**Example Values:** +- 18 decimals: `"10000000000000000000"` = 10 tokens +- 6 decimals: `"10000000"` = 10 tokens + +--- + +**max_deposit_period** + +| Parameter | Value | +|-----------|-------| +| **Description** | Maximum time to reach minimum deposit | +| **Genesis Location** | `app_state.gov.params.max_deposit_period` | +| **Default** | `"172800s"` (2 days) | +| **Format** | Duration string | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "gov": { + "params": { + "max_deposit_period": "172800s" + } + } + } +} +``` + +--- + +**voting_period** + +| Parameter | Value | +|-----------|-------| +| **Description** | Duration of voting period for standard proposals | +| **Genesis Location** | `app_state.gov.params.voting_period` | +| **Default** | `"172800s"` (2 days) | +| **Format** | Duration string | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "gov": { + "params": { + "voting_period": "172800s" + } + } + } +} +``` + +**Common Values:** +- `"30s"` = 30 seconds (testing/development) +- `"172800s"` = 2 days +- `"604800s"` = 7 days + +--- + +**expedited_voting_period** + +| Parameter | Value | +|-----------|-------| +| **Description** | Shorter voting period for expedited proposals | +| **Genesis Location** | `app_state.gov.params.expedited_voting_period` | +| **Default** | `"86400s"` (1 day) | +| **Format** | Duration string | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "gov": { + "params": { + "expedited_voting_period": "86400s" + } + } + } +} +``` + +**Important:** +- Must be < `voting_period` +- Used for urgent proposals + +--- + +**quorum** + +| Parameter | Value | +|-----------|-------| +| **Description** | Minimum participation rate for proposal to be valid | +| **Genesis Location** | `app_state.gov.params.quorum` | +| **Default** | `"0.334"` (33.4%) | +| **Format** | String (decimal) | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "gov": { + "params": { + "quorum": "0.334" + } + } + } +} +``` + +--- + +**threshold** + +| Parameter | Value | +|-----------|-------| +| **Description** | Minimum percentage of Yes votes for proposal to pass | +| **Genesis Location** | `app_state.gov.params.threshold` | +| **Default** | `"0.5"` (50%) | +| **Format** | String (decimal) | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "gov": { + "params": { + "threshold": "0.5" + } + } + } +} +``` + +--- + +**veto_threshold** + +| Parameter | Value | +|-----------|-------| +| **Description** | Percentage of NoWithVeto votes to reject proposal | +| **Genesis Location** | `app_state.gov.params.veto_threshold` | +| **Default** | `"0.334"` (33.4%) | +| **Format** | String (decimal) | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "gov": { + "params": { + "veto_threshold": "0.334" + } + } + } +} +``` + +--- + +**expedited_threshold** + +| Parameter | Value | +|-----------|-------| +| **Description** | Higher Yes percentage required for expedited proposals | +| **Genesis Location** | `app_state.gov.params.expedited_threshold` | +| **Default** | `"0.667"` (66.7%) | +| **Format** | String (decimal) | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "gov": { + "params": { + "expedited_threshold": "0.667" + } + } + } +} +``` + +--- + +**expedited_min_deposit** + +| Parameter | Value | +|-----------|-------| +| **Description** | Higher minimum deposit for expedited proposals | +| **Genesis Location** | `app_state.gov.params.expedited_min_deposit` | +| **Default** | 5x standard min_deposit | +| **Format** | Array of coin objects | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "gov": { + "params": { + "expedited_min_deposit": [ + { + "denom": "atoken", + "amount": "50000000000000000000" + } + ] + } + } + } +} +``` + + + +### Mint Module Parameters + + + +**mint_denom** + +| Parameter | Value | +|-----------|-------| +| **Description** | Denomination of minted tokens (inflation rewards) | +| **Genesis Location** | `app_state.mint.params.mint_denom` | +| **Default** | `"stake"` | +| **Format** | String | +| **Can Change After Genesis** | Via governance (not recommended) | + +```json expandable +{ + "app_state": { + "mint": { + "params": { + "mint_denom": "atoken" + } + } + } +} +``` + +**Must Match:** +- `app_state.staking.params.bond_denom` +- `app_state.evm.params.evm_denom` + +--- + +**inflation_rate_change** + +| Parameter | Value | +|-----------|-------| +| **Description** | Maximum annual change in inflation rate | +| **Genesis Location** | `app_state.mint.params.inflation_rate_change` | +| **Default** | `"0.130000000000000000"` (13%) | +| **Format** | String (decimal) | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "mint": { + "params": { + "inflation_rate_change": "0.130000000000000000" + } + } + } +} +``` + +--- + +**inflation_max** + +| Parameter | Value | +|-----------|-------| +| **Description** | Maximum annual inflation rate | +| **Genesis Location** | `app_state.mint.params.inflation_max` | +| **Default** | `"0.200000000000000000"` (20%) | +| **Format** | String (decimal) | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "mint": { + "params": { + "inflation_max": "0.200000000000000000" + } + } + } +} +``` + +--- + +**inflation_min** + +| Parameter | Value | +|-----------|-------| +| **Description** | Minimum annual inflation rate | +| **Genesis Location** | `app_state.mint.params.inflation_min` | +| **Default** | `"0.070000000000000000"` (7%) | +| **Format** | String (decimal) | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "mint": { + "params": { + "inflation_min": "0.070000000000000000" + } + } + } +} +``` + +--- + +**goal_bonded** + +| Parameter | Value | +|-----------|-------| +| **Description** | Target bonded token ratio | +| **Genesis Location** | `app_state.mint.params.goal_bonded` | +| **Default** | `"0.670000000000000000"` (67%) | +| **Format** | String (decimal) | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "mint": { + "params": { + "goal_bonded": "0.670000000000000000" + } + } + } +} +``` + +**How It Works:** +- Bonded ratio < goal → inflation increases (toward max) +- Bonded ratio > goal → inflation decreases (toward min) +- Incentivizes target staking ratio + +--- + +**blocks_per_year** + +| Parameter | Value | +|-----------|-------| +| **Description** | Expected number of blocks per year for inflation calculations | +| **Genesis Location** | `app_state.mint.params.blocks_per_year` | +| **Default** | `"6311520"` (~5 second blocks) | +| **Format** | String (integer) | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "mint": { + "params": { + "blocks_per_year": "6311520" + } + } + } +} +``` + +**Calculation:** +- 5s blocks: `31,536,000 / 5 = 6,311,520` blocks/year +- 8s blocks: `31,536,000 / 8 = 3,942,000` blocks/year + + + +### Distribution Module Parameters + + + +**community_tax** + +| Parameter | Value | +|-----------|-------| +| **Description** | Percentage of rewards going to community pool | +| **Genesis Location** | `app_state.distribution.params.community_tax` | +| **Default** | `"0.020000000000000000"` (2%) | +| **Format** | String (decimal) | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "distribution": { + "params": { + "community_tax": "0.020000000000000000" + } + } + } +} +``` + +--- + +**withdraw_addr_enabled** + +| Parameter | Value | +|-----------|-------| +| **Description** | Allow delegators to set custom withdraw addresses | +| **Genesis Location** | `app_state.distribution.params.withdraw_addr_enabled` | +| **Default** | `true` | +| **Format** | Boolean | +| **Can Change After Genesis** | Via governance | + +```json expandable +{ + "app_state": { + "distribution": { + "params": { + "withdraw_addr_enabled": true + } + } + } +} +``` + +--- + +**base_proposer_reward** (Deprecated) + +| Parameter | Value | +|-----------|-------| +| **Description** | **Deprecated** - Set to `"0.000000000000000000"` | +| **Genesis Location** | `app_state.distribution.params.base_proposer_reward` | +| **Default** | `"0.000000000000000000"` | +| **Format** | String (decimal) | + +```json expandable +{ + "app_state": { + "distribution": { + "params": { + "base_proposer_reward": "0.000000000000000000" + } + } + } +} +``` + +--- + +**bonus_proposer_reward** (Deprecated) + +| Parameter | Value | +|-----------|-------| +| **Description** | **Deprecated** - Set to `"0.000000000000000000"` | +| **Genesis Location** | `app_state.distribution.params.bonus_proposer_reward` | +| **Default** | `"0.000000000000000000"` | +| **Format** | String (decimal) | + +```json expandable +{ + "app_state": { + "distribution": { + "params": { + "bonus_proposer_reward": "0.000000000000000000" + } + } + } +} +``` + + + +--- + +## Runtime Configuration (TOML Files) + +These parameters are configured in TOML files located at `~/.yourchain/config/`. They control node-specific runtime behavior and can be changed by restarting the node. + +### app.toml Parameters + +Location: `~/.yourchain/config/app.toml` + + + +**Base Configuration** + +**minimum-gas-prices** + +| Parameter | Value | +|-----------|-------| +| **Description** | Node-level minimum gas price to accept transactions | +| **Section** | Root | +| **Default** | `"0aatom"` | +| **Format** | `` | +| **Can Change** | Yes (restart required) | +| **Template** | [`server/config/migration/v0.50-app.toml:11`](https://github.com/cosmos/evm/blob/main/server/config/migration/v0.50-app.toml#L11) | + +```toml +minimum-gas-prices = "1000000000atoken" +``` + +**Examples:** +- `"0atoken"` = Accept all transactions +- `"1000000000atoken"` = 1 gwei minimum (18 decimals) +- `"1000utoken"` = 0.001 token minimum (6 decimals) + +**Purpose:** +- Protect against spam +- Ensure validators can cover costs +- Should align with genesis fee market settings + +--- + +**pruning** + +| Parameter | Value | +|-----------|-------| +| **Description** | State pruning strategy | +| **Section** | Root | +| **Default** | `"default"` | +| **Options** | `default`, `nothing`, `everything`, `custom` | +| **Can Change** | Yes (restart required) | + +```toml +pruning = "default" +``` + +**Options:** +- `"default"` - Keep last 362,880 states, prune at 10 block intervals +- `"nothing"` - Archive node, keep all historical states +- `"everything"` - Keep only 2 latest states, prune at 10 block intervals +- `"custom"` - Use custom `pruning-keep-recent` and `pruning-interval` + +--- + +**pruning-keep-recent** / **pruning-interval** + +| Parameter | Value | +|-----------|-------| +| **Description** | Custom pruning parameters (only used if `pruning = "custom"`) | +| **Section** | Root | +| **Default** | `"0"` / `"0"` | +| **Format** | Integer | + +```toml +pruning = "custom" +pruning-keep-recent = "100000" +pruning-interval = "10" +``` + +--- + +**halt-height** / **halt-time** + +| Parameter | Value | +|-----------|-------| +| **Description** | Gracefully halt node at specified height or time | +| **Section** | Root | +| **Default** | `0` (disabled) | +| **Format** | Integer (height) / Unix timestamp (time) | + +```toml +halt-height = 0 +halt-time = 0 +``` + +**Use Cases:** +- Coordinated chain upgrades +- Testing and debugging +- Emergency shutdowns + +--- + +**min-retain-blocks** + +| Parameter | Value | +|-----------|-------| +| **Description** | Minimum block height offset for CometBFT block pruning | +| **Section** | Root | +| **Default** | `0` (no pruning) | +| **Format** | Integer | + +```toml +min-retain-blocks = 0 +``` + +**Important:** +- Only controls CometBFT block pruning +- Separate from application state pruning +- Consider unbonding period and snapshots + +--- + +**inter-block-cache** + +| Parameter | Value | +|-----------|-------| +| **Description** | Enable inter-block caching | +| **Section** | Root | +| **Default** | `true` | +| **Format** | Boolean | + +```toml +inter-block-cache = true +``` + +--- + +**index-events** + +| Parameter | Value | +|-----------|-------| +| **Description** | Event types to index (empty = index all) | +| **Section** | Root | +| **Default** | `[]` | +| **Format** | Array of strings | + +```toml +index-events = [] +``` + +**Example:** +```toml +index-events = ["message.sender", "message.recipient"] +``` + +--- + +**iavl-cache-size** + +| Parameter | Value | +|-----------|-------| +| **Description** | IAVL tree cache size (in number of nodes) | +| **Section** | Root | +| **Default** | `781250` | +| **Format** | Integer | + +```toml +iavl-cache-size = 781250 +``` + +--- + +**iavl-disable-fastnode** + +| Parameter | Value | +|-----------|-------| +| **Description** | Disable IAVL fast node feature | +| **Section** | Root | +| **Default** | `false` | +| **Format** | Boolean | + +```toml +iavl-disable-fastnode = false +``` + +--- + +**app-db-backend** + +| Parameter | Value | +|-----------|-------| +| **Description** | Database backend for application and snapshots | +| **Section** | Root | +| **Default** | `""` (use CometBFT default) | +| **Options** | `goleveldb`, `rocksdb`, `pebbledb` | + +```toml +app-db-backend = "" +``` + + + +### EVM Configuration ([evm] section) + + + +**tracer** + +| Parameter | Value | +|-----------|-------| +| **Description** | VM tracer type for debugging | +| **Section** | `[evm]` | +| **Default** | `""` (no tracing) | +| **Options** | `""`, `"json"`, `"markdown"`, `"struct"`, `"access_list"` | +| **Can Change** | Yes (restart required) | +| **Source** | [`server/config/config.go:56`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L56) | + +```toml +[evm] +tracer = "" +``` + +**Options:** +- `""` - No tracing (production) +- `"json"` - Detailed JSON traces (debugging) +- `"markdown"` - Markdown formatted traces +- `"struct"` - Structured traces +- `"access_list"` - Access list tracer + +--- + +**max-tx-gas-wanted** + +| Parameter | Value | +|-----------|-------| +| **Description** | Maximum gas limit per transaction | +| **Section** | `[evm]` | +| **Default** | `0` (unlimited) | +| **Format** | Unsigned 64-bit integer | +| **Source** | [`server/config/config.go:62`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L62) | + +```toml +max-tx-gas-wanted = 0 +``` + +**Examples:** +- `0` - Unlimited (default) +- `30000000` - 30M gas limit per transaction + +--- + +**cache-preimage** + +| Parameter | Value | +|-----------|-------| +| **Description** | Enable tracking of SHA3 preimages in VM | +| **Section** | `[evm]` | +| **Default** | `false` | +| **Format** | Boolean | +| **Source** | [`server/config/config.go:59`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L59) | + +```toml +cache-preimage = false +``` + +--- + +**evm-chain-id** + +| Parameter | Value | +|-----------|-------| +| **Description** | EIP-155 replay protection chain ID (read-only, set during init from source code) | +| **Section** | `[evm]` | +| **Default** | `262144` (from source) | +| **Format** | Unsigned 64-bit integer | +| **Can Change** | **No** - read-only, written during `init` | +| **Source** | [`server/config/config.go:149`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L149) | + +```toml +evm-chain-id = 262144 +``` + +**Important:** +- Automatically written during `yourchain init` +- Value comes from `config/config.go:78` +- **Do not manually edit** - change in source code before init instead + +--- + +**min-tip** + +| Parameter | Value | +|-----------|-------| +| **Description** | Minimum priority fee required for mempool | +| **Section** | `[evm]` | +| **Default** | `0` | +| **Format** | Unsigned 64-bit integer (wei) | +| **Source** | [`server/config/config.go:68`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L68) | + +```toml +min-tip = 0 +``` + +**Examples:** +- `0` - Accept all transactions +- `1000000000` - Require at least 1 gwei tip + +--- + +**geth-metrics-address** + +| Parameter | Value | +|-----------|-------| +| **Description** | Address to bind geth metrics server | +| **Section** | `[evm]` | +| **Default** | `"127.0.0.1:8100"` | +| **Format** | `host:port` | +| **Source** | [`server/config/config.go:71`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L71) | + +```toml +geth-metrics-address = "127.0.0.1:8100" +``` + + + +### EVM Mempool Configuration ([evm.mempool] section) + + + +**price-limit** + +| Parameter | Value | +|-----------|-------| +| **Description** | Minimum gas price to accept into mempool (in wei) | +| **Section** | `[evm.mempool]` | +| **Default** | `1` | +| **Format** | Unsigned 64-bit integer | +| **Source** | [`server/config/config.go:179`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L179) | + +```toml +[evm.mempool] +price-limit = 1 +``` + +--- + +**price-bump** + +| Parameter | Value | +|-----------|-------| +| **Description** | Minimum % price increase to replace transaction with same nonce | +| **Section** | `[evm.mempool]` | +| **Default** | `10` (10%) | +| **Format** | Unsigned 64-bit integer (percentage) | +| **Source** | [`server/config/config.go:180`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L180) | + +```toml +price-bump = 10 +``` + +--- + +**account-slots** + +| Parameter | Value | +|-----------|-------| +| **Description** | Executable transaction slots guaranteed per account | +| **Section** | `[evm.mempool]` | +| **Default** | `16` | +| **Format** | Unsigned 64-bit integer | +| **Source** | [`server/config/config.go:181`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L181) | + +```toml +account-slots = 16 +``` + +--- + +**global-slots** + +| Parameter | Value | +|-----------|-------| +| **Description** | Maximum executable transaction slots for all accounts | +| **Section** | `[evm.mempool]` | +| **Default** | `5120` | +| **Format** | Unsigned 64-bit integer | +| **Source** | [`server/config/config.go:182`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L182) | + +```toml +global-slots = 5120 +``` + +--- + +**account-queue** + +| Parameter | Value | +|-----------|-------| +| **Description** | Non-executable transaction slots permitted per account | +| **Section** | `[evm.mempool]` | +| **Default** | `64` | +| **Format** | Unsigned 64-bit integer | +| **Source** | [`server/config/config.go:183`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L183) | + +```toml +account-queue = 64 +``` + +--- + +**global-queue** + +| Parameter | Value | +|-----------|-------| +| **Description** | Non-executable transaction slots for all accounts | +| **Section** | `[evm.mempool]` | +| **Default** | `1024` | +| **Format** | Unsigned 64-bit integer | +| **Source** | [`server/config/config.go:184`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L184) | + +```toml +global-queue = 1024 +``` + +--- + +**lifetime** + +| Parameter | Value | +|-----------|-------| +| **Description** | Maximum time non-executable transactions stay queued | +| **Section** | `[evm.mempool]` | +| **Default** | `"3h0m0s"` (3 hours) | +| **Format** | Go duration string | +| **Source** | [`server/config/config.go:185`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L185) | + +```toml +lifetime = "3h0m0s" +``` + +**See:** [EVM Mempool Integration](/docs/evm/next/documentation/getting-started/build-a-chain/additional-configuration/mempool-integration) + + + +### JSON-RPC Configuration ([json-rpc] section) + + + +**enable** + +| Parameter | Value | +|-----------|-------| +| **Description** | Enable JSON-RPC server | +| **Section** | `[json-rpc]` | +| **Default** | `false` | +| **Format** | Boolean | +| **Source** | [`server/config/config.go:236`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L236) | + +```toml +[json-rpc] +enable = true +``` + +--- + +**address** + +| Parameter | Value | +|-----------|-------| +| **Description** | HTTP server bind address | +| **Section** | `[json-rpc]` | +| **Default** | `"127.0.0.1:8545"` | +| **Format** | `host:port` | +| **Source** | [`server/config/config.go:47`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L47) | + +```toml +address = "0.0.0.0:8545" +``` + +--- + +**ws-address** + +| Parameter | Value | +|-----------|-------| +| **Description** | WebSocket server bind address | +| **Section** | `[json-rpc]` | +| **Default** | `"127.0.0.1:8546"` | +| **Format** | `host:port` | +| **Source** | [`server/config/config.go:50`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L50) | + +```toml +ws-address = "0.0.0.0:8546" +``` + +--- + +**api** + +| Parameter | Value | +|-----------|-------| +| **Description** | List of JSON-RPC namespaces to enable | +| **Section** | `[json-rpc]` | +| **Default** | `["eth", "net", "web3"]` | +| **Format** | Array of strings | +| **Source** | [`server/config/config.go:304-310`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L304-L310) | + +```toml +api = ["eth", "net", "web3", "txpool"] +``` + +**Available Namespaces:** +| Namespace | Purpose | Production | +|-----------|---------|------------| +| `eth` | Standard Ethereum RPC | ✅ Required | +| `net` | Network information | ✅ Recommended | +| `web3` | Web3 client version | ✅ Recommended | +| `txpool` | Transaction pool inspection | ⚠️ Caution | +| `debug` | Debug/trace endpoints | ❌ Dev only | +| `personal` | Account management | ❌ Dev only | +| `miner` | Mining operations | ❌ Dev only | + +**Production:** +```toml +api = ["eth", "net", "web3"] +``` + +**Development:** +```toml +api = ["eth", "net", "web3", "txpool", "debug"] +``` + +--- + +**gas-cap** + +| Parameter | Value | +|-----------|-------| +| **Description** | Gas limit for eth_call/estimateGas | +| **Section** | `[json-rpc]` | +| **Default** | `25000000` | +| **Format** | Unsigned 64-bit integer | +| **Source** | [`server/config/config.go:74`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L74) | + +```toml +gas-cap = 25000000 +``` + +--- + +**allow-insecure-unlock** + +| Parameter | Value | +|-----------|-------| +| **Description** | Allow account unlocking when account-related RPCs exposed via HTTP | +| **Section** | `[json-rpc]` | +| **Default** | `true` | +| **Format** | Boolean | +| **Source** | [`server/config/config.go:77`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L77) | + +```toml +allow-insecure-unlock = false +``` + +**Security:** +- Set to `false` for production +- Only `true` for local development + +--- + +**evm-timeout** + +| Parameter | Value | +|-----------|-------| +| **Description** | Timeout for eth_call execution | +| **Section** | `[json-rpc]` | +| **Default** | `"5s"` | +| **Format** | Go duration string | +| **Source** | [`server/config/config.go:92`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L92) | + +```toml +evm-timeout = "5s" +``` + +--- + +**txfee-cap** + +| Parameter | Value | +|-----------|-------| +| **Description** | Global tx-fee cap for send transaction (in native token units) | +| **Section** | `[json-rpc]` | +| **Default** | `1.0` | +| **Format** | Float | +| **Source** | [`server/config/config.go:95`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L95) | + +```toml +txfee-cap = 1.0 +``` + +--- + +**filter-cap** + +| Parameter | Value | +|-----------|-------| +| **Description** | Maximum number of filters that can be created | +| **Section** | `[json-rpc]` | +| **Default** | `200` | +| **Format** | 32-bit integer | +| **Source** | [`server/config/config.go:80`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L80) | + +```toml +filter-cap = 200 +``` + +--- + +**feehistory-cap** + +| Parameter | Value | +|-----------|-------| +| **Description** | Maximum number of blocks for fee history query | +| **Section** | `[json-rpc]` | +| **Default** | `100` | +| **Format** | 32-bit integer | +| **Source** | [`server/config/config.go:83`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L83) | + +```toml +feehistory-cap = 100 +``` + +--- + +**logs-cap** + +| Parameter | Value | +|-----------|-------| +| **Description** | Maximum results from single eth_getLogs query | +| **Section** | `[json-rpc]` | +| **Default** | `10000` | +| **Format** | 32-bit integer | +| **Source** | [`server/config/config.go:86`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L86) | + +```toml +logs-cap = 10000 +``` + +--- + +**block-range-cap** + +| Parameter | Value | +|-----------|-------| +| **Description** | Maximum block range for eth_getLogs query | +| **Section** | `[json-rpc]` | +| **Default** | `10000` | +| **Format** | 32-bit integer | +| **Source** | [`server/config/config.go:89`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L89) | + +```toml +block-range-cap = 10000 +``` + +--- + +**http-timeout** + +| Parameter | Value | +|-----------|-------| +| **Description** | Read/write timeout for HTTP JSON-RPC server | +| **Section** | `[json-rpc]` | +| **Default** | `"30s"` | +| **Format** | Go duration string | +| **Source** | [`server/config/config.go:98`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L98) | + +```toml +http-timeout = "30s" +``` + +--- + +**http-idle-timeout** + +| Parameter | Value | +|-----------|-------| +| **Description** | Idle timeout for HTTP JSON-RPC server | +| **Section** | `[json-rpc]` | +| **Default** | `"2m0s"` | +| **Format** | Go duration string | +| **Source** | [`server/config/config.go:101`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L101) | + +```toml +http-idle-timeout = "2m0s" +``` + +--- + +**allow-unprotected-txs** + +| Parameter | Value | +|-----------|-------| +| **Description** | Allow unprotected (non-EIP155) transactions via RPC | +| **Section** | `[json-rpc]` | +| **Default** | `false` | +| **Format** | Boolean | +| **Source** | [`server/config/config.go:104`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L104) | + +```toml +allow-unprotected-txs = false +``` + +**Security:** +- `false` for production (required) +- `true` only for local development + +--- + +**batch-request-limit** + +| Parameter | Value | +|-----------|-------| +| **Description** | Maximum number of requests in a batch | +| **Section** | `[json-rpc]` | +| **Default** | `1000` | +| **Format** | Integer | +| **Source** | [`server/config/config.go:108`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L108) | + +```toml +batch-request-limit = 1000 +``` + +--- + +**batch-response-max-size** + +| Parameter | Value | +|-----------|-------| +| **Description** | Maximum bytes returned from batched RPC call | +| **Section** | `[json-rpc]` | +| **Default** | `25000000` (25 MB) | +| **Format** | Integer | +| **Source** | [`server/config/config.go:112`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L112) | + +```toml +batch-response-max-size = 25000000 +``` + +--- + +**max-open-connections** + +| Parameter | Value | +|-----------|-------| +| **Description** | Maximum simultaneous connections (0 = unlimited) | +| **Section** | `[json-rpc]` | +| **Default** | `0` | +| **Format** | Integer | +| **Source** | [`server/config/config.go:115`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L115) | + +```toml +max-open-connections = 0 +``` + +--- + +**enable-indexer** + +| Parameter | Value | +|-----------|-------| +| **Description** | Enable custom transaction indexer for EVM transactions | +| **Section** | `[json-rpc]` | +| **Default** | `false` | +| **Format** | Boolean | +| **Source** | [`server/config/config.go:256`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L256) | + +```toml +enable-indexer = false +``` + +--- + +**metrics-address** + +| Parameter | Value | +|-----------|-------| +| **Description** | Metrics server bind address | +| **Section** | `[json-rpc]` | +| **Default** | `"127.0.0.1:6065"` | +| **Format** | `host:port` | +| **Source** | [`server/config/config.go:53`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L53) | + +```toml +metrics-address = "127.0.0.1:6065" +``` + +--- + +**ws-origins** + +| Parameter | Value | +|-----------|-------| +| **Description** | Allowed origins for WebSocket connections | +| **Section** | `[json-rpc]` | +| **Default** | `["127.0.0.1", "localhost"]` | +| **Format** | Array of strings | +| **Source** | [`server/config/config.go:120-122`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L120-L122) | + +```toml +ws-origins = ["127.0.0.1", "localhost", "myapp.example.com"] +``` + +--- + +**enable-profiling** + +| Parameter | Value | +|-----------|-------| +| **Description** | Enable profiling in debug namespace | +| **Section** | `[json-rpc]` | +| **Default** | `false` | +| **Format** | Boolean | +| **Source** | [`server/config/config.go:124`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L124) | + +```toml +enable-profiling = false +``` + +**Warning:** +- **Never enable on public nodes** +- Only for development/debugging +- Can expose sensitive information + + + +### TLS Configuration ([tls] section) + + + +**certificate-path** + +| Parameter | Value | +|-----------|-------| +| **Description** | Path to TLS certificate .pem file | +| **Section** | `[tls]` | +| **Default** | `""` (TLS disabled) | +| **Format** | File path | + +```toml +[tls] +certificate-path = "" +``` + +--- + +**key-path** + +| Parameter | Value | +|-----------|-------| +| **Description** | Path to TLS key .pem file | +| **Section** | `[tls]` | +| **Default** | `""` (TLS disabled) | +| **Format** | File path | + +```toml +key-path = "" +``` + +**Example (TLS enabled):** +```toml +[tls] +certificate-path = "/path/to/cert.pem" +key-path = "/path/to/key.pem" +``` + + + +### Telemetry Configuration ([telemetry] section) + + + +**service-name** + +| Parameter | Value | +|-----------|-------| +| **Description** | Service name prefix for telemetry keys | +| **Section** | `[telemetry]` | +| **Default** | `""` | +| **Format** | String | + +```toml +[telemetry] +service-name = "" +``` + +--- + +**enabled** + +| Parameter | Value | +|-----------|-------| +| **Description** | Enable application telemetry | +| **Section** | `[telemetry]` | +| **Default** | `false` | +| **Format** | Boolean | + +```toml +enabled = false +``` + +--- + +**enable-hostname** / **enable-hostname-label** / **enable-service-label** + +| Parameter | Value | +|-----------|-------| +| **Description** | Include hostname/service in telemetry metrics | +| **Section** | `[telemetry]` | +| **Default** | `false` | +| **Format** | Boolean | + +```toml +enable-hostname = false +enable-hostname-label = false +enable-service-label = false +``` + + + +### config.toml Parameters + +Location: `~/.yourchain/config/config.toml` (CometBFT configuration) + + +This file is managed by CometBFT. Most parameters use CometBFT defaults. Key parameters for chain operators are documented below. + + + + +**P2P Configuration ([p2p] section)** + +**persistent_peers** + +| Parameter | Value | +|-----------|-------| +| **Description** | Comma-separated list of nodes to maintain persistent connections | +| **Section** | `[p2p]` | +| **Default** | `""` | +| **Format** | `node_id@ip:port,node_id2@ip:port,...` | + +```toml +[p2p] +persistent_peers = "7c90e16cca334eb7@192.168.1.100:26656,abc123def456@192.168.1.101:26656" +``` + +**Get node ID:** +```bash +yourchain comet show-node-id +``` + +--- + +**laddr** (P2P listen address) + +| Parameter | Value | +|-----------|-------| +| **Description** | P2P listen address | +| **Section** | `[p2p]` | +| **Default** | `"tcp://0.0.0.0:26656"` | +| **Format** | `tcp://host:port` | + +```toml +laddr = "tcp://0.0.0.0:26656" +``` + +--- + +**Consensus Configuration ([consensus] section)** + +**timeout_commit** + +| Parameter | Value | +|-----------|-------| +| **Description** | How long to wait after committing before starting new height (determines block time) | +| **Section** | `[consensus]` | +| **Default** | `"5s"` | +| **Format** | Go duration string | + +```toml +[consensus] +timeout_commit = "5s" +``` + +**Block Time:** +- `"1s"` - Fast blocks (development) +- `"5s"` - Standard (production) +- `"8s"` - Slower (high latency networks) + +--- + +**timeout_propose** / **timeout_prevote** / **timeout_precommit** + +| Parameter | Value | +|-----------|-------| +| **Description** | Timeouts for consensus phases | +| **Section** | `[consensus]` | +| **Default** | `"3s"` / `"1s"` / `"1s"` | +| **Format** | Go duration string | + +```toml +timeout_propose = "3s" +timeout_prevote = "1s" +timeout_precommit = "1s" +``` + +--- + +**RPC Configuration ([rpc] section)** + +**laddr** (RPC listen address) + +| Parameter | Value | +|-----------|-------| +| **Description** | CometBFT RPC listen address | +| **Section** | `[rpc]` | +| **Default** | `"tcp://127.0.0.1:26657"` | +| **Format** | `tcp://host:port` | + +```toml +[rpc] +laddr = "tcp://127.0.0.1:26657" +``` + +--- + +**Instrumentation Configuration ([instrumentation] section)** + +**prometheus** + +| Parameter | Value | +|-----------|-------| +| **Description** | Enable Prometheus metrics | +| **Section** | `[instrumentation]` | +| **Default** | `false` | +| **Format** | Boolean | + +```toml +[instrumentation] +prometheus = true +prometheus_listen_addr = ":26660" +``` + +**Access metrics:** +```bash +curl http://localhost:26660/metrics +``` + + + +### client.toml Parameters + +Location: `~/.yourchain/config/client.toml` + + + +**chain-id** + +| Parameter | Value | +|-----------|-------| +| **Description** | Chain ID for CLI operations | +| **Section** | Root | +| **Default** | `""` (must be set) | +| **Format** | String | + +```toml +chain-id = "mychain-1" +``` + +**Set via CLI:** +```bash +yourchain config set client chain-id mychain-1 +``` + +**Important:** +- **Required** for node startup +- Must match `genesis.json` chain_id +- Node will fail to start if mismatch + +--- + +**keyring-backend** + +| Parameter | Value | +|-----------|-------| +| **Description** | Keyring storage backend | +| **Section** | Root | +| **Default** | `"os"` | +| **Options** | `os`, `file`, `test` | + +```toml +keyring-backend = "os" +``` + +**Options:** +- `"os"` - OS native keyring (secure, production) +- `"file"` - Encrypted file (requires password) +- `"test"` - Unencrypted (development only, **never for production**) + +--- + +**output** + +| Parameter | Value | +|-----------|-------| +| **Description** | Default output format for CLI | +| **Section** | Root | +| **Default** | `"text"` | +| **Options** | `text`, `json` | + +```toml +output = "text" +``` + +--- + +**node** + +| Parameter | Value | +|-----------|-------| +| **Description** | CometBFT RPC endpoint for CLI to connect to | +| **Section** | Root | +| **Default** | `"tcp://localhost:26657"` | +| **Format** | `tcp://host:port` | + +```toml +node = "tcp://localhost:26657" +``` + +**Use Cases:** +- Local node: `"tcp://localhost:26657"` +- Remote node: `"tcp://rpc.mychain.network:26657"` +- Public endpoint: Connect without running full node + +--- + +**broadcast-mode** + +| Parameter | Value | +|-----------|-------| +| **Description** | Transaction broadcast mode | +| **Section** | Root | +| **Default** | `"sync"` | +| **Options** | `sync`, `async`, `block` | + +```toml +broadcast-mode = "sync" +``` + +**Options:** +- `"sync"` - Wait for CheckTx (recommended) +- `"async"` - Return immediately +- `"block"` - Wait for block inclusion (slowest, most certain) + + + +--- + +## Summary Tables + +### Configuration by Phase + +| Phase | When | Examples | Changeability | +|-------|------|----------|---------------| +| **Pre-Genesis** | Before `init` | Binary name, Bech32 prefix, BIP44, EVM chain ID | Requires rebuild + hard fork | +| **Genesis** | After `init`, before launch | Module params, initial accounts, validators | Via governance after launch | +| **Runtime** | After launch | app.toml, config.toml, client.toml | Restart node | +| **On-Chain** | After launch | Some module params | Via governance proposal | + +### Critical Parameters (Cannot Change After Genesis) + +| Parameter | Why Critical | +|-----------|-------------| +| **EVM Chain ID** | Breaks transaction replay protection | +| **Bech32 Prefix** | Changes all address formats | +| **BIP44 Coin Type** | Breaks wallet key derivation | +| **Token Decimals** | Fundamental to token economics | + +### Commonly Changed Parameters + +| Parameter | Use Case | +|-----------|----------| +| **minimum-gas-prices** | Adjust fees, prevent spam | +| **active_static_precompiles** | Enable/disable Cosmos SDK features | +| **access_control** | Manage deployment permissions | +| **json-rpc.api** | Control exposed RPC namespaces | +| **pruning** | Manage disk usage | + +--- + +## Quick Navigation + + + +- [Binary Name](#binary-name) +- [Bech32 Address Prefix](#bech32-address-prefix) +- [BIP44 Coin Type](#bip44-coin-type) +- [EVM Chain ID](#evm-chain-id) +- [Default Denomination in Source](#default-denomination-in-source) + + + +- [Root-Level Parameters](#root-level-parameters) +- [VM Module Parameters](#vm-module-parameters-xvm) +- [FeeMarket Module Parameters](#feemarket-module-parameters-xfeemarket) +- [ERC20 Module Parameters](#erc20-module-parameters-xerc20) +- [Bank Module Parameters](#bank-module-parameters) +- [Staking Module Parameters](#staking-module-parameters) +- [Slashing Module Parameters](#slashing-module-parameters) +- [Governance Module Parameters](#governance-module-parameters) +- [Mint Module Parameters](#mint-module-parameters) +- [Distribution Module Parameters](#distribution-module-parameters) + + + +- [app.toml Base Configuration](#apptoml-parameters) +- [EVM Configuration](#evm-configuration-evm-section) +- [EVM Mempool Configuration](#evm-mempool-configuration-evmmempool-section) +- [JSON-RPC Configuration](#json-rpc-configuration-json-rpc-section) +- [TLS Configuration](#tls-configuration-tls-section) +- [config.toml Parameters](#configtoml-parameters) +- [client.toml Parameters](#clienttoml-parameters) + + + +--- + +## Additional Resources + + + +Step-by-step configuration guide + + + +Network launch procedures + + + +Quick reference with commands + + + +EVM module documentation + + + +Fee market documentation + + + +ERC20 module documentation + + + +Precision handling for non-18 decimals + + + +Cosmos SDK precompiles + + + +General Cosmos SDK documentation + + + +--- + +For questions or issues, visit the [Cosmos EVM GitHub repository](https://github.com/cosmos/evm). diff --git a/docs/evm/next/documentation/getting-started/build-a-chain/configuration-reference.mdx b/docs/evm/next/documentation/getting-started/build-a-chain/configuration-reference.mdx index 41583ab6..f790d1f1 100644 --- a/docs/evm/next/documentation/getting-started/build-a-chain/configuration-reference.mdx +++ b/docs/evm/next/documentation/getting-started/build-a-chain/configuration-reference.mdx @@ -201,11 +201,11 @@ yourchain query slashing signing-info $(yourchain comet show-validator) | File | Location | Purpose | |---|---|---| -| **Bech32 Prefix** | `config/config.go:62` | Address prefix | -| **BIP44 Coin Type** | `crypto/hd/hdpath.go:9` | HD wallet path | +| **Bech32 Prefix** | `config/config.go:61-62` | Address prefix | +| **BIP44 Coin Type** | `crypto/hd/hdpath.go:8-9` | HD wallet path | | **EVM Chain ID** | `config/config.go:78` | EIP-155 chain ID | -| **Default Denoms** | `x/vm/types/params.go:21-25` | EVM module defaults | -| **Constants** | `config/constants.go:5-8` | Example chain values | +| **Default Denoms** | `x/vm/types/params.go:20-25` | EVM module defaults | +| **Constants** | `config/constants.go:4-8` | Example chain values | | **App Template** | `server/config/migration/v0.50-app.toml:11` | Config template | @@ -217,10 +217,11 @@ yourchain query slashing signing-info $(yourchain comet show-validator) | Parameter | Default Value | File Location | |---|---|---| | Binary Name | `evmd` | Directory name | -| Bech32 Prefix | `cosmos` | `config/config.go:62` | -| BIP44 Coin Type | `60` (Ethereum) | `crypto/hd/hdpath.go:9` | -| EVM Chain ID | `999888` | `config/config.go:78` | -| Base Denom | `aatom` | `x/vm/types/params.go:21` | +| Bech32 Prefix | `cosmos` | `config/config.go:61-62` | +| BIP44 Coin Type | `60` (Ethereum) | `crypto/hd/hdpath.go:8-9` | +| EVM Chain ID | `262144` | `config/config.go:78` | +| Base Denom (EVM) | `uatom` | `x/vm/types/params.go:21` | +| Extended Denom | `aatom` | `x/vm/types/params.go:23` | | Display Denom | `atom` | `x/vm/types/params.go:25` | diff --git a/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx b/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx index 561535cd..1b0fb01b 100644 --- a/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx +++ b/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx @@ -3,12 +3,10 @@ title: "Initial Setup" description: "Preparation for building your custom EVM chain." --- -This page provides a very basic starting point for newer developers, or those who are unfamiliar with the Cosmos SDK. You can skip to the [Pre-Genesis & Genesis Setup](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup) page if you are already comfortable with the stack. +This page provides a basic starting point for anyone unfamiliar with the Cosmos SDK. You can skip to the [Pre-Genesis & Genesis Setup](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup) page if you are already comfortable with the stack. ## Prerequisites -Building Cosmos EVM requires several tools and dependencies. Installation varies by operating system and architecture. - ### Required Dependencies - **Go 1.22+** - Required for building the blockchain binary @@ -266,21 +264,6 @@ make test ``` -## Review Key Resources - -Before diving into configuration, familiarize yourself with these important resources: - -### Security & Audits -Review the comprehensive [security audits](/docs/evm/next/documentation/overview#audits) conducted on Cosmos EVM (v0.4.x and later). Understanding the audit findings and their resolutions will help you make informed security decisions for your chain. - -### Cosmos SDK Modules -Explore the [Cosmos SDK modules](/docs/evm/next/documentation/cosmos-sdk) that provide core blockchain functionality: -- **Bank** - Token transfers and balances -- **Staking** - Validator delegation and rewards -- **Governance** - On-chain voting and proposals -- **Slashing** - Validator penalty enforcement -- **Distribution** - Fee and reward distribution - ### Precompiles Learn about [precompiled contracts](/docs/evm/next/documentation/smart-contracts/precompiles) that bridge EVM smart contracts with Cosmos SDK functionality. These enable Solidity contracts to interact with native modules for staking, IBC transfers, and more. @@ -294,18 +277,30 @@ The repository includes a development script that launches a fully configured lo Run the script: ```bash -./local_node.sh -y +./local_node.sh ``` -This starts a local chain at `http://localhost:8545` that you can connect to with MetaMask or other Ethereum wallets (chain ID: `262144`). +This starts a validator node which runs a local chain accessible at `http://localhost:8545` wih all namespaces enabled including "unsafe" ones such as `personal` which allows signing over the JSON-RPC with one of the pre-funded test wallets. +- Connect to with MetaMask or other Ethereum wallets (default chain ID: `262144`). +- Use the web tool to see a complete list of [EVM RPC](docs/evm/next/api-reference/ethereum-json-rpc/rpc-explorer) endpooints and interact with the network. +- Explore the [light client](docs/evm/next/documentation/cosmos-sdk/cli.mdx) interface to access the consensus layer, debugging and development features. + + +### [Optional] Cosmos SDK Modules +Explore the [Cosmos SDK modules](/docs/evm/next/documentation/cosmos-sdk) that provide core blockchain functionality: +- **Bank** - Token transfers and balances +- **Staking** - Validator delegation and rewards +- **Governance** - On-chain voting and proposals +- **Slashing** - Validator penalty enforcement +- **Distribution** - Fee and reward distribution ## Next Steps -With your development environment ready, you're now prepared to begin configuring your chain. The configuration process is divided into three phases: +With your development environment ready, you can start configuring the pre-launch parameters. TO make the process more managable, we will go through it in three sections: -1. **Pre-Genesis Configuration** - Set chain identity and compile source code customizations -2. **Genesis Configuration** - Initialize the chain and configure genesis.json parameters -3. **Runtime Configuration** - Set up node-level settings and launch the network +1. **Pre-Genesis Configuration** - Set chain-id, token parameters and other values that are hard-coded. +2. **Genesis Configuration** - Initialize the chain and configure genesis.json parameters such as module configs, genesis token allocations, and validator set. +3. **Runtime Configuration** - Set up node-level settings and launch the network. Proceed to the [Pre-Genesis & Genesis Setup](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup) guide to begin customizing your chain's identity and parameters. diff --git a/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup.mdx b/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup.mdx index 33692f7b..cbac42c9 100644 --- a/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup.mdx +++ b/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup.mdx @@ -34,34 +34,34 @@ These parameters are compiled into your binary and must be set before running `y - + **Default**: `evmd` -**Common Practice**: `yourchain` (unique name for your project) +**Modified**: `yourchain` (unique name for your project) **Default**: `cosmos` -**Common Practice**: Unique prefix for your chain (e.g., `evmos`, `osmosis`) +**Modified**: Unique prefix for your chain (e.g., `evmos`, `osmosis`) **Default**: `60` (Ethereum) -**Common Practice**: `60` for EVM chains, or register unique value +**Modified**: `60` for EVM chains, or register unique value (not recommended for EVM compatibility reasons) **Default**: `262144` -**Common Practice**: Register unique integer at [chainlist.org](https://chainlist.org) +**Modified**: Unique positive integer (number). Make sure it is not already taken by checking [chainlist.org](https://chainlist.org) **Default**: 18 decimals (EVM standard) -**Common Practice**: 18 decimals (simpler), 6 decimals (Cosmos standard, requires PreciseBank) +**Modified**: 18 decimals (simpler), 6 decimals (Cosmos standard, requires PreciseBank) **Default**: `aatom` / `atom` -**Common Practice**: Update to your token name before `init` +**Modified**: Update to your token name before `init` @@ -140,129 +140,258 @@ These parameters are configured in `genesis.json` after initialization: Confirm these parameters before running `yourchain init`. These parameters are compiled into your binary, and determine how the genesis file is generated. -### Binary Name +### Chain Name - + -**Description**: The name of your compiled blockchain executable. - -**Default**: `evmd` - -**File Location**: Directory name and all Go imports - -**Why Change It**: Brand your chain and avoid confusion with the reference implementation. +| Parameter | Details | +|-----------|---------| +| **Description** | The name of your compiled blockchain executable | +| **Default** | `evmd` | +| **File Location** | Directory name and all Go imports | +| **Why Change It** | Brand your chain and avoid confusion with the reference implementation | - + + +**Simplest approach using find-and-replace:** ```bash # 1. Navigate to evm repository cd /path/to/evm -# 2. Rename binary directory -mv evmd yourchain - -# 3. Update all Go imports -find . -type f -name "*.go" -exec sed -i '' \ - 's|github.com/cosmos/evm/evmd|github.com/your-org/your-chain/yourchain|g' {} \; - -# 4. Update go.mod module path -# Edit go.mod manually to change: -# From: module github.com/cosmos/evm -# To: module github.com/your-org/your-chain - -# 5. Update Makefile -sed -i '' 's/evmd/yourchain/g' Makefile - -# 6. Tidy and build +# 2. IMPORTANT: Create a backup or commit current state +git add -A +git commit -m "Pre-rename checkpoint" || echo "Skipping commit (no changes or not a git repo)" + +# 3. Verify you're in the correct directory +if [ ! -f "go.mod" ] || [ ! -d "evmd" ]; then + echo "ERROR: Not in evm repository root. Expected go.mod and evmd/ directory" + exit 1 +fi + +# 4. Use your editor's find-and-replace (VSCode, etc.) to replace: +# 'evmd' → 'yourchain' (across all files, excluding .git/) +# '.evmd' → '.yourchain' (for home directories) +# +# OR use sed commands: +find . -type f ! -path "*/.git/*" ! -path "*/vendor/*" -exec sed -i '' 's/evmd/yourchain/g' {} \; +find . -type f ! -path "*/.git/*" ! -path "*/vendor/*" -exec sed -i '' 's/\.evmd/.yourchain/g' {} \; + +# 5. Verify sed completed successfully +if [ $? -ne 0 ]; then + echo "ERROR: Find-and-replace failed. Restore from backup/git" + exit 1 +fi + +# 6. Manually rename directories and files: +[ -d "evmd" ] && mv evmd yourchain +[ -d "yourchain/cmd/evmd" ] && mv yourchain/cmd/evmd yourchain/cmd/yourchain +[ -f "config/evmd_config.go" ] && mv config/evmd_config.go config/yourchain_config.go + +# 7. Update go.mod module path (if changing from cosmos/evm): +# Edit yourchain/go.mod first line: +# From: module github.com/cosmos/evm/evmd +# To: module github.com/your-org/your-chain/yourchain + +# 8. Tidy and build go mod tidy +cd yourchain && go mod tidy && cd .. + +# 9. Build to verify everything works make build -# 7. Verify +# 10. Verify binary was created and runs +if [ ! -f "./build/yourchain" ]; then + echo "ERROR: Build failed - binary not found at ./build/yourchain" + exit 1 +fi + ./build/yourchain version +echo "SUCCESS: Binary renamed from evmd to yourchain" ``` + +**Validation Checklist** before proceeding: +- ✅ Backup created or changes committed to git +- ✅ Running from repository root (go.mod present) +- ✅ `evmd` directory exists before rename +- ✅ Build succeeds without errors +- ✅ Binary executes and shows version + + - -**1. Rename the binary directory:** + + + +For those who prefer a careful, step-by-step process with full visibility into each change: + +**1. Create backup:** +```bash +git add -A +git commit -m "Pre-rename checkpoint" +``` + +**2. Rename the binary directory:** ```bash mv evmd yourchain ``` -**2. Update Go imports in all `.go` files:** +**3. Rename command subdirectory:** +```bash +mv yourchain/cmd/evmd yourchain/cmd/yourchain +``` + +**4. Rename config file:** +```bash +mv config/evmd_config.go config/yourchain_config.go +``` +**5. Update package names in Go files:** ```bash +# Change package evmd to package yourchain +find yourchain -name "*.go" -type f ! -path "*/tests/*" ! -path "*/cmd/*" \ + -exec sed -i '' 's/^package evmd$/package yourchain/' {} \; +``` + +**6. Update all import paths:** +```bash +# Update evmd imports to yourchain find . -type f -name "*.go" -exec sed -i '' \ 's|github.com/cosmos/evm/evmd|github.com/your-org/your-chain/yourchain|g' {} \; ``` -**3. Update `go.mod` module declaration:** - +**7. Update `yourchain/go.mod`:** ```go -// From: -module github.com/cosmos/evm +// Change first line from: +module github.com/cosmos/evm/evmd // To: -module github.com/your-org/your-chain +module github.com/your-org/your-chain/yourchain ``` -**4. Update Makefile references:** - +**8. Update Makefile:** ```bash sed -i '' 's/evmd/yourchain/g' Makefile +sed -i '' 's/\.evmd/.yourchain/g' Makefile ``` -**5. Run go mod tidy:** +**9. Update scripts:** ```bash -go mod tidy +sed -i '' 's/evmd/yourchain/g' local_node.sh +sed -i '' 's/\.evmd/.yourchain/g' local_node.sh +find tests -name "*.sh" -exec sed -i '' 's/evmd/yourchain/g' {} \; +find scripts -name "*.sh" -exec sed -i '' 's/evmd/yourchain/g' {} \; +``` + +**10. Update Docker configs:** +```bash +sed -i '' 's/evmd/yourchain/g' docker-compose.yml +mv contrib/images/evmd-env contrib/images/yourchain-env +sed -i '' 's/evmd/yourchain/g' contrib/images/yourchain-env/Dockerfile +sed -i '' 's/evmd/yourchain/g' contrib/images/Makefile ``` -**6. Build and verify:** +**11. Update documentation:** +```bash +sed -i '' 's/evmd/yourchain/g' README.md CLAUDE.md +sed -i '' 's/\.evmd/.yourchain/g' README.md CLAUDE.md +``` +**12. Update home directory references:** +```bash +sed -i '' 's/\.evmd/.yourchain/g' config/yourchain_config.go +``` + +**13. Tidy modules:** +```bash +go mod tidy +cd yourchain && go mod tidy && cd .. +``` + +**14. Build and verify:** ```bash make build +if [ ! -f "./build/yourchain" ]; then + echo "ERROR: Build failed" + exit 1 +fi ./build/yourchain version +make install +which yourchain ``` + +**Why use this approach?** +- Complete visibility into each change +- Easier to debug if issues arise +- Educational for understanding project structure +- Better control for complex customizations + +**Most users should use the Quick Setup tab** unless they need to understand each change in detail. + + + -The renaming process updates: +The renaming process updates these components across your codebase: -**Directory Structure:** +**1. Directories:** - `evmd/` → `yourchain/` - `evmd/cmd/evmd/` → `yourchain/cmd/yourchain/` +- `contrib/images/evmd-env/` → `contrib/images/yourchain-env/` -**Go Import Paths:** +**2. Files:** +- `config/evmd_config.go` → `config/yourchain_config.go` +**3. Go Code:** ```go -// Before +// Package names +package evmd → package yourchain + +// Import paths import "github.com/cosmos/evm/evmd/cmd" +→ import "github.com/your-org/your-chain/yourchain/cmd" -// After -import "github.com/your-org/your-chain/yourchain/cmd" -``` +// Module declaration (yourchain/go.mod) +module github.com/cosmos/evm/evmd +→ module github.com/your-org/your-chain/yourchain -**Module Declaration:** +// Home directory references +".evmd" → ".yourchain" +``` -```go -// go.mod before -module github.com/cosmos/evm +**4. Build Files:** +```makefile +# Makefile +EXAMPLE_BINARY := evmd → EXAMPLE_BINARY := yourchain +EVMD_DIR := evmd → CRAWD_DIR := yourchain +test-evmd → test-yourchain -// go.mod after -module github.com/your-org/your-chain +# Makefile comments and section headers also updated ``` -**Makefile:** +**5. Scripts:** +- `local_node.sh`: All `evmd` → `yourchain`, `$HOME/.evmd` → `$HOME/.yourchain` +- All test scripts in `tests/` and `scripts/` directories +- Docker compose files and Dockerfiles -```makefile -# Before -BINARY_NAME := evmd +**6. Documentation:** +- `README.md` +- `CLAUDE.md` +- Any project-specific docs -# After -BINARY_NAME := yourchain -``` +**What Doesn't Change:** +- Git history (`.git/` directory untouched) +- External dependencies +- Core EVM module code (remains in `x/` directories) +- Pre-built binaries or archives + + +**Edge Cases**: The renaming process is straightforward because `evmd` doesn't have special meaning in Go syntax or require conditional logic. All replacements are simple text substitutions, making bulk find-and-replace safe and effective. + @@ -272,15 +401,14 @@ BINARY_NAME := yourchain ### Bech32 Address Prefix - - -**Description**: Your chain's address format (e.g., `cosmos1...`, `evmos1...`, `yourchain1...`). - -**Default**: `cosmos` - -**File Location**: [`config/config.go:62`](https://github.com/cosmos/evm/blob/main/config/config.go#L60-L74) + -**Why Change It**: Create unique, recognizable addresses for your chain. +| Parameter | Details | +|-----------|---------| +| **Description** | Your chain's address format (e.g., `cosmos1...`, `evmos1...`, `yourchain1...`) | +| **Default** | `cosmos` | +| **File Location** | [`config/config.go:62`](https://github.com/cosmos/evm/blob/main/config/config.go#L60-L74) | +| **Why Change It** | Create unique, recognizable addresses for your chain | Must be changed **before** running `yourchain init`. Changing after genesis requires a hard fork. @@ -361,15 +489,14 @@ Expected output: ### BIP44 Coin Type - + -**Description**: The HD wallet derivation path for key generation according to [BIP-44](https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki). - -**Default**: `60` (Ethereum) - -**File Location**: [`crypto/hd/hdpath.go:9`](https://github.com/cosmos/evm/blob/main/crypto/hd/hdpath.go#L7-L13) - -**Why Change It**: For Cosmos SDK chains wanting non-Ethereum derivation paths, or to register a unique coin type. +| Parameter | Details | +|-----------|---------| +| **Description** | The HD wallet derivation path for key generation according to [BIP-44](https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki) | +| **Default** | `60` (Ethereum) | +| **File Location** | [`crypto/hd/hdpath.go:9`](https://github.com/cosmos/evm/blob/main/crypto/hd/hdpath.go#L7-L13) | +| **Why Change It** | For Cosmos SDK chains wanting non-Ethereum derivation paths, or to register a unique coin type | @@ -441,15 +568,14 @@ make build ### EVM Chain ID - + -**Description**: The EIP-155 chain ID used for Ethereum transaction replay protection. - -**Default**: `262144` - -**File Location**: [`config/config.go:78`](https://github.com/cosmos/evm/blob/main/config/config.go#L78) - -**Why Change It**: Must be unique for your network to prevent transaction replay attacks. +| Parameter | Details | +|-----------|---------| +| **Description** | The EIP-155 chain ID used for Ethereum transaction replay protection | +| **Default** | `262144` | +| **File Location** | [`config/config.go:78`](https://github.com/cosmos/evm/blob/main/config/config.go#L78) | +| **Why Change It** | Must be unique for your network to prevent transaction replay attacks | The EVM Chain ID must be set in source code **before building your binary**. It cannot be changed after your binary is built, as it's compiled into the chain configuration. Choose carefully before building. @@ -564,13 +690,13 @@ const tx = { ### Token Decimal Precision - + -**Description**: Determines whether your native token uses 18 decimals (like ETH) or another precision (like ATOM's 6 decimals). - -**Default**: 18 decimals - -**Why Choose**: Affects EVM compatibility and module requirements. +| Parameter | Details | +|-----------|---------| +| **Description** | Determines whether your native token uses 18 decimals (like ETH) or another precision (like ATOM's 6 decimals) | +| **Default** | 18 decimals | +| **Why Choose** | Affects EVM compatibility and module requirements | This decision affects your entire architecture and cannot be changed after genesis. Choose based on your compatibility needs. @@ -725,13 +851,13 @@ app.ModuleManager = module.NewManager( ### Default Denomination in Source - - -**Description**: Default token denominations hardcoded in source files that are used when generating configuration files. + -**Default**: `aatom` / `atom` - -**Why Change It**: So that generated config files use your token name instead of the default. +| Parameter | Details | +|-----------|---------| +| **Description** | Default token denominations hardcoded in source files that are used when generating configuration files | +| **Default** | `aatom` / `atom` | +| **Why Change It** | So that generated config files use your token name instead of the default | This step must be completed **before** running `yourchain init`. The defaults are compiled into the binary and written to generated files during initialization. @@ -888,7 +1014,7 @@ Genesis parameters can be modified until you distribute the genesis file to vali ### Initialize Your Chain - + **For Production Chains**: Before running `init`, ensure you have completed all [Pre-Genesis Setup](#pre-genesis-setup) steps, especially [Binary Name](#binary-name) configuration. Organizations deploying their own chain should rename the binary from `evmd` to their own chain name (e.g., `yourchain`) to brand their network and avoid confusion with the reference implementation. @@ -918,15 +1044,14 @@ Now proceed with genesis configuration below. ### Cosmos Chain ID - - -**Description**: The unique string identifier for your blockchain in the Cosmos ecosystem. - -**Format**: Flexible string, commonly `{name}-{version}` + -**Genesis Location**: Root-level field `chain_id` - -**Why Important**: Used for IBC connections, CometBFT consensus, and client identification. +| Parameter | Details | +|-----------|---------| +| **Description** | The unique string identifier for your blockchain in the Cosmos ecosystem | +| **Format** | Flexible string, commonly `{name}-{version}` | +| **Genesis Location** | Root-level field `chain_id` | +| **Why Important** | Used for IBC connections, CometBFT consensus, and client identification | @@ -1007,15 +1132,14 @@ dev-1 ### Genesis Time - - -**Description**: UTC timestamp when the chain starts producing blocks. - -**Format**: RFC3339 timestamp (e.g., `"2024-12-01T00:00:00Z"`) + -**Genesis Location**: Root-level field `genesis_time` - -**Why Important**: Coordinates synchronized network launch across all validators. +| Parameter | Details | +|-----------|---------| +| **Description** | UTC timestamp when the chain starts producing blocks | +| **Format** | RFC3339 timestamp (e.g., `"2024-12-01T00:00:00Z"`) | +| **Genesis Location** | Root-level field `genesis_time` | +| **Why Important** | Coordinates synchronized network launch across all validators | **Set the genesis time:** @@ -1044,13 +1168,13 @@ jq '.genesis_time' ~/.yourchain/config/genesis.json ### Bank Denomination Metadata - - -**Description**: Your token's base denomination, decimal precision, and display properties. - -**Genesis Location**: `app_state.bank.denom_metadata` + -**Why Important**: Controls how tokens are displayed and handled across the chain. +| Parameter | Details | +|-----------|---------| +| **Description** | Your token's base denomination, decimal precision, and display properties | +| **Genesis Location** | `app_state.bank.denom_metadata` | +| **Why Important** | Controls how tokens are displayed and handled across the chain | **Decimal Precision Decision**: Your choice of 18 vs 6 decimals (configured in [Token Decimal Precision](#token-decimal-precision)) determines the values below. See that section for detailed explanation. @@ -1125,13 +1249,13 @@ jq '.app_state.gov.params.min_deposit[0].denom' $GENESIS ### VM Parameters - + -**Description**: Core EVM module configuration including gas token, extended denom options, and chain behavior. - -**Genesis Location**: `app_state.evm.params` - -**Why Important**: Defines how the EVM layer interacts with Cosmos SDK. +| Parameter | Details | +|-----------|---------| +| **Description** | Core EVM module configuration including gas token, extended denom options, and chain behavior | +| **Genesis Location** | `app_state.evm.params` | +| **Why Important** | Defines how the EVM layer interacts with Cosmos SDK | @@ -1222,18 +1346,22 @@ jq '.app_state.evm.params.extra_eips = []' \ ### Active Precompiles - - -**Description**: Enabled precompiled contracts that expose Cosmos SDK functionality to EVM smart contracts. + -**Genesis Location**: `app_state.evm.params.active_static_precompiles` - -**Default**: Empty array (no precompiles enabled) +| Parameter | Details | +|-----------|---------| +| **Description** | Enabled precompiled contracts that expose Cosmos SDK functionality to EVM smart contracts | +| **Genesis Location** | `app_state.evm.params.active_static_precompiles` | +| **Default** | Empty array (no precompiles enabled) | **Learn More**: [Precompiles Overview](/docs/evm/next/documentation/smart-contracts/precompiles/overview) - Complete documentation with Solidity interfaces + +This list represents the currently available static precompiles in the codebase. Precompiles are extensible - you can add custom precompiles to your chain. See the [authoritative source](https://github.com/cosmos/evm/blob/main/x/vm/types/precompiles.go) for the latest available precompiles. + + | Address | Name | Purpose | @@ -1247,7 +1375,6 @@ jq '.app_state.evm.params.extra_eips = []' \ | `0x0804` | **Bank** | Bank module operations | | `0x0805` | **Governance** | Submit/vote on proposals | | `0x0806` | **Slashing** | Slashing queries | -| `0x0807` | **Authz** | Authorization grants | @@ -1263,8 +1390,7 @@ jq '.app_state.evm.params.active_static_precompiles = [ "0x0000000000000000000000000000000000000803", "0x0000000000000000000000000000000000000804", "0x0000000000000000000000000000000000000805", - "0x0000000000000000000000000000000000000806", - "0x0000000000000000000000000000000000000807" + "0x0000000000000000000000000000000000000806" ]' ~/.yourchain/config/genesis.json > tmp && mv tmp ~/.yourchain/config/genesis.json ``` @@ -1314,13 +1440,13 @@ jq '.app_state.evm.params.active_static_precompiles = []' \ ### ERC20 Module - - -**Description**: Configured token pairs between Cosmos bank denoms and ERC20 representations, implementing Single Token Representation v2 (STRv2). - -**Genesis Location**: `app_state.erc20` + -**Why Important**: Allows native tokens to be used in EVM contracts as ERC20. +| Parameter | Details | +|-----------|---------| +| **Description** | Configured token pairs between Cosmos bank denoms and ERC20 representations, implementing Single Token Representation v2 (STRv2) | +| **Genesis Location** | `app_state.erc20` | +| **Why Important** | Allows native tokens to be used in EVM contracts as ERC20 | **Learn More**: @@ -1407,13 +1533,13 @@ jq '.app_state.erc20.params.permissionless_registration = false' \ ### Fee Market (EIP-1559) - + -**Description**: Dynamic fee pricing mechanism based on EIP-1559, controlling how transaction fees adjust based on network congestion. - -**Genesis Location**: `app_state.feemarket.params` - -**Default**: EIP-1559 enabled with 1 gwei base fee +| Parameter | Details | +|-----------|---------| +| **Description** | Dynamic fee pricing mechanism based on EIP-1559, controlling how transaction fees adjust based on network congestion | +| **Genesis Location** | `app_state.feemarket.params` | +| **Default** | EIP-1559 enabled with 1 gwei base fee | **Learn More**: @@ -1504,13 +1630,13 @@ jq '.app_state.feemarket.params = { ### EVM Access Control - - -**Description**: Permissions for deploying and calling smart contracts. + -**Genesis Location**: `app_state.evm.params.access_control` - -**Default**: Permissionless (anyone can deploy and call contracts) +| Parameter | Details | +|-----------|---------| +| **Description** | Permissions for deploying and calling smart contracts | +| **Genesis Location** | `app_state.evm.params.access_control` | +| **Default** | Permissionless (anyone can deploy and call contracts) | @@ -1590,11 +1716,12 @@ jq '.app_state.evm.params.access_control.create = { ### Staking Parameters - - -**Description**: Staking module behavior, including bond denom, unbonding time, and validator set size. + -**Genesis Location**: `app_state.staking.params` +| Parameter | Details | +|-----------|---------| +| **Description** | Staking module behavior, including bond denom, unbonding time, and validator set size | +| **Genesis Location** | `app_state.staking.params` | @@ -1679,11 +1806,12 @@ jq '.app_state.staking.params.max_validators = 100' \ ### Slashing Parameters - - -**Description**: Thresholds and penalties for validator downtime or misbehavior. + -**Genesis Location**: `app_state.slashing.params` +| Parameter | Details | +|-----------|---------| +| **Description** | Thresholds and penalties for validator downtime or misbehavior | +| **Genesis Location** | `app_state.slashing.params` | @@ -1771,11 +1899,12 @@ jq '.app_state.slashing.params = { ### Governance Parameters - + -**Description**: Settings for on-chain governance including voting periods, quorum, and deposit requirements. - -**Genesis Location**: `app_state.gov.params` +| Parameter | Details | +|-----------|---------| +| **Description** | Settings for on-chain governance including voting periods, quorum, and deposit requirements | +| **Genesis Location** | `app_state.gov.params` | @@ -1864,11 +1993,12 @@ jq '.app_state.gov.params.expedited_voting_period = "86400s"' \ ### Mint Parameters - - -**Description**: Token inflation and minting schedule. + -**Genesis Location**: `app_state.mint.params` +| Parameter | Details | +|-----------|---------| +| **Description** | Token inflation and minting schedule | +| **Genesis Location** | `app_state.mint.params` | @@ -1917,11 +2047,12 @@ jq '.app_state.mint.params = { ### Distribution Parameters - - -**Description**: Token / reward distribution including community tax and proposer rewards. + -**Genesis Location**: `app_state.distribution.params` +| Parameter | Details | +|-----------|---------| +| **Description** | Token / reward distribution including community tax and proposer rewards | +| **Genesis Location** | `app_state.distribution.params` | @@ -1958,9 +2089,12 @@ jq '.app_state.distribution.params = { ### Initial Accounts and Validators - + -After configuring all genesis parameters, add initial accounts and collect validator gentxs. +| Overview | Details | +|----------|---------| +| **When** | After configuring all genesis parameters | +| **Purpose** | Add initial accounts and collect validator gentxs | diff --git a/docs/evm/next/documentation/getting-started/build-a-chain/runtime-and-launch.mdx b/docs/evm/next/documentation/getting-started/build-a-chain/runtime-and-launch.mdx index 6e782dbe..d45bf6c8 100644 --- a/docs/evm/next/documentation/getting-started/build-a-chain/runtime-and-launch.mdx +++ b/docs/evm/next/documentation/getting-started/build-a-chain/runtime-and-launch.mdx @@ -13,30 +13,24 @@ This guide covers runtime configuration (`app.toml`, `config.toml`) and network ## Overview -After completing genesis configuration, you need to: +Once you have your network configuation and genesis file ready, you can prepare to launch the network: 1. **Configure Runtime Settings** - Set node-specific parameters in `app.toml` and `config.toml` 2. **Distribute Genesis File** - Share the final genesis file with all validators 3. **Launch Network** - Coordinate the chain start across all validators 4. **Monitor and Maintain** - Ensure healthy network operation post-launch - -Ensure all validators have the exact same genesis file before launching. Even small differences will cause consensus failure. - - - - ## Runtime Configuration Runtime configuration is set in config files located at `~/.yourchain/config/`. These settings can be changed after genesis and are node-specific. ### Configuration Files -| File | Purpose | Can Change After Start | -|---|---|---| -| `app.toml` | Application configuration (EVM, JSON-RPC, fees) | Yes (requires restart) | -| `config.toml` | CometBFT configuration (P2P, consensus) | Yes (requires restart) | -| `client.toml` | Client configuration (chain-id, keyring) | Yes | +Three main configuration files control your node's runtime behavior: + +- **`app.toml`** - Application settings including EVM parameters, JSON-RPC server, gas prices, and API endpoints. Changes require node restart. +- **`config.toml`** - CometBFT (consensus) settings including P2P networking, consensus timeouts, and mempool configuration. Changes require node restart. +- **`client.toml`** - CLI client defaults including chain-id, keyring backend, and output preferences. Changes take effect immediately. @@ -46,11 +40,16 @@ Located at `~/.yourchain/config/app.toml`, this file controls application-level ### Minimum Gas Prices - + -**What It Is**: Node-level minimum gas price to accept transactions into mempool. - -**Section**: Root level +| Parameter | Details | +|-----------|---------| +| **Description** | Node-level minimum gas price to accept transactions into mempool | +| **File** | `app.toml` | +| **Section** | Root level | +| **Default** | `0aatom` | +| **Can Change After Launch** | Yes (requires node restart) | +| **Why Configure** | Protect against spam and ensure validators can cover operational costs | @@ -101,11 +100,16 @@ minimum-gas-prices = "0atoken" # Accept all (not for production) ### JSON-RPC Configuration - - -**What It Is**: Ethereum-compatible RPC endpoints for EVM interactions. + -**Section**: `[json-rpc]` +| Parameter | Details | +|-----------|---------| +| **Description** | Ethereum-compatible RPC endpoints for EVM interactions | +| **File** | `app.toml` | +| **Section** | `[json-rpc]` | +| **Default** | Enabled on `0.0.0.0:8545` (HTTP), `0.0.0.0:8546` (WebSocket) | +| **Can Change After Launch** | Yes (requires node restart) | +| **Why Configure** | Control API exposure, security settings, and performance limits | @@ -218,11 +222,16 @@ block-range-cap = 10000 ### EVM Configuration - + -**What It Is**: EVM module settings including chain ID, tracer, and gas limits. - -**Section**: `[evm]` +| Parameter | Details | +|-----------|---------| +| **Description** | EVM module settings including chain ID, tracer, and gas limits | +| **File** | `app.toml` | +| **Section** | `[evm]` | +| **Default** | Chain ID from config, no tracing, unlimited gas per tx | +| **Can Change After Launch** | Yes, except `evm-chain-id` (read-only, set during init) | +| **Why Configure** | Debug transactions, limit gas usage, control EVM behavior | @@ -276,11 +285,16 @@ min-tip = 0 ### EVM Mempool Configuration - - -**What It Is**: Transaction pool behavior including price limits, queue sizes, and lifetime. + -**Section**: `[evm.mempool]` +| Parameter | Details | +|-----------|---------| +| **Description** | Transaction pool behavior including price limits, queue sizes, and lifetime | +| **File** | `app.toml` | +| **Section** | `[evm.mempool]` | +| **Default** | 1 wei price limit, 5120 global slots, 3 hour lifetime | +| **Can Change After Launch** | Yes (requires node restart) | +| **Why Configure** | Optimize mempool capacity, prevent spam, manage transaction lifetime | **New in v0.5.0**: Mempool configuration is now fully exposed in `app.toml` and can be adjusted without code changes. @@ -365,11 +379,17 @@ Located at `~/.yourchain/config/config.toml`, this file controls CometBFT (conse ### Persistent Peers - + -**What It Is**: List of nodes to maintain persistent connections to. - -**Section**: `[p2p]` +| Parameter | Details | +|-----------|---------| +| **Description** | List of nodes to maintain persistent connections to | +| **File** | `config.toml` | +| **Section** | `[p2p]` | +| **Default** | Empty (no persistent peers) | +| **Default Port** | `26656` | +| **Can Change After Launch** | Yes (requires node restart) | +| **Why Configure** | Ensure validators stay connected to the network | @@ -427,11 +447,16 @@ curl localhost:26657/net_info | jq '.result.peers' ### Consensus Timeouts - - -**What It Is**: Timing parameters for consensus protocol. + -**Section**: `[consensus]` +| Parameter | Details | +|-----------|---------| +| **Description** | Timing parameters for consensus protocol | +| **File** | `config.toml` | +| **Section** | `[consensus]` | +| **Default** | 5s commit timeout (determines block time) | +| **Can Change After Launch** | Yes (requires node restart) | +| **Why Configure** | Adjust block time, optimize for network conditions | @@ -452,7 +477,7 @@ Typically you do not need to adjust these. -Faster block times for local developmen or testingt: +Faster block times for local development or testing: ```toml expandable [consensus] @@ -492,11 +517,16 @@ These are the parameters used in `./local_node.sh`. ### Prometheus Metrics - - -**What It Is**: Enable metrics collection for monitoring. + -**Section**: `[instrumentation]` +| Parameter | Details | +|-----------|---------| +| **Description** | Enable metrics collection for monitoring | +| **File** | `config.toml` | +| **Section** | `[instrumentation]` | +| **Default** | Disabled, port `26660` | +| **Can Change After Launch** | Yes (requires node restart) | +| **Why Configure** | Monitor node health, track performance metrics | ```toml [instrumentation] @@ -522,9 +552,16 @@ Located at `~/.yourchain/config/client.toml`, this file configures client behavi ### Set Client Chain ID - + -**What It Is**: Chain ID for CLI client operations. +| Parameter | Details | +|-----------|---------| +| **Description** | Chain ID for CLI client operations | +| **File** | `client.toml` | +| **Section** | Root level | +| **Default** | Empty (must be set manually) | +| **Can Change After Launch** | Yes | +| **Why Configure** | Required for node startup - must match genesis chain ID | The node reads `chain-id` from `client.toml` at startup. If this doesn't match `genesis.json`, the node will fail to start. @@ -552,7 +589,7 @@ keyring-backend = "os" # Output format output = "text" -# Node RPC address - This can be canged to a public endpoint to use the light client without syncinc the full node. +# Node RPC address - This can be changed to a public endpoint to use the light client without syncing the full node. node = "tcp://localhost:26657" # Broadcast mode @@ -567,7 +604,7 @@ After all validators have configured their nodes, coordinate the network launch. ### Pre-Launch Checklist - + @@ -602,7 +639,7 @@ After all validators have configured their nodes, coordinate the network launch. ### Distribute Genesis File - + After finalizing your genesis file, distribute it to all validators. @@ -641,7 +678,7 @@ ipfs get QmXyz123... -o ~/.yourchain/config/genesis.json ### Verify Genesis Hash - + **Critical**: All validators must verify they have the identical genesis file. @@ -687,7 +724,7 @@ jq -S -c . ~/.yourchain/config/genesis.json | shasum -a 256 ### Exchange Peer Information - + Validators need each other's peer information to connect. @@ -748,7 +785,7 @@ curl localhost:26657/net_info | jq '.result.peers' ### Coordinate Launch Time - + Set and coordinate the exact launch time across all validators. @@ -809,7 +846,7 @@ INF finalizing commit of block hash=DEF456... height=2 ### Start Validator Nodes - + After configuration and coordination, start the nodes. @@ -887,7 +924,7 @@ sudo journalctl -fu yourchain -ocat ### Verify Network Health - + After launch, verify the network is operating correctly. @@ -1122,7 +1159,7 @@ cp ~/.yourchain/config/genesis.json /secure/backup/ 1. **Restore on new hardware:** -**IMPORTANTE** +**IMPORTANT** Never run two validators with same private key simultaneously (double-sign risk). Before putting your keys onto another running node make sure there is _absolutely no chance_ of the previous one starting back up. From 0c7a77be1b38ea772de4f27b41e4bd99e49a7d31 Mon Sep 17 00:00:00 2001 From: Cordt Date: Mon, 20 Oct 2025 13:38:17 -0600 Subject: [PATCH 17/26] port 0.4>0.5 migration doc from repo, add missing notes to 0.3>0.4 migration doc --- .../migrations/migration-v0.3-to-v0.4.mdx | 91 +++++++++++++++++++ .../migrations/migration-v0.4-to-v0.5.mdx | 4 +- 2 files changed, 93 insertions(+), 2 deletions(-) diff --git a/docs/evm/next/documentation/migrations/migration-v0.3-to-v0.4.mdx b/docs/evm/next/documentation/migrations/migration-v0.3-to-v0.4.mdx index cf98a084..5ee419a3 100644 --- a/docs/evm/next/documentation/migrations/migration-v0.3-to-v0.4.mdx +++ b/docs/evm/next/documentation/migrations/migration-v0.3-to-v0.4.mdx @@ -368,6 +368,97 @@ opts := []Option{ pcs := NewAvailableStaticPrecompiles(ctx, /* ... keepers ... */, opts...) ``` +## Additional Breaking Changes (v0.3.1 → v0.4.1) + + +**Credits**: Thanks to the Mantrachain team for identifying these additional migration requirements. + + +### CallEVM Signature Change + +The `CallEVM` function now requires a `gasCap` parameter of type `*big.Int`. You can pass `nil` for default behavior. + +**Function Signature** (from `x/vm/keeper/call_evm.go:20`): +```go +func (k Keeper) CallEVM( + ctx sdk.Context, + abi abi.ABI, + from, contract common.Address, + commit bool, + gasCap *big.Int, // New parameter + method string, + args ...interface{}, +) (*types.MsgEthereumTxResponse, error) +``` + +**Migration Example** (from `x/erc20/keeper/evm.go:87`): + +```diff +// Before v0.4.x - gasCap parameter didn't exist +- res, err := k.evmKeeper.CallEVM(ctx, erc20, types.ModuleAddress, contract, false, "decimals") + +// After v0.4.x - gasCap parameter required (can be nil) ++ res, err := k.evmKeeper.CallEVM(ctx, erc20, types.ModuleAddress, contract, false, nil, "decimals") +``` + +**With Custom Gas Cap**: +```go +// If you need to specify a gas cap +import "math/big" + +gasLimit := big.NewInt(100000) +res, err := k.evmKeeper.CallEVM(ctx, abi, from, contract, false, gasLimit, "balanceOf", account) +``` + +**Real usage examples**: +- `x/erc20/keeper/evm.go:87` - decimals call +- `x/erc20/keeper/evm.go:143` - balanceOf call +- `x/ibc/callbacks/keeper/keeper.go:193` - approve call with custom gas cap + +### Test Keyring Import Path + +The test keyring package has been reorganized into its own subdirectory. + +**Import Change**: +```diff +- testkeyring "github.com/cosmos/evm/testutil" ++ testkeyring "github.com/cosmos/evm/testutil/keyring" +``` + +**Example from Tests** (from `tests/integration/precompiles/erc20/test_setup.go:10`): + +```go +package erc20 + +import ( + "github.com/stretchr/testify/suite" + + testkeyring "github.com/cosmos/evm/testutil/keyring" +) + +type PrecompileTestSuite struct { + suite.Suite + keyring testkeyring.Keyring +} + +func (s *PrecompileTestSuite) SetupTest() { + // Create keyring with 2 accounts + keyring := testkeyring.New(2) + + // Get addresses for pre-funding + options := []network.ConfigOption{ + network.WithPreFundedAccounts(keyring.GetAllAccAddrs()...), + } +} +``` + +**Available Functions** (from `testutil/keyring/keyring.go:58`): +- `New(nAccs int) Keyring` - Create keyring with n accounts +- `GetPrivKey(index int)` - Get private key +- `GetAddr(index int)` - Get Ethereum address +- `GetAccAddr(index int)` - Get Cosmos SDK address +- `GetAllAccAddrs()` - Get all SDK addresses + ## Verify before tagging - `go.mod` has no `replace` lines for `github.com/cosmos/evm` diff --git a/docs/evm/next/documentation/migrations/migration-v0.4-to-v0.5.mdx b/docs/evm/next/documentation/migrations/migration-v0.4-to-v0.5.mdx index ce4d6f67..e9a53647 100644 --- a/docs/evm/next/documentation/migrations/migration-v0.4-to-v0.5.mdx +++ b/docs/evm/next/documentation/migrations/migration-v0.4-to-v0.5.mdx @@ -324,7 +324,7 @@ Please refer to the [upgrade example](https://github.com/cosmos/evm/blob/0995962 --- -## 3) Build & quick tests +## 4) Build & quick tests ```bash go build ./... @@ -332,4 +332,4 @@ go build ./... Smoke test on a single node: - Send a few EVM txs; confirm promotion/broadcast (or your `BroadCastTxFn`). -- Send Cosmos txs; confirm ordering reflects your `CosmosPoolConfig` (if customized). \ No newline at end of file +- Send Cosmos txs; confirm ordering reflects your `CosmosPoolConfig` (if customized). From fc6e91fea1d06cbbcaff7f5af08ffd0abf2cb14f Mon Sep 17 00:00:00 2001 From: Cordt Date: Mon, 20 Oct 2025 13:38:51 -0600 Subject: [PATCH 18/26] add preliminary release notes for v0.5.0 --- docs/evm/next/changelog/release-notes.mdx | 122 ++++++++++------------ 1 file changed, 53 insertions(+), 69 deletions(-) diff --git a/docs/evm/next/changelog/release-notes.mdx b/docs/evm/next/changelog/release-notes.mdx index 8f1c091d..af39ee77 100644 --- a/docs/evm/next/changelog/release-notes.mdx +++ b/docs/evm/next/changelog/release-notes.mdx @@ -1,6 +1,7 @@ --- title: "Release Notes" -mode: "center" +description: "Release history and changelog for Cosmos EVM" +mode: "wide" --- @@ -8,80 +9,63 @@ mode: "center" For the latest development updates, see the [UNRELEASED](https://github.com/cosmos/evm/blob/main/CHANGELOG.md#unreleased) section. - -## Features + +## DEPENDENCIES -* Add comprehensive Solidity-based end-to-end tests for precompiles ([#253](https://github.com/cosmos/evm/pull/253)) -* Add 4-node localnet infrastructure for testing multi-validator setups ([#301](https://github.com/cosmos/evm/pull/301)) -* Add system test framework for integration testing ([#304](https://github.com/cosmos/evm/pull/304)) -* Add txpool RPC namespace stubs in preparation for app-side mempool implementation ([#344](https://github.com/cosmos/evm/pull/344)) -* Enforce app creator returning application implement AppWithPendingTxStream in build time. ([#440](https://github.com/cosmos/evm/pull/440)) +- [\#459](https://github.com/cosmos/evm/pull/459) Update `cosmossdk.io/log` to `v1.6.1` to support Go `v1.25.0+`. +- [\#435](https://github.com/cosmos/evm/pull/435) Update Cosmos SDK to `v0.53.4` and CometBFT to `v0.38.18`. -## Improvements +## BUG FIXES -* Enforce single EVM transaction per Cosmos transaction for security ([#294](https://github.com/cosmos/evm/pull/294)) -* Update dependencies for security and performance improvements ([#299](https://github.com/cosmos/evm/pull/299)) -* Preallocate EVM access_list for better performance ([#307](https://github.com/cosmos/evm/pull/307)) -* Fix EmitApprovalEvent to use owner address instead of precompile address ([#317](https://github.com/cosmos/evm/pull/317)) -* Fix gas cap calculation and fee rounding errors in ante handler benchmarks ([#345](https://github.com/cosmos/evm/pull/345)) -* Add loop break labels for optimization ([#347](https://github.com/cosmos/evm/pull/347)) -* Use larger CI runners for resource-intensive tests ([#370](https://github.com/cosmos/evm/pull/370)) -* Apply security audit patches ([#373](https://github.com/cosmos/evm/pull/373)) -* Apply audit-related commit 388b5c0 ([#377](https://github.com/cosmos/evm/pull/377)) -* Post-audit security fixes (batch 1) ([#382](https://github.com/cosmos/evm/pull/382)) -* Post-audit security fixes (batch 2) ([#388](https://github.com/cosmos/evm/pull/388)) -* Post-audit security fixes (batch 3) ([#389](https://github.com/cosmos/evm/pull/389)) -* Post-audit security fixes (batch 5) ([#392](https://github.com/cosmos/evm/pull/392)) -* Post-audit security fixes (batch 4) ([#398](https://github.com/cosmos/evm/pull/398)) -* Prevent nil pointer by checking error in gov precompile FromResponse. ([#442](https://github.com/cosmos/evm/pull/442)) -* (Experimental) EVM-compatible appside mempool ([#387](https://github.com/cosmos/evm/pull/387)) -* Add revert error e2e tests for contract and precompile calls ([#476](https://github.com/cosmos/evm/pull/476)) +- [\#179](https://github.com/cosmos/evm/pull/179) Fix compilation error in server/start.go +- [\#245](https://github.com/cosmos/evm/pull/245) Use PriorityMempool with signer extractor to prevent missing signers error in tx execution +- [\#289](https://github.com/cosmos/evm/pull/289) Align revert reason format with go-ethereum (return hex-encoded result) +- [\#291](https://github.com/cosmos/evm/pull/291) Use proper address codecs in precompiles for bech32/hex conversion +- [\#296](https://github.com/cosmos/evm/pull/296) Add sanity checks to trace_tx RPC endpoint +- [\#316](https://github.com/cosmos/evm/pull/316) Fix estimate gas to handle missing fields for new transaction types +- [\#330](https://github.com/cosmos/evm/pull/330) Fix error propagation in BlockHash RPCs and address test flakiness +- [\#332](https://github.com/cosmos/evm/pull/332) Fix non-determinism in state transitions +- [\#350](https://github.com/cosmos/evm/pull/350) Fix p256 precompile test flakiness +- [\#376](https://github.com/cosmos/evm/pull/376) Fix precompile initialization for local node development script +- [\#384](https://github.com/cosmos/evm/pull/384) Fix debug_traceTransaction RPC failing with block height mismatch errors +- [\#441](https://github.com/cosmos/evm/pull/441) Align precompiles map with available static check to Prague. +- [\#452](https://github.com/cosmos/evm/pull/452) Cleanup unused cancel function in filter. +- [\#454](https://github.com/cosmos/evm/pull/454) Align multi decode functions instead of string contains check in HexAddressFromBech32String. +- [\#468](https://github.com/cosmos/evm/pull/468) Add pagination flags to `token-pairs` to improve query flexibility. -## Bug Fixes +## IMPROVEMENTS -* Fix compilation error in server/start.go ([#179](https://github.com/cosmos/evm/pull/179)) -* Use PriorityMempool with signer extractor to prevent missing signers error in tx execution ([#245](https://github.com/cosmos/evm/pull/245)) -* Align revert reason format with go-ethereum (return hex-encoded result) ([#289](https://github.com/cosmos/evm/pull/289)) -* Use proper address codecs in precompiles for bech32/hex conversion ([#291](https://github.com/cosmos/evm/pull/291)) -* Add sanity checks to trace_tx RPC endpoint ([#296](https://github.com/cosmos/evm/pull/296)) -* Fix estimate gas to handle missing fields for new transaction types ([#316](https://github.com/cosmos/evm/pull/316)) -* Fix error propagation in BlockHash RPCs and address test flakiness ([#330](https://github.com/cosmos/evm/pull/330)) -* Fix non-determinism in state transitions ([#332](https://github.com/cosmos/evm/pull/332)) -* Fix p256 precompile test flakiness ([#350](https://github.com/cosmos/evm/pull/350)) -* Fix precompile initialization for local node development script ([#376](https://github.com/cosmos/evm/pull/376)) -* Fix debug_traceTransaction RPC failing with block height mismatch errors ([#384](https://github.com/cosmos/evm/pull/384)) -* Align precompiles map with available static check to Prague. ([#441](https://github.com/cosmos/evm/pull/441)) -* Cleanup unused cancel function in filter. ([#452](https://github.com/cosmos/evm/pull/452)) -* Align multi decode functions instead of string contains check in HexAddressFromBech32String. ([#454](https://github.com/cosmos/evm/pull/454)) -* Add pagination flags to `token-pairs` to improve query flexibility. ([#468](https://github.com/cosmos/evm/pull/468)) +- [\#294](https://github.com/cosmos/evm/pull/294) Enforce single EVM transaction per Cosmos transaction for security +- [\#299](https://github.com/cosmos/evm/pull/299) Update dependencies for security and performance improvements +- [\#307](https://github.com/cosmos/evm/pull/307) Preallocate EVM access_list for better performance +- [\#317](https://github.com/cosmos/evm/pull/317) Fix EmitApprovalEvent to use owner address instead of precompile address +- [\#345](https://github.com/cosmos/evm/pull/345) Fix gas cap calculation and fee rounding errors in ante handler benchmarks +- [\#347](https://github.com/cosmos/evm/pull/347) Add loop break labels for optimization +- [\#370](https://github.com/cosmos/evm/pull/370) Use larger CI runners for resource-intensive tests +- [\#373](https://github.com/cosmos/evm/pull/373) Apply security audit patches +- [\#377](https://github.com/cosmos/evm/pull/377) Apply audit-related commit 388b5c0 +- [\#382](https://github.com/cosmos/evm/pull/382) Post-audit security fixes (batch 1) +- [\#388](https://github.com/cosmos/evm/pull/388) Post-audit security fixes (batch 2) +- [\#389](https://github.com/cosmos/evm/pull/389) Post-audit security fixes (batch 3) +- [\#392](https://github.com/cosmos/evm/pull/392) Post-audit security fixes (batch 5) +- [\#398](https://github.com/cosmos/evm/pull/398) Post-audit security fixes (batch 4) +- [\#442](https://github.com/cosmos/evm/pull/442) Prevent nil pointer by checking error in gov precompile FromResponse. +- [\#387](https://github.com/cosmos/evm/pull/387) (Experimental) EVM-compatible appside mempool +- [\#476](https://github.com/cosmos/evm/pull/476) Add revert error e2e tests for contract and precompile calls +- [\#599](https://github.com/cosmos/evm/pull/599) Align jsonrpc apis with geth v1.16.3 -## Dependencies +## FEATURES -* Update `cosmossdk.io/log` to `v1.6.1` to support Go `v1.25.0+`. ([#459](https://github.com/cosmos/evm/pull/459)) -* Update Cosmos SDK to `v0.53.4` and CometBFT to `v0.38.18`. ([#435](https://github.com/cosmos/evm/pull/435)) +- [\#253](https://github.com/cosmos/evm/pull/253) Add comprehensive Solidity-based end-to-end tests for precompiles +- [\#301](https://github.com/cosmos/evm/pull/301) Add 4-node localnet infrastructure for testing multi-validator setups +- [\#304](https://github.com/cosmos/evm/pull/304) Add system test framework for integration testing +- [\#344](https://github.com/cosmos/evm/pull/344) Add txpool RPC namespace stubs in preparation for app-side mempool implementation +- [\#440](https://github.com/cosmos/evm/pull/440) Enforce app creator returning application implement AppWithPendingTxStream in build time. -## API Breaking +## API-BREAKING -* Remove non–go-ethereum JSON-RPC methods to align with Geth’s surface ([#456](https://github.com/cosmos/evm/pull/456)) -* Move `ante` logic from the `evmd` Go package to the `evm` package to ([#443](https://github.com/cosmos/evm/pull/443)) -* Align function and package names for consistency. ([#422](https://github.com/cosmos/evm/pull/422)) -* Remove evidence precompile due to lack of use cases ([#305](https://github.com/cosmos/evm/pull/305)) - -## API Breaking - -* Remove non–go-ethereum JSON-RPC methods to align with Geth’s surface ([#456](https://github.com/cosmos/evm/pull/456)) -* Move `ante` logic from the `evmd` Go package to the `evm` package to ([#443](https://github.com/cosmos/evm/pull/443)) -* Align function and package names for consistency. ([#422](https://github.com/cosmos/evm/pull/422)) -* Remove evidence precompile due to lack of use cases ([#305](https://github.com/cosmos/evm/pull/305)) - - ---- - - - - See the complete changelog on GitHub - - - Report bugs or request features - - +- [\#456](https://github.com/cosmos/evm/pull/456) Remove non–go-ethereum JSON-RPC methods to align with Geth’s surface +- [\#443](https://github.com/cosmos/evm/pull/443) Move `ante` logic from the `evmd` Go package to the `evm` package to +- [\#422](https://github.com/cosmos/evm/pull/422) Align function and package names for consistency. +- [\#305](https://github.com/cosmos/evm/pull/305) Remove evidence precompile due to lack of use cases + \ No newline at end of file From b1e0221755e15a3421fce94ea7b6fd07b9244bb5 Mon Sep 17 00:00:00 2001 From: Cordt Date: Mon, 20 Oct 2025 13:39:21 -0600 Subject: [PATCH 19/26] update other release notes -- unrelated --- docs/ibc/next/changelog/release-notes.mdx | 512 ---------------------- docs/ibc/next/index.mdx | 36 ++ docs/ibc/v0.2.0/index.mdx | 35 ++ 3 files changed, 71 insertions(+), 512 deletions(-) delete mode 100644 docs/ibc/next/changelog/release-notes.mdx create mode 100644 docs/ibc/next/index.mdx create mode 100644 docs/ibc/v0.2.0/index.mdx diff --git a/docs/ibc/next/changelog/release-notes.mdx b/docs/ibc/next/changelog/release-notes.mdx deleted file mode 100644 index 3f07f85a..00000000 --- a/docs/ibc/next/changelog/release-notes.mdx +++ /dev/null @@ -1,512 +0,0 @@ ---- -title: "Release Notes" -description: "Cosmos IBC release notes and changelog" -mode: "center" ---- - - -{/* -Guiding Principles: -- Changelogs are for humans, not machines. -- There should be an entry for every single version. -- The same types of changes should be grouped. -- Versions and sections should be linkable. -- The latest version comes first. -- The release date of each version is displayed. -- Mention whether you follow Semantic Versioning. - -Usage: -- Change log entries are to be added to the Unreleased section under the - appropriate stanza (see below). Each entry should ideally include a tag and - the Github issue reference in the following format: -- * () \# message -- The issue numbers will later be link-ified during the release process so you do - not have to worry about including a link manually, but you can if you wish. - -Types of changes (Stanzas): -- "Features" for new features. -- "Improvements" for changes in existing functionality. -- "Deprecated" for soon-to-be removed features. -- "Bug Fixes" for any bug fixes. -- "Client Breaking" for breaking CLI commands and REST routes used by end-users. -- "API Breaking" for breaking exported APIs used by developers building on SDK. -- "State Machine Breaking" for any changes that result in a different AppState given the same genesisState and txList. - -Ref: https://keepachangelog.com/en/1.0.0/ -*/} - -# Changelog - - ## [v10.3.0](https://github.com/cosmos/ibc-go/releases/tag/v10.3.0) - 2025-06-06 - - ### Features - - ### Dependencies - - * [\#8369](https://github.com/cosmos/ibc-go/pull/8369) Bump **github.com/CosmWasm/wasmvm** to **2.2.4** - - * [\#8369](https://github.com/cosmos/ibc-go/pull/8369) Bump **github.com/ethereum/go-ethereum** to **1.15.11** - - ### API Breaking - - ### State Machine Breaking - - ### Improvements - - * (core/api) [\#8303](https://github.com/cosmos/ibc-go/pull/8303) Prefix-based routing in IBCv2 Router - - - (apps/callbacks) [\#8353](https://github.com/cosmos/ibc-go/pull/8353) Add field in callbacks data for custom calldata - - ### Bug Fixes - - ### Testing API - - * [\#8371](https://github.com/cosmos/ibc-go/pull/8371) e2e: Create only necessary number of chains for e2e suite. - - * [\#8375](https://github.com/cosmos/ibc-go/pull/8375) feat: parse IBC v2 packets from ABCI events - - ## [v10.2.0](https://github.com/cosmos/ibc-go/releases/tag/v10.2.0) - 2025-04-30 - - ### Features - - * (light-clients/07-tendermint) [\#8185](https://github.com/cosmos/ibc-go/pull/8185) Allow scaling of trusting period for client upgrades - - ### Dependencies - - * [\#8254](https://github.com/cosmos/ibc-go/pull/8254) Bump **github.com/cosmos/cosmos-sdk** to **0.53.0** - - * [\#8326](https://github.com/cosmos/ibc-go/pull/8329) Bump **cosmossdk.io/x/upgrade** to **0.2.0** - - * [\#8326](https://github.com/cosmos/ibc-go/pull/8326) Bump **cosmossdk.io/api** to **0.9.2** - - * [\#8293](https://github.com/cosmos/ibc-go/pull/8293) Bump **cosmossdk.io/math** to **1.5.3** - - * [\#8254](https://github.com/cosmos/ibc-go/pull/8254) Bump **cosmossdk.io/core** to **0.11.3** - - * [\#8254](https://github.com/cosmos/ibc-go/pull/8254) Bump **cosmossdk.io/store** to **1.1.2** - - * [\#8254](https://github.com/cosmos/ibc-go/pull/8254) Bump **cosmossdk.io/x/tx** to **0.14.0** - - * [\#8253](https://github.com/cosmos/ibc-go/pull/8253) Bump **cosmossdk.io/errors** to **1.0.2** - - * [\#8253](https://github.com/cosmos/ibc-go/pull/8253) Bump **cosmossdk.io/log** to **1.5.1** - - * [\#8253](https://github.com/cosmos/ibc-go/pull/8253) Bump **github.com/cometbft/cometbft** to **0.38.17** - - * [\#8264](https://github.com/cosmos/ibc-go/pull/8264) Bump **github.com/prysmaticlabs/prysm** to **v5.3.0** - - ### Bug Fixes - - * [\#8287](https://github.com/cosmos/ibc-go/pull/8287) rename total_escrow REST query from `denoms` to `total_escrow` - - ## [v10.1.0](https://github.com/cosmos/ibc-go/releases/tag/v10.1.0) - 2025-03-14 - - ### Security Fixes - - * Fix [ISA-2025-001](https://github.com/cosmos/ibc-go/security/advisories/GHSA-4wf3-5qj9-368v) security vulnerability. - - * Fix [ASA-2025-004](https://github.com/cosmos/ibc-go/security/advisories/GHSA-jg6f-48ff-5xrw) security vulnerability. - - ### Features - - * (core) [\#7505](https://github.com/cosmos/ibc-go/pull/7505) Add IBC Eureka (IBC v2) implementation, enabling more efficient IBC packet handling without channel dependencies, bringing significant performance improvements. - - * (apps/transfer) [\#7650](https://github.com/cosmos/ibc-go/pull/7650) Add support for transfer of entire balance for vesting accounts. - - * (apps/wasm) [\#5079](https://github.com/cosmos/ibc-go/pull/5079) 08-wasm light client proxy module for wasm clients by. - - * (core/02-client) [\#7936](https://github.com/cosmos/ibc-go/pull/7936) Clientv2 module. - - * (core/04-channel) [\#7933](https://github.com/cosmos/ibc-go/pull/7933) Channel-v2 genesis. - - * (core/04-channel, core/api) [\#7934](https://github.com/cosmos/ibc-go/pull/7934) - Callbacks Eureka. - - * (light-clients/09-localhost) [\#6683](https://github.com/cosmos/ibc-go/pull/6683) Make 09-localhost stateless. - - * (core, app) [\#6902](https://github.com/cosmos/ibc-go/pull/6902) Add channel version to core app callbacks. - - ### Dependencies - - * [\#8181](https://github.com/cosmos/ibc-go/pull/8181) Bump **github.com/cosmos/cosmos-sdk** to **0.50.13** - - * [\#7932](https://github.com/cosmos/ibc-go/pull/7932) Bump **go** to **1.23** - - * [\#7330](https://github.com/cosmos/ibc-go/pull/7330) Bump **cosmossdk.io/api** to **0.7.6** - - * [\#6828](https://github.com/cosmos/ibc-go/pull/6828) Bump **cosmossdk.io/core** to **0.11.1** - - * [\#7182](https://github.com/cosmos/ibc-go/pull/7182) Bump **cosmossdk.io/log** to **1.4.1** - - * [\#7264](https://github.com/cosmos/ibc-go/pull/7264) Bump **cosmossdk.io/store** to **1.1.1** - - * [\#7585](https://github.com/cosmos/ibc-go/pull/7585) Bump **cosmossdk.io/math** to **1.4.0** - - * [\#7540](https://github.com/cosmos/ibc-go/pull/7540) Bump **github.com/cometbft/cometbft** to **0.38.15** - - * [\#6828](https://github.com/cosmos/ibc-go/pull/6828) Bump **cosmossdk.io/x/upgrade** to **0.1.4** - - * [\#8124](https://github.com/cosmos/ibc-go/pull/8124) Bump **cosmossdk.io/x/tx** to **0.13.7** - - * [\#7942](https://github.com/cosmos/ibc-go/pull/7942) Bump **github.com/cosmos/cosmos-db** to **1.1.1** - - * [\#7224](https://github.com/cosmos/ibc-go/pull/7224) Bump **github.com/cosmos/ics23/go** to **0.11.0** - - ### API Breaking - - * (core, apps) [\#7213](https://github.com/cosmos/ibc-go/pull/7213) Remove capabilities from `SendPacket`. - - * (core, apps) [\#7225](https://github.com/cosmos/ibc-go/pull/7225) Remove capabilities from `WriteAcknowledgement`. - - * (core, apps) [\#7232](https://github.com/cosmos/ibc-go/pull/7232) Remove capabilities from channel handshake methods. - - * (core, apps) [\#7270](https://github.com/cosmos/ibc-go/pull/7270) Remove remaining dependencies on capability module. - - * (core, apps) [\#4811](https://github.com/cosmos/ibc-go/pull/4811) Use expected interface for legacy params subspace - - * (core/04-channel) [\#7239](https://github.com/cosmos/ibc-go/pull/7239) Removed function `LookupModuleByChannel` - - * (core/05-port) [\#7252](https://github.com/cosmos/ibc-go/pull/7252) Removed function `LookupModuleByPort` - - * (core/24-host) [\#7239](https://github.com/cosmos/ibc-go/pull/7239) Removed function `ChannelCapabilityPath` - - * (apps/27-interchain-accounts) [\#7239](https://github.com/cosmos/ibc-go/pull/7239) The following functions have been removed: `AuthenticateCapability`, `ClaimCapability` - - * (apps/27-interchain-accounts) [\#7961](https://github.com/cosmos/ibc-go/pull/7961) Removed `absolute-timeouts` flag from `send-tx` in the ICA CLI. - - * (apps/transfer) [\#7239](https://github.com/cosmos/ibc-go/pull/7239) The following functions have been removed: `BindPort`, `AuthenticateCapability`, `ClaimCapability` - - * (capability) [\#7279](https://github.com/cosmos/ibc-go/pull/7279) The module `capability` has been removed. - - * (testing) [\#7305](https://github.com/cosmos/ibc-go/pull/7305) Added `TrustedValidators` map to `TestChain`. This removes the dependency on the `x/staking` module for retrieving trusted validator sets at a given height, and removes the `GetTrustedValidators` method from the `TestChain` struct. - - * (23-commitment) [\#7486](https://github.com/cosmos/ibc-go/pull/7486) Remove unimplemented `BatchVerifyMembership` and `BatchVerifyNonMembership` functions - - * (core/02-client, light-clients) [\#5806](https://github.com/cosmos/ibc-go/pull/5806) Decouple light client routing from their encoding structure. - - * (core/04-channel) [\#5991](https://github.com/cosmos/ibc-go/pull/5991) The client CLI `QueryLatestConsensusState` has been removed. - - * (light-clients/06-solomachine) [\#6037](https://github.com/cosmos/ibc-go/pull/6037) Remove `Initialize` function from `ClientState` and move logic to `Initialize` function of `LightClientModule`. - - * (light-clients/06-solomachine) [\#6230](https://github.com/cosmos/ibc-go/pull/6230) Remove `GetTimestampAtHeight`, `Status` and `UpdateStateOnMisbehaviour` functions from `ClientState` and move logic to functions of `LightClientModule`. - - * (core/02-client) [\#6084](https://github.com/cosmos/ibc-go/pull/6084) Removed `stakingKeeper` as an argument to `NewKeeper` and replaced with a `ConsensusHost` implementation. - - * (testing) [\#6070](https://github.com/cosmos/ibc-go/pull/6070) Remove `AssertEventsLegacy` function. - - * (core) [\#6138](https://github.com/cosmos/ibc-go/pull/6138) Remove `Router` reference from IBC core keeper and use instead the router on the existing `PortKeeper` reference. - - * (core/04-channel) [\#6023](https://github.com/cosmos/ibc-go/pull/6023) Remove emission of non-hexlified event attributes `packet_data` and `packet_ack`. - - * (core) [\#6320](https://github.com/cosmos/ibc-go/pull/6320) Remove unnecessary `Proof` interface from `exported` package. - - * (core/05-port) [\#6341](https://github.com/cosmos/ibc-go/pull/6341) Modify `UnmarshalPacketData` interface to take in the context, portID, and channelID. This allows for packet data's to be unmarshaled based on the channel version. - - * (apps/27-interchain-accounts) [\#6433](https://github.com/cosmos/ibc-go/pull/6433) Use UNORDERED as the default ordering for new ICA channels. - - * (apps/transfer) [\#6440](https://github.com/cosmos/ibc-go/pull/6440) Remove `GetPrefixedDenom`. - - * (apps/transfer) [\#6508](https://github.com/cosmos/ibc-go/pull/6508) Remove the `DenomTrace` type. - - * (apps/27-interchain-accounts) [\#6598](https://github.com/cosmos/ibc-go/pull/6598) Mark the `requests` repeated field of `MsgModuleQuerySafe` non-nullable. - - * (23-commmitment) [\#6644](https://github.com/cosmos/ibc-go/pull/6644) Introduce `commitment.v2.MerklePath` to include `repeated bytes` in favour of `repeated string`. This supports using merkle path keys which include non UTF-8 encoded runes. - - * (23-commmitment) [\#6870](https://github.com/cosmos/ibc-go/pull/6870) Remove `commitment.v1.MerklePath` in favour of `commitment.v2.MerklePath`. - - * (apps/27-interchain-accounts) [\#6749](https://github.com/cosmos/ibc-go/pull/6749) The ICA controller `NewIBCMiddleware` constructor function sets by default the auth module to nil. - - * (core, core/02-client) [\#6763](https://github.com/cosmos/ibc-go/pull/6763) Move prometheus metric labels for 02-client and core into a separate `metrics` package on core. - - * (core/02-client) [\#6777](https://github.com/cosmos/ibc-go/pull/6777) The `NewClientProposalHandler` of `02-client` has been removed. - - * (core/types) [\#6794](https://github.com/cosmos/ibc-go/pull/6794) The composite interface `QueryServer` has been removed from package `core/types`. Please use the granular `QueryServer` interfaces provided by each core submodule. - - * (light-clients/06-solomachine) [\#6888](https://github.com/cosmos/ibc-go/pull/6888) Remove `TypeClientMisbehaviour` constant and the `Type` method on `Misbehaviour`. - - * (light-clients/06-solomachine, light-clients/07-tendermint) [\#6891](https://github.com/cosmos/ibc-go/pull/6891) The `VerifyMembership` and `VerifyNonMembership` functions of solomachine's `ClientState` have been made private. The `VerifyMembership`, `VerifyNonMembership`, `GetTimestampAtHeight`, `Status` and `Initialize` functions of tendermint's `ClientState` have been made private. - - * (core/04-channel) [\#6902](https://github.com/cosmos/ibc-go/pull/6902) Add channel version to core application callbacks. - - * (core/03-connection, core/02-client) [\#6937](https://github.com/cosmos/ibc-go/pull/6937) Remove 'ConsensusHost' interface, also removing self client and consensus state validation in the connection handshake. - - * (core/24-host) [\#6882](https://github.com/cosmos/ibc-go/issues/6882) All functions ending in `Path` have been removed from 24-host in favour of their sybling functions ending in `Key`. - - * (23-commmitment) [\#6633](https://github.com/cosmos/ibc-go/pull/6633) MerklePath has been changed to use `repeated bytes` in favour of `repeated strings`. - - * (23-commmitment) [\#6644](https://github.com/cosmos/ibc-go/pull/6644) Introduce `commitment.v2.MerklePath` to include `repeated bytes` in favour of `repeated string`. This supports using merkle path keys which include non UTF-8 encoded runes. - - * (23-commmitment) [\#6870](https://github.com/cosmos/ibc-go/pull/6870) Remove `commitment.v1.MerklePath` in favour of `commitment.v2.MerklePath`. - - * [\#6923](https://github.com/cosmos/ibc-go/pull/6923) The JSON msg API for `VerifyMembershipMsg` and `VerifyNonMembershipMsg` payloads for client contract `SudoMsg` has been updated. The field `path` has been changed to `merkle_path`. This change requires updates to 08-wasm client contracts for integration. - - * (apps/callbacks) [\#7000](https://github.com/cosmos/ibc-go/pull/7000) Add base application version to contract keeper callbacks. - - * (light-clients/08-wasm) [\#5154](https://github.com/cosmos/ibc-go/pull/5154) Use bytes in wasm contract api instead of wrapped. - - * (core, core/08-wasm) [\#5397](https://github.com/cosmos/ibc-go/pull/5397) Add coordinator Setup functions to the Path type. - - * (core/05-port) [\#6341](https://github.com/cosmos/ibc-go/pull/6341) Modify `UnmarshalPacketData` interface to take in the context, portID, and channelID. This allows for packet data's to be unmarshaled based on the channel version. - - * (core/02-client) [\#6863](https://github.com/cosmos/ibc-go/pull/6863) remove ClientStoreProvider interface in favour of concrete type. - - * (core/05-port) [\#6988](https://github.com/cosmos/ibc-go/pull/6988) Modify `UnmarshalPacketData` interface to return the underlying application version. - - * (apps/27-interchain-accounts) [\#7053](https://github.com/cosmos/ibc-go/pull/7053) Remove ICS27 channel capability migration introduced in v6. - - * (apps/27-interchain-accounts) [\#8002](https://github.com/cosmos/ibc-go/issues/8002) Remove ICS-29: fee middleware. - - * (core/04-channel) [\#8053](https://github.com/cosmos/ibc-go/issues/8053) Remove channel upgradability. - - ### State Machine Breaking - - * (light-clients/06-solomachine) [\#6313](https://github.com/cosmos/ibc-go/pull/6313) Fix: No-op to avoid panicking on `UpdateState` for invalid misbehaviour submissions. - - * (apps/callbacks) [\#8014](https://github.com/cosmos/ibc-go/pull/8014) Callbacks will now return an error acknowledgement if the recvPacket callback fails. This reverts all app callback changes whereas before we only reverted the callback changes. We also error on all callbacks if the callback data is set but malformed whereas before we ignored the error and continued processing. - - * (apps/callbacks) [\#5349](https://github.com/cosmos/ibc-go/pull/5349) Check if clients params are duplicates. - - * (apps/transfer) [\#6268](https://github.com/cosmos/ibc-go/pull/6268) Use memo strings instead of JSON keys in `AllowedPacketData` of transfer authorization. - - * (light-clients/07-tendermint) Fix: No-op to avoid panicking on `UpdateState` for invalid misbehaviour submissions. - - * (light-clients/06-solomachine) [\#6313](https://github.com/cosmos/ibc-go/pull/6313) Fix: No-op to avoid panicking on `UpdateState` for invalid misbehaviour submissions. - - ### Improvements - - * (testing)[\#7430](https://github.com/cosmos/ibc-go/pull/7430) Update the block proposer in test chains for each block. - - * (apps/27-interchain-accounts) [\#5533](https://github.com/cosmos/ibc-go/pull/5533) ICA host sets the host connection ID on `OnChanOpenTry`, so that ICA controller implementations are not obliged to set the value on `OnChanOpenInit` if they are not able. - - * (core/02-client, core/03-connection, apps/27-interchain-accounts) [\#6256](https://github.com/cosmos/ibc-go/pull/6256) Add length checking of array fields in messages. - - * (light-clients/08-wasm) [\#5146](https://github.com/cosmos/ibc-go/pull/5146) Use global wasm VM instead of keeping an additional reference in keeper. - - * (core/04-channels) [\#7935](https://github.com/cosmos/ibc-go/pull/7935) Limit payload size for both v1 and v2 packet. - - * (core/runtime) [\#7601](https://github.com/cosmos/ibc-go/pull/7601) - IBC core runtime env. - - * (core/08-wasm) [\#5294](https://github.com/cosmos/ibc-go/pull/5294) Don't panic during any store operations. - - * (apps) [\#5305](https://github.com/cosmos/ibc-go/pull/5305)- Remove GetSigners from `sdk.Msg` implementations. - - * (apps) [\#/5778](https://github.com/cosmos/ibc-go/pull/5778) Use json for marshalling/unmarshalling transfer packet data. - - * (core/08-wasm) [\#5785](https://github.com/cosmos/ibc-go/pull/5785) Allow module safe queries in ICA. - - * (core/ante) [\#6278](https://github.com/cosmos/ibc-go/pull/6278) Performance: Exclude pruning from tendermint client updates in ante handler executions. - - * (core/ante) [\#6302](https://github.com/cosmos/ibc-go/pull/6302) Performance: Skip app callbacks during RecvPacket execution in checkTx within the redundant relay ante handler. - - * (core/ante) [\#6280](https://github.com/cosmos/ibc-go/pull/6280) Performance: Skip redundant proof checking in RecvPacket execution in reCheckTx within the redundant relay ante handler. - - * [\#6716](https://github.com/cosmos/ibc-go/pull/6716) Add `HasModule` to capability keeper to allow checking if a scoped module already exists. - - ### Bug Fixes - - * (apps/27-interchain-accounts) [\#7277](https://github.com/cosmos/ibc-go/pull/7277) Use `GogoResolver` when populating module query safe allow list to avoid panics from unresolvable protobuf dependencies. - - * (core/04-channel) [\#7342](https://github.com/cosmos/ibc-go/pull/7342) Read Tx cmd flags including from address to avoid Address cannot be empty error when upgrade-channels via cli. - - * (core/03-connection) [\#7397](https://github.com/cosmos/ibc-go/pull/7397) Skip the genesis validation connectionID for localhost client. - - * (apps/27-interchain-accounts) [\#6377](https://github.com/cosmos/ibc-go/pull/6377) Generate ICA simtest proposals only for provided keepers. - - ### Testing API - - * [\#7688](https://github.com/cosmos/ibc-go/pull/7688) Added `SendMsgsWithSender` to `TestChain`. - - * [\#7430](https://github.com/cosmos/ibc-go/pull/7430) Update block proposer in testing - - * [\#5493](https://github.com/cosmos/ibc-go/pull/5493) Add IBCClientHeader func for endpoint and update tests - - * [\#6685](https://github.com/cosmos/ibc-go/pull/6685) Configure relayers to watch only channels associated with an individual test - - * [\#6758](https://github.com/cosmos/ibc-go/pull/6758) Tokens are successfully forwarded from A to C through B - - ## [v8.5.0](https://github.com/cosmos/ibc-go/releases/tag/v8.5.0) - 2024-08-30 - - ### Dependencies - - * [\#6828](https://github.com/cosmos/ibc-go/pull/6828) Bump Cosmos SDK to v0.50.9. - - * [\#7222](https://github.com/cosmos/ibc-go/pull/7221) Update ics23 to v0.11.0. - - ### State Machine Breaking - - * (core/03-connection) [\#7129](https://github.com/cosmos/ibc-go/pull/7129) Remove verification of self client and consensus state from connection handshake. - - ## [v8.4.0](https://github.com/cosmos/ibc-go/releases/tag/v8.4.0) - 2024-07-29 - - ### Improvements - - * (core/04-channel) [\#6871](https://github.com/cosmos/ibc-go/pull/6871) Add channel ordering to write acknowledgement event. - - ### Features - - * (apps/transfer) [\#6877](https://github.com/cosmos/ibc-go/pull/6877) Added the possibility to transfer the entire user balance of a particular denomination by using [`UnboundedSpendLimit`](https://github.com/cosmos/ibc-go/blob/beb2d93b58835ddb9ed8e7624988f1e66b849251/modules/apps/transfer/types/token.go#L56-L58) as the token amount. - - ### Bug Fixes - - * (core/04-channel) [\#6935](https://github.com/cosmos/ibc-go/pull/6935) Check upgrade compatibility in `ChanUpgradeConfirm`. - - ## [v8.3.2](https://github.com/cosmos/ibc-go/releases/tag/v8.3.2) - 2024-06-20 - - ### Dependencies - - * [\#6614](https://github.com/cosmos/ibc-go/pull/6614) Bump Cosmos SDK to v0.50.7. - - ### Improvements - - * (apps/27-interchain-accounts) [\#6436](https://github.com/cosmos/ibc-go/pull/6436) Refactor ICA host keeper instantiation method to avoid panic related to proto files. - - ## [v8.3.1](https://github.com/cosmos/ibc-go/releases/tag/v8.3.1) - 2024-05-22 - - ### Improvements - - * (core/ante) [\#6302](https://github.com/cosmos/ibc-go/pull/6302) Performance: Skip app callbacks during RecvPacket execution in checkTx within the redundant relay ante handler. - - * (core/ante) [\#6280](https://github.com/cosmos/ibc-go/pull/6280) Performance: Skip redundant proof checking in RecvPacket execution in reCheckTx within the redundant relay ante handler. - - * (core/ante) [\#6306](https://github.com/cosmos/ibc-go/pull/6306) Performance: Skip misbehaviour checks in UpdateClient flow and skip signature checks in reCheckTx mode. - - ## [v8.3.0](https://github.com/cosmos/ibc-go/releases/tag/v8.3.0) - 2024-05-16 - - ### Dependencies - - * [\#6300](https://github.com/cosmos/ibc-go/pull/6300) Bump Cosmos SDK to v0.50.6 and CometBFT to v0.38.7. - - ### State Machine Breaking - - * (light-clients/07-tendermint) [\#6276](https://github.com/cosmos/ibc-go/pull/6276) Fix: No-op to avoid panicking on `UpdateState` for invalid misbehaviour submissions. - - ### Improvements - - * (apps/27-interchain-accounts, apps/transfer, apps/29-fee) [\#6253](https://github.com/cosmos/ibc-go/pull/6253) Allow channel handshake to succeed if fee middleware is wired up on one side, but not the other. - - * (apps/27-interchain-accounts) [\#6251](https://github.com/cosmos/ibc-go/pull/6251) Use `UNORDERED` as the default ordering for new ICA channels. - - * (apps/transfer) [\#6268](https://github.com/cosmos/ibc-go/pull/6268) Use memo strings instead of JSON keys in `AllowedPacketData` of transfer authorization. - - * (core/ante) [\#6278](https://github.com/cosmos/ibc-go/pull/6278) Performance: Exclude pruning from tendermint client updates in ante handler executions. - - * (core/ante) [\#6302](https://github.com/cosmos/ibc-go/pull/6302) Performance: Skip app callbacks during RecvPacket execution in checkTx within the redundant relay ante handler. - - * (core/ante) [\#6280](https://github.com/cosmos/ibc-go/pull/6280) Performance: Skip redundant proof checking in RecvPacket execution in reCheckTx within the redundant relay ante handler. - - ### Features - - * (core) [\#6055](https://github.com/cosmos/ibc-go/pull/6055) Introduce a new interface `ConsensusHost` used to validate an IBC `ClientState` and `ConsensusState` against the host chain's underlying consensus parameters. - - * (core/02-client) [\#5821](https://github.com/cosmos/ibc-go/pull/5821) Add rpc `VerifyMembershipProof` (querier approach for conditional clients). - - * (core/04-channel) [\#5788](https://github.com/cosmos/ibc-go/pull/5788) Add `NewErrorAcknowledgementWithCodespace` to allow codespaces in ack errors. - - * (apps/27-interchain-accounts) [\#5785](https://github.com/cosmos/ibc-go/pull/5785) Introduce a new tx message that ICA host submodule can use to query the chain (only those marked with `module_query_safe`) and write the responses to the acknowledgement. - - ### Bug Fixes - - * (apps/27-interchain-accounts) [\#6167](https://github.com/cosmos/ibc-go/pull/6167) Fixed an edge case bug where migrating params for a pre-existing ica module which implemented controller functionality only could panic when migrating params for newly added host, and align controller param migration with host. - - * (app/29-fee) [\#6255](https://github.com/cosmos/ibc-go/pull/6255) Delete refunded fees from state if some fee(s) cannot be refunded on channel closure. - - ## [v8.2.0](https://github.com/cosmos/ibc-go/releases/tag/v8.2.0) - 2024-04-05 - - ### Dependencies - - * [\#5975](https://github.com/cosmos/ibc-go/pull/5975) Bump Cosmos SDK to v0.50.5. - - ### Improvements - - * (proto) [\#5987](https://github.com/cosmos/ibc-go/pull/5987) Add wasm proto files. - - ## [v8.1.0](https://github.com/cosmos/ibc-go/releases/tag/v8.1.0) - 2024-01-31 - - ### Dependencies - - * [\#5663](https://github.com/cosmos/ibc-go/pull/5663) Bump Cosmos SDK to v0.50.3 and CometBFT to v0.38.2. - - ### State Machine Breaking - - * (apps/27-interchain-accounts) [\#5442](https://github.com/cosmos/ibc-go/pull/5442) Increase the maximum allowed length for the memo field of `InterchainAccountPacketData`. - - ### Improvements - - * (core/02-client) [\#5429](https://github.com/cosmos/ibc-go/pull/5429) Add wildcard `"*"` to allow all clients in `AllowedClients` param. - - * (core) [\#5541](https://github.com/cosmos/ibc-go/pull/5541) Enable emission of events on erroneous IBC application callbacks by appending a prefix to all event type and attribute keys. - - ### Features - - * (core/04-channel) [\#1613](https://github.com/cosmos/ibc-go/pull/1613) Channel upgradability. - - * (apps/transfer) [\#5280](https://github.com/cosmos/ibc-go/pull/5280) Add list of allowed packet data keys to `Allocation` of `TransferAuthorization`. - - * (apps/27-interchain-accounts) [\#5633](https://github.com/cosmos/ibc-go/pull/5633) Allow setting new and upgrading existing ICA (ordered) channels to use unordered ordering. - - ### Bug Fixes - - * (apps/27-interchain-accounts) [\#5343](https://github.com/cosmos/ibc-go/pull/5343) Add check if controller is enabled in `sendTx` before sending packet to host. - - * (apps/29-fee) [\#5441](https://github.com/cosmos/ibc-go/pull/5441) Allow setting the relayer address as payee. - - ## [v8.0.1](https://github.com/cosmos/ibc-go/releases/tag/v8.0.1) - 2024-01-31 - - ### Dependencies - - * [\#5718](https://github.com/cosmos/ibc-go/pull/5718) Update Cosmos SDK to v0.50.3 and CometBFT to v0.38.2. - - ### Improvements - - * (core) [\#5541](https://github.com/cosmos/ibc-go/pull/5541) Enable emission of events on erroneous IBC application callbacks by appending a prefix to all event type and attribute keys. - - ## [v8.0.0](https://github.com/cosmos/ibc-go/releases/tag/v8.0.0) - 2023-11-10 - - ### Dependencies - - * [\#5038](https://github.com/cosmos/ibc-go/pull/5038) Bump SDK v0.50.1 and cometBFT v0.38. - - * [\#4398](https://github.com/cosmos/ibc-go/pull/4398) Update all modules to go 1.21. - - ### API Breaking - - * (core) [\#4703](https://github.com/cosmos/ibc-go/pull/4703) Make `PortKeeper` field of `IBCKeeper` a pointer. - - * (core/23-commitment) [\#4459](https://github.com/cosmos/ibc-go/pull/4459) Remove `Pretty` and `String` custom implementations of `MerklePath`. - - * [\#3205](https://github.com/cosmos/ibc-go/pull/3205) Make event emission functions unexported. - - * (apps/27-interchain-accounts, apps/transfer) [\#3253](https://github.com/cosmos/ibc-go/pull/3253) Rename `IsBound` to `HasCapability`. - - * (apps/27-interchain-accounts, apps/transfer) [\#3303](https://github.com/cosmos/ibc-go/pull/3303) Make `HasCapability` private. - - * [\#3303](https://github.com/cosmos/ibc-go/pull/3856) Add missing/remove unnecessary gogoproto directive. - - * (apps/27-interchain-accounts) [\#3967](https://github.com/cosmos/ibc-go/pull/3967) Add encoding type as argument to ICA encoding/decoding functions. - - * (core) [\#3867](https://github.com/cosmos/ibc-go/pull/3867) Remove unnecessary event attribute from INIT handshake msgs. - - * (core/04-channel) [\#3806](https://github.com/cosmos/ibc-go/pull/3806) Remove unused `EventTypeTimeoutPacketOnClose`. - - * (testing) [\#4018](https://github.com/cosmos/ibc-go/pull/4018) Allow failure expectations when using `chain.SendMsgs`. - - ### State Machine Breaking - - * (apps/transfer, apps/27-interchain-accounts, app/29-fee) [\#4992](https://github.com/cosmos/ibc-go/pull/4992) Set validation for length of string fields. - - ### Improvements - - * [\#3304](https://github.com/cosmos/ibc-go/pull/3304) Remove unnecessary defer func statements. - - * (apps/29-fee) [\#3054](https://github.com/cosmos/ibc-go/pull/3054) Add page result to ics29-fee queries. - - * (apps/27-interchain-accounts, apps/transfer) [\#3077](https://github.com/cosmos/ibc-go/pull/3077) Add debug level logging for the error message which is discarded when generating a failed acknowledgement. - - * (core/03-connection) [\#3244](https://github.com/cosmos/ibc-go/pull/3244) Cleanup 03-connection msg validate basic test. - - * (core/02-client) [\#3514](https://github.com/cosmos/ibc-go/pull/3514) Add check for the client status in `CreateClient`. - - * (apps/29-fee) [\#4100](https://github.com/cosmos/ibc-go/pull/4100) Adding `MetadataFromVersion` to `29-fee` package `types`. - - * (apps/29-fee) [\#4290](https://github.com/cosmos/ibc-go/pull/4290) Use `types.MetadataFromVersion` helper function for callback handlers. - - * (core/04-channel) [\#4155](https://github.com/cosmos/ibc-go/pull/4155) Adding `IsOpen` and `IsClosed` methods to `Channel` type. - - * (core/03-connection) [\#4110](https://github.com/cosmos/ibc-go/pull/4110) Remove `Version` interface and casting functions from 03-connection. - - * (core) [\#4835](https://github.com/cosmos/ibc-go/pull/4835) Use expected interface for legacy params subspace parameter of keeper constructor functions. - - ### Features - - * (capability) [\#3097](https://github.com/cosmos/ibc-go/pull/3097) Migrate capability module from Cosmos SDK to ibc-go. - - * (core/02-client) [\#3640](https://github.com/cosmos/ibc-go/pull/3640) Migrate client params to be self managed. - - * (core/03-connection) [\#3650](https://github.com/cosmos/ibc-go/pull/3650) Migrate connection params to be self managed. - - * (apps/transfer) [\#3553](https://github.com/cosmos/ibc-go/pull/3553) Migrate transfer parameters to be self managed (#3553) - - * (apps/27-interchain-accounts) [\#3520](https://github.com/cosmos/ibc-go/pull/3590) Migrate ica/controller parameters to be self managed (#3590) - - * (apps/27-interchain-accounts) [\#3520](https://github.com/cosmos/ibc-go/pull/3520) Migrate ica/host to params to be self managed. - - * (apps/transfer) [\#3104](https://github.com/cosmos/ibc-go/pull/3104) Add metadata for IBC tokens. - - * [\#4620](https://github.com/cosmos/ibc-go/pull/4620) Migrate to gov v1 via the additions of `MsgRecoverClient` and `MsgIBCSoftwareUpgrade`. The legacy proposal types `ClientUpdateProposal` and `UpgradeProposal` have been deprecated and will be removed in the next major release. - - ### Bug Fixes - - * (apps/transfer) [\#4709](https://github.com/cosmos/ibc-go/pull/4709) Order query service RPCs to fix availability of denom traces endpoint when no args are provided. - - * (core/04-channel) [\#3357](https://github.com/cosmos/ibc-go/pull/3357) Handle unordered channels in `NextSequenceReceive` query. - - * (e2e) [\#3402](https://github.com/cosmos/ibc-go/pull/3402) Allow retries for messages signed by relayer. - - * (core/04-channel) [\#3417](https://github.com/cosmos/ibc-go/pull/3417) Add missing query for next sequence send. - - * (testing) [\#4630](https://github.com/cosmos/ibc-go/pull/4630) Update `testconfig` to use revision formatted chain IDs. - - * (core/04-channel) [\#4706](https://github.com/cosmos/ibc-go/pull/4706) Retrieve correct next send sequence for packets in unordered channels. - - * (core/02-client) [\#4746](https://github.com/cosmos/ibc-go/pull/4746) Register implementations against `govtypes.Content` interface. - - * (apps/27-interchain-accounts) [\#4944](https://github.com/cosmos/ibc-go/pull/4944) Add missing proto interface registration. - - * (core/02-client) [\#5020](https://github.com/cosmos/ibc-go/pull/5020) Fix expect pointer error when unmarshalling misbehaviour file. - - ### Documentation - - * [\#3133](https://github.com/cosmos/ibc-go/pull/3133) Add linter for markdown documents. - - * [\#4693](https://github.com/cosmos/ibc-go/pull/4693) Migrate docs to docusaurus. - - ### Testing - - * [\#3138](https://github.com/cosmos/ibc-go/pull/3138) Use `testing.TB` instead of `testing.T` to support benchmarks and fuzz tests. - - * [\#3980](https://github.com/cosmos/ibc-go/pull/3980) Change `sdk.Events` usage to `[]abci.Event` in the testing package. - - * [\#3986](https://github.com/cosmos/ibc-go/pull/3986) Add function `RelayPacketWithResults`. - - * [\#4182](https://github.com/cosmos/ibc-go/pull/4182) Return current validator set when requesting current height in `GetValsAtHeight`. - - * [\#4319](https://github.com/cosmos/ibc-go/pull/4319) Fix in `TimeoutPacket` function to use counterparty `portID`/`channelID` in `GetNextSequenceRecv` query. - - * [\#4180](https://github.com/cosmos/ibc-go/pull/4180) Remove unused function `simapp.SetupWithGenesisAccounts`. - - ### Miscellaneous Tasks - - * (apps/27-interchain-accounts) [\#4677](https://github.com/cosmos/ibc-go/pull/4677) Remove ica store key. - - * [\#4724](https://github.com/cosmos/ibc-go/pull/4724) Add `HasValidateBasic` compiler assertions to messages. - - * [\#4725](https://github.com/cosmos/ibc-go/pull/4725) Add fzf selection for config files. - - * [\#4741](https://github.com/cosmos/ibc-go/pull/4741) Panic with error. - - * [\#3186](https://github.com/cosmos/ibc-go/pull/3186) Migrate all SDK errors to the new errors go module. - - * [\#3216](https://github.com/cosmos/ibc-go/pull/3216) Modify `simapp` to fulfill the SDK `runtime.AppI` interface. - - * [\#3290](https://github.com/cosmos/ibc-go/pull/3290) Remove `gogoproto` yaml tags from proto files. - - * [\#3439](https://github.com/cosmos/ibc-go/pull/3439) Use nil pointer pattern to check for interface compliance. - - * [\#3433](https://github.com/cosmos/ibc-go/pull/3433) Add tests for `acknowledgement.Acknowledgement()`. - - * (core, apps/29-fee) [\#3462](https://github.com/cosmos/ibc-go/pull/3462) Add missing `nil` check and corresponding tests for query handlers. - - * (light-clients/07-tendermint, light-clients/06-solomachine) [\#3571](https://github.com/cosmos/ibc-go/pull/3571) Delete unused `GetProofSpecs` functions. - - * (core) [\#3616](https://github.com/cosmos/ibc-go/pull/3616) Add debug log for redundant relay. - - * (core) [\#3892](https://github.com/cosmos/ibc-go/pull/3892) Add deprecated option to `create_localhost` field. - - * (core) [\#3893](https://github.com/cosmos/ibc-go/pull/3893) Add deprecated option to `MsgSubmitMisbehaviour`. - - * (apps/transfer, apps/29-fee) [\#4570](https://github.com/cosmos/ibc-go/pull/4570) Remove `GetSignBytes` from 29-fee and transfer msgs. - - * [\#3630](https://github.com/cosmos/ibc-go/pull/3630) Add annotation to Msg service. - - ## [v7.8.0](https://github.com/cosmos/ibc-go/releases/tag/v7.8.0) - 2024-08-30 - - ### State Machine Breaking - - * (core/03-connection) [\#7128](https://github.com/cosmos/ibc-go/pull/7128) Remove verification of self client and consensus state from connection handshake. - - ## [v7.7.0](https://github.com/cosmos/ibc-go/releases/tag/v7.7.0) - 2024-07-29 - - ### Dependencies - - * [\#6943](https://github.com/cosmos/ibc-go/pull/6943) Update Cosmos SDK to v0.47.13. - - ### Features - - * (apps/transfer) [\#6877](https://github.com/cosmos/ibc-go/pull/6877) Added the possibility to transfer the entire user balance of a particular denomination by using [`UnboundedSpendLimit`](https://github.com/cosmos/ibc-go/blob/715f00eef8727da41db25fdd4763b709bdbba07e/modules/apps/transfer/types/transfer_authorization.go#L253-L255) as the token amount. - - ### Bug Fixes - - ## [v7.6.0](https://github.com/cosmos/ibc-go/releases/tag/v7.6.0) - 2024-06-20 - - ### State Machine Breaking - - * (apps/transfer, apps/27-interchain-accounts, app/29-fee) [\#4992](https://github.com/cosmos/ibc-go/pull/4992) Set validation for length of string fields. - - ## [v7.5.2](https://github.com/cosmos/ibc-go/releases/tag/v7.5.2) - 2024-06-20 - - ### Dependencies - - * [\#6613](https://github.com/cosmos/ibc-go/pull/6613) Update Cosmos SDK to v0.47.12. - - ### Improvements - - * (apps/27-interchain-accounts) [\#6436](https://github.com/cosmos/ibc-go/pull/6436) Refactor ICA host keeper instantiation method to avoid panic related to proto files. - - ## [v7.5.1](https://github.com/cosmos/ibc-go/releases/tag/v7.5.1) - 2024-05-22 - - ### Improvements - - * (core/ante) [\#6302](https://github.com/cosmos/ibc-go/pull/6302) Performance: Skip app callbacks during RecvPacket execution in checkTx within the redundant relay ante handler. - - * (core/ante) [\#6280](https://github.com/cosmos/ibc-go/pull/6280) Performance: Skip redundant proof checking in RecvPacket execution in reCheckTx within the redundant relay ante handler. - - * (core/ante) [\#6306](https://github.com/cosmos/ibc-go/pull/6306) Performance: Skip misbehaviour checks in UpdateClient flow and skip signature checks in reCheckTx mode. - - ## [v7.5.0](https://github.com/cosmos/ibc-go/releases/tag/v7.5.0) - 2024-05-14 - - ### Dependencies - - * [\#6254](https://github.com/cosmos/ibc-go/pull/6254) Update Cosmos SDK to v0.47.11 and CometBFT to v0.37.5. - - ### State Machine Breaking - - * (light-clients/07-tendermint) [\#6276](https://github.com/cosmos/ibc-go/pull/6276) Fix: No-op to avoid panicking on `UpdateState` for invalid misbehaviour submissions. - - ### Improvements - - * (apps/27-interchain-accounts) [\#6147](https://github.com/cosmos/ibc-go/pull/6147) Emit an event signalling that the host submodule is disabled. - - * (testing) [\#6180](https://github.com/cosmos/ibc-go/pull/6180) Add version to tm abci headers in ibctesting. - - * (apps/27-interchain-accounts, apps/transfer, apps/29-fee) [\#6253](https://github.com/cosmos/ibc-go/pull/6253) Allow channel handshake to succeed if fee middleware is wired up on one side, but not the other. - - * (apps/transfer) [\#6268](https://github.com/cosmos/ibc-go/pull/6268) Use memo strings instead of JSON keys in `AllowedPacketData` of transfer authorization. - - ### Features - - * (apps/27-interchain-accounts) [\#5633](https://github.com/cosmos/ibc-go/pull/5633) Allow new ICA channels to use unordered ordering. - - * (apps/27-interchain-accounts) [\#5785](https://github.com/cosmos/ibc-go/pull/5785) Introduce a new tx message that ICA host submodule can use to query the chain (only those marked with `module_query_safe`) and write the responses to the acknowledgement. - - ### Bug Fixes - - * (apps/29-fee) [\#6255](https://github.com/cosmos/ibc-go/pull/6255) Delete already refunded fees from state if some fee(s) cannot be refunded on channel closure. - - ## [v7.4.0](https://github.com/cosmos/ibc-go/releases/tag/v7.4.0) - 2024-04-05 - - ## [v7.3.2](https://github.com/cosmos/ibc-go/releases/tag/v7.3.2) - 2024-01-31 - - ### Dependencies - - * [\#5717](https://github.com/cosmos/ibc-go/pull/5717) Update Cosmos SDK to v0.47.8 and CometBFT to v0.37.4. - - ### Improvements - - * (core) [\#5541](https://github.com/cosmos/ibc-go/pull/5541) Enable emission of events on erroneous IBC application callbacks by appending a prefix to all event type and attribute keys. - - ### Bug Fixes - - * (apps/27-interchain-accounts) [\#4944](https://github.com/cosmos/ibc-go/pull/4944) Add missing proto interface registration. - - ## [v7.3.1](https://github.com/cosmos/ibc-go/releases/tag/v7.3.1) - 2023-10-20 - - ### Dependencies - - * [\#4539](https://github.com/cosmos/ibc-go/pull/4539) Update Cosmos SDK to v0.47.5. - - ### Improvements - - * (apps/27-interchain-accounts) [\#4537](https://github.com/cosmos/ibc-go/pull/4537) Add argument to `generate-packet-data` cli to choose the encoding format for the messages in the ICA packet data. - - ### Bug Fixes - - * (apps/transfer) [\#4709](https://github.com/cosmos/ibc-go/pull/4709) Order query service RPCs to fix availability of denom traces endpoint when no args are provided. - - ## [v7.3.0](https://github.com/cosmos/ibc-go/releases/tag/v7.3.0) - 2023-08-31 - - ### Dependencies - - * [\#4122](https://github.com/cosmos/ibc-go/pull/4122) Update Cosmos SDK to v0.47.4. - - ### Improvements - - * [\#4187](https://github.com/cosmos/ibc-go/pull/4187) Adds function `WithICS4Wrapper` to keepers to allow to set the middleware after the keeper's creation. - - * (light-clients/06-solomachine) [\#4429](https://github.com/cosmos/ibc-go/pull/4429) Remove IBC key from path of bytes signed by solomachine and not escape the path. - - ### Features - - * (apps/27-interchain-accounts) [\#3796](https://github.com/cosmos/ibc-go/pull/3796) Adds support for json tx encoding for interchain accounts. - - * [\#4188](https://github.com/cosmos/ibc-go/pull/4188) Adds optional `PacketDataUnmarshaler` interface that allows a middleware to request the packet data to be unmarshaled by the base application. - - * [\#4199](https://github.com/cosmos/ibc-go/pull/4199) Adds optional `PacketDataProvider` interface for retrieving custom packet data stored on behalf of another application. - - * [\#4200](https://github.com/cosmos/ibc-go/pull/4200) Adds optional `PacketData` interface which application's packet data may implement. - - ### Bug Fixes - - * (04-channel) [\#4476](https://github.com/cosmos/ibc-go/pull/4476) Use UTC time in log messages for packet timeout error. - - * (testing) [\#4483](https://github.com/cosmos/ibc-go/pull/4483) Use the correct revision height when querying trusted validator set. - - ## [v7.2.3](https://github.com/cosmos/ibc-go/releases/tag/v7.2.3) - 2024-01-31 - - ### Dependencies - - * [\#5716](https://github.com/cosmos/ibc-go/pull/5716) Update Cosmos SDK to v0.47.8 and CometBFT to v0.37.4. - - ### Improvements - - * (core) [\#5541](https://github.com/cosmos/ibc-go/pull/5541) Enable emission of events on erroneous IBC application callbacks by appending a prefix to all event type and attribute keys. - - ## [v7.2.2](https://github.com/cosmos/ibc-go/releases/tag/v7.2.2) - 2023-10-20 - - ### Dependencies - - * [\#4539](https://github.com/cosmos/ibc-go/pull/4539) Update Cosmos SDK to v0.47.5. - - ### Bug Fixes - - * (apps/transfer) [\#4709](https://github.com/cosmos/ibc-go/pull/4709) Order query service RPCs to fix availability of denom traces endpoint when no args are provided. - - ## [v7.2.1](https://github.com/cosmos/ibc-go/releases/tag/v7.2.1) - 2023-08-31 - - ### Bug Fixes - - * (04-channel) [\#4476](https://github.com/cosmos/ibc-go/pull/4476) Use UTC time in log messages for packet timeout error. - - * (testing) [\#4483](https://github.com/cosmos/ibc-go/pull/4483) Use the correct revision height when querying trusted validator set. - - ## [v7.2.0](https://github.com/cosmos/ibc-go/releases/tag/v7.2.0) - 2023-06-22 - - ### Dependencies - - * [\#3810](https://github.com/cosmos/ibc-go/pull/3810) Update Cosmos SDK to v0.47.3. - - * [\#3862](https://github.com/cosmos/ibc-go/pull/3862) Update CometBFT to v0.37.2. - - ### State Machine Breaking - - * [\#3907](https://github.com/cosmos/ibc-go/pull/3907) Re-implemented missing functions of `LegacyMsg` interface to fix transaction signing with ledger. - - ## [v7.1.0](https://github.com/cosmos/ibc-go/releases/tag/v7.1.0) - 2023-06-09 - - ### Dependencies - - * [\#3542](https://github.com/cosmos/ibc-go/pull/3542) Update Cosmos SDK to v0.47.2 and CometBFT to v0.37.1. - - * [\#3457](https://github.com/cosmos/ibc-go/pull/3457) Update to ics23 v0.10.0. - - ### Improvements - - * (apps/transfer) [\#3454](https://github.com/cosmos/ibc-go/pull/3454) Support transfer authorization unlimited spending when the max `uint256` value is provided as limit. - - ### Features - - * (light-clients/09-localhost) [\#3229](https://github.com/cosmos/ibc-go/pull/3229) Implementation of v2 of localhost loopback client. - - * (apps/transfer) [\#3019](https://github.com/cosmos/ibc-go/pull/3019) Add state entry to keep track of total amount of tokens in escrow. - - ### Bug Fixes - - * (core/04-channel) [\#3346](https://github.com/cosmos/ibc-go/pull/3346) Properly handle ordered channels in `UnreceivedPackets` query. - - * (core/04-channel) [\#3593](https://github.com/cosmos/ibc-go/pull/3593) `SendPacket` now correctly returns `ErrClientNotFound` in favour of `ErrConsensusStateNotFound`. - - ## [v7.0.1](https://github.com/cosmos/ibc-go/releases/tag/v7.0.1) - 2023-05-25 - - ### Bug Fixes - - * [\#3346](https://github.com/cosmos/ibc-go/pull/3346) Properly handle ordered channels in `UnreceivedPackets` query. - - ## [v7.0.0](https://github.com/cosmos/ibc-go/releases/tag/v7.0.0) - 2023-03-17 - - ### Dependencies - - * [\#2672](https://github.com/cosmos/ibc-go/issues/2672) Update to cosmos-sdk v0.47. - - * [\#3175](https://github.com/cosmos/ibc-go/issues/3175) Migrate to cometbft v0.37. - - ### API Breaking - - * (core) [\#2897](https://github.com/cosmos/ibc-go/pull/2897) Remove legacy migrations required for upgrading from Stargate release line to ibc-go >= v1.x.x. - - * (core/02-client) [\#2856](https://github.com/cosmos/ibc-go/pull/2856) Rename `IterateClients` to `IterateClientStates`. The function now takes a prefix argument which may be used for prefix iteration over the client store. - - * (light-clients/tendermint)[\#1768](https://github.com/cosmos/ibc-go/pull/1768) Removed `AllowUpdateAfterExpiry`, `AllowUpdateAfterMisbehaviour` booleans as they are deprecated (see ADR026) - - * (06-solomachine) [\#1679](https://github.com/cosmos/ibc-go/pull/1679) Remove `types` sub-package from `06-solomachine` lightclient directory. - - * (07-tendermint) [\#1677](https://github.com/cosmos/ibc-go/pull/1677) Remove `types` sub-package from `07-tendermint` lightclient directory. - - * (06-solomachine) [\#1687](https://github.com/cosmos/ibc-go/pull/1687) Bump `06-solomachine` protobuf version from `v2` to `v3`. - - * (06-solomachine) [\#1687](https://github.com/cosmos/ibc-go/pull/1687) Removed `DataType` enum and associated message types from `06-solomachine`. `DataType` has been removed from `SignBytes` and `SignatureAndData` in favour of `path`. - - * (02-client) [\#598](https://github.com/cosmos/ibc-go/pull/598) The client state and consensus state return value has been removed from `VerifyUpgradeAndUpdateState`. Light client implementations must update the client state and consensus state after verifying a valid client upgrade. - - * (06-solomachine) [\#1100](https://github.com/cosmos/ibc-go/pull/1100) Remove `GetClientID` function from 06-solomachine `Misbehaviour` type. - - * (06-solomachine) [\#1100](https://github.com/cosmos/ibc-go/pull/1100) Deprecate `ClientId` field in 06-solomachine `Misbehaviour` type. - - * (07-tendermint) [\#1097](https://github.com/cosmos/ibc-go/pull/1097) Remove `GetClientID` function from 07-tendermint `Misbehaviour` type. - - * (07-tendermint) [\#1097](https://github.com/cosmos/ibc-go/pull/1097) Deprecate `ClientId` field in 07-tendermint `Misbehaviour` type. - - * (modules/core/exported) [\#1107](https://github.com/cosmos/ibc-go/pull/1107) Merging the `Header` and `Misbehaviour` interfaces into a single `ClientMessage` type. - - * (06-solomachine)[\#1906](https://github.com/cosmos/ibc-go/pull/1906/files) Removed `AllowUpdateAfterProposal` boolean as it has been deprecated (see 01_concepts of the solo machine spec for more details). - - * (07-tendermint) [\#1896](https://github.com/cosmos/ibc-go/pull/1896) Remove error return from `IterateConsensusStateAscending` in `07-tendermint`. - - * (apps/27-interchain-accounts) [\#2638](https://github.com/cosmos/ibc-go/pull/2638) Interchain accounts host and controller Keepers now expects a keeper which fulfills the expected `exported.ScopedKeeper` interface for the capability keeper. - - * (06-solomachine) [\#2761](https://github.com/cosmos/ibc-go/pull/2761) Removed deprecated `ClientId` field from `Misbehaviour` and `allow_update_after_proposal` field from `ClientState`. - - * (apps) [\#3154](https://github.com/cosmos/ibc-go/pull/3154) Remove unused `ProposalContents` function. - - * (apps) [\#3149](https://github.com/cosmos/ibc-go/pull/3149) Remove legacy interface function `RandomizedParams`, which is no longer used. - - * (light-clients/06-solomachine) [\#2941](https://github.com/cosmos/ibc-go/pull/2941) Remove solomachine header sequence. - - * (core) [\#2982](https://github.com/cosmos/ibc-go/pull/2982) Moved the ibc module name into the exported package. - - ### State Machine Breaking - - * (06-solomachine) [\#2744](https://github.com/cosmos/ibc-go/pull/2744) `Misbehaviour.ValidateBasic()` now only enforces that signature data does not match when the signature paths are different. - - * (06-solomachine) [\#2748](https://github.com/cosmos/ibc-go/pull/2748) Adding sentinel value for header path in 06-solomachine. - - * (apps/29-fee) [\#2942](https://github.com/cosmos/ibc-go/pull/2942) Check `x/bank` send enabled before escrowing fees. - - * (core/04-channel) [\#3009](https://github.com/cosmos/ibc-go/pull/3009) Change check to disallow optimistic sends. - - ### Improvements - - * (core) [\#3082](https://github.com/cosmos/ibc-go/pull/3082) Add `HasConnection` and `HasChannel` methods. - - * (tests) [\#2926](https://github.com/cosmos/ibc-go/pull/2926) Lint tests - - * (apps/transfer) [\#2643](https://github.com/cosmos/ibc-go/pull/2643) Add amount, denom, and memo to transfer event emission. - - * (core) [\#2746](https://github.com/cosmos/ibc-go/pull/2746) Allow proof height to be zero for all core IBC `sdk.Msg` types that contain proofs. - - * (light-clients/06-solomachine) [\#2746](https://github.com/cosmos/ibc-go/pull/2746) Discard proofHeight for solo machines and use the solo machine sequence instead. - - * (modules/light-clients/07-tendermint) [\#1713](https://github.com/cosmos/ibc-go/pull/1713) Allow client upgrade proposals to update `TrustingPeriod`. See ADR-026 for context. - - * (modules/core/02-client) [\#1188](https://github.com/cosmos/ibc-go/pull/1188/files) Routing `MsgSubmitMisbehaviour` to `UpdateClient` keeper function. Deprecating `SubmitMisbehaviour` endpoint. - - * (modules/core/02-client) [\#1208](https://github.com/cosmos/ibc-go/pull/1208) Replace `CheckHeaderAndUpdateState` usage in 02-client with calls to `VerifyClientMessage`, `CheckForMisbehaviour`, `UpdateStateOnMisbehaviour` and `UpdateState`. - - * (modules/light-clients/09-localhost) [\#1187](https://github.com/cosmos/ibc-go/pull/1187/) Removing localhost light client implementation as it is not functional. An upgrade handler is provided in `modules/migrations/v5` to prune `09-localhost` clients and consensus states from the store. - - * (modules/core/02-client) [\#1186](https://github.com/cosmos/ibc-go/pull/1186) Removing `GetRoot` function from ConsensusState interface in `02-client`. `GetRoot` is unused by core IBC. - - * (modules/core/02-client) [\#1196](https://github.com/cosmos/ibc-go/pull/1196) Adding VerifyClientMessage to ClientState interface. - - * (modules/core/02-client) [\#1198](https://github.com/cosmos/ibc-go/pull/1198) Adding UpdateStateOnMisbehaviour to ClientState interface. - - * (modules/core/02-client) [\#1170](https://github.com/cosmos/ibc-go/pull/1170) Updating `ClientUpdateProposal` to set client state in lightclient implementations `CheckSubstituteAndUpdateState` methods. - - * (modules/core/02-client) [\#1197](https://github.com/cosmos/ibc-go/pull/1197) Adding `CheckForMisbehaviour` to `ClientState` interface. - - * (modules/core/02-client) [\#1210](https://github.com/cosmos/ibc-go/pull/1210) Removing `CheckHeaderAndUpdateState` from `ClientState` interface & associated light client implementations. - - * (modules/core/02-client) [\#1212](https://github.com/cosmos/ibc-go/pull/1212) Removing `CheckMisbehaviourAndUpdateState` from `ClientState` interface & associated light client implementations. - - * (modules/core/exported) [\#1206](https://github.com/cosmos/ibc-go/pull/1206) Adding new method `UpdateState` to `ClientState` interface. - - * (modules/core/02-client) [\#1741](https://github.com/cosmos/ibc-go/pull/1741) Emitting a new `upgrade_chain` event upon setting upgrade consensus state. - - * (client) [\#724](https://github.com/cosmos/ibc-go/pull/724) `IsRevisionFormat` and `IsClientIDFormat` have been updated to disallow newlines before the dash used to separate the chainID and revision number, and the client type and client sequence. - - * (02-client/cli) [\#897](https://github.com/cosmos/ibc-go/pull/897) Remove `GetClientID()` from `Misbehaviour` interface. Submit client misbehaviour cli command requires an explicit client id now. - - * (06-solomachine) [\#1972](https://github.com/cosmos/ibc-go/pull/1972) Solo machine implementation of `ZeroCustomFields` fn now panics as the fn is only used for upgrades which solo machine does not support. - - * (light-clients/06-solomachine) Moving `verifyMisbehaviour` function from update.go to misbehaviour_handle.go. - - * [\#2434](https://github.com/cosmos/ibc-go/pull/2478) Removed all `TypeMsg` constants - - * (modules/core/exported) [\#2539](https://github.com/cosmos/ibc-go/pull/2539) Removing `GetVersions` from `ConnectionI` interface. - - * (core/02-connection) [\#2419](https://github.com/cosmos/ibc-go/pull/2419) Add optional proof data to proto definitions of `MsgConnectionOpenTry` and `MsgConnectionOpenAck` for host state machines that are unable to introspect their own consensus state. - - * (light-clients/07-tendermint) [\#3046](https://github.com/cosmos/ibc-go/pull/3046) Moved non-verification misbehaviour checks to `CheckForMisbehaviour`. - - * (apps/29-fee) [\#2975](https://github.com/cosmos/ibc-go/pull/2975) Adding distribute fee events to ics29. - - * (light-clients/07-tendermint) [\#2965](https://github.com/cosmos/ibc-go/pull/2965) Prune expired `07-tendermint` consensus states on duplicate header updates. - - * (light-clients) [\#2736](https://github.com/cosmos/ibc-go/pull/2736) Updating `VerifyMembership` and `VerifyNonMembership` methods to use `Path` interface. - - * (light-clients) [\#3113](https://github.com/cosmos/ibc-go/pull/3113) Align light client module names. - - ### Features - - * (apps/transfer) [\#3079](https://github.com/cosmos/ibc-go/pull/3079) Added authz support for ics20. - - * (core/02-client) [\#2824](https://github.com/cosmos/ibc-go/pull/2824) Add genesis migrations for v6 to v7. The migration migrates the solo machine client state definition, removes all solo machine consensus states and removes the localhost client. - - * (core/24-host) [\#2856](https://github.com/cosmos/ibc-go/pull/2856) Add `PrefixedClientStorePath` and `PrefixedClientStoreKey` functions to 24-host - - * (core/02-client) [\#2819](https://github.com/cosmos/ibc-go/pull/2819) Add automatic in-place store migrations to remove the localhost client and migrate existing solo machine definitions. - - * (light-clients/06-solomachine) [\#2826](https://github.com/cosmos/ibc-go/pull/2826) Add `AppModuleBasic` for the 06-solomachine client and remove solo machine type registration from core IBC. Chains must register the `AppModuleBasic` of light clients. - - * (light-clients/07-tendermint) [\#2825](https://github.com/cosmos/ibc-go/pull/2825) Add `AppModuleBasic` for the 07-tendermint client and remove tendermint type registration from core IBC. Chains must register the `AppModuleBasic` of light clients. - - * (light-clients/07-tendermint) [\#2800](https://github.com/cosmos/ibc-go/pull/2800) Add optional in-place store migration function to prune all expired tendermint consensus states. - - * (core/24-host) [\#2820](https://github.com/cosmos/ibc-go/pull/2820) Add `MustParseClientStatePath` which parses the clientID from a client state key path. - - * (testing/simapp) [\#2842](https://github.com/cosmos/ibc-go/pull/2842) Adding the new upgrade handler for v6 -> v7 to simapp which prunes expired Tendermint consensus states. - - * (testing) [\#2829](https://github.com/cosmos/ibc-go/pull/2829) Add `AssertEvents` which asserts events against expected event map. - - ### Bug Fixes - - * (testing) [\#3295](https://github.com/cosmos/ibc-go/pull/3295) The function `SetupWithGenesisValSet` will set the baseapp chainID before running `InitChain` - - * (light-clients/solomachine) [\#1839](https://github.com/cosmos/ibc-go/pull/1839) Fixed usage of the new diversifier in validation of changing diversifiers for the solo machine. The current diversifier must sign over the new diversifier. - - * (light-clients/07-tendermint) [\#1674](https://github.com/cosmos/ibc-go/pull/1674) Submitted ClientState is zeroed out before checking the proof in order to prevent the proposal from containing information governance is not actually voting on. - - * (modules/core/02-client)[\#1676](https://github.com/cosmos/ibc-go/pull/1676) ClientState must be zeroed out for `UpgradeProposals` to pass validation. This prevents a proposal containing information governance is not actually voting on. - - * (core/02-client) [\#2510](https://github.com/cosmos/ibc-go/pull/2510) Fix client ID validation regex to conform closer to spec. - - * (apps/transfer) [\#3045](https://github.com/cosmos/ibc-go/pull/3045) Allow value with slashes in URL template. - - * (apps/27-interchain-accounts) [\#2601](https://github.com/cosmos/ibc-go/pull/2601) Remove bech32 check from owner address on ICA controller msgs RegisterInterchainAccount and SendTx. - - * (apps/transfer) [\#2651](https://github.com/cosmos/ibc-go/pull/2651) Skip emission of unpopulated memo field in ics20. - - * (apps/27-interchain-accounts) [\#2682](https://github.com/cosmos/ibc-go/pull/2682) Avoid race conditions in ics27 handshakes. - - * (light-clients/06-solomachine) [\#2741](https://github.com/cosmos/ibc-go/pull/2741) Added check for empty path in 06-solomachine. - - * (light-clients/07-tendermint) [\#3022](https://github.com/cosmos/ibc-go/pull/3022) Correctly close iterator in `07-tendermint` store. - - * (core/02-client) [\#3010](https://github.com/cosmos/ibc-go/pull/3010) Update `Paginate` to use `FilterPaginate` in `ClientStates` and `ConnectionChannels` grpc queries. - - ## [v6.3.0](https://github.com/cosmos/ibc-go/releases/tag/v6.3.0) - 2024-04-05 - diff --git a/docs/ibc/next/index.mdx b/docs/ibc/next/index.mdx new file mode 100644 index 00000000..97bfbba2 --- /dev/null +++ b/docs/ibc/next/index.mdx @@ -0,0 +1,36 @@ +--- +title: "IBC Documentation" +description: "Inter-Blockchain Communication Protocol (IBC) documentation" +--- + +# IBC Documentation + +The Inter-Blockchain Communication Protocol (IBC) is a protocol for authentication and transport of data between blockchains. + +## Overview + +IBC enables secure and reliable communication between independent blockchains, allowing them to transfer tokens and other data in a trust-minimized way. + +### Key Features + +- **Interoperability** - Connect heterogeneous blockchains +- **Security** - Cryptographic verification of cross-chain messages +- **Composability** - Build cross-chain applications +- **Modularity** - Extensible protocol design + +## Getting Started + +Documentation for IBC is currently being developed. For the latest information, please visit: + +- [IBC Protocol Specification](https://github.com/cosmos/ibc) +- [IBC Go Implementation](https://github.com/cosmos/ibc-go) +- [IBC Developer Resources](https://ibc.cosmos.network) + +## Resources + +- [GitHub Repository](https://github.com/cosmos/ibc-go) +- [Release Notes](/docs/ibc/next/changelog/release-notes) + +--- + +*This documentation is under active development.* diff --git a/docs/ibc/v0.2.0/index.mdx b/docs/ibc/v0.2.0/index.mdx new file mode 100644 index 00000000..0797e278 --- /dev/null +++ b/docs/ibc/v0.2.0/index.mdx @@ -0,0 +1,35 @@ +--- +title: "IBC v0.2.0 Documentation" +description: "Inter-Blockchain Communication Protocol (IBC) v0.2.0 documentation" +--- + +# IBC v0.2.0 Documentation + +The Inter-Blockchain Communication Protocol (IBC) is a protocol for authentication and transport of data between blockchains. + +## Overview + +This is the documentation for IBC v0.2.0. For the latest documentation, please see the [next version](/docs/ibc/next/index). + +### Key Features + +- **Interoperability** - Connect heterogeneous blockchains +- **Security** - Cryptographic verification of cross-chain messages +- **Composability** - Build cross-chain applications +- **Modularity** - Extensible protocol design + +## Version Information + +- **Version:** v0.2.0 +- **Status:** Archived +- **For Latest Docs:** [IBC Next](/docs/ibc/next/index) + +## Resources + +- [GitHub Repository](https://github.com/cosmos/ibc-go) +- [IBC Protocol Specification](https://github.com/cosmos/ibc) +- [IBC Developer Resources](https://ibc.cosmos.network) + +--- + +*For the most up-to-date documentation, please refer to the [next version](/docs/ibc/next/index).* From d2dc8ec0b1d0e484af001722d0f7fd60bd067114 Mon Sep 17 00:00:00 2001 From: Cordt Date: Mon, 20 Oct 2025 13:41:48 -0600 Subject: [PATCH 20/26] update versions metadata --- scripts/versioning/release-notes.js | 2 +- versions.json | 23 ++++++++++++++++++++++- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/scripts/versioning/release-notes.js b/scripts/versioning/release-notes.js index a6721d93..efde2362 100644 --- a/scripts/versioning/release-notes.js +++ b/scripts/versioning/release-notes.js @@ -239,7 +239,7 @@ function parseChangelogToMintlify(changelogContent) { const mintlifyContent = `--- title: "Release Notes" description: "Release history and changelog for Cosmos ${PRODUCT_LABEL}" -mode: "center" +mode: "wide" --- diff --git a/versions.json b/versions.json index 56fccba2..acfbc30b 100644 --- a/versions.json +++ b/versions.json @@ -6,7 +6,28 @@ "v0.4.x" ], "defaultVersion": "next", - "nextDev": "v0.5.0" + "nextDev": "v0.5.0", + "repository": "cosmos/evm", + "changelogPath": "CHANGELOG.md" + }, + "sdk": { + "versions": [ + "next", + "v0.53", + "v0.50", + "v0.47" + ], + "defaultVersion": "next", + "repository": "cosmos/cosmos-sdk", + "changelogPath": "CHANGELOG.md" + }, + "ibc": { + "versions": [ + "next" + ], + "defaultVersion": "next", + "repository": "cosmos/ibc-go", + "changelogPath": "CHANGELOG.md" } } } From f0280731b802b868b940c0167a8ca6d73ec2ccd1 Mon Sep 17 00:00:00 2001 From: Cordt Date: Tue, 21 Oct 2025 05:31:47 -0600 Subject: [PATCH 21/26] finalizing build-chain overview page --- .../comprehensive-configuration-reference.mdx | 3376 +++++------------ .../build-a-chain/overview.mdx | 16 +- 2 files changed, 857 insertions(+), 2535 deletions(-) diff --git a/docs/evm/next/documentation/getting-started/build-a-chain/comprehensive-configuration-reference.mdx b/docs/evm/next/documentation/getting-started/build-a-chain/comprehensive-configuration-reference.mdx index 7b0868d5..22a50967 100644 --- a/docs/evm/next/documentation/getting-started/build-a-chain/comprehensive-configuration-reference.mdx +++ b/docs/evm/next/documentation/getting-started/build-a-chain/comprehensive-configuration-reference.mdx @@ -1,3502 +1,1822 @@ --- -title: "Comprehensive Configuration Reference" -description: "Complete technical encyclopedia of all configurable parameters in Cosmos EVM - pre-genesis source code settings, genesis parameters, runtime configuration, and node-level parameters." +title: "Configuration Parameter Reference" +description: "Complete technical reference of all configurable parameters in Cosmos EVM - source code settings, genesis parameters, and runtime configuration." --- -This reference provides comprehensive documentation for every configurable parameter in Cosmos EVM chains. Parameters are organized by configuration phase and category with complete technical details, defaults, and source code locations. +Technical reference for all Cosmos EVM chain parameters organized by configuration phase and module. -**Related Documentation:** -- [Pre-Genesis & Genesis Setup](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup) - Step-by-step configuration guide -- [Runtime Configuration & Launch](/docs/evm/next/documentation/getting-started/build-a-chain/runtime-and-launch) - Network launch procedures -- [Configuration Reference](/docs/evm/next/documentation/getting-started/build-a-chain/configuration-reference) - Quick reference with commands and examples +For step-by-step configuration guides, see [Pre-Genesis & Genesis Setup](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup) and [Runtime Configuration & Launch](/docs/evm/next/documentation/getting-started/build-a-chain/runtime-and-launch). - -This is a technical reference. For step-by-step configuration instructions, see the [Pre-Genesis & Genesis Setup](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup) guide. - - -## Configuration Phase Overview - -Cosmos EVM configuration occurs in four distinct phases: - - - -Parameters compiled into binary before `init` -- Binary name -- Bech32 prefix -- BIP44 coin type -- EVM chain ID -- Default denominations - - - -Parameters set in `genesis.json` -- Module parameters -- Initial accounts -- Validator genesis transactions -- Network consensus rules - - - -Node-specific settings in TOML files -- `app.toml` - Application settings -- `config.toml` - CometBFT settings -- `client.toml` - CLI client settings - - - -Parameters changeable after genesis -- Module parameters via proposals -- Access control modifications -- Precompile activation/deactivation - - - --- ## Pre-Genesis Parameters (Source Code) -These parameters must be configured in source code **before** building your binary and running `yourchain init`. Changes after genesis require rebuilding the binary and coordinating a hard fork. - -### Binary Name - - - -| Parameter | Value | -|-----------|-------| -| **Description** | Name of your compiled blockchain executable | -| **Default** | `evmd` | -| **File Locations** | Directory name, all Go imports, Makefile | -| **When to Configure** | Before first build | -| **Can Change After Genesis** | Yes, but requires coordinated binary replacement | -| **Source** | Repository-wide (all files) | - -**What It Controls:** -- Binary executable name (`./build/yourchain`) -- Installation location (`$GOPATH/bin/yourchain`) -- CLI command prefix (`yourchain start`, `yourchain init`, etc.) -- Module import paths -- Home directory default (`~/.yourchain`) - -**Files Affected:** -- Go package names -- Import paths in `.go` files -- Module declaration in `go.mod` -- Makefile build targets -- Shell scripts and documentation -- Docker configurations - -**Configuration Method:** -```bash expandable -# Rename directory -mv evmd yourchain -mv yourchain/cmd/evmd yourchain/cmd/yourchain - -# Update all references -find . -type f -name "*.go" -exec sed -i 's/evmd/yourchain/g' {} \; -find . -type f -name "*.go" -exec sed -i 's/\.evmd/.yourchain/g' {} \; +Parameters set in source code before building the binary. Require rebuild to change. -# Update go.mod module path -# Edit: module github.com/your-org/your-chain/yourchain - -# Rebuild -go mod tidy -make build -``` - -**Validation:** -```bash expandable -# Verify binary name -ls ./build/ -# Should show: yourchain - -# Verify it runs -./build/yourchain version -``` - - + ### Bech32 Address Prefix - - -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Address format prefix for all Cosmos addresses on your chain | +| **Description** | Address format prefix for all Cosmos addresses | +| **Location** | `config/config.go:62` | | **Default** | `cosmos` | -| **File Location** | [`config/config.go:62`](https://github.com/cosmos/evm/blob/main/config/config.go#L62) | -| **When to Configure** | Before `yourchain init` | -| **Can Change After Genesis** | No (requires hard fork and state migration) | -| **Format** | Lowercase alphanumeric string | - -**What It Controls:** -- Account addresses: `yourchain1...` -- Account public keys: `yourchainpub1...` -- Validator operator addresses: `yourchainvaloper1...` -- Validator operator public keys: `yourchainvaloperpub1...` -- Consensus addresses: `yourchainvalcons1...` -- Consensus public keys: `yourchainvalconspub1...` - -**Configuration Method:** -Edit `config/config.go`: -```go expandable -const ( - // Bech32Prefix defines the Bech32 prefix for all accounts - Bech32Prefix = "yourchain" - - // Derived prefixes (do not modify these) - Bech32PrefixAccAddr = Bech32Prefix - Bech32PrefixAccPub = Bech32Prefix + sdk.PrefixPublic - Bech32PrefixValAddr = Bech32Prefix + sdk.PrefixValidator + sdk.PrefixOperator - Bech32PrefixValPub = Bech32Prefix + sdk.PrefixValidator + sdk.PrefixOperator + sdk.PrefixPublic - Bech32PrefixConsAddr = Bech32Prefix + sdk.PrefixValidator + sdk.PrefixConsensus - Bech32PrefixConsPub = Bech32Prefix + sdk.PrefixValidator + sdk.PrefixConsensus + sdk.PrefixPublic -) -``` +| **Type** | String (lowercase alphanumeric) | +| **Adjustable** | Immutable | +| **Source** | [`config/config.go`](https://github.com/cosmos/evm/blob/main/config/config.go#L62) | -**Rebuild Required:** -```bash expandable -make build -./build/yourchain init test --chain-id test-1 -./build/yourchain keys add testkey --keyring-backend test -# Verify address starts with yourchain1... +```go +const Bech32Prefix = "yourchain" ``` -**Naming Guidelines:** -- Use lowercase only -- Keep it short (3-10 characters) -- Make it unique and recognizable -- Avoid conflicts with existing chains - -**Examples:** -- `cosmos` - Cosmos Hub -- `osmosis` - Osmosis DEX -- `evmos` - Evmos (EVM on Cosmos) -- `juno` - Juno Network -- `yourchain` - Your custom chain - - +--- ### BIP44 Coin Type - - -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | HD wallet derivation path coin type per BIP-44 | +| **Description** | HD wallet derivation path coin type | +| **Location** | `crypto/hd/hdpath.go:9` | | **Default** | `60` (Ethereum) | -| **File Location** | [`crypto/hd/hdpath.go:9`](https://github.com/cosmos/evm/blob/main/crypto/hd/hdpath.go#L9) | -| **When to Configure** | Before `yourchain init` | -| **Can Change After Genesis** | No (breaks existing wallets) | +| **Type** | uint32 | +| **Adjustable** | Immutable | | **Standard** | [SLIP-0044](https://github.com/satoshilabs/slips/blob/master/slip-0044.md) | +| **Source** | [`crypto/hd/hdpath.go`](https://github.com/cosmos/evm/blob/main/crypto/hd/hdpath.go#L9) | -**What It Controls:** -- HD wallet key derivation path: `m/44'/COIN_TYPE'/0'/0/0` -- Wallet compatibility (MetaMask, Ledger, Keplr) -- Key generation algorithm - -**Configuration Method:** -Edit `crypto/hd/hdpath.go`: -```go expandable -var ( - // Bip44CoinType satisfies EIP84 for Ethereum compatibility - // OR use a registered unique coin type - Bip44CoinType uint32 = 60 // Change this value - - // BIP44HDPath is derived from coin type - BIP44HDPath = fmt.Sprintf("m/44'/%d'/0'/0/0", Bip44CoinType) -) +```go +Bip44CoinType uint32 = 60 ``` -**Common Values:** -| Coin Type | Chain | Use Case | -|-----------|-------|----------| -| `60` | Ethereum | **EVM chains (recommended)** - MetaMask compatible | -| `118` | Cosmos Hub | Traditional Cosmos SDK chains | -| `330` | Terra | Terra ecosystem | -| `529` | Secret Network | Secret Network | -| `852` | Desmos | Desmos Network | - -**Recommendations:** -- **EVM-compatible chains:** Use `60` for maximum wallet compatibility -- **Cosmos-focused chains:** Register unique value via SLIP-0044 -- **Hybrid chains:** Use `60` if EVM is primary interface - -**Registration Process:** -1. Check [SLIP-0044 registry](https://github.com/satoshilabs/slips/blob/master/slip-0044.md) -2. Submit PR to register your coin type -3. Wait for approval before mainnet launch -4. Update code with registered number - -**Important Notes:** -- Changing this breaks wallet compatibility -- Users cannot recover keys with different coin type -- Hardware wallet support depends on coin type -- Consider ecosystem compatibility +**Common Values:** `60` (Ethereum/EVM), `118` (Cosmos), `330` (Terra) - +--- ### EVM Chain ID - - -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | EIP-155 replay protection chain ID for Ethereum transactions | +| **Description** | EIP-155 replay protection chain ID | +| **Location** | `config/config.go:78` | | **Default** | `262144` | -| **File Location** | [`config/config.go:78`](https://github.com/cosmos/evm/blob/main/config/config.go#L78) | -| **When to Configure** | Before building binary | -| **Can Change After Genesis** | **No** - breaks transaction replay protection | -| **Format** | Unsigned integer (uint64) | +| **Type** | uint64 | +| **Adjustable** | Immutable | | **Standard** | [EIP-155](https://eips.ethereum.org/EIPS/eip-155) | +| **Source** | [`config/config.go`](https://github.com/cosmos/evm/blob/main/config/config.go#L78) | -**What It Controls:** -- Transaction signature verification -- Replay attack protection -- Wallet network configuration -- MetaMask/hardware wallet display -- `eth_chainId` JSON-RPC response - -**Configuration Method:** -Edit `config/config.go`: -```go expandable -const ( - // EVMChainID defines the EIP-155 replay-protection chain ID - EVMChainID = 123456 // Change to your unique chain ID -) -``` - -**Build and Verify:** -```bash expandable -make build -./build/yourchain init test --chain-id test-1 -grep 'evm-chain-id' ~/.yourchain/config/app.toml -# Should show: evm-chain-id = 123456 -``` - -**Choosing a Chain ID:** - -**Reserved IDs (Do Not Use):** -- `1` - Ethereum Mainnet -- `137` - Polygon -- `56` - BNB Chain -- `43114` - Avalanche C-Chain -- `10` - Optimism -- `42161` - Arbitrum One -- `8453` - Base -- See [chainlist.org](https://chainlist.org) for complete list - -**ID Ranges:** -- `1-999`: Reserved for major networks -- `1000-99999`: Public production chains -- `100000+`: Private/test networks - -**Selection Process:** -1. Visit [chainlist.org](https://chainlist.org) -2. Search to verify ID is not taken -3. For mainnet: Submit to chain registry -4. For testnet/devnet: Use any unused high number -5. Document publicly before launch - -**MetaMask Configuration:** -Users will configure with this ID: -```javascript expandable -{ - chainId: '0x1E240', // Hex of your chain ID - chainName: 'My Chain', - rpcUrls: ['https://rpc.mychain.network'], - nativeCurrency: { - name: 'Token', - symbol: 'TKN', - decimals: 18 - }, - blockExplorerUrls: ['https://explorer.mychain.network'] -} +```go +const EVMChainID = 262144 ``` -**Critical Warnings:** -- **Never change after genesis** - breaks all signed transactions -- **Must be unique** - collision causes replay attacks -- **Register before mainnet** - avoid conflicts -- **Document prominently** - users need it for wallets - - +**Note:** Must be unique. Check [chainlist.org](https://chainlist.org) before mainnet. -### Default Denomination in Source +--- - +### Default Denominations -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Default token denominations compiled into configuration templates | +| **Description** | Default token denominations in config templates | +| **Location** | Multiple files | | **Default** | `aatom` (extended), `uatom` (base), `atom` (display) | -| **When to Configure** | Before `yourchain init` | -| **Can Change After Genesis** | Yes (in genesis.json), but defaults are already written to generated files | - -**What It Controls:** -- Default values in generated `app.toml` -- Default values in generated `genesis.json` -- Module parameter defaults -- Configuration file templates - -**Files to Modify:** +| **Type** | String | +| **Adjustable** | Pre-Genesis | +| **Source** | [`x/vm/types/params.go:21-25`](https://github.com/cosmos/evm/blob/main/x/vm/types/params.go#L21-L25) | -**1. Server Config Template** -`server/config/migration/v0.50-app.toml:11` -```toml expandable -# Change from: -minimum-gas-prices = "0aatom" - -# To: -minimum-gas-prices = "0atoken" -``` -**Source:** [`server/config/migration/v0.50-app.toml:11`](https://github.com/cosmos/evm/blob/main/server/config/migration/v0.50-app.toml#L11) - -**2. EVM Module Defaults** -`x/vm/types/params.go:21-25` -```go expandable -// Change from: -var ( - DefaultEVMDenom = "uatom" - DefaultEVMExtendedDenom = "aatom" - DefaultEVMDisplayDenom = "atom" -) - -// To (18 decimals): -var ( - DefaultEVMDenom = "atoken" - DefaultEVMExtendedDenom = "atoken" - DefaultEVMDisplayDenom = "token" -) - -// Or (6 decimals): -var ( - DefaultEVMDenom = "utoken" - DefaultEVMExtendedDenom = "atoken" - DefaultEVMDisplayDenom = "token" -) -``` -**Source:** [`x/vm/types/params.go:21-25`](https://github.com/cosmos/evm/blob/main/x/vm/types/params.go#L21-L25) - -**3. Example Constants** -`config/constants.go:5-8` -```go expandable -// Change from: -const ( - ExampleChainDenom = "aatom" - ExampleDisplayDenom = "atom" -) - -// To: -const ( - ExampleChainDenom = "atoken" - ExampleDisplayDenom = "token" -) -``` -**Source:** [`config/constants.go:5-8`](https://github.com/cosmos/evm/blob/main/config/constants.go#L5-L8) - -**Token Denomination Guidelines:** - -**For 18-Decimal Tokens:** -- Base denom: `atoken` (atto-prefix, 10^-18) -- Extended denom: `atoken` (same as base) -- Display denom: `token` -- Example: `1 token = 1,000,000,000,000,000,000 atoken` - -**For 6-Decimal Tokens:** -- Base denom: `utoken` (micro-prefix, 10^-6) -- Extended denom: `atoken` (for EVM, 10^-18) -- Display denom: `token` -- Example: `1 token = 1,000,000 utoken = 1,000,000,000,000,000,000 atoken (in EVM)` - -**SI Metric Prefixes:** -| Prefix | Symbol | Decimals | Example | Common Use | -|--------|--------|----------|---------|------------| -| atto | `a` | 18 | `atoken` | EVM chains | -| femto | `f` | 15 | `ftoken` | Rare | -| pico | `p` | 12 | `ptoken` | Rare | -| nano | `n` | 9 | `ntoken` | Some Cosmos chains | -| micro | `u` | 6 | `uatom` | **Cosmos standard** | -| milli | `m` | 3 | `mtoken` | Rare | - -**Rebuild and Verify:** -```bash expandable -make build -./build/yourchain init test --chain-id test-1 -grep "minimum-gas-prices" ~/.yourchain/config/app.toml -jq '.app_state.evm.params.evm_denom' ~/.yourchain/config/genesis.json -``` +**Files:** +- `server/config/migration/v0.50-app.toml:11` - minimum-gas-prices +- `x/vm/types/params.go:21-25` - EVM module defaults +- `config/constants.go:5-8` - Example chain constants --- -## Genesis Parameters (genesis.json) +## Genesis Parameters -These parameters are configured in `genesis.json` after running `yourchain init`. They can be modified until the genesis file is distributed to validators. After network launch, most can only be changed through governance proposals. +Parameters configured in `genesis.json` after `init`. Location: `~/.yourchain/config/genesis.json` - -Genesis file location: `~/.yourchain/config/genesis.json` - + -### Root-Level Parameters +### Root Level - + -**Cosmos Chain ID** +#### chain_id -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Unique string identifier for the blockchain | -| **Genesis Location** | Root: `chain_id` | -| **Default** | User-defined (set during `init`) | -| **Format** | String | -| **Can Change After Genesis** | Yes (via coordinated upgrade/hard fork) | +| **Description** | Cosmos chain identifier | +| **Genesis Path** | `chain_id` | +| **Default** | User-defined during `init` | +| **Type** | String | +| **Adjustable** | Immutable | -```json expandable -{ - "chain_id": "mychain-1" -} +```json +"chain_id": "mychain-1" ``` -**Naming Conventions:** -- Mainnet: `mychain-1`, `mychain-2` (increment for major upgrades) -- Testnet: `mychain-testnet-1` -- Devnet: `mychain-devnet-1`, `test-1` - -**Important for:** -- IBC client identification -- Transaction signing -- CometBFT consensus -- Client configuration - --- -**Genesis Time** +#### genesis_time -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | UTC timestamp when the chain starts producing blocks | -| **Genesis Location** | Root: `genesis_time` | -| **Default** | Auto-generated during `init` | -| **Format** | RFC3339 timestamp | +| **Description** | UTC timestamp for chain start | +| **Genesis Path** | `genesis_time` | +| **Default** | Auto-generated | +| **Type** | RFC3339 timestamp | +| **Adjustable** | Immutable | -```json expandable -{ - "genesis_time": "2024-12-01T00:00:00Z" -} +```json +"genesis_time": "2024-12-01T00:00:00Z" ``` -**Configuration:** -```bash expandable -jq '.genesis_time = "2024-12-01T00:00:00Z"' genesis.json > tmp && mv tmp genesis.json -``` - -**Timing Recommendations:** -- Testnet: 1-2 hours ahead -- Mainnet: 24-48 hours ahead -- Local dev: Past time (starts immediately) - --- -**Initial Height** +#### initial_height -| Parameter | Value | +| Attribute | Value | |-----------|-------| | **Description** | Starting block height | -| **Genesis Location** | Root: `initial_height` | +| **Genesis Path** | `initial_height` | | **Default** | `"1"` | -| **Format** | String (numeric) | - -```json expandable -{ - "initial_height": "1" -} -``` - -**Use Cases:** -- Usually `"1"` for new chains -- Higher for chain upgrades/migrations -- Maintains block height continuity +| **Type** | String (numeric) | +| **Adjustable** | Immutable | -### VM Module Parameters (x/vm) +--- + +### VM Module (x/vm) - + -**evm_denom** +#### evm_denom -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Bank denomination used for EVM gas payments | -| **Genesis Location** | `app_state.evm.params.evm_denom` | -| **Default** | `"aatom"` (from source defaults) | -| **Format** | String | -| **Can Change After Genesis** | Via governance | +| **Description** | Denomination for EVM gas payments | +| **Genesis Path** | `app_state.evm.params.evm_denom` | +| **Default** | `"aatom"` | +| **Type** | String | +| **Adjustable** | Governance | | **Source** | [`x/vm/types/params.go:21`](https://github.com/cosmos/evm/blob/main/x/vm/types/params.go#L21) | -```json expandable -{ - "app_state": { - "evm": { - "params": { - "evm_denom": "atoken" - } - } - } -} -``` - -**Configuration:** -```bash expandable -jq '.app_state.evm.params.evm_denom = "atoken"' genesis.json > tmp && mv tmp genesis.json +```json +"evm_denom": "atoken" ``` -**Must Match:** -- `app_state.staking.params.bond_denom` -- `app_state.mint.params.mint_denom` -- `app_state.gov.params.min_deposit[0].denom` -- `app_state.bank.denom_metadata[0].base` - --- -**extended_denom_options** +#### extended_denom_options -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Extended denomination for non-18 decimal tokens (enables PreciseBank conversion) | -| **Genesis Location** | `app_state.evm.params.extended_denom_options` | -| **Default** | `null` (not used for 18-decimal tokens) | -| **Required For** | 6-decimal tokens, 8-decimal tokens, any non-18 decimal precision | +| **Description** | Extended denomination for non-18 decimal tokens | +| **Genesis Path** | `app_state.evm.params.extended_denom_options` | +| **Default** | `null` | +| **Type** | Object | +| **Required For** | 6-decimal or 8-decimal tokens | +| **Adjustable** | Governance | | **Source** | [`x/vm/types/params.go:76`](https://github.com/cosmos/evm/blob/main/x/vm/types/params.go#L76) | -```json expandable -{ - "app_state": { - "evm": { - "params": { - "evm_denom": "utoken", - "extended_denom_options": { - "extended_denom": "atoken" - } - } - } - } -} -``` - -**When to Use:** -- ✅ **Required** for 6-decimal tokens (e.g., `utoken`) -- ✅ **Required** for 8-decimal tokens (e.g., `sats`) -- ❌ **Not needed** for 18-decimal tokens (e.g., `atoken`) - -**Example (6 decimals):** -```bash expandable -jq '.app_state.evm.params.extended_denom_options = { +```json +"extended_denom_options": { "extended_denom": "atoken" -}' genesis.json > tmp && mv tmp genesis.json +} ``` -**Important:** -- Requires `x/precisebank` module in `app.go` -- Provides 18-decimal EVM representation -- Handles fractional conversions automatically -- See [Precision Handling](/docs/evm/next/documentation/concepts/precision-handling) +**Note:** Requires `x/precisebank` module for non-18 decimal tokens. --- -**history_serve_window** +#### history_serve_window -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Number of blocks to keep historical state for queries | -| **Genesis Location** | `app_state.evm.params.history_serve_window` | -| **Default** | `8192` blocks (same as EIP-2935) | -| **Format** | Integer | +| **Description** | Number of blocks to keep historical state | +| **Genesis Path** | `app_state.evm.params.history_serve_window` | +| **Default** | `8192` | +| **Type** | Integer | +| **Adjustable** | Governance | | **Source** | [`x/vm/types/params.go:50`](https://github.com/cosmos/evm/blob/main/x/vm/types/params.go#L50) | -```json expandable -{ - "app_state": { - "evm": { - "params": { - "history_serve_window": 8192 - } - } - } -} -``` - -**Values:** -- `0` = Unlimited (keep all historical state, growing disk usage) -- `8192` = ~18 hours at 8s blocks (recommended) -- `86400` = ~8 days at 8s blocks -- Higher = More disk space, better historical query support - -**Trade-offs:** -- Higher value → More disk space, supports older queries -- Lower value → Less disk space, limited historical data -- `0` → Archive node, maximum compatibility - --- -**extra_eips** +#### extra_eips -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Additional Ethereum Improvement Proposals to enable beyond default EVM configuration | -| **Genesis Location** | `app_state.evm.params.extra_eips` | -| **Default** | `[]` (empty - use standard EVM feature set) | -| **Format** | Array of integers | +| **Description** | Additional EIPs to enable beyond default | +| **Genesis Path** | `app_state.evm.params.extra_eips` | +| **Default** | `[]` | +| **Type** | Array of integers | +| **Adjustable** | Governance | | **Source** | [`x/vm/types/params.go:33`](https://github.com/cosmos/evm/blob/main/x/vm/types/params.go#L33) | -```json expandable -{ - "app_state": { - "evm": { - "params": { - "extra_eips": [] - } - } - } -} -``` - -**When to Use:** -- Most chains should use empty array `[]` -- Add specific EIP numbers only if you need features not in default config -- Example: `[1153, 3855]` to enable specific EIPs - -**Example (enabling additional EIPs):** -```json expandable -{ - "extra_eips": [1153] // Enable transient storage opcodes -} +```json +"extra_eips": [1153] ``` -**Validation:** -- EIPs must be activatable via go-ethereum -- Invalid EIPs cause genesis validation failure -- See `vm.ValidEip()` for allowed values - --- -**active_static_precompiles** +#### active_static_precompiles -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | List of enabled precompiled contracts exposing Cosmos SDK functionality to EVM | -| **Genesis Location** | `app_state.evm.params.active_static_precompiles` | -| **Default** | `[]` (empty - no precompiles enabled) | -| **Format** | Array of hex addresses (must be sorted) | -| **Can Change After Genesis** | Via governance | +| **Description** | Enabled precompiled contracts | +| **Genesis Path** | `app_state.evm.params.active_static_precompiles` | +| **Default** | `[]` | +| **Type** | Array of hex addresses (must be sorted) | +| **Adjustable** | Governance | | **Source** | [`x/vm/types/precompiles.go:22-32`](https://github.com/cosmos/evm/blob/main/x/vm/types/precompiles.go#L22-L32) | -```json expandable -{ - "app_state": { - "evm": { - "params": { - "active_static_precompiles": [ - "0x0000000000000000000000000000000000000100", - "0x0000000000000000000000000000000000000400", - "0x0000000000000000000000000000000000000800", - "0x0000000000000000000000000000000000000801", - "0x0000000000000000000000000000000000000802", - "0x0000000000000000000000000000000000000803", - "0x0000000000000000000000000000000000000804", - "0x0000000000000000000000000000000000000805", - "0x0000000000000000000000000000000000000806" - ] - } - } - } -} -``` - -**Available Precompiles:** - -| Address | Name | Purpose | -|---------|------|---------| -| `0x0100` | P256 | Cryptographic operations for Web3 auth | -| `0x0400` | Bech32 | Cosmos ↔ Ethereum address conversion | -| `0x0800` | Staking | Validator staking operations | -| `0x0801` | Distribution | Reward distribution and claiming | -| `0x0802` | ICS20 | IBC token transfers | -| `0x0803` | Vesting | Token vesting operations | -| `0x0804` | Bank | Bank module operations | -| `0x0805` | Governance | Submit/vote on proposals | -| `0x0806` | Slashing | Slashing queries | - -**Configuration Examples:** - -Enable all precompiles: -```bash expandable -jq '.app_state.evm.params.active_static_precompiles = [ +```json +"active_static_precompiles": [ "0x0000000000000000000000000000000000000100", - "0x0000000000000000000000000000000000000400", - "0x0000000000000000000000000000000000000800", - "0x0000000000000000000000000000000000000801", - "0x0000000000000000000000000000000000000802", - "0x0000000000000000000000000000000000000803", - "0x0000000000000000000000000000000000000804", - "0x0000000000000000000000000000000000000805", - "0x0000000000000000000000000000000000000806" -]' genesis.json > tmp && mv tmp genesis.json + "0x0000000000000000000000000000000000000400" +] ``` -Enable only specific precompiles: -```json expandable -{ - "active_static_precompiles": [ - "0x0000000000000000000000000000000000000100", // P256 - "0x0000000000000000000000000000000000000400", // Bech32 - "0x0000000000000000000000000000000000000800", // Staking - "0x0000000000000000000000000000000000000804" // Bank - ] -} -``` - -**Important:** -- Array must be sorted in ascending order (validation requirement) -- Can enable/disable via governance after genesis -- See [Precompiles Overview](/docs/evm/next/documentation/smart-contracts/precompiles/overview) +**Available:** `0x0100` (P256), `0x0400` (Bech32), `0x0800` (Staking), `0x0801` (Distribution), `0x0802` (ICS20), `0x0803` (Vesting), `0x0804` (Bank), `0x0805` (Gov), `0x0806` (Slashing) --- -**evm_channels** +#### evm_channels -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | List of IBC channels connecting to EVM chains (for special handling) | -| **Genesis Location** | `app_state.evm.params.evm_channels` | -| **Default** | `[]` (empty) | -| **Format** | Array of IBC channel IDs | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "evm": { - "params": { - "evm_channels": [] - } - } - } -} -``` - -**Use Cases:** -- Special handling for IBC transfers to/from EVM chains -- Coordinate with IBC module configuration -- Usually empty for new chains +| **Description** | IBC channels to EVM chains | +| **Genesis Path** | `app_state.evm.params.evm_channels` | +| **Default** | `[]` | +| **Type** | Array of IBC channel IDs | +| **Adjustable** | Governance | -**Example:** -```json expandable -{ - "evm_channels": ["channel-0", "channel-5"] -} +```json +"evm_channels": ["channel-0"] ``` --- -**access_control** +#### access_control -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Permissions for deploying and calling smart contracts | -| **Genesis Location** | `app_state.evm.params.access_control` | -| **Default** | Permissionless (anyone can deploy and call) | -| **Can Change After Genesis** | Via governance | +| **Description** | Contract deployment and call permissions | +| **Genesis Path** | `app_state.evm.params.access_control` | +| **Default** | Permissionless (type 0) | +| **Type** | Object | +| **Adjustable** | Governance | | **Source** | [`x/vm/types/params.go:160-165`](https://github.com/cosmos/evm/blob/main/x/vm/types/params.go#L160-L165) | -```json expandable -{ - "app_state": { - "evm": { - "params": { - "access_control": { - "create": { - "access_type": 0, - "access_control_list": [] - }, - "call": { - "access_type": 0, - "access_control_list": [] - } - } - } - } - } -} -``` - -**Access Types:** - -| Type | Value | Behavior | List Usage | -|------|-------|----------|-----------| -| Permissionless | `0` | Anyone can perform action | Ignored | -| Restricted | `1` | Block addresses in list | Blocklist | -| Permissioned | `2` | Only addresses in list | Allowlist | - -**Examples:** - -Permissionless (default): -```json expandable -{ - "access_control": { - "create": { - "access_type": 0, - "access_control_list": [] - }, - "call": { - "access_type": 0, - "access_control_list": [] - } - } -} -``` - -Permissioned deployment, open calls: -```json expandable -{ - "access_control": { - "create": { - "access_type": 2, - "access_control_list": [ - "0x1234567890123456789012345678901234567890", - "0xabcdefabcdefabcdefabcdefabcdefabcdefabcd" - ] - }, - "call": { - "access_type": 0, - "access_control_list": [] - } +```json +"access_control": { + "create": { + "access_type": 0, + "access_control_list": [] + }, + "call": { + "access_type": 0, + "access_control_list": [] } } ``` -Restricted (blocklist): -```json expandable -{ - "access_control": { - "create": { - "access_type": 1, - "access_control_list": [ - "0xbadaddr1234567890123456789012345678901234" - ] - }, - "call": { - "access_type": 0, - "access_control_list": [] - } - } -} -``` +**Types:** `0` = Permissionless, `1` = Restricted (blocklist), `2` = Permissioned (allowlist) -### FeeMarket Module Parameters (x/feemarket) +--- - +### FeeMarket Module (x/feemarket) -The feemarket module implements EIP-1559 dynamic fee pricing for EVM transactions. + -**no_base_fee** +#### no_base_fee -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Disables EIP-1559 base fee mechanism | -| **Genesis Location** | `app_state.feemarket.params.no_base_fee` | -| **Default** | `false` (EIP-1559 enabled) | -| **Format** | Boolean | +| **Description** | Disable EIP-1559 base fee mechanism | +| **Genesis Path** | `app_state.feemarket.params.no_base_fee` | +| **Default** | `false` | +| **Type** | Boolean | +| **Adjustable** | Governance | | **Source** | [`x/feemarket/types/params.go:21`](https://github.com/cosmos/evm/blob/main/x/feemarket/types/params.go#L21) | -```json expandable -{ - "app_state": { - "feemarket": { - "params": { - "no_base_fee": false - } - } - } -} -``` - -**Values:** -- `false` = EIP-1559 enabled (recommended for EVM chains) -- `true` = Fixed gas pricing (traditional Cosmos style) - --- -**base_fee** +#### base_fee -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Initial base fee per gas in wei | -| **Genesis Location** | `app_state.feemarket.params.base_fee` | +| **Description** | Initial base fee per gas (wei) | +| **Genesis Path** | `app_state.feemarket.params.base_fee` | | **Default** | `"1000000000"` (1 gwei) | -| **Format** | String (decimal) | +| **Type** | String (decimal) | +| **Adjustable** | Governance | | **Source** | [`x/feemarket/types/params.go:13`](https://github.com/cosmos/evm/blob/main/x/feemarket/types/params.go#L13) | -```json expandable -{ - "app_state": { - "feemarket": { - "params": { - "base_fee": "1000000000" - } - } - } -} -``` - -**Common Values:** -- `"100000000"` = 0.1 gwei (low fee chains) -- `"1000000000"` = 1 gwei (standard, Ethereum-like) -- `"10000000000"` = 10 gwei (higher fee chains) - --- -**base_fee_change_denominator** +#### base_fee_change_denominator -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Controls how quickly base fee adjusts (max % change per block = 1/denominator) | -| **Genesis Location** | `app_state.feemarket.params.base_fee_change_denominator` | -| **Default** | `8` (±12.5% max change per block) | -| **Format** | Unsigned 32-bit integer | - -```json expandable -{ - "app_state": { - "feemarket": { - "params": { - "base_fee_change_denominator": 8 - } - } - } -} -``` - -**Values:** -- `8` = ±12.5% max change (Ethereum standard) -- `50` = ±2% max change (slower adjustment) -- Lower denominator = faster price adjustment -- Higher denominator = slower, smoother adjustment +| **Description** | Max base fee % change per block = 1/denominator | +| **Genesis Path** | `app_state.feemarket.params.base_fee_change_denominator` | +| **Default** | `8` (±12.5% max) | +| **Type** | uint32 | +| **Adjustable** | Governance | --- -**elasticity_multiplier** +#### elasticity_multiplier -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Determines gas target (target = max_gas / elasticity_multiplier) | -| **Genesis Location** | `app_state.feemarket.params.elasticity_multiplier` | -| **Default** | `2` (target is 50% of max gas) | -| **Format** | Unsigned 32-bit integer | - -```json expandable -{ - "app_state": { - "feemarket": { - "params": { - "elasticity_multiplier": 2 - } - } - } -} -``` - -**How It Works:** -- Block gas usage > target → base fee increases -- Block gas usage < target → base fee decreases -- `2` = target is 50% of max block gas (standard) +| **Description** | Gas target = max_gas / elasticity_multiplier | +| **Genesis Path** | `app_state.feemarket.params.elasticity_multiplier` | +| **Default** | `2` (50% target) | +| **Type** | uint32 | +| **Adjustable** | Governance | --- -**min_gas_price** +#### min_gas_price -| Parameter | Value | +| Attribute | Value | |-----------|-------| | **Description** | Network-wide minimum gas price floor | -| **Genesis Location** | `app_state.feemarket.params.min_gas_price` | -| **Default** | `"0"` (no floor) | -| **Format** | String (decimal) | +| **Genesis Path** | `app_state.feemarket.params.min_gas_price` | +| **Default** | `"0"` | +| **Type** | String (decimal) | +| **Adjustable** | Governance | | **Source** | [`x/feemarket/types/params.go:17`](https://github.com/cosmos/evm/blob/main/x/feemarket/types/params.go#L17) | -```json expandable -{ - "app_state": { - "feemarket": { - "params": { - "min_gas_price": "0" - } - } - } -} -``` - -**Values:** -- `"0"` = No minimum floor (standard EIP-1559) -- `"500000000"` = 0.5 gwei minimum -- Prevents base fee from dropping too low - --- -**min_gas_multiplier** +#### min_gas_multiplier -| Parameter | Value | +| Attribute | Value | |-----------|-------| | **Description** | Minimum gas price as fraction of base fee | -| **Genesis Location** | `app_state.feemarket.params.min_gas_multiplier` | -| **Default** | `"0.5"` (50% of base fee) | -| **Format** | String (decimal, 0-1) | +| **Genesis Path** | `app_state.feemarket.params.min_gas_multiplier` | +| **Default** | `"0.5"` (50%) | +| **Type** | String (decimal, 0-1) | +| **Adjustable** | Governance | | **Source** | [`x/feemarket/types/params.go:15`](https://github.com/cosmos/evm/blob/main/x/feemarket/types/params.go#L15) | -```json expandable -{ - "app_state": { - "feemarket": { - "params": { - "min_gas_multiplier": "0.5" - } - } - } -} -``` - -**Values:** -- `"0.5"` = 50% of base fee (standard) -- `"1.0"` = 100% of base fee (stricter) -- Must be between 0 and 1 - --- -**enable_height** +#### enable_height -| Parameter | Value | +| Attribute | Value | |-----------|-------| | **Description** | Block height to activate EIP-1559 | -| **Genesis Location** | `app_state.feemarket.params.enable_height` | +| **Genesis Path** | `app_state.feemarket.params.enable_height` | | **Default** | `0` (enabled from genesis) | -| **Format** | Integer (int64) | +| **Type** | int64 | +| **Adjustable** | Governance | | **Source** | [`x/feemarket/types/params.go:19`](https://github.com/cosmos/evm/blob/main/x/feemarket/types/params.go#L19) | -```json expandable -{ - "app_state": { - "feemarket": { - "params": { - "enable_height": 0 - } - } - } -} -``` - -**Values:** -- `0` = Enabled from genesis (recommended) -- `> 0` = Activate at specific block height - -**Complete Example:** -```json expandable -{ - "app_state": { - "feemarket": { - "params": { - "no_base_fee": false, - "base_fee": "1000000000", - "base_fee_change_denominator": 8, - "elasticity_multiplier": 2, - "min_gas_price": "0", - "min_gas_multiplier": "0.5", - "enable_height": 0 - } - } - } -} -``` - -See [EIP-1559 Fee Market](/docs/evm/next/documentation/concepts/eip-1559-feemarket) for detailed explanation. - -### ERC20 Module Parameters (x/erc20) +--- - +### ERC20 Module (x/erc20) -The ERC20 module implements Single Token Representation v2 (STRv2), providing unified token handling across Cosmos and EVM. + -**enable_erc20** +#### enable_erc20 -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Global enable/disable for ERC20 module functionality | -| **Genesis Location** | `app_state.erc20.params.enable_erc20` | +| **Description** | Enable ERC20 module functionality | +| **Genesis Path** | `app_state.erc20.params.enable_erc20` | | **Default** | `true` | -| **Format** | Boolean | -| **Can Change After Genesis** | Via governance | +| **Type** | Boolean | +| **Adjustable** | Governance | | **Source** | [`x/erc20/types/params.go:26`](https://github.com/cosmos/evm/blob/main/x/erc20/types/params.go#L26) | -```json expandable -{ - "app_state": { - "erc20": { - "params": { - "enable_erc20": true - } - } - } -} -``` - -**Values:** -- `true` = ERC20 module enabled (standard) -- `false` = Disable all ERC20 functionality - --- -**permissionless_registration** +#### permissionless_registration -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Allow anyone to register new token pairs | -| **Genesis Location** | `app_state.erc20.params.permissionless_registration` | +| **Description** | Allow anyone to register token pairs | +| **Genesis Path** | `app_state.erc20.params.permissionless_registration` | | **Default** | `true` | -| **Format** | Boolean | -| **Can Change After Genesis** | Via governance | +| **Type** | Boolean | +| **Adjustable** | Governance | | **Source** | [`x/erc20/types/params.go:27`](https://github.com/cosmos/evm/blob/main/x/erc20/types/params.go#L27) | -```json expandable -{ - "app_state": { - "erc20": { - "params": { - "permissionless_registration": true - } - } - } -} -``` - -**Values:** -- `true` = Anyone can register token pairs (public DeFi chains) -- `false` = Only governance can register pairs (controlled environments) - --- -**native_precompiles** +#### native_precompiles -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | List of ERC20 precompile addresses for native Cosmos tokens | -| **Genesis Location** | `app_state.erc20.native_precompiles` | +| **Description** | ERC20 precompile addresses for native tokens | +| **Genesis Path** | `app_state.erc20.native_precompiles` | | **Default** | `[]` | -| **Format** | Array of hex addresses | - -```json expandable -{ - "app_state": { - "erc20": { - "native_precompiles": [ - "0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE" - ] - } - } -} -``` +| **Type** | Array of hex addresses | -**Standard Native Token Address:** -- `0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE` = Native token precompile +```json +"native_precompiles": ["0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE"] +``` --- -**token_pairs** +#### token_pairs -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Registered token pairs between Cosmos denoms and ERC20 addresses | -| **Genesis Location** | `app_state.erc20.token_pairs` | +| **Description** | Registered Cosmos denom ↔ ERC20 mappings | +| **Genesis Path** | `app_state.erc20.token_pairs` | | **Default** | `[]` | -| **Format** | Array of token pair objects | - -```json expandable -{ - "app_state": { - "erc20": { - "token_pairs": [ - { - "erc20_address": "0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE", - "denom": "atoken", - "enabled": true, - "contract_owner": 1 - } - ] - } - } -} -``` +| **Type** | Array of token pair objects | -**Token Pair Fields:** -- `erc20_address` - ERC20 contract address (or precompile address) -- `denom` - Cosmos bank denomination -- `enabled` - Whether the pair is active -- `contract_owner`: - - `0` = External owner - - `1` = Module owner (standard for native tokens) - -**Complete Configuration Example:** -```json expandable -{ - "app_state": { - "erc20": { - "params": { - "enable_erc20": true, - "permissionless_registration": true - }, - "native_precompiles": [ - "0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE" - ], - "token_pairs": [ - { - "erc20_address": "0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE", - "denom": "atoken", - "enabled": true, - "contract_owner": 1 - } - ] - } - } -} +```json +"token_pairs": [{ + "erc20_address": "0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE", + "denom": "atoken", + "enabled": true, + "contract_owner": 1 +}] ``` -See [Single Token Representation](/docs/evm/next/documentation/concepts/single-token-representation) and [ERC20 Module](/docs/evm/next/documentation/cosmos-sdk/modules/erc20) for details. +**contract_owner:** `0` = External, `1` = Module -### Bank Module Parameters +--- + +### Bank Module - + -**denom_metadata** +#### denom_metadata -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Token denomination metadata including units, decimals, and display properties | -| **Genesis Location** | `app_state.bank.denom_metadata` | +| **Description** | Token denomination metadata | +| **Genesis Path** | `app_state.bank.denom_metadata` | | **Default** | `[]` | -| **Format** | Array of metadata objects | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "bank": { - "denom_metadata": [ - { - "description": "The native staking and gas token", - "denom_units": [ - { - "denom": "atoken", - "exponent": 0, - "aliases": ["attotoken"] - }, - { - "denom": "token", - "exponent": 18, - "aliases": [] - } - ], - "base": "atoken", - "display": "token", - "name": "My Token", - "symbol": "TKN", - "uri": "", - "uri_hash": "" - } - ] - } - } -} -``` +| **Type** | Array of metadata objects | +| **Adjustable** | Governance | -**Fields:** -- `description` - Human-readable description -- `denom_units` - Array of denomination units - - `denom` - Unit denomination - - `exponent` - Decimal places (0 for base, 6 or 18 for display) - - `aliases` - Alternative names -- `base` - Smallest unit stored on-chain -- `display` - Human-readable unit -- `name` - Full token name -- `symbol` - Ticker symbol -- `uri` - Optional metadata URI -- `uri_hash` - Optional hash of metadata - -**18-Decimal Configuration:** -```json expandable -{ +```json +"denom_metadata": [{ + "description": "Native token", "denom_units": [ - {"denom": "atoken", "exponent": 0, "aliases": ["attotoken"]}, - {"denom": "token", "exponent": 18, "aliases": []} + {"denom": "atoken", "exponent": 0}, + {"denom": "token", "exponent": 18} ], "base": "atoken", - "display": "token" -} -``` - -**6-Decimal Configuration:** -```json expandable -{ - "denom_units": [ - {"denom": "utoken", "exponent": 0, "aliases": ["microtoken"]}, - {"denom": "token", "exponent": 6, "aliases": []} - ], - "base": "utoken", - "display": "token" -} + "display": "token", + "name": "Token", + "symbol": "TKN" +}] ``` -**Important:** -- `base` must match all module denomination parameters -- Determines wallet display formatting -- Cannot have multiple metadata entries with same base denom - -### Staking Module Parameters +--- - +### Staking Module -**bond_denom** + -| Parameter | Value | -|-----------|-------| -| **Description** | Denomination accepted for staking | -| **Genesis Location** | `app_state.staking.params.bond_denom` | -| **Default** | `"stake"` (Cosmos SDK default) | -| **Format** | String | -| **Can Change After Genesis** | Via governance (but not recommended) | +#### bond_denom -```json expandable -{ - "app_state": { - "staking": { - "params": { - "bond_denom": "atoken" - } - } - } -} -``` +| Attribute | Value | +|-----------|-------| +| **Description** | Denomination for staking | +| **Genesis Path** | `app_state.staking.params.bond_denom` | +| **Default** | `"stake"` | +| **Type** | String | +| **Adjustable** | Governance (not recommended) | -**Must Match:** -- `app_state.evm.params.evm_denom` -- `app_state.mint.params.mint_denom` -- `app_state.bank.denom_metadata[0].base` +**Note:** Must match `evm_denom` and `mint_denom`. --- -**unbonding_time** +#### unbonding_time -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Duration tokens remain locked after unstaking | -| **Genesis Location** | `app_state.staking.params.unbonding_time` | +| **Description** | Duration tokens locked after unstaking | +| **Genesis Path** | `app_state.staking.params.unbonding_time` | | **Default** | `"1814400s"` (21 days) | -| **Format** | Duration string (Go duration format) | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "staking": { - "params": { - "unbonding_time": "1814400s" - } - } - } -} -``` - -**Common Values:** -- `"120s"` = 2 minutes (testing only) -- `"86400s"` = 1 day -- `"604800s"` = 7 days -- `"1814400s"` = 21 days (Cosmos standard) -- `"2419200s"` = 28 days - -**Security Considerations:** -- Longer = More secure (validators accountable for longer period) -- Shorter = Better UX (faster liquidity) -- During unbonding, tokens can still be slashed +| **Type** | Duration string | +| **Adjustable** | Governance | --- -**max_validators** +#### max_validators -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Maximum number of validators in active set | -| **Genesis Location** | `app_state.staking.params.max_validators` | +| **Description** | Maximum active validators | +| **Genesis Path** | `app_state.staking.params.max_validators` | | **Default** | `100` | -| **Format** | Unsigned 32-bit integer | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "staking": { - "params": { - "max_validators": 100 - } - } - } -} -``` - -**Common Values:** -- `50` - Smaller validator set (faster consensus) -- `100` - Cosmos Hub standard -- `125`, `150`, `175` - Larger sets (more decentralized) - -**Trade-offs:** -- Higher = More decentralized but potentially slower -- Lower = Faster consensus but more centralized +| **Type** | uint32 | +| **Adjustable** | Governance | --- -**max_entries** +#### max_entries -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Maximum concurrent unbonding/redelegation operations per delegator-validator pair | -| **Genesis Location** | `app_state.staking.params.max_entries` | +| **Description** | Max concurrent unbonding/redelegations per pair | +| **Genesis Path** | `app_state.staking.params.max_entries` | | **Default** | `7` | -| **Format** | Unsigned 32-bit integer | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "staking": { - "params": { - "max_entries": 7 - } - } - } -} -``` - -**Purpose:** -- Prevents spam on unbonding queue -- Limits simultaneous operations -- Cosmos SDK standard is `7` +| **Type** | uint32 | +| **Adjustable** | Governance | --- -**historical_entries** +#### historical_entries -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Number of historical validator set entries to keep | -| **Genesis Location** | `app_state.staking.params.historical_entries` | +| **Description** | Historical validator set entries to keep | +| **Genesis Path** | `app_state.staking.params.historical_entries` | | **Default** | `10000` | -| **Format** | Unsigned 32-bit integer | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "staking": { - "params": { - "historical_entries": 10000 - } - } - } -} -``` - -**Purpose:** -- Required for IBC light client verification -- Higher = Better IBC compatibility, more storage -- Lower = Less storage, limited historical queries +| **Type** | uint32 | +| **Adjustable** | Governance | --- -**min_commission_rate** +#### min_commission_rate -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Minimum commission rate validators must charge | -| **Genesis Location** | `app_state.staking.params.min_commission_rate` | -| **Default** | `"0.000000000000000000"` (0%, no minimum) | -| **Format** | String (decimal, 18 decimal places) | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "staking": { - "params": { - "min_commission_rate": "0.050000000000000000" - } - } - } -} -``` - -**Values:** -- `"0.000000000000000000"` = 0% (no minimum) -- `"0.050000000000000000"` = 5% minimum -- `"0.100000000000000000"` = 10% minimum - -**Purpose:** -- Prevents race to zero on validator commissions -- Ensures sustainable validator economics -- Many chains enforce 5% minimum +| **Description** | Minimum validator commission rate | +| **Genesis Path** | `app_state.staking.params.min_commission_rate` | +| **Default** | `"0.000000000000000000"` (0%) | +| **Type** | String (decimal, 18 places) | +| **Adjustable** | Governance | -### Slashing Module Parameters +--- + +### Slashing Module - + -**signed_blocks_window** +#### signed_blocks_window -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Number of blocks to track for validator liveness | -| **Genesis Location** | `app_state.slashing.params.signed_blocks_window` | +| **Description** | Blocks tracked for validator liveness | +| **Genesis Path** | `app_state.slashing.params.signed_blocks_window` | | **Default** | `"10000"` | -| **Format** | String (integer) | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "slashing": { - "params": { - "signed_blocks_window": "10000" - } - } - } -} -``` - -**Common Values:** -- `"100"` = ~13 minutes at 8s blocks (testing) -- `"10000"` = ~22 hours (Cosmos standard) -- `"20000"` = ~44 hours +| **Type** | String (integer) | +| **Adjustable** | Governance | --- -**min_signed_per_window** +#### min_signed_per_window -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Minimum fraction of blocks validator must sign within window | -| **Genesis Location** | `app_state.slashing.params.min_signed_per_window` | +| **Description** | Minimum fraction of blocks to sign | +| **Genesis Path** | `app_state.slashing.params.min_signed_per_window` | | **Default** | `"0.500000000000000000"` (50%) | -| **Format** | String (decimal) | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "slashing": { - "params": { - "min_signed_per_window": "0.500000000000000000" - } - } - } -} -``` - -**Example:** -- Window = 10000 blocks -- Min signed = 0.5 (50%) -- Validator must sign ≥ 5000 blocks +| **Type** | String (decimal) | +| **Adjustable** | Governance | --- -**downtime_jail_duration** +#### downtime_jail_duration -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Duration validator is jailed for downtime | -| **Genesis Location** | `app_state.slashing.params.downtime_jail_duration` | +| **Description** | Jail duration for downtime | +| **Genesis Path** | `app_state.slashing.params.downtime_jail_duration` | | **Default** | `"600s"` (10 minutes) | -| **Format** | Duration string | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "slashing": { - "params": { - "downtime_jail_duration": "600s" - } - } - } -} -``` - -**Common Values:** -- `"60s"` = 1 minute -- `"600s"` = 10 minutes (standard) -- `"3600s"` = 1 hour -- `"86400s"` = 1 day +| **Type** | Duration string | +| **Adjustable** | Governance | --- -**slash_fraction_double_sign** +#### slash_fraction_double_sign -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Percentage of stake slashed for double-signing (equivocation) | -| **Genesis Location** | `app_state.slashing.params.slash_fraction_double_sign` | +| **Description** | Stake % slashed for double-signing | +| **Genesis Path** | `app_state.slashing.params.slash_fraction_double_sign` | | **Default** | `"0.050000000000000000"` (5%) | -| **Format** | String (decimal) | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "slashing": { - "params": { - "slash_fraction_double_sign": "0.050000000000000000" - } - } - } -} -``` - -**Common Values:** -- `"0.050000000000000000"` = 5% (Cosmos standard) -- `"0.100000000000000000"` = 10% -- `"0.200000000000000000"` = 20% - -**Important:** -- Double-signing also results in permanent tombstoning -- Validator cannot rejoin validator set +| **Type** | String (decimal) | +| **Adjustable** | Governance | --- -**slash_fraction_downtime** +#### slash_fraction_downtime -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Percentage of stake slashed for downtime | -| **Genesis Location** | `app_state.slashing.params.slash_fraction_downtime` | +| **Description** | Stake % slashed for downtime | +| **Genesis Path** | `app_state.slashing.params.slash_fraction_downtime` | | **Default** | `"0.010000000000000000"` (1%) | -| **Format** | String (decimal) | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "slashing": { - "params": { - "slash_fraction_downtime": "0.010000000000000000" - } - } - } -} -``` +| **Type** | String (decimal) | +| **Adjustable** | Governance | -**Common Values:** -- `"0.000100000000000000"` = 0.01% -- `"0.010000000000000000"` = 1% (standard) -- `"0.050000000000000000"` = 5% + -**Note:** -- Less severe than double-sign slashing -- Validator can unjail after jail period +--- - +### Governance Module -### Governance Module Parameters - - - -**min_deposit** - -| Parameter | Value | -|-----------|-------| -| **Description** | Minimum token deposit to submit a governance proposal | -| **Genesis Location** | `app_state.gov.params.min_deposit` | -| **Default** | Varies by chain | -| **Format** | Array of coin objects | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "gov": { - "params": { - "min_deposit": [ - { - "denom": "atoken", - "amount": "10000000000000000000" - } - ] - } - } - } -} -``` + + +#### min_deposit + +| Attribute | Value | +|-----------|-------| +| **Description** | Minimum deposit to submit proposal | +| **Genesis Path** | `app_state.gov.params.min_deposit` | +| **Default** | Chain-specific | +| **Type** | Array of coin objects | +| **Adjustable** | Governance | -**Example Values:** -- 18 decimals: `"10000000000000000000"` = 10 tokens -- 6 decimals: `"10000000"` = 10 tokens +```json +"min_deposit": [{"denom": "atoken", "amount": "10000000000000000000"}] +``` --- -**max_deposit_period** +#### max_deposit_period -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Maximum time to reach minimum deposit | -| **Genesis Location** | `app_state.gov.params.max_deposit_period` | +| **Description** | Time to reach minimum deposit | +| **Genesis Path** | `app_state.gov.params.max_deposit_period` | | **Default** | `"172800s"` (2 days) | -| **Format** | Duration string | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "gov": { - "params": { - "max_deposit_period": "172800s" - } - } - } -} -``` +| **Type** | Duration string | +| **Adjustable** | Governance | --- -**voting_period** +#### voting_period -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Duration of voting period for standard proposals | -| **Genesis Location** | `app_state.gov.params.voting_period` | +| **Description** | Voting duration for proposals | +| **Genesis Path** | `app_state.gov.params.voting_period` | | **Default** | `"172800s"` (2 days) | -| **Format** | Duration string | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "gov": { - "params": { - "voting_period": "172800s" - } - } - } -} -``` - -**Common Values:** -- `"30s"` = 30 seconds (testing/development) -- `"172800s"` = 2 days -- `"604800s"` = 7 days +| **Type** | Duration string | +| **Adjustable** | Governance | --- -**expedited_voting_period** +#### expedited_voting_period -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Shorter voting period for expedited proposals | -| **Genesis Location** | `app_state.gov.params.expedited_voting_period` | +| **Description** | Voting duration for expedited proposals | +| **Genesis Path** | `app_state.gov.params.expedited_voting_period` | | **Default** | `"86400s"` (1 day) | -| **Format** | Duration string | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "gov": { - "params": { - "expedited_voting_period": "86400s" - } - } - } -} -``` - -**Important:** -- Must be < `voting_period` -- Used for urgent proposals +| **Type** | Duration string | +| **Adjustable** | Governance | --- -**quorum** +#### quorum -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Minimum participation rate for proposal to be valid | -| **Genesis Location** | `app_state.gov.params.quorum` | +| **Description** | Minimum participation for valid proposal | +| **Genesis Path** | `app_state.gov.params.quorum` | | **Default** | `"0.334"` (33.4%) | -| **Format** | String (decimal) | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "gov": { - "params": { - "quorum": "0.334" - } - } - } -} -``` +| **Type** | String (decimal) | +| **Adjustable** | Governance | --- -**threshold** +#### threshold -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Minimum percentage of Yes votes for proposal to pass | -| **Genesis Location** | `app_state.gov.params.threshold` | +| **Description** | Minimum Yes votes to pass | +| **Genesis Path** | `app_state.gov.params.threshold` | | **Default** | `"0.5"` (50%) | -| **Format** | String (decimal) | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "gov": { - "params": { - "threshold": "0.5" - } - } - } -} -``` +| **Type** | String (decimal) | +| **Adjustable** | Governance | --- -**veto_threshold** +#### veto_threshold -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Percentage of NoWithVeto votes to reject proposal | -| **Genesis Location** | `app_state.gov.params.veto_threshold` | +| **Description** | NoWithVeto votes to reject | +| **Genesis Path** | `app_state.gov.params.veto_threshold` | | **Default** | `"0.334"` (33.4%) | -| **Format** | String (decimal) | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "gov": { - "params": { - "veto_threshold": "0.334" - } - } - } -} -``` +| **Type** | String (decimal) | +| **Adjustable** | Governance | --- -**expedited_threshold** +#### expedited_threshold -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Higher Yes percentage required for expedited proposals | -| **Genesis Location** | `app_state.gov.params.expedited_threshold` | +| **Description** | Yes votes required for expedited proposals | +| **Genesis Path** | `app_state.gov.params.expedited_threshold` | | **Default** | `"0.667"` (66.7%) | -| **Format** | String (decimal) | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "gov": { - "params": { - "expedited_threshold": "0.667" - } - } - } -} -``` +| **Type** | String (decimal) | +| **Adjustable** | Governance | --- -**expedited_min_deposit** +#### expedited_min_deposit -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Higher minimum deposit for expedited proposals | -| **Genesis Location** | `app_state.gov.params.expedited_min_deposit` | +| **Description** | Minimum deposit for expedited proposals | +| **Genesis Path** | `app_state.gov.params.expedited_min_deposit` | | **Default** | 5x standard min_deposit | -| **Format** | Array of coin objects | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "gov": { - "params": { - "expedited_min_deposit": [ - { - "denom": "atoken", - "amount": "50000000000000000000" - } - ] - } - } - } -} -``` +| **Type** | Array of coin objects | +| **Adjustable** | Governance | -### Mint Module Parameters +--- + +### Mint Module - + -**mint_denom** +#### mint_denom -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Denomination of minted tokens (inflation rewards) | -| **Genesis Location** | `app_state.mint.params.mint_denom` | +| **Description** | Denomination of minted tokens | +| **Genesis Path** | `app_state.mint.params.mint_denom` | | **Default** | `"stake"` | -| **Format** | String | -| **Can Change After Genesis** | Via governance (not recommended) | - -```json expandable -{ - "app_state": { - "mint": { - "params": { - "mint_denom": "atoken" - } - } - } -} -``` +| **Type** | String | +| **Adjustable** | Governance (not recommended) | -**Must Match:** -- `app_state.staking.params.bond_denom` -- `app_state.evm.params.evm_denom` +**Note:** Must match `bond_denom` and `evm_denom`. --- -**inflation_rate_change** +#### inflation_rate_change -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Maximum annual change in inflation rate | -| **Genesis Location** | `app_state.mint.params.inflation_rate_change` | +| **Description** | Max annual inflation rate change | +| **Genesis Path** | `app_state.mint.params.inflation_rate_change` | | **Default** | `"0.130000000000000000"` (13%) | -| **Format** | String (decimal) | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "mint": { - "params": { - "inflation_rate_change": "0.130000000000000000" - } - } - } -} -``` +| **Type** | String (decimal) | +| **Adjustable** | Governance | --- -**inflation_max** +#### inflation_max -| Parameter | Value | +| Attribute | Value | |-----------|-------| | **Description** | Maximum annual inflation rate | -| **Genesis Location** | `app_state.mint.params.inflation_max` | +| **Genesis Path** | `app_state.mint.params.inflation_max` | | **Default** | `"0.200000000000000000"` (20%) | -| **Format** | String (decimal) | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "mint": { - "params": { - "inflation_max": "0.200000000000000000" - } - } - } -} -``` +| **Type** | String (decimal) | +| **Adjustable** | Governance | --- -**inflation_min** +#### inflation_min -| Parameter | Value | +| Attribute | Value | |-----------|-------| | **Description** | Minimum annual inflation rate | -| **Genesis Location** | `app_state.mint.params.inflation_min` | +| **Genesis Path** | `app_state.mint.params.inflation_min` | | **Default** | `"0.070000000000000000"` (7%) | -| **Format** | String (decimal) | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "mint": { - "params": { - "inflation_min": "0.070000000000000000" - } - } - } -} -``` +| **Type** | String (decimal) | +| **Adjustable** | Governance | --- -**goal_bonded** +#### goal_bonded -| Parameter | Value | +| Attribute | Value | |-----------|-------| | **Description** | Target bonded token ratio | -| **Genesis Location** | `app_state.mint.params.goal_bonded` | +| **Genesis Path** | `app_state.mint.params.goal_bonded` | | **Default** | `"0.670000000000000000"` (67%) | -| **Format** | String (decimal) | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "mint": { - "params": { - "goal_bonded": "0.670000000000000000" - } - } - } -} -``` - -**How It Works:** -- Bonded ratio < goal → inflation increases (toward max) -- Bonded ratio > goal → inflation decreases (toward min) -- Incentivizes target staking ratio +| **Type** | String (decimal) | +| **Adjustable** | Governance | --- -**blocks_per_year** +#### blocks_per_year -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Expected number of blocks per year for inflation calculations | -| **Genesis Location** | `app_state.mint.params.blocks_per_year` | -| **Default** | `"6311520"` (~5 second blocks) | -| **Format** | String (integer) | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "mint": { - "params": { - "blocks_per_year": "6311520" - } - } - } -} -``` - -**Calculation:** -- 5s blocks: `31,536,000 / 5 = 6,311,520` blocks/year -- 8s blocks: `31,536,000 / 8 = 3,942,000` blocks/year +| **Description** | Expected blocks per year | +| **Genesis Path** | `app_state.mint.params.blocks_per_year` | +| **Default** | `"6311520"` (~5s blocks) | +| **Type** | String (integer) | +| **Adjustable** | Governance | -### Distribution Module Parameters +--- + +### Distribution Module - + -**community_tax** +#### community_tax -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Percentage of rewards going to community pool | -| **Genesis Location** | `app_state.distribution.params.community_tax` | +| **Description** | Rewards percentage to community pool | +| **Genesis Path** | `app_state.distribution.params.community_tax` | | **Default** | `"0.020000000000000000"` (2%) | -| **Format** | String (decimal) | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "distribution": { - "params": { - "community_tax": "0.020000000000000000" - } - } - } -} -``` +| **Type** | String (decimal) | +| **Adjustable** | Governance | --- -**withdraw_addr_enabled** +#### withdraw_addr_enabled -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Allow delegators to set custom withdraw addresses | -| **Genesis Location** | `app_state.distribution.params.withdraw_addr_enabled` | +| **Description** | Allow custom withdraw addresses | +| **Genesis Path** | `app_state.distribution.params.withdraw_addr_enabled` | | **Default** | `true` | -| **Format** | Boolean | -| **Can Change After Genesis** | Via governance | - -```json expandable -{ - "app_state": { - "distribution": { - "params": { - "withdraw_addr_enabled": true - } - } - } -} -``` +| **Type** | Boolean | +| **Adjustable** | Governance | --- -**base_proposer_reward** (Deprecated) +#### base_proposer_reward -| Parameter | Value | -|-----------|-------| -| **Description** | **Deprecated** - Set to `"0.000000000000000000"` | -| **Genesis Location** | `app_state.distribution.params.base_proposer_reward` | -| **Default** | `"0.000000000000000000"` | -| **Format** | String (decimal) | - -```json expandable -{ - "app_state": { - "distribution": { - "params": { - "base_proposer_reward": "0.000000000000000000" - } - } - } -} -``` +| Attribute | Value | +|-----------|-------| +| **Description** | **Deprecated** - Set to zero | +| **Genesis Path** | `app_state.distribution.params.base_proposer_reward` | +| **Default** | `"0.000000000000000000"` | +| **Type** | String (decimal) | --- -**bonus_proposer_reward** (Deprecated) +#### bonus_proposer_reward -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | **Deprecated** - Set to `"0.000000000000000000"` | -| **Genesis Location** | `app_state.distribution.params.bonus_proposer_reward` | +| **Description** | **Deprecated** - Set to zero | +| **Genesis Path** | `app_state.distribution.params.bonus_proposer_reward` | | **Default** | `"0.000000000000000000"` | -| **Format** | String (decimal) | - -```json expandable -{ - "app_state": { - "distribution": { - "params": { - "bonus_proposer_reward": "0.000000000000000000" - } - } - } -} -``` +| **Type** | String (decimal) | ---- + -## Runtime Configuration (TOML Files) +--- -These parameters are configured in TOML files located at `~/.yourchain/config/`. They control node-specific runtime behavior and can be changed by restarting the node. +## Runtime Configuration (app.toml) -### app.toml Parameters +Node-specific parameters. Location: `~/.yourchain/config/app.toml` -Location: `~/.yourchain/config/app.toml` + - +### Base Configuration -**Base Configuration** + -**minimum-gas-prices** +#### minimum-gas-prices -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Node-level minimum gas price to accept transactions | +| **Description** | Node minimum gas price | | **Section** | Root | +| **Adjustable** | Per Node | | **Default** | `"0aatom"` | | **Format** | `` | -| **Can Change** | Yes (restart required) | -| **Template** | [`server/config/migration/v0.50-app.toml:11`](https://github.com/cosmos/evm/blob/main/server/config/migration/v0.50-app.toml#L11) | +| **Source** | [`server/config/migration/v0.50-app.toml:11`](https://github.com/cosmos/evm/blob/main/server/config/migration/v0.50-app.toml#L11) | ```toml minimum-gas-prices = "1000000000atoken" ``` -**Examples:** -- `"0atoken"` = Accept all transactions -- `"1000000000atoken"` = 1 gwei minimum (18 decimals) -- `"1000utoken"` = 0.001 token minimum (6 decimals) - -**Purpose:** -- Protect against spam -- Ensure validators can cover costs -- Should align with genesis fee market settings - --- -**pruning** +#### pruning -| Parameter | Value | +| Attribute | Value | |-----------|-------| | **Description** | State pruning strategy | | **Section** | Root | +| **Adjustable** | Per Node | | **Default** | `"default"` | | **Options** | `default`, `nothing`, `everything`, `custom` | -| **Can Change** | Yes (restart required) | - -```toml -pruning = "default" -``` -**Options:** -- `"default"` - Keep last 362,880 states, prune at 10 block intervals -- `"nothing"` - Archive node, keep all historical states -- `"everything"` - Keep only 2 latest states, prune at 10 block intervals -- `"custom"` - Use custom `pruning-keep-recent` and `pruning-interval` +**Values:** `default` (keep 362,880 states), `nothing` (archive), `everything` (keep 2), `custom` --- -**pruning-keep-recent** / **pruning-interval** +#### pruning-keep-recent / pruning-interval -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Custom pruning parameters (only used if `pruning = "custom"`) | +| **Description** | Custom pruning parameters | | **Section** | Root | +| **Adjustable** | Per Node | | **Default** | `"0"` / `"0"` | -| **Format** | Integer | +| **Type** | Integer | -```toml -pruning = "custom" -pruning-keep-recent = "100000" -pruning-interval = "10" -``` +**Only used if** `pruning = "custom"` --- -**halt-height** / **halt-time** +#### halt-height / halt-time -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Gracefully halt node at specified height or time | +| **Description** | Graceful halt at height/time | | **Section** | Root | -| **Default** | `0` (disabled) | -| **Format** | Integer (height) / Unix timestamp (time) | - -```toml -halt-height = 0 -halt-time = 0 -``` - -**Use Cases:** -- Coordinated chain upgrades -- Testing and debugging -- Emergency shutdowns +| **Adjustable** | Per Node | +| **Default** | `0` | +| **Type** | Integer / Unix timestamp | --- -**min-retain-blocks** +#### min-retain-blocks -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Minimum block height offset for CometBFT block pruning | +| **Description** | Minimum blocks for CometBFT pruning | | **Section** | Root | -| **Default** | `0` (no pruning) | -| **Format** | Integer | - -```toml -min-retain-blocks = 0 -``` - -**Important:** -- Only controls CometBFT block pruning -- Separate from application state pruning -- Consider unbonding period and snapshots +| **Adjustable** | Per Node | +| **Default** | `0` | +| **Type** | Integer | --- -**inter-block-cache** +#### inter-block-cache -| Parameter | Value | +| Attribute | Value | |-----------|-------| | **Description** | Enable inter-block caching | | **Section** | Root | +| **Adjustable** | Per Node | | **Default** | `true` | -| **Format** | Boolean | - -```toml -inter-block-cache = true -``` +| **Type** | Boolean | --- -**index-events** +#### index-events -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Event types to index (empty = index all) | +| **Description** | Event types to index (empty = all) | | **Section** | Root | +| **Adjustable** | Per Node | | **Default** | `[]` | -| **Format** | Array of strings | - -```toml -index-events = [] -``` - -**Example:** -```toml -index-events = ["message.sender", "message.recipient"] -``` +| **Type** | Array of strings | --- -**iavl-cache-size** +#### iavl-cache-size -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | IAVL tree cache size (in number of nodes) | +| **Description** | IAVL tree cache size (nodes) | | **Section** | Root | +| **Adjustable** | Per Node | | **Default** | `781250` | -| **Format** | Integer | - -```toml -iavl-cache-size = 781250 -``` +| **Type** | Integer | --- -**iavl-disable-fastnode** +#### iavl-disable-fastnode -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Disable IAVL fast node feature | +| **Description** | Disable IAVL fast node | | **Section** | Root | +| **Adjustable** | Per Node | | **Default** | `false` | -| **Format** | Boolean | - -```toml -iavl-disable-fastnode = false -``` +| **Type** | Boolean | --- -**app-db-backend** +#### app-db-backend -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Database backend for application and snapshots | +| **Description** | Database backend | | **Section** | Root | +| **Adjustable** | Per Node | | **Default** | `""` (use CometBFT default) | | **Options** | `goleveldb`, `rocksdb`, `pebbledb` | -```toml -app-db-backend = "" -``` - -### EVM Configuration ([evm] section) +--- + +### EVM Configuration - + -**tracer** +#### tracer -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | VM tracer type for debugging | +| **Description** | VM tracer type | | **Section** | `[evm]` | -| **Default** | `""` (no tracing) | +| **Adjustable** | Per Node | +| **Default** | `""` | | **Options** | `""`, `"json"`, `"markdown"`, `"struct"`, `"access_list"` | -| **Can Change** | Yes (restart required) | | **Source** | [`server/config/config.go:56`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L56) | -```toml -[evm] -tracer = "" -``` - -**Options:** -- `""` - No tracing (production) -- `"json"` - Detailed JSON traces (debugging) -- `"markdown"` - Markdown formatted traces -- `"struct"` - Structured traces -- `"access_list"` - Access list tracer - --- -**max-tx-gas-wanted** +#### max-tx-gas-wanted -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Maximum gas limit per transaction | +| **Description** | Max gas per transaction | | **Section** | `[evm]` | +| **Adjustable** | Per Node | | **Default** | `0` (unlimited) | -| **Format** | Unsigned 64-bit integer | +| **Type** | uint64 | | **Source** | [`server/config/config.go:62`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L62) | -```toml -max-tx-gas-wanted = 0 -``` - -**Examples:** -- `0` - Unlimited (default) -- `30000000` - 30M gas limit per transaction - --- -**cache-preimage** +#### cache-preimage -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Enable tracking of SHA3 preimages in VM | +| **Description** | Track SHA3 preimages | | **Section** | `[evm]` | +| **Adjustable** | Per Node | | **Default** | `false` | -| **Format** | Boolean | +| **Type** | Boolean | | **Source** | [`server/config/config.go:59`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L59) | -```toml -cache-preimage = false -``` - --- -**evm-chain-id** +#### evm-chain-id -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | EIP-155 replay protection chain ID (read-only, set during init from source code) | +| **Description** | EIP-155 chain ID (read-only) | | **Section** | `[evm]` | -| **Default** | `262144` (from source) | -| **Format** | Unsigned 64-bit integer | -| **Can Change** | **No** - read-only, written during `init` | +| **Adjustable** | Per Node | +| **Default** | From source code | +| **Type** | uint64 | | **Source** | [`server/config/config.go:149`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L149) | -```toml -evm-chain-id = 262144 -``` - -**Important:** -- Automatically written during `yourchain init` -- Value comes from `config/config.go:78` -- **Do not manually edit** - change in source code before init instead +**Note:** Written during `init`, do not manually edit. --- -**min-tip** +#### min-tip -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Minimum priority fee required for mempool | +| **Description** | Minimum priority fee (wei) | | **Section** | `[evm]` | +| **Adjustable** | Per Node | | **Default** | `0` | -| **Format** | Unsigned 64-bit integer (wei) | +| **Type** | uint64 | | **Source** | [`server/config/config.go:68`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L68) | -```toml -min-tip = 0 -``` - -**Examples:** -- `0` - Accept all transactions -- `1000000000` - Require at least 1 gwei tip - --- -**geth-metrics-address** +#### geth-metrics-address -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Address to bind geth metrics server | +| **Description** | Geth metrics server address | | **Section** | `[evm]` | +| **Adjustable** | Per Node | | **Default** | `"127.0.0.1:8100"` | | **Format** | `host:port` | | **Source** | [`server/config/config.go:71`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L71) | -```toml -geth-metrics-address = "127.0.0.1:8100" -``` - -### EVM Mempool Configuration ([evm.mempool] section) +--- + +### EVM Mempool - + -**price-limit** +#### price-limit -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Minimum gas price to accept into mempool (in wei) | +| **Description** | Minimum gas price (wei) | | **Section** | `[evm.mempool]` | +| **Adjustable** | Per Node | | **Default** | `1` | -| **Format** | Unsigned 64-bit integer | +| **Type** | uint64 | | **Source** | [`server/config/config.go:179`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L179) | -```toml -[evm.mempool] -price-limit = 1 -``` - --- -**price-bump** +#### price-bump -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Minimum % price increase to replace transaction with same nonce | +| **Description** | Price increase % to replace tx | | **Section** | `[evm.mempool]` | +| **Adjustable** | Per Node | | **Default** | `10` (10%) | -| **Format** | Unsigned 64-bit integer (percentage) | +| **Type** | uint64 | | **Source** | [`server/config/config.go:180`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L180) | -```toml -price-bump = 10 -``` - --- -**account-slots** +#### account-slots -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Executable transaction slots guaranteed per account | +| **Description** | Executable slots per account | | **Section** | `[evm.mempool]` | +| **Adjustable** | Per Node | | **Default** | `16` | -| **Format** | Unsigned 64-bit integer | +| **Type** | uint64 | | **Source** | [`server/config/config.go:181`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L181) | -```toml -account-slots = 16 -``` - --- -**global-slots** +#### global-slots -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Maximum executable transaction slots for all accounts | +| **Description** | Max executable slots (all accounts) | | **Section** | `[evm.mempool]` | +| **Adjustable** | Per Node | | **Default** | `5120` | -| **Format** | Unsigned 64-bit integer | +| **Type** | uint64 | | **Source** | [`server/config/config.go:182`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L182) | -```toml -global-slots = 5120 -``` - --- -**account-queue** +#### account-queue -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Non-executable transaction slots permitted per account | +| **Description** | Non-executable slots per account | | **Section** | `[evm.mempool]` | +| **Adjustable** | Per Node | | **Default** | `64` | -| **Format** | Unsigned 64-bit integer | +| **Type** | uint64 | | **Source** | [`server/config/config.go:183`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L183) | -```toml -account-queue = 64 -``` - --- -**global-queue** +#### global-queue -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Non-executable transaction slots for all accounts | +| **Description** | Non-executable slots (all accounts) | | **Section** | `[evm.mempool]` | +| **Adjustable** | Per Node | | **Default** | `1024` | -| **Format** | Unsigned 64-bit integer | +| **Type** | uint64 | | **Source** | [`server/config/config.go:184`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L184) | -```toml -global-queue = 1024 -``` - --- -**lifetime** +#### lifetime -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Maximum time non-executable transactions stay queued | +| **Description** | Max time for queued txs | | **Section** | `[evm.mempool]` | -| **Default** | `"3h0m0s"` (3 hours) | -| **Format** | Go duration string | +| **Adjustable** | Per Node | +| **Default** | `"3h0m0s"` | +| **Type** | Duration string | | **Source** | [`server/config/config.go:185`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L185) | -```toml -lifetime = "3h0m0s" -``` - -**See:** [EVM Mempool Integration](/docs/evm/next/documentation/getting-started/build-a-chain/additional-configuration/mempool-integration) - -### JSON-RPC Configuration ([json-rpc] section) +--- + +### JSON-RPC Configuration - + -**enable** +#### enable -| Parameter | Value | +| Attribute | Value | |-----------|-------| | **Description** | Enable JSON-RPC server | | **Section** | `[json-rpc]` | +| **Adjustable** | Per Node | | **Default** | `false` | -| **Format** | Boolean | +| **Type** | Boolean | | **Source** | [`server/config/config.go:236`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L236) | -```toml -[json-rpc] -enable = true -``` - --- -**address** +#### address -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | HTTP server bind address | +| **Description** | HTTP server address | | **Section** | `[json-rpc]` | +| **Adjustable** | Per Node | | **Default** | `"127.0.0.1:8545"` | | **Format** | `host:port` | | **Source** | [`server/config/config.go:47`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L47) | -```toml -address = "0.0.0.0:8545" -``` - --- -**ws-address** +#### ws-address -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | WebSocket server bind address | +| **Description** | WebSocket server address | | **Section** | `[json-rpc]` | +| **Adjustable** | Per Node | | **Default** | `"127.0.0.1:8546"` | | **Format** | `host:port` | | **Source** | [`server/config/config.go:50`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L50) | -```toml -ws-address = "0.0.0.0:8546" -``` - --- -**api** +#### api -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | List of JSON-RPC namespaces to enable | +| **Description** | Enabled JSON-RPC namespaces | | **Section** | `[json-rpc]` | +| **Adjustable** | Per Node | | **Default** | `["eth", "net", "web3"]` | -| **Format** | Array of strings | +| **Type** | Array of strings | | **Source** | [`server/config/config.go:304-310`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L304-L310) | ```toml api = ["eth", "net", "web3", "txpool"] ``` -**Available Namespaces:** -| Namespace | Purpose | Production | -|-----------|---------|------------| -| `eth` | Standard Ethereum RPC | ✅ Required | -| `net` | Network information | ✅ Recommended | -| `web3` | Web3 client version | ✅ Recommended | -| `txpool` | Transaction pool inspection | ⚠️ Caution | -| `debug` | Debug/trace endpoints | ❌ Dev only | -| `personal` | Account management | ❌ Dev only | -| `miner` | Mining operations | ❌ Dev only | - -**Production:** -```toml -api = ["eth", "net", "web3"] -``` - -**Development:** -```toml -api = ["eth", "net", "web3", "txpool", "debug"] -``` +**Available:** `eth`, `net`, `web3`, `txpool`, `debug`, `personal`, `miner` --- -**gas-cap** +#### gas-cap -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Gas limit for eth_call/estimateGas | +| **Description** | Gas limit for eth_call | | **Section** | `[json-rpc]` | +| **Adjustable** | Per Node | | **Default** | `25000000` | -| **Format** | Unsigned 64-bit integer | +| **Type** | uint64 | | **Source** | [`server/config/config.go:74`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L74) | -```toml -gas-cap = 25000000 -``` - --- -**allow-insecure-unlock** +#### allow-insecure-unlock -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Allow account unlocking when account-related RPCs exposed via HTTP | +| **Description** | Allow account unlocking via HTTP | | **Section** | `[json-rpc]` | +| **Adjustable** | Per Node | | **Default** | `true` | -| **Format** | Boolean | +| **Type** | Boolean | | **Source** | [`server/config/config.go:77`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L77) | -```toml -allow-insecure-unlock = false -``` - -**Security:** -- Set to `false` for production -- Only `true` for local development - --- -**evm-timeout** +#### evm-timeout -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Timeout for eth_call execution | +| **Description** | Timeout for eth_call | | **Section** | `[json-rpc]` | +| **Adjustable** | Per Node | | **Default** | `"5s"` | -| **Format** | Go duration string | +| **Type** | Duration string | | **Source** | [`server/config/config.go:92`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L92) | -```toml -evm-timeout = "5s" -``` - --- -**txfee-cap** +#### txfee-cap -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Global tx-fee cap for send transaction (in native token units) | +| **Description** | Tx fee cap (token units) | | **Section** | `[json-rpc]` | +| **Adjustable** | Per Node | | **Default** | `1.0` | -| **Format** | Float | +| **Type** | Float | | **Source** | [`server/config/config.go:95`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L95) | -```toml -txfee-cap = 1.0 -``` - --- -**filter-cap** +#### filter-cap -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Maximum number of filters that can be created | +| **Description** | Max filters | | **Section** | `[json-rpc]` | +| **Adjustable** | Per Node | | **Default** | `200` | -| **Format** | 32-bit integer | +| **Type** | int32 | | **Source** | [`server/config/config.go:80`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L80) | -```toml -filter-cap = 200 -``` - --- -**feehistory-cap** +#### feehistory-cap -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Maximum number of blocks for fee history query | +| **Description** | Max blocks for fee history | | **Section** | `[json-rpc]` | +| **Adjustable** | Per Node | | **Default** | `100` | -| **Format** | 32-bit integer | +| **Type** | int32 | | **Source** | [`server/config/config.go:83`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L83) | -```toml -feehistory-cap = 100 -``` - --- -**logs-cap** +#### logs-cap -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Maximum results from single eth_getLogs query | +| **Description** | Max results from eth_getLogs | | **Section** | `[json-rpc]` | +| **Adjustable** | Per Node | | **Default** | `10000` | -| **Format** | 32-bit integer | +| **Type** | int32 | | **Source** | [`server/config/config.go:86`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L86) | -```toml -logs-cap = 10000 -``` - --- -**block-range-cap** +#### block-range-cap -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Maximum block range for eth_getLogs query | +| **Description** | Max block range for eth_getLogs | | **Section** | `[json-rpc]` | +| **Adjustable** | Per Node | | **Default** | `10000` | -| **Format** | 32-bit integer | +| **Type** | int32 | | **Source** | [`server/config/config.go:89`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L89) | -```toml -block-range-cap = 10000 -``` - --- -**http-timeout** +#### http-timeout -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Read/write timeout for HTTP JSON-RPC server | +| **Description** | HTTP read/write timeout | | **Section** | `[json-rpc]` | +| **Adjustable** | Per Node | | **Default** | `"30s"` | -| **Format** | Go duration string | +| **Type** | Duration string | | **Source** | [`server/config/config.go:98`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L98) | -```toml -http-timeout = "30s" -``` - --- -**http-idle-timeout** +#### http-idle-timeout -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Idle timeout for HTTP JSON-RPC server | +| **Description** | HTTP idle timeout | | **Section** | `[json-rpc]` | +| **Adjustable** | Per Node | | **Default** | `"2m0s"` | -| **Format** | Go duration string | +| **Type** | Duration string | | **Source** | [`server/config/config.go:101`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L101) | -```toml -http-idle-timeout = "2m0s" -``` - --- -**allow-unprotected-txs** +#### allow-unprotected-txs -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Allow unprotected (non-EIP155) transactions via RPC | +| **Description** | Allow non-EIP155 txs | | **Section** | `[json-rpc]` | +| **Adjustable** | Per Node | | **Default** | `false` | -| **Format** | Boolean | +| **Type** | Boolean | | **Source** | [`server/config/config.go:104`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L104) | -```toml -allow-unprotected-txs = false -``` - -**Security:** -- `false` for production (required) -- `true` only for local development - --- -**batch-request-limit** +#### batch-request-limit -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Maximum number of requests in a batch | +| **Description** | Max requests in batch | | **Section** | `[json-rpc]` | +| **Adjustable** | Per Node | | **Default** | `1000` | -| **Format** | Integer | +| **Type** | Integer | | **Source** | [`server/config/config.go:108`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L108) | -```toml -batch-request-limit = 1000 -``` - --- -**batch-response-max-size** +#### batch-response-max-size -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Maximum bytes returned from batched RPC call | +| **Description** | Max batch response bytes | | **Section** | `[json-rpc]` | +| **Adjustable** | Per Node | | **Default** | `25000000` (25 MB) | -| **Format** | Integer | +| **Type** | Integer | | **Source** | [`server/config/config.go:112`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L112) | -```toml -batch-response-max-size = 25000000 -``` - --- -**max-open-connections** +#### max-open-connections -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Maximum simultaneous connections (0 = unlimited) | +| **Description** | Max simultaneous connections | | **Section** | `[json-rpc]` | -| **Default** | `0` | -| **Format** | Integer | +| **Adjustable** | Per Node | +| **Default** | `0` (unlimited) | +| **Type** | Integer | | **Source** | [`server/config/config.go:115`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L115) | -```toml -max-open-connections = 0 -``` - --- -**enable-indexer** +#### enable-indexer -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Enable custom transaction indexer for EVM transactions | +| **Description** | Enable EVM tx indexer | | **Section** | `[json-rpc]` | +| **Adjustable** | Per Node | | **Default** | `false` | -| **Format** | Boolean | +| **Type** | Boolean | | **Source** | [`server/config/config.go:256`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L256) | -```toml -enable-indexer = false -``` - --- -**metrics-address** +#### metrics-address -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Metrics server bind address | +| **Description** | Metrics server address | | **Section** | `[json-rpc]` | +| **Adjustable** | Per Node | | **Default** | `"127.0.0.1:6065"` | | **Format** | `host:port` | | **Source** | [`server/config/config.go:53`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L53) | -```toml -metrics-address = "127.0.0.1:6065" -``` - --- -**ws-origins** +#### ws-origins -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Allowed origins for WebSocket connections | +| **Description** | Allowed WebSocket origins | | **Section** | `[json-rpc]` | +| **Adjustable** | Per Node | | **Default** | `["127.0.0.1", "localhost"]` | -| **Format** | Array of strings | +| **Type** | Array of strings | | **Source** | [`server/config/config.go:120-122`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L120-L122) | -```toml -ws-origins = ["127.0.0.1", "localhost", "myapp.example.com"] -``` - --- -**enable-profiling** +#### enable-profiling -| Parameter | Value | +| Attribute | Value | |-----------|-------| | **Description** | Enable profiling in debug namespace | | **Section** | `[json-rpc]` | +| **Adjustable** | Per Node | | **Default** | `false` | -| **Format** | Boolean | +| **Type** | Boolean | | **Source** | [`server/config/config.go:124`](https://github.com/cosmos/evm/blob/main/server/config/config.go#L124) | -```toml -enable-profiling = false -``` - -**Warning:** -- **Never enable on public nodes** -- Only for development/debugging -- Can expose sensitive information +**Warning:** Never enable on public nodes. -### TLS Configuration ([tls] section) +--- + +### TLS Configuration - + -**certificate-path** +#### certificate-path -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Path to TLS certificate .pem file | +| **Description** | TLS certificate .pem path | | **Section** | `[tls]` | -| **Default** | `""` (TLS disabled) | -| **Format** | File path | - -```toml -[tls] -certificate-path = "" -``` +| **Adjustable** | Per Node | +| **Default** | `""` (disabled) | +| **Type** | File path | --- -**key-path** +#### key-path -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Path to TLS key .pem file | +| **Description** | TLS key .pem path | | **Section** | `[tls]` | -| **Default** | `""` (TLS disabled) | -| **Format** | File path | - -```toml -key-path = "" -``` - -**Example (TLS enabled):** -```toml -[tls] -certificate-path = "/path/to/cert.pem" -key-path = "/path/to/key.pem" -``` +| **Adjustable** | Per Node | +| **Default** | `""` (disabled) | +| **Type** | File path | -### Telemetry Configuration ([telemetry] section) +--- + +### Telemetry Configuration - + -**service-name** +#### service-name -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Service name prefix for telemetry keys | +| **Description** | Service name prefix | | **Section** | `[telemetry]` | +| **Adjustable** | Per Node | | **Default** | `""` | -| **Format** | String | - -```toml -[telemetry] -service-name = "" -``` +| **Type** | String | --- -**enabled** +#### enabled -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Enable application telemetry | +| **Description** | Enable telemetry | | **Section** | `[telemetry]` | +| **Adjustable** | Per Node | | **Default** | `false` | -| **Format** | Boolean | - -```toml -enabled = false -``` +| **Type** | Boolean | --- -**enable-hostname** / **enable-hostname-label** / **enable-service-label** +#### enable-hostname / enable-hostname-label / enable-service-label -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Include hostname/service in telemetry metrics | +| **Description** | Include hostname/service in metrics | | **Section** | `[telemetry]` | +| **Adjustable** | Per Node | | **Default** | `false` | -| **Format** | Boolean | +| **Type** | Boolean | -```toml -enable-hostname = false -enable-hostname-label = false -enable-service-label = false -``` + -### config.toml Parameters +--- + +## Runtime Configuration (config.toml) -Location: `~/.yourchain/config/config.toml` (CometBFT configuration) +CometBFT configuration. Location: `~/.yourchain/config/config.toml` - -This file is managed by CometBFT. Most parameters use CometBFT defaults. Key parameters for chain operators are documented below. - + - +### P2P Configuration -**P2P Configuration ([p2p] section)** + -**persistent_peers** +#### persistent_peers -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Comma-separated list of nodes to maintain persistent connections | +| **Description** | Persistent peer connections | | **Section** | `[p2p]` | +| **Adjustable** | Per Node | | **Default** | `""` | -| **Format** | `node_id@ip:port,node_id2@ip:port,...` | - -```toml -[p2p] -persistent_peers = "7c90e16cca334eb7@192.168.1.100:26656,abc123def456@192.168.1.101:26656" -``` - -**Get node ID:** -```bash -yourchain comet show-node-id -``` +| **Format** | `node_id@ip:port,node_id2@ip:port` | --- -**laddr** (P2P listen address) +#### laddr -| Parameter | Value | +| Attribute | Value | |-----------|-------| | **Description** | P2P listen address | | **Section** | `[p2p]` | +| **Adjustable** | Per Node | | **Default** | `"tcp://0.0.0.0:26656"` | | **Format** | `tcp://host:port` | -```toml -laddr = "tcp://0.0.0.0:26656" -``` + --- -**Consensus Configuration ([consensus] section)** +### Consensus Configuration + + -**timeout_commit** +#### timeout_commit -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | How long to wait after committing before starting new height (determines block time) | +| **Description** | Time before starting next block | | **Section** | `[consensus]` | +| **Adjustable** | Per Node | | **Default** | `"5s"` | -| **Format** | Go duration string | - -```toml -[consensus] -timeout_commit = "5s" -``` - -**Block Time:** -- `"1s"` - Fast blocks (development) -- `"5s"` - Standard (production) -- `"8s"` - Slower (high latency networks) +| **Type** | Duration string | --- -**timeout_propose** / **timeout_prevote** / **timeout_precommit** +#### timeout_propose / timeout_prevote / timeout_precommit -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Timeouts for consensus phases | +| **Description** | Consensus phase timeouts | | **Section** | `[consensus]` | +| **Adjustable** | Per Node | | **Default** | `"3s"` / `"1s"` / `"1s"` | -| **Format** | Go duration string | +| **Type** | Duration string | -```toml -timeout_propose = "3s" -timeout_prevote = "1s" -timeout_precommit = "1s" -``` + --- -**RPC Configuration ([rpc] section)** +### RPC Configuration + + -**laddr** (RPC listen address) +#### laddr -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | CometBFT RPC listen address | +| **Description** | CometBFT RPC address | | **Section** | `[rpc]` | +| **Adjustable** | Per Node | | **Default** | `"tcp://127.0.0.1:26657"` | | **Format** | `tcp://host:port` | -```toml -[rpc] -laddr = "tcp://127.0.0.1:26657" -``` + --- -**Instrumentation Configuration ([instrumentation] section)** +### Instrumentation + + -**prometheus** +#### prometheus -| Parameter | Value | +| Attribute | Value | |-----------|-------| | **Description** | Enable Prometheus metrics | | **Section** | `[instrumentation]` | +| **Adjustable** | Per Node | | **Default** | `false` | -| **Format** | Boolean | +| **Type** | Boolean | -```toml -[instrumentation] -prometheus = true -prometheus_listen_addr = ":26660" -``` +--- -**Access metrics:** -```bash -curl http://localhost:26660/metrics -``` +#### prometheus_listen_addr + +| Attribute | Value | +|-----------|-------| +| **Description** | Prometheus metrics address | +| **Section** | `[instrumentation]` | +| **Adjustable** | Per Node | +| **Default** | `":26660"` | +| **Format** | `:port` | + + -### client.toml Parameters +--- + +## Runtime Configuration (client.toml) -Location: `~/.yourchain/config/client.toml` +CLI client configuration. Location: `~/.yourchain/config/client.toml` - + -**chain-id** +#### chain-id -| Parameter | Value | +| Attribute | Value | |-----------|-------| | **Description** | Chain ID for CLI operations | | **Section** | Root | +| **Adjustable** | Per Node | | **Default** | `""` (must be set) | -| **Format** | String | - -```toml -chain-id = "mychain-1" -``` +| **Type** | String | -**Set via CLI:** -```bash -yourchain config set client chain-id mychain-1 -``` - -**Important:** -- **Required** for node startup -- Must match `genesis.json` chain_id -- Node will fail to start if mismatch +**Note:** Required for node startup. Must match genesis. --- -**keyring-backend** +#### keyring-backend -| Parameter | Value | +| Attribute | Value | |-----------|-------| | **Description** | Keyring storage backend | | **Section** | Root | +| **Adjustable** | Per Node | | **Default** | `"os"` | | **Options** | `os`, `file`, `test` | -```toml -keyring-backend = "os" -``` - -**Options:** -- `"os"` - OS native keyring (secure, production) -- `"file"` - Encrypted file (requires password) -- `"test"` - Unencrypted (development only, **never for production**) +**Values:** `os` (production), `file` (encrypted), `test` (dev only) --- -**output** +#### output -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | Default output format for CLI | +| **Description** | CLI output format | | **Section** | Root | +| **Adjustable** | Per Node | | **Default** | `"text"` | | **Options** | `text`, `json` | -```toml -output = "text" -``` - --- -**node** +#### node -| Parameter | Value | +| Attribute | Value | |-----------|-------| -| **Description** | CometBFT RPC endpoint for CLI to connect to | +| **Description** | CometBFT RPC endpoint | | **Section** | Root | +| **Adjustable** | Per Node | | **Default** | `"tcp://localhost:26657"` | | **Format** | `tcp://host:port` | -```toml -node = "tcp://localhost:26657" -``` - -**Use Cases:** -- Local node: `"tcp://localhost:26657"` -- Remote node: `"tcp://rpc.mychain.network:26657"` -- Public endpoint: Connect without running full node - --- -**broadcast-mode** +#### broadcast-mode -| Parameter | Value | +| Attribute | Value | |-----------|-------| | **Description** | Transaction broadcast mode | | **Section** | Root | +| **Adjustable** | Per Node | | **Default** | `"sync"` | | **Options** | `sync`, `async`, `block` | -```toml -broadcast-mode = "sync" -``` - -**Options:** -- `"sync"` - Wait for CheckTx (recommended) -- `"async"` - Return immediately -- `"block"` - Wait for block inclusion (slowest, most certain) +**Values:** `sync` (recommended), `async` (fast), `block` (wait for inclusion) --- -## Summary Tables - -### Configuration by Phase +## Summary -| Phase | When | Examples | Changeability | -|-------|------|----------|---------------| -| **Pre-Genesis** | Before `init` | Binary name, Bech32 prefix, BIP44, EVM chain ID | Requires rebuild + hard fork | -| **Genesis** | After `init`, before launch | Module params, initial accounts, validators | Via governance after launch | -| **Runtime** | After launch | app.toml, config.toml, client.toml | Restart node | -| **On-Chain** | After launch | Some module params | Via governance proposal | +### By Configuration Phase -### Critical Parameters (Cannot Change After Genesis) +| Phase | When | Changeability | +|-------|------|---------------| +| **Pre-Genesis** | Before `init` | Rebuild required | +| **Genesis** | After `init`, before launch | Via governance | +| **Runtime** | After launch | Restart node | -| Parameter | Why Critical | -|-----------|-------------| -| **EVM Chain ID** | Breaks transaction replay protection | -| **Bech32 Prefix** | Changes all address formats | -| **BIP44 Coin Type** | Breaks wallet key derivation | -| **Token Decimals** | Fundamental to token economics | +### Critical (Immutable After Genesis) -### Commonly Changed Parameters - -| Parameter | Use Case | -|-----------|----------| -| **minimum-gas-prices** | Adjust fees, prevent spam | -| **active_static_precompiles** | Enable/disable Cosmos SDK features | -| **access_control** | Manage deployment permissions | -| **json-rpc.api** | Control exposed RPC namespaces | -| **pruning** | Manage disk usage | - ---- - -## Quick Navigation - - - -- [Binary Name](#binary-name) -- [Bech32 Address Prefix](#bech32-address-prefix) -- [BIP44 Coin Type](#bip44-coin-type) -- [EVM Chain ID](#evm-chain-id) -- [Default Denomination in Source](#default-denomination-in-source) - - - -- [Root-Level Parameters](#root-level-parameters) -- [VM Module Parameters](#vm-module-parameters-xvm) -- [FeeMarket Module Parameters](#feemarket-module-parameters-xfeemarket) -- [ERC20 Module Parameters](#erc20-module-parameters-xerc20) -- [Bank Module Parameters](#bank-module-parameters) -- [Staking Module Parameters](#staking-module-parameters) -- [Slashing Module Parameters](#slashing-module-parameters) -- [Governance Module Parameters](#governance-module-parameters) -- [Mint Module Parameters](#mint-module-parameters) -- [Distribution Module Parameters](#distribution-module-parameters) - - - -- [app.toml Base Configuration](#apptoml-parameters) -- [EVM Configuration](#evm-configuration-evm-section) -- [EVM Mempool Configuration](#evm-mempool-configuration-evmmempool-section) -- [JSON-RPC Configuration](#json-rpc-configuration-json-rpc-section) -- [TLS Configuration](#tls-configuration-tls-section) -- [config.toml Parameters](#configtoml-parameters) -- [client.toml Parameters](#clienttoml-parameters) - - +| Parameter | Reason | +|-----------|--------| +| **EVM Chain ID** | Transaction replay protection | +| **Bech32 Prefix** | Address format | +| **BIP44 Coin Type** | Wallet derivation | --- -## Additional Resources +## Related Documentation - -Step-by-step configuration guide + +Configuration guide -Network launch procedures - - - -Quick reference with commands +Launch procedures -EVM module documentation +EVM module docs -Fee market documentation +Fee market docs -ERC20 module documentation +ERC20 module docs -Precision handling for non-18 decimals - - - -Cosmos SDK precompiles - - - -General Cosmos SDK documentation +Precision handling - ---- - -For questions or issues, visit the [Cosmos EVM GitHub repository](https://github.com/cosmos/evm). diff --git a/docs/evm/next/documentation/getting-started/build-a-chain/overview.mdx b/docs/evm/next/documentation/getting-started/build-a-chain/overview.mdx index 527f1292..8fb24639 100644 --- a/docs/evm/next/documentation/getting-started/build-a-chain/overview.mdx +++ b/docs/evm/next/documentation/getting-started/build-a-chain/overview.mdx @@ -1,26 +1,28 @@ --- title: "Introduction" -description: "Everything you need to build your own custom blockchain with full EVM compatibility." +description: "Everything you need to build your own custom EVM compatible blockchain." --- -Building a production-ready blockchain with Cosmos EVM involves configuring parameters across three main phases: pre-genesis setup, genesis configuration, and runtime deployment. This guide provides a structured approach to launching your own EVM-compatible Layer 1 chain. +Cosmos-EVM is the easiest way to build your own EVM compatible L1 blockchain using the Cosmos SDK. This guide walks through the process of creating and running a network by simply modifying the "template" blockchain application bubdled with the module repo. ## Why Cosmos-EVM? -The Cosmos EVM repository includes `evmd`, a fully functional blockchain that integrates the Cosmos SDK with the EVM module. Because `evmd` is developed and maintained alongside the module itself, it serves as the canonical reference implementation with production-ready defaults and best practices. +In addition to being a standalone module, the [Cosmos/EVM](https://github.com/cosmos/evm) project repository includes `evmd`, a complete working blockchain pre-wired with the EVM module and a few supporting modules. -Starting with `evmd` provides several advantages: +Because this example is actively developed and maintained alongside the module itself and serves as the canonical reference implementation, it is the perfect starting point to modify and customize into your own EVM-compatible chain. + +Besides being much simpler than alternatives, this provides several advantages: - **Greater compatibility** - Direct alignment with the module's development ensures the configurations work as intended - **Improved troubleshooting** - Greater similarity to the base project makes it simpler to diagnose issues and find solutions - **Proven logic** - Integration approaches used by the core development team are readily available and battle-tested -- **Peace of mind** - Fully audited (as of v0.4.x) with comprehensive [security audits](/docs/evm/next/documentation/overview#audits) +- **Peace of mind** - Fully audited (as of v0.4.x) -- read the [audit reports](/docs/evm/next/documentation/overview#audits) here - **Developer Community** - Cosmos EVM already powers multiple projects, with many more planning to migrate. There's no shortage of experience and knowledge to draw from and contribute to! -Rather than assembling components from scratch, fork `evmd` and customize it for your specific needs. This approach lets you focus on what makes your chain unique rather than debugging basic integration issues. +Rather than assembling components from scratch, fork `evmd` and customize it for your specific needs. This approach lets engineers focus on what makes your chain unique rather than debugging basic integration issues. ## Configuration Guides -The following three guides will walk you through building and launching your own EVM L1 chain: +The following three guides cover three general categories: Basic/Introductory setup, understanding and setting all network parameters, and final steps to launch the network successfully:
    From 4dca4a03c121f5ebb611ebcd2e996086ce1acac2 Mon Sep 17 00:00:00 2001 From: Cordt Date: Tue, 21 Oct 2025 05:53:08 -0600 Subject: [PATCH 22/26] setup guide tweak --- .../getting-started/build-a-chain/initial-setup.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx b/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx index 1b0fb01b..87d076c0 100644 --- a/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx +++ b/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx @@ -9,7 +9,7 @@ This page provides a basic starting point for anyone unfamiliar with the Cosmos ### Required Dependencies -- **Go 1.22+** - Required for building the blockchain binary +- **Go 1.23.8+** - Required for building the blockchain binary - **Git** - For version control and repository management - **Make** - For using build commands - **GCC/Build Tools** - Required for CGo compilation From 3577848bd688d874d6fbe5d7b3b3e326b00d345c Mon Sep 17 00:00:00 2001 From: Cordt Date: Tue, 21 Oct 2025 08:37:42 -0600 Subject: [PATCH 23/26] improve initial-setup --- .../build-a-chain/initial-setup.mdx | 92 +++++++++---------- 1 file changed, 46 insertions(+), 46 deletions(-) diff --git a/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx b/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx index 87d076c0..794c3aa6 100644 --- a/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx +++ b/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx @@ -18,28 +18,43 @@ This page provides a basic starting point for anyone unfamiliar with the Cosmos ### Installation by Platform - + -#### Using Homebrew (Recommended) +#### Using APT Package Manager -Install Homebrew if you haven't already: +Update package lists and install build essentials: ```bash -/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" +# Update package lists +sudo apt update && sudo apt upgrade -y + +# Install build essentials and dependencies +sudo apt install -y build-essential git make gcc curl wget ``` -Install the required dependencies: +Install Go 1.22: -```bash -# Install build essentials -brew install git make gcc +```bash expandable +# Download Go 1.22 +wget https://go.dev/dl/go1.22.0.linux-amd64.tar.gz -# Install Go -brew install go@1.22 +# Remove old Go installation (if exists) +sudo rm -rf /usr/local/go -# Add Go to your PATH (add to ~/.zshrc or ~/.bash_profile) -echo 'export PATH="/usr/local/opt/go@1.22/bin:$PATH"' >> ~/.zshrc -source ~/.zshrc +# Extract and install +sudo tar -C /usr/local -xzf go1.22.0.linux-amd64.tar.gz + +# Clean up +rm go1.22.0.linux-amd64.tar.gz + +# Add Go to PATH (add to ~/.bashrc or ~/.profile) +echo 'export PATH=$PATH:/usr/local/go/bin' >> ~/.bashrc +echo 'export GOPATH=$HOME/go' >> ~/.bashrc +echo 'export PATH=$PATH:$GOPATH/bin' >> ~/.bashrc +source ~/.bashrc + +# Create Go workspace directories +mkdir -p $HOME/go/{bin,src,pkg} ``` Verify installations: @@ -100,43 +115,28 @@ gcc --version ``` - + -#### Using APT Package Manager +#### Using Homebrew (Recommended) -Update package lists and install build essentials: +Install Homebrew if you haven't already: ```bash -# Update package lists -sudo apt update && sudo apt upgrade -y - -# Install build essentials and dependencies -sudo apt install -y build-essential git make gcc curl wget +/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" ``` -Install Go 1.22: - -```bash expandable -# Download Go 1.22 -wget https://go.dev/dl/go1.22.0.linux-amd64.tar.gz - -# Remove old Go installation (if exists) -sudo rm -rf /usr/local/go - -# Extract and install -sudo tar -C /usr/local -xzf go1.22.0.linux-amd64.tar.gz +Install the required dependencies: -# Clean up -rm go1.22.0.linux-amd64.tar.gz +```bash +# Install build essentials +brew install git make gcc -# Add Go to PATH (add to ~/.bashrc or ~/.profile) -echo 'export PATH=$PATH:/usr/local/go/bin' >> ~/.bashrc -echo 'export GOPATH=$HOME/go' >> ~/.bashrc -echo 'export PATH=$PATH:$GOPATH/bin' >> ~/.bashrc -source ~/.bashrc +# Install Go +brew install go@1.22 -# Create Go workspace directories -mkdir -p $HOME/go/{bin,src,pkg} +# Add Go to your PATH (add to ~/.zshrc or ~/.bash_profile) +echo 'export PATH="/usr/local/opt/go@1.22/bin:$PATH"' >> ~/.zshrc +source ~/.zshrc ``` Verify installations: @@ -288,11 +288,11 @@ This starts a validator node which runs a local chain accessible at `http://loca ### [Optional] Cosmos SDK Modules Explore the [Cosmos SDK modules](/docs/evm/next/documentation/cosmos-sdk) that provide core blockchain functionality: -- **Bank** - Token transfers and balances -- **Staking** - Validator delegation and rewards -- **Governance** - On-chain voting and proposals -- **Slashing** - Validator penalty enforcement -- **Distribution** - Fee and reward distribution +- **[Bank](https://docs.cosmos.network/main/build/modules/bank)** - Token transfers and balances +- **[Staking](https://docs.cosmos.network/main/build/modules/staking)** - Validator delegation and rewards +- **[Governance](https://docs.cosmos.network/main/build/modules/governance)** - On-chain voting and proposals +- **[Slashing](https://docs.cosmos.network/main/build/modules/slashing)** - Validator penalty enforcement +- **[Distribution](https://docs.cosmos.network/main/build/modules/distribution)** - Fee and reward distribution ## Next Steps From 0e3d72b452480637b38cd3d579a961cdea5ef7f2 Mon Sep 17 00:00:00 2001 From: Cordt Date: Tue, 21 Oct 2025 08:53:23 -0600 Subject: [PATCH 24/26] fix: convert relative ADR links to absolute paths for Mintlify compatibility Fixes broken relative links in SDK architecture docs (v0.47, v0.50, v0.53) by converting them to absolute paths starting with /docs. --- docs/sdk/v0.47/build/architecture/README.mdx | 90 +++++++++---------- .../adr-007-specialization-groups.mdx | 2 +- .../architecture/adr-008-dCERT-group.mdx | 4 +- .../adr-020-protobuf-transaction-encoding.mdx | 10 +-- .../adr-021-protobuf-query-encoding.mdx | 6 +- .../architecture/adr-023-protobuf-naming.mdx | 4 +- ...7-deterministic-protobuf-serialization.mdx | 2 +- .../architecture/adr-030-authz-module.mdx | 2 +- .../architecture/adr-031-msg-service.mdx | 10 +-- .../adr-033-protobuf-inter-module-comm.mdx | 22 ++--- .../architecture/adr-042-group-module.mdx | 10 +-- .../adr-044-protobuf-updates-guidelines.mdx | 2 +- .../adr-045-check-delivertx-middlewares.mdx | 4 +- .../adr-050-sign-mode-textual-annex1.mdx | 4 +- .../adr-050-sign-mode-textual.mdx | 12 +-- .../adr-054-semver-compatible-modules.mdx | 28 +++--- .../build/architecture/adr-057-app-wiring.mdx | 4 +- .../architecture/adr-063-core-module-api.mdx | 16 ++-- .../build/architecture/adr-064-abci-2.0.mdx | 4 +- .../build/architecture/adr-065-store-v2.mdx | 6 +- .../v0.47/build/architecture/adr-template.mdx | 2 +- .../adr-020-protobuf-transaction-encoding.mdx | 2 +- .../architecture/adr-023-protobuf-naming.mdx | 4 +- .../architecture/adr-042-group-module.mdx | 10 +-- .../build/architecture/adr-064-abci-2.0.mdx | 4 +- .../adr-020-protobuf-transaction-encoding.mdx | 2 +- .../architecture/adr-023-protobuf-naming.mdx | 4 +- .../architecture/adr-042-group-module.mdx | 10 +-- .../build/architecture/adr-064-abci-2.0.mdx | 4 +- 29 files changed, 142 insertions(+), 142 deletions(-) diff --git a/docs/sdk/v0.47/build/architecture/README.mdx b/docs/sdk/v0.47/build/architecture/README.mdx index d82501ef..8852ee74 100644 --- a/docs/sdk/v0.47/build/architecture/README.mdx +++ b/docs/sdk/v0.47/build/architecture/README.mdx @@ -33,7 +33,7 @@ If recorded decisions turned out to be lacking, convene a discussion, record the ## Creating new ADR -Read about the [PROCESS](PROCESS). +Read about the [PROCESS](/docs/sdk/v0.47/build/architecture/PROCESS). ### Use RFC 2119 Keywords @@ -43,53 +43,53 @@ When writing ADRs, follow the same best practices for writing RFCs. When writing ### Accepted -* [ADR 002: SDK Documentation Structure](adr-002-docs-structure) -* [ADR 004: Split Denomination Keys](adr-004-split-denomination-keys) -* [ADR 006: Secret Store Replacement](adr-006-secret-store-replacement) -* [ADR 009: Evidence Module](adr-009-evidence-module) -* [ADR 010: Modular AnteHandler](adr-010-modular-antehandler) -* [ADR 019: Protocol Buffer State Encoding](adr-019-protobuf-state-encoding) -* [ADR 020: Protocol Buffer Transaction Encoding](adr-020-protobuf-transaction-encoding) -* [ADR 021: Protocol Buffer Query Encoding](adr-021-protobuf-query-encoding) -* [ADR 023: Protocol Buffer Naming and Versioning](adr-023-protobuf-naming) -* [ADR 029: Fee Grant Module](adr-029-fee-grant-module) -* [ADR 030: Message Authorization Module](adr-030-authz-module) -* [ADR 031: Protobuf Msg Services](adr-031-msg-service) -* [ADR 055: ORM](adr-055-orm) -* [ADR 058: Auto-Generated CLI](adr-058-auto-generated-cli) -* [ADR 060: ABCI 1.0 (Phase I)](adr-060-abci-1.0) -* [ADR 061: Liquid Staking](adr-061-liquid-staking) +* [ADR 002: SDK Documentation Structure](/docs/sdk/v0.47/build/architecture/adr-002-docs-structure) +* [ADR 004: Split Denomination Keys](/docs/sdk/v0.47/build/architecture/adr-004-split-denomination-keys) +* [ADR 006: Secret Store Replacement](/docs/sdk/v0.47/build/architecture/adr-006-secret-store-replacement) +* [ADR 009: Evidence Module](/docs/sdk/v0.47/build/architecture/adr-009-evidence-module) +* [ADR 010: Modular AnteHandler](/docs/sdk/v0.47/build/architecture/adr-010-modular-antehandler) +* [ADR 019: Protocol Buffer State Encoding](/docs/sdk/v0.47/build/architecture/adr-019-protobuf-state-encoding) +* [ADR 020: Protocol Buffer Transaction Encoding](/docs/sdk/v0.47/build/architecture/adr-020-protobuf-transaction-encoding) +* [ADR 021: Protocol Buffer Query Encoding](/docs/sdk/v0.47/build/architecture/adr-021-protobuf-query-encoding) +* [ADR 023: Protocol Buffer Naming and Versioning](/docs/sdk/v0.47/build/architecture/adr-023-protobuf-naming) +* [ADR 029: Fee Grant Module](/docs/sdk/v0.47/build/architecture/adr-029-fee-grant-module) +* [ADR 030: Message Authorization Module](/docs/sdk/v0.47/build/architecture/adr-030-authz-module) +* [ADR 031: Protobuf Msg Services](/docs/sdk/v0.47/build/architecture/adr-031-msg-service) +* [ADR 055: ORM](/docs/sdk/v0.47/build/architecture/adr-055-orm) +* [ADR 058: Auto-Generated CLI](/docs/sdk/v0.47/build/architecture/adr-058-auto-generated-cli) +* [ADR 060: ABCI 1.0 (Phase I)](/docs/sdk/v0.47/build/architecture/adr-060-abci-1.0) +* [ADR 061: Liquid Staking](/docs/sdk/v0.47/build/architecture/adr-061-liquid-staking) ### Proposed -* [ADR 003: Dynamic Capability Store](adr-003-dynamic-capability-store) -* [ADR 011: Generalize Genesis Accounts](adr-011-generalize-genesis-accounts) -* [ADR 012: State Accessors](adr-012-state-accessors) -* [ADR 013: Metrics](adr-013-metrics) -* [ADR 016: Validator Consensus Key Rotation](adr-016-validator-consensus-key-rotation) -* [ADR 017: Historical Header Module](adr-017-historical-header-module) -* [ADR 018: Extendable Voting Periods](adr-018-extendable-voting-period) -* [ADR 022: Custom baseapp panic handling](adr-022-custom-panic-handling) -* [ADR 024: Coin Metadata](adr-024-coin-metadata) -* [ADR 027: Deterministic Protobuf Serialization](adr-027-deterministic-protobuf-serialization) -* [ADR 028: Public Key Addresses](adr-028-public-key-addresses) -* [ADR 032: Typed Events](adr-032-typed-events) -* [ADR 033: Inter-module RPC](adr-033-protobuf-inter-module-comm) -* [ADR 035: Rosetta API Support](adr-035-rosetta-api-support) -* [ADR 037: Governance Split Votes](adr-037-gov-split-vote) -* [ADR 038: State Listening](adr-038-state-listening) -* [ADR 039: Epoched Staking](adr-039-epoched-staking) -* [ADR 040: Storage and SMT State Commitments](adr-040-storage-and-smt-state-commitments) -* [ADR 046: Module Params](adr-046-module-params) -* [ADR 054: Semver Compatible SDK Modules](adr-054-semver-compatible-modules) -* [ADR 057: App Wiring](adr-057-app-wiring) -* [ADR 059: Test Scopes](adr-059-test-scopes) -* [ADR 062: Collections State Layer](adr-062-collections-state-layer) -* [ADR 063: Core Module API](adr-063-core-module-api) -* [ADR 065: Store V2](adr-065-store-v2) +* [ADR 003: Dynamic Capability Store](/docs/sdk/v0.47/build/architecture/adr-003-dynamic-capability-store) +* [ADR 011: Generalize Genesis Accounts](/docs/sdk/v0.47/build/architecture/adr-011-generalize-genesis-accounts) +* [ADR 012: State Accessors](/docs/sdk/v0.47/build/architecture/adr-012-state-accessors) +* [ADR 013: Metrics](/docs/sdk/v0.47/build/architecture/adr-013-metrics) +* [ADR 016: Validator Consensus Key Rotation](/docs/sdk/v0.47/build/architecture/adr-016-validator-consensus-key-rotation) +* [ADR 017: Historical Header Module](/docs/sdk/v0.47/build/architecture/adr-017-historical-header-module) +* [ADR 018: Extendable Voting Periods](/docs/sdk/v0.47/build/architecture/adr-018-extendable-voting-period) +* [ADR 022: Custom baseapp panic handling](/docs/sdk/v0.47/build/architecture/adr-022-custom-panic-handling) +* [ADR 024: Coin Metadata](/docs/sdk/v0.47/build/architecture/adr-024-coin-metadata) +* [ADR 027: Deterministic Protobuf Serialization](/docs/sdk/v0.47/build/architecture/adr-027-deterministic-protobuf-serialization) +* [ADR 028: Public Key Addresses](/docs/sdk/v0.47/build/architecture/adr-028-public-key-addresses) +* [ADR 032: Typed Events](/docs/sdk/v0.47/build/architecture/adr-032-typed-events) +* [ADR 033: Inter-module RPC](/docs/sdk/v0.47/build/architecture/adr-033-protobuf-inter-module-comm) +* [ADR 035: Rosetta API Support](/docs/sdk/v0.47/build/architecture/adr-035-rosetta-api-support) +* [ADR 037: Governance Split Votes](/docs/sdk/v0.47/build/architecture/adr-037-gov-split-vote) +* [ADR 038: State Listening](/docs/sdk/v0.47/build/architecture/adr-038-state-listening) +* [ADR 039: Epoched Staking](/docs/sdk/v0.47/build/architecture/adr-039-epoched-staking) +* [ADR 040: Storage and SMT State Commitments](/docs/sdk/v0.47/build/architecture/adr-040-storage-and-smt-state-commitments) +* [ADR 046: Module Params](/docs/sdk/v0.47/build/architecture/adr-046-module-params) +* [ADR 054: Semver Compatible SDK Modules](/docs/sdk/v0.47/build/architecture/adr-054-semver-compatible-modules) +* [ADR 057: App Wiring](/docs/sdk/v0.47/build/architecture/adr-057-app-wiring) +* [ADR 059: Test Scopes](/docs/sdk/v0.47/build/architecture/adr-059-test-scopes) +* [ADR 062: Collections State Layer](/docs/sdk/v0.47/build/architecture/adr-062-collections-state-layer) +* [ADR 063: Core Module API](/docs/sdk/v0.47/build/architecture/adr-063-core-module-api) +* [ADR 065: Store V2](/docs/sdk/v0.47/build/architecture/adr-065-store-v2) ### Draft -* [ADR 044: Guidelines for Updating Protobuf Definitions](adr-044-protobuf-updates-guidelines) -* [ADR 047: Extend Upgrade Plan](adr-047-extend-upgrade-plan) -* [ADR 053: Go Module Refactoring](adr-053-go-module-refactoring) +* [ADR 044: Guidelines for Updating Protobuf Definitions](/docs/sdk/v0.47/build/architecture/adr-044-protobuf-updates-guidelines) +* [ADR 047: Extend Upgrade Plan](/docs/sdk/v0.47/build/architecture/adr-047-extend-upgrade-plan) +* [ADR 053: Go Module Refactoring](/docs/sdk/v0.47/build/architecture/adr-053-go-module-refactoring) diff --git a/docs/sdk/v0.47/build/architecture/adr-007-specialization-groups.mdx b/docs/sdk/v0.47/build/architecture/adr-007-specialization-groups.mdx index 3200d029..56503aa8 100644 --- a/docs/sdk/v0.47/build/architecture/adr-007-specialization-groups.mdx +++ b/docs/sdk/v0.47/build/architecture/adr-007-specialization-groups.mdx @@ -195,4 +195,4 @@ sdk.Result ## References -* [dCERT ADR](adr-008-dCERT-group) +* [dCERT ADR](/docs/sdk/v0.47/build/architecture/adr-008-dCERT-group) diff --git a/docs/sdk/v0.47/build/architecture/adr-008-dCERT-group.mdx b/docs/sdk/v0.47/build/architecture/adr-008-dCERT-group.mdx index cb2f328c..3e46ae74 100644 --- a/docs/sdk/v0.47/build/architecture/adr-008-dCERT-group.mdx +++ b/docs/sdk/v0.47/build/architecture/adr-008-dCERT-group.mdx @@ -35,7 +35,7 @@ vulnerability being patched on the live network. ## Decision The dCERT group is proposed to include an implementation of a `SpecializationGroup` -as defined in [ADR 007](adr-007-specialization-groups). This will include the +as defined in [ADR 007](/docs/sdk/v0.47/build/architecture/adr-007-specialization-groups). This will include the implementation of: * continuous voting @@ -171,4 +171,4 @@ they should all be severely slashed. ## References -[Specialization Groups ADR](adr-007-specialization-groups) +[Specialization Groups ADR](/docs/sdk/v0.47/build/architecture/adr-007-specialization-groups) diff --git a/docs/sdk/v0.47/build/architecture/adr-020-protobuf-transaction-encoding.mdx b/docs/sdk/v0.47/build/architecture/adr-020-protobuf-transaction-encoding.mdx index 73bf22f9..5a4a0fee 100644 --- a/docs/sdk/v0.47/build/architecture/adr-020-protobuf-transaction-encoding.mdx +++ b/docs/sdk/v0.47/build/architecture/adr-020-protobuf-transaction-encoding.mdx @@ -25,7 +25,7 @@ Accepted ## Context This ADR is a continuation of the motivation, design, and context established in -[ADR 019](adr-019-protobuf-state-encoding), namely, we aim to design the +[ADR 019](/docs/sdk/v0.47/build/architecture/adr-019-protobuf-state-encoding), namely, we aim to design the Protocol Buffer migration path for the client-side of the Cosmos SDK. Specifically, the client-side migration path primarily includes tx generation and @@ -45,7 +45,7 @@ approach to the approach described below. ### Transactions -Since interface values are encoded with `google.protobuf.Any` in state (see [ADR 019](adr-019-protobuf-state-encoding)), +Since interface values are encoded with `google.protobuf.Any` in state (see [ADR 019](/docs/sdk/v0.47/build/architecture/adr-019-protobuf-state-encoding)), `sdk.Msg`s are encoding with `Any` in transactions. One of the main goals of using `Any` to encode interface values is to have a @@ -207,7 +207,7 @@ message SignDoc { In order to sign in the default mode, clients take the following steps: 1. Serialize `TxBody` and `AuthInfo` using any valid protobuf implementation. -2. Create a `SignDoc` and serialize it using [ADR 027](adr-027-deterministic-protobuf-serialization). +2. Create a `SignDoc` and serialize it using [ADR 027](/docs/sdk/v0.47/build/architecture/adr-027-deterministic-protobuf-serialization). 3. Sign the encoded `SignDoc` bytes. 4. Build a `TxRaw` and serialize it for broadcasting. @@ -223,7 +223,7 @@ Signature verifiers do: 3. For each required signer: * Pull account number and sequence from the state. * Obtain the public key either from state or `AuthInfo`'s `signer_infos`. - * Create a `SignDoc` and serialize it using [ADR 027](adr-027-deterministic-protobuf-serialization). + * Create a `SignDoc` and serialize it using [ADR 027](/docs/sdk/v0.47/build/architecture/adr-027-deterministic-protobuf-serialization). * Verify the signature at the same list position against the serialized `SignDoc`. #### `SIGN_MODE_LEGACY_AMINO` @@ -314,7 +314,7 @@ enforce this. Currently, the REST and CLI handlers encode and decode types and txs via Amino JSON encoding using a concrete Amino codec. Being that some of the types dealt with -in the client can be interfaces, similar to how we described in [ADR 019](adr-019-protobuf-state-encoding), +in the client can be interfaces, similar to how we described in [ADR 019](/docs/sdk/v0.47/build/architecture/adr-019-protobuf-state-encoding), the client logic will now need to take a codec interface that knows not only how to handle all the types, but also knows how to generate transactions, signatures, and messages. diff --git a/docs/sdk/v0.47/build/architecture/adr-021-protobuf-query-encoding.mdx b/docs/sdk/v0.47/build/architecture/adr-021-protobuf-query-encoding.mdx index 5e5d071d..85cc563b 100644 --- a/docs/sdk/v0.47/build/architecture/adr-021-protobuf-query-encoding.mdx +++ b/docs/sdk/v0.47/build/architecture/adr-021-protobuf-query-encoding.mdx @@ -14,11 +14,11 @@ Accepted ## Context This ADR is a continuation of the motivation, design, and context established in -[ADR 019](adr-019-protobuf-state-encoding) and -[ADR 020](adr-020-protobuf-transaction-encoding), namely, we aim to design the +[ADR 019](/docs/sdk/v0.47/build/architecture/adr-019-protobuf-state-encoding) and +[ADR 020](/docs/sdk/v0.47/build/architecture/adr-020-protobuf-transaction-encoding), namely, we aim to design the Protocol Buffer migration path for the client-side of the Cosmos SDK. -This ADR continues from [ADD 020](adr-020-protobuf-transaction-encoding) +This ADR continues from [ADD 020](/docs/sdk/v0.47/build/architecture/adr-020-protobuf-transaction-encoding) to specify the encoding of queries. ## Decision diff --git a/docs/sdk/v0.47/build/architecture/adr-023-protobuf-naming.mdx b/docs/sdk/v0.47/build/architecture/adr-023-protobuf-naming.mdx index 9a103a3a..1e000c2a 100644 --- a/docs/sdk/v0.47/build/architecture/adr-023-protobuf-naming.mdx +++ b/docs/sdk/v0.47/build/architecture/adr-023-protobuf-naming.mdx @@ -38,7 +38,7 @@ from Buf that: ### Adoption of gRPC Queries -In [ADR 021](adr-021-protobuf-query-encoding), gRPC was adopted for Protobuf +In [ADR 021](/docs/sdk/v0.47/build/architecture/adr-021-protobuf-query-encoding), gRPC was adopted for Protobuf native queries. The full gRPC service path thus becomes a key part of ABCI query path. In the future, gRPC queries may be allowed from within persistent scripts by technologies such as CosmWasm and these query routes would be stored within @@ -209,7 +209,7 @@ helpful context. ### Service and RPC Naming -[ADR 021](adr-021-protobuf-query-encoding) specifies that modules should +[ADR 021](/docs/sdk/v0.47/build/architecture/adr-021-protobuf-query-encoding) specifies that modules should implement a gRPC query service. We should consider the principle of conciseness for query service and RPC names as these may be called from persistent script modules such as CosmWasm. Also, users may use these query paths from tools like diff --git a/docs/sdk/v0.47/build/architecture/adr-027-deterministic-protobuf-serialization.mdx b/docs/sdk/v0.47/build/architecture/adr-027-deterministic-protobuf-serialization.mdx index 6f0dd181..79d39567 100644 --- a/docs/sdk/v0.47/build/architecture/adr-027-deterministic-protobuf-serialization.mdx +++ b/docs/sdk/v0.47/build/architecture/adr-027-deterministic-protobuf-serialization.mdx @@ -30,7 +30,7 @@ other cases as well. For signature verification in Cosmos SDK, the signer and verifier need to agree on the same serialization of a `SignDoc` as defined in -[ADR-020](adr-020-protobuf-transaction-encoding) without transmitting the +[ADR-020](/docs/sdk/v0.47/build/architecture/adr-020-protobuf-transaction-encoding) without transmitting the serialization. Currently, for block signatures we are using a workaround: we create a new [TxRaw](https://github.com/cosmos/cosmos-sdk/blob/9e85e81e0e8140067dd893421290c191529c148c/proto/cosmos/tx/v1beta1/tx.proto#L30) diff --git a/docs/sdk/v0.47/build/architecture/adr-030-authz-module.mdx b/docs/sdk/v0.47/build/architecture/adr-030-authz-module.mdx index 0dae1259..35bbb515 100644 --- a/docs/sdk/v0.47/build/architecture/adr-030-authz-module.mdx +++ b/docs/sdk/v0.47/build/architecture/adr-030-authz-module.mdx @@ -27,7 +27,7 @@ The concrete use cases which motivated this module include: delegated stake * "sub-keys" functionality, as originally proposed in [#4480](https://github.com/cosmos/cosmos-sdk/issues/4480) which is a term used to describe the functionality provided by this module together with - the `fee_grant` module from [ADR 029](adr-029-fee-grant-module) and the [group module](https://github.com/cosmos/cosmos-sdk/tree/main/x/group). + the `fee_grant` module from [ADR 029](/docs/sdk/v0.47/build/architecture/adr-029-fee-grant-module) and the [group module](https://github.com/cosmos/cosmos-sdk/tree/main/x/group). The "sub-keys" functionality roughly refers to the ability for one account to grant some subset of its capabilities to other accounts with possibly less robust, but easier to use security measures. For instance, a master account representing diff --git a/docs/sdk/v0.47/build/architecture/adr-031-msg-service.mdx b/docs/sdk/v0.47/build/architecture/adr-031-msg-service.mdx index 6a071cce..543c22d4 100644 --- a/docs/sdk/v0.47/build/architecture/adr-031-msg-service.mdx +++ b/docs/sdk/v0.47/build/architecture/adr-031-msg-service.mdx @@ -111,12 +111,12 @@ One consequence of this convention is that each `Msg` type can be the request pa ### Encoding -Encoding of transactions generated with `Msg` services do not differ from current Protobuf transaction encoding as defined in [ADR-020](adr-020-protobuf-transaction-encoding). We are encoding `Msg` types (which are exactly `Msg` service methods' request parameters) as `Any` in `Tx`s which involves packing the +Encoding of transactions generated with `Msg` services do not differ from current Protobuf transaction encoding as defined in [ADR-020](/docs/sdk/v0.47/build/architecture/adr-020-protobuf-transaction-encoding). We are encoding `Msg` types (which are exactly `Msg` service methods' request parameters) as `Any` in `Tx`s which involves packing the binary-encoded `Msg` with its type URL. ### Decoding -Since `Msg` types are packed into `Any`, decoding transactions messages are done by unpacking `Any`s into `Msg` types. For more information, please refer to [ADR-020](adr-020-protobuf-transaction-encoding#transactions). +Since `Msg` types are packed into `Any`, decoding transactions messages are done by unpacking `Any`s into `Msg` types. For more information, please refer to [ADR-020](/docs/sdk/v0.47/build/architecture/adr-020-protobuf-transaction-encoding#transactions). ### Routing @@ -128,7 +128,7 @@ For backward compatability, the old handlers are not removed yet. If BaseApp rec ### Module Configuration -In [ADR 021](adr-021-protobuf-query-encoding), we introduced a method `RegisterQueryService` +In [ADR 021](/docs/sdk/v0.47/build/architecture/adr-021-protobuf-query-encoding), we introduced a method `RegisterQueryService` to `AppModule` which allows for modules to register gRPC queriers. To register `Msg` services, we attempt a more extensible approach by converting `RegisterQueryService` @@ -213,5 +213,5 @@ Finally, closing a module to client API opens desirable OCAP patterns discussed * [Initial Github Issue #7122](https://github.com/cosmos/cosmos-sdk/issues/7122) * [proto 3 Language Guide: Defining Services](https://developers.google.com/protocol-buffers/docs/proto3#services) * [Initial pre-`Any` `Msg` designs](https://docs.google.com/document/d/1eEgYgvgZqLE45vETjhwIw4VOqK-5hwQtZtjVbiXnIGc) -* [ADR 020](adr-020-protobuf-transaction-encoding) -* [ADR 021](adr-021-protobuf-query-encoding) +* [ADR 020](/docs/sdk/v0.47/build/architecture/adr-020-protobuf-transaction-encoding) +* [ADR 021](/docs/sdk/v0.47/build/architecture/adr-021-protobuf-query-encoding) diff --git a/docs/sdk/v0.47/build/architecture/adr-033-protobuf-inter-module-comm.mdx b/docs/sdk/v0.47/build/architecture/adr-033-protobuf-inter-module-comm.mdx index 8ce01123..c655050d 100644 --- a/docs/sdk/v0.47/build/architecture/adr-033-protobuf-inter-module-comm.mdx +++ b/docs/sdk/v0.47/build/architecture/adr-033-protobuf-inter-module-comm.mdx @@ -14,8 +14,8 @@ Proposed ## Abstract This ADR introduces a system for permissioned inter-module communication leveraging the protobuf `Query` and `Msg` -service definitions defined in [ADR 021](adr-021-protobuf-query-encoding) and -[ADR 031](adr-031-msg-service) which provides: +service definitions defined in [ADR 021](/docs/sdk/v0.47/build/architecture/adr-021-protobuf-query-encoding) and +[ADR 031](/docs/sdk/v0.47/build/architecture/adr-031-msg-service) which provides: * stable protobuf based module interfaces to potentially later replace the keeper paradigm * stronger inter-module object capabilities (OCAPs) guarantees @@ -51,7 +51,7 @@ just a simple string. So the `x/upgrade` module could mint tokens for the `x/sta ## Decision -Based on [ADR-021](adr-021-protobuf-query-encoding) and [ADR-031](adr-031-msg-service), we introduce the +Based on [ADR-021](/docs/sdk/v0.47/build/architecture/adr-021-protobuf-query-encoding) and [ADR-031](/docs/sdk/v0.47/build/architecture/adr-031-msg-service), we introduce the Inter-Module Communication framework for secure module authorization and OCAPs. When implemented, this could also serve as an alternative to the existing paradigm of passing keepers between modules. The approach outlined here-in is intended to form the basis of a Cosmos SDK v1.0 that provides the necessary @@ -63,8 +63,8 @@ addressed as amendments to this ADR. ### New "Keeper" Paradigm -In [ADR 021](adr-021-protobuf-query-encoding), a mechanism for using protobuf service definitions to define queriers -was introduced and in [ADR 31](adr-031-msg-service), a mechanism for using protobuf service to define `Msg`s was added. +In [ADR 021](/docs/sdk/v0.47/build/architecture/adr-021-protobuf-query-encoding), a mechanism for using protobuf service definitions to define queriers +was introduced and in [ADR 31](/docs/sdk/v0.47/build/architecture/adr-031-msg-service), a mechanism for using protobuf service to define `Msg`s was added. Protobuf service definitions generate two golang interfaces representing the client and server sides of a service plus some helper code. Here is a minimal example for the bank `cosmos.bank.Msg/Send` message type: @@ -80,7 +80,7 @@ type MsgServer interface { } ``` -[ADR 021](adr-021-protobuf-query-encoding) and [ADR 31](adr-031-msg-service) specifies how modules can implement the generated `QueryServer` +[ADR 021](/docs/sdk/v0.47/build/architecture/adr-021-protobuf-query-encoding) and [ADR 31](/docs/sdk/v0.47/build/architecture/adr-031-msg-service) specifies how modules can implement the generated `QueryServer` and `MsgServer` interfaces as replacements for the legacy queriers and `Msg` handlers respectively. In this ADR we explain how modules can make queries and send `Msg`s to other modules using the generated `QueryClient` @@ -172,7 +172,7 @@ denom prefix being restricted to certain modules (as discussed in ### `ModuleKey`s and `ModuleID`s A `ModuleKey` can be thought of as a "private key" for a module account and a `ModuleID` can be thought of as the -corresponding "public key". From the [ADR 028](adr-028-public-key-addresses), modules can have both a root module account and any number of sub-accounts +corresponding "public key". From the [ADR 028](/docs/sdk/v0.47/build/architecture/adr-028-public-key-addresses), modules can have both a root module account and any number of sub-accounts or derived accounts that can be used for different pools (ex. staking pools) or managed accounts (ex. group accounts). We can also think of module sub-accounts as similar to derived keys - there is a root key and then some derivation path. `ModuleID` is a simple struct which contains the module name and optional "derivation" path, @@ -287,7 +287,7 @@ return f(ctx, args, reply) ### `AppModule` Wiring and Requirements -In [ADR 031](adr-031-msg-service), the `AppModule.RegisterService(Configurator)` method was introduced. To support +In [ADR 031](/docs/sdk/v0.47/build/architecture/adr-031-msg-service), the `AppModule.RegisterService(Configurator)` method was introduced. To support inter-module communication, we extend the `Configurator` interface to pass in the `ModuleKey` and to allow modules to specify their dependencies on other modules using `RequireServer()`: @@ -448,8 +448,8 @@ replacing `Keeper` interfaces altogether. ## References -* [ADR 021](adr-021-protobuf-query-encoding) -* [ADR 031](adr-031-msg-service) -* [ADR 028](adr-028-public-key-addresses) +* [ADR 021](/docs/sdk/v0.47/build/architecture/adr-021-protobuf-query-encoding) +* [ADR 031](/docs/sdk/v0.47/build/architecture/adr-031-msg-service) +* [ADR 028](/docs/sdk/v0.47/build/architecture/adr-028-public-key-addresses) * [ADR 030 draft](https://github.com/cosmos/cosmos-sdk/pull/7105) * [Object-Capability Model](https://docs.network.com/main/core/ocap) diff --git a/docs/sdk/v0.47/build/architecture/adr-042-group-module.mdx b/docs/sdk/v0.47/build/architecture/adr-042-group-module.mdx index 41ca3a41..318d4506 100644 --- a/docs/sdk/v0.47/build/architecture/adr-042-group-module.mdx +++ b/docs/sdk/v0.47/build/architecture/adr-042-group-module.mdx @@ -19,13 +19,13 @@ This ADR defines the `x/group` module which allows the creation and management o The legacy amino multi-signature mechanism of the Cosmos SDK has certain limitations: -* Key rotation is not possible, although this can be solved with [account rekeying](adr-034-account-rekeying). +* Key rotation is not possible, although this can be solved with [account rekeying](/docs/sdk/v0.47/build/architecture/adr-034-account-rekeying). * Thresholds can't be changed. * UX is cumbersome for non-technical users ([#5661](https://github.com/cosmos/cosmos-sdk/issues/5661)). * It requires `legacy_amino` sign mode ([#8141](https://github.com/cosmos/cosmos-sdk/issues/8141)). While the group module is not meant to be a total replacement for the current multi-signature accounts, it provides a solution to the limitations described above, with a more flexible key management system where keys can be added, updated or removed, as well as configurable thresholds. -It's meant to be used with other access control modules such as [`x/feegrant`](adr-029-fee-grant-module) ans [`x/authz`](adr-030-authz-module) to simplify key management for individuals and organizations. +It's meant to be used with other access control modules such as [`x/feegrant`](/docs/sdk/v0.47/build/architecture/adr-029-fee-grant-module) ans [`x/authz`](/docs/sdk/v0.47/build/architecture/adr-030-authz-module) to simplify key management for individuals and organizations. The proof of concept of the group module can be found in [Link](https://github.com/regen-network/regen-ledger/tree/master/proto/regen/group/v1alpha1) and [Link](https://github.com/regen-network/regen-ledger/tree/master/x/group). @@ -103,7 +103,7 @@ and keeps membership consistent across different policies. The pattern that is recommended is to have a single master group account for a given group, and then to create separate group accounts with different decision policies and delegate the desired permissions from the master account to -those "sub-accounts" using the [`x/authz` module](adr-030-authz-module). +those "sub-accounts" using the [`x/authz` module](/docs/sdk/v0.47/build/architecture/adr-030-authz-module). ```protobuf expandable message GroupAccountInfo { @@ -250,7 +250,7 @@ The [ORM package](https://github.com/cosmos/cosmos-sdk/discussions/9156) defines Groups are stored in state as part of a `groupTable`, the `group_id` being an auto-increment integer. Group members are stored in a `groupMemberTable`. -Group accounts are stored in a `groupAccountTable`. The group account address is generated based on an auto-increment integer which is used to derive the group module `RootModuleKey` into a `DerivedModuleKey`, as stated in [ADR-033](adr-033-protobuf-inter-module-comm#modulekeys-and-moduleids). The group account is added as a new `ModuleAccount` through `x/auth`. +Group accounts are stored in a `groupAccountTable`. The group account address is generated based on an auto-increment integer which is used to derive the group module `RootModuleKey` into a `DerivedModuleKey`, as stated in [ADR-033](/docs/sdk/v0.47/build/architecture/adr-033-protobuf-inter-module-comm#modulekeys-and-moduleids). The group account is added as a new `ModuleAccount` through `x/auth`. Proposals are stored as part of the `proposalTable` using the `Proposal` type. The `proposal_id` is an auto-increment integer. @@ -258,7 +258,7 @@ Votes are stored in the `voteTable`. The primary key is based on the vote's `pro #### ADR-033 to route proposal messages -Inter-module communication introduced by [ADR-033](adr-033-protobuf-inter-module-comm) can be used to route a proposal's messages using the `DerivedModuleKey` corresponding to the proposal's group account. +Inter-module communication introduced by [ADR-033](/docs/sdk/v0.47/build/architecture/adr-033-protobuf-inter-module-comm) can be used to route a proposal's messages using the `DerivedModuleKey` corresponding to the proposal's group account. ## Consequences diff --git a/docs/sdk/v0.47/build/architecture/adr-044-protobuf-updates-guidelines.mdx b/docs/sdk/v0.47/build/architecture/adr-044-protobuf-updates-guidelines.mdx index d597298f..5e6f0105 100644 --- a/docs/sdk/v0.47/build/architecture/adr-044-protobuf-updates-guidelines.mdx +++ b/docs/sdk/v0.47/build/architecture/adr-044-protobuf-updates-guidelines.mdx @@ -83,7 +83,7 @@ Protobuf supports the [`deprecated` field option](https://developers.google.com/ As an example, the Cosmos SDK v0.42 to v0.43 update contained two Protobuf-breaking changes, listed below. Instead of bumping the package versions from `v1beta1` to `v1`, the SDK team decided to follow this guideline, by reverting the breaking changes, marking those changes as deprecated, and modifying the node implementation when processing messages with deprecated fields. More specifically: * The Cosmos SDK recently removed support for [time-based software upgrades](https://github.com/cosmos/cosmos-sdk/pull/8849). As such, the `time` field has been marked as deprecated in `cosmos.upgrade.v1beta1.Plan`. Moreover, the node will reject any proposal containing an upgrade Plan whose `time` field is non-empty. -* The Cosmos SDK now supports [governance split votes](adr-037-gov-split-vote). When querying for votes, the returned `cosmos.gov.v1beta1.Vote` message has its `option` field (used for 1 vote option) deprecated in favor of its `options` field (allowing multiple vote options). Whenever possible, the SDK still populates the deprecated `option` field, that is, if and only if the `len(options) == 1` and `options[0].Weight == 1.0`. +* The Cosmos SDK now supports [governance split votes](/docs/sdk/v0.47/build/architecture/adr-037-gov-split-vote). When querying for votes, the returned `cosmos.gov.v1beta1.Vote` message has its `option` field (used for 1 vote option) deprecated in favor of its `options` field (allowing multiple vote options). Whenever possible, the SDK still populates the deprecated `option` field, that is, if and only if the `len(options) == 1` and `options[0].Weight == 1.0`. #### 3. Fields MUST NOT be renamed diff --git a/docs/sdk/v0.47/build/architecture/adr-045-check-delivertx-middlewares.mdx b/docs/sdk/v0.47/build/architecture/adr-045-check-delivertx-middlewares.mdx index dd40b4e5..26cccd3d 100644 --- a/docs/sdk/v0.47/build/architecture/adr-045-check-delivertx-middlewares.mdx +++ b/docs/sdk/v0.47/build/architecture/adr-045-check-delivertx-middlewares.mdx @@ -256,12 +256,12 @@ While the app developer can define and compose the middlewares of their choice, | TxDecoderMiddleware | This middleware takes in transaction raw bytes, and decodes them into a `sdk.Tx`. It replaces the `baseapp.txDecoder` field, so that BaseApp stays as thin as possible. Since most middlewares read the contents of the `sdk.Tx`, the TxDecoderMiddleware should be run first in the middleware stack. | | `{Antehandlers}` | Each antehandler is converted to its own middleware. These middlewares perform signature verification, fee deductions and other validations on the incoming transaction. | | IndexEventsTxMiddleware | This is a simple middleware that chooses which events to index in Tendermint. Replaces `baseapp.indexEvents` (which unfortunately still exists in baseapp too, because it's used to index Begin/EndBlock events) | -| RecoveryTxMiddleware | This index recovers from panics. It replaces baseapp.runTx's panic recovery described in [ADR-022](adr-022-custom-panic-handling). | +| RecoveryTxMiddleware | This index recovers from panics. It replaces baseapp.runTx's panic recovery described in [ADR-022](/docs/sdk/v0.47/build/architecture/adr-022-custom-panic-handling). | | GasTxMiddleware | This replaces the [`Setup`](https://github.com/cosmos/cosmos-sdk/blob/v0.43.0/x/auth/ante/setup.go) Antehandler. It sets a GasMeter on sdk.Context. Note that before, GasMeter was set on sdk.Context inside the antehandlers, and there was some mess around the fact that antehandlers had their own panic recovery system so that the GasMeter could be read by baseapp's recovery system. Now, this mess is all removed: one middleware sets GasMeter, another one handles recovery. | ### Similarities and Differences between Antehandlers and Middlewares -The middleware-based design builds upon the existing antehandlers design described in [ADR-010](adr-010-modular-antehandler). Even though the final decision of ADR-010 was to go with the "Simple Decorators" approach, the middleware design is actually very similar to the other [Decorator Pattern](adr-010-modular-antehandler#decorator-pattern) proposal, also used in [weave](https://github.com/iov-one/weave). +The middleware-based design builds upon the existing antehandlers design described in [ADR-010](/docs/sdk/v0.47/build/architecture/adr-010-modular-antehandler). Even though the final decision of ADR-010 was to go with the "Simple Decorators" approach, the middleware design is actually very similar to the other [Decorator Pattern](/docs/sdk/v0.47/build/architecture/adr-010-modular-antehandler#decorator-pattern) proposal, also used in [weave](https://github.com/iov-one/weave). #### Similarities with Antehandlers diff --git a/docs/sdk/v0.47/build/architecture/adr-050-sign-mode-textual-annex1.mdx b/docs/sdk/v0.47/build/architecture/adr-050-sign-mode-textual-annex1.mdx index 75a7b7bd..6a8dabe1 100644 --- a/docs/sdk/v0.47/build/architecture/adr-050-sign-mode-textual-annex1.mdx +++ b/docs/sdk/v0.47/build/architecture/adr-050-sign-mode-textual-annex1.mdx @@ -65,7 +65,7 @@ Value Renderers describe how values of different Protobuf types should be encode ### `repeated` -* Applies to all `repeated` fields, except `cosmos.tx.v1beta1.TxBody#Messages`, which has a particular encoding (see [ADR-050](adr-050-sign-mode-textual)). +* Applies to all `repeated` fields, except `cosmos.tx.v1beta1.TxBody#Messages`, which has a particular encoding (see [ADR-050](/docs/sdk/v0.47/build/architecture/adr-050-sign-mode-textual)). * A repeated type has the following template: ``` @@ -282,7 +282,7 @@ The number 35 was chosen because it is the longest length where the hashed-and-p * byte arrays starting from length 36 will be be hashed to 32 bytes, which is 64 hex characters plus 15 spaces, and with the `SHA-256=` prefix, it takes 87 characters. Also, secp256k1 public keys have length 33, so their Textual representation is not their hashed value, which we would like to avoid. -Note: Data longer than 35 bytes are not rendered in a way that can be inverted. See ADR-050's [section about invertability](adr-050-sign-mode-textual#invertible-rendering) for a discussion. +Note: Data longer than 35 bytes are not rendered in a way that can be inverted. See ADR-050's [section about invertability](/docs/sdk/v0.47/build/architecture/adr-050-sign-mode-textual#invertible-rendering) for a discussion. #### Examples diff --git a/docs/sdk/v0.47/build/architecture/adr-050-sign-mode-textual.mdx b/docs/sdk/v0.47/build/architecture/adr-050-sign-mode-textual.mdx index b3c5aebc..4ab7cee5 100644 --- a/docs/sdk/v0.47/build/architecture/adr-050-sign-mode-textual.mdx +++ b/docs/sdk/v0.47/build/architecture/adr-050-sign-mode-textual.mdx @@ -30,7 +30,7 @@ This ADR specifies SIGN\_MODE\_TEXTUAL, a new string-based sign mode that is tar ## Context -Protobuf-based SIGN\_MODE\_DIRECT was introduced in [ADR-020](adr-020-protobuf-transaction-encoding) and is intended to replace SIGN\_MODE\_LEGACY\_AMINO\_JSON in most situations, such as mobile wallets and CLI keyrings. However, the [Ledger](https://www.ledger.com/) hardware wallet is still using SIGN\_MODE\_LEGACY\_AMINO\_JSON for displaying the sign bytes to the user. Hardware wallets cannot transition to SIGN\_MODE\_DIRECT as: +Protobuf-based SIGN\_MODE\_DIRECT was introduced in [ADR-020](/docs/sdk/v0.47/build/architecture/adr-020-protobuf-transaction-encoding) and is intended to replace SIGN\_MODE\_LEGACY\_AMINO\_JSON in most situations, such as mobile wallets and CLI keyrings. However, the [Ledger](https://www.ledger.com/) hardware wallet is still using SIGN\_MODE\_LEGACY\_AMINO\_JSON for displaying the sign bytes to the user. Hardware wallets cannot transition to SIGN\_MODE\_DIRECT as: * SIGN\_MODE\_DIRECT is binary-based and thus not suitable for display to end-users. Technically, hardware wallets could simply display the sign bytes to the user. But this would be considered as blind signing, and is a security concern. * hardware cannot decode the protobuf sign bytes due to memory constraints, as the Protobuf definitions would need to be embedded on the hardware device. @@ -56,7 +56,7 @@ or to introduce or conclude a larger grouping. The text can contain the full range of Unicode code points, including control characters and nul. The device is responsible for deciding how to display characters it cannot render natively. -See [annex 2](adr-050-sign-mode-textual-annex2) for guidance. +See [annex 2](/docs/sdk/v0.47/build/architecture/adr-050-sign-mode-textual-annex2) for guidance. Screens have a non-negative indentation level to signal composite or nested structures. Indentation level zero is the top level. @@ -301,7 +301,7 @@ where: This is to prevent transaction hash malleability. The point #1 about invertiblity assures that transaction `body` and `auth_info` values are not malleable, but the transaction hash still might be malleable with point #1 only, because the SIGN\_MODE\_TEXTUAL strings don't follow the byte ordering defined in `body_bytes` and `auth_info_bytes`. Without this hash, a malicious validator or exchange could intercept a transaction, modify its transaction hash *after* the user signed it using SIGN\_MODE\_TEXTUAL (by tweaking the byte ordering inside `body_bytes` or `auth_info_bytes`), and then submit it to Tendermint. -By including this hash in the SIGN\_MODE\_TEXTUAL signing payload, we keep the same level of guarantees as [SIGN\_MODE\_DIRECT](adr-020-protobuf-transaction-encoding). +By including this hash in the SIGN\_MODE\_TEXTUAL signing payload, we keep the same level of guarantees as [SIGN\_MODE\_DIRECT](/docs/sdk/v0.47/build/architecture/adr-020-protobuf-transaction-encoding). These bytes are only shown in expert mode, hence the leading `*`. @@ -322,7 +322,7 @@ The current spec version is defined in the "Status" section, on the top of this ## Additional Formatting by the Hardware Device -See [annex 2](adr-050-sign-mode-textual-annex2). +See [annex 2](/docs/sdk/v0.47/build/architecture/adr-050-sign-mode-textual-annex2). ## Examples @@ -357,14 +357,14 @@ SIGN\_MODE\_TEXTUAL is purely additive, and doesn't break any backwards compatib ## Further Discussions -* Some details on value renderers need to be polished, see [Annex 1](adr-050-sign-mode-textual-annex1). +* Some details on value renderers need to be polished, see [Annex 1](/docs/sdk/v0.47/build/architecture/adr-050-sign-mode-textual-annex1). * Are ledger apps able to support both SIGN\_MODE\_LEGACY\_AMINO\_JSON and SIGN\_MODE\_TEXTUAL at the same time? * Open question: should we add a Protobuf field option to allow app developers to overwrite the textual representation of certain Protobuf fields and message? This would be similar to Ethereum's [EIP4430](https://github.com/ethereum/EIPs/pull/4430), where the contract developer decides on the textual representation. * Internationalization. ## References -* [Annex 1](adr-050-sign-mode-textual-annex1) +* [Annex 1](/docs/sdk/v0.47/build/architecture/adr-050-sign-mode-textual-annex1) * Initial discussion: [Link](https://github.com/cosmos/cosmos-sdk/issues/6513) diff --git a/docs/sdk/v0.47/build/architecture/adr-054-semver-compatible-modules.mdx b/docs/sdk/v0.47/build/architecture/adr-054-semver-compatible-modules.mdx index cc400d5a..711d09c5 100644 --- a/docs/sdk/v0.47/build/architecture/adr-054-semver-compatible-modules.mdx +++ b/docs/sdk/v0.47/build/architecture/adr-054-semver-compatible-modules.mdx @@ -40,7 +40,7 @@ In order to achieve this, we need to solve the following problems: many modules in the SDK independently 3. pernicious minor version incompatibilities introduced through correctly [evolving protobuf schemas](https://developers.google.com/protocol-buffers/docs/proto3#updating) - without correct [unknown field filtering](adr-020-protobuf-transaction-encoding#unknown-field-filtering) + without correct [unknown field filtering](/docs/sdk/v0.47/build/architecture/adr-020-protobuf-transaction-encoding#unknown-field-filtering) Note that all the following discussion assumes that the proto file versioning and state machine versioning of a module are distinct in that: @@ -150,7 +150,7 @@ with this update and use that for `foo/v2`. But this change is state machine breaking for `v1`. It requires changing the `ValidateBasic` method to reject the case where `amount` is zero, and it adds the `condition` field which should be rejected based -on [ADR 020 unknown field filtering](adr-020-protobuf-transaction-encoding#unknown-field-filtering). +on [ADR 020 unknown field filtering](/docs/sdk/v0.47/build/architecture/adr-020-protobuf-transaction-encoding#unknown-field-filtering). So adding these changes as a patch on `v1` is actually incorrect based on semantic versioning. Chains that want to stay on `v1` of `foo` should not be importing these changes because they are incorrect for `v1.` @@ -179,9 +179,9 @@ on `v1` or `v2` and dynamically, it could choose to only use `condition` when `foo/v2` is available. Even if `bar/v2` were able to perform this check, however, how do we know that it is always performing the check properly. Without some sort of -framework-level [unknown field filtering](adr-020-protobuf-transaction-encoding#unknown-field-filtering), +framework-level [unknown field filtering](/docs/sdk/v0.47/build/architecture/adr-020-protobuf-transaction-encoding#unknown-field-filtering), it is hard to know whether these pernicious hard to detect bugs are getting into -our app and a client-server layer such as [ADR 033: Inter-Module Communication](adr-033-protobuf-inter-module-comm) +our app and a client-server layer such as [ADR 033: Inter-Module Communication](/docs/sdk/v0.47/build/architecture/adr-033-protobuf-inter-module-comm) may be needed to do this. ## Solutions @@ -274,9 +274,9 @@ of care to avoid these sorts of issues. This approach in and of itself does little to address any potential minor version incompatibilities and the -requisite [unknown field filtering](adr-020-protobuf-transaction-encoding#unknown-field-filtering). +requisite [unknown field filtering](/docs/sdk/v0.47/build/architecture/adr-020-protobuf-transaction-encoding#unknown-field-filtering). Likely some sort of client-server routing layer which does this check such as -[ADR 033: Inter-Module communication](adr-033-protobuf-inter-module-comm) +[ADR 033: Inter-Module communication](/docs/sdk/v0.47/build/architecture/adr-033-protobuf-inter-module-comm) is required to make sure that this is done properly. We could then allow modules to perform a runtime check given a `MsgClient`, ex: @@ -307,7 +307,7 @@ result in an undesirable performance hit depending on how complex this logic is. An alternate approach to solving the versioning problem is to change how protobuf code is generated and move modules mostly or completely in the direction of inter-module communication as described -in [ADR 033](adr-033-protobuf-inter-module-comm). +in [ADR 033](/docs/sdk/v0.47/build/architecture/adr-033-protobuf-inter-module-comm). In this paradigm, a module could generate all the types it needs internally - including the API types of other modules - and talk to other modules via a client-server boundary. For instance, if `bar` needs to talk to `foo`, it could generate its own version of `MsgDoSomething` as `bar/internal/foo/v1.MsgDoSomething` and just pass this to the @@ -326,7 +326,7 @@ to `foo/internal.MsgDoSomething` would be marshaling and unmarshaling in the ADR we needed to expose protobuf types in `Keeper` interfaces because the whole point is to try to keep these types `internal/` so that we don't end up with all the import version incompatibilities we've described above. However, because of the issue with minor version incompatibilities and the need -for [unknown field filtering](adr-020-protobuf-transaction-encoding#unknown-field-filtering), +for [unknown field filtering](/docs/sdk/v0.47/build/architecture/adr-020-protobuf-transaction-encoding#unknown-field-filtering), sticking with the `Keeper` paradigm instead of ADR 033 may be unviable to begin with. A more performant solution (that could maybe be adapted to work with `Keeper` interfaces) would be to only expose @@ -412,7 +412,7 @@ and would also need to use special tags and replace directives to make sure that versions. Note, however, that all of these ad-hoc approaches, would be vulnerable to the minor version compatibility issues -described above unless [unknown field filtering](adr-020-protobuf-transaction-encoding#unknown-field-filtering) +described above unless [unknown field filtering](/docs/sdk/v0.47/build/architecture/adr-020-protobuf-transaction-encoding#unknown-field-filtering) is properly addressed. ### Approach D) Avoid protobuf generated code in public APIs @@ -462,7 +462,7 @@ Other downsides to this approach are: The latest **DRAFT** proposal is: -1. we are alignment on adopting [ADR 033](adr-033-protobuf-inter-module-comm) not just as an addition to the +1. we are alignment on adopting [ADR 033](/docs/sdk/v0.47/build/architecture/adr-033-protobuf-inter-module-comm) not just as an addition to the framework, but as a core replacement to the keeper paradigm entirely. 2. the ADR 033 inter-module router will accommodate any variation of approach (A) or (B) given the following rules: a. if the client type is the same as the server type then pass it directly through, @@ -525,7 +525,7 @@ uint64 ### Unknown Field Filtering -To correctly perform [unknown field filtering](adr-020-protobuf-transaction-encoding#unknown-field-filtering), +To correctly perform [unknown field filtering](/docs/sdk/v0.47/build/architecture/adr-020-protobuf-transaction-encoding#unknown-field-filtering), the inter-module router can do one of the following: * use the `protoreflect` API for messages which support that @@ -588,7 +588,7 @@ We propose defining these dependencies in the proto options of the module config We will also need to define how interface methods are defined on types that are serialized as `google.protobuf.Any`'s. In light of the desire to support modules in other languages, we may want to think of solutions that will accommodate -other languages such as plugins described briefly in [ADR 033](adr-033-protobuf-inter-module-comm#internal-methods). +other languages such as plugins described briefly in [ADR 033](/docs/sdk/v0.47/build/architecture/adr-033-protobuf-inter-module-comm#internal-methods). ### Testing @@ -795,5 +795,5 @@ Key outstanding discussions if we do adopt that direction are: * [Link](https://github.com/cosmos/cosmos-sdk/discussions/10368) * [Link](https://github.com/cosmos/cosmos-sdk/pull/11340) * [Link](https://github.com/cosmos/cosmos-sdk/issues/11899) -* [ADR 020](adr-020-protobuf-transaction-encoding) -* [ADR 033](adr-033-protobuf-inter-module-comm) +* [ADR 020](/docs/sdk/v0.47/build/architecture/adr-020-protobuf-transaction-encoding) +* [ADR 033](/docs/sdk/v0.47/build/architecture/adr-033-protobuf-inter-module-comm) diff --git a/docs/sdk/v0.47/build/architecture/adr-057-app-wiring.mdx b/docs/sdk/v0.47/build/architecture/adr-057-app-wiring.mdx index 0d8695c2..bb8bd55c 100644 --- a/docs/sdk/v0.47/build/architecture/adr-057-app-wiring.mdx +++ b/docs/sdk/v0.47/build/architecture/adr-057-app-wiring.mdx @@ -25,13 +25,13 @@ which contains almost 100 lines of imports and is otherwise over 600 lines of mo generally copied to each new project. (Not to mention the additional boilerplate which gets copied in `simapp/simd`.) The large amount of boilerplate needed to bootstrap an app has made it hard to release independently versioned go -modules for Cosmos SDK modules as described in [ADR 053: Go Module Refactoring](adr-053-go-module-refactoring). +modules for Cosmos SDK modules as described in [ADR 053: Go Module Refactoring](/docs/sdk/v0.47/build/architecture/adr-053-go-module-refactoring). In addition to being very verbose and repetitive, `app.go` also exposes a large surface area for breaking changes as most modules instantiate themselves with positional parameters which forces breaking changes anytime a new parameter (even an optional one) is needed. -Several attempts were made to improve the current situation including [ADR 033: Internal-Module Communication](adr-033-protobuf-inter-module-comm) +Several attempts were made to improve the current situation including [ADR 033: Internal-Module Communication](/docs/sdk/v0.47/build/architecture/adr-033-protobuf-inter-module-comm) and [a proof-of-concept of a new SDK](https://github.com/allinbits/cosmos-sdk-poc). The discussions around these designs led to the current solution described here. diff --git a/docs/sdk/v0.47/build/architecture/adr-063-core-module-api.mdx b/docs/sdk/v0.47/build/architecture/adr-063-core-module-api.mdx index 7a6f94f9..d4d83d39 100644 --- a/docs/sdk/v0.47/build/architecture/adr-063-core-module-api.mdx +++ b/docs/sdk/v0.47/build/architecture/adr-063-core-module-api.mdx @@ -23,7 +23,7 @@ A new core API is proposed as a way to develop cosmos-sdk applications that will * more stable than the current framework * enable deterministic events and queries, * support event listeners -* [ADR 033: Protobuf-based Inter-Module Communication](adr-033-protobuf-inter-module-comm) clients. +* [ADR 033: Protobuf-based Inter-Module Communication](/docs/sdk/v0.47/build/architecture/adr-033-protobuf-inter-module-comm) clients. ## Context @@ -93,7 +93,7 @@ slower than more fast moving projects. ### Core Services The following "core services" are defined by the core API. All valid runtime module implementations should provide -implementations of these services to modules via both [dependency injection](adr-057-app-wiring) and +implementations of these services to modules via both [dependency injection](/docs/sdk/v0.47/build/architecture/adr-057-app-wiring) and manual wiring. The individual services described below are all bundled in a convenient `appmodule.Service` "bundle service" so that for simplicity modules can declare a dependency on a single service. @@ -274,7 +274,7 @@ type GenesisTarget = func(field string) (io.WriteCloser, error) All genesis objects for a given module are expected to conform to the semantics of a JSON object. Each field in the JSON object should be read and written separately to support streaming genesis. -The [ORM](adr-055-orm) and [collections](adr-062-collections-state-layer) both support +The [ORM](/docs/sdk/v0.47/build/architecture/adr-055-orm) and [collections](/docs/sdk/v0.47/build/architecture/adr-062-collections-state-layer) both support streaming genesis and modules using these frameworks generally do not need to write any manual genesis code. @@ -447,11 +447,11 @@ Crisis module invariants and simulations are subject to potential redesign and s defined in the crisis and simulation modules respectively. Extension interface for CLI commands will be provided via the `cosmossdk.io/client/v2` module and its -[autocli](adr-058-auto-generated-cli) framework. +[autocli](/docs/sdk/v0.47/build/architecture/adr-058-auto-generated-cli) framework. #### Example Usage -Here is an example of setting up a hypothetical `foo` v2 module which uses the [ORM](adr-055-orm) for its state +Here is an example of setting up a hypothetical `foo` v2 module which uses the [ORM](/docs/sdk/v0.47/build/architecture/adr-055-orm) for its state management and genesis. ```go expandable @@ -549,8 +549,8 @@ as by providing service implementations by wrapping `sdk.Context`. ## References -* [ADR 033: Protobuf-based Inter-Module Communication](adr-033-protobuf-inter-module-comm) +* [ADR 033: Protobuf-based Inter-Module Communication](/docs/sdk/v0.47/build/architecture/adr-033-protobuf-inter-module-comm) * [ADR 057: App Wiring](/docs/sdk/v0.47/adr-057-app-wiring) -* [ADR 055: ORM](adr-055-orm) -* [ADR 028: Public Key Addresses](adr-028-public-key-addresses) +* [ADR 055: ORM](/docs/sdk/v0.47/build/architecture/adr-055-orm) +* [ADR 028: Public Key Addresses](/docs/sdk/v0.47/build/architecture/adr-028-public-key-addresses) * [Keeping Your Modules Compatible](https://go.dev/blog/module-compatibility) diff --git a/docs/sdk/v0.47/build/architecture/adr-064-abci-2.0.mdx b/docs/sdk/v0.47/build/architecture/adr-064-abci-2.0.mdx index 05ce6210..9b8b5d68 100644 --- a/docs/sdk/v0.47/build/architecture/adr-064-abci-2.0.mdx +++ b/docs/sdk/v0.47/build/architecture/adr-064-abci-2.0.mdx @@ -19,7 +19,7 @@ ACCEPTED ## Abstract This ADR outlines the continuation of the efforts to implement ABCI++ in the Cosmos -SDK outlined in [ADR 060: ABCI 1.0 (Phase I)](adr-060-abci-1.0). +SDK outlined in [ADR 060: ABCI 1.0 (Phase I)](/docs/sdk/v0.47/build/architecture/adr-060-abci-1.0). Specifically, this ADR outlines the design and implementation of ABCI 2.0, which includes `ExtendVote`, `VerifyVoteExtension` and `FinalizeBlock`. @@ -503,4 +503,4 @@ continuation of ABCI++ and the general discussion of optimistic execution. ## References -* [ADR 060: ABCI 1.0 (Phase I)](adr-060-abci-1.0) +* [ADR 060: ABCI 1.0 (Phase I)](/docs/sdk/v0.47/build/architecture/adr-060-abci-1.0) diff --git a/docs/sdk/v0.47/build/architecture/adr-065-store-v2.mdx b/docs/sdk/v0.47/build/architecture/adr-065-store-v2.mdx index ed918f07..e0418e5d 100644 --- a/docs/sdk/v0.47/build/architecture/adr-065-store-v2.mdx +++ b/docs/sdk/v0.47/build/architecture/adr-065-store-v2.mdx @@ -67,9 +67,9 @@ See the [Storage Discussion](https://github.com/cosmos/cosmos-sdk/discussions/13 ## Alternatives -There was a previous attempt to refactor the storage layer described in [ADR-040](adr-040-storage-and-smt-state-commitments). +There was a previous attempt to refactor the storage layer described in [ADR-040](/docs/sdk/v0.47/build/architecture/adr-040-storage-and-smt-state-commitments). However, this approach mainly stems on the short comings of IAVL and various performance -issues around it. While there was a (partial) implementation of [ADR-040](adr-040-storage-and-smt-state-commitments), +issues around it. While there was a (partial) implementation of [ADR-040](/docs/sdk/v0.47/build/architecture/adr-040-storage-and-smt-state-commitments), it was never adopted for a variety of reasons, such as the reliance on using an SMT, which was more in a research phase, and some design choices that couldn't be fully agreed upon, such as the snap-shotting mechanism that would result in @@ -77,7 +77,7 @@ massive state bloat. ## Decision -We propose to build upon some of the great ideas introduced in [ADR-040](adr-040-storage-and-smt-state-commitments), +We propose to build upon some of the great ideas introduced in [ADR-040](/docs/sdk/v0.47/build/architecture/adr-040-storage-and-smt-state-commitments), while being a bit more flexible with the underlying implementations and overall less intrusive. Specifically, we propose to: diff --git a/docs/sdk/v0.47/build/architecture/adr-template.mdx b/docs/sdk/v0.47/build/architecture/adr-template.mdx index df516624..cf08aa9d 100644 --- a/docs/sdk/v0.47/build/architecture/adr-template.mdx +++ b/docs/sdk/v0.47/build/architecture/adr-template.mdx @@ -6,7 +6,7 @@ {DRAFT | PROPOSED} Not Implemented -> Please have a look at the [PROCESS](PROCESS#adr-status) page. +> Please have a look at the [PROCESS](/docs/sdk/v0.47/build/architecture/PROCESS#adr-status) page. > Use DRAFT if the ADR is in a draft stage (draft PR) or PROPOSED if it's in review. ## Abstract diff --git a/docs/sdk/v0.50/build/architecture/adr-020-protobuf-transaction-encoding.mdx b/docs/sdk/v0.50/build/architecture/adr-020-protobuf-transaction-encoding.mdx index 1aa9d5eb..00681e4c 100644 --- a/docs/sdk/v0.50/build/architecture/adr-020-protobuf-transaction-encoding.mdx +++ b/docs/sdk/v0.50/build/architecture/adr-020-protobuf-transaction-encoding.mdx @@ -45,7 +45,7 @@ approach to the approach described below. ### Transactions -Since interface values are encoded with `google.protobuf.Any` in state (see [ADR 019](adr-019-protobuf-state-encoding)), +Since interface values are encoded with `google.protobuf.Any` in state (see [ADR 019](/docs/sdk/v0.50/build/architecture/adr-019-protobuf-state-encoding)), `sdk.Msg`s are encoding with `Any` in transactions. One of the main goals of using `Any` to encode interface values is to have a diff --git a/docs/sdk/v0.50/build/architecture/adr-023-protobuf-naming.mdx b/docs/sdk/v0.50/build/architecture/adr-023-protobuf-naming.mdx index b73da0b0..aca5d6e6 100644 --- a/docs/sdk/v0.50/build/architecture/adr-023-protobuf-naming.mdx +++ b/docs/sdk/v0.50/build/architecture/adr-023-protobuf-naming.mdx @@ -38,7 +38,7 @@ from Buf that: ### Adoption of gRPC Queries -In [ADR 021](adr-021-protobuf-query-encoding), gRPC was adopted for Protobuf +In [ADR 021](/docs/sdk/v0.50/build/architecture/adr-021-protobuf-query-encoding), gRPC was adopted for Protobuf native queries. The full gRPC service path thus becomes a key part of ABCI query path. In the future, gRPC queries may be allowed from within persistent scripts by technologies such as CosmWasm and these query routes would be stored within @@ -209,7 +209,7 @@ helpful context. ### Service and RPC Naming -[ADR 021](adr-021-protobuf-query-encoding) specifies that modules should +[ADR 021](/docs/sdk/v0.50/build/architecture/adr-021-protobuf-query-encoding) specifies that modules should implement a gRPC query service. We should consider the principle of conciseness for query service and RPC names as these may be called from persistent script modules such as CosmWasm. Also, users may use these query paths from tools like diff --git a/docs/sdk/v0.50/build/architecture/adr-042-group-module.mdx b/docs/sdk/v0.50/build/architecture/adr-042-group-module.mdx index 9848b857..4841141e 100644 --- a/docs/sdk/v0.50/build/architecture/adr-042-group-module.mdx +++ b/docs/sdk/v0.50/build/architecture/adr-042-group-module.mdx @@ -19,13 +19,13 @@ This ADR defines the `x/group` module which allows the creation and management o The legacy amino multi-signature mechanism of the Cosmos SDK has certain limitations: -* Key rotation is not possible, although this can be solved with [account rekeying](adr-034-account-rekeying). +* Key rotation is not possible, although this can be solved with [account rekeying](/docs/sdk/v0.50/build/architecture/adr-034-account-rekeying). * Thresholds can't be changed. * UX is cumbersome for non-technical users ([#5661](https://github.com/cosmos/cosmos-sdk/issues/5661)). * It requires `legacy_amino` sign mode ([#8141](https://github.com/cosmos/cosmos-sdk/issues/8141)). While the group module is not meant to be a total replacement for the current multi-signature accounts, it provides a solution to the limitations described above, with a more flexible key management system where keys can be added, updated or removed, as well as configurable thresholds. -It's meant to be used with other access control modules such as [`x/feegrant`](/docs/sdk/v0.50/adr-029-fee-grant-module) ans [`x/authz`](adr-030-authz-module) to simplify key management for individuals and organizations. +It's meant to be used with other access control modules such as [`x/feegrant`](/docs/sdk/v0.50/adr-029-fee-grant-module) ans [`x/authz`](/docs/sdk/v0.50/build/architecture/adr-030-authz-module) to simplify key management for individuals and organizations. The proof of concept of the group module can be found in [Link](https://github.com/regen-network/regen-ledger/tree/master/proto/regen/group/v1alpha1) and [Link](https://github.com/regen-network/regen-ledger/tree/master/x/group). @@ -103,7 +103,7 @@ and keeps membership consistent across different policies. The pattern that is recommended is to have a single master group account for a given group, and then to create separate group accounts with different decision policies and delegate the desired permissions from the master account to -those "sub-accounts" using the [`x/authz` module](adr-030-authz-module). +those "sub-accounts" using the [`x/authz` module](/docs/sdk/v0.50/build/architecture/adr-030-authz-module). ```protobuf expandable message GroupAccountInfo { @@ -250,7 +250,7 @@ The [ORM package](https://github.com/cosmos/cosmos-sdk/discussions/9156) defines Groups are stored in state as part of a `groupTable`, the `group_id` being an auto-increment integer. Group members are stored in a `groupMemberTable`. -Group accounts are stored in a `groupAccountTable`. The group account address is generated based on an auto-increment integer which is used to derive the group module `RootModuleKey` into a `DerivedModuleKey`, as stated in [ADR-033](adr-033-protobuf-inter-module-comm#modulekeys-and-moduleids). The group account is added as a new `ModuleAccount` through `x/auth`. +Group accounts are stored in a `groupAccountTable`. The group account address is generated based on an auto-increment integer which is used to derive the group module `RootModuleKey` into a `DerivedModuleKey`, as stated in [ADR-033](/docs/sdk/v0.50/build/architecture/adr-033-protobuf-inter-module-comm#modulekeys-and-moduleids). The group account is added as a new `ModuleAccount` through `x/auth`. Proposals are stored as part of the `proposalTable` using the `Proposal` type. The `proposal_id` is an auto-increment integer. @@ -258,7 +258,7 @@ Votes are stored in the `voteTable`. The primary key is based on the vote's `pro #### ADR-033 to route proposal messages -Inter-module communication introduced by [ADR-033](adr-033-protobuf-inter-module-comm) can be used to route a proposal's messages using the `DerivedModuleKey` corresponding to the proposal's group account. +Inter-module communication introduced by [ADR-033](/docs/sdk/v0.50/build/architecture/adr-033-protobuf-inter-module-comm) can be used to route a proposal's messages using the `DerivedModuleKey` corresponding to the proposal's group account. ## Consequences diff --git a/docs/sdk/v0.50/build/architecture/adr-064-abci-2.0.mdx b/docs/sdk/v0.50/build/architecture/adr-064-abci-2.0.mdx index e988152f..6c2e8bb0 100644 --- a/docs/sdk/v0.50/build/architecture/adr-064-abci-2.0.mdx +++ b/docs/sdk/v0.50/build/architecture/adr-064-abci-2.0.mdx @@ -17,7 +17,7 @@ ACCEPTED ## Abstract This ADR outlines the continuation of the efforts to implement ABCI++ in the Cosmos -SDK outlined in [ADR 060: ABCI 1.0 (Phase I)](adr-060-abci-1.0). +SDK outlined in [ADR 060: ABCI 1.0 (Phase I)](/docs/sdk/v0.50/build/architecture/adr-060-abci-1.0). Specifically, this ADR outlines the design and implementation of ABCI 2.0, which includes `ExtendVote`, `VerifyVoteExtension` and `FinalizeBlock`. @@ -502,4 +502,4 @@ continuation of ABCI++ and the general discussion of optimistic execution. ## References -* [ADR 060: ABCI 1.0 (Phase I)](adr-060-abci-1.0) +* [ADR 060: ABCI 1.0 (Phase I)](/docs/sdk/v0.50/build/architecture/adr-060-abci-1.0) diff --git a/docs/sdk/v0.53/build/architecture/adr-020-protobuf-transaction-encoding.mdx b/docs/sdk/v0.53/build/architecture/adr-020-protobuf-transaction-encoding.mdx index 1aa9d5eb..ec1ec5f2 100644 --- a/docs/sdk/v0.53/build/architecture/adr-020-protobuf-transaction-encoding.mdx +++ b/docs/sdk/v0.53/build/architecture/adr-020-protobuf-transaction-encoding.mdx @@ -45,7 +45,7 @@ approach to the approach described below. ### Transactions -Since interface values are encoded with `google.protobuf.Any` in state (see [ADR 019](adr-019-protobuf-state-encoding)), +Since interface values are encoded with `google.protobuf.Any` in state (see [ADR 019](/docs/sdk/v0.53/build/architecture/adr-019-protobuf-state-encoding)), `sdk.Msg`s are encoding with `Any` in transactions. One of the main goals of using `Any` to encode interface values is to have a diff --git a/docs/sdk/v0.53/build/architecture/adr-023-protobuf-naming.mdx b/docs/sdk/v0.53/build/architecture/adr-023-protobuf-naming.mdx index b73da0b0..2c37be89 100644 --- a/docs/sdk/v0.53/build/architecture/adr-023-protobuf-naming.mdx +++ b/docs/sdk/v0.53/build/architecture/adr-023-protobuf-naming.mdx @@ -38,7 +38,7 @@ from Buf that: ### Adoption of gRPC Queries -In [ADR 021](adr-021-protobuf-query-encoding), gRPC was adopted for Protobuf +In [ADR 021](/docs/sdk/v0.53/build/architecture/adr-021-protobuf-query-encoding), gRPC was adopted for Protobuf native queries. The full gRPC service path thus becomes a key part of ABCI query path. In the future, gRPC queries may be allowed from within persistent scripts by technologies such as CosmWasm and these query routes would be stored within @@ -209,7 +209,7 @@ helpful context. ### Service and RPC Naming -[ADR 021](adr-021-protobuf-query-encoding) specifies that modules should +[ADR 021](/docs/sdk/v0.53/build/architecture/adr-021-protobuf-query-encoding) specifies that modules should implement a gRPC query service. We should consider the principle of conciseness for query service and RPC names as these may be called from persistent script modules such as CosmWasm. Also, users may use these query paths from tools like diff --git a/docs/sdk/v0.53/build/architecture/adr-042-group-module.mdx b/docs/sdk/v0.53/build/architecture/adr-042-group-module.mdx index 9848b857..39db92e0 100644 --- a/docs/sdk/v0.53/build/architecture/adr-042-group-module.mdx +++ b/docs/sdk/v0.53/build/architecture/adr-042-group-module.mdx @@ -19,13 +19,13 @@ This ADR defines the `x/group` module which allows the creation and management o The legacy amino multi-signature mechanism of the Cosmos SDK has certain limitations: -* Key rotation is not possible, although this can be solved with [account rekeying](adr-034-account-rekeying). +* Key rotation is not possible, although this can be solved with [account rekeying](/docs/sdk/v0.53/build/architecture/adr-034-account-rekeying). * Thresholds can't be changed. * UX is cumbersome for non-technical users ([#5661](https://github.com/cosmos/cosmos-sdk/issues/5661)). * It requires `legacy_amino` sign mode ([#8141](https://github.com/cosmos/cosmos-sdk/issues/8141)). While the group module is not meant to be a total replacement for the current multi-signature accounts, it provides a solution to the limitations described above, with a more flexible key management system where keys can be added, updated or removed, as well as configurable thresholds. -It's meant to be used with other access control modules such as [`x/feegrant`](/docs/sdk/v0.50/adr-029-fee-grant-module) ans [`x/authz`](adr-030-authz-module) to simplify key management for individuals and organizations. +It's meant to be used with other access control modules such as [`x/feegrant`](/docs/sdk/v0.50/adr-029-fee-grant-module) ans [`x/authz`](/docs/sdk/v0.53/build/architecture/adr-030-authz-module) to simplify key management for individuals and organizations. The proof of concept of the group module can be found in [Link](https://github.com/regen-network/regen-ledger/tree/master/proto/regen/group/v1alpha1) and [Link](https://github.com/regen-network/regen-ledger/tree/master/x/group). @@ -103,7 +103,7 @@ and keeps membership consistent across different policies. The pattern that is recommended is to have a single master group account for a given group, and then to create separate group accounts with different decision policies and delegate the desired permissions from the master account to -those "sub-accounts" using the [`x/authz` module](adr-030-authz-module). +those "sub-accounts" using the [`x/authz` module](/docs/sdk/v0.53/build/architecture/adr-030-authz-module). ```protobuf expandable message GroupAccountInfo { @@ -250,7 +250,7 @@ The [ORM package](https://github.com/cosmos/cosmos-sdk/discussions/9156) defines Groups are stored in state as part of a `groupTable`, the `group_id` being an auto-increment integer. Group members are stored in a `groupMemberTable`. -Group accounts are stored in a `groupAccountTable`. The group account address is generated based on an auto-increment integer which is used to derive the group module `RootModuleKey` into a `DerivedModuleKey`, as stated in [ADR-033](adr-033-protobuf-inter-module-comm#modulekeys-and-moduleids). The group account is added as a new `ModuleAccount` through `x/auth`. +Group accounts are stored in a `groupAccountTable`. The group account address is generated based on an auto-increment integer which is used to derive the group module `RootModuleKey` into a `DerivedModuleKey`, as stated in [ADR-033](/docs/sdk/v0.53/build/architecture/adr-033-protobuf-inter-module-comm#modulekeys-and-moduleids). The group account is added as a new `ModuleAccount` through `x/auth`. Proposals are stored as part of the `proposalTable` using the `Proposal` type. The `proposal_id` is an auto-increment integer. @@ -258,7 +258,7 @@ Votes are stored in the `voteTable`. The primary key is based on the vote's `pro #### ADR-033 to route proposal messages -Inter-module communication introduced by [ADR-033](adr-033-protobuf-inter-module-comm) can be used to route a proposal's messages using the `DerivedModuleKey` corresponding to the proposal's group account. +Inter-module communication introduced by [ADR-033](/docs/sdk/v0.53/build/architecture/adr-033-protobuf-inter-module-comm) can be used to route a proposal's messages using the `DerivedModuleKey` corresponding to the proposal's group account. ## Consequences diff --git a/docs/sdk/v0.53/build/architecture/adr-064-abci-2.0.mdx b/docs/sdk/v0.53/build/architecture/adr-064-abci-2.0.mdx index e988152f..e408ba61 100644 --- a/docs/sdk/v0.53/build/architecture/adr-064-abci-2.0.mdx +++ b/docs/sdk/v0.53/build/architecture/adr-064-abci-2.0.mdx @@ -17,7 +17,7 @@ ACCEPTED ## Abstract This ADR outlines the continuation of the efforts to implement ABCI++ in the Cosmos -SDK outlined in [ADR 060: ABCI 1.0 (Phase I)](adr-060-abci-1.0). +SDK outlined in [ADR 060: ABCI 1.0 (Phase I)](/docs/sdk/v0.53/build/architecture/adr-060-abci-1.0). Specifically, this ADR outlines the design and implementation of ABCI 2.0, which includes `ExtendVote`, `VerifyVoteExtension` and `FinalizeBlock`. @@ -502,4 +502,4 @@ continuation of ABCI++ and the general discussion of optimistic execution. ## References -* [ADR 060: ABCI 1.0 (Phase I)](adr-060-abci-1.0) +* [ADR 060: ABCI 1.0 (Phase I)](/docs/sdk/v0.53/build/architecture/adr-060-abci-1.0) From ee4516766c0a3836a1d2e8ee24d537bf0d60d196 Mon Sep 17 00:00:00 2001 From: Cordt Date: Tue, 21 Oct 2025 09:31:35 -0600 Subject: [PATCH 25/26] fix: convert additional relative links to absolute paths Fixes remaining broken relative links across SDK and EVM documentation by converting them to absolute paths starting with /docs. Handles both docs/ prefix links and relative same-directory links. --- .../concepts/predeployed-contracts.mdx | 2 -- .../build-a-chain/initial-setup.mdx | 14 ++++---- .../development-environment.mdx | 2 +- .../v0.47/build/building-apps/app-mempool.mdx | 6 ++-- .../building-modules/beginblock-endblock.mdx | 10 +++--- .../v0.47/build/building-modules/genesis.mdx | 10 +++--- .../v0.47/build/building-modules/intro.mdx | 18 +++++----- .../build/building-modules/invariants.mdx | 6 ++-- .../v0.47/build/building-modules/keeper.mdx | 4 +-- .../building-modules/messages-and-queries.mdx | 22 ++++++------ .../building-modules/module-interfaces.mdx | 10 +++--- .../build/building-modules/module-manager.mdx | 36 +++++++++---------- .../build/building-modules/msg-services.mdx | 10 +++--- .../build/building-modules/query-services.mdx | 6 ++-- .../build/building-modules/structure.mdx | 4 +-- docs/sdk/v0.47/build/migrations/intro.mdx | 2 +- docs/sdk/v0.47/build/packages/README.mdx | 6 ++-- docs/sdk/v0.47/build/rfc/README.mdx | 2 +- docs/sdk/v0.47/build/spec/ics/ics.mdx | 2 +- docs/sdk/v0.47/learn/advanced/baseapp.mdx | 14 ++++---- docs/sdk/v0.47/learn/advanced/cli.mdx | 8 ++--- docs/sdk/v0.47/learn/advanced/context.mdx | 16 ++++----- docs/sdk/v0.47/learn/advanced/encoding.mdx | 2 +- docs/sdk/v0.47/learn/advanced/events.mdx | 10 +++--- docs/sdk/v0.47/learn/advanced/grpc_rest.mdx | 2 +- docs/sdk/v0.47/learn/advanced/node.mdx | 4 +-- .../sdk/v0.47/learn/advanced/transactions.mdx | 6 ++-- docs/sdk/v0.47/learn/beginner/accounts.mdx | 2 +- docs/sdk/v0.47/learn/beginner/gas-fees.mdx | 2 +- .../sdk/v0.47/learn/beginner/overview-app.mdx | 6 ++-- .../v0.47/learn/beginner/query-lifecycle.mdx | 8 ++--- .../sdk/v0.47/learn/beginner/tx-lifecycle.mdx | 14 ++++---- docs/sdk/v0.47/learn/intro/overview.mdx | 4 +-- .../learn/intro/sdk-app-architecture.mdx | 2 +- docs/sdk/v0.47/learn/intro/sdk-design.mdx | 2 +- .../sdk/v0.47/user/run-node/interact-node.mdx | 6 ++-- .../v0.47/user/run-node/run-production.mdx | 2 +- docs/sdk/v0.50/build/architecture/README.mdx | 2 +- .../building-modules/messages-and-queries.mdx | 2 +- .../oracle/getting-started.mdx | 2 +- .../v0.50/user/run-node/run-production.mdx | 2 +- docs/sdk/v0.53/build/architecture/README.mdx | 2 +- 42 files changed, 144 insertions(+), 148 deletions(-) diff --git a/docs/evm/next/documentation/concepts/predeployed-contracts.mdx b/docs/evm/next/documentation/concepts/predeployed-contracts.mdx index b51277b0..ad28310f 100644 --- a/docs/evm/next/documentation/concepts/predeployed-contracts.mdx +++ b/docs/evm/next/documentation/concepts/predeployed-contracts.mdx @@ -87,9 +87,7 @@ Predeployed contracts are configured during chain genesis through the `preinstal The default preinstalls are defined in the codebase at [`x/vm/types/preinstall.go:13-39`](https://github.com/cosmos/evm/blob/main/x/vm/types/preinstall.go#L13-L39). For complete guidance on customizing preinstalls, see: -- [Building Your Chain Guide](/docs/evm/next/documentation/getting-started/build-a-chain/building-your-chain-guide#configuring-predeployed-contracts) - Quick start configuration - [Predeployed Contracts Integration](/docs/evm/next/documentation/getting-started/build-a-chain/additional-configuration/predeployed-contracts) - Detailed implementation guide -- [Chain Customization Checklist](/docs/evm/next/documentation/getting-started/build-a-chain/chain-customization-checklist) - Step-by-step setup ## Common Examples diff --git a/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx b/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx index 794c3aa6..a17b5040 100644 --- a/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx +++ b/docs/evm/next/documentation/getting-started/build-a-chain/initial-setup.mdx @@ -282,13 +282,13 @@ Run the script: This starts a validator node which runs a local chain accessible at `http://localhost:8545` wih all namespaces enabled including "unsafe" ones such as `personal` which allows signing over the JSON-RPC with one of the pre-funded test wallets. - Connect to with MetaMask or other Ethereum wallets (default chain ID: `262144`). -- Use the web tool to see a complete list of [EVM RPC](docs/evm/next/api-reference/ethereum-json-rpc/rpc-explorer) endpooints and interact with the network. -- Explore the [light client](docs/evm/next/documentation/cosmos-sdk/cli.mdx) interface to access the consensus layer, debugging and development features. +- Use the web tool to see a complete list of [EVM RPC](/docs/evm/next/api-reference/ethereum-json-rpc/rpc-explorer) endpooints and interact with the network. +- Explore the [light client](/docs/evm/next/documentation/cosmos-sdk/cli.mdx) interface to access the consensus layer, debugging and development features. ### [Optional] Cosmos SDK Modules Explore the [Cosmos SDK modules](/docs/evm/next/documentation/cosmos-sdk) that provide core blockchain functionality: -- **[Bank](https://docs.cosmos.network/main/build/modules/bank)** - Token transfers and balances +- **[Bank](/docs/sdk/next/build/modules/bank)** - Token transfers and balances - **[Staking](https://docs.cosmos.network/main/build/modules/staking)** - Validator delegation and rewards - **[Governance](https://docs.cosmos.network/main/build/modules/governance)** - On-chain voting and proposals - **[Slashing](https://docs.cosmos.network/main/build/modules/slashing)** - Validator penalty enforcement @@ -296,19 +296,17 @@ Explore the [Cosmos SDK modules](/docs/evm/next/documentation/cosmos-sdk) that p ## Next Steps -With your development environment ready, you can start configuring the pre-launch parameters. TO make the process more managable, we will go through it in three sections: +With your development environment ready, you can start configuring the pre-launch parameters. To make the process more managable, we have divided the process into three distinct sections: 1. **Pre-Genesis Configuration** - Set chain-id, token parameters and other values that are hard-coded. -2. **Genesis Configuration** - Initialize the chain and configure genesis.json parameters such as module configs, genesis token allocations, and validator set. +2. **Genesis Configuration** - Initialize the chain and configure genesis.json parameters such as module configs, genesis token allocations, and predeployed contracts. 3. **Runtime Configuration** - Set up node-level settings and launch the network. -Proceed to the [Pre-Genesis & Genesis Setup](/docs/evm/next/documentation/getting-started/build-a-chain/pre-genesis-and-genesis-setup) guide to begin customizing your chain's identity and parameters. - Configure your chain's identity, parameters, and genesis file -## Additional Configuration Resources +## Additional Resources Throughout your configuration journey, refer to these resources: diff --git a/docs/evm/next/documentation/getting-started/tooling-and-resources/development-environment.mdx b/docs/evm/next/documentation/getting-started/tooling-and-resources/development-environment.mdx index 77420dd2..d4085cb9 100644 --- a/docs/evm/next/documentation/getting-started/tooling-and-resources/development-environment.mdx +++ b/docs/evm/next/documentation/getting-started/tooling-and-resources/development-environment.mdx @@ -10,7 +10,7 @@ Each person has their own preference and different tasks or scopes of work may c [Remix](https://remix.org) is a full-feature IDE in a web-app supporting all EVM compatible networks out of the box. A convenient option For quick testing, or as a self-contained smart contract depoyment interface. -[Read more..](docs/evm/next/documentation/getting-started/tooling-and-resources/remix.mdx) +[Read more..](/docs/evm/next/documentation/getting-started/tooling-and-resources/remix.mdx) diff --git a/docs/sdk/v0.47/build/building-apps/app-mempool.mdx b/docs/sdk/v0.47/build/building-apps/app-mempool.mdx index fb502d20..e25e7242 100644 --- a/docs/sdk/v0.47/build/building-apps/app-mempool.mdx +++ b/docs/sdk/v0.47/build/building-apps/app-mempool.mdx @@ -1223,7 +1223,7 @@ abci.ResponseProcessProposal { ``` This default implementation can be overridden by the application developer in -favor of a custom implementation in [`app.go`](app-go-v2): +favor of a custom implementation in [`app.go`](/docs/sdk/v0.47/build/building-apps/app-go-v2): ```go prepareOpt := func(app *baseapp.BaseApp) { @@ -2428,7 +2428,7 @@ abci.ResponseProcessProposal { } ``` -Like `PrepareProposal` this implementation is the default and can be modified by the application developer in [`app.go`](app-go-v2): +Like `PrepareProposal` this implementation is the default and can be modified by the application developer in [`app.go`](/docs/sdk/v0.47/build/building-apps/app-go-v2): ```go processOpt := func(app *baseapp.BaseApp) { @@ -2451,7 +2451,7 @@ Namely, the SDK provides the following mempools: * [Sender Nonce Mempool](#sender-nonce-mempool) * [Priority Nonce Mempool](#priority-nonce-mempool) -The default SDK is a [No-op Mempool](#no-op-mempool), but it can be replaced by the application developer in [`app.go`](app-go-v2): +The default SDK is a [No-op Mempool](#no-op-mempool), but it can be replaced by the application developer in [`app.go`](/docs/sdk/v0.47/build/building-apps/app-go-v2): ```go nonceMempool := mempool.NewSenderNonceMempool() diff --git a/docs/sdk/v0.47/build/building-modules/beginblock-endblock.mdx b/docs/sdk/v0.47/build/building-modules/beginblock-endblock.mdx index 865d82e6..52c63434 100644 --- a/docs/sdk/v0.47/build/building-modules/beginblock-endblock.mdx +++ b/docs/sdk/v0.47/build/building-modules/beginblock-endblock.mdx @@ -11,7 +11,7 @@ title: BeginBlocker and EndBlocker ### Pre-requisite Readings -* [Module Manager](module-manager) +* [Module Manager](/docs/sdk/v0.47/build/building-modules/module-manager) @@ -19,17 +19,17 @@ title: BeginBlocker and EndBlocker `BeginBlocker` and `EndBlocker` are a way for module developers to add automatic execution of logic to their module. This is a powerful tool that should be used carefully, as complex automatic functions can slow down or even halt the chain. -When needed, `BeginBlocker` and `EndBlocker` are implemented as part of the [`BeginBlockAppModule` and `BeginBlockAppModule` interfaces](module-manager#appmodule). This means either can be left-out if not required. The `BeginBlock` and `EndBlock` methods of the interface implemented in `module.go` generally defer to `BeginBlocker` and `EndBlocker` methods respectively, which are usually implemented in `abci.go`. +When needed, `BeginBlocker` and `EndBlocker` are implemented as part of the [`BeginBlockAppModule` and `BeginBlockAppModule` interfaces](/docs/sdk/v0.47/build/building-modules/module-manager#appmodule). This means either can be left-out if not required. The `BeginBlock` and `EndBlock` methods of the interface implemented in `module.go` generally defer to `BeginBlocker` and `EndBlocker` methods respectively, which are usually implemented in `abci.go`. -The actual implementation of `BeginBlocker` and `EndBlocker` in `abci.go` are very similar to that of a [`Msg` service](msg-services): +The actual implementation of `BeginBlocker` and `EndBlocker` in `abci.go` are very similar to that of a [`Msg` service](/docs/sdk/v0.47/build/building-modules/msg-services): -* They generally use the [`keeper`](keeper) and [`ctx`](/docs/sdk/v0.47//learn/advanced/context) to retrieve information about the latest state. +* They generally use the [`keeper`](/docs/sdk/v0.47/build/building-modules/keeper) and [`ctx`](/docs/sdk/v0.47//learn/advanced/context) to retrieve information about the latest state. * If needed, they use the `keeper` and `ctx` to trigger state-transitions. * If needed, they can emit [`events`](/docs/sdk/v0.47//learn/advanced/events) via the `ctx`'s `EventManager`. A specificity of the `EndBlocker` is that it can return validator updates to the underlying consensus engine in the form of an [`[]abci.ValidatorUpdates`](https://docs.cometbft.com/v0.37/spec/abci/abci++_methods#endblock). This is the preferred way to implement custom validator changes. -It is possible for developers to define the order of execution between the `BeginBlocker`/`EndBlocker` functions of each of their application's modules via the module's manager `SetOrderBeginBlocker`/`SetOrderEndBlocker` methods. For more on the module manager, click [here](module-manager#manager). +It is possible for developers to define the order of execution between the `BeginBlocker`/`EndBlocker` functions of each of their application's modules via the module's manager `SetOrderBeginBlocker`/`SetOrderEndBlocker` methods. For more on the module manager, click [here](/docs/sdk/v0.47/build/building-modules/module-manager#manager). See an example implementation of `BeginBlocker` from the `distribution` module: diff --git a/docs/sdk/v0.47/build/building-modules/genesis.mdx b/docs/sdk/v0.47/build/building-modules/genesis.mdx index 4cd142ea..c2e68d19 100644 --- a/docs/sdk/v0.47/build/building-modules/genesis.mdx +++ b/docs/sdk/v0.47/build/building-modules/genesis.mdx @@ -11,8 +11,8 @@ Modules generally handle a subset of the state and, as such, they need to define ### Pre-requisite Readings -* [Module Manager](module-manager) -* [Keepers](keeper) +* [Module Manager](/docs/sdk/v0.47/build/building-modules/module-manager) +* [Keepers](/docs/sdk/v0.47/build/building-modules/keeper) @@ -603,13 +603,13 @@ return accounts, nil ## Other Genesis Methods -Other than the methods related directly to `GenesisState`, module developers are expected to implement two other methods as part of the [`AppModuleGenesis` interface](module-manager#appmodulegenesis) (only if the module needs to initialize a subset of state in genesis). These methods are [`InitGenesis`](#initgenesis) and [`ExportGenesis`](#exportgenesis). +Other than the methods related directly to `GenesisState`, module developers are expected to implement two other methods as part of the [`AppModuleGenesis` interface](/docs/sdk/v0.47/build/building-modules/module-manager#appmodulegenesis) (only if the module needs to initialize a subset of state in genesis). These methods are [`InitGenesis`](#initgenesis) and [`ExportGenesis`](#exportgenesis). ### `InitGenesis` -The `InitGenesis` method is executed during [`InitChain`](/docs/sdk/v0.47//learn/advanced/baseapp#initchain) when the application is first started. Given a `GenesisState`, it initializes the subset of the state managed by the module by using the module's [`keeper`](keeper) setter function on each parameter within the `GenesisState`. +The `InitGenesis` method is executed during [`InitChain`](/docs/sdk/v0.47//learn/advanced/baseapp#initchain) when the application is first started. Given a `GenesisState`, it initializes the subset of the state managed by the module by using the module's [`keeper`](/docs/sdk/v0.47/build/building-modules/keeper) setter function on each parameter within the `GenesisState`. -The [module manager](module-manager#manager) of the application is responsible for calling the `InitGenesis` method of each of the application's modules in order. This order is set by the application developer via the manager's `SetOrderGenesisMethod`, which is called in the [application's constructor function](/docs/sdk/v0.47//learn/beginner/overview-app#constructor-function). +The [module manager](/docs/sdk/v0.47/build/building-modules/module-manager#manager) of the application is responsible for calling the `InitGenesis` method of each of the application's modules in order. This order is set by the application developer via the manager's `SetOrderGenesisMethod`, which is called in the [application's constructor function](/docs/sdk/v0.47//learn/beginner/overview-app#constructor-function). See an example of `InitGenesis` from the `auth` module: diff --git a/docs/sdk/v0.47/build/building-modules/intro.mdx b/docs/sdk/v0.47/build/building-modules/intro.mdx index 8852ac10..409dc7ed 100644 --- a/docs/sdk/v0.47/build/building-modules/intro.mdx +++ b/docs/sdk/v0.47/build/building-modules/intro.mdx @@ -18,11 +18,11 @@ Modules define most of the logic of Cosmos SDK applications. Developers compose ## Role of Modules in a Cosmos SDK Application -The Cosmos SDK can be thought of as the Ruby-on-Rails of blockchain development. It comes with a core that provides the basic functionalities every blockchain application needs, like a [boilerplate implementation of the ABCI](/docs/sdk/v0.47//learn/advanced/baseapp) to communicate with the underlying consensus engine, a [`multistore`](/docs/sdk/v0.47//learn/advanced/store#multistore) to persist state, a [server](/docs/sdk/v0.47//learn/advanced/node) to form a full-node and [interfaces](module-interfaces) to handle queries. +The Cosmos SDK can be thought of as the Ruby-on-Rails of blockchain development. It comes with a core that provides the basic functionalities every blockchain application needs, like a [boilerplate implementation of the ABCI](/docs/sdk/v0.47//learn/advanced/baseapp) to communicate with the underlying consensus engine, a [`multistore`](/docs/sdk/v0.47//learn/advanced/store#multistore) to persist state, a [server](/docs/sdk/v0.47//learn/advanced/node) to form a full-node and [interfaces](/docs/sdk/v0.47/build/building-modules/module-interfaces) to handle queries. On top of this core, the Cosmos SDK enables developers to build modules that implement the business logic of their application. In other words, SDK modules implement the bulk of the logic of applications, while the core does the wiring and enables modules to be composed together. The end goal is to build a robust ecosystem of open-source Cosmos SDK modules, making it increasingly easier to build complex blockchain applications. -Cosmos SDK modules can be seen as little state-machines within the state-machine. They generally define a subset of the state using one or more `KVStore`s in the [main multistore](/docs/sdk/v0.47//learn/advanced/store), as well as a subset of [message types](messages-and-queries#messages). These messages are routed by one of the main components of Cosmos SDK core, [`BaseApp`](/docs/sdk/v0.47//learn/advanced/baseapp), to a module Protobuf [`Msg` service](msg-services) that defines them. +Cosmos SDK modules can be seen as little state-machines within the state-machine. They generally define a subset of the state using one or more `KVStore`s in the [main multistore](/docs/sdk/v0.47//learn/advanced/store), as well as a subset of [message types](/docs/sdk/v0.47/build/building-modules/messages-and-queries#messages). These messages are routed by one of the main components of Cosmos SDK core, [`BaseApp`](/docs/sdk/v0.47//learn/advanced/baseapp), to a module Protobuf [`Msg` service](/docs/sdk/v0.47/build/building-modules/msg-services) that defines them. ```text expandable + @@ -75,19 +75,19 @@ As a result of this architecture, building a Cosmos SDK application usually revo While there are no definitive guidelines for writing modules, here are some important design principles developers should keep in mind when building them: -* **Composability**: Cosmos SDK applications are almost always composed of multiple modules. This means developers need to carefully consider the integration of their module not only with the core of the Cosmos SDK, but also with other modules. The former is achieved by following standard design patterns outlined [here](#main-components-of-cosmos-sdk-modules), while the latter is achieved by properly exposing the store(s) of the module via the [`keeper`](keeper). +* **Composability**: Cosmos SDK applications are almost always composed of multiple modules. This means developers need to carefully consider the integration of their module not only with the core of the Cosmos SDK, but also with other modules. The former is achieved by following standard design patterns outlined [here](#main-components-of-cosmos-sdk-modules), while the latter is achieved by properly exposing the store(s) of the module via the [`keeper`](/docs/sdk/v0.47/build/building-modules/keeper). * **Specialization**: A direct consequence of the **composability** feature is that modules should be **specialized**. Developers should carefully establish the scope of their module and not batch multiple functionalities into the same module. This separation of concerns enables modules to be re-used in other projects and improves the upgradability of the application. **Specialization** also plays an important role in the [object-capabilities model](/docs/sdk/v0.47//learn/advanced/ocap) of the Cosmos SDK. -* **Capabilities**: Most modules need to read and/or write to the store(s) of other modules. However, in an open-source environment, it is possible for some modules to be malicious. That is why module developers need to carefully think not only about how their module interacts with other modules, but also about how to give access to the module's store(s). The Cosmos SDK takes a capabilities-oriented approach to inter-module security. This means that each store defined by a module is accessed by a `key`, which is held by the module's [`keeper`](keeper). This `keeper` defines how to access the store(s) and under what conditions. Access to the module's store(s) is done by passing a reference to the module's `keeper`. +* **Capabilities**: Most modules need to read and/or write to the store(s) of other modules. However, in an open-source environment, it is possible for some modules to be malicious. That is why module developers need to carefully think not only about how their module interacts with other modules, but also about how to give access to the module's store(s). The Cosmos SDK takes a capabilities-oriented approach to inter-module security. This means that each store defined by a module is accessed by a `key`, which is held by the module's [`keeper`](/docs/sdk/v0.47/build/building-modules/keeper). This `keeper` defines how to access the store(s) and under what conditions. Access to the module's store(s) is done by passing a reference to the module's `keeper`. ## Main Components of Cosmos SDK Modules Modules are by convention defined in the `./x/` subfolder (e.g. the `bank` module will be defined in the `./x/bank` folder). They generally share the same core components: -* A [`keeper`](keeper), used to access the module's store(s) and update the state. -* A [`Msg` service](messages-and-queries#messages), used to process messages when they are routed to the module by [`BaseApp`](/docs/sdk/v0.47//learn/advanced/baseapp#message-routing) and trigger state-transitions. -* A [query service](query-services), used to process user queries when they are routed to the module by [`BaseApp`](/docs/sdk/v0.47//learn/advanced/baseapp#query-routing). +* A [`keeper`](/docs/sdk/v0.47/build/building-modules/keeper), used to access the module's store(s) and update the state. +* A [`Msg` service](/docs/sdk/v0.47/build/building-modules/messages-and-queries#messages), used to process messages when they are routed to the module by [`BaseApp`](/docs/sdk/v0.47//learn/advanced/baseapp#message-routing) and trigger state-transitions. +* A [query service](/docs/sdk/v0.47/build/building-modules/query-services), used to process user queries when they are routed to the module by [`BaseApp`](/docs/sdk/v0.47//learn/advanced/baseapp#query-routing). * Interfaces, for end users to query the subset of the state defined by the module and create `message`s of the custom types defined in the module. -In addition to these components, modules implement the `AppModule` interface in order to be managed by the [`module manager`](module-manager). +In addition to these components, modules implement the `AppModule` interface in order to be managed by the [`module manager`](/docs/sdk/v0.47/build/building-modules/module-manager). -Please refer to the [structure document](structure) to learn about the recommended structure of a module's directory. +Please refer to the [structure document](/docs/sdk/v0.47/build/building-modules/structure) to learn about the recommended structure of a module's directory. diff --git a/docs/sdk/v0.47/build/building-modules/invariants.mdx b/docs/sdk/v0.47/build/building-modules/invariants.mdx index 823786dc..ef593587 100644 --- a/docs/sdk/v0.47/build/building-modules/invariants.mdx +++ b/docs/sdk/v0.47/build/building-modules/invariants.mdx @@ -11,7 +11,7 @@ An invariant is a property of the application that should always be true. In the ### Pre-requisite Readings -* [Keepers](keeper) +* [Keepers](/docs/sdk/v0.47/build/building-modules/keeper) @@ -82,7 +82,7 @@ return DepositsInvariant(k)(ctx) } ``` -Finally, module developers need to implement the `RegisterInvariants` method as part of the [`AppModule` interface](module-manager#appmodule). Indeed, the `RegisterInvariants` method of the module, implemented in the `module/module.go` file, typically only defers the call to a `RegisterInvariants` method implemented in the `keeper/invariants.go` file. The `RegisterInvariants` method registers a route for each `Invariant` function in the [`InvariantRegistry`](#invariant-registry): +Finally, module developers need to implement the `RegisterInvariants` method as part of the [`AppModule` interface](/docs/sdk/v0.47/build/building-modules/module-manager#appmodule). Indeed, the `RegisterInvariants` method of the module, implemented in the `module/module.go` file, typically only defers the call to a `RegisterInvariants` method implemented in the `keeper/invariants.go` file. The `RegisterInvariants` method registers a route for each `Invariant` function in the [`InvariantRegistry`](#invariant-registry): ```go expandable package keeper @@ -475,7 +475,7 @@ error { The `InvariantRegistry` is therefore typically instantiated by instantiating the `keeper` of the `crisis` module in the [application's constructor function](/docs/sdk/v0.47//learn/beginner/overview-app#constructor-function). -`Invariant`s can be checked manually via [`message`s](messages-and-queries), but most often they are checked automatically at the end of each block. Here is an example from the `crisis` module: +`Invariant`s can be checked manually via [`message`s](/docs/sdk/v0.47/build/building-modules/messages-and-queries), but most often they are checked automatically at the end of each block. Here is an example from the `crisis` module: ```go expandable package crisis diff --git a/docs/sdk/v0.47/build/building-modules/keeper.mdx b/docs/sdk/v0.47/build/building-modules/keeper.mdx index 76811d56..e8d0f256 100644 --- a/docs/sdk/v0.47/build/building-modules/keeper.mdx +++ b/docs/sdk/v0.47/build/building-modules/keeper.mdx @@ -11,7 +11,7 @@ title: Keepers ### Pre-requisite Readings -* [Introduction to Cosmos SDK Modules](intro) +* [Introduction to Cosmos SDK Modules](/docs/sdk/v0.47/build/building-modules/intro) @@ -219,7 +219,7 @@ Of course, it is possible to define different types of internal `keeper`s for th ## Implementing Methods -`Keeper`s primarily expose getter and setter methods for the store(s) managed by their module. These methods should remain as simple as possible and strictly be limited to getting or setting the requested value, as validity checks should have already been performed by the [`Msg` server](msg-services) when `keeper`s' methods are called. +`Keeper`s primarily expose getter and setter methods for the store(s) managed by their module. These methods should remain as simple as possible and strictly be limited to getting or setting the requested value, as validity checks should have already been performed by the [`Msg` server](/docs/sdk/v0.47/build/building-modules/msg-services) when `keeper`s' methods are called. Typically, a *getter* method will have the following signature diff --git a/docs/sdk/v0.47/build/building-modules/messages-and-queries.mdx b/docs/sdk/v0.47/build/building-modules/messages-and-queries.mdx index 4ff25fa1..35bbfc38 100644 --- a/docs/sdk/v0.47/build/building-modules/messages-and-queries.mdx +++ b/docs/sdk/v0.47/build/building-modules/messages-and-queries.mdx @@ -11,7 +11,7 @@ title: Messages and Queries ### Pre-requisite Readings -* [Introduction to Cosmos SDK Modules](intro) +* [Introduction to Cosmos SDK Modules](/docs/sdk/v0.47/build/building-modules/intro) @@ -19,7 +19,7 @@ title: Messages and Queries `Msg`s are objects whose end-goal is to trigger state-transitions. They are wrapped in [transactions](/docs/sdk/v0.47//learn/advanced/transactions), which may contain one or more of them. -When a transaction is relayed from the underlying consensus engine to the Cosmos SDK application, it is first decoded by [`BaseApp`](/docs/sdk/v0.47//learn/advanced/baseapp). Then, each message contained in the transaction is extracted and routed to the appropriate module via `BaseApp`'s `MsgServiceRouter` so that it can be processed by the module's [`Msg` service](msg-services). For a more detailed explanation of the lifecycle of a transaction, click [here](/docs/sdk/v0.47//learn/beginner/tx-lifecycle). +When a transaction is relayed from the underlying consensus engine to the Cosmos SDK application, it is first decoded by [`BaseApp`](/docs/sdk/v0.47//learn/advanced/baseapp). Then, each message contained in the transaction is extracted and routed to the appropriate module via `BaseApp`'s `MsgServiceRouter` so that it can be processed by the module's [`Msg` service](/docs/sdk/v0.47/build/building-modules/msg-services). For a more detailed explanation of the lifecycle of a transaction, click [here](/docs/sdk/v0.47//learn/beginner/tx-lifecycle). ### `Msg` Services @@ -41,12 +41,12 @@ Each `Msg` service method must have exactly one argument, which must implement t The Cosmos SDK uses Protobuf definitions to generate client and server code: -* `MsgServer` interface defines the server API for the `Msg` service and its implementation is described as part of the [`Msg` services](msg-services) documentation. +* `MsgServer` interface defines the server API for the `Msg` service and its implementation is described as part of the [`Msg` services](/docs/sdk/v0.47/build/building-modules/msg-services) documentation. * Structures are generated for all RPC request and response types. -A `RegisterMsgServer` method is also generated and should be used to register the module's `MsgServer` implementation in `RegisterServices` method from the [`AppModule` interface](module-manager#appmodule). +A `RegisterMsgServer` method is also generated and should be used to register the module's `MsgServer` implementation in `RegisterServices` method from the [`AppModule` interface](/docs/sdk/v0.47/build/building-modules/module-manager#appmodule). -In order for clients (CLI and grpc-gateway) to have these URLs registered, the Cosmos SDK provides the function `RegisterMsgServiceDesc(registry codectypes.InterfaceRegistry, sd *grpc.ServiceDesc)` that should be called inside module's [`RegisterInterfaces`](module-manager#appmodulebasic) method, using the proto-generated `&_Msg_serviceDesc` as `*grpc.ServiceDesc` argument. +In order for clients (CLI and grpc-gateway) to have these URLs registered, the Cosmos SDK provides the function `RegisterMsgServiceDesc(registry codectypes.InterfaceRegistry, sd *grpc.ServiceDesc)` that should be called inside module's [`RegisterInterfaces`](/docs/sdk/v0.47/build/building-modules/module-manager#appmodulebasic) method, using the proto-generated `&_Msg_serviceDesc` as `*grpc.ServiceDesc` argument. ### Legacy Amino `LegacyMsg`s @@ -54,7 +54,7 @@ The following way of defining messages is deprecated and using [`Msg` services]( Amino `LegacyMsg`s can be defined as protobuf messages. The messages definition usually includes a list of parameters needed to process the message that will be provided by end-users when they want to create a new transaction containing said message. -A `LegacyMsg` is typically accompanied by a standard constructor function, that is called from one of the [module's interface](module-interfaces). `message`s also need to implement the `sdk.Msg` interface: +A `LegacyMsg` is typically accompanied by a standard constructor function, that is called from one of the [module's interface](/docs/sdk/v0.47/build/building-modules/module-interfaces). `message`s also need to implement the `sdk.Msg` interface: ```go expandable package types @@ -894,7 +894,7 @@ Here's an example of such a `Query` service definition: As `proto.Message`s, generated `Response` types implement by default `String()` method of [`fmt.Stringer`](https://pkg.go.dev/fmt#Stringer). -A `RegisterQueryServer` method is also generated and should be used to register the module's query server in the `RegisterServices` method from the [`AppModule` interface](module-manager#appmodule). +A `RegisterQueryServer` method is also generated and should be used to register the module's query server in the `RegisterServices` method from the [`AppModule` interface](/docs/sdk/v0.47/build/building-modules/module-manager#appmodule). ### Legacy Queries @@ -908,13 +908,13 @@ where: * `queryCategory` is the category of the `query`, typically `custom` for module queries. It is used to differentiate between different kinds of queries within `BaseApp`'s [`Query` method](/docs/sdk/v0.47//learn/advanced/baseapp#query). * `queryRoute` is used by `BaseApp`'s [`queryRouter`](/docs/sdk/v0.47//learn/advanced/baseapp#grpc-query-router) to map the `query` to its module. Usually, `queryRoute` should be the name of the module. -* `queryType` is used by the module's [`querier`](query-services#query-services) to map the `query` to the appropriate `querier function` within the module. +* `queryType` is used by the module's [`querier`](/docs/sdk/v0.47/build/building-modules/query-services#query-services) to map the `query` to the appropriate `querier function` within the module. * `args` are the actual arguments needed to process the `query`. They are filled out by the end-user. Note that for bigger queries, you might prefer passing arguments in the `Data` field of the request `req` instead of the `path`. -The `path` for each `query` must be defined by the module developer in the module's [command-line interface file](module-interfaces#query-commands).Overall, there are 3 mains components module developers need to implement in order to make the subset of the state defined by their module queryable: +The `path` for each `query` must be defined by the module developer in the module's [command-line interface file](/docs/sdk/v0.47/build/building-modules/module-interfaces#query-commands).Overall, there are 3 mains components module developers need to implement in order to make the subset of the state defined by their module queryable: -* A [`querier`](query-services#query-services), to process the `query` once it has been [routed to the module](/docs/sdk/v0.47//learn/advanced/baseapp#grpc-query-router). -* [Query commands](module-interfaces#query-commands) in the module's CLI file, where the `path` for each `query` is specified. +* A [`querier`](/docs/sdk/v0.47/build/building-modules/query-services#query-services), to process the `query` once it has been [routed to the module](/docs/sdk/v0.47//learn/advanced/baseapp#grpc-query-router). +* [Query commands](/docs/sdk/v0.47/build/building-modules/module-interfaces#query-commands) in the module's CLI file, where the `path` for each `query` is specified. * `query` return types. Typically defined in a file `types/querier.go`, they specify the result type of each of the module's `queries`. These custom types must implement the `String()` method of [`fmt.Stringer`](https://pkg.go.dev/fmt#Stringer). ### Store Queries diff --git a/docs/sdk/v0.47/build/building-modules/module-interfaces.mdx b/docs/sdk/v0.47/build/building-modules/module-interfaces.mdx index 89465527..60b63f49 100644 --- a/docs/sdk/v0.47/build/building-modules/module-interfaces.mdx +++ b/docs/sdk/v0.47/build/building-modules/module-interfaces.mdx @@ -11,13 +11,13 @@ This document details how to build CLI and REST interfaces for a module. Example ### Pre-requisite Readings -* [Building Modules Intro](intro) +* [Building Modules Intro](/docs/sdk/v0.47/build/building-modules/intro) ## CLI -One of the main interfaces for an application is the [command-line interface](/docs/sdk/v0.47//learn/advanced/cli). This entrypoint adds commands from the application's modules enabling end-users to create [**messages**](messages-and-queries#messages) wrapped in transactions and [**queries**](messages-and-queries#queries). The CLI files are typically found in the module's `./client/cli` folder. +One of the main interfaces for an application is the [command-line interface](/docs/sdk/v0.47//learn/advanced/cli). This entrypoint adds commands from the application's modules enabling end-users to create [**messages**](/docs/sdk/v0.47/build/building-modules/messages-and-queries#messages) wrapped in transactions and [**queries**](/docs/sdk/v0.47/build/building-modules/messages-and-queries#queries). The CLI files are typically found in the module's `./client/cli` folder. ### Transaction Commands @@ -192,7 +192,7 @@ In general, the getter function does the following: * **RunE:** Defines a function that can return an error. This is the function that is called when the command is executed. This function encapsulates all of the logic to create a new transaction. * The function typically starts by getting the `clientCtx`, which can be done with `client.GetClientTxContext(cmd)`. The `clientCtx` contains information relevant to transaction handling, including information about the user. In this example, the `clientCtx` is used to retrieve the address of the sender by calling `clientCtx.GetFromAddress()`. * If applicable, the command's arguments are parsed. In this example, the arguments `[to_address]` and `[amount]` are both parsed. - * A [message](messages-and-queries) is created using the parsed arguments and information from the `clientCtx`. The constructor function of the message type is called directly. In this case, `types.NewMsgSend(fromAddr, toAddr, amount)`. Its good practice to call, if possible, the necessary [message validation methods](Validation) before broadcasting the message. + * A [message](/docs/sdk/v0.47/build/building-modules/messages-and-queries) is created using the parsed arguments and information from the `clientCtx`. The constructor function of the message type is called directly. In this case, `types.NewMsgSend(fromAddr, toAddr, amount)`. Its good practice to call, if possible, the necessary [message validation methods](/docs/sdk/v0.47/build/building-modules/Validation) before broadcasting the message. * Depending on what the user wants, the transaction is either generated offline or signed and broadcasted to the preconfigured node using `tx.GenerateOrBroadcastTxCLI(clientCtx, flags, msg)`. * **Adds transaction flags:** All transaction commands must add a set of transaction [flags](#flags). The transaction flags are used to collect additional information from the user (e.g. the amount of fees the user is willing to pay). The transaction flags are added to the constructed command using `AddTxFlagsToCmd(cmd)`. * **Returns the command:** Finally, the transaction command is returned. @@ -707,7 +707,7 @@ return BankOutputs{ ### Query Commands -[Queries](messages-and-queries#queries) allow users to gather information about the application or network state; they are routed by the application and processed by the module in which they are defined. Query commands typically have their own `query.go` file in the module's `./client/cli` folder. Like transaction commands, they are specified in getter functions. Here is an example of a query command from the `x/auth` module: +[Queries](/docs/sdk/v0.47/build/building-modules/messages-and-queries#queries) allow users to gather information about the application or network state; they are routed by the application and processed by the module in which they are defined. Query commands typically have their own `query.go` file in the module's `./client/cli` folder. Like transaction commands, they are specified in getter functions. Here is an example of a query command from the `x/auth` module: ```go expandable package cli @@ -1204,7 +1204,7 @@ In general, the getter function does the following: * **RunE:** Defines a function that can return an error. This is the function that is called when the command is executed. This function encapsulates all of the logic to create a new query. * The function typically starts by getting the `clientCtx`, which can be done with `client.GetClientQueryContext(cmd)`. The `clientCtx` contains information relevant to query handling. * If applicable, the command's arguments are parsed. In this example, the argument `[address]` is parsed. - * A new `queryClient` is initialized using `NewQueryClient(clientCtx)`. The `queryClient` is then used to call the appropriate [query](messages-and-queries#grpc-queries). + * A new `queryClient` is initialized using `NewQueryClient(clientCtx)`. The `queryClient` is then used to call the appropriate [query](/docs/sdk/v0.47/build/building-modules/messages-and-queries#grpc-queries). * The `clientCtx.PrintProto` method is used to format the `proto.Message` object so that the results can be printed back to the user. * **Adds query flags:** All query commands must add a set of query [flags](#flags). The query flags are added to the constructed command using `AddQueryFlagsToCmd(cmd)`. * **Returns the command:** Finally, the query command is returned. diff --git a/docs/sdk/v0.47/build/building-modules/module-manager.mdx b/docs/sdk/v0.47/build/building-modules/module-manager.mdx index df42b681..fd297d65 100644 --- a/docs/sdk/v0.47/build/building-modules/module-manager.mdx +++ b/docs/sdk/v0.47/build/building-modules/module-manager.mdx @@ -11,7 +11,7 @@ Cosmos SDK modules need to implement the [`AppModule` interfaces](#application-m ### Pre-requisite Readings -* [Introduction to Cosmos SDK Modules](intro) +* [Introduction to Cosmos SDK Modules](/docs/sdk/v0.47/build/building-modules/intro) @@ -40,7 +40,7 @@ The above interfaces are mostly embedding smaller interfaces (extension interfac The `AppModuleBasic` interface exists to define independent methods of the module, i.e. those that do not depend on other modules in the application. This allows for the construction of the basic application structure early in the application definition, generally in the `init()` function of the [main application file](/docs/sdk/v0.47//learn/beginner/overview-app#core-application-file). -The `AppModule` interface exists to define inter-dependent module methods. Many modules need to interact with other modules, typically through [`keeper`s](keeper), which means there is a need for an interface where modules list their `keeper`s and other methods that require a reference to another module's object. `AppModule` interface extension, such as `BeginBlockAppModule` and `EndBlockAppModule`, also enables the module manager to set the order of execution between module's methods like `BeginBlock` and `EndBlock`, which is important in cases where the order of execution between modules matters in the context of the application. +The `AppModule` interface exists to define inter-dependent module methods. Many modules need to interact with other modules, typically through [`keeper`s](/docs/sdk/v0.47/build/building-modules/keeper), which means there is a need for an interface where modules list their `keeper`s and other methods that require a reference to another module's object. `AppModule` interface extension, such as `BeginBlockAppModule` and `EndBlockAppModule`, also enables the module manager to set the order of execution between module's methods like `BeginBlock` and `EndBlock`, which is important in cases where the order of execution between modules matters in the context of the application. The usage of extension interfaces allows modules to define only the functionalities they need. For example, a module that does not need an `EndBlock` does not need to define the `EndBlockAppModule` interface and thus the `EndBlock` method. `AppModule` and `AppModuleGenesis` are voluntarily small interfaces, that can take advantage of the `Module` patterns without having to define many placeholder functions. @@ -856,8 +856,8 @@ Let us go through the methods: * `RegisterLegacyAminoCodec(*codec.LegacyAmino)`: Registers the `amino` codec for the module, which is used to marshal and unmarshal structs to/from `[]byte` in order to persist them in the module's `KVStore`. * `RegisterInterfaces(codectypes.InterfaceRegistry)`: Registers a module's interface types and their concrete implementations as `proto.Message`. * `RegisterGRPCGatewayRoutes(client.Context, *runtime.ServeMux)`: Registers gRPC routes for the module. -* `GetTxCmd()`: Returns the root [`Tx` command](module-interfaces#transaction-commands) for the module. The subcommands of this root command are used by end-users to generate new transactions containing [`message`s](messages-and-queries#queries) defined in the module. -* `GetQueryCmd()`: Return the root [`query` command](module-interfaces#query-commands) for the module. The subcommands of this root command are used by end-users to generate new queries to the subset of the state defined by the module. +* `GetTxCmd()`: Returns the root [`Tx` command](/docs/sdk/v0.47/build/building-modules/module-interfaces#transaction-commands) for the module. The subcommands of this root command are used by end-users to generate new transactions containing [`message`s](/docs/sdk/v0.47/build/building-modules/messages-and-queries#queries) defined in the module. +* `GetQueryCmd()`: Return the root [`query` command](/docs/sdk/v0.47/build/building-modules/module-interfaces#query-commands) for the module. The subcommands of this root command are used by end-users to generate new queries to the subset of the state defined by the module. All the `AppModuleBasic` of an application are managed by the [`BasicManager`](#basicmanager). @@ -2475,8 +2475,8 @@ return out Let us go through the methods: -* `DefaultGenesis(codec.JSONCodec)`: Returns a default [`GenesisState`](genesis) for the module, marshalled to `json.RawMessage`. The default `GenesisState` need to be defined by the module developer and is primarily used for testing. -* `ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage)`: Used to validate the `GenesisState` defined by a module, given in its `json.RawMessage` form. It will usually unmarshall the `json` before running a custom [`ValidateGenesis`](genesis#validategenesis) function defined by the module developer. +* `DefaultGenesis(codec.JSONCodec)`: Returns a default [`GenesisState`](/docs/sdk/v0.47/build/building-modules/genesis) for the module, marshalled to `json.RawMessage`. The default `GenesisState` need to be defined by the module developer and is primarily used for testing. +* `ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage)`: Used to validate the `GenesisState` defined by a module, given in its `json.RawMessage` form. It will usually unmarshall the `json` before running a custom [`ValidateGenesis`](/docs/sdk/v0.47/build/building-modules/genesis#validategenesis) function defined by the module developer. ### `AppModuleGenesis` @@ -5719,7 +5719,7 @@ return out } ``` -* `RegisterInvariants(sdk.InvariantRegistry)`: Registers the [`invariants`](invariants) of the module. If an invariant deviates from its predicted value, the [`InvariantRegistry`](invariants#invariant-registry) triggers appropriate logic (most often the chain will be halted). +* `RegisterInvariants(sdk.InvariantRegistry)`: Registers the [`invariants`](/docs/sdk/v0.47/build/building-modules/invariants) of the module. If an invariant deviates from its predicted value, the [`InvariantRegistry`](/docs/sdk/v0.47/build/building-modules/invariants#invariant-registry) triggers appropriate logic (most often the chain will be halted). ### `HasServices` @@ -8973,7 +8973,7 @@ return out Typically, the various application module interfaces are implemented in a file called `module.go`, located in the module's folder (e.g. `./x/module/module.go`). -Almost every module needs to implement the `AppModuleBasic` and `AppModule` interfaces. If the module is only used for genesis, it will implement `AppModuleGenesis` instead of `AppModule`. The concrete type that implements the interface can add parameters that are required for the implementation of the various methods of the interface. For example, the `Route()` function often calls a `NewMsgServerImpl(k keeper)` function defined in `keeper/msg_server.go` and therefore needs to pass the module's [`keeper`](keeper) as a parameter. +Almost every module needs to implement the `AppModuleBasic` and `AppModule` interfaces. If the module is only used for genesis, it will implement `AppModuleGenesis` instead of `AppModule`. The concrete type that implements the interface can add parameters that are required for the implementation of the various methods of the interface. For example, the `Route()` function often calls a `NewMsgServerImpl(k keeper)` function defined in `keeper/msg_server.go` and therefore needs to pass the module's [`keeper`](/docs/sdk/v0.47/build/building-modules/keeper) as a parameter. ```go // example @@ -9808,8 +9808,8 @@ It implements the following methods: * `NewBasicManager(modules ...AppModuleBasic)`: Constructor function. It takes a list of the application's `AppModuleBasic` and builds a new `BasicManager`. This function is generally called in the `init()` function of [`app.go`](/docs/sdk/v0.47//learn/beginner/overview-app#core-application-file) to quickly initialize the independent elements of the application's modules (click [here](https://github.com/cosmos/gaia/blob/main/app/app.go#L59-L74) to see an example). * `RegisterLegacyAminoCodec(cdc *codec.LegacyAmino)`: Registers the [`codec.LegacyAmino`s](/docs/sdk/v0.47//learn/advanced/encoding#amino) of each of the application's `AppModuleBasic`. This function is usually called early on in the [application's construction](/docs/sdk/v0.47//learn/beginner/overview-app#constructor). * `RegisterInterfaces(registry codectypes.InterfaceRegistry)`: Registers interface types and implementations of each of the application's `AppModuleBasic`. -* `DefaultGenesis(cdc codec.JSONCodec)`: Provides default genesis information for modules in the application by calling the [`DefaultGenesis(cdc codec.JSONCodec)`](genesis#defaultgenesis) function of each module. It only calls the modules that implements the `HasGenesisBasics` interfaces. -* `ValidateGenesis(cdc codec.JSONCodec, txEncCfg client.TxEncodingConfig, genesis map[string]json.RawMessage)`: Validates the genesis information modules by calling the [`ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage)`](genesis#validategenesis) function of modules implementing the `HasGenesisBasics` interface. +* `DefaultGenesis(cdc codec.JSONCodec)`: Provides default genesis information for modules in the application by calling the [`DefaultGenesis(cdc codec.JSONCodec)`](/docs/sdk/v0.47/build/building-modules/genesis#defaultgenesis) function of each module. It only calls the modules that implements the `HasGenesisBasics` interfaces. +* `ValidateGenesis(cdc codec.JSONCodec, txEncCfg client.TxEncodingConfig, genesis map[string]json.RawMessage)`: Validates the genesis information modules by calling the [`ValidateGenesis(codec.JSONCodec, client.TxEncodingConfig, json.RawMessage)`](/docs/sdk/v0.47/build/building-modules/genesis#validategenesis) function of modules implementing the `HasGenesisBasics` interface. * `RegisterGRPCGatewayRoutes(clientCtx client.Context, rtr *runtime.ServeMux)`: Registers gRPC routes for modules. * `AddTxCommands(rootTxCmd *cobra.Command)`: Adds modules' transaction commands to the application's [`rootTxCommand`](/docs/sdk/v0.47//learn/advanced/cli#transaction-commands). This function is usually called function from the `main.go` function of the [application's command-line interface](/docs/sdk/v0.47//learn/advanced/cli). * `AddQueryCommands(rootQueryCmd *cobra.Command)`: Adds modules' query commands to the application's [`rootQueryCommand`](/docs/sdk/v0.47//learn/advanced/cli#query-commands). This function is usually called function from the `main.go` function of the [application's command-line interface](/docs/sdk/v0.47//learn/advanced/cli). @@ -10624,22 +10624,22 @@ return out The module manager is used throughout the application whenever an action on a collection of modules is required. It implements the following methods: * `NewManager(modules ...AppModule)`: Constructor function. It takes a list of the application's `AppModule`s and builds a new `Manager`. It is generally called from the application's main [constructor function](/docs/sdk/v0.47//learn/beginner/overview-app#constructor-function). -* `SetOrderInitGenesis(moduleNames ...string)`: Sets the order in which the [`InitGenesis`](genesis#initgenesis) function of each module will be called when the application is first started. This function is generally called from the application's main [constructor function](/docs/sdk/v0.47//learn/beginner/overview-app#constructor-function). +* `SetOrderInitGenesis(moduleNames ...string)`: Sets the order in which the [`InitGenesis`](/docs/sdk/v0.47/build/building-modules/genesis#initgenesis) function of each module will be called when the application is first started. This function is generally called from the application's main [constructor function](/docs/sdk/v0.47//learn/beginner/overview-app#constructor-function). To initialize modules successfully, module dependencies should be considered. For example, the `genutil` module must occur after `staking` module so that the pools are properly initialized with tokens from genesis accounts, the `genutils` module must also occur after `auth` so that it can access the params from auth, IBC's `capability` module should be initialized before all other modules so that it can initialize any capabilities. -* `SetOrderExportGenesis(moduleNames ...string)`: Sets the order in which the [`ExportGenesis`](genesis#exportgenesis) function of each module will be called in case of an export. This function is generally called from the application's main [constructor function](/docs/sdk/v0.47//learn/beginner/overview-app#constructor-function). +* `SetOrderExportGenesis(moduleNames ...string)`: Sets the order in which the [`ExportGenesis`](/docs/sdk/v0.47/build/building-modules/genesis#exportgenesis) function of each module will be called in case of an export. This function is generally called from the application's main [constructor function](/docs/sdk/v0.47//learn/beginner/overview-app#constructor-function). * `SetOrderBeginBlockers(moduleNames ...string)`: Sets the order in which the `BeginBlock()` function of each module will be called at the beginning of each block. This function is generally called from the application's main [constructor function](/docs/sdk/v0.47//learn/beginner/overview-app#constructor-function). * `SetOrderEndBlockers(moduleNames ...string)`: Sets the order in which the `EndBlock()` function of each module will be called at the end of each block. This function is generally called from the application's main [constructor function](/docs/sdk/v0.47//learn/beginner/overview-app#constructor-function). * `SetOrderPrecommiters(moduleNames ...string)`: Sets the order in which the `Precommit()` function of each module will be called during commit of each block. This function is generally called from the application's main [constructor function](/docs/sdk/v0.47//learn/beginner/overview-app#constructor-function). * `SetOrderPrepareCheckStaters(moduleNames ...string)`: Sets the order in which the `PrepareCheckState()` function of each module will be called during commit of each block. This function is generally called from the application's main [constructor function](/docs/sdk/v0.47//learn/beginner/overview-app#constructor-function). * `SetOrderMigrations(moduleNames ...string)`: Sets the order of migrations to be run. If not set then migrations will be run with an order defined in `DefaultMigrationsOrder`. -* `RegisterInvariants(ir sdk.InvariantRegistry)`: Registers the [invariants](invariants) of module implementing the `HasInvariants` interface. -* `RegisterRoutes(router sdk.Router, queryRouter sdk.QueryRouter, legacyQuerierCdc *codec.LegacyAmino)`: Registers legacy [`Msg`](messages-and-queries#messages) and [`querier`](query-services) routes. +* `RegisterInvariants(ir sdk.InvariantRegistry)`: Registers the [invariants](/docs/sdk/v0.47/build/building-modules/invariants) of module implementing the `HasInvariants` interface. +* `RegisterRoutes(router sdk.Router, queryRouter sdk.QueryRouter, legacyQuerierCdc *codec.LegacyAmino)`: Registers legacy [`Msg`](/docs/sdk/v0.47/build/building-modules/messages-and-queries#messages) and [`querier`](/docs/sdk/v0.47/build/building-modules/query-services) routes. * `RegisterServices(cfg Configurator)`: Registers the services of modules implementing the `HasServices` interface. -* `InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, genesisData map[string]json.RawMessage)`: Calls the [`InitGenesis`](genesis#initgenesis) function of each module when the application is first started, in the order defined in `OrderInitGenesis`. Returns an `abci.ResponseInitChain` to the underlying consensus engine, which can contain validator updates. -* `ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec)`: Calls the [`ExportGenesis`](genesis#exportgenesis) function of each module, in the order defined in `OrderExportGenesis`. The export constructs a genesis file from a previously existing state, and is mainly used when a hard-fork upgrade of the chain is required. +* `InitGenesis(ctx sdk.Context, cdc codec.JSONCodec, genesisData map[string]json.RawMessage)`: Calls the [`InitGenesis`](/docs/sdk/v0.47/build/building-modules/genesis#initgenesis) function of each module when the application is first started, in the order defined in `OrderInitGenesis`. Returns an `abci.ResponseInitChain` to the underlying consensus engine, which can contain validator updates. +* `ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec)`: Calls the [`ExportGenesis`](/docs/sdk/v0.47/build/building-modules/genesis#exportgenesis) function of each module, in the order defined in `OrderExportGenesis`. The export constructs a genesis file from a previously existing state, and is mainly used when a hard-fork upgrade of the chain is required. * `ExportGenesisForModules(ctx sdk.Context, cdc codec.JSONCodec, modulesToExport []string)`: Behaves the same as `ExportGenesis`, except takes a list of modules to export. -* `BeginBlock(ctx sdk.Context, req abci.RequestBeginBlock)`: At the beginning of each block, this function is called from [`BaseApp`](/docs/sdk/v0.47//learn/advanced/baseapp#beginblock) and, in turn, calls the [`BeginBlock`](beginblock-endblock) function of each modules implementing the `BeginBlockAppModule` interface, in the order defined in `OrderBeginBlockers`. It creates a child [context](/docs/sdk/v0.47//learn/advanced/context) with an event manager to aggregate [events](/docs/sdk/v0.47//learn/advanced/events) emitted from all modules. The function returns an `abci.ResponseBeginBlock` which contains the aforementioned events. -* `EndBlock(ctx sdk.Context, req abci.RequestEndBlock)`: At the end of each block, this function is called from [`BaseApp`](/docs/sdk/v0.47//learn/advanced/baseapp#endblock) and, in turn, calls the [`EndBlock`](beginblock-endblock) function of each modules implementing the `EndBlockAppModule` interface, in the order defined in `OrderEndBlockers`. It creates a child [context](/docs/sdk/v0.47//learn/advanced/context) with an event manager to aggregate [events](/docs/sdk/v0.47//learn/advanced/events) emitted from all modules. The function returns an `abci.ResponseEndBlock` which contains the aforementioned events, as well as validator set updates (if any). +* `BeginBlock(ctx sdk.Context, req abci.RequestBeginBlock)`: At the beginning of each block, this function is called from [`BaseApp`](/docs/sdk/v0.47//learn/advanced/baseapp#beginblock) and, in turn, calls the [`BeginBlock`](/docs/sdk/v0.47/build/building-modules/beginblock-endblock) function of each modules implementing the `BeginBlockAppModule` interface, in the order defined in `OrderBeginBlockers`. It creates a child [context](/docs/sdk/v0.47//learn/advanced/context) with an event manager to aggregate [events](/docs/sdk/v0.47//learn/advanced/events) emitted from all modules. The function returns an `abci.ResponseBeginBlock` which contains the aforementioned events. +* `EndBlock(ctx sdk.Context, req abci.RequestEndBlock)`: At the end of each block, this function is called from [`BaseApp`](/docs/sdk/v0.47//learn/advanced/baseapp#endblock) and, in turn, calls the [`EndBlock`](/docs/sdk/v0.47/build/building-modules/beginblock-endblock) function of each modules implementing the `EndBlockAppModule` interface, in the order defined in `OrderEndBlockers`. It creates a child [context](/docs/sdk/v0.47//learn/advanced/context) with an event manager to aggregate [events](/docs/sdk/v0.47//learn/advanced/events) emitted from all modules. The function returns an `abci.ResponseEndBlock` which contains the aforementioned events, as well as validator set updates (if any). * `Precommit(ctx sdk.Context)`: During [`Commit`](/docs/sdk/v0.47//learn/advanced/baseapp#commit), this function is called from `BaseApp` immediately before the [`deliverState`](/docs/sdk/v0.47//learn/advanced/baseapp#state-updates) is written to the underlying [`rootMultiStore`](/docs/sdk/v0.47//learn/advanced/store#commitkvstore) and, in turn calls the `Precommit` function of each modules implementing the `HasPrecommit` interface, in the order defined in `OrderPrecommiters`. It creates a child [context](/docs/sdk/v0.47//learn/advanced/context) where the underlying `CacheMultiStore` is that of the newly committed block's [`deliverState`](/docs/sdk/v0.47//learn/advanced/baseapp#state-updates). * `PrepareCheckState(ctx sdk.Context)`: During [`Commit`](/docs/sdk/v0.47//learn/advanced/baseapp#commit), this function is called from `BaseApp` immediately after the [`deliverState`](/docs/sdk/v0.47//learn/advanced/baseapp#state-updates) is written to the underlying [`rootMultiStore`](/docs/sdk/v0.47//learn/advanced/store#commitmultistore) and, in turn calls the `PrepareCheckState` function of each module implementing the `HasPrepareCheckState` interface, in the order defined in `OrderPrepareCheckStaters`. It creates a child [context](/docs/sdk/v0.47//learn/advanced/context) where the underlying `CacheMultiStore` is that of the next block's [`checkState`](/docs/sdk/v0.47//learn/advanced/baseapp#state-updates). Writes to this state will be present in the [`checkState`](/docs/sdk/v0.47//learn/advanced/baseapp#state-updates) of the next block, and therefore this method can be used to prepare the `checkState` for the next block. diff --git a/docs/sdk/v0.47/build/building-modules/msg-services.mdx b/docs/sdk/v0.47/build/building-modules/msg-services.mdx index 4aeaa4cd..b3c1f868 100644 --- a/docs/sdk/v0.47/build/building-modules/msg-services.mdx +++ b/docs/sdk/v0.47/build/building-modules/msg-services.mdx @@ -4,15 +4,15 @@ title: 'Msg Services' **Synopsis** -A Protobuf `Msg` service processes [messages](messages-and-queries#messages). Protobuf `Msg` services are specific to the module in which they are defined, and only process messages defined within the said module. They are called from `BaseApp` during [`DeliverTx`](/docs/sdk/v0.47//learn/advanced/baseapp#delivertx). +A Protobuf `Msg` service processes [messages](/docs/sdk/v0.47/build/building-modules/messages-and-queries#messages). Protobuf `Msg` services are specific to the module in which they are defined, and only process messages defined within the said module. They are called from `BaseApp` during [`DeliverTx`](/docs/sdk/v0.47//learn/advanced/baseapp#delivertx). ### Pre-requisite Readings -* [Module Manager](module-manager) -* [Messages and Queries](messages-and-queries) +* [Module Manager](/docs/sdk/v0.47/build/building-modules/module-manager) +* [Messages and Queries](/docs/sdk/v0.47/build/building-modules/messages-and-queries) @@ -2657,7 +2657,7 @@ ErrUnexpectedEndOfGroupTx = fmt.Errorf("proto: unexpected end of group") ) ``` -When possible, the existing module's [`Keeper`](keeper) should implement `MsgServer`, otherwise a `msgServer` struct that embeds the `Keeper` can be created, typically in `./keeper/msg_server.go`: +When possible, the existing module's [`Keeper`](/docs/sdk/v0.47/build/building-modules/keeper) should implement `MsgServer`, otherwise a `msgServer` struct that embeds the `Keeper` can be created, typically in `./keeper/msg_server.go`: ```go expandable package keeper @@ -2973,7 +2973,7 @@ This way of validating is deprecated, this means the `msgServer` must perform al ### State Transition -After the validation is successful, the `msgServer` method uses the [`keeper`](keeper) functions to access the state and perform a state transition. +After the validation is successful, the `msgServer` method uses the [`keeper`](/docs/sdk/v0.47/build/building-modules/keeper) functions to access the state and perform a state transition. ### Events diff --git a/docs/sdk/v0.47/build/building-modules/query-services.mdx b/docs/sdk/v0.47/build/building-modules/query-services.mdx index f16c5b73..cf1efbde 100644 --- a/docs/sdk/v0.47/build/building-modules/query-services.mdx +++ b/docs/sdk/v0.47/build/building-modules/query-services.mdx @@ -4,15 +4,15 @@ title: Query Services **Synopsis** -A Protobuf Query service processes [`queries`](messages-and-queries#queries). Query services are specific to the module in which they are defined, and only process `queries` defined within said module. They are called from `BaseApp`'s [`Query` method](/docs/sdk/v0.47//learn/advanced/baseapp#query). +A Protobuf Query service processes [`queries`](/docs/sdk/v0.47/build/building-modules/messages-and-queries#queries). Query services are specific to the module in which they are defined, and only process `queries` defined within said module. They are called from `BaseApp`'s [`Query` method](/docs/sdk/v0.47//learn/advanced/baseapp#query). ### Pre-requisite Readings -* [Module Manager](module-manager) -* [Messages and Queries](messages-and-queries) +* [Module Manager](/docs/sdk/v0.47/build/building-modules/module-manager) +* [Messages and Queries](/docs/sdk/v0.47/build/building-modules/messages-and-queries) diff --git a/docs/sdk/v0.47/build/building-modules/structure.mdx b/docs/sdk/v0.47/build/building-modules/structure.mdx index 0f7c7907..117dc2b4 100644 --- a/docs/sdk/v0.47/build/building-modules/structure.mdx +++ b/docs/sdk/v0.47/build/building-modules/structure.mdx @@ -80,13 +80,13 @@ x/{module_name} * `module/`: The module's `AppModule` and `AppModuleBasic` implementation. * `abci.go`: The module's `BeginBlocker` and `EndBlocker` implementations (this file is only required if `BeginBlocker` and/or `EndBlocker` need to be defined). * `autocli.go`: The module [autocli](/docs/sdk/v0.47/tooling/autocli) options. -* `simulation/`: The module's [simulation](simulator) package defines functions used by the blockchain simulator application (`simapp`). +* `simulation/`: The module's [simulation](/docs/sdk/v0.47/build/building-modules/simulator) package defines functions used by the blockchain simulator application (`simapp`). * `REAMDE.md`: The module's specification documents outlining important concepts, state storage structure, and message and event type definitions. Learn more how to write module specs in the [spec guidelines](/docs/sdk/v0.47/spec/SPEC_MODULE). * The root directory includes type definitions for messages, events, and genesis state, including the type definitions generated by Protocol Buffers. * `codec.go`: The module's registry methods for interface types. * `errors.go`: The module's sentinel errors. * `events.go`: The module's event types and constructors. - * `expected_keepers.go`: The module's [expected keeper](keeper#type-definition) interfaces. + * `expected_keepers.go`: The module's [expected keeper](/docs/sdk/v0.47/build/building-modules/keeper#type-definition) interfaces. * `genesis.go`: The module's genesis state methods and helper functions. * `keys.go`: The module's store keys and associated helper functions. * `msgs.go`: The module's message type definitions and associated methods. diff --git a/docs/sdk/v0.47/build/migrations/intro.mdx b/docs/sdk/v0.47/build/migrations/intro.mdx index cc9d8f9f..c7be13ab 100644 --- a/docs/sdk/v0.47/build/migrations/intro.mdx +++ b/docs/sdk/v0.47/build/migrations/intro.mdx @@ -10,4 +10,4 @@ Additionally, the SDK includes in-place migrations for its core modules. These i Migration from a version older than the last two major releases is not supported. -When migrating from a previous version, refer to the [`UPGRADING.md`](upgrading) and the `CHANGELOG.md` of the version you are migrating to. +When migrating from a previous version, refer to the [`UPGRADING.md`](/docs/sdk/v0.47/build/migrations/upgrading) and the `CHANGELOG.md` of the version you are migrating to. diff --git a/docs/sdk/v0.47/build/packages/README.mdx b/docs/sdk/v0.47/build/packages/README.mdx index ad33433f..b96fe8af 100644 --- a/docs/sdk/v0.47/build/packages/README.mdx +++ b/docs/sdk/v0.47/build/packages/README.mdx @@ -22,12 +22,12 @@ For more information on SDK tooling, see the [Tooling](https://docs.cosmos.netwo ## State Management -* [Collections](collections) - State management library -* [ORM](orm) - State management library +* [Collections](/docs/sdk/v0.47/build/packages/collections) - State management library +* [ORM](/docs/sdk/v0.47/build/packages/orm) - State management library ## Automation -* [Depinject](depinject) - Dependency injection framework +* [Depinject](/docs/sdk/v0.47/build/packages/depinject) - Dependency injection framework * [Client/v2](https://pkg.go.dev/cosmossdk.io/client/v2) - Library powering [AutoCLI](https://docs.cosmos.network/main/building-modules/autocli) ## Utilities diff --git a/docs/sdk/v0.47/build/rfc/README.mdx b/docs/sdk/v0.47/build/rfc/README.mdx index d8791296..638125f1 100644 --- a/docs/sdk/v0.47/build/rfc/README.mdx +++ b/docs/sdk/v0.47/build/rfc/README.mdx @@ -32,5 +32,5 @@ An RFC should provide: substance of the discussion (links to other documents are fine here). * The **discussion**, the primary content of the document. -The [rfc-template.md](rfc-template) file includes placeholders for these +The [rfc-template.md](/docs/sdk/v0.47/build/rfc/rfc-template) file includes placeholders for these sections. diff --git a/docs/sdk/v0.47/build/spec/ics/ics.mdx b/docs/sdk/v0.47/build/spec/ics/ics.mdx index 7c26eb5e..56bf2c7e 100644 --- a/docs/sdk/v0.47/build/spec/ics/ics.mdx +++ b/docs/sdk/v0.47/build/spec/ics/ics.mdx @@ -3,4 +3,4 @@ title: Cosmos ICS description: ICS030 - Signed Messages --- -* [ICS030 - Signed Messages](ics-030-signed-messages) +* [ICS030 - Signed Messages](/docs/sdk/v0.47/build/spec/ics/ics-030-signed-messages) diff --git a/docs/sdk/v0.47/learn/advanced/baseapp.mdx b/docs/sdk/v0.47/learn/advanced/baseapp.mdx index 11dd3efa..4fe4c3c2 100644 --- a/docs/sdk/v0.47/learn/advanced/baseapp.mdx +++ b/docs/sdk/v0.47/learn/advanced/baseapp.mdx @@ -1235,7 +1235,7 @@ Let us go through the most important components. First, the important parameters that are initialized during the bootstrapping of the application: -* [`CommitMultiStore`](store#commitmultistore): This is the main store of the application, +* [`CommitMultiStore`](/docs/sdk/v0.47/learn/advanced/store#commitmultistore): This is the main store of the application, which holds the canonical state that is committed at the [end of each block](#commit). This store is **not** cached, meaning it is not used to update the application's volatile (un-committed) states. The `CommitMultiStore` is a multi-store, meaning a store of stores. Each module of the application @@ -1486,7 +1486,7 @@ Unconfirmed transactions are relayed to peers only if they pass `CheckTx`. `CheckTx()` can perform both *stateful* and *stateless* checks, but developers should strive to make the checks **lightweight** because gas fees are not charged for the resources (CPU, data load...) used during the `CheckTx`. -In the Cosmos SDK, after [decoding transactions](encoding), `CheckTx()` is implemented +In the Cosmos SDK, after [decoding transactions](/docs/sdk/v0.47/learn/advanced/encoding), `CheckTx()` is implemented to do the following checks: 1. Extract the `sdk.Msg`s from the transaction. @@ -1761,7 +1761,7 @@ return next(ctx, tx, simulate) } ``` -* `Events ([]cmn.KVPair)`: Key-Value tags for filtering and indexing transactions (eg. by account). See [`event`s](events) for more. +* `Events ([]cmn.KVPair)`: Key-Value tags for filtering and indexing transactions (eg. by account). See [`event`s](/docs/sdk/v0.47/learn/advanced/events) for more. * `Codespace (string)`: Namespace for the Code. #### RecheckTx @@ -2153,7 +2153,7 @@ At any point, if `GasConsumed > GasWanted`, the function returns with `Code != 0 * `Info (string):` Additional information. May be non-deterministic. * `GasWanted (int64)`: Amount of gas requested for transaction. It is provided by users when they generate the transaction. * `GasUsed (int64)`: Amount of gas consumed by transaction. During `DeliverTx`, this value is computed by multiplying the standard cost of a transaction byte by the size of the raw transaction, and by adding gas each time a read/write to the store occurs. -* `Events ([]cmn.KVPair)`: Key-Value tags for filtering and indexing transactions (eg. by account). See [`event`s](events) for more. +* `Events ([]cmn.KVPair)`: Key-Value tags for filtering and indexing transactions (eg. by account). See [`event`s](/docs/sdk/v0.47/learn/advanced/events) for more. * `Codespace (string)`: Namespace for the Code. ## RunTx, AnteHandler, RunMsgs, PostHandler @@ -3346,7 +3346,7 @@ abci.ResponseProcessProposal { } ``` -This allows `RunTx` not to commit the changes made to the state during the execution of `anteHandler` if it ends up failing. It also prevents the module implementing the `anteHandler` from writing to state, which is an important part of the [object-capabilities](ocap) of the Cosmos SDK. +This allows `RunTx` not to commit the changes made to the state during the execution of `anteHandler` if it ends up failing. It also prevents the module implementing the `anteHandler` from writing to state, which is an important part of the [object-capabilities](/docs/sdk/v0.47/learn/advanced/ocap) of the Cosmos SDK. Finally, the [`RunMsgs()`](#runmsgs) function is called to process the `sdk.Msg`s in the `Tx`. In preparation of this step, just like with the `anteHandler`, both the `checkState`/`deliverState`'s `context` and `context`'s `CacheMultiStore` are branched using the `cacheTxContext()` function. @@ -3437,7 +3437,7 @@ AnteHandle(ctx Context, _ Tx, _ bool, _ AnteHandler) (Context, error) { The `AnteHandler` is theoretically optional, but still a very important component of public blockchain networks. It serves 3 primary purposes: -* Be a primary line of defense against spam and second line of defense (the first one being the mempool) against transaction replay with fees deduction and [`sequence`](transactions#transaction-generation) checking. +* Be a primary line of defense against spam and second line of defense (the first one being the mempool) against transaction replay with fees deduction and [`sequence`](/docs/sdk/v0.47/learn/advanced/transactions#transaction-generation) checking. * Perform preliminary *stateful* validity checks like ensuring signatures are valid or that the sender has enough funds to pay for fees. * Play a role in the incentivisation of stakeholders via the collection of transaction fees. @@ -4683,7 +4683,7 @@ The [`BeginBlock` ABCI message](https://github.com/cometbft/cometbft/blob/v0.37. * Run the application's [`beginBlocker()`](/docs/sdk/v0.47/beginner/overview-app#beginblocker-and-endblock), which mainly runs the [`BeginBlocker()`](/docs/sdk/v0.47//build/building-modules/beginblock-endblock#beginblock) method of each of the application's modules. -* Set the [`VoteInfos`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#voteinfo) of the application, i.e. the list of validators whose *precommit* for the previous block was included by the proposer of the current block. This information is carried into the [`Context`](context) so that it can be used during `DeliverTx` and `EndBlock`. +* Set the [`VoteInfos`](https://github.com/cometbft/cometbft/blob/v0.37.x/spec/abci/abci++_methods.md#voteinfo) of the application, i.e. the list of validators whose *precommit* for the previous block was included by the proposer of the current block. This information is carried into the [`Context`](/docs/sdk/v0.47/learn/advanced/context) so that it can be used during `DeliverTx` and `EndBlock`. ### EndBlock diff --git a/docs/sdk/v0.47/learn/advanced/cli.mdx b/docs/sdk/v0.47/learn/advanced/cli.mdx index 39d7c1bc..839abed0 100644 --- a/docs/sdk/v0.47/learn/advanced/cli.mdx +++ b/docs/sdk/v0.47/learn/advanced/cli.mdx @@ -28,7 +28,7 @@ The first four strings specify the command: The next two strings are arguments: the `from_address` the user wishes to send from, the `to_address` of the recipient, and the `amount` they want to send. Finally, the last few strings of the command are optional flags to indicate how much the user is willing to pay in fees (calculated using the amount of gas used to execute the transaction and the gas prices provided by the user). -The CLI interacts with a [node](node) to handle this command. The interface itself is defined in a `main.go` file. +The CLI interacts with a [node](/docs/sdk/v0.47/learn/advanced/node) to handle this command. The interface itself is defined in a `main.go` file. ### Building the CLI @@ -36,7 +36,7 @@ The `main.go` file needs to have a `main()` function that creates a root command * **setting configurations** by reading in configuration files (e.g. the Cosmos SDK config file). * **adding any flags** to it, such as `--chain-id`. -* **instantiating the `codec`** by calling the application's `MakeCodec()` function (called `MakeTestEncodingConfig` in `simapp`). The [`codec`](encoding) is used to encode and decode data structures for the application - stores can only persist `[]byte`s so the developer must define a serialization format for their data structures or use the default, Protobuf. +* **instantiating the `codec`** by calling the application's `MakeCodec()` function (called `MakeTestEncodingConfig` in `simapp`). The [`codec`](/docs/sdk/v0.47/learn/advanced/encoding) is used to encode and decode data structures for the application - stores can only persist `[]byte`s so the developer must define a serialization format for their data structures or use the default, Protobuf. * **adding subcommand** for all the possible user interactions, including [transaction commands](#transaction-commands) and [query commands](#query-commands). The `main()` function finally creates an executor and [execute](https://pkg.go.dev/github.com/spf13/cobra#Command.Execute) the root command. See an example of `main()` function from the `simapp` application: @@ -78,7 +78,7 @@ Every application CLI first constructs a root command, then adds functionality b The root command (called `rootCmd`) is what the user first types into the command line to indicate which application they wish to interact with. The string used to invoke the command (the "Use" field) is typically the name of the application suffixed with `-d`, e.g. `simd` or `gaiad`. The root command typically includes the following commands to support basic functionality in the application. -* **Status** command from the Cosmos SDK rpc client tools, which prints information about the status of the connected [`Node`](node). The Status of a node includes `NodeInfo`,`SyncInfo` and `ValidatorInfo`. +* **Status** command from the Cosmos SDK rpc client tools, which prints information about the status of the connected [`Node`](/docs/sdk/v0.47/learn/advanced/node). The Status of a node includes `NodeInfo`,`SyncInfo` and `ValidatorInfo`. * **Keys** [commands](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/client/keys) from the Cosmos SDK client tools, which includes a collection of subcommands for using the key functions in the Cosmos SDK crypto tools, including adding a new key and saving it to the keyring, listing all public keys stored in the keyring, and deleting a key. For example, users can type `simd keys add ` to add a new key and save an encrypted copy to the keyring, using the flag `--recover` to recover a private key from a seed phrase or the flag `--multisig` to group multiple keys together to create a multisig key. For full details on the `add` key command, see the code [here](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/client/keys/add.go). For more details about usage of `--keyring-backend` for storage of key credentials look at the [keyring docs](/docs/sdk/v0.47//user/run-node/keyring). * **Server** commands from the Cosmos SDK server package. These commands are responsible for providing the mechanisms necessary to start an ABCI CometBFT application and provides the CLI framework (based on [cobra](https://github.com/spf13/cobra)) necessary to fully bootstrap an application. The package exposes two core functions: `StartCmd` and `ExportCmd` which creates commands to start the application and export state respectively. Learn more [here](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0-rc1/server). @@ -1084,7 +1084,7 @@ The root-level `status` and `keys` subcommands are common across most applicatio ### Transaction Commands -[Transactions](transactions) are objects wrapping [`Msg`s](/docs/sdk/v0.47//build/building-modules/messages-and-queries#messages) that trigger state changes. To enable the creation of transactions using the CLI interface, a function `txCommand` is generally added to the `rootCmd`: +[Transactions](/docs/sdk/v0.47/learn/advanced/transactions) are objects wrapping [`Msg`s](/docs/sdk/v0.47//build/building-modules/messages-and-queries#messages) that trigger state changes. To enable the creation of transactions using the CLI interface, a function `txCommand` is generally added to the `rootCmd`: ```go expandable package cmd diff --git a/docs/sdk/v0.47/learn/advanced/context.mdx b/docs/sdk/v0.47/learn/advanced/context.mdx index d65a1537..d54d4aaa 100644 --- a/docs/sdk/v0.47/learn/advanced/context.mdx +++ b/docs/sdk/v0.47/learn/advanced/context.mdx @@ -18,7 +18,7 @@ The `context` is a data structure intended to be passed from function to functio ## Context Definition -The Cosmos SDK `Context` is a custom data structure that contains Go's stdlib [`context`](https://pkg.go.dev/context) as its base, and has many additional types within its definition that are specific to the Cosmos SDK. The `Context` is integral to transaction processing in that it allows modules to easily access their respective [store](store#base-layer-kvstores) in the [`multistore`](store#multistore) and retrieve transactional context such as the block header and gas meter. +The Cosmos SDK `Context` is a custom data structure that contains Go's stdlib [`context`](https://pkg.go.dev/context) as its base, and has many additional types within its definition that are specific to the Cosmos SDK. The `Context` is integral to transaction processing in that it allows modules to easily access their respective [store](/docs/sdk/v0.47/learn/advanced/store#base-layer-kvstores) in the [`multistore`](/docs/sdk/v0.47/learn/advanced/store#multistore) and retrieve transactional context such as the block header and gas meter. ```go expandable package types @@ -615,18 +615,18 @@ return ctx.Value(SdkContextKey).(Context) ``` * **Base Context:** The base type is a Go [Context](https://pkg.go.dev/context), which is explained further in the [Go Context Package](#go-context-package) section below. -* **Multistore:** Every application's `BaseApp` contains a [`CommitMultiStore`](store#multistore) which is provided when a `Context` is created. Calling the `KVStore()` and `TransientStore()` methods allows modules to fetch their respective [`KVStore`](store#base-layer-kvstores) using their unique `StoreKey`. +* **Multistore:** Every application's `BaseApp` contains a [`CommitMultiStore`](/docs/sdk/v0.47/learn/advanced/store#multistore) which is provided when a `Context` is created. Calling the `KVStore()` and `TransientStore()` methods allows modules to fetch their respective [`KVStore`](/docs/sdk/v0.47/learn/advanced/store#base-layer-kvstores) using their unique `StoreKey`. * **Header:** The [header](https://docs.cometbft.com/v0.37/spec/core/data_structures#header) is a Blockchain type. It carries important information about the state of the blockchain, such as block height and proposer of the current block. * **Header Hash:** The current block header hash, obtained during `abci.RequestBeginBlock`. * **Chain ID:** The unique identification number of the blockchain a block pertains to. -* **Transaction Bytes:** The `[]byte` representation of a transaction being processed using the context. Every transaction is processed by various parts of the Cosmos SDK and consensus engine (e.g. CometBFT) throughout its [lifecycle](/docs/sdk/v0.47/beginner/tx-lifecycle), some of which do not have any understanding of transaction types. Thus, transactions are marshaled into the generic `[]byte` type using some kind of [encoding format](encoding) such as [Amino](encoding). +* **Transaction Bytes:** The `[]byte` representation of a transaction being processed using the context. Every transaction is processed by various parts of the Cosmos SDK and consensus engine (e.g. CometBFT) throughout its [lifecycle](/docs/sdk/v0.47/beginner/tx-lifecycle), some of which do not have any understanding of transaction types. Thus, transactions are marshaled into the generic `[]byte` type using some kind of [encoding format](/docs/sdk/v0.47/learn/advanced/encoding) such as [Amino](/docs/sdk/v0.47/learn/advanced/encoding). * **Logger:** A `logger` from the CometBFT libraries. Learn more about logs [here](https://docs.cometbft.com/v0.37/core/configuration). Modules call this method to create their own unique module-specific logger. * **VoteInfo:** A list of the ABCI type [`VoteInfo`](https://docs.cometbft.com/master/spec/abci/abci.html#voteinfo), which includes the name of a validator and a boolean indicating whether they have signed the block. * **Gas Meters:** Specifically, a [`gasMeter`](/docs/sdk/v0.47/beginner/gas-fees#main-gas-meter) for the transaction currently being processed using the context and a [`blockGasMeter`](/docs/sdk/v0.47/beginner/gas-fees#block-gas-meter) for the entire block it belongs to. Users specify how much in fees they wish to pay for the execution of their transaction; these gas meters keep track of how much [gas](/docs/sdk/v0.47/beginner/gas-fees) has been used in the transaction or block so far. If the gas meter runs out, execution halts. * **CheckTx Mode:** A boolean value indicating whether a transaction should be processed in `CheckTx` or `DeliverTx` mode. * **Min Gas Price:** The minimum [gas](/docs/sdk/v0.47/beginner/gas-fees) price a node is willing to take in order to include a transaction in its block. This price is a local value configured by each node individually, and should therefore **not be used in any functions used in sequences leading to state-transitions**. * **Consensus Params:** The ABCI type [Consensus Parameters](https://docs.cometbft.com/master/spec/abci/apps.html#consensus-parameters), which specify certain limits for the blockchain, such as maximum gas for a block. -* **Event Manager:** The event manager allows any caller with access to a `Context` to emit [`Events`](events). Modules may define module specific +* **Event Manager:** The event manager allows any caller with access to a `Context` to emit [`Events`](/docs/sdk/v0.47/learn/advanced/events). Modules may define module specific `Events` by defining various `Types` and `Attributes` or use the common definitions found in `types/`. Clients can subscribe or query for these `Events`. These `Events` are collected throughout `DeliverTx`, `BeginBlock`, and `EndBlock` and are returned to CometBFT for indexing. For example: * **Priority:** The transaction priority, only relevant in `CheckTx`. * **KV `GasConfig`:** Enables applications to set a custom `GasConfig` for the `KVStore`. @@ -659,14 +659,14 @@ goes wrong. The pattern of usage for a Context is as follows: 1. A process receives a Context `ctx` from its parent process, which provides information needed to perform the process. -2. The `ctx.ms` is a **branched store**, i.e. a branch of the [multistore](store#multistore) is made so that the process can make changes to the state as it executes, without changing the original`ctx.ms`. This is useful to protect the underlying multistore in case the changes need to be reverted at some point in the execution. +2. The `ctx.ms` is a **branched store**, i.e. a branch of the [multistore](/docs/sdk/v0.47/learn/advanced/store#multistore) is made so that the process can make changes to the state as it executes, without changing the original`ctx.ms`. This is useful to protect the underlying multistore in case the changes need to be reverted at some point in the execution. 3. The process may read and write from `ctx` as it is executing. It may call a subprocess and pass `ctx` to it as needed. 4. When a subprocess returns, it checks if the result is a success or failure. If a failure, nothing needs to be done - the branch `ctx` is simply discarded. If successful, the changes made to the `CacheMultiStore` can be committed to the original `ctx.ms` via `Write()`. -For example, here is a snippet from the [`runTx`](baseapp#runtx-antehandler-runmsgs-posthandler) function in [`baseapp`](baseapp): +For example, here is a snippet from the [`runTx`](/docs/sdk/v0.47/learn/advanced/baseapp#runtx-antehandler-runmsgs-posthandler) function in [`baseapp`](/docs/sdk/v0.47/learn/advanced/baseapp): ```go runMsgCtx, msCache := app.cacheTxContext(ctx, txBytes) @@ -687,7 +687,7 @@ Here is the process: 1. Prior to calling `runMsgs` on the message(s) in the transaction, it uses `app.cacheTxContext()` to branch and cache the context and multistore. 2. `runMsgCtx` - the context with branched store, is used in `runMsgs` to return a result. -3. If the process is running in [`checkTxMode`](baseapp#checktx), there is no need to write the +3. If the process is running in [`checkTxMode`](/docs/sdk/v0.47/learn/advanced/baseapp#checktx), there is no need to write the changes - the result is returned immediately. -4. If the process is running in [`deliverTxMode`](baseapp#delivertx) and the result indicates +4. If the process is running in [`deliverTxMode`](/docs/sdk/v0.47/learn/advanced/baseapp#delivertx) and the result indicates a successful run over all the messages, the branched multistore is written back to the original. diff --git a/docs/sdk/v0.47/learn/advanced/encoding.mdx b/docs/sdk/v0.47/learn/advanced/encoding.mdx index ef7b7799..06617537 100644 --- a/docs/sdk/v0.47/learn/advanced/encoding.mdx +++ b/docs/sdk/v0.47/learn/advanced/encoding.mdx @@ -120,7 +120,7 @@ Code generators can then match the `accepts_interface` and `implements_interface ### Transaction Encoding Another important use of Protobuf is the encoding and decoding of -[transactions](transactions). Transactions are defined by the application or +[transactions](/docs/sdk/v0.47/learn/advanced/transactions). Transactions are defined by the application or the Cosmos SDK but are then passed to the underlying consensus engine to be relayed to other peers. Since the underlying consensus engine is agnostic to the application, the consensus engine accepts only transactions in the form of raw bytes. diff --git a/docs/sdk/v0.47/learn/advanced/events.mdx b/docs/sdk/v0.47/learn/advanced/events.mdx index ff604e8d..c632a2a9 100644 --- a/docs/sdk/v0.47/learn/advanced/events.mdx +++ b/docs/sdk/v0.47/learn/advanced/events.mdx @@ -45,10 +45,10 @@ In addition, each module documents its events under in the `Events` sections of Lastly, Events are returned to the underlying consensus engine in the response of the following ABCI messages: -* [`BeginBlock`](baseapp#beginblock) -* [`EndBlock`](baseapp#endblock) -* [`CheckTx`](baseapp#checktx) -* [`DeliverTx`](baseapp#delivertx) +* [`BeginBlock`](/docs/sdk/v0.47/learn/advanced/baseapp#beginblock) +* [`EndBlock`](/docs/sdk/v0.47/learn/advanced/baseapp#endblock) +* [`CheckTx`](/docs/sdk/v0.47/learn/advanced/baseapp#checktx) +* [`DeliverTx`](/docs/sdk/v0.47/learn/advanced/baseapp#delivertx) ### Examples @@ -975,7 +975,7 @@ return updatedEvents Module developers should handle Event emission via the `EventManager#EmitTypedEvent` or `EventManager#EmitEvent` in each message `Handler` and in each `BeginBlock`/`EndBlock` handler. The `EventManager` is accessed via -the [`Context`](context), where Event should be already registered, and emitted like this: +the [`Context`](/docs/sdk/v0.47/learn/advanced/context), where Event should be already registered, and emitted like this: **Typed events:** diff --git a/docs/sdk/v0.47/learn/advanced/grpc_rest.mdx b/docs/sdk/v0.47/learn/advanced/grpc_rest.mdx index 14d7effa..e1fa9df0 100644 --- a/docs/sdk/v0.47/learn/advanced/grpc_rest.mdx +++ b/docs/sdk/v0.47/learn/advanced/grpc_rest.mdx @@ -181,7 +181,7 @@ Some CometBFT RPC endpoints are directly related to the Cosmos SDK: * `/store/{path}`: this will query the store directly. * `/p2p/filter/addr/{port}`: this will return a filtered list of the node's P2P peers by address port. * `/p2p/filter/id/{id}`: this will return a filtered list of the node's P2P peers by ID. -* `/broadcast_tx_{aync,async,commit}`: these 3 endpoint will broadcast a transaction to other peers. CLI, gRPC and REST expose [a way to broadcast transations](transactions#broadcasting-the-transaction), but they all use these 3 CometBFT RPCs under the hood. +* `/broadcast_tx_{aync,async,commit}`: these 3 endpoint will broadcast a transaction to other peers. CLI, gRPC and REST expose [a way to broadcast transations](/docs/sdk/v0.47/learn/advanced/transactions#broadcasting-the-transaction), but they all use these 3 CometBFT RPCs under the hood. ## Comparison Table diff --git a/docs/sdk/v0.47/learn/advanced/node.mdx b/docs/sdk/v0.47/learn/advanced/node.mdx index b81d05f2..3fe4155d 100644 --- a/docs/sdk/v0.47/learn/advanced/node.mdx +++ b/docs/sdk/v0.47/learn/advanced/node.mdx @@ -21,7 +21,7 @@ The full-node client of any Cosmos SDK application is built by running a `main` In general, developers will implement the `main.go` function with the following structure: -* First, an [`encodingCodec`](encoding) is instantiated for the application. +* First, an [`encodingCodec`](/docs/sdk/v0.47/learn/advanced/encoding) is instantiated for the application. * Then, the `config` is retrieved and config parameters are set. This mainly involves setting the Bech32 prefixes for [addresses](/docs/sdk/v0.47/beginner/accounts#addresses). ```go expandable @@ -2257,7 +2257,7 @@ return telemetry.New(cfg.Telemetry) } ``` -The CometBFT node can be created with `app` because the latter satisfies the [`abci.Application` interface](https://github.com/cometbft/cometbft/blob/v0.37.0/abci/types/application.go#L9-L35) (given that `app` extends [`baseapp`](baseapp)). As part of the `node.New` method, CometBFT makes sure that the height of the application (i.e. number of blocks since genesis) is equal to the height of the CometBFT node. The difference between these two heights should always be negative or null. If it is strictly negative, `node.New` will replay blocks until the height of the application reaches the height of the CometBFT node. Finally, if the height of the application is `0`, the CometBFT node will call [`InitChain`](baseapp#initchain) on the application to initialize the state from the genesis file. +The CometBFT node can be created with `app` because the latter satisfies the [`abci.Application` interface](https://github.com/cometbft/cometbft/blob/v0.37.0/abci/types/application.go#L9-L35) (given that `app` extends [`baseapp`](/docs/sdk/v0.47/learn/advanced/baseapp)). As part of the `node.New` method, CometBFT makes sure that the height of the application (i.e. number of blocks since genesis) is equal to the height of the CometBFT node. The difference between these two heights should always be negative or null. If it is strictly negative, `node.New` will replay blocks until the height of the application reaches the height of the CometBFT node. Finally, if the height of the application is `0`, the CometBFT node will call [`InitChain`](/docs/sdk/v0.47/learn/advanced/baseapp#initchain) on the application to initialize the state from the genesis file. Once the CometBFT node is instantiated and in sync with the application, the node can be started: diff --git a/docs/sdk/v0.47/learn/advanced/transactions.mdx b/docs/sdk/v0.47/learn/advanced/transactions.mdx index d1d9448e..8ff83c9e 100644 --- a/docs/sdk/v0.47/learn/advanced/transactions.mdx +++ b/docs/sdk/v0.47/learn/advanced/transactions.mdx @@ -17,7 +17,7 @@ title: Transactions ## Transactions -Transactions are comprised of metadata held in [contexts](context) and [`sdk.Msg`s](/docs/sdk/v0.47//build/building-modules/messages-and-queries) that trigger state changes within a module through the module's Protobuf [`Msg` service](/docs/sdk/v0.47//build/building-modules/msg-services). +Transactions are comprised of metadata held in [contexts](/docs/sdk/v0.47/learn/advanced/context) and [`sdk.Msg`s](/docs/sdk/v0.47//build/building-modules/messages-and-queries) that trigger state changes within a module through the module's Protobuf [`Msg` service](/docs/sdk/v0.47//build/building-modules/msg-services). When users want to interact with an application and make state changes (e.g. sending coins), they create transactions. Each of a transaction's `sdk.Msg` must be signed using the private key associated with the appropriate account(s), before the transaction is broadcasted to the network. A transaction must then be included in a block, validated, and approved by the network through the consensus process. To read more about the lifecycle of a transaction, click [here](/docs/sdk/v0.47/beginner/tx-lifecycle). @@ -159,7 +159,7 @@ return msg, nil It contains the following methods: * **GetMsgs:** unwraps the transaction and returns a list of contained `sdk.Msg`s - one transaction may have one or multiple messages, which are defined by module developers. -* **ValidateBasic:** lightweight, [*stateless*](/docs/sdk/v0.47/beginner/tx-lifecycle#types-of-checks) checks used by ABCI messages [`CheckTx`](baseapp#checktx) and [`DeliverTx`](baseapp#delivertx) to make sure transactions are not invalid. For example, the [`auth`](https://github.com/cosmos/cosmos-sdk/tree/main/x/auth) module's `ValidateBasic` function checks that its transactions are signed by the correct number of signers and that the fees do not exceed what the user's maximum. When [`runTx`](baseapp#runtx) is checking a transaction created from the [`auth`](https://github.com/cosmos/cosmos-sdk/tree/main/x/auth/spec) module, it first runs `ValidateBasic` on each message, then runs the `auth` module AnteHandler which calls `ValidateBasic` for the transaction itself. +* **ValidateBasic:** lightweight, [*stateless*](/docs/sdk/v0.47/beginner/tx-lifecycle#types-of-checks) checks used by ABCI messages [`CheckTx`](/docs/sdk/v0.47/learn/advanced/baseapp#checktx) and [`DeliverTx`](/docs/sdk/v0.47/learn/advanced/baseapp#delivertx) to make sure transactions are not invalid. For example, the [`auth`](https://github.com/cosmos/cosmos-sdk/tree/main/x/auth) module's `ValidateBasic` function checks that its transactions are signed by the correct number of signers and that the fees do not exceed what the user's maximum. When [`runTx`](/docs/sdk/v0.47/learn/advanced/baseapp#runtx) is checking a transaction created from the [`auth`](https://github.com/cosmos/cosmos-sdk/tree/main/x/auth/spec) module, it first runs `ValidateBasic` on each message, then runs the `auth` module AnteHandler which calls `ValidateBasic` for the transaction itself. :::note This function is different from the deprecated `sdk.Msg` [`ValidateBasic`](/docs/sdk/v0.47/beginner/tx-lifecycle#ValidateBasic) methods, which was performing basic validity checks on messages only. @@ -1013,7 +1013,7 @@ Once the transaction bytes are generated, there are currently three ways of broa #### CLI -Application developers create entry points to the application by creating a [command-line interface](cli), [gRPC and/or REST interface](grpc_rest), typically found in the application's `./cmd` folder. These interfaces allow users to interact with the application through command-line. +Application developers create entry points to the application by creating a [command-line interface](/docs/sdk/v0.47/learn/advanced/cli), [gRPC and/or REST interface](/docs/sdk/v0.47/learn/advanced/grpc_rest), typically found in the application's `./cmd` folder. These interfaces allow users to interact with the application through command-line. For the [command-line interface](/docs/sdk/v0.47//build/building-modules/module-interfaces#cli), module developers create subcommands to add as children to the application top-level transaction command `TxCmd`. CLI commands actually bundle all the steps of transaction processing into one simple command: creating messages, generating transactions and broadcasting. For concrete examples, see the [Interacting with a Node](/docs/sdk/v0.47//user/run-node/interact-node) section. An example transaction made using CLI looks like: diff --git a/docs/sdk/v0.47/learn/beginner/accounts.mdx b/docs/sdk/v0.47/learn/beginner/accounts.mdx index 66485f71..5a9fe29a 100644 --- a/docs/sdk/v0.47/learn/beginner/accounts.mdx +++ b/docs/sdk/v0.47/learn/beginner/accounts.mdx @@ -11,7 +11,7 @@ This document describes the in-built account and public key system of the Cosmos ### Pre-requisite Readings -* [Anatomy of a Cosmos SDK Application](overview-app) +* [Anatomy of a Cosmos SDK Application](/docs/sdk/v0.47/learn/beginner/overview-app) diff --git a/docs/sdk/v0.47/learn/beginner/gas-fees.mdx b/docs/sdk/v0.47/learn/beginner/gas-fees.mdx index 2bf1eab7..b0707d79 100644 --- a/docs/sdk/v0.47/learn/beginner/gas-fees.mdx +++ b/docs/sdk/v0.47/learn/beginner/gas-fees.mdx @@ -11,7 +11,7 @@ This document describes the default strategies to handle gas and fees within a C ### Pre-requisite Readings -* [Anatomy of a Cosmos SDK Application](overview-app) +* [Anatomy of a Cosmos SDK Application](/docs/sdk/v0.47/learn/beginner/overview-app) diff --git a/docs/sdk/v0.47/learn/beginner/overview-app.mdx b/docs/sdk/v0.47/learn/beginner/overview-app.mdx index 37049b62..46324b81 100644 --- a/docs/sdk/v0.47/learn/beginner/overview-app.mdx +++ b/docs/sdk/v0.47/learn/beginner/overview-app.mdx @@ -2830,7 +2830,7 @@ The Cosmos SDK offers developers the possibility to implement automatic executio In general, the `BeginBlocker` and `EndBlocker` functions are mostly composed of the [`BeginBlock` and `EndBlock`](/docs/sdk/v0.47//build/building-modules/beginblock-endblock) functions of each of the application's modules. This is done by calling the `BeginBlock` and `EndBlock` functions of the module manager, which in turn calls the `BeginBlock` and `EndBlock` functions of each of the modules it contains. Note that the order in which the modules' `BeginBlock` and `EndBlock` functions must be called has to be set in the module manager using the `SetOrderBeginBlockers` and `SetOrderEndBlockers` methods, respectively. This is done via the [module manager](/docs/sdk/v0.47//build/building-modules/module-manager) in the [application's constructor](#constructor-function), and the `SetOrderBeginBlockers` and `SetOrderEndBlockers` methods have to be called before the `SetBeginBlocker` and `SetEndBlocker` functions. -As a sidenote, it is important to remember that application-specific blockchains are deterministic. Developers must be careful not to introduce non-determinism in `BeginBlocker` or `EndBlocker`, and must also be careful not to make them too computationally expensive, as [gas](gas-fees) does not constrain the cost of `BeginBlocker` and `EndBlocker` execution. +As a sidenote, it is important to remember that application-specific blockchains are deterministic. Developers must be careful not to introduce non-determinism in `BeginBlocker` or `EndBlocker`, and must also be careful not to make them too computationally expensive, as [gas](/docs/sdk/v0.47/learn/beginner/gas-fees) does not constrain the cost of `BeginBlocker` and `EndBlocker` execution. See an example of `BeginBlocker` and `EndBlocker` functions from `simapp` @@ -4647,11 +4647,11 @@ Note that `sdk.Msg`s are bundled in [transactions](/docs/sdk/v0.47/learn/advance When a valid block of transactions is received by the full-node, CometBFT relays each one to the application via [`DeliverTx`](https://docs.cometbft.com/v0.37/spec/abci/abci++_app_requirements#specifics-of-responsedelivertx). Then, the application handles the transaction: 1. Upon receiving the transaction, the application first unmarshalls it from `[]byte`. -2. Then, it verifies a few things about the transaction like [fee payment and signatures](gas-fees#antehandler) before extracting the `Msg`(s) contained in the transaction. +2. Then, it verifies a few things about the transaction like [fee payment and signatures](/docs/sdk/v0.47/learn/beginner/gas-fees#antehandler) before extracting the `Msg`(s) contained in the transaction. 3. `sdk.Msg`s are encoded using Protobuf [`Any`s](#register-codec). By analyzing each `Any`'s `type_url`, baseapp's `msgServiceRouter` routes the `sdk.Msg` to the corresponding module's `Msg` service. 4. If the message is successfully processed, the state is updated. -For more details, see [transaction lifecycle](tx-lifecycle). +For more details, see [transaction lifecycle](/docs/sdk/v0.47/learn/beginner/tx-lifecycle). Module developers create custom `Msg` services when they build their own module. The general practice is to define the `Msg` Protobuf service in a `tx.proto` file. For example, the `x/bank` module defines a service with two methods to transfer tokens: diff --git a/docs/sdk/v0.47/learn/beginner/query-lifecycle.mdx b/docs/sdk/v0.47/learn/beginner/query-lifecycle.mdx index 2211937a..e850de77 100644 --- a/docs/sdk/v0.47/learn/beginner/query-lifecycle.mdx +++ b/docs/sdk/v0.47/learn/beginner/query-lifecycle.mdx @@ -11,12 +11,12 @@ This document describes the lifecycle of a query in a Cosmos SDK application, fr ### Pre-requisite Readings -* [Transaction Lifecycle](tx-lifecycle) +* [Transaction Lifecycle](/docs/sdk/v0.47/learn/beginner/tx-lifecycle) ## Query Creation -A [**query**](/docs/sdk/v0.47//build/building-modules/messages-and-queries#queries) is a request for information made by end-users of applications through an interface and processed by a full-node. Users can query information about the network, the application itself, and application state directly from the application's stores or modules. Note that queries are different from [transactions](/docs/sdk/v0.47/learn/advanced/transactions) (view the lifecycle [here](tx-lifecycle)), particularly in that they do not require consensus to be processed (as they do not trigger state-transitions); they can be fully handled by one full-node. +A [**query**](/docs/sdk/v0.47//build/building-modules/messages-and-queries#queries) is a request for information made by end-users of applications through an interface and processed by a full-node. Users can query information about the network, the application itself, and application state directly from the application's stores or modules. Note that queries are different from [transactions](/docs/sdk/v0.47/learn/advanced/transactions) (view the lifecycle [here](/docs/sdk/v0.47/learn/beginner/tx-lifecycle)), particularly in that they do not require consensus to be processed (as they do not trigger state-transitions); they can be fully handled by one full-node. For the purpose of explaining the query lifecycle, let's say the query, `MyQuery`, is requesting a list of delegations made by a certain delegator address in the application called `simapp`. As is to be expected, the [`staking`](/docs/sdk/v0.47//build/modules/staking/README) module handles this query. But first, there are a few ways `MyQuery` can be created by users. @@ -77,7 +77,7 @@ The first thing that is created in the execution of a CLI command is a `client.C * **Codec**: The [encoder/decoder](/docs/sdk/v0.47/learn/advanced/encoding) used by the application, used to marshal the parameters and query before making the CometBFT RPC request and unmarshal the returned response into a JSON object. The default codec used by the CLI is Protobuf. * **Account Decoder**: The account decoder from the [`auth`](/docs/sdk/v0.47//build/modules/auth/README) module, which translates `[]byte`s into accounts. * **RPC Client**: The CometBFT RPC Client, or node, to which requests are relayed. -* **Keyring**: A [Key Manager](accounts#keyring) used to sign transactions and handle other operations with keys. +* **Keyring**: A [Key Manager](/docs/sdk/v0.47/learn/beginner/accounts#keyring) used to sign transactions and handle other operations with keys. * **Output Writer**: A [Writer](https://pkg.go.dev/io/#Writer) used to output the response. * **Configurations**: The flags configured by the user for this command, including `--height`, specifying the height of the blockchain to query, and `--indent`, which indicates to add an indent to the JSON response. @@ -675,7 +675,7 @@ At this point in the lifecycle, the user has created a CLI command with all of t #### Encoding -In our case (querying an address's delegations), `MyQuery` contains an [address](accounts#addresses) `delegatorAddress` as its only argument. However, the request can only contain `[]byte`s, as it is ultimately relayed to a consensus engine (e.g. CometBFT) of a full-node that has no inherent knowledge of the application types. Thus, the `codec` of `client.Context` is used to marshal the address. +In our case (querying an address's delegations), `MyQuery` contains an [address](/docs/sdk/v0.47/learn/beginner/accounts#addresses) `delegatorAddress` as its only argument. However, the request can only contain `[]byte`s, as it is ultimately relayed to a consensus engine (e.g. CometBFT) of a full-node that has no inherent knowledge of the application types. Thus, the `codec` of `client.Context` is used to marshal the address. Here is what the code looks like for the CLI command: diff --git a/docs/sdk/v0.47/learn/beginner/tx-lifecycle.mdx b/docs/sdk/v0.47/learn/beginner/tx-lifecycle.mdx index fee827a5..d8a96048 100644 --- a/docs/sdk/v0.47/learn/beginner/tx-lifecycle.mdx +++ b/docs/sdk/v0.47/learn/beginner/tx-lifecycle.mdx @@ -11,7 +11,7 @@ This document describes the lifecycle of a transaction from creation to committe ### Pre-requisite Readings -* [Anatomy of a Cosmos SDK Application](overview-app) +* [Anatomy of a Cosmos SDK Application](/docs/sdk/v0.47/learn/beginner/overview-app) ## Creation @@ -26,13 +26,13 @@ One of the main application interfaces is the command-line interface. The transa This command automatically **creates** the transaction, **signs** it using the account's private key, and **broadcasts** it to the specified peer node. -There are several required and optional flags for transaction creation. The `--from` flag specifies which [account](accounts) the transaction is originating from. For example, if the transaction is sending coins, the funds are drawn from the specified `from` address. +There are several required and optional flags for transaction creation. The `--from` flag specifies which [account](/docs/sdk/v0.47/learn/beginner/accounts) the transaction is originating from. For example, if the transaction is sending coins, the funds are drawn from the specified `from` address. #### Gas and Fees -Additionally, there are several [flags](/docs/sdk/v0.47/learn/advanced/cli) users can use to indicate how much they are willing to pay in [fees](gas-fees): +Additionally, there are several [flags](/docs/sdk/v0.47/learn/advanced/cli) users can use to indicate how much they are willing to pay in [fees](/docs/sdk/v0.47/learn/beginner/gas-fees): -* `--gas` refers to how much [gas](gas-fees), which represents computational resources, `Tx` consumes. Gas is dependent on the transaction and is not precisely calculated until execution, but can be estimated by providing `auto` as the value for `--gas`. +* `--gas` refers to how much [gas](/docs/sdk/v0.47/learn/beginner/gas-fees), which represents computational resources, `Tx` consumes. Gas is dependent on the transaction and is not precisely calculated until execution, but can be estimated by providing `auto` as the value for `--gas`. * `--gas-adjustment` (optional) can be used to scale `gas` up in order to avoid underestimating. For example, users can specify their gas adjustment as 1.5 to use 1.5 times the estimated gas. * `--gas-prices` specifies how much the user is willing to pay per unit of gas, which can be one or multiple denominations of tokens. For example, `--gas-prices=0.025uatom, 0.025upho` means the user is willing to pay 0.025uatom AND 0.025upho per unit of gas. * `--fees` specifies how much in fees the user is willing to pay in total. @@ -157,8 +157,8 @@ must be in this proposer's mempool. The next step of consensus is to execute the transactions to fully validate them. All full-nodes that receive a block proposal from the correct proposer execute the transactions by calling the ABCI functions -[`BeginBlock`](overview-app#beginblocker-and-endblocker), `DeliverTx` for each transaction, -and [`EndBlock`](overview-app#beginblocker-and-endblocker). While each full-node runs everything +[`BeginBlock`](/docs/sdk/v0.47/learn/beginner/overview-app#beginblocker-and-endblocker), `DeliverTx` for each transaction, +and [`EndBlock`](/docs/sdk/v0.47/learn/beginner/overview-app#beginblocker-and-endblocker). While each full-node runs everything locally, this process yields a single, unambiguous result, since the messages' state transitions are deterministic and transactions are explicitly ordered in the block proposal. @@ -208,7 +208,7 @@ to during consensus. Under the hood, `DeliverTx` is almost identical to `CheckTx Instead of using their `checkState`, full-nodes use `deliverState`: * **Decoding:** Since `DeliverTx` is an ABCI call, `Tx` is received in the encoded `[]byte` form. - Nodes first unmarshal the transaction, using the [`TxConfig`](overview-app#register-codec) defined in the app, then call `runTx` in `runTxModeDeliver`, which is very similar to `CheckTx` but also executes and writes state changes. + Nodes first unmarshal the transaction, using the [`TxConfig`](/docs/sdk/v0.47/learn/beginner/overview-app#register-codec) defined in the app, then call `runTx` in `runTxModeDeliver`, which is very similar to `CheckTx` but also executes and writes state changes. * **Checks and `AnteHandler`:** Full-nodes call `validateBasicMsgs` and `AnteHandler` again. This second check happens because they may not have seen the same transactions during the addition to Mempool stage diff --git a/docs/sdk/v0.47/learn/intro/overview.mdx b/docs/sdk/v0.47/learn/intro/overview.mdx index 02606ef5..91456da1 100644 --- a/docs/sdk/v0.47/learn/intro/overview.mdx +++ b/docs/sdk/v0.47/learn/intro/overview.mdx @@ -12,7 +12,7 @@ One development paradigm in the blockchain world today is that of virtual-machin Application-specific blockchains offer a radically different development paradigm than virtual-machine blockchains. An application-specific blockchain is a blockchain customized to operate a single application: developers have all the freedom to make the design decisions required for the application to run optimally. They can also provide better sovereignty, security and performance. -Learn more about [application-specific blockchains](why-app-specific). +Learn more about [application-specific blockchains](/docs/sdk/v0.47/learn/intro/why-app-specific). ## Why the Cosmos SDK @@ -25,5 +25,5 @@ The Cosmos SDK is the most advanced framework for building custom application-sp ## Getting started with the Cosmos SDK -* Learn more about the [architecture of a Cosmos SDK application](sdk-app-architecture) +* Learn more about the [architecture of a Cosmos SDK application](/docs/sdk/v0.47/learn/intro/sdk-app-architecture) * Learn how to build an application-specific blockchain from scratch with the [Cosmos SDK Tutorial](https://cosmos.network/docs/tutorial) diff --git a/docs/sdk/v0.47/learn/intro/sdk-app-architecture.mdx b/docs/sdk/v0.47/learn/intro/sdk-app-architecture.mdx index 50352252..ece16441 100644 --- a/docs/sdk/v0.47/learn/intro/sdk-app-architecture.mdx +++ b/docs/sdk/v0.47/learn/intro/sdk-app-architecture.mdx @@ -89,4 +89,4 @@ Here are the most important messages of the ABCI: Find a more detailed view of the ABCI methods from the [CometBFT docs](https://docs.cometbft.com/v0.37/spec/abci/). -Any application built on CometBFT needs to implement the ABCI interface in order to communicate with the underlying local CometBFT engine. Fortunately, you do not have to implement the ABCI interface. The Cosmos SDK provides a boilerplate implementation of it in the form of [baseapp](sdk-design#baseapp). +Any application built on CometBFT needs to implement the ABCI interface in order to communicate with the underlying local CometBFT engine. Fortunately, you do not have to implement the ABCI interface. The Cosmos SDK provides a boilerplate implementation of it in the form of [baseapp](/docs/sdk/v0.47/learn/intro/sdk-design#baseapp). diff --git a/docs/sdk/v0.47/learn/intro/sdk-design.mdx b/docs/sdk/v0.47/learn/intro/sdk-design.mdx index f6e6aa6e..2ebf6fc9 100644 --- a/docs/sdk/v0.47/learn/intro/sdk-design.mdx +++ b/docs/sdk/v0.47/learn/intro/sdk-design.mdx @@ -2,7 +2,7 @@ title: Main Components of the Cosmos SDK --- -The Cosmos SDK is a framework that facilitates the development of secure state-machines on top of CometBFT. At its core, the Cosmos SDK is a boilerplate implementation of the [ABCI](sdk-app-architecture#abci) in Golang. It comes with a [`multistore`](/docs/sdk/v0.47/learn/advanced/store#multistore) to persist data and a [`router`](/docs/sdk/v0.47/learn/advanced/baseapp#routing) to handle transactions. +The Cosmos SDK is a framework that facilitates the development of secure state-machines on top of CometBFT. At its core, the Cosmos SDK is a boilerplate implementation of the [ABCI](/docs/sdk/v0.47/learn/intro/sdk-app-architecture#abci) in Golang. It comes with a [`multistore`](/docs/sdk/v0.47/learn/advanced/store#multistore) to persist data and a [`router`](/docs/sdk/v0.47/learn/advanced/baseapp#routing) to handle transactions. Here is a simplified view of how transactions are handled by an application built on top of the Cosmos SDK when transferred from CometBFT via `DeliverTx`: diff --git a/docs/sdk/v0.47/user/run-node/interact-node.mdx b/docs/sdk/v0.47/user/run-node/interact-node.mdx index c9f94b44..ddf311ec 100644 --- a/docs/sdk/v0.47/user/run-node/interact-node.mdx +++ b/docs/sdk/v0.47/user/run-node/interact-node.mdx @@ -66,7 +66,7 @@ Since the code generation library largely depends on your own tech stack, we wil [grpcurl](https://github.com/fullstorydev/grpcurl) is like `curl` but for gRPC. It is also available as a Go library, but we will use it only as a CLI command for debugging and testing purposes. Follow the instructions in the previous link to install it. -Assuming you have a local node running (either a localnet, or connected a live network), you should be able to run the following command to list the Protobuf services available (you can replace `localhost:9000` by the gRPC server endpoint of another node, which is configured under the `grpc.address` field inside [`app.toml`](run-node#configuring-the-node-using-apptoml-and-configtoml)): +Assuming you have a local node running (either a localnet, or connected a live network), you should be able to run the following command to list the Protobuf services available (you can replace `localhost:9000` by the gRPC server endpoint of another node, which is configured under the `grpc.address` field inside [`app.toml`](/docs/sdk/v0.47/user/run-node/run-node#configuring-the-node-using-apptoml-and-configtoml)): ```bash grpcurl -plaintext localhost:9090 list @@ -278,7 +278,7 @@ curl \ Make sure to replace `localhost:1317` with the REST endpoint of your node, configured under the `api.address` field. -The list of all available REST endpoints is available as a Swagger specification file, it can be viewed at `localhost:1317/swagger`. Make sure that the `api.swagger` field is set to true in your [`app.toml`](run-node#configuring-the-node-using-apptoml-and-configtoml) file. +The list of all available REST endpoints is available as a Swagger specification file, it can be viewed at `localhost:1317/swagger`. Make sure that the `api.swagger` field is set to true in your [`app.toml`](/docs/sdk/v0.47/user/run-node/run-node#configuring-the-node-using-apptoml-and-configtoml) file. ### Query for historical state using REST @@ -296,4 +296,4 @@ Assuming the state at that block has not yet been pruned by the node, this query ### Cross-Origin Resource Sharing (CORS) -[CORS policies](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) are not enabled by default to help with security. If you would like to use the rest-server in a public environment we recommend you provide a reverse proxy, this can be done with [nginx](https://www.nginx.com/). For testing and development purposes there is an `enabled-unsafe-cors` field inside [`app.toml`](run-node#configuring-the-node-using-apptoml-and-configtoml). +[CORS policies](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) are not enabled by default to help with security. If you would like to use the rest-server in a public environment we recommend you provide a reverse proxy, this can be done with [nginx](https://www.nginx.com/). For testing and development purposes there is an `enabled-unsafe-cors` field inside [`app.toml`](/docs/sdk/v0.47/user/run-node/run-node#configuring-the-node-using-apptoml-and-configtoml). diff --git a/docs/sdk/v0.47/user/run-node/run-production.mdx b/docs/sdk/v0.47/user/run-node/run-production.mdx index eeb747a1..8a454116 100644 --- a/docs/sdk/v0.47/user/run-node/run-production.mdx +++ b/docs/sdk/v0.47/user/run-node/run-production.mdx @@ -47,7 +47,7 @@ In the past, validators [have had issues](https://github.com/cosmos/cosmos-sdk/i ### Firewall -Nodes should not have all ports open to the public, this is a simple way to get DDOS'd. Secondly it is recommended by [CometBFT](github.com/cometbft/cometbft) to never expose ports that are not required to operate a node. +Nodes should not have all ports open to the public, this is a simple way to get DDOS'd. Secondly it is recommended by [CometBFT](/docs/sdk/v0.47/user/run-node/github.com/cometbft/cometbft) to never expose ports that are not required to operate a node. When setting up a firewall there are a few ports that can be open when operating a Cosmos SDK node. There is the CometBFT json-RPC, prometheus, p2p, remote signer and Cosmos SDK GRPC and REST. If the node is being operated as a node that does not offer endpoints to be used for submission or querying then a max of three endpoints are needed. diff --git a/docs/sdk/v0.50/build/architecture/README.mdx b/docs/sdk/v0.50/build/architecture/README.mdx index c9e4a118..66f6460a 100644 --- a/docs/sdk/v0.50/build/architecture/README.mdx +++ b/docs/sdk/v0.50/build/architecture/README.mdx @@ -57,7 +57,7 @@ When writing ADRs, follow the same best practices for writing RFCs. When writing * [ADR 031: Protobuf Msg Services](/docs/sdk/v0.50/adr-031-msg-service) * [ADR 055: ORM](/docs/sdk/v0.50/adr-055-orm) * [ADR 058: Auto-Generated CLI](/docs/sdk/v0.50/adr-058-auto-generated-cli) -* [ADR 060: ABCI 1.0 (Phase I)](adr-060-abci-1.0) +* [ADR 060: ABCI 1.0 (Phase I)](/docs/sdk/v0.50/build/architecture/adr-060-abci-1.0) * [ADR 061: Liquid Staking](/docs/sdk/v0.50/adr-061-liquid-staking) ### Proposed diff --git a/docs/sdk/v0.50/build/building-modules/messages-and-queries.mdx b/docs/sdk/v0.50/build/building-modules/messages-and-queries.mdx index a2331f31..6e735aa6 100644 --- a/docs/sdk/v0.50/build/building-modules/messages-and-queries.mdx +++ b/docs/sdk/v0.50/build/building-modules/messages-and-queries.mdx @@ -252,7 +252,7 @@ The Cosmos SDK uses Protobuf definitions to generate client and server code: A `RegisterMsgServer` method is also generated and should be used to register the module's `MsgServer` implementation in `RegisterServices` method from the [`AppModule` interface](/docs/sdk/v0.50/build/building-modules/module-manager#appmodule). -In order for clients (CLI and gRPC-gateway) to have these URLs registered, the Cosmos SDK provides the function `RegisterMsgServiceDesc(registry codectypes.InterfaceRegistry, sd *grpc.ServiceDesc)` that should be called inside module's [`RegisterInterfaces`](module-manager#appmodulebasic) method, using the proto-generated `&_Msg_serviceDesc` as `*grpc.ServiceDesc` argument. +In order for clients (CLI and gRPC-gateway) to have these URLs registered, the Cosmos SDK provides the function `RegisterMsgServiceDesc(registry codectypes.InterfaceRegistry, sd *grpc.ServiceDesc)` that should be called inside module's [`RegisterInterfaces`](/docs/sdk/v0.50/build/building-modules/module-manager#appmodulebasic) method, using the proto-generated `&_Msg_serviceDesc` as `*grpc.ServiceDesc` argument. ## Queries diff --git a/docs/sdk/v0.50/tutorials/vote-extensions/oracle/getting-started.mdx b/docs/sdk/v0.50/tutorials/vote-extensions/oracle/getting-started.mdx index ed6a870d..b7a2e184 100644 --- a/docs/sdk/v0.50/tutorials/vote-extensions/oracle/getting-started.mdx +++ b/docs/sdk/v0.50/tutorials/vote-extensions/oracle/getting-started.mdx @@ -15,7 +15,7 @@ Before you start with this tutorial, make sure you have: * A working chain project. This tutorial won't cover the steps of creating a new chain/module. * Familiarity with the Cosmos SDK. If you're not, we suggest you start with [Cosmos SDK Tutorials](https://tutorials.cosmos.network), as ABCI++ is considered an advanced topic. -* Read and understood [What is an Oracle?](what-is-an-oracle). This provides necessary background information for understanding the Oracle module. +* Read and understood [What is an Oracle?](/docs/sdk/v0.50/tutorials/vote-extensions/oracle/what-is-an-oracle). This provides necessary background information for understanding the Oracle module. * Basic understanding of Go programming language. ## What are Vote extensions? diff --git a/docs/sdk/v0.50/user/run-node/run-production.mdx b/docs/sdk/v0.50/user/run-node/run-production.mdx index a756ebfd..7c10c14a 100644 --- a/docs/sdk/v0.50/user/run-node/run-production.mdx +++ b/docs/sdk/v0.50/user/run-node/run-production.mdx @@ -47,7 +47,7 @@ In the past, validators [have had issues](https://github.com/cosmos/cosmos-sdk/i ### Firewall -Nodes should not have all ports open to the public, this is a simple way to get DDOS'd. Secondly it is recommended by [CometBFT](github.com/cometbft/cometbft) to never expose ports that are not required to operate a node. +Nodes should not have all ports open to the public, this is a simple way to get DDOS'd. Secondly it is recommended by [CometBFT](/docs/sdk/v0.50/user/run-node/github.com/cometbft/cometbft) to never expose ports that are not required to operate a node. When setting up a firewall there are a few ports that can be open when operating a Cosmos SDK node. There is the CometBFT json-RPC, prometheus, p2p, remote signer and Cosmos SDK GRPC and REST. If the node is being operated as a node that does not offer endpoints to be used for submission or querying then a max of three endpoints are needed. diff --git a/docs/sdk/v0.53/build/architecture/README.mdx b/docs/sdk/v0.53/build/architecture/README.mdx index 2d600f0c..37f175e3 100644 --- a/docs/sdk/v0.53/build/architecture/README.mdx +++ b/docs/sdk/v0.53/build/architecture/README.mdx @@ -57,7 +57,7 @@ When writing ADRs, follow the same best practices for writing RFCs. When writing * [ADR 031: Protobuf Msg Services](/docs/sdk/v0.53/adr-031-msg-service) * [ADR 055: ORM](/docs/sdk/v0.53/adr-055-orm) * [ADR 058: Auto-Generated CLI](/docs/sdk/v0.53/adr-058-auto-generated-cli) -* [ADR 060: ABCI 1.0 (Phase I)](adr-060-abci-1.0) +* [ADR 060: ABCI 1.0 (Phase I)](/docs/sdk/v0.53/build/architecture/adr-060-abci-1.0) * [ADR 061: Liquid Staking](/docs/sdk/v0.53/adr-061-liquid-staking) ### Proposed From 372d7c8da74bca354afc29d4d2a6dcf6337168d0 Mon Sep 17 00:00:00 2001 From: Cordt Date: Tue, 21 Oct 2025 10:02:16 -0600 Subject: [PATCH 26/26] fix: convert /v0.XX/ and /sdk/ prefix links to absolute paths Fixes 150 broken links by converting: - /v0.47/ -> /docs/sdk/v0.47/ - /v0.50/ -> /docs/sdk/v0.50/ - /v0.53/ -> /docs/sdk/v0.53/ - /sdk/v0.XX/ -> /docs/sdk/v0.XX/ --- docs/sdk/v0.47/build/architecture.mdx | 90 +++++++++--------- docs/sdk/v0.47/build/packages.mdx | 2 +- docs/sdk/v0.47/build/rfc.mdx | 4 +- docs/sdk/v0.50/build/architecture.mdx | 92 +++++++++--------- .../v0.50/build/building-modules/upgrade.mdx | 2 +- docs/sdk/v0.50/build/packages.mdx | 2 +- docs/sdk/v0.50/build/rfc.mdx | 6 +- docs/sdk/v0.53/build/architecture.mdx | 94 +++++++++---------- .../v0.53/build/building-modules/upgrade.mdx | 2 +- docs/sdk/v0.53/build/rfc.mdx | 6 +- 10 files changed, 150 insertions(+), 150 deletions(-) diff --git a/docs/sdk/v0.47/build/architecture.mdx b/docs/sdk/v0.47/build/architecture.mdx index f7c7d4be..ed231353 100644 --- a/docs/sdk/v0.47/build/architecture.mdx +++ b/docs/sdk/v0.47/build/architecture.mdx @@ -25,7 +25,7 @@ If recorded decisions turned out to be lacking, convene a discussion, record the ## Creating new ADR[​](#creating-new-adr "Direct link to Creating new ADR") -Read about the [PROCESS](/v0.47/build/architecture/PROCESS). +Read about the [PROCESS](/docs/sdk/v0.47/build/architecture/PROCESS). ### Use RFC 2119 Keywords[​](#use-rfc-2119-keywords "Direct link to Use RFC 2119 Keywords") @@ -35,53 +35,53 @@ When writing ADRs, follow the same best practices for writing RFCs. When writing ### Accepted[​](#accepted "Direct link to Accepted") -* [ADR 002: SDK Documentation Structure](/v0.47/build/architecture/adr-002-docs-structure) -* [ADR 004: Split Denomination Keys](/v0.47/build/architecture/adr-004-split-denomination-keys) -* [ADR 006: Secret Store Replacement](/v0.47/build/architecture/adr-006-secret-store-replacement) -* [ADR 009: Evidence Module](/v0.47/build/architecture/adr-009-evidence-module) -* [ADR 010: Modular AnteHandler](/v0.47/build/architecture/adr-010-modular-antehandler) -* [ADR 019: Protocol Buffer State Encoding](/v0.47/build/architecture/adr-019-protobuf-state-encoding) -* [ADR 020: Protocol Buffer Transaction Encoding](/v0.47/build/architecture/adr-020-protobuf-transaction-encoding) -* [ADR 021: Protocol Buffer Query Encoding](/v0.47/build/architecture/adr-021-protobuf-query-encoding) -* [ADR 023: Protocol Buffer Naming and Versioning](/v0.47/build/architecture/adr-023-protobuf-naming) -* [ADR 029: Fee Grant Module](/v0.47/build/architecture/adr-029-fee-grant-module) -* [ADR 030: Message Authorization Module](/v0.47/build/architecture/adr-030-authz-module) -* [ADR 031: Protobuf Msg Services](/v0.47/build/architecture/adr-031-msg-service) -* [ADR 055: ORM](/v0.47/build/architecture/adr-055-orm) -* [ADR 058: Auto-Generated CLI](/v0.47/build/architecture/adr-058-auto-generated-cli) -* [ADR 060: ABCI 1.0 (Phase I)](/v0.47/build/architecture/adr-060-abci-1.0) -* [ADR 061: Liquid Staking](/v0.47/build/architecture/adr-061-liquid-staking) +* [ADR 002: SDK Documentation Structure](/docs/sdk/v0.47/build/architecture/adr-002-docs-structure) +* [ADR 004: Split Denomination Keys](/docs/sdk/v0.47/build/architecture/adr-004-split-denomination-keys) +* [ADR 006: Secret Store Replacement](/docs/sdk/v0.47/build/architecture/adr-006-secret-store-replacement) +* [ADR 009: Evidence Module](/docs/sdk/v0.47/build/architecture/adr-009-evidence-module) +* [ADR 010: Modular AnteHandler](/docs/sdk/v0.47/build/architecture/adr-010-modular-antehandler) +* [ADR 019: Protocol Buffer State Encoding](/docs/sdk/v0.47/build/architecture/adr-019-protobuf-state-encoding) +* [ADR 020: Protocol Buffer Transaction Encoding](/docs/sdk/v0.47/build/architecture/adr-020-protobuf-transaction-encoding) +* [ADR 021: Protocol Buffer Query Encoding](/docs/sdk/v0.47/build/architecture/adr-021-protobuf-query-encoding) +* [ADR 023: Protocol Buffer Naming and Versioning](/docs/sdk/v0.47/build/architecture/adr-023-protobuf-naming) +* [ADR 029: Fee Grant Module](/docs/sdk/v0.47/build/architecture/adr-029-fee-grant-module) +* [ADR 030: Message Authorization Module](/docs/sdk/v0.47/build/architecture/adr-030-authz-module) +* [ADR 031: Protobuf Msg Services](/docs/sdk/v0.47/build/architecture/adr-031-msg-service) +* [ADR 055: ORM](/docs/sdk/v0.47/build/architecture/adr-055-orm) +* [ADR 058: Auto-Generated CLI](/docs/sdk/v0.47/build/architecture/adr-058-auto-generated-cli) +* [ADR 060: ABCI 1.0 (Phase I)](/docs/sdk/v0.47/build/architecture/adr-060-abci-1.0) +* [ADR 061: Liquid Staking](/docs/sdk/v0.47/build/architecture/adr-061-liquid-staking) ### Proposed[​](#proposed "Direct link to Proposed") -* [ADR 003: Dynamic Capability Store](/v0.47/build/architecture/adr-003-dynamic-capability-store) -* [ADR 011: Generalize Genesis Accounts](/v0.47/build/architecture/adr-011-generalize-genesis-accounts) -* [ADR 012: State Accessors](/v0.47/build/architecture/adr-012-state-accessors) -* [ADR 013: Metrics](/v0.47/build/architecture/adr-013-metrics) -* [ADR 016: Validator Consensus Key Rotation](/v0.47/build/architecture/adr-016-validator-consensus-key-rotation) -* [ADR 017: Historical Header Module](/v0.47/build/architecture/adr-017-historical-header-module) -* [ADR 018: Extendable Voting Periods](/v0.47/build/architecture/adr-018-extendable-voting-period) -* [ADR 022: Custom baseapp panic handling](/v0.47/build/architecture/adr-022-custom-panic-handling) -* [ADR 024: Coin Metadata](/v0.47/build/architecture/adr-024-coin-metadata) -* [ADR 027: Deterministic Protobuf Serialization](/v0.47/build/architecture/adr-027-deterministic-protobuf-serialization) -* [ADR 028: Public Key Addresses](/v0.47/build/architecture/adr-028-public-key-addresses) -* [ADR 032: Typed Events](/v0.47/build/architecture/adr-032-typed-events) -* [ADR 033: Inter-module RPC](/v0.47/build/architecture/adr-033-protobuf-inter-module-comm) -* [ADR 035: Rosetta API Support](/v0.47/build/architecture/adr-035-rosetta-api-support) -* [ADR 037: Governance Split Votes](/v0.47/build/architecture/adr-037-gov-split-vote) -* [ADR 038: State Listening](/v0.47/build/architecture/adr-038-state-listening) -* [ADR 039: Epoched Staking](/v0.47/build/architecture/adr-039-epoched-staking) -* [ADR 040: Storage and SMT State Commitments](/v0.47/build/architecture/adr-040-storage-and-smt-state-commitments) -* [ADR 046: Module Params](/v0.47/build/architecture/adr-046-module-params) -* [ADR 054: Semver Compatible SDK Modules](/v0.47/build/architecture/adr-054-semver-compatible-modules) -* [ADR 057: App Wiring](/v0.47/build/architecture/adr-057-app-wiring) -* [ADR 059: Test Scopes](/v0.47/build/architecture/adr-059-test-scopes) -* [ADR 062: Collections State Layer](/v0.47/build/architecture/adr-062-collections-state-layer) -* [ADR 063: Core Module API](/v0.47/build/architecture/adr-063-core-module-api) -* [ADR 065: Store V2](/v0.47/build/architecture/adr-065-store-v2) +* [ADR 003: Dynamic Capability Store](/docs/sdk/v0.47/build/architecture/adr-003-dynamic-capability-store) +* [ADR 011: Generalize Genesis Accounts](/docs/sdk/v0.47/build/architecture/adr-011-generalize-genesis-accounts) +* [ADR 012: State Accessors](/docs/sdk/v0.47/build/architecture/adr-012-state-accessors) +* [ADR 013: Metrics](/docs/sdk/v0.47/build/architecture/adr-013-metrics) +* [ADR 016: Validator Consensus Key Rotation](/docs/sdk/v0.47/build/architecture/adr-016-validator-consensus-key-rotation) +* [ADR 017: Historical Header Module](/docs/sdk/v0.47/build/architecture/adr-017-historical-header-module) +* [ADR 018: Extendable Voting Periods](/docs/sdk/v0.47/build/architecture/adr-018-extendable-voting-period) +* [ADR 022: Custom baseapp panic handling](/docs/sdk/v0.47/build/architecture/adr-022-custom-panic-handling) +* [ADR 024: Coin Metadata](/docs/sdk/v0.47/build/architecture/adr-024-coin-metadata) +* [ADR 027: Deterministic Protobuf Serialization](/docs/sdk/v0.47/build/architecture/adr-027-deterministic-protobuf-serialization) +* [ADR 028: Public Key Addresses](/docs/sdk/v0.47/build/architecture/adr-028-public-key-addresses) +* [ADR 032: Typed Events](/docs/sdk/v0.47/build/architecture/adr-032-typed-events) +* [ADR 033: Inter-module RPC](/docs/sdk/v0.47/build/architecture/adr-033-protobuf-inter-module-comm) +* [ADR 035: Rosetta API Support](/docs/sdk/v0.47/build/architecture/adr-035-rosetta-api-support) +* [ADR 037: Governance Split Votes](/docs/sdk/v0.47/build/architecture/adr-037-gov-split-vote) +* [ADR 038: State Listening](/docs/sdk/v0.47/build/architecture/adr-038-state-listening) +* [ADR 039: Epoched Staking](/docs/sdk/v0.47/build/architecture/adr-039-epoched-staking) +* [ADR 040: Storage and SMT State Commitments](/docs/sdk/v0.47/build/architecture/adr-040-storage-and-smt-state-commitments) +* [ADR 046: Module Params](/docs/sdk/v0.47/build/architecture/adr-046-module-params) +* [ADR 054: Semver Compatible SDK Modules](/docs/sdk/v0.47/build/architecture/adr-054-semver-compatible-modules) +* [ADR 057: App Wiring](/docs/sdk/v0.47/build/architecture/adr-057-app-wiring) +* [ADR 059: Test Scopes](/docs/sdk/v0.47/build/architecture/adr-059-test-scopes) +* [ADR 062: Collections State Layer](/docs/sdk/v0.47/build/architecture/adr-062-collections-state-layer) +* [ADR 063: Core Module API](/docs/sdk/v0.47/build/architecture/adr-063-core-module-api) +* [ADR 065: Store V2](/docs/sdk/v0.47/build/architecture/adr-065-store-v2) ### Draft[​](#draft "Direct link to Draft") -* [ADR 044: Guidelines for Updating Protobuf Definitions](/v0.47/build/architecture/adr-044-protobuf-updates-guidelines) -* [ADR 047: Extend Upgrade Plan](/v0.47/build/architecture/adr-047-extend-upgrade-plan) -* [ADR 053: Go Module Refactoring](/v0.47/build/architecture/adr-053-go-module-refactoring) +* [ADR 044: Guidelines for Updating Protobuf Definitions](/docs/sdk/v0.47/build/architecture/adr-044-protobuf-updates-guidelines) +* [ADR 047: Extend Upgrade Plan](/docs/sdk/v0.47/build/architecture/adr-047-extend-upgrade-plan) +* [ADR 053: Go Module Refactoring](/docs/sdk/v0.47/build/architecture/adr-053-go-module-refactoring) diff --git a/docs/sdk/v0.47/build/packages.mdx b/docs/sdk/v0.47/build/packages.mdx index 48c17299..44b464a1 100644 --- a/docs/sdk/v0.47/build/packages.mdx +++ b/docs/sdk/v0.47/build/packages.mdx @@ -22,7 +22,7 @@ The Cosmos SDK is a collection of Go modules. This section provides documentatio ## Automation[​](#automation "Direct link to Automation") -* [Depinject](/v0.47/build/packages/depinject) - Dependency injection framework +* [Depinject](/docs/sdk/v0.47/build/packages/depinject) - Dependency injection framework * [Client/v2](https://pkg.go.dev/cosmossdk.io/client/v2) - Library powering [AutoCLI](/docs/sdk/v0.50/learn/advanced/autocli) ## Utilities[​](#utilities "Direct link to Utilities") diff --git a/docs/sdk/v0.47/build/rfc.mdx b/docs/sdk/v0.47/build/rfc.mdx index f0a4f8ee..87a91ac8 100644 --- a/docs/sdk/v0.47/build/rfc.mdx +++ b/docs/sdk/v0.47/build/rfc.mdx @@ -5,7 +5,7 @@ description: "Version: v0.47" A Request for Comments (RFC) is a record of discussion on an open-ended topic related to the design and implementation of the Cosmos SDK, for which no immediate decision is required. -The purpose of an RFC is to serve as a historical record of a high-level discussion that might otherwise only be recorded in an ad-hoc way (for example, via gists or Google docs) that are difficult to discover for someone after the fact. An RFC *may* give rise to more specific architectural *decisions* for the Cosmos SDK, but those decisions must be recorded separately in [Architecture Decision Records (ADR)](/v0.47/build/architecture). +The purpose of an RFC is to serve as a historical record of a high-level discussion that might otherwise only be recorded in an ad-hoc way (for example, via gists or Google docs) that are difficult to discover for someone after the fact. An RFC *may* give rise to more specific architectural *decisions* for the Cosmos SDK, but those decisions must be recorded separately in [Architecture Decision Records (ADR)](/docs/sdk/v0.47/build/architecture). As a rule of thumb, if you can articulate a specific question that needs to be answered, write an ADR. If you need to explore the topic and get input from others to know what questions need to be answered, an RFC may be appropriate. @@ -18,4 +18,4 @@ An RFC should provide: * Any **background** a reader will need to understand and participate in the substance of the discussion (links to other documents are fine here). * The **discussion**, the primary content of the document. -The [rfc-template.md](/v0.47/build/rfc/rfc-template) file includes placeholders for these sections. +The [rfc-template.md](/docs/sdk/v0.47/build/rfc/rfc-template) file includes placeholders for these sections. diff --git a/docs/sdk/v0.50/build/architecture.mdx b/docs/sdk/v0.50/build/architecture.mdx index 2e5aac3d..47b0cfff 100644 --- a/docs/sdk/v0.50/build/architecture.mdx +++ b/docs/sdk/v0.50/build/architecture.mdx @@ -25,7 +25,7 @@ If recorded decisions turned out to be lacking, convene a discussion, record the ## Creating new ADR[​](#creating-new-adr "Direct link to Creating new ADR") -Read about the [PROCESS](/v0.50/build/architecture/PROCESS). +Read about the [PROCESS](/docs/sdk/v0.50/build/architecture/PROCESS). ### Use RFC 2119 Keywords[​](#use-rfc-2119-keywords "Direct link to Use RFC 2119 Keywords") @@ -35,54 +35,54 @@ When writing ADRs, follow the same best practices for writing RFCs. When writing ### Accepted[​](#accepted "Direct link to Accepted") -* [ADR 002: SDK Documentation Structure](/v0.50/build/architecture/adr-002-docs-structure) -* [ADR 004: Split Denomination Keys](/v0.50/build/architecture/adr-004-split-denomination-keys) -* [ADR 006: Secret Store Replacement](/v0.50/build/architecture/adr-006-secret-store-replacement) -* [ADR 009: Evidence Module](/v0.50/build/architecture/adr-009-evidence-module) -* [ADR 010: Modular AnteHandler](/v0.50/build/architecture/adr-010-modular-antehandler) -* [ADR 019: Protocol Buffer State Encoding](/v0.50/build/architecture/adr-019-protobuf-state-encoding) -* [ADR 020: Protocol Buffer Transaction Encoding](/v0.50/build/architecture/adr-020-protobuf-transaction-encoding) -* [ADR 021: Protocol Buffer Query Encoding](/v0.50/build/architecture/adr-021-protobuf-query-encoding) -* [ADR 023: Protocol Buffer Naming and Versioning](/v0.50/build/architecture/adr-023-protobuf-naming) -* [ADR 029: Fee Grant Module](/v0.50/build/architecture/adr-029-fee-grant-module) -* [ADR 030: Message Authorization Module](/v0.50/build/architecture/adr-030-authz-module) -* [ADR 031: Protobuf Msg Services](/v0.50/build/architecture/adr-031-msg-service) -* [ADR 055: ORM](/v0.50/build/architecture/adr-055-orm) -* [ADR 058: Auto-Generated CLI](/v0.50/build/architecture/adr-058-auto-generated-cli) -* [ADR 060: ABCI 1.0 (Phase I)](/v0.50/build/architecture/adr-060-abci-1.0) -* [ADR 061: Liquid Staking](/v0.50/build/architecture/adr-061-liquid-staking) +* [ADR 002: SDK Documentation Structure](/docs/sdk/v0.50/build/architecture/adr-002-docs-structure) +* [ADR 004: Split Denomination Keys](/docs/sdk/v0.50/build/architecture/adr-004-split-denomination-keys) +* [ADR 006: Secret Store Replacement](/docs/sdk/v0.50/build/architecture/adr-006-secret-store-replacement) +* [ADR 009: Evidence Module](/docs/sdk/v0.50/build/architecture/adr-009-evidence-module) +* [ADR 010: Modular AnteHandler](/docs/sdk/v0.50/build/architecture/adr-010-modular-antehandler) +* [ADR 019: Protocol Buffer State Encoding](/docs/sdk/v0.50/build/architecture/adr-019-protobuf-state-encoding) +* [ADR 020: Protocol Buffer Transaction Encoding](/docs/sdk/v0.50/build/architecture/adr-020-protobuf-transaction-encoding) +* [ADR 021: Protocol Buffer Query Encoding](/docs/sdk/v0.50/build/architecture/adr-021-protobuf-query-encoding) +* [ADR 023: Protocol Buffer Naming and Versioning](/docs/sdk/v0.50/build/architecture/adr-023-protobuf-naming) +* [ADR 029: Fee Grant Module](/docs/sdk/v0.50/build/architecture/adr-029-fee-grant-module) +* [ADR 030: Message Authorization Module](/docs/sdk/v0.50/build/architecture/adr-030-authz-module) +* [ADR 031: Protobuf Msg Services](/docs/sdk/v0.50/build/architecture/adr-031-msg-service) +* [ADR 055: ORM](/docs/sdk/v0.50/build/architecture/adr-055-orm) +* [ADR 058: Auto-Generated CLI](/docs/sdk/v0.50/build/architecture/adr-058-auto-generated-cli) +* [ADR 060: ABCI 1.0 (Phase I)](/docs/sdk/v0.50/build/architecture/adr-060-abci-1.0) +* [ADR 061: Liquid Staking](/docs/sdk/v0.50/build/architecture/adr-061-liquid-staking) ### Proposed[​](#proposed "Direct link to Proposed") -* [ADR 003: Dynamic Capability Store](/v0.50/build/architecture/adr-003-dynamic-capability-store) -* [ADR 011: Generalize Genesis Accounts](/v0.50/build/architecture/adr-011-generalize-genesis-accounts) -* [ADR 012: State Accessors](/v0.50/build/architecture/adr-012-state-accessors) -* [ADR 013: Metrics](/v0.50/build/architecture/adr-013-metrics) -* [ADR 016: Validator Consensus Key Rotation](/v0.50/build/architecture/adr-016-validator-consensus-key-rotation) -* [ADR 017: Historical Header Module](/v0.50/build/architecture/adr-017-historical-header-module) -* [ADR 018: Extendable Voting Periods](/v0.50/build/architecture/adr-018-extendable-voting-period) -* [ADR 022: Custom baseapp panic handling](/v0.50/build/architecture/adr-022-custom-panic-handling) -* [ADR 024: Coin Metadata](/v0.50/build/architecture/adr-024-coin-metadata) -* [ADR 027: Deterministic Protobuf Serialization](/v0.50/build/architecture/adr-027-deterministic-protobuf-serialization) -* [ADR 028: Public Key Addresses](/v0.50/build/architecture/adr-028-public-key-addresses) -* [ADR 032: Typed Events](/v0.50/build/architecture/adr-032-typed-events) -* [ADR 033: Inter-module RPC](/v0.50/build/architecture/adr-033-protobuf-inter-module-comm) -* [ADR 035: Rosetta API Support](/v0.50/build/architecture/adr-035-rosetta-api-support) -* [ADR 037: Governance Split Votes](/v0.50/build/architecture/adr-037-gov-split-vote) -* [ADR 038: State Listening](/v0.50/build/architecture/adr-038-state-listening) -* [ADR 039: Epoched Staking](/v0.50/build/architecture/adr-039-epoched-staking) -* [ADR 040: Storage and SMT State Commitments](/v0.50/build/architecture/adr-040-storage-and-smt-state-commitments) -* [ADR 046: Module Params](/v0.50/build/architecture/adr-046-module-params) -* [ADR 054: Semver Compatible SDK Modules](/v0.50/build/architecture/adr-054-semver-compatible-modules) -* [ADR 057: App Wiring](/v0.50/build/architecture/adr-057-app-wiring) -* [ADR 059: Test Scopes](/v0.50/build/architecture/adr-059-test-scopes) -* [ADR 062: Collections State Layer](/v0.50/build/architecture/adr-062-collections-state-layer) -* [ADR 063: Core Module API](/v0.50/build/architecture/adr-063-core-module-api) -* [ADR 065: Store V2](/v0.50/build/architecture/adr-065-store-v2) +* [ADR 003: Dynamic Capability Store](/docs/sdk/v0.50/build/architecture/adr-003-dynamic-capability-store) +* [ADR 011: Generalize Genesis Accounts](/docs/sdk/v0.50/build/architecture/adr-011-generalize-genesis-accounts) +* [ADR 012: State Accessors](/docs/sdk/v0.50/build/architecture/adr-012-state-accessors) +* [ADR 013: Metrics](/docs/sdk/v0.50/build/architecture/adr-013-metrics) +* [ADR 016: Validator Consensus Key Rotation](/docs/sdk/v0.50/build/architecture/adr-016-validator-consensus-key-rotation) +* [ADR 017: Historical Header Module](/docs/sdk/v0.50/build/architecture/adr-017-historical-header-module) +* [ADR 018: Extendable Voting Periods](/docs/sdk/v0.50/build/architecture/adr-018-extendable-voting-period) +* [ADR 022: Custom baseapp panic handling](/docs/sdk/v0.50/build/architecture/adr-022-custom-panic-handling) +* [ADR 024: Coin Metadata](/docs/sdk/v0.50/build/architecture/adr-024-coin-metadata) +* [ADR 027: Deterministic Protobuf Serialization](/docs/sdk/v0.50/build/architecture/adr-027-deterministic-protobuf-serialization) +* [ADR 028: Public Key Addresses](/docs/sdk/v0.50/build/architecture/adr-028-public-key-addresses) +* [ADR 032: Typed Events](/docs/sdk/v0.50/build/architecture/adr-032-typed-events) +* [ADR 033: Inter-module RPC](/docs/sdk/v0.50/build/architecture/adr-033-protobuf-inter-module-comm) +* [ADR 035: Rosetta API Support](/docs/sdk/v0.50/build/architecture/adr-035-rosetta-api-support) +* [ADR 037: Governance Split Votes](/docs/sdk/v0.50/build/architecture/adr-037-gov-split-vote) +* [ADR 038: State Listening](/docs/sdk/v0.50/build/architecture/adr-038-state-listening) +* [ADR 039: Epoched Staking](/docs/sdk/v0.50/build/architecture/adr-039-epoched-staking) +* [ADR 040: Storage and SMT State Commitments](/docs/sdk/v0.50/build/architecture/adr-040-storage-and-smt-state-commitments) +* [ADR 046: Module Params](/docs/sdk/v0.50/build/architecture/adr-046-module-params) +* [ADR 054: Semver Compatible SDK Modules](/docs/sdk/v0.50/build/architecture/adr-054-semver-compatible-modules) +* [ADR 057: App Wiring](/docs/sdk/v0.50/build/architecture/adr-057-app-wiring) +* [ADR 059: Test Scopes](/docs/sdk/v0.50/build/architecture/adr-059-test-scopes) +* [ADR 062: Collections State Layer](/docs/sdk/v0.50/build/architecture/adr-062-collections-state-layer) +* [ADR 063: Core Module API](/docs/sdk/v0.50/build/architecture/adr-063-core-module-api) +* [ADR 065: Store V2](/docs/sdk/v0.50/build/architecture/adr-065-store-v2) ### Draft[​](#draft "Direct link to Draft") -* [ADR 044: Guidelines for Updating Protobuf Definitions](/v0.50/build/architecture/adr-044-protobuf-updates-guidelines) -* [ADR 047: Extend Upgrade Plan](/v0.50/build/architecture/adr-047-extend-upgrade-plan) -* [ADR 053: Go Module Refactoring](/v0.50/build/architecture/adr-053-go-module-refactoring) -* [ADR 068: Preblock](/v0.50/build/architecture/adr-068-preblock) +* [ADR 044: Guidelines for Updating Protobuf Definitions](/docs/sdk/v0.50/build/architecture/adr-044-protobuf-updates-guidelines) +* [ADR 047: Extend Upgrade Plan](/docs/sdk/v0.50/build/architecture/adr-047-extend-upgrade-plan) +* [ADR 053: Go Module Refactoring](/docs/sdk/v0.50/build/architecture/adr-053-go-module-refactoring) +* [ADR 068: Preblock](/docs/sdk/v0.50/build/architecture/adr-068-preblock) diff --git a/docs/sdk/v0.50/build/building-modules/upgrade.mdx b/docs/sdk/v0.50/build/building-modules/upgrade.mdx index aba03d97..3b20228d 100644 --- a/docs/sdk/v0.50/build/building-modules/upgrade.mdx +++ b/docs/sdk/v0.50/build/building-modules/upgrade.mdx @@ -122,4 +122,4 @@ error { } ``` -To see example code of changes that were implemented in a migration of balance keys, check out [migrateBalanceKeys](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/migrations/v2/store.go#L55-L76). For context, this code introduced migrations of the bank store that updated addresses to be prefixed by their length in bytes as outlined in [ADR-028](/sdk/v0.50/build/architecture/adr-028-public-key-addresses). +To see example code of changes that were implemented in a migration of balance keys, check out [migrateBalanceKeys](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/migrations/v2/store.go#L55-L76). For context, this code introduced migrations of the bank store that updated addresses to be prefixed by their length in bytes as outlined in [ADR-028](/docs/sdk/v0.50/build/architecture/adr-028-public-key-addresses). diff --git a/docs/sdk/v0.50/build/packages.mdx b/docs/sdk/v0.50/build/packages.mdx index 437ffbb4..6c8142b4 100644 --- a/docs/sdk/v0.50/build/packages.mdx +++ b/docs/sdk/v0.50/build/packages.mdx @@ -18,7 +18,7 @@ The Cosmos SDK is a collection of Go modules. This section provides documentatio ## State Management[​](#state-management "Direct link to State Management") * [Collections](/docs/sdk/v0.50/build/packages/collections) - State management library -* [ORM](/v0.50/build/03-orm.md) - State management library +* [ORM](/docs/sdk/v0.50/build/03-orm.md) - State management library ## Automation[​](#automation "Direct link to Automation") diff --git a/docs/sdk/v0.50/build/rfc.mdx b/docs/sdk/v0.50/build/rfc.mdx index 99fde90d..ab9d4ae0 100644 --- a/docs/sdk/v0.50/build/rfc.mdx +++ b/docs/sdk/v0.50/build/rfc.mdx @@ -5,7 +5,7 @@ description: "Version: v0.50" A Request for Comments (RFC) is a record of discussion on an open-ended topic related to the design and implementation of the Cosmos SDK, for which no immediate decision is required. -The purpose of an RFC is to serve as a historical record of a high-level discussion that might otherwise only be recorded in an ad-hoc way (for example, via gists or Google docs) that are difficult to discover for someone after the fact. An RFC *may* give rise to more specific architectural *decisions* for the Cosmos SDK, but those decisions must be recorded separately in [Architecture Decision Records (ADR)](/v0.50/architecture). +The purpose of an RFC is to serve as a historical record of a high-level discussion that might otherwise only be recorded in an ad-hoc way (for example, via gists or Google docs) that are difficult to discover for someone after the fact. An RFC *may* give rise to more specific architectural *decisions* for the Cosmos SDK, but those decisions must be recorded separately in [Architecture Decision Records (ADR)](/docs/sdk/v0.50/architecture). As a rule of thumb, if you can articulate a specific question that needs to be answered, write an ADR. If you need to explore the topic and get input from others to know what questions need to be answered, an RFC may be appropriate. @@ -18,8 +18,8 @@ An RFC should provide: * Any **background** a reader will need to understand and participate in the substance of the discussion (links to other documents are fine here). * The **discussion**, the primary content of the document. -The [rfc-template.md](/v0.50/build/rfc/rfc-template) file includes placeholders for these sections. +The [rfc-template.md](/docs/sdk/v0.50/build/rfc/rfc-template) file includes placeholders for these sections. ## Table of Contents[​](#table-of-contents "Direct link to Table of Contents") -* [RFC-001: Tx Validation](/v0.50/build/rfc/rfc-001-tx-validation) +* [RFC-001: Tx Validation](/docs/sdk/v0.50/build/rfc/rfc-001-tx-validation) diff --git a/docs/sdk/v0.53/build/architecture.mdx b/docs/sdk/v0.53/build/architecture.mdx index 3c9f8cd1..1e848b65 100644 --- a/docs/sdk/v0.53/build/architecture.mdx +++ b/docs/sdk/v0.53/build/architecture.mdx @@ -25,7 +25,7 @@ If recorded decisions turned out to be lacking, convene a discussion, record the ## Creating new ADR[​](#creating-new-adr "Direct link to Creating new ADR") -Read about the [PROCESS](/v0.53/build/architecture/PROCESS). +Read about the [PROCESS](/docs/sdk/v0.53/build/architecture/PROCESS). ### Use RFC 2119 Keywords[​](#use-rfc-2119-keywords "Direct link to Use RFC 2119 Keywords") @@ -35,55 +35,55 @@ When writing ADRs, follow the same best practices for writing RFCs. When writing ### Accepted[​](#accepted "Direct link to Accepted") -* [ADR 002: SDK Documentation Structure](/v0.53/build/architecture/adr-002-docs-structure) -* [ADR 004: Split Denomination Keys](/v0.53/build/architecture/adr-004-split-denomination-keys) -* [ADR 006: Secret Store Replacement](/v0.53/build/architecture/adr-006-secret-store-replacement) -* [ADR 009: Evidence Module](/v0.53/build/architecture/adr-009-evidence-module) -* [ADR 010: Modular AnteHandler](/v0.53/build/architecture/adr-010-modular-antehandler) -* [ADR 019: Protocol Buffer State Encoding](/v0.53/build/architecture/adr-019-protobuf-state-encoding) -* [ADR 020: Protocol Buffer Transaction Encoding](/v0.53/build/architecture/adr-020-protobuf-transaction-encoding) -* [ADR 021: Protocol Buffer Query Encoding](/v0.53/build/architecture/adr-021-protobuf-query-encoding) -* [ADR 023: Protocol Buffer Naming and Versioning](/v0.53/build/architecture/adr-023-protobuf-naming) -* [ADR 029: Fee Grant Module](/v0.53/build/architecture/adr-029-fee-grant-module) -* [ADR 030: Message Authorization Module](/v0.53/build/architecture/adr-030-authz-module) -* [ADR 031: Protobuf Msg Services](/v0.53/build/architecture/adr-031-msg-service) -* [ADR 055: ORM](/v0.53/build/architecture/adr-055-orm) -* [ADR 058: Auto-Generated CLI](/v0.53/build/architecture/adr-058-auto-generated-cli) -* [ADR 060: ABCI 1.0 (Phase I)](/v0.53/build/architecture/adr-060-abci-1.0) -* [ADR 061: Liquid Staking](/v0.53/build/architecture/adr-061-liquid-staking) +* [ADR 002: SDK Documentation Structure](/docs/sdk/v0.53/build/architecture/adr-002-docs-structure) +* [ADR 004: Split Denomination Keys](/docs/sdk/v0.53/build/architecture/adr-004-split-denomination-keys) +* [ADR 006: Secret Store Replacement](/docs/sdk/v0.53/build/architecture/adr-006-secret-store-replacement) +* [ADR 009: Evidence Module](/docs/sdk/v0.53/build/architecture/adr-009-evidence-module) +* [ADR 010: Modular AnteHandler](/docs/sdk/v0.53/build/architecture/adr-010-modular-antehandler) +* [ADR 019: Protocol Buffer State Encoding](/docs/sdk/v0.53/build/architecture/adr-019-protobuf-state-encoding) +* [ADR 020: Protocol Buffer Transaction Encoding](/docs/sdk/v0.53/build/architecture/adr-020-protobuf-transaction-encoding) +* [ADR 021: Protocol Buffer Query Encoding](/docs/sdk/v0.53/build/architecture/adr-021-protobuf-query-encoding) +* [ADR 023: Protocol Buffer Naming and Versioning](/docs/sdk/v0.53/build/architecture/adr-023-protobuf-naming) +* [ADR 029: Fee Grant Module](/docs/sdk/v0.53/build/architecture/adr-029-fee-grant-module) +* [ADR 030: Message Authorization Module](/docs/sdk/v0.53/build/architecture/adr-030-authz-module) +* [ADR 031: Protobuf Msg Services](/docs/sdk/v0.53/build/architecture/adr-031-msg-service) +* [ADR 055: ORM](/docs/sdk/v0.53/build/architecture/adr-055-orm) +* [ADR 058: Auto-Generated CLI](/docs/sdk/v0.53/build/architecture/adr-058-auto-generated-cli) +* [ADR 060: ABCI 1.0 (Phase I)](/docs/sdk/v0.53/build/architecture/adr-060-abci-1.0) +* [ADR 061: Liquid Staking](/docs/sdk/v0.53/build/architecture/adr-061-liquid-staking) ### Proposed[​](#proposed "Direct link to Proposed") -* [ADR 003: Dynamic Capability Store](/v0.53/build/architecture/adr-003-dynamic-capability-store) -* [ADR 011: Generalize Genesis Accounts](/v0.53/build/architecture/adr-011-generalize-genesis-accounts) -* [ADR 012: State Accessors](/v0.53/build/architecture/adr-012-state-accessors) -* [ADR 013: Metrics](/v0.53/build/architecture/adr-013-metrics) -* [ADR 016: Validator Consensus Key Rotation](/v0.53/build/architecture/adr-016-validator-consensus-key-rotation) -* [ADR 017: Historical Header Module](/v0.53/build/architecture/adr-017-historical-header-module) -* [ADR 018: Extendable Voting Periods](/v0.53/build/architecture/adr-018-extendable-voting-period) -* [ADR 022: Custom baseapp panic handling](/v0.53/build/architecture/adr-022-custom-panic-handling) -* [ADR 024: Coin Metadata](/v0.53/build/architecture/adr-024-coin-metadata) -* [ADR 027: Deterministic Protobuf Serialization](/v0.53/build/architecture/adr-027-deterministic-protobuf-serialization) -* [ADR 028: Public Key Addresses](/v0.53/build/architecture/adr-028-public-key-addresses) -* [ADR 032: Typed Events](/v0.53/build/architecture/adr-032-typed-events) -* [ADR 033: Inter-module RPC](/v0.53/build/architecture/adr-033-protobuf-inter-module-comm) -* [ADR 035: Rosetta API Support](/v0.53/build/architecture/adr-035-rosetta-api-support) -* [ADR 037: Governance Split Votes](/v0.53/build/architecture/adr-037-gov-split-vote) -* [ADR 038: State Listening](/v0.53/build/architecture/adr-038-state-listening) -* [ADR 039: Epoched Staking](/v0.53/build/architecture/adr-039-epoched-staking) -* [ADR 040: Storage and SMT State Commitments](/v0.53/build/architecture/adr-040-storage-and-smt-state-commitments) -* [ADR 046: Module Params](/v0.53/build/architecture/adr-046-module-params) -* [ADR 054: Semver Compatible SDK Modules](/v0.53/build/architecture/adr-054-semver-compatible-modules) -* [ADR 057: App Wiring](/v0.53/build/architecture/adr-057-app-wiring) -* [ADR 059: Test Scopes](/v0.53/build/architecture/adr-059-test-scopes) -* [ADR 062: Collections State Layer](/v0.53/build/architecture/adr-062-collections-state-layer) -* [ADR 063: Core Module API](/v0.53/build/architecture/adr-063-core-module-api) -* [ADR 065: Store V2](/v0.53/build/architecture/adr-065-store-v2) -* [ADR 076: Transaction Malleability Risk Review and Recommendations](/v0.53/build/architecture/adr-076-tx-malleability) +* [ADR 003: Dynamic Capability Store](/docs/sdk/v0.53/build/architecture/adr-003-dynamic-capability-store) +* [ADR 011: Generalize Genesis Accounts](/docs/sdk/v0.53/build/architecture/adr-011-generalize-genesis-accounts) +* [ADR 012: State Accessors](/docs/sdk/v0.53/build/architecture/adr-012-state-accessors) +* [ADR 013: Metrics](/docs/sdk/v0.53/build/architecture/adr-013-metrics) +* [ADR 016: Validator Consensus Key Rotation](/docs/sdk/v0.53/build/architecture/adr-016-validator-consensus-key-rotation) +* [ADR 017: Historical Header Module](/docs/sdk/v0.53/build/architecture/adr-017-historical-header-module) +* [ADR 018: Extendable Voting Periods](/docs/sdk/v0.53/build/architecture/adr-018-extendable-voting-period) +* [ADR 022: Custom baseapp panic handling](/docs/sdk/v0.53/build/architecture/adr-022-custom-panic-handling) +* [ADR 024: Coin Metadata](/docs/sdk/v0.53/build/architecture/adr-024-coin-metadata) +* [ADR 027: Deterministic Protobuf Serialization](/docs/sdk/v0.53/build/architecture/adr-027-deterministic-protobuf-serialization) +* [ADR 028: Public Key Addresses](/docs/sdk/v0.53/build/architecture/adr-028-public-key-addresses) +* [ADR 032: Typed Events](/docs/sdk/v0.53/build/architecture/adr-032-typed-events) +* [ADR 033: Inter-module RPC](/docs/sdk/v0.53/build/architecture/adr-033-protobuf-inter-module-comm) +* [ADR 035: Rosetta API Support](/docs/sdk/v0.53/build/architecture/adr-035-rosetta-api-support) +* [ADR 037: Governance Split Votes](/docs/sdk/v0.53/build/architecture/adr-037-gov-split-vote) +* [ADR 038: State Listening](/docs/sdk/v0.53/build/architecture/adr-038-state-listening) +* [ADR 039: Epoched Staking](/docs/sdk/v0.53/build/architecture/adr-039-epoched-staking) +* [ADR 040: Storage and SMT State Commitments](/docs/sdk/v0.53/build/architecture/adr-040-storage-and-smt-state-commitments) +* [ADR 046: Module Params](/docs/sdk/v0.53/build/architecture/adr-046-module-params) +* [ADR 054: Semver Compatible SDK Modules](/docs/sdk/v0.53/build/architecture/adr-054-semver-compatible-modules) +* [ADR 057: App Wiring](/docs/sdk/v0.53/build/architecture/adr-057-app-wiring) +* [ADR 059: Test Scopes](/docs/sdk/v0.53/build/architecture/adr-059-test-scopes) +* [ADR 062: Collections State Layer](/docs/sdk/v0.53/build/architecture/adr-062-collections-state-layer) +* [ADR 063: Core Module API](/docs/sdk/v0.53/build/architecture/adr-063-core-module-api) +* [ADR 065: Store V2](/docs/sdk/v0.53/build/architecture/adr-065-store-v2) +* [ADR 076: Transaction Malleability Risk Review and Recommendations](/docs/sdk/v0.53/build/architecture/adr-076-tx-malleability) ### Draft[​](#draft "Direct link to Draft") -* [ADR 044: Guidelines for Updating Protobuf Definitions](/v0.53/build/architecture/adr-044-protobuf-updates-guidelines) -* [ADR 047: Extend Upgrade Plan](/v0.53/build/architecture/adr-047-extend-upgrade-plan) -* [ADR 053: Go Module Refactoring](/v0.53/build/architecture/adr-053-go-module-refactoring) -* [ADR 068: Preblock](/v0.53/build/architecture/adr-068-preblock) +* [ADR 044: Guidelines for Updating Protobuf Definitions](/docs/sdk/v0.53/build/architecture/adr-044-protobuf-updates-guidelines) +* [ADR 047: Extend Upgrade Plan](/docs/sdk/v0.53/build/architecture/adr-047-extend-upgrade-plan) +* [ADR 053: Go Module Refactoring](/docs/sdk/v0.53/build/architecture/adr-053-go-module-refactoring) +* [ADR 068: Preblock](/docs/sdk/v0.53/build/architecture/adr-068-preblock) diff --git a/docs/sdk/v0.53/build/building-modules/upgrade.mdx b/docs/sdk/v0.53/build/building-modules/upgrade.mdx index 1cb0341a..934e1a13 100644 --- a/docs/sdk/v0.53/build/building-modules/upgrade.mdx +++ b/docs/sdk/v0.53/build/building-modules/upgrade.mdx @@ -122,4 +122,4 @@ error { } ``` -To see example code of changes that were implemented in a migration of balance keys, check out [migrateBalanceKeys](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/migrations/v2/store.go#L55-L76). For context, this code introduced migrations of the bank store that updated addresses to be prefixed by their length in bytes as outlined in [ADR-028](/sdk/v0.53/build/architecture/adr-028-public-key-addresses). +To see example code of changes that were implemented in a migration of balance keys, check out [migrateBalanceKeys](https://github.com/cosmos/cosmos-sdk/blob/v0.50.0-alpha.0/x/bank/migrations/v2/store.go#L55-L76). For context, this code introduced migrations of the bank store that updated addresses to be prefixed by their length in bytes as outlined in [ADR-028](/docs/sdk/v0.53/build/architecture/adr-028-public-key-addresses). diff --git a/docs/sdk/v0.53/build/rfc.mdx b/docs/sdk/v0.53/build/rfc.mdx index 2b65793b..66d7c9cc 100644 --- a/docs/sdk/v0.53/build/rfc.mdx +++ b/docs/sdk/v0.53/build/rfc.mdx @@ -5,7 +5,7 @@ description: "Version: v0.53" A Request for Comments (RFC) is a record of discussion on an open-ended topic related to the design and implementation of the Cosmos SDK, for which no immediate decision is required. -The purpose of an RFC is to serve as a historical record of a high-level discussion that might otherwise only be recorded in an ad-hoc way (for example, via gists or Google docs) that are difficult to discover for someone after the fact. An RFC *may* give rise to more specific architectural *decisions* for the Cosmos SDK, but those decisions must be recorded separately in [Architecture Decision Records (ADR)](/v0.53/architecture). +The purpose of an RFC is to serve as a historical record of a high-level discussion that might otherwise only be recorded in an ad-hoc way (for example, via gists or Google docs) that are difficult to discover for someone after the fact. An RFC *may* give rise to more specific architectural *decisions* for the Cosmos SDK, but those decisions must be recorded separately in [Architecture Decision Records (ADR)](/docs/sdk/v0.53/architecture). As a rule of thumb, if you can articulate a specific question that needs to be answered, write an ADR. If you need to explore the topic and get input from others to know what questions need to be answered, an RFC may be appropriate. @@ -18,8 +18,8 @@ An RFC should provide: * Any **background** a reader will need to understand and participate in the substance of the discussion (links to other documents are fine here). * The **discussion**, the primary content of the document. -The [rfc-template.md](/v0.53/build/rfc/rfc-template) file includes placeholders for these sections. +The [rfc-template.md](/docs/sdk/v0.53/build/rfc/rfc-template) file includes placeholders for these sections. ## Table of Contents[​](#table-of-contents "Direct link to Table of Contents") -* [RFC-001: Tx Validation](/v0.53/build/rfc/rfc-001-tx-validation) +* [RFC-001: Tx Validation](/docs/sdk/v0.53/build/rfc/rfc-001-tx-validation)

    • z;%Q;zBZLSHeU;wQt-7{#IGvu@c`j_w=?!5_Nw$8yizy#Db+@GTBZ_4YDl$2VwBB~1 z*w!9)Zy&KztcUezxUYp(4c4A)HAp>L9B!%YKA-ogS8^_@;x%EYbrmqKwdRG|^r8T& zu^sO0o3g3#pshg1{gt}daUnMNh5@ALrj&kjf#>lBX{Bg<#+m1o%-Ei@{vtL394lXe zgfQe(Cke?UTI!K_jPbjaUWRoj(b`i`6G42qUbtgzay|NX)a=UhvdJm^AB-uE0 zpuZ9xa+n=}#mWdz70>|edp+WIA>QIwP!?*Jh?3gGPHbxyi2sFl0j-C1@wAcMJw=3c zemnHD0V*cno4JntY(@wXM~@OSve)KM3f{F_!D5O_s>fX zpZ#rHtL_#yojZTt^K)v{G{2~{D=6d^P&g7c1?nDd4;N)U96!d?fV?_Jc=4*&Jcqtr zd&s!EPg`4xX&26$0(u~h?cezcM~7IC>(`Y;*5|{#?W37D4B{X>7-K z(K|yVofUyEcM(ZN&}BxSz#fTb@6YK~usZ2pas#lv35MUN91td_Qa(V~&CCo5uUo=v zSjA7YU>X(C1j%$saurtD0ZJdPDw7Xy5m*7kJyAMNCdftj%(0H*^`5m=-Y6T+N(if?>}@@73guoxxE?>+#8AF@+wA8tH+1x>=PH##1{{(+AESG%?JIX5 ztT0GpdVbp>Pcr&eocH7`6Z2*+g8#ry;h}GnOU0IcuH^snt;`r}^*aF{#Y#Vw4dcq1 zP@5KGQSxgJr18^D@=9&w8!6LaR1wC8kKu?3Xy;Q^S=~G4;`>uP(e!YTnJ#_T)@PNB zoT&)0wZEUXINu!ATpF|4)L_K-%=8DF#ZN=(?r9)5qBpW=Wsr&{^7(aTXflbH!hTs> zS%QyI2M<~E6_o*|rXs9?_S-{4>^To1H~iNFL!}W~npXiODx(f~ObX^ljfO+M5tHnE z4feg#s8nwu_{Q2oETjQWo>jh5ryTA`E@1g`eawM^jy2_dR0DQleXEy!_W95@n0zfz z8AtR^Lg-Xo$yYY;VlIxdahF;sXO{#cMSvycuR}8$k^SbE(`gRj6P+V4vpcw2Jm}VV zDsB|?sDy3fMSN1yR{A_iUzUHtmA0YafaV_#PRr=kBi|ws{xYNz!?`f>c!k@xlIWWHG)#o9Sk~qE^^2kjBfF zfQUB}%#+tUV*1A3*9~kF>7mUnuHHf)UXiVBTxOar_ACx~YfWj{MNL<1=Gc#o4xyh^ zfCx*)u^%90Kr?I0(gZhdg!VDEp?J_W9Ga2B889mZUA%%0qL2_;7`jzM^Go*hI zB__{|4z_z4zD8+aX7*n5Wb**Mb|TLqxnifjlDGc(X%m9+tB3Z}wq`b`DYBRFfgvMZ zlsw|*3120GSQnT}3qVwBLYiPbsYx^3tBEY+05rpPFV3N35tFHjs`+?U;(svu8h~9m z{xhBk-j?IVaN%u=- z6^&)l#Ccsiog;A(`8R%K z#F+NvXE}i}k%T5|QZNFm$niUTo=3INUV-VUsXpQpPfh}2a6M*_JQ_vilVbV#>rp2g zjJFEe{z{26HBQ5qE*;K4$dcOngoEOELAbI)>>sWn?_tYczx>T_e-?o-vJVbt9e%Hc z#nGC5vlCF6r6d;?wz=oa@=8sb9xHlgdPC`TDA%y3w_>wKZ)@mTqm$h6{E7GQG*?o^ z1du%ee^4nDMb)l&;dm71JYglqL@3L(OuK7Rhjt9?RmE&v9DVxcKPyx1LUF&}L}^x* zd7Io1-EeluHS_`qyb#V&d2SK>tQE6;jCR0^AA53(&QXc0a|Qeq3Ivh|2ft`xT-yE! zo5g8-+sn)M8J7R)7k!LT{4be#^O)t_g9Guxn^U)$VCTnjT;I$P#m_)GAN3hq14Lrb`PPZdCKnT2?w|-2yv&#AcbjAAb zz*tjA|Bvg>7!RPX76vvaAUt^e7Q44&j6Tf_CM$Mb>?(wP>qw>a7tXSASLrTGK`)!> zn8+H`ol*~z#U^2IDZez;x#n0cWOCQDrB1hRC1KZCl|j_uvqe4@fM;9W6U4O=op10- zK<*i?((`*7PJqMwjge5(>^u|f>FMVQ97kW^3i`gZ(K&#(oBgkGXQ)Pt2j*_@4y{5M z6qK_W07bGyeDmRP&Hpz`h2{HCSOmnY z-g`kIEVM)-f?vPHkmTHO^p1b;41EPLf2jK8Y85k#r;lr41*>94lnnq{%SrVw!2RZ7mI+pel&iV+tb$oBwsig@%jy^^Bmy^L zM_K(kL{MdL&{Fe!!PhIzi5Y~CRZxc+T{QY8XZ%`B)L3O0JcYExihx=KkqklD+ zjGV2TBXQ9ohJxfSn9sxPER~63!tLT)>vjuDT;qqmnCBAP&m$TU3UeR$N8@+U6NnI= z@mEhOKUAd>(tWAtEhH0@LlFWKbpY!H)aSHU63yLY>^P<)`kTwBXw=HjN5eSy?1P*~ z_0(Bb-F`IIs?@Xr&!yb9MG*Dd*Rdaey~%meTgD|w^FtTp^&OjmMaU@)BT))3N6G&J zHwMKlNVpc%3$1h}zt3$qpRkB~Qpuk@9oVSS-nvdnNixo`JHmWMb7tPg*Pd&kz>1GG zl;5s){nLcEv2Wq}&;}+ONzO!OTcwuWx%fRp2W!xQ>pZ|sayH`eqKYH$K6*H*{1fex z6Q}d*3*jc~ILU_C_uJ)mmRz^eRCC1D@=!Q4+pV}<>(djsLnCvr4!v*Cy1o~K7)Tr=y z?Ffy{lKgZ2`w!Jj;V_k!#&7k=@G-o-@5ZDb|1I*uXT$aW9-%Tx1LK3EUbd!hB31aV zKyRyhE5-y)Kr@tMWY5n2OADYdjsDJI3Y?}u8=?pP(_obj-UG*Z<-gpy8BG8->5>OqJE37aPsPG#<#7d&@Nr`g{0vf?S8Fu;Q16&0|N-f`8 zf?3V(%Kj8Cd_Brp~dio_(xht`3S)-ZAN#ap(edgilKN9Hh)fER~|^tltrIm>Hl%_ zkoC>;hBx-qhzv3%{LJBDb@_HV!sYb*&}mNy3zj`Aw3~YS-suED{H*18m_;hPn?27y zJUr^0B%2$i0EYbF(|5sGyW})cgK6(he^07~fr}u_^~8G9Wsu1BliICI%7h|DOosC` zDs}>Rq5ll@)8EevLNZvp(UDOdcYjB)P<7~U$4uS{zwd+!3$Ff}49`gXsvGI=U+pV= zuAxWYQup>6|5gP1;j`?3vC8cavy#1s!Y|BV*nJASXfd=MP4L-^p{-uXy&M-TP#&2z zY;ENSU4_eg9_a@t{NSJZ5;Sr9v)1R&hNiF9#ojQdca*gDoK7YgB4V;HUwn8aeiQeu?>pQ^^IbIf}H7ExZfa~T$ zAm3uMP}7;g@beVki+%<~5n~mOcnNI*t#FW-^?{zAM065X10DIX^e}tk@z{sxW7iDZ z`u>p0s|m$HLk+l03p6&Rr-hZ{H+ziuSs2H=?BMcTf$n7bf~g=A2Si5>f@|NUHVcG4=1oI7-VzD)@i=ph&lM)4tt`T7vqap5e5!MC*a^z z);9`TKOxjR8P23)DQT``t?1e)Wi{%1fG}8gp2ISk2ww8(BQ=SIa)-lsyq zidvd~!Pb<-f7Nje{Eh9PZ)0rt;BZjNA9CuY_ZvUx+%eY^;FDIU9y%Bf^XQgEKLVqj6_SsW)}R^Z-YnH$>{W4L_Rh&QZOYdvu` zPT|N|X*mj6@{nI}#Z~E55eQXQ*{xTl?1mvM>tR;`z=W$|#@0_4 z-vT;QXzHb_QR|nRcSNKOgjD~|nfL5*k6>~5h{Gwk2FoWfF$P>^@xo#=q#=S6oE zk~PLH!!C~;SYnZ7>Au<=rr^)jf9*3##P>U`UJx~8^tfzg_K&izm~3nKYMdGZ@zH#= zSS$-j4P+7w3Se;+kGo?vRimL2~jtE8FnFMw6{p@+YGa(fH&J32oISA%p$o=%w% z-$)pkcve#fBH}J`67Az$ic?#0MgPk9!ax$)0Qa3vSTA;G_k+-f=f2OsBj+(rzxzN! z<4Cyg(VH9DJ^tCWI`YlmCRRseVIs`|M_UDi>h6_>m77~swf(Zr^{TLMfogQe)X-6wJH zg|shF**m>NGf$`52*PGKU)~a1465#e+e{nkVvAl$+^?bo2@d6Bm&bq~E!4*d3;A6)C?ogP7KGQqDrG& z0Xl=w4m2Fc1&ZW_Pe+VOWcNm}j`Y%F4$6+nL0W2BZ zap=X3s#5$d&_#$m00W%@_jdva>{773orE|%ovu2a;pMllusfpYWOV|A)yL-q@WH~FlNh(!kre5%_@DAi-Syga_&f!MdI)xl1;PU-XO~Oe_ z(RK$JWEI^IJOT!jiZL}mr|dwhgEpW;M3)yogFmB3EL5k$$|8&q>h|HeUP+KC4%^#*E)T1VNCo0qE~^*CDM`Hi-C z$q(WGm$QYnQ=W=k@8h8tVlYpe8fyDVYp9^;0Nt`kDT9;C+c@(32P$H|Ts3iXxrivC zu4p4O1jQ2)S%7QVY?Y`=GGSthUGeW9Va+qpT0bXsAl=posh&%fI{G)hQaAl!q=7x@ zGWUtpZ2UW~MS|kkMq>TAvt@pt|M~x${C{gKiHG{5u@GB7{zq4I9}e&e#&^ z`97fXR#h56IRFISgLydZBrF(mY*ck@Ui0b8d#By9hf%A?Q6?B-4<=NNLM0ZTrhYNV z_hM7T-^gZ7(Gnp6khhOb6eOnRU3PT}2^1chBHcK%J_+LFlP`$=tG^={Q4{|?AZVXV z*Ru~4SdAh{H$%`~3;uHJRAW@Gc+BP+^|)={uE+>c-jGxvOvpts3+OgjB0lP~Tui$a z4#Rru9${MnBUGq3Pl<@v;Pl^jJcNCbu3sOPf4RxQxEAv>e`Ah`0kc>f+FcAf#UC4- zM%E||)`RMh{K@co1g<(`oJTWn`^VB9#(iY2$aD6l3O;=?M8yo>o~X9^$!lF%Qe1xV zS-`)B* z&yk2987&MFJFahuC(A5(K7uj>=Leaxq6cp__Z`U-dSB-f8&#-BfXEfCdj7kM-Je)y zDiXi4=9>Lys~LwJR>&3zp8)3nx}vAvbZ`5=yQ2XfPv}U`Y*+B#ZP3;19-k^{E_@75 zWTlr!??Z}kc}%Ge;8C-ZBKWUKU@sKA1^-X&W-LN;Q8U67$cp}ZA<7@S_P6>R)3KBqCCF`g z3>6dcj4ED3CT}1b59rv9+TQvLy6N{FRip8pi?x@>I}58dbUH5Lx4?b{_*)eJI5yYQ zjIPsYn@Xw6Q2r)IjD68TC@L1~9XGTCzlZvSDpK~~YYn$npbME(h@o#KzSYQn9m$iaU`oN}g;w;8I*IdnVJ_EDD!kS2@h+1{ z@GHhGx?67xF=3I{Dvo=~dJ*9qP6{~Xp7u}VdsCLlq5V-EIy%yq2`2%uKjyGf4n1Uk zR@}s}lF#!Z4>vZzj1$hZ)8`l}5LurQ<_4fpb%=HoyaBCHWpG>pmKm(Y;q43;=P@#J z!l9BgQWxi|B=nR(zQt1+j~hno1kv$FD}ei!IhyT#o@HjcTS88|dAmJCF%P|ZBkhN& z3oIDrnQe2xB6ONMRBkwe!=#`Km-?&|_Zylbe#WUvQybTGQh9tnC8H?scTQM5&Q6xH z29Y;DO7+Da(viP-5qIiM>qxOm^es5)Fj+uzhkObk7$E@NUrlb$tL5l9aglw=XFn(* z+L$0Lg%*_Pk;_krTZA;?t&!5)o@$bH0gIk)(pzrJ_1n2#X`IyzDV%^%# zDx8`;KTkmtz|Dy2iQ%@S46#VzEZ_?f1i=sLqu%uzPO4Huf~wg#7w;UJ?axOjNaVO` z6;*8B^BKHt*8@dnL0qb35Nn_bwF@vHd5kBYydiF3=+(bDe$@B;VuUUqbPaN+YBn#o zX^1^gl^C{I1zFb{1)3_KFDuAIlZWTjpN;GvuGTpuz2%wCZC*OIR>M!D7?ucja>DM^ z$r!2oy|7vwJG%-7wAvmFSKuSh{v)403T+_re0-Yz6&R!F4;s70h3&B-^cgo_Y;KT; z)Ci8Wmti0>ehA@+)gw=!*TdIcV6{*~j6YcUc1&qNkST1{i4EJf=k;qVDrxL+q}-no zxsj7sI^qXN%Hq=1j|XKByt1a2)%n2`;|SOTV>M5$%ro`Kn{h; zS?)R2u--fKj6bs*ZPr-GacJsWu`eXj8sr89mCJfG;K?&~3wzO69t<6tB;v%FBy*X@ zs|86o7pbd3{`KRb=P~z*L|8?ggv@OjTXZogzn`M#``0yprsUu?6Vml?D>ZSD?om^E zSyaHe=JF=6iAW#S2NApyI@$G;$QXK+MA^4~O0AD@k!gpJ3+b^f5ze^4jqA zBGkI=(?l8Y>EW3G(yrTSlgDMjD~mE<`1r=5{=DY^=yYg#CBlsnldMp@O?5+iOpCOW zHwt3MJEL)UOQ7*pR#w~G)zzrv4+X2D^;1+8snkoge;t+}ohmEKdnv+A71~&Sh16_l z`8>nd_FbCjPCo*LolnUs0T=K; z@)WAof3&3jmKntFsQ*uPzbH4kcd5XTDBNlGBT3Ka6NB*H=m+9a!9=CDN5XGOpiDXA zB+Uckj0PBN?$x)wzl|hASZ4c588o3EkhqtE3B32EJZ)r^=1;$!^jGdAp zGpp&rCm*7FXR{wn4G|Mp@}5&KU8_OHNIxfDK%5us6^~nG#`!q zh`W(7HX0mRtJUY|M%b|5Xk$K`=`oY09JsvV{mACEb5FF@pq8`Uea_MNusK`joyL#h z%gZh$epszxmerV{@FBJL07_L0nEO2p1RR#l^3|oI8*ntO;n|#?U}gZSe_>?y&A1tj zrC6Qg>f0hGYs-rwLL#KbCNezh_1(3G0q-yYJPr^6?ko&GXpH=WVKQ@V%@Q1&W5`o<_)Sj7=0RhNz4YZu} z&6l;8)P4y@XwN@9WOalJ6v!yJV(B$Hiu%(;cm;5_I`WG+C6A({B|!1q@e&URWkgZT zaR+;CC%})Hw|)Hz0Tj+-fzDj) zF$QMq!RIC+I^L#tI;c`ZQU7raz<=OqXpYhI*_6=lBNq025skCJUJV@GK!wx*l6?e= zbwLYOSDBse3Mvde&1l!lVt70`cz8}>_-g-dVpJy_*QSf84T;e(L+9hw?5-plv;Ss! zx>WiRuLvOH3w5%cbv9{=RZCXhb7!Y zAF#QO#=42Qdl-MbQdVfAQ?=A&dB_VAIKtK)+&GFHGvcVUCy)20ck2kIrvrR&98 zuI=a}o5{wK$inq!vcA-Ue~G5q1CUd956V#48Qp@|zGpY0aU!9{@7&y|9;B2?1&vDL z8Y0M%vy_BkC2@679~`yxu8{u5PXpGdT`zE7zBEEg*CPI z3(31^d=*Z`doT2>XC$vZ|K4uZjR(@3kQ8+vOOF7>8_qS=EjeBe2mR$TV|d!|9cv>) zXyl|Af|K6XGd@)?KwO&{-A)aN`m@+{tZNcqs6ThNY}Jo3-VN+vO8X zs;Zm=Ub7W!JT>owuC^3ETtK3lLewardO<`dFvfi>;6!1 zca!Fr2zKYb{68MTLp`qA!!VRtp$v((-PM^ zPS3z$9zR+~Bu0*GDXASb%2?};sZ*b% zI!OOvxmup&OwgSfqoSEOT1!;W?}5!QS$9(UO;-UizmWVP-6UwjP#7wn9VoItHK6p|rF5Q^1Jf)&=~dDFVtZG^WSW#s=*KFy}J zkp~E(tf_lek_?-q@MSs+=4?IKJ%Cp#fGH@vBRbL_A#!<2Psqu_x1L!y_E5^VkKVkN zUUgdPeukvvxt~H2aDY?5-te8s__1oXJ;0FiqPXhj?L$dWt`qtTyhNp!H}AgM zkAdgLd;2VvUOO|FA+Q3@>U9`wUkV>oe_b^-Uo8xBZzX44%xS3p_AbX~t{GkNd3mZ^ z{s0zSrxn^fa>;v;Cf}7ttLfJKN5Re84n&s^&522@nKi(?aU^8=ig?4ON4^9o&0cP4 z+iSB1tgS{a0QnGbB0?ub?Vv{ntzB_bYkg6Jk69b1IV4zu?$*mj1-%k#r z(K$zBwcm7Mmkb9z||>ISBo%ezEE+e#Wv@w5zhMvqL3+%jOs+rk#`ab78!E8L)T5ny}FF% z8K|Rh4FG`vhuO-a`J%uD)|Wjxe2M(jcjsFi&>+v%#pErj)T4_W8hKfyD$1T&gLiiA zUpY8$cbom3aJ}d?NZpNuGwq!q{IE-&g!hS#!$NE9+0c(>C6jgSwYBYknr|Uor{cmP zzO0lgPjcd2DnTAAKB_DJxB4YKloh(mVNHDQoy(+H5Z{|Zaz{&>`x6n67bRDbwAB%U z=hw_L8c(}uVuB}M1(ZQmk`Y;Bb_5-kozh>hourS%z zV;+dATS*p&Jq&7$isNH6?w&La#vLyxOjbIB?msWUIiMFmmYf$k8zS)GYAB_(2SpP* zV^Z5~gpbD5U+s!G#t^8A+ktC=W!BT?$F~KxzN5Lg3k$Q9Hinh6Cr$m=T1Hh5_>9}& zrFpLP&6w@MvetMI@Su_0ev-VMY^d_t(40Wq_Po1>{A1vnA6Dg$`_+m};lYG*%h{He zWmeBC%JpbQ&EW0hkCVg=^Xb;Q-<6lUcbg&};|1lwC1x28ZpC|8&GjXCqZi-pXsmbTC_lqXKb|J>vMh8$ z`is4CR}HiYd)0L zqUL@6&cZ{#?F(}wdS+8XfGhNfa8`uH$uggwYVj_ZLjATARK=-7;laoRBt!6W#v3Z7 zq-FQzPo?#_b*xQS;4OqSaa2Z?R z@?9JMl6NIw*W7X?eClg8XJj{xzX%+b0jlf`PuvZMt&f=!qE!zi@NL1j*#ak++NM!_ zl2*OZV0j%1|I|NK4-I5_%3b>=)AzY>Uf5|xFC<>^QI8!+ z=R|IoVVNZM)SVuv76Orn$=J1*^yXbo78nm7_0Qro>~s+36@+T+>lvfRDS^|I+1 z!X9D1AlI(WGaU|5{Qie4eCD}=ry?VB;7)X88kcFux%zY?ZBA6;;kllB^%OLJ^<9&o ze-9rwV*OZW{@++@7URk8PET0cNW>|fbUOHqJD&wJ>0+xa6%oybup&hcuH%)weB;8B zF@o2Jcq+u`ND(6SY&#;J>qi5Dip9&V|J)YTm`Iz>_5Zms@~fUZ6WUo3^^V4(1~>`n zW%C7^*auJkuh<&@pL*Qr%00;tNM~@t9*b1ho4=n0v#pSMqsp$CL_Z;~e+k0Cz@>JE z-H8|M3?5Vd!J;*EHoA(m%zJVuVmCujFyZw_WFp9<4t1H4#G+cuYWg_bg1FtGO-}@z zF+XS|opALlQbT&Xk{fw08hIvurr7oH@-&Eg-}B)uKw{rp$vM3WzULdFhN+6(7FUC^ zayY(oU<_tQ2$sTi2#%H<1qGNLX&g&xW|GCqJJ(}jIEhjGD{a$c*9e#-dfs9`gAFWP z&$>Uae9iHDanp!!szfnM*}8uiI;FQ<>)plRZx8$>sgDkMNn1a6A-6Vi8G6O~AhzY& zPb>{<#Z~56(u5cfy~aWCG1}-Ci0$Jz|2z;)_EDq%2TL)P$J(zjwCh6_j&zf*OpgJt z`a{!+t^Ub8%0GDQMN7hW^z+^kY}GIppI@v9T&s}+psvWyPL$yiebi*(qU{>qtsP5Z z4HUt@$b|OtirVv(m5h94qI0()*-$Aq=`}1w~f(t1IZ_0n0S@7Q;Se(2&ha zLbb>93aWeH>Ixc?zGlgE2liMp@1P*DzP#IiZTS-I9j~$!jeI^vATO1Ay#$s7{2m>@ z@P2Q7MJtYN`NNuJYF#w1b#uv*=c4k_^AUgEx8EqiD3KK(q-?<)8nlq8gACYsUG_Od zE;)EplsX!G#K1fv*8GH!+Vm=CTI8$)p0>b?#Sx>zSKmem^vxuuk(g|Lh;WBE;k}I- zaj%2#HkHljTS??PM&p5YZ_mpdJ{cBv_}O_kc-)?FqcsgJ7^P@yYm-DLlb-Zarj17l zS(DXRmD9-5ynEuw-o6RtntJP4nW%3mGT{v9jy)P0fCZuxy+=+r9ai9ZIxFj!H+8cq zPnUIbw;Z<>q+%M7s;9_c%54Ow@=r`VXYh)q{=)okv1L$P79;SOLh9j^LaY{$?u*grkIKX zWug!Ev6Qt2y&(uI{_OC{>$Qhgae#CbPQ|40?2bO6V@0U$31Zx z9!oBDqK_SnKO`KF!Iylqee6xV2{!21iHc?QG4)=zhgMC$+e zi)Abo`wGcZFA@8mTLM`z^30ArN77x@RCo-9Q}w_DA6)X0LSSdbb5Uac&$+wx!_nQK zlkOw92dK%K`^<@&k7DPfJ^WSDk{&I3SoB*IEC%*cei%g})b7yKsHQkAM%x9}09$AC zKhB8G5zlQCJpgZ7_sEBKE`-8EG5XJNY0pVkyQW7o3^(r`o}8v5dOk)|TF&iL0DmjU zq)z+SI#3D0*4Cb+BBbckJE^KdakNkBn?n=s`m$bP+7TXW z0yW2V=9E>x4UhJpkFdi-?`kt3?I+vLXa{2>BP#C-`yV{>$wzof3}}2V%P4UqS|pj> zC>%FH*>x8h}g+o=uvJ6|+yTXOj$MlP{7WX_ZS{KG%&aF|G} z_K?Y@+(uW(S7;j<(q{B)j7DAvRx()S0D%IRs_B_Pqog4#^#=9UQ9-TCN`8+CRej0+Z-=~fPxSLEtkyVD^(MgpQ zk(1U%BG)4FatBPS>g&&y2h1#kjfZwruN+BkB~#ndR~{}U4`q}GKU%!)pmY8hL8$Jg z?V$5Awc`N@SDXVq9`Ok6c0`nOo{?j%7fY{*-ONcn=s6cYq4&~vKY;J=E%w33HO|Y* z0*$rE4x~FlJ(@ekg z*UX)tjXa(Xtjy_WAEW=&cy=4S<*I}$7iFEbgx4C64@S-%9}Lfvl}+uak_6^%EELjK<~c$oti z|MW!;L{89G@pJbI@^QTXmUf1?Z|d&wsC{LJkk78{%apVK)2mIK=Lspu>6wzi=6cXl zVb+CwC#A=&3DSc!y+|{{Gx+At=eJiNxAY_k z|Bxj4O5YEmD9?At)suBsA?uaEO@g*Kz1IRllqc%+*%A}y#*T=ppG)we87MQc^($s< z3;gW*`641*G4w;oHcm5gIXSN6`;?u8_6r8Y329K{Ki9X>JwD>pxa~T${=IFVI(z zh+V#a9Lu{mD}VZT(sUNyIa4yzf+Mzx>3?k#5F)lxQ|TrD6^=DX>4{=A^#6C_|M5&@ z$eMF*BcG8x5xM_)#)R~%H=DK9av@e+MK%tPgLf9E%yHN{S&_5@%b`}%_N|0w-|NX& zKlz)DF)stSV-6rc3?J*npI#J_=;ojm9Q~66c7LWsYaFyZnpovsiXtfSH^O?7-uJ*Y zY4;`X4Hcw9vWOFLv|sadNX>a%F_T5 zq3Qy;S9PQhNfUo6i71EYePXeC*)QAj?j1o9h}N3gPLnKFN=d~FbtTZ@?ftHy+)!g#TS%=kR-FR#@Sap4C1wqtMH`NQMQ zz-aH=F&BLRuI@q2%32Xwy61dX(Tm}=c{W5FqkwXh#??~{6IezgYF34#rudf8oBr~` zuzj;**7(QyT7V+&0HNMpti!iy0lSAL`pZHt;is6|Hn2rUYJ|+!QC~sqi5LP8upq@o zh@``Tq3t_fP3@NvJ@rc^JcW!@jOJ&UTusn_U8SLO$%n7_c@IvfYVwgez0aW~+o3Abb>xA@Xzve(R7>cnlEUlB&9mk3eBS=vL?(U{)`l3lBGMf|r7w zl%apkMTt0H?`>@R%LcmmOEcgcii9ww@#n@&s!c$GusHY7l|FFe_Lw>m8uHr7QRe5! zg%gpYg@l>WD3x_<`zDs|bV#$X>+$x`jJ?=jtiy>;JJ@x9x?ZDDI-rP)*ZymmSBN*c zwdtC8C~*0mAJs(s4B8AcMz+(nF+w!91PqHd03w(}+2^4D6uYOqLjt4baK!8f&X)H_ z#NH4`_Ws_2K&>O=`7i!3S7!>i{jgW}&4}LFABCF9%53p|_UQRp)SHV$rrJRvhy3x^ z_wh~I52Ya21tVT0gm;B$TKh}3z{sx^>KJ{vCjM0*ce85oBgf3xtvT&L`Nxw?E~`_9 zEIl`&tjN_R=Kxem4{gtcy*G^;Ph*(P$_ob-?|z?SzpRbbj(g3}B_wZ~!XYBoN>TU~ z`*1Z^jrOOgRebV&ZLqFK7i6)$A zQsUbqL1 zyN_t(;3&ds#v|~OCKNp4Wym@1klZvsXe1#Ws6Ov{zh51l?eU@I!ZJ_9ZPpZQ zQ&ux7l$3j+Qj##By{dD#=mU%j+nl<W`bEmu%Fkl*zFi*2W6I9Lfj&d09>D3 z&>6PlGw{vIT|h0yX)8~(gcu=KtiV@G=kUoV;l|CKI`HwA>&w{oIw-*fp!BfXp)8Q} zX`lq=D%*o6HkrYbc>8j&BJZB`z-xn~J`*{7f#5kxrAx$u@2hLkbF8HiN7QOS_3$>O z_t=y57;~9+X;dTnZM$hhn!Tpnnx-;3?(f)W4&T#vZ$Ey592xdJV5))s$RhNPz z8g}_}-ego1ZtqVvts&mOJkjhe>I06;C=6MAZiWUaNM!dy@dgJyEzpz^Z*;?C%sKH{ zFjF09arDjtK7O_nLbiX&Kj4f`xBE#LZVrsXA&A8Yjt2AMUGziQ5b&-|pn(F|!+a~t z!_JPdM07L7p^%D*BcqCMWfeM_Uc(Xbt(?d*wX~Wh9k?lbxGMwSb@IlYlY75Ce>r~~ zx-Y$2CE{_=kbMkph-b}D=o4tQr6ywN>yF9HRwQvIq%quSpjY4a)$n~d)b$Z1NHQ0< z;2U=xdj_#IkQVw^OpNazayFixQdJ;lLQ|Hf45F zpSmpD!UTGK>#w@lmR6wZJ7JLmT(ztkiie)OSdU+VTYy&*2GK1kowA=64#9=K57#kq z52OrUQgy}tTieH^bLN(aNGR%wb9}; ztpSs@qkPjin?2CK4KT8=4#Y>`5jSipFueVK)QgImrY+8!JBi42nV}D;``^fW51^*H zcW=}}5h;R*^xgynq$r(;h@c1vA}B2?AV}{Wq9RR7=m-j-3W|XAP6UC_r1uV?x0uip zQuY_#_dWOg?{{YI{mwmi<~wum>=`Cu@9g!gXRp21Q+~f^eIK&9j02N~)6!~7$5gJ0 zkqojLbFL3_zb4p!O<84WSS(Fyuy8i76EdAl%_+dqF}*I1g~-XtRp3Movaa`1r}bi- zdslxhpUt=iuK2;W5jwe@)Ls)ED@#@LoS@0(fv>e7d#@;gcpMBTy#Oqi&&cM3<_}JU zWT2p=oQjW3U8FRkGIW@ zMc}5_oXS2m24|O|S!x31NT2#a>0Oif&mQlxya!$cU20x@TB_9DArN=N^3K<{U9B*mH{pYBF5MYr1W&${lP-#wSvN{+Ai}W=5W}n!EidYDp{W2| zIj_GVPB|dwu-*w6fFD(_{`3u2aOQUAb>7&%581H>g(~>{+Fd`kY}!D8uiJjaQ#*=o z*e>&y;K0alrX+b%8M$C+9@uh09KC)9w5_itu$)PdpV6wuVX<3L0&5>e8xmF zqHkxAs70XW!Mfqv?1KH3{1?EFKF##dLN=&-=5cDPkGJnqfj1ftDW$LJ*6vjf?9Qy; z0`^d(mY|vAAYWYULO>paqYXXF1>7KCM>hDAwrqe)0_qncVq+xY?4PM%mesTq5 z_JQ~?5a%pi7*vKV^I~Z5(}lZC1naXr%8RLo!TnRDCdWw#TfY}71`gPxsoFR+`01Tw zqPU)$AU=!XUTdczx|z1I zS4H&lHG6s;D9|0erFfn>=feuirKwRmm+w~HOBfy*G5S3 z1tH;WEOq=>O7vJRJ4CmR<3_vaKGeh2kz5IhGz+MTJB=X?)*z?H5m4++$U_YgoHLD@ zRKRf}g-TuA$j?_tDL2KV$zL`$K7|(14v$^d)At-4QlK_u%`XPrDLiq zuk>3(dx7h&WqfI>y+=l9ocjAq>Q9dbX|F;@1Yi2qA7`TSZwf1ce;Nsat8i^8A%Q{? z#QO@_ES_E+Hk+i(SegbM_G{M*ZqS@u{+3pkf6;?+|8fn`?@PRot0)^kR{CQX(h3JI ztn*HMdp+bg7j|0cboNR%`b1cmxzhyU*zgGy(?(y{r&iWi?|pJUT>!C>!8% zfKb~qe2HXK|FcBhgCe%_CO7UW8CmuETDoC3w14tyOSh25z=RG=IWN8l(=ia>v(zvc zLf_n^iDWqli5dtVX6^;G0Owb=yc7_{079BERy^C_q>Y#G7IU~yyPE0>9AO&31ltqa zN*BNxL_)4gz=+>}lmTl1K@aC0@by^NrLm+51vD9e@Ne5%KR+&Ld%v5-w-F*Im_xEI^Ye;l*f@6{KK=Fp5u|fI_c?Dth03@5^KcyK2 z_F4B_0)AfVdVhX_+YR4qWjGJyT$;8Xhmmjwc~PHJFpv>$e)yk;iTmvHg)od5%qV0{ z6jHI14SsV%2s}5piw8t`iP-owlu zYWrU8W#Y@1zWSk5JIZ>MF;=`|qos_5;OBL7a z+M8)xTufHoT31eTK=aK}I_?IHUr$HDvJ=X|P&Pm$~BZ#0GXz zP3VTzbrm?lq_YP`tkYJk2iN_Nr!}&>Y5D9j6^~K8a(F@-=1XAoakJ^J0DbRX{V_` zwnTdiL2Dy6c51}vtY;*GwEhD;A@UoXICI=hsU2)j;~Lv(SrdIjH>7E}T!Ccbzapsq zt?BR>0uS2t%+iD-T$&<4gcqy#4g6mEv!O}HV3I8k>DwH=4$BXI<<3oTi9uzn2$fFx z&_44!YXOXA@9IA62=^-RBrWK^5^fzL1tYSIcFJuM`OGB&;jF4ei^*)DY}P$+ zsZsWovp{HDS6KaXc;uWCJ;#sS-?EmOCaCo4R;DDs_Px(k^cE?*WhEu4{uz-g{VlPV z*^!rAcXsxa8vZos2;Mjr$Q^thtFroo*4F5qW_!rVrN%#@TGwoSCY%Jn-k&g<9D6?a zW^DX=xgI#PSUw~81&XQBlS4j!_i>XKyvA}e7a2;Uy38#@W4_b>dhn+|6mSpluOf2g z^+J>~3z0&+K)*Zy?Y3^csP@)8shB-(j>F8vkfTSg75ce~mnY2qZi8Fi44 z^V<;PUue|_%t+OQR^&jiYJyBd)vU~Mg z>qt8R@1cO7JI3X6a3^c>am#U8L2wAy$ZnaRmjACZpkY+2%w1Hhpxc0U4DAj*slz-7 z_&ma_zFqnLR|#oDH?t%COiUSVn^~_Va}VY{VdgFCDlK_V@bKEW2ana80U}Bo3`j0mkp4KkCS7h?K1$mt zSi!s2r+=F?alzec*k4J5Bq+pN{UL>|if+W6U%TeHkLR^MPKgKXrh!X_PUNynUQ3%d zEd7=h?|(0LGSobnl&#K|$E#6+k3mpSQ;b{%@hg@$AJL1Bj8)-YvxjwunMS?h9YSvi zLPy-`Dk7KdEJWbSp*Ze^*T0Cy%X%KeUHB40)wb~P*6@G7Jklz}XaLw#ah!a>wlFfh`!dF^F~H}CHch5A>k12h zPRP~?p?eiR6g}sfhd3YnhNmO{Fa>iTO3KG@1&DS|j7STDQn!{~`L)`NaBkWnwZX&; zOs4|rRto-1;L0VIAQm;MZO#n_@)nd>i*>=Lwa{Z=**7TAe^;7xnSIWVYbvB3AG-5d zR`u;Zd8|)X9DPwpb=(MR0sdS9!2U~6QlvUnbdde?$k45S^g5d{{-V+PxK`&@uoVKHT&qUf)K+#)Dfwv}{~?2XDFoEP$_q=Jv4Q%dn*pK{~JY63A@Jg#=R$M;(+&7QqJ_Zc#!-nNc( zGIT)SN;-Q*RpNC4jm0iHP5aGmj`kbFL~ga9OGJTS)82W>A4Kb@@{}Wp3;f<~eCxZ1 zRy(uR#k2RA*`uQmFbC)Ho`hQViY-Or(+?BJ7y4|@P--o!dpjY(ux|H;3-$ZSFB4RBvNrewyzTNq4uWEqv z^6Z!i0JV@z&8zyP#&tmo)$6w+xY;qr*$z2oRm~%;1}^9_pW9v~ha(}wcRS&UN4(j- z`Lm)>BQt4U01bPjzLm%Gb}{L590+Ox!I`288U^>Hw+r=CBGh(XtPVj*?H;=~FDdPk zAa8i2y^o7gVi8sW+PE2bVWXtJp}^q!@VLdk4N^PNJ>ySjGe#6}^zR(m2wO;0a6r<; zCLL#9zeJ3LUYi(sKdWugE4@Ci2#kwSnr^Nhp+b&fsiNv=n$`O-BE`4n)de-saR#QQ z7T&Cirhz><3fhGa9oarot0fNjLkd>l??2ZB<&g&&;kPa6i>n8!E8D2b6@wMDG`#Z> z!TW*ISKF*=#%w(-rze2~*0tY6R~PHim_8>-@>)nq97L+@Ipcrz=2Dw0TxfgaPU!;Q zTPtY>Bn@=I}^S0iRBGOnHO9ECZWawB;o16~DCRj4-u0d4Bbs{T(bsRP1QV~&j z0E8h34#2DAHp<($WzJ}=;UYq2_NmP%x@H7;Zgj;j03L+jNCR%qB9Mg%Qrhyzs=Dri zQp4Wfz?GN0tj<3#anYTRAERM0f^Wu5r0v!|q$z(Qj9gfCj7$)j?CbNknKNM+kv>@W z*}D>MK_{XB67MNhWLohB->9WGt`6BM;cyh&`%rZx`J{lSG&T58j0}3MjP_o(#dEpF zDn?mad-BNtZ~(aDKUYRD@~57&ZA0PWo0fN1 zX87&fme9~ZCx5EuANVh>*iMYJI+|Ibnb>HRW7EKg23x7? zK!=osTGyju3JQqR7M<|$xpVFs%L^wj*5G%~EQL4e5FzP25K(4!FV;?svxEm>omUJ? zlw%w4AQV#{W;AB9wM$^jL-~uD#aFbZfuo^8DVrLDoO(9|?*iP0mv1kg9f*OffpHfB$Fk%=u@TkNEeons1dr2*8=}A;v6i_hPi%vz4^Xn>o#M zT`Y7#nK_ROk|*zR%_r}U>~&*ngEpC6LkTnP#2AZ}-~koj<5MneVaJd$nu|i8tj?z7 zggxs_+0&rhG~nSChJO+LF47#?SFMs+?`?H=yV%=2(*i_H3e~8QE-x|79#AHI>{`6R zQ^@KEI$`FOJhaqDuOrmaf>k^k(o3Wb=!v~QyYC**s{r^5Sflh5y7LMc7J?NK3#z2S zjW%sY?r(QDP0oYuHjKq2YnUPwEW6i1K?gNM z_QOjU108|-ju>e_$ygyEHrFZ~|x0R&Rg0^r4WNIYkKZRO_#yYiC{ zQO@m4q;5a+{rS#Rv!X821rAOBJf*{TF7kv@kIHhCmh8ySypmIYcgq9SQ* zN3|R+mP)klKI}g_VhNZ-I)RZoj>opo@^alP4zI=m3@w6Ww|m~V`LS$zs1}XEQ)+FS zE3Yxak43L4W)ooY7W8(}tJiV)46!vgQmh*2To7?WO3p%luC8a~wM}cwuru6v)wBBCW_gP;Vvm2$oku<8_Ljkli@6Wk!zPo%;5~G5xf4)q-UtjCc*n(n>*zeXd?Z;xOb60#0a9sL zRB-9~(Y|sz0eInhNQD`-72+J}Hv>?Okf25mY?<*I( zbRW%px9$WdhE*VE_gxWvbhg}jHck87#;}Kv?JqvaFd}+rgi(Hx^&4JF&X+K7?y_TK zV9B;S*WDhT?A$F8degm{DxMr#I*Y<&}eu%#*=i$6kfbo*J-X8a1 zQb0W*2jK7#vGk@3*fMIVX{nh`E+B})gD^lCAfW~v>V1ug;)=j;H1yamj%+7t@~#Kj z_u>>uo80Vk&-o{u>oU0gK+!5e*Hwo{_}|nivT0T)Fo#r@g_v zAj@Ga)>?rx|AvHx0{dha*l99r7j}!ZK(>2K_xyi5Zd5aGuMS3oEn2oDvNF*F1eHRP z??yrG$lcCejJ;S0MOXUu(NNn2DemMKn{PkSduQM1>d3Enfs@fKlDnpP^wT+Z{Pon? z7f-caX|&!A%h}po$#b@cKD3+t#V3piTY00a9lRUoI|?L{2i{lGb5nG51U zNVu?q4eWrzXEs>aJ*JAieWr?~ez6;+mAyjQLbsUpMgH7zso!v1c=(7GOd8W|fAD?f zr?q(v41MYK&-?tn#-#4Moo!7PyiLcM@(CKE7ZYC_y}`tZ&|Slslg4N$#BQs-d;PgC z;76#wh?F)ny<})gq0iBTx&}ph+Te!@BJC9*)N2S=lQt*y76`|MVSa%Q&NsN8zMG@0 ztN63Fh^Yf0%r(H}nTmVU^|=7YDZqJQP1$>Q#-=qF`KHwQ(HmwXk0IVoao9z_;^8Ih zSQ%+HRhYx zF80@Y&VJz9X88PJMW+4*yHz4v#LX|p%6RY*dx=$Xl>;|(0Cf;r6~K&)DdNK zPTFQ*pBFSN@JNYtQuMT91r65ZZ;pO(I?KJ6FTy1t%i{9ARXct-41ImG!+L_%oUqw+ zkn%Rh(J}Mdw9P_h@2e%-g|VsxJ}&!y-tcu()(wTW*N?6ZT$G+_>CCxj`tr)TCv!p~ zeX(vFS9&VjdMV@JL2o}7M$tKJ4Umcc3!k}~wpsMmQxYy|-chVFqCJnnP(<9=q88q_AFivw@L-Ks`|Z`=49_C&8oFA` z6P*l;Qdz8INgNR|a3Re#Uhk+uLx+I)kN>VZK%QX=5Mme7zLPup=U+~wLpUP#lOZSe zVx_Wo8*9$CnqF9C-M*X0{TzRWL~m2<<8(B`;&j*U`weo=7-mb79AWKZIXPGFxE{N@ zkqOe>{4KpS4u;(ShQ3HETvhP&w`RY4z7XiwZ@cC`=SSM{&+d6_wp01itu}tRWq3FhLQk|mqd=HXLQ89j$}$Xj?vax{Fw*Oud-}KX zJt=Q&_PuYI5{^FC9C-d#B1UgI1mVn}Yg&0DJJ=2+ciY-&y`h`>agDT0LeZZGS1Ii- z1D}q0ufY!_-~#9%OcJQ9X|1%;ftwxZ19gk{P$#}QbEBT*8)=0Jj+}?KCZ*}t?nvO_ zNEJsZtrt(UDjjy(WtD>_hG*3auhm&izmeVQxQe|@Z-nzz)8ok5H4OXI=YlJu+C z$JA>>XIEknV1E#mEgO*hMmsYJ6B2Ve#pN{R%6B2jeq2o44JA@m8rpYxQD4yg2!48! zY9t7przGv7qJzb~^LJFAdC#!08|&NyrTjUy(W?~^h0 zYH58p^Nt(k3D}+ zF_o{p7)}PLd0SDp#(w$MdV!{*`>>+Mr)eigTURYC>wXZq978H*F;xDgds=}mQa)h& zOh3yYBxa4p;pT2{;l}V)u*rgc(23EvCvUe-E`0Jjf)%fc;659tI)Pt$wjcosS3gbv z*5SnWSWnnNJ_Z!Wv)0_#$d82Kd`*b1S$my|A9X|` zVRYLAvb-F^Y@e6^i+#H9{gZyGzIdyN;T@;mlTfD1Hc4A=I4e9&$Nae|6f(Y12?}+I zkX354Uixic`GSl56Z(5P@p|9RyL9ziK3Vtve_hGuN(N! z=*Zvt&z{^-3i)hRp~KAXS?Rg@C$sGO>J><4zSf883c|NQf>~+5Tvx3=P9w&GRum%n z>l|&Gp@6{$#xL+&uQe#Qt-oAIC{w2NEH^W;m?G780*aqW7_Oes{Fg?8 z^Yl&sU4qT&?HqC=f3BAeBK6Wti|Wkcc+`wuZ3bOYo}eu~EBC`U$nf8w!DP<3z|3m)1BT>O@{tSlEf8_9}IGhDIayM_&|Dy{z(*OMPfHioy zz4D`f9)DL1U_&8)cjPU{KchpxCd7XY5~v*>?B+zHYqj-+`?%P(p1>4yQso7d+xHt!`_) zzL(7E;P!T_Asr{UEePi6R~0L98CZeuHdp=j6WbY0K-wYi@NqbS$SBjGYhuEKq+JvSr_z(jxc~^61xkV(qYC z0mF6f!SfW{QW(5}T2@bvCjq+&{eq->${!r1N?OByLZVD~AaZ2yQw~_AmCSs*c*4vr zxapR@&g)O&H(gvAeN7;A!}Mb1o`)R>OYPy(W)qmy!^NnU3ps~=wjVyz$$R%a{KC7L zE9VnbbKge!@W)rsui)3oB}md+%^?Q^?(Aoc+QUxxz&Mu!{Dz zF=HR2hTEr?e2LofH-@D04K;3PQnWgMc&o!R^z&|G{5{H6Iwp!*F)9K7yXTpA?{KjE zZ@WQE(>bq+z_Y)P(8Aq)!z}Oxw5f^2AjzkghxC{tjs{IlLG8yEFaLNf%g@hD zx083VF6R0Lw2o6jU^k^-!7Kbtz@bl;l+2nANoxYo)&(Yeb)hH9$J>VS2^b8S zJMnMb0u>qX0|?gIruaCixbRfTXr6x zr6tE@k`ouPT%GJwNG!5TWj45VphQ89SZg5{U3a@QUO+nmy zQZW84^IcCbeelcylW}$1>BKN26@uVC>({V6< znb2niZYm%3kH~!FZS_0Y*pw!P54@&lSKL0D`O=}B(X1V3H+Z|ofa%YW;vC6!=&&He zJCbW4`)p3&?#tQ%-=}W)V=gsuW_Hf%g?VUsY>1Ahgx<;+;sJTD^=Gr=?DB5iwJ^{d zK%UbXK2ua`d~o;on9JasN6o3b;CUourZ%MP<~E~Jmd5#dK;?b+V11P+Y9QB zpZ={S$$b#{fb%d1A=tdW(`Ux*`jLSkYed(BIJ&u-IvSV2IT7c+*S5(MlkYMd?z&gQqS_EuVW zeFvEy0G|LhLmVtYl%_(k_a;T5mtvf*sJv*L*Uu|xnCudsLcnK5R5ncv4$+I^x??zp zB%eyNFAXJJn=zHa^zYllUZ$Z7n-;lx2#wi9*DzFP9noiV=Cdc>bto#vW4C&`_BAUV z>y*qbA3EaDaHW>1HD5py;;qn!0EM+GBQ^7bgtqw=_hK5IW=_waDT5gM`&65AAO25W zl7v(Q(|l-m7V;xs87&kapsc%MY$v0lK!V%%lG>=?>dr00~iYaZ~gM=0G z<%R}HTXP@fey4f}hBbF1O_<3duD$t$TR6R7(LV_xnRuIg!FiWXI5c%buytPqYA*Da z{J5xRV<5beL)!1w^>}J^&iySdgs>YIv-xI`bu;e8;O*#-*)YJmrFaMi+(!}rJ`6MvW{G%esw%L8{FbjY0kIdg6H+pICG zy&@Xj)VVUn-ZG7)1;6&GwObv+Hre zmmM?MIJ1&r?~yr$2jF^(JbA^X;c#k+E}oT*y-ev{x4&rkh|Qe?8+Jk}(Y)`C=pt3} zD{|L#UlEi@61~)$Ku%j>jBc$|3XvMC#{SsQTv|@WX9FkTjx9HG)?n8;yjxO!s9K(t zwuW7xbQE`Z>?6g%YhzmQ%_S2@#tj{TKs1h)MQ10#Y@IDEnSV6CDLAy;Jq@9rW`^pS z+Op4ro-<}u$kD6oNOIh)ZcQSh$d&cv6Wl)>y=cDO7TAAObQW%UK8}vdOeYazdAV1zc_WWF&MB@EMe^;T%%V%`k#%5H8 zinJ&crg9nzFEsv9ZsH*<)Z_mf6rzM75L6518n_@(F1187JQD5t%k&8FjLekRGUJqMqbuaDd=6b&#Ma(H5LpniFz@Mb~i;-he2i>t1p8*Hh1WPsa!IeT&9^asW>y3QqI;i~3t z*I(|<(^(dP&6&->($jJoEWFp^2qu?Ij@uuXRQlw z3Tnn3G_xcXugdtkhL;YPm0URcV|3iixvP>AA+UDzDn#ffPs7JMpnM76g<#+Gyhd3p z=NElt#-upuicy{~wo?PX&z(e%#gwV`S$--@bO#CGZskk)Q#~sA@ZMM=Kj1}1bV8~0 zAxHlEU?MB9}`@g+!3shwtFd1@eoB`d?FEo+yaK@ z$KLZ&d`iJOKeas-cK0ItKi#|`zQ@(f-r&k!VMe9G&qqX#OZsYv`r5{x~ z&zBd?kmljP)vL-!hie*gI!o-IMkxmT)v6=K->n8#jXWCu3pVJgeOPj1P9#@`iF)Jd05DjETx;>0&LpYIbDUk!P0^r&UF!zJ#q0 zrVUynHVPKVv7Le0`{W7u(MypROLc>caHnAf1J|!QqauAa~pyf_ceYYQHzksoBL4Fs{^Khxk^axPV=V7?uS{{ zuLDwhfoF-+sadxAsLt#?Gv71W95%Z_%Pg6`W)gxdm1l#^>GQT#N$v!tAm!l)@fO!v z8mjkg31V!Qq2&BLwm;@s!$*~B8|dU0eeDXajO6#>9<4&> zH800?P8Cv3d3Yp_C~=AbsFIR-M~-fnH45g$oy7vLwheA)$Y6W+RJH)#HQeR0~C7Xo>r9-26Tc7df&A;(z$k>M&Pk*8r}Q|D&5QHb|?9$nYmPMC(Gth1`8`Q zhBpMK_rXt(=qcdp)?F&!ZsCST`zVwY#&S3S6;K~1B8z2M)N1j}gQRud1=dv}e%UN! zySR4!#qtA;fuz|*lD%c;?P{gD6K86wE95h$bR_T*h(oSTNg2xTPl6$(W9c(4-UQ8- zYi5t6E7Z_kn~z7pNLZwZto$Pxi(kZS8Q<$~ORnS17hF{Nx|UiTy|bI#>9dpNE*NJ{ zG-WrbB$az|m>PB0xcqhE%?{nUC+jz*ufcX}70+ros!4!F$}Ce+sZX-T zlEbCyNCUEr!uw$4BJw@sop(bv(frGH7U!S;-70MlIp?E)JDx)fZUQ~#ymhAKZy`^U zi|G(agExFkIU-|7VmSSq-M_d1zn)vsw*76Faz}ji=SgqTdDJH_Qmt+-+n!{y`qk)nsZLqf$hgh1BU^#cYBPm1TfIk0uTE29dkV=k(FA@_}#7?5) zBdG;Im{{jvz`UMlD<6e6Lf`j4+1!~cYpU#1Tm4FoDQ-|MSWsVeG|qUEW(H0dTBV(^WV2QHtv{z2bLmk1ob`5 zPxIwn^tHhjbcUg3pB8xj7Ea%B<3bDiiLr0RZ_U8*Fow(I@;qimH7Q{FV}}N_u{B-{CWPJkG`T{ek@;yoSTYfjjIa1jCIrnjR0P^{hJiL`KLVJ$#ZD1Qk{hfLrIt4 zFLU+A{d@It)-DtJ7rmN$bHndSEy=MhE=n2q z!iePDJAKdASwBPz&ZIS3$dVG>$l!vAeosK~_gFi#cIptPw{hPykOMZ1hMaD&Y(X7)_NO7L0tGAf9ho{6#- zon(ob<`gM47C5K&(&3Pe{6|Gi=L4AMA%MkUqwy}O2V~>AJD-YZ^ocjHJ%ohx={C0oM-gd|dX=B5Rn z7xchk^=PI#$sNceK^9*HfEg^^64L^U5rhrs%f)^Rd|{!XFXa|LY-MSH(s!0&Ckv5#e+$}^^jSe_H}qI#vl z(p`LKKuO)|>d~KQ`0I){p0U;sX${1$59fWk>Y9Vld!}@5#{Qm$a`@m!`>}J2!K|uh z`B6P*s>k#6en5MS@&e9k%-DUaLa;mzJ4v7Ha`;=xJc!_^G`#~jOFeTak7yW4JJZQ$ zB6ju9Qe*E?#AsTe=iF%c0jRS{2SCOtmXDHtTZQ!x#*B5Vhx-$LVW+ipmy^*GIpCx) z0k145B>gWRjXV?)Oq))!iUx52VK15`BKhNuT2l)dgDCf${ zR|sw9g$SLJ6g96sF;GxWX7+l(_Ugt^-a#&^o(s69uS8nMy4qRzlTr|XD$qLg`dT9r zs(x=Gz(7TP40*{kejVaZN?V7FGWBB!u9LWYxv5sO#@y|Ai!%;KpbyN{OKq_r<%G9y zbRReTM<&~UmP$ta&IgFQymi@4qoGpY+piTp39F$~&7bDxn7t}JO5=~wFs}TnJ4-MA zjVqX6G5CdW@sYJd#G8#ip`Usau2s2}A2dujZPfnq&+peJrW`Tti8txM42!mVmdFr> zy|zUanfy=PC&p9No~HHWdc0&x5}h}l_>#C;GnrebP%jok=FJKJH{s1?ywB$Sxs!7Y z{^Qu6YM*;YM3xJ-#1QcPN*Yp|B@Soz$|wHVIQ`R%<+#aa>2m>HOV!OGhFk3kk2UN( zV4WKLS-ls@oW_R#iPQN11?Jy>n!8x2n{N$Gbx1Sg^vyk2pj@bN-o(7}Ky<5wT`TKZ zu%HO~FKSuWk=P^RVZ+r-js?DZWZIO38i{c23@L@%)r>e77@MTeb$wW{(C=BU%1y7F z=x*7sw{hmk9C)dUma?ToAzyK(bYl`dSSw0Gz4W~dZHU*EV6j&PCc?HI6M7au^iFey zWzSM@+G_8VJB@B>luJ!@qra>z;!XyC!)OJ3lzMFjNY~yQn{rA@?W^W^t!k~ z;n--(THe3acJ*_T`d|pTvb4^d8dTrSmzTk0*8Nn!%g^|-HfzUUKO=qrg zD%NeqzvTr;&Er9c1_Cu)^dh;HhMCQ#9VgV7E+~B-TsUl8cs1uHTIL%~S-`T8PP3!t zh3e~1N`p#1ZIegGXLdmOeku+@bd42}N=4OauJ~;6V|X|>#R|v?WV_9Y9|mG!A~Mqz z)d&zz(O`t4h-&Abx@Fc$zA0+DO&n8TIO4f2o}E0?t{_3uNVRr-_V2FmsJ|8<#>s-$ zO#%J+0J z3|bTl@+S>35LatOU3&>E`9hLY?<{{!xV0Mrn-2an6YWOq_=XeqcSD( zZ=Jx*Ldb=dNQZzCR{aJdB*kh^Q2~*};plNpVc_v6@2vf#BpDqx5=Gx)9@-alW4VPt ziPeb4apg|i6ZlsSuO+fap{G+CrrU$s(;B*L1P!t+t#!Xve(R3FOj?~S;pU~A(KY%c zGVIRK#Qq!-8>KMvrBVIPoSn~venz|EL+Qhi$fItK&s^kO4C2N#mC*wR&Z-jD^qI3h zS%>e?FlL#*m}i$Pi;n1+#&x?kcl!?2lhr)Q@9udm3ub zG(W=jfnxN^gEJpSqbqjLdxr64V{*7|bS*NU7Qum`2uNSMKbdS18)@Eqt&eO|Tl{!H zHD>xl&YT_)igf{D zZO85!*VlYGWK5f}6O_*VW0wi^Uh?If~r>zBC|Qu=mN zQ~hBYcYYbV!zsk%qs0IZJ0!9fDs*SA`l6@<;cNYqlQ599-AGG2yha+<>&!0B=?JTh z;|;r85=KDE&XS&zcBku;=3d|j3WC4JOivVz5d@KYoW5~219bfzyEjQjS?b$TTbHA^jZzpBCiWI?Z@Y*nAf^Fu+B z4xg>p0||$CKIFnnN%#6Y`>wlKaWx~m60XHG!5P`f#gLIQ27!Wi4HQc3+T!t6QCiP6Tk8F4VG87YmV9*GU4>aYyt6^rwgcb-xD1!LMmY!0hmz41(R z%#DZpGy-bqSp6$BH$+&eZb%k5279qgs>&+O}6LFN8VKsi{(hFGM*whGPe(F1DH1)rph*Y*7WUtiPoD? z&9`M3rXLQ_PlH$pKtb|FSi{0F!#2(GN)m@9m+A>LZhMREJe4f zXl$YBeLy>;w}HM$S2 zfCtBcUKpc$vf+M(u@biii&)7T#t?iN2e=^p4uq-BvaTZQ`hwh5b}|KMsai9zF+qY2 ztE^f0K&(7gu}N&Ea4re$iW?T4*Xn{ZJ0f~z0{X5jgt;%bn?1{uu1w7HVrWOwOJDbk zyJM`bunf*i(ja2P8j}S?rN>P4f(+xS`Pug@93 z_TXE1$Qpci%T52R;}IZH4B*{q@Qfad+jN=Y9qqT4|9t6vP1uLg&d@9U@ebFY9(!N+ zZ?yn^?-pLrd3f&}Qm-D^$7_cGiN*YRh(Ruh{JD@m`%sBo=Cap618&BG=JEtzAGXISmBl8(D;0M40EyQd~}6JdF?r_#Fy6vG4#?!z{IKD*=Dx6LB~ zgSYn>mF-|wQIEYS%|(S3cZ|a^0|xd#^wttj zfU|0^)MN1W6VKG3_x0DM+l-Z8L`kuGQ?>FabZCix+FpW`2j5NEsn9cfQ3F-G%b)oH zWWa&N?mJ!9+jNhq1#9AwS2|LCsZqtdhr%<}QX$El(#uK8Rcbr2TVD^0p?I!|->A~1 z*{s#5!oAfwi`!FGYs7AEd`C?OC%fa$v);nF3$I}2(W&9T?bgF zt<%1dkU)f<+=X3HB0b+}vOp|QrguG+h{oi)1Q>JBqjtI33O=tiN^Z%lG^DeuT^zy= zAmD-risD&LX=J?FKAG9Hy%v7LEKX*A(Z+ln1V**CRe_%UGSZ_@$iMPh(?v74LD^&u z7#BqNoFIQU5=zxE&bo<}U}g^)H}$1JeNjH?6|H~@<1Zn?Ud3MJ$FVTuC?H;c_%3lj zy|MjqSNF#?D>B!B|Gw|8fH909DInxGmrcqF$k{cv6G@&)oR;ajNuPgldreC33KM(T7;j`4grNAN}EqG(2FOQ*;_K6dy8=&m6CqT zka|4Z-dcQC-J4rw(Uk%6sG+)JdS zU?af`hB&kASDb~H*IqURd&}linW3aBI^dbB4A-RyeUmY5@b{q(h_2kk>L9Gk=S&y! zaYR_{86QHI^meIQvm@RVJ3xM^DMO~M9ihkau=H!N$cKqLXQCenNmuDhProG>@gt&% zb%T8DNy=%*v)x|0nJg8XzfqoIgt=~4$C1hsCE19`oU|;(Leu#!?e&RnlJ~UD#pi0y zg_*25O$ATfVUl&IY2O9D)DpILhK-th#*!b8kXu4>H{K6*Y757QvT15>^xZKvjpshe zK7!Tb@jL3f4%InDO+r^SGofF$b>-g7PscC8B{aGOYcfrG?^mny4I+5yFEU5oijA+FDdcu{yuJ^B#R2c;6WqgsUk?x*94nN(`M0e) zk270V0#-Bx_6_ij{x0r}LLqfJt`eb0xucxqgQ9QlfSxuSea>Y2RFd-?{CqYZda^&{R{oUTgqvA{Z;O!o)JP63`01eKwTWa}f*kTsIPwUGWun31q z9ZSS62KM*vR1e`QOh75+yB#Remkv+{9UJ#6SA;Bz@WevNYwt-Gb4Zwt<)?U&~ zWQ<=oUUL?={LuDh`RH`_am%h?5MUpd%i*QCN?PMa$~oZ*o*K@tV2SEJwnLB9#ptYYLq|)}#eCj6 zULgTU$|K3@EtOPi`{5Mji*k~5C3d07AUtY7eT)gJ9r^!;jX1aUU#fWW@Mxco^MdCjqiTWUa@J#onduf?EZ==K=4_cFnZrs5i_Ik1} z2o}LobF?T;rs>E*jEYKa@5Zdvne>|X#Dr%cCxsr9wFQ!GyYRUpH1gWI)aPjzHDu48 zUNHT^i-UJ?;@~_X^VhGxy2$pI4cq$QvI~DVhurz|`C;L0&l_m;LR9^3`*!0;WYY`r zBbquMiJap#XHN#}$wRDQ$7fpa|3Nl&{y{d`gVis4!K5a*GB}U+@eLDmbS%8!NBjXz zkUV+k%;)#{gYCWB2t{COdZZOwGniZnrttPfu_Uy;vUJI)&}tI?7?kFRUtwkgBA1qISkKO&Vb^zGVs;Y@)A(ayDTh{M8HwM zIDww~dX@p?llp1y+jN7PHMFKcCE)yk!}u@c(q-tkPMt-oMfL^NOz0hxF0`g*n5_TR zkehl4=|9<{ggNR3uoI&fJn_TvN4Y~|&aYx#QpyQwdcBgogH!E4C1krTHf#Q_4y}{A zJTK6^9J}15qvU>3bi1|`;yHI3RtvLYS#;>l(1LI9sX_+u51@HPIR&RD7&-00wyos6wOvZ@papxE> za6AHVCrOg5r9FKmNZ0m;B2YUAW*xdVtX@&Rr1o493nre6%g?(*Od(s~=;ypA#0p)A zi#bPbOxd;^<8ZGh*G6#s9|@BA`(rx)cs&rSoQ{7QNlCDlQ>bfVQTDu3SXFcqa9dTa zac9pX+s^~JEr)*rL;oqe_Wz4{0)ZjdJO36K>Ipt8XT()~i|`?7ZM7~x{%dTSl>bj! zwKp-q*PjI%qVr~F9p2dy?TFoXA6${s6Osx@;fuIU(w?7%-p!7r>qt#C|B&>n64B>O z4?fiZYRMDBmq;0Q8A;+giRNKd(D*Q+2aN43OozkL`A$g!FI>Tb60Tqsfq}Z$ME?9O zeE3JP3oRAd0-fx(=5Y|ZQ>Rrk0S@jkf_i|?s$}2ETGDN_8}0MegHO0r^ix#0nz%707Gcm%Us%B^@{>3Qz7k z*y11GNKV;*Ums&spFL8+3PLbH{DkM==p~zy`RDqS$%e0?EKkpd%;hYAc*@B^ur$hH z`6aYw$8m^QJ&pR0FuhK1#Sn6^?_hHlKheonyFoE*!tKd44Ks)(CH@^M%25JEg3^Ks zvpnlCiOH=NLJyMO%D4ALZF1NdSNDh7!Ui<9bKhJL=TIzP0N4Hw zOFDI>e5W9n$q|?wLVX3xKH~?K!Q~Ag{N#sba!zrhd6Fq5)($9{9 z{Se>!?qb*zOScQ+A-ada$ol9sz!Iu#mIFIJ2=XlP$Bi~RSRM}QEXzMW#v zqmNA;|31vXD;K6h)_UZJpu))a-^iD5%7~(F^{%X=>|!5{y$e226szYJNc;X;upGNa zd2y39Z1YuyBM77n7Zsn){0;bEvmSb~A@;oR=Zz3*qi79X*G-FVg8TjZt#84yf|Ebj zJ)ckWzWY);v!V4T2Y7x1yt^m8la3-jc>?xCW2*1186sCMON;yDEcSwRj=&5AWD6J0%nA04jQnrT z1pJNMT_?c!B=iiannKF#s*l3I9MvSJs!u$hp7)u;=7)FvZ9|UQ;0LT_;sJCz4{-9| zZSlOvIOQb3Zw@nRf)RxQW@c z|Ms`mftL^PQ|Xz#yrFJufv=%-l#!aGVnz;6`q5*ocJ=NCS5}Kcr~q3lRMdQ zy8Xc5bmEa<>05xpC2LH%fX%2nMPq2OE~A_gW`c`EbJw?-iH zxuaoEm!aoRGf=O}oLx3(=IpSFfygglMea}WZ|Tp&1LbT9pRUeZoeGT(k4+=@5||d- zn4c-F`*G@JVIF#pKkpPRUmF^l$_j0XTt0C737NX`2<;HoQp_49)2A>8iG#2k`usdD zKSkwBCQs)cF~>eO<3X5$Ys~Fw;)xM6>|1pK-aTUH#%91iz!s~Wox*3&dJuz3GN4l- zlu8CWKXRPilq;tNG{=9D7I`sQAIYB4`P3MZ2!207sS_ATjvZ z@yL@GirF?~T#mTdpDU6t_lqPJdia)L5U7!Yf|`!Fgt^%`7HNrIPf8DbjPnuo^xqB$ zzl0l{crF}fYu@rI=>0D9*b!~nL+Im74~Q3d@+P{h8d3CsA9wxg`?Ib5FV8HrcqbY^ zKivY!k;>o65yu)15(*>owtCAXv{+al*yPFXvN=ov?q;InKepXD>7SA8oTXUFbSKe7~=fepvaVjX3YM zHmjWb+2T()u*3xyVSO*gs<-MG$a9MOF?iZJ(JfdEIrBwwvFnvCYc29IrlVY2)E`5J zG>DOSS}gw-wfcLbkfS`2m(2spsce#J9>!+raj5|b_c%NkuBzeRoV@d7$mhCuFf8Pi zop27osd&;Q9pDDkh>64Zu6;T}u9Z~UViGRiYo?xr zydCs;dq)|pR5n$j3g^7T9A?Octvk-sJi{n|pA|Z(d>!pIIdBdQ+h59yRQ_~c={QKf zM3-}b>)|k}g+o?X^My`C{!8c#LUL$clhY$h9AQ+)v z;BOm_5A(&}mT?*zu3>CA!lh1(#_Hh6VnyDWj|;qn`D$1Bner&KC{tOMk8uw`Jc#{DTmuLX;u=BbBHA-7Q|>DdTef_w z3fZVzg&Izoo(7OUrZkKaR|j%WUbnD#NO>^=t$9BRZ?ZIrR2Z-5^oP}T^6<8ktZ(kP zwj(E=O`IF-TVyk?)~9(KwXItbM<{(*nin7kDeDbHe5&*RSIO>OeGFGbk%2 z;-bm5a>|nNpJxINO=FHa*WJkpVn4&K*RC|pmhkYfbv3-8fd{da)XvnjiDVVj;Fpwt z7{~$I_j8pEG}L07xQ8Td@LI?HRgFjnIZxVK?y%wZN0^za98xL$r;-Pys`ooS8@WtV zP@Zx#@dp*~ad{4qS$2Yc=QZFYQy}Np&d#ot(XX9xXa?}^2S$Z%wO83xMxWR!i1F0l zMKQ63F#Y%Y4Fp&6#U$1*bmT zu}kQ;y(eORyD^dP+?w;VA};Qul>+McH^JTUTNT4y{r%(Gv=KxGf+z$cLeQ3v*m>D8 zpwy4M18-{oZNmY3hdvtacBNMMzg9LEP`CwafqNK<-h7~g4^6C}(0Uw!wtO*kQ z1{idUcCd&2`bOLSC+xJU^^vD(B)g1Xou~K&V%Rj&+N4`#w(`~7w#Mg2z0wY}lGbM>g7^NRyu9ouC@)vAtk%yEqqt?Wz(p<~ z0ggP_nR#}&O*}_)X$LDg6Bm#~3r&a4;%S$x`k7LNEIN+RF_EHu8q%L1<)SZs+i~`Q zy9^>0_uI`EyaUS~^Dld7PkA-ogTOQf_aH=W7Ys5+;l>zM7kNJ!9~?xt3bjw%=*~i| z6SY6=7CfOs)aOaJ%sYKNdI704wEUT2EmQf-OX>@AOT_qu*QKh1GB!5Khck|Y=h0B1C*k2Ki{dqWp_5;Ju=qq6wiK^DC9=;>^7tjLT zw9Jke))C7GV3#e$df0zX7B@Qv%MzQ-gW+3l9q7WVZRjPAEX^WJ5bpt$^o%pHfOIEHbiiQKEAHZ4~C=T@WR?QQrG-NgYq&=W%e0!vp2^Bl-*T11~hwSnkQX z--8|2@duQ(MKts^muG7l{4ZFUgR0uN-GEOEF&Bl+H1P_MS2=(oSPmsQA%ej*4&B(< za04c|1qUUbq)@85@IV%TxNdEBis}>C8KK?7_Yw9+ySpnU~<8V~7p-h^KqH`|RT?+tScZ zia~gz1L1fEbU`Hyx{}TOkvX*r;S%qf^z-PznRYYtEjRiPYE(uW-#MvyZ!7M^?DF2B zD~~{UaiDA~U*7MiZLBNSug`c|bX)j(^DCV9#^!w*T58avQc7x_HS%Pssy}sRkb+z#owg%?nQTH=XE%YcpLAI(Hkr~87;Ynu36;C|i`nhVme zebcM{edk3ROKUJ>EpB{@Ic@3a-W}B8!)haN_yd0FIAl1B-v|h$`lYMvYr>ka+1_}a zszJ}FRS1ugk$4C5z%T91iB2U`?crYl2v3X&61v_b8svrFuO6y`$KK5yevOlCtnr<6 zQvL=_4s%)ZN`|N62B|OaNBJPt4ysuR#B@DsVP74zrVYj<(2-tzz9a=OGf-~eqKLl! z(NrvdZ`C}jDlB^*q+7A$qeObLy!$pbr-RNn(EK^;uE>K z(1vNz5T@^Ta1Du0+WTKr?R0msoIt&s1CAayNZ^b^3>uEg9mxT}(Z`j);(xf){(YuxgoPTap8o=R2K=q8%Cxp4k2w2|-Xh5wXUjbz_I2!EC>uR~#lm); ztS?lI;%1_KX!0^xrePV1WXglxWaSMH|I1enKqce>+>0E=eM__Z2dDUZi<4C<34D4t zG;gHxOu2T%FqtuJ=K>2wj$Z8L`;WN4plw2vBM==w4C8Klbt;&n#(OX&CQWPm??o$naGM)ZWjpUILw#OH^+OJBx6Vc0vHp` z$bw0^WRYt>Wv=es7_QiKv^%Iqc|CgJcFef@sofl2QuZB~)pd*FJQP zoH@@uXw^KUb=qEFO1=!j{ss-Xt9888zxtzaJ+seklB&_!c=Y!&^)8d9q%!rTx~6{=aQCn$ z6>$GoL;nlL=nJlk8^sXHmRh46U1?Tf2iRZ^~a=;$J4`scXW@e3FGU z{2bc^scP4NwIp-oxD;@-|HTW--OA+rXwioHVhY|nPU=NeNXEnuf>h7U(<=X{(mywF zSf$^!=MUq9ScNwOY1w)mN|#t4&$oHW1&Ks$gcd~u1)fK-7}}X9Z2Fz)kUd*!;Z$-1 zN!vNLudV2lpY5v1x${Ih?tmr(&!o{2T9Mu%i|bi3+WQyIPBU4aTvxi^tQZsDaOE=( zPBhr%?4{>73(envr_OzoyioR}+rK$H=(|uO=={6Og7o@ZlFPzq!CR82!lAykzKY~O z@SmT@|A2|fi>lA^_#>5|J*mS!$0pY4JoaC%=>d+o{OvhoCnPc z03NxUVXp`!L$2^sK>K0*+?G$=?v*w7Tyk7UG|?*$To4)&TAqm#x(rXUa1z{FOv`dp zFtiu1Ny-6B_+JiHxGoqHc~{?A5VSMs(tFdM^-8sQ{-q9*O5x|dcd04N;)w4%Qf7U5x$*I$>*(9n!kK?#DQyFOLO>au>TiTc&z+@iWfF?p0>-y$uM z=HA7oEs|0fe8Y$Agf2s+>BO4FjJ(o81*~(^9|~B~nyF?GX9xT&s2)pYdLigkT3b^7 z7Bn-cR(&UQd>4HleD|c@3B@V`lVBlE)R*$$D?8qVqzabpX`=qz{i6rHUZ=aa8LSjt zTTu@jbA8-j-3|bK@9wBPd%3mKqmd3)`9B3#`B&WOoUu!`N}ATEeK=7&a363ic~*@S zvPzVmo>xNM-SGGEN9kBy3MhF)B)~o9bRAoE#u9?}OA<}AAvo0FW#h-a9(@N4pUXmZ zAK8Arv$gdZhHxvKS(n>@K_GDdOF}W; zAjBF8O0ojT@wlijN7m7|hF@s(AL1y?&XApx15lA=@V=w3P=w=hmVs7~BV;abVRreRl z4FC~!OQ^KX%QRC24Zq_2Kps19j0|PC`--g@AbNc|E0d?N-k7lHGdjbLf9ODem!fBo zWqs$fsGr-h1}UC_I0aX@@>YBcs_Lfb)n)muK`2(oe>-iOXZOnJ9qx?Bqo&V2ZgQ+z z>wDohT5(p6qkWplS2S5@Xx%=bY}PGauzhsm!M&N_;nBjzV< zI_I&%7NKNZHz?UC$eOnw65|<%11}~xSe~PChbw<L}{=~ktLB4H5$WFdR602{agR@`U|vsZgY{09q*Mt`Gn2Kyal9v@9s2Exwf)FCOGydX zovXrRyeVG|Y55(0uLaUM^N-pZuce0opfR z?VxtiyC_vj;No(m)mYxJO%sQiI)1yxU*-;0zO}7yHcSXlS`fF!@5H356i6g-0YgKi zye_+Z5Vd^Bs)L{n-vFe(F3Dy~N)DLzU!7UtTM*D@+<*e!s55X#O5?Ge)MkL1xc5Qo zanCC+%y4JdwX@#CR=mTvdWtY;SkUDl+d-vAsv<#J=Snl*u0n#bxN;~_#|#6d*VPej zxVdraT3xNnwip4>TuRTy>5F4~3^nujn(b{I&)}d-Q$7XJBFzH2in9@3t22OQZOFjt z3}M~J&d432+A!%3-CnI0|MCfvJl*gk47EQ86J2-^-P4*y=;S8)O!{e>&Fz#Y&ka(y z>dB(pns4dfz$qW!+I%+6Gt?lWjl+L`HV6&S|C+{T5wopMDb)1pzNTF-Vdiun%`4D1 zV+9=neDC*lnOIWpMF8{JZl;L+94GldtnQToK(v z$P&Gd%{gOEPsfw)bz^LQfl{@A%WHivICom0C_9akPDCnaPrA!Xp!04d_ z{K;lBJwX&)WC67UFKGjlHSMvvC+4lgaGm(r8V zcTrz$U~8`My|qa=UTRH;T68_&yYkd6>&)vil{0!W)sNBU8M-YWL6Q24^Ok87gqfXd zO$FOfZ#GwS5vE;~^=0ih|Fj1}7Hi~Z6<2l<2Vcqy27}fgeT3|PAIx8?n@M^{OxZoF zy!o9BwQ7a)m;d?hQ(Iq!r7b20h2I|37xhEyc+$86Jyw>lrJ);(ZPy)pg=?>evj^8t zjnHbeyl!RsSoK)GjO4zdSdQJF!EFF}w=A2Yq-rR2HG)z3$-85#Z|^QU$vE7rUDF>- zc&wjaCxVxVn`Zp3pA}n}_ES-7?D=zGUei3*ZVD11?25f(;(K8O& zHk&KHWfG}E77x}pQ@(g8OL@GdzroBT-yBp}N}=eylA%=i%IRCq9!cD;1B%--lqe?G zN3|O=N$wBDp!-AB(i7&jy5aLJ{3Mr$NYLfMe(hklMEAfSsro|U8~hLNMd~pl34%SqxZ4<|Mi9_Xa|!k2viDPy4^dY=As#%J%YR` z&sHv$69_e^mW?T{DX6GYUsk}bj%bTls;axo<#$J>rtEQA=q(m$_Kti zgnM)_p=>Z55nA{$q`7;`EqRPi_@c!4#ZJ$(z2Ojs*`L=t7pf?Nl2{r=r!;xYI?5+X zFWimIyj}Bc&U>=9<5iNWw<$InqD;hN-=1Kw7}^&$$7GT>ciX%XAPb&&23u&0OjzDF z#B4qrf5psv(_xYslVEtG{nMG!H=hNHif*^a__-V>14p*AORg+bxTr`2!v~AKcNM%I zj93p>D6%c`JXD$9H_Lc1pK~gS%J7?+ih9l2oxkif1r+w|3k6K5|9%-1mo7F@x(_#M z$3Ba4y7|kRL?Iw9es14bz#5-8%~e!1Y6y0bo6%t7r<_I{Q8PP&XyPB8m1Cxf{-a^J z1NP8a^iSxnM#p!uXOYiHoPcNB@w1gxw4il^nX^-fCULf{r{Pj_KLeA4{du!zpP$t% z3PlrO`*TY^t+urT*6)27$2u=o6$y|Pr<-jr#3lV_NgvN_l7(%4AHErQrEoOx zF-hMq{^?8h|3=ILSyfn`sd!SY#Gj4 z17=@Fk5El)2tap;Kd6IbgJu)p=gL@VOZm!I8-kcaxEVkt)IMJ) z7#)qNT(Dde>R}XCDQOrDtUwa0i$_NCavd_sS1j>ZfmBr`_FhAY&J+5d`_YUF-oo*% zNzaDQ=lMI8zQg(|(i6%*MkKSa%XkpN z=cwcgBf!DK(~coL2&-G6DrBi@E=pYk$M-pE3`$MaKf=K1++A-D#%9}>qx=fW;Q>^z z*}dN@IXy<1zA2IK`SK-%GIA_lTm6Fgc-=!rfovy({)m0&kI_Vanj(1$L2)8azdA8n ztln$md>IwXstkGRTjS5EG^E#0tA`8uD=c|xM8EMxI10lsVbd`rgD!rgMhx=8?lo^i zle`Jv!)?V%>t~}-AJ2%kbxD|>6>ofqSY2-#aVif`!umDmV-ny*p3>&69@E0_kZv?E zQCgSxi5lm5K-?QFa7Bg-Q?PrT3p#M5m?-R=-Ro4j$q$u?+Ve@K4&(?rcu%&N0u`y> ze1>^?*IRr#hDin~ZFs`30bHoiS6Hu3aGCB@J{YbZvkXYoy)cjfC7Op%Pd4~<^jBZu zM)gS!+;A?dc`)t2PW=dq_d|j?j=}=e$SqI1n+fWnOU*A%6)q$g>Jy2b*t&EmKhnOi zz$&{l*8Nz_5Skq^_*_c$lN&r}|0yj!RIU3#$N#=}fZR(0T2^Ziq~I zRm3o#%UdsEy*~PUBf11nupf4*eOWy_8Z1|OJM#80bxWh>2+v>B^GP!QN zvkrfdH5s^sM!$^)H|{|Iz14C=uvyaXMuiLTULPu-fiHFM-gVJ; zFJi$oge)v7j4w?5~?+zB}lZ<$i*3<(xw_kI5q zMTU8jXRKBBwv_qc=eWC&kfEr6iPiB-14%ohcV+tPQGDOtx{nlg?I+kaKas9mbFbRL zEvs}aV38s2pQ*es3|1M zQ%vbomZIXz4rDX0b1YNZZoG^`N_(_uyBVGcBX-uE(9wV4Hf!=YSzP~c4j9pO}%xbuIY(%(s*F5xc0pr_ZSwU>D_y!|$WRzLdWC&DVtbtRRoj zt|4zjrggbt8~cyw{nd7b9qO@8I*_V3W$1-^uWQAvi9zu3?R>Qn1{Gh3E+Act3m9<6 z`mC1LY8e;mC-C@;I~IPE*$$$Q!H@Mrm*76ZOwW6q(416Vl!K5=|Z@0CdH0=;?uCn`vvPu*$A=6f>K87oDLHBJ8Bi;Q2CcP|NL~O`u>86kDt4WRnW-VrxM__;hE}zWdJwuF zGx5H4`)dfYRsOzxw{nzDT<)H)B3M7MCTqa~e(af_m{b@HjO`3;&MOUVo`HHt@ms@I zsn<(A2;zvlP?ClYd?AISn`8$NUV4eWbzQ)=6Vb=rR*JQ`@s1r_X5P3J1Xz6J?gf)I zTr4ziATcQC)_PxTb5?As4)fy&+*i6#*ty9f0cEcg(+IN)wgjg*(49Q0e!NV$f!%}3)9}C$wZGaBi*4;-GgZSXkMj&AL`^@x$$0I z42V~Hvg@)~vZwvhGna$F^zsdAh+=|uUBu@AFfK1Z82sE%(6Ry!#vG^P6y6Ykc2T~< zg?(WfA2On|70yXMg6+jSl#rF&r52nL^Ik1Bfl_#n!wzfpH@W6%gFm{T6iH{cYqAQfx*XqMpul zJVwRFq`9YZc7o;*@2sc5e<{bm2draFz{-*KQI%aYkO2IK6wiLk12sZDrL??XNyd>C!76`OJ2BFRQc^(8NCj^4*L6d zNM>@nCdi2v3Fl7`{mdH|$7k{<+?teH9!BymZ(p06oS+D$I3AhG;f`2?JMPphmlKN# zL6F@FOuW+Gt5RT?dQc0T2sBP`A4~5G0Ha?b8^?cRR#Ia@;^unhRL(L%dT`lfw z?8`Zo(IOINE6qSFE+SC~tZDkyCN4W%mRU=ww)A+M{7M&QAyV^tA0ikzHUi$N=zm-f zr31o=I0JcN8|}!CaQ1;Ky|e7f4{?D%>jxIBh+CM3!64<*mR)9vgwWcK)o77=j+r=AIeBb^vyE9+z?Hn8=#y&14 zTZnbeT8!drHA-?7U|&mqe^kXYoe#+@qd0`^XO02aZ#H!0!j;)OwjDW=$m{7uf14j* znY(>iPU{!<=zg1ozfGKHTf@PTwCD0Pdj59Wf~qJGgh3vf`EdP>na?mF^&d=6MJ9qi zL^!l#YPXvnUCu*1suJBm8PV|8?03p%-YJ)au|Sw88RhIalCn)`#k{X4#k}mKcPge} zdz;btOKoUEEy{e^FI}a2*OIm4vNO#R2(d7Q8R{e1;8AJo;@<{sE%-rm;VU!j4cl66)L-K-kiK=vQ+dvc)Jr!q`L=A zO!(sfQ~L~cneDNM6WU@MqL6u6ycki6j@dWF^c-6|%>N#@mdH;Cgc)!$x8G_icGOsohRIV*!tEa^L1Ss5|`0n;P}rM1(i zdGpqFf<3gx?}xKiTfezx(HPL+&leaz-DYaf8YL-eyCf(6V2GKi5_Y?Gf*7!@G9=Oz z$WeMQe#;S<`gF#mZd5C*3vuyuY>C1-Ymqm4KMgpH+o+9_YL-V`JBJz!)E!L?oj1PR z??Xmv;lC9}V!jEou~l!Tuvd+mIet{eMZ~?#uZn7T8}mZ<5cvAI#MRvKo;ozw{Zel!0De-^nB2i(2i3_omG7gF- z7C2g{>-SGTqc&1xt&>#4NjuO;CPke48?q|`+6Lj*#V{o;bH13Sun0WyfkH4dZi4Ao zh9mrk^?B~&NERwOE0qCZ15z`j#oRsFSO~G#3QN_r>NXC^;5@MU0+cl#tW=};(w4Ew z!3(`QOn8@PsvYi3%VxkLqPb7`EmGodPAgOFgvKb-@x$k4Tk&Tt^W}5f`zO`dB?^ zLQ^QGRMxn1>BF6D0ynBZEK+l`(A6kaVqpt2%YaZ5kaTMnFV&oQUvpU%KG?XK6ODY3 z=9cP4z|AaJK4=2i^JM6$vestRSG<>>)9T#_5B#z1=iK!H&21Fy@xj$mu=_ddvThPU z=(9&2!;@=UzL$N%x39b~!LP##$s3d^)qZsAp5K=@R=gGOiQBJw0&S)J$C{AS7>4y| z#62`-VumPk*Ozz#H8F$r{zA+QSWi^eaL;;(GXWz4@4n%6on+In>1kQn(s%f%t;kv! zEkh?1&|iluS5Jhy03`2uKW?(MN350e1Zewdp#m~0MGn_@AIQHwy?s3v%};<(bR6e8 z?np%uRnD+8kZKTnc)C+Rt7e!0}`MB^_6 z&hdHhtz{V8TAD=JkwsP^zHhewV(bFXS3QkaQJ6NH+W(EnqdTNJzyvz4pzP7(!>pJf%#P zasq;`ryWt4)|$9>261YO9&15+MGc~rWa{?XYa}MEt#hIRygTM~C*Msa9xNfWM|4C9 zIa02v11&i`xdra&UN3{qqU&Dwc+*#U;LgNczPf&+YjO`fU8{n@Yr^$I&+-`!m5FFr z{s>Co(-K?sz-`*?bOsWKPYQw`liE|t_nJn#)AL3>j&YptE@)Ylj z#WsS8wzzlxP3m|O3i$^;IRJ&NVauE2Kip3`GI2!`W&2$yMI~Cn>2$`^-m4e7g`^Gl zy1nb$v-PkQ4}>*vGyte9QIvmwmLqiFMQ6gillb-}5X=Gj2oGX5NJD<(GmlVdeb4p! zS;7f%E`aOeUDUCnA*PhGw|L6GlI9-!tfr{8*mEpSs^cH44qe5@ysI$8-@foYl{h@kBgx-Op?^Z96kNSY?@){WgAwkJ~~ci{>tFYrqfc zv5~wPd8P)+3dQgHPd{}+dfeq44&;gZv`BJy3rK(Zl?1-sR)s0OZU0UFl>HA~SP0Iv zQJ+n9=-OFF(R|Xf`j+2iI3P=0$_yxDsVg=vC}3z=RyTrBIKL@%P{lbKJ0?pJDS{VA z9FsGA#1U@v?wn~F`QZRgOc&pxbud*kcKx+*-K3GSZacN)JK#-Oqm%qLW@O~q;3y&C zWA$wC2WrX8mLXLh>KnZ+E^;0oYpcV|OfoZGRi8Os7YQ>Cxjy+eabM)rNibJN8eYKz z8UMLTqo?ir=b6q8U1}-5A+odUUg;+t43{a}Q!;+qFrwjUAXj6ueh(Rtnz-sV4EPE( zK3Tpuf);#Wd6-ki%4~`99@BoKTYHYI406TvoDCb6pg%SpxKpOU#|$?i@vHt|H5||g zO8Z~@YDk>&FT@u*%tH4Dd5zq1zr2p>U?ya_^f_xlaL`F!wBlLKp$V#F{U3F7Uf=BD zFl1pYMs&B(A{b1d2W{|Ev>3gYp>@9tR{mqhvW^?HSyTt;cm8nH@wk}DXz6~VTProZOyI$LHx_w$>Wu`oT5C{=p-d;5g`+@eBRkH%{41h~pLIl`k1vWpjsV z^&Fa&y{nDl9p9@cvKcf3abP;MW)TS#e&;~1YA0WnDZ{lZ516t=4}Ug*V=7 zKq`0wC2FL-2{0}W504Mx4jdiqp^lc!P;M!*Jx|eq*RfGb-ZR{5O*5?p%nv)Ei+!&p zDh@6n@Vxy`a=pL8u^Wj8ZT$ggQXMW;m^$V_bQ@D|N9Z}j02u1s& zk6+0Zo=ao-#}uRk?GHX}lqX0iCU=<6Y|*EN-)mk29?#D;sJf`!m$c>Ze(ctYUECTy zJ@e2qc5!nPy+nYZm}iExz85cNtyGVaF5xdS{B5aq!e*6Lop*6Qwm{QbF);+(Hjv^^`92Ppz=8S|s%)9u%!J8 z(@zqu7rL{ed>x!`J-ByWCJsmvzX6&@L$BSA+wU)lcPsrqTUT(2=uCHInIyqb^9aY(YLK5n0a32ds0-%?{f=~gX^EzRZm&g z1#4{HxfC8JSKZ3(&Ls|mjg5)y)qH$qaM`@)xmeoPWNdlg9Ax1 z-kygMiRzO36%o7GE?Nifge*|tTII95vAPt>MW|f|2-hd$9{HgyAz_;f^Hc}KvWjoU z%u?8ln-Ub&fpOLUs&@)?SqQ$2xL(HA-M{L+Swjr}KrWvJeu_Ue^OZFFoh)$q3@@Z+ zOT!W6QmOm#HV~Qn?h14S>TiwMKW505r2~W{^aLa~WOUuLI-C7@z|3`Bz2xhx|36pg zK|r>ath>Fi)RZm>J2T;z@&vNgha8^N-5eQdrZ@X~`rCYQSad5HNKvn3JmjNduCogL zX-JMHMa;c0ZHX#WAO%Xv{mo1<*;$EWZj)EKPGBA-u>PW*#P1g^^jBs)>S}ZVruU&P zXm(@0L?3ZtJ4E}y>Z>>Z;t$B05H_v(;!i?P5!J*5T#B3+cyss$`uSFlTng8df$Vo` z>trzOP;X_412{^Dqa+O~%B@b}1@o;Mvv%4EGLMc*vyQ&y-5hQ+yVweq6tjcPo#x~? z~^+mtn(s)A5U;%)1qQtlXn3~MP`RaES`*M1dH=Wb>` zalIlowSNn+`Y3aad|tPP>>ql;X*sWM`=3EYBWn83AeVuq$nlzH9`t4mgr!Xp$aoak zj1;nVatNFJQP~~h1_tGU-yAj{ny=D2R1i+E^t-{X3_PD5^y&jKQ~sno-(-|1Jo`JQ zQ$AtQq(gymy_*|m(MqtZKMo(T3&<|fzLk|T&_|Hkd6QQCz9HsAqWx<9c1apZj)&~Z zQB<+l|E<* z++>pARheS1aKd9L7ATyZspHv)SFc+Fkc9Jdy`~rZS~i2Kx7PA>5V|(F!@heJ&%=6WpE+)-R5qy(IM?Q)ODlPIefvUTut%Vd;*qc`qDqd#n72 z)1?GuCpnm7YJ`Tbau)SViiQ1qAlFI}wT$n#DGpA=AJtp0UgdbjYD_h>f9<>S?*_?k z!AxE5-Uwe|1Ye5M=HlNA&y@oJ23csq16Is+D5A~ykp7b3t?xb8ycz`RHE*)}Z)3ko ztGO&UYV*)*klAp|@+G3Y3A5-y=Ziux=35OLEyC7B%G9=p)OKF0%cRUFpH~z2QE^uT z9+|D8oe(!#ECFL}%>1O7VEV^4LWxGI#Sq3KczcWxyd6o|a;KlqA<(N~w?++`U30^- z1{sA_*s#P#BQ4u<6Zrl(Xb2Jg8TLq|kQEq0|Be&(9F`j?E3KE{`Nm$-41Cn!MTSk} zb43#cN)XI(1pKHUrq7`J4GfK3ewe6ZIpw@G$frysv#q0RRGLr(TTO)JRxSLjt{Q|6 zT<)EztG(uheltWZC-v!5J7g1(1M8_%zu86O94l{ay8CBSzQ|Wzg{$~%FHz4vu13+^ zo`^XztGD+|nGyX%24xKQhe|N{M68`Hmdx99r*A}sV5=5DXY+25hrhb}vE^z|+9XCt^ped@FyY7{=mx;Xv1BN7;Tg|67!FrWO18*J&1WOzWlHzqdxTZ@y zLTuYR`BU+rmz@V_UN-GsH$6mu`hb3)P7G5sWl5VligL1nIHZ2mw$IR-c{RO`_IjY^ z)I{ZjYnzErr99|)8nBs3z^D!c%u4zMyq8ZEv?%l@=|9V_X*}WC{EUbO4?2@-u9QT8 zNA##FBlGIGN>O89ZQ_Ec%C#<-Z^IsBs?5pEJnE~&(qTKHF!yPTq;z(#xcs!USb zAxtmwV5i+uS0iON zU0F$_<~!ivwRnDft7+e7W~e-~cRZ+frr78C-8WB>v zRHjDmw@FXB`TKu?4mM+OK)fFoErzb~AW?@3WU?tHj{@r3r8(}0@7oPu*Q{P4jp`S+LI&ePpjzGv}(OixeNs^k6WQB~>>}cAfTM_t1X9 zcQ?l@TKuV9<*@wQbf;gK7I6QmfpcrnIOb%+2z=~{Vl8QyzdTLIDZ?HIGG-)SJwUp) z0Vbu4YlEcDRyRh)#8bO{cRP?W`eFBS0VE)`vfe zw#K!7dq6VBGkR{a+^i@WeGvmuWrsQ`*RN0|4b3o#x=b6T&HtEmo!K3knLn*Ya(gPW zs9mY`RiQEU+vdFYO4oi73-K!)#kJSC7kV{-^cfc6<6(03?-KOy4LAbb{x+&yNpO|u7R&?N+g8MV~{@fPB| zRPLUjepnUx3*g3do~Ma+86DejLT+DZd(D|`5>!d18NYd2g1-8`cu*EG4`h+g9MpFY zH_Lu!e?$hk8(xx)b@BbtR~A7H>5*5j#_QW=Pyja1OR|kka{j`Izqla{ta&q7zw-02l?K~_8Cz0HZt@goI+t_&i zU=rOkz)W4+4my#&Y!@?+F-W4XQzlota4lqT`yDQBumd-DGUjR_WaKWS>G`~S?LiyS zN)&!2Hj{KW@pJ(KnTWCY6rsLh=~-JoFulE^MyvD=y|q<&PDEKI=8bj)qVsu0k1tvk zbll5O#sGDO^DvDWCEsC@WRN%y+r6?dIw!z#UxE?cA{sQ)5RdPzQT%La3lRG#TVHXX z`S(_y*``95#1CMOnGp`39;u~E@Su0{LD?Z9e6eA5fZGUGr>WRK>)TDg3BuN~OCJsW zM(zYrDf8)@5?(frx7Fz`*CL>_tV=U0o4TGVLG0A9a2d|0E`9es^;UhSMArl;kZ-kg z9;bWl)otRWh6J9SOpQj5%i6l3>UuhnYdtX=6qZH9jch2(2xxcv6Z0%?UoWXWM=Odg z>d|H`m3f77><^Wq=+o`;=Ng-YgpuH?^M0v^$Y<>_utVh22cRJim4=r9q$g=ZK>F<& zY=<>d>>B@pdUu!b?KIA=OU$QXhS!nTtDSZXljXgJWLJwZfD*>ysT}( zL6La+4OF&vWbsA_bsrKFb zDwRPyQeB0&++6pY{SUqi+{>EL5#h2f+Y!lyL)Us6Lm4-7fkc1F_&v-7Y-G=CCnL{L zCTJ@Qr~qbt0hAdY?`Cnv1AO&Ac$9p0@@cUhG&+9nqZnSKJOM=OiB*@>bls8ZQW_cv zR}wjV?J43jvY8LMN-@@vR!2iFkz6Ayy$SFrQIrT80jAgFl+c;h9NUZELBj2s%7OJoyL_rb?*jpv=nTk=&rF?Lsz zuS-vQC$ZK>Uek>X*suh)JXRatyHJRFuDCtGCwJxjmXJX)@U$t zn;rK3TFio}t67{~lN`LEe{zlP*{ID1qP#y*5nV?zDcxkjIw!2(Q2F|rD_8G3A{r&R zux5mj!D{I_JU-I~_d^k3h%&Rbk^bxrEa`9>IW~8YmZ!0Y<&V*@t-)JWu3QF4jMR~$ z#7cybsu6lC3`raap&Qof!MpoJR>)vq@BuY5 z(kP7Bd+j93)IkThmiql7wpK}25zd%ZMkSQaj}S&r?Rjk-KL#zSxZNxCt>{w`a&X6? z!tbWYbI`@%x`*&Nn#1?D$JSZ1=t2h88-^E+IRjLo`G6i!oq|({_qPF9U68UYcH*Nf zwttT0S{ei}^fYp1I>-GA_Hl-*p42Z*&3~O$D4gJ^vmLzHBb$EJ{Ban+>R=)Hf$gqY zlt-iNmH5!Thm^Xuk3LC}X&qZWI}L^H+uVMG1Tj9?<@t-n6LuKlznZgc|j*nYgbFJ8*o?kd%RGWAkK@hZB{ zkEQSWhaawIXEouMn?wol31IjSyq(1a3$1Lo&2jn6V-DB79^yVg3@UU=sC>f;-;aYh z(XD-hY{ryrG&yaF30CqqJ2{5pSk|s{6aiqO7c+Sgo)!jVO9~a-m$O-gx&SlhRD=Zc z<_-Rn1|?#Csy4b;Z)KLthQl#QUQwqcI`8OnoeOc+UL@lc_Wf#8=`cdvLl{W}BI63P zR}NySjd?$de=n5cYWzDIDq(=hCufU8T$hKOjUt1P<{VWU|Y3Ut0c?U%-H-@-HtcfBq*`tD~5 zSyJ!59{O7?zQ)l3z_mS2r`X(YS_sq(dYh4|ik!phH-9N8xEYfyVfTL8v&e3vLxgL$ zY4CF;DT8^XM)WzU`p)qytQUfIAsO@H)7ygxdI+F1!vlzTzCie{WmI^x&wl)~NbH3v zs)6;%Pr7kxtN_LgMT*+hyrnGpd1E^4ni{Fy0R5^k-#Qu>>ZfEd+YVl&j3lOL0CEJsK0;7AdW4w84z2br)ZEb_RAaXAvim> z^N>%W>AM)_@G7vB0f7Pyreg(yk8cO-s<@hNqT}u%KwXeXY!Afw4p1}z%EF-#nmxf) zL*3Xd!}Hi9pIve+FWxUFZaQpKP7}bYJj@gn>-=ws&;JpiBjNaF$SEl~goStlyFYa< zy$SGuRHcCT(}aG)(`jqgOT;i){Jy#Z<0oS4%e0&t&53}(rZ*^W98z-gge^bXivNZ& z{T~Iaithom1ZrlD*D-JUj7=xty5aV>Z&c(PB!3Z1o;>-R*dl8tt@#fqOvZKP%KvOj z9(AJlFMdn#4JNPYAf5LmpzrLh$1DM=2*QUaM zGmLT^ezyJtqyvx+-u`3e7mNe{G4mg$k%j+&AvL$&;`%o!X{vJb?LU^qC-AP;zt^|I z243`!t6biqE&lfq%;9C?O`EhIe*R+!YH5aV|9zDa(MjWf z3?c35|E3!)2(ySLHVbHpr}Fg=<{fVVO2!9{j&t~LKUEFes<%ECc7`~44{$MCx{uPX@ywaN zR6z`n9u(yy1w*=*W;YX*+s6mRZprH|JH z7A_Kifg{g0lk5D1&>ol%*Uskv1E~iN&A;9@v2MfN}id~w8P@(K{a!!lzcj- z`YFYXaY|mX`>iWYUxs_VQ_8!|`%$#^iV;*i@trqx?rGnGsUp|$@g{%zeI%v4?;Q8s zd&r{v#$6t`93J=W7T%K>?ynNB9CSWYlle^b2qK0CB+7p${L)>CYW55$mW%yfQk1@|e5EGL?g*&H+V!`IRrc!}z_BhuC#)+3K6f?{Ty-z4X$ zro@lyc+pFrTGYn|NRWZQv77p7M{X?lh?ScU%j{^9)uNJdCTnVDFe+ zUc@o;``@|+|0kXUi#~js5m7F~cbZeTqDLY~aB_L&Dvn{nyPO(TU(sJnsut>$Pi~eA z>L86ZA2m>7KO)|AKI!gZS?lp;V{9IJx4yK^{AisdrPB0cBn(X()6A3 z51it7ZWgu(FfC;I9KI=%U69Mi89#>>$6$7>KyWuReK)krrEphup><=P@y7vpLe>V)`&)z2E!= z9r(d)pd3N#SHvI_YLDVJxqImzxrB){>SZr%9{}k>v<-VGPAe)f<&DuDM66Y+L&gL*1QHy-;S zq$Dh1L`+<(gTcR?T}d8E_o|CB`at*&Wzapzi*Jstv8RkxXjb@W!Ry?5$MZLpD5PCp ze_K!2=czuZQ%{w!qtN-C!rfiTLOam6_w>QiPqHFrxhR7^Kdq@)RVNHr z^VfP{UsNqDgSZ2^^^^xHQMTx^zObhlWHc<@&HOXT%8-BboQ9d|7$rSkHtNSf3yD++ ziS8A-KXnu(q~9h=iCDFVBQRS6Px63H;+5g3F0d;c!A0U^6s+cN`a!bBql=%d@iSf$ z^hM}yLrSn!n29b%dWz+id-C`H)y*0aBg-Toh}bu9<5OD@KN+n&9F2ni!W`;I;7|oj zbH4R@&ojC=`OOv(^enXb)Ie(^fvnj+}-QR zVj19qvH#L*&&{wX^f0b7RE6)sjGE|L=Z#G=cc&NMlCURE7h$z&A~gd3r4cuWoTeMp zkS-QS)R4C^gy)BXG%&mcUj9^^V3@IH{a%@t*D3gGHS;C=U7>LZm z0@n!B4u0$p(qNlBq{7tyxWOs0rJ$qQ6Vv_TWvLl%t>6?$gOaHBnX!wyaA~F4szv$p zXd;(qP!4iC)#T9nRYrG~a-}gR^6DRch!HHaaXUnlfh?fwxEoE-*Kw?1Q2&v6;NsXp z5g^N?RS%jeTxrVA$TdAASX$;xeC#$`K=jB{U(E0udo)#d>L50{Q)OhNVL$OWg+re^ zSvCInA=JK6XIi&barbN%|GJH6Ry_HE4lagmq{ zB7YlZi@0}U;K>#4SnJ!kM|sotn3%KpF;uWM>KoN9`?iqj$^si&9c~?mxn7&>g4Y0B zxGeo?yuQvmO5vxIAG3wcx|}b>OHW3!-DU;ss!p`D)>{~&7RC1Lh=8qA`Em4PpDV`I zustm_S6(vsuT|tD3mvvTbhwzfG}@ymHzOt%_>T>x-Pz5ErU-T7J^abaOU!Z{J;0oV z_sWFpNg+ixrzyJ_|NaIY`#R3gpAR04g$>^?r=UxAbB<2XyCT0c`@=X!O+#aB?X>u$ zHeEDXqje0gq*OCIE6X#?I((9lx*|4avB=a8d?8&r5aSit4b8tRMw9l865w(97c&l7xVRl#+x_bFaJI_5BAZ0TT{%O z_p#d1FQtf+^xK}8cz$j7TEh(OTJ-n~l5gh3=GKMn={2lwjvFksG03vSH)4@T4XN_Y zl_K=-wUnaw&wpgB=Mo!CCI*rN^b53KV{Ym z6`u~^rHo?VaeuK?+OU#eWsdXQ=O_m^!}3-07o9}NX)nZ8=|k}0N}tmq;@9u}K|e62 zSG|8p>9d}>#`{dEIR8P4{iT*Gk(Sm$g-jpsarZm&yGxt+POrM#f@<<5lV&sP{HhPX z5JgW+Cqb*@>FV?{TI#$uHKSU^#7i6ExJ=&#-js(@#{PV!@QoVc&88jNY9+(T_al-q zCg|}MDh`}VR8jjGpLL~U`Y2^tDV(r}i@VF(FbsUGbacmqqgrym@g=2Y;+B<=`te;C zW>Plg1)b!*c&KoL-ICp=dhdmv1=(73XT-{6qKdCwG1yi$ksVw;yG3Smwab`NomOs_ zDsG#%R!GEJOvo#yw{T`bFNL7U}%7-W6zQXrwc$ zkx91tdnl}ni8EULmrV~^+`XcpX(zp%L_EuKGx#OJYUqQzzuJ`;b03t5{2GQ&I{?oU zm1pQng7Ws;43-2@GRj=KwwBrXC$MX|fJnL{GjP)6Ch4z0`G0k}G`fC42Qe%UJ>TIE z2$_1G9WxR>o;tN*gD$)7^@7xKgUOY;wSDLNu!4=8?Vk@wDQ)zAspNiq*h0g~y`+4( zql9Nfl-!DLJu91n9%pU4M62nf5s5u36{^Pl0XS^oE+#mdC_pOEwoCqI$d)jt*4CE&OG-+BS~38?eu|UfK8iE7o1Q#s}JlHO=(+?j;d#t(+S{}^rK~XdGz4;eA^GLL?>%5H&>t6SUr0+wE+eB zHrs@wP~;gcEx3W)_>26pr}YW@ZDdw~N~7&Y5$AXihtJrz6+PxWAt>75gMqjaAmJll}U3PA3tH z&yr~t(kJ*uzMx9GxXOWsf@NjsIk9%AV|VeB{#Ot4$4%=fv6PTVZRVFiYeH7{WP0IC zjuPvVl&B0!tXB+-+q`EkkYq>Pok4>@pzuK{&CbD`=XW9sDw7LFD(5=+ppw!~&^j(| zO|VPvxQqjtu=3lFvNnHzbZ8;w9M%Yj#^^VAxrT*1PLt)`EHo35u4tPH#;fr8QW&{^ z;iu4%J zC9FXX5lJ$#>A9hz&vr?TR=ci9M_6|$h9JJC8C4dQnH?voZu#o4`qePuB&5O?B5JZOIOQ|t|$!=`JIgcuF+%Jz`X%qYLYC?^d z1`P`3r}wsx(H-I=tRUK(Tkg;?LMbc! zPo-m9yQHG&<+4@2u;}BK^WP<^w>XlvwHlrhGj93ie$X&@M8r5T2s5Ma;GZry?nHQ_}AB8=**%Z*3nSfh}9U4(L!7|g;zqlS5Gl(x8Js2Z!Pw8b&LZV z+;(sy5`>YJcUyeYuKC>Y-fMlA@#Wprg0#ph&Ah5X4jonHQKIl+O?@gyw+Yob^I0!4 z9P^ZtO5IoHT%{4U4Yqmqf_qJ&H!6Mu&?AnD2NQC$b0V)rY0eB~Z|GP8h_3rn04!>6 z@A`~hd@O$4zW@+Y_=ipxGB>wBqiS7ERAkQ*rvPl1T=jB&XhVbL78_zd;x<$N2LO)5 zqUUJPF=rs;lHj;6cQe+a8bEo)mDKVs@0F(1_tu`V;PwdW*;IY+(faS<{ol+U?RjzC zG4ks0cZv|#JA>B+;?=XO_Y>c~)#dr|{$`)?W97}i)>)hNKNhO#uEh(3*W$k?oswQ_ z7g=4g9(|Hhu^72jPeC@S`39_4zzj1m=OGLE#{-gl=@87t(aOzvidW4hdZQMaR3QFG z3ylH=5<2r_<)w{hIK?NTv2M?b8w{tP89FxtsM?v13e|fK!WPQY&wMorDS9tos|mJ7 zLWy5A2!7%Q^#>|BUa%*OUOHJX@zkDJ`Yhv7^q)t#t7;==n$;7t?S=&eqI=h9*Nl=V z7w4#*?uoHYw#bRoCEb>uw=JtzrnFew7GKh5>vinmcGp#5Ydt)cMyy(lU%q}V!5Qtw zWBkG=UPi!Q4p+50hBid$Q>8zlN1ERR^seSy#%v4tPHR3NEDXE)d;GNr>#l>5z?~pg8^6?of^}4eXNp z;Pi0BuacA8u3vqorkc!_ElVbtW_zLd9ebqIh!6HC`HRM;+rbS_KEo`Xy#Eb4%TBlZWDb z5oFwwmn!kKh27W8rz}r>*NjdxH^Jk}hACwPTq34mD(?&~YMeKXcvX{(FcXzwjXB=i zn{fF2(XZD)8l?&lzPPiYw*7pj_2KBJ#Y*JH;r^SfRW$08-KfVJpf)AW8`~PaXeE9@ zQgxo)-KqFRzc(~&%+dMJs2=8PMtAa;p|Qk72x%E6pNPiQf73bTppL}ZZxP;~xHYo* zL{d|hxHdfLuwX^)S&0u}TyRXUS*F=6cd?04CyfAQ^V^{?5pNz$q?uyfoobZXWhLrY zTF5wdS=+u{ZIbr4&uz2FmZz8%v5rjqavOvLEyPTnczFzcDYRegVY4?|XEX3kJdm9) zaSV;p!<_l<*wgi|Lpn4Ra#&-;$fpw2B@Q257$9}*P$i}PxA#+h(5*(B3!I?-&u2=g zlQM|faT!eJPr4`{8psPBPBIa~;lc7RJpqk9!m4F7mNt%h^2BZT67A&oQQS%EHSMgo zN%&L!B`CZ=kOsu8Hs?%nQI}d^Q+O^K3(J`xbgml*#|1_93NqWlYn(tl)j>52ycCxa zhrIT`KW;aXPqzvSSk@->c-=iXvSi-Iz0J05m&Fi4qABm1?AL9yy}+}tqs{wk@G|-i zV2g@3%vG%p3`x@N55R{QDnjqY!e$kCjY()~SnCP3I3#^^@xrAFJ_a`C<59GFde`PB zK>7tX`S=Ku3Vd3RGHzb5e?s*=7x;M6nB&A9y734m9Gs-g7ca*u{!H3eT3uZJHv+Na zLWV6Kl)^dc+%1dA<%$7jBWHf9 z@lPF*nheeMv~-Yzj$nFxQx<&lz!p%W4xXWLRQ4Nu{0NyLg&e~T9cwR+Oq@aex4FsW zpA1?;L49v`x3@l9kWtbPMUUD?kpD>BB_fsa=KWzL+G?%W|DD@AYunNCPVIX+fu&^A z3)0B74T6!xT#ei;p8{317-TeKhJ8SR$!>f%yV1VR_r5RFG;B5R;^^jBfb$GbP2K|Z zssV|B!_s(RJLKrFf|Ba#Cnkqi7JObh(;n;TyZVlFp>Y{^)fF+TW+K$5t@*NJRk(Zz z_TI_VOt-Rf``w!JnrmwmgR^tvZPu8(Dt0JBMDfj+7*epgbJye(?E|@&3`g0$5h4Bl zSM)3I1NK%WjQz;(miRQSbj7-#>!Q%E9SFqtRcJ6vNBeOe-Yt&dp=%w-sh{z68$AEo z7}{$@APu6cJbd?(Y-aEvMIo|wi9K+9!5Htt1{yUIeDt{!Ni&mI0Dl?>YhDnP ze&4Oo4@)=4F*CbJVdV@oP4>9|o&Q}z(4{cOv_}{}*?b+m7y6vtw@QlSMPdJ^KbJhT zcQCs1Y#~d(AE}3zTJ9o{Kll6+6wDD9tR&h9>wG3@eK_&zv%CB3UyICx)x|6^$T@ZKN&SX~m-LcMAnN<6(bCo9&7J;GPGR}T_(&ENVj9r81e4@n zzdTLk17s=Xhf`;{B#CaNc=3VHGl8%~vkO2Z%FK!LG1@Zr02+(`cjN!3v!PHF(r@$! zvev`uB4|0l{0siU<4N{;l*5%K0oszR4DaY)Gp`-{m?MhjKi1 z3eOSg1nx_x0FOdU;e$3-3G2lr)ZIkB6J@-& zPfxaUDz)WIO=$^2k|b;mEC=+3iD90RGk+OplCH?=d&5s)GpqEX6NaB$E)%$|z0V}` z0rr1AQwePT)+QrniDpyHL5g2`?-1OB)@m?p9YI$L2-$ks|Fyk?F?M>Kin2=bacg0| z-6TCEw}SG_VoItU9G@BTKa~Bi_pOWKA>qM128VLcWU~A{bM(Y_)VdjFQj;O|u}db7 z#yI7)97GWfbmk;-6Z1vzWD6eCdA$-(yoqTAe(E}0>T~XN{#12MdUsudE&IbHjm%X> z!S~kDE6!Y>6Cn?ANVOvgqIAYtZl+j#9y%%`VSkzYawQ9(Y}x#-pya_2lLk(AVaKt1 zh;t#ZZ=VGWeVWiL!ux01cF;KsMI7r^IgUl@g}6x))ZtZQL@TkoFo5L$$s+U%C{Clf z)gydW(J~#UlptfI2?MXDMp+MUT?qOvJX&%$xjIFLRT@LskO%X+l(Ffn{DUmp zP*?$|Ob(U**hv8MnUx=T4|o+mlecFo z6>r3I_bEHP0RSP|Fi4S&& zT1ZhoRPZu1qKxU1V@zm~Bp9%yV5O}2t(a1nzYHq?kg;Kff(#rte!%;4F>w?#*ZJ7% zcCI8YM{_`cUZ&@*+19_lo21XM@SsTa8N63QDo$WM{ZN_)FmZ1d7gb|wG|{9URaoDv z{ssZdJco35(`eJ4{DB)k{yOV<*&CFZyUKl{a9`sS;@ZF^nGWnszPH{&lGDl9yD6{x z2bF=vAHKUblA0KJtm7N@Nc*JGY)%0Qex8>?(64!R^|>hIP-x?i`DVwTgp(U;b+W+ ztyw1jk&tqc5*6?b&5~JZ!MG1Q%;~fOolQAcNUgdI_9#wU zZrcHAlhQAsUA3pvws2kBvabO9{;G1nnNNMtW1a}8w7lMF(7%$7cZ3W!z^>$f3Q?@{qJSN&UQ!(8j;vt}M!LAG=-;M;B|0h#|gt-fWE99$;q*So<0< z7gXi0XooY#GdOyp@z+|P7qMma70eYovxhwnsxg4HS5dk#aXDfSuRaZ`DbSy!ICqr| z#zJE}Wv4%_Wo%wjI3rZ!6Dx_^~Lm2U+zUJ$nXrI6#bqMH{%<`igVv}l1V zZnS~)eFalYjXDdF=#^2=NFKuLuTkVqh@t94T4lXboO$KSHnWPCr14GPcENOPIp)#( zi<&1$kTiz#AVfm43JmR1^8N(i<5_D#0PGv!@emZ*oJFnwUctxJ`*W zmD@(qMD5xB<%^a3(D>LMrMc;|vQzZ7?Ss>71 zRP(<({7=nNxGUOaB7Yx>@$up714u=w)svJwIlw7Wl73IB9zxPMXKJ(Ct^K)$l=So`?q7#= zQI89EFZIsq;^_mY-U)@|=Xh3Ty-IsYP^5-ID`7M*H?l!c-;;i$JkHnoIbjs+xkaUo zx*5*YN_su7Y5075Rp3O1sEW#|aUpXYy!{@IgcwK17oW&L^p9c0_;*-yAvd_#Fgv$) zKCbD0`5+^({^Iz<;&S9t`$bU&NZ(m+{YR3IyF@(TN8|SY>JQ(t^F=?y?vzct7;0_zH z&Knubx7V$dJ{@0z=H%kY1U!zYxBv}%__^#QtFRQ=)p=xbZ%=4)@!wx2M8vIX48zFf z!cQU-qekxdSq1ry&V|1ni#m{veP%n94Fc?AXPWWKNtpf%aK4mXOql^h3%xyvPlXZ( zYAQj&KXvvyZfz849MdF>#yjmOA#J+gRRioI!FIs~ZHVRf!6&w%^k+t729$>`rw9PW2l zLIjjl;|!=hiplWy0)NIS*o-&(n9Hi#+b)z5GM7e@Jj#|A|4rF{fA(FWyM~u7WDJJ2 zUH~bBv>zOUqyYBJxA2UCbvA->(Ng|XfM3e+O2sPXj#U`@^z%p=o?1;wKA!JYM!b;> z@9xGb6m-m}k!U^Hd*o$<1AM?RjRLk8NnXKs_8*sE9UISL#TH{LG)Gj3tpASTYTrxv z>&NQ}j#=?Tl7k5eRKI+;SodNjf!y$yUn1np2on?(dHLzk4?aui?M)ix_>%C&*IM`O5=Pr_ zMysD=v2SbN5+4RS?5dEj7+RO#A!B_r1*|>b%64jP3vDA=&hEcKZ5)~z1zK%`cP%`{ zRBy-JrG2XPnJn;?MFa33ARz#M8ao$nklBea7>AmuHDYTw0Aww|`%m+Aza$;Gq;>f6 zboyhUbLT>-V$Af?@MejFmzQTB{4B1aF6_v_`d~fX+~s+*N8for(btek`9~d-0fj%f zCBA=2tdf*7s2MtEjmYKZkDPoHhXKCTFz&9VOkZ(3z;$%?aTmhcKhg=2;iGp$YHUux zFfP-<PAXi?k!O3kSD$PkS6mxKj6=GE6m~FGZ@ZK(ux|!Y+PUC0)#^hURLG7>_rP zn08T3Axk6kmqsG9pBY~MaJowaIggI?hexF>Hx>Bd_&O36vgky1@#dQY0TX{c;S1QVnArs0=7X4uWajCYqm=1PI`E4VZ&dYs&b|QuJ>pc^grg5nt!?WUT}tBqO4iS?0=l{a6OX-!rOoxah|1$QCX1Q zZP*-;+*3rb^~}UsIJq|{$OzJ(uhryRNo`LZRqTgVhcYu@s-CPt4}20qn>WX_7(Oz* z;*RmolDqw00YBcPkATpnCCezrLO}KbbuI&Q=jm)NN}uvU*vsvHmzvYZY!y0@BJT?; z&sjMrNh6{*vI=tnQ{PhNCWP8CUMl4<#KS5l273kTy>c&A1fv`Bb7Fi~SZ%y$LY5O7 zyaZf`>EC+1-*%LJ-GGr2o?t{uf4F|GcdtTDg2i}s_BpQpzVq+bcV3x=E<1*6mfxv- za1wetwT;&funIi**bH{V3$-07rH6T*N|QBrzMz^1K3DR*HblFzyp@sNz^b!^)N zm2>}kOy;eN@5JTXMhW3@a|+4Jfo!)g;!n=M1eYX#$A3dfDfRi!atZqS>sa&-OUsAo z$kMx}8zauI%SHmi16v+dSX46+oceQCZsiB9m)?V7iUh)Pmaf+Q75 zDj+%2k~1i%AW@Ql=oBs1P*@p{F~bxDu0p7Wa=#H$`jf2rI4H8c4|rcoWq z<;mG=m)kCAW?!A4REJG^vqD{DsS4STl`pXa`Q33?Qhpo(&0H2{ic>)79?zWNqOjh# zkhsbw5c+g4-}+##{>}k2F!J@4{kwULdvCb#`DCnH*g>s+aTs6_D|!8-r{B>LV`GMq zXg)!oe%GRA4JLCct1+j9yzpKHC5R7ZMu&-)d(WTOyXlHW@MmYar~A*!?oc1pj}*LD z-2OoLG74HSCdKx%2!9t7^N z{)lm-zrwa4Ycuc_ePp@;B5QmW_cAAzUF}QD?=eNm8HmcN@m1Pv<&lxqA(>u&SBxzA z>o<$%X*E0H{x@|^uXw%-ioO1*h@qxDv1)Le)}a4`Z&6FJkne}7uIr7QMnk&@Idse2 z2{tk-ko+(x^`pIFEb(VQ+_}P$D_}3^)wuPs&B1RG?ydc7#~mysxJ83q3k8wlFnF~2 zSP|d3tVW$qbuINhH0{3FS%{DD$7c*U8L3Grj#d5|{kr~v`1vA$3)c=Kz6MK{l3rS@ zCi6?nKZ`D6pwAdV_GKKN-0@~qs9nbcsjMTL=4-)|&s)LA>EEKA(_^wv>DLbOxDes0Q7R$-W3C#d1`%cxJNw7 zs?gnGq?z75-&2dV8177UV7kEp&f5iNFtW!=B&R&{_ZiGCih;o-%tAZg!NBPd-$CW} z_krg$A?F(C5_c5MLs=CBAJK&S)3RfAA6r)P!i*uNE6EO$M?1 zh<&Ce^6IOrn;6%N$5rQa;sHs1{M{0jB#Q>RI9*=C0{9kC`qDA`wu*@K_c> zAo+BZ2=Yb?5f97StA=aqAW?0kO^o4$lumDE?6?PgopLip?kkf)8t;JL+|YkzFU2aD zV`Msc_a=9lD|*y}ACnjB$qfX^Git~`|6;}r*hpoTmi8=U#OjlXZQ#>Zp-EkzVA}(s z5F4fEjRdbFG+q!jsukJ1k5%tVoe$Vb_FrX;meT04__&IEbY`4Vzb5gYdR+L{ zuqNQyx@axwhgi#_8e>eO@>zd6{rcs5S!Dt?(zYgyzQH3*qfdfaP39u!lqwMKU3$RQ zp?T-RtKj%uX%(`9w-PySFhZG6Oy@7vao_gY99}`6SnK)Ib@(YcM`hh~h0%@@yWrFw z=;sD}<{)bp6#>!gd8;=lEPniLh*F`jSt}So(E!c7L>0xx$dbD4?NeV?%B1G=vl6+F zD`Oa0kZ5i2V$%4D_9-U1HE&<#BKRQPJ5U;57x_w%YN%s9x|W8p1dE0J_`Rz`FxkJ}^G_9*vr2MH9R(G>&&&{l z#mRM6r;=>7`vh^{u0QFBZi(V|;cHw+Ibk~4KXEUm+S>$SG1zhJMb$^7I%!D6eCUU} zA0}y26q7OC<0M4Jn;Ts;cgf+nFjont1e5%jyLl8Xj8F}8mS=fImPmX?=w01>OYo;>M}z`%`3a`F-*#9JYnIEbDmfZU zxs}@qTZ1P~0B`0|@pwa+R)14xOo9|ervPmZ6%=xiM&!n$RJJInI@oSy_7(`D5nm?x z+&_Y?Vk+Lk4_5HYs!og=XExx+ut5+$l|bKHHr}YBmdkO>$fAy#8GjCbYP`3d*3-Vl zoGKSg#{Z`J+;-Cyn|Iqjw-egS^BSyyHnI7GDv)ctNPWl54USYFX7UKkoEc4JI zYS*6mSq|2r2LwzlW|TFX!*B_+-|Jts`~w@ca0axn-;II_%5EW;$H zhcF&ttSZ+J3cO2y_$eG+b6Kr19^QPtcN!QDG`KHRtfsDGe1UQr8;k^%Te%eiLM9Kd zK?KAr%j_4#56saeA+*%g9_J_l+?*P0`>yGiHqLK{suz}-0nXaO_rM7>ZY*2~(#*#E zO-1GgRoXWr#;=6+Oeycky@;RIRWX@zDo5>(QQE0E%zY+UxY1jz@HsOw${>C{EvbBE z=-c6KX$$kdC!sMf8aQ$1W2hWIdGoxrF;$r`&U!JO&9|AeTU+s@5i3d~sa%qlu9sy{ zgvYQu<<}xX#N12_*Apfg2NTTM1on$=TY9Wcdzo_9h43(6P z(n|EU=))L%wNm_-yrfbfMgCp084PvmV12&JhtOL`Xh`S1c>C$&|H`}ee7!HY`2up~ zjsWjwMJq-*8Vndbi0sn;EX(l0FYVTU=sB*Lppg`-opl)1CBgk*{<5ko5{(>Hn!}t^ zrE3_!g1Ra5iV59!;@G=l39GHQzPk?`-pl!RLQ?$>3nnZbSUy$zCDLg4Oyh!QNAnM`43!!< z$^WfLN3jzrNv=qFYR4?$DE@YOoJHXuioIR`m!7t4CxK1B{wKSlc9?U(YlB5!xbISc z2Sz|6F@!ytcXLZUXg|Os3Zs#ciO)djQXiKg@H}nTB%b~siU#^ZV~p*A-l;#bH^c5Q zy3S}l&PNfW?!m<3H!elWw|G4L;pSxp&grVY_I0ef_U4y`f>PI)koVudD`@wJs_}^h~ed z$2vAkx~V{1KSE|^O=Uc}PLcJ6dBoJG1Efy*YS?Kz4eAZ}5SvC`F7CBVl3Bfp%NfN& zlr{>1eYR`=42!LGgEeW}Ir3&O!4sO%wcw(6KD1+TjAqVlq&ywjawLZo3Ry9cF8QYB z{JMqmc@x^0a4Kv~XN$Mts$_x>6FlNE-X)WN2Ent1XvPs^$>X?4+>#;DL1z!Y#eCh{pD%2wdYef=Jd4RlvF?|$GU{&oRA~txPKzyP35?GQZP&`c?`UlL z;5U*$+KzjwsFjhC}N$rJ~a`6T?W4`8$z==s$JgY~X?!2yd1Xe|Hw)Nt-fI8bmNokDYQd0My9oXS0C zOgm~Fd2>2#SK(JsDaCtS61EV$q@(vBn!?5B{v^@-XKVBPEa}2aJIlT(g9z%Z$3yn& zU_mD#%Hlf>6T-_2n3=hy!Zw5q??>J7@oBmvj25+}w2^x@k(7Ksf6=+MLIc!>+%+`4 zfMEtcgOFwZ>2>G~QUyRk=V#Y;jL7+M-(jvk@CSZ%BSB@`X=g*X=QmUA;7y_QRp#sp z>HqRl3I7wE`hPLeh(}gSzN9&-7-{vb912T$l^l%JunWd+V+ZaQp#Zk366?#nC&=Fl z_4I1Zkv1rS1TeU-QIHEC+TWAd<&JH0vH4v5sH6Nd-{IjJnSJnZ!B2$xbwEgGhp0E% z+S}?&jn^+I0~9bJtr|cJy!Lnt`@qE&0Rusy6Izz@r^pRqR`78&RQ4f#58ukksmY&9cUrCraO7v@IgC=7?RC{KgW{ADbmy6tWf=sEV zeS7urrG_cYHg-2yuM#6&@cy@S!P3R!k3ZJle5(GP=uyz{b7~S%YDgp)WPl-pcOdP} zlOOaI6m$C~{*H=UrcvotEMVt8pRPKp35A&>_YPQoRne=woJBdI>g-#+?2xL8(o$6R zS=Fa`DGrL=lz@)OO1_H0f~8w35FKc{S4vx7`el6c_|!)}_1ef7H;+p2-28h(MUY#D z=*B|!&1AxtqFU;isWk6Qp-|Ug5OLNT4avDWAXY*K-LJK^Ms$X|M+m=UMRir5acku2 z3q$N&kPlPST&CBsB=Lg`NW1geI1F}`Z%_0&fWlz&)wnZ#J`=(}h^{zHj^e*8eyhvS z=rxomH@&jFpa4IpG>-l5sWPpOK3j(hN4~%L^46nDZpX(sIk1HY3!%Tz}{yP0{LLHyOIE0KSQDSKM85cQYz<_?sB#m7 z)954Xz!#AijyGa<86Fz9E!2v+Ah{QT7y{jYjs&o%{BUqr8*@p|WehOz`D*p0V`jFC z(qRVEGO^4b=H2mE2(T8f9jASmL7F2GOqxy3QLWSsMy+z%M=PAB?JzK04$2IXFub0% z8KMmM0e^4k&ssh8rp`kFws|w4wRwFeN;)UjCe1(?c36G>KtB-A%lFbG!~p6&xor7B zM38gdVDeZg>Xvf`*6+x#!pTOiK)jQwKd@rm-o*Y|ZTr=x5o zcY}hq2mXzA&j!}96#w}~3d7wVm42&BZNuDv{J_8N+ur~8ztwd9celF`fGXp9rkAq*hLM?SppBwIQcI=E?YnuA!m`y-g`8ZwvsX2jvz8|=eoouGcdl;o z4p4)+FwCg^?;&3maz)i-k9^@XWe4FuaihN*8+G)*4|u+hIyj#t&9QV_N!kLTS00+6 z2)N~0A!|EhA{9p*%wvg^A=E_l{+@9wxmm0ELCB;>ZjPPDYsa=A{$9e2n07}|t5v!= zgz7Sa?tv8R*J)aRCmw=+j1&bKbG%TU*Mxg8Y}GG|a_nB-8m8qFS{c@IT!=(pkb)Er zAd>=iKGS9ugJag+U^bznz)NSQ5Popd*En9rP!-cMN~xk2tIek*WO)q^<@njorp$51 zdnYqX(0tr}5&Z9qx(*|onUxt;U%6e>ulLY3^MD_Q_4b^rVD9#|)*Z2jdQTO;)a2k@ zG?ZO?L+pCT`h@My6jV3HOkJ( zs%Zo}%p80yiAT2F33}T5OPme&1BGb5VO&@Z*|(|?V}t-&z54Jd`n`*JRLc&kqaYdD7nb{wDm*(~zxE?Prdd>=EzjZY{CD#=j$!R}Bzh&&K)K&DEgO75poPA=I zEe8x(Ou`&c7c6u)R4tqCCyjo@jnrI99Bqb_^ul478fPIITgjN$_ngt5zV2`6vgfVg zA4Zbx)jn_i*X=UH8QIYpWenVB#ZmD8$jtu-j{c3^R-!_A=93rrj2!q^LO90OH3Xl7 z_p%PMOp?rhNa;SLaJs4AC~v)*`^w1kUsb$QAaAKYg5 zt&M`)eQV^BP8!z%pMnAJ6vzg!6~5I7helh}>bkpZp-W`Pb1h+AYXC;}BAb=!WZG`4 zlQjFn{jii%f7aZP;O(*X<2|6J*K0S~8zX&u>Tf$fV_F=WdPD?7gz=rL(FDIqv=UtI z(O(G3cJ7_Q(eu?hzgQucpZT!e|@Th<+ZS%)uUbbNGa+#C^G;mxcjj6m-* zZKw9{VF{NbFnW4um=~ z^~5V)`opI|G^XF59c#d7?GtUJrqC-S$E2QLD9P!dkK^qFMn(Me<*H8uF|s7#*2WvG z@ibc}d)Ev<)@twf(@$ z9|eGeIt=OKIB_ucO6RJN)4AzvEQu&JMH}3b#K{wxkHKM~-ebLY%ibhhWm9tK==qS- zn|%&=2KmF!t*nB{oJ6X$IU;C{#rjNKji0|NsKI3GL`o5fqM5bJd8v?os<|LwizqRv z2S(at2gCTG4Jsz}M9U_2B+e~6ldS@(Fgtm~KrSe-W;hFb0adfqj@=~ zvh$NhHnWvt<|z!6e9~~5Gr7<3=yNTZzj|CQtNY$+Kw>5?Jkozy}Eo#Vp zuvl%Bv!ZWLWQ<|pvy}}^+}Ff^pdgC=nsd4207hnIYs)|M6!I^6>JLQ($fn+Z&n_yF z_=l_ei=M;G-AMf7ApZltNTVMV++Gj`F&a!ta(@*)bdb!^eIVxKBN2zmriXs^S^5_; zOHG)>;I6EG7dYR0EoH~!?=z}3SLrN^i{2Z!v^mBD8B()M zZb}A2s2Gg#pV5*3^Ch_k1DNqsLi1@hYpxOs2FO#Gb8>-q1VGYB=AO{l@<2KHh!~uE z`2??s@0X851b?SX+pq5JbuvB(*xyyuaD!mgUsd0V5jHW$SJ*8#G z60&Z)6-X!SPXbZ=M$iunZvy7GT;W&MUEjp%_W_iOR5k{=@O_mG$i=hBJ!DW+qdNwY zE7r4X8r>m#kWC|%Tt$gt`I-eA+b1Hhn5RVo&P}IdDD8xW<7&rjd-{@0s-{^W47sYi z1#3na4yGTm-#4qiTHne#062?l(0)%C?Cf*`ezpkPp=gw1QqE>M#&&C{J&YvBZc~^= z3|+6#tZ^hTCZ65w@CqQVcH#K_)LV#K(?;xe%XE(ib@%3Wzn+3CBJ->^1%7qn>j{nRZ21o$nm7`+Pi<*qU**e^OB-p+qJ6 zJHIDKm|qljDPo?6DKU$Zw~=03P#D|@pt=p5#JvYw6M*I;w8<`YGqw>m6S z@;0Kv8#gpNRv@Bkki&s{ITHE$zl0zl$(x`+v&}yYoDkc?HtfSIR_#W{Ce+@6Gz_s; zg2`-#GlQ3WqKm2O7EEo&UK0|yYSp*!%(@j>M`Cjyp5eXz-d7=`_!~QW7thc6UhJ5N%!Od!+e9%2xII zN0VwUTfe%Gq|IP4_y7`;yk`B_StYq;DzMTMbSYDSt+exY9+T35b`c|~&tZ@os(9V^ zko=j+bKf<_%<$UFdl})%LfHFXjQ3o}*uO@E-2W#K?)ML!N4^ZbWf%MBy?^J@tlJo1|z9=UH06WR?mv@atP6kYRc#_YUQgZnL}dxW-* z`&ne-HSONlqw5PXGKUM_Cp0Wkm3t1ex!pq6JkG7h)iXobzl7;^&+^vPtU~&aL~Vug zaW{}OdFPPJrh_aZm{GMm{xEn+&QMQ_KHac=!!KOMM@h6KY@>wXl~F#PW#%f)3S?M_ zc8iM@Y*By7N@_C7uwO03kMOa~mU+0!dc~!!Jl?d5S^Y0lO@yGTX0XxM{xJFRnt2P~ z*_z=sbUzF}hzdoDPZYk!KQ@RJ3XT4lOmzG<`mK`EiEfZ!ne{f2d&2K{KHa7YNrLUg zyxe#{6d>9vDEv{0jO6NprZ`(*JoplYL)j+K!~t8nk$uUij9wuzrWx_8 zB)jQiK>*r#cO4`=TfP?U+e(;M%l_Qk#=|4yc({N$uU}=@Lx2neJalZgkKSh&jhU|% zWo`DV7yR=`F+noSl1k026a1b~HZ+>1Cog4QS!;g!Z@?}Jt!*Mypo;F}svHyPPRstV zlZP3Qu{wUN-P)b6m-+dtX(Ua5WO?mL#DzOH$b-z?w-9k4zqAeY+Xl;D1q0`A%6lya}e*PsA+^J4`xp-utU zaAN1WqfAFXTQB_2N*mclhpw$>S9aog00mIXePx$-Cxo72-;8#cF)Z@6Bs8L~H z3Qb3<^ZiEyBC&FUKN_Pk8JB}|Tp^`4P``JMV=`)9)4x2kY*&LkoxTiQ8OLz7SLhrUmltAE>p9i@q)F)H1 z2qg3>h9L(B&ten_bSy#Tt_82J)O8fsaJkUH@sRh}FyvGWg&Y;GHWC7Sw+^63W_%^x zSw}0~xhHE3@xqRm3}eWhA1COGjQG8H;lmPOGzowqdc(&X;726kR}_XtPA9FlpXz~& zPWV1(ABwKgB*|Vl&za1s*hpns>8d@g_QsGw)Gm2A>6WZC&JBRc1?XZ8-92_sAJ=vE zjhxcWY79+e$(01W#_))6u2!*0vU1r?E!tCB@79Q&6@m=r?##P$PC+UN9sl{6c#p-@ zIsY6I$X!3F_VFPR>8IYU7&zMQ4FR6Rn?E^5GCqIcgKR86oLPea<4H`+@eoyUZ+S>K~@DdQ)R@@$nLCMG)nlm_sh>n6Rii7G-t@dlNd|l2a^<>1C$fRSYJm}1D zk$qvWvR{83l5&i4<6SIry5`jetKxQ%kl?xo$pQ9tCaj~`A0 zrbEg*>Ly|5zcRuiy1Pf4;Z8h?wLQgCEl2*X;6IPk`_Cr<|NUopzqBMp87XYL8o3oQ zZM(|4v9}>rdE-CKsovpt*Za0UkdVGA`xZkz22K3`!miD2_bm+sPX;(JCdgN^SFiT& zZW-AE5fkvY?&`NIfx;tR|yc1yH_17 zEaEi*&r*6d5SJ@wF~UG?QFrw<5U8z8l}A{C-rcuX8Gb z`kp?>^dSv>jHo#OOY`N=lCHHyorYUR5`?Xr+ph z+qYYPyZ(HeUF+-r6uSGLM?~9zOC7;dNsH7D;WBvnLVshgHNIB(kqLuBITOv|Z&!%D zRz^gEVLth;uy+~JCxyg93)Imh?_I6n2T4B)Utdw9SNm&}Z`=)8(!pT)$U2?B=Ys9nW z<7-TEeK7y|h)bgorl0bAd8<1eJN#?esia!FNkh-TI(4+mPwHessv?^`D8@;A3zO;+ zptujEjcylIMq$6>V?yuV+qJS8xWNwnZu`u&UetX=`s)jr-GI>;sjzMBklakT?Y{(hpYTFt+AP%;++FDb!49+a^?t=GtK*2=wy0Wjs~=BJ4T%IMfC?b z#baVc)CAe1ENoNO*=wS7$arslrW5Y>e`|; z^3sq+{>yCS_0<-6RwatoQJNtIJ$~(mHr8Dz8J5mXK@^{!K#|hl;>~epR1+zmtp7Mt zMXRjdC0^~WRN#pX1kUWSzBCF3dL!6`*q=v_Cz;pRHTJK8GuPokT{OYM{@_)eO7QEv zlw)t5sSTEH?||Z-4ajwy@79*9u(r35qISlh8j%2?1UaugtpuaruVk9fgF+#}C1vLAXuse(bQYz_eBvv30C}{iN^n-SYP(oQ}FkK!!@X>M)JK3nPLj$_zuf=;RN@m_LtDk8;Dc_^! zM99e>MAxl{f~5M!KV$FXb!1(6aA(* zJ!SuRyf8)r2-?q@K!WG~=$n6vgY1FR#q~IKMQRj%k51mT8UsNZfqRrOWNXaOB%`s2 zlsPOL{Alc?=hw2)*D;#}1K${hoi)e#)N^xd$*zo#wJ6us4fkfp?Op`&It~v!=11-F z@hO8dvDfI&hl7bI#&{vDOb1lqg|$i0>nF$$?k)usK&%i@2SdY8&v{^q%h?GnIUh4D zs(~z_ui5$IIhbUUWay9pX?KvhGXfb8yb^LI(e5)_0s5*-iv5u7cQI86w2{V>1xJ=B zbit4xOB4>!E!~oXfE;TRFX}iKBwf>UEohMp(s6&e(`Lt|?Nw})E(MJYXzV<}T@eG$ zp<5EH;OV?8P}~VjBy6J&63(!^JC5vvK!4!*lHl>RJ-Y&6Ai%_Ba&{qW4I_&q$-kFt z)KeDt5^HxIAc8^E5hJefbob;F)#kI5(e@dn86($q1gdN-hI^!~hfNnxDFM|K(Dsr+)4xrWn3oJ+2^!JQ7tbg9O; zY>3K5*}cX}j|q2jGNB(&o`x$2)+A9DeVCKM5Y)fT2Ap**{=;1Ks45 zTu%F_z;5$eIFVky6y`qZGh)`BmA;xxI26Z*VV%VXPVe$DJff!^Ld_>^6_-G=$;^+D zi;hh^P3LEpiVx`(OAQ{fpAZozv2f>Uy_S}q`d~!yNl#*?yEO(;`BEc9q)Ppw9fndu z&*F|V!I22S=z#ZzdqK0*hsxN>%qF?sp?gfvgN&8c4csa(7O)KsD!D4Yzl`@4Zf~Z3UA^ zSFf5W9k*y`tB!T_sIN_M>0~xm@&Sf{Z~_?7kLJ^x)y8|Oh3_AJ`(=9L*S9nUH?>b+ z2ibRlnxhI81}ex4;l+q^MK??OqClb_5z7F&;0W|%F#Qd9<^#8*Y&^Bqx0+O(z2O8Q zyfA?boY!qiw!PS8FVMj!z{Ko_BR__|2$i z)t48YBU$UsrC&xxv*Jbk9}0-oR1DEQi>DJx1jJvUbhmW)fgpZIADNOyd`!^Q&t!bT z|7=1->51;pHlf+eaFAo#2_6Y(Cy(dPPL#I!5ZQH_zaINlH9 z)9eR<=eTVFQl*H~h78T6&3~@pQPST`E z9U&-6V1GVVvFbj3f902fzk-rNpfg>=Ee;0)j217W1=@SHT$V*SgpFIgX-KTRIYP4=S2Jmi+}*!1bj@=)#YyKjw2j8gkZ2 zdbs@k{UM#`%$+*rHL7&o=$ulFR#0aACo>&>7GaVal5@xjw&^kb_VKGvM-(ZOE!Gj8 z1}`E;Yd_oO)k74fj9>+&RQrMNZ(m1IzS;mvHo#aV3W+yPn!n>w#KXx7mS-Qv9;wJ5 z=SVPJA}gjx3QUB~A54QTN7|PLPFVd2xL-qefN&$XJ9`@3Yhhyyf!Z5FteRH3D~vIp zenPe>{WU!=H4=_M)e5$k#xtB27w@U~MM`X0^(I%RAr2i6t&aF4%xuZKI71nL_VaNK zS-TPE6J~Dzb>^8C?d$zu*AE|BhYdfz#k#r*rvmJN2B?dmd<&0$5750R)}B$ps)nhK zz}cjgH0sHeO~UxY+<_LSZd`J~j}=Eec?Sw_4DN%E&H2o#r%B%E4T$f;C`qxxbdsrk~Q?v3W;_{oDu-J_Up!tX^MsitMRf86wueHnt5>h7TvUKu8X zu%S<79}h4;V?QF^+`OgoXX^47b_JGXK30nucc z8K2#jHA(VRoklAfK(2&0_8!-=4OV?z}loPdujRN+Anz)q<|uCRMwGL z&B$FM_dM^~*KG}-{VS;e9d`uQJ~=4SwU-V=%jYqR|DMAXIW_f>+X%!I zpn7dPR%ZT-zdb0)5=&sWk^_x^G}UFl%aClCIFqmYf64ce!{+Gzl+J! zJ)+r9GpRc@=cAreeOUm9a5CW|%aUeJlCMj`_wh)_G>C09t-(6HwVk@gKBrsEg(E;# z_PNpWoIt^2;SV;c;1zEr!Biule|SSQxC{5)W4AdjEX1BBy<&S73Y(&=A?!10A6aMFo zq@lx4B8?iLRg;X<%aUg4Xr%Ns>_k31Q5pcT0q@#MokhwOZH9W3Lmu_wB*fE}7JY~O z{c_2YakIWikSYy%-68hGmYM2{g)wiadAS&}G96F&QJO+Xep@BDAo`Mu9}{JC zNr~P9cBd=Sy7Q^DP(Q!TJQRJ(bN?E~A{;{=7QC8d-uzf@4tiuozpwDdVgPS$T-|LEDb(sslA=SBKV7LOFmMqtBd$lHOHpYV;5LZBsPMjdK+T1(gJ zG|feu?VII5f87hA!nY|dXS$Q~=c_znEW!=AA(TfiKHg?X(Y}>y&%AuDcCD#{1zgmj z@6{fJrO#yza>I$K-Sl1*`Rn&e6#xec&J>7?W~>D_^P3-s_p+=r(c>bEkw)4ceY1Ov z&9t|BKQq$pUc!Wr9&g$#mkGx6%ewD|2?SPcg+GFb&|5*d~%3xt=4F|as)ezJYBvSsI0`*u8KDWH| z{#_%N(G7kY%_SYr$Ug@~KCgRpVsk6*@t!_X0$@0bB5WjsTs4uYBfcj#sJbnJf%i!#$V&Vy-^-xKG!F{J|36O#G`K zXSS!15Ew788^Rdz&djUK3CsTL^?)}|JsZ%0+(9pwjgp*L4#3!e8S?i}(`S-Rk8W-c zgk8m3TsD#}qbwVN>{xDBQT&jSA~(oBj)YLd%!Y^m4G#47q*5Y3;z zeo238Fy&zWMyzVAnuSky%H&F4txp6cainjQMPfCCX|Tuff|=QDOwY17%g zYHz7jDsOseY@*8P9B10^C%p{fR$!swI_&sb4 zt>Z^Ttj_tv8ybzc$+Pw225mPi%#}RG;Ve>Du(W^%22dydTo|5(ILw*8v#to*h}S9F~HsjQa3MTH7d&t@U}l+!Kj+mJRQOZTS( z30(cbuFD(gVSMPU7Bueog0CrS1KAyAC0-I~?EXTa_c&i@$VV~Pp3XM}X!48!7nBU2 zsoreDd5dfQ#Qhvc_15_~D!0A}u&muyb~2vQ8sj#T_QpeD4y&04?o84i_G6 zj;`HGjYr|)dw3s;bg3IooNFB-EM5!kJt+8f7VjKaUHdAcT~F!@)$=xvF33B&$D!w= z3=_jc&>>UVd{*BfYX?HPesMr$3gfwZa!}F>LOyL5K8p;LR+&_=OO13_KTe)_6k#P6 zChulTFL7^sZq<`mz6kM?W5&oR9hL#`dGYpKcEpn}`;OAHPYh}X_`Je-&)NmGmA`=wp#ZTPM&Uh{*+u!E7exY5!6D4_eB=4$q_%rP_EnZ17Bz`6L8zWKlyNCBP+gk2; zUF6F95$>r6Q%+||x@p&Ddc{CCX)@L(J`+9R5+ZxK&Jx=WjG`Ak!Cyv-o9IFx;O*2KE>h(=K4obJ?qMS|@rdSJNoT*<4!QSF zn5V5UX?;nOon4Y_kxLsNm0I);V;W=8yqE`vH!YQ$TC{bZrRYwVcOG8S5-s1n^fmL? zg>zal{xlu&xmF_L>$s0aOoF;_U%erauL-TTrO6t81P=*DG9eF5vjI$N4( zb);o+p;=+53Tp#D|H(>FI)JHOqI@O>C=lL7tg)lo!+p@N!_5l)EA!jCPiPVW2w=|k zGrv6ZXYgJ7(pvS_ z8693))}Ry*N5+RwYNHg$TbH{*^AHM1AwPOfM$iOVh>8o{X(O%8m4j(qi;Q~{w(+zb zirj7>P@+VtvwI#P!WT}OBgw{j_28r84yp7dGCp-=4{tYzU?_25lJoOSVt!g29wU~3T#z;T$UDTYe6dkvZ=^Ya`?09E;%)J2 zaY=dn=%NhpM#UyzcKB%V7Te?d(>KYje|JoJ=+?kxi++xWF9iI@lGCK$W^v7fg*0r- zc>&CucM@*o1HH$|wR{Gr3wZ4PbnTXSwVC8DW)&Oih*QVhrNixX&&uojy#O=MkSPHa z>;Z)9+k}tvB_6P2L4D`!P<8Rtgb8)V3zY4U#BEu&b*MfHk){=EBL@50pmDg^rBBwZ z_0v^19!6T#*WSR$=ooX%X)H#FX|!VzP%QcNT(=~e#))u0&he!zps+^hH+XbuGQY!WrUY0 zBaS@Q2?p7FS8Z=!MEfyV9Zc19YH;NjV5y4HJLKJ5X$RqrfGiQGr}8Hm;ww7Wa2fx zIsTlpwbYtF@6sxxRUb%Pz^YaL=tteErqgkme=j?_=62&7Yj(5Br7lg7HF60#9Ljdy zy|O@PsHRM$?4=tfv~DR>(wv|QQf=!;u(>F}7+#mNsG7DK>q zdL!n2Xc^BXVW<2U!A2Y!z!w2JOX#^S|dWb2lo1O;b}u2 zJ)a^TRG0`yPG&KEcs(=BUvh)t(B!QFo+!WYIe%z~lW%Bnv;}1|YE39|0!|w6RRMvhkOJCsVDKhTl(yl|lL%iNB z=A}i82M3c=@N0|3=%Ho4s;BT*>9V+sZf#RobSiaF-ZC98iJQm1r7f|7^YM&jQ1}Wv zNh`>ua-{eNeNUzba+EgJ3vYOz<(reX-*_B}#1kHK!aafH8`mH5`|KY?b5nJJ+{>sh zE;eLmfV~>{;fZ*6yGCs*CskwV7Rj@!_YJ$v44O8-2ud-oVrAe7u@p=c;BF#MQK+la zq6V%3DPDXhk66K{Lc))xKiedRZEBs6g7R)xbOi}PM{I~}9^I9DN$l<&>7k1ipKGPV z9-;2JPw5Z0anD-xqsPC#?h5T^70zWq1|)r@0h=*Q%iZ+-IUcDbghiS%i!B$7id1vN zDZnhEz*y7+EM+)5o2Z0W)^~#~$MBm;;Q>8Ipy{Hfi=hw9G#7%Wk9Mmk7es*R@t;;^ z!Dm2BZ>?jewRsB1d#rBQ@_LdO!JM}~gG(Xy1*NmyCH9+*@z0uJ3!?dr?TY0x+#2od zoT-{MPGMH+Q(vgJN06@eNM6Paf8Ky`qw-Y9wE4M${pzXCH_-=ZsgEbE4lmHg-X|89 z`31d~w~0))E~BaIJeMtb=7yK`!hE&rs7G7X)Jkv6P|c7vBah`K=&pr^1c|}~jtnen zr=o42T_Zo;anA_+Z|uEgR9suPExHpdcyI^=2ofN{B{+m&0YdQL5CQ}XuE7d-CrE-6 z?wUY=;O_2PxLctGRMoo0-rs5WYwyo%@4S0kJNKRUcU4VU)7Bhg^xg;g+QAxHb=n;y zlb^8=2!=y|?Ss{dMSJN+oiG}?7$wgr$KSMeRlX$07*5;+{i72=?4IpY@5a!>#IslKrU5DZVhB7G>Umh1e$EvM=s zJ1gB$WL*wmIQ7=$RQS<1rXrjwl3=orQePQ%!;ln`T{olcZ9K&25zd4G4-aKbFmzNi zABlW|htqw6J90Zjq5H2d1!nyvs;2XR994S^C1^dA5=4VX!zh&{bWP9N_MY^EAI4UA z7Gn<>W+D*Ns*w1+qbocy3zaITg6oDp2J~X7Um0WypY6ntv>3f14H3WP=enw_mb1#- zTw)UICw0XwsA=mPCgUuxby_4!2%0r`dQkBUEekR{%NR_^MPNrD|J40qS?#u7)k}^d zJ_;3`81hQX_T<4v7)zUo2Lp)=G{80n0R|z7Vr(WKQowfV<%Ik&2(9LEI2+C|S*58{ zC#A0XXmT!eOR^Dn3@G6&*)rzVpv_B7PS(LXmh>5Xkqug$JRTsea&6Uf8l`4)OQZGc zgS?O}x^-m9^FS9?6;=;SNLBsj5??bSg{76y+zP;-+FNNVVEJmymkU(JB{uRsppJqK0a%DwMJGH28J%!j*9ChB@?T3 z;MYUG!^s<&mO*+BAMR?xhBji$4+J-9i*yT(xRFy1R|2l|g#b#e4Ev8O>N=|$h6J4l zst~ykR7f&05NN4d!W--gRjM7>dpam6aV1_gi1oa|4G*5U=!xG@+p-4jH`;e%AL&idmo;T37bWR!b z_U1p}6mFytJD=K^(A^x@C)3}sXzAlB3uKXj_T2(&SjYYcoV|7Or50AR=<>#_KUVG?;5Vma{{uHQ(*_q_0|8mqH}zpfoV?;RD$TMT)-6WC>MJ^Y7qGI zJ42_!gyN8-3))E~#7c!ZMp23TSe0@I73HDCymwV-aEF@lg#wIb6J6mj+(kVeU=tRm z%L9;S>R?nzCcV)5G&|iuZD-xncW`Za(3d!iN1YT)xpbdwx2Zs{Ya4c zp&Pk0`ni**JZ;dIKplU!W|Fh9qZ#H%Mcprfb| zy!k55M=HVQkmxAZ|JO(>sh}!nX9t%<;z=^rw5xCp=>@f?;8fWW`FU~dW>iz>1^89d zag06D?l^E|qMCd4;5!loLq+PYPPZ#;b+~SiH#x;uzg57-;*{6cOQDi2{QltNlA-B@ z1|%#i8&ksa6mO|@J;cVrdC%+Q^UR>Vj~{{y3p|WOj}gkt20a?f*04xD9S}t{q5&l*czFAk=Yw9IQbON%wCE^#s zSo=2c;f&~N2M@le;9%A);)$LN_Z5zCj1AC-kIe0sa4w0)&=X0m@yj9S>g51I@Si5O(3(4K;4p zfyE^ZYfj|G#ykZ}2P#=;OuZ9&K60|>jDw&I-#Gi}th$HiA^Kd@Ra$lE0T9MQ8?RCz zJpYVCuaj){ay#ec1~4i56suC%`@6nVM}MI-#bIIw@R9^*(JcTp*9PXU&HE+iSg3&~ zAVLU;5Rb|Om)~aL8=aZvoQuXzg9qZK&;SG%(vx9H+hRKol-~aR9lJ#B@$=~(XzT{v ztTE0=hFOl;4r;NsrmHA5c-C{T-4sOrI;hxDSF>}}e&XM3DKhvFW$WA;VBMyrw^=C0 zd0qB#&?30pRd|r=@RxCG_de=SXA8TB(Ki&8TsN6gQccL+={mner2Z^qrP)gwBH<&% z{&}M#7X6VN;h$$lAe`VwBB3lgNOotUZ(ZNJ-xkT=H`Ts>2n-xcVY+Iq54he+P5?{U z%oOm>J4l{_DQq{FiW^?M^YQNKp0mspiB(O7?Bvf_8dz`Z0jo3j#~ZIJ)+r<|UDjQH zZ>J1=TAWOLC+B6Ba7%fW!`dhes61V)#5Gyt!d*?XZwaVuMH2h=jEZrr2;W3kr7S!FeY&HlmccAVf(pEQ2*ERQIxZfuAV_Y zM*8UI(SS}uJ67*aaS_46*k5#%V$f5x*WlqB?_-*|-xF^2-<_0~mKuo;L*qP) z5dbvwBwMZAXP#3+(C_K#xnkh4@8ee;#y%S0V)4z$Ji{>IyNfjYKluneNRTi*?zSk5 z*X&D;0tQ@W(z$B9M+YlOHp5C|1!aWOM1uj{RhwK9eVP?=&OgN0W~(A3qGpMBbrMCi zL){XO-{1Mtc<-9{`{-#FcDwRA0UNn~mni|-J+Z;@ zDv|^zDn5jQ!ANqqMN_UKqecSX=ZC6GU%W+m*Y1k1ildW9pA-NmEy3Wb4iyqdmTF)$ z>MI$9pdBHhNC`r1&Tpo6oXy{*L!azmK9GpoWv8|+KdoL}%C8!+*2g}gC36H)EPCHxDATVL6<%uCvYvvnuE4p$Fz@Khm`iyxEFk0 z_8dbcG*aym_nw4#t!Ljsr8d6igqo_icw^Ml(cO+??x1#;nLUNocAN>JbW+Lm6#Jsl zIP4tkk{2YtCabjrBvo_e7g^2$L0m_FaIPJx5JQhFUFS?-^tlw8OJ6k96`t}Z%su`Y z>zDRzB97%{*HF@#&Zbh;Bdmy0Zf!PH*r&HG3SxyQv{9 z6iX4S;@~(2G#10Z*%c-)~eI^x-sen zZ?vvd(O-N>B^I4{i(m5R*`V5hX3+p`#OrPxjZgAVilwv!&4d-d<7mxG6BX&0C?39L z6e!vcVV7sq$bR9)`jG79yYQ!0d6-(uaa*kBFEq^w?^|W7W{jT7Dxv;Klm9NbP!Dv`uRL8_iVork_?( zBHwE4sJsQID)b>~^kz$QJFDt&{*eHT`rhEul67+ZzICzW@m#Gm#z1Hm)WuL03!7_0;z?}oANINZ{lB!T zIXOQ|^0^V0wYFn6ASJh8SKK$z3Qc1^9c;&mIwQ!tlV;qf3*#2w@&K+D9*h}dkk8UZ zgCJhJiq3d77w0>|9t>;Y4?ghX=MmPR(k+vpajm6IpPDu#{%G?QOtrSo0 zW{upQMfG4ggwifNjPN9HC#NLQ#Ht;od(ip#|4RqRSuPZ;}%N0zjtnuhg7FxjsJewJ+Ug0K#n#sT7_jtE_aABkhM8Zy~W z2LIa^=P1^+(l3)mej{AzdtEWBC1Vm}XdbR;(p|A#KX-^B-7emvd zaC8DL;?HXFZ-;5>Srs=_m^g|iI$o3>3_K$$QDUVldq$aDh@t<1M@77%rI?Op>QL2e zW04f>`%v4^o73)8IZedIc5toc*kZNvSf#fcfR3Hlkmzo2S%P073M3{vPDJgSAF$B5 z=S}JoXhWuq_gU^NyX)o!qQTW4pPGSx6yE!Y6w*D0hzvq#@}Q`+CxX_Vk2EW_DBQa6 zf4;P@%g`6<{aL~5hCL(Tb=B*zM8x4(?dh*CBlmos8^Q7e4(hO4UK?4oGvN_HUKm-N zvqYT1LH!NQe&iX&B^i#n=MUVMu&BS(6TR!kdb9%`ANC0dyW+CKoV}p+^ZAQXq>66I zZ7_NT$;Y)?82)=nJuS*L7*Y6YEZzdV5ges4e8}GcbwGg6UbVzK^0&mdbFgDj7`O@4 zSbO2k%61nukyyn?A%uVNkaLQp(9P)p;2C_=wQnQbdr2wT@;fAXoMkZwoh02iJ}}IO zlXI_*DZ+6NSb4>w0y2+5H@IB`?~(P0ZiE?W2JzGwvxzzP?=(0j-Zi>Ku#lT5HenkBy$i zluniU6Zz{z(GCij8~%JDLQQq3w+~t=jfy|aO9+xKf_BD`V~`_dX~jGx+rsDtt5|~G zXGC-;FuUOSdTtj$|w2H3a2I~EIZ>^cNx_65HLQO@{Xxgs^b zKC#~3iISX8?Af}5EO7AyMK~fj-H_=NBR_j$@dq6GGy~w|94x94)|5mNuP`;#CK$6U zRQvZ$P!Rn@@88#PkI@sdf8PWPMcIF^h%ftNt?Zs7j<{3L}N*_vzz??cM z@MNiSWCV1FHJ)jk_0KC&K{az8Pe~tIg2kgLzPQR>v<4|riYv15KQmY5GVjt5e!`T? z*kc?e85Jx9z%|2e#uQIbw6*K#qT zZ{>RF=s@KJHrOXk2u{!>xaA1U{yInCOCtMOgiovnvNO=C?yVIChn4BdXIL|`(s5j4 zVQBw5$@Cx054FnqM^L`^NiZ)Y*{fx|SH-FiUM)G8!Z(LQs-$kBO?orjwtv#S%fKmg zv&6!6%(ZsJAU84ev#V8% zclvg<97~t0rZ9yAu%15rxb_V1JGSqb<}1}bk1*3}{i z1cyHsr+-bDv(Pju8T#uF_~9g^*LcH*=QtV$IoFz$H4FH~wH!B;ee}XnnV8y()ecF-oK=FlZ3~BMMSt55Z>V^Ax`;LKNu&x}N@uN&5&jTM{C8-TV$dc-h z3%lM>xw>U1zE8x!l*5xq7P$?5p`q@T2ADAld^`mKsc1d};(XayW9_HCfo1oy(!zpa z{f;ETl@8yVz21|xJk!OFGAh128mB$ugWvM)4HU+~ca3on#r9Dc)i2zU{Rbq*U&G7y z5xpFNr^@-BmkriWQDOqVp_3xNL*1dz(rTz*4hauz>nO5(&?IL-lg1AX(Idsx|J4tjtUA zR_uZl)DkGqH+tp%F1bK_@2$Cqen9TQ=>>T#Fdvo-|PUCZvLC;;R2O#ww z3N!;h`1b^gbbn!f=&HpK{0K#EfWHFcf3$2o4vy;9MzCmuo3G~yLu1YuIStPD8M=cE z_`bgT8vlyQ==s;8z0Kr=VwxBLt@Ai2t+EBru{faR$GdB~i~c+`f-iWefOc@ksj`20 z-3s}PL7K#YOhNS*o~sjQ>KBWmaFn}pxFA;SiBjklsLQy+*!>3MbRXte_1ATZ&_&fN zhkk+jLiB|!*_oDEW9-i3ri?p<3)*@@c`#D?KH^2X2;3O^V4R;m7-sOMS1tFnWetvm zL)Kb|>Ie^U376doe|Odr9Bd*VV=d<*3WMi<9#mj4_9}PyygvPUWE^E`bGOW4aiw#HD~@_T-+XZ1=kCqRYFBg^Q)^ z0kg(F*u&HlEws9KgY~w4kz3jwL`P5({kN0VF3?ZA9#bZ;uesO7q}pB{jizf+&YS_Y zGn|80wO)CZ8!CpWqB|t8t2FzMwlssw*InYu_3uf?BuiEI&3`g?aHk8=EV-)A0`D#|Dxi z#VFW5^P}*kG6Kb}*sxi1n)ixFnQ$ zDGoVBFcNYB9?5tw{`CExI(q(Wj*3e-fUO8FKAJdwv!S9sVH^(_o`&HQ2uU^YzX~!f z^+RZg(qJbVgYaW47co6uP97|-7ecDgkrcDWUBDs1)w4XOlA(heqjKDSo{QlTXgt3Sbd$NS8E4xFot_i~nUNEKq zh1-Q&hUu|a2V=GqLH-YG z?QCr=jL}E&uMe?fg9e1ZS(g|F8)=b=G0HrwMz!%`N42Ebjm%R^>-4`-MQSD!Hi-`H zy5tRFkY{?C3Mw8<<(b)98b>cKB1%@No)L$Muf?khqlUk>bgZ-_z#`}^{Z)|sn=Kke zf$54jl_fZtL=66OB(&H`&aBg#jX2FEDDFcT`X^LHnj_ho_Z5}=XDbrIMCjc_&l-oe zU$4J$n%*~xer&Xq)oNn77yAJ(+<&VW=XN86e2c0#G3;%qaFHg?whs@Mq=hE!N~dvX zN{4aENf@=Fc9CklQbS2S{YC|)Ryh{5_*1Q<-H74^+kWZojUOhK=biC}bc`ccOwXubGn)OU7{q?*=saOlfs*+tz2wA>yIhPHz9eqV z{EJJF76Q^b>gupV5C1|c%3E#R+ArlWQEX^Ju~d_`zln4%{A;CCka?E^<{fvUTF=}P zJXXHbP^B`BFwyWf4bg19yP{r!d#%6RSi6Z==_G_x@$4<8V%win3v}OrzYw&ZaC&UE z-(?}HpZd|J<`GU*Z`j|dc;%%}Uy>T<@%40sXEf%v96aiMxjuze!9oLCuYS%D)%dC9 zjZ7X*+Yr^{8a#9P<4iAKs^IakRTY6mRKk;dhKUSGkVH+-@FK<9BGtwB=kOWISYW%} zUFmM)y&q%ju^*x5K#rlFA{NXIIXhNky-D_D#Y4) zMQis`^Z&5JfYj#C4y6%$ccDqFFwP6 zz!G@GWC4nn%E$K15|JqXw((<<`=BPtx&8JFjnw!}^`2AGN=fLg#xBA0zFN+rher31 z>>jwj(DG*{UazoW%1q=j+{^5aaZSKG5f$XB41JD87eS3znaHkq1}~7+zU7tNQZP{8 z#N3#@B^uy;-qP$JnIaKtNulAx=yt1ZShL+f-N0)W^CIU@ea|-pDj7nju&m+7rPT2; zTnMqy6Uf`uVJ1aO@D(0w$0z}`VC)NtiswgzNzDEWT;HGV%F?1sAo!)I?Uqkxd0@6L zqroP}N1*YfHJFO-UEm&F6Ct03CmmgwH~K+&>jM<;=eg!Q9YvLPHBh<_Fb^hoH<|4sw?8NyG1@E&G3?-SzI&YWej2RL#p24Qg8tN?vlTu|! z?O+lIC4fRpg1!N*H)l#PT1g(Q26c09zCxOwI|v`3oe%I8s)W9D;L5m$cwy<)+6|}q zX!nfHD!4hC1V~x=bU{tull~$G6oxRHG{w?#FjU!;-=OC8=pf9@kQ}xUj%IWrDZ&*# zT!uAC1EqDO>eN8pNI=01tf@Af-yRzI-}Ks>F=eyJrd}1vzj>vu$6^y?t&sFxolWia z4@I&4_;fqM}NZlVU>kgu|?3tGgtH_ zz+9;8V!Qn&#Td7iu!u`Sii)mcWx5yuX~D_PKsB*afh2>YFY%b7B_o8B)zBmKa(13? z^unI^CsBY2H6R&yp-Ty7f`4im4U<~cHL!(LO+2~7QD%8*hX|a=SjP`)Nbq7TG97vsT3ysHX zZd(#)n97G;-kS{m^!Tk9PhOe$P0@xgLu2kId*)PL>f6X!HA7{;@K>hTdt@Ag>qhO2 z3>-$iFB{R*E%}n;jK+VmACrkOOsu;$In~5gWTi1=s6{d7xqma)U3%#ulh=LVv9$|w zk-Y#BbD*9Rk`Df?*FFtHRSO;9L5`8}AQLQ2*q`}i=_GeI2gu9lHN|MhKtn6SpeZuA zs5a5M|E+;2Nf+6uRwg}4rMGmf$>xrgt3;>{ZzKUc(Cf7e!nLwrqap4qJ`@onLUaT+ ziv%-}$E}E1<$TE@s%L)npq1B=k?ai589c@c6LhE^0MUxLp6}%jB3w@CZi7zOnXva} zk?It`miwnKQWin>XK4iA)<7)g7% zX*>p!w40+l=Dq#cKf!#uexB5IuaY`@G-S&QEy9a@_=9SU0&l zIzn1juj#$|i~pD|^~6u8xsZ1?1twQMiS&L=Hivd4MugXRJe`h4s(3~2(d?j#k*K_Q zj+!1#!CT2AjsoX&3te&*vEtOXT3B=)gImT_CCRT5vQguwMe@Y1JvdN>BHmzi{=A^V zgw3l&E*}N57S2)?kF^D2-69h8-z{^%E(meX(nB|jC#fs;iRE27hzIzHSKp8j5tRyZ z9bqNK3jXG**M#gkP(dLC)Sv(Be|YP`u)Ko*sQR96`U(D>YF#aM4m;4}nM9k5!J+6$ z)A`4<&Hl04*{@?I%3gDi1R1skIbhi6Bd^#;1XelF&r>D~gHCs@kJCv1xc8iG!5XN1 z`=latV(f(9Vo7#(*|VLBKN>bFk^iJqSppt3G#`y%pZ)l zP`18Zg?((U_C)X!$#u~h2c)ngpSGk5QncJ{i?Zt5am;-hwEft5R&P}s83-DLQS3{0 zpM$=_wd;_r-1}CPORZeqXHaiL0@tB2}|zWcxP9XCRHQ=CN}R z!zk7he+-Z+j>i#aD(3in&mIR{n7cc%BISclMuTC$9Z*Bs!XR@IVaqSJPo(cR2&-09 zNazVQmmVOGxY7>2i6!JsUZec;S3dNdai2)EYquAgYq>#(5Ko7Xly={&3$KEko+ zuQ-UTW$uU_#(_hBdZD;5Xzye?D4%=>tbju2rMi4uPa}>9d2;{tmKJO}eiVQfeh-sv zUk$qvTmic8jFl7617)oGNFn5o9z{fzt)-op?zb1QtMK#Dz`7MrG?8l|+!#xD{x9|8 zJ>IriHid^+{)~|-d>-u!QKE)#EM)W% zN3TPv?0M?+XEFBmZmZuD50B<4q-1J?QgoELONTvlx*{jPPBN{~;raJ(3Q6Cec^_*vRWCoteuKwrz|E`Ktv=IDD(@TRBFl3_=1cvM59nn&I z(pvpg3gXs$j}okcOl0o738PndM>V6lFa#_ZBa!kJRg(8Gg`+!R%5P>?Jptq4J^Q(GF)&5a_Db1w42PdGNTT#;d<EMn~%9<=i+yk2TG#_pqI;0x>G}NZz zLutLmdmo;CXPa_fdn+(u;HovKPjA3|kL!8ehWbvK`F7pN_kY?t8=X_j{n*zg!A(ME z#&5e2blo>+JG*R{lkIsH>w%D_7*Fp6gn+m-Zb_wp51N$TuXvMrhsj{P>sF+v7}7;= zcK)Fv@h5(O+*qviy;VM^*Nq$EHAvwYq!2tlb&9RG#yc9!kBf>hm${>Hnqgk?83%kt zJOK};9=gU3SZA*?PJfXOYLpz2YaE66*mM&2NBRbm1`1t^PX*1B_0ajQYl! zWTCf#!f3Ph9UEXDM24{Ga|5S-+0%hik}QoKyD?-c0ZdK~<7VkmfzW`H%;`>+hwB63 zC3#|oH$vrN&pKEK({Ykysdg|oMFr#(ABdw%VN<_;`crD(0CP|@V9!$W7QD{d1AfPl zX)45r!U(sd*dv6vaOWm1#Z zoYKv265h+zqx(39LiKbuS$pshiJw?HP(|DYp8@TP|pPmg?wqX~#_~*um6TPaa!hZDw`B#r} zGxQyZevqrZm}`#OlR?UljX0-5B5d`2F1nSEgA{`0l~0@Oz@un(37wJ1pPCf9uPKjm zDRKZd^-pkUje|4uNNdut{z{{>F)HeM|5U~-M-(vnZAadsa%ak zbr;8U>xE2^Y_)E3|I@c{>zu;WH{&%H@j4B?;yJe=?L}iQ1&j+6l5^u9V%apK(Vt6b z0$&Ydi+-DMzu?c<8#^2KU1#YgjVL_SW%_XJ7+cix&ky%(0(cUX1)QwDlLlQYIK|Jy zi=_A}Lw)e^2UzLlWc%YeU#0wUiIIq15DsQ^I=Z7{VcSa~InMHTSkfP(ET0xVMvRWA zj>-bLq6sgPa7ocuq+*i(F1R`6kHdqU%ieE@0=uF&y}1DGavu=7CImhUgBBh`d4i*a zfDQ-6yS_UdqBM$0&v*B&b-^^QJ-`g8aAh@A&}xDS74rD}{&2H9S40R;Z0mCc2lOOX zQVc19^dL8Io6qO=g)2EYoPTimv@>bac;rqjx@%A1PV@K)iO9Jr=D7oyul!-1Au6=&>N0}4cJ%QMgz(FWIu zWFqLew~i-dS(p-aA+-^zGLc?7Y@|4Bt`qB9#gI$uDNXc}C|bOKF5j@1ymt5Sy}y;Y2xS0ZgJeeCh!jd~ z8B=*}WoflDWELaEIz+;AHmK!lP7*`hpD^q{3;s~x!Jx#Q#Ac=-_l0sC7za45Y=$0B zJyNqYk6`(UuJQd%vRPLMs=xOU-V9FKeLS^Y3`_+x?9W|MKbaU`p+5#Pmb-_BbNbI|A>ITkFimv3_gThHpY0ZU)zKdfaEZ6&cQ=PdUw#ICl%Sqm% zOzld$cTK4uUug6Ziw)nJksCO6lX1Hp>J))Knl7=RPK`fUzP=cUQG4C`7ce5sbF+}K zQzqQKpPp~+O~z6a-x6G}2Cn>EZQr&wuO=f4lZ_lRz;T?=eNP?ni~j!Lu6J}K--z{= za%T9><%qN*kSffwpSamUHrj`J*|*|vgZSuBXSg42{k%I0hA$-GsM9d#)Q{tDq8e~V za?+aPLnYe0oWK)?Oqo~Cro5lHKYTcZ8P9N}i&ewf+b2BP`@`@zfaumOkG$vw_yDgd z*VHi1&-ALGnO?|C{9lSWsTEAhUc+VdgU|u&0LAf^r3;q#JUR>ERtu${F?3_J-#^ww zDfl3J^|zRwvnLbe@E^JU3SjSj$@1t0iVhB?K(*P*#74=UAu~~~jpOhj zRj&gsWM14VI%YJOt5Iv0SwZlAc3-NaE<=xi`q2a#~L~mp^vaoCmkeZ zq{@)-VWMW=oOl|N0!k3%Epkj>eMgW_{U^P!>nkFzrNFa{Nm?Wx`wvtm=$HcIu|9#> zn0PT^CF&z2*#jPlVdp1#tJ+C#%S<)FHqv@;+(ggPy+eoI9!xT_$SK62f}1M!fHkB- z{9QV~zv*#17F~dzz-f8Zy&=kkf3qh~pqq3D3NH;e7!2&B3(^y?2@>eJqsz1)wgjT? zT2&-6@MjHN@uPh0NT;kE=+h?}L=USe5Z2$3`_8R@U2n+oxA3(4`+u6C7Z9Tq5=Xux zHJpN;$gaGU)+`c1o+lxrm;#XB=nZw-9_ur$-T7OBeY(y^Z<6TFWPn~2{Xf|BB7%)cD+8 zaa*m+AQ`P;r&taufqFTW|8HJ{t>XD7gK-{jn8WWyCqkV7p3LTDW zXFH1G8M9|lvIF1j>Yp7O-StnRmrxV>uD%Y-wc3iMmEhj{n)jIYm@1Tug*xEeegM&l zbIZ*C^p-w|;`vRb`)1>xT%R4BlY?ELl@CeIg~T`NRoPVrKE8k>5A4U*Hb<&P{v3p~ zSMn$u2->0U9$;=?_9Z@-$5U2wk76W{Oss|>D=`V2sNjTOPmTRQPJU!DC1qJ#og|3rzhq80YUY@vY6k0&(z^X{3dC9OJNwqwqF$Hmaw#%;}&| zAEcS?NsDTu8@|VC``Wr3L?IS#gGz571JJ;0mQcnYmWt#Z-c&^(A@BQ>2VNiMRVqe> z%)G&=o(}DVPwRidxC6~8TkSkcs6cQ%z^T+MQIhJF(X$ zLy@P)Wyb+Z;r_s1sKp`Ci3LKj-l-(M3#0W0=aN($iU0LPz_usR+%+2LB&fgwkACm` z^~dw*kHa*+56W&zJB>0l+^~NQK3E%(LW5}!yBFu zMp0|2>1iJ^Z>~#+qj<7Wt!WwRtE#%&cO<50a&dB#JgO-cIbQK^Ze zR>T!TpdF^wEUnsHQ1y5;S>d!vJzR4GVwlrZuG+b!XI8-2KVvt@R6ku+Z{3CBjweH{Q-nL}_B0Iw4<@vVY=Q8mShlH!*b8I`%mWmxLzZ4`hf)tG~U-^??#KAY!k9 zgl?tmci$(*0a9n0a8jS(4g2vNte;rt zmkX7}DVPkn*WzQLgAn+_k@}gPq>dKGE*Lf9`yPkOD3l^8%8w7vnYFhLl^BUPPGTb^&*>Ry2u>W#3u#m;PeW9Q?u8)-WZAGOOH|2f&e(@6 z={pI$|K2<*+tEX0e5R!4lsjPWwb^Y-*SM`<4>>d{9)O7=^It)=ZR0b)O~phWGIPrN zAa19U{r1Ds2cLA<`2SWSHAGall01LsC*kAOd5~xnS|VV*R+u005n^4VAbK@SD8gyJ zjvvC_obcN0*6Qg5N%6}df3+7o=juA)>=FCH5mBel_!5Q`RC&mc00m@gxv?>&NERW@ zM2>)guaCWxNDMBAwmd))(JC=(jNf@oBSX8M3&eS4i5#Izne>C+l>!^;uB^6ct+Y#j=BZRnBzHxTfYrpSkSn0y!=P|HHs~cGF?-Q zLUGdUelH9ImD@g;(wJ9)EOcMvFtJKD(kNw@BeO;x)Ed^@aXJBs@9b`{-#atv@a6Ip zitTEyLyUKEckrM|(A0a`)xx1Grr$!ZeVBB814?nlv8e9xb$7knbjys4e9N{47vt&l zR0x@%)c0t??~C%@RLV1}PjW1%@Vc(*KjTH>xJ8Ti4_+wgJwMp9 zkaCm!KPk023H}DM@D?Mvy*fr?%%pvwRXW>-MJ1kXUHhZ{?RsE>ybP_`>fA?yxZlh? z?{HsCeew}2P-fo6VbnnrI6cDWjQx_Z)=nt>xKQO1X2hs?1wukuQbo3GVJIqNs^GOV z?5NJzB(l6NU!aosP@*^AJ{lpY%j0|4291az;`1j{gtLBg><*L_74 zCX0%TJGa2-PZh>y-VH#dS`s+mT8r}(U~=P`Q4y=9MupcgF_sm(|5i6MQQmiir$Fi- zMsdrfL&@_lQ`p!R-j{?fFZrdu zCYws3!D zcsojNMM7H3kp$0q4B@Az&|XcCfxqP&ga4Lq{M!UUP3br8FGi1ksl>47r!$x$)j-=q zJwH)q$c^AOBo)MFve49qJ@qfWNQJ-kBJVXwJ|SLU4aWtf_ z=)M)yyJnakYoU7Hks(2{wMJ5%9iQiB+#rMU>ftw4ZPY6X~^+K5K z4pQ3U- z=gSr%<%w_pyiw8@Td*M9te5d&We}4Gc9x{FjF-B{W!3%teiHmfX&3Ub=0yMP`*kUa zyg`}usi2N28z&2fD&g7n_l%)rm7sM}P|Pg&9J;boY(v)WY7c&^b{G#jOVT&1wYS<$g*x%X&{^FDM$iYEU66-Vte#;`>(Cim zOWvNMc_8Nt9XmIjs%93<*EYUSn%ve{ag*E_P|QkEPBYm1zfDtJHLJsGp|+m24Lj7T z<2vg8(NM-t5H4_B>++ZWnZ+e=QUj^6)AEj!@_P0yK&j#nErIQF2n7pJfdnE5pGhEG z$cKLLpaEcl6A(9kK?@%hIVUWC4mvxRMPv&4L*OEMZXks0nlxD2?1c>6g8JW<0;ZycqKqA)dN7CmVVD0#-B!gL_D6KPs-xZp=w^tP1kWmyj zq_<9-bbI9HT>+yW#QH$-baNMaD6U7t1Rk4u0<2RCZMeWUNiT_nmq*125no@tG8Bkw z#zBmx0h%P!2#ev?O76;KaSwX2vr}&Gf?7;Tq5X*){#^%e`8}pZca~X-LE@#06e^T# z-%MZ}4JA#^&ZrQQD#Mb_C&7`%ljq1(NqQe0_-7jRRlkq1n+2k?zmf=RKc`*_O2PdT=*^qX#cQ zT5VJ@aalg*$d^U-UIQn;ja&DRVFhTML#8__J>qKb_a@M`M*+;1AJ+|HtFK$j>PG(j zi-+NU+t~}?!Zqg_6Cr+r#^5k8ffp9aVhQYJu!mdae*Qv0OG-x!5<%X=6no=lSZCX+ zOCj}aOAZH*+2iRzrRxCHR1T$brebn;@J*jkZo?vbpj^q`w9Fe0il7dvvziHOl;ROs zjWMZ$Ag9*`zn*_Y3L3Yg1QlWl&u2oM%m+J?VS6VT6&=NeiUSi`San;=Wwba%8 zXqas+heV&pF|!j^Z$J-lWzYH4zRTiLNTrNqWJ~wPOc?LGGy(0 z{AK_idDZWA7)%D^I#6>jk3#u}<=d+RVErilt!~(P1-)bsT;52hnDK8_uFx ze)g(z)*V60qOe&ef$=Sv6rvl&ufLKI^^$*^0qbYg%nF|I#D5}{xE=Zl#efs%`Hg)D z3ic9p5#RHGkzQZb+n{dacSd*hRR&-0D*Wn3A6*76DzoVI-Jah9?hD4JlPY6b+bjI9 zk#Fz7SV?r`NgY@Z1GA-a1FQOXQ&6HUAj6u+nbZOgGuy;*S2}%EKFmmTqam!p1bV84 zDm1nMRd0eLs%G?Hx;*e8QXlK6i`^q|zEZN(@Pcc$ZfU0vFaeb}?5Dx#0Xlwpwe1qA z{Jf3tb@Thh*%ak?g{5ck9Yx)#Rd7H_k--0Yza#I60DT@Rt(s5P|G2#A3+oMj@o{R9$Ff3C|AvkRJ&?!9VA3-fnj3>Y z$ss+D&9K@pN(Gf^Gnq{Z$`HMmzt_k{H)&IoVhJaw;CtoL6vEmKXXHCVrN9bW#KaFm zL4a&fxzwHVM3bs3K~dM@RxVWW(}JAw>{>_2a+uTnUY>X;N$I1L%@=1MkCjAw-wTxbAT z&sAe92viCdu*}GEJj(N~ob6v1%5%+lmrnuU~ zZNmGdUhS*X)4I5j=-B_k-g`$y^)+pxDmg148CoR?ND|4RB`Z;Kl#Jw@5omG_B2fWb zl0*rTgEYAjkRUloYLFz7p&PpUO#6GkZ_Rt}T6fLdd;gi4_5I1&;hf&PYE!$ao~Nk$ zL0PA#u-s$Ilk3A5G>A+*dRfo!-|;>k_k2%m0`^7_o*ro}p5U~@wWRT1y&djQs`tzz zNBxBsAAvnU70QU0)xzCTj)aWCpg2N#%4(As_!Bn>GrDn_rubN%aPb)&&<){3#49p& zFSkh$N@%;Vy`XYu4QXj*ak=J01Hc*N>RQkG8LaCFd{Kkvp2W0EHQ#gk`)h!X>qE^u z9c2z+vc&kr@_2&Vckb4G{E$`jB)#%skNDfSp)F#_z5?2XR3d^3imyB?zo1#+oWqDccDCBHJAI-cGjQ%S~X4(HjFbQRn z4M06}`54xQ?sH*W(TpJ@usm}N;dk9@{`kQ`m`D4T+b`AXPVMkp#i4io@JD0Rhclj< zT?l#|y%Z+V7hyin+rc z+Y`&|aZ7c>A-37QO_rOn4F3;@@=-mRrtt(`m=^uyj|Rgr))KqIZ={R4A5%9s59dEh zSANGH9dffdEG1S|6Go}Nq~NP*e0)WEH}x;b6$MPuyOG{cYWBeEn^yt3@A5nuYkV;;8EYKcKlwNpz! zS(-lam^iAkQV&^*5(~{dJO#pBEiW^qytTXpV)TFAvNoav{FtBgizkUi&deHe>A> zhifuxA*d_pA>;&O)CG)Qt_I$$2&Sm$^lpv2hr%ZPfytqewyhh9d{#RXg~%IC_gQA@ zMH=VbuaVpqt(1Dn=WicDirUMkB)h@*D5KOuZ8aO+gtrv+;uhkBW77M+@4?{*0a#}9 z2@hhtHpArwPB{tAP^-yL=H(r9So;Hl3$CmeS*`Vi0W)aW3EBtggp;CWLrWjckQ=My z*(UC7LC(PFJCXH-inMN;jI!=g6L9YjoOd+t8m;h%X0P z9o+*tFR@inz@rOG-R#ntkWx>-F6x=rV2d zQV@MI>Q~)OEt^NWFt(PAZv8}muqgI)5vYOvQfsZdWDLO?^(Ih+u}6i_ZD?bY4#1~q zbs;0HP7?-P3d}VF1|v8`k7ekwa;wb?%fLUokUpCv;BME|hPni0X|ft{to4GP`u!wSbY?JC%4`7 z=f=Q?DJ9PEQLN&QI^GW9LyE>?NvtqK>G}u?{w?d;k_}P^$qcxoK`EALdWwu<*9fwk zcmrRR!8+rsWpG$RPR@yF*e!8R$@3PE)vo0!senJ#vI1!^*!uoBTp}G8xe{V{yoniYWH zSCOw9Y}yq2$02_tgULLbRfq@(y><&^1*f0wjR z89qDVIrSasI5VDx+^y6*rU);ChENBe$$?DWVKmpr*j@3tE1ASaH5w@@%)Uk7QN;C{ zz4>Nf4*`92-r;Kox?F9xMjX*FvrsEAfHdqWFsDboWyd#$^{9BdLvPkGb?H21-uEhF zDAND)d#YodnYwjI%yb?c;U!H|5S&?Sb~PI$M+_1T&wYCrmcaO#Z=l)fVh^!8>}6^im*TpPVBZnb~R|9Kg4I_fjOYC z(!53(!}@j7i)}DwrSYTNNgq{@uen{wzFR=_-|}Y(kV)YC+)Ik>jdn`fH?o%tpx_Pe z8oTRVl=xMmypYY%Q^(N2*AiDqtsjQV*QbY=@$PdOwgTjh_;TF( z>(k$;`o6(I6e-6kZ&v8fVwCr0iuWc}gMd5~Lc`)kfgJxu|K_(N9KUeyg7Kd|s?{iY z%#kMjqpuHeBoIlV?1xK-7-+y?MQ0636Aqf*f@6MEHFN_HB#24Y6=KS1fc*rQX8imZR1&Hb?Yjej7W z>Nv$g-up3^tIW;(Rn9;jK0;BxreK;F8kVYg{kt3nyashT!sRATJuFHNe$_U525U|d7sJyQsoL9_%;CYtXT~~c_XG2pVqDd3h z|C;Ro#hP(R`3=)LE;d%&o9=##+X#cw%6k>M6_F{4^550Se%+I*vb~#E8CjxMN-D;S z+b{mysGaIm1J_E@x4c=r^W_ZF)s0q^MGaDh^%cC&D)lR^ifvvr{D_o{AKNn?_*8k1 z;76G@XlE4$R$LtCmdfUEgDIc-S*BUTO ztZz8hgX!sct*v2@0eV$Jy)>_T*}DyWmFkMJd-cp8lEz&9KTeiD2F!2zu3O>Ylc zCV3F$D^t~tV5Sr;Oyh$$o5Xw6_-cn!<}UOK6p79TEaNPP*Lxh>w517XucXmCwuQFa z8Ix*Mfm_y?773>Y_!vL#!XT#{%9^Yb;ONso8M0%}$cE!~q*{RpYN0#viJINX(hv`( zT2_5!VNR3P1I=}8T92j&T7sd6>y60cl4PPOF}9y086TMmhZ zEi<&E1hVlqaq{MqG)uhy`r#b=zpLM0SfSe`KJ;7buw6>>IWkv9Qc z{WB4wa~8~lKmDPZ{KsIIUym4qP*3xp1Tu=P7V(5-yGUcrnG6~=i&H$Q9i-0b7=$*Q z9hZIiNMd~+s4|Sh-Vd$!ygrP@Y!HkAtVa}|POm8kW5#yNJ>w(?w@K2R#A@8UfUg1F z_wrw$4m%Ey>i2rj;rX7_=%a%GA#`E{t$RL$%Z<6^WEvmNxpsa4B71a^bVl3qhGvIu)*R7_mLt~G~ z)Tta(D}P#v$H%X%nVF)e;*?-%KvE)A_d|DDX+gq1v$BDj_uqP(ZWtN-`(%67(WL*@ zI~!?`^>33^Nb&t|{pzApk5##eTBwXCTfl*Y<6N`i5M4dm>h4IP&UUkRl{ z<%=Rg3Ps^%^aPhL-YJDL#cQ+eqB9skrW^CUF}*#As5vZs0gym+w}8MkF*;&)d9TcT$j_tJkrT(u^y;q@AR)G2KGtvZhCt2P1_2#MU!_~COj zhkf}mln6Zla{<<{p;q&6)H$=Gf8nKJTO-$io{I6O7#KRs_IW(~lSX7}9Oyw@Y$6_& zByIb}&P!43;o9ap*nc4vbBJt#A^QGAoFy~2Ji%fFWr&vKl3#)*u3qfSA|A=y3Vy+| zkwy)=&sQQbgBS-si@%KX$erjf=ue8=EglsEiG>k9z8CHA+N8-ABLg!#;6)R3rKo(t_4A%tTna~bL#yQh5KSHXmH>vY~4&*&|5aM zR{GCXz^S0$3=0q%u*9|!dP*Uq`wbZT`MO8mE$zi+c>$iF%;h6oMGQgnhZyiD?$}fx zD4r>I%4qLbcL-<+I9Lxm5j@ zhsBC@iJxP}LLiW~cD zEAe$%jh%R$i(K;`tIe2@-2J!S{Kr+i|2CPfpP>T5zx7r}SE~KnWcmeJ|HD`F2-T!p z6VN`*Y!+%qP~?2km@Il0`!3UYfbQ~@{a^|4v%UL%7vt$;$1VCpDDIz}2eQ08elLgX z|29(NFF1~11TVp(F)~7Eh3;uR)NVQ!p-_7SRx7 zQ$|y$?toTymjiMa-|w@$uhV-u1|fNNj)hoN843}=0BtXpfP*H9^hxq0M|6k=yNBT` zjl>&#+G2~9*V^h;CHiXg|9y6>F}5sJilT-olvCTaCWQ*Uh+twoy8&fm@peH)@XKz} z#>gD0eE0+Qw0(C?aY8OHJKQWJ&WlS{nF*J9PcqlmcSmTqki?u1>-av~btdUe<{=3OjT9KDW^!uACnA&6-hJ&;N{J*SzqjAv8_Y&)t z6X&h|zSI6s3$%A*Jfs_Ynpo-j$8|#SS<@u&R{~EB*ra9$#Z7D4cHLcoR+pN{q_N!u z`-)CiGchO1f{x2*0y^^>?j6U346-5dC{Pf;oE6-U=7|ad{xZcwCjS+-W8IA88nHwY zBA~Vb!OT}7<;7SvzAEqaC~9|g_XrFEi4i#`4govy&3%@ameUYoxE7?X7W-{X>TG8m z=qEuAj?^Ou$>InC{I;Lcqc?xxg1CuLwCU|np(pnTOGUfh9Wl)c5v`u}SYmC>(WtU7 z=6qX3C%%6=0Xh1!SQixv2iP_1GM(0L5FINeyvX$W9DR+>6ZPQ&C50>|RIT|v-8p!d z<&}=2S_K5p{>-p`(h6pv3jY#8MUF56%^gb+mTUVCXiKF#EHbTK(XrRG-TVdhxS7o( z9=L&5`WPrF@oxs7-7sIq3JXk8tdcGOYhu-9EhfW@f_^c%_q^x3vFrKk$CLGIs6%l( z{I2tQJREZuIl5#f#`C)Ydz+R!k=AYK87utzIxZC4-Sw3KM9g6)vf`VLqgL_hZU_*|qy_@*h z6MHnop7wM<%1m)Cqr+R;mwrqlZh8#H^o}?3p_?#v7{@02fbo@XN{`?%6p;5|iH1&RJK~#o5$jokh-+Z{X-}UTMX(-pCkg`RLXg$g(MpoE7&pWM_r8= zv2^)nT7uCr&<5K4HH3!dQDBbK>_vEcpnvS3e5 z0@v{XBnk9$i{l&Qq5suF9Z0TwaLD`h_L@WZ#cC*b;C0HJ37h|n#C)}m?S=L+jC|F! z&3kj}7w{n=t?zBCz_X?cXiA1i%THgtnX!HA<>T-(<=$&#TJJcBqT7$Z9JBPNPQ=`I z;lT#H(&oIKkP(F1tG3dr7NTxWltD3x4(l2fccBKBRdil7KZ{9aT=t!3(I_2{Com*XKo-Z*3o z$On8`$;}v`CMqA`^Nt4k3XIu~&tCAW&@L%-u1gi z3iGro>6Tm>IKTL>N&fF^QaRBTdL<9ThN8mG`^UHy9D>>V+)O_ha4{g>Y*jy)snx|f zX=!;fay5mx2y&h!>ciA1DsSkOXxNDL-Zy-GRN}JO{Ui~ zo*~3?FO#}^kQLCevit~wU)}iTtHnzstZ(3P9Xqw>)~Zi){x}$4OHvwpZ{Puu!pQEh ztt_KhciHiX7&?pjJ?SzB@z$-_{ds`brTV7$%5gY8ei{jI9PwN!f?f&iI9{M5=q61F z-uAVNqd^%H|3-ixb*9T7c+}&#_rBc=KE1iWsrFq~L|1E3+lyJ!_x9jc?;4c!=AgZ% z1#z&wIZ@PxH^tzVSu$BDSMnm{sPJHo15NuD3@nEEKd*}fMg*|j=8}kO`#GSmAW6$xLM#zDR$VXY?~iN6 zy#DhQGCmH^*?iLkTQ*Tq(p3i_Z*J=T2)kN&|4vYfS4&-B}ud6{B)_w zE%Z1B2#~>sMtInn%U&?G?(~wOB7CoHr4eOW7i-7iAW`oy8dW~MiTJcM+Mw><+H>|S zcq=mXrkqfduu=z^F1R`UeGR>c!}rKn6m!{EFBX7A9rW)YTl6ak=Bo9LkfD+vh8l~@ zU}HjVGoA%;Ew}1!>>ZVr3$Xfgy0$y9ORDIcZvEb`g+(9at!=CYTI@Q+Oskm+Mckj) zatC9tz6zK~$oUmoV1k9PVUq+5^c&!IHbf4R*crhDV*c-IobUXbH2DhwQ3Zf)M zn&wbth!RCvvbm3~=Y#tT5Jj1>JGLG+T?~-7X_DxtA>FcBp|(09>NZcFthU=bp@}YG z_$uad;Y(8?RoR}qb(43oPO@?07OyE*Z5Hm()wBp*eI~OEjq!47_j0-}z2&QM@G)iS z2@zdI%fn=t`bIBTDt(hyv-3fVty0Lyfq%GMl*%)-m!&IM@KwZJlh60F^}Dx0U+;Uz z=e@CFu>Ez!3_5dqBqbx~&mjj4T1ZmQO?00>pGf-v+%cN88>EZRe~oRCwGs@(ww2ZY zkn{|hn>uPR_~O{n3>m9lIO?}e+gRiWZMzvc6t`iGx3!k0+up51=WbejS6%>kf-urF(08$1Uqc z#}xJ0#Y-UQJMiV=G`^3!=@lT@c|?9D_mvra^s{B6#LKqz&((h6fEd5ksDY6+ABP@N zpWY^V(9V{;W%&!=Gn@5j6l)sr9#Zf3{B)|BP>(u80ivaz^ZdTMqYY(1R~nrZ9o4B>QS2e{WYqe7vYCYI8 zrAbd2`|T}~469B^PVnA!;sP3#al2(LavtAt!jlH)kf*yCP}TBq5_)TJ7mIhB@TK?7 zWEL@r@EcqjC@KMCtWou2Hvs7ZUt465y#dp|i^bOBMIGmyrsTN|z~OhJf9ZS^E{;_I zCzG-E#xlFzDjxiq7~%?WgTiifxUG_Z_xWg>qjw~t2B*&CHVD4l8OBy@jFnw<5B#|9 zZ4nU?AU?wGF7wx)>9TC6h`ZQr`&lf3U5`qI&c3M6&vE5>L?r31J{3UaCLVD2b#AUI zUarRNzhsGNibf)Y^%~5Y+~Pb&CQP|n(`gpxx$e4P3ts%(60z#|`n9dG0eB7*CD_ym9*cE)(bpvjc(m2!x#c|F73W$V9iV1LX8F+(iEuqG1BtB$6gUF~(_a@S7}SH2bo zo&Nd@Z$F6#c$|HfSjLQPTkCQpw9oPb6=U*nB7A@o;S7u|e#jGVv~ZOV_PG|a-&0m? z{y&=fBm}q6rzmdA>@QYa5ejbS>qc+bJhC!{l%I@n#(W(<%`!-AdZqEmK&io8cfLvn zNEI=;*sPZKBz`s2PglHuJn`R+;Wp&!xlg^vTcU-6mw%xtpPWHd*+{gA3^D zRc@$d6{j4Nyfilk(cAy=SMm5rG=3Jqg|QwZzq5(TX{eqWy2oFwK-rZ+{_O8P(~m~J>-yGyC(oSvU}+1^=DVYCNSO34G)C>XU7wp zm_fx}({=w*2tHC1_LL^{<^NrJS+X%_J zZ?EzcGkz^~|E<0PG0B&UiHT9XzJ3`(X)bD$D+5*byR`Tkgd>ZMI7X}uv7>HtNorI? zqLw_^s2uWxsloY0!7a{hvS*B*1h9o3d(W7&B@d=FGKs0pTTW-4H$bN~uYZqF@C^cT z=In*iHCa!0wz4hnxI=|ZJR4PkfS+MxXEKan^%w*9I5L>!JVdCa*x^#ZbMCYFW5*WR zOKZ@owYhr-iZB{3#(HSI-lag;Lk{JMXLdtD%@X*8bOoY8qmi$&)!>eANzvasC z@}ADbQ=iMewj_RywgtP=b-jytJTrd&Lb<6=x|_2HPcD zQ+7<)0-L$-hKs_EZCrdwt1IsNB=u@6pFnj@N<{D|kK;y4UQ4)q-%$#o>l-UiZF2Vk ztdT3&_BJ0pc5B-kO9HD=ud#Jwv*VwX7wEvpXBX1cd64+kwRPvQ_r7% z5^c}?5RlIUb~aca@B#Nd-=^`gQ+P73;aSaQdTCFNqy+ ztT(5YsXYlvF7d``TJby!VAE(UK=Q#TNKQpp5~m0{zd>NE1j$%m0E44#AA6a|4*|PD zCYtq8gQ*N1H?>kn-UKcF;}hnZ$An^o^iR9qf3R}a<5kvs?(6&wyBokSpfJdUz>5tL zmF=1Sq@Vcd?auUD1QY>19Y4Qqn{v!bh;j~&tkA5W)#RM4;Jkz_1Kxm-Y`?K>NSyrt zWip&I8rNt}B|OWpYW=466L;=nrrM-Fb%CijaJ_W}3KiH1M*kjOaDaY?CQBmB(OuXp z<_(h`k#6m7;l-g7R5$q27#t^88kH8=Cob=M5GjeYDxeejbgHO*zf=N~BEej!viXZRE6lMuC?L4Lznde7O_Q+$Bggf$t-eWl zo*fq)@n_L&l@AelolamK>OwkZfoJFzsZCF`Xqak#vXy`m5D z)|}tRXOqpCF-X)Wq~t^A{huvA$$>D^xtF;qoXB|v^l_)_WGfFjV+u^J%tt>SfF0B5 ztFkVVo>K#H9|GCHy9OZ6;M-uL@$czJx3%Ucyja5YiFW2InAv#*w2Q&LtWjR+q7p*+ z_o<#>r^PDcw1W~LQblb|km;iyp&P5u?r?PXX@A8h6Z|5So!5e_0zk)lnznHAICViu zP!;vKZy?|2PNvSwKTEohAs9`^dH8|-xSyo2){7yxhE*)YO zpWD6s@NeL3S?s*_7?cVj!g@+KendMSOI(lHdjx_)-C^$%I-aPlI{_3DarOZX-B znsT2?68%h~e#t51!#CUoQ|b^Ja&iZaAk#rwqYc(KLUKPF~_}9Ny1%yXr613 zmfh%}WB*OjRQZ`mTHEXgzTG4j{qd1MLq3Xc3sAZact0nYtU%~0UDW0{QtD9WvjF*! z`Q0NB29tdaWmeh<=T_Sn9}M*DEsOu_`;BvN?ak&OB1K*0z@akOU;9*)1gNX3D2_?H zkG?kYhe`Ny$~f2X;ri9}R*vOq-`9pQDZJSpl4Ozbj(G0JJH5~6v`nbNrAV4%L5YJj zhsuLR&nvhnYm0mAbre;W-P^FH=J74k0{r1=kL^=$HbtzHq}(VmC!cc)dS4w}6C1#{ zenlg`DxHoQ>-Atx>2Rh!lLTBFop898xb|&}5T5GBy~>G(eUc*~xsq*vNdQAg75BOM z=Z6tLiQiTsFEl-PM%Rf}#D7Ln`Rp!y77Le!U%V+lFjTYeU<;s?@daS5Y|f-nZ(I|h z6wb3Y(qX6e-`3uTC9%DYFu=8p3+<(~l?#GQP6iXMwzd<}-(^4_hl*J;CO~acc3zd~oPRQ;)Vfw}fh6o(3YO>;8-CZ??Wc~eX825_03CeG z)sJ>rs=;HKYmx?OnP4GF9+ZAP-`Emk2BDNu-d?mdwqKCCjmE9UjhL1c7$w+fHYF{a zZ7uEVmWA=_pXcibEh~{p;|By8+_Lcp@NZ4H;ITB9Mg#$!=^IQ2X4&HBdIh%-h=EzgGQ9C39Kj9a|X%x>T2UZxd5c!A`!lXt{np^NFJel@}71|={@6} zd6Sj32_#s~o;sP~@x+NG0=5!syxO|-(f#FbVr!o`_Iib{Y2fFJVNl4aH@4zIO;W)N zcXZ?N_UAdv7`8IsSQ81xK;(K{&u&=(B@PA6v+PY4xQy3^fSC<=dbx9lZ%w-zp9KCztc|2Z7Vl4 zDPJ|aWA|U5_`ljJCTIb_`0|HZNrEqWafrv+7!hEBXciuqeMK*3jZ7ee-MkOO&k+?m zy3fhVE{m_I(ArI^O2w95tm)P}9bx9t&K3-v&2sKv%~pSn>=DCjjnAqys+H5KbGI0iBRm|U+3y35as&3Q zxuVv@N@OWidk|ss7#Hn8AdYqBPHM3qS>43Ib^*bhh3JE6yw)%UL5cE%bzGRd2{JqS z&XcbBR4c?s!B(EKeBeyN7$exV`J+ywn|>qpu*UL0)P45W_Y z3UIWE9V2S%06s{27L^wx9XM*3dtKfyYY@>ti5_g&!UfPox}v5!{QI??e+p9Gme*Xk zyk{OzME@E5_7^VELo?QPkxl7gwcZ#wbmg~tvgG|XOe>g`esyL0M*n)xS7fh`=aVi; zMI6Lp=U>nX23c3ADs?|^E_}g~d_eE?i42{d!Z|9j)7HyKg zPzq~MNv)t<_WbVH`Y}MTapF^{Qu}(%wRO|XtP1p$4i`G!jW1Dif(^nJQ9v7FT-pOh zDck;mcok8$m+A`P$oJoKn!qvZwPG%oKHL9LfaNp~%ele&EjM_#hi&n2XVTMuJChb* zDzYlQs!6CPcK<7#U!8otG>qO6WtEMmpU#8lMmtE6H;f16#V0fP^rPRs@He;5!5~Tt z`f?E3ElHhi=G3zX1^n9}!YD-gKe&MH=s&gv57S^VxzFs-a(|%!+?J5t$8Qh8Cm7W( zV8bP<15W#Q%qql2NP_LuA3#xr&Hft9^L$XON)_f)co~C1(&&Y(DnOkd#8&o7@zCsE z#7LkTX|xpIyfcp_YB@`I*t5PeeEWlnNTYRxU>BNYk*$tCY;l`at|_c#fzC`pB*f|~ zNlioD)q9tXCDM`627q7On6;`XN5 z>PAvXQM`>j)T#Y!!)JlsDBL5`^Xa5vGb@Bz>nTeRxs44P90JIO>Dg@HUG~HUhE!F5 zA+32=kN5k_wFRyeZJrq#xE@;)a-Ap@TJP#u|59kw%Z0ok(w3oJ)b_ZU%q-GADhpb4 zcBvs?7xsr>_NnOrCr~JHhx;79OQkK%i?2rqv9gz+TBA=bys?mel7g1iqE?NlyN2DZ z)$L4Ir9Kg_NpHIiiHsChL_u}iiRgd1r?pGT$oni|(uSf9ZhYql95)<(L{ast9h;{z zLZm++Vp*sTfvg3z_xTy63^GbOlXnLr zaapphJ7NRoOG@bcg@(0m*??Ga%hxHZ(LB-sq|YZvOiOpVLNUYmhOG)^47T;5v{4Lb z?_-Ol7Wf)kH-{xEHsLaC1VWFu99q|2YX{=b-Fhb+D)qbm5IeEIoK(RiM>h<-Yj~wF zMKLD^a2Esa6~X$>rwP?~N;j%rWi6*wZU8oY19q z7oF6Q3)ml*C2+bygn^ZT7Ei5x?^_|#7`~l}bz_OG%#1=DLxbmBK|oyon^!ppr5N9< zhh;pGt=1vBhP0glVuW9kx2QwQqp5O{duA7Dg};urklW}HOqwdGcsB9=#n^=zBV?JG zF(yJl()de|GK2Tm;lz&h`QL-l&iSreq#6YMd|x1J-l5MPg-BxkCBGmUGEUPJ*Eg(# z^sIRAS>SZ%4OZOkh6xT4w4ofPTnElkG#tI^2g{qrzCqGJzggdVXkxn#N|3rW}8d z^GE&~Y-fJbO#laOHM|;&r2+?1fx^KzsStRZ*N6Q?^JjVi%d;;%@X(K@UK(pHg2_M+ zz`|QPfwxv`0)MS)Z z$jKgSdr8-Qx1Ojxx2{`@Bzu1S69p1E@!kno4+?Bt@7!1yb?*{o@tXFMcs_As4`KGW z;pj8{`@kUFOV;dqF*tBvz!CF9U+nI|dl&b1nvp5RoxS6-z=AlaelTh)=c8F#gLQ_c z(-$s|J8`6ZRri4_iwWi$M$!DV47NBbHeteM*Y>7<7AiY;EJO_}i>!U^iAfYVV%56m z+Pd&ch#D+t?;w&7sXUxapz0w}Z5fE4G*KpqI6{jr`|3G{&g;}6R{b*qi{BmTd(0uy z=pOxA73TJj@rSbrZV{U(UROA;=1e*i<=tkgI(PQyBVDva{c3h*}$tF=3QvkP;jzB9eWvGb#X zrn=)#u;*du<;G+Taw_8SzTJ;3x4XA%i9>s;s#E8+i_D1ZX1^KM{3CkTWo+MV+c-ZA z3c{hbitBZm!d%pF2SHP<$d5Ehchb(wo)b&gQh&(#vVB0RvC}$bl3J^$dZ@8Xb40Z^-G`IF z_1ZWtTfADB)SvW~@+Vn0Q#qVn&&Ol61plYIPMw|*-{S+PsS})OZ~pw|lH6?J7KKZ4 zWWj$-pN6yU)kxM8j>jBROu(~c%;yk2Y!!5R2Qy4}rb|N0uMGAl#7#i>tQ#dAY# zZ*Mh+Rx6G$&oU556Er-S`XI&+!kPJ5v~>rztfnh(Oy;h#v3`Fb-;(S?f$9d>WM^)~j#^mz2$dgLUeQkm1xW z#bBL;wNy68)4t%46Sc6-TBF8~qcXfEyTj_`i_U2jjXEn zD_wrTw;N`SIHDtmv8y|TX9LV>f+Co+DQ&ANx}{!WxL-uf{$%egu!Mx2&N2(R z9^F75E_rNh_cQgTcKjyH6LY?GI?2p#u<;K-Wq$isE9olTM;aqn;6c(fyfq|>E6gEW zOAu;V=ws!VJaXQ$3a_`btvfZPH8&Zm;KfRg{JIaU^bsu-NH<2|n4!qW+UlqT27gkg zAs{&r5CnZk=E=H+W23!DSVM&=7Dw}=)ata%fTT^U^2+#ZwT&w(*#w>)?3}b3ya3{9 z?0-tL;?Z~&9@2C`DL*d_GxO%#5d)>ytE2D0IE-dzq=!5|!N?;R%Pau<4g)E18r#!{-w=F`Z4?)nR=D+ z&jvOQ2APW;|E0~@7ikE`r>zEnfqN@ctpsiHXvMu#I5FT~ zr;8+(I?hrA2z=0|l_b3W6nRUaY(Qghr-zr$NhYd`;?|nCsl-HPW~TfNjQ$OAen!TM z*$YDA_qrxo5uf@cC#7z`!T1P0@y3O&D52Z;4R|+fZcdpOc~_D@;gkfP$k6HOZ(`w- zbrTH5@}!OBf>{QPj%wamr@$wTI7i-Jv-t!Wb*HYdhk=#j7XO~Qy#e8S>TRWcrKe+H z%2*YF5AiGj$1S>h-&sqra#;tYq)#|uYS{1He)R4zjF<#!)4lG8T2(LjnlhY1Y|;3H zrM4yiPoTN4W8*fwdOFp!dVN8}?73=SyM~@^=_5HAu~OPhp|vhbEK5ODWUi1Nb)jzh z^f9mv{8{pd{qR#N<|2l$i1z&E5Wt!bI3LWt!c3k5my1{&{GS;c;lc8`Yj97 zYzTW$;xroX9Gw}QcQQ#Q*~DY79<#vXjrKwJDXaU$mcNSE_0W@Bd{8D<>RKTrtvm+H zhe!gA9Sk#UMbqS|3C%;2A`Snv{K5ICwy;LO#ZXsqcM4(S%g=N~RYVJM+vZhGT%?D7 zKDcUvJiy|Br%V?M4j|*3^wV;%L#uh*C0)pG^JeE@e3_6j{fS_-8r$YxNt7MeJ3BHO z5c-8#Ba@*(sxv{OPHVR^9oI*+Po<{)-&A$s-7wo zXh0{nuKANWCIaHCMI?{f$ZPg{mO#arCu^BFQtqP$*_M?+*05L?jvBrbx!%nJA{n1i z!4C9E=j|X|i12Cgpr%ztX%5NuySv*M{yryw1skG0?*AMj2;Pm^zhDGe|rp9zGsFE(0s6wb)SKwdd3S&!?!IQ^9SV z!R+)=aY7J zpO~H7%H3q1&a$6O)sA-hdFy20oH|?F`)uhL96Bg|v?6`j-O~CjSk|1|R@r>IBMfsj z9S&B$M*Ysr2NlTH7azVhc#N>l!&T+B&wfeB7JPKy{F-2H{g|1{p$izfgrKnF0_|M^Lu&_` zPjX)`Ok~BXr9`l2T(5#~>9-zs6HdQqetXBd@2I`neZ+1)OT158DEIZ<8z_4^8IH`H zo$J-j0*vj`GkSIw#J^my3!ZvCtv8j7%kI@BYB;G@{tY+K)7-a&RKNCwzZpxf1?STH zkLTCIVDskz!_(h{f`;vOrYqFD0J1sGuQFR$`Ul}RQ9PG0JudACJTun#nEmc1L`}>q z%{-w)#J7TXc$ys{7=V8n=)As=p0LTItDF8Z(#wg7>sHBgO?8M>c^TrWj;Qq~XMt?5 zxe%WXeGoK^CXN!x2v1tQhR?2JzT`XAXmLF?mKS@Jc6SJm<2a`LsElVO7qk7ZyBHw> z6XmZ^^t+31adrD*Db_(Dd^4VZ^LQ%BEI0E!ViC+lSt_~c%d%fa3|+z# z)`|paV6Nf^U|_;gUzh%=bwT6=@8i;!W4OR1HW!hmVdvQEQ#m4FAo;DH(n8vBUw6;> zxq+5bHAn%UT(?R9v8UtOSPB$6~oU{{f-vvO>=aO)GNK;+Ol@~SI?GC z&%CY7-!vwwWv%+pA2QDu)s`(9`|d$J_9|Gzim7JgJlFbE^s)!xL@Dj_fV?~ zP~?zzDsVmC*`=FFVb+$oO=A~K{49g&(fiaJyMr0bC8P|de35GD56AE5P!pa?=R)vP*&;C2A-Bq<+gzR1qigk)r z?(9fbs{hiCk;;3o^uNMJBQUJ)7WYF)+LZ>3XQhkl2ZvHPB8$0jW{wShNJ->pr2)Es z9vd$gbHP{PMGTl9JNkUx!46Mmb6Ftdp2uPQDrJwaB(a>6JUUz0v^#69t!oS}8vp#e zJ67!=rD7^&cdfgf5DL%awK?*@KJjkI5O0(sT^-}fJR>|*!(sKC*K z$cs_xBteo;LW-!^Ja++jTv>8jgOHcJ)PmiENa6Lf6Nl0x^l2WQ;~MN$&@DVabLQ-l z;BP8f@G{?ZBsmlNkgANO4#p%B7 zBDK(Ny6W0dA7u=^W$-(Ctb5}CoecG^gktEo(?TCfUEFW+y7})PZ@z|ShI_b$w8fVY z5Rky-OPx~n^3!o_vscI|yCj z&u%JK>+_6MsbS2=h>(a{?Q9%AS0GYvt;Yuo5hOkGm zwfpb+-qN!3t*=f@PHWq~i(_A$>jK`1xiMkYf_#i!>jw%~*VZRIMM5Ux@LcnwyL}?d zR4qQdA=+!aC%zjnw{+x&HacmlDVsH4;#NlNy2T|jsY)fTTt(AKv_Oys^+k75t;qpE zp%hz{>&?|gI4&VEE!nHpb?XPw7e-JoFe(Gd60h_);`dAvm9ih9sacZe{b8;}Xnz$j>pj^X4R@ zJWGY^?-qPRr1?W9L~@MQn zQ|;R*c&VWXNJm> zGz-`w(T=sY*G{$tNwn{sa8|z>Bh25c3Y+b71crSF7 z)R#1^qw$Zq_e#Y?(EH6o9h)fn!-21#atalEnR;Q4Rin~C;0Sh;OJtPV6357s?Er)$ zJm`9pby9d1^bhmR?UlYiRFsZ{*5h^;zJr$WmV9 zI%~2Pps|~EUceD8*3Wk}Mj||Hdm^G=07~$|fsNwaVKj&}f0ZCyg-9l>WqI^PYmDI5K<6V0-sDU7P-ziqtTa$G6!r-GMd$5CfKfbj z8O{yz{MExs2N?Gu#2ZR$i(bIS3c7hTrE&7g^w z-&*wXaZ_>vRnMI46#l?f&9O7e5D7BzQ_G%h1~zBC}j{|(S}(myV|8gQxZ)A$}d z^rl58qEB1Y1#7SrMG^VGe$$_q;ZTokf3o&RPg)-`73=`!#l5$8jfHLCZR%W&h&CKC z>EiZWVvh9^126z{(8nj(4i>e+jf2V4cE$dn%Mg2|q)b63Y2i;YP9s4@sV2cPt}ieg zdC}QnwtQ#&U8t;g&P+2QE(c{fH**Oyyy2nSojxyGq?&>>K*FN=QIC?&U=3>?uMMjN zCUS3!v|UE!TV8jr&xr^<^}~Y{v>EEq+!yF_*1ccywxRg zo3OkO9nr452NyO^E1pMZ^57XwQ+8Y(zK-cfr(PiDbuI#RcYgsFeujS$17t>n4Wh+6PoZ1vkNr2tpMuU%&ir@nbi=9`_B1G8xl=TUvyy(;Kt z$#pwcm1xvl^>FcfsHhwXu2tVjSi{M;Xw=ed<*l|f+NTb=vEURI0gYP&Hw&~O>4!+j zA|!;1Y;vh}?I$>k4k4E#Dv*~5;}*$~a5VPY&8ZCE)O+>Ym1#R9b02ne36AxX$X71H zwgmu!vCN-J3FRx+tT$MkJj5K2lWJ+~<_zt)+Gf9#-j3hv+LV2KGCk8%Z=m;v_-WaHWe41qGBn&qzFEN*#v zS88q(liL3+?iA{RS$=mNw#|vhR+HiM(q%QeqWZZ(MMvx7O2zhD&3P*?_;wp@TU)kD ztWJko+kDnh?j){T$k?hV4{1P31pK8Fc<6+BOSFGFpYM{|4W&=&*|^HZJv^B*Hz;ym z+ZK$wA=lW)(BEzwtFo2!$xFQr;8O(a zn_?AHa+8{Q9AoG#`NjtX7Z?2E5~%lrv|CB}3cnm+V36|>k~{C=aG6LewkY2CX+7UN z1!sL43Ep@&U)*|lbdw)T;x>!<&$Nm7bldSQ0$s6Al$v67dK^tW82Aai9)e}}-0`Br zvRz+qIE@qASHHcbRP7pn|Hh9+qqIkqfdN+hv_05>X}h(=G%h9UN|Gvqtj&XUeVs~X zpl``wgi}~Ev=5hdgBh3yj!@lrv7Q8565t?+S?-H%g79rhUQ+$EyT5%gbvioJZdd~@ zZCcF)y>~iKbJ`pfhtM{;ITh=eVvTIx49-HT+^-5@Gr`$MLrRJk7toDGM*9+Sq1WWs zSv~KH*+o;|^Z}HewGY};gen!_Z#&!{K$IEo@yi+6Zc5%6risU==7+*0i99=FwwB$h z^B^}tGZD6d%T2I>cYCNj37*I;Pqgse;|(~if6m&!Hu8)@Gt4^0WKTOCc)dT4`|I@? z%iiyp56)zprsGgB@A=hEYx6D^?tf8xFr7!yUKF3V9LX2n_Nh1Vx!B>|+E+N9f9_UR zbPE6E5t=G$Z7jcL+q)&klR%Vg%{%a^2g^ewjm;oQl90k5+)i23XV;(9u^0p&WQ#-0 z@U11PoBnh3V=+~{Zw1zaXHAGX-DvX+BVRWCsm{)=8Q$ey6uC2MM?oXhn+G z$1+QOnv5zq^v?~!=F4O|3gsNA{=W7+VNx}l3>VmiJUq;7oD$n^XBa*o2t#$P3JBrW5Jz;xQ1 zALg%rEo{CaP8FJG-kYeQE5f|}tZ2C9h&?yw1Saryoj8t~hYr|*;)S>7LP$W8uv{u1 z>y7q4V*$4a6XWVI=Ai$O(~ewtzS+EQF>`6t50FQ&TnA(OXyyb>s!C0in%VNeaJJ0r zD6%s^OO=IOk2Q;^J%XaUH#%Mj8UIMga@xgq#*(Qh#5sA`Hz@|f_F@4=&HpJeK8B`a z?6jK+$dCDU>2(=T9dmJ&<8$H44(2G`1P-!q>~FZ_tnIB{y!R}rwwFGUt9n$!Ib5*G z>oE@|Iwat$wcWqq-6BdOO$B++T9AAFzZP2m6R7L|yHn~*>#%+bQGwd$XHgZyZBZ4} zT94+5IW?XPLl$c{M$&|GVAPfxEp%=;lVduC zp>(qCNm-1DJT2$bY|C_oLa4EG7$t*Q&t6CdqByuMLK~~jff)Q-``6n9NY-F z0~{Fl)`g2B?gk$S8r}%!ZW&aRO3HXB_s+ViyzB+OjP>&>;A%8Juj&r;uWGZx`2;B^ z#E@ST%3;aPSXbSsAh*7jjqSe%zTnFWL;O|rOShmaFp{H)mnI(|qv4P7EvmB(@V$AB zZ=+cyK7rx~XD^~?kZ(qq5`8!7ePTkI{>K-2pVl9=JY&J>V+6fafq#0bOffTXMj$u! zB!rLfB;?uIG-R-;!r70?4a0Znd|EOyeER0zaz1_bs;T*l_;Vrb9&yF7NWbgh&|Tn{ z|E~CNUo~!@oBieiN6#wu8p!VOjMWz(%SMA}qW^Ws?hih#m;St$6#K9}zu&^qLtm*7 zi_d|5KYv-DwOoir&${wbKD~Kx5FSM7gYuk0>L7P3dlY}@>LY({W$l=ewi{M{mJTjT zDP7qePpWPd|Ad3}-!?JDv)-1fpLcY?W!RjM_;!X%!)`=^wtCo64|g2uP|tkKcT-kD zGh%cl*F!U?_b+wSR&s`MBlNM4C*R%d)uGm(XrqAV;2il3#wx1@c`t`uLK(B(6k9`r z5qSo|N#!u~dB_hi(&*@fek{j>`R5swO(=f^y`Y9ol{mOJIgSXVaBKF~vS zj#^3194xC7;n*JtzA_uajbXew5~b0&mEKOWjzjlYEb!#6+L!(ycbIXofAU-&y?zYzHCNwere>vp%JQXG*^D$x0`SGMoBo(q2=gJ*TkFk) zp}F4ReKst7{B-Qyr^dXhCwkad7f=ve`8`{CFBUj`E)vh50ZA3jUKHa=`fa z5vCTW*L!$2S&L`f=uP<`NdMC_(#=Kp>E^xWO|3mEM1VY56ZVj=sQLHDia#4BZC|7?CQhNETKC?~Jrs7FYr^x`nZL9-fyV%iD4TAN%;iwG5<3QXLzat} zhMz6&^?HYEjp5Xqco6d7$p~irXAK@UkR7{-*V@F zAyB&Y^Mm*-v;4)e9%?F2yUm>5T#c2E{XOeWuS%Tv>Z(6FF@Y7f;(dr@gRT}?&Q@Hf zjS776@eR%KjYBZS?yB4?^IOt)HNRw=XzZ-V(n#sE%-*s z(}Nv7?Uv}9qR#^{_>;%ZO+iCQ#fz(aAi*XS^UEB$%eg;|Ug`@CN3C^>0a1w#Q8=X| z72Urs@JgplKVb9#EGP6Uuy=5Hloo{&gU{`Hhett7Tag)H|Gu1LS{~4Aa9Js@?)&1> z|AV@C1D+25BiihM{c$)Nbuc8V9kQA28|j{5SLh_c1dO5Me^j3xy9>Ozo$>_NbK(eo zT9WS41M`Y7G7l84b|jY*3geQezj$;BOxXcES+Z>%#AmJ6siz^5zkEmu$rb#?^Y zUVGQ!t?!uU?g&xcaB3!gXEywocWOt=#{sga2F2<$`qKYjt^dT;;JeDwY2h^7GK5zFEBi?;jf#!9#2gi1uzIO>C`|AU8Ddca8gA3e>H zX9V1TbDN?NM)6tP0?iLyQ2~NAZLwofWra!~yi~1-XZjAE%~pZYsG$`+KjQ(DK_HFEDeOej!S;wbiNReKxXSk# z+?yeTE{z9urW#Z2WgUMyrnh4>IN;k{`~=}r*tCkfwJDrx;DUU4t?_Pw7AKgklZFOaH+-1iF72 zT(i@40Ni72AYQs&R(M=q78Y;bk$im9M?kBiK%lFua3em2ibklV!->Ge|9spgSRSvW zIZT@X%e|3#uWB(c)rU@oZ}0Qsz>M_kmtM^?-(}U*8()$HB|%b*4>L5b_}29AR9d&z zgYr`vxf1{KTBkJF-XFF+RyRxR1^q=accV7qPjVIG2~#hwc*eWP3?BT)tWWHE?M1FU z*Oz;0QvdOCx6MSu6#DSg@A_(TUFnVk&xpC-Go+QqTeuM1$d3tsy7ot#0GE%$IdI@) z-N$xg6rJ_)MTdv-~@C+LVUc4BNXHT&#o&NgcX}T~E-gFk{jIH{r zHX~e!eiUW(j4cKxBGQo;p{7QVxOip8F>83(|G#9Mk~0vnq&6k+*sK6&V04^r7>1IbtZALqi&U`bpk$3>_WXJyj+b+V;Hhqzf6(Pz+klVG;aeqE z?ddgMR{6Tfou2;t;#x(P-}MXfo{gUZBiOT9SM|WLAY5OSVl~^5hP(dq+oGuJL&86h zI+gbc0?llEL5$I^qPO6~<<>5MYQK5Vr!LqQHFOWJT=O--ulBI&C<&QjpF3~t!6>vx zE7Vq-uuSpsezcA3A=&A@8-C9u?;qyg0_eD~0k6FxD%&F}frYbK$T>Me zAj2xKJ*wzN7Pt9s)3r1v^7itWwtVnYQJXf3dhCE3M!{Ly-?oCd}q~NdtqL9ntU)Fa;7+xeQ!B24it#`PjC%t;!!B`v6_+*eSFcb)XElLbZ4702Kt3WqDsUnLHSGU9Y-E4 z4A&YnBSh9#!?bZH7@a)9L8DXN+mD$-De;TrGBO(-w9hc--5rwJX&>bz<$~;*APU~ zN-V%JduQh2b`vXe1ISfwg&z%`aBqMI0Q}G}&n+6;`FdinKfXH6*fJq<=u6by1pw>2 z58vLeW%9=$;Y)qlQ>|tfyAXB3kj3|#GXXMLdy-_A5+1O?C!C_dulTshVa|;q*yVLF z$nbhM1FkwPYAyv1A6+}%yV!w1nEe^XX98`Wc>g%5lrm~Vr6U5amwrHy>^EOHGl(yf zPrGgJ77=2g!lb{=E0*j3yib2Xc=?;t{^0FTntLqVP{H#wdinI*uuY|VQSX5LW;D!J zr!KZ8dG^8X84}U&xnU_MIu@ataKcM7PRZ=d? zz0nD82Y0fN-ms2`ZNMzrdv{{NVt~j`2;?lWkmyEYuUP^pKV)Hup?##Cu(iehwY%vZ ztcjxuL?!M+Xxf(}pb}idJsN6-u<8pt8J(~YT`>C)xsgJF#gCUF8~O^Vq;qX~XWHS# ze#dXL|-^2~-#^mf%ZhAS=-pG@=*26(msxLhw7W09d<4=N?WMf~#Wv~?(tlZdmRwh7UKe=( zPiyaOdJkyr3D+z9%i8;2`65b%TE29QlG3rpGg0;?%U*$eSI!1qRW=-9L(DDRBqW!DaYH)z! z;Tcv9fW8f_o8rT3nJEJ zeSG5e&rV`bHRm3y3-oq{oeYJceb%4P++z)$Y^PBijeQK5vU)#`bs?R?F7|_qH3MdEnk!@#D4|`$!V(3a6ih>yY(|Hb!=@T{4S?&)Mcb7bx@HG5ORJN&O~_Je)NcTDC|ha z43|4I7?IA~1N5a7E(cG?xy^t&3JxoL+4HpcJ3HVWn2r}iKEs4n-Xy=AY!_EAV-o4Z zxLfKHkluj5QkC+e8?PE>2iElZXzR=`&1aGRKEH#$FCX>`bf3WGBNRg*%I)D~xnDI+ z{2$gD@AN#QRMXM>R+<$L8pN=lkT$|h;NEyAbK#NTGkB5oOtgOlDUwD zoaNfb$)lzwAnjl4TO_ne+^?`X>S5QFBzc68Y3Vf{&4VMVHZfr>?qmrZrKrR>&~x?4 zKB>NT_=ZyQfwTDyeeSV$RPX00^Bb^6fCsaDU6GyFQrC9p3=jeJzs4;tLlc;G&jh!3 zH;=`MM)^8dr;a6$j2&=3VSiPFEyTE9pl#!WGr{-0iEBe;_?Pf^K-jKvt8(JL_1PBu z+qzNc!l^@xv(8S1`@JHwJT6uS7RnYf)RL9XqM1+ZMyr-Blbj!BKM;!u+|jiiJJgS* zVws>8Yzne(;HS3?XCxtFMQi}h(^+r+X#q?u$hL=8THTONwd#U<^%cjud+Cn$sVsXS z7l~n0wMaS>g`XKrxB*ReyPi{4^Um?`u|+sVth@*G2o59;9nIbKx1DEw2V-e@WAE2? zkbC*}gm~@#ybia+?z2Uf31O)@kmRVYPy{Dxx;c`?rh*@>lt&Le!Xe zmU|m_cz;n6oF<4jWcA}ZsAgUL4V!unj;+8t=H2o*p;otHJv{-qcbKl3?n_LjjRV5C z@{F%Actr-qTwR}VXKP>KInG&=2HHqJ$c!^~cy~KObdn+5kEatpQVzS=s}pQI8k7Z1 z;~y607>(=N8{uz6Dyvd7W4FzH#{R6iBJL~)3n5b~T{>@Pq2zYmTNF{m8H%>5_&@Sn zA4)90xbx??#tI!#J609&yL)&d@D`}Uo-huZZw;OAh!%YtQK?uRJh8Zo;R}!v^Y!4M zfJDy1HdD=)d`;ZFQ+afG zUc0j~ZfI(De-O{kmMW_$_5tL_q|CNbdplFB#M~~CiSu`sCNgE`dpbNbbYfU%H&e6l zbi~h4VQN*|`pmF}q~7+J$0n0lbI7)HoBOx#$!@bFhT*sC zE1NFKX*e9yG4X!!5(5^;;;5F6`eoRnvUJ*#D2V$*Txofk!Lr>SD>+}t>VNvD&@Jf6Q5TM3C&V$*VbsX6o{Hl}TmN?X@>>DtNJbpOiMs`jp9 z;EHf#3ULi$R&#f=RO3P%Xl@@$-F;RbThnYGXTNk~KsYk&6dw8ResYrWT?5Qq9YSk% zJ=N(-8`qEnZScrQonxZz>h zxU}*^kk-VqcR5--JlBk*J)b#OvLpGUe*Q=<3rMmh0H&OJ7;EOW>+i-o)@dpY7+EH- z4s|tCLjt0m=1u(8+@dnNMR#Q-!q*Obia))fG!1_#KwTR8mkRZ^#x6QYJvODEmgbaq z$VQxpd-98L7t`2Jq?PEi{&Z8c0B_4M5p=8=^QIRiu zZ2n<07{%XU>MFkDt)py4l)*)K4B^%sm^mWMn75|p$=5nB_9Nu50P6Dy-hcPrYl+PJ zkV(WM*d#Y?>y~yPw*D*#@h6>pzwy%9=d4unz@qQN!M(DYgMK(X_;#vs26tbalRvIQ z)$VCLfIyBJ922&Pnd&sS*A+h>3OKuq91?iQgsVis#R^};!2oPNc--p%GA@645R$C~ z`&xmH7+Z|MnK})P*z2w%Sv%<9PFeJiDqTLbKUeJJm5 zP(4hnp8WFnw|iqlOpb;g=%hP0cOm4hCXtPknWR|_CvU)fTtQG;tG96XJ;K_o*wo*l z-^=#lldsO`>aM_Fd2I&6Kb<{$Q*>#ndI0yTN?e+;$xb0bf9heM1tl`3UxC{{UFfdC zMvfUzb7^lHtt}$JBBBSFq(Yb7ccK>b{s*2<F_z&w^uVn_LrCprdo1Q3PFr5o7zkIU=$vJy>PbJ&#GItDzNijAcIkgJ0#Tv^+!z8 zt}oK2dW62CcG`HdTRZh@7()N3u+8)Z4u(4I9EL9V*+&o4pkX7o^!P6GT~W2$3YBXiDP^!f z=SNfZSdDe!%?1mHx1#bXkFhqC4=-USK(h*vnwgRv*uw^C2l-o^tOhe;2&@;w*bTEu=b9hd7^yNY#oaN^ox`vi-%r|QpE*ItZ zRDO>n|H>HFbfF#Rvg6MFYFAtq6!ld**mKIfSqM8Gh~>M?1ay@l3V^+zOS+Y|6oJ5R z|C^IMn^}$T;WB0D^+jq582(i#G5c*mC8n9QcG~ZQPUcn*Mo-{6)7x(@>OBNspqI8- zmc?Tasq*&DqPwTSPf2rSL~&UQK@W~sS)J?-2y;~&sui!;%=`+n`t7b|YD6G+LKXPY zPTK!{`?vS#&C`d)C`=+WQu0q6>`=#_;ZSgm@40he$g5j*Y>R=W1$eAoHPEu|A*IVr zm}rIX6FfuE5TDram)b3H*UjZ!{#EavLQcB4BFCd>eg3zrUEA;u)ug; zoWk5B_!V;uX@(>l8mF67-@?*!0!0SsQ^DV;v7^JN!%&k4lU%LRJqFZQ zL3r&I=ENw$HfK#e*_7Pf&-|0^+s z!J|ZrWCO$X)ts-uC9?Udq%niXGv_k3Jq{um#pGNLSM|3g_UYF^$a2{nw?f_EW`7Vq za6J4`rPLTjzyI~+n}GturTfmZ{#Cf#k*;H>6kFb8^FlZ1ja0H&rKOWDC`NT;J5ax? z%2!_Ot68?kN-oX*67nDRv`qqwF#SBKfYwk)xjym=4pYYL|8QqFosVZ#yVkVqc9S^( z(>nkWd`t+I)LUS2Vivx>P9n9}k(e7$=;YOS+{-C1aXi!vP--&@Xoz)WuDa>I9yxMw zBY+Jo*Drk#st$YEnvTl(dy;|v)38bsfA zSFU1^Tdp$G`KM%N-u1Sh)caw{EDHh01V$DIsM%HBlJd`)#0ih(($9`0GtR4ZKyS8_3IJV!^An& zQw;d*FAS5s@nZSjf-DqMl|BN>r_92N1-9Fq<8`cOU#`SS)e=|BpZOPsZ^Mcn%puOS zt28uYrEdHJ3)gPLt(=N>)<$i_rA#5rSlHgCkOn zI!5?K_B+a10FPJX;|MP4e?bFW~+aje)Mmct-tXlD7ZoCh272mEx4smMT6Aa zD*J!)*+&_!pb2N%G2r`e6VBR96qMQGqSB(QHD4M_7+x;_?#dp^73xW-YZssQ^7de6ZF>zQ+aD8e z3YHH_U;NR+7_askEYZY0&ANDh`Wk&mLGzAz&8*$QZrx%F>5x_sxG6wxY?vL9IKY<< z2)+y;k0GBWrElmOlIm4#i;Th}($r6ry4DEs z2(XloQ!7{_j%e3-%=~EE{3&kr?l1x4Dif#r{5Wyxhc^)O_V)9!pAsRJ ziF?Y3V1&!jo%-{y>YQpm%wn)_dJE5T7s8$`LDg3aiw_*%>9#}M(}={}=I>8`iPi8K z6TH+yJ>oQe|Ku|6+b-+0e}8EOyVz(5;pdxYQ~>E*O(+C8W+bK=8H-Raq>u+UH(8qlX_cN z0IaYVUG*W0X#dBV#MJlRmnKW?A-yxm(GK{XlI|`Qr^M;9Z(AbuzH37IMoUbxg$k;E z?=8YA^c63n4)>#;RxK5UFfMVIHf^HxZp-eN(u3=fRPGi}eQv^9Cr;Xqr0IK999!uh zJ-=uArioyq?U>?McUX714JpgvqrxnlWYl|m#Y?^Kf#-j?r%MM5Hh_XhXO?9>4R_XO z1q+{)(1ch_orSetUfkE+mbI1Ishw&%;MhQ)1o*YpGezW44BS%_bBhKsT>h!gHr3&b z;`Z@`lKO+(Sc*k&3NT+xW((flJ>U1>Tcij&H4ebO-XQ|3oD6pVIT|>lW zlSAVYGaq04!J%N0aVGtZKt9p1qwGt5{^M*3OwM?&u{~8zIw4s^UiZt74}Mtj)zKtL zlE``-z9GYWjp`o5m(;i$o;SIr>ZU?mcrC#v&kvgk>jzev;KNA7VQJ-m)@KYTw^4|+ zF~l1DS-Ls3{Y-S9cM0$LO~~>??J^xj`W6TOmjL?NVI14aK|X41SH@W&HPrL9jXFA_ zb;-vCcm14kMhB{tvG2`Wc(ty@2rpvFM@q&tUyWdz8F0Mg*h=PPned)!O_@VQzty$0 ze7cD901R9J-{TS0c2dE{YrC@Eoey5eh0`9C;`luaE{BaL3wahX3?aT6a!pESNtOOK z)~r`R5^jWYkcZcSG^|~(QrumaJlx}FtR1^GXH6ATfsobvj(Ar)atse-pZaH17+k=2 zlZ|rzAXR%m3EXvg12FDa_{xNB5=?Nz{4~?mX%t{X@CC6zeQmQzzQ*u z&%wP>Tk7d=Z@*|}<3LhtzK-Y`3Ku3o5>YcjzX^^n-XR@}OI}NIMvcRJMB|){* zB+V3KYyI=v9~>&b$@REwLZ7*0$sq@SS%GGnV%K!MWRCkAtAn2jvCj_19{;vi9D?0@ zlDAqYg*}=`U8?3%eWa{Y5aLuZgrigC)kBa9-(Ee}v8gQ!#Un2;eG&@%DI;uJQ*nr9T+G!NNtTSi$hk4l*mMs*g)Q zs)XNLljkHa%M?+`Td*h36`~3;>X*())+?{=n-eP;-HW40p*6o`TJQGCnHb^;shPg@ zG^)2ooPgZg#rr3y$CzC=Tcj}8IusPI+7G$9lR%8^q<<*LvEsk7Eq?l1dHP4IJZdSA&|lu2ZeGq$N|1(svBelS*4d9S z@Nm=e{$PmeUNcl?X|wcg;URbS==Ir^4-D0h9A9KW;#Q4uC6{etz&W>!NBx=zxO#N6 zdW;hzXFHuEKY-b>5?DliDsTxbEYoMv{zTOYpTs^w5tr;`%~i$DiuodVak{5?Ule_~^p-FqNeP2^D5o4UWnl`(`0Z_vL9Z-DDNC zBo01y?od%PQjvB*f@c9s)PK3Xh4qZRUFXew25ZK)#> z`1Uasr92;;4R@pv-}%!mOmCdk<gWhPB9I(2zrl>MVnMiu}7S97^^>a_H%Hl)@IDzsb66+P&8j&AErO z)v2Hzzex}}WJPZ0!(ckOEyJT7M$eA5k%Zl(hrw~9^jlh(x>~@h30mSV&j$2eu~D;7 zt#0-#!2g1KQJgY-iAg|qubyMPE5fL5QJ&Ik+7*JS*1x@3#SCTP_azImvTiNIU!i5| z{?Ye^NFw2aW%=EkQ#O6(`ICNYMzerbtQ`fMIk$-*E$Ui=6 z9nrzIZl1#3$1_1>t^c>`^ba$R2jC><0lv!VYJFC@lV^$aT8+`I{`)RWm=E_+tJ-gD z3gpO=cfYq#s)GB02DT$++1O;_iD9B_f&81UN!G#mAbUOzp`8EiD+B==8uuiaOfD|S zZiay&T9b48M0}+W?eD)}GPny5)AWpoe3JTBpM&MrswWm`K4zEJ`ohrv_-?;IGp?zm zgP22v{L`4%S>x!94?sx3)+Di?44oWF#_$@qaA+H`i>cU$*)Cm$Bey4uyJzww_GRDb z+RK|TRQ1*acgj2iFfS$?&*a+>#cfJblu_bu^}a}>dNGObYA?O#D4RAUm3WtqtBjTV z-Cqg2RBy}z6I13ZCRDFm;ue87Co4OmlfX1-d3z*ZNlSNH8~}!xw349|f@`0-QXT{< ztGfS~4Lk%+KRCC5yYwN>0y~iYrP&*6N8f=9!qc)kM~jQk15^yq6K%4*_akiwby|Tm zlg9Rrua0nQ;m^%wy0H3WJMSnS`K`96Jdg&~^ylCgs1M7L>avzum_hu>=gwfPL^XF*S$>J0`&t(SLT4_X4wzCykrB>MR70rm3r^~#qr z^#u>}R<%O&7@-ssUq(LYJ|Sl9$DA)Ro7!3-vg*1Z#*1uCxLv>eBpn($C!cWmJ#E3H zu6}&Eg>%;*D9pJyEe0<3zeT|&3~WA>K5r+J43%|V-j|tkq;LdF*k#n%jirA|5y@YD zEBRN`wk7@tJ%~K}RUP_R@jSrrFYoZ5BAKx~dT8ZS=Hqus|6SMWG+%jtDA-TEo@5s) z!b|52Y6}nk(HUXv07@~OB}Ldx!9Tf!6yNcs2-owZwUe-~ym&G1+^Kl;i(ecLwGQ`K zb1UJMS1M&#>nQT~meq6w896>$_a9 z&#@&`nr?@R1m3c}M{R;l?+0Q>}njO0bQ7=`Y{(NDR?8M|ZRI#6ZC%#yi zmO+CN7PIlmTZoblz4VW$#DL!lrqsCG1;L(P(>KGH8OaRgg&s$s@-8ul`^E!d!bzk) z3H6aKpYB~)2<&*@y7<_>k~g#ttw9bH#4N{5nOng;c9@p9-x9_#L+qC=M-0$~+Fy3R zT054ddtFBSB04$1NpOaj^9h6@tyDxdKGP%T?>1jQWabPF%Tp4uI`@$JJd%5W*Yu$E zr2r0!uxmrXzKFkaJi+76DE_D1JKNZcRR>$&S>gk2%ua?gj73$7?J*Or+wNxHjnR`Y zzc8<)?@=0b0u!m`Z(edUw?Ftis*1QM
    vtwOn0kPHKUHG^ku1)~b5lbGN=z<1~7 zFbWTuHaJoPx^{%!FKVORU%ve7objtgXHGZ!a4J&v)P-|%dyzhT z$tI~sP}{8vzFb^d%Q){cwyX0)1>}Qec%_|W1_W4U+ty^c+-ziy5Av2qSp$a8C|ou> z=9YLc%tK7&Kl-K+yR~yTUNepqQrGAq=GN;5d8g)c+inc9{&!w;0o6L^!rh3_OsC~E zAzNR7S$^Jg*8^w%9x_GeC2OWT_5tP(Mn|^sESJEr$&PLx*NCH~ zU$V}d3M_8-Iev$`<{o)%eligjplEHjO@Q`0o7h0Ii(ogV(x1GVu!}z1L}V?G97^+y zVdFy}EhhoUF*71F>P32Mn zAEva3KQRoksNZ{V!dQbsNypY7p)~?+mNz@J9R2bAPkXzW?|iW~@Ov9(A3Z)pzPQ7N z&=)m&kLK>wh3tiGJ8IYf3$IVxwIx^vyA>0U_0Mu&PelybJ|ii4zO$QXA!>Skeo8g% zCKQ~Us%Kq?{!DYi_8PcA3dNj>H?ya5hrtTZzhs?41X$+2nmYogvJ;*1`tU@C#(y`>AwtE;*lIX{gTM*H{ohx7mAY&CT1q2RiC z1NLP|@akd6Lo*56e_rEiMwi%y5W~Ls@BcImy@$;V?D})i6B4IT+;_BGw5s*S;LGxw zm~$HSabl7gRm)S=?1KC8fvb9Rw%yHVGh7Hc_W9K~xoew<1>C9b9M{_p9WHDJ_>m31 z^(~!L)jn0Y*G+ItmW}Z^oIC4SGJ$e1&Fr^kbT8@~gR26;#-aJ((D|BPS;YAfuT;=N zlb+G^XQu!&M97!IRY$KCVWHi8depT+x$i7u&H>~fE90jP68l}j09Y0OV!+TsO>bYr|aZTlfrVPk9R32 zs)asgvi%V;Hq^2D60*h@1@sSThtX+%c!Ghx#)?0|fs*U8ggQ@sk(NW=2~Z(+xqLr4 z{AB?>ADEGueL5O7&lRiA=Rd7ma5)>!4!Bhq)WOFq6o;F=DZ(FLAbkHUHU<(+sXMNa zrK3>*3H|MT_X%2*3n8>+sns^SWk&Zj)IA`^ri&KLX08CB*{Km_+O`55#7KsC8T5oKetp~H1G+L~v2FV2` zm8gfwtYOafMrga@SZOhaEfTUjZ=#C4Bj&o|T7m8ixJ>vZg;Nj3j(mnNM<48~<5x7@ zu=kS76Vl7gRRBGZK1>E}(eyoc-Ew387#O0eczN%DEa?W^RsRHCSg*eK@PfV;SYO>g zLSUNX5Srf)ziOerRhNUQAAUmCTQt)iiJIt`XibTk& zOgu~;kw*jV<#71%i6mOP8HQDBhJ6K#?tNOt8H`EyP+X6PF%pWl#$>d~JSd8TJU1MR zH60Fv-egX5|Gfsq3qBj15$F3mK|s!lW^eu)dx@S74sH5qto~KPfFPGr1NO<;QY>2* z$20ioiR1#@Hsax#`5!Fb0{oTpoqRud7~Ma)L@!`sWq{6Q5${a7ziKGNDkJk+@k-rc zZ(lRKgt-?*f21EzVTV|;8ezIds}m5CA%w(sA6SsF6ftKQ@^{}?!yw|godERaXafnw zm!~dw9KW~6R?M-I9q8%HD(uEchD{iD`+PLFhmo`yDIi!=TQ&2X@5}{C^DfoMr?fXG zAP(28e1yKdqFuZ>+cd@-ImXa;UDob*hYM9Q(s9c9p0QTuQX$KYP)loTG}^7B=|Zi)+|R zW>e?ldQt1L{|uEvkur_HD*YVA@PuH|5Y63`Pv}}IB4=KF&O^Lqh5n#+!>l90=)Q%v5L^^9`lASKRp}6PqUUl6 zN5jj_W|E!?dOpbP1~eMRgRbW~D5gtz`uA$r7W7;jB=cZkatz%vpYiNVr=&Wr%33oy zf^%XffoyCd^!aR(mzvgWc#pKZIIvv-C*G5Ad@Htnm; zt?~5RX~?T@vh-|#P7nr}SDaQ@h6PUDiYw{!FmoyMP_v6}hh;`6&ovJdhPa7|w-;i7 zEz2qP+#Kj^9=>xo+Y4uMcsqpSinNq3xgsrnNB$z8&#qk1ChI@GCFPeZ-_k_%4-y*w z2MHBm_=8=x|M4;DqW_4Y=6}S{$j(1l=GQ-1rovx7RR2nqJkR+nXa4v5Gc>a9n>rXG z{RFzCt7C8ZzdGDuyDy*k7BhTyLue(uydTHM@0U;L#Y58dsWc_DqL(AZ(!8>IlxWpC z*k{MqKGYkz1<+8)pkF0mwT}4n^SA%F1NM>gHL#jJF>^N*^d7kPt8+-Tl=MrP7Rj^c zUNl7p4PyMVP26-lqfI1_o2)2V0;O+d51}0E?3oS0o?jL{LjrIVR*=)zt&wv&z}qtq zTB=}cJ^L(XBZa5FbwE7kQ7KBrt0Bf{Ay_-5r=4>kW^`MX(-7RVKqBcdTgN?b5I3sd zgx<3%O}HoK(H_27S~E*JQBs6Gy-=9^={X^t-Kqi8Tj$&``8}TfMPj;E=BDh0t^14P ztHXzBN9PTIdMvbc3VK)&Ug6Gcpu=D^rMM-tzcf~mZK03dbaCkVtNW{Nb3m9_JKlqd zuP+WKwtCAvd07Ww4KZ|W1nQcJ@*}5w%}5T8<)E4;F;LymdvVGGEHb`=$6M|=Dp8Fd z`^rUdD{MRQPlj*L-@JzL&%iiJ8C!Loepr`&*b<_9*8b!6y_MGHrpAMofo9_1nT=yw z)fc`NciJ;!X=1}UI)i}NeX~wUs|BkJ*>-W-hcD<(G+*?jKwiFY z%fVUl@}n5*4@%u_##2hQ8+<2@IpI$8Ql(0YUW;5UKF=C~O?+`Kjc8*~;VQZ0GfZl< z?;A5?_fLrcycvbuk~F0ODS?-RE9B~qj+G7`l#gM6OmT$mFmsg)3zNtA*WtPsWX4Hz zHJL1xhMpKn!5sx(R*vO)*K#t(;NtR^=TcYO+1kOpWuSf)%RwkFdx-iye>?GKMqo@ov-^uM}|vSm`=L0 z_@8_YIT^IRN_NNPhBfx*AX**l0;(P)Ed87M+6yJt?uC2y_kC-VO1B^^!QtlrOT}K* zUuXesOx@m(`oXECAIn>AP9)Dfr*F~kSb+4o$PAMi!IroGf5#*Ga$j zq#!b=*7{<(`ps&`S*MH`dBa2tA?v*HSQy(34PkcYB7&? zNW?>b9@yicK7TAle<@voK6oUpnPzSJWChVdXQmx1iD7cJ?@w3Hd)Pm(A0=nD%8_h_u;$cX1#KG0pepO?6@Xfu(STg?^ysC2v#HsfEsRfP*4F?Z) z2+?KpDg5-XPw@5R15c0Mv3*tzJI8?dL!aF$0Vdz}xO0yiWg&7TUCfO_Lf(_6U*9>%JZr;umMM`5$kQ?AYC~Z(yA+-yO`b_nPb5x{` zZY9XVZ{IA}0IP_;_6bJNrgfm!R6_QaoJ=~fvL9fkZD@heL2dv1p!NZ`hFsGgh^^K4 zypOs&b2KE~V;eLBv>!eB`VvRf!SmW0BTaU6OjTznW6Mfo*^0P)#NkjEd>uuH9O{CQ z$+YWVz*z(!kN7cD{tU|NC`}k(kl{{s?gL|XkbFt=yyfc{! zx_pK#Ajfl~TZ>`j&hefr+Ho|Gz+dFzW|7_4C-}{DX2c!>E=uctqX$^>MHfG%;t*^b zTHZLP8^})`@*3h1P6wb%D7|OZ0pU~}EgR>*9$KIF4Pv}i{lbP(TR-Ph^uxwE z5<23uk^uzi{cCd_1ipvxUsGF4@=?>C%-0W-&opUVWLzY=STza7ZNAOs4Yt5B zFqW=yy3AC==c$<;s+1=`yR)+jCgBtsRs5 z6KsFhx4lKM=Vw_xJ%tbBsZv`<0sUwGTT+09B5{bnOt~o(rFWc!->_YeC)zbLNe#JC zS~1!y_-0pN|DX#9&~r{Fe|`gXJ&LFcg0`#w{fR!&r;bav12!lCMQ|kW2iMGdQ}M66 zaoIJXHHdy67*QV@{Vlp?0G(h{DVRB3Rw;TUJr-`b*k9OxB?Cl9*)criTMPcr8qplWtAU3cx}5Q_9;Amv-J7kQnnjK`&sz>^P2KPL zzHgzs5taV(PUI)3j%f5@ki+R`{v*(rxu&nv85!nfU%fi21uZJ!1<;1JDy5k#D;)2$c zROYGeTRKt9Rb`1d@phQ4tnal{$3~Lv8sK&Xda%Lte&TXy=vYUW9NvS2LPQgorR#*) zzujW=Ammir@D)r6wxJoZjXDYv7$5d#L+s^*w8PLxd(%LFe5?h3W&2SDf#JxdRDTG= z>s7o*;3$EeO-KqBu|H#zNv1)4*prj1AdJLU^|duI4HOgBUi9*?>WRB3M9joDhVKve*dH|9I0eOC=dmk!(kpa}W6H}hVR z^W)E{Ah$4c7-S>kJh0yE_3|BJC_GAn8CLeAl4?fQjCi|Y&tK5>*JFL#fvPO~hUyBE zQ=F+vbbH<~ zP=QO+gcwu5F|VhuZA4(1JgV@)Q6?Q5M?yD-PcG{YatJKO20ns?u02_|EkYQDK3b++ zMI;NhG(FlB{S@yj@8)c^Q{LbP!!ky&d$F{qm|R*7i7hc^j=FEkpT!Ee02c~Xbh#5M z8}H^v9<_zX6L^sR_jgB^%~Hw$Smzcj?3CGb=KSFNciMMP_28cq&v{ah^9babOsz|@ zwUvq0U-mu{+YGnj`91j-uCQ{%@22_Kf(npWk=jRXMGODzNPQG+`a!23?SSDxU=1WL zJRE4@VZH&O*?H+3EgRKVy;D6;!C&`T!0rh%lrLnzqYmwId|Zn!-c$B(l=t#Gtr_jDA4$gOs7lJVZ+1&^Lq$ZcdE_Eb{zwDUDa~{ ze$F;D^I13sH=fPnHK9;MzU0~@P`;m})nBy3j`Te|a?<%mXU}tOUw$NhgHcAv4r&p|wyq0iiPG!p^wtP} zU|>681AZrPN0j2T9YhE+nC5d~n68tAjedmDe;Nlk#Z@n~uR_JSaB9!}cW>B`l*#`< zyVbAI?r0G0WP? zWE`|I^K$Jy`$y~caj52S_6JVAfX6tnd?en#1s;ds-HBLOHsh~1d_qT&1lgpbrQ&0;L4nJuNk4(zY}Ee#jS->TPmje$yt{CByi|)w~b)}Zf=AsN#c?TsHcNkP~ zSKK)JM8*$r?&++bkPg~~^A&c78zf@|>9GNx-dd>dzC9eq@BId;1Jt(h&5Z(DzGz|c z!89;Ue$FP7}=&5^ET%M1qIX{CM^qI0?iiUo5FZl1?_o3JM!F>XZ18WmN z;nJN$cV`OZx>c;^oyLhiqe?BzqGN|)8s{V9lNTrO!Ssgabw;H&0uJ#Y?Ub6gV59gj znRv&!{g2;kolpaXu_UPFeR*VRG}zH9ZBM>!k7aXT%M z@EN4Q1O|SIG+~;C4d~7;7Cdb;9hyB0-h-W!f*INh#;g{X%++g{DESC`=|=~HI{ltM z9q(a20(r*zG8z)=l37;sac27t}sLixaZM2&nf^iMHNBbhMg_k zqE6o6Zt9+EhJc`L9C#)X_+K|Zy&Cewz1LS!=b?EgRJzoOL6KfL|6I;O)w1IxW}7m3 zDsvEq$$9WQ4&HSLy5;ONMU|vNix^FBz}cpzOwjxs-`ZD8+j{B;TS;BDbazn}Vg+*V zT>Q<2XrO$MeTz`g{KMvhpeZXxn%g4t&Wm6}sq-m1^Y!wk9ani`#T$tUkS?7tY7!b# zwjNjn{FOp4bm#UsyeKFiBMv_(G}+@Z>wk9}Ws2_l4Q&R~Xo78D>VWCzqpgQ#L|=7; za{1>#<*GYX1MxAy#)XN?(mwC%(APv6h=yl?>J~ZG?if;FhqV|u&}SiG zjtV0pyTE za!~*M2Cvv$KC$rXHEk3h7BwvQtT}Wcf?CNm^UmTvWmCvbOn|*n131tM;F!$CQn*#zYj25?8*$Ui3(Z_Di6v}G$aJ` zD6sF@{tT@?w<%74(}{NzmUEDpO7F38h8KhKa9G~%Lv~$@qh~2v<25JrAz%xV*I`}^ ztQCO_hT28^`P_YEH&F05VzMAC^}heH?jY#80V8^f5_g(ScSQAQDnT z>ZM3qiaym)cxV$q>3Ve#;C4MT+Yc4}Q90GiC&pAX;la{c4mHZQZ7)C;;0s3F^%rmL z=4TeCX}+3=xt-uM5a08bsjbpJkRN|ZhBjlg#5?WbP2ha7PC_)mcrio0)M}FUN;#0= z6IGOJH*&|o8;`OVEBipOxjg(52WpV zyEej$oCVgObkf}me)|E~N4!Pk1gIXI{Tl(!1w2&JzGK$X_=u;yKWva3OBFq21#03a ze>HIumG-eu7nvT?5ax)eZn;!(%C}_WTT-?g*I6jPy{A6Jj>GCn{!&rQ*ml{=4icXl@U!Q{HyD3OYJZ(7UoVq zzKX}ldam&2{f!`BmI$SM;x6xRYQ;~Y`-h&W7cGRbGI>YcUtFs{Khll{UAI3on1Ql5VYxL4Iz38kbIX z=b$qGJnYeb93)4G}qpHiC^TQ{_C-^ zKL6)WH>N(o!h;}$IS+6|J_v6T3qtt0GnWKLRFQPw6u$+XJx zDtGJx%7MM6{E_pvv~q8eNV9Kkku*W&-vmp<%LS%zO15A;m7DIkNn~^hAXNSl1hGHD z(umVopXLPb-{Q(0ymqvhb7g2BYA)@I_rq^O{BQVO9EVOj!kJ?vE+nkyK9iJu-@W)i znMC*Djzmiknb>+jP+p|yzC<iBzHLzIh;lS8H#3)-=*C4Z@mbn({#f^vH;{(FpbD(*0FS2JZoWrK)kgeVYS1`Yif41c?a4e@rSy{rn4RHm(yQK29Af5Dm3KwX`cE92sCjBoSfnL@}6zawz)32(QuS zBv3xa?uJ#yEGak)81v-$g62Lv^@g6%c!Aq;`aw{7FBu}y*K_ZTUoPnmF+Jm?(pMhg zbjM-tHT;y&-!sjmuXHGIkVRi`uEy^22wc-)x-3-129=H9N$;%CnXRArnQe|~9xA&{ zE|O$}9kjsUedt|^z2X}&TFRp+Jz6EYTg1e;VR(mjqGzY%a^=0A!kf?Zr9UcuSjt>7 zNxPH8#06B)(I|%PrAF}SFO#jqPHnh$&$3}#^bbUz;ix32`dwe`$at`t5-ND|N5~19%EK4PDU?EUbZ=cO)9mGZ|ybcRpIZRwl055owr93CX*tg z@g9fO z$NL^es~^xbCD#SvM%2lFiDdcsp3BGd14{eBK6oOi-z3Ic4O=1ZWVZto&7W!kxtcQ@ z=ORaAnr6!+L8h&facNw55H~@$?RR9tuYZyz%inDubp5QgIqdc9-;2U?#ql`*P7IcU z{r~*3kl+i}wqe3ss*Llyi<6O}6^}=9ltYuLZ96{g4D?2++`RQUY`h1mB-Jsm1!BZ* ziM3}%dE@R}T`8b4Oi2DRm+z`L?f*<6{vVm*b!7^*ug~m$&z1BieY`%pM-~-=8P2Uh zi6QnXvfCEE?arFQgGfVu+23!*{b_qB`F=>TrwvDI|B-My)h56l7DjzofV26uI;8F? zS1hOX=bK)lA~B}tkkYd(snd{?&yP1nz+h(-UfTPPJ1XNKWWB6kK zRyoBT)fc_c7?n-fCqh^!Mo-9*fA+V{q3R~>P9()=U53Pusfru;F7o8tAg9X-&05}k z_|?r*3$E&Fd0uc2Ss0VFBmi}kkiS}LgtcMCa!9*T$3px?xfF|@6$=D3@<&4@gx+_~ z|B2MrgW*~M6UTMRfW$~Q;Bw0dR;ZDVb+Y+0R-lP`)eVgvGln_R3t`o}ZxLSZzPXj= zYK*53Uk!C@ZH=|8voa0vPpzNkp{-*bap1?qA_x<58|s|Ov(ajsRF~3~&O$TV#`v@Z zM{a(gQ7-sSs!&QD!$(a|ox#1Z@06v55(4!}3|jE={`#+CY-zW786D=%2CNvF#h2Fe z$ZzCMgwhJocl~3#<#b@_N+Xq2<~;5+yI=jZuHV8!Ta2OI6qv!N35Gq)1YeCmX|B5` zv7QyQu*9Ff5-lPXP-!+cdIC+;k{xgL2Ez_eItn5HOEY2&#j zXCKYe7CSYJ5G{Q$HLSm6{x;x$zUX5;yL~sSM#!@*P5LmYb9gCDRo}MM{az2-8i0!g zdWnYQBDG@>sQ6B7Vn&(ko7>UDJTVj5IQimz$^A5pvinWjU#vhQn^aWO6yJ<1K$n9+z&X5Z?Q+S2DB z)HLsWaUSHUVUU5w)D7n8k7Dim7x_EpXC;;cX;+?udg@hj&v`kMOSty4kK4CJTx-Fy zloROX;)lLe>k@)$<;1IPCtk1~HdEFwOLM-df(NsL8bEYeLT9uwN)+!dyf*=+08aM0 zgL0L4c0tQt>ZYv6^x~wOpME6Y&M&_6Phj<|;HyP8mA{K+Y~xvw*v@^qf#+2Rs9|EM zj9b1$fwa1xM8dQ;eOp%#+rLS7HrH^_Q@NANwqRzoy!?1rZxtt{!HUxcmOqts^#A}Z z?1Jc6@@Td7N*-R+ILL%y+#A=iz!ECH4;h|Dd;acFi3+neoI$|EABlr#{K)PkTFqB> zu;+7Pi4uIA|<2X&Uc9+Gnqp@Bhd^k_a=_N zVoVXSX$K!j^5>FGGfSjQD8X;@2rsBxmx^ z`Tj27W$P$4U2jkt9Z2mEn48Bao*0k@f@Tfr$8E#{pt=61|KD}psb_k z4d+pCuy|*QN(s6QO_ELT`Zk)*xCH`|i^i&JumefJpqx);E4ee>$Re6c8US1N-N&yP3(V z7&=h4Z;!j(-GuU?~kkg180Ihkx5uC^3WSF`s2CF%4m^@vsiz%!bl z3nf`6!ZU-^6GK~$l~#Z?lm0+p;hx{GlA#4K?EbGFC4tK^@-+z zP?B0&+_Nq*=h*VM@f!A|3C#7pv}o9&QT)QvX+lLirCRfd5(K-^dy(;`wASxp{RpHEd!c=vT(f{_rJx}b6(s4y`ZF6hYfxwXcV7T31EY7Y7JAH7Gof{NgW5vMK1W-A{IeG933T>0pLdx)`_9<(`yoWPVkgcsJ9;ae5HC8AHMr9n(PgtgqB`biq<-bsi^V{X zwH7c1Dpaj(UA-`t!zo#A4&#zcwAmew)l)mbdMzOCiNUL&Xn(`80;8n(BD=a)2{I@BY3bjsUY(`-y}8=%6`>d3<b~p?J);$%FYe&$m`JmyGaek&6TAv+~%4#_S6!3W` za~3srI+P@YO*(5O?s+y_gG_TAwHB#e?QAeDt2@{sRK@Pc@tF%H;479>6?4Vx&6RM0 zVmV!!@EI9>RHjv%`>Ueu$A>0p5&rGGUCAN1vk8o3%|nJpQTqPJ>E^W;Jh}DGFT8&K zG;KT)Zxt_3ksq_K4#1()S5CcE9Mkn#!55=>xnVWw7|Xo)T~oI6d7fNQh7ZN&gh}95 zsXYMjO$$VmDk<&Yue}<6tF#DcY+h62ue-|x-tLCKT6B409=@m@m~wK6+Xg2ODW(3` zK_)6Sni1Z_EBm!8}gmO@YTY`<<7vlPA?L|`u-B=zW~7gjbJ0r*kxY^TgMBXp@O70Tz`3+J+KdNkgn>~~w*f20OK`76 zmevjedCSxhw<86js2&}yk;7IwuQCAn3|}UV4NqdkrfKRF%lyp=((EuxeL7ueD%wQa zmM0&Mo;n@s2ed&H7I}jn5VJ(i!KQRSGX6z%Sp#0Tu&4o=t<9{iql;kJ=N2^ZOnqMMevS+)@xySbwWs687@ZR0m#T$H5D`-!S|XG9`vt{C9>C-3JpdsAHZ` zrlrCDbdUtb=F7cM;TFn2z7k7qiFbNBwHCg+YM&nFAQ9>HNcfd%69y>l%KTMI8cdO^ zcvuMAty|+CpzMiGy5}IFszj&PJV_nbl?mTE7je0}s*B)r`q+aQ%CtoJEypQk$#;=f zxJJq>pw!BjzsAL+LoXjq5Ty;Q5U6eKxDY&z`^w3gA7C*hFqQ?#lQoAyn(%nahOaeU zY^u>84ZhgFP!nig?$O?_!;uxlcP$b9%@behPhA{PH8Fe50S-4Q1*y_up|SD~FJY-P z;)|CwYwUBLhiHzf_-W-*Ibd<>+;$q6KL*y(ev3>fciEHXi%0>|pwPzlfgD;)&6Fk? zpKPAy(A5!+?ZF06c)9QiN1Fw&S6L=FoT z`VDpdNheYo9WzLR8sdNHe=)Y1V2xd3@v#W~=kE`3)Q=hJ-jNtuve|L|8KWjeg>e3> zAxe}Yd|O#SZ?ISQF1%7+f>Y(O`8exZt}es+HD%j~ zxRbcO2|&mi=6iqAd2MzfXIGCEzf^Q&$bI-RorWkPmHb%E&Hy{8K$#$j{cbQ(iPQP= z!m9B^^Uqm+Ax4HtMZT;z0u_pRqZzp8T*VhBbU|LL8FWp|XC(d(n?{{wb*J^Uoox@~ zhO%MlnPV35*o!uXlFy`ky<1!OvQ_l7vXrMChyA}0ezC|fLJMIaO@Kq~LjPE8&+_T- z#JN`e39#`aifKKdbzCLhR5tCM@wJJE2KLcarY#|KX!U7eOjFzJc&og%Pe7JT0Ddg} z1G&iqJ_WsudGs5Zr~;MJnw8M!4(5$3$wuW8xOg{LX|$buUY+0W1g4!4riG>AYrMC@ z#OII5OW-YvADNh-l0M%DfgOfYJkU$VZ>_PPCx~f*A)1g3Q1KH<-!R9dC$R?P9B8^S z6UZ+^*PZv~qZ$rCc{lu~es$YOSgTd0Ke5m5Gy{~eijTMPSXgl0_oyvT1=>6rD;o?% z-NY_$JiJ59FbUm&9U<28Lz_gss|SIK+nNv8PL-TdT>C~t4fxM9WOGcO-1;Qr(u?h{^rG+te?^hj!ziJ<(4v zoQu4*m*S;&9dfNtf|tYlGY-w7%B=|l%S1FnA-XLQp($?iqt1}>*G@X$8U!~85qD|A z0;^aH-nB^QjD?3JDZfO?Uaf$@2E`k~AFi4~D>VU2wm}VD)K~ABhnWjXu()~vl1>W` zBu*zSvJH;X7eBBxE;FcSMr1S6eJz;ebeP8JO2jN)4(s-jpdsJ z6DEE*h?TDjMb}^i#&FCMsJ!9Hjg?l1R5=N!up7$%eA`FUY*YglK^eM{iq2cUsV$oR zS#_xCJZuryh39GK*?gGHvs5MHW*C@{_3d0@!{6w#N+ZKlDWK~J+6*JX-S6Bg58d)M z-@aFbn&j-v#E!UQ|D~*n{n*d#y&O#aa^BBMRN4(haQCt=&3a#^jc1YoF4WHO)(8^Q zYz5j7P}HZSHTI-PO8r&bTsvab_i8~hIR;Xi)L?A1?)zF#-}CFmqIBpFSEP8u0c>5? zd)-wEa;@~Xvk6crztoRGW=hy#iB9{`h|C_XDOvtkQA8#z(BO-4YbfcW1Ryja9isk(l_=q(Q+q3-8A$`FokX z+UZVn@V`C^u;fi#?|CdX9>y&nK=|SB5_ppjHiuaQ^GJ^OzR9&H1`jV268~ImHS@6W zv|GG?{mYjHJq5i-I>vEm*Iwj%>lqi6#hc1=`uL+*`NbtOFKtuqTgKq**@b!bZD_ZS za>N22_f0{3E*8o}NJrL}ilu%1AmVDN!x0PhLUjn`nt!-s0>cnbWP;BT!MU-r4As9` zpkG{d9W%Py7~foETIsIa<9JbF-}8;>p=ZyxUL{D#W2doyB?4StPd zGG(iTC|yIAS1=0HgN@ed+RGLFP-eWUZP;(%_~uwP#9wg}5ep67gEQk0OiniTEV>C*xO=vSi>o6|0SB?cJQY z^>mZSrxsv+5|efQ#%2OHgZV-fa(W#Pf?J3>nn}KZLFQ?_FT$@2`lCG0aiNK)EE=1z ziyn?Ai7|=B3?rqgm&ImQ>9CvIUj_WUBbwow81;@S1!E>jrVKw1d}&N~(7B|zU&SL0 z1QL!2@CVxr_>Dg4_7Vrt#_cowG_Tiq?W&oL8)bN==xEICm14>ntd@GrCE5{Oe6@yH zWnS0j&zYq?e2JzRCY}qG(<3FMZVJ zR)*6>)-XCoEu{w<#Mx-RI2CYq(i7g&=64|^6z%*UptawysCXAuHZ6aFKTK4|KbR;c zSh)NkJn4^^rtlvHsWdR#Ck-Z~`BD2bMZ|x^)FeSnO%gEw!?RHr>;IVbw4mOh?vHrv zGv$I&VRFHA{B_o}{)60xzIo`lzfhPx5T~@?IyGC~NI{l@k;peNNW*OoZO5aYWbnT8 z;KmzNs$oh=UKmO6s$wqA3Z0YO9wJ8K{Rwp#m4-A8spO%4(idYH%w?EcrHbSXo|563 z<3eU^$Y%wJo4!uD#_N5v53VzqevE+3-s5$jHNHvwQA}>sQcHH;1m8RQ3=wd1O4Qmpp zRw8{Lw<*jsI#%FzWyX|El)hiktA)qPX?RAiM+NfQi${33G}=piol(4wU-R zElhiG;b{F5*zPomVLXEi19>d3ZM-qit|9wbCwDT#R4Zz?O_w{{HG55IuqY+bkzRGB zC~G>BJJBOr|KRg}L7e}0{JzUXiF2w#3hmGDlr4zw`G?+9{0FzE-e&~}Y4ma>C?gyH z&Vjvu%mEY|DeNWYAc*)rUuQ6OHV?M3pp8hp(DmHBB7p?Z{8CMee`0fb6)1?kA9R{F zNl}HcF_B|X8vfAq$fJ~P$MbV((fu>{4B!G5bv>)PGRS_v>Af<@E(HX45qI@gG~LeLALhCAVd7aAmd&#zdmM|wKyzK+ClKk zK5OlyMitt2slMw#Pe(|y@fR5Q1;VhX_c^NNb&n?zUZFM8^0*S!{~<5 zoF*NR_u_Kaa6w68NdhjIgRI^9P>?Es#(6KuB8Sgqu%GwOD_3{wI)J7@y$NIX$W1E3`ZujoTsMugU9sSO1r`|Q8Da?B zhget$B5Up0C|#HW3*Z^mli!Y8$)NB9+;0O9KX*UkesyPRosYO)o-N+)UIicjTWQN) zo&Mhp8QX^5zgOCB-2WByz}sJlhAzM#n0>Pd-D@JTnDb)13WlOG&_lJft#10BU_f-| zMC@(bGz*z4!m0p&$hczrh&8OGn1hKZ_1-MuU}F&@Z^c63y4cAOnJl=Wjk`|rR?o!y zIxbX_+?Za7NftHa<21-NYg!|7R?rrU$UzX*q#?$D8mm~51BSwBX~-0$T-&0JbPWCs&ENw$CGITTbFz?^j6Wg z-8nJC;H=7reWwGcVx(>;lE7l72kbjo^TUra{ZZjiue*3p=t7&$ars3X$!p>@sH&6@ zX}TC0D9S*hs?9lxNPTf8 zvcZCw?v|r28VIc0XIO334#Is1$Gd19FV?;Z=WY^mc7)6MW}!Y&h)Z0+a3+$iebzC* z{H4b81q<~|T>0pc+fR-;fvOf?`&h?Y1E0~dnT48{H#MMNvHcmg71q6X6)FZu2X+i> zt4?DtH+krVJ;{kXV0%k1*j$H1#HB^o4bD;DHBIM@s@udyLf1aVs@;v@U^)AC?p6LQ ztSSJTRGNDI_KT{cArfb_i7ffHn!|*g`O9o>vdzHVKi@= z(5_%w=R49zE=iO({GOU8oCA~)-Z>|A@$I7_5IP+k{;bO*tH|9KJ<>)~s+>~vis<#- zrTi!3i{@2ve}p!wc}>i8^TrBziBAM$$#4lyi86_I)RsZd7`X4@ z#t;WyMU^xEtb9ocV|YmKDE!X)=f?x5=OS28Yuvq{ZZ8(}pbfVbPo^8>75TE?xOx6w1E{-I%% zR_TuMdVZ4*?tgfIadMAUTNE)=Yjxa_O247RJbk?rCQhm$aVY3XH*tTVbOGvXNfcu} zO*-{PvNQ*60Y#BZvG~wy?E9NL=N!DmWf9UwxRGHTH~qfyox_f*^s@a@gUotkYn!kb%_T`) zJ&Ox2tHfJAO*?cY&>=K+4br=W?|P7Q1wTiiA(vKSD7t^%k`}zmHAFk} z%EPLIFcd7vk@uv&{(cm_*bS+);p?O_$HSsG^t)g_r~%9o+Nuetlq<}Eb;?CuNMU$F zuBNTcPu>*_kQxg+h$fB@#G6bPsn0qrGI9~dGS;j}d+?j_xk5oDE1lb-94?jofE_uj z5u{S}#;rS-HTyb({BJ?E>m3JP{Ljk1gCS(%RY<|BTM`lY@>F)%DKfLiR3V6_n z87aTq+XJY3M}VdVdol~?#e>ZbVIz(ERHRZ^(8652=#_c@Ba+&6l*m;?O!wT;t2tn} ztgQ!CfLFRAggcL)ZIb>42;FkT&-BA^`9d)-Mh*_fL#&K_sh~abjxf`N$xs0>)hkBA zRDd4fTaq9@ynORH(w|L(K8Eg@pD4ez-!?%lE;ctOZTx}Av+1R^1WuOV7hVavivbwT zTq8mo?MEd68~R-t_eDcMJQ-`~C*}U+@YD0;qPliIW+~d-Q_Unn77x20Uy(4oZcbn2 zipNo~eNFv~*qAWikX&L-aU}J2QWM)D0)syPCj-}D?8)w>bShwjH$IgF9xLVA80xs?$F70X3mjHmX3YZ&v;!FNt7c%^hQ?t8m-Yw zA+6z-)>yFddJSS)Xu`-#67fi2mBwixGNup(5pBbh9B;A#6%q@l>@A_an9iE?xs_A+ z$pw!N$#ijvBec}jxtqd1o264iV)^`8B)~?O7P9qyM%AoUv+!P+TKSKF$fxN{^9E^v z`Q?e>H~6q%sp_=J4ocf|U7}Kb4iGnih1kAy3**>dH0k@~19tQ>l7_yci$_Z$3+xui&v10}DY!)r$Es}K;^)8dJzF?ZoX~JGydx_98JJ+`=bxf@C}gyd+*e$5Xr z5VxDQQ*!7zLv*!Kl)eBP7o2bTN8^}l?0A!EaPDF4!NqY0x4apko>@V54;>8`I0`%u zNml^W8nbod+MuDhx}f8PuT^cOl|XO~`R369@RoLbE>c$VE}1gRI+UKF^R2Gw&giV(!Bgc{XDOodmMl z7AnxE6-SyoFuQep-=c54dMgNlh(pv~G}05DkQ7_{l;30&@qG2qL&gsFG1aIny zVxle`2`pdR&la1qBl4ABqfN4ELM~L%nY@Le=T-JM3N3a}W5OalqSn{!|2OvDIx3Ft z-SF?P@}J^0 z(6ik5XF}~ewXPYJepSi5j#=rCLRP9qvrH}14YnW7`Q`7-Vyb@UGTmHMIjZ8>M%27Y zUj29U)-Z_PI`ZR`Vg923QofXtjq5KuP#Psb31mRiP^x6V_>P~M7Rdi>sjRJBxI=p( zWE9U2%$7S?eZiKxbpGN4tzDXBgCfJ83$G~KcW!AkpPIjcLVe(rx*`{d@j5UN`mx8G zM&Y(Rr{MEK3ZajuXzL8&d_$S2^!!t}`J30=S8n2dDwxbcVYpN{2C<@v8zEI%2m#S4 zlJ8#I7O6objR&}I1!wP*+gB3|8hCKI7k(092PTf5NdjW|C}IMYkSVT^-PR|TFm#VO zZ+c%uPE%P9@?x%*xT0oxs;KUue0F)orSX_|eD3P`rT+?IzHc)W)gAHnsp03#3<)(>j_U|4ufMwasCj}?u4HfG!*i=rudpi`R4A4`eID_4nUvY zb7H}#6ni|Cu9I@>lId;x9W0;zRWYnQ4OBgrxa6hnJ%EF+%_dURA<3-mHl?mx_F~t*+ig&wC*e3?rRrIv`}-vKadNsT*T(2u zhsKU!#~ID$cfb9NX#6x|Rsl3{+4^d?xeDIv_0(u~Wfrfbv;l2yPE?GHc0|WB1dY9e zm#U#vsc|3gY)5W!>;xiu1Pfr^Ox~1rYVLqh^t+k#0ERb9B2Tx1Mx>H2;Q=rz z8y91RZjLycRguy*_ZU|lzB2*!hpqIL4O?vNqRC=MC6Jg$+*b&6L3_wpy&Wn zqJd>}<2dni|0wSI;5gk|m2`1s=Z0h*1r7bse}UrOe*-aC{O1gJ8-(hWdB4VDHAe=oHEi&LWoaK)T+oEtmsP%KRvuyhbFd9a>8<9N$zC4sR^+V8S+;UD z9&`~#@L@*qwjGYHv7U)-s2V3|lwy2HWag6=J{*%>8dTpV6n~Hq_h87M%43EKPwe#d zv}2OuXyEVoK{c3$OoI@n;XI%WL1IwF31=++4*&2{*d5nq^&wJMNVxG_1h+~p!yGqg zmq9P>^9fGl3C_=l4|+#%yb?*BzJ4y$`i(EeVz2veECA09FJF}^ zB0(P`#1{f_o}BShtv--i8|vU)8usYZvEUj0q_? z?Ui!;Wqn-4I*!xXklO0T-TxaPY|$NUSm!##EZ=*9P46%VTJDygBQlaGMQCW|MIV91 zoFS6xzVuSHZylRM&YowVk(l1}!RKvym+6|&AQWehtHsSB)V7|WQ- z%6>lCMdsc*!cXPBRu$NB{JkGom^$rLmN1Z%jl=K!5jIe7+WH8}hA>dg|1GwviVmI8Fa#HG4>t-X7yIr_Bz0+?~|1gVa=W0G7ni^6nUj z2JO$2`P$WGZ~Z?vRpw;6vDh9FfYIj^LBeQ;=;7#J>+u1ZQ z_;P~plKm}g15B9BjEae6kay!R`f~T2AfK{I56;#2N8K*qOn0tgZ@?6MyF&eA8l-4xKOGLKF9P?ZM>qucC=_qc;#v z?}0x$0X2b}oq>ua1U9#STM+sxbMSc>mt_VkDTA0DUqVqIttE#N+whA!G?o&JqRjl< z4SC&lq=JeZKDYa77^%yMI6nWJafgaW+Ed)F_@z#Ii>KRCFJAW~UKgH1w!>(aMp4fF zl{;Q8=t~L38eB|MAl=#+RpOX@i^{VLhW&0ewU?MJy?ZMbgG4{KzMHDfbLYhri|;77XN%}C3k^Ryjz#&o`^D{oJGl{m}F#%)qF4N@MF@ytc{(M8B_9D9-A29=sg$_fu1;@4Z<5W|u_o1%p89g+R?)QP72L0MkRT6p@9SNgzz$zEM zw|!GIPo9~VI?{)Jd$WE$K?S58EHsOfl8K(vf7uS_5a?>wG9lLhg?ky!I0zrI+J2rq zG>$9)ZdDF~GWVk#-tl+8!rWdz<{o;Es^hN7LyV!ZhPc@~b`V3pucwGb|8UTZ?><+L zir8JejG)98QA#rnoDilb<~2`>u$?5VSPdgPbQpW$h|~qp@#lR=Nk!I6U6%b(@TG`i zAtEZXx+$VB%hQ$FT)yuC6IEu*+07n7Me58>F&dwb9b#(8+xITz^1)0rIcH~zPS7Xx z%s917uw#T`?7_UisO?RriJ`AQPvv5sjvhkYBC+7u!oG5qB0w!8^amDBs#S zYxdBI&ZD2r4sDpWp9gzxW)nwtM-}C(Zt1hA9#F-JQ{o43+|$0O2VDk{ZixMd!7k* z3(5%>55yNSCR+*4C_zn_#_80F2Qg!5JeW2{OJbU9mL8z|VXLrl)v0RxKYnG*i$vcTOMJ_s>;NC@Cuf)pX%b|`Z^Kpk6 zI0h8qSJzP^CbfGMdChnkjw{xV5B+}2KOgVCDwxaZZ!~hgKj$=oyM|SJX;Q9mG+{P7 zR?s7l!2XE)Jrk-Q8dr$-CWD{gvmFzDq805`56tWSj%iabR2LEF;KL#YN*A#Q1a`Ah zH(UkBRU>jpAApF-4pKEKgZZK!Fhvx-!FV%{q&Zyvg?stvFrabYpUQoX`pyaWNSiA_ z)a6SgmR`UMR9Lb97nf3N#=q|Us{?4CJB=xB{8YX#>H}h7WR8zfOqE z3+^P{33g4sAK@wq+?X<=Y2(Hks^GIkmNo~lh_W5C#zCM(M`1MPt{q0ht72W^9`ivk z+&0Y3Ilu(~l2>WOd&vUu`K%f@sR!A?TDD#mq~t%ei}S?6@BLYXCLK*3d0gyaZ^C@I zN`qjg4eJYGN0i(AY*~_&Am^Xi6Q6EVMu|34>a$9&%b@#;ifk<#bG0~*44zM@T|uUo zMD?_dLz;*MmS4X$79u#xNjX#ONz3(y4I*PCmB)GozYvCzq$)@?Wt8TDyfRrvB@H0f zw!c?WQBUGWV!f&c@EqZw)XZV#9uYR3ljY$sv{t>{Qk1wkD0jx}nFfa{O4MrAsAaWPX1HY-PH4}K_`|$K zZ&l(?fATz$mOuTx)2gq~bhHf9{7; z5xg4=(@&54rDUQ}NE2m^ghbfnWH_0kKj#Q?s6VBMUd^PmxM6|BZqDa(6Ty4jNBy3V<=JfeHQ(=p*zvLYv;!EuRq*;0Md04Ha^Ib8t6Da zp<_&RmSYcRvq=cCR`7C1*nrdQQON2S!Z!3b1q{{N@#AD7+L}MGd;=%E|DxA@hvGzc z*3o5so|MziQwfM;TH|m1>q!b7*o4z%2_w@!*8|M+{g_?8MN$gp!7a8tyOxE^6#b7> zDg+&k*=$jzCD+tS*?B!R&$$JOhMZ;#nXHMe2hw9?2pPWGya{n@ zYSoy=iVRG;w5|Lrl`%cmnc+OH%=;eSvw;htZKriu3*=z z%7>1?eMh}irAj(3I>aa_ds`k4QQ&#;?^Hq8JdabLkE5of9`X*H`%4|Rae9P!^fYl| zWt5hyr}nGcUGsF-a%=@gGBIw)nY|bHUK%;&??O#$256P>0-?*l2~Q*FxI!gT_1+2l z@*JZMY{hOH-ca2u!?Q;zDXU_dOvfgb?hg9kx5i@yWoVXuQTBlB{FuzwlaHHp2~v?C zpr3UggZ|5f@>wO7FagQ8tSj1HurqE;NH7Qn8%^;=lasH@o#Qrbk7%UT*@$16&&+b8?bbvUa*vk|;tqi`uQ- z>9*ubIs9*C0k-m?vGYnTt<7iLEfKIlz24u@aZK5c(KhAWW;}R|Q+vcE8j5`eVIc*u zCpdbWi*5V@BC^N}q#C+=4O?p*T^X51FfOl^Z?=9-7Yw<+Y*o0O;9UrHaEk5{cuT%& z+493`oQR}-F5CI%%E9e~*TGLhNaHI{ghT77YGtRI0wKfJD1_Uhw| z?BNjevGUdM$K6Mth`z7Vj3I!GQ;0b5k?T)wC$QF+wA4VI+9B>S_i%vYJ4ZCRK%|+H zCw$CnbhUI89d#3$1zojrZ1T;fG%{gl!7?qa=v>kiMhcOyBciTWoQJmwRr^U9_^r3Gkbh_Q%eE0X!l}>!}OT{AjoeW z2!CEa9cdN~5&*GM3XgAL54+BxM>j@#9{HL!8G{{Y7tICSN?+|_``Wa#d~dI4T98T| zHmwR3%_wDu%N>suxKXB-m}9jJ%y2WN^R^|j=sFb&c9)hvx2ZSvCUrdz=oo%$hqV|B zpeYn=!f31>k?k^J1MYDo1+DTg$6CW7FAW^8l1H0RKj;E832U}q`C4d`6IeP8<6bzXBu->(qvzJpg%7g^w_t>mj*juVz zgb|+)4&~lDG$HsX-3}#Ow|o)$L^G%xMvoS?tnR0;yv4RzrdtIOA8do-Bl>(-?26Jv z)K9wi^Wql5I?fjfzb-NO)|@K@+bk8Xib%qCeR8=YaG|*vq#xb^t~k{p^1~9hueL6F zZ`VRdYg^90&YCPs@0?Ij7rdR8O{^U$Rz#ulWwQInViIM^2?{c`AWXpopMy z(3#yh-}9l1Cz5gh2$Q7wtTkyd=XNrflf2w?6S_&_(~g>Y_DY!?b?qGipnUi}oYawP z355a^Gi<32k9nmd@SJC*K4+AXBV$PSwQ!hn-LLk(i&<7uArA{@nWz$=gu5r~3Ak>{ z%SkjR?o{-EVC*`CM}1sfhP9Mcc*tsek>@NM1n4;4{ zEFLZ06Jy4m0bKQMZ?Z(~L)noZsDF055q#fyZ(}T09!#vQ_oN|f{C<{~9(5qb>)8Ar zw>$Bjf0Zw3YeFS`K#%!LHs;7X(YMIrn0ZGw7OFwK>X7mFylIv9nO=_MPg>d^LW| zQ;O!09A%!UO_=|)D2TMF)+Wr?3bA(&3#^@%83%d1;Cp7FL+#=v1o(H1j;A0l3b4b! zC7Q8~UBxFUkdL6hija3QZ5KbY6oL5V>GvO95McW9W*eUS5(|}}THf5Pyr3_DRrDvw zqBxv~9~0U{Ex+V578Fx!PktpwyP~>p{gjPLY%~xhO5$t)DXc?QK?zl&RpMJX%8z!n z{t*#VWkD*+=lI$w^+dT{V|o*rdgleXRt*t(O%3%*TUyra)}fX$GjF$If8M=uG$k!d z*Y1NyxsU9gg8dSj5qrR#S@bsM)~Xa+sRbCAS~T*w-3x_r808y~2q zn`cNaqb|96A`hSu}!Eq5o=Dz;P->N)a8VvU|dRM=062X`nnhzFyA<=bpLcE#C zt+cwmzVs?`t2_5t@TH0s&m~s6R_`UfHiXQWEFju|AIAtaiCuJLhaMI&W!iuhQIC3Xyba|`8<&t&fIlr3|;fv0vbh|Ow9A3&|NzWz^a;+BLrT(sqpA`OY0e-(!L{3wAanh+rwmx(mCS&~ zEaEb>l_;ZW1BGt$5-`BWTSKSf-xt4~d?BwUJh7jk^=(zQaZ z8%eUq8YmPIXe0=E<6IExlz{ z=iOiP-`HY7e#CBE$=%(7Enw~V&Lte;!i$2QcB%yAaL0s#s&o9nctrNO8SRe}K%(wP zyPNiM5Eb936h>!h<+1$X=nG%$f_Omva436^TmZ-JBWQ4M?*;+8H%rA;S($JD*yG!7 z5rO4tn0;RyV%&6b8y{U2pfiGT3-=|XEByWg&UB}>03%Dc*CWAc^rf4-nFJTzGN zlYM6BzHm$v0gbH{O8L6%x2~zxRqN#_PUMThk7~v|lznc}+y-^q(ah`kymz!bY5he!M?|&0KMJ!(y`sfiDq+M?*zYOY>t6 z%X&hht+>tJw28w4!WDDJXEYJ z`is83oXz%7&Za>uq|1Wjs3h8o_Um^RBa@BM6E1LS3fVN0MrYl1D&hiwQKm_l7X%n@Y$Pek4>-|1g~?qjt#+=lE41g^Ius22x*9<;J`hGa z<6a_44wgoP@Rr<&^{7X&NPkG6qoe*I=C69?(c?)QUX{BL$j26*C$7kG%w1T7f%KRv z6I`ws9Fe3oc6yNV=j=!nn6<5?x9xUdFU4jruj6YeTgn?_&Jal{=>Hf9}msD5jp z?5>JX&X?CG#3@6?4NsN#0Pwb6+8u$n$}P#&*~_RSgC{S+VzvuY7yd1^i`_?uagfM8 z=6lUmN7JJTl}j(NT~4>2TFu8d?$YS+)(dc^QyHuRBS~f>bvk{NzfayS~#0tx{XTPU_G$%oBRNY3%N% z6SUO4XK(C}E|stTD;Jnu;N9J`9gMbevi>*oUTZ)oerE z4h7z}{ONH`@{j!Ul6rDMo-Cn+tVWIhB-=ros4Rqw$T>o#@D~f;vQ-DQW>-jI30Xc* z>Jak77pW$mLPPdtHHtgR?p;!n9Lg}(Z@C}A8AnBC828taca&MSi+`Ya?}kza>sDP! z(Y}=UXA*8WwAo_F%dD>f{i|_tkzb;_Lm5`A2ksV*iTq2Y*_q}Fy-#2wp^sFkp}xvV zPMf<U;!zWIq=$D8S zWs`(1k|04tZ_J&^4rR)+8m<MKSGMB8PXB%*j z0#K+wUMTl0Y-E2pd};>fdRQ|GURCa2Q?ywFV(6>lf;1&cOQa)UA?)?`KB}WV z0$2HhWC>1pjYhoQF{g>ESMDUpvnAgfRxN1&@N&T6TAQbqSPSEFGv11FSWXwee2#uY z0BG1#cALWteypSJ<=YqI_>%zkZqo##*RAx%Szeop$AG`MdoaGlB|fzSESwzja!6r59;Ki@1BM4qjOpW`l7t|?vVC!O={JF$+ju-=TEr*J*}#`G z089|}O-14G(CsiuZ^&bsz}sMvy&LvcI-ljGJ;FqMZ}O{{YA0GvE!)dsrOtSXnM#!w z9T&Lyu2hqq52_@Vh1Q_n+^ki6F)}w1+8O#|w7vXL%-Lze_*k&%_sZNmYkZs*eke zWz?jp?tfoOJQhYiF3W(@+AxTE!WiV=6tnGMq@kvM1o_B!$yEEm9Uoclj*ncF8|$y@ zDChOqYT%05srRamM@3km4y{sfCBxp zh@&idVlTiwQP8oSIotM3SsX7@83H;raTaCb17Fsuuqe3Yi9G`jnopj)itMu>_JPem z(oJ1(`1XWU(ovG+A6P8jEC_wd!M_=0IL{Y%@V7fUQQ)8}o<<%Vet&6pnDpEX)ZOu4 z$aJ6|G^1m4G(D<5@WitH_N1Ifs^_(=MEV|V;!?TejC3Eq>uzY2V+h7s-u1**-YV7M z^(S6pa{ey9gi=DU7SGmV`Cub2K1p!>fQ>+AJGe5UBuAPbp6zn;4qR%VD0@pJ*GZAo z_9N1t+mUZRDBByos)n}HhSipZ1Es@2#w9>7#q;E})9mu8rL|RHl=XyG3Q(=p9W!MZ zVguGr*e!)i{HdF;_buODSvmLWTDJ!N89MHw zTPigRaoZtEyX<&qSP{f@&a8yEA9K0%ko4rMat3GpsoJuOsZO{&DPqF1z6C(~_<8bj zw>Z&@2bVmuyl*rJJ>y0X*4*VClN^`fdjc&$zzm{A8& z>N@@3KW-=tpxe&RO!~PUH#0rj7&kL9Pln+4PU}zn3`GOD)Lb*i6%r8zyhQi7}R<)&$1dvi{%DJlrF&mE>r2{NkU=679%lyI~ZPtaaYmee{oAhht?nf_F5>KMDMPfCjOR-owELBKDBE*`jbo% z_fDowIOKSd=IVf(Y6_d)wP{+5tZ;WJI}JcCkzM%&eN!QJTXuda*$E&UuC$M>iymPq zQLhZBbEB~=iPPrU=XXh2GiWNmIj4DPME;_opv3vzX#8r$j5gzIVL*td9#}s@4@(^< zV2Xp&^5l>8-5IbyUQjd~-?^`m?;pyC#rXmW2M``!>&1j&c80G!%@D>&nkAR8_H z`OW9kUkF+R{3&i{I4O`vRM(Ge4)J9SNAAV^u6f1HcT{YN$6ULP@A<{*V?!XG1=oQ5 zhAkH&?hv@+h?EH~`rF{(wC8;da(RfKvXE`{P4n4wlbpH^Is~qc4_#IiEQKbYPq>7c zA_@RLTr_<0@Lko@z%hrGcb3nBLm?H_(i3IbM_RM3p>>b0$Zg6wnFT@*lwFVmzbi&e zk>Q8|B>Tz1R5uOeC!V1GJQZ-(>ZeC4;<1g9DeBQCc1~d-{*Heg^04Mjx#mw9X0F0ALa_^Zd|044 zbSX4=j=V*wyO*m7<@Dz$Ew>x&m&Z}u*<60H*4q{-UCIX>QBmFl1joyckATm66(oQ) z1b7I89zF3Dw5KdT;i2JxuV7V9n<^mIhoLp+fWa|P@e8@@ZHV`wyb)_FMDD0edI;7wld04io=3>|KxNZ`ixWKVa`| zf5YC@|3Qxbf3z_I%Eexle6_NoV5~19mE&rYuV#cSKBio1Cch{~Vds=q{1~GyQzXKk z^PmW?w3Hp~tkLiWKsR(c=n0(Rrylgp{G%HLooj<_lX0A_}@e;ic!SR5Gh37A> zb|S0agQui^dek&}*@jR(MUbkU*F(k^!GbUHdP7b_;~TbC_G9bwIFoE4V;(T7!|aSy zr5WSAfIR8w?}n|$iI9;d)5My+#?9~@?;CBoJyNN)7ssU>Cb@Vlw79% zZq~f&t;xQB{)>l=5{O^B8RzF0MtpPXXW<{|16@lm@-quXLG*a8Iy3e^?k*AN|M^d2McbH@>D_;2jqTyFtj%GMbI!5i zE6k?e!YaSSBwPuSqd|MFtqX#aScsA58Na%a;v4xI(MR9jmg!Z?qc>2>yeEs0Md z1X2AOQtxH*{)D-c zVrU+%tckk8Irsg(zqGDJ;QCU%AanuBPBrRkOjz9Uw*E(CvIDur)6rQ4u7l&3GUvy~ z3);djYvey*{_&fEEPUC#oOqFOqKs@BxW%XU?+95S-8e#DP3VDQJ@ANm-^iw&rcxd$ z@GlZhRoq|sYrPjV?je2P2XHn&Nq&h8!>p7_lHvJq&0m*)&{4VXO>xwL+QKx^9MRbH ztvBEc71vVCl%01ttopAP9;l`kWTo}>Q=t~G?>em?jnn&Hz&+*IjC zmATh`tbr;%AAi9SFN>-eJoYf>O>n}aOJjO5Ws_{fuYA>6Dk}a8QE{H z|3G?Rd?>Z?W}xXDI9VOx{7@dSTk!|)^hKWa#MjXRWf~o0B&vC9P7~`43(RwlHXXD3 ze0va4aqqS33}jIywX0m8d5oUIrEcKJLl7?{o3Wn6HiGN!^@~iFqID{cOcXbN zhvxw<%aE4PI-+ByCpLkcW9xtOkXTPYe~K9Q!Dyr02etSqa;R)9C1wnTV0q%hE5z;$ z(r6H%DY*XzQIA&Muwq(wyCK1IA?DJtIwBSaH#KA#++ObF^_YGlWK=k@b@_?JSG~PF z$2$`HL;7Tw(a&uPs#jM5(%BlMQ@vB#D?9H1%G^6)b6Rv~4JjzPs_dY@cC%rq-4+L$ z@q21S@kCZl7f&XFaHx$ur~5BxJ}OZr^k?Gqn5f`wyh;U-ZA+R_h8AKS2HX@vv2_C% zaABa>LS=jk`RX=qu{V61dnjC2Ib(vDfl8e$p}j7$F1?7iy@{LM6lb;R;+Ku+e{F#U`j>H9%^ z^fPB7B_Rh@yY^49lLGBJW_7HF{i{aQfQ*R})o8K6u+3Df_{BoZ)z4RI5;HfYayY1M zAbUEr%CP_HV)x|0(w8D=p`Yx0aKce0)t$#}CvJ2%#m9IRYK!Hz^Rok!+fVQ%Q_G=g z4?L_VsdY*`*Hg>ZF4~d%9W&MwWHz=^J60m+avMgb+}wkl$V)=rHK|=`7myI699P3K za*9jS{|W3{w`y3hF;9-r7|Hd|#Ufy=;7HGQimV$d8Y?wguWsp^Hiie5Kab+Ge6(9~ zz+!dZvXobUP~qyD@S0Y72>mNv>oWn7>W(KiZ(<=bt+MoY_Yu_zaC58N!eNmqET=K4 zMdOFMeWWFass8G_zS?w&n2~P2j%92_exy~30+vtmrWuHLcH1E9+PU}We*@K}M9U6; z#}$co`Zuq6n9^+N4~Tb$5?RNYaz&D`{LO0yfxKwLM?ETQmp!&7T#+d(|Kda6QF%}B zr9imIJ8T!#f2Tg*wE|ivBY}5FgRwG-)2#*ExE#E>7;Izv0C+Zc_L)KyIDo!(uMYrWN|c$?`B4uZ zvu)|nyQuP)YI`l*>kbDm3}y2OT}t&iQU$@ZMDb)13c);|c4ALE?6|1x7;bEz*)&2s z;jT6&qpxPjExKnfAmW)l2+doGWzw?BgOpoOL}+FCzsq|ghpxjBro+}AuaZ){X;l80 zjNSaDkE!DTl97%GAMeS&GlEg@4its72g{YQG%oks^LX_$;I$U2<{8geq*@qyD{MV0 z1Uu+4&rkHCPTM+_pvl$hpE^bCzk2nF%F_P(`G&1VTW#c8z4%A>B6*3tiSr5_=i~!7 zHM8OpG?c)uVEMuKwq9S(q~h4O6r^I`;g0{n?|SQ>$DCip!J89QZ~ae6pWvC4@*ai% z2b%55o@Lztesw?U7D3H22aZ=3uV92sQ5fr87( z*(0-*Rr(>^1ALteqV(y!fzh{Pjq9L`5uHvUH=WJqywIyq(!NT@|%H{yRv3mX+=%^?n7JY~o!Q)TAH} zGRQ-GN-CAeYR&y^*Vg>yOU=Y;^SeBhFaRNAFZ4TKO=etiGgMJ)2N)gFTK25|ZawJ;lUyzP z5%B%+L=6;ZLS6iY)RxpAaw!C%t>lyBAY@q-sTJJb5r)b~C^8ZJg#0Q{7AVwDGhrw} zs46)4Pj-oP%u<1AH4sLPVaUE~J)p~W=*gS+PUO#&sn4bPA6c3$`MI)cxwjF4s3nz zajZVg*yKO%&?XORn?ga)LGJF)1CaX4VT0co4g z02r)rsP~oEx&Di)y6ir8+>s`RbOsM8T_j4w3fD#m_bl39KFMZ^Ne>>8XY`m0>CW3q zAJD3}bol{!-cg(XZJS`zuH}tAv;~Q*DThxuX1TV<3Gi4S6A7J6D)Fq$X1!&?*!^mJ323Q_ZV(nApM5!!ZQJllcZBHaQJpzCxQ8Y6(6j@3y z5d1iLf05~}SS%GKXC!_McOrzSy!b76y~k$|BLL8w0wVpECNg6T6HXwT(9giWWGI9D zXRhScN`?$6UW$Q4asAo&D53R_^5T9pyQ9Y-1M=u^X5{}N1M+_y5xR~@5?Vtv ziO;cp#BFJFTY$&5*SK!!&okqgnyHZQ!_8zVdfrcz*pRE4u;+E?1R1VYZDDvisH-eM zFfJjrq?VCw9HgwliGLQsC8n>Hly{gEs-NJlK%}*h((1SeLCxWCChRM}4is z^~zG8oGQPR9*flDati9_>wTZj+L?0o`^}K1vB};D9R=;^R_Sk5p~2>%pQWwL z62n8eUEXeHY+hw-p70nd^3?{8I z16tU6%!WpI-;wCCTMA(iN@KXDE7BszqPHd*6JEVkQlkQ-bqe>R) zlGC6PbTC%zC)yxb={Yw%k5h+fiB$(XA0`bon81r2|tWKfR+$Gea$mz zepCr@y!R@p&1B5Z;q5P@q3=S z(kKq2J)S;D1hRNGP#834qDmp7gaY}Y8PE^HL(W9{tV=CI6q_Q^n&))8_@@sG-uGS) zT&tty@;}IaU7S%9x5J|~gH8TWSYS!I6kY%ut4RG_qYc;E!PIryc}PU1||O5X)fG|FVZ3D8pFk*7_w@vnPMcK@eDafglt zw~VvZix%Lo&d}eco?gA@2Qe=FM%oA2!c_X{=s#)XLl^X!#4t>*>G|vP`+`PNhmsAJ zOH5L+G}0);Zvtum!^UG6V(M$iXWj^`0CO706M=^`UwqK)`OI%Ez(13Q;7*(X9Q1$< zoA5cj`DczvwBX_wo&o(n!88Kx$C&S-Iy4LYB~AVr*L9>-G4u~4%onICproFnx%~y} zj~5U!B*naU59hwzD@hH~(vORCEpkd;vvl=a$L#BF*b7S`IwX&)>1quBuws-*l;nQ< z8G_zCAz>NNkW<<;?z#!Zpmu*dI!beT{$(All;+*`UUw7q;L&peXWvyGu!{$-EN?eS zA#llZ0O?`A8B66nZQ|m5e*ArX!00-X@^C zrsU_$)KS7u_t#+TK|74Q%GjOn^xy%sy$f%vH*Bn)4~wG+K1l>Nd*FU>Sk;U}XNBmy zvv6vW&=d^&7eR;{`J3|bE72*5Bs?l91qBM09%bYiVZ?3C&#mWgUw!wcj2$$8bK7-T?~j`5AI=nAD_w^rtizB^lxLr{ZI&lT8XMXxr~K~eJ4j69dpAl| zY})Cfkozxs)b2!?sY1h8E9qUMw6a?z9+wP2S>~F~gyKqcuyuxn{f=R09xNm9kun`N z=yeB84e6ic2_#U1KOp3vG?^pQXl|B^Amh6KX zLd|cF7;Gjw%02L^ucoqkE2owTGYmT)IQCEZ`hmoeEkwi^81> zYw6`JP_~_>*cR5fZ1ua+uoWm^?mJ3??xogfG)edpaPA&tXFzKgT=Vpy^WI)tZRi$C zux=gqjZfd4*X4C9jRR_uxA51+REk&XuZchv^9SYX2mW-Msvf%k&mG}wH z4$Jc$080poj+Bw945+GFe;A*u{~-KZJg=whTm17K?o7{nQOjO`c)1wzcND)6d^xm! zRR5G!!GSL3X^3)AFRGlbH=*@IR$ua0T(A4b(_hoSUY>aBEUA{V@QPd#3x<|}o%rpP zX&giCl0RHO{$svif=qmSf#h1?7mnr#{y-uLTsl$)i|zmAoBqY&qXE??efGn4flk}- z+|6q#;KqC`x9hk@VXCjHr=|YYPYNM1$21O@{W^O603oSPX(ha~X2^{Ax;=QYnWxLZ z;;6&;r(Hrj2}B?FZN&PASfiOjN=6|6eROOoqy#rp3VjT5vtl`tvbb2^MS76JWx!UV zU6wdSX2f|mmszuZ*!fZ1*uVD|M_zN|dNh63{F}(B`T7k_Z^)zH=+()?^Kh_ZwKBYATX;wOHe$MD6!S?&=ruV!UGQJllxa z*+*YQ>H4>o4DPLq5%@1aXOyW1S{8#0uZ39WG(bM&K&6EWjBd;a@Rxc4z6GN7v5~Ix zpQ>lIaLF>@es0JhhyEnT4y&N)?WMO$Y=tcY_?BrP+j1G)>}rDmGFnaa^dxl>RX+m<>POL#%+HkhEm9C9fbFZ+cR6X-t$6g<~CVsTQ>=~ze%5$ zX`*L>^zW_VkUi~wpF#<%PqTo2%=|#Lbk|4m2=+E~pWEG+-P8vCEX=g*h3DtB$AP$s ztJA+?jXMdV3G$%4Nvl1CVyifNjgNX(+H4aj+sIV=pudcUp<n2{z1>$r-J~K4 z=QL*iPfT%Az5(xmA!Pck$28~Lu-+5pENJ%#gPA4K}#cVvFsMyzO9|uV6`H2VmoR}>JVW++Vl^YL($VDeNyRV@DX+ra z_&P>Ds{5Fcz!*s9lD<3OuWpR$Q?(3@N@LtHZ|wSp-?I;o&Lh4PJT7ccM&7S40$%cd z?j6eOJrsTn__w>XpP*~Ly3lzv-P8REg|VN3$Ec`fig2&;@xdQgrop(TUH^@}_YR6G z>h=Xy6jTI61O!Ax6hxv(kk}%ULlaaaHaQ2$nN|^yoO5V$kR;IL&>|Tm=h#S24Kz*Y zh7Pas`|iD8&AeMRZ)U1yUfuf-RrKCxpR?Cq=j^?HYpvgUkGPhijce^OM%FwWSWlJH z$(o^s%0@^QyaUzue+lZU^>r@|njnB8K_95ZZc27&AA)Q;l={C@3nd<(YNmoc>>A$* zW0!oK2`%6R$unk8R`=e^|aac`)1ffPaRLZs)T41gJzAO1<8WW9( zS{#;xP!?N1n4?sMr;NtPlQZ~PF4c`n+AM_(!ALYswywWQTFaZi*;U1w#S&K|{gu%f zJLwq`T%0-g>#uC$0d5A&AN5yIDBxCPzP4ufRo9da zxCEi~#}tc)!yNluoqfW)lEIBHr7SOqw_QE+@viHMlz)&^k?B!xH`n^E!t}JS*wL>^ z|Hrz3j%SsBLRi_|&A^%Yo++lS?JwOce9J4kYAzpSb$y=EyG3r|Q_ir{ny(pkgDb0H z4{T*pM{4iGMOE;}y)+dv`R#qZEULX{C|L&mr~6?2T+iN-~IC=)6}ns@en1SVj?I1C-fc( zaY}?z82!oFi=CmfJM0E3Jz~#6d6-~$&%ImS8CAkSx&Tl2uCN?>OaG#1WB#e%uKh^8 z!o7N)zE2grq*rC$bG+?Y1%+@Xk&;MN6V;BCe#t(TVmrU#uJIS?i^gyLc#)+S|2Qif zXd9dJgQgk$o-nE+Uk8TQ?*fQd5$@l{S*G!taO>6n-tk%Kim38Lnsh$>*dr#I^;%AU zlAv6JN0iOxi%^I-;xhDG_5>Qvhdg@!1heq6oK17Arn?NqnJ%K)VNUw{OiBG-8BH$E z$*oOiM_L{7@(O>XK7_k=S9-3R})JglgBT{AW@rO@K)KTd1rMx5xE`@Km-6(z{vaP*fh z5eRz==H~xK47O`Ti51hdt+3m`L8r(=nHJmnkEVi7sz?*_u zino60%B<^{Di6fTQVUOPogvf%t=Rt#vp|@EfZ5fO6--a>mDpQXKR4aPqK4{@x*k{M zXFrp-XO6V`jvs=6lhceKXY_N29|k-iaJt#3P??smR2hteZEs7>Y4Z@ML`cj-5m zBb~|zQW9khQ4rLhqM59m2Tu0j)X$Oe<9JI&q}#JknxOj>1uY(gqRvUaxW=I7#9!2Ex|W5JDuR*=ZOK z3x8Rd3g@DD(X54Xx;nZrrCG2|CHwaA>8C-k$f7Hk-yV8sR8?d#tJ|YziS?+K**y=3 z-!Nhn@}`yAcAmF%S_r6@?4h`wnY^^ZSEy@EHTnomW!UBJa&;kC=p>{|VODwc{5jJv zx(wDop{szl_mG#Kik+R>D^u916Oq#+7zjv$otYr{bWiRugJv4@12}RZu7}rIcf% zf~#s$fDL6dpLNO}qHNBUZ*a;Yz;4*$703JU^1$OrZTS!}yt7u(2Fn&z>@^(|U>lDq z>OVJk1rQIyHtG8ptYxLxq@~dsw0Pvz?J8>437R!Wv4_ zYr5wyzTIQ9L;HYjILt> zQYnuV+{`z~S}P}hYG7jckMhMUFsf?;cH_u8NzaoXcTH`wq2$o{%%fSn1Z`|>(huAW z4a3T@(S5N&c7bMZDqYlmv1bUXA_T}4!rDI{OVHqoT-NKs2}aIM{1K3zoRyvfmFhVF zz3su7p*f!)y0nu_vTl&vOh*ysU4}*~{4wNW2&Td@`2HCa%Z^lQ@yl5&A4D|={uj@Qjwdh{=8WxR$A!dJT ze&vpL4@qq5+Au9s94^RJAAKJMZbBaYxNHAiefFBJgKA5;4L*OS=Fa$_@tEda&Ukjz z8Uy$YO~c?llh8hMSxC}OLqNXbqssoDH~G7hVN&}kMNe=_q!I}SA&)-LHB57T)ipO? zf1vhb+F+$H%w<5akKU3`m&f2Bg#ANeDq(#1AvaHRtzCY4=eTIQLJh7nG3d?234OJR zDrp0?>JRQ3LiS4Mu7ZUMaI!$_dex7X6WH`9!GTc4@0j4QWd*yS; zw~@aV!Q}B25aaYRcNTAR9tZ!`ea$p(`f9(xIbI|aazZ_5yyAH$w^T)0S;!3=#X}+L zZ+`+~7yN^@-IL)g&pkWM)(*NQa)J}MMx>C_J zcs@{l9ox+(5;2ZE%%Sm)vd30GB z-K4q_5r~k&7m;`TAQ)bidVW38{A2?rh%-8>cY6N;A=Damluo-^zYehIOeJ?_)3paD z#?2Cj%}sV*k$VY+1AJAxv|YAd^QhjOtt8)B?;@Kb|03(9VTQas)!fMYO)k!j%7y*+ zW!g2_nEb9fiM(B#$j~=WM8Y1dt0a>=>kE6NJOEqEUI#G+)W+mw=Nmanw8W1 zv}*js(yIso{9kHmzJdT|_C?$Nb~-G_S8Npk%)=8naW?6U=9HqK5n|Jl{Wc{Yb21Ukb(tY ztA^u|O58bHUo{56eL?2=wE%m@S%th71$eCNwZcte;Y|^^r(}l5pvPtxQ+Z+UkV*kD z0QH-c>##KRPY~0{fidc^5V)#XK@aPRQBDi#THw#q`+V(r_twA5=`PdT6^3$^CUA3iKj zY<}F+a9K%|7JQ-p0t`K>GEGUPZ?<$T#t095R*f4E50$sT7}Ld5B+b1j+zv?485si| zixeN_ZQ6ZZQeJg);Kh)HzQ`2BL~+hHTiK!Ect7gwR6beVQ8;T}JvH;A^N(7?Igq$) z3%6)l4PjsaSFtjoS**C3kg&Ap5XYn-PjiPOad5dqwc-Q*L?D_h@5u>m-{IBKCLzY|W7pctzd4rAQd~{k zg*Mt?Q^8)##PcLVyy6wXXLkfVBBYItEMHO#Z^EBxdmr{HLa#+1Gn8s2?p@V|*el%Y29;>vwHDx_3(_S8_g1olt zH>#9fep1YQCxmqXqghEas+JHEAPmp+V8`H!3d`@fr*I#x=?|+mLo>!z;ywt{{ zsu)0h$1G|66I0b6V(CEA>kigRjN#D_n*_<`qbWQz14RD&k^aAsQlh{UewTF>v5j<> z&F~k4S@JA?@m+S6*IFD9$6IGNriL@>a4Cr&yme+z5aJ_x7$+OQM17D4e)N2s%=ynXB`~VOPLv?o_RMZuwUW1Mp?b;+i%i)BYjtccvsJA=IUkU?Ei>FPGNkUHDWYv`b3aN$K&dy z8ESg=+#~i{Nmb=Z=F6`heFzp*ax|G6gPJW+Uow-|PY(Z&z9B};qfc8x?15vkZt|C+ znVpOU{-f{XFK!C|GLU;mVDG>5y*~NhH~qgOUd41FTRH>3;|bS3&cb1cLt}{WqMeI3 zZf7btn8o{>L(`g^H!)7fYC)v=Gc2u=u0LY)82h#BH95~~nc#u$I4S|8Q5>azMJ$Eb zjW$C+(+DY@&pbvD8istxNtec+<>f7ChOBy!6oYC#mqi^kuVn`!5R3KqCC(U-~jV&$WqP z?5HiY?rmhd)N}90=YQ!t^Nr!%zvyh&Ckngx*koADAG6zU`f`%=d@amV9+GC?PGus-S)twebQis7ewKE>pWE0tglFFN#p^~SX~ z{ABTtO`MuU`wR$ak4?3@KU?rziGc1_^^Z30I4Xqk)o?F3k5Ra8Ai(UH@~-f$p)n$F z_^bUz7e{ZLw_}#9Jg;1P5XF?RQAI>m;q#79Q?IwsB$BF{({Xg^ER(qQal81@Sdol! zqaumy5LIk%L8YgD058(USLILvUP{E@_>N^o3AvK4N5ohR-!FLFxE8Vgw+FJ0caPoc zY#DM2?>>C)old}=hbSKHRu64&wvNXt4=3u`$E+7v6>HBgQS1gr?B znu)!o>c4L7K#n^S1b&b}FOeKMrZjsVD&j?mpW_lxX07M$h`bds;Z4x(@NNtKe#3MQ zbeqw3I2Ah{sG`pe!yZD91o{tX7?g*b1wOO-sfcGnf9&O_UFI^=sWl{^-ho>1YjPU< zfQcP~H_mYiFw1OsxC3sD9PR%u5q_S$n{_`!T#)}bHN1{)wD@6t_SL{STCyh%G9)xk ztQj}IFe$0m8#t-Q68lio|96M~o#nuxmab3;@fTY_cQaYfx{O)1xJ~BU*Dge!kqyWI zap#JSD<`l6EylVLEg(QPS6esmJ;+oQUq@HgaI)j|+SFh7RHyewIcSo+$v@ZTKXj4&txN@o0_dB~Yp@j*j5}Wyb=pMOdGDBl&9RBg}6- zrB~3aZ%nu?9|x?hjG|lV4I>)s$z9X$+9KgQw-y&dJ2=W(eOXBNj_o+nYlpW zA)T~jgFDxL#^YkoPof9O+9;kpoiBg+w3nGN`5XDx+uQT%Uw$D%17hd1KZn#ut6ls5 zSBF%AF^Qn2GEW^vV_W-tdcjkK967l!PVL_49@3?84=3j4u^w;d&^gpYql z6_U-lHdN*V%PvsvRh#2$d<{ID%kL228p5%Sbmxb-*$>7gE5M5{E$WLrD7_`0_|_jV)@VQ;GY$Q6_#V|S=;hsG2JxC@V$nYghxJ$UR$%age1IoH^_=8 zd2dtKj&Ikjh46`8eI=!8TosMacv@FS1x>Q4p*^p|Mqh{VzD5nyeR6+1l%0{~_9x=rTD z0v11(cH&FopNMX7_|p?{=3hH7o`&yAX*=<6ZQz4@#xR{YyFe75b+Xf3dSUrvTr7g^ zxYu35w^DCGB0I~?rA5N&;apZ6Dd!$H5{WmD?6{k$^6Go@y~=a^&rP$v#FRN!?LZ)kRSkwh1{o?dr+1HV-3JM@LeF7{=$ z=jbx0cPym#=g!pXR-yF#@)NpaopX?9b|6|@gnaB5IiE_{M_7DFXs29cUQ8H|99L=m zqXMJg!Cc-v&dzG>Dj*hQ%<{xVZe^N>WQ^wQRq!LoWxNDSkw;Fo(z1;MVW{2l>`QI)N zf3C`XKL@f0*WlL3$7cz;BuWAu8oBiHyPr3PKhuTl{<|-5Gx;`I(B$nGdX`3HnKEPq zB-&+cKxAabGE~-ZtzpPoDx~B4q{7B&vDOu~P zSGk_8R-xS2qw1A;>o!d7`nQOkM5eVDUM8>V@5uD?Tar$3h%9!pi=f=}#`&Dg0IPCR zK#3mr-_bX&7wc^+yX84|RUTGljG3E!It3RvrwnPxvC#OfSY^K2~dFwI~gm;y7S4TvILbG1Mp67_mOPTBC6~n z@sEWRs_zv0TPUX)$u8S)$JoV(+$mFfrU4G+BQ8{_#9<{D6|`f#5e% zidgT4sBdOuKpu6tk+nS*@>sUmPtbL$9l@KGn@>(b#b^TmggWKMox$f`l? zoNtrF8VC&$2!WLPXcgT9fY-7Kafh+i$oxqpSh!|w?C)&znVNj~3wdPLwRH#tL}eLA z-^f~p(ub!f{dC!U6(+A5nXvnPHYbYu7-<2(53x7-EDcmayacVCs-3OUNZ_jG#J z2Q6Z;>hpv-tM`3N?ngn{`SQ``>Wx)R)!J?5z+BE{eVS-5%c0BkBp)rf`o7cTa++|w zeB*`R~F3!4Mq0j6$NEFW8l!Ru?K%I;1)!j9F=J3otzQJTTJrCBn$N0{w?=7EDu; z$+$aNKy3Py)Sp8@Z%aHiq$BnQCFesL7R?HkWNzreYl)CHKgW*i8RJG(wQS|?kzvrf zp7#skvNKkp^$&|ph->d$%&vDF`D^5^Q~8Y^qW*lc#g*-W2NQEjy>oK@LuC+x)wJdl zA^)NT=!?bvKj{W+7cm6s*=&&(sH-UST>S3Z_pvIVxii#zrt=0%9xabhb(te?a|5CU#4$>~@OsAVKb?*3U&b(I)M!^A%#)T6q=ml=3YFRtz@p~_5dM(95woth z87aP>wZm>Gf2i??0qdPz2=S7GOh<$KPbnB*M*&WrvWPtxTPxhCt_KLLa*`y@3%Cit ziY(;z!;&MfxqdOl|B;Ak``|w@h`OoxY`8bDSF2zoz86RgAFSam2KguOk)8`lvG}yv z?XPHKij>)DESx_k9)1nrw%K4j5(&{vlDPbH?g{)^bT7Fits-+3#@WU5+x(|QrfyU+ zFD!8*t$S2(t@kQ{Rs#MZQJ{(t@X`uUw)ORUbheoxQ81$}HK9cmX| z-19=WBQ<@m_e+=dtNQ<;`ZK>=09)1Wr?41|_Og1=%ghvXJ!#FT(&fQg!rN%gq1%h@ z#oe9)pZViO{jfYC#n`@lux)Ezv%~~{EGQq^aYxz7K-lTwIscowl%1F}b0*PRY}`t; zsh%&FC353WvOr3fX5CONZ8yldh`f#_fb#d=j-fm2PcrL3r2#HYDHdrwAOC%^Z`YvV zj<)SuD{Pk0iCLOqiX|HmqF|GI!cz&NYp_g$;XGy^M0EEF&swqB+wOY}`D}L30J(LI?ZHU*KejLe?zjS+ zpXS(@lDRsih&y)lI9%;~>_;(5jP#Hn0uY+j?0P5;H!}Sa3)C{cbBs!RyXZSa(*QnK zUgG(^zdMz7>g{6aFxy|zA7~SI&2A)Z&{>9AwXmj&bv5Pp7pt zKClUUGc&?>Y>u5|wF?ZJ_f1UOW{m6aQ+1=@h0op2oUh+V+p4N`mVx-)6rvotK&Is% zcz@vFvSYCmkVXqjXN&)uv!J=F`C)m+?CSZdoaBy}6RX~kL@}sVzMFldvwW_bGP2^l zP`@{>qcXXQaF*t`EKR*+;%6xW zX*%Sr!x)~H*si^Gn>^93fY~*x46xR)ja)=;fgZdy>_SdKdaNk*y*~6QFj?s*u%-B< zT5Phf%!ct_>bDcMk&7v-=U(0`U})^EKY4WPr+{8$s)iXCZ&-bkb&!KVdCPT@AHNfG zE$+^Q_CMNlNX*BOP9>4KQQ^kp8no+Ldf2WPxyaX=!)a=EEszGs$My)h!snVb&1G` z=!UNdofVxENJp!nvqx3UVh!!Cx0EnPV1z{hUSh9Go=ux#8H)>6olNwpql!9o)z2AY4g}O1^#syG6xW39(_BAbpg2iPY zE$+1ZhEd$Tl-*>E7&Lk%v*+g_{0CuridW|pe1afM!7x0kU+N-*UCc2F?wnRPzM4F&-sqqo>w4Xwcv(uUqmM17Y#$D?F(Ms z#7=q&>!jS?uwd7Exb%1SO~dlby75*;$eP~Hcu(R~Tg1Kn?~k7p7GK94xQ|`pQ4$=- z6K8vtpl=)d<6=Kn9Q!O~_OfWDqTtbL?(^No*_=1+wvO10o_z>Q6B*F#V8}#d&Q8n! z(aIJ0gxYNn?HeNpvvXj))`+{72iuuZm9*-pt2p6J;#G|T5 zfK-QEAG`ck)foj`uY=Xyo&23mXl6eKP*`Ku67w-=T0p8jusVQV2rtpYqP%EV{roIx zsE;e6;G%p3bLlL8`xw}Q=j6DnHMO*;SpnWY9#VdeUyirt;R^p_WjgY8oeZ+M=W&qJ zMPP)-F~$|wM-tqy6)OObKyLyY!%~;eG91 zP+cG04%yKs>l2^4jBd*scGcyFj%9ouNaATvURS    +nPMIgkU#tLPr}#PtyWZpxpOq=5zfx{0%RZYm;>;eO?6 z$Srg0%uSEoOS?wuR*j|R#fYK*>>@*i<9I07w%fGvO4mhPr-d14Lri^=Xa1*x z29s4;zTDsLM0bV%A0J!De~{*Oo;k4=7!B^rkQ9nrY_ERkqo!yHmaqVZg#mtue=To5 zd^YO=@f+n@M@$wsi^(Nk7|xTrwmiB%Wm6;HODd#oOKYE%LASp{555J?s`iE+G%^$L zV5wJn4z1U^lV!O+&b6$k+TIbj%m1bS{`xVxP%zMr%{1D`EXCy;R&?s}^uI~*Wr2yz z4TZ`C<#Lj>jGaqQzWf!}wKbRV@YjlL=VDWz4+q`;V@|}q{;Bmp=Gs8{>K_uMiyzW> zaq~&U?mws6^KWAl4-5a31(K2@aBzKtS=z*xBxw|_jx z>OWRM8gpNW7|7VuI_Q?w?85x%{;iv;Nj2P0A;j~A664HN17*BNIZ5}8q~8Cn~Pl7beki{Hl43RI)I zQGdY|YsZ7~KbJBd_x@WOl59)bX6GM){J(`(hI&_EN~Y-Zdua~OSkBgW8pZIPf}T?R zSd4i0^pZ?2i6w*8thn2~IBwbNvD^N%;V^k-KS6_^EWzE0aPR&y=(#Wj%+Q zgzvVc4eYoR5g1Znss2bQHvjJwpgaDwt1vw79RVLt7m=9uxz3kFP2oh1x$Chq^_MJ4 z_Hh)9og}3Mv*G$7NhRW{eZKMOS6M)~Vq#7$Adf7iY=gLY5CgY;0z4?lHXl3r-l$~< z{+$IgIQl^zQZ^ib2?*(t=>JYjs41PanlBj*7x2+ojvM(Tc;zs7-6!PH8R^+8BzTBnvMSsU3 z+Wf@eW{bMw4Zz^Hd6AoJvP1U=B87&LmQxGvxlE4D(g5M#aGnA^hsG2-Lo@1BVyuDR z{=Cap6&x2ygiV!*&=8+$>XGMct#tE%aDFyv%F+_W&yw3_;FI-2QA*KOBY&QWJMRlj zu}$ZDO1Z*5Wd+Y8Q-CM#>p@j$ywB~Q;Kq;38RJbJD)X#~&$&x9sd7&|d z*>E8s-eCmu|`D~(<36o%w!k8zal78nZ@HRiVOC3Yjf?LoJm!-H(<|3(;ind z7wIT!kqreih`4^J8q$aWp+IvW1lT*QOFr;c>WZqChsE4T?MqP-_6cM~B+&yrbv!1v z$3CDoKHkDn!)zZ$%#PH&aCS`KEphwBg_${N4y_@3uzi2;17h&S?07MB{$~G(O-Z?& zqwflnH8D*=I4#CU{WW57vKD&Nn&8ih1LA8zVIV3Y^TWFtD$)DGpw5bTMj@NGTzI!B zq{s(%mVSuQR$*?GSm=8_dm(RhOz>7M04@hU8-r}_g9$#1x3>rZXVz_h$VXEwGkSs7 z?Nj}}jH=B$b!R{q+~>Zx9#86xh)OtV@*-O7_4@97SHvbQouP^g@v1weO}xP2qmgU$ zhFS0%7()1d$jzn?E2o>!Smj4s4MSHzD7b^Yy|Rk$FCjt=uI1{ABLaN!=;QdQzQ68s zV$My{5#H4Qk&Jhm`;U*TlctHo;uiO6Zjs7-2kz5;*Li>E3&B?fN=gh2|JuW1d$N)L zIE;e1+BH={xgd@wDI)y!J5Hi2=^s!671dRV9wX1;&uyf^7q1A>{XWb}44O0q|IVKR zQAuKN;|`}_Im-T6(?&$?T>TK$G7%#QWeo>oyDzsm^_Ojm!!g1XOv1NX9`%2`^8DVd zE#I7gkW};I<#GVQi-3b-==5wjd488D^EP~)1cCjuWa=UKUCX1G0IK!=HL0`NDPVqv z$E+x1DfzS`E^gBUMqu_^LXOrE#qhFw%R(9fjtv#Vdj>>bzP_c-S(0>uT{-r7dUae~NNQAr zm?Tj}e6sRdI?IMj}#pVP~3 zyJ#xAR9yM{n+;wxt_GLn$6FU!m69^~2f@#&eKEH5g}ZSA-);Z!^xGXhNZ3w~$_Zth z_xOW!N@mY_JIww!fZy3IUGs!@ji(Uc^(}elZI*^<6X?;X^4M!Ox#8bBFSZ&(riu-m zeJ6D+M}!?0yVM?SeXJkO3;HeQI?N2=igwXFH8CGr(-vj+*{xKHu}5qa@{~7jD_!gb zyanU_XUp`kH-#DQsSl=e0VmJJHnXS%x*r)SKg>S}qzAo`_dmK`Cco2!~)3@U=W8kMoIEzyePaCCUuwoBaIe#eRbqu}D@zzdt z(BKO}dnMjWS2@=n(Y5G{H8ZpGcG zA86|RzX?tN#O(#iywg|1o$^Bh3=Gr(@6JIN-eJ%X7%}oF>b4tp%Z+tXDCdzQBHX=l z2d&o)PqM^j;IXc{<`W4G3M{EyJ-*%97x5iHZbx<&L zQ?pB$<@tvTRDp1)PcZgH?f_sm(sMLA7jE|o+zEYVk3v9c=*uO!CL!$nbCY0C<7r!q zhf$%0fJ&%Lalutfq1`)dXK%nxVM!M1f72<0@p0ZkH}{|HhP(ffW9e)CxRuZF7h*tw zH^nOE*=DPv#okI(#+*On&LJ0X zA?{=@ssDI{I@m9sQuK%|yoI!Ezq9<}1_;ozM|E zrUCaj6CplX>|Eyjm?Y1S!;(=~fe5QrmCeXa9WD1wzoD4OyH59P&i$`);W4j#X4l z#4=TVFvFf-1M9uX+>2h*>b|dhj>;penhXc|TD`wXu3^59)^x16_O2d6VX#u6Vm43o z90k0T-pD-nn|1Ez(bDI|5N?BNhiZlFo*P9BA(qx8@fEK4i{w^U0f5jGgyWd1$ckdP z6LgC`4G*g!XnPZEv9p97G{*vSKr7_-Hl{F>uzrRDF%v*fRsgLrBaQQ++S|@hM&&RN z`gxHwJ2CyAA6>Iug7mum6QU~X{LXrYv=D*Q`p*?TZc#v)FVS6bVH#L3S%tj^ zb3WbFj_$odTXh0Z3y(k&TZze2M3jtEE};l|rtErFzf2P0mHk=_SbmjpY{5m5aNb7c zuK+=JaJa_L_%|W8(hk42+nN!gq|U6w2*1efd@$GjH)UAzqWpGOyt&i5``Mqg=C&?) zfJI=!p@82R9&Zuqg{ppuYS>>lBoq$~YUj}B4!kIH9@Doe#mxu5$hUfOqegAi#I_#C zYHt`>cLn<$uJ#@sjR8jN@=#=2Yvp0%FwnVHugq% zJEb_cMvPI9;rea`!f{W6FpfW6?gk@xE>fl(B?+z>-laYVm_iKdw@R1SH36@z*OMp! zhs9n!VVDEb^KEL@xd-=>oX%rgeT28U9{QIEAm?ue|6dc1g_P-*c;yB|q#wIS`EOgy zOnxn;yx_zIqIqGg^(x%y4wR_6XM-Uo%6|_WpZxQ!;KJM>E+GjE_<|omY`ZA8VgF?8 ze6fk%50B#ToQlBh@uZgd>G3nfLFmLEki;~{Zl~vWt;wE_aR2|%@vO6|?sRO+E=fX&|hH?Wq z1?;BzSuDGlg(Lm3xh$xP7R+g8`j;@iv*$1|Ym&Qst05rt6~CP{_;^**UM*LK>$0Mt z>AEYtRk69{6uaWkxYxL|b#dTSjLRHO?}>X*rKJsWqb+-B6F(VZj~h&ZvwE2)bPyQ9 z%BI9q#0f5{jm7ssS}cjJ3_gU%}eq(Ynak6!4sM0N~sD;hOOyneEu#n|_Z1kXi))P=9@T*aSOyoMM5fOaTJ>%zqFdD4QR7Qvz3 z9mOia#U}ve&66rnQ%cXn%%15qDNIPzm=;zUj3L>okZ@vUf#Q!H{bi^C zhx{VU{i)bdRd%W2#3Rbb=e#XP0=mQ$4ongbM%-uM5XbLBKsb6`#A>IkZj#jNH%C;q z3k=LVhRg}^7ejvKJ9ymVGrrGNZrcYfK1$#N2l6(o-pPEMY-aj+4u0C&qPWc<4Cg0W zDOAIbV4vbMIz3m7vlSM{EMg|Nj}Q{e=9b~TU5qu}(~-qug85$g1@y4rtLN!S+;XfV zMP_w0J(U@=mbhHiJ_jG{Ibpf1CTcF>cU;23wZ)x@owi7;`$*SES z#l->4x314U1-Yb^bh9)lR@H(TxS15GYi6=?A3Q(osd^Vt*DQutkg_G%*2Vk{g;@bI zzR9(Utkj4?Pl({R-^isOSH^|dS&7MPp3JHB=+dQ&SJgo8ah29QtPo?Ol3)FNtvXZ4 zpRGUD%wWs9^&+Rfs!nI_$0D5*0-SkSG3+RlXvZr(D!TZpjiZQ^4f!6A4T9e?X}jI) z%{;QK!;}JK?dS|_r44aOQ2?KV5(Oet$*UF0hzi!?DKOs#noDE|=GVnAe@p9p#exUO zdhm@Sgk#xf89f1;MZa$r@!UqNn(KC1XzypG*Gf z;2V~uH+Uoe0I5-ugkV&YWm#}KM_|pa0u-ZX2?k(-xZl!GLN<8b&%+Yycd`%+`T8;w z0Br#nw8gRCAs93vOCYU>v~aJ)BAo1P-4@lHe8IMH zhyPwPO6>?wLOIMKW0v!nm(TKi>}6GUqqMocolL}#eD4rNDz}I53XEQ~=^iLQkSo$tdEE+-|&FSgQ5eSMpY=C_p$#kn+dRHmVy1nd!->HqSS`d4inygC?NIW+peK6a% zzbxDB-HLLP-IF4&mHe`&nopkqp^198j?v0@h$ya>Q3{!Yh6U^|ox+;#-ai2|kN5@; zYz!4=6tnnyvH;cY13s@I0Dy|Gh5)m}fnm6l-2RGs3CI!V`ZT(~f_wC&OS?@hdj!bj z@PpdEexwV!eAtg7YfH-Ql;f2HN*>=e=ojHDlz5R6DRFq+pLqm}Z7dAi`q3UWY`n_HsW~KBWhZ?gpq`=v+%VPwjNHIPojace ziQ$#*I6r&Lm-+BwJw$op-5V0m-(?bRNVtO|0Gob@ueNTMysL%$!hZ^%FKg~eyZWpQE4Pv=zrcdN=>HS5n8_HUzKHK?EdXSrnbGAje zW2EV%_Y8!pZcjMLivw0Hv2UH6IOMyF5YG(1E#T_`pb99Lk|KN+t zvs8iUPtwiuHtPEiQSXNm1Ge6ffPQT*T@q1fD z1G+E{cJ?l{bK;xrkmN}o4Nxq`7Lg0|KaBG=CHUxz+ujGqbjpnq9WWG(Eu%_jt6d9( z`ml8df%pf0N7Vj@D?8TWXI7?}Mh%UVp-8Kf+h4Sj>gYxK<#oUnHa?fYI*f9h7@lc84CbN}`Up@=OiCqT;g z_Kr1MeI7T#cL{QYG?h}D()X%KOv=;uMMhcWQi$Z8B3h#SAu?c|!30F(ocOVu{$bhe zIl3IvNYTVr58jRN65M8t{HQ#o)Q6pf2_|^`HOYgYe&N$8A{mJ~-qv_^%m@^vCcfpN zX1Ik1t#rpwl5I}_@EN{`z1U~PT2T9l8M|8<^c-0Y6Em54xHbpH_HgpK9VFQP0a!fT z%g*|N$yi*?)*B`xA4&W%dV`BuFkYL0)}DizWu1Wa^|IH3vLmYFN>wc%P9XQ!mvqt(*}jbnbxU-#8D4DagL;CZNO2)3rf!kU8d@ek-Ef2Z)1y(NzP zPtUgX|D=VmapGa{KiGQ{c&OgL|39guEJ+KINy^e<&5~^@l|m_sWSK-LTgtwjR7epL zl4U}uEJN08lXWcFW9$=y!C;JS%zFN3d_Ld1?*IS)`~U9W@4kQk-*SH+9>sOeb*^(= z=Q`&)*Y$os->>6)SjWZ5RozZ0u$1Oga&UE>Skq~9L-f<%Wr!3_?lbSKV!R3vb!i6E zG<_DMb@)@g7HC&*JJfHNJs23a?e3>SVMO(XR9x_`*NX`so@QtVkfDg}`&r2s*+L4v ztZmiSP*e%?g`{DMf#Y%v&yrNc@DE%#dcU|w#Ke4;kW44DvTEsLkkd`L;f|(s$}=Hw zCNt5Y>%zUS8C4cP1o>dhPnt*XR=bh~4=l~UHe+xsVW>Jdwzh;j4CrL=n<8}3Vw7IeSC(n}cb;8&g<$I84JQ!ka)m#>nw&;W&K&k>xkR-H*6b}n z2jXjG_>R=B5Rh43kc`GkJRFxvN7MVgh{nQ@2Ts86BuLCHlr?;4abAazjBVXfMi}** zftJrY%S)Kvdqy@tKV4tIy4nugV@xG)<})>xV#FWu*mBz$*H6>$TUqWuFFw#+$3qdl zx6w`htvc%J@6!)oZ*EHqJuNu(& zJbwK*0IGF<@GZWf&V!zo-n1Ds^Ogdbz2f(6*aZ5^mjxTQ>DRJGOi`{K_Nh zr0Mig^_Fvu>$oZY5MZGYlkGTPjLqZ+*6UVM`2(8ph_=<-vhkPF?!u7D=yd3d<$U2Sw9+Xp(#GoeQemi1uh zR$Gmd(U3yQ%&wVVN6YB>lbk=@E;WQ@6naAnA%x)T8~P~U7r74XK4=T6gIu(y{iO~9 znPAHRcP{}K(b?&hK60q;yM-V5>95fqj0@Y;MVbKuRX1?#_^Zm>4~%^`BzLI8EXx9a;Mcf=-c~C3? zNce~8tUmKG=I7di*ZcyEC(`n~wjHzC(Esoit4khJv8yVsK06IRBz;!s7L$(ay}~GJ z)bR8P?HcfDKTVhx6mGbvKBU)be87CkSj0HX;GQ9TzOuF5eHMFFc^}9m2XVsB#4oAJ z+J0LpMQ8M4Z`Ju%juNX#8E}io5wjHw<;PQ`=aQ7f9;F^(*Te46>=ZSw`t) zj%1PnRw1%$uc<||Dg*t+3-wxUcDwp{^lFsXI0jBrh|ple0z4WD}AcQbxb6&|+zXOWG68ZLR zvd&xpdNJXn5da7oS+qyNrC37?Hg+o<$H$hJxx7-&6t$#`%{Wl3jNfM+K?>s+$ z<)2bDkbuvBv?$N^j(g~ea6WI4!vYdN-_|t|QW}_ZTY9N3AYt{A7dTm6>CalhYI*bYZa@^>13m<@;3bzvDitjQJy>z2l@XBX-1Whrw=wI( z`qoO`&$p=;8#}0bZ+->wRC5lJHy4~7t%s!4!8$S2W`O~K8inW3v_3@Fuw9J0p)vC@ zx>B21)Kh)6bnzo+TyE*;%XV#g#VO~(Qz=^p-YwUDdwXS^;aWi5=ROCSGkZ-D2Up?@ z%nj-DXt*UAlH2IavU-86R!bbsXNfrIvc6L|`G;L6-&I1j>V!U%Ib)Vmrk)a6_eTF@ zjrP#x>{mB8HJSW$lK(^Kh7Wu0Pf?r;ZQK43ubFyy()Mqm8}&{x8_EZ6?3GTI>T4-^ zKD<=0?@5zwM~8C$A%o*t?4t0y;E%eFoPU&5Qdi#ahcb^?F7F>2Py>9#eShTjEmHZj zh8j8Mf8?F%8vOo8LG$_lvrc;X2d>GXbFRfC{83G7@FLG0Y1jw1?+u8}MwJEL!dvsU z?sGbP?=u8weLMMcjbOe}JLy-8Z2z+&g^Y*CBK7C1?$)5I>i$FGoKa@QcYc%aW`5spvl0 zYuZWaV2W8XL*boEttSl~bD8SCBETI+GHEy#`J>FRwaAKcM5JbC$wCdFeF-B;XLnx8Vp4$mS~zG96oi%s4`@R#=y537q5z9YsjW!uZB(d6Dp-}9_o|6^}Ifd<+cx^umN6_^4{Zr0$sFXLR z`MD*7U)T}3Js)Z`dx8%B@+}SQNt{jrhSOIsG0a_=O3lVf;GIPOIlmpQHjhs)eM-M% z#cQ|vyd`OS;w7^a`=tO6O~a}1EVs}lvTe-p^tK-F&O>d378RyJjzQblSpw(5q|moJ zVv~ez^?D|5-&aOhRhXWI0~J&12P!bPa-Dcei`_yGK0q;hXdf-w(2`jxK&4FO+xd=T zZSzW{5AJ_}#7a$vV5LxJLn=-zdx>Yr)*He9cNr&a?RpOu{tESk%oTC)Te~u!>&)}L zU&ms?i1Rs({UAfHAc)Y zNlIPpgCj@*W(-wv7IUD=P-O(f!t}htsxucu;U6QH9TRMY+fh@ro(R=$$fuN5o+FE9 zP>OJYbR|7J;)NVxKWj)2g+2RFVV}zv-W9N&oZIlI|V0CM0`haxM5hfuuQL9tJ=CCM+bE%4d;N}8oOF{I${yBy(pjjRzF^}4S;c8*tOrN49%F7o2i4* zXfH3@2D|b+vquKJRvB_q^1a)A zL>cjLY%4^;Oom2+Yo+L(Z#Z~--Z<&rFve%f>&jko27|ul3#;-ND(%)>{(&Fb6Ep`V zGXx&`%*XkA>6BOo((Xa3VJB}Jyw@CC8m(Fz=YIq8pDg}iw1R&H)C=mh?gIcV2ySp^ zkTE@mfh&SI&=3;C4|pOKJpM+apm#4<^cR>i3@Lf)L}&n`=276AVD#rFc)ppf71^_% z8rYy^Ukqjrxdz14kp4$FRw-}Jwh zbkhF{`cCf^efq9`lryQ!`Iui^(*0^}(>K`*mECAnyVmx5&+Tr1?OkVZU7t@Q>U2E=nE@=cE`mNCjBc zQwan1S!Bo8Vv|y`A;gH*UQ^2m6G)pqP|w*VawVEK;Nt zZrv>0oPAvylAww?@Z)v@e!kW4GK2->sf2M{9o!+KWIeux245Ssv(K{~;5%LdY~p<1 zWLh4=fnOt^7wZpEF27Q;azMKcA6j9Q5)()p*Sz8WH< z0qdp%>zhLoUxzmp-@ULf3>)xha$%iM^~1c}dt3?q@@05c_RE{Ak*qGji`s)`O0oPT zSYhEY3=j!oz(6V%q@cesfHnLmn8#eCA_uc>v$W{vx0eUx@!REGa|Ia)#;aBUG-Qz{ zk<3D{OAHmyq6_1_3>vc#)%oZFWZnpUdvCcOyfu>UAl@S%XC@I@Ufy z^)2fan(ieB_SWGnSh)ZJwfD*`s0zvGvG)jQ>&W*|rgR z!VCkvPQ@fP+eh9Z07Y-i94&#AAS1yl&=+J1FwyjmGM0#z9dO()m)@b<1H|E)q6D{# z2MvGre%@tldHr7DmOBeP=WI>fpKr-CMqwjU7EX87U%JRSD!iw7dONo|7{}3e5sSd$ z$}$(Zu40=b?_vGeir?A&i-#unMK;|Tk zgsAfMph~TMj>16^ht&)@kO+EG(R0RvAPvVLwjw|{P{mNGuWCgynsJqk86=A<9=%!$ z_DveHrqHfPi}grZe%2_n6$jD*Tp-HEKVz@U()8}#WtXZb%=O69dySEv;4;9Hn-dfP zXP2N$j;>@Fu3c;gmb_T)lV}zf_-hF^E-17XAF*HhDl!?3p}`P_r{V%VZCoGJmp&Wd z&qcxa1rT5apNMBri!IVd>FvOTv1v~7gpE1aD3(oDi%_MD`3HcCfjU{E6V91NZi+;CY+%!kAfD;T{LVtnu?D#N>bvuu;)GbFxA_-2G{ux zwK6So;HK7cP|dsU9HW;P6vx!@*HeFd@dOH=7`^n!`wlfTCf%f%o>-$N)1L6;uy3hk z5o#{`W6GfENT#8x}kQ(7gcH-lBwjAfa|FZXeQOa;4}6=<_FG7aBkH>xp2 zL=8LwVl*@M*h>aMrED8)2j8Ehs5Tqxx!LWOPV;j7Fwgk!$U;E^P@FV_zZO$`;q0X- zpdei-aErjRh}7Ple9`M=WzyTZ-Jgsp1vc&adz%$t!O{!a&V9-{q+?xNhesvEL{9Cz zI+zUR!3V^jZz;FtL6UVsgq(PCtscHuVG)^Fx}hiZRJsV&*)yWVw~6Rv?-xDHeuh_B zF$d3G`XJJ{C=9oKQPbEtyEXI@30;ZixGP|Rs$yV~FxgthEOck%xe7cjt3CwT zvip>Mpn|YA-`nNA)}tL(IHMzx`jX+F?D(XTgk@{m0W7lj4b;Al?rSAC2c$=UcYK@I z68GM?KtXDQ5j#h5GMM>+(gddK8p;};00WpHbq znfMZBq;dUV?V?^Cf3_~4!ls)Kzdbm7QzK7D$clYXllZm|J7i6-e0+fM*j{&>7oH<_ zx_;A*n#nI=H|ERuti3bFLVG1bg`ONMvrvxyau6%dgF3~?_np|qd2MTawxm%pUj6x4 zYzWLGQuOYoFTXY_U=b=`*}Ygd8?D20X0Juw`%AsAiMv8f4+P%Qdh~+h)6>?Qf}aQ7 z{x`1_(2xEKGi0@}F379#-F|1GeEorx`qlBEjccJU@z*7+vUJ!nYmi`O>C^l13l=8a zlq2i%RYE0co25e;>y)iTVI4~&b3uTROUAJDu4T>Cq-}d)!#-?M|LK@c} zq$^qq-9~ua)%F+S{#)_G-5Ceh z)+L@#ui_D5?kw_D!rsuIMrTgz7t1-T~I?6x;$jJ;HyG0Gk8m{1_n@ zNuXCLh&PsBE4ErI>3YV+KgU&tCK9262NO3mI0}$lz+S?8{9ry3=t~mS&nKdYC={s8 zB%<-{{8N^50QG$1R|B7dyY+A1#SiPbm07%2x+4bu~3Fz)n?z%rqyEx0O(sp z@%U9``h#R_JPuq8o#d0t8@1$@A-j!&l_I`~I65x{DvAUk0r==LX@0(^wQb(JK+DBj zhqK!JB!#nU75bQKtErq^=^FhAo~sHdGUY=bgikvo{loSP98KVBkh{E}02Q%}o`Nf> zK33YE8U6tUK%d5nG_bh96}H`N5i2QT+8M)_mix{_Id8@o5-dDsWbbkE3{lwqftFaxL z95oj+SA+y21O@+*T^)=L%|qu19=c^K?R@^!RfA2%yZGv07&jvAm8LuMUh<}z!#ejR z(%kND{uKOBh^6-09E+GpCCU-EY~LrWC$dr2$-hp~K1(u11U3`%*)lElnp2`euyF3} zhxXN4ujAERgixFcn^oTW{x~h4a(naiUxkS@QfLWMhx(h|ifx?Z@6F}}_|jr3776(N zva3v0NQpyNGaA<4#%aA+FEY{mBG$)Myjyn1q}uBt!rD5nUqq*4E+UoOYl$}&GKB6Z zk{oz0q8e)9*r0ct z_bFwxZB*^=cK&}z`@;7@?9FUd-P4 zhBift@Q=R^>0$EESYM5prV(j{Jo%@#Upvy1$LQla?X3KD`_!qkSfmtZLMzvJ76EKU zFcWwW>_3WZpTVrsvLs_{O z_tl6>PSYs1haM*b`k~c%O8S#g`z3jbPc;T5mAub`e+)gXoJK*~Kl?0x=1rz0HJAU< z;Dd4&B;ink0&%|Jq?F>3`%U=#rjt31Pn6=eE8L0{tv$Cw^Y4r*w2l_P6~SSDLf~$` z*y-oN(+n>b;j)Ob(ureROl-aj>pvHQ7U|aFe=UgeEgcGU?g;OSDmcH}b2?h*){9Y~ z3LIT#(Ic3f=GVn@{fmM@gZ;5Sa1ivARJ(b&Y*-L zX1)`UvWINKj?8sRgy!#pb+P=cUGIczLet{zr4`yEuqJ@Mr%@34XX=UYLOp8tZyAYT zY$pqhfb%wqkxK_4y@-)r++7qjon$`>kkhJM4$bZQS51NDW+)1*WamlG?I$=lE5==_ z<)d6NS=W9%4dw;l^*aDR!AJ&h^2g6~E zfIA4krQT;K8X4q)0jOF;J~V@C{mzvFCT6L|58*~H!bJJsF{|(~+afWhhOvoTv zJo*s|17OxDxgda*Rb2!?^}w$kl8SnAE}Y}x$m_ZfG#cI+1$RLXMm~kp=M6q)b)Y>T z_@@zB0e)mLYVu36hDdjn5{r8R@Q?VJ8?eL1Kh1f#4Rw+WpvJF#E*Z$drvT*?xEOO% z+N+cVN^iZ~bZM_eDPI250^D^77|&ktR-T|9=bFGS4^m0An5RO)o3Zn1&{Bid!=wbP z;JhU`McPYmiyk|gawZzVrLaHehmj0<%S(p(i*I-C#p#7fU7Nt3{jv3U;SD{_pu=ds zyRx?uGK|K#_fS1{J+5gv5xd*)Llf%RyPYO>pWk|Kz7Tk@-XdR7KcikydWm>w>S?Um zf3l+Ww2EPc)%K)(T)&jSLIk3y1iO!_aUj(2e$x@xr?gxY%C1`_vTJgPZIn`e@?Xc=*}as=z5Tqb<{)-}no#Ek>pR ztj~V3*_^>2Jq1UuY1jHd*TbFZ!CYk(9%wpvyZ{L&-S;G4> z+zjuyxxO~p`!aQojw9f-p#fi&R#UCBvWyI5#Sn(C%X|{Nm2~B=98l<;8rUSIX!mBs zp*9xQj1>|KFD(^yzT2sNyo;aCq6Mc zAMn`VMjsUgc@=<-k%-8(hkiEjC-eMMY77U2*6PI4FGu=GUaI&U*|eItiesgOF6FJd z&S}>(xA(5oVemj(%Ggh#k(|&`?`w zGIP?{E7Nt?!tPfF1}}eQxoBB7WX&^i(7rmA?tn}`18QooP-At~qys0in-!y~_(0J+ z^sJnh1;C|Pq`0{=w+e4Nuej6GU^|B-eDGQA_ACA<*DDVtl^-1y=5!x|%3;54bp1{o zc>ZWFY|lk^ux)3DHn>8CULsveX{MJjo7{)6umENk`@dA|eurHxH~p^(ku!;ra=7x@_{ly(FUPiustS;-TS?w)RI&Iz_2r3*I?B|=k+x`^K{LU_qCGU-0XV|;6*H}t{qW%`jxcSnK%F*??oik{@p1K=z|u+JR2DcR-xs57MgNch@c8-Q&b3M(k;x zJLvNmG^@U?SK8U{ID0&0$VGEJ0jVGR9?J#0BdI15D83Fa+alB`)N8%fOUMAJQ~1? z__!!dz>#~6@$=8fI%AYZQ^N#@qN&t_u9E(%1i)o_bkdP-TW?B1zZW<~de_xd=`7s_ zdgJeEf&pto=0J;vc7Q@34D?(iqR=Hc^gCqruW;gXr~;fSZ}Uj5!%fVNdro&KuuO@X z_t#eUda<-P6W_WsFBo~xG523lQB8<_aW9J=X*cmPb$Xkz|6#B9u>`{VKxS_{PAymh zZwVlWS<9-5E0$Hm zAJcn=T9fVga9Y3Fq!BYyWBedA58k%Jjf7r+dt=d%4D`++krANktar?+4h1)$Kpc>K zBq-istoh>uod!Mn0Zavz+OaTv`2rf*RF{P6Egpy1(2z=!z2;j zZj83}6Id!>nlw!Abo>P$tr#v<)o7d_T^9;&xM&X6zE*JI@e81ij^=o;nxZO4&_#w; z-cFSd?>cCLi?GGO8@TV&G!hLwIt%<bJ+NHA6+hC#GkaV2mFC%7 zcj6nZx7&mJyV#Rjb*Pvsjq*TNQ>C2dEr{(j<>rFi~qPl7)s-+aeEyrqw})x z81qeS^C+mKnhY)gBcPL#J7|4eC^v}r(OQ^>!ToOypPw~G4vinbp{BKeo}si?!r98^bSBs6~Nv~^3$v39rb;&bL5{H7$d-O6?z%B8rrT&dF6a8 z_hrBA3trb>ZX2tZw?U>2YUhi8yzlBxJq)ejJhH^ESAnOFUsr5uTihmAx&TL>1HTmm zRDVA|V#nLSbtY`iZ63N6I%HR?dDivoRI>l<5aqABd@Ckj~ko?!{KpQ z*r%mA=fe7d;acR}f#)sjd0-x>*^_=vdya*p1DaRyeRNoS#;4&X{TodT!v2T5^oE$E zDhfb9-xwKZM~#;^DI_`vEcUG@G86;V@QogaXEBF)2GmkIWxP3$;X{>Nssbmh?XZt; z>{hO`yE?t6k|UN}CtM170aKSr4ZoC)cHGOv{NPT0s``OlK;Pre@L1`uJ~rJPLwnXGb8EH~241>CLYo~< zKSZOJ+KU^dnq$b^0iDSL_ZSZwbBS_GomhkwkCjBmH9OxQN&nKo4a*Q*ZW}7vNLoqj zk2dC^n{=?q{m-zMWZou-DM`8S7=6;RJ{CTtk%wj!kiOo|X|Q1w3ZixKcoBw(v>Mmx z`GpZv;rMgnQgf>(XW~3sAwMS(MZpzZNKzOuDF>&~-0Bm@1wFQtF$3(k!u&FT07W(G zWn!EsS0@v3j7D6O&^W1@E(Qd3R?@7*37rDlRMB$*%zMq$Gi%VZv_QZy8T9_N_IFN>0W9J&0tsIA z({*`^H<=~CT{S`1>e~;dx?)rpwO73+N04vF$NKq@>1|0?LMt?-)uAn;)JpVnx4li~bbIckR^yczpwV znG0wW7=3ra0rGd1L3+m;R$FPGcO>1_|A0-7Bb%MFflp7Xelw&XE!LML^l~Q0AAPD`#rY8HjK^w~k+QKYDD} zpxzb!BPZ&M1kMO~avPeaZBEVo@5pjHBV|;xim|p5o!^w7=y5jqcj}gtjm{%k&5I_I z0f#sBx0Qc5_b;hiCrS#$Pwy9#I3A-duxZZD^4jmziG4%;QAs-^qhl{4w{P++l>PKO zweOX))1~%cOjFB8!!4UC%=X{-oqE-vqH=^#Yh!z_TWa%@k(`~!ey1Aliio^by5o1Mp#R_3yyjues&AU>wCaG|pPa}9 zf&Z|}5Z2&o^L%1;vVbWIt;#UCMzyO28*OVTKhE>J{@4o*{J&H8s`mcTS;VyQ(BGZ) zb#%uco#ksXkl-khL!eodb4#edEh&pK2BvuKqzv@nPL-^A%)b zR%!f@ed+a3L}j(Vvuiz5wF8Myl}~;xVzZ|D>D*Pr`d=XjOWE`KoPFh>+wnU+)>-x1 zL0lqpzP3L(w4#GVJcrq^OyTWmCMLI&E~n0^eqr^PNP(u}>=UaUEgtnB*pA}@^%+)O zZaxuCu>u{CG1a9**S?nWEbP5w9j{G?UBf>*-|mAuEo3Cc6CxsscBr zI0(q(g!Wt$u|JF+m`Uq^yIFP;5ZN!PS;CiJRJlFU{8sxOe>E+D*^5OWn^v(siR;m> zPLY_k%i&UnVjfIC+%ywSL^2tLNRUE=F=>Wq7BtsiWp7IC$fvD_da-D)fWzq)A>HEN zi|L<(yHiRB1xv}>&fVgB^5p#1qXwZLUaE?{y|q8iX#1rb*J|CjfAPkj4fC*;3I6Bq z|KBc)Z0VY0V_R;(0ST*^iX8YN@6o>C$z!{sK7DvTv+D-A@!4)-toiFXQyPm8*Z~u|Ehz4-9T^|K7p(vsNrq@?LPxpnRx}MWSghlkh<-G$fNxT=vv^!aa zjEf<|9OpKpv9n{^r?Y}|0vC8*-iFxQs_J`Z3cIM0kKYr{3rg($1G0s%K>*zH{$}F{ z?rQo?iAm2VX>6xQA&-L!d&DC$RVmM1!YgPk;+fA4&RzO-Zk4^6F1m(`N3dQ>rRYY& z5Y@#ns#qy|-Q1DNn!mp0OL32yixz(w!SR^rxwUWE(^a9|nRX#_@Ot^4V;S!@KZWqs)UxXA zdqt5$f8k6d?Pe9Vo+@^I*KXSeb#=V%E`@%f+f~1Ig~3_` zwu%Sw$@@3*3*XIGDDtfl?2^-+|2ON=&AKo3}Qv0J~ zGfW&EO+o*gOXZ7Z(+j>}GoSd8PF|b!4I0$OVfCrbgiSxNb`j#QVG{vTqY|5|Ot+eD z9bJ6)<{wCCoZw#TsRVAr$(OTDR`4Bp%OqjxhOSiz2K7yXR=t?+L-SS#Tu$*Vh&(Nx z??%03yQeT)DV4F~@>w0=U+@6tb`9nc>)W?)#fCQhk^UV+{BXvm>5?Kfzv^xXZwHXz z)IOQS^bRn9X`{jZ#R6ZngI4*I;fUn!aT)`Mh4=lUF~HU&5c*2T>ek%K6NWcR3w%7J zl>UY-`C>MxO(8)!2tq_1f7Y5B+k8_n!!zwaDWUnlKg+6W!t9L)3r@oa9iu3+hK*SY zDVlv8#9fWE1~NUdrdPf^VtU_Zw2pvQK;?-ps+?7oAA7I8-u+6su^gH* z13zm{98)!swgmLAo`MJYfvEw|0st)&C3ZYn^>%oDIrv)4hW@DouEalxxag829-op! zUVuw*jsOJ#<&cv)x$RuL0>`AZf~)$%P+2X#y}TS8)(r6VS({6^LZvNDlLhHPB(h|q zzwp-_n|8lj2$KE@DGU_AHrOUg!Ob&Ct0#*y_CRARSOo^`uQyp-fc(U4q?DCS2$y~x zEz;ULmtJ^>FB1ivykMmrz#PJ&9~b_HO8bGOu<#7@Tib|tyO&S$XQ)|>@>wU{xhkQJ zImre(v6Q$h8Ecw4sCiHxz6FZA+0o2JwBvvvO7?g;a5OY-OY4RQ&*yXt?a(xf_&Lh| zA&$+0j^pRia)`>xVPG+KWI$D`!tyAxkr~HTXC z{rvuPQ#}vX;|@>e>M8;OuC9`NUyDhhs#zo=^bV(Fn_DUFT3Ln}22a=&g^$cb^+UmF zv~(+=NksU%bg{)$M)n&k_rEa2lgPA8h}?YZ8@_=L?*EIAWLv>KuXsf%+>-9L_+KB83_`|ZL?8FA6N+zD4j+(`d~$nx=vX8katB=yD`$PZ`s7Y@ zYLP&fngYkqzfR1yP%ozT;^y1hCL04E-_g{@1+d92I-ZwzcuAoizdyWz`%9lzzOSgpSyY1bK z_JeLoc=oWP#12~s!(2`Gc)9y2Z-&@ozVNKLO}^ryA@JAu5Hf^paBo*p%)q>GNP72= z&3)9!|5gySoOPHVY0PXe)gP;gr!C(2rG%K0KmWw`O2v{n41yS&4!`T!f>$#2tZUk0 z%&Ajzq(r;ves=T)`A~?5G2EtzrIxzeW+esR4dH(ObAzl*JZ;dqO5naQ#plx~apo)m zEorbEbmWTp6)dc~?!6*J7oW^h*8LI7G5;#Noy~RjtcI@0XI=C^x9atn{xeXMnlMs< zT^rA5PCa45AB1=%-jV!(g2O*!;P6^i*z|*sy8;I=V5=ND9R7Wl1erQ(6!c^6up;D- zqgT&fHE-j347$ayCwpD|C1-f%=B6Ez8=E6eJUwl&$i0e=%wSQQJi&PgP9O|%Bxlo+ z89J!tt`qM*Tz1;14imP)j4}xWcOGny`dBf0<&-wxv#i`qBLB?ULG83K8Fdo_6uygeF8-QelAhCfGx^XUWt=bS*5^ zbv~km9G2>)aqcUu!0$QcgKgdq@5`*oaY0W(3;CwjSa0cQxrLW#e z`^O5Q`Twzo0u(IN{&ISmq@e{?`>!r7 z5fShrBHE7)elnJNnRK-P-CAcIh^1vM>#rio_rnvZVd7vAX%r;6gBY0-6q-hBJ(kM; zrPOk$o!KP{O$|HXOYid`&pB(vU+*cePRe(#J$Kgx>1*2#={E#~LXpJfGsObh$1Z{Oyiv>WA}({xh?sL-5x_0mVNT9x!d6M(IJIW8u-| zOakYZBw!(A>BaKyBS)rJPhQ6(zTJb!JK=rlEtg%TBh}>2p4*(4Xn;a}i>gOT(Vd=b zWMr6|RIrFCt+Q$-h?^<#A9ei?CqzVjV8^UbkiBOXUc4mm3I5kgfUhjeRjd5KmTOjPdCv+6Fk2Q>mJV@o8RA7UQossCHUtr+i<3jaY)|*wjczajvg%>L? zJ=)Ig3!1&xUS-<5+AFj~dt+KjQ|SqgXhZ=fzgNTHuI;_?tQB&Lh4?R``& z;N^Rx&#f`J9BLlh8Vkp`1Zh9bPCp+qD!;?C{)zQXM8UB=I=$@mBn4amyZF}*rqMzA+{PM| z%~~lbb~07lm9O&_OP*5wp8o}P3#y#2Di#gR5Wl?;vAjktC~I8ARI;JINqUq5YUihx z)k^}E%(S!#2hOVMee*xUMeIH=BW54%c{6o!2l1phL@7eAszegZ-qI&1UvFRFo`l8_ zu*U_W8`=FwWOV}* z5#i;qTZ0gk=5$~#M=h}pyO|iB-oz8!o&tdZgf1`+9 zOjS95cDyGvtY7SSVI_W$v(uUF;KzjeF@vD*DaOvh7qtwZNsrCYjN`PyRVqI=I)Fu5 zhL-#38W&M-Uvp2FY^?Pkc7U2_xlKn62484{6e_v{EF=sCu779;)+55}W-g+BmL&>` zt_UkWSJ|ZT?4k8%5s5fYXf~Vib~xm5lWEtXn*3y7gCbnDzaQ4;|0#?8nthmgtm^3B zl;IptZSXwPK5T}m`UQW@kbTkI!Gwrq2R?enrOrFn_Pb=~>_-8J5_W@>cS2K=AcLD_ zb-NnWFpGuDuI4wDVucb=uuE}Uo*X56e$@?t+0bGnpUx|iLX^jSEr z-&C)P!3sv)NDerV4&8X9fLl{gual;E@y2yvP*Quha<6JOKAVO z6M2!3Tm-Lup?6@qfH+8QH1wfn-|TVi>=aSK2O6`4f+=}FullQ2tplw#!~?U(7gkGW zb}N3phiM1L&V43!%%)LrPKO`#iKSPMpSIIUwZGW(ntk)-W|eD$9?&zF9YOh+`rz43 zHeZ*FwSvvCh6pgn>O_{`V?V!d#h~uA+#IF~4Vg9@zxkP9$Gw;bcYnLg{iw;Z9}5pH zT3zPPeyt7OOBBDY`j+;R@PxOQF88L^hCOa1E&~*#vP^nb4)2A4h7mv$;`$krdPGh;!y4A_^AB} zu*x>RJQMSJ3qObYn#MCd9?Z7qH+txDIFALE(ppcM2S`5U?H49iXlv)0_~Kg$-LUV< zkt02dk9wGwYGjZjF>{G`cpu>W&Y%r62xS|WE3h&i@XY3RWL!_Nn4RNblb*Vs4M zasd(;7ZlbnT&Y&raqytdOBRnW>U-362P=Qu6?U@GYS7hr;P2= z`*v#%8c#7wolHuwV%VimZXG9`1SW16O!0zxG?UD^*&^oJwc{fon`*6w5yLBSokcZF%l)3lo zrUKvflZAFg?w___ryxe|U%Ekpx9Pp*d8AYsgvn(;v_{*k_TqQ-Dmq@&4}H1I1MEr; zIUf+nB&0$P=U4GK^XtPEnm#MjOHF~lL`*OICgVl`Jz?*g;W{^3bA(SGJa+CUdjS9k z&u2AUq%zv!UHfP(`sv>CEYINgiDMC(5#~sM5VlRS`!43wM>9j|;}@mmt2^Mgp&DV4 zc1OQ#{U$v69lth4g0oS!HEfH9xEi)zYcYLPITd#xj{GL^-J!I=6SYaKe?idj%)PV3GeV)ZLvQ zcVJB~y33(YAWA8>EtKlFgujaESr}#RcH0r0l#eadZSiFLbURv}5T4+#o|gZX>kA&l z1;n}EOM9M_zcFk>tAd$j63l}YK%VWL97CbWnY0lvoaF)zjjSr6lc-@;9dKZUN|>5~ zVsKrNRMk(=r1{qpgSwnk6~qn%Y?saP1DRcPSEu}HR(pr-&nY(0jp{u^LDrQ#Ok>9; z2eL*w&?IkG74^aA0sTrJo=Q@lmnDUM`To^Hn6@sC92x-|e^pSWZS=Wh88AtR%ZL^o zE}2v+w4Yju_{Lr;S!oPyE?+LMAo3@6%&7!aftm{JH`E}j-&No^AHP#N>>d;@ZB|`O zzX$)ym~NhI#!E5Rfs2tq%HF_H7PvIo+FIvYJ$9d3K}s1)bl_hIyxWfjkQN{{V^$8k zmF7c)WoOQ>R+XLPWinh{mQTDsGXj=_0e7)TvvKxcW^P^}Xxk1j9{gYIy$4iO&6fAA zf`CK?C5R+J5Cb`<7EnMCL69so5+q6v5?eu%3&b+ zbLV;Pn)zmZ^L?}Cy)$zcOIhnsr_Qc@>QvR)`&a+NIk)Txf%_kI>ZX~S;n_K4rJG6f zBbI#p$;)x*5=1s9mynX$Xp)GTwBcjk{TCkwH7(tlU$f+fUie!4&l~xV*n3CYP(h>-r3n`Q>shpa54AJ2u}Pbxr-NC`0dIs}H;vJ97pwmN z;(V5Ekm=JW=-Q*D&hVnu<|+#{Y5WWSh>+gD=a_#;1~Ho$*jkgZ_ylt`Z0a~q$$yXT z867u|z~Cy#^(IveeWyqU$4wkmRx*dG(Oo-P()@P#{dthrB?_T&WY-rw_uF{FTeUcD z!mMiWG+Zz92<$}Q^l3vw$jA*q$(pVoAOlv64qw4~@0+(nRve_Twtqt2wMf7cv~%Ka$+L&3}52zd^EE1$%2wME0w3 zj)>1DT3+fa4Ep8@B#qAc$tIksn&t#W$n6I#*a2gD{xrr3 zTlK0hZBqw$_c?Q>CNt!T2&7}4o(sw+j=52a8JSZ8|!T4yc;o> zJuYi&GrTT5JOKo!{s^Z|woiyqq57ZGh;SdFI{Aj-*vOAxLZg?uZ*<&prQF^OZ$)+< zyXWt*&K)sLhlhA<9HK@7j7lz$6tbS2>^L@Kn#xLe=xt3x;7lr8(X`>fzv%@{t{JRZ zC!)Aw4pg6fNL*Sf2E5b38?kbC4$gMQKqts_@3USpX%M!uFuWO)Fh=N72W(I9I$Jqy z;bu4*3wIZ+(|XTf`#K~!bWoZ4`D^C^Jb#C0%OEb$L%+WeQ|0H2`B09lF9@gajWe^| zyZc%UU!xKD0AhVc+>=nMHEVO|0`YcU)L30iOzKziujK`C3Zc&FM5E#{3>kgo9mJgYmY9!L9GGA zE!I7{P3FlV!Aci-Di#5+${BsbNHT^TL&DSdIg_`@ISR~(ZcP9K(GCdH`XR?bu_UqV zJ1znO?C_irbge7%@c$mkP>=PlKRa6Om~E?VLUx|)QK2(Dou<6e+qjpeGux@m63`)> zbmy9VZbpXPIfd$V*50)D=4yl48c=%)6eq=D26gPId!tA^22bBcnV~{M6cXX#5gEg) zEO}qQl%uYGo2L6{-e-=5QF5@^rMfqHOXQ|eDTkN{%%@7f2o8(LK-kg^TH|)Dqd49d zas9%$Fc#mOupzuFCUZ%v5Z9(Lq_9Uhz@r`h{LP~Q8`tP*R;TcD>&Zp#j>+8m_S<%*9bxDqi_k%eAoOUZS#)y~* z&;#^ebh{X3DZj4vIi54gLtC^UFRZ}xx`@j z7i=thj0yCTjqWzv;77W@(r)J=B9nltlxzOHe}(1%c^cr!_;+*@7dCrwo7#mBIYVf; zn~%2l$Gs_*x})X&VVEn_1g%E#siA9d(C@%)q_?!fRppPJ{N6->TBG#OrN>`){)*W( zn+*)CHen<9#})LE0;vGdd3Myg1I1x(nyn5)uutrR1zffFRCm?Yd{+CoJ6bz49X{Xg zlWL{%zNht4{_v!1K@1BBu-?)K!pKE{ssaF zoM&TWP_Hupr|WM?X~wK=0@Ld|+c75eruy><)!X@yiHQ&*G0RF zIEJl7|EXX24=Jihv=Pq@Hn7aGHMW&?C9rTf73wYjZV4x*|VK^9*tXS7U z1c(+QkpXvF5qlP|AdT**4TsaMLx(a7OJFyvI7qgOmB|%J#h^fH?oUE2EmHadgI0vZnEU!bP3K-kR5$q5~0bBs}bnHw8kZ5JX zdZSl9YZ;DV-?4O8>|Xq(t#9J_H!T31n4!Z5EzI~eb)&TXm_<8L2EM-&GrSX!`*D2} zjc^D-u>f11Un)px3zLW_#H`^IUAa(|Y}!(|akVcGuZY6u7ZgXp9ra%#r@Vs$_`HtJ zjyjqPEIfx>=1|^eODh0WB>ib0*hf!ucqPQFMmT;4+?Z0*Eq?~_!hUF)*nfrTxOnK+C(w@oLc+ia4{|}e$p#;(dUW(u-xONHhfi*1s=5ht(x=g)BkY-j`!!B zEu*(1D(^5TVDC;f1SU1J8xKo|TXF8&bxKnG#_@JG_8@y3D=RgJvacx986Zb^jK8_F(o1vbL4eYD)HsFDf6?m@wrel9K^!ftx?_NL{^e1Kq)9SQ!4%qdx z2e2RGpHl3Y&q3z+`N^J<1h3IdVw*61kKj-sRREqN&66bV_qnviP!X_sF)+6{_Y^?# zQf>|*|3KX=w7fTce@hS&=AT`GL(z}@Nxw_98rl4v5Fc_v;Qv8rkmNrkH0bSrcC=E` zd;pJMI->bChwZU+l$zQ)Ii1+tSzXQdiv3Yxej^SGfK%caL!lEwG5iPbs_2xm_dWo! ze;j-J?IchvY)d(IXFHVZ@w9HxxUl{N{eyk>;0G7p8Wbzo$&6*IPJGjcfIQA(I|~60 z4@)-y5}D~!w#|is(t>|eYESecSh?s7?>tT@drbO#{%;zHKz4U3SBgU9v2S1#(tRsq zh5fXbwNM512U9k7NVkVl&h5r4jxLgNYD{Jmde#wmt^x%t040K68z&fU3m2-K{S83_ zwgaA`^ROoOYC0F#yzBGBKCrSPE*)Y{pPays;}7RN5us3TH|)*~)bl8Q&v^Kqw)q&L zJyOMQCFex}`8+=a-I>R2;|)kpBG2wmS(b1E`uf>vQ(8~=s#iULVjxK@`oOQrZQ;~A zCAw2RirYG}?CT8Uc%ExVGA+0`{kxs?HcKAF^4Se}DkM%C#|u;J5uj%>^SBUlFXW*I z-+lSew^QfqS7>x<`LCLv@aJNGaDKm!&O#=x;}+M}&Z7`0|6vbrbR<^mP_AdYLJy2xIX=1DFjL{m)d9^PKB?f~ zh?iGsMhf%3s$?|51I#pE03beTXY3Bf)^G4EeX3Ph&N{3ddxC-@L%cEV`yv+(v`Fx; z8;y>Pn_atA_Uk;)1}uP!uK`jAFz5?{rOK%S zDSY`qTBT60CH~NO80fg*q{G>j%{|{?h(-FPc@hTaPxT@1E^P+hmjE;w)&G?yqh3n@ z1;o*9@4L6iRFu>(W-Zc7W2EM|WlQXdzMRAd=eFdgz2muAsVeA#sl=Ahm~RQwtL78L zX}lH|P$dc8*;c1RxXf)ViF+$ProKV6{gWEdczpa9!NULL8jp2n4Ml*G;X_;F6eFL4X8{o z=_`dt;NrR>@`vp6z&Ul3zvULa2#|l{4WWZcu-*Ly`4^@aElFvGe%@E}Gg{kPS_U=> z0BC@4n|DA;I+3gUR#7P+kf?#v;lfQfu3OX-EcMtF$!inNFPFCyhEh)u8_*^2O8Ar) zX0`?Hj5X$XV%oNMHjCZ&om~&Ia)nCGHoij|p$P)c6l*}COzF+F5I6MQ z*~a=RVc`xA{*H=Zd(7GB?6^C6`AWLeC@C%k7!8w^f145g-LmOr5pla})9FcP-)m>( zc2(qw*V)Y2oY$Eb&Y%o0DKXry9cP$N!G(^l^mdvx4(T$ zH~AAr^jaOTYtQU(-bUr+A*y0aq_GzOSskIZMb12 zcj4OY4qm60_pY0{Au#T%@FRn@_8|8?ADR8&daaQspXw&+%HNR9Bucv)_Kh&mqECdw zxM_Hn2U3#guH8_2)09d!%kh!Es(cjRrsr&KHni&)nGlVFon-C7Dx$cYO#(|_$Z*-3 zml^tY|K%vgz+-jl^n}PTwIaK4m1MHR(EjyV#3X=dyfZ zQC$1!;`Kyi{1P`jJq2=hjezQ7%@Ya32$pb=8@ffLXUUckVp|9Ra$#Wg(X`U9F~tHF zdrD24DAxumW1fcg?(oWsS;<(Tp&4raA4ii_R>&dMTLByjy3330yiR*QvtDIx-c*vh zmJE`*1x;9=oj#GIUwsKx4G!5l+HdcB_w#pu-Em+_yXgs1l>3%{6i`tUI>G+8Ll^Z>QXvtlaRH08q`v&Py=-Lu+HGalSD z0n19^wks;25pf!y@?S=2r9sr5&YS7pi~HTo^t^!~Q%j5%->OE}mvWfX^2 zXGWR>rXM8?pA)kuZ#QhjCuY~~+W1JEh~U1nnwtnQJHA1OK}V|FxV`E7r8_t~AOR)y zOwCl!$sd=yH5;?XkJW+DZqXikFLNFm=aPNxpg-=uQ++K!c;&cv54icAOfWWY19Sf1 z&mT(ooeBgfrvh7(9WdP}4tV-o7$|uyXL57x7m;^aO$uyeB=yZ2*(BPd&7aI{c!r|l z%mU-WfUSd4jTYahU%%}yp_HJzH@Zu!FU`GW;Cx-bQCo`RMB**pTxMBNE!vVa3?xs( zeSC@7G0xT1uuJ5~S3i$(hHD;;iJXJ(pXP=5M`o(YcXyT5vASAr+O{nyyP^AW{jkOh zjRcJ6qEA~$ASkS)69_RD?F9dR5Z(>YCf?(TCG}#cQ_o4oHQLD|5mGO&gwkJAA3M$E zE0oYXJ++T;!MF&zSCxb>IEP!wv$A_mZ+v#{7~`()lI-n+jDo{JpxgI;aa=F)kdUUS z*tbqas0@JI8AmrB!sk*Tj+nPgEvleS_nDmtt%MO2H&eSPV9s5SgY zQARMKnWtTAXc7cvx;5<`+8E-&ij;|_fq@0g9)g=?JPS2ThQ+z>20~~EAq#S7(R$e> z^VNPX=!-qp3CK4_IGme~_Gx!&8OBQR;fX8 zt}-OS@Fh)g1;$A6j%`eQA2dew74q^5(6GX5>Z9rG?W3X?2Q-RP63&!#+uUioWffc( zu~1UK_P8tE`B5=ubhOKbVvm;Z^$1{l`%cdbC!-iVB~eX*$ey zRcpW9p!#*3X!?+I(e%tBsopsZngZF?ViLvfdwy3MfJPA{8aRh-^QoKZA+G>kR8u%9 zB93}MnGxctNebUHTklMFwhD`PRkh zOa-Q=V~0W5U2AJphP}&!#4(N4^nD(Epu6ip+%Umzvg{-`xi!pUXCZCw@cfFHa|@HjJ_6SJ|0~X5xCM50kW%TVJN!n zP%({tz0dxDB~O}8h_)8@2#R7%zL#ZwYh{P0FD&!EzT&8;>Q6>sqvXyAd2l18x(NDu z@0qrY@@3O;!};oLvooE0B5!pdt&8??cxi5rCMxYKvMmZdi^pP$b7?G?ybdU zj(yrMBWNO~`{tGvb>y&Xi*2{&oTcjwB8}Sh%83)f!5(>Me7)g>4;W<8zCRc8* zmezbsA;>X%gCSfmJ2$S@x*X&0YxbSe^4{H60=$|#lAAEK7K`2!dTQ9mJ3n6j(YVp{ z9G{Umr0|2ZD@tGTGf3%4r{fN$Y|r`!@ADn6-mmF0(3shF5cJ@Vewl9fS<8WYkS6w! zPxyfEu;=>mpt#cH_n@nmX?AZs`!D2hAku-!ih^H1mD^lxPvf<3dss%_(jDC7B}=EE zv8#ALf0U}Hr}0LFBpeJHj`(s5B6VN)VHcTIh}-#Srb$3E=oe^K^oldKWsLdF#*+&J zLzeaLU%MI+`D&WXJ$8LjlttsbDK1d^b2+7PY0)YV_cQhULDUQ^k^`^0b?t&Y)$IFt@*=~G;t~4Z^KlHKb z8LCLT%&w{XyW8TO%@T3}B4v`|swhjz%%VQMixZA$l%nis;2AG6uVNN1;$6Md$wZI_ zBR7*nT5hL4oA=uiK040Y;nU*`X`u8KeJOl#>a}_yzpXIoX(ur^wR}@K`Qw~D_wUn0 zQ;#ww?>Cxw_WN?TM|{~}=Y4JS@omPS6ryCJ=cG_0>nF>m>fPcm?0uo7WY;GvzALSQ z5fMw^Ptulb*8z#Tpev57)_8u0MY~bRJh!fsXrqXmSNzmQWR3o;`^jVT8lvJ zP)5x`O+!9@815MVSa+@ZgN%pfyKa;`A_7rz-S>yW-IydsN~%@4aRTCPorOD_Du@Uq zM?141C2>w}K--^ZoQz1AoIT}L2>mFNzs~Z9Ytn8Q*esrm$Sc`*vfQMfmI0eAqm0;& z56PwoFgJDo*b(V^@e2| z30duovta2IxB9gfS zKWd}s$-B|>?M}2KBLs0QD;U+8jy`(kkxNxMHx-y*in+tq&)w5EOp~Z?+jlq*$i{14mY-$dxlV4yGL#x;_iqZ z+Tu&2bJ#ubF^!4A&7m)8MX|G-aIm+@(DbyBH!TbSwL|MDxf&H^248R7jj6BdS@Hbv zf!fXFWvZszt9&niMmp!1Rb6fEhl5YTQQy7x8EBGGl62F7;$Potl`IC+c)E73;SW?^ z2|tv!(w9pf8)e%^LvDxbU+h3hFFSr>J!JPb(a5^HjpxpwHKAT5iuP(FDri@2*s>X@`$R=y>VjE}V% zgPp9)uL7|W-+4LppN1dtC$h!n{kNtyoDB$DLURjRh^~}Bb^b;+QCGOpNbWO)=xJEeBq=50#>#zcHr_R@UI03F(MlQ4Kg`}2;~Aio2~(U4Y>3FM1xF@ z_70X%^@5u{8^&w;?{N}GS)gn#I6`gGYvo**P*&EoMr(#P{5~; zR7_+imu$*e_rJg_zxX{n#$s`BL@&vP=mKSnT=t(uyCQ3OIRC8Yap|@EKZ`oBaXtG> zJ=d)N8(y+vtA6wAkE{*7YU?tlDKdc#1rx!)G&m(BtT_E&JjE#m+FyU?K6HrA4UJ;7 zj#4{Fy}_?%*7HKXi|dIN8QFW0gcO?FXEFirCE*Wl4s2X7SuUaev=e=egzlI9^I z${+vJ9C+TN{vo?bP}^Y`Y3X<2n?n0@#xGc>@qSH;f4OD%#9?Z|=q-N2YG7&E@|`6! zOg?ov#`><|yVu!kA|D9yN4?(~T+9`{Y5l;h8;AmgTe5Vfllk3(i18cd2I^K8loa>h z|5hp2g`ntplInQpzH1Tc=z|lBG2Qm?B}saV-k;!-(|h8&T3@cjHBOfuGI`{g+9drd zDEiqEKBrsfu+oK5mx>!orF)#5BhDito^)FRuMWu>o*X4L^=Zzz1qF7#K10UJJ)Dp! zuTmAv>`){-kTa3Wk4++c{^%EU`F1!~lUQtRQekMw&z|t_tUc*H$Rg=*DnnyA<({24kT&V?fOmMac#yd+&SEk9Ouy||s zYVI_b)2BuSu6+Ll%iYTjamOf$=0KlOUK$flo$5u+k={UQ?v({IBtb+4jmY(Bb+jYQ zl!H8MY@Q@0&nTU=h>O%}LB;|^oOiDl?fo?0l)w(`fKX@Qofh8M{v9mplrS7$XU#4W z4nCnuWfbcSPgkJnwI?WwXue$44MbIrxJA2rmsA)bzs5V6>R4Hy`R39FRxAY)utNeC z?eQ#LUhTUoZI^7s93?NnbB$*B3v&XC&%99kBermJ!`ochFQj>7@mt=0`k=r#^zHF0 zg)ARKev)k8pFafEM#x=mA-#rQ!%1-4?J*veJxeID58Z7d8+Fph`@l68Wp3WU z=YM>48o224HL_=IeggN1-UKq&D)V0LX1$pZNb*0yfDfc6cxUWxppK2KaOzKv4Ype? zminO=aqg`BH{GcpD`*wQjX=Xq4r>4jJw?ga}{8 z-KHhqf8M75iyrv+RO_wI`U=-H+NonXKu+CDftIHq+S? z#_7zurWj-}TDw`MSVN}N^vv|E8!Q^40ZULW43P9Oj|D=s;4?{kRi4*h^JfivadFux z6uQE~I~vU_b=SKua)x`(_3&iw@lMbD(W|}@53Xe=FaKX@5e?>+-$fz?GIwWak9+wC z5)Fz6x61AXYC62|O>z0)lUn%zTqcA46rE5};b_XQudqN9V7naeJ2J!6`^7IDy0WR4 zJ+oL?c3f{^yd5($$-^=3fXP}`W{}L~w{*)kSw+c@&b_?sSEkv^IqrZ4!pSHz>(8mB z>ucR8;4`Po=w!ssvE7xX)i{3~Euo5!55eyop&nGL?* zZHz<4<9?P@R`Ef+wRCsjOatFOciT@m{H`t81G5tEjJQmiw9=CsnyfvZR+QnYf2+!} z3Z2_zKf>Phl_fkdiIZk9mA0|(*Awo&xM<7?(LGD3&#x~L;=+Nwy|?sB&4Z`JeF=Kr z)Mwl-`*N{!E_iYk9gPTosc=79^SM8@^UXpH;l!e#iwkbstBeqboRYT+9Y;(g#wR=u zX!vnF?>b>_$aSdhkM+QRvHABjV)A^K$~XDNb*>F3>rQ@iW;j#NdsxR?D-1&utFeca z_skur@z>h~rDnlW!{f;kj859>^&)vyY6iw6mIc?Ex{XExRoEGjMjf>>BA8SNpI?M=a+JbdjY2;`Wz(BYuyca?>63-k%2qFIAO{ zW@Y5+lGyH#6A}Dq5b5kfq15l~BW!;HB{lEmx#d=y-nvF6#Od{=w&+C;3B-sf;OSh9poBEA~nEIWRz zSM_72r)k1&(|lL5XWK>R-(XIygQTJ)Z1-zTDHWQ69ltd#!RLN;B|Imx(Q+mACD84_ zSDu)-!jvr(nlw2-G_}IensIUN{ccRE#jdpF$d`Pwv=CT0iya-G`8SS`zaH*`tb#US zp;vtg(C=9!OwDe3MobD=TKaPQPF&c0q!pMaBwgSXADQ?4k^4fOUP2V}%X2Aw$6H&8 zhOgE@vslWXvAvypZWQEGN@@9xCZv+r2Ht(rs^I$r|4Bc`Lnx4(a)c*CCW*REV7MOy z*!81;d4@8LPwv*%M+&uMIpw#z%japHf5Q&=ArEFvrbBZw;N)^p&Gcc{`?kE-6-@YQG~I;xIw21q{#UdI&FUd@HNx z9qboV4h>0xIA9j2e${_mWIm6}ei1oOU4?@Z*mV4ZhVxTrg!4uC_K%Z0=Oi$zsLt`_ z2sqdc^OThp2Hi(T=lV!s_c_$}9u%a8IlIi6Sbxg#cf;6krb5OU=zfvvO64Aw2?!iN z;E>v!CDqRXpE9<`VFgoijbhNv%vl@ZTO zqV|uKx+6T7_k?kA_0UdTMtb0vXg4BU3eOD_iyLd&^RBsJ65;8{-U9JX&9%{ic=%il zX*Ylz%q7C0GYoVy>rZGOY$5!`R@|cnT}R4LWIt?DY_`RCGTzB{#LK3s1m$oeZ1eEq znDBHUQN-~Sg~{ZkcV{DTne`D^JLSBbK6GiBOpTxl%N-8pjB;T`JG4ZU!v%z zL%N0wdHi8!?CaM7&j9mS^6gOORPvAUJ_-MUK%8?Bz<=$n1Wbmup$KkQ7Fmjydv+SI z=%yFdQ*`(R16Br;b6OLs80n3u0yMe%>V zSeh!GvC+7Cd7Iz6m+ETvo1VWvBN5UsI|?qOVpcHu@)Y?F`Wnwr-1pH>w|=G3^i`J4 zlAl+uvhn@Mc5j?3{aaPP^Cn{(_(YU+mTHo-w&NGZ2bfiz4G_O`K~}&Q<%38C^BH%9 ztuI)cUHu|f;?{khQmF#S_s9N8FT;=Mg)UU{6TM6wYcv7UMCBOW)Chjd=R0j+7{?*!}bixpC}^TIQ;$5EYGl)1ba8iqAO)5!WKbql!OU*+_p1 z3UD5DUB$ib(*(qm#fc3t|8dSTI^aP2d3OY`;*_T=9p-s|JHNape1k`m&X2@LDhNm) zbw662B#cB+(3Rq6x+tuow3H&337;15eYyovpeT=n&xvAJ_vGb#$;j|%*)$FhUodps z%j!ZAu1i}w{>Cj*Ab0VE1Zlsqy)d<9`uVzukC+A!A7a^5iTVH-dKf!>8|)OIVJX+xhLpWr0?JDQmI_%pvDK0+_AR%1ryfV!F3y%)JzOo<1J{jp$I~YQqsS(FoY`^rBo38}Mqf{vgO~-o+oc5E z+!XVt9^*E|(FP6}*b?|S+W8qd+v(Hnu~0E5(uZ<3?-kt8P-GZ3S@>PA5drK7*bX5N$AS|=Ji|i^VE_I9} zUGkKP$&t|tCG^f~w7MbF7a|=nbr$e+AjF)fL-~xxKVmDB?>mXzF=+ivYF z<|kiVYP}#N*Cm$5LQF97C2A+`(q-lkoo`&$U@IvH=!+G=E!@iZP7y5!%v8S5$(?*6 zaRb)qr>>*9w&5vP#T=Pu%6*kKYnU$D~&liRJ979qR`*D|>k#*_s_`=#Z< zHy?u|zQ&t7B>9Fl3j{VZ>vIn+3lK7RSzPs!t~dDHZ9y(}GR%D9Wo2L#-9%hs!o+ zGA?cw>*O|!gd+Ot>sWI`ROliaYnN#SB2ak(dtg*m$m0jj*EQ307+Bf&0%t_YZkE>e zN9}oW$!zGUWw{l67*8EJf7j>R1clXUGL-ebq~8lm_;}w1E?~|Ky#4Qx^J0Wxun~@K z2%tfzJLg2w-q$y3dB@}IewwMtgyOS>sJH%Uke-JIkZJps{a)^PDB6A7D(oSJ$9U@? zl^d^0RT-_g zDNr~340LT{3vK(ALO`Zn^rrh*ibj9`DFa{^A66k&DNGtKuKx{Pf9WZ$L`9PPvqWqk zlsf)Cxi3LE=F7AFV=8!xCWEv06{9wBqbPPG*XOuD;Kqd)WR=&h+0(keRee%nyCr%4 zmj^Z#(|d~}ej&vNGttlxOBeLOZE&e{IRh=_bmjqRcuRIk+j$I{1JB6w&pFw&)uMe;8%?d-NVYr*{wY5>vy0nVxp&wVQIE zC7Gp&H=Dp-o>Xs28G%DwTr_E?pjc0qKnF!>QA+MWP)$nBdPjS>r1{yyW^C(mg`*?o zjj2qpuwuzp;}rv_UDMVW-=s97lC0d6)()Qkt>7Xd*e)&b$uCC?)0;w5qFAvaXj#bT znbJ;PmsJo9WI<3!HTBNV>cUz-;EDIJD5nnhI%gtZ zC~1G>HnW8r9ZB6HtpV#=T|%cer$H;d{S1o+2J9Qdk@Pj%R+rAb92=86}R*+gJX=cVf-$`sdq zx{*?Zx#hvs>z{?XkCRxtec1@EsQHb=pvEQ_q8bG^ZI9|Cdkh>s9InK-hKYrcG;Wn{ zrLCm7))DF)BNlV0tAEy9be`*~s$&0k8h)2Itc=flHQn-kL7U?DZ=ppJIeJ!?aPWo$ zriG_~RrX^jrGvY;V-v;Ob9dkf!ji=5!W! zcpDm)eU8BIbLFK-y05G|d52_U2CFp3BB)-HvhYWp6V^`{ zR#5V;80i`mA|W3<9lOHb{p~cbg)GTe?tCa*D&}SKONB!AYgB8WNecwl@rLH{t4SApQ&gYmFZXw=E z<)2Pty_j!!?t|hsoDXnI+=(<)o=0U2H_KN+0B_c4Dh@5TcssXiMV}ebElIO z;_*r^G+{8H-aK`$!S-Fsn;xZAP+Xe1m$ci=QW12>Ni^$C@Htkzpp__Q?SRR&k3?`6 zv~+uiA?rJFJRmaBTJ!I<*Pq#CRh7G zyk``#dqMGxM%{O5m|`B1I&>LlO~dD0vi9?tP%p;7$6q?FQ7!RhAg!L`M996MDXX(o zCm(~pdFfW;kR69bSJ3O3t2X_zAAn}9 zJIM7@7vmDW>3Z|WtTcRR4Q|P6i=T>ya&8wt$az_&-+%L=%>I4${il;_%TF1_N*4>1 zI^s=UH1lEAWYkQ`qeeWd+bz}8?Fhm6KMKf#;*nZZluv%Y%^)j?!^2Y`rg62=1JJo9 z43O;Zn0wnCF&p~mskXKz7iuF1DIgav+Grq0NRuSVrh#lGX=xlz<{0mM_LlYK2NUpo zyhsG|3?tPY8t!btqm1Y4f$k;x-THLPOE$m&j}23U5Hh_BZ1k1eaRJgBLmuXu#bV{R z9Q%0rsB3547G8e~CS?t|Z+2}>YdAvF4Fj(*5`kg&(ZHjKF8VH;wZYe2nb_gxfQfuy zVI#tw5P73PP+de1h`nSBBp_^Yx%E|aA-~VFIDEu0D=MNjxM=xZuMn8?0o}=^A7cn{7hC!R!uSI$dnwWd9bVnY$wMELuw60B@ zO((#jjz6dj`+w!yJ#uXB^`S{r-@HNSy>l7*qd~b+=0)z=9svraNYKgg>yon^hpA%B zfRhJOhS0IL0T@=G#-nqr*fAS5EPBz_JB6Ox%z9ik4%WY(kf1$wO}!I*=jYyt@Re6C z@%ya0sSQlwh<==WNV^}D|eEpyR>=8r5iF|Qi{lzerEDUSGgva)LH zt;0ARiQSiiCHM~!*C)f9w*Cf@EZ_z`k@czqE|b5p)#?tt@$QAB2cIFzG@F;D4hEuV zsaSqUEc6{GT~t(AO~=|?i`CqG;(gUpQ%Q5aOb|C!-^F`)Ll=&2&0+jR~+?-oeNdN=001E1f|hcqXBXjOFX5+to2GU@~`41VI) zwqEIc_H!w`(oFm;nxBu|sKx$1fTZk*mHtVBeaZ2!dmH(r+kH(m_*EK82J1@1&~D+jYjZ<+L>t-RS(QYaJ$-qvA&)l-_m1#iB$IbqPIH)g#$PFfvm zG%`1WT2O<7%g4y$g{losr(mo8zV@O2;n5ik5s)YD9QFG1b!Y9 zRQV4=;N_TX+H5(Q%pV642|U7=j+n#aj7E&CQE|$#^0!d;TL;@06*sBD6CB5(B5Wp} zC)s@G8z&qv_V5d>i4KMqBbER~4VAKAw+wRVAVwTJ=80h%SGFNC;j!-Vp2wceUfmi8 zHX-h-4^6+zP1{Hl_?c7&QyE5wW0EtEth!qB)@TQmO&7v8ZU?yhU^-!CO0K;FI-`;# z?m1SdXX8Y`a$GwLpm52}2!|o`6F!4ljBrZ6t7(_bu=)6Gdw5C;b_PAdQF^D~XczzS zWjW-N+lcVQcL}+?N=jB~5Znua860$GXn~h=go}y+8<&7w7Y@W0bi;@OShf4D$nNO9 z<4m)%r7%yt&IR*Ix3^8>gwcCe8}d|lIT?>s7e$-2<(?)&p4yDgEw^QW4eA2rNbYXh z^6@Ws?RENP^_rt_HB;Q^cS|jyMS9bVs=|@T@$m zXEh#e;_&VCVG@!Mux=TA-Fi2_nw=Nb>gkRBQb(_x(f4GDvBzz7PLX%BBqyG zV=wg3c&r%7iAzUGZNFAs2FpR~H(SNKpJ?w4W)KYfi|0U&1*>G%KN4LJ;!5~&XGwj4 z59^wH;&F6kvp47#EGkM#!~U0gh=l&3F4^6WNbc=1D~f@l;qjhK z(mP%AR%FjwzQ?m2%WHUN!!%Dm=%?Llht@{vNQ9JifyY{&4oA|gm8nnCMBcxwwj(hZ zFAhN@&)tiMtoN?`a&54x8*AFppY`ZjUx8vap*>ePpcPwAJE@-W!b)g84=g{XSPxR8 ziDBC7ZRoz-q*169pA{~pD;EG`MCi(}me!$?O{ilOXXhsVEf|`4MBftMAmA+-< zuJLElY>M&Me{r||vy#7n@CO&gi~a=I%Y)Z7{!&!RFyJqp!G*V};LoDNgj=P5!Q#1c zwf<7{ zFdoUlzWI!i&#`7#p$S^=Ey6C*D;eNsxB$xq>NJSU4Dy4TSG+een9a(w%>1c?Mz#3E z1eqhQE?rf5M?By-Ba>tI8~tiNhNbuh2X8 zumVe$4zfSfwhcXLC|*tnAA8+xx^HZQ+Am)qt&g}y9YWkSUwM)j`3SpmM3D@-tN&I) zePI8TiGzh&B~SUK_FLhF9FznU>tOIZ`Bu`;gUizfe3IUfCTCdcq<|3JH2X%pu2+e` zrU2XK9OXfnE(W^SvMM>mqwNq+~gS_ z$O8JM{~K`VhI{Vv1mLdPXWnq*3T$z(@n8-i>Vwk>6q{_S(8{G-f!p7g z1qEYB$on`d-pP!u_|t#o<`zFOT~UYZaqd}J`4F_d`k4sa=ybKilqm#zFgN^aV=8j& zIVM$I=*DU5)HDBND=fbhTpR&Iy4p8Iv>S!;O)?AS+pU&b&g=_g<@{$%7VFYc@&GLDZXCEn5|XT1Uz_`XOm|GaLcY;%E95I<{83lEh z!?1{C;n>*w>6~=XkY8O9{A@|JaYG-}y$y4>i8=>$zk0$igADFHu<@8etI$Y&!OQJg z%6~xkB{}kc(Qe!Q8b9tyi%N;qTs| zDja7^XsB&`jy(g2;JVmP0f+fE#}BKpK!hgzG~-qK+?)!ymeLtD&JIbF_eaoKGtDbuxX!LFktx zNf)Be8mnNreTA=a4+UC+54^ zmI3g{4}rWXkU7m|f+P!X_BNyHyK}ULvT|s57dyn@3_D#B+^c*%C_ecndS7Rqz%Eyd zA5yg(O^#WV-;8gPt--tw5i4D?;gxv(Uak{$jo1{5I70L^Oc!m1fhX<9V9%EKw;|Xt z%w;j;SvL&wc^Z2WbY|QcPr^ISKH;tTu23UTuJHUxT@gc+AmuiL*JV0b2#5Vhd%FGk zg<~e_L|+;MZB_iJLgFyR$g@abe+`8r8*Pi#E+1!kcKa(C|ku=k!(O?B=|m|4(xgjCq97n5MQI`>AP6EL(t9GkO6VN|gwP=*A&`({ ztrMT;-TQsd{_%b1#~$C<`#YQUgE7{cYi6!l?|IMbx^7w`QUbdDiZd=}y~c199L4s) zD+TZrSrSGARD1>&;{4%N%;L_@{mJv4P%CPg2f_HqB^WIv2 zX9g4${ELgNap=tg6WT4j`JaN@;ay*@O|T{MFXs)+fQFN#Liwd0>+*ckVIvwv&P z0`b4_;l_Gbuu$`IHaz_};h#-7cG zNQ4(oFf>#Xg?uY>niKV(MFx2Wjvk%rOMU`^cpUm+H)BJm({CZLG;l2smZ_l}WN|0v zdJ4~vVhpPW8_$?vOpObH<~Zi?RU{Bdzi7!lnzU{;>f~CkwwUN6BiC6;6ifuyMnS2i zhE6~GRC5i)dTXaInkA9|e!db;?|}u}rcYN1x+c(y_2N{1KoN-@%oe)Gy7EFiMr|8% zNf@$DNi;LL#3|x)PkC8PCpNl7%@R3Y0%`#ImY@yEQ029(ZN6$!gX`BsI7%17%H|TV zP^nEm{BxF1R7vn`V9fLA)0NWqlcJvXymCA1vdqCoCiHSVkho9zeH9^$BwDn>V5~o9 z+zT`;357#W3Iu8Hb?+$keBUiCId)xA{5jh4k1o{2)`CcN%xlgI1G8oC6sGf3rrWO9 zZ?k?HbnWCI$Z#0?O?uvlo?vjQke9fqD1PNt-oZod=fo%woD7>zaab9+X#atY_mhtR zZVx=*&pvg>q8l3ct5EN@K{uu%2ao++=F~Cf?KJnvPXhPhb%=%qSmfU&+`FWMtT}#< z-np3GXcH`Mr3~CgR*t+LGr5Ev-R9}!htLBAkkNijn-0|}mcfn3OS3TFHE+AEnUcqD zZtzy~PTsUl)f4_|fFhbyK+fPvG1Z{i3wD$ZTWGT!nL@r38ESs0I>Pz3LMVA=Km@ic z{pOEn_kL9~r7SOx5ORDae5+P0W#)Y`lu2?2e_gSKKS`{~?2?-qC4pSo3i^zI5G!(X zF=DNzBOB|My~0-tj<{H?&b%2A_MLDHBM&D-&3&dLq$~qRxhp^%qmUTiZ>U_CQVtAM zhkQaln+s}jck{FK>%xmjp~A6X1wepxvJlS`J%(#M(q4jm9ljVAiVzP$+^pI>KgOeC z=r6a{>ZU$Z6y&r(un_@F{BXHM8Ibr+$^{%xkjrZZ*KmForX`4iRX)!^rV|?JGJ1nQ zV_l~zaHA0szeN>39k!jwUq!p_@qvZ&Z#+z}bVKUUH^MaTi~~ZB^LV)gp+XT{rxm5o zZ34CAw+y%CzHaUVJU@K3kXn7P1qoYqw;IFC%Pw;iZ4!7nf)uon?Z z7CdtqAc3NIJSTpoTi~wzudH6NtM|b8(dZ!BfwyVsN7>lb;j zH9=59?OHpx+y5{($u!R}b%4!*aOH@1EKW^Oxb{h}(YCktFM5Nk%TEpd z7tYq}e^DdMdG|cYEx75@R@sn)y)4dO%`9wCMh-W%h7aL zdWF?*(0hCNZ_r;SDlzrLb4#z?ev5b+>S}ILV_Wq8w98kGgk#Z3%xGNrxyUxq5Qftt z)}^aTE_;j#&P6i{p{=yeL@_#$xMIk>)l8;@^CQAnc2&asC_)Hi`i0wcCa` zV*@oHHE`*AdE+dX;4%J=U<65%KxnNi?)vdbjHigEc`dM1r3^7Ug(kVRW+b+suIOmBS*?5@tuC#;5Hcf!k2@!!39pnlQd;Q?qpf5A~=B zOAJ$6%^+B9qmAj|0c($Z0tQ?O_XE}p>R!AvXKH{*Lw=nj0qai*X4NG(H2C;Yo|gSq zQ|=wAOV%wmHx`(MEW9^i(--yFhtgM6WH^EFy#$JFv6oDn2lespNF5S zXn_1eMb&}x50TpHzvFbEK7Pt1^&L?-cz7=ZNjPcDcFc{y;_FabapX>LCDE4GP<3g* zqru!ThQ)vMe+xbj*o6g5!FzX--(gHxOF6PhF}Bwe zT^20JQO2)XsPAAdO&s;YTA3sy-iz*zlQBnk*N;75xN+S4YvgRn)N6?_4=xGs{*UCC zWJ1iU01SE%B~yRJ?tdFSLxN=I`l9fv06DLCgp2-xS6|Ed%Fbc=&Ln@TQPehG8XkJH z%jCJ!{r^e!pIRZSpW8yXnehe=v$r)$pDe^4K3WHNcii1xk1M4yex28A$vL6BGhxh^ zXcOYP7MO&*6FMilQkcx;(B$s=2Z~+NHrHvSW%rT76P=KPToV^fdRXRqqPmQ-bVgfE zCVkz+uxWgTnF(QJ`^xudST;l_d^z|A`IeCA)w#a-{bE?GCfAmTiL7AE>^5dz|AtG8 zCvP;yuqS#DV#zxGz`ny^6HmigZB}_y)J#Qwb~2I`1HNwVWjet;oas9WdGZI`#@oK& zQIH=!nZ=8k;oeDZ#%e|MlPIv(9=u=mc4~jU-*k;^+Gd=1{BZ5&AYq~edZ(_prSr%V z$(L@EkVqvGd`~;eEI2FWoY^Mh7mbOpo14}?u2Ojg1jVhuM}AmN!@}|hz#?0j($~!5 z*BkOY9%q37b4x`ae%|!O(S;8CNY+BMhflMGa?(~X9<#b=9B0^*ne{Tl)_6&7l4PYC zXI#4#Pw+*62MNO4={1t&c*=r~f5FQ+k8o@rCu{ZxK@_Fo>jBcAE#bfdoD7aRkBPTj zEHXu@f&BzowjbSZv#{{gDp;ttd5+Lr_|kpUlb%K`G7B7im#~%({Xt!8$0TSVZ>1bu z$8@ZXAobG_&JNuo@q@Uw1q>j>bjXdhWx5MF0TMp~yNh?1X|K19&){9`)ao1pU4O`n z-yKfWs_@Y`DCy63RX!xVG0SY&z`K3f$F{*-t_FHA+ey(YO~0@F;SRAOO}4i+JOHYE z=EK7aq2%N9Su+>@0j(lmV~b^tulxay_UgZwdD5=o_D!Tp(bUuU$h_jc8u#k5m0z!B z4-3FTQ~u@$^?x9=ULQhbH4qw?v-kd?^soS8;#_G_Y>(wR-2U7j2R9BvLGn9nC79OcYr26YZH>bTofW$E@4wagWMzh`_<>7A zDK})}I6-=)7eh@ZSmyNEe7%HjGP7n9FldW)rEj{4`qL{?n3`?gPD+$o{;CI#kpTH~ zdQpM`oRwFC?U!J*PQKr93+iAGIf!3Kf&^pr*|3drq{$Y2L{Ui3*Ceo}ma<07(z*B{ zS)rG&&kqOq10{BejLAe{Wp7izb-6U{^&NUYVzsg{itu(&rzhlNPGSH!XXxm72?2sGJZ)IqIY$&o4&R^EiN-$9>oJBIoES)y7nuvxn+Ojs*)*?d48xT8)##%22^qh z_@}=Oi||j`x|J*NH-E~pb*p7>(4%Zv-d_wU+}|Xyt8Cdkcx;KMWTJA+cW31rzWbt7D6TpVh}8!bkMddw>mMvR5Uh1Qj8bm;v&DUx+<5%r0uz~1OjnL5`krAXxu zP64x&1~A}}^4vyn`>lY6(9<9cO^PJ%4A&MpGsh|3BH>_~oIy^jx%&57uR*;ISg(-i zM6ZGB`fYgMh1XIK7%ABLucFWSH4b)CIK~V(ECTGFZ?rw&7bSH^q)LgYPKZ^R? zwzXQ>Z{U?Nx8DvE&*&FA?3*aEt!!M|w*Pog7nK3dW?ETjutVYcZv?VT(pz?-%&})vC7kRh1rN z?Kz_WhP37;8_jnQ~*UJ4XYAFn=#} za`C`3n(T*2D>y4*P?c>41-gI5Arax*MG!>UAPyF|&bz6UkNU7}twvN1i_cqx3z>QD z42Dp!{PmA9bKl6*F!)>N)~z9&3ETMl-VflosnC;b{7TgOGVzXu8n(}TOxxa zmDyA7#LE6C!b3r@di4ebGvsqaJSy0I|TBL&_P)-jCP@^;Zy zrRrhGorDyON?2}bR}bRMBiYZGPcPOI_u)3{`E8~Gh8P`tm+JU*n5f3iY>4wmzOY_P zDV=aF{?k=#!Mz%|XZ|#{NV8V8RDaspjYVZ(;{KTY#kH%+{eJSW zwkOxe3$O{t zc*7(9t`1KQH1{qXIHh`l<$h-@!~M+5pGTtD!n}Vjm6J9~qfc`2++Y4Cf;P9Ex~Me| z`g{O=bV8G_-4~RuiJq$A4(=bBzj`+1R=$sY8%@DM+HqgZx&Muj`G+u&T6$kj`u@3? zDb9(&!}XjJX|Klx{_us0fy)+mt>0Y#-1vIlsjX`NyFcX0Ge`x1rqv?1sKtTgshi77 zTym?4law_Cqyi@_f2r8VAl0%_AND&IlQKQzjnbI%(CzvQy6OeXg$=_@>~<&bW3>zm zJxK4f;SwH%f$}@VDU2Yl;Fs6csS#ROKUa|={AtO)iTL$1v^MdjRKCqFwg}9D4WNI@ zcxvkwylJozv6eyDyO5?Ct?2JxwcLS>6JgnjdMp)mmbQR{Wt{Wl3E8`dktXE~LTm>6VTbg zqz|ru*~=AuNlI8Q=di8LwZkH+j9T(?Vr|E)8_+lJfeq+umK;q#olZ7HaI#(*`ksG# z2M7ihr;C@x@;Ioi{H}l(%W-qDa0h*StioR;qI5D@81B6>6BY-{;tzp5M$(w_PgoFvCw{4g?Gj{PNPCWIe)ejykIF)bR{pY|%TeolGe<-vZt51fHa<_HM zJg3MHP@4WQdRvA`ePTxhf>tMzkR8`M^|j$?f88H~4T*?MSMNW$XSC|33p&(4?Ink+ zeH&XTt#fB3Eb{l7Yt~&4=7)4~0xfe!{`MC+wr&U`4Y{b`4qU^}YQWq#tBd}@i4BK+ zF~K}gRK17OEey7AoZuEsn3wxoL|z$~Um^p939?Nwb$@CHXsRIq>OHuI=3YI3_K#wvZ zb^#G|_ip-E4`NNHEa4^unyp6X*%~UJ8`I*~NZWdoW5x{Tfqn~|aZ^l?Dy$3|>%H{l zFdp$z%{_2^S>9{+EYG6W8!s$}*<-b!DFH41cO&K3v4v*0P&4CG^l~x=87)kFq#UT& zA&2sKwF;7TC=s28$ID;@O;qoo_sh`p$!9%Ie{Dw0#GCvPP zL@-nd6Fey6?kui5I9d+U6+WbqMw`RQK>P;v2uF^FLmwcAz73(GaYUpDYMd;~RAL{_ zpdi*MrCV87YXS>B=0i*3tevKm^-@g2_(TCXuriFPobQt~2-V7soyY>8YGK z1<s$nrFkxIYhN=&QgyMsP5tFPe(TwxU-}MnhAV#AZ=bG{@>9+w8z~Ih2$L zbQ{t^fHAMCuP=><5YNu2slT=g{O$XW#_l_7Wp;GYXY%NM84(Itzh{2*B1jpN(tKbv zdQw=XND1V(@;gXi$u`{2%oo$4F(G4tSJZ*UCJ)j)mkapyfJ35TAU52t*`^8;LN+vp zS#BYi4;^bRX_mUzLhO-DXFq7zD%2eSB4E;CteK}C^&xl);5iQ83NZ7VG`Fhw%~qQh zbiIVsRG!hf3db)a6Z(B8yF z{ScYqb@0(5w>(Pae$07Y_Nn_{Qru8AkiV{_ z5Gtpok(UgHaCKEFzk@5k>OS1?^^0Ttn5mBd`{du}&-VWz5Dt77K1VAw_NgMu+TrZi zjfE+dt!#5(Lx%vvPzyJKH%M7jMhCHo^@E6Gf- z%@BVBQ)+SMVi>(9yc-u=m?1(_L?Rw4Q|BIb5hT(cN((8IANSna9|nujD9qzGFdiUGvvQLg)_yCt)viD zL3+0vdbD!vOnlfac^yb-XjUOF{|*{TX$M+mdA+VxsU;dVuD zdh`3jvWR^<&9&X&8*vRyVJ)Bzt$kK8m+_7DjD*3vxWUqP;&R^g69s6O{Lrn@V8cp+ z&LZL-vy8!yTz{D0+lE+tY3~fxn6x5A13gZO+pK0rB8Gkw_A{`n6<+$Fe{02!Sw^Ta zfG4Vj;kTY`8*la@sl|3~Fxf9{mq3~y_<~-AVk!%oZ-f2dj=eOD{1uF~=%Td|g4As0 zybIx})InCyRP_=Ad>aO}rsu-wNd!@0mP19m15O62PIZh1O9`I9{DLf-e6J0^yYf?7 zBnCy^5%9|n1JnjZN-g^6)Qow1*!E|F4RkAWNh_`^3ny#3VY}bX!F# zqAP+N&rrYl8&hCxfS%Pz4Xa#HHb5teCM2+R{=GL=@cn*W(PzAl`@+$JO(rqd?kIe? z6|-2Q$-bRw`+w(cGU+D7HoyE}fOWC!GjaQ0yMT<_ZId5K&v%-ft=7AQx(vEs?Y1s; z&7~{zoiS+TB{tbwl*GzCdG!vn?~n-DXn80T@9!!;72dw{DK%yH-X@F52NX|fk5!}O zm*Uy)pjtQU51u;vWmKmBfVooL(`RyqcjvFDD(~g^Mi;whg!Jg9t~$`;o03|r^s=xX@I1r!A~t3v>b3UCME8w6Cxa2*k`HzichSZ%qbT8#s(%$_fl`&*l)g zSkZ}`a9k=4Tz3PzJy!Li$5(nk0iKi5Ie^gkQ@Eu{G5UHucy|l00~2MOqj8Kz+arIM ztTp`dM*Z+R%YSn2=_<&m2&9mkVLMP+p6dC=$3(CSrcn{dhTLH0>hTx|(~dr12o4bB zp(JgEDItt+EBSqnFbs%bJ~EyQdZ7gDB;KqBVKTm1fmmO3SIfP1w%K_#jpB_h8m1*< z0P{{`079Pj@dFE4afViC>NtocAZhua#uWb?j*}47;$%hrOqeIWygyfO+(9um07SqS zCz0^id`|RvV#(QyLs@+`&lSY~Uc8}drle&8@KB(_{miDR3#>az$`)HrlGM67$9?MT zt(Al&ZkO{XyPW64+tvOW9aqdM?%F%>=05pnM}FH|ZKtB0e0#rKvY++U=+Sn8%h%rz z$@B}1-H`k=+Vww0`?c#o)LKp8#j2Mi1NzMfp^zz`2Q_-hpuJ~p#xl_SL)SP8EA#j<7%4?pf6vfAP^3LUay{2(r zeP5eI1ae7gBrP@rxx|yn{S~$e6NPeJSTMfh(EMz1QM9d++^C^~t|FZTikVXwMjhcR z`6nI)grnlml^VDVB89*&%*~z(S=d%7q@?OH2*Ch}32w~KZku!}mo+@HJ7$Qnv@=YH zK3IS7vZVwi0h>U^v);$|L231>i3>B(iMG;U z*7I1c$DwZQu!Gc;6S{cP;#IYQg2;?a1a6cFo1*{ll>rx#byv1Pt~B!gPEZD0PW#E( zzS8r_B#6Ivl`N zGTV?kXX6IycAEMLhp*?lzLbe^O)cws!tE*quFznu$TMH&rS`=)eEo4|<80CAp^pOZ z>+`9`D}_U_0%##8<wEdc zNp1Esc9%9B6v_Wwe)VpXWEE~1JHuWJJpY?*xq9w?gznxWn()*wvlL6qqenSlUPV2+snAc*GO&# zg?EFc_TMHF%l}OaK*NQugJZH6K`8B9OUaXWiTFZTHdrqNy88{Q;>y(K&heOPtjP&O zpcR`XTbIeLZ8rr2WXhvm5brQ+VHS`40IoC<21#EL(NBH|-QtCV-n&vC087BBpDhrp zN^L}xURnsr6SKqRb8c@b6r^BGtf(w#C6mSjE`ITKR9ij9Q-aFhX~NayqUVaRbgLZ5C&`p2*yEH8f+0vjTA|5A4ZZc9%Ep}fU)cnD>XX90ExI0h zQ!jzPc4I&1I%e&CbN1oS#NvU?=jaN;GxrE zdiowGhGG6j_qq_$yu<9&61-){e01>Wv1`OhmoL7}7_#A^-On}W;>B*;>S8M{@2{-M zwP!BMqz@t4&v-h&6>#$w-FeQMdC7n7;HzJgG6Hq`AF*0$M6S*+6FuL&yHX?NR(DzfXF6IG` zSOs`P=+i#=;Qd$6cnsVz^;L-x} zKCus-q`C3v&_l2T@g6BCfjPODQ_{9u7=CSi=l$+3P_ydi270>==|^i6@vm4wZr4oJ zF-K9X(JwY?v~xUG8atWLTe5H4lz<202V3eXPCL$PASaQTK2f)U5Q*J_A~RpeO<61VhL{l29IkDCjyCQ8<=&bh&xNBhKxIr@0;)10J_nvCc+!$M4!FJ z%)!o9I1_0@3|_~XBUaeM0X>sq8R!?Swr>KqQp}uP!;}Wj*=Rht_|6z3fP}X+an6}u z;EA_4JPRNte7%_~a?lGreTa7Qx^JCMHxkZMT9-|Dy%r)kcbNC=7BP?zk%*-SB41S! z311hWi>&RVXUwJ;;zUybm53yg>mUsD-i20RWkN(8+D^UW*U~25ZYi>JwIKWk@8rfh z5m}q6VvszYHiyv=)kc~#_+>*6z(i`kixS2z8z7tyR=FME#hG~f<>vWN7*{zbk zl0Hi$eaFJefbT$Q+1W445Tm=-W4)QVcZ$U)eX_;xG1jg{( z{VeD4Ts2NG>XGe3PAP=%sDm*1oKS{V-$Cm0+RqrwLy7Vq`Lpp#2QJ%sYK7#}^qw#? zMAVl~321;VjwvXTRTinSRZ;n_2r{w19r$z9JNe6VH?_xpa$1lrto}^ZoOmO|2%O?yX2iQS@cKDZ?>M( z@tj%AyBxmqcgPOO$B#+Y_H#xTJ_lrIaTJo>PGUPSW=JFC1EZ&QWmY2s-eQOJ2Sp-x zHS87${f@~C{Js-Vu}nM%zrlf8@k9$e_LXw@fLuOR9`AOU`#V)(ys7>oqqFogrq$`K z>Z7R9_qAlMc4uDBWJw?%ECWb($peq2D>ccVbE#poeZi&gcrLLYerHb$RnTQ@8Tmc8 z#q_ZmW#Z=9Mp3C%5^e1NvLp~cS`;S?>x{rlFuQ8cXAG;h`D2rE- zLpSy@qq$CBjhfv5N<*d4w_18(I4lN3iJp>x@=%|4W(rdm3CE%Xn>-?!LosPFvvQl2 zAcivTW@>;~J6LsqtRoCt#Wd~V=_)^8fXi4Bm1qLpQ5&RAD61S<9oUWQsX4!CN%`I2 z5NUE#a$qZ+ZciFk6$R$lv|QnHP%5=eNBzzgenw%0MFMaV*lYAm=nkF$0cYW4GvO*V za&NSSF!@PU-i__$t6i7{D=>vHJeMREz+iOdVN)`Eu{iD0HJ3NbZqJZ;c0_ur@8{8r zM-&E0IZ@EKs*y;T-(*ELmyf(O;GZyUENhSIWM~P1@lg zr=)C>{U`vh2^W7daf+9> z0Z9v4`#`MyIK!cu))V&22tOkw8wkAv!jqaG<>wis=3o> zCvqdc(>q}JVBATW*1If2L)rTat1^Sz#*<`R>JB&OjI!l>A5#5j%h52XT9tT66rae+ zI0(4Jj|J?Rk;W7~H8lk`?v#-Tqb;FeXz(QX+^-V@FR9zlCrff-ijdywNb6_>xY1X! zs?T{&fTgX-@6^Fdod?~TVL>503#V&2J%GBo>_k~e6}`C=%^n2vcQK-kQ=348I%nIW ztm6tT&k!%jf*7KJS z9<*k^mIpj$73_@bz5DVVV{E}H;}QrQY~{*8kJEM)T<-XyGVPdCXQ3}3I4CGDWv=1S zUH%ybH8J~n;qFOf=Se*YCu!V3sPyuXa}i>~Fx< zIFacYOK#pRnh* zN4Tdh-G_SvI+{yAyTN5nt9#L7tbGWp94 zW%m)QWBDeB@^_p_KN}r-#I{pG@fvy+-HFFl-nc60KA7lU>#(Hg zO-mmD%JcU$^(Ny7#3Y=6j)Kt7u;6Snl|aV8lTy$;@Y{l;tqW; zVGLn5Cezj+Z@ioZOgZ{%ICh=@gLi%t?-$Zwmh>EKEA6?TLCgJ`7}9eXe{6ZdDcEye z(^z9y`2mtn@Drmht&FF!eO|^DC;GGUbxf+HfOupXV4E?p6Y(J3E^`@M{nFLsfxdo6 zbz_H+W+5};p2LVFIMiP9R987Z&O0n#HOPw2pV9Nv2q=iPZ}hk={NbrcO$|u<76i#(l zBSRDCK6xIbKEI{6S84V1EzuUzuu|XR{s>j7ebm_f_MJRSU{oOKco9`D>oaB+DNn#9 zyVk+k&J~Q=dfN!BJ4HP<;nR;JmSRRo^+S2n>47G?Gjeq;iAS8hRRX_D3>6G3Y<+K~ zJ`+m4)1$w7AAHhtrTIQ(+fa<}Ghc7iNh9X5ge%P!ZbQ9Gn)%Gw%7GpHo!}d}JB|03 zIW^Y~0aK{|>x(q-K6paPY*6&(e-4k|~bL z4sn?D;})qOJ1lqQNN6rbvO422`N8cQIgT|?*Wc)+4`AlE9gLXfLoaN{Q1T1sPbB&cN)fbLcn_}_8~BvGLHmsJIBxE_F`hc-#K;*ITR$=J zsK($aKV%H0j(_x+ahmgn(4&PIQYtIg9yAvTeznytP z$@VteDG_RKJEDqQYDqZe@O_bQrK@h};+Ou?$;-YCV)vE{-?_?TS~G4ATgUAgoH(!0 zmHOgf+)myX^JX0W9;w3i=NaAbz6Me2#)*T8*Z)+C5#V=55|kE@)_L%ybmQ&Fzh@JV z6b|cv>Tz^_h`S`C_AfaRP^}qc?8kbK3u1S;qTe3&6kj~xp&gntr0L9vlSvXk!;osc z)>MB-gimBtk(OF{aezrSFk(u9&sj#S49{2IUoA}iO$&Bv&^v}R%dgMd1bZ{9zDGfk zC~76PR1vHe9d6%?fys_wYi0CL%=&O$Q95B`k+RD?kc`WSAj>`4!9Voi-o9Uo zVLBxXjeS6#G7Nm)mxg%vnBr6^&7N!z-sn`ECMdCQGI4;7}uM*-{hk~@ewDN-y@})Po+Rf_NCzD z3%j&Z#$Hj`dup5tFhHv4Mk;oL;!v5vC{dq{duq_lGhP!#hRI52^lK`nIK`g*#%Vzh zrz6vK-s|MfG%KuGkt(Ji11|h6X6(r!-{&sZ?Lm>;LQ31)%wf=I1FX8 z%LK6DRPdc~opmqQ>8|C?;I$+l^!MwqrSI?EMQTvsC8m%Bih?<$!yv#vwY;I*T7}5vZ?b5koN<0 z!-&aiuTFvm1AQrZ%>GL>1$~qmvb^%oFpH;Nft~+&X8x0Z9&pDyN$1uXBcwTL^3a1p z+;>c||BrOMA+t2j4$(CiJ1`eG2x7bUrl?3lJ^`q;r&kE~~ZOgvjTI&h60_x8vV zJMJx~@56SzqZ7{0|HQ@(^J2%w4X(+Z6Z@}T90l5rC-}^7i;7L);vjQ#711pP3S&HB z@TP5fpRhNG-QSV9PW*B^2R}v%Ksm$!r@8OJ;LDuKeGFKe9_LCXZwE9mc`W_#`F%;c zvY$%zbLElEpkzBH%#zYW_zLkSksBW7;4@o@IFgU$K9+WPL3p{w#~1AC(bVO5aNvJh z;=g!5&5B_N30&5)&IV!Wx$zSK*dEv|Gi`S!mgjrDu#@y~q1+b{P0GwGbI)u)ty=3`y_U+O2% zLni#6DsOGttaWo@(lf5oOgN{Snl&u^;M4t_1c~_i% zW6Lk2LjS^Cjf);+;FHZUlrQQN)o`Sg^!Rh&9T?AEAL6+LP$Xma896zSHThz;$%8zn z+X+W56orljoh{mWpYVfo&#Nrbt;IN(*)ch@YT*OBJW}Gk{-sK<;ST&u?MKCaT>od% zkMn{V56i=yuntT9XLq%^Kj{0Hqkc=9 z^}o8F1m9ui_OJ$jetl!hakaVcLaDPi%&pPsY^lL*{I@D{A=!|eMTR736+j{URsPq5 zvp#BFuI11&zj8zbkw1!F_rv|Hox6#vv)G;!m+`;Ss34(h7Qd6q_oc1*Pyk1$Rp~Fm zthvYNCw&W+iw3@Q;h#PtM$P*>O%bP`14Mq%jl^;@1-8qIZ0i5%-&5!&uI;! zOb!_#Yp>2N?>^k8Y$Nz@wPq|{`K;8j0gKfg6F;wQcP@_mZP~*R@Ccy=BYX6 zFwriMsUArCxi(H@hT%-p{Fq6dYZX(j&@0qK@Qn(ghu5qCW`vJX!>UitjXVh3-G|}( zP@{0IVN3^NeL%Bimoc*84zjePL>UO8*OxlSzqzHl{`2eEnDTNQ;;3ki_A2Iv7C;%aPb*DpdO(E*Piu}l99voq zJ?XJw)k1|5!=Lp?YyH%kw~9wn=@>NFQ~iKi5e4;TMvCU2kzHnl`KXm?FEDBCI{klt z|CJw<=)8FbtVUGytLCNM9zJ)kT^?Vc0H%T#N7H$(R%su+{Bv0HlRV}GCu7&j)$<{{ zLe2%x9TB^J(eT>kzgz`S^;bhX{c3Ly??2BiaKZP|?yG)(V$o`IoP2ZHHfADYU)x+b z$Hn;&Zpi~r+s?8xjA`dRe7B2B;L*{B7)_6`<7Z>VPk;KvfA!nhH~-A~3dHuF<^gSv z_Q?|%QGAcb)~YGv9dW5Os{KpCf}I*&rAAJBAx4j9YyZ+s`uRuwmXPZsjdg2UZ%+N> z7;wGo@--7alOK2`Ip?8K#p&<0TaG#ydwI#0ehuqyba`2i_MBN{^BhWpA1?;+53eoc zPh_z&x6+BRCinl7_T|7$>kgSSMExtyeGTGXgaTIaQ}cN1r3WQiaH=uEpMm(dQf` z0ifPj)lB`_F~#VqxrejPC(5ZslECrpKfYIT0WVy-X_5&v6Bfu{1-xi+DBuH z)YJN>8MBs08t#;#IKRjmZ0}|j(rmkiNT-)<__Zz^Svs}um0Q3bqo|L%yriq`7{zuW zL!1o%Wmn9`t>3OSZ!=a5iH}u0=U0m{zBhbsZAEU07nJCKl{s=aBTvu;T#jRU1|PIBf1*dOQ3(pZvU9*{o9-gn#{VEZ*O9y`U} z9Bl3CNd3Yjvxg7w3a2lK_~_h%?&>+RkNe5Bp`V7&Y;;6^X6#LEx@h%lmptaitIYeP z#G5%N7cp7?S7Z4G63-KE2_8Ot{PHX6(}LMQNB?N~jo+)!EM8C`?cw;gBYJGw zVIrBj9TXVuze>A8*Yd`qZ#O4zvQ6cLsQ+?MB=2VfJ=%ukrcA zGs>4tJsAft^iubY5hon>ZNyzvwS_e`K4Tg6TFKsxZJ9Tgc*d~)sVwY3!7L3awnxOV za@-)Ttcto4A(BwZ_Mp$p52(%Rg4RbqW3qFn^nb2FtuF@1+AIR&*#@JllRpg$vrTMd zRi7Rmbm-IZO3|LqsZ&ev)i^tk?E4_z?li|rOmt-wX2jPyzay66lrIE`C$Eq1RRuSX zyiaUPJ%#oSOW^h3Y*~6p4&?S*5;vGQ%R@)^`rb5~#B3dDl|NikBs#K-Q$_Q*Ztbhx z?^{2ISXjLu9nln3QR~rlp54!VkD|9v>GVmYDc4`FEX(PUo6T>|7M{LZc$Qstmld4K zfIr*$Ts&rQpDZ`$V0?V^;cK^l?J`1M*mEZGJH`T;<7@lU!@WmoawOn#&bEh@z2Nfm zqoYkq2X;>cTo!MW*{w2u&p5d4VvFX1>8W64%^!5J6FZtl=9ApsgU(Og#+roGq?dw~ zQ`c*|6$S>+7KghZ-BY>!#2{vcm3VJ}fh%dgXDoVuSE)-DAuMXER=1x7ULh`wu1Qc(GQz*qBe&tR?V}k?ac3{GDs^niMCxcSI_V zKIz+=MtyqCPBMm`{2~f1Oy53B%zaU{*09#sF*I+SY&q+Ckz`ih=2I{v zkKqvOfXQA7vuXTI*k=^CtJ>#hUCFvU=FKe|{L>F3n`=LsV92Y#J+kUVWCl88qbPwl)Xg!G!6L0JOv)=34jC`N46gyoM?jC(1CV*%Dl{rZy)9(Kzn{5OWAN78XKTE`PoYR_B z`o%nEZ>9Q}jH+*UN`CY8J#32|Nr3INornLVDT#$^ZW#Ub8$aEa?68}q2TgAELws079i{|75c0`bKxks|*q%wy zscC5ad5I?XsKxn`*+yLhZi&3(jvaW176^X(PD%okFy-;t$S zdpM@|+c;%wfXnnLXYH=Dsj>3w##GF*+aGt#qjT)XLFZm}{hIG% zHXh~A6buM~L#8*NYa4spBkY_P+F5!%lN6GICoEl*t0zxG&fx98@C5ro0gY0b6M z+L)2+H&zzBJBS(%d!KlS2sDyU%;(andxu$qU?%z1at#x}mxT`e*q&jCP|82GZx2uI5d^HErK^7q4Tx62^D(g|3XhSUX`wA}aVA3u@u-#IgtKHMr4ZiXw%smMQTP|6*kc!cq` zf(>-f@{%2^Wq`PrySa8}0*P3l)D$pM*iwmQz>E8Q9~|^DBT}yZ>$@G$8+AHCnRZHH z(i52i)q1X(5xag)4B4-}9S!wNd=dR@QMM{lcF!*lb5xn=Gr?}l2KCPwHFFBp2X=M3 zz=xtfxhVM_+;#|E|2V#QewTCw)l}8Gd}c!I|96>vsvZg9wh%M4eB1O;@FJ>iS3kkV zt9a#+wS#fc9t`QCc&t$IV<`#jG*WieLm>AiP%&)(g=*7~h~ zi$0;3f(HuTo^9(+3h!@~JiPM0M*5?Lo$v*&ckrQzuSNQ_qwZH3zg{9927d&VIo*uC zmir>GwS%t#h)c;XJmU{3LYo2RtEgzysj_*d9tRG{+Wt_~Ar8CME@Zy{Lh(F|(+-Kx z>4)1-<$7m@v-dGnAhvzIKiyU3fFSp+W^94_*NtJFN_d|y{p4n4Q5-|*LX}|S&@4Bea{NlJCY-Y5qH6(WBfj^1s+F#mSO>e?;+WQ11<31gyKh zQ=2H>szKRHkN5J0DkEw}N}*Q1K(f0;gEte7nvMcWPiu`ZtxKJmAM793Rc_~gzf#$G zeEXOiMS1t_LGSzCsw4oPICA(4@5j=BuUuCt_U*5%G}bnn;1z(#l!E?aZsx4ZQ*Fd| zl<)X|UjN6yya5J*0yf5FUi+f3&UB8#Rh-Ss+Ui#@>!0wHvJN~7`rwbE{mX(QbnS}tYxNPXr*v7Rz%+9} zSw<=)hf!QSaU*uOkkKy5V()AVX(aOP8xSS2`bD5IsW62A?_p-g=(=L9>||L-`y82H!bc_i`_6+0u< z6oR>dA=P1#U-jpbr{nI;PEcfoOc}kR`blXhd+O9z$f`r zm1j~G`SC6S{iCA+Mv%)rKJR+GSQo99$~atfHt(dyU+%F8!to7A-8pAJoYOg8QA^W6 zeSYM?cSKD3+$wK6W9fRisK)MomItK^*(|_%Sa>tFx_2=rr4sCS}N>AEqD4mG&lDEJMwfF!|svr4Lp`0ZBJiMxVwI5r2uAo=FTNZoK}a( zhYNqr5}7{8v^u%JaogSd%0ZsgzK*dF36+W*tLSh2G^wYJ`l=*p`Hq5&ThPxSj_-l@ed)+Yp+_9s0pYl4{gX9)tJYSJFzR#u1p;Hzo{!osu&yM=DBPBI?s2#y3 zom&y&nXmnz_1AQm=7Th@i{B^SPp{o3=g}B!zbqKtmVq^7a3I%vKW!vS#xbbn01gN; z)P~ge%!EZmPaNg_BlD(VU}+BUZySY8x@D*6)v|L*Yb{mu(V9yE)cxGYyd@a$W@G$c z!QwYq64<$fTomS_tq)@Mz;Jtbw%I&+t+D?8e)2*9RbElL7K}wtx z#F!0>fa+>9b~)MSsy!YVZxjk6lh%L{>q7`EkVxPQwU&quDw=5#@h6X0NejUEk987i zQ!6>)QEA<uegr&KX#MCtJzB2|5(96LIT$deJgf;+mvB!+qR<035t-WgYSTmclmlD z$m={WEL_X)Re1aI@?+VT{uHUnLeoDy^5}HwXedKri&5ukZTzI*!XHi>$DLBAAG8Np zai9((TxAs(kGuBzeLSu@G7~&^vlB`tClD^bh;IUZe!ML_AS6LfV$%<|*MH-V91wLvh8PZML18w52M4`hhQuyvSl&FieLGV>Htt z52W&Q|{XS~O`pK6JuYn%=&|Nk?8E2x6pg#?D>D(#KLlHt` z(3sxlBZLgL_JGb6ei`??n<5$+dWhBnIl%Myfs!d9p?tq^`x2Bq4>deli?i;E_lEC{ z;d(J(1^Anm#r4WM-`pSYQHY%6Fb0BctXPALkc0|=X9lW9vD^}Wr(j^ln`qSumnF`M zM~)s9JYhoGC>L`vMe`&W+&-Via>;%KeB@KgHlYpRW;-4<(X_NQX0%V8Hf|;fI^D9s z(6(h-3LGGt7&2CNQTn1B@=%w{ThX$9E6m5cwUMDW$gVhGHbdv9JVmO&gkw!x-(M*h zJs@j~h_~3$%dg~l=K-_nM=Q=!Heh$%)81X5D~&QqAhFuDXphw6N5Uw4JbRyfDKrs* z121!V6SJg3kyOry7kXsaXh#}f-=DjElRV>^K#GWt@4q!ZZlrGb!4Rfg<95KA{+zva z5YXBDJijBWmUihLR;?^7*m@nyRxX(LMCUK}*MCOhj9?<0?t5w4)Gdl(e!f_TSAb&}803oEw- zIq_Y8UHX_~QQjS;6Ya)-f~Y|1XL`d?r2A2&4U&m3zH|@DV}Jo;ASvmPo4eo?D9D*4 zNM&}LP(=ne2SA6{^y;d>IJJ{p&xOxi72OFwYRMChI$ke zcbm5#@02^bmd(u%Y|nSTK(Su_TKT2vO8=XYW9--=BX6QvCqNU8ZoeE@tGNUyw&i>a zHwJY$7oXLQ+W0!jw2rz)WdVXdR&+K4#Y3dAQaRN=1=p5jc97(l9m8U`i z20YdhlcgYwrmDD@(8uGYyAY0M2AwD;qfrji&BOjJB<7>{u6bC@BJ9q>bmMKs*x`j zu=}YJUbiK>srU+-^8m6A>6_s-*xoZ&dsK{nY3Z)~9j0P>;p*Ty1zG?~%O*Yp%O`2@?=>x0Pf< z^2?i7D8qId7UB_yxn&-k*bve1QILb|^t>hM+^N2u9>@Z%ZC2$dsE0?Bj@cOuS{^nO zkX|)LhntjA`dmidl2!D8hGc`n&Lyw2zesknWF3dSReS7!BgeEiGUEgMn2Y? z2nJqxQsyD$@_zUlzL@-hqzoiVVVnw0-<9|YW|-}T#^QVu4tYNqZ$T?wydniTMv#1b zdagl}3I>3Ld?t92`V`0nS2TIpuNoH<;WmNfw)XS##umY^VqIwpV?kyU+nT_OC%}4T zcYDZ4W<_5oy<|S_WP%e%;k^5?Pm;0+xjKPUD+z$7*Bh@+^L8<(A5>P0V#*Ee^(O%# zmJi%c<(Tj>Z=%UE*k}C}r_vh!=FwGo@ws}ge)wE|Udg*U?B>Vmi38AXGKBWYS#ig1 zrKA6zblyJ?yO@%%pKhrKZPku<{IR;-9^em68DWVMq7*-w1ULhE#V|=TB$8Wd}Fm?4kvjF4xnI*)A-9WJNMd>E;z8}NW z(IXyVnTkMy$*m*k<>aXZ;K@jWzGy^$z}(&HB6=>Z7f;|^+`U}lSVMtg_J^Klt$o15Tj#2#8UVf7C)Q9tQl2uw;1P7#`C;Yf{5|v)u}Fq zg+K_wY_yxYnaJ7bmyc(g+@bo~7zslqG7Zt?k231@ImhqPllkLg1#-DJI! zrXoFvlMQ#bfP{y2c0kiME3GqbCh7owGhBuMhA9-ZhB6Bx4)a(+;Yhq_|AU1G7Rx|B z`G6kB(lS$^v>34CV7I~=5S0P_`j~IMN-CEVH)01cxUzl#X2VQg=DJn$xaq%$xc#4I zy7v6g-hXHT{DJcQ$=m&(uFU_g0!L?)0dIqxcr0L3bgRPSdeYfpFMz~X20~S0$HExK`KoEAM2R4V$#CvRQZ76yIQH_;N=`_KJ1Nl&09=jDLKN^ zTTUde{1YAQ&!srnzexiAzdz8$_62S|{5?7x_5+N(`&_$}WJ!8Ci$&D9vJ2lxCjnVO z>7;KfFYd~YN|{xf5MWp^8YG%ZEd^G%E_UGtIc5vE@i5uiov9kywR9`n4t^S8aQgrP zCAEE(<5vMYd&^^#?IC*cUVxotBz&7q8~P%l#V48P1ynzcn8Dn6d~6 z>0LczLMkSj0X208_&!z90tSwsfZr8Pm!HO3A=VD~hT7z0IGt?d4FGs6B5ILOJMb{7 z6Vj&>Jj{CHLVrHQ){9dIE8VBqK`qeyHb zLjv#ZSmrskx%W6fQP$0YG3-a2@t_m((qfwlGzYiaBJD%r z5AIwGUSIX3-^s~T+`*ODbg>a7qxQl*W>_+NT}Yi~E?9fIv39nAsXPF?a;++z$&~;= zt%S!1w*_>%I)D-jAFCpP6Mo)!_rHQ_{SOgeW#^6)ciE~!aDuCvOl7v zfq@fZz%B;hO^i?K)~|;$eQCPacmMk^ejhvgt?91+aBYsowx%n0!rkI6FUzYg2X4?# zR?3{GzJoe(SB^P$0WYVuI75%wqX#IskZ*;^by2s z-W~;)U@#zI_6LS#G`~P90-d0}v}gRF*2(HRqv6^mPruc6$M|) z!Gp>EbZ`(cFKJ~vVDzdR&27&QuML+0cXbdc9n#6czH_89oo@C%`-$Y6*Bm_kH2%#A zr+IgvBaq5uzmkAyw9N+sG%1B}Sr!0YAu zA23aB&0MqeSlPO)e?wa7Ukb{)vu4XG{vbux`}_(0`>z6bsdN#&Q{v6Rw$E?SZ-^>? zkffA?gZW_l^K-8+99c|Mb?!F92)r-%1G3=XY>VeqB-H1oR$o>kPiXt9RYk=18DoPO zZ!Hl_5%KyJVNMeWQxU+p8g<5U0EWvrxF3p;6F&|3BN>x^j%Op{M&#&Qb&`o}hb+Kl zdE--Vo6E252Mlf_7^}|$6FY!d9mFEYp)~8VWw4iK$Ae@Y0i88FRh>uD>b{nYvrL0w z=M}IFx7F{c_POiCs-BoF-q*YqwNC?hTMZ24dE9Bsv&#YdsuXl>!Q;9bmdtJp>4o!v zsEi3UKmpq+df?o)MKj0-JA3D%N*JMf_!_R~G^==+f^Uj1LfEw)zY8jRJK^@dRd-Jj z>V_Z!82UXRDn+i;Fy>|QGoPt^v(K`m64Zb!srnarbsr$Fc0MG01`w`a*p(l5I%Mz} zJ-FaeLoJF%dfZds58BG>AJSIuxQNHaw5~L+i>cwCoc#ll8iX%xc~Cvs(eglY?$R+* zD6-QxmX*4lf&dj3CV`w4UbPVzQt zK~jG&2hi-;Xa(Shc>-9OT7WW_oJ~O&k#mmlP^aGXmIPbjp2=CPoo>w?VXd0Q(zp=f zdxpoHKOwIy2!JQ9tu8p?*jBhEDY%o~XClYf!iWH&SdgETvtgGBc|iSGmo~J_rT8p% z&q6LcLoc@W;1U$#KdZhn13-`dve(8HX|Z%N6kUH``2Y2;=($_-yz$Ntic;#$YbT{{ zQC_)N&$E4WSn`K1nYZH)dODc#DKw+lV`4`rz{`$MTk8fXN`vvLAWXD)zNauSY`ah!J0)Be( zYI&?rdO**W$SW^zB2q`$66Y@%rC!W@JSV8A?W_H1Z@j7>&s$qyP;yjrqyk93UsRqk zKms1V&jAQgOnoGiW0|?ioP}y`%9Tv@IN2vmU*v^k*qw=5|Cq_M`mEGnpcba|*TQ5A z<`Sv=mWu5&rLa(?J#RI)&?Sq8ZUaDgX{M!~xE>pw54`f4dmG1&1nG5*RXMz9X$jIF z0cZnwfEWp|Ui=Lk+@I^I;gD5i`^}kvsmwgBLz{SuvI&;+K>9YB68st7Kl}1V5Q&@l zGq0pcR395hdl8n`ozyhOdj`@M^Zb368JLjqVH` zyZ3kg-hiYtK{N;Hour&w=Y5b*Q(A}$NSU(rgL4FZZX$BF?v_8@8T9nh z54KtR(6IPP#9?uECV;tLmXwSyK!@|09AHC0aDHdLE#g67&3sYDmjvYope_%+xgah; zj0`paM`P*~N!R(3QLg7Wt1pl91M^SqV6~r?(&Z!+6Fk1cU$Ya?bEBDvR2vyT5|))Cj% zI`+-)L&mFUmje}Q=*_0P*s&BFTCz%X5r&WIH0x2lcNBmCPSW(^7v98*MMLLTW9R-< zi~h+03hpQrj5UwEC(BW1&WR?J;0FMRPg73p+1yO^V)t=RgnXo0L%Aw zIWhK$gIoRd>ntdNnc3||yt_Z$OaDVn8|97E&zqYf=W)t zssdLgdJ^&10JSv{z_8XzCyiiygNOwKU>}t$Ak~5akQKPSZ|<3d&`aQEroZT5YldYo z;pW-V)*eez4bg>w!0x32rTxA^A)h70$1lJ7Hg%_oRdGgSX1i&kql@axR>Ewt7%z=Z znEO>g(|2>YBW{|?IXGCr%3fD3nT(?(QvVRUWW)o^bsRj$KeHTY`r?Sr1yy7?kR|r7 zaA1=tYO8!QAq(ScEDAXL08g=leLDxch{O#^*TOy@sq%rtzQvK#R7J$;x-E$R9{KWn z9)v=C&Ki(MMWzmMJNSdd2U(Kq@|y!fApHBjDy#U9<@e?ft}sP*4rD#N3`n^OnguRC z_zb#|?-~2q?1bu5ReJpUs->4t2A`}|WJge@mi)r2SyGHCj?zqs+lT>BUmaxI>_6~- zI83-r*Wd=34oTCSs-FC%yTN7eD5m!6<3HvAZ6G->MlsN*R4KWd&zM!%q{V=QVa?K? zsD%wjv#G&H3P}rq*MJmn&HVU$`q+ioGNE$Yh}n1ZFnn3^ZogjQADVJEge)7y7z${KLf+38nyy6`oy$C|`6aslJ+)|}N;p2@*KSZs)+37=_ zr~0Hl$_o#8*xBB)J29Vm7Nmw)%>+vDbK-yy=i8sl4Ipps`UmeUv(uVFGq>4{k@jQ= z&;(NU2K#X1&LfSmH+&iKa$E>&iV4?ir}eITirnFM+T)(vQi~EAK+)21XMdFW=(F}gZb2SrYS*Pmp|mr zkhKDl9whQn)v?6F!F5a3M}{T3|HX?fI!XtWGx91OGTJ5h`MV1jPC=NiSEoRVMWYth za=&)KPD$o;Jhe^tATI)wyZ{5RRtrG!fITLifgoNAdhh$J%VH|9iP0mOE`6PrmA8xS z4D-Ue*KJ647|4HxKdeoQ9512f{M_wq{gHMyNfOL6Q==Qni09@GF z{&eg3B;WmCjOh;F+k#jS*N=IC1pQXbX%itiE`lrJQMWLnlizUB-+OI`RxhyXE9u+$ zmbK*qU$aKJ$dlK#Y{D(_onc+ZM2i=GuEM4@L~J9O3?v)KR-Ifnr$PYhdzov$xG4aI zNA9B$qRXOh0PU^~(dB+{{4w?cE4^tyJMtjpK8X%;Ujp2AY;Z%zd`a$HCb(=M45bCMG=XD&d|>RKOQf5ll-^Be|EBScte-5qVQKeP<@ zK!EmPG2TjGAdGL(_!l*}2!5*4W{RoP%V5yyDa46`97FPPhJzf6ni{zWX zaJ@Y@A_piq@EU}OudIWM{+RSM3O4Nl-2GgAaaxmL92gZqbBV|qe$hRJWP}tsOf>m^ zNx9s!_AWpzdP7sJ7^L8|S#xp5gVm9TihAB#k?)2pog`y?MZ_+ZLM%(3Qm+Ou;BQZs z=ccCqRcp~&1LF$_EoR9;KHqEl;^p6)_PXV|XHZ+D;m07uqu!8L5*n`+Drpp>%ZzMh zJ5IVyKN!VxQXbJiK%2QPSr@Y!8DAB$tx!8;mf=QTdA^k_FB$BRC|qRua;cdiqGe4K zCP`B?%BA_S>QIH@jS4q24MGF4elp=atN1RU7*Tn(s?LE#}Wz5V&GFXL_^fRyz>3*y2Oy4 z*@`ER+O%_p2sk>xxu6$GWgV$P&rFkG_r1&e5bp=hX8Ts92}?myzJw} zLq!ehzr_rr0R6x@_wL)*5>Mnk(`^4Oi+JGOu=r2NBI3@Ic4DKCE%%EKB*}@nHLfP# z8YJsPKB{S93y4{LHeOtP?@uAZDJGmdY7~DuED9b@Sv=t>$#)5V+l#Q7E$O-l4Tp_F zba)3CU2bOMN$V|?sm3y2gf0Efx8c+FSC`7>Wy&LU=AYG{6`fKvn zF|!M)LaGbx&rZ`$RX0`>;$C_is(PMJ9!*EmmCvVDJU>{Bro zfv<9Ur{HKUc#NgDXmkdPU@|JZm>f?%3MdQcZ@|5Yg{ZA9S(0K^fPJ-$xSN}sp0BTO zzDtu?M_QeGU{WbzZ@=AU87d0|?DG3T-b9S`GPIEhC1EXW)`l^4{cufExdDR9n_x)( z*k)}dehsWiCeB;8;ifhwAHm?yo<3Zt#W)6)T?s;!Y!?$Jj(8ERd!$>wf0c$|5X&Z| z@Of5^8d7wrL(^kt!Wgj<7Ja0KbbC+XqR|H6b0)Cvb=5aKa&otCu9Xol(*wbSn!uVh zq*3C8%vZu?IiL8i4kt&5XGgxifbGt}=ZR;NvNK5j#QS#TP7n6O3%!Y@D1cSC-#eM1 zghX%MxvN`%gk2qR1Nb%wX$2(;w=6OX9+t^C1Wnq$)y^`A*z4H3Z~ZvBE12bcq>`V6 zlz4o^6^TX)c8^5OOGSSl`0w<`_9M7v2X3gZ*DSvYIxZkywm)LjA{f1%Uj}-ptwDRj zaBXq$P*+4XpUR1l@AsVTxtZ_W^P&`=yAWq={P%%>>i+0E2koMWjL4AwEYjIw^7?gG zB*k%=`6r&e6&@z{_&s?j)aYv?-L6TO^?Xv(qj_A<&YEl$8&fPUk-$R9ZCifB>(7Gi zef61>p02l2UPrz;Ou-y_Kl^tL@+`b!cl*O)1IXeZQu7o3bf*7Li@Vqf_i|13Cn@0P*u8b`eU zZ#C_Wg<`@T83Ga0x35Nf=KQ~ILk@n-e~aI!5_9tY!ivZozN-X`Q1^)gzf4ep7~Nx zpS-Q!Flvjh5JM{cMA{9s^^v>XF~${}N|GX39dZWD`ns0PGI+zuHSC0MN8qkf*h&UQ ztA_fXEj7Y6U>KOe*ov;JlYW)0Stm1O4=t_R8@O_0vx(@X>!)M@YVAQ~A^-}ma zWI+Q0OtY9yy|;wGas6~0DnH}K9%FgL_y?bKS>Ow^ez@p*Of(J`KGgftCoUQR)7OWN z_qCFs(EB`_%W?g0Td0MzYYWJUG&Yc7B+Q>+fgqu=`8K3sBo`6)+WPVc96o}C`V$;r ztXQ3J0+KFBs>1iN`tWHqc76tf&4KXnDlq6C{!vxc{jC~OSI)Y*ab!nJi2j1OmN?53 z*J=9)wzt$Q?{Ft5C%!&zkKzwyndkX(lsb|=@zYc8G#U0cY^({UY+Cm5_WU$s&E4PH z>m#Z^DDi||kT~D9bc0r)Lp}Et?Fse^ua788yNh2HyUbI1CBBQhTla9~qontd9?VY9 zLeyxr@2SN1rP1p}KmXUgHDlXUTwVSIVplsFi5vxB%!4&=JmlYyQq{S&0jePd z=HUk7>gw_lyD3JZ;1>Co)_^Gx^GCeJjq#$X2RaLjnU3Ttf=tbJ|=@0vW;mtRCN! zSYL6cZ3Um%s6N#+PO;5=!V7-y>yTXjhc74#!^t_`3kBPyRF;6$8}w$tjp{4nIp;D? zeH2ktd9pcFvIa)GBP4_LR@&p)O;9kCZ>}D>mcS`1ihVy*RreNg0~=F*yz`62LsR;7 zK?*^5^_i~t5p^vCgE)*D|14*lAyT(FGE~`8lhd7f835X?%>8F7DLOKM< zM_PskhkeTLUKI{7Jqg=Ce56soid-s^;DC#yhg!)x+1E0xtUc1NPMuPiku<&Tu|u=4 z_K2z3kCJUOmM70p@T27MdjDxvR6WH}U(JLs1xRF<*#&I%1J9zp%JND=8)X@+}Le)3$wh4|uSh3}?> zWoLBYP5Hc&ntUO^r9 zWu^l%A8%e4!$txP7^rBfoA^upUzyErUNkzBVx&tQ0+g3TpzBhy%iwmkUMB?wqKu-P zxF4XK!SqXM>lZDcMWlPcLG57S#-| zi!smu?Hjy>8o0jg&<_gcncqM1KBlr=S?li) z6Dv=|0^4QIN~*c1N-Spv3L&>fTP@f66;rm?mQq?0J_FP9)araE7z@Mr?i02HYjv=% z=w73B1Nc{IzFNPmkR$8$d4s%5?duB9$a(nDbukY`T3_q+9@6xf%V_cWn8cnZ+%72MHiKkD7N${ z#+@&5neV7ZvXB{ikHI}z;8gw+fV^1g?1DEyreW2kxzCJnqP@!R2tKr9hB)^P_{Ni} zeozaQlZUx20tL z(VF5|=1+Dw)1awP8A)0H=D8ttVblEN(;vFLdj*=(ViYeQ9$e^6n!&Ft(|+^3tih1G z8T*i>My%ZZxaHBdDGY)_cpLe#W%|J-?%s+=^5v5&qDp+ z8fy-%k#A?ik;T^ms&5F&3YeWH#dWc5+3-Jx}&^I?j*on~>6HTEfc3x9CN?RN#C?(7it;;?lLPLy zN}95(xM(=Pcg98ATy-qAkj0n~AehTpGC_0t`3WhKGjU81oKKSvkVE67&PDEJI^_*` z%Sj`qva}<@r}>;ogfn|H;o;#!Ra?;X48<1N7C2-@-!G6SCxc{6nZ9XlkiA4gTqVsr z4KIr;AQOOd)-bSTco_(Zov3}jcq7%HUAmh^IiLVY9#W=w_gXH17U4nYXY7`o&Ufr z<{W|jtV2LupP&+uq>enflW$*psJ~-2^M#tU&V9z0uMByn=GpHp9 zwdv)JZvWxOxQ)N2dIWCF-zYdP%`%=d(2*tD-m$2;6SBK=BJ-ArB7ai%TZsH^3%`S(2aK%gyiO>J&INw%&?()^=xGj<>Sg! z9cM_bts{eC3(8bzp}BJGbJp_4S58N+9NNSeZcAcVr2zjUw@?4OPX^V6N74*CsVp>dAJm6CJ!g406JiG`oxT2!_` zVqj#41B~`E1C?+hv%}A?#vulr$+hIAzB37PZxf&;DukX3s{yN6ke=l$2@%^c?jqWAmfVgJ))w~X zorxp(Vodnrhlo>8w3L+`L)13Q$;HWwTgVSA?lxEey^fIx;LQOR1YV8sI(_@*`_Qg( z8R_6Qd{dpi&#gM?dFHCC$0gg#ge#B3?*#5dvbE4W3HzF&emc7YhTao^!O_Kjz%ZGM z;+(Fe=f_h4y70{n*3uiiQ0O* zJNiwlExjTBEL}+Mc_cm`^5H~p4v?UwqVur6u;fFJmNg|w6{io^3=66mMvtIZhkT)W zT+@)NEst;=GhOcnM(6N4TEV#ajnz%`)augG$m&S(%X_0Lr8jD<=17BE;Q6?t#snlD zjF|BzC~QnMg7~#}A^x)F&r-TY220A|NNiIX996?&*3%rZgda3VfWz}_`{-X4{(5%i zccJ@g8di=$A>BG{p}tP_{C7uWPulJvM73n681Ekrz=qxTMC_Z!>+eqfSOru(#mr+A zAzzgF<5kZGRz4Dwn*!o_fDr)r?qK(6YD;yS)YBm)+~mnmbfDgo;1S^B&OJFbCU9}O z<1AC<<8w!61tz?RLHoD&y7q~f)zy)k^Pu!;&?I!a1&E353rMyuU{Tv3u03z;+R|J2 z>yYPpqU?a(UFzjcEGApxYxtQuLs#g1mvyytpikj)Bpl7_SkFcn$~{fSD83>CONI23 z144Oapfzl98Qhh(00MdC+Y5Bith>D~4(49(se(8!Gra^~328l^m!zxBZ?OJSdFR>1 z7W?bsA+~V(Y*DpUzMF|hPU7w!4?2Hc^mU?c=2y|sm1Bnf-O2V;AA{M|z!6_`-dPrkr zuZ68m_dnOtG5|baGcpxKP7(^bs~aqf)>m!zAIXR7Z@xmlS*MH`ZxP9;gT1H(0^)Fd zkfXc(ihz7`r()Qa`33A;OO5{1$+0x{`=YqTc}-T_AXvJ!eqW;dFxAMl6^4-%@(tcq zJn0TdpbwOPB|S<@Zb)WFoqx?WmQ&s4y{qQws#6BmtIZKlY0k;KIswj3;V;0 zFb=0yyc6b*pBTngiH{Ip?oGbpK#jX#G^Pw%?vmSc+x@+(W;~Z#dg!!)RI5oQLOn`V z3jp54N3a7fm+y6&g9TlO8Aj5`-SH$9LJGqGi*UTN``xdd>EpU}n#nT{7mcYk==Y+B zv)EeoeW0CyyMGIH2c#M+GndXK;j-beTt=Qe$z$E<6cz5U4?}wgHSdQe4eyI#RR@l; zSi_udHPv(Qz75(+7f78q5dxb`$+$}48gfZkyPKJ$Sn1npwe_hiC86`IKi9J#{Y zDqmR>vJ>=XrS9xX)V3CLASQFp-i2DK)ji%O!|*kyd0r7D^<}A%dVX>Q3CFwUm|FVZmZw*ZH}aof;+KP2^s7QkCzaeZd5QOPVGW1B=YuO2P4-&CAseI`k{x@D_ef}&*kYQQ zR5js8*C_2z7iV})4xnmxVf3sZl_dTKP_dsms7$>MCDEMq*PRKofdh%hGatYOfo6_F zi1h@`>8`E;x?_y~mzpQ(Jmp8eP?c*2bQZ&R)HOvuWZvp{-gY=>&LuF7#*TH@Qu`xC zKnXyRxR7>onRJgYirbvi0QQ@Wsrxx0q7~Zqj*f`|Wl#fkUPR1t{g@9%oESZmE!>(1KLaW=ws=RO)1o5&l!}*;S&%2F^kem8 zF%j6@%1G;BZ_?e?3rzfMwta9L%4F(_QE19Xl9TOg{TdQE%BDYVB4si9JZjRc{&RiQ z$%Ix>5D8QVd)Wy5InR?|`Mcc_8~Nf_DCYKOg@f?mxQXyfdNM$$#RvX8EzOJ&6TP^X zfF{kCPAyDK@4U;IGMn!nVVSu0eIV7~xY*^nZwWj$-*KIXhtMaUa*9#d#=u2&hLiuPj$pXDr~WinlAld@NY?lI?&)28`{pBuk4m zw0_#zUVlIW9Y$J1gJ-0D!|%3SV39U&KhL9%58Iv5+&ImSLMjt8c5!t9A)qrX*D=O* zOI4(yyNhbNPVUnUF`32(3$yU&=}s}-Ji}5f&xPopyBRG@KQa140uteKVv5z)!K2!d zMJ%rc*uVhziiEG(g)+^DO%bkD-rZhWuFEfW3B06w@0ntx2JZ&23T+NLL0*@p1U1f$ zFwJ+&=3HwQxj#TcPBaZ|==%nXN+DNy-F6i4Qw~5tLH=^Y=*hDF`!spZ1VYUyICb8S zM`Z2c=xXGvFXgT@c|Xl=(i#?apRG}Jhe3_;xis_5aVsA;-iszb9h<|%A!+(4R(oV* zi&}TLeBS4K7+4YOl$`1up9CU)y2HjufSFJLcz)RwwH{D}3C^pttC-6OHPPO-#S z8!Cvg$Yd)!HfG1#)x*v7;N%xU^%Z(|(?40aRB)$3awo1k2!1(vBy|BxHZzI7ZwGQKw zU6m@3!9+sFu|nd$}zW)bweZXI#~4`<;U8K*Wr=YRTfOoL(EOh*c{w6wSi`05D^F=o3` zH#HHEy4`!7Q%JcatNXiPp%H(5)wdTqXe}2sfXLdZEJQ^asZ+O*z@)QOC01IPTylf8 zVHAiA)R4wi3JEW*lqaN}N!Bt0)chNTf);0m#eY`qZZR2{rRMJg&R{tGS{;VzG^(x~ zA)~dFs4m5&8DhB}XG=2gOFFrxuUsFgAVF)`>yN{HS!rb+^{)&T+=%f9f8=Lo>rSRkzh8Cv5H4mf&qKa z`dDiaZgU5Z+tSxBgJw*-wWc0rAY`0TBu$uIpZaQMWYG~$>X~Qd3gLMiy>&ABVBm&< zyc8DICr1Iok_<08o!PPY%-EU~OE@`kX$07finv7&6dWa5kz*%~cW%2o-fG)0B*TvX zp<+d-xC|$Q0{3OS3$$y0Bv|N?fbdpPknA_aXv4PE12WzD?P}Ssop@s@2h+-xK-#=r z5vRB_GssLU($Ln3<4?}h1OihnB`LCF&uO#VP44_a z$q_b?Io!&(VTc+)0t?oE0FC1NF?+XV2*JDSulMYNYW45Rvx6}U)a{0yq-7B2#1?90 zXLl-XnmF!ua(bF(l~c;{AxW|WNgT=9c%C=i8sO{yqaAK~$)6;DeX2HBA$WOfD?MCyJ&Cd>ok4tS`C+;@Y5 z6x>d8YSa=xx0>rY_;}F-N^_LMhVlTUn06S#E*M;m%z(h(^BMCo5W2r9UM6{ z@P6*c*iG^qQbXbtPJkitZLk+>Iy1q$n7W?fE+w9x*4e+Q&Hq_OmA6{ov|5J$yPpeK z)O!SO)5GBS{A=LAC(?J~tQRUYh^I}_!((a_wp}#^&QWOhBYmIUnZxV}kmiPlfY5c^ zoySZSGNYl#;+a>qo?f7u?IZtAA3m*6*|%$R78d+{;9tByQm-i{P@Z5``1fFA|7VfX z)1X$r-MO7<#XFxl{dny*cwQ}&-4Xz9zFu6gx$crvR<_QWNjT>K_?;HGGa9Nqp_fJ4tjom%$cfqSnml}Qp(mj3> ze<7(K8Fc@yv0+DA*6)J-q5rf^>+Y!6q@B7_{grbgCnjv0J+Q04hwdsjcWo^)l#JaT zCS$k2^eN5iO!N@E{rOJbzN~WC%6ee#IHg2Ih)ab6*)dYpV1SI%$r^=j(SH^6d|`o@ zBZISdzCjmdN)>=0kkA&0Yjfl6jOhB?nOzeDGsK2V_WF$@!tq4>qAE_UBRm{8)Jp<_ zCw}ArinRN5Gjq~FIMW#&166iE@k561LDtLe@O*kx32S!mOw5KPG|tW zyS`67z{j&srg3$3zgfD*`4f?tx&{LT=+@C161M+wI*-F^Z;@DIx!b418i^H_(F%2D zd1SNle)=%+Y_ILDorNiC_H0+d-&Y2_WeyK#MO%rSLD&(S5XJEuj?j)@RPR@}FZ%^k z7kc#iS2aZMX>mK&>mS%rr zTDNOCy2a8}%47vSp~&{#v7&}li_)V(Lv z(CzDfg=0`5*j;V>_TT99zXtF?h!2~|JivJzRm zO_++hv9X(M26N&V%UYWuM%t6K9^N-U@r&0TAmA-5pb9ZtU5p1lIAT@V$+84|J_GMr zWC4)(Hc7;NzYP|>3qEuga%u=}O|ZeQ&%;=Ztf%3AcT z1C6J#gSQDT!(azB)|3ipeR^bUOr6Ar2(&%Bo$O^jI=i0fWjw0lKdrCOK}VB4(&$x}KD$;g zWR}822GzJMRR!NzWdbfxISaT#<*XC{XQnJPaUB#1ja8$U!aHroDAU-+w(y@0gn~5l zR}&X*XNq!NIt8ND|2?kde}#rV8Y~8ZBJEN5Kjdc@m~RC_YSLMog1%j8G#^OvT@cBm zBxHFneD_aS@F-$i-c60=!Fis9AFNH2U(Pt>OaM49Msjd}h`3J`^5^4c5vugMo(lJ*y}~Uf(I);6uZ5>yXcVaXBVFOS1#^PQ$h5zql^I06|Uqqpym@@)-^%*8BbddACbp9n% zLOnZ@Cs%oB^q&TX%RW@-riO=5@+JxP@K}24+o@yq-rp0$Irhq>1~B>P&K~CJMyr}8 zd%M{yebc<~tsHdq;k-+WAfvg%OSM(3tv7ZZlJ)kmb*`&Myb*~EeWlR>$1aAuX2Xhi zx7g>fCr+leW)-B!#ZIun_=K0>7Iz-t9u+CpOVOJ}-S;LOzE-~3eySY-!1&dg%+_S3 z*wF)hUF_IFaf;H&gUEP%%3>uKou|p*&Eu~{m`zl@4n06o06rOkEodDE;aCJh1d)jO z9>h}f5##f$miao)o)X5}6#q>a;D0*}`X5hAJLS#Jrw#4Sb-@g8WPQZ1tvKk1GKxei~6I8v?WQUOuwpK80Ogh zXRuqH{4XH`4uPxL(zKU*4((3Uw<*`iZ0<;E%zu_?#B zUhGliriT0>52g>{R+wl{3)V%O@asrnw?7piu^y}7evqyKE)VG1YF?A=qgeTfL z*wW&F;{oqveeae;ioNoAjM-81Td!$Q|OxU@K06 zH&KS%h7CKxv%ntMr%r1etbAqkKmlj~t8iEdfJy_0f1}qp{<_$6>bqsRJUm9`XLd4p zIh2Iyss9Xy9%C4s|J7{zS4|Ze)0MQN^xxR+Zy5Q$NA4{!)xUrQTcUC(ucT={4ll}4 zetHgihU2Op903{_!EWb21YUmV^w9au`I<8LJp#fY z^$%mb#L-OkstC%H4+K*e)^sP|_W+Q*A+V4?5;seJ#xEy&Q=U{6DdR#o|0-dfgQNns#-_Ob@wABD?;>aF9&b|4v7|kq&{a)NIA?Q) zO{cFwV5vZw6eY9V3(hp|JW9%Do-@K3#jpwiS6=gW%T*~Rl7^dIV)NMv{Mu*h7{R*2 z>>FYOU>mX0JgT*CZ>IfX7W0=g+hY}_fdqY-< zO_eOjrNEK#S{Fryi0(d;PeNLgIkeFmUHN71{~6p!o%2ePqVoVy&hcxM*~2)Yf8_%9 z;-JkIgQvKZq^GEq$6=$_K}=($!OT~{XEJ!$(eCTjK03Rt3pLsEFnL)HJU{?cv@22! zooSAT6zdc$P&nqG$(L!^06XHc+9n@gwp*B85%o(wTiJ?<>D0YIvC(5$w`W!2SQyS_ z@voq~#U|Jw6{D_b|JBlmlGTBEcmX$vXy0hw&)CuJoHsAxrCz*R`xQsn;!?!0GH`H; z2Tw85bmU1~B1|#xOcIMnhfsrP;Z5`0u%DqOuGzm2_Y!kou;&Nln4uKy&>My78wWZc zIpuKCQdA0hHCigpoCBV3={P`;Um|di@a_mleICR75{=}yneL>o98ZWwQ?L8qutep7 z`vHz-T_wlJH$fy)EZh0IhX2YrlRSWG1`Nq{$lZ?pm&%&~!4}sw9b=o5^5hv12L-eJT1jMYxKJtCv1 zwdb`_5KuK>0!{&nm9e@k-y4GZ#FEci_#D^vQ;f#yvd@Z=(SW(GUu>$_yHB{7)9LW` z=J}O-wl^J>H@ON(`tkaHDeQvwf3IizP}mG7o#G`#6~|;f{2C7L8v;r^{)=Id1W0%~}#oQWem|k63xlF@dw5UHgD- zwDmkO+efV>#UCxeM(~a%@r{k+M|>NN08tFzg-pYgC#CK_^)S) z)eDtgh_N9a)mU38c5-TL-LiDk9#ZtM0v5rrvnICLx`RyzL$RatInCJuj9brX2SdOXwtA=|FsQURy6oglh3ma0L5Qb2D>>_@X5(-3 zkH7HAnM3~5@WTIeLI24q=Xx*EH%DV?n;vX%3A!PL-IwkhIHHu^b(JCCk)$%UZrF|D z(j^N|?iVNAi8+cL>8)2s|3F&peRKCJZ>S*_-!KWS;owz3?cJgu+pzM+rJ$ToB0Sqj z(_LYhjztDHpjKk6$l5-3y)C$VX@mZk|Hfk+z52bT1?ADPD}t^{d|PdgJ=il0X9B2~ zN)IE+MrmEZ^xxSL$0ob!%}t>B^(s#c*Hos!y*y*FHrGKccpk(nH4;op$w1bV+vo#X zzSz;=h%Xzq2YH*}xF)O_ouA90%d3~*yZH|-pw8z_6DO?yeQlyPcLANVn;T>msvPl^zYBGkbU@)H_|28vx&f|g~tgez{?#f^96J2xg2N-UX$8L27egz{wh zlW<4j);l1kEz681@F7Teh-tEsZz}PcNH*c(6der=rkTy5QUrt+roGWe$-3aC(nN1i zZQTZ6U5U7MTb_*MLWRDT^yFqZK&kAH&gCF#AySyly+!Yn;P}Ii4iz*ImD5_r z1+2lLBgCfW{oo{9t*bus6*~qdxWblb?BpgBoUC+ZKEV-ZbC0 zMDgW^?MEx?F9W~~ZhC@c8L}$z^hK>q@ zOVa?B8D4`w8y~ok+z$qr=k4b-gC_^`Iwx)Iv0e)cdmyaAy!mksICgY))^c-c1komc zqJ10ug?I^|{BX099b@s??QkxRVW2GObVr|(noI+9b#LBUm*TyA5EF7bOEgOYk0s9f zCZAO@?!2(IH}8ag?_qT3>-ytm8^+gr0Y;o?_S8G~0>|If&E)JEW(Qur%5#u5d~V~T zs9Z+iFLiXh`#3ILNKjo{C*=;D&8?*QiY5Bs@)!ERO6*H5)bQIgz!e_41q$D$q_&Q$ zPISYf4*S>lK#WJ`*m1l1Jy(wg{uw7}3k(c}m0tn(naf(Uj3Ng&ulU`4QH&i1iNG+L zC;Hpq8FAB+EvoK!q&MsX6)7ySrLCiz;ldJeNB~^Hkt1QDj-NL=f&k z!>4!zI`lf2{1&N4b}nMfBvX4vB+(&D9Pk(y9UM?9gP#I4O zu-lk(7MJ&*r6vJynl)^~>iW#n8`d|oDylbUsN2)W{PWNO z5-Qk$X>shN=kV>ZEagH#A?NtyCsuj__C#tE=A*LBK94InBPo_3aoO97ol~m6Jj+m8?3i+h!@WJ3#LmXsX zmkGld>U<~+n*zhfr_0@B$6ncQL#G`st&f!%;%?eFMnafmi>`{-0^2VX*~off*716J z*p1a%A-$N|=`d^-IvYosx+DGGp2&2nOn`4s2N|tQ>K>8zPk6U%FY&i4Z@qv7xvQg3u5CmYFdbhtf0bfgB ziPJ#qPVfiOWK-7`nqRRiB#3utAu&`Jn9 z-tE{dS*BxDK@RRpk9SxSSSBd65OniqPScDAP5M2a=_6^}vY|Oo+E{G{`q6SlnJG}H zNwc}<`B}D}#Ows0)$<{(miAUbMR?^Y$eDEpaz3SnUmE$iajpY~$>%2Z%R9(c-<$NA zswe^sWzeUO8O;-$F5Gh2?1DY^}M+*I54w^I_Df8 zb$?q`{LGmyd4ufl5a*fq!AszmSQL8?XZW9roUPFzBwk?|K>|I7KmIQCi6HNT0^X)o zAc{NRNw5k*pQs!K&u)33REw~l4o^YQpZb@9JNkWh9y~`o52?a7qwyzIC=1{8FKu1a}yZR z7bzXLp@y47ZQDqn)$TJ>t449>e@-B5$ziQrZRAbEsOMFfN@fwmUlmX%Ge zRw5B~m~ynUJ`JS>wtaH-iy|OjDggm|zMt4A#fgJ{`aPeM4GI_%hI(nJCWF&xr=y*I zi~fN2QM~}_$ZcCLVa#>oHT2`an>%xR0{8+qNrNKfm>WLP(kRL$&;VkgqTQ_5)&Dy1 zztbN?$ivQhK%>bO$d=J8wh3V@J~T(i zJrdv>TLCp~jo{MN!@N;oQY|iwo&p~ZJ%M-j5hI5Htz)(V;0H(Vk`owbDc;k3e2a4H%bSY-zv0p%Ll>i!`u)@RE!sPpse~Enl zC2jiu8$nks*Qxp{p8X&FjvPTc-j9W)&JAfQxO~_DYNMS|>Yq|W3wDn;d)_AJc0da- zg?X68Vi~n$$w!XX09S|v_(5#!y2-xPZHSZ-pb?7m$sIuDr~Be7U?fuZXOWpflVy6< zCil-%fEp+k$e%i#N4q~-{cP~))o)W6y)an@d=99Eo@#Re8~0EJ7f0HENFM-MH->m+ zoSFB0RRkUDj5LO&_dZ2@5g8`2%yZ-_@pxB$^XUx$w@agq(5 z(R+Y4B3_~Vng0UF?3<@_GK^pt`*9{Fic$96jx8pqhXIgLdpWwW(5#RfN(*k(=KY)7wD{x!&#(x^l?jM`NC5e(FAey+j zAb%Tx?ub18B#;Rxdfxn(6g@Zo_Z2<=C)^v(G4nr4fc`HOI6<8ObhJGphoxy3w8uV_ znEVvi1tq$KrcaM&Gw`aGO~Gei9f{eSeF~ zN8ChOjQhn0oO%3&FKb`@#j7x-2H{ET((#fa5XKS4gp%`rC3BR0J0A#}w!`y?p~xTFUzyyrrzSI`po{g&M2k#in)0v2n%a z;N2$fQM+-c;$rEoHPc7;ZoH1v4V}%AGxRaTls>#~)VmAr@fwg?9q8jdd8{=qc*ilt zalmocZMCn~b;WB{M9|w>iRfKs)s0G)!5j363H2hfn(MIf59eN5SgO+PTeXx1)p`gz z#r}2LUmfz-6Y_uhUD*2E2fR~X}5cwsfX$p9pFMo$# zCsjv6KLz|;;1-h`27LnH8#`TV%6zS_4Im<;w_%9|wTWT+f;!^9Kbd%5M8CQP&>WMiQkub zknPrWZ0UUdLJ)~iF5|9<)j2EED>>rDZb+{JkXOYu;kji60UrWToU(kxhn5O)>g4?d)cabEmI(*}< z2F=3(uwwXf42c$43mk*TO^VMM#pQ95LuMGOTEn~+O{4{mA~7o34(tPWy<;P)loc3+ zYJa>1QdEmoT|&sZM^s8;2aqD+AOTt{GwNpM+_Jw_3sNLkON5_3GfOC0nv&d>bL>I? za@Ekm`}M3}87d_4E`9hV{e8ufNLq1^WM&{@&-&X<(>swYio5tWP5$3~uMIYDlYGMV zfu+p8n7mATz}!e)gQWE#SChoA7BoT|13v~e32j90?*-uZ!y+7sPYZ})98k-M%>X4v zEGMg{R7d}{XfbUn?p3CqMdqM^2)OM4R1B*;z+;o~)WHGsX&~w?fsJVwl4BK;1ZH2o zA)>}ECWd`#`Uv+WOQ>l0;I06+Z>TIRGM87=Hd4Zggs0TcOzv}f`SJ0sL6+3r3|L|N zH~tFhTD+Uas6OyG1RFghEJ*;>eoB^?YG`JUKEHzK1**qNV*Ef_olE!2Aad@rIkKJK z-YgLW#&iP5SNA~SSZg)AoPYS_Z@oFfelg(qQ3fnj9QbZ|n|F$0SX{e+zWx`Bh^(MS zcDlX`M4wM5mgTGs$~Uq*VWO{iS1;ht6{ShP3{6y{K@P)EK60@{dts%z;QLn}UZ=n=_$~?)IS;zaXm)=I$zc+Z8UufvD83f4 zKw^b!j2oslHwC=mN3vx%Iac?PJzH#Ttz72U#dY_fzyAKKAO5$W0Vl_{iS*1ZwYYR; zr!Oy7@0m5bTgJJR_C2)wCYbNmc8jr8B3lNZ26DAsvsOp`W)Y1`>z|I_sMZo_8uWXD zaw^NF4V)DtrR_pJ*C@v0&i5QvwwCQE$@ih}DvB=k{9|j6x01a5hRP33sy*afv=Ypo0%?mI69&@Rsos9xZRHJa??+g5Uj|*;*e6bT& z)V4e?hP4rg7uQEnY__W<3-1e^kJ$my8N1nPX_^Rp_DkVIe!HBE+cLv=5zFoK;2zSXw&Q@^`uo4m@DzcT*8 zQA1pn*K!rM$ob*(kEinMC>$Ou_V(0PRX)y$NVN?P`Alf$D@0#y2GYlO3RR_ zexh>q`00Uq>oKQ#kwgXW6VKtNhy!0D5mc>g7^vG(Y4twIN`5o-E$v2pL6W*v0j&7( zEiIhMG>h5|co_!WIl2l-`XL8_lbfC!;mH8Hk0B&G3G9gJM~d|2>CuEx?N+$8v(p|t z@Vlos0P^*;`Hm6{*NNJccp}k z>B)}l%u>ut2O*i4eJ{9H5l%exEZHrBb*4P>n1El_z;3wCOlK7 zY(5_AGCed(a|U`YdnTg%F)%LGjW-*Sf^Td|Va_MF*Y!Wd+>M@0-%tK@j&&fe(O z&=hCl_#tU|6~*OAh2p~l{)QdLYIVv{$T15;j1PEo!=~Y?UCY5*0gtoHSXn0*AtW9 zPW0V(W6woV&04M&UhgJpgD8j){$x?1`4xEUsPnef^`c*?g*8mUG6`6FLRhh`(lg&u za6f(L&G^r4)gO1lzSUD8h_94(nNwX$kU{?hqn6)+qK_@)Ft3IULs_VJh~OZ04<_>l zqUY-$kdDP{-1DUNy`A&UExb`l-X};s3Qw^G>*lyi3!dFBb`GBjyRSl)T9Gq{#hKf- zwQK{57?FDz6Q?2BeHHtq0kY#h_W*?kqSk4j!XcIHJ#)v)`VFEO1f@|gZ_`qgK)7u- ziz|9<`6nwGp8~zNXr(FfjqQg*;rZaUd)JwyKFa;L$ja>%pm$UwOwXT6?mYCFFkt@H zC0Q5Vk1fNlYtG@8Un!nbp~spG?X*NFStb*F5YPL_Jp> zJ$@#$siTVK0pv2ZO5W`Zf0JQ$4kH$Sv0wJnWv^8n)?klsBCnglQfOlg5BGGRl$@2H zBoSCS-1N5A3ZlvNXuR}@zR&?%og^AF4_?bLs2mCvxGkX7z13(VUPQmMPzLPbV=@{4t^oY@uiHK@gAr&YRdE( zi9<5o82rE%^Xi#DDS^$S#sUHCD;M7jq>d9h52C;PdWy#TP^d8%<*sFn5#!tJp1+%} zs|*|Q{vJ2l%LRuZ=Q%faH-uo{E|N6i%UbF%^2v?W`tWMs(Lynn4e)U{If;oOZI{*? z2h?hvm2)*ESJuv7fR1VraUM@G9p!mN>GPUhd0#W?Gxb7%opa}brv;4ohSS9lgj|!K z;`Soxl<%5;;N397h&aBa&|)%UlddY>52u>T5xg79yTYRO{=t=V%Uin%_H&yps(GI ztyfn@zmU+8%*6dF06n>w&9iCyQj#+6*>f2hVd@&5buDn*W#wst(RoStzIUG6mg{jv zc^hha{d2vy#yFDJVrCqjzKj>o6vlc^I%#B{5QVs<@_Z&rUAdGk99KmH0-oQ1PpM&4 zv@e>toNAgoX$|#&#VCrh=YF1#rZ!KdiRU`C>?1MkaiqW8G6JqO6eVNx(y*_$UjqB8 z`mlOg#L_!Gl>)L9)y@$gts#&Z~T}p7GjLy zW)Hy(3LN?LKf^3XUNmSbR`$5d__aR}X4@dlFnCtHd zVyShcCAyxWk$CN0D>ctp6S3{SdN@;gV-LnfP}xGz(XfQ*-J|;F&Ov-42a@T^JT|VpJ}TqCD0j2aRPHR=Gb7_0)aCGa2(R%6WJxb8N;Rvj`EWDYU!4r1ET$JA3a#mo&SPr}Bp^ zx&2J@A)|3mQ%q!7Xc;DMxIKh29Hc5uSJZh&r>a2uO&%HkWN&%lvm3+O9i%LDrW>)& z%vCS{XxE}8qf^v~v*HWq=!Cl>t?tjvAV`>%F?uX-Xd}XzGe+aZALqi0-MaSp+L?u} zUe3%4X!}r0G4A`o1L&XQ5x`^ih+i@E!-L#)7JdVp4+meqrCbMY70xZDMxw@=`pm*z z@o56xdyg-40u>eG?Qyn~FWlN9q5GG03v|q97r0L@Kq&$~gs6A`L&e#9=Sp@r={8}U zaN!C{0<}pQUlhk_T5vZU1QqFo%oj8k{lt2v^s}`ThtBO`BtC41{kI|t0CGjn>6Of%O0G63+K_aO#wem0f$Oz=MAI_xCt;q++jky$9(IH z{g#`~+X*51&ml-A#z|vkIzAqDM>hi+CH-;8HO(++caS|wB}4Uv7TEbh<%hR1i^ayQ ztB^QiS-M@6$H7K^Z(i-#uSb=E@pq&jGTv^lkL2;>=%87>6YHw>p?JAz#abeFOw!#= zgdsP>Yt|}JYK>mOd*-Lm8}vClrhOF<#V4c$DU_0RvA&H(H_n3~siqIK`d+X-d-Qxp zR99K#*nHaR9WL&5hI_|at373KWKoD;11n*$bx*S_fj;pJ;14W(^gZoI!~i77k* zQ8RY`kokRq&rN;MYntQ0x`>u(QT7(j9CxE-C=8RtJT>vBcS9|=4jET??jsUA^|?Zn z)=*y=dDztTH|Y%D8Q-hKV}@Hg)tPL(qZ=k_`F@SCB{VCqh3Hb*Bj;w)$=dvl1~MNy zC3Rnlt47hlIc1KTV{Qx=L_X&cu-@uoAHx$dS}n?hixb)0Qzw;Ij8MwMx9J+tRbO?! zGGmrU8xp~s_=0dIBDp?qV3WCK=!Fn9i;QqCSq+PXt9mj_#x6bA;_d?Vi?S(lwW z@nYZa^3TU!f4DH2A^zQeYewB!@4rBUE`S?vPzkKWK3`9!-WB^{b<}(`YwiQ}i2YUFUBBu4~ zEBVj#m0UIM2SUcz(VZ|V#=~ZYWv?5aGVf;z8C>k#)>8?)JHJ1*6s}{JM|tjC>1Ytr-i6#eMX!VRl9FI3s#3nd)G9V3eu46$m^9e8MW_W5_%Y z)5;c}aA!;$%{Ur}Y3dz^=4s}7FdA|mzoc__e=e*TFb zf=y2X{YNx z%9ngOn3}McV2I*)1I!XM=s?>`*4*?IkFr#P@=r&`}h2nh9H zvtEL^p-ygEPR;LMEQw>{c_bi=e3c6H9IsHZs;MJ&dmMdL0>$S>Xn)*D0Xx<6oB!<0 zn;4|5MVCPr=6ng(U2=U_uD_ll^7U#k!ep|SV+yWqz0}K>?YY%Q=lm{@wV-gJ48sYD zBaLUBc)1^i^GuFC7yt=h19pG;geUlLG)>*h8h6z~4-z^jli-7e2AEGG)p1Q~;f&8_ zn%G3EdJ~;ndv)QE>uQ$Xqdp9CL1Au>Bp7XXK`o;A8jABiZ;WseEB!Di&ZFCp^EcYN z-_Is~zRCn$A*Qi}#XP?O4VVkH|Jav26SCVO8o1l>o%@Qz(;wwDUf2hXTr4iN&(jXW z;p9y;;jdK)}Zg3Q65DP~^2p)Q42j-dfkEkTPzZn>Ap!gVNKKrvOmEZNb zUIt&;7jGirdxbgZacYe0vwhq2_}5!Gn_;FN<75bQAw@oRS%z&2y5c z6&5CU1*J1T?T1Oe^p9W`l)EyMMIE?ALHe}K?;aPCNg#8L691KMR@#I>V)GYQ`mV^> zCB9*fQn+`Qf@(O2If2FJyKwvcTj6G}Z}MiS%G{N`&|>}Zy&~{^a<3HAeO~($`AlEK zkCaS%A5;?|f3byx;zIRpf}3t~_>}f6p_hGVZV~~_klPO=U|)DZd;P+HKm*<$Ia?NS z!}@hKT|Aq~Rkw7X>gGf{74y>aumel$=V;l6o*(55 z;)>i5(Fz2jpqD?X@L*aPn|#SJgW`#{fcFacc_B3Rms##Z!iK;+Pd%*~I|DJ>r9CwP zqK(Uogo}*BqW>kk>i_z^`uA#p!LUAIS;fP|PGukKpSKIwFPM2fLBOZSkMaXk09_9yJ0zSlzHP{HLst>hU zSABR^A&E{HEurcx&z-2jZ{)dr<9m-aDahO}N@;AA#K$4;*&%IpYTdt5YeY+GSQJ6% zW-wQ23zu36ots~{Nk(uJWWuPgDcl_Q2RtO$6E!g5ur5u!ewCUY!mFs^r%q?v&tj(z z6II*%?XDLAs`T|Kmz5b7?aaw(^uwlXq-DLwc?7Yd)7{7EPoG_FEiLC}ER53-+#;(2 zA`58}25b8wFLZb>4spT5Da2w6;{;7|G^}yndNGVYzUlCAM-;R6GA@umO7S#5bF7av z8C>sbR6|BW8=-bUyW&*p*7+p|w(exrDQL#L_?*B~SODw(G&Tv*R`XG!7z!QtL_Q}x(_)CnU2-! z=oYUOs)~$@@y@9-bF8Q(>`*Wk^gd{FJD_-x5v{R1lXKx`g8W4ust2#54-4$Lucr-h z0aKgE^09>9oQmWA0-FQNZUA8{y z#P)({j9ikHJ6(W-0@xTlNN54H0Ghaf;vl=HZ?6TGraQwT@*RDcsCNR3?0%oSP$8!s z2Ds#{QK55@_Od-H#CPI8<#&@ES`8`CdPH~Xx@P3L&L)lLnFdP_Pb5m(Na5wW&eGcj zKs2U8?;Wy->!{q{&=nz^37I#2@+)%5ExMB@`s_#_7{W885VfkrSpD?;X(2(ZSCt&o zqZARh8G%a~bIy*<{ivhKt6sO<=9cVxZ$-Gn`td~IXBCyMCoG2F=3sD5OEREu4UZKM z;WH}fyyTX2ZI+hd(zoM07O=}h_YY_;T%dc}WrY|GWJ1fWf#5I`b{yQc~WH*4vQP&_D;{)>ymYKnJkDKRxmZ zE3K0jerpiuqfZyqcI(8xn_y0?f~2D)ZTD-8ubx(vh}+40~KS-$mew-}>AotL67mfhOsN z)+Pb%G7`iGij*=zQfWnNTA|98XyhR3gztyO15$(!i=?hnKb4p&e0CXy3xdw?jvzb^ zF(>g)cpEFW>N<;-e>o~=6JLX`zqv50{yv}Np4QLypxW9>F662P>SG_h_a#wmZXk*z zxSs#zYV8O8&Hl+HngCv7yZXE*l;d4(8s-CiK%f~bRRG0bf6#H+ef`L-mzR^6YAXyc z)z>#5I^-%|LCwR?7(r1Yri{9@l{HC>88b$@AMCv;)>(_L#g=1cNesT-rx&>QW}~IP zy!J@nU zV|WS#mz#D2oZpNy;VqqbBX%e}N*6uxS+X?W^oA7U7nyM0;sD%O3cg{OWkmYDCDdZp z&|TGvT`e)JTG)fsnxxwypL!Puvm8*9J5AF=MG$U6=)x8Ef>9Z3C>*t(*J^kes7%GM z^;m9sF#A!w<5$Y?KIkwjugf#;`U4+&2bK@MFY4_!ac_FU6zYuHa#nV)tiNMhJahr1nSZz=i~K~Zf2CZ)N_vm&{o0{e*STzah2mG(x7vJ;)$ zK*1yM4mJr0!U($9eW|?##zs?COJYw^oL{Dtvu^&m1d?K}2TLRbjwz>Hw1=Oq`CXrn zc04p$<3djfZHS*C#A`KRFeJ{@7w~?52_a zllhi4;<{I_naRM-r7lh!pc4%qNfY|pYjFQN3RpK(j8RBsu4U_=t>%%DHlR&z>% zH?h66DCaL=RRvEUICYc;x&4O036hOHQFmqpew4FO2W`_g($oz~{&j!O`>eLT5rz8@_Esa?;C+sLFp2pV~!Nm=3He0z zeM7StLAxz2#Rc~Z6q|}KlW@)?ye9qjr_UaFUwHgN`z}_S>86FCwD9^~!0z}L1@+SR z;hIK9NqZuVDE&P&ch9Ci@_0Yl*1J9lTMF;>t(s5i;Wz^8W3%r_`{^OjDef$buV}Bu zu6?&2l~ z2Cvg0;CMcLy~Al+@Ntr5FBBs&8!0m{a8NJ$=se0#*6P>xE9SzD-1v}l;;Cs*s6AKx zzKwRzzxdQH=Yw**Gr!Doxwusy6I0=Nk~q(mXj`QF-LgV^LXTDu?g zHIp&BK~?_q8690=sI!PC!!=TT#y{_#@y|5+@bA!OX2Xcr_a+?zQ8ch~zlmj^LmKGv zB_cJ!W!M=O?Rthq<05GPM)-NZesn(5iDhx}WQc)gv>VvNOWljV8kJK3CLJL6_`FC= z=~ViDu}kPOrbFJnUN03Apwsm*l*=!CkVBIrurmq;Un>ZyZRjgD*?Fi(;!WHMU4m1^ zw|Cy*oyUw~gLNZ6lJ~BSKJI+ZmzYbLyI=IrikmT#7Nl`4De4F6{uQLtK zJybLPO{8CPnAz)$T?_~5iK9EN&)>;k)#$Y!CG#7V_x3gR-wh+L@@yysxd*F|4#$hG z?k#40$Ve^;crh-*u-Gh2tlvr5HQ=Qo$AKTs%1z# zSR=dknaa#s+$^@*2?cmBatctxkKHDZe*7x49bi{$y?dvNAtYTqL|vYLYnmX-F_pOO z{nqyBfge7j%7W6NG?Saw)vSJ95=LiN`mql*Y$(PiyP{uakjww>mipwhf-`k~$jwdi zbr}ms46q}gCY(%y6>+{g-z7#&+l~E5t3plO7SA*2xmM= zTL^Ebyq~5KXd$5;Pj4t%-pZ=stIG`!>+9=zOv+{W)_rNzY}{ zcb~ru1aij&^d#zeyjULOj`!SFbH6s(u)mmJ#D#@NV~byT^^Y0n7uxDq%`CVqdy~80 zul>qURT``dh^Ng*Y(sN5u<_p*7Ng^AWc=>C*r+BJ zr>1b=x*dlmlwpny3?1v~Zb#FDZ>>EN!~8nYOu-_1?9`ntA>egkx4F+XHQSU5#dIEP z)Y>64=OPhoaj1uHoz^ARoh|SE2J}xskod)7rORXo(Tc@%&cDz74b+C(V#Ic87JK(P z89E1@xaJ!cbd1MlxRBmg_@4eew*mu?eErfV!_jlE)qc>A#6=i!39lv$i@esR483#x z0wU&Vih+7Ii5gGHuNH=xioN;$YFl2a6pvKzbC;_RwyU{p-8)s6e}sD*A;q;dhk?_rC3b9sHSondj$TD?hTOM`;q8{ zwe3255;~&slYJ)P06KzpjhUhMp7;TH3|a4~81VQSNX32E@C#7!#(qJ!dsrE*k4$Zj z8~yGZ0jwJ)8bAmBwN6U{Pi1_61`7IBry3BJ+TKNa1z;lSTruXZMs}asTDCpn(KIio zFH+PtW__cv06P@jG10Rp`Yg>=XlUyBI1t^Qbt{+zMcgsEa5d)}O@>rqO>Kf(EWkbE zUR83X3-|b(%KfN;JG2O4uxH0SmLv?x?G3zPKrdaq3c(cfh0? z0W0bN#b%p2^)-^GAAmd%Af;^2bVL#ZWP)64h^Z?|>ozA7KeoE!B~z#O-{)^NzRsap zYE&4BaQ9-=+TMM{CQa(z$N0!yO+>#utpu4!B-LBT^y8EZKOP4xjp|n%1S?pt8qOx| zA;}_Fr50KM#)^yR5PNwh~!M&K-mZ%3g;lt?cd-0h|75KDq}I zrsF96gGES8Y<%Gz*efq*B&^u8(i4@=BpW}{jBVJXGtfB7*5Y_lkO+IVH@^R3k>{^ z=uY!UZsg3^yB^ItyP^-aE+2ljL z7nUI0e!STEc#jy03|Jf)NIjC?(wjeFrhB3;2Ufma`2iZ29()D9ws2wIyoF3GISqO< zpWIu3cV{#QoY14<-zr2(2O-I@MRl`xE;UTI^4m-y;yrg39Jl0Wg5g%juf{~z|= z1FEU!Ul+E5h>D_sh!7DGkrDv~krD+J6)A#(q7VTAl`2Rt5fxD>0g)yppcE01-b?5m z0@7=wh7t%ZgtWcyj=ul%zW2N5uJ60&obTN8KkHqt#d2j&W@hi-&dhI~d7fu7!rkSd zl-!9vS8bikqkPgb4UC)j3#{cz)zIuxk`3YRh?bItH{Z}=+Z#y03=Ht~Mf&!+7@u6> z=v{#XJFQt@0Zhh-ocOtWHDVA;T-3-g-O;tYc4UIgx-ixeQU7W#i$C6>` z-|jSK(~jrS{-FqhQi;|TjdPt>FW1!`n2lBhSj6Zjzob8_W0KJ*On|@_U{So>VNku!j%)%EI`B}H0=IjhmSA}_#LF@I1@rSWLXLpDPGis^(4DTD<;9dh zPF78aK3AxEml}7LA1uO_d?&6ndUlHSES~pRk+C3&5v6P!3&GPKj2}C#;*cFmp7%;3 zq#r%JZCldYH+@~l+su8U8}k5gOGSh}a1bl1+gMOiJ+XpyVyK%qIFzghMD{H9>>V;~ z6l`(sXBK)Q zgA;uDdN`7d8vEkMWs2PygNK3z+Qy?(fO zJnTE`i{@)2DDnQ1to@Udf30QCOQS)kEPr$Ll{ZsqjTTCDde&Ipq@d^R6*9Z4srv1n zaPL6sHa7Ugf#9dP?Gx!zcSq`0sK)zrd?fL=5@m4bNo~1nc3j=X2UkGqLGT1xr?hpH zWMV=dGK?4=TXLyG52GN<8YvQj$(&9y*ZE<4@{LJ;+OUqdh#aMYMhqGZ)#5tI4ULj`7Y zn7z;FmjnYyWj`uIEmp3D`Osth%|>6Y7AuU2|0mOqixTAd9${%Z}8`bE9* zy@1S%<4zC@JZ#Ng$#h)i)mAf&$gPLZG=(%`TqerWgnq+OczZ|}KOUGD8DTsn$WIIQ zEqGoP$}as(s!4J0R$3PZ{A}S9zB&ni?=LDt&KmK4cW>eD`^Sy9PE~)s_g%@Sv06(I zJP0noTOASsKB>-@=hpY#kAP<|)CO(x+LM;7g23Kzq`3WNj6wvsS&hoyq5FN)um6LP zW>l$j3?W>hoT)Yagsyrgu$+mYW~I0IBQ`^G`!S?Dg?NBV6hzWju@SG3Zn`CJOq4sQ z$knm#79lRYx+Cq52cjNYn?{zRPBoa&l?#u0=8iq7eSN1t>$Fw8ho$?nx{#hwNxz6_ zN7mdeL%QlX|N8l_U<4D)t=%UMcdys9prfb=1e}go9Gs%RTgSPEdfC-uJN;tXZ9#CO zD7^*Yvk7Y%U2>tUzHL-hqbxQ7;56LlmQdcp7h5{Qc_p=Vbm^JlwB|OuXeJ!?SmYh{ zrL>yhDc46I9mjGlEXIX69f4$Tkuv{p&iZjEXI=;OYJNANrp5l(Q$VWG*ZKs1EhV?Y zi39pRU{~JWJtrch4abPfkl+n6Lx8yF>90-@@T}bx{l;w^OnJV2P2@99a)PKiPB~cK z<^r$x;hXw4$K*B+9W1q|;_^AlCY*lobdplSK3eN$G?;-s^Q~O=FnsLEWDDCT4@f8n zZv>BF{?Kqo-T8fO?Y-97qEA$R_#%jm5Q>_6@NUdWx9kF)uKSn0|`Jx3hynN9=Oj$@3M;w`r|;u84X8u} zs7d{)$oKfed5w=CAC{OrZIR^>Z3Bvn#Xg9Tgo+M%q_1A5je{HOr&3(YS4b_g9=CZS zDnK)mjqk#Jrde?A6Q*w`^0 z25zRUD)?isHXlMQ4BHz^14GHvv^(i7mvElfsjJh-h)TD5IyewEc4xywS>;Ch$=O3R zFR^aIqgs$YlG>s&Cpv0Q2WfZ{qzm|E^mSu(2X>aRn&8h6o+}~(_^646FUk8p(v(Qb zr6D;lAjG9Loy=aMJR|NN9d>8S{>Gx#as@t!i(_FAu^`;iop+y$_jS10+q~p(jMO0aqp`4N}8&t zGk$UHwRa01MR{cK9` zm-e`4JN9}65K+_&f$I!71R_a(hH^tnnB!Izqo-URXZcX79n1mQW#>2A;nKeX6pOMS zqei;koWb_Gv*5LO)ItV{;0GK&!z$EHg{=|)-!z${oxhZfq?hLIqm!jOMNa15;>)B8 zn1GAst50?CiTx@an;(2bKRyD^i5GVK0wHwb&dAvRn5}{*S9j~2GNBx1h7g_ZqxoA> zoP)8Z!O*5}S0C#IX#SGC=~y#Ih?OQ8hCI!p-}Gs*B;tbH_Jq9iww^<%t{9f~A-K-j z3GZ>7Z7mzFGQ~U%*E!Nygrt_tweJTp2&&HX9slwhh31+b`8}y{W@;|E@4nM|^d#J4 z!}qyZ?e0;ZPn=M8V;H{OWcfjJs7ppk^#)Q0ZRG(};^25-rs(`*_ZB&fL9hqm)^yz$ zzQ|`=FJmftp(3zUfni6W$d|_XE^B9Ivk!u6MKN^~jLIV&lSWoUo_zb5|Khdn@m$ z*ws#i`>8~l`vI7td+}U*HmH!YDIr}}F6q$`@VJ%`Zb5)caBd`Myt%%l$nQL!WCqrr zjE+!&-)o!X68(z1l_{zj?W>x|(n=ndxxV+wj2!5!Yz1Ui9eTvt}L(&QnKI$EFT?5AT8`GAM^FRGujCVhg7Rm5f=amOhNUkBX*(MF3_9(dv)5Z zP0qmOt@BT{W+n?~US;RHlJt(pkSXgEX>mO_W9lr6iNL23)AuG=9__@q$97&y*~1aY z`RE2YnXs&bhAn#+XZ^apKHl??S223O)D*(Gd;QfG@MJ>w+m5{QcpbKHLj2maH3eE) zdtKvATl3SnD^84Aaqg+y#@o&4{t-cnewXmva_ zs!~nzjXDQtA{}(^0e+fk*pl2)Ch5NF>Ks}Rmv6i<0C2@pw|dm|mYtYU2WG3MM^MU< z(vM*ehpR~rGVmdLx@s;H^g^CqlV)55*qZ<*O zCr+t2Ieas~A!Jo`gg*F@r|hG;q*E83ARO*@2HL0nJTW;SAFv-g2@U{6W+e>mF zBwD;bgZfvLj8eBz6ef1KS^K_+o%f)^6OTk+RYB%tMID#d2XlF5RT~~hmF6^=5?O_aeFkCs=EJ{f&5+h!R?Yq(rXZjz>_m%ZRsw-6=WK z-(4#LY|h!wys-hRajBgAeDKI1w~6lfyJH@0!)Nsm4(mi7Xz|e*DDomH;ls;UCS%4* zHfL9tzRY#$6^968>ZUP6>r}i2+PLMqRqX9bdL~K&hbK|FK~snf5>=wFQlIyQtXQv^W{Yu=Il=vQAa?DmYlIWRA(-f|iG6l& z@M)`*_%`p=y=`D-CNT5(%u2mTNr zv}UiZrn!@F~lT zWCh814$ZG=|B5KpeLeX`rHcYKDfip=sc(ax(Mhz|2jf26uk0C)zXWIW238io5aU)g zIJ~A7_;kZ$CbJp5RsH+=(;wFAG+F#^T{b`@wfz^iIzTGBofW8b-fjTOSz@$KFG{wB`V=dR*pIi=-Gd_y7XT*Ynrp;FI@ zd{@j>-*eBPM1eeg4>y<<>lUbL)M5{+EV)xwZ+l1{LRh}1Y+J>SG7BXLK2znn)6k{| z0wiI=D|nR+CUB{Oj#O8JAA*O9LMaaA3_o_RRn*jdw50uX+3BZV?ORmF-kLO3Fkcl# zGQs>tl{CgOJ1G2}BJBw?CJx@(z#AI+Kt5OZP~t9QshIL93~TLS*hOc8uN#$f7@HcP z_zM0RakzC7v$|t*`gTxFZ{EttwtjE?+$ol{ks)ek5XLo6FW}dr$&Pvs}L02yrf#^Q=JDSbEquB^! zi^uJ=x=Mb!7;G=asm*J05y+w!!i}}j5f>_! zC*Q6wyoq;Qvv1EOJwp6=4}VxSXAmMKz%|6Qzmw1UR)pGuwrh!#dxH;7675D5X*ul?S+A2tyI!)|h>!-g z5XD(01*IbkV-!jB2))aKzBs2rDXoTGpwu|_gxbF`if=@x(-vx5XP(PkQh4^A@kZ#& z^Ep0gajST*tJIl(?4?k*XhR|3D?%zjC)HKE4P&VNnUmkDQ%Uv&I02vjNQu*{gpikT z^D&RWb+q?dH5!$z>_BH1574%Usq@MDtmI(=d{m7?+&W*u9!OIee9)5r@aWOCWVq*b z_w_OKX?A6@V$up%#z*%dtVYG;DG!KF)2mh|0?s!%cKL(1Xr59PPUcV+Ew+MMuZ4w+ zEs{^)A!GUFR`K43=#%=# zc552^sVV-&V)&~<_zxlVFLyl5zb>SP_P_rRMaT+z%(*Yg#jPQWN4CGjs;uyxv>)udJ9$M&{-qhF0UM!#aWZg2xNlBro zJ@|kRGZkfymH2_+a!2wURm5tt^4_e7QVqqXh#)b1WmI^_%(9My3tqpfk zBE%Td)DFsh}t5~`bfLr$fC;uy|)l@fH`;rg?E^QdbAdHHs0n_-PG1&~tz zV|Ow|ckY86#BM``Z|&Io=8CM{6ANf7gXK)Q>|Q_ngRP}A?spnob_<5m5R$snn6t;E zVNxAsJUNECe#GA7epr<987syoS{u0Bblm)Dd45#ew4cRUZ%EnxfR&;ruE?lf{(8Pn zWibqwuETW?f_@K{V3;=3J> z>htjR!C((De8qCl)1O?GgDi;;==4w2ouA|ScOj9 zG97%E+FBZ$e=Ac#rSntZ(3Z)InPwEI5C|y~aFV_dBBt)y%#*(gN?S ze`mXkivoc|@p{^-ODen=rGfWCe$I=%{ZBJI08gM%I*C(|YxjzM2NTWEKj{pP29k>o zR%pDQgeP;pN7K6-uWRQ_cvoYdJP#GTqw*zb=+k8%FscbUgpDJsr{?if#l>jQAmYpQ z7Ft*-ORUcogkBL=s}~NwWe@qO)&^RgBtTZF`L#G`=wh)5&wARZH6kG+p^rY9_6mDS zw_g?5B75=b=8yp-5I4g9txx|q3FdiJnfGuZ8p9AWxt^O>F7oQ@#H5B~mwLn$yIWyz z0RO1M4fhlKzxPu8eQmIQ5j)|Dhx5gH zU!qPBDz72dk?-znJ(hF+;)*Qx9Hb1=BQzG*4to%LX7Zb#(X$eiMB}NOsqdUuo`^;G zcTZ-9fH3B)#`^46^cf%qnAto11;+4q>`a6wgIwbMS*4ZA-k8(~kd_5X z!abTlJI-3~%QId{M>2Au9V@(q(qg&#Aj737Ox689HO~x0t=FI<6e?%-I_6AP5U@Im z`6e!XxvRkn6`3QXtz4)0d?wT_fI0wd*6}d{7~`J98=CB&cGDQ;Z4z0iwFL-9S(EId zZ9b440ERBQ|8Oj3{vc##04_eqR3ZW#Yxrb0A~^YT4?aRP%NzE}kG%LNGBo%nQq%wc z=RtA8u}oz9)obf#kB7@@9sNTw9$e>lUA((4F}3LI=>9DyUItxDzIo6;e(c9{^(`SH z&rJ1N&OV!+lhRVyvE|)E5xqZ)PF;Ht_3_Vojt{)O{bx}{ZoZR$sb`n`f2k&$t%#Js zTr=u!>Q-kf4~;kFBQZW4mb-a@oLH32jK=QFWLPnk;>IXGt&0jWC}lY3F;;KJg*=~9 z^dO?4#NrE#HhRy5twN>&S!U^6571yln1;j$(sU=Jlc8%~BL5~F~XGE{@SspAN>}Spt zO&7-C3)_YRHxh?IL*{0x#oDl)!IERYQkD~laa*5oyimb+c`UMKk<9UEItR6Jx72B> zemW7gsv)olU_?RLm+}b!?5gXdjO4gy4TH}$8fqy&9{e!U4|*LlSoMcZ!w(OEZGVYV zZMNmDKZE$B>&?Z##QRLfy}!iUC|_9j&!UQZta<-Z53lX6zZBh9`{~M`^(0;SZ`@?) zz*uNk*HFI;xHICqs?KV>3KE5kzwe=LbKXPAA9{4Hv#IJ@sHxeX z9s;|V*;I-(BQyHG@y4hp#k2S-1Q_hm+blGL@(va_2tS0lSWsSaCB5wJfD zjTZTiF5$uB9i=$z?9-ObA^>7tmX*e$`l!=u7^YV=0_EdAWiE7Q!-rvFFYt!lCKYyXkb6k+ z`1h*KeO)2%)fDArA4;UYPDMygx);tO82sKSvw8iZ*GqW~smv`;)LtgI%0eCuojLxeSso2H|66!8{CgwuALUYU@FdgunCAU_ zcjAcwHq4Jt+AsPdj~Vrn2wxcc(`8>uO}gUsu6EA`eo~R&_4&>Wf^l-n@s3kcw5(?z zjF8@UizOf*H{=#Lc`%`GuRA2fXIY1h*smtqlbEOG8PFX1 z$gN++B^1U+eOlvn`a#M5>O5iF7q;rmVlP7d1BCntf#*;AfNe($gq$IWah*{z{QlrhFETzO zW7M0r?oR&#V|FTRm47>qBp-+otFsm$SCnam%^#T@Z)o-zd!t%>&hS`S{#Z`XQ|rvT zla}80A@}>noa8*e?|Ky3j3Opk|1ipwx-yvpqyUznF{LA}ZFDl{qDwR&$0W?{u&!|7 zxjmTzYJ+irXa10z#?_n>iyE;Lv-$1=`iZl-pH>eS_3u_+Tw2 z38=-Ac*HzMDJrTWB9$^hwx{idT@XSi8IPG9$JUtEI9EH#tDe(Ls8l-+K1LAE!fIVY2P}vc*P&x7a&B9RP){q!hy4$9zokYfWml=`JEr` zA><0V2`7Qr{wbujw#K`g-d4|aE{Xa#WnfSfX3VA(y`~3GD~}?q^3068RpRXDS^soUyKW6HJn2_nDOD&- z@yr8HZ|_D`+A;~QL_z*a7!b~Ul7U1=>4vJ56weEG8~An19HJYQq`sf~aqSsKUD+O)fulneQ~RT#-ydH3@D69JNy2585gb38a&82HuSUYE&S zLQ%_ZF)=5wk zD2q%*rN_Dh1S)3Dsslef{;=ZF5@H4#b71*;QFOS9R*_SLwC{TXgPr(LVOIy?@8%`C zG4+CR*Iz2_MP!;-bjsh$G`iO7E3?8o@MN=8w)n_Uv{8ZX6TW%%!(&f2pO9OG*%EGi zH;_u2ukzki`|C@Jbz5#X_kQ!cEm+KD>Xtg5+AHCI_{HfGqk@oc+bP0(NM{-O9@G1` z>xvqt^XfVORDC@j_XcB-b<}Ljx2dPSYTx#a_@627UhbX`SKo6n{K2md(D%P_J>p|j z;rMpz*AMA;IMXgTz-pGYYjx5M_sMLz<5=)i_zwHhf2mIO4i8hXAhQVLv!PFSZ)mg! zmq6%nT%o$kOF?{xZ%*RVN_vEL?ybjMXxWdQIF}rQw(TUyH#VlM*>6t903LU0*=QrG z=BjGbh>wM?u5HlEV1J*DSET&*Mq#k{cWn) z-!`=n)~Ui}nuNO@cg1k*T=FNf%Jy)w+RZan(RFW$tRU21woCjwc>g(X)I)x5_@kem zv+|cOmp*^^uAXmyrT4)xH)P9O@{OsLE4ySC2)HvR!Bwd*J$h;-H*Dr{9}ZBVoPpW+ z=_yn4IgJ#HZ~`hFzyqYFO@$4$Hx=2-d>e#hV1-h75Po^n|9Rtc_hzNTSoalw?5>=L zmB+?WdM!ewKI?P6-_y?F&w#hX?H}T6uhK{qs@0|Qt9)vf%x17C832enC^OhP)5?Ur zK^SHD1%kEme%LLK`wP%}hH7J%`+>EJTK~pApX07CsX#3qoeE_TRHa@$bB^iLIcW&Z zt5fD1$eBy@0D>hAU9jj1>qezQd@DHuX#~~A>`$j4SAzo=GoC0|3+bDM$LbxGo^Co{ z{pqS#@NkvzEweuKhyIUeyu(n1+h_bA&cpSDsSihOeukWqq1$g@z=-_bwiT@w)+oN< z@|t{UxnLH8g#Z%Pd!rj=Uch|jb@dH4Y8;_P=Hq4vNTWix;#L5s-DQcn6x~fFxLO3g z7OPJQ;x->0*o-|DBYpB&G-9Ic0vH>_*b}seHNx8Ku*TOFq!n}6gj&so+T74U&=Tzf z2ZY8h&oJWFT$d1!G&AC=E5=pP#xLvN;hqVcKXIcC0;=VhRx~tu&(UTZSh_+nF5=P| zrWmXHWAYByK1KmbOjlag2GU(vMBxTrI$cMcpRV=x#T>mC);oNIeMiiV3d_rrbvrsa z51jGF(#-pC%1zg6KBJUl+dqae*A^9z{!sj$6C(rsY=?y1$#4BpIQwn?x&naFhgg zpO-@v8XjOxO!dPg@71_wdU!_kCx;*_Jp^;ZFt9#!29d5H1;58Oy{$pquY4-PsbbxI(YD+)bFa&ux+(HNa(aTN!i=- zB1gndzA*az-1Sk>{vf2C2lEeofa7$$#1{ly8uuJ{{aIQGMZP3G93+{W5=XW*oGQFH zGym>u5BujWC35$bo=)?Aj(5v$90>!P!5$>uWJJ;$Q%z*_vX|H>bb}#6Gd*uv8Gq{* z%~xBl1v1xW?rqnAXnc-6Yy{SqG5giVt(!Dm9vA#AH%2 zz~HbBP_I)g1I%Xu^NXGsFK#8Vcx_ZXg?(e+W;&PSpk49knJcz8IZSuI=N+K_`sC4p zwkIzY!Q=c*Bg$Yza2i-}sV@5>uPf`;+lh!I_9xTT$I=GR^&IIe9dRCi^`KDT-VR(M zM+$gFHl$<@bw4gsPjR*8bz+3q(I$(sXqvi5l)i{1ctt+y$hH$t2IH`_W08xN^DMbN zwvMU~@v<&OHA>CA={@XFzgw71AXG%ME(4e18(VVa&BJqS4|3GrR$rak#VJF@FtXG+ z&rS03Y)hB<`JP8@kNk0syR3%_Jysh&BjWzMY&&jeguLGVt2jMt5sUNL$SZ1oySgw(x5{qZLBim1{}onG z7p&Arx&8N4+l@D4EfO5{ALH~d2WRisN9m)SzzTbTC8n_blmqvuVGX*miQ2E2mANkxwgMCzp<{p@7vF zY@iP6Fh{X-h|&fkmY8C5Y>SndHk(n-$xpuq9-Ltr=mpa8C^|6@H<409$^kbJ47&5H zae)DZ&oFTK5HhEU*O&63&JIti>O2aWoD3jp1d5P1{k9T_lQN&V=$B_4qoZoYqR3(( zzMMvvqrV^_=s6Vv=Di?_fd*wLTPYgE4Ci<433bmFe!O(>qC-o|HKrk$cI4Y+Mp0f{ z#KxZ3n_8M@$*iR9R=LXs{u&d+Z4>+P3sEP#=Y_Lqm;2o9;Ia#>TP3bm!@LN`wRdVW}X8Hfo z>)q1~Eb&F&iw@yM6@>LY4f#uvsw{2H|BXtk5Wi?al4xU==KQ{9+{N4r8_=}-f zHW|K*wjbgvJKi(Sy)AiY5uyD~Om`~lQrk|6yyrKReUGE|nn6`3|L0VFgQ-vdNrKi# zRx4V7Yb8Cd2sI72d{BvXZfTsZC;m9k2m85LM~i*aX?CF8S?+0uc4zAb>obtYf{CfC6`3??_%@$1=I;Uu9q4}Nf1AgzXEpwkZ@zbXMf#F@w zl3UZC;kPfpj65d1)kF4QFv%6g~%gGb^Q}o)ks=@aq z-?MogzqDLIeto+Geo1Xxhe4aOUqOh#9ch}{l@o3p+}sX@X5S?;{6@YycJZA)Uac7t z@*S}mErS1U^lb5e|#AZelHljUfADV$+971Ti>?0j|i*H!DM-1ZKBtH3WdCVlRDvP-J zLujhDe;Ggb&6$;+_m=>`3?GE=MQ&_sz!vbG$>su9vw+pbFdbEkUiORGc_oMq=7hlO zJf0uohe-N;yWT19-Nkx#j2loCmI1R1cRwnYKykA4ZZ%wQvrzF47o==7ih3lP-ToD0 zqxv@5rvMdtKk<(*hM_c5z6IyeN*(JlY^(^rWKG0_D1+?=Mfw|^3@@4N{{14@vf4;W3G=Y?WWOgXjlQc_&}d@V zd4}KqfXoB*vnz^%DH9_pYkWF@Y9H8+_L1l>fH(A`vj(x9n-{#}ii+^GApBc0LxPg! zSkYr~u03HBh40KP+}5~`6Mj;d>><|_U^SqotrY^ok~9Fjp;p78rl zo~EwF-+R5fxQM_qu??C2zB;PRv;DFR3=vh?ku^!BpjPm%OlklhmNAILGHXoAH)AlM z^VErXJivp5}68M+u(_4$)_`tEvN zZDu<&HI8F&J{24&yqi|VW~%+1vZYqfYs;NeZyYx8L@3DJs9e~HQr!sX-Ae)?3haXT zo-aD7tH2}cJ^s~Mc8Wt=DpPS?rTgv_2#LQ$df&R`nD2WJX@A7PvgV9t7^+7}U+vf( za=Lo3{28(W*-&9IUA89s1`9yWJCc3c^!k3ryq3ntqqYxeIBO;W`o)-gx;CIE{Ws%> ziktJifNHL(D|@|^f?s>)E?$4VFnJUlMlyoLnda&3a#|bP`}uc^Y5cqrwCQ`!OlZ}A zjuCSUvr?oAWM*TSZK_El+gx5zHe#@*BLr1sCJd48+5*tq;Y7b(NW@9UylfqgF+}~y z1OlwLQnkL(Pm`|oIe zUH06FmQ9qQ;u%EyF`rd9U{SoX#0j%gjt8MgPc8Z*7+u3+czRMi7&S_e9hcp9oMr*P z5R_#PBDswHPX~yT^nx-Iku?s`gGQ|)$o}nL=z(QP8v^3n_AsDxRQEz_Q3%ZB8n#*t zJToGi2Re+&iSD>I5}Et!DYMeD0aa_O*W=REa5}m?#FwLc{&w}@L;)Q3*<#j2^RB9F zMxO@ni;G|P3hfrLWDaeHfvlhV;MrWmYmHm>C@~vRr;ONB2zxk&K7B9tuX#I%?MB_w zz;CP((BNj{%62?#Sm~@+mKPDuy~(zs!M!2py1j!$#}%V*F63r>y}TToj-TYZ#TeOi zqNmvh%DMx*#=&a~83-zPp%0(B(eVK`q;y7=T4z!f;@^MPL#xwd?dl79Aq7LF+?Tpm z)^0cSmRMT^2*mM)pSU9CFrT$CL`1Y!LAQqOlkGhBYqw@ijH^vqV!Cd}9#1M@)q&JJ zdg1zv1NOMzR8SNh-!jyNTGZL^){&84XkT=v*@pN0I?ww-$L7Vk7n~A1z1tKP`mc96 z#&m>crCfSxYPesTIECj9+dJJv=)w2EmTnJ?-5`98OsQsjWqhePI}enU$pgzT1bch} z)(U130O74Fy$#P?-q={ffL^B9$QGUEi{2XH!<7_VLzMt8HawIF#G7o#;s4b4Zj=q`n_jkU3MeR9Q!zg zV6>REtJW{MgEU|T79fjaS$kcY>lidcM79t2p_r!x7r4@|xVkt|IkNw@02@Z0vF z&}!ptH`*bHBn`VMQ%8iBBA)4%?0t|AO8B_-;!Ussl3YGO5M~(BYXsN?gIZE?aUy1P z2}cw?K=(FpbXh^rU$qk{?!bYgiJD&_c4B8D*$Kg7MH$UF#d z^0||}F1?i64AYfSGPyUxdoLM++e3XdZ!E`JG<^>PCllgnd8JWIf4dVdc-?u4c<6~W z$~uU1gz)DstmEgf!wT=6fPu=WHH{9zs*1#~S#ERio^{O4-C4gA`75uk(>I5|d#c|; zuB>C4szgP*QF7wttPKAbFl70#149J}Bq|;2CajJmH@zB2w{ymv4|S8gqWBrkGt8ek zSS7uVp*_I51vHhZS~9OiOk1zwhVEhIb1W>GN4o~ouuZ*8v2<%qXmbvD<^7@eCDb!o zW{e`LP+DN|oF|bt8W0fEnX#m0SzUAr<$q^=DA;%g(D|U}KqIXq8GVznh%QMRr#1?L z7`MjM>8Ul~cLJ+3epZgj?Ks*S7I`h!c!m+4bSQSswF9q+>QaE}l@gWiviI))n(Hm! zI|6FDe8WDPNCANhI1FT|VUY0*pTr}9Yd*Lx&Ny&oEOv_Q@!HB;^T7$>`_-Yx+Q$To zgxeL#8Uyd{;ls{QHN@Qpf7UrNd^OV3W@5LamwTWoXbw?$D+SEvaT|^ToaAxrDdZmL zTJV`LRdVBPx1kiEW5WHRk=8lFQHR&j>uHFTnr?ZrD=%()_tS5Rgcl-hNjgj!p7_Ev zY@VA?l!1P`BKuL(liu^_wB>v)W?cPRRsN@^9g079$<67bZu+I#&XXkL*;9INJ9TW; zh`NrUnV(j+)kj&aD4&51YCPJE0jCb6J*fOR^7-8S=XKc2sNNdn0N1zq+6QL>7%G;J z`vd1nJ760;s*<7W>Sx#+2YwIIag`eZwx=`Sk4V2QAq>Fsz!WfF_U*T2O@r2N{8ECa z_0BR4U5{{|qwC~-5PdaL43+6d{jX&-SY?E!6jZ@>@!UifJePs0OJ0o5jYF`u1Z98nJ1l*Cm1cX6PGT%>ziudcqiJU<_&c-3#bTX+ z4yqCbMi8tK(J$h00?$#9*F8(Hx0p0iWp%~cPlf_>0!=L(><<_mJy3j=K!+`4Q`+uA!;&H@ z#Me5sjjBY*;%Q*@+=zeVejW55aNNJC;6kM%1{dv0Go8 zid(-vzb$dGXZ2!@+RYf~gQ8_e(bM~fSVbi3^7$_wcHx8@e*U}2-_Pamm*M~0kK|MF zSm;)6UO8i%8}WWtkE~k6w!Nsx;5;pgtC7oX{mF@TX_vMpqZ65_bO1J z8I{D|;RXKME6<>BFEfrJfds&M2{C!!N#Zq~nK!0|=Xq%ATsMNkF)6?P6iot35Vd~j znBdDXLAcPz6>4^b!rdFf$GR?Yb_>r=1h9+t`6VCP#x0nCM)0L{rJJsq@!yyKek}j( zUI)G#p1nV$V2b5BKZ+;Qr#jhnop$DOq68*oKW7$91jUdSdAtBSoaig1@Ifc}5aW~J zLXqjlZDEaQ@vEtTGBQ2*7poPh9a}cd-q`EWx(+RIiJLwbs)z68y-$Dkdl}Dk7)~~$ z!ArFs)kr&m=)ml2yNt4oZT=t#w=!2vL&_SReTlNHUEUFJ%vD>-IwI+r6VL`RU~oC^ zg}A0Bse`B0UTVkqtMI&+9_IB>IAzpzfV+(r??mVFubM)58ckh3D8duIJeu(JipI75 z7sw~UFw}4QaMI@#KzTdqq(-hNi^Q7-ZM3pr+Brnm!F-u(8rLC`?k{pNV9wuZbMp^u z!G3**?VcaE4ps^rDwy5Hp_V$v!T?!g(q)~_hGT*jG_=*v(Wz^Nmw&a!0!^6n>-YsF z+1$c{$H_x{ZL{=GM+(wwv3m?|JZsbMo*8emX?Z34lEWlV3w~Yo|^8O&KwoNPQucX{57ThbQ^g86C zLf~INXW{gD;3NP2+_P_F{vVuHh%`mqueNRU%o~hbq%d2IdRgSrx;!=Fu0qf7U!ot;LP!{;M;QNOjU4smC4uQBX1nOg&UbdC@^m5 zXm&v84q{jnuu8}{#8`A7KlYPl`p+HvdfWD^L<+P}UJ(c;Kdv|Jhy_`%Y6sOk^I-?_ z?De9|Tkp$OE<76l9`zfBA^?+pM>F&xZrLB}<$Dqkm$f2#-u0HVQsK&lsXjB?pCc$n z?I>zlkl&GAP)A=y$}gC(I$rXNv-(X=?Vp!b`d^aj`gf=PshP_Em%?Xp4cd#s>)EMa zPSRwLxa+kQa=xgLS3!x^M9P{mPhON{I7E}z?)+%RmZyjpeANBU9Yf1|bXnCB)B`_TrzJO@ z73Z5baP*y>a2jFT_l`Ty=cxN9?iBk~-0;?ag|s^A`1E?V7i&nnhY!wH-IW4fJ$(W; zqQK&f{xL^)z!vxy2tvIozZj++_yJyJS&kV%1fq|AZRqNPc(E*=zWKlWNrwseQ~~NE zsAf)ncU|)2(@`-Aeq_=9t=*J##Qa$4^NZPOJ=RyxYTw*a@%uwdW?OBkH77g&E5FY+ z)BCAkBDOpg-j+f#L_K6=Alk9~j~0HzsNb|-JPb|DxHi zXHH`xY7i!?2l=Z#RohM99y{bb_y+|t^xR^G{herwcWu1~Z>4cv-s)&oc-rINNbr29 zeGtN(A#S9{@sps`_M7{kHWEir|D(M#4~M$l8@MF9ETs~%Z;vE|}iH>2nDJm*~Rd9U}J=bYy~SN?Ea=Dy9` ze)DrL-|y%98NG0B*!j25-*@4ZZr`t{#%BPuL3^Iuk&g6wtc@pb7I2lRGqCgYI;V(a z;0!Eb*9&q|$*`S90A0GJ01`Sj0E|&=^BryfDe=i(on1_nKeCZVnW+b4-6Cik9cZg8 zgBb#&Iv5XFuD~|ULdhN4M1CRDw`yP(4mx!GJDsQtA39b(#8pB|`NWWmiXsx~PF(#l zFOpY##6K0cpU?B^dgJ{RjHjI^Op$n}u9sGJXx-}9z~4gZKu-lN&ESW5k>|Qcr260) zW&0th6WU+G6LG7-a^u6vEU~xeMkJiYeb0LFZ#69fquR>pJs94a9!9$l)`G{(vj_>2 zJcRh=(a#(Ct)FvG?iS!#B}Ed5YB&;s7M`=;YrD?>9P=O}Ans9>f7sM^<|-VCm&F$d zQI4c`Eb87SQjO1Hk`a?s6%K7qA?mVmuo0reod0}W1jFZPe9OCPv)Lo{B z6ko~Js)dx`8n|e@gsrM9u%Fb25)ocO?)9SAmyO^y)+=z|c%8XDt+5s5diw$9m%Ig1 z?ci-ImLff6-FqZU%-XGlwNMs5wS9$I44P>YCz#&)fzWz#)O?PyN-*o7C?V8O_%=v6 z1)c57XtxbJLfIMJ@NyGyKvWLVzu=m}?R)>R+{NtGpoK~}gH|)$Tw*nTJ9iuo&_A!H z&-utdJJ0u@huZ#Rfa8Duf{do}IKnT7i`s;Jv$*p>jlkIHiYC0GCe{0u);m6DoVBgD z*m=HPxY_ath|fJDc}?nI>;}pjMg+>@;IC)<;S+9p>~?GJU))rcdHG|9DXEA>v_^FO z_olrTj*I<(>b-=>G8)xwx92+y8Q`VekrVZ(rzerKbDgNz$nzS!WsFQ3SWPU%20dYa zvpiz)566&(@a@raPaAj_-^0felXTt|RMtXR0M<_G!l|s!70oR>OyMX-qkiL)o3~K& z_~KkT@`#Mw3Bv)QgZtPH0@mqkL?vMoO2mAuSITfY>v(&<(5)@?_V;o@q+@{mouXZH zr;i^k&(jOG6eK3{B(MUQ#yX`gY)>D3mgAE6 zcSNgQJ7q^23Nz`lZ1|a4j%wnJuiVa+lu51@b^Bt!8$!+J);>Qi5M#{O3}cfHr(uA@gQ%Nbrw(61sNT(LmN3qRaglH$!LxjJtHg@RqD3* zkF|Dcl=rJdZNO_2M_%GPh@@=30);lB2mBY963BK@qtuN6*@azC?Sp>_jx?qBX*%Pi zUF)~k*1?9%+|axAJ$32f7uuA&_+bl=jw{kQ4OViSsCJvEwvjYz;qpMiwI=?}kqGif zChY`{$o*>%6emeT3`^|5Mo?swkeYn7e$bww)7?ifG6@4VWexHv#C;psysgkq8gU7b zn-5jv)1WO}OLaaw&oVY#q~!^t*$hV1N4c%^{hC$)K7};2UNPi8`4Dpuje2_Y(2LPR zGtXZ{DreX>9S-vz@>tWSRcHO00Kc=$C5)@o-A5D?qOq75vR$}4EW%S z8H6djikv3#HjzU1v0-vld(8=m(Kj>oE}3k+-y}y&DNf|*9{HZO4Z8q%x%7jT{i4n- z(w1&kmz)#*bqLrbeK+|Hy9r-Ep7K`E0LDemEs)qEDD{08F@C&4^z82V*MDVqGzqI9 zc=u#z7iiwzewrv)9VS!RWI(V9K#>N%8hz-h;)ul4>IWb0 z8VeFz%%X8+*sDUm)OD2o2DQ|aiWV9n^G}yljGE^MVnPj!*Qo{!PS2?THZ*zLPRA>K zYt-~(Nhcv2y)}A-h{6DLW?W?+QQL01=Oe$WX&yd9HibyUe53taj%LyB8&vq#wHc_S zGVk{gP&P;cOXG&K1`|Xn= zepmb2*Kcrxx><=imFGvz;_!lx1fN&6M0cdk4J4HIj>Dh7Q0u%2aDm)~lc1D=-fzwZ z)D`c8Yv7|K&w6(ssjSf}{vOO#6rKYyS$i-06@l9!n zdJeFUkJeb&pB#^TtX33rqNWQQ%9{fs5?$E#F}OYbaviw8-*A1Jj(VL2E3k3M@zFy< z@C@3z)ix$>0`ur46;>cjbo1qaXkos+o^#n(GM981w4u9U!=U#uvGB2;wxF=`!Q*~g#fy@>4(Lo< zzJfi~EKKU!XO;z9Z~Y>ZiCdxb&f%^rQ~F&nACYgp7~W80zQEPb%>W9`+YIU z2zh2Pu#cf;BdezrFfs|N(u!;Wy&ev?I4!txyGfc#jJ>Lvm?>}MB~UOOupFV~q^$`~ z6u$Vg%g^ib^Je(p{gY^#EOn4jMI`@ZUbsnq0zCwZ>Q7B89V_hV@DE>VbbbWern?lf zEc4L1wxM4Evz;r9%y`)Iq2LQ9>s`u6$X@{QCW92c2gXLSJ?Xtl@`sB7>LMWS?1&X3 z9Ne0K_lx?(c&V;yCg5Z|5aNgZGddco*V>^hqCQO-zKYovZ)2yBH*IPsp$|bY!n>A! zIX(3|j;8nbkj!r(oaz1V=dQQScG{EN=1anGyl$PXj)|W^n1$jnZw_XTa`51$^?P+j z$(N{0N=6T5j=*>alq=~+#ALTzwR|{=%icqnOVBe&0z^C|0;P_OfFDz9^SuaJ_=?93 zq*(ztLof4Aj(b(fk6Ao(p??FdvEVfLTuyuf-?a`0==wg}MZ^@YFPv+Z%aMI?o&L74 ztAT&;0OKn7Fucuo+uJUFxY;Y9PyNig+48+e587U?>AdFFz_;~I6;5N@B&zB{WV|Qs zEl!eM@mYS@^0MTCqC!^Sfn25D)`RqFg)~2#e_odVy4ykVYVpX+FFc{^s)s#&;@P%H z9Eub?J~}m8=N`&S^MCSpRlreA$dN_f1A7)vnmK<&k4D17z(qMzsQ`_g_ZjK(#sbVcwI8b6eVNQmrchbqI6o1;CK zCs^HZ=rj=B&Is7qlCO+{y*fzEtaU#fvl4hv&@zP^g?x6HC8t$vWi5|YO`UyetCd<| zLc#t}^;5QK=9)b6?KdFn+gy80o{+^BKfadT+>bIB$ITo|KiEy6ZosrUERvT%_L?A6 zT3eu;3pC$ydaSt8=vx+`l+{99wNcxp8Kr)U7vEb!HLIxYs2hzuapsFK@I=uLZ0zhz zd_RIUR*Q(O(vKALuoi4$?fn=EJy_A8@AKGYccL;ad-0k2-&M60*1T}OFJ>s%slPV{ z=J4G~_AgVl{U5NG|IvE(FXDGLqzBD#SB17e^TA>mYf*h{A(V<26N%n0qVkf?K$O?WMjV>@9yLR0n3#M@dmO-9$iSRL5|=`Ag>6~R%VonS(*X&V2k62 zLCyw#BM(%uJftPV1%BhKAaW|nfQvT2#;FizxYHPO?sy(ZS_1_d7-Jl~TcM6eX|D(~ zXF$o}-9?66E#^F~LBUCD)mLLADmxeo+x&&~DaD2$6&PT$@$U8yZO5_{f1@q~k_#E| zd4h@&?4+;#{ll4Kog1L;L}PNLQ>rZfC=c#-XK%YvGU6$y4 zksp??N4Eqx!`NJQh#27V(uHpcXIIGG%e;Kr@hRYN#6>?q#CRVbwS5io{N9wghZA>= z_6*AjmT;ORdkCvR0lo(DcUT!H?UJ9%Y5!w?qUWm*{`7BA9Mn=79~6Y(=67m{(gYK>5SRhf4}|e zKM#leq-FjYKU#I2>?d?y&W29Hc@F;b`9u-cnq_h!=Y_xetANa|)9g!8~qd#b^ zOe&L%%-p!b;9BTDf5@11e6zAp3%f37FyNwZW+0zveb$mYIqJSSz{3XsMrY1>#IwY}h71hjnhMLx$~-EBE5&dSvY%q1X~S`aY8 z$X?9O|BuE1*79`|y>=ttE1M>BA++-OY;L zmjR38`h7;(@eZBFa?U1*-W-(3mRTdN=ztM;PwGo{W%uAMb3=P=g2`xyY|usrdWR-q z5Y_ksiFV;V?xey?9fp?<1=&yv-6^aUy#;ugg(a>}>NLCb*7)MMH)4hJ(tt2$Ynb!0 zE%%wOx08s096L3)xMYktz;GaAQKc!Y=w&#mMf~+zgOs*0yemENaWKha%RH11Ei%#k zvUEAhVjglKH4rN?N<437x+M1d@tpGyFzWo*|!Z47m zhe#$;?8thcWy+9l=os)KJ#?;r0EXKKN62CgOgpC68U)zBppVGzP~Hpn)dkocRk`l>33!ZXH0=70t%^eJl?@KX&Xv*z#2dw z+=d72AUK3{<$U(ez70^(Jqj7ju9hSr=@3|xhS5$-9T8)iC>~ObJiHuVk8iTGW*fb- zw11;m$az}Wn)0eYM8WiL-n~)Nz2%3CN9@TQLB>eepi_!4Iy9$lxQ+Z0DT>ATnw~4{$)7_d*(=MR3Dk62*dTaX5onie4zN@e!1F+(8QoNo*6wfDRp zgJbNZ`_@u&Hu1`-^^lCQhHr%@;uJOUuO5Fr2?gT(l!@#W?8MEMMGDZ0+76>N(Gf>E nf#)a21`KW&HkvhK+wl~W@~oBMS9v1k-g&S-FTp%5PNPdN= znjk!cfFOmC786l+(>c+G%lssM=OfS#jXnuIxCUa)}e|afm}p*(keNd_ot~hm$?7$y&xrWq0#ha)S$A))SD#rP)El_0jOy+CsqhKD8Hm+<1D<$fo#yd?YyAvHxS4@ z(-@>g9{;B+8u&ZCR`x-p=z(X2ih>~TDU2Nw878e6{|t6IoXYF#QD^+@Nc6dlA3xd$ z34#E!#{gn!qOJmLSi6)2n=HhDA5A<{YdF-J<8?J0dtAdb7+Y0V);8XBD$6v=M~NNz zviJb&1^M5*3opR49**Mk`I&J(`a)csyYau0t{3O$8w^QNI=BtR5Rv?GU}J{!+auHo zXF(RuEh{^s1vlkD`3YXSdHrsKuxvkViu}yYJp}PL-;H0ewyw^h!5Fj%*&}-C_H32) zdOlq+L>(@+^#uYKFLr3iedW6<2-IqVFiBmro`Z7jF$T5ZhVUfI&+7DqmyV+ho(J zyS%)-FKf+XDt~d|WVA%V5UDhrALjPu1EzrI-Rf#xg-Rq2%WGbzU+J%3OU=%P7a_(V zNu)@_k+r8dYj86c7ne5i9WxddR)#ovye;Es`lrYN=2epn>x;MWBH0ul-S6LPwJ9 zxh*TBZ&2lrP60Ow6qlABhL~~k;Xph>_4on)-x&i_Y0l7^ z+^0tmQ&v^IYho-%gouIi()i1v5*v+M;u0|OiLVbk0$5@vY6zL~f5i?0qp@p;O4 zB?CRZorrF$)8UL_U2Ap=^$%c)G=Z@3Rqt@K=U2S{*e0K0Y9diEeQE{PDcbI>C@aIa z0pCGSB30K|KZ%dl?KNs-t{*N`g0GRV8Py~Al~q(u4Z(LJ5Ugm!N!H*+U{lsoP*+`+ z^g|WO)vBwS7>{{b4$FZJ{9RYEmXV(RDlWiqtAiAN{%Q$YAZW7go}Zby+L*}tl2WPN ze#ZcAQZ%=)@Zdb@bX_qoiB_%B0xdUME-J43zIluM>1B58;vS&CWu$?fZaTGQ8f`;^ zkZ?X-X-sr;5f>lGj+Zj3-rL(75_)^S)@{%UQZ)E4h)jL;lg`1Gdri!rKB$Md&^*lW zg@R}^28I-CP`jjXr2@99mv6qhx|-F{cFZ}kAMTzx#JS@?L<0ocPrfF(ucy3oJ zQ6S*r=H7-{Zw0;%J#M35U|?`j1??K)YszZxnI#+DV?P31|B(z(rPqV>mYf%J@w_^~QR78czQF#_$jX|qo`0*KnvSzlZQ`QxRc zY8cC5b7I+i>7fYkeEt_?Afh1>yBH-xjB4$q`~fJCX$JX6YVs3r{2=H5LW2Q2GZ7O;4jcgsFiyAS*WA0*&+?_4Ob{$>LikqVb|qZ*oQ`INmF{{JPy}_|9IJqGu@1;k$bu6MTx!^66e)4 zJv}`}E?y=oPi!Vo?1&fK^rZ;CcS-eLPn#2e02-NcE~U9m8r^b#7RU_~KyEIDB`8G!=j{DBJiUnx}p3+-1vPGyt)CTMh0+(1y~C7$N`(miVFVv`9^PD z#L);Bh9&rkyQ_fIcn`#TlQD><-=KD=V4AjV z*)A_@*}|F+eS-@>`pg2fAf&-$=n0%~<>aI!{Sbyh>{nO_6a`S_1@U6x$}uG|fN|OY z#?J?^HYUvNrbb8H#|&*tS_&e4c+P6dFKU>FYCvQQ8`>tIzzLHmFr(wc4wq33fCXN>{qx7j}FmrE_}_ zKd~<~L|l}Gx5lL>qw%RY9X928Wb>K}cpS*54-22OB9;o|knYN@!ML{fUm4cFfRY=z zHE@-xc7zW38I#a1KW`oL3SmS`XflrWK6wEn*PgkL3088zstyw)_XM)PuQ6z0n~uEO zP~FTQMRnS&q3O2OkgW?#ni%2)3WBGY1;F}s;QTvM&4gCBv~WT0Hrz6yd@o^nAp8$^ zLxcgS9O&k!)Dqh7t6qx)Dax20H_8TeggP=ND=8?Q{vj1r)h-(lwuS)fwQD&5T)FeG zOx}T3V2Q{{pK!5!h6E`77}a`}a@Es~QY9KKepF<{yP@mgMmPwQq3uhH?=KMAL9!{# z;v%bissaD#Ae?kNJ#H5ql4*{*At46aiLAh%+kVE|MWAXFPH8;ESc5ei6Kc4D%)E)Q z48o5cV$&y&myzQEpdh#Xx+vGQQG;{ZA{CpqiP3UVjJ&ql7!=FN%`N%G`KSRTD~qHt zu5}*&ILQW(pi+QY$uQ`^6<*+Lsj7Y^DEhv$)bt4?@-<}mL-XHvgl(QLSK}s!HOr!B zVd;hs_c~g?o_fTI9lCrG6#~9y$MCVm5I^clmDX(cxIF^%IUfZrj9D7i;%cn)57Ax z-?lC@2AMXSP~X=xj@qXcuXYm+bT3wbX3GtSVx;WuejjTVeVZa*Lc%$FN0HdG-)5W< z*kc(?qesTz&k0evrbHPL0%8GQesQfIhbw;s52aq{fj^s6totu;P}-LoMly}21FJ$Z z=!ry!27wDKxnyw+S(=3GUzO4~+m*7|`$}UFH*n0^FnC>BJ)1Xto|qP@v?CL~OgOjU zdjQ8V(F!aGAha^0cH3O-Yw@E>i#i*_(*!UMjVPt`-KLKMCHJdr*(G1OEH@b$x-}|&gp@NY`Vew zy&H$r5T|bt#DWK5O9gTU9=%N?Rxo{8i2$8i6sFqFOlLV~1yCd#=i|Il44mF>my@MS zMJ6UD0SyfeLE&L+t%n~wXyRT(I6x9PU88qo+h{u7Ffb6FDwizyK3CA^CLFadigQz5 ztNyXlOJRH#Nc&)G@F2|F>jKOJ6}ZW@7nk4Z6sl()2!=uBRophs>EN*a0;H>401lP| z=JE*IJ35|a<3IY@jH;eCrZriAv9Wa0h3df)nXI!WSj#k1@nk2CB}uVR!%Lu`G^^an zBY^lAEk>@%{rU4&y;qK^D|yrLF>r!xX&6)JJ~kz=m)0hTLv4ebmJA{dQ%Ip!vvi>E^R5N|>oj|-)p{FI| zzOYk9vDVsB)7~fjCo)NT!0c*@;Mz$Z2;NA8<(4ByvbTJl{a2$?mZ5| zZ9jp=aI4c2@Oy)Z8Z1n15&Fth-t3f*c{B_`*b$Pb@>G9Tm+%eUF{#r@4+pkeN|*Hl zk(;zz9gIaSw*4-Pn#0&~=0`8Z|DzsQp(ueQ_YqFQ*qDminy_YCfw788zh7LI z3s%#mN+nmSvP2r(ajSWr$Lqkzj#)!cv~{xhoITLPu`xOoviRh+>P?VM9I^q8@R>Va zN(-DP8Y(OFZzplSbg>^p$B|V5sWMEYItDKT;JJ>KpDaU53g$18fHbG}^8o@v&cu#A zMk!~x^hBEmk8GFy14JF5H60RqoYqiBIu4h?LF7b@fSlhgkk%> z8v&@MiEto==_7eyHyuBUk+aFi(8!|C%4^m~>WW|lOJl6Hy9&wwDgXP$;EP(NMxzQK zT5JI^h@st?&z3(?o~caH?yt1ZYajY>4$!1-!xN%A%r;R?!#AJaE@>)?XC;c{86fD| zCV;K@r(gi35o8U{UR_<~SCNWqz?ifIB=2~}rZxMgqEudcyqLjWBa!+ zGc=jTzztoP7FgsWcg9p1dVTxsfJ_G{$rPYeEd%4pjMpRBK?`?a+l`l5MIrIwIP6J^ z>HJ1V8R`KE+0FeN-x$hC&+L|pu|f^WSYiQ>28|gMGb%RkAN`J!088QI;>x2!`=+`b z$Gih4`sWuf*Ey__;f0cv{ zo&!OO+TR}TX`m7h1c(7UdW_@HV-z7TU|dYCu6D$6J#tFo=M28PAAXSU(ci<)i-ofb zfP58lVmE8+{-cLY#LXI$Df#}Bc04PyZkLxjc|4C!GGwjwlaR5ovFq-aV@zpzfG&;z zVU8IU`l*m|V_d`Z{&=~5Uk8ZS{l=qLKwk{ukC+XKP*f)SrlR6( zQ#J!_0dHZx!j}F&2Oqdhb-jm_Zb#&mdFthIo+w-eoTuu$_@^Zpj{YAlst1io2+${( zb^qtb|Mx$8;15W93Kij~1VjICZw*S)Pg>XCm9$&%zZCjCY+0fB-bW%5KB@nIS!B6A z=zwwdm*`J5uoVA|@Av&c0Vd}3ZOie0-MV)djn)n@xUk&du8ukW&krFeaswd}1&MyH z{LKVHe6HcQHCen=!>~7aOS|*Ffw7zqyuZ{WzyP*Hx@?o8oS9lbUt3yQI-9gQ|9o}* zU*F6GdI4!BMG?yAtA_(69*k_&!Xl(KNOhsGx9K!pt4ddw?RzIqliF*Qz{;7oNf+Cw zE5TJK`ky2-4)clou+1knV7zotr!tRmt7LSTMzW0LJjv{wN&w&!N!nK1TD0m513 zo^mkMI&Xu|>RHb(-$PHg)JsjeYG~)Sg7!Tom54Z6OYXIfvfUJ_Cb?U)d;4}g%H%&$ zyG@qpKKINU|2r@}=i$KfoO>`Ycl9vz8M|qo+;4`2GRV$<i;xG(di_8~l zI}9x2)LtQKc(ygTu@@t--8OSBNE`(r*QyA8!*D~c<*;R?0A;y!;>gD*{qOQ4?lzI_D%;M(!(5LI)?Yb+ww~t!}8V(jUr@|`rx!YAN(HTwF z24<|l8=?3(IuExF&rVNzdvRw%Hmas?Q{xPelawAmvFo^VhYhec5EOAtP}UNU(94e4 ze##wK2?7xi%xT=|lv+9t`)GorWle3!M86~-IK#)TN^j=`hW8236o@d&v`CZAf7~W7uf!dx})X1QKA^5AY4cW2N z@#@iTG^LeGA(3@YPhSoL!GKL&u#xyA`5V&yBba&(Ms<=LL#*XW5qBKhn~2;%0T*m} zV!WZamyraFWL~i>TAbN2=uBXIFs6#?-?O8SrqFe;IC)6oFiG{s`zmljxl?%qKEWDV zW4u&@Lj`eQBfoyy&CBZ7nli z%_C>8V|tRt0kG9n&8lPJ(|G`%A?sluSurU$O?h0kdf4<@zx`K0dY zU&yFtf+Tj9T<*mZhiI7@0NotBJNjwX&VblT{$sa}x$`{X7k9k&?5RLf*_ziuKk6TR zFIG0;C_~GHG~*kACPI}@pXIAs_2#-QrmsTRf2uR?Av)8o6-8;jgAyP7j@)C=7d4}7 zch@`_%S^1&60JrXgOt_yeVL#e>|cdXxF`L>YFm;hRSUU=m|5bBR{ocoEDqW?^WG_) z^Y!D{*47O1boz6RZAThuaycXlL1PFd)adzNQ912DH>V$U&3c5@Q&XFC?_bnlH9YH+ zXL1`!m~QRALrE?t`k%BL@q+IJ2sv^3@ie4-pKTqG)#E)@RAia#&I~6E@|ThTXNmzn zC+10=1%)Z~VmCz!y0yAq{@ZuVaJr^gTui+ARu(%%jEuw#?bC%(Ap~2b@@h!^IVbb| zbw$|oIh)Jo;`2gT9_O`ZlgUN!&ly9thTRSSt8c>hc(U4YRGnCulBshPOf zk1Fqs*|rwAGyQ-S78qX!Cg|cNrE&Xkyd51r`6x~+5XnUqMsQZnw#H^@CDL7yXzt%Aq2$5sy=0z8 znQ+L(u|}v{#9VV|JUtjm_+FNKK4U zM(y=;S0*dIqW%e0qrsW|Lo_x|sFc~DiiKv{M@I5=vB6*R)akJj8OWHuI6gL2);}=v zw7@?D=Np;eP3y9pmck}%`4?T;p9IRd+a8G{$FyjBtysfjg0o~DnD!+&pfuo(#2>{N z!>2Z`K@SavT5~&5O|T*D;^PStabcSR0$Y(&7)l21pa*Pr}J4we^Z^q~(u4 zG#*%Deok~{59d~vUJAlg;BYY1`#y}7__Xo*ef=a7|mahRg>1a}nI5qA1x1kqH zqv`1bPd3N6&5x9u9Hd`Yg1+l>&3pM$kQaJSx;VXAXyk)8UI<=2S)0+y7%=qzAg{-U z>q=McubN4aeu6Zdp&5wPb0-zZGooSmENb_2Ym{!typo)aE7AisZ*2rjqf9CR0j6Q;@trgIiFQuNM@>HwSnl z(MLiCk~WuJY4Jq|9HYDfEo^Eodv6DpGDiKOqg2pGaKgoKqzH8gD;yHhcN!j7bKKwz z0oiiXm8&B4F{dr8aVEvh9qQDJ;CpGb%~^Yf^hCQX*B{5)dpDjlly`fVA)A2bPr1kU z@{^%fEq3j0_!SGUlW;@L;h2{@6&+r@C+w!Q!b>EHZ6}z<%>Ux-r#ut6AUXQqv+3Fd zn0WO|Ml4VvBaB5aPM2qj=k)Q{kAupIoDX8&Sn0uqoRNHZqAci=Nq@i2sV`8I7oUHM zQDW7f?a-MWDbh5j{-ctHxjE}KN$OB6d4gpq1Xpfa^5c_JzYFLD%Twy=SBei~74{}SBt5K0NLsHnHqGztQI>B&gHQHWBrMNBk`pG&m4Bp#{HEcRCYA6F zT~JY?dL_S5gS2lu(5SiWOBb^_ot^0?2C2}{AcOYKWHH0u67%?P2Kk7;?$y_&dS&33 zBCe&7N&}=GaCo>jk!OiH$TF1!q*JLt=l@`LcllFO(G=DMhi^J{b5}PMMS?)4^#y2$ zHb_i@(sAN{ zXbkhM$v!#=l^autWkhQgNhA;iL9nn*{1W_5?5K6ihb)!fl8z}vhwQGuObN2YNw*&6kkp{fuQlnsYH%v~Ke4-i$^`-UO- zBCh1gmiMRej7{ZKi{^)c4{p$?fw3d1shuq?Yevim#F2N6on zL7ViTA2WEME zEJ~RF2G-hL`aGzlPZ!duF0%eB`Ifl(HLKC}t zcC|E5FjZ1S`3>=CCIK^r=!=5WU_r<7)U+38f-2i@u~G^=Vh=LA{K0VP&w@jY5`Rsoc_WpCUtir`0e8M}lcIp`kEQNvCrSjSDcLI_5u{jkh(Cdr8mi zxKyT5AsoOoFs!Z0s8!Ps``2Z*Lo3^c+}pzZImo$2>z20Fcw9lvl-*X zXI18`0bzNYFdlY8CP5GX;yPD4a=I9VaUK@PA_QG(%Vo7-QH~D@4oFobL5keD8`ZTE zAQJYV#5(ric9`*sY*@U36;P2i)%X@Qdm1!yuS)5!PapY6;IOO*Ch|HZ zivhZq)&{ykI>#6^Z!j|z?amPqJL59`%k?I|oIRWXarhJa2M$piWenWI;gqr%VX82* zHu@x+-+mR}x`PwK{0ljsl*1WE_}b546wF&^NudU3$g^GZ|Fo4U(lR6+dC)Ux#wooG z_MGowt6Fw*qFA?5XgBKMVX<$PR|#tI{)Qn_gYYF z*lEF^qWx5Qba8n%&K%K}c_$j1wABZu!c8_m|8Pc`(eEu2>NVwDhTiZozbRKQvt56* z@;PhA`B(jrX^u%KCu_L*2_5>=a{8yp_i*2ReZ#_>!!mPT4l;K98Rk}-k4{5@N3JCe zQ)w;zN!VZIG318F%}i#MC^fLM4eP#LyxSVz2;p(#y9WQMO(ujV)!4;3(5-NRZnc8- z?e%QTvGq4+ovi=;$WiWh!MzE61FGI(zK|3r6X(mhy&0d`zC%t9q)I8bm%14mAByYgd{BlvM!4E7q0f?@QABFMoWR>cs418%*9AxMZ3*5iQP8TmVj71ZFI3HbDrpQp z8QVUQnJsOLGL)oNDstdo0D~z{vdlA~^Ahv?!~GZzHt$f!TS~i%bCs9CAph3e{V7pp zT0Q9*Ib0c8!2Xu&)xWai0ef&$mgT}CstJO}MznN z{e4oHz| zb|XUd$3tHKLz~$FaQh zT$>pv}mYCT@ zOsj)YB&z`Px*qL6{FKfwyXxwFHrn){&63KI6VSliWcLwtD2cKwmB7=9meheJc#1m` zHLr3|!G6f`Zx@JVVSDm8qQhBclxlLXhMk~rKSqt~LB%X>CYEn4q#xTK_zya5H(>p4 z!Q>LCG~G!RqSuRDmZQyfpvl!CjCwvU-#v9awG`Wori3uVvh6g-#N?Q0->Pa|&4tdh zl!^BC?8fPlMN2iS8eO2J!g#)&%lIzB;vcRK%f#`zzS6#j;iajrR|5T>%w|BL1qneI zPN0hx)oy}X%c0VJzqr~>^I}nS)%G~|=?{wb)=50ULX+m~tg?3NA37Yz<2l-@%>1wG z3G>XBsYkeiN`h*u*Y&zh_P3YV-5Q$Lx3NSsLns1UXa;iPnQYjC#2ge~9M2x#G{v?; zefPTKpEV!n5K!TgcIDAqNzJjWQ(RCm_#%u@GJs>mytPXIUl5WU(WI?M?gSNy{P@Vn z<~9t|Etx}*2}8S!SSFs&eUpDJw=(`;+dEfG@93djeA3u8#w-#a4B8#G4q*)qSg2!*!#$h-3z zC6wr2#t}}oPnXFN#l5g*ix7Q$an!2Nu~DcA%SGt?M}b+b zx-N>e$W>ZJlPtIytI?Co(tY$i=uDg1yXcEc>u!{vuyDrBzmXbqRr@JaABBaOA`WLv zWDecOn!EL(Z7%P}d;5UO>B`an_DQZ_LW(>asg+i(n+?7kqidl2>e;HEt^mysP(bz- zRtrcX2t}f+`=bAexiL?H{!zZ3AyfZ8CzGXt{dw|D(XF9yg5&etEp9{T2rS5k8?sAG zRSxaW?;}VF{KYBJRg_WbTjO$%5zb-`?YNK}&{5JkXH}}aX?XO@hK_Nh26SYU-l^Z4 z|IRj#X$+hG$MKD$fsVV$gDp`?{((NbDmcUVn52<E;mQgx3c5#ULG>w$;2BpJLL#^PsR;LqY^#+%r3 z+^|sHW35A@PW)@ZTU_l2N7T(n0X#8EnxrwXsNS{{rngkv{M)pnmA=W9*i7ixF~;eH zlI(pj5H`Z9@bELPmoh_rI1&gI?$Jhmmh$*vBw^tGX?5sI3%}HpwGm4X^ z-5Af$d!bW&b9&!vb;e|7au#Yzq0PSGk4L=?&+J$P8h;ph(k?bzaiY@wxi~GC8a15^ z;|TiUKM_K8Hg6DYEGt#^l^3PVZ6!M2vj-{q#@x_2%2k#y1z8|bw7VkNgk2(WKv@R} zFBDF;mt(Db2Z(PHXJk6zNW1nXy+SzqBKx6bqJ0myF<``hfc^pMNHEEXxG?^cr4gy9 zT{Uy`d5lYvp)y=>+Uvd}vQUw_6jpv$2?+b#Ftk4rH|~kN${Jn`T;EQ7!n3L*>%_ZQ z7FN7>D|IbEWkq2UB;3L1wBMki4)q9df%-GnM$ zGNmYw(r&O0^tKmGps&LG*bbFU&$krry;4@bWFKdIlt!N+jqWnC^t|h=)z1Oi4byIR zYw!Q5zFVnSQ0jSxhfnnY3UHdK;%>^?_{`5Rb{&cSbgMTBfNPvKnMqN>xfYKS{{AkZ zH1;c3mI9_fbhc|0DPYl!=iA*D=iZv%^A07pn`O2DRfS#L9SJrlm{31b@5FQO37q|? zXoN^}?47X^yWEve$Lo%*LhI*E$8fQojw7RuR)-8N`hzTE@H<2RlPb~mTqIDgprwP3 z$M0?!-NE;Yv7-Bgi8FMw>;3Tp`5i9MASu0-h7`@?62W2)>6%?K0F7x_{f^z6yVCws zZec71TSeDy_amcrngTzY6?4wJQz{t5qW^B1d1lfTi2h!J*ocTXR!d~hk^7@(vc zYf#**Ho1`NK9{camQZ`uxj81(9ICL)RN77yvMjFe9pm|Li2xqb_vLnjgqai*HcaE> z^U=a;H`w)Sj-0@09BmlXm*exAW8!u!#l99QDt|xP0c=fHYHe@YZ`E^#MM_9q1ZaZg z70G2|n^}?K7(fGcRexf_0j&)sP}OQdW2N*?Lr_=^p4(D7RnA%xOe*Kb460Z;GAaF(qN zKLG%nii5v3FUk)Cl46F&^xR|>O^iK+hL*QQj9{Ivz)Vs06XifgxreqI0K_~J*A4B( zJ!{+4eaGjM{xMm6Sds-TSX6;PCd#hn2JWDe&ws;G`+(RjR2F52nNFDF~qdI#eB_9@srP|b5| z&~NU~Laa|&YDgVa&yPi6esYh=V+5z_546$z=@;nu#l&h%MgMSGri&~5>HNLWXNL-_ zKS|Ozr=i48CJ4^KA zRy~W}E5S7c&bBLd7qa*LFG{KU(k{#c7)uTaL?WoE0x!bxbfgCRT4N$UWR;*y_)Y ze-7;Pbq#XNzQ4YNBl)dDQRTOkfcyNqBVu=$I+_PGnjOyScbv0fY}n{kk`(#nPEbd@V-Pm{dkjL}P< zX|tcwx(c1+I2=#|fx_5@whc;1Y9XY&_UIzR%2p&G7pB9bTSWFq&xr6E$#Vky5FO5n zkhS(;Aqcn=cfVP9O3@AGH&{OBGwAly#xFNQxk6SQhtw0UECNsDTD;E=YKDq}FP~bT zR~TlYj~Y{SgOMij&oUjyF1rKuadJ>KZI2Z{n%mff$cE}bRZn=pG=cTMJls}&`Cb3! z1ABMW$^Cp<`;>J|Afyc?s=zx$=CxI?xS?YQUUTgk%&^K7#MWGe4@CJgajWy?tb<~e z&AH?Hq~whY^VKO0Jn{f8Kn-2VIL>srD!D*MD?H!Qhnv^_ytjGdC8aiv*5*BoY=sst zYmm~Php6xmim5$xd&m2~oAjmg23%-uG?)$$TzeR}xT*jjtYld{%`=~^j zU8KM*=G*!`zu|ZntF_w~$h@z0a*m%#xS>l>1wMRU()+OZLgIZva~appH0nhA*$i=WoD z(GNZg=$3C={P$+Os0Eo})fO&#g+j;!an`ZV%=2g*!Z#q&)EDXA0CMtc&*LbPfcZfZQ2?N}T_?%VlCdnMB^ zMu}_f?m(Rwf#O@uyDr{<#vvWgkB~&5^2+ucQ5AFI;5cMhs@?Oj7kPYjGGrnYIKTzk zIqmv#ssd?3dNm3n182>e(XS-cWA2f+`KWw(2Z~he=cKes*3Wg!}xr%RSL^a&k z@z@h@d3n^_ENAI7Ht3K@_53<8N_|7Nzeb5jmJT_1swV4U|Sz@b^YtTI4+) z!&C@;>--mUeZIfn0iEFrUj28kf};b;BKQJj)jFSiF?V8`>H0Q$!1u6dsMzCcB7jUo z^bc+yG?ew=*>ksft;n|pt={N>#s6~TI56!`wT>8ZGhMY(r@DOvq$wC?UdKcUMJ5FiBW#Y?0oJEV_QPxDaWTrD@$Lp14Ph&x(;YUwt5?&GujkBLB zG5iR`0sU!cf=&qap3OXigv|lyf8d}%@q$IvNoBY#N-pvai_F)ineKr(rQvb)uGiDM z$3p@^3M3fy{@uL&WF}^GeUsahLXasa?fudTJ?bs48$OFtZm&gsn{k34W>xzH?v`imj|Ew&@Njru*AeUhcrPOH z4<|K47yA*mzy9WnT17(CV;heN#eRsHz|={ACWflHGTC9fdv7IjD6zen3{Ls4$NWNk;Drk) zOxsSR*MIlEZSZq{rc?Nav20nq2$+RzjaCd?XGj$7>x?e1&otixuN8$RTT$wLg*@Iw zTWrR1vd-fuZQA~sT)en$@P^~#GCcG|h5kkDCfeyoTECxs(!V}in^C91Kv3_p;^nN? zMk-+Lm?3jD`~Bsvf1|IpFI0FRnXeC6Vz~V`ds?sO-$SfdN28hPw3^Ize z6}%qcrPy?o)fmPvWLJ3H8n`EX zXM4U3C6Ue#T4>oFO%@Svz+f$|-VF9=vAya%ghuQ@PZ-L>K?!{Qa2M!Ftq?fetmq{5 zH#ZUP_ud+JDC+u4k2Hjc8mq~I!5s@mhy3SdTykUMDp%=-hMt6hXa$2|5lK@2>IH-~S+$Y?(ixM}qIO&aPnpgr_4eXt=q&^*X z1Y&%=&LGqNG}#oz$`aYyR>Kd=Giv=s_EB6th~SKtu*J)|*hGx#u_6^VdzaL06wCV*u@%k9`(O4Gvb zG0++*1Uga2+WojaBhu}pAw%s@c=N9ZrK%o`t>I-L8tv=3zx1Vw#A<_WcehP7Tm6`+ z2*f8a$n>uKOns*OMX*f=`4aQmHIjB&gd-JCv^p_O9zmle3x=oKF6T!#xH*_X5E}bF z4`*;o9bgkdgI|G!32oYUOIWX7$Ie}|(-v;(-GQ4c8H2sGzIK-X4p%cK={^GD50g?x zEuBjA;i`O~r0V5MYjN3qG&y02w66X~79UxO+;KFZ{eW%_w@~$Gw_VG<$Nb9<5u@sk z`n%Bq@p0Zl#HWz8jBb{XfLnQT4hZ4)RI^H@Q>*^7E}u72Sj`%O(@jM&W%Ax+Ks*0$C#d+(NKt>rheFWK!iW)? z;bSWB5cR(VmgE=Jha7)d)ZXx@g*agzPjlvO5`_#UVq6lWbbOvvmTHbe(p`6F5fK2& zZh$0#svKOW=UFFx@h48SEr?159q3QE(7}Btx^WUX-3$~{F7QT@kIIn!%ALdf=v{L= z#`O~*FfwdcJu#Ge&i#o{CS+stGu|D*gwFH1_nCrL7^;H1-=0VmLRfqwQ2$3Nnq~Ul zGA69XQ_-$rFr&084QrXB4eB|hl0^ZgiS4s}B(A>|`V_VI1hgTz-T-Ov0V?qt&JNr5D>%c?!S+7PIFdXbSP3g!rs0J3*xi^3wA0KLo3l6=rem(!`I;!8=#*x8yF zGDH_D#kbsdKSDMHcwGGkbnFo&c0Jz;ZG@xKD!=Dn znM%4cueg16z2YjGK`M8f{LQ=4>V=x3>TjWV-P{!4wBX&ONf4>pW#tv{B2_|q763ZD zRXDt4&PO@O;K5?sHQfp5#Fjyl<`DEh*#0NdIdz|n>;^%sn-tU&%A>%zYWXPQVeC_H%410Xv=X_uIro10^!e!d?!6Q;1^-dtR?E$Cz1LrMFWQAu zRC}1vsDoJJHOvSl;sV{V)UZ`)tetanv;#A-D}dPI`6^0S=Uqytb{=EF&C{V(&D>$y zz`JjK^6+Kf?DOR~9JSoI9)DN+vd|v3-Q03*#^3tBhn^wUNf1}6996L}6VrWFvlBfQ z++!&!&Nl38d``VFULN+sqxcpCZx$~|sact^+!o)5Qbtwp%0&tLYwPc)&BWMYv5S4I z`XLm-rx*?X!C^vi9*kC?vj&pPuaE`s$y?^&rEDdE_K(r7`DJCAeR;mwlzLYrGrh}l zb|~v801^9KFOAQ?77kV`si+>WzfdQ#?GRa~uf_*Vgu`B}y3WTcF6KB)2*fZ1OY0KE zB6hvMwo8ky&T1-{>xoltAI2M9x5Dd~IWk{f`yB=RNy$e02-o!dO7FeR)?YZLFcwkR z#qzw=^5(IAs=xn`%FFE;u+V!?n$;GzjDUhDzaQY!=xLMv9bFYi$}v`X+RAiX*eckQ zYP89rPb-kj$*|z{bk&Z=_F<-|@ga-jI;5b2;w%E0F?AJk#gTi#<0+U;c3pKu7ouYF zF0C~CAXEAfNaQM`2`@5-wC660hOrz|HPPMNGB%r1nr{}|%5+{A@TA=27j`fZ&Z^N< zB!Y+Gg8*miun!?T+h|8l+e0$l-rcCqcUMkZ*WbY$uG8wY8Rby)9x=rb>0C=N5Rk4{ zk-{S*q590K5?&ysNJX-7^3dL}X0FjWWQ9GwnUoE-9#=zXM7(#8DyviWKzcfeMH*!| zN>6f?Gd?B*)O6SWm{*dm6j*2rn6|&CA}1J(PX4XE8-0FgXhEozUbQd<1U>ZSNib=N zs@%bxkzc()MFWy++)|M&^4Q@<7;^o64}E3p+zxn6Q24gbWl_SKq<~;*sCQKfQWPC! z;jnL;KbdZO7=`tmoAf!xp$WqmA_OmDiw2y(_o?bYLvPkImgm{O{^H}>4Aig{_z*n? z^S`|Smv;#!-v<;a4n;=`A2K}Oopc!-z!3>$4K_W8H9DeaUoc|GnYz9{bxKjJRdcPd zQm++x!)JqZw9-99(X!#Cn9_m&6U2fYiCieH6GPufg zj7OAaOZ8si1jGVDM~@_GT}p2&0W6k587bRObw{2Bk#?I5KNZP3%TbDtMVEiyZW1}w zjNB5Y9fW%t!{>ZuHvadC;N-#x#ql3~8+&NCLbWEfEVWm@7nKH(%Xazr9y}y+FVF#p zHr|2B2w6H9n?(A7HU-9*OfI`Q|JY}~e3W6PO6LTT()VH5#D9eQd+M76IHAz1+jbMx z*hYkmENiJUhIb>bcXyS4ryb+Xf1gAzm<~VsS+{wyqy%WM&O^gZ~|7 z*9G4Jd2+0@F4@c12W>q6CJ~^+CVsgcGOewv?Pofk?Fb`J$sF35-=uBNu)X-=2a9Ta zdzgyDZwM@c*HBAMr(P`QGXvfKTRe2Mc8eu(KbT+z+Ggux_^eVao;9^tURg+nd?U|0 z_g_8Q&$#|m7>qF_k9zjCUjr&1D!vbgS0Gn;&jI&lq)S^Gu`iI;K(La_Oh zP1W^z!lU0{_O1e^r0DIhHcZ<*PbNQjwz#M{s$PW{ zEw8touTn4WN^wc_x5c=8>=;irXfzlewe_es6a}eczw>8HQCf6#qw_QSV6Ja`@S!0o zm>96^?9Qn1+`3onet`Vtv+*F{6Y4wK?R(A!R8BV@Z_EQNpYF@b9HULgqstDuYv{$H z)KmsgDlG`o=LN;?s?f|$?yLAIuDbF3XTAcp9pL?7{}&IH1;re89s#^!9Q(5Vbje>J zXJ#rJ`Y^~W7#d5+8EJ|%Q};=#EkpsCM?CU)%H+f02+7EPOcC4*LJfuA<(daw zB}W36{|`@R85PGCZEIYD1$WmF9D=(9hY&0{1ec(}X`B!wxLe}{NN{&|hv4qsIE~-p zyn7#mKMWX6bywA{wb%UST!viOxp8`CU+G!OFCIQY5`41sOeYnCnZ9o86IOH#jN?EQ zY@!7MtL;fO;RWM;t-nwrm|)*jDG}Z-%7z>>I-@pC}?U znN#!(*EMFDhzW<_sDFlXx#()jtx|VTDB)?XZEx-|2pH;j5q!z9PNHsoc|}y;j>uM}>@b7xT}vf`OD$@z#1(RyuuY@s=ZD6DLg_`)-z@`-Yl&4VjCy~h{JZ61A~O&57o3Y3BAbF$Wz6Ef z;h!Xv-+D{}XX66UOsb^|szr?$eYo32E zv*N`%M|lQr|BG*1a*m-^9E9?bN2Dc3GMjD*hs^9Cj=zxk;PP<}H~7UzL`H?M`*3Q! zrHv?ITklt>wNeib>y#Li2zXg$CBtZ zpAU4OgiQ!b)>7hlyuQBO!9dY8T2f81o&!0LSo$W*AMyJxmnnNGy_{~vF2!QSL`?v?OQ_M5e%YE^=( zoP9Q5){i=}Vtr#ClehUpkf{P3NiG5r{EbT-wOh$7`HJj6sa5ofZnj}Esw#r9gg|c@ z+ez`6#r9T`>0Ul0Y_670?*mt*$3__01rau+tg2@yI70tQL`w@q6BD*E(#Ohdx^svY zC(Zbm&wlD-JgzgmWE{7cNdXEYJ_EL}TUg469V9l~pnZyHiX$#-RIKQKBX)2aW^3O} zlE>ZYtvq>d66lnKI;HV3H|lXpx-?qSZH7#-8y3#KJo9^NTfWW85 z=MQD!>-G)_nKGh{OJfC=K(O{lz>wnNWp@4Q9*bqxL;;crG_8Cp59dFL%<`@x>d zMpPpl*fd8(?DKq0TB-b2;*6TepFahz;*39R(8hglu{UJCT*3txIvUq6!1%r{-7x;Zu4oqj3lB+~N*fiu=~Ra&y+Bbd%DyPA|5yi%_c`@W9-HADFR z7Qh=;j}3-$C6pbj{>et1$)AR0&okR_zNy-Uayw{Byck*&B<{$LJ16RlEaR}%?DQEF zOE);I#NmDCtz6#lwGH^mo?x(J|CwOkJ*)SVd4XJAqQVq4&&}^IszzO*i`Q8R<4(A1 z%cx+m+%y5Fh;w{TLR`2SJy+sCFF#t}M5O#d%7&gWa}CO)lB)(rLNh;+jov%X)^L1=(Cw0|Y)|OC zxg&ceH3!13is|3{ys$|qRVL<63LEE)AXM)yoQ#NPo@QUTCO%=8VDnjUY73ES^>%0P zk-tq$oW*kJ4SrDqQ1Q*d`+NS#KD@*FjW1HdBZH z7_J!S&A!rx{V_J$3@{W!ZjG)l=idGl#Ts8ry#(AS85M)1{H;m`nl#EDoA4iIcRbq8 z)=Xp4v*HYMSLMgkc7IVO`9)l$5J0WXJ=5Qcj$6E2QHANqFXtg}v8M<8Xn^dl%D~cz zn?aM*i!02k`q}Wiipjmp$j{yy|UjA#g#j`6$U4&v zWiRV%$uvLI7-N~lk-1rV#09eQy`5=7$3742aljP>h%+4=P3FmBG`UtH6*xkeQ7P#m z5{-2lh(iXbNWL`rS?m9FoJvCG^;RS_7PATFD|+?uhox|`zH4GR)M73)rBbVi+GfKC zrkxdY=^5O6kPv5Fe5I)eSDhlUwXij2`lHK%c@(+cPp4<+(gZQr`+o7!_yqO0$$0q7 zQZ37gcXy)jm zEnj8RlXJ6)EqT7#nU1EBh30}vFPHbk0W7cN@8GdPQwH(hkB|k4`ceW)1N>kHC&P$v ziL-hdcx+Z0wur!K39lqlg|rX_LDae-kH7X_Xi7h*K0$20dSa+Lp6lwGm6FOBYliW0 z&0ah_C>~7O_i|JnFRM#Y&{nTcYvnqg8}n`4T1HKGZES2SunuoA@`Z2zNl+BIRIzWB z_k7MVRX|n3OSw1w5|ppQ!+CBmE_@O@Nb(M+tW_tsh4f7$k%G;SWnuNy={Gd{oe8)C zRbPnja6V?sy%J1A#|F_i31u?fB7;N31@^aUKjxu?#IDL;!q4vhnmPZ;SRyH$1-U53 zeA1*_PLf>^+^AnRv$=aCd?5v0*2!j8Bnp>(uqCt1>D?s{Hl0DX>i=zoN(K5jA$HOb<<|6>^9 zczJJ;^Fhg9cjv#l?F9OtTw&{N6KNvL5GUUY#mNLllo5d0;nU-Usad&d9&ndpe>IK?(k<#ou*b`7k2Se{^CweGF6Qd?VOD8xv3Ugk zwS&SqC2Q+m%xx94+-_JJU2oem{#myy1MO+2*Q(cd@n0G{t7t0GL=vexN6Yb0Jp8Oo zOO99@t3IAy<9^8|^M~c}fZ%alRq0;Ng1^kc7T}U9$%|BzSyGW(*FLZ9znjJ+>9VcS z;AJ|+^Fc0};9kLk^4+Kn^y$sZo{;+zk%?370sMaSrUC0&(fpv4-EVJC*kE6{FyQZfFWAE*sJ=T-*JZg657mM zd^0SuZ$GRYLjV?P*1n2%--tmq{}JrDQV`w~=6`J9If*{EiPjh5+&aadYJIM@71~E@ zO@Eo(nyY`ifZMkH@Vf@uLNqBad#~%`ON>)X0HzQ?c@(j=Jj6+F{ZrM0c%Y6gTFYA) zeHKd^vt3R<()7NMNVB-lc2E{uG^$w0Q*YJ3a2l_hTfuUsnCDZfQ`vc(>ZSmcH{|ESdqqaN&)Cntqz`XRUA!n$sw1 zx)M-6&(!vXS4reHogsA6rSpekHS}n*a7oHMCQhfoD}|vShPqr*GeC}YULz38{MQtX zPyT5-s!86Tu#zLq?WnPgB9tOwq~+Oj<4QAub7V+ByLnIlgAo2pKV*BYj6bR!bmt!3 z->Xj*NAdep(v<_Sq-;~=LJebx&dMydQzanRM4E94M*+75RT!~49 zw?0wAphDk3hj#MJeDBh@UBnBniT?&bkachuNC?J2-T%5<@2~kzoggBS4#pk<<~r6~ z;U_88R1_%zvYEKwGofR3Cpxm^b&A)oC^OysLnq`c1xoSqa&*!(=TqaM6Xc^Liu`gS zqPpDgoy9-*@CaDPso48ATYsCrq&V9=@vS`pKc6vwRW*p-^9mCY9rxC+MLn}82>gj6 zD%)1xa5MIfy(mZ9Wak7ez<}t+8T=W<8l}^assPe3m9=EqWc__gc(ZnIX4-(~V@^O|; zOjglv&`1R9eAKE7?T&ajkCv+tv}C*r!!-7K;to^UTd?%(Tbg!59mE_w9M02pKC}w{ z<7Lq|s9$m;FFk*`Rc;%WIcDMt=s#;^YjFPI;$T2S1wNv8VhAoz)Ne%j9d5VDji83V zm-1F!Si3DWTrMRBH-69iL3Cfh1d=*jD?!JC?oD^K>1C6#?%q8vHb|^W$@2V85a z%=Xu#-=l9cxgWX0d=EtF!5!D}Yx$&x3E6MT z7|tR^@?^v+*^B@*#IH98UzQcAhA-&EqE#m-t4$RKa9qXlC_bh7-i`Ico8 ztHc)vl5r}AR??dOhLd3X*T?%WW=F0c6e12AZ}>+sL^uTXDNwR?mOk+UgLK*p=qc7W5i-IIuFh!tm%qfcOS zZr|Vh zi_tmwn#yk+C4m4?)5~8Q#10<|rZ6^~1b%O;aBXvJU7T6m3GT@)fWIPppPnh&aO@(9 z$w8s&f+#Jb&9H35UP!|KIFOqh8Z{4iGW42OsU4q*83oc+=zL$56yBUwlHQA5J`u2d z;8w0$lOY~?aupSb-@%2r?%IC-42=`+Bnlv*Acx=4wY}nKK6Iiq;!B28ao-Kb=QrE4 z$Ut$zq(z#XoN~#zzS3m~J;u2qM^iS~V|%#H`fW^Ijs+fYzo3cKE%~mrp^LR{W53mE zj|e5#a9>CXEnqRqwdceRk{t~>G<}oG5*@-B-zwBl2B7aHjW_m#Sn5dGJ+C58+wqEj zoI)9lpRD3IdCMOLpH!0iK^HE`R^VZWE(eX-H&Mc9c2RUkXrDU6(RX`ZIP)9l6*t#Z zMMhbwGg&1q@3Qwk#vpY&Nh5Sz+|2Uy^nGtSW$AmU}le02A`5Q6vU+_JS5~oW<3MC-w$#h-{?VS51=|lSml1t z#6+&=o@Xm%P*d;|sT z#^EnkqAjyd+e9B)W*2^!ZRfycYY(j+i&Wrp^=)th;&^Fa+gyUpQ|n3wF07(-KJ$Wf zASfTMXkHszQ#=@aNB4Me5wYGY0O|PHzBq49$>2^l>&MRjoG`s{VSAYIVj3qq_sbU% z@&ftBzqh@$zFArppgvBP`%890L?A$#v@cEoTS_GcdJR!WoG!``xK4dhg zDM@iW)QxytnKS_ID`EaEYktr~Y#ZtILA%&-n>IW2daN1l*?UWwH)MC$0=nM%0+1AM zco)8Ne`$7OZD}>8XlZq%7y)0Bu)N&cHk{s|j?{{MM{)}=FoI?nVpwZJh^Lu8jKVxy*3hkNT9f`vw*Zmb z19+?zZ$7f82eA&YeZz+{SIfC}lsQ8uY^q5dFl*f+$+Pp3$Nnq`Ezg@R<3Ui#Z{IiN z;ofdfE0prmo8Rdyb;9L=JoClxViK8Sdq$$n(&Xk2{30ky9u4)27KXufXcqvDr5xD@ ztdaYD){_{!{bq_F{ki`?X9nnkU;COsV(bi3ks?;xPbYOMt=_U7SM9#k5Px?A_!eG! z*Z0>z_sFi#ZtlY>>bv-cSe8bHt&Lx5IknKZbJi+bsbej*;M91&H+I4DZP|tZtV^APtIxMv(;H&f4*WXJNr_}>p_KE(@)wQIH({a`1S6j0x;U&84(;$8 ze{lWwdhT2o9Hkmg>rf{gUSQdd(oRJfm%Z|&c+P|Ju~BJP3B}x%Kpjr+jX1xev^-8- zVul^nzXY6}BS)+USjQVL4gC)4Tw_>6RPS3mY#Hus7r=Rbc$~((v;A@=YByot-F0$> zQ*UYJyJ(dhT?A3~SSz(O;&iKTx{LQTW=o*)q@kB1x^Y7r9+b z_y5d7RJy0!0PTmr1(?ZaIQOR$2&T1ERmh&`{Y(Vgrzm287`tEby#x$P1k`3F&*DxK=zEKE%Kvuecb44Ki=VvhR%>OqS{Pmp$RXTpaW}j+zs8 zF;cPx_Jh5Nqh3xVD!NsgJEXWR1ZR~VSsw1+L!sR=6`u8{QSXUS*JxEmvC_Y-Vth0Z zMmO|sgr)GaPue=%Q8l5V`uebW?%`FY8Cos=*Fm&~=2~!yrKCp?04PSBx*bMQYVhFz zebG72$>vxxvpy=HO+dq1*MP(3<7;K>#A2lPE6}Z}oCABEqD!0iNW)Q=oO zLnKX+`sud4>@{?MNZS)qR+h+`C;PcXYX`Pv<{Q3cQPi@wD>x#bF^-0_i&BtP-ZA>n zxQCdWG~{K^uc1d@=+}6iN2KFt+y*6!e!9jUp5KLmYeBlvG2>hfj$OKCr0bR>ME*hy!%;l z_h+>2vNV%$eELE|)bW0eCv4DZb3#EbPOH`gvEQT(FQ-eL*zFG@06I-V;kix$y)R{7 z_YcDSaVcwf&=7v7-heW|X2^&dm0;01S|vorK>WtExrCA!RfHX^8_i~-vdsh_u|Voq z4I)r3MGviFyy59fc0**gm8;Gl{0aaJCAZg6Y?RGzOJ7lH)Q}+Z<$DgoD z0+txokVkFjy8K)HPUsE*2>5axOBOx2y#28&toq^Na-3?lVcw}T7ynFk?gc-J;ycZ< z>k)VVX1qrh@+0 zfbk2htn9qe27Xs+$P_2(DmF_SwZ7UusF(Y&Ybcu@2la%ASD0|cQs|^k$gXCx ze2R)1_2J0q8G#AjWj?mQ1E}(qhFjL*a&!l>^xqEg=3o57{WAeE9drQUt#IKc`zW?YIYv3M=WjNR@qE2J8!l_W-cQjq(&;@htikI$VE0Z&;c;Uq&=3yu zKm~f~He7i5(OY-ln-j)|31IP**&v@z&DQE}_qMQBLy4zfFt6E#x4uxE2b~@tO8IVm zL0_1fTNR0G-wSJKQ{s}nnPT~xcM<_hM`v7ts4C(m|8!QG1*2iGE*+7-uS(tgiXC-P33Ds61LZI z{TW#z+Q@hyB>_Ea11{0Ceyn;XoAo^D(3`4vfEG<7IzR#+S?FLH`msouIiMEoJ6 zCwAQa6)B4p_onfuU*IT&OqsyTv5JxpXL98w522_ee%(4=xj8oXC7`W%rZrZ&C)qO+ zK}(mhJ@-VV9Kx)b8B7!i94@Cg z5Nuj)xLY7BVgjH~k-GO>YGi^deaf+iPF$2=>8w~fo-!y2k?hP0d+D| ziJj>Tpc4sbh0O8lw?uYR;4L3&&cK}Dg9Nz{;>4AdR2dGW@QKKzj(xupW=eCrt=aQCY+P&o=cbJ@La3qv@xMF377cmO&hv?>pfh}Z=o5*z3%)lQ|I#8R4i128O&Krqhyvim0bVD^EFwuif-5zs zgit=Vd%Ln^b*`JbU8Lmxhf_S+d#e9EZ9E7A#|FS9nrExfBdQ*(+FcztxJs@$mp86l zn`Hj)11~Qx9*OT`+bi-!i6AKtc0^s@;_!CAPf%YGR8Nx}Hko3P)MnmF8=!Lr5-(LP zFAad}0T^bI9cPCcZ-L6zygMmFzx$OABqdSbW8^!FGIA(sd!tN(D z)?p`qo36dN3#lnS=Xr@*#%Q14uy*SWZGW26*k414Ttfg?mS3}pgEp~Z0RiBwQqJ+p zX6a4BtKU0bas7Ans1HzSQdIA!iiTGIttRT)ue6yhzxlfpy3ovR^o7TE47t*V0d%wm zv&jeKat1g8hUk;I<~L=+?xBL(Oc9?4JO1v-dTIqf%pLM7rD6k0*aoQE5|H$Q|DV6s zi}9UItDI_u)7uUB;gYuXlKudBqjwnc_U~yw`Jh0*-Urq|g{41@#EOE%`bmE4c>|bc zgo6e^8^gN1uByH__A$m*P)uH0l{c!)!x#y8gFrpvVHozG)<$e}k9l4WD&Fq`K3R+mIzN1-$uM9H4*+ zHsQ6$wX^B$=vE$;K3B@U6Mdo>-{$R5{!na6S$CBOrhA$i`M5w%k+&+&Xj%fi_)1d> zCE(shcs0XBa-yP9si=O;>e}e+?Rg4zTAo>`1^i}TS!$0If!!z4T}#O2{#Ij)etFx| z;IQ{~Ui99@A6M5CAs3^dV%+}DmPVJU@(IR&ZPEnn|C-l)b@X@Ir9)azM}zvh0~^bW z9B^U%L7yR!<0I~CZ>HSmsr#F`zttA#070KUyhe6Lax!#dtN+N~`B1!4EJX35BdgcV z=9>3v_Bp$DZnY@`COS#9Z1=t6bp|9Wp9TNoZ7Um^nM;O7)V1)d?+sh+MA!}7CV<%~ zwXs#%O|n(M^+CYgx4y*|h+-8N5wf-8Y z*~Bz4s#Slxgwl;Y8>q?Nj)lwk2%M}z}Ej@ zq6ARznTeUQ zxQs%{UZ}=(+vAG&SExo)Po(+1jP;YHIYSH03sEp_QP@l>uQ!jFx3=1I|AaX<9)wZO zXe*HOYzIkd@h?rNdrlDx@xm9n3-jK|N-M<1zQx7B{QE|#!4zIb`kGxsGaTU;9A5%`sRzX@ zTHHQgHFd-!w>LR;Lb?UqQi{LOY-RFTH9XN`4*7~c{j%GNcc>8GM>Gsw)1I|PVGKf1eSU0sy1!5NH$iE>t)0PmI~R|VEjNt& zFk1{N-wnwJxxOa9KaWSHZ2B%^L`Wlgay@2s*WLIPkS&CwdFXwMD~*6|G!h5zI3aGU zPxwjoZfq8I2wl=wwq2mUA)y9P-fWK7`#-i|UNSJ8TS(KdFU>|f-QkukPNasHy0J5w z%4dJ^jkA-Q{d?>ywy)`DzC>#?T43jp($b(kk4C)eUIIAtEf-6T8{^eINj94HZ z6>O*2f=_S=qy;;5g_5rAxFO$QyVOzw?&Ae&BOg2Y>cE0ks{()opX^U0#E=C>DAQ`J9y;5_12?x;?) z2PEACd0E6HL&_p%ex1>%QmN2XCT8GzVJIYmtm(zfcA|b_fv_BZ)=ff-jl?NO3JNui z^6wyLEs k`MKuX?7j0OfDC%iX^2`f1J*D*oUEESj^MSrt|row*I#(M=m!=4x`Cy z=hcngcr9Wyih>9K>T64FJt`#(3&yf}Vnh47`MDQHSIhNv6OLMyigth-QGlXlq-|FI z7WtPQzGT%s>vt|2BsLG^o1@|2ag+})gMm=$tbGbTSI$lH`aq+p)30tvY3?XEqK_iR zyl2uuP=$@vU;SHAzFE~_vsaNR8Al#UpM$Z=hs_{{BBj6{7KmQphPbo^Vly!ScNCzE z9z}DiAycI%eN{w1UbwaB@A_$WIgAmiWodgr>eLq&rH3THc7;sAR48hfT!*sh-gy=g zDZkd%tkL)<K!V$4&dHD zm;l)>&Rn4btC^xZGXa{d4u34ClBN1D3nIm_sep(HHZo`9QD|{Bd8=^a3X!QKGF7N$ z#w0HI=dGe4IJE|84zzTaviKqPZ*?Gf7_u+FI_G;RSuz2e+t0P+37H25A}N9GNOdCj zZ#{vkc;_JgEM2v_w%qw@ktt>E8HVZ-TwoHXJCj7woJF4EP#0x3qFyW{Fa8{uRaTirZAEl--Wcl zVg479FZS`gga6Ghj;M>jjpdw!6CYU~rN3Whx%9o`FoVkFnZZfipP?QvV)W~{eq_rZ zA6%seYRFpmcf(*B^||+Rf!m*>!hoa=5co1NQoNE1Fhy`H?mG70ymKu?>4MJWCC`XK z=L6IFEk^39ejVU`rncJ|{x+Xm3%Lo4H*N_C36eLmPf^#-OTW$MR^ej+d9c^Ky?{{F zi*_OuC4R!R#8A~bnz&mhtGVtI<56n5^Eh+xeb-g=)||K4^RyUn=cpDH0kd7Q8(zi! z10*W-O3-FXRF`m;_rr|#wEd2q{Ms3}N+9gheT6G+eWYSw}j`j_oOH2Cfmm=k5>X~ zK)MM5pvoHo7|Z)MGL7)jQu%_Z)Lg_&bEioMEgySJT)+y(F4m1tD1>Jt3WAz1@<~s* zzw|6^R3e|wwf#^jHa!E*{rb>T+m)7*Ra5v}xiQQpMMXLl>ZD}1 zG64Ft^)<9oi6K9_+TEo;v#A@^G6U6;RQLWG!~VJBd+03>=I!hA>^+QAmaC;QBR`Mh0A-h3<( zf+~+H4_q(!KkTEqi&ic-_V%DrZ6M&_$19&F_M2b$l&*1DS;eudD|z)!_mkegBQJ5a zNp|15ctjTrF<=}3ta?V&Ap8T7Rv_S|p#&zo4Kl<^eR;K7%rXKAuu);`#`iN~y!+o0 zo^o%$s^sVE_?P_bS!ix_<#}B$sb4qm`pflWJq6(>@i@|Pso%_Nt*&u*f~u%N4HKCz zeZ@zA`t0XZD!-8$g0?W`y`x34ZRg5Nipr-UetvyAeLL-rqVGyCT8dOM5g*>IKQLRUs4Z zEWuWfk**`|#lnk6U_;P&%eNNr-}?DVmXtF0YH5|$muf0myuj#e88Z>aM^a$*>?>u`Z*HUCYjscn5BS9$JBYHCm}dsXcfhVUlJ@78;p-^AJMW0@x@LWj^TlTz0DU~fj{p&Np4ZsZJ;BdJ3D zziGnBrjx0CXnN?S=DE^0lLRRRuCUui`o4U5>9Nom0g_4Bg$i zetCAhe^(^F@?j3n^>dqtm!=6VE>NX& z&X)&s%X*=Jhtl@q2XnhjfR@16D#nrWa~3ue>uXqK1|ox0K3ng{6Ae_5*l-DwkPF+6 z;KwPxy_bb%oHHhy8}LFBoG#wZ+Z-W1Ofl)FmZ1U^JcmwP2bpv6w{H>Eu+gOs^RAbTL*GT~{a#D(3S>=MP#nxiNQ}1Ljr{Ex z9^>epIkN>>jrrB7FPNvFmV5+%`_5!c`00XF*T&zky<5)u z=L@#FuX9+7iaMEqT@f%tX)>Ll5;hicKaq@Rhr*?Mo47RX)GbZOR$JzoF4b~l>ADeOHM8QLXItJf#dGTm zXjfN{itIU+SR%o-bHj=X6BiEcGDe_FjKwN*v@|YXVZnQ`7m1gXnRl3Ha)|xpF6f6b z$)W9GQ722@7w18h22DN!vv?H$3Nes=5fc*^*1={kH(2AAX=_BJFz@3c`#kQi0I2}a zppkC(yPC&F@Lx6};Y|Ys4NfkM^fPB>GzHX|FQ{}F_rk3D;S2TAiM~v*aJa<6KT`=) zwzbPMbXr)Clzf`5onyt}2E<_&8Db-lK&|X8Z(A?=NcVf^47*9E)c)$_p?P0Rsw$@i zkLuSiJ4&@E%n+zpD9kMI=bLDY)_D1<8U!L#Lg4*1^E#=-YW(F6I zXN0k}Z{u8T=S4530eHxS9;7W|)%Vt*=1)FCv9DOuW}M>02W`VJ5^`UDHnE4N+eway z!IK}Npb3!sO32~t--uDOt-fg4YC})NWQUpG*j^_0-@iXP^@sh0PhJSd?DEuWO>u{{ zdaSeK3`Dqoz_mIq`#o>Du7_Zi57%Zru}6=gCn&KtVm&=^EZ{ORLTDtd%M_f>V|rmW z<2Ug3yVvdM{@uZ}^5x+nse`l;t3h~{?7zPM5=) z+ztW>*bF20PU?+(Iy3T&*!6xGdK}Q#Y#)`MLz49!VFLxQ))@7(B_N>D4~6cXBpe4} zjGMkq)rKH^KSJqvD3mrj`#pQ>%yl|UoHMj8o)gk!&I9MdV%?EYNl1v^WXU_`FI{G6 zS$l-};%i|Ck#Q0ewJ_F4=fH9HM!nY$)g*|)`Hhbw_vR`LPBbQaEL^gh<+J`Z&rNeD=~sw}&BRZI8}>TB!)_0tp??_V(t@pDHAc#3~7&kLg+ky-t7!hJKyZ}kP8!}MKZJZpZf z>}bJqYb}XQ$;0FkdO5!T2$UgnWbKAba}vaj_~hID57J5Zt_d>w0(yCETZ-HlARu z&!&b)&J8-8iylXxFx1r0$i6l7BVU6*S+Tav3>nogZ$E>ZMG*cbO##GJdRonh+-C2N zrg2&lK>xyKSKG+JNN2cA%0P)ZKCFp4QXxh40#gkox__9AZkUFIe2GVD3tbPAWAkvk zJzd#aWGjGu>drJ=q?%>)?4 zqGW${TS-{6_^@1s_Q)QUM>9o8&52;u((COy+xe`QiEI~P&p?8fm^RD5u}K{J$)UzI zR;$9=xLgf(9ejJ5)5zIaY%t&YUeF}c-JdmaIsJps#20O4=2%+1I!e#IW98^xQv1E# zjauE_&)#EDUSC*YcgP;nTC8Tg11_3frK-cjmBwLy_mG4-ZBe2z2mkYSV9-GzT*&DB_IV^!>$zvwxOyQy=fNsvWLVu-SrePCPtaAaDeux zz}|YZ=rQwfqwpC_?r0%Qi+J}s;N2RxiM^+^ZAq<9=){qn>) zL%;v26Y#T3otYQYR=8CzpqP+mYT#ukbgW^OUYR1a5+VSdBYJ(^ zl)jo~Z#O=HOEI^`K%P)HGdItedy{^&5la4pf`}8&b!c36&H(fQ?k`GXhf~|_ zKW$UwE9~wcImncr!Sd`gMZ;jkWyt3?TIpiopIJ)|f~pFJ z!__Yi6p<(93D-%Le!zVEVl0@so<0J*9^Tw3b!w1%ph$2fLD^9N`@D8GAywIDcR#I~ zcZnX)RugfB>!Z9O4!iyaE_@aAblp(*tA;Z7`^LIt$6Pm-=+71Gf$RNv)!f`v?ycR~ zcQP{b!f3mOUq2$H#-jx)oPy3I&>0xTuJLB?1KR&48vY>LXKOr@oM}}gyjuRFvmZU0 zK6$Xxl;iyaqr32H{d>d-WN|DW(2A?UIK)+}c{7^ek;IR@kRtYe9I@*|npYLDO_NBKG+`9l#)#7pf5F9Y`W;8AbELO;t6ETRV>j*4mdx04#a?W_#J6!@jBH=^HD+sXG8uR?pVf-T8cn@X*U(SR}=f>>RO#FXTp!@Be8N?ZRk!2>vXW!-biMI zeftsH(r!j1)h+VABICsT(mE+7;#=zxIFbW|wZTA9xQ=*4Q2XQkdqGH?;u-Z`TQj5& zgotZfx~xy;pWr?v-(Wp1`XcPLeGW`<{sWCybu`A+=Rm5*po{{Us0!`i`Cu($89#Tm zAhD97vU%Nv5Kho;_2n#-w}nRm@4#o^yxuB+HdMkJ(-6G^7)rOBVe$kg3UtnVC6j zxy92ZQk_XzJA#1Knb&UqQ<8$KZ~F_4j2aTJ_0)D?TwI*UC+(%WZ=}b-(7zA!WnCMN z{jU>b6%`fhb=Kgi*tofIN5tE$(r)VXgx~_i*$w8zq)}?;cvvlFGqR{fV`HooO*FS}bZf4oyi7W_}&6x3t?i98*P{vI zRxgu1*Lh*sjyN>&{iF+LB{X>KHhb-=Y%DnILZwVP7VjqV0~nHrH$L#>SXfs1xIVad z9{;X7U9w%339dTz4<`PSVm=2@WkY*-p*2+j7VK$YsduTMFZi zH!DpW@MvUlFidbELvifw(nku4mAs@ii;fa!IAp&2XuBN3@EUUKmwdNCl_?f9&I}^} z<7F&)I^QY;_ieSuX-mnqLjsN`#LsRqxE&QvOP=~{G=x{jfMZ_)W&hIoZAc{98k?Rj z5xgU3+h-iJ$;**ECmuHG#lV-Wb2jw}5*R6cdwqycJ|huk_8)bQ(8yI+y#;9d!_)I_ zc&;&yri_}(jH^hUv3hdZ5#JBV9Ktxih$neXO+MOSFWWSNrG~hMNWnClG$iyFFME6Y zZb$yd%3P*QY)L(uSUDr`_^lH#d~CAi2I?rmrm6WLYntBywrVQ0hF>u(FJZR(4w04E z#7`@1U8*u4{urKnY*=rCnB!%WRA#)Q%d(^k_&%n2nS|?C#0qlv$tDcT96?~_@~LqRGbI62uWl2 zi7~ZP7U>0HgzHy?!B*%s+mlBHx8%Az;Q9wUH@iXlvaywHwW35|iVai*5QS>=*aa2N z(}vmmJFrGZjC?OKR(+_ah*tO9BuID%mfj>MkFw!UBx7b*mUqFR#}j6#uHGB1~#o-!Yzj;jcJYv zgfmngWtcCXz-3wfAg^O(^->n1<(?#Q+oo-7_4EeUVkM<`7Wz$X?Tm7SnT|}DW+Ax7TnOp>M-g9kNY~>BqH@yXPH5BnZSN_klHORO+9^wqNHJ3}?F_{>PDSV2a2))mzbX)Tq9Tob$ zhGy^Xtnr{6nc922kAJ2aOFuK5J$s<d9H=B%A6VIxEtk#jy37WBI5ajcsDRwtDyO zJ}~eKfe(>F1rlP{dpX^#9bf-R$930HUU(i@lz2he7!V~+l7(+YE1@E5RMF&8C@ZCIGiQgg@E z)5AU1`xBpWl-ZEBRa7o;+#Dvw73uG`cf%;~_*-PLgBF2pVgbgSI$2i6&+rasajfB< zgN3;@@f^)scPifyocQO$DFl^XIcChI8KST+Q8MmUw@LVVljjGn6EDp;&45|LL_79N ztzSmJn3p8J*CG@UM0Ohtcf+U4Wk06-y)4l*|1pDkta+0|uoG@cq*9v6r`t?z%*1UI zn}gA6OTuK@(i~oPG*mHOz|&xbc*#nQe{LMUhI5Re_jWff0ADpu3~drOJAGO-iRctQ z*0#bENT{Bq9?1VN*}+=;O%Ova0;li`vMdn>vwfey0Gd#3uaVH9D3t-O-RI-wT?943 zTvs~XZEd%j;)-BDy}LSrDaN&c-TK5|5CZ8 z3ZkoBtwiF#{b8Xe3P~oRiz0#K7h}s6m+$-AK@JNT4GfOta1d&@5Y1^67x5uNsm>GV z?=_5!jC2%V*3}QR-WyPC5-aLH*==8WKI;uiV+t)#E8N}x?644@ARhMjSjlXbrJQH* zt(pGwt3ZI?n=I4J`H^^OPW>VBVtz-S2W|A)!Oc-rsUxKeyMqa9I&v7{MxwsUm>rcaM%M3Zzcd zi-wouu3qHg{OEu!cdI9(W0vWq8GG%`FaA6PF=*iHnp>DcqSTA#9 zHo68JJmCqrB*|4}xj$l)c0Dt&1DJ&0;OZ#ZG3L#h z?r+cEgiDB!I7-ZZ$=h5I(;Xg{0q#xZKqJ-!wH!{`RGc}e-A*$|ElgGyft!(5psk}5 zP)HNneej8BPvYGtw*%OY=lbt&`{uXG>x}~DL<>}-Ob`>AW9oz_`@A9mW9s%RjHG)1 z>^itS4+1}z2ke~QDrt0h_%jCQ2r#?aHbuqShC=A)talJR97?z{|K-iVL3<5G_9i*9 z3}HxU0k{Ag28sdzZ7Nz?WA3u~uBAo5eNy4QzVOAeeSe1haS63q?Y-G*%OD;Tr-QE9oy!$wFf$*QN9J92zhtF2By4?2H;a5W1;%lZ$N(>BIBy zs9xk?YHJ2T59G7+x-lR(J3D6WlwU##TCJRlBGG+RYjRHaMowQ0&bZ|AFNMd4hITj3 zt}`CTi4cxt^;(h?nPq2IRwlDVFmp^9>mE!)xD~EP5UXAdfJ3;B4Gn=wFnUSVVVdDG zKa4z~pa#IGC^T9tE5j<9a!yz$pys6iB)GMbhQ`KfZifYX^q*XC;vM!bY3JBz7NiBE zk1ogcDX@x=YnY;w_SAk7=io-fdnSsJ`hto8SY<^(syI0|1d-8R6OMk1i7TsXa4{Db z7dMrVknl}ZR8$N=;m}cze{UU=%w4m5)@^NHjNzz(dw$SpBd>q|9lo`n&Eops`8$Gw?i8}OP*C9uK2rdm5@Q?p1=eR})v8$q1{GFtPKGQIovUhjSMGLh|%n~Qy4^Dcj}tR&6M)g$a`YQ_fO zL~lh^m2-AwC5XGX{J{F#$d7~O%F4Az*s>ny-d$x5g2qg7$kg!!rHirTqoJsZg%?`5 zK#m2_j7mCk(^|+kyuZ4!kz$)N!jgFH2pdjA09DpS{Y3-w>-Hu>00g|LG3l#XzzbTI^38uf+xd5uC+Q8HY$x8#h-RB{n;kgoBsUyqr40{UO_&> z_UNj?2MOc0Dj!kpihtF4TT(Nx962D0752{`(7(3Y&At=iF~L^&Z}}&!Vf4qgyUH1i z*V9ex7&q|!n?EzSC~B^MH>vbw^0U7w&wC}@214IPvbzfSJ!LvJ4qKzy7}mjNs8F9( zWhzJnE)s0u50g~Yow*v&H(&t0@_x%OIyfl#gq{e4X^sQ~&R{)J%s1)%uabL!>8jBi zB}AJ(vlsIk!7%C0^|u_|E*_m z@gjnxvnSZl&@fHR2@Mh>XeCmB=gc-bOveLPT(j^~p5q5n!~^*Nw=rD_rCU+6&p@FF zKCsbSD;*geys8D?K%?ag?RLhl{@s73RP_6h)xF#=e}5}wwIS8*WXbY3+5qmB3*On=viVBoEc+pnGtzHa2d}%f-aU0lu>L%HV#p;WJ zK&7ckY$g+>bAvB?sE5tI0s}~fT z7b@%`jP}O*29X|20DKpuAs8zefRW%dPJ1(;PM!dOwG{A_PxgaY=@QDewzl`G_V$0b z0zdJ12S9@0*eIXJKG+_7i31 zu*XH3{7mimN@9;yr8*1g-im$+m_EhuOXg>n4eF0FbsjCui{N(bW3&7Zh&!Si9rQFq zJ+&Nw)lF-1nuSEhewY?~Zt$}>5yzy;VR&?O^rtsN>+ZrM%M)(1S=S2Fmc!1E(!RDv zu_-LiaY{n)Bjqt;ga--?J{v|G>g&S_^ZJ z6IA}%Jc#*+Z!qZv&ef6T49rEOEi)|*Lw7`*Hx7dAd0F4kuv&*SN1Q6@rr$ggcMe@6 zB_Ck4zW7vGd6S?BWx&Baob_gaz(Yl#jTxXjEwncSYZ!uVyG)1sJg_?Jy~9ok*97*F zx`2OX8Z6hnvPr+>dCqb}z8q+zlV2H^x3d^FXFY1zzrFaYBBhS`zquAYkQ zLAK&ReShW?;Rgh6%WEH>ze)doDFc;?U<9{y#KdNL-S&RFtSALu7u%25MvtIBs*_d2 zWnJ5RM>*paWX-MBRIRZB`yIG#CVWj-c_+-mv4?idTINyL44~EDHXK<;LdFMV`cFO4 zPCIT9Lu;EK!Z1OBflba*$PEO2Rxm>XTb3`EW;S2(!qbH3^(L}0OF?h0GfyGxh_zFEiG)|1%^OhZt@FowE6EmD=Dy z{sc#yU%&p(ehI`erVOM1cqEBS)x{!p9nOexEPU0xIC&A?Yw@Jb$!!(5L($;h8?M0V~sA)ziJsw?74XS6?h{2NCRWrHTpHuiX5Y;ri07{i5}F02odaQK6Rx z4b%}0l>U<2&gO1QNO#q@@`va!7p=*K!ftASGi3pD?bRJuivms5*5K)(b`#heMQ=ls zb7iZ!jPAdR@iXz*%JwKQr2Jm``vzZYZ-Qr4ofF4jh?#PZKd3e%Cue|G4U{j(my_<0 z*_mp83z7tA8ycJ9r;Mg-@#HS#Dy+1k9R^`*v)Efc5O(k#BHv=0h~b4tq)~m9!n?Xk zH#Obcrod~7lbnK5-}c<#=h_r= zZQ1^49(=V9yo?u>=s$l>AYDqrdqB7JMsfEESa!#@q}3+c9sZ(Ch;|x}bS7ReUtX_V zBNe4>xusu3kZX$v3&cDwWeqr0dqE9)hO^UZcMM0MXAW5#%XZO=QC5lGkLg~1hJgdW zg@EqXkV1Va5a)cts2E;sdSFa8R>5&|Z%gqTX`kLzc@gT7Yo^RGC07cwX$<9^{%~=t zrffDBzum|48^cy~UyaTMPIl7@1haJ$o`rjkmg$EFzH?Op^<&+uKN4Daln7hkmI(of zhq1)6f?G+l*bNZBPW!?J?s>0zUy(2E7M}WJ@hNb3g9pJeLMkFxLl27)^Ga^i&0pJ~ zIOPxX#6pDi-dxV^2I%-7@y|ZY?ubDNgSP1)c2x3GxO*smW5{WoDrjrqszNwvO6bLe zDucEhm+wvjhQk!@RZOScy0Wst^Y<#0r+q>84sI6*9-{~bVO(~0jE8qTk^;)vbY{eU{l6R6CFMY3Dj_k1+tL{mkPDu<~ z*=o|o{E0syVURG^dIhmgB7QVMNO-VHiQ~I|&L>}H@>)Q)BZ{Q97HZjebDr`??Hp|0 z`Le0Snwi817jqa$+XeOY^=4YB$G87pLcqe-`8bjCypFXqf8UP(3x04`)D-}q+Jb_0 zEq+=J%E)g+S33AfK0hVFktyB3`50G}OG*HJM(r2(-cXq}Dh}} zfvBdz9yPl2hEN|OtXK~JfMems}8 z%S7#y*FGnYqhdSWE)JoD1YRBUlCAX?Iu(krxR429_(DLmfe_~z%g@D&|ndYXJ zHc<2Q0$_V+WQ3r~v_p*z+VB*jC4=b~Y^jBR38Ss7KtbD##(?3kNK z=qls>;Xg>&8T`+`z?-xkK*AN=YU`Fl?}+X35Gw5eHx&N$*Kq(qPB=w8cIV!>ynO~> z9~rY*LEK1ruMFx#J@!jaSfY8nSCVIH!8m=_Foy3FAUTZnVRt3DUkYE{aVIjdP-~XA z3IFU(A6Lg!0e(gtI)e4xR}pW{&QxcBsUCuUj#L7gRJ@?ER0zNbP1}$}w@5w0!8F-x zCt6_FFW36WhORNguRyoHgi#-a3;mVNuMKY3i=ZuV?W)GQe5$? z-vQ|(cupV^eibOIf_vHVI*MB4LP<2EN=)Os#PhWXIVhpSMernyaB8yDi*^k*Fc@-I zqhiB;BxLy3s3fC6LL%^)u^2AF{b=+;*qZWzn*1rz*&^uUS!TyD|8 zAaaC35a0?b0C@_gX2JSTz`dV8=H-15#|x@)SfH(}l#L?!3V$&Tn?3RImoqmv|9Euym6qS&Kcw5&I7F3fA%R}BJq{gWQT29&9b#zAP$D#n}W(P zFQlJYsUZG;`=o-4qqbJKIL@CZ9rB@YQytT-Re7(B>6kXhQicuNJlfj~>67?H-+=NC z<dGmwIN@rU>SWP4mj`=p73+n}Q*UEF9XB#;G z(RfmEMb3Qu{9=lxP0sVDF;4^j(pzQmWMAM7_6mEnxhysl`W!550%i`7q2P%mpd4nZ z_rKT+!CLsvXEnIRw7y6#{uAKaOeqz!`=@?L4=q-I%!B76{MSoHihAi~P?@dyl3>q& zSUd*>zhd|h`HMS0R!e~m|67g8`boL`O=1Fdx?sNan&;&x8v`Qdl{tt${u8aok^H&9 zggLEKYlEIE9vJ|gpSA-bHg{~@wrOiLM`CPbq!Xat%Gzr(XDjr!4LUuIh zeBjqJ@P_NB`SjH66Gs3|CKb;lsjaN4gT)q$iv63Aq7>vJTgu=7;Em6Yk@!3v=qh83 zgHQDt|Mf4|&#svj?)lbR1i$?{Rs=Bf75P0h36?*OJ(-q`&EPe$DD8VFW2T#a>17u3 zm;!HklatlJfSN60?}Rl72#kqwMRx$BDIFQwNX2imVQp=FSG4c1%1yENYeKLnJFL-P zaJQZ4l#W6yN~~Zs<^K?|-?_<17Jz33pVTS9i3aSftvj(qlyRPR0K#7B;o;$yX&2Eu zYB^Epk#bzoIX*O8^w+9x!>%{*AD_{!@%K9LvNgM_@E^bq^*mznqLtsFiJ0(E)GcEQ zJnj{IxIOC0d>nUL2`-5Xl3fMHdK{GlPli8~2=T{FDjlysQf@loe=<;8#623`yT)|f zp_hX*Ck6}HW{vOw{0SA}`VuI={AL<&p9|5*^kxlQDzT<$TXs*^BV28OZh+}8b7qp( zN8RAh&2y?NZ_mh*ll52%)F!>VK=QZMq!ue6CP4{y(_%YQX3Bu`BUH|~F;2Nd#R)mB zt+A3CT+Px|ow>t9@s~T7Ih1oIkoozcx6-0KFJU~_s*IM2TBn;HZOT%;H%Y!M#`!NV zw~9eXqx|Gj*Y(!U7t4%K@0Rmjaok$Y>O&Wx$#7Zg@FJ8LR#!eRd z>Qya!qu~E)0SpbHCUk)nl{YNu06!sMr4)H(oB^p{;hiK9H&rr5(6dLYx#b7x)h*SCxalPu$vZ47O$d7i!5xA$m>@s4-W35&vBks zIV@zdp1m?K5Nh#>Z6>zX!qDflAbYxxE~~7p3U(gr<1;|2o@nPn-|`UCY!!U?&>_0KJ}g)-snCXZr=jR&3H|8KoKML{S! z8yRUp6{3=hHQH|$SsYUBEkA+%7$;W-TJ*c5U)$PtSmXud1tdTdVi620eRpN14S^40 z$5AnV;Y#P(DAjT*v}g4AG#t!r*goy#ZWWYhtYbfsnFJy-FnH~mTgv@o7dnV>pydi! zORVTh1YqMxK&)c}SoMd3UJMug|HErPLy-8(Ps1ka*5Zp+nBiOD_WD~`07SY1AX0uY zr@Tf}_66qhIHNyd2X}C0x73<_P~HQ; zwG9A`5f?*>O$HDW_}EXMY)MdJI-fLfpy9r$&66f(dGtWQgM*@u17I(%JAt*(hCf#t z%^w2X=<=nZ;XQ#}ICouM*?#-8%0w(n9NT%xR&P4q=hN2#6eJH+1khwdgA1Px>}AnM%G>>t*X?U-ge|$PG`YCYH^=nWCf%>-U!Gg0eVeQ=vm{uBI3SvUPGyqDQN1T+ZZ25XXm2tgkV z(zSm+QE{RqitZ_2&~h3U(4pA0V^j0ZD07gY@y?_Di3#3`7}mvCMhFnxpl0S<-Pftr z)zrQMtbg)6zb?o>8`!*}Jtt%a_9jrJJ-G>#1^F}CBYg^oHxi}?XpUNe26+Yao%R9%?DLv2(0IXxhP$c6SoFV&wMU{yk1jE!Wv;BJw%mS=@Bo-9 zjs((9b(aT}M&BesAjEZ`*=!FciV82XEVdCB#0YCtP2;Q%P46&nuywm)Nm((4X-ZEW zT@r(YR8f5C*l}5a3tbeL)qMIi2nD&?hf9-FgAEK;eNtQOmB_{m1g{SM7}VTXR`KV?!Xzpc*hK^kv?hUMW6Yj<7qAMQ)R` zk0f}dy?WNU!RmjVK^Y)~Gx$-x@at=E&{}#jIsLbOTB7J}fOKOP?xsUMat>3_ z14z$U&hVIk7wK`oi7<@h(mAqDIRV{DC=Q7JxC)^}5IC8~e)o=qCX}RzjkyOP2cJ-m zpg<6iz7oS(05rTeIZ=~3jNvU-K1|44zFF>gQ*_~-Y^V&7uEU_oB3)*rE|;bV_?k8I zUF6@;T86BH!LmOvJ8r!9hCpXX+;hSfB6XyvTiJ6P+BnZl3Dsk|iU)skR=mAB*}J^` zS6y6>btw4`8c5a~LAdqTAZiJuQUk=5n40}Wl(Pe-ZfC~FkN>!@@&I;mfwYD`!Jj!+ z+vx9TaT7L<6As7R27 zE;C+tP{H!I1*PZGH^8NJk8k+(ynE;RG5Am|9^aw}ZJ;C=2RyPMoJL$C&ZmfcVG2A# zhsh$v;)DbOA-Qjt;B!GYoIS^@<}f9SoK~QFy2l%L8Yj$DaGh1e0Th$P`!`ZbYb4;C zSAOw-7s+?Rcg!UFrn1Fy?^LrWuryG1!p6rt<}{bPX{SsNd)FV62vLw%z%qkyGH32% zwXlt~{@Zk22tggTrQ=?!x=yX=!fQ2Raj|%u)`o2sJEtqjXp5-fgfF^#6G~UUNV!!H zv)O@gCFtEs5g4+)4cu&}$VxhB2(FQc4qrurwTMLS$}#|Q+=O1}%U9bgh5x^s(E)y? zudm<8YO7{ofC#SvL@OYX6)5?u^d+j1zRc&w-L-?Dv9Xz_vVJJ6J4NVMS-r~GK3W8q+!x^2g82j9_z(#pkwzo z;P0PZ-23PPT>@zMnw?#Tz5%~SYPhf~N|4kEpJfldefA$SowMO>7LB3;1*M5;Vq7oQ z0Lj3V!b=Nk@lA)DVwjib9To(^=52=k+W~Y}P#P6V54t6xf!xP`Wd02l3(tU;c1z*o zLBIT5`D9d*z_LO1vqNxCNMRATAF_;r5eF05+B76o`0{ZaWOwc65m+c$5g2Vw*C-?k z#K|ZdTiY6O_~{)tzdDK=yUatoK`d@ z$~cV|n$RVp$zTOre8*j#UjZeG*w$srs2Cb>T2~w~p+>oQubD{=UEt zIsE>~_^Nx_HtzGB$q0T1FP&zQud0rDWqmwywysT-jSb_jTwGCZB?gc!CYS@mn~BVI z47{CZByg{G8Ix=iL6#V6M4-75;477xCqOVaptWcQau`Lm3~itN15BKAfk5T-gCi3C zAFi^n^88%*FJN$@00G^2AP@@GERGtVxdzb`KN19CgJMCS?)2-vn*xllCl#gfTewl4%9@GjKZ(JOX!RTvF2g{Q5vD%(>Z17oZZn%IN4Avi=cAO zJyP?3m6hfsSOnuhP0WCwk{7k*9Y-nz)*Uhiy1q)DX6gPV@mNd$qcZ|p#TxS<|16I= zV0c0U(1SmA4d-5R(bbV!+QG*BwG=eS5*^qQbnC+mg9MpiIWRjaR-AEk z-{ueqHS6N&Sv=Ve4Ar1iY?B5u7cG4^zR>;(E=(2>oJqAZD~OH11Qm#XGB(#Wpd`ZKeO@?$ z(SL`{x{cq^(6HS$Bn`Bx`Q(4|Rqcj5)5H}~WMpLY>n{_<6Womv4XRjgua$dv`lxY! z-M|=|Yv zh=Orc3F=2w$<|O=LL^hiDv!m8u_oZKXYF9RP$n6 z890~i0^;+- zF)cpE@4>IhpEaPfWsMjN@*uu{JEb!uxLQUn{UO}HYCQGE_;RRgnRbr&rx$~}z2f~= z&py?+hll%BrRf00JufG&nUoNZ<*;?>OTLu@C)y+FrCMs^)sNo9!EBd>1pjT!v+)(}{nY5dDA~b7z`0L6To`E}*;c#9lQ%Z3q&+PVD?V ze@H8?ncUzYAg-)R`zf08gTt^Fo65S}f(>Ed@8%)0cW@$`#;v%`04M+CCgNt-Nh#{f zDc5i;i|PryUmfhLQ!ba?b~oK?u2+fP`HhixM60y_62Bdlto*0+?r}oR0 z>O6nPA)Bi5&ueS;nE(bvqdE1_(Lu1>Mm<1`pkoK6vc+kTe8-lYaKk8I*ufkA2lgb=pb8- z-4AdMO_pOGVXzaW*%)Qm57Zcp$Rh?d|6v}HDI5Fe(a1{kMs0h_rpAtsWOTBB9`sBv zhs&0%?AF0rFw8V7S85d5-PKfE+GI|a1*T;&%4UYYX$ZJHd}5fWVe;sg4(*9q@o4C7 zu!Q|CPzusT%Cq1kyxuCZ8DgnKM1;nYksgrd@}ity)tYxzljx)!$`0N*lc|`j)QtQg zxyD-3`rg?A=`Ht&$yUwwKmsHhs);%Cz05el|105fcGG9RXsdy@OaPGTC)Yq`&_~{WadS1k>`>jX$9=>c;Lq;#Fu_Bv$(?^%V*^ky0&{ z@H*{j%3&WZ7@|DJ4Goa3lPG_!Vb58;aD#cpdC=4xUoN(ZA$#JdhM_?>@{PU(V{y>r z`&4J?_ddJqVm_35ts=V_N7b^|;j$N|hyFIhL`CnR@;BtE;wCoL+Ua+@gvvYhrrVOInD8gh>@+V$JPW3f8=F?Y9lu=vB zuU~Ar9*a^Thl-`RYzWwMCEVNd1DWlA${IIu36EwPf9pp>Q)Jt&vE8YI^U6YhOTfYb zOU^}S)P=f3j8KxsAnAds?S3xX3{lf>j&yp^7*8ZID?BdaY4+^-!|sV4f}p6>BOo&k zop@bE2+X2{In_LI`c*xn`i1TtD$ZPc4gr;E;GB^XI@IcQ;c`m){dEjJj*v|7c^F_Exa_eN;w)nyiaSyiLM-QDl1BXf3m1T@!8g-gl@SIX06;+$622%ZAb zEq{MeP+i2mIOXz0le`{e^P^UGth>i=cVX&0ucQ*l%m0eNWNXARL$PU<3bOhK?0|xI zd8KE+=vT41cMGNd0mBh$2jq8UL~Cw=D#(0IH7UMMEQX z)#bpgwW#`nX6Xtl(KzQThO@2STaEBvpPs&Uu+KJ8c5Rb)nCQhSC*pj)cxFCg6SdV( zbTyI#e18mvY|`$m2dHph=x|~j%7ym(C39JAJ4w^3c5K%UQYU>dj>^s_y!vw=ymf5^ zdjeLdev>kR7Tr!dktffxatNaJ%p9DqJlIMRjGt(l@P1PB#{EoY@dEW$I5x-*(K%4( zLl=`E7qy$TQti``RVw$NY!_hj@D!ly*9F{w%tcOx(y+P)Xaz2*u-C8fbIjj6!W7of z6?)h&vX|`>$CfQzQjavvAV430p=;QrmF!VthhS#IUxdv9S&2L8#d=(hF2R zw*7H+XTzX@sTU!Nrk?AeiBS-eE@Z3j$P$ZW;kAA>13%?;X)gXg#Zo>M3e0gMovnz}jyyRO}g zr0ec^qwf2&%j!L}wt;k-^M)GK`VZwhK15g1F8QwBy4at?TYDyKGHVLhT) zRvEF7(aV1XCtYq-l)yNP8YQavf)uI#S0-2Y=>6{;At^a&dHrWHqFvNhrs7>#3?;p1 ziyqLxvDNTTobR!#a{Hz3bAHK(?yr>!!?InaEI+KPAy&UZ>cRaTqwIO+YLrO8d+0o*=gPO#-Y`kr(|h7 z49x4$t3SHk1e%Yd2|f~D8DVw@(xvEE7>^*}-}Q&b`ZTx4Y?%nG%3ke1c{6*=0c-f{ z=Qvw(wz3Hue=`^hlD#}a{{!{^5Y)PzIfeBHp4v+w8%4*c$ZH_aH^^1EwhU_hk`(mGadEL#12QZ~r=e5Jb zJJ19k=C04wYPJN*?k{Oc4}Qk=+ySGy&sdvhHQgK8YZ1+O>y0`7#w}&+iRi_G{dm-P zE%d;mp7%exm+`-&1S$W`Ot5OkHE7KJIGz|(nTTKnpW1LDs>#Lh15!2>b*C;BCCKwa z==ILF-UrMPT;<9&CdMb@CX6zVXG?3nk59&LrFj*ok$MziK_?|+gb0QlXa8%+mC#cv zqai<{I~W*<+1moKa|y^QlW^@cY!Y12(EIWc@(<6>kQ5n}2s~FGoGuX+`))PE=Y_(o zHNzdPddixGUU+g5UyhqJF2R=*(Y&ZO`Zej556Dh~@wwcpO_|Ta-9dN;@kmQ4NAdd$ z5Qkj;fSE2;CfTRn|1{lMlO4H{`3%OkW*bH((!t-E)0{JlyWBi?wsIEfM|dfYjIBIl zPUiaLaP*vpYDA${{4*j%p~+BpKG4Wi*~De)_V0$AeIth=qem>n=j@00lHUW0Y=7Ol zox(&Knb^jwR5SuPnOT5j39XAgA=&)x35+^9H{BrldcmfSy+%HH?6FnjO;i_X;J~b` z+;4KLz?AncrG9I>%k#u|8>E*r2(glJvo$Mz2Q$dG6IfLP++lg3emxg!E7&0zs`@$-9N>xhFeVw-)2mf2j&oifbgqE}GPbl~B=)ts4eWRQ zJE36CLCaJ@PmKowdf%kprxhM2xLJ+H(G1E{p4x{Le{lk&*VH4Ckt3#`etz7@4G|LV zh&GyK^e3tV=eO)wOcoHQG{L}_%bPAS

    !kU*Fa3_Exo-%jYIq;`x&AV&jt7poI}Pw&O2{_)9g zEDD^Vp>Ov=9zU%y5c`qvlxLl}Tzc>-+abEs-dQen)32%%&D(iJ^+2klB9hG2dC|kl zfkSJ3%)t$*!z$R{2t4F{foB0x!Cr(J#G?Fp6Yt_zW(~Q-A%tuA{jxL52ehv z4@P4bK^GiR9SQgtjv=kf5v+JL3vkq`2zMUe!d^!)Ge#v{hp5ANGfkWR3 zt+3@v6MqyMz?7@u^a4^B^EG(vs!Nj%F>g*0#9VttWsc3a-g4SJUBW$gbvBlBh4aO` zR{E{beYR`O&3nR2l4o>Plje1wFqf}~1-`XN(;#@UpaA|jh=E)6HE9+om<04AUEM+t-JgRPFz^k}Nzn+O;sQ(1?qlO#)~{|s78dgNyMEX$ zP965_-#}7rs8xT4jVuTlNmTYMU#kglmA}MHd;Zh_?kxX>LicFA%7#LW+Of?l4-(WU zf?cT+n>3Z{wHWBe`=-V)hUT!Cvbn|QWYk8Rg50X&<~ZfaeSOkMJe}8XX&=`S`6K;# zb)Dimlc8iT*LHA1b6w*`kMqF-2>tYf-Bm*;SnngU`0|;TMIfz1aMg1?-p2pN@WJAO z%ec0`{!HQT*=XpA<{ntKKHkMgXJ2~6<*nC#i8F)^JV!ks~$39aB{m92p@#WRce?lO}jn0E1$6sxk{#p*xj!-TPF?sL5?omYRs@e%qr;`>n9wO9gk_ zR{KZ=NJ2cS;LW9#mwer1Oc6Xdw7w`9dmtP|+2eh1ZKF+18CI|`o_D@d z^)<)m*5tspK$WM0dwxov8&1Xi;;rF&xM3St$78?7} zrY11>LvPoyiOegm72+d9OSp7Y*Q(|zP{Nyxkq7=At1+^iIY zF1KHOj;MOnIZi;gOavl-DKB)2=$23ZM!7I3NLIqLi{q}s;}(fP-*Z~;V!JzR>3j%V zm_M*xqCDHp7EK3B_5*yz&2EYz9sweq$dCmw<`AKds0(ZT%xz6}ObH6O{MLIy0GSXU zaHl2Y>$4AKy$`@xvEu#ap@gxSh}R7d!e3HS0f333HA@qxIB7)AQOMBPhLke>P~^l? z%;3L>NlHE4r(ezKR_&ZA8Z|S~Q1zI#{)w8|H_P$TXum}z(EZe9nVuk!Tj94g^kyV( zW3R%+#O98v%-g2kC++pKOAqFlp>4oUFlr>`a$t2zXXk`u&n_!&eNLy01?yUstL`iM zR^nDoJN#-dSRx3Sb)(i@m{>DYG7~u@cAduxBD1DeZ|KpT0D$ay+XB~22rSmu0$H@k zV0931GGvR1jdI}t3QuX?0UHHt+_uFN&VJmwx zse%S1(LGA#j<$!>ar8rNCj18_xhb!|B&1Wby~SH<%R)opC`WHfs{;0tl*_o*v13Sv zL%UP`A{yh8D}(KLSamJvls=;ZbR7pEa#x{l$FwUy<`0i}kGFyFlYlTXfeNLsVon|JfvCuxkXnGh{sQ;XE* z$k&IWPNxfL*JN(T?oWK+B0d>$wvv5H^Uc9PFi@0&@;?w0V_?#>w_qz^h)Mzn2kkfc z*a{#VD)m?BK;k||S;hvGgezn?60+IxT7;A&F~PwekZ-jlzFszI%gmF*1m<)#hwI{%zG52{mHDFKAY$qmt&uBXS!X_!i56#~)*$Z1dWyDiruf!ip-3$Kp#f#|Re^C?JZkmhs%D2_f1|S`^ zV<>+t|DM-@s%;bJT*!9#0Y%v=;1wl$1O{JhT_hqWi9rOCTk59Ae?&kIv^PKPVIJ;G z-w$c3mDYWjspJUd#byFHfw>qR-Et7P=Q_oG2=W%P#Y})k=yC@L5!R1|IqE?1ZW@05 z7V!IVcgA8o^6791gh}Kr$DSa#pjYd|E!mE3aIcd>1sXe8J%?A1pI{K~p+J*phDk!G zRo?>>z@zWhe}G^wm0EDvLo|FqXMVSu!VdrM6PW($cwL2_(<8+LuCnLN7J1Km1odUb z-CuQ2TWc0aMg(_(m*C}%y%9%2J2L$f+Oi$e;9sOlVZ|6l%InVN0smqKtV*L;mycp}dbkno}Gw+5JTC)ZbnH2(f3b?IE&$1tv!N^tChr+C8ji zzK)%bOg+y60^@Epe9ufJB_-#l_HU5OZ<_}DF$Ql;4*~-1P%@eZT^vN69jbVRSrEeh zUty6ol7d9$IFF@hBW^9tTstQT6x(r1F)%dqpOHM;64$UuQ$%Ut z0(Gn-2#@df6v5Nq1gvx7CVpg|7Pd9{Q+z^y5GD+W#ZNjvGVrZf-I3>Om7rW*M$`!(ej^A1U3Goi4(C%kAAq`*{RI(z3~Ldh15GfIk55V z0HUbVYoa7EXD_JJ`^iQC0<7qYd;0_q7d{ETmV`mc^8gjOE{P1TN0Er%U6OXxd*%TR zI#e-%gB6~<4w*{ZPndVx)nLdgp~GMI--&cb>AWyW06U;q$yD>PY5_P`NVQpVWz>=w zp?1O-!Avd%%b+uAnvMlfQk)D71IgMFspIG447>1lkx`@gK{`oRa|3FfA}lAVDMCyZx6_XEdM{r*3`@(@n%(ezjen zOtuHvo_y_M8sagXYa1z;kZI!W=p&;}+dbH#&3u$vsW5!WwR7Q9V{kvTQ<3Bql_U8F z>$&O6rs_AMM)=SoFF{94_W@rO`1tujQtX&pL{h*}O8fH(Fs%$_FfF63O;yw!MFGSJ zk`KEdE&W{|g%gO#Y<2}P8Y(4vTj(j0fc0XNGewlC{;6bV3h%JDC zHx2rC0LRtosr^NEqJgp!Q<=Z)}L|Z)^xa zUUl>zWXcX70{Wxbp?{r5Hz=%AuL3xF$`PIWSkO9&ZWbuoT4@B*R5|h6g)c+vISws49RPf@ z(EdJJ74_&KKL=#gBt7$AJn`H`bfaUnOP{PX_#*1^H)SbBvdbL(-pLKcpy48|oY8Qzq;+y@+~`WJZLb^yBV@IkB`RyP&w zXm@PwW00kQNr8Z{Fr%8ow%myX8Xm8Nx++Kp{hN?Wxc3;)J=2E018OH+#KDJy_l3m@ zk*;Zb8*3Pt&ummJPfYh?3^yGvcuo!w-83{bx(?f{&HJpa73koA5sCg0pt@xiFqP-= zIzS+R4=DXP;-c=M4U`-aY~KZmUv<8lBzJt_n|CWens{-#VCV+xlVfpB5q=d&D7ci; z@&@8pH?O+-~w;>3Ap5l3$RN>urnB@AzLPcBRpYmK%C1%Zyd*q}zDQWs{E4vOGqI}*UKvhuS#rvIN;N|Iw5 zHGATM?&Y!oAps4CLZcsY(kaAJG`OzZby{q(y`~^1PYWaTC7yzdm1#B;M|!UNFHzcfVn^bVSCjNxaSS6+)g3VzXAU)1aWj*A2}u2hnq$A6!; zoPrT}_L5V#Qa_qf#Pi4Dd!C4>s6WbhX`eA0(j;HJpuzq%5~o?9lRDRh{EKL;Qg5PVY7xST!(=Ds_Cdy1m)I~M0-(Zu1P5BU{Vp8(}O@O$;hXjeSLb~Hy3cbE{fhY`5#38v$Uo}zh_$?f>tWA!;~UV!>;~d zeajb941Oo-eoS$BG{vBj&fTAoV}oK@e4rKl2-?CxwBzrrb)&jEJHKt$4!;Hxc3BEt zt7t?v>^_;c(D4gA-p`oc@4&DV4*BZ-eG&0;*3VZV;bvbhg-RY=93_0{H+*%AwYPlM zvm;fb(tf0hgeVsx+c5-4(CKc)4-`G3NK!s{@+WA%ofp{J^qLL`GBotB&;8-;9LAcH z)98)QFzJ?^z@B*#PyM?*bbFkyd~wOmzjXvQTvT+z{<)|3S}=Ch9AVxQzN=3|{st`M zvKs2PvG02StSa3Lg%9)NB>Nk^Uu)q8>TfXhLT{yLO;s3D8}gUeKb6In0b?-+W80xC zcl~#4G*qv~RMs4;TNVS1y3Lo}I$$U;sztTzdBNMQ}Bu{p#m zOqvLh{WT;+XsJN;xeeTURYpfF@Tp;H^uo0@7gC6Iutfr=lxB$J*+iZKAF>+3{qIq z#ge%zlR0@nW2t&FJ52NXkbag)#C{NP#V&6wOTit>g|>@`wScas-0##<%Iln$pT8#X zOXb)ZGg1PxfCDae*1~+YE>ZsA$T>ubU7;8_<~<;xC==XQ>e>o~?~+p09rh_UP1vCKs zSbS&(v)VebVa1W_2)I+#5fE;b5}D`CHi*zUg*mu4K;YZEg(wleJa@%tX$UKAeES&a zNg8wR@$vMq+rPdGFCsjc(AuTXVH074RsPLW0~Op(!&$d)?+PgI&b}2B6@8PJY=YPJ z>Wq5w3b%fHVGE*iP%2wp4?rvM{KE2`ay}(B3#B@MJ z^;N3uspxdkZ@p9pYpdos$Z60E)%09312@+sa&55c=tNgevY@c28<6{zMz{-sOS$Wn z9m*gy%@!)dd4-ww??C_AT<}z0Ogrk7u~KpSQ{HLFG2ahUX$^m3z~_KCBD=pf3CpR~ z2G)d~sdr!o$j+Sr>WYCNWc_n?csM)4}~Lmi#o2_$;6P$Qky5GOHQ46 z8foIN81%l_vFB(5f2(OKK4I1v3|^&KCJ0LW-rDA*1ZVbfHrHn(zkaT(X$o7Ma#XZ~ znu{Xt7J+KCYkeh;#V^2{>uyeGq&x<;j4Z0GGzacnO0sL@dhgGLUI$m1x9;*FPee=0 zx`+~ps#m?gX26^2DTMIT46e3+xIR>UB|mZVe5_+T<Qwq>r} ze$u*jm-KS90P^6-JAX#=hRMp1{P9$g!y8{84BTP&tCsF$8x~cAAhZo~{r#C0AiN24OC zftbO4Bz}NeU+hyc-vv2((b^M%_bVji^Rr~$G8qoC{fY8bI zZlDxLcI;&IWc@$r{*@*H2XWi%Q0w-GO6-RLytIp(YjboHv5@u4!0_CE$q)yk8vsG7 z%i~XN8Pnt))lLLjYd;zRgf`2I_6NhXsCCZnYzxd9b{zpDYj5MXNhr zp^TKfpWRs>_$9_sjiodM#aJj(o1rE=&xY21P=76tkKIWy&jCiAl+) zXgDkj%t}Owk=v<7H&eSM7Jiao1O!eDc>A&Q)bS40b*L!2r}3!~x7 z5%AJ;PeG-Ms(JUh1rJ9dU1@C@E{sdMgQ?sTIB>Pxk#_+>BV z;Zn}!cl&jG$j`1{Y9YsLeDp0%ucuiJ)Pqwm^!L`Hz8bRZIGJAauC zRHMGBO_H>mNf?)NvhV}SqSoUNdwt>Bl!NnTlj9wvOb_POraM)tocn0de;+7E?T=!s-j*-VyIiOm*gY zYUHnt+;LtudZE_ogIG9c(z%DzvO1~dmr#at0<^T6@5FM+*Gc-1HMA&>cq1rNP2|4Npw(L&+-^a?}d0dPUWS<6j>1hYM~EP(Qia-lymD zsw0}98lZ4U7c+6iwW_Cz-zvwMPExU zt2yH{@)3A-(^6G1PXZpbq@=;&8j?^t29W0?zy!>TjIaur(aep&AX`gmL2S(j$~aioyj+F70KH8#Y2nMsYE zAa>V<7f8$=3Sl0HXkb0D|7^k%?A@~@F1#Mc$Cr@~T>xF= zZvZr3sAwPeKhZNEGmqQ{>zhJOoZmpp36mVpzif0C)hG6JkdD(LBn|=qj38avQY>~@&(~O-L z&lB?U@|refjnAmD_q>nZaS>EMfK2Q2`U)e;-~{!eKWP3(H$Wn`B%NF;KkA$Dp~U4! z;2TD=e8A<>76*laR{*><)%vv8bB(LRB_)OnI_z@m$|3-2op7mNOvH}<$XQPEQr8)z zQv47pksLY(jF8Cr8aV5nMLKH{gimRF~rJHPJTDjdKU`I|tZd_SVZHdpZV z&1s)}l6?FzpZ9G$^d}#y*vRo&24Izl7?y8)Qtuic(f}UQ)cM#jajuZaYmDBWcndVm z`P_!gNp9HOIKVgDE1I!owu>u=1ap+iF*Ejv#jfGFjLIFiGQf7xBh$USwMpPC8y~q_ z$>4yV3mfHzo>o4z~ic$G-$Lhc|@CPeqWMdKts=tlr0`}_j>@`t4>6QPWt|De<;z^U@52)|$@lQ6!9@)fn6#92G zO;6H&^jZtzQO>aH+N4n{0gox7uP)PMJe_Mxpb6DnC_;H|5Z%xLuqFV3jeUTsa!aOt zIQ;D7=YZ3^$y&}VVqzKUhKn*iM3KfCF{-bBI&SAt_;lXOZ>$BcCzDS!q|$+E_^}nt zxG|uP_Y@miz3$1IXlk&I-p!(kiHW62^QHsLteu67_|Xl=js2j)hVMK|-gyf}a4hrq z1==X=s^-nqSSx){W)w@HKJ;H4FEHYE0a;lj*y<0TY6KX$}X`z zYW$of*cVm*-I>^|^vNjp2riF|UD2a{n@WDurqluagI+@ggq-rz2A-IIvhCe?41=;K z=Ma=5T5`JRG+KTg*r`rM8OY;}AnZ|TUBu1&NKrVQTn=_h-=4^sAsQ#YFU^U;9k~O^ zQ2Gk!wGMT=U*b}Qd$wM{XDD_u*n1+%KE%YUn6UJtuj@hzY<>G5e`?Ct23`+eJj}qY zb=cZT3G4!nDG-zrJ+U=PNFatnpgE_O19pC-A}jqJ!{V7WfyPSX`3?X&?*1&DXbCU% z6n@m}p$q@Zvv;;bqrnPA;7=RQF?*CHItBjV_v}USxeBhY=)on)3I$mS3HLF){dch6 z$rR-stk~av^K18^3XwD}Di9V_>{lK%3|Aj1mbD|$rg$YaGg`=s1OzEap)Dft&s$~h5>j*8w;FZfZ)8KC1KJ6q2yF-S4Fg6+i_`;J zF_iD#gBWlrv{z~NJ~QhD4}v0(Qt{50tr2b=Ec+Vv3RTKANT zN4V^x)YF$cE?(U2CHZikIo@mJr-ndyj%(!xNlO(xc4rkdIRC-M8HiCCFma5W8(msP zo1VSkDg1bWa%{c}YNj<2CzgdQ$a>Po)Q5a?S4w}^#=I5IJy#q#e=cEmu1u?x{qQ#AIi)#!I0FOl4~MnznGFBodb+(Hc?d zY{9wV5Q#SN=iVX5kqmMH;#KH8032RN>f4mT}mJBRjq9GZN+h z2z1pVrMTAKdYil9$PO_hq>E&KXP-*&@W^CU$7aqm!B)3O3|7&WtEO8Z8z$7Y;T|-N zFJy^8pd5W?1JixsmzTc?96iRquOxtbG!X|9ILKpMJcg9Z?p z)3!$}jK>o!1N}>_M!RUq=}VfrOwFZjDt!|BTW><>L_u7a@zT&dvuJFUu!+STElGGMXwWZ%>$8sU)**K7QC+%W9=^&A77`Y|v=vJTT=0bY^gT~Ln)zYZJ@7j@!0Wkz*)u!41AkKPR-W zcnhr`G3Cd3+ER=SzxPpnqpv|@cEmT%OUiRfElJ%C0Rc@QtT3kyMh*@<@ll%+K-VbzIkJ&|3oUL ztMH`wvWx&4@70-or(xrDthb%=%D~j`F*pD?Q?~HdV2JY%m82K2BA`QcpzpOI{+$~m ztkk}*?f&23J|KR1RCw-7t9-~vMX&GqdS@AXe1vvyM(PfIz|p2O)m;8>B&0;C(YTe` zS4>a(t0r)jC1Yl8PP=LP3oeMWIH;+)M|ghnbP-DFeBCAcY1m@Vq-oDSfiS^M5e=&h V%Q37BX&ZQ)H9u!o^0!;e{{f1NA8Y^s literal 0 HcmV?d00001 diff --git a/assets/images-for-sdk-next/learn/advanced/baseapp_state-processproposal.png b/assets/images-for-sdk-next/learn/advanced/baseapp_state-processproposal.png new file mode 100644 index 0000000000000000000000000000000000000000..fb6012378dd580b0ced3ed6809288d9d312a2e96 GIT binary patch literal 248588 zcmYhjN6!4pvn6(00tBIf?ga>%{(%;RcR_E4G)3<{Ie8#i^tR~99cU4nXaU-WX4;2# zq2%vA0m4^b85Wr&Gb1BToH$wkn`Maq%af6e{Y{?8?LhHi@*Mba{s*h7XsDOy8R2~ z|AipwJpcV|(rQVE_3yFRz$WnhFnyb{DZc;ggFp!SZxH-%DCEJ|zfcAy!4pRPjUagP z&;DsujQ`Of{x<{~_-}feH{&*~^}kRSe3r+p=)o)444zFFJVoFihW;JK|DF6_z*}aX z`ywndwE@>4;3)YwN`TG(O_e-d`xnB2_kGh9;6*I*Zh8;l>SY?h76FFnzoGXJY;@By zU7G)26Yu>LTUz~dFD=?iD?JIw?njCFZ%Qe0>gjIn^889F|R4K_-2mmgMH022}L;wm*V4c~^}|J@a>puxer!w!`o z+}9H7oVa{9fPe6a$ey>hmZnVbfh6B6Il7i9`2w6!cv4=VojfdXvV!bR!G|QIjgZt) z=xoh|1_!a;X=0O{k2~)jjK9q%bL3!B9C(NOvNsI)Dr zHAaHnKo_$PPBV}RdMk3iLi`l*tJX8cx&uF$QQ4x(T*j2BntAqr(VyDhVP?YDCk ztLNKjU>JIUPG<3s4=#D!!|!{$PkDxL+=Z97`H9(>n*&bwo>KOZ50)@Na9xmgxvNgN z%|R16;$_)Bo>jNI4-p}!LrTp0`-lNGT;glbiD=9305Lt1f)gCLZtrKf%J=lUhzLeq zvG%r)&Z!ursR2%{i+APYfg@}J32KXhlk z&cKA*$^)-=UyrzKEfgx2;t|V1xn2JHj>yhChT8XTm3$_1m=Q3`*^T)2Lna2Ig+J@1 z517#@C>@)qS^jW0yD@d42R_!lXFkc@%e6iVn43^&Qkr4Eh+B!tgU>&% zO5rQa{9Z5b(EKuKaU)QZH$}8i=9gtcN``;EuC+eLcXj!rQF(r*udw@2HL7>%kYN}x z2sJNpOhPcWZ0_!{qQ7o)8lNdsU zn?3Vsa@XVpX}^vI-d|A5N|h`yZ&`}1PBA=_3qhLwo|^s>@FtZ>R}QiJbxs({<>(bo zT<-nek;Er%vP5_)i$QnJN9Gm#bycV&{nmmadnY5`8C;Xx7$EnsS7Y%-oHZ&su1y!C ztkEO)1IWB8RfCi?_bdo!;&|lH@8?&zRcRvPig6#z629yQr7~1|oh0_oe#-HYIE}eO zvg&>bH=)SCYciNvw)62b-7aC0E*ZFMYLaAjRX%*0*MppQJsVI3ZdQ4yYqi2K+ooqh zeaVV6<18?4u>x<_Onifn1-Ed@4Vj7z40qu3qKvf9}vDh5`HI-1Hb@`GK8tJuCWT>N|vV z^Np$g=_Oq7<-SLFtk8}!16`*k^|`?HdYP>C{HfBz3@!U!_x(8#!w&+`NRWq#D+~%s zD0yl;N6!04=tEB&bCP;8x9qM78{COnzxYSX(;f>xAsc+FJ|@;;^jgn7H}WYgkNM^|wh{P5NO{XDo2_v2u6*kW*;^D76nBTWB^nq9-dWszFie%GWG;)8 zr04Tm2Uxff6_vIW2JJz3UazePMXa@Pk$w97hhkSJu1HP!g?ZXwa>3q8n*rG$9 zejf}UGs}gKrg<0*E}D*L>_=*yNZNN$DVsHvCL`qrdsaG=BB(Zs-h9ez`B@A*D%fG| z7U){Zd{vpp<9WLbXEmr=9fHGkF)}+?YaKu-5bz-tX^htyed$U5oz{%-DsyxLJ54c~ z%TzR;bR_27!1Cs(6h-^S915U)Hlu6mb`Qa^D@5*>pQS2lzv(kl4cyH)%mp(62)$G+ zvV7iRp^s3phLch8A`vnRvW}{r>kgC-5|u3NatMBaD|=CqfS)8oYL~QD*-!_chrYoH z#~2JVJK3-`=G%J9hhl)wt!bF6TYQu&UnIDOy9kUVtFjKn1=A=}Sq0p?R8_ut;K1t$ zlpOF2>Fe=H5uLowgZUUO>#Aj4)3kA<)voa^x|9%WY`-{{y>}jd`v(^ctFaZGG;^Ye zr+OLRUelY^(-SyOfBCM~^pRRxsz^1F!8!j#VIb_!VQP$mDICm+_j_q0U0Rc+hSn!s z$28(`pM^uS|6{|y4{-PZ=)j<9hv^%q8%==^3-O}Cj6bf9gHxjQNRWoSI3n8kFwYXl zJ|8kS&?I9gW)J3XmrktXc8^zID{Jn>8IY4%EJ7plJdxH=3huc1`MwDqREOO0par%D z`u4{rNttXA6!1BF@N32g+9%H+#jwQ)>D_;;&^q zZqq=btJ}RmN>s@YO!4bbjcI^mW;Hl^-R6iGzi9PZHP=o3U~^8%GH^32x{U+t2wu37 zTQ3(LJFpnht#=dR$d}Vz*S>+>{F>?qzjDKMle@qneKXpb!gAm5J-G!_C-e@@k~-?P zJi3Q;O`j%AvyUfpQr#bADA=-#-+h}>-4FaCwj*Pc03x8OcVz6@?-J;SXkP`YeU|HKkNk@M*f0j(2V+WQ|&b^Vpk&u5tBtgDl8k3k5c z9fs4EiuekFe%L2@e!Ulthj7tymE8AU&7aY}-uL50h9f~nR0MlM!OT;caNjNrt zy1i$s_v(`GSi#QtxmU4pa&J^6NQmF!P+Zdqvv-2mtglc#`RW`(7)?E@~r{BHk#7 z!{7UM;%dW{Ki6V@180$K$fQ25NiI0#=&?wPob+JAT9qc(+7$%c!4nqVz2h4rJv^|;mAgIy;M&R7=w z`;j(CVrOl@lV3d(xbE3*@(o&q6yJWy2AtI6FP01tvOYAc6NzJb5eKo>9Z<@=1^_r= zQHr!1gGpZ*3N5D0Gu+jZy_S3niz$VF}P|Or)Jrc4$)VY1U7F82z)T zXxpgZ7(Z}ky@p>XGl{WL%DMI|wecp~F~XrUpyq6}`Q5ww^=E-GMXih`i@DN_dPBK+ zx^<3eeK8W83J@1to8QQ<#K;B>wlMB)-!`g{QE<`*A>cVHZX)H&ck)QEY41HN=V54O zKKxm>nT~0!?DQ1G7dKjDMOlUPtO%7)jc>{&4G$3|1M`w%+mfZ16B zj_TXzr*GEDc5b&YyXzAFnJuQUd`ZuD7qk_Z0Gyjv$Pbg-(t)sFvDwv4Y1&>BTs2+a zP{?&lqK}T5@hlYoawx+KMlK?!n(W{%A zb&=lQ`TFubp63EA!-`ziU!PBqcjB&N(;X^~0w$#bOMhZj>!uea7}w8XgzIS7pIEn= z2S`4NgF%Wd>`CB<4dvJ=1^gtxytmwT6!%EFP92O?u^i&L{Es)pDOSu=BLReaY#s92 zf&TqWJ%dOXv}4Y4*NF~5GW4#GA#j+@MU++o?m;NIYJztn7qLPk-`R#bEJ$LdQS096 z>iJgrJ9IG&Z0GalXUm$l>0uC)8z&bcc@L6iQ6gVtF8?g_tPE5S?m-EjItn1D>6e{ zKAR@{@H=^Id*4I>ze;AO>&>T9kAYgX*lu;6da7BjQm**YdVf7IKFjS-PdPHO>~7GT zv8*hA{eqb%o9l?CP+lWfIDbjIOc=2<06+luZJ@5knn(B?T*!sfG-!_gJ5b;$xE&?G zx*NF;dQsuchBcaEWniv3~@)O%kU{ z6{>O$z4%@Y?Mkb~-XJZ}thIHlj=?ThD5ZnekA3gP$Y>fQB1?RpqOD1^@#8iImHBwz z$FxT7U56)K=s~@{*Un#%sf#FPQn$T__XY>VTw}uzp{-vt zqOTkJyx6wSU4`R6W^73!xsqrIa7FH1 zJDP?~Oy8RM=V9X)f@X@!*#OKMI0hXN<$7WMJ$9a+_Kmu&8ly5x)HNTgiBT^_ z=Y$)Eie!v^#l3U^`&tWtVq>YqI@FVDpsfh1q8p+J1$a$A9e}c+&b+Q17oNZ;VB#c6 zJP{v62FbGU?WBcZ`Ozm)vWSjmB%Mwc`izJM%a|orX%~>b2l(>o&W~x>4oum}aado@ z8R{>~H%{{P1$hE-NPzY+XucV|d23UCzTP4~1|7diinW8}T|?Ioh;|Y4ympyu;S({i zsfQBP8y9IL`g18hk#)Mjr(=nv9NzZ9xFEFXrMHR>c%VB!9xMHEr@otU1FR>Mi$cow zkwMWIk5U)a=R3Dyk=2BBuv_S?wCMpNjB@QGM2VUkRoC5bC?J9L9Ps-&smH^#aCtNBR}12B9f zFQk`zipgWgzFhciuyG?!SM38TOVUeOi0twS^(wU~IoOIf|Jw+12`>B*_~)DlAF-1( z>rK7-QuMxVZxb@Z^92*va+%>RtSG7Epz9bgm# z#)Y0|kcY35O!~gO>>6p+O?BcIa ztjFY|lyL$lT69Y)V3UTCnJS5B#0>prb)6*Op}JC8B}>!O_*s>PJmfh1Q+fn^CM zbaD+_pi+hEZSy#%w6-M8LJU%Mk~vSE`0>xdg27CR&n7!xvO{oE&ZNPr^af>!`^$DfW!_S;e?u2_OXI21-K!uo`(s09Ph=#Gi{S?akhCR-~;JH=6fQ zXJ}Ps((Jgy)?Oy%Cii0GK5F5|LYW`1F$*Ud`XEDEE|^hBOfclRG15= z4x{72!oA}kfMtu0T4UVpYEf(l zI1B4BCH2c|9Bm`xf($|=!E%k{*tmb}>FhDYE<)|Q$_DzmBoLl{K{vWd*XMljfCLXzF-9D9rsEbd=W_-Rv@lAaUe>q+BY0O7e0*j@R7;-!tgZkl)}8Z zz223=8}SX~UVwJ}e$Ym(qrFwWfYS^W4w|*~;SKV06mM!ryP!-yc=-WqfC-iUBnQmJ z`i6bsy0tLn=>*RiZ5`UkcE6ICz<3<%9t~QibOCA7w3-kynbCHJQu!7-*g?*oqF;0` zzp`flMHFFJxlW0tEGq>67`v4Uel$s(p{I4@C4A6Ruts3;H?T)R*3wc0Vg4w~tkjUf zEhQn|K9#Qis1yZJ@B#a*&-d}Rgtr&(4&NT4*$|2>Z@*;E zmTR3Q`$JdlQMS!a1RNpvp~mi~|Ac%2*aZ|hX1HN`Y#HVS*O21=;za2q^I= z2H^vM%hEx$L4SlVo)Zk9r)4bEcwf5LdLM^#O~?h?o()1YJuU=ERxNK8xw(-p&2mVS zdQxC%T$Dkf8)PRY#`XeQZ7WB9l>ykE^6Mzx1&;#`n`9>|0;J7v09-0Z!2p97%ZL?F z@&X&sQ>%hqFbo&jTXTKW;aJJ}Zk)fIVu-Ux5ku&p@@PtLoUcRAK1RZ3EY7-^4Q;kK z4_8Ji<%{fRmO4L+Z|MC_V?jYscQ7Yo-6+5^(?R9D6pC<_+&>01KkA3LD@XNOLQEs-1{;f zJbsS&b(lw;tDArHpIQs*`r}YpUF5Lf&0Tu@1enm-Z9B?%?yXpvFT|X+O5JoTbXQ4cH#P#5c;3 zT(aRI>J0J$`i7ihpi9QXB)HI4n|KfqQfXi8eXZBxk zu!$|h0U^-v4%-6NgoqMLLmY^1INL0;CK20wrcY0f>NDOPZ_%FR3Om!ub^!#kP$o*o zeQ8tJmpZ?WGVCT4s43znLn)oMKK|D*aNy`qSlzMLFpN^G6hNv+=C5ajZgh^kuA59%cG=sbv0(3`150uG# z*0r~cO@hfg@D@bV%rQpHgd*EuQ@t0mBFLa`?ppAoK`p+O)8gP+m3PbPuYK4XSBnNf z0EBj{*;;0*rvyKRIfpe^8&pRnI+9ze;rK&+$JAhu=Am{1-)The?EC1z85HV7m)iF? zN~^|OwS}*gzq&es$ztk?Ufa|o$-IS9=l4IAbwaXUUCtN%U`u9$Jk7hjtB4cgxGe;8 zJNPxkcLW>`jhdtmF8Ri^c%_s!w-OK^0WuSSz;rpV6$3g<8K^J_L`5@212`gx&JSP~ zS;Za+C^kU0@B!LfO#oADWlD%gkm3-D2V1#`-TR>xgBC%}5Y|O2(6oW|G5BN`M za3KF(Vg?wsfX3|2T4>j6($>_Nt_dq%_|S2A53s%^;+1 zS?#S_@^=QcFT9W}8LmeDtmKF;$UKV8p1siAwOIn_2Et`yp@h>*Zm$E|BY) zbU7t*(@8jlM2LQ_+nEsQYtRIR>D)ez;+IA(rJ=7or{^$sL*T-+I5kKVM(;>r;wc)@ zjK(&>4EobU!;hOvf!!Ih(qzmfe(JONG=6SHR6GgEOROMH;&aQDesk{{ZfhBF;gtch zS^Fh$H)Td;O)?>yy=V-Q`V4@Cx|-BnNjBiP@g=G;nGz(z<&&?ht<6X;uI5^NU~Izg zdI6rq@V_{@Bz>qZfRU%)bt6+c-VA9fe28H zqolpO;erVY--rZcJhT0%^7`!b3-=0Nn^&AyKDQ(-gRF0vJFg#r%LIU}PL{tY7yroe z(xogr^+qgFn-hy)DWjivW{8TnL0%8yA2hz6N1czNXVo{Rldn0y_oz6B zOr68FY;LAmV`aOaD9~%?-Ae#EZrkq8$Sq%h1l;uIdU&;D7ma&_qi#U^G#Eu*yxnNS zq`KKI5mr)LQml*9k3hi3K~bk%fE8ej0NypIH2NBV|&zrIw{BA6qH=N02N+6H1)N zTnSl$jsy&s@QV<0Dz3Wqb=yFJe$`8jBZ>{l!>q1v0FmIThl}ks8Ycb0vV8I`Be4-` zRXaQb@X4@PA>KA>GR0YfK@(=Zh(KmH!-*JNh<1e1t&BEw)DpCrYC{P?;;5I4i6&PK zh!xiJVzJCIXKGt{#>(FhD5XI&x43?mw)f9tL0Q19gB-xv``?>mQn2yCxn&7n#C5>E z?{0$vE!PLqb<{f8tI&<+(n`0ZPep?$a-3t`X2wk1Nt9>fXS3!;)TpguCU`<#TMbbY z2a0{b3RSul!vqjhEaXzksvFZA&{0k$FZO_G4PMX6wuT9%Z(MJEL6sRDXuSRuF>(JI z*&tY|@V&8=U7p_pXsTOy=Yb+(Gj~l+HAoQPQm2zT0Gd#2oYHP+TXpCuAT=1AB|I}#RD?qSo<&?1jGsrD#m;*)W8r}1?a(lE5}3|9Tle!LOj@LVhE_IHBn~N zsK+Q{7OCE%EPVt=UHW`*TZ}Y&wlNKqvb28M4IGr9ML&vnJf)>CgjeQSPQwr$4gHk| z&g4{HJDA>+7^lFfmPBk_6*&@|N*d%u|EVs&RIXA+W19Ew4%WZ8dLAya@YpZ%Rvxq* zBoZf3b5G#$Ugy)*wA!!BJ~_7!&<0gI!QdB1=%+_8=mlEgvWZV z*OI9+fJ5OUpMYNh7x3ibZpWy8#t?ep=-EjHdR_E4i{Tm!)52W7Jtu-5P7D%o+I!7k z0cc5eR{Z{cQg+B;QDlf?9_dUDowANIsF4T@bV!#(6e(OX35<~HClw3G0}2H7j#DY# zf0*g3k`vX%>Z;>Uf#Lpvx8Du)FF+^_TA2GDmqs)0JAVUsfT(zVG)T?vqVPKUN{(#P zRTGGg`rvi3jcYvzJP%;}gtD;@@B+3*IQ6;}VpoU<#st20HWQsTOBHY;1L7$^NE8NX zEy#*~bgnY6=h~;nEV>hFFaWhJ4EccgLnGkAE5_9ui#Z+*cyCtvoeL9c;&durLi==( zKJMr~E^C(C_$Gco$V?4{;cp7=AnOZwnyLtb8jf_Z4lM}UMP0iS>^DjMmvTKb+eyYp zAdLMXum&Lc8)XB+&J~vslJ56*s%FmnNU=&ECh0qQtTz>^Db&`#5iCG#&;JZ@Wb@$L ze>lqfdTIN!0q-a51;nEnkaQ$x%r(?xv~vzNXKtqOK$pWx0_J}Mscqoz+=h?}gEbB{ zt^K@bJ$$-LwSFjU8j7|1yi(^k0tI;s^auBzFgz<^W*VAvYHztpm_q!_6AF_);e3rfP7EIuWClEoV15hMO&I`n zMrj&b=<=clCPY%+DV1+^hMzt-QpUJgWwG)po~1YAk0THZ1vGdagn&12Ol=Tgux;-8 zU|Rt6tfVxV=oq&bM3cYyQvwZECw^7nYgodhHA1Vm7ezkV?~1G#C`Q&(29dG-d>HH_ z$8s{9nUH?oG5mG1-kS`@ek)P|tonK{*$JsN0cDWyfR~AudBj)i zQciiICFr5>Y~=SZdW4z!rNP3Sv1d380a@0;e=G?URNj?Ff-ONUngV6L?78!GQ|V?L?dmBs>zBLu}By0baEVPOk3obK9uLXWlB96~-&(%{C@N ziE1vtE*8ks<59%NAJ7!iLL|^1sCNcnexMo+p1`8LosFe1WIskN6aX7Zd*f*jO#_A+ z!~QVVLfH{u{oPDIkR7o+E5(vTIY=1@KpjoS_rn9ZD5kwp#@g*h4LnWDuuo~B+zC|F zk3L%1r}+_6Ssi_R`Li=tpf1ZcoXquJyGoek;lY(K~tXu=1Fo6*JF45CN;CDhP<;g217@;l~R_U&V{czOkCbfEBY@Ab~s(_9DR2X8pq~ zrK17|1%xU1YAOLMWtY}Xo~)C|HLIwmlb~kVS|G--9H-{fpSAZ}K~^W2SRO4wU5_ z@_?%Y`Jdi`1s%5C{7BxQWH&{N43OKcI4pSraQ~g0y#2by%95A{#pFT%t>g8SY*vLP-^gh`qauM2BcETN4v`#gUqYpIl%6CKd1^IYqTL6Uu1}*|TSdzH;8pw4rs_z4k<43$M zfy}=E@)`5~MjMbbX6%Y+@k9eDmJMLwd)Psi(2p*^-QfOh+=fXiZ6mjaQ` z7En4k;4BR}{l1xG#+$5FNyRyB3I|qq`Tzzh9L7OdyH5(>%6Z%Aj1l?_F;B;QXt{*4 zjBaU`A@s;#wMnxsyM_v!6wI`Seb4azz~v3rL?BWag&_^fSXu4*A5AY3Wx4H)+G13R z<1Bw;=tsfKfp)I%@KYh39zs}0L1CnFxR!b^K6uRy@E9~Ks5Mx(Bf~&s;R~BaqEk`G z&pCQHH9Th~of82_Y2Z!SN!B?Wup`p|rJB5PW`SfT1iYMZ*O0CN;~hEgSHGmYV8)b; zRzPOFb?zhq84engey%v_<{0^~58f?d!g6;&t2OX-mV1FY1DTE7tJND!1(YY0VDK1$ zSk>c>j5lzrcf|z79SkGP8%91s!vX>=TMLZL@i4oB3C4=1?yzHrMkhyegJfc!0c0sv z?C)}>Gs-@M$We&oOILpJxV`ysesw0J@+&27dyO2@ z26hB<#Quz-G}jiJys5R0?+@XvQ_Yvt@Aamj$Q?wo3`Ozx>41X6q)Qu&2@CbNIS zT_yxNE+&w8bLGeC2M6y!b!eOApPDtBMtMLm&_ShCtBCy-xcV4=vpYZpM^KHPMIs5y zrQUiVTm$PA=z(-`3%vO*z^w{9Ee1$RJ{p&RRUKDU89;`Q&Gn1A%=x*1`1qk$+srQF z)3$sjdvMKk);xdd_0vUE??W6Y{%Xv`VhhAmcG$drI{ASFkL4YycAot0cF>#x5WSUM zCkK`}!oQ5zANvd|NviD>T}AV?gDrTc45&wM0T7M48`va*PGd3V#UyaWuQVT3AYrLd zu#V6c;RZ|tiZ|k925ZCKl$d%v9Ia2L1BFFYN*K+TmUfU(5PoqO#r(43w|pqrG;H>% zShIN)QxOUL2e-cx2i9nSHJ-ObE{S72A+KQ+i-r$0zp4KMXY?-sm2z+%0RkoT{VcN( zyay$1>cM3Svjb7*zi08a9@rZZdDNIYUcnlS#A;U?slGe2gO!WSlqx5UL`AKCM+6># z($G+!Cz(gEexUY$M{!h|l&doodsqvK?#vT|TQi&<_tmJ+qF@w-{WMqm;k2_|B05EY zOy}feh1fdniyR>Vl8F^8JO)<>j@%K_f5$^}TTM0uv3r)xs9?ryJaj66^<-Wex zdZu)_?;>GrWg&-b;od+Xa|_2u=tL@k(j+V`wN&VfC_dkbX&Ym%;~_{z`0%qvk}Xh~ z*z=ye<&JYzCBbE6w6;l5hX=ojRHUgm^7ounm_0t|1EoF08Jvl(-<%QoO(X(zYNWRWl7*j z@VM<%+@lnyukDS#Ov5N%4xj2IC(L7GUj$dM8J6G|4F0;{ng&2wuvv+TmBMb}9E=Z` zl)r+PzhmV z&NX^sX9mcb!4wNIo1J^J(%{tgQ({uPjtRT@kUOo?E^6fT(v*Imf%r&I(Tv!Ob~DNO zC6H}IqJ!%Zx!aMNOoDQ!0x|kG@10{%M&vn>3`s{8R^iBePBqTJZ7nVQb z!Bm#L(+~&1jewR@nKP}{&p?|8fi=ox@_YNp2Rg*I)e=5PvyUG5Ey{!BZSSSqZ^IsH5U`cMpayE? zV=;s_%8aVmueJ)mP7yGO5SW$`{*o`*$M_wy7RPydxAMAYgSuL$!fZisfd5)QT!Q(TeI8U%?*~>`CvD+1 zgiBSe^nvjPH@rVEmVrewHk_n zI5O+}mgvNhW5Yl7A#jbOam-dROK+ShGjPMKxDCOF5}vZg&23ftB;+v3=At)pkL_bS zBD^1h{185l0|GZca}o%->-(#Usgdl9h)iIyk0$NNn*-Gc?QG|$|CH`2zaUesYWbn@ z?_HqvRG)f>Zint;`i)Ur_RZ`X{JMyeKz=n^?_f;9P%cq<;ty&CLv@oVeLT>2p@ZK( zi7m;0z#Ih2qKi1|4M#dFb^7)DeG*oo>7V!Kas*T@@*n<8Yo|4T3adh`kYiuEz*7p9 zCbQtz94P)|Lem8S13C~2{C-8suzvJ~K@epnY^x!u$#Qi8!_4~p#NGAwEr>mnn`(u= z-{PeA!2}SyL2YD$ED(ZXRP1P8Z8M@)EsH94aS{51LIxZw^C0uPUm~RO_ydw#sUe1w zBhg&qNj5EiX$-0%S4Pr2_>Gg9TdQwMj;P@bd7%72`XkIindY#b(F(IYjydi(sQ{W^ z20vVo2!kh=V0GW;(o;<7A}9=aquh)ZwFY#1R9dB?h5`it2kQU;+zcdYlKS3>kU^;Vb@Kr-O#oK_AHvxKNg^ zz`~n)o?IIg=}B0{Y7`!biNmmz^yB^lwOXT;IA+&N9sIIMwI-k+620udr9DYocy|pB zUuLcYl@J7I5caEd?tu45jug3ugb*wqo)Lou|FYT`u@9lb7I|E{;TK5-^%k#5F(bgI zdg%{rHY^?}8GRA_as!EtAjJ`wH5FAR-<9m~EK;v%g*S8M|0U_Vwj4!b=r57OBba0| zCi7-Y4km-)>qqpQ(>vSkfH72+RMHJ^Ao7Y-38!|CeL$n%A#XqA&$W{1>h9zik~68w z57h?5Sn>m&6-RyF1u{4$y<1Ha>iyTidK&u4Bl&w3OgQJTs;%#BZC}DCuMmg8>y|4* zA(itH=iERzds?w5ajW$1WIy3~+~KzReU}jLv(KLz5I|7_r!Ma4@TnWOaE0$j#FFP7 zUOyi4vFC8nQ`+Y1C&B+1ykn^=Q3h{qenO$Y@nXSN#kg?1!rmN9rfag}(2T8+3h2?^ zNF4OTg@z*T$eVi{4)VUiQ17BfMLjRQ`;~0+H z*_B@6Z=pI~sg|htQO}(E6xH@(!>@0e6_ikT1h@8kG6l`fWY4exyxnA*gmApa%OisN zJN(={ELb(WuR8pA^_@4eA^yu>VX~P>t0E&)gm3ewoaq8rO~BcJ&nKIBlm-5mI`3J5 z?elIy?=x;VQ#h~py`!c4P?`#h?fOB60`JYD2N?iG>K&->zBUvHMe9UNt?E4SU(QlLgZuX=g+ACqs?zbIDnFgWjNUY z*MeX8JEu+%PGbI=a%dd<9?|TZ=M%#na_o1I=#e)Q58~nlv0utZBAI!0;2BN|$M)5* zY4a3ai*Q^nT;eDT5G9R9jWtGv1*nGtRJHC{{8y!b0FtH=HcL?a`fxKSFiaKmZ0cb8 zyzOFLGrn_(QlJ5KC}Jz#I{Wh*nvbO_3vBav)c@4DYAPxJ1kkc59}z6wym6EOwy3lL zCW3cBM)5GL=qcWt;?QveDnEw_qwew59%2%0e-QnX*{U$b-xxA#v(_& z6?LS@RbbBp6bIbHYIfcRrsxW^y0-5fE8u2QwsYdWY1p%C#w;D~M?9dWNnP{ZK?CSEFi`OF^` zG^y^$Piglu%l<0&OFx3(u)HBHisT+hAzfr)%+oBeWE^nYjx9LwP}M&|!X`}S z&h(WOFDDWYXl>r9VMesP-&k;V{0IK)gF$~3Yt9uYlzc)#`UR^x_$3!5d29bxmh~>b zxv8vD4FNjlkZ#5~Kxg0kOOz#JX1h-@1OmoW0T2}1&>K#T_>4%n{k>$4pW=7oD-BIQ z;-nicJcFBjZ;A}HxR%BaNKd(_xsYZl5+0Bs@XTxvkhw_gR^9o6bpa$J2z&$d5-R-8 z$?xmSo<@F`VMq9Vr5_Jzdj;G5rC9q#HuhcZl=i`M;gPb2Qf5N3pFH%AljlF2aY`l> zNbNhyMSHgWaP~%hNb&wx+gt_HAO7#3B?`EAG(2@jG3B0mK;s1^s^^%e2d~}in-4_}Tne;0my@?8V=Z7t^p&@?IIIQK>n)Dbm{-xe=dZoGvA`y~Ji=32@LTD`mL<2ggpyKE#0I7yF2f@>*s$SEn`cfmJgQM=jl{Jr&LY(E1=XIq+W%VG7zMyTh1Ir()fE}F3Njs|@-U+xkvTz`YJ!yubaxZdJ z%o_ism0)vqKf@pUYAjDj!J#pY!ZO@xFmZiaTLsEx4}FHekOMdh*X#vJ8xQz2NkL0v9C4 z($6;KT^&W9>+{~k#kM5yY&?K4(oQc(SxPv24|m>yC-XbJ)NkC%$k*}}MR}zmTH(aB zoAnmM3x4@jICJn^2yX5%c%S4NCB2NnU-^R9TSe+(`&fS?=1?aop`t*iux9Zgkm&gj zscHUhk;W8ZXMUG5YNNXzy~zwwR$hyr7g5(%Umj!tc(f=W^elHn6#;I0VQ{2s#<0y- z)4%|1SPJDejsb|jj-K!duts${bTIkzjm!}S>lV#-9z5>d$qUf$oJ>@$2v#>3S+obL z0E1Eh*iURgr|&}guYx7;T=`cjzonIU5%lFSS;KS%lJX~xKB#>qh@XTiCn%;uJ!iOt z1z4AF&CZru!=W`SI`^Vj!9I5@cKD6h_W`-Dy4@5sV6x)&)yYqodG}2RSa9oZ&07WX%mgnhm_*b0;@5vi?e|)Sl&+a`XMyUg(-MldzU&TnQu`p2 z7F{4hOR&e3B<@v$?n9UKn{77VGh)KmeKe*{7IjZkISP-VANsNsWA^IoU>As;AYZA3 z_w~M0MWm>f6#DTq%9I)|nIv_r@4F!G1!p>9p#C+onK zu$IUI5S1~c9U7$*f}a9$Cv9B1^zQ?bv0Jba(2<-X-_l;4Z3&%VTc zDd(b)7=Qx{R1GSsAgM5irtS(bv)XMaQV`GB-sYWGP&fd`lFE4%Z(*2(R4OhJ5Phv{ zbvpOp^7Dzt(B1{6BBun8k3P>TfX0iCd4u@d_vk>q7A_C$M&MW~(iXMwLH6+8pCw3b zPkkfbA*H|@Rseji{4!;h_)z^AE+}wUHM{E{<9UoX zF7#d^g)n(Ud&0*0ow1d_q2BL{YH2Py^Pj7%V*hnzQ?nNlC%72AgF%jrGAaQYrvrty z%7emJ!@aYRCp?SiMN!H26TR;d{K%lxN_0ueK7}Tp09_}2(8)ERl=+02#uITvClnI# z(YXDLka+*@t?`e(M?4#Npw9yHj?X_0WJmNX9JKybU7GpyYX*b|jdO;L?e%z6w(NZx zBmw4f=#Sro9d~6k;ULfs?RhSN-tQ(*;uACq=zi@pQuCn%a(O1a!tm*jwHd1Q{F0Ab z$XLR|o3kRdi1Tr-Wq_SEylg#}bSZQY&9L9!o*fVVD4LvLwamnli;dO~qtlo5q!s!i zGAQF>R5rVeBXC>&au4nh0LBhSy}zI0hsv672iyQyGP#EcM3g%bf}bN331~L^))^JF z-oN{7tTV}v2fyG#)nHSF!pQY++zTnKVfWzN$Yrdo5Bo!L)@%2$){cfViY018rpSJU z0{bJ2At?CdbN_Q19D6JhnPA_gGBH4Ah=tW{2~ zAptQ-Sr60W-pgjDv1{$Ob{S~J0Q~%M zc)zp4{KbPJ@F%brCR)1I>sr>96|4|wEm_HnIWL8yf7g)n!mJA*HQ>(PHa+zFI-lgY zxHB9T-3v+hW9U>(~Q zP-JaXB^L?v-T&dzJbxd8Y;n!jDBjK`6xY`%fTaprC3jd{WQx)f6^-pd6 zzitc@cpB_>B%cFpzVasTWcC1^&Jp&OiKv*z%LZl~KJvnvQv9>@$5AU_#MYK3Eg#^W zuuyTP&i6~OQ8!UCCj*JZZWc7sgvhsDD_fs3!zlaXz9~xkAsn{RhaYyhbbK$K*!@Mv zY0l!GDn0DuJep0e9!0_$po5h`zmRuQS`8&=HP5t39=~LSw($7FPmoB3q8i05aF{;- zUKQK3El(TI6Ed7jHS0oCOQf=zT+khv)9+c_{yxnN5tFBLkV>M=3j?VZ)}qqOD!N}f zrab|O04!Ed9fmTz4zKT5tJW8Il;?e)dA_K(lpGPHoCt!Bj zFQ8e}`%VG#dIJ3l9a0Ims{Xdplee>2&x1fAyHwPj2*aAl3-96*nu_!jI_hsBb>J0t zC9q-L6a=9QcmGZ?&B(;P?tB8!Fu}%Beu*|czET9b*q;;dT!MATbSZv7zDg`5G(-LH znJhH_VsW~v7B?YcRg3h!Sk|0sRQ$yg?n(k7truuXnd20F@!^$|wZ^NMT+8!H9Rb2>!jx2jhn}fGE=; z&oOw?pGM$D!iVSXxPE3A>lDp*MzDpgVpKoY#;$9XVzo0q%%59 z9f$IpOJ@l;oOcKs4tt6#smTv3Qyc_s-3kz%HJ_2Ykqw!>9kj;5_Sur2G4goeg224q z=%&-4ZV&k`j-6VfB_iMeVtL;7;>g~WU~nvl&T-+WmA`&BE<#h~Jzcbef{=I6C{!~{ zpep)D6NwFwIxeoOuQFgP$$V@f`YJ|`D*SY9Te7}IJqKd7mjy?aO+j5>HP@`830LzyfB`yf^F&c$Mq4lk51aF7Nmwd zqIS|(FOV5X(5;(I*a1z67DAWP&%bFs>HZ>sZYpgc=WoApQW9J4wS9f>O%>V^2D4Yz z6bcihpM8Pv?hI}op)HCS3mUMhzqKriE6wAW?+YFDc`d|o(5+ViaHS$HMG;InP`Xs6 zc^jxW#$&GQ3QMsiERnoud7*0N>zWDzz>EUx3rDNad{HYMPSkJDRpAYXcTUI z_=lhIo>G#fpeWg}Y?l)J`&tO{TMP1#3-iFnoAkR2B(LYbI&U&jfLNbn*y~L~(BMf_ z(?MAg<>hL>_q*2tRSo!m=J&0vnLZ87?i*dpi@ECiKq@(brA6o_*<)SY7YFw-zxVL* zn0tVJva3svSmZ^GFkK>XZqzbw?sI56vWvU#1Jsr7rR>{+z#=_aP!1fSr=60iW^6m3 z?#8P{(--4lHZhlaMjq2KjmQUh!F_c8TH%qI7Zc!)2ReIu*)I|0Y$`}tjv$jD95tPA zv#)Z(yms+GlUT0f3AMTGh6hJYbA)ZL+B6ZlkM@uYzGjrxe@3Hu93?N`}q z8l?0RC?d-P33UyggIq3Pzr)!*XyD>B`OQQfsv&rEt7O9q(mYo0DbRaz2jvrIIwSy} z=%4yMAAGR;aR>q#5|TgLJl@_MD6MnaKIWeL1OEGc1EEX>vo}o}de3CgRw}-h7K-zo z-}mj&jShCFvvv8lj<1EyfJt6Rr71wp2lqw(L^hZ!eFEqaR ziGn#@jCkg#x_;=3YEdId=RWU6oz9vso9*V46ok%YbMj|Ft81$5a1k=`6GJiZ{wBfx znL`WLek13l;lW$E*A#aYWV8!e22K8Sj#l_>J2co(7px?`aHJ-t+9 z6Cfa@o|>`CCMzh=)g`EcG|by5`w*#n1$D5uuAGS=1n>1h5}kZ*J=A>pIBM^U02rXpnR0aRQ-v`8qkq!b+3IeWVKs(g_H}U zq0(NmP*>Ck1^<|F!A?%>F2t#Y?}zlrw;!lOHsS)Kk`M1wnH9X1QRCe_L0t9w?drPu zNFTrYL;`#)f4hr(oe-NdnA#879!V9W3>$e>ALC<|$bu$Pa;lJf z*eVB<85Q~md`|}M61ha|9^SK~HBm&>E^#b+*sLhm2kH0oTPM2*lYE(4A?f{7nF5a8 z;nncE1lXhsz_K3Jp<-J;8OnR7ns-?}E?QV$-P!Qw8>%7_VEU(--HmktIUo3f$vr4Q z8bz?dLnHswj)j%&8Txx$Vp*a_8=~?`bdp&#RhV|FcbEp)X$LLe^8uol4Bt`S5IXz= zrU6Njj^{Sh%Q3!f6C2a`#9N$#{Ko*P({9NhC&8AD^y{qw zXoSF#eBJ3Xh+BWJ6MPoncd1jIjIxq(tC)9?R%hhV0$aLUOT!f5-!w$Nzzdu|eXpRt zHT*B=AaoN1lq?5LHjQvam-HMw{344({Xi3|FZ-35=GRz-4%szuc6m`@_qW3pf=fjC zOX55uFA2L0uoUxyA`4%%{NQxzodOs*Xg2;?LHU4CC8{1KE|TI9yB_TsKhvaskJwLn zgKYz>Aa{ypm4LOf0~@4P`C!yzy+p?0v~`q$rt;#e>{LyTvf%!GN8tw&?^M%d*MzXj zq8*t$ad0pwWF~_ryJs%Zd zK%$?^4q8+iMH%+SgJ>6U+UBM6P)dyl8-yHSdvPKvRPysbzSqrYY< zU@NTDi>6;dnTi9`3Wc$!A2F4X+Gu3`oF2i3myD%y3AA~UpF63shE1<1>fQ?Zok7`4 zB6nK#?2`)bA%?wW_m1;HR&;L7gu#J5)J-jJ(>7@?%Nm5FO2@dik3yhkEQg-Uy+OUa z2>_n$nR;hoss_iAPWUId7w#>^-e(I9#Xnd!H0#BnhBk?%%3vDy+8Y`$FH`YT9~8^_ zjNJ%Aj8ug@gCdF=&3h%nG3v{`7xynNuUtfYL}TH+jI?oSImm!tVGA&JXAb_F)9w(o@qok729CDGcarNWjeo ze0yM_oj5txpHR5{q+H~Ka7Xd!;=uB2scy&;76B;+=t9x#!w;mFc__q6Jps_MHf|rQ zAN7#2t{!T+$e&CXlW`pa6;J5hqp4(p>kgdsoqhvCiH0H=eU-8obsYvmCF4mXG11oZ zs-%_T$58GhBXZIB$Irf6%ABrH_Q;m}Hr>2}T=0CGdjTeNxt=PEi^3VBcgiADVxZ6a zUK;z<6q-TDVfUbrX`+BqHV&q?b)R z{QbVy%jDpB=!2s<@BqO-Q%RJ_26JHo@yqPd!6cBIZz7mx8@351hbw#I$VoQm-BS_wFeq1JMxJn zUjE>miW?Pu;TGw^8@!x2#b zEAKtxQ2bCZe1YFco;#MS1KpGqKPxi7BkgmP=F3O#xiWlo;cJwscx5ivV!Fh-j$jnY zEUN2k4%)V?_N_xAT{h4PImK_`K@hwLcqdxUq!v{Mx^5Y-V*pk|p_utiLc|i4)*GR% zpKbE?1<~k&uJh#RB5|g@<{N#M09wg~HQK_hIK^A)+G=-dZj|L-jr>+P)*wK>fxlOR zN~-zy*_N=*5Y?g=VDW-H6p)7UTBENAer2;rZa~E%l%d37mcqF$d#*md*$3Ap;O*rf$Q8Z{V+U04j%~2W@WiO`NNAY8SKI-sd3~@S zwNbiaj6XF)G(5MYdUzlD3wtEAEBv<2vFOeW=&tGvU@E2-(0DQCjy&!Yj!KG>55Ty{ zr>1Cl1#;r>Nrv6BoMVM*S6&_diYY%>uYMEDEeI$9gL3gjS%mM}_PwKUI|eSPu)*m( z(~)>^#eQe%^S%CSvJR!WY6(Yl)-rR={t>J@poV*BL3ByE<>l z1Ys^$zf~rAWS>`X7_1v9h6zD>-}H!YM`cg}918dl(@Uq^zK&S^#rGKEJFx&_|Et4v zq6c?Ay8}8aEJZ68Lc!@z%r7}4)NCxy#vTEY{>>v$*=Bo?#s=@J6O_2`^cNImTQ1>Z zYe*37bkF(0W{Jt%W799m?H9M;C+cAjfraEx6hLzj!_W_C;il07po0~REh6oX#DHuT zEa|1o38-$03shfVHQTa4{a7iSnyJQ&fI!#P4s;#+05lAmJ2>@H&oVZtr$3vCBe5p zHrM&~IZNQI-3`P0#S(EL^BYulov+}140ifr*1fz7qbd-ff^#p_UZxJQwt+r$2pbCH zx4yxLumAQ@{78mIHwoBmfe|5C7HOdlfnEhmz4?+yyn_u5ydP~ZfK%z*7Yp`aesjU% zaYm+cpwbPp-$@5D%4sI;DZKOn2_n$BiPZU48~K5fimrbz^{ac@Zj0cBAs2RvJR;6X zxn=|4W#vfYn~=LF%JHB{u6uyqy?VgLFi-hF+He57j^!*ndEatkchnAz0FP>lF9^8O zup$=Adl|@c;Vrjvk6YW47b5Tsc)>3(Xk2r~62h4mUww}Wq>^nzXdkWkY64uUA$Ch z-)9tx+W}I?actI;h9ux?dqscS)TBzNCHTVTI3wZorI$Yid7VGqdk#3T zQ8j+$&s{r#7BTzGKZO6=!+X85q;~{XNs4*u7r{2fX%8U6x3Q)fNnq8rKobp|AuHaD zic=$g184s=jK2_M`1W1GT$TPHVhmu?0GJFZ9I#H{!P0_q;TF%1rWzA+9l);+PT*@` z=>`r<zd6QVNexU1SQ5Y?NRnu7eZLee2>+{S{8k)nsCjBDte;~+s z$TKLUDB#b=!@i&2+*7We!iBGgIAX|&ptHs>yvM8Hl$Jxe5NJAnfm<;s<7Et}EhF%z z=b+n<<@!B-K0tOs+am-6tdn6tMSFNQ@p5*Q+6MjhJgOH#uei3_`lpPbVTBtrM@h&S zH%UChhW%b;1J%>VHCeeWEjMzv@fS$`ezL~x-%QMc&;Y!K-PgO~ z%<3mrG2?ydWj?A9sd&|!Z59q1Yl zbU-fgduFi6^o6(qD%Q|s9E9dTv$`geP9<%l{5{FCtASdUJ}=;*?K>T3F>nI=AXWGF z7Zl6;(Lb=P-%>n9K2{LjiF{RhuwwBa`{;-dASKXwaqM(Lnip46SjSjOV?5T$7fv=J zR%$SsC`tGIw{%i4#r@kVRF8XVtgcL_MPVcP1fh!wtJ!R zRs(Cx&%k1+%8~6U)Qhcl!DSSizRwT1)F%A*6^knUda&L-SOYxS!S7^&Z}uXZ2Fkeb z;M5@$G`#{Naw2dj@RJnAF;v_};+cI41FEFaH>q%b1Yu(8n2W(bzDLcJ0PfBj0y4UD z$>U0KTF?aWWxPr&C*DO@{7k2S%W!sC)NUYT4I-iauFNAg4e94VxeZKQ(-gWciaN{W z6Lw^v)IHEEs4G{RaZf5Wxl^y)pp{l$?V~r|MOi;O01(db?0u(D!5(Gc$FQ&aFA$5E zpxRyZcIqe*un4q@ghm8UM)uV)Tl*Ouqm9X?ETR^=ZAhU45#oWuv5?_&7&v58k}+>l zKffgqk8)%d`c>U~MPB!&%3_o{=Xm!$`U)Yuh`o=|R~^=NCSg116`V+5|1O zhVO(tDeb&$lJ@21e}iovL5dHxGR=NRRVRSv{sJ!BaJeN~_se7roq)a}q-Y0(N>{F{X zyl(MFY16>@%^uKWwJ2Y4r`ND(Gv#md1RDwOXE)N;qylP%2f$q-a2K(m%l~~F9^oXw z8k51oHmibrI~OpdDa54u3Jav5I`v+}v{L^D-yQ@qEmu0+TFJJT4kGb5jAqGWdp$DD za`&wS>E5}l$2fRWf3h-8-0aCiH3!POAawOfSDep|vLH@zLzI4yU~d9Y(9XpWg#+w4 zBc6$p_(SVJ3odlU;{6qJ5$l}$9tSBJn;>RLCYDv}zMD=Na=vA&|AM6fz^^RrDBdK0 zndUW`E0FU6ZcKk)v^*fe=lKzr64;KPI|G^?p`OvEk!@H0vYtBV8)PQv|9%cvRCie0 z4zl;49iAPZ4PJhajjjm;z5(OPXrL!Izvr@Ccj zrG`R+cl$%UHd-SFW4$>+;EOa_bjGA$Aij+zBZ+h&M&je)L69)9)Uls}lMX@L5nPsN z1&%4xjCU)Cz$NoXh&+gwy@`t``T;n~(St+U$#S1l01~z4WkCnx0s~-=2qzaPmk%-b zDC)V`68JlV>7@ohq7WnkU;FtMfGrExr{LKHojbMst`ty!&vZ6J@i}5`L2pPu+!MF# zo~Jc~RMR@G(N}}yaMee6LR!#gSEJGOUS|bhMiW@>whd*zNfgjL%@`**?*ZZKc_fvnslb6QzcRff9q*0kQ4l~&O>)jpCR-S56Pc^3X;^{nl#r0 z_Nu%(EnKZ(*`eL-ScC%&cb>1j<(2^o$tv$`K-kd0mxSw77g<4ojx>m`Ceo!SljjkaWrOtem$_4nNfq=OA#*Enj znf#O)Q1V4AI&0Gr#@^kF|5Jg2!1FzI zU_=-qb25WLDpZkLIR|yOss8#~}|M_}`=6(o~y`7whby~`58$O3~dt`xPFz+{?Ky#tzjQkMw-0RRMZz`FP6dB3Ip;Oh1U*j!4i6Mf(n z*fty&q1`(04tha@1ioha!lK8-SKG6yVS@#N6)YtK+u$mf6x^tT5Gq++w}bIeCNzqb z$-GCk;vg~oUsZ#1UiHZ<8eM@77+4jYZiBN9NNaf+kiHN7SH4e>4@pzrod=-lCCBXk zKy=~!Hj+AkR4Yg&+0xX>vgqHPd(I1V6n1la%b0QZ(&?FY_x;hc^>^>cl1hhj!0*-& z`;9UvRK_kOKaRamcer0{^8obQcf%T(qc0b{tQZ{gvtLhsKC}QE50FG}p3Y&+lv0YV z74`s2MCP`XOaJ2DWMBz0Vu60ZCK!+9ER473Cx{GqTLdycLrK7e9!$ZKh~?h#v&@?J zi8H5R3(`1&y#aGn{ObUn5m2%XfD#V4Bu(Q$hsXsJ=SkQeFS-gq5#EE%m;)%&*OKz> zJ=R=E3qPhP@QLrpgztO$YNNTiOHDXS;Lrx#jn^lhZ0>%shg`;UUDm|eagYk^#x|EB zn*xn9V0`J?yxX9uW69tf3oovoMD(l0=wNy0aSTr|teNI{&k{reK?4fP7g7T_7btWx zaBKHqEq>j0oIO0jL;3&}E53AaHwQEi#fHw`jxT*fPFyd(Ehecs4K~eqO@2-$AUltokduHO;&Zqv?jF;-|wvRW#faj3qFNd~(VAzTe7 zs=+46XxGI69L_nfJ)6+ zS5r~%z#fM;e$%l%5-^fug)&@#&KNQV6wQ6!$Tip(0V}9>FW5(3pSbB(%(`~|-dbn7 zqazw55c-+2b0_}El-;A$Z&#W~I+J3u4^Xf)>x%)oRs^CYw(zU=(m|t&Yf6^+DX8hU zq>k^B6)qt3jbnriq#nkCM1b_%yy;%1<1Na?KdW|bpx2hZ^4GI72myGV7{qRU{F#q$ z1m@G}{Pu}%bwN{aBVqfjtCk4F7dap`5>)*#@bt#W0;S3~Ak9-zg^37t-wnK;i#t_+ zvA+Za#9rg@9=-Q5IVs2xk*pym=#J3egqFz>c_KL|SQ5$WLp>0Vc-jnje4cBYG^PMp z;dfnlh`>VcOe8NXXGz+vG@i9MeFxvb5(wrd7XN5=e!r4$oOl6b13wRfYfHVg=wVNZ z|12u{ROJdJZxJ)ia7DHz%#XHtk=XI|8f0)Cn@%`i+v&+=Cc$e_Vbdp=FFj>12Vb0g zV*xwUki0#X;FB1N*`KWs%z0%fg3PqRXdOCXi{3_OIX_GbjB(wxsG)=5ZvMGC(`E2W z-;SvaP~y&0lLYxA9k2$peDoMR%5CdC63Zl_50ICH@pHNWXUq;}#W71|`f~?A#v9Qf zGT_R_+P9Vm5A@-8OF2KA0=q;1b~P;LaAw|?!I)(55l|5czrWycfD&9h<=vpW?Wf!s zc;jVOs7w1JNm}2}N9qC_Hq1h}F>)m$27PHTEPL^@IgS8;0B)7-wsoAUPFRg zbTv@Ao!0|Ubgv*2>R_$Ksiw|Sgyx^;qI$z02v~Tj`%*~ zW@a_v3w{@UbYmun9rKh_;{{|INY?Kh#7|YWcuqIZke?o>@`YXA2&TY91}H@^aMXLc z)gC^k^o9ANHK5=)9#Xd?+7RPdw!Gj1(hn-xSwl|KT{D@<(zvA5ViPHDDzQ*G|6C(KgZc5?AzV`IF)DCc~U8&`%?yLUZ%k z+~baEMLi7a2;v?8#V0a>50vzDlIJ@dU&9>26U#Rk`vdta1-;{jVN)*g7{t-qWW&G> zS4dG)6Deq6+6vs~pXuP}h74-KM^<+uy znfvWmkeCAM!@SMnKRqJVq=V+w1&>IUT+hz{pnG@cNRed<6a^vjOD)Kg;c{>XgIPOV zC_7e>F`$p3!GB%(-O~MA&GBP5mhyC41q77`5}L0bygpW|C>np3o`8&wVRwE~ioW-$ zD_4c9n@R3=r^@_gOjJFx^=JAsww8b|=cFkIwjOM1IaYJGH(%tX3R)WjV;N2_%rP~d z;H{vE#C=xYjU|babNsk`i{a`L0YMo*^*vDjFMBmw%Yu0>o_TT*|xSch)w3HH}2pPdPmHKb(_G17PugoE8p zc`1Gjo}R6%MCkW{u7qf4Fr)aL(*p~t0M-uOh4$_N9x0UW4@vQQJoF}i84H}J>z-r&uqJ3Gpui_fLwI}NT852k)#P~m*j_tD*7 zNA(UlY5@8K%EW?({MS8R#xN!KS|hEmlK!2uJQXG4rX&S%hnHKXE$IN?Iw*VuKNiJY zV?#l?gu%~?0u0@9++}NXl56VyigVk&7YX<=(_mQKOpo%O7TdAWQ{Z~QD~lN^6KiI! zJDn-+sQ|(sv(W0yP}c_{xxXQ*a9s2z{xL4!h@w-bzi5_ z7QbRd3moDx4~ohFl9M{k@0Nx+IjnyruW9L%rhW||X~^v{*oag_@on9mX|et+4;Bft zV+IlN1d|`j`yNFc_v+>EDSs2w(~@-hd?bp#SF#XoDq(eO7|znJ7xVkU8)zu7r-KQ@ zeWI0{4)f*=`1OvaQGh<_8+=A78XC^uC?LSyniUchY*$ zdH}}2B2O-q;!i~kZbUs{fI{N*Le(z=&21J``PX0cEFPAa4tnN3p)8hVS@ago95)^e z=C4o+DM}1dcwWD>0u=3Dq+}!lEQGvcZs><(x7q(;K$iTG5}PKlE8#C4P`3mLd}(Ca zyB{>J`XBYBgn+J`5BlY;FsCI=1V>)DV$iZ7yDkN<2K%F2%+o-L(GSGj4u6d%8y5@P zntigRk!*0VoLnDa65m5$En|{MO+iWDa*4Vju6~YjJljLvr zYRt0w66a%D%;9qvYF}#uYY^X+Lf=^5(*)zaYTBvYoxol?Jpl;gv0xBvZu~o)Y90v{gWpDB^ir-+w5R z*7hP10RYFl=?i5?)PIs7p)v1b=|R-8Bh(>c?0G>~lLY`}LiD+xEKijNG1`7E-_t^k zsb`dU6;JE0JLU4(4^s+pNMq`Nqh@F_9Ou{T7ZGSuUn-s-Zb6BNG6)J5C=3Yl=0Efs zp+xHesk6@*(+`=@OMk&5uu&jkx)xxyp@s*Vvad_lK5HdO2H-H?Vxi;S!}{$rGzmXL z3t8u7(F6&0AoujK#4hi}6$2X2 z!nX6?B=0Nq&HSnJPtknALkj5dmczX!$z%ie16o_IMlASx#Lt3-yzXEw#QtylP#a0# zL6#34uq94A`K?rVHJX>-wtKZ1>A+4ldwGL6N{cG%Q;W#}Lfdb=6REcHy zo2pbzvx0}B`cv4mlg9=(2*y|)&i{P$=Gw3+6;n<$8&{E@+dzs73B(GJx$v}HGbi+Q zDQk+Mf=|Us;xg<2Ceen zhVt0^+@eJdO@o`HwAiJxTE5Y2aVyvlcWmYG9x7Cb&4bWToD+dU?SrZfrvB}MRwy1= z2)HO_4WTm%){VJVDj)PEnlmT}fI7`g6b`tVTn?xt4y6I;4>mn*fJVCYJHaJH9l2?* z(2a?IEqzc-!hiZd3Mnie5{y6IV2){m_5SNM*s-u$x({^GPs{VVXi~Y@w*NIFltIt) z-J}`;CI8(eUfqTdiy~80n1=87=BiLcp@2(%H(-#FoHruDP!g*SYVpNpMcl%2zq~?Gbq>iX~E_Gm+cFe z=0TP5xEJ-Qi>eg^k=d7?M%e3y*QiqBTBLydj;yk6bwa}SUb)KnL>Uvv|G$#!40Yq= z`}@ye7j`9vZEWGp4Wa}{$%F@!M>sTS7hC8Dmj4dzRwwd6TGfTg$n%hzD~bEJjrbuM zWbJlj{0Q=Bq6-yX{VkdaVi2v9%_+GLPkP|vk&`_L z_TVFAoFWH`yQAC(3G|xbgRmz6AJN2g2e2k^0EOKEM>n}w29bdk+n9*?H)tEg%2Q39 z^DkZJsAw6W0kYb`D!jUh*5DQphZ7Ew^yr=Qok4>@9-VBCq1|^{+xTrM70Q4L8}}NgBWO7elBZ%U`BNNFji{F$VBL1<~t%LU%E~wxzVjzNlVAxq`O6CeWMSOrovei@pI zC+AZ>>ZhkX7RYz`?hA5246sJ_K603N2JqvGOdcqhTXpwDMq+zGK@a5j`QtA2foK*= zlIpmDMwvE#2?@-;@~wET+f?07Vk9t%ckGk7d_96({^c>-@ReT12c&O25Tji2q@Ew3 z>q(g3efGi7bJ4-R{h<0!30!lsRi#CN22cEmo*#Z|pn(gzU!9%oz%~UNhPc%aJuY1# zOC!)Q0X6qjNODmqgWwx}D2gOpn1~u(?Dyf&4Jjq5;8J~Q~YVZ=WkOAZ$CI3uE07qk$SvFGRvbbXh zr~paE#{_|RIG&b+hrN%Oc%R3gA1G?X_J<(8{xgZ)Pv~yqDVR`FoJKv;=GK?qx_Aco zk)D;Ie}Oq4+p_vY;)gPVzeZOyDRVa9iQ&i7rG zq5m{aTy=ao*$e4#X?B+v*+~cy-vJAxS%5xLR>=ejsuL18n!-i!kPdd51X86TX@%B+8v<VSJjAyE?MHs-G2r=M@BCnVHa#LG%|`u- z>&^P663>e5s&O7~{Uhnjx*TJpDEyZYg3BPLAR=PO9b!y~nfUd+Rj<`wf7Ml~jJ(c! z&fd>{#pU{fkM7MXaO1aqfhp~Nc~rWKV+pd&WXo860e{?g2iSbcTwbCqL`LRG>Pqvc^W)WwZ@TQ}PI+kc&ZA(O zXP^7RDhUKvysc;RYuN0Og7lOm^8;~t)RMYgj1AMn9QQpvL8_NaM_(fP?0ws4!S7m^ z3j)9_eLQeF>MM+s$!Z$+JtjWi?hYwX%p$^F6v%IIB-#@$W8MOCgX!$X9YK!NE(i{| z?y66aO^Zj4kIlYj^N*q8x5Dh}_P0ZAC@N2k*Z_dnu8aczwR`z2km%8eMx=Qj{@kto zU4BIonN;vvZ_DCU;o)_TB)!MOGT6$Z%O0kuD&5z6#?|(Us!jw&x6jx2YI1Ku*_&H4 zZ}i#~nc&AEnUG{P0a0po4cWtZS3ISkyRBO7mn4t8 z)V}5Z?%LadPIC}FlfMG}r^s-g6|h;Zus=q$Z>?5`09EPIy0DaCtR`q!9_?e(FZv2( zb6^zyvA^vdA51#P0RO)S+jZi-;kCuMXbTPmoFf;Y)hm3jqIjcGpLa&QmpbN4aSW`= z50R>mlI`|KZqxSNaK&N~YtfCq5yFFR{iF}h6>n-&=Ko{|LGuKGciD!wo%Tky|Ab>V z@f!S5@(lqhhj<=!n*2LRac9>&s<;nIyfHtXPT$R{)Tc@=Ew2QBjI%BwcqnCoT!LDlMgL@-Hy1P8Y~7PKgwybNn<$^1d4R@l zJ#Ygk!=BPeJ@CjKPg{v~V$DvIF`7(G0t8i?((QdwfM$1)g5TSNW(w!GfP^(id&m;x z8ixPUjv$fNI8@+bJna`4#4;gM&d2#93{mI^1A=~zS4qrdU3#_#*nd^?B}1T!7ec59 zpVId8f@+;`tbea_QEqTPr$-A@12eYRd(BDXZ%J-zl!P+3-o$XC zjq36<@aVYSy}oT6i9=ti0~I68T)WM<|MCir0TjsJhWJgxgE~rgYtk3HCX)*&8;_+g z_Rn&J5jw zAnK3wTa51TdA^wF7s_e#9*?F(Y4p?_j9&DGaUW2BClOI>n1G{drE=vlO*E)#z^J^uR*FKHxcTN_?loylBfhDbzu(yc;2=A1 zjo#{~zyzxo2He~(c&Ozbo_}fY1=(DGdVRLNd%9M!sBR?jLwxreXz8^=w#}5fIB^Ed^!x9{J5f1o_ zcR7gN@6Fr7ha)5Ai~C~96X@^jRFUb81;y9z&NJS9neUF(&r`-S=44d<(Q1VbKaRItd(u zDW{!jOt(yrJy%;|+-6g`?!^nD8#knDwqx*oko<@8pkNCHqkTd-K0l;;f>glkm1~5v z`b{UQos0LIxYNgdu{ZOKpyuymrl1Yozj4^bB_ba@wG>+7^~*PP1jmZUQ?E5>x3c%q zgG#P6M`YEjsnP?vUN9CwpNl0ax1ykq`?iH*z83MM(Db&_m}+~1UY#Rs`# zF(+ikp~8m{6upsb8H7sL|MGS)vgXYo_$gWU+zv;pBu?mczn;=z6G%)^hCR! zJi*vK#!uAsj(_7f2>mwx0Cp@_`0crdVeqPw!;dL3h%K$&f}1h+UOu9zc89f7d_qSb zKWdnP9;2nzHG+GQa&08baTE6$KV9_hPOYb(S#Nx7^MdA(F(PZR59%%Wiy^;CHshVg z@5o)K;Mrb2O-+cg{`xHY`M7+HMCfwCIW?`cLu#9~Xmd0f2Yb?hb zrLiNzBJMKz)ljj`*Up_{5p490CN}xPQ%9!5roLU|wlc5%<+>GyTP1Z#PE)f;g9Un4 zLw0BX(!8|-C)qs&s=2I?-|2`yG;8{>F2&bvYHf!kAQXd0{K~2loc}KjzYwNJc#iE2 z!4o8lXPfhkh*vIO)`f_~ywbv7@%(Z{ak<(b$%gH{(05a>ykB3SME*|e3HYJ~gIQc3 zYw*IKKL(c2Dz)nw0gXLu&kK3o_vK;Bx3jG-l_Ba zc-dlR!WPItp!NygtVC)omx3qRESLSY@cS;)Si?Q!MUMILo7JXM1;@>+2Jo$$b9n3z z^Rw=?jcMO+H4sVD)~OSzm$Ey6PQysYAy_O~xH;Zwb@5Uqp7+h5*i;gUb>x?!+UYm)bU+IfL1S+bQ9(ySAiQbJ(8|zr;8Z zrhFr8-Me2xCYlb$Ct{u1Y|InIc;n4Ks1YAin>oW{Ss-!tA|>Hoi4V<x&=;+?vj2Y3f;ll(pLE0~mm%mKJmpRefJ%-`#j=`kDN~CqgEHvr5xQrUlQ(?PRMaW z%wpv3C!9nb=|k~R27JANQf*Rm^ELF)Htv(=v;ubv4(ha>mO>*8E)ms6>a zIGdAH6C4U_CL26VX1Pay?3NzE_qA>gUki%z`-pykxmZ&BdWud>4QowR-{AXr=qkh4 z+~If&cN&F2AEB`0XWg>Qgi}L9yf(_uZkR_-nh$Z2IJYd+z3}Id^>|s(%FjLu(rtbB z+ti1?s!S}ZvFCi>Oo4-v^Dd;u?Z zhUgRldLkV%f4? zydr`*a2*K_U4W-e$? zSZnO}=Xg%qENZWb#onOnEBL-d@z>sit4X%M@JKXAk@3HhFdhjjGDpmM^1Yqi9H*@zs%$05Id-xBxA$JiT68muj;d(HVLw0v!njPhin%o@psmjLGEj>}d$c^h|i8ODLZe zaaAMT0!Q3^&W^s>cq6onYloPueU+c82jzv3$^|4n5aCd$`N)>u+hJXpD=6I);)QEf zrisT*m^m`&T-W#B-F{x>&Z>2kGzs%Dft=Ngd!V?pcY1xU>^Tgj4G32p9s5mRcQW5h z)p#Ez35ABIRTK=E_`w@H%)Oe{((8VmnCi7uFW=jlBT12QW9Dp~4s?DPOxQmv5tG}+ z@T(E{J%Btutmdf@iyy+v?FkLY*sS+EbNOunjRYUTltvGcQ<|;K9M)ZgW=P?FwG~c> z9hf0tSTIccliQDK>6o3ihypyE=D7MbZHOMP$F&08Tt6m(5+N$~BY}A-R=)H+Cddu|7&`ea<+SMWi6lwFM~t5y zp=B0Y3n^qp0wdY193Ylto=vQ&QW#lx$`HyxrwMlBg$+K7yMw2S;Q>7yvwm^?L|7r* zxwJ^GA=#`{Scg@~LVskzY@ANIdARd`sg4)Q_r^qjPC|YRx3=`$tYQFe{KckyQ}HBv zyu6@1AfP>X^@=tM41xuA*OZ*Z&-}{3Yxd;si(lye_OZ_54Y}JV@Y3bC3=YZbpWPmPqkK^nI8$#p)g0*7{KQQi`H(g ziHZpL`t&-@(%ms&Jx&Dsh$vH<|7=G8_~qArb>1+!C))GDKOc|SF}@^n2N$X)^XU0; zW>yiI5o66SEMHx=KNvmjO`9q><4N4+(=z*?oN;!rg&;)l@^6uVx#$?*HG7JB_h<3P z^s0WWsslad5~9_|vZlZ?Sk4ER)F+0i%p>w+!Jwi!A9u5`AD|(j6lNZc5E9#sH7U>P zE2?yC{S6S!w7M(YJNrX6H=_?Z$ED*RhT9$-G#S_^xw%zr9a}e z9W3CO;nJ0(NyhU88(|q9UZqR; zRihv?bpS3t4?F{8CjAKRpl}Jb_mi?-xrE?VT#v|qU?e3eh~+&L75}U9hFpL6jk`cb zbaV_q3sa&k5Jsm)G_Zsdy=Z1m9eh1+l;?+B+;ouZMW&r zLi6`n)=!XWKU3yDvu*Dy%3qj+8D#y1X6@tN`iXzedYx=Ad6ECnx$4`C8AG~w`T`F> zevTkGTP312F1iZqq|gQ1TXBREQEETZHB;2EiNsWjx}S3Q=&&4Kz>2gvw6R6C5dJR_ zfBU-a4P!uE#V`GfY^?96ejKGjEA8t|Ie-W7-E}$0f)B>IR1Syu??OFhQ8@wIw3ql# z>KmJH$gDjpT|pz@Ve%`r2}wm%TJ;($X(7y*-RmmFixPELa%p@-Yu~Q5<6UnNdxrsv z_ux^3+5?8tg__wf>41jc-L8$*af+9GIoC0`$F1WHKG_$T7jOt4DMaBpYChep4}kC5 zlnj6^p%LL?5CmZ6w@@GMO?rm}0eMPu_Sx6Hr*Yw@;0CFU>NS~~&zE!5#M{wwht_aT z{c^>zD-SGSx-YQg{e1tWt~{g#oP*w8z0&sW*lEWo8< z1Mk0CQY+Wqk7HEo{IC+*gx_4A_unD6rZPSQ;U7!riVn}LeXI_9|Dx1sh;?hAvm@MN zntC+SHJ=0@sPCXmiol?$rygU`(?8cgPUm^>Y%$386L5SJ^(Aw5cT zW5jm#3W?!#rYd3+Pv_fBH+uligPMqMS^l}WD2TuT-5Zh^O`VC`@nnhnuBk3?rG z_W>|0_oIA{^Y`WicAp2Yy^XKvmhVR@lFmQI<8l2+LuwGYW52f3ncY9=$E?)9lI&lW zgT0j;zxi`-2FEpq(_NV4-%BUa54Z{;Y0L^SlO{^-a2>w~|MM{*6TEY|hP}{_(0M9+ z{*a?(-k$nYL+&Hbx{b?ScjJMa45?4>o1FV;`^;5NAHBWQbXr@DZ>{&GNyq?%@vEE` z`L=2E`GggW^@b0>SyWYy*d^Yu+lm>sIsJN_Qed2(~YGk(|3{H;5!HB_5SQY)WRYLcxI=_QI89(DsFD6-cKObhXnZ0YOK)x?NFV;XdN%Y=P@!@ zMFqbg`^}$xJLYm9XF7LFHi_L=xzV5TcLu2;VB$ANRQC5s<`H9N2bZx4^lTy??OikB zgW~;IlsPn0pyeLEK}(}3W1UaH0wmF3KyZ4O`gCPR^7d9lg4hyLiH=A;-Gb=N89=)g zPHBV1Z|jY(dzhhuPl|DLaEgQHela0?Fro_)%RtS$b?31FG6 zZzp)bcQIHcFl1SLIA6%Y5$fxje6j>n;57@%p7Z0TRz5}=Cy&b?`~%~8+|4Ic#o)sx3|9Am`D%YJbtG!CK;iNN$dH_PXE)-&=DmgwVyH7ynM}vPDtF3N96S zbYmq!uPlX`^x!Sbv?E=gAuc8G%XbH~H*{8e?HAsISE_t!Z5}!*Db72qXMDoS*2prF zdeP+NvBlc5$cAob>#1yC6}J zpN5UUQ{QLupuW{Fz-M^$fdNz9$+TkX(i>^GDr~XBdxi-aY2TH9BcNiz4~Nup^z%LL zkJ{gde0oL+y_sRMwvwdVjwdkY+98q zPT;8mckB1qz5gH}`*!ZdrLO%!Ttna_O8R>|0#IYlQIXr#>nJG<|1N)rN^1DCk*g~h z(faSreXZmD)#cCikgoLgqrku4nIwT^^GlfdhhN~Nb8)N9FTVr@iMUnR1qug)I=f?^ zQHLTpv2R1w4Q(52edO`!E4bedxY#c%P2<#-xBZ<-to`J^ny+ocyEJaF>wL7{c}U8Q z>*){Vy^RS+U0I84ZcoiP(_r~*2nu@^yclZaXWwLAYlG8$;QA}H#NZ)e<1~1u7Ex2?*--W83vg$ya4}hQ*o@`R&&}Xk!>*gE)>*6b(_p`7 zX3c%RhTR2#`@Kdb_vH}Z9v>y3gICHdC^gp)c@U~z5Emh)0wx?93|SHvX$&reJifZ` zY=0JwaG3t{W9Nx@9zR)*eSysXT?*_5x`}Ya`hffP9Br>hPhu6I-8x~Rm2*<0GFo$^ ztZA`3=aw7wH!5WjzVkwwHU9-E9JfQJ?56%MU*REo`o3UuP1&&&Nf8ZBrJF&1SkNSD z=lB7YFyjr*M&d&c8eHF=p7e+-h>(jpDrbCgyt;s9lhTvPv&y{NxC{p$shqX#bi5#KQU-@e3?{6JkLo-y$?D|?~1;~Mbezu4nz zeS`r2Ft^73)CuN@PX3Fz_wcUWiiJN}T*{8;eTjPQpJV-bLEiF&N(gnCEML_mzw?N% z+TQng0>EnD(LIkvO1YnvJo@oVdB_G-7N zP;sA%YmddZ1OI0~eIT1)v2_QVNOoKu-|$(0o()9Ys;iJ7BriEhN0vUhr8r}a7$MBJ zK+_?IyCLtNv+TOB-)zp%&^3JJI!FCwFv@wo#)AKpKFQv3&+M{}_BV0}#3veIOI?Q} zqF9=VHcLN%mpNtFZNMokqe7A(D&Jj-a!#qhW!hhav_G$gu4m8Xtsqmtq@Bka`wlja z0Xk4iic>Yc0aqCEj6n;Yb>gMDmC(R?|p-O5Cv<8 z+)NgSRBO^knsT>%mixsy3i}4Vi}^*BX!?2IkBDm=o(zqAypOE+y6K!N2v_1Iqy770 z)Wg%abW%VChFk8tA5AE$$lFh*v84KR5Z(}LjekgPK|iD*9w2dB^()NIe7MSl$DAMgnR9LCpA1>wXTDmh_c&m{@^02cF`ZkyLqDSVAkuf* zca1!=AHymW{`?s#mXp4)V0t4ZF1bq5-7^UCehV@Ae4cH`l*ijAQeI^LKG=xgLS-q3 z=!?|U8$i|c$s;gAvx<3$-!oWO^F9-xjd)gKlB>_xj4>JNgckmZ(g?MJ^e)URD zE2Ea`>H4uL^G3#Q{yAm~Sg^U6Mu{>G1dMyAu~FoF_`?8^ds$=tQ=t;a&Op`fKRJNK zd9d~m4oA8ESiJPMjud1i-@_GzL%kpjAxbLXSWIR`(i2isxl{y=R*1A)pRXak#)T%|aj(wf&m8Y>z)`LJ zv#Y6t*XC%~{yakd_&Bf_>U-1B8-6u#TfNZ}HoB$vi z@U1Vf7avhG`i}E_8TP{w!WLSSlK+Ue*PH#`lrLVM1q z%%-_My+_d15)nW~1Bhpf9APgHlHZ-#FG?C8EEueX)u8u>Re7*Cl#q8-{I~?JHiCiw z>i(&H4oK0!MH}P&0o{!B7uP(-QvLq6pUiFJ&hfs^eUg!jiR$3dx}-WL%(P+;Pv zuG!-l@RVLfrHDzgHt-HY+CDJj57=Og_SbT1ZQlCNAs1G4o5p6;_$KdOB=vN^E2_wq zWte@x0sd&DH&(!3g*RS-zyQ9(m#30#mcc!^yt_b=X2oc3ZwLH1p{ZqYJGrgPJJm6{ zW4^8R#4ynup2U55C(QZf0(bqFKRs?RS$b8acKa(=C;jnjU7fhvMRO%E71B#&ayQ1; zNqmq^yTr`t9K^Enjaxh7H`&|ApgXHr;HgZA%x~!CZ%|YEylIU~LU6wDW|;f&nizCc z;2a`0WP5Lld1Q)#KPkkPd1qM}pVf*Y1a}&ojq_emLYKb>fzLH|t*_Gpx*_cC0*r3K zR>oJFu{AvM!8=a?XsNKv6%O;jQ8p@>;UYjapMPImP!KlD5wD>Jf56#tXCyOeOkUx4 zs;FZ5M4tR{lY{5;Ms{871Zrtx_}snaD3R(QnVWrk^gp^mHXJAA?Va#SqsE}vP~Q*h zz53}djEm>Hj=y2`3)30~mv?K7JtvQ+jbZRAF0!U(KDRGBEAxx=NLj0q!J8*L7#MqL zY7WnK*lTCXQ1)x!MGkIGJR0iwrf=p|^UnJbC%m*b>`nSTDFcEU=3^cXE zD334oAjVndUrb848*@nCuRf51iQP}#C)vrNrCQRpRkUnk_*{B-__aeGI{i7pSNQXG zn~L;D=aDk$<#j@P_%9lI76Nh|!sFO)l;Z!kIslxr({lC-z2R4m^@49H z2z=`7IiwdQvK<0vgZVoZjp!vg8tNWPEAtHmFd%3xPT-9BzzPlR*L5SE<=l)Jf^ZWM zfjk_JGJP?c0@x55`Bdk_YX(V~D84{JI%N^&1p6-7e4s?!!>xBHx!BGH3dxFnt zfXm6TrG+jA_#8Onyoh+m1ZCie@d%_fbN|?FCXR10_7&q~Iy+HPK1Ifje4;;mqYkQY;sjY)NZmo_@!$*6N1H-Cy>#l)n~z)0{@f!OmpDeEPl}<2gx(mIQ;~OGXF4bEixHWsdw~ zPSEki+d!5EgYC;tJXiW{+4iafI}FF;<;7&;>pjo{d@FuX7w!D!{a-_U%=-gb4f{tD zmS^Yk@F88+)_q$LBawW&FA{>q5Tv9g2l?{la&K1O`yTc}h0Z0B%jJw%_`vjt6Lb9y z`!(d{Gi|-soR~#_F9+X_@SZ?d3rd}G+roEI+)wfSbLR8{5Qs^tyS(Ne`*R(&ch}2m zEs6*fsj?T$s?scm2dxEQb6-knIJAJ?ovCBg&iVd=gS&&(38(x+x}A^v)%e8MJtMvs z-Rbt!W&vrq(5oAP^@QGZ3SX1Y{Mc)l!~E>OQ<*OgC(=zHbJ_fI5-ZZ_MYqG!l0B2T z)(J_}vQa`1=*F;|n&;^oY@6c{cL+vmzqnq9{cOFd9TF@`|3!^w4DLsCveLbMe|_$I z_A(k~)8w7lRoY*IHT;vaU7XSqVSQ>>FqP`03sQ?bnKs5o!88!kxv#T7$b=ChgCoa3 z%Jj|qrS~I_-a4sYJpT(zWc-qK2!u0#MHVlpRCufn8xuL}z=gQA&B02hn`5(&QMtdP zr*RV+C>}1}m5#@|%^^IXP4?Ss7r$z!s-w~-Im0nn0+ezuo?NY7DkiNbMcj6$BXvxW zZ4$}8#85UKi`L+6YS->58^?|?9>ATkrYd}k4X3xODPw1kZ?K)>(UXA7R^BQ5ZLoo( zPu!#rpnC@-kkN(PW3zj`dX#Sg=-{`{6l7HXw?D7*&pm~dLXPT^Sih7$hU{XZtdqTB zy`dG+Bs88QitWo}q_5&m1n`66ne9uCt%>y^hRW%6C8Wg@+3Sc4kW8~j>XyQynNZ;szJQ?Y9jhZXu%4bQvcp5pk5$FpTiCp@>7#I51 za#tIGoQ9<`^X~MeP#QN4xgsabu}f^de%c5>$EDO8Jss!d*t`vHw-Vl8Ct=wu7I{3J z=YVV7v|sjv>GfDKuqUY-PV5^tnEOd>Q`Y^_hCMBJ(4psnKffPC8dF6TwaMj6KZ+xN zD@NRMbt@1GOY>b^c%Rj$HI9x;d#{S`wtq$)AnQ7UXH2+16H`sc;e>4zvtPse`zHsN zl?#acr*r9>uAb-OIr1hppQ>fcjwaQ#Pfym(!>23?rT~tv=@j0 zBk$5B?(17GT3?oVyu0=qE6EW)I0-JHYD77v1 z9{g`&Y>Q0&K+aIOwgU8(A+}3$N1rzPSeHp@8PnMb!(k4}mCP z)+*XUXlYvoCN3x2dHAw|vR;|H(x8wMLWJ%m!bV5J5LSs*(>b)5LG?xJjg^tZ&%ZK1~37QUEt2 z&L~Jgu>q*-xj+cIm#G$*WPN|{2FLQ@V}XuyIAu1>gnpa~K%LMQb#3Zjc#9NUO#LOI z0O`QpT=nG&|ErL}z#HR%;@MXTCv#Ur?yK!BoFLUqFy_$ow}ga}09q)u>~XDrV@b%E z{#z_EW^r|=#!0xZ0NwYlfFF2UlC4_i{p}T7{nwCkBro#IM1a|JW11NXh>eZrZ!wpz zQ}J}ANt?YHQ=Wb>qS2?}D~`=kcOX@;aGc7&!aDSqO7-;t@AGBh=i^r0KA`dkZ@(PY zLjaPHazVpqzx9#I8vz!1W}I7K)kjnalW?ATjadO3^~`f9u8vK=INSWJMqdARZt--NBX7R>6Riw8Ucty}uw0?OhUhrN^6Z zP&aRdVSLUx_j6<&P%1ClGnq{F+#;i>K8E1}(K^nJ*7KX$I~C3_&rCP@?{^J|y3|rF z6TKFAF2W6nUW&@*AV$8Hd&0IEsNmvPiw(HhMfY{2_mZOgk~K29_62ld*J7>Q+AF7z z5oP!1-Z}uu`@^}cE0Xk+0%@@@D?tihk8ykQ{`z>|`0Kgvdp}41xP*im$Y}W?yqx2v zmuCN>f-Ey_x$cM}@My}D-VzbH!?;Qc1_Sq5vL^d>bC^~I!!-l2RQ)rB@0d=T2kD(Z zlfs_H)eDmHfaIM}A%t(>yAN-?uUM;PFF3gS#a??~K^MQEO7iq%~2LZ56aMz2jaWUlHqTDIAyY2N^eaqh7!sMK{X zSzRo8|-)u0NaK2*EXduhIJUuIJX{b?d#g^UmYwjeWy z0)BL#{8_{^;!?oO>EckCra-m~RU^TAL1#3eOF!D&5y}*bf!a03-KFIjIEqqj{0oVF z>LXHg#-+OMD-)s2w35XLSx|@iv4CpL#B-W~OuwgL=3U_gt^fvay!|5X1`nY_bj!X= zzD!BFK8X1(2{G>5uUp2tR3LrX`}%ei_wwjq4i}A3&!>e=p!>GW?Qx>=ce!n9!M==I z#b^qFKDakddm`Rj^5^?Ag0Z5@_R({XY2>C_AdF1y4b1n;N!SZ{E~3Zeb)u z*gPu!cn!R+SqbXgllOK=6Bcrv{rTOAx70@@!BzXAY(?PJRQ&NQwC~M-icl{-k+Rhr z)SronM#sP2f6M*N+t-UgH^+3eZbjNWpTy<813BbFLLS^fLPXT7zdtSz-Dy5jqqrFP zZ`u2YIG*T0h_%s|*uYekfQ=|frEuIbxMO`UjR)54z~ErrK$Jcw1H1Y>$u;Y>+~5Hp z!QoQysbpoqCchDhl9~p*@v;-1sPP|s$z~D!h|5)jOqgr{P4WzYUZf~pY6;0FF+oZSjUugFH< zUIrlyf4>fn8BI>{dn?L)(>rm5(p}@(ZY67PXSTjvykC~-^9s+U?BP?^s%^j z0(U*VRe>O(>4sC``g%XPN1Eo^UejJv=i|0-!V7}REbeK;q3*XDQB2_o*jgk;y6uI3 zYtky@d{gWNvlO1rvR^EibeyDL2h7Dfmz{OKs{zjB6VlXA_s8R-F_bNwT+(`v95KdL0S-bvjt=WeA!1!I~{9>uY*H&r-YE$hODvfm<$v^!Xki z`P)GgN6~h{kg>7Lt)1O!PAbNR6jgtDpYq$&=?ljsj7eK~V}cDSMEnw8RjxwfgSd!w z8HY5RrX|KzsTO^j416g_D7I`v%xEY>L#mKQtFwJ(YL_$+q2;V3K>mGYx%lc3vr=?% z6czJO%~ej#%=s7?2Sc$B@pn>B^>XJQI7S7sLPRuV@$GLD=Ot~`;e!Lyw*otxpkGAe z?6uXyGV;!fr%z#=kYtVp9a|uLKc}U;Y85Q#FoA>0`>Sw5C>-9`F`l1xGfZ0ENd;&o z@qE2o_fY)oBY9l1G;DS+_j}J@+Lh0tv;wAaK5B~exMZ>D-LUvf6lbaNTYp4pPQttS zX&-m7);$PQYo+tF1;|kak_tEvUUdDNBU#H+?5?S0<`V0H8_NQr$YrF1M+CFRf$GznL~(dWWMSFOOMOQx*(Ainqm zSRcq@OSNz|k|;Db>Ro>8&pTSqlg*O^IjQOgQ$_tD#R$8E=J{g_TGiqn<{P$|U@E;* z=RAlftkx6OaKw@p34S1iYPk;oD`*Pi1r0Z~Ym_V{M z|9Dl?I$Vlfy>oi$3!;>6NCQj!2~l$4QE464-It*))?1Vj`mwPUC+1}Oa7mvCNIhPj zSW+Rftn2uRbomBj&GYGk-jj)}*6d5m`$4#03O}(Ymi=UCG>^-NcP5^|m-a-rAJ;A( zAt2kCA&@TUA$s6+EUq;BwY4vl)^w$DsY}J@W_}zfkwpO5*!$8|h;nG+SMAJ=cQ_6W@OzTtwjSWL^ zng@=vUKf5DE*Tl)*$K3cq=%;*gmnkH1S}%#uU8cBxGR*_V>hturS18xz-!~=FO0I+TUGK-PYSeOA?4ox0{L#vFI{AsBMqAgt zTk>1)a0wY4DjtSlw4^iupnujiZnD*0azNFsV94(IXK9``-M zr`S6T!p*KqBO?#i6OLGXo5JlX$Zy{0BX`6qmx0B7&v(wz-nd{H<-_fJ@(eLswp~$p zS~VtPeD2L7?;f z1Uc6Ac>;H%_=9)6nnwYHQ(=MvGj(aveNABhT(HrVf=r6=!@Td3(}-oY_0@0+QK ze`#=+^!@QRv^l;ZQJ7uu5b^vqihC9TqP^X)9L1Yh0EBMt(ni`R8V^qGAWta~bbi{X zkA&_+`-6KHL`8Ob(7kOmc6#YD0c(CjqUzBbHa~-d#ztfYQHLp z0e*b&9ao1esrH zC(h9sPS5LMIwsdOg6br90ZP50*iJ)qBh~)#Iok$CMNwduEo*vhsvw31=|PtLIBg&XF-p<oWswh9NBH!w;cszcuiT2a8{z?CEd7t&`T4dL!`#OlAXsX2*sm2Yi#r2W_nx(< zU)y;=$JIT)A4_40Mlr^L#O}4M-Slzr+OYsKEB@##H&l{^25?{FU(IE{Nq61uU_gOi za--NEzRlM@J55*BGWXrTK;F8JW<;1Ti`-F=eEM^PzmV{zR)@9}8+SWa)z&25d}#(A zAtZN(XwmT`2BBYdw3{|~+L57*`ccTX_s70{;B(ENv_jy`BKgSX*WLoXV7Bbu7^WBCxp zM1N61G``O&l{)I<`M1p4m|!7cIMbqey{VT!-mAg{iOZVq^5QR}31L8f2X1Q4(FWoq z4y3`|{3%%C=Z&^X ztQl~pEt|>5!;tm(^*(`}1tG%-5n)!(8o2?y0dm%Ap_FLjv zzPLiWZ(A2VU>FC z_KWj*+#6Fv>tZA${jc;~n*i}ih1@K>p`!i?5oa)JsB=AX;ELjS_J$CIQ+ZPfRt zYb75>=iJ_Q@%KKEenaW`&KJ(SHZ)t#-G7xe?LZ4U9|I{AH+{cazt(lPlYvxB=3efO zdRu;w3fGN&F3$}z>~mqmBKJJMuIn{p3#8F_q>AgWoM6^IcT1VuWdiibmaPlTghzmJ z`}ay&2+k*2LOu!x)Gl=zt4J~HQ@tHExpO%S60B{?Ao+pJK8v1^{5$i43idlD6b2He z{HH1V*t^;3h6Yxp(EKw5kyAHa9?(!w#$f*(jg{qaeLOBJHf#{9FF_S9A8A|Y=bj2a z1$Ls&S9PAxfZj+ltT}}B_koXvxfKtWrCF~0oSG^J?H~TM zIEg}-D(mhb-zBcaHEC9GM|RH>Erho}u8IMBPB!=OE zpRiL1x$E7#8f0A#`V*_3U|xQFgjrdJd(dDQ85Tg4u>p|y2!iwT@uzxOfZ%w7@ys4A z&UEp``u&OEVip*au8RA6xyx{GzlSN%Y~ZAgpXi}N7d{_Q2YxMl{v^KhJqeZH6Wt*q z66nheV>Fv8=W`XA`V9+$0#id5?sFo-m``!eC|Q~#d0AtNx~>B*)I2j8!>!R?Xb{_% z%0plpujtb%w!>7PBY3%@q)J9_QO-NMHyjD2t2f~l#ol+UoHZKFK0>k4ux-SqW$+FC zz27t*8nhptyw3q@mS1d%Q;_!N`HSEBVM}Uu7+WeE{|?4|X^?Gyypb6_yxar(gK;R7 z^(!%TI20@S1;g(cRf4J;zq-aAM3KCJ~Hcj?wk>j1T1s_&HuO+s@zu zI+2`8KC;!fQa}7XRM`KCzMC&onGG0TXFnd0D7{Q^$X~@58ld?ajW`JW-41pO;t!<^D^3t%r+ z596mOTN5Rf@49d9euw)*{fthy9U~g;RH8C=XAQ$~Pyx9r^oJHe-heb8+=0VA!fQ>< zEi!ew2S1d&=5uO;kHb)@IEPY%xCRs)x#&Smz0r8lI&be+unyTV>3;Eh$QrH z6vO^=X`bLmqkID17lLm<(oJKf1yrzl7*ZkyB`D7A>#Td=wk15=AnlE66||iM&8A{N z_(xsNz0Su#NI_*d^|z=IW{T6Uq;+6Cq3VJgTrWIBy*@=oJ*x-q`4&$5vQ??@RBX5& zURLh%O7KESjgP`c@)WGoS$Wv}vfc{tHVIXm{bn=ztC8l@OfkCsDSE#OC0e*^{S5_n z8wyGq#9kBY=Ak|&)c6E&CH}y(+9H|j?*~hIA1`5OV^-%@d7xFUvj?#_M$c^!QW=?B zn!4BWU3aT*8z9(Hob4N*jurVtHz6^e-#sG%Txg$Ml&rSXyJcPjU~tbkqr24+CgUnR z24;`z%S;`pF^Y78QMYgT;S#dB9i#46SUh$2G@3lr=GS5e4LyQNe5kV{)~h|5N#|af zGn1b}y zDY#F}8HFtz)BZj#=wPlwdQC#|?oJgfxFLTHKK-5L!iEJqmmM;|60?WifD@Ou!l1z4 zZ~E@hTD)g5UUWg~9oi>{8p-9tExvm;BRIqHvPMR%|FUnTKjvn$qBA<<-oIW|3D99& z=O?t)2nq;~o*K^>%lD;1^T-bkCrOeXVR;KU6BX*LcYK~<5g&w&PiRw}<^1SKHS<0! zu_GgeD(bh(na2n4rEhh#w9`r2;}osJLLeeTsAyk+5ac)VzB2<2uee`MRujV$`rt4b z1=tCk(OreW{c?e_la`U2e<+Py*LU+m!NJ|>=}V~6dSy{?LWMV!uXeZqBHVLs=*h!( zv#^`sh<+%h9N4%|X{=n;mp*L~Eacmg{rl&y5qYzv=;{u`36gqta?CZTvYb=5wiygj@u zM#iLkh)z~EMvn$_wpgvI4t<{`?rw~rtk*Zm(%kL>1U|I6X0DNMr}wlv{Zrz8_8s9Z zNu0dgC-SCDofgZ^=HEW)dI*!X4S(`~VK8N2C2XeD{D1Cg@#k zy+suByQHjN&C$BjGVnb}3SIj`ZTevX%EV#a5wGFo#vTmPbpvCwgEbptaHYQF;EhNL z-X+pc8VssGmFaSC9VGkyvL2Sx9s)ES?;R`OW)rcViR)cF!}K)F=h`uZ7Bhzk1{+DB ziyK-JnO=@H{Nu{`%DQ~8zv#)Wzs@8SBVN_wGCDv=DebC7CDN>l$Nq+dMj>|azh>DOeMoA)Bh$j*)7KShFZMQ3H z2^~}u$8L(1e6$+m_Rv2}#~Ssy?T1{2OM$Ox^ZC3&7x72O#{63&rwG55GNrA7@w^Bm z(*&dcJZ)6c+1Z_YeP74@gG&sizafxLh%%YS+PUphU>>)Oj0bgnO=F!4V4y-S!$XmVf&{(Rigq3{gJ&3?nLfGEA8C$$J{@9V z8?33Q(|enZ?u<}*g3>a@uy=EK)f2T97{ux9`x|2;kBT>}oFEwboo>|xA}s8;6p)uO zrj=TR=j)f01rqZ%^v!anCcR1eq+^wL8f+$aR7 z{jY@Z$7sl$sPd57qp>jA#+A%}fKSwC{ks&?$J*nKS-<4yP5uJnJ`=W} z!nf5IIbK+4dx#xizVc-~ zY9gHzBVSI&=X#5%)r+AJeEbN|R+nVmV>2BSn}TUX&4k~lEp3V!g8mQ)HT@6PaCIlZLQ9s@rZlK$hlk_$+~0c>M? zNs8wV%2GVKN2DP&as>7UAx4rEhPM05_{PWfru71@FIGIQ5;9}T9Q%MW5qcoVj)a0<3x^wpl{ z>_FwoeL8;*RQNz+8=6`1yyl7)x(=+%+eev>gAWD7f%?5U!8(4f(^kspLg3$DEfPlZ zWxPy@BX`G|9~bH4U91ZxmtDrm&gX22^ZDAf?0$bm=g1UKhxd_*Ua+n+_^LO?1BZS} zoL?F3IbhMfNb8vV5on_Ou#(&Cjv+J2V%~vV1hf4Br*a zv8)V0*VIw>JBb%S>tY+!uSK^<+$$aj>=sUlW5g?Y{F)0SGyM2yKvrEBQ{a|oj>a1m zKBUWIU)cZ?@2*EP|D5R9I#74w>d6jepME+fS#1d z(pslWE4VXzK@lDlm&5&vPqivpfU*O53UpWD_J#lCxRK*JPpk~n;B24;v-L%bY#G*; zZAIWT$mhzQ!r<>NxeHGU1+qJ~-qeqLeD?(h0{NwFEM3Ir5mXrZ#4(TGn(@f1v!@%# zs3{CPF+c%b!0YMH*8z|vd3(0vLwcP~dU8co2^NiBU?ryuVqGP_P+`iF;q@>^I;ux( zV;ah2+wdhw)rQ>ss=Y~r@;Ia=xETH7KZh`3^SKP?)lDe%bv*wKXVBZ-w1fYU%qj^VK3yrw@dVYY3)#EyP{s8rxXCDz5D|(7yCLS1j zE3)lcu$MYCMNc+*%1{_>q>SAij?+MCn9-@6YINv5`A2gu^vX$Ik+EaHar4K65VoTe zaaFx#>|2sVUTD(;S~L)yfaJFBnP`P_PxufHA32`QU)jD%|96ZU9X8nm&n!I<)vBL` zR7th*RevRBO|X1>ns9{Kh=%g@IdYgb@Uv2ZJts+=7^=70x64bL{_J29xp`k7Id zE-34KBl+3*V4G}I+hh3~wAw#`O2LsU zw@=?=4rt$EtA1-ZT#|#jXITaM!k_=J{9H1>RKWg^~CW|*~ z_`6PuK|PvROi{O7Fa+lSWy<4@qPTM`od>$yrC|>o`MrRS<^)I%T8b_#z@V`dp`FpW z6_T)jhL-Y8we^%dAsD>CuwL;B-~yN50n4;F@9aXw@blWOyy^}@;v(#JChrc*9W?+m zLZch-LAW6mR@{%s+8P}%1yi-o@teWr;fY3vD8AmFetcaD5v9dM5A_RN0rp^7AM>K;&>2)8FeNT=&w!cv5YdhP>^dL?u`80}Fw?gzpu zq15DYu&xAWpz%0)_GeZ6J+f$Kpz%A`tK*F~m_U@I<9Avs}ZXcfRrBv_D3$5w; zmxgJUQawal;e3_iRdh#@Cq>YI(6aK}Yl$3K6x}CEs20W01#&dx>j$0Qd$e)<{&f}( z`}O`jg_nkV>;nL;a(Tx#{fLl(bY;GK!6LQ5+M7(%a9K<(+OwZnMd52N9#B@ zfL6{#@li+ng=TA#-ETb9=M32AZZElUEBl4+us(i)sBaGBLM5EysVWy2B@IURm*#XMjK?T>bt)_eQe^4Eo97@! zhLcg}E_@-|VDFK~Xnvxvw(#|HjZWu7Dxj;nPJ(x*7uS7d{OqZ3TZ^B2Jd4+N zR-oe04I6u+SN=&v)WDVu#R&5yI;X8%{IrWBPv`tpB;NUz(gJkM<8(c}WtPy`>4w-C zeOgwt4AjPC)g7Bg(z;WM%pR9PkSO7Lfo692$s>O+?!k54ZmXYn+qc(#YK3K0&s;e;9`gJbX{naD0%-yK)y5 zpCVjpwgZgIg*Vq1(B;K&8^gh7*!V0kADQ-sJ>8Uk{*Plw{r0guD4N{Ic7p~+I4%q0 z8N-_O(o~GZlBZjHX2?uhwpgl zk!+V=f2vz<9%L(>WIsY}NyF!)cvJh1p2*g%#f%w8W1_2&e4U$iX(`5`anSwNV-3*H zJOq5IN3hhkg)~F=C*KMhG&L`<&|@cCd5H9Um7dRvt_6Q9#mgUqMkdbT*DBRzwKzb; zgI(nh5W)UoOUnk=Q6)5aP_!=5CY(N_HFa#XKLsuH8*mN_y1O7GniZafX1 z+!r9$bb>_E$WU5PQ89rJY3F0xp*-3=GKM$aVEsT9U-Jg650sIiJteP?q50>;g>ECOc7UI%um#Q$644na{Ql z&CpP3xs9(WnvL7M9L9}K_}Ay2KCr!G&im*U%;f3rZI1{{?)xN(y9hsQ%Rrc)LBr6F7 z&9e;tKorp(ZT;kf4PSOeB?zQ%?z8t|Xzg?}f>TheCJZ7XT7_*ei4HIzwC=#OoJwz1 z=i7yEsgq(0?U2#O$yoBB0=*yx*5u$f=RI`Gjq6yJM>BlF9BhT<;!6v~&w=5ED;jVE z6}pf6>TXW_71i#KA66XG;#QCQLVByo1M_S;7}_+-z56t&Wk-R%93{=_y>v$dD8LPe zn=`FcK)Cz*0)E@KI}o#TK|g}yY>bblmWjYKL;3PYCU-jtymg<4hUm=1d0-%2AYCZ*cpOC8{)^(yJJSoEF2f5Fz5y0t_TiwGXx2Z_=U~FJPs%R z)M87-q~n^{b@zPTgG_E;KUIf&hB1wA1BR)^>_q2tRc?Xy3$h+9%rF%uQG5{Y5(P_Ibbo*wk?atn~R zOpH9Qn(hTN|g>@JR*1jtE^A1;Czj}K>r(IKv*c>iTb$$f!8x)$#j z^t7Zr_-A>K+tiQ$7>Fwdsv?~8`Si#MQ69|T9G=u|55dNWL=ON0uMwsR7A#aww1Qg9 zwqVInf^jz-Rk+H1xj^aCGrZxXixM)!Kt;w)e%!^^gF5bu7>wOO6@?SpciV!uq}{J| zCdxNyt5a!9*ayM(GpPNwz9iitjyyO)9JRYwT8KUEn1nbYsqSyNc{w{NT|FQmHYNf9{FCIIdC1&GfuN!Mqg)y%@ z&O@aETpj+lokR>#*vCU**y3W2^tP-g$vw3Utyy4Q-Mljj0C}~TOt=1{ab$VFe?||(hRLs|z#8YDsnr##TG)7@2BMIerS)bRB_%&@R*hb>3!6iQRxg+d$&VB49(AmgAa6M}c z&8*ouyhJq#yS(l6JI2*hvNJS=7`~c<7=+gh-bGPZLv;y}W%H~x*{`1YdSD6KuPD3k zO~dzw8~|jz^G$|1JZ@Rr$V~(<2ce;a#5YGRTZLSzGm@>=I%o%lkOQ$ zuKq!ilTG)5@xfmBWpoR6_U(E6CXsg5m)E)x&~P*@UxeCC5GMMI9&cv2Bw%Ez$X|vp zdSjy09Bp# z07ik@{Jbf*wQ&wI2LEhyGb z5xhN1OzioF=-1@dn?E|nUh$w09Mq3^%))0WzTrUj;uaZkSOUzT@}#NeU{%pDIA8me z-ycknZ-4fc(}=8{89+(&e!JdO-_Q{jtUnJHEx+da7GPNDA<2~H-g$UAw*Y8f+ijQN zF7k_K_Wjv{8$$NO+t}0*udH6wi(dtgRsJ{v^*f*8$}OEQaj9PRX|Y+|N+erIr^xc7 zX<9R^y3`NQ)a3X0MrN0_X8FS>n1L*A8mhkrFj}y^C_LU>HaaofS>e4@*2d21t`Eb% zL)zE9?{8vyt(2m%!5*%krBBxS;9#YLejXn(bnD4DV_pS#xc2^}*v})kj2~iq_ot(; zqq*d5XPuS3I0-O2KY?{a28eP?af#Bwi{+5mwwklxWKBx~XH^0l)+ccWSIWNoAKcPhfBaH?bG^goWlwqQU^4a~FkS&tB60dtSEPQW5 z(|q&wH6B7utx~RO;d1-hdTfqF15nqREbOnw%*h*+NV?tbioqQNl(7vOP+rM69}^qK z7j4D|PlEr0%f0!5s&Px4ta*ZQk^d`SW3-~ji6W@=0U+yv`LSk$%@Cx7W&8Qdk>`WL zwx=a%z47{Ovwk;TjNmL(g{7X7=xb!s7EJdse8RJNF(Ab^!#*WG^3@K|CI=tg8WDmB zRJhMksO1Qi;~Y|ld}uMtry#fdXg^F}^*#&Yh2bD@+?Yyhs*XtrPDab>{|DGVJ&B6Z zE&9XyIZg;2&-NVo?|V>wSNwVxf+@<=w1nd)t3tBa6G@2D*s6LK-D2XW3%N1!vE>it z%YTOnpEA}b?Y<}dHq=+C$t+(#!(S>J0yP`J)OI95-PO}IP2u(?JcSgsb#R`joMbCF z$7RPW@a*GbUn-L9aJVXGMK;dZpLrI0c`kA7-Hza3Ou8PI*+gF3y{0ByFgZg-2c-#bgVy*rX;K1s4tDCoE@^6i2M0+ z-{l5Fi4l|j6}};-O@JPfJZMkOf@fPp zCHvn0rgL)0nNk`~Ey}eAlJ@KC3G{=P{rEn{^};V!7Po;p|Im~qo;{$y3|n++v~Iu8 zmp$2|OY&vcXer0FCojagdXU-!y?f8TFwKrm-+Dp36Mc{zbx-xW&+9K<^SJC^k1D9l zgT4=@S9nlM>K8}a9(~mB%VmUjXW~KrBt+%kNBRiN-|BA{ z@E{(=X+Dzeky^;+x>}3_rdVZ{>3Lj2^a(JGsWRYiSOpP}LABhH&-nvw>m}z;)QQa` z{j~m8E&w=v)V&y;UMpb5`}w#8Wfv>I+O8RagCwUy{o^x^MDIP3(N@C8V``dfoPfxJ z;e<=@gXb-pwXB~VtAgs_7+*h8h(~`f!Dqg6i*XJhNrwsxdJ8-XlFt%FOWF$a{By!BD5mPgu3>Z;XgXahdQdsibKUL`0ZfUVX@! z;T;zyaW9?_q#$S37t;&KW3{Q0WL|DLa(2ahnH}N(^+EO=M>#>0`+NxpgfHgc!Y{eg zb97NSP&M4rnBX7v`LrRM%(9<09WtTy!gkohn0CCa%2784G z7OgR-_}_^v&mX}7yq|&T8>b5Kg(Qp{7ai9ZMcg{Id%<@R7xhR(8F~a|qE&q^F;9~b zF7y@nn$TX#EM<^Mx;{$%9Ii;XE3|j6)}hB31@n;Hqnt~Xs?RR*pL7F&T=4!F!;`-C zA86}e@gq(^-NfGwR65Zty?jp!LtJeuP{b*Mi-s`yw>a2M$vt(7jc^%1;$16dRQqg4Zwi@k0UaDLYW1^e_TMYQa1pyb|3&ipJ`=Lo z8^`?e=7Q6CdkxY3)jwdO@$|f#0rE6?-qJw;g4Ms2eK{6qN(Fx2cbw;8uVE53P&+?l zW$dc$0IrbcN3I`#1Yxsg(JzccxqyJ$l9^nl1xa^S`9z-L;&r7Uy2Bc!WwsBPx04i_ z`x}3ZUhkbfGZu2TM0lel{YZ4&nL=fMKxvjKS@XTzTQK!;27j!OHQML);5$!L z?7wQLD$t6fE-ZrbI{oE|YkZ_sRdPG#PIqrwiKMN^N z#UJ13`T4AykJI`Z#ssB21Nm{dUNQq~&8lHWQ1%^+LNGEQ6zyk0hYWDZzV^+-54uTJ znRx>;>q2AGL2MrxphLE3IZEHM@Q{mVKy&9Gilbpr_3Cdv}QHeTJcpS<1<@_6KK6{cWL*B)cY`t|D~+xtqE z8r$a*EMrCJ$<}F{LC-Y7S;$m?c9A$2MCX)Ty%OLIBQr@KHCz>UmRKK z5u5{{i*K!dz_(9X>M73yfzZSm~+SZ%aHo7-p}rfA@V>dEB%H zzKFlsQ^GV5Z8p4sECaIF;ScqYSo(Ya0IsDx*zRN4cgJ_-9oeK9qY?u0b{E8s$%a~3l)KzlN09e zd0d^x1NWBrR3_Of=x{bWLCV}vx(8OA6!8s@kz3h1FnGnc?Z{2rx|c4}II~GiqNGUI z&P=CI^`PB?N~)j7Utzi3!vMB3X$cBGoVPUHYG5>)2_d2KD7;1s`?kRMlPYW%ZqRq3 zg8tMBf(fik`-Al}Tt4it7haGca?b;LpR6kyc57uQ;<|sU2-Hx3U<5CHl z;a2WD48U;ThthA&YIyuCgS!+L)j4|9AwUv8tzW44O}HnzaH)FX zTdJ0z*+_sa?Z!gl7bE#O8<&>+*7Wy}fY7fAieK!ph>O=UhGo z|B_}R<@~Q_Jhh! z!FhX#Dm}I9G13TDz1fC#K(WV$Gq`hjrHTpue)fczjb;*VA7=g@T7knSAY=ArJW`nO zOYuq4Jo+>9_c`1CQu0ZqxTm@-C|5<=jn@Lq(4tDlHI?f7LR^tSX)`ARo(X{yvTYZ( zQy4jYGOB4qQbv`yzw!ge%g<1L{A;_I)}*`?Wo>}PVQ z0i(*W%P%8(6UAw?mc+Yy&Ei z3y<k{nGq-;(_!FYI?`|~;4siTUboaRI^9&`O zexfCydprdg?(r1@kpjVx5_zKG!`uUsto(dQnp!^W$}$=>4gne1V6EEA_GXZ7Zp|e) zZD|F>(T8>47v_j9pTg|-s-M1ndahB-Y;i)zbqrs z9N@H%S$;(JFAp6MS$)ydE`k>K#{JV{i@d=Uvi1);cj$fON;P-Dizv{ZebDrTg#x?l zR67{)he9bv%EJ?T)(QJ|$Z43deX>ewTt*$uIrGx+cNV zW)-1+&7xU21v?`3d)%O>{_R_as6Xu=RsBU35MPDza?0fB^*!JCeYecWWZ9ly{wMKl z)`H1(MZdYnNd1LM7sv06v0$qMak9&P+@#lH1KfmDK^*}6zya{BmeS}&KE@8JDWo&H z#~(6x7j)_#~Yl%JD(cJ`SDlo)PpYzSr^m?U!p!`8SlE6 zEcYXQa6i!}XH&>u`=Ev|kqT_qq*PH!{1xxR`_`1(&S2Z)(M`z6QFH}+n zJ`pJr!0(qw+d7@}q>_jExywg1>*|HPn9@XaIq|i&q(^Hoc@NwpQu2E1gC8ANee;+X zhPqZt!N2L^{k`pqEexmTa?%gMp^Oib>pDjbzw~~Lc7KKM|C53V?lwH4tAd$}8QI}s zarMsWCztwgSdEmE*sg1jwyZ=Jll18z3z!jjuPD~vZqwyQ?kfeo&q9l+amoJ8wsGM% z$(Tz?96vdfD2=jJTF*3Co6>n3qk>PLW-W4XD{_uAj83KGyM7KNcB~e67b46%;>z5W zBVWUM0r{89$69|9^tK*dogS6T8>jq6^t9scnk*`uPj`&1K6V$PtOtmZQQGw zy9Z~b9*^JaaiJgYsqbobj`yvK*S%}al+P_Z;Lk{oPo=fY4xA^9G$!-(dY$9=cQUtF z`Rmlm_gmWdk#U)Gh`n&*D%YlJfn>iFk29TEuOiq^@lBR{9*x@`fqk0TI%kl^sD4^t z@`x8X-iyQGRdOuvPe-$Wv8?*rLwR%Ij6u-8XvIG;AU7>B=ky_aDc?HZm5wR|0?O-$ zpLIn?*+NO?vY`pPZQc;XW<@U**xleTRxE9zSJjx=GHy=y4TGMM^t?QSh(-IUbf~`A z&Z#lxuGgeHvDff8p=}3VsT@m#89G>u6&EjrED(LTyMUN6Q zFe!(Nq3m{qrvg)msDw8Nu36?Iox_fwGN&y_bpNrVDAMSOWMCK(g=HDT*UntPG>b3$ zMoC!oJHs>2!4b>4#r4-v@v~NsIeNQ6~$ec45G`pFH8N@+pg?I>!p6@SrV% zoJsnWo}jy52_){yE_Tmi0Xz2Y&oiH!xp` zFnx^bI^^KD0L;&mg2+=fJUICMBx7;8m-|IIQ=IMYTU!pZt>V-8fJBx(HS^<1U|NUk zYbQK;x^pPr*_RJ=Oq2#?6i1$LPwo5TvMRY>!y=zm?vl)x3{h0Rqr34-l{-at2~~_7 zj(d0l-#pyS^0E5Vgp96nZjW>}?vZ^Zhi6Ty`ck?sNLx#R8j`_va3l8QM7zK7e2stf zeoVjrg*+uW_D$mQ70D8*joH#l zzvIhoG|&LX%_do9bd{gKFB2y$I{todISw%~l~r~?8Ry=PBVS&1cM2If@i-S zqz51Hz#uE(dqzW`Cr#EqKd@8LaX*0oLhn%IwHDk~A%j#d?G_K?Gr2T1ALWI`-SoS; zXG*eZAEn^G6g(#JEaa!pWbCVI=u48ZuiAsh35&DB5&)ss&+<`ID`$95%7Q(BV@YAE z#M4hFlgnUAiEmAEKa=B*1W_pGlg#^Wr3%h(zVzylIu(6tG+`Uw7D-M3U$!p4Z2M4w zsh+y*QZ{f%xLm#}@6!(m4snpM3Yzm@3GqQqR=(f5#$29k^Dj|)z>r2NKp?qv%88id zi2c&qG*2>TofMxni4-l)AP{5q2vWCYlJuIkPZBo4z!8hZjE@b1Igu`2>jO64y#U?2 z=-9onVEXld>pXCyieplgMizy)QXUTXr0Nycie7$-UX9JeN66`O@hpchl6gr|M>MAg zciRk;U_vFj??cNG3{o{Cn4}uc-Iep3FC@T~3UA;XfA6)Dc8s`q^5Yjs{(GCzPDYKQaVi9!*cu>HXXx zetbxuQU*AU&+xPRTHNvXt^4XNT~*jcW!dtP?MuWHgt5xnO$*Mg0b~M42%RuHyK?L_^`IY~ z38_CrGvR2-wIK(7;^TcAXVqrSt4@mvVFxi!CP^SV%9q?*k$|j%Am9fm6R5 z9L;u3t}>5KV>eGCIk;#pAG#5It7TRnT!QM3MTPIKt}3FuEgOCF>pSy92PuTA!Dxyc z&j&ZG(4XVj4TxhnipS~!tQ@SL{2nAHw|{TyWD6!;80X9Y^a}Hp7!s;@&E9KAJ>B#3 z#o4C(ySJFm0$sqgOc#6LFX}T+u7hHm-e(B>W<#eozC>RqgQ#wg7?>M#!_ZgyeOh{5 zCZ(_aWowOh6vk&j7^_BoYSzIxRkOCOcl+Iaap zN8(5YGq*Spf&5GNzz1BkOY@Fjk~>>i`;fv=6f2GHd!A`PY5$g73|254W_{ZC1%@ph zp3yZmm-5R|RTFvj+($gNn<pN2h7Tg~Akg?4Q#XbsJg-M%dH8m}^5k|bU(kq8cAdz{f?ul(Q9Kup`LTiR zFb)R541A&RjnuDl_Ookk4%Pg@zGTeTzn-mZ=|>|sSxOydN*atvl!qKZXzw->DRn{z z8wGdc2ceqI==WSPz50C-N5!r`vdp$h*XxA%Y1Y4F=U$Kk#5==w*sE7qFQE$J@8-#|_Gz5H)<|*_`h1c5YwGG@wI5Xdw7VYSvbShN-3e*4hBM)-dGD`3X?mOq za$_+ID7}6YeQvE#sDl)eu&}@C6E=LEFH1q|yU&%Aes_AFQ^(CU(1h4@uqIl5&>#Q{djY6 zuif#)4iSs%B6;`p`f%Pi)&{EGJcfQaU2w{%c7)0@=G)@^*Umq`2Bul5##Z(7@h(SkUjdW4uO2a%PofsDFDm62MZhX<$Ct{;8@1r z1MdeGK!7$W8eh0!t@jtlG9{?jTbgTYu5Agt&74=D!Mv@$DOWt6EOeCkhwu85`tdue zurF}fcc1(1THhrKMgAc7Dts((Gi#B!jBjv$FT10valy9;!IxMVuq@eU@gf<#ZX|q9 zRm`nxqHN7R;lGfsF6OIYvMsAKpL zRr9m-xMG?}N@llfg~Q!!P%VF2(7SEzF|K z-H*lkRNJ|$;aRijA*MoO8op=2bv>oUirvpBBq4SY*KahuZ-eI>rTRD&!iR#G)#XSw#9#LV61La^?bytUwU`zZ{Kx5N+A>5d`^Xj@Z)}py2Q_wEu<{n$NE3gU_CWKc2TkOzniC3!`U*kt5$~4* zz~31T!AO}rq%B@_GOlc%yI6=>Wq!&od{ewJ@;Ii9#3~AsxEx)1L^*icp=TBvdnz&@(}Mv8mMV zz3C%99d_e!9!Z|?6zjvBe4pY@4#B$W^Zc!7%cPQ)2F6;TrR$Hr?rA!c{|gOD$+)Nx z6(7&>6)3u|uqBjy)GiGTmXoT($d&MYjXDE4k3TwJx4tq^pg(ncGra;9ATdkCt9gC| zw6Sq#R953dF{aZPQ@vi@v9tIX#Y+PxO~cLbJ3I9Lw$TmI+;tDPrWj+2DELQOoS2ab z)fKv4t$q9QSC$b>D-_B=#uSTwAvM+^LsJKKuA<<2&PU(RX!2T7JQDj_VZR$u#iL61 z7N5pc{UhnRwiMO2=r2hUc$6p-B%{2Ef|4Xi{`#I&-%rfUSYZa%X{PBV15(!B zroPwjjohunWATprwANvQT&bmaIiB{lYS(i_>$9J^D!%l%n&?!#zEgKN(ZGq%!_U1vFImy>*A}_Cl1b9!MZlwIsnw9HYKBVvY-NQh; zf~{t7Kw%Y$`1f%q%OfQ8yB2s1DEP3S@Mjn6hv9LTg-l4qLYSuhJM0RS%6{ipyF1!Cg+5(v{$^gyl~0(R ziM@v0Z+0tN_ry5t4_}#{UdfsJ+|FTj=Mx2~)?Y+t|Du@Gg%IQQS9|*aHqTWMVXKkO zPp3G^&u3$udBK0A%K4{!kJ?u)7n?NV5YZ<2XAxF{^0vII3C0H<{H@ka<$nO#G$`mH=>+;K-@34EPr-{1ZAoS^>$Lp&#uezm?$d&O0Qdiv=U zwDupZ*O#Q`8B((VYjjgc_%Yoi>hRH4{fKgI?iK}h98e|B9|c&X5THWxd=M)XYOIs) z!y)o_yoC?4h81GBDArYM!7Q=ReBy8N)41*%Jbu7;?j-qPl;4jm!U16El|N*LPTAWJ zwemO&55eqLTnOmAP<5Zjy9cHFJ89_a}mmhVsf=2k3yM(mjEkJfk(9Y=c-!SSyVcEPhu~-Wg_yjxe zAigG#6Z@mfiO2w}U(6S@@p4d}>eHf`-Ug>j-O_MO)Q9kI--%T=hetKE>6A_6V`z5k`1d zsv_A&4lx)~Ofh`V8&T}@{Mi>?Z{KO?(Vbg| zA=u&^+LKWDH_QF_v^+Eiucc<*|BUC)%nBD6VA3xds@II#FinPb7H1^dQDzB`3lWFL z`+iY!IPPCZ68+c}%8>XI9tiI9%X1uW#2KNG*ZWUul9fl<`AEOQp^gNg!K8aHPgjDn zzjTO#F(Yl)6f)@9@f6Mie?;%$cOptXa0UkoOX>G~zqhc&c$)`uA5QCuDoZ93L~4^V z46!kHTySr<1MGgj)twEekHVKP;lbpmtSf+)lmbK{$`+|V=wnjA3$?I4wK9NXN4sxs z;>8Bktd{sym?tfywDCCZ194BeKBqDDk8R#iAItcZ@e4|%@c4^NCa{hJ1b!Zlu?zqh zK?APU6kkyu5M`ZEGeV8EKEH}Xwmgoj=Z@d&K#1)q-w0(DXzIF%-h`|YpRrI(qIaT) zWkfMlwt5^SNUwQjdx-`4q`rr$wzBV*C@FWjB)w~`{&^;HIDAfQGn9994*?3c37 zipgYuXXSY7>MlNMPHcnpT{#`h4$#0SBd_3fpcJNU!E0ZSZ8f$=IBxZOPw8=}l1@O( z{K8f{(*{gh`^-S>gU?kh3?+M1jQ2y`t7QU_@56n9ogV&>HXB|4o{*jwKDFFu-~Wu8 z!~X)hxefLp9p~FAS4F6&S(L7QCBYuc2-v2h%sbXibr@gB$wC}|)C-`|qpD2x6h8J3 zI2lVNRBUMF>7}vPr!JlWKy%b3Z`nJ6K5g$%+a89$3x-&J7W;l(w;k4?9B!)B5K3aj ztgLS;DT?KJTTDJ1xYlWp??rwP{rm##0=Tj;xGKqHTKtxalyiIUI5Sqqu8RLia?U(u(k||LvqD_iM zc=TFx4v@YHU6LiBkD60aM`U(H#`A#R5W%Ey=geXH>61t^zO8M$OUgbS|*r&30KQE6@uv)g*(ngNH6r8aV~t4nVW~pU5wOla+zaSH!e(2 zYGuBZx8HRifvwd6K(Sry_`~(a=XKyVz{dWhcw>SjVt1KbrCJjd>-wW1@1dAGFq!zf zUkD2h6d^j}!D>>p|LMZ9mLb@IAg#dOzaUlwvO>)(3_~M15)lF&_}h-IkmU>yNl5yf8^fC}l36AFyg&ck z-jqG+f$+3W=g)Y??}xl}g!H!=s2dXx`c(xy%xq6UQsC;tG0Z@bAB&?x2vh%{r`4FU zC9zF#(fisK_<4390RPp;PZA;Qqt2?*o8HctQEWA%W?vUS*7v(m!M=p_a<~NUuX#n= zn}fvJ1%T3|lM`{-Q@(H3kXd<%*EsIj6s_z3Nuv$nDHe)?vs=4ZW9x2CW zEgx5@+gGTQG`^u7PQ`-zv*OqIWXNyR7ek8v9c^1g#H6iBszEO`cz)&vD476^o)F!YBGuafncr z)t}OpBOWUQFAK;~V~{EmLK`9Y=9jx?Qn#`KYA#CfI1G|rsHQEA``RlB`<}4>8$4-~ zs9_;=`3QL|MfJV1llS&{j?CF*k;oj|3{D^HF8WA&Su&*Vqa^d92!%WOB#ogv*CTdmPE9KL7X@_$N^_o2g3RtSB`F&Bju-Vx;hnvlQ`7fL6KpETE>(P>V6k_yB+-&2GOwoHsa=dTU|w=zx`%!RMUPR56;bx zbI*Op{TT0RWjW)hcM-BKhNf%et6%!(>_Nx4y+APOcZ%*ap8qJJ_bEG-O;M^9nvR$C{SSuhik%KK2J~wjx{hvVz-y1eC+%1 zfF}g`eTH;?6{bp2LV{`;&C%Gu?w>c>50=4K7v?MQy_BAR@>v{sZ=^c|30cX0ep9am zH!*9re=7ufio2qIXVZe!%4Vp12L|eh9-D|=wXXr*c*lRIz&CHe_!Hwo4)sHWI*YIf zN3eI?uY4LuDGT8W8*67U{r|GR3~$PD;g$XZD{k#Tp|o9%+n$KM=b(QrST+^t(-YG- z7b3bGrQ7*b2A%UFZk24MwgNDJwV||S+ue(Ou$0B!U1jyW+rhIF4|%EZq^xxWaG`21 z#>91TKy)~$lrtt3e<1)Y&-im4#zcOj^jO<=`rVP60u*iW1c464m7$6BRi+mVMB(;2 zT14^;_s#glvyv^Q@V4Tu@1DwVBSIIYr~e9__zi_wA-z-7Fh5*yQ#v?vcc81B!B53P zx1%$lcdZbA?Q-JaLq1ng3XlY$ET$Ht#bJqn9iPb{pNQ`Rxw4FrFXxW0j4cE z@|XL><+~kaHI2Wy#Yt?_m%8pBc_g#y(~e-_5d_u8Z)%TaJ-#??TDxD825IHsV}9o< z7Ja4v5S27F1;6B$bTz`j$m)a>ItdYT@{n6o&BCl{v=JX7IJX#Y*(3kIA8aST^VcPt zjP2=KY4zv(4%JV*uvAQv1`&v*i$$}&a>!wxSLn`pvW1{1{9IeVHSag%ew&Z(!LI5s zmTULKdtY5yE#gCu@_l4qWuu)mbmXoaUiismovS2z4~>Smb;m0OH(v@+s-KRATcd8ERayj}QOaeBgM1=SHL@7(x;@jYakAge?E-WEwL{))}q zE%`#}#DGwqMnk95?~2*cC56{XH>E{lA8*iebz4qGjni9sroA;{yOG&PlVL?V$~uFT z$Mx&iiASUwa8syem->W)=2b?$4t55x9)W-i4)kAtt{)GsgSK`wkuYS?VN91iHfWdZ z)M&1s5{E%Y1ZS>{<7!)cv4fJIo7O&WE{px9^wJ z(*A&?J0(e@~K_nVEtJoTz&xpjSQs- z=w=)XVP%E7>=dq#T$tm+=k_i}Yec*n@*2fuwWZV4MLrYl!}b8(L;w9ghu@>;(%3XX z@&P;cOHt3MxJAse;^_1A-RF`w0(n~;lY5&#ZU;GfjaFlRZ;#`FDv9Gqnpfa*q`i)K zzlS8F*4G|tjs_!MPm2XrHTxpZ`FE&y%hQR}1&^^$%(A6!L z6Q|kfzyi5XISn!x<~0Bfb3!fpc4zFAIwEyc?qucNVF(xM_#=keQbqkP(7*vxp?LyJ zXWWnAeRau54=rG8sM&^K#kTzkf;(#V$My;Z0u-+A1rjWF#X@GVszu(uS=Ma8oaSAK zWgV^QpSoex09f14N^n}~9eno<898wQ*dh2v z(rXgFY+ucg6tPAdc`YmhfT;cXbR^sZ)(KcRd2#yonH@o@_tE`_l!T`}?@t`auIJ6d z5to=}L#_~9OG7arh3af)-2nqK=9sM^;7yFj-|_bbqqp1RJ{3 z#O7Z z_O3qE`}A@pa~i6Bl^e?ltr~t`J38$KOrCm4Z+CEIXIkVYaUZgWYklLt z6iz^H!fD{gv_x`w$z^`aA|z_Lt7>!c(RUdQ#e_C>G$a=6Nl&@VIp3=vyh;||hFia@ z3Pk2-za~8XfBI?cGysq3v3iFvOnCaQtM1ewQ^I&TAsY2!1F~BWP+3_s){=Y}{R9`$ z{;}LMqOSyOHGQ()_^>2t5Aq3)YhI-z;!$R|xP{cL_8 z_LG=C7YPxLK)lfGbzD&vl*%-`)7%ko0trx1R~Xp!1o+pH^R=`7w6@0A0q>zWDFmrD zE~0#P)n7}G=|mBW1b<`;!@oP_YzaiIiI=XC3a<5^1NrAF6c9M>Woy2s`Da(Ts= z4Dy#BY z71)t^W!L)`924kupPv_(#5jr$T%8wB??j&8-ay?@!`oiaQ9)bYet&yi(E&ZC`+c>C zx~Vs!oXKo2`7hSbNV$kNMe)ZeWemz=^ao(Z`^h-Zu%_etmP^$QH~1esMh17Gd&qyqmi;THdh^{2DLQKgQE zQ57Z(t1t?xHw2^uEn$V^dQVn37&Xk0yJP4dAYn_MZVyjSt*vQp9uw8?_+D_YGCqBZ zjGVmpx-oKeGN)=bnPT_ZdIZcI>d!t!9sNZu>T+Y?*@@dL zE>ODnGi>+3V@L&VC(>`Bz{ccb6Z=JzICK58I0z7? zstr2`aAGUy$|a3C23~h7VG?eMPGfhzt$Ddi*#nqTb@SC!5jCfd~JRgeK_s9p@(YI zZZ`d{1(rN2j> zZ7sO58_*|;?)8xJ#mPu#G@u!T`0Z<-1VfoA3LH7a54cSjF~S~2po=icoJP^28o`UJ zB^|ZmZ_$f+z8&aqG6(a6;(ypPhd7UfuRG1l={a)usNia$_<0|^2{d){Uz+YA8gL+9hPiLgH{`Ui(@gNil$UV>dxD=ODS)Pa4(9i8`P7 zEFDTFfmG6YKViz3M8-8ueT)h^YDt&Y(<0*=&`2yT0(e{3R7Tw zmCSyZ(L#DvyuRt5II;aWfO&a!)BA0?$@i4~%Rq=wJ6;Rlti4C@HR|ZO;!FiD`PS;w z9iaZ`b6)*O;}^;yBCJ52mrSR3X_V^=LkY)YGj@`>OA?|YMPLAD70B2*EK z&-nH@c1(;-d5&3g#AAtO{{(8zi@6-ue7T+b&uC`hrdA{@G0DyW=F(h_PJ3mzt03N= zpkaI%J7M@4rGQB!4wu{s)XttttAm-UaxiK|t5=x+^eaMB05j6y&T4~DJ|&{g<@c13 za2+aI$U@5Oe%nPC5~Y`!S$Z@`HuOIp-{D6a!<+}w^07^dba_K8jB__U)RVxK#&#{4kI0%!??)37ecI@p2dL+b2gq?g4UXsnD=d zrucndNXZ4|v;Oz+n};fduj3^u>xNn(vv{2E(=GNS&wF+5y2E+Sd@ngA0_wf7`WW9KlBFzH0nGVwzx)Q^_(oa!&cP+TbRjDgE z-2J{spl6;?IDB<{K(}h|B8PV@1R$oBe|hI)6ZUtxkF(Ul2p5Li0S4BR7(rVZU7$eP z-{r4Arl3xq@_E0CDKDEdZsD!I780Kuzb760Nn8K?e&5WGM-hsEOjLa)w%v~iKz@5s zozL=yxxj;gu}lk@YOmebCo6bK9Os|Pyxo4{tmGHfI!|3U?)weIfKMiOJmG>WTx=EZ zUY1bFC0E~At-{bruRWdd91}N|U-TEh(~qY9`FtNE9`!#atUmxcks?TR$bxKq$CuK` z%8};A4_`~z*Hse6cIG@h$>Y|Q)wPHN_7Ika*FJuIVVl4^?=^cKo>zAm0TDC!&|r9G zQ?lvDh~rNMgadjqAHNh|s+XQxB;xdbLD%4{RKro8arI$oy`}R63DI)j9v*eye(tM8 z$?2Dk08*Bq=2(7JQugLr_>aM@~8d3y?%jFB_zMzq`zP+>;8tbeXb zHXvkrH-=Z*=Fj2<@sUvWZoFTO=F}4q3NA0@2Yl!o$~=oXr=11gRS`IaHGoPuL?4-3 zHJF0Bepcw`f4%bevKuaUVTl^njNQwQ+!hjg6&CL_RlRft@7Heeb?PgA$0Y!^<2jtq zKA7$;TpH6L%az3e3kj#5YaU zqZarRHeY}K)!GZl+m2YeYf2{|gLL=08vr7MQUtxqCuP%(^yWxt>bJX7pwbG+ck&@9Y!(4P=@4jnbq~q5K#q>Nc=UMO$_nnl9FG%FOfhP0AL6 z>_^%vC7vTq)Wy*zniBDq60$kHmsDxK=13W&M1)T{-o& zi8i4g)I#V_A;GmqQC(gzRxsgWm!l4p&uAA3a`rUHENMio;SAA(nUn(Y`Z-+C|5;(8>(mn)5k**+(xtV$3(B`jE zWK=VtZJn-DNI!YJ@}>)idq+p^S?3NU9=JnqRN5ZKIbAL^c9AxHb@^WX8I|Oa?e}eu zv*G6K-Dsjy!8;3TYQ8UrZ=G?8dzP*V+d=+zEObcrJw^^5Pr1eN3)JK;)#QRAzNgwCHATpsB-=h9ctM4$hIU+BGSj7geWZK&o zg?5JN9W=_`mvHuryxvLt0}+II!cXT&O(59e5}fdV-{S z1(czM<)}E1$Ex4%-|KgdT7H^G7MIqpS5`Xbj<)FWhuTlAmZ+8W-rmndI`9n#;jx@O zzEREd!CcVOk~JUR<`YLN>nnWw7eF-0ubjWfD6sRCJ18E6MSsum{ziejIIPzWF>Q@&U+ppxa;2OMiW)V&yXDqknu~EgaGn+xrc{bf9Fro zEeq9GWtpBI$>%t{(-OkmsZ$w9#`A9DYg~U>LjvgA_dNh>%NG8=w=~Wll=Cvt_Q(uhm*$Lr^W~~;g#mXRu z5-_OZa&?^p)Ky0H_7(x%#=!sb!LVQC!p}7vPmpp`gHJs*uKbfdI5hGn z)L4%p8kbly1e9pO#cLT|Zs{!XBv7k*EP@^nIX4G~%Yk|C0Z4q9vY+FX?R7oAC^7UkU_x-e4$#e7r`hw*YQ)AiE5`FiIOlBuj3^@P=5{^#nBqip>&IC z_u>h^UhX9AG4FjJwt2Zr{4Af>w?ruK#G0E}?rH{n*^W0Muk{pzG9vZ>A_0bG{XLEF zx9WZ_=+}@ND~prtp)w&RK(17tzOa=Dbg6sLp{ezI1VAARkGSa03n9N97VG51Sw4P< zBke&8I(A~$wENHAh!#)L{Wp~M>wbm^6|kNs>?UuhhT3NQ@D5)nfowYZA&AQaKQdzx zgg0g%k8Zc`FY$S}k@YdAA+zKX7MyLraAWC|gNX3tt?HxGc!VaxAnnCo{$#q#+1eKt zG>~3%W;{bjc=W{z)wuMqi5~Ir`sEC0;AiQK?b<;Y`fPLY^jdE$_ieYUjSh8gW`O8= zOYOT;lM(WBAA}J7NIz<=xp(35 zn)H1!O|53yQ}Dx!mkx|!=`=&t?fJnB>X?ieHby%w5uDMhMb*Srw|21$vLrF%oHi`|P zVvUb+k_jNTBsx{Ppmmq`ImzgwI=Y%ZW~L;b4SPA&hiy6$bPqomYlgjeui!C?U=Y;T!yeB;K6~Nr-+kHtSPXa=b$hcu#mYFAY~YIqmnsl0nx@8yD?-y` zDbi9N9|wr_>?;=SKo=M9ZQwuv+tSk&X4j@YB{GUXc=+^mlHbp+o`(vZycQkzadvXw zE2UR1KMyjw*xwDl(4*OoHKlP6%ky_hB^1pCP}(Qm^rHEdvR@a@G~NWe3B>2=sk%!k z%#NoMkC%qNa%1P4wJ%6n727?>m&M@;S?dfwNUERXxYxP`g)1+=uRiwF&-JG~IfL3e zcJI%^;vXcS3T3X4>e+Ie3!CiyY|rmcSwL43$JJi0a*3ao(VGYQHs**~V!K9*Q_@A_ z*%OHrZ%Oam7{jFtbqF^rBF?7A8oSDnP=JcfsIXLtPR8&!UY*SW#6(Nc9Tvv3Mn76D z&pLuX=&;~aPGL(tU#pFVT{nlU?p&!2@;+Ce^enwEWGbbJWnb^XDQ<*yxCItrK(At7 zPxg$z3!*&T;Z+J*Mus~g;+uzh9O6^>~SZ%Q{V#dqDuB9HkHlj$8w9)ZjzXCiIYf3_lsP zI(j&lTv%ZClGj8Biq{^o%y7@U54;PpF5(cJBE!DBeicGmWJBHZ1$(nu=7}VJh+J8pM{1Aj8z1EiDT`Yw z7p~s3NQd_xgeYMIQz-T2HEF%hCil1)a+`ZR$Zua5KD?HF6`ewp$)Upc%^b_U^0)W4 zU)-Kg)f4c7(6>GHhv9)?gh#EQ8;}e)QHkG5qR4vGGXp6QQ0>!nA*99h?js zhV8e{iNjei(=`zHj9Pz|EfDdkxoVpDiY$p@!*`~2EcJcF&|4gzl-+B_IfP^jEW1Uy zt`D*V8QcE<-}r@s9Q?OF z!VLadIbC8(bx+KC7+L&&1rOuX|Bv{_OKr~)w9?WsH+E8}3$#g`U-FI}@#ACxm( zEqoV4bm=)*!3^LPK(gh<#Ba8JoUC)uI39+F5m|H4w)u^C$M0W))p}1zo_wLu5%(2E zf(buwF*KG@K7v#A+ve|lG<(O*!-|3IqFFwx)@!GqFwH#Q#<^K#`tB zNP5BIEri53T^!c3a-JF*LAx>feE@PI+VkY=zL$YQ{Frm9$TVtnpZw8H!k>PAgh71f zc9#TY63z2zKh{=_N2LW3r(jce`&MX|y(hpX^O0DaEIwD4u6qv3(MBJ-X{yWl2cUWv z_ppgiHQI=3S>vyOgad@}g;1K{T>}|Pb^8RYqK}ZVp&_@N`l{v=yP1ED0PCxhj2AGMO^lPKZdy6j;Z}_kA zaSbci3h_dT;TkpL*`SSl)EAh3?6b&P9eYXFJ>su4gqybdo)_7*oOurc)9N9{XqdfD z$k+p5t^VvFn(AfM3gFQ%7;JbYrm@1DUg|?@fA)6ku=YTYq2>{+_x|t2247tdg@{pz zpjq-^nbV(X)MyL$PFA$cnNU^!Mjrw*|A>}J2&Z30crtru$G3jANe*cYJu56EdR#L& z(SIIPf%VnJnI|yHRr7ZOvN#Zb)pZ|2^DClbpc3B4oL7)Hn|ImmZNE_0*?Nd8tF8UX zbHBmwyoJ;n9+}_$ZrxvF_5nB~P0u_Gl7}EQg?PVyw-C@p4XQLQw3k-FkPkP|j>@Am zo>yg$dvUxXlb$;7z7OyqND*c^UcP@+>0 zlbrYGxodO^cOdYux(`R^Mdg(oZaqeRG_Bw1G4*i@@$Kc|cD8+)&_Ft!j6BXM9^|kx z2f|oZjNkhG6?evxc0MV@L45I%Q8$s);Egim<#8~O5Qb9Rkv!z2j|n4gMxIXZjp$eO zPccIkO*T9t=Od=7_%sayxV2*ZKFAFmjw=guuFne8tt~qQlu@2AOI#!XHMpy|#Z2)b z)D{BXL<5P~J$TN-q!x+wOmJPMJet9<-x_}*Ry-vObA7D$6qTOluIc%Gg`^Xuv4eEH zzan*VJ%KyzJOeE%MIU}4!AmM&5wXM+@=oS_o~&RRlU~@REI|s)7lIvo*xrnk0LG~=s1^2xkU4+i(u4Dp4u6YwaM@znX&Slj-?at>MSh{jmZEZjRmlbu=DgU)_;U3b3>k?MkCW zIgu5#VaM<#ToY<$yf!5tG12<45O~UzsV_2Sd3VepgDq6@TREzrX5K#zFyICGB}B-z z=EWUMUP=mv`v=NKpZr z$B2E%5kR)5&aQKiq)=>w+mcCHZBfN3Rl^+C+Luz7P5}Z zLEH7%6{&4Pz&-F=ni*FcPd|I%BW~D=<<<>p|7^=Uy}J-Oec?j9PJzP|sNvY@cKJo& zrXG5`yXNJM5s5#{Pzt>z=REEgXT45l|KC1+#x;+6xNUN{AFfd>Wa>A_lmLfzTdTd;YwPIyjmn;Q>C))xAQ!?(Y`(I zUx@W>TfO(@`ue6~_b!7^n+0d1IRh|w=SDJ%Mi@zNj;UXG*j+fC_!4C^J+t4(>gm(z z@Kh_b1aYLf*!TU>@Wf;`IPJNW7W|jnIDU3#h_3U9ID+V#YF`_sbgQO@ton(s1|55# zMq(jBaqWhcY$v8EV9VVf5aBGpCxEcd$Z>_VZVkiBs@vssaJE|@p4HT1W;VU5Zx1U7 zLP0qH+#D*)s0^ar+c**S?zW?ZqJVEJ9DoM(`9^|w7onx!;tN5T>vQ^SW-&wZF>g(p z;)u6n3c%P4&OXi0oEbdsG7J}RJz;BSKOq(*>?SJb^*4^d#gDf_4ywQoI~Y;Zu(yfj z<@s1i{%Y`WT<{Wt+YuFtJtv{K-+%@|a%kGyxhyWz0;m{J>v-7hzO_A{PN5dwMp`zZ z)>)j|rwnn)6=4kjjgZE5C;skNL4`eF0km?j$wFyoc*1)ehd_*&c_AnZKj}_(?~iZ- z`DU?nl77d!#^-Jcll3JMY{)ppT>850riSfgJjiYqPU@kk6(j zEDzyUNW!JR{D@&*L}B?fqg+1A9_<9;2RfG+>82XdhnVE5W4v^^xB--8!s}KXgzP@W zm$cTdH~8`(0es%SD+if*>D+%YjRe{R`XYeW>xRC=?6!=tuwS?@d|z2VwC?g(z{nu8 z9}bs-@h|s~&$Z*SLSGbqqigX|z&$YGQ{5aW*iHlijN{r*r{Y$!zI-9Ghldj79B(J* zAX>U+9A1m68O7rO8j>xOS1dT!w^RBDpm(HW_BwiT4p&Ju2v&H_0yfRAKdUG-VVjSv zZqcufg#m;k`x6OuOVcXUroJFGdqgXwp4lGq2Ky!-g)qnX2sRg3yNsxQ>Mb4q{K?4>=R3MgR9JbDmAdG zR#BX~#}3m}+B+x|^neF)8*cz1klX~G4CAU-lz#{7bO_}4i#$A?#pT$6D+f{=RB&#)%dz?h|;?_)mWv zVmNp~_Q$@pWwRWe>&%8t`wGL;h~Qbkkh6VM#sVF^Q8cwgl8RrtM=0K)>MMa^@I1#;eKIoR9f=4R>_sxv?K#-`Ic zGvc0{ICpKtKe~6EH>FF@v?5Gj=#5?4?_NB7Orm%@R#5LXT9Ril5T` zYhET2bZltjy!d3@mrP2+t|J)BBY9jJ^c`bEk7GRIY0mgPu@@_`%H7&TxXzVVPF=Ek zO~K6&96QtoEM6TtD+u=zu`n!3qSO+Ybr2>32p9%t&wFTenS0hK+EqB&4b%Gq6i*)S z`AlCUB{bIgedNP8p=DT56}qrVP#?59VHxCp`}PZxUKxlDti!cqD-0VNwtk%S>|mTx z5jmn&0EcBO^Z3aaz2tay@gDW!v~?k}-qjF{8%;572zp5C{MV~-o0o!b4n4}h{q9$A z)TPY1Y=#(Gs(!y1HA=fr13)zU2rxv#>=k%F@KN~t1gmU|112rwJ;0X-71Q7MYZy02 zturpKnLR%~-LQBs=>HN?N;eZ>z{UujE}Yn;db&jWPoq91dGHAo-*kawLRm|htGtna zk3SG#PP+l*>qrltXPaBRK5dSd2n@ZkRgplwh2MB>i#QU!_D6a@D=<*_h7Uvm_dl>j zr397ScHJQn>piRsT&X*QGYNg({V-B;AosLtxE&W%;HAI2yA5~*I3q=c3+sMi@Jfj0 z@2!kM>)*$M2H;^kWBv#(<9&3lc8uDkbJocoVOj2r>>s71_SkF~vwvS&7;#{xbI3Bt4 zF!8*TOXE*HD1MpV$Vz5jG*I}kPqCt;+-q(`e(nODNym{W(ZG5?YmkY9?rR*scVl5P z_b9=3=Wz3L%oK&HA#;wK$yR%K^Ck4BW4EjE;H&Pj?MtSr4c=v6V0s^DiLvx1DyHq)YW7+0x;jG|YL=WyK(1Okk0^x0}EdF{wMyzO^iI+IV8OL(V=8i^2=@=5g2A!}a-U|qxO$+iSouwPgJA?76tezj zvZMsfl~$uTqnzhNDax5qudT+h(Y@xogv1^ZB^wAMNi zn6Vj(FKVA>KT}PwU>lf!=$ZrO=m@oWJoyj!MwcpVi}!pm;;pzK0V<%A%7T zQLT%X;U)ZAq`oNny= z>xr&JWi*<^@8NC?pyTmD>~PeWL#G5tlkIx!0&-%1QuO& z?wz0UiO%}me;>wczi8k3(5VBd8IRzDKKs5>cegp&DivlD!x?d?@W)|WM9fz~|MKvw z3JBZIxLVWbBuqxjjBKudRcT=vB!aNhFIx6E2|tJpexeh~N@xvqg^^$43%!ikmP*<_ zucrqfK=aIgwRz$f-X)A@J{e`jZ7G>AA1i*`iOh*UUe_254qIB$4lNe$ygE|OYS}L# za%BH-NgB-DIi|sHDA=&^}y#af%=6=VkH+mcYxNgCWg9%2${bT9OwiZQ#ApA-oAaE%l ztH{3IiGrYl>2R_6XODIIp@ro{!lQ7$(-tRWBb?gqPC`xP@e9`y%Y1s~!6Vrx zKA~~7_h~qyn5RKr1z75Q_vz*`|8_vnUAcP`m1GYnmLmKT%;QzI?O>qE>4VF49AF)e z)mcaueYCxrk>NRs%#8fawCAj4RJ3q!9R(bL{YX7uz~X zn%}Rf!SsWBRzp7C3J2Uv8ZM0`r2<%@ViA~$X^vzc-6Y_Ic}BaW5dIkQm{_anS(;Zql~WVGu+)FSAy zff?YmA!)fs0q#PU(VBwkbJytd&hS7P7Tbr2wSlK6*$7Cq%Zu9x)*uM>lX{Yt6U%^p zPQzbPsIPP0a(oUWW3X8I_Ti3DMcg~P1X&4&iist$hA>sFQ_uN0-9mgN{E?uBRO|q` zx#Mg3h+aCcD@*I}@Z1@Za*?pbth5?A1?9H>o!@s%erT`XteFn;lgi5t0q$$kyyX^` zoLa)YLb;JJ4NTpwqLz%*6s0jQpQgz6({vyLM92>nZf~CzT&E6uUj3ABWAPGrh<=_C<;4hpL*yV%VDV&On~_bcJMBZ#h&#_+;lwOE z4-`E42NL?XJ$~^5^wBa9=3IrxJ>_3!cJ98+&)51Hs3PX_hU4~Wu_#x_^9VcJiWYyl zL_j!bP0NQ_YJ@%VZx434;rvsS-&qA=^jVm(uC`57c-v_Br;if4jjl<@mmE=Z3L(>Y z&4FSjYsWmTQkYhC?5)V2v!CYp-V4vBqzC!$GF?B5bsF{p=8$`DcrIZr`QBzC9U;bf zuWeXrm^d2W=zaQFnZs~VbrHaA`Wuk7N}Y(}SV>R>80@CRw~ti-SFkDed)<=|!hZH( z_CU77XZ=-Zf-WElhJie(JfE+H$F@YqWh1<9FNM1T=Rw(Hj$JoK8HDN2$C&GsUa!EL7Ws{cOQWLmG+^bx#2 zdvEpkIK@mjWvn$hK1@Wmd(pn%3wjsb2cc$9iX~4?>U`dZQI|DV)I1*tcj-cg^}Tji zL^;b2iT_G{{*4I)t<*xjG0G~vsH6(ehcLTGz70$=w3nt90|rOeZ)>=w^eGNk?kgnG zpADtjR;X;Nbq<$m?TS>Lp`_gLTBaKRX_tg}^;f}8q+@LsLm)MhOX90JP~(b?L&n$R z0-gX&_gm-4THeD>(LYn)T9{lHXDy1Q*UF1S08a#60$dEvXf#X64jfzqjeUM;&jk7o z2Q2yrU-%z%?nn1vbQ>$P_PILkz52Q2cJGWcWcCOQ>kZ~G0;NIs&x=xL?$ZzZnc?w- z-v|A6`)%tf3%~Jte=?XxMo=jx*oVe+?&j+E+{j-H2f>4H&o3kJuZPrJ@A+2)nH;z3 z-|7A|U=}H<2R7~epZoNL(--@ORMFI1HJ2c{^TOQOMpT*D!S9g;cO=Qr*@HnBH7*Hk z;y#pWLREBs2iKVxu{O*8E{8Nv%T}B+Mf>IChSJu>1nadORy2CvlH8|g?UXG6O$E&_ z(qN$YU`(S%VgP6W{qv(z6?W*q5gSW+Mq|?H*-X74nUTWaDfnYh^AHdA`%tP38qAYY z^dm{J?LC$p(O%kPH=T#=W#Hr0p!25)NZ>WfA5kQ6N3lCN_2Aut2}ZzI^!i$bb-!6} z!CVtGiKA!u@j_^SMSN012aQ7#A^kF0pGOJ{w~lM!skeDiy>s^|N~>v4-#9Fl!+W36 z)?k+HI8Y2;wCf-85uB2dvcaj5TA^F>bP;E4h9d7w2$G7mUkJ1N;RG2yQD(Rxey6Hv zsrmS~-IxeMUEpkS^0Z_#>HW*=S_BN&dEbJ=-vUw+^LJ`7R3wEa+;T@E&?!b z={I&?U->@4SMS@`lVyXmF{VQJI_2Em>95%< z*%xvoD!JS`0P1sttDtvPCi*hJf_C59>Q^W!+@JAP}p>U zFmz;pC}_=lmx_@8S&S`5j7iyW%sdBE@q9DNdAQbev+r@ng@4)TfEe4uc-)O75?V%j zU`NGk9Nk71(=)uD)$f6^E?mKpMrbN*`Zgi$W)$;pkuh*>`KrZcPc;S!!R9xaeDlO=m(%uW^fM9O9~0cu!$9}y3Jj)-2)Bd2qCet`6_}lIq;As z*-{$NE-VUATQXBsJ)#@Ypt!Gih0dBAZDV|YkSrM3mlA8Pq)Z$fuXGI1qPG)yq<=~_ci2tRr{F_KGn0L^*}Y#&H9X*bE5k}z*Hg^Z*oR)>AOu20~HO}=;O{Cfs$(2GVi|o z+U{wXVGkpB?0M3ocReDl8DN}eIlGlxDKJV#oiQnJ6&>Ewgf_B?n z|3zQ;@>@N#Gi*9Dh!d*zS*l>PY?c$u;6+W-gRMt7tzc}0&DVYn3S91?cLdoud%;Gh z=S65=U`06z>Y{&4;zdRW_jh@^ZE zzKs0KovT!EY|Y{*h(G_P}W=ECM zVsNj$^cK+YAfO}6yy|_m6gGdx8qV0oWPU?scN({rasa#LP$*~YGO_du9|`UmM*H-& zqtt&3^LfyFXU)44oDyICt9Tn+1IyT|G6F+IVJr z+^#I*faP)~LCX`l?gEVQ*&Vu#d!A!`E2bxsa3@w-=_;k3#8;E9Q*hAd$9FSV9g`G} zg4uDcS0!)aG*r>K**w-~UwRwyfnvbjRi^-<+>f{K>rMq@(ab^p*;b!UnKM=O^zplI zmp203!pn1+MJAff^!r0Yw5A~Fj1w&?hU-2~7lCHtU*hNXmFJh@@NC@SCouWrF1_?4 zBUl!hJ2iF<>80>6O;wu)qba>w#X}CQjtxJ#TRIlexbK=n>h?YkHvu-tO-nfAAvv0^ zGI*!wS=7O1k$beZF?stOTMHtK*xe@at3y9CqPg&>5RYPZF?HP@=}(&tCcG3?#lv_2 zDwJ#GFwz47AT&<<=RVV0)!6R{GOlUs@46^Hn#8O8g8Oa#<9T=QdV`uZ8@776P#>bv zAHfjxplYw6r@eXfpsv9k{RVewKHZLjb;#f?iJR6Z5|zYfcbsx-x4Bq zv(LM!1AaT5f%|%=OlH~0oj1}(8+<(WG$JPXq>wLDA3th(ps&xjaZ;U{@I-}!8Uj}E zi$^(-jYo8IVPD=0OE%a=7Z!G72PU+IYty~1=9TRkGu{2uIJE^=&O#j}X61-h8)yUU5dW|oKI4U}- zj6`-A=6#m!Qe(E}$3;p@{hd#)=Q7Xte! z9DDX5x9Ahk0@B!P0xTDXZ@-$^oWc5GU+LGSwR}J^lN0vu9ei3;z_2=0vxK}VF4vwrv)ttuhBbSsfRlSl#W~X!gY2Lu zPa_DpkUhMX(fRH&2i}q6y0=TQd4!)&T)oN4b?XO&qK}*Ob)VaaMHAFknEA*0q!Et> zel`*;D9|zgi%+m5K4%Bw4=dJ8E9d>#3zi&t8t@bPGUGoC^k?+=I)4yLd>IvhU zKi#&nX2j!b_}z%m&SNOJm=BMqosf9Cn-uWRy~Hq;!86G~?EB_hOXa16#Q>Hx<^&b zy;EH9o9qDjqYp%xsGQS~FV3EB&O?3zX@!`cz5!^D!+~^4x39&;eq5GN&?C9U2fT1E znhBlYi@BZfiAFCm$B?f1fblgzOnbr%mgpO4+3xjTJ!W8K>6cXL`%?X6gg*y;gI=Yoz1|&F#5R#Ma-R{>{pd3ujq+vpYo8p43to)Opz7$Uiu=uIk2n3WlOE72ySe zShc32pxh+xpqz={rGu?}_m^F4;_mUWp|Lp9rt;W8HdZv@*qG7vD*uk3oTfZDuI%w}{UO7}q%f!tGuR^n3JaY5euTG6-WlN>tQ5@2 z%`Z#Q^pyR`1iLReJzXAGT0F`|=5@P!icC$`6YZ_c3+b!ZrVnX=p^T6YV@pcT3r{f9 zy#9h=`GD!!h0U;p)a4QyfsmXp`>4O}xxd?2BX!&m;>gngyE-5PAnnFjGE6fjl^i@; zA8JM5`O1)t<=pf8H-|sE%3i1beV8||Se4Nx1mdU~Bg!!X8?SuLY(j7&5bsG6Q(OqP zf86#Ik$tune#wjeE_+1~sy=^6;Zf;|e-x`|Gt%VYQr|#u?|WN+$(7;l<_Y6R1kVw7 zIEo)$zsnIWMZ-P4LfI|HFM;`E5|_^sjrs%igm7UYi?f?E0a>6s=MH_j?EcPrJegzn zn&DyO57)@&0S`$|)7W#5;kv`NKy$mLw@>@2(&c*hR&>U#P^K8Eb3Ilft85WdAeFHg zdo4QpkY#%h=%xdwdrwXMY&Z9^Q(CjSg6+6<&2)t_e1o>M(ihk-b<`+wx@6>&UoZ#A z`ft(y;)^V$9sZLBrZs^)c7>uFk8)BG+|k4X4A!2uk&5m>xz1ai8jpVQx$d4eVf&Kn z)5_BPwU0wjb2~IvMpcxRH)<+KnCak^@C7f3!T1AR(^{*m*ODJ+X+;i4HfF~9RcTl1 zm%6OKBzO8`R-Ekv?yYKY(Y_^L2i!vs4Y=QN&8JoUl9#3CK)N{|j#jq7W+5n-i&d%U zB(>KMaMW-OhL)4O`-2jw$*1$(vt1*)6-)$gdYIR9Y|$dsk&nCEq0!j~P4CZ+dW#X8 z$**VG$?}VH&+?vO?qC)lD~c>UvtOdieINJBO5Rk4V9ome7U2x@oxDCnB%mP~ z*t66J7F%3)`ksY{rGs*l!bA?@wRBOe$(~2(XrLW?GLIwa;F!WQi}@=v-O0m0Z70vUz<3`c(vPk2-uV7bbkgtjh%s{~SFQeHE#_95`pg4FRUnLKoc zuB|ica$xczYzSerIvC?@KMJ2+rZ^R(zdyCQmw;9QziwlN-B$6clk5{^bcDQ|5Feu! zQ!)Q!+54nZKLD*ij~m6DD6(;#miP7#j-$DAa6X-)_DT>dhe5M&_v0H~M6oP4)I%im z&Fs!-$VOIge|jigXlZ%*mutEqrHCPe%;Lh!z0kb}bk7)sh=P|wIdCB6L=gYx_V+y8 zMvj*TOiRY%zM`8WrBt z_I$MHqAln{+8$~KS1QQiqYXFDGq)cbD+6RL!HGz;BMlQ#CgG^%e)}Ou;tMkKP)*JE ze7RVyyN*sfiD2(6q`|{1rF#zL+YK#rDhtegrPh$M>TZ{>PqYYs>K)bpS!{(%5|c;z z8(z+k09GnlKvgK{q!y}u7mr6z=Yxha_$~kH^a%^3e9j+QO8TLkj+Z)wl|G%JhjY}& z7r+T3sa(d?2ozPTkLy)ew^-jp^vd3xY)H`r~1(tZnIOK(XT?{;>GtP?>Q}4fSn`nFE~t z0;*XUIw|U;)}v(hP1ffqjh>1vEOrp0H?9iIlue7d-$c6mO*G9Q7iiYEv-#}k{NN7B z*Uh>+2lg5^NwV(L3rXEc?R#Te;@V~+&WT_yzPdb2`d;8`hJ-TYbK@e{cRi!vTj+T* z)hUQ%%*%s$5pp%oT`XWjhELOe&l9FV5L($nN9h4~g{SBa5v0HV(VwB%BmrN6OGEgJ zmCe2=jq!bl%!X$UzG5F~j8vI31~aPVk6haKl~lgyf$M*9W9WDqR@gKoAMD8+atKf8 zr|~_XdV%`v?{AECwl5Ug^y40xkSpGD3ZqYUCr$>np7Sa}oO0w^Js<9vgd}u_MAkvt z&ksxKh3^rntX{$_Ja15PXfdGAFiW%{j-%pk4k$6c_y@QNzbtt;$*?HcEAiLwy>f~N zi|!Xz@1fm-ePA&u-+XyLq(I`x`uyBi%ewr8@)02OEBdZ5QQRu!_#_F|3tCqL?ydN#$!BJ7=`}U| z%h~z~Vm`*u=2~ld&y)F9pV==;@}c@>PczCGc-N5b;4}uSU-wrGlQ(zBnx`P_F$e3V zpW%6uqfKC;hUQLG#uoN4*tZ_$4fsU@Ok$e4Sc2JQCW=%r*`@H~%LenU4k8P$M|;#F zd-Y%BX}E<-*39@;ctTOI_)GZ75R89H0;?w_;q9IB?tnZip@OczUSr`L6WFnQr9kE3 z?#GzG(_S#)K0-J$a5`?up33@ zyxs>%y+Sg;#aJhZaX5Gr*_+*V$eEB%ZeJd3_N{4BLl+6xkh_&0-{TWD%xLYLMN4wz zOLeI?aO`H*^ztJQXS6p?`aINTt zd;!Hx&G-uzN$BVhY2+at~p&hiCP)jBfq(VGM_y3is21$R0&m z3r~ITvlWvM7i`mh*Rlw^+t8g2+!@1p2erlDB)a7!aj*rYIpO+!6bt1i7jY@d@V_BTN&9Q-_OvEjRD&X-sZ_Hf1k zeMjG;?-d*|Xy2bdF28L@k87#Vut7#_LQA%?UaqMJx)hZ{>_V;UM%I_I}$!q#$@DLYi@9U9>KOfkJ zBu5N;86g9FDC*#{tl*Yj0OGO6%jQhu|0}(5_ue_KF!?QCh?yoYb9%U@S4*m{@oC>1 zlb?^+bbk!H>G<}~&;E(sFt-nY(F^PZ;DI|xI}CdQAFiQ=FV%vFqV0XGbx*yDO|cDnSId9e+?-;G6fBjKu#mF^t|UZS=8KzrKPeQdAi*Gbq0 zE~#OaqXn5>U(K^sJhA~)=sRk`ael9*7r8EjyPuO*e&jFk5Q>@Q;VH z&cG|+ImawMpTZcHGxneM?lwJxp@CN)FP*x)mLnLdJfUJb98KnM;<+CF95JOb=^PxU z({VlIm4Ir}dPw40#Cj86X7kP=owYBFr_%tVZ!3zM4OAaLMMua)Ee;M=0gMYs@b4VR z&C4yhprNu~HBCTtUy9S09~K-kN7kGCw6@DEB_MEC`Ww&3eup{|$L;4R7Bs%t~{^(_3Tm21?o z|Ez-0r$4G)!l&8PX1?^EuVO_r`K`=U`whRWCBuQHC&-&)owCjDcIVq~^5^P@P$aKd z=k}-<0;Uf@Pp-mLt}L%0T8&U!D)!bM9S+k|BToDavq zHx+t7t)J-gsVa0#qA26*>nZj^2QIGr5AovSic7R)upzZ|Q;o@p^!(5xFo8hDnop5< z>fUz{kGQMTzv3e$%on3`)#%)4_wj`{Kt|c|4jOTaK~TaG@AZUsuct14e)|WD5=%8Z z^vy+EbAAdepTjn^>)IR7y+H-8Vxd{>8}dj$C{qDkdkw}F;K@u3;AMgj1RxD{?DeM$ z6@COC7Pbl*w(U-_0mCWsJ9Iwc9C!h{Wn7xRsA_JSwbX}(9Y$%-yyjnOGZef4aR}j1yzM3t# z0wTjLFScV`t%$8tYL8Qp!A4?AyT3J+C)Sk-DN+*C?x@{tRtC6gb-ALBewDJ#WYX}x zMOI-G?yKA(7>HxdKU!ufa`Q?B+b!d?i+!e>h$J%vSB{HZm^<)w$|Krt#SZMqU&rYx z_x#*i=Wo^c?lJC-2yj6B11UyrPqp3GXpFO6Iwf50$HU!H>=jnpmNQ!w3f)A056Ok< zIc%@5pchSR`bo_`a@|l6nj?5+x2=zk;>%M<1S^qpqTl>0oa*(Lx$zw5cE3&wM?7R9=6y)=q$NKhug~`No{Tto<6S+v z=jwFW=WFtm=l7yp@`H0k22Wh06CHds=3PEVaZf$5oY!-1mhY?35W>PVe0G$=E!=o)>u4iVI#etoHNg8xxw=PZO^) zd!J^2h&{@^7lEJqJzReaVdpewq%MwmA0uQ7OG1(^us%FHx$pRr2wIh!^Xu#V(%5z7 z79xAI=+x|TLS*#J#)pwV0Bn+aca8+GP9=hzf?T$dlx#Y{*;GDLPh% zlaSllR`|=FO!v;(=?hF*EH7Uj`jyh(&|gNh)AN{Papg3km_Fb}=qC-tRNn_#Rr+;A z1hdz_WPHvD^Jb%;S~CeGt;7!mOe#2$M_cct?SA6AL#saWujGDf?lYHVILP*kRYTY% z0TjV@O3Xt^{VDx>CWR6Um*|ssedEd@Kl^vGzbzZr9y(m|pdA|jan-V?@ow(!FHE0# zb5-UkbVVMt^v^MXv(OSdZ)%ar`4i`Q{DJ6=8J=tfvE2DQ*+p}QX8qft;K}T{OQ0=H z^r;%LB}DS%^4#Lx85&t;&>HY4<`dZ{_T|6a zLsv|$c@un}y$a?nJ(SxGONBt+V>I}*4*g1CUf6H%j=|P5+923TW1Aqjd!b2lL> z$(m`uDD98V&;2nqqXf8fr&wFJ%3v?MXP0r?H)sdH=RO&4>p4>ZW~;7l}7uEBj#| zG#*q=u7kg4{f46r#ksQC0Wl3 zEe@FEgz`yR!Lvl_uv$_T(_?#t-@ z6^4g8>rpWS+Sdu~+t267v?PT$a%hHQGOBSrnFPf3$L1ngEQQi;{J!%`h3q%=jJdW? zCWYuWu+x`1KaU9i;fGg!_M8~E?B^5RSqh5{yZR2Ls``{8 z4G}hZd7NYa*b{krxxL`0cZgu$xHGF4!DoS zY>U4>zkMyp#XIUZz8aW>+q5%yu(IkDR*<`*9-k44G?3P?(5s}mUeIck;}`d zvkd&&$Qd^KC%NAfk=c2Z`h7(ufOxK`$Ck+Lwr683Bx3_E_Fv-fD^ZzPfb_WD^5PU0 zs|e2DMhHCupI@~>=s74l>%8=!Bm|h<1<{@GxR%F#XG-o)9N=b@!HFr;fzJ zGaMh_vG!qaluOE>6%Sm zd3}P9`D`7_Sl_W?!CW#3NCQldsZbxWw{1@*5U?=TA4Wo?jJcY>?a zy_B}sUu0qlpZpKcSYA**yIpjur&#fA-Rq<&q{^7@BH+QE6Mf0Y5EUdmLk$&MB>^J& zb_6K>FWYEccYT6vQ4g4Wwa`W0DHh4Y>-lAU?eVu?UoYbw>n%2h<)QIGnR}wIsal2# znX7N`g56Ho&q(qLdjS_k+v&ZJCOAjo|Jfk1UCu=3hpZI$a(oo_!+~n#R!5oKQBMl{ zWv9Y456-U)nMInJ@*-`lZY41Ib!}P<@E8tMGud^--(fi@8Y}s3Cx3~LL)}ZZ9ao^* zrcMM^{!-kei@9Gyr^jDA)#Y+CQSP$Ou#hn>rG9%q1yk|v6XAK9`M!pmHa4clV+t2O z5$o1{IUppAv0VNxUn7J9NJ#{u6M7>GiKr5aVGlcdf4cn;(dq-WK5ww4<9}=98ede) z<1DejsGU9jV3s(cJAF~ksr?7yOQN!s2_%XI&E#QwduPQ_B&zg+^;fVPaBAHPbgBGV z9#s!)Ha$=nr`+W5d?eF;B0|LB-Tn|^4cqLrL;VLhZP>RN?>}b9VzsCPSdsq7MeGLm1r+7scR&1FMWHjo0qX~X<xqm>?>mHO2*z)nTULZFIC>A-a(1M@ zb;GA5c?Mr_c+e) z^u+e~y{||}nV!)vgl3`?SCtGFGVb(Q4KDhw4lfE=LF8lu%hzbX=&rdB=X&8RmPwp) zbhN$czHCC!OaHfDM03G{4(#B}lTkNHx9f{NKBt+D%D8RMQ|I_fYQjOa z_9YM9}O_>BGq>|3VB--}*0@)%_o&S^7yPmApK*z$V(fTpIv1=#aY`}$Z1 zBy({;8~t>Ft5Xfts_CbOaR0t`>+%C8L`HGn#@9XGYL&0HpLC{Og8qRXd15P1*5!Mf z1*0dx$P=>|W*6Cwtq1;k5cM<*Zze#od)7I5A;=~h2ZJ`?GelD9akx_YX-w3!$T!#K ze0{&({txfe3RQYMi{07-1NrR{RQ8Y}9pg`u+nnr;8KM{~g!8+Dce!!hTD=Lcc<*nm zL#4Q{qQ-&Ylw!29Uv?idt>%m8SY5v67J7Mq40rD^p*p-6HM^dIKEW-GkkeGHZ^ETL zHqyt?jt?}^WZ6k5XY{o#r9N#=c4Hl0P84QgPK6=&PtAHhzeh@b`+e-e^L^ZBKuz=S zn-0^rq2E`|jeS~d$aNK{8ZZNaJ*)Gsplm?GoKojnu|9nIcHFbFy(u<%E^8P(uPBMy z&%D6P6|(+?+{~R=o{Xgkl;OfVmrs}%&qalpT`pq@C`f;Xt5u`6`$#R1>(W1dQc*=* zY!B3Xal7~sJd*o95LVK=Y$5}&9D(O@W!CW>dkjv7SgoLzpP^z)9;^PS%AP_1_-m_+ zsl2MDFO-V1lv)_Mrhk%$fPGTlaB_7hE*U~>ICKMK zE_a#!k~_z)Gd~o3CJObkhL5N3n+~UkoqDEM9>P*UzlVU)F|>Sp3~~P-GR((!;ob~Ja2LZ+V(}+Gyn9wr+IWHA*)VE zHsy$=#=gGV_fV~&Bs`y>B)d`rf2~a_;D{ku;RVyY6{Y0)m+#cqcQ^AgwsmqAnYPzy zl_%+=$ekh1@91f=ib#SXTiA!msa19zrd*lnXob_I%B-r;(IVY_NMzD) z$5?iLKxTT56n5BebRWzWo~YdqUZOi_{;LieE1aB1{eDu->#Th?;r z_MX@iAraaXP*1+_+?A~y!Gnps|AM<|%8IpeLk@>{U+(n}*5M?qP1~dn4u_6lBd?I56@{%^brQ2!@)v zD+^IYj1`u@JF6YUt2kn+v2%Dse4jCFCPZ;li8>95lOp_Pki&01l=D(m9!{RBWJ7+( z{Oi`Qb`K(cf2n2|5OUHX%M5o~ap+ktepyzYH95cU%iq<9-55HK&&qeRTXv%kxs9fk zZ-!m|ok0gleLlA(ajBqPtjcfvvT}^@4z#ASB54uJz6^!|b$N4#PqWI)3QC+JwuNKtv64|I-9@H$?ydRd4f(#W?> z^=x@{G+LJS?8z_~vs>K57IL%`dbi~uC#^-xpJ zOXe|`Jtp+dJfDw7oz31mW>fW=Z>Lmnh`l&16Q@8QE<=JEW?x%PKWE3MPuDO z2hU1;QS-+yV*#a;2PgG)Z}q+>BrqB6%dHZK-yFeBu6^bD{?nFWsX9zBC*FHq&g=;~ z?Aa2r~PeI~QE3gP?%Rs+>oG7LWUN!VGp*c{1N`0xwUBxqKH zA(8U*69CVyWX%ysS8?HB)Az`tYE%1+-hCwRjn_|-|4FvXHNF{i1%v8_xCed z9uc|Mn6D%`arTJUfNDaA4drlZe^8|DK}y&&ByC5?&{8d-eV@exMkER|?fav8d2z(4 zyKXyhSDsH^9m16E{7?*SpN>!N54-iM-4}25`(m(Kz&`pfinUL{@GL)9Sl=`xKjmsdjFB+eFpSYb(5@K@t8<*3A1Zk@$x$ z78P&-TmR=c7rlCY6t3=2kM3uSx@3r}qV_#V-}DL(G?^^FpDZl}@QiP_uB96$unh9p z-6rS${VF0e@-jJ+Ew56v{zl$qBEmcPv;6sy^7~j=&Rc=K{tT6@^qSvT{ACh%cXNG7 z@2HCMdxsJh#0v3qmON34Slp~X?pqpf-+6$lEl{B>$1rU-Q4NgT*yd14(NXTg!`XWA z{>o@D65F?@>*tV|+%h7PAhiq}Rvi4bZ{%gFKobuTsLm{C6jj@Lft2g2)6sNUnpdP% zy&Ij`_w+T^?PGK9m8~o0`P_%zro-^`Wh<&b)L%nD+MwUv5OwWq zp1P>lc-easgwyy2--Ud+e+Dxs#hvOxK42abj&F1FkweXA$!%Z{vz+$42p$;icRta^ z-o^v5EG$DWBOO)#0qo)PUmKD>F?w;E=_kau*ydfm+jsfAV}T{M&@M>Eylw71Co9%( zQaZo)Q_a~BuiCe?SDw>Prf2qyj?l-mF_X$BU{&?F1u<1k5!@&N)drbQ?yfE)69VtK z&cTLz9C2mjNX&V{o$RpWATqxg*C{jMyI_*Oc%cQh%)~Z1Q@8GJbttC^+vDKHPYVGX z#Jrl^Idz181~94StK$mm0eaQv)0a+}kr4$oET?KgJ3etoFjYpe_PZ;rZok5iqk^t#h!sr2>OcXSjW z0P*piQoX`>J{1x$GyT2ZH$JzP(6sK|D{=tc03-`f4w1(!VG_7!5)5lq>YFmU!h`<$ zj46hX#-VIM`$kn|OXiR4Y3XEU_TUx3KHb2Ug5Gg@D!#|MFe4yobMuGGq$>TPAJl4@ z68>p#U+Gjovq%X(3}naH4}akTmFgO-+^(^(abHP%${Na*hx0>pgLD=STX#>bRfKzv zyTxZJkG_G2z2tFW1p4wy-6LI5)bkToYXKEERK(BU;`*(et8M>Wf^tNJ!o5%Y9H#VY zd+t-Vm4o*_u0Rs|T0x4w`#C1IKIBbklAGEblFL+}y})GLc6PxJh+`~evOM(Agd)L} z;l^^s_5gjQl9k(!-2OzG@!pr&mmHYmwcfD<-#rZkTnYu$3FAC-*~3nFij-cD?Wy0V z5M8|7v|z>rBgE_CDc7>Ln?-V}_n8>wJXY-2-3{EkC|>Hz_T3jB>pc5LSD{j*?pN%k z76|ruKbL0@t(#K99+Rq13UC=u-tWV`Q>aZR=PXr(bXQ;eeT+Z_&QT-Y9spMPVZs z9|)MS6@+leF|_{RrwjBK?Kbxtg6fj_eh5Q#>Rwy;WfE-3fChZ$SM{B2;<;4qqh84mSx<5wU=|oP(N2uvMLyCC*`L}EBr6{OmU(7SU zyTWJVNifa%Eu4?D==(fFaQidrqUP49&N-zvq!P2ln?#|DXvaapo!V|TvJ~V3#A7^?xVaR{5c6 z(`FL|B&Nrr^a3?MWp@wNnJj4S<_QWCC&MjMDs*G}T6RB=%b%WA^d0!M506@)0ZDEAqW7uoOvR<70jLqv-eEMb0qXN|faAgrd0 zj871}33u+NdyFc3QK4O|>|DL_&LO{wdb>#JZc8I|TfeWHvgJQ)<|B&QvYpOaz6`T+ ze9k9xh7gL@_;%xVnNSiBV%Q&4AL2hp){fZpxxnKd4-;WPTt5t^FE{**`-;yl-|ljA z<907>dX#cW4%H{ zz#TL)LY)|dBM*H81ic!7RE5T9>|!usrEc$fAGM8`8K3YEhsUj9M_~E*r_c=g5w;MJ z@my@mom@1Zly*qUq6KE zd?c-KAmFl0v`qC=`f|4i!ma5d`WfW5&ixU_TFw{MMyXPmS$%(?rrTu4eN^+rz9p)a zwDqSI_hfGfl`l;hpG658$E(FfScRoKoPXcw^FC?d2A`O3dw+)zPdu98b{P4|eJ36y zgSV=dzpWC&vYG@emc2nr)jfmimk`Q337@v&G==>26cQeX9hdo+S3D`7vS{B5LW2OU zMgc!Wv2Oi2PH)Wxm0o@x=Z~sow#cVcb%M8u0)L_U6E+Y=0i$ ze>t6R%BZHgle`y5*Wk^g+L)4qhIPomVU;uLi`Jv*kyXiFs2hTPmQq09Acz;n=kxQ3 zF2TONI}+q{7{ZPAK7wI;Z~v2yQwy1E zNI;|kza1}!>zR6WmcxMfoyM8AUvo`by28Zvb~%qIRip(|pr&SQ>b`f)o1v`VzNhT( z0cO}n%ayP1+1M8gIVfXvLwQG51IhjltphZLn+Lx)&&QYa9$8E&TP?M{xHy>?g|wq51ki>}$VHX?`mvwJ2GV9z*`YuB z)~VK#;wM(=+`+dsum|$5X`}1;&yC@qj{AMWLQ^{_Syaz{-17EQ2oC9-}m$z z%b{Ysj)k*Wu0I#KpXcQxPVpZ8|NRJivT(4ieW&0w`|~*RI8SU* z(qd0hW&o=6=IH!;Uu)%bX^>O^LQZC&jxSyJIu72TmC1C=t~&l?py)4q{Xi8y{gBOD z9Y%Cq%G3S?9OUY3!_*8%jVl9ATKvgQ&4oOLfjGmLY$UZg<3VVakP1ex;PA0`f?v;Ang4SdNA=E8FxQs~`Gcp^ z0fE?}iHoP76UR6j{mOgZZ>xJx>il(k-Q>f`Mo~~uwh-)ACG+5%VcuacDHdq0d;T4l zFdD9*WK^oq>XmPm^W#yA4;lL71;;045TA$#{QGou`~JH6`!tV}i%aB5;~NIxZfS>4 zZWge#I0k?H&T9SL23E!5Bzb?j)35h4oEkuN*=r2#9omUYHeT(F?FNsRwBjec7GB8a(v7$L7nq`>X7>_IN=}I?o8;_{w)l6 zzsblUA>NtB2-4H<$+l1q6{O+l`UNGW^NYpf-D$q=ez1hW8svkIJ!)1C9Q)dH!!3Oq z=(0=~ecXDcDD>EpPd9L^0{6TqpkRT{pvQ<3p9_#}Wyza67%6CIrNq zx((dv9P%Vx?=xFvN05=^KdYMg9cq`mcK=>MWEtdNX1Q0cJTc*&;?Tf9*q3slJPMAE zjUo0>YCA$osm}axwu~$JOQiltN|Jz_C0E<%3?)DcS_T{Hm#C0j;%#LJ+0;e){R7zG z2T3)vgVAd*#7WHr7}f#aj=0w?4yP|pkT z>K@7qs`%sA>|z*rSJPziHvJU^Mz%!b12X{iIQ0{Cd!BgN*tH-h}9 zZ_*(jl07A>nAE+&-!th`@l>OZ-kd{i$|r(>6|wIVRP*tdlz@6_%~ki|8eiWDp!xmP z2C?X}4d?uF&W*yX_mNPaj<)c1TwIRcYJ}gQz+Ls}PN(cLLP^WF_VmSl=H>Mr&Ge~6d|v;+xNk>VK6vw=I@CaiMDWePg?^B; zdWStKe9e-?{a}QFw+wl>#j&5}h6*S(1L#{#4MdWAH2FLuL!3{F#0#H$Bb=@5g!QPy zhWMB-c!H8f}Ez~VYftiw``vl8&jprEK%3GhXx3t?wJYN&=A z55ViDWQ=nJ143urc=1`CEcVR-{!ap$0Co90rAa6oNT7LJe>CLj>}2P}e+-uRLu)XB zTimOLbi6tp&yQ2~18h`#kEv)%?6>iwI(3p?|2vlNtd;#B)@YZOy62n|cUIQ#(L5t) z6~uk+2)`3CR!2I^`2q2Wu%-_J@K8sD>zkqMs+B(U66hPTCqcjDfE z6N|AgnakYWEA69>?rr$eM<;%e8>qFLo!m<9Bs>`k0*h^f{XsDy(*P#6FO8twM^V;S zarRc9_qTCIB{XY6ojs=7gp*Q_ez`pvU*&+NzpDyZ0Lf3(pg>{?ha2bAg$(y*P4NOB zc<-fMW6c+NXY2rld#oz$a38PROQe@rBS@=RwO@^D%T06r_HwI%;V~xf3rupk!A2w- z*e~IIj*qQ}6F_r3WyU!t3xN&T1$79AUSs*_ySi?AdGR35mAhwHj~!(p@R8R&Tept7 zlG|gNXnwt|g#UiO5j_T-^?*rE{d90I4**Pp_NB>E56`}s&whmqg&)7HNHT0GQ>RZq z)QIof(A_ufAL8wRyD?d5c64HqT6)L7JmaxUg_ zSBR7DR2f6)E4j|QCV_O3rP{!V^Rj9y2WJ!;4~B5=mshxxcX1pj_M6-VmZIdo)`aHx zQp2kzZ=K7)d_{Tpo;m$Oc#*r3yNKc7<7ZJbx{8tq8SI0pEOl}%-)JNaE@G5M#+kF1{SM==Na!dr|yi`JBpI zHN(OZ+GH>&qOps)`cR55#Rj#4O@VH!Q(L*P5yTEu;J%`#*N_U-Zy{Bs6mRAm0@LYu zZ;0XS%YJMrbn`kJ2)m@Isk1V22x`-H(0KFa&K#~(e1Rwzv%W8yc-Z$g>DHX2rQvyw z;8KC9?ScTs=UkTebL)lWts&&CJpIAfFeO_o0Rg?%4l)KOG!QSi!hi_to-# zj-k$VGa28OydD-sz9zu2Dn{w>{XTmho6 z2ZWFF_3AZzPVj6yn`#Jy;V{jHj_)bCJ1i{vR_bRA1F$`U3Q2u6b zPc%G#chP@6Byw3?=KL;C2Gv~&l1}Xwgslxto0XEPJ=vM}ICI7a-qpvxk__~XpjDGT zor>WQY_`^juD)F14vfuE@Aq;2^t_|W8X`kaC(6q<+^uk z*wIZ6c;1)?h~fv&CLYvUUyu$|uvmU0tnrZ6JC#YyZvBEgnvIW0p>lT`4|@O;9hLbz z<@^W6odfYemwk)bJFqM7JLaHpf?U$XMqjPPJ!4(~Mv}j*|US`Vi`*=*>@uM*%Z)kKB9o|GPF6rSd{<5@X zQ0BZ9paVUhuQnVk;d~RXRk7EMy`KU0%Si5vowAgX4b7uh7H77HS|CG%T2Zxl=-S)k zX)1IqxhE@QlYG5N@`V>Uh&X}UvsVHZ_pL$UrAS6K*(z_LC5G77yZDw{Ti*FUr_9Y)xC)7@FaU zmwVk0+k2LMLIR56o{(7CXYsBwTTo9|FW`-b9P_@Qb57WDL+qgy3;3sZdyL5#$Fv2`cV zE_E-6N0z1i25MM=huSZIrp_UC&H?)^50P%evWL4`&iw{bRtFPDDC*zgdx$o3!e`hfs|jez1K?s1g=J^Gq(9E+FW8BW&qCDM3bfYm# zB>D{2vmG~2I4L_d-XJ_G6^GZp7NobT(^#iyR+m6FL z`d9qn&4->%y;1%81U4TU5z%M;TA>qGcvnplJVTvpK&|aj>py?@3(o^%h!arW^jN&UvVtn zOOr)M9cC~H+-nuj4*@9d2Ti~8aA-haLHe_ZL6<@Y?NK}IY;?th?!Gj)WYosD|w@l&)Nz@;1~ z^zu?+#{jRQhHB+UtPkDXmN3NLcSJKFu8?m)&I4rUm4UT;47+e6e3-_*Wv$v0-1=u_ ze#Dm~L=McM^`jR9v~j;kS|6v{{UH@v$TUBqf9VsvF+bh+uBhJotXvxA2f@q}+>NqY z-jYQ8!|x`G#}}{5?SS+1T!l83R%_#ZpI)eauW$FYDAd=uyqJ&Kgh9{$*h{jl#&B5b zy9{T|*2nGvUEVB;pa2MC&7^RbH~gC~`|XvH0`2?Q?`g0tuYQc?Cs+H!PgW|U{n47V zgj1Y2dxTq*ou%uGbbiOdr(f5q1`Fs=s*qG@4&LY@Y?&OWqX@w%Lb3XK10ks{A(_z^ z!!Z%aW3Vo_hPtyuiVs4zS<= zz+L`nB?&N#J3O++U5UTu2~U1fqD8$01(L`6c=`%3l04h_kp?qmgUJ}$y=iS!>lHpq zJWPZ`I8qnyDRd^;;2X7=Ma_d&clIrk1eg#&TO$qCo6}4}OcK_FOWw!k`z${tnTDC%|CioO@ z*7gh!v5Eu&GfrDDCr?y|4>nJs7fZC2 z%_A03=Q9Id5ROoQK;gNXerm4{5K}F^3wD;57yq=*>crX)`Hjz?Vfk=RHZL%jdykfg zqsp(3qHaZIu{C2RB}L61Wk#+pxv-L_lA)&lik(X0XCTbW)of^a-eW z2+!Z(Ugl3Dxz))Rz>jKHDf4bc#)an6J+4T;loidSvr)r|ov+%XYcCh8bx76NWSt|& zq~FmIl9%~5F0gcgDZ%$*zfIXa+?h7g5nNIoS2~83{%K`Gv|EJKDbDU4 zlJ$jZ@9i0Hjnf^Vp#SdnIIXx{4tY8*>mp>qi$@dLJ~+J|!yp+euEf&-gGi2_qXp{F zO1Yk=k&EObMQ`%HUro@mmI)YatgnGp&f{t0l6_N~!)fNq1>6bEf4!D{uqLxA(-)Pd zW_qBTCuPBp@kzmSjN@Wzn*qG_&8KHwYqQdSg^>#o(K38_A=A$lDyMvGSo{kz7Jo_r z=f~u8ucxZRx@F8cbN_(mnc;bR#B+PM8}b2LjA6QcLulKjz7&`O@UJh?dHArHLh;GV z(bHn_XVG}vcsj#2BG`U$QFW`yAuuhT-==?tTbRr@)GGTF~k3jGW-iHPmE1ACm~9*%hnFrFKF-eZJ*A@k$$3YR>_8}U+0 z&a3xKy7<|^dHaaEp1_mv=OzDAyk(L%j(mifeJdW<@TOTd4!z2#*eQ#7kFUkP*r}qV zzBBm1og_$3mJgUE(R^s_*{eD0hf~bfbgOzj`FrS&tUM7?`1T=_1ACl#oQmkI&r$9{{{)EPJ6vuXS6-)X}b7|v*6w_25__g+#s%W{$~ zL3;qf;3uWt8%8`V_68wz;NS7SFNm(MA&TXHw%z*Sz!1BXVnpYWbuj$?bQph)-aR*R zJDjgQkza69@`jO;P}xmCDNh3G(}VoGuYr5l)B{`zvquQ|1|XfUs6>y?CyvMDPoDt? zZQ&F>)OBNi*+e|`3%5b%0gD|m>6ICm4i15hoeLRb#sIncLVgd)IeNkvA{9*X$5ZFn z-8CPC)V>NYltb^|wd)HQ(tccvUhoTp%Y*)HZOLvmBB-K*wg#lFuMX^N8Dsgp<#h2A z0{V*PWoi{>lwVxNUl@rD^Wyp}UPqa2!SlnFc%SKXKM(NLDeUb*|1Q|+q{%X+Z=O6% zwuI^HOWGGg{Kz(c5XNGpTM$Q2LjOsF;9}BL1bndbDCPZ$2xGPBbS^L6VpaI<^)C#l zNgsl(IPpo_P{xMixYPKG6k!wFSF-�Q$m+%cbW>>CE4LMI{h!Miwojp=q}grfdo zJf2$ZJp~{$KrQ%&-r+{%y?x;JDk1uqzNPhs0MqEfm zL@^n4FOd1UlT#jq{;_yg1Lh;_7$X7~GuVD7=_*G~rAR?{5N|a^61jJoi|lTBujfJw z`Z(|38-8U#638f*)mTk*PjjIHtD6;5I>oB+;8PeG9@l;4lyPjdc32| zERoh+TSid(5**q!t$B~8_Xp?VgDZ$g+8&a@e0^H4YL{scDWkbd{R*=>%b-6HhvnqE ztNG2VWj5vkXAEhC@)$sW$Dzum`94*0gvCW2@5s;jUUK5ynxX{&cLOgvz)zN^?5vlhb5+a z)|qyn&N?mdGMQl82i#>q)AZSAGP_HMmL|-4OET7n`uE6Fnco6%U!nBfQlwhazh8BG zvA635Mx4G(8!$iG*Dw(ke-?&Rb$HUVPjC$6vOJPY8@J-`9^U{AFaKdn&2 zM5JfJU=9a82I8-sk6LYcDIVX|ReGI^h})V#se9-*lC|}@&LPH;pXbQ+OJx?9z#KEb z_We%)1?mswwaE|h#krjPL>4cQGfM8)O!%0Bgkw%W{2KTL1Rq*if9_8c^9{F=1AUlXB-S(aU0T#tQEAykN zM)Ez-S&4%V#k8#NTy@~_eZn#ObB~`>2UkJPmOzjfnY==FExDg@3ddtOuzMu;iGK^3 zsPntYejJSjQPP4nqTgP0#%ToRmb&Nf!S13j{Y`0@nZmX~_aMWA>VNi)>;^KvF%OmVT&?q;CocCr3wpb! z6filQLW=yXf~N8QE!pATqNljjo-o)6$ zf2=v@7EA?iYOS^h>Jj|aj2{eifIl@FVPnMKi?Oei4GIDFZ@+H}z{>sBJdGpNfP zkzGb?a65jWcXfo4-VvCC?9EQba)MoL?>;^>k4ri}JQ~0)#djL{$lrYuoO3bw>4$wL z<7dch44_cIe|CGd#~VjOyx&AOe*JRZsh$dwKD#ufFgOTk3VSRL0r!#`c`sJkhgf$~ z9k@k*Vsz$HSnwb_&f|qgF8@h3o`H4%w9RnE)%6S&{AP>do2junqxI)Ub&*9rKc%%z z;{HlN{@4oiE4juWY&jL7_PVyA&%Vs6ePmfg1X5PUDF43eiQK)lXLtvtTW$ zU;}S*aPg>u3zL4j)D~?Ib#PWlnBlIju=ZP;5`zLCl3g)KNKO!EbvsZbLwg*^7o5d= zD3#;yiOT=AY(uFm`KLnaNDK=zFQ=33l^1Zk{6U1(J+pt-qsu(8XFN@Ld(g!pbD0KD z$(-&=enZ$7DHR1=eA~b7-!m0nPpHA{cfK;9VsVl43~u+-cj9!=qYmVqE{cvl>_tUs zfA((u4?1vP_RE}ZH-TK9H8l-7*#O9aBXVVKuFJ<*UtkC{Nl?)+{T)n7;rjbr_93?Nkd)#ax}Q}6sM zUn9$P>$D#zK$2(m)@?DdGGTJ_&sZ{ZA&Z7a_pT)+B>8|))guC1cLj~W!H~JUw%<6vi;KEg*|W^pND~>&>CFR z(z%X}zY-C!TY}p02PM7T=uFQx`1C#wss58K)iE3nL=;A9s}JSeb_aL3=NxNyZ=(oP zu+7QmRMTM&ZY?&858e!ujV^V%@n;2fM%MSQAD*o$rM|tdFMO87NZ2yix)y0}HGfeR z6$|eFy@7Z^zTSuL2gK8;J_jhk$?l2$!V*D%reg*}5|hso@BDmBwA)4lKI{hgz`o6J zM}Q66xPR+U*$BZ|UEdK@4v&e)K0(U=YS$}>`WXMb`x$32vhg?as{+f#_Gwd3osFZWWo*pKi5y-a{~_%ucHr_m%Oi|kXlS!`$ctK&Ooz=#9Qha za%BSfD-2HR$o%?iz`6C0_O{&0}z!-06*IzQy0xga3b6eaelZrV#))L z>9azRi!A|l(4vB*92j$;ZcW_Z!||(neGZ;XGrxkp6cBQ0%58Dc8I9rYjh=m35I|K> zPf!GCp0Asfi+Z-l0EJ(=jF(MTM3oUtk*1q66Q2%VI&a+T&ht>6AB5yUau@0tHc*_h zgV*pSb1)-qurXWv`@wmHl|)wuNk_L;kJ`w#ys6-5NAELeUpDIMo&muR)bkBmG7EdI z$YfxuSfobsTF-8^njE0V+=+ePLA*nZTb`a5z)SaV`LSoWIUiOD98O!msj2p?Zcg^> z(E(Y}3=>Z%i&<&&E5AW6mJXXH!=iT(J zdI*y8)?qpkC&G`v*YK(lf+0 zA9~7uj)rxF^U;OdC;3{DY^H^X0i@BiTdi#TNlm5(ujTqfAsst(M&DvBlva`p#xKZn zp>XcLyHwl$VBKR#J*yUM)9~8Nox`=sRI+S0v9)dTbbW2yr7d96{K3vWat%FUxB7;9 z-n*%@C$23{vbA+t4)#61F@Fy$Z2blrE1vkRl8{fBcL7-q?yr;m2pY)=PVnGOo1y%C zrPrfK-;khyp9d{-YZ{Ar>4%SN^kgAV(S%=N5ia}V$6Lurs(Nw#Zq3^}>fd7hn#)~z z0nbg{OUYFGbh~eiY`R#Og;Z|)=lTdQw`aSBh5usqHE06We{By^a^%(Gxj*e8VBYJ9COLzO_>M&-T_DZ}Lx6p#S#b8-wh;W^%#t4gSt#BV;{&A9 zs9)f^carU=3~ihJSo&J(InL%QZ9N5ER)6^woXh9)4F@kgh0^lv5CRJ;*DMMIhT(aw zl;wQU_22TdYPL-7C`oD6*?=S%v#;xEzX|i3H04@YCM*rTS@b8Cs51 z9uri4+1DI0Kkc{R?|#oRya}E%%4|ZSf^)tVVs3`X3w;&{b%9n-h#%f})zKKW!A$or zkd~do$;>j^BfUvO<|z;60(p@o5m&;cfMfgKpB5jCucMCql)CF(%tI5XP4`cs=~Hxt zJj_c8JZMVu6Wt}tWsU0lw}`PH2sY1_lL3bK@F8O%VD#6%_1SNPko!>o=n;Z+Apo@| zGjXAZk%Z2QdA8J+em!4;&ckAFkGJ{51MEsD2d837m*|^;2Mf;_Gu4$Nw-#;Bk{AK$ z0A&D(p*Z!ueT8UA&c;U@RzhOkcaWV?jh7?}l9D_ZSvY!6O=vUBJfHOe z{tW<-_6osaACK=-_}2+3Pxr^s-S^4qqp;>2CBf^&b0E#v3%BnI`wdNj9GE;flz+Fx zkS@5)b)WBNMUI}F4FN3!ZtiVXh}}|{{U1}0Yi2BWrBjR>-2p&t{R!p$e3%BXPuZIo zwiEBMAf8&WV485^?y!q|o*rq?XaMC5@DKxyt9l!1Bhita(aB^$%~Yj|DFh-faN%M# zOOI9-J(pCDD{yt}aZ*F*EbljY<#kgVQu*^Di1;=` z7R8c=#pLMB$M36Sqm;e*=)av7QZq;C!HnVfAv-O(Uo1SVv>rwD6-Hl%$8Dk}yWd}| zhq@LG8wp&ANxwF~=QcM!BwRO&c= zU6?Ocf{A)1xcfv8a`V8wHAa!neeVqny!W_G7Du_Dn3RoywX#&AVdJW+AINLoY#bSf z!%op3)?RzSsh3+xDyl!`+rd#3jJZEV7{OP>iU^KaTyJ;IF92#fVDe3S8W!2iRA6JSc*|bEc4PTO( zdL;^lx1qnpiEv7Cg-<=I*-kAI_NA5&g(oY=!wy7ZcBqKN|I~OG+^j61bom4QoGEkN zKH~WDhn-s3V5N72%zVzc9JFzhZZ50wUDD2Ze*E;uYdW9iKJ9<>Wx_xUv`nW_T#emn zdH{f--M9TzhbvTotldy3*vI-y--lb%2>UPxtwx&)AKgB;C*6AHGl{REq3||##y;BP z+J67$38kf?++IEcu|Ulb0yk&oRNjN$oB?M*&4oYI>C4wjb&aueIhPkk>x}x$iLj!0+(? zdEL+W~||S*gv~HZI?&F^fFy)u&V%lGfnsl_2@$sWlk`7*YshfOJfQRE$^dtH9 zdS~d%Jec^+X0fNdV13KtxAU{4_way&u(z(ok4f=?8Mv)7r!&u`JYQC|s|fvd(L+JH zza90kmZ1fUHH%d-OQh_(ysJI6lTs5tT`6nA@9%PlFXgI`B?2|cvvvsu`Q6i8nJoJx zT(hQePY=$qgUk4t-#2#rz8GVE6NMMNk>Ms6IM&Qq3%VCLM&wWEMC=N51_S{beJqGKfpY7Yq>dA)A5q@ok z(1q~I{i&xsFltV>^X&*poqc6|kE$%_a8*296nT~~Anflm(vE!~Ux}%9=udi=6si~x z1;GMiMJUwZJe}rx(4-WKcLXsKG9N@Zf)r@~^&syDzq7m!Z-Hgl!Td3&56~EXENTPs zmGlWL5cFrgvBsVM+Wh@6E=Wj`aP$tO1$W^oHuTn$-LAz=Fq-A7JZe4`UbBQ=@WpRbHiVahsOw|Y;#n0>_h4fbKRo8DKCaZi%FSA6Mx&3wPA2z{zb zD>?9Q$b`M8-(XE!%Q=n|B{_u^x#R*+UvcQIG3u(w@6shj&3&j7sfEKoB89nE?|`2Uy>73pGx#n>vu|X zy(FInnmp48XC+>T6#HOIPyWjG#*Al&vPjU%})q5L_i2(MX`WEsGQz3}f?=kTE? zwBC-8KsrVaQ%kiq%QwjI)~{q8KFRY*Uz0sy<^9SO$wWHM^S%JnOMb9##Ih8y)IML( z6HDvf(w;tp+KuLpHBS;aH}I_i%EBT{dA7I@OKKXauTkwi$-;l zR0hsc)?hlEHZLIUKSdELxHfO-+Q(1L;Elvxx_vBTxq<+!Yru9{EO#Fiiy0|6R53NQ zDdFc7%nHN=acu5^X`f)?3rd&_$?MbQrN;sSM<*e0aJM*^UwVK7iOh*xIfT|}9~Zux zeHCJ<&pyc=cVeD8k}b3z?!iGjU2G~nze?{Re=&W8%cWf^lGxq1Q7p{l!WTy3@j)L{ zJEFaG$<(M)L3F=zv;J!zkJ~!mUErG8;p2zp$;;!m{#v!;Uk>tHXR=i-|L9au*Qc(k z)#pxIB=$jm0=XV4JS{5azOwI25(12BT!T9-;-noLAsnY^zx=Koo;3C&uwiY$Dv2WE z9PM+qd|%(6gwC;9y6GWdw};$nm$`MDQEwnJ4kK~^cgwcJWPWHoPQv9*-v$zlj0PVn z%uu=&QDn#*=^>o48m9Mv1Y_Y%V3m;eot7}~8ZliC%s1xw`CO$msaDlKf10DRkD_p3 zly0ISKZkU7ull8+T3^cK6#fo6oivmQ)euP4(lD8hbnO2&lVs+Jl(MTv4Nx~DPyGw{ z4|g{{mMVzoa9{k-OTET;sDvC3Gcoj{wgpCh;28V<#&5Bb#I$+PP^MOJ&|;q&Cpqot zI?2U9w5Kt^{ojMJPr_jtDYaH`cq|0c&H z%$;UPR;lJXnJ@blq&6f=v2g#n{@tms{wIk4y^-{Hh0}ODld0~j+2c;qH7f698{D!J zsPF5$2Ps)=t0b~3T{W@7K@{;u5VOADZSuxa>o0^Z(ft}t#?>MUlmcv4x+!-T9%mw@ z1G!LLxUeeM452r2ahzddWM|%K^AadDXZ^}men4CZ@=iqT;r*yTN&G3RPxN{pB_SsDBas)y!G4^|3p4xf%zKyEpnCE_6iuyr;6-ee-YdNJaZc8g(%kuOzRLZ(Z zzC%I86ZI93v;iL4om?fvAcE*s0IsvlKA+0s_UnTEMpABehryS}MNI{6Y5K8ST!J)B z&z&>_6FCWj>tFK8ghQ#p1E96MlA_rjD8sTucVIc$>=@in60$9yiQ_AOF^T3_Xftb* zXky*jEvfc1h1KB+1Gi=`A(4;CqAAp46tTLSC-+bI|EZdg3)8(_*Dkhsy>Z3Q~-}as_v^demD!j3h1&ugCn$m`zD%$ zAGn|jl=Sf1LoI%-LhUv8Wsz##W1GMyj$Xsy#jT0C76T!WluqSy z1(Op>;4hG~YJ`xGxhH0w09mao>d(oQ0g~*)Ba7sXv@X^v6YB(;IGoQAlw<_5@QYdy z1@EZw-PdUT_0#w3@P`3BjAU!tT-l=;4snduxdpGu zW^)Qy#Nrn<(kKaMP1gfny`FWSuYS+*uAvUcBnKf%xvtRV7WVNGYU4zGT_4aH-*6uE zYKH6WGebuU9z%K8Wvl-BmV{sZVRN7@QPx<)FZGoW4|8U{9G3pv5668uISuDug#T{f zDi@1Skk1EAmeb?T*BWWf6S3MS^Q9MBgM$*%v%-odT>os_8y+~xyRt?^9P4~LT~v<= zNhGO|Tc)de|H4M}dKh}(O@HcBP*hPA<XyIqSU`3W?`qNvp^ps@c7GwV{{CJF4TZ zvw|}cGGQQ0Sa6(M-B*+!T3y?9v8`@6JzEIBZ8UK!C6XArs-{IsGiT>Jc>8q9q|=u? z!^=AG7xg(ze2j*3a2o%xF>`bv**tA7Fi|b|1DpR|kVIICB{Up46q@w-$lJp^S2iwF zf6MVlnzhNkcpZAXGjuWv1-{+kcYqCM+##Q1ch8^{(Vu__ZjqdnM0e^a;5T2yjFC$eNE=9TBomty; zrnIx*(-}#JZZo#QV4k@^*fP$cqOSYaxP!*m*$9yfh&hs;lkX82N~fr^mUlKG=b^CI zcru{X(Ch3)WR^Xc9tsIQ$ilTrrBj_9yMzqy`K@~XY=4c5#{4rCP%;*wzwEA&hxNUv z78W@aVITHN{dfINKIk*mZO`4Ij#7T~-n$TV*^~X%Q!fjwpJ&b3VOwvwsSNu<|9E;n z&=k(Ao;pNR!mE^dw}KkaBo4=C3eiHB@Y#JW<;QM>^)sqmXhkPwQ+l5sXo$A>mSlyV z6Qq={d2-ePWUa;Q#=dhh1X>EfR)lK;2eSO4{#vuYe=l_W9QS|*>8)}5i>PNyHY1hS zY2m!>vk+B7Rus`1yc&zWoG%1OvC=X`w^vg#6~3f=FbvGG?STz}pc zu?lw=UKonzer~rS+-!e_A^Tf@JH@o6wlxBP_w^c8M>xE8&Gr6%8GQP=^H!h{9m|+| z+M~6$SflxqD-}(O(bf2ztL@5@qCV_)GU&bPipY&n@fz8XoNnm*U9Qc&WKm=* zQGfW_zpE$WBp>Dgt&C_wO25l8iOf9(7~}*BdmGZ z>eVcjI2#0C9z31p-!HH#R_tSvbe+~Nbj2G4f{&Q+^pY@e3OPcq`Lko_>Cq6Da@rVj zqCn+4^|opAQurC$2W0=1x7MB>b_SvK3?X+8zx%oQyar61#4=jydx#BEZSgr`9G`1> z;$}fyAQ_wp#)>9v`{M&Zd_8ig^wC{O&>@4&1x##{K zqY9HtQHQ#b&X4AOtGqO6e;K7FRvM5|QGeZcqy_ISi4 zHh5G2k~^2_!w;olRLoW2dB%}sjf$ujh3m`5KGp-eQgXUJQ~1?YeNhlpwLX5u1||T@ z=%-eLvWAYP-y}JF`hc3f9A#&9F2>%=2|Feli z?UcWZm}9FVy?Ry%{#=jbZsm8HM%h(j3|s)%H%d9Jb-Nb}kUc#~UKs-|`Wg1wtzWN- zw%;QfvG^fg^qC?w%GUOL0b#$2ogFhIaGnSu0&fZzCkDQ+p&VsOE;kpASgB*iy?(aA zzCeuUF9S1rr|7(GAo$LVR3n zTIfGv27|5%&esRK8^BhQSB#AHS^sL2T5M!#)03?xVIYB z6MhS6v@~$ujID{KB|!H%TJX(uZy6w{u573JyKmgmXyAS?Y4T8fLh0a-yXIILr$2_? z2sN|4pwoEf1QVchaQ`GE?+x&dbiOkls4BX@FPi3w_`>T>4fk!l{DzBTtk|UY|rT~fj`L4qgaol$-ZmObO%kxbVUj=l3-lc8OIR|Yqs zprCkodY$+aswTA5qbkGB%Y%@N##(}OWcpFQDbu~(YadO{3wFduYQn%(abF$N=rt+> zmd5KG=P3{G$S_?TIy&cb1yCE&A)80U51XfIVzxq1`K8~g*cB;4R`e?%aq#|=?Uncdu;ym!uTLyXn7#!y))`hNE`W(=azOTW9fA*0K$k*TrP zz1AEtzn{xbw>i4IRnmh)U}!vVO2Xy2OcI~bHb_|7KYN@zXra!h*gx0r$?X55_t9TG z#NGM&GJB71KJa4g1Bucz%;PG$*wr6zV*k86W#@z3ntXSe3P_)sEK+O^`@Az;e57Lc zREw~&EyiBiL=xWl=1S$;9dd0yGeJ@vS(0@OlgXXkxivtZzf`%Qkxv3pQMhZk)Ag7j zQ6Lwg2YD05ceov|rrbBjA6IVRuaM73>&8z}Mzn{*d%VcqSKJ2$D?SQ9q9=^x8 zYSKZdkC9)*NZ8rEYFAUdENmqfowCwgvhFdku#k-f5;ROTv6AmW7sdx26vt1G3R;@F2eZApOVoIgiJs}bRsjv&=X-)QX>LwTEPLVg933NiNeN7~^)xO(R8dH?b z*KK(_g*zEh*L0hw22bo)Eh+FwE~HueJ*3E$BopAte~u=4pIXroVfVoKcUC>~J}Yr2 zHVxinZ9<7H@iqq{6mj}?4l=6h>egfE#P|EH3E%Q7MHfPX2%C~=N%YnOj+)jUwCr4F zr^ydkPlq4_+6{gNdm+&Xs#4c?UPRn)xjaLZbRHmFm*x_>HzW9=`CmXi;Zt}%Qa4xkMeN^ z7lJfi$OiHDgLKlmzqIa6ky)CYn04QH1^Q>ck&OSA`)o*RFMl|fT1FHiMk=XDvLdbN z_Q-you@~N+>>aDmnrm;$3(*94I=8$L%|$7v`yIUQk1Lg6r-!HcqqF0>>+*#&9O>*0h_UMcI8)X zk#E;B`*f5a{NRQruz+363$dVD6G(XQHGQ827SX{&My#22`{AA`c~hVJKD{tsAnbht zm9F=Rx(|hIssAACh506z)K7YS$@wl@o(J_9pXu5Xk(0CZ{pQX>s19!xu!mZJMU1_f^5tntbV4C*aT-DD= z&ZzFffny&R3#Il&GK`zY=O&tvU7!{NB4Lh^HxdrY~{wf^8Rft+FU zl^M>FuI@{ny16GKrBt(g8z?iY-`H|g*DnC}hy?CGuS#~&I?&sU-(OkkOwzc?0@w|) zSL?_AL>Q|ViML0kqK?%~{Xu^*5QCn&_&&9dXfp#_ZYJKABN71h;bOsS85@?c0PT22 zQpIme?yQ@sPp8|nH;^~wh~Ep7s~&qC2I`H$ujs1B;px7EpL4x;GQS0ks;mxD8L#sq ztK4e}y8tQJPlxFAv^H5DqiS+p_+6AHEbnJ>ob7Y;y8~2p(qBFitX5(SzqCnl1tJC+ zt{qg{(j#7}I|^sg{&2zr-dORo;^)L^xF>uRirY~$9Ko1WgP-KEShLWTJu$1NRC^l; z97Jx!enlg%z=k1}h$@6>h)6h4^XF=yMiZtC%@B0Oukj1Q!m=myRmhmqX~zB1lX?1m z!}It1bbJvAi)Na&^re7i9Eko3>6@AF$I|54n^}qH@3>qW{s9O{5Qv&RgaW62Z4=`$ z>_lZ``#$JMNxS^0>)~LnFLn7aInw{I=JKl1j|%bB=R1!?3U2vqjT+z^Nt45m_-b9g z>ATQM>R`;ZcQ5$y^7)?h%Nrc<%V~L})^aK}_xfrF>v~{32j!%k zZvL1Wad0=%;pPtlQEk(2+13{HLWveYNl9_( z;<1%aHO``~AIPu1XJvg<`NU2vUN&>rss?yYc@}7c(yyC&iP5yAOoVM3>Vrk@?PzggElhh8w*s!ZYD+;x>D9~A#s%c0T}t$K z^6ew?o;H}T_mJZS(U*vIMv!LuHD56%Q;F3-S?b)*>y2H%Wb;n!)V>#ohf$F3@4c zv1SQu$5;z`CHMJt#b75ca{RBakxw{-PgqE^gd{0BL-2zVcqmzGD#K#Qo$5RZ`7Q6OyJZ|6T z(YIm0oeqyTIXr`>hD;FpbJug=pXLhSk?*GI$#;LduTrjDni4Qv=Kde6R+Ub_wcsL? z_5vBOwYeCWwi3$gdCNG10$@gePi$~(S-q@nY_G(nFx*aOHSgX{w;zlSNi~Z$w#1!M zR`LFPIY|5^*k=`f&H-vtur;3*R5}+NFfOtS=VE+spDQS=*%oCQ?oa{y#r)kkSv;~6 z^;9`H53yJ8Jl04xb}jr&|DAnDy`gUi!NB3X-!&+!WxZ|-WOSVN2$|7EbZ&4w*BJY{ zOxm`jkCktUr`}@T(XVx9^es0P;nB^u1Wmlf(Ko-g?0u)#$?| zwAu{1z`lrQqmr$6Z|VSV3-|mQcgTWZoa?1AH4N_eXQ(^KPOB6+yTJe})wTQ?w z?olRihw?!6#0PH^_xbqrQp*;aeh^{VgbB=;2`Z3T^3H+qwY+XZnU~9<@qgHOnZGR( zN1urJP=^rLwjlC*SwQpF)9B;Sw!XHZvHPk}q}!-rp5hwEHx>dyZH=%E;N8SfV!s$!s-5k^{mh>Uggog z_!B-t?U_Q@uo+=)562}4U+C)cCJ6mDMwKe6wy;QEypRW-JJpw~!!<}#?wZ01MBqAJ z&N?G$gX5UocW^~W)Vxn(>P>Z^9ksBk{rFJnWVPYE_uAkT=I0xQFpoUNZ1Pd={H?}F zyWfH9m$k2Zm7M!Of>v&Rf^DRwdhp-B^SK1%{WaOcnE;cayt$ctx?LgWt(|*_Jd2UeLX?H?GXDM*LXTq=4J~h_(15G&JT4%vg>bNi#zT?fo@GM3B?R$A|@G6=6c*j zg1Qgx<8TPTT$vGjx$UC^oEW?+wH(4G`_5BnLfF_> zfAs*8Umg$6boR@IrM|~W4z_WcP13RifVCDB{YXQfey8_J4y}B9 zWDWCv#L|XLy<$2bVCdbPHUE=~i_U^EtSs#!eFeYg&EIr52f?|e7VUI_kruYE`L_oi zNf)ts3B2>m_Q^|($O{}pp!RP%(Y+?lI_f~5TlNnTSxC*a5aa5sXxFA%jY#6b%b7VS zDOi_Xirn=c(jNv3ky88d!yl3@;Fe@HLUOhqUzaj;w#fDb;MxAL zU!JJ^)m(1~xjwU(a!93VaE$qSe;9elXX}Nm`CSh!ooVlmcxg`pIbgya$kfj(Qjzyl zK{J-j5n~>m1oKg|(nK~P*C9QxU+a^8meD@ptu?Wt(|yeLvhB_9YhE!h4F}O|-n&80 zbx7?k?eA&ZvM;Z}sJ#|nh767m;vwi0hDzacJ8(uxbIHa>BFmIymEd+n5 zvTv45d~o7t+>MeIDxa_K!OY>Ct3t!FvU1n5uH!yAgkzjYkt$}Nh8yc8@rPG>f$6BX z?d^vk%;#Z*sqNIRBA+noEZ^zsNlF_3eWDyJ86HzJ>F%{)&VJdGaNQR+K4yV?y78Y& z_VY#hIm-&G1sNT^yF^egC#`Z(Zx7gsd%>r1s+Q7pGYJU-$TACiM{s{ICq9~>RRQ$d zV1SN%`Pr-SCVBhlUOrw!Hub0!g$9RR@W(kP(Z|S;&nS*c5jo%SFrEm`q0ZP2@{l|m z;%Vr@9aycC^dk503Rh5c-AIr#nOq+ffGK5Pj zLy}EUtNnib4fY7bJI`Zt#0LTvn&Grt$E6Cb($igf zk!x3|mfr~C2TaG8Sk6ONCP8UyA&QwtC&fu=e5le8G?W{H)i1)biOLi9czdav zP4n6#uEr6TybHOimg@6EdCD(so+Wb{YeAQd4<}Q>3<~^FJZ`HkhjhB%m;F!GoJnL) z`^6guP+CYUfVk+DUXVo?nwbB3y8>{&%s}-tb(L-&_c2`>q;n;xoP^s3nzS6XSgJ~` z;ntV3Cut~h)>R81XC`^ek!Nu3$(WEOE*8Y+_i6jkx}JV~zO#6gNIgW}A+8MC zVjB-OLV0yxLgfUhXU55mi*$|OFI&v}P)^;aGh&QNHL&^Sx;R5l@3WjOD(SP$4kw*qDq!y5?=uz~OC=)X_~;f}*=KB1+^#RDnAS-zw#*74$>gyFh`p z2FwYVX(~t$&`dgQ3U}qLvw6_2-yW{--x+2rD)?b@4WDFAVT`h4OvMq}!fxDQM+B#1fHDetqSVr8|{Gl3(lL)3;R-2EYXWgqB>q z7||ObvPiSIk3-d!P91HHZH?wS-*q#pSrU)4>!B z(hGKwXQy@tnFU(&yqDaV?ftc+ZZ5m|4InmnO`zG!%lFO5-?y;r2dod>Tu{Z0DhKj{ zK~<19$AbjlVe`dW6)SaRPMX7`_)UNcJ7{SNKNWTr+wyu3THd7&qM&0k|EWoURUOI? zXM5iA8_?1^U<7!}JG|sFM20J(!e28IDjjx95SQ5OBb-YV!HvjhcEGH@rDolV81?y= z(V(QH+8v zh~(_by_R7gIA2Mq)5kj`%tb9>Oa-;&T{Mueu}94%^(Vy8T5HxmFQdmLb#oRqR~93S zcO~l|e^smN_>sq3LA)vAH{I?Ju6%s&po;`-5l8h}rwC7d`#g(p@H9eB?ylCJtTya2 z7=S4hMi!rwzv3CCu)_t_m(UxUJ#~eyqeh@(&Gi)9{xIH*UnJtTXF}%57OgKIdq^T4+}!XLX9c*JL zw9kk=)xXgggQ6!0DrX-aT95u`LNF z9zBKq1*o1+c3-Hwr7p$eBmy-Z#vLAFfVzVJDJ4(&Z|zjx%9n>1)0R&tqkkc|1$km5 zY$R%CvoHmMzuJ3eS0w?e@!?MAcjcX!Fd?wleHDtUPf%ucSW*}^FU<8R+);r^p4%Gx z4R~e%x3lys%$gS?eRwH+2?*#QD(|G$2XwrJ34U)*l2W9uyy=b!-PEJ=`V$~X!IZlU z)J5)S?KgMLH3fJ7PCnKpkV9~LF;P$Xe7Fv|Q&IMGF>Z&XTz=l;el(+Q>kfns`|t^m zqr8u1BVG}V+Q&XZVN24SJ^L1tnOR@G0tv(i>JdLXhciE6qTJz-Wlb8Z=lbzF{C-Gv z2YGQxO67g-0Li=a)di(^I92-y%|G~n_B@21?*)ie(TqG_{onO&y;RJ_?RPmLQ1v?< zFXW0qh)rP+I-89Z>}cz#cQZxm@&Io*{YZ`t5VUn=qvJrK+lt1U7(pq8e}TU6c;+N?Sv-mJ^Hx+# z&Dl^0pTEkyVaL3o=$qVQlSr!SmsWgqhez>49m09U=RMEv)D*gKb7X9m!PZDuXIXJ$UOa!2e(C_H{(f#x*4x}OtP_hp1fwPeb5 zBmo-06Nfj3J}J5gewqOseEXoeo}rzW$n*WYf%Gir5lS2B#wL`|2~9!Y(T|GR|G4i5m!c&4cASy~%S;+G^nIZi~%%vPj}IPTaydoeuIt z?*JAQ+8o58HQW=8Ezw1cDc@q@iu&R@rQW7|2wuY{Mu@aM^uMmAeruxit9*6kkew1WquSuN4>^_Owvo|l7wgt7 zZM_b**!*sY_%vngZQ=p=6PJ1Z^*|uzC@%6IuI;?R0}J?bb)v@B`eF^NdBlbHYv(Z5 zSW8=qqi!LoRr|H0KLvHMt(z%UIv1U8%oHk;TIADJ0OG8CsaUq2X7U%-t&z?bahc@3 znOGh*o)BmV0Gela6Akh0M}46@vNQEsg#!<6Ao7DK<2|_^dh*_T2yc!6XDs;z=8xVEx%xWgKpwV z)EXrWh7nv(;S~PVD7(r0G^UA!Ay+bzy=s9KHn5Qg=re8EyQ<->P;F#|H1KNWksfyMpEkMhk@BW?W!kS<|$+RXCvO}IdQ(k_A z2t?&a|MB{xFMn=Nlk`xI z9mWwJk8-e_B@d5h5>ZV|C(gbG63iHJ#>}6@Px@YePj2A2hs{yfYi1pTn*Z{vLvYKP zyR1CPp#w{MXscCXd$r5+IW*`<9;T}Vc*i6DzcZK=<=OeWsM%|SOqa^|fJ~~LLL$Gh zUp^&g$6Ta(uMQ&XGnRt{&$vf_Ay!`#~FPi}`tfn*x?L)6DPs`Y5g^ zq!iJ%1KcgWl&_7*Qgg4~_9yg(1SV*cV!vl8`a5iVh0Bgu$;YfE}U&C#Z=^7+jR(Bo zul1B)PUv~yCu+gw_wK3}wj(eofKTz`Y*tU2><1+G?t=#Y4EHn&PN$iLHc@)Y@x5f; zi0atK)^-F-leM0dM%HY=xlOL*F{p(U4|~;jcsx&U$|;B|`TO$UD6T7D{+MF{RthDH z6EzIcy;p(*2ds0yvc&enNC?MkdwAXxV_sXd;$V1o=JJPCkcH`0YVk|eOIxkvK2aJ8 zwz#XWMJ>8NBB$~stCAnTU`~BM7ydSyYP>JH4-t=pA)P^~A0xu?^Ku=^XZ|n;b7K2)<^Z3-#cmK>|7+~;Z>bt=-+ij6Qi4mMJx8xCaCj)$}+djLQP%qty>$snynC`z{URv~F zy#|ElZC{@=Am}jd!Bi#(~PK|7X9~|p)QUz)CK_HH@tAT00&w@O9R;Y3#&kTj^~-kaZf9+ z&y*MJakXj%txw{)UtjHDeoJz{X$hb))2IL8)KAwH_a`427%G9Pb!d4bKBc?q^i;l+ zm$HulhEhd3elUTeZ~2aq3Ey)VFh;_C8tkVY;6BejkR9VNjL#EQt_Qu0#Fi zq?}HMyCh9`zvf#OKK9ERP;&mGP@nMA=WEhq8784DmMRfpj2st8r@ctVu6zc{4h^FN zC;?%2*@uyTe+oj|`w`fn{JM*E2tV5Rm*sGd1sVgYFb~B8wqC45BsrHsFlma)QR9RZ z5f+WaOuQE=Pp&Fv5vLS^WMFPNiabB`x26b=^>DT!s2x5!0pbE4WWQhKXGQp4w`XF! z!Q!~@1J6E&;ZHnyB49wx1v`;T*Yc)%_Rh2w=D#<)-#7t6>#W1ZJP4lP5siGidG&2Q zm6a0dqnUoHF1hWaGsCI0XdiiKgsa1#ko+BZcznND4)dEKp?Y}ZdpAfFP26ijkSg!z zcM|yda#N^c*rf) zNUIs*{m%UjfED#PtCz&vM;Ro<}RqQ+PthM6L$d+;T2lKpy z3cY?R+$9UNlhn&2SG~K13l9y0uNL1-wP%V1w^hmcZ0f zjG1AO%zOQeW%D}^V{xH`0v?Bz!)_`c3<+MiiBsmWPf(l2sAAVc7yWmB9RHDJ*%kU^ zvUpVhWGL>*^`$<3^!P^>LyTb($Td(Mmgs$_h?Aq=>59@du zxb~TdrNy(DLj;Fl6n{5iA^X%caaNUc+_K!tupSM7RI{}w;k{jxgCu<$qQUhg@GzXP zi_4G`)0Q90y!(|7~s1YMi2Y`*`(e4VCf89S^P`|1k~>${sY z@lAMD@KT!_00A^6ui(hZsf{ePfuF!9o&+81Nr^d9sc5&|o}<#O4luUoYL z$_llW=3eb25HJ!*m#L7a`U1<~@D*5K5?+i)7&IVK@8Q}@v&tiN_AOW%l*cH)Bv1x8 zS|_7hAb+2=cpHbmzLLRAJz$ReoO;Lo2y%l;Q_BW$uX)>tr*$tUCcX}Lfi1)+%{5IM zfrKi932W=A@!8j-fsl2|2bu)qBNGFP48#nL)aR3eEd62krmyuXx+=RaNUM6Kal>y= zGmmFoq3RB~YpgR7Cgy$UoshAea;weDLO0XIaCC7Bjp8pIZet;Wk*>i|s*o`+#F^Bt zHstZ*RMpfEqmBShgBm|*aPF&9r#Er~H~r#2Ma%7m^r0K)y+0QC*pP|5yVc_k3r2&c zY6mwt-n!|5%Tt;8str*xlr>4HwYC9{cH9Tp?~44Pfa9&q*i@_k?RTU1y07|Kgky*K zL_ZB4z!lZpTYk{@qhBJ)I{Za!;u8Xu?j-qMU6xvi=d zB1wA*B_@u4m2HrLhS4}9#1;WzR~j#IfRh7wP}Uf{�B$R*D8&QF$+Na-F$TkYnl$1%^ zL)#?>MwQd4IVN|)zFs_@fuRr@+aFXi0Hp4NG4Yk8@b<+WE1h4-@cHA=9Qmsvyvkt~ zuWD}zhGwIt5(X)K0+nhWoSLz)rPj#OA;8H8(P}WHGxJ;*R(&uOGHk8*czMu8O~3-% z{A1aFG*=RV!|28Ws0Kd3Zxc|DmQExxxq;rx-RjP;Joc$P4&om?2OlX^zBen$_|hKD zd-J&_8rSC9G|&7z9NYQm(Y$`qlH??HoOwblWm4RXWNr#7;+%f`LO`AL#o&APebi>$+sJ8ttW}>rXt(A*Ocvw-S^Yp{F#eL)~LldJPs}&P8 zxQE$;_vQtmfZ*MeNK@!rgPr2T`)5L%8y4k{$cj(Q{}fHmheLO$*7B9-(uY2{ctPiy zi=@TS2!gy=>B|{zTLo%J2xJYJz(imU{QUxinSTG-Cpr@aleK2`5rt3tN9}Vr6l-I+ zRI7}jBLF&CIe~U$%n4S}^78SHZuIlQAhBu`oPEas*h(pjos$s=ekN~~Zd8EOJe%Va zujPE$Ti*82VyV1$y#!(_!2C_OSe_dXR`lx!xmOzn&9nXG={y7Wf(1zBrBopVQuGG? z_IYfIo3vyt=!4hLdn^ix`Qcgx9%IJoM$Shfi@qIsfZS;>8H%WrHTT8uH+*eeU^6xz z#Br3**i|c-3Os?YvB1)LobIk$oxl1%rGN#B+FZ&p!|TU)k4$Uew6@dyZcfEDj2YfN zc=@-vjK3IS5&{GNG`?g0`R6*&>{u+|bRe;M}}evnmyPL#`;?q!jZ$J*7UmA=vPszawiee1`&T>jx5q3fkYDTU z8uq%9I{s|8F^}wm)x|}rM|5(7#r2C!+H+wT=~o?(|^26C)rvu$=`!sfPe%}U=YmK~4henZ%H;KIG2GJB&{DLQ`Fnxy| z$LdN~Wp1<>%>h$EAMQ>u?{uO3_JrMu-!*DK=BxFwlxmK_>s?>3`!(jDo0U2rVJ|p? zGygyfiB09{4G|4e?2RBL;c~oekMwv5h^#Y-&g!H*N@!P8NuFZbYK7f9J-aDzJK?FDUN=Qi` z(psLE6S*dVHXJ_!d~aY4>4*029$d2>usv{3_hU0U1LV4Le*GLP{bNVY7#@}gAQ_o< z*vFY%SZdRj&1MRHd1a z>x_ab^T(IOA|y&u%4jhkMQv~$&r^(KH^KU;n^B5J;Sf2a!_9;#wop#u&p z*5qfcyYL;5qyBl2$Rdac!`?W*2xaczNj*i>OB~m06rESWWXePqh$g^}l8LmX+ma?} z~e;$fxtFbDTLV$CtHrW9F0!7A zZduML<5Jo>6nAC$qHe|g*AQqiR3WukFGk9T&1sG#y%#;lN6_r23XC-E5DO-HcLUpI*={ra9njxXA9-RC%&-$$|8T7uet9b=)S$sDLq+5H_Ef*4t zZP$8Uqei~Xfw6RH|6DlV^&hGOjWHx)QP#ZU5Wl6B;07s1CJfHsU$n0k|5ci(Nzct! zKB@1GNBJiGjz{i&UHs1!z@jN2T;%f(TlLO@DIcD_8u({W4g;OBxdg zVh?LuB&OfO8J?YH7h!h`f_ScP@1w;l$&srrdgWfJ0G_V&G)k5poBVqqeon{h!SOIr zbH3LtkE8qKr-Wtr&s0j72o1z!xa>2BEXw+=SB)Uvz&0mAWf{aNsTX8oezDMpE&dkV z@6Uk&o?+d%0dXH}dUs6+#2p#S0O5S+Vb%K#GdaZPmwLUrNDeHKZKIDg;5I-TIiL6~ za{vop(ag9oWqMQj_p%_vot_={ar2!%Pk(vTj(EQ(E-%)+i>kqO-kHzNWJJq8g2>v3q2$CAtPhzDU`**@-YY> zJMEd}*H8iPx65t-`aaCymmKQZ6&BkU21ILQiT4Iy!osBPqo@*MN0{w$;u>X~TQtuv?NhIpxeDAAZQHj%aI*p6cd02x3L14| z6CkPN*eo+C#t+UL8*WC3E=~mggy4eW=?ZW$2)6l)r5&nvF?#-ttfT5&vKHgp9^{e% zaO|hyg*M?3q(_%wXbA-)68@s6Zu|qGyM{QkZ~o-@^ZuG&uSf8ap%G(PZW?Dkt|d}( z*TcoC1L%I>Yqa#?dPt#XdI^CzREK#A8F@VX?Dw6@-{{;t-^Dp^lU>r#-0V~itQ41$YdsI*Zpw5b;htB-2T7~Q?nJh>aZwVO z5>RuxCtQqpON1wU24OGEI$}S%kA0%OxmwIF%ct=6`9py|AhAgHo6S5ba=mRW!=Xk$KFzI$Uuy3~8mWCn8lPRdgKP$T~I{nKOYA2%pTwUWD1 zeiF6WEk*)=e?pV=eAO*Nx_-ikQD1s>7%y2FI*f8botbu6+6{C5*1;cza=x9ii-vw}b}0ISPeZTN$pfPLxEctmpfPo>Y_j;lZS?f=&4KX2JPdy8e*W)F9$?wvT4^*6J>_yE4U0) zZU1pE*I~BYbR6g&hS#*`)4|;Y{!A!K$$B8I&a>ie0-{m)DmshLE$9V4HETyDx0mtB4)UzUlydntZ&_ z!i}DqSUmxT^|2|#M%L=}x0j8Oq*xQ(bb}jRP$;Ljv<(j0UA89Ie03JcxtY=1(3{s3 z2f!h&iYD4Ji!tHhdw~Fl*tg4*Tv_R%Rr7p>WZAf#U+6VS+|m=Zz5{in@xlaN0ZYz> zh;xM$gug7S2DBo*(xdhgGUbIIr8T2&QUmmb{$Zi0xlj`-vLSQtpsXRaVMJ;Ui4WPj z%@f&T_$VJVKRD1?peg@DUi1*EuyLV-(Kdp3&YAFh8vJo4rlf|}BcF;E+cFRMqBvhG z1RlwT_;h=B3iXSyk7CX9r@Z^<$;&t|!X2AB)_c5NWL1eT2TLAm2pS!jtMEheE)(_L z36X|tt1I?Kk%GBhFM|#RpzYRInqiys!F-*R(;Ludb=tlLr{CkoxFAx<$1BjU?swj{ z=Sm5a`g|L^2uKRnQD>S?g&H9ABWxs|kBQIWa$VjrZQ0rozO(8v2j5RIH_4k{AE^ATT;rO}HJ{&Yd{4mH8t7?Wqs$fN zmoPHq>n>)}F&eNY0-vu1#0%DM?lTzEW-^(UoRO1PzsA(-l91=3$1jno$8Yiu-?O{9*Q=7PXQn>91|rPaSg~B{{xNZC?@lro)wO(Rt#c0Q z2EW@0rW5>Lqwy3k-dWM-n0Op$(LjAGt>A*}4%_UB<%&8NWLzNdfr zD1Y4ndV1fWJT^!y06~}^I-;(BC%f6V)^l#kc_aM2XTUx*ES14P7-MVi<~$zz!~|Zr znQ!`L6Vz>bz!fNWJ!WfZpIEoZ-nVHl`R9PGL}S~29+MC8*6^=ZQu^3*&d^G{uAc|8 zI?-ppZ{DkGK$OB39-f!z#l0ve{_wX0gkX(agI7uwY>gWpii31M>QceK!{EWd>Ok6hP6ZN)`A+akth-fB5ia zfQj6yim&0w}@jAaifH%Gl%IkdYJ<=+=MPchk}pI z3nOXClz#>Nm6oY8RI`ipvgD6SSNKejpE65`%S?8%QpF1x=dFiIlj$Ly-q&yS_G4{r z)8A021PsvjVcqzb8&?}+#UO_B%Y*XnoKIEr^mE8$#W6c8$*N!GeRXBrKX)X4gOFqP zLdPCXXMjul<&n8P`@Bhzzj?yX+vHakM+@{D3)UoFq;tf6+QpTE&KVMvt4Zy1%;$61 zSBm>EyB+%^D8>Nbr?)($%n18!R*u*63pG68DjjK`!RFoq0$=X0MMx%1lIC5wT*|`r zP<>!F5<)_r?$2%dKDRbu9zq;FZfUVr$kdqSPYnd8ixPF|mSYjgVP4L~<#0-4iY&2k zOCr)C4==L6u%F3<-eq5K4~Q5ZYG8ACd`}w-X``G^}SN}NvMHfQwRuVA6yehYtK8CLAh?{za zS{t!a?n(q_ynfMry26i@SkHHPmjQr?f9ymjuFLMh3euQh7n5QHlR~@zWWRfy;g?D_ zXs-LOdxNbV%yS^1nJ~Id#NIn7=JTNQPghg(g{OFgYJLwE0v(^c#2N&_sSo0Uhn*hE zZyKOSg^&HDjQ8mvzcbOoPh|4JcG9Xyrq8_RRuuM|t`qYKlg`Ok5`1+$*sr}%e>485 zUDfx48*tVH<@Zqp*Ux?<;x@Q%tv`{-No29}XT3Ca03>L88T;m`ZnQhnsN0bAH5k{#OXAnNY$ zJ4TO~?@nIt&FV^A^V}|xB(W-;L}MX*&C(zzU5#OIOp$GU@eAK)3v%7p)Nla^r6G~O zhEG)bt-6vqY6d2E={k5VHGBnQ4?Yt>U3^xoRX0CZ^tnAR91HW}b4E(=mj>jGms#bI zs15ra%R2UNQ@Y#+xmp?uI+x)o~D|g5b zhUW)_I{tDU$GG!l4o3x#lR;UQQ;}2<^|3ZBt{g${9TtH#Vvk=)Py{=!j(Dui{cH|%YToo)+)(7#2u1=eodU=ISlMxY)V`uxb!Mv_{(^*s zg-Nq(bO`iNgM3vA+4eY=Xi^4bmOCR$h-nB9{Orz~+HXr5(C*Vb2d*oe(rR(n?(=f& zeVka8f*(tj*((T3LArVOyFOCnLhW@%TfO#`ZMp(d3#n-$`Po6e4f_(ROfAu~|C*%#Zna z+3FJ0GSPv+gRJHzU~j*vI-Hi&Fh z78Xwa@A$W1ogZ%-+qPuGMb_?5g?GB0kcBEaZ}t15B+WZH57Z%mo#K6#K3=dx!e5Z< z$-3VYfrw%tl{m0|z*B77<4I8|?f6Ty%QPjhQv!!_0Cmfx=n(uwqyT#U*wCMFPbNV? zu5U}0fl+@ys0iz>x`Xk9BQw?_b(~J_{+44Tc3w7p07*vgAtpfyr|&O=84sZT2$+Ln z{cXEP3p-ZN_)sohzudF3QXBie{3J%l>0HH@*%Tu@&H>)>vcGDvmdW9p_K-kcE-U-= zu%|vQqC`5A?;(-v@`0QAbS$C&ee~MFo(Yan~?aGO_#6$yB*9jHgV?0LR?_74lDVCD@x;i~j|7^0Q%O!Zf`4?qf z+{3Ud(BMPj@OSNkcyc?BxB3h5b-*r#cYefskdkkA`BwBKcc=|N*)O*}Emk_DCt6(k zYRxWlI0*_;X5Y^Y!qjKIzh00L%aP-zs8F%20Pt>#f2WV5`=;WU7`W6@MI2!|N)V0& zcJ1`>na}&`2;mGyZt2YSeh1! zIeV>Aig$R1d%zVCLF0K$yRWr)-rA>hNNIGz7u2rL{m^j095r;9u~37EQy}WR$9@SI z+vQ)pR?xw46!x~ynh{Xk9jY(L1L31x^yp!2;Kk8z8Mea!NXX;cdTfAGNqu;o3Tdx? zgwkl^PQR}x;b>uss`H>fy)V~vm$z}&AZFrpFUA)}?295O)5o96=G1`&i^*T9J$_zQ z$~KRe7jc1~VGiSwr?ECB*@tHkGD6I2)uC`Hgv_Z9t&TjtwygXwg{VF7qBH9WTe|1- zV{%5pHRoM%PP|{vHPD#P1Y_B^$>!lT*mYF-e!@JnR(+GmeWjzuflrI0P_MMgq5OGl zCy;!dvf)mUZ4^5q&>>6Y;+0Eg#^2CYnO`p0jUn%8AK_UJ5K09XVAQEp^D*Y;&fYYV zhWGoezLX=}&`<9hR>xZj(PuAESoM;YiF1dSp>vWHF?x9YS$RNSKz&=+<1JAOKV{$i zFSrzzsW8s>H&dBw)c&OMb~Za+vqhLUKU=RK^BPl^X|4p>{eFRjId#@vT>r&X7V3c|ivF5$Pi zhT#7lT?8jr)QH{pcT(Nbnzu${Z`atnQj{Ek$6$G*iWVnh(Q;*>E-&<6(jmxeU zCPH^-T{WsWqAqzeXsHbh@>xRhaXb+*IH@3sh*s>L3;rmi=cZ3`cMl)+=8@es4S>}LaN0sQ=_c`7^aKS_3ys9X5g#P`ej^q`{z@+0 zbpHiNsKld8E~TaJNs7#ZE%g}JujvRPpy(DF%WZp-YSgDoym&fnN+AA~=m3K1zV?1`njP`w zjoudn3c5W-_VnF_XV}4dfifWfs0hyFbA8VLlwZ%bZql%*5QGEtN5SC?-;u7l0;G z@o!V8Px2_Qq)f|{8TBh({#_V%dgc*Z-0tl2-7zKi@>>Q%S+GB*;hKd?CBK+6DI)WS zwzV?LEP0YF1gR?OA_P3PS`}(t$I1I<^jQBX8*W@)nVi?J(cK%&HnBgyydPu;;cHMB zsFCFX#&w7-?+?+13p9)CBVo*|hc2yFPvP8|fIAa=c{t`vEY{#TT*z&I;U8rOS7^ z++NHemEdj+r}OgUfXyJJZ!!n-YnuDkTc23w;13Ux^`QpPxE9u$14j$_aqFms(|`;@ z*WR_%$%~x_+sgO0uX$GVJg_(Jm#5RXsj8Q(XjC?18C@UFQ~0_znBDoPA0>{1mt9r9 zQx%qy#(JgEmF@X;<%3BXUiy^Cgc)Iq8fKGjt&M`zUKrF`?v8{`G@iW?d#Vb-w3GDUtjjHgSS3NQ6zW0UfSX%NI+RaN_szV@|DZBv#O~p4j!Jwvi zO7yx2{VN~Ap9TBx%w!c@-rTb;h6q4J_U3PwOIXxO$sUJK>FhBsw5z}Ccm68P)#iJt zV)PeE7Tdw(2CMcK6*BfT8Qetw;}MoGY)?em@KQm73#CR}N-Led9C$9)9S#e;)5B?-}CHUI8aU>tE@bZ@e>L~aDJ;TXxlP= zXmi`v3`h*spF<x~)iptP=q~(njDENJ)>2h5`bRJv z*xExK0a~(zg5*}Mmib8E@+)caYxux~fl1@6Kca{Brt70!X#1@Z_l4)yWp2VCWXeB3 z>|)WOVP)uE@i0A4Z1S}(XSfwq#uefNlwKmktVJbh+ECVYzpOsy9-gMEf*$k9d8?oe zaCg=rT(6SWh1piFyje?AKtoQStVW70P zMLw9A8GXB5;_!^H(St{CvvG-ZZvAI{Fs@_r8wNS_hN*zlFNc-_b@wjo8Z>^o06mxh zPq3fK(G2>i_=_n1RJF8iU{vHY)q~rQGd%%4*88FKSdFMI;vxE8sM}{S*n$lqo?Ps|w3VJ*GjNN0@orky8;D<#!0T2(Foa@(V#&%UiJY|m>9eu>JP?GBKYh@c(f zPaG=M8IyUxZzKJzhysJ$Tx1{UupCtB2g<}xI zfTM`FF`1{Agl{VNI;^(mhUVX;MrD8eX+N_Enaey6rT$NmFXz?K zfRE^bN#{~8GGFb^!Mr{BXy%EUH1j39K8iv-Cmqj>N(oG#vb_okfw9FxW!Pa?5Dr`(!MIf{|lZ$Lev zCom6WcPHL3Nk2cdh;u&L4TpK!8#rYpo>N#pCNkQxH6wra0-V~-&{mm#kfwa@moJ>4 zi;B7ygR7%9VV-rz=7Bo9rKE>4{vDwI;z{oeb!b12L&mE2`#DB6YRmVo1gG8F_-V@L zqfK)RJwf$=XkOi5pXJ#jzT0rN;P`THo?q+QU45w6CiqeinwjWCB5$tnlN1|j_D1S{ zSgQiwk0Xn(Bfo;cdK2h0@1+UeEYCI9mH-%MM?m2Bh)gud$eZT@_g74HaGix^*b}8( zM~`0ipy6xTQp_~;^YduV@fWr?Il_OEj^~Uj)01{s_z)5r=QC-p#5pjYtzTICjzo{G z2U14=;ld|q@cp?PDtAR_RBSGB0&Yrw{h%4-2g53yjxA96;_ae@mj*edn9GMad_BHn z*FuXT;|BiId^R=v83BxXRvRM7UPq(JiH#1!S0zCoJPRQ+Jx&{X6Og-V8r1gpYB9-u zyC(J@p!G8Qw~Xw?Qx5RkI_k~1=dY=|8PdGpH!c29d$fnDIR4_{3&=LBxN1golXRc> zaNlyDKf^aY>&-nFw(K`(LGqmm1T#4nSei~-dq95wGp%CgJY zL?CA+pIRAYryW>iMAi-JS3{ua%4WT((GMV&$ZJ%4jOqM~XmzRT0Iz;?aEN~IjfkG> z{CXoVeFQ4$?`uR)Kw|2+iv(8@afO?g+f4j#PMcQ#GU_xr_e!%M#0_I|}Zg-bKi z%=z_G6-8gP&uzjolD|#wxutv5X>U7;Rb==7!U|sLfgbjIxr{q#eEFRUr4_I{i}g$e z!{`V_{-d>wWFdu&M{^YczdvF0i|Ezl6S}sn$-LO(m3)sMtPNs)ja1@viVyaDhEpVM z9s)_a!p8v575VA z|BiE1!vS&G%VZzt1-mWoc7z$J4%3L#__~$CHVntwflW1zeJojD*2h2VY@0vBlt)+_ zCoIEuo}DolZ>iC^&x9|c3k;^LvTF8Qk)|5jF~X0U_A9cL0=#q^)Q3^Yx4%6_|Uq?0L0sk+mE%$x`58p-nWdL9edHH%OhnXUQGvG2XGuvMY^$tVXhf%)l zQ^k0?O6)Q~JL^sq8KcHPs%9vbqn~RQwWKxFRLAr9*)RRDwPeI0Zb_ssjGK8d=^xd{ zwo9@*{ETW1zZ@=;Izy)5&(0C%vg;TLeRR&rN>ucseONh4&vWqU{evqp>*Kw7c!e%T zsF5pK_(@-o9zgeC&d}%B>x3cLnDN&(gMrNa8CglFH&%;4OeFACAr3QtclL%rliN`_7;CIEaAvgDR2Ax zsF+i99-qg!>+xb!l23Q~H8s~kEmWvC9rxuVFYjHGeEzsi9K{#=pyC{Rg|4Ihx<60- zCd|p`nn#KS@hUiTgGrhEDa#W;F&Ug}y%>M)j(a3hkupA}dfhx=oAAq)X;1BxUAAH1 zmRrNaQYmZ+p^iF8`8`lU)u58yud^*u&f(A0yd(tAub?^U0%&~xp*Qgs4tS?#%CpLH zWbt-V;p9EQqbz3JJ35x3`*oL_3oU~$g?e*4zFnF%=Iq@cTK0D|ySLgL0RT+#`99Bm z=KL;T%IkDl?sIotg=v=19g0$Ize+LF?w|aboV-L>KQUAw>m0s$L<7N|SB!8)>s@OP z?*0g=M<~@~T`e;`2iFoT5QzCcw#Fi`BYl`Fk~nUohdBF(un7{6AM-;FoKh?f3+f&M$KmZ{3X zm)mJ-W2fqiPL|n$nzj$&xt-)&(vxFsg^wdU*8>l~@A&na>K`Dg`+b4x;Xd!3hu|@W zw})%D$G#onhCpOAAE8Hh0N<;o-cSDxp2VN0o815+B ziBB*4d=5Y0>eBZ!D`5-ISv4qG-=?LuV?@%wxHHG@PuR9Kw%hyeT}_j_peF2zm#Z{r z9s<2VX_h-iWM==o4}Uf`ZokvtHhg&#P6AP;@wL=H9oE$Y3?A9z{>@)c@6bRBYV|%} zU4oyvvQOsYe9;){9h*w^Blj_box><`LXG&rvEk_6FIO|c%hTBjYmuz6jJ212amNp# ztQ1OQNYC>JcpiAQaE6xd1sj+P-f#*Rq1GzkV<=bS>R%I8jR!6{zvu2gvDjtvX#LZY zvaWP@s6T~mwdy;Qj@I`iIrsDPJ1=-oz3S#-0!9gy)uePT$s1zC^JzE?zc+vT2_rtX z+MiGRs?g8zxuMH_F}+>6s~>Z4X8UIA<;5*7K?BV5^*+BW26_DsX<)q2Q|5CkbIM5< zdNPL(Jzrx&^WQy|y0weYwHn?m0G2)a{1`a-;&J>K&@w!*uSYhfP#rBIIkIm)sA&D+ z;xQDpNX8C-dioFI#!=ApDgMi~`SLZ-C~yerFmBhUa>BBqQbuZ@75di;S35ZnNGKiq zAbj43O}w@w+P5Ty5Mg9a-?f#|=tzpUGs}?7U?80mhGA?}C^i)7ow-kV}GXxatFB4pkCNDP!@(6&P5nT z=BIx@cV3#b3Fj0wy$PBlUT@g{)tu`D?EG?JOZJARpZ6s{GK08})I$tvnGPlp)qv7@ zDS4}_AZcH^VvC;7P-t}`;gVfA8+D5 zA`6Y@ZZPm+ocyRrr}>o41h*bXKb1f9a)L7=Kst#>KZ`PAqGEq05gq7qgP$B{)*zW~s+o9t7LjgH5}-3;ZY_kzlZPl?swp z6tb=D+kfEWW%zf<>hb&r!$4dpj^XR8g|SSSW87jp7Z)jBh!YM|?gVs44A^t`R=?TG z5~8(pRhZzHTLAvzh$z2qx0CHU^(}^am<>g@V7P_K`vMEq8kBB9AY`qh?)mk3%5VIQ z#q~Yc`hkBi=n%gyUoOTfGZc^czIqIF0MJQK5-Wy;(ZF3$G)&D<{nT&LkAMLH*rHr@ zp&|jO#@Q3I-a`feq~l?hft$PS%j|n{QC570`yf`2*QJvq+BmBdtPy@t-t6B_n@jia z_OYGiu9q0Jbu3;^by*Il$$iHV$U(jpr0hL0LUdZ`I}%*GNtr zSEsK!<@dpkkcBZF_){P5&Dov*#@m7}Z`y`mpSX~%i{5FgekFR3ne-c+Aw!%{#8Yd^ zdCDuZzD;S6!1v}a_dOsZ}+`Qa%bI7z<7SL)xE4~MhV$=Fwx3c(jd1ba3XRmGk5un0{H6ke> zWraIjI?fPJG%4T;#OzbzLu5*%K9z^RHVR{Q#%X$vH58us7mOS1CM|SY>CX9PJjD$1 zK_9r;zj(RgxB5|@!uThWw`;(PISN!WA%mmgc|lvzD%6yV1u$mC^S%mGo}6#6jKD9z z>DLY?+UMM_cTWvLYf9osE!wFZA?WvH!~rJsGpf@Ie>=Lt3i+%vMC?w5wQp0atY6e4 zbkgK3QtcCTLZQb90kFQUwZ($!JC;xP{K88mUy)ODm=`LGSmK%pH+t0*VT(bH>Htc+ z{sR%x{jG?IBp2*(CCtQy=w$-)b@S~UL zx$pB>Uk<^{YQ`0RKq0JugyGwyDuxQ>dkl33GfG-UOmW87{bYNeAU3Q+e@b9$4-yL= zE>pBZbgDh?3sQ^X(1dQ#L9dxI@Xhu_GqZ3`0`tQPM_MqhxE`Sj6+xlAqtJGfzD7f> zY`%Y`vq|D=f?n_IShhbe$~5fb z1J9o!>7bqX;RKVYtX8Gl`Fx(K(~G6~Bpbu)=eNsai5di964yRl-DRuZ#LdnfbC;xk zzuG{No(c|WidUy`DUlyY`UBulWz7hbchsHvJt4ZJI^P=eZebepEv!& zKA-WoepHW3*mr4|^7ktj{7!@qH?O<*Zi$aFCtRBB4lkQ3;T)#|qckDj@*XWR?3s&OMG+=_ zgdrL{mWvlmG@$veoI5llmnu971ibDq+29%RnIl}xV2_rWqw;Q>L$B~_y{jOI zM~`Xc;h_!z_kGN{pK_+v_qSsUu1EE-jZ$<0VKcV@C*!8dyOSb&61-3 z-0J3qWQve+tRGbMCi#_D7|+kVG4ak*1=HO+556_~7_?wO;=sBEQ03kw5-384u>f#V z2l@_Eki+@(`%c#tBpkNr3pf(Nc-rr)v)X?gox0mkTceP&s$!fF_{S>L-xa=@_}ub! zX#TojPZuJ7 zma5PsFip_E^ydyJXpr+5n|49T!Ew*4!?U+kMa@e|xY>D-7xo;Ev{dP@+&biHe+OiL zySKMueIrUi%d7Jy@Y_BkOd~~>OY`#WAD!3Zz&#~WIRk-~_rM6jAGUiz4+rOX)B3m8 z^~%T^MZr`T57|n`v9C^W8njD`)akmO_6sm$lBsMj_&?<&(fGXzA-xFm$sZjZ@Mju- z*#iy9Paa9XisD!p&i;=VF0dK80sZ7$&CgGq!wS9g!&Jb;My!Mxi=o;Sa3djdF$uvp z8`e_^=nQ_Q=HA@SD+jC=p7Yi93Y7Du!~vt+q1Ub0|Vxr-(T}^9O{}hSl9#o z(t+RawRAAl#>srtgmXg!Zq@+oSrZX~>=)cTf36Y87WBSIrdIo=MEkEOmW_CT-Dd)M zyUUc;lW6=-cRVW2jJjfdQUke!w4!kMg(^B~1j*k{zkZ)e9(Vb!^i11X$PzO0t5psT zIgO|TAq;J%*Y06niTSvEMdgp!YC7yGYQ>?Qx{^fRi98y#Ro0onxaX9%mPYg4-oXkQ?N!P zpXi%5KM~oJ*dn^}DN#Lc-2TbYJ4%3cTXuYss9k;;^hYv+!uEMjb&w=8?z3O=$Kye} z%zy-LyAAugi3~vOc%3w8caK$a6!6{6iUu=%O0d9zwk=tNI8nd`q{5et3eJ37jJoTl*8K%>V59vB`b}d?XeI6 zVDrg1RSuAbIZobi`xHTJC7vJj4S3{d zJ%_=ExG0dC#>+T(Z zGHstT-?*c&0i`Jz*EdF*tJJ@LP1>95$M1CEQ4S#(){v?mHg$A%yZZZz1E+X3&igHV zceyeg7V@XPEOx&=HwPZ_k;pzU2~|FHeRO(Db||wLEM}4&PiVtI;2tAZ>=P^wUohjD zxnY_nPDgLoevxo(MSa}ctkcQ3P*gK4li5yh-BGJOw;O@LRr7CYq*auKbaa)R2BwJF zCa@}|nq`DLL|QCws(6DiNOOEWo~61KM|af!{N7+UEPf32yN4R|y(d~8z5tO+@G)^< z^5&MVKVbIo7MU0bc|q#R<&%LNh$i9z9(8TTgNsI7dkC-qnk?LzI^7$WP|v1a-zVpH z&0UJ(Ol7n6y_&BVv&b)fg{88vjxXJRyiQ=YUN65{19f^wo?;^_raIgn7)#>dK5m76 zC~jN@-4^P7KaHQaSsV-{|Co0e2;)-|w;PUp`ZW41_(h<{8INvX2qW%;n_=NW?RYg> zi_V+3mlpWZZ;IZ5&D>1lwpzf$O;5by(Vkookn{sRV9TQ9EPde7e4Dj;Pz|oQ?SJxj zN1hMomR|VtU(_3F9d`nyuZ&E6X-C(u_n<^HCsG+-JoBQPi?T-+*RH8K`NBGy$qz^* zx_idDjf4-C#4?b=ta@Kief{mnu3Z94V1u)h#|hjUcGS*Qx*Uaq@SqZZ1Y${^XjW>q ztlQ+)$iCl=(@EI*QPW9C1@Z!$mAGc_HRPS`@ukVbo=eO`qYiyC1CX@eAT)PAOM=Ij zt8;&^CrOZvMyiZp|4>%wcXmphXGlR=qd7hH_0N9qg;#a_-JMY@x}NwND9O2RNPr!7 z^N@@#0cnr8eLU|s=KJbLNG^RY4edy!-4H02zQYzeqnePC>to-zaM8uptYJ#;E;!)QhH)sy+J-a$F{nsft zH`StEVWRT3DxFlI%828(xM}_-<;a%2iw9E30Y0G#Xxt8CPS?4(XbCFv@xxFz0il!4 zm(W)TEDWmy`}luDYj$&4_& zBO}V2Kl?<%)BCIfEC{Xz{`~DX6{MaYaQuz^Yb(X`Wc!ksg9oUGC%HeSvxI zAIAZ+qyNyaJ&H+KU)l4CyK+CC(~xZ1JMjdq5KsM@9Oo&c6)ppc0Za2>;b0o&mW38Yy^r<6jfmLyQ5r3(>RhB;MR1 z>nNlzoQjf;aNI-dfr7 zD1|Sy&At@n7&jQ%^`{klmdRFpZl0!Ba2N-wgAWA%xmDL;d4pv2U-7_rb5QN8F>eZ3 zWd0VMU(icde1>TNK|UDctRIqIZu%kY4+(?nhZ?A^{Fpo9NNw$3FTHI! z!}3fUN4+`t5HI*9EFriH3?O3rkIARp+t(tO6rlc<+)9!CS-~cDH`z^&Z)~bRiSUwr zP!s)^^-eC|2B@&|JYc5fTSFsM`RT8C2^XiAc>PtvIr2w_uRR=-T{RJx888vShhd!X zgYqZ&PO4UeD&)|8Vve%zJ2nBn(qC~CR5_`DYm}_<4gB1=zBe*t(55M-_4bG^;^6Ip zhbHe8iIZ|fUtn6xh0c%j_je#J$AsrrqOT%h-&8g%mivUJ>$$l-?{GnQVYk29lR@mS zC&7+r1Smi-hn1mQ12+R}o5_i|NY!ktwVbbG6Rs2)H!AmKo2}Ud`-6Xgpb=B@Ox zc4IO%NZp(`Kc+2%?w_Vr+25v{GA5~^l|krx?Z=1x8@IMv(}bO3v6pK&{hh}OIj2sHB9PwPoWkS?hG9<-koDKFOKOd(PP~@*&F$9`m8-)mR(hVc zUg~MJ0O)U`d%Q%wNweZ6NhmZ)8$nwPgdB6}IP5}asE$GZXGmnV8%xKpz+slD zS|=t{AfX!gJ(8GXpw%}?U5G?2hj%x804O8wCNVex)}WfNU;HyzR0l%Ni6By~M&Bt0 z1^S$Pu{+;Ud|tfUI#LtC*DkpjYHyz{S&3j0CGl0FsYM_8xEU*4j^j&z{v6w^rsGT& zDNnNJ4lIisquSe2+T^Ew-Tq`wIJ4OMm8x6VWP>A_FD=w8GAP5V(6`b@XQ>REdeiMCw;;rK??$nni ze}6bv@8;YB&O~GAnYrd-sv9w%utgPU*WwhMIiTP00e*j~3ht|aeN@k)$*buS5*}(s zy9+ZNKg|4wW0HHVqgj%STk?V8hQqAmWlnkf#3a6797FGU;(ojq?BeQbb9sG&FX8UJ zX)(IEWeQIY%gxQqV!r9P|`LzJa()R?dv=q^@lm~p54(o4}4v!?}=M}9H$Xw%jM5i&iFGCIl-S_W? zLdLB<$5nURfS%hLcF9R)==x~^lBvk`woZsgI zP}mD!SH#8qeMtA(TGMMgZp-uw+kJ(6IPytb0PxABRyxIt!hLU%*-+g(9cj8#mQuG7 z+eil7w?*~5BbNa$%%<@$1*Zb`Cs*Qnk(gY~{_G+%%`f>qoXQWFK4M1+bz>;Mhm{@$ zN`lzn(%K`VZ64wm|v6-ifBgFGv{}`dK#;YfV2kKLlaJ%}ec;IZ>PJP8dpVy-KQ{}6&k|%|01Zny zxo@BFS#A2cbh^Yz4*v6!!jkjY%eb2&d`1tdYknT@?|xy1H{_k0`_0F`tKJz+Z>jI| z1kr+_InT1>lO*);YlU}u;6k(I>Y8r{m>0ZJAR8Ll8A$q=P=fDaUj95a)iM3VeMR`@ z062K+6aLTZ9oTue6Yt9yJ29ne#oDXD{1p3pa{4{u>f6Mxh(89{I@{tq zC@<dd|^y^DK3S6b0y_~8$$S=)3S*m41&U3cc4_X;hLse_N;93@K>&pc4 z#JtC*;@Ku^$hW7#2I1qYukO-VJwOCgiA7P3)WLdQMKgvutW!Y?u-qJ)>fb3sUEcQ>Dw z)Oo3$tn(drOjIA862^~UnUr0ZMQryEsrq}B;NC?Jsf+hf69VUVYo^IrqB)G;YiqAv zS|MoDLejTkRP$RWK~SMz5Xls~qix_*=-9>my!{^KOW)>~`1^AZBU1s@-p>FfGp&4- z@5MhI-QPLy3Qo;@CHpR~J2+Sutu04D_3kJopEJTZu{1pHp7--U$nXKF#kNSSXEYqg z$+vjys~dbtXgtHYmr9dQzL{Z{)R>-Dn$>^)AiGWd6pe)&uwp^)>St|@o}A*J$M0#K zdVqs5Ru9+Iuk8!^xVa>lr;qTf=6f1{7)cfJxit&>-t7U$~`Doj@UFse_xL+8}~0-_9=(NCy$io>3S{-Q{s z?(~nI{YMz6kW`0kw)eQ>&-aR7c&I1QrRuo6pekFsnX;!$h`rdOR>$nTZ*Vw%mn zE}V-k=xWk#(51vhZe(PsF1H9ctL9~c4m_avJBhLqM>p@H ze6NM zwNEFAPhUM*I|;p@REO>P6~Bixr;Gbnu8t~mCpTXlH8O1la-Cwk7LI(vpP!DPBV!MvVyRkA^S+!hxL@r4zwQUS%*VcVN8Hn@&iMM! zu15_QPVAXvg_^Jil!{OS-2sUW_o76XyPgd#+dyZZUfMO(G3x!OeWIDcC%gl~(l)h> z3TFZwOu*2@IR(ruEvs@Vqe+Ilt<=~8Q+`q87JgB6IR(_4F}641*#Y6wmwQLNYBk}m zP+{6{U1q-_UP(PsmYmEd=N`7`zI@EM+}z(}PR7yfA5g$Fk8LEBNyMC02_169)0m{Y z5=-{$K#>{Ex$-l}`aoT?hOf#85&&Lr(ZD+B%SCoR5Q=#of%pK&v=&tknT)(D>~l42 z`^Rk?9m`6U*w5M4eO4F)!h=+Db{@W2Hf9G*-9AQ~yre7KOR+K19TCvUM}eUoeAQnQ55xCPg?<=UQa%R;!02qm8KZ3a zX*zzVuvJpTCY$qy!1m*+uTf4XhQz*TBC-PND@QNG*Hhd7$`;bE)Yzrr0OoVfGnT%Qwo(LR16;XjvsiIDprOey^; zv>{SMzAGkt@nSq&wO_)anzLU35)R{zo+Vpo32h3z_$?G);mDLStS{$_!Z+>TXaV=T&3;$qZ*B>{OeG-ls##^&c#%ya$m;plCq2^#e{5Fc7Et8%`vmF~v5~ zptmb$_v<91bJm80(ZSE^>CwbHt;_R7H?BR%!V9i0r;wSGMDqQ^J>Ki(dUKf~t%vH{ zq@LF&3O(V-n%_60zA>k{j-F)D`g$8uL5q2zAqb!udnoKCO0dZ#I6(WxSD~|$@QMsL z;#+GR;>v!VmW8rjbnY+Tp2+s{80CQa202p4oTaFy-EuUbkRLp0E0GV>s2)&%n;wnD z{4PXr_N`Hf)`;sOt0x`%g+nsZOaS1TYbPAJF=fw=q}fnt@93%kWn<}T<*bp zJCs+UGoKf%TU-5+l0CqbEBIBtlePG)Mzu#2!{j&7_gyznpwDu|wCZwx#M zDbt2;zCv$JCV2W<_50wU&Hdw`Hz0ZemKN)@S&$p7iUSgg)JAi<;&r|J_MWywBh}h) z?j@1=+`G7t2r+qk{=pZ1`rD(M~V&$^I@EC|Q8Z`rEX! zf8fG#@D6Xs>IglD@KB(c)1XaYr?N!ZR#p_$VI82$uPUUgK1y+4S!Gn^3j27#uU&qx zU!SyM%pjg8IexX_(+M3qT+;VTooGN&YO?xFhrbdEnFdR0yZ$?5t1ZJk;W99j7en6Asg^d^<`**1oCO0*P&5STmX)voN)>Fwc>S`wd!ht7&ip!i<@zJ|srjosvil^iDA|56UL?h~9DhR)y>tt(M$$%>z zf?W_-+56?SgjuV+#f+Qu2kPRAi3rRl?BFpE4;(C*$RS+GWMR1=eAwVr4%;e{`wT;f7dDpIF@Z!c%~1t+_?-kqUzy81-@VSW_4^T2 zhi{6lMcqt+GHzuXZm>hv;ck2m_C$)O^m1LwkfJWeHu4gvFvQo>_JmF%->#jK((Y+2ACjKKiv;M z@?*Y*-qI(eIwe^8`0HNwHeX}EUAX=9k|W^( z1$BWT-DPA&yIAUAI5*d?Hd%gG-VdnP6@~?AK8k{+5_0A7^xd~Qe+b?4r!iJ&Qn%t9 zoPSq^uK2V0sTT-NA(E~SRJDh8y;hoK5+#ap$N`p^l1YPp(?-$ z7x-~l89FkDysocT{_S28=4?vOBpw%c z`Aaau{Rqd1e7fx0%y}t+_bbmlY-|RA3h+=16VH>PwV(y*+Hn3>2hekY{xbIJ4a9p( z{rOkpSNvVo1Qfhp!ZT`h$l$k$WlPLVvMb|Wp*zqOjdx8C9T|W6frIGjNqdlI2K@w( z@?K01VYf6sR_fKI@PW*TBs1mk%g|tYW#aMvrVmx6Si0;VKfHIkIw{XF_Yulg2BMe- zDWOX4;f8EUOEAloQ>$J+4hD7&C!qVHSD(K)mWHHE5cwwSHlYBCbCBX8!E= zZHf@gY9L?40&H1-}59%L*WnJE&@O zbu$9zgU8+N!B3{M>Jts{PdwXqQ0T3$RF^fvW!_gpt~vco6ZZ1#i3 ztBFSf=>^ksILDB;=Tn84_D73#)@If3@Z7EeNEefQ5?WB|IvtJua)p9#-a6-f8N|wWEy+`bl6WL zbYadz@VdXC#R6|d!!yqW%kLrouG^n zunTI{F9b(>qOS(SDg@a7Gn<(S79;i3m^*Mzlu?@*Zj+b=ER1JebfTH+v0?10cV*67 z{mPFFJGxDj?4FN50?IT(eFx%Y|K?mi10wxN#>`v`(MJBZ63$-f5tcY0-u^xqC~Z4_ z<#A&Z53^kptQVz(BMHmT|U z^fR&{NJs1X-sJURE)=RUPaXp6B)?tELr<}N`{JSLEY2_zyy<7qxd=YDk%{9YrEjf_ zv?7ZD4B_)J@^4EV?%Ce<$^KmGH8tCBjTy&}#8vVkgBr2Fy=++Qd`{obj`V?{b~el7 zdViHkDMaHJv|Fk7PCp4g-b|XZg(5D?(CV98UW_&NlG}1|x5HyNKTOCVFddL`#)%hl zsI@4WpFSUo-vXb%vPXiufYVKf~$c{w+MU-kZF89eIe) zj|M@t3Jm4&hT3}Z{gj^w1xm3wZzL+qC*;+iU>?KQcp{+&dARLEKJx4HK2$yrH(F30 z1sbx`n3FMy2k})ywIzosgZ5x%dp~1Uv#(au*1W+U3duZ=rUplO4@KT^|JZxWsH)a* zZFn0P*d1VR8+COkh^xDMnX9{d8Q8H^(5+jsz%DEdLOHW-=Fv2JBEtPT5~?@nfG(YbzfK99%Sk;K840ZgaBLxy~V14C2sxA2%|NdU3zGk z@&uF$l}_g3@Pq*pUqus{g_5vHMv8Eq7_!1>Ba0~Pkc&)E#T950i>#sXm;`W8@G=tH zMiMZAAq`BhQpkv7)e%FCr^dUPVB0`EKFIXjFb-3gf{9whJkYwuVj?23Ea>GJShTQB zMic0v(58skwMwZR=nUam&|EGuUQ)9NLxipnPe_BT--xOND7jIjbcWC@fmRwW35x>+ zJ*427WRu7b5GkDrXccHm6o7xYa2*jI9Ys34fgKXo4r<)(AOY{SmF5N=Lq<3ThwD5`MS&XfE7R5TPA zylzCl09*?NngYxlMynskw5oYwER=@f9O%sj@@NLM_=!|@oLdRxTqL83K&N}6PE7>itp7ZF>aMuyRv#X`P}%D`F7QK63pkHnN()p(1|N98CX zZ>6P}tujAGNDvc*z`GB-sSZ2N7G$}xbkL7Rh5+i{a;P?ulb zOZ?Ew?emz;Y`xJOM<}C#xrhr+Ye)_q2gv=w?4<(pC;SV4^n6yB7M6x(2va-LuQnq6 z^;Ck#jq~f2L=3=zX)vx-Vpw6fk|-Pvk*s%wu|5(Vr`D)pGBdqKJ6Wk97}+Qq@}=1g zK{Sd82w~V|A!EsM8r7}DD(QZ#5v1t@XaLY_V^*N8#hcY+;Af)?ke7)TFp2>yjx>rh zS$>QdEktgQAhuGxE-6tiLFO88N=B?E9!SGWD1eZIEhK7REUZRMV288#b*{cx2K@eC zzkpL??2GtI7$tBgQAvJ$IBF6|Ax5MHEikg5d%UE!Srk@vTm_PlG5`GN~@QI;;uM;&P%`Zk3_@E?JQ8 z1zm0n_z+aC*Q--o+|b|?1h##Y#T_*;xe_KPDg{v&8z{E|;~!e;fEOC0mwALP9ZJOV zf$VWaisgqmN}n1&f#D!AWI-Pkchn?G3~{U+9CW}KR?#GQ36L--0Kvr92x+F6KkCPD zRUrNYvx{jZQn^5;>ehyRc0bk!TRdt-On^gK1BL)wi6;=ubb%gNJ#_SNByMJbiG=yY z1bBsyhjVGPkuZzxivlw#0B_7ftyN@KD(rrXp323mKw-qgS1Up)Mu6%AX(KCHW8*tm z3=|kAG{YkCff$g1i@fm;wAmepsDc_p>HLnkiXFhl-3A_BuL0g;y-^yFpu=@u_A9M*C2%}h{JkhUem>R5rJxU`AuB07z1}f2G(l_Nfx7FWk7a? zxK&K8j*6Gtm@Y1r%Z-P5MkWUUCw7Jk_5lSQi>I|ap|e#5y+=_O*T*8d`64f31SM{n z4KXW&{jmSsEu){-a$fpNx-N9pBMExp+6J;1D`1q5DiWM ztCCq-rATbkqKI~$8e?@tQP9>EP|Ja~obJ#my#^jZuZY?#9vn#ainL+}5!f*7YLW$v zE7d26N5GT|{XAe#l>kq$D;$?Icu?i{qb0Ck1GO~(CCUAAGEe9vVxYVMA01<>yb_EQ z80c+09RVApxoLEqHy~wefVvL$8?-u*eq#F2GMCFrivJb zYo$A(fChy03U|;?Vd|m|GQ&=B>vcW~3V1C%phRm$V_6YBFi2A+AlyWPB#4blV@O#J z9|q;;2I*QI+7t)QHed6o|mfg$$B{U|@)BaXUTAXE7i$18HU|Dy+6Rk>!ZM z_2_X>O=X*K42C!yg2aT2;?S6(g%^p!B@{CV68dCejh^5zIq@2TAcW?I5TGs7>;$nz zoks4Z5Pc#u-5c{VpL<45gm#6lXt<{5Q<4Uo=?MM`DNWVi9O0%Y;j zsiMJ%T!YpS;mWV9&7W|in9PC6HO9-<-*vQ+8Z&M3tK z-859UB`(&wfW8p6!tqWGoy%1_4b-sTzy@Y(F9R2rK^qZ^hK?L@)?cuT8;sMll4f z3|b4-QL4@p!P78GsGwLOXmZ0+O$FtiAn^RkElh- zK``!B8RZ&e7$iJ7ORv=s01FAIIKLT**;sLQJZcd+0>J=MnvwIo9*qMaaxkDwrOHf> z0%xw8?jVBJN?Zq>Axe!oCUj#w3@n<`{D5CK0d6cR2P9}9 z>?47;R@h~tM?!E>r^*OYFd~8u3w_sqr2{s>70{ZHMs9TJR4^>2`JwBMECoFxjp?_SuH;dTYON9- zW8uSmI9ZIB`H`RSaeSZ^B(Nih`+@v{C;k8OWB%Jq0bxh44*vR~O(dWL3x_x{|K;YW z^kNWMVoNka6kl#Ou-s7!d{h77%|!JE&@y3)ae#D0o|Q`xa13f^0EufP7@$=EvKcfo zE@Yln>eqWIZY~u-?_{zpL=6bp%wW``jS?JYhE2w>h=CCrhtmKXM}VaFakN1JD8LI* zI3^^=EmRZT8fOPxOeBLwWSO)^6rDm0hg?)CH%>7HAv~fIo( z70KcPxrkxF$AvU5q%RR3E6DN~gaMt`Bs4;!7Lx}n4-@5)0hZH_aze|HGK>@3ku};5 zBAJSqUPKO<%*bg0okbrP#$0ZNCSq1Ou@<9+8lrikT(edJX;eDT1|b_>M#Mw^9-I#H zTruGJ#(HdSJdO-C1>h9oVuR=yO$B)#t3>VwZzp5~Uy?}P5|2nIZl4^P>@g}ZV@o6s z?(cXAn72?7k02&8aFm4P+j5Q{^iJ1b~I5XH7AqzHpP5!(lB{nFpeu2x~#=MzA$jEsYXg&rIa3u03g zJ19BXxC+pC0CYLckLO8LaV#qiB7tHEx+#7XgDNA-4_AE&g%aB`rIU>lieb1)8QA(mCgL8*W{is}e?$TE*j zpoWflCL0ow5(`l$rgMByruF#vXbKc+1RT|G)tHdg5HYcJDj(E)nOrE|+VP$s!OPi9JM~4wN?8W)t-BaaDMaz=S62=@xwq@Ah)gAT&nQA~^|oQK5|K)=|B$LIqAM#y531(Bdv zPoPpPMr%|`rP@6)J}-u`G8o>N8j3((chn+PvcN_KaPZP-h*DET2;2$KL&zY*sZ5_S z2I5_A3Y$d_1pzT@QVQZ8r6?MeyX**Tjp<|If%zuj6Z_E+Ajc#zJ5_IUMf_334Z--S zM7DtzGQ#4bX5gWrfaOyd42bdZ5mCwrS{sOJ?IH>*sMLbUk`vUJH3X+N0!C2-G+6-Z z1Fkne5z@F37r_pKTzsn@ZqjK}VWNmXE{^L|6iAV}LrRs8h^!?l0iHn-X^9F!fDQ-_ zvsoDi-Z>xD0SW{>F&P)+X#}C5N`Z;U;Ap&7poG_j8K>idZe}Q;GI2o?3o)%;(0xPN zE+Ngyq*xeEU=<)nwHBF&t@X-q7;yH~0s^p@p^Rc37KKLMJ1*VfK!wo;9m5RLLLrpc zhI9IiHsCU$p_q&amlM{TIZ`_{2*-ktFOx^TW&(6uv8)^~23Rbq(wKk+>o`TOk&(43 z22m(O1gHo&i_7N?$h|T*!7OkH^;Q!JK91_)aV-*aP-v9<>?$vCIY5FIH2J^_0HhmQ z!SDeIS%?n!2?I@L<`8s1!vQqQ2EM|9r72lKG>!zh4K<&HCB*S=8gfO%$qKW8ILA&P zcns8#DjJfh$$AyY2}MOgvY*98ThPcdPUh>ZNY%zFB_hAZ`7DJK&k2b5Jix?qgmPFE z0G%BGD4*4735FsLT0AVWdaOcNih?qe1XRXsf*4;dR?1W;$mh!l8gf7{faYwol;lR6 z@B}9mvmhk53ph~|HRxh6fLYBdkVffLg;6QO!}XnV4uxV9`WdifQn^tHSBXaZ2mvt^ z8niq;+!eqYJvNcR6#`BL22_GAze~y}JdYs7#dUZ$kHP{4SiYOV6L8sjlNv2H;srvK z$)+Lzfn?m|rUL9FpoD)w_#EaoRixF@<59#0MSKK@4aGGPHBJdz6-GlFs34|tdYL%A zfDE1cMzsM;6Gsg!S;)xsLGsW5jo})mmdHX0pc_c8m9u#=Psm7eP(m&q0V7fQ&=_1G zPSAw~P7{SE(&N=~hnF9Ht=Tm6|v)1L&Vy z0S@OwjCCA@qD*2gW!n(VudGw_OopuuSile2yUH#-~bT_9a^K;>$x<&3hl69bY!0?0N6^D+D8kK zn2@s%Q$S7-_+(>Hj<8|GBDqnaR6(1FKtPCD=~1+eiWcg00k4e@#8L3<8ZX3^K9og5 z$J%&U8wZ19fa;qGA>Dz!I4c9V8Q_k9lt&{BswH$S1JV*~o`7Hy2UIK?PX)xrM3NW0 zUM2^q!i2&&-R#jQL<%v1VB?d`E``wTf}Kmm{EeB!a*r`A~=;z)?htU1lst z?tu6KEnxEuWY9$vazidm9KcBwKi6u*Gt_vB-i;4Yxi};TT}u_aT|uD%sG{K}H4=%+t7oaCWOm5R z@r7k_0vVdNpwF8~u!H&*5w0f+dn00f7^H6eV!mEQ(9&aUz(ioMI)XR=`yp-Zbw zq(P+`gXYR4APyrZq1C{@rlOKVe81Xa#>TZ&ssZs}flY^qGl~Hm>|`> z8Ksii#p;-e2;ypPg_$dm&;b_>7s7`mOa`RO{i?7@YWMSe8Vp}5)`S=#m)_>r8(cC| z&?+GjB{mGo>J^8g9Ep%0rm#IBg#&pkxC9Y8@{uo*PL!ZfOiB>s*x4Gc#buBA-Atbz zM1Gh`chC|+99xssjugSDd@VbQgP#!l;EZ}46PZL&fIeZvE~kykH3x8BxdtUv$Mpg; zT@@8MI8u>aW42FYX~Yywn1+rW#u(4dR1<_Ix(2f-@mkpf=6lP86}PNFmb?9I?C!l0;~ zvH-I9_yJ;#Hegsvbl8r<#uU`BPy(!vXc;K{fbuqzCNlu#of&MZ4miGyZhbJIl`?<` z%Ml`bY!|(N17v$d7xYR60;0^yHINNqgyoAGBS7&B zc~VuThjxP@q;ok!Hzfa@_J1EgFSdHKu=7m9;H zj9Cn-_;?8EI9hl_V1f@?1x`Q*^37}(--yeY!wD4AOd>@nxS*LJVq=u zHECsRa@?kllRRXdNySu}bSkMx%M~yH63P^s!8?y(HGDD40ZQs*e^`q{B(v3Wg*$*^ z0l|;ijF@(k9VA2u&={hLl7wu9nxW)E;!B`1LiR9fgKyqpw*&G2R)A>V9Kr1Y!zV%oA()UMke#c`6M@V+F#QFy3Kg zyLd`E-Yv583^XC6L!Gw$BNackQT zXdfB)#yx9qRCk5(*HV46lsCe4)^&yZ3)>HL&+5%+*8cO`*qmSYhaC}wmjD3P@6p?8n}LH;|}Tq|DMJZm+xZKlZ52cJ{tr1^;z%I3t>AY7v#!n`X#5H*C%P|NPMZ+}@c3 z+xuLYeXIBXdpq?Xk(c2sBygi?gN_A<{;%8r?*kwM{(s^d_))On-lXe4=Re^}Mm0|O ze*S6sI)zR8ds2={E!~@#x*aAK>q+GB$C+tQEApu1)w_muU`(4kV9(dfT~a&W$MhDk z$Nrv&PMDP`^G|L_Y?3@tK4r^@{>hhKs?R_FDwVXKJGcIY{=3_gGUrZ}s^Hou=QBP z2OnL{-BiDR>E70Yl~acWVdasH!ICyzutZLs0wId@U^glUEi7Z=>>n;4x_fA;jM28}d{WTe>-P)Pw7VXx!RANF0LK-BeBkRyWeW^$Hwk^ zg|kOQ+yljL$|If47h0b9E4O3ir@iPQT!6N-inU7bGT(dqLQ zt1{CT_Y=hL9n0wSFe~wRWuI@0@s5_k*Y`Tz-uF~K`NE1333=ry4N49QU!SpFyCb3; zK2ZLg+%Ngkn&P%!K6H?OdRRPh&ZEBm_4{(uKU5ECa$-Qqm!~cA_Ds6n@728n3GMo2 zo_al+D0#L||Loet0e|-w&HK`9bJgvATSyb%v=^?f>o&gq;CT;6QcTAem;`ldl^eV?bW zR}Ag5Yy9vz0~^FEuKsIauNgR4`?<%oBCoO~2z@llDBl zrA_Zq*{5c^tmQvl51!fHrQMato!-gcTq82y-k&v6)^R&Q)Z@;a#Sd{O?@hKSj+lql zFE!^<^2fJF71W_{G;i6E;T3ld z4DO5#Z=HT6MYDH<=-9=r<8}_cQ&3AgJ%}M*AMGOFJ+9NoY5`+CorCfo|7^XwWB8*p z3+F7mFrwmk$^GpY9){PP`e*R+%bP|!7W5#tBYMV_US3y>cD-o(iDrBKscgl*futOu zEr&UP!C)&`twZ5vGTh&L0Z@$$0 zR8{FO{ly)*s7dtnl=1oE693nl6{wmK893*y#L!C|1KC^2)}-?_OxHVfDMRp_hg&0NsAGit&g!-I7hyEojftb6kDshSu`ym@iO^r_^* zt^1f$f+;F?Y{tW)_&jo-Mib86>{B=3Doa^eck1YP^jc0Rg*>H&CG%D3B4y|bpDLT1t&S%>C z$J;J%b@Vv!4BskhJsbJnPPd?I{n9hpjq|DP-zgKCH!WSJxBUAzEjF1qMI$V^|EOC2nnx2N80*MD*rZBDK3XVH!A=Wl2fRI~5PS5B`{RZCjVx@8L%IhEnC*4&Qn={`$Gcya9_hs1FRbU$>Gb8GD>t zx@)6*=w?ByQ?~>C|Cuwo;@11D{4`zbjPLIoe|Y?F6+XwXJ^1;}*p1wOxU-t&qsGi! zbZ?8ON5aK{UxyHWyuY&UygWkjJyCUZ3`5KcgQ!^sFxJYLp)B@J@#kJDsdp7TQyD>QjZl-{QkY zW~r{~{nsbF9c!>%roH^UwczHZ+|1`QCJrS1+%>jA-Vgqr{o`S5vRRi_Zjx-{tZJ?6 zfyeY6b?LZfz_!&UsIDt*-CvMB_JbW?6^kTxlw3FQ^zFU!L z12lV!4m0mwEz@J)M@=*W!aEH0w1{3Vp zw{A(jdSyLh-`C-HdnRWkqnjS`S1SaY+3(To>0kEbt@gfpTAn;HoGbbD_QsJ7iLPh2 z4Qsz1D_G}wzy4F=i>B|>4!07&T~k*T!8v~ZlbEF08yu?Kb*rP(KVNx3yo=uf-pdo) z$1d*8Q2OrFpwcJT%4fMY^1tNkDhquZHj_f(<>yB#`|_5ZdQd#EO46lBO-6;aG#2;68cY6(RA&utJ5RRp#E$!0u16LP$$B|$XHx6y2j@?(YH4crs5-Y3jh|3lIOJRN(=RlX?7g47 zb3YS?te6oBY?&s`>+mbyL9$=kqJz23h;ftlH|xCV!SIY%sG~c_DogTrPU+aKczp%Q z`mx@|i#3(A*Yr%azTrL|Hg0%fmaxM})~99N#78NC<&z(z-dJ=zf6LP4QyBFgijOby zI=cj%7H&*`HUUo^iX81PJ zLn8;z{yL@jAEoH$ z{p&;EKFZUz`O0tY zGG9NKcYaG|URV>}`K68F$U&LcnU`Bb_Wx*=*=l>8sbhRS{_Vlq;!``4?w{c|t5;_J zv7#M`@Um>){qP$}Bh^76rd$n`jxk)?Z zSG;?3e`4P5^6%TH(Y%wY%Q*XOqdP6>cY*bD(yZ%eig?Q}<~cjvBNggS4%(qUnjl$E zS3G!qy~mc*Yo}hR+iP?OU*7ETDy#NtgC8$XJHC5dDhrI@<+^Ll&+Qvi zFiw_yx41!i-GPQ_$1`$%(&~kdJ?AYNdbfY)YX=s_bCEB{ZP@aoab|;+<@AE@xe2Ao z$D%)*e+q0mQT9;S+qV5zM%Slx{ZDkpFZiQ$V(pugcS0|Huj+iMlj_cPJ~6ig#D^7& z>NjnBigmOoCMni-Xg^r{XW=gJ+%saCu2?4R>2p){yxk)RC9|6Kpmxf(MD-QP2fnzU zoI7m~tgiifxx}y-ZRqH{Q`EBf$FZgzkMEXw_Pal|c=Pbs9HwAmP)wWr_3O5%zMw}Mlh5y*o^;6nMCP6J z?((=X#c>UOai57p`At^O*vMI8xV<-aZvKVg&6jj;|E|H&?UIL^i+7JJrk__HP!yq? z6~DL_B(43$PM!2F>oGa}%+TPIHLa*Br(27>CcD!b3$8!$pGkUnETe}aPkH+CI@{r>*?(4aTvyB|G0J9Z;!Wo>d@Zfa@SaLFNC zQv15StFJzOek=>M*C6vQ>E7&P&ubs~P3{*3yHEcbYC5I(d@EUdqeqQuaIMkgya_9F z?8g=_5f`}I9r!$L-1Fk3^6kTComV!Zk(!hieB~@noi)Ac-_b2As}}U|V}`Zrx^VDQ zVddSXf$P6k;5P)GtXEHdKTUhhJS=B+Rhx&urW#5`Yt0K^43NK*{mET=_SN5i{a8O$ zH0a%>^j{U1D<9_DFK8d1U)6YWJR>iNYM(p;i%tD9Z`JL(Cgj)$d9R~&T?V~>{IB6p z&fh8YYnO7$=Q!CS{Ye;5>=U3 zx|2r6KK$u_dU0pbj`xpFH`_OH;+?>z9~TR59LvZ6Z?{|S-IkGwg1mo4~~S|4ZONhl~kK@e$C5_UiO-2 z>};HI&7QCMJ4B#N;HMzVpkn3sadRdf)AK2jYC1sr)mf=;DI0_j{+^T#$Eh>EK~+9)3+C zrw@MdVrc5koGlfFk=&nWbB7HZv~<|Z{Cr+1yrpY%>#rhsPG2#UCS-nEqSh9$Ab~JZ zj(LCw?{ihV@q5q8ykpk+@%$XpIQ@djw)}t9lezWI^o-QJ9OQi^+vh%B0{7yTzCv*- zZna$exb6M+@7gDK8mg_IRKEL)Ys}R>kjsmXoA#H&4vCm4T_@eGKg|%hc)o%`I3jQRBf!ecKv)y`SoQI7(_u z+%|DN7@5{h+y42EUVe4U8pw0p9k_JN=G^+`sRmV!wX~pY(YYZ-T{@9kih9Myiy(tH zHg9OFmiF>p-7c;fF{ckJb8GU`+$moNnlG-lsaVTC?H+q%Hhg|Jy#4wg<9}7J@*H0< z^38x|orX4S<<@`wxB9}bUw^XefBdV%U~!&ui0MpekBkKySXqspx*~I2Gat=vk@V>L zHd)=v-N&5aFF!s%%=_G+L4(C98ccF(wDk(CB|L9l`mgU;e|6cs=3Ov_8`C^4dd02L zmYeh{%<$w^-BWKpu{Ubiu&_uFArA1qa-ZIm&O`3{NcSf0PQ%90OQt8F<2BXEIw`i_ej{;7KSBNCl7^#qqWCi=UsyAuQ}e8? zqYnLrEB>*-O8D50Y9t#uaz18MN;q_&VEOHvN>^ zVkxoNCf@QhdvqtSH{w6|<8s~+{}b+~jN#-#${p4~GOX!M-~76{b2PV8yc*IB^Lu1` zZ<9oDjuML(z1Sk(Cf#1Vbf9eed&r@Uu6H!eTV%b``-!bzaG%I-5R^+cFt;W3=>G21 zlwo5E*Pc0*zppGC-QZGA8V#%%^;!DFTIZ*(Pyhb3RdvvP|MGsDtb8c7!GV5W=h}bY zDP#>ZFOWaZtlFLU1hwV8{=oAN>dDWVcVFOsUh9j#oSix(<ydsx+%KH{<6#Luux~Ce;sRTZD>?CR1k)qxMSMyfBHV{NsGI;(()E z|MKR}#JQ}@Es`u%6qj`txV52I=ymQgT~vJjJQ3l zq+rUAuZbt}g5jr8`kumbH-&p>if61$8J!BxA$38 zuC`nI^RuUxX7w=q`1&dFI!uRcUmp~>R$ZMF+PdO^uja*#!G*tIA`i&!F>+GjbjJyD ztIV&pcRiA|qv|DmBKseUUD8(Ztp38))=tS;U9ij>ea;5PHQ9ahm5$wXyyx=TdfJ2T zoo7zU#AIg22jbM&hlYKa3!1D;KPj^&ed;}7xAp+H-lS-E@4*bx*jww4=QlgObn|K% zlmN*0Q^z_US8vE6P`-ZlK{`3(-N?iHq9c;8?c@BRzlW+U+uM3l(+S^4xbEz?zimkQ z`vE(r`S#N(b6V#0Odfx1O1FIdY3V3_7AkE`!#l9FH9XlRZSBn0lfTstB=sq>Js86q z(V0+^-u(Uq&7KL06O)5-u*uKixoNY8_!MBL7WRp31Ia`vRRyR!}by4TWcM<&00 zkanYXUc3J9&JR0AN+^YQr4)>cyz_z~V{KU`b%KtRLb_S=RMv3zx*eK*%p3hj1%8h0 z@}~0Qr9EkrnOKLhB6}_G zNSDne-mLK%KNQml#b?(wJIQ{A?%$+cV$*Bgh6lw-om>n1)NCHXBW;c>KkQ4MDVRMR zT&*)UQa^9IMVb?P`=^jLvsQ;~IR-&Si%fj+t;Q$0Tft@=8dLWiBb31kw4zz=0Wg-9 zE#n#uP0SY78$a7H1UGHmb;$ERp@+G`*&j#CUwdD(j*6cb^)hf6YS4r@AJw| zjM{pmBKooV!n=6x7F|vJnn+Y0a{a{nko1anCtinrG7rW*SBxzS`aW-OwCe zdct?5<(-R3?T)f86&^=Jk>}x$Ok&yDgv=J$4*I#Un9tlWb@y?!VdjB_+GT&Y-q-{R z(aOfuou(Xs98X9YR<)>0ma|!A(;W@*BXcb4BH;%`F?*k}>MxTIX%_v#n{eX=`gJm` zPm@yTl097xw@!K9!bC`%?y+7%Q~r5({$2eu9ro=J%+@R&AfZl6k*#g>SabC2i@}=~ z@APeiXmw`O1?cK(>KUf2&+J*K2idd6dC!c-UTaAFg08-cxrBb*^WI11^i{owG~1W4 zIz40Defgf5rdGtC`B~&Z_11+`%L+;shKl~J5Hui??A{$uR0U7SH)}qe8P;N&!LwSi zWFdGl#&-Rx|3c~v2T$bpk(~>UFWY>a^{zk|pZKx5MfN&M1J3Bz0a*{qqS)l;^Pco0 zO-w8<-rq~R-+Hc@(~~w)w58AftMmCi50r7r$~r9QTmAChgsmMcXG(^b)lhb$WP5yu zo~4Gtjs3@_{Agb{dj83lJ2mRs%d!he%g-+ElULTO=Ih7Vr^dB-y`smy@qN6`+AcNq zza?ZAPiSjuvVLmT04TQhY3JIbyE^gwp2X^$j&pBh_@OLRu8ucBd^b&R@aiUX1P9^* zMyB5~prQ!o;zdV){Me1KtgEw*1V?_rOswqHQ%bKV8q{;n)Tngw^U>|!je|3aL81Yq z!;a?<)-Buf`dn=){)&Inek4J%ZEA9lAuo~Ya1GQ})x%7i#vXxUZNcb4w6O!c&aKbi zkqt!&nTLD}lQz^usZRp)sf}LUNW8r5R9V;5tut4QDvY6vP6*be6cEUFwh!|r=j{D( z^bPoKFNfw2?FK)3=i%&I>OZJo${%>9{WyLHvnW5TU7_3!Y0W`zcbRnY{m2@1-EJPD zO(a~HvbkGTn}5e13Ab2`KGCG=n(*bm{j;85&7QHMvA6TichxC7_QzHh->Dq3tTxb{ zM5rz{SGVk5c_DpWvwe$Zj^vK$*>jXBsj{+v?e(g4gZVQ`zh6x$n|@-_#ni%?x$6e2 zcB%hawyidsxbpdz>?L;}^!7S;OZ{uy$nEyqxvNF9>eNwYL;^wavWaC~=7 zS?a-^+5^)5d(hV(fsgj=%7!`92aUUS&@=v@YsXLr(0EMkO=DONWl_dUAFP*&ij}kJVJ{9CJweBe(X-VD_r#JHJ(Br7!)Q z)mYqmdUO)5RnFR-;F!qzKfSU^Jdla8Z#m&&7MVM&|4Sh%-#VzCFm^=hkhz?FnE~fPC zsy{Y+4PV|Ic`IH=P59*Ljum9R25;=TY!2clewuK8=uKUEDt+dtvT(GDezwI+9O%Ti z$fP|qzQ5ezVp{GL?^y4o)J1)Z+IG!6xxMt$`Ou{UIt}SzYT-uh0ei`?!0VyvJ)^oc zGH9aL&VKr*zbNM&U-q_H^4-2m#%$bD-#oht>VbK~hCRT4WMyUz`|@mdI;r3&GULp?=vmC+8h481$Idsa7dszVR+D0}4O;X}tBo(W0Zyj4AC+ut$g z5xb{$5FM$v&)n(dm7(=9t=yI0-;c;4j>_#|@<%!*?tNa_JEe`eF1qqT z`U!OLtjS+%Bz^krf0rLxGd$Ej*uB^6cZ|8^ ze=N?*Z+bVm)9y__Zhq}W-wOZocZh<62%B;n|PAlRloA|L|?* zao@A7zU!8wF5-Dpp9tEQFEsT!HD~0-5xC^L+e<^dZ-uo((oPi|?d~i=f2$hv(Tw&z zI#oI4SYq;=!HdVNJqWLdAznY)ynp24-giS+j<9`scJ7t8Y?vml?0o)o4{5wXbkep) zF!b>Z%*G#keh>YKX=3`NLA3UDb*p-{1WTP3FHkpGKC$+dM6|Jqa~%<5OZwo9Wj2+s ze42@(&)w8GJI644^yR89hxZ(-dtWtUDmTi{9a;Q=Tj08@ENNG{dYrc7^iJ#kT2xX{ z`}%IDd&!kq-E9{d#NXT_f9gJMarbi>Kfkc1tvE0RAQu~p)-Rh?!CPxSGIRJ%gD!h^ zqsQ8^l(d3W<%)`tt~h!tW1^&l*0}4qokeK^`l& zklTKb^%F$o+h7u+8jkE(zhBy!qC=HkuU60O(xomV{l;g2Qk`mDhvr?@t-15IvBya|s4ershN5YIcE&b8wf9{=O0zas z#vM#3Ejm+j2Fe)`edn{q6@yXttEcgH-|r3O8Qe0bkB!+IhfG%VYbn7J@= z>pR6zxjFHU&_gaxwl&^;yeRWP>d`5a{{3T0N&5eaP#NEK%G~^wO*3I=EFF4}it27P zsF#_eZjsqEab~lQvm3R}ZbE^~jd)$_hABU{V#h5bR_GwVT$lH~ zRBsqAd0)EYhxcCd*o4jr%}R1a6(63Qx8SSQqnocIF7?r}Vd_`@c@I5w#Vlg;>$7%~ zw>PW2e1{b6L%o!5D$9RzqD70+q7@an5J_)6-+4U$$2MYR_T{sm);{NrD$4kE^y;#g zb7u)x4m(;$z26Z1_{7SwHANq)ryi5c48=cunR#47YS}GNwrco;x_6EGq>!rbJb632 zpkLw0XVJ=Q3*PDf`Eq+*4)qej1YAO35EWs&3KbbL02b*K!IC(+s&kZ0L)} zo0g{U>Z(tku|wVV=DKdItnP~OEo-`el=M92Ju%39$HUc9IM@8+er!D$Uq)hjgO=&t|X5ZOK@6aQ9{0j6*D!#km-@g2|+pYf(b8i_| zW!H9%3J3zy9Scwq>F!2J36U=8l5UU&Nd*=nNSAasNVhEM?v`%phHozK=l%|`G)_3 zKC^m~D;_i-N!*rXpxv4x&{yQsk{es~)y?tXIE0NWn0&x`tGEB_JJyp#CyFwWG%U8h zpHXF>hwS_AYAHW-Nc_s)NU|EMVDkzr-@8dM+2s;vBSGw_?hMB_95=QW@lQ;`LR)J5 zv~<7@d&$bj8>DS!SdI*PC*HVR$(s$p3KjicRuB!d!z?80=*gq-eB zQY0Bx5N)D<=$j7Obg}NE?fXMKnpZJ-6Zo^D?k6}lpEq6& z#fr-$3(>r|a(i{P%db={`RH2UtfH{*A?)PpsGPs)6Vr{qxe#-cCWijAWD7m^cJ>vY zE#`G~;uw&&8BZSVB(! zLni@>U4P?X+dpO>0l0s{#gVBkG$-+_pxi4NZQr>>YU$4OS&dmXTxBpfYA{n-+~W;;qUi*Gn!dN%E#vc5l9y>Od=2F*wI z4}OXosPmCky!=B)zI)TA!*iVBFmo-Ej8>~HU01cIS%BL`Ov+(`y6lqa7U_`gl@cOQ zh65#ylt(oaw($)zd;C3iL84t&lb(s$=Ep>24lXa$A)0fU{+Z%*dqr65&jSl+Zv|h* zj_d*MG_AuBmKfyR`!ZI`q|!2>G&Nh}L7Z#{c&y5Vy%!KD^u`VlON z&G1!rP%Lt1;@+GF{)Am3^-A^`1iNVpI>0LaJ`aDA)Q)bicyN$tQsqNkGBXTRHGUQK zRM*oPnDMQ@(e*%Jdb}J(<)ibH$)0JN;Z881H$cjGdFtRxiv;PI?INMH?|iT?)f}jI zQhi+*q~b;$OcQze`2Krd93zdg>925Cgv>JY4hHK>2L$!x=7_xE%tyQsGN^uw*QWus z&rdz?UgZtfBOE_GcKz|vlNZ6;Drw<~{aRomjE89W7 zhtNHx*CoSh2%H_|obB<*P@2JV7d|~+JF@jX(U8bzlFDolB8cyg_Y{u4dhZaN0)+B$ zt1h1?oA+4aLod4$s2?rqmm=cj%4DZc*{wcz@&1R3LLQTUdtWDlHYto`{{6%F{o&RtwL=jTCW>L`>ZZqBIOfU}K4=G^HP)Z>7ccGU~t#oB7UkR`uN8 zI#Sj#q6D7sGL+gzTpKa)dO%Bcg+lgMM6x>2F=3S3F$XlpD>fyb>k=vB}`M=9bB79A; ztQIWBgveem5rTc3L1Bp<*3337MVZ-J9%T-zu|b4UEyXWmrbv5FEpat^Q?DJ4w=?7% z2tijZM))7X`lMd6vX54M1B@&iq-KrNEqB|0h(J_A^!*~eA8n0u=&>tH2^HHM4n%IF zMD_Jl>GUTipT`{nl;?YEPQQ-B$&>@wE#qyFu$7mlTBGrUEf8U?!9kqmX6w%}w92Gx z`gZhg0snh>1LA;*y+WucjnIn$psaoj|5jE|dyDoKnn4+*ydd z>cK*nT{2Sj0#Z}sd+xG~X@M)<#`d=(?rX)Sb)Lrp9+S+G*FS6-BH5cdw<_1F&|q+a z5(cq08ijh>F2PNQ{pVUV{HK3rvG_bsa9-S15EteswtjQU{j(RyUvM?8X3k^4#je|y^e?JhC0P&)YdNFt6U0Kj9hKjHcY55Po+Q^ITLma@TB zJhwU%O*9cw;9d6ful}U90Z2X0N-krD;hk;=SC%9l zvt+{WO#!}{c&YjyH2^Oo_{yv;TM%60U+mJ<1Wr2<1Z}t;c-Jcfm$R4yRMUk>Gm-dj z^Dx0z4KGc$;EaARaR8Ps#+#F7!wb|u;O|tpg+l;b&OQ_T$Cf~+9uIz!7%lt~coT7n z%xVP$vaw8`{QMqp@514|q4byAi#IxY#1vkp!Z=WVb$!xOuLbXwYlUm9^Xx@#(n33U zD`$@nz7B`|=%e9~rPfRL^CD`5L%B~0zHl=?ZYPFIUVdu19ma3b6AgY0ll-q5OX9cYR!_3q(fn#o! z@Rk$3tB1dh1GqTmgOeOz>STHBAqIY!*DL?^XpL7(Q(h{}_SVh(oXJ1&)D3ItaRY?1 zz#9k&#Lm?5H(u%g#Hs~0fPrZuKAw$6(jH3$L~(@>l9iXptCdSH4{e;m$&LJnG-2@a zJ(*Wri&@MdZwtp5yviui$6oC#+eX0=wTQ5iR2PduT+o3OO1*rOfGA+jB5(C6 zP%YkdyVIVS(ZGan!jY}P@>k#5&E2i126wKGAizFeGh)tu2Q8v_M*0WO-x%r5=lJJf zysfLYZrbn4#&aKOGHXNv0)eR9f>Aa2*BmU`$;U6$;ngh!LN*Sz`WYULAGwpx=#ZW4 zqAIIM&?{$oCXH4=b;L`XQz_HVAkS-RRQ3j)gp@?rCaG|C)IxSi!T#px(rK>glK3}` z?8gsi_&YQS7PH=02hjE50#>SaDhTrX<HGcfe-&lBjywt|u__pdaA-4aB zdW#eP8PaJyqSPJJl<{nepxaP}l9X%0vpSLHDfZa+%}wV3V1LmXDLLI$FUk@v`_&eXqXaX4Ij<%N(eS!oT2nh zdrr`|V(F&YCo}uL1Un{ApfK9k=auBmTbJ2x$uwmekDe=hBa5g%Q@M{M9*w%AbJBolRPdVyF`M46Q($235N-{6oFdXYz%U`}|?=zFp3`#Ipw06rz zltKVMH;CR_1FETpK%)^a>MK%XJ^e8Ro9da*%|(viN<6#qZ@_^BIP{~dv%PC7nKLfP zy~{F_8ODClBe#R}RgF{o%M-M!Z9$CJ%0A(bVUY%Bp?9?om(N6)l~9VWL7YPy$zEoG zIalwBEXk-Y{mpD|xKxQye!&ry%DfLxh}PO|^f&+e8O8^I?h5;yZ(Qzh2x)Y`C8Mz# zlZ>WBYU4i`O~+&4vi`(f`SH)y+T*dUA&RwaUhx*-x_8uSn>CnG%4L6|ES=0D9A>q zl2vvrZ&NK7!oY1Cp~m?lAk)3UROFF!WpdID|+ z_jE|sCJ`|kE~piw@ZQI>G6%EHr(2tm4rK|*supH;ZFfJj-+g_Wasc?)?t57|VBrZx zd`iH^_}{#H`A0B+fB!${=P*FQAi!|ln;`@QfXBfmiX9Gd3_rino9lV0*Knx6!S1Zf z48Z}x>+eoQzxANX49m(hI_>;mkAvxGU-tI{vPDUP$W|NjN>33VZvI@6hSRorL~WAd z20C_^Z-;hgA7u5$;v3gjzf72kAk3Qp%;9_v6R8G2rKw6o!kU}f2aInPySf8B+43Zr zPZBC{kY!`V)2_bZ0B-P@o;XbTioV1|dog&#f~UiG` z%p6%X27oB!;W(mhn^@} zj{Dwpz7FVMpqy*U{_SGEE8uUEKgxj3-gdk5)HvomF}<%0Irc07maf`=RYs)lu(td9 zx%}BZ`_RdzD~SM6&2G}+4jMA-;Q>cAc@T*{sOm0e=?3VGx9NjycE)nyB(udvW60Va zsoby)V~yGT{b$;+)^gf$w`Mzk)>2a-ja%@<4TAoBhq~ zps1m9+=S+bRmDz)FKibc!TQ$P9K@zOJTGVQ>V|E0oe5ZUw3-wLS;aXwU(-Mo=kElS zb9(a@3Zv)|y6ziwf?VE%XkG?}6EqZLpi{2INcgDF6(n7R7{?P!Q|g+?{&R`mjDw5U zX_Sw?2&mN9FUJ!n^E*DcJ7q|J*Oar#Wt34MjaP#>8$8+s-8oC~3D2N+HJBYlrS}g8?DST)FFAjGr4@zV)eDnA?}eQ3 zbPIjHw<9r$6S)>?f6n%&CcHSaQ>OUIFfO*1L&ejuL=&URqG-yff4 z^sL;Fo@9K)5`c&NiXOg^3fCmyLP?$AT90b_L5}2Cy?V>t@hdH*dR>#*qLM(Lq0}hL z+;?wShN#hgIG;30_ytS90zvD@>$4gsV!2P7eBZPi3LFVQYZA=&1so_zcNf-M2MmxG z1N|K+H2ikMu+Y^AQet}($KDgTm+D^`_1u&Jzz^kRg6Jz(sgw9}95zqn0Se*J1s6u36nViUTJNi2 zaqxd#de`p>zLcSBp=Y!{Lf%Dqt7u^wX=4^>oM~QYp!skmxHMTfh_zr$weEB79^YpI z3(h5kv?7tev0}l2*Wy1sg}*9v)bD=654P#Mcgy!y zyQ6=l2=Y=2djx(s6fwapQ`@x|q%h`oOf^QN5Pu-Tsv)`d+~>mqi?(kRet31Zbo|<| z==s==ybck!$B98VNm^e3bA0zp#z?B0fJf*1Pu#bi@4G4boGpHo>Z_68lPFr-0S1`K zIz}wAg-@1T3;ys|tTX!oiC}<3*;a)&B4BQx zkd+M9^nTc<EDwc^NG3bs#Kd0Nr5W(D}v5L3w1(6@VApVVPEtMW@ z{>ugU8|9K6J%>2SyOrDr1y8br6Fs~u5X{6Xybso89n3POeP51g&9Z>$o?i0TTEZe z&_@*#NQ$BnrBI~)9_yTl2QumZXIO3&1%ixtRRn4zY8!H{_g{KrOm(FAA3iU7i3Vw~ z?#X^i3mW43iVH~8N$a>meWS3yahx0jrT{z(M=~Pa zR0in-U=t}sm7!M-Bv0*GB8OwZN+=7pW`Me+SKd801)jiYz$wW|-;0Qzu#Gu~vQw&x zi9DtxSd^L!GzJCa%GZ;+j+5f|LqvI7?Or`5~%_B>bIx8T?rE@b7lsR|@WV zxiPdt4JK@)qCbfN4oG}3IdF}F|AtSv;AB3;->=pF9?b-Y2TtK(RfgXs_{?(;=|P33 z&`;ngw8^thjK7CH0}tZxurs;<+zBiLXz*p=A=H%Sud#uF5BS_K8bV3s|G*!XD~7=q zig={O_Ddp^6m-rLbO|va6GsiDRr{&)!b*&w3@&q@2>9EWbq(+&H%^;}xFDSVzo zlmt|E@xR$RDxeub5Dv2n{vHkYLinetZt%=q_n1Bt7i5^&41gYn{h3wwubsluGte5{ z=UJ@0)P{u3Lf0Iwhmc;fzjhM;X7$d!?*UUL;O_R?c=cD*=18`j{Z&D0tJuZ$^-9A* zvv?$>@SIVY^D}f{$Z!ZDx8Ug{`r8ZtA#-}wPXMk+6rY2U#3wvtkh!$qUY|$NDLoSc zbY#GvRJxBO=PgmRdLD4D0NUd1v|u_0A0@h=OFbvO>TS3{;k*q{T@K-TG?7fnu;Bgq z2IJ09T-!=<0X*bzcp4mKCT#DW?NA zGSINoqF|B*!Z8T09Ol(~tyP!dwr@NBRyF`zUO2)1S{{m+1JC@cRLn6twuEhmGmzH@ zQW(p-y5jN5+a=NYqFZ!?U@UlxkCLLQR|2A0#CeLq{dsa;7!L9Wr*N_N&7lJ$g^@WV zoE;m6Cw|mn9a_lAb)-%;togKHxEcaT1A+oKQ;?g8q+3!(PE^!G1G7%nGOr5^cWw%! z@V{f`4IJ;W-yLg@k{y5#nq=G5ytQyz#ic2HP8#peVA#_wX@ed{21NIatZFv+92i7& zKygmVH>Q*fH{AkB#UG&UIL-CSwuEc?%Q2jX63Hj;+F=$W0-ACx=Pt-tySL+$G()C0 zh%f*fFfmz-)q_V_*CHM8E8%qM%M9IM23%bmHXJ~;Ba?qhN-c#E!=!@n=mqq+(I2;L zDf1)p;oYBQ)T$?H-U|NhKJx&m8!UPZ0R*qgiY&E4Fm95}4Z#dyU*84>0&QaQd=q~0 zZ;QUQOUi*+YFyum&Ie$n_L3$;AwSEhl0sSP;s(=J_WN6KSe5WP<>L7=`rQ@0(F)lHRRva%U2~xB z1fOcNF`~*I8oeq5SIm%bs7JE%Ge#@4_qg(|$!IP2QDL>;U9*>$DF!8#{~+e2k-e^8II!uuiOCZAKhh6yI=!-8sDVKe!V+0ggiA%Ym0 z9|8MteC!9ax!7caz!kLpxL7CWU1r>rqqr{6KD;wZCtd!~mm#?+3VsC7bvuv+ll)b$ zI&Q5A+6}EjyBmc-x^(mlmSJhK!#7}XohE^$-GAkt?$7?74zRw^Xu8{&7G=v)(|uU7 zh`)T+Q=#lDIdZwf4Gz$>P+zvuOzRED@ z(81yz!+U<(OPsec`PkHwSJ_6F&*x#K^a(7Ym-x`)6UX~`JHFp9 zM4fRD@oAJw2Pyb*&hMK2DOb$=#DwattW1FJUh9}h0$>$v?!8aFlG)|#$$fSC!W6{8C#SwE~tn!Eo_5k$aOMu#QE z_O&JBA`Nlc6Ok0Kl}LLMk{$k@R)NR(ix}7v$sf@Ec;~KfUd;0W?Hxp$crfTyHeZ4pxoc_w9 z^Co<2LTXwLXJXfym<`>Nr>H%airC=i)-0d9JvK^p9^4)xL#*3zQ>6vZ2o@Hpy;r|< zv7mclvCRi0wuIOR^W~P4pt$pKhnPu?QYj<2JZzQR`4f;O7X7vx1*hY!)FEH!UW=dbb*jQ z{fNe&vcIQSe23Zewc+B`MUaM#bJ7}3?5p%R6}~)}yWRN0X5lzq%00-gPy2->O-M?2 z)aMULOo5iZd)1HIDiW2N8IiS5D?R#+;YXI0)>=GNaxcPF?G*%DbgHoGL|LI5ifQRD zQ^$G+El&WE)poHJRgv(m+YrS+K(ClzcV%k--^*B~AWGXD5|@z-lQ^~*vW zB93H3z@?umx1=}ff@UsU7er9uy-)}qul#t2lrt0Dm_O?)-Q!HECiAMl=o94pD8#grP>uAjvh?5+}_|zxmiR6N#9A#Jwyvg@;+N-2Lku73YVmG zn@@9_Jgx%ham7V|_u*zRN(R*Xu*4LvQmLGWJp<3_MX`cc077gWqaSuZHD|a9e&lux zePWk`3?d2{m7UhFFnPT@SEq7k^Ok~7RM2(TesgwQM;NAE&kcSEwZuYf_k9m{NT>6X z5hy))Y+y@JRepsdUBhd)jN)vbnKYSr3}3IM!T+th~7Z5O8*GdTia07~ic zJaSl|N=A3ZTN39?w#Qj8r2SazqPWFjXxDnn{x5_fN?Y+gc zDf&glM!cd4lYcx;5rTt+a!H-F<120xKqGid;wfad{OViEE2D^0ZJLEifJgW^G1yzb z1&#CMa4pe8x$l1b=l3P&h1v~7rG}!d=-{d##yY&W$$6Xaio59JHnU)cUT*4p+)4Zo zWbiV`i|xjL!KnQzTNIkFxpgw_wA}t_kv+>rmr&~EkUp>5XT+QTpc90mx>>JWfE7vm z3kdBsA12wFV#p`*bLy90v)*g7Mb89k7E5}pnUIG(ANr68HHh=*%B6t$O|<@z># zHjqL7i&YSdI^W?WwvJS7h*f`QWolsB5lph1CZrPgH`d78Oyx;N&^6z#HRqb}99Ax| zkml8~&2v)2GI9$aRN{M6yBa9i_fNmlSTie+=U@vZS%<6p5a0M@3{MHAKBCdh|)Qb_0B2VCK*HH2XPb{5wMi=P@bFzcWKaZfL-JB0lOlvaT&~95R|xT3#h1u z)3I67Pon-jA<|iY0?m7XTg~izUt-JpYy}^F?tcFD-MnC<=RM2CiJG}5y!iNydU4q6 zZs06e8ekj3sxCH3@Qk5ES7}5$9^5C%+`pEw2ux$CC+jG@P0A%fk17F)9R}3O1TnnU zQ#ioyLkfseZQf{p*sF8OL5AKJp3Rd_+TUH^5)|I3#jBKi-pa~vkCMtMzQcBy{{xCd zAPBD7=AENasdG5Ac4@aNeeI;gXodHms@Lzgv!!~CV&`NuxNPRgvEfwE!Cs9Hb5lnC zv0z*lP&9653bYAmEpIJ9)W|2+0_vdDZfBIc-C|=>(LRA#`pFYzI;Po)QvJvRwZaUb zVYxUNRb;nc661P5^Z;l-IB6h}TD3TPmgBGHG|P)-23InhZUYB9!rufwLTp@ipcTMg!JOZ89Qt3NYW=;R00jX- zR{h4JcrZpAC?_hQ!PvtHRVe>ZDkP@c^~Q#h3qBW0z=X1<2tWy=VM}A*z2VC~oQal3 z!0-`XRXi83#o)W$w`@l_$r3;w24W_nj zmneG#rPveIxqD?m^0VT#sKMmS8dz4z;6`$aRQKe&{GbXEtNUNXL&DF)AROT8izDiY zvlZ)7Jj!$72bNYbdFqcq-EnlsI8&|x4NGj;}11i=``ei=*ZoCV{#D_Ue*QjEXT@k~B zh+q3rU=%$>68r7?>0SZr=w^|-bDzQHwA{I%OER^~=%v@pz`$z}K;ut+sFW4S_TP0s z)Q6-0Qx`;mR}3p@?~OV~^i@4G8>*x#^`1Hzz^ex!1=27igr1dF%SAe8mUtgtoig@O zam!5S2dUveS2`69MoZRSW|rIUy8Y762(KrVNfn@&`KKO7K73ES&-qV9j>0>KY3%>p z7tKWv5P)_m7yUC@oVF|4tMVo=Vn+rk6)#%u?+RZr0zGDsu;*F&`{4{gbR` z4uRo)0CweRmS-GMvT9eM0Xx2NmLDieai75Tv0 zip`+)!5V)J?QRF9VpT&`S#0sM*9jc82gs?$wnA3=45IbW)X%I8lbsQwtQm6OjN0rW zQ-#!K2mHlZHOR2AF077W;4?Y(`*gb=c=G&PX*;vgCVm0Yu$`I6zq{R0lPK@uehbLg zGbuSC)fN4jx6Yej39VjPg z?+OOsd;0!NC#q)i>PD&lZZ{q-R;16S()8mzj@z)^0RS{9+rE3d-BWcQq|GUOk4p8M zUfp+%1H$7nj=k6Ux=WI4ak7BOLx|Oq9jTMNW)5%DO4*^=1uDucSp09c@c4M{AfJNZ zfFA-fs;~Ag+x>)c32taz-GDU>Q+$6cGxW*?=)54{QDK{H( zzp`HCCR6Ee2+#D(ztXAXmMiexflR}>SRGQn@)H(Q9K!DTL6k797f;kd`2-_5NJvul zNuv;q`5Mcq;Qo=Dt+CiBS*`0~(RQUlK6)sTuz<&#c#3C(<;)H7HG5at$D2H6i3NiY zn2S@+1M!z5rv2ab$k!%cneHt~iE|QyGR9ym*vU3zm3moX=VFXS`(CP>GpBX^)fF!2x+_^pmGXo#8=~topyldx_D# zIvDI0o0Z;@0`pau=}h1K<>jUZI7jQd|!2hMzVw$o%{giOmYCj_b|OY)ICpV)qs zct6)fmHLm7sNqp;2RI-|-1zY1Cm;-_`v18GW+(d8b#Pi+qb34836>;`!HW$@jIEGP?OzX9 zK5>KS4oX1XmPYM5TOYeZ%0;(|+lFfqXA|U-CnGWAS_M+R%+KAYsh}ON9 zjIu!yXZ#_7MwFV%%=DAtnPu)wpjtKf?i1V(`%nWU*Z+`kgu0H(bF7#`c z4*#YWsagt)r4|r<_7=dqJd(~J!7*YPKbF!cl7yf@1t7`oOjG6onfBKDg^u6o46Oe` zv0!<-t@;)VY9&u%5J4Px5sT7^`?~JMvoJ6MDp3B?9B<8Zmo!CfvQ0r}K2V)2iw%fR z+N@G=>En4SNnjrY4lH@AG{Xk>SGekr2PylEY%koVsx`(cR!kms!f#5Re)4%yyHKwN zNEDoCV(Z_4N1e1Ft*80-?rBPX>>c1>k_kV}gBUB1PfX-TC(0A2d+3k`Jr#@L3-DY! zyr8G9EEt)?5cP^5z!8%o5D@xJrGQufPYbSp*IfjoXNUV6Q3Sl~=i~GoQ~_#6D(IG6 z(BFdqzoU=GFv0L6+m?c4J3}8Qh}qW@7|X|8;F-aj-XUf*$WCr?6%+c0AVlpRZbbH` zpHgyl>x9pGpF9IaD2Kq+=$;p#ilf=`37>C5QO81yfUWqSBYCG@_i&HC$yOu*Hq~(Z zXbkw+@{xP>pMGmqMc1^=GwuVxeRHCt0=Rpn7uZqI;*!}0#eOP-s_pdX5kSUuu>O6* zU=6We(Y}@hGmz78g2$9Inf{U+S5acen_({mxJQ%ZG|Zn7UFn9rj%0z^($knER$M;U z%B7JMx~131AZkSG6iRr5WK@|0&QVX2 z`zH9v`9C%YBkO;^U#Kn5mxLUyzi$lS9`HBD1+UF@y~726l8MV@3Ci;Q)}s0`qW+wM zk;6>*pN{%}ZTKUCvbndgBD}AT3iq!;=|Sssnx&(qT;~%AhkAOqu!-gZ*!)-hmr@5g8 zpOeEa07HdaKE^^?f;Am}qqrT7RvpHRTH?%LQ%3YC%+xj>qcsU+fUWbx-7Y;SI|QkF zhtxGrP|5PIyiW`^a8G? zVKi6#ew$A9w$4JwJh4V=<7D|Zey)@eu2DExXc32TAP-xOyff+fHkf@&lFbfm$@>Dq z<;`Ce;UP1@tE)GTpa?!V=x^2*%dGPjI2a_Mpg}@n){nOEH7U8sw2lco2gZAcKmt@0 zFMxHM%c@443dmSi=8wJusuEy+Jvz6$jhF@Qdz*H%QT!Sr&ZNS~p!k8X%x5zJk@zLh@>fd8lw3TMsTp;uAo!%o{06*^XQRkqD$dGRZI* zdFz!NcvW;ckCX5Q|2h^)AZWlh6b70UJ87O({?ZgiE1(#|WOZUn;3LV2a^3}KyJa74P??f0gvng? z0=Ne;;fo;zpBD2a7`M09<-I})=H^X%ivLf8|9m-Sp* z3KC+txSdj!exVtDPZ$`U$r3(%m>oBE?@oJPlw`^~{k)-jf4%Sc&x0h-jR7yt*9({X z37n@hu7r?v^4<6-rS?5+b7={8|Vx*dAcPCd)Dw@H3C&S2XH@l_@&5xmlA4TdjF<`-XXyH{`aWF z@`sJ}2#)nV?wqf@FEHX-u&FrSFx$`B&FmaqZ4zf$3?jU!`dx?eE&Js)WfwgP^q^Q- zd`8$Y$(cmpO#zqn3vbQ!Yq_Y@o8=(Kd;p+H-hrrB=bAH@G}WoVO;+3VOFYZFT1w= zFm_PA_a-U;GI02bIwT8Lo3O6kPT_OylZ26cnu7!o`;&m(#oNlNO*zIOy*3{$+u>(NP*#+b#$a&8hy0LO}iH*K0dQzZ2e5@VfEx9-6)E4^eJO3 z32(h@$NEUd;#>R*|Jg?84MU{K7|#1tu7Q(q#TuD%a=XK|D)i8L0w|IZNy+=bb_WA! zSPeq}W4b+r4?o>@z8;GX7>~rqFlr2Nl>n~?=pcf{wL2iEQ$)DkH3Cl<=pbNu@7Fei zY#cf$9ZnLp1^fNG`PM_~>a?#;=5G@C ze(Sf)GT13lG9#DLzW@{B>FA>~`#|v<&ztxvk0l}`m{z4}Tv;e8TI4SVQR|r}PQj)ydKTSw<|KP(AN1~wMuqIODn_xKy#BAwlD79O@j^6GQ5z=WVz>c2mygIwzydw*p3 zVvS4yjb=_*w7uBOjO>$o+QU8hZpE(-Acg`WtjbxTE62d6hJWVw%_ZQ=P^1yFyqj{k zP2@f-t)ve^CzSnD=WPqT2`SQmf#QTi)A0td&MRLzE-Y=Hak!;T^ZI?!DCUodCi3HS zV=!&;kUweB+Trd7I8iuxrLyXaz)pcX9r(y=w*c?=()w)%*ak5CblZ%jRiuOg9`s!u zyypRkX&?gk4gq$GLk5DD$~qVc7>6bI2|Ig6dUhe_r$o!|K995#Idiul6~8152T}ZBy)|TwmM9mBRsk2k%W=jAmO;tPs_?xY9&^8#c3m-`(T@be6l;8 z-!5p?EeOmh2G<@yN-kbKl%B+fcDEGWrNU)v5@5t-5N;@A|%FwJ%!Zh>&S_ zvlC3uUm>M~Umbc^77ZROW6rq6p-0{m$F6!uBHhaZPAY^N{)gB`4Mjt2nJ+-`!JZEy za;n$S>#ec;=vgjXbeKQCmVIG^T7$mqyw)4pxIzO*vbfspaAzt(;b9cm&#s>1h{D%} z2-NZy{q1ofJ@MIAkneo{)3Y%@WS9BYW-gE41R47l6uJ~5(yM}71hsG3kSZepYu`RY z(YuY8)Ac?PH`Tsrb8pYEoN!P}9F&8K2>JT0H~TcozPy$uE|3IU4EX(k|Ji2-mhi0_}^%}9)1>7@?oe%`1&~mgSIV$*4znWdArNIgZ-J_ zsHlqTb0oB8B64y@eYB zboI`|CV0zt<{#>l2lo7L8I%H!@+FM=a+az-Z`T#P+8)rd9BsQKWf@-IjntWnC-9qz zF{FL1pY?Zrrw!3fp67_<{%T{j_{GsJ#-stBt&%B){7<)zHeY)ScejqYAfqMo3zxGbAdkCF6#r=$4+{Wa(aZ|?=MXOD(XOB}yl z5u45CVs_BU-q_r52t$Nm(zU%?u@gpPjeC76SCQ_|cR%(*^s@%bG*$zU@z=(-oUk@7 zMk91gZi*z=6Su!n#(Wa@l)K)L>WRS}>}KYT{SvZM{jEjuj= z=&!#cUS@5C;fIso%LFy7rSKbP%X~-tWI0v4@*rR9^6B)|?O?@qBvQqGiq;YAPIT>3 zNyW6+P4sm>xtz=f5hjI=;@Z&lscVpNOHbjqka*DTPkGWw^MK2ZKmQauEFTi*IG!li zhInbRr*kN6=fP0Qd?_|_O7Rq_zWS?RZ|qlOIZ+OrM)Oh6uHk-_ZKaip3HKYNy3_R? z)0@5zWsMtWI@wAo1znQ;vD}3>jms3$p@{mhgclOaDcCDcuXys5Uhg;W5v`z}Ti%B^ z9w}3m8xq>Rp?VsvultNuA=zqXxZpK~R-;jb|H_2IHmX>|?Fz4gur&0RS@NL7FumqL zu9R4oLE}TtU}b; z4aT^T_NvYkP{uJI2(q%+*M=y1s4d(r;U{p~e&H(C*Il^W9F^c^(ksb9vv?}Ma#>QG zC4P+JxPo-rcX9Imy6Wa=RwUti9o^mY?7f9DugJUSZ^POh(xKrsj5r{O#_CiW=5f#T zYcJEY7bykEb-6JCv9n3d@f5IT-_JSJ~^4LWoWE6Co)H4!uWm< z7!sDS!}vyogTsl5Fl&ZexAY`huBk5Yzk{z?PZaK(3W zpDe(v@BK%cL3*L(2P5QKL%&$K3altt#fN<|O~8$(Z&;o0&01|t@s#F1gN`iGAjwvF zj_;e4C`40+-tghUq_?O#1)`(#H^9MyuWJu7$9eaw4|*$|WFJg5!OVVd?nKVsN9(I) zS0VQR=En+UL}s&|Nv}sRLtnc5$-9_vox;27{&A(HS)Y++zu0C5hQilQiF(_r+r06~ zOeDm(5FsqESkNaHQ{RsBDL!9Ilb{fFbnxlx2e5_rp(y>SMTSPP^nrdjJR{j_zKOo& zmxB1$Uh6+1@*(c`3nliu`rg%NL&{+Juj=BYK9z!RS~_5%T=^(2ht3Pp;Q7W+OfFDn zwc?0W$*4ze*N$raG>2D+sSg2``N-KRkP$SR>A@}Dsxs+L#f&0 z>B@t2e~k@H_fAUuXHoINtq$ikib+!z=q?l&$D4%gT?w3~UoA4PavfK1JsaA~eNV?{ z#O3_Q+8y5Ke{VwLLB6x`kp7(b?z^Ym^pT4JxiI~<=7YH``{bUN2Aq^hN2po`;wj9X z*o!9y-bke;R=>1=Bj6(%rp#|{lAyJed~~*&pYkIcaPa70$FdF5W{%Lg*)MQ88e~oD z9nkkxd;qJ$H=oYYp!P}l6SmrVsQcp^hsT$w_WDNkANv8Y?sikgQoog7d3n#dor8>d zn0@{nqVS*YpmZnm`;0CY3^sqg4S~u`P8_n2`fGz!$Hk;d*FR6pa)}S;I@3lOxe@Hd zQ{>;2T_f5ZdYql+kXI37O#Gf$|NefxAJd|k`jxn=pTiK>+TK`2cXS}Yh{(Ynml#5A6s+yjG+EHMsW_|Xf~S*IiKVyrWIXpsss@r z8kRstry5AI^Xu1p{CY8mM=+af3|>RbG?o;L3Ozo%Ur6u%7g28=7u6Sa56^&fDlJ2( zbcevuBPfUK{=<^~W_%7($v>w2&kLTogFUHjB3L?D zb{kmc)h?AdzOJ-yf}KmttxSj&eN{Z*Tn?Sx9{49~lE})~JRA6AKp1lI^wP6peTro% z%C5s|xLJ{dhRH>>Jd2faHqBm~QXgIu<~6ZJZP?Et@$x(Jzn;CcjJ{J6x^I@D*W^$i z=fTx|%c;N>Q))<(xU*4{=1x;#(S_exq&tJqZ_Dhm(6bGlQd@DZiY)S&md(9fjtERM zKg+YnkG;Qw{lsCdBda!)%*SD%63;7WeM|VWsIn(ZWaD)KfFv0;`fh97Ah`9lD3E=o z4-H++5qq{y1LCpQLxTZ1uco|q%M1;2GJA#Q_2C~ZuCrPO>^$l)DomKIj$ES`G>p?F zeQCUp&}PmV7~#=63{2UvgGOeCWCCZ&$92`+k0^yiQZL$nAg9WW-(g}=I2LZ7>6j-#>3G77i?vua(sd10Ygw{kGZ)P3uMQle{Yi~%HmbUR^T%DV5F)=#oVQ&V`+u|$#ehXMdS7UIa`9!DJ1+P?^ zFZNZ5NJwIhn|yn*ZSSZM6{Yj^Ya?HYPZXgh>T~F@$z$Sp}$ewU$_ z!Jz~)l!9MaNI+EqGmC+mb$^JEbs3*HLK*JvIYj!pnwMD_wK$4a#s9(3#@2zsm zmeZio#Cxj)&FBzT{|ma-Q={K`soVBzWrD{bemrLID%g^Tl7_}A^8}R7;D?{azAE`= zDW@Q)gZB#h8sSflsp}j95z5^LlESr_hFXhv>F-~&eaj4#rMx-HLSBrBhZNupX-2A& zQXe!tir~p4{txF$vvt)aby`WvxyS9jxj}S0(v{}d=9nUwf)2@)e0N6o~0jT{@l z!#@Qmo|tm#T}c?HMA7|X3g`>?kS>)>v2USEs`j%@Hw8T?Ntb07B;0MO=XT%BujYK5 z0tAW&>joD$qeLR*HcQ^WK2dvC+!GD(^7#wHVyPt>(|1hjNC$@^1!PZjji)9Jq5sYF zK2+k=Nc-~FYdf}yAR53&pPY+r3Dwc|(}4Yl8~iVYGN|jNoGUh^z2-k}NxQ36D21rz ze;zkRUS}w4^t9v+r<{?j498ktw(MML?VEftAf~C?2)FmT+{-ge6O7JIpO}E3T4PH0 z&x5mHZYAUFV`plg9XagToxg1YA>KLRoAWWnV9;~+E>|v=8uTTQl}*kXeswc7tid>P zVT(&(GQ^nM)?k8HyCim(7Z1m(zdj-Ena}1NY{AIRz4Wavh<%k1d*K_rKiv0WcKB(6 zwbCi&^Bk%bP+oqsiezv=#wqm-y zj>+t~W#!{1n5T=$6iMf{t1%@}IbNIJ+s(5A^Mosw!{*q$hE7aSHp3=y)*dXedL7a# zHAVCLGsAw%W6$UM517)`_UnT^g8}G^`cT6eLsOIV9{6#;eoZ* z{9AAWd(z=y@Xf3i`J*KOm*MBPtfij#*H@AO>c&aeS&cGYp?v8-4etK>5Qd4PHEG*> zo8Z?Y>cQgi5SQ)*t=}|o4cff(pFJ0DJ)a$b=Av1GW&}e^hU{TGI~^upYUQT67!x8t zi%8H&*d_iBtXJIdq-W1Q6Hf@--srdQmx~<|93t-{iv?S0+MutA(o2-0v`cvJ^CHdE zPfEt;1;n=!z@{O`TxyWM#)G%N68~Hk!`9RBF?-VDr10fguKADbCytTO{&tJ)obegdAvk*tQxId&2Exz*!^kyXH_yx z@~RZ6@63aYirg4eW9HGBoK{`yjEJ549Nls;3$Gw6l;^sf98W0Y)9aMN(CqNBpB}8l zQ&>~Da|u}=HS8bt2`&$3b6UA1D0NE)+HFkTpk6w`E_vk@1c8 zZ#eKeb)36>dh##pZ*#?_VFs1g*=JBb6 zM?FneFm%U$-9>>aMdCN8rq6oX)+pjRM2s5{(S7`|R_yP2IMhNxcqqMr>w$ISgW`;W z`)*2};x3Vj2A87^%WZzo`VS?vd%ILWxw=j)&KdqNbdnDmzRV7 z^W3J1St#b`)b(=c{CmN7``cm2LdcWF46?3mLk|YRIJl_BHSS~@M`OMfeK*q?avE+k~_&web zyUaxtT7zTKD+m;@z|OUdilueIy8~lpcFKg`zyI)v{??|qZNqEm>sINT*M~vUpi8iY z<#WTvVSMPK@3S$fXf`RFCZ%Q$is^ueU_@Wllfs<8iQ~_owy_XIKU;q@W7$WtopT`i zYj9k7(2yfyc8;|{KFKVTD#rM7l4QkRJkDb7eLarl!d6M*UgOUa|I*X5xKQ42a}#*` z$G@LcZ0F4lj@P!xkJi;w5!A$MYrKxn2$bdm)zS~-i&FVInWoB!o#*M{9%O|sXvuD( zzp}2)jaNHTVFD5+LB;NVHMv!euU_A8?1Nb#eEnA{O11;RGdmCg^-vU>K@lBmuzID?4gQNva{T3zX zw>sAd>cNdlmlzNFzD~d(6!%JhkL&v#$Xy#XmjdVA~kBtGMk75wDPo)+Uh_xbC{WHIoTh$~A0};6$lBj=Np{W%H?FacB^qUoydT@2 z7BKlUR-T;6qjk^uoLsd@-D0V=TPG@Fy5bQ#?)1mDy-$nRJ^!LT>h9k}Ve~fMXN-m4 zt`=zqtYr*7SOu1iLQXGRO*q&(eH59?F`dp+yJUVE)xQN*yme^_U{h)g{%O0PI?nBI6e2z87&0aAwm2Hsvl)r&rRsuLv zo_lgO8?pVVP@*4yc>TKG@<*mPJ~5*gi=f8qAjArK>oXUOt|ws%-cZf+CE<2cy096w zL*oOju6QquCaBagx23kXM?i^N9|3EQ=B)z86kw7lc%?$S8Uy;=lj% ze_DVYIV>$Y-+t`K#A^G3?%Ro&4(CM7_{M2I$Cs(YET#da_JJhP-tVPe$!A+iikpc+ zm0MPexwTsoPsANgRpgSTb)S9Vd$UlXhuHn+T07&72Q$!_(wd8v_}tr|KM(iuUH{cq zh;VnW3O4^yF@NVkIScNM(K09juu$g)wGFMA(LBBQb!61tHeGrBL2<8uVwT%Y*~2qL zg*2n)mC}%*b+h_iQSyFz8D#mitKy5(v$XOR1gU}`VQuEaqP@`LR*H`e^*^K-z+}WmaX~1QvGHamI1?pG zy?6(=Yl-*wSMcZsi2t~69=_)fPbw!tiWWJG^v$dMiLr#&ze~m4P<5krkyE{YaNNYg z^?vN=e0x{_N{Pa-z4&TCR7Iv2tj4hmufFlSY`Gp_>hvdPajOy5UHPz~pGgV2~Q!^!iyTi8$WZ zuU{jz{MUc5<94Ei3&6e`w$byZ<;N=k@gIIMV2Q{7ABfMj;>;+QrJ0J~ zzWLw=v(C@}%x0!I4ctfAk+y)|9uL4(W(G;wovmHnWwz3{|DS6Za#SaJ)iQ-~vDXc~##gl`Hw0J2^>PsL?dPL*3un?y6|>)W&9!mA zth&AlX!dSCd#!u;a`@W}7AS_NGq z{bU>_gdT7NQ7}pUypVpKalFl{c<%Y3)MmkuK^*Dif7yGH>UZCZU&A#sLdQ07NzC^V zmUpDV$YOo0xqObXz-7ztBe08Ov;Q5)XHer5dr5HAe|kXYe@$8Z0z9Qi91bwKiP=;& z6r|bV6%;GbiQO#WP0uYrQT_RgjVPxYiiA`7@#Di({Pq~ z6u5yY2(RpS5282@JL#Jx{f<4mnLO}h5Iu4T-gdO->?29Q&OpE55&JiANEl=4@< z+D?#!ZeUC^9Lpf?n9oBgLQH8sTJc(1Pw4vfOb(q$cJe-&3&sn}^FO+Ek_L1patQUo z6j87AR7pSW$!a?qnW*3KH}n3KTgdqer#Du*)_rS4Am{8`no2WRfy9{J46#S9VeQBm z(zp+l_R|GVMC&h)rrzd_PQCZmQTN^9CJ^sfO|8ty&RB)*6Nhg-&|m~ z-W^_ZXa_ca=kqsG|vBqtxz^h*y`!Az}tZB$D`tvui=0OJ|4mBYoFqksg zujkv8t+op&-sZLa?~kb96^s{f8Z^(+e-0Q^_bI*keED%Ddr!$LIC(l$l?;|4a9YH(sAy<0#$pWbH=6LUIcWo1>MJRf8Uim&oje|AO*a*r4D-g{L%YoFqW zRaII5)%R6@Z6^C>Dt#-@u4P|>t7iS9MYo(RkgShnz1x~?GC(bWs**n7G0I0k!F*Uy znIhpF4_?URbI#|Skwzx&8; ze5i%7bjvMS%%0;(1TD>(M+ce2NfAqa{@TBBlLT->hQLlMF8R$s6Yx|?03MHhS{ky; zXjeV<;Pu4X*Ws0Chv+`zFrj!#d-Xr;CtS&*mr^ws~Y-aAx(j5q;#V`JMC zYJoaAo(oC<_5uClCPDnbnNJ)GJlVxdrOpQ>=AHttLsB)3RQM=jA2_m5O@rUiX8#Ot9Y463Tec=A~6qGM40r$x`z+9!sXT37^p2w?qU;iA*A}_~=rGIK|=6O8h zmGa~{E44|7u<5}4RxSCa&_!itpU3HbJCc>~=h3IdE-=DM(aWiudrZBm9MRwhJXvg6 z;D5gj;IrixVU7EJydqB1aJ!Mr;NU4xq17k-w=p*Jb)6RQ+=~HS4jA*uZD_*8xZ!dx zSX92(_0{FeS|=k=FcXbT?Ek`RlfJi{V3G{{nkM45qUOf74P1#VH%_-IhnGqkc0{h5*K<=MBUVb%+*g2!&qEVwx0Oh{F+hXm zfZ~AtUpgiXHrq|dv#|*#fqKkA7f7FlkDQhu7!~n9agp>tDU&%{%T~&^FKrTkvh7M6 z+ng@#rS7>i%{>=*UOdVuk$_8e$6lVCl_dIa%e67k{a8(Q$fnEH4livQeeYzsbz@aj z@4fdmAGn0VD(uEMvU#0?t}ag5MMPeL&NUBM{C9&5J$}9Z0n}rQ1r71QjIaM-SYFVe z*6GXnPQx(YfAl7)i=atOKMIPgHnSE!&c>}Jpq6cvTrW#S%gD}g+?5|&Q zK(7uF%O1)~#K9qKg?Zce-!GlzSPi*7xQ6Zp84Ruox>=fc$GBvLu>?-o?ik9f552`H z2EXOF!sUF|_jt!~MeZIopSbsdW}`P!R3g!!WN2?pL*8++&oEo)Z&GdKx4imjAR%#! z-sb!#8a5ifOLHb_)kiIABU2r8xHc+c)()&(CWj5n4pM4m5Tb7L!2OiAWO)!LVgk%) ze{t>Xo3oc?rjN!nXh*oYZ}da_hdVFeAdlUocX`ds4I>yH@g>2C7cGEW6mn@7?4jY+ zHr$J#oS47cN|R6rj48VvXTYF-9TH~6_ueDms&kot8%#Dm3EFuj`Z>2;dajR`Wm`0}9&s0-|C2r=&+PE?O z+lyc!gyQ^14OS*wq3uRe-(UzeoHX+?L`SA z`gNhdAPk80$uQvObeBxeu<>*yC0D(hVE0xLu!G?qDD92qOz~-7SnQ%Ri39hNM9F;C zzYuA^Mq$FMl^Z$wwu^3Cf!Avo7;e0TgulGR5rl_J#u{#O?ZR0!G8utNj~^$7 zssSO};GDnU6|kShkCd&>_)7u-w=*GBd#c#v-;yP9ULdcx&jf+hSdadxqn-$>z9Es=|!!?MST^g7tE z@r}A6|CRhSAnX&`$toscJqK^jHz436YUlYNiO+nrGh?3~#j679%%YLMY#CkRrakN5 zvOB@i5AbZw&2U0|-^e@3vXUg?qSxLRer(v-aWiyZUAU|L=z25}=jS{cSGjKg!qG^b zmH=|!!c5iBFjcPz(zF)(KH6)|=LZTpBplcSV|g z;dxC;sx|AqNH(UC>Y*`=3|;K(#-+D$f|P~y*S)jQ_&(?Nx5;`4_jd>kp+$S^+n)ZpmX$mbaV3|g+G(2`qA0no3&%x}T z0#{dQ%M}k$1&XlXj#UvwLAl4<=@;GAQ^dE!qmmE|i^B?`?GrdQ;+7pVZie#{Gv3(G zxLt_+!DjQUv0su$51sj7(#{tT*ly8(YZ`c-YD#>aJ6PhPc7jJjKiQE&ZJH*O)w$9v z4Y!`}QRo^nYo;Uo1VPJI&r!iDH4{Z`&`HiULdWY79)Gv*|7j0+$#^YuiFyfF{|$<& znsnzUI!0(qM>IW$du~_YX55y_y#Yj9s&EdDxbZr8Gm5b#Q#Fpu4E8e)ju~=MBV|J~ zj`Z?cv(hU6YA<)w#v{Q1gU*HK?V729%{Qj+bf!bJu!i65IZIMJ0vMhw@Z_gxl7Kum zE&8JeM@iC=ruVObLKiuVk*a#be*|d`P;@X=3O`OBwdM*#x_fSE$bGCi4llg^BBf;} zVCOrxNcqiop|57i8~^<_*q^Y7PFh*uI(RlC`5?qY!x07_AC+srHS$@A1{LpZOMGqJ zrl?IdOG&Bz==4Upd4RHJEFD-y!52Rsp(-0z>)Oj3_8|8^`gGeZI}?|w!lOlDoZ>C~ zFsiGz)I41{$E$Zjuql=^3dHw*ZL>LF%GgL%^&$^*w>c)*K|pZI&@oe}%N+$i-B&)z z66x5)0h$nf${mGg^02@&j3~sr-8He6`et#~v-I%4zBvt+PLm31KyL9_^TVb;2`-WL z`US7J7tf#)okyOVzXv-_?hqus(#6Xna@cD3;PCvxfJO>BCgKPPkh8J&%9e0r0HXmn z$fU2mlXrUp8i-t*t`-HhRrr<=;vGCJgc@;IlU3l$_zW#NSoZ9h{|?yZoDJn!DO}W? z8X!Kak;JXS+om0N1G?;*uFf{e-2Hwqti~Q;bzS)#Teq#s7k1pbd+I5r9&r(1*CzwP zfwgnj^cz30LK2gL2BV7I?p57bzIHd|vaC5vczhM~y)CT&vjy{@8q_Q)2hUr z4WA`FXZwf$!pJ_?ZAIpB!mVL?tRjMq{2MU8!dJE?c`m66pbFA3^}?G~`-mwb_N|YI zNz*#!7E$xZsO+>zMp#Ddeq`e=csvh(Qt_?- zId`yy@!-N+JxovieCwSZy1kDOT&Md^e7ik@`U|&ZmnHElPT0vZaY~MSH&*Q%(>Z1n z6$V7h^JSt<+Dp)^F>kYbIAp}7_U^Lek(}U)$X3TXFu>op@`uuEB0eP=p@QjOrW$NO z4ttJC{V6HbGJ>Z7`<6I#()5cGE_hsL(D$)wU2Z-A02HoScI zu>L?)&jFHuNc5k_?=MK)*^w`Jq!Dz@>SkKBBO6=(2a*=U@P+$h%!bNW!zbmo<_{A1 z>wY^(bl#)rm_%40{d+-lqEWRx%#Mxl@<-xt5 zv+~%_7rt<9rH5n*J7U*<9vgPa3F|&Dq~vaM$l8bYhs||AeHGcGb&Sb)^+cNBAz`eO zSVw4=LhQ$c<*7LfcAc6NoAd^1P7M%lYfUOW{q6GU?{Qb(S%!IzMp{nBW`whJsD;UY ziQ*pKB$!@1vLS(aNN3XiUD}Cq;XIXJ9l884sfJU`sqe}Gx$*S+6#j)wCLHuQPPasDNF{36yUcE|G2 z5&V)>QPYQ7xz~Y197m}+D@<7=b@hB4whzoCLY8Cl+p2Rc1G8yJ1Zl;0Ry<#BtM*RY zWOW|D-#j)p-(I!1#rpExXV9gm=pIS&AN7}qOoTk#s?(YRt^){+YF$HTZuJ$V`%c7^L; zh$S925gB|&1gp)U;kFU%?wtx)2-3TB7t$s+rupk~Y(&YeD$&)Gr&!rn{6v(bg;(zK zp3>dtb$lJkA*!X5^A)=Xw(FAeFV&kqiI-2`Z>@NK`_$r@EIYMuoASFa(( zJ`WJq_=dKrmhJZ%p^vU>_~7=dgCyjQQS(Q+bRaA9ANAQd7mSk%{ddD}G=!muF@6w| z$qz3W=8udsC>`WWD-7#RB0-8+y{;;nx&0s^dts@(LN8LwFCgnAML;RMvFhQ=*%{aa zJXf2~-;b?73H<6{a~@Lb{^Y15riQ*^IkjT(tqB-r!oEINzL_bUcamGSPBB`=T(186oKSeM!xli7A%58aE{}t4fHPxAGMuQCs3aPdD=NR3QI z*}z1{yc$MK6$(gaUCNQg?G6hHkV&D#)c`Rp{1Zh1Yd!*Xe#E6i=$ ze8cLV_Q_!S9_650iJc#C*7ZE)BZoI{o(=3TOufKilh+Y6yek*O{z$j0?Ar?wAFH_f zyir^;d=!afm)fF!w4Y$#p^s|{q1&~efqBk(NAA5@`JyL&(dkxc?@Yw$^ z0ctV#eg5N-(L6jR=qKB(I6w(Z(vCna^X!Il{$ZQjD0mNwS+wShb8<|63dHZ9U)>+8 zUS@aI@fSJo3~wk4H@S}da!z3UxjyYd&fdF^7~EqMYVPBi)Gh?8)o;wG$nM}t%-bf+ z!czLGK;KFH?H|o={AC4O=-5@8!{h&QT1$+4^gEk9*lT^GDCzlpPyoRp+@U$EWga@d2S^5 zEFxUb(!G)p7ZbO=Sedd*vl;HU;m4eC^2P%lo4g!+@Xr)wu^{$m0>i?eRf>}DPNDZ6 z_g)>*5or!vQsD@5%?$ehibvuYlDy^LF{3Ta&DmF@C{oC7<2KZOo@Gk^G+poNyXEl) zd(!y_UZ3CpBxzDyLI0H+44rM!>0o+p7F4t)&1`@59Ez5oz5U=hM;ETcp9P((uXs{^ zzsX|*|1Bsod2U5~c_wHqGG02z@Ia97<7ah^5S5w_-pbzBd%8YB_L2UwQYkQbDx3dJ zowi&>iN=um3!Y2q*F+5q_+&JJJV(u2+`6gb?mnFcbIbYnwu=`FF1QT_g@uI(T+jA$8^&k)%e5-HC#or~~9p!3h?Bf;{8ZI51`ng)B7pr^SM;+Xo}KdO#1&CMnt z$rp}q6Yz)v(<6sGO4)C()3dhWPU%BA6|>L1-cy-LQ+H# z)?3a>Q1c`-jf=8%c=})fJG3dfW#(1ojjgMJ|uwBEP>cU@HJ z@WTg}*zftuQ+Za1T5VU4t44I&Q+`+_QIxJ8DpuFrpr|3DU!@LL?_O#L2TBS{4xc@= zFZy}cLxuLZkEgn?D@>`3d;79@w8HwSI4*W5e>!#kq@k&tL*45j(Se+D=ATWYC>hN8 zQdaH@;}CN6B5A2xfNt=8eQk53=ky{e=5Y0=4>APwnqXIgyc$nj?8Me}P|d&m?;lf?~uo<(9d*9m+d^V4^QeOb5o`hr^rs(G)|G~4Q=Go{!r~Bpygy!jdh6I8Lc}r7D`~5@8{1^s6LXJ)oi^FKah+l;-XZf4@{`70WKpk)R!7YhgymGM7F{uA5+@s!V$B z*g3ZF!?TcqBPA%}OO5FLL5>DRx5^Y!s=C}$*O$t5k1^p7Ghp2Rcr8Dz1DnKEA~eZT zpJnRIhL_DJI>yixq42hdY_;5QK_yGK&gIGHjx#Gy`ch0Dr<|B5@Nj{RPMkjP2d`YQN-*A}uOuMj$<1EvIzZ5+jUBsO>zsh{jz2}h+&S<|yjR7Uu^?fq^Z0F1|+a=Xg z{^`r}97Ko(IeDvOHD~$Wo74`86Dx|RI3E$XF8y{M2wuug;r^vHygR8RB`6UG2n437 z^7zp!(>`8b6m$(MwUFSmEQ4HljQbNM#`<{H*fjCbE>%Ej1~h-_X=7euT+zIRx&_HD zt_t?AGn@my8*c54VO$P#%|`J8MsLU!Gu0u{Hb`3{0zb&(!;cru@Wraoj)yXB<+9bJ zb@;84MZtdgDS=4VcW%%`lq@P04-#evX_;0`=Fd!QhI$}qP}@6h>fyN4J@t`FC_#d< zOqvMl$+o7dk6k#)qY~=N55`5t%Mu|Upf3>lvv#aDbTYY!~i<~aaC?^P%tLA1K5y9MnOclZ#y0WqAMAB1O1klb?TaDGTo zS4Pjq0?(4kl>rh|kCUM~UM-TnwIbArI%3q*Yx17tt^zn&6);e}J@DLXmp! zl-4Fp>sq1#=`7g)S9y`*I`h?cer5;9#Lh&T7aT(g=06g}2Y1c1L4(PO&4~ogG<)1VT(4v*a z@uoYLM?S*yMOQwnlq=nnOC$^Y{j0l)y_q4*Yq^HrPHwqEkN!f0J#Z1*%Goj4#+f&S zNixLTXxIZ6Bctt@&1lJG7U$a%)Ea{P*&7~P-uCf)bJ2FM2HvneG+bk%QS`TDP8?v^ z<9BS;8pMy`o^;y55%^n4e@~x%86Yx6;3IAcK?UnDskbnDgF^%?x`2RmKiM@~+}Jw? z%91GD2K#XV+=0foD-=R%K8sNjkq7;Ds8$AbcFwgIC@J#NRO)RRwuGAr>kcj?eYF_(Qm`z%A&DB6jaS0IjpH;L@lH#Z4^Fp#=;}gf`eAXXyc3=W z;bm32{NalVg_&s(I0+Ro zS{4;$pk{Qzcw)2n?j2d@_ik9WJUN%$xNat-6F%9>C4{zDGeMReZ~bw5qKoHzZv=gg z)M6mPj@6F@PW!A-p`}TPyD_Jk4CD{@a$4N#LO3s30uEoqrc)dzhq4^}xgmN!-?gEA zmzqmJszrgPyTVU&Kp}*GC^;xJa#KVVtvOjG$cFVk+x+{q<+c`^IES`~%@7-|U)85o zDKW2^? zC^G`8JnDaq>AtJkVbqC-2ZLG??}jb*d}^R>CilMm6_PrCfrF%m>7-g-@Zj!H^*u)y>tiv6)FyY;2iIHyegbs%Glf&Ngx()5Z z<9riCG0^7g^QP~w;(6#V| z!$%|ULnVndpUVjC^}(HnTu4WxFb$xnU=IEPp4}=uVr~+&I5O{!gRDykVSqTp3+sHQ z6=6cx_$B#a=g3&(n_w-|BG8HvUk<6+6l~GTIL<)X>4W$Fq!!Qrj1aP*iK~oYzjwRp zT@0S#i&m1$52wrjnWP%iQttp7ntcF|vJyFXk>VN6Alkj=#AKH0iC}o1mSzDt$_ir^ zF{7rQ4BDCyUi7SFHT(3)j~l{khF9X!2=dUllkjDbrmNB0rIe4%-fr9*igk0SeC_?# zqMM?YHX%b2e*m|k1aO_cKR`w*LPF!L;hhDoTHWSA8c2^MYSL^xdy~3ttwugl#smSClv zPxLl^X?A;)Na%a6D;QfX;wmTx#f!psSct<3sF^4uUeJI(G#)$%Puu*U*Zknr^+ZB@xc(^uF^3F+o7iKYs^7QaVC}J1^Bdl*?!O zWrVODcY?1=6!Ishod=~{f;sJ+xrK&4Mvce0O5V> zY`H&SxNh!ehXKxbqQ#ljD&FzpS_QNev|dz_*s0DWgyGisM+xK4>dCO-VIbn=zdEhP zm}z-Bo2GWD3X7Qpz0Rm65q%F2_j2U3n2w}Y2$G>&k-wB#0xa7-Q5NoMZ&K~3+{nih zpAfl4dOOfcLn_+K$K{FtwL@O80;vFhuyN=jBO5~gcI|JFT7uq7tIey(g7vc=ke=C0RrFpu+1KQ=o(HJ_4F$g<9}bV3b^q<$zW9d zb}dSgyp)90I6ie>QH&^@HOebgb{M0*A}7Rzl{xR{N*a6TJGjmyxyxu?&OR)gV4l2+ z7jXP5|D?09ZFotI1XaQY`(6s*18-$XW>?VanZrbnFK<&n(s(EQqWOgVn;|b z`>c5&Xyn7wspczBC&nR;QY`W!RpWuh81?YC07MFZ$Sukr2wmuKCJQ_s5hW4&JiwvE zElSL@nQo+AlASq0JUe!#h*0fL%Vx5~pRrX-1q9u+o3sGnj~Mw#ZRN{04cDZlKGVEi zm9G6GiF<3uz7h_z)6g0e);42pXDw1QA_yQEg+(LS`4<3{MSMccPJR(zsY>Egzp9XApyj7 z!TKENJabuC`uj%nHw((kw$jwI0>8AEhu!{N7LLt01A(;Y`(Sd6LxH(P?7>Pg_Jxi? z0WsSv)bo!Hla{#5DRgNE$SK~W0|$RgEzTs#J5w@upPljiAHjutBU{{8p)By?0Ro90 zd?^qeqq9Se#wvYYCQ@zpbg8D6yOk5j!-JG)-`!|Cmay!q3T3n@M?*CkuRJ<+VhaW( zrIlC@qZ@}V%0q=&*_rDDaE0R;HQ8}*g%#H^4{xh$kn=q9b0zlz(#|&aBlw#X*QjRE z5RNi3vFjY&03N#iKKBDn31_oPxD(`NmD(RaBJK;B%^$RW3R`OA2@E z5Bb1Gn;(dkk-nKr6)}U*+Glvz9-u;A{(TNaI_Rnq6eYtOmQUBe|Iqesxb!SntJCI@@U8Rc2TI*u~_F@g>;Gd9)JGhEUk|DW#<;Ee z;)DsXF(xSrXA)ilo-Z%|EsujH7x~t^zrO*2;?~2W``(<@j`i(GEc#xlTd=ty4|&yp z7v51Qlm$#wT_fA*SHWx1yu#b+P?%dQZtEj;WA*gKD#_+nZ}u*^Kmm=%IH~ z@c?*2bnwA{w$bj>x)sanp8?H`2!UVbZOV>HxMOswncwkiQtn zqF|Etd>Cc{;e-jaU#1!p=+579br9P<0P?6Loz#rB$K)D0ugj!;# ztW3AD;+2j1^`gt2{imYCKIjJXG^>)zEP8}+N%>|lXQbfvQcMg2h=_tk?yOItV}dO} zBb>R9)E_i-;N*=j$~8&hkgg*SKUUz=p-h@N??N;!!AiCZMW0$xyh8di0dKu80!EWC zyunr2TPOm^@`hoypLBKc@+#&l7Rq-1RAL&32;z|w5EE3QRB&>MQNvwI+zE(Ux^fBx zW*p@vlH$nXxIjsOrN=H$Y=VkQhOiRQ;JPC4(swa(0fJM6kaS#;njBnr`zRaMg=0E^ z15u9AIpQNHB!RN>Y8Tm_wV${)3Jc-!;rPHa8rxS-Y*7h7jzj`sHxUkK3&wox{`NQz z%z%nu)$+vpH`Rn>=R362DBrz>u0d}1y284m)D0y+q?R4-qIyfPN2+#r*b^d7`hBs7 ztAXkp9d>x{*GVodLA(9-EprG7mTJ`*+ZvqP zixTzm_*mFAh`Yvxf^rtkH~TQUIfy}YC7Z}ypzjHlGx>}gCpx8r&bMoGnGj+aj>;F| zBY1L)6x(=e+_3OAB3A_CHh$F>kt5^|3B;5NRpE#!zh#S(_8M->&oyeTmc>tmzl2$$ z`o&ffJt1w7`@{G5+;mjDMMsO z2%P5=B~{P$>adXEBv7cmGi^u9_p`0N2=p3r3W5tIFeoeBpHBO1vkD&)zQ;8bN=Z7) zQx~Bk0JNT?!QazBSb)8V{2k8*N}wk?B1gcfajgxEB(8;*Joq%#pd6{uqMlAhtgXVB ze+#Y)9QrYx)zvPM5s_5NPyq?YNlWx9ziyf7+d(5*);sSkjH?Y+=@UzIO4Ea%q$B?} z9p7CYtsh|qpyzPWLk_Dtg}P@NF+NKxhq`a5W}J&0mKyLl{d&#Sv61Pi@M5BS*L{4TO9s2+I=f1Brd zyR;uCQs@?~G2f5RxR?P(_pgHfE%TH6p7TI_C}z5b-I9jOBZ_hZiLx?C#>4_b0QR;m@< z!hr$B`$S!32;*))%q!6a7f5k3#hc@Gw&7*etRLz1`@H4?Y)~9tJJTPfFrep0D>3%z zKv}@DQ<~QFmIVgQpiCuk+k5_>gc(6+?!x0ciUYhpn`<~Lt?EE#t2VIJ9B@9c>5%%| za0FmJMtDx~@2nb^flXJh;d@GSHYs%`jDmx2-|DP(V!lU6)>!P^6;*xuF3&Ry52E}O z8alpLmmi5+deQVNv>ZY^v)*;TQ*33zClCjtA^R`x;~y)5#U&|Bzlem(54{mh`Mv1@ zfsFCjD(O8LPp3dm+24rhBXdJA5$DA%CevXySpxnF8h*< zbr7C~7s1?{FsgzwAaP#&59hx+-x9Dt5I%&OIwUS`I*@jbTE1h9h+q)4PPBn^K_2cr zpv1L>%7?tz-N@LbH2+K#%Ni1_YrA09OJ8o*flsvo!D4-V-vSc`ko4jy0qyvdp9c}~ zvx-Ydx(wipX>8vw!j<*89QMZ{)vLm;aVpa(5VSq3tB2qzk#vjJb)_{sOxkKM>lQAI!Q*7QM?zKtT}k?D+uvxG4&CcCp&C-4CF)L++w(`vNMVQcgtm@_EuPup z2YAfJ0I|)He8j(x`C8yre-{Xl-S>|)gkFFwnc;$TUd+?*XsXFLxjq9!YetA*4xP|$ zh0uM0Yr-V3V^U77!sX?BI3EtWo`0jPB{qZ*(xUm*Vy0*uQ5MEuq*vAOL!gwfr!d9I zHaG4N4M;eGJ7w3UE+1E!s+NL|$~(`=7^CGb^nU)CD*Mms=uPoCV!(%f~2zoBc z+h1qXsnH=LWV@MDS$CcE+4~FPb>p?R*=53(ocLYoT$5!~ho^ZLSrXm44am=ASVonm z6_SP$00~TY*5QNJ zb>P5$vp4M2CgiVJFWSyLPI3?ozrp)!2_pMtKzD$gOCWG-oRB-1mUQYR) zBhL~WlLTi?gX(sSNSKkXp|d4T=FEag@3;gZ`>G;$II*q**Bw5?o*}bU1@Z##`KGH#d(9{loOgD+V%~ z)ns8*nC#v99V4-vAj&z990sHKSYumnId}Q9q7FDGpbm(9X1&RhYd}HQv@F80{t=CQ ze}SbU6$kPW?alq)k>1wE1T;iGt>;9ird&K5X7np1K4l{zoOW~=|G=|%>8MT0Cp*$K z*bUS#sI2ONfBlH-EcU(JTG^$Vukr`J=?#b1SJ?Dmd zYv`QAkt97xE0RV1I2dnerj3btye_dIG_k^;XmY`OU*2goEti`=%tnkMG=FziZ(7uY zC@%&a%j^*qn&+>I0*)0fVOPBCvVi+4woNZ;w!#pP{)J+~#xdMPX2to0n{!O6+{>1= zc&(H57m%U!mili@v2%T^baMa!1gpHuN^g&1VOsd`2BIXU@;t!i_=pyC`9LmPoHKe1%+Ld;ET+mt5pQ;5`|ikJDevm2v| zCHNED$YKV8c)DGvzoMp*tFtBJrz-=b?~@#hHL}EXJlX+?zMj9TpxMNX=49zpdkL>g z9P##mmnu{f@w9Mg6lG$;8iMpxG&2Izc-oo&gTU~4-0hwX7$2k3tuXC(LyewdPNVxk zrQ9zP98n;|>2aBNrczSRC_iV1L-%7pq;ElGboy%G&R-l(75c}Xxpe?q@y5!>W_r|Mq+jUadHSIGB%*AMhr5(wqx&lS-=5`QEomQ#N= z)I+S20S>;Hn;l==sSFW_=V}E~nSzkCAnN80%r%t2MViWT^CGT$<24`#77>UfR4svW zU5eRYnMRep>u5fm$_tIdsz`xZ`O*8GBAD_a2uzHF(B502C!5T2P#9x10cnl;8?ZVk zw55TVgn&al+8v}R^!R`VUx!;f>zJ%H*w4uD2)kJs`y%^M(C8pg!h|F*BmrZLYM*>k zxPw6ewwdDm`wdD66Y{Qzct;>(VYXmjrr9V988DWgg@uuW-OS05GhnXoKxD+);6Nn8 zwctGtzQ|J!aP{^#CgL$HM%uDHZqVu9rQiqq+82%o8#=I4oXuc_B3tetkDQh`io^O> zuCbC}2Fo|?8IqcmE!~4Ye2F&(|M~~gNXu+rc0R#{#BLDyZ literal 0 HcmV?d00001 diff --git a/assets/images-for-sdk-next/learn/advanced/baseapp_state.png b/assets/images-for-sdk-next/learn/advanced/baseapp_state.png new file mode 100644 index 0000000000000000000000000000000000000000..5cf54fdb4afa95f4d57ffd6479b2aede91d5b10d GIT binary patch literal 338941 zcmYhjNzU_3vmN*s3>bwA*ki-+us*;w@DKLQkd4^)Jvq4`DRyGtH#_h`JgueFKD-Mj z-|reQ9!ZZxkx4Q$GUCLEllt$LA^wMd`Op9IkAM8*KgbgA{No@0?l18CAOH8i2V2(v zM-sum|7&$b_8|Nme9=Rf}4fBa9|C))a}Y`Wqff1%vp@BTuddR(`^Q2s9jNvG+b z-zKe=v|s-@6dTwCzVF9xQ#Qr-?|l#mLH`>B|2Gu!VC*lHfeG+}6aOSBDEWK;v?_*w zYY_h@1RD6SdYU)GHm>zwC<{Kz!&Y?QKiCXjO&7dG;0Z(j3giDu{=eWYGfiC)7Ma?B zYY=dh{3l9)&Hq)EJYD+>;lTT@X$$aAEb?}I58>)%?7gDQ9N#+}moE*|KpAIHP%g z&W3(S>5o-buZmgNY2z0NpFZM%p03!2Hmv!EmjY4aO>!0resKv7yoDCkXgnGW(;a&lV1 zH#f>4L_r@k_`(ox^(Zmioh{!2y(VZ$X}&v=uHI_YSK4IoK>$ziKoa%v;$flhThPJ5 zOerq33C37J&kP-�DEBy3G%(EP#m!cyW~)nTBt}?{jxWD`;@=?yy582=}#wS|={w z4d4kL5!vz9_M<5id?3m9N{;r&lzahBC_E`I&`ur}I9WkTlOMB)Dy%p{>|DdhWH=e7f4)%SznAgn+t9)IQX|TQIkDhtZ@GC0Hu6S(Tp6Xj-y@$K%xB?| zlOYEGxk!9yQpV)NgR_zKwv#e{m>@j}Kl0GU8Wb*-gHvS8~6?|Y@i`}gpRxD=Y$rB6!YoI^yh0PD(wdFm9W?_@KJ{l@tACF;oCxXPphj5fRR>-KQlXlu{KgOO$vOowGk zVm^+aV8p%-z-ey_dzu;O~@$HN9 z7!i%)rP9JEXR#6iee_c$4b7NWh_2ABlMbR_G>jKl<{=7YIomC>d~M#jiq-RNFfa@~ zKqs^K#|M`@?BVyl-KRW5IBvts+x*0A%*_F(drv8Q$OlW9Ah<3_yWCYL+~%N(9PzSj zAI_@X-G_*f(;+2hoj+ng^_TeCb0XUEJ3vf_q~HVxuG{+=uJS$37ZJgzE7soj(K!`^ zG&R7fbvhm_m-V+wJY?_<{?#*4d2(l1_CjS`?^+UJT>kLfzS9#$7 z-PHpwTMLDXrFg`0P;QsMz9X{pj-hs)TP2^->?Z`wa&{xWU7v}8XyMO#={;t&3QET& zYL+wZW;doTbkE1S_e>|bd%4y{0do@yO-d8&7x7PG^5C<;^W+6Z$x*pajVXMEncwN< z9hzSzEp7yA@}`Iu%KWlSNXhWr>Dtfd__i)*8kMJK{0h4dRfBq$4jG0KgHY2F$0P(} zOKwkwB;RTN#GZO_E4!aUOctNlKL#1+JBSnqQ_g~LAh6D(5XHhe6Nw>IxY-k*CU;Ga zkT$n0@cx2YR;pxydCO94b&BDcTnN(a_tvPO^G4Zac51FqDhkmD;Y>>lKO#X!7;c8EnL88SUtHQT-iY<8HGz{1u=f=kv$`9siq!Q{N$^8;{N`fllOV(6Fj~o^MR`PcPwu zFZVsdV}*8<>FGK(sm}$j*UMzB<4=|DCurICy6euK=w}E(BSG#*t}p-|qvWyi969eE zp$k26$VuwS+_Jq!tanFh{o)@jPdhC5glzDwx|mpt!TWjsYc!5j5F2iOe#oS1+Sabj z?v#VWN!4sXT~zs$%WFTVhWH;uHfN(_x7$TDVZ}f9V9T7Q=ymTb>n5Xf;(l1-{^&&r z(m2|b7<2HI^`FvUKs(WScEkt6Zg%is8#rWWckUNW3PT}m;b0b5ChdNaj}#UTbDbng zO9aqyIZI?5oC(LJ79=g7wrhx+ZI?~sa-yIE5$SBAp_XPzAj|7H}WYg zkNM^|wh{P5NO{XDo2_v2u6*kW*;^D76nFc#B^nq9-dfy!Fie%GWG;)8r03IG2Uxff z6_x%d4BCV6yk1)oidg%_MfU0P8Oy40?hFew1HP!gzlSSi)A_a^utkSH-QF8MW|j*d zjZ;4uTr?ih&<)f&lCPHIs7bO;XD#mMYnt#tsUK){Doq%mG+^rc66KCKDiRpw}Wb{u0gm#Jtt=}64E zp5@I!DT?14b0~oJ*^I8K+dTxwt`NCfW=mDnZqp~E>baY5m}bQ* zkZdnXav94OyHBB2wTJ0MDLzfa_jctx|*?Z^Vw|j8Guo_#@Ni!#kc&wM|bsem=9v{ z#_}1Z9jyfdg)7cYJ|6S=?a%jFJzH=D5OD@hI#9mCxXCLHo>J2f5`Qh@ahnDbUES^k zQld(}XNtK+HKqZMnbqLvb(;fX%+c!o)Lb|9gUvZ5%fQXB=r;7MBY5FTZXk*C*q+6R zcD6_8c6qfsb@5w(fbwcmZEUBe#%cDC;*Yt73 zH2ZimC)NEyhJr1-_}#ZD)&0OPVmmT62_OQx4XDr;zU=u_q3^O%a-ZR`-+_2_o}C|D zxCp85C!6%}n{NSTEY{(>qOOJMyma#huoSjXDOGL>Z&vOCwj$S5dXG}JYt5coo>z6; z^rd$j>*;S*fzoA*x+j(Zikwcr4``ie)6V~3s_UM^Xt8EJcNrMSIJ%H1wW7l|H_`}6Ha5PX1uI$V#b-}N3b78x9H?rcL)0vXDBg@ zB^aFlbleHJh>KzPNpXetV97*b9fE*)vr{odbjF1c!^ar?j*@9yKZ{rloSv;TBLo#Q zP16z@n18xH;#_f$W51Wru5}4c&s<`LK4v)WMS??;IHHnsmcEaZXwlQ_t(34Nyl&8C zN=Y{_R#j+KM<9p+$qpMqN6K1M*#<}Tb<(; zJ5;bUeC`$U7@okzo7L;xx(VEG_H2-dDfBXgd1H!O?$m)`Z`L{Rh7d1at@d^yXoqMr zsceX9d6NBDy#rMOzx;Ym8_YcC?OxF~00IEL3|?e9;J(+2v5VSBrHD5Q;_&yrow(X? z7ztL@3eCm;JuDMr4bq6jSVi({Fq zQbE@IdNXsl0kTWGJ`qIfG(@hc{IOrSieVbadf6zyb}7e`M?*+LOyB#rM0ouVo{2MR?vA65Q!5Pbf=b5xY5<6)< zp3L<`;JRnK$v5~Rr1+*mI9MvKFITnw2Zb!*rzXr{_xzNk zRDihH+Wba-B}O)A@CW1W_WeZ_G6+uEAOt*R#Z9Dq`A!}QHtoG*l2jDb26b1XoShHxzR1lIVkD zW;_eUa}H&A!N^7ARHGf-M*HIDI8dzEwCXs|uUc76VD@YgF!p?X-dWj%gmgUX3f^|S z!?&9MR9=>TlL4liC`4XIGnk$Dr3T+o{Aci|Vh7utcT5z{%Y14F^Vio0UKi=@ov$z7 z<9RN?GOWmD-Szndc`NQZHr}D)C}2`5u=FQZ{oM4T1ml_=M!1fKoyGd6d4S}TI2feZ z!kz?v*ieq0Qov90%X`bemf{{s*QtY%Dwab$m!Ek<9Am{iH4;F$$JQb5*VFTC>KR1B zpdE9P+g5Y{lA(8f2!X?FE~2y&a1TPsRU^C;xrh}S`OY@fVL=ir4O;t7SI@V~`Ow8M zu$|AFpDk-LOP-27;B}phVtHOnp~I+=q0a@OjO~cP?dsA$CsSl;ilEx&@8J z8r4V#sTl}V9FsYg5cx2<$0X3leBoR8^dK)AF2nWe4goMt{Z&vbAMBXY6m-v*-PV-D zzr#h!RA0B;6fIUf!$^5J&56#N44al*pe*h?t3Fi_k$NGoz+&Ccfar{dEyA94JK((= zdD{fR7!lj0AumrT0*Ltnx>}%SnU6Y@;eLMCiQ}Yjp+X<`F&z7joe^_L`&52MRm|x1;1&cO%z9Z%Q9v zqu~IOL=5K82>&2%`0J}N@Iyia@p%1G(g+xq@AIJ(clo{auNQ4-P!KWl11bDROp=LX zjn?#8L?zAF5~ZS8Q5wcn0m`Z)rt@)8=1~LeYw7O$z4%@Y z?Mkb~-XJZ}to7$uErVUIP)Y}_AN$@8k{uo;bqq4_PUV1U|MOcoDGb%D%~V z=?TL#g&EsWEl!_FfVD99_bpk#7362)*5{8}**EI`)EJdnqOSQ^O^kXeS|{8vR3u~U zEAFKW*wT3yD8Os_=>U`kwdQr@xbOr%0TU-l;)(bmGDwz% zZ!0YX%MU(@l0|eh1L?G~&}Br_TgD`@%5MSbdw?&W_WYQJ?ZA|s9EbJgoWB0DeB&fv zUyw%-hXiOJg65mSo3}RQ=j$!t7CsRJn|dfwopF&y zqCc176IrVZd^(g!%Hh8*7#4&Uz4TVm9uIV9=CRTrcIvwsH^6#AxhSM;9~l%4@gTKP zT~5T78Ca(uHK(H&lf#|F?4Is;S5|U4C~%8FdtjR&iK2pNw97} zFbFlP{=SV|Y&3-q2%m`c5+=#WS(3OSw?j9$qe_|@eq)^LzM7wOFaX0x@)l7p>y^S_NCm*B!5fq%}a_Ypfuv(D73FGcU` z_BJ6iJYO(zEteVoqt&VOu_jDN=A=J+xaPZfu%J$(%_G%|p9E`CRZi=Gbzgb{CA7yh zp@4z=%xzr9kQQoFHRi2Ug$$GlmG8f37yA$vzsq6W%jJAV*=?P5cfZddcpRQ`2@PxYGk=8UB}_rDH^Eu#3Mwu^y9;QpO3K zXwfaHfKBQLW~?Nl5i|6g)peS(97$mG9hJF!S?hdsoVeUh#qPiov z)Fth8pk36NHt|_gS+;{~9f~{zES7+!3=hZeEs7^%?&%9bHKuGc_;seU<2PYx3sEOE zmplVrj{pp(FweIU+gm`>{0NC(0}?4D7u8_2A%M|@wmIsq2UtoT?Z>8RV1@-qy}A~2 z0Xd+3dR5+46J~xWC_OQN{9g8|wOjyARR)RG6Ql#66^t718}_tCguR*$V!*vv*Nguf z5Sh|?`KW&Ee4mXWa`K@>#?g1`_MfIE!IiU;F#}wLwf?DCAjwryU|E6*om|5fs8pf) zuX&tPT7M+XLJU&1k~xj7`0>x)g27CR&n7!xvO{oE&ZNPr^af z>!`^$DfW!_RmHeq2_OXI21-K!uo`(s09Ph=#Gi{S?akhCR-~;JH=6fQr~j$UsM&Fg zt({EDP430WebmCtLYW`1F$*Ud`XGH;E|^hB6{f0pSJ}nuHHoB<}GC% z8M1pCMqGuq-zw&cb?3NzHkU zqdy4lIj$#PS2N~O_mO`Uw*6*CuRC^MS|Kc^40yCoi(6#&Sx>ks7C(xI`C1OB35b{5 zi(y*Coe!hKG45eb-v>pyuaniC$A;8L3Q%6Xsf~+5i+UWGi?>6RQfNx>IUSqEHL3C^ z71r;v7=^CyY0l8_jdMTJgQnkS{5pfocgU}PEsr;TVH#ijNA#|*VT!O8(X)VR(0q}D z7Bb4?ylE)(BLWqbaTid^@bT#>X-Ya~yimSJm06vLUuX@qBCi+oR@RB2Rg_YS%Mjsz z*f}d-*pR9hq5gCRbx1j+eqY#(qV(jgi{4qiVcFw#Yevu1U(s*NZ}F(8Q38e*kPdZW zT&qnpp|F7wNcrXiTxl9i2vhxrr!@)&<}s_%n$Yp%5_kx@T!#=TH+Lu*_p`RjKu?>l zjjFSJ-XzT9x93;Xr2fQ$$J=y@Wl6kmWTpi^j+S56VOAPMQ^|K-C3>x&M@J``Bi?Lq zEPahx+ESl5#A@oM2m>UuRt^dhY2W0C!|A7gu3W*!^}K&B;+7A-2fW*mGP&vt{0ZC{ z^wMnzt0Jr2o{uu{;ufirSO6p*9#kYeVGCi*13&PyM%^p6e8M|xs67j-jKu?O>fXRYL3D)k|_#7lta5iUk|SATrv5h9c6Vs81rIjzj2yj zRwE%ewl5e#ddI!e246(dh82jbjvRuCQeU%+XG3I|Qv`tSz%If^&6qg_xY@4fthHNb>Qf06^{VtvEDaNSy% z@^pgdjJ6hSWV>5QOkg~Yb&m!uQ@VgOX-rL#ccV9c(XWPth&9mtWb_gCdI1 zuUxCdQkE5he+=zP1v5<&XXt6|a0wsu6s!Rl{0;0;khQcFL6|?vGAlKtcS}i#w@;<3 zGnJwsNG?j~mhkrC-QwFrG#f&Z$8wA0K0%9#{@S_hb{fI;2KigUpxr{ZMSRBM9>!ofsuFD&|rSO zsHUa%IXMRvIl@A6L3}BWUP=fS^!M_jUVyVi~XkN?u?CdTLd$ z3x?q$duy(5IvguG-wxB4Qw(wPD54J?R31#}jq`Qr*~dWGjKx_Ov!Trv=i$morF@ay z#4_mb4NSs_1(YjN%Gn9~I)P$u)hx(&H+6Q#(le)@G0#E3XLDDQ7q!-#Ms~IDkh78n z2n7lsi=H7Dw7#X6(cv@Y0YytHG;V4R{H^W_^D3hqF*u?`xL!!6;wxiGBWwIx{z{#w zv#XyDF<1sKfQQAp^|OB&ofqJYYLa{(l2Ue_J}H?sv9q(oZ=-{$18VQ@Y`BpiaV-s` z7i@V}T=CiwZAk6e_QmJmcWrr@gF&|9cb8nz*%llrSite|h_PtictDvxyns1lQ>oRG_I6Lq z!mpPzYOCNDQV+fc@?7yZuV;A;M}gH`!6!R180aQI4$9{FU82Kq<=&U^;Nf$`ufsg* zT;2Sm`_x)c*B^(<>LP~)Z)($H7GOeWx9uq7sk35bieDoExdl7+T%haB!qtG+? zbgreJ4mVxd_oQ@mIqWmiA*i%UP;?+koxiOMIgo$t4@^qt+lF zpl`@22D)TDS7qp|ZFJKVq*H{Fj<{yh!TcY`LQSKH^e-M*3%Hymcqab^2b=g~I3NV- z-(g#znh;T9X@~>S4QHD~)+Az^&-C%hQGLRj<1N~=Tw!NA`C9;iER>0oabMaL_NC6R zqYT>-1!{`;$xuqCt&jgT3>-N66IOTZH4LNFDg}`0kvVsa&<@U#*H!ddvRe1{mAuw! z4&J!+^FYI;OC^*$AwYLDbWfSgXI(qX*d&;| z18+ez%^YIHOepdfY^wJ{Rs`ww&0Py#G^oY5a$4*?tMYDHoqrE|<7&|W2!POTHCf9< zb(G+zFz2uaYlG^jL`U+EYB>H--!U~9q;E-td{V@8r6R{>$Uw^5y0r`_42|o2MnD zEkGF)LS0`f#sW6|>;wd%UJV(PB%b$+jzv{fh&CE~ihZSkX zo$(b_APIaJE7tlVlI`Lcib^74w&-j?^a46v{4HMnH5Zw4W?%W^+n@LpcN z(7$8{mc#~Dj~5Z(;=WL&Fz>h>CBx&@egab$vb(e1G760F*vowpgwZe}YN6I=#zQP@ z!jD$BhYe(`rUw`gA&~Pq^NiQu9Y8R5!-G)&+7slQySBZafKx zkOAxcd5IOoNqla((r@lv{cSA+F1#{8Hv4@E+)bH5 zS(8l2CNCO-q&@>6p{_tX79~hf3UoXIuc-%Nc z#I_%-;86OUxGM>qPRC#@N`h|OiuT3k?E1z4EmR{Dk%$?Q`z-0o!Rwv6}l#734d1+IY9XlhI zsLhGRuawcxJ2M}JdgE(OY-d|?cgOz@U+C)-)B&yYMR#vPvuaRQuN&JOqRgRm_h#(^ zVmjN4!*+>=`S@l*q5E*WcJtmk4%kkqR?h=ZBW&*IH`jDW$e4Wj78L2g#s_dNkn%PT z9-+xlrDO2Ncmn0<2*mI6M7Akvxgf6x@edka&!bL9(Xr|q)5+JI-+NS?L#EDtTQ)b- ztf8{qPZa32^X?@89k*?_XXKVIKmu-hb3MFTvWvz&!cjM%ed>)OFWzpnVNzZ7=xeh+ z_Zyo>9&1+~e>r=f`;H@L`9XiA>-p(X36h?zFKjrOTW*?U^HoCDpFX7-IRu4~Wcv)C z0#j?*dtE2A$R!r+z(yACDZ6pV!F*!z`9{j5{*_vmrhIIr>>ok02#qLl9#bV`1v(Hg zT*5Cx%&E9)*Vkd$rD!2Gf+x{W^Qr)EWge_j|F7`w+?auWAElS$E0B6gLBIgyol?7JKx=U1zN5T zr0b}4uveiQ&83xYOP`7cQRFbiy3GukxRWT)#?NL=ji^yu#fHug$v2jYfp>5Tnr-0O;caAfP^e_WQlmnD- zsW)37&VXh?oi`Qm>5q!ZzJ8qf5WhvpG#N!7d)IG{^r(ss=Qg&qYqDb0{UkA%9??ht zz&f+9NKQPBI!NbNotf8#PXyWAkRZVGp5d?QDEB9Wel5XvAjLeF?@?3zxVVa#wzMx2 zY=t0br+89hGMy%WCQvt!JIDEfDWdn?v+@jB?(iHyX9q~d7gxkAY9c$`WFm5dkD%cE z&g*6Aul7xPcn#Lpx)<{3n-d>W{pQEk^8+*V@hlb^4Qdd@&>!w9PZjkOH{kZcQ97t| zINXAekm1xo-<@U=Xj`(YN9NM=+Ye607)iKYg~&HE7Z=9))7lC3bbg9w!Tkex_D+cy z0%HM{9ww7~Fp(n@3y>b3W(1=85&}uW&ZOnbj;_kmlvTku;N%~77$1;K-1A7TfHk~y zpocrWj=2p{0t-4iZF{Ug?(ZNJ*}_O53LCzg?4b?u;tr_FiM}cYz+eju%wUb1oaxI1 znZ*M#<5>GJEd<004JyWbE!4meSOw_8=aplkjgE@b2O%D8G%*C!)S4(WYSd$tA&XRR zQI;-(qc(j$xGhGSJ=vHBN?BSr?gkD@(4rs3JD$?g7s4y^EXTeNkB0urJ!f(%uN_S1 zNsLoq)Q?1LT@^VJoJ#8DM4wfcUn*BAqan>ZcL(cVTs;pLS$OOhc`FZE_7aH`sJSQb zaIe$pYFh2rWtW`W2WW$;onY{bN0kZz%z`pSMX9p8xPt7PoD5Hx8R4;B>$PO64B$}s z$S2@ezy&J!ha-aooc3PxR{&a4ofW_H zEMLp>ea1{*m7J(9 zR#zQn1%|r^-sT(VUw}{=v@mrYE)8bfwf+Y108#P!V33;KM&WgIl^ofot0oW~b;0Xm z8`pXcc}XG*uA zH_8TtohvROB<=ims%B36K(R^}Ch0qQtTz>^Db&`#5iCG#$Ipg1uzB$9J{;wJz4SNR zfcF#j0^-pONIH@;<{D}=ep3!MXKtqOK$pWx0_J}M>DR#D=@&vO4AwZ*v^IOsdiZpk zYF%I0G!$$1d8N)g00sFE=nw8aW3)owXHlF-g&)=y?!Xn%O~(so^yDBHe|tZwsfq&R zy2E<$%CdSZRlus*9Omc6^&iVu2XdYl&emBwv}5y2t|C}#Q;_`t_z4q-_;&qmTl9-+ zrEO}V`Z`g&nTF<^+FPy?#t=XAgu#*1Oh`ZP z7|yM%cP4|e--=WKtG?bz8We35fyG~7Ot2L~c0&4@fHKH;z{^C-G~lasDW^Qr67*1b zHt_owJ;F@=(qLiE&@mi_fGq3aKb8avD(^}o!Iq#OngV6LzBLu}Bw0bczSoLt?0c7IWaPrOwyD~wmnn{AAQ64hLOT`Z8N z$AgFuGtd;$LL|^1sB?N?exMo+UcjQgosFe1WIskN6aX7Zd*f*jO#_A+!~QVVLfH~v z{oO=AkR7o+E5(vTIY=1@KpjoS_rn9ZD5kwp#@g*h4LnWDuuo~B+zC|Fk3Lw~r9#BM3#Zw|MjwAvXKtUM-Y z#msXMM8GPk3Id|IAaH1}pLwC^s(4Y^H&&Avuwpg~B#;NfUIbX$tb3THbX4G=fG`DL zO(kHZ?9$rNlXVigCKc6m64Wez7Kkw{$Eo?$TMnnn-=ySA67aBt-pa0UkJO&F%v>Zh z2V|gP26D?hRYe59eb>;yvJ2{?jiACORs0R74$d3+CcgtaWI9*mKv~Wq54bvz|LH%l zpu@JCndA*hc2l&-0J;4W`z22R?!S|hw_n#-SrXHrnB430O1^;8OG1T0xflLlwAtri zUJ1+IO?4&yVc3e(>(a^Ec0v^Cbpm6<0=$DyUo<>@YwWVBWP*iH@D|0(A4?J|F2CqR^?O@zE+JKW4XijPnA?;sY0TMtMpTjOb15M_V z>EiXuNs0m)H#1E10D_!QK%tyMNb-8BFT(>Rio0_}d?9>{SSyr8Rv9gu$c@ zN)7(3k3ZSOfK*EPXm`0}2v{};+RE)%kFEi@T$b^R6qjKO@w+eYjyKfQ-W@%X_W}HK zV5UD32ri19X<$Ztd0vH~O;Y=5d)HZz?*9yHw!_Xxs_5f|$yc>j5lzr zcf|z79rOdt8%91t{Q?3lTMLZL@i4oB3C4=1?yy6PMkhyey<}pZ0c0sv?C)}>Gs-^w zIvTfK5?+jx46w^OxryN4Q?B-ak%JJ)m#)n5u)XOT*JYhaxM z-IFeEfj8d;xK&}N#Q;gkN8=K(s^f|(1IX~PseVzHIXxE;A3yYJo7qKtem_2wJ-B9C zYns0F`e`Go^C1ote>G-gu?6BOJ8WJ*oy;J?V|hoaohN_09Wt}Y5Bq_lJM+Zg)(oe^eKqQ`C>TUxKh4#CIPLr`5uGAHrgL(#LTs(} zMUIdF$;1j49)qg`NA3vezvH2~KTS3Sv3-`zs9?rGr zWg&-b;od+Xa|_2uXhkZ4(j+V`wN&VfC_dkj`8CE=$9<5B@Zo2TBwL^|vF9Cm%Pr@s zN`lMCU~QwI_78p&#|bY4_SEPf(TbU+wa1(ld31mQCyW@E`iJHo4TF22q=7Enc>q>r zfpqny<}$E0)U%j}F=e-$DKV;T%Y^N8$gNgs7d3EtX-e~_CqB|sGz0dc-Ar=k1hS1tbZ|W) zcRNy(QBdwwKqi2tAR^In>;^w~paik(xei-LpWRJ^&Pl+JgoMWU!tzHvn98zu8sY%B z5zulhbLOXY6VT>CV2v`F%x@q0K!^DIX$c=B+6DTH1soC!T?BTQ&#A{0>z>cDh+E8O zpsXm$k0bux?%n_s&mwpW)GAyUG5Ey{!BZSSSqZ^I8F3 zR$GN%rwABC2u#Zef615ZW6Z}SIUoVq)7v?ez$~gHYnk|lfLCXi7w17ytsy1_PLpJO zZuRYJAIJXPAfPqKDC+pL#)!D@EVjU+xDf2vKa5@d&{ai4rX*jS_)*>9+_<{+sBC|F z0^?vOU;{Q`i{m`KTY25HL0vzm!fZisfd5)QT!Q(TeI8U%?*~>`CvD+1giBSebb;{( zH@rJAmVr&bl`N46>>ac>Zn6>!_``W(Emk|(W$l95#S`EcO9GSKLk7&h# zW5Yl7A#ja@aZFY*NpGAfGjPMKxb?w@5}vZg&23e?B;+v3=At)p55LEDM0h_0`5}B9 z2Lx_@<|Ghu*Y{TyQzO|I5gEZ^A5GekHwUT@+S$%QpOyA0zaUesYWbn@?_HqvSf6@} zZint;`i)Ur_RZ`X{JMyeKz=n??_i8UUoKI3;ty&CeRY#4eLT>2p@VrJ#UIIkz#Ih2 zqKi1|3`aUEb)38XJ_)PP^w0ZqIRdH{`HVl~+G@?8!m3a!as&Hvz7$!R+#N^%wfMt1mxW0E-HF8eTVo*B`8TXX6IelPet!1b<9>psClPRRLCW=T$rS zRW`apibg|c)77T(m;=-Qx2 zPr@ozqi|1*9EPQ&A9ok1)f%P5F}q&s;FnFRH39vQ=wmNWG#J-prL0Ead$V6}YtjMbdR`If}&4Um}M`Fv(<0 z=FONKOa{Z(kLWq4cedLBW2h>rq#N$B4`}o|B!91h3FjPEwe`KN?MwLN72*(h-Eu`Jq;fvuoEr#d zPb(HBZk67h>?b^rJKR>k?-JsD_W4r-0w`+W)Wtm=K6T?3uJHYcSn|BX>&HVr_8cyH zO51$>B={eLcPw=!%HXZdPbl;^UM$$E7#EIL*qdX?bWL^~nz0p90X^CqiG%)~1XNJ# zUCEP60|s5Lk?NM01YjSam${%gjdV)q4bq+L$H3S56rJCv_@o?H4ZOEn{cVf;+8DHE z(fbR)%YGMhgm;UR%AYZreC)(OI~dT9Zv<}oUHU0B=m7EWeG$Lr)$l?&M*Sp}-}CB^ z&BsGVU;!OUq|4_BviTou!|-?a=q=Xx%7#YNZR-a`IQ-Vnll9hOji&dj@O&<X}oYqS{_;`1MV*f)Wak;MRUmrl8rG>=`zIx0`H}5RUhFc|=fuho75=1*>NF zRfiw1zVk*l#DDoKOg0l~Rb*s}@NNE-GhN`S2{;?@`D7E1vcUgR=RGU1ecmnTeZ~!E z3g`8{ceIorN>gF6T|dZB;JsP&AOoOCy#w_fxR0}Yd}QW*S_b}_fZzj1qur9M;7s076A)6&7cqwgx3K5Zt)j&L-ch?*1>7u9^Ee$>PNnMg$1>oXimM>FK)GTDMFNa2yuDFs| z$d8aJN%-h5r{f%il##Y{O$QYr6e2zd9MSEgBkmOmYB)T=#7m_wpZTMLCeP8mN%qDk=(;<&9u7wcnlUQ6LUf_#a3cGq>C(!nO)3i`zIDbpE9Wsp>S|1 z&x?^|t9t^-u;z>cMlO(eek?14qd9+c9ezubj00}lu>}Vns`^Jr*o4X4nZAE`VeNfp36bLWSQs`F(xa)5z~K z>UqWL4hSRtXImo@i->?fiKFA^FSsm^;abGX;R`-+EuR`9_p#WW;3Z0`!_&uR3 z7AZm#+2(y&Xp(i8%lw?#J`m$Cx}%a4O{yDtX&0T%PaMk}k#Zdl8bhCH!MI-`^znPXGj0 z*;336n-RF4Z{35)E>{V<`$EGZlYS+nH&Fra{BUMb7Re@DC0GJ*DKcJoP$_Lb}YGU4F2tLZ$Yk(~^E2o1(vCy5^S#S zXZT}ZjpgYmI5ehFScW@|e70GZ1`kd%B?8;h#|9Ye{ssD%+4{IA_jO7rmUV`rmB6R2 zOCf0&{vPcrS1t>`$NP(4aVLzd1=sc22JE*&PyYEzmVq&^7o0v&;DW?h`q`$utE0$s zecqe6*p>vIjRz1$+UW%;O9^N1;m$koWPXR2`i)x|`C7iBD6cd`E1Z~iv)*EO!7rZ* zXAYhV!OcAe?~`1kq?a-HD_`(>t4LjJAM0<#9O@(`R21kG)+{~*5(&JlZmPo!RiJhi}pYjU{DGG`-u(c z^j%2*Rj>q}EB{L6x3m&3g1#IkYnZM;QvSrz2eq#R@sm*H1jSUS=M0yy0PFIt+1XNS zIJAaE=Ux;m*ynD=4!;rmJ|Op1x0`|nOjg{!I{68+Txu!&0kj#0UpM6i6Oacq@4o2( z3vS)5d8x{a(wE(lvALEKq%QT0+s*m)+q`Y9D0Mq6;kb9C{ z+PlD1Sj67S!= zHU81}h-U*2^jTou@%g8L?1+AagVw*QOEaH-&4BQran7)@y&jLsmc37dB*0t_{qdWy zbtd`o z;1^t|8f>ai7`gt9dm*JY>>ivOxr~+dVSgyjdhH(8+R<=Eu|#di6xpv(V1HyW1O=ab z?q3l2fnQSDRqoS?9uXnbB@@hC?b1MBM)T!PO}~wGEY@>N+2YZZm?vOjPnJ71qOxH9 zf;agFdMm$I)e%10i`-u~yc%%RuB_!<-DwnNBCOt3!~jINW`PcfwaUpgBp@a!>tTA_ zd)dr1cCG!^E(5JtKz3Yl7!kk`7CceY@4(%^^g^bO)4Tt$f;*W<{fe6j?{`+1zj#mt z{si{IL`&CtUCY|Cf)xU-B`bL`=cRD;?;3Jmm~{c92He@(riXrC=aU>4cZQ>)n_<6_ zd*RcvNa)|6Bl?(Y|Cd$5Z@g=O-Yfh9Z>Xf%Zatl9)*WdMtYg~(imZ*QLyC&WFV2)&4Nan5c#%iW$ROB7-fIlH$`bbgu^!a@WT$5j_<`2yT9l-%~||YrH6f- zN3+S*qexf-bg(k$7xGR@tDyv~=9xChwjsNuhYlzLq3LUYJ*W=+^QdI+1k5h`1vHC#-zi{T zPoQ6+Ln`4`)!$Zn@^%*Mc@QXMmx{U*VOSG+;ayxpQ;~i`NBu3N4!pvy1U9Ujf*^F^ z?%ye<8JW1(olgK7CfHcYFVUvQSBgLv`*Q-GORx@^F2xVXSBa&BW~d)NlZEDAEKXO| z;wD6_YLUJd%bHV-sy`Q(p~ovaHou;24Gs-tblhJ({lnzCnld?aPd}(t0NsqTGaETJ zT0lOJH>gAU@k}!7_3m~ApfZGA8KocqDa;EX81W7l!M}I;VEoVq5M?^#IR;Pq(+J#1 z`0(5v*U#)?ouYZKtBPLVC4Wh$UKG8HqGBRaaPBZ@)6fm2+(m7gm2I2>Xj+%^sCW#*4rmPK=gt4a zne>Wtyad6@_hMy%{{|))4r?F@RjTOz@@@hDN`~mH3ZF%P?OW+cV!j)mzBA+OVrK!U z9lp4D#igAZj&~l2*=hipgyxNKQ*~gPONW)b>a1AV7{jQvikc$=F{eYEIJ&-IW+E7B zS@h3OyvA><=STg9I7aE%=p*;U{@}CqnoyNxusYqH4J5$i%zA8=bVi4%<4}Hc=`7)f z^A177VNY=-HThv>ii4o7TLHqe<}-3PvLUm#gVs3MK3mc=Mjj7b5SZ5+-E*Cpw0O$F*f*T*7jQ91u_E( zx^=S&JD@4iLg;e(`8Ta6-CqRIO{ERw{OvbRN@B~swy*EKsX{x#VD`$ILScgRvoG-7 zox#l`v_%nPK?7Fxx0Xe5rFk6leW8OsuZ1`cy7ejmu2jUOD1s>mN|(wMk3GKAnE3;- z%-o_iih%DSu`Pl7bv0{Asp=0C_`$H_mbURYE>GgQ2rL>trA}-ajlzu&|L`;3Q%bTF z6eSy$?NWk&UkgEgYe61zVIJ6clYV!B$kI>7sTOHqL~K@lF0CwMUjM$6jh?-*9a17NYs8mg_cV7cJCb(e*uL_$N!$7 z??T9Y2^>B3)Rv~NEgkmnNZvoU09yBl3gN>kz=h+Z$06zW8UZ}QdzcdtVYl9f760?| z9`XgyfD7TNk-WzSlTMQO?GC8RCUJ1ysZsrm0IdHFOMNNc?~4__l!r54d@#2>&K-Wh(^>Onv)z1>g3!5aPW~)tbxpM$E-!{)drNYHKpEU^VahFbd|9Suv>11R?5VhuPb*1$CA(Y$ELQd!y z;WccH z;2$$C*vX0Ag*dhF{g58{_5*duMqFT2^5K0dvx2uWYP_2#h^v0TU0pXH>ElgKSty#}k}p#$B)xwsQ^2u1yc%AY0Gm_+ zSk}WjRBX#9LwWC1^De8$MGNbzI~(47LsdiqO#d{qyRj}H=L26bxd#PEqX;&5Xykv| zv9Pi|Lw|2eEKAgALsVXgPBM$83e!&Y4$}ZT?V#m*K0x%6;XBG3LWh6AG$1L`@!V#5 zImWl~*Vq+Sgc#Bhz{}>>3+AaCxB-pZ%e!VpSjSx7JuRC1^ zaqI7Og3ki{E_JGtQC2c;74r_#>Wn;EU`uyvX_zAXn}*02c!Be$?-kUyhW`Z}gl>X> zlI5VurV*~_lAeQyUu1EpA82CrWxq1h{2Hs!A-e|7E-xzV{&u)RaET~?Nt|coC1IBV zmSTQTWZ{dJADm9TQvd@8&Bi|~C?622MAgH@MN%AM*P}h-XPVUS5&J1`ux)@98k8;z`=(<9jMlCe}Sfi^Glb0;;{u;~>=-CH5QGbnpWFgUP>x~Ttu9plYatD z8XQMD;h*4MxVIF0pDi>L|6tkBtQUhC+9Z}LgK5}nZ)m{0OvO)qP%P^+b|VNeQWf$H ziYRI{@0AG0s4w?k+`qWIauM+njfL|v(#ECf$j(=hPS4vW3v6^Mtj|~HH(qJFj5sW7 z!!dO(;0*14W`ZH@f@$OnyW=Z3KcFYrhY@s3Pfg=IhOH8(Frc#`0XG})?SX}M;^bI= zLgDt4a*+?h9mS`M1Iw?ax*`V9yr8j4`_Rmxt}br=Yhj3<%AL|f0Rl2(czL%EZT z$VKBHKl^GabGky=BU|#@bn^;w!SikI1(?v~da5ig3TKSoDT_>rfj;khY3x%|Xa*gJ z-Gh=^eZ;a9x~7t%NUB{TB-kr_9jO*ENZG{;2T7Gqnjl+}4m@Cl0!lUKt3OT)D7%|K zd8%KI_hK=~)B?hy2WC2Z6+J_piLuyuCQz%9yey!uKNW3|h?rN9UN-UY_xoNilY{4> zFW!OFp0@vC;QcpL1_!hiVhRsf)3I^b%1zKn2Elb@Z047}tzp_?!yaIN6$I*+)2~K$ zkCU?2gM+qQqNECs)axXu^z2x1Y2>gt=<^IAHzblf$R4 zvS^5QC%uNms^nW8?xCA9NFG1*0$V8ZtB*9UfT+X#{>gmMvvhu3U* z!MkiY;2q5_twLy$VD%pE;w5zb=nDT?Yik!eXhaCYEBfuvz^7FVM?n3ry!VJh@k7Dz z1%4xW?pUr4bW>9NtjPS1w9iqRFCV?<%J9*JuTiGrmAPDt=@RQYf>9*1sIIR$Xxp;d zw+@MP*+47g6u*TBLGT{nooG3eT2vY6x@EkM0ay)%V&*pq5ld8BZ-lmfw#nNUM57D3 z&Xc2y#F_S*Z}eFLXeAfcXbZRE6mO|(tKF%&QI>l(@>}6pg8=yk{$2?xspj8jTf#a+ zREu7K#S8LKKpM(xjlLfEmCYi#0Tqi-h7yNa3g@=$x%&8Ke<|2&)ZaDC`+|ihblc(| zLfW*pen6|N%g!%>x0in)SNJN79Zp<()7aR;pC^}&ABM(K(%{?rW7 z@Z6H>;eF^Y?2*u}@Y^=WqB}F7yQ(vQshCbxZrgt=V(R+;3H zeO|#~ux_LnCIsny(<8nel|cn?DBwd(FP(DxI%4$~-(!gH!~%%@uMX3R9^Cot4(P0~ z6s=eY1*bnTzvPfmv#~fEdjv%KH;+JNo9#gw8@#VhP~yJRUr>~7xrB?YAwjg$J?96T zB_?x^O}`|!U)+M9sE0iS7Lq?v0L?)RLqDK}n??(O4puO>h_pKr1F~7Lq?axypt>n8 zP8EP=Cj zHw^C=OT>lDZ&2BFzJm8L*y)Q|_wp``sz87W&b?53nL5PU2Kvw;Y$%N1`UW4q{@X|K zBN-aqBw(`zMucElq=h;JdKE17=1U&&4mLFKezd&+PNj2SEZBqj%>|3c8JWs~N;k-U zCmqNrrH!FidZb~WgyRm zx7^A-Zf#3mh`=-81;4zYam^WzXKJ>a=+X=StgS);_%j-o4D(5bsH9FGiEMXoVOPU{ zxunb`%K*0Zv0roij7T7#PetD>L@lu_ApHV1o2S^>u z)q3e}c;`f_7dI#xl7O%675!~flPaN>;0v4MjD*vdUj7v1b^dhkIpDxX)%cY^ckKjP z#OyQw5dLou@Ab-(-Vs-YHi z0NDj?j}Q#7PKE&$?cv$P%h^$C8}!@rs9prU;@WEKpE81m6>iKNB_U(nB=HOz_Is5L zR8Jq*WaYNB+{oR=Um*GW$r`tRGcgN71MnJlU+-Si1?xP2$J@3zKuZLBK)r(@9*p6q z`33U%P~J5hTq|Ke!zbm`qluKJFx_}-Y@iZP7*DI3J6kbM^ZolUB@hwf(MRpXFTsBf zMYGTHx|dxd$&B-7s*>f+Q~HQrwE}o8=n6YW02G)`dgo%*rP{~qA1QP(tDjiKjQ6FN z`KUsW7tc(8d^<1o1pT!)YpP80dD_FUVAM0~nAf13u&$p$hxz$;pldwP0lCEQnZY8{ z7vct}SVNO>5Sjzc>Y7YCm9&lW_aw`%25MRQynu(c?{u8SzzOVwRNdQOP%Q69|G=_- zOYs!>SV43r@>S`g}sRGUN|RZM67=EE31v5vo<@X*}#C3$cpPS{xk$o?_X!m zcD4J}@WVABBfLpPUj~GRERXjLICJRVK$%G6K9|H`a>HX=(=)V%b<_%JgF?fexR%;0^ICQeGC&^ zHMx2BTn5L@l;B`V<*!Z?Cby1(DNWyJ-lMTYLoxLN`XIPW+D2-Z2QYv^T%Ba@7f8@( z1KojBFSgnRmr-o`K0n}6oABRPEUNVD!Fu;#4e(?Kzmo;N*^6izDC5F|Q-@H{^a_l~ ziNK-2Pf{4iP;ncHXZ9%!sFFtCq{8_Tgo&wRE(ZVj9yL<}xI1eI$mq@`k1NG#K@-52 z@hYvHco$vqGo1o1!`Wp~yMd53h=lgLGLP6aq@M%jHZXBbQ|P)V>MWB_*pY!!_du_p zu3TxxJ*m{>PQ7x2R$6(rkKT9}W&P*?Ksdv*_nkrodz676!@lmnKrCW{YIo7wsiQ=| zBG4)l8WB7h*;mJG?Pqk1HYS_0h+62jA%zM=hzAPCLWa*_;E+v8#=J%S{FXpG%8^;< zS9R|ddEJ{Ti&5&FIyL5J?{MrN>z7z7KwDYn_ z+LxRE4Yqj%DL&N7H2WP@odBBq3%G2<<(6pOKQAOC>Y3V_V*Hfk{sFIU4mF_Hle&~Bl=Pb_RIjrVSn8~g}Mc^%_9h^OEdP6GWooEpZJ}#Pp#JQy2T%*O#|mQ zdq9uXqI|`jUc;izl)udrY$Uv&-AG%L3aAwx0C$PNUBrei|MzWpgp&YkOa=?vtP1Y! zT)>c~5R>XFERcfg)O!)rO8pyrdl1O9TIOz=Xwz28VU*C?GN$V zXpI<*_2vYDFVbYu8Iyv6_%@o1B+`W#iI0Z|LBhmR$9@VKE&LksOMr!;O`8k zml^TS_5&-D5X;F$|!fxHAVC*8|kBl0T^0rRx#hPE^ij(NN^bFJQrq~km|D39)Y zn6I*FKcMO%6ff98uM%^6C&*}t1) zTVQVu=LH{!KHOe=J&6^5FM;fD1sv$rx?V4ru?#>*rvh!`%iS0-zUf`dXec7eIIQcW zakzf<91Sh1%7@N7y77g24AGSgM!0^by;&9NtW8H4dv`DXPX!7B&-c`U5n+hT$qWXm zVD&U&=6s5pRNA z?c z3k)xN|{g(QJtJ@o3b1AV-^nq7k+i+ZjcI&`9 z=miZD_?qbpiyjkSZO^KP4HgJiu#^mJgR5LpaH9@FsAP5B4#q>7&?r_W^B&cTgT(ZI zRSnL0)hDlLbOkzKU{!Fs4bD0st>tAv`abku`948DBu#mD9)PBo9JBia(S`HdNa_Gm ztss?TOH(JyqJMYpIWN#r*v;)NW5(S}r)S#T_eamx-@PMCDjm)Nzgt7>H_D(;8M~1D zIQBl>;eN5r1JG~Z4QpVIzFhFKVsOmQem(j5&;o2cKoY%qI)^b+N-4Hh*aIvPncGq> z{fm2(fhEX@1^NM-U_6$yFy5Y@ATr=>5y<=uB>@+DFa=8@mV3v~GHc!^&YXrVNaFOK*=@$N;u$>G>rotA{R`YCt-WM=qdn3cn>yX4xmh5OUk$RSaTsQ{FtJ^ zC%z*SzVGR)jppVqHQ_9QLmO~6UY~ffx%t@(_|n1M9MC)z8#;eGzVr<_alQDqn55=3*kC`o^uVh^*W=|F>q53W+8SGMoa5bE$2Ad$KZBa^i z2Hq}wG~v!p?ffT!4_~@izyN5#9GvNY$XyON`XzOZ<(!R81awmZDm7zWO+~!}dmP^Q zO~>{~z(|f2%5VWXW5^g#H1~NU*I-`+tf1PxU>|vX;-*_M>)QEyYn|w;gzdAgS|Si%w} zk-V^+C26nKwc8Y&*=i3F*}$Q$1IiU&mH_2Z$yL0fGZno-&!6# z(1+hG<@{_4><<0g)v%nynR#0VW0Ju~Kt&|{{({2+N^tR%cZ2S>pK@p5jh9)WF71yb zX?;H*sS9k_Fbm)^Vyjb$R9_piV#0)j;WXUJpRg zy@E`rgS8f?nmS7nntz^)>J5J&VBw|iV*)Vsd<01@=nOJ@3jjTn{1XG4nbm|Z_+9kT zjhP^J%u`a07m#TnS-*1-KULY{Io&)%etMkB7j}6gm;w_SpcKKtQSa$id-#~r7v_uB zfP&+ANZpcXLyTkD@`4LUKd5A94LMDB&15D^*)nxEjNH~UrZj12NI^^0Y|#e2y$^LrP#8oEL2V7<*Mlh;h4MP zHa|L`kzgpJkT3hOsvSJ0=WE|b+eF(-T+y%PPln5z40EzTKaGqE&CO?Xk2|In^)RR- zhbO}WHl5Jzj14Ffk^Aw^A1q@abB zqg({q)TmIWZ{aI_#iH3M9CN!-&=96uqT@$S-B(BD(klO?rh?zdk-VhX4a z^EQkB^oUfG4w_dNJR(_gJwF40?%kauMV2X06okkxwIEN1%fTHCX6{vy{fIfx> z|8?beOZRUz$B*4u%F}HX5L6yWXuf*z`dF=^X#81v0x~*=-T6r=`rfCmTotZvCb`?4 zD)W~yQT52ypXtxoS^~bDlcpTlda$YGSk2wue36$bXl)FPWjMVs$JBU&w}K`T_gQ&2 zmLy8f@#FF>hO0{i1ZDix_dxl-?A2&33+B0a<^hsck1x$z_28^)T-_gDLC@RAOCR8W zGE&h)gqI0=$+*{{B-NNt$eC9b+K_cZYfW6%C&y-#*_xvPa2rn;f~WWAGiQ|8eK)uQ zj#(f*NZ*ow?$upVP!6=H%Uu~_9lEV2*k7xBb|z5Pkd{HjNaIBi4t6)?rT8&;dbX|} zornjxgwOOL0HTCS?^R@$z|4}HJ`Jc(v89z_ZJe_vD5&Nn8Z5?FG>m0h*g;mA76FS~ z>Xi2m6FOzeq)9pP?eUcWkPjbo_W`NP*&Eo1DR0*lz>_5cS|VuafsI}h2R<}q`6$=I z?!Cmns+1m}57{@0bk{|HD%AqA7HqJ=DZqkW>zI_B=}zmPR$NXl#P<&W0tA~Bqr!Kj zL&KT45~88OjN*4r4=ktxSUYqV+PepMq)@s)B*p9T(3|{aEO2&zEk1s&(v7NP8#1n7 zzj~{D45UCtOomYPX5fJ2EVl>mU?vT3SySf+CRI@5z8>9UTxCi|jOViTv4$M>(C*7+ z1nKg|D=0v#fR3!=@y}9tgEyP*>?nsWK9`Q~G`L1QnEHW1h4W3{M|Xc6)jQ;<0q7Gb z6AK#hU-x(!!<5`>jkLZ>`ghLqRFsIDk`%-pUT>qyv2Gpzsm=SQK-O4F%;A20t$f zFm%gtm#xi7uBrDc&TaQzB;dzPgJE$qJ<5ApY{y1Vf$IUUEM}xkteLs)bf&nc0tkQ5 zF3_-r(D`H(df`}$|62XeyzL83iEyyYzqQ~ybB_h}yLJF*EqEir0lp5eV6u%u>O_2rln7s`Za*0A-Bh1BT^B?w{>@>#rm^6SR~Aj8AQYrOnxly zdlYfptCzp0{7pNM+&xSkuXp1 z_f)*2A0mG>htD(VP!4bT0eZJ1=<`~bA84?De9^kl`*sdzS>Y_+N$WxD0T=^|Jh@Pc zKNT^!5%q)t3W?JTRlf{0w^>l-Uw_fFcvxaO=$ZS3vRIa7(OWcg+;}jUzd|XbC^1Ok zdHvD~P_%oIl933o5b}<>p&ydnX8(r)S@K6pY?{EXguiq^-4Z15rIBUte$cq;f7F)} z0=jZO=$E&`oR%~Z9C_i2LCc2hx)i(`?2mFWPXi@JKM->}{56_vTr6yB_Q{q;vcbV} za(#qJd=G)Oj7cIj1topUCF+K_`Z>n&cx!>IxgCroezi$*zJ?C23(QZcG0W;poR4WS zhtFN8eXR|wL3~#VePex36P(-DA^@`vwuEZ`-Pv!1;xm{PIV7qdB0UVcp>I#xIC&rx<`wGl7A9(kIiel7TtLs&2Ps8rK0tNm9I)&3EkJi*I*M zLAQVT_L-vnf&l-@cJ?|~8qm^&SGHJ^Och^vN|0C3Rsl_-i05s6|DjA;+lxd5037e8 zFO(fo|4D*`#=MKA2T{w8P=|=I=LKC&766n9(dT}$JXIRRX#2T*PYX4so>AgeJgvX( zl*?y7Oew@6jj02UnxV;XoL{eBM4(B1sd#?41tlWNAShU%Fd)dA|IlxQ60HZM&OT#I zKV(8L{RNM}MuCLsT7cDt8XjoMzAjn&td%4gfWv%?g^qg<>$lI)B>W65WSy5q6C~Jy z+|$PrySx`y3}`%)v-}#+s~iDi|HEFR#Q(gkSQtQ3KY>UGiwb~Y?k!sg+s=EFysywV z^QX=~Me_v@DWJn!4)>ZQlMUDpXl=O~vEb_wKMNM}x`Vk8`@ii&Z6tjMSw3{YmN@O? zw^HHNXkIGl+&;eC_V6UEek0q5w32$&Iz+Mdud%y@s7-Mxf|MStCYs02gOgYhPTt#|r11T;f5Gz3D!qalioY2>$tSN>HJ{2d4 z%di8WAYg<2SfIP%3}|LZ{g*cY;Y!QK7q*V8XD_cDQgx^Uf|2Q0ljMp4GnwqYrE(ulaJaY48XWdR38lQNGP^IN)Y-IiQj_lm?(b*z~jk8tK;W1eXwX)qv$HHpqKF~!!Ezj$sN#$bO{@09920hPrlWGK%{CAgl zbsIh`hNuwVJ6cRCJ_3-j%8D;Qw5V%sAxJ%l(nZt5PC&Du*FZp$uZHJSmR>IfEQ7&d z_*wPgiDWz~ljp6$2nr3QjG3QcfoTqZ0$$G}=>2`ppj_jp1(*9@wl7?o2UW)7Ueu>9 zs#Xj{W?y<5VXqrrqe_Wukpl8NvdXsA2?^VK~cG*p(Qz zv4t}?h!P+r6CO++;n1L6Y@r`m{yVf=oyY@eRTm~B&qHdiB<|lf;)i6AwcC;LBgmtP zE>w8+w`eAaL9|XId8ZCNCGcB}y>KwVBpg8Eeh#!Yr{q37>4A?&PWB+!gO8ALiX15J zj&dI)&})Vd!kz$pL=)2;z?#4T6m|m~-Q->wLh03d7xl!)!h>riR}diJ&@n$kGs?dqFE?Os^bP4W!m^9 zBryBRx8k{OQ*}Fuk-#Y4u}|jm^$2qLm&a_wS9%#AkiPLijB>@3dVYYeCt-f~*#|?< zMF;!#gX%veaLvh9l@IBapAxPh&8{J+0sTH z6ie|M)U@NNq+Vk3BpXF#eDWo$!Ar)pr{esAAcD_YMt^QjZ3N>{tLlm-{&)*WNBauS2HM7oy8QEMhry|EwIrNziw>10N~NDvK#TDoh3x3-DW^4p2Oppm3^ z8pj5WbRS{I+eeMiHsq$L4eHPE5Z?l{ANirjfaia`^Mmo(^oW!+8}%!$H|v{9JS(=V z#(BJzrS&fZ9^F5Z&aBHZHj2W32_d))VhSQ6hTI{>AZCeQ-&^%s{q^G~xjo%FgrnKXFIpR6a51V0c;izgNB3#xX747&PT(wujc^NT_1-$uu^nKRnN$D?+ zCCE0DtyA>@{BhqMVDlw&d5N+R8JQ=kFU_CMPggU(>9U(U<)PDikAi8QeeMgZBoJKj zww~>;WwS>L(o>Qw55(nBYwGqfHcSt5+V}JXsa`HUeTnF^_vxY)ziVAC2mrJ6>A>lz zuP{y~t9jb@nD~7AJETA{iwJj7AV0y8=uWtdc`L{brn4J&1UXXsAUNQ$pOZ@;wk;y?W;9@N%F{B&P7C(u(xY1#60)73}v1@Oqe(3?kx{@*WM0v znuF+>{1xawMTYaNfX(s?`(s4=*4OG0pekKD7nU-N)dUU8qkU|LRsRCn92kXv9BzBZ z2a^sm!2j>TcAa@|d~Go<+JXZC=fnkQ^$MS>DBft)=e-f{rH=Vh90RNJL!_FcWV^$W z+q8W*T(MZhI&`CNgz%s{KN*5^#hcok`9Ik~&^$rlUAEzEr@e_C>Tv33UV}eMz9B&6 z5HFKXlYa*(?(CXJ6<4FgoATr7^x3RReX8Wz@k;Q=IO`LFhmxmUixQGxau!nhyjQ>{ znBvF4C8!lz^g8RkrC8W@>z}kCoW{r7MEUF_??174eGR?-dTI6#jF(_OAFCYG-1U(Z z)d(saO@i%Sbv8XtKa?-~5zhRO1VV%r zUJr60f4M&$Z(gz3ZPs1(?(tk|Z7`|8bDr(Dl4+#4fp4LTbfvJ*12lHu12=*)>?y4@ z0FT`Bw3S#V*6cMIqsi1HKv1__`N-7rf_}>NLX{Uhb%#^VfZiY2oh<7 zLj^9z(|&`meeClw^`ZNhovQn;6ctQC)rp9v#=a z*QbjkaU4o@q+*1bYqtgWUtXaxfCBl`62EzTP)F%*&H8FLWO4yz z&c1D!#>WzMmYl!u$QrV5*W`h824|%$=MXhVTz6vq9zfuP+qhRNp!O~GEFt2?!~Om) zOo7u+K0GpT>rP+)Fd8)R<1w}p2%J%GWfN_S_J5jwAnK3wQ%vqy zKVMAr3+1$ZPe)UtGRk7_~$!s!h7=1eqg6`n^3TESSF~BS2eVTM~asiJE>3{q5HC`=X<7!ZU zXAx0sn1G{drE=vl&oroNz^J^uPKrX9xcT;A?loylBfhC!KA*(`;2=A1t={RUzyzxo z2He~(c&Ozbo`31?1=(JIdULk#DyMM-W^VWJ4(|gJMrpXcNv6iqBedgXW7BN)x%iIA z*ZqRri_MtNkM5vsWlBW+k)IMqThr=y-;bl;t-lg5vA<=LPS+%=gFY=PA=KJEE?@jgnjpQW3%O`W7jT_Q6yD4}+NWP{#DA+>5=$=rHFAwRSAQkX>0XZya`UiO2^}Erpi&`{COrf@8(wsn<8?wsP>%gG#P6M`YEj ztm=C{xxXp*iVt$fVou16Lxm3^ zD0(B=ItrDp|K;sqWX+pF@Kdt>xgCyHNu1E@em$kz`oiz;eG6hu=$Upsd4{ojil3rIbsS#ZB;#jez8{{*PR;l%7Ggm@zP%Tq0C1SSS?;w$IA?H-ikggX0LkgG8L z2sAAa zWcLuL=CVS5rz8H*tQo?l6koTwvmKIvPz)mRE2~Oy{=YE%LYN-mIkqWK8#=sI6ZDc+C& z?`-v_n)C(=^7_K+ZrDA^Mn{)PfG=P!W|U5*KW{o4m_GdWj3i_aFb;1awbyHCb8yMm z`fM}83R=!dt2ud=NWKd#&vl;DjZ&DZPBxEf_fg}#5p*Q&jpjo zb1k?z-${H|EaLCg{Jhuk!GBOQ$bBQG)#LSpWyQP=%N8>ewm=2~ zwK{mS5~;CV3Z7)UUiR0*@4HOn8}1=5a?DSktTCM`IBs4wf^XfP!{cyRp3R_bO!t1P zfk>LRPMt`-l-&_@8b&&fxdQC{IDvD5EN87b*h0?)*a*nTrhvm<3!_VSQO-azgmt%< z#M1-huY-^9WLWwYdqTLW1qFwMv3}F0n31P*D|N~sz3Rw+eSAY?Sg@p?2MI-*j62xg z5~gv#i0rKm0h~JrmnB}@iAO*$wQV|c2D1ydQ^I3^?MSiVusUtXnsB#tMvfC=79)2*;Uwxv zABtKT@%08uwMi}Q$IwHQ|7qCKh>D;u)^L8j1||d@j@&D+i*vbMPNhEKY)(>5a44*q zZ16Cd^&b7PTLuK*H@Z1~EGWwF6Z!$>YDwMeDLM@`ejBR#1fR!4R~f$H4#!)#(HNb0WWrj=oA5b2ysvp z_c41COyq0#NYUVD8^YjgwLHlTm^{G~yhHjnV%N&ts|sM&(@jwD9uP*r%T!#GWMW3p zClR{;ENk_q8moM@DCPnuJJh4>W8b~~rPo-5`^9kKc3yX0&B45(*hBW(#Y4m`s%?dp z5_8WJ12WScQ&Kt@XvAL%gWXH25D%Hi+M|HEDdln6KEHjt++s|zY}qbek-y#giR^4h z|MT1+nEKkt+ry2Y9*0lw{xI-)09zw&`xp8GP7qlm=HTJtco|7(% zx@%&wH|Y8bekf7=b@$+ElHD&n675lB{Es9|N5YEC3A3JjZ>K)sY`w*Y&AcQU8Q<^i z(!UQ&WgGh*zUDUMF2X}%KW-pgk4AFH?oMpHKDS5x=+5U4;Eq2)QN7RQt4~_WEk^y8 z7NY*c-I}LPl+?rJJ`gE_NZ0M%%y-Ja_YY(?9Sw5n9lr~k@H(cwlzVej5=b2|Sm){E zO1xqY^9^wt%G|@RDvyNHDgU@bVC@+%jjkz@%lRk33>AH#Zzn1}WT#;XVR&Lgzv zY`^q#%~?rJ&SOx*iJ7!rP!e@u(Q2M)DO8Nf?D6br45#!=c#}&g^%rqf6Wswv+}CGE z-)y`Q+Qqd)Ox8ZiPt}9+LP+Hbk{*a~DAaspOYiNlKFk%A?g{b2wJOuZ<0dQ|8T78} zd+&ZfuX5+B^^`OV%Q1nR)r$w9xU+Y9eSX<<7)l!ut~fgOo4)R3zL~1=K1vb_4Nt2m z7%=gJH+GnNHLa!B{W>u>-%`DNZfA}pMaGSpvvoSq`C&9+|ENSvZdb#vCgAq~@~BzO zQy~^VgqPbB8jz{|-tWxiw*@p3d<0XPJVZ`uwzhCscM+N)h5OZ3I30FihJazgIPXtx zKdPl;cG@Be@NihXyrNy0~rpB|xQ7FsJQWJLla z*`gdEmSmo7tf^8MS$E11%0QA6|O0NnVCP5Y+eNep;-L3uzxd+-_* zZ4wv+3+%2bIfFWUQaj#S+*>VZwtfw+6Tjkwr3}eviD9s^=dK$64+HJl9&^V-uCY}FLBrg zPbyvHf#RcPv)056<>2W>^xUVeU1@wP zwIDylRRZ1%LXaXn<2lR1(1afsksJFie~6HzR!aH(C7xm=kNNwR57noT$KtrQYI~@B zwpImEiFGrJn<1ee>-8N`uM|HMBJ?YxR1 zgZ#wF*5f;vSpMZXKv4Gah8FDPxU460;*8O!#Ur3@UtfngrR=Ul8Ve|OwD{{3zcWv* zl)OP2w)NR{YF2WL6Lt1fkP8qlw$C_aE`EuuNH*IrU49JUbAm-{H`hc(1blsZofqlu z7_c5Ef_+4kDb3fLF+6_xb@)1OnA{WX`QV?AN9-6M61jsb)sT7gteu5bL}tQR^8?FQ zpY0Du&wJCR3eI>Ex8<}hew{PU4z>`4=w1FT5-=AXg)+*<4#gjG+Ly5;mF|g;Ll_Tt zx^-oHkEF3qZky<8>$rD>k9%^urNhl^ue!X4XAzDByF# zwf5z;yF@BpiXefxSeJf#}JS{vO$GP*x{FoZFQ1MbD&Q4;Dx3siSleM*4-qz1= zG-_Euk@yUC&zwCoaB21p_N+2qWQkl*3}pK3D%dvT&k{*=>QLKlK6KFhJ=Sj>WZKV^ zxq7kfeMR{Tb1;K!xX`S9+*?2K&-q?w8%$p0KlHBp_F~46E}p)^!;haM2+mfCD2rsm7#9JTRwwA`^XoYSygaqP+?3z+T; zEO|fQf2l7IX#x2iw1xN=c{w@5RDpYmfaYIj+Z)X zDs_JR655R4T%Y&fA-Co-J_F$&OX!M@&#ZfV9rpe~snZhQt%c5xaF1!~(MZ>P5`3V( zgEA=sgQlK(j73kcuYa7*^XS=PknJbn^d_21@H$hb)wq41Jbu^j?Uzjv+c#fG4Cgad z5u12A-)_1&0B{~OM10Hg`r@J>0ta+&NMbZ~CT_=*CGNYj>QvLRb8Yg&0`($rRPWp8 zCL%b7_syP5J@#Ecz3uRHasv!Iaj9DI84Yo2GEm4ODt)iZ-^GALXDasrFf8|@e2Me- z<^=YT2d}-2ujrQVM=FxeYvb{_*3y_7MDEzH?Q~}M5Bjkv&95Yfm*rq@CC6|6Jea}p z8^h@?%<}K0ljsLrg^)BBg;+=vrFQt8J_o<94afxVT&`g+^doeh3ZFmZXqmUCJ~xp2 z$ct{{a@XH@ASXkr4t}$9KW+6=<@C|pOHHS<)%ezVADV;=K$t$tX_arAwwzB`!B}ss z`OTuLa>6e0hULB{VZx1GLq(grmhG?!k5ZuqE@9tsufx_L-@K8%m7sHd_+uzAlM#S% zoRZ&6_C|!euD_=NA))a6R_wm*4i-79^yAfod@?_7^OrA8{m7CL2);u?IM}>CiXW#D zT!RQX>Y<=9c+{-b#qWyll$dPwCE)MkjMsVofzGloP_c~Gh5N9hODlyMq&N7^!Fj#w9f(?3#0byqd3BXGds9UZJ=i}@#yZF2_F>i$D+)knF1~M z_z5~1MH%bV0Sk~sivhvuUF!3dnaJB)5eZ^TNF_QV^>hoOH)jCtRye^~-H&%p+U~nx zR%oHxoR4s6;WZ|C$sUfu`Tcvostt}>am6h>0C@H(C$hHqBPW1m_I*3S1HOyVDuE%( z;=}nuj*ie=ze$}Xm;!&Zpd2_qZX2aG(l~is{@@=N&*N_DP!)qGKRb^RPw$7=`z-j$ zVs3OIX85d@QOG`G~a)1N$)57^wKb^=Fl`qX!Lh-1uK zPyJpZ*sAsyof@nqu88F3XlJhre(=4u$3h5Q40`eJ)Gj*|RjlArkw>>y5)8^(n8^U% z!a_UJ^%>$)0>6BJKzl=Hwby>(J$R+cr`G17qmtshvj)Z|tn3?EM$)XhT-1G|QT8|K zD))#h*|+G7HK>r&=E-jNGA@1eg#57tc)77E2aa9b=`$xizuYcJ6y)b|f4O$zBkPRAXK~EJecRsK zQN~30j9}^Ek|o2oBg@jZ3QR> zL&C;s^iCb3rp&XU>dzP8&RpSQvgoiG%b%Z{!F7h+v{j?CR_~|5e$mX@`*IEY3jp_f zjY{szA-+95N(P@~1!%X$)Knln0kSV*VzspB>h@QSL*j!uoEJad8i&N=lkTnaMMB^N5Pzf{M;A|v5 z44}ac-RVhBxPl0|n4@yW7ssm$X!=FAn+yozUX(r%<(+=t>hMt_N4M&I#3yL`qd5Cx zmm4O&c|)F-$j6nFea53(dlL=c zHh7G}7QTx?2;{kSU(!1Qf7Ku+gPT{-TEJjmitoJs#9l$m9 zFWHOwyVJj35IK3^(jV~+!~g9|JjsvLRpJ>FU$e3oiaV|WKmLn7zBWe)@DEF8>`$Fw zj_BmSnEL?l+O1gmlf|X%bl#V!*Zw&+^$YTrCsabH%VhbgCi$I5eAV{8$1?y{`;P8; zEKC+W!2C$|(AtPvB0`4(t8f3LCNKcza^JMNiXHqrh@j)C|@BW!J&a6%MIJJV+A2k_{P42jbnh$S%uh*)7fj? z5-lFu+-ht`$(#*7vT`W5)|pa)I6VanfZauCAP9B^a%ny1nrKleVg$OlodcF65)aY(f$ZKNsp zYrWnt&QaJm=zYwuszlSz`+h`R?qr2b*UMXN={5KB=)FIn z&VR9Chv!2%Vk`z$)%;u$2+T2qHD&zasi}l!50Wn>S0P2vn6Pa3W;7a?#LWmrFxG81}q;$yRH0l|EQ=QG4KaWIfyZm3R{*JPCh*- zwxbh2n9wH06Cskv#Q zow%@dXx1mH&dwT*DXPHL;>GLreg~giS=+saIXvcbhj-{lv^64q=Y7}6Gy5^DGU3l( zpkg`cD+{JKQsR=UB;7rOAn&&jlh5bbc1(G?)sgZdhxfro{1z%pIYeKiq22(hrcWM$ z5t>yjWBgvgx?1*`0ByvJ5|dnWzGjTcP$#tTf4ywef{h@0R+xkKJQS`a*jwR-pAhtT zQNc5^O9M|##tbaYaNDF$x>$W5p7HZ@1rWahxO-Qp3hhR@I&6m&pHTbaBv8s zdB>8&6Yq%1C&hj!)RM1Z_iokjX_Qh4cpP;B&}s2r0s&&+r;bv#Mmj@`z~^Zsnuf zzfgIUnt;-f@yPvd8e%&4r+7W!0xAISq29=cqQ$c7GXsBoZe&Jp*5_G|kJ)fi6jj~6 zY(591!iDpR@j1J=pI;a(2-Wx4Y`^S^fhKGFmlPXp1avU6MXpRWkMcvY^3s$luX3#X z>v&Xr+ST&M3L}zcjzaT38m9o!^~~=WB5mxIKMvSc8@~|GEZwhO$?40erFy#7Hf7$( z*v;!>wt@wli)oZ7(@4O$hZ-A2PR$=ih}_Et^PdWpICciAcK^u%EY72~e{eX;^~dU^ zx9>zjR`NMqK{(V4!VsdQ0*=LGzDRmPYATnCpwS98Ot|j0H1S}kSwGxa)S%G&J^L^` zmtPHL_9fcbkC4Ta;=a}?!h(s1Q6dJZd+-r*R!f}=+}e@J-v4@<1bnNFs~W|Bot1ri zuQODqyuINqS1adGS3Qj4bFdT;W_=NlqY|Y8CmRDrn7=gtQQ@>t}^Z8q8M}|T6nmo7~SlH7h!W=q=C-0|S z_DKsA1-K)8kyBN-a>N-OP;%K9$}&z3(zwS-e@548j$y%el=T*0hN{(o`@9c-ihy2q zJ-a{Z9J^td?UAt=&fYT;noZsUNvM|Mbi9A@0AVvENF{)5e+ZlaAR6$kFR&LMQ8W6E z^L!ch!x6#`T9cBm#oO!6es0PKujoM*QkPwLi-D_6=?0@#vLs)pTs51XZDMd#s@0~Yhg9&!{Mtu*c(d7yDHW$fvb&R;J;>gYV`pr8n|d< zyg#Cwk^bU_$5?9E-}aL^EI)x<$S82KeS`3>&2k!*3hI3k!2<;*Ug|e{90Q)xtEdz) zN!CW*K}cH-GyaGT#$w99DXbDf^ zzPuCW@^XQ@{>z`9Hkd5Es#5#?m8-M<_;s#MTyOu>pU;*>YzhGigd*;b*R>Vyz=juHEF| z`Mi-`S37}P+8FD*w;m-@9VK(KZ;#hz{>=2i2~`w=I+v^VTc`aLNFf*O}&DWXA(dwEXAUIi$R5A`6XMdn{j zO1K+yNZ+p^kb;@rPu(Zk%b}%O(zR2xY-adediVIXLmoQAIl))>^LE>c^e5+$GU?@Y zLVNfx8hQ}|@;ipdY1k;m|Dy#D4M@QgY+y|QIA^cr>=k;$j~wd--%$|wG}&`ZFG^%P z1kMKYcPd)ZOL8>SJ(gCM8wg-P&{~|p8OwncTH0@#RyxbM88ZaoCLjWNI2>jAVzdRY zAvE%-&WG0mk}^?zfP!?&BFqW)U9ic6_^LY4ISQ^5@+SvJ0Tk^SKBo~bC&!jnx)|Ye z;EeMs;vEx|kt3!fkk-t-w!2K6-eT-4#>sScqNIF^j2rnxe=0!$5xF?4l-AyfQHW|k z6%WHpZP^bOtS#VXE>e`)(^8qR#-F;?K|sQpeQaZ`p2KyVWiPQ`WUauqLw}L#WY9wM zDt@PH-f~2q)-+J+S{^h$jX84MAm+Ckzzmw?`!(eF7PS0wMM^$>lQtp_a0 zO>7*-q4u_}i|yP_7^ndB54#+~H)4~kTB322^}(-w*CVGw>E4Cy`z91v2~D;<2uQCK zb?^SNuciF4=$q!WIu3Rw6PDBG?HJElI&>r$1RpXw0G>Nvh7WV(A4`IcFWv^SG#G4O ze&V^(Z|k;K9oS(w9xtyZ6JPIv7T{a)gSu$vH}C&isy6QrWHsy`Nm!np%fp9sS^MtW zf*6V9+kKS~EQTN@H95$a50`t3`rh}j7bc7*o?x>```l-m}*i{gHY@Aa9}3qT-dsp<2Ed+g73(%$_btBoikP^8LUFsn+7 z7#_3^fX#g=rQy&5dUv6YQMcs#3l8oMRwtbD59xM3?pNaz-wcfSUUjG6Q=0{(;XZ+2KJ#O*VGi@N|4wDTIGji~eJo}B%So(Arx)FgYex=D=2|BtQOiaNL7*GM za%!IEPq1x{L);-4Y5d}P9rv^KruIm%DE${ToiVtd(8)^o_Wkv_@7c>}TuhU9Vpr*Y z3D)pBXZtv%CBmv3S1^_8qzh7qJee-WM!_@?(z&m*Kgfg;B7-BxKg#sY`=$3Ij@~9| zUOfK`OJw|#O$dZDe?=BAs8o2Y4I2|V>%oP%b?w1Q=9^=)k4d?|qo;8bS|}ba-j$B0 zyUigypiB1KYZt%j=BlUCHaWvFSOS!CFP>bZUMePSW<}g~rz3StkZlslzQj;A9*frC zZR)=LQ#Ou0VLX64V@*}~6dO)&S5v0mp59u0>U5kQ0^OGNULpyNmdD@y~`PW#R&2_w7Goc{G<>iZdfwYMDGCA2|-*zLFJUe(0 zy?v&^)$5TFPDr2Vfjk-MbdB08QhlzZe(#)^S%GfSi`4GV|^X zrBE6-4Y?vG%&|*sy?)vRKgXriTRokY+;mv?gX#77 zVqi~FH=NivY%uqe+NP}gqYDRG?x91^1Alox#x$miD(aHUhkg`C{#H!5<=3r1C@jr) zap8SdpTBW*T)TT!e75~F>H%5T5joQx&H>a1lPC8%$L>Q(lV%w)sO9`;6aYd+ zKoE&c^`#Sdbs!iYpoM0_}d#gJk3{5;=7%x5CpW(iyH9~iR7%=iKed4}8&8iK> zgGLUjMNyJ~agKii*2ge#>!N88P3GP}1L^u=Xv(%`}WCdRhNG!Ntq zh2KtqzB0siN$%;>W*?g}DJ^3@yM++H&)EkxvR7#(@aiED1*}tH8wN zWIGRER!}xy=B~6Tq=XQmdx@~okuZkUqn3Y;)=u&rojdc`H4}_EH2p0hp(KD7N-YOmtKV1>GG_P`tBhG()2ne3 z?khn5xhvoY-qvKR)@6Tt#ZLdVq#Vhs{4x<>Hs6?bfdXPDU1`=9Z^4vj z7>#K1Y50m`bJ8716)YU5@~^NC!=+MveZ>2GS^4F-Rks>c{^0GG@Y!#D zr1DmPMV^_K4p{XG6~Zi>=Rsq>fQ@?QITXK+O}{wX{NRm7gS0SPB=Aa)H{YOc-WP`PCFk7w z$U2}@UbJU2o9ekkMp1JN!xf@+oEx3zw~KcwoN-y0e)iw*1`u_rqdF#ft?*og8xXw| zl`TPxd@c8cZ8K28#jg=taI=g4<4Er{MfoLbWO5w}=)$hWw{jb=oNFV>?$5n-0Frmj zxvVRa^pgT62{Vw<@?&^8$L%03{zU~@X5Mn$ z5k=t9lqbCyOb~?|n(y0}#S}t+o(WhXBLsl0$jqUDAKfQ^7V(U@ z6fkqTI8>%7kR3xcNU&bf84c*tk2ZILGKFHGc8zg&X?X^YqEuV|LSmo#h!mZ1slNZn zL?|%w~$_zV|Q(}?;!13nXepZE4}AP=BS z7L$9sK-w64U@JNiceOpV9zeN%p8OXmJF0I4PeE&&8n;Go-_$kkU?fD?JSzV98+d*D zC8+a2-n%hPSjctu=XWRG(h!jZSM7(g6@gb%@yD~!y*K|ULcR1v%GO{|eud2mMw5mB$<{Y;$q~#W$z#2c%lO# zHpWn515;H3HliSv!g0&sj`h7X9$B{sgM)PgQL0Y{cJ+CZYu0PM!2>>l!=>O;$;yCD zgxeQeL5_CG^Ps&Dd+>{B!z|WMa^dN8tiVjjQfQg@?BHQ7gm`x7WIamua_3O3`^W7a z4n|jHHDkRCGN?XP#T+?=2|>bDNonQF?hQy-{he?SF2fKqgNA-Jq~kF&OhuyhqLxn$ z@!ozBy;EmvY4%$->%6f>J-t8XkXz?bS|}H^*`aoD*^lfKhe#3ITSXF`SlyT-HqRJ{8rHR$~vCVxyw_g%=5#Mv^f!jYkDOD9w`ODrLE`J@R7 zaSzxs+V0zS{zME4mzz8V`_ccvf5{-80;0fYA;Sm1iL(X4K=euIV{!2W?s|Hw0zpF4 z4X48O^?q`XG|jcWroE<4?RIa%3xdil?rF=R?zdV|OyLOFIwVHA-GzT^(pSj&w%7}1 zDLkEJzgRKpI7z=An2YaH_SX5X1~`*XNK-%EACH&zy;j?E^l<2|NIcXb<@aPB05#p6 zq#uW!flwvmxpg%Owkq`jgD-`&iu3UyImwa+%7a#aRaW$h07bvX3jlfuRl$cJZ)k2x zlD&Q02gsb(>qywI)4^gdW5_HI*6dJOU(@?}k-D#qYA=-wv8Mina@e zjE!Ay-QreDQZY89sQSyR%g;ckFC3FFCT-!32{xn<@oRilxeAF7;wm;}9MWu>mKay1 zT2!|g_)?HiY}tmG(NKnlR3VK{XNSzxE@>b_%UMZ){QJs!@zpVArRd@)D(0b@tDM?} z^D!_E#$q4h@1&mU-+n+YhOWJC}2M4Ba1$H(;zlhe^YpaK4Qo zbzz*4WR3+LTOfQtr=`1U6)fm5frHBXqi{kf9NyO{UY>S4&RX6}1!yMma=lykP^|Zn zJT6%pHoKSmec&(Mm(QWJ0;X{}YKru@WU=Vou=varXQ}a9e?)0c!n;{_kGt6D9)zh4 z(;t-YSoiYr3)m7@>-t$Q<2<&nb8s?=pST~lRoCd4?Q32)=#s@E!tV#X%cS1S6)Wy| zfXAbFM)lPy3K7I+>-#(rOKY5)Uv8Rnfvb|u@tInh*K+AudM74zW4)JAIM@$wQw<# zC^R$jnQ4L5(kkJmFJfPMa)db?U}?ev(pUK(aOecvaITT#H@3 zb9(73qLgk(155lFQF7r?=^WPGm!U1zJCqUnv9%Q^=4ASCNuLNvJzkzzQX#Tzn)r!y z`4(f%^XY=#lZmX>>_f}@LAYNE>(~>^VKy|H$K}I26Hnkv2cqAPYZs3Ykln%%NEh@F zJ#ab}SDO9U+6PK&y3)ARrQ&nDJPwq|A^>a}eCaAgIW+NK?aWQ&=Y}+`ddQxZvG3;h z<@M-TQ6E{DW~?tLUhz?*YUEKFKuJmH9}i%1>fSUd`8fDLeJ=HMMgk^}fSQGeg?(btQ@X!KP7e2^b}c;Io}USm z=PLW%vW4?jMtDv4@nXFBO5HEsO0yqV+YS(sWwxyN_Kwd^=3t)adU@GAsWnI#Z%@GZ zBW^44KyP_2OXDLP6}Pj!h{kAnKW6YRh?5nk@B=SfR314LAvjLI0^6Ky#12fJ`zNB% zVsuOwe;8LrF=BkOemPNLO|kpi|5~_*b2|ic)p_39`Q4=j)eAdm`xo}=)`w6rp4I63 z+n?_8Ch_-!Au*xn_N%g);BfCVg(ObjOX72vIc}azd%&$m>`}bk1&9sdC@c@CDikPD z_Fkd-JiYBNlmSV=@jcz8(!6>Px;fM&(YRhFvFCRMcT`S+?hvi zAA1OqJ-{#qP=T#{lJpp4V6TGhO2nmH#NsdW*V}DmI2LYlNPTV!nH{f>C4PZC=2+O= z3vT%u4hMAg5Zy}Y{2;>l=8Dru*)sJSV%mOXRgpe}U|BGde!|ju-1i7|v3D4Rn_ZPg zMjosu9I^N|h1*q--@MUB?uoBl1{U`@-#JHnIGsJA!c17W7HL#4Ofg^YK z%)Z9Xn6~#@ooZ&2fnIUl!ql;473QQ@uC|{u_e;K-;dJY;*N`4ZeC*fV$>fwjKQIe& zZVsMOagh*_c-5sBksQ+-F*Mj6@1QKX&Gg`KOi7gB%ehhSR}00P6f->kC#rV7CX`*4 z7s}Qxcf*BTGk8YK&L4AUeKb)rQtn3#hCZm=FZG$mYP0)Mm z%DqD<=&)34>aZ?kdQ@HvVuGzi$h`Cq5h}?kR3u|;#P>JL`ap9Q1UlbOkYin+CvZ24 zKYGWjc@!`>6=o=5101FDFD?7bp&s*Tp=*Yewkl?Qft?m)3NF-%t*eL|<7*!7B?j{6 zt=wc_nvdPSB&|RlK8QP^nlHxl4XE?kxBCgi7M;n{e&;oGuKWMb7qMk%gIEr8#za{f zA#Oy@82H#2a<68O7)o)|zPc&)-Ym?hHM*WG=4HcCT$AoonPZDa&c;qXTfXSPb^Q>q zh`B$W!#qWRdrR(TbL{>8G z%kd3~!t8>Fi07|SJg^859qg9nDBi>ZAoNS0w$eV)cyMYDc}j_(^V3Gv61orF5AInI z71{Yg54O?T@iD}8qC1oDli!RNu01lL+zt3Pw)^kQ2|otzwc%S*`&CH{@Z*CYPsbfT z_w()m0e_GtnvcmkNYB4cMRRc11Lc+QgD2elAaBb@8xOpH-_Kra!?3PVbtlvP<+Wcp zc3rU$_=#v%DZAPOzV)(*-wWf{bjc?Gq2C#LI264d4%`0uBpK=BSbnj1Om@5}0%u22MH4zJFd9agxEqoxgYCmn+GpWp%S%0^n zh;z&S`~2&+r=dd&Ljm^8k!*q`S02Aui3KPNWOjd(@aM2!7Vu}^EfsIXs5@6GH1?0I z7>UI47lFLqB>m3jrn8Q5GHWk~MmJ3{fPjfk<5b({>Og!7JqfNthhX~Uir%@(mn3{A zh<4hpmh(IEa6uq}3f_Woc{fWhtCz!%q_byz`Qou)Mb6%k%>j`>ZP=&bb?z4^|INSM zT*#BBM{w`oU85Q!Ks1a7MgsHy!#J9x=X`f!Iy=BRe{$`$-bF znD{b4tm5JTPTAj66k3_V;3gfFFY4}EO2%6PkXTBQnES@ZvEf+aPagNS-dR`Cn zF}Z#ts7`Vhpwt_R?NoHpGtgPlo=mNhnd%ka#21dwhTo5|O}bDfS`4drGwrB2eijMm zO>JXIcn3#{V&41CqdiP*j@Abx-8D;-`=X)$zN$)})q`*VTk%?l zg$-&xqx8J`dZG$}2bR9?Crtj0KHNJ~hIBv3Go%?E@nYH(K?E$Ax=tK{eai34A|J4h zP!F&1Z*gO<+!t>*!~?`s`nBEr`L-3~GQ=DpSZZ|GuN5zgI|EktUbLs**m*$5)jhr+ zOJR*BF~)(!?zODl4sr0>u>dkF{^%?>RFZ`Ta9`tJ?Pa-1cirw`K!IO!qu3w5%{M+f z&sWtl_uaoh-uj+qM3^s&+)BBx#mw=A@F9Ad}Q#0~|Fu}sd_Ds4oCi@e#2Jwef=xPLVH5vhh?O7#r(>YC;+Ujc1^(BV$$Q7UC|yp?Po&v@v|#K!_3W zjb&2kz-EMe>`XtvKYS;OUmAx4((N^8yvw4R2xVxB0I1@ocW}3-@*#?e{-T0tdY@G) zb=1f6Z<)0*!9v1trbWy5re6MduL=_+E^E5$i@!`JgaP>-xTz&a8;FxQkOp`2r(lVb z%RhfF;7(ii^^c_U+Ex?@qUbN7Da3|~KoJ8R9F8}uS#(_LLvXCL`^ z7_uI}-Y2lLAY>RJBFySpBR7CIpia_HquEl9V{DjMycPUweMCFSeoH*d7guQaO)TO- zD=n?dnOT(z^r-hYu46@Vytzl4Gek(*nsREj#meO^*k3Dnuy78*3{A(0ai^ncVYBN( zSrqkRP|+9i>%z&!U9s)6-Z0Bwllw1LWj!uLlX+A3?#FCX*iyqWtWxjYesMmJdt+*7 zU5sR;|COF=6CggRkeh`!RMbBq;tWO&bq)%JVS2Di=wBH3c#_npjr#s{t>nY#oZH(j z{@w@DZzw(A`NEmkhGxsT`>(R59cV%4V<3g%rteql*ShX@GLVYN+{@ijZ_5u-;kvQU z<+(wIeJ*TR46U^G@ZYguSOn@HQvUQ=E@CYz&|6VBz!TBUh z$Vb6|+NDlo6)9$Ys<)#icP?i^g0)Qt`ntz5Ma_Xkb0~!j-80?>;v9cVlkH=-jh7Dr%C8)yXBW(-)+*84)z)sZpO0Ry` zA||Le2rU1u3`(lnk@#E{&>KmHHHWbNKJc+Hx8mWlG|QErQ&Z)j{llLYCs7DfW!)X* zyTrA)Cd~@&$nJTf{HeF+N+lnRE${*C8$IfiE|l`zgNX!AH~!Lx#^T$?Ti4IS;Oz_K zvW)8qc(${&T4V<*`6FpSu!si3(z^{eRpTu{*C!z9tqB}%H0)3fbjAm2i ze6Au>zhOa8U~1^XeNIFe^C`|5#fvs1^N9A8;xs9Q^e!HJ|BQdj+0>+`$9bCfWYM2h zoF%vCp6Fhy!}ynMWNZod&)_hc^Gvu`q>!tl)zJ&)KIUr|I4a-d1&^+DwD~+T#*lkU zx3d)~SEG{eU|PkT(K0Og{3(LG!!^Y#CQ9g^0_-gm5Ym_w4sWNvC+E@tH_75byODUQ za{D9LYWqdO-_$}4l;#Oop)(A3Uf+Zs!nr9|sxHZ}f4PyIJc?eA76@6O8 zc9`mO1TR;VRLSTq%6Uikh9jYL^(MTc*!zx^vqq!YM<_NLwvE`d48Ebi_nXE;gZ9Id z_c=h#@{28T3ew&@fAL#CY)Q=yV@qY@-@&*q4YKWzH!`D#mwRA;Fb;*XekG=k+}Em; zZkSxKu!yWI9pMMCyxJ{4K4sOrVWofX*QtmO-)j9rU*3QFjm)&ODqPAJY`*;XaFzgA zun=4DujX(VUh|JGx;wk1=h$i;PK^1(B!W@QF}j|f@u6G+KgUaE+ZkLyCz4aiN4EM_ z>W9B9Mz;sz;R7t>OGws-(d^*%AnOlbtj~b=Kv*_yEmU_ zQWJ|WOu}*T#1mxz!F%s+L9J2984oQO%yZGM5`EBPIJ{-zU=&s#UV2kc@*UzXo{1+0 zpQxDoV4vY}SX8p&lLc4HGMB}l+kTs#s+~tYJ6~Dj-*d{?G!*8<6IMJ8-y1c&(|qMW#;o;D?ge zd`^up=N~3T?dIePFJsvj=kY<-9SV8a$HYuNXO!(|Rh)RJfDnY5?@twpAvlEu2rW@e zt-Ki&C_Szq+?I(J-Y12Q`K&#ydiVtPk}^_BlAVib+xrk^Y^LcCk%az@V%UE!%@h1+ zluy9>Lhubpx@oMmfC^R*LrSEe1jV_1ople~wuFZpq`gtCg0_>O*;EV&|ESBk*ZCL- zDX0vm{uVXDOmW(kv<{3XR9$d`>xE~i*Qdy+XZ656-@<8Mwkj2#iVfGp%gS9|30^3v z@ln`Fo`Q8cD-WAr)>{GICZTGx-)u&IHPU>VDMq(HMekRkL<@JVzoEcxLqSP{*lS|l zJk-a88lM2J#2u&XJ z0|Z-&vwh>!u_B-7CM3r5yJsYT3+h>)^TtYUtW7ORWi>L0MMw5ry{95dwp+``O4|R6LdbLM0>D()GX7W>LJRkAt z`OdqBCWm|Qe5fzFgZ?9S=MFXN?@C$$bQ{;YTUva|j@HaHERU+lmyeMy1^0&XP2W9Qi}x(X zi!MmLL;K`VBe`6-#dptU1ZOy2*2swUU-qr^$J}gIbVg^~``4=~0XmH9{Dig|K>^{> zQ{x$9`My+W9{Hi+BuUaEEN=m4qC%bZj?XhJ;)Ag932mygoF5&jX5NP-c4VYbMg4X; z^Y{S1^sSDTb~;IWoT61&2t;HE73~WUg8W9_cV?jB75B@@YGQao9~>s506T#*x~mYl zUoKE~(lT=M52cao`fgq*IJi4KeF;@suPh2qsPKmJ)eaXxgnP~nJ$d+U7IqUH(GSIx z0~_}#jg_nV(x)wgg?wAGfB*b7BJZ|yVuoILPDnlOVA2hzsOuFBqy9488@(Vm;@SLd z6p?*Mp)Zl5Nr9c2!Ebzd=!_qx0dw^Cn=eAw_)-5>+w4&9b`5gqncJuNHSELDFKn;RjQcZ$+vRNgWLKU^!Rf0pgoM9<2-;}Qw=K(( zH@bUTJ~}?+u%MzHV+kJ$qT4TTo%8$Ke?!uha5JUVBoyzauG&YGw}+R-$e5H5(aFlj z=+R)#7OPd&q3^TA-Hj2H_4+1Rn%iA~z=t;1%r)}u^qy9ye@fiXz9YOPiIbQ6MBbFC z(_-1#{M*M}F4rd&q}C!Q@^$%Woja{pxFg$}AHd=CXtW=P?;eoB1ig!`w}@hXmz4FZ zIa*g*2EGSLp=)2LO+QRPnK-OF;x(My*n>g3ZeVP7ux4WnuGE(tyb&qEyF~g)gF*GD zGF|SigJj=d*28kzLx85^y<_FuY$Db(alMOYn4X6DTswx)V&)LRU?T~1aYIWY)621j ze_T0VS(gv?7d^T4xA_*VeMz5tti-};dgMQou&*mlkhjYuK4FG^*(fE@V33)Py#;G1 zj4Euj#Col?4;q<1MGDh8$q!%EaT(_yQ4#XRC`lv>@kFA{+nqc≀SQF zJG*nQ@9VgKaEZb6Hw4lNQ6}?PJGXrb%;T1k@u04+X$&+t51&%I^<@6|B=%uVOQ^Nt z@e`h|HfS8Q?@UVr3{=Qvcqr0Pkf7IE(au9=@C?H<(H%AUUV6xb8-)P1|CJE_7!8>d zRUT4%G!`b?xRUt~@QM1Yf0ttVSbMxN>z5q8=^q`vx#Hb(Gb$*a4u4UeSD8Rp-#3}J zFJx^wxj}J$R!T)(qE;JJMDu{Gc@CoLgT@rJ&P6u?lB?pkFqYi5OpAM4Gz^j!H9$uX z8&e!oiFC7KzvrtW2+GXi+9Q0d_w@XF69tM>*yIsrx8&KNMKBr;FVa2JM|KYK-~PF4 zu*c|&`&?gG0Fuojk_I+k(ZWPe+tu@SW4+p|}z zlJF$=sulal)!TDK^i^!ReetCp3)p-4(|_6XEsTC_*-`J`#(fPy+Vz7fu>{kH=W@ss zRF~KZq3AV@UH^HsEW!y~>$XQiWbu4E2;UXtrJy0w#XZA>QmgYJMVU!+Gu$7b_gUe< zYS&2^6}Hgrzo4dJ`?01A+79&!W=qYlF5xt5tR6B2=t#GjJ5s6HXTlbg+ye(ID8dc8 za2I}d1q&tm*j}j~p)=6aK0+$Y1w((biXhi>Q*T+0pq)>8=2V!ZYB@#3(#K zw(WR%T}6^2#|tZM53vKx*S=*}?Sz}=ug>i^A^GGntp--vW-(fa%pXNK`Y^GykQ!tH)oUpQ3c665APYjzBbOvzC={SA&y+OAKKTd7} zEoZ8&myP^W5(h?H!4KZil1c&P-5H)MrLfNg9qN%7o4S&B#Z zh%}@|j=P`@`PSjW$G+DaK+2>ko2MZ!qFjF%~K=|vdcKx`J63rK3}_*-S4mH9GT+j@IErp3)Xc8U-ia#;LuNr^DCo02Q0c5 zX&sY40!?%uR&tx&F@y#}bB~9yBZl9&YCa~Br0X`(QwF`k;jqu=_tUR%ZDq=S zVbOSdK#S+b(5l41T8t^06@kZDAyYl62f&2!_zgHQF0b z71%5ndw)Tslz0GzqUIIw9}8j+pR<`=UfBag1QE(7J?v~PyL^BdI9e%AP)`x8&~?H3n2MlTI+Oa1$SmI zD8hr{a=2gdsa7QmP<9|sf$l2YzVM$MH*#F(iIrg*oDH;Kw!UbQEyLQftq7b3`CQpk z82sHOci~B)Kz7I0oBEND@4nzbAiuPYrHj}+f(k>QIOg$NGah+$_H+XoHHBd(1}LBl zcs>33IsmdHZ_ieINUzgLPp+sc!J^R%tmJe-tgGY~Doj~2ydK6#NA-wpOhcJ$8@>do z+K`)HwKr){9*4997o%VN=MW}rK9}LVx(TI!$ZzMKw7d>P_i0AjEL7=}o?3-Gmp`Fw z)|@dP>^sAT095d8H19}jp%Hgq&kr!MdR#}(AE18o>>~nWMNcuz!~!gh2buBx|;eM^$a z3vGHpiw2?-klfZi6RlA02_M4YBgeD(E892e|Bg|k!zO#+nWYD!TJ^J#DycTU>aWDC z36^h96OJ$&(NMlVM-I~lepV{5=Ol>}L$z5xopW)%;n~J~Ck7Q+KQqeG1!bLYBtIJ; zY?F;@dn|wBmSnBxx=&+x?lg`E--|YxnO;BWm6OxlvqWbv{r5pgDL8WF_UU`f0qt9C z)o%@lOL9>6EUQ3Y`12pupH`2H@>Lf%lmo6jk89qV1GFXPN9`WLWbtMVf7eMds7LdP zDe9IBhTt5aOnKZ<6nBoL^FWuoH0*&RzZcNaoB+u|OVNb|7&Mk5v@<%lLK61R&{Dps zww{tF1cMhC)+=5CT;TFMV3`)@on5FHeqOtkSKUEKT!h`u2%#oSc(u)&wYSVuY`^Vqdf}8{XkeHl$tya)|KE4 zG#)3<{;Z0>M;6TtG=ArLb-eKg6Nr+uoErLK#qod{h-r(k2a3qzs|y8zuupx@X~OP zeE^_UF7Mc;9}zN;uFQ8YSfmzMdy{DzE{mx}d-fBnD17b31FEVngXNB|9JWkTxxqe3 ztbKc$TGoiTd@&!63+;&>mHXB!2u1XRI@7G459jG15u=+Lr{#qHv(P7R5?anR?Ot6I z<^4ApxDF{T#WC=wDeIlST!W|BL&vMc(6rxKZN|e`Z(Gfpql#~(8`%8KI&+{ z&}>bz`;CYCoB{jX?IkyEWxvoJ*2gap_055tJf)NC3651pdK?^^lW7{>kHQ&NKuP-q z{|f5B<1R~3@^<@r%}?~z7QTM2(dm3h1$0%{Y0#qR!6y$< zNGD+dR*sQ%pV5PN`UxCz6TJCGtI)Jq0e!f^HFjT_pFQ<$Yw>fBXYu;Z3RE1rVPjA9 z%0G#S8rYJd7-7Cd=d_iJpLTKN>71X6#5=!IT7ZsuoUW(0%n}+q-4Gk2Ps?hSf!dg? zx?|HwT6ap3+2b+@5+z(O(98}$dF1cKop?{*RR5ZBW}s9h8=nQ{Bh%inr<>Bx|8Wed-#(THMU(s3ZqUF8$7NwWV_36ZdJ3x+ zDa^s;0R`5ok7IQL+Mf^3Z9lceBX01z;NqT@>+_YbA@DeP;L`tY50p)k6D=FoSptv# zK^=}7ELrj%=N6RYzN@K2e6|Zkey`1Lz=2{me1=B}u0C&1_`;3Bm&^NcX#)Q24-d3D z1bEW%$No_RBw*@!^h3KZ;5^JVv(9P{?#LQ5)bNopQ;2-G`m^;p3Wvd~g`0I`5x8Qs4~@&&e!Eu2?Q^=`M#GEd@EtEblI`;APj$=9 zgKVXf>_@0AY51HJZ))Gs6WO}8m@(sMOmr2JuXEEbEyXxA4!YlZtO5F&hk#G@2$tHm zkY?!qAjo6jiY(er-P{Y%H*1d6vN+h$6b9 zt)G0b;mfY51cCI;efC}qt(|U0a0-gmgh50^tFR3w(E$d8)*X13Q|Ybhe7o>1by94h z9Wwej8A~2ipcllznjHM*yoYYNaUIL@XogRigRQV!d}*QhIWW9%MFVc2LicfB-OY)= zqT2oO!-`{C-0E>(NN+WHV4h6}Lz_mqcb_J;>?p98qoi5Am+oi)1-RjGbEcIF2zOs! zz;F9@2V!5EMNF@I`-Lb|T~!cnsRO*UUL}1Ni@r1X4_OBS|18$SB;)u-CPSfyZ}!=Smfg<( ze0+Fj;-^JGGJd=+EE??B?eX}^qxS#}2E8EM6~Uoyh9IF4zpz=D$Kk}ET5O4!bX*g= z?w+rEkjd@qr|NLeFsAWsz%aF#o#=dS+?#wo^~XkdO?aL3vz!5W*(&{TCSONGg1P1C z3No^?)P(kt-{b9Jw^#0>XmCZJig%J@cdFc>?2MIjxOT?hN&RMz3i&t^M#eLHrL>}PIa9*(5 zFD=p;oekQjJ6WYnNI0JKg`Bd(^VSpSDHP%rlJRV#eE9kO+mm^ThNBLf;tv)Bq`nz%`GqIAPYA<=ao!`-s zk)>OVj6Is)9#`i*t`mK*efEbIaZ8FSW}?DYA~6ge>J^FG(}Vt9ZUOR^NzzS{`-Wo? z{Hm$AhKB;pko)z5-NkW}06D4g!$lC|@!^axI>dDp@4xIQxi9cX*W&$xo|cpc|19ru zoBHt|198PbRfKaspB_0O%7Yo4!;`x0A=ns^=m9|BHNrH(f`!V7R#1!C7AzS`Fz$w< z3Rk%=7bsnNhBusaQ9@=IsK~gq{wEMNrMENFdbt-KM z`ykkU2DQJ|m!vzykp~GX2=1~&Qrgy@fq3G!LH=Q>Ll8&b9L9bdLASrxWIuXA;`))> z=-B+lBl4$r1%gE@;Y3RZuWca1eSm{k2?Wi!HA(@25l9^Dw5706DMo9hzg$~B&CRri z$K!P(Lv%cnVEuVn^m@O*-(`;PKh_^it@M@W#bd{_#B7}Gbz^O+Fy@uVd8jmitHa;6 zlZYV-`*3<~KdvB#P@KOcM6^UQnFU0%Z)jDOlP7mw*9k5-5iupQ|cxntn(~YH-0tTfpS?|nOvJ7~9 zxHX@P#wg5WB%vHH>+|{%zotzE+emyhxWuPEcZA)}xsSaBIvY6%u4k>GnKe6ym#8LT zm$#jM$GCb*c7~=9!&g%fgYcTcyC@24s4gM0Y@W3y`_(gF4=h3Z6=nCmY53ld1AvTo zzR56$#|`b@(-!-$_Khv^R7iJz97j4!E~?YDszQ{^*DOBK+(|n8jhyri%`1>!bE@3d`OEM{Z|oF?fKsy? z=HA=)#KV8JT5rxFxP<$jUW7CNC1l1zsKeZ-x$sfCsbkq+4Tw$-psLdzz$j3gpEu>U zHqJrD;Gd0-CeN!*pe*y(W&@S75$f&sP}?IxR8=aQzrZ){`^r%2x-;K$#f_@N6i={- ziI05Dhwk=9+vOE~haC{=mCihqGbqTJd3{;|`m5g~VI;MCLvwH)f49n`$v$o$zR`U7 zpME_U+V8eelcWWSY1Hra$Bp~NZ%@f}_}SNprOQv)ZdN^`*X3}st1A;ag12Xhi9O#C z{hHi*^GCxux?ZF4fCEEjFuLiDV1u6j^>WO>2f#m-+#k zn*1K$$n3J#EPwa}GmyniL-p4HMhmtVg~z+gMkj_lE4-J=+SobW^Xth2Hg zCjn;XC$MhF08wr!E>Svou^bZHR&y4djB4WoWSMN6-f^x9I_)rzV`u$bTchne9XV3w z=6Bh8n?}<(=ViJ2C$wl_q|qRQ<}_W4GEB5kKD$2?vPDu?;&qRPh3`#hns2_o#zUy7 zRmwFjTy9@mkIj*20P0$kh5gl-IeCK;Nw?cwF}P!ZGPXej$}1V?V`9VjqRsf=N$`Jg zxi>#hHExNMHBT@u@_*%Pj8^nGQ3SO<0AxKdKh|up8G@9sY(IZF@_bO(_Ot}8H(tMO z*6+rP5uAmpu+&o$eT_`og6TenPk1&j2Bi3A*r&utzS;rWx zoI~o64=rZ-6y%m4?T6{B-e*C)FdPJq8&hdb)iDXd$!J;q{{Z`^Cs8rFMSoa7#|fe1 z*`6c+eGkg-ieK+SFhzNqmT>%JRY(?lA_-9%TUF1ZTTJ|PAvZ=ow)~-d`R_2{Q^xwF z-S?#5hWaWsndR$e_)BF&pk@P@+KvRMyL!5&Dcs(Kr;wty4$c#mlWYa&xa@cZo_&1m zOGT0$4p-%@$i^A_GtXi#&n2$C8`8xK$oKj05mHiO65rLZYmo8X%c9!fm&E}l|5%hu zu#cQlfoGIZ=kZm20djYC7syJG`+quzj`io!lw|cA^`+62vqLr$aX(+~`}{o5ZMDDs zD;!P#j^l1V6uw?Um*#v1DqSjR?^@4zjODZ!#$%SY3CXrKu{Tr`*XX_#q2Y0>c^UUB zPQjx!U}Ns1K#NZ?D}6AIl6(k7&KOlNF=Eoc!Z+l!3D8552kpsO@N8?SWZ(PWbWRRA zQ%b|BMY;As(tdqCfqw9^AK%BgUiihz;x;hnADWWHvj_B-VT(?U*6sKCvL}0VNxtkF zE#Y z{o+X5qmTN18SRKW9zzodA3e2E#EYy*{Ijygjg-@@a^P>!0Q6OgzY+gsA-cNFRauTm9_<9>k+K%}265 zQVZE!SBr7L6sznqJ&#L>J^_X?RR;VGt03YrsFqvuIe(ySz2y9fI|*6t+chI_kmOXTe|*M~=)EU0+DiC%Oigo*6A)Q2oNx(#@VrH{ zmi4n^RZtxq!y&sSBe8b`%}jWQXjafFptF ze`}r(y)D-Ywx)jtdG8J|80vKS39GjKjS=xEE)#wwl{77ahzPUGs}DIdyyL#q24c5R0M`aX+R*|8(a7T7mt1*L}~EP4BY%-ou4M8X!@rA|P^?S`ATGM!V6QO2qBZ6e|2vW8 z`6D=h_cJhk<5VHOkc4sLqT~9ah+C(2FZeFvq8@1|Lyw?Lw5rb~=4mp*g}wq`6WU9e zr3^Aj*GH+J!xag4h4#+XI`kN$U>=ftlyj+4_1PunvwAV&ehs;zfUh%w8XRaCOC?|o#%6$)6+IwxihMK z&khJ}a_HMm4;mOnXY^Z>T^^GSdXKA1y#!d`6~>6p=%VwV*LwY${K*On=XB6-?iZ40 zsNl`Ugxjo}PCzK%OSgTRI3pu=FUR6csld%FsQ z#zM}P2yc|6ABm28(?qYpZg3zh{Au)g&M9pEyt}{+JjyVNj4h3Nr9Tf-xDniXQ?jey z^T|_S$@=m|n>z>lWfu+-y4*djDABzfmAOaC-l`cQCGC52i`$)mk4|ZN;;Z8-pM$@G zaaeo?zBU_Fi~c=06T>h^{p33jD9th@YrdCz3#LBK;ExruM*G|zeCLUZ{Z|cD1zK^` zg+)+ar@uULjgOSd>J<>Fm3VmKgCl||*^?ZyH4~ip8P()VJ|OPkjzng{Sm5ndZsm85 zINP;u@b4o(pjr4^9=0A<1GjSaIK7h9U&_W7kJk=$19U&HsR6v+$FjcPVIcN&T4Xix&nW2IMZ|W+F?uTbxy8Q=Avo~`$h94VcEzm!40~^_L zfuJ?v%RQ*Xs1-kO9FSCLEs>do?&`1o6C%T&KIRL$hmlaXBJqm*F$bXV_LarSR|6^HlU#O3TW<40gPTpy*k7#10!({`V-$>d+v zYY}BT&q$VaO{tBDMsFX<`EyYc^H){p@ya~k4T-)|;^_x3$Nez+XCcL@_~RQrKc98; zaav!)n4pwrAU_V*OJ-oLSvAZE%D#h92u22kqWvuBkO3~)*S>l9K{u%?GjBjp*d4~Bd`z^=IMcqEKYDpTIl`gRDRSF zJ%N{n`^sKt3Olu}A<8(gzteo~lh@lp9*^9u!W7Ku+G7k^zkXe0dtb>?WBXjf<>zgm za{*wnrS?&0U+yoqD)#`Sfq`-n>1Q2-Ui^~AEvt~)x>r-)c>@I)>aSs`{Qd)1Aj95( zAYxl#5=_MaZjSDJ*(c>a5u%Km1n?GW#n2L{;2Gci{1tCNtRzo5{p2LQU#5|W@c*kS z5;Pt7mX758d|bnzG=hkzE^fWg9R<=K`$t$O*s62Cpx=H@X(QIX9`;ND{&7WlJTR|{ z)OmQUsm)iir;k^NpZR6l!Wv_{Ika{2eCGKU6&-C$uLDpXvD?L^FZHZ?G!|XNo@4n9}kDJ!O7x6cHN|*+s z&4w3{WkB{i{GlEaOMmYlz_pYI+kFiC?)a{}BbyXsR6;=B?t(b9MhN&Md!H1pB{~f6 zlZO6%)&1Ed^OD#QkE`=|;NB9S z$|PF_9nNMaNSPZ-_rQviBEI1+_tHfgXEupRloaXOnd$VY9<*Cf zN%iyiD=fEr7{GQWEkVJD^OmMt4U9%JAtY2Dh1Y0d-xm0OQibip4f-xr(4SgCFoAVx zf3SXr%ZL5-!V3~a?s-5j6s(2uvi5M9>c=bb!MaS!9EB&W+p&{kTq;2`+{%520T}N4 zQ2MP|4UeCN9Ha;V8>rC?qT?}VaF^nuI!BK>1W4ki^$Qih3HL-7E>$mlOVtuI8wrr5 z-B?KcVkAFjvo@*REe$1Y?4C@fvXlyuc1ej;)T z7Uu`^P+9g!^xVM>AOi5H7;aGxr7bZsM}KDi zK4;rsNZ5sB&V!ZY z`DnlaF2!JD?@Mq@BC~dw!3Dd7#_-35pqAumCG+SuFMj83ZYV5g|c+$}yIBK&;wc#5^+LQeY za3r)g3{d~5)tAg&1j(62NSVzc8lWVtovtkZav|2uA z=0axeWpH8&h=zuJHT@~1eBxW(zJ&Q@e=lxxt8~S>$9s1#yEJ={{Y(xufOKso=3FHH-i~QA;0lu@lb8! z_4|Kh7|nj>*0TfO6CBU$2RoPV;@<9}lZ+lf-qlhu(taf}{-_Q21!wlxxYk z=dAvom%ug*OH-OJff0nH~_xYQX0L;$JjwNg>**OxOTi}A#dm> z(l|cG4_;;Y8@B%MHe1K#c!M)|=TieYKmN*{dhlf->w@~=OVp<<<6ZZX<$k0O?kD=> zYzi6f?dyVdzRywL{1`q*bbOEddb3}#VCh{KU-vofs%8fJ=!|*(g-Xi6Cn7}x`2F%| zTc?wrRPr!Ccln5BUA>SOQ<{h_C%)E}^k@wx?}2+nN?vb$@T23ZZyxi)P}fQ+_%~g= zzqehnh2hj(PWmA@l<`4wUFWFbm)?)j?yvCue^M~P-G)bWRWNfgBRf1SuHHHQzM{?Q#x;BRPgE3tVIrPMb2@C(W#Vt*Uy2(j@9DsLWFroT$#Ia1Y-(mQ{ayC~q#DF$mfht@sB9Xps9mBlzYoO&!VPS6DPmZ~NzjCMx{j?yK=O;=h^$qL=4j z|A-&%$oz$#PwmSHDYOPojFg6Xs2u>STe`E)4kglPBC&K4plBm2IeafrjJowhaCJC zfcbe+5P7PG2M52OWGpWCa=$2NinHB)Ys+D_ReTyBkjS#9W_~;gOzUuc?Sv;!cMion z`|^Q~iPE5q;>Z*3seON3RwegqSmd+HU6T2dA&Sa(bT@vfa;L~Hp^A~iaSu=6n}@qu zK31QakkK{H?UByLJ+iOl@T^HyUrN^nX=^D^Lo&DyZp5CPX!kdsuknxGkLmZnkf$Wa zzDZoZB3YtUD1b2sK`2d5lzwRGE(mA82{K5w^A0{Z7-gHRi5RaeCpBkR+25--6p>T> z(bqDT6a|3_!#%LT9~L<-7TT{i0Kn~iD12%G9p-w6Ol;B<`*q%@Nvz_r5dO_bh*H_FfHXLI*Qqr9-Vn|?R3vNav4l1 z@vTYjXL8(;APVJtl6l{)RKfYpmtGxGr=m}dCTzpoBFPEh%hu(WZ67Ky)l-*U$_5Sz zm&;e>efj~xAr2B&L392qAwHn9GxG{v}Ee7}7`u2qc$IIT4c_v0qx7=1JzP zlj5@`k)p*J1Y)cnLF%?ll3vsHNx~)=IAXDw@v%WLC(^}heZa=M7od9=9lJLcOurs* zod<4IaZHNR$fEF8%ERHFRK3Dl(aTTKtFd|b2swQ&p5+imGA~K$i01U*Zku5eOsGWn zeP}s?L8@j1lT^dGyK;W>g#@@#;SHSQ@4Z&iju976e*6N-e-E~xnF9iqadBSX*DHhX z&3ucOjY-wWB0UdKMng`+HWs(_zZd17~!q9FCB%mEK>4`yxHc#%}YM)463OG5oAo0E_pj-HuG}%$HIR zo8&kUhw4}-5b`HyN7z4Yv=0Q~76QR`MfPG@65RmjJ-7bWctBcg;tOq^#RQ}Js#_g) zafUdRRpk(K1Z?1489x_3aCyemEJYlRp!xY z?B+=%2N%udLpOqNwan^+OHkdhsPNs@RYjDyWutF?eP@2?Acash7)_Dm`QU~X`g0t+ z0dWjR@mM{8m4o$@--G1j_U}!dY{8@p0%H3MSaG}bx>^6`wW5KZ0OX+m+0$c5Y_Dw19M|;82U=TPfM@Mr1Z7FY_0K* z!uSjbW7Vin%{myTYSy;(jz0$L$oG8iF8WfA<$*wB>pmfU;3f4<8!vz7NF1qP<`xGc zkbmhO_<)OcY2NWma%T%`A5s{KVx`f2&od1u?cb7%!3u`MtWW#Cz_6vmGrFecQhqtA zY9gT+mF<(Es9dKMuwbzlKKRMLKv@ATIj>?DPwT8MG^yXe z#?&)SC~1EC3SzPoTF%S6AHsT}6{g|#!H^sH=roPEP?!R5{C*P|hwk{=Ocwqj7?GKu zedLfIt)V%x+m}UN<5k8>lElj;@_~jt!5{U?t`j*~@N0D;is!;HKQ^!(#=!uXfiD!k zk@{86es- zYJ0+DHv*G6h+Dbkd}zXG>;9-5J6avC`Xe$SURuijUeNfc*y2xIQDohA0FDeviK1ll z%ln$_5l?XX`0_hWq~gVO^XFMHsqYb3l$my{Pw%C8l@Js zkgoa{d-V$IB~(HD-8?zgK8@4YItYRA0wkw^j}7f$6D2y=7Or~pDa;CAns3s%w_xN# ze1Ua`9YR7~pD%KMOa3*{;@BQ^BO^-7{ZY*X2rPptw z&#e^-b&x_57WP+t!iKN&WeJHl>M(eY^W{=B<5)N6wy7k|X3i1k(~#KJ6L!UfRC+*8 z`7<2rgVh$;#BR6mA*p*?QqB^83fw!Foa)T+@mFc_D6AXu&N!|)B?Bcpdjuq0n&tbx zjuVIhXvKMAVyek7|4sX)3#MCcqrQ_49I}`CVsPFoKLRw6=IBYU(}u71wL6~JA!2b| zB=4SHAI|&6+Ca6N$IuU_3r-o;j!;>KJgQR@36JnXSM1>qfRK>!$K-w6EjyToT|&jV zUPmkxzu%86Vmv+;!&ATkvPYlQA&^gax#e&n1z>siU}0mvT+coq9LxB7;Qhb?2+$@) z;|n*e_5R{mrUdnROLJ|_wJm|Snez%Xn77q8<%-9Xg^m*c@LgY0KYm9Q_5}|6?sLCg z>$^mu$RFfhg^vYpW-Stz@eR)JWp`9HF8CH9_!0{PmL>ZvUL=FpjfC&1in(=7l&#q( z{1?(Srt7+~IP6hZM1C*25csbQe~OB6>4DQz_$iujliQSM3G4kDbqpV(YJQe}ydJ{D zmb%W?4oPKP&dz)W|M`YCCr| zJZly`#8hZZ!}lz>uBWtEvHKZ?B*ZS_`i+M7ZSZ`fR3C>z_)sv~v$UsFE#Z~a(T~m{ zDB35jx*W-d`0IW^!WLVg9h+IP7Sn=)|2Q2@TShCk?zfZU1ZV;I{OpG-?6bcp9}#9P z^W}DbAK9YgjZL!opvGj4!^rvobrdPlMBxZ?tHP4TLHa6~z%4&Ql z#&jBEs@JPKb`~F_cxm9IX}B4FXNTV3Ho762yYAuE6k|*g1^-Bk6EiZQx~|xocvR`$;?tNa*8NOV z_K&3N+EP^8qQ4|b;8CJTkc{#s3QCe7`RjX9eMjBXRR%=ZVTBoFK+4+N)c5+mk-K$x zEZ%XS);dg(E436a$J4%6?Rt)AefBd~#g`se6P=3Jcj^u&+ITtf@-^S{hY_cP=zwbQ zrA#}v#&;{12LragWw6ho5ApnYyl&r7%f4i%LnOGNxGv;dgy7t5V*tGk&@b3O-5ylJ z-aJS%C;3`UD6Aq8 z|32-wY+c~W6e4-%L`ito7UlfzN5MsRkYHuIF=D7+YY&FvP=@cjV`E0B+ zFZhpCIscUJQTwXpVv|N3BHASXEW%1q-uBr-6pySo#vk@l@SQp+CzQ`gy&zE%;FOL& z{s@68vug-ezm>;~JMKs#kz_um?ajPPy9`O8rOY;#}D|s2T=um)hY4Q_(1%VU+XLH~PQi>c1P6aHAAIsweE|=Jt9~fdr?|S%9w9b7!U*q5RV3TUA?9Mz z0iUuFaW{;UE8Svn4~T~S(_zVsG?TomGF(~bM#}b|Nx^2*a(oiT>xVgY?$0)UQ%oD^ zNv^$&4tTOaf^aH9cT+)P!d2T$(2WEbd)}=i2u(DAKl{S#?K=%Ux^wF=1Y4X#dlCx& zX1O1qmWSrxwbab}pYi;eS>XZ$O!`Gb^_o!|rpeIG;*3N)$}Hh=A>z<@-!DoI$NlR_ zq940L84`cO1HpZMd5+_aI3pDDdjCmHvhpZ9AL&;()R6!*m~`*u=}J)cmkv=dW~A+! zLIyoMp2At+kLW%8PDH5(&fq{{DgB=B_ZF5IZ}ULz!)ZNHWywT>NNrMvAvWfY3-0Z9 zfZflxy0hW*QTXyDJed5Hbp_CpQh+E#*&_7^eM|~?p%%8MRt9kFX!p%cyx4%6)e^r7 z^Q488HXg@)AnqyG=QO7NvCSLmV;P?^enE*89)FR^1lDnYz|X@mmH_}GXu!3a;w#Dn zqO22YMyRpY=T~vamdA1R-0^!I2(caI8=t>)b~);R`%TzCFL%cq<5{=|CWQezRJK11k^}{!wLX}{ZjT>F`4Y|tQ>D$ z-Nh%(iEWU+E2o3m0UG#Zr|lhT+r#j8!4S*OV&AXpw!<2f!%ejsLP@NcmGw;}MX@|@ zi^*pL*E;R-y~q!upWncNFpazx4NDZ{!agoE2hj_>{|5*)T4nrg^S>7V(Xm-A1fK-Q z`Qyv|wDrm0d`e|SCecnEhzP2Hw+T)NLen@dWBic5{Zb!8G9`*dv`Ntjk6vre0n#_2 zOR@y?QFAKlh|G@2cpmT@BA68JoH9|>&D zz%J4y!S)T7JY1{&a&@<#ia19AGm}jqeG+NLx3z7ziL3djXHNck8hSAu6zQ^(y4pY2 z*m!za%LLOe;cEG&LNFbpaL2g_>4knX&V^4hbMtVyi;)^mE_3Ya#)Sz=t<0D5_Pg#Q zu(dh>D7K3of4JWGybjz3*w~*GZ%mLx>@Jh5RBM7_U4Jy>Jrr{XCKG@63t_>boTHEL zJyihU+G&Yaa<;376-BtG#(A~kaTXkEa0E&ZEpniI(1&|bJeIeM5bVnyO}_ks`DAD0 zOlPlMxtzN}t)i^88+lWQ{tK&?{UeROi1%%@PF|O*Sg$5?GhuK?d7rD-(c18fi9JHc z)-hfTdJ}bZK*}8i`l!}9r}j2~cQJb8kNj$)9JW2)+qtZxo}eT(JT3%;Kw|4VDG9mj zItVaxQ`up!JR`fm(~ifYf+~E1ACb{C-+I3%F*ab6U8gEgGOMJY_vfG6o3cke5T4fQ z{29;q{g9WAkp4CUbz|Z|zp8+Tne7Qk3S50Sh8ZaGV{udnVd@|Bv>H>kB(@1IdSBZD zKhF*X;J^C#Ng{-O)LB(})7u#{imhhU?Cavk`hFKG*q4xA4wu0FHLqxUbC5W@08pBA zaw2Y<_W_=z`!;iQX{&L7JaTc{n#*(^niA0kF8eE*{> z%W^{|=AZMGM%(R3K0#CmO=R|M-K`wDfE z#y7OXsaSA-R{R>D4Eb&PVo1@yqiu_bnAA2u$?wPkv3Vl`|Mw#R8xvoUlme51FWP39 ztAwJe8EU}HaKBFb{DG||VER8KaY`M&$@6RUIS%=>Vo@|i_(Xpy4iT!d`ct}c#A9XP zWdS*A3{pixXd?vQ{Brk9>Q+`j%|!_whe6T{)wHE?Uwb8C-xKzKgC}hgH7tZKA0dyW zsJ>Tr^4>nrkvY385}9M0!RdqDMIUJ|ONP{alw@8Mp>QXkq%m~o8igwnR8@RP_)E|6 z-T+0VR~XR0)8Rf?Ou=Rg1j!{%ttRywnQ^bWVINEBZ|arcCT7j{Z-qcl zaaYvuY+A5d*$kEMz(5_*V-vBf_BFs8@A&T&_~s25e_~w7p?+vkXAu_R2=!Ksn7A$uhzk_MF9d+)8Go+Bn8GBlCC%JhPPDBNC0i%6c~z8SxG zR_^DXvc60{xt`*|% zJtaO)xQ#cDGWJf5p%6D?3HA}@EXFYF{c0=Q3zew1u%{L)|8t5z9OM;w_!cEy6YWYcf zZ!qy@IQ6_2uG!^Hu$l7w_>`2tRW4rx)7g`*-~2AgDyHbN^zIikz_cYt{&JtVe7B>l zrtvqoIEiigQrG<>k7QPT+7T=~f}r~NP3^I)#}}tfYxhgiAgvsH%t7u{~WYt^R!9 zq56pzmWoNzAOf*;v1qne4mr&83f(zRwh$DBpKI&4=KY4;Z}ZVT*i{|Ia_ydY@2e}T zMSSQ{zK`syY_yYxj@*^Q3qP5xbCpEzq0#WR?s$kuHE+KMo*?>}zQxC$Gu3H7y=!rU zRz|$<2ZxY4k5m|ww+mk@PEYu(pgJPuof}^;zK2W`WOc~j+aig@U$L3HC0{6=7!bH(AJJ75{3*qjOmic2JMoa8qM`n;xOol z;LMege3~b%-(BbS?|E$Lj!uSa8X>0H&uhH4lzLA1FZ9RuzhQI{{gBo}?_2h|ic!U| zgBNHHy|%ypBxht*6#->J|K@`yvDU-2dFg!(hkO1IntjX|S7&tWn4jSI0sRTw3xSM= z_6-x%%d?n_a8GxsV{(MlkFkB(u>-tSGNI`wzxI%8++QFBLrBP;w<|q_%M1&FNpRn= zb>3szEq_SzZ~bBI5e#P&sxP~}9N-P7*RVhDXV23of?=WWBrFdlM)Fk34K!_RID?$c zEx0HgM-K0}5kgdSUw@{O2u+lqbEdey{*LK|x*rs5hj~HE`7jsn_Wg2t9D5|cS1i)P z#2hyzaF&CL8pXC!H{&Q;tUQTu-P&rpJ;hK_KD8?xtUs%S%P&Bnk)ad;-Hc-)tgKL% zox=5z3v*of+}_1#jfhu6UZc3Iwse}h$Y-K`*dCyJ=)d3R@O$)J8k;6aK48awDe5^D zw}@F*9DSa?`&{xyAa9Ffa&Pm;?I1_5(Q3@^?QuL%C2{;n^9o#!wAT^u_mE`N`r1Ry z(O|^uX|bTHW?$qv-w(w4ozo52{J}+GZ_o%jy?hPUFn9nAx(E6ey1K=3;xs!QSRnT) zr$Gk8yau3QPN+rS?u?yMN2HF*ovge&4BGS7^{5^@VWCJd@<$Cl@b2do0-b@vD0tpkvX1kcf}@u z;jQ`l?ZMdlqqpRK-|BOqrX*iH3}WUl3@yAF=^oUy>Rg%JG%ei~_ZaJl9{rGx`zhup z#>GtRLdrZ(1N_lB*F3xKZ;Zki1{e*Ym$v`l1F|>F=UrPQ0gV^D@6S7-5kKwgyzkLB z?Kp;K^L2lZ+O%vZ7ADo8Gl+N&4hDVRK(TGOb5#MQdlXH6;R8}*eRZ7Q-qnYCpI)wH zPD8b?a$^~xRm1OVN2lF@$x|=s?GCQ&OpDwk?nCx)t#3T~w>Ma{toG}S!U@PtI1T)m zmPjryxy)}_ghVZORc$Ul`YxlPn9!z>oSIOeraO-zffyn&q*M!Ia zPd|;F2H-J0R__po2~YoZ)twq-N*FIEM5A78Kz8c^Dl2QoT9OZ=pWq_eKeqj`8<*Wh ziV!C^XSz=@H^D_$UF5_uYpSh&3T)jqeeU%%)P0jmCo~To`J^ePpUv;XeiGB?A|b*N zh!>i@jw{N7QkjN#nmYncAOQ;M3In^I0RK92zIN81*4Fqs;5`&4g&@_&MU>C3`fKSi zohV|F;E!x!_;;tAErF;t@zOPt+~@6}N2eq7dl>-OvQq6=!BeM7xDf;UdH_;MxXb%_JWGkZ)aY7_<64A6_qaS?F0UB#L1eoU2JI|~ zMAsS4y*jg(OU_XF4bgoDbZm%Ixx)e>=zgh^Yy7-?d~%=4kyI5j6r#f{s7E)KN;s4)^vQ|a;cgJL>a=#TCYR+R<7r7&?_oX`}c%G%0Ia|)}PvsAOPKz5o%^{^4I&oNZ?;w_~P0bn(6?OZM8let8P-=!kSMA&=S z`y@QPif(=tnS6cShT!Uvt=6U$1#3^0J_G)qe$Y`&E{Q&Z3MzmFhf;iyF3)mJRISHL71==K3;TL zhao)PbN`q;oj$2nH%5+5=2XolQ|vxlkARs&{n@9eqra#{U2Y6KJ8^r(1xojxrf%Em zP(Fs~A=O`-!nDTWE*HCU@u~QgO2V)1bjORPHi!05QlIbHH>i{wn5Qt521_R+m`y4$ zvF!Twuk>drhki;g+cvc z$e;7$KXfGSGy_3@)U3ou{hx7h45`5FMEWfh*qD55V!vn-XRd!12LZxVwP6PVPHY8T zxuh}2!0T>h+`5nRMlK6~ZeeI-BSKvD>_Uuk5k33!rA%mGnK?8@VLTHuUweV=j>zEh zL6XN6C-X4P?WO+<2BINsq_LRc)iY56~iQ znr6Sfv#}jg{clIG=&Nt`*SZ3Fk^iXZu&8FYAz>-I$ zJZM+7Cr);FVhpf=y{}yPGFSPH4IOV)xD@GEe?uxy!<37KB4x@5|GS~AtpzuB1NubK zy&h7&I2q}T1~h{ZzkThKU??+1fg^|b0k;VwM%beWbP*<*(2TKEu1`H`8+Mu_^YoB3;=Q?R3O_e1c$zlsJIuMiHd@o+ z@G1+%V?-X7-YWF#(6fy}iia6%%M$m>%X_^20%U|IDO=U!5!uH(4J~@c)d5-OH!SH+ z3cCR*Z0ZNC-DHWA*3)njd*=dp;oRU0g|F8KUHqLH*{d6_SYol6Bk>t zsZ-V_%6k+4a?SDY93=PpNuxSBQRfq%r9;UikV-ml zJT?wvP@Qj;4*9mP|Jbg$=RJReU$*aLtJ%ji|f#j9?^_GNw9$rzJt%&deJ=RoTO9(GgVG4||lG*PvT1c;o z*EjtWC$=94FfXredcQ3<`JS?W83++-$7|u6wf6|VMjbs@oT_?gPh}JJvGrF{ zX!_R$aQ(54hU}f^x$&}r%a{;jqWE=^2TGpfCg%TKSm17&jrwr6j#MwbZ$Vhk06QI+ z;rip819T@o6NDeI-srMlESznu1iwgtjE#W0**}z|AK*QD`^1pgS z@Lr|ERV@J*(aHfd<&~W5lzYGF8Z$s`nUw7dM8kP@>N&mC)PR7gVMP= zLTdiH-;RcXw)~b}4;hp-2L`W(JW;>)SGq5LXK-8NeQ)wD$QI#WgerpZ8Q&hqj)}1; z&oOI`cr4NEpFqudF_*)dFSm358Oi{pCk#KM z6flXz;gUOn+SyZSbud#^4o0nL^$PQ!enn^sU`86;S#1!?r$p4b{GJjLu0ur&SxA}P zZ@cJ1qVzH|OOFQ0hW^LnJN#&4nDandKDJ4*4!W(^mrC!&12Bg0-{St`9^FaU%PGb= zh=OOrNAc;#zFqSZx9Z@JALg;0c@bqeVUyD&Uhcwu`{d}yJwPrk6&g0m6u<8aDY>A0 z*8d)U^H7EGb-YAn-B2rJ7LW6Ny2YO4d9Ti0HyQq1gt~{J_&FuLj-Y`&hgN#eX3guQ z=5XZ(Uy$gwK6g^B-r461mH7I&pEI}i7ne7N$mkadb@e=QgR}oCvthqMwxYpmmyMZ| ze-|K#VS>(B;~HAf2WF4(z$4@6$RXGB-eD*nFSPh*k%|fqVOUpPd13(o1l%eR5)z*` zv(Z;Cy*yewek|AM9-hB~tQU_`q*(wr(_#8TS7O*#`Y9^!t_AnFDs?4?yWjT+^vn|q zhp&zg=vM7r>0_%MvQN&YXuQdEC0Px)yQ39>UV_+Q+XiY!i6ry=KqD^Xd*GAYuj|8Vt{DN;dr%ar~)( za6nJyu0AZSw{)H$AzJR+!=vuo&wZ6BIsLK`K*|!- z9Luk2YEmvhX2Gr|cVB5@%057v=VK+`>ivXhuxIO8zmGf^jb3gCi2i&adV81>;<4Xj zwK^!TU$$mjl*Ld}38U=Mt5TSBM66q@Or(_IGE(hvp;n{e?!8}t%iezAo=}yyxzKT2pp=xjPv$w%Bn+?zh?W}yD$Gci_0Ltw282xS#_&qp z{8_vpJ`&2_jrXh3oO%L6!R4j=fDe5`nP)NQw6oy5Dgvjl22cry=p%Eh22)Vi&kFtg zuUGzFcEjZ^EK$Rnv3uE(+d@LG!s4B#s+X?d{n{j zxw1H5A>mZ~v^=dRp@bg3)pMfVY;WTIGl3oq9=Fa5!1tMPriA%Az0nY4)B=CP=IhVD zT6+O`+Yw85P3Z(=knUc013+X@ilA5dq-?s8-W&-{{dRXM6pV|>ky_VX6Vk2sd|0&d z?~I*70JJvrlUpxLbOUnT8C^_#>g3U|0sm2~P`>EW;nk`sp(x_Ab)>(|qKsZ2sL-l* zH8@qE8j2gX`f-4kJcT9U89dI*aFLoVy1!rxbxGDb1;NI{YYD-#B-#H zx;WZIQzE`nLN=%Ok}A#D{3)AX+U@(8i37RdpuO?8eo=?Bte-EpE2q9T(I(V`S_u6q zB)HZns>=(;3MO3aa@2wH8SNrL&YlLDC5@;xoFRHJlTsj_JaL&E*aQx;cnSbH5d49s zq-bj=@2#BQ??HJ}(|)TRy8ZF$?Qlj~0_SyK+J~Sh(iNmJH!}|$+Wa+&jA{n7t)e6F19#|+O54LYr^|)LF4Cs2F5jy^qmmr5{l4vSHr$-O8%=a7 zcxORP&G+T-turoh&(bwvJILRTg$~KS$H>9sDYsajVc@erYZ5?Felc1U`>N6Do`U`9Eg03%rDJpKqdloOnGQ*3^U_HGSH@9Y3ccDu2K5m@ z1z=xuN!uKq`si|pct2?->Ej$2L?-m&Th#w)^&N&bN93gttJuJmOndvH(9STugGSl= z63%{+*E@+{!1aNH9v2aD_dNPKy87R>?k}ke2X;J_3zcWM0}sVQPmolvfHJhO92MvB zSoPced;QK)%TM#j;?mmn%1Y!C)m+`bgTbVk7Yvo$rdzc2^f129 zhBS6Y&kHQ1{LNqUp{BWdLRJ0U#LtkpubSQ+F{0tQuFuC8;S zeEr%u5gbz%WUigbORdG9f6imn&U&ZBTsMCz3$*Zdy5CEaTqTi^40gX?d)ysY-*;Ag z1>%sVG=K;uR4Oc9S=ftr_wl^mp@ZA$(z*hC#``~ps<DT2~uuq@TsT9m4C7aherN{8tXAc;}T1T zfD$dZcrBxg9CW&+bkOsF7V=gaDedtDB}FWZ5SxHNPI1e}MFyg4K#hDP|LFrNSRT88 zdW3Hj1vGTgEuAHv1Zq`}MbP6R=jPyWIWX@%0ErJ%_H(?ly{^X>rNBFA$s)M-K_D>6 z>K6raOS7)WL2c!Id(_D>{!;;#r9Ee`o?ie2j;7b?YvdCP^Bjvbg7fiDc%EMRYOVQ@ zS)T)6ba%BcbKbR3u*qMS>cm8EJiQlFTSJ z`_5$^GAKBKFI4OGA{Zs-I)3UhQSHd#@LI9lU5lx|V&UOeH~%blb> z=DqL3HZOOHpXKxVmI&pYSaTE0UCn?m+wmskwVq;7M#LUKB*4(Dzo!xYR^879{Tgy( zWpR={R3^j($d$^|7q$|CE_Dw&G_`(@04QYP5f|NgA>_BiVx62g%f}CKq&;Xs$4=~; zcK_KM(c&q(|Ax|j-OmuA0@m|{-Q*3`P}__j-r)-+kWEKF1aX<*M`kR7@W$-p(e3vA zB|Z-~vOdN%WR_gQg0t-xZY-U05D}idRef|CkI+OIq`lb7pGO-2GVQJjA!Tw zkG@!;8kZh6(IXySznlRL{4AZZT{{RvpKUIlUh9qJzU_9k(V@=G3=my!seN~9GD3dt zgAk%0=|`UUe?D=>#x|Y24ofxMHJ6H@4t2fozXr}{D9MP{MzH}@tno2UG6BSv zM5js@wC?ggXW0kU97VUHUX1nC!1afk#a?d{9Q6yAi}VJ+qdN9rf&`e(@u2E2?xmRb znY5?dsnA(KcR~ViY#4*5`@8XT#Hhu0-#-w}6L!1fJcX08C$TM@BF_b?^2#xz=ctSM zm)z}Ze1Fz{`*v+5vfRyIM_1Fw%#_5lVK1lpuuUg|?%@Yx&9E2m6}+gkZ+H4CFF|%& zp^$jJp}4umj-U~@x`ee}?Ao-aL`Lxk51*b+^84A<^H8Ca*P`P-&Q9)orS!_>=RqbH z`@6vxdNkXyrZnzhdHyb`grd0sO8canUNpZ__Upo##+zU_f%rT*kQvoh!9L-skF*o~8GNOrREc(%U{DwO66r{b$y~ z47I;gFw?P`>DH!Pec!B+Y^YnlU~e|dJdwl?kt^%-NbPZbG0lz z5G9OY3Z=fhCau@mH1?`u)bF-9!GF<=Yf>0Pc?IG*rve}ty43Z2e9AlL`+ z(!^%t@W~7QiAP#M(bvB9_aQ!LS=3pF3&e)lW9>yfaM3am@l^TH#)CG2F9dxokSL2` zPH!hGE0!Z5ZjvDI*C1zK{izS$kKQ^bhF={hHXbQ{BGj`JNqaX1TR zx(4E&QR~mL1tLB*S4|UNktI=V_|CMBrM{0CdW++evU|-qhmdT6Ww$8T^+A>(WIk-r|`%QOi|TPstrp$ z|K9uQv2*eTwZTS$i>n|Av@aAWNTrG0M>tZPFYY%H-VM$B+#3|>A=A3wF9v&u1OV;K zAja+Jt?lm8-aQBDyrbt&e+cg-bo+@=k+s7ewwO2=xA92mS!T)rYA)5mSRn z6@EFH+^YMy>~(M3Ym}RQ19yaZK9e|rroqE$e&hG0w_LGj>27?D*Rx&!?gbq;gS*Uc zsB!3f>N}xKLJ?UBy=a$L`Sus6&OYhSO9Js(nLImccKmJ7J0BGHw8E7+66@$z{iGnh z)Y+1g1k0Njh{o&8gE@{?8_Ld>yncGm==8pSm_S31ZK(W8&OnU#a~dsg6ZmHmFA)Xu zFB0ijR0= zM{ufs+x(r6X79LpSTT@YG|OkzdQCSit|zYYQGBR<=dYc)KG_thxb`lsK0YYW0w0T; zPvSgl@&@s(EXFKXcn%+@)P`ohMZVH^)8hc2A5F?8B zi^E!0&Qn7pXg5Z`4?s>td!BsV_cBn3A9GF>nMRH7lRvsi_|wmiFo@6G?vkKPqIo{; z$J(m#sI(yB6m05l-wN%r_XOBvJ`!t_#pmkMbM6ZD=@ZoK4ubvgV_Xl7T? zGkFRCXaD8kpak>>{|v{i$7Ve0i>LP4=|%W~nnXAIeA0GASABT^|K|S?XW=`1{GYi7 zpTjWyG)Qy1(}xQ;%7Q_laLZA5g=}k2u$H!0(iRG!M;##);EJWMD&K?%ycC*}X$X7! zQ+|Cm2!Dx?!YhU!`lz70GRJtoX?ncW>F1u`05egOer+^)Z}COq4gWPhu3_a`Azmmk zT%%?@8?=#+`U2CBeHK}(V=w8tNBotBaMM=b^CG*JGw&f_T0O)V4YSt?8G8V%)t?Xa6ROJJ=tE%UAJH-i;q=Q0PiF7z_}0%h$svuQXN84Ck81`e`p<(Zu)exD z^8`k@YW_|@76;<5y6!`0enoT)RKok1^9u52^Deu+?HB4gTMuz%wY5Ka?l<_Iw~$)H zBlEl8t@~@tJ^+WL>6wQ?@(`q^5bxLT76Q7cL6ydZ_R=aC^5F*BQF(O6^Q!ETF9Efx z&>RqZ8F|}{aJ*xERJ*QhGCvNPF}b_oix9*vnHcw%iF^(Xo5QaQN_6UBlJovNca2Wr z4g~&H_u=TgsJxQHt;fiZru92Lran#~zP&u$&bBWT8c3&;k;gg3gB(`oKp4x4@ms&Y z;?7vo&L@R9h%Y`e>L!vJyita{JPrmD!cdAkl82o1F=52b$kXY)5&eq(DQ2jm$%aSd ze8f~0pQb?ow^oeb2f2a6ab;o7^;v81qTjMXpil<~@u8;MeqSDjcH9fztkaVInc94$uSENp^Cvc~I z{5_Lyk~1n4NA=2C{lODtx#3&W0ar(@`4JF@+tlIvUbR}Zs`t8KoY3b^KU@(*Xty8z z*@AY3B}jq!La<{G+nbRRz&P~C4ToLzo-H2-_zh~M#}#5!s?Pr zB`U>stsP|gS5q*3GClvQHT-zGKUUzt&9U3Rj>bdmt2^>Z0hX4cU1^jkC$fSz>=?d; zYeLP8*QVqnCR!gB0#BJT^+m=k?~WN{u!Tx~D@PU7%=^ay2D~7@gb2CTytsqOOG&|S z|3KO3lRqoiEKG>>g*kbb>$PBXMJXNQ)scthn0@#~aN+Ebu~EavRx==dewq*SQRy~RHVLSEs>!jh<8Y&&Hn7@*YfuXh_|XQ371laezUl6kP^IpAi#hfKCo~({lw(*6pC$dTQVuDEvh)BYM8@X`%)?!=JY4HSLwg2Z@glXDj}%5zJIQPa~3cd%ox!9 z(xlV|&1Qu|#0^`q+`1v{pKW=kcNZe3FI582qWpuG4%@%y9=iiU!rWLXZHJ8J$*VIo@#}bAdWN_ z`@TOKo|w!Ar#-jQg8yBlw`0-ZAK^53x2P0}4_BOG+JRd8`Ukx6P z3tmESJEB6d=Oh&O8_*y~4o!PIm&IjT02Kpj9S^(Rx3=fgDb&K-NXsVFI*U{Llp!v; zB8=g`5z@Hs#NYiYsIUhtfL87`St#ucPk4{x5Qq^oF9c=bC*8^J{Si(e-z=6+((hQ; z_}ndFvc5!u4H>7HOJBF$)Uch52ieU6>P}yXAw}o0$ZjGZ@Wt-~^4Zjct!{Jge{^cI> zxprJu=!?Q{bS*v#xCbVDs+$7^+le56aa{Z9RNP9|moH@Y@KBq@%9Jpg~7Lc zclXF6hTW`Bu1*|@FB^`7#N+Y#Smon5+H-K{Vb9f*-^wfG-dJxT31A!9UW@bjVR5|9 zW=4^Rmu+=PSS3&=+is-SthicwK@shI%2b$>lvt^hePXF@aFy9lr3O~jDvDG0*kPJV zdk2Mr9`HbJ;|(ALlAFMjVO;f!^6y}s4uSlBk%vdKv&B&M(otB5Gy4M-4-<8+%jeL4 z;dS#oj=-B)N023H=Kb^M_JiWBblA0m1c=yqbZ;8Fy)6I0;AEjX{R;1&CjQe-%Q+(S zPhw1=S|n~iC&FHv&>Xk8=~oDtT_r;4Sc_f5-&gI;IMIT|eF85U|LKoI3HMsXnTa1xL~Wf{+tB`+uI{H8{Cjw4GJOW7<2mXbO%`BEG})&W zuX%tdHIagc`7%kcY$NJ*1kYLjp~5Iw$RFtd`oxn{X$VW7hmcXb+;^|1z?sDcQ{hg$ zyQmK+EMZ6s?~A;?3cq&}U|68EsCjO&K+YR22Yb8R+)VvKb>_$3*mPQFM%&;CwZiVb$47wRp(sz6G#ysFOI080Q#gc zFLc-ywXrnahfW>|XYovW3-9oEF5t}a5c`q-W-U*q%C$+u#@aHN0#=6)(Bfk1u8MRe zFG*t^)8{q0umSVF^$&E0zn}Z*Xut;Z@#Mq9WjUL$=#lDE@l(2g&C5iBjty;` z7oV*Al1WL}bp&I1B#%pjzGH0Yag0Yi%^ANZ_F^Sgxm%kE*SYe_sY_O`DYzMeV~5&+ z#j8VS1>s&I7KTMhlv)C_4#GqL0mH!Tc@K>)bI%$@y9y_}VR~PH;>qJZpXqC)gvL6* zk9_zhvVsA%EQ8!{-+n>TD+95Cb+~qHg<(U(){m2(9gH(7B1g0e;IM3E z9zPkQmmJS7-lJZewk|~0yBdOVqba5hK@Vx2|9UlU^HT85p-1_*-~9@Xx|BJW%@9LN z)$bRhMrrqH0ElKE0ftDJy#ntCJ_>)IV3logz@%lo2l(=!V*2}j4ddphb;jj2v**XB z8y4>c{a+$V>1HAf*chSHg%g`pPnT%_Y1F4A4?cn7n=X({C~GNml{fP5@dpCTX*Ym; z9qGaIY;%j(r_J#afuT3HDiWx-@Efmf5l5oe{z&g<1qKS=@PR1c{s*?Gl%SH^t~(@R zy@z#yD|KgZCZW%}A4Ww*ij;XQZfbVcjnbUJ23sy_GR&{rgzZ z06c7G%pbvJypIm~vtG1~#ijX0(b?xj;2HVWCz(w!ROVEyc7H?r>M~b;|B%H8{q)q< z5}N6m<@zt|x1v|Gpa06F;raVgf0a?KKmJt(Up3bz^@pYRLM$<2XyIR+6a1bxKN`gs zw0%=v86~@UA?!#_L;ehw$DWjvNlNW$%Fz_VJ5Boa+@F$0K(hCZ2b4Y5b`N z#V^wvS;@?c1_~ecDOQw}d(Dl=&t0H1={OQ48d&dV4Ki`ieU0PyZY)gZ9wpfB9BzJ& znW9iNWX^Fj*=i4OzJ&gC>~=LCeAPX+eaTd{!JB6vA}Yj&!Y;$HtB2GF&%|6n&edTf zwi1S7{spA|w$o0Nbg4chTRPm6hB@!KtQZ802`p0gb`y9aCUplISTBJI$xh0Zgxk@@ zmXq96lbe5Ofa+ibLABTizz@J-K-<4Mz6z*f;xngv9}T}Y!>=?J=ZqO?sok${=j_Sm z-U0<$?e{oZGod>D?PyfvTDI?01RP<2BgB4j_2S?>qG~h_@!YYj_DP;+ipg856@-vo ziN>p(-YJ?NEVy=UOhs-K;r;lykvUU(~|U?1v~)>e3*+CN<={(hO$K+$) z5ii>(#G5DhY2Eub(0h-w6#9~q^EZCTQ3*QwvwHjy6mQ7d_i&;}S#**ks&&zFyfK=! zASFIs9(Bsbj`x=JvAc0Dksb9RlxU)awzCdZC491H?@g(F5xy?R#u%MN4L@LM!6tA| zkhEBI3IR4W+j+L`Thm_det#mzo08BMyNBvhH6P@AlMPSUEH~lVO#+JK9@F)v?BO_^ zn!7BA(=9&a+1vnOAK8))1m+Y6f>Hj+Pn#gH^$Edk&J8SaH2wud-??T4fPN5fI_cnl zu4fX$)F%pJG(t(vj&oRN9DFEmG`yc6-@)Urr^>F4{(=EUrO^jf+~WX`UgTU+hkF9` z>Kj5uDmgPLT+alnH~|C<@XUSgt=9i3C>N|*d`}N_fsw16kT$5plhv8({4NtTbkxtC zh$LS(*3ZKsyGy)OYc`)&hJ4&=rf(nLEAPSEFfJ<*k@j7F3A zJ=`q;aa_-oL00dNd*6-&>#B}@Y1Z%y_n-_$$7)`jmEdyvkxpRTGTq5nZ<(C%c5`jy z`Y_$`bT=B~OUgeTyD`Md!MbjLWK>)%&0y_&tz}z@n?pz4J3Z(OIAS z@56ZQ7wuagI&~m5;}Lw&XWv)q?lvb|rNT^NI3o@f{y1!li1{k$Umku{0b$!2S8E!b zgvn@`kQqU*ALYo9 zW_TOZAaTBxtuz?m4FkNF>Csg(;w|#`yD|M#39W&yF!D=$p_dWcQc2tA_4EJ)Xr9@x zHc$M*yM*z~C!?&mEhY2iW5tgl%Z>VM{C8p~b?TS4YZOE&C-zZtWVMueg_G zdj{R7%kLdu2kSk<{uZCT?osSDzx}F>1<>)GLRSDtEIc?*taiJBGJirneR#cZkRx_& zu^q-CL>u6$H()Q;-0yhxMsMRE*DaWFFu_PT7(uGx-2npOA4_MpwI~t<;a36yflC2d zMfUYh6a*DyM|k=P{+=^^rrQk{imI&4jQG^tqWCZ&hv#zQTtfZ`Z(~{eS7S7Z&Hm10 zU{G>II$Ui2*<+o4Xkj^#@F<+`w8aV82&cBYlTcH6{KB=wGM}D#@JRNFPiS22eHxA^ z=4p^u0hT)7eY&~Kza7wXSMJ_KCD{Xtr3k+S^LUkQI~Ztk`rvXM2Uv$=brzCEA8oH@ zWOz;@Gb4X9?Kx{16)oHwdCM~h2*10vUy-SpWcjDmAC08c96P+;#kNio`BGhE2;blA z9`TC#!7;kxT~`*xSQ%(`#95fnm~5S&E`ftalgo7+#WNg}=J#uIVC}#pQMaDa{em}X z?(xB9{!|Zc!FT(7YK%swXZ#l50Tvx85uZ|M`68Z>$cT$q82J!3@D_#! zP=8&e>2^~~y5&4lp3yETgg=HnCe~_tmgd!zCFmD?a`~|g8SQ!ywFr7_UwqGdxg+#r7d$ZQ$uiHUbju^5QmvH3)+Jq@JYZ#4@0t)9{xR>g$}h z9G}C;7%Y~)eYhi35%Z@I-Kr5fBbq)AC`K z8exz8+k;(hIR6yocUD0deHLb{t8Eh%-ZmQk>7#^hqifRfB}depLdY~;bD)^X+A&Y7 z6sA=jdn>Z%?58=t_rkL&=|TRxOxMq1orb-DIpp3Oo=aFuzPFi3M~HFWYa5mtCXU88 zdY?X4<}h4TT?BBO{sv^NQYWG~RuU8e2D>To?PC?d6>N(AUiTz~u%A7cJ&^72S$`Fp zpbJQXVIWT`&*y95u`Q8t*$A)OOX04-c~JJ4W7myQ24VX1F{VGEdmLJDrSA2L4o>Qi zFXM$-rS6MG1iUevc7u6nbzwyeFX2%-dp`WPB9Zs z8EZ|B4-=8?UbOG`g5E{eM;=fX# ze`5kcE45H>jIv5EDyahWAn+9e@g{Z+6N=~$b^5J-*WlK5&4)VN~fkn#1nfF}Uc{nk0M zmiMqz^v~3{7ADulS&L%nwesQ+z!O2202hNZ8qE^20|(bYW1nBzGl9Ot0gL{@7ybvG z`_VlZ-NwqSeXdS>uYNAM-8mfDQd;ZlxCdaM%ce+0fm_Jj8?jK9nkh2J@s8{YX-5dygeY zw3qhSP3K{I8TfcL==>=H5_paBM-)liQS1&*J$ScZf)Vf)y}njq-EY=gFxLc4;^-NE zyb#)75ucRMLF14_NWVapF>TOY7sBj*I6+2Flo>9F->E8EYCisLHztBm z7dTs-JT2KwdjIme76HR`-Z$lB^i#Plx_5vvcj_X#Me#zkoaQB}ivY}9`ii5LGVA`iDhAsBtI)9}1)%*7KWZB?sjHwX5PC0jX`fK(|_JtgYN-nn! zfco6vD(GF6iN4IQpxw8&`V~qF_h)<+d2gDRHNWYp8snKJl6KrEyV{oo3?11Y3R?5t zr6S~i7Guj1V^TI8Gta?PJl~9R9I)flSl}=BX}aod z%Y80)a;-tfQwp{Bl?X4Qg9B;aPoE(;tob$%Mx4=kxv#U#NWBpf3Ae|0G^auaJsarF zPhlbx6(d^0rZFXn&9;32GO@9Ja&luZVwTUm>C9?<_yn<@)9Y|n&o(k`FksjhETl8! zFigi^oE|?R`T?kv8JvUjl0w2UY+{A0Zgbac_dvrqLP%_EzKY;X4m_kuwv-063yT8O zmdsRDkLX4;DDEp>p|j>j+Zf*;Bnt-irNo+dO^*q16~Vu<7XuM&aZ&dK$=flzZ5u*bG<%~ZF==_Bl^2Dm`?&+b0V4Y8oe z(=9SwU??klfx)CcuczVheGR$ZIN~Jlt(WYNbto$MDPCC~>B$kJhDhsg33ohD3yof- zyCZr@00Vh7@SNVKJkZ$7$Go$1F_#@0S+f5uO$;82VB^g3xt?z)qduK zPxY*5Jy6Ybvp%EdoalZKFqO!~o19Tx`fk(1Kt%&K`ndB(prjhM%)9TtwtE_8*u%)( zyGqOWwNDtE`?Zk|fOBJVm7dg2$`oFQ>x;_%PYQ*TSEzFC+hQ=PDH( zTeCO{;vH%ixWyIRb)jJ~$BB=w%fa)U4$dMir1X|Fr2KbJbj6vL*-@pm7~E?wy#+Kp z2^M}m8X(LR0cDD~gMd>-`P zS@Z4$r-a-XD*i@5zYG2p2+Uz4Y(9(?SDm<iIg<5YH{{mSxw+P4!&8 zSb|~y!KU}=yAiqz)Q^1x0Y!R$g#1_X%u!D6;nz%_qU$&risH9kPIj8Iz!u&iSsU>U z%*vg@n7bo8g&)e0mxO}E+x|wdv*2v|NOaB+oEz2ny81mvS5FP4HlEoYw=0V{V7Z)0 z(DFpCy8vT+c86}`p66KKis^|Y+=*3Ix=N`h@ztd36dd&V@!iZ-$0UWLV0K*VRmqz; z4OMh*Hjnk$m)=Hvpcrs>)hR$I_v7vRx>LbeG;>gYw$-Oo=1f&Ref;j*<&6Nh@bX+{ zk%?wA{r=DpttkjP<3x*!;ku90MWC7Zm-xAT<@u#JJR5iT2~7UDOE3M%2$n_WPK{kd zdMP|iQ`M%yXiBeE@sLBSW5ZAGmX1Xd?=OXf8Y|#G{y9OkKA}`qO5E2`@!e@h~2M3guckjPyVN z2#wSJxzF@gHTFA#jBDEZyDo~4Ch;o2;C@^Gc;4N+-k@g9hOJ&M)Q4#FM=%6EsM;&& zX>T4qsB3UXzrkIaPq(9B9WuB|(zgbnlZae%&1{!zAe$xDEg32V_FmD9TRCT#N?Hs{ zOwITCyoju1+1>or{HQqj`=SciW_f9I@}cFJdxbS%n@2|;V18fww}eRD?DKBwfZtAM z;J)4|lUX)$=Z&<{1|N?-jfhD;Ddfx4$B&vG=>>4o%#=WrAZ0?GWYePhxH zc$|~q^d67I+_tlFUnP8;EoR(zju8b|nz_sq`N(@Os`%C(Q08;rU34I` z_2$47fx@YwyYEZxv!xsBIq})bMq3H4A%SKOZD_Tp6iOng}{Ca$DV!2E&9Z> zfHd}+0Lz8p+plIeXRvOn&uh}BP#JDBwdv@_qZjIpqX3jD_DG+j7{G4n&Eeo6Il4X%b$g-TGxVM^giHP zKOZDp<~~2`Y^}dpIeCTitRH>``L&1UV;`gAXhoFwP^gQ?`v&~%l2pwOe`+TYQ<{8$ z(7d80?_DJxQ9b%3;4r6t;Nj2)0YILxK(7hz4h%XYusN^yB2W?^6o@tzI{T}8V zEIHVgr{BO~q1-KzZgQMB#PgwTs9x)M_j#oY4v1z}IB*ibvA z3&-lW-y`PI^x!@T7`CrQ2kx$>peY(XIk%2lYi`f*IrH zkTHZVh2~8CtmMD|((P*S$(1lZh}WhX8y50X~d&}pN#|y3Uti> z;u9>1&)I?a!-_T2%6UKbf+a_u2KYO;4Y`9`$FIKJEoLFCF-vkva;LnZ)(*0@I>;6JcP&Q^zRpqdcyeTPq(eC8S(fU zem5et^B4*)=ELJ@CnTQkCI$R+FELDI@Juog`@Z?sQh6z1F@Pma`LlnTB}D+7@ouun zdGCNCAJgl6hJu=uZUqmY6Uf)tVeJ@nW2@N1}U?-UpOCObg> z=mSwED(5uhi?gSj^N^oFS|O&VZvfika3G!1?Q3zdAD1N*^hj>;0WaK(W<$sNC$-cCbsqLN@(&KJtGe-?f}to(MR-9VR;{ThC^v~a zC}-k#>0m40{bd)MxO;qTXe^GjseHLT1&v&pf$wJ-&yIgD&~xNhO%M7#l4qxjjTKEe zHfD6a%D>|$rzsDPD|n#DGchv4EBhC!UAW%AK~qicSbk|D+P0M^UG2+J!L;K z!R|{=PnXA)7LT%#dEM@wB2$y~M0+dqLi*~p=|dV|C?ll9*pia-!V}CiufJeeK45xw zVKXctb-9E_ASCC@KI*S~?(g>1NF6tXIPx^Wt`5imNV_qX4AYEBB?phzhguPMzA_|Z zIrsej&Eb!(ve&79ALh*~R%NsafjFwhh;od;#w%Yln-JUx#Cwv&6c>W+AGbY4WS^~t zU-F{A%U%(Ls?Q%%cvQOLAH^!#j5K+;)He{^``*@Ha%FhCdBXS+!E?kNj^c;c?{b7o z(Qr?%PUW<-CWZB*W zy6M2_-cwUQ+s(b~l-8`SU^{MIGhLw!-=Hn6^ab`y9W{!aE*bgc7t8^&{#*3F_##Vb zhySF3X-y!HU7_g4qnuO(cQo+;gSDq^q@p`euJcx>#-m?+uDhpA*uLcYw6ZjR?c>nX z+zySEQ59w7jhYG)W;%E!e8CH1F#bT-wASkCwdBWHT9Lz%jhV52Roa#Mr7r6)$(=r# z6=(Z^d#f5;v~S7R0r${D1MYWR^J!JT*#TJ*H zzGvZK>7d-CFp-0JEnO6AvgZ*x8feF!%;QKpIHvH-V*biZck(bIPO;b=9J#l4x>s+$ zY+fIMeigynqYj_Tg$Z9V>vDm^KSz&6Uqxy!$IT``+2@s@Aa%S-CJ&vVYwOIq9GJWa z8$uYZ4#qg!kHTk{DNY6H?@z7nC7@NnuiIE*w^h9AB>O}e9U(6##K)+`RLnnF_CD#< z4?yeB<3=$jifmk`<-Prb<7n<2oKL5yy%NOAVbCnx{rE-~Q7p?1^$^K?GrKbyvXRx> zpB_pVT3TNI<(h6tDPqVVv$*hbFLdt#-7^LuqTr=a4jhO%5yZc_{XGx2QDkSF1^Ku< z&7GORc0&uD$^vs=sWs%Ry4&UJ6D`7@dPntt7F*$x#N?6whL96Q0#b!KP>(@RAyXLLw%cK<^X5EfNBs;nTF=^Mol7gjTlDQF_2#;VHU91nIAT^k*nGNx)a&(h&Y)WwS3zV|?Es zv*DS8uh>T#BUR>%!HjD8BbWAlC6zCF;QC+O7&@MY6*djY2Yd2{9KsX&X?)M8UZ6hv z`x|4O?F)rA{kTUa{ zA6QJvH(%ZlDUdj_K0o)>vMxWNd<4k+ioPpdD#coM_g&HTTU`9{Io}gle&Tu4eM{&D ztm==BtKgC)7jk9%PdF0w=l6(M6t_w_K1qW0g4Wf5dnT6DNuR1`!Oc)v=>Y` zkh)Xha@EkWtr@4sM1U8J6-Wr*<^~vIRZ>49SiR-7!Njm1ZxzSeu>JIOLcXw$9Q`8M ze6YQ75YJG%_}m_(w|k~w1x3{87Wx*VKv@~#NvW>5M3bK)@?1+J>_(9}ulGSxuaFFI zG1duU91h+@_GY&oawepc+m{EMeQTQ3&_%*E=m(UKhbQeEl|9J`q{ zz5Iv|APZ@4{1S`~`5*8_Ion&fwhHII#Cyty1EMl8Hck=96<1v}Tq}AZUqEqFGd{#4 z>2<1FqPSuSu+a7e?B39(n8Gly+(Q`c;aNQ`qgy|H7{ei_!u>QLvPV(Y!c*V-Y{lfm z1>3aWwJgH!HgsnLcgAquL2dCjiEcSb9Be^pPPl#_#X|YXMV;LVo=!YPKp#i29$tVy zbmm@o0C^R{(@XiI@Aq}=$jsPRpN*qTECX8fsu#;Pw)okooTtgXY*WG~dvv}R!vO+V zTEfyjYuh@Y!f-_iHzdj&@f z+V|&=%WvD!<63J&e1HeWBq5|JjfOxF&vN_ZE|4MJ%y?2f)On%E3Vy4N;q4y{1APE9#{y=E{m*{3ha@zG zdL%m^_P8FLoi4p)UTlN!cVm&=NVw`_rF(~gmuT%i(4O{nAKUBsbrQCLOKMo?&qYHANdPBgrbu}7md;A?J#II{Nv%QGw=#{&M}M6 zr!a=)jQyv*yG_qvXyDbyOQ$Zc*(M@*?qItPd8bX*U4C7_zL z9+J2gvEGE2*}QW|XYC8)=`_IT+lu051J%b*(GfCHi-Utz0OJA@{5uEocshYTBf?Z4 zsLtdL6mG^t*g8;oa4e(YZjFvnYnR$IbILt>A^q8&nRjc@*YH-3r|DRIMBoR`&b@5D z53zk*eow-_>Dm2e7!<9d4V5~)%41Z3hmn8=?nkWRf!lh<*b`D~_}iui5E~1tB#oLG z0N;)h)IQ5)r(<^hM8V^xg@WbIXXO?g>LvS*`_Jq9%YxSGXVl`UP+18S3%7&k1&~V? zLYS^#&0IPRJaU=hX{}u|mi)))(&0sx7BIVEygc|}m!K~;)oZj}yBepe!qe~l9E}^v zu}mR)E#xySUlPEtqgU2`iC~&(=u!%aWk`utPKle@sAOfacfEmQVBF-b`n+ImtkeTO zSJ3n3)kkNQx8_-s4AAvn50c@2&7r}=UxU**NkosTt%@U18SL+1$}}T|LEiDNHz{pC zK)Be|qKJqtf-5poc z@M$)+nJ>NPt60%Yek(K8e#0+o$#9_Q3G(Jxr);yk-TC&L{JHue6v->rxjpKIfawF! zldCY5E6Xd0R-;!OjO8*97v}uoc@I3824_XKx}G+HaM6;-Hes0n=fg4ZO@$s%>nHkr zstO&GD9ZTydWyZ!fs5<@L%g`S;u0+xY)Eb0RAVwCJwNmaOdwFP=2Ik|y7wK#Bkt<- zulPs_^Tp^~H99xieSF~!kWqHLgGQWU5R`Dldp)7u>#2*M-~Pd(#8S-;eRI*)oSy>A z=dca!y7tC%Z%~1&SZG%JhCI>_%2WW?UW0K3crp_Mc$we>0Z2m~d;RG`g&)C(g{?w{ zZM#!!z;KHE4xNuU2VTH#8JDIns+yZ-E%l*chf&&dZx`nx>^0EC5`LjhCcOlca%gj= zFRlB!BxdVKvy|8SZ*gZQi4QMS^svB4mgTV&k1CSq;TB+fz>(K?_0<@Lgs4r-t~boE zi;gB_yz<#~$1W|sWPG;pQM?;kngA$!2$CfUFPc(gq#3Ft3MR@xc>XyQE0;}fA`GfD ziHTI#b1YIZNbe&&Q{Fm*?Kx3D%JjdHJsyQX>mS$cd1DH$G%}!4G-t*p2sSPuA`(D< znDR9^l}XV5ZRkTs{>kDxvlHZORJnIuNIDlTi74<6$CGauVxFbfXHymi|rU! zD`M-E+T#>tu#uS3?r%-yiFIW{ij>5(J8CzZl>x3=U9PC3U!`m_nKXQFkyY4)`zm(` z2I5%rkCs`A+`Ll3cFQ>JVxQ?IBFPNFmE$58<_>(F@`$!uu>(8u*KxYaJwLbB`CB!< zdyIP{0vr(kK#Eb@Q*HM(8slu2P6?O$@o={kdxe#@<;+%vLN}4$Lvo>d4%_Q1=ta|- zep0iKTsIVi<_KQdZR?|>`0~^d!Ahi@=r{igr}}+w=Nt8X>3f=z!;YDE;)_$zP`~9= zdpxKfIV>WTRV#y5Zal}i-LKQa5f532c^{HIX~~bs>$82mCnHYYcvp|^xjG&8`IaJ(>phPGByve=LKH1;(`|qtNr}>#)PKz)5NRH-lrKLVvlm~ zMd0Ut57*y9*g4G^sf%OY#|YWNl8~eetPjsl?mNCDf>!0`{Q7#oG^^L_n9IR8Ejgm5> zfIbHg_*;GjvCtkNE#IG)&N_*j!~UA3cstHw7!1Mz@+3Jb8}b%)ijLLcB;v`^p_Fs^gQNRTse&>rVqFg`bh&Z)%QVGm3|!&!R+-f8J{!4 zyxHid)=UCPEAayXlL}7c(bhX@yPvr3(5jF8E4kmA`^;q-4zm4X)ev?`07bB!67x_} ze@g$JNuk8TCHmxD-?(zf&;Fh4Z_CEDhYpuKXotpsT(#_JyqmlG3)5%bT$OnWU6BVZ z{c{Z9EVRVVn_6UY{=~T+e;|5eh9_G=EO$OncG29SS^st@crttL5@<^keX2%m36VUx zJhymvhDMedv<5ti`9wB~efcjpd1G4;Vc>f(nilscULo;&Q^ZGq?F(S1?7jmie#I@PHU%;jk`enm zw19wr9){-E1kjdn2low;e13D>-@Yf3K@RU_m-xy_P#w`YabGrZzq&VgADBP(EZDu@ zXDZ5|`<*Qi=W5p5zo4Y0M|nTezZ&JP<4P&fnfrRTrG3^XhBwssb7#Be&=r$w-UQ!g zuY!3?59M~lQX$ay7!5wHL%$N37xvq`W3crMx1L+O0oK@0NP-^G+)ao|vS!*ZO8cYp zbAL?DC;{%=Dc07lGT6&*+LoVXKR-H98RU7$=V-1zWp~c~{AP%`M3-2ED-oI^6Gok^%x@n)|MdA(E%6`}fjR%#J>)|KE!B6(fy!m)`z8AkY%K{Q|ZsdZQ zJF$4AD0s3-;f>BQdiV=VJbNq-9~V)kO^lcJLz^hisZPF6N!GJMivuP(p?s27 z@GOx!tQM35NeA!KWAYX}6P^c=n@0&kx)V6To!SBdh)4b=yAWM~`!c$Jh2f#jdQ{AS z_H{!0_VYP1ElJ^x9Gc;njA|TDCINB%vAIYVOQEzIzwi7~A^S}|W3KHJ%E0dQEa-v$ zeR08PiW9#|HtY7a)0gH=^VpwgZ6}2}QaT_#cs0N)_&-OV7;g;XNLHQ*Y~Vf?=PvW) z=yAxO<9(rZ_O`#j7ZL)hUFWqFUgP`LIfp(m8Z?g`A1 zF5vMB&n0#vD?$X1{U$xXCk4Jcp!8;{Jn_ebiJYEOUlr9~nBz5=-WQZ!9j$^qef@c; zAZcOayhS6Oxm>B!w%Jfvc?EBBT+8ptXz(kQ9XOa#JTdHs`XXmRAn}K1h z2sKe&o!SkFy5eIo?DVD1&m+Qr_~BKbJtxL3`}st7mcnAguD(O5sy^jNLxfFU9_QFU z_C%guZZG)h9U|B_ZqB}HH7VR-Pr_~EVZw&nCjS)+mTcqAEczOk1MXun+v2a!Z(j?t zu`IvyufcKm$4JW3mdm~*jLMOm+Knq8N9pSCgZ#B!Z{~R)BCrW>vp+x-ZhR!ZJgUv@ z489!WrOCDBZqKuDf-3_$=jZ{gvW79Ku>xz93i;UOPL`do9{mUTvwm|7DgcfWZ}#!1 zsm}YdC|)JO1#fwVw;7&-%&BE;nA)g48o>HHyC8;5{>Y#Bfe7en!c2J~XFRk9r3))E zvPJ7RrGNF;n+Po8I=tiw@37HX%H5p#^+Nwh1H>4n`}%ggrQMr<nBmAU&?Pyf}r$DuVO35kil^ z=T~hIdJc-tIxqc8VdTipm$COl3b(l6xhTG|efu0f%TL++oq#jG>oAjbuHO&!iwNo< zuKOIsMMZc9%@I~`o(_fSS^Zkq*B-FKz)6eN`N{xhYw8x?^%@FhK~~Ebv|L1tuJvn| zG~>HV5T-vl9L%umX1mjUnC;mc;w}^Z5g*5Yh-8 z)#dVgs@BP4u2r!|)hDtRwes8(-!Q5Qh}eMY1ZliO;p=>uLNjprG{t86&j(3cVq(8| zNBOm4rN&YuL;UbJ|4G_DAMW3E`@xv$%5rPTcf|(X^Xrsdi^Dpq&G@8s{>PYqzJU9y z?_`+6oX?@Q>PO<`O1=jMN#Qik;Wtya5eQ6TKqZwa-^58nlmQ`o1-D6m9}%%N75myK zU(snOEWdkk{)}_?eLzuj*|$@(l&Dcp-4g0~LH(=8JB&hhSsSF*o#5(pFQx7E7nxYX zC;!7UmKT)IZWo>EDOP-2_d00`sWRrf2zapPL|^hTLaYe>O;Lmow4%AuGkb93O@KaG)Bw)lnvQ)RV$~*{LwigYzpx zW|3y5yht0XTL}z)U7HpIJca|+Om-ddcUTUJ#!9~1$zS5*Q1_B;#}%lysS`n!zZ5s= zV(ypF>G9W2b-CP3l)LOREM$yJso&mD!Bo8aM0lQNzOUh?jg6`Cn8Jlm#JY7~4hRWj zESJB_*9f5iQWAmagx-ikBC3R9*u&1=pKd=ywE94;&l_y%_}?12#uwG{I7=)rYG;o> zm?ci=PG6LBYX5=wlBjHD0*PWlGkMtF-dS-Ji7LHd{T1v6oLct+T`GT;N7VzHjSo(J zh==YO{`YK8PwxR+tj*I4m4sp0pwoTX2JH_@*VBh*w!!0%3spx-Rv@K3}~<`#Zk(fBJrC0Y!QE-4Fj(QRs|t!1{sUxGB%af`gA4qy4l9 zCdzj$A+F6%iI@Fw-&gs2&b?0d3%<_5>3Gv748Z0Z3mhI0xyjv6gsAU3hM77X%J&qn z$)?QTh6mdPD-<4n>@>1HX60OWAAGP!@n~aq7TkrKXk;w51XxY@VdClrlexS`wM}(B z+^3Rps=cgWk}eC_Wfz{v2Rbn7hmffTsmk(gxo-thkS~V*+dY?@F(asjEZNfqyaS9y zQb@d?0F2fjLOnKc$u%-9*EY;Og*Y{bRQ{{CzuJ zc{DRV_F%=w^&rT>WvD*KJ0-w38wM6J9klyw)+WwkTO0B)TAu5<5yEO8RKm6j#QufEJ&yA`J+VE0?<*2g zrf2jEp_wSfRV9Okj5~c+gNwea!;1n|5INbv@-^Box@+#kxn4MnWfG?x9jz}zW?ke` z@mPK2Re2vFH~y{K!dd7_8BzPqQH0WX>;o_ z!3hs;icm9MRaXc86FX zY9Yvn+mgMk!}4}E`Nv3;^2?S9iH+B$1dV=r-ZL52c=>cGLK#k41b}`o|2C};`#qz# zhB~1CESI*`Yn0)Ohv1EHK$Bec3&J-@8`)En$L_#x&u@KhZ$_ji;3NIi$FBpc(9Pr9 z;#e)&9ry2)(byIn)%f>=Kht{ysZ}dNM$(-Qg%|bUdwluIgP%E>p*s#QIUIMCwA}30 zIdZ>bOI=(N$2?kV8h=M&F}VG36d;sxtI`Trqaq^>wPQ`U>`dH32&a5_)BsfHqEH&<8coUXOnxatlS*YW3Q3M@s43G1TwEHhY2T< z93KdoDXT!}O_Ck8f4=>rmiw77v8J;2y<(vT2=Fuh6)5(>Z@;F=&3rst0Glu!v)7&5 zed~rW4X~NyMHW0=?xEj!Mq7K2)Lqul?fPPm&uM0(GH%=R)H%MAns899eM*ALZKW%bv3pL*qGs`qW^cleRa$Kw^174LQ^Uxkg%ua|wbpq>h+@IjoWL^$={ zMU@W6{X(wo7a@&gqCz_|YwhJ=rX?(8^>*j}U`3nm`Bb5d&Yi2ELp(H>%<{$x?gF@D~XYzy9e zOjht^fZ$6Qi&!njabJ!c2Hdq$heQ{=uFEVNcFR28;;o96$REyV`qEr8T#_4#Kj-~A zn$2tueSKdCV1+2o!DZh5lw$L5`9x7$L8Y`tm4kuzmJV#Cqn#cYk(-=q2Bd<8_aJZ%w;G2Iy;IDvJ?ktIeCJ z8fG{mKBIpD`QqCuYWk@m+`q5gy8M6%kx|^Y@pX^4TIH+lC!J}Rpnsr8p4iHhb@|?A!RQGv^298L z*+q6^>w&)>L_N*In+Z_to^?)M2(rn>!JrNJ43SiN9Iljp8WZ&_^3An5U*E5{|HC`A zLX{rRVz>6dKz@4!l|7_L$M}=vHYa;yhA74g;r#C4U2a^rR&T;9-uqkYP$}-KsBvI8 zr5LU3m)(a{82P}BVTro;4Y==YU# zW1kiqa$NxM4r_{MttPh{Q9rvtkZ;DNx%NhpHD@vmFGcWLRg{*%e zH*+VJCu1oBWw`LpP3#Fng zIjxC>SZ|dU;jCv2YM3LY8DUc|r4~l6>7V2wV4svXoLn7>ONI~|4&4A5d1}wWr4iDz z%U!0whi9)@s;p6H1ro-uBr=IE6xa$UDve5V)U@@uK9@MCKpXZPK*!1{4 zA3~g?>NLGB7WX@b1>``UE1n59p>GLeJe>>0ol1&G4SPW@rOD;>mb&B`6%})Qxj(A4 zq0koUu8NMqckEq5_}Vtjep0d*-7@8kzA*o>Z7%nQ^%FxoYFFTL0(&S<@uoR;31F*o?hghdt(73HTelXhhq^9uudmt zm^kQA_6dUhc@TI5b#Y-!VxQ_UN(7)xgY13Sb1gCw%e-D$`No!U!@s{y0DTC2Hi%Pc z-VE(?Akk(yd#P#`{-wLI;={VKZ2dgl_VD@Q$5Z}-JpMJajy8 z)RQkfcV#O_@L(eEzu<0~vSO{=ki#L~mwWw#bvOxY(>AGt!y&1jr$~b9GJdLW z66>S<@-)9V)2~pfsqE18NqzJzm=yU1g&ggK-fj3*7*_Ken6v%rWAa|pUER|ij*dSiJDrVGJ=B!*l6lN!j|sgq z&*!62XS4T?*;Kve+bIh(O5Un!Lt%y)coSqZhE$pptuLVv~C~6CaFqU&bzSBND5_ZoZBhJjk8;vA8tKfwc~;p(+C~ zdbbyqrFd#}+l=V;wSIZZYHbniR4@7E%{7IJKm&O-5u~^23$xZKd#h}}M?~&5<||1~ zoIT<-pqkKOLphw<9~5bOkP`L`N!t-Jv{XxI-)HfF5sAV~`~Ik2UL0}iuG4&);A5wPdQwshqJX}?iUbJ z3AH%#j$gdB=E#5UUaDAV(L?*jci9lNoOsPyhEwJE2ey1_NedfSMgNIu(_RFME5=3g z1bY%S?K!@3*z5g*v|)HJfixr#5n{fXzIxYfS&s}nnfTzl(HD_^ZvLxO!|aP@(+XrP zI;pum^1|ogkCq*wO}h|9zWYo~Y57hF6Hu9UukVnLlZW#W_rx!?q1pBpq&}C|cS@;R zDD1TWlC4B8vAgC{9%k*0`679yQhDz7>WPoS+Icd88B6xGe+6pgeP=tSzHS@kpB>tg`MFm{I*8e%q zMXz2Tg{wQ%qx;#SE*avgsC^I8H@(6GO(x6lCre8KJmcG~Yw3mwEQ36Dx5>GGzlz9= zyiAT{%c~Tvzma#Di0}^nEPsBa{5}?z^HyN5KSL!ez2-L-f0@MH-CSSNJF24m-l2pA zu|oWuB~O$h7B}mU`3sfk}F-+S{R0AV7wmDQ%bdUiRJu z;WWO%cOhTypTP`Dai_YF517Y<jSYU}Qv6tyFBlPiX%%rjjSXDi4K}=Os1UE`RwL#{SyQ|B{gur{QbFkqaM_d^> z5_6t#Cp#=Th|Dj>b;?ZmE|{b*UTA?WGqFw1)UCT)9m;9K_BeR)(?Y-oF|Q_fP95Q& z0Zgj->bSysfL`@ExnE)8MlkN94va`k3xksx`>X+WN-_@!J{#GAb#u|bDFN^+_SkKV zw&5$0+~zc@!*f-7`;8s1Umt4s8tX#+o1<>t<5XuWz3y~bDt$fn9UTP-Kzw|sRIf0e zPlW``OnU0Lj9WL*y|_m;~;b1jAaD`lgJo@SwjwV~XLUaVT5R zzEM@#lKCThS~{7TJ$MDMPdBiopm&^}itn*5%m_%@-2CA(sY-w72en$Jgn!!GS31?t zEK-6G1KBb5!(X^SrMd0-K zE0Dy#R*<6aevXN)4|x-sDhNEtoOE z2=Tgj%C)TRW|5rgeI`aZj}`lMcLVn>ikJGbefP!3I?uk*Rj3rH`xSes1%f@^&*j-e z>!y^j$E50$0$j$E_xo_~6l&ASIZG8G-PIQlAI^IhxZ8guUDuYPN)-Jik?12RNkAkh z${SfF=kWEj=~=69(54ZKqUwYlxR48hb77nl&}=?z2_QN4P|CNe$#6iFEvB6$7hqDu zk1`Ri%`)>7ZX$;-4n48>5p~XO!mhVJ_<>u$r`Q?dTeR=7HwxZtQP{}E2Lfhn1tA=A z46Q%-=>q*lyUqQEpt@wfAHqIo^i^iCJ$4HzJ{D@bf%A_4FHkkVz6|FsWYT8=C5gO1 zv?)I8nbBXwx{VSf*VGrpLg_(}`zUV+xewEsh3XaaM6(RtIEcLl3xCW6xNSt^%!)Ou zbyBAuy76#xF3WP4%CO&lc!I29MCZ$D$h7z4@5~e6uiU{MVlTu4yOdz&wAn-fiRrN@ zy+F-R+1*2RCJS1-d4ht($#Bb*3f$v@UUyuyX2isuc5%td*}=^w&q&2PqAn|A4w}52)Ha0 zEmQrJzTEABaBI4Veg?U%bAN=fmh(lmQK}SXR^K0}={DJMAJsguZ;5IpZT)G*J=q&V zXHkO2@oI4qR$=K5=ifK_yiXdq!6)Y1-rpg_6OU%N9Y%g~--!pw;H|3VZ>xl` ztR?}AWp9vDb%poQNRyTtXqGM z(_3>vrI(+_`J-x?EpjanOZ8{ImDZg;ix>BHhkuyIY2=B1{6@&_kbqJ$!R8%@)I=sq z!gnCs$sTi`n`Q^FJD=;sN9ES(Kv>G+4$9#|7`IfRMm#`*y*cnH+n)#cUry(nGODTW zB<}^%HF)!=Hm2mDVI4AXSmliRqV;HcWL2^k>V{ySr4-ON2;znD`TRVhOR#V6js!U! zhH#@jkUGCV@yY<{p6uHd1u0S-U0ZolFIskChXUGoy6Cvz+yA8F)I#PO5)f&?Z^z5w zdZu2T~o?rL zHul9r4$2taP~MT%K(fC>>i|vR=E3jH^YJCUM;24cR!eO!E>7k}IRk;P8K^M+uCOwB zo|@2V;VTnS%pH1~QTyRYlb&s3KNw1aq*MxE(52*=Xv>vQ@n@&e?P*WEF5fW-zhlF{ydI6`BK{xvI;L-`qE(z&J$adwAfRW8GtIi zIXeH|*IGGU8YC5fkdqmx<4f1Qj)OO7Wis8etByYzDEiA@KTw5FKVco3Q;q=L~a_&skcR(gRu%fHfmojRQA zUKQ-BYIlglT;RxKXdbfGk0Y>qs9P3~;MX%&=Kq|=QN42%%=M*0{^03!Kp?hg;^OJ& z#4(OWzw(~<+v?tvI)B|>H~Da~Q4|!EEd;w&$vik`n0MGqiUnHho`1(BjD~9{8I>xu zdgWW?{CL#jLx%o%!SP8M#3$kb|2|#azQ3;iKF#Cg;u3k%_=W+vTiW51n*}T_j=^8Q zvs!<*fmN|MN#39C^y~c$rv^}6_8LQbIfmv>5EF`fe+vWNZ!&U7hFE#pf55~)9uk|ZE!$<;PGLkW0_Wf=?wK`0H_m`nd%EjUfN&n{>#BWKYQ| zCUtM{_e}a!Jk_Y9H|J2B@`+$zMeO?o)qMOVC7_;KbJcyg#@BZOXnudSK`gp#!#Tg4 zbE7cpeI(SUqb+G4?vg$+snRfRr$zPY@{PCd^vyY>??{#7T)#_gmAQiEm%=7Wu12RR@ zRHSzfV^m0w1b3f~($xWDGkq!%pVvPy?%R=;58nKz4mHpr5qvXnp&#U|-eHdlU$Z1} zKNw-)Ekhn|aqOqLp#nj8RHzm zfY4btUVK(3i+yu||C4|wKwbV$X%fl?5@_Dm9}RgrJJ~t$AA=?S&>BqO7Wb+l9j{Ku z^W&8L02|fbV=9^w`)&NFPMze}|BmH5Yh^!(HQJ@6?m6egot5=_G|vcH1#zD{!tX?k z)sfC}en31Ttm%UQJd_hacKaWWpx{2`o32;cao@ow)bk#A57A<}!Ep zO8cmzdmFy=(TN}A25RkQC%2M22~UQCz+&5Ae^5-wG=PciOCu=vQIz#noW0fO{cW64 z3C&tiXOF2i;iS}~Uv5vvS2>{R@2Ub8K=KncD3Dmf;l??2A;Y~{Q@p?j-g{}+So1~R z89PAX9;-?_+{f$o66qz@2-0d+?N_7Pa?@PDz1(VGc#O&W0+U>Buo1}y_Dgu5<74aL z1kfB$nQ_j^LSO@SK^?-O*H}LKuCAM2UOb3%c z+4km35E2E^q^xQn{aCfVCsNg8y%0K4zH4~k0P2eXPI7%>tb=A$BRh%5N~t7@kV1R$ znCV75gE|$fW9^NoWb;Mx$Hc9V>)~C=df!`OdpR9i!$k=%H5T=toQt{K72>2jRmKqd zO0M&+Ng!QhsWvd;ysX;F!5PKIgCU&z1PD@sWJL?n8Wa_!aws3o_rfz8mq9t`*tz((EqLV9BBvVwpf%M~P6M1)b} zMZ|AE{}l!O)p5`OlbePd_0cykyb9axHlKg~6+L@*Il}vD^7b|NQ`B8{i(Da3EH&#Tvi!L5A@4{@U2pG@DwUKGDrKBw|l&9Jb9HW>_x zXzXIHK9u51u|ch1Q=r@G)K)HR1hE4ZxUcBxHKYRdTS!$Y#hdwtz;rs^8)7*7vL9Ot z-Mr2Q!Y*lQ>a2_$g4%Q)G~T?qGlwe`Um(iGtnZ5^9`?OWx-}rgRU_ZL`~V3RVrM7-YDw8!V;7Xj8EAbZW5e0pa6(y?PCw z6FeIduS2o=w?exDNOyhDz7BxI7@WlrzEjXQL9n&oy$Y&L3_}+hl)u^A6AjPbUG!fM ziCh+!Ils%3L3LMxq*J>EVQWLvW~HQRPj==#&YbaqclEKaBm;dTXw{@or(!q+Tdh7n zG`1aL&qKs-0uKWQQ%TJN{l&5Suyf9@Q(_m?jeRgM)g^As?+^QqSBGN`vUgiT!*NF& zko$cHEa|7iq_DUXw*z&OHC?@aYL9nc(~zu`@^XIf#Y$5fgxH!$a^Al54)C+l>Ts7% zA8ja|B<^@m*ehGC5n&wp-{R3jI>vBbA1jTCD#9J84!S6fDNyb}l2YsKmKa52zt?iT07jbo+(&Fvu9NFy}1G}^z`^(l;r zpaXZK%{2G7X(>8)xP2yrq~3W81tYP((t$0yuREx>5r0}c65^io;T(J zqWHnHi3hdT7o-CfESBF0Ydoa&PGu6aTfg9rX5%ALsN9{#!ydpyM`iv_Isbui=RiEr zW#3}<4(!VNjyWit;LlfDVb2C;%BJb@u6J|5F|{Af(c8yX!&hc}UnOL};VzbtJTlsRt&=s?fs zs|^QBIN!u;RqQom?`MGhGLrjZrz~Y;L-XjB#hLA)7Rb<`R#Yt>y7u;XnhG6D?#as7 zBwufmeBnh7B2M7;?3IAUeQQv7DUwl5w#r**i6QoNFIO({S?Su+U%vyO<6wUg?YHtP z3g(2|p$!%(Q~A512}!|rI@9!l9y)K+IVM5(Eu2={i!!ziThmrHhGux;`x$KoY;hEulGg{dL;$`K->c!B(MQ(i6drpaG)Anp$~<&VFH ze9MN_&vGo9K`J* zTR$i$<4RdD)M}S}&l_YCA=cs@)f8c`{sQ$XKq32fc=o>N9=?N4!8C`iV&i==V5hsF z=XwIT66alBhAvSvHo4M=dkeuw{?E@`Lqu9*vIdlV%hdNTD@;g+U)n1Hd^j!9-h)5C z?da_BCs2=9?YXY_Zoku8Bvo4q>8Q)wKAhtlClA&%!Q?AJ{Qxe-w&O65{uO^X`CB~g z8B+4|))|78sp~O^3P1Ne#_9eAQ(dQw{VJ#5#=sDvZ0b|db*XaI;^!}JdCqtq^3T@? zYz2xSc%0-M`>zl{K5>fSdU5zI^IiA`20S%omm^+3j-xCO0^gGdjdd(#W*JaHvJlB0 zN+7!sZvAopa`E}v498!_^2D^jx)Rc1^CPSiXW{kl36^b$q9rUB@D6m9nlPkE94uH^8nd-Wnk?d!!FziAEvQyS*x}LxBgj~AMqs#kppvR z{piI2ZQL)C*2k%Ke@KNEGR=?ZU-|@Z%un~dE2{TCE0>1(K``?KccZM9w)U-T3iUNEFXm%5VbJqG_L6L?F&viqF2h-~^|5I%Sdm3!Zs~@BJ$<_Ywlac zXX*MPo!@cr>DRTY!2&vzDkK$In7<$P5qjev=A;+yYWuE`_~ebwIc_*reGi$TD*bN7 zEoC)m4+r8=gJ_%K&hP6m{IrXD5MlUxUt`vCo!{mc=&!MT8jbak9zp!y7yG^dr|9lT z08SyY6Gm29qPIya^7$t`Wbo7iTMr~chVd)QSs^bh>W#b;f za-_|^trLEMfi?KZrH+9n{ZuQfgEzVeTP6qUC_-?GP^`Y*KuD@fNM`g!xrIA7O~@}V z5CA#(7d%g;DU>Coz@-9u4IPBz6vrL5hcVg9vZUmor`|p@FK}?E11vZIaF>5tNdnB` z4v(yHSK_aE!jqqrXi;xLf#mT%p1uN%B+qt!q`^$tU^0ewZ(1AGdWDY?4-?@Kj?~5b zN{Q?ze&%`(gRwy^zv-GM&KOREq=W4yo-F4Ei;1~8F&FdlR3H=~2WOQ`M4A%!o9_!6 z-_FX1nf*A&b@Dg|Uex{-PKYXHnL9xfoS=9y##m62>lQ3rV^@+e zWVmWym2I)(Loh_DbJ^j}v`My~*BE zy^n4-N>3?|rs(Qh=NK3iX@-HNVc6%dD33<>(2UI9JnQ)p9IF_v7(HPU0y&P>L)jU1 ztMTqA$9c<`tNPSiAxO!!eLmDzMeQ4+-TyURnQgxfFiV!YmaR~#2|mS}wLQZ_tRjKH zjMEm($rIJ#gUwTDIS&59oSiE$UlR&bvc>)gGT2`V^O$pf8Yg|}#S(30^N2;%`OJV9 zgd-FnPgXVyBY$83^-oHJcfBwDSEZ;A|Ja<|8*f6m4sW<1&9e zy*SknljIhDU-bAyXbV+be;Ev*&6QaS!um98aNrLbVC^xv_UA(|eFAD8!t*z{m-*93 zZguhn@S~bl%Dh{VaiO_%k1LWdWkoaTY}9aK=d1SU+RMdi9a1$mS?9P@C^@~?354}c zJsiEQuX?@^LX00WZ%^0aGJSt0e3?4U$12!tjVm(^hKqqnI7ooNm=k? zd{QtS#6Fn zZW(jV+&`dsW_aEn@!a0+hJ3&lW0-E=5ZZRBF9oIm{Oe0}9zHClP<--o^t4#~Su`Fu zp3bn12)18bRNZQF2uzFTx9OiD7dyDXG&G$GI2crCpjO!^5Rr6#pU;}I?2m?={{0KR z?Hv2L^3A0yCnr9!~@vEL#!b;b?&Y}!8iciJ!phBI2&tybmfy_XcuvYez#&>lcA_(`ev zh7k{oy+H^a_;|5h+_GlZMS|nFvKpU7}0rT9Spxe9mZdych8O74(Dr6=8n~0Z8X7D$(QfiQ_T((`UdzTR24zb={a> zHW5$#!fnubz+y*CdS%9?gF|3r=R(GqF+i@qkl#acj-D`vNClJp@zgnXcg+VOwXebp z<(@^7yQED@}PfPTe4e?2&$-{tpRE4s{=b*##laYIbHmOfWD%6nOcPz z-of@B!LfU3=I1d_G(JE|w4A+ZKZUGr5g#2CRd-LhjvfF5sIr9b;j zpQp&>$4gy1ODd(rc;13wh#|Ftn(6fW($%W^KF<61hF=+w z1TxBHHC7Yd(_E;)>So21PO&OH_!LHl$8}#hWgHu=-PihSnm=MFchVjBT{Vv`tl0P) z14~mJM+PTA%`(<)ryzy~XTRMJ%+Ehxi>z7rJNsIA>T@VMlpmynW5Z@$Pqm>YY>NFX zK7c3H*?G@P?Z-MjEf!Pc{4H4SzEYhf*O5N&UQS<(LKS|UgrXh-NGYl#OQbc|mJ!sx z1c!D_Yu=;j{lU5T;0hv=wufXeU!T^i+GQF<%4qIVzrw7}GUyM)VLAEkYJT%-nT>hC z8ABSOJO)PH7_ zGV3y8%dS7eeyUMcz~lF8!a|LI;|H=1FJQEgGjQqWEN8D*eIC!?VTtLUb*9~?vrY@V zOeWa&0e2bDG=27&%UM(=YEAYAiJ4{$&}*i$XVPb(BL5$TyQn8QJj zf%t3ZqgGp9ipO_#m0sr};K^)yWNm$}bBJ-|=Q(oyQklgiFvrZVeg6|cf%-#v zZSq5WaV{r6k;Mz-jFS5`6Fw&JPj}JFzY!!Y@YM}@QCou>B$6IR#P-8or&iprF>m=`-B~u0InOUU-8yc8TJmOEgiU!9=Y_t%o}*)@;Y%?; zHl;_e^)NTuJ*FoOs!ityKaBU-y`IKaZiq7%M02?B|I=xcJ*T4N%$`fRhDfXc#~w8A z%A+DWBcGbZn~t56p8VE$u+!lMpUv-b#!F_906+C>rM>#o!NB$fL$PVI3x4kDofJJf7%KT`mk$ewyR^p&T zF)iymR~>kKpK#3n+~eoe!Bvp6B@pCACa;iPOYUc!!todm>>kN|;@?6h>ill9A4g+B zl(b-t=(iW0aTe^VM}rm$_$IPnyZcN-YXVI~&sLkIgu7VJY($++RF zAGVb!9E>8W=Wp4>J)l5Oq|WfsJjX#JoM9ZgJ*QE(HsRGTx-2>DcZh4S)U8)i;&Y+K z-fz@tN@Htok2R0R~+20j9m>e^n&r!Xne|-$4t@1kOV1(>j;wsXQB7_Y1Ry;Vv23)h6 z%0*zQ^og@d228w{z4IeNt|o3EGV-&!el}}#6(B+TdQN*tQj?dYH!=3`A8XFJ1yjMB zTC44WdIWzp;|BvB;7^T4*ckEmV(cqrgF=A)+wYqKu%2-Lx|N9V4C*pRWS0>e+>RgU zT^*sMcLe4jd$W_VoM2bmyN?geEtnU%#Aps;7da&n`_V3=RUC!XAr5z`dkK-iuZCA=aH#2X4`y7@heP z7Cgv~^LXKr%YTxMXP_MbZ8KbPbv;7`zuBVrW@@a?X#M$7U1X8ZPibwFxW5vRKeht> zO0Mw-TTVr&y{>KOvoEu1A6eE|UV1LUd7Q_0tu^ELck_*ua|{Ts*4a z!la)rwME-Q9h?;sX1J>>to@dz#Gt^3WLFFlk`u&P-3}DV&>jc!1!wUdO6B-_qVj(& z+fXV?{;7~U62rpG%jsl$e-L4H&+MP|=rT|28BbH*9&~ZYT&BTOGN-$e-w^gi zN<{$|-}bNj_e_P?6KXK~ov#e2SX|^hgWEmzoj4uzr~`SYi=tx>dr?u^pS@fEgAUx6 z{W7Q9O(2(NO-+MNHUM(qh+LVQ>+&(y7Z?If5>zxye+QFNxc)v@c}EY-dleEhviGA6 zo#*YF{rhpMS5xtk>RYSl)dQ@a>GFKiyhj6wBzeLN0|?cAb@^%0)I0ym*T{0+I_(Dv zkmOmtbz4lVOqksKGnUL;$fBXqy{pM6pm;?GG#Fwr9kp&*tVRLU7LPM_?E4<_Q0VMz zC^%9J47=kpcKIvwp{5+Oq5Y19Nu>N(b?wyu?#(NH8!-cZ-7f@2{kmm+Kbc{W+plSA z?&J8!M8gIz`~>;>Fo*hXO(oV-N7C1Img=F+bF^mY;*EC)pVGH zTZ_%&gEzxuqf4D`{8>Srk@fxShi9uwsc-M=3!f!161EJsu0@(#&0kbS#e(~PZy;Wf zulM2m0r51d&jAW>vU_5`utX4`>6pQg#N@NYJ3k*2?Y7Z?54!*&MfCGYDfq!ts`eo~$FY-))t8j};tJ5O!1;pc07PXHz|XeG)J5|VoCvo=oFDFunDW45`m7M-VoN|B zw5T8{2gV$zTNC&9aQv!XpMxjU%&%ZC1%zCha$8(Er0J&2#HWLo&Kvi-^E_1N2O&9-+=V)Z4HT#B;5B^79Lz`? zY|PgFesCUPCDGME($Q_zqc*ZFZz?$2(fbVAmyNo*XF%`+^?ZYt%)*{4G8vdE7O9cE z*0Wo!CI{#-cVgdn5bqGhLvfJnbj}0>kCiX`c{hEl9)hI2b(l^B z`6E}TuulB*$ggX`3)1auzpg;VxXQEG&?B?}Zy~i9eqOj}j>GdemHzX+F z=RwQdn#N*Y`r+dmJz2<8G~riRgvJBn=Te+A(h+yxjw?n?b&W&;lG%D4VpmpU)zI}9C@{P?oWFNn0Nmw^B0tlyro9c zM26&DanriL{=iE3L6V|Kpp^xq01#!Q z29g8&T4#m2NzR}mzGG2I7l`x05MUo_7M%UIEd>8Jv*brW7K%5;_yDOi>KC}~on-qd zL)&IQmcEvHjW;NHXsSc?CW~kZ^HcM%_L{VWPKO)%jqi${Is`yseT$n8Fw^}Dq-CdYGP8{K zNN>`RdCG&iKwe}?#FcO<;Ml(Rr^N^3>!>3?rS5tc^Uwrp)BRIu`V?Iu5A#w251P{a zM0d$@S)=;?En@5kg3Yt#WPl+)e8^Y`82z(!Kv8NCHiLI!NN1fOm*eRtwr0jBt}3wKp6mHC{BHE zUm;qOv+>b}m5^BX9b{)z<0XlLq$JNp7LMLi6WROlOgAo{nWp5WVrdWoDn-X9$wUPPR=F&sk4H`=vSI8-T%ze**xdy+Ux< z$K(4H{&hmi)BSOD_kD8uD6Bb0N$@)H97yx^!tJ}lenV3r2PO{=<=-taqzf){-RJvR zk)tPPLqN-bn|qrTVz(4#|HsthnihMB?2SE`xWT5KMX{t|F*!Q( z@%!r7C}nRx`fsO&)XY(OFk?7=$WBY{7Yh$7tw#}kh0&Mcahs^g?)Mk#p{_;4Mgmu2 z(ytBeSwoIq03yeW`GF!M0T65c*!RDpS0$g=la<^l$$M*BzKQmYArLu28ysLg`it$p zh4_N9R)2`m&jQl_HoRdaK#y2~VB#ea6lxM&1m$WA3I(kJ$-C9MGxhJ{T!Ra{*LAn^ zJH&q&#ZS^Rw6|0~Ki8xOlf?Kv11mm=a_XLbO!*$Rr&dMS9R%$Zl{!ve7v_tVV4_|L z?mp3j+&pk^jZvg?-+KcC?>%ml#ZfLOCS_w_tt^#j*tqKI2lARX8%M_Buv7GhwbveS z>g86Fit3N~xcusOrR*p5)bT~^nS}VwCj6(X!MA65e|Wf|gniFf4 zgZnZ(IS45$vG+V6VNcdntI!*A>fyDbz2RzkzCQ0Nte>FQcEU<8cz`PFQ|^J_@wu0s z=r%%s^vTnSqLvM%_+OYxbYbl2bS^#SbiX!9T~~*4{f4=j3urzE3huTU0rdDe_g-L} z=~nnW&l#FNe>!hB7)@^8ZrTP3hsK$8N;*72S+(}-$CYA9HZ2iq!kVW$>0 zSm_-hGoLdq2W{M>o6Bl^m$Y-9A3y!^n$D-WPx~KznJ~}-Ez@ZfS7UdY9spoy_iaDb z;R+QXYc~`M_Obrb_u3_dpfQ9#j?njYo1?T5OQL?mJ9B@H_lJp8}R$CYGY< zQade#NLy%I zS?nnCAH}&zDv0Dnfr<^iYuQZ$~|>WoW@- z&0VkHI?WXZyCYda|K&gkPH>bRoQQf9fd@ zjGEK!d^bhtv|}I0S7NFi`jg%zg(}8FL9oDB5ehXp zPp7#aG%1DR9YKtQ%m)#UAO+fgJ;?jP?<}vwTVNS>Fn`SH12l#oi`qbZrM>!!ZrFGQ zE5p7YbV}bC>cib@m{jFT0h_TOSs#h?h#Gv13e9yF$(B^d$aMTBYnRwYd|J8y`j3TCiVV2u;6jzhnY7Xxnem_M*+J_NzGdgr{Q8Y zviCNhtf7uP6_KP92=9tG@-=tBpW^CHe0_ZZ&>DYc=!$HtkW!V*SXezi{(guU-{{2A zNKGd8=PM&rn6eJnt=>~FW*@PBgMC=-ruWrj+>_+)6<>N^GvBW&LZ7PAN)G%RGGXuO zH`(v>1G$KmzS-GD74im2;HMTn`ZqMnlS2o#w_DGxL|QG?G^YZE71 z8=QuG4IKlF!n7&J+06|Rx&&qLz4+Lw6{Jk z%?n8TPf>&luFV^|_VH6Qcq4I_ZXe57t{?#G8n9g!%iRaXVnzxMRZI9K&o(Mbp#+$|2~mmZ)%B6H$a4xx40$A#}^Uxirevrlrz zotUSNWDBi_dvMTB7n@4YuhM(SUrZn2a%q=}BzE_06bm!C@P(0he9#Bgj%Y7kGBv7H z5Z$lbtpD1_u4OZhA=A?IE|?Wp3SO)EkJ5!-yQf-Lma4nI9UDlW@7yw}AvBqrry?Gn8&c6d5u{ zdI)E%hUq;Z!B}_`SS6%=rzOn0MogCj^No3aK36GCs#UempXR9SqbM90rJHET&mo=N zt9~h{)|WClg};MNCkM|+l&KXQwAiP{NlrVuPIB=N?P&~f z|My_*lWihccK}y!z zDv9h$S52&N5JkKZ#H{ako4m2q`U{~;biYQEakYp7r2w0iZpz(-$C*g!KrU1lF09Hm zL+FiM9A}sq*_n6RyaWo(S-*0X9}pLUyb}?7ct7e-5`W6-6TM!|8+TC3Go|vjeKu3O z9Dxu_jQ!r1r* z`j>n%;ZSPu0B9|*q-eGW%CIca9av5_I|lcYglx-a;`qv6Orkj!+RWM{npk&sORD`$ zVRd-Iz^&O!NaSO(XbSZh`N{1M2H&p)2M7~4uLXuq_#8>~QdxhAHxpiU&hzl@aA8gw z5OC8Y*Vps)IdSlQZ>^u0m_K`;;Xw~1s|;uPHy^hf%XVl?mFP9yQM5S-X19OT+&P5m z<^3c>1P39JVDuO`ewBf>s!!t$6~H5qs{87VAI<`>0=jI^;0W#CzKQ1G2QH`rB|ZH1 zP>WxyPYv_cfY- z{q+4h{9ynOBiWiZ7x$Y8pC;w#+HTs1cr^@f=oExLukCBbC816Kvs|=kzd2CzOpgSJ za;{a6KetmxZj4;eU?bp6zpv78FNX!!_opXH@3{qjmbfN|LmZ=ZZozA^*_;9vvG_%e zG)lr*)AfK?uV>xotKW0HYpBC9$w7!xt}Ar8g?)U4+Bi{P*9UaQH=GB(n&Eo;%+S$- z$57sN*{Z+3CE-_p*c@m}lr`4yOMNB8!<<Z;lCTW%EjUnj;3@gp|Gp{fCz+iK={tJ~3I2%Gw>)J$VC}bf!ZY=ZmGPmYYIZMPZRq9kj_SDUtl*4GUPf@Ujm4MSTtv zAEV(MoW?(F%p4s^Hcy)iOjHa0z~;XfBoS6(2@OXMg(f{d^7in~m5s~P-*WtsW^J-B zUWeZ944sTZfp2&C9bm}qK7VY8?~g40ob4C{0m^rgHr;2QI|E<19iDF;In;B~F!@tj z_Q^93CBLDIah3RqVMl$cSYjzpqdWdmz@MHdgePhC%Se@mOHpojXV!L|DeWxybVkyl z+l*~6m}f2!wv2PAsO!Ep?x68?HbUeAVveNePHs z-OoCx{laGV@142=8!YaNCi^S6XLW-GGvn0K36T~!{}j-k@2NiA(FAMjJxGJcMokY~ z{bNr9fYU1Vb}mzwH!h$r3)}-O_$WTf?p4y%$JQ@I$~@Y1AGnJsS=Y9>TyK!}2b;Ha zr}lW1#i(AKZ%ftQa$@`EXDY2HmAQ!pp&)^hAC|WvMF`8M!Z^gNnncy=x8&H0vGMCm z|6RY65Bf}X+jDoQqm&=L_bvoo_GEwc)XM_v=UFp$*w!0vD#O0eKc1csG==l3rw-AS z@G52At)Rv;iNo=kLbT8&e0E<;`LP>e{fsIXTG2__l-{QY8lo+}C0U{81S#cfo}6_6 zS!*%7vG1G=ftCWW72%q|fh@nMzt-&U-wPc-$337ydTZSNBI?aNNVc3)g_Gs7stnIQYJsFtJ;g=XxL)3x5Lt(}%7JxzS9}|-75uo+qZwuy54z0CXY+)}b z)@c6ZN=1`mbTvNbYP<5Js1LiH40^A+B61^Cyhb)8ryKfymuqt`Srpky)E~a~@9K#- z$%i>WD#B#Q2OE+iV6<4g&CC1ryC>*U zfR_2h^D6hyIdgMPFdIBEBmVL`k+xLgkrsT4eT`Ksw_dPt>SxvI5^m#zdNoTW&IZAk z2Ty1D_Y16w75kVZU8l7RUGWBi;3FnHy(A2rLXMDY{_GffdNhQkoHmA>C{X!My=~gO z6n@6`0oi}$t+l6zok3_lL&%-O?|yDRuK^P$v5c1b9%6%3TYQcf$LCs}xLFVvNCqbY zIn62(Ys4nVJyHYKP*Q%a6dr$wsyQBly+K&Cxp|*pIj7_B?*?y zI0wifO)*V+AQINvfY$Pw^%My=g{k`rVpha<9@hQ$^f|lQqz^~m0qAF%xb=DR2~%A7 zuTM3F6MsVON^^x*Yb6lskK54z#`8&lK{&baw{=RUicaPF9E=m%2KeN+NEHiZxX|Ft zQ5OcToI!mqCCi-Mr4_3&!A}B&0jk@H5@H8+nOd#~+0qlb=BB)$PwdbQ#tOk)z&6_}}pUpG_ocr~F;S99tFX z)w4qI=XxY}E5Fk;%B~V)-~zzDQOaqp+r3zT?CDAJ${1+T&#=#K{d!fj{T|VX#SihK z&lI6iwzlUB2>Vs+?3f{e^F#;{cvHAIG4Op2N*y!q^|KB31!6oO?|nie z-{>beoQ*Sh84!g{2pU6Hx3+RTTkUD*z?kC%m;vkS%HPE;x zlDp{P1cVV4rq0KGsFpM+uT>QuC67c1q1QW*%p#)6O2+O5;LWr@)#qw6dUPsF+4WL3 z>#GZ<_1EykHl%dX4oqD9M6`MU-&1?4cqbuj1>ZL>nDBs(ZlJyq;^SJ=LjMUf7<7&J zgTduzx!p)`H)ojQd+%4*jIR0IDPY36I*x?R+YCXHy)&l5P8B-dtn3(); zpb4H^o}&?DW+mnKX_RM+YCmzRneTQuNb({#4*Yf=cmB%uq$NUXwq9YRC50y+t_c!6 zV6$^PPP|l*aNc;3c~&X@YC)=%l2lkeKln2z#My(va;HO3Jb$;|%I9#%?GVzJ_cH%Z zJ3C(xZ&0%C-r&7tljb0sWh|P&-x@jAXkTUU8PI(FsPjB+=|vO8z166m@LNcurGfKi zY)vdJ0lLr8f^VjK%K$-jWjod1edCr!1NVDLlZWCHN(X=3HOJC8{W0`LsG02royIdK zm;jxF`zIlJZ-95C^PTZPRnh%@(KJuQ7hZR2xNqa-H(VTJ#U{NcSMyf2l~^ro3~lxC zaokrUTCvZo`losuTJLEeOc8yy9zSpbbVyPVk4izA6hNr&5lPTojoEfvV8^WNp0vwJ zLn4K9#KxTQ@YU>2ltWV)Vk?49SD4DI^6GPnr^1;xYD>%^Z> zHKC;*RT*|(9)x5x))J&6(~t5^neOdg`)G1rup>TF69%q|`|6lRuTdGWG+yU8PkDGp zhUwza(K(+hfZB)-**qeC*gRDevlW8MFa1`osWVyw0`hRRCO_q(StV-S^I`rW+^8C`yjOpUefwdRQV{ak*! z&C%Vhk{%oaL*sc<5-!hWlK70aLBi7h+2hEyNkz#Y$=bho=BNe-+T7->lG4{$P zlJL$qS1RA`kZb#y36ko_lB{ExOz!N?tpW1} z!|gC##IG+i9kQdExZ*K~i^kk&W)&d%{d68(CX3VaVZT*r2Rxng@IA&=lMX_CjQk=- z!p`nhyPD!kWqzQ!35w36TIugy9ds{v+9}mS&2KbY49d%6H07} zw>c1@h|{-okWp1vw;n?$zTa<6_?BNOx)2gX*py65qPHG!)U@`XW#=+GO@6?7Is_Te zZtyeM3yDThmAbz3BI16_p&F1y+=lQ)R73xJ?=^KRpMm;U_swe8XG2nZ`NO%?GNKSMQb|RU6=_YkNA~lKz3}#A z?^u1-TzgYqh$g_(x#f*$E=oDw@8ETRT=~Ssm&f(`>#p)$JUo|Y#CJEui4XcU+3W7n z$bYB3-Z`>5Jv_}HogLR*moJ>*NM~;#_x$cR4BJ?hN?kAsU!Ra)=If~qmjV=qi}_L+|yCt1gGW6OX2EQw~uVHE5B-se7ly}r=$Gf z2RAf<1?*y8hy~S}K*EEs>H93Ohz=eyV$H1E5BE&ToBG`M>4o_MVeb>DbiGg1eJE^8 z{Rd$$%s08Dw(2#4jsEQ454jV*7!}ti&fv)B&2LNBT;Q(1^esK2m}O5T4u-@|2MwZ& z$DK`yj`52{)3r;7#>063EPY-cxFa4FZjJWqN_%aIxU7o>)3oR2s(watMs*hs9Q(Lf zD77z=S*(VLyf=@Duh*Q3UZypyt9bf8E187cC2k~nkT@Nk-5A({J?2W7rdv}#H>Y%E zNvmk6zN%~q`oraF0{ZdWM{zHB9&6tj4#zDOlAn{@W6FK5^#_Lu_@rJCj2K$%(n#+IYHegUvYByj(ERkDlLf!=2P{>oBklEzIIz;1}WT0izD!dSgX zyge!vb*ygc5BiIN81&S|_o;nEn;F=0Gx4?@kpQR<7Ykm?*sz2JXvZ^>Dt=pXXWdMF zI^CYVfxIb4{9c$`_1NPuP;U%=MOQrzPxl@Coa?=l`7K~nWp$9sc%2tn$&@1itec|VimY@egw9iXa{{_=@nwGw0arA>+}5HZMb?V#G09`Q=u zQ8<(KhZ7#~#)_X6KPOJZJ>jEJ+>V;z2*#uu{3M6PnuV_HiCI0R+S@?jAaW!2D;jwP zHVmmmR3S`5M8biZKUV`anlNQ(hM+5cjb9KJmOY`bLdKL%Gwzq3%+v21p1~smq7Sk^YA@msgE`REVcO-+3fbaLZ?F)BxW|njC(_SL^a+R}g{r-av_A zsmmd#<1tad+OI;6+WoK6SZ0KNJ;IFv|MvNA#xmO7X?{p^1-R+_SaS3%Cf?2DhAIEj z9hc_Iwi4)62V<_id%=&F&-bKX-r#^=PRk>;mQ$&@*H=4O*8}4@C@1A~^T*VPgS(Lq zH-8X_YMXxJ_B)q@SE%q&wOWEi2t*xvVd^o1L1zlUW9s1lDoi>R*Z5!X+OD3 zCtHn1ybu!iT9coyjO`apGYD9e>m=a-VQgTt_#_67SGAF5B#cwDgF z<4*J>n7EQSlTtNkA_Kb0&+|C4e1rQ@+Se9}`#hhNuz%bTc5NlFSpXAtXZM1WH6L1J zUsU;avA{I2|3L2~$|kAru*w{7RiH|SQSzfu+H>J=(BI%`T=)?YQgZx?qu)vA^RF_m zNIzyHO)uf=!qYL75B zcR?@wv`@+3Ku#SCh)bOs30>)2$H)M>6>!y6TM8mduU?)uE+8lEQlh_;Zy%BOw84D6 zha4}6zC^4uf;7{w`HC@_O053LQs;JFZ|wRdn|ETT_Psbn#FKK#V?*zUR~nj^Hs~ik zIULl{kT_hNXvdO=Yx+mllmE8S z@JLJime<)kQKkm7&wjbn)93X)Q=eX?Zp7W}5eA*w_JazxFrpy?iKJ8JFAO}e=94M2 zS3?f`z{1IZ=f)Lr*=i|Va`y#qhI&Tc*?o*yVrm1DyyI^Bp-jMafetHSb+XdnGP~;dVN!dG~I*{a|!Rs#&zLCGM26iudQsLETTtQ*YwkXqZhYHv)=I_SI;*p)Gr^>;3h`oB} zu|}$~YvE`5@9aD34Shoh1`g-_u0dHX>vdZoqvNzk$c!$cbA#i##@N?o(xx4X*5(WP zCC80SRq4&ur|b!1{h{oGU&W}neUIb^kT2?^@5Oqa9M-S#)(h^aMjtMr)n?EI_C-7! zm2ACxQwMlkxaZfnLly+%TrZ8OVQ{}cL)FRHLRXhJLFl(Js#H<6g+=n>g*@ooslHqtu0fh|*A!MD0@v|!))`3~9LMCo zgDXO!=6w=VZ>j_BsD)MS$A?NMs}1M9*9NCBKi?>XdE_Z(laF%eZ#72R{SI8etbN_9 z&%LO4 z%Ac?y1rWPxth=HsKl$(_@WJljcIkwIO|eja))s5~bm)E8JY4pQbYoFrz);Qa>k0a8 zhuG)1#?zrPH(Nl#2SUemeyAIgU4Qdh+;I;IbZc@+C}t=VG0Au`*W)G<)O~OtheH77 z%8b~{Z66)r#Nbt_<;aFuIi{}516-4io-6Rxu4wSUuz?lp1NQ3v|mvVVxkLTaXk7*}USyEfHoL=q2P&dfnc!Mf~H(rhZZEt>G^NN9KIEZHR-VJiDLuzkne^1+% zeR&N=?X~zaWN>^C4?&+WR0^Nlfm=fVv)>ee{wONKA)PIOc@u4KA^1y`eY0fZgA+gF zZj`K0`Fwp3W)9z66&jY6mAjU89rwv09OFcaR5ANB+*mJ(KfKZlOh>(KZ$AWKJ`W>I zZKrk>`Giqt`A%0)QquVE6XjsZ@R*uOcdrF=_RF4x>%Oq@F$>(&jsIM-pD)tSSyosr z$mrUmyhbquxgvLEF-(HX$)EPq%>FC!GCh@qXXE{(4a-sWy9K zAC-&iFF4)F?BKe!ZG)BrQ}ewq&oip6=3%T)RTG{6-Kz zU^>3Uavr)e2})ZFQOrC#DNah`LzRZ0q1+Ixei4>k%q)3U_bDmE+e_VSn%5q2HIA_4 zUC33nRG%NpQ+{dlESb|-3%YE4IGGA&P~eZ^aa(OUq|^Pr?0>4}Od@;QFWxYK(n4AR z#6_?4f-J(&#QfLW6@c?)2CAp2t90|YkLl7Nohw1*B-}R8q~)l^QdMdVx4x7;Nkfsd zu3GpwGs#LbPuqvq_4MQOoyDU>>LH@8ts%qy3v1J8@O=k=ovM?S zcyP4(y?)kdMjX#`{GvIk{cvQZdp}gGHoSmrX!qXFc13?zOzdO|ab?gJ+jy`M%B%Yl zDkn%iGfr+?q-*?s*<#*@a_T;v5o1)Ufz3D9#TjyXpXF>(NuRaeRQI|mV9%D5G}`Va zZ*W60cF7CPtQ6e9r3fx)vRw-AlpdaGi1q!S+U{1hHQ$c!w zX3}X>xGQg+&4YIR_Hcdw&M;e1!EgKVQ2pZIq-`?xq(A9-l2JN???ikJOTEdRnsgEO zaqE>UYxV*vQYn=`67hU_{Z>21CUX}lmEaHLVN#Ezzn9Q3#ij~7udutpR&=~(@9rZe zCrClvJKb;3>&t;QGdV04I`FWoE*@+O=_MVBlOd^`c0<-(YqUiR74QukLa6$$i??}u zVSvvolnoQm-Kiv!{8|s6zO9Nd04De+wB+K&$kRzK-!SS* zDQfe*UniIW6#~E;iXHwoC_wT2l&I~B$dSLdT5(fo^ zt<~~K70}I54)H+T_=gxUR7g!m#}hNp>vI7p>2GJ#))xDem+8s8+FKHx|p z0rSlvdZQZ`JkZ9whh< zn=jU?Sg9*>(i|SeZvs@>QH_-+w+#+fR@$) zBfwkU;U$+LGF%ZA{+f|c>9AXZxWr~3;as8!ZbU}217`ItHS1QysL#KgCg~nNR8}w6 zK8ns;aC_iO9!-Dsz_fAS^A@j_bArEgzrZ4O^7{Q0jyZ--;U)LPekFa>{d-WRV3n9M zm&Y%otP%py!os(It2I29o;^&4T`-(WD0h+4G13sTnq~V4j91c*Via^iBxhIdwG8{f z`AR~aKHec=E@}y5DyS{*qJe~sJ!&qgKOu(JTC?_f89gqko3p67vKU#sD_Q^et6E*h zk38NA;!P31>2`l`<>Pw?T_j+OII7n=MR@Al=UIG%rx9{;ceVCpwPBaR08F7UvM^-` z%0sfJq!5xhU*0o%rO{0r%x91hw*0oA`!Pe6EaV>XnpzELlW`e=7z60E5OAhDi}zmeMaPgMP+8* zQ`=qIE1i2Oi|iap;}G8XMn`L7bR{kb_=#t_J0=ZefSPQA=XiZ4&Ve?U%Y%3w*_?%5KLZAm!s=qc`6iF(TC!*$4=in6DRaXTdC^79_|qZxHucOY!ohfjDM<$W|8@rq#7 zKK2m`TaxDN*|(6)%=+pTNFY8?kNDX+ocRe8q{X5{(m|E_oIrD85_zsm`Ms^95&Ay))KYzlkO z*=(#}M_Wh5a}UTOd0A%A2$R+_rv%3@pKteY1}_Uif}hY zmzw*N2YAEjM{;a{psgz#9R~{CRy5wk2udmZ3-pD@GbfqL;z^vJx1w5V&W1wx{8i=+ zJLU~V-{c;fL{e41wBn;XJc>tbH^!Xo&a3%yUyy+ibrPJ7PaV;qe0tG^gR!{hYA6FC#pvB~z{=3D5wZIJ`0R zNzp~{(+uF?+Xv0{4DGx`p6}-kq-QygP})d0Hlc)0XbSp{cEt3#t=3|(*&PnV>N(!D z2i0eLuNkX-GVORlpZ5cnYQN8+|60-=zobwFRXc^Ea)aC;W~1d>*+Y6A5VW=w@(DJo zPE*@w)$_O;9v8R;_Yns^=;3jJWxC71_W2MrlDUpY#lTO*99x*c{eHjq3m{wO>0Ve4 zd6GPA;ymoFY>$SxB3LPnz|u+n_f0c9&}9xT`CO`dDgRs&ymTWrpgMG~iR;ug;7bdVo<2e6>v<}2$^ zW>ZAL2FDEy4_gn5&lTY|WevIwjs!yv)~hkRSX_8S5F?1ykG|#Y%F}Un>gh@bsK@|% zk$Zya(&oc1WfEJDF}^8HpYl`xE>g*N7E`%WF5h736M{U@y_e@;%GFwfgaWXfB0*bv zS_qO$>9=I>g~a=1+^fXd(i@FPu$o^#SJ&ShHT?Ycn(g$8B1P{jqyop8$)DqS*uFzE zSCn5N5WILL4Q(5@%4QqHK&EPC8%9woKf=Ee{^g5I0v?~U0T+a^^M^L^*Ys?EVIG{2 z;{Kgo_7k#d6VDK!|8+I>TN9;U<*O@)?3Ab()ds(P$f+c^jf_^iShsFz>vgcj=66HH zrzvA^6A!?jxXkmf2Ldriagq0MZRZUhSiqmF6E(Kh7i(b6BQCsOJBP8xTG~<^bqh(Y z+OHk`DX5EW-Au94x#)Cbrcja8BA>1T5NG8}#j^D@lfSTTjdZ?<%Ovm3#PX=|gg`?8 z&^)`FXozn=>I>zOovGI<9C&a8ksm}E@5%MhllR_3cyk0eW656$M;C7guRO}oZaujB zs+HC3NaBqarf||!!W(hiR9IN4s}FX+5IAVToIs%i79?nC`3376bQ4#i)+k{xjNp0- zr|_pn*-hrBF-;^4xss9WRST@JfsH&spJ~h9RSj>2Y9lMWsf=HQut!V?AyDc0^-bZ? z=(88bvrp5&>j>?RkTKF0b2fi_wPg()&%=WrZtg}9rEm%^711@ASyrlkJle1 zFVt&sFwr1qJYwPlxqWd)iWVYq_nEIX+ zh`2P+S(4dpw|f55rtHB@0@tnw^}Fy8ybso?ulA#qiJ-|T1!AiARo4_i(`cTXBUTqF z4BCj&o$Mcv8g*5ffjPo`j7Q-QZNiN~Bckfv8KGwT@C{Fh%Hf?LkqW#vf@9a!2! zTdfk?t6iSYp+QITFkL0UJ09`>ox!9i&(7aP&0ZU1x>UvoWK!)E68Vk&@+mnx<|5U5 zbr4yfu^c3L#*LzHwHHxF>E!HJz)1fH0TxXaM`R+cy~UEEwUzij zA8g5622aMH9G?ra$Gx6TRJBu7_bhn(8iwm0_&eR7bw8$lBZXmYJm3X?t*88QLeB#~ zQ42P|cUQfz9f3gse2O1uvwG5GKOnhxA2jf1xTjHYI?XJ!iPBS!?7mp`n6EKILbi(jf<+G-{DiPA{0#a(?ZYSH}> zIh7|_mHhYxbL#uK@VC)a<9*S6hY2ZK!ri=df4Z8Q^2x_SwyZdg)GF$Ndz=bpQSG(xMORH6S!6XF4d7 z_B#|lIy>d}+DgTLdyTFfGi$Fq(0v%$v?Sk)23(RT@enP7_bdKbF zKSm^bK>JfGS4~9az6#^zG935o?D0yzm-fuj$jA*7i!d7Qht;dGwO?F)W^hAFJ)zVg zUUD@TO=0foy)`l)gTXzKIl~W%eT}$KhX0kB#}`;||EjQ*kJnxgqk+JAi&(1a_@1=G z7Zg%oqQAiu(|7g*+tb~d3AT!?$WjO>QO*b+Glw@Oi_v4HY6ZS53-C%;Cq)7=54FSI z^UPbFW<>S0=)d0#b#bJjHUI#>;f2EmIM51O8o<_HSOwa1JkLaqds=yYro3Q}t5qv# zeGKl#YOPzhA6L(3cSDcwz{r}CY=lzjv+lq%Bk zg9#LU%Xf@S_@2WUcg>~9hD%bg_sOCU)AiK%`!IYAgQ~n|Nra$s9qKnH<#aOKC27L@ zHQ%!Ev0v7JlJg&h`h=f8Uy~loFbQR`REY><Jrm;%7RP-bc=j<2 zf8xm#0Rw6-*oj=amN(V2cc!f{|GnA$#t9HwXB{@?LGT2RXyn_?t8eS6tdvL}&Gb`s z$!#B<8BV1|`^ZBhTpb35fJ3|cxV`WwfJVLJyRsOty1QQh53WlpQf&9$ut|NW$zkL7nbg4%nXBM-s@*9 zo8NgDiwh+b@Hng-c2oIaNbtfU~huFxlw#j64!Lvc^8 zFZJ=O7c-SV98c!9i2Hi?MD`~S-qz^a9WIF2dPR>Ube(r)*LMGTSjW@Awa-K>EuO_3 zA~*!2_`3-U*{7z7v#OlqmgQE4^=JU3nyozv@9ml#BTo%pl+U^de zb(|yn+ro=taQt>QW_^hJoC5Xs34FhBq~%sbtf^7Q_YW5J_wp?4OGts!G-WYpV`|^I zhXh%)Hv1Tjpthc=?Snf<;M=28Mx=h{WR2gpD`#jUVx~J8K5<@2Ur@r4W|RLcr-6$( zz&?^HVqry3&%b?$$|292#v3pv=-PZ`^Zgg*>oi5n*kQ%kS6^sY-`%8%Z^EmBm)hI_ z2%s@}1xHR!ZDgqp`~*JnBrVY^s!vln+kN&*?Fo4U8=7ekVn}= zyjve%ZA|?-LhW8w@iAdjxD>1PDwh^F5u#CTg>Rvj5Lodom&-nV-J<|ufPJ6@M1i|paGG357%CrRUWCcZ^6=_JVyB?fil3+IvL#p`TMNJ z+c^C7l?-O;0dw5v)I07+kQ-E*S~h@t&D%aat$R5!@pZThY#~Nzu4&o`BvctpSX)nx z&%PcFgsf9O&?FcinHW%HAZBQ!KA#k1=?}X%eXUo~RoQhxTGcC!8-9bDc|7Y1Rd>i; zW1WdGG4Dg~gpBQ!TWwwzx|t@1ql;5$6o2V(8w(MPbPa}5g^YP2&ZKs=A&(cQs-}Jz zbp&u4)c8Szb6=f0y^$NZ=@Rebvt*96QV>`f2b0uBhhT z@`Jt~{StA0>7}rcg1pzYyfK#GH*9Hgsj_5r^I5CY_&BxqmS*h8ZB?xhN!m*&F>(B> zY=aCmjK&!uwg?Ej(s+pjoE*S|vL2Zk@1Sc{Ol%JW>)-R0J>G`Nb2=KBz1Q6fN9mf} z0JDAB_m@y7tql5iiezEL=?O~~d?cMGq5PxXhzdN_KK;Hzwo#C#q)gf#+AcXTs+>;E zF}V}=_2Tgi4296x{-BZpAax&%iLWGuw=eEk>HJED&mV{8$X^xVRSvUwReMV?G#fRQ zFi7bWs8sXd)Qp8KwMLc>0Zu-MR)Zm(ndiE&>Vu(>VQa<5%Y!az0v6cjAItuuxsnJR zMmH8fHShs`n}B+>bRv<-4fI~_R(FQwu}|f35dYvg_(-Ahy;(`dm-cAho6j}TxHi|O zdFJQg*v?0f=Jkt~Bqyok%oAcMlj3G1b5l?e=k((j0+Q9AU$j~zM2`Eb=G%RasFsP^ zPeqIA>^Iz^8^%^dwe5c~6P+b%tz1mP!-^uEryss8?jvUzni&09t(c&}J=Yl~KNH&Auqb~-R(xXqr)Y9M9J)ibmajaQKJ>xG3p&?aBrS$U5ah*5 zU(RsbDo{g0AZy43CIWNd?-wA<^!v{~(U~ZitTn5TD16#KYM;BISR2EoT4e+s0no|H z3A7_)POyrWmydUJqn{TBiB+TE>@)tyR!UjyoQy#5GkL3YqXMMn*&LsEE$74D^0tQ- zOXa=mB@kNy=5M;i^4xf^qF+DAz1k>fp6xGB=NYgUEI=wRr3xXCqBroj&tp^Eq$O)X zAH0U%V^K)V57#R27&A^cay}AS^zFz4?KOQmn7$Gb7cD5x1!z65Fr{>jbe%B|%O6XN;pfS~93p#_H9$?| zDj0Wqo}3X~sWSW77_*cS=|caBw|2dW`+3BUwcZJ)Hxg}^{hoGmdS4NP{x-Vnu*GMY zmfuTaPZPntY)miQr{pwiloG?TFn36oO~TH%wYWamzuK9T-rN#s2@h^DaO7d%OY={xK=R#&vZv-g`m*Zu7q{l-*WSvQLRww0A3X*gDQqcqH*{451M?8-&UP>ZT5@y0rUg(-bp15BDk?vLQ49O*7CfZ$TbPH z;rJ2Ydjo4oKeTuE;F|4#?SXr`ADht`AlH@i>*rYMA3Ji!@UTPx$;hLp>krI>Kgi^{NMl>j>1*s?@t~=$CMly8 z(To--=iO(wssv9q~d~KXB1SKKfWX` z*BRTP9i=Ym{h&T=-1L&9ovUW7Hv#1O+48FqQS;sVLtWtTP!;0}9dKB&CO>Q4h3|kI z_0NMu7C}T9_Qv@|D02r->M5dL;<#R;=)4LhQzo)NGy!&$Or$N{mNZEludX3~Sq&wd z_R%&#KAl&cEtb`Bk@Zw`%W_T`m(tdu zxGT#Sbt~?_hCqv<3aQ0STNBezufD>WR4lBK-TbG zr6^e!syi)D-#Loc3<+iR;N+)y)^B~up!bDc%`14z;=4g0-P)UOxsX_FyVmm>HS%o^ zjHOHa=fe4}|4g@`eV0mmdR@Kj;J^=e zyF^c4@*Y1d7ibYlEIZ`N3=hQFd&NG3p`zhx`jazXx#A!0m%;j7(wI09dsy2dG5r?K z@a#0Z2)kPl#B+UnA1z)P0Woa7*A{=ozUG85vVgp)3xTk3sm@Y0oUbh6;GU zU3LS|_hAOV(( zJuAU@xKfH8l6+NyL6Hzqr!wttpL)H_Rp6#*+r9;Yn+*WJOHDCS(5M@m07)gsW|>Jb zesJE{a5F-5aU$?11Q!%fSAdH_u+3jA?NGIg(er0y9aZO&wHV*_AeRh)V?PZqvU{SEs>JD9xhfLK=%V* zqoohmLkd09O9;fFI?PkZ$m8K>zwcE3M(5`FF3x$I?8+WvUQ(am=lQtj{7Hjemx44L zUuTo~Q`!$w~Cg4Di3HwfQNzU~jpe}KIH5G2SHjtMsM z!A$O6f!dw;IY(fPapNdvrMQ$_>v<4&Q>GIM_q-xLNLod9C$hDTi;}>UfSS`i;bO#F zB0S+U2zz1H5&O}7>=W(H)nay8K83f>9}4sViAA#a{NX1;A_V;S{%GHnA49|nV51}* zxM@=OF1_ye$`~Cx&l>j+t~A;i@KK1RvuecJ-Z_7q4e~BWe1=&5fEcdjxPi^BBBf-$ zit@v=%mREt8}rff-5V>?rQUlcGmztVQkLq68u6#^pB`iXxIsy(mE4u`lc>#ZF%tOu z6Pl#wt8Nj}^%Fjf`qHbzc*)ApVU!E%%(TPOX87Ds(#frB*l;NAr>wv3IfwNtlw3In zZ$Q=ySDcK;s7|Hoeug}IoUC^y-Gy7z&DQO0k=P584_cW`Dw6CdPkRIPgbFDsUWfDP z*(UaHA20gK9iKw{j8<{H2Z?O+Fn^IWjR28B^4j@xQ#JDNN(4q?+6h4<>aLY{IWk>!OP8tP*eR3#7`` z>m=e^rGP(gY%~k)ZAxVK(M#|)Xdlnj5Ce^VIUrJ#O}mboC^I}?!DXOo`;U9M4zuN^ z<3RT?yrw;$4(=xKXF^#@)&psEo)vEs5RJlD;n6%Bx}8jyzgs=xB^TW5ONsRzieQm? z`mU-MUIdylDZP#<>AFLN{gAz9p|JQXEIBl!a{+`-HW~xu&?QvMFlutPHS=6EG?%H9D1%dgq)oO+l+hNePP31MeJbqRR`$PIpEc zk4+givR1FZy=;Ue#hU1*8{FuELOH#qZE(=;vNgHptFu7P&5YiL-n^zb01k0gG|`q> zj0q3l3j{dCzFnT=%1RHdn&&Gd%f{{eLa#~UmY%5f9jGIX7bfruSaL2zoGYXt{AF1+ zpcUzr9<`T{DKGpetr>Nb8lW%q4+}-jg_=;24VilfWeuqfBT{one8|>qp2!x%NBN-n z!GX>KP5B@4qK8n0jSC%&wh_d0&V=XF;EyvgB{j4j`Bb#nmU+Mz#rawx@JKeqr`x+z zs9%JA6l|S4x=F=iAst zKvJ-dI@5G2)BvF$VI%Q;OneTP>++6i%hrbQomG!H`1XSIdx-n&o<1(Y(@?#lRZUpw zG6leZnmTW8KW`c8rN*D`TTC7ise%GkBL)zcapiNuH{2(opVq(_}xx0o#6Kx zji-3=&Wb+A#N$AV2I^aBg{F@^=ZrN-#dE)JJ_-`|j6(;fs25msFMLVu^*uG`BgqbW z^#tnz@hm_k0j8r$~sn0$!0hJUq^(#NKAhF0Qr{XCG>i9Y*%^Ily8 zq7=69@VrDX?nOEAhrb;l1Z(6Pyi%%QYuxZq9HjG6mkOr;%`DCy=ViweeD{Wd2;*%3 z&6VUch}fOK_hOAeOG5w6kaM~dlF@0pZUnk9!{0tOb;Ma#S@U!yS43jt8{Q|@u*%i6 z*8ci)iDR2zTGf9b91D)OWPlM?@7Mt;GsvQ#0E#|Us=yzLyR|<0!-p>u1lngmf)6>{ z2>a&wzI;&@_)Cu$k18|-O_K4ClzLW9&pQ0%eP7nNE6F?b2q%Dp^-jvHJQN7bmRIG?+c!K{cN`{7R3{YA8Tuy{)R#&V1Tv{ z>&Cy_xY`&i1~Hsp9+Y?Ie5#tKpF<`qj@emBR{b*Xt1ILFxg+r#gdDRMI`(in16$og?I1Wp5EAlq ze{R$FxwQ%N5aQ@@ON+Harp7FPY9KgWl&DL$9E(T}^KvdOhf^9;WQm1a5|Ivhc#-{u z{Y)nGF8hLeXj}q-xGet()5WGvmuPJGz{Ga1gGkJW5 zqOi$Rf8tn{p#ZDi&(|&9$No>b`p5Avx)6f5l7JEBRk_9VF?3x=+|(=7+K82MS0Xs$ z^^5M)6@IM5dcMoM3;;y@V<$RsU3L#vkj4bNm=q(J6ygOS``zOVzf`h8bKQU48*J@h zo&y2Rgwbsx_TE7;p9h_Px|*6VJjEka^Lwxm==kI%)*uK@eGnHs?DSB6(*QjxeC#J> zyiW)DorxBHB9jlclU7ACeday4qOjj|otRIUbWXmK;H%@oe(i<&oAF2Os=goGfU_nj zzmFoge)by?x50gD{fR_QB8#0*^SV9bDvnun6ol258hb?=CJKVj47xaF&Gb4P(x|wg z>9QWUi-BDx;r>hfTMdFuNY1xW2WiX>f8NKI>Lb4m*upN6?9g5ZQFn*mF?z&&ck+5~ zR#)Ph=XQxCiB;(&8VliTmIgWLY7B#8ifrqPU-&*-kn6sth6_L_4T=0Ue4^5C)s@Uq zGcdVJ*THM4;VT$>@Rcill<5kF{xWb0+I(-okL>vM5r`>f(gf~UQP`y)+882iZ&JyNbQfA`z@ zbU3aFG=1qL6I`p56t_>Qw*~4}NB-^oP7*Vv5P9>Dwu6g`&C>a2e$2bL1e44uyFE!$G-*Z z{CL~gwj~=bvUYzeywmN3EL6#PtKT0bY2L|spbi1-6z{Y2@q!%^{(@Xj*8QFcL=*$5 z#DVn#o?_b`Pl`%u$6umdrYV7)5;&9ts9PpQhu|k71<>=yhW>*`vwd$v#Minpc_2G3Yq`mqPN~4WC{l21v zqlGD|&V&B+zFgB?-o{yjn2FQ97+)B%FN&Z{AAc&FQwJ6-CV!>&_<2<++dN)g#07qa zIgCf1#@d)0GN(GUI`a71vhu$aqV~Xx&a5YF>7LJz$r%OLoOi`J z@qRhiKw~}=jAh>@n}^q6*HPvB3G>Wa^-Uu8m5v$*J}r(yz0xX&^5?OgK=O6UhC4yF zQS697hb)ncS1y?ue?wPgez{;bhP30QQKwSP$C#Ttd(%i7-tV{iQjTy# zKfP~Q9d9K>pS?g~)k|6?&K+Kc&Ph_l=;8HepS&~n=KjT`WMTw9z#1!ONVgPlbRGcMnG4{m`}|nC z{UG@mN}_R|_pmxXDIUZ*U~TQbv=$Q@b05}`qg|PvR$VG82>W8Wgx}^Gg8z4P5u996 zBX-~4Np(wW-WrX)U1RS`QE~ttgXN8uuT^Q2;VK$UJ%ZDJZ&A%QF1uQo2;H4^)u`f# zy5!BEr8Y3gX9>l}@kGSnq=FMX8qpxwnSsIBzvjy@EchxB<+S6;1OeKx>i^T$Y==Dpl?sXl$L zB<`;wDlnj7!u9I%eVFyaX$#$?o5X9;6BI-(G!hR-e30z>jaUr%E4g&j{TCpi5|1*u zl$w%A4NLeVRx_1s9ckO&sr*9wa&xF=%|9#MeVeIF15~r%L9H6Ub1;(0hMyapD zsXAYB<~X^`&A(O;cl`cLEnuy>&Rqfr9|C2f_w)7iNrk+Ogt?)Li>hl{_aW zDKZPT)MH$~rXz@eqFZPzx9v%)QJ*gH;_0v{f%sRV0|=`7+WW<6cEp!AdS47E==K!Z z({~r1VF&94%7FZ%A~=)J^*R4jem&c|NyDN_{GcUjX}{l}9-!H~a%{Xfb~TCohOMfA zFQQN#M>M)Ac=zD^Tza?spL}&$(~%@de%DSSuBmUgRL1n7m`Gh-0Gdd}zfGY&$)miI zGA&bP)USB?cVXP=nMZ7KyR*-C$CTX5Zy5+>!Ty+rYZfY%{9?|eh|C|_*2*liz>D?o90E;g~P6ScB(qA-Da7f0W_KJ++WZdnjEE!I|q) zQ~Z3DUGH#O%6kP_i-+$@+t1-#=~axxC9O`JID>9ZaQ8dsJdz|gf5W2NvoCf1@XCIC zAAxt)muB12PC*d)HDYFLoYm zE8p9`=2_A6z}~oDo=)SYs$R09QQ3@TbbUBa;p^I9cITshlsFDvc2)UKRaiy<`V zw&&NC4<==J=~E&TW`rqfm`%F1HVRUEVNh$iSAOlT~nebI-aMA^;KDo4;KyVNok3dmKKcv&Xp5uKupy`KvTnoA0HH(O)Q8YzLDY ztlC>t$k@|la1;HHM_9hFJrQZcO9crolp1j4m!LQ#K1aj#ql18u_XVkRMH?<|CV9b@n>EEP9)N<=o?l4@X#&;B^k4!!!G0!3Gw7q@ zFQWKU)zY?sQIXG74{krs^aS)+?}yT3HKMwRhv<8uZlA%B-}dbbXvA0I*>n!+B`u=O zg1!CuI-Honp!0Y21mSO4VvRhX(gx8kwkGvbrUYrMDl8-Qm@3%^;hFDL&u*Dy7Zcd= zu!s!dNB1XEdl#>_uak#}#U8KQ<|TN8{?V|D1I30$Eq{Jw0+xATV#Oj_NwN|7-OZVP z$pWMXOqM2k2o^ym!!72MUexMmwvuZ8atFzfFQ4(`ta1-9DP`Mj7pe9744~2rn?C2; z^Hm;0R~phj>baD;hUkKC`JweGtY$Cua!6$HC>fAUR5K3PU?-EU55TmCUaKT)N%}B= zcvt6H;EMP3LHFn}-nc@iI7pqyW&rRwmogyVDz(2Z!@8HE_od{0IKss{n~UEb(n4NW z*-m!?p3&6SqOA?{RCavOl!Q?ribMnf=lT!#Oor`BDr@5v7IPXrU>GuX=YsyO&J(yY zjBc^0%K)aEcAgxrlvKZHRki%fZI6mR`?j*MJ+CqNB`R;WJ3v+Q* zjr6l33RHrs!N5^RIJk)b;y>(<_tPLsuMK3_wNN5((kSzv)fERBw;!k2&A!xAlXxyj zo|Bp&`9j*NeQ-ae{!tG%2A2Qwq_bTyPs}zwJa0i(E;sA@d?u~(l{Q8WrMC1$_jQ9@ zG~QRs^9GX6b0owsp;XZ~eAY*3G(EKhP-f?HTD03ZUar*(ik+gq$9*t}#tRkpgmEM$ zgcINI&_&pATH^zQ>O4AQ5;#(kL?2m%z^!^27n54vlCHmhlGq;=jzJ6qjw0U1WS(9U zzNz5ru-cv@;)x{|1X%I}x9E}y^M!|}Gz=*Vs2BFi{NWw>?=Th2^Ic60n&#$rRGsV{ z+z;KL*zCTRFYk#v(jTIHqia#C-_;cxmHqLj{mdR@F7rH;`aea!oL5H!KB5OEolCvQ ze6>3V^Y-MUnI~$}%$Mx?C<^hMbUZUEB`~F;0`t8i=HBUU)=8?rW%d`#?h%QOxR|2f zuGdcPi&N~J4$(d+U`%>?82bg^n{xVdOd5AQiNyY#a%(c>C`M+#0riBQz&w!Mop{3} z{ru1(&iQCJ9Oh|n;FOhkPGR|&$Y{&fjQrUPaB4S0TV?t|n)10{zHovrD(YGcu8!J- zdDb192kPvWk{-(VcYywjC%rS&q5V7#8LQs!=NQ$fE#JEmoOWyDrzxM0Hq9~g1l0qg zd3A$*mS>OnZo}Dv#zYtqOQQjx4^8 z{0ai=O`y}fmnL|#Jl9-X0$`jS0fFBmGSMI-Z=MI-Uoq9ebrzOkPn2>UJ$l)LhOcEy zG1Jh`&!aiVU)bK{2>(eso-?XUPugMOLr7?x&!o8$=fHTjeqrr9598swB>E+69X_4tlm3oVL_8~9K2 z+0^W31TgAZZHORy9gQX@HaZMnl>~k8EQHMTIBn=nK<=t(P}|?D#U%Ibn%IAU*30bQ zGO`y>Ilyo0s5j%DzozbHNb`Q*wD?2q(H^Se_=|@xAlt0ssu|5q(tYB?ean6R2*379 zN4!%U*@aKD^~wN3X_)W?<7OTuy1NPwRW}wyKhXG5AD3TijnwU?=8oN`#!en#%NMem zufdH!C}ye=OsoJVyB|d;p<6I1xVZXh9InnQ8rfAoE<-f4JcxUNILcJe7ku`6*Umx(y~JUUN-h`@zf6KM22`7H)Vv=l%PwORft;0mYGsg} zc3_baSvRO(4S}L7oAstfKY&;wuTkwWrt>eN)upNfy!y?-A^N>HB6_a#>y5nh5vZiU zuMs@~iK*i*5?n>Z6>eT`Gx5JUZJIr*SM7=2?-#obFZpuY`xW;TF3m_Y=hshF6n)V? zw+YKg{x-emmhMrfz3n7ck=_3bD|n>`df4yfGVY-9<##HSR>1Bo)-x3hqazggkJd7h zg%mO#%~b^a{)EvlqF0ko=-RR-^J0%z@;!dAHi-2#Qi;sAWeFdS8ST0f05+&W{L#PfXl$lY=0%xI}BwXM)|T&731kDvC9DM ztUFO;j2Z)}nxR;Zey&;6lGadD9na%uzx2b_k`afvC6T@`Zsx(He^ejaF3IljGpaTG za=1+D44HyIJ4cwyu45$h(K#n8QPGR`VdW@2&%vkn53a6NX@8#$VeMa_t`6h-*#=@6_Q_p(H|X4y5b88>Db~8YtUPefko(6z4+jnP38XET8Z4gr9Ck^wCOVs&k{+MiTl~SWgd-Sj z$BRu#KHcfp)LaL(P@&#*+?SKQymw9V`QtWm6kqIvigWB0x{mhi{yg=YFejsH9w`>Y ztKiHHCS~%cEKdN%WN@do!=c4^j_vv+@J+27IZ-fD9M05HYp`#krV^Sgj4uhV6@ z&)szurddLFC`z^cD#c8@fAVK?@)BYF#882(bNJ>F4Fr2$F~SwCcdb3R`y-?tp;VJ~ zwaoM!TxU!#z7cqejD~Op9mp3LRODsrN@U$$k47EM>8XHEI1%q<9`yu=I!V`zE+T9=7`_Z z#>xlJAs^tgdX7me6N~%Km9j&62qPak2EDfeY$_Z9UjcN;kM5|?!`zy`tSn8Kru4v9-b~> za_2ljujSK*=v4s+@%%2qu#=P-WcNH;k8=))=|=OVi4iI~_xFq9 z;N3;K9bTPUI!V{Mp#J{Z4<|@a0W72}GI3*HZsU!zo;ZTC0GMp65na{1vDJNa%$s9iPe2ods zfA?7G)-FQVYIw5%SoY}iW8mbA$MIu8%kaRy9@&^eb+m}&$iDfYqV*tn@Od9L@!FDT z-;xxPBM)-JU%g*?c~Ad19ZGIhKLH@Dm2Hp4zbGaHwEs|zt5 zTr!R;3?`A*2UI@C`iWZ8bUp9~Es}rUd@hq<_Um^_Tn%8SG8ctRlg6oJAZ4}5Z~V1V-AZon`!`Bd&Iu>jn;eJBT|l(Udipupz#R71^I+#FI14`$mBLyQP6i2{BTn_WT=-KbzgzfX zogU0Pv8?rlEp*PB=`t6VM$oV9(uK{bnmmh}OczwtK~*Y{lO2mZmJ zL;SjYxfrX=P(0@Q>M_s(Kqoy(tQZnT19w5uFf~KMRdW%WG0Rhw5_BRO$goxbXn-v>KF z7RGeoPkp#IXLtS^ZwtD-X&Zih;zG7AdZ(@WmFPWY(r<8v3~@pcPpv8EDX+}>Hl;z5 z4_UXg@($+e%NQCF(w8A*Gk5EgcBHS~$X7DU>`ZjE$99kLHHRV%y*RhJf&72hqXR;2 zF(Cb3<|N(NLl84N|HuJIzuW~{>a5-AH>tU=gEGM4PLAB1#KUpt&=pL4(7 zJv9WaDTyPsXs2?7px=`b2bj>$s7^2Z?dS$8FmNt3fkwNKCq zg&rdW!1}h<77MEHSd!J8dS1CIft(gyQF2pvyk9U)y&hWX;Plv@#nVgL*YniD|L|vf z?x&)Yh%!j`m6&*E=i@bRWNi8BlPo%*@%{H-A=Hi=uo`STBBY=IQy=S&svk8XcyQ~! zFmfgEhs5c8S@6d_`@6|-s=Up{JWJ!`f-i%D?}5%TjX(aqp@=HZz~3BKX)chN60VB6}B~a6R7GR@aKdk6xnZzRzQQIRrDS z8CU!Pg|Pk+hHsOq7%G(SG1M8%C}|ln#Tj4slkI(i*su=$DS@p$NGy1`OwkI_srI}t zNG*y(6S_eMy=Kb5H`^1<%)&Vd%nvIZX~DSSdW0%e1cmaBLfcLH8V$9w`Tmv8CW)&F zdcCh_L31-@7wc7SLf-OMy^SwX*2{PxO+CxvF7M3H6QCUY5n=)Tmk;<02WIG?sb8%mJcYt+qXu|7=Zu|j8;&JUk% z4C%M{i(z}NVYW-%81i#Qzsp2OiHn)e>((Xd95L%Wt|W)3A>ZJb#9ygLdMF z6HKDAT9t0+^LeIDFP7$$Yz(iT-!6|OY7m4;T>Ef!m#umeH#>LCU6T6!Y6C@jDmbJm zUY*9JM1COY4}hzIpzkYQ6|21a*v$J$rRI-Hu}?rOk2WiO?Sy*mnpk2o? zq}8G%F2z0=I<0sb@H*4v2GVa#y4lOnAyQPyMxfg6Jf8^n1+Soe-t-Ime8%7UQ9UkU z-=$&7->+QoI}tvNgQ6#i7Qd`M)Z1^=UIOtamDGI(CnXcy5p{g;(abk+o}|Kr%V}SV z4xFkJT6>z_yzbt+B|gfWaA~qTylkq3bDRo{(u8=+d$h=~XD)6PMVRyvhG_6uE?zLv zfabe$?$C@}vXIm_B%$sato;NW6EHSYG>VbXq!ks(>I+3t)mZT{HfSGCz{LM}o4+6Q zEwfMK69D(iXG3d3Yh#0#b@jvpVfZ>z=G`r@B;ty64HN8U<$*ln|0 z@V@nmL>hdxIpXjg;h2RG@VdWbgJ;BNj&L!9Jz8dt%DZh2y~3~cu7V&QJ*Jh5+x{iD z^R+DY$^qX4*8nt0>DWf=sQe74(HSF zJ6%_haM+?R;7A1HX}_<|YX5O`>TW-6jY7(*ig7~VAFEJ*SNLY)bIaGE`Rjr`We{A# zeUL?uFXe9>PYzf4cTKjZNw2rO+2{E8c%&mi(uZQ7Pk22ryWGc9gzL)-rkD!jVJ{z zug;smZ~KfejTBif&C9ocbY71G_moKG3)%?}DTk{c_jTR zieq6o`#)Z|z-H(M^pkTnKRBn01VSWgkiozRi? zjsB6+-VGs062Y$cT(!o$0 zC-YGg&J7K?Sp%?VO+*B;UvTsMxkeyc(EB2pTJ4(>?Z2W}HsS$xp9$pcE>l`hqVYT3 z@u)a6>WcMA4dfEiio)R+s_3W@B!4^o`h6;S+~vE{Gi_%fOUTHtRyjE2G@=fKFtnLo zyN7ut=Hv1el|N#u3B5qEFrf(`Lq3~)^Ryq-R1o))-V(<^X}uQ9&GOFE1(IYq16O|& z4Pv_t%@r0+2dytm=!Yi30Kx^|2#3rh&ElE;)q!pD?7lnPGowDwx zBjJQ0j{e)}p)8AE`;44I`w>s(zTdT9w;-A~hf(@NJF(^f1}j6ZRvkj9bwCBTnjeGtc2lE=#11nzIAtoxi^*7XPfv@YtO zA=OIyxk8Unhli0UH!H{$*6Y?`&jb)pyp7#mzLB3W#Yiqc8pIH;yLSM}w0+KeYC{zte?BIfP(XL#le%)X~}P>hCKKoZ{6u@3-*X<;rka$e;GI z*!}k09C*k_BKyE3RQb^L(djMOq0C~im`Qd#p$!LtdyH7IPp~+A!Hj3-hH08O9lc%q zMZ&ce^>J^rPAB6+QO&SSW;?xgN3HhUZUh2X&A+9QR#6tx(N%I9m?CDIz^a&PmJ#j{ zX|cSi;tj$e&GGekmg-g<-BJJZdxPDu_%YP)9%|6{o@jaa0z@vs$Haljn_Ig6fZ4-a zWMUxX1*t2SPX=-znurH@)U_E8E*f#|A;1D?vT$eWbZ=ZjJ)3rYpPb({cPWZ9mCe@o zYQA2~BER$%mde69zI6ZbI)T}Gz5Hek)af00ijAz8>Tr8tEQy2rxE1=LxN#M9Td4Q_ zG=AP@aWItpW8PsPj89G6ZaDJk)9AC{7l9sUJi2`$jJOYOhJ^>UU}}=^|v3pb_pzj4bDy;Cvb1rQ9D=Zauf=}gG&4nh$VTVS*g{sZj)Oh`+hf0 zCt>GDO(!80$O~*%;+nnJkaxDnmnIK;E-@30I`qj5K+=AL(A@bf2_9dr&i%cfBtbSB zsWO87Ls_BU*(r6NAq8cP=JeRtKl{BGUe)n;cSfz~dg5!KB%0e0BULo&Jqq&?#H z@x0%d@2ejnx%9a-v?G;vL!emt4qNDqYC=k`kA369VYAmE2La^U zLQfn00~U80oes3D#POM_qs1pgFYn?CQkyU#H;QREv6riOSom zbW(vTBaYkRrumzcBU|z=9!Mbv_=F~)aXXATUFYJWC8)^94@2DqgibbJLSxP1_7|U` z!~4OP$nSYT!#?DLO=cR4|MU1IBKxxMo0cD}Z#UhSWobN9DrwFpGs5hSj9{xmR!YV9 zfN4$2`L8AM0f8QH=$Yk`lL_x#A1H|P9`NwDNy^{YbKz&8vyG|f?ZUqcXS2&XKRjur z&7R8$9#;A*npgQ}j*8N)1-d>I04zot?`zw$Ed>J{%pH;ck{fN9zdV4S`75EQkR{E5 zB~Fl*E6(-h3|>g1#S7o0p!ROZ6&3LSt6Bx7d17@(dI(l^xsQYQ1?IVb90$yf{zJd^ zC?;WjWzQ$>%KdmwL$Yb_#1phaJoRgGoTrRdxC|%;EX{lMb@$h;LM-^1*NGcO%sRCz zrg)8qgK3mo7FrbbKGq92B4Xc1X|$-SbCGrpx%+XTZiF4&d@;$f10aO0qmaIEDoQ%S zi90QuLj=qZJyh$B&01C5K0o2ki2K5Xf1>aeiaWwZjkESE9X)d`3cyaO8HJ`Z>6za=a_yEbWgYXu%{9zjMm z6geSK4x_b<#xW)jFXzOzktRQ~x-&cnDGotOJg4yF_tV`Y*q4RM_XBy|peZ5?rC3!#YYPX$m&C(P`pBWYh}-)6u!_l`%;u+ z++bwapH}c$CR_2jd756qVH~IqJ`nupR$YhX4U*M=#RKEbLA9^OyeVLj`CD*)K`&YH z8KwaQ`CyE*en@(`>4&gCBoGR~2B7Ync=L-+8xN)5!!Q5^k3xncyitdtc^q&)TiOy) zHA-lm`4i;#W3=xu<(180Q@i~wSbI&YENeU{b6fkj_Cvbfgd;>nE|3<+39i6(&gs6* z(7cd9f?zglW}Ln(`Am46v>qYM{FEWA2C}wY7h}^tR;;%QI~p_2%G1 zyx^O#gy1ePfQaosCZBR|UyEE)fcjT*D@FEa1)JF2WH&j!v8nzf!b|o+P4r*ZJGp!t zpu)=YfSHzW4UJIcr@!JQT%2Cw^;Ze!$R8QL_Hayg)kIuoz(fQehH=6V%Ae#rsag%H zkVE&0Im){4*aY}Wf5lBu<)i|xQL@H2@N?t(-pG(ao2Ho7+atP&gSQ7Bn!HyePRbE| zfoUxlIzP_e-+{Os6P{a%zKVo>Q`xXs?h~4>=jQgj!v*1m-TrD%2C=`M1UsS;pa8)f zR)%g3+;mY6dAZx1eSiw>R5v%!$)fVNvB~$a_<|j3*q?_%FP|{4fmcZfpX=V;o>wZY zx2v~F++EkQO$3jINskXz@lOE3`*#x6;Sjjmgv?b#vnU zn6?bMf0|Zhf17T~n51&Dt1q=ukDJATELK8Y52_kNKDTvyM=qwebY3-)`_=>PVGi7U z&)~#y6~7!EEgID2&a15Lt3+}wJe4id$JM*&4h`)gVf<3g61tF*^i~tGp9oamnm?e; zT3a$Lu&u>FTPZLvX;GZiFsb7`g<4d&GjzmwcaG7#IHs#ak9F&0i|K}gH8<}1gf`5V zZT&l|Qcwr()jJt`2nIw6yn)C020+N%FUu`NJ^5TTw_i(Ct`4tQ>3Q0Esi)NfpudUk z@e=hW&5D~Oq0l641Z^=8a?GXUunV1`ItKlpA(7Q?NFJcC3kwPWhgqg-otRL8glgdT zNMeqGR^KFbAriG5-rev4pp3Yi#NY&2gKEBh@y}pU9SAumf=IO*eWw@{=yUSL?tDk_ zdGT)RNKFJ^yX0c1y?wT1C4xzm#8-)?7JcO7W~^{IjxYWBb8NGkjx$-LJjtFruqs^6<@E`^guC~q#pvReDLgqW zH#akj1*?E_hmWj@42t(wvrpSX-qRJjUi?fX%RQCG&mfqeUMFMG6%LJjbYJ>KzuQx+ za-UmsI~xZtys3smOno7w)isg&jtLSeR}9?c@2yCOgExx>wpLY{Uw5-CZ_47XGc_{i z*8(I<-xIXbQbfyA9`Ic{tiMq@Jd&87SF}bTbB*T_oyO$83^@>V-@h9Q8MpQvSKVy` zdTwjjL3<&bz>a<(qHd3w^t|SsU+}Pm7WdfFywZlMJpf8|i}QnP)Z{8N@pwM}rBe?W zilA)QmoF|{)+fBJ5m|ud6Mp+LsveaBE}wU#%N|9b!(mF2R1KhUexDCOVK01L5f}6K zA>C_hO|R{^Ez>V-_Z9Nt$R}+9z$cel=@c&t_q|1CLv`WA%Xzs<=n02>@_S6~Ac3x1T^`bXUPv)JBoE_et!{fK|kh{L1RB7Ch$;)BDx4 z2sC4s)AOP_CKA|?qwF=wwG`r?))ullOpNYtu6eSPh+Yx}0PyV{-1LH=LKsv&YV*|+ zX@YtZz?7szu3^lBl;GToS>h#XFM~e!BFW7*&ZjPm{nC^V&FMTtmXU{82?5Ufi>Sh5 zQ9j)Cs$&PRn<{gU`^^lX#tfLGT}%1xcSX7Ivj?di^Lu~1bYMSMa`xKa7(mE-g%8Qa zW}YsN5YKo0V}!mMubvbhs83PC?dq@MneR2H3UvxPtJnRnY5 z=@KV7_|HoUOU`32<8F%Z89k`3`FXs*`-K_akauqGHy``1dS^7frM}M-L<@%IJj;?# zlF-Ai72fHA3(c0RYrY*|UhqbNY-nU>An9X53BHGU`Sa9N$Mh5T72%r$;NYoG_&=|A zVCUgZyf0(y#FVZTYp(+HQ|#}_>Gz1MZxg?c^V9OP9wLq-{up5EY>V%pyr}aGwCnS8 z|1(yGuu=PaP0kzD>yTx&>&zT{fto?YJ&TmjAJ?FL-=+kmg@aF&(+nc@Z7Xg5aICYV zWQ4uauP^l|aFu%Ya;okizclw`sg?;j&)Hr-Xk|(R81j-F9we6EMUhiCJ zWxNaFgDut@2!f!1B*=DaZ!KS7_Ql#0Dx0VZzsQV;5?=n!1tFQ;-F#Y7=cRVC&Uf4~ zQGIku7(aq#Qg&SyvE4tU>hD#8dlxyRF5X8?2%O)onI>n6<}iM*t-W?>g`iCfN#BN1 z&2OCqL4|%nBvb5;wt-KfV;A@H_Is2seVbq6@6SPuOa)YXKLeD^wDM8D7yop0f9Jd_ zI5qQ??7O_~;9y;}wj2S~yQ7qR&Iseg((t%@-p~6W!v~}m+aj@^(Qq6m-{P^aZtx|c z@eJo)DosB5W`^AjNG!|~aiUqx^pS3l5a*BT*zo&KT0S?AkJzP`2 zwlC=8=8|BZKEkh>@5zAJ;I-nt*Wh|69JD99ecGj%PHO%<7jPcJZ+|$Rmom;M=zX00 z;vKQsrX+BM@Gl_uWB0{?Ju1FrBV_;F%ZUiQ(we}%(`c#$$23yTY+ zx4od<`AX!pPF{IhoUccyFj?)xs6Oouom2Y@h%#hGKcU(w4to;%iz0=((?5FlA7P+E zQXR6{?t4ACS?N-VuS%CdEcN3j){UUh0AzgOCeX*Tb=a4xo>t4X^- zml7Abk&&gk+#+m+U8{fUKh)(1*mZaMD}=w-@Mj3X+qVfA5dH=l>Vs{TA-P<59J`s);bdcaht!UnRj^s zj(RYTGadFMdPMEkYmnEbDdzlu5j&JMK&1r20KY z$qIa|yzCb#1xW-E*$J+>Rn58X$d z4}JX-G^K(JO#l8FNVxwDcsa0-enEKjA3}i&+0`}=ZIE;wYngBw7>0{A4n+P)5Yoyp zV-S{yCoj&2lYL%!-g;|edv5jRmz7yj?sL2eDyHzb)@KN#wR(B>!ZViDKAj*wef4DR zB=mw(9k%CJ{2tPrF798sI;zZ_+&Dnbc#2P8J!ixOS#dN#Cd1D$<(Y1dH4sQ07xiDm|$@D2z|+te~DoC$C+0Yek# z6fn26tjeW~CK>LwQez8D`9+ai_(j#_6i{!**xrO^2ZT#s?j7-})r7l3g=xQanf-=% zCG|vEax$Nsd)T7;@-gFbbAOXL8Ar2!KmpS{wvkXK5pz~0bjTG?W0LMlEZMIEMP@YT z%FiI{19iGc1M8qK7uoqhDCT(t;sYGhT2wh?GV-dh&(*N)AGd9EEGt!F zKWAI_Sz!za4^qk5dH818m>n>6`xtTZlCE$s#SSex2U30u!}|!uvfJ~iTcml9jK+f} zSHlcW7j@=bf5vaAvl*-%1%`I;Rew!94BtBy`e9s2`5YJkqq7lbjI!yc>G++(R!I?? zY|a}3+mEZhMme1r68oZw$O@>h90C0yaMX$m`i zpcK)&KrpF}`%*Yfa`C(zo>2T|;){8d>CgFbp<#H5&sDq?nCKjChsw(O>fv$n;leFY zfyqP|h{kOdQbzSIm(_`5Fe0sR;?AFQeNNy-`}m23|6KMZLhgSsrSz-NhDZ(hu9)z} zi}7&PehG(a&VB(%IE*`bmTaLVv?=i7w@`eABU8$-zML!}Gn|dEQ*9!8pAIS4f3T?X9z-I6q5(Q0K%C}pIFX3P6x&3D-maY8uak_< zSsM~Y2S2N)M-%U~F3%I)xb`3mFSxp#LS{}9$@dTUc(0f1&1H(T9;$DXdS0I>^n@d8 ze&3Ax#+>FldXhow>upE{E#`%WAb@7C4SZ>@2NEBkd? z7Rq|jxxajSBHPPjlmqG;GMy{4-zKQEBCEidqH^#O0}$bMd-yIfzk&O1axM$w#exd-p}HiYrn^q5+K)fx{1HPx@HGD z&lf7`Jy$C6&Y+WQ7h(K?(wrm^u=DfeXjMJG>pM zBlH}?LxE;agEoPk$`WN;Sy51jb$~9vs*tYwD8+qcl~I)|?BfBycKN-2ebS0CgLt0g z_|=9_Cv@m=N#8GZq5(yz$?7v5{z@oh8Z4>p`tOjfwhZ%>E1@(KnJYV8x zzCK$L`(%n{kNjmnnf5plo~g$;Y*g!hkM|Cy`V}r^&LrR9?!3;YT9$uuQvysA$ftc? zhekzl0XU9w#wFa>iq}CZ>F-u?W%{}s%wF%1SoiM1H-1XA;pT>xa~giiJfg+a#2Pap z1U@S5>T?uAtDZ{iOaAD`Aoexd)>J(`W{;5n>%Q&laLxuP7TTptYa|5#vJ#9(8~o9LB?2I$c& z1fUHG2c85fE^}JNNAHH2O7>nVo{rm#c$hR0ji`sIApCx=ldWkb1Fm!kc0pWa@0ZsS zX07rTGj7r!sEaEmA~2hau@DPwNDMch>c;%^`7%!fAvlQS!SZZjH$W0 zK0hcRK6^d_GW8c&5OX>@LB1vZg%1{i^C8v`d(cWX@N`R^ifOdq}{SlrO=d;)R|F$s|_`%2DAhxrt5=k zy@E4f{%!OG`mMVGO9DTKyYV^L6Dgk3%XKM3in1UV6Yo`pT_c2 zoxAr&U#~s+I->8p&>ve*sos6Xva?0A2TkEHe|y~l)sk8nV1iWrbU*yakNFmQOP`SH zlwj%OuY1|se1Wa<&D(BNJ$d$*_ci-y#A#~55##o_A-HLN?{#_Ni;?L%% zULZJyNV+~y)gIc70~ZV@JL;Or!001r8;WSod+gwIfj6qwxe4ZS+n0!Mos6ZPG{{(O zJ3ORtT!bZ_Q`gBOtH^$oD%#jTCPz4|S9YNL#1&|SA~=`PrwufOssJZk;KyNQ=*S%M zy1ridw|hyLvnf4~i+fh{Q-oSg+2eFgb33Re$|BrD2%T@Cyy7p|wrO?O6R5RXk(Mz6 z+O`C=0Q|8n-?@PD*m5Dv8>7&0&-?AU+R7MKs?77!oS-u*i^5=$cwF4&FTn`+BOD|0 z>9TJ#=cNSRuRQaxu^9j=z(XxeJWq<&f)=D}!}(hsK+gsG%h;9T+P@ZRa_q&&ymM<`nvh+-O~getj*8?q%W z!BCUb>w51}PIT+`xHhF=%mki=S>*8p@v5iPplPz!`h_uyxccmy`Lo}@Rm!194vPdp zLKG`FMKX+lMdx^nzt>S~!oyJ*6;waG%lk?kfQd!C0?a5PV{b#Ye%)MfVeKE~I6D2h z34h$Kzwyx5I>*M1l68D-+$~( zdCZxPuWxRb>rsCb^WF%;ygrO2!KD``&3&e)sYT74?9k+Q2$P&17s5y!2>s#!>-q?z zapA0ejeK73jDmz=lq8RKiW0lZ2P=Sr)?~rlP?GB5ADU(Grmjx7`ImE8!;8fk z3%nH#&pZ<>zlZ#f*M<++dh*%0!UN6pIj2-!R-b#*p4fS9+`&}N?{w^gJ(R;M>)z^ez%c~3mvmyG?arv+-kE~r(%5FG7^ zz8Vax5Mck$Y-T1{jMPtK?!Y-wMr~%eO=1?XFrIbMiDs(DhOw*Ol{s(qD?c*q=r&QZ zdp`aMDANe_9f+6xn{)XLi1a5JGjlCO8~NKxID4f>SmJ>DhGEEew3m$~qW-C97}q^A4R&&Y-#9j)to zlh=p2P^iW{c?hhN{B|)9J;nCzi-)GOIKxQrrk_FQBKX`!CXSDkzO^#aiYx*!gwMyw zzb$dNXM5Wx`*W$+)NH>sW*k2fSILJAYQ+BbvSG3FIekAn(g%jx*({Ii{Z%HV5RG5Z zZl&Hk{UrE!Gik~einuI8t8Z?3G1k~iZp+2p4v*pdFd>7$bU?}(Ctk>*)}my7`g|yU z3w-{{9trLOUauowvuFYssYp;-rd=)_B`{t845yF#xA4?@Z}RSS%G+Jl+x{ft%3zFJLN^9Fk;B=bC)8XV<46nVpKpRXDb|HymqsHo1jT{xCR zj8Or5M-;KdIK7B%dhdN~ncjOJ1jPy(JH`f@AjT4F>|(`&73^X|tXM$oh*-|O{pCIH zTIW0GkMFN1K5%*Eje10=qRCNc{pVUdg!;W{y7h0#V9QP?3DnV^a*&?FXFL*p?C;Gp1TB({wt zU;;xLm|&%l5yz?{h8RzccQe7Zfp~n7>9=7VrZ5E)wTOA3b&JJBL}FRc%Q3KMVVjI5 z&_kh35wUBPQaR8W!dTE;E^@!5W)X%6T_K*32HC$6RS8gXqe$rtp;-d0G+YuE2MBsd z!86GwkslyZIup<;(3B_u|8U_vB0M^Zba(?hB4m^X}8KaOct^TJpt4Z~-kHy6mG8PMV^NJH<;K!MKN`6OP``#P&MdWuqkOxNPB+F8HV`QgC>tUi zUqH(DgJ3w7L*ZfJVE8fH=wW+QC-MNX6LLP0${ayPPl`E_fx;g^ezJ*J6Waz&-SA3? z5{eM0G!+4_52`g1u7!zJ8>1vO1%pF^IkQCUQ3qX!bq56`Jw_7efUYzn48Ax;%LQ3j zn>px_ar|UD8(A*`BOb|w%McztrU-Edz)S&%*o+0)Cmn{Op+pf;J8192o7~XdMIwda zQ+DW1gBOA0E9k=b!{R8JXJ=ty;fcd;Cm+hc@TMoCB}*}?kU6AvF_~sSX_yf+?S?;E zhs{brYzm7Irim>k50MtcimehqIb@aD`5Y$?mLrn!7cnt19oi8Rc*qv9;~N2*JII&# zp_kj|F`Lx0=#1?Erq8-DbBR+tu+hGhs-JJYW=BK`GL zg2#>X>y$(cz=3ISU#Y~f!fqu|I2s~Z?+9akBsxy5QNv_rdX09nQb91XQ8eVC*$qK7 ziUThIWU^Y8#La2}#E2okU! z97Ft#>JgSB$wFr{N%RPd!P6PNK~w;R#p=Z&1qYJhP*DjgqZ)wlnZrN?LKOl{tb)N2 znSe;2qN~H204**jise=r%I}f|`CicF zwtx>o<$Aq3wZ#n$K0#pHM_Jra1CuLZa-vcYb+LhRD=_|{r4Cro7`@CRbm>qcmJei) zBT_6s#8LXx@C^(Hi6IO6ptz$ZQDTT=<=~(L#;}Se!ApRIK>-LRzD7th#r#n}hN}Yc zADCTCE0M|tGF7)W?6do^K6u5WR>TB2lr>-ou$6cM!AuwEfz?At4@cr=7MMtwPfUPU z_;@&%MjHvU*uE$*lLGL@EYw;>cBR7Zx9F){yb2UXJbbkxq+$f9K9DxDk~KEIgT+9B zaY8dJ5+8^G8Mw%bcc9JgI7AiH7)s}N#8vD7Htsg?@OlmK9_x+LfCL>DLcS4)*J>RE z3=qens2IDN9HwMj2988W|!Z@6^k)&6=Yz&c93K-8de5mSBP81 z)as~sxsB=KQn}oCm}g{i0B~YwsNg-Ipkwj0b|-YUs-X8M>f-uXL^ogLMU0@tEwdqJ zMG@tIAd`d!;@N->vUghFwjvfN`bz z1n~%%a-p9G?5Psq33i3!at05o{C>0q-q%2F4M0h9znshyI*Ax4Z@^c_*eb6CBLxO} z8&5~T25D{@9p?>5*&3j(gZB+u9Y{YheQ24>Wu?Ue1Qb`NglxAUrVp@VYAKtDmIZ(< zh@sYbflO0^%zLSnPP5AZQf{E?1qLjN0pKkeC+gNJf&x>-z}B!tQ6xO1x)>a)%Ye1g zolrmnLVATe=%+AsQ3sh}r?~Yx9|Z-x79LQdwW6`Ch#nZEsS*%wB0&b3+KwmT7i^*rHA& z_fm*Hk(us|d6`f!^Gmr@kyMBrpzyd}6!UhN})Lf+!jzE-?onNMaM6pf~I? zQ8WS)!x+W$6h?fU$!D-pPO4CakI2~~wp1jdqrEXXnF`cVc;Hp%(qwM4ixRYI>{v6@ zj07y7h;2io<+vzVWv0_5pFOP9DU1?t1Qmr8O;mx!V7ML(ijK##=wWEqMnO0iibI*F6c1)hhfNP}!uI=3@Qu|PKs z)oqE3wJxA9gjeBsr-shus+|UE*l%D1v$dCj3(KI5h($!6qA{pPtQdz6R1ac_(Q8Du zMG4s!l9*i@8J*#Z`y_Ipf?^PD8aF@UrEmantdj{G6gUn*5DF381gh7j;5(xjf>s8t zh3Y6(=ZWBH7$sCttPnK0VXLNsa!(L=e&rUX!iN^neL)P6J^KR`p1hGnvIYKm|6;NITyqbg?R5?(=u$bnDt~;_6^oTU3Z(h2RM>VRoN_32c z5A)%}V!X_c{0m>l2UJ|e42n5|kh?9yZ;4IXTz@hR-0st5%T3I{=Fu;4% zFzJ}o7>;hk5EW_^ObKdGi?$<<0ZjyncrBX&3~dDH>Bn2tHg{AF8VDfd1@o8+0xn#+ zC}P0Lqijx$kBaE{6mZ?Byof+SWQIsY3zgJ8)UW`{(-|UBSa(!t*QXFEbOST$L$;Ba6*N9rY6h$=sx{`s#&qAR`EE04 zjR75ML>4CE$l!PSfpJM~MaN<$4{)l>)7vmxp*UgUE`6y7jjVbxMK*()n ziA)RP>T zVLgEaBF!;@furRFbaFLG=^{}bdQp_952H;Owoqxnaiq{ss}?b$5s)MIxa4SK6rwz! znGaLxHpD;%y>y0K7pMk7jv`a{ey4_4g*v6zetspf*gNhhN zAEH^97#y;LTf|s2PD~@Sbb=scg?&KPFQqvkQ;c;=*^rj-LfQ#sP$I=NDn!jBu>wj* zP`hC9z{Mf+BrYN#{7GVOScu|M91Mz2ZPW${Dz4Bam3nzLx<%?W@y#T-!Z9F6 zA&CNRk{BY zgR6uyQA92|MFCP*UWv zNO6l)|4AiA`8>1I3={-5@QPJhhuGu<;$4#29yhB%vw$tY&_KZkANHyd=ZzG`fmF0N z44t7sGG#W2k*`ttF`(c|cQMooH^mdhx~M*AY9wL^Y7nWxk%0RNzEo}!20=antPay= z=c+*0UaD0Hv~i)|E>gr*Rt+c)Tg-m7-NXWbJdYcs$|y0Nlt$&tIP#Fu=!0+K>CiR> zpt%5_X%u1NL5{=7v)G}FpN2S9Wd`Lip!;hqC%znBj91r@mHiuIi0@(l_pe8sdq8X&NtuhYi z5YSlEfKq@MT&s;H!ST@!K*W%u9G{)z@PgbgNf$8U{2CTsD;G1!c2gLr%n;d1yMu10 zVnMRWAL6-;DBz01c>(L=7lR}foGj>pdH|XbQxlmA8OWT5oDn`A*~D3PI?-*QgveT_ z9?QXtHA;pLr7?yhG9t=JLTd$Ron6FW1eqXk?gQ}&g9hjH;-rvF$4Q`0A@QthQMskkM8J zl_mjC!t^ z0okS10XA5!mxfegpBin)2Y5j7jA4hZY7(9kvkJ6ohb#&*&{jVHIiRj4py`zc1EgkL zAth59gNX^UK4fSN3p zT?Rr9nQkFa-E`oRjwt!+xC*$+X&e?<|EQ6{hW$`Y2VG9Yzaw&^K0k~`iqT_CJkV{7 zqx}vg^yy3W0b|Te!huo%Fv3QIJPOSvj?>)?9fQv%%G7AH6fX#(Og5kn;o0H_chnP& z3yctQgrpFnhbShahHfV#lNc0axlV_KjDhAS=t%VOLO!j-$(8wW7%kC*QRrO6kV9?3 z37iH(+@Mo|{%{PwIIa@FY*%UkU;*#9J^6n2YHPHYQ39Pk1Wowj^ zSJjvFE|(O4^% z=TSL?3J5Lq20fc^lZTm7v^8KxlhG&#$bExcIfY8p057hCq>e*FT|}qgiZ~RKQA~qI zEF2SYV&KHl2$oAA@@OHu+sFZ-X{$zw383*NyVME?fYGOFBv=bpj&jE2SQ^#kc6$xb zw~r=>1v)E=PqBn!2D#4&@KcFJt@JCc!C=6_4eC`gI!H|bx?gDmQ9=)o7*R(eDiVcZ zV5od{o=7I*Ye;w@TB_6-HHt{w&tr($DzMaOuP^4}1oc5a83Z$teb6tXQp5lnG;!>D ziyUgAIFJBDF5kwGn8*7R`9MI>2)9vp=c zAp5t~Dj^^lT((N8;ge!k5)OkigLV?y0}c7;7#+gD!vzWjjhb_Q&^8Y4Q z@BnR7;C~-0$hCN)jlv;FhBDAY1M#7HIRbA-Vg)>s`Gi;jGM{L%%Z%m79UOxiEnxEu zWKcj9azidm9AHQkKi6u*Gt_vB-i;s16TJ;ny~0|u)jhy(CGB&fa4sM*YmqLemAgaZOg zQLMwQLShko*Es!3VC7L8EG9z$Z>G@<3T=c()8RB?yw?)ZkhBgv%MnA;9_Fap64Tr9 z>TmtFfiP(6P#~l1v(a4+6^?5+vh*IC-DEWIwR!;}pu;q%072$d0-?7{MhJrpJWC7R z4@?SFAx%c1fU1ePBQC9hf|Ny~TDeF>(RyS+M#2GoaIIKp#G=Uxb4aFC5Jf&Ugcr6b z5GYwiRJjc56-*@N6oUzeZfFu{pPQo)lnE3niO$5gGSxgK2x1`x7bXpA(ik*XCIJ~3 zISH)>rZp9n9OC=c7Be=krBV$@r~M4V9!Fko*`YSrklbWJn@TU$^JfHb`xW#_0} z;E_?K7`UfmkbTwYRnYLnaDSV25sq8S(fXB98i=d&{bWN7j|G$?kS3#4QoC3kGZ8^X z&8;wV1rj{lqe!amZGX<>@5>aBqpsZf- z$v6@rKTKhJLJ9{mEI0)bdhd~kNGD2AC?+Kc!s~1e*W$9r{BEXC4{|VVBcJ<(dOHuUvx?s^fZrnXZb892}|0uJKEG zR)bF(lZm}7oKI@UXo4~Z^g&t3fdAoR-Bdo`FX!oDlIn>8x{87UAyT?N7;^<^DgniY z#G8r;N2j64l{P9K>Y(y(&_qec87_i z6d~>cf#K$Z@K@C2Vnk^U08xwC7!ni7MMJweBmguPxmm-)d;>~w2r(BODwZk|sH$QZ zz_G)$@IB}-F9g_Vk0VTF>kzd?_^5}W4nkufbPKD|USRHXS*7sM10HJ(IOL?dFj^xM zp?xu{D}*=;v=Gr3b=lZ-@Mg?FYNGN&x0Qfk^HTLn6o4ueSYONzayuNS&4x^C8wPPS z5#9hQpKahpU1(51S963Iyn|qs^GE?N-^r80yH27s0Pa3?g)k^;r!0W%`hEaYqYW6A z5*@aqurUQSER+DhBU%PpKA^G9q{$3GZf6FYsslDJqgx*gXr&CGymExd9-Bq%7GYT^ ztvn3M3BfQ=$B8R(Y7oW)-A1^(WV%McjKs;_2$FllI)K(A430E`LL?%^JQNVD64*gB zTS4JKo0e4pbY(uFmW`D=BMKbPh8RMH7~D`9ktp>=;dFRSz{|$t0C^Rb()?a|*bQME zFo!AxL600wW}EP+xQhs-9=t+@ReL-fLDT@YN>7ua@CLYQ7fTK2R8i$>I*|g|9fbnS zgu@WJnb)d`Tl~&| zMyQc0G)lQL7=rVOJT$b+0h;tq0*B95VQ>N>@Km4~I;YEH#6tU$R>mgBZR$A5L)Mv8 zOr=Sul8Urk0RzCFOraT25izWWFJ?JFGo9=YYjKD;wpy-m2T&}a@-dqc(@wI3SO@`H zKr~U3kgZTNl-#&gDo`1P49J|plXuuHK>>pp7f1aLeB4cjD-(-20xHoN@iWZ;>ml&C zhM*nmQfa(myfYTneM8F##1yiaC)V)2RH(S~R2q)P3e+-Tyu-+L@sxDDTV&@M2uwGe z&kQ{yZb(35<8mvCV`U1!0_*KEwTz|@>s4d{Mh!(_Q`oC_fDAocGYheP|J#~1yzYvc zZB8ggGl(m{Px|h=lZ4qWbchg4p;E$6J)gOHRDYEXM=y}1e@+!yX&zYn9^eNnN zJwB`c&6ccHcbi7kmwZA0HGbv0zfzm0ru_ReBcW%8bNaH}DG9k_lnI|&NG=t#wr;}x z#iWmE`JbQrlwV6XX9_uefX#z<-1vOjmxuZ+2rf8VAKNRcFC#ESIhsp9_4@{$FK zNr}zA{p8F|VCP$_#-^y*>EN{`WuG~8vbEYRQ7|6-(i~s50w-S&; zm*Esk6LOFI1)q1$UNEZ5zvmm#KSi==7W4W7M#?O>3V*^x!5p}5+4=OVm}g59 z`XeX6)NPdH{rgr*^W?Ogmru<}i8=b@1p@~SK#l+9-@!MI8B^51&!$c2*<*qUA3CRH z%$t-k{Gd_<1NRH7XI(r0PgSd|_NHF@y7LD%8(p!L&Y{lTs>>TgZ{3lXKjO{?8hzHE zZulPK;xV%*qLqEt4X7Q}m-}{PM}p$&QcufIqYfvhH4?D62}!4h!iaCbRy|Km@zzekZWaOR{_y^y1}tInn-j{VP31ONYh)G*1}`a_=<-MPH>4YNU6 zW$JS4@V(J>n;e6!6Tbzub!B< z=+cfHd*^0JmCIlroim@vI5zXPK&4BGO@fswfJr6h-5a+=)2|5Y4h#+y5SSuO}%bj zI6126x4At&PW`;in^QNwA;ppT)TAsq`sa;qzpmPIzoBu-z|(K?itf!B^Ly)o(nY3f z%E~wN*6o@J533G+eck5y?VWi|uXZQ(+kCC>EYfz&+p3bf9jE(L&Y#m|?B@78*WsCM zH=D|YyBj-?-Rl?~ZyMSo`|Ed2FXmLZ*4eLaD!<24FJ63e-<6+!{Cj1^o!G4NlfGt+ zJ@_nA!{1qd`-Hu>_s9>lKV2Wk6q}z$-rTWVA4NFzB{pu()aM^3`WJ52ZZFL(I#=-F zkYIAd_*-k^AxEaBW~zMH=<6*_>zk%^c=`NFOONeX_x{|{0sDPfvb))5KZZx#%9^4c zGew-(;p+RUvfeLzn?Jw0<#`cly7spxYgG^Zx~o-XpU>&1H*~w(H*#>)wf(){3~LIP z_iP~F9oyy3rHanyS6V7=ho3X&X5JmYcJ!G~?xXc@hDa9OeM4Wmk~+m)%-;bjJ?!*yZPmd$J3M-<;){7rMT!=Ha>%bM71#?SCkJ z?j0{`sy%l4+KxM%@5{e0JsudiYE|QgIsS1si+xA4HjF>~`KqM6@1N&ZXO!*7eO=lV zsW>XS@qqX?T>9{(GQCpKex%g9a%t(pc1Jf4o9mrgR)KGp^z3~iGMlJY`?SIT-iG<_ zUYNGF%`R=1acFI5U()?9CT z5m`7tvn05?^{~Sa3ntUQvvobzs;a)IN7lri?j?g&;SHS~*EeksFAeR!A^WTHk5LB; zFLWb)898L)hD9BQJI(3Msr{#y4p0^i9oO*oH_iJ?En3vg$b9j!-m<#f*B}{j^yo9k z{PZ7gP2GCPzwc@8+Bl22t4cKb`STUamjAr)&b#MVrjLx~E!vjn9(VV+q+eY*@0YR|A$(h7xs{Z@Gd!o))A#w4GBS4`Y(C}cx_j7vC4u80L=Jz3cat03C z(b(C&ecGizGyzr3KQr3YKG*CR*FO#4eB8%1=PNq@XEPy>#@Uljb%JeT+`?hHk_|-< zrykm~S9|SC@TMkUknnAyebX+9f-TOSxoA~tC8EONhy71t&x2^V0Xu zR)1Qr_?nnmclzjynqZN!ZpE%^pFbGx)U@iIef)=BV~!-c6obb9Yom8fvx8Sqx!{|P zrvEiEjm{L_0G`nm9m+HA3ZKSjjK8ygZHLrNqppqqIC1y=n$^x{d-t@VpZ<9G>+bnw zhYedtzcc3i@yeUnt(#vpxvAobM3~=m+2iQl=RdTCDKctjZ`aqtg{i_a!LS2QMm4l# z?P=DcZvEu1MAvWYf86(|>cGJvG?_SPJ6zx10tsnn9aMEUDoX+yh-EpR*)^6!7zLix~ z|422LeeS-e=7wtZB>gSD95-B2dgk#% zv|-cN6J7Q{%a|~ETHUyV``=~Mk88j-(FVH@AG~wr9zT850e0)DQ+Bp48r%v$>eAZr zFWYr2>b)-f{Kbp3wrwP@AMRZKOWSFRi;aPr{rQ`iL&xqDY&EQk-5h^*fO_ku505OW z_NEK0%bQ-8XLQL;7C!Df{-?fIo31P#U$`pziq4Vz?@eYxJLyjLbEjWAcI?N`kr$Rr zztneqw_@!2l!J3-OutrGzGvu}-*=_EpBXZ*Y;m#nWZXD8s)0|Dhffs@yWLPWV^*KX zshir)Ctnjjy>@44)O+d&R|<8&!BID}CKiOwhh9{-S#l}uo1qvqK4X0t{JXZ`1s-=Y zopw>{V=?0;p<2wkB(kv*>P3 zbv*oP;n%EYsSUN`vf9@y5LdoDvv75=a*}Q4~yNwilE>e|MycbKEnRn`v9{461UXXtmV~RoG|kCy>1gI zQ{HyPRSva&`lq&4$?o%cLgUM(W}br&E{!?ZVfTu{_==`g)i++edw4l~>hOvixwHE0 zT<3oJeB<+Y{dap3Umv-u8m_zFN%-hN$jBt(owkXKmoZ(XjtI zkZUepG~sAY3`-NTkA&89Pz=^fHkw=GAUN+^(aD+l32c4axp;V`RglJ$J5!Z@Y+wY5P^|&*K`OZ+($bnsI7s zE_a4&&yLMQd)M`{c^HcXw?Z_4FPqpv^gSF(QY4OsQz!<`1TUb+6+S=N6(F{z+e z_ZB*l2=YmiH+T3-%7r<_~*xg?_Rlxh@x(%R+8`%YGYch+PjC->&=SlgvJWZIkZLV=OL z@bbKG9(pmIgDQ$=PkY5XbLZPd7puoTNX&^sK%6(LF!eGIE*i}cX52?Edh!2v7mabQ zGvC=CB6zAs3{h<I^6;JTEmO%;{hpfZ8wQ0>tlUc} z>fiO^w$*n_4>mT|tad%Uv{t!Uiyt!a(4@SKvnAFqAD<7qHR;WH-Z&P){pm|ny{oKO zWamGov*tDXF5LV!%csvA*9ija4=E{<`z;pz(m1)fj*QP;nEm;qroQT6o55Q(JN_E^ z<{b9gddZqisr8rF&ChD8+w=b6V$sdqq<*zWTD0Fevf=jS-kG)NlIp2#eyi~8y*G2} zsL!v;`s{vpZS2??KX!7SnBA#c)0wV&D)ntvW<<8sZ7=Kn{&t|^#)fsPo^82nUg@em zJM8ezgYR#it;%k4l{}c2QM-9hm49`w><{|5k3Utr-3F=e_d@Yoy;oKX~LY z@KrGIWg|0p7ly8B2(Ftur_TT7@F#!CoAQi1Sn=&r?8WT{*0HCi;X4!jJ zw!Y?Qt3J4s0`jZl9qM-9a_`XYvb($!eIHkycYHxwszM0$%49vxz13TwzD_GIP zbKv48i4a4hEUeR|} z&->5D{E@=-{;sy2ymvJ3{@p9}cUb)g4L*U`%*koosYz|0Hwx-b%pd*b$*Ls!X}G7) z9%IWt`O11(#+QV5t#t3-P+8b+Fn7YFSB!?AGH29$Tr3*3J*P#hn`@U&Sh0O{{o${N zb~$fc8cO)BJO0eO)t0YICuVPl2XXsLW5wkCmOZ`)CkgJ`q>R_6`nj%c(u6<1yMC+v z=ug!r3*!^Fw_3Hf$2VVEgUMZy)GWyhi}PH8;r0%TsOjDHiFNrhp|4%)?!Lr`F3}lwff7LcTX-J+w9%(Z9+^6Yo}LHQcFD(k$f# zPe0QCte}q`AX-&RZ;{%3-Hb!BC+UXTs)HqC)0p|=CcQdA(3Q4Sl|A2j*uAbWykg|n zPj9xIKiE)pt14F0E92vnHFrMK_3Du6m+ix!-$W{cct6^tjZi`G<|&g zRCopNth}%)>%Hds#Gb`NwjQ`dmX-C++*Hyzrvvj9ggh6O_Fnrsr=jM)X`ptk@aR@n z!J-x(d2^tc$(WG!PSH^N@}~|I%C_paZ^p;Z0L%LuDltM zNnN#mz?(*x`#Z1|BQEDPmmbWWS9|#DmtV4e(ouB_r&)fp%s-WWci0HW)&s9+^SZ5V zcWB~-%sPC-xHor>zPY?fgC!0~O{Z&~e1+9oo4RpQt8LcmwOW6ly1wV6^#RSE98+v-_#OE9X zz9jbM@r(A!)JOlE{UtC&*HD$Y^+Dd4qngLzz^={@_<`w81Vm2Wz<=;MqjQ^>+L&8K!8SP)ebIs0B`_9}0t ze+_qh&yI>wx5!^eDGAbo$(J@++b2=RUYUDr{=lO;%Fo`RGgfo@{yBQpz{VFP^#!Ou zggsLWx=mNi?T&Ze&1wiWZ^LR;lY3QFaU=HTJh9D-V>fPi4u8HqiP3X@uZ(NEaxTw! zS$!z${f)9M`=1T&a$46e^5XW5o4Xt}(+Phcu0Pl?Vc?rfuq?TTK}#NL^Itm48Z-O; zRF3=v(fR%^iA< zm^^9g%LA{-cYEX}cODeo{o&BMku7tV9y-y`xuV4W<;Zp*gS{SG79*vf~B)sX+CbCO!BPc&6b{vxa1bT3#v=Eb3=7v+t= zo>)10@21LoAGS{|>r;jS2e+jD(DO_4)EgS8jik$pjq>f|!#C0vVu$^-?uV*k=c`$h zVX1J>wqDnx)x&A+M|oH8NX~0PT}52jHfm_|V<;un%gjyLwqn2eeD^&?bq&Mmr!R{} zAC!FT{P)sadBG30^QTQ6^Qhrm`@=>3@mXzV<#y~sZ%tiBrr)BIaxX~shn_!v{mQrO zz}umt92bjbbm&4F+pz%kaVqH;`StYPegD=Q7E?tO`0sH zbH*L+QX0)}bL-(U!#rQbfb!^HQxlKg`zx!nH+NuSQvbO-*4Ixg>N;Y`h)8aq$D`(q z86m1l{VqvWboHEX)vP~hv-W@AqVq8JJ$+8XpTe)7W-lszI(9}we#&3grB6;x{l3lZ zH|*&*;-|GHXIB+{16zFc_K>IH1tcdIv+PM)sz4LDvt zyRhb`2!`|RY6^hYg9 zI_zVobGPih|KlE38eY1HlYb=VV0smYk$^84Iz6$x$Nlpi(q5M49qs%2$JHHL_dS2% z?2H=h;~_%nz0$7jNYzu0$Vy?V@BNe7iB8Ecc1P#k`qyeLT0yd1>c8}LzE=H5U;F8) z&6>&*Q|K#iOs3{fwdAiaUR^)Y)2CHMkBW?`qjp7S38O{RgJ}AQyKQ#P+FR2I7nSS( zXF-1VL4&yYDfu79j_EkP^bMQdIj6Mwu~~hx)!VwvI6Mrj(8=GrJ-Bp>^xd(h-e>>U zDLh8f^7W{!Iim-BYDW82JPOS7)FoT5T%PD1#Xj+>!1(2Zul+h)((ank(|`K=$)*d7 zg$s@+&y>-M^Q_JEzJMCKTlAmg3K9I>6t&3*9{iT3<1{V7G{XaE+8tdL?s^0Jv+|=9R zmJCk8zjHNzq+(Kir+Je~^Y(?o!6>O&F{4M(8B&#V1S@}m@<~k-QIWr3@QI=+5r3bG z7OsBhMoLQG&{p)Lo*H{<%#n4olZS0QmAxtc?pb5!G&-=Eg>lUlBptO~o#z?H5pAh?0+-gA;b#U|M(}P_{m$xd% zG_>o6IZn=fC|Hac(~I*n_>}EOzFjbuVhSzX*-qN^gF!U7v%Wp+``?{EmMu>?Kd%#~ zsDH7ou~U!it&q2#*EUmLX)J#{Ub-eR?byt=fp(qVOwAui_$#w$y5d*q+QhXa_LZZR zQby}RvWJ`d{p6hhYyEihOiS*OZTHXp__MzGfZ|p6evUQtot-%Fb5lcP>b%d`+_cws zI00U#w5kamr9UO5-k$d6iECrq;l$7XF8_|HX}&KL62NEL)nU4-+kT+?;mJn>@ z`z*8ADHlbLd%sy)&rB`4JxliD+igwR+gMdyl9SN7Vn{vtenw@7v|@5Rsgtx{qx%)T zb;W?YSAYKDLYMbRsi+@W+{zE-*`2fJ?`=pmjyqc!9o0DRemApZdVQMb?(dO47gzA_ z8tBtx436Z%k4@y)NC-MzFyS3I=j{BBlqrhLo+E~J%57Wv>F9&`)qfSVzvQTlp6mU? zu&tFDcsuyyBG?+wZa69d*0v#QC+Oz?5W7kGLT@G<{W(~3yEq@7P?jL%<2)_Ih`#nSThw9dnWcwzI5Wl$kZ7fwk>P%w%5g@gEyyh zE89<-HeE*lG9szHa^Aru+KSV!Na9xWI#7SRe`i+Uc&1#vWM=D?Pxp0cmD@Ob0Vm7z z=s1Lt(xyrZzvt)h$b;JJYdaqOG_SQLU^RuiGO<)*uKlm|yT(a5SRh1PB zzlDv?*BeDpUM)Ia*0b7mv-tSSR_pi9_}tq2#YxK(Nv+AyRwQVIozPA-; zE+$W|_8sCZK6~v}Vcv+8G0WO#x4Hkjwf%#E&q&tPK~GP%ZuK}(zXsM)5B$n_pYk@% zbH{-TKK{OZnDkg8WkS0HchQ|1PrRBxx$>D!c5MAdbqL&nj_Y}Br<_A)Hsno7O1<#? zVaNfDUox;YQ(oagWpno3`j%hmILFa5HL*RIf>+yQ#`vIh12BJ`vaygTEh2>|O)~QE z(GO{l+~52N>CanyxnoAaj6Qx$xbW%Pf)%HhrLOCR__%jCd5eCfzx(vVgQfW;-{LCH z_Pr$7v#$QYQ_Ef{{g79%9yh%sGo2zen{5Dbg;ytod`k%PpeOAKpX>ida zYCA5U02lq+ApgxI%Be10@h|B?ymHApUp34m;okUW)!u7a2c)eD}q1ZAo7LKbBmhuh>;N?RCi|ZSCyP zG?*hscq)*Od6t{-@OwzQ96$x4)8NL=-PNK*ia~#1T+#d66RYL#Y;F*{Hq`i4;;lM$z(pT#zBIzXrL6HELnDREb6$a;n z!#gfjubMbavZ$s*_2gqq2VNYJnDY=4SDZt0@zkW;B6Bye^d{_^qc3pmf*XYuNsR<)2y*m+}zrKCbQ;uXCF(g~X&wk1sdGHE5o zG<%ol?x9noJ{?vESmhfR4Lsc~j{mv2rXM^2{1rR9CH=^`{@mHiez-m%bMxl0d&*xNcvIeX z%L&r-Oa0qAaj(OzWna0+x0&PfYc-b+vGeou3tn`{`G6$W z=5M|tOJXFkz0O0D3GPFU=3Alb%-;OppRaEI!@WSvf1T8RWzsJ{P{hKiqz{PgnJ?z@oF^WI_g z$$FS=7GB#j{#Ks)anhTV){LV5t(8~0(*Ll6p;*xuyvZB=6M2%UJLVs2XsSPa3nsqn z&ExX{Vd~UolF|vyda|T}-FL!cYbMR>hCRs`0-S99NS?E7AsQl>LGnUm^X3>aO(*yc0KdXQ3G+6F!zWzT!*u77}WvHXV z;ZOS`DWW^U%K}2y$6&wje}=F!Y4L{1xf|B!7w0Z29kIMi!X3D%yRFC9zK29rC49MK zgH3ZTZTgVr9ZLFf6MrGz_8$A;I(l8=8OXQobKZ zgC+Jto;w|dgwAt&j_|C>Soj-~`gBRt$D1K^DJRo$9e*j#!P~E#`k`(2oflU%yR^sK ze^7dXck0}pf~Wq==2=fppII_weD}n1k4{2u znJ)X9yPLkYzasxg7YRGw=lee?&#qQw)*sBNtlqh6)yT}7kO+D(ec+7sT%Ba*bK>Dhw9;aA_4bx5m~rEp8@+Yf(|vNZYqr#BUz{@mQx#%Fz8 z3}hIe-d+~{(ww^SPBCY3!Kv!IU;uCbP*gm2kDCyCZQRrTdtdDJ>GYD|fl>$@53QLu zd}GQ-<{jSeKX3o|?m6p3e$L0flH`Qd?#?;tMDa)E&*zGTv&ZNYj!W~maSGZ#rK3;1 zv#ebq?=kO*U}Q2$k)L?<*FY1J%9x(eBqm*3+P0#&cAKx8j>he}u(fhuQm?9~V^!mP zGhpGIV^}IP{Ya#6dCv-*?S9L4Sx3?D-ft+#e6eqfTY6}{83@&7OsF3C493XWbEJaiW~cm zT8^z6nIKLzZMfbSlUJ~?IeYr_rn5_i)I1g@&!%&dH?2qKPDxE$(E?V|#lEnTnjeBB z;yH4>BmIZ;UP#j2#(>f^yVd;}JBR()_=S{9A4fXVW&4!Hc`Z1{r$0$}Iu7Ma60<6pYTb%s;gDMqhBX1kJa1PP@@^?d~tUl&3}X@caMi7x@s7 zrsesD`qaeHh)cXfBh36+vPkx6p>14If6QNE7X6Pa;N0YQ*D8L7GtHbr&-;t99bW0! zMx`J2`#{bnphZj?2u^R&X|NXXRZw6kE}XKvKR5Z;(D0waYB2NxOVc6|$W`3L41YL_(bKi_Etxnt&m>-4blJNtx|uMtmc zRksmOyx@H&^G|+GPCLDA4YO}^24W~afuT4x0K6jSCE=K{a7ieA0&T&-*3F7GCg$WK z6~etaS4JkWyTT#UyY1XLtDi)AbNU0xVZ>uEo-lh%B8-Fbdh>c2dEbv-?03Eca~i04ay5gHeVo8MeCkTWHT z)^#eKlaQ#Gkw7ni@g8qm{335mDLkS6=l)nbvL|?b1A5N?m-|xKN_wBXUUgw{)&slq|_Yc=Q!_4#C&mGtAir>he zK9LNFrtK%BQI`idyfALeLmwgl#wj}GlJ$G0=oDsVL2|QHfnEaJOI!p}VA`bE5I*;% z=@AE`;Cp*B_YJ7DG(}ksv{HHBB%FzW)2k|iN2UVCBNIHS3JsaljvA@FtynG!AOga$ z#mX>l=uYQ|4Gu6!E10#2CO8xAGM$@!2l}^<52nWxWY+C(y?fN}YoS?5NQ-)^At~>v zmDeXs4o0K-v+V%_%lueu^lou5$Jy}NmGb?yai-Bn z0I4pyv}yt@ajn$Y%DHLpk&s#a$bjt56&sFQXL&Bil@U_QzK4`S?xpWd!nvf}t_>Is zFzPy3#UjX1Y}8n63d7_gLK+b$08nD-CMdt`S1cyIp=wE|k~!rc*pm9eUlK%i5pR)0CDZ)K;-3oXFXuI@s5Ccrjp zBZj(F0IFQ%VTU=tGH;R)6h1a*3T1IKkHBaQXy;OaD*-c0(6i$%aBU+a6jw35g*icY z!BJOEM9zq|+kTemRKX&C8~6y7XWpKB^%_#k66E%c8-UtV>h|UBVsr|mXg!v6b^x|sqqJ$Oixs;4TcvhDhk|rqlUkQNEfz?!Dz)iO*xwmc7zfDn>v9H= zQJW6uV!b}yu)9%tyMGlt=kjXD@v+U>H)|iSTU0fy*T37_fJkhbhu}PM@GyJkim_Vc zQ%$v0317Ho;&@A>aWfQ>Vz3?*%%ZLGCxv?1yrCA8ZsL$)Xj;1sj@3da{tGgq~st%SzrAUg$;*BYB*^BgH?PDm1X1d%UN*V zcrZAmf)@easPSAL=>@WiJfs}VV|oWHNV|&Rsg=Wte7l&LU0!!M9*ho07Qe7)Mg0M&i;k8 zsqnu4Iiy|uuaNfg!UzOuKZ8dzJ*x0O2DRq^d_}-of$r`Q#qL$MG+bx`Dkq!(i$YLi zta1R5A|u~mE`|oOqmzLg>9%A7xGrfbg`X}=UywILa=G4y1Pc^%;I1rBI8^rIvJes& zOPAZxQ&*qswY@0w{`TG~Y*%P3L)0oX%VS96H3-8ePMsx*?Z^0f7~C~i`=0VAPuudX(E^~in877uUbyrmPE0%IE4-vAp=V^V zwA{kzyn?Bj05_34GMJkZM%04l^h0j;IYwT(xkw3wfJ5%d<{N7AzYw-5>Uj?YVN)aa z$zxOU$N0xmR#L9&6I|~=F5RaOCoZ~<`2twq!qUCf(cv{+ejoR6m6k9Po&RhV}EArSsP-5q&u zWmu?F1@IgLmUbUZ-Pr>Yc8??((zqs}2*Ba44PSeyWuV#%`8K$b1$gbp7ki^APU2qx zf*0(m4%-X8PMl=<+hF7Iy5kd}N_r7QWw7Y((M1k5V>ASqjiTY0 z$H7B2+>RWcIxt!_3PTM@7dDI&q*Wx>2gAc|Hdu zEx40px{h6Yayi}<6HixzV0n1f$c;o$56?V!+iU0;Ar1;fq1pt)DYPeLvIdv6+C^uu zUK2xE2oJ!yE2?aSBuIv!m@i#X7@CB&F|=9{QDM$=QW3S?eZSNW z>&~L65w@Xfb<|D*@&4EX-gv*X>}GS&vERXOsM^MieN+~j?ZG;1z4gJCRHprZ4F^*Wr_EOjBlq4DM;f#|fR5fd7K&!SUO^oHdCwn9N5(ZJ2u z4}3)SndbLpD9wx1802?=H&UE!;`LzpfGX$J{Df7q0O<+Kg7Y5w`Ml&wAH(4bP=+Ic zGIvoGIS7{CLPlE{6|m?CwAoGo!i_@aE+fXq@qH2@e6;JSMG)?lwu`YES)B1K`* zDF|dS84VTe5n7a(r~zZWfPM;5&s}Ah z+ZAvh-Nbr3+(~xe=C=E0l%fDrnreArJxxF(lKm1HjX(^94x|28(IJQ_@j9%YNdWIZ z1@W+yE;UZz8nM#g8lRh}AJc`{(f~*c*rLFS%dbArXM#$t^YWt}R(e5=f*Y3vXz;<{ z`}o5DSHJK7V`vl;WLHmB3tqSQ*SCZummHKwHK%zt{S-iYBE07m^i{UYKmpH-dmALgpiqENxlOfbmXU{+h-7WKRiv(`b<>$`n6 z^Bx7~sw3c+_QBq69Lp$#+lhmt0kB*JV5=G&ki+J_Ul>aC@?I%>BhT9LND(BI$1vmS~e$`;!~h_!soO2Rs$Vgz zBO`VCV}tibsNex$D#nyZ*cZYzrkexJrirOJ901j=^{xbv&a7rpHaeUTfMpVEy#XlN zesP_Z0*of3u&F)7iPQP?)ku3T*V@zVFpgK<8SWa*^nD~$?Rq4fED-&mYUDbN01KFg zDXzn2(5}gYh!IfoKq6h{5H#osV3DhH&xgE@{Fs-G+nNV5IHz#nDYsY)hf^JjwEVON z2Ut0{)c&Uip5NZLLHKtZ!gWa*pjdH#eWQQMsbS6ZV(`8WdKNal=L`{Ln@JU6r<9my z!f8X0XSU`O6{PtezJ6Zvvi_}EC8*L&KEE`Z)I0*pg9F4DLxr1;M*-`GDwCP5|5{a= zyNf>nz@UPt0!-Xs^U?CTOiAbLDyPXY(j*AYRQ&+(PDWoJT5%Ex%!FD4Jfb~01)`52 z`B-KjZ?lHwNho`K>7H~6&+P<-6CW91O){Hi6fws=Vp0~_t51|a>N$?%F>mm4T)~$= zna?>JK&D#)YODP(NF-1WoFN*2u0ZqQS%~tlm-^J?@7+yz8YfhZ@(*`+Ps3<9)s`6j zLm*r;0Rx*CO$&yODB|H)$j3)|3PW0Q07QZWlMwlZBo$m3L~r2%v*-9V%Uj~wPmMz5 z)Kc>%5b_aP$)^L8v*8%5eMnp3H+2~U%+QJ&%>g1#I`~U_VeP!}-(8 zX)j4H6+Cblt+?eitSvdZyEGh+)hQMTd6%mcwhACkwfB^7_s7XbUw0<6_97i^_V!Vo z?v>y8S{g%30fFo5oce6}Qdry-lwf|r<{`vtmzX!zPXaE^=_U6~d{lVP0OL41kX<9S zqxa@=2|N{IVR~zqgrQoU2Cki27LB9leY?>6!0aYN!o_p%(KF~>2-zg~&Ta$AgrPt` zSwfYosu<8*I`m0z!%tbgsrkBEnX(4t;XS%QrPP^@%C@Y~Z%QM22o#(hM)U=;X0A;E z59GR?^OK(=MTS{)IZln(bNQ-Z|Gd$Lh_-(XDmQ8Gbq7EJR}^OZy^Rlf4x5VL-ht&h;ZtfRB?NOAaH_LDRs7 zp1C|1G`F1tzD%!@&v15bQPbEmuFhUMRM4_o(x%07cFNTqCPoyTXupSoQ+~qiG8s#u z3D;}&B~3|l%yqDro2C+!EAc)zc&aHJ8s5rvw*7vABe1dE(uo7RCY7*eD4y$K>~k`H zho^uVFT&>#kc-@kmCpiC9AX=4n?yhr_f1#Y9AJAON?(B;H>NA!o5`bK;7FTjjXHWfHG0o`supYQ42Z}0PT@MTN2m*daq;I3p! z^h2a{`00WA>7%+9bbiOZs1wAR0!8-T3(#_UDR zUkn{Y~r1pf$c*O^T^qAi^DwO_978lH0_ z=eW-oDC#3FImq&9lNHkNkLwmevOaC7)z(Mq;JjMQS8Gqy;wjSw%ZM+Dy(l!1(7xbyjU(xBv zxyFN3#CJ4M)F8@55PP8t2#b!j{73B^%tLJm7Hqahqf71VhFNzu{qpAi^Q2FgZLzPb z1L#n3Ok&!vV}0LQQLIMHwT3yA#}9u_h8z}8n`6KO29$7I<~q200hW;W7*ZX!WOCd} zKJI3H@1mzf%!8qYwFj-=?S2u{5a<+IKg}7gY1{^gW-MPdc7oWKjeBeq9Lr{pug<2t zJV}`q`^+~NnnvrV_JvzB=8Q<82ba9Dt8SnbkB#D0(c2P-{zRuScNuM-P)=njy@qk6 z-b7QeNQ}JU$hs+W%c88y zD~L@=az#~3N2hc=zD7tFLIAM(V<3$|(qD{#)hk$`13OTcQR_1Pya-;l?lXI|T|Q6b zyRIBR5Qr}M(!N%M(WsR*%7kN*!6r!mB40jQ(Ty~mTQenAjprOd^%(cxANl`Q8SuXo zERO*M{-{_LZ{n?bW*nmlcy!3U0i% zo!2k;v+?}306`Pgs6a z~C*)rviTGpr%6oe@}^6isIsLrOuJ(tGCaC0+vV))nHe*Y_%$H4@D; z!^@4DRL-wEd#I(d`7R`Xs=9Yw^3iX$T6$T)|L0cs3&3w>+9s`$Pu>3&cyF}g>8v7; z-Wf?Jhxx8}cboM8#;i-e1O#AxkJAxUr@*{)<-ZpQSu{`R$n9PA2l*Cpw-S?@mwU?} z?>z_|-0&RDR(tv(8`Oh(Mp@hlAuxg;Dx&;&2sHQ+#;G&(H2_~gvb_JdyePI;5StBB zH@5)$Tmww7oo6H*>>PKqOJx3qS|`nt$|&Cu>H!f`GcfK zBo+Hzz}TkWI{=jRYv4@j+*?Y~5_a9Ai_fJ7mg8DFVwFe=*AEYw%zfGbgjVoBoQ-k> zd4Vd(_5+})U83wZ_Qj3Lt^xEsMR%@gog2%KOF-sr0D=l7%@C+r8x|km!<_=Bqv$sP zn~#C!4LlCxb@GE*GM}Mbj?7AFCGe=+hHOQ(J#YW=`<`BkK2Yr=oUeSJ%pxkcZu{-I zNl$=>OId9|Oh|m-$DeZMTgN2e`oB0B7wTla-d~z-X~|6M`_L9fA`^s9``-7{Qr=ZN zM?O%ZUU;}syFKk68CmfIwAxgDuQp_vz>PA?5QsIG8b;eeggk^z_W`&Y1(-8yz6LxA zywP>DTfp>G0ZP5;7vCzS13^k+9L$Ghob$EfI^y5SA=d;69f^bk$SKmH2AJ3^n;_ux zktx@Es>$#*b-uuRV`_3h{)fW~5QWF4EnGVpA_eXMY4{$=RxmSqHk=N(qtj&KP#$3f zh;OMSCNq!ZkFPAIrAp-dcFTbOU2Di?_*pefLW?{cnVpNy;&Uwd&E6wj5OAnrk`)unWG5eOMtjRHy&5CQQv zO=JVZJjXj35UQ|~Sl5X&Y4jT{h^a&-_j2r<{3h@+3Ix{BzmEi&B0V zA^eDT48s>tFPA~(`x?n}P)yJ%qL0xT_kV6h#i|$lkW08fD~B3UvxV8Qi-ij0O^-<4 z?qi0M67ECa)Rk8CK0qM3i*ZrSn(&w_7L4sK;sKIeU}W-`=EG{>NL)30j2KbAbJYyl~s_vBtibj zp7o;r`^&yRu+bvTht`DF==qUo7455Gp*HHvAE2UR>tL6}E``CF%(|P7tzZtRiN_@9 zDF-03l;A!QKWKE(s~BZGr>c};8* z@-7+EehI>{mtVi#SbUV<$N{P7zrVWVu-ebgZ3Br4I}*}~_j~=h^$py->J4FY%8E-S zuH~smf&{%t#AAUBP}D;{kAd$muNI|f5pmxV@O;Xt<_lOKr$IuZuW5$ySaj00&LH>@ zP5>|w6|wR&=t`E!*xWMBCfi=x&y2tLwC@ZRXbcE0Ov9r+TJ8guiVS10oJ~6zmn~q0 z!r7k|yn=ChPTn>f9}6cdSuO~k%{5RLQ|T$|#Zm6S(|{{zB(RHvC7<(k&Pxk8dA>Rn zd(47L=HOWvD7P@W)e~-7{1c7aYcB^p5~+~AKh7U~ zrpnDT`V7D04`a+lKCd6@0$D5H=ZXQ-iAJ z&!bL~ySi$d0+B!>ez`)}9=8&`@ZMtRJ%R<}1_khTUfMWQ6y4rv{^8V?jXct2$K2Z1 zNcC~A+zhauLh`12gVQIEt{AQ~MBL<$=jm+JYNBdObDFBKJNrM->y+tG;1G7#Iny38 zZwTy=cWW-_o=r<@R((ASib!uNna^Cp_<0v_?$(c>aCWb#xcR0o`)~`O-_u{)q9MZQ z8$acca7fpBGX`MFWDr7P*zPE>ez-=~&?lKTpQB((&*i<;>A2<;;)o}SD!RYqTrn*) zoET}ecANlJ!U^Cm4c=R@nH;6Rv?zUEIm%J4*w%(B4oSCaiS15|{|?b-{<_iEEp^72 z5-udCfOr_*)pD9@$$gbS4^cI{E5yxbx?%a z{#nHqLA0ymU}Gb@&qYKf7ACs)a)hL zgP%m=1&U`B=NEP^)VH78cHroe($VHr?ki)-ZlcA>N2n|?1P$uftfDl8GJ-5jE5(G5 zFc%|_Md(3hMK+m4Bq9bBW}(5ztaz~`gT=y@f>1|b1zk_K8X7&M4$-eovc_Z+E^wMaq)ulpr(8bZ5Qs&6v9Qpg&rT^+JW3af6e+30k6RY&=z6~`4mgpnjxXaPxMHVO6Qw$l8c8+GedMr zK&8*omgaxM#fp~tv`^cfi#!GHp@LnO?mVLC6tuBMAbp4>zzv~W!;?^L0g$|bthw*~ zDvZXI?r9Rpz4E`a;RtAD!sW6pz#TNm-})<3_z;qKLcUV>tu$bkAApk_)3 zUlv1pCGDSPfbyWm>m@mNFAj3G0t8RPV=;Wr!=1zg!wK}pCf`l^`-xy~ zaJ#IQ(R9|EGeMuEs6qPE1|$=Jc=5FG$KRX(bIFP@0${fxjniWQw4O%!1sJ@?gTHGY#A+|gyQ`BeI|>mtQ5=5u<$l1odfv3&`0rjEN;8wVKhqZW0^Go-Vxx0u1bM&rKn<=< zpgoKM6Sre;3hEQ+M3Of5rBFTfFt6a=--nNc5ft3j2ITzB*Y;Kos})-COTY#J`R(~a zfU!u*RarVMCsjB)#ePh`2~fk}6?NtikTM?w9Wb1L>~gpL^0V3B<9V9^A|m|fA+Cs* z50ppTf7`qY+#-NV_7^}H1M1ziw?ajJzrTSa1XRp7zi)qe0h%wc$bcrPat%dle`YEv zw_}hl-hS#y=7E@{x~1To;K)OSz-fIz(q|&M4N5~1 zHvyhEw|oTk`|3ju>1u%`5{f>J2%2n3KD`X><=i0=E*V@-`7{(YDZ zm|!Lz;8Purre*l^36!L=pn1(TV7rh3njx9IUIC^O^Y_Uq^SOYyG)NCj?pk*w)fG#F ztFc8Kf@%6Y=kv-!0mRYLuRi&6z+lgWP|F{-f|fK<+=}4)nF52&i98Id&Mtd9H)jp@_#28TosQ zG=P_alvcgRk~K&yGcoi_?ePt9?IFub z9jFf+0Mk(pRTXBH)}3TfKb}>b`#?Eps55Z94y=DQkV`S!Z&?uHsn&qksv11ds42;@ zy5s$EM-X&^`VB>x{{nAye$}-9c(&CgRlo-7bU`-ueW@^Kb^6yyjT~?eRs+rlcK6rg zdoNu{=r@HUa=!pppbWT+A1()2a)>TMEm%wr)+fgS?I|*C_VonJy)mev&5!I_^B!41 z{*=fa?+!zv=|lX$dHDeFAQHqy2xYfZ&t3_vw7Y?vU0C zV6O05c~K+n8Z7<`bS+}Oe>kcKb@+jKjSW*$*d@-(<@n4+8_=PE;p-CHYx%&VTG?GK z;kts{b7el@F;1XCF04dx708z4B_RF;#mqvMXBRtTnZ|(?;g0`mx!O$q1*2eQ;K`HA zdX5GHIeX4r0Tu1X67bz!H4bSvyWRD~c6LFR6LFoOn-#Vi(Q9!6N-!vF=hPf{v{YCP zg!^%jKcqQ&u4$bE@stQYkkC^6c1+r!%;;u()gD-MK{pPU-`zOCHhMyfG;jgWGEMVh zzNnE1SvzYA*#1`8wxO-B(RXK}#kF{eI+Tcn<14U}>zva02@-SPrY;U@E(7HV=cCkt zh;D^QYDcq?uRzce!-?Wfo+QeTLCytW25Bdr1kDz}9@-U2!D0>d$^lJ;#++(riEA!s zW=J?bo&?Q=UIs4n)dT>Z)Fme#B(pgDzHxaAk&r-kNgW4>z<%0YKBiq@4C?t zAoEvWw+Q?Q5_5KdloN-Mog3KQfI7Rx3fDh3Hhrd>vuJ6_FmJGnt+0l5K+}B!hFnUF1|Jok(CcT^i{2&vP~yUolwPNw*@1?l zHYkp-2aimgTy4&qGK)*tnscRM4G^>2GOx-UpSf0^YCY_ZXZ`Bn1NEl@b{fc9y8rD- zV!Z&dqakQ%w8Cux^k2KyN^u>rL9!MbQ>d^tdSyO2TI%vES`!-beMq$~7xg;AHwXGl zwutw$Oud8F>KLF^Cnt0QPsrSL?Q(#P88r8sn8z^eaLD*5fEltuOx>{rD5#A^mbmhB zJMxANahYF_zztO&PG4L!ZBoXr%s2scT^QU1wBNHKZcV6lJ?3%@O+BvGb~4vTg32S%zByC zn^mAydMV7OzoGq_xSI~5XVM>(EnK#jL=t3d3SOZ<@BRRxIhXlcad3*|_8VXQ*s371 zJ^m@s#s^5hD2DPRpxdGNW}^u)KWilV7&2*A7qq}RFduPJ?xr$9bu+bdhfv;6$Fks_ z$fc%8KbCW=zd+8u_E=+=j)Yze>(aq>YjrpNVv|Sy0ysW(-i7#vSgNGc>T}gc1~T(_ zX$xhnM!rb*23{3!&%PXmX;+@3q{qz*d#72&ED*VveV1CAM?s4WpBXMW864pgPjN1a z+srpH?IupQMV7bI>9?A0bEB}Nt5=rK5X^!d#>2}GtqNU`c9c}7oBw_=)Kx~LugA!pZr3Q7Wfv^A zIZ=2o?Hlv_v%u9i;=KU^6NN)3+$x7$IM8SS1yVF+MlF9%*b{_h6??MYnYu4a0&^}& z!XVx%&cx7KZpXl=#vYZE3J>bOgtjj|nY*ZO?AguLrlhG&_yZ8~lf_ax6W|%G z?5q$;IB|Y|Ci&}rAJ;}h9+c{6yqx5!nRT{1XSK?zW#vfI`JdVL{lH1HVt~UUO}!^Q zbsAeg4mK)xFkW)vW=F5kvpHXzV4*HKfqw%g<0fQEBr+T@*z5HxR>9x&{_z3`+kFMr zWvQ(LKu5~7bx)n=jvrCV8Q$a6PprLlIyhCRLxJXDG#&qKoVaY%)Xyg^<_jt6>DOm; z8kSbWYWK&ibVQ??a%fO}B3-RNbpttk2ZpO+)4A&xp33?;GD#kbe5;XZydm0Z9+L`t zTJ+;@l|FMH=Hej?x|Wr0S>DQePEc};wne`OTV<6=JnGg85CqQS-Q9p*F$Oq(C)T5FZgiZkXqo?6Ai zxUDl}PvQ%cQ(7u@R}6l}FJAz?ZGKU}^L!k&8gpUtMgGC>mzigc4QnHfoY8Zs<<<#w z(Zef_rw+m?j@y@Z-gJT z6`>70F*MyCYwdiV6Idq$`bu`e5b;%?6OfhKFI1uY^CJbkS*HdrQu$Yto$CdBCN2?V zMBhr)?1q`%$Eg{l37ErL-FM{*;a_b*H@TP7rA`m#ATg*u^(>p5!oU;nBgXHm*$=cc z3xsLREOn!6Tqj~dXPrnwOvCElA%Ig8gTVb$Xwu)kv`JI%u_9fO^GlHHJ9b_G*e zePzEZ&-P_q6>|_N_=ImX5xb~;?M9#;I?2M#hu$J=N|z0t>(xoEMc7I9SITHNUOXQr zrjqfeF#vLb7tb1&ZW>Gj^>7RsjvaRsX@$)-pK$83*RrNI>y!HdC$H`wzf;wAA&#C) z@`}_`a+vj)wXL`x%;3=#%acfWd5n=ehMt$rexDk+us|rLq4~i!=7@gJKq1g3Vw9Rm zHx-fhcEtQ{F((ZQ!|FKaK}(7}Qjuf39bDPpMu>h1XU6q=6gnp}rX>)zGnn{ON$OvM zMKXDAap4tFn5r{M)F0(G_e&>&_2!0DYG5`C&!Y>NWbY9MOY$}&%1U1%q7J? zrGx`rPqlzmK=y;E2VEK_^h5P7JxzwSjUVSmE>hv7*m#Gs(Q@#@tk5?R=~ll8+JlXD zMs|gQqIe!0$XNqh?4z>E!a!-Ms zBr)?kQ)sL|xwFTCK`q%hC6}pjYJtB3S+%7O*Yn2mr0NK`3Jgrh##v46B6qYTV*D&9plM zi1MD@pHJl_RY#-jlhW=+qcJex_j9(mvg{v5R_Odxo}}-bkDkxesEW!}aaIz~f`l8u z#wl4C1Q7^OeH#pONWZZOz$r38MJJrQ1fH&_RX+Pg(};Zjt=AFi zy|&{c^6#k*+Ifux+C>e2(U|v*mwmmWzi&lFBeyI5ET37t8*A(uE@gwvSEm>AREV`; zC2G)avJnsSwmZQ@9m5dEGgYekrpc zjAm)}o6FFC#W5q)xBo@S(VuE}I~&l-Ko>aOLwnjF5wG&4$zk~3qumSU&w7H=J@n(w zdx|jjCp}hMKC@)L%0G`^7YyuIIoARQZN&L3J*s;vU8 zw%!?5{W&AB!T#OhIR~lq^3nVP(&iV`#$vpAUFwexaR>L3p3zA1H=!HRO4#}6Cc`I| zZ67Mw4j%WnFX=XRq|kMu@AOsbE@##@%?C@VMh|zRGvaD;+?ScVnF|;9-3x@e$KB3f z@G5ZHShyfDyECMgkkVhBwd4=rESY(iF&hn3JV*QmQ4@PR< z{&-PX@YywmVPj{u*8G)A4D&|)?1Gez(wlv@rgvh4IO4Ai8wa@cu4t2@!iihU)YV_` z_6Zw%WZjp=z0)Ownn^UJKeZn~0aI{}R)iiL!iqpX2QD{x?(g%w13v_v(R!5{tz_fc z8&q8opj+o{S`=WXJU80ler~$Vfx#cc zOE|?LW*r{;*mih;ZL%-YedCz5b2j!t{QJ45k@(_T)Sl2fn_-;jyueonh7EQx+)Y(0 zS*Wi>eu`9&SO=b@yaRM*c#J={o5hnQRo$@pBlyBz&XZtywZUOE2B6$pMY-P&_*8B65=v>UaazpHk92Z&$ zZ5+_mASQq=nU>%>Y$moa=5DL3=MeD}%&ivdWkgfHTZ9Li1 zp`J2oC#MkKx`l(EHl~XY77>wKh;Vz|dslX2TVTMmae`_#dRVnhUX9H)+<%ayWU_IW zR;j%~9bv|%y3&Mr@X^zmC_4>iKysc&0KQooH7* zlKC&Fl*SDLu88;y!V%R4VyBFl0|G6FPMqalBWPkQ{1ofDDNj9RobW)W_(QGhJTOH} z@wemAM~{4=`qr)nYI}6hAu3|eSsvE&_M$}@xyb7Uvx{)44R(<}3-f$+E0v$XY_ft; zUgmR}x{-3H+5NmQ4b$Rjn|XG{C7kmjYJYF)ZGyn?00 zaTQ-qG~X$o8FPL}c;_kTX1snZfZWq4q z(qkVcXy z(GjME3af(wmZg~KM)`vI=;!TxjT5wAA6?}h6vlnSV4~{Ynfd{C1R_&)c&!v*y!m*o zY3utGzitQdDEcmOTGs=@kmc(;KpKDm#^$2qewocW@+J)xeCn!NwjGs{#Yn){8{yr6 zG0yU_bz+pyC@vG2&1jX63$uGD#=XkII!D;>p3js9F8WgcNu;xWdu5w!xTFK{jjucC z&dMobDV?*$yrU7;3gM_QsaO#`=`dhU{QqaKnza?_j{Y9|Kb2QQw^^din0OaM2iybh36FwS`5^+@VuTRs`rzg=0d{4gAqMfQ;}!zy$cGiWL!q8SLeinJro!4RuL0C+{l** zL0KXl%h9LdY?Ufhr)MoCF;QktSa`vi_BXToWe@VAQ0Tu}&WuPQD+(BPZ$ zcrIC~z^B?C^B@+%Z;Yt$$h(j|JE@W+TS`lIE(1kf@>VP8_`sDCtF3Aj`y=YpGQ(N zVy-`GMcZ%FW7+^aco+0xFM3R#Czd3)8KyVHnX%5bML+Pa>^5^rPFCAK91%0_JNEic z$ij6=3t26eyfxEK?iNdON>|_0?xFEJERFKYTvmX($UU<1XvM`C^G{+CgPR=4 zw`EcsvB2!YRcf|M{oRhTVrol=>tf1EL^Iq!Mh=DN7$n2b5-HRFkeM@=K6-VhDNNFu zd3^IE_}qr__Jr1XP1y|+R?1Qfc@+V_9!6fyklvOD#&*ksR;#A7?{I*`{T__s&e}K? z&So9w89CV++JObF7gU~qy~i1ni0*g>N9jtiyb_u6#N1()N%8f80XQEU{8r>47a4Ls=yZtx<4sz{_4Ehx zp@Cc824jSvzVjgo$jSu_;9YZJ*%mjV|HMN+&e9@aLU&hCbIfw`*Gq z6MZ;l)~xI_l2_;L0^-EYrc!+RpswY~eJSk+#H@l2wW0%8fSZ+1peO->`28$G&O<9q zv0}7;*I`6h6aVoR({QxdLMpp1mc3yL0aJc1&@4`#G4DVYPDG%sPSo(wM;3jt|7*B? z*%Q(mp1K<6HSv^Pu}ah7nSI%EGU1_h0wLilex|9L=LIw%8O;a92K1@iI`1wk`g| zoDCpF#rE1?sZYu09rr_6)+BOzkPwDPa1I=ZpKG2lro)W}_slPCo89Z6tyZUX?6?PP zy^qSoIf|ASSsyqqYCWg*QrbmCUi95wKv-X&RKsR*Wknr&fdMy7lzTao7TcU=9^Sr;8ni+kX^isn1a)TrR&&!95!se!?G-wD10#wwK%zVH>HONL(BWqY-nvHLq3xu4S)6UbL+u#!BQA?o6Zy)3+ThW|Ax7c|z zT2p)oxmr2Tx)I}tWoi!>y)+P2#zU1H`E9$fhO)QauvJ)LA$-zJoiR_Lk3E^-v~~`UFfhXzo@VkdMhFx+*L@qWgtlqp1+C`?$Xy;Rg3(mzSNp}#m3uI-n zu!e?J#bmLNuh1C8G?}WGPqFZ{lhXG2*~R(vu#pc)a`hQcBTT7G+y^469^Y*$;~+hl zE2UW*%8pw9?%5DW-2k-(iT+&kY%e=rz>0m&=#<^!z@=7mp92J?aLTdusj`>|ab-FY zI#z~K6*A)?uhpWNEMK4`h4IsuclviVV3|)pIrI;n=0V_PTgAz;OSv3qr_U^!OJT^E zgb|D}-6VsI^Dv94AH0#x>)*|luv|ejiXS5yG*WH1Td>Q29wRu^P7{n`X-_H-LZeQF zVxz)TW)W}^VPYips=TtEAVNo7prcbo4awHArn1iEORubsOheq4IL#86w)x{f1dP^dsGrvA!@1b8HsYs>RX(epOHNKZzh%m`Pwq)B7UWoo0I;~_t zYP3CwkBDMM?W8IylLqc=rr|w;650lD2Gh;j1s%Id2ar04lztDny|`G%BiljLF!Q~) zn!_gan-%AQu@xN?%7?F&L>WHI8%ORh&e$WX%rziH7xnINqFf3_^I_iWa+0f{Qt{rx ztgLG-Ta8#bl>p8t_deFa)5|NrKLCNj>Kp_eMiAo3#a4)D2h)wkg*D+?`9h6wdRZ@= zxV7Um6A>R}W>%QOfFXg`geXb2t1<4tV%X2Fv6+gE|C8_bS;tSO+eypcomrH_u7$6q z7y470Qhbn~q7x}n{wf=ALB9I}_-TqVM%jxGzHU)$aqt+-ZJeH>oMIhNmCD{FALu=Z z^5nR0cle!G_Ifyrb=1Pc!L1)OuUL<)-NV1qH$M#fb#)~CpM7x*nN%dORn5invpYvt z@m<|%uwy0V)RxJRX+*y6fMJ>4)laoN(H^wdX-a2P?14vX82J!ykOdBLz|ykJJE&*H z0|x9?8x0W5t4@Wqr~n<-@KB|NW0s)7!*r4syYqc%u0QY@GN0c*W3|(+E^<1NHDPbQ zRAn|kX!B#FI{r{<>)KukKSHr8k@MrDvLe*x)SsL@ zS-zFap%_nne35q5*sq6!zy$=qwaLAU_c&e+o8kpI9S^-vN$6T4`JD;^Sg4(y51z*1*mO+4%p0llW2 z3-uom3}Q7pf=B=OYUw4#Fo1JO;FY&A65iRVw8FK#wGA5mBtnb>p1n4*Ghu(8cPaxx z6$5Ib7Bi5DR`JaXnUywkTGr&Kf91rM?ce6S_4amON3na8kneT0dOzjW@WYOpBimtf z$7Q$uVBDFHS)Ma9muf=3KWwa8in1%tWZEx029Z~(mBq@oSkbdDQ&Ie?@+w;w+Nva0 zgovZ|l#RJQGgSuFetEky$g5OJ#pCp2?(Ax<%ae~lIA;2!T7PN4vtuIkOEj7#(W2(v z7g{W@aMaB5#-W2&y=}yT$n2*JQ%YplFS_q!O>=i|)UK^awtUxqdnv{7_%Y+nZHfBF z%b&lvN2k>17TWz87Daf0Vs3SQ_&Mp`v)O$O`sztsDQuTtEn`6W?xkJ4EiY9C#kCgLU`4aYn?$D6{VK;esAR$eH{ypEIP9+$F9@kx}( zGIdvV!fEl0pIj))A$?hO!@0Lg&EP!{_anx$eWK6@Bd;u4o<UbtM>5C>`uq;#IFcG)lHxWY^9jd5@4 z3pGx@lqE~Bpo-LmV`3-hP1m$^lGwfQTnkaTx`TnCpKtGe`(VYCK3z_}Ci6N;2uqhS z%5~+nYK1KP+7&$7rSDMj+#^u>k8ioq_-XNF=9LI0LV$|)GK>)mdYV$lof;xc^; zuPwXLzWo9+ANt5IXe#N=?#*Z#dNtQE#F?IhbF3<_KU|Y|uO5=d7#v-%P+*U)=CE+UkQI#lww^Pm}74*VX*>dYj*TneP~ z^+1p!3^@qhw3Lm@SqOyFHd4ls6OamqwtkRk30oaV7vo9dg3HZ?uMQ=d_sGG-mQ=aV z6StkJQ^hM5BNzMHzG@q@SQ9%uXpb&Ga+1prjoay%x1sZD%20sOv{PRGnJuN9%Pf;8 z&1>xuqHIq;KLvg?tlhZRiJeI|soNO-k-!-%BN4o-r1#@sgA+!7cye;kBAK1%3`2B? zJv=5g3vGOmNI3p~vG<-~O|?<9Af3=d6OfkBdzB_VL*sN(X@;2m}Izj(~zv zMJyEQ0s_*TO0iHvuY%G8QWTK;M*Z&GxzGHVdFJQLFM~Nb=e&LIwfA1DGA8-_>dR+o zR%xnaaw(923aX*1GnNV9oQ{Rg2lvFb5$W`FHztlTpHvBbs{lkH6r#c=ybV=$m4cD% z^9GXw=gD|S;X^m8XQ1W9>yec`*%1R)q!7Mlt}=hfdAr_*VFCSZF8KL3Dv5!4z?-am zK7MX)`lVjRN46}+GncG+-bXtKra;_#m_^R-AJcD91^nbzT;_JrfM_dnsQq*aux|t@ z05ph-#$S+oJ-v@zJX=8i6r4(Y7Zhr?p8lTaCid=PQgo7!Q0U9Y@!aojiW}eswVN5U z4A~yldar(mr-~G_dfe6hZ%?>O22AuTe6XmzS<-3>$2M_dtB7xi7?|j~=`6@jL!0Zg zs3oYVJ`fmK9GZC>LRqZ`&mfH?o`>N%RNv;^=XRn|S-O3#55h49pTv^simQ$%Qt@F^ z=dNF+?m_{I40O(dEn3Uha$;q{Q&|pb-6yg{zD19W@lCHFAt8t7D*HN(&}#-j$spWV z<*v~o$~p2#sGvFnCY*7Zyxr9UYQIcu=fF9X9j?>BZf4WQ4PPw8;2kNke5zfE>D+F* zii?i*9EJNJn}TeMdJoE)dL9y%Gm>rVsw)+3d$YV)unN}DnA^rw{hnU25YtkXyO>xCns~^OLJM_Wm}h^t~Q-c7L&^O6L?y z*gDnxcYgs1F}>wdW=swwE7mj~tL@jXVb+1BHS*|6eNsQE-+p&Rw^4OtT9!7@08au7REuh2{<8FlN%##E zrKSLo*bs;w8q}nQfa+Ru@5ET{?jlBSdNM5Oc81G(3j;L+u^p4f0YaDBKYE*qer3gZ zVf!V@6rTgHNkw=tF{?Mrgk6i+73>$af-(&|m*>c8vA~43*-hAm{rLoX)HRCN$=*<8 zT1L!Ut>UVjA;J0+vv|BhlpBVtR|WAhoh79|<>&b)FOq@&Z?az6V57n7yewX_2MF%v z#4$2eoo|dxTOU6rxW^a`v7#uLR>dav*X+Fh}@a27DII8r5MqzEbhzf2Zg93y*dOi0vz|Orw@1Ta?S0HX)baN{EKRP130J zOa2=c7!6@qQq6SfU1eeLD-abWBGK+9A`^!o<_QSA<4;l zJELJVsT2npfC<$kXoti~SS^a%%!_>?c0X63nsne0a>3D+6-{gs?Is`CEZxH2&;Et` zPHz($+AgmnLfa8-ERVqAh*RSD!h<^U1X8~vsRYi3sv%=!;k2+5jZB+3raq||9xR7y z7gp{U3A0y3M@Sn7Cz~LSoPh#oqO6q0VvVw`v^LmRi9!xo;Wqfnd3Aj@`WSXHPNYPhL04sZ=qO2H zw(Q)eL>l*+#$Qx7Tm@MQjAr-#^9U4Rsc|BXN@w6&$}~&)#teZ`aIUVbU0#hP;uJ`1Ej$@xtYry9 zXJErTokL#d4;w3CcjAZOHK6dVTC=c=oZDi!QAXEpBk^9y-s%ki`rmt?)xAsZ z1tD*CM^%1HuMzCe#M^=bY)3i=*N%pTJtXd7MSfOalZf`Ys)smRVNBBQB`gFhl^6SX zl+#@{R|MYwQHMC#0+R3i)~R%f&JThZ^nwo-U(z;~W9xcF6J*a>X6v!Oq6M+;$|!pmco@z8j{-rW1GX^oLl1s z{ru=mT$;gsQ}zFbmxB)s?-Nns_2b-1wm^1xLQd0MDA7_%M=*u16kk+sP#;lOa>tc( z0*SLa%H#9T4?U4NN@%3^$78Pebi-A+7>;}yrnHn`>k;V2sLkaQBcfF+3ZcQW73CcI z2TqA%?m><6#mf4ER^Z90_Q+WKS0B85b5tX(*akFPx)9(qdCqJ3x zqxc@();({n$2FD1vrPWUAkDsuLbV$gJA^ImjY3$ z;18A67-WBt)aC5yx`zJ>Xl~?EsR0<~qC8(d`nQKR_=gdti%F8f;m2H=W4#GIZ(yS= zc9|}H{9BZ*L7&>2U#^syr>u3<~RJ`zCr4F=$+X9XU5PIklT-}ODU&^aEf;Z12zvntgI^wX*yfv z%)%`fB7@KiaL4b@J9krQTb6SW}x-R(d%d1c%+3rm_rHm@@#JtcrD zcB-D;La_S6=^J$K?ll&_$M_A)*BhB@R(c|r zk`oN5;mR0xU-_$2zgBL-5f2(l&P{f-+skF_hE}7RY_{}&Q?92sM=DMJzFo3apZD{1 zufj;hz{nMja>rNJ-PiRLhZWC#ak`Wh28t(TF?#=3 z@@vhC`=#Z)V8?h>aQ8odN)8Fj6+ur`e;6>-UQ&ukgr3sN!n}#b0@6g)^djIr5ayjs zmPVg@BK1+e+&-Q(953N=@5HZvd40+5%#N2&?ro`GMw#=f=|59j+bd+Q%-mhtNOMT# z;)S|+DZF<@L;M1KcS^=>_TN3|E*^!ioy*)U;_bTKxaMg#5GT7$8>g*~c9UAk8>(wa z%d(MN%Ezx2zPXr17pvUM;GP!>TY@gUcPtNFj*-w+9lIG~+xqzt=WxS>s;K_A58lJO zLknAJhw2~h%y`K7Xp>kZzOWX4RQI4v*u>O&=||3gAmBO3FiXolw zudK_{fXfZ^T1r_Xj>*Fcb)rQjZO!*`z8!*?u`n zLH+v_F>KyvoQ2eAq=|pZz`nX%yp(t!$7q`DBm68SsItF*rya(pM;D(&h1KG znnS0iM^R4hUP+A-7CooaB@1xe=-WpGKh zEL$-zHEH7(B6 zXRbqa;DG+b*wP+#bo;K7`U_h3=%0XjRO0KwRZy$(d7`56^qheH5Brk;hM9}sI95@>n&<3uf2=j3U5J^! z(&d z4GMP1BGkTt??RIgk?T9OdW!IuSdLK@&ju}cEfoVlJHNpdm9H78!CXW1MZDH<7fbu& z&X`A{p}vKMGkZCyYP}AGS12?hqNZik|<3^CJ1!sc$0_m7j|;_U~aXL zixyf5k&@|f*FSA$>nEMu4#R^1MQ|{hvDt_ERx-Bg_y`{1G0&QtLNmATwLNwUZQd%o z!N&SK5ASNYwVWYph6pLk1w38RzR#`;gV4UAyJlM9bMgNzgW%;W5RxnhD9=@^ez-K$ zQCGu`6-y(40XEZ|CMwVk{sM1Bv16=d3Wu(r*QtYlNL>W!>oLF#+M!~0>}7L`@finX zsHN2{i^NY11Iu#Rt4Q^AsWx<|IXZ!-=nZ&wAQxkGwJG3fzE7k8v5k&>KTRZ!l~eDG z^YRHt;IZB|1#wj0$m?)6!PH}fdN}mT;Utx3u!b>_(6AeX-gK36VBv5YWBzri-Tn6RFyns_%ah6?0 z%55wtXm7)X@I)|LcIo{hX*E3*7vx!|b%Zb$S*Z7;QBK6=H(W@7Omy;X{@6AZhSSxa(VxdJi$o*tU`xS`dFCDJ? z_Av_Cp|fgb2?InvK0^{~luuS>1yKga>Q844W(+-+*D4yf#K|1Rj`lXEtqYN-7pVW7 zz7bFn76K@L982J=u?Rk!W1yp$s~ZYbD$oKoo%(3VJTZ1i?j!w@8z|AcY@k9vhGzhk zAFLBX$S$he$Izyl)TgBM%CO@J9pmlf%FeaLZC8jzWJIsy6)An#c&fDKddjzmIl-DC z{)f0v(K#!Hr^=z?^uA90>qQ}MMq)PYlT|4zT{SaOc}&7}JkDTvkdrmH zj{t|(n-`=ES!@^s2^ps&#`364jAHZLYptx$3`NrnhDR&kM;(QBUFtcB=NAur1Q5w- zgu;KKe=rbhFf)L=Idab)u5UV?;`>5;Cxc}*Tx9Q`Th1D#<#|Cb zt>_uEU@EGQdF3MPc8)DpPmC<~FdRccUie{C+Kx(>-BAP-bkzVFXz}B0V|obJ;(ljm zj(vefks|B6n4(X=!STVV#*k`6AH8Vk5TqfcA+2_Poua1n1XL+ve4*E34zVI3N~5%}SqW+84Sckyyvo`}Y??tYO;z+q#*1I!!JDFJ0|Z&S zc%72!{QAQe)x3qtuZgO@8ZbW5fSPsjKMBogYFmssfhOScjq@8)Ji6HGD4Yj*Q4djJ znS*AL#&~%XDSaE<+#AQTGEucilqkggjtQcVBTuLG!Qfjt^^kqq`M4?&5mw*n<98fD zvt=3Nsi_PnkgGe--P3R3$7#mhlh8-?Ld{T&khlIrmrOHY0&bIIX(0;GuFdGUXui6+ z+0dSlfu<-!M%^+78T}aK8xifkxs9?b8HXV~jUSe#6I-8tzGwet&hSR-s#FtzB(qNW z6ioj5Utp%cVG-mSzA?szc>jnA32|kGt*?9eU5u1T$|~Yhd`bBPejGh*fj~lDpfeC> zAYbQIu*y74x&lj?t}wAwaV)FvK`{{Sh(U#QWGZ_ja5Sn*YMHdwzB?pT7_J=&By^`& zd(pg*to?$Ax^WYI-=9BIJ3k}EQ~X#> z@X1zEHiDC7sT4Dsf6v5bK!R!h1FCrL2wO7x6=kL*DM-1zNpr?sOM+ zy|uy2!qbYQUcH?QUYz~0=6HRoKicPO?v=c_`8OWOxK>w;%gr4xzW%neO)|^oDClzL zU>HwY)@qYwVUh8vPBHJl?&l=KE?$Xg?n?iF1i3Ic?j!~y;jNR{Ik+P3#{Tr(K@1Gp zT)Akd+7%z-*vno`e*gI#D{P9okV2OKOg@SBjm$^0jMs?gzxqg$R}*u@2vjAkcA&#+ z%o0-PVUozm$zl7>O7shX@*#zGXy;*@;+~34avK_>{c>%hbrE8G*aL;6tPJB-aul)-CE`;sSR9OeDjfdZEp`Mq zW+YHUmI~Uw{voRp+yBeb@^cE7TbQA9?R=7zyeQ&xt49e7>?zT*6%1pmnlz3 zEd_PXG??r-)P&2cr|JDv!=vOaR<&6C)m{(k2pU9B_?DwBHr#7g|DkyyW{XqPY++Uq zViG=7=_$1Je73DSn>7KI zVANFp2O;-h#gi`@CyT|7$v>ikNK7*6EqeMH{QEDwb7}t3Yv_XO=q!-?uKM7lQdYB; zbY^`peg$yp!bRB2^xYXBMB=9)oU{lp2vWJAZFJ9?6GT1Dyr|P zly%Q@vY_<)o_09id9Y6KNO|Pd;eXvrM8R!WZV}v#;TQpW~>c|i> ze2hWe^E!a5HX`+G8Ao@!V~AYIpi?2M1hA#=bgN4&WJy26CqUv2 zZNppPGyL?GNWE_9*NMd2v`b5keYIU2Gx+O8VoP7=-hW+98@Vwt3yP^(%ku<Xv**60gcqyn z>Fdvhh}ee;+C29GMro|hO6`X&=-Jc|vJOyWYb~fxaFRYUZ1|130N!!<3ktg&z>c7p zcmpI3C<3LVk6t@v)MG~rxlb6R^KRts3IN+Oke#204|#?UGx@F0Ix-Ur^6AS_Jecy= zZlCxPb9aDZ2f1uCd#RL_(_m6DMFI&xn+j#3DE@5+(OLkbf{IvNnaj@MC&+ZUliuK_QB70{80!ugsk zIK5LpkMdC_jU1zp?!NB+inWnj(Zdo_#aAYFM$jehlEAjksCP$A9w3L9`>Gvk47I^N z2h=NKs4EMK$5RG?+A=eXGWIwY#QnN5R7j)Pgda`6mAeL}mFfR!T7d?{%LUm9uYuH* z0{CZWP)9Os7zAiYNGsYveLu4r84E;pMY1ty%L@q1hQju-Q2NAhkdZeEswenW?*ep9 z88BbW&7I7J#xehTjHH@j8EoPT#5vY|y2u$_1v}TLpZ6mJDs-{oVaU0cO(^^VlqUv? z(1MjKUy96xY$b)nsdcI%sD|{^7$&~X9k-!Lqi~M^8wsP>^5VNv;t|v*LW0p9p-&Ni zl8+EDdoXL3XvW{W2hB7GYtw4=9|1;NAh+zi4K)|mS8meQ9R+fCXY&LFs7-tp;)G)q zp$d@nmU~Arq#HTp@QgT}B@_$nWK%Tm)R6tmivD(@4^Omdx(K|P2H!OVlswNg^P-GR zb47!{KCnpKmc~%>aMLgOA95Q}-t*^VTflI>fx-#A8rvN|Hm6lFF0z^(pBso^JW3>A z?N5JMppv1rpqPR$$FqI6bHHw{(~4{Q+f|M&ASQ7GXH~=UXA38;$@wZ;Ol81*r-JIq z&S8#>SfA#zODQ~PB)>i|GvYOf;WsLL~Xv?mh7U>OCz`>-c*r}AV-^a-fBv0rK6`8 z{SgJUs5&L>>|PGNVL?*+KT83uC=?7-yPANJrgT-#JME#+O1l-uL?~cK)|uWLv)6FYoQv z6}5aLg6{$aHQCmNC?8F%T@ndzQ1TOwf|n?CZq%xrG3b%35brUQx*){*R+q0 z%`F-@5+h%l6#wtrJh0o9(=$&nTOjHOJ>R44uO>ClGMGBo4f_$V21gkxe_7xY%&s%H zfD8lcIIWTI<;uUjG#7A$igK9UD&XL23ub8M48V_l$0B7Wd!TFU`d|K$S2PidXa`)lSb(S!Gzax8xM=T+W- zrwe4dl}P?G^=^Y7#!sl7C7`UV1l105PJ6RI5Wo3Z!uEXAcfbOe9H!dfJ7`K6x-_FZBX$35HCAx(g&XvA7YP>|M*|_MGyk#$ z&1u0`tj@O$frWu)(gBa|qJ2L9?>#pN@2MVm_iyJK5#BSdeB#Vs!>JHaz=C`SC?&iI zJlO=Am^#4WLUGIk2ymMKMN#LFzW6Jaupm$%6w_J(Fspq)2s=SIPRuRGRvZY*p#;Ik zliAagd`ZBKr5LbkZta>Iu%l4~_^f&eQau}!^+OF61P-L@^(uG$0vlnnH6h*YTxkh!(PpppqQ<6k1=1V9wC!78kUimzde>gM)C}%zdVrbN{|a8 z5OLRieP}%al+Qb_J|fV{o@{uB*8rLMG1xSOE$pQxP<%R?-U_o|QWWWe!OejNU$SRq zI|apkHNb@v*=K$8(T$ynlh)IdEv>B6?O08hDTb~e1yS_XAhAk%(RCq=aQxKn=byV} z3RN2b6_qbH2xMk;fINHxP{ckkIkB;b@6D#q1W9pXWv5cMjsI7z0+LFykaRkwsgHi@ zLk7K)CTXIkCBkHX=8s^CmME462XU`rBLHEFD z&W?ifwPXk<7*u!wxNjx^zszlU*Fjom9AHeMBT)!F-2NB{*yTH~hz$`$Nk>7`GEO8c zD`Ajgf-pUh{d5lh^(8;@$DF3I@Wb8g1ayNOh2KhP}7Pf9L* zP;2KTg@@NC=dRcj6q5h}tuoFL)UdVFq*3#R1rg4nVN*Qy4_hR<(*Tj(&p$mD#wBV1gFWErgZ*!& zQDkp2cV`VD0fv1I2>WI+Wdf~u%6^*|D$3fwfoy$W?&wXXh_BpkVZk_Y-OkO&PQI!KMueZP{5mg(h-LE%;Uv zYu&5&26+Zw1~U(;K|!#h*HnYn_P9%1x?Ynn{^tVY*AoYNl$d1&0nE;Ft}d$n08)=y zk*|Sxnh=1ry&bjyXB`DCs?{DG^xIMgYhy!zByJ>@bEFq@P1|^{RHu& zM%!h*ajo33p7XOdCm{T{f)ONS>i`{60J`7=WCSu`*i8RO7z04P! zl{wufigVdawbz{nnq6nGOpA8`qkWPO4~DX9=tvt1(}J=>uT3DK0UHwvP$}dH&}-w? zeL=$_gYUSawxQkAjt71yeOEr7kHmC7N;xWY2&77)G%DdsDPgEH+C)@IZ_hZ;52|j| zn!)0*HJ~|)bLedXOPbE?bW>2pSxy)E%@r_3b=|{3^cm7dx9~yDN*bh~E(Hrs3G0lB4q309q!uqrWnyc-2(=sKb9orXs8k%El3Cfso~c|* zHw1O(0I>{?%Rn8#16S#&7ef4;90wi!P5_se(GDpqo9@!L zGL_5H_kV`9jpArh;E`nBaK~WmxzRnLY!9XuQp=P%Y#*7w2l+z{qn@E0OUlsj&q7-Q z8%iEHnHRHwGgc+qEa~5AFUxN%R!D}3w~PoyC_{;%cLSfojX>GYxn^2uxn-MH4^V%2 zqm>8COO=IC@sLq3g@PQ$_9kK~Ckr0aj!kg^9wstvz=MAQNB2TYcO1TKrN)nD{IA`!rGwFqG8x&B|>0asSU6z@^fXf!F(f8#gmjXN5?d z6xC=hWYpbCxAoLL2AeQPpURM2kY>#ibC5}7MEha z%L_<(d2yY;+Hw|u_&JHchubgTi(6oYro5lZW^v)9K?JyhW|7b?#T;^k!1iXy{K5Bi zrV4Q~=6hA+ZCT?U4rb_mtKQlVcS$sn9J@peUFzBN9xPpJAIL?wc%8^4@D#E<%~dR; z(ku0=rULq_k$HLlET1$)fjKg6Ynb^uSyfB{L2v;`iwtW?LCK)E5RR~GSa!`r8ojUn z&HQQ%ph$Jz78(d)BqQS^hHFE$&cnAbx4OyaJ6xgeSji#yIVd%j1RGQm2HU@~yjUse z&1n)zNi6qWa3oodkA#E_?*Z6GA#skGXQfGYwT3Hcw&oo{F`13Z_%9%o93`T6Ca}7F zgr<7ej}6Sj9-6NzdC60PBakFJsvKY;ezFwWNVexoDgy+!&&&d#>pVi-(>) zBuDv2Z=4EY%y11N#35>isW+&%h*5%6;an}`kGd7@Lg`>k@aDvX^H{wuS!aV-8h2c0 zN6AqKwp;7?;P4S@6QYP!jK<@`<`m+{r@+C%i%7BDMg4dgyMnFM!jL#=<|%nT=H^|Rn|YgQz)op# zIJg~@=jv>N;B85^ib|BX+8(Zc{uVZxt>}6E#VG?A60&@re@31uVMwU5syPRwgj5?^ zoEeA(HMpFjWgI9qg!Het!11>7Si_a!bg)3XiG3mGRQtIKW7~Y5 zllvt@+szQC>#4hH9sE}{Q(NyWz1Incd1HQ5@-w`f7Z!DZrT!rHrKIT-6u{!EoQLv9 z;+S;dP2EswtfsT@IZ6rWbqB84t8am=6bL*p^JtRpJf=Z(Q75H!|6>JlOe4^7KrhqM zEYQqHv55s2OveEYYTcrcippmp`juCkX}Ay42Y*+IwC{Fosw^ZaLa4^o(}pry>*!D527d}4^&9L_Z<=?!*>^D`0#C?vtfwSN($YRBq>~pq z;H2XbVR+n+nf1v`67fCaJN!JLB>K`%P=EW!vzp7FNn?|$q-Plc@aYcibI|S+nx(;C zM1uUjU6*_FzK-fuvTaR@AVJgzmKPoZ53MM_P*_wBSq=W@R&bE%>t$4~(Z@L{<>b0i zBS{t-LA9wx_njB~&$?o268h;C=C4AT5Dy@%k;X;Lf>1+*JfzpLm&b3gCdU=s1yW}z zFk!GOp%#i)HL*!|3cKPokYp(gj;@Ju+?EK-g$1QF?d|ceU#DoY4%yRGKUBTINf52F`5S`r!tA7_+-?hfL z+|>+!o%-v}p|aJb46VD2e0EUo^=tlp8d71TY)A%12yvGe%Q9eHpP67e=)8i;c_CD% zX{VrO0=bARnarqrL`otem6P7K)=uXJ4JIQZk4(~ySzq*BuwinK@aJx!XH5L=gAZgR z4bvuBd1jhhfv)o~BKdLw+ToFdW3{i1Eb8J-#xyT!$rZJ%{^875N zzsrfEJ@RVf&z_+#c3?|N7+W;ZlM59e3DG$n85i7t{xgW2=OSVl$`PiZxK*9N)Lez4 z`&l0@?BmtF61U-;gTGcyv2*|6QlU$61^fi@*SmesiZ*2ud{axT`W;KBS(>UhnbTe1 z!Ypi;9R^`W8~ns=$1m}*2;}iEV0mQD0}UksD05)NROADWlcRoHS-9bTcOMP{rh8+G{4 zMYU-a0U=k%xZc~>mBRSX@H9MTy4cfDl+B+>H5cb(GhVi3Ap6u#Em>ewVL&N6Ozu_o zpwuIce7(0zYCydh?OX0Wy@S`yaB<=o`4@z!)+zw}ZC30R5$Rg&RXU0FQKfhBPCf%N zE4FEN2_*ETB8@wpUu~ET-K^@UL{;27Ii8rSD91ZRo<+VTfFs@?OaI^)0K7N{9Qf#q z&3BIYF{^}BC`U<5-hGCr;POL z7QY~Zs+l5cdoI-t%0T^ww=YinH!IVzZ$w^E(vl@yUY&|xbP1@zL)(}{q$S3fsf z2v1MPING0JB2wwRq8VL#g%;triJ_N7}?L#!3KTd z?N_^w-@S4c=oZiBGs_?rgvKtpr;wiq$};iw!M5t|EX91x^H%#q!I_jRn+2 z0{o98vT9~zgxY;n|JLAm_*#qGDmg^^e?RL9e>joMkdi{%=!{4Y_syk?=U((BoPR_`Jh){l0 z*jLva--~_cj0&|n-oWN;Bn`NmnNgIm4FOkykn_={f$#$eNi!>isJgVb5R+OdKcps) zEdXAic!+cV3- zz1%^Vy2bt45;0}~`@OGix+zJRy)Sjis0H==t_@tN)&I#KfrF9JRB89PBl`f-0&QmC z3Uxi0y+8^Qi8zmWWQnbWDXF6alhyZeFbH5-elLim>Tuk8dq5ws-QVzWF7-sJX`QK= zB{b%x@>~QdA_U8@1yTjLuqkW7lh}9^t&3joWrV8T6*YVpOn<@ECIdD3mlw2!R?d89WT|_}5qezAb{9*p| z0%Eq!yyv<2M6vb~o`pb|dbLo1RrC_1LD#YwnFi+;DD+LVy_RzZFBsf zm5rbz{nY8YNf)OsX!hKo3i!oR*hi~KD$0e$yS^_iCG?f+J2>vcbz&^PJU5KG6eT0o z(VjMcqrX+i#1D}2lW#HZ7TPw;I8=iO2Kg}nO9SKBTpVg{4p2J+T0Q}NYLYkS|80rC zkOjttgzyrY3lsx9(RfkXLK8u>A_N(8%4GYTH)uvg+-nwrYWLTMoQWO8-vzp@%9tCB zV$qiE%<(0p*SP;^Us8PSIewnf?z@|SE- zZR3D>Uy}LX-Wfue6|lUn??;a!swwLtg&}blv2%uV#;UGjPDWIx`|^UAD{v90Ak?p` z_Yl8GdKZ8uVGZ9)0O|33CHg@(Ln_L( zwbi$CH>IdOOCZFTA`%z?OE-@i8X)#;fA<07eZo_;xW@PR>!aeKeXJx{5;gb|<9wZj z8X;e)7BFHel18w9o+_!v$&9oJSuT%h$rP?|A6xuC|CxLkpLI;>~k4V zA!7YIfVxRUD^GfoI4uIM=@%l!FZ{DLc+iOWGy)MAh~`{-z*Vu{K0@~AO z`r~>=YU~0C2-O3n#!U6P#|4Cw0A@|5`~FS$8EZ>GtPiwZ$&L2@1zhehiqwh_7XwLz zkNdOX;qCyd`%d!W{-1cZU!qoyjI7u7yfiM-SIhredBvymNa>%`2@7plD{t~3 zMB<-VzvDB~W8~1+`L|?`VaE1_m~lc4v_Qio*kE_%RbGn`c1#gsG9Z19Pfc+dQa>Y?qPg(|=`eFe) zl4_g4#+4%vlrc|DW7WiQYL6QUrVf^<-UIB=&Z94kcqah>>z?xjsh0#TjwCc1gjdc3 z2_yZs`_^v&_#Fu3318E(%fK+_Uj7+!5UgV2Pv%nj+;XySO^}_CYdK?ESY&f8f)KtU za5vmy6afxKltB9emXW_h@*F`$9SpbqnLnmgh6KsfIc1=95&~2abY5Od;Zd)CoB(up zeTu99J)e)HTST9$7eu}}NTN?a5>j9%QHx2Q(X7`huU@lyw)%oab}Wk!yfPvKF#V0= zW3V|WhW`!?AqZUp!iFk3MI6kdn!wTj`f1`N!xi4ltb>u8h zaJu~yob0a*AD=7Em>abu+}ex`0Q8;!7kCULO^1QP!%c40z*-P{0P?HT9RaNYqD+DT z+D1eF!bN&8W9q^pfrw$)pJ^LR(6BOUE3x{wUGe~PAinp^**HQIVT6#>|FS~>9pATc z3fkaOeJ*hHGAR|r{4*RC2r^^x7fb&1>`OurYL)rk-k)0tCB7ujbarzx|U+ z2VQNw;8`Q#Pjm<2@u>chr+){Ag&o|JgtUC~&oEmN;%tHrB~pJ!{aGxy>-TX3et@17 zR1>0g5+Uw&e{K^`i0bhTltYm5MI-wAC7iSN3L6-B1!X)P*cjgQ;f&FAfB&;^i4)6LIy(GqjzLfGSN-x8_=)1yqTCmjKK}D`Ig9YM6nAmih>R>5r-6E{AiTy9%b_qV{ zZ`o@MV8UfRLdHErgGu>-5Ly?sw)Y<*1J5xqHsuCyuuAyPT(~(YxH3ZqOj1D)HM+Mj za8nktn*jt97#TN8*o*(4|2o2T6!Bj!!2i2D{r$Dx&sS(YGmZLp_Mui`%wG~QT6B=I z>8hw#U*4EqQwD@uySbkYP&jaSwer?1*b`K{;D3AUpJ<&VyNt*ph+65O^FQ}G~2x3lfsSvnRW4VgW06oV=-FMVRG~5hVCmG zG#_H_ldCYU@F$(1ete(MS^Z!b=yaaIVF`@ZCqn=K5PE+%f=SRy=Q-tjBGA!tGKJ5L zGYB2}%<7y7+&Bz;%*Zzs)PFzp{ISUZ_-i=v{%r_)f^Z+s;U9^hv#r35(iB`SoPxpm zl&wqJ{}(B^YDi5ipDyxA4(u=mf5&J!G7!kz8aIqs-6#BBAm*dYdqT2BwS2LV09ic2 z0b8iOYztaw%J$=jM=@dlE_wK+A%Pow<5Zv8BTV+5FdgJ%UCz;gO2wMuo96PM;}o2W z&LRpF32*n8K|yO2e0HI;`lR`%jh~5jBf!h?Xk7)l60Z8S6kyJRq;&wIAR2v6GU7#k z{@5+v@3xr5$x*pAmXCB_f9>|rzioN&=$&2gqV1$hRQc$g2M_#b!fZK1!*_)DKepz- zruZP`t|@KfcJIi;QN79AeC%fDu5<6(o7|JHs}!!SWu@=OS22Ruu8r?8r-$^JnbKby z=E7)E5n4`i@x31w1V1-<@C|et`^_0OoV#t3`;#;3)j7d?BeN%S{FB@DM>raW*_&?_ zw;tB*bVSo^Bqmfa6gp(Kyj@d^!B@O>uAkNXTz(;!EGEa{3)}n$UN%zvbKK*Lsb(7~!n|ItJpK+NIa?uzRFgq{+w#$RkHPvZu#{v zHyFRS-y!Zjv7GJUP=EYWV$$PjfM-vT{Kii9W-Xj@^M>vD*Yzv*Va~;OIVPmGsBKx%E==|iJrvaHL#gSt~?$5m{dHBq}o+c&Szy1;o9>lDU&?Aq|E zX8CsDuM1=3pDwh{1>;0@I@uY|S#RD=eY-ca1gnGw>Quau#MUy{hst1!R+m@miYH6@ zPron;{_M3>2W)Y`8^0Aaa2>)zuzDkP@($=PU&zo}hIi&s9Pk8PvhYh0m%X03U7b#`M47Bq#C*5KOzlh)?{z^8 zdn^q`v_kFnqJ6kh|KiWs-(GL)ab4R!+uj{rP)YuLcK6u)z^Z$4zZtD%8Iu+9okmf{ zk7a(9&kYoptEv4`;oLnI58U`@rt`X@^^xO-;<#vkYy$DMS-<*-FHep(cr;e}2Onil zIaFx+W_s4F+^?H&be~XHvU35{=`veEpLh8^e$~%fsJ33=o>;y&uv|zAEQ^AdikP;~ zU>kS4O7Ib(U`wJV@z+)r6*P%_38Q@zXw?Wo@R+(XsJq`4x-wFszwEFuyvF`NVAXe8Db`p4!RaY zLk@?Jm^%8mF+RG@Cnc{sgELMO!>12VF7uyCPr-WBgj!`fuHD*Mdu506(KuNU581B! zu+iR|PnRE}e7%|7#!^jb!TYMCC4Qx!gCT`CHGg~b2!3ZRmqDZ2dXtN%girsW_f+5A zjlh?Ncf%T9dwwY?p;|`h<%z~s9lE?9zP*xJ%GtJa!t@tGw=V`QH!u0B;0-q>=r2># zqKF&CSxpvP^%u5ZvGYI_95302@4n*p{|Gy}^*a(~cg=IUW1`l>>u9|tiaTue!euN| z-f7sfL{s=u`u>pP(~h6??{Spgba3lU(eIx;PiprRx9Y-Rcq#psUGaPX zLXwzTN>hHE?b*8bu&z^4-7{(AJZ_6#RUMn=eKXXXGXIXY{(L%%)g7jUG$YMZF;w8^ zfeM`_MRLp60b7W|qD}S^a(F7RCz)Q+04t9=5}eiA4pMHy&xG{TD5ts0%v~N2ZJyN- zgCvGodvgpLcIBn5{15itGOo(5dlywiK#&j-q(QnBrBj-PQc8DAOG`_)z@nsEM7p~{ z8U&Hf<7!`0` z72Ur0x{%r)`f+Y<5VR_Fm>10EniWJ;86qrECNK$7tx$JfQiKMz9eVPdoy!OCv-w&y z94re^GBe|Ay2;W{Nqg4zXuDs_ZoS;!r?Gl06Aa&6joT$!@@Cz9$P2C;+@S_{P%5A^ zsrYFd&~2eou){*_+82xnvVBA|?{+e`TN!n0Um@VK#xZJFhH2TpG&ue!N6R97+9L*Y zTyHB|?7?#5Ex9b(N!3Na@##>G&N$W;sri`Zr{I(EPYsNVUrZ>q8X7LoFin^%r|o?{ zeoq=U&fKy5_1VL*|9;N+Hu>84tYq>NelBZ4=Wv0`ks}$f(SEb`F2`@bfG&mD z@##wg7#WF^O^Y6auc)qhR4Y%W`mM!$OO9{bY2cSpmP9{|+Q}+Q(x1&d5%*-dg-En> zwCd?T#o*9Y>9{u{xSdjV*w1}Gen*treZlaiZCvEWrY}FgR~i)#z58{YDK4{)0`u)Z z28;M_vp&8X_pPG!cQiq8cV6Buw150f;K$^1ySI5%U>X%;xg`)@Oog(i;Lt{(Z&{#y z&u4z4vW5500GnLztF?Yu^fJkCIp)prk!B+2R>=N^$($^@r^n?Es?5mQT#lJxMeG*y z!4@k^oxkVRo{Cm>CQH-wZQ%gxbl=E3Mi3jyS)t`D8kkq^d)1^RgXL^D3LgJGl1tiD zN!kUm5lQ4%R^^&ca^?Q$IGo^cV-hiI#PIpvz3pS!(qQ$+uaO_#?P> zltsp6MuVZ9pjNi#JI(y*`3HjVFoV`6&#xy2`#(Qc3nePXT^RkAYup4C$51OPGI1ws z?<^-5#P)Q04R0a?>Xw!&8-{tDJ9zEro+`QIpoW{MPA81WjL=g5@TD_gKRqmi8%O`$ zD+*ah)oIeZesg_^nb`DkRxzwfy~h1qYfFjOUnsF)4aYj4izs>+ni|9}nCj1%Zw`D^IhI$GcT z9kGn8w2ygZ&mi<@*Z+Kb3VXYMP)8jW_)4oJhC?g8fjm+ ze$Q!$q~T0ftZcgbpo-H7f#|=CssaJ4!q6?5Lk(P9niZ3G{ojp2cbfgASGzaZ)n+}d zC)9Vv=~k|vNn5F&cVba7N{r`+Bh5vH++*^4uA=+*Y_VSmzOUI^l@F$M*0yQQLgWab=OA?~nu%s)Rd1&c;h}(sZGR-=+fZ<|8t!6zQR)$p@;V|~{lens z)#+^9lEtp~gx>m8{>$b{ZIdy@L9#yHO zpgghG;5$BWh%P9deJIRW!uZdjc`iE8){%!)0TZd8&OFS=(;|0K~o-?)}3Q&bYt=lip5leG6EL;9-ElUa^_-KY2nA52l2KJQ>e^Fdd_SE zohGT<`RE!Wu^TBS;D(XBb5afR^>|7^mgTi9dvgrnz&;ACANYpm1+2v5tPSXPUtg(Y zv>VG++?_G6GS`y%eyn<*YJc6gXgiK}2V4axM@dP3HJp-q{N2H-BIQKY{fhrYk-xw3 zu>0}pMQG5dNwSvZlmiOhU^DC^HR$&buQ1i1{r&i0xDmmdN3RRAy(l$8h#cVbxilUw z`Rve5j-up%2A7bA+mo%z!^3`y&M>SlYZLKbm+Mt~<>a0Trdt(zR<4$gVvj<<+XsN$ zxwi6mm!GgS@Nl@NopkgvxxtD2C1l5A{&MwBsbRODLOE2wrDJZ}*n9Bht&Mtu!|Sde zTf3ZXahsFbGKO;b2LV�g% zGk>fq4%JY{?v@cIG0EQhs$9oI%}}GTrp&>j#LQGDvq(?##R4N>hTX%K$l16Z7)fF3#Qh z7!K7+Jr6!M;jIt?w(_wYev?#LPp;$9!U>|&KYigeFx$^SR2xh9{bPWfjX)?`|If&WFig2}Oo;R`uV#tDF=V)Hq-uxl)e@B+^ZM8N52^zHcc z{W4LuM8}B%5B2@b2B8z9AUMf9s{;HU&L44pV1_Ap%Rl z^0a<$CmWl*Y(mJLfY+*0-&~^z5lcfO`)%O5Yxc_4txHnGv{ob!CwA1(ZxsqT;6Oon z7Wjdjl>qjj(p;diY7zlI!b@D}-J$=?+p_2nW(6--3xu}`n3D)RDtZoC^55k-6uj## ztW?Zglu6+=X|cGvp2D{12@O*6{-MzJ#KPx`fGBqY0l4Z@K=;4y`v7`xw_tb`t*4$` z!*yeSd{y&grDjLvPUDw?8RtLV6FxTtEb11Cg;UN!f^#?fGKnvaB)5hOvkPX^m1aAs z6yQ#Qe_j**Z7|h0pru&*;b4$+V{2^3r-;_K$+g9GIK5+Xw9?eXyiz~$8ml;A)MNnh zv+-u(<<(&ww&m*dh7t!cb6rxwRAXI1!{)c2b4%dNJRfA|STYsVU^)PcYMGmZ>SVj$ zqN9e{D+O{@725{{a}P4B7mg9zUmL0_fRg$I;aGTaqei}Y-SN%bt}<&_#h{vJSx~BM z+1M^`C($ca&R2->BkQR`x>;Rw`wvD-d)&S192z`vTHh=H1@#_Io)0@%v{E-o00xLp zgGU4dWrIyu&5hTmqKOAfBiSe;`q`DE_8p_6`q`Y7J;5wKD%pBI5PFKqjGZ- z`89KsPIiqY^bVGbHSo;pidv1@M=?JdEgZ+p$ink zN3&%J>ee$t6c;0~<+_jeOf(XAyjP2+=^5RE>^;Ub+PK_Mq zr5To`xAJ^0MV3BN-I6>vhn^ETI_~D!+Je-9xCGRQD+|LjEtl$oa*-uB`?~juHTd9M zgNKo1l6xVk=dZh!y_HkUf9AdubWW6p5lnuztQ&Ljph`{F<#hdlxjx%CYPtTJ@<01S zG43;O#H6Pgk&HI`!YwzQ$S1kV8jCxcm|+tewwOdyu&~6*o?fns7-BBWXMW`T1ekG_ zA25lT39Qc4%hydbsz2$Sw-Ec>Sui=hCbt-n6Bs0S94pPgI*^lsr>qll3%6J^TcmmmWC&nUR|)z!oGIB(}LwsO+@ns@OB>FTuFI z`Ko0%_`9Wz{rLNgMVI!JYUT>jB*E{-D)U|U$xF+ULeir(*Bvh*a?`|usR^_W-o4cT z%f3AF@mWOeRM6E)1?Jc$&ZL9F;eL$d6qUhTxmV7#h0mo!6(1Y-c&zockcww5r$obk zWf;j-td_$tg@)dRj?=x)rlX*lkGC%!5vErtdNI=774+$Yh3-z})+Phxl?56TIs^Rf z4{U(x2PwVJ8UGvi#7m#h$b_!O=~%4RZ*aPw#&P9P}$He zNVG?r1%?uze+lw0^g=Txng93>BbgU;nQ65z-k_JQsU86ofMo)s+yZgiJ2&f+4HB(? zb;t_oqHdMUnvIscwKE?teqDS&T>~xjcOj{jrTVLqD>i}F%IS{|Q-^82+gsM2#Z4&! zaHSbW)<+Meib zsc&^g|IpHGnbRJhXOQC$4Z{l@np?6fa=!hMm)lq59>w_m32J$({Xg1+07XF4A^48fhAC>J~0O#5^;E}3= z?xFFoEkdVxDtDvWEXFi$)GS@SmRY~TmFU9*U>%s`r5e_J9&>Z*RSvup;98yK?>QZd z&YdF-J_}uP*K0o~i@3*yRpDf{U8C#cy!@xj=VulH28Ec<3~Kx_Es_OpKTs73{&bu% zTiSPC5bvd5HU^NaUGus*tRJ1NHR&hxp~I7SA666>$5iD)Sc3kpL9nSF%mUz-5Gg-Y@NVjcGbz|^2K<5Kn!%3v2U3<*wL}r}- zfr&bWhQaLlq({Pu=(ljg_j?O;sg=2NZts+;hHQH$GCD#4iY%#Cq)jXnZRnf9_yhwa zJ{J|f!1@kY)<(hB(L`-RBF^`FNPsdUM$2U*8yvt$4b?CmD@=AroD^|=rI4ru;^NSy zHOnxL(PB4W>xSzAy3^HVHg8nq!#$(JXw#Od7EDcFqmGQ_zAedd*HpJBt$DFpr(=nw zg4frHIHgZQ;6ZJy#jAPwhC=en&4z20Z6C9-L0LGbo|1z2p!UY^~CE zzp|V$s$XyqX7I zyc9r)qz1YyIPZg9DG^4*LMh>f20YhENO0C)(=q%lkw&c{J11weWk#`D z-(aEVX+TPwJ)Du?0W@eF|C>RZ2!`LihvGY1*l;>IPbeJ=;^o;#d(DcPu=8GpO0!<2 z?WuU7$?U4zDY8#yBHUvovzt4ul!q)_ssg?$i2bGd`6rb1!AHc??Hu!2#FjoBQ>cUO zojS7E3mUAjubqFKgpBBP5T6BH`b$Rb+WxdTv`K2Zsl?DNe-)ZDNR_+tcrfTsZgD2M z=j)_2hJwIRcig}4ue`#p6g`_|`Xm9*9v1Jet`e%m2d1!< zUuhUfl~T)=Gg#hV>xf198PC_a4W(E8>_k}uT@r3Rka$~WS@JsWWA9X}c!=mz-EY~A zQ31xh1NyljZtBSVZ^skRD>$M}z*G(?0Z;ah=fGTBftohONmZ(6#Ll#9+kRfJ)ooR> zLz|D|P{hnmlBm;zHCadg)5#x~0$l2CWR13g6&IeT1IW`oxgkp-zjT$Q6@S7W(4;@~ zJE!-f@BfCvF5@2|&u%Cc3ocyreFB#8GLeWuBQx9CpC5ZDgwwNNKT%5sDA5LlmDnJZT-vT$98QQ zU+Tz>za*y&&=e-or@>yC?bJ?L7!W(zbknEg>Qp`K|FahsouynV0aFaIW*xK2qK?Zp zH+YGRD@>uSh?|%DJ`#6wCGE;7&m$IGLKLZFRO(TC<86fS4^uSjWx>FziZXm8UN91? zfrhU4Risn`t2T-&tNOvCkRLv6m#!7-4QjJ7&)t`ZsA%*eVb{EK;=km2E+)o$SDGuU zs!`NQ?Bu;pwr9edZ1C$guuq~5uyPfC-R;8I^`pDUJo)!5K-6xNn5@}*lb0&Z87@S$ z&h&*oGuE!^jXDj=U71U%4KNbF?fe!g=|$T_z`8L4uIesIynm`Vyw)Q)T>Flgr+BuB zSTdJ>>sFJkK+b~739ISd>8ul*=~#YpUusoaTJGVKp57U3%xIJ_qUyofgu__P@e;}O zLK64uA={(oM#Ws)C}^IG0dLH z3gL*Br~HJG1+N%gPTwD18TAykIolZ(vDzN)t9dRVLx%3$7m(`Ob@v#s z4D>v1OO3E5V2$mR6r#<&h#gyWT`t)(dA=WV4P#rlqca zq#G2iPK^eLR3qz)~w>1dTR4c zl-op|XZbc!Qe2HqG~M|em*Oc+R=sxD*>qBd9dWX8IQ@9Ad&z)|?c8Hk<7M`o17c-m zgRNUxLww-YFpK)&0{n1(s{YnrSoWE27WGxTSr)ZBdx#k9Ti=a{x)uUlZR1A!nOC-2 z^L&tc<^5P;Zd*~r645pr(Mg#6NWkbUla=CP6qe_*$DzC+ogqh|mjS9aebgMHzH2%C z>V59Il=RlOla+6UIn_tcOW*i>nW{-3NzLMz7&Sd z1P6p=L-us#O4d&Ij^QtZGwGNgO3T5lDpGl;1QRt--+vwJxgy+s z@s%Q6F#f*ugPtqrD*g@4loaw`N{-`|q0_h1iR>FQgUgvFRuMkt@1I~^X%-oCthM@W zjlO$q%rmTb>ba1+R1&@ZAp}MSGkjhUwQei-Hc83w@E7lua^$_qV+SBowc?p8cCq- z`g$^H{9CiTOaZMRgIfK^5__|Wn$OXiLnp9YcX>;d!Ja+kp71=+=p&aTrZ^qXni}gT zo(aB-af{O>a1owmc+_s5KJuYx~ z)}sAw#RIrU@OQavPQ>dn-UMKNc%r4Ix7+vQ4UXCI7*}d0vyBpYLIffk(8UBUY9wT5} z@~yi9Z`HOYHG|su9}%9lV>?oY_>)oQwZ@b2^-gqfpiw=6!;CdE=SwUC`#a$yZtzSK zL4}Y=__CfU2O$!V-{(m9_T!vL_;EM06pVs+>>(Kyxqw~f`%_$JZN5*Tp-I;%eXi+6 z9}5j8dN>p-E-DmVQ+sx&QKb11{B$^hG)x}0g~}z-i09p+lr#yF0qYu>b6+(K59Oz; z++?K7?;$)6e;uc%B*lVo^(8ZfVWQf`;4a}pGhkiarqCOVwy#-s%XQE#5J@H!a;dN1 z9|<{J#|ZEG`IdNPujwY1O%NfnNv5t+IqAYw^TU-b_ubhYLN2qUX^v~wiK^Ac;Vo}% z+x>J@nJK%;9-YJ+T+QZKHZ9f)?0nLrHxFXtf(+YEk`7;Y-B_$UYl9d|TN{Dmw3#sz8}$08#VSyF|U<=(LfTN z+_Zh=yqVJb!(U;EH;iJi4?@cSqf4lUs=mo4GXm0M2h?dwD)rU~ToEL4+fVM2&pEBe z*R5EzzLoPa*`98!b-gPJjYz04?_pwVe0I;eQA6AHR*B(VW$4HKdYQz+QtL2xqdwxy znT4aZR5xuh^3&?jr02upcd0T)*~~p7>-^^!ayWPj}Np`PCW*RNlJ&$_e4?B)Xe8!{G23e*4R$`@>mRGXuOw-DU2En^!s#Z^?cbZpC}7)!99dR_zx3 z9pGZC&JL#6FUt(MN_onZ?6}wrLCd!HUwqQE+OQu0G?^9+0v6?o>qo+>OI z0lzO3+oRGOyN35=gY3M%+OH-f@Rb z&I-Ik=RHuON5mjqAPmMCe@?S-MoOAhX6&ai8ue!oJdm4vqcp;zmxI#mEWU#EE0a7G zO>PHQoH>^wymz>wgb?Wg1@N)E`-jWQR5Z@d)=7xJMZ!nWM?eJ+`d2^&mrLy}E&PR% z&_E;Z)brQ;k&;e9c-GEH(~>OK|C1QXv@4P}HP2uE3Xvq|6i)v^p*t}hhJda!uBf-s*Q zJ^I>oO^~Zl_O1MbVv}kzsgUKD>k1Dh)6w<7>Rocr*K|CHFdmzks4xPy8=J<^ug>Ay zs)gRK1k&6&u_y}#;+a)CM*Mf*vyy{5J)sj1@)teHsb^aevZUVd|HAd zg~AZuw9cotzvEPrP`ZcdmGw;CplBw0b+(QmPnL?NM6b@l&B;k&385kFw{sTgE*h&{ zaye$ij_7?+c*d1-s2ls`nO&`A7PXzBp1=!ac4$RUNb@Ch`wehs39LR|BQ!iO;B(`@ zMYXCc87snG75si(Ib(b^&Sf<5q{;eR>6;s;A}6AvMY9S{%|}HejWqn@1+pzBD5r*Y zXgR!7O8W3c1<^}#@WO)O@%2@kVM|YV_B1D-R2xyhQBLWTwwbT@RS?&mjPW(P-uYAe zAtT@Ii*&08qvW@^AY`=Oy;%F{a0oQV z3=iaVYKYBLctp&0JXEU_U!MP9Yjl-cWl3Fesa|9Kll|6*OwoADmT-D$dm{lXK_X*L zMsTEQ_JEeCGMxOMJ09Kqp?^tjV{9(1rLAXv=y-``R zgRkwIuybdhAv`01CH|r17 zt~%v*jRz7&#&>XXmD80aQn?nUyWoFxy1bv*%}hM%`C{Z0`EDzP$~Cr#Pzc9SG7^NR zk_Y-|PmvxydakJd7~FD^fay~j&aFKIe+08Bb#)(KETL=GCc$+Iy|Y;L>+B!HRlUj6q!Znf`y8SmRR13IJn* z4h@O!S&-C5K@Y5dW)n8^12Zf%OB44Q=+Zl-9C~PmRNyhC3T7KSWnj6tXjx!{0$zYK zp$2xxF$qqFrhQ<7y>Ue7=(m#gDo0pWGHU$_$_T{p747wZyJfUPeyc9%ac-1*wc}Yd z#_(vuv#Rz>gsL<-C}TLFqQVf(@Cj5tOp|6<4YG|o4)siGFl|I-M-jUF zM7tpnxVbe>n_A552JNF5qQZtZ87rkaD`vy_Lyv4)Ufg)g+FladE!K9j;Iot`y zn6^giy$stzPaBG8i!5Fw35*@qh_h?=DOI^3+N~m09?T~MhEcYx*8m(11(+EjRdDD| zmp6^fN}kcJQ+U_-7xm7EUer|b?%|AzAV)>F8rRRFW>$36YJ^sbIyBZxoXGlMZfpM* zNU00#qFb~XxL0v`g6(5aTn&Q?aSUa|bI>Qa{=XQXBR{+=nsx`g!AbbgD+4m2m+d&u zk)MIG+G+j&4-05!rr|_==oJC_^}&N^En~E0Vo?6!+eJ=o5QwB`kibfXrdHXB6;z9w zAnSv{b7VzmlE(XNrbL9~FFXs?+*;iF9(E9TH9~m8$X~dT61+A?ZMDRK{Lt$?^nsXl z^_d#zYnl-mVJ$dPcfm6h@BC0Q1&wqL0k79TX~5*C2Cs@B8O0GIUHA(#N=Y~BeSnI% zE7~mC%w9X?_8d6_j9|NQ0BD<-7{x?ZyDsP7w?V7HrznWP_bsfRBKbqn^Pd0bzg+-+ z$!CDpF({lD*oactJ$f!9z1s8B#TY#L??;xQui3uM;3N~JkcP|)H$pk=->>STwTpo< zcoVpdBuXI!`WT*STctq!&o`eU(LfOZE<7{&3b_;-2{j7pt&D%a8$kt1>wffl^7%tA zL&)?d0@dCBTPqwWhH`R26^H!YLjOPY0l$Q6p;Z@aRspFfMKAQH5mMPM=mWtCctPPtQW%c7qB7L-5cm5HzbKNbkQ-+zR2xz0 z_|S_Pve?)MeYNKQzHRsd)TdPS)2M?eMGVxvz?!Q5?IK;YbEvQj$k_i0f^GkO;xLp+ z+EZHYJVjCiLkeep{MBLX-?zK;L46EM_Vc%ZsX*fbvoEj$7W<#p?nCZy)B^tfpYHIt z1G6wdJ2yloCto0!K7^V~`+TeL-wH)^Kx3xApf-m2U(5aPn9W1>x9S5vEe6aY=CBmzvYR74l*RD-mgYjKNwfv@Bfk&0Mju z&Hv$P&|J?+{(lYk|I~2%aK|rCwv0B0vr9i6=$|E~+OG6;d*8=k&&wPo1|vfM2pJI6 zQ34)~s2@ssunMz3)7YMI0P7UHGzcR?I)EamcKf!AD1{sp3<$k%mcoS$m%Adth3{0U z7)B*@4{-Au`>g88-{HmcTIr4J1>oTHpwpZ?-L)s+sD$OnCT9U486}!BVh9@V4+pAi z553@!yLRgpu`~gKS$4A#`i;?o#BIQyPBTZj#kQ6Bdp9LO3<{~w~yTxn@M2ALC z=6I8YpfbqSrlc^vszIG_2{fe}&H*_kT(8Z)8?Zz$Sx!~HHJee62W5c8$RPhw=se0~ zrX==+ehACqV`O3n3CMIaI}DOvBEztNLDBdK2rj5-Im9G6%{nXAIqtwWd@IaAT;K_6 z2IPmd;X*gnfaYF6vC?89i6j$~(G_y3hSIVWVk8D}&&?#s zanK!I#K?d%1V$+6R;~8tP-1c71;{2RDCxGcDI**q*CMqglC&?%97yb#wY4>MeRtpw|2`X#s9Le&NO_rGzbJj@0nEMb-r$_uQP}%@)fa_4kCiKLsu$y<^tQt7lZEKc zfGn%G%vSjD}W*7 zao_`w)dPIIW+1LM#n4>k?wjW!S|D$v|J)9nKCRvH$hj7Vw;6_*!+t zX=E4HLgjevI-q?Tv?&)rsN4mPd(2N?%EwY-0^X3QEexo4Is82l5Z$VeSNY?GoHUN0nEelHGtK488G!SPzaRlhpoAKYHlccAb4tS zZ?5WghrO*-!1rb1op{BR?bw&r)&qo$$nE%(Z30yN6iTY#^ZX{9G7>h^j~=uxMP03d4qF*OuGQXC~G z#@++Mo2GjxCe33SMY|fYO(uia7wxwD?T_WUN;=85qV4t%FqT)qpLWzeDqkmFdjjiD zIt*sVumbGY-?xO2y*w#2pd+kyC4%0Sb+Zy@d7*_@{iVD4TwZ2cO^RO8;<#uh2{03U<-9!^fu1 z2)j{FwM&Mc3LuaW@h$$2>M)SRvm38gW*kOUUVa3aHwjuD0dY{w#_t@y3&oLVXP`vB zt+(~#wB;WIyVi#?LG2iA0W~d+dd!S98nrJ7Qoi$LiI`r~P*8O-3{fm!OL65jVvQ`d z-xwAd4Pt9NZ)G?(EBJKO&*fLfL@z)eMjy1Dktvq0DF~>fc3(!n!P^5qs8ZN;<8nrd z&f3Gw_e0YMkko{TBi|1tHNj_C`R7rQp5Pqd=ugwuiq0v>jS1 zBcCW`a5N2jNt%tY4?F4=yfYl$HSINW00O1-B28@5We+^3%l!NI1rqA#T=xV5IG&0= z1k~9Bfwo~{ux1qVM^9f`qdt5(A85(E?Z%{3zJ^C29LP8L&|r-W&mHYs_zu|hU0mfD zd;Rr-n1J`PjUb7IG-#M9V~faI~hRp%1VWOq@1u+ZyA)JEYr*-PI*+$W+(QhA>XlzW zIoa0FHlP%%yKU23oOJOr;NPFBj5vs>j7Q=O%Bz)4}U0CvZ%43URC|3NLIi;kYqW zYtqGd-q@p0x)hkV!Ny4!-GbR3>g0K`&d zQ!U~)h9>wc5y_t%3=}&E%`vl(nb3ln>*{Xq>TR}ngzPCGSENaaQ_*aH`pwz%id9*a zZ6uk2+gRx#C7VY}&u7IzzS!ER0|CA*dfSMvQtm6lFN2>g<@_>XenGN%5~C9BzB#;A zZdvRDROTtHHi>c^UeI=tQtNg_P!?h>e=ZGi2;hv~|BPK7(14}rtr)`p(P6ljA`<6K zz8DU3Mev8z$QKt@#S#m(+34JJ@8$q&`Z}xlYe~Xyw>ZRx--Ee!O?8PZ>qA8gxL`2v z(sp>3Z|q)#WrRg;66F9;g`G4;EpU(HkKxKP9L-ld{4FQ+M71)bn?nlrvGX25)5l_R z?|YPt=ylJtkSBCIyqOhMMJMj)-mD`cTr_L1FMbTNvfmH+RPxq-XWnC#*yMXY$hV;+ z2QD@@$%)JkrK=l{ud4c zH!kjJ8ly#pWQ1Q~h@synz(BLoR7HA5YHvbE^vtW`j-pq#aHiz_&itWvtLg<5lSi++ zH5%P&%5ZUNV`rSAT^!F!M(3@(MS>F5vl>OxTIq|Dh`qjEz_{I)JRRq4TD*%t(u!z> zjwpH`_TROO=G_;=di|_rw;B%rROlmij*Qw7d&D;q@Z`R2=LPcQJ9zfdXVR+&k7>Ct zK9klh%%d_)0d*Jjv`!afe>2iH5$``pTax7m8SnEJ`$zy^X3|&GF7)2c-MT&PE>b2b z*!sO#VrEWVH0jedzf&&yy+t_g>SOnx=I6 zRe#h=)}Iw2dO+K3mt*y%3#-QF3$ltB`trjnJ~YlbaAY*Y9QDlSE_<;)S~LX3z;NBo zrvTmV-&GNJE;Wru7Ny&o4WR--E+F};Bh`qeMMDelP@q>zm!K3s_<0h1?>7!{G!qbb zwDqC6ZxqZcpCv1VIQ~9VWgkE!9+T{@>BQ~Y!t+=l3v+T4=D+AKgBQ%jH&u@LNN

    *+C=tzxRK^$2yy)hl?2*N_Yidruu#RT( z0}_eup0REt;X@^{45Tot-WOC~fBUg(m%tL(;Oyja0{4a;wR4p&N1-4*sKg(ESdu52 zm0B(9Hn}yj?|0*L5_W#nbP`g5yufB9uGxDHd1rfkY4Wh=5;M`LL!Zn5B<(i{&7IGZ z;PK_^+~4a-5@e&1DkIoGlok4&ol@r+Qc%`tPLF;4v)_B+RULnKXVi+WC%y(sa_$=v zV29m2B%@0}+9Pfs&-;z}zWNc8OP@%*Kwr%8&$QXqT8*iW>u-VI?;9CGOW9c4|Kv&x z%1M6Y!JRZoB;#dt9c(u^A*jR$_a}-WTvtBKaXD`vM>9-Y5BqWcGG=Xmc}!slICnO zBh2o|2(~I@rBr+mnAW76|5_3s5a?wAneg8Afr2>i0S|whr2LIN7k&mh+n9>p zF8sT2HoL6z!;@Cp?758KVWq#Kd6j?Ws3_f9pzA{cz+$BFzP3HvQZT^5+!6UNxzUFC z%LDkCzY>ZHS<)O>;sj~A;#^5+>hrpB%Ah5JV7hOQ@=Y*+@2IW8y`q(zgC9m~rSSq$mE_D-$ghJwW+3p@C;ooq$NeJD?Hn^KiHRTf*YA zYm=6@R^ZX*5oAKixfoeOah{ zKakfAnu7E9ZRZ3=3Qp4{`81+P=11SV%2AJ?@V=_}>MZK$p7v!}e6)~&tUeS9#VfS8 zR`xtf;R|iEFGV@V4MukTX$7BUvK613r|A_O#)0bK1Hpf8)pc0jAX)uaJTTrIRQqbo zn*tV@zXj(P^pX{yVH!Y?55_p_hoqOAehB+R0-*qG0P4PpH^1n#@lg6b38K;0j#lobKBU%?k-62xhZp#_7vK?$e(0GKR2%LjSLyIX^LsRJ)(;^ zczfWX$$LfOq#V%~nAUQk^W*&e9f->@;klLQt4P>4l?{vKKB4J)Zf?&zTo7K^?XUJ^ z5c}&%up=4)3J}a;W$4zxO&8^mm%Gi`2dL0ab#nuqEGmB+n|u$8FW8}m{dpMl@(J@A zc$IYUx$fQVd8NX7yLy|%-E}S7MDS>s^!QK}{}gcWQi^GU5sOMU3GPTaRtJfh{#UMf zD}Aipm`n{)Hz&@IY0IGdr)gF8x9O&gNh&A1`cf+mU7R5;olRDm0s6~Z4Lr08v=NQe4W4cQ8Shr5L zm~J>&bK|a0Xv2Kj*1xkV1$E$Fy_2zrU_g|>8+e>=0EEo_vfM({lg~wS`?W;n>hOw{ zo~NysdRi?2`kUw;FHvvOthh-M3Qf{R&=vzB$6PuNyU-b`W6=K@5?Sqr}~^dn4e4@qF3*Y4> zvLQg8?ICqp>{)^H#L?57d>v)Sh z^`*(*AI{agIk$i_(HMGWuDO`%M$9K{Q3cwyI0a`8=r??T-=C_2`|4jG)w5{wYPy7k zhnmsu!c4~xGr!@Otb2GD8unIVL_{f^bpm=XJ`?M|OJzb&e#m_{t+*4`%41)RTbut!R z;n2uO_oZL-yFJA!_qjE`jI#lT(u-imZMc(YhwYgLu` zbvMiMrY!C{QzK)3EkLsLJwYoiMYJsC0pF#=`WvOgBZ>KWMQa2y*LWV$X-w|RkOM*Y z{kx%%acj?U)!jCr=eC9&v=_n&?C1v~>h_pf{=W60%7@Rj8>_3iri6BTNYwh50E<3W zO7*QhfT~s@^;5LdHMwq&vjl;fvo#x}y~L3~&uiZK1rJMTagQy{D{ZLS1E5s5I6t^X zO|CK%kLUAWI`x2|2+DSS`QpN5eZt!skp*Zz;kPfN>QO1+@_9$P>`??d9Ht~m)c_jj z_xS)6_QKZ{aWQ`%(!I9U^xBTwGX27KUm+ike9{&Gd~&IkPVu5}-&uh zO)m&4ghAz_HeW4~Ca5O?Oi4QA8pb?G3C^vUC0?TTGU#(JlH6?LeCo2;FHQN-oX#_3 z8F`465a6u8h$=i5<-<*{I(7iNsWSJt-^>7N%z#PSwUpm}SCk7sdyv{OzxT&W2ljI% zXRrN@0ff9)_>f#|=IP=H@qE`mM(C^Y>Pg{&`V=MHuKp^X`CfCXP^X~w3k%7ImaWVI zmJpOq2U&2FJ%h=EFlSl9!|tF?J}A$%*X&tV85$4!ExNk;Q4!=`&L`5(%>v=G1X&nB z!%|M}+b4Whn|>~xE^(5B|GcEIiaxFv|wn?vn=@}2|fH;;hi41&}_N7=Gy`01#c9{hDLSugVj{&yM zw)hUpi#pFhyFNenKVxMG8@0dJss&)mksOmPOn8 zGJ!lX@3E+dfI-_0EM>#=8(c*kZkbAP5Rbf^4_;*75~rU#vZ$vWcqji_C~9;pOjK5R%#5 z&8H=GUTP=ne8(LV)kmj<@grC!W!Gg9+x*pX>yim4&(RQ z+H03q2->ue^lcc`{MJbjROlB(GR5v_8~7ADc5y#%zeoAfxA`Uh{v5=}R6w=&GeF5q zD<9>1@lQwhch0+lQ!`)5zRT+l4%S6$%Mnn$J4(stj4)0t4UfC${k#t{d_ZckEfVV) z4aafvEgt*o244~y&v5Rg(&UqGX4oY)rl*x=^`Ae;Zc{%+W8ns@SkSxrSzDtgr}*db zds?R+;9!i^!!`A5`+`1hE(zx8BmAoQo(zZ$UMt>v4X%g6L3^^>r(KHaq~_0a0p}t7 z_J`wnDdUWS-p9!=-VvK^N&;61{{nJ9c3%wGBlCKlVPWNO^PUJl;0k|&A17wzWgp%9 zS2%o#7b&x`u(&{a+Y8#AuS8DkeKGfIkmrlC_`rS6RMr!uqUCv zC{n09{iA395e6zG)ghbhzSm7PoW1)53wP!6(e zturAIxA|+Dd6yU9s0ZUX(_v4dN7Qb;26=6oV$Kg3u|rt{R7xN$;F_5Im@j{FH*3x* zm>3>QdYLZouCy(dtiZ?0%YKnkkVFuXo#2{l^_u;0b<6_Q=c$`5f6YNviQk(+!2y5+ zsfO0_>GbFJ(0$bT(AO_PQ!2>7^zWa6g!|8cmjnCg7lcRuArz>PU2XHw21(bkmI8wfQcsj6C-cdU zyFH(}MVj}>XgqjwHO%02QD@HeXZ)5ro59*qU}y(l_1DD1@V!%^AI6oG&w&9jIva7u zD4Twoj^8P4l@zhb=DZ=W{kZCDl+%eJu`im4tbqE;5zrq3N3FQ9ule;5`b!W=%H9!?>eo$rf5dn*uL>3&mGBGNlab%lTsYRLrl* zxQNSGj&P*98x+WS)fj&=!`TQs)h43%>5y{$2a782K_n6=8W3*%fYSsF#A*J96NzX{ zu}w7S?aJBxI?3pqwIN}2@Uwb)H1SUB@;uRvYY(#Uf~(6ZWacE1eE)Ed_j(7y3i=2)*6SnvR|iVp{y63`^&c{vb{V;IiS8lj?^({DXM9=91SSs2T$5c@&fNxAMnPG?B^A_%k^dJyh9{p6wNu8 zd+^>408lepT;eEk3JJ?GeQ=`AzhF*Ub~?vm7z4x||=e_Iqq8 z0dh^JoA~>yYj&XXe4&!wbEOjR3_8hn5yl@V%}D|Qt6#}oZ_sai{3QPJQSv5Sw-()` z2>wyZwBeht&|8xUp1xN7J~(J||2XIkh+crD#X4;kv)tUlA>uY^LT!IIjp{|?z|%P>#55=t|X zxw7M#)b6{UQ1}9;Fp=7dXcHoBWAe0KCG-zRR=xwK>vAx?No70UFJbk^FG#8DW#5en zt8FGz%N%a~WRS<^>$4@XPo`-0$Y1u8X^#`(nR<-FMz!wuc<*4UU*S^bO!5ux&g*=t zW%(yJCBQU+eA?%AXjBvzfa54Z!!O1S^0NRjn;7Oq3GN)C1^lq4`WbdWo>A1a!he-p`h02v;&$SS|=3HaL~TwuY#trwLta}Bu&^v_{J2n}X%f}!8L*rR$j+H1Vcj3NN`_$lz*cg^v?>P_l zSML;%WhM&Dn3}8W^MeB7v*#lqQ-6U4F{h&wwt@-$qZM-?|&HB=B>%8=r$ck>V-6T$eJWsEhH9<;dNbxH=Pu z`mt@c_$k~=o&rI;fdS@=9*Lrrh$1PhlvGtaL=JGj6si$N=@}>kJH_y}ihYm<4p!CM z(S}?H2D_2>X)Hh0xqEN)_1crKBl^Az{jv3w>fKi?J6kk+&=d~yx7Qs|Evc0OCP>v! z_rs6;m~WxC^a-g>36?(ox|hAp7uYJ_yzORqE0l<1OO|%m_I=9L#jk@e-|9&hZa=-` zNO(X&U0_Ie8ClUTmO2>D&GoBImfw~41L}2!VL_UYqF||nTzNcw_pQz!LihY>j1`*H ztvCng-&LV2{%n5g1%gwEr0WA!?V;T`aKUi0qpq0@j6Q<4p@`+6+&yO)GHo6_^RxMwv#MX1%3JxPPF$xX$yx*Ryt&Cx%$~-U42|A;)C=3>f z$HiU#5{z&^!Z9MBF8elfUP|Eo$}Fd?_BLee z*UbeN*8WkBqtmaO@W<^+ek{*NO$p)SkQ@YI#ZDcQPt$&Uh|e%Pr~OXBFF@w90tn;| zsv2G0jKKNead$g;%T>8tI6X{YHI50x69;_jh@W6>EJU}K7mo(LO}*Sb*Ug;l@QF5? z{h;w`;*mgl!So!?G34#}R3WDQ(PEvoS@k#U!7E7L>Y9M`OQSq2Qah&Us%3 z@$(r?Q0@8i{m0If$DHZ-`sQ}I9`!dd?~NeL>%&+QTzYZR+-G{4TGY(R4o!ZCFv;n0 zA&kU<&@T?Ku8%Mp7tY$($mjLWC`cGaN%Cl?D6y-2umUJ(O%}`zC8-|%p;-oR>gt4> ze>sOWj9FoPi8tb~xOc&|yvVL3&+XbZsCSGL3s|Z+HL5`Wr#_K zX_?8I04jSJe*aTQo*MdNrXMo$DegV`&%BGIsG@#wTSdxab$UYvyn4`__r&9U$=J_& zTA&u}f?D+p!O@=RtHH1e0rvmQW@duLNc}YC4xAHZ)Mkd;BxV5%<5?G-Xr_8>7`y6S zne$e^@*~5JZWATD=i`rnGL2B*fq2=!IhW6XNPm(sGuJ}2k-x2kvsZeAB@T$UzYhjV z+m2s39uko2+rk+kOHiGN_Y*ifQ*7V9cxXC{GmHdp`WbXCg3oPa;`m7E zTPq{2$RYqk_F z;)NV)ElTF6&xhi-z~`^*k>D=i^*Z7;iza}PiUg%)+U3$w0@L-+aQe7^3s0^0ChuNH z9^&((K~Sv%Lpi*mwqATc3OnQ?6I5{pn#3Y&XgnqX92C5a z#I}(HOkhX@6RZ?6;#hUW5aX%wZYJ0^5RVTs{Wgrl6sBOJ7BLUBZn2n%NGuC_IR+Lj zY?ILhdMLChB6h7(DhE14xE3^*i_DkQEW!|>E5sAhAp19>DgjDv6e*n{G)thBhD*ZY z06`BacqZ8-@&iOlX98LUni2)zA1;g|!lR=|hc~c8!rnoRyB#Fpy|&Wapkv4g$AEmy zOy*PRYLA#oqIx-E0!hF%=>29VEvf=Y1YmhWVJw#Apd+T#Efsl!I1@z`4%>Nhzn_YR z0)y9$=of%%p+HlBdBbS+esNvnWgq{ly4W(>Bcz11|kIl zWkZDH3rP8X5DcesC_F5D8UC1U^sqgu6M2Bx2^mkMGDncBC&iq|g~DGzezJ*J6Waz& z-SAF`5{eM0G!+4_52`g1u7!zJ8>1vO1%pF^IkQCUQ3qX!bq56`Jw_7efUYzn48Ax; z%LQ3jn>px_ar|UD8+l#?Mm&-UmmxfQOcCM^fSCdiu^9`pPdW@mLy01ycF^93H@Ts^ zi$n^;Z`q+c4c-Kfub>O#4~wH@o}Gn-2TvS!JNZ!lg%3RuEm?|Dh0GzXi^((tO2dqp zX*c}UI&4+~VpCXzFimVRd5E+iR&15{$sw!E&gVFJ@HiqFe-RTS)1e(9fro4nJN_X+ za|ihnKlF0@JZ3XnZ#2gd%4lFN;)2r}l0(Mm6aNk3`3*HELMQOs~;SRw@WaHj0Ma zG`k^)MiBua3?Es@ShAc(bt|z-x*uxrT=`YaDAgvCbU8t4_laDj%F>$8jaRwvu1L6j<)R2N+x)&yvAIZ-UP%20ln zEXenQF1H1I2rAd>)u}CRXz&RF+dj(TjvAO;36m3*f~boPlv{!E4=r`T1C7zkJVKWa zC1UwN_BbNN@FPKFyi5>6(JQPK=pyNk(I2m z@f|D%3XBt)VUhSi49LJmo_Gh^?2bcJL5-nwen(uz4q)SM0}rp)0PnHhC=E!^VIkxj zad@rPLBIfUtjia)!o*VT{y6*#d3~E1gN)>g5{MucjKD#~GQUTKvy&7$u{uCyvjH?< zVynNMQtVSdXl0x)?7aP|YsCi7OUk;4H|%dhH;|Vl=D_ z$gU8#imBC6@p2o}#ieq&@i5QGi06(PA5NTaXFp1NX#Ad#R4Xv z;N^mVI4}^#!wOLQBhjFfN`MG>N{Iw$D=d_N=cAy2*TMrzv{p2h710BOG*tq^O(aNy*r+sy zl;!YYP=0QZuGOJUao~J2xx_pN%@Rg|2)ta#ASnn2hR7DT)1!PA10pk!W~QRTYKs%u zjtE?j9tYJ_wh6~zh{GXBOt>fxjTu^aktke3F@qqXPZrkb2@aDJuOSFRXl@7r+A_^f z5L?t~hLiXe){h)c`?2$I-D zC+H2kOcafP#4twjJcSV-XYv_rl#?n{;UjXkh%FU~=xA?DPNo8N6drihxip#E?4ks% z8avhuHTeMGQ1K!Y79#=6Ct};sXgMwlR+(vZ5QvJnj~I$!EPSGjsu58@<>(&*0~ML3 zwP8h3C1M#to6jCr>J&zaH-d^niYBVSVlZ3}21Uo?S@bY8Ya>^pjR-;723|-+E(yjE za>XbTK*|y9z%|cu;3#pUK;<=a=w`qyQM@sJ)XqjMqycQ6QRmkH>8x0!RK`qp8&4}h zHcy=@8jQ#_Xbn+rVG;c}hQLMiB96AbAjg}D$*cZmCo&q zQY_F-Lv>r?Vyz443*lY(zEeZza@9@)HS9OAf!W&2z=dVdM#Lf_chMNsBUX&V2dW3L z#OO65+oFVQ3rWl_jf~E4#eEVvP(d+>HjSGf@lrSdIM&Go4hnn^KoANMOaj$wQ}CTp z3_&Y{)j4|C{_rX+^|(sLAfUgJil@aQ{h7k=)NEZ$e#THicqdo0I+~y z#&b*%jC)l^xdxdA2~W<_Yc&MGLINtzZ$@G^R-7G=T11XOFo2Y1pOej;S zGLxggnX9Hdh@iC+*Fk59Qe%z@-53u8i{^6BQnQ7w>@eO;RJPbawH7Qk}{LZ;D8x1*$7O%5gQRoktbIVOy~%EV?e0Tp~(V2;MYxn8;i;T z2^t9dNT971cA4mr5De;689@q0M9^WO@7k|)z*{f^S`*U9jV`_12}Bkl7gHN06ErL` z$s>y!)LOI#S)i&QA&6CS%n_myt$^|(;MFADpvr*?hQ%~Lbls7qphu)J{o|!8c~qlX zt3=0G_%I)SS&WzYk^kXve4rI1up@~3f&76h{eSXf{!cFjgdM#)`0Ix@k$?^?9OA_M z*UeGs#UQf8mS}`1zT9kJxuX=gQ~!E1QN01QOqgOEARUow;M>!l8C;$OGHR=`v00;!#M2M4$C*Um9kienxM*;vCCt6uN z1u(#S)UfE7)EJI#!w?l}6f6m9P>Z%BjsZ;siFhrW0Ss*f=;_B>)HZii4H^g_d=d#M12@-!mx!(1CAqwep0~A0nL1vO1B{fGU&AvcwqG7TpN+YWRN5DpjdA-k@yVc`9-^gq^R4?RD^9zn$rqW zBQ&UpVe}!Ig^9r-JGe!RMdQRYGD{~2LRQ!ZRQ*z#12V-}r<4t82`{9bPzEJZOrt{7 zOcE=gbOf~v77tt;GEd?n0>Ymp_J)NhF2%v1_|!&ikf7oUT~eu+XQNxBUK8I;q6@@M zv?3e>aukv%;3kRjVyjby@(1YzNHtM(%s>!M7mguTDsfSe(q#w#iG5WNAo86KztN#( zgn2HL1Q5k4sKFcX1SdS=Qn}scCjp-=N)9MGARq+YQ#m}kDzApa(9ty-;NIha`INHw zekqe?cMut3t!blX6OHNUM)RkA_a@pumOJ!IEVO0QbpMr%P8gbr8 zVH`+Bd&AHf3M5lzlNdRS%8vmBSGtR#R=6piDAq;wK~p0ULr{ZA4UPodPjFDVNf-qA z1h6_xo1LoyU3;lkA<)K!e!EB!S6MZnIBYTd)pipL0P;L;kSe3ZbW$3XFXPBVMxzgo z#M7Z|3P5uKKGP_|#Dg4%k!P_(7e5Vgs?36*%*+YIv})*f^2;qmCz}(J$|6!38k%!S zILJ6ys5k>TYQW(mbWzY}3~1CM;Q5e%28SO>)0q8qPdFa*X>AUtHUzQ(JU~rwP((9G zZChm=&>^6)r~#z_F}PM6O@ia29e{`-ML9k@$KeIJUy?3h#Q8NWyjCt|knN^0P?;gJ zm39Z+PQ`*`lRw0B8BxF$h4TW|$1es+Di|#2fqDR%5K|MG3K__phMW;T9@)fMb~@2* zpoGX;ryk3}i#1Ay52Z1NBQhe&NkVG{Xq{ceU<8>UaP9-~34;db^x~wDOvg!}P9gEK zP<}qB35h_l4X5_2WJE$#%?AbRxQiqXMFY|Zhc6Zcg6MzZHiHsq(s+@G*n|=T?K0WU zibQoW3oGX10!sq$nH&8vKUFW+gQ&$nYNWEW7*I7k3(7UJ=2meQ%l%PAf^ z2?dsi8TAnQYh#;~x%=un4bJ|`KSDbvU^)KMtcMdN2x| zix_gKEjWSGK!_W3D$pN}!GYr{p-+pX0wpZG8(8uKL8BlHy*Wl~fC29LTTD^Wwm#BHNd7-o$a$Q`j%kA|p3I}yK$?#G1UMm5famZ6MP4uLK5_yNlr z<6EgDu1ZBBpxyeYHLO#TxnYxmMHLx^?1(Bxb}~qKgOg3MLoY7L4J_~e5K|KkFpdBt4)L5i85}DIKPm0S#)yah+F=!+{<+*%-or4+eCkkd6xm z(L#Y-t%vvQ(9R%%@qlMXh!MtuVkknej0{kJAOq<*kwhT5d@3S8N|W0NW&xL}4M-7} z#cWrGBLLAb@w73fSgr$e=s^?MXsaCUr-O?Jtax6M5BL&HL`BpKKl|}Sol~t0iger% ziHXKqu{@8;AyhzUp*QH+e49MXl%lNxGn$M>IY90k~13mgr=<;B_@Ezo9t36d;yF;RU^S#uyT|$CdbmK zF1OojfWCb+K`hW&QGALe95cv$Mu4A6ENZ1+X$=Mg4sKAdlF>nG0?_?R6NnOec*KZ0 z5>b&T3uv-3nU5nn^X3(-=g#;8$5;(i`O%vOP=MtglR7bmC>^2s2WiR^=Z8I>Xi z(4dK9*IVRJ6UBi9AaeRPhQvgs6Byu``fH2|LTBJM_1qv3cp$i1eAV=f}e z3iRM8i~!lctyT#E$>6e8QVpLJvyyNaoEfx}&>m>WN5{Z}1CpbN&5zdl=on3aCo_97 z<}efEL;>#6Z$$aSQM5?nS2N==&>RNwX8{2Zu8kI>M=5*+o!3K<({)-8OKr6Ybb7zr zM{p?}K_1Z8!og+G_D-?62vj{$4&Vatxiut5mq>gB-R1 z-^u@%Siu9dO@aS?tRUCoi8cy{AQ{3y4++GF=;a8!9f=k2Nahn_1;~7&#V#|JBX@8N zYP5jOGmt?6QOFIsFmZq(QT$x14bM>HDS9`W0DZKO8Nia5B88s}WF-iI5?L@T4VnRd zJcMQ#je#N8aQwKC2xz3iN28)W0<~C)Vn^6=t(uHO;B)~3S0ePp z5L5$xLQRxLVRBo&nH@57d|{cK zK!)}#=;$UA?4Ywngz-dSZ$zvQgQ$&P%-5?3T6&BP=m!i|M-T_#b4XBool&!y7ey&; zjtBH!E0Wn-B{JzHNR{|@K+F&sm0(dixW>9D&Jem%t5#zm$@24o~0&rr-&+65jNRf>T*6@%=nMz4Z~Cx-iD?O+Y?eakjsK0h|qhF+(bH2fTyhD5k&#ygbll#HY(Q~zf{4F&jf-BDrX2H-`j(#v(UsSeSo+5*$LzMTd%| ziUg{v7zS|cFfDu!I?M|JHrnF|Q`tI1Z4rLe!%zpIF%Y_i)o3p;_qnW6xak3pH3l4V zQe7CWk%`d0nAH_RoCR8l=!?2+Y&v)|W*{|Dd7;}%K(KkKdL;@#6$-2`W(T<)j?-pC zmbDFoIGPA=0F}=+@S-j>D4?r3LJZzPu*!L)fS2#&N#Ro`Q5pbuAG$&q6tza)+fmqHq11y{sIY2}ha-p@z*gyLG8EnbXYFFCVN4ZOuBHImfE3^5Cczgrk|Dof^rZyD`CvMds?BtR7H(`m3kGZC}XL9kaS4H>AM z7_>$@lo~0Q2o9yjZ=`aAA(@31)VTE_9hD)CBKt@bEsyYHL_iO+k#Zqb&$Iz`BXU_v zs!@cp@LhtKhGJ(pRoWmOPnP-I*Z|oc(FMIyfq*Epat&ld7~%7x#t2a60wHII&H`uz zgU!!!sDx}t>Y`#GIV@&E{V+lc7~Dd%(9R=jY{2RmkO3wxj68g1g$u>OAjT{P^?E$u zW;j~7MBsc6S_MwP0rJgk7T<{0kOTp+qETl+L;%Wguig^(7`-N<%WIc-0Z<$85`eDI z#PTwgHauHFLNLQr7X-P;$U1}3;&aF;0TkT;8qPY3Oay5!_yqVeT||yp3xzP7p2`Qr ztD6*Kv5>HtXBUa1@IOibN`(}@-EN8l84yLOWI4|`@>osB95(=E8GDT3#fd|X2i6U z>>w6GfEExBD*zS%6VPQP>pr>K!0M59iE6tl$5( zW)1JVqGp>DiqVWt6657Mb$Zp|&?)lhxKHasW8`U_W)$rncl`MAkB{TuJ}CC5HK#Ke z`^62M6b9pbodz8`)crnw_mJ1`C!rmUG&DV z(r0fM_8c|o=VY8@bo*J#DZ%>n8Hw=n=9YSUN4UO`RyXh0bXL91lWRLv)1IgO-h6e| zg)MbXSJj)qD{i9h(;;D=dddy#{n5`0XSEx!X)b(`*|c%G7tMBK&#H^PL>{aHHzhCm_{4sT>c>0Pq{*?j;>H_a(E#~_d9UTN8 zXRlfjyEwC6y`u6>$L0-$kAEmfKTj)~b2ZA`HaS06vW+(t?@wruH-Gq)ws`}3HMMSq zcbS;WlsB31;;4Dto9;c~EH2LcfY}Zoze|H7O-vqIoVX0eWG)-pNTN267{;l-QPu~m`u0lmt)_sqPy68YEzNBWj^WS&LdbY++HjGD?0y<2_m z&ADx4Zy+bvvKLLRpp-uTQTwZF+a&(h6+i#VsGS$_jO$BV?(~i9aec_w^VqFd|L%9= z;+(y82khN{{pm+bZ}y5u`*3Zl7wk=DU+9oPuR9U0I!koOG30b?&xv(@kCZ0a}e|1%szkO8EfxeE={Z{6VcE3kOFDAVjqOGS1ysa^HTit`T z?$g-g-H10fFk9tv$^xNtEB2vCu^ZCDjE6f!)-+64a|wC=yhr{4p{?!OZ?IflI=!~{$}g;f)uulmU2XEMFeK@b@$okKtEV!hhF?n zn?q=5m|hy$wD;Ej^pOpE9G&x3b3p(7?(ByLqC;o=7((CQRB@y&f6)=kH)(b0h-t@F zDet@Gb=q)jn%s7WadX-870*x9T$;^Z`^UfqrO)OJtRFu!1l9Pp{q7V)vE5o|X`P9; zmtS>I?-V~f)nxkEZ%fJwV^ep3x-*mfoEIfc+kdRGxF#}YWa7N3+phE({^_9fVsI5E zdDM=sT|%y98~XQna$-iU?9I==O4l#g>G@TZe5XU%$+B~Tt(*;#{ts$P^Q-REL{LXU zBd$G*bmT1Eag)>Sakx)eR@PKMvSvF^gT;1XQNP*f8|~Q_6fZoTQGeDMGiJ=@(MLAr zL(vm%$@H{N1)I4ilis22m?b;-(;pPjP!A>!7}}uc%S_AL-dh%*irS7G_Dr37v8AuW zqfn(kxL4BjSJIEun?sGZEtkI-`?6%g%$!G4c5vo^c=-}3KC)xuT7TGZ=5 zZ}htgi+Ant`iB*Bx9p$aeNVR;1By4UnfmiQ@5SA`vFi84#KZ&UnZ;WZt9NS!+4oD+ za+f4mb#UCHt=RNg{U){d72k)Kg$JxHZ*+gOP>1bQ5zQ<+IZ@MV+{lSj7tO5lzIooG z{a{VQ1?#bz2aDHf|J+zGJX%${>8|h92}N1(!-Wm9c^AX3)5nh9DSKBb_&aM{*L4jS z>hl*4NiQNrn%3=c_UHybe(=rfq2bbPyn=Ej@ppqJ?Os0nmb^06+<4sZiPuC#C4Wuh z4T4d7>xO=nwA7wizGX%4h2+TJMQysT*~Gkaf2ZT#z#Ee;>hJ8&k2voxF)->%^3{l~ zxPOiFWSAuX!Glh;nJv#(l@^s>?3s~&`Erx&>}+mhVuR{QH9z_}2er?CZmW27p$+O; zheJaOw`f!onjgp+J?F0N&qrq$_YQp9Gf*9W(<6IB>U7E2!HL7LZ?7f1-TwQ)eCoQf zQ=R=AtZh&kdi)S&U7A$9+q~y@ zv)-%gcvFqZiG&iX+U1F!UC2yaPs%ZMPf92;HfyBFiwqt=Ib+Qs%A+nF2PpHJ9(Z%( z>e2LIO~Zw<{Y{tBvqC)uh}nKwENG+jV~_V_Q$d6#$`#Eo-Kp ze`e4`4t)PRQ`$Xnq51i_{aY;~_8<0r+wINmrg(;&TPj0to3%aMw$*aZM&Gv4Gnyxs zeYltWd8F^+%I>=wv@4pIqj@p<} zv3ljf-@`F)uU(&;)Z|2bez|_1^r3L)fz%w=#KEL+cN^BcAk0rl-+QFGGiPZ(%k%Z0 z{+#>zZBM;(VYvCdi6gd`A3d%da>1U_^WprmKi`dwl{cxm(nOw{vSH!Z^TM_w(LsqYfQe&A&HJk$U-T+Jn)D7oW*c)Tx_% zny7eC_^oT(7o<@6^(UdW_0#T~7v);-jnr1>wN9T*S<$8L*9umvo0gyQe(5{7YsT&B z`}Ea-jcZ5l=-({kfoBeJ@3=qD=Wvcpd_O#C&y$V`dF}q-{^cChqq53F^Oam{GQ;!b zwd`B^vrWA8r?*7~DXIix>7Rx^+nFYrf&&)ZKS8=V#uOA5}aQcIWt*}CqK&b zi&Kex*RB}M;67{_xOgl!sn;ciYfi$7IRz)~mzZj-kDkDq+MRyHpq&%_+Y$47)9(Ro-RHU(B-Z zAMV|2O}#~$A=$z_ef_$ixcK#G@Y7m@Q}VhCYGA_7IJ?91hdJ{Su`gd=U6DSgw=%Ej za^`f*8$W%xQu)YJ#qSTOQ9gN2MasBx zPo+IMxWj&O?0jkSBG%z-RbkQNN3t#X#1ZEo?$_5XoZ5U-V%qBo;9v}1lb_pr%!szr z2K+f3e8sM!>_4O}+Rqx2zVz*chx>FV-bwGdH$VJ!uJ!PuoYWb+Lxvg2Us$s9%R7#{ zU61)?>YYC4wvUa!{Iuz$H}~L~9M|a+WqT(+8ve5steyVjlGsYTzfR4Cs}C|~J}6lK zWoTbxe_#3dE~ecSMfJFsBU;Wpyk~k^{-Es9HAhK(e7B9>FKcHncwJG^NAzXm(oX9> zp>mea)}QY8YeVK|`TQN{*XBGwz(2J5-RsZSn{~CR7VQr!)B94yg0!-Gxu4G*pLTQ1 zfmc_~hPzI0c->iY>)E4zXJDi4`YyGVdtKUQ_9L!+L=pNlaYzrvyOsScJxq+B=RUh0 z9`(0L&+T@m=H`RWuEH*}+x9olnty#N??C3w7I&*nY2uwh@}70YbFa^R)2HlRhk2!s zdO!Z2Tavmcl$%Ie^6UGnv>ja=9UE!w)HU=gYt`#^33;5<_y@||lop$sq<5uu{G%Zf zSvX*w{$m05Ha*udZ@wwFUFMG-&knS-VT>;mmM>WPGn(<4w&uZ~{!_nu+-bMy(C4Qc z@I4$S*3CX#``4qzuU0j$&8$hk(?|UH{-X5rqSB{Ras!d!6TK>1zg>?vCdL=8n>wmp ze_av2q>Msra#^c0eNfV?Gqg?-Wq=QJgZlF)#HB6S9iJeOT6dn z)Si#+i`@D?XREGP?0E6&eNWve&-4Yg6K-s_lweMH@toVQoL76FA|7HAp2qekQ$7`{ zQu=fyh9Z=j;>F{OmTPN{vJCm@~4FOo7cak;l{fSsTXeQg^yk4GgnGZ z9G`!zR$kRpHKu-Wtfb$%j_F;f?WzfX4Q4loIHdIhB&0cX=Ju&^9blPuy)&}Nm{R?v zU$;jU9cOKP|5ns9w!bgM^J>N8n^PJ03NBd$%~0=4mM>oTOR@RVm9xb&XO_y>%vMFI3F6p#86ZgK_l6i60 z+=cqEwVIg1RXB^PQac%q-FLO>vUE>s`>v1N>}m9jB<9Pl9K(nP*OR}V4;TxU_RL7) zY##nwRk35N*LrR6(J#zPjn?hS9(6Cj{e+DL4`WNJrV{^3`q$;B*Om0j1{Z6AWBRs? zlY?5PRWBGwqU~FEuKkvuKOZy|L>x>|8?Apt5aZ|%BbMtdgZ>832 zlR%$Bl8=6#+VcFe>~DJ^`m4ngzqZ+h$?%s}b}m|NdslHYl-`J##q2kic|x#t6At#E z%YU8g4MC-E7sRJyGLt8M91A-)190y}rq^_p|E7r7(jc>Q&Sa3A`9J?CJoRsXC3* zuPS=M@1NQ-IlroOXVTlwdtgQyuIbW*-yTJVDH9CchUqOCodPrZkzr1xk4IkcY>BM@ z>~yW+Mi;?|H4*vJKyxL`;WWYg21!j=Jkam z)+_S2fJ8=qDTJ86QZp};8}5dia(X+nUb_Uo5XM=`+r?+Mzd0Aa8DFevcxwf`_#xF^ zfTabW9&HHg^LeCwb^ZK>MP$j1HVMIP`3rjyCIPWbIS1MU!l)j}fbrg-ZT z620z0@#t|Wo{qNVoH_N(S#X}39iwXddzzP>%zuWdoxY?oy)IU~v0@$`7U4Ad)%Gxu z3I@8CGP!zv9wb{Vqc3zyXwHJeoV`4q-UlwL0v2y)M@gRy)&vcB$_0x!DE z`eWv-dgjf@A^*^BAJ}x|QFzxpsqVR|uL*g@sr4~=1O6l-51nx6A8nD{BNfIf7N)(| z)Q1=N)|{5Nv{T9oHk5z9?l4|jBKVl6|1kO4!!AEwCf+t(X?tfAv!=pRl-EahhQ5E! z?{5cNZ@v1{A!v|i=(nreV3-Uhk{()|bVGiI(5bq%ZI2n?es78|RkD{1PMmSrH92|5 z)Md77i}0y~wV~0wpWR@u9(?rl))gBM31;tU^Kzj4Sho+F5c6bsU5g~)z0u0+WoN)Q zfAQ({!cL+dx))m|4^Qbj^jtDxJms$KPMfUwu=3y2B2MbF&HWbPBYER*FzyuZTnZ6( z@rCbq-n}3+nUuYtx^2gX{R=eqnpQPmo49!9vwKGDSd30<`8q`HKVW3R^8TkDS18^V z9yBMaEB(}8;jw>TEIJl!`D@Luxs3jv-l1d7hh5ejzfFFzU*GjhhvZ$p3|XVXE!>ma zcglBcdK`dBTP|za9#(Q+$e$jCNAcfF8=}=Qtw~-UbO;-$DxOe=imk)1TFN<_- ze5(7!#Ro_0rp;Egxin~$X!wy>i(fmg>8gKKe;#sd;o4c}I7?nuf6iKo+1UR{y=mfX zW_J=Hd&c334L51GbUd|o=JtyxGukyh{-NKC+=>ROM>|>t@>i63^V*0XOiKT~;A;PA zl6`W`Uo$5v$Mt^?EF_bJMCXUqAJP-^CJfu0cgWSgdR+8n((SDUJC~;aYMDOjWJaTD zX%EhRnrK;!i_NhXgMH@2x3+^th4LZ`bU0;uk8$Z|BL|F^%SsA~%{!y&3>`XD(rZlj zbXmV(@lVZ>Q2F4@yN; zsFv>L)FsA&Uhf_It3m1pm4+R?Shdt>)sGGxV+$x{H?Ch=pIc|J_7H3AZeew8$(jql zlAlii9{~b+%th8d>)0gXuoiyWtuMyaO^V^h4Uf&bo$+9F z!L9Whuhc@qr2PHa2~Uou_fQqA9sNDyyxP*4O#S8C~Q$GSh$JUhT+- zhwSJxBPY_QRUWn)MzzlPS>9+t$>XUImX*)vJ^FCymaS|+!*PnvCGuUZyA(b=eML7* z`gX|Nw|z3orKCfiPRbvGHxIk@zn(w-p1qHCJFzk=t;qp}e2=2l*crzRt4jYGaIs|E z$@X3A{Ve-_w$abRGfkB(r#+mp-*l^+SUBVQm}|wm&Qw*JrbNGgZ9?tw?Ch#(6U6(B ziKO_ASKk+Yx?8XQ#5bppXS8|^sGDblqQgSP1p}FaH@lnsHv^=}{eQ^-dH$OL^8J$m zn!2b_RT<_L+F=-Vqfy^s1ls)VS>K1v%Wjgs<_9tFnh0zl8*JRsmM;}ks%Ln{k00N> z`>^&!r!p)X1AhP1-Me?UJ+oz6Y3|DdvyfEsetb!uSK^+Y zJ+%1GTifdoZe}q)cRzYsS1_zK>>G!sk z*m&bh{?XzepI(f}u9m(YA-FKFOVx&V1?QX-J0J9RpR;`TynO{d+nku#PWAV%aJRFC zs=cT^V`+y2>Tu~r)U(`4Cfvb8tZzxn)#!x~d_uB=CJ!=hgX5a7;UZA1vOJ-obc%-HN^6S-GA+ z`40#?pI+(GBK7f<;g|b5S8pkZj^D~(*Rfqq_)XWuW1A!+77Xt9_4j9YyT!Xlx2bM< znDr~XF7f|0Rn?{7$;3HtcOMaQe~s;4a`n}V0_@vM+is;d$qRHCdZj|1vqIF>v{kU-O;w|Cj`aq3oln(Z1qSxdi}V$_q&f?z6AEXvhT%>zIw*B3si1ky;*zo zk&yc5ZO6P$(^$sB*_m(GT-eTyT&&x7(O?sIM)9PjX78cZnWsPe_*MC>+1bd=Wvzd% zA~l(?_V_PZz2uaUrw<+MzX%c)m2H-`ID6FA;z-J~{BS2hP0DZ2*oL%w%adqHxKjH< z<;k_a@8=|t6G~p1vZ_}#WPA8cA79?FsOp&LBzNV6vOX%st`Dh$y!hYq27N1B-f*)b zrT@IcuKADz`_iHj{s3OQ?e9U`mv%cgpm>tExJz39w*7?HI=npfk$8TMDrKMk@gGm} zf<4+P-E->{y~=%d)Zcr7yJ!~Vue=a4(e4>DD>EN+cK#6luk2T3y7t?x?4m`DFU~Ky z)zXGF>gTq`XI_zoCcVjC+WFxD!nEP9=dZTEUh^DMQ*|4TwQs%mKeA!5bvFfT>s@&t z5WL|nTH8y~$0#e`cPgXn9EU}SO22cgeq4(xz1c7C#`}in^4yGTt@38H^3b-d%b0J@ zx>dOO#BJ=PnlG`u<&E(5yQ;EUCX)^*UJl`pN{(dvz=fK;r#k^!RBx2OQ-jNbXP0JWM+p4sVh=Y z1DNiUPftp+Bv%KN33_~Bb}y;+*3%|Lm%N_xeC434l$gTocWVS>Nb!1Ueut-aO{xI zyPa@!!;rL5$Br#{`#ZU#GrqTIX7}WdU-Yuf&$7O~{+Q6>>00MFQlmS$zjNy>8(uD7 z<+{DA(e@T4b4NIq?;qJQEA_zBev~r})a0j2lV2H4o4%WFEKaQlLHEUlkQl$y#BSU~ zKJ37%p1kMOJ-?}GQLy;H!>j8$@dx>Dow?DwX?j(*tnR|nC-WAWhpor`H?2nKY+wAM z=6rFZbQxp*AGQcO6-Z@0NlH#|1*P@v#lxl=@@a}Lh02riJkM_ zUto^SxEOIO`Iic!Z32a5-vFGyJ1$~}&;z1z`6y(nh}ly!epku~f4sOs9I8yEkCM{h)iaa6q#%wABS z8#z{DTYt0$HzQ&_GwExkaHvzWzc#s3p``sX&-tmB$A8;^(==^JQxxQ89$x%n&G5Uy zc9?UX-aVPh8I$H``c0FvYf$2C<0R;3NA6*JjZkcG`m*cW(glq-&M43KR`1h zxpD++!X_nexAjGh;*#O@&wulDvweB1^Q*RhuLV>L@xqX&*UBX$FBOd48Pp73NgDL{ zd#AnC#0iHUjLA4H>a$bpQEh2|wrX+K$9t8z;mW(P&P7ead(<1#F>Sl2pQ`-n*>81D zT3B5CPB3F&VTNIE0%YeRbqd- z^2M~DXN~=PIc62VO8k_tgAo@T|9b8bZNdw;WxB0!>d`Jw@|-8y zTyVgOR)^0%k?hE7@saT8bVuHeC#E$}-8ud+iMmX)qH=!Bvcxk!PyhA`qwJ}_aVc&5 zLD%$N>ju?Aw)*c@g_-9i+qHtPe$82H#ecB?Rd1%xH=as#Sk4o<4esS6jGy>%=!w+E zuLtq6hdcXAuT4Agv1HxYKHYN9P3YFrrD>KsSuv(}|DN%eTQ66?uM?}7`*+sX`xV{W zr7zva^sO6^)4!l<_R~WB+Pz6-g8SW$E$({C*=*Ehb?U`VYdT$LJinFPx#%D*r@~Vh z={0P5L8~=W`bu`pZ&7pq{e>yn8IKFbjLmSEztg99ZhwYiqjTV#?8G%C^yh_t)Hc8T z2fgk|$e(0IE}KRxkZms`lH0Bx>%g={WBaWDCZgdbLKG-;>fp)8LYua(v#R?$guHH<*>vdPzt9xRJ5HH!XJ# zS^ahIzWF<|(l<1}urhnpug7rAblmZCsrSWO5;kn@?ZUH(Hn4kdzTfeF`MPl5hTNCK%8LRW zM>tmKMonC@^)h~S>0W35ITQ12Q&8WtcisBNBen>hyxFdGsNz)cB`W3lHs)M%>9~`Z zL^NwvkI=7OpGRd^uiNo){h;?b&t=ckYC9q@j{m?ah>Kzn{y7d75Jyb<{iWa9+;W*~ z!>Ea`#wPE4oK@B}d6KZ%k3JdOZG$#{T+wUA=sAP(a=JEF@H)&b+&Ny`oO^$2P9hfD zx!uM)r?xmw%}Kk{xx>YiO=ELJJ)iY59;S6E|T&eB+3y18&G|x62FIyz@RB;q9p5^CIz0hF!NTEnED4!^oXeQlsD9 zy?f86q0R5p@reuHbolX-eBkZng`<}KF?-{oW8d$zYkQl-%RX`C`yiqG!3O)_IU{ab zJ`KN298<4owUN63N%qJfk676LAYh;7c&Zn028}&w?7!VNsp@Uh>dG<4-$st#EQ~d+ z-kz{@`;(okg(-_|hEe%{?@0W3^w!e)$Lbykcgw6Cvwz(=?S1uz(M7h~u=kIikdUL< z05$)UwYR5r1mDlmyGP2q6Bj1TNw`SOH{{+wtY)T}Tpc zV@Xfk#H+e_&4woAeVe%KQgr*y$%l&+^@_Gf6`gOb1;ESzP20=?tuHpU)-)Qj;OyMn zC-ZajI;<$C*F7u#cg(Ywwmf3?E^{5;wPN<%dXn}xD_gD3>(}95?9PBcJHu~|?N{dN z9K#h3XpncE@D1aGbWm!K?7DF2)81jWUPe-Z{(<^e5kEt*HzM#=96MHEnVhdkM?c>_DttRYEzv^Vv-Iac^ z6c35mQ$Mc0+m2ke?bR)(<$s+k{NhYU{@>5nJp0k5@_pY^cexwpSANN;tsW`eQ7{Vu zq~LKUr;xx8I`pA$wrCQB+NTn$BSkm56;{7+B# z>}q*w^ZzCew@lt%mKB|tJGB0el+P$6s9O%anry|JjlsI3J{@b_u0&*ctT)#6~)I@yx}>8+$gm-kBw(g}Hn84PM&@8(u#eVuk$~zXr)Yx92R}5k=5E z&e)gYCod*K^w`PLs^s;C4$0#avf|_|04b<$+hhCi6u=yHx!B{*6x__(>kb4nb2a_K ze{xDX{tnyM3Mg*sOIN>sM}FLnaYcFeUAIu9Ch3lT8`gF!YI?3=9)5~R@Ro+!d$ktV zUA3ScJX&|a4SrErd5Nyl_f;4M>3B|RO3 z|74w6wP`Pse%Mo4b$ZF2$oJA6FHaO5Ef;rsl9@QJ@xYk zbp=Yd`C(`P3vhHp>mdm!Wx};KdAnZzcym4wOnkH8S;yD=%c@&6B-!POKLm&q~?;PnjXL;6NjB%fz zu!s+QJH@*v<@i)N*48f$Y~`ME)La-d4t+weu0V5WL>R$Fb^64_czMr+O0go#a&y6ZN;U$dB_%W+vc;eA7 zf-(Vm?C|icn$BcThvDmv=>R7LnL*~>$FEW0%S?cUtSi`&8N9h?p!H8zvlL6}>zJWq z*2UuwQqX~Ob)FoHc7!mBnfsy#l1y`tAGuI5Y5jmP+v_z>A2=>l@dH2sd#=8^Q2jb> z5df@uEOj5S<6QHPDc1$R;LCrO(;g~PzW*Q0y=7RHU%U28cZqb1C`bxOw+JYRbax3z zcTKvKRB1^;Ksu$FbSoj9lWv%kZg>aJ|5^K4YaQ>gkNt6fQ3SmE9^)G4^*hfwkor&& zgZO+xGWWYZ>H{*muxE6mV{|uLN6aJ~neIwF2|^WGE{A;xRi@s3PnBCw%0S^S5{mIFEV!OWbdQ{lGLE=XnG-s2_Xzv>S zrHftdLh)O&rq>0}nVhxT_X~%llYSWc^l-hi$&0PAhZ@xUmRB7;XAVmh5H@H?=y#xZ zYP;_v1JJDNGwmifP}(+tNt1Fou7n2M$F2zLhbC*!(I~6lTNYu=v$)a=1(uMI2NOE2 z2{zOPmxe43b-syrnXP$&q~I%h{$ASPaVwq4D2;FT6{E#=b@Eg#?{3dKDIh&&>z#bH zo%}bv#K_UZ{b@(Y2bZXT{Q@}q6p3X+bv-*A@E_Ori+mt$cfcs6@ z{aU$Wt^G|7;`Bt}_(tMt_)fytld$p2!+3<^bK%0sCqP1sQuWu8yW;VB?sE35rfo`3 zy){*f%Xp;WvAkAEATenXt1ry_N+s<~3pCW#%7_oio&`>vqB^d(+7IU5E$~8CUI1Y% zBgf**FDsSG?TAr9?aW`nY^{q~SzBj4iZTL-{mzgEtJTNMt+8pasZ$O_NuX)49D$^# zCk5o`TP>d#VzMGmmxA(1*SIDoCg(*TxM^TM7&<(bp+k6F?E3ulRgm>;(|UQ&gF~Ub ziz`N}8+n>JcM`2qgBU(YQH)%GL#g88tUfQ-5!w9;)g{=W@Y^N9ZkL};kRTlY>f#f8 zXXBB6+fxM`4Fg&+%SRsHv+JC6X+1 zg?k|kX@x85^G{P5bVPS|G&|>l$?Jo>t&XTlvsJ0@#S;!G7Cw|Uee}rXxi2@OHSMOu z1*(r;Y+Ln+TNe(0t@Zr#Ya@9_oPDNFqxrY`$kXJ^`kfy$xMx5{#=8r>D+~Y<8ZUsl z8i$S6o&#|0iF%l59VUuZ5j2<*+QY7oiK2~8p(=BE95_ER=!5N1eO3y8kN@Fbv;(*H;DdCjfIA^Tcd|1`mcqU*FL5x5)~x!AZ5b?fdr4rI#PK zZldXt-SSi&)vdMdr^I<$Pm>Ke=nCVjtA)a!u#qoW_dXQ$bfw26fXfvS=Prr)v8v|2 z4JB~5<90iID~P`px%f~{x!BR^_laJ>2RAm;!>MOhMavvH{lD_zXw~-Cp-EguS+GTM ztI0yK30v(@pz*bvjhV-D9+1mz2w1XC*y~4^!JzHgvb1%0RG$FD@~j8f>y*T0edy&< zkW9JlxT(1Rt|MXm&5os8TYM_#($#d8<>ud9+@PSK&!S$3M*UAS9MqtN=JweEek9KY z&htY3iYyh|LNsP8fXwo!NqNh;SF4x=l>>QW)z83bP5t@RmsGc3mRI4d>Z32kDnBY) z#3PAIPwe&rHi_gsLky%#20pI6oTw43_YiqnHjQ5x!zKwjF%@*-$D&l|YNAHP@Xh2cB>j9VR8PZ=Xd_EY@!7Op2waWy;)=5T*;ZBYx zMq#F;g)B=~of#!lf-w5gT1+-KN&u2bRIq4Q;&r>)j1m;RgfgKPqnQ^3%TLhVAl#b+f6DFg+J|t8EJrdt$yk5KHeIf0z`Dde-x>MndV0 z)0$0_*;G5`s~Vc_U^znL(PrBBR~QVIG5S_x4V<$oW7E>T?tj|`aqzcaywX#!`EBq# zmHbC>atoDKnUU0$y&bp7vH6cT>1566jU63!#2>EJ)PxptdI%FXW~+CCp7~|$G8_GJ zOvk9=-IsPnh5=5$^BbQ{x#QBy-MRXQ-@ku<9rrZ4wbsdqiny7@7=e>a4T%MMD7r$T z#qd){nz;r7Ew&!6*&yPC!h8DFRx7Jy3v_X!gmS`L9eTJ$>wV;OE(jJXu<4pb+I?=s z!%po6P@IgVl}XN@_KN&l!yx{&?9V`r6rDfV9r3NnQqJjTz33xt%%GWvK1iwD z=scL8MX;_`{B@T?%v{i3> z*!r6XhF+{rJvZAhHO#@sD|h4xujo{fVOsANULKnFRlpbNrU*Ab4fHrHuJ2KM9`Tb{ z$R~A-<||P^ZSM3i#TsYi0^tM9_KY%zBvT$%T)S6ii${vhTPRTQ0N`0#S~mIJ=q}EV zaZ#jXvKUL=-}N~E%c(&QikrLk&qJ+-`k_xhT2D9AcNl<{GnlNg=wU6Ef~l1UNQR-J zZDWsoA9x<)@c%jM8BB;=Y+NIPXGyt-zWVf#S6{^_Vr7tCs5QeB#iy{e>>ujOnZ6nk zYl~mRDJBExo{C4t7YAY*7yY~!3r5sh!If(>R5soZwEPtk(5 z^vDM*Ytv#{oNiwP=bAQ3dx)@wozvOJIRb+~9r&DKUOk`cJrN?>fekr8v8&8hilKBj zGF~4sA5*QAkU_D(fyyvI9T^s0Tf9<-RoIs;jjI6IdW!@7;!F|RYKE_5hNr-1Fl(>A zl)6|2sJrAE4hkLTb(NWSP~V&W#%aLYN_G&;pXV(dx6RvTIvF(u?!AgQa$aQ%AXqzW zb59o8uKr~rabu3DcY0+c;>(BvVQX3*SxX=@C9qbL2--+BzP{J7OuW4BIQ8sFE|hOr z8K{XhZX>m>sjDq=86B!6F4jX`l>4$D!Ig77XUdnC%?uf?8Wk7yP}cw?w!$2{C^Q&8 zlqTdLJeVPYpZUper2XuSUP3w7T?p;BHddtnjx2?p&ai3NhtR#%<2KxDm&2Ia8tWLJ zq>M#wv9P0))^GSyuMhmW)MGiDvs(qGHAyxyg?&&GX}=v@(c?J{ zbXj5Fa9DfpNgPca3Pwn#m=Bpnf4qtamz`mybmYFnlK zDVaYTxSxuD&6oc}x4Ff6GbNj21^St$Y`F7iET?oEo}-qpE_6?(gkSO#qbTSi-bC9! z?ZuIHrylo(k^+64;OX|d(kXo*Mx0nMJBhkQ&F)gKqY}5z@pdaee*ffW{*x(!SB~!l zFsfO=%NCKY*UR`)^UU(;aZx_#dMZrP&M&eYe)s;O#@@xI zzLf5wek3cPSbcWU8=%pINGO$=EtCOZV+r))g{Tk@M8fx!B(B@@V4AzlBQGjNrBePu zwT(se7wKD{l-6cU50#uYm|*1*+WuT4tw~!hDX zeuP6kV|IZkFvN7XC;l>W-4-Ke6+Jpa_H)Wp>28?rt9;J=%}S}7ZW{)(teKpOqV~opx z-KY7jSMfx2=KEULXwU9h>{ge^_PUIKN5S8`ja26C)Ee}(iX*0$&dr@9$EZCM{Mvvl zqro+;8KTxWk2@`{M}J@G6+mpVRBe|;q%WgbG;*=rOJO}(O;#5ucpmf-lnYfVMPcX} zVuXRC%9!T;pRrx?&}FATD3e0%_Ut~h$=OFa(S}DRab?+&E4Wr|5nSyPJg{X(fwjCd zhqT{2+wecFL#=Lsn37H$$C`LuRN%lD@Hxa z#o*4_dwMFrZc4Lfv*`2e9kP6(65+nl9&x7Jctw6sk*dfCSTxG-ZH&Q)VH=CId0mF89i<6 zX9q+cy5G?${@)+B4wHB@hKRO~tERKs?G5e|dOEt8&l^f#czrni)DI8G6@DnDl3_n& zirP|-yQ}9U(`S7Z!8ZFz9jbWC6OT>x@t-4mfdwU`6-Eovlm1Y>qUOp0EE}))pW_~; zzkfabRXa)r*{-DsD4EGZ`Tt0xPd(mHOoq5(!zxnh|I71p!*Z{r-n_bi zv2>e?d`C~dI)hunYe`6s|G$Z#z)xR}XD@wj9PoS}~FYy?tERx@Awu-Q2 zD$_L)PNT{k2VVzizR<8NFUqRZrt*D2>M8U?nte;1dS|No z+K&^bv-qEj#BIYa*ZCb~9R)Tym<9k&m`X9k!f$}Od0+F_$WGYKKUCa`@*ZqQ_W;MF zYx+3CBvO-hxUkkGL}2R15Z)jWX=o|hwt#^f3tJrAlEK#_8|ny7)w;Ml{$TBm?lg!J zdT>30sxRRYVH9^$l(*$HhPhS?EI5w1cqqW73V43yrf!{iiUA1o;&g}4b^q2PZ7OiS zU;}W3urRYoM9U2t&R^DcY;u#`)NBVCI=vSQL5F+t(;^@f5JlDDfAou;{O_dhldC^&c^6HF&DkO#^T8UM z1V9A0&UE+w%;IlLp~D+P!}E5GE$Ku;Up=pGX`EQD1SKc=m^TuJ@-3j~vln(t`>2d1ePZV@1r2p4R3+LEOy# z?fcZAEU9)r;mWR9OEgw3;f83QfnfsklI&D|tkv)WncXhtA#VI8zAo_CQ7R9NmrDvv z9@M!mV?i)Zmmkd@Q+|A!?#%;H(ymWuTN>NshPtK9-3vN016thx1|;EBLk5~@0DQee z5Ng9l_Kq$Zh$x3e@z~1+C^xr?ETBLM0JV8=;YOlZx^j)T9pr{M1~^_<5Q%P}WrVML zx)~1Kum{@eI`e}5WcCK4k*p`*vU+~@z0TlCm>I%`vW*pnPc&b#S)>A0{my52OcKxD zfE-`MwPOb8Zp$rbuomC0-w#mh{Db=JJH$LQfPmK17A*zPPjoC|7gBbVd+*z0|3?t8 zFqNums<5+Wfcjkoefu+;wG!~wTju{w1GG6Nd2QyZ~Z3($M$6}&2V4o1!GBz8s?=I= zVN&J7Ly0+hsf_~P#^-jkD*8f{#l>JX?1S6P(O;E_cKn1@!))paOh7C!YwBL9jePyz zlv)AtNYNe!kME|Ng2t~xR41jlUy01xALTZjYOMv z>7E$x@DK#EbDW3$t_*(+BPz+@LkElE70;Yh|JtP$9ixW9S&{n1fh0%vv= zzivj>YVXjf7@?7wAn2HlsS znKuLm@tR?n0;P`>FQWv(!=|OULEF%&fdH&u>pzTDccxrT`p>7&6~o?IEsWEFUX;sP zVwS~3#%OOMvxM|w=wfg(Nwu0z{T`5O^XzcLq=Q*08qFWeYZMT87q@iUuv1OD%GLVI zw@wex^XX|H2%*8Aspd*W?h}+384`=lJ-v5C4>Q&QjPA3bb)}UA=nj|<37p6!*a!VJ z2bCSSuu@5A; zF}O$r3bpC<7v?j^b*z~!{O zHrhi&u90T*%a**&{iUwHs5{pG#g(}v806;W1@$>0?)i>LmBWOwaf-hDyZTJK=#6h< zxh4(}X*7SO|MV;EgODN&Zea}%p!A%Xq7mMj=?I6Tnq9fffBRPX85_QA@^wd+J#stB z-(hyU#FKBS0iL=!|52c#1MD5g1VM1`CI3X_0X!EA2!<)Ia5{MZ%EGR zHbr9hh{t#=hCYRSx?S}z@=n~ki@TaWH1q2+73vC7EHoTdlwAB$^g45`1w9Se2-|Bu zjIcP}H=t%;P5enGILuNjQZ5qzS(yT4-(Q&kQV~cm{57^ID}_9Pc8vy8uNczF!m8oI z?d-m|O@@kT3yG&IDWL!hKvY)Bf^E)sz)g{b{ykC*1wZ+{SuWG9RnQ;207jXm7%7rgr`6J;W_=w1e+m10<5c%+=DnCBM;ZVOUZNE=r zA0Q6AH17fCh65R*6VtZK;Gz}joJ7CqE076u;M&-if8OGKNfB0EFysPM5xx`$upDNz zU_0P@SbySvww}rj?f~^qzlS%1v17fauMQ@yW_0cRkH;jJnzf?NKsUqh>-RcC#vZAE z89skP5C2W7QEB`pE;a%DjNR15h>R-=tU+1j^4tzR>H*YxBNB)=E+?m;nTw$3!=k++ z>;c%Q)B2))lwL#1$vI#@_YGQtUgi!sp9njz>5U(iuo|16KP5z@50FpAy^W^ZII~eF zjZ~VK?K!+yYBrGoErdvuM5O4#HZhxoCG_;%qT7Lu&su48NBMxjg~P%a&1z`sye|b4 zFQer0Y=uUAS39jFm>uk0GaO`^?%K|VLbH=%=mQ%K^m0oASc@k7*V=zx6zOD2#y-$L z`60VtQ@D5q7aI`Z9jD^oC=~luqOe|Z=N)jCX0`GGz8jSBtG|+VB~zB;U~^EhltM1d zq3|X1<&l!$+vL)CZRAd1GYzy?C&A_H!&M?RxD++2P@Sq_C&J`MlL>UtEid34TIJ5q zEGmLr5!7f6O7J7*OJPLO>(mb+NhKE#|*HcZqBct;_5sj0ILrwsX@ zP*m>20d9(3F3uji*bei)kUh`q-vnsa^I=Om)gSWs|DwAhXfANLKSmkVgtE=pY@C}O zW!GbgdWY^YJR*cUt?5+Ee#%2A;_m5}P@9=c5=ChJY{%t-!|K`{#cJe4YMO@I2XjRD zO+KAz{}ytj>nNsj=9~8`CNvcD=})j=3vXl5E@VGjtJ)%R5R)U-(xrIwoO*ua@p|b; zQphO2T)6XvvB+;)x0#tm;8slr9`z@d`^&u(C$=J#l;t>2*ls$YCY9Tt#j9x-Z%>Mz z4+|hsR$265rLLbh`tdG&XKJYHO%faa8&q^#@HZD#Bd1T`9U0lT*z9F_TuNZmFpea; z=xFh~3F5mI7j>xg(HHikPzyg^qX0_dMrbTlk6_7n)23!x$a1g;O8G+ zj?Nz+YJ`VspCaa4rdxhG%%h)_*d>r2bo0;ieRFt=P!xw0ih59P#{i$Lv)|la@l^Y( zTZr2cjOckV`5nPGvX5L#OB4&=pK)dH@h)iD`TsCk?H909dM%(ELH!)~!*0D37nk1v z|B@%MVQdEuWJkr8lC==!03QZlXqGNimtYGR`L*dTg6(?{*)m+7% zNQ}v$qm|O$45pwXoh^yGT-De$AcdMiPE~wcrp`e{Xt#q)VXp+#=-oI!TB~8x9{1qeQhvh_ zUjd|O-%OD~Q3;hrGa|BZ&~3(5opUDVypQ!|4MCxPoOrbv#(bUf+}P%NXltfv6enk; zQq4Kr$Czbx9N#+AhfZoUxzS&%Ho9HhQTHU( zQ}5-Wk6I3^D2FUli+7hUetZuI5Ky(tAWdYbq#8ka=PjQ-wUH{i-x37hh}}ODhaJa< z>jR_NPU4FAO66V~Q<(SN>BR(^5V+ zNNBL5(?~qZdJl&b_VFXp1io6~Or65_b+-7wNAa z()eB?2y~8CBN6YVD*c9sdgWgl%|ys%O4R$LJ`y}!<_~%~^DC%np-^#tqar%V-OTIY znA@j<)WPdVDrN)scX^&YVvyWGcm0JSu+j#_!dqC3u!GWpa#%T34eN%P=P$5keUz(Py#TdGz_2|B4M67J;yLsi6(5vMt zmg$R9>FsTL>R!K5(qM#R0W!^u>gXsxwn>4Y5hsc-1dz0Yw}2|!v~8&g@96qyLc_F)Ac0y@!;uRamC{gXcOfI(l2 zYnpqLY4e#NI)shv@wT;gGvU#t4i-jrap=};?7{8UUq4pIwJ~n?rH2&UPV?Ac| znE5(9M$I9byX^~Dq_@6>R70`0EY&Occ9{jhG-Jb_Ph-^%NVil+=Q{~LaP&hJQbW%< z7k$Qle&nL~^akinNOLXzMqU(Bg1_FS3qN8})L<{KjVi#ssK1YDy0;n9eq=GAxOdFT zX0}r>1L7;^m9wNih)AMM+Lni92RPj$X8IRjtyX03pQn-W&)%fx{6B1yP1v1)G-E<=!Cb>5^}~dS6sO>FN3ecHqQVJ!$5Eu<>}lRkGt-)~m-j$#p1)VG0kG z%HMLy-Y=@zyOGzB{zXFPt{y66=LQIi8%$m>oEsWD6s)l1iro8M-~AJ+rdNvZq9r-$ z-}Bo*Njj~iwKh@bixDvg`q;r%!(e!8ZOlWa`A;Y<%D`aFNvMJ}d;;Sh8AAY{$pjDc ze>M&N=@j$>YtFT}RR#}{H^yvNk2$lGWe8_5F+zJRC zd7UXPChmI~0^Fd7cWSxv7S9jl8D{R8@7%D4Ffon}?yFI^bV9&+w)}X7BzB*5_OETJ z8iSw>#ObN5r)M2cY3HYhIsSLI2n6E!PwgiZd-s-lRcV8cjKrnnn}5!G+DMf#fbRYW zIa56GQqLsE;cruT9krQNw}VdA!#qJaPxaM38Vtvbf31r)*z8eH41FOIr)?3|}>9A4f(nOgsOGEJfodw}7&hXb=bU9V)H zNRD=a0HZg%+Vx1x?hYNtdp#h@>cOwc-)j%$xbyU=*(L6XKyDv5$p*W!_KrYzhqKr#9P(2mi!MecIH~gQ-xk6gF!KO`gOb)@OtZ7)$L*VUbPjC-% zu<0@RIXfY1cL#@s1T9v-o{lJ<)Ia-tlzErl0x+C{+AEW9RB!wp`zXtI=OzGd0RXQzZdLk&h1NPls~~kJ=QAz6cv&xYCK@ zkaAEtW&l(w0w3A${CWxX*3JZ-EnG@_U*rMX&C|z#{&7rufeHu#v-22zeA>ANPA!uw z@3$QQEyGI$Al@URim#iZ<}b9mG?sjTGX)Ez|B!_eI>54uc06O2ZljB`A`UmvZ645_ z3eEWaH;NKCegnVrl6}|ObN;tTGk9~KiI}CMHrzTxW;p16@0mtjN|xC(5x-My{)LCn?do*wA`+^OGi-FV=?*dGh-QET=1vu?)?=)AGonl8X{ zofDr@miV0Ad!*~Umhd$HAYN)EIZ;@T(kRi-$pGt4-AkoR!qocYD;$uZ=)0pCR5<_d zG`jOZdi{$Se283dv{OK>l6waQ;Kk{qDc%w0w9z(Q>&Uu2x|^O7_B5n?8X}QxbZ8@tH>k=LVDUaRds+ zkJc+fddH1ZS{e~2Vo>AC0dQv+R**T!NCL(X`TvX|a*z%I7I6(=igoXq@(Y{fhq)_U?225)$CK;&iqm1*&D(!MpvDN>jv@rk6}LF<@P~mUKh3 z_C~^MkyZg>*dF{^tfilC^Y&W_1QeD(1teP6$6+<+0!S|_k_CRaL3=h*#0dnWh z$x>ceNZL#-?r06|niFYHLYWRZSfR>_5PqX>Bhm-P9Xn>=XT{Vg5I`FY(K9B}+9q`;`D+!T=yFU6kBl!EH8q6|meY%bI(%mA z@BrM%k3aD`7b4zUQzrN7HybSf6duK&sYxI`-1sikYU6Gh;JM>0p-#Eg z3UFoeLW*|Ee%&C&L>3+Z$=C5$s{J=%Elxa;1Ly!$DBor9fF|1uj7k&OMi}p~1)Qi(n zgTVv@=xH5T{%M@)aG%m{^1pf-lpYe$2>IiE-M?lgB47sONW324@=>QdySz~QwUPvK z6ZhmdqMk#u4@&|ZWJqs8P#J_>qu5B?w>ZRB1Wqk=;9fRsgO0h%j*#R z@qU4enYjFGIES0kKFlPOukCD#Zf|T|ZT_0j7Oy?5l@c)zNj}L*8>ACUUeYu0e?itY z?(i2+yZS@fHT2%+iE%k-mgx)O4|KRGfQ^@uv&M7b?zr2X2>gs{GKO zdhU@pQFTB6zx-cs$o#*7Mqnz61n&B2VX5(9;P{m770}@A%Phf$U`DyL%}$mnSGc3T zb>1XiYuMV`j|Q1sKpz4I0$bh--Z!dY`}fHG`50}QM5R%VpB2N5TL?SVo47kjwPH;Y z=(L!AIuis&c4-hW%Gi3A*ySRX;9a==6~p}QBOdHWY=ajGhgJ%oj?>Z?=ij}E5^pm} z26>Ie+A_mVAd!C30Zj@4;s{!4-6^40xUiN($Q^6u_PWG;F1^-efvM6Su(nc+6%usR zHrytr)nDDE2ATEhEK0OU%)jER+WVtKzFhSH67KC5Jw#+GcKTB#XK{U*9WKz~!enueRst z31o-DM={;oER7vN>f?ZhS7kU$F(dbh^i5oe*_RE91({dB9uPgOoA@yO4jZ;)k~v(Z zsY7&pH~RAl-F$uD5tstcN{uu{V!F_I+oK)Jtu+cfHd#{n23CmoBHLu_!QeSOseetqY;ytGr#IyUB%=02{v2ySv+!&rb_S zpS@b&vXb2DjeivSndH0IXX4y=o>i7l@ddA5yk?~Os7mmN%JtRbl&`8^mF1qLJ-*vH zI@X)r-ZStiJ1ISzhug#9E(QjB3pY_P%f0!H`pKI)4^97YEGRG69fDbQN-0%9uaUnI zdeDEpNhO7|dy5lAaT1@vsnIX2Kg+q+g#}ehw3q8}?J)ekMRKvOau%#r*7OpGbvg{5 z3vb>*8gQ`|yvZI&%M^GZ_tCVyO94kk63Ju{yNKt(b8iB#{?j>|GJ|D^i*@Cj{C)S~ zCAs>Vs(eNFQVv6FKNouPgJ1;2clL#QDf>CZLAz0yc~F2TDz?JofX7y1fkL|_{1p1g z@@;mN{#0=~b<*FRh|9t8_hV^m{JW>6`_3%r<>@DfXhnXyv^%GZaY82nN3rC;6&na< z=0|pk$-OIX$3-SmlGdmtKFsMiMJ7m;-c2+ZLc&~*>h?>egfh(zTHu#tr9(IUx8v`` zuORsYsA}(ZY88h1`37qx#*BykZchS&clS>f<4Wlj_!3X+c@5oHCWYZIQ}4Qq2%y22 zk6m-f{pV)=IinXqq`A*lWc2=-4u9mL$kF!7&U|4PpJuMSJJ;lUzg%!}&1C~~6_Tda zlwu>-t~kzP>IGCxxYiv%WQ3!roSN;;{L;*SM{6@zS26FsQ}X7K=q%!oGdB78{I_w< zibE4kTiCJ?j-$}mRjy9hQ{8a-w2y%X+3H)v-&e~0hzA<=Ls3mF0;2vB9zYLZoQByy zT&7>M>zg0*7%l4=IN$Nu-<(H1{EkYLcfNxjJ%k)=^#qj}nsGQpb8<9@-K*GE|yfPvcN|F?MfuFOh9q= zt|PKHVoj&UsQyrAQU;NJ!SPe$>TN2wo%}lHUo6!uA~xl_Yz4d9Ia-GdwP!(ab@iiP zpK!oF)s93-J~q(b-JZ4JBf%QniuRh%7WSX7g*&!+EP1U?lwAJh_ibs55vkW)(oz4N z0BQ8jy+P~=UtK->Wp)~$u^t3J-b~ixN(q7A-N5~8dgy%WBv@6mp0hEW4<7EzhBmV+ z)eaL5`4L^R$y4%u0IA8%!ui-l@2p3%Llx)BYNEHsSmZql+0cJTM&N+=iG=fIl_0|R z=#Kz(3s+o1<9@?{q3?-?&3wZz11Fj7iVi}dRifES3xz=68XH&E0|UyXy^!8oOEkN!ri41*%UxjKbQx-1dilph7Y6 zsmxEd$E%F|Z^n`MTYWB%w=|11-!JHLZ=~>A>aO)Cq*I%w9hUju3}pCSTKlZ0fKN58 zGVdcUQvM!v^-x`qCW{v-V{5tX46I4_e&)FA_YW1NIdxOo#~upPgp?#rdZI5~1;N?j zL5m^-)I=`l=Jw12^R8-x=x^&mmZA2aTuC%^G}wbq`HBxT=ck09a!(N*gdP*7WyW1% zOCb+;N0lVp`~wc4zE?9DKKs@%-?MaZzys^QQ&x(9G<`4D{k6?m)OvU`WfnUvLvFAN zm1{JM6`OdfXjjS1{a-A=w^e;KP|Dg8il1lwNfj7+CwlN|=WlLgy7zWLjrHi$MmY2e zZ@^``(!yXl=kjEyQ9Q%$^p)*GU#PLXZy{Cy-vE`>TJ!dxzr;ZqgA}f4o`TXw>4jZ-;)>>sNUT@Yrc@knLNck@U(DZs~0aJumI@oH-|0ceY(vGqi83hGcWfpBk(;4&8G78mq9 z8&&QSt&ZOR+R0}rlzcAm$!mr6zJ?*84VrvjOxjBnQK8mydb`;gH=7M!0v;Mwq|=?! z#zFDhb2H5Kx^yO8sE$_UiQ}TA(S$7Q4Ce3u*U#z6;UsDlvIBw1T>Y{lPN{GYt%p9# z{NXqMzOPS8Ts8*nhlcs@FL}Pwf4}70&K}r&$x6;v6wf}pfwv_E7WB5`Ovf^Ptu+Sa zw`pJ}6%LUpGDazOFgBhkck}sjq(`8`oCJa3A`&Ko-uL*+%^H`#({r3_q#ix%=C zj^U5FXE7rC<>r{;G>gp+!lBbI7h zw^S!35YeGm-P8`QZjB!B{q@iUiu3NSAF|O@_F}F4k~)p2F#`iO6U9zhQG6Mf)B^U^ zMt&C-X3Sz!VOU>GTV~cvw}RW0?k|c-KtMX0r|9C+{x|wg z&~3qMgLZ=-4RMqhRNlzdeEc=lpXYqgPR!5aYnETdqR+{c%V`K|sE0(BSx*eXXXN$g z4QqV$MD{h`kn3 ztg+>9fw>eO5uH4qh(!Z&C07yT*1(@RvEnoJbx|}ze|200Y^RLF>AZis^dLc-uv zHN-L3XKEeb>}#z>Eyko>GXoot%!>pTm3E!_z=cU8|M|8Ti0CJjl6goQ+V#jHi&v3c zP)ANq5(Z*i2?yooAifOgK+KEdP>We3;-yqnGOX(MnWR7Bgv zb-?Bp-h7tf^WJ%sEhWap9|av|lF+X#*5(lw!oe`#zxN}+HY87li3Cg-eyP0puv^?D zItXf7l96A%?_nRakoXY97tw|(g8Q?Dsa*ip!H10dbe~<4d&2G#BLi8Y^#M5<`#KT} znNu+wi6U`q^qmMt&mS}x;$&x14-Ct+ohw6oEk9$aF;0+u7gPO2ci6=jX)w;|5PP+& zy!LS0DF|FQbPP%eG!thw zvq<;`!C5|7WR)(8pk|Y0aiYV}t$1G~yetasJAAD}g6B~yl|d~p z$Q;;5yCO(kh@yN@y=Z5C*(C9z>p!Za=|xxQ?)VcjkWuG~lvHPr6x%A`i(FRMzIeNA zM0h(^$7fvMO-u+u-C600g;_V7EK&!ozhu<>02vCd?rdfnIZVfc>WFBXuwVTCBINX1 zikX0}Z|7JCZ3uE3LDTYwBi1Y&`xshCQ;#+{-2u<12#~O+#^A7xsUDdHh05skRt_mOOI5}nwgt*pjaXliv#pF$~E)|{U(7*&{drFkuN z2X&=h@JP(51Q_CwpM5k98o)(FpOCUxyv>3g;hzb2;KaJIdp!UOs8(8HK}lt#+gIm#{+x~|%`{BOA};OQzf(~NXr-K> z!4uLF$Kf*Rr+t@Qe|n5!v3Ru%y>e6OLxb@-Wp-31+b0OHFmz%7T0I4>p)%ovKtEb3dQ}R|Kb|V zM`ZY2( zfsQg{H+)7>mBe`+2vK23MWl1#zFlFUgRE>XbJ0OuJ~M<>%a5pm+HOsZ{J!dY(FD#2 z{CbF{B!X6#bt9uqMvCk5<0NsWvp$of&or1fJ3M}V3zY=}Ut+E5eYH4@xZgbTGa_B^ zJ*xtB6&y6y`>MF(5%>ec%JUh+{dK}Bk@Ra7fHoOko(@06)p5Ey-RsU&zwBvA!S!v_ zYokv^co!54rP@SSX%!4or?Z@ASXP1sYJvSnC_3!XD^=2eHp4=Mvx*6MSP`NQ4wolB{)Lwovu#cA^psQ10RH zKDKQxk7GbviBl5aYL|IR22!k@CL*QiYLvFu_=h^NxKu8qRki-FH##e;Rp2|urv<0G zn=?7x{6&$k`lUQ7QXdb$QfP8lhc4>AaxKV^C}VoAKx6uu==>xBdDVA00f#)9Iu zJ^g_FuN%RbEoqNXeA*3Wf?f-{AD;`;>n8L?nS=-uZHtow)WQj9^=WKx3H70n`pAyx zCvoP_LN*?k@}E=$JcNBy-(}Ky6wLH&P{eI}wR>}+xzTOwZ;#Ea$br(9NP=H6NL{$jUp6AXDCzf|OLFs*oamS*{hJ>6=6x9^GWX~sDs-n?Or z?5k=boc*qyim%eAcV=t z=18>056++BntiB+fl^>$os4U+}JbC>6qO4$dr*DB6X4mCeI^LBlV;uV~WrI zaAba@kUfi?rDTM}R`55_frl9-B$`^lUDIgJq#WsNYqY10n)AWVM2X7|HkChOv2CBB zH4sS|Z6;8H0iJ9YtzzG%w7xq~!Wb|45;vSG;IGK@ENV>riJtFRe|p*bDEhjYAOF;fWzQft z^!y%~IoROjyYyUI-(LI($Gf~1e6UWF+s?$F1;~-&8QybpVze*D*f%K>SN*)5pk0?G zwJ(W!Ox({sEeMfFp`#JM-Z_v{8!ewKD^?2`lh#)_$h~YA57}NP%;TPxjfC4>!^K8En?rw@y9RKS4y|{iJ z(;v~{*IxVe8*}H{>lJl8^z1F>k)4%qXFLdSS{;VZK_%x_u(=h?{#lYLQFBO(au{8{ zPjri`ejK$fP;VlFlne{)MWF0@$M;|qM5#_ycdm(?CA2$x05V%`y@K@Ds5kG8`|E&4 z_q`d;aZwlacQ^LTQY&U0XWLGWORa57q0+cX;zC(Se|Gb=-Vdf(n=@E&8lo_4o9S5k zw$_pproa7endTIB5Ed#xS)AgA7A?&`XzpF!B4z)gRiMGkZ=Gf$z~=O`B{7E=!Eo3H zNr|J`n>^}px;BqXf6Uxmxi$}7b9Lr_M%K@SI3V?{m57{R=r9^R*>#g-POu!}@`-RK z7c)~oyORfdb1^7jjY5GX(Mn&|5%*1qgT7SxOJ=e;jP3CvOYm7rZe&h4MyL*-5I6m7 zWrCi~OJUS=O-L5S``V@zO(;>4eA4?x{z}u7nmQq2h9*bB0$WOi4T18oY1Y$}$I+s35W4g4<$0X3hyd{b; zqT%5VS>z0g?7R7QF8aPJ+f(wZza(O-_I;8W}|hF*8ug)3Z-fv$z-xH`1)f|KHP#AtIVO z6w?cd8L`?XP`2lkn}rnIN-}{6!>1N*F}Th^rq@>qaL6K7;6uX0Lj9mE`f!Pw-h}<9 zTK+pX-xb54T*}P%*9jNFZplGx=));kFo^r=7rBOp^TdZA2yhRY#-|HlV z)j6O=4?XH2gk{Xi4rPeVL-_4x%y%ZsJpBIL5~~xQ;mo}NyIprhU9G@C4bmR<;th~^ zfj)nc#{TWridhN~eR{Q96t8X2cV^z1XZGx8@8`99tfB~adXljC`(v1}BcxYB z^l_yEpm<_d78+kX*lp#-(;Q#n7e5C>C;iZDd`LvtSCtOVeWOOo*Fd;fd|$%DHRbYxfdX2 z`bXCO>V*~EAy8Bh1;b?1=2^1h+U^9QAug?F`sYd$p_w`vx@1~oU)2MB@a@Fx*A=Wb zTcyZg`r3x>GcXH-g@M-uE+SGK*$xcW4$MlrR7#YSCf!kSD7^`v3LCmzH(SVU_&?;zA~cOi-8D(|)NP>cNqnOPd* z5CP}&iarf48`>Oq>f0*Dk$0ktYrQm0M8@0v@g?OZ{G7s<&qqtcnvS4aLt9>z3?uRX+jOoh#i zC|W7H_Kq*%!J`%JW=}|6%Rcfm9W+lt!sJe+pfA~I-VU54L9?BC+j9200pYE7d)a$LD)|D6S)=>Fs7%18;8h9BV<3l%3F$S)MRhW=PDu%<#*F=t4vheIK{USg;j^bMmxUuCL)-L5QqlI zm<}?OvXv+V>r{$4zj<2>l4{K+9LF~pc)ZtF0V0LW(}$$!hDTt<*3O~6-9S9`v!b^< zYk!w=;1MpZjj&v=;)OF=vtK{>GvQFeltH0e)L&=vW+E^7-@Q;E={xrvqH{=PGS{FI zenMw6)W++t;*Q8w5Ah+od?^_xQB2Rs#jf1?rE{;bB@2>CTHc`IoisY0xyjIB`Uv4} zEYQBf$`~VDHNd7vjQqATbfJ zc909`s^|L;IQ#|IW92oe^p^4CCD`m`zXI9~fgnBA_|(g4=>4BsxHO}OWZ~TZ>o@G4 z5X}$7ca;eETT1u;5&nJ>Z1*wE{y|LG$Iyhkx5M^)&()SL8nA_rOE#@IJ&1nAQEL#> zT~f=~?m&Xpoz^5=K&e&bZ-96Odv^iOa5fvPFyYuNZSpJk^HhD`)|C?Ty%9Py@m^<| zhx}5plyAeW9ES3%d|ffi*oiKh2d?0X{7t~A(7*bO0qZwNct_dgI3SFA1 z>bmM>HY#y$9t@)p7D-@qGiUx8%Sz(A6i5o*`(j+Trq0Huin<%YH-lAfK8|4*8FqQK z+3gz2%u#){3>6yP!`2WUS?RqFD&J1pJv6Puo8ul8+KQ=qp68&5y;x z=75#*ou`h93~mIXBduy{-GsLxJhD7gzv&OvGlar;HZT4F?4^)d(cUdwwDnt-QJyiP zN`JeB>t4Io33nFv7c<;K-+c->m$tqBG*8t*U{wHq&oo=B=y@$bzH;;vq8xKV04u&o z;<>^f?-(->rT_N&_EHNxaQNIo^A&Rt+;ykb|MLdY!+{EX{DsDLxfve=1q!)V-o@rO z$2nE!V#RvHy;P;y5YWM7Q+^Vv7lv@(lCg?kcs&L)D zl=XTrPX^z<6U4a4bM_K9k8yVsk%u2U3+d4VonO2eGw7gsR#9Um8h8l-S*7PIa;2P1 z`<{9i=+~BaO)8gjiK+f>1PsR_-n(gMSWjksW$3fnDZWE-4L=v@W-DWd+|QF^g9Gkp z1EWOgHmv;S0S(X1Rmx+`x$<{lw%C38-?N3ta-aa3cN1119{;ki!Ti7Tt*^ zts%5E9$O3Zs(S%c!uCvu04z?#X&Wx1QUhKnyfPrL$x9X`qMC$LloVk~{m)g>XgwyD z5XS(SpUu^7kL0w2lF>NF8%)YW)}p!Z*ImAZNW+*C(HVIz=h7H=w%`HnG2SK8WDPPV zZt)AjRLrtcw2JVpV~`md2So*@)Pr~kN8b7~`;$(6gvpf+3b^-@u}jg88%OW9?g2oh zf1T-J#mgSH%n*M&r8q^9B)HbMbFm?CdQHuXdR7_Xwh=E%gR6Ucy$aclyW(7D+Y-n)%g@=*< zP%c%P%a(uDpQ(f=P2OxHMLw2Y=2@(v9-5o=pC1df6TTxRGAU>Oq}g(#S!$;YF*h6_ z*A2+&^-Br(8CGrDqlU%awAF=;+BAEU?V+cSUE*ya8MmRxNkpH$3?rv&2|JVh3FbX9 zh9NmhQb{J{tRmbCIomlLTq2ht-tm!SHUQh-p!g?L4xJ+if&N4c@G$wx=^H}4 zXCoKm-1#@^KCY-otx|yt%KhgBHSsi8qXZxN(}Aq)?YAE~1p~0EUkZ@_Y(r__-NDa! z2ZCR~i;9M=|M+$4(;8&NdHI%yCq~kB{nVOI01uXriqG(^jxU-RODQ?^h~)Zm{S-?( z+x01@5U|BBmWR{{Tp1Vax30hBdU1u;)#5TiO|@@}(GsbQm)R(V4C=bmJv~z+E^NAg zr=o}F3r)R$6M#)5{!;t*PX9_FZp~mZQM8%1ULUXgUUN+%it)1Q{}gPzpa6mmH5~g> zS&4r}7OrKyvruS3|%t$313RT$wRnu3|> zLg;I-XHI_^w{O}o4)>+A%vJ~Oy=lK)^r`t^u5K`n^RnF!;{;z!)t#JIk&lxASA5bl zat~Zn>A$Y24MAfs@MpZzmT0_$?ilvdFm`)}sofMA4WMOe|Gl$24CD{{B;-gl%1;ab zplB>*lxVI+$wZOkd|=U|)%bTlF<7}wA~$B3y~KG5&+ww>J5|&Td$tJ_61HdI9naMN z`vnUH{HVSUeJ&Y?F%MNdm#`W&3E||U>l?Ryg$eiwK{fvFijzD&hDmxKSPf@32bUQ< zIu2ql~k9!pM?&Nm>?MX+MdRr^(vxH z2|=65N(ibuji>PqI*yt%z_Ds_TJ8&!&WhJeKiEvw{p^*Ub1u-TdZ+p2S?4=ubPY~O z<4QC!Ovk@SuVxI?X|&#q$(3B48q;cUcc`y6NXelS24bq{KcUjYUjt+>?Bqz$o7+!U zhZtEvf*RTg*-48yyIK$r1cug{0H8gGXbgprn|9%gvbQP@UZ;8Z;N4V@MuT$d!!=f)P z8_ov3(x4GBRDZ%6>>*g}4eKBh3_dQ(7QhXB(6(;L>6Elr@~us{6RTF0tArHrlY7`V zU85V@#j4w?BH}tni8T8zf`8A?b&y+s1fGDtyixvb8>FCXe*SHXJIrSi@#BJot>xa- zVBdR%gHJeW&8LJ6k2VIVs%rFX8(aAvv)R4q`T%0&6llQ>*kF-S-CfapRHAEEvyE)cd+hxH$L_{V z;YXd5 zGVQ2@b zXQj-Kn;W)ML`?!7rAq(sIX!l(U-?q723+FT%avhq4F_RT6D??2awKz~#{?;QXgd95 zZ_)n}WKcWR-cSByA!K(1N>i@;lyCGrwXoYxV;}7&IKpPXkI!rEeTwyNC9~6k>}I#q zdb<~ARrxu=@d{e%QqB=yvox|Z6j$97_k%aOwKt>F(+bGccPC1kbSh$LD}FdBmWj=u#&7LUx4j!H(l&VIYkk^UN8>pu$l>^D)lIpC z)%tK3ZG-tb@-zS|x)pYiQyy+#rG{%5pn596_)1Pgow z0br3C&yBEi?a};vU7Ho$`SKi;_*}XZ=^X<^cr8&tqdW0J9{Q2glzG$fZi@WDQnoGK z$p$F7Uu4vzV6VP@f8(&3R^IMxog3B`9KctF={QKxMnVR!7~W7qt``}&E zii|40Ga(Q2*gbB!tcopNyJA@WVdwRaep{bcIr9DM&-EmItJyu*&_#XUC?r2w>Fw>; zXv0VYTLLRP1~I#WTiWI;())XzLl3coRWeDru`@$9=Hlc+BBCNiqC8zJ3ii zS1_KyDN;reNmHI(Fj87$|I%kwUA^`E|jzZ_R#+l$~wU$w5IQu7xT9%lN_KS)jp~+3Qs;MU5T3l>6=8ZJp5V9ES?eT6~Z32p3n(+IRQxhvjQ{%-5WQfa+ zk~f;4UFy=%mAQ>_E-~J?T~v!60;OCdo0B7BgQHje{@+W8%^NK*QWe^MZQ9Ry`b&@|X`0LdlZD^mFWJR< znLc0dWcks?z(+^!jouB$(`vXhYoCPb#_2kP=N;*(RbNlEmg(F=%U={_uh$_1ZB8BM z+2L~~?~M+sGir1Ozr;D7^xV)AHhO8mnrfT90JokONZjC)MJh%!pFa*Z85DiZI6+pizsm(4HeXT;BGNbfU)6u+$>t-ACL`sMR zISh^V-Kv_BwohDrF@OtMtGG*5I01dUK!HZYo>>_fPTx1qjT>)L?G>uF9kVWx-}{g@ zl9SZ&x=jX`dAIhNM>)9uz z9MFMN>86{#=4elch6rE0p~Y*Tjp#$ycdoO|ZmZMBg{@=!bz#Z*M(#;P2K&L#U*_>x z^Q{737uH2e@s}qS)pnum%xX<1vkX^!`+ZN@TrI1r;t3S(U?5;W{+!D|~v;M4R zK}{+BQ?(Gf}q8;LL(b7askc(SaQ?PUl=bd{prVf5cqB_}b}PZw8^CIzD5<2`?jT;0n6>{9aQV8+Yje>z9?w{z%g9c;j$ zv^%B-g@oe$$j%Xhd9-C^?41nk9mKII@L0I?}3zN~&istRV;xG=6iP#4?d z=@Fo*SoA(^0-vluld?bcdudS8Yuvp4v|VxPRx*0Bp>^jSFWLH zt|qrzP1TYVY;&%{E%K&hk8}Z!<2+0Q04O_50RO%?>AA9hKqffSKdR>wozi^4lOi<|3;%53#8);2HY#{JfG2zh877cj=UQhq0c&94gS8 z+gm!HV54VnJ>Kyg4S6c7H_?hnq)&GnN4|X`qVSknt6<}90JhXL(_U*uGe2&xl;#H@aZx8Nrnp3s^aM6oSQZJPx@*<;~dh0JPr(DDmbftf$#O98-_EK@J`av1dBU1FXG6xy-gNOgY*3N^#J3$9NJ|=w308arz z`O}KV-SI1R?!gUhzNd#q+|Gp$4;V))U&pRD`8w`(e#$0CW((#WoPVMej}8Bp?3f>b z{gCTK4MYFfVF1k&5(1`?MvzC7blcFsqE(p4y0q1&SOXqeH}*xdz)@_1FQplXByBi- z@L2|cXZ*pRIKu=UELcNO67uWn49yG|8(4uOL>W*N5{w2fK`YSfrL8n!&`!6RzP;GH; zQei)>3y|d+ZBabgj7&rJY^g5IP>D43PkUkIt;Wi8y$_c2qZgI>-vH6_5c24EmwwiT zB_u$V;iVmGw`IYdVi)`pISLksnM&d?4LGm-Vg%g=YF&eh%eY39R?>taoo5 zzQk*-RZtYw^H3_Z(odk~+`t@%i}%`(Gk(2I>a`7Ydt*=Tv!Am}|J>qc>qQNxy>R^- zA^T6j0dgdnBiqY^Qx}EfW{tGfy)u(;a8fY|iI$5wL0CkM{p3M5x_t(C74Evu$7$!0 zv~j>objn)3f7llv)0@?ou9SS$&-L4cPwEi~`tyxzma(odvFK>AG=*QUjqHiAfQ7LO z1ULQfJ)?v}ANAeX3MVK(d+Soj(Mr$INN@K3RF8!uNuXbDb(#5BlRlaO;`H~M(pnur zAKlUmq|mGArlz>7dXo0PX>Z{CpdE&dp0(HHT-RO!#dA}d^T31M?ZL+r;QZ%^QBZ9H zQu%UuJSMPr{QHegUC52t3ctQ2?k$4ka0)C5TSI08=jbZisd3%+L>(!%b)Cslb{qOy zrLJZ&Frl&qjm5%>-tpJ+;bSF6ip-P-0`Z*~LOe;ZJ&iU7S<2lFFUjCa7SpWyIZx=2>?VSj6p zFjHQ-O}UH+d#y7Q;qy42YakCd}ZktM%DDGMV8^ta-7A~UP`o&R*p;e#(t1!%#Cwq9% z`kNY#twH;!aSu0(V`|snAP=C%yx;%?&|_d;(jlrIeWP#1cL7J+!Rb0ys5_I|=ZB?bXYS#>SW4 zp}3yW?ONb*0WyG0NkUTY;(1Y+@z@A(AjqJ|-pgQ&%g8olavV_E@=@Opbea2J_H%4{ zJ1?MGE(SoULs)miuK}T40u+6-50X@-OWWTge$D(F9oaO&x&vg#54&e_6AT?U?svCc zX*&8H#)<`YlroSDl4CB)^veTy2t z;WyO{E(@Z;ap^U5Y?IQsC+b&^ohaRo zhK7wvSu`ZxtUcU8Hj~QkE~vkP*}at1r+7G7Y#?WGys&<^AL-N&pAF>?hw2&n;L73m zPrdV*G&1{v;Z-KN_pK;b7cu@_ zunpS$44=A+257L!YA!LFjs6|8$i@PSHA2>91yMr`R5XIUtbwA06eZAZ-=}dXr1g6w z#3sCyAVq=5Qa_3ZRtYd{5Cy_Fnhy->U2QCiUW&+PU^6ZJJl9}k*L*kO$i_aPU|SYC z3~i%D*RIR06FEa}lw891s$BFoqGY@YaK@&j0oaoi346bWzui$uC|$rg1_bGf{Z*m> zk4Cjkhy%zj^*(9=5}14lsW2I1VY1FXgsCv*Cd|l|3m+jhZGST7C+h@B_1i2xCPwMV zmkB*B)tU_;hHo9=$f$T>ZuBU6Drw*c`5^HW0CU@m4Mezh5%Y51+>$ZzH)mD@ zX%$9m;~`!6^ryHCEO1b1)Wn*5eK><$CR22x5m!Qx5mxEe+@-50lXz37Omhyzd6WHx zMMB}6jR@MlC9pJW2ea2g?9xXvy*Xu_LGt;a6pP&+aGnpvWBumy>o)&q$^@}T3)v0g&7jW8C zg44qUC;~La@mnT=%E7>dmdNq?>?M92C@TJSbXg}(=FT+*ExY#lsOIMI#=ETPtnl?Q z22}jzi($+nu68$ohKuU5c!;?Iy0%%$jzRjmNzp3er$J6;FYr{PGtPm*vMa`n>oIfib}7+oZhAY}Xs{x@-~&a2}Y z((?>&cRmIVf&3;r*DgrXD)q!POEJ?Vm7Esc5~K1^m+zBrQ+&KDkhB0K^V2QC%9Kp- zX-Y^hUJ?53RqOOMevF($$?-UU*cP=jbdRkXcl^?>k@%C-Slp)lAtb(*EzC~ZPQ>q- zv#EhjY~U_=ms`0sTBkx+&H<@QE6TZj2AArY;N55uXu)#o;+twW>6durxqGzcr^q*m z8z!6W8S+aO!PSTkd-87u-`06Vg15c@$;u(Xp1njL5{xaChZ^ZClPDj>KZa1MTr9n} z51eT1$__F;DzgD{R0=4aw@<0rQwq`MPGprVQkyaSSqsvtKpLq(RcwSN_z z(mZ|s!;{OUa<6E@x0nKgZXhCz*E{54+R-2NNziva_NrV7y;K6vcEz!Kb5qj8?`JeV zXFLa!=CO}H+a+!*jE`X6xr7&9dF(g*N4Iks0x)#89dL!#y(A!-05CcMrBum*grsTa zTS5a)AmAHTc_83(UFO0Ilhl=OVv` zB_$c2zcvzjCT8PSCG!c-8xGYyX^)+bU?bsV$D|5T#%4E@(Yr-A2|X=MAzTOPzYjwP zvGJT?J*hh({=nc6#JKtO$@}NZWYZNEj|%_`m;NZU_?9EfKmdcOi1oz}>?TMn!iHv>YB%>WO?&_&m%E&;OD-{#Sgb zG)|z*63R1C1e>ivOx&m7Ft?m|epgp@A|V0*Wv)mW9qOEYyC^B#soQWS?a4yIL%CT^ zCpwd2ueGxKA7(C%?DUBMqr*743D?sxPQG(6qz4VT0gFY$or`s@>nqbdbPTDun8K9A ziJ;0~xO**Jmp=b;L4daWzLzr!Sh|n)mVEzc!-4sP-Jt6z2n#SHIyasyNZA>R!zl84bdH1}? zNlXgXY@YWC-Np5dhAp*(_H@+*h+H4D6Zh?lTd7iZ=~Vt5`fBn!&l2!tVOJ?E?Hy3> z*6l*(Kh#F6rCs0TDcaQdEUx|0!#Ig7h+wdYq4YSODJM!KTfR-tXCqXSMY=~jkWGMR;kdayFjXdL)dzQe z1E~f#^ADrwj4Hh@E;)8<%t;8XB%ymTA0VqqOXUv$@N*|9cX-jbGqFTkN1H3<3a{qV zxFnhNBum8Z-VV1-7f%<_s1kRhXNYbHk>WADXz~~s6eeZ+<77-Cuyp*x4q9`lRtFa=u6MTjpzgZ>Bl_RX*j2((a4Sob#3*WNTaxmP3~9vEz#gJjft zY{`LC0H8@@{7=lyb0Pt_lELh03_`2((_E8P1ZYcR)hVttHf2%_FA&a--p%uY;Cx{O z9n5*npG6aLX7~XyJ5~m@9<=$XbtdHcc9rGNav7%uMCBTrvW|-Faa4C`RRwKfNExu3 zuI;`llm4WxjJfTqvP-PA*pHfd7sx!1gRoCR{A?(-^n`vWd4O)Rui;iWsV=LpG|LP>6iU@; z^smSSKyYvAM=O(%4yN!cC^1kNsB7#sT&ODtpmqWQMkd@ZixRUdoYGM%vlcNzPS%Fw zr)0qw%m`=4)fuJcHpRlZP%X2<8J)tAGv{X^gJ{lioo@~YR>F;L#=d!iNN5y4 z3hjglMXibeA7Dc(RlFtS9Q6&BJkEn6gZk>|1NJ5lOkCelE>Jyb0Uw>4`bT@^EZnf) zhgFComr9l}ll=-`i`1OS@=IDj6B;2l%xFf#!A$Kf3rg87IBvmT3d&eHi|b&eX_BKr zFJ^wd8MM7KwB@|LvKbDlPRxk?&mrT&tIdf=W#Fh)Jv*P2=9zYWwOqN$Y)p|j!>2^# z=@5bXat24#2eeF+uXnaXa$|_2piZA#q#zMH3>cCd%VAxSp~wk@5TsKdlfzNE+AM`4 z6@5xSLA0oJ1x6*d)i$su5{g^LVxw-;JorMZdlPt>xglzk*6vP96TmJ!0ZRX*`ies~ zL^?4ktz;Wa2)lkJ7T9x8KijJ%E2L`95xQ2ve)-1@< zUaJ(-DFKLq)7vloC!-^G@a>eG*A<>GYM+HKCJbD-|99gA{2rY2Hv_Uv-?TFaLl4OT zbKojj9ZrCBl%Snlfr$ChGugmHLKFSZF=m)T5~&<>SUTRlOCc&guk=*?a&3bUTBoqA z6j~7;HbFucvKs0JTuza|_%^0%{wJFTB0wQY4d3k4GTp=UmbKetfsY|MgTc$hrly@P`F#Ho-19=;AV|6s?f7 zI%Y0kSE%Vs{M$cm&COoo3feh`wnHvxm_+Sd6T$Nxv0Yq5ym}icqV*b% z^4Aq6CEitu7jiKBp`9f5VsaGE0F8#!qBVNv)l1lI9JEm}XGn#FKy@)Edev6V( zR+`ZCEAO>S!0Ps2#ciyfF z7PbWnJH93}^Am*CkV44!$S#FI=9I1(tL0EYD7ac~Jpxeku3vwqN`j76t6{|{TugJo>B$-+K?_eVKO{z#IA=;E=P@1!FPDO{p9wo6h^!u(XoxDvw3;FF} zDwvk8FA;K+)a05oR_1+0_Dciu;?gi?t7n?Hu|Xiy9x+=QeA=+bmYFZb;nE*| z%|3Q>n{qI6@o{7qCFZ?XR87rMF{HiLP05*o2CDyN{wmpN9*3Dp+~PV}g2?gClH8cA zI}~MT|CvE?=YI`Zv)kn)*DoK8aO>3H@7^wq_R}g4Xgep(H!Lo?)b}>Do(PqQ_t@4X zt3fHU^tS{UHn?x5z6Z-&$jJackEw%dgD5KOHzslPy zqRP2;5eM(S)JD96Z{nW{8DX#|+xz4HN)y}=b{89G4gGNxVGQJ2PYJ59oY>k?JL z>3Lp8zLWLot(6ky7e~)V67}T3U4EvS@y}g;0O)z1TK)N>H`pcdXH;Mtj{%3KVW*3K zL6okx60UKT$^HS&9<1-NRM{IKd5A3HyPnZL;$QGHv4BpG%_KAnd*Ts`={4=1)@j^ zsS>&;27drQLA7HCV_fHHIyd63!6gr_HJF|43C!$&gnLmX;EgR!TcC3s$OD_Xjm8)5 zzXK9Qyq^!=IISF3*5LYA85;BN&mL2TUyyGnP@n{b#$#?v7VxWqEYzS`hwf*M+_lqV zz;F8IWZ&NTw~0!W=7#hsm6fn z!(W9km^2&wVN4=rhVpfKwT>^SR>i7>1xobXn~gWZf7_$dPVc>q9yJ zwscM14}oUjYkXxhQCaEKSIn&o8VL@K-SAZ#RvF81iP|GEtHHW?HF0`4vmf;UBlsAc z9F-`)KEWKrI7b<{?~M%?>8%%vtJPR)7U%#B`|CaZ{byBi#Ag{%jphKLSG#v=r0i^1 zUje>wo^=|JVNo zZ28Z^|Mh=@KmXI}i0ohg&;R#-{QrObyZ`O)?GtVNRW@Dm*S}EipHKfnpn6=lf1&)p z5G0+ZzrRgdEos00Jro<*1orpiw<(+A`_C~5grNTgg8vH&c`)%WltHNX4f-2F;pCs= z)2bN$twH>62sH4Y^fYgVZCvYrp)B|=4_ncJzhEelK&ZeWTvSr z!Xi@}a1R2Gl7FKF*!-VV$|xo7 zkod5z^3x)>@lGB)OLSAy=Lml4y8H`aCGfx53X9@*&_5LKIN~SPnX)jwC&%2XO(^~$ z{i%GrkHAk6-Sefa$g&)vuh$tzscrW#e?c>#&)9;JD5TAA^Z|z>qyR-}8KF1WvrGqh zEIB!?V9yO~g(&EQ20IM#R*w?H-P!Uj&})L0l;(R7>FTXUeWgtXUj*2Nk|(ZsiV;O zGZPw|#CoTRjdDKhymt)y2K^WxoJoIm^{KyI=aAsBg@(3b>*%@HR`cm*WPmT5Nza){J1hodG{lq z9L#6ok&__?f4N9}Xi~=H!-KPt^|q5Tf0!UW2tV@B#TpbYm4j6;WQ*~~JA%$doyktt zGx#ia7wdEzI23$gTZ`ST99Ar5u*2pD@ZR#CLbI?*TptaUua8RGqFQ4l zI1F?#>)Um!M9>}FA^|vx=p64`@>_cnyzw~!FHe6-W0Y;nM_;q`@ZM3!L;=xF> z38up`B{3hzPq5<>+%o{4#-KWOb}cbq+RZ+6K-?R zM2>h_whw33?(RcG$mx(0v(6tep!!RE?Ku%``5hppLsD>o1J~{S3|ILc=ZlD7)D>%Q z`{vaYu z{Hr|h_wMQem#u|D#Zo+CIViWwU*8egdB;$@&aINqX!a8VW;weN->%QZK(z2@z4RV4 zS_P$J6E({jce5K)7rN(T-Fv2!+`U}uqJX&xg(js5_KWx@F?sM=;Cb?bqU5ODr^Xb% z!p!gV@(#@}lNL7uHF;A+3uS&;CZuF|?sVDO ziDMFiu_d=BLz3?_e_~I)xRu>cAtsB@>mP%R^BqKrgDGc0I1pIpQHWw;or%N{D%|Xe zPm{YQM@XAn7I=R_Eh|;Bz`SKCwmQY|OfCdz_Iqr)Pr#d0CS5ti?$a_Uo!pNt)M!B0DD|-x*w!+z=plzgI)?MVvJ%TJD!FMp>gr z?gx;0RjLLlY3^AN&cyM+q2JG3xK(K);)-z}%o4ur2czUZ#Q{k23ZZXvIksGIpE8@XE;d|+;q zZx`LMOLbH4^Z|EjQpoX@7IqKvzG5KWLOaAFlMI<9I)#x@DV?NoMwiXc{+(Eny}4Jn z*h)cq)9ckz4dzwL)z9Rc+^crhL#e<=@{U;1J%z#${15nAHe>5K*zv{4=K#fH7umYz z*h(_Ae~jD_zg6K|JH-|}a2f_2k8|T=4CM!Q&h@P5ld10z(v3%FmOv+RHE3AXKF>F% z`lpw0!I%3U;juzH%Jg)dn$+h4_v>Y{*72uG_Y<`2d);+sPxLbcpphW=BUcy{lu+{6 zc#fQRkI;plIOHVtWNz7BBi6ekwSMuBmZu#Sd_p$(R$WZ2#o+xs|1}y%Du@j?KR;wr zHEnBGW_QZL;iPIdpf0L>%H_2mR73m^BAc_(vD@t;ny})Zd$46rQ}nubmUWZSIdMNM zaewq81Zf;?N{l)9%KA@fFrc02JUilpVK+N?uninCv^zHh(4;UF!WIr@ab?o(7x_qG z;V{=pqO?Q+9hb92#=)6zTxvnm@@cz5uG%hC!IuMc0CK_sKmIT5aaH7?V4jj4~ zItd(B^3Fs4iXPF^+1!xle8EJbA?_Bwr4}_>8^s3A@3+jllDE z=6NHZ!t$7Jeq$SfPlS}Wtg_h(C-2I)o{+soF+p*+e_Nt~ap0}R-3P-|iAv_ONJ)A= zt#yEf8&Of|kHVlm2+!-a6`_c=UtDCLE}yZi3g^zSKr>)R{rx>$A)C&({eUex^y&8A z@G-Mo_-LH^!Qi6th=y*U){&%r2bHo(LuoQnZg6C!Gbw^Ze0+xGqL!2WzbZCbSD%Nl^DqbW)Wt2KS3mX<0~O=NJ+KT#M6`*WBYqhJaLbK?Ep+CZ1qXsMy~3D+Tw zc-&{<(Cq%$@caP|9{?Q~H0>~5D#6w>$vUX)z`|JdvONjXcmjmh&)fEHI#xUZf4&%p@V9XJMOi>)?oi~ z!@ztHi#L|fDD7x15GY)6Zu0S%&u@Re&+6HNBY=oAaMFSD6~;|oaqyIyevtTU8IRjE zkm%}mCy)|V@;y_`EvhjMaLlX*N3Yu)5Mz#3@2BRvsUK|4DOm;{hDEobXC1){S90s* z!ee_DBii+DLLB*W+UwdkaF}0HUGGy!cU&MA~Y!W~ObQ@5iFMQeasY2gnrQ|-tW4{CO z>O4C?xNs3t-%mE_;Wys`%vh|$cST(b(|PIU4PYs3p;D^c65g!b1#CsGsq`MDY}cAS zwLGutxamvpHrCVMssg3U7IjZ70Tel%ejm^}(WagM!Bp2@`TTtPNzU3j8TJ^2AlhL# zZK;T_5a@?}lIPcZ;dlraKdzFy&I^7*iT}!;=@U+4sb;*aaAL-p#dZq zB)o3WWlBjmFIH7(RYxF*0m%*U~kqr@P-gCUaj_a zA!vtaGO28cYI&0VSiJ*P0>AuvP8-ZT=j~q6HUI(uy$s%DI^e$7im{8@NTrB33gYnh zzMZ(*aOLb;%-nMp`3srU$2G|XryLy?X_1p2OjxVZ=vupifG2pu!n=1|1^`Fks*4E> zGUG4Lp116taixhgTyum7*NvP|zp)uVDumK5Q`My1ED7NTOsnn5#3vv7ODRUap`r*Z z@{41ct5QMM{CYEUxB;?DyFL*_>NG^Isr<2DxQbyK$a>i*zji6dlSe~HLQLQ1x8y+% z3}l?#1OD~~7Y<^pB4EeO)j#!CKQAhTFK{uCb_n8ifB@~_AN~y(g4o-2;^2&B!ShVo zAc>u{9#7_aB5>Wa-Q*km5K?^mCF^lgkH1*bL&*BjtWG43=|vpGT6aJx(;5KagheUx z+Zasx%1~%AWuD>oE^aIreWS%;J}!pLkh(Q&7c^7lHyQS2@T^Wl9r77Xu7;oUO6U&r%z2vK=EFIx!e!qs@Hp?$@6L#uT+O8ZG8ZGwKcH=IPcs zrgg!StL40weMOKtmNY9E;Nu?$ATONhkoQ{DbNnp={aX&ViqV0#!Ne9f%5^z-C zEl+HW zc1iTXF*BZp;yH&hykO)aa;nh|Zlitia~vpEY+7}k=U1()CNO)p2pD_5KJTn-LP9#8 zbp;3}Q?Y|>&O0Uw=Vd;%gZb<01Fwtp z_RiOr@9{hrU>R2AvhMnPg1i-X9UJdZaTG8q6y@( zNgNDPY++9VKWr$+PAT9g`Q?4&UrTY1r0dkdNEOQ=p3Bd?A&#+Po*D@t++*vI_v`6- zHuVf5VbG2_$!#k-0Ljq1K7_zwHWyJ^33vvfaZY*l?JVSr>o~% z<$UO37}(C|&CixK{iTONjBZ#WIs?JVZ%`udCZ@hCBkn^wQ24xN<2#o!zz{npaLRFf zPThjWVvTB~gVYQJDvrqWNE>ITtomHPIh)BJVS75R3XFzmD!xmxB zx*hP|jl6AwV2p_E(vX)Y6amD10bMOnv&=^w%5Xow>%?(VIP$Dblw|AyPhcU>#}wDo zo`FKK%aY7~9+8Zzc@x|c$1^B$@cv?~G# z^)*6lPLJjJlwxha=IKhmahbiA@eZ{KGjThmeATrc<7VAqoW)L&z$gpCv?4RK<+EwB z55JSgws%bw@T+9Dy54*$_2{Wpi|wDzQ%^O?Rmv4#TJNq0#wYnV>nTS@mfiMxGnAF( zuU|0pWOE(R6v}Jl3a2k=mkA@b1^@`)xee6SSn~*`qzs#G$@D|`GFMv zBPPkju|{k9ETWR;Yl%`(tSAj*ssLrx5!3m&DD$WR_OUAkhxY~t#8hMbjL_EH4Cw2I zJ}4_lK;MMgm{k54;Fi zb!FdVyYz(NnZk^1s1~QsB*0pj`}>wG;12RLaqII(t?V0he`<`%EK%2dtR_ai6s;3( z7%Gx6_7(Ti1?+1r0E&&J66;V;s)4p5sEW3aA{5{?{d54zf?D&sa$I-MdiESmn2X^gY0rPkVk$!**cGPL9L+a!y}= zS-x?SuP?|Wh(iLj4?*+I;LTf`^7Hi;`7!ADO;W5KB<~u!en7N~nCG?2TnnFwflWP> zsLr@ZBhjBr@rkU}1wI{0B<1j57YqwRi(Y!GXpaZFGxJ#K4?FeUj2mD*p55}hB-gaaEpaWB*P}8Y0C;I(^|m4(h{$-$ zFXZLm_;^p0ax5H`7VD`#qKrBUMXR_pa)T6g|UXOJK6{{_B1r6e^3=u1L~i~yOh^;KU72C^7;vQc!EjAndSQ82`Yjw9{*#2 z;3QZ#AQ*(2Re#?`E;gD%2ZT?=dI^(cCk=vmg+)*V>4ZktYbzjX-Iv9ZABY7dc z)@FSGD36&Q36P^O>?VE(5WQq~$*E~Olk%8XLfq+rvJC&r&(blXH8{jypIDE{ zM=9e3PPFKjRKOla+3}mO zw1udXnoFJmuSWoeQ<&%5i0v()X?}#nuK|e^l8b6E+7Q5KLfag5*8?mikM?8JG%&*g zq+VT%xquwdKD{dMstGec6qKGAKz=WK)mkoqrYeKP>Iu>T&y?j(ZcD~QX5IOl!BID>gb^A|KliUGrQn-qJ-`>tYKumlhSas#Cy09cK@BY-QDJL1npmiA`vI4jcDiW|*)s?+~e zX4LGs#nw(HrvByyZ{*>JL6s2l60$XIgytd|kL zL2O1Fcwji8zp_upS#jA|^nsYG@4@9jxFb*dHn-TL<4INY#JA+@LLCSzfC^LL)M0cy zSh% zrljV)#?c=H_Z-)gud5mJsQbvj3fq1&qt_j~FRc(3QwBU*r^PKY`>ZEi6^kFm!+b3V z)C9!K?Zq%H;?9TB;TZQYr|*Lz-Pg(L&SOLBBLyh0-qglLp+!9o%*ERwN+~oY_?(VS zx<~!t9zm~@vzc7t2{v&$V*Dys`i|AQE zHE6!bK?@n>ao#i(`VoPO%D4+CW%&5?lr$wBGhQg)qspvK#4of4T9Ma_c`NHg&?-tP z#bt=_KkS^9FKkHFi%@?$gF2)fQok>3Mp1h5)aXax<+pfL)F=T% z3rL5$Fs{|6nNZlk2&8=T0j@L+CWNVe!_yiC1M`?wX-(+(aS1#GU9Lljl$$%0jQd$z zWuT``*GAP@K5r7{@!Rt&YEpko6+~qN(J&t`fc0&!eLg z%@J=lIF`P~EN!Vz9AY(fQ-lGMSt|zxiL`HW#NqVQKUc0`<9gmd7jer6-vi!lNSR#q z1^xu?40`D{gjJE%ZqG*61tS<~t15YW;o7?MM zDZBySK<))-*Y5{y)H>RK$`^2&p~69vwm!T;evaZz?PwR2$$Kw9U=1*#(x2pjxme$@ zFI=}4raYbCIisyb8`N+*;90j?&VkZ z^q`0$^efjYv6N+n;2%S~Qo&4<#2I>8J6ysCJq2q327d#46l5(eMG)qXvdl^i>D^Ki z;_XxE>P)35h>{P2Y$=TzQOt;XqwSya(~L)!S9-n=wn9*ZohODt~??uB()SY2ol2^|zISK|CyjTXTfRY#3 zfSy_v?1Evq$ljXkn-0fH&bPz#g?*LLkyO|3*cd~ZvE_EM&|`Mqnae&hoqF9r%y^|P3-LK@Z0EM>VVq&I~#5! zNL)(;=>=P!6<54=L>p3jwtewA_+49G=3tPm_&p?7bhZU&3KnpDJfdx?>}d{;H8fif zAj)D>dbrhoITS!8%Qt!*&P%ochbZ)7R(sw3rTS7+<}RdX#Irw~5FSvb4=-TO*i>q@ zq`ln}v+(QXjM^%=h17$ufjn3I&FfiS!%<*0SMbS>3;I#)OU=svX;)b+=qvbxA&!JFFjm<5>7*=;+@cL~O~KAmgnC%M4iUkoZmMk_oU3FSU(crHS8O#IdGgr)u1&T^J2-!@=-_!8eJM{>!A z`=~X@2k0Aeih(X!&s7;ZYa87(1?d!_q$94GbTI$Nu~5?}BK?a8)&g#437*M+!NDf} z7!C-5`ghnCs3t^|SQ_F$bi>&uku{0f<}-bKa#Wx2=6H+tELYf>PW~1^APZ%pWZaiF zg?*{>>nOu^M1h(jelnEOY3t*E4Fd;`{)E*Xdkw=VwMqe`dSuQWBea8a88nu9lP{XEcc=~780mxK--iR#PaMv7f;ZuPQD8%T>~P{7({O9iSbz{@H4C`xij zo^Aesf>T(H96m1;Z_(qXVVs}cXw3ZvQl`y(XKor^!=x=*7Y%Cht(+En&#JszR_EWt-nd#c00JPi zTTRw7Q5_}tDa<*n!P=lYD$$YrqZ*Ds)OSn`25BB@C-9v{^wz$Q7F(%9a(GRv{HptVw%e#s=A&%QZFt>$Y zLwrZT;n1i_>fn-ZOp8}a`Q=su;v+z2!YClifvp(OVah;-K_DucDH^~LL3Dlqv&bs; zKtQnp`u96(Fkm?Y&hh$iDkDvw8`WJnQzO^#JC~R_nm2rA?K`>dqW|(ZxP7@f$i6ep z)aGdkX$w%sgizO)im`xAKRW?Is8>SVy50gA-35wkJ3#!?I-Y1iYk(%?Y; zyTlAIY5|Seo3+rk)1rhJi~=J@?Tu7|7wyDypV|+3n_n*vyLEwF&!o*M zksD9KAtXZdbKTB_NMC~{C`{+}X%xRSYAFqU-8nsnu^R$6rp2j2qA+?#3KNgffMztd z31-lp9vXh!R0{0Ykd-E5F7Z>J&8P8mE2832NM2$EaT1?fuJoIGSASc}fD5k-kj;Ky z0(VnpP}U?9vdN2vAgRv)NT{n(&6Q*WjvHU18j~qOB3wTC%G%lt^x|r+#RtYF%-0L> zBpx@;5V7qCD|nQ`d-BAK*du&d`T6$9LB{?fe+lma&Eb~DB}Pq`fQ*MtHx!5f#W+fS zm)Bn~LE#&bfQ)CdA5~tToqpk7;cL^1^UCLzq@|bjEpw;!18|uDu+_=(7v z-Mv}6fSAtq;;>z!VLrZDQ0P7!uid=2jsvz+s@3zr(+Hb8`pq@n5i%xUz6C`(u<-$$ z3#7b_gI8!WROuM}F`hsck;mGV$6wCg=f2~}S$@zT>3V*8RDz^u>kAuB=9Zf#*?g6d^`}p1Mh-z? zB-uX0r@+)&_FmTsEpmwkJFt<3d&+JcaxkA*e7=z~seh%Gr70gr|EJ7nnoX1oN zS%D4&443eW5OXT7+VyqYK!JYMON}Fn4axnau5SR5;Hra*?KK)Eoncu%d6$vc2(_vm zo&fk{Sga6l8#S5YEWw}&lU_t1vzy>V3@$`FLg`ip8#-zU+Dx^f1R!zL%f&>Ks|Lgh z>v^$Q=9n}7e)5Es^9+>IpqX1-Kg+N4&tpMZz^#KEz}UO_%`qw1_~6{K1TW$`;Ldlq zUV)bD1L-Smv2HU%ChjE4v+=W8QzL5BRxu+yBCoB6sEGr` zK466^-HKrXh$$9wDP`4-=?&;8$C4L2z_bRhXJvne38imb|M`L{Gdj?C{V8JN{xz^c zuvFpuU@5yi^8#q9TX^SzB4QJFjZW1|5a3eBlR5yJP;8viZfIL|=qVsI=$+$?B0bE& z8RY;aTJ}i<-zzH<^gs z;43INzw>%o`m24D9$tgBweE#H`sT!kRKNML_58pLeLRbWMuQqeG4zMK%2P%C#0|K8 zaF!1091gc2BxE=>(08X<1lpGD>XEth{Pu&BF-8(@S0VDv%*BOq{Hn9mWSF6Zbrl zD_{*T9q8c>uVZdQl)!?HPTL;qkNZ0aMYb>!h{A^NCVOZ@yto6Za-y$F0WjDC12b6T zCTIFGL1yuQ%sAFQObY?ALW7DiUkf!b1Xclh@OkB!XrrUz^g)OR8%+!WHMJ(nj2iVA zWym7cTa=}X;HXWX4{nQ*W=}Szfl`*%jk|$^613QBkVwF0LT^CMUxaW=43d*Lp3P zDg!taKJp3p6>tMjF79@W>Sqk07ml8-RG`;If3p~_!7we%<=ayt=;6p90jIt9{1t$f zRAcdZ$s{mBs-ILWAP*=I)H_b4c%L!T zS0yK^i`7+!S%Km1fw%bv`WGOS1}#iohf9MQcdfqxJU~>uJ{Y8Cw^4W8c4t zM_ur`*v7S<1D<*?enQ#U2lxZFMmY7l6=GM22gU@xb~Y0oH%k?8A_L+nKS&e?`B{(^ z&2+9Zu;<#R#w@xMYA^t`KN#`>@rOphg;$KLHx_d|8t~q%G@lC-YT|e*UPAkHkUs9< zJ}zsP+wdlSGi0U)!tgf*w~+M(JWW*uK@CSbScet_zeQc!6C5{6-IsDbGuuhVM<9%y z5m*C|{Ee~!VdsiV2uVA?ovNABK2WUEg-QBO9_vkoY6`XWZv+bv+wrp@4s0HLyAMZs zUoZX5HsJk)y?}T$1Coy9jJbvyjo*}m&6%4iJkaH^l7RW&K>9WCclw2p3WGHcHLcCw zvmQR(rdrn*HVwtveO{?E4?scw1Nwt|&ls)H_gNI@QQ?QRg*$LZbkp&|89h13#oykK zYO10Dx$dxDyt1s`N)@nbHi!9nas9{g)q$Mng|l_m4(-_dlB)>T+7x6z0Di*6A--LI z+ZO$zT4|eFsJ>3rZl<9*r}mbsgfYa=JfSe@6HeFA;Y9yIL1w_S2z&D9?6)Enz^bozk_JT^MPTt47!z!Tke!fzCZG)R9q=;IG7b1@UCJqs zv;;jAo(()$=y!yf`lZ3boS|bl3;|iz!GA0X6ja`oMuIItKQsl(ddG!})7=YX+aZ|m zp6{D7nd1u@!HWYGqT7i$8Ax~}Fo)Qna|68kDLA>h{p|jt4xf0dU{)Bfm^a%P2_>qz z{JK~mPmc!?A7-E_q=iVJKTzlN!2Ccp8oYr;dpjFTVaR@rS||WElJ>^a9-0OWHHQ6R ztc9{A!1}w1ejqzyc~*)giE@xK5P&+GjPHjBa#2isql~rNjT(5GmSLaLLb(&Ds2_c> zuun4+V_6+teEE|zRG==)Hk{0L-fxvK$-{#yVaPXcw%o=Y3zM4wFO4+5gqbKVma!o3#=_IIG{wxqoxwQHpd6W z7#3M`4U`)ESs#D0i2c$q=w?4z!iqu^wFmaJekw7bz~o7UFkb-W_kKsl7XT zB<}_bZ z0pv60{f#ytXUy0Y(c+N?QY;(5!1uI+ETNe$zwPLPZ*{>BFMxKttbog6SC;~j&mW+4 zaKKp_a{7HU$&5EytCEUy+!PM1?(_i+R5*--u-`r^fGg*1r!@xX)5km=^P%Mu$}+g6 zS%%OfgViR@y6hS%a8fYQ8umTI`vaFZSQCLrVHAcmC}U-{>wh%8NR;KaGir-bC62TF zjiDa}Gke;(zWuC1I^Bn`j)KBS<#0dhz4_oZH^5`iu%Omp-Hr?ck%cd88i|fYAwTEf z;Z*;enRJc>Afn!&Ia{@9Oxl^k*m_i2HG!=y_aj0p?RKn^Du>n;-l z9Ty`=yt(pYb-jbPpgOco@~mdfrcoXc475-w)hc3t1+G5&d2)M*;0UVGvq&Uixzv9i z2-m`22o+ zCVOzrwAM6z>Gjh_ROdq+DE?~9$YKk`Q+C+Aema>!g2(cXR69@pb~|WJ0f^qpu9E}H z9N{@5_QyWMN|I_jMOV>$?O+SuDFf=!TL46(?gloApwn24c`*rG@hilZfirpzK&2d9M}R;HeLu@A1fM}k zn|g4W!t6lQ`R`eLtq1l7L>@Hej#sb-Be8y~ja1*A*}=+1W=xfnMxvtDzXJmIKxt^G z&y!38SU*tv^HCg?Cgth`#UAzpMR(?j!J`>Yhx=;OWl=DQ!hV{o{czg(TOv9|fK2D) zWQEvT?TZ{C0g{OoEIbBx2hQ9P(tpQ8bAOs_2x9vznNh)v^Q7?Bi_@Cn+!CXN$c2<)lRKcW>gOKXogEAr?715Ow*F7*%1JsJl0KuH5# zxbpz4$^z-?OU-3qZK!844`b4d9&3KDfBd)XnE^D3%%?G2{5f`f+I<xHn3Qbq zwdCtw1r%<0tOlWz6>QL6eiZM-TN_;dad|>xezas;4ZLoA{2s5IU(rD#x|5vWJy<>W zu~o;>j|`x~w8px9+hoP2ulBi#SrvH<)d`?sS6>F#iYdX?;U37TaQKr`5l{(XWX?5u zVrK@(nZXnbF`Jz_v(n(y_ETb1+m;F2>5yBk(k^P?^wN~(PfvWLr)UQ3MZ1~g%n4*0 zk?7!hMDBK^CZnL-senuXOF=}U<=72=?m!7**>fGXjy}7a2Az|D9|;MK@rC7&crcY^ z?=-{#a3i4QSmw-6>n5PhgTNYPGMV2#@_`QV_tO$SNVE&|7YjHf7P<)RE}v76Db_uo zWf8ZS&p=sGlpja@z1_V5CZ0v`7N}LgzzFZuZ({I^8G@%cfU**Thsv$Gei4RI^OjrvVM^aRGiPQV6i!WPGQdbjerXM?(aPKDWm-~j)%ez*klGy6QKqTUazuuj^-YY3OB zTImAg4Q_aMU@QZnKuC?-GeYSix$}eLkkw%YUomU*5B9Zvn=d0E&XBb;S+yF9fjBa2 z{U6ba1ILDc>O#;ud7Tpfr$MhScw(OhPHTZQAC4u~Eu-?HKgT7p%^28t13i|3MQTlkG??MOjK8in* z|A09NmPHqF))|g;R_Zu+`+X8tq3NIZ=W+y8E%F(E#+|%UEnE&N|Rae zYYr5DGNI{$fB_u{1%AIGWmrG@!XSvU61LTl)MUB3fMI5Re&p_Y`xeBW$xXFF-*0i! zdv5}W-JmuyLKX-?F)Fq+ul_QkRxOJvc5xB9gF<>7EAt@p+c^=^c$k6YR%(d;^UlT%tS47G8VLTF_CQmwL#qO; z=FY2j@T+R*VSC*8+d_-!ShQ*9Aw(VZXyGBoUY@g0JhRk?Z~PeRaNb4uD7EVO)d(gu z3*^7ANgX~aM;y^JT4E47sHncT0w%C9q{n%H%8;Q)5WeEybv$TT?e&5DfE#7$3M{;- zr_r@Rk)DKAtVZFU7�}Nk8r`P^&dciDP!X)WI*CRBHnIA<@h3TiT-Knu~&M8-9^gP;c>?6cYk`s+Z1S zvtjW-$>@vVmm5fI04a{Ztf{Cn`L1M-XOVhEE4-O2DOkw+A^sal*R|y+5<`E993H_W zlQEe$V{$MV3|~K@=bYZzZU>B^s-%)`DB;xZu@7kUJLK(${JB;VUEQ4=Lvkin`Jvi? z7)yS@v*M`lyFdoVq<5=nLcRYQSWiPgc_e?Yf(hpwR<-rLt?f(re z;+z`@XHP2@C2p18o$Mz(k2~B}zwZ*_efIfN0|F>&;MB!E9X@sA7OwF9h*`T{UrDwgLf=-CCcEf%}*%wH(o5*su&lJSJ<0l$#hM29GbBeQUN{M8;OJd zodi@+>s`r{O9KX7u951NmjqxRpqIIzIE{2l=MB=G?8m^@`4pYsr}(5CR}H+kTK#Q{ z``Q?^X3_f#z{`FYbcA<{lgghlnSAWTKRX!Ek8cES`d#`dH0S{F?|l)!=GE{*IY#{? zmEZH~kIlzJMqmLQN~Fu@2(tMfY{T$(_vkIw_{xSx)NShrML7J{&y)4mVvVNvtMGg- zt+ijWso%ECtfNxPBM%;mV0!H1y`y~IYaIR{hQoXSYXtD>{DChWUco0@O1?!UxhjBM zd1zI84DpKuwSiCgLa|5j;dNqR%zdIOhH`*Bf*g!Od%KeXuNx(yuPJi%6X6~nB)if} z{4G?+E7cMeKkAuNpQ74cZ20v}vw{)|kKopRPo|*Rnd})hfVZ1$lMs&gczHxne}|u& zhXt!<_f>}4P9$gFfnCt#(02ToYInAID5ro$O{ciCWd@e6VWXoFB{B;L!UUUz!sG@z(nv4 z$S59$6+Oj!Qye;uWDg9z!!3RHhHpM!?_Rg{px1x>| zxeDxgfZ~9ASk2Dcz!Y79R@e5uV+GtSQ1dt)S5Bqs^~W;cn~JL-xInpL21NplbyUv{ zwXV35Sjdl%DoOb0FQ?-igp`rCbWH~pArvA$2prMvqa*GW32Hbzz{E?XFQ56Nf+p1+ z`6=yQX4zlme(6UL9F{kvMUmXYY|XT~{CEr&Did=;F~wG5Jfw>(jG0}`X!|D?L7y_I z5TS5zDbI_MWvhDv$gt*&0!A*7cz!G^gQGcrbRB+6lZ*py+pz@)9;*6BNZ5qQ+?l?T z;^jo*0jX_Zth&j{m@aeK6>cV$Hb%g_2JwNWWlJ2fyT^Bya8C%Cg?&H#e14 zsv$tf9Ma7=2k7j3e~GeW%xw25hCsl0Dgc6F8+ya35uXtWx4)On@l*Uxe5Il3N1SxS zg=cV+?@f`R7T40)0qH3hH5bw>MZyCT1fH4g0Wuef-KslZur7dP1c7gWUP6W6Ir)8k z+0)4HGVBPyuk_;~ZLeUvzZ7e~$i}{_ozgydE<94!P|8e5_LGO+aq|3!Gfv5b0;zpR zxoFR}AI{#W4=LXNYMZNI`osVIvqS;+j)tf1D5l&~4`{rgMD-l=bo_r$?yZ2eLBh;u zs};i^@Wa?P_J!5VLhP5q+2)-$z)!>z=I`DG{ATfQ)(%bNt(@s1k#_1Hma zX@xH-?fCsn2wy^C|Ay1J4mrrZ!QZe8J3h!E=2;!?IB{Pu@>chg)~`a|)1d%eo(i3# zNccUWD;6n26WQi{S!j}Vm&^Q|***~CY{Nr;N6$5&df%rtFamR5`RAV|9&nA|cR0D` zu&6dXzR!3t>?!onY-lQw=7I+xm3WM?809a$6vI1x^FR=b+fmVVh-Zr& zhL28iV7z}hA0V*ZbmgD_`xL{A+UCuhiMAToLM5h{7xD_oxM)sim7@p}=Hwk7;yH{ahR z_fG%>SJ_g`4Vw|To^RcQ$Szk2y8A-IA(MV3q&HCk@BDCPQREXz1+X|?9?ey6iD>x& zWFnHzZXurxYxo}U^^R|0_Kg_mcvXQ_H2|0%0Y9Lf@X80&tZHK3V+cOV*=v9;H7los zLgcQ)(?-j{zZvt1Wm(zQnn7xl7A#60{)ihF^;Qa_IJC^dt`#_`;(eaq^C$I6J%#+k z%NL`D!t}kieI*ge9N;cJrRBan4@%EFC?&I>!d91Z)~A>#;c*y1JQh;|w19GZ{yYmC zGD{ePaDzeqrM~X07Mdny9OvE$f;ysR@!R6%%8j>>V7~-l!CXr@L92IneVk`DM8SA& z!5X4zMg!(4L-m-CXqSy70VnCvNN_EM4ml;|`!4u~ENVAfp1-%AjO}N@=&Wnpv==OU z-XeZ>p7#YW%N9uHxU3#z(HFFBc3}Bq6|jR7IcaCL!#e>NM-~nwu_w(?RPIHNido~I zv=VHt?q~R8UybGIC^$5xQCNmMjeNFQmIe<_GbIAs(#HlE?EVG%m)ZKbC--$qD3*1G zqLsj>u1g_l7ycgYDpxKGzsLKFUvVdltOeKg*#_*lLQnqrN|u2!uNRy?P~d{ZSo+zf zysM+gbA8^MxY(8io{a|(M%w8GDN6}w@8Qln@MM06m->xc8TneiqA0I4L@S(_cC+4M zc)>593TF}AvMk4 zEz+1G?9A^{Ms0N0qc@o$%F1i;^CIfn>dS)+0FM?0gr4PYs3O2^FAR=U%^0@%Y8n`T z4NIZC#xVf#*U=L`0oJHahYluxzL7b?VBMnm&V$FjJ9z>6os)^G6~XETBa8Mx6<|;b z0Q-pz==5Dk|5dOAo-6-K<+rpFFM_@tCTp0kKvMq1(Fe7!1o4wl5{vs`K^`~kEXhF>@31rv}5 zH1EFY01Iy2t$C|Jo|)if1(RqxU;O&-sQq5ckkU1C?krG!by`Bv)|cJkPHG=y(xMAQ zXbJY1lEl4A(0%BVezVQydqzz7x{t=x$)fIQDo5cl^g~~kV$5Eh9qaC6lC%^?et_z2HnoY}^=jFTH}`Xbu{*Kd6*)3G^tA`TOu+Oc%@UmE(+_cq;Z8kcaOxwcNM-jq-c3_1TxWFXdbm z5(98xfvQ186(kkr(9~T4W>&imMGE2>+uOYJ3JM3{SW-E!;w=o5kV?fR0-~>Vtxo42 zTz)>$7}~qQROFQ4@zLj51<-iWF>erm`yL&r*TUt2-3S~@McSekKFA*4`?Cb8?Wu3% zJERnN!wP`Ub$q$k#+Sn~-BXAmv{HDfgxO2{oL{EQ5+AA`!vzKIs%CfnV?2-X#)aNX zq!1>LXiwN!zcaS-H`M!mQ7z3yXZ~}QRqVg6Y-;u*;sh6icQDA2QAQ;|<8+|VR(VkP zYPfe6@`PvcyeKN!exmn1f*%=_T8S=6*{9IN6QJv)4?4L9lro<%(|96o=!8NdJ{q^5 z5fbm;y*2*P_lRc$5A<1J-tqaTf$WHWg@e|=s!KDUe$9aJpmENyvArIT%9g!PgCxLQ z4*l_)u;Z?bCL9FXp*_zf(EHs4N_>Jw0o|{CMruBkKrYXOR~SD1u{J}so?r5D3mHpz zcym^y7I8k#wG6PchL^49k}ib~q8ax4+q2`rA4QWBtd^NraIeesQ33%{7_l*?SLBqOD6XafrxS^Lhy5BA_2{2-#Vj$*86v# zjddpZ@!%I+s2XglP#C%Xje8-bHS8Xo8@Y^?^(i*;Ve-i5?Ll)Fl(lT9xMqP4h_%YeH6$P= zDeGZ++X1pWl}!bD5gdR@!fvVs)?ttBgYG3TXl^zRySUYKtK<%gi%d~kqC#sQk5QA|H;@p7`NE4$ zyqy{#wBUE3W@ph*lXupAp9?O$@Mv;iEFVLXK)>i-+6d+(pv7D`$vv03y8fxH|JRLS z0#Ae8j^uNI%~#&!oy;Df(>cQ4G7%N?c-g>=!$)3NQ;L6<{y1s{jM&=Jq~!y=6Ba7Y z)cJl1HtHry=42p|*v*1Qnh^Q6Yh~+GW*B9E+&4vOKZL_J`tZXJmyYkn6T83YIL%r7 zQ>BM}oJX_C)uTvQ19Y%5=oj)%N~@s+t>&3F$>W!d&=wwl_z4oJP*kJ11rF2a->YJK zw&iK#c|wMBsb*bhYKc@!d0`;c!dg^%Sw;6t$FwH^ z5rD<&sl!l)*Wva3YSsDzkMg|lGtc(`F18`Nq=ybD0-@<^fIX-V{PU<}?*z;)`vo+M zdfzEvUQeK3p+hR+R@L8Ddh&J_>v<3;WS5G%6Jb~rdEs4LLQ|1`LPz~Aqz=5ot^_u$ zn}Q&8;qKolrWu*I*PTxQ8Yb9S$}iET$5)C#7yEMpo=dO}nJ&c-$XAJ_gl4E8K9hy! zUo1{n)#4^ZtZI?I7t5McjjBHvm!ZciIyS$aZ4C|$WOUqLJ^jPvx|%XMb5B30RRG-Fw-1fVj6T^Xey04dB1AQn(l*WCH*r?SlkySQR0z;<5`=Hh=<1az?DVVAch=h{KS1<> z_j0jReVO!%bG!t>%J*Vrf&T_37!GS73011-{_<`C|4N4FtO}n+f9+f8NMgPlp1w2V z>|$pDs2#qzc*Uii8jg1!h}miYnS|zza8q?)noEb3yy~o2*%-s9w2GP|0x_pUoH)9^ zU}hp1YFYHpPrSx&tLI1khB!v)*ytno#Qxy3^_ozXWw1Kkoedi!ZQ_dQG?ZI(cG=4Vx94Ujc>%$_zy`Yij_ z00TKeL0M+0$mC9mmw+kkG9MjzS|8ahC?^gx{gK2&+P!Q9woP;N7PRG z>IE_b3A%N&2|J)E(L(5Q`uR7lC*5BJ&`qTckV?hH}^|zKqaiw`2^L?R%KCgv14!ZR!0IpQTr6__a2TGU96puZ= z)0p`KvCQ0}HHv`mA+ari`*k&INvY}&6ZpZfBzvrj`{Lj}=Jy^x9&-=S zPj+?b5sSR25vEHd&W&2;&3z7SM|N@deSo^sy_9`h5Ll!q3(A2b^t4kl)r@WD)7^Nr zX!>Ft%qHei&&XpsrV;r7FSw7+Un@K^^I`(r@jz#9FZ(5;oNccOnW%!se7_^hn^>rb z=9X#L3ozHM4kt{Qmylv)c9~^i!mq%uuv&tGrBj+wv*0!?Y<(9o))8b9grlYtZuV79 znAa{IXcEhHJfSw1-B97PJPYg2;wWSraDj0FSfZtZY6EZHX^mB3mWK>cn*g0SvgWIj zzK1K|kwLqS!J%Q)QmL8hvViX8h-o^FA{=z^9?uDvy3IMBjjWE2I73@-{oc_GFD;bK zD|~y4peotkIqSExo)^U7Q=*v%3X;h1m_?C*(a6@LMR zNyq=5pzlJ+d~}c32Mt`DCcl}eLp21CZk23!L7K(;Z2?uEt|KT$BJ zixJNpRo4%FQ7vi&>D=eNsMA^VWwYIUl7i5=Y)<|xXmw4s9WFv9eqtyF-rpqHKXYi| z+Hd5%G(31K_nP94f{b<{%b>}h&e00LZHERM>VlP|7mm~f7oY0)|E36gy6kCNTQR^t%sT~A4lzd5dg#0Ljw~D zqshIacmk#6PCF@(0pB*yL8ZdQJD)WO>~WV)djEO=6zODSL=d&+Y;~pd`yrIu z(Lzq>7~;2G5pNS52oEoje{bVzeA?9q43v-Zn5sW9Spzzft?soChOBlAuaI(KG*sG4 z7V3)npx_@fF4)P5-Gw-{@cob;`St^K$VOaXRPy0{Dzk#OGHSe=Cy1+lzg=B7AL-*) zpGbg@-ZP0xd`<~*P$I`K zSI1tUL~ZI1dQ2_a-T=1x@Q6cok-Mzy*vT2(^^k`Pg3LnRhTdE9?2HKAs|T%n3U($E z%Yq>WV|rKcB1)heTg?xe6wnF4o0AW=erl^ceSLJPh+!kI>SKJ&5?RnhN=_AW4_oDc zGNVHOfbYq`T_Tr=-NSo!v?hwE+9i%f51SR``XK#&e(PlSV3IFWDfR zmjIho0a(_NTUcg zcxdE*+Oe>*JwtzQODs#&XhT$9iB2+$rV7(e^$ybjJMEz5dplTlVOZWZ$m(&~&nT3}0eYiXDw{F{cz7kGj5r|%Wiw}$@( z9fWRzfRg2)$)*vm=#rj;hhJoIs2^xz^<}>@)BGB%&>_19&Mq%1?EZGRLU4&Fe@UEY zy;A@K2hGMmD<~fjszlYp#6?mZV%MWR<7b-G?-BbcZ?J8E z735CQtP-$Rc3^|lDj$q`te40*oVJcK&{ST0m7S`|Q5M|4?g5k!}F9q%^#3zrk<6CkD7I=_qWbRvvuE+@rUN8VN>iqT&)6|j|E zN)IKZGrvAb13(*;CB;}G4mb)_a`8h0uJN5!4U$P4s1LRQ&zdG>h|wP41r`gOsi1Y> z4blRd*R+v?0vS-Q2c{sL$h8CYG{*Kstl%Kuf3rG^D-4b^+B<$&)AJ1 z#7I@hGbo~{(Y#k89HYM6dvX8b^2$ZTM>H1B%SaoSrXxFFMLIoin=G)=sjxm@o!@w+ z=`!N5tPRK1xqvgY``=%Ej=}j^BA^DoWg+4h6LPfz_$k$ z+KH26{RxHJPs&9;2zL~pE)FcemgnTJBG)Dr+5YvcB@`cV%V z>*}GFi~PxSF&Wn(Q1OJ`J(@}uxbDD7-|06XlxQe|(N`&ZQP*K0R5G4K5)*AbuS!}e zehlSKG9nj^fBfvLrOfFHWshvhZ_~{y$OX^0xfftUm+PsrxG0=4dZ#QhB?kJu@1?O% zO`#cd9Ci;%YV{GzQs|mWiXy3YiI8Bg@O7kG#2{rCFB~LQI%$GzNjmU=5eg{PoUi^k zEuidf{^Y5CIo^xKAX5tniyoNi>{av(btcAQ=b1pQM)I?;^e`~J5MKJ5>qrbU9C#UwfdTvLl~J;^hy{ zskl+m7v6ya;_K`A7i5iJ)F4p=?#jLV2=|hAha&JZ;+FdhGugEB;d27vEFVCz!YDz# z7ETVIzRIE@+MV0C&j*}X%%Zx! z=AdoMYTr5}(q#j!kW>5?9t6RAfOn$hOlnbOpzD_LItE}h6pESOBt$GxX}uBJ`q?IL zUl5Hh=sHi1E)r+jYrfHE380l+Sfef6ic`F$uB~>b=0;iW)yQv!V+{i28~A%AsHB>I zpKS^23{fq50TwUFLjh?huQmF5;8!+_c%6~5xvTS*Oc3UB z^;>0EAp8m2I{MX>9PmIzfs1PJcmBw&fBowuS`J zPWPN2Y?heJJvRN4+Pw#j@eSYvN-CK{AFpV_?pi4t&0p^&jB$5?W*YK=ja4^7L)N zH2?W<1`>#~y%q6`)nG|Bb)T17ZhsL2V}erL0j{oc9EK_{n8~#KErd*UHQ-?vmYpix zT7Ca!;N-nU%9qhz|IlVZgat3<=gh6=)V!7bcc0*;o){21xSrUBvV{@Hv zpR)wc+TAd`Un~(9GQUA(*ZB(G$6%)~X5GuXFscFpDmeE-?Pcl^Ya8f8hp?eAe(M{2 z`1)@j#gAlYbd!M178ntNWsw%@5a?B~)SEAP#5>r~!28km0yvesZdRllLtrc1P{d2=J(;_=12d4J%@? zyqAGI7v6F!_qeq!c_9MNfEWDog2pvxJf5l9ZlX&s{Ij+S1>nzUSTf8f8KROpeI&Bo zy@g#3|K*Z0mn;Xcm_7++g1MlKOkO+z;xj*oudas&QU=)L@LOQ>4Eg1u(#1=4_I*a7 zxE&yMELZELyWyP^sb1WmXh;ISwpaAGO--tVT7oZZjx!QYUwZjdkk|Rsz2|@f8&%_1 z{@k?_Xc4o|{6qM^J-pW|OL|9Om86)bei3X#ob~`Bd>d<;kpxy<3pCNd8M5Nds5mv^ zH*oe}!}tq9hHu{`%vI?RBE|qF4S>mz!U5|99xN>=7jE(FXsR(G*8%+M-~_$~mTus% zME;ugv5mEOuQQ~*Kw@M3)gUKuqx(*82|O}hmp6$O>j%1SHon_s#D)i50ZaG1q2iis z$%A2^&vI?B8P$eap47XDL%r!96ot_OST&8c-}X9Yy*|(Uq@g+7Ytk{WJ2o1n%*nPcwO&6^5{2g!G;s7lX>;d%- zhIlZBpXL|H=RZI_aH@RhMcXuYaV_#jJi} z6*JzKUgo0;L0&vF{qgO*)D!gA-mIxI$>(Vg!-7%ItYcn-a>BZP1|8<--+`|2KnLU! zzh?%EOkao_pkfV8#zANfG^=Ye=~U7-%HNYLyBerv>GJ{}+P>3q76T`+4^nk+e?hUl zAN>Q%`Ypv%-7spN~q{UjG{$3{eBopxVxMF1OD)nt9nZMzp5Z#A&C z{0uCHsvOx)rTTuEI!08doT(F(Z-&`?Vo#iX+UpN(bfD|Xc`buJzVoEA1p9%qo(OQW zJM}S4aMk4I-E$cnH&cRxC6&KAO_HGYEOKrk`U$LmtuLtYhgEhdD9sEuf_+~GnX`qY?4^ACI zLDMTRA}0ce0zXM%97DxzB%ax)FrZ2reUl33M-V2aj=328<9pOh3E=LmAt0kWmprZ% zrv*&_U&gDna^hWd#m{sKxD02PMePPc)*uqv@5(%4(~y1+l-t0>HBF)GqNuY>K4C`& zO5Fp!g1U008TX`8lRNdw4O(gC)joRTU6l2s0|4O+&)#NqD0gFJZNN7axWMp3*v$dbmG1{1H$|7o^+lCY>5Fs8Y919sfhk-*jB^mP;_48W- z@hC@Tp5v2G~E7R*BYl`txlKTg|x;fN% zPOofLrx)EutlNb0s*UJNDcCau7>E6J0~P8P%r=i8s4mUeL(1gy>V4vO&OWtT!|N7* zlr{~V-|PWBR*Ui#cX|zrHdFpKPq2~jes&{mO)8*PcmUib0(TJ`y8Pd_;So*(tT7oZ zY_lr3w{rnQnnFyfudqN0s#EVpOe^(o@a;h$({iQ5t(9zh=^zr1!)TT~w$~%WEO*~Z zknWw!dW?f7^(QOi#Lb>ORCA!b3qn_)bjA7XC=22gH$>?N3HBxc1?^l6Q8>V!Gvb*j zi9fUswBSNlEZ$!s7qQN{?{Sc#u?b>^WMWyh?z`!fA?I7R`Y%`-0Q}0*j^a)7muX(3 zxdJ&K;Kua#Mau&ce4Zb1DS_?yxig^Y5$YLj8rgQ`FYBp;zCmV!{_p2-MRkX@?I3#( z+Tq#p+2G~(*yx%t;2SWmJU&l+NtzNgq``PJc^R}ENa+VQiqi!g0WiTs4N%GWWbb#L zg_rhzo$K#29qP&uy~OL5{?mT7+phi(hTX!-ze;>q*nT!fxjiw{JJbn(cB)%eR%$3D zc(*^qYoj${FxHzB1inaRZR^XU2 z&3LzR2wXCMgvf(<*_*hCq91^x96dOsoh zNHwj~8htfL4p)7IC!_^^b~PGZ?{!uHW;B82Zrf1in?wQ4(~NO~^Bxeso`>>alZ!fG z_IQ3rpXPl^cg}Q@sRups31xGtx0oDV6V!n z)56snmL1yNjzu`oaOe5TTW%SkkgW2~280a_d`Y-Yb&(YW=tzV3Y9d`)WhS`00wSYf zu|_UU;^hJ-Jbo7BCh8uj3XMYZ^BV`sa$|R8VHD+Z_JntkjYP( z0cHPgl5K&#HJlfG9Qts3?e!#9_`L+OzZGzxSL=GcT*fj09i0lajW2g&!1$(jEu*1` zDC4lMlg8ot)pInos45>i@94%C>M=xDG8p0do%Uu`sIxX5VeH+#_&*gW2t40Y2S$V; zGAA<_q=MB89Ww7^+TJ$cSqQNGIF6y!IWw$#Re3?07(g=+Q-Y!H1LV_R2%xm~HGL_= z7)HDaaBR8a7xUSiw>Em=II>9Oev+#1Cd&p%x*JVwd9S5nvZftWIvMJCw z1ICxG&ASbnI+hH+vGC&RNkqR|j1HD}9>?$m!6lm7h{E{B&(&u8Heh-m}Ia^5yI7Qq8e<1 zoVG@jJGJwl1U`J}VgUo70dsJs{~>od;OLjsHI{QWHWAQG38>VJbu|_B z4(xGw<2N1KBLO2hRw%;-=!_v_K+)Xija-9$5wL=4_kw-o^@*Eq#jI=R@2z#VJ3694 z0->KNJ9pxrOxZn3{dT2^q%$cd`v3(?v%VORYegVhVhg`&FC8?hxTa*8pMsixOX~P8 zS>Xag-#A9dKKGXx@h^Nhf$LG1WNn;9t6@J%+ zhX^e6&P4LUa+ajsO5<6J(|7O6*hf>`O;JNa`45;Hx{rn z4awVM2|kITnEl!Mz?@fxBFIb|jMkwOw&-nimh;23z!=v}iyAr@?&hDXGhGJ1^zE3+ z0444`HA#>^(gABg%SVsFqujRMBe6^(`T%)J7(b^AaK`LlRvfcbrayP^W4sX!A_J~$ ztbJ>F@IW7ax0LgeS_#lYlz?L{|f) z+j%_zMfVCap$^tsoNDSUMQHwcE~+>Dfq;dVx{nFK)bkM}xu7%1>@5KFO!7|*Y-Uyy zzTkJ!M>l4I*fCE@HC{lbfn@#8LHtx@i|2In4EgDCDqq;;jbI8)WPnlx14q55TkYXv zN?({SS_2A>;~{lRq75;QWy=dLApM|{oi*e%-8GY$ER9P_EjE$jrVA-rt6L1*p{=JEfVJEJzI`!yFdj&ljt3m+J|oD*rIcdJuCh=yjhCyY z8-!!-irf6?fJTC$j6%Nb$EtSln4YhFA8iwDFL6b`mOmLTZ!*lu0{t{HDl|8r%{}gz zR@B3wjv(IgUwk4H_&`ZdCwacZ@iojLJh6O(u|JT%QqVhY7&he+k3k%*O*RbNaD@~# zHIafAR*rHJXj89dL{AWarC1h#sKe2M@YD=&-6e5PLvj3sfX2H^UqOFQQBRiCp1I$C z1&Jx3KFr%J{?j8;O*&{^UGRux$@TmU0J?W~jucs@Kv57Pztn;}87>ERFqpN&g|cH6 z83Xzl8vNIl-!0w0)f_)|V<}I!RX|XAAffr{!RuqSilXsn=?Tc_7iM3Em2t zNZe=T-B^++ImeI7w-~N25fGH|Q{MyS|FT!3wJezD;+Y3XT0OorZ`Fgdu5opLcm+Lg zA1{4?|H(*24-sA_=q2M`hmurdJ|SmbS!hGn39U78S)Ux6QD$q72Ec7RVF;eypU<38 zV)xzP3OHtg^dNmp{<&9oNkKW#qAqu3h;`_;o?w5i^4Xa{SwmU|5hINkK{(jml$YYi z;OW`AdUPTl;1WL5hX9BYD!o^cSpqXlZu&H!KE;++inVdhnxLSXlW4FQU(qm@X<-Lh zWm*I*a;a0^J51=5DU&AU#J9&+0zf`|%-sj1E@y9GBc{AvQvgqv2xy6*r3W^8O&s{p zl;xvb3%mCc|Ef}YfIej3DAHXQ{i#$7$Xc+$2B!cEdaYwpa;7`2e_C-lxe(tw{0k6l zQj7}Ukq!-K;!22y1~ZD^IX$qT3SjNfU1;wf;E_V<{*V-}$3t)Om$AUv{k8b`wMsXt zj%~=eg8k~P@-dJC88I0`)ti9>lC#_%yn~rEyk$+DADC1@jr)3Zk8zbL88M#A*2fxh z*h9N7ml34P8?T@MtpYl-j>kVs;SJtwy0fDky7*i=zSH0u@nGr)1{KaXeIMQZbyV+= zqXwW)piC@i$ba4AWeihtuQk&8D(T-j%TrMzZc0)RcX+vF+L8|Nt%Jfx@MBTTH8vEK zOBnpTD8SGy$6dBIC%LBHuQ<2edy#-2GYy8t&GabmX|Wv}Jq4}@yt0^)GO=dny3?8B zo(drRLAyZ17DDHfQRszZE&gluKl8RPG$q2pGXK_s@60_G)bH8>ptazQ1PAy!yn@k+ zk#Wpx$}ba7oGYue`iYjPg&24<4E#G5;{iVFk1{K2_B6kBs^HURrhr&ZSgBc zw7?-A^Ps2`ihT$yjdNIEryn%)Sdpejf+$UPO z=`e53fM4%uN*=?b>1cHXB}>cvI6}Y8HE93dH;d#9{`U=h#bJ!Tyy%fq?)6n!$v6@b z9DrvWG|*)?4fB|5vTWS+WSz=!!VOS1Kprs_J|>Vj)ak}CCCUoRC-?^B;(VVOjw&$< zN3$C6`7G8HD&-(emZ?_aVX*OAcf3d=(*?;FVLRD7fbmZn3Y|}r2IUa=lMDvxvmGhe zrbWU$z28&uj(&*z)f_(0q(eEp&{_#cYLhsu-oMnZxcqgp~tp{KX zEb`<+DgIQ%;6~IF1}G#>FI4?9(A;K0m4E$3&*EW;>7Zxs6Ut&)mPK#T%yHwvVEziF zkfOvOh3EB4D?riiMM_2@z(UA7=7xSqcANbl24u+}DY0n+yAuA=0d-4|z?Vjrz57Aq zs{c`6N(ku6`Ji9k3UgZ0L~!JVD+Vnavg=atYOp`b#XJp^82v!Z?eN!VvT?Dnt=T7A z8p#F+%gOZ-Chlumize)z?9ILwBmT6oE5G6_RS~lOY zgD<|_IR)MR<=bb9_6q|1E8E%YTxmc{6JFV3NitP@;VD60L0bhhi6Wl2_5Fu3X>BhO z5dd(!o4!zXMExfT5*qU^mL5bcJ3<{I#-0~+HCX^qCPbh6$?{Zb5Totq@;xoon0iKu zSMjv|x>GKn{V=5vhcu=RIBJF_!*PDSei4Bt^`+wZ;TDvLD1)G2fx>_wZ~jBS5lXZk zkUIN}G5wGUz4RA60viPqrfUIK8)|r~2XapzOYHJqTrr^WOwRIaK(BHHjQtOLjS~O!vSMKXN&N&O9V{vUhPk(FA#6ME zP4d1%-^`yn{}jy^JfwgQZ#mp+l1w&WKcKbcYQ%!CNBk^U$m9c1~? z0bAmEzo|;q zG%I*0sy~H2J9%tygJ6u+;r!1>Z>|lSQZeO3vvC#axecVakU*>enF~+LHFH8=m$If9 zD)>~KBrd}afP#Px_G5wWhBKgo4b;!qlZ{$SJ7256*PzY|boUqmaVlA;I|L4d$38Snt1HgB=U2rTah^{j@x1|ujmlrm<1f(52I{0VqHkD&MWIfHVIpB7y1f7!lpX&zJ= zk9$#{x~N()5Se}HX@tFQc#SG0u0;yS@5n0KRwpEE@0F{JPn0o%{QoPt&QLc_zQ6wr zc41dy*v1yl+#pJTluURqd4xlQcCm$iVEOORZgnCLq*Yy*j64sixstel+lU{MLDp_Z z#*ZM6Cc04J)!(9-AO_JojpUs=^pwDFG4{g20F!V4iTgRw+MJU6@T3Pm9y!^AU=Kb* z#wl{3xI4;ykU*~)J_vgP@DWW+cK~Yw2T<4zaCDP z)o_#jouu(ge=&p#vixOQgcJhE8)E=3R1m%HCv+F%Yg1!ysJP!rZQ{c@j1 z6Hs$cg(Me+QuxIoY_lco3%)`sCsUWkAD)4OAWff~`fLn(*n{9}eOGBH@Wh1!7a-RB zR%S~Zc~C6HYf#gUr;>V!$&+jpmGQ}!tOhS33mHKEQS#4p1aLG~nPnq2E{i*MfC`Xg zd`u9ChvR8Ec-Z@hiT8Q@`GKNFY<~#i>pzp&{e5tN{USj$5NheJ3EtW!O3QC2 z{(?r5-f0{gG}3*99d92sLfep=qBf{M!$W)v(0=5H9s{2L_0A8*XVW86(rnbPxZbR9 zD)Fq?t{Ug@R+iSk40v?^NIJ7F$Ji(e|0RUrGKeXNh!}E*7=xH4etmD%YxUP(byX@O zuk)U>_p{%u0ylm)6qwSE>*a{&I6rKLy@jKyiHLAnhg7uVcW~8S4d-RVEEe$Q^U?QN zpC_fiIF=yWOtwzd2k^&zcYw{8%;hD@LS$r~q`owNIzL^__@>Kl?v#g4?>!2pdG@(4 ztdc-*#oKzezn0A&DM(LAvOEx%N3E&b$Jj7E%xT}#6Qp{%^z#q6) z*|d1%_}J`gw)_|>ek;trZhv~zhNAMshz$UE?aCLCNq+(W*|zfz9k13?~14NbGNV7_$A3BZ#fqcRl?q`wGi{%<1&0DUKFjf;ZERXiF9ajAdWOHB? z{&BeN9Un|O$N>Mp2itY#z45ihxM&Lw1e_BWpw%mUuA+FOQJ?olyq7xWOK}XW$`6rh zj*{&TM{d*h-EhTX5$n*6z7fKM?)+p3&J}NJbLRhK2SM`$fp^)4x1IJTcBsRtpLq@b zDEWo}l|#HtI!*o^q`0$d9#ve85^u_nr_*P%D)p(7YsV|WALFb~2p&qFaxF?og2`D( z>GNIzpJ0j~1DBvyXwmDe_m*N|+pT}nhHx4mZxiLSlf3`L;`KH3`s=0HKQLZ``FyN$ zOmo*qQk1g~c8~1rJJTWOQd1nFA{bnQ`h2!QNu4lSlS*?KS<(pKmETw|P99 z{?mDhD1kNkR}JVV2)B;|5msRjAFUKWC$visSL{hY1jXLDcQ*;Pd)3+WIQ>w*>_<5B zLlOuPR(L(gf&AtEbi8@RVz*g$*}KPcskOnR0?&E2-%6&D;s(BjD$6rkB1rQrAWpqaw?Eg)gd(H^n{xrX7t zv?EBQ4GtB!7*G2J2C+=Yl=E@^2xAmF!ib=s<5dzfS(l!j0rp?je#j80;*}7Z(WkWi zyr4QKoSNV3T$CG}&*{;^)WD1__TF&P^jnkLozdtpnCQRe@>7yY3MHY;eQ#no(?)gq z8F+MD?_QrSj>K^&)sc!3X0F{9+<$q6#sCWBPfPsf@j)G>yEW^p-H^!zl#Rza6#Hj6 zUp(nWj^EIss-g-x1Rw41x1gTl)@5IhzsmnxbC>C9(g1}n4scnx!L*r1azlSx6AMaT z&~>Q0`#bx#VHzJx)LC-=z9VbMzFm_C(ixnUwwy!M9C6)=^?Lw;6K>;Pt$^CM)U$+$ z8xQyUyD$Y#Kl$*;z^yxd{ljR`#E-|=N+57Xy_HS0E#mW)?81t=l$s$z`KdP?>Vl|0 z(oZqDWBq(F(Jz$K_B|ar*)mO!~e$2`-ZssW?&@;WIBVdCc7gSpqFF^%}9cKLi33xI>{ytR6# zp8^xCUKnt5yWpXgdwBk(yBB18{prowzN?(Z5tzB%!#lhWNEoHz_9mGcOOMcwmyJ!c z)#u_nB476laxXSxK0msHvXvV1^|)>>?cS8Sios zyWiWlg%3wY%oq2;k|)rg*Qp}Y8w-lB-=7z}`!e4jtDmP#zwC&*0yj!>F-S!O%kOVW zlGCXgNaV}oU#$5m^~U-hob&6@8>2&}`!S%~dfge~P&D(_G5Ho~4Z@-oW^xiZ22)Nu z)0l3V9(%5~#JDY{a@~s;L^p0o*X*X?`5^h4@}OV~1*3aHIlerkdxBKJ>y>MTv-(MA zs#}Wpo4C`*eX%$5jG&g!W1*l8-M?|z#U&yiJhc>B;_ruVn+T2-kEdSWpxes9M-M8w z(j1XhueM4L4Hn#tvG?*3MYTJuouUpMeX7+k z13gAdt7`=JBIVjhmg8owp6Wh&_ovR&+wq-?g$e56|I0VfW{Kb%8C7bci(`Vu? zRPgLBb=wePtiS4YKOfgx+>=MHw&tkK?Z(DexZPbSkwansSFX%46e*c9h z9HcTQA>8CzdXLuUrOKg@v`1r!TJBf@C#vjgy-1a7(79; zcy>9@he-`>jzhNng#BKS)u&7-XBxlkDFqTBeKbL8vD&3i!CFn&3Gi23H zZz}h!x-Td=2?E#bV|HM{8>_(qFxrN0gSYZL)naf@66Uz3h>!F~vj!-*sjDN>TchiI zEv0xr{=c);pK8(@D9GyztGi+MBpV%FCIP;HxtLKpnf|=#Y+(BE+cT1oJ-|4;h16cJ zq0PZ1U+c5Y2rFngC#~k>St9u^w2Wi-ECURjiZ2Vj`L8d>CaQ3Fp|wTN!U^hmh!f}F zI6fClCeO9t=6omdU9pJ2SM&2;#|QsG%^>%Um{yP150(}4HjuASibU+*+>%9xq$W zOxOY$2-ND}%}S)kaw&L{?Rwc?3%~C&jc>SzyvQ*>eX_=Ms^GYJ)d;?Idk&AoVR<%# zwlUrNtp*}#+B$V2^-^|6&}kUyIOYnl_u~Z439_8E=3omw6JR4CBbx#ado7GE-9E+|Ml?=kzv7-dLASc zX)^9$drO$c{UWlrHUx0)99))oaVH)Dz0|hp%o)rs+)fFP{k0>-hQt1h_$9`PFy$Lz z>)!nmGSPf6>WFm~vo%i?<4rgJphkR5ZRP@xWr4)miU*=42_ZWt|I|h^b` z{e+XKBYh}pWyIGTDAgvlv>!tcP5!50MJxk(4_#&WhC3W@ z;ZCCv=pz(%{GwZynQ&@oh}Ty6*)8+PN%JAD66cnMx)=T&vK}uhTKQS6Al=q?KW%du zs>;No8hg&?UEU4?5|XVSU4JSuEb`p^-org0U4BQG+knk(B3saal{dVYQ&BG|xR28S zuL-rh$WI*+hO?fbi9GUmPZm%Yb=DtzD_*i_F8bqi(7>ZN@*t7UK13vs@CCfs8KP4J z@FB!OQQXJuNidPG-6KVVpKS<(uhsG-Ghp%rPw)=u+lXB&bFV6ZSx+}X!Fxa$0WVW= zO_GTjL7znE{nF0aA^p#DgJ9}wBX18ketH}}z5Bz!=K*Yuxb0(pK~2jt>`^g3zvsr4&0Nr)u-4e` z`gl&dEb6X_#onOnEBK*A@z>pht4Vgh@JO^rk?}v0FdYdiGAGP>^1Yqi9w@d#%ER}8Sd-$5$kh=&EiT${Na6KByA-g-V@%r2z^`kqVKY%;_07dmam#;o) zDYqE)TUvp6>rFZ-;Y{Ki9_EPT6QAr?m zz+j!Hk1O$tIm|c2X()3Kzp6YEN~iqeo`GrT15+P`W3?3)iYl6OWs) zaAeTCuJ673{k+PZuhvu2EG)+aa#k-Mfa1>H>Gk<#&tWKSK)B-Q*l+r}llf+<#``Eq zC^S5+qF}(p58l{e?$xxGUia(7+K<9_ig#DuuF}Yn0znXyG z1IVLhHBW_D{19GlPiR1<_ItlGm){o9NbnI%Y4Q*`rP?Lwx&5e?j@fC8D8R#s;T}JJWp}m=z)n{iL^0}P@7J%~#YpIPeu>m`;QPKw`pZv{ zUR}LxWAu1Et`+F!`Y{QV2vM=M1m>k!`O@>4AUgnH=;XJS^Qy-uk|YTqF@Ac4mRV@6 zq>vQ}jAV;)fLM}wwy~y4VPxGYLns5CCfJP^Hux;=4xTE82lRN%hSl{G;S1r;r9*NJ z$!4X(I;=_-`XdV#<8;!^!=3+2b-Yl%HzoRW7V=}bb*1NK6$5bNFE;I)iYGDP2+SDyJNt5oCx+2QKmFsZ^rQW<=5fsykT-rwC96=J|3}Sd`RRDu2e(j(X)0IRuP#A zW6cjNUwyVe7(MSzn<_ZtN!*sxy7+a@I6K%v5TbYaw@AQTbd2wsJx7E4v-o3rRcov2 zL65nFX!WtIDXsnPDpPi2PVEsA$f|-K=a4G$fS5%%c@TV!N>>qZbKTl4`}J0^PRQ@>!`n>y@8qP?wRr7D3%&pS zeUUDc__+z*-FUBW+sr6GeqwvL_T^-f@iN0kScX^au-PnJ&T(_3;J8#@$#$Z223l2p1U zJ`Q0#-09Yp?LCslI=OA4tF7bS5kBt46#zBV0kHn{`#KQCkPXe05z`MxgjIG3&YD^G zw4s2{3D??}*X|OjcqxJe=3;fq0jWn6M)S1rbR6f-7xQCk&_cyajW|1rHQv(FLQU4z zYI$2fztN~=0Y&07)ID?d%)q7DH`uevc#$P?K{1f&v#Vg+j6X{x(WygixB1XP^Y>W4 zb&zR4Q|9W$w)Yj~FU-LVvf)Cr_Hl3h#6RbIooz6Ak^j)U>f4JML%MkS3J*VijvzQ& zC89Jg`U>l$&5K{x1=K`?~Fo zQ$StC5B-a5tna5`nxsN2?dwfBfCuo|bvej_52mG54u|;fLOo?sIRo3Ym-tWW6Ps_y ztUW9Jf=0l@C zBf`ZX2*Av5p+4T*^bQFE@|2dW-q*dSapC9S2C0qewV9ePmvhv{+tG5z&Tvk{dd0CT zk1SxiFRNBV@k?kkesg`^e}~+f%lHh0e=MOZIzF@R@pahy2c=F+e76=lJHkDtsYfGS z^GWc5`VPvZ2n?Ef>M<5Qy}tf&I?tnLi$S)ZfYY03F2U3qBC<^aHX&=B!0%j=7af(RVYy&;Lw)S0*)PnNjv%BoXM%g(jQ4-3?b zz)`(#pPPu_7~VH~F7?=V{q(lO)5#4m?8K#N#b-3csmVYgi>UOyE`JvT5}m2s2f(o0 zkMbqX-%tw#2c3TnuG~AdJPqA?pn6PCOk@o8n}dg$Gr|)gM9Nw_Ev(<_2G}9 zz)VH}#&Jr1Guayv?z;Y-284vd^INg|wmVqltkREH5AwI7Z)t7+3i!)y5`3E}7zCgt?S{Lrajy7@Kk_6w9 zF-f?_NAc1Z8#Z)m>$WQ!!70J_m76KcwmgAn1FkiO`y*kd+}@i*B@*?>6dAe!N*|eA zf(bnNGa{v>_@~Qw|G;OcvZQSH#SD(qjiqPPcah%UI|t|Wu6H16VG$!dv-2T9^BZ?_ zaC!qA!GV0p{qqgFW)tbC#|2guH@8&pClKpH0(@vSR_Nh&sLo)tP8XqmOw3hL!7s>u zOPz1WTpr>~=WfX+vHL1F`3wHeATXLUc` zIcdA^f?1)3YI8oqrG?j+!U8UCJB5zG@^iqKPRszs^li`yMDNn$-vX1G*XjUFU4g z4-a;}e4G4ZW|zhW&`%5JQ~h)zQ&he*TM5PMi+EL= zbFR~i?LGB-iD0YRUvz4)mbfC4o1>k*F8IOs)*cHXbTR0~zf-&HP*kykOGO^tT1hY{ zYhfk>cnb^dNY`hGO9}k){Q>O_oz-6Zh4T*%{ zjYiquq^sN`u4Lb$GuEI&PMasY-OIT2(G&8=65!>=svJ0Wai`Cm^!#$WAW@K?$Bn;J zpJ(!*KGiS4XL$610aM-Cv|{Qq7-{%b*kMifW+^6D2lFE?Zirq!um9!RiI1!^4xhy_ z3-@h%Z$}vu;WL7zhf9_W+m0+t+bS>>VKudTh6x#I-<5wOpkl!f$JBE4^F1Dp+TVwK zdPWRntBC7lL1a|=V$$JYJwB}fZC{jp+s{VsXL2pv2TzhlnMDF(ATuLuJC!X?;Hd(4 z>krty{~#dy^zOx_uERn6hQLXb^yhd4pvGLHBDbs8QBoNGUH%T0)beK|SHECH>%TYm zv5xmwpFh8c^h;lB1^)fsBnc#&U&72k`~oLkid$oT_%$d<#I3?EP&gRW***J=dKAHl zeH*KO?7CnZB9BjB!Tol?#eV(LG)`@K+uxbQ+E4DQ`Pw$TOVb9sPOS~jLsD+sK-ZA> zwk8~PWh1h=J-5?BgXOa!DC}AAVyKbzzRA2c2B-VL^;g(|e81qh8)9pJ@NV^?=>p9FNgT{^e6!xyi#UCskwg0gHZK?xCk*7FyYW($db57Q*a^V>D7N0yIwWI zVTSt0E;I2w)>)2yfz1D13hWlTiEzUDfcy3wZLdd9Vilm>I%A=gb5f)-T63eU?XWxN z)*JOVDrFJA^Fo?6{{bl+w?n4vrv5G;;URkZzF>20*|QW$5iL%on?cqrXcCQctU)Er zc!RT%_%MJ5H*}{bJ>d!>8DAW)E}-cb*={l*hexpm<(=SL2ChneJQ^4`Wxq-(A)Xne?-cz1X$@g z1$F?})W2je>hDhfdO_smflGhHHw^!`FYzQlQdfy*OnlACUMTLk2K@Lh_W0TyA;3Q@ zov}Z4f;pm-|6=X~ylb~&5${y zkoV77cHP%+F&Aj)TE23fqy91&<@~+Ig8!82Wbe3VcG*Px8#xBz6OFL7X~GFnEbUC2 zr60h{oHFb-;uMxqAxRLG?=D3-r&QoF?GHlQpI1ZIv*-F&kSSo&&f^>V4mOSfI%gGP zH%@1-bxX8(XmhKv9VK%%_{hqk+*)T!1>*D+FaUNJp@AUS6^y$ZXf|1Ac$7FT3QoMe zJ=c<$@%b=dEE&y{86K`JMp&xiA=;_i&#rb$&8o>-i)x-qgZ$k4&>|m1!P+6Wv&A9R znzWIo+^_X|zc@!>-=Oy~zp4^VKkxeyagD>1p^=aGk@a3TopS}@O1xyWe_xDxc>0!3 z3aG$v%YFBw31t;|`^hww)R2zC8)B{L56La)hZMvE1lkwWZhG z&!hMLfI9!hh8>;{<%qEuSXJ|LMIbQ84AzwKho`0znmtIqlw5@rL1V(Q-J8*9T$1~X z%S$h(`{$(0BXL)yg#M=4-~~D185&X*5Ea&nIHUwl%ol9IjwCx!6Uc7SrFua((TWI< z-(QUS5f*1TTxG&z&X4`fxwgwshODn%u9oUO4j8a}5bd_|&;6sKdc?pVFy$b|NGfbu zUO4&mpxBO1{9r~~ACF0<`WYj97~wvRZ4fQ18V_fn?yP;)_KSg&vfrCT=RLb`aMV_O zg{S7GiFV?`)}dLSs5(1qG^VHmSBn>~*ZUoOa%FAz8s_kr&mG>OAJNu`^qu!zBhT!| zu*!r#e}RhSq^~TP-bjf{u99^341&DhLQFoNXWKF5=~hR|iyYnu8}VDHEaeb=k%oE$ zsG2@`1V(69v5fJ10qbhnX9BblFG@^u&H0)!CPSUj!vFQMO$#=H=viS7+VfDjmSAs% z8-7C2<3$C}$Sw^$F&Q(kG{bF^KIvlheR$$$-~?8uG`)|i>>k#ie|bJ%{lgD=A3y6L zpuxc*h~^zj4o|!zDxVblp-@Y{hTXeaGk_v?(4H`FAeEDeVI~E2fW-Yf_{&0ti8)b) z7S9d#L1%1KLYL!N`%1Mc%a z{3!x@)%EQDsB`RwVYWxcW;lD#NN6^B3nZahiqrA_#RG)RkRX)+vi%`&0)S}1x4yt$ zd_>LYJI?cE*bhetJ7`Txz7}t~Rcu zO0S|)#3Wf8c?ThFHO%-UHW-urv7AO*wxK@c!dKnqshu>w&HEQgJ>Ab2Rpggtn0>zi z{%EAPR={6{H(r6j0KUVQr;=^g(LK1lyF!s>#b|DC2mCmpsdaUGxogTh)ib$czOCxcUG~$Q<)H%pU}fzBJgizD_IXhOoB_FuDa>8DD9} z*6_#&?>qybrNS;(ILre_*`#EKivZPp`F(IfLD(!uyv7Fn0cXpdiOi%ad4-?3qKdVS zJh^t0gXi-`c3tfRYH4Gv@7{WpNOhFV&AvT`AKfAwj+654PI#r!U{GwR?}zpN`spu> zi|4zEKVkI?(*_2YcV|okCr_u1Vel$0vZiJ}w=X+i<`?Oa@~tKYZ=UR6VC9TF)870%prZhhCm8tc0YBWWG{!7YDw2l(XyH0bLrjV*A98;4Ce%2;m_M`E7G5w zN6Ms^*9q<6zi8-12*~dk9;acW6#tJFJTxE$Pq2YC0pOgyma|vr4L@?M7ko!S;L~K! zF})~}?GQK{%-^YKMK8(GQ1@6`S#BVJ0YPhV0%t4-R%mIzX5I`8z=qJsr#c^A3rNaD@c|0bDT^>C*muDu58|upK<6m9PRO4e90gFcXZV~(xSSkY zTIphh&w(?}tB7|@P)3fJjzC&7_uB3*FSTVqT(Gu)o4H6)W=~6H!Ww_-RtEtIXZEp;wR#TMahAQrev!2T+YbFj zs*^zr&6huE*Ts9=s}-*xGtBT^pxa#E!*A{7lKMQ~mq)Zk-nN&;#Hsk5u6fIG?X;Ke zwfjU)3G)eMHBhNLk&^*gr3tWuaI;zTEC>6Mgg=g~PC;1x-PbJJ7J&#&_C>Q2;YcJu4;+KP1Xm$_Fa#h3Z;7&w(pxzU?nu! z@*p6+Qq;Zs%f6QK$D(hV)9N_bnM_ztpSNQ?XX((9U=V!B=m2=`d>KB>k$)@+I=*-t z$kJf2eff#!O24h!UUguH;ds2fnoNAX2U>t{#SiMDo!`9wYpL42Kakb1eJAo)HTlm>zLruD@}=hP-^H zYxbHGv*^#|;M)=26Xp~n5CxA8}6|`*GYT#gRC~9h(M7l zd%>(KEn;}kIsi8JrIdz43+Ua2I!4`+?=LvGJ6N4?%0Hyr`M6(=Pkb{l;(OJdeot){ zkcJDrx)E4U=uPMFHT%quy@ol=&;C1=`QmUQ-Sn}P?Jp;>BAs4zH?AEyFqvzekVGvT zB?N(P49lr`ovi1E)|=WR!J_nE)O5z+enKZJ-P`xq=e}nzqj51! z-ickM`z2Vz>zwW5l$HpqZd}1ss*^5A9r9$l7#juCKuG7l&i)`1Mu-fK9RDcOH}99; zk2rdpq@PIDaZ?9eas++5xO55ZN$6yIi%Ds4Uje4n=w3!ug+ntWoF+sLTB>NIW z*?25kgSV;s_D|V3_Jr{O?u<26;ZtllyG~d7XdmDWnu~QrE=#rSvgmR}*EO>=oY|S`lqR z<2j<(zRX7YD(*x8KPaBrzU0`N*c@W0oL*N#T0N1yPPhQcG<&3u`Rc|r>D?aC#kFM| z`EXyczi7tKC1)Hy;{x~VI4k%pTdLD>dI)q|)_aL0G+G{i_m8Is^5%yS%yNUvKRa_` zc@l)G%lhbY2p6WkX!o8XbGy+R<IKpw;>+Y@i+$UT zRPyZLLG<>S23M~~MmQmTq6hM1q|-HOuaGOBCH3NIOQb+1_D>2O{Gu5;62 z-4CYM|{lPimX8?vE}UXt{?DJrDfl{TS1jDypbUE+6_)9Qj)@;g(;w z0->-p-^GRZS$+P-(Q)nWRq@&O&!`7vT}SYY3HN7Ws_8VIu#IB&Yxr=lb8uO?fXIJ3 zm%i!hc`lxl|By)c#4UKLC?$vTtnc>|3y+OV`zvZ*S*VU6?|9|q_`c~eh&lK-lsT`D z4srf(afInPw1MECwDn@Xrb4pMqLn=5Zn=B|rH|pTbvp-8A55Oy=N!8aB~6-T#Gsb* zpHTn^6#+pcGS!z(;MGC@YN|GY7jS~L`0cIkgfKMmd||xwaDRsTn$`&21!BO+yYz|s z`ZTLH6b~9Xs1`*@0>(N130NP)z_BMBHU|Sc$|ksL5fI@_OuD$jX56ewV@rbv|C<=w zBGWvOGZcP10s6`i+aTB3 zw5KTZXpPH2m|w#_fRMT#w^{u)t$bl`5T z`g(=`RmfoAjqyP7;;V#{xnDybs_iYDAk|DT=Fs%FgoKg+S}3&~aIJo0NywPtQ>-#( zaZRtrNw}{7{pYTLA9!1nty-7;?G-!y*OGE1uky=8fZ2Rw+64-Tjg6L1v6Qb<@pPqG zTf7BRo?$ei$*18fj?GDTAXTt%oXWq#It-Ue_4N_&^JV3i<5t~jQ2B$mUyk2H0Fsb$ zLBnUi^^wY30Ty{?S~_6WCsYWtaGnQ^`2sfTndeaaIyU{{Z1aOR8V%CIY>`j=F);I5 zwO+m)-U&m_e~H3I?2{B_1mn{1s_v?~=ePJ>GnSx_Mt1 z#+RIP>m%!cQhCvy$!x0U4jDzwF$`CT)^Tohp5HFssc^<+VfxvBzZ*c*rH<;D=(WOg z5pF>AQdG7CG4i$C6SmDj1sA_YY{AVg`i~>M*A(TKtdYreD4+|w7T?NkymGFMD7!!R z)&WS~HRrOfNYYOVq{YIl1SxzyrtQi5-^csLU(drZ_&M^&B_zy1M$3=klqF<8%EGIuED z-sxR+3kqP-{tRxR+hHW^n9fO$&?no9$?K90nX9^umTk6a+9yC_oO>(_Ds`O;`4%!} zLk)a5s0eptj2{YpL7N&6#gXhF!-4s|5x;xP-yfsUzC21A)jKp(w@#_l?;SPgh|79U zp0zCPzA@DH$9=*5)Q&n#!S{yM3P};82NhnZb?XXDL}aFp)2K--*%DBgT#G^dpM@{IaJ{&D;WA5jKrx2Dpb7Hcwd#$qr0C4&nw zSEk-eN9sw+9QUI0YC$rGji3M*ovSc_u+v!g64?%JKSW347BrkcHJu@}0|o@nqLqT4 zR%pA-^T+4`AQo>F$5X6ygreu+J=s+l7nkzW3zSzRoBKL)u0NaYO4FvduhIJUlvmc{dp!}g^UmYwjwi!0)BL# z{8_{^;!?oO>EckCra*QK)gZxoMQ1diOF!D&3Ca|Tf!a03-KFIjIEqqj{R@eG>LXHg z#-;lHBNL&_bdtpgSAK=*B#+v7y#?{eGJf_)i{iqRAT zeQ??WGw+29RY=D#$Fy8>XO<1gs11S>Q8VOid%|^9=Y*_g?U$g=19|VpG+`mv*`ME?cuPY>5?r+(%2otkO~oJ2LigVMrwH}Z6DeDRLH(JC zXmtFW{kPoTvVFV=baPBcn@*(7^GRIaJCH*@B;>&zB}7EMhWq0J(VgZaHHwRo|CYUf zh~tS4gxDBEi49Cu3D}5&R0_u}gFDvu(s*Ru9t;lF4MeFv8Q9h5Nv>J1^#%|41P+&i zPbDh@HW6-LYy~;mCC`KQLhQjWq7AcHKgors)3E|GAxoiU;$mi1~>3WDT&M-petvVD8xNr%V@iA+xZhQC|qvx6zoU;1OFw1cnXLDpM?w`{3gy81Ow40p^wGI6S(W? ztqKGQO*fnh*Vp^WJ<>GS_L}yZImLv$&@%hq~WtMKOgVVC#?=>2??Xtw~=Y z=i6d0n5FP^mi=PIq~j$0dSEWTOW9lJyBgq3J|Rv0bbmZv+V@&*&(Xu7yCU&Whm_xw zc>vUOcanY_b_PO~jOW(XB-pCd2MoRx(kjl!hvXzn8YmB1{Z(1fD*_b#8ZQ9oAyfq) ze!QW%DM|MBaUURaTCXEvzfK2>y^JBVJXo_sWqnQW=SAwiHnQz;eBhSrDAk|iBY!(+ z;waiK7&10?y>*LQElI`LkfQ1@uP#3WoxX5P!kDy$HzwGSLd37}RplxqK8UN>lyOM2 zX%~{cn3bZ7qo|mN zYOZo>7tY7PI2en4h`*D1s+YU`z%eS26(XV`i*JA0I4^0d2_GDoz7^Qn1pOjfXRoau zmXY^XJlBPBLXtTabZmj}{hXHWs#UO{!vqd0?~lR>p>TL#r+9hV?Ko?BFBPDf#LM+= z-9xe7NAkF2Y1r&u?)QPebYDJ)(h8Wy<)|srt|3mXV7;=k zSD9dX%%Q&ib@zQ2fYs5zASL#pl+v+Om6St2&?H>_MxP54U9|$2E}62HgZSbPV0|Eq zE!D!sNTSf#sCW5k>UXrBXPYMpa#qzEQ$_tD#R$8E=DD^7t?FHP5FDdQT>@TC)!=?+4+2DXe2pEQi_9Xdagj?@T;_FCB<}KdxOoLO^y4 zLm*wyL-fGuSX^oLV{0EMt?5eRQkRO)?eaKKB8vd9Y4D}15arOsf3-6=k)IpVwCW*y zTE@Pc-u-O$%bUdC4~E2qp4+d=W`e`L&lHk4eJ_d6UFNuXGVKAk8nH+5b{8Nvgrl%L zpsG-yMA>_V>hturzfi8rzfVe}mD~j1ce5Y6s?o?{v5VT}bFG!%`Q#^x8f|_5?#NHG z!zE;JsCXEH(UQ^tfc{z6xXr%ynggnC1!H#4Ps{f`#0F$od@jGH(@(pFZ^Smw=#bo| zv3~>{sAW4R^XHPV5++A4ZN$b*H@;7E>4wTlHm6gpPi=Trn?B`Fk3L6Rcfkx(N)~A^ z7jkDFxqa**MD_r~7(fNK@=4NTkb%7lwkr{rauJKa%wKP}k>Oal$szT*DP(rMK9=|e z@|a^`b1%5%Yd9Rx)kAbErSpRb=bI}|BW26fYlvz4l~qOh41#6BNcss&=W*X7)WzOm z5N>u=8X0-8o^ZtC+Z1kBL4NZ_AGs&Kav50M=X~cJ?TrhTQ9j&ZAkPr9W!n{nr`5nR zmIjX8-81_dJ7e13Z*{7fO$K_!bqiC+mQ|ROUb)(S&fG8gYKGIT!(Kyr9PzPVcPEom z{`|l!$hkRqO2tJ&MB-JKUPN+CZ^Y1Gcf5nL)4Rg3eDHRZHkT zbU(OfK~!Yt2R+zEYsbeB*NN^-!cTrPUbyzigmO3F+t}{EGbj8QxYvenN$po9F~E-x zemos__}tIC0|fj*nrJ>I>mWVLf|K&S*7f15BS#0B7QH7U(+R@0EB*L=;2WGb~tSN=aXclk7N18;*FEP z*Y%N7cb;92F@EQQ6I1>{BY2U-3pOzV_hGJFlrSr`?$<;tpyk0%_O`|tCw+n$CFEer+NGe@!smRx!KVkH)!ERfm#O~RkUep$eueYaG+5u@&0 zsnFOzvSK6>%U=ZYdXw}!o14x$#>uR`92(s;#Q*{(I*n6ppQ{7$DfA?`3LS#!mn(Yb zDqoWDogmt2yIRig$ioGJ1S)t7#^v2Cy{ujiKa$R#_2rAlf)zP?LpBFQ0<~eEhS#}Y zp!_%gc5@+5mU|lT9{U;))3&WD3vM+#1?(SxVk6ZD8d!+3;-(YxJ?IBZ)laeX4#OGow%v5-XL!W;UIt<}-H+_( zobD${++yO(0I`aT12|=WPf=)P27{Y)RKBRYYbhCT2|!{gMPlw7AIFAci9_L$(EHbY z$A{pA?uVaA#Dq~W2c6AK*ha@kxxC&Te9NuSkFyhQKaQxL!^Z?E2<*a)iXihV?Zi1c znfe7Mw|bA+wt5^jbKzb3HMBrtekr91Qe@^`D591viDT;aTJCF7-wK-ZJkaX89P40_^{`;ybeO3>` z0c^!<9TqmI`Ha%@>g$Or1RhxWzMnApH~MhzOc~PsAkUCybi|8kQv?yPVCp(?1okPv zFN=J@Izm0X#=pgly>ef?-4G8DQ|Z@s@8{cAjLQ&nfMBW7VZT^xsp%iMSW0(t9unh{~XEOJLd^6AeF{zAgrMjg9SY~AfxRa={Q%cUK8gpk}B zqC>}%7=_`hqusQ@(~b;f)Q>{8y=(hc!{?emX@$U>Me>o&e+LWng2l2wd*+F}{^8g2 zs_0yVq;}zUgA-!?_%hAC?Wrt%o&E)QsscoB?of$7cNAZ}bObUPzpV%|g9Qkuv2bD6 zz2Yq0_wT^}DG@sqFvc=DU#qkc6)y5-EA|9Mlj8o--oay?{Gy+1Edk&TCsyAc&&BgpwaYvPcjm_(nzrR5E=19PX?&Yi`hsh)s8O zRh@n0<6+2p{Cc0j&VrC(gorS!XN}wd-hetuKaFNfIgYVmV)0h+uk{h_B>OG#EMHuq z-8Zp_1Ff{QE@x&{D$t|e-?)wy$?@hMZO#xOX=}=<)fOw4w_ty*;K9N<05dclC&rzQ zriIO}3uRH%i$O(S$gc}07k9;8mk^WbDu1$dWq(W{M-cV8hgora3HPksM6o%=+DxrU2+~Y}7qc-aM)3uTh zqjPR=yZCz_NWY=iUK^S%=kCACns%TCosWSOikrS)tzYZ9+sQyGCUY-$N4+gS zNQLXhK9}bP8TPrbVUc^DU)S}Tu?5m-JW|E=S57c%pSz{Z?J@y+WXsltX2K)Dxcz&j zEClD1EFm8S18SE#ja8(W^{L*Dn%udZ1qs$RWsv+pW}ih*NdBF9K?VCA6AA+fQ~uMG zeeB)rbVCEHQfU4eg2<_xE)QrZC}XgHj>gJzxIP}26&p5))t8_Omyfh9^m9)Ip8`8k z=PSMXU5l8Y-XO62yD})LYDeO8RX}ef8P*)a`uo7g!rY37%hD`Yeojr5gZ2-9TAV~7 zOqF$akna-L;+ixoxFfsgiSno3o-37nFt)%4uy6FJPr6Xba}OpGINkV59~z5q8*g1d z4}-TakjpZzC*ax6?kWv5tIKdQX@QJ*o>qf+tAA$GH+X&RcvHZHu8c<^Y!bupz)#pI zgxvM+T@A7>2mOgvPcSb(KEkXl!#!v)j0_7P%Gdx%d<4Py`S?@4EI@EP!FXnm7H7Kn zV*UO^a4`#vNms@Fz1(HEx8K7QXf|-t#!vK6p$nf6r~|(iK7SJ5`JRNz?}_dZ5ef8V zhB2B=mGilZO#OxhL4m2E3->t@Va%sEXB02mkjx|6Q;O515YoGN@clFXEoW1co*w6E z-jhXtR&kcxo_nHutq$W~vXQYR+&_cEXwEa?UXensj#fu6nERNoUErvElNUU?($VJg z$QVQJE#1ymq+E?kzJqBMb4JUs>w+7%u+kw7jgbMP1hc7iylFjN#U3FEohlOXVRj zjaT$(729E|&k?*_QBozNwhr?}nBByL#S>4I0R->8y9KpIA!j_aU@*@`yGryykKyo^iGxvCeR%0jJ;`^7 zyLcv^7<{5)?t^`X$6-;)icc0?Ez4XMe{TD2dX}#&(?ixD?)N&LxFjF;guYyLTU8j+ zd$TqUxgS#3RrdG8#gbp|!!y=WtrNQ~Ab}CUByR(MjIH-VJ75YO9Aa6jL5AML>9^tj7<`$Vc z-Gd)WUh_FM!kmAY6t$a^E4++lTb#!SS$8PpVILDS`J7RYQ8^JB!=J= z5+JlhF}3n$P@wd8w0#epzn?c$~P{nbeGX{H$6{uI4mg%T~?wf=?zyA1^; z4Pvi}b@Nak6KZ?{xDtQhS#6Qb_4k7%y^ohLv@xr5t31#u*V%(u9HZwp2&s(BElu5P z`L4Uww+#?%DbDtdPsfUUqMMKy&+nd*04}soE=pG0>D@A~0Wi2{oYCFt2$OLY9s{$- z^<}0G)EGrN!KmA}{BQ}`+>TLqD=eP6dm2q1YV&KcgN7bKB|g;I5$n|+&7^a$%$dng zq49jgr{_EG8k!vL!SkWM=nndi*quAntiLO11<-9=>uzcBDLYy-)37|MB40j6x)j_e z=8VD?j%j}%7j!UJA-yIcd3UD@7Tl1(2A}@Ua$&=Qoy!gxV2Rm7Z@`JmTVYV(?>Bw- zXf58e7%#dY^$zWmLyhEe;TGRLn-QGhcv&MO)_>Wz(jRlPSokFdN2oQVo`);m7Wu!s-B#wWC?&T@Wqq?&mjme`Sz zLKXGf<;>#)_|msJTH5I(?Qx1$VIdHaAyl+4KnU_1dEc3VhF9D#C##9!34L&wi~{Tg z&giZ};C{J4*-6XD%|DbzuIsybq2S=|^zPw%t2o~~f$^QNG*ND8^&WRa%;W;7oxPwVIoT9E*FpT=kbZ_*6 z+=yrMw^2m)A%(s~iY5hiW(L3U<)Jfvm2^qIa{n&RfoRM5_dO7P}b|4WNB`90RkV|Tr=0mx6^xCo&G6tKl_gGmLyJI z?h|=arcR4xXY+3#cez}jRFGPWoXFSZqjm1IUg3^xZ+-xW)1%RT9KL%%1{3ryw%#I& z`CU@hujXi7X&Lw)B!#Yhp*H<60cGN_?ugfLa$^q$>AHcj*}YnllX)g_GP1#K!ZVM zI`$Tm)yXRmWwVe?&#d7o#MREW{Iu77N3d_O{!VwS*3; ziDNg#Nrelrz-1bAR!ll61wE28qp^NyVV`KiUkyC`Fn&zy}qyG{=p>%)87zCCq$XdW9{7bDKL*)M#h7>zNRtI;5>Xv?beg|hF?a^46Y~xDiKfovIv;JL*>0|Bj#;jj*^rnAw^yZ3p&&{Zycsl$=d0u4# zU47qV-oB8v<>Us%`B^Cyb%|PSP!Y`ovgSF6st+1d&^j001W2xm-@;gO+cGWgZP74D zTGRj?J#0*INF~zEiv6CiiXbR6hii}UvEI}3>rE6WPGOTrnB9_RgBHPPIJ`*rOdr`f z$bb9iuE8FoFYa@FVF5@si%1&W2$`?ZhKVcW*!b|2*v@BjZ zAD+u0Pf%TACxoKcGcxBr5ghV93iE@(T{E0`@czq*9etg(8?6rdyBX6{I(W}gXLP;w6( zte^-t=)zt2*%d65=wo}OdW6nEPx}bnJ@RnAOCx{X<3(Fv0WP9Su4YH)C#Aar7z)pT zFB7Bi0NJ+V<#iQFiX1Pjv^~TQFkkzYU9}T#n!h@?--P6o$Fv$)Wt+ul9Wsy57I80s zf42&3#w#p#?3gFb7KvRXz0QneG;roAvUjsHEs(Tg6&l`V#bsbwC{Sg~>R12|LN$@j ziIFcS<8!@5)au1h2tIxUXsb)I?y;GUiA}*YB67mYV%gDIc0Vy}QqUQ|EvMu3-S-CF zBK$bH3ACK4wq7>!Pe~jYaRonkM@uRNly_%%uAE-dX^(*)3`zg-T*(Eb;Q+R=y(GnR z2W2T9-6PVF8aV=c1M;GmdRjU?TYL`dzrcGx{n4^&gBO&CcFt-RyYOQFZycFb9SKe z4M3S!CL{Ay?28Y8wpWjcv z!nKtt`-Mg0?Ex*G8$+uS18Xs+XjTLsXN64lq#ghh#^X2O#Ec&o2gk%eqnNQ=mOE<0 zE}{ENS5#oLTer&%BkmQC19l51#4+NPJbujuk{Nz{G$5<4iz#r+Ge_f%3Lnzt zv9D}^iFendnSV}nY#pdOarI<}vQIx9ldR|fWIpwO&glibuYf!>_-|b4k1l}Ze`&4L zr4`(ny`TsWip$}C#iv@8EI`?TJO#R|aQni4a@@#qohMd?X>c~sg4z0_MYarU%eEqL z8su|jPhs$Pm)wOXg#y_fTW{(|KEC^c1A+X~HkK}8^9U*oed3tMZ_Rk*)!EYxWYiRf zofx2iF5va_=j#B-lDs`z@gcoVCq22MssxKhFR+r+1+lJ@U#Ku;$?$p@BOTQvwlNK5 zvTgVhq-sNMe%0QjL3td~5?qXa@t;GOu=!ku^Xev){vp4ed(!ec5Z$L4X|qtJPkL$< z@?8FevRQM+e6a5f8v;#bI%f;z4YG)A*JBRmD{K9 zF$c77u~ok{94^U0-LtF$ec{i4SbthQF3MM3+)xg<@;t72YYxzsm>;!!1e3*^HT+#C z#h@O|E2gMhE*OGyfHLKAM^W54md*oR?$WRaj{IIgM{@!s2Q5Vx7GTg=iqOvJ+zLt9 zKSN9TrrLT+o)8RPU|6qs1#p4O?|@}moOgDiV)%LOR$g@nA#o9QJCk>Z<&GMF8KKb) z_#oVn3M=kMWNnR(mx8HU=lIRw^6*5XLlj?cPd~mcg^1E(qKEngt^j+mtdDs*Aanrn z^1OXhTtfI0p$E=gH@GuPZgmeRPK4W&Af(fEFJUP{L_PNbM!ga`9*p)V9QOlZl~8K( zI9OMLGthXPJo~dM{vKI0Gtl^*>(%kb8%!Wd(sF9(Uk)*W$e*ZcPhy8kg zp2ADRJ@x^BR=K=mn|?&dK)N#Dy7Z0eax(t>(zH-T?F{bGMh=xRw1vcUT|4K-4z}a`Kc;t|vHF8R>CwY)+Ca}S6le{xkjh+Ar;V7U8g~dq7P##Oyw8XykB@yJ@V)r#2>`n-y|)K zKMZ}5@lHe9y<)OIFE($z_x!lUXNLD{pI!Apdd_$A;ntF1!FZb{8oc_$W=nJ%Az<`AaXNC47g5>T zU!-R;J0YEf1z0&o)_q0~-svZB$W8F(8?8dqVg>Z!2G`hqWq$V5x2?s`J)XtuJ1bCe z=!T6w(JTKXB5GhuhGK;I5}nglE`Hj@k*9NhDiZJfN@)Q)=5e~7-ZD#Q>~uqHj6N-^ zSq5rjvg(daBWc|!MP`r7AV`#Oy+AWN{N$0p7kA=4eN+8w#+ix6HPlLBK$m>>I9ueA zzZ)&6d1q_i5Cps{ye)E8%ZJwTBI-smj@JBt3Hm^321*lIJf=O7LT~W>w=4WR<6%izJ|c#d&C2461k$E6AQ zvp+o0>JZ>b#~=Gg4UmAT=g|-CzJT*E*UUPrJ-8!l%uvHe#!Mmd-RjTQ=O`QouNH!R z+I?yo@SjllwHS7zLsL|W@Y}-8EV3g()6QoN~sM^9wy)?&ttqcPD{NWRWZyR;PJ&^YLR>#+vtXC4AR z)gxGH+d`V5`;%`44Vs!4Sm?2ntvp0}zDmz$Mc0DAmEz@(K_e6A@N1RovRWJ<;=!)+ z2Z&(*u%%^#>!=c%JSbY1XcJDK(V99o+Mj|J`VBaT1zq4qW?gLmF{Srz3OAkxPwop4 zYdS$9X=ErZKuz;2Y3?(!Q50!p?ZPJ(yoOws ze0krd?jc4u%=o#kW+|^~rBe^<9NAyiR3l-zySXhm(eWOrhH-V)ayp?Ue4wk+qW=tF z4yRtfDjqK9p|vEE64L z_njro8b85!>H@-oHlZ<{(m1NzNd9mvfLpvv7j^+AX_K9(H6657qp6;6^vq}5hh}J~ zwA{wm6wStMUJm0%C;aPkPaoLcG3R~s3TEBN8Nn$iRucvh5v{^Dm_!E{5L$QOSx%+5s`Kr_ zx710og?7m3<76y(P=Q_$18Z{doAVyJ<;Ha^%cB`SVGg#!a`B~w;^)Bd!W9j;fePKn zeRVe{{)%e%#}6xxX>qH^eIdQoi2H50i}J8<`A+8ot?Q z8(MZd|MT(TnTekk0m=CBy0B=lU$@8OE05j-G#K=Pa90F}x*39mM*PBNVIGGQe`>KM zV$yL? z4GHF!rz^5=_is<;B^r)8Y>Gcv z1Pv9f<19hTjs+9=KPPqXIiwATHo6xvH^coZS*bMS)jNY21P29DmN$Pl__A}3x_`VV zUdx*1@I}$92OBQO2MH0lGoOrA(#CtCcF(ZKt*^L9&hxZYkneGJ`0MY=oy^2ahN`{f z?RI`gM@E)zF*5dOetTS<_qa~l7TEs0Ws+friTZzOlc&Jw-Zch*Tcew?~TP8_2 zN$wktMewVp;u;p>m&MGVGnpo+o??YnKkThi{=Iuqra zwAHD!CG3M>`x(^!T3?dx5Jw&)s35q@4oPWSdj{f(+XnfEr4B(HeRCN5Z3Nx^UX%Uk z1&QlNZlh!K7mvuF-W3QIt%MUT9lW-I4EF&JUL_DTEdAI#X2}ypaQT+2+wD zKB%)!-7J`rHwAJLf+366kE?Ah@2jhGy36 z9A2WDgk9ct`W@ryDcKpCLJVI`K@7rc2JfOMtf9Ju$g+9Xn(SB4d_AxP?N^lD_om@{ zLk<8k-uWiO93D5ce@|QNzuGsp#8V;N`EeZSEV-yo*QyFpGGDX!M058clu7rDCs+R< z$;qbs!1!P<{4%-)JNx!Lev?Q$>&t812xvH(mM=o>CI}P#MUOW#ToN#{ROBzi7rn7l z7y?SoZkT&--xCl2)oQ&thu{+KdwLPl0F;m!3!x5kqvpa#>86fle>EUFIe@B8djO+A zZGPUA+uAq>8H0Z|I+{GMI)SpxUz-h7%0{TS+e2-S1W{F~Z2kh@xbG`Nsq4;s%M~}O z4pThAA|^iaF(10y8*P_Y^c{9Us8>4kOwOPnXXf>31?aDSkA#ub?hVbsb^P5bk0$%L zefUQ6<$wD1U}(SFMop3yB&Jcn*B>|T7r#9v*WqVhBbF{dVY^xNj9!<+$*!(U=m_4P zB_{TKL-cEM>&+h>W3PD72M+2-JZ9mu6yIcy{u$0~muf%=`#aOIZHm$+0f`?T1sZY7c}q*G-1(KM|Y zR$b}`Xln9%d?T~VTC@D&6U;ysHx1Qa0~jsXUKAehE*qT~?yT@$Dr;lsbk~RB-y!Ym z-uE{#y;e%m*kBLW&(bGreQ>bSK|hZV8M^gkoH4HgJY0K!QtaoETgDHuz5CPA*U?<^ zwzJO4UYrD&ou9zEAp=CYrMN`t;Kg!CY+KD)a5Acm3y@{9ZFunlMYvb}fssao44Tt)Ey^&_Liz0eOvn~VU5VE{8Wz4cp=rMP z`Wg?RrdBD}v~an7Z9O(eq5-IDO&0c7W9H-yN+jKGcg5h20m|404JfZa*a@xpKrIBra(HC4wX1Sg|q_5TCxpPod;=obB9 z{TwHRj%Rz0{P#U5zbk&d3&9lSX~qX>3(Ji*7OT(}mm^`PlM@^5wt7 zgijgklXl;eejDnm)MS>gpW!c+4S|{sU}`%OpziAFnx=4j6P`kf+B!H-R8F!Loa3_N z6?pdXu`d-#b~s#>vmzU3?9V)ly*!t=_HIZQFCgFNzeh+(iAj7{!>&QbcQ1=-e_s{{ znEYc=F2O!>N(G)#LY>D~^##b?*U_OEa>{X34k`B3$IiuQ&yd)_{$F z(a&s8iJk^O}P6Ca!;$r!(;&e-fhd?<0K#=5O`43wRKZ z;xr%0_DC&cb6qXQ0aL89%k(@hA^HRu##9;bH>`q)$Dmqn$>;omw)K+pC+fszl73o$ zD;EHqKI&eKPOlZP;{AMFg0hR1Uv1Znz(JBzq5kn1N22$h$Y?9!<1sbOHBLZe!EnMQ z_`&lQ&05yaj#WW*aEz~?D8!?`m*6wsxy3jKkfcL}1-%6x1<7ZLqNXm47T8gAXpO+E7+R;7394;z+kA;x=0HI^Ii8nPd2^F?t2dx4rzcu@eCaD zO`Vv-@n)6_(BrKjf;-!iz05F+P&brh>Lopp$t8OGSR9&mzbx?2p9Sa zd`)OCWtK9?BwZh+ehyb8+!fk8SL@JYjDmSc?orOAO4VnV_)oe4KrVQHjNwV&`VX}A zulNxspl;&t1}dFsmR`Om1@aO5(ppYO=xIjA2RK)2&;35VV9^rK+MD1g`gWeraZXR$ zaOKXZ@;y5sw8^1wJ3VM%6rIs;O?G)qHt0RBF7*;%fmawKI-`rue_reLYw{;6ES%Fp zzqwyXo}q#-pN&ZC#uFCU={`sEJ#j<}C2=1AIsiit=EL#LD`u3paX35!|DRIFK~0q; zgyfz&#qnI^m$N_rE)t@elfH*L*`p(w3u@P3^-%V{z+8DcEc(NrvJZ}X6nte*;YYhH z0J9F?^S&0~??$+cAMvggGpc>Iqc??2xPT507`6J@H2d!rVYrChp8q0weV++g?2Ti7 zd2_+(yuF6#{^}nv(Rg~^%>a3tJa6eB0Kw{C%Dxo-(u-7n&8mOHgvNCqn zb^upM^CQ=fKZ3AXv*;JbpXrUHOyNdw z>rKh7e$OXQfhFt97j5nw?3Z0QNa%9+w4y}!a#ZFXDSNACh?KPN%`I+s0zNvW>4~q7 zt9%ar3dUja8Ti_4P%ZlR;7km|9QBj$JfJkol&tw)?k$-5IDBy1~DX{D5ZRZ+X~ySPk6D+2iy|R(~lQTRdJn)D6)6yru^5dLPUBevgf8 z!?PLFGH`<3d=u?BH_RDg>Q!HSRWLHec7sBWv=2_#zpiwD-1m`$ctO*SE!}~?Wzg=P zN`eIS%j-}zTTkd*^CnfEz2=}P7&ox;*k^_c4!o(WD7qh>b?NpWD9zr?-57psl(j(r z#0_j@%LRhggfI7?5~Ei9z;QrQrL{z661uCu_D_fmd-|+@Xz|uP4#JqRLb(r{z{4bB zx!&XVJ1h5a@KH6BPftd2nU7L}@zY(sXT{mS=~W!wdlQ$l&x{{|;c$JF-eOo}gihOi z$|jS4Rj);q?K~q{)-|OzA{xDYBc^xS$N3BGoZQi55>_iD11Hb74+HTkT{~D;%lN@3QV0#N?2`b zBA+91E+C$oGc4b`UCP`-?1(2N+r2wP^*+PU(csAgeud^t?Tx@fRG6m+GO{?qA!(ua zqf_}&OY{U@7Vay1ohj_pwuUI)MYU^H2dFKrjV5q-_rSkg^ zT!9RG1A>Tcg-I|K1GqW5^JSlu_e6*?Y7)R(s1-v?pn_+7^Yd4{0kM)i>GYG6^nRH} zBEtW#sz}gu;9EM9_w#WLgVG2hqPn>CK6eyIf9xM&onWiZ{eph`Ii-zQ_j=ef1^CAm zQZ72Z51ciuD4%VK?vUyh&CHuK$Zd7>+pwqNG$!me*o7~9&Gn9?7QQ;@{Vj$j8O>zdAkeZ&>A7&lk9y` zxR&TJyiXeX_f_|2lgwwnnG^kHB@Fd_YF7n=yVRdg+jiupZQV;3X`I<4CQ(wPYiFj@ zr+UzCK_%7C?8nWvU;q#0Tp#DRUH_ux`grigBp~&2TIC z9R^^y??dUgW;Hy17IKgx1Z<#2Gl-7IoWWg+i|QOb>JT7_pVlu_{3hHJUAR=e@GVtK z&}<|?mUd$y@r#lCoQ+FMerx*sM?s)fiquXJfKVnoUlY8*z(4j8jm`TOUS5PW1V8_V zi@9Gk3GZ42BX2FMO-FhWpKe8?5sthjW{y&t=b{iCpS5mVAt zi};DiDOj8z%tK|_BhhmQH-HGhqhh#4Ih3}<$dD76l~D5l>A!jIVPR$Q({nDLf`3Uf zk@9G9w-v7PdkHNzD>S=s`tdE1!>K9tQ!ZQbq2e%9%HcYf>(lBSMz}2VtH%jXJz7ha zKgM)kfVNxEKj_1s^%J(Z^6I!)9WJK}KD=jpfBhgN`$qbH>$e!`V%@C%F8e`cr{KIj zM3tV}^%!XctKMuwJD}KO!x`K;yi&yke?NOd%tkW_w+}Oa53RuA6Ob|cG9D>R_@($H zX&(KV`TLx0e<}H-QruHr7L=y*EHq3@e>CGw!lh#+`>H;imwd8 zRmiDk!exkJb{v=GlcHx_GhKstCtI}+t1si4LC#$jNTH;AZf8eOi9@U0# z7->)TFTjz|+K{Uny{Sl&Sc!s?tYz|qzO?Gp>h|;5_O1%LJ38J~?_eDvD^0H5?#+rh zRMBeroS6%mwU@z(DIgje_SN*Kkn)Ldb^8+Lm;JrC&8^ZE>mKjjz3kHLLH08_)Bw`8 z@qn&aJ>@tfrpR<7ll=}XIAE@|`=!S;LF7T7p|8Ayv1@T^t_>{M^4lRx1-1bd$%RLG zm5DCx$d73s6tW0dpX+7TZA9Pv=UL1@5eDK59{T>6`0*}$QQm`T?5KVh{5Ih4`iMRn zE#4z)=9sPBiA55)sWfk&=?^w4@rpN$^qJc~7yJoP+;_Jc1qV3(Cc1lE_IZYqPCwBS z&^?|44EOj7fk=U1NQper@L}!&NmhQoBuyF9c%vJ{!;QWo>n6J$H0TCs-`;9U7y@a)48bcY7YuF5e7h7=`@C zm&HT1jo0r-J}CEyf&VzebUG&c8UV^oyMMhVW;)IHd4D{tvP}}#*&ccemJ5z)9WiH8g8d!p8N2@i7;7aB-T>NH6b zNwM1JVvjmfLHjHy*c_#1BLpRrcD#$6r@+#z{cxOmn~pM{#8Bra#su-)KH~=4t8Cz! z_}e7hQI~yZ`a1Dr^g5nD#&$lc{ycr^!lD}{JvXeWU_3}FaMKxHfzD; zx}x9QW2F8o$vsh|!3e&7K3R!eF0A|GQ1)fCbhUE|vE zo`t-jpGf2Q7(aNG5{M_XunsxO;UQB5sx}5l0ThgO7n7jw>5h;1S^}&yhtG;>63qxHi zrQqLm@&4X+#TJHBb2;gU;84Z~$#tEhhF^L=M!Ubl_y0-31a})A(N)3B#fNo?1(M_X1Ri%I%)kOj;LyjK+KZ@204Blnep-e;jj)VO5-X4|;%n`F$T zB#xgPN|Z*~Dy?T4tWD{>jZwj;PqP*|xD`3a8Ahj4@?Ad%5<6Cly9*KK9dTvu%8{>O zy@3470X&8SjaL>f+5zlQi>K#^|2FQ`%-w^t zQjf>)^|;WF_tbYaJIDK0#p~X+X3FOl9`I)*$EVU-W(Up_MjDfOdcDqZ{5zRjto(Iq z<@+sd{K&Y>ImBMLag}RRwLr38ipQBwtXC0ir}!qzJ&(q1kH9`nY@IVmV^lvaFnPp_ z9Ph>9@G3c$_ot&-z*tuO?V-H6aK<2LU$o*M7?7Kmm~;A&y_9dA?@C7%0s-aq!_T^+ zqimrhbJ@^@-8OFsVzZ)`3hZuh7%P@G(W`3AY#BGF`-VZ!NP1qLLByi{R60~&Z0FP% zbJuIq9omEY2qe%T-f4i^7+lc>a z4v1c!gZ(3ZxFhoydOo!;Bc#w8I5AQh=8ZFcfqeQ_#qDS*^uRLvU*aD>Tc{z2mhS#0n7Rxj{`q`svDTEM3_EC zbsci>TL9+gNkQbP8Xg?{ev+}c+{^uIZ^tdrMn=U{U*pD+0Hxo;9!((vL<4@vYgbMU1fi- z-cUqN@kd|FSW*-ODh&6)0)JTKxL9bv+5iBz_o48q1$3C}9Wt>=PwdxukH&0irQh-8 zHX3LE<7SgAGrG#p-IKr3D z@88*Ff1`9T@&eZiw>MFG6W%C4r=QK;ACX7qpk)B7N%O>M(ez@pKZ3!8K*6)$4$^}U zcwmr~@I9j;(32)>pC8z%=(wLi0HJp%@>&aStB^q|mv)PX@tItjnve3r;%@rg+%qNF zw2xBoUkV0XEOFxHS{IP*jMeru33>sg*OlCuPANz_Fw-RpRNV zlgVW;rNp-;xu3~#M}jDn^GW7?w^9Y?H(z>nNS%s4HJY#uZ;K=+fG=B@U$%Xyz*J9N zb}1V;BwQ|EmG|if1cx|CSOv}buY~xZCM(}>U1Kg!w)vMRJzz*96(EpYI^{%6a>RaV zZJH;UvrdZ7nna2gXAp?7dIYK4GD&((+b0Q|VBmNjpYdJo)hpB>z3wf@Tf~RK~@5 zeP6E(zBltNUN$CGBbU4JmKGaO@PU*xGM8rd7HV%A+!IR9GXc?5I;Vo zPbmYO#%K81eJ$?z`__H+maZ!7qOxrH$o3`T3Bp)q?WP6i)&MerBLsBJy=WeUiy)YUry(imBjF~UI8rLr*=Cs zy)$1*J#3QWKpd)Loj}N+oE>5Rw9!5ggj)y%+ZEZ1Wl3}cocG-NTjK#~v57CVbruth z>Z@*b*u@#*R92Nk%n`7GcWqRH)?%g)i%O8<(CQ?hI{^go#PweT+FdzzntIR=&xF*U zp_y>B=oFzQC#94UT5J zCRdq9r?HzSksMq!mk-?tzST0T4=zD<$D+b_S63BL-j;}X!9K~bx09FpxPks-QliR;Hb+QGME{t<#0D6V_N(>2Ayk_sUqn_^h`QmI- z{@q(lXMrwYTBeIV@E7$NC)Yu-P46=VezT!d8(*TYlR;FsM-0r3xnbxl{XQ+dE|b#N z{<5{kI|}17AdFR`J~iuLoT^#d);ssT|BL` zy3nM4{~A-zG@+#V?JJ1MPG~tV?|umDg;tn`+Xq8#;G@$t;zD5xyz%=@WE{HVYcpB+ zhhRize)f?=ezb<>$ZlU2d5u>YFG&(Fm&gYi@&td>E4xnQWWlf1g(#j2$Nbp9b{Gc( zUtD}Sw)CTsn=GXcGbIg1B+5e$AhdTIiIh5_gN=f_ z@qEp}qIFX7M*Ug`2#iYJ>%*CF2A?8#Rwf-IR^FB1O#V%B62=LqQ z#%h#W)Iz%IU+mQ@td~#)@ptp&So<_iU+W+Q!V8d`0zNjhgH4p^TwA#6&8ILcd}+Q( z=iY*m3-JZk9d-x_b$!0b{WW#=9CPS?CcSc zaA}tB`#Me_2A~z^iHWHu!~8exmoAuYxsCcxI&jEd>Wjg7ulxwmK$@c`y-pjx+Sl%Q zVuy&ub&a4=XxEnQ2c&BvWW5cSPV}A2gn|MR);`7;pLXYg%p70-GhaV`Eot`d~ht|?}7IN z3m`z76pb(3u-5yFW0?}v>n+W-HP^NT-e%4#&|uzH-;^sJPZl~#{KI#BN&Wa8RoE9e z?7PqXcCGIcg(82DdlfzwxS6#`T*fyzzn9%n)wtkWgy2go3|N-zvv`pVUN;iHrz+;w zHBq)^pYUHu*O;#B#^SI?T@m@c=tAJXGW;nj#-#^NPvNI%!cA^do+YgJYt%7(h^qNn z`tf=Q6I<#!TRS9`aXCBl8H_s;Xa4R>P|qtN!S_LDp~>JT=HZw7M3>_9$rff&=I+O0 zeX8x;)$puY^bk{_F%93d;JTjDV#V%f6p|3Ti0d~R-nYT?jZ%Fa3gJV+XwTA~QniFv zQb#{JhoESmwCZvs8{)6~0SQ}dfp%{e5JMjyE>R=7So$Em(PrZKR1mOnadD(t{>)SIr3pLw$uH_=xvQ0pRZp zhhU^k9@0McR>-?>)cw8~t@ruXzmOmaZ>Uyil(|0v^swvpC_lDeJyg#09@q2J{oM|) z5lweiSnUzzo4n_3M=#1QvJ%BoDwXh)y3${&EpHs=`W|Qw0_~t_;`?uCKR0s_JzRDq zIe9&R3%t>{=X8MKo#&Yo)LIx==tLomjgSsq_UTWAWJRb>QWC0}Na&fMz1UQ0_uljo zpANh6IFBSxc#8F5PQFiZCx>8N^?CkQv}ICBO9Nvq(9-osU-vYf$^V50rDR-Gh>DNr z_zD!=SJ)CtK5CbS2Fpp+VdP5qzDAvaoW~!XuUlUkDA1p}y_sGC3y_#4;?+Dq0@~QP zGb*d`p%~L?jHzC)?$}v;jN+w%lcwQj_?;bkf7|GWXzsd)TT_fNMHKuaEl$kHgz5@i zuhzbO`76r^rWFchAY+O}zmOX1kfEsqJ6BO~J?EqEXEb@OC?1J@t+3yXsNzwjdy7wF zs#y0kP1!$^u4_wCZHxYrB!NeXB0)0BnTupQ;Uf-!ZoM_|a#LL%w&mTsd z4x$69!Iv`a*c#uhTpkSA`j){yhd#vf=kdCIM=kr3oeq)UhT^)AZxMoXw~YbxHbB2% z|8#p$348M(&79ljRW-`dte=1{8eQPx!No^~3PE%R(k3Vj)aZ{~dM(N@c(EtKA*%fQFXK z0hrzyIEG?@R3Bb#M-|X%&~D-rvN?%&FfQs`4|+-FA4YfGn)fTSzmcE9$mtAxsa+9S zVU!xy1?p2en^~)$qklN-%Fu}q`4L)*xb16&X#5q7LZcqW{X(CvHh(j(=E^6`&ct3r z?l-%Yt$Sh|_J^-bPp{<6eQxKly7P&GRO>IIvwu-c>OzR|`m4Qt0GsD3h_Ka2=ciMg z{IduvL3!I}3sF3>-WY$_OTl;Qpqx-XC-s6v zNq|#2`uHORs?4q-Sp8NWGw!$}u>`)(v+wVIdrr{*fgzrgNWWU&roG~-K|TF+3R?S* z*6T}B^9-q3fHk@)B>b3e5_R}!tA0c|H+PEyI}WH4=Z^v`QV38Xc|M303N_YA_u&xv zJKn+vS;GpkTNLXmwqTZ6Xg={b`DtAD4IV$>J9m=&Fv{;o7U2M}^vWMHL#OQRhgx|Y zhKFGGD=q|dUZ}dy3SuK-W&CO?%@99~Jc zpHrY-l#41BcOKF}=Wg2Wd#F#@8511*#eDF|TlEDz6t4QAP@m%JLVJYR@CYNkD^-zf zBZruaNe6t&M#SAPPOfx|!95@v_D_c;Gtx}*uF7y_of|3Je&qi3wM2GeI{JVC;Ffk{~qE0RHR?uea|s^ytp5!w_t7 z4(&-O{F~)|d|DowgV$0s?|;VgXJ&;93^3^z4b^K#ZI~uQJBu?C?I^Q^$AySP<9)v< zIUM(|BZ+?O3S~(A2@eGK`QQrdVN_kp;lT%XgJ`o}hJsE=iQ%J>B(Qh5ADCKFi40Rle{$5;jcjGzJ6 zYKpHY4~Vi(s2QQgTAyFVAzL2D)pN)1bs)rcly8Kx3N&?HL~lY?iO*OlCeb_5!!n{6 zDqB4c5~SBWv%SQEd{W;-Ra@D2OO%wmT$0|kR{vWL;`%BBGZ0WC6%H!^6!uHmXT@Z) zzq4|@b#)h?G$*z}`mUS~W(R2ClaW{OI#3GJw&1m|$F>?7KV~ND#rVv?$t7Z$oJts!A=i%Wdv-~QRW@%raFu-r)rc0H8VQlDF)gK%cgEsBI6!-vvV~KZ||8uGTcB@cthl)M%CQx6S`r{71)T zwGey~9OsWO_tVxVgYzks6`4dkbs!?B0^TM#AqY+5xQy{b`u0nG49S!z7SSd}BRqPo zIR{AJgf7Vv&_~Uws3S5vBI9|$Z-`)0xO3((eezOr)E>|z9g=Ib{bFvqOfVgd?cuu+ z)O{qdH3Pdymjv54Sn_bK_RH1Xek$S|0nAJ`f%HkF8Q<2n-6pQ)qnX{kHFUI0HD||cKqRbluu428K%*}+s9p!zlUPo)g zFDCW~9b3nEG3ZUy)d4AY5a^>?=bYNx{N2Uqkw5aQiE`NXcyH&jj(UQU)bO|v5CVy< z@1!K;uInJc%uQv7z4DCg{!Tj{iwdgn34TOI(|qgwp2XOIO?I8CK*_9#6*^<~M zxafUt3;aAg5P<*c<0pv__EBe5=}m8E%qX^+QM0d$AM5*Fs9;}0dO2JI_t(6l?ae{r z>;gb((#eUqZQciXmhRik(WR}%0rJSjZEG&qeaF^USD;>VwVlI=3HH=qD6C(H#eRqw zt?>Pit}M$9nV5ghR~l`%Bl!eT9W;^IgO)|9Qq}hX5?C#y2b-}TG1Xl4J&%-QvzCvm z)a@(ONgChK4yR(l{aNvAd@|&>>5Cyn|BkjTB4Se8{3O342gK%$2>joV0BlTrK~f4# z2EJ&UVXhL2s%EGGGsFEl?ehn=ntl7Q$9n@5m0n>$|4xVdU@--oEtFFv)ZJIDB@dgUIa}$>0@6F&vLaEeB}*fj1>a}c zw1Tx_3Q5qM|87U%Z%z0nzIr*ndZ#9p{ELFRhMmF2?ZSGFW_fV6Dbs_1uvV$E?> zxAz_;miy3QC@X}%;1jn3ot$LES+@kjsDoL9 z5EjtVczkUz5o0z~x$oEeNOix9yxop|3xjA_e;aXgzOAmJ(BFQuH>zpBj|b=G$GPXe z<9>{HwX&RXRPs~c*>G`xIXJhU#Ds@#-?sOHfFhr(6jJ^WGFZ{Of5G>*oyK?b=+Ch8 zeDa%=P={TXcAuL&7pOoArfkewR4?uR;H7;A?n8yI%R?^7MN;11wPjqi6cO?{-GVo_ zdiCJF#-C?%P(QqH-f5qs8wb{gC?<-$wYcy?9Up_9obG5<_m{G>xyb{IGsH8G6&#+! zYrm#kGbDMRFL!C#?@7&HLk|)(AK?X0DRPn(9jl4p%cR<9XdtG0mLhr4-R!Yx?t7wg z|0XBn%D}Ny&m~x)y6UFx`wr<7KNP62gu^vquW|?r=3KD&`Qa<*5c)$~a z{60fEzY0^OC?P?$jOJ+UU-!=&?FY-?s|)iL_+CoSKlv;Uyf@OFfrPANKfkG0f}5B% z+rJe8J;hy7zq4t5w}XVQdyrO`YO{42BL6#9W5ex zhWlpx;#tWSQ+QkP)^|^3xDla?($jy1PW*<#tdQO*YM37`xG5c+xjWER&fuqFq1(|J z(7RTMzxR~*IN>(lJj&QRHHJdmj3wAdn6nuB6exu7V8c%Z#pTby_|e~#Q72&gUIYN= z99>UWjuQfce+IkFg95(MQaL=zT+c>AZw5!bhY^ju=pk2Zqay@;h;5E>8HmTz(Z4Sw zA?91hWpKI)R>Z1+so*#_X*gwOa%RD|tNJ5DI@t}4m;EAPvo_y^1ZtqKXfFwJJ_+UbtqLH^FAg^W#%e{#Lns4NPZGx_lj8ai@U4ln#O4|mOx`YhtvEg5vx4e~ly`1?!T26BO_0?ge{YK<7JtQN?v{L^ zbYeg#PotsJ>37BK=#s+gq?^(rv5z%=2c4Y(;(vrBzKLGvo3UI#k^SdTzJ1_%1DKi7{3*Fjr5nn)Nj=rE>B9vievc4{=& zPl>~zBZ4zmM)GN%w0?J;+rQ_rr8_zqu4#mrWncVS!wz1cIrQ58`jecIRaFF(3H_T7p2S)Y*XE`7H5~5wLumFfV_colv15LM;|KI7 za4!Th8rnBZP%qD7GQvIGrH;uFQa{G_WycQiR>_2>pZwZGu5o{X5DXz9d)}_}5H2$; z1SY|K!`69^X}A0#$-ni7wMQ_VO{l)?_HuwXoL2d6l z{9dt03lnqPl)zaIDrywlO5Kd3XtDAn!gXt_>Gl*uMfudOaIpTY5-z_0fkuW>1avcw zg|MLQ)~vAGd=Xy+*4szqiNnK$XPtBh4#tInrK7yx&8T zQR{0DHAjOHucyU=s+xU~=X^g9>vv8!VDkqTg}p%|==Ab6Si|4}Fz6oWTj=T*%ZbzM zbYOwprfaq=y!;HPmcFuwvW(1i>9O`(t~B0s#uw_W}tPyJ8_TSk)qL-z;l3U{3Qc#Ilao z^iSO|ao%rKmQ$)4{r zU$(DiNQzjajl33?0YKFLd^!^D0qX=ToV+-F`^=6Y)%)oFLrTKap7$pXWY_a%;fPDj zvmsXquBD+EkV18~v+jTa8FS3m5b!3(<8OHZdDF50?q)~hh|8!{2f9DmaDolp>G4_U z%UP8bvrnn#SAwNvRXw_I*SuA*2eF$AYh$eTHNfZ2fAGbWH&;gZTW@A6-^WhBp-1L; zzTFj@{DrsX>$eAE?~mS+`+cj=ftr$h@i2&)zc94$W~6&i)2ef2a?`YQSKMQ)BYN~h zI_{^KpBNW2u?s2lJPq(i=Unsby1y|BV;EpGgkIYIgAd5wFrRmAkpwhe@V-Cqghu?d zuk*e~-?ZZxp3T?&J!;dkomiMugU%r0IXD>fc>~3^;m%bBlV0~-k~t04zRHbdgjNl|uN|Fs113+sq_;b`vNJ7mleiDr!?nKg=-=L8(X!gFGYTgl zH{mq!V_G7)yyP;!Wf2m!+*P%?_~^TghGIgSIvNrS_N1p==A7@<4_+mUZ^NzMRRtpR zvtJV)|3CdSb{c@k^jN(^7$!XZ*Hw3FkSSrjoDhwAu>skw2dJ#98EZ*CjDCWPX#d#u z$8KD97b!xV+??q?#oPoJU3HNY$E>Ng`YEt=*Yvs9(@^(KDxJ_gbmWt!n0_|D5Bo_> zpNoVDM<8Bk_ByU83rb}g-f8X#IDrHxs4EQYdIJ3G$obk?e_C7P>wx!AoD_mo8y8VN zyXvo{$8@5IMS?%Fh2h_wa<&Ab*2GKKNOGUIgC3oZ(C=a3)|`+@_NpM0N0-cex=$=* zEWgGVj%Ag43yul&y3fyxOJW>F2d>VGr*|UHZ*QP(sNrod=%}DAZ@<62uIPXs)BV2ML*3LH zQO;zxm;4v&XQW)jo1*yRlrje8G5P~A+Cu_Y9;aj<$zd^64 zK#|iQ*AG5k(bWdQQiFf;Ld|>+}x&txf#_F@xnJe9)ip&oPn?Qcv69Xm~e}K#QM|O;iyta#Hb1r zhE*5^)f)oRftIjBa=j-j9E=)f$lWpY50J1WPq&Asr`FaqH;;+xcYH6nR~er^MMvAH zH^*Jm&9$QY>?><4GtDWiYR*#4$^zMG7S+Q>ygtWJ*^9T7Is|~#ytQ++luzao9e$UJ zBokrpVegah@G83bRb=w@bsK`KN48pdmvShCHpZQbjP?_5N&(h#`qrjpHSWx*z4#) z6%D_Xs zl(5e)&?0}%kN?n-xYG;-{ZX?LAN7C6#WAD;w-f2NP+(*7v5EbnNu0UF}b55hXnyCs(zN z?mj?^v}v0C_Rhw3NcF!R!J@Ce*nDxsepKm`gwRoX|^K52lQA|eJvrpNQEgdzDj1l z%V;6JDqi38Pn_6(9KgK1y6OG4+~j-8{$(IUs2#6`Z`R%;_!@QeTydrXmwapW=?+kT z^f|A7r11-77ct-CDG^qn&P%4#yEMx6g`tGwu^Btb+;PL1Y5dZ-QOg3T(`T87AU~B& z)W_CeNulXq7r^z$IvTQfp6ABP1}bOb76tIX*TM^-8xde^u7gQ zJp=4?V210Da}Lm*_)HLfzSp`Mu`B=@yq?t$w6U-4EdmW& zgUJ8t5y5+v4p+4VTtq7e(3DrII-V-1+T_r=5Jfa4pS$S4BIx51km{X4@ySIkX%>wY^L2HNsldOc)N)*KkT8uCQ_+F$9u_?^LRjrYCDw;)@De-Ww(#%Fwc z96Kh)raZ^2IpVQIvws3L=fzwOYrfph{bw|@a8oN1mY8Jc0CQNVpCa zEo32OcE9bS3yIRp%q%?`Bpdo4kMHoKjbY9MY5CYD#X9J=USBG`7Z1P~!hehVk9%|{ zVK1i`=O7B62_MC$8~b+6Pu!}5KYp0UcIHKt;e<_2lX$rc_wAFTANK&cv{Y!=C{z5t zFQnvx@>&0T_{~EV!q@Q)c#01$Ai zKuAb@-poc{z4Y>E?f9`=qkDM%3bI~2N|9y(+)Rh*3tfp}U+Jf)yt@|M*{zKA>B*cag(876K5{%D=qxu?hRT+{an!V1x_9?EnL7NsOSaj4n_h?eFr} zA5%~#Px-uG#gv!L8Mp9OUki!Pjo*`w{iLmbe!p+#$D;^EKqjg_6Wi`b1R%e?sLp43 z!(8COz*we*OtshU>ys6{B#!e>W!`Q-aaQt+YMrO98~6PNV!$VpJDzYs6)v`lcP~q* z@#mp5$@s%IaFg0ec8b!)qVEzOYT;o%fnO56`PRjDUz4d}uH{vnkp1 zW5n^N0>S}3nU7zJFV#y=EfR5hzo2VyR;uAB&$#-qwBFKrf`n+fZx4^UZ$I}{qU7|; zMgS>GP;)H5s;No20GS25n%sS*i7ER4X`YXje5>~pqQRc6XZ=3%U^IHU9U%Jif#~gF zN{GjPkJaj+ynfl5ZBZ6OO(l%7N3Tj@(h;$4tum2PhRaB`2Vx3mT9BD;#^G{kuKP(P zH^T3XG4MNVzL$ZgHJVa1sv%l=`99hxPKH{IhP(HE0WN#{fqOz#-sVEbZGlo!;y#(@ zM3XSUlla;5$_mOQYPlNvq1ltx*Fii$XSi&&sk}XfOUB5Vbt77C2&gb4UDiKWB^wYj zy&J0 zT|X=I^S@sCd)W<_yRbwJYsT(nM{WxVy$XwWnyOy9g7<5;_&W6!zvB`B+wmOEXCF-W z7A}oxkmbtafQ5up@ze6Oo`e#5_*Tz}cC)>S_s;}+FnHWLF96?X#+ef4>-0uLkWmZ# z37fA!|7z_8<&(1MMtXB3H1*rvsZcO3CP!*rcTGsQ z-t%G6%D*#q3IWjC&`)l?FwqUjb!T)j@u`zX!v_3Eu|oNxONUphri7x1%hr+pHj6TP zeV{_C+STAxfodpj*y_gtTJjW@glF(LFT+J@w&?zXEz~7h>l6eV@1opaF>@xt;JbU5 z^(%h@Gt361ZyK&Y?sxWy{syv4{6=Zgr%-+j6m=U|rlKu74NVtoIA!K}`X*%yLG~kU zl@ia9ChFp76HSTuN(tGV-b<=9U-PGIerdPwV*(r#*Sf!?E*#kLR4!DW;SM|$3q3(ny#mV6 z!g5rc$79uR_wV&PM=d|iBa2IG*DEWXb4OeB_(ScdR!h{%dT;M%A|3dKgYa0+9^a_u z`Cu;SX~~)oZ}W+xmGu?A{R<$Ph7T^!bH2Xd+EoT3*k zkBEHZy~fS{9`&mWjqO+RS#S+rI5!_$UCIa`$SPGVgoZ`8uT&Icw3tXbqO<*b6LvtrGS7W> z*Egc0%zUI5gF<2{JVy_WZao^xek7CXrSz%`Z1dWb#HlYv`0Rx6M6*^4)na9kLkSpE zak;wAf%5fh<3w;=J=727(64vSE-KRXdFH*xtc|CGP;TWPrM5w!>aM!_*zB7SJ?~(8 z%N&U;>P=HFj$0N^xKjM_>%95v7XbNRz&Puj5_8@BsVvaK+v$EUO>&h)LNeI>e(iC0 zTz%hJ@fCom_&Kw|*_LkEU)*Fk z)smO~7amIn!bsZFw7G$Gp(bTm3WaO^Yb!ZFd{L9zmY1T%X!!`zrNOxRk)%C1${Q{h zyAnokWq0!wP3I6&Tk0yKdV7n2Ze!qo`C!;Da^dG1jweXDsllh78dv_w9vm9^6Kbr- z5RFSL83IbQ;NrE6E^^T6meN7b16s&iX{5Br6O~JuEX;E((g@DSKjC?L z>8rKoLuP#re9_(2zRY>oLcu0~U5>{yNrmY!Ow{mwbU+0Qu`@p52r#%82^P|o>u03( zy-6~o*z7x(dB~vP1inzM*Nb43oa^|h%S5$Pk3>lrir4XyAE-ZvjpAsH=TN#uwR`b| zUoUr(_L%p+58J%lC4QFA>sum}cVf*=EO#{nzHG;vkk@*OK^YNy0FeMgv;Lk&_*->9 z7xZh$jg`eo_E4D+6ChVAPhZ$d1iI8c=+M;qJp!PRg-2X;=Y^2p4vTei;w&FO#F6%( z1syxFYuf#1Z$yiy=>8i@`*lAccHX*@y`VUYG>FMl%K3mQnT zIWwN2BRu+Ig=$=S*hG(bc>Qt)H1M-@#&+!>41Kn_czUfjmixBb)kcRpH#0zVy`}cu zsmTcWxer2!exx6@*4(@B_;R-uxZCTo6QBG8rLrlr+Y@V4_y6w8csM;<3`sp9ZslH* z#|Kzamw67nIo`h^GJum1C-4hS%K^H#3EIDkT1r1S&mfN`PGm~PQ~Bc`a3k8+dQJMi zn5I@U?J4--#Y+dquymTC>h}C#26aqE400uqkw_jj3m$~o_lO&HRV+ZVwqJXB%m;Td zi_;(c;Q3d(5K;K9(ak*6ME&{185`Sl@;WTlaMxTaf;!ao!v7jLpP?ipS{ua%P_f3x zILQPMTN0frUC_GA`opNTrScZ{Eq6_g9#E~I>&>m zzqprT-e=ODZl^+L0o@4+z_DQrp6>6)&k>^*-+li;I8WH^j`I{w%AUlwaEd$^sLCtH zjGm(|=3jERukrm^`|aDcmB?~8e;r*-A2U-D&xXC6>ccjj2)c(Kj5WhvyjSp|&c5C0 ztGoo+ZG}SO^@if+8askU-0Bk6QoSucB@h};)SoOO{qcKNyJo>V3B;J-sD1s%8M0DE zmsf=h5-tT=QAfLT(_wT;!e=G((jJmy9pJHVkOE&ODgG&_%7fn;+#1)}wvJ`14 zkBgW1Xo}5AL9lQ5u zVeti?JL?>f-9Iwvi0Aix0=nf0xS)(7VmS-Ko zA9Pr7DyOg|p0CwL!>*e{R(Gz{26>;WPkNT#7c!O7#ImpV;1oB)I@|(_FrZhluP1xP z-vv>g?(iywEF;4m5%JB%!L}|(z>hYIPu=SF$2GA8Mdlv$Vtxu@*{>uc$nkft{f_H1 z3h(EaS`cU0@+q44>EEx){d&Aaz-65#%e^3gQI1jw1V^p`IBM`AX%l+LK8BwRS{*%{ zOD-%hd&z5}1I25PSZ28A-3Q)hMf+>{x@|v_>XOnwe47trc9^|(#3?E+0zKTwv$>dPs`(}>iUisU5+b?d< zr|JoKLFn6_`or+RFv6qO=O{qP?$YuE{RtgKj$fVfG5z+Z!$ef6h4ct3jUoEUy}pxAh%_=!-@CSlsYvkp#%4a4@^ z=fvSGnCTjbdq%B4%NB_E)Lb=9d_|T-vEe(@I+prAV(2Z7Ps;8!;~YY=1(w~ST-OI# zf{gEXA9T9kqhtnb+|*OzCSKX^&x32`CR6t0thpPG!el$nwJJj+S*s%^E1be3J1|96 zL#Z|__56G9r^n987t{tD2`;XJAke;0pdghdb|2wLalW|UM0hte?{jZZq=!uFe!m#( z9TEVvGlLknqqnxZOMCYmr1OrRKm8%Rm(cAeLPgdNci3X$VCW7VyKnqLK@R>~A7KXn zteh?}rMf3(J&do{nNs8oqCw<%Q`94G8aEEejkzFELid z84B<^%7Q1f2{>k@`n{{iX`<(sOEU{?YbnFAF*Wy^KT++v=H9KS*FibaEgkp+1XmxX z_C!n#CRO<5WOA$S=J`zG0Gb95r}>TFm)>&4o~66-HD1ql{ks=* z+zjqAzoEvV@2T&EG6_XwCG?_QUgg_gpgQ}cKQ9TyXJzv2sM+ziLGOG}+|vqI=18og zTlJHI^ipR_P7*9{ULYE;GY{rCT5TvhTk`tpJ)_h6{$T(x(;?HTcyiMSr zNxVc9$iGOWUs=U|sIP4f=K!)(SZohjN=URuIj^+7NevG3k>X1Wzn89Ast?K;t`@$F zA-eP&tY8N43Lx3?V&XU3K2Fv-XdDm2!-%XoXxscoyyN#T!D_uHBu~Cj=!pA@BEf{8 zw-_4BC?CP8`fc-fKAOGb=3&J^cF`=KRqHj~w78zQ%17~`_MN|W=K5q)q~hAUwEFm< zKnr{Mb>GWCA%4s`Rb(19x=;S-CgD#%Kf)kBbGu7| zGKuE-v>$7$#-q}Lh*PksyL~IP%ia@Ulle%jO%|W4OV>RIz2gM7zSyid@3M!E5l_toX_ zJE56fLC@qV0G$1ogM$*#AN(^Mw;r4Es4t${XQvn82Wk@C?DI+65nc7=0sNc)L!5>0 z@bQ1<8hj4J^wS{C?M@#q+$akMfx<0E-4(K}J;7SqUP)UhfF5;(P=G6zzN&l^BJfgZ zN~R&~?N9mj*&zHSLJF@Ke(0lu?#dkF{if;hQm3DLegn)zP5QObmKn}8p2Imeb0;RTF$(OfNAv*V>HZOCuHma zuvUL|5KZ;6Y6bA<7YsJM64O{=PA~PLwLg2iby$0#$58VK)_ec=VuP=)heE_CM9?hx zu*~VtG-|YkdnYSe=1iz6f1?k9nSVsfB!ts1BRrYCv*TMo+a!lHhMpA`5;5m<*NBR0a+Y~zv{XVq4^cjF;EHbW6mqco6WoI_O@TB>uf#5mDSe%>}BL_H^T9b^-=A*vdR27WX9y~f-gc4yJTYAUncT7G;9vPE-2Bdhe^)+ z^V~H$g*y=VSKWuB^P=)f4!0g7KbqF>^qBfMh4}XJa68++OlTmTPDUQ*6c2J(nFC=g zE5>jA{)#(eNjsku;vl~G$f%o0YVbxG^71$sNC-nI?noYT(#M1mHzQA{_eS(9`lpzo ziY6N#k@FE#ReYKT0o+eiMW0?H^)m?bU}fEwIY++wEq5NZnn zZ=!)j>>fO4VN#34dM3CoQy$G=*l&%$5G$UNg}FY~dx}a=bJz6zzCzN8(%3;d-d~YA zxt_qC_VM>jx=GHcP#o1OXY~h9kmZJNO$S^ZwdO}a9BxyG?|ap1(W>6-hH*llJN7s~IW# z(+jIhDwU`d+qHI(>0eF3^vU%6tJd)2>Hb)O12@NR|2i5Ev9IpPCk0qqigu+@qMXPI z+OT8z60Qj~GhUmLkC{z{1PJMTJz!# zCNCug!~Fwgqfh>|OyobRf64&u8@8A8*_JT{F62)#o`K&~q{Z zPDGuza_S7rkWi8OlC?yJiXh%0kv99YqhHJ4Cm`Ocz9d{q8T!rQ!a+*#`hfrgcKE=; z<@6f^dXIT>RG8dv*VfH0LH!D@*%01>@#OSD;a{uCE9wr1BR~&zH?io@2y5 zbbPEzOLpji;Zz@DVp`#d7P0w12kco!(uDoW5`&UZ=oe3e<4ybi4eba8nPx z-CgtY#)!lpW+;W;l5-ySi?pvFkG&pgFVIUnuJ-qvc6aDv;JI5Kav9+#!CPO7FR+Zq z{YoExZSD{s1q$oOc>XdoFLgy{xO>G|df)HbzHlY2MP4luv8hto_S<=$+-Tn(_bxi%O|`ELQ@T}CLstF7SA&i{P$RLB zptyF!O12Zz6tLy)4~TG<-xEMsXXLm-TDOMbW!3F+Iyl=c5YK9AF*BQ9)whQg1fd|D ze{K$yWmE>y?roe1dw1JWLQ%lC6%Igy`g|k7yNl4$Z}Ej7%=I~aHnW%^`IxsRO>xBA zF$G}k1!te;XU+^BcNvBYxSp`Jv!4(P5_S`n^ZFY{;Nr(yAqQ1phaHTlY1rGu^74GF zB!4w{I4*bz!R?3&#h#N;+;2dGAUQPc?OYa@X#rFWsC7K-cHi2bPp41|ZzC<6Q0pvC z?Nf%hvcolVRl=_SlBPz7rw8oA6j?$D_~@h*$;)R>)1JFCtF?$`oIESkw8U!o6W&xXK*Pm4sny}4BR=4O^ z$HD-@k^PB;x}|9qYExg3nmwWwQqOD;d4qkEkHW6^trz);w1G_P_?L-`gtkL?vd7yW zv=;{7^4;Adj~I5dKDjz^B))7o4ib;Y=VO(R<7m&porgVFPkt+}kb7gjg(QG&WP2^n z=ZD4dI-40q9$vQ9C1I67oou_2UbEtA=>TE6Trvbvgv{`$Zle&CV7>*-J-ZAhvqTf13DD zJ1ysk&_9VWg=&$w{hSDUZ9;S0;-+6AV0M)VrDH924S!#?H{(PL7WWCfX#A%?4lx|O zAp2wA+Ok=W&UI$PrhSFsX+-cWV941%s`1JPjo0&^daoU79Omu3BDH>`nWXcxHfAP%I1#mVUTs7BYr49hV({_an2zVDcQjdm zDbZw~R=nl`qSQnR9_Gs=!Lp60*AYBt{f7#pU?G2`1LzY^PNg9%eI7za?Q-9}o&skU z8%%{e@$RBNps<7?Exa%C`YQb1Nq}L2(xT?M#R55Rv>fd1a&t5F3)Pt)dt=jSof&aY zPMo_o;vd~R&YRMuXIc@aFZ9MP?RPI8J|u8C9Kg;ZGn%e7rcK zh63o5#=OvBSJcMRbRRl-B%H-F=`Fm&-?@M@%R}r(`kS>pnJU*N4I69AUmVb>9i<&iut4f>9;p~o>E@ib@rp4f|(SmkbQB3$RnE2l15y{6!1 z2#y_U0~W6iofU+8iC7pGB~fY#%sL1Y0R#*Kv*$fDy39Rm6zwXU?1t%m0g5M&_k54>dUi0*sE8cV zDuBbXm3jPRj9zj)yLgX!aoV~NS?_8H#*LQ9 zp!M%#K?CrxoiTp|m+?M2>i8<4iiyvh?tL`;+6=$aSe!Fvq@{Mh zzMZotn|lisXtm$tXw8J`^tYo?jceJyQxR~40ge#+#np?0^N6a^IK*?uvf3wko+&18 zsa6m|b|o6Ga(bs|ez4%$wJ{aBQH1*kP{Cl?1G!JLU0glTR;>J{yumO64+>fTGg(rC z=1QwkoKenmB65kXvD*!eyUvVeZCUhBcexqq)!XBqU#@59=Xl|*l!ASzQ(9}Ch|LjR z`p*6SohUEe!i5^V(T=(&_}mY`oAJ&}!)Ot}hTxLRfQ&);1JKiPe#0)iUuFkQY^3v4 z#~qW8c}Ki#pAc`J;HP!(-$3s@&Qj=0O3vT-Ax9RF&|_p1n7v_C@%*92;YF7B&2U zr3IV7Jwei9(J2Jj&}`?~x^GQ;x%>Tz9B)cOU+f;LOVxak?@cy5VYA$XXEzBbl6y?o zo3e-FaBA+d98S0RkY{rPgneX7IuMvs90*4FBR_3|z}6=Ow>dYk#L@T{5Pj#G5diu@ zyy>Ka|GAz?2veUZh|vfoIXli_opJD?ywUJ}f_w*$zn&_)Hu?(&7?nmJRB?|3JbICH zMIG)5)T?g@6{+ORq;NeGtl|U^Fu*hSxwl&Xr=VQ0X7N2e&;>@Wazfgm4o_BRs`I-{ z(9lsocOsH}-B>>lhwLu#Qmxs1S{d?jtC_xie6Q3epvl`VbdM5A9y872N;*NG-}OXS zqB0sy;`ea31jKPYQwCYRKkj`y4y>y>_N7_FFWiGN7#*v5aaMxM=|?(&am#ckU%h2= z!rRTYk?X^B$JaRn3d(18-^q8GK?}O);zN7#r?rIK-K$e2 z@qUyeLz>}jOoPPvR<_b$fHw^AUZzJ^$%wbe-|xosQzf(py28jW@r7PSY)d6=pV!j^ z5TJQxzuG+U3-1!fGoOsI;yR!4EtMr_PR&0*ZlUYHWom~cM4qrAhGb^Jh9sC2Fm;i_4MKO zzCn)IwZ(QAhY)RmtKNXUSaZMQ)f>Hye_Xd<#=!(5;a~)*hIa=DgnulZ+18>+5QJX| z1OzSxWEI)hJ5dl+kR9RaC-{5L^qFoqTqvrtGBe^+bBp4`gdCpBiE|10BfO1e?O%=2 zBsTjylYv3W5$SNT`Dc%H`k{s8M8czRzS9;bWFwr~?oL8Y8ci|D^M*;3ameHDm>2ufU^3L!;85Y}zh_!*IC)o%{w9AXz2-YA7_LF*&mJ`c>eon(* zQmC(U-g0~nBV({w`u5?DP(|E3y98MYhKh+Lv4${Jty9nWINd^gCH#?~hE(hTxw+$O z`G{URuPaOI@bKIjk#do+#jLa%IR)jm{+-`jJq^OMTU4FT?J(!Avsmz-L{ zy+XN>Fbz!It)iBU)D)#LFQ2B!_S1AA0z}9U6>e{z6M@OLiSgU7F6+kTNnZVwZ)5Qic!++U5#_}Qe?#OTPGIq5VVjXnt2^yO(uh0HUE#zmI}a2* z`3DmEw>^IG0`$=`5awKk$35j=W_Iqr%+J^Q8K@%W@`mH~X|X6*$nyw0+lm%{xkNxX zXidw9S!#qm@^24zx#9d%l;2qeVf0y;v97jFRCwEH_@|E&x{a<$$Cn&Ya|$8Tc+G)g zCTqt$tx}j)b?mLkp0l6k_}&Z8rlbe??=oFKi**|I0_Ko=Z+I?YE&1MNA{`;dd9Q6) zYM3}0-{^h%See6cQFRf(ZTcIKwMw0c;#f&g1Q_h5#J7)C09UXn_Iurv5W;@;VD><^ z!)N_fXo4;v35J0@sXU*rg~zr;#$_YCZZCzq0_Q>5V~$-nMj3?Z&&Qblgzj-@!Iiq# zD>^u-Kfa6?W|g`x77_5qaFTCcICq%Q9yQooc z4vGIteg2IJ1g+FUy)nuvy{M!L(1$R)N4^bAGPIYb76S%H*KcdMrt~QeSMDn$(Vq>a z+E%D+t91^SYVC?touQ=M@mi)D|7n+mc=cDoPNZXP7DFI4l1t*NIZ)$@jYG!Q;{u)l zO!r&o$XedRPSHP8-&&Yl7iTSsrPs=fLjX?%T>@MT&S*4C$POG_1C4!tY0m`u4hJmy z2VeLfbnZv@V00TRv-Y_fh=9 zG+-7fsRuUg{Ga>ugwq%MhE&niTQ!#;x%0x@*+x{E*un3S1$QLL&)I`P7d0*kY~ntY zYC=_Xe+So@7_m0X{w{|!Ps>)EGDZ94Xzi3O0Zj$XFVbM3 z_+U(>Df%ZAeoWE;3@cHQ1cKE_WMw(3>wUnQuHH9 zvF$yU9MN9dV>g|L?PcKO)u8jI2uR>H${$fAaYwN`IQ8J&f(b^zSM>T?g>}DKZ^2v> zG>M~U`0+w$e?@#!LI;gQ5+VIES)WG=3%8DI;iska1*LmNRlhIG*w&>mg#@wlk=oZBb(Q=xXs4fC9Z|OI7 zUtkI8l16k_7H|dAGpgSc_kwAksu;G|hwJ>2-dFG2*OO&~voWSZ_&Vj>-RZB{E7=!v zBr3VwIsoc(gR7u-RVMl}zk+t(+Ui#*Dcqm&Rph;CUe^4kr)rF6nn>DlqwH#55-@aR ze<*0pdzXrk|5=PJM~q3?aLhahQ}KK=%6YifbhGbq#)W^`=ztj8!+6|{BobOidSFMz zYaHE17Sl7lp4IPxu`XP}kw$1LZ2C4K?Pe9`6czjDR!Kj;y9cC5bO8I*9;q*6)M0_Y z+^6ZPw=MU%+{v{D9ZxCL-d7^Lhz<^}I-_e{3 z8T4$RH$R1mOjL|$37f{0BsSaj0m#J0_Q}bO!H8Kt^QJSa_2Co5dQPvySv}jxw84O3 zU$BtQki#$?e{p*Jgy;vLQf6=t&Pxgj$FPYNuDZ=#v)uy?;|L+KvH2>3Gdb{(CfQON z&@LH~*q0J(-ZecYz*PkQ%3cgau*F5)6C`iz zthf$}bsGiTO%LmDa_@JOUxx$626eh!dd|7-;RwIf=o~qZ!3ua5f6*2`C&D~n?$n*I z_iy7*&%?CZ>KU9sQ%1?==SG1SspkW2oDp|>%&cojT*4mPzBN;(ps`n;Zo$M-eldgF+bytiJmKh~kB;HP+Hd88*tj2a@Xza`x9 zKrJ+SmF|w{B>@cN)xdLlpYlL&lh4Oz9RX|#2*@wQyCZD=zyPN|Jg6E1dW|9FQhVIZ zPbWiC$%7)B?q^AmshRNJ0p}!XG+aX;O&>?;2w{Z41P;W0j|DiKki3>mfE;jPV=fS4 zs#W`$4?fkiqV+&E)6M#fnscK2LBLcZ7jJS#ap}8F4+9kq*y!WV8-bE)*fQ_F``Yel zm|+hicke1K*$yIt%J1J9m9g^3LYCiAjZ;9XEywDn>n}T-RT>nL1 z`0`slvomZuGl&za_F1Z6v}~3W%-}^$(}S%?Ijvx9h0WJ~4GLWDp?3t?ID5fHr{_gz zUtmQ!3F@MMOyWgG2lsb*x@~cE*te8AHjN4i!IAFgl2UHIObx#(edEJq2VV<+w!Vz~ z%blxKaBR)uD2R8cUEmg1aMy)~#T+L-x-JLLb2>PSw2;zU(vb4sJ<%0sT4qO;(qeG0 zz4R8)@F1Wg%)IJ-wG=jg#v0Dp#bka%Wp^64mT~~Q=1?eS>@uJ)A5d;+J{SoqC$umbexrbjfd5W&%WGIT?dO6u?$^u(> zhh%NUH!v%A3S;h$>=b?|LtYXJ5^wt(!OnuS?IY1SLvU_XTh-X_2r{l|>+iZKKAOa<{DS*!{o{Fe?|OrpH5;~ixlkXX(I3GO z^q^|5pr^fg^q{W69sLG(X+GVKf_2E?DoNiOfKDQE%{8-Ku7PZpShr-T5ZHS~Gj8Ra zVJc}cEHO3T=kp@6l4W=ESM#Id@QX(| zkc~%lb75cJ3rjZGMHd!!V+SU*yhL@p;atWD;UB3E*9|5y!#+y%S*I7$7oNjWFbE{` zyY`JqBj9mPg437$D2xg8U9Yq2z1(L1TUOHBXXpc1@YG1bV|IeLvRhd3%as*FT- z80LMJ?NVd5=Ep@!Oa8brH88X9Yq2zUvf!9;W7t0vQOFWtyh)7&`g^V`8W#flDI9zD zA-Cug&jQleYXU46hHt-`*_^@pVPEOjrL}xOF_RPa?;U(vRKT!0RI`MoXkkC1d#+T7!oM1p2+v9Dn9Z8A1_*K3B~O-^9p^DciDu4-Ki zhSB?gYyEtXY?=G~th2TLX657+&a-~_8RXXqj-wS(-b0}-9`76QvrAGnJN&7g zL`-S&0YdYNmb`bBctrK+lYqmV`hkZ-8w3D(!UDY}xQ`2aq$9pa45O0A*dMfoX?vz| zw)K0MbFk!KTb_OchlO&tM7qgw;teD*{L&f_ZxVLD6n3ey z^)QShoh%%y-+qsnOVfk5>>${ut0Qj{d^(rA{RK363A~bM0Z+3AENSl3-1rA2;2*v75Y9pc0y?_rT)6zKuc(N(fR!{`b&d-@~t=y1i3e z@SE%a`J)d+nW&u8kT1@jZq7q~0%?Vqp1uKSkHdjHAXsWQ0Elel&xQY3v2E zj%Z)l_hXN7Vd)2T(d{2w+y-qj20;DP;cKMi2+i%eeqHlUukR(ja2uMKcp^O9h%K|b zJt!v*zabeLw{WHd`V$iuRw~ObN)qf#pj6EbZ?RB{pMT{ij|+-+{AZag)hGYapC38^ zX|3Go+DG{sOfS=hvw2+S_V(ASMamx^ zFvt@s4Qmvv?!?yLpZ?9tj|*p6db2x3)SlE*7u0#!-^f2Ww65yLdkTi4FcskifmpSs zqM+O)?x38B-=%}CeD{}KY~t?mv7xaz(x&p|_7pU7Wd^>VWjs6ny+F^AUo}1G_eh?d zE;d#);nQ;!0tyS9{eFbEOWqmb9IO<~$;~fI z(e#x4$OOADIXzt-S6V#EM&@<9dx}g=))Vcm%nRwO*QO6?fT4_#4r5D7&I?a4)4cwI zVfldR*@expgw*8{8iA0UFZ-y!?zz9)S0i=Y5aP(w0J}OM10e0jSTamACY2mKS|4gf z;Q7jsjOE<(`!|O_y2@Us{(YD?uUM7QCIsTB8Y9Xv0voS<&1^z&BM|RN5>s3Vwtw9A z6p?+l7JkW#{w{k(5UM_ZNa0cGihmTVXfx8};Zol~aPNCtf60~M?dA#NM+DCicQ}e4 zUcbu`E=9vVy+YY7$1j2TV-lCo5{>!;^@MO?A&aw{GXYtkJLe94x$OSVdOVq9_nP5h zIsdGJ6BCBi>Qy`VG7<(-` z`jBON59p=?r+ZIL{cJb)vQt{Kx`OSvb(k28 z{I!omPjfpoRz_8nl{acCNSNv1mGA{Gh{5;+UDH~ttJjhrXK6(aM>b~0`c-LH>X*8# zza)41WLBK*1MaPAaM8XcUkBVn4-L5Aam}Yy{gRiZ=0LhR9*$PFz-A#Rmy1=Y=p?n* z4{+3Q4ThGJy!(R^sL7}E-LqXIx)n?WZ+e*5b8OKf)sc_8+o93f2TkwKj(Up`o5`9tjV57=xCrFdoqtB>EM{cGmH5vGu_FvCZ7B5Vj@v^p5$Y(EO0U8Xn{q`yD4x|e`f0l#izh22*1s*~&!WpsqRoDd(Q7E>|* zWZC%e~OO2XxOEgouKdLOF0C=0p(x=JxkI+(wa| zaTes`@<1n?Ay-MM9@0#Gr*!*OA?bu`Ws%( zkN{RHSwK}N=%f~^eHV{MPv?V%GWae3>huWp@(zS#}~i} zBB@-))Cd$+tB>ndSGQQ-L-k+?H6bgt*mY7X+W{#A^x!V<4~D#O%3&JikSnP{Q|04 z7&AQx!Xx3l@|==|Ug$=A)g zI|ud}Hc7JX)C)=7N$q=MTjJVgBF>3mF21@vO!{8nYleg}=z;5habxIs8dlgeBp>X_8*&Iw=%?{L zpL&7%?C)=kb+#`Q+VtZdnUE{qatfnQb|+2-wVv}TL7Z~rT0I}`n1m#BheXyv+RqP5 z>4onRs;pkZEIe;ea%eH2&oE20A&#TsZVo6hzW4{Y3BN3PILWXm*emhZ@4a%02aE0( zR_~$Rf_-2yDc^i~Kcqn7$ol-;SIfHmgz^y}^DFwUbg2|;+1+@f%HrJvz> zlA}#vp@!y8RK^zeFxa;q<_-8o0!(6>x>$nQWhRPLFxjQ>($q4VCE@Lz^6r2HcF38KPHtZwZ1$~bQbQLB*O0rF9^c~=Hq2=4oJC7=#Xz;X{^w1;Q)w2W^3^kEE#oC^2TfXE(2Sqo2n z@3R$?4;O6He%G=HyW7y64cr;Sc?Y${-z2)_Byq3>r8(jHeH07jCl_^gCwMyX6ajr4 z!FqTB{?M6w;Q{1T2v0BNkG|j6u_H5MUwt-?GO-M3(W_o8+t}h~qjH`m_p(h1pX|~3 zUJM5aU}*_U_pEK}fC|IeLDSt1gckNlNzh&L%?DbsvViqT$MB8*S|9AFY`*STOF#v} z7wy71jqwTR7b8p)hEs=&eJwo-6CV#1P+9e`I7zky558_`-Uio2>CTr}5B6}z0DVW_ zqwf_QF=*ePKQ6y*M~`c*4e?hReLP96DabdnA zLL(UU&V=r(=^En5DaeR#$~J-vd*;>huxQ*gN4|y3Ab<2O;lf(}PI8vp(!P8K!FdgS zz~sB9u^qlX^L&|YZahcwH># zm7@ijUSG|#RXnl*ROmZu!Et`Cr5Cv_gS(%TR(|9!@DPel4qY@xqqoDL+3=5tv(CUP z;5o-EKA*xEmNWLB_U<-4gQ0;}A1|G{yp|&vsyv}$Ivh>raN@Zh{v0u-GU*%~rqgjf zuRsoC)Nbv6*$m8h* z`iuxueV{s%J5ab84`J&-<-xIxhPyR7My*|H)66ON=!NuWduHCPL0`jLIi99t^$~#| zI6L>U`98$^iU)4%8DmdKt>JH*8bE9; ztdcZpW&nIUN>KYOmz|E;`4a_?n-&U|JD-(XaHyB;JMKTP?=K5ltDjMer$S{VP%PXI zo)j)8HLx9anP zwXsqU_*_BHn^zy5RoMCU!ks-*WfM5-KuLt_w_9NsFiEfvHz@s z(5FADUBai?)Mmc)p08p>Gx@E|RQnCTtR=&NrYFdoW1X_i?sn(fZ}R8rhfpN1Sm*Yr z7XqdaKu@m1RIV(qAX<%HaWIz4JY1Obhvz-;U>cki+3I@Q1j0p29@~Uv0-O)Wz&90o zK&_wX^QkIyOrj{`>+31@LI*Cc`w#Kr;)+YOWUwK%byJPWi1hr>BQSwL#hOo%c)CCnG2bJghFX!r4jH$X<&@eUesia}7q5%2YccCV){et!E0ixNvUJM_&( zTXTL2ET6+RwCma%&%Hqfu418C?Hlq)KPXcHTzd`172wHC4B%yg4+J0$b?o)03l)9@ z9~QO>8Mf_Cu>r#=@;h`s;v9GZyJcLOzNl($nzhu2h8;#}&%Iroi?G)~4@>xkI+^qm zOv<6nnZC5{>yntQBh6A?@4v;Jog_ZIP|?EzBUzTmQaq|io`+k2?Eyz#-_=)R7!sm3 zF}vO{!!A0SknzfA*B!gG^pf$}!bkCLXlVkV>>)^&B)n)!jge-kk|>xc1L67SP^?@w zxrs2S(j+EQUC*&d#UQKvI{R`dFdj;u`-~_@sw3G-etF3$c(H!LL$ig<=3~5wcXIh0 zE#7H(mG)K?I^7`~b zEiblXT&;+$Q)-V>kikY`O1r-`l_%Df2`N$%)9$Fy+u}G z6Yi_rAsC2b%|BXZDRT2l1=}s-w2OVFn}{Sc1XqrWT$nrXb;={!Zp9Al$Y00lD);={ zTIX-o`0g?8jRN#w$ zub>xAYx+seK62eq5Sk-+Ww))5j^fKxM+7U8a-!e-E1c^0y`68=_oeS?N)9__-ia?x zK|}qPQ|qZ1u`H0E7CM{!R*v7Fa)ZkF$?7C<5SaGziBCp>3}$UsjD z$icY4moMJ0S;nP>Y(gjiss!s3R^vT#fz@8U))rt#VG_3aX=Nl86)=v|!GJBt9 zfQUWHy%&L>`#oHL3t{IpXQVEUc^@NW3rj+hF0ej4JGt-pk_cLroAc}I{nFTV@z{ zc1p}cN&PAPdnSbv3zz7VcYWi^AwTa^3VvJhJ-^p!gNHoZ1w~ zR7ghb@6ZAQ{&^UhUlTxE!X4ZYK%A>tZ~ualmLBE(NdIb-yN)ZRL}%{n-In%QpBUaycZHKPQ$bEjBax5{8IyJ=f~mi_$bKxL5UA)lkU`jp){_w$<}t`a|GtbAXB zAh}|*m(gVLYWJ(YUX_C@r3Ccwa|0yNv8S<}lzIQQJabc+4kR7CPmjr4@Jx6fL~b4>2o~#zYp@)cD@9csYHu)oe;s+w2rwKFVg`Dxw z8k8=q$jBD0-<1BM0-s;CLFhRsI_tdjFNKjKJ731$4=LQ@g6E?6#`f)V_$)tV?{@;u_^!iD*13K^ z)Gs2agShT<5Em8U88k;&!Ff6qrf2nQU0-{^3IiuCTIVYRn60T>eAjCzm<3raU(j+9 zF}l{TUDAy2EbJKYw@Bko+jAz^crEf^+csB+ZVEu88?ms`m^dSpKq;aca37 zF6iu@REgk8g5XA$%x*?UM=}(+@pEk9v6dG;QHPn*SwBBS@dFFP*?AP(#t@80HJ$hiDVAf=VcsI{%@@`H%q_Tl zzo>gc4OW-S@2OfRkGWRG9#x;nTGYyOPkh6uDj;G5suQH~4u!AtVG7N_<CEpbrbkDC-b}bI;s5ax1*7+Y} z{`ms#ufCIE4s$+-+NvLkmn-=m7$k+$IEUX%-9{iVi2;>VrhF484N(S!>=oQ5{e48l z)>Q0kqkKiDp|Je!#rZSN-S+`S&1K(C%~GO9J#|Z{=LPkz9`7&;*=22zT6co0)4i0o z*I#5}37`BA&sbhiKD%9Xs;5}-ZQbjnDWuAn?;_yAo)dk^#}E}HJVOl?TO|P^`E~>- z{V&^SU3YzgY*7!Ge6`R;-YFKz!|VBFeeLnLUtcfd9qTPNhUKC0L797^uc=yw3Yn{K z@Pge=*w0Av3VQ(;Mce7Uk0v-r;s4nnv0ctY=ZCBm_i}s`_QQc{xX zG!M?N44FlmnerlStZpSR_;qbs4Dc8ZR5RIi#NS~#C>ksIZYO_H&IG4#$yT>J`wBI zeK{Z`jImt)E?*;r0!T>&q7!-}3W=x^ieV2sdw;t95Yg%bwLWjKrQ?5V^FH{nSWrI%lWgE0VC|yqg7{52q+iG2|S}{z*@>D@dD< z_eD1n_G^#01;@0m<~lyKtMyoLj?9~b_AMO!r4N5Sm-y!(!YTtkF6cKjPHgTUf7^IH zybaszv_t&|IBnRs8Sg)4$YQmq16Yy%$VKc1_XQN?;dej$TScKW!U5|Cg5#z<9}5mX zW{mdJBA6)OwS>4fJ0)KB!+l@n?>YB6*)RAy2dCprn=k;IYbt@L*;#NGZlaN~*b-nh;fIN<8%*Z% z8r3${^>Cj`#;NwQf=Rk8V3%EZA|L3$s2@V68l)=Ax8=SSNI||B`fvAKa>k6H7P4ed z7w`@+7D*xTegZIBe+c#1z$M!tQ0Yk4f&91N4(N^9N0sEAPoOIv8Fmv5M}n)vm-Ua` z;_&zFbmh^^_}GILAJ>B*2bZDx9Pg9>-)tCI#B|W^vss%si*0Sl*WgAmBO-T&Q>A(d zC6(^cI=9dL%pQ5Rc^x@JkWC|C!-AdQTI-37N$)#^Xb8q{om*CfE;xD*+H!WJzjedB z7qMtB)bqKr1FtGGvN5wz@~2iXeze8IXg{8Q3u<|;=SB#teNYM8DiHe@68AXH@ASm> z_`R=4NSU6|FN9{I6jzlD7BcSiSq(1wt`08>SV81u1IyQFzv!;H59fN}ES5=}a&)x5 z44HM2OT}aLkyqt?gxvVIY71wfE0t&2kQsl!;+@dpby3Pp&SmWi>r3hs>X%PVWz5Ls> zKJ535-WuwF{Yo`8?^Qy;$$ ztU@=BZ;NBKWOv-ZQ$}N3Y*gdl5B^N=4Ww4B2pLItIuu^igYWU>D-V9=WQOiIyyS4) zQPOg=Tj$9Ak}Y-RT*0V*-0H=)PbZz{4}cASOEkaRZzV{wxaDF(l$lB^f35eiK!APh z1TYNDnJUzz(iSe9p5&*8S*Fv$gW)g9b=Wkcs*lG#Je*DLwX$+^M322j8pk_^xe&;_ zt{f(uL~?u}WTvbFp*Kl()c*PQk6P|$!o-@&+V_fu8X&;W_*bCV2fzKACO7l(YyoV- zpwNNijaA6JQP6}Pm9QvuI72nTnDVDv5dyth+Jh`_jE&X3n+FNoMlglwrzJ}La#cI0 z70zCFZuhMl!Zg5Uk{4OxTxrL3I zl)m-OuZkVo3XRbs-#q1aISbMlBlxSfY5$&DnDg57+0Phm%`Bw4r5_a3u+MSwvE2e# zyW?L{%-r^~ai#0V_m$OO>wW5#m#N;jq2J+0G9QmuR93v(p?noKI=^1_)q;8|oWcij zniApEdlywY9QO;&x+|#8AF270D`7{`4%au{&eN*xki@VYLuY}hUHc#F3xRw92mqv=a?&2UL> zDE^%H>u5H!IrQ~?9e@?0I0u(``%{X|zvUA}Z3UIm8kMh|HX`qf5B_SX*g1dHZQ}PI z)Z{9SQm&bCxZV!S<@@r!=x4;!PF~OkTt+GPM`b48W<8%H=7(DAt2No}%$*9Bf#um4 z9d8Ox0mF=@vJ0Pn6kQxZqu0|VKEn3dKN0Jh58wUS5u%rTJC4^q{=GHr3K^iUiK#3` zoUJx*qH37oi1>{D1?*d<#@~xxHu4x{7tU!jdryn(_So`z{D7vWzy;XzQ2Y8=2PAWG zKO6mYfvZyu)vD>IhH(GBcI)y3CPYSY-^SNH-fESvwx4vSU4s6B9(iIbPuAson+2mM zz{nG`7-kpQjjad%dJy$A3vVVsv3u4zc_GLq8wZ0n;4?&0>2bJH`e{tmv&c8s=6rp> z-u@5o)CyI4Jd54h0|WW(5mfe&A|2yTlG~i@jTxdCD}?jAgLk=c-CDf~uXyiotwW`_ zucF3*;gn*uvR`%|GOgx|=U837<`#N+e++l;FrhlU7&W_|ffjz79uApo{!kkj)TCqNS`gYv2vb`xbc`j=hJg+E;+Rwbe z%N4Tzh1|@YSe}ff2$bQ%JC{$G7tck7m|ZSo2`ET^hO1Shw);pekL%Jueo|3ITx<{2 zdvUw?5ImCmJ`h&YyKEu@upEKsa%I->9eWH;hFGnjmY<bV- zrZ1F=vgEWT7Gk|sT7(%r7#5HNd9HXS*o3|%jPZ0X6n82qA~oyeugBgM~B=P zPO|ykv#i%k_(pP_a;lHkUQQiXesfC8>;-vk*_G#mzJrHAB6xa{d+v<|jMU^O_#BQ! zG{8EYm|^0eL)j+?_UA$14b;VjEs1@q$0!kiG7Yl#Vb8V5NG$VuW#t=N#tr}eIsx<{ z@Yx_vrFk>7&w)gn7ES}TqyWN4zY{QUcMLchE1={vS*)#w2yr+3|CLya%NH*n& zrN+L#+V@bcp(H$?pd`Ce1AnbeD&UAASm6cJycMP7`Iqn1*LOGbGPZSc7MZr!X_Y7G zqsW~h&hO}HvWiH8AzRpo$*EO#9j08F>1c)1rOK?T(9X#T4X8Y`TfNBw?M&E;+0g72G$%i0z`x?9$A<@TP~ z6Cn}W6i`pT@Z6QH9KnN$y#Io`Y08SVazhS>cwg@I57yx%tWDdb4i1N;dY&Q)uFLqT zzLnPyut=<vs-qf4!Mn{m2ZY! z{+&SwNqs)IC2^^sU98G){IYV4@D8-5vLa~_%f1YT0d;wEhflNI+Bm)65o28U_wU{r zOH1`2=Mi*43n|OWx;(exF`RWS{!YAlh&qz^uoey-5Oz=8hvU*vFBGSmWP4#Sf zbu?O*_Uy?p7_(d4!xnP16MDDdS7BJqZ(z>$tB=WhO?P!qcQ`u!l;uyml1~ zUm>5ge#;`m@A449`C2ll&=T`Y8HcjZnZvKs`U6+BqET?q)-1!65>AKfmPKRTJO|H8 zd{OhqFJl3vlLsgDb#L{)CnPW#?aQqah~FH+O|E_A`u@|FVW~PyFel!7UC!(YI_%jJ zvE=c+X}}bCCQ8a2+~peHI(;UywhH0=16BjoSTYPg_DR@Tx7ZxXSorV@(4!ij}YVaU;>c`^JCkY)onAP+t>Q#DXXmy z*O;#)IdS%g*MMq5hYjU$YJX6q?LkV|GbC+C$k0+Pp?#ml14bkYGwu7MdU;ZJ&-$?hm{5s@)fF_4{J5TEIT~FN(EK!SF0US6JUPBtPYFnI6v8 zin(7vNF~(b$UA=V)|w;#xqGQ%p+yhv8{cI^)N#0!X$Jxy0_8OL>^JH|C4vnM&ok+p8x&zN2Kf_zLbM*|eA`6T(B!1){)^zv5o;^Fq(Kq>P1el&E|K_$E*2GV z0bBp)I2XNoeH5=3si@IcptD^QjNZ<4d4>Xx9zn?5E1@Me-x2~ldCa?_h*xe@Q z{{1Q9XcSf3dV!Sds?*VQS(;a*RlOUX z+4uA{*6m|+?v<@8=K0)*-loIw^kplmKh$6)Y}EHooob|k*6=miV_H>gP0#eV9f`Yb zD*WoTHjxyxO4O-4J!{Yo5BO z*Lc}`6NJO9voVv(CSXvfIa9apZgnW93ESh~#ZLj8Sz=j48ci5tPVk2)|SEiDXAX6&;D*eS_8Aoy%#2iDC+|E2`M zuh?U^G1`W&L~@(cs1DCn>FqamyncPC-D|81^>2>4d5=?_t@OInWvTS_*mrakAOP|4 zol?ERcs>;pFf;wV-ZwtCme92B-79hc-2fyDPY#jCEMXG3XA%r+RqC5Ey26A0`iv=t zkH(>FLHkBkWlQFd>}ly_X7=C}z&_o;mV(}KdMduhx-cUkX>;?3%cLs(p&!(0nG*hK zZ(r$DKeI>)J`7~X*bjf<0+s3-tlX}#uyJ2We99Wim51{~bc1vj4qJCmtyP43j=RNY zDv!Q_hrQ%+VFdc}O5Gz}QPlGjR%-zjH&n#W-{ShMoU3jBT!L~$gu=Z~{2ZqAYJ2We zwv~hTKCVC#`&vPYzWX^Qwm#%dXp)=S9FogapuNCk+;(=s4~SzdWwJc<(1aqvmEp#6 z#r6PwrIMA~kKF!5n(^M3*_RxckL{`7rx0Dd z+_YfE1S7=j;wjg%wwpzAs`r@~KiYig`mqenE zpdL3zBu&6;z!guw+Xx6{@@30{hnfHh;Pxp$KEJ-vqfPe7as_i zu@!`H$T773;HL}p7wtCp8-nVR`F;pPb?RPQ_+=7o$$$oY=U4TeY~s08?WBCoi9uOg zeWH_tc8+~CbLKZVaGOK5VTKjL6S_Y}-RVS5#z&~>JVT0j{`t3S?WHKFWM9lPzPrL_ z<4G{h`7NA}v*`OgLvZ^u>Z0b>sLna1Hlz}>#G6E+i)hC|!Q?aiEyVKUU^ejln$P9u zVg+NIB_R(Qp9y4RqtI8G!S>iKr1)5=+xXBMhg%oEKrbmJiQ8Z7)V6X3QH zjWa9Otky}Ldg#W(&ABYgT`I$V`{4<)h7p}Ft0B|gkH0fdfWLAFcZj_Z5A0HcnbT$y z1tg}&qVxhaKV^3h)tM}4?dAyz5+}ngQz~?0`{aB2RT|9g2~C&zu=hoT@BkQnOs3J> zbC_!OVN`KZ4$Er7*aAmu^%aCDwkY=*kr&zU0#>fo{6j>G6)a(XeP@ljA0VuzjEqkZ zya{*ir+bVldr_fXtn6I9^3EZ@ih8?9>26CSbz8r$o3iCUY~~}1+OnO_TD}aka(vDw zbA}L#*7$bgc9~ET4`SFKR3G9$N7jzm^tr&}9uE^?KwLizrY|@AjQfhuF5m8QbK`a| zY>Cig*TSJ}n0I!}U?ZxO_*)$Afv&!-5@(lkfiHS82~%lr;{MmM{5k}3 z!+^P@_lo-P%XS^1$mPh-78L%GdLOlom>Hk&4~NICVMk#3_@~ee`VqDekn%`j z*|=JK@l$E2C%a&80liFs8*0G81E}elV!^|%Rqv8_Hob-dKkuP4%-EW1(LTkZ`Ftd; za3J8aOteh(Q~GkZ2g0rCBKjHRw$A+###+u7)kdjOm|1;)pr+eo$9+`u#J(k}m9+Jz z758Ls2$e5Q8J|T78po@}MOcNUJDh*t=<_~l;0B+VZ+m}-5Klas;dU7L$$cjtB!joA zmcOkM!m^qKES9}NO4U7s>X#78I|-k*;xvW)^%N2whaH#smsdO~pR#D*3POVbtwsSq zM6quDIZkiQ1(jZY9_Np$Wwyw*JS^3p`BqwY`Yc}D+a3O49;cBf`tchfw?hI-$po8s z98wdRC<)(zY$toneQuf^!0vpm6CagZrvqUri#sTX3t`++g&Oey3HIi|r)+;7;D0%t zZ_22qx|6&YNY~)aquQ8~gNAj;z+sg$>WkK+>5)~*UZ@*_eU?%{-ynz=#^>|%h%Ujt zy*m=*bQr>o_CV_V{=_Q-q|v$Ob%nH}Cj`)jO~^%+{ra(=#s<=6Q`w7^5jcxPsl2~Z0SpfIXF*jQPN^h zQDy+D^ycXNdtYnibZL-O076b?ppGwH_c{*Vpq0sV%dR^9WT5CTd;LHaKK+o*TOCGp zT*}k_1RUh*Y{S$HM~y23PFnoQPR)fpg@HK3muw`pIpaZSmXHcYui*E*tyt*=?kxXG z^L6TQs(V$itE$~05_5qgkD+T3+c4UU}|k(3o&)0>sBJg>2`k-0CIfHFF~F2ed>_=EjZyH*zQc|)&4CEc)!WW zAtBzG#t72W@5#1M4i%)~==udErSpr$<2!1Dy5xULfI?v+`}F(ty2z?ek}UQUGc7n7n3>SfB5>h(8m&OL$IV zZvzTb%oW7X)dHT;gqI2-(y{`uzjg;0H-J zG-@;kiQH?}xbDvT*M0O|lNbGd_>|XZhU?yKksy*)RAe>2P=Vv4>jEd_E>O=4@#-GR z3#$0z*X&{#cvsV8@izSx1xB_+;{!7Q^*Hqtb$gzJN7!4RKhEn!$@)LCy#k`ZZ#L4aA{5OL9r*G0B zACf&KtC-Zi!QV6KQ}I-zj^3O@ZOSKtffcdu6IAo@mz02dYRy&m;Tm7x384A?)dsQX zvJL0_a?XvytoM;npN_WhbzEGI-fD#3puk=A=}xEYGD1nqxAyeKedgu9=bY!l;Jo_FqFuSLN3iQEuVnw| zXulDlThv2+aN0-E2T=0Id&sH}{b$b}>B0aUAhL4Z`mdNR+) zYY)g2NmG&DIgC*uJrdk~I!adujLr0^M0{TVz_@QmT0VI5pE}e)heYtrz=eL0vwDX; zDtyh7#Qk7|fwv5KxW%!b=7tI=H3R5dO$|hndo=kxBSV}|io^?_dn25!?1c5G!-n{n zFXPV_eAeT$dGwa&5rld-j&|&51;L15Q!UgjNP(G>qWc8Pc8%v4+sa#?u)0E6PY-!Z zMb~9L`mqI@L~(qML3mdvgs_59-6gp#v>fen*_~YEdJCZ29i?2E1q)$kKWeCk8xO$i zreutB1Oq~6-FWd?ohFi|Z#D5Hy_(N+jfm__G zhIG6-9nX(b_5*BGdylDTO6<4sqdIkxU;jIn@2r*mAl7J?mb&Mh6L(hD@6kLXXcfeL z?g+mVF;+)9%lQHEh_I#)0`O2y0FCpW>#`?XXX{pN;*klT3?#7JRED?3g?HlKe-n$b zFPY2S-7D>*j_z&v(nlwLkQ=DAo1NTB?j$@J3IdC5gZ)7CMjTaHW{rp!H^jF70159oja@0rPyznY)x7&RF`B(Jp-Q@`HtI6Bf+)rUT@CCZv zoUD?qdb1}DUoCQlJh9Zc?^P28&yTe}aICWi@&>o|Ej+}DdVex~4|`GkV)>lPTQ$SN z653=iD59~8x%yCwFU1D6f=z*Lt5aLKuo1)#RN%g%r`M1Q)NdhGr4(=G8v@hmcyEZ| z?8|;^DRlEX8wk6ksj0IvatLbEb_jBuo<*gy-8w%(VN6pO9`XHYdmiM8C3hvndd_Nr=OjyCVS@+fQevYBe zbu$^?mb@MoMZPA$u_{LC@clk}9-GoVJh#nm-ziu%pkk2WzHYFT5~EGQ%G0UAwg-fd z^Y!XAd`|FeNW2ck>fZ|O3LxF}J^MNU5@T={L-MxzX?1H7)&KK3-lMq?!(SGzfOr=P&f9$z*LvGF~2|TJ6;`*Imq5^ z2@S^`Z9wk#9k8UI4wJ&-PTUUEN!E1r`l&tMeN98MQp(Huy%#G@Z4hE>BFTCC(mTM< zMytbJI(@XEbdtE^Jz=kGu||Y(n>sXy$Kp1WMkh;pKyAC9p$=rYuM3E z4tU;}2Z-Va&n6z!T3?V3RIpfnBdqa|);pC+%x?XHJDQD;NTG6f8V`E_6CIWLJLUWb z#+?K4K$m@s**mZ+?>pw8aDqQyX@xx-m?@j4$Gi4jA*8uz(hv&7cjceH3pRYC?Ea7|;uT`O<7p~% zEV(BuW0QQnN%DmkIfyuc+p|{!7Wb_|;iX7MHQ6d}p(Tdc*S%c1#Al^zOMm?ifR2Ox zMYP|_uPB%ka)&lpq)g@SiY6ol+v!Zx2YTqdP3M>d-M4UBZ7<5$Hf&8>*%+GPiI;ob z58Hc|eL@0?;hvCK*=O;tGUZoXa!IZk`+0t|bM6ym@T|fsYAV6iNaCC2ozG3y?O%8D z{SAOYD!al1(PvB^Q1LG*eVgx4MEi!~UihJE02cK0o1U?z-!)nJ@L8@c97^5emP`?$jpF07mb`UJV6* z#c8hv{w@8YbV_AA-ZyvRq8;HM)Yvm#!0h^jW_4UK^VQf07|qoCK!_ov)_K+U+Skz<8t!fDJuzZ5LUA>)96Ex}Fh$pN2aA?YDj)f{IM@*R=73-TU z+{pGH^ZJ1RfQ^9SBkpmO|2_Jea2$)5;2BQYQWvI%+$%?jh~fqE(@lA`$eSjA(Sf)> z*pxs18uBe0RzKsx(bnoaDsic#w9uctcG9e~zVCmvBafwe`!sYRBceRrMs%YwOCubIt9}lx{8hW z#ekjef}ZOM;7Xi#c^SGy&Di8hAMPy#ANfB&a}5z`jma8N@-0)}zpOAJ8GdQ61n}Xs zM0*eZ{I;XB$DcqwUbW}C;=BD$Z;@1ODWsz=Z~JhLZ=5_>(*%>R1oZ>B6x)u&Jo;Ds z;pA`ev}Z`k&s%2*R;I4U94h?W^BAZ57ff}XGWM&Sej5WrgtDnmMc1XuRg0g$xaB$H zdB{IsAFvfDg5YtIbL_uD0QtlzhU>-Qx6F6p8yN7^lwFQ^{Wy-YJP3SG9yHdml$m8f z1<67rdnkeILb&zE{maGYYcm{w8OsyX0_#dhhs}?$PMn3;zb9C>A(Ddu2?>67r>HPv zzhi6J>CFr*q^vi`6K+U zMZ!r5l!vO^3cu(lKVl*>gxl?YdpaxSC>%*%B5(!D@ieWl>m|?GMj*zG4yv9l)g=C-m}C zVaEWkqK0baN30Ls+?FuJ-giVZAg+*aK+XeX=aqrAdknj9BYc>~zGbc265RS{Wq!n$ zBt#C(q4lE|1GI6!NLnAK+WjFFTF5j%qJQZVyfHuB_pYek`>b3V<_E#d6WoomTHcaG z{KM}ii^mtQ%k6;k^IU~Cl~!xxeV<;aeXno#wJ6lrxV)H;*@QvQ|JX~it;TRz>bneQ z&DO{60bSlKil6`pW6h*+mpA;IFZ=D4kpk`e*zakuEw6rz<|kMC!%tQ!qy5pEw1iWf zID3R!l%1vPi*$a+!KYu>ss;<_P^yqrWMTe(*hlD%f0&bAxU22ELgJG*I_J3IRP{Y% zhN|?t6}ObtpgkOjM-8HFhC9En!|>BC>Oq9z?|qF~%XNO6U!cFn_GvWMLwW@9e_!nT z0-U0|BLO&t$W9npWr^Mj_ z;9YsXP*5j&OI5P(3qQR+jwuv8ZwAp-o>o->#9NN1D&Ba4&~9&*{0SzW+=rz>A7=LBIQK!kIXU+ZK7|8u$jJ%U^LbJGS2!W6lx6M&O>lzZ#Ta8jNv>P4 zaE)C_!jR#rePJr}15U;3Hgf0dfRPr!sV4XoZ`Sq< z53z~_0y9oqFegt`hYvPSq2)OE3v+g^zQe`DvW=r58)ImCYj- zQRg!QUJ#B@fI#87ntp1p4iHl8dRw?stMaG5Z(mk$7zLXWsq_a`OiJh<7qiZi0t93}#*kqj}$E4;l zoRaR+Of#4)A1`;l(7=u+n}AFs-ood zUMCRNH}!Dzwvw0mHZHJqfhocFV!ut!HY)|**-YE9>X9RE3U-T0E0-5pQ8op&`PSTa014eM4y5rM?uH0`RXd(Rui=m_qT%%hA(f z@n_L^+;}>}HX_)5aZz=v$ssT;p5LZ_hFt960@KiRD&SyHoq<|qqd-K``F%cX%CbKi za{Bi#^tN;C=gK#iu8>=JI_OIr5GF}*C(oWZ;L1(r6A&`!&TH8zg3~jH&9Pi{XatCDD9n?b)k2>xWa!)^w|SJ^6d+j;uTpQuy{EjUmb#b9Z!Le%xn)^Y1Rc zeGY#yRU(J*VF@C3A0BC`34}Juc$*xfZB zgw(zYFO);?-?i%t7}9=Ri(c>xgUf^dZEeYJH6o~@g0=>vt*;L3Y#C$uyybN969W2* z=4EOXW|UuC#$OnT4D;gpEM7;MZNc-ym3W`&bUzR9)hX=lLH{n;>7>arrEi`*OtysS z>r2`fLj1@!e-OrEq+1Y2PeT7mgWzJ)R0Mpm^C;#0i3nr0>2xkH-eOhw?e#AVs7W7! ztvK;X+fc@a6?JTL3661Lbf+2>~3Tmd)?@ybg!=-_J)rV!rG1ug9yuoWul)$bJ62DUUC7v`BvdjYeEZMMN=+{g7cq1;J#;CIzL zy0Bv7ZwxF=aU2<(05!{4x1E9*8l3%hJ1{^0d@ZtO;qUBg;i=D|=um!;4vr0*bv@OF zny@MMv-kj>RA=WsFSQ@*^t4z^k@L4;x%*0WmRv{ryn8u)F$z`qbrOnt2q2}Xjx3SZ zTw6v^`w|@5HLZD%ruPTu;)5%QNZKBf!F+vMuWFZR5GkX%OZ^J7I?JFx5QpXDyQ}%l zt7SIk0cQ+pgz^|bf5)N9ru&#_KC)8j8`AE*yQn5O;#(c9X&Z@lKgzfac*T8|DBmZb z+fx6TQOc~#h%LMR4Ew1@SpkpVuL%n^{*52VI=q0hn6PHdP_3ahx+%(Q<>iaa9^SH-BP4l(!XDId$G6c z1xB2{OdBvi+Sf1<6@M0nRCRdLvrljg)m3_(i-_BrK&gA^HK`Fk+#0&cl3_3#FuwaJke*s`zs9`fgLP-wNaj4h>~!n61!~EgX%RN%O`I3{{(6p% zorW*P{MeKpz1G9rX!n?&G^jS6AN(-hWA}O*Te%_5ToBFSzW-0BP4=9Mk~4cQLsPI~fN`&@xYSr*F7ib20qjGa!v{-8A zpZ;v#^;F)1*FLGbhml5(>IV0%RaNlt@gC*m5FYt+ARs%4C*Ag*009=oJuCC0sYdcW z&{>It4#l*r?_71@@qNNE`*V+==PjO-P(j#zv!~$u-_rB!BV$g zNr}&e8hgJ{rzwrCxjpK@(tl%D5%(a&gX(|wjqC<8zA+D#^IWa-pC>N&JqvofrxY+b zoI;BHtb(TT{w>^Ghp1n%mt=oe=wNcpcs@t$FGYAP3jrP3$PDj6{GUiQw92)UZLfyl_u>iXHN(N%y1?dv)1AxTYMlHSDF!+)$f z=N3!_Z)&Z!2kH_0)r=nubbvoK8ewC^-;1%Ylnn|2_HVy$3cz~8{p(gD!ZWDL9Fbi{ zY;Ze%pm%kIlHL)RgY3;t#&UvPZSOulG>=O>UM=t+KHlBfY0JP0;#ntr;75rw4;+v_lI-~XHM|F`!K0l?kP2&Da zK>pYY^eef>A8a`lq4v7Aq0hd|s(oZxW0kMZ*K6&4;VwSX5y>CqkJZ}{#dUUHW*#*5D(a$j1*MJZGeA=9p831mVH+eOdg6Md`o@xGAH z;MGLkTxH{@)IRz8B2;=oXFWt`C!LOc@a4@Xx$5MZ@J{21^9s>Loz+iQ5VK${sbB+d za&Ymef(w&=y3`hJ4|Q->NSNWSuCVr7ni7KoACg@$NJvf)XLUPJBtv@~$QPW&dnlFT z?}^I)wQNJFEcvHG>PQR=GcTu;?UfgByZk|f)jhL+)}zZjv1dF@d3(^sA#<4qPsyC_ zN`6Dw7bz75TzuQV?%y*NUQejO?03F0pki^6^9*kH)OX@^(4!9Ioi2)wJ?uqAX@B-^ z{SP{DU-rwKZa0Bko;5WMI@tiofg^HdZm!G6SYKcWG)Yj=F#R1&O5ytZT;&}-Fz;1J z%*fu4Hgul1Z}#uUsa{RRN2+hFo>vdBdZx?sN%I~JAd=(>GYlY9`_<*AMN{wmD_ z$U~vCv!UQfEimkk%h=_w%!itC%!c+m7ABGMW7V}&|GPJ@_-(`t_;tS!81?Ix_5Eaq zL2kdMskx8i9}^85yzmp`>%$!CyNyfdcYkw9>{NX)@(RMn^WsiWJh>$a`4$TNj=Bg8 zcRp-m8JSSsN?d+h4%$1ULe>>2_5_0a(Ph_!K@dqWn-RMluHu&^D4ypc=E!8m`4n!12YO4?B+;#_dxaS;ecWIMI^%1R6n+FyK-7expKB*J{@h)d?3|A z6;E2dL7%r@<@?;u*s`%P3e5c>uyX?s5wD{UmzTV+qmWumT>C|JUCuzWhs0az8FFO; z`70wTFb?UwoF2zcGFD$w?u#oxzXInAq5}|>NdQ0FB2yR5M{pwC4sm|CH)6^IkLj~Q zkc%w=b(28~ogakcKynxA7&cIxvV+&~ zC37$%ZLl$0`}@Ipgq1{B2T4b_Rgc=pw!Ep}Xh-ieXkRw!>Yf3?57hGwS~3fJuE=Cy zs#v5(@>ckH2^>yazp1JAtZq*B?9l=U zLnyRge*4A>=u+GbKgF;#L;vxem;F(O_NIk0-Y}4@C%$>uv$yBmzH?g&C@^pP|+@&pG()_{BJ#q~_VYm8*dfvOK zvnQ@CPO`OiSq}C+zA=9fD{TD+8Y`aot&)&Wn0EnL4eqa#{RkS#2~P0fO`D&K& z-Al<-`*gc+jBL7Cn1xhs`{()yFSlpAg@ylO_BCh%)qiadQgYNEks3%2>}#DB>LxjZiujI2C0!uS2Sb2;s9A9K+qMw=-^`L90a+;C6ypP=(x_kH zx_6T8rwnbI{aE^1>N(ElD{VamURHnk6`afG^9=_tJcZKo?GOSBE7vRv1cu>xt(4__ z(e>Z*vud_X?kGuV)!Bd~7_+bIX}<~cn>Ul36_fQ{)Gw#6DDczX_NDr1a2Z;TR2~yl ze%aR?GC%FN;O~CVGQ0_%GRka1qJne26=H6N$qRiJ2z7y0PlzAhch%7twZTmHFOZg< z!pY1s+9SP5L*^+D<^p+@^Ap`A%Vmw~`?rX(9|$(jmXiU7`0ycPAz<{^zV+E}gpm7C|L75dbRht>CNpuN zhmnNNig~uwmVP~7g3iNYZ;!Y6!vpL}CoE7&FzCBexc9&ypAc=>TN_ zh@m+3y?upfNzTSc8&*PM-FJ|kQH_@*3X+mM7g;!ZPfchu%sij<0pug+YJxxFkFeA{ zgf!S{3*z&Mo~M(PU@)CUzIi&9EkX3g^Ol)?Zl57Y8avrGNjzsg4egiagl_-_EB*}t zkoF3}VIPn0Q~1{jDNpyu(cSmS>7%gb93{c)#B(6c*9*7r3i}OBfgG4TIFx_4#E>qy z%ypmdXGM;loDBgj18(kZR*2nFnEfA9k85TuccoK|8{GjwZT$)5{d|}Puus{W7`7Ad zu^^sWv0$2T;_k4Ee4ZX@&}abV4Db*GjjMVaY9rB+ozcl;K+RO8iYWvlFL2>vHA|0H z7Co0#jw^6=>~T^<=q&FydF6Fe8&di6B8d1lJSpCYNst**>tQU`$gnr|VB!Xwb{55w zhQ;LQ%*XGmW22P4`RKo$7E&`u>A{TQ_#rzjxnC?ith63Q^c6;5hR1E9CcEEXtcSW5 z4I2quiAldUv}X-DdI5+WFXjh|j08Ze`D5Szie8m`Voz3brzG#KY56AFH-j|r1%io}L{O+na1oTNEhrSU1|;uR>(11_i*pSw z>|WR1&hHTaVH7_}&(Pjd`TSgy9!wJB_YAD~Aj+wG`Z48u*q&MyVRsO;Q&j3WeO;I@ zR)UFoCAj-U4|4Osy){OW&VBC<47~TaO%_MFpqP}6fwi(!qG98zs~^Z~-fSEhhr>?M zAJ$%bz^Rv8Nh+#8=Hv3K-<7hT)KkY7v1bzEH=FREt_I(p<^AE|h7$IPi)P*2eYfy2 zE7pC-@(=FI@Z=z*ti;~)fP_6+Q>{X8$f<|diuQ)9<@x%&tFV58UfT&Pz2E_=tWUWI zg2(4xcB0z|{m~~+CyH7&l;VG3D$#|pr_;IgnA82*Bz0XK%Jm!OW-g%l94NTkW(3gV z=iGaNai&}0^E_v0`uyp<-C#7idAn&FBpe!N)+y=m1ZCCQuOC;6CE2t@s109|nR+D( zg}0%<#EEc9a)nPls@YC0685E*4}~Wy$HNXpVs@yA#Q)TI7~HHZpmg~I{hTRt-9F;@ z@`s&T*kGl1gv@--xE!=`lWs1n@mpPOW%iE(+K-82dze%3Lo7*wxqTF6S0?=H`g7@6|5U+qYNCa@177DoX^PilIU-?ks>4zIQ5B9PZV0lDum{lM?=|9lEq zc9~d;rc3R#5Gn-`t>$5#DUGPf&LpMxLRHdK!)V2oA};N361gJ6&YhI0;VnjGA<`lkxGRQj!i{c&VFwQGkczRP-bH_IhXN z%RHF)&1SKuykLFH;W0BB@d-?MtUM=Y4)Y zy&;9=kyfP~5*y)U9Dg=?D9d4qU(bC*FenZ)m-gIG1w97qq@V5E%Ie96&JliXhR}uZ z%KfRQJTPibxAW}?Nu7OVe2=Ou=x|j$ToiehFd*#jGt!QIAYX~8cIZ!fmlUcP4+X&j zV?`*`;5?n?deEd4igyGt5;7k|ID!;t|Mej62fwqt4sU^F*unfUrw`B=ek^JO@s;-K zE4pFh6|4;Ve$Xj>W2g^zuVGS^D+O%Eeq?c;t%ZJRJq>E+sW@ zHJpZv*~s48e6of*@>E2UP9VH1;>g$B0e_0CJMs1P1wd>3nV~DPu|i5!GGk%&`1t!F zVtk_$M_iPd zQ>{&$Y;ABF@-=h}FbdPA9A`H-MCcNf!S~{0t5%R!QFk$F<10qt(G8ROy^Q;6KELTi zVT+M7lJATw6cqRQY3cDcF}Fxq(vEI6`4`48u$%egw=Q6m-d~avQ=dxoQtNk0bG;;= z1)4n52xlc;hZOr@Oi%)lbY(ami6GqeC5^`T1O>G^tkAK7X2{vX7#0V3cm6 zAwP$7cCY%Spjuzb3Dpot)zUDTj&$t*Hj`xLiIlRdMh#FmBTxMc_z!nC zK9(wo=x|^B&r7|=c&LON4>K|JqP7J_e&87U{>E>ylEk!m&`_pUaL{6(8YemJ=sL;8 zKeVSY!2REYu}{Kb87aAV&~*fHVxi`6d=+1v^_R3%PP0yV) z0~0w3g6m)M$%I3x!2_VRypp2X9w@`IM0a30+3XnHPZF{%pNZoue=&*XSZFhAlW1by z*)6H|GlkXR2?MugFCmeS$)YLLW8^2dKNx(!5*#2*+`JYTI^lC9)k|glCEiSU)j7|@ zyTgS!X+XeDk6d5R*XP8+`@OY(Vq*U6eTD};kgPJC<==eVZYw6M!y}92jkGS-DiiAjnmC-#5R_yDvha&q5C!k3 z@!i*G{`J%M>+pvGJd9*(+FaakB7B;ZqiefqAL7+8yrEMN`nvXHC}wUcH`mpRaz;@vfl`$0P?KO1ZAk%jUJ6%+d2}vZW zkXxp!djG;k^m-V2;7xz(Q&3b<6y?u(*@CC!XaD=Ate<3dE~M}5C5*>+%%zF^{@{J| zcgDQ4=NDY^>)vM+l52EfpfoP=85GdHuoCyDvg($<@>oE25$|f!4CBy81wmk({3o=m z0(EYuIxYp=WB;tB(5|?CnROjvN7TisWbA6i}8b+N5(I6Yekzil*eDn5CkaSMcQvXb zNyFq%Y1t>wJe2%~F2+^jCx#vMsbYzxJdN)7O96j+q7a^>*)Jni8ZJe--JMz6b*8kl z;L{mNhi)^r!C;=bK-e3y3+Ao|Eqp7)qz8vzB)@A?Km6*LX6Z z)zItgMP!yem>voVKFGqgNu^Vr9lL}K@A<8I{%n7Zi^lvj6;Lu3p}*{|k%#rYs1_DE z6k#OZ$aX*Lp!N%!-M@G03T&{rFPiMH;GWeD7R-!OOD9BH;QUiSd%maoa7PoYt@j`e z9vd}1aP^Np4FFE7)Z4jCUEa8WzASJLwBV!oB)eBhQy*Ku5GnI$(|zDBqGVm$;&Qz~ z+8=D*(w*AlQ5K_malS28d&`OKpP#9;o>b;07KDNXN`6@0h7=(zp9r)l)AEtedPqOtK;AzXjn7O@I< z7hV{O=6-IsBHV0$h9Ub~e>=srrM5K!fcNzpRYy3ycFpzvei?lFx${<_5gp5zd)lM5 zzncVy%hQUWWavXQ1KeskeqJl`(3Why<|~jD^Y*= z+P|wO;v^sD0IiH@LQ22OGKtJR1sLQ63VR#U-@(_1DTL%#(VjH^4l^prc5_`4g zubERtAb)g_je@(cKuhS@N_P5Q?~!iI!z5dV!S2CJV|QL0j;*U6njUOOih$8#@is5- z)9;?3O95Ku6VI#ML+8xRIl*l3#EkgM??l>CiAP%SDfTs1t=xLS!l|ECr%Skv59-w{ zl{gy&UmiT2<=-!`Dpu@cl60NcE_B5k1cHy4@br=}a0)p>uKBZL=;_fAmU7w{a-u-x zJN33{^HTU3+XrO-mABTO9(D$y^$a0*4!`@k`Md^9oWwF(>U)R{Qf=`$VjQ1qdE#b4 zTp$^o2;?-YNURZ?Aon;=Ywq}<#0GfhkO7brmz12E&VzJiDy)7@$;)l%jQL((N5QNH z?ifB}I~!7vS>R-fG79)OxOLUU4V~~#Ay{L@TK=#c<-q*_>D$`zhEUpR9i9+Q7k_e5 zP?jWEGUFT|hcv}B>48XCYXe%#Yt~aF+!UtnD~MSU+j&^`-_z&pYLh-3eFvbQY2w!B z$tO&4;lDoB6i)mJwJXgPUagfts6TE;0~pUI0S4jZ!r#^@nJPM!>vJ$pXdB>@-y&5k zl;J{yGe=z*xN-``PV-X9nXZHt{2Pv|*|@EA8ZAF~87Kawj847}gVZ4s5U8@f^TzZz zwR8+1yx8_dQ~drsDwwvHK5oXsT;+N=fXMgS=UJN@dZu1|;4&}(tjMgB@O=_5`HTLm z*}tCEK9fv2BoNpO_hvm-eKDZFhocQ_4#G<_5B%G9*Y+IJ6SVJndF(9n^SS5#9-|7A zOHqfqk&c5uBHI$=F$>rvv5i51fxYy4%*cXWL ze7yGwjeMh@;BYq1;AKD*HX&$aRYv2*TD#M67K#P_)MH|NRWG0$ibCr2eY&4)Pl|&; zV%0$7o=EPZhZ7J+RG2y+_n}(SpuAR9c$7R6A%tGl z7jzoWoL~ZU4(^|XyyGu%VCP?sPyfeyg!Ln!EJCf;o!m)RrYcjO!@5 zPp=byLe+$pdQ@fDd3g|$(O656j!ZwwH)XoFd+npidBKkONKF{HD(cz9T}#JLr3R)t^jHyI%M;R_+j%@P0UsZD!=qw6}uuu$m)K#hVWd0zuCi~1ZsC9 z%h}qU;g1NU^td6aDYKi~llRW~ZHTej))*=)Mc?n9#*9H!dg*ufHe_`9H8M5Uy4RW` z=J#{?={84qw@P|&2n>zqO-Z;smr3F?+6DM~^gjBFhqyam zUuN&o%?DnreIQYKhIw2?7rXl7P3)hSr|f)?Ta)iDQvvBSlSPWnVV`$~i;q<7o@x;` zw#C>hn@GYt-(0DDyF;$+XC_FhBTKT5VKTY1JGTbN^Oq_&H1bIRDhhWEce)-EBnspr z^dN7-_zt(jbP>P4%yh_(YT}B=94;DjqnTBJ==alkbeSwp&xie1r5*5e&cpW@S4}zy z^)d2`7zsPOSM6$wmxZmwqEl9yOV&LG78bIxK!S#;CRXx2=)(A*gW~wVl8Wf%Yr|=H=>z3i3ogA@9XyC8SMo=m;Mb*@XCK~1`Ofaz5P@=El(;3N z(W-T(uCF&7N=&IVyC*~fAQg6jJgv!oPTl09+$r*gGl5QswXcbUw%T{QN@I$$`MND{ zr*J1D>Y8rz)ZmHzswD*;$%Qm)zlRjLl4Jrr`Oncr?^7!}BJ3VG|IVss-e)E5#HPWU ztW7AfCEn&hgd$Gg&Ot_1UEO*No%nvgHQ`%+rRYLP5Mfg?Es5TGz){oMgO;7k>@@iS z>*)|=K)b=uU@s&ZK~?Jd&WniqEthAAlFkE!>(X38_lBgQ_3IsB2{+oaiGZ*DihG|! z+xX!h>#coM=d<~fgZ$XqLi#QV)6x7bMq<;O@U=x-^^D!=LB(nvjcm^)*BApx3lsmw+TJF$wP|3wMX; z@ymz`NSv|he+xZH`YC(~S46;_JMZ;14~r2w#uB09g)IPr&ds}x>s|Wu-`BQ(MN+o@K|BN|}j(3PLeB$s#%;CNCWKzbt)rC_6 zU+;k{DDK*r=g*=XdghB3!-41Xb092xA;haQ_xdORJ-y}ZezEbbZn?(E@=-pn;6jkb z3)vvvevnRD_m|eaDKblw6SM9cuR#CIHWQp<=!#7HF-Nmisa-5%M` zGxoyUlf7g0S##}8c_EqrPv@35qPZyLbiaew{c+_J7hfLN>#w`Yck%FCo)O>O5GOw9 z*JQ7|Mh$n5e{^^JC2#6;-=`Pm3xvH-pwjg| zQTL&+E%hISy)fV8lG>`*2sZk&e?R0-_+nICpE!dfpEtiPU2}oE{?fPfh+>vKl{gp@ zI~_ELE*^I_B|6407ERYK9U2eg{j>CWdEkzCRJb+TuPg1fCE~I!7EIHgo2&X6$r;sM zIB@LaVxiQ&NM^AbBJ$omCca*CCVH9Hu&(0i`>bRVa+kP~As|o1GZy&|I;CZZlXE+?UR7ieKa*rwZxz-;XCXh31zB0o( z($#&bQ#bcyq?BrwZv$m!^&4A`>iPx19+ANP=T*rrS_gWY@%t-Fokcku0X^f!?lBI zTYAJRbw}Y$+8<7Mz#A)mR{Wee4flkPLUB84h9el0YVeaB7Hbx|vL|NslxlASfrH46 z*so~h71%JO5>bUP4G{?kYW`de)M&z#p&5d%_%(h(SXlOiz6u#rI?cFWdNNPHZ+QNG zpN=mAVbM&pmcA6wj04eMA$>FR{aBhjdowHX{2iBT!#@Ba2?9~Ghfv_uuWe#HhMlO4 zY~KeRDQTAw z+Is^fhNUitppM5x0c*bsIcoR6N@JN3`t=Am2K?LSyBW)9cc=Lw%@yFL^JB@;vzT}{ zlN+Y|OLttFFWX9>Qyq-C_U;8gUOwNGetClfemO0V)LKrZ=3ZazU|kQ4=b)UF)6E}K zBM$CHI^6t0AgXQpjoa^B4qlp zsm58f^#l3U_pGdsDxcVi#mi>yTGas0DbE6JQ2KQrSqx^~b&)FC3V|=JS zLE~}3dXGENlVIXX;!H}_pot9VDnHNT$np*DM`>SMDDLxoQo{amL)f*Iz-9qV)ScZ6 zPS$*Ak$q9++rW3o(d)LKrP8adDiAK5%dquk>kk^l~TW0P; zBlm3}|DsN507UaMbtk_GCR86OSr0MVKl-#ELcjhhV*K*i?~*w=j4HVGxR0N3y=+&g z8E_Lz*xWq~I4x4vlGzG@1OEBpwC;K0vEAs=^K!{pm%=a%S?C)W`eV(mlV*4l!PsAB znp5u2$J_!q&Ir;>zve5(WGb=xCrh2%dA+ggmu%jNo!a-}5D`zxC65igA6{u_ zUfQ6a^yF|*C-+)(_c>m_Ylc9?GZs1%SXCwHfq1A~4uYFHQ$}*cA3)-8aiSed9PBObOchy-(U1&&c%&e5Fm{&&ez_i&(ibw8Sqs*0yJ_t z$gfts-)9cjGd6kE1uO#mi*QXY7G*XvgK5IAb9D00iujnp{dkID+G5v!j>ql$Jo+~5 zx6|SACWmM6)Q|~6f9`q?{L@?kJo4Q%J^Ai$_f^W3OH%@d%iRBC)vD6zw-#Jv(q13~ zwl)_7(^f)xJ#QIjPyo#6?}-hLEvuKcjqR1V6o%XBtmfUj>Gp%sA*p83#+JBK$|~NU zF9(Ug1pBPQ&pAL%3by96f=cIt1I9&m;arUG?Q;c%HQS<0!yPJMznH%pCyPgRqMj-T z=OOm$oyQuf#;%2*>A$n@s5kTtAs9HE_qzsVwXD}|fsBsR9w9Tjh|Ud;=Ne;Qmr0v; zC|a8@=$9NfGF7EFSD&&cjP-}I4}KM+;`Tj~A3(mSkG>b{d2(34##=AAqZ)mP?#y!de z?ob}6p7`Kx;yxdrUTWDw(+?snn=pYHGeHG1OWrvUzLwWbDD!eTH2x18FY~uW;^-3* zAL_J*}>ADhV}L1=Z`IDW8lNSuI8LM%!LLp2T=DEK{(xCu$~pV#j8Bp7k|P> zs6A5%8#W`%?cult;R{_|-UOlF#;8(7)fN`Xix={sbEo=pb+`s;%3V`ffe2j3%UNe6 zZEzfu`wp%MiJJFGOueZNw4)YQwI3fUovb#T_g)*E!u))r5ayAmm`y&)oxjx>Y4 zwLkZw;wgW^h7>^TsaQL^ z^2_7Fna+N>u+;ZB$-y>Gvq@T(0I=4Aq919BrSlpXJOW$uhe8Zb$M5uB$)S~RkE~(d zk67A}saH$~1Pr~Kv*v$tanV^YhLxpVq_5!jy!o3B=O8$@)S{g(Fw(;IHUIX&Bk3YG zFM)S{**BOXMo7-q)^*$`hj5G&DN@Dk({N+GB>wP9FEAbTw!Qrj zg!w#-Ftwf9Rpb*!o#i`SJxNL9zfY8dCBtKCCf&Uj%-Jt{60ZBg#>XshPdEN^$$q{_ zKWABCwIHLTcb5q2<)l?E>g@qLaWD8ZPSsMHZYCi?09j^X?+ES>=EO%6v?_pp8w}8q zFF$)V-Xw1y-OI;o$fh2ZqR`;53;sCgB>ET`@)^ZZDI(`P9>x>FIn){3K^~H4Lp%*# zxC5(ol3wHqke%9*pGT2X%HPiz){y-OKfAE#`oK#_n0Y3MF7QKynTBf zkx`(n=;)hMNJmdNta~w#ZT3xOZfo1{(z7!^ou_|4``d)Xz&zaoa-VSar^Wky_xkHa zouu0AjeS%uuD{@PC$od=*0v2=4ouDWzKl0petMTHxT;c-?_(Lck7?5nLxyl^Wk|9K zYPH{wzrh}1c*ps3hLZelI@FiOBS$=L#i_>skTwLzkN7~qLNlCp>$p^*ReHKhFLLb) z)$$ub{DA5B63cn$$|NXlEkrT%=%hF)jSp2Cf`)QKu=+(30k3~w)WvuR#? z#ML;$l6N6j)lz+aC{OvN&9h`qV=d^i@!@1Dm_dO*ipOoW<&aMI`?CM3nlp*)X}@^G z07?sK1rQg#(hIT(Llg5~Z&v`$ml>#@rmoV><36TKgLJM0m6LGWK$DiE7E4vBHQf4A z_9P8O&bn&hi7Ctrx|fP&+&`qsP@B=mG1pet=jMcvZ393Kid`kT`{qfDa4gQTWsUO zMkufDOQ@V6^~^ZAagna^`(=xHAIhowbViI(sRlORTo-4^>3x>7MJ0XKdQ;u&rhq+L zPSR+*o4mmd$=D??G`C7;8S<;CWnb0;5XAuKC|}p^0gDCHz`}#MZxtl9AaVa%+qqb7 zgV3?VcYSu_4;zyaNY}h=8aTY|kvh7GN>FrnMns8xh$?Vr;ajC#wSs<#dlx9M)_^$y zGff5Q0h&ptP2sM*bv6&$_1nYs{X4^KMFqd@$3yjtgOj$&*pvRG=SfEC489ZbH7xZe zcWTl_+{dj~uB_P$s7R$${z%00<@H)g;apNCiz)&GI868i|Jg?6MprpT@O^AhSSgp7)X)v%SBT)Xil#zX8MsuL(4JdHKE>`TG`@{ebnMn+vMAQRP5hFsKUh z=6I0cJ8ZsKt74_D%t>>26u${jVFxWu;itl`Vq0GCLCd?;K@@aM=07zFu&P7(;cU-a zegj%s2aEu3d54!=hRAS5RQPK~LZ!oQ3E~o)eS~v~BDfJ5%?_B=x74g#5u-l;a+;)j z_)uBBSoFL^Zm)dSPUea~CGR?Z3j()|L9)XD4jQ#j@rI)#_q6Z@6)QTOjb znSxbf%3L15jIv4yKnn}s{;k&VSbFv_8Fs;NE}`5-O2lERsZ=YxJ4W35G$=%i3lhuY@1_LmK z!pOpuAt(>Yo{~aH=71qsP-R$impo2t|7O<;ZfynKkp}BR(QnvgA83n;ZyAq<$k0&g zY`++C3-uQ^C-mRvCJ&)~^69>+-S!s$=|rtk_ui6a#S6j|jaM_9LwdZRn|w=johE++ z32N3`@F-bXl{3d+{G2{n%pb;^@ry*<_Dsk;*`oF3V-HEhgPR+^;;aA{lc-=ImG&8t z2Nso?c~5P3X|Htdr7W^@B#lFO;~O2VjnS33AmAsS>F$^`kO6A437+HinK%d9TrLmd zb!3MrJm2?eR!5D2t&d6|ZQX&eVIMx>ag_Jb zY{V;qQTy0OC~QfZvuEEzGBfL|S0I7-Kt1AT=WymHOq4quvaCsC^;|z*hu;sW?jSEN zNvXWg9UyskzPg|k52tD$q4@_N(4L3T^SuDEDw>h!tN**+t(S_qxcx3C1gd_gUeOwUhSA@C0N zz3;1!SzT)GPafb6ryt3&0fM%!Y;+tbbX(DQ6C)_4@GsC89?zU)E{i8|e%^{|sW}@8 z;qzCSH|&@<6n&F>Y!XRT{nCn$?(ircvE3MRvOBNl%Y8uxLeyQBmWcn}4}0fw>&yVUu+6Mx_sq=4R_=)X2!+QFEYO^WSNC(m>b{KdsFqB*jwC<> zc;fKJ&?iL~!A~=QgKr-+*E6*95_!I#H;|s?JVI$B-PnW@I-x1(JK7P`=eAml#b$Rn z5Ub~S(;ifx?Y(BK_Q|y41%2KRSgQR#hyH6xcl?q<6;$mMipmXggP4t$Z)FeZbwJSC zQphLRs5(t;pH#)(@vr_(`x=pDd< zf}5|bLzztx1sfbUFg$EMEIwC++mtovHaHRtIasg8@M3Y{5kZU~RzLcdw<}M_*{P>1 z8K5Eq=tb@crc0X-yOc?6J;wN^G=0iX{kupd-&suMO1XT4rB4X*K=)prgDF>Q4H62# za*70P>1iQIE~Vd+y%!SimvOHWXG?E1BEf2Y{ajstbJXzj+iSMdD~c4ouaF8HXC{A+ z=VAK}&0JA_g+TD)l{B<%+$x)G5CfU2m2DVBsr(54M);R6G6{Hm&IVi%#?Bww#9!01 z{e^jOLW=u$cG*wJs!cpYfd1Fj)Nf6cewDAT9I{iQW>g#e_93T|+%_^=?PA@!rLEV& z7MtG<5uc`vy-hp-f8sLFza9w09K}W6!?m3^cwhm4u1?h0T3@VzHIKOPe(fB_8f$4w zanvm&wQ9e1^rxUMwskYbO6Q`}jhRA4Qj2`L3P7BdFBQwy(@g%tx;4`IA}*7>HxtXF z#uEY!0YLNYZlWQ+{irXLM|P%Ot8n1K4MctrWxOZXLr>m&58=%b;EW}IB^+J69lY`= zL%a3h?yFW-vm=Q&TA0E~QweXxaZ_PorLI2M{X*cN1#<$04p@+&rR5i_Z_rI#iCUwC z!7zgBDV)Ne8f7<`pT;ziFyu-`vR5sz!Ui_-0DYz{dsj8Q6{?M_@TM|;5yBoZA%sAs z=hrudN2AYPsFzVIan$YPY(RTZBvsKGr3GmD^WDD_U04(BCz;knLUzcrXUfZu5P_)t z=s#Y6l)O-{#lb{_@BtxgKw0`6xW0Q)!;48HaOTb{pa+!@@ZkPSVN>^SLG z-;O3Ft>XYt3TC~w4TBPTsWSdL$JZiXHAoYRJ$95A*POJD-;rV*k*%%EZ;I~M43OED z<74W3QXt~eKxav2x83UbPn)s_Hwj$39@Ou`L-0OWr@q>cQYL~Xrxb{(-d9~y08OKL zZjM-8q%deBN_VnBQOBK!O<~&Y1a=_(|XE@5v1u_pmwYdd;k3Q1f4YbqH=bbC;DT zIdouY4{fzdY_E2CK8FS!$-{J&0PlFj|91wHqC7i)7d3lrkm*txACO74Q%K}D_RFW_ z?3jyG@6|zMea3Q-;2AfHzSUkt8Ksl6UjZZiBLrA9RUDCtwDuNDir$*IVa4{@sDHJ^ z1~`bFdEs#{f`)z06}=Owcsm$S?keDTMbIu6d_QPoZ81OZZ&Se1W}5k3UmwNwgp?xM zc7VI3m-4j{S!(Xp+x~>UkiZ0OQtbCEMSq8luW;EBD|vZeEN|D*$8fZlX7b}+t~kE% z=&I`-|9`M0Zy7upe{y^-$R784I#Jb5QQfoP?Q0mWd*JVMf7bn&`i&HZwef%#{I#C) z%LzRX{6sC-{N7#l!gd4(1@I|;oXzSe=fdAcQ;qjU_aWkOFr+icGi9b{2T$7zwey?K^ay*U^W<-h zRF`E;cki-AZu+WSmHiEbBDSI0DV@V!b(7;dghtz0z`mHR4;m&hj_`=Tr`Ebr}x&#d<+KnMCJ@XDE2ktLK*&7W*%Q)!TqbkQa)aLJ&Xnd=PhEX zs^fdo4qs46eTn`CQ%v944{T3&XC~MxvLZ_%phP(%c+4E$m@Gz*m8uo^vMj(WU7ZvO z#5~jvd(Sg(b(#^?)1v==Gt|YAhS~rC{Dv0}7vMlEXlVdje_<79&+$AHIqqrY^_lX5 zJ+4-*p!G>S_v@=2%x_8VH!T4)X8QC$ocigy;{N0#14AWHwGJ(B#HVyOou0~f@>2E@ zz)-44#}6h@^ex{pGU0m;W85{DA{#DA!QLl}K1|nB-|xflF$}8mo+S~2%5|vUoRrha zaF?VB@7H|G!pDAD14_<+6zUUx`g~1#EW;#}#Zo0AjFIC4>9iNg*p<&f*`Z-{03{&o zF8eU@?@vK!dp`mjlwWtT4&g@||FRs;u|Q)$73QIMz}Aa(h$QDS2qsNYIcl7cBEq7P zn2Gm7<;hjWEaH?RkPOT%N0H};{?-)1u^!Gg1hvCQCqP`lgY5UK{HzGy>-J2HH&`6^ zec;*0F#L%pPXr98xnL)9=~~`Y&)%7~!uV!umApWc_?g4QVw) zyx+OMq5KKgH{0UhaNL%ub}o>miv_|#=p++HFZ=*LuZn#Kp0!r|8QC(<{$QS$P@&gP zg}Y>dc9ME|McBNpZlT7R0lrX|yCpq9OBKwVh6pD{BG zl6kM6v21?lVJt3`P{8A`a@bAfgCW5SH*v~5_6cg!7**_g=%WA5kK;eGEW1LVOct*S zfDFYwxxUoLuU^bl{%|~*+am7k-4ofLJa}89Yj?OHV(S$>lF)VDm0jEY=V2XB1J^zi zv9x#=bBN#&jN~9M%iox;Q*_ibq?sE#%+b8h-!jYC+5wWI59p67#)ZfdqurDD6PScdd zppB`0=N=Md(c0`|G=kcCrnV369D#3-N*R&*os%_w+pe6Ujfk1j<@bS;fbMP2p0k)~j4v+(d{*wH3aFT0&sOw_Gm!^mU8&Us<8H z(%h?^1Oi3^=`t1aR9|2j9KHezOu~!t2!jSh>OEY0X;yip&b|dpgYp>VmjucHN9$yC z3*_&!7H{M5*HR3?lo`w@U-sb#KhO(F0h3drMaeQBal#K zFkx*yH9q@#G!U{*`9PCkd}Lxkk%5?@k@|d6kflHD-t@IzMOS6l1!+~UG;a6}YUc5* zD^%Sfca3!>!o<7}y%RFFQ*O0+S?Fe(7>+JZp;7#$!)+`?Fw!*`N)hwl#;HF>vr)as|kUn(dy!Xcf9~&}}cei@nVZmt7RPEp< z$6Gf&aCs^-U$r4hhO#CJwbnMk(T@87`(2Sg6mYzi8JlYLzx{6XUiVc$i*W2PpXjH- z1Gu7^d&>{{e)LPk`K6b_LJIO;*Yd_#g5R*E$)(DY(amSAPUGX$-dmcnBezwxLL_M~ zp~S@Tud)p?&@dWjgxDe=>`LP$4sdb+56XIEX1s&0RWY$W46J|8SN3=tCeP_;VD?^j zFC3+7as$lvW#3;yowPFO-zk!X5vM0CS@4l`o`mv`dLt_ERQvS%3fV?MnvybUduY4l zz^HOMHOJ&m*w>54GcXiFWBY?j27uIkFebi|6yCnLW2N&e89sj;nj?QzgjYGt;#KV} z!O(2fRKg&oPoPrGgHtmWw$vI~Is`cRAX*KEbY`CG!m1C3LWZpsA1@EOs0mnLn}00( zkLF4ua2VZK0M)<;_-z8}(b9=TCO6P~xm(>Cmd8Go$3gsq=inoS%J*g^8DH9?d2c?~ zMC00Ao93CHhhsY*J(|}qT9TZkjx$e)rA&&Ok<3j&MV!-*UkFH6e}2(wkq|lVubOZ7 zIigx7YCjb%rnBF0i*6WO5!JT;#Y}XTthI762@flZbe?|rwz!X+WoTmbW3^&}2KO*~ z@ZP*26cD_75@`y3Yp_#%c>hdjbHk$i5n1tx`JbZ6`EckC)mpytT>8)l7cb~sbCI+d z8bOd3D}6b`ZL2^H34yF36PO6hfxlmXFw^fp`$T7=V6xV%KBDkx|EPWLhGK0Dmui&} zbOb;rD<{y7j5)z7T3$Zh(T#py7$jDWg0s)~A6qG9v2!v4!O!Ha(v1p`nrCx-;90KmS|@nw)+gb$raucfUlp=V;c}GSXic4c?JR_I+b1-I#O7M8x;S zKi0gN8eR`GQ$Jb?+oIKB9%7Fe3v3qc)eZlX-nS=kH26GQKYmP-c$|SHJT)ew))mcO10PY>0tUwL|n9>I2WMxyuy^yHPUs)JS=}KEry>b19OP% zRn`DCk*i?b>3MQSbfwDdXJgD#Mx+b+>vW)-ZJ)+Y&hOg*a;=fq>Ch;W@g|Y?+#s65ieK;~6{hd7<5*qk zs?3cRqd8zI=)>J9=AAB--=45L@w-Ot$9%OumQu|zc)jcEb-%{^bF)(CBkTodaONLq zA+f1Ey&Pyq-Te1ly@l{8Wks8E5e07 z6q@(RBTgZ3KK8}@{*lm4zXv};-#lpYF@9Th-nH2;+6T}N(0eD9G>G8FUI{7bLt4x8 zaw69x(1znjfbR{gA^p(a-Gghk1GWe5>3(cRXMkK+&aaEo_`x``g-eP>_lXew|TJ zW&Ze*xLjv!hjx^@r1yjRv~kl*l6J0|vEBrb>u1ZaMnuhb?+!$Vb!D|EnN#hU!A zbr-$^a@0Q$5?KThVb~kz7op4@JgKLMdWqwDjiU1^m`s_-0?`E6Q8JOXbX(FSZM?dM z{AD$iY}!ZL0Qq!Yb&fM%~aC4=4oRCk`lApgCrpMIWBkFCH?Zz)aLMfP1P?df&( zvV#LZ-0c!QeaUFP0XYUpJ42Ft^tLab9eC3LNxL*eAcS&R7KIK#8k>>})LK@iXN?R~U(B{_1{MX%f|6~NP#o<_;iW0QXm#Lww?JvbgFYR>n% z<#BYM{FJZ^|Cve&6QO~a43~Z8kVRR)^{NrX8`$O~s4RmxCG~<#%r6%Du*Khk`~5jE zz%#5HHz4kVP4BMhfVd-L86ceRJgj=3VJ3(8{8F!17s-JovTgK{2HXZ{Bj*#pWe#BB zE1DS>rc7@t|6UekxYM)aK5o9#=jktx+7a*f#04mX&K-ZNqy{w6i9!RPy~;&K!Et*u zHtY;^%bqYVk}w=0Y}XIu2?7UGucq+&i2&P2RJVVRy{AcqO!mpGrPMEh-`(`|g#!3? z5=25==P{O<{PY7)vr2)qk~Fh(`)3(d_mQ9%`$ip1r=l z`e z9Ghh(#rVN_W5dk|(Zz|tpAcM7JY4}U2EjIev9v?gE=JFvk#$s^OV(n1+k;#(0FM1M zywD~bg7oMz3@xExM8aS6)Qx{2bk`7P_RXI>f8Jm7>-7jeGBjcg%T43V$F)RC?s~Xb zbpYKDe2tbqTn{PqOfMl2hw3m-AtR56pZ&g5`5T>^=es!PZL%wSjCo0YexK*#p7SRS zdR+?AaD1Ij=1*^y7SKe*CpXTV1xmd>gXYkTMXaW=@i9Pt@q`2%9Omg5FC zw~CaK`6|i}&oT?}1#Qen%Xe?ANSAu=nan_r-$_}jA8N#(zJGd*{o@8DsaA4V%1@#; zyTwT0?@wrwp0Bz^NY_vJFzQRM4&x;&Lx)i=s58?JOPk?yKS?LIu3^KWw4bv6y5}6$ zuTXO39J~QpFI;gl9-}&ys{0x8>~XT*nRFL!O*dP&w?$$vNIqy~HmOLmqde^m)DtSC zq<9_9r)QhkzkR&uD|dVf@iSV*@g5|y&BOdf(li1@2FYvZ&rQ|H!iLNZ+Xpys zPRKspkShO08^&Pb8&xEJ_e(2a+913;IPUUD0#T-Y+WgH0EARa?o}P{^#himjxk<~b zzJ$^B9B(fSvLlqe@s`k_H%FmRYb(PQ)`^lRmGyid(UWR&KRlS!Rj>)aKCO!?y0c2W zu`iG+SFe+ZZgl_xUU(5`%B1ub@zo0dlj*R*;gH)Pm_-qTDZ|u z6RRh{us$|r*vMMF{`RsFk`!yAn{IHU3kv1*mbSq`yUW((ny=0RIX5$U8+!Aa;s7|r zRnbISW-%r_d@m5-5c_s{k}E4cv}&HOkSrUw^9#KuiCcQ2)_0(eG+vm%D`3gF5OJ=M zg7BAR)qqx{S9;W5LZ-a%qqJt!O=^I?&_65`H5Y0^MK)ya9h5bsHjGHkA@Lzww|OF4 z3?Jo#<_8Bl3pC|_$cr9A6*ew(Fxo~C&p8vGPlG?s#FW&~dgN2lVq4|`UliwSg}@`( z5T9=EPN9Ag_ED^P{*-qgJ$V`DMYv;A$9j*qi>xZ~t)cP0JPouN;7P8KA5kQa(V;$tWMk4;PiXk7#Bne`FI8T)&0)f_FO4p zQlD>Q7XeAZI_gZ*sZaxieuRz0^D*%`T&~MIrY&0=!gp3Z=HS~4((fVevwQlu1W!Zt zidHpYrOOlm18VBLx&63hmH8Ay`zCqw>jRa)m1|tHx#sh`jqeFKTLV4KYm~Xd{1Qfn zeBH%NIz|K5MBwwafOx_B&3y)A+DserZhT@vzK^!Oz*b-X{7&eSTIm5SLy z7@ZxxL*l25^7u{O;d^#B_j*;b^~}_V*Fc0h8!MJe-9IKy?cGV{qPmt3t#!^p-QagS z!E}P(Yc!tX#XBqd921WNEgGnAr4^b!_M9`;AQjL3zWFFf+%paxoT6S}&Asp?wb%F5 zoR1_s=+zUf3&gVkm5^6Di^=nRK~w|l?_3Xw7^N7EK7^Hh+x|Svs`(Vy+xPS@ALXw* zKu_-*l*a~%1t19XLr2v0?_@Xo)_TrOId6o&_YByFhNUtX2xDyR-JHi`pP0Z4H}g&3 zY=XK?54Zy5uE%UG?Gx)3+50x_CI1|-m1u0+&tvi--WvYZN=hG_&KX*X*Y)#2Rww%G z_sx5C4Tw_M!o%|ty|@?U#2@~4fDo*aYw${`f~|4GLvfJKM_nqI{x`EYdz_aYPw?Fv z1|p2J{Wn*V&mdxV{@#l<0xb#sH$%?pPDnADf<#teV^*whhcS!K=Bm0S^tjc<6L zSi>q;(^~uM&n1p+erZ+zfp9E1-jV@ESiNHhq|6|Tf&wV|RH*`gDDKw!=no&hOb}?F z{RlqfY$NQO=lk+SS>P`{UOcMM5Hv}~KT_&hIX&y}llOgD(3VQiVTFVK;>rSbd6*Me$WXA;h!Y=%1i*z*qx72lPez3i!hB_1Ae85})s%dsSwa zax`hh-hTzE~7bAd=^z-5ZaVI*!swLre*A z3+z+RX*!F>_Kf{=NQhH7?^UY7h(=?b3-@>6CBahb_ZR;qXb_etA&do%5+`o_-FQtT<+8C0X^$ysxf|`{$0tZxC|KUg+4v z=?rjbzdSOxXP-9-@;6WTd7J#o;%I?>W5Jrli*%0IPrJBM&^bebay6-aj`@5J`$};i zX18OX1jQHt{PdQGlo?^a&C2n5exZg3T%{xJGuYf)K;X;$wFt?iNz%LvmrGf=9;y$_ zMnXu))BU+k-{;mQ%tMHy$1N?^3Yi+S{HcN9bWx%%-Eu4|#=kU{Z(|fb4gVGyGD?2F-Q< zb#Jh>gLw`FG!sU*iP(Dw#e5!g{^@FJzVH-}P|febLZIW5mso=!IQ2nX@UYWE`Aq}# zsPM6$l<__tTkv$wX6Dm za0AYop!`0H;QHBbMBE1Vt@S4oIf*QGKF#a)jH@_i(NPdqTWahTX_zPoJ~Qazlr_`q za7d%#f~L!Q;4TJsnS}c<@ozNr}sU=4P1T&>F^AUR@XMoA7Ch?zq^9< z?oq`r4H!uFx|Jep`TocYH&{Z%Vm1WdFlRV8Prgmq9zNUg=JKbff15w|V&x9`!SMWm zP{&`c;~00o%;BiuaWW{&aw?JvqCVE9#g!xIy~84~M(ptm35sB+sstFtxxdkEd1k$2 zsGNgJh$Fq7-Vu+rxu4BpPR*NsiyMmk8o@}QrBmSeA1gb~kJ?vMtIlk-!(WiFurO(M zjShhxYLKr=A=@6u5>3j0%yMUB2{8@ffuG%ZQ~Pa61KNF>=fHJ^Q(7(V+I?P*y^j;C zQt)G`GJ6GKDM&Z(e%D8eT&TUyXsg%0vQ1ZjF0RkTk?pgJCkdYR8t#uY8DZ=vKlDhs z#{AuH=hNZ1CeZYylT2`}Qc~PLrQQ~(TOIkg_d7|oOB=0D)&~bWE~HAXlGdc*Aemt-UgAa%EH3Q z{~iAptn=e-W80Q&xX9Z5sqjv>6S7bx=dFH!l%#nl=Ycu|uv5Ix(#H#SNcanKJz4jA zA`npwq!I_#4|s}gdps#Br5%5XcA2IGc1qw-4xnzC6di(}h!jB29~=4;?#Uzw$n|Z> zGBE1z2Nhx6Rd+CcaAd|>q>j_c-QRMI#Lmm64z8|0R%&D4m!HJwIGwB5GMi$A$2q_|UiMcl)-pMK(;gDY%VlMs9`@A7 zMU+Tq@;xMST|RI#pN=K;zmHx!*fYTqs@$jgUE#6a5oM1ie<%AO8IC6_&B?ti==4P| zN9wa$uX4(utX(N=sqdyL2E`<=@!IK@&@UstCG>Yq)vbh!lYH~*rni+dP$ z1sZ%v9R99d5KnIB@m7B!z7E)>@Xn8T4^r~&F5ilt@M+w4_z^ zKJ$5B9U+{-$Ss}O-tS@9gbD7ABOt)W0hJi|SR=dFE8hm=Mad_nE{+z$;0%uz#!84ERtI0d54d+e8hv0eVf zYXuz)M`3UKtQi5t-J$w|JP9Lk@^b^^)Q zDI4wt*+#J=0v)nME?&80X8a9ZmHFj@-5Bzo_7R@t0HIWH0Y;rlH6LSc?(9t?X?VZi z>PtDo4gK`KVRgKf5PkLng;g(UnK*ZN89FCP5u=CKpOpvX1=P27J>C+v@Kg59|AI?l znF`~4e>0W2M(tmF)Lsp%1Gp%|TE14LO@^yzH1!Bh|Gh;u+qmp%VIp*Q z)>Wg5BkGbjgO=LBAfF`^AIB3BgOdu9h-k&`x!{jNdT#n8clYp7ZywoQ(*PJ5eA)6J z2O_&}$GeqPXJg$8$b!Xdcq%L0x&Ze)ZV^i_IS+ZJPIT z*QNUOy^^@Uim1SVh6&fJ%lBc{3#Tn~lWr2PMNd!=wa`dB9PvT2?>AyG2p8Gqr%V>N-vD~&NsYZRe#EYlHrUc?&i4GvB?rZNCr`Zu--spWX zprG4RWKZ8+c!nLU7bpYrkBZ<-KG)~`Pxn070D)EDssHOdWe|mss@5-_9;@H(B z@*B3Q0=|esbsW*?rr_O!^K!o575_Gc z`XrC?O3JiMnNh#u<==&Ir)M6q#qG{M-yKtOFTZ6Vlm+`^8m?KWRPu{ClOi&IXj?0@ z%#tU`LXfJWE<(U#t5u=ab)39!MvwKMvf;+%mC1Si8r{9YY!mzQ%lkow5WWV5ff`vJ zU|fgT^8OHAxInYGJ`%>fdg#(>^%TyX3Ai({mxp7%#9|Ge!-d@T7yeO(BlpxoD(#_k zH3Vm_OHJ|fRd&6@X({g&WGx=PD{ViAbEQ`?5|^|(apDZRIl+b4@b0!s{M2WaOAHM~o*udlt6p4Kq61A!@YLr(UwqVD4j&+Www zQVH(Ha5^tf4%iGr`X+NQzoxlwz4eJ@4*u{ESs!WujcZ}8IdHU)AGeNLI1R`kbnRVB zoxIq2u&sP=` zSI#ZbN4>UgX`Dt;?*Y)59X3CUXG(vc&I7cxJYvptHML;r7+jFii*Sp8)73@TdDRo6?t5Rzj-@4kq20W+r8)$XnZg?|&{TYb6AWsKr$n!d z(7*B#{8_O7&P-Op<;^|oVu%1lWN-dru z&49#E{W&x;99)9pkoX)8*N+YYLf#jo(iLsExS8YyTW;1Aw|D>wPJ4bO8KenVuORJ- zN|G_2Eu)~Is)xFS9Wfqz#_W{pa%3HgAII$#f%?Sg`J2y|-i&JnGRz$uHLHOAq^(wd zq0FOwFIxGG1VeU|+Y81?uP9It1hSS#5M=x$Rb3Nwhwj2J$LM#fZ!J|7qkja$fvr8% z5uhbYC`fMAYMGDpEx(c$zlIM?7??E9`XhR1Z@NC(g|^=sabI|DUFIeXLZwD(EqvoVNzhRI=Zn2PPkK?SpV>;P`O6(7L%w{*le5Y_z@(IIw_T*x>ob5# zFKqgpZ_ihG3|(nR`>5wq<{F|4zU7D3r?8s6)XO1}#iL|EGEvPqV1u1ZwmtyU9(t{k ztR?Bg0ODPpXMro;(+Az7$9Urko#G&MBAWrg<6O#se5=&{x(w@Hir$x!_u&W^?`$r9 zdq@j;U1dAn33x_RTZ^_f%v0I%K~oY&fhZCY1f1(X+%p-rE2*rFS6Iwx@PJ{+*qsad zyE;$c$}qacqAmlNZrXWrxKdL6qE*%MFSk7^`s~}v!uGtz;FqYp+3o;Yi3r*u{=}hD zoiUmB`!>?giYQPCss;l`9pT_60*L>xKi*G+D7`k2Vb?;5z)7Rbe^yrz6WpRpCd?Nep3*R+ETCT4EAxkU!T>dbJFq5sFc8ziVDp4j+lF=yICix{+8KaEW1Y} zI^trAe!E^fxi3z!b2>!(pnx&y>0#^_d~eF>&oOD-@gx%abIPsBl%p7#{RY$%dIIx6 zc6Z_pll1dLi#X?_-Ef$vy@69!;yH!oV1&OIApAPzn^1NqqcnSN^sh(ji07`KH43GhlGCgUBg%2U2aXypgN}L1Z+4_aG?@096dLU)= zA1-`?2H&5%p>kJ*M#bh5C*Y>^*AJROelV=U>DU65FWxRncxjMRin)AQXSE@M>~%DnoY?3vd{q+k!LtxD)8n+EHvze;ra^6guNITsw`*em z0a`D!f6K^TJmmntt)t$Id;Xfbn<35nebeF(wMToXisLUHzJP4AimPTcH%a%25BDwi z`6K+=D;@Dpaby=h&DJXe2&G}d6O5aAl<4j%JXGCS5dA>oM}1s=tu<1&o0>azpBg)P zge_mlYQ6?H{-BttMli7gnCyNOp@eS1q~PM}r*XJCuV`df`M3=IoSlC1{h0IS>r(L4 zF>Fghik3&f#q%KU1>z`EL0|CM?_E0!74#B^Ju10iNc=Jh${0{>!cp^nq%6CPO$2gQ z@~M?UcG`hOMr7Tfel-M&u58wu8vOubiM&R&$C%E)h*p=X4)E$X2Z!kQ-iYYA&aXG} z(np|@{=P=^1SF=8yGU>q5m&f*xy{7?=Co<{s9v=vcE4ZjHoWA^ZSPmyQ@AuE&75C9 zRZ;Xs``jihBl+9(o?E&{o%XhqSVeaKFRb8|9_V4em&>?=#+TozP+9@IvslkmFpQ2+ zM)H+jjvlNY{PJ@9oSUk*vFFfWqtg!&bIk8OnHR0al$fe z=h+!^@s=8m`%L&Ey1-z{DywF{6=|xW9V7gxX}=;{DZop&L46pNeEU1KCcHHRVe0{_GrKF1wDA&`0N-tVBgG+J}{+^gIWj-aoh!vp(LNhgaxggc`Y$ zg`e~V=>c>P<_vv~y-pZ{jTwJ!Q^>V@a3iicA-q$EPlb{QxjB%o`)-iJT}p7&6?mGZW~kBT`( z=ka-ryB;q#CHZuxUsH1()Ix=N({W!;^77s_$>)#T#8G^)4=T>FSLiz0ulw`VZ^E36 zu6d+b5U+wWH<*;kpRzmw6qCWp){F7y?zl%H6)EFms@Kf}wh6y%nfBC9*<~9BZn-r) zES18R5bCIdl-~mtR1GTG{W{wsxzIBBQm8k##?f%K1$;nHE^%Fw{vd-a~M>G)ZdBq4u* zdW2F<*3~l8b8ww8z4%7pDKZ+u6?7n9U{H~ltt*jrdy!}TdVm@vb%hf_e$_Etpn+zZbGnP`8+h0gWW`6uZiEQJgH{~o_cC9Of*&fY|%(38rXpR3#2%EQ~_xM^t zj+rBVPa7*AJcoRk@7_m8;GQI02(xs@By^pPp1CtgZuG!Vw}Bv7T_T+o@yiPDh#ux7 zj`wH?vM%G<AM=wz84sA>BUp4&;jB|SODR`@uwb3O3z`;K3)sr~_?y5AS59`5trc?ce3czd{Z zd+ggGZU{t1^AUQ42k^aW>izWJ;7JU77Ch3F0QKqq0e5&X=Z4!p|F{<;{piCB5Cg@? zsC#(2fXSWn1ih9|8=_YQ9K`dx1jA0!jcGBE6>ENy8T{?=mXO`^Xg$t3Af_A5mnKH2 z=-l5gii39->2`Q^YU#XwTVzm&4ywtoADl$yIo7*RtHA?Cw^LiCAaaevpKC);r$a9I ztC)OetpdUqUAC%Y=tmAzg1vHr#q8`|l^@oy;nV(gW*F&`%6C7XBO=MOlo%HJ^(kbc z;`Y^WFz)JcVu5=M$XkrmMjbO0zi%B!UyKTHyP>6j$hv0cr-Z$0(A}#1UJ=7;?iKbh zIm@+`Ob0fsfSlrfKL@|^$slWy=kfl%>(G{u5mD#fcwN+I|4E3bMw2)Sjp2^6o%r;! z&*$(1t}cB)vl6!OoK=I8^=(>eJ4Ph^i#v1d{)BB?W4pcY-qkd@3u?lic)3c0<{{7< zlxDeOL}vES`|xLDp65o)ahK8A8NuKqPq)p+2N^Ly^@6N_CokJdjeDeFpi zhx$|4R;#`<>1cgVl5;;lzw?6k)T?eTCSa6MSxrjklDr{CJfDWc@O$&OpD^NMtNr=3 zuL}JfpBuW|7t`C7yZSK)XSQ#)US8bd5;VX(U+?qFVvyJGkOsyJJ!L+(GN+t$p(k_r z(DOAWH2>XWsav}UU8~{E0$|yr&yRtVFCNE_0WHG=`+8(!3f0jfk|X=(gNoK4E*?Ws zi)8HZr>FlQZX5+opW?qIfrQer55nht z*u-l~qJ2wJNRB+n4S)51>EWrz9p%RXT4*;`di9&P9{=p?+kIITHGV$u_)V-_KsWN? zROC-U)$VV~&>EH;zG`uz$S%zGAmhT9T~0E46fhje=YS{@d&$)C8rZrCSKH@#qsgS! zW=TbeZzC-IQ_MLTtP0bed1uOmORQ^i%mmFDE!70;H381eCs&;+THvC#Mr*^*R|Oc#b&L<8t9o zo&0X$i*c01XwQ{Q5!huKhc3x->$yf3g&twHG)1VYw2>YiVpr~Jm>SX|$8 ztsnRYgAVcQ^5tTzGDGp0@2kf^2LPS)B(Y*h7!BM7MZ?q#)ldB<{RkKUfGx^Z7b+5f zYMebW>pf%uKsp{~8MwLIzRbQS7iGm~xDR6WcwIUw7GQuZXerO z4*QNWFK|-NnW3%3t%hrCQfd~mIGWKYU5zm-gr*I6qMET^j2+NagF4}adrBt zQ+^-p2w51@fj{-(-kja}Z@ew&@}_P0^@$7Fy6By@>Q|!om`T6E88XBPMLe~poTt1p z>)VtDNj_xV(#kuSt1n|{L`YwTkj>n!Puh{bdLv)SEVDDw)gIeD#@8H*H1y)!>IU-v zU5^e3xy69=dzq7TV-G>h?EE7KApLR|XsNSyr{ARJz7EO&i<3*1EM`3UUr^WxUxb?5 zz!n+$s`t}z!p+NFH-}7%WdW`Bv*LU3C^oI{bt{Wcmse(sarWBg9|0Qj06Yojn`XPl^76EZj&o)@$gtwK$?SO8;IJnyS8<;nR5%Lx1eoPOSo=1$%KAk;LMKhm zBGo=YClq>&5CH4jT3alrzGF#NbLx5JsswUcbVbQc-SK|GH1&FDse{vFdlpYGXRH%8}lrUlMB8K3cd$A%QONhus^de2+S3;_lALj zs~?QKQ=PksE0;6W4{ts<1}qsz#V@>6@)bEXhk2p0h$XIxaHCf}5w;lAs1BgCJI*OT zjxcX`uFYSc`GeW2KG=KlImf-L`q<2Tl8WGC%NUC4?TPGNe8Tm3V_RJ-4nKN{p8GzJ z_2m%EtY%#C2Nc5kM;N|Ms$!^6zQ<5!Fr%bp#1v1#C9%I5o5 zI-4Y}Cg}CPo(0X#lwGV>xe0m8U-dT93}qLSC=w~y_m01sddWM%;dRv3Q1-gd{vpAh zJBqOoTdw=Y18aq5rg(K4mlFAbq(1qqstgngHWDSy9m!S6))Fb;~IBwGBk`cQAbQF{r*pHx!!8Jv_%a7Wbfy+;M;M~P zW4U<2L<5@d%DF=`a>+tc-;jj5Yq0hca7@71OwlMtLX%chB&#nJMO90!6cZo&K3D-vn&)#ix9cZ6dWLcr_(k`0~_pE<(C4EAW5IV$hAIrIv@*1HOVc=VW7 zE^hmm+|Jjs*eeHo4_pgS-)~OSLOZl6`b8Eu=q>3+5kT@w4$r_qwbxj})GR6b&#i7= zNTvuG$NE84Z<1emh4K8%8x!w5RWRMH^Wa;vk3kCtBo3@w09Ec?B7q`w7z+R=b)fGs z1v#8gzwdNiLBe5+zJMbUjHms+I;;K1(W$%rv^5GTt189`fq$$*{axXkiO(%xhvu&f z_LMsf@b%c{PXQ>KJ z0@DQjOMmWwf(AK{v1u2S931z&Iy`$zRn)wcgqxiQd124tNK2Le%B@4L_IE(`w|jdl z);FRQw7fcR0>AAu!ZcE3xil}|{?U0o4%|~Bl`{}%c@K;b{9(Hn^l)&FH?4nbU9XI+ zQ4~yd@sO=_9Q*17r$M{4NS&_hX}$bP}i^XD3YY(ejfWNNiNg)AW>zgp$skkg1d z5W>)AdhH(Om6(sqS5*FpttRvW#lnOpfDHL;^3BtJP*XwNOL|Kj1Euv^EH}$LPZvm% z;S5~;O*Dw@GBjUE0V@?DJ(JLVICUWwTlERWRD94Pt|^)%$Sj~__5eXoJOyh+@`=7_ z^AnLhi7lclpAyyM#_gXRy`uzJw`IpCiQ46tL4PD8C~TkiR0l~i<39T(e>@(v%M3{1 zw%f3;o5%pfj@LV{vg|=x@(ZtIj+CQVte^erv>N1qaPgKWM>)LRpx);mUb52Y*&YiK05+eD zQ{@0@nB(LPx35uWS=Gv)6Zq#OP2a+m=upkz))hs*jEwdf@A9OtS>pLY-+)Jc)^iwq zh>HTLX?z=1f7~!9MD;4>RLLK`9}n`%K8Eq!_4RlhpaZSVHxQesvbH2i?U7bgN?jE8 zfp*Hen~sDNhB*3fr-!mEe(f`I3hhTcnfrd%e%*p-vMf6K^a}vej%ALvlJ7~aQMG_e zk;w((5ub&S;zLDNa8D~;XG~kMNHPAznL-*z?w0^RiuFMpUr8P-Zxgt`owDw8dRf;W z{L{Lqe}+^m>E{YPLLDAPqTH+?S6HuGhdmQOJn=Smclkzs!W1L9{AdtExbEHoDAV>i z^Nl+S8&H~paeZT?xk~-}*QC9`riwQRgEYt2<5{X(adb!h&+iR(!{WzKzk8@b-+Q9v;R_JC1RoOzCU0)( z`U7SUZ;^?CkQbz`Ts|4dfoLKg;8E9RJh*7YwTA!;pvl6Wsnfl23H5B+^?h=F*W9Hj z&QvyA->dn0F^l}tS6C_w>-f_B$Lj=U>-F-RHBhH_p-;EdI~qmx%1kzHeH7u)f`NUzVluOsS+fo6HEaJ2HZ; z3Rx)?-vg#KDd)eI#0La=z@cZBOHL-dcYUBB&U?Va-zF)4W6y=3fzCFjqPGkGE}YFS z>-_Mfl{R}WBY0TpuV`N7pE)W@w-)I7PynzPX}qs(&$bi{a4>g7{!4DOVgB*}e&(-) zqC%E52bMTNTCO|6 z7%}VAu9)IA9uB5aZdqti)caU3+=z&MAEnWvs?J5)HRSHcfw~cPaP!3^#}0rHwvIyj z!l@|f2q*5eYz`4HKlD(oH#Tckar^v)J0tE36aI<9S19fX7d6h>uaG|<5Nenpv~V_( z4cVA@5vsJU{|aUtdJ5@@fA-2mOGOV*zD;Q0nN%krQt%FFg!??)t^by=`0U!G<*gNX zw0Q&>)llSwKsk)oG8)I2JiMF}+eVuF$m-7U9Hck|De;`bliyEwk6>RGD&G&}b%Unh z{C(RwfsumKbV)vqD3bZn_pWl(BPhJDD!w|4I=ZKQ85SQcBp|B~g+lQP?X8tPk5c$T z+w4nGj&XyLU4L4^XPIop=jLg81&48>fy-;dG0!<1JxhfVGFw_xoxt+K4~pv-OU-`Wr9dJ~Qi6}doK7$>*_ z*Ey&AHbe750ttfIteJ88vXJ|<=lr;&w|IZw%8$7tj?~uv_0rpxGc3=v zanzfG5AlL;!V-eJzyKn)|CoHry?rfmNdf9#$*mOGpA~Fkcaz=Z_{OIClL#-_2Q|@u zS?}cXZGZ|Z&jV&!zBM#Lm7o5KmvC`Fw6lTCUJLN%Qg`_8YVqHRK-699K4ibnqb7D(oKRpQjXO@Vy6FBP1mHlnHDPxk#$*#WCNwR4EfyF?H#$8+R}N|MDAM; zw1+ux^F4zT$5s4tbhKztmpiYrwyzS&weVE7NFP`4qB}IShlKGl4~AU$*t{tV%&0xL5CF>>(HsCGZ9w=NkYabH6ON5cTA9(cFG5QMo$2Vx{M4>!qGn z3xNJ6y2ne@n=~tKl7vE&v=Ow$K*%wdj>9f=hUysfe}+U>yCHdizAh{%032qSs&!&Q z1rn-(-y?}R23mcS)P+dYa(H*c2Y@o-ZW4nNU=6DI`o%wkMRg$LoCqS-YV@6AP@vDr z7rXNv#plJlts^xNeC?8pq4xIKl9dQ1Q4(Jznp*UckDIZ=a?*X>W{gfpA%(hmIyliNcQSb2Lqv8IqN5h?=s^Gr**GKg%n!K7WA>pBBw7W3V z@x#n-I3~H*I+`WPxFsJbZaB<3UgngyPfX(b#WD1rC+^2N_S#q+Bs@m%q0n9S+_s7T8)9GDr>F`KmeqPZUfy_0YM|2vK`!eJ}(0%`IC}iB) zb6j<|4d}V8VF&GnZ~{B}frz?2W|qHieW>!`bM40JYOX1v-5wIP{w2VokCjq=YY(8R zRY?65?Q~79+v6-jpyq7N25B#GB+&DkcYeXc5?b72OY=$_s`daV)h*5su2GY#%*5mQ z{FhEWU?_sJU0=Sqa9N-5wnk(Dnos!c%cy!(3b=gUkuG}_fewc$Nm4a{#`%3d0ENBq zbwymv--mRstu?*2Rm$=_7WOP&bD1dsyjFpd^S5 zF0DN>+U6mCQI6FIHmKqrsU`rxHC6ng72kdWjnQ2NTTvTD+TJIzHv?7?L-H%Dw_5O= zJ529a&mz!_Sx(Q3>X=AiLyof7B-c`ie_C6}>M$|7zq#hgP9l0q6ac`tcW~1Sf(l_! z`KZlTOQZ?vNdQxl4!MRg4^o12D`tt8sJ#sO+>0bP+c=-PEcQ!NJ~XHE3|U4VVkHDP z>o1}Tk45=#)2oghz;3F{J?=L%fEqJkl6EcSx8D`z!p|P0cFgbn@zR0)T*=vMe`5e4 z?-f2I7n^yyI6^$%^^XzyYP@<ko-hrKmJMq4Zu@h6eR;;}W%ulhuC#T;duD(tDI?hka&w7YBj`(AMt+Oq@gYu%z zGtjQj&;8F>8Nx>G?=?AZRIfvp)vhyh@C9lH5%(-oK7U+;_I;ZYlok#?QBE_6)VHm) z`NOf!j*=1fO259;qrg?_*~_WAgZ$FmlcicFNu8J4 z$vWS0$3*qfDPjBwmPy%lS;Th#kgC5|3GQ9wkh*vuH6d_*w`Q80C7Q$dy|(t+r4@oU zEhK##Mm4{65(E|c1(8g#JK6?5g^pd^&)e@&zVvN=iN8MwF)|fU?fnc;GSkXO`Ck0f z(fytCuHe+nSF-Q&x`Tst(b{qZRPT;b@;M`n6HCM6?s-4&gA5;#T5OBNdPc)>oP3MN zzPiDegvK+Rd#N<}WWi?DlDwVmhh$^IX7r2*3T|cwWjl zqoDV3@{4!GW}A}06~e!O+>hNC1NO+gUT0WX`P;lF!VkE@pWw%dS$Ww<_x=?QAL2#I zY%DA;klyx!cIPXR(>i(OX>qQ4XY z*?)wA3Q2XyX1nk8*axTU83*7eh0`F~4J)zq_9)BNAs)q6V0zW5h5TM=FQ(bN>%zI% zg03d*23<;AT-*)6?U!ussB)yA7Izr>5mhByJ}uG=)ePtzmq5{adh)8%J*8x z-s9y6b1Xr|UEKE#M-D57CZ~7DuYB`b>!b-)pMF4brBM2(QfPr@(ms@fEL-bL2*hpv znr7bR1vu)#IL>s~ljsq(TdzT0o2Hoa14isn)&P|f2n)C-W9bd;6SROwR}4L zxjl3rbw2d#9-h27A5Qjp<$3F^jqSPBmtR(9MY+%MCa9Rg<655~jMnPq*$dBDR{L~< z`1IA2wUf{bN_E(tU-5fLbGo>Hcf>ud>Wr@s?RwO3 z;l!RvR;USUK&c2N&>fK2a4$-9x$D``vJG_h>7`vm9i!fl+9#SBe8M{*ENxTEsBk90 z!2}FVoKwKu(y}U-GMZ$#+e(csFy$9TZs8YIms3E!8Do1Bo*fV_eYtnUt5y^43KgdP z)@Ak^;+51BWy#5Wa_(V^?#suF%gy~w=42er{s9F{^Vmj0nMBN4mCzwqJdH`ZE3st1 z4iuTuoGU+rtPj*RYxt^sAOYa@77eU}zFcJI1EHAb5r_|POlwi)kjcoa!ai5Swtw8V z(Xp&liT#{y-Dia{AUsGVXXoLYWn*^0)a_%$$xFJzy%amN=p0D-Ee!7?6w7YUr*4tv zJu(^(o?HzxI9=44bNv~=rOsxsb`%)e!B_n?@i2VvROp9sCFOHq0F2H?oH5F#pQht? z3R@*bY_d6T2y8#D`WoeQVo2#K*y z$%hNKKm{ffVIUf}RY)1tyIfW$j=_ku!ihV7&h}9mk7E4!IaXkLK`AA zrtM%6kxr1d0ZPTR-450RwTGzu`n88dGc&4SKtB zcE3(CI%jQ27#;kqo*qrS)4DuQbmQ8CEWF_AatfI_NhIGt+~d7ot~Zw{(t4=AP3n1l zqRKk*K>*z@at*^Hs6||Ta8iD|tv4_HLq6C{PfHz|UDlrnAj z<}38pWP+!!Rlg4o+T1@5dIO>tU}>>Vn+3VSsyHB_NNqHyD_+;jZ|`Y4G*Yb%=Ux(- z&%KKai4c>lTkmfLvo%X7gxHIuueV;JJ35$v#fEQY8SV5UpX~2)fszHdtiMew`v)!@ z2k-E9td7ug2oD9CIStwbb}CDhZDmD49o7N5{Hj8_>Z26*l~qPnuCR{>{MzOB`t?aG z#thU!CCW5Q~i$<#83 zTR$1(vHALJN$is;nmzKD{bbtXM0lni#2jBQ9(T1BFTFzi5$X}Ocs_4!iNn`<*=iYbkfcWhB2*}i5U_s33=mhze^cOx@1kQ(8KkQM1^i7&jrMzn=^ETW&KVaF5 z@3cRBCLoos6Wv{@;0Xomx8BD(abaVL9TQ0O(i~NAhu=v+^p&~H^WEz_TfZMcb@-;( zTGY)HDC1VP;RgHgU>&~nZ8@@Oq`juTU8Mysk<&*lsgrigK9xdKN>XP=0j@UGpc>E; zoS3c;w)G0mfcdx46X>_@1}q8u9PY;FU{9oYN-x)?3@Pejd}BFsHzuym#G!s{n=O6{ z_mZbT&~9LW`JzXnXeFXZ3M(a5)eeyZ+%JV{#8G+%%D_%Byscs%q=AD~^>(x&*MY%q zR%^oy`!~E@a2UJUHWq=7%_0#?EBR}R_ z=q-Ihs#AickH79^Z}SDV$~SMj8Quyd;@Fa<-L-w6a&__R;LEpq(uLbkFF6t(P*4{b z(p^SYw2P$kE|m5QL1QT|Ck)%uwL1L?h{v_5sKhkMxQp&5UK*4aDg9( zm7ybZ$m{xg<=^flVa}%XJTC58%})_(HD!;}HO=jynkb8K4daK$fwJ`&77AKc)#+@!^UO+r~nVOF!4MoS_@i`t_|mJbpSmV=r3ch-ax#!)SrJf ze#PHaO+dlxB|M{6hYWt3ShmE>B)c;16}kgm(RkPN(2?<{A2^7fp0o#fX3$RnDeuMP z5Oz!BW2IhQ3LnUfNHS9nzYGngS0*0sZ~9PGilxi`@xyzktCR8^b048>Wgv=akP@oo z9&X5%v;;#X1r+4^;J!G*Pd zl;i01>n8khyOJNv^HEbm_&6j7L0GX<$K=zrA0Of~%+6`QQ}7FrxvT&Jxr3@kS2rVY zK6u>SPTq1=E*DM@6IhL7!tlfa-#X$aSQ`t`t>wj|L2pwpch7Y*Cp&zi&1OGnyqb6< zkX|r7hjR>hdp=c&X@9g>XKhyf4$tixfOIj*C!qzUuG7)jFIOn|=B;zymqGk|MiW$f z{(S$jGvzU7I=;TSU9Ly{P0V{E2=n?dmIRkxoHX~Do~9NxbFxE|-yuwLdRz!2aUk@I z1FY*KjK+nt_BHZ(y)z0DhEb9{+9^uxDj%!>3R;r|b3;k0hkt06!JE1|;pSh?VGUze z7+>OzI4tg6a4j#gE6H=ab`2`uV!yPpmKF5jcp;$iz6ix9Mqg)-O{T#IK!^P_LKo&d z1h4xGS}gEZG(7W6u>2nKKVBO?VC%_e;|dQn)90L0d0Bn#O?zVJwQ&biIlq@sji(5> zLG9njPJ;w29FJDNBnG&qv$zY;IKAvUTT+2gyEJgHB~wtI!>e{1dU6?J(qUR=vL=Aa z9){ol6q2Wg{+Q{9jC_iFkNz|7A}OkreTkO8kAH0M3>cwaL1vz`{H1-qbD z{X%fGC;DnItU`eOKeL&cU@=lZjkyEoL>aZ2;Wmj`z`}UeMJJl69vjB4dROMW)vx@> zu%p{V$?p01BcMzp)OR3W_HWMRGa%BRWX#O95N+gdE8*;w9$|?C;_dH)fzr0)SB{4S ztor~ae8<{vhQu@})NGq}k zzz{wkBmcI<;hybnpX|@2UQ@IE)|hepNL(c!GN=*z+slT<&gb;~>_{INYG<=NuJ>1& zltMIqLA#ZD@AQ-4w>%Gal*O7<#{AdtV ztH4kWZ>X&o-%t68P@oi>^G2ewd_rFR3Fa|;jVBUnkcZnoUco1JTR9kYGGH4HGw)ZnuHT!BcZOt3(p^(h;Xlihj_fX^ww|%~9MEv9Kt>dCv z+jntu+kuHKBDTQvj6L1mV@`MXh+>P12rAg!E!d)%Aa;v|g^7wSw!eG%zI%V)b3X4m zpY!)`e?~S;JhRrbo^?NWT=#W(Y!oD?N`W^TB(!G z75IrfB~@q=h(kgtG0btGNpgdgBqXzfP7+=jlcR`ClA6k8;K4z`Nr@~gkFMh4oRc3g=>gZ3FT60K;cR+l?VII${=aLF*QS4hu!nfQPMTQbSfLm9K+Bn>=jO zC?qnVGlX+NaX83)NlZdC0lGrmK{c{}BdQXhFadkb-BBj6xqk zq_jq$RiG+T0sO;(afCQj1nKYwc1YMeC^46v2)x%8sta@s>7gi)kC{k33Qgq}QHT@| zTZAX_IeMMX1N~@Z3ZQ-sTbxN^3q^P~0gYyeA#5NLAW+ta*L2@vRr%;u6 zoGzeJi#cWnMrDW)Rb(_43Fb^*1dMUvC2|wYX<1s_jkR&8UnA#aWl>zCmr{LW#tWT>T zpaBj{g?XhALUNmhNM@@EB%M8k@e*lRm0AUhnc*?mND4XLz)Gbe7tN**pi&8d5Qdk` zBn(MLrMMIr1~LnE)|rH%!{2}Z0Zxq}3GtWE z3gAwn5Pi5%#K@OGj7SZbVS3>fOm%5tDg1el)nyInfpZ=%02;<2C;}h>>&DVWf2bbe zb|jiXA6x$q|bB{ zgBVOWriNY-GzVyCIbNHPXK}E+YDB4$L2=SlA+?_xlMzHRi!{~elm>Vn(B(FR4?*F0 zJX)361r0s{VB1eMyCQl9N6cVHBp~Wy1?5&?{6k6Xa6_YYQn$dVO%*b|AbT8^V0b~c z!mEOBpxcRbX}}A`9TkxrMI0+T8|62IlvFWJ3?vM4Krr#t0;)0Ui}=tSC5ZpP>S9<3 z6b_K7x-=oL&4=;AGj5eU%EzW!{CYo2fy3iXG`3s z;SiJMjQ}$#0B=kJjYViv$ZbBej>5qyL1DzrQ^|u$x}V|&X(J0sZROdS^i(iTD7snf z1u-B!2f5?zD3dD&Q3WNMs`c4pN|qlJbLqJ_of>$Lbq0xFj0y=L--yL&G%0A@jmCAXR1o*9lDvjPX2^9c32Ejbug8DAux+F!8B$fy1DW z0y&)BZ9(o(j$Q&Ih(bDKUDHH3A)aD#`ivZr2n|O;0@iCgQ5vOUq(F9sxK#{|mV%R6 z8BPv`!-<8s1_m1dCpNkgUIPj`CRbx~KxeBGdXFMbj+aSr@q`}42#Q@&D`HmU5jF@i ziK!r-4ag9gR!yP**}^12CsT%p>Z{K~XE_|afZ6GAV8c;Yz#H`&fr6I<0^-0x7z@ck z?T<)>PAWbk;3*;Cp{)pSRvBUvot=pC5P?wxzAxf+Kz}Cu0^cd+6Z8%MtCE-+g-~SG zq!Mgg720Btq(WPlUnK+Da++PM@aVaCojhVSyRjhIE7XYW1YpCksfcDUt`sjn76wx; z@Nt1XRSZ1A&QMH7=R%d=hZ4inS?E9+OH3@RpPvacSfMzA>z4shPqE5*|{VbT-AQ$5?0%D4+o$ zz1$V>kr~>EokX{hT{^9ooC>@aZcw7NpfJp^4j7~qWCqgAl+=*Q>_E07JjboWLN%3T z#M0@aP!JLmPO@EXf)-vR3Kx@2AV}zyhSWN|-RQun@%$i)6GVWv43h)I7PV@bhfMGa zO*Bu`!+?UBPr{)HB?9CPa<@~-m6=SyUPi*HIjVp>kV>V;#3nxkNi2c`^oE^AvYJn% z8zMNa+<=QQcyv~(gCbDk!ZMbSB@qf~C{I*Iq5yRi4tUi$RH@74BnK>N8^#1Rc|YJ# zaY7>oEe6XcWLZ%t88!k|nPITw3G$ei5R9VDJc5*>7Lq~b=nsK`l0?;5F~W!fv5cV2 zXA3E`a)a0tPK`i{CL+h6(Hu8Am4?GHX(4FVM$SYN7J#%3{2~@Q#b|xd86}GWDTlWK z*F4jXCC3bWrN_jknEpO=T9+e2HbXZJ#bu6( zG)|x|glFOX4mFL#Q91OKkWbG7W@`@}8fW{L0J>xfjK!c>`!5d-nOs0-070zyiDp$2LMR?ok?K zYGfM3Tp3fRQR4v%38*-q35nU5F;*;M7TWy*KT?{JaXoIe9UyWrp$vu6M2Y}su8L+S zfYwS(3!NbfwJ9oaq1|*0io-@pOlF#bi}Q$yB!h})KwGuYQ;HZxu3Bld31wWn1Juz; z;SexON{vdr9cIL6#WQpUOjsa6?pz%(p(E^#et}$zBJq8IUpE47EFuFWs6XT-g0@!3 zX{3dNFsMUm04W$DUWy9J=JtDR7kC(3CQVc4M0u^QALOl4e z2q*O+|A(*R0j(gO6-L|-x%k$U-1Xb@-9EMvMkp1t6P2A@f4wNNh?d z3+v4aqF)#EfdG(&of-@UK;o26h+#o0k^(yu2nNt;qzIpZCvseLOi<6}MqQAUwMKAQ zv`I)bS)yST2_Ny%e0m`_jE`6)0*SzghkkyNSq_937@te4W^=Vt8UqvuJTf6xj|Igq zaTLtGoEJ97B7O^Om;fQfN*q39bx9~rMDUNn5^(7J7$+?d7Q<{Y zup|mr7B|%)ft)xa zY>Wl9RF#nd1u?RNO{7Icbi{cD78DS<#|hP(uQ}MK~f1855=t)YoQMq+T@VpKAjwea=n}bfM=60 z7zN%JD$xdqC+7(qD78mxw)j|1EQ%Z^`GwG^5`_VnG=WEN2Yzci5AvNr5zh>GfsB?y zqzl=IvmbSe>~6IH3*}80n6sFbg*Kw`B&?Dj1CS*lViQrQJ`lo^4{xe`aQlQozq_;vufCqNT` z0$#_62*AVxPccn+BaLeSCUI9PI2O?MMTDTkWN=}je_16qprGPwHJW&KIZvX}m|b+x zi^D-(FT~NS30jAo9*d}DRv%Vkjbdd$CBZT5!QfR*lz7;s^M2FyuTcNaw0;WTIPuM5IvzU^W#NYXG|L6ns(;U|uBO zAJJZ^-iFY6P|RW_+~EvlOimDx#JD&Ivi;~NQa+N;kU{4@g9@@d91RZ&Q5b0LhG$(Yo5;w*1B)r} zUoz1|xq%mEYI!`a!z$!J6CsI_8u4?y-mos>#rf@QqQOpQq`JsHhQJ)Q=$RU*g^+YK z0bU@0E>;rCiMA4Oc!x|0(G9Ts0u-B%xR_?QJ*ap4>=8n$#;=LdQl)H-p6l_(z`Tno zp0Jx16Vk9DA{j@)P|+fQ4mmMFxm(I0Ndhzs9$at0X95&d?cpeOA$8CimT0X2YKxIV zDmR@*WP z;K!1Aeu>9OiUk#^kem%L9V#L{h~k=1N-;|52W*W6c!47HMG zH>-s)8;l+{4<4`h|b4wYx!Y02!KgQ zI=wn10zXGhVMo!P5R=EJGN`x!TSbwo)i|j2>SQ6Qo#-;gXb^+{k#2?T5OlAbtxma# z5wQT9fl1Cc0RX~i@h}BEh7KAtsA?em6WgRxBj}9dc~GF`aDq`I)y&k3AxUd>Q%zJ% zh#PikobnJu!V-hLEQ(=Pc=f;*V7K~+6ik$rDrVD2o=`L(ka^5190;8IBw>jNF%LpN z!=j{fEa9kEz#)S0G*K)A;Al9YRr&E?Dxk(kg7S7yg78Q(w0e$+jR9O&j7z2Xyb&@J zr*?u7i3H#z337Z4n!a30+8>7qx|ROWo68(rlg3DN7(mz8Lw9%#B9$OD6)y~>N>Fx& zGL;)}fbNJ%FQU4gV8@a4j8@LpYk3Bu4M_HI1P>8{0=iAcvl+qD)c=uSppir%fWb#h zon0sK%aII@&EX=V)nYM|MHcvke6`l*^PolcpoYv!HESax6HbIT$*B?|h#PvSv7ieb z4aP8rpavRVxjvpEXi;;>mOudfON4!!5`!*q_?5smD&>Dx6g%t}`ZYc-5F&Am9wG}i zK?>yQ&03~C2xO-+mQMw+03VeM4Mz&A8nFn#swM*J09ZOwMI=H{)A2&QBILs1Jzj|% z)EEOE8&LXc@CsuT3e|qELghm{K;hPo;l<=UiUEbQNJ(au6G#KOIBQr*;YE#F6ZD7^ z4C<&(sKe{cscb&7?}n@{MkFjH(_Q8W6-AS?F$%ScCG@CuQfRLuv0&UNE0hZ2)zP3O z{6~|=?r@t3px34#@sL{x%Zvfhr-LO`85kC|-boXXfU;F7H8SNMkUk>_0I00SBA$mz zjnSc_HZ@;JqzM^evkk!17NE$K`M4T`Tdlxjpo3H@huzF>0Tv0BH&tqiNvHtmqXiry zWY(lo_-PM{&?2!YB9jEsDkZ2fMrZ^I-Gf0a1TQrJ5i)KVxLm-X1A7^o!%|WiDm(!S>nOdCLh?wMXs**` z2r58j6YpmNg%bu3;sF6Q*{+gtNhqIR58}5(lU*SoMN|MqlG=n}FJDe30|6(+po<{m z`?NkvNDO4BL>@otGXn?~mH~rCV3E|I=Wdqag_01&Hx!?MVO42JE(;=aLopF`1Pcum z)P+zt0U;b(YRE{$dGSuKT&2a>#6k+0ug3#8T+HGF3=HI5Y_L(gy=s(R&Lv_3It&%I zABvi4QmZg(pM}g2(%521vH=vut_N}xuU1X<64c^I0Px!$A^^AW7Oz0AjPNxijwuMz zIS!Oo!=?bYsV-vI8OeB#GQ?3LeMJm2-6{z9OwcnKfbYN%Sdk#Ks^Mr1CJDN*IW&ua zL&k(9$ZINtoefx9Ce9X0rE^(g5jrU4NlZ>T^bNu5Km)I^+b9GN8U%NVOu1iRSLl5K zu|DSTaAh<>3>0h7Xdw3y=>jf;gz1Yiq*@hZ$dLPupcO|=&M-+0BBHRAJYJVW!{$RE zp{1zUF~o%dX<)BRDMk7fC#vg`P3bf;K~5uahL^;o-QG=z&nlkBX}b4@#C>LpI=A9hPja-S&Nek+)?li zfy@?w-9&IQBv?E~mdZDH#5l5)9$d5aaMVwVf^#cz{@gO7{y4 z5j?PoYeH^-V~VUXgUSb2oe>ez-ChnB^jD2Qc%W7AAt+*6!KVfMJeEsFJn^vI5}-x} zexLw?bhpB2cY#WR&}BpG&?uEtD{^5CCYjxY5t&^YrBQ_@g<)6XQq?4&1Oe83l9VV1 z3IZ4i9t@ku$KXKDQyW3du0R-|V2LIO(5*qDGYaaHBFGo3m8lefk^3niRxV}oxH>V- zZIq$;ZX2E>1?xdk14ATy8g#Zn6`N=gseAxY2ztmQ90xppAa2LHV`ecO6%LzXG=?SM zj&Ya*fjtrg!Y7Ft&58ywY813in}8?))R=GzGE1Nix;bW=)nc=14Fo7)TLWPel8Lk! zQ39#Jq}AX}Y_C*lAp?U1GgV2G7z0?kI?9THbP>k_Z={%HLMLAhav%Y3V}@4%fnI)XbBkE zK!eDEJ_jl|xD0P9L!pCaG#l^|nPNJVjzR)RDaLO=!;VSuGf}A~&?qy6EKtkxN-e2M zl+8_yn3-n32n6YnXa!|)%lrnT1_Y@zLc|iYQI>!X@Gnvzs8^A#2D`->fFtoafFK(c zBr9U6d=YS1Aw8-L;Ohi$54=yXYv77Qdc+9=1b#7xM{+T^I;91+ zb_!2p1Eo(60L|Dyh@|5{Qb;OPib-q?T?$5(ftQ<26gkt43qtcek)sh9H8P=yKmf@` zZI}x3CuXeyOsiRnve3zdm{UTNlBq_&Sj5(H@p>$jb8L2zO3foiB{JBvJSe}!NEF2& z6X&rhtrnp;DA31ZR?nYCWeW~ZB#OjJPXur^C^Oqe!G%Bw0@*!6f2gz3(9!3lghDJ( zm?nZGTR;pHzf8U$0##s%ng(n%VV_xx=6Xb7iPNG3r~;mXB7kzM&jyG(oeJagxa|s$ z%qQgO%`|DMGelC_U4AXx(mpFl1HczW0Ss=5VtHm2L8V7|^~yhj;eNN+i8C-%zzm_a z`#^72#!zpgjOixX_>o=p6)=-;^3rJ6#}s1eG#^6VhZV98h;D^j?xv=d0`lS*pk= zMqC`kwe#>*F{_P0QlQ9GIvYf2f!x<#0g20{Z;1qFy`Ku8r6FhDAax{zwZn{1Et>| z22>_Zt_y*#utg4JBr3X8i*w?*9E?~C8n1q;&k0u2T_F0 zWT0rROyB~ugIB@{3L;V#3GyZil_&;c>AtWQuA3R3>QzDWEnVw^UTj#8dyYOIwMez#o2M0i<-p7{48^fJ0Te$J;o{jr0}@6s+*GV7 zECNhOp|=8#Dga7(z&2x)fSRV)r64M>S_RO= zfR;s!Cqnxi7EpC^$aPLBjRVbcphn6eiTKD-QDYJh&+i98H?)?AMp*$V#~=tSe>y8% zu~dSM92jaVqS}yrR7FAsvtSw^81Wv16S(@_S$eDro==@ zGBT7h7-Zsq&j7%GV0Z`x&fK8Y+86$>t4m>t9BRT zM28~4Fo68mtg1?Kw|v&X;&RTabwA4rzq*S~XR}Sy*d_ONwb_z=ckE*l;p(998~+7m z?wQZugeun28FliuzIu7`#w~1v>>B^^n6R(qmxj8#+sw7y&yKzuIOFKbUzjPnSKYrj z^6IcA{KsQh15xJJuEg9L#Wy#7xkdbsA&}vU7hasO3*ND8aBatm|M(O#LY#g`Z9&p7 zRH)B*yr5S1VgKj!!-y&QLaXVd?=s3Mr!A@%>gDhoTzxvkBc z|Bh{~{&^^;PSKR3m228Q{+e-cw50Bvr2m=xbePw)uK!+=AwpBs@~c~ymREmZwD{7Z z)}Ef**2bqd7uD2(#+S4Qyn@DgVk3fW9y{9SM<>?$lK~~ zXaRvk)t!AiPJI1XRetATa9Ut$tBUL%7e4clJ8#fGcP()-EW^t*^$LES5hF8?e5>sH z;_8Mue0{@Lx@({Ar~f8x9b%T#P@y)_y^WBwtoP57%tCG$toVkxWzBGNJ#%J1+MS$F zx9Z%P*jAd^ss23qE#3s31B1Tz&mG#l4svL5|IcTDEUo{`i3W?m{QQ2T`|!_Qegsp4 zl^-QV4ta0o_QhO&`NPET>%8+e|N1tcAS7=RAD;N-%VW=`qScr#L&wiQH-v5cbY|Jy z?rh(J7hQ^P8rL6RpC!t49)D8MHf0G`@@s!ceLHJuWx=?{8}+U9`xYmM{x)8BCr#ke zGk<@3x$MW%3TC^3CCV%7Pj~(OCN8EE8%ZB{rP@Y zqZ_k}##Rf~UyScL_Oolj{k*T-`H z(WK(Y-Zz}n*$K1e{;s~Co)lhw?aF3jTlR_}v(7CfjanD|St2iRoNhx3SIy6CKX{ny z-oa#2!LyvEonqYirD9{%A?y2RE8I^Wt-Jr^+@h9q`#wv#azHwCM*O?s2Rsj#p8L40 zYfnLEIMl1`@&V_&OG~!;-aUGwD064Lo1rH>dAZ}rjiOOSK5`#$b7ZtTMew|tOJscc2f39J^ZA$y`WzLt!eftFueq2zN zvix-R(>>kC=12;x$9SF0hh4Rcd#1;c#*NwcYUI8V$EVKeHMVR=_LTd-d!7F)Gw;i3 z$(IW6laF3C+Pgn(MUOR(k!Yr5?b+_@D)IB8iQi5iUQ)K!@VZ2jAFX$|UfH*%RSDr8 zqjP!DhOD1ele*Txcm;mSMj6Wfyn!fh6}?*?LT+!5mz+3d-{mN?(@d(U0{DEU{88Hl=ZXo#cdlJD>Rl&X?kM%W&)-ypG74%{>@gd}i4|g7NXj zUwyvxmi*{GvT)yANm5_V)c4odu`W9%&3_ki9z1)DI@WM`wYp$znfk!E@6+aQ5e?g{ z+>vsmO>)vzQ)X`2j?t&LF6t}$ad~>1{sT@=tX;T!TjKQXXSUrb1N&jSvgK6suT_Pm zS5`@-FD{SEetce

    • z;%Q;zBZLSHeU;wQt-7{#IGvu@c`j_w=?!5_Nw$8yizy#Db+@GTBZ_4YDl$2VwBB~1 z*w!9)Zy&KztcUezxUYp(4c4A)HAp>L9B!%YKA-ogS8^_@;x%EYbrmqKwdRG|^r8T& zu^sO0o3g3#pshg1{gt}daUnMNh5@ALrj&kjf#>lBX{Bg<#+m1o%-Ei@{vtL394lXe zgfQe(Cke?UTI!K_jPbjaUWRoj(b`i`6G42qUbtgzay|NX)a=UhvdJm^AB-uE0 zpuZ9xa+n=}#mWdz70>|edp+WIA>QIwP!?*Jh?3gGPHbxyi2sFl0j-C1@wAcMJw=3c zemnHD0V*cno4JntY(@wXM~@OSve)KM3f{F_!D5O_s>fX zpZ#rHtL_#yojZTt^K)v{G{2~{D=6d^P&g7c1?nDd4;N)U96!d?fV?_Jc=4*&Jcqtr zd&s!EPg`4xX&26$0(u~h?cezcM~7IC>(`Y;*5|{#?W37D4B{X>7-K z(K|yVofUyEcM(ZN&}BxSz#fTb@6YK~usZ2pas#lv35MUN91td_Qa(V~&CCo5uUo=v zSjA7YU>X(C1j%$saurtD0ZJdPDw7Xy5m*7kJyAMNCdftj%(0H*^`5m=-Y6T+N(if?>}@@73guoxxE?>+#8AF@+wA8tH+1x>=PH##1{{(+AESG%?JIX5 ztT0GpdVbp>Pcr&eocH7`6Z2*+g8#ry;h}GnOU0IcuH^snt;`r}^*aF{#Y#Vw4dcq1 zP@5KGQSxgJr18^D@=9&w8!6LaR1wC8kKu?3Xy;Q^S=~G4;`>uP(e!YTnJ#_T)@PNB zoT&)0wZEUXINu!ATpF|4)L_K-%=8DF#ZN=(?r9)5qBpW=Wsr&{^7(aTXflbH!hTs> zS%QyI2M<~E6_o*|rXs9?_S-{4>^To1H~iNFL!}W~npXiODx(f~ObX^ljfO+M5tHnE z4feg#s8nwu_{Q2oETjQWo>jh5ryTA`E@1g`eawM^jy2_dR0DQleXEy!_W95@n0zfz z8AtR^Lg-Xo$yYY;VlIxdahF;sXO{#cMSvycuR}8$k^SbE(`gRj6P+V4vpcw2Jm}VV zDsB|?sDy3fMSN1yR{A_iUzUHtmA0YafaV_#PRr=kBi|ws{xYNz!?`f>c!k@xlIWWHG)#o9Sk~qE^^2kjBfF zfQUB}%#+tUV*1A3*9~kF>7mUnuHHf)UXiVBTxOar_ACx~YfWj{MNL<1=Gc#o4xyh^ zfCx*)u^%90Kr?I0(gZhdg!VDEp?J_W9Ga2B889mZUA%%0qL2_;7`jzM^Go*hI zB__{|4z_z4zD8+aX7*n5Wb**Mb|TLqxnifjlDGc(X%m9+tB3Z}wq`b`DYBRFfgvMZ zlsw|*3120GSQnT}3qVwBLYiPbsYx^3tBEY+05rpPFV3N35tFHjs`+?U;(svu8h~9m z{xhBk-j?IVaN%u=- z6^&)l#Ccsiog;A(`8R%K z#F+NvXE}i}k%T5|QZNFm$niUTo=3INUV-VUsXpQpPfh}2a6M*_JQ_vilVbV#>rp2g zjJFEe{z{26HBQ5qE*;K4$dcOngoEOELAbI)>>sWn?_tYczx>T_e-?o-vJVbt9e%Hc z#nGC5vlCF6r6d;?wz=oa@=8sb9xHlgdPC`TDA%y3w_>wKZ)@mTqm$h6{E7GQG*?o^ z1du%ee^4nDMb)l&;dm71JYglqL@3L(OuK7Rhjt9?RmE&v9DVxcKPyx1LUF&}L}^x* zd7Io1-EeluHS_`qyb#V&d2SK>tQE6;jCR0^AA53(&QXc0a|Qeq3Ivh|2ft`xT-yE! zo5g8-+sn)M8J7R)7k!LT{4be#^O)t_g9Guxn^U)$VCTnjT;I$P#m_)GAN3hq14Lrb`PPZdCKnT2?w|-2yv&#AcbjAAb zz*tjA|Bvg>7!RPX76vvaAUt^e7Q44&j6Tf_CM$Mb>?(wP>qw>a7tXSASLrTGK`)!> zn8+H`ol*~z#U^2IDZez;x#n0cWOCQDrB1hRC1KZCl|j_uvqe4@fM;9W6U4O=op10- zK<*i?((`*7PJqMwjge5(>^u|f>FMVQ97kW^3i`gZ(K&#(oBgkGXQ)Pt2j*_@4y{5M z6qK_W07bGyeDmRP&Hpz`h2{HCSOmnY z-g`kIEVM)-f?vPHkmTHO^p1b;41EPLf2jK8Y85k#r;lr41*>94lnnq{%SrVw!2RZ7mI+pel&iV+tb$oBwsig@%jy^^Bmy^L zM_K(kL{MdL&{Fe!!PhIzi5Y~CRZxc+T{QY8XZ%`B)L3O0JcYExihx=KkqklD+ zjGV2TBXQ9ohJxfSn9sxPER~63!tLT)>vjuDT;qqmnCBAP&m$TU3UeR$N8@+U6NnI= z@mEhOKUAd>(tWAtEhH0@LlFWKbpY!H)aSHU63yLY>^P<)`kTwBXw=HjN5eSy?1P*~ z_0(Bb-F`IIs?@Xr&!yb9MG*Dd*Rdaey~%meTgD|w^FtTp^&OjmMaU@)BT))3N6G&J zHwMKlNVpc%3$1h}zt3$qpRkB~Qpuk@9oVSS-nvdnNixo`JHmWMb7tPg*Pd&kz>1GG zl;5s){nLcEv2Wq}&;}+ONzO!OTcwuWx%fRp2W!xQ>pZ|sayH`eqKYH$K6*H*{1fex z6Q}d*3*jc~ILU_C_uJ)mmRz^eRCC1D@=!Q4+pV}<>(djsLnCvr4!v*Cy1o~K7)Tr=y z?Ffy{lKgZ2`w!Jj;V_k!#&7k=@G-o-@5ZDb|1I*uXT$aW9-%Tx1LK3EUbd!hB31aV zKyRyhE5-y)Kr@tMWY5n2OADYdjsDJI3Y?}u8=?pP(_obj-UG*Z<-gpy8BG8->5>OqJE37aPsPG#<#7d&@Nr`g{0vf?S8Fu;Q16&0|N-f`8 zf?3V(%Kj8Cd_Brp~dio_(xht`3S)-ZAN#ap(edgilKN9Hh)fER~|^tltrIm>Hl%_ zkoC>;hBx-qhzv3%{LJBDb@_HV!sYb*&}mNy3zj`Aw3~YS-suED{H*18m_;hPn?27y zJUr^0B%2$i0EYbF(|5sGyW})cgK6(he^07~fr}u_^~8G9Wsu1BliICI%7h|DOosC` zDs}>Rq5ll@)8EevLNZvp(UDOdcYjB)P<7~U$4uS{zwd+!3$Ff}49`gXsvGI=U+pV= zuAxWYQup>6|5gP1;j`?3vC8cavy#1s!Y|BV*nJASXfd=MP4L-^p{-uXy&M-TP#&2z zY;ENSU4_eg9_a@t{NSJZ5;Sr9v)1R&hNiF9#ojQdca*gDoK7YgB4V;HUwn8aeiQeu?>pQ^^IbIf}H7ExZfa~T$ zAm3uMP}7;g@beVki+%<~5n~mOcnNI*t#FW-^?{zAM065X10DIX^e}tk@z{sxW7iDZ z`u>p0s|m$HLk+l03p6&Rr-hZ{H+ziuSs2H=?BMcTf$n7bf~g=A2Si5>f@|NUHVcG4=1oI7-VzD)@i=ph&lM)4tt`T7vqap5e5!MC*a^z z);9`TKOxjR8P23)DQT``t?1e)Wi{%1fG}8gp2ISk2ww8(BQ=SIa)-lsyq zidvd~!Pb<-f7Nje{Eh9PZ)0rt;BZjNA9CuY_ZvUx+%eY^;FDIU9y%Bf^XQgEKLVqj6_SsW)}R^Z-YnH$>{W4L_Rh&QZOYdvu` zPT|N|X*mj6@{nI}#Z~E55eQXQ*{xTl?1mvM>tR;`z=W$|#@0_4 z-vT;QXzHb_QR|nRcSNKOgjD~|nfL5*k6>~5h{Gwk2FoWfF$P>^@xo#=q#=S6oE zk~PLH!!C~;SYnZ7>Au<=rr^)jf9*3##P>U`UJx~8^tfzg_K&izm~3nKYMdGZ@zH#= zSS$-j4P+7w3Se;+kGo?vRimL2~jtE8FnFMw6{p@+YGa(fH&J32oISA%p$o=%w% z-$)pkcve#fBH}J`67Az$ic?#0MgPk9!ax$)0Qa3vSTA;G_k+-f=f2OsBj+(rzxzN! z<4Cyg(VH9DJ^tCWI`YlmCRRseVIs`|M_UDi>h6_>m77~swf(Zr^{TLMfogQe)X-6wJH zg|shF**m>NGf$`52*PGKU)~a1465#e+e{nkVvAl$+^?bo2@d6Bm&bq~E!4*d3;A6)C?ogP7KGQqDrG& z0Xl=w4m2Fc1&ZW_Pe+VOWcNm}j`Y%F4$6+nL0W2BZ zap=X3s#5$d&_#$m00W%@_jdva>{773orE|%ovu2a;pMllusfpYWOV|A)yL-q@WH~FlNh(!kre5%_@DAi-Syga_&f!MdI)xl1;PU-XO~Oe_ z(RK$JWEI^IJOT!jiZL}mr|dwhgEpW;M3)yogFmB3EL5k$$|8&q>h|HeUP+KC4%^#*E)T1VNCo0qE~^*CDM`Hi-C z$q(WGm$QYnQ=W=k@8h8tVlYpe8fyDVYp9^;0Nt`kDT9;C+c@(32P$H|Ts3iXxrivC zu4p4O1jQ2)S%7QVY?Y`=GGSthUGeW9Va+qpT0bXsAl=posh&%fI{G)hQaAl!q=7x@ zGWUtpZ2UW~MS|kkMq>TAvt@pt|M~x${C{gKiHG{5u@GB7{zq4I9}e&e#&^ z`97fXR#h56IRFISgLydZBrF(mY*ck@Ui0b8d#By9hf%A?Q6?B-4<=NNLM0ZTrhYNV z_hM7T-^gZ7(Gnp6khhOb6eOnRU3PT}2^1chBHcK%J_+LFlP`$=tG^={Q4{|?AZVXV z*Ru~4SdAh{H$%`~3;uHJRAW@Gc+BP+^|)={uE+>c-jGxvOvpts3+OgjB0lP~Tui$a z4#Rru9${MnBUGq3Pl<@v;Pl^jJcNCbu3sOPf4RxQxEAv>e`Ah`0kc>f+FcAf#UC4- zM%E||)`RMh{K@co1g<(`oJTWn`^VB9#(iY2$aD6l3O;=?M8yo>o~X9^$!lF%Qe1xV zS-`)B* z&yk2987&MFJFahuC(A5(K7uj>=Leaxq6cp__Z`U-dSB-f8&#-BfXEfCdj7kM-Je)y zDiXi4=9>Lys~LwJR>&3zp8)3nx}vAvbZ`5=yQ2XfPv}U`Y*+B#ZP3;19-k^{E_@75 zWTlr!??Z}kc}%Ge;8C-ZBKWUKU@sKA1^-X&W-LN;Q8U67$cp}ZA<7@S_P6>R)3KBqCCF`g z3>6dcj4ED3CT}1b59rv9+TQvLy6N{FRip8pi?x@>I}58dbUH5Lx4?b{_*)eJI5yYQ zjIPsYn@Xw6Q2r)IjD68TC@L1~9XGTCzlZvSDpK~~YYn$npbME(h@o#KzSYQn9m$iaU`oN}g;w;8I*IdnVJ_EDD!kS2@h+1{ z@GHhGx?67xF=3I{Dvo=~dJ*9qP6{~Xp7u}VdsCLlq5V-EIy%yq2`2%uKjyGf4n1Uk zR@}s}lF#!Z4>vZzj1$hZ)8`l}5LurQ<_4fpb%=HoyaBCHWpG>pmKm(Y;q43;=P@#J z!l9BgQWxi|B=nR(zQt1+j~hno1kv$FD}ei!IhyT#o@HjcTS88|dAmJCF%P|ZBkhN& z3oIDrnQe2xB6ONMRBkwe!=#`Km-?&|_Zylbe#WUvQybTGQh9tnC8H?scTQM5&Q6xH z29Y;DO7+Da(viP-5qIiM>qxOm^es5)Fj+uzhkObk7$E@NUrlb$tL5l9aglw=XFn(* z+L$0Lg%*_Pk;_krTZA;?t&!5)o@$bH0gIk)(pzrJ_1n2#X`IyzDV%^%# zDx8`;KTkmtz|Dy2iQ%@S46#VzEZ_?f1i=sLqu%uzPO4Huf~wg#7w;UJ?axOjNaVO` z6;*8B^BKHt*8@dnL0qb35Nn_bwF@vHd5kBYydiF3=+(bDe$@B;VuUUqbPaN+YBn#o zX^1^gl^C{I1zFb{1)3_KFDuAIlZWTjpN;GvuGTpuz2%wCZC*OIR>M!D7?ucja>DM^ z$r!2oy|7vwJG%-7wAvmFSKuSh{v)403T+_re0-Yz6&R!F4;s70h3&B-^cgo_Y;KT; z)Ci8Wmti0>ehA@+)gw=!*TdIcV6{*~j6YcUc1&qNkST1{i4EJf=k;qVDrxL+q}-no zxsj7sI^qXN%Hq=1j|XKByt1a2)%n2`;|SOTV>M5$%ro`Kn{h; zS?)R2u--fKj6bs*ZPr-GacJsWu`eXj8sr89mCJfG;K?&~3wzO69t<6tB;v%FBy*X@ zs|86o7pbd3{`KRb=P~z*L|8?ggv@OjTXZogzn`M#``0yprsUu?6Vml?D>ZSD?om^E zSyaHe=JF=6iAW#S2NApyI@$G;$QXK+MA^4~O0AD@k!gpJ3+b^f5ze^4jqA zBGkI=(?l8Y>EW3G(yrTSlgDMjD~mE<`1r=5{=DY^=yYg#CBlsnldMp@O?5+iOpCOW zHwt3MJEL)UOQ7*pR#w~G)zzrv4+X2D^;1+8snkoge;t+}ohmEKdnv+A71~&Sh16_l z`8>nd_FbCjPCo*LolnUs0T=K; z@)WAof3&3jmKntFsQ*uPzbH4kcd5XTDBNlGBT3Ka6NB*H=m+9a!9=CDN5XGOpiDXA zB+Uckj0PBN?$x)wzl|hASZ4c588o3EkhqtE3B32EJZ)r^=1;$!^jGdAp zGpp&rCm*7FXR{wn4G|Mp@}5&KU8_OHNIxfDK%5us6^~nG#`!q zh`W(7HX0mRtJUY|M%b|5Xk$K`=`oY09JsvV{mACEb5FF@pq8`Uea_MNusK`joyL#h z%gZh$epszxmerV{@FBJL07_L0nEO2p1RR#l^3|oI8*ntO;n|#?U}gZSe_>?y&A1tj zrC6Qg>f0hGYs-rwLL#KbCNezh_1(3G0q-yYJPr^6?ko&GXpH=WVKQ@V%@Q1&W5`o<_)Sj7=0RhNz4YZu} z&6l;8)P4y@XwN@9WOalJ6v!yJV(B$Hiu%(;cm;5_I`WG+C6A({B|!1q@e&URWkgZT zaR+;CC%})Hw|)Hz0Tj+-fzDj) zF$QMq!RIC+I^L#tI;c`ZQU7raz<=OqXpYhI*_6=lBNq025skCJUJV@GK!wx*l6?e= zbwLYOSDBse3Mvde&1l!lVt70`cz8}>_-g-dVpJy_*QSf84T;e(L+9hw?5-plv;Ss! zx>WiRuLvOH3w5%cbv9{=RZCXhb7!Y zAF#QO#=42Qdl-MbQdVfAQ?=A&dB_VAIKtK)+&GFHGvcVUCy)20ck2kIrvrR&98 zuI=a}o5{wK$inq!vcA-Ue~G5q1CUd956V#48Qp@|zGpY0aU!9{@7&y|9;B2?1&vDL z8Y0M%vy_BkC2@679~`yxu8{u5PXpGdT`zE7zBEEg*CPI z3(31^d=*Z`doT2>XC$vZ|K4uZjR(@3kQ8+vOOF7>8_qS=EjeBe2mR$TV|d!|9cv>) zXyl|Af|K6XGd@)?KwO&{-A)aN`m@+{tZNcqs6ThNY}Jo3-VN+vO8X zs;Zm=Ub7W!JT>owuC^3ETtK3lLewardO<`dFvfi>;6!1 zca!Fr2zKYb{68MTLp`qA!!VRtp$v((-PM^ zPS3z$9zR+~Bu0*GDXASb%2?};sZ*b% zI!OOvxmup&OwgSfqoSEOT1!;W?}5!QS$9(UO;-UizmWVP-6UwjP#7wn9VoItHK6p|rF5Q^1Jf)&=~dDFVtZG^WSW#s=*KFy}J zkp~E(tf_lek_?-q@MSs+=4?IKJ%Cp#fGH@vBRbL_A#!<2Psqu_x1L!y_E5^VkKVkN zUUgdPeukvvxt~H2aDY?5-te8s__1oXJ;0FiqPXhj?L$dWt`qtTyhNp!H}AgM zkAdgLd;2VvUOO|FA+Q3@>U9`wUkV>oe_b^-Uo8xBZzX44%xS3p_AbX~t{GkNd3mZ^ z{s0zSrxn^fa>;v;Cf}7ttLfJKN5Re84n&s^&522@nKi(?aU^8=ig?4ON4^9o&0cP4 z+iSB1tgS{a0QnGbB0?ub?Vv{ntzB_bYkg6Jk69b1IV4zu?$*mj1-%k#r z(K$zBwcm7Mmkb9z||>ISBo%ezEE+e#Wv@w5zhMvqL3+%jOs+rk#`ab78!E8L)T5ny}FF% z8K|Rh4FG`vhuO-a`J%uD)|Wjxe2M(jcjsFi&>+v%#pErj)T4_W8hKfyD$1T&gLiiA zUpY8$cbom3aJ}d?NZpNuGwq!q{IE-&g!hS#!$NE9+0c(>C6jgSwYBYknr|Uor{cmP zzO0lgPjcd2DnTAAKB_DJxB4YKloh(mVNHDQoy(+H5Z{|Zaz{&>`x6n67bRDbwAB%U z=hw_L8c(}uVuB}M1(ZQmk`Y;Bb_5-kozh>hourS%z zV;+dATS*p&Jq&7$isNH6?w&La#vLyxOjbIB?msWUIiMFmmYf$k8zS)GYAB_(2SpP* zV^Z5~gpbD5U+s!G#t^8A+ktC=W!BT?$F~KxzN5Lg3k$Q9Hinh6Cr$m=T1Hh5_>9}& zrFpLP&6w@MvetMI@Su_0ev-VMY^d_t(40Wq_Po1>{A1vnA6Dg$`_+m};lYG*%h{He zWmeBC%JpbQ&EW0hkCVg=^Xb;Q-<6lUcbg&};|1lwC1x28ZpC|8&GjXCqZi-pXsmbTC_lqXKb|J>vMh8$ z`is4CR}HiYd)0L zqUL@6&cZ{#?F(}wdS+8XfGhNfa8`uH$uggwYVj_ZLjATARK=-7;laoRBt!6W#v3Z7 zq-FQzPo?#_b*xQS;4OqSaa2Z?R z@?9JMl6NIw*W7X?eClg8XJj{xzX%+b0jlf`PuvZMt&f=!qE!zi@NL1j*#ak++NM!_ zl2*OZV0j%1|I|NK4-I5_%3b>=)AzY>Uf5|xFC<>^QI8!+ z=R|IoVVNZM)SVuv76Orn$=J1*^yXbo78nm7_0Qro>~s+36@+T+>lvfRDS^|I+1 z!X9D1AlI(WGaU|5{Qie4eCD}=ry?VB;7)X88kcFux%zY?ZBA6;;kllB^%OLJ^<9&o ze-9rwV*OZW{@++@7URk8PET0cNW>|fbUOHqJD&wJ>0+xa6%oybup&hcuH%)weB;8B zF@o2Jcq+u`ND(6SY&#;J>qi5Dip9&V|J)YTm`Iz>_5Zms@~fUZ6WUo3^^V4(1~>`n zW%C7^*auJkuh<&@pL*Qr%00;tNM~@t9*b1ho4=n0v#pSMqsp$CL_Z;~e+k0Cz@>JE z-H8|M3?5Vd!J;*EHoA(m%zJVuVmCujFyZw_WFp9<4t1H4#G+cuYWg_bg1FtGO-}@z zF+XS|opALlQbT&Xk{fw08hIvurr7oH@-&Eg-}B)uKw{rp$vM3WzULdFhN+6(7FUC^ zayY(oU<_tQ2$sTi2#%H<1qGNLX&g&xW|GCqJJ(}jIEhjGD{a$c*9e#-dfs9`gAFWP z&$>Uae9iHDanp!!szfnM*}8uiI;FQ<>)plRZx8$>sgDkMNn1a6A-6Vi8G6O~AhzY& zPb>{<#Z~56(u5cfy~aWCG1}-Ci0$Jz|2z;)_EDq%2TL)P$J(zjwCh6_j&zf*OpgJt z`a{!+t^Ub8%0GDQMN7hW^z+^kY}GIppI@v9T&s}+psvWyPL$yiebi*(qU{>qtsP5Z z4HUt@$b|OtirVv(m5h94qI0()*-$Aq=`}1w~f(t1IZ_0n0S@7Q;Se(2&ha zLbb>93aWeH>Ixc?zGlgE2liMp@1P*DzP#IiZTS-I9j~$!jeI^vATO1Ay#$s7{2m>@ z@P2Q7MJtYN`NNuJYF#w1b#uv*=c4k_^AUgEx8EqiD3KK(q-?<)8nlq8gACYsUG_Od zE;)EplsX!G#K1fv*8GH!+Vm=CTI8$)p0>b?#Sx>zSKmem^vxuuk(g|Lh;WBE;k}I- zaj%2#HkHljTS??PM&p5YZ_mpdJ{cBv_}O_kc-)?FqcsgJ7^P@yYm-DLlb-Zarj17l zS(DXRmD9-5ynEuw-o6RtntJP4nW%3mGT{v9jy)P0fCZuxy+=+r9ai9ZIxFj!H+8cq zPnUIbw;Z<>q+%M7s;9_c%54Ow@=r`VXYh)q{=)okv1L$P79;SOLh9j^LaY{$?u*grkIKX zWug!Ev6Qt2y&(uI{_OC{>$Qhgae#CbPQ|40?2bO6V@0U$31Zx z9!oBDqK_SnKO`KF!Iylqee6xV2{!21iHc?QG4)=zhgMC$+e zi)Abo`wGcZFA@8mTLM`z^30ArN77x@RCo-9Q}w_DA6)X0LSSdbb5Uac&$+wx!_nQK zlkOw92dK%K`^<@&k7DPfJ^WSDk{&I3SoB*IEC%*cei%g})b7yKsHQkAM%x9}09$AC zKhB8G5zlQCJpgZ7_sEBKE`-8EG5XJNY0pVkyQW7o3^(r`o}8v5dOk)|TF&iL0DmjU zq)z+SI#3D0*4Cb+BBbckJE^KdakNkBn?n=s`m$bP+7TXW z0yW2V=9E>x4UhJpkFdi-?`kt3?I+vLXa{2>BP#C-`yV{>$wzof3}}2V%P4UqS|pj> zC>%FH*>x8h}g+o=uvJ6|+yTXOj$MlP{7WX_ZS{KG%&aF|G} z_K?Y@+(uW(S7;j<(q{B)j7DAvRx()S0D%IRs_B_Pqog4#^#=9UQ9-TCN`8+CRej0+Z-=~fPxSLEtkyVD^(MgpQ zk(1U%BG)4FatBPS>g&&y2h1#kjfZwruN+BkB~#ndR~{}U4`q}GKU%!)pmY8hL8$Jg z?V$5Awc`N@SDXVq9`Ok6c0`nOo{?j%7fY{*-ONcn=s6cYq4&~vKY;J=E%w33HO|Y* z0*$rE4x~FlJ(@ekg z*UX)tjXa(Xtjy_WAEW=&cy=4S<*I}$7iFEbgx4C64@S-%9}Lfvl}+uak_6^%EELjK<~c$oti z|MW!;L{89G@pJbI@^QTXmUf1?Z|d&wsC{LJkk78{%apVK)2mIK=Lspu>6wzi=6cXl zVb+CwC#A=&3DSc!y+|{{Gx+At=eJiNxAY_k z|Bxj4O5YEmD9?At)suBsA?uaEO@g*Kz1IRllqc%+*%A}y#*T=ppG)we87MQc^($s< z3;gW*`641*G4w;oHcm5gIXSN6`;?u8_6r8Y329K{Ki9X>JwD>pxa~T${=IFVI(z zh+V#a9Lu{mD}VZT(sUNyIa4yzf+Mzx>3?k#5F)lxQ|TrD6^=DX>4{=A^#6C_|M5&@ z$eMF*BcG8x5xM_)#)R~%H=DK9av@e+MK%tPgLf9E%yHN{S&_5@%b`}%_N|0w-|NX& zKlz)DF)stSV-6rc3?J*npI#J_=;ojm9Q~66c7LWsYaFyZnpovsiXtfSH^O?7-uJ*Y zY4;`X4Hcw9vWOFLv|sadNX>a%F_T5 zq3Qy;S9PQhNfUo6i71EYePXeC*)QAj?j1o9h}N3gPLnKFN=d~FbtTZ@?ftHy+)!g#TS%=kR-FR#@Sap4C1wqtMH`NQMQ zz-aH=F&BLRuI@q2%32Xwy61dX(Tm}=c{W5FqkwXh#??~{6IezgYF34#rudf8oBr~` zuzj;**7(QyT7V+&0HNMpti!iy0lSAL`pZHt;is6|Hn2rUYJ|+!QC~sqi5LP8upq@o zh@``Tq3t_fP3@NvJ@rc^JcW!@jOJ&UTusn_U8SLO$%n7_c@IvfYVwgez0aW~+o3Abb>xA@Xzve(R7>cnlEUlB&9mk3eBS=vL?(U{)`l3lBGMf|r7w zl%apkMTt0H?`>@R%LcmmOEcgcii9ww@#n@&s!c$GusHY7l|FFe_Lw>m8uHr7QRe5! zg%gpYg@l>WD3x_<`zDs|bV#$X>+$x`jJ?=jtiy>;JJ@x9x?ZDDI-rP)*ZymmSBN*c zwdtC8C~*0mAJs(s4B8AcMz+(nF+w!91PqHd03w(}+2^4D6uYOqLjt4baK!8f&X)H_ z#NH4`_Ws_2K&>O=`7i!3S7!>i{jgW}&4}LFABCF9%53p|_UQRp)SHV$rrJRvhy3x^ z_wh~I52Ya21tVT0gm;B$TKh}3z{sx^>KJ{vCjM0*ce85oBgf3xtvT&L`Nxw?E~`_9 zEIl`&tjN_R=Kxem4{gtcy*G^;Ph*(P$_ob-?|z?SzpRbbj(g3}B_wZ~!XYBoN>TU~ z`*1Z^jrOOgRebV&ZLqFK7i6)$A zQsUbqL1 zyN_t(;3&ds#v|~OCKNp4Wym@1klZvsXe1#Ws6Ov{zh51l?eU@I!ZJ_9ZPpZQ zQ&ux7l$3j+Qj##By{dD#=mU%j+nl<W`bEmu%Fkl*zFi*2W6I9Lfj&d09>D3 z&>6PlGw{vIT|h0yX)8~(gcu=KtiV@G=kUoV;l|CKI`HwA>&w{oIw-*fp!BfXp)8Q} zX`lq=D%*o6HkrYbc>8j&BJZB`z-xn~J`*{7f#5kxrAx$u@2hLkbF8HiN7QOS_3$>O z_t=y57;~9+X;dTnZM$hhn!Tpnnx-;3?(f)W4&T#vZ$Ey592xdJV5))s$RhNPz z8g}_}-ego1ZtqVvts&mOJkjhe>I06;C=6MAZiWUaNM!dy@dgJyEzpz^Z*;?C%sKH{ zFjF09arDjtK7O_nLbiX&Kj4f`xBE#LZVrsXA&A8Yjt2AMUGziQ5b&-|pn(F|!+a~t z!_JPdM07L7p^%D*BcqCMWfeM_Uc(Xbt(?d*wX~Wh9k?lbxGMwSb@IlYlY75Ce>r~~ zx-Y$2CE{_=kbMkph-b}D=o4tQr6ywN>yF9HRwQvIq%quSpjY4a)$n~d)b$Z1NHQ0< z;2U=xdj_#IkQVw^OpNazayFixQdJ;lLQ|Hf45F zpSmpD!UTGK>#w@lmR6wZJ7JLmT(ztkiie)OSdU+VTYy&*2GK1kowA=64#9=K57#kq z52OrUQgy}tTieH^bLN(aNGR%wb9}; ztpSs@qkPjin?2CK4KT8=4#Y>`5jSipFueVK)QgImrY+8!JBi42nV}D;``^fW51^*H zcW=}}5h;R*^xgynq$r(;h@c1vA}B2?AV}{Wq9RR7=m-j-3W|XAP6UC_r1uV?x0uip zQuY_#_dWOg?{{YI{mwmi<~wum>=`Cu@9g!gXRp21Q+~f^eIK&9j02N~)6!~7$5gJ0 zkqojLbFL3_zb4p!O<84WSS(Fyuy8i76EdAl%_+dqF}*I1g~-XtRp3Movaa`1r}bi- zdslxhpUt=iuK2;W5jwe@)Ls)ED@#@LoS@0(fv>e7d#@;gcpMBTy#Oqi&&cM3<_}JU zWT2p=oQjW3U8FRkGIW@ zMc}5_oXS2m24|O|S!x31NT2#a>0Oif&mQlxya!$cU20x@TB_9DArN=N^3K<{U9B*mH{pYBF5MYr1W&${lP-#wSvN{+Ai}W=5W}n!EidYDp{W2| zIj_GVPB|dwu-*w6fFD(_{`3u2aOQUAb>7&%581H>g(~>{+Fd`kY}!D8uiJjaQ#*=o z*e>&y;K0alrX+b%8M$C+9@uh09KC)9w5_itu$)PdpV6wuVX<3L0&5>e8xmF zqHkxAs70XW!Mfqv?1KH3{1?EFKF##dLN=&-=5cDPkGJnqfj1ftDW$LJ*6vjf?9Qy; z0`^d(mY|vAAYWYULO>paqYXXF1>7KCM>hDAwrqe)0_qncVq+xY?4PM%mesTq5 z_JQ~?5a%pi7*vKV^I~Z5(}lZC1naXr%8RLo!TnRDCdWw#TfY}71`gPxsoFR+`01Tw zqPU)$AU=!XUTdczx|z1I zS4H&lHG6s;D9|0erFfn>=feuirKwRmm+w~HOBfy*G5S3 z1tH;WEOq=>O7vJRJ4CmR<3_vaKGeh2kz5IhGz+MTJB=X?)*z?H5m4++$U_YgoHLD@ zRKRf}g-TuA$j?_tDL2KV$zL`$K7|(14v$^d)At-4QlK_u%`XPrDLiq zuk>3(dx7h&WqfI>y+=l9ocjAq>Q9dbX|F;@1Yi2qA7`TSZwf1ce;Nsat8i^8A%Q{? z#QO@_ES_E+Hk+i(SegbM_G{M*ZqS@u{+3pkf6;?+|8fn`?@PRot0)^kR{CQX(h3JI ztn*HMdp+bg7j|0cboNR%`b1cmxzhyU*zgGy(?(y{r&iWi?|pJUT>!C>!8% zfKb~qe2HXK|FcBhgCe%_CO7UW8CmuETDoC3w14tyOSh25z=RG=IWN8l(=ia>v(zvc zLf_n^iDWqli5dtVX6^;G0Owb=yc7_{079BERy^C_q>Y#G7IU~yyPE0>9AO&31ltqa zN*BNxL_)4gz=+>}lmTl1K@aC0@by^NrLm+51vD9e@Ne5%KR+&Ld%v5-w-F*Im_xEI^Ye;l*f@6{KK=Fp5u|fI_c?Dth03@5^KcyK2 z_F4B_0)AfVdVhX_+YR4qWjGJyT$;8Xhmmjwc~PHJFpv>$e)yk;iTmvHg)od5%qV0{ z6jHI14SsV%2s}5piw8t`iP-owlu zYWrU8W#Y@1zWSk5JIZ>MF;=`|qos_5;OBL7a z+M8)xTufHoT31eTK=aK}I_?IHUr$HDvJ=X|P&Pm$~BZ#0GXz zP3VTzbrm?lq_YP`tkYJk2iN_Nr!}&>Y5D9j6^~K8a(F@-=1XAoakJ^J0DbRX{V_` zwnTdiL2Dy6c51}vtY;*GwEhD;A@UoXICI=hsU2)j;~Lv(SrdIjH>7E}T!Ccbzapsq zt?BR>0uS2t%+iD-T$&<4gcqy#4g6mEv!O}HV3I8k>DwH=4$BXI<<3oTi9uzn2$fFx z&_44!YXOXA@9IA62=^-RBrWK^5^fzL1tYSIcFJuM`OGB&;jF4ei^*)DY}P$+ zsZsWovp{HDS6KaXc;uWCJ;#sS-?EmOCaCo4R;DDs_Px(k^cE?*WhEu4{uz-g{VlPV z*^!rAcXsxa8vZos2;Mjr$Q^thtFroo*4F5qW_!rVrN%#@TGwoSCY%Jn-k&g<9D6?a zW^DX=xgI#PSUw~81&XQBlS4j!_i>XKyvA}e7a2;Uy38#@W4_b>dhn+|6mSpluOf2g z^+J>~3z0&+K)*Zy?Y3^csP@)8shB-(j>F8vkfTSg75ce~mnY2qZi8Fi44 z^V<;PUue|_%t+OQR^&jiYJyBd)vU~Mg z>qt8R@1cO7JI3X6a3^c>am#U8L2wAy$ZnaRmjACZpkY+2%w1Hhpxc0U4DAj*slz-7 z_&ma_zFqnLR|#oDH?t%COiUSVn^~_Va}VY{VdgFCDlK_V@bKEW2ana80U}Bo3`j0mkp4KkCS7h?K1$mt zSi!s2r+=F?alzec*k4J5Bq+pN{UL>|if+W6U%TeHkLR^MPKgKXrh!X_PUNynUQ3%d zEd7=h?|(0LGSobnl&#K|$E#6+k3mpSQ;b{%@hg@$AJL1Bj8)-YvxjwunMS?h9YSvi zLPy-`Dk7KdEJWbSp*Ze^*T0Cy%X%KeUHB40)wb~P*6@G7Jklz}XaLw#ah!a>wlFfh`!dF^F~H}CHch5A>k12h zPRP~?p?eiR6g}sfhd3YnhNmO{Fa>iTO3KG@1&DS|j7STDQn!{~`L)`NaBkWnwZX&; zOs4|rRto-1;L0VIAQm;MZO#n_@)nd>i*>=Lwa{Z=**7TAe^;7xnSIWVYbvB3AG-5d zR`u;Zd8|)X9DPwpb=(MR0sdS9!2U~6QlvUnbdde?$k45S^g5d{{-V+PxK`&@uoVKHT&qUf)K+#)Dfwv}{~?2XDFoEP$_q=Jv4Q%dn*pK{~JY63A@Jg#=R$M;(+&7QqJ_Zc#!-nNc( zGIT)SN;-Q*RpNC4jm0iHP5aGmj`kbFL~ga9OGJTS)82W>A4Kb@@{}Wp3;f<~eCxZ1 zRy(uR#k2RA*`uQmFbC)Ho`hQViY-Or(+?BJ7y4|@P--o!dpjY(ux|H;3-$ZSFB4RBvNrewyzTNq4uWEqv z^6Z!i0JV@z&8zyP#&tmo)$6w+xY;qr*$z2oRm~%;1}^9_pW9v~ha(}wcRS&UN4(j- z`Lm)>BQt4U01bPjzLm%Gb}{L590+Ox!I`288U^>Hw+r=CBGh(XtPVj*?H;=~FDdPk zAa8i2y^o7gVi8sW+PE2bVWXtJp}^q!@VLdk4N^PNJ>ySjGe#6}^zR(m2wO;0a6r<; zCLL#9zeJ3LUYi(sKdWugE4@Ci2#kwSnr^Nhp+b&fsiNv=n$`O-BE`4n)de-saR#QQ z7T&Cirhz><3fhGa9oarot0fNjLkd>l??2ZB<&g&&;kPa6i>n8!E8D2b6@wMDG`#Z> z!TW*ISKF*=#%w(-rze2~*0tY6R~PHim_8>-@>)nq97L+@Ipcrz=2Dw0TxfgaPU!;Q zTPtY>Bn@=I}^S0iRBGOnHO9ECZWawB;o16~DCRj4-u0d4Bbs{T(bsRP1QV~&j z0E8h34#2DAHp<($WzJ}=;UYq2_NmP%x@H7;Zgj;j03L+jNCR%qB9Mg%Qrhyzs=Dri zQp4Wfz?GN0tj<3#anYTRAERM0f^Wu5r0v!|q$z(Qj9gfCj7$)j?CbNknKNM+kv>@W z*}D>MK_{XB67MNhWLohB->9WGt`6BM;cyh&`%rZx`J{lSG&T58j0}3MjP_o(#dEpF zDn?mad-BNtZ~(aDKUYRD@~57&ZA0PWo0fN1 zX87&fme9~ZCx5EuANVh>*iMYJI+|Ibnb>HRW7EKg23x7? zK!=osTGyju3JQqR7M<|$xpVFs%L^wj*5G%~EQL4e5FzP25K(4!FV;?svxEm>omUJ? zlw%w4AQV#{W;AB9wM$^jL-~uD#aFbZfuo^8DVrLDoO(9|?*iP0mv1kg9f*OffpHfB$Fk%=u@TkNEeons1dr2*8=}A;v6i_hPi%vz4^Xn>o#M zT`Y7#nK_ROk|*zR%_r}U>~&*ngEpC6LkTnP#2AZ}-~koj<5MneVaJd$nu|i8tj?z7 zggxs_+0&rhG~nSChJO+LF47#?SFMs+?`?H=yV%=2(*i_H3e~8QE-x|79#AHI>{`6R zQ^@KEI$`FOJhaqDuOrmaf>k^k(o3Wb=!v~QyYC**s{r^5Sflh5y7LMc7J?NK3#z2S zjW%sY?r(QDP0oYuHjKq2YnUPwEW6i1K?gNM z_QOjU108|-ju>e_$ygyEHrFZ~|x0R&Rg0^r4WNIYkKZRO_#yYiC{ zQO@m4q;5a+{rS#Rv!X821rAOBJf*{TF7kv@kIHhCmh8ySypmIYcgq9SQ* zN3|R+mP)klKI}g_VhNZ-I)RZoj>opo@^alP4zI=m3@w6Ww|m~V`LS$zs1}XEQ)+FS zE3Yxak43L4W)ooY7W8(}tJiV)46!vgQmh*2To7?WO3p%luC8a~wM}cwuru6v)wBBCW_gP;Vvm2$oku<8_Ljkli@6Wk!zPo%;5~G5xf4)q-UtjCc*n(n>*zeXd?Z;xOb60#0a9sL zRB-9~(Y|sz0eInhNQD`-72+J}Hv>?Okf25mY?<*I( zbRW%px9$WdhE*VE_gxWvbhg}jHck87#;}Kv?JqvaFd}+rgi(Hx^&4JF&X+K7?y_TK zV9B;S*WDhT?A$F8degm{DxMr#I*Y<&}eu%#*=i$6kfbo*J-X8a1 zQb0W*2jK7#vGk@3*fMIVX{nh`E+B})gD^lCAfW~v>V1ug;)=j;H1yamj%+7t@~#Kj z_u>>uo80Vk&-o{u>oU0gK+!5e*Hwo{_}|nivT0T)Fo#r@g_v zAj@Ga)>?rx|AvHx0{dha*l99r7j}!ZK(>2K_xyi5Zd5aGuMS3oEn2oDvNF*F1eHRP z??yrG$lcCejJ;S0MOXUu(NNn2DemMKn{PkSduQM1>d3Enfs@fKlDnpP^wT+Z{Pon? z7f-caX|&!A%h}po$#b@cKD3+t#V3piTY00a9lRUoI|?L{2i{lGb5nG51U zNVu?q4eWrzXEs>aJ*JAieWr?~ez6;+mAyjQLbsUpMgH7zso!v1c=(7GOd8W|fAD?f zr?q(v41MYK&-?tn#-#4Moo!7PyiLcM@(CKE7ZYC_y}`tZ&|Slslg4N$#BQs-d;PgC z;76#wh?F)ny<})gq0iBTx&}ph+Te!@BJC9*)N2S=lQt*y76`|MVSa%Q&NsN8zMG@0 ztN63Fh^Yf0%r(H}nTmVU^|=7YDZqJQP1$>Q#-=qF`KHwQ(HmwXk0IVoao9z_;^8Ih zSQ%+HRhYx zF80@Y&VJz9X88PJMW+4*yHz4v#LX|p%6RY*dx=$Xl>;|(0Cf;r6~K&)DdNK zPTFQ*pBFSN@JNYtQuMT91r65ZZ;pO(I?KJ6FTy1t%i{9ARXct-41ImG!+L_%oUqw+ zkn%Rh(J}Mdw9P_h@2e%-g|VsxJ}&!y-tcu()(wTW*N?6ZT$G+_>CCxj`tr)TCv!p~ zeX(vFS9&VjdMV@JL2o}7M$tKJ4Umcc3!k}~wpsMmQxYy|-chVFqCJnnP(<9=q88q_AFivw@L-Ks`|Z`=49_C&8oFA` z6P*l;Qdz8INgNR|a3Re#Uhk+uLx+I)kN>VZK%QX=5Mme7zLPup=U+~wLpUP#lOZSe zVx_Wo8*9$CnqF9C-M*X0{TzRWL~m2<<8(B`;&j*U`weo=7-mb79AWKZIXPGFxE{N@ zkqOe>{4KpS4u;(ShQ3HETvhP&w`RY4z7XiwZ@cC`=SSM{&+d6_wp01itu}tRWq3FhLQk|mqd=HXLQ89j$}$Xj?vax{Fw*Oud-}KX zJt=Q&_PuYI5{^FC9C-d#B1UgI1mVn}Yg&0DJJ=2+ciY-&y`h`>agDT0LeZZGS1Ii- z1D}q0ufY!_-~#9%OcJQ9X|1%;ftwxZ19gk{P$#}QbEBT*8)=0Jj+}?KCZ*}t?nvO_ zNEJsZtrt(UDjjy(WtD>_hG*3auhm&izmeVQxQe|@Z-nzz)8ok5H4OXI=YlJu+C z$JA>>XIEknV1E#mEgO*hMmsYJ6B2Ve#pN{R%6B2jeq2o44JA@m8rpYxQD4yg2!48! zY9t7przGv7qJzb~^LJFAdC#!08|&NyrTjUy(W?~^h0 zYH58p^Nt(k3D}+ zF_o{p7)}PLd0SDp#(w$MdV!{*`>>+Mr)eigTURYC>wXZq978H*F;xDgds=}mQa)h& zOh3yYBxa4p;pT2{;l}V)u*rgc(23EvCvUe-E`0Jjf)%fc;659tI)Pt$wjcosS3gbv z*5SnWSWnnNJ_Z!Wv)0_#$d82Kd`*b1S$my|A9X|` zVRYLAvb-F^Y@e6^i+#H9{gZyGzIdyN;T@;mlTfD1Hc4A=I4e9&$Nae|6f(Y12?}+I zkX354Uixic`GSl56Z(5P@p|9RyL9ziK3Vtve_hGuN(N! z=*Zvt&z{^-3i)hRp~KAXS?Rg@C$sGO>J><4zSf883c|NQf>~+5Tvx3=P9w&GRum%n z>l|&Gp@6{$#xL+&uQe#Qt-oAIC{w2NEH^W;m?G780*aqW7_Oes{Fg?8 z^Yl&sU4qT&?HqC=f3BAeBK6Wti|Wkcc+`wuZ3bOYo}eu~EBC`U$nf8w!DP<3z|3m)1BT>O@{tSlEf8_9}IGhDIayM_&|Dy{z(*OMPfHioy zz4D`f9)DL1U_&8)cjPU{KchpxCd7XY5~v*>?B+zHYqj-+`?%P(p1>4yQso7d+xHt!`_) zzL(7E;P!T_Asr{UEePi6R~0L98CZeuHdp=j6WbY0K-wYi@NqbS$SBjGYhuEKq+JvSr_z(jxc~^61xkV(qYC z0mF6f!SfW{QW(5}T2@bvCjq+&{eq->${!r1N?OByLZVD~AaZ2yQw~_AmCSs*c*4vr zxapR@&g)O&H(gvAeN7;A!}Mb1o`)R>OYPy(W)qmy!^NnU3ps~=wjVyz$$R%a{KC7L zE9VnbbKge!@W)rsui)3oB}md+%^?Q^?(Aoc+QUxxz&Mu!{Dz zF=HR2hTEr?e2LofH-@D04K;3PQnWgMc&o!R^z&|G{5{H6Iwp!*F)9K7yXTpA?{KjE zZ@WQE(>bq+z_Y)P(8Aq)!z}Oxw5f^2AjzkghxC{tjs{IlLG8yEFaLNf%g@hD zx083VF6R0Lw2o6jU^k^-!7Kbtz@bl;l+2nANoxYo)&(Yeb)hH9$J>VS2^b8S zJMnMb0u>qX0|?gIruaCixbRfTXr6x zr6tE@k`ouPT%GJwNG!5TWj45VphQ89SZg5{U3a@QUO+nmy zQZW84^IcCbeelcylW}$1>BKN26@uVC>({V6< znb2niZYm%3kH~!FZS_0Y*pw!P54@&lSKL0D`O=}B(X1V3H+Z|ofa%YW;vC6!=&&He zJCbW4`)p3&?#tQ%-=}W)V=gsuW_Hf%g?VUsY>1Ahgx<;+;sJTD^=Gr=?DB5iwJ^{d zK%UbXK2ua`d~o;on9JasN6o3b;CUourZ%MP<~E~Jmd5#dK;?b+V11P+Y9QB zpZ={S$$b#{fb%d1A=tdW(`Ux*`jLSkYed(BIJ&u-IvSV2IT7c+*S5(MlkYMd?z&gQqS_EuVW zeFvEy0G|LhLmVtYl%_(k_a;T5mtvf*sJv*L*Uu|xnCudsLcnK5R5ncv4$+I^x??zp zB%eyNFAXJJn=zHa^zYllUZ$Z7n-;lx2#wi9*DzFP9noiV=Cdc>bto#vW4C&`_BAUV z>y*qbA3EaDaHW>1HD5py;;qn!0EM+GBQ^7bgtqw=_hK5IW=_waDT5gM`&65AAO25W zl7v(Q(|l-m7V;xs87&kapsc%MY$v0lK!V%%lG>=?>dr00~iYaZ~gM=0G z<%R}HTXP@fey4f}hBbF1O_<3duD$t$TR6R7(LV_xnRuIg!FiWXI5c%buytPqYA*Da z{J5xRV<5beL)!1w^>}J^&iySdgs>YIv-xI`bu;e8;O*#-*)YJmrFaMi+(!}rJ`6MvW{G%esw%L8{FbjY0kIdg6H+pICG zy&@Xj)VVUn-ZG7)1;6&GwObv+Hre zmmM?MIJ1&r?~yr$2jF^(JbA^X;c#k+E}oT*y-ev{x4&rkh|Qe?8+Jk}(Y)`C=pt3} zD{|L#UlEi@61~)$Ku%j>jBc$|3XvMC#{SsQTv|@WX9FkTjx9HG)?n8;yjxO!s9K(t zwuW7xbQE`Z>?6g%YhzmQ%_S2@#tj{TKs1h)MQ10#Y@IDEnSV6CDLAy;Jq@9rW`^pS z+Op4ro-<}u$kD6oNOIh)ZcQSh$d&cv6Wl)>y=cDO7TAAObQW%UK8}vdOeYazdAV1zc_WWF&MB@EMe^;T%%V%`k#%5H8 zinJ&crg9nzFEsv9ZsH*<)Z_mf6rzM75L6518n_@(F1187JQD5t%k&8FjLekRGUJqMqbuaDd=6b&#Ma(H5LpniFz@Mb~i;-he2i>t1p8*Hh1WPsa!IeT&9^asW>y3QqI;i~3t z*I(|<(^(dP&6&->($jJoEWFp^2qu?Ij@uuXRQlw z3Tnn3G_xcXugdtkhL;YPm0URcV|3iixvP>AA+UDzDn#ffPs7JMpnM76g<#+Gyhd3p z=NElt#-upuicy{~wo?PX&z(e%#gwV`S$--@bO#CGZskk)Q#~sA@ZMM=Kj1}1bV8~0 zAxHlEU?MB9}`@g+!3shwtFd1@eoB`d?FEo+yaK@ z$KLZ&d`iJOKeas-cK0ItKi#|`zQ@(f-r&k!VMe9G&qqX#OZsYv`r5{x~ z&zBd?kmljP)vL-!hie*gI!o-IMkxmT)v6=K->n8#jXWCu3pVJgeOPj1P9#@`iF)Jd05DjETx;>0&LpYIbDUk!P0^r&UF!zJ#q0 zrVUynHVPKVv7Le0`{W7u(MypROLc>caHnAf1J|!QqauAa~pyf_ceYYQHzksoBL4Fs{^Khxk^axPV=V7?uS{{ zuLDwhfoF-+sadxAsLt#?Gv71W95%Z_%Pg6`W)gxdm1l#^>GQT#N$v!tAm!l)@fO!v z8mjkg31V!Qq2&BLwm;@s!$*~B8|dU0eeDXajO6#>9<4&> zH800?P8Cv3d3Yp_C~=AbsFIR-M~-fnH45g$oy7vLwheA)$Y6W+RJH)#HQeR0~C7Xo>r9-26Tc7df&A;(z$k>M&Pk*8r}Q|D&5QHb|?9$nYmPMC(Gth1`8`Q zhBpMK_rXt(=qcdp)?F&!ZsCST`zVwY#&S3S6;K~1B8z2M)N1j}gQRud1=dv}e%UN! zySR4!#qtA;fuz|*lD%c;?P{gD6K86wE95h$bR_T*h(oSTNg2xTPl6$(W9c(4-UQ8- zYi5t6E7Z_kn~z7pNLZwZto$Pxi(kZS8Q<$~ORnS17hF{Nx|UiTy|bI#>9dpNE*NJ{ zG-WrbB$az|m>PB0xcqhE%?{nUC+jz*ufcX}70+ros!4!F$}Ce+sZX-T zlEbCyNCUEr!uw$4BJw@sop(bv(frGH7U!S;-70MlIp?E)JDx)fZUQ~#ymhAKZy`^U zi|G(agExFkIU-|7VmSSq-M_d1zn)vsw*76Faz}ji=SgqTdDJH_Qmt+-+n!{y`qk)nsZLqf$hgh1BU^#cYBPm1TfIk0uTE29dkV=k(FA@_}#7?5) zBdG;Im{{jvz`UMlD<6e6Lf`j4+1!~cYpU#1Tm4FoDQ-|MSWsVeG|qUEW(H0dTBV(^WV2QHtv{z2bLmk1ob`5 zPxIwn^tHhjbcUg3pB8xj7Ea%B<3bDiiLr0RZ_U8*Fow(I@;qimH7Q{FV}}N_u{B-{CWPJkG`T{ek@;yoSTYfjjIa1jCIrnjR0P^{hJiL`KLVJ$#ZD1Qk{hfLrIt4 zFLU+A{d@It)-DtJ7rmN$bHndSEy=MhE=n2q z!iePDJAKdASwBPz&ZIS3$dVG>$l!vAeosK~_gFi#cIptPw{hPykOMZ1hMaD&Y(X7)_NO7L0tGAf9ho{6#- zon(ob<`gM47C5K&(&3Pe{6|Gi=L4AMA%MkUqwy}O2V~>AJD-YZ^ocjHJ%ohx={C0oM-gd|dX=B5Rn z7xchk^=PI#$sNceK^9*HfEg^^64L^U5rhrs%f)^Rd|{!XFXa|LY-MSH(s!0&Ckv5#e+$}^^jSe_H}qI#vl z(p`LKKuO)|>d~KQ`0I){p0U;sX${1$59fWk>Y9Vld!}@5#{Qm$a`@m!`>}J2!K|uh z`B6P*s>k#6en5MS@&e9k%-DUaLa;mzJ4v7Ha`;=xJc!_^G`#~jOFeTak7yW4JJZQ$ zB6ju9Qe*E?#AsTe=iF%c0jRS{2SCOtmXDHtTZQ!x#*B5Vhx-$LVW+ipmy^*GIpCx) z0k145B>gWRjXV?)Oq))!iUx52VK15`BKhNuT2l)dgDCf${ zR|sw9g$SLJ6g96sF;GxWX7+l(_Ugt^-a#&^o(s69uS8nMy4qRzlTr|XD$qLg`dT9r zs(x=Gz(7TP40*{kejVaZN?V7FGWBB!u9LWYxv5sO#@y|Ai!%;KpbyN{OKq_r<%G9y zbRReTM<&~UmP$ta&IgFQymi@4qoGpY+piTp39F$~&7bDxn7t}JO5=~wFs}TnJ4-MA zjVqX6G5CdW@sYJd#G8#ip`Usau2s2}A2dujZPfnq&+peJrW`Tti8txM42!mVmdFr> zy|zUanfy=PC&p9No~HHWdc0&x5}h}l_>#C;GnrebP%jok=FJKJH{s1?ywB$Sxs!7Y z{^Qu6YM*;YM3xJ-#1QcPN*Yp|B@Soz$|wHVIQ`R%<+#aa>2m>HOV!OGhFk3kk2UN( zV4WKLS-ls@oW_R#iPQN11?Jy>n!8x2n{N$Gbx1Sg^vyk2pj@bN-o(7}Ky<5wT`TKZ zu%HO~FKSuWk=P^RVZ+r-js?DZWZIO38i{c23@L@%)r>e77@MTeb$wW{(C=BU%1y7F z=x*7sw{hmk9C)dUma?ToAzyK(bYl`dSSw0Gz4W~dZHU*EV6j&PCc?HI6M7au^iFey zWzSM@+G_8VJB@B>luJ!@qra>z;!XyC!)OJ3lzMFjNY~yQn{rA@?W^W^t!k~ z;n--(THe3acJ*_T`d|pTvb4^d8dTrSmzTk0*8Nn!%g^|-HfzUUKO=qrg zD%NeqzvTr;&Er9c1_Cu)^dh;HhMCQ#9VgV7E+~B-TsUl8cs1uHTIL%~S-`T8PP3!t zh3e~1N`p#1ZIegGXLdmOeku+@bd42}N=4OauJ~;6V|X|>#R|v?WV_9Y9|mG!A~Mqz z)d&zz(O`t4h-&Abx@Fc$zA0+DO&n8TIO4f2o}E0?t{_3uNVRr-_V2FmsJ|8<#>s-$ zO#%J+0J z3|bTl@+S>35LatOU3&>E`9hLY?<{{!xV0Mrn-2an6YWOq_=XeqcSD( zZ=Jx*Ldb=dNQZzCR{aJdB*kh^Q2~*};plNpVc_v6@2vf#BpDqx5=Gx)9@-alW4VPt ziPeb4apg|i6ZlsSuO+fap{G+CrrU$s(;B*L1P!t+t#!Xve(R3FOj?~S;pU~A(KY%c zGVIRK#Qq!-8>KMvrBVIPoSn~venz|EL+Qhi$fItK&s^kO4C2N#mC*wR&Z-jD^qI3h zS%>e?FlL#*m}i$Pi;n1+#&x?kcl!?2lhr)Q@9udm3ub zG(W=jfnxN^gEJpSqbqjLdxr64V{*7|bS*NU7Qum`2uNSMKbdS18)@Eqt&eO|Tl{!H zHD>xl&YT_)igf{D zZO85!*VlYGWK5f}6O_*VW0wi^Uh?If~r>zBC|Qu=mN zQ~hBYcYYbV!zsk%qs0IZJ0!9fDs*SA`l6@<;cNYqlQ599-AGG2yha+<>&!0B=?JTh z;|;r85=KDE&XS&zcBku;=3d|j3WC4JOivVz5d@KYoW5~219bfzyEjQjS?b$TTbHA^jZzpBCiWI?Z@Y*nAf^Fu+B z4xg>p0||$CKIFnnN%#6Y`>wlKaWx~m60XHG!5P`f#gLIQ27!Wi4HQc3+T!t6QCiP6Tk8F4VG87YmV9*GU4>aYyt6^rwgcb-xD1!LMmY!0hmz41(R z%#DZpGy-bqSp6$BH$+&eZb%k5279qgs>&+O}6LFN8VKsi{(hFGM*whGPe(F1DH1)rph*Y*7WUtiPoD? z&9`M3rXLQ_PlH$pKtb|FSi{0F!#2(GN)m@9m+A>LZhMREJe4f zXl$YBeLy>;w}HM$S2 zfCtBcUKpc$vf+M(u@biii&)7T#t?iN2e=^p4uq-BvaTZQ`hwh5b}|KMsai9zF+qY2 ztE^f0K&(7gu}N&Ea4re$iW?T4*Xn{ZJ0f~z0{X5jgt;%bn?1{uu1w7HVrWOwOJDbk zyJM`bunf*i(ja2P8j}S?rN>P4f(+xS`Pug@93 z_TXE1$Qpci%T52R;}IZH4B*{q@Qfad+jN=Y9qqT4|9t6vP1uLg&d@9U@ebFY9(!N+ zZ?yn^?-pLrd3f&}Qm-D^$7_cGiN*YRh(Ruh{JD@m`%sBo=Cap618&BG=JEtzAGXISmBl8(D;0M40EyQd~}6JdF?r_#Fy6vG4#?!z{IKD*=Dx6LB~ zgSYn>mF-|wQIEYS%|(S3cZ|a^0|xd#^wttj zfU|0^)MN1W6VKG3_x0DM+l-Z8L`kuGQ?>FabZCix+FpW`2j5NEsn9cfQ3F-G%b)oH zWWa&N?mJ!9+jNhq1#9AwS2|LCsZqtdhr%<}QX$El(#uK8Rcbr2TVD^0p?I!|->A~1 z*{s#5!oAfwi`!FGYs7AEd`C?OC%fa$v);nF3$I}2(W&9T?bgF zt<%1dkU)f<+=X3HB0b+}vOp|QrguG+h{oi)1Q>JBqjtI33O=tiN^Z%lG^DeuT^zy= zAmD-risD&LX=J?FKAG9Hy%v7LEKX*A(Z+ln1V**CRe_%UGSZ_@$iMPh(?v74LD^&u z7#BqNoFIQU5=zxE&bo<}U}g^)H}$1JeNjH?6|H~@<1Zn?Ud3MJ$FVTuC?H;c_%3lj zy|MjqSNF#?D>B!B|Gw|8fH909DInxGmrcqF$k{cv6G@&)oR;ajNuPgldreC33KM(T7;j`4grNAN}EqG(2FOQ*;_K6dy8=&m6CqT zka|4Z-dcQC-J4rw(Uk%6sG+)JdS zU?af`hB&kASDb~H*IqURd&}linW3aBI^dbB4A-RyeUmY5@b{q(h_2kk>L9Gk=S&y! zaYR_{86QHI^meIQvm@RVJ3xM^DMO~M9ihkau=H!N$cKqLXQCenNmuDhProG>@gt&% zb%T8DNy=%*v)x|0nJg8XzfqoIgt=~4$C1hsCE19`oU|;(Leu#!?e&RnlJ~UD#pi0y zg_*25O$ATfVUl&IY2O9D)DpILhK-th#*!b8kXu4>H{K6*Y757QvT15>^xZKvjpshe zK7!Tb@jL3f4%InDO+r^SGofF$b>-g7PscC8B{aGOYcfrG?^mny4I+5yFEU5oijA+FDdcu{yuJ^B#R2c;6WqgsUk?x*94nN(`M0e) zk270V0#-Bx_6_ij{x0r}LLqfJt`eb0xucxqgQ9QlfSxuSea>Y2RFd-?{CqYZda^&{R{oUTgqvA{Z;O!o)JP63`01eKwTWa}f*kTsIPwUGWun31q z9ZSS62KM*vR1e`QOh75+yB#Remkv+{9UJ#6SA;Bz@WevNYwt-Gb4Zwt<)?U&~ zWQ<=oUUL?={LuDh`RH`_am%h?5MUpd%i*QCN?PMa$~oZ*o*K@tV2SEJwnLB9#ptYYLq|)}#eCj6 zULgTU$|K3@EtOPi`{5Mji*k~5C3d07AUtY7eT)gJ9r^!;jX1aUU#fWW@Mxco^MdCjqiTWUa@J#onduf?EZ==K=4_cFnZrs5i_Ik1} z2o}LobF?T;rs>E*jEYKa@5Zdvne>|X#Dr%cCxsr9wFQ!GyYRUpH1gWI)aPjzHDu48 zUNHT^i-UJ?;@~_X^VhGxy2$pI4cq$QvI~DVhurz|`C;L0&l_m;LR9^3`*!0;WYY`r zBbquMiJap#XHN#}$wRDQ$7fpa|3Nl&{y{d`gVis4!K5a*GB}U+@eLDmbS%8!NBjXz zkUV+k%;)#{gYCWB2t{COdZZOwGniZnrttPfu_Uy;vUJI)&}tI?7?kFRUtwkgBA1qISkKO&Vb^zGVs;Y@)A(ayDTh{M8HwM zIDww~dX@p?llp1y+jN7PHMFKcCE)yk!}u@c(q-tkPMt-oMfL^NOz0hxF0`g*n5_TR zkehl4=|9<{ggNR3uoI&fJn_TvN4Y~|&aYx#QpyQwdcBgogH!E4C1krTHf#Q_4y}{A zJTK6^9J}15qvU>3bi1|`;yHI3RtvLYS#;>l(1LI9sX_+u51@HPIR&RD7&-00wyos6wOvZ@papxE> za6AHVCrOg5r9FKmNZ0m;B2YUAW*xdVtX@&Rr1o493nre6%g?(*Od(s~=;ypA#0p)A zi#bPbOxd;^<8ZGh*G6#s9|@BA`(rx)cs&rSoQ{7QNlCDlQ>bfVQTDu3SXFcqa9dTa zac9pX+s^~JEr)*rL;oqe_Wz4{0)ZjdJO36K>Ipt8XT()~i|`?7ZM7~x{%dTSl>bj! zwKp-q*PjI%qVr~F9p2dy?TFoXA6${s6Osx@;fuIU(w?7%-p!7r>qt#C|B&>n64B>O z4?fiZYRMDBmq;0Q8A;+giRNKd(D*Q+2aN43OozkL`A$g!FI>Tb60Tqsfq}Z$ME?9O zeE3JP3oRAd0-fx(=5Y|ZQ>Rrk0S@jkf_i|?s$}2ETGDN_8}0MegHO0r^ix#0nz%707Gcm%Us%B^@{>3Qz7k z*y11GNKV;*Ums&spFL8+3PLbH{DkM==p~zy`RDqS$%e0?EKkpd%;hYAc*@B^ur$hH z`6aYw$8m^QJ&pR0FuhK1#Sn6^?_hHlKheonyFoE*!tKd44Ks)(CH@^M%25JEg3^Ks zvpnlCiOH=NLJyMO%D4ALZF1NdSNDh7!Ui<9bKhJL=TIzP0N4Hw zOFDI>e5W9n$q|?wLVX3xKH~?K!Q~Ag{N#sba!zrhd6Fq5)($9{9 z{Se>!?qb*zOScQ+A-ada$ol9sz!Iu#mIFIJ2=XlP$Bi~RSRM}QEXzMW#v zqmNA;|31vXD;K6h)_UZJpu))a-^iD5%7~(F^{%X=>|!5{y$e226szYJNc;X;upGNa zd2y39Z1YuyBM77n7Zsn){0;bEvmSb~A@;oR=Zz3*qi79X*G-FVg8TjZt#84yf|Ebj zJ)ckWzWY);v!V4T2Y7x1yt^m8la3-jc>?xCW2*1186sCMON;yDEcSwRj=&5AWD6J0%nA04jQnrT z1pJNMT_?c!B=iiannKF#s*l3I9MvSJs!u$hp7)u;=7)FvZ9|UQ;0LT_;sJCz4{-9| zZSlOvIOQb3Zw@nRf)RxQW@c z|Ms`mftL^PQ|Xz#yrFJufv=%-l#!aGVnz;6`q5*ocJ=NCS5}Kcr~q3lRMdQ zy8Xc5bmEa<>05xpC2LH%fX%2nMPq2OE~A_gW`c`EbJw?-iH zxuaoEm!aoRGf=O}oLx3(=IpSFfygglMea}WZ|Tp&1LbT9pRUeZoeGT(k4+=@5||d- zn4c-F`*G@JVIF#pKkpPRUmF^l$_j0XTt0C737NX`2<;HoQp_49)2A>8iG#2k`usdD zKSkwBCQs)cF~>eO<3X5$Ys~Fw;)xM6>|1pK-aTUH#%91iz!s~Wox*3&dJuz3GN4l- zlu8CWKXRPilq;tNG{=9D7I`sQAIYB4`P3MZ2!207sS_ATjvZ z@yL@GirF?~T#mTdpDU6t_lqPJdia)L5U7!Yf|`!Fgt^%`7HNrIPf8DbjPnuo^xqB$ zzl0l{crF}fYu@rI=>0D9*b!~nL+Im74~Q3d@+P{h8d3CsA9wxg`?Ib5FV8HrcqbY^ zKivY!k;>o65yu)15(*>owtCAXv{+al*yPFXvN=ov?q;InKepXD>7SA8oTXUFbSKe7~=fepvaVjX3YM zHmjWb+2T()u*3xyVSO*gs<-MG$a9MOF?iZJ(JfdEIrBwwvFnvCYc29IrlVY2)E`5J zG>DOSS}gw-wfcLbkfS`2m(2spsce#J9>!+raj5|b_c%NkuBzeRoV@d7$mhCuFf8Pi zop27osd&;Q9pDDkh>64Zu6;T}u9Z~UViGRiYo?xr zydCs;dq)|pR5n$j3g^7T9A?Octvk-sJi{n|pA|Z(d>!pIIdBdQ+h59yRQ_~c={QKf zM3-}b>)|k}g+o?X^My`C{!8c#LUL$clhY$h9AQ+)v z;BOm_5A(&}mT?*zu3>CA!lh1(#_Hh6VnyDWj|;qn`D$1Bner&KC{tOMk8uw`Jc#{DTmuLX;u=BbBHA-7Q|>DdTef_w z3fZVzg&Izoo(7OUrZkKaR|j%WUbnD#NO>^=t$9BRZ?ZIrR2Z-5^oP}T^6<8ktZ(kP zwj(E=O`IF-TVyk?)~9(KwXItbM<{(*nin7kDeDbHe5&*RSIO>OeGFGbk%2 z;-bm5a>|nNpJxINO=FHa*WJkpVn4&K*RC|pmhkYfbv3-8fd{da)XvnjiDVVj;Fpwt z7{~$I_j8pEG}L07xQ8Td@LI?HRgFjnIZxVK?y%wZN0^za98xL$r;-Pys`ooS8@WtV zP@Zx#@dp*~ad{4qS$2Yc=QZFYQy}Np&d#ot(XX9xXa?}^2S$Z%wO83xMxWR!i1F0l zMKQ63F#Y%Y4Fp&6#U$1*bmT zu}kQ;y(eORyD^dP+?w;VA};Qul>+McH^JTUTNT4y{r%(Gv=KxGf+z$cLeQ3v*m>D8 zpwy4M18-{oZNmY3hdvtacBNMMzg9LEP`CwafqNK<-h7~g4^6C}(0Uw!wtO*kQ z1{idUcCd&2`bOLSC+xJU^^vD(B)g1Xou~K&V%Rj&+N4`#w(`~7w#Mg2z0wY}lGbM>g7^NRyu9ouC@)vAtk%yEqqt?Wz(p<~ z0ggP_nR#}&O*}_)X$LDg6Bm#~3r&a4;%S$x`k7LNEIN+RF_EHu8q%L1<)SZs+i~`Q zy9^>0_uI`EyaUS~^Dld7PkA-ogTOQf_aH=W7Ys5+;l>zM7kNJ!9~?xt3bjw%=*~i| z6SY6=7CfOs)aOaJ%sYKNdI704wEUT2EmQf-OX>@AOT_qu*QKh1GB!5Khck|Y=h0B1C*k2Ki{dqWp_5;Ju=qq6wiK^DC9=;>^7tjLT zw9Jke))C7GV3#e$df0zX7B@Qv%MzQ-gW+3l9q7WVZRjPAEX^WJ5bpt$^o%pHfOIEHbiiQKEAHZ4~C=T@WR?QQrG-NgYq&=W%e0!vp2^Bl-*T11~hwSnkQX z--8|2@duQ(MKts^muG7l{4ZFUgR0uN-GEOEF&Bl+H1P_MS2=(oSPmsQA%ej*4&B(< za04c|1qUUbq)@85@IV%TxNdEBis}>C8KK?7_Yw9+ySpnU~<8V~7p-h^KqH`|RT?+tScZ zia~gz1L1fEbU`Hyx{}TOkvX*r;S%qf^z-PznRYYtEjRiPYE(uW-#MvyZ!7M^?DF2B zD~~{UaiDA~U*7MiZLBNSug`c|bX)j(^DCV9#^!w*T58avQc7x_HS%Pssy}sRkb+z#owg%?nQTH=XE%YcpLAI(Hkr~87;Ynu36;C|i`nhVme zebcM{edk3ROKUJ>EpB{@Ic@3a-W}B8!)haN_yd0FIAl1B-v|h$`lYMvYr>ka+1_}a zszJ}FRS1ugk$4C5z%T91iB2U`?crYl2v3X&61v_b8svrFuO6y`$KK5yevOlCtnr<6 zQvL=_4s%)ZN`|N62B|OaNBJPt4ysuR#B@DsVP74zrVYj<(2-tzz9a=OGf-~eqKLl! z(NrvdZ`C}jDlB^*q+7A$qeObLy!$pbr-RNn(EK^;uE>K z(1vNz5T@^Ta1Du0+WTKr?R0msoIt&s1CAayNZ^b^3>uEg9mxT}(Z`j);(xf){(YuxgoPTap8o=R2K=q8%Cxp4k2w2|-Xh5wXUjbz_I2!EC>uR~#lm); ztS?lI;%1_KX!0^xrePV1WXglxWaSMH|I1enKqce>+>0E=eM__Z2dDUZi<4C<34D4t zG;gHxOu2T%FqtuJ=K>2wj$Z8L`;WN4plw2vBM==w4C8Klbt;&n#(OX&CQWPm??o$naGM)ZWjpUILw#OH^+OJBx6Vc0vHp` z$bw0^WRYt>Wv=es7_QiKv^%Iqc|CgJcFef@sofl2QuZB~)pd*FJQP zoH@@uXw^KUb=qEFO1=!j{ss-Xt9888zxtzaJ+seklB&_!c=Y!&^)8d9q%!rTx~6{=aQCn$ z6>$GoL;nlL=nJlk8^sXHmRh46U1?Tf2iRZ^~a=;$J4`scXW@e3FGU z{2bc^scP4NwIp-oxD;@-|HTW--OA+rXwioHVhY|nPU=NeNXEnuf>h7U(<=X{(mywF zSf$^!=MUq9ScNwOY1w)mN|#t4&$oHW1&Ks$gcd~u1)fK-7}}X9Z2Fz)kUd*!;Z$-1 zN!vNLudV2lpY5v1x${Ih?tmr(&!o{2T9Mu%i|bi3+WQyIPBU4aTvxi^tQZsDaOE=( zPBhr%?4{>73(envr_OzoyioR}+rK$H=(|uO=={6Og7o@ZlFPzq!CR82!lAykzKY~O z@SmT@|A2|fi>lA^_#>5|J*mS!$0pY4JoaC%=>d+o{OvhoCnPc z03NxUVXp`!L$2^sK>K0*+?G$=?v*w7Tyk7UG|?*$To4)&TAqm#x(rXUa1z{FOv`dp zFtiu1Ny-6B_+JiHxGoqHc~{?A5VSMs(tFdM^-8sQ{-q9*O5x|dcd04N;)w4%Qf7U5x$*I$>*(9n!kK?#DQyFOLO>au>TiTc&z+@iWfF?p0>-y$uM z=HA7oEs|0fe8Y$Agf2s+>BO4FjJ(o81*~(^9|~B~nyF?GX9xT&s2)pYdLigkT3b^7 z7Bn-cR(&UQd>4HleD|c@3B@V`lVBlE)R*$$D?8qVqzabpX`=qz{i6rHUZ=aa8LSjt zTTu@jbA8-j-3|bK@9wBPd%3mKqmd3)`9B3#`B&WOoUu!`N}ATEeK=7&a363ic~*@S zvPzVmo>xNM-SGGEN9kBy3MhF)B)~o9bRAoE#u9?}OA<}AAvo0FW#h-a9(@N4pUXmZ zAK8Arv$gdZhHxvKS(n>@K_GDdOF}W; zAjBF8O0ojT@wlijN7m7|hF@s(AL1y?&XApx15lA=@V=w3P=w=hmVs7~BV;abVRreRl z4FC~!OQ^KX%QRC24Zq_2Kps19j0|PC`--g@AbNc|E0d?N-k7lHGdjbLf9ODem!fBo zWqs$fsGr-h1}UC_I0aX@@>YBcs_Lfb)n)muK`2(oe>-iOXZOnJ9qx?Bqo&V2ZgQ+z z>wDohT5(p6qkWplS2S5@Xx%=bY}PGauzhsm!M&N_;nBjzV< zI_I&%7NKNZHz?UC$eOnw65|<%11}~xSe~PChbw<L}{=~ktLB4H5$WFdR602{agR@`U|vsZgY{09q*Mt`Gn2Kyal9v@9s2Exwf)FCOGydX zovXrRyeVG|Y55(0uLaUM^N-pZuce0opfR z?VxtiyC_vj;No(m)mYxJO%sQiI)1yxU*-;0zO}7yHcSXlS`fF!@5H356i6g-0YgKi zye_+Z5Vd^Bs)L{n-vFe(F3Dy~N)DLzU!7UtTM*D@+<*e!s55X#O5?Ge)MkL1xc5Qo zanCC+%y4JdwX@#CR=mTvdWtY;SkUDl+d-vAsv<#J=Snl*u0n#bxN;~_#|#6d*VPej zxVdraT3xNnwip4>TuRTy>5F4~3^nujn(b{I&)}d-Q$7XJBFzH2in9@3t22OQZOFjt z3}M~J&d432+A!%3-CnI0|MCfvJl*gk47EQ86J2-^-P4*y=;S8)O!{e>&Fz#Y&ka(y z>dB(pns4dfz$qW!+I%+6Gt?lWjl+L`HV6&S|C+{T5wopMDb)1pzNTF-Vdiun%`4D1 zV+9=neDC*lnOIWpMF8{JZl;L+94GldtnQToK(v z$P&Gd%{gOEPsfw)bz^LQfl{@A%WHivICom0C_9akPDCnaPrA!Xp!04d_ z{K;lBJwX&)WC67UFKGjlHSMvvC+4lgaGm(r8V zcTrz$U~8`My|qa=UTRH;T68_&yYkd6>&)vil{0!W)sNBU8M-YWL6Q24^Ok87gqfXd zO$FOfZ#GwS5vE;~^=0ih|Fj1}7Hi~Z6<2l<2Vcqy27}fgeT3|PAIx8?n@M^{OxZoF zy!o9BwQ7a)m;d?hQ(Iq!r7b20h2I|37xhEyc+$86Jyw>lrJ);(ZPy)pg=?>evj^8t zjnHbeyl!RsSoK)GjO4zdSdQJF!EFF}w=A2Yq-rR2HG)z3$-85#Z|^QU$vE7rUDF>- zc&wjaCxVxVn`Zp3pA}n}_ES-7?D=zGUei3*ZVD11?25f(;(K8O& zHk&KHWfG}E77x}pQ@(g8OL@GdzroBT-yBp}N}=eylA%=i%IRCq9!cD;1B%--lqe?G zN3|O=N$wBDp!-AB(i7&jy5aLJ{3Mr$NYLfMe(hklMEAfSsro|U8~hLNMd~pl34%SqxZ4<|Mi9_Xa|!k2viDPy4^dY=As#%J%YR` z&sHv$69_e^mW?T{DX6GYUsk}bj%bTls;axo<#$J>rtEQA=q(m$_Kti zgnM)_p=>Z55nA{$q`7;`EqRPi_@c!4#ZJ$(z2Ojs*`L=t7pf?Nl2{r=r!;xYI?5+X zFWimIyj}Bc&U>=9<5iNWw<$InqD;hN-=1Kw7}^&$$7GT>ciX%XAPb&&23u&0OjzDF z#B4qrf5psv(_xYslVEtG{nMG!H=hNHif*^a__-V>14p*AORg+bxTr`2!v~AKcNM%I zj93p>D6%c`JXD$9H_Lc1pK~gS%J7?+ih9l2oxkif1r+w|3k6K5|9%-1mo7F@x(_#M z$3Ba4y7|kRL?Iw9es14bz#5-8%~e!1Y6y0bo6%t7r<_I{Q8PP&XyPB8m1Cxf{-a^J z1NP8a^iSxnM#p!uXOYiHoPcNB@w1gxw4il^nX^-fCULf{r{Pj_KLeA4{du!zpP$t% z3PlrO`*TY^t+urT*6)27$2u=o6$y|Pr<-jr#3lV_NgvN_l7(%4AHErQrEoOx zF-hMq{^?8h|3=ILSyfn`sd!SY#Gj4 z17=@Fk5El)2tap;Kd6IbgJu)p=gL@VOZm!I8-kcaxEVkt)IMJ) z7#)qNT(Dde>R}XCDQOrDtUwa0i$_NCavd_sS1j>ZfmBr`_FhAY&J+5d`_YUF-oo*% zNzaDQ=lMI8zQg(|(i6%*MkKSa%XkpN z=cwcgBf!DK(~coL2&-G6DrBi@E=pYk$M-pE3`$MaKf=K1++A-D#%9}>qx=fW;Q>^z z*}dN@IXy<1zA2IK`SK-%GIA_lTm6Fgc-=!rfovy({)m0&kI_Vanj(1$L2)8azdA8n ztln$md>IwXstkGRTjS5EG^E#0tA`8uD=c|xM8EMxI10lsVbd`rgD!rgMhx=8?lo^i zle`Jv!)?V%>t~}-AJ2%kbxD|>6>ofqSY2-#aVif`!umDmV-ny*p3>&69@E0_kZv?E zQCgSxi5lm5K-?QFa7Bg-Q?PrT3p#M5m?-R=-Ro4j$q$u?+Ve@K4&(?rcu%&N0u`y> ze1>^?*IRr#hDin~ZFs`30bHoiS6Hu3aGCB@J{YbZvkXYoy)cjfC7Op%Pd4~<^jBZu zM)gS!+;A?dc`)t2PW=dq_d|j?j=}=e$SqI1n+fWnOU*A%6)q$g>Jy2b*t&EmKhnOi zz$&{l*8Nz_5Skq^_*_c$lN&r}|0yj!RIU3#$N#=}fZR(0T2^Ziq~I zRm3o#%UdsEy*~PUBf11nupf4*eOWy_8Z1|OJM#80bxWh>2+v>B^GP!QN zvkrfdH5s^sM!$^)H|{|Iz14C=uvyaXMuiLTULPu-fiHFM-gVJ; zFJi$oge)v7j4w?5~?+zB}lZ<$i*3<(xw_kI5q zMTU8jXRKBBwv_qc=eWC&kfEr6iPiB-14%ohcV+tPQGDOtx{nlg?I+kaKas9mbFbRL zEvs}aV38s2pQ*es3|1M zQ%vbomZIXz4rDX0b1YNZZoG^`N_(_uyBVGcBX-uE(9wV4Hf!=YSzP~c4j9pO}%xbuIY(%(s*F5xc0pr_ZSwU>D_y!|$WRzLdWC&DVtbtRRoj zt|4zjrggbt8~cyw{nd7b9qO@8I*_V3W$1-^uWQAvi9zu3?R>Qn1{Gh3E+Act3m9<6 z`mC1LY8e;mC-C@;I~IPE*$$$Q!H@Mrm*76ZOwW6q(416Vl!K5=|Z@0CdH0=;?uCn`vvPu*$A=6f>K87oDLHBJ8Bi;Q2CcP|NL~O`u>86kDt4WRnW-VrxM__;hE}zWdJwuF zGx5H4`)dfYRsOzxw{nzDT<)H)B3M7MCTqa~e(af_m{b@HjO`3;&MOUVo`HHt@ms@I zsn<(A2;zvlP?ClYd?AISn`8$NUV4eWbzQ)=6Vb=rR*JQ`@s1r_X5P3J1Xz6J?gf)I zTr4ziATcQC)_PxTb5?As4)fy&+*i6#*ty9f0cEcg(+IN)wgjg*(49Q0e!NV$f!%}3)9}C$wZGaBi*4;-GgZSXkMj&AL`^@x$$0I z42V~Hvg@)~vZwvhGna$F^zsdAh+=|uUBu@AFfK1Z82sE%(6Ry!#vG^P6y6Ykc2T~< zg?(WfA2On|70yXMg6+jSl#rF&r52nL^Ik1Bfl_#n!wzfpH@W6%gFm{T6iH{cYqAQfx*XqMpul zJVwRFq`9YZc7o;*@2sc5e<{bm2draFz{-*KQI%aYkO2IK6wiLk12sZDrL??XNyd>C!76`OJ2BFRQc^(8NCj^4*L6d zNM>@nCdi2v3Fl7`{mdH|$7k{<+?teH9!BymZ(p06oS+D$I3AhG;f`2?JMPphmlKN# zL6F@FOuW+Gt5RT?dQc0T2sBP`A4~5G0Ha?b8^?cRR#Ia@;^unhRL(L%dT`lfw z?8`Zo(IOINE6qSFE+SC~tZDkyCN4W%mRU=ww)A+M{7M&QAyV^tA0ikzHUi$N=zm-f zr31o=I0JcN8|}!CaQ1;Ky|e7f4{?D%>jxIBh+CM3!64<*mR)9vgwWcK)o77=j+r=AIeBb^vyE9+z?Hn8=#y&14 zTZnbeT8!drHA-?7U|&mqe^kXYoe#+@qd0`^XO02aZ#H!0!j;)OwjDW=$m{7uf14j* znY(>iPU{!<=zg1ozfGKHTf@PTwCD0Pdj59Wf~qJGgh3vf`EdP>na?mF^&d=6MJ9qi zL^!l#YPXvnUCu*1suJBm8PV|8?03p%-YJ)au|Sw88RhIalCn)`#k{X4#k}mKcPge} zdz;btOKoUEEy{e^FI}a2*OIm4vNO#R2(d7Q8R{e1;8AJo;@<{sE%-rm;VU!j4cl66)L-K-kiK=vQ+dvc)Jr!q`L=A zO!(sfQ~L~cneDNM6WU@MqL6u6ycki6j@dWF^c-6|%>N#@mdH;Cgc)!$x8G_icGOsohRIV*!tEa^L1Ss5|`0n;P}rM1(i zdGpqFf<3gx?}xKiTfezx(HPL+&leaz-DYaf8YL-eyCf(6V2GKi5_Y?Gf*7!@G9=Oz z$WeMQe#;S<`gF#mZd5C*3vuyuY>C1-Ymqm4KMgpH+o+9_YL-V`JBJz!)E!L?oj1PR z??Xmv;lC9}V!jEou~l!Tuvd+mIet{eMZ~?#uZn7T8}mZ<5cvAI#MRvKo;ozw{Zel!0De-^nB2i(2i3_omG7gF- z7C2g{>-SGTqc&1xt&>#4NjuO;CPke48?q|`+6Lj*#V{o;bH13Sun0WyfkH4dZi4Ao zh9mrk^?B~&NERwOE0qCZ15z`j#oRsFSO~G#3QN_r>NXC^;5@MU0+cl#tW=};(w4Ew z!3(`QOn8@PsvYi3%VxkLqPb7`EmGodPAgOFgvKb-@x$k4Tk&Tt^W}5f`zO`dB?^ zLQ^QGRMxn1>BF6D0ynBZEK+l`(A6kaVqpt2%YaZ5kaTMnFV&oQUvpU%KG?XK6ODY3 z=9cP4z|AaJK4=2i^JM6$vestRSG<>>)9T#_5B#z1=iK!H&21Fy@xj$mu=_ddvThPU z=(9&2!;@=UzL$N%x39b~!LP##$s3d^)qZsAp5K=@R=gGOiQBJw0&S)J$C{AS7>4y| z#62`-VumPk*Ozz#H8F$r{zA+QSWi^eaL;;(GXWz4@4n%6on+In>1kQn(s%f%t;kv! zEkh?1&|iluS5Jhy03`2uKW?(MN350e1Zewdp#m~0MGn_@AIQHwy?s3v%};<(bR6e8 z?np%uRnD+8kZKTnc)C+Rt7e!0}`MB^_6 z&hdHhtz{V8TAD=JkwsP^zHhewV(bFXS3QkaQJ6NH+W(EnqdTNJzyvz4pzP7(!>pJf%#P zasq;`ryWt4)|$9>261YO9&15+MGc~rWa{?XYa}MEt#hIRygTM~C*Msa9xNfWM|4C9 zIa02v11&i`xdra&UN3{qqU&Dwc+*#U;LgNczPf&+YjO`fU8{n@Yr^$I&+-`!m5FFr z{s>Co(-K?sz-`*?bOsWKPYQw`liE|t_nJn#)AL3>j&YptE@)Ylj z#WsS8wzzlxP3m|O3i$^;IRJ&NVauE2Kip3`GI2!`W&2$yMI~Cn>2$`^-m4e7g`^Gl zy1nb$v-PkQ4}>*vGyte9QIvmwmLqiFMQ6gillb-}5X=Gj2oGX5NJD<(GmlVdeb4p! zS;7f%E`aOeUDUCnA*PhGw|L6GlI9-!tfr{8*mEpSs^cH44qe5@ysI$8-@foYl{h@kBgx-Op?^Z96kNSY?@){WgAwkJ~~ci{>tFYrqfc zv5~wPd8P)+3dQgHPd{}+dfeq44&;gZv`BJy3rK(Zl?1-sR)s0OZU0UFl>HA~SP0Iv zQJ+n9=-OFF(R|Xf`j+2iI3P=0$_yxDsVg=vC}3z=RyTrBIKL@%P{lbKJ0?pJDS{VA z9FsGA#1U@v?wn~F`QZRgOc&pxbud*kcKx+*-K3GSZacN)JK#-Oqm%qLW@O~q;3y&C zWA$wC2WrX8mLXLh>KnZ+E^;0oYpcV|OfoZGRi8Os7YQ>Cxjy+eabM)rNibJN8eYKz z8UMLTqo?ir=b6q8U1}-5A+odUUg;+t43{a}Q!;+qFrwjUAXj6ueh(Rtnz-sV4EPE( zK3Tpuf);#Wd6-ki%4~`99@BoKTYHYI406TvoDCb6pg%SpxKpOU#|$?i@vHt|H5||g zO8Z~@YDk>&FT@u*%tH4Dd5zq1zr2p>U?ya_^f_xlaL`F!wBlLKp$V#F{U3F7Uf=BD zFl1pYMs&B(A{b1d2W{|Ev>3gYp>@9tR{mqhvW^?HSyTt;cm8nH@wk}DXz6~VTProZOyI$LHx_w$>Wu`oT5C{=p-d;5g`+@eBRkH%{41h~pLIl`k1vWpjsV z^&Fa&y{nDl9p9@cvKcf3abP;MW)TS#e&;~1YA0WnDZ{lZ516t=4}Ug*V=7 zKq`0wC2FL-2{0}W504Mx4jdiqp^lc!P;M!*Jx|eq*RfGb-ZR{5O*5?p%nv)Ei+!&p zDh@6n@Vxy`a=pL8u^Wj8ZT$ggQXMW;m^$V_bQ@D|N9Z}j02u1s& zk6+0Zo=ao-#}uRk?GHX}lqX0iCU=<6Y|*EN-)mk29?#D;sJf`!m$c>Ze(ctYUECTy zJ@e2qc5!nPy+nYZm}iExz85cNtyGVaF5xdS{B5aq!e*6Lop*6Qwm{QbF);+(Hjv^^`92Ppz=8S|s%)9u%!J8 z(@zqu7rL{ed>x!`J-ByWCJsmvzX6&@L$BSA+wU)lcPsrqTUT(2=uCHInIyqb^9aY(YLK5n0a32ds0-%?{f=~gX^EzRZm&g z1#4{HxfC8JSKZ3(&Ls|mjg5)y)qH$qaM`@)xmeoPWNdlg9Ax1 z-kygMiRzO36%o7GE?Nifge*|tTII95vAPt>MW|f|2-hd$9{HgyAz_;f^Hc}KvWjoU z%u?8ln-Ub&fpOLUs&@)?SqQ$2xL(HA-M{L+Swjr}KrWvJeu_Ue^OZFFoh)$q3@@Z+ zOT!W6QmOm#HV~Qn?h14S>TiwMKW505r2~W{^aLa~WOUuLI-C7@z|3`Bz2xhx|36pg zK|r>ath>Fi)RZm>J2T;z@&vNgha8^N-5eQdrZ@X~`rCYQSad5HNKvn3JmjNduCogL zX-JMHMa;c0ZHX#WAO%Xv{mo1<*;$EWZj)EKPGBA-u>PW*#P1g^^jBs)>S}ZVruU&P zXm(@0L?3ZtJ4E}y>Z>>Z;t$B05H_v(;!i?P5!J*5T#B3+cyss$`uSFlTng8df$Vo` z>trzOP;X_412{^Dqa+O~%B@b}1@o;Mvv%4EGLMc*vyQ&y-5hQ+yVweq6tjcPo#x~? z~^+mtn(s)A5U;%)1qQtlXn3~MP`RaES`*M1dH=Wb>` zalIlowSNn+`Y3aad|tPP>>ql;X*sWM`=3EYBWn83AeVuq$nlzH9`t4mgr!Xp$aoak zj1;nVatNFJQP~~h1_tGU-yAj{ny=D2R1i+E^t-{X3_PD5^y&jKQ~sno-(-|1Jo`JQ zQ$AtQq(gymy_*|m(MqtZKMo(T3&<|fzLk|T&_|Hkd6QQCz9HsAqWx<9c1apZj)&~Z zQB<+l|E<* z++>pARheS1aKd9L7ATyZspHv)SFc+Fkc9Jdy`~rZS~i2Kx7PA>5V|(F!@heJ&%=6WpE+)-R5qy(IM?Q)ODlPIefvUTut%Vd;*qc`qDqd#n72 z)1?GuCpnm7YJ`Tbau)SViiQ1qAlFI}wT$n#DGpA=AJtp0UgdbjYD_h>f9<>S?*_?k z!AxE5-Uwe|1Ye5M=HlNA&y@oJ23csq16Is+D5A~ykp7b3t?xb8ycz`RHE*)}Z)3ko ztGO&UYV*)*klAp|@+G3Y3A5-y=Ziux=35OLEyC7B%G9=p)OKF0%cRUFpH~z2QE^uT z9+|D8oe(!#ECFL}%>1O7VEV^4LWxGI#Sq3KczcWxyd6o|a;KlqA<(N~w?++`U30^- z1{sA_*s#P#BQ4u<6Zrl(Xb2Jg8TLq|kQEq0|Be&(9F`j?E3KE{`Nm$-41Cn!MTSk} zb43#cN)XI(1pKHUrq7`J4GfK3ewe6ZIpw@G$frysv#q0RRGLr(TTO)JRxSLjt{Q|6 zT<)EztG(uheltWZC-v!5J7g1(1M8_%zu86O94l{ay8CBSzQ|Wzg{$~%FHz4vu13+^ zo`^XztGD+|nGyX%24xKQhe|N{M68`Hmdx99r*A}sV5=5DXY+25hrhb}vE^z|+9XCt^ped@FyY7{=mx;Xv1BN7;Tg|67!FrWO18*J&1WOzWlHzqdxTZ@y zLTuYR`BU+rmz@V_UN-GsH$6mu`hb3)P7G5sWl5VligL1nIHZ2mw$IR-c{RO`_IjY^ z)I{ZjYnzErr99|)8nBs3z^D!c%u4zMyq8ZEv?%l@=|9V_X*}WC{EUbO4?2@-u9QT8 zNA##FBlGIGN>O89ZQ_Ec%C#<-Z^IsBs?5pEJnE~&(qTKHF!yPTq;z(#xcs!USb zAxtmwV5i+uS0iON zU0F$_<~!ivwRnDft7+e7W~e-~cRZ+frr78C-8WB>v zRHjDmw@FXB`TKu?4mM+OK)fFoErzb~AW?@3WU?tHj{@r3r8(}0@7oPu*Q{P4jp`S+LI&ePpjzGv}(OixeNs^k6WQB~>>}cAfTM_t1X9 zcQ?l@TKuV9<*@wQbf;gK7I6QmfpcrnIOb%+2z=~{Vl8QyzdTLIDZ?HIGG-)SJwUp) z0Vbu4YlEcDRyRh)#8bO{cRP?W`eFBS0VE)`vfe zw#K!7dq6VBGkR{a+^i@WeGvmuWrsQ`*RN0|4b3o#x=b6T&HtEmo!K3knLn*Ya(gPW zs9mY`RiQEU+vdFYO4oi73-K!)#kJSC7kV{-^cfc6<6(03?-KOy4LAbb{x+&yNpO|u7R&?N+g8MV~{@fPB| zRPLUjepnUx3*g3do~Ma+86DejLT+DZd(D|`5>!d18NYd2g1-8`cu*EG4`h+g9MpFY zH_Lu!e?$hk8(xx)b@BbtR~A7H>5*5j#_QW=Pyja1OR|kka{j`Izqla{ta&q7zw-02l?K~_8Cz0HZt@goI+t_&i zU=rOkz)W4+4my#&Y!@?+F-W4XQzlota4lqT`yDQBumd-DGUjR_WaKWS>G`~S?LiyS zN)&!2Hj{KW@pJ(KnTWCY6rsLh=~-JoFulE^MyvD=y|q<&PDEKI=8bj)qVsu0k1tvk zbll5O#sGDO^DvDWCEsC@WRN%y+r6?dIw!z#UxE?cA{sQ)5RdPzQT%La3lRG#TVHXX z`S(_y*``95#1CMOnGp`39;u~E@Su0{LD?Z9e6eA5fZGUGr>WRK>)TDg3BuN~OCJsW zM(zYrDf8)@5?(frx7Fz`*CL>_tV=U0o4TGVLG0A9a2d|0E`9es^;UhSMArl;kZ-kg z9;bWl)otRWh6J9SOpQj5%i6l3>UuhnYdtX=6qZH9jch2(2xxcv6Z0%?UoWXWM=Odg z>d|H`m3f77><^Wq=+o`;=Ng-YgpuH?^M0v^$Y<>_utVh22cRJim4=r9q$g=ZK>F<& zY=<>d>>B@pdUu!b?KIA=OU$QXhS!nTtDSZXljXgJWLJwZfD*>ysT}( zL6La+4OF&vWbsA_bsrKFb zDwRPyQeB0&++6pY{SUqi+{>EL5#h2f+Y!lyL)Us6Lm4-7fkc1F_&v-7Y-G=CCnL{L zCTJ@Qr~qbt0hAdY?`Cnv1AO&Ac$9p0@@cUhG&+9nqZnSKJOM=OiB*@>bls8ZQW_cv zR}wjV?J43jvY8LMN-@@vR!2iFkz6Ayy$SFrQIrT80jAgFl+c;h9NUZELBj2s%7OJoyL_rb?*jpv=nTk=&rF?Lsz zuS-vQC$ZK>Uek>X*suh)JXRatyHJRFuDCtGCwJxjmXJX)@U$t zn;rK3TFio}t67{~lN`LEe{zlP*{ID1qP#y*5nV?zDcxkjIw!2(Q2F|rD_8G3A{r&R zux5mj!D{I_JU-I~_d^k3h%&Rbk^bxrEa`9>IW~8YmZ!0Y<&V*@t-)JWu3QF4jMR~$ z#7cybsu6lC3`raap&Qof!MpoJR>)vq@BuY5 z(kP7Bd+j93)IkThmiql7wpK}25zd%ZMkSQaj}S&r?Rjk-KL#zSxZNxCt>{w`a&X6? z!tbWYbI`@%x`*&Nn#1?D$JSZ1=t2h88-^E+IRjLo`G6i!oq|({_qPF9U68UYcH*Nf zwttT0S{ei}^fYp1I>-GA_Hl-*p42Z*&3~O$D4gJ^vmLzHBb$EJ{Ban+>R=)Hf$gqY zlt-iNmH5!Thm^Xuk3LC}X&qZWI}L^H+uVMG1Tj9?<@t-n6LuKlznZgc|j*nYgbFJ8*o?kd%RGWAkK@hZB{ zkEQSWhaawIXEouMn?wol31IjSyq(1a3$1Lo&2jn6V-DB79^yVg3@UU=sC>f;-;aYh z(XD-hY{ryrG&yaF30CqqJ2{5pSk|s{6aiqO7c+Sgo)!jVO9~a-m$O-gx&SlhRD=Zc z<_-Rn1|?#Csy4b;Z)KLthQl#QUQwqcI`8OnoeOc+UL@lc_Wf#8=`cdvLl{W}BI63P zR}NySjd?$de=n5cYWzDIDq(=hCufU8T$hKOjUt1P<{VWU|Y3Ut0c?U%-H-@-HtcfBq*`tD~5 zSyJ!59{O7?zQ)l3z_mS2r`X(YS_sq(dYh4|ik!phH-9N8xEYfyVfTL8v&e3vLxgL$ zY4CF;DT8^XM)WzU`p)qytQUfIAsO@H)7ygxdI+F1!vlzTzCie{WmI^x&wl)~NbH3v zs)6;%Pr7kxtN_LgMT*+hyrnGpd1E^4ni{Fy0R5^k-#Qu>>ZfEd+YVl&j3lOL0CEJsK0;7AdW4w84z2br)ZEb_RAaXAvim> z^N>%W>AM)_@G7vB0f7Pyreg(yk8cO-s<@hNqT}u%KwXeXY!Afw4p1}z%EF-#nmxf) zL*3Xd!}Hi9pIve+FWxUFZaQpKP7}bYJj@gn>-=ws&;JpiBjNaF$SEl~goStlyFYa< zy$SGuRHcCT(}aG)(`jqgOT;i){Jy#Z<0oS4%e0&t&53}(rZ*^W98z-gge^bXivNZ& z{T~Iaithom1ZrlD*D-JUj7=xty5aV>Z&c(PB!3Z1o;>-R*dl8tt@#fqOvZKP%KvOj z9(AJlFMdn#4JNPYAf5LmpzrLh$1DM=2*QUaM zGmLT^ezyJtqyvx+-u`3e7mNe{G4mg$k%j+&AvL$&;`%o!X{vJb?LU^qC-AP;zt^|I z243`!t6biqE&lfq%;9C?O`EhIe*R+!YH5aV|9zDa(MjWf z3?c35|E3!)2(ySLHVbHpr}Fg=<{fVVO2!9{j&t~LKUEFes<%ECc7`~44{$MCx{uPX@ywaN zR6z`n9u(yy1w*=*W;YX*+s6mRZprH|JH z7A_Kifg{g0lk5D1&>ol%*Uskv1E~iN&A;9@v2MfN}id~w8P@(K{a!!lzcj- z`YFYXaY|mX`>iWYUxs_VQ_8!|`%$#^iV;*i@trqx?rGnGsUp|$@g{%zeI%v4?;Q8s zd&r{v#$6t`93J=W7T%K>?ynNB9CSWYlle^b2qK0CB+7p${L)>CYW55$mW%yfQk1@|e5EGL?g*&H+V!`IRrc!}z_BhuC#)+3K6f?{Ty-z4X$ zro@lyc+pFrTGYn|NRWZQv77p7M{X?lh?ScU%j{^9)uNJdCTnVDFe+ zUc@o;``@|+|0kXUi#~js5m7F~cbZeTqDLY~aB_L&Dvn{nyPO(TU(sJnsut>$Pi~eA z>L86ZA2m>7KO)|AKI!gZS?lp;V{9IJx4yK^{AisdrPB0cBn(X()6A3 z51it7ZWgu(FfC;I9KI=%U69Mi89#>>$6$7>KyWuReK)krrEphup><=P@y7vpLe>V)`&)z2E!= z9r(d)pd3N#SHvI_YLDVJxqImzxrB){>SZr%9{}k>v<-VGPAe)f<&DuDM66Y+L&gL*1QHy-;S zq$Dh1L`+<(gTcR?T}d8E_o|CB`at*&Wzapzi*Jstv8RkxXjb@W!Ry?5$MZLpD5PCp ze_K!2=czuZQ%{w!qtN-C!rfiTLOam6_w>QiPqHFrxhR7^Kdq@)RVNHr z^VfP{UsNqDgSZ2^^^^xHQMTx^zObhlWHc<@&HOXT%8-BboQ9d|7$rSkHtNSf3yD++ ziS8A-KXnu(q~9h=iCDFVBQRS6Px63H;+5g3F0d;c!A0U^6s+cN`a!bBql=%d@iSf$ z^hM}yLrSn!n29b%dWz+id-C`H)y*0aBg-Toh}bu9<5OD@KN+n&9F2ni!W`;I;7|oj zbH4R@&ojC=`OOv(^enXb)Ie(^fvnj+}-QR zVj19qvH#L*&&{wX^f0b7RE6)sjGE|L=Z#G=cc&NMlCURE7h$z&A~gd3r4cuWoTeMp zkS-QS)R4C^gy)BXG%&mcUj9^^V3@IH{a%@t*D3gGHS;C=U7>LZm z0@n!B4u0$p(qNlBq{7tyxWOs0rJ$qQ6Vv_TWvLl%t>6?$gOaHBnX!wyaA~F4szv$p zXd;(qP!4iC)#T9nRYrG~a-}gR^6DRch!HHaaXUnlfh?fwxEoE-*Kw?1Q2&v6;NsXp z5g^N?RS%jeTxrVA$TdAASX$;xeC#$`K=jB{U(E0udo)#d>L50{Q)OhNVL$OWg+re^ zSvCInA=JK6XIi&barbN%|GJH6Ry_HE4lagmq{ zB7YlZi@0}U;K>#4SnJ!kM|sotn3%KpF;uWM>KoN9`?iqj$^si&9c~?mxn7&>g4Y0B zxGeo?yuQvmO5vxIAG3wcx|}b>OHW3!-DU;ss!p`D)>{~&7RC1Lh=8qA`Em4PpDV`I zustm_S6(vsuT|tD3mvvTbhwzfG}@ymHzOt%_>T>x-Pz5ErU-T7J^abaOU!Z{J;0oV z_sWFpNg+ixrzyJ_|NaIY`#R3gpAR04g$>^?r=UxAbB<2XyCT0c`@=X!O+#aB?X>u$ zHeEDXqje0gq*OCIE6X#?I((9lx*|4avB=a8d?8&r5aSit4b8tRMw9l865w(97c&l7xVRl#+x_bFaJI_5BAZ0TT{%O z_p#d1FQtf+^xK}8cz$j7TEh(OTJ-n~l5gh3=GKMn={2lwjvFksG03vSH)4@T4XN_Y zl_K=-wUnaw&wpgB=Mo!CCI*rN^b53KV{Ym z6`u~^rHo?VaeuK?+OU#eWsdXQ=O_m^!}3-07o9}NX)nZ8=|k}0N}tmq;@9u}K|e62 zSG|8p>9d}>#`{dEIR8P4{iT*Gk(Sm$g-jpsarZm&yGxt+POrM#f@<<5lV&sP{HhPX z5JgW+Cqb*@>FV?{TI#$uHKSU^#7i6ExJ=&#-js(@#{PV!@QoVc&88jNY9+(T_al-q zCg|}MDh`}VR8jjGpLL~U`Y2^tDV(r}i@VF(FbsUGbacmqqgrym@g=2Y;+B<=`te;C zW>Plg1)b!*c&KoL-ICp=dhdmv1=(73XT-{6qKdCwG1yi$ksVw;yG3Smwab`NomOs_ zDsG#%R!GEJOvo#yw{T`bFNL7U}%7-W6zQXrwc$ zkx91tdnl}ni8EULmrV~^+`XcpX(zp%L_EuKGx#OJYUqQzzuJ`;b03t5{2GQ&I{?oU zm1pQng7Ws;43-2@GRj=KwwBrXC$MX|fJnL{GjP)6Ch4z0`G0k}G`fC42Qe%UJ>TIE z2$_1G9WxR>o;tN*gD$)7^@7xKgUOY;wSDLNu!4=8?Vk@wDQ)zAspNiq*h0g~y`+4( zql9Nfl-!DLJu91n9%pU4M62nf5s5u36{^Pl0XS^oE+#mdC_pOEwoCqI$d)jt*4CE&OG-+BS~38?eu|UfK8iE7o1Q#s}JlHO=(+?j;d#t(+S{}^rK~XdGz4;eA^GLL?>%5H&>t6SUr0+wE+eB zHrs@wP~;gcEx3W)_>26pr}YW@ZDdw~N~7&Y5$AXihtJrz6+PxWAt>75gMqjaAmJll}U3PA3tH z&yr~t(kJ*uzMx9GxXOWsf@NjsIk9%AV|VeB{#Ot4$4%=fv6PTVZRVFiYeH7{WP0IC zjuPvVl&B0!tXB+-+q`EkkYq>Pok4>@pzuK{&CbD`=XW9sDw7LFD(5=+ppw!~&^j(| zO|VPvxQqjtu=3lFvNnHzbZ8;w9M%Yj#^^VAxrT*1PLt)`EHo35u4tPH#;fr8QW&{^ z;iu4%J zC9FXX5lJ$#>A9hz&vr?TR=ci9M_6|$h9JJC8C4dQnH?voZu#o4`qePuB&5O?B5JZOIOQ|t|$!=`JIgcuF+%Jz`X%qYLYC?^d z1`P`3r}wsx(H-I=tRUK(Tkg;?LMbc! zPo-m9yQHG&<+4@2u;}BK^WP<^w>XlvwHlrhGj93ie$X&@M8r5T2s5Ma;GZry?nHQ_}AB8=**%Z*3nSfh}9U4(L!7|g;zqlS5Gl(x8Js2Z!Pw8b&LZV z+;(sy5`>YJcUyeYuKC>Y-fMlA@#Wprg0#ph&Ah5X4jonHQKIl+O?@gyw+Yob^I0!4 z9P^ZtO5IoHT%{4U4Yqmqf_qJ&H!6Mu&?AnD2NQC$b0V)rY0eB~Z|GP8h_3rn04!>6 z@A`~hd@O$4zW@+Y_=ipxGB>wBqiS7ERAkQ*rvPl1T=jB&XhVbL78_zd;x<$N2LO)5 zqUUJPF=rs;lHj;6cQe+a8bEo)mDKVs@0F(1_tu`V;PwdW*;IY+(faS<{ol+U?RjzC zG4ks0cZv|#JA>B+;?=XO_Y>c~)#dr|{$`)?W97}i)>)hNKNhO#uEh(3*W$k?oswQ_ z7g=4g9(|Hhu^72jPeC@S`39_4zzj1m=OGLE#{-gl=@87t(aOzvidW4hdZQMaR3QFG z3ylH=5<2r_<)w{hIK?NTv2M?b8w{tP89FxtsM?v13e|fK!WPQY&wMorDS9tos|mJ7 zLWy5A2!7%Q^#>|BUa%*OUOHJX@zkDJ`Yhv7^q)t#t7;==n$;7t?S=&eqI=h9*Nl=V z7w4#*?uoHYw#bRoCEb>uw=JtzrnFew7GKh5>vinmcGp#5Ydt)cMyy(lU%q}V!5Qtw zWBkG=UPi!Q4p+50hBid$Q>8zlN1ERR^seSy#%v4tPHR3NEDXE)d;GNr>#l>5z?~pg8^6?of^}4eXNp z;Pi0BuacA8u3vqorkc!_ElVbtW_zLd9ebqIh!6HC`HRM;+rbS_KEo`Xy#Eb4%TBlZWDb z5oFwwmn!kKh27W8rz}r>*NjdxH^Jk}hACwPTq34mD(?&~YMeKXcvX{(FcXzwjXB=i zn{fF2(XZD)8l?&lzPPiYw*7pj_2KBJ#Y*JH;r^SfRW$08-KfVJpf)AW8`~PaXeE9@ zQgxo)-KqFRzc(~&%+dMJs2=8PMtAa;p|Qk72x%E6pNPiQf73bTppL}ZZxP;~xHYo* zL{d|hxHdfLuwX^)S&0u}TyRXUS*F=6cd?04CyfAQ^V^{?5pNz$q?uyfoobZXWhLrY zTF5wdS=+u{ZIbr4&uz2FmZz8%v5rjqavOvLEyPTnczFzcDYRegVY4?|XEX3kJdm9) zaSV;p!<_l<*wgi|Lpn4Ra#&-;$fpw2B@Q257$9}*P$i}PxA#+h(5*(B3!I?-&u2=g zlQM|faT!eJPr4`{8psPBPBIa~;lc7RJpqk9!m4F7mNt%h^2BZT67A&oQQS%EHSMgo zN%&L!B`CZ=kOsu8Hs?%nQI}d^Q+O^K3(J`xbgml*#|1_93NqWlYn(tl)j>52ycCxa zhrIT`KW;aXPqzvSSk@->c-=iXvSi-Iz0J05m&Fi4qABm1?AL9yy}+}tqs{wk@G|-i zV2g@3%vG%p3`x@N55R{QDnjqY!e$kCjY()~SnCP3I3#^^@xrAFJ_a`C<59GFde`PB zK>7tX`S=Ku3Vd3RGHzb5e?s*=7x;M6nB&A9y734m9Gs-g7ca*u{!H3eT3uZJHv+Na zLWV6Kl)^dc+%1dA<%$7jBWHf9 z@lPF*nheeMv~-Yzj$nFxQx<&lz!p%W4xXWLRQ4Nu{0NyLg&e~T9cwR+Oq@aex4FsW zpA1?;L49v`x3@l9kWtbPMUUD?kpD>BB_fsa=KWzL+G?%W|DD@AYunNCPVIX+fu&^A z3)0B74T6!xT#ei;p8{317-TeKhJ8SR$!>f%yV1VR_r5RFG;B5R;^^jBfb$GbP2K|Z zssV|B!_s(RJLKrFf|Ba#Cnkqi7JObh(;n;TyZVlFp>Y{^)fF+TW+K$5t@*NJRk(Zz z_TI_VOt-Rf``w!JnrmwmgR^tvZPu8(Dt0JBMDfj+7*epgbJye(?E|@&3`g0$5h4Bl zSM)3I1NK%WjQz;(miRQSbj7-#>!Q%E9SFqtRcJ6vNBeOe-Yt&dp=%w-sh{z68$AEo z7}{$@APu6cJbd?(Y-aEvMIo|wi9K+9!5Htt1{yUIeDt{!Ni&mI0Dl?>YhDnP ze&4Oo4@)=4F*CbJVdV@oP4>9|o&Q}z(4{cOv_}{}*?b+m7y6vtw@QlSMPdJ^KbJhT zcQCs1Y#~d(AE}3zTJ9o{Kll6+6wDD9tR&h9>wG3@eK_&zv%CB3UyICx)x|6^$T@ZKN&SX~m-LcMAnN<6(bCo9&7J;GPGR}T_(&ENVj9r81e4@n zzdTLk17s=Xhf`;{B#CaNc=3VHGl8%~vkO2Z%FK!LG1@Zr02+(`cjN!3v!PHF(r@$! zvev`uB4|0l{0siU<4N{;l*5%K0oszR4DaY)Gp`-{m?MhjKi1 z3eOSg1nx_x0FOdU;e$3-3G2lr)ZIkB6J@-& zPfxaUDz)WIO=$^2k|b;mEC=+3iD90RGk+OplCH?=d&5s)GpqEX6NaB$E)%$|z0V}` z0rr1AQwePT)+QrniDpyHL5g2`?-1OB)@m?p9YI$L2-$ks|Fyk?F?M>Kin2=bacg0| z-6TCEw}SG_VoItU9G@BTKa~Bi_pOWKA>qM128VLcWU~A{bM(Y_)VdjFQj;O|u}db7 z#yI7)97GWfbmk;-6Z1vzWD6eCdA$-(yoqTAe(E}0>T~XN{#12MdUsudE&IbHjm%X> z!S~kDE6!Y>6Cn?ANVOvgqIAYtZl+j#9y%%`VSkzYawQ9(Y}x#-pya_2lLk(AVaKt1 zh;t#ZZ=VGWeVWiL!ux01cF;KsMI7r^IgUl@g}6x))ZtZQL@TkoFo5L$$s+U%C{Clf z)gydW(J~#UlptfI2?MXDMp+MUT?qOvJX&%$xjIFLRT@LskO%X+l(Ffn{DUmp zP*?$|Ob(U**hv8MnUx=T4|o+mlecFo z6>r3I_bEHP0RSP|Fi4S&& zT1ZhoRPZu1qKxU1V@zm~Bp9%yV5O}2t(a1nzYHq?kg;Kff(#rte!%;4F>w?#*ZJ7% zcCI8YM{_`cUZ&@*+19_lo21XM@SsTa8N63QDo$WM{ZN_)FmZ1d7gb|wG|{9URaoDv z{ssZdJco35(`eJ4{DB)k{yOV<*&CFZyUKl{a9`sS;@ZF^nGWnszPH{&lGDl9yD6{x z2bF=vAHKUblA0KJtm7N@Nc*JGY)%0Qex8>?(64!R^|>hIP-x?i`DVwTgp(U;b+W+ ztyw1jk&tqc5*6?b&5~JZ!MG1Q%;~fOolQAcNUgdI_9#wU zZrcHAlhQAsUA3pvws2kBvabO9{;G1nnNNMtW1a}8w7lMF(7%$7cZ3W!z^>$f3Q?@{qJSN&UQ!(8j;vt}M!LAG=-;M;B|0h#|gt-fWE99$;q*So<0< z7gXi0XooY#GdOyp@z+|P7qMma70eYovxhwnsxg4HS5dk#aXDfSuRaZ`DbSy!ICqr| z#zJE}Wv4%_Wo%wjI3rZ!6Dx_^~Lm2U+zUJ$nXrI6#bqMH{%<`igVv}l1V zZnS~)eFalYjXDdF=#^2=NFKuLuTkVqh@t94T4lXboO$KSHnWPCr14GPcENOPIp)#( zi<&1$kTiz#AVfm43JmR1^8N(i<5_D#0PGv!@emZ*oJFnwUctxJ`*W zmD@(qMD5xB<%^a3(D>LMrMc;|vQzZ7?Ss>71 zRP(<({7=nNxGUOaB7Yx>@$up714u=w)svJwIlw7Wl73IB9zxPMXKJ(Ct^K)$l=So`?q7#= zQI89EFZIsq;^_mY-U)@|=Xh3Ty-IsYP^5-ID`7M*H?l!c-;;i$JkHnoIbjs+xkaUo zx*5*YN_su7Y5075Rp3O1sEW#|aUpXYy!{@IgcwK17oW&L^p9c0_;*-yAvd_#Fgv$) zKCbD0`5+^({^Iz<;&S9t`$bU&NZ(m+{YR3IyF@(TN8|SY>JQ(t^F=?y?vzct7;0_zH z&Knubx7V$dJ{@0z=H%kY1U!zYxBv}%__^#QtFRQ=)p=xbZ%=4)@!wx2M8vIX48zFf z!cQU-qekxdSq1ry&V|1ni#m{veP%n94Fc?AXPWWKNtpf%aK4mXOql^h3%xyvPlXZ( zYAQj&KXvvyZfz849MdF>#yjmOA#J+gRRioI!FIs~ZHVRf!6&w%^k+t729$>`rw9PW2l zLIjjl;|!=hiplWy0)NIS*o-&(n9Hi#+b)z5GM7e@Jj#|A|4rF{fA(FWyM~u7WDJJ2 zUH~bBv>zOUqyYBJxA2UCbvA->(Ng|XfM3e+O2sPXj#U`@^z%p=o?1;wKA!JYM!b;> z@9xGb6m-m}k!U^Hd*o$<1AM?RjRLk8NnXKs_8*sE9UISL#TH{LG)Gj3tpASTYTrxv z>&NQ}j#=?Tl7k5eRKI+;SodNjf!y$yUn1np2on?(dHLzk4?aui?M)ix_>%C&*IM`O5=Pr_ zMysD=v2SbN5+4RS?5dEj7+RO#A!B_r1*|>b%64jP3vDA=&hEcKZ5)~z1zK%`cP%`{ zRBy-JrG2XPnJn;?MFa33ARz#M8ao$nklBea7>AmuHDYTw0Aww|`%m+Aza$;Gq;>f6 zboyhUbLT>-V$Af?@MejFmzQTB{4B1aF6_v_`d~fX+~s+*N8for(btek`9~d-0fj%f zCBA=2tdf*7s2MtEjmYKZkDPoHhXKCTFz&9VOkZ(3z;$%?aTmhcKhg=2;iGp$YHUux zFfP-<PAXi?k!O3kSD$PkS6mxKj6=GE6m~FGZ@ZK(ux|!Y+PUC0)#^hURLG7>_rP zn08T3Axk6kmqsG9pBY~MaJowaIggI?hexF>Hx>Bd_&O36vgky1@#dQY0TX{c;S1QVnArs0=7X4uWajCYqm=1PI`E4VZ&dYs&b|QuJ>pc^grg5nt!?WUT}tBqO4iS?0=l{a6OX-!rOoxah|1$QCX1Q zZP*-;+*3rb^~}UsIJq|{$OzJ(uhryRNo`LZRqTgVhcYu@s-CPt4}20qn>WX_7(Oz* z;*RmolDqw00YBcPkATpnCCezrLO}KbbuI&Q=jm)NN}uvU*vsvHmzvYZY!y0@BJT?; z&sjMrNh6{*vI=tnQ{PhNCWP8CUMl4<#KS5l273kTy>c&A1fv`Bb7Fi~SZ%y$LY5O7 zyaZf`>EC+1-*%LJ-GGr2o?t{uf4F|GcdtTDg2i}s_BpQpzVq+bcV3x=E<1*6mfxv- za1wetwT;&funIi**bH{V3$-07rH6T*N|QBrzMz^1K3DR*HblFzyp@sNz^b!^)N zm2>}kOy;eN@5JTXMhW3@a|+4Jfo!)g;!n=M1eYX#$A3dfDfRi!atZqS>sa&-OUsAo z$kMx}8zauI%SHmi16v+dSX46+oceQCZsiB9m)?V7iUh)Pmaf+Q75 zDj+%2k~1i%AW@Ql=oBs1P*@p{F~bxDu0p7Wa=#H$`jf2rI4H8c4|rcoWq z<;mG=m)kCAW?!A4REJG^vqD{DsS4STl`pXa`Q33?Qhpo(&0H2{ic>)79?zWNqOjh# zkhsbw5c+g4-}+##{>}k2F!J@4{kwULdvCb#`DCnH*g>s+aTs6_D|!8-r{B>LV`GMq zXg)!oe%GRA4JLCct1+j9yzpKHC5R7ZMu&-)d(WTOyXlHW@MmYar~A*!?oc1pj}*LD z-2OoLG74HSCdKx%2!9t7^N z{)lm-zrwa4Ycuc_ePp@;B5QmW_cAAzUF}QD?=eNm8HmcN@m1Pv<&lxqA(>u&SBxzA z>o<$%X*E0H{x@|^uXw%-ioO1*h@qxDv1)Le)}a4`Z&6FJkne}7uIr7QMnk&@Idse2 z2{tk-ko+(x^`pIFEb(VQ+_}P$D_}3^)wuPs&B1RG?ydc7#~mysxJ83q3k8wlFnF~2 zSP|d3tVW$qbuINhH0{3FS%{DD$7c*U8L3Grj#d5|{kr~v`1vA$3)c=Kz6MK{l3rS@ zCi6?nKZ`D6pwAdV_GKKN-0@~qs9nbcsjMTL=4-)|&s)LA>EEKA(_^wv>DLbOxDes0Q7R$-W3C#d1`%cxJNw7 zs?gnGq?z75-&2dV8177UV7kEp&f5iNFtW!=B&R&{_ZiGCih;o-%tAZg!NBPd-$CW} z_krg$A?F(C5_c5MLs=CBAJK&S)3RfAA6r)P!i*uNE6EO$M?1 zh<&Ce^6IOrn;6%N$5rQa;sHs1{M{0jB#Q>RI9*=C0{9kC`qDA`wu*@K_c> zAo+BZ2=Yb?5f97StA=aqAW?0kO^o4$lumDE?6?PgopLip?kkf)8t;JL+|YkzFU2aD zV`Msc_a=9lD|*y}ACnjB$qfX^Git~`|6;}r*hpoTmi8=U#OjlXZQ#>Zp-EkzVA}(s z5F4fEjRdbFG+q!jsukJ1k5%tVoe$Vb_FrX;meT04__&IEbY`4Vzb5gYdR+L{ zuqNQyx@axwhgi#_8e>eO@>zd6{rcs5S!Dt?(zYgyzQH3*qfdfaP39u!lqwMKU3$RQ zp?T-RtKj%uX%(`9w-PySFhZG6Oy@7vao_gY99}`6SnK)Ib@(YcM`hh~h0%@@yWrFw z=;sD}<{)bp6#>!gd8;=lEPniLh*F`jSt}So(E!c7L>0xx$dbD4?NeV?%B1G=vl6+F zD`Oa0kZ5i2V$%4D_9-U1HE&<#BKRQPJ5U;57x_w%YN%s9x|W8p1dE0J_`Rz`FxkJ}^G_9*vr2MH9R(G>&&&{l z#mRM6r;=>7`vh^{u0QFBZi(V|;cHw+Ibk~4KXEUm+S>$SG1zhJMb$^7I%!D6eCUU} zA0}y26q7OC<0M4Jn;Ts;cgf+nFjont1e5%jyLl8Xj8F}8mS=fImPmX?=w01>OYo;>M}z`%`3a`F-*#9JYnIEbDmfZU zxs}@qTZ1P~0B`0|@pwa+R)14xOo9|ervPmZ6%=xiM&!n$RJJInI@oSy_7(`D5nm?x z+&_Y?Vk+Lk4_5HYs!og=XExx+ut5+$l|bKHHr}YBmdkO>$fAy#8GjCbYP`3d*3-Vl zoGKSg#{Z`J+;-Cyn|Iqjw-egS^BSyyHnI7GDv)ctNPWl54USYFX7UKkoEc4JI zYS*6mSq|2r2LwzlW|TFX!*B_+-|Jts`~w@ca0axn-;II_%5EW;$H zhcF&ttSZ+J3cO2y_$eG+b6Kr19^QPtcN!QDG`KHRtfsDGe1UQr8;k^%Te%eiLM9Kd zK?KAr%j_4#56saeA+*%g9_J_l+?*P0`>yGiHqLK{suz}-0nXaO_rM7>ZY*2~(#*#E zO-1GgRoXWr#;=6+Oeycky@;RIRWX@zDo5>(QQE0E%zY+UxY1jz@HsOw${>C{EvbBE z=-c6KX$$kdC!sMf8aQ$1W2hWIdGoxrF;$r`&U!JO&9|AeTU+s@5i3d~sa%qlu9sy{ zgvYQu<<}xX#N12_*Apfg2NTTM1on$=TY9Wcdzo_9h43(6P z(n|EU=))L%wNm_-yrfbfMgCp084PvmV12&JhtOL`Xh`S1c>C$&|H`}ee7!HY`2up~ zjsWjwMJq-*8Vndbi0sn;EX(l0FYVTU=sB*Lppg`-opl)1CBgk*{<5ko5{(>Hn!}t^ zrE3_!g1Ra5iV59!;@G=l39GHQzPk?`-pl!RLQ?$>3nnZbSUy$zCDLg4Oyh!QNAnM`43!!< z$^WfLN3jzrNv=qFYR4?$DE@YOoJHXuioIR`m!7t4CxK1B{wKSlc9?U(YlB5!xbISc z2Sz|6F@!ytcXLZUXg|Os3Zs#ciO)djQXiKg@H}nTB%b~siU#^ZV~p*A-l;#bH^c5Q zy3S}l&PNfW?!m<3H!elWw|G4L;pSxp&grVY_I0ef_U4y`f>PI)koVudD`@wJs_}^h~ed z$2vAkx~V{1KSE|^O=Uc}PLcJ6dBoJG1Efy*YS?Kz4eAZ}5SvC`F7CBVl3Bfp%NfN& zlr{>1eYR`=42!LGgEeW}Ir3&O!4sO%wcw(6KD1+TjAqVlq&ywjawLZo3Ry9cF8QYB z{JMqmc@x^0a4Kv~XN$Mts$_x>6FlNE-X)WN2Ent1XvPs^$>X?4+>#;DL1z!Y#eCh{pD%2wdYef=Jd4RlvF?|$GU{&oRA~txPKzyP35?GQZP&`c?`UlL z;5U*$+KzjwsFjhC}N$rJ~a`6T?W4`8$z==s$JgY~X?!2yd1Xe|Hw)Nt-fI8bmNokDYQd0My9oXS0C zOgm~Fd2>2#SK(JsDaCtS61EV$q@(vBn!?5B{v^@-XKVBPEa}2aJIlT(g9z%Z$3yn& zU_mD#%Hlf>6T-_2n3=hy!Zw5q??>J7@oBmvj25+}w2^x@k(7Ksf6=+MLIc!>+%+`4 zfMEtcgOFwZ>2>G~QUyRk=V#Y;jL7+M-(jvk@CSZ%BSB@`X=g*X=QmUA;7y_QRp#sp z>HqRl3I7wE`hPLeh(}gSzN9&-7-{vb912T$l^l%JunWd+V+ZaQp#Zk366?#nC&=Fl z_4I1Zkv1rS1TeU-QIHEC+TWAd<&JH0vH4v5sH6Nd-{IjJnSJnZ!B2$xbwEgGhp0E% z+S}?&jn^+I0~9bJtr|cJy!Lnt`@qE&0Rusy6Izz@r^pRqR`78&RQ4f#58ukksmY&9cUrCraO7v@IgC=7?RC{KgW{ADbmy6tWf=sEV zeS7urrG_cYHg-2yuM#6&@cy@S!P3R!k3ZJle5(GP=uyz{b7~S%YDgp)WPl-pcOdP} zlOOaI6m$C~{*H=UrcvotEMVt8pRPKp35A&>_YPQoRne=woJBdI>g-#+?2xL8(o$6R zS=Fa`DGrL=lz@)OO1_H0f~8w35FKc{S4vx7`el6c_|!)}_1ef7H;+p2-28h(MUY#D z=*B|!&1AxtqFU;isWk6Qp-|Ug5OLNT4avDWAXY*K-LJK^Ms$X|M+m=UMRir5acku2 z3q$N&kPlPST&CBsB=Lg`NW1geI1F}`Z%_0&fWlz&)wnZ#J`=(}h^{zHj^e*8eyhvS z=rxomH@&jFpa4IpG>-l5sWPpOK3j(hN4~%L^46nDZpX(sIk1HY3!%Tz}{yP0{LLHyOIE0KSQDSKM85cQYz<_?sB#m7 z)954Xz!#AijyGa<86Fz9E!2v+Ah{QT7y{jYjs&o%{BUqr8*@p|WehOz`D*p0V`jFC z(qRVEGO^4b=H2mE2(T8f9jASmL7F2GOqxy3QLWSsMy+z%M=PAB?JzK04$2IXFub0% z8KMmM0e^4k&ssh8rp`kFws|w4wRwFeN;)UjCe1(?c36G>KtB-A%lFbG!~p6&xor7B zM38gdVDeZg>Xvf`*6+x#!pTOiK)jQwKd@rm-o*Y|ZTr=x5o zcY}hq2mXzA&j!}96#w}~3d7wVm42&BZNuDv{J_8N+ur~8ztwd9celF`fGXp9rkAq*hLM?SppBwIQcI=E?YnuA!m`y-g`8ZwvsX2jvz8|=eoouGcdl;o z4p4)+FwCg^?;&3maz)i-k9^@XWe4FuaihN*8+G)*4|u+hIyj#t&9QV_N!kLTS00+6 z2)N~0A!|EhA{9p*%wvg^A=E_l{+@9wxmm0ELCB;>ZjPPDYsa=A{$9e2n07}|t5v!= zgz7Sa?tv8R*J)aRCmw=+j1&bKbG%TU*Mxg8Y}GG|a_nB-8m8qFS{c@IT!=(pkb)Er zAd>=iKGS9ugJag+U^bznz)NSQ5Popd*En9rP!-cMN~xk2tIek*WO)q^<@njorp$51 zdnYqX(0tr}5&Z9qx(*|onUxt;U%6e>ulLY3^MD_Q_4b^rVD9#|)*Z2jdQTO;)a2k@ zG?ZO?L+pCT`h@My6jV3HOkJ( zs%Zo}%p80yiAT2F33}T5OPme&1BGb5VO&@Z*|(|?V}t-&z54Jd`n`*JRLc&kqaYdD7nb{wDm*(~zxE?Prdd>=EzjZY{CD#=j$!R}Bzh&&K)K&DEgO75poPA=I zEe8x(Ou`&c7c6u)R4tqCCyjo@jnrI99Bqb_^ul478fPIITgjN$_ngt5zV2`6vgfVg zA4Zbx)jn_i*X=UH8QIYpWenVB#ZmD8$jtu-j{c3^R-!_A=93rrj2!q^LO90OH3Xl7 z_p%PMOp?rhNa;SLaJs4AC~v)*`^w1kUsb$QAaAKYg5 zt&M`)eQV^BP8!z%pMnAJ6vzg!6~5I7helh}>bkpZp-W`Pb1h+AYXC;}BAb=!WZG`4 zlQjFn{jii%f7aZP;O(*X<2|6J*K0S~8zX&u>Tf$fV_F=WdPD?7gz=rL(FDIqv=UtI z(O(G3cJ7_Q(eu?hzgQucpZT!e|@Th<+ZS%)uUbbNGa+#C^G;mxcjj6m-* zZKw9{VF{NbFnW4um=~ z^~5V)`opI|G^XF59c#d7?GtUJrqC-S$E2QLD9P!dkK^qFMn(Me<*H8uF|s7#*2WvG z@ibc}d)Ev<)@twf(@$ z9|eGeIt=OKIB_ucO6RJN)4AzvEQu&JMH}3b#K{wxkHKM~-ebLY%ibhhWm9tK==qS- zn|%&=2KmF!t*nB{oJ6X$IU;C{#rjNKji0|NsKI3GL`o5fqM5bJd8v?os<|LwizqRv z2S(at2gCTG4Jsz}M9U_2B+e~6ldS@(Fgtm~KrSe-W;hFb0adfqj@=~ zvh$NhHnWvt<|z!6e9~~5Gr7<3=yNTZzj|CQtNY$+Kw>5?Jkozy}Eo#Vp zuvl%Bv!ZWLWQ<|pvy}}^+}Ff^pdgC=nsd4207hnIYs)|M6!I^6>JLQ($fn+Z&n_yF z_=l_ei=M;G-AMf7ApZltNTVMV++Gj`F&a!ta(@*)bdb!^eIVxKBN2zmriXs^S^5_; zOHG)>;I6EG7dYR0EoH~!?=z}3SLrN^i{2Z!v^mBD8B()M zZb}A2s2Gg#pV5*3^Ch_k1DNqsLi1@hYpxOs2FO#Gb8>-q1VGYB=AO{l@<2KHh!~uE z`2??s@0X851b?SX+pq5JbuvB(*xyyuaD!mgUsd0V5jHW$SJ*8#G z60&Z)6-X!SPXbZ=M$iunZvy7GT;W&MUEjp%_W_iOR5k{=@O_mG$i=hBJ!DW+qdNwY zE7r4X8r>m#kWC|%Tt$gt`I-eA+b1Hhn5RVo&P}IdDD8xW<7&rjd-{@0s-{^W47sYi z1#3na4yGTm-#4qiTHne#062?l(0)%C?Cf*`ezpkPp=gw1QqE>M#&&C{J&YvBZc~^= z3|+6#tZ^hTCZ65w@CqQVcH#K_)LV#K(?;xe%XE(ib@%3Wzn+3CBJ->^1%7qn>j{nRZ21o$nm7`+Pi<*qU**e^OB-p+qJ6 zJHIDKm|qljDPo?6DKU$Zw~=03P#D|@pt=p5#JvYw6M*I;w8<`YGqw>m6S z@;0Kv8#gpNRv@Bkki&s{ITHE$zl0zl$(x`+v&}yYoDkc?HtfSIR_#W{Ce+@6Gz_s; zg2`-#GlQ3WqKm2O7EEo&UK0|yYSp*!%(@j>M`Cjyp5eXz-d7=`_!~QW7thc6UhJ5N%!Od!+e9%2xII zN0VwUTfe%Gq|IP4_y7`;yk`B_StYq;DzMTMbSYDSt+exY9+T35b`c|~&tZ@os(9V^ zko=j+bKf<_%<$UFdl})%LfHFXjQ3o}*uO@E-2W#K?)ML!N4^ZbWf%MBy?^J@tlJo1|z9=UH06WR?mv@atP6kYRc#_YUQgZnL}dxW-* z`&ne-HSONlqw5PXGKUM_Cp0Wkm3t1ex!pq6JkG7h)iXobzl7;^&+^vPtU~&aL~Vug zaW{}OdFPPJrh_aZm{GMm{xEn+&QMQ_KHac=!!KOMM@h6KY@>wXl~F#PW#%f)3S?M_ zc8iM@Y*By7N@_C7uwO03kMOa~mU+0!dc~!!Jl?d5S^Y0lO@yGTX0XxM{xJFRnt2P~ z*_z=sbUzF}hzdoDPZYk!KQ@RJ3XT4lOmzG<`mK`EiEfZ!ne{f2d&2K{KHa7YNrLUg zyxe#{6d>9vDEv{0jO6NprZ`(*JoplYL)j+K!~t8nk$uUij9wuzrWx_8 zB)jQiK>*r#cO4`=TfP?U+e(;M%l_Qk#=|4yc({N$uU}=@Lx2neJalZgkKSh&jhU|% zWo`DV7yR=`F+noSl1k026a1b~HZ+>1Cog4QS!;g!Z@?}Jt!*Mypo;F}svHyPPRstV zlZP3Qu{wUN-P)b6m-+dtX(Ua5WO?mL#DzOH$b-z?w-9k4zqAeY+Xl;D1q0`A%6lya}e*PsA+^J4`xp-utU zaAN1WqfAFXTQB_2N*mclhpw$>S9aog00mIXePx$-Cxo72-;8#cF)Z@6Bs8L~H z3Qb3<^ZiEyBC&FUKN_Pk8JB}|Tp^`4P``JMV=`)9)4x2kY*&LkoxTiQ8OLz7SLhrUmltAE>p9i@q)F)H1 z2qg3>h9L(B&ten_bSy#Tt_82J)O8fsaJkUH@sRh}FyvGWg&Y;GHWC7Sw+^63W_%^x zSw}0~xhHE3@xqRm3}eWhA1COGjQG8H;lmPOGzowqdc(&X;726kR}_XtPA9FlpXz~& zPWV1(ABwKgB*|Vl&za1s*hpns>8d@g_QsGw)Gm2A>6WZC&JBRc1?XZ8-92_sAJ=vE zjhxcWY79+e$(01W#_))6u2!*0vU1r?E!tCB@79Q&6@m=r?##P$PC+UN9sl{6c#p-@ zIsY6I$X!3F_VFPR>8IYU7&zMQ4FR6Rn?E^5GCqIcgKR86oLPea<4H`+@eoyUZ+S>K~@DdQ)R@@$nLCMG)nlm_sh>n6Rii7G-t@dlNd|l2a^<>1C$fRSYJm}1D zk$qvWvR{83l5&i4<6SIry5`jetKxQ%kl?xo$pQ9tCaj~`A0 zrbEg*>Ly|5zcRuiy1Pf4;Z8h?wLQgCEl2*X;6IPk`_Cr<|NUopzqBMp87XYL8o3oQ zZM(|4v9}>rdE-CKsovpt*Za0UkdVGA`xZkz22K3`!miD2_bm+sPX;(JCdgN^SFiT& zZW-AE5fkvY?&`NIfx;tR|yc1yH_17 zEaEi*&r*6d5SJ@wF~UG?QFrw<5U8z8l}A{C-rcuX8Gb z`kp?>^dSv>jHo#OOY`N=lCHHyorYUR5`?Xr+ph z+qYYPyZ(HeUF+-r6uSGLM?~9zOC7;dNsH7D;WBvnLVshgHNIB(kqLuBITOv|Z&!%D zRz^gEVLth;uy+~JCxyg93)Imh?_I6n2T4B)Utdw9SNm&}Z`=)8(!pT)$U2?B=Ys9nW z<7-TEeK7y|h)bgorl0bAd8<1eJN#?esia!FNkh-TI(4+mPwHessv?^`D8@;A3zO;+ zptujEjcylIMq$6>V?yuV+qJS8xWNwnZu`u&UetX=`s)jr-GI>;sjzMBklakT?Y{(hpYTFt+AP%;++FDb!49+a^?t=GtK*2=wy0Wjs~=BJ4T%IMfC?b z#baVc)CAe1ENoNO*=wS7$arslrW5Y>e`|; z^3sq+{>yCS_0<-6RwatoQJNtIJ$~(mHr8Dz8J5mXK@^{!K#|hl;>~epR1+zmtp7Mt zMXRjdC0^~WRN#pX1kUWSzBCF3dL!6`*q=v_Cz;pRHTJK8GuPokT{OYM{@_)eO7QEv zlw)t5sSTEH?||Z-4ajwy@79*9u(r35qISlh8j%2?1UaugtpuaruVk9fgF+#}C1vLAXuse(bQYz_eBvv30C}{iN^n-SYP(oQ}FkK!!@X>M)JK3nPLj$_zuf=;RN@m_LtDk8;Dc_^! zM99e>MAxl{f~5M!KV$FXb!1(6aA(* zJ!SuRyf8)r2-?q@K!WG~=$n6vgY1FR#q~IKMQRj%k51mT8UsNZfqRrOWNXaOB%`s2 zlsPOL{Alc?=hw2)*D;#}1K${hoi)e#)N^xd$*zo#wJ6us4fkfp?Op`&It~v!=11-F z@hO8dvDfI&hl7bI#&{vDOb1lqg|$i0>nF$$?k)usK&%i@2SdY8&v{^q%h?GnIUh4D zs(~z_ui5$IIhbUUWay9pX?KvhGXfb8yb^LI(e5)_0s5*-iv5u7cQI86w2{V>1xJ=B zbit4xOB4>!E!~oXfE;TRFX}iKBwf>UEohMp(s6&e(`Lt|?Nw})E(MJYXzV<}T@eG$ zp<5EH;OV?8P}~VjBy6J&63(!^JC5vvK!4!*lHl>RJ-Y&6Ai%_Ba&{qW4I_&q$-kFt z)KeDt5^HxIAc8^E5hJefbob;F)#kI5(e@dn86($q1gdN-hI^!~hfNnxDFM|K(Dsr+)4xrWn3oJ+2^!JQ7tbg9O; zY>3K5*}cX}j|q2jGNB(&o`x$2)+A9DeVCKM5Y)fT2Ap**{=;1Ks45 zTu%F_z;5$eIFVky6y`qZGh)`BmA;xxI26Z*VV%VXPVe$DJff!^Ld_>^6_-G=$;^+D zi;hh^P3LEpiVx`(OAQ{fpAZozv2f>Uy_S}q`d~!yNl#*?yEO(;`BEc9q)Ppw9fndu z&*F|V!I22S=z#ZzdqK0*hsxN>%qF?sp?gfvgN&8c4csa(7O)KsD!D4Yzl`@4Zf~Z3UA^ zSFf5W9k*y`tB!T_sIN_M>0~xm@&Sf{Z~_?7kLJ^x)y8|Oh3_AJ`(=9L*S9nUH?>b+ z2ibRlnxhI81}ex4;l+q^MK??OqClb_5z7F&;0W|%F#Qd9<^#8*Y&^Bqx0+O(z2O8Q zyfA?boY!qiw!PS8FVMj!z{Ko_BR__|2$i z)t48YBU$UsrC&xxv*Jbk9}0-oR1DEQi>DJx1jJvUbhmW)fgpZIADNOyd`!^Q&t!bT z|7=1->51;pHlf+eaFAo#2_6Y(Cy(dPPL#I!5ZQH_zaINlH9 z)9eR<=eTVFQl*H~h78T6&3~@pQPST`E z9U&-6V1GVVvFbj3f902fzk-rNpfg>=Ee;0)j217W1=@SHT$V*SgpFIgX-KTRIYP4=S2Jmi+}*!1bj@=)#YyKjw2j8gkZ2 zdbs@k{UM#`%$+*rHL7&o=$ulFR#0aACo>&>7GaVal5@xjw&^kb_VKGvM-(ZOE!Gj8 z1}`E;Yd_oO)k74fj9>+&RQrMNZ(m1IzS;mvHo#aV3W+yPn!n>w#KXx7mS-Qv9;wJ5 z=SVPJA}gjx3QUB~A54QTN7|PLPFVd2xL-qefN&$XJ9`@3Yhhyyf!Z5FteRH3D~vIp zenPe>{WU!=H4=_M)e5$k#xtB27w@U~MM`X0^(I%RAr2i6t&aF4%xuZKI71nL_VaNK zS-TPE6J~Dzb>^8C?d$zu*AE|BhYdfz#k#r*rvmJN2B?dmd<&0$5750R)}B$ps)nhK zz}cjgH0sHeO~UxY+<_LSZd`J~j}=Eec?Sw_4DN%E&H2o#r%B%E4T$f;C`qxxbdsrk~Q?v3W;_{oDu-J_Up!tX^MsitMRf86wueHnt5>h7TvUKu8X zu%S<79}h4;V?QF^+`OgoXX^47b_JGXK30nucc z8K2#jHA(VRoklAfK(2&0_8!-=4OV?z}loPdujRN+Anz)q<|uCRMwGL z&B$FM_dM^~*KG}-{VS;e9d`uQJ~=4SwU-V=%jYqR|DMAXIW_f>+X%!I zpn7dPR%ZT-zdb0)5=&sWk^_x^G}UFl%aClCIFqmYf64ce!{+Gzl+J! zJ)+r9GpRc@=cAreeOUm9a5CW|%aUeJlCMj`_wh)_G>C09t-(6HwVk@gKBrsEg(E;# z_PNpWoIt^2;SV;c;1zEr!Biule|SSQxC{5)W4AdjEX1BBy<&S73Y(&=A?!10A6aMFo zq@lx4B8?iLRg;X<%aUg4Xr%Ns>_k31Q5pcT0q@#MokhwOZH9W3Lmu_wB*fE}7JY~O z{c_2YakIWikSYy%-68hGmYM2{g)wiadAS&}G96F&QJO+Xep@BDAo`Mu9}{JC zNr~P9cBd=Sy7Q^DP(Q!TJQRJ(bN?E~A{;{=7QC8d-uzf@4tiuozpwDdVgPS$T-|LEDb(sslA=SBKV7LOFmMqtBd$lHOHpYV;5LZBsPMjdK+T1(gJ zG|feu?VII5f87hA!nY|dXS$Q~=c_znEW!=AA(TfiKHg?X(Y}>y&%AuDcCD#{1zgmj z@6{fJrO#yza>I$K-Sl1*`Rn&e6#xec&J>7?W~>D_^P3-s_p+=r(c>bEkw)4ceY1Ov z&9t|BKQq$pUc!Wr9&g$#mkGx6%ewD|2?SPcg+GFb&|5*d~%3xt=4F|as)ezJYBvSsI0`*u8KDWH| z{#_%N(G7kY%_SYr$Ug@~KCgRpVsk6*@t!_X0$@0bB5WjsTs4uYBfcj#sJbnJf%i!#$V&Vy-^-xKG!F{J|36O#G`K zXSS!15Ew788^Rdz&djUK3CsTL^?)}|JsZ%0+(9pwjgp*L4#3!e8S?i}(`S-Rk8W-c zgk8m3TsD#}qbwVN>{xDBQT&jSA~(oBj)YLd%!Y^m4G#47q*5Y3;z zeo238Fy&zWMyzVAnuSky%H&F4txp6cainjQMPfCCX|Tuff|=QDOwY17%g zYHz7jDsOseY@*8P9B10^C%p{fR$!swI_&sb4 zt>Z^Ttj_tv8ybzc$+Pw225mPi%#}RG;Ve>Du(W^%22dydTo|5(ILw*8v#to*h}S9F~HsjQa3MTH7d&t@U}l+!Kj+mJRQOZTS( z30(cbuFD(gVSMPU7Bueog0CrS1KAyAC0-I~?EXTa_c&i@$VV~Pp3XM}X!48!7nBU2 zsoreDd5dfQ#Qhvc_15_~D!0A}u&muyb~2vQ8sj#T_QpeD4y&04?o84i_G6 zj;`HGjYr|)dw3s;bg3IooNFB-EM5!kJt+8f7VjKaUHdAcT~F!@)$=xvF33B&$D!w= z3=_jc&>>UVd{*BfYX?HPesMr$3gfwZa!}F>LOyL5K8p;LR+&_=OO13_KTe)_6k#P6 zChulTFL7^sZq<`mz6kM?W5&oR9hL#`dGYpKcEpn}`;OAHPYh}X_`Je-&)NmGmA`=wp#ZTPM&Uh{*+u!E7exY5!6D4_eB=4$q_%rP_EnZ17Bz`6L8zWKlyNCBP+gk2; zUF6F95$>r6Q%+||x@p&Ddc{CCX)@L(J`+9R5+ZxK&Jx=WjG`Ak!Cyv-o9IFx;O*2KE>h(=K4obJ?qMS|@rdSJNoT*<4!QSF zn5V5UX?;nOon4Y_kxLsNm0I);V;W=8yqE`vH!YQ$TC{bZrRYwVcOG8S5-s1n^fmL? zg>zal{xlu&xmF_L>$s0aOoF;_U%erauL-TTrO6t81P=*DG9eF5vjI$N4( zb);o+p;=+53Tp#D|H(>FI)JHOqI@O>C=lL7tg)lo!+p@N!_5l)EA!jCPiPVW2w=|k zGrv6ZXYgJ7(pvS_ z8693))}Ry*N5+RwYNHg$TbH{*^AHM1AwPOfM$iOVh>8o{X(O%8m4j(qi;Q~{w(+zb zirj7>P@+VtvwI#P!WT}OBgw{j_28r84yp7dGCp-=4{tYzU?_25lJoOSVt!g29wU~3T#z;T$UDTYe6dkvZ=^Ya`?09E;%)J2 zaY=dn=%NhpM#UyzcKB%V7Te?d(>KYje|JoJ=+?kxi++xWF9iI@lGCK$W^v7fg*0r- zc>&CucM@*o1HH$|wR{Gr3wZ4PbnTXSwVC8DW)&Oih*QVhrNixX&&uojy#O=MkSPHa z>;Z)9+k}tvB_6P2L4D`!P<8Rtgb8)V3zY4U#BEu&b*MfHk){=EBL@50pmDg^rBBwZ z_0v^19!6T#*WSR$=ooX%X)H#FX|!VzP%QcNT(=~e#))u0&he!zps+^hH+XbuGQY!WrUY0 zBaS@Q2?p7FS8Z=!MEfyV9Zc19YH;NjV5y4HJLKJ5X$RqrfGiQGr}8Hm;ww7Wa2fx zIsTlpwbYtF@6sxxRUb%Pz^YaL=tteErqgkme=j?_=62&7Yj(5Br7lg7HF60#9Ljdy zy|O@PsHRM$?4=tfv~DR>(wv|QQf=!;u(>F}7+#mNsG7DK>q zdL!n2Xc^BXVW<2U!A2Y!z!w2JOX#^S|dWb2lo1O;b}u2 zJ)a^TRG0`yPG&KEcs(=BUvh)t(B!QFo+!WYIe%z~lW%Bnv;}1|YE39|0!|w6RRMvhkOJCsVDKhTl(yl|lL%iNB z=A}i82M3c=@N0|3=%Ho4s;BT*>9V+sZf#RobSiaF-ZC98iJQm1r7f|7^YM&jQ1}Wv zNh`>ua-{eNeNUzba+EgJ3vYOz<(reX-*_B}#1kHK!aafH8`mH5`|KY?b5nJJ+{>sh zE;eLmfV~>{;fZ*6yGCs*CskwV7Rj@!_YJ$v44O8-2ud-oVrAe7u@p=c;BF#MQK+la zq6V%3DPDXhk66K{Lc))xKiedRZEBs6g7R)xbOi}PM{I~}9^I9DN$l<&>7k1ipKGPV z9-;2JPw5Z0anD-xqsPC#?h5T^70zWq1|)r@0h=*Q%iZ+-IUcDbghiS%i!B$7id1vN zDZnhEz*y7+EM+)5o2Z0W)^~#~$MBm;;Q>8Ipy{Hfi=hw9G#7%Wk9Mmk7es*R@t;;^ z!Dm2BZ>?jewRsB1d#rBQ@_LdO!JM}~gG(Xy1*NmyCH9+*@z0uJ3!?dr?TY0x+#2od zoT-{MPGMH+Q(vgJN06@eNM6Paf8Ky`qw-Y9wE4M${pzXCH_-=ZsgEbE4lmHg-X|89 z`31d~w~0))E~BaIJeMtb=7yK`!hE&rs7G7X)Jkv6P|c7vBah`K=&pr^1c|}~jtnen zr=o42T_Zo;anA_+Z|uEgR9suPExHpdcyI^=2ofN{B{+m&0YdQL5CQ}XuE7d-CrE-6 z?wUY=;O_2PxLctGRMoo0-rs5WYwyo%@4S0kJNKRUcU4VU)7Bhg^xg;g+QAxHb=n;y zlb^8=2!=y|?Ss{dMSJN+oiG}?7$wgr$KSMeRlX$07*5;+{i72=?4IpY@5a!>#IslKrU5DZVhB7G>Umh1e$EvM=s zJ1gB$WL*wmIQ7=$RQS<1rXrjwl3=orQePQ%!;ln`T{olcZ9K&25zd4G4-aKbFmzNi zABlW|htqw6J90Zjq5H2d1!nyvs;2XR994S^C1^dA5=4VX!zh&{bWP9N_MY^EAI4UA z7Gn<>W+D*Ns*w1+qbocy3zaITg6oDp2J~X7Um0WypY6ntv>3f14H3WP=enw_mb1#- zTw)UICw0XwsA=mPCgUuxby_4!2%0r`dQkBUEekR{%NR_^MPNrD|J40qS?#u7)k}^d zJ_;3`81hQX_T<4v7)zUo2Lp)=G{80n0R|z7Vr(WKQowfV<%Ik&2(9LEI2+C|S*58{ zC#A0XXmT!eOR^Dn3@G6&*)rzVpv_B7PS(LXmh>5Xkqug$JRTsea&6Uf8l`4)OQZGc zgS?O}x^-m9^FS9?6;=;SNLBsj5??bSg{76y+zP;-+FNNVVEJmymkU(JB{uRsppJqK0a%DwMJGH28J%!j*9ChB@?T3 z;MYUG!^s<&mO*+BAMR?xhBji$4+J-9i*yT(xRFy1R|2l|g#b#e4Ev8O>N=|$h6J4l zst~ykR7f&05NN4d!W--gRjM7>dpam6aV1_gi1oa|4G*5U=!xG@+p-4jH`;e%AL&idmo;T37bWR!b z_U1p}6mFytJD=K^(A^x@C)3}sXzAlB3uKXj_T2(&SjYYcoV|7Or50AR=<>#_KUVG?;5Vma{{uHQ(*_q_0|8mqH}zpfoV?;RD$TMT)-6WC>MJ^Y7qGI zJ42_!gyN8-3))E~#7c!ZMp23TSe0@I73HDCymwV-aEF@lg#wIb6J6mj+(kVeU=tRm z%L9;S>R?nzCcV)5G&|iuZD-xncW`Za(3d!iN1YT)xpbdwx2Zs{Ya4c zp&Pk0`ni**JZ;dIKplU!W|Fh9qZ#H%Mcprfb| zy!k55M=HVQkmxAZ|JO(>sh}!nX9t%<;z=^rw5xCp=>@f?;8fWW`FU~dW>iz>1^89d zag06D?l^E|qMCd4;5!loLq+PYPPZ#;b+~SiH#x;uzg57-;*{6cOQDi2{QltNlA-B@ z1|%#i8&ksa6mO|@J;cVrdC%+Q^UR>Vj~{{y3p|WOj}gkt20a?f*04xD9S}t{q5&l*czFAk=Yw9IQbON%wCE^#s zSo=2c;f&~N2M@le;9%A);)$LN_Z5zCj1AC-kIe0sa4w0)&=X0m@yj9S>g51I@Si5O(3(4K;4p zfyE^ZYfj|G#ykZ}2P#=;OuZ9&K60|>jDw&I-#Gi}th$HiA^Kd@Ra$lE0T9MQ8?RCz zJpYVCuaj){ay#ec1~4i56suC%`@6nVM}MI-#bIIw@R9^*(JcTp*9PXU&HE+iSg3&~ zAVLU;5Rb|Om)~aL8=aZvoQuXzg9qZK&;SG%(vx9H+hRKol-~aR9lJ#B@$=~(XzT{v ztTE0=hFOl;4r;NsrmHA5c-C{T-4sOrI;hxDSF>}}e&XM3DKhvFW$WA;VBMyrw^=C0 zd0qB#&?30pRd|r=@RxCG_de=SXA8TB(Ki&8TsN6gQccL+={mner2Z^qrP)gwBH<&% z{&}M#7X6VN;h$$lAe`VwBB3lgNOotUZ(ZNJ-xkT=H`Ts>2n-xcVY+Iq54he+P5?{U z%oOm>J4l{_DQq{FiW^?M^YQNKp0mspiB(O7?Bvf_8dz`Z0jo3j#~ZIJ)+r<|UDjQH zZ>J1=TAWOLC+B6Ba7%fW!`dhes61V)#5Gyt!d*?XZwaVuMH2h=jEZrr2;W3kr7S!FeY&HlmccAVf(pEQ2*ERQIxZfuAV_Y zM*8UI(SS}uJ67*aaS_46*k5#%V$f5x*WlqB?_-*|-xF^2-<_0~mKuo;L*qP) z5dbvwBwMZAXP#3+(C_K#xnkh4@8ee;#y%S0V)4z$Ji{>IyNfjYKluneNRTi*?zSk5 z*X&D;0tQ@W(z$B9M+YlOHp5C|1!aWOM1uj{RhwK9eVP?=&OgN0W~(A3qGpMBbrMCi zL){XO-{1Mtc<-9{`{-#FcDwRA0UNn~mni|-J+Z;@ zDv|^zDn5jQ!ANqqMN_UKqecSX=ZC6GU%W+m*Y1k1ildW9pA-NmEy3Wb4iyqdmTF)$ z>MI$9pdBHhNC`r1&Tpo6oXy{*L!azmK9GpoWv8|+KdoL}%C8!+*2g}gC36H)EPCHxDATVL6<%uCvYvvnuE4p$Fz@Khm`iyxEFk0 z_8dbcG*aym_nw4#t!Ljsr8d6igqo_icw^Ml(cO+??x1#;nLUNocAN>JbW+Lm6#Jsl zIP4tkk{2YtCabjrBvo_e7g^2$L0m_FaIPJx5JQhFUFS?-^tlw8OJ6k96`t}Z%su`Y z>zDRzB97%{*HF@#&Zbh;Bdmy0Zf!PH*r&HG3SxyQv{9 z6iX4S;@~(2G#10Z*%c-)~eI^x-sen zZ?vvd(O-N>B^I4{i(m5R*`V5hX3+p`#OrPxjZgAVilwv!&4d-d<7mxG6BX&0C?39L z6e!vcVV7sq$bR9)`jG79yYQ!0d6-(uaa*kBFEq^w?^|W7W{jT7Dxv;Klm9NbP!Dv`uRL8_iVork_?( zBHwE4sJsQID)b>~^kz$QJFDt&{*eHT`rhEul67+ZzICzW@m#Gm#z1Hm)WuL03!7_0;z?}oANINZ{lB!T zIXOQ|^0^V0wYFn6ASJh8SKK$z3Qc1^9c;&mIwQ!tlV;qf3*#2w@&K+D9*h}dkk8UZ zgCJhJiq3d77w0>|9t>;Y4?ghX=MmPR(k+vpajm6IpPDu#{%G?QOtrSo0 zW{upQMfG4ggwifNjPN9HC#NLQ#Ht;od(ip#|4RqRSuPZ;}%N0zjtnuhg7FxjsJewJ+Ug0K#n#sT7_jtE_aABkhM8Zy~W z2LIa^=P1^+(l3)mej{AzdtEWBC1Vm}XdbR;(p|A#KX-^B-7emvd zaC8DL;?HXFZ-;5>Srs=_m^g|iI$o3>3_K$$QDUVldq$aDh@t<1M@77%rI?Op>QL2e zW04f>`%v4^o73)8IZedIc5toc*kZNvSf#fcfR3Hlkmzo2S%P073M3{vPDJgSAF$B5 z=S}JoXhWuq_gU^NyX)o!qQTW4pPGSx6yE!Y6w*D0hzvq#@}Q`+CxX_Vk2EW_DBQa6 zf4;P@%g`6<{aL~5hCL(Tb=B*zM8x4(?dh*CBlmos8^Q7e4(hO4UK?4oGvN_HUKm-N zvqYT1LH!NQe&iX&B^i#n=MUVMu&BS(6TR!kdb9%`ANC0dyW+CKoV}p+^ZAQXq>66I zZ7_NT$;Y)?82)=nJuS*L7*Y6YEZzdV5ges4e8}GcbwGg6UbVzK^0&mdbFgDj7`O@4 zSbO2k%61nukyyn?A%uVNkaLQp(9P)p;2C_=wQnQbdr2wT@;fAXoMkZwoh02iJ}}IO zlXI_*DZ+6NSb4>w0y2+5H@IB`?~(P0ZiE?W2JzGwvxzzP?=(0j-Zi>Ku#lT5HenkBy$i zluniU6Zz{z(GCij8~%JDLQQq3w+~t=jfy|aO9+xKf_BD`V~`_dX~jGx+rsDtt5|~G zXGC-;FuUOSdTtj$|w2H3a2I~EIZ>^cNx_65HLQO@{Xxgs^b zKC#~3iISX8?Af}5EO7AyMK~fj-H_=NBR_j$@dq6GGy~w|94x94)|5mNuP`;#CK$6U zRQvZ$P!Rn@@88#PkI@sdf8PWPMcIF^h%ftNt?Zs7j<{3L}N*_vzz??cM z@MNiSWCV1FHJ)jk_0KC&K{az8Pe~tIg2kgLzPQR>v<4|riYv15KQmY5GVjt5e!`T? z*kc?e85Jx9z%|2e#uQIbw6*K#qT zZ{>RF=s@KJHrOXk2u{!>xaA1U{yInCOCtMOgiovnvNO=C?yVIChn4BdXIL|`(s5j4 zVQBw5$@Cx054FnqM^L`^NiZ)Y*{fx|SH-FiUM)G8!Z(LQs-$kBO?orjwtv#S%fKmg zv&6!6%(ZsJAU84ev#V8% zclvg<97~t0rZ9yAu%15rxb_V1JGSqb<}1}bk1*3}{i z1cyHsr+-bDv(Pju8T#uF_~9g^*LcH*=QtV$IoFz$H4FH~wH!B;ee}XnnV8y()ecF-oK=FlZ3~BMMSt55Z>V^Ax`;LKNu&x}N@uN&5&jTM{C8-TV$dc-h z3%lM>xw>U1zE8x!l*5xq7P$?5p`q@T2ADAld^`mKsc1d};(XayW9_HCfo1oy(!zpa z{f;ETl@8yVz21|xJk!OFGAh128mB$ugWvM)4HU+~ca3on#r9Dc)i2zU{Rbq*U&G7y z5xpFNr^@-BmkriWQDOqVp_3xNL*1dz(rTz*4hauz>nO5(&?IL-lg1AX(Idsx|J4tjtUA zR_uZl)DkGqH+tp%F1bK_@2$Cqen9TQ=>>T#Fdvo-|PUCZvLC;;R2O#ww z3N!;h`1b^gbbn!f=&HpK{0K#EfWHFcf3$2o4vy;9MzCmuo3G~yLu1YuIStPD8M=cE z_`bgT8vlyQ==s;8z0Kr=VwxBLt@Ai2t+EBru{faR$GdB~i~c+`f-iWefOc@ksj`20 z-3s}PL7K#YOhNS*o~sjQ>KBWmaFn}pxFA;SiBjklsLQy+*!>3MbRXte_1ATZ&_&fN zhkk+jLiB|!*_oDEW9-i3ri?p<3)*@@c`#D?KH^2X2;3O^V4R;m7-sOMS1tFnWetvm zL)Kb|>Ie^U376doe|Odr9Bd*VV=d<*3WMi<9#mj4_9}PyygvPUWE^E`bGOW4aiw#HD~@_T-+XZ1=kCqRYFBg^Q)^ z0kg(F*u&HlEws9KgY~w4kz3jwL`P5({kN0VF3?ZA9#bZ;uesO7q}pB{jizf+&YS_Y zGn|80wO)CZ8!CpWqB|t8t2FzMwlssw*InYu_3uf?BuiEI&3`g?aHk8=EV-)A0`D#|Dxi z#VFW5^P}*kG6Kb}*sxi1n)ixFnQ$ zDGoVBFcNYB9?5tw{`CExI(q(Wj*3e-fUO8FKAJdwv!S9sVH^(_o`&HQ2uU^YzX~!f z^+RZg(qJbVgYaW47co6uP97|-7ecDgkrcDWUBDs1)w4XOlA(heqjKDSo{QlTXgt3Sbd$NS8E4xFot_i~nUNEKq zh1-Q&hUu|a2V=GqLH-YG z?QCr=jL}E&uMe?fg9e1ZS(g|F8)=b=G0HrwMz!%`N42Ebjm%R^>-4`-MQSD!Hi-`H zy5tRFkY{?C3Mw8<<(b)98b>cKB1%@No)L$Muf?khqlUk>bgZ-_z#`}^{Z)|sn=Kke zf$54jl_fZtL=66OB(&H`&aBg#jX2FEDDFcT`X^LHnj_ho_Z5}=XDbrIMCjc_&l-oe zU$4J$n%*~xer&Xq)oNn77yAJ(+<&VW=XN86e2c0#G3;%qaFHg?whs@Mq=hE!N~dvX zN{4aENf@=Fc9CklQbS2S{YC|)Ryh{5_*1Q<-H74^+kWZojUOhK=biC}bc`ccOwXubGn)OU7{q?*=saOlfs*+tz2wA>yIhPHz9eqV z{EJJF76Q^b>gupV5C1|c%3E#R+ArlWQEX^Ju~d_`zln4%{A;CCka?E^<{fvUTF=}P zJXXHbP^B`BFwyWf4bg19yP{r!d#%6RSi6Z==_G_x@$4<8V%win3v}OrzYw&ZaC&UE z-(?}HpZd|J<`GU*Z`j|dc;%%}Uy>T<@%40sXEf%v96aiMxjuze!9oLCuYS%D)%dC9 zjZ7X*+Yr^{8a#9P<4iAKs^IakRTY6mRKk;dhKUSGkVH+-@FK<9BGtwB=kOWISYW%} zUFmM)y&q%ju^*x5K#rlFA{NXIIXhNky-D_D#Y4) zMQis`^Z&5JfYj#C4y6%$ccDqFFwP6 zz!G@GWC4nn%E$K15|JqXw((<<`=BPtx&8JFjnw!}^`2AGN=fLg#xBA0zFN+rher31 z>>jwj(DG*{UazoW%1q=j+{^5aaZSKG5f$XB41JD87eS3znaHkq1}~7+zU7tNQZP{8 z#N3#@B^uy;-qP$JnIaKtNulAx=yt1ZShL+f-N0)W^CIU@ea|-pDj7nju&m+7rPT2; zTnMqy6Uf`uVJ1aO@D(0w$0z}`VC)NtiswgzNzDEWT;HGV%F?1sAo!)I?Uqkxd0@6L zqroP}N1*YfHJFO-UEm&F6Ct03CmmgwH~K+&>jM<;=eg!Q9YvLPHBh<_Fb^hoH<|4sw?8NyG1@E&G3?-SzI&YWej2RL#p24Qg8tN?vlTu|! z?O+lIC4fRpg1!N*H)l#PT1g(Q26c09zCxOwI|v`3oe%I8s)W9D;L5m$cwy<)+6|}q zX!nfHD!4hC1V~x=bU{tull~$G6oxRHG{w?#FjU!;-=OC8=pf9@kQ}xUj%IWrDZ&*# zT!uAC1EqDO>eN8pNI=01tf@Af-yRzI-}Ks>F=eyJrd}1vzj>vu$6^y?t&sFxolWia z4@I&4_;fqM}NZlVU>kgu|?3tGgtH_ zz+9;8V!Qn&#Td7iu!u`Sii)mcWx5yuX~D_PKsB*afh2>YFY%b7B_o8B)zBmKa(13? z^unI^CsBY2H6R&yp-Ty7f`4im4U<~cHL!(LO+2~7QD%8*hX|a=SjP`)Nbq7TG97vsT3ysHX zZd(#)n97G;-kS{m^!Tk9PhOe$P0@xgLu2kId*)PL>f6X!HA7{;@K>hTdt@Ag>qhO2 z3>-$iFB{R*E%}n;jK+VmACrkOOsu;$In~5gWTi1=s6{d7xqma)U3%#ulh=LVv9$|w zk-Y#BbD*9Rk`Df?*FFtHRSO;9L5`8}AQLQ2*q`}i=_GeI2gu9lHN|MhKtn6SpeZuA zs5a5M|E+;2Nf+6uRwg}4rMGmf$>xrgt3;>{ZzKUc(Cf7e!nLwrqap4qJ`@onLUaT+ ziv%-}$E}E1<$TE@s%L)npq1B=k?ai589c@c6LhE^0MUxLp6}%jB3w@CZi7zOnXva} zk?It`miwnKQWin>XK4iA)<7)g7% zX*>p!w40+l=Dq#cKf!#uexB5IuaY`@G-S&QEy9a@_=9SU0&l zIzn1juj#$|i~pD|^~6u8xsZ1?1twQMiS&L=Hivd4MugXRJe`h4s(3~2(d?j#k*K_Q zj+!1#!CT2AjsoX&3te&*vEtOXT3B=)gImT_CCRT5vQguwMe@Y1JvdN>BHmzi{=A^V zgw3l&E*}N57S2)?kF^D2-69h8-z{^%E(meX(nB|jC#fs;iRE27hzIzHSKp8j5tRyZ z9bqNK3jXG**M#gkP(dLC)Sv(Be|YP`u)Ko*sQR96`U(D>YF#aM4m;4}nM9k5!J+6$ z)A`4<&Hl04*{@?I%3gDi1R1skIbhi6Bd^#;1XelF&r>D~gHCs@kJCv1xc8iG!5XN1 z`=latV(f(9Vo7#(*|VLBKN>bFk^iJqSppt3G#`y%pZ)l zP`18Zg?((U_C)X!$#u~h2c)ngpSGk5QncJ{i?Zt5am;-hwEft5R&P}s83-DLQS3{0 zpM$=_wd;_r-1}CPORZeqXHaiL0@tB2}|zWcxP9XCRHQ=CN}R z!zk7he+-Z+j>i#aD(3in&mIR{n7cc%BISclMuTC$9Z*Bs!XR@IVaqSJPo(cR2&-09 zNazVQmmVOGxY7>2i6!JsUZec;S3dNdai2)EYquAgYq>#(5Ko7Xly={&3$KEko+ zuQ-UTW$uU_#(_hBdZD;5Xzye?D4%=>tbju2rMi4uPa}>9d2;{tmKJO}eiVQfeh-sv zUk$qvTmic8jFl7617)oGNFn5o9z{fzt)-op?zb1QtMK#Dz`7MrG?8l|+!#xD{x9|8 zJ>IriHid^+{)~|-d>-u!QKE)#EM)W% zN3TPv?0M?+XEFBmZmZuD50B<4q-1J?QgoELONTvlx*{jPPBN{~;raJ(3Q6Cec^_*vRWCoteuKwrz|E`Ktv=IDD(@TRBFl3_=1cvM59nn&I z(pvpg3gXs$j}okcOl0o738PndM>V6lFa#_ZBa!kJRg(8Gg`+!R%5P>?Jptq4J^Q(GF)&5a_Db1w42PdGNTT#;d<EMn~%9<=i+yk2TG#_pqI;0x>G}NZz zLutLmdmo;CXPa_fdn+(u;HovKPjA3|kL!8ehWbvK`F7pN_kY?t8=X_j{n*zg!A(ME z#&5e2blo>+JG*R{lkIsH>w%D_7*Fp6gn+m-Zb_wp51N$TuXvMrhsj{P>sF+v7}7;= zcK)Fv@h5(O+*qviy;VM^*Nq$EHAvwYq!2tlb&9RG#yc9!kBf>hm${>Hnqgk?83%kt zJOK};9=gU3SZA*?PJfXOYLpz2YaE66*mM&2NBRbm1`1t^PX*1B_0ajQYl! zWTCf#!f3Ph9UEXDM24{Ga|5S-+0%hik}QoKyD?-c0ZdK~<7VkmfzW`H%;`>+hwB63 zC3#|oH$vrN&pKEK({Ykysdg|oMFr#(ABdw%VN<_;`crD(0CP|@V9!$W7QD{d1AfPl zX)45r!U(sd*dv6vaOWm1#Z zoYKv265h+zqx(39LiKbuS$pshiJw?HP(|DYp8@TP|pPmg?wqX~#_~*um6TPaa!hZDw`B#r} zGxQyZevqrZm}`#OlR?UljX0-5B5d`2F1nSEgA{`0l~0@Oz@un(37wJ1pPCf9uPKjm zDRKZd^-pkUje|4uNNdut{z{{>F)HeM|5U~-M-(vnZAadsa%ak zbr;8U>xE2^Y_)E3|I@c{>zu;WH{&%H@j4B?;yJe=?L}iQ1&j+6l5^u9V%apK(Vt6b z0$&Ydi+-DMzu?c<8#^2KU1#YgjVL_SW%_XJ7+cix&ky%(0(cUX1)QwDlLlQYIK|Jy zi=_A}Lw)e^2UzLlWc%YeU#0wUiIIq15DsQ^I=Z7{VcSa~InMHTSkfP(ET0xVMvRWA zj>-bLq6sgPa7ocuq+*i(F1R`6kHdqU%ieE@0=uF&y}1DGavu=7CImhUgBBh`d4i*a zfDQ-6yS_UdqBM$0&v*B&b-^^QJ-`g8aAh@A&}xDS74rD}{&2H9S40R;Z0mCc2lOOX zQVc19^dL8Io6qO=g)2EYoPTimv@>bac;rqjx@%A1PV@K)iO9Jr=D7oyul!-1Au6=&>N0}4cJ%QMgz(FWIu zWFqLew~i-dS(p-aA+-^zGLc?7Y@|4Bt`qB9#gI$uDNXc}C|bOKF5j@1ymt5Sy}y;Y2xS0ZgJeeCh!jd~ z8B=*}WoflDWELaEIz+;AHmK!lP7*`hpD^q{3;s~x!Jx#Q#Ac=-_l0sC7za45Y=$0B zJyNqYk6`(UuJQd%vRPLMs=xOU-V9FKeLS^Y3`_+x?9W|MKbaU`p+5#Pmb-_BbNbI|A>ITkFimv3_gThHpY0ZU)zKdfaEZ6&cQ=PdUw#ICl%Sqm% zOzld$cTK4uUug6Ziw)nJksCO6lX1Hp>J))Knl7=RPK`fUzP=cUQG4C`7ce5sbF+}K zQzqQKpPp~+O~z6a-x6G}2Cn>EZQr&wuO=f4lZ_lRz;T?=eNP?ni~j!Lu6J}K--z{= za%T9><%qN*kSffwpSamUHrj`J*|*|vgZSuBXSg42{k%I0hA$-GsM9d#)Q{tDq8e~V za?+aPLnYe0oWK)?Oqo~Cro5lHKYTcZ8P9N}i&ewf+b2BP`@`@zfaumOkG$vw_yDgd z*VHi1&-ALGnO?|C{9lSWsTEAhUc+VdgU|u&0LAf^r3;q#JUR>ERtu${F?3_J-#^ww zDfl3J^|zRwvnLbe@E^JU3SjSj$@1t0iVhB?K(*P*#74=UAu~~~jpOhj zRj&gsWM14VI%YJOt5Iv0SwZlAc3-NaE<=xi`q2a#~L~mp^vaoCmkeZ zq{@)-VWMW=oOl|N0!k3%Epkj>eMgW_{U^P!>nkFzrNFa{Nm?Wx`wvtm=$HcIu|9#> zn0PT^CF&z2*#jPlVdp1#tJ+C#%S<)FHqv@;+(ggPy+eoI9!xT_$SK62f}1M!fHkB- z{9QV~zv*#17F~dzz-f8Zy&=kkf3qh~pqq3D3NH;e7!2&B3(^y?2@>eJqsz1)wgjT? zT2&-6@MjHN@uPh0NT;kE=+h?}L=USe5Z2$3`_8R@U2n+oxA3(4`+u6C7Z9Tq5=Xux zHJpN;$gaGU)+`c1o+lxrm;#XB=nZw-9_ur$-T7OBeY(y^Z<6TFWPn~2{Xf|BB7%)cD+8 zaa*m+AQ`P;r&taufqFTW|8HJ{t>XD7gK-{jn8WWyCqkV7p3LTDW zXFH1G8M9|lvIF1j>Yp7O-StnRmrxV>uD%Y-wc3iMmEhj{n)jIYm@1Tug*xEeegM&l zbIZ*C^p-w|;`vRb`)1>xT%R4BlY?ELl@CeIg~T`NRoPVrKE8k>5A4U*Hb<&P{v3p~ zSMn$u2->0U9$;=?_9Z@-$5U2wk76W{Oss|>D=`V2sNjTOPmTRQPJU!DC1qJ#og|3rzhq80YUY@vY6k0&(z^X{3dC9OJNwqwqF$Hmaw#%;}&| zAEcS?NsDTu8@|VC``Wr3L?IS#gGz571JJ;0mQcnYmWt#Z-c&^(A@BQ>2VNiMRVqe> z%)G&=o(}DVPwRidxC6~8TkSkcs6cQ%z^T+MQIhJF(X$ zLy@P)Wyb+Z;r_s1sKp`Ci3LKj-l-(M3#0W0=aN($iU0LPz_usR+%+2LB&fgwkACm` z^~dw*kHa*+56W&zJB>0l+^~NQK3E%(LW5}!yBFu zMp0|2>1iJ^Z>~#+qj<7Wt!WwRtE#%&cO<50a&dB#JgO-cIbQK^Ze zR>T!TpdF^wEUnsHQ1y5;S>d!vJzR4GVwlrZuG+b!XI8-2KVvt@R6ku+Z{3CBjweH{Q-nL}_B0Iw4<@vVY=Q8mShlH!*b8I`%mWmxLzZ4`hf)tG~U-^??#KAY!k9 zgl?tmci$(*0a9n0a8jS(4g2vNte;rt zmkX7}DVPkn*WzQLgAn+_k@}gPq>dKGE*Lf9`yPkOD3l^8%8w7vnYFhLl^BUPPGTb^&*>Ry2u>W#3u#m;PeW9Q?u8)-WZAGOOH|2f&e(@6 z={pI$|K2<*+tEX0e5R!4lsjPWwb^Y-*SM`<4>>d{9)O7=^It)=ZR0b)O~phWGIPrN zAa19U{r1Ds2cLA<`2SWSHAGall01LsC*kAOd5~xnS|VV*R+u005n^4VAbK@SD8gyJ zjvvC_obcN0*6Qg5N%6}df3+7o=juA)>=FCH5mBel_!5Q`RC&mc00m@gxv?>&NERW@ zM2>)guaCWxNDMBAwmd))(JC=(jNf@oBSX8M3&eS4i5#Izne>C+l>!^;uB^6ct+Y#j=BZRnBzHxTfYrpSkSn0y!=P|HHs~cGF?-Q zLUGdUelH9ImD@g;(wJ9)EOcMvFtJKD(kNw@BeO;x)Ed^@aXJBs@9b`{-#atv@a6Ip zitTEyLyUKEckrM|(A0a`)xx1Grr$!ZeVBB814?nlv8e9xb$7knbjys4e9N{47vt&l zR0x@%)c0t??~C%@RLV1}PjW1%@Vc(*KjTH>xJ8Ti4_+wgJwMp9 zkaCm!KPk023H}DM@D?Mvy*fr?%%pvwRXW>-MJ1kXUHhZ{?RsE>ybP_`>fA?yxZlh? z?{HsCeew}2P-fo6VbnnrI6cDWjQx_Z)=nt>xKQO1X2hs?1wukuQbo3GVJIqNs^GOV z?5NJzB(l6NU!aosP@*^AJ{lpY%j0|4291az;`1j{gtLBg><*L_74 zCX0%TJGa2-PZh>y-VH#dS`s+mT8r}(U~=P`Q4y=9MupcgF_sm(|5i6MQQmiir$Fi- zMsdrfL&@_lQ`p!R-j{?fFZrdu zCYws3!D zcsojNMM7H3kp$0q4B@Az&|XcCfxqP&ga4Lq{M!UUP3br8FGi1ksl>47r!$x$)j-=q zJwH)q$c^AOBo)MFve49qJ@qfWNQJ-kBJVXwJ|SLU4aWtf_ z=)M)yyJnakYoU7Hks(2{wMJ5%9iQiB+#rMU>ftw4ZPY6X~^+K5K z4pQ3U- z=gSr%<%w_pyiw8@Td*M9te5d&We}4Gc9x{FjF-B{W!3%teiHmfX&3Ub=0yMP`*kUa zyg`}usi2N28z&2fD&g7n_l%)rm7sM}P|Pg&9J;boY(v)WY7c&^b{G#jOVT&1wYS<$g*x%X&{^FDM$iYEU66-Vte#;`>(Cim zOWvNMc_8Nt9XmIjs%93<*EYUSn%ve{ag*E_P|QkEPBYm1zfDtJHLJsGp|+m24Lj7T z<2vg8(NM-t5H4_B>++ZWnZ+e=QUj^6)AEj!@_P0yK&j#nErIQF2n7pJfdnE5pGhEG z$cKLLpaEcl6A(9kK?@%hIVUWC4mvxRMPv&4L*OEMZXks0nlxD2?1c>6g8JW<0;ZycqKqA)dN7CmVVD0#-B!gL_D6KPs-xZp=w^tP1kWmyj zq_<9-bbI9HT>+yW#QH$-baNMaD6U7t1Rk4u0<2RCZMeWUNiT_nmq*125no@tG8Bkw z#zBmx0h%P!2#ev?O76;KaSwX2vr}&Gf?7;Tq5X*){#^%e`8}pZca~X-LE@#06e^T# z-%MZ}4JA#^&ZrQQD#Mb_C&7`%ljq1(NqQe0_-7jRRlkq1n+2k?zmf=RKc`*_O2PdT=*^qX#cQ zT5VJ@aalg*$d^U-UIQn;ja&DRVFhTML#8__J>qKb_a@M`M*+;1AJ+|HtFK$j>PG(j zi-+NU+t~}?!Zqg_6Cr+r#^5k8ffp9aVhQYJu!mdae*Qv0OG-x!5<%X=6no=lSZCX+ zOCj}aOAZH*+2iRzrRxCHR1T$brebn;@J*jkZo?vbpj^q`w9Fe0il7dvvziHOl;ROs zjWMZ$Ag9*`zn*_Y3L3Yg1QlWl&u2oM%m+J?VS6VT6&=NeiUSi`San;=Wwba%8 zXqas+heV&pF|!j^Z$J-lWzYH4zRTiLNTrNqWJ~wPOc?LGGy(0 z{AK_idDZWA7)%D^I#6>jk3#u}<=d+RVErilt!~(P1-)bsT;52hnDK8_uFx ze)g(z)*V60qOe&ef$=Sv6rvl&ufLKI^^$*^0qbYg%nF|I#D5}{xE=Zl#efs%`Hg)D z3ic9p5#RHGkzQZb+n{dacSd*hRR&-0D*Wn3A6*76DzoVI-Jah9?hD4JlPY6b+bjI9 zk#Fz7SV?r`NgY@Z1GA-a1FQOXQ&6HUAj6u+nbZOgGuy;*S2}%EKFmmTqam!p1bV84 zDm1nMRd0eLs%G?Hx;*e8QXlK6i`^q|zEZN(@Pcc$ZfU0vFaeb}?5Dx#0Xlwpwe1qA z{Jf3tb@Thh*%ak?g{5ck9Yx)#Rd7H_k--0Yza#I60DT@Rt(s5P|G2#A3+oMj@o{R9$Ff3C|AvkRJ&?!9VA3-fnj3>Y z$ss+D&9K@pN(Gf^Gnq{Z$`HMmzt_k{H)&IoVhJaw;CtoL6vEmKXXHCVrN9bW#KaFm zL4a&fxzwHVM3bs3K~dM@RxVWW(}JAw>{>_2a+uTnUY>X;N$I1L%@=1MkCjAw-wTxbAT z&sAe92viCdu*}GEJj(N~ob6v1%5%+lmrnuU~ zZNmGdUhS*X)4I5j=-B_k-g`$y^)+pxDmg148CoR?ND|4RB`Z;Kl#Jw@5omG_B2fWb zl0*rTgEYAjkRUloYLFz7p&PpUO#6GkZ_Rt}T6fLdd;gi4_5I1&;hf&PYE!$ao~Nk$ zL0PA#u-s$Ilk3A5G>A+*dRfo!-|;>k_k2%m0`^7_o*ro}p5U~@wWRT1y&djQs`tzz zNBxBsAAvnU70QU0)xzCTj)aWCpg2N#%4(As_!Bn>GrDn_rubN%aPb)&&<){3#49p& zFSkh$N@%;Vy`XYu4QXj*ak=J01Hc*N>RQkG8LaCFd{Kkvp2W0EHQ#gk`)h!X>qE^u z9c2z+vc&kr@_2&Vckb4G{E$`jB)#%skNDfSp)F#_z5?2XR3d^3imyB?zo1#+oWqDccDCBHJAI-cGjQ%S~X4(HjFbQRn z4M06}`54xQ?sH*W(TpJ@usm}N;dk9@{`kQ`m`D4T+b`AXPVMkp#i4io@JD0Rhclj< zT?l#|y%Z+V7hyin+rc z+Y`&|aZ7c>A-37QO_rOn4F3;@@=-mRrtt(`m=^uyj|Rgr))KqIZ={R4A5%9s59dEh zSANGH9dffdEG1S|6Go}Nq~NP*e0)WEH}x;b6$MPuyOG{cYWBeEn^yt3@A5nuYkV;;8EYKcKlwNpz! zS(-lam^iAkQV&^*5(~{dJO#pBEiW^qytTXpV)TFAvNoav{FtBgizkUi&deHe>A> zhifuxA*d_pA>;&O)CG)Qt_I$$2&Sm$^lpv2hr%ZPfytqewyhh9d{#RXg~%IC_gQA@ zMH=VbuaVpqt(1Dn=WicDirUMkB)h@*D5KOuZ8aO+gtrv+;uhkBW77M+@4?{*0a#}9 z2@hhtHpArwPB{tAP^-yL=H(r9So;Hl3$CmeS*`Vi0W)aW3EBtggp;CWLrWjckQ=My z*(UC7LC(PFJCXH-inMN;jI!=g6L9YjoOd+t8m;h%X0P z9o+*tFR@inz@rOG-R#ntkWx>-F6x=rV2d zQV@MI>Q~)OEt^NWFt(PAZv8}muqgI)5vYOvQfsZdWDLO?^(Ih+u}6i_ZD?bY4#1~q zbs;0HP7?-P3d}VF1|v8`k7ekwa;wb?%fLUokUpCv;BME|hPni0X|ft{to4GP`u!wSbY?JC%4`7 z=f=Q?DJ9PEQLN&QI^GW9LyE>?NvtqK>G}u?{w?d;k_}P^$qcxoK`EALdWwu<*9fwk zcmrRR!8+rsWpG$RPR@yF*e!8R$@3PE)vo0!senJ#vI1!^*!uoBTp}G8xe{V{yoniYWH zSCOw9Y}yq2$02_tgULLbRfq@(y><&^1*f0wjR z89qDVIrSasI5VDx+^y6*rU);ChENBe$$?DWVKmpr*j@3tE1ASaH5w@@%)Uk7QN;C{ zz4>Nf4*`92-r;Kox?F9xMjX*FvrsEAfHdqWFsDboWyd#$^{9BdLvPkGb?H21-uEhF zDAND)d#YodnYwjI%yb?c;U!H|5S&?Sb~PI$M+_1T&wYCrmcaO#Z=l)fVh^!8>}6^im*TpPVBZnb~R|9Kg4I_fjOYC z(!53(!}@j7i)}DwrSYTNNgq{@uen{wzFR=_-|}Y(kV)YC+)Ik>jdn`fH?o%tpx_Pe z8oTRVl=xMmypYY%Q^(N2*AiDqtsjQV*QbY=@$PdOwgTjh_;TF( z>(k$;`o6(I6e-6kZ&v8fVwCr0iuWc}gMd5~Lc`)kfgJxu|K_(N9KUeyg7Kd|s?{iY z%#kMjqpuHeBoIlV?1xK-7-+y?MQ0636Aqf*f@6MEHFN_HB#24Y6=KS1fc*rQX8imZR1&Hb?Yjej7W z>Nv$g-up3^tIW;(Rn9;jK0;BxreK;F8kVYg{kt3nyashT!sRATJuFHNe$_U525U|d7sJyQsoL9_%;CYtXT~~c_XG2pVqDd3h z|C;Ro#hP(R`3=)LE;d%&o9=##+X#cw%6k>M6_F{4^550Se%+I*vb~#E8CjxMN-D;S z+b{mysGaIm1J_E@x4c=r^W_ZF)s0q^MGaDh^%cC&D)lR^ifvvr{D_o{AKNn?_*8k1 z;76G@XlE4$R$LtCmdfUEgDIc-S*BUTO ztZz8hgX!sct*v2@0eV$Jy)>_T*}DyWmFkMJd-cp8lEz&9KTeiD2F!2zu3O>Ylc zCV3F$D^t~tV5Sr;Oyh$$o5Xw6_-cn!<}UOK6p79TEaNPP*Lxh>w517XucXmCwuQFa z8Ix*Mfm_y?773>Y_!vL#!XT#{%9^Yb;ONso8M0%}$cE!~q*{RpYN0#viJINX(hv`( zT2_5!VNR3P1I=}8T92j&T7sd6>y60cl4PPOF}9y086TMmhZ zEi<&E1hVlqaq{MqG)uhy`r#b=zpLM0SfSe`KJ;7buw6>>IWkv9Qc z{WB4wa~8~lKmDPZ{KsIIUym4qP*3xp1Tu=P7V(5-yGUcrnG6~=i&H$Q9i-0b7=$*Q z9hZIiNMd~+s4|Sh-Vd$!ygrP@Y!HkAtVa}|POm8kW5#yNJ>w(?w@K2R#A@8UfUg1F z_wrw$4m%Ey>i2rj;rX7_=%a%GA#`E{t$RL$%Z<6^WEvmNxpsa4B71a^bVl3qhGvIu)*R7_mLt~G~ z)Tta(D}P#v$H%X%nVF)e;*?-%KvE)A_d|DDX+gq1v$BDj_uqP(ZWtN-`(%67(WL*@ zI~!?`^>33^Nb&t|{pzApk5##eTBwXCTfl*Y<6N`i5M4dm>h4IP&UUkRl{ z<%=Rg3Ps^%^aPhL-YJDL#cQ+eqB9skrW^CUF}*#As5vZs0gym+w}8MkF*;&)d9TcT$j_tJkrT(u^y;q@AR)G2KGtvZhCt2P1_2#MU!_~COj zhkf}mln6Zla{<<{p;q&6)H$=Gf8nKJTO-$io{I6O7#KRs_IW(~lSX7}9Oyw@Y$6_& zByIb}&P!43;o9ap*nc4vbBJt#A^QGAoFy~2Ji%fFWr&vKl3#)*u3qfSA|A=y3Vy+| zkwy)=&sQQbgBS-si@%KX$erjf=ue8=EglsEiG>k9z8CHA+N8-ABLg!#;6)R3rKo(t_4A%tTna~bL#yQh5KSHXmH>vY~4&*&|5aM zR{GCXz^S0$3=0q%u*9|!dP*Uq`wbZT`MO8mE$zi+c>$iF%;h6oMGQgnhZyiD?$}fx zD4r>I%4qLbcL-<+I9Lxm5j@ zhsBC@iJxP}LLiW~cD zEAe$%jh%R$i(K;`tIe2@-2J!S{Kr+i|2CPfpP>T5zx7r}SE~KnWcmeJ|HD`F2-T!p z6VN`*Y!+%qP~?2km@Il0`!3UYfbQ~@{a^|4v%UL%7vt$;$1VCpDDIz}2eQ08elLgX z|29(NFF1~11TVp(F)~7Eh3;uR)NVQ!p-_7SRx7 zQ$|y$?toTymjiMa-|w@$uhV-u1|fNNj)hoN843}=0BtXpfP*H9^hxq0M|6k=yNBT` zjl>&#+G2~9*V^h;CHiXg|9y6>F}5sJilT-olvCTaCWQ*Uh+twoy8&fm@peH)@XKz} z#>gD0eE0+Qw0(C?aY8OHJKQWJ&WlS{nF*J9PcqlmcSmTqki?u1>-av~btdUe<{=3OjT9KDW^!uACnA&6-hJ&;N{J*SzqjAv8_Y&)t z6X&h|zSI6s3$%A*Jfs_Ynpo-j$8|#SS<@u&R{~EB*ra9$#Z7D4cHLcoR+pN{q_N!u z`-)CiGchO1f{x2*0y^^>?j6U346-5dC{Pf;oE6-U=7|ad{xZcwCjS+-W8IA88nHwY zBA~Vb!OT}7<;7SvzAEqaC~9|g_XrFEi4i#`4govy&3%@ameUYoxE7?X7W-{X>TG8m z=qEuAj?^Ou$>InC{I;Lcqc?xxg1CuLwCU|np(pnTOGUfh9Wl)c5v`u}SYmC>(WtU7 z=6qX3C%%6=0Xh1!SQixv2iP_1GM(0L5FINeyvX$W9DR+>6ZPQ&C50>|RIT|v-8p!d z<&}=2S_K5p{>-p`(h6pv3jY#8MUF56%^gb+mTUVCXiKF#EHbTK(XrRG-TVdhxS7o( z9=L&5`WPrF@oxs7-7sIq3JXk8tdcGOYhu-9EhfW@f_^c%_q^x3vFrKk$CLGIs6%l( z{I2tQJREZuIl5#f#`C)Ydz+R!k=AYK87utzIxZC4-Sw3KM9g6)vf`VLqgL_hZU_*|qy_@*h z6MHnop7wM<%1m)Cqr+R;mwrqlZh8#H^o}?3p_?#v7{@02fbo@XN{`?%6p;5|iH1&RJK~#o5$jokh-+Z{X-}UTMX(-pCkg`RLXg$g(MpoE7&pWM_r8= zv2^)nT7uCr&<5K4HH3!dQDBbK>_vEcpnvS3e5 z0@v{XBnk9$i{l&Qq5suF9Z0TwaLD`h_L@WZ#cC*b;C0HJ37h|n#C)}m?S=L+jC|F! z&3kj}7w{n=t?zBCz_X?cXiA1i%THgtnX!HA<>T-(<=$&#TJJcBqT7$Z9JBPNPQ=`I z;lT#H(&oIKkP(F1tG3dr7NTxWltD3x4(l2fccBKBRdil7KZ{9aT=t!3(I_2{Com*XKo-Z*3o z$On8`$;}v`CMqA`^Nt4k3XIu~&tCAW&@L%-u1gi z3iGro>6Tm>IKTL>N&fF^QaRBTdL<9ThN8mG`^UHy9D>>V+)O_ha4{g>Y*jy)snx|f zX=!;fay5mx2y&h!>ciA1DsSkOXxNDL-Zy-GRN}JO{Ui~ zo*~3?FO#}^kQLCevit~wU)}iTtHnzstZ(3P9Xqw>)~Zi){x}$4OHvwpZ{Puu!pQEh ztt_KhciHiX7&?pjJ?SzB@z$-_{ds`brTV7$%5gY8ei{jI9PwN!f?f&iI9{M5=q61F z-uAVNqd^%H|3-ixb*9T7c+}&#_rBc=KE1iWsrFq~L|1E3+lyJ!_x9jc?;4c!=AgZ% z1#z&wIZ@PxH^tzVSu$BDSMnm{sPJHo15NuD3@nEEKd*}fMg*|j=8}kO`#GSmAW6$xLM#zDR$VXY?~iN6 zy#DhQGCmH^*?iLkTQ*Tq(p3i_Z*J=T2)kN&|4vYfS4&-B}ud6{B)_w zE%Z1B2#~>sMtInn%U&?G?(~wOB7CoHr4eOW7i-7iAW`oy8dW~MiTJcM+Mw><+H>|S zcq=mXrkqfduu=z^F1R`UeGR>c!}rKn6m!{EFBX7A9rW)YTl6ak=Bo9LkfD+vh8l~@ zU}HjVGoA%;Ew}1!>>ZVr3$Xfgy0$y9ORDIcZvEb`g+(9at!=CYTI@Q+Oskm+Mckj) zatC9tz6zK~$oUmoV1k9PVUq+5^c&!IHbf4R*crhDV*c-IobUXbH2DhwQ3Zf)M zn&wbth!RCvvbm3~=Y#tT5Jj1>JGLG+T?~-7X_DxtA>FcBp|(09>NZcFthU=bp@}YG z_$uad;Y(8?RoR}qb(43oPO@?07OyE*Z5Hm()wBp*eI~OEjq!47_j0-}z2&QM@G)iS z2@zdI%fn=t`bIBTDt(hyv-3fVty0Lyfq%GMl*%)-m!&IM@KwZJlh60F^}Dx0U+;Uz z=e@CFu>Ez!3_5dqBqbx~&mjj4T1ZmQO?00>pGf-v+%cN88>EZRe~oRCwGs@(ww2ZY zkn{|hn>uPR_~O{n3>m9lIO?}e+gRiWZMzvc6t`iGx3!k0+up51=WbejS6%>kf-urF(08$1Uqc z#}xJ0#Y-UQJMiV=G`^3!=@lT@c|?9D_mvra^s{B6#LKqz&((h6fEd5ksDY6+ABP@N zpWY^V(9V{;W%&!=Gn@5j6l)sr9#Zf3{B)|BP>(u80ivaz^ZdTMqYY(1R~nrZ9o4B>QS2e{WYqe7vYCYI8 zrAbd2`|T}~469B^PVnA!;sP3#al2(LavtAt!jlH)kf*yCP}TBq5_)TJ7mIhB@TK?7 zWEL@r@EcqjC@KMCtWou2Hvs7ZUt465y#dp|i^bOBMIGmyrsTN|z~OhJf9ZS^E{;_I zCzG-E#xlFzDjxiq7~%?WgTiifxUG_Z_xWg>qjw~t2B*&CHVD4l8OBy@jFnw<5B#|9 zZ4nU?AU?wGF7wx)>9TC6h`ZQr`&lf3U5`qI&c3M6&vE5>L?r31J{3UaCLVD2b#AUI zUarRNzhsGNibf)Y^%~5Y+~Pb&CQP|n(`gpxx$e4P3ts%(60z#|`n9dG0eB7*CD_ym9*cE)(bpvjc(m2!x#c|F73W$V9iV1LX8F+(iEuqG1BtB$6gUF~(_a@S7}SH2bo zo&Nd@Z$F6#c$|HfSjLQPTkCQpw9oPb6=U*nB7A@o;S7u|e#jGVv~ZOV_PG|a-&0m? z{y&=fBm}q6rzmdA>@QYa5ejbS>qc+bJhC!{l%I@n#(W(<%`!-AdZqEmK&io8cfLvn zNEI=;*sPZKBz`s2PglHuJn`R+;Wp&!xlg^vTcU-6mw%xtpPWHd*+{gA3^D zRc@$d6{j4Nyfilk(cAy=SMm5rG=3Jqg|QwZzq5(TX{eqWy2oFwK-rZ+{_O8P(~m~J>-yGyC(oSvU}+1^=DVYCNSO34G)C>XU7wp zm_fx}({=w*2tHC1_LL^{<^NrJS+X%_J zZ?EzcGkz^~|E<0PG0B&UiHT9XzJ3`(X)bD$D+5*byR`Tkgd>ZMI7X}uv7>HtNorI? zqLw_^s2uWxsloY0!7a{hvS*B*1h9o3d(W7&B@d=FGKs0pTTW-4H$bN~uYZqF@C^cT z=In*iHCa!0wz4hnxI=|ZJR4PkfS+MxXEKan^%w*9I5L>!JVdCa*x^#ZbMCYFW5*WR zOKZ@owYhr-iZB{3#(HSI-lag;Lk{JMXLdtD%@X*8bOoY8qmi$&)!>eANzvasC z@}ADbQ=iMewj_RywgtP=b-jytJTrd&Lb<6=x|_2HPcD zQ+7<)0-L$-hKs_EZCrdwt1IsNB=u@6pFnj@N<{D|kK;y4UQ4)q-%$#o>l-UiZF2Vk ztdT3&_BJ0pc5B-kO9HD=ud#Jwv*VwX7wEvpXBX1cd64+kwRPvQ_r7% z5^c}?5RlIUb~aca@B#Nd-=^`gQ+P73;aSaQdTCFNqy+ ztT(5YsXYlvF7d``TJby!VAE(UK=Q#TNKQpp5~m0{zd>NE1j$%m0E44#AA6a|4*|PD zCYtq8gQ*N1H?>kn-UKcF;}hnZ$An^o^iR9qf3R}a<5kvs?(6&wyBokSpfJdUz>5tL zmF=1Sq@Vcd?auUD1QY>19Y4Qqn{v!bh;j~&tkA5W)#RM4;Jkz_1Kxm-Y`?K>NSyrt zWip&I8rNt}B|OWpYW=466L;=nrrM-Fb%CijaJ_W}3KiH1M*kjOaDaY?CQBmB(OuXp z<_(h`k#6m7;l-g7R5$q27#t^88kH8=Cob=M5GjeYDxeejbgHO*zf=N~BEej!viXZRE6lMuC?L4Lznde7O_Q+$Bggf$t-eWl zo*fq)@n_L&l@AelolamK>OwkZfoJFzsZCF`Xqak#vXy`m5D z)|}tRXOqpCF-X)Wq~t^A{huvA$$>D^xtF;qoXB|v^l_)_WGfFjV+u^J%tt>SfF0B5 ztFkVVo>K#H9|GCHy9OZ6;M-uL@$czJx3%Ucyja5YiFW2InAv#*w2Q&LtWjR+q7p*+ z_o<#>r^PDcw1W~LQblb|km;iyp&P5u?r?PXX@A8h6Z|5So!5e_0zk)lnznHAICViu zP!;vKZy?|2PNvSwKTEohAs9`^dH8|-xSyo2){7yxhE*)YO zpWD6s@NeL3S?s*_7?cVj!g@+KendMSOI(lHdjx_)-C^$%I-aPlI{_3DarOZX-B znsT2?68%h~e#t51!#CUoQ|b^Ja&iZaAk#rwqYc(KLUKPF~_}9Ny1%yXr613 zmfh%}WB*OjRQZ`mTHEXgzTG4j{qd1MLq3Xc3sAZact0nYtU%~0UDW0{QtD9WvjF*! z`Q0NB29tdaWmeh<=T_Sn9}M*DEsOu_`;BvN?ak&OB1K*0z@akOU;9*)1gNX3D2_?H zkG?kYhe`Ny$~f2X;ri9}R*vOq-`9pQDZJSpl4Ozbj(G0JJH5~6v`nbNrAV4%L5YJj zhsuLR&nvhnYm0mAbre;W-P^FH=J74k0{r1=kL^=$HbtzHq}(VmC!cc)dS4w}6C1#{ zenlg`DxHoQ>-Atx>2Rh!lLTBFop898xb|&}5T5GBy~>G(eUc*~xsq*vNdQAg75BOM z=Z6tLiQiTsFEl-PM%Rf}#D7Ln`Rp!y77Le!U%V+lFjTYeU<;s?@daS5Y|f-nZ(I|h z6wb3Y(qX6e-`3uTC9%DYFu=8p3+<(~l?#GQP6iXMwzd<}-(^4_hl*J;CO~acc3zd~oPRQ;)Vfw}fh6o(3YO>;8-CZ??Wc~eX825_03CeG z)sJ>rs=;HKYmx?OnP4GF9+ZAP-`Emk2BDNu-d?mdwqKCCjmE9UjhL1c7$w+fHYF{a zZ7uEVmWA=_pXcibEh~{p;|By8+_Lcp@NZ4H;ITB9Mg#$!=^IQ2X4&HBdIh%-h=EzgGQ9C39Kj9a|X%x>T2UZxd5c!A`!lXt{np^NFJel@}71|={@6} zd6Sj32_#s~o;sP~@x+NG0=5!syxO|-(f#FbVr!o`_Iib{Y2fFJVNl4aH@4zIO;W)N zcXZ?N_UAdv7`8IsSQ81xK;(K{&u&=(B@PA6v+PY4xQy3^fSC<=dbx9lZ%w-zp9KCztc|2Z7Vl4 zDPJ|aWA|U5_`ljJCTIb_`0|HZNrEqWafrv+7!hEBXciuqeMK*3jZ7ee-MkOO&k+?m zy3fhVE{m_I(ArI^O2w95tm)P}9bx9t&K3-v&2sKv%~pSn>=DCjjnAqys+H5KbGI0iBRm|U+3y35as&3Q zxuVv@N@OWidk|ss7#Hn8AdYqBPHM3qS>43Ib^*bhh3JE6yw)%UL5cE%bzGRd2{JqS z&XcbBR4c?s!B(EKeBeyN7$exV`J+ywn|>qpu*UL0)P45W_Y z3UIWE9V2S%06s{27L^wx9XM*3dtKfyYY@>ti5_g&!UfPox}v5!{QI??e+p9Gme*Xk zyk{OzME@E5_7^VELo?QPkxl7gwcZ#wbmg~tvgG|XOe>g`esyL0M*n)xS7fh`=aVi; zMI6Lp=U>nX23c3ADs?|^E_}g~d_eE?i42{d!Z|9j)7HyKg zPzq~MNv)t<_WbVH`Y}MTapF^{Qu}(%wRO|XtP1p$4i`G!jW1Dif(^nJQ9v7FT-pOh zDck;mcok8$m+A`P$oJoKn!qvZwPG%oKHL9LfaNp~%ele&EjM_#hi&n2XVTMuJChb* zDzYlQs!6CPcK<7#U!8otG>qO6WtEMmpU#8lMmtE6H;f16#V0fP^rPRs@He;5!5~Tt z`f?E3ElHhi=G3zX1^n9}!YD-gKe&MH=s&gv57S^VxzFs-a(|%!+?J5t$8Qh8Cm7W( zV8bP<15W#Q%qql2NP_LuA3#xr&Hft9^L$XON)_f)co~C1(&&Y(DnOkd#8&o7@zCsE z#7LkTX|xpIyfcp_YB@`I*t5PeeEWlnNTYRxU>BNYk*$tCY;l`at|_c#fzC`pB*f|~ zNlioD)q9tXCDM`627q7On6;`XN5 z>PAvXQM`>j)T#Y!!)JlsDBL5`^Xa5vGb@Bz>nTeRxs44P90JIO>Dg@HUG~HUhE!F5 zA+32=kN5k_wFRyeZJrq#xE@;)a-Ap@TJP#u|59kw%Z0ok(w3oJ)b_ZU%q-GADhpb4 zcBvs?7xsr>_NnOrCr~JHhx;79OQkK%i?2rqv9gz+TBA=bys?mel7g1iqE?NlyN2DZ z)$L4Ir9Kg_NpHIiiHsChL_u}iiRgd1r?pGT$oni|(uSf9ZhYql95)<(L{ast9h;{z zLZm++Vp*sTfvg3z_xTy63^GbOlXnLr zaapphJ7NRoOG@bcg@(0m*??Ga%hxHZ(LB-sq|YZvOiOpVLNUYmhOG)^47T;5v{4Lb z?_-Ol7Wf)kH-{xEHsLaC1VWFu99q|2YX{=b-Fhb+D)qbm5IeEIoK(RiM>h<-Yj~wF zMKLD^a2Esa6~X$>rwP?~N;j%rWi6*wZU8oY19q z7oF6Q3)ml*C2+bygn^ZT7Ei5x?^_|#7`~l}bz_OG%#1=DLxbmBK|oyon^!ppr5N9< zhh;pGt=1vBhP0glVuW9kx2QwQqp5O{duA7Dg};urklW}HOqwdGcsB9=#n^=zBV?JG zF(yJl()de|GK2Tm;lz&h`QL-l&iSreq#6YMd|x1J-l5MPg-BxkCBGmUGEUPJ*Eg(# z^sIRAS>SZ%4OZOkh6xT4w4ofPTnElkG#tI^2g{qrzCqGJzggdVXkxn#N|3rW}8d z^GE&~Y-fJbO#laOHM|;&r2+?1fx^KzsStRZ*N6Q?^JjVi%d;;%@X(K@UK(pHg2_M+ zz`|QPfwxv`0)MS)Z z$jKgSdr8-Qx1Ojxx2{`@Bzu1S69p1E@!kno4+?Bt@7!1yb?*{o@tXFMcs_As4`KGW z;pj8{`@kUFOV;dqF*tBvz!CF9U+nI|dl&b1nvp5RoxS6-z=AlaelTh)=c8F#gLQ_c z(-$s|J8`6ZRri4_iwWi$M$!DV47NBbHeteM*Y>7<7AiY;EJO_}i>!U^iAfYVV%56m z+Pd&ch#D+t?;w&7sXUxapz0w}Z5fE4G*KpqI6{jr`|3G{&g;}6R{b*qi{BmTd(0uy z=pOxA73TJj@rSbrZV{U(UROA;=1e*i<=tkgI(PQyBVDva{c3h*}$tF=3QvkP;jzB9eWvGb#X zrn=)#u;*du<;G+Taw_8SzTJ;3x4XA%i9>s;s#E8+i_D1ZX1^KM{3CkTWo+MV+c-ZA z3c{hbitBZm!d%pF2SHP<$d5Ehchb(wo)b&gQh&(#vVB0RvC}$bl3J^$dZ@8Xb40Z^-G`IF z_1ZWtTfADB)SvW~@+Vn0Q#qVn&&Ol61plYIPMw|*-{S+PsS})OZ~pw|lH6?J7KKZ4 zWWj$-pN6yU)kxM8j>jBROu(~c%;yk2Y!!5R2Qy4}rb|N0uMGAl#7#i>tQ#dAY# zZ*Mh+Rx6G$&oU556Er-S`XI&+!kPJ5v~>rztfnh(Oy;h#v3`Fb-;(S?f$9d>WM^)~j#^mz2$dgLUeQkm1xW z#bBL;wNy68)4t%46Sc6-TBF8~qcXfEyTj_`i_U2jjXEn zD_wrTw;N`SIHDtmv8y|TX9LV>f+Co+DQ&ANx}{!WxL-uf{$%egu!Mx2&N2(R z9^F75E_rNh_cQgTcKjyH6LY?GI?2p#u<;K-Wq$isE9olTM;aqn;6c(fyfq|>E6gEW zOAu;V=ws!VJaXQ$3a_`btvfZPH8&Zm;KfRg{JIaU^bsu-NH<2|n4!qW+UlqT27gkg zAs{&r5CnZk=E=H+W23!DSVM&=7Dw}=)ata%fTT^U^2+#ZwT&w(*#w>)?3}b3ya3{9 z?0-tL;?Z~&9@2C`DL*d_GxO%#5d)>ytE2D0IE-dzq=!5|!N?;R%Pau<4g)E18r#!{-w=F`Z4?)nR=D+ z&jvOQ2APW;|E0~@7ikE`r>zEnfqN@ctpsiHXvMu#I5FT~ zr;8+(I?hrA2z=0|l_b3W6nRUaY(Qghr-zr$NhYd`;?|nCsl-HPW~TfNjQ$OAen!TM z*$YDA_qrxo5uf@cC#7z`!T1P0@y3O&D52Z;4R|+fZcdpOc~_D@;gkfP$k6HOZ(`w- zbrTH5@}!OBf>{QPj%wamr@$wTI7i-Jv-t!Wb*HYdhk=#j7XO~Qy#e8S>TRWcrKe+H z%2*YF5AiGj$1S>h-&sqra#;tYq)#|uYS{1He)R4zjF<#!)4lG8T2(LjnlhY1Y|;3H zrM4yiPoTN4W8*fwdOFp!dVN8}?73=SyM~@^=_5HAu~OPhp|vhbEK5ODWUi1Nb)jzh z^f9mv{8{pd{qR#N<|2l$i1z&E5Wt!bI3LWt!c3k5my1{&{GS;c;lc8`Yj97 zYzTW$;xroX9Gw}QcQQ#Q*~DY79<#vXjrKwJDXaU$mcNSE_0W@Bd{8D<>RKTrtvm+H zhe!gA9Sk#UMbqS|3C%;2A`Snv{K5ICwy;LO#ZXsqcM4(S%g=N~RYVJM+vZhGT%?D7 zKDcUvJiy|Br%V?M4j|*3^wV;%L#uh*C0)pG^JeE@e3_6j{fS_-8r$YxNt7MeJ3BHO z5c-8#Ba@*(sxv{OPHVR^9oI*+Po<{)-&A$s-7wo zXh0{nuKANWCIaHCMI?{f$ZPg{mO#arCu^BFQtqP$*_M?+*05L?jvBrbx!%nJA{n1i z!4C9E=j|X|i12Cgpr%ztX%5NuySv*M{yryw1skG0?*AMj2;Pm^zhDGe|rp9zGsFE(0s6wb)SKwdd3S&!?!IQ^9SV z!R+)=aY7J zpO~H7%H3q1&a$6O)sA-hdFy20oH|?F`)uhL96Bg|v?6`j-O~CjSk|1|R@r>IBMfsj z9S&B$M*Ysr2NlTH7azVhc#N>l!&T+B&wfeB7JPKy{F-2H{g|1{p$izfgrKnF0_|M^Lu&_` zPjX)`Ok~BXr9`l2T(5#~>9-zs6HdQqetXBd@2I`neZ+1)OT158DEIZ<8z_4^8IH`H zo$J-j0*vj`GkSIw#J^my3!ZvCtv8j7%kI@BYB;G@{tY+K)7-a&RKNCwzZpxf1?STH zkLTCIVDskz!_(h{f`;vOrYqFD0J1sGuQFR$`Ul}RQ9PG0JudACJTun#nEmc1L`}>q z%{-w)#J7TXc$ys{7=V8n=)As=p0LTItDF8Z(#wg7>sHBgO?8M>c^TrWj;Qq~XMt?5 zxe%WXeGoK^CXN!x2v1tQhR?2JzT`XAXmLF?mKS@Jc6SJm<2a`LsElVO7qk7ZyBHw> z6XmZ^^t+31adrD*Db_(Dd^4VZ^LQ%BEI0E!ViC+lSt_~c%d%fa3|+z# z)`|paV6Nf^U|_;gUzh%=bwT6=@8i;!W4OR1HW!hmVdvQEQ#m4FAo;DH(n8vBUw6;> zxq+5bHAn%UT(?R9v8UtOSPB$6~oU{{f-vvO>=aO)GNK;+Ol@~SI?GC z&%CY7-!vwwWv%+pA2QDu)s`(9`|d$J_9|Gzim7JgJlFbE^s)!xL@Dj_fV?~ zP~?zzDsVmC*`=FFVb+$oO=A~K{49g&(fiaJyMr0bC8P|de35GD56AE5P!pa?=R)vP*&;C2A-Bq<+gzR1qigk)r z?(9fbs{hiCk;;3o^uNMJBQUJ)7WYF)+LZ>3XQhkl2ZvHPB8$0jW{wShNJ->pr2)Es z9vd$gbHP{PMGTl9JNkUx!46Mmb6Ftdp2uPQDrJwaB(a>6JUUz0v^#69t!oS}8vp#e zJ67!=rD7^&cdfgf5DL%awK?*@KJjkI5O0(sT^-}fJR>|*!(sKC*K z$cs_xBteo;LW-!^Ja++jTv>8jgOHcJ)PmiENa6Lf6Nl0x^l2WQ;~MN$&@DVabLQ-l z;BP8f@G{?ZBsmlNkgANO4#p%B7 zBDK(Ny6W0dA7u=^W$-(Ctb5}CoecG^gktEo(?TCfUEFW+y7})PZ@z|ShI_b$w8fVY z5Rky-OPx~n^3!o_vscI|yCj z&u%JK>+_6MsbS2=h>(a{?Q9%AS0GYvt;Yuo5hOkGm zwfpb+-qN!3t*=f@PHWq~i(_A$>jK`1xiMkYf_#i!>jw%~*VZRIMM5Ux@LcnwyL}?d zR4qQdA=+!aC%zjnw{+x&HacmlDVsH4;#NlNy2T|jsY)fTTt(AKv_Oys^+k75t;qpE zp%hz{>&?|gI4&VEE!nHpb?XPw7e-JoFe(Gd60h_);`dAvm9ih9sacZe{b8;}Xnz$j>pj^X4R@ zJWGY^?-qPRr1?W9L~@MQn zQ|;R*c&VWXNJm> zGz-`w(T=sY*G{$tNwn{sa8|z>Bh25c3Y+b71crSF7 z)R#1^qw$Zq_e#Y?(EH6o9h)fn!-21#atalEnR;Q4Rin~C;0Sh;OJtPV6357s?Er)$ zJm`9pby9d1^bhmR?UlYiRFsZ{*5h^;zJr$WmV9 zI%~2Pps|~EUceD8*3Wk}Mj||Hdm^G=07~$|fsNwaVKj&}f0ZCyg-9l>WqI^PYmDI5K<6V0-sDU7P-ziqtTa$G6!r-GMd$5CfKfbj z8O{yz{MExs2N?Gu#2ZR$i(bIS3c7hTrE&7g^w z-&*wXaZ_>vRnMI46#l?f&9O7e5D7BzQ_G%h1~zBC}j{|(S}(myV|8gQxZ)A$}d z^rl58qEB1Y1#7SrMG^VGe$$_q;ZTokf3o&RPg)-`73=`!#l5$8jfHLCZR%W&h&CKC z>EiZWVvh9^126z{(8nj(4i>e+jf2V4cE$dn%Mg2|q)b63Y2i;YP9s4@sV2cPt}ieg zdC}QnwtQ#&U8t;g&P+2QE(c{fH**Oyyy2nSojxyGq?&>>K*FN=QIC?&U=3>?uMMjN zCUS3!v|UE!TV8jr&xr^<^}~Y{v>EEq+!yF_*1ccywxRg zo3OkO9nr452NyO^E1pMZ^57XwQ+8Y(zK-cfr(PiDbuI#RcYgsFeujS$17t>n4Wh+6PoZ1vkNr2tpMuU%&ir@nbi=9`_B1G8xl=TUvyy(;Kt z$#pwcm1xvl^>FcfsHhwXu2tVjSi{M;Xw=ed<*l|f+NTb=vEURI0gYP&Hw&~O>4!+j zA|!;1Y;vh}?I$>k4k4E#Dv*~5;}*$~a5VPY&8ZCE)O+>Ym1#R9b02ne36AxX$X71H zwgmu!vCN-J3FRx+tT$MkJj5K2lWJ+~<_zt)+Gf9#-j3hv+LV2KGCk8%Z=m;v_-WaHWe41qGBn&qzFEN*#v zS88q(liL3+?iA{RS$=mNw#|vhR+HiM(q%QeqWZZ(MMvx7O2zhD&3P*?_;wp@TU)kD ztWJko+kDnh?j){T$k?hV4{1P31pK8Fc<6+BOSFGFpYM{|4W&=&*|^HZJv^B*Hz;ym z+ZK$wA=lW)(BEzwtFo2!$xFQr;8O(a zn_?AHa+8{Q9AoG#`NjtX7Z?2E5~%lrv|CB}3cnm+V36|>k~{C=aG6LewkY2CX+7UN z1!sL43Ep@&U)*|lbdw)T;x>!<&$Nm7bldSQ0$s6Al$v67dK^tW82Aai9)e}}-0`Br zvRz+qIE@qASHHcbRP7pn|Hh9+qqIkqfdN+hv_05>X}h(=G%h9UN|Gvqtj&XUeVs~X zpl``wgi}~Ev=5hdgBh3yj!@lrv7Q8565t?+S?-H%g79rhUQ+$EyT5%gbvioJZdd~@ zZCcF)y>~iKbJ`pfhtM{;ITh=eVvTIx49-HT+^-5@Gr`$MLrRJk7toDGM*9+Sq1WWs zSv~KH*+o;|^Z}HewGY};gen!_Z#&!{K$IEo@yi+6Zc5%6risU==7+*0i99=FwwB$h z^B^}tGZD6d%T2I>cYCNj37*I;Pqgse;|(~if6m&!Hu8)@Gt4^0WKTOCc)dT4`|I@? z%iiyp56)zprsGgB@A=hEYx6D^?tf8xFr7!yUKF3V9LX2n_Nh1Vx!B>|+E+N9f9_UR zbPE6E5t=G$Z7jcL+q)&klR%Vg%{%a^2g^ewjm;oQl90k5+)i23XV;(9u^0p&WQ#-0 z@U11PoBnh3V=+~{Zw1zaXHAGX-DvX+BVRWCsm{)=8Q$ey6uC2MM?oXhn+G z$1+QOnv5zq^v?~!=F4O|3gsNA{=W7+VNx}l3>VmiJUq;7oD$n^XBa*o2t#$P3JBrW5Jz;xQ1 zALg%rEo{CaP8FJG-kYeQE5f|}tZ2C9h&?yw1Saryoj8t~hYr|*;)S>7LP$W8uv{u1 z>y7q4V*$4a6XWVI=Ai$O(~ewtzS+EQF>`6t50FQ&TnA(OXyyb>s!C0in%VNeaJJ0r zD6%s^OO=IOk2Q;^J%XaUH#%Mj8UIMga@xgq#*(Qh#5sA`Hz@|f_F@4=&HpJeK8B`a z?6jK+$dCDU>2(=T9dmJ&<8$H44(2G`1P-!q>~FZ_tnIB{y!R}rwwFGUt9n$!Ib5*G z>oE@|Iwat$wcWqq-6BdOO$B++T9AAFzZP2m6R7L|yHn~*>#%+bQGwd$XHgZyZBZ4} zT94+5IW?XPLl$c{M$&|GVAPfxEp%=;lVduC zp>(qCNm-1DJT2$bY|C_oLa4EG7$t*Q&t6CdqByuMLK~~jff)Q-``6n9NY-F z0~{Fl)`g2B?gk$S8r}%!ZW&aRO3HXB_s+ViyzB+OjP>&>;A%8Juj&r;uWGZx`2;B^ z#E@ST%3;aPSXbSsAh*7jjqSe%zTnFWL;O|rOShmaFp{H)mnI(|qv4P7EvmB(@V$AB zZ=+cyK7rx~XD^~?kZ(qq5`8!7ePTkI{>K-2pVl9=JY&J>V+6fafq#0bOffTXMj$u! zB!rLfB;?uIG-R-;!r70?4a0Znd|EOyeER0zaz1_bs;T*l_;Vrb9&yF7NWbgh&|Tn{ z|E~CNUo~!@oBieiN6#wu8p!VOjMWz(%SMA}qW^Ws?hih#m;St$6#K9}zu&^qLtm*7 zi_d|5KYv-DwOoir&${wbKD~Kx5FSM7gYuk0>L7P3dlY}@>LY({W$l=ewi{M{mJTjT zDP7qePpWPd|Ad3}-!?JDv)-1fpLcY?W!RjM_;!X%!)`=^wtCo64|g2uP|tkKcT-kD zGh%cl*F!U?_b+wSR&s`MBlNM4C*R%d)uGm(XrqAV;2il3#wx1@c`t`uLK(B(6k9`r z5qSo|N#!u~dB_hi(&*@fek{j>`R5swO(=f^y`Y9ol{mOJIgSXVaBKF~vS zj#^3194xC7;n*JtzA_uajbXew5~b0&mEKOWjzjlYEb!#6+L!(ycbIXofAU-&y?zYzHCNwere>vp%JQXG*^D$x0`SGMoBo(q2=gJ*TkFk) zp}F4ReKst7{B-Qyr^dXhCwkad7f=ve`8`{CFBUj`E)vh50ZA3jUKHa=`fa z5vCTW*L!$2S&L`f=uP<`NdMC_(#=Kp>E^xWO|3mEM1VY56ZVj=sQLHDia#4BZC|7?CQhNETKC?~Jrs7FYr^x`nZL9-fyV%iD4TAN%;iwG5<3QXLzat} zhMz6&^?HYEjp5Xqco6d7$p~irXAK@UkR7{-*V@F zAyB&Y^Mm*-v;4)e9%?F2yUm>5T#c2E{XOeWuS%Tv>Z(6FF@Y7f;(dr@gRT}?&Q@Hf zjS776@eR%KjYBZS?yB4?^IOt)HNRw=XzZ-V(n#sE%-*s z(}Nv7?Uv}9qR#^{_>;%ZO+iCQ#fz(aAi*XS^UEB$%eg;|Ug`@CN3C^>0a1w#Q8=X| z72Urs@JgplKVb9#EGP6Uuy=5Hloo{&gU{`Hhett7Tag)H|Gu1LS{~4Aa9Js@?)&1> z|AV@C1D+25BiihM{c$)Nbuc8V9kQA28|j{5SLh_c1dO5Me^j3xy9>Ozo$>_NbK(eo zT9WS41M`Y7G7l84b|jY*3geQezj$;BOxXcES+Z>%#AmJ6siz^5zkEmu$rb#?^Y zUVGQ!t?!uU?g&xcaB3!gXEywocWOt=#{sga2F2<$`qKYjt^dT;;JeDwY2h^7GK5zFEBi?;jf#!9#2gi1uzIO>C`|AU8Ddca8gA3e>H zX9V1TbDN?NM)6tP0?iLyQ2~NAZLwofWra!~yi~1-XZjAE%~pZYsG$`+KjQ(DK_HFEDeOej!S;wbiNReKxXSk# z+?yeTE{z9urW#Z2WgUMyrnh4>IN;k{`~=}r*tCkfwJDrx;DUU4t?_Pw7AKgklZFOaH+-1iF72 zT(i@40Ni72AYQs&R(M=q78Y;bk$im9M?kBiK%lFua3em2ibklV!->Ge|9spgSRSvW zIZT@X%e|3#uWB(c)rU@oZ}0Qsz>M_kmtM^?-(}U*8()$HB|%b*4>L5b_}29AR9d&z zgYr`vxf1{KTBkJF-XFF+RyRxR1^q=accV7qPjVIG2~#hwc*eWP3?BT)tWWHE?M1FU z*Oz;0QvdOCx6MSu6#DSg@A_(TUFnVk&xpC-Go+QqTeuM1$d3tsy7ot#0GE%$IdI@) z-N$xg6rJ_)MTdv-~@C+LVUc4BNXHT&#o&NgcX}T~E-gFk{jIH{r zHX~e!eiUW(j4cKxBGQo;p{7QVxOip8F>83(|G#9Mk~0vnq&6k+*sK6&V04^r7>1IbtZALqi&U`bpk$3>_WXJyj+b+V;Hhqzf6(Pz+klVG;aeqE z?ddgMR{6Tfou2;t;#x(P-}MXfo{gUZBiOT9SM|WLAY5OSVl~^5hP(dq+oGuJL&86h zI+gbc0?llEL5$I^qPO6~<<>5MYQK5Vr!LqQHFOWJT=O--ulBI&C<&QjpF3~t!6>vx zE7Vq-uuSpsezcA3A=&A@8-C9u?;qyg0_eD~0k6FxD%&F}frYbK$T>Me zAj2xKJ*wzN7Pt9s)3r1v^7itWwtVnYQJXf3dhCE3M!{Ly-?oCd}q~NdtqL9ntU)Fa;7+xeQ!B24it#`PjC%t;!!B`v6_+*eSFcb)XElLbZ4702Kt3WqDsUnLHSGU9Y-E4 z4A&YnBSh9#!?bZH7@a)9L8DXN+mD$-De;TrGBO(-w9hc--5rwJX&>bz<$~;*APU~ zN-V%JduQh2b`vXe1ISfwg&z%`aBqMI0Q}G}&n+6;`FdinKfXH6*fJq<=u6by1pw>2 z58vLeW%9=$;Y)qlQ>|tfyAXB3kj3|#GXXMLdy-_A5+1O?C!C_dulTshVa|;q*yVLF z$nbhM1FkwPYAyv1A6+}%yV!w1nEe^XX98`Wc>g%5lrm~Vr6U5amwrHy>^EOHGl(yf zPrGgJ77=2g!lb{=E0*j3yib2Xc=?;t{^0FTntLqVP{H#wdinI*uuY|VQSX5LW;D!J zr!KZ8dG^8X84}U&xnU_MIu@ataKcM7PRZ=d? zz0nD82Y0fN-ms2`ZNMzrdv{{NVt~j`2;?lWkmyEYuUP^pKV)Hup?##Cu(iehwY%vZ ztcjxuL?!M+Xxf(}pb}idJsN6-u<8pt8J(~YT`>C)xsgJF#gCUF8~O^Vq;qX~XWHS# ze#dXL|-^2~-#^mf%ZhAS=-pG@=*26(msxLhw7W09d<4=N?WMf~#Wv~?(tlZdmRwh7UKe=( zPiyaOdJkyr3D+z9%i8;2`65b%TE29QlG3rpGg0;?%U*$eSI!1qRW=-9L(DDRBqW!DaYH)z! z;Tcv9fW8f_o8rT3nJEJ zeSG5e&rV`bHRm3y3-oq{oeYJceb%4P++z)$Y^PBijeQK5vU)#`bs?R?F7|_qH3MdEnk!@#D4|`$!V(3a6ih>yY(|Hb!=@T{4S?&)Mcb7bx@HG5ORJN&O~_Je)NcTDC|ha z43|4I7?IA~1N5a7E(cG?xy^t&3JxoL+4HpcJ3HVWn2r}iKEs4n-Xy=AY!_EAV-o4Z zxLfKHkluj5QkC+e8?PE>2iElZXzR=`&1aGRKEH#$FCX>`bf3WGBNRg*%I)D~xnDI+ z{2$gD@AN#QRMXM>R+<$L8pN=lkT$|h;NEyAbK#NTGkB5oOtgOlDUwD zoaNfb$)lzwAnjl4TO_ne+^?`X>S5QFBzc68Y3Vf{&4VMVHZfr>?qmrZrKrR>&~x?4 zKB>NT_=ZyQfwTDyeeSV$RPX00^Bb^6fCsaDU6GyFQrC9p3=jeJzs4;tLlc;G&jh!3 zH;=`MM)^8dr;a6$j2&=3VSiPFEyTE9pl#!WGr{-0iEBe;_?Pf^K-jKvt8(JL_1PBu z+qzNc!l^@xv(8S1`@JHwJT6uS7RnYf)RL9XqM1+ZMyr-Blbj!BKM;!u+|jiiJJgS* zVws>8Yzne(;HS3?XCxtFMQi}h(^+r+X#q?u$hL=8THTONwd#U<^%cjud+Cn$sVsXS z7l~n0wMaS>g`XKrxB*ReyPi{4^Um?`u|+sVth@*G2o59;9nIbKx1DEw2V-e@WAE2? zkbC*}gm~@#ybia+?z2Uf31O)@kmRVYPy{Dxx;c`?rh*@>lt&Le!Xe zmU|m_cz;n6oF<4jWcA}ZsAgUL4V!unj;+8t=H2o*p;otHJv{-qcbKl3?n_LjjRV5C z@{F%Actr-qTwR}VXKP>KInG&=2HHqJ$c!^~cy~KObdn+5kEatpQVzS=s}pQI8k7Z1 z;~y607>(=N8{uz6Dyvd7W4FzH#{R6iBJL~)3n5b~T{>@Pq2zYmTNF{m8H%>5_&@Sn zA4)90xbx??#tI!#J609&yL)&d@D`}Uo-huZZw;OAh!%YtQK?uRJh8Zo;R}!v^Y!4M zfJDy1HdD=)d`;ZFQ+afG zUc0j~ZfI(De-O{kmMW_$_5tL_q|CNbdplFB#M~~CiSu`sCNgE`dpbNbbYfU%H&e6l zbi~h4VQN*|`pmF}q~7+J$0n0lbI7)HoBOx#$!@bFhT*sC zE1NFKX*e9yG4X!!5(5^;;;5F6`eoRnvUJ*#D2V$*Txofk!Lr>SD>+}t>VNvD&@Jf6Q5TM3C&V$*VbsX6o{Hl}TmN?X@>>DtNJbpOiMs`jp9 z;EHf#3ULi$R&#f=RO3P%Xl@@$-F;RbThnYGXTNk~KsYk&6dw8ResYrWT?5Qq9YSk% zJ=N(-8`qEnZScrQonxZz>h zxU}*^kk-VqcR5--JlBk*J)b#OvLpGUe*Q=<3rMmh0H&OJ7;EOW>+i-o)@dpY7+EH- z4s|tCLjt0m=1u(8+@dnNMR#Q-!q*Obia))fG!1_#KwTR8mkRZ^#x6QYJvODEmgbaq z$VQxpd-98L7t`2Jq?PEi{&Z8c0B_4M5p=8=^QIRiu zZ2n<07{%XU>MFkDt)py4l)*)K4B^%sm^mWMn75|p$=5nB_9Nu50P6Dy-hcPrYl+PJ zkV(WM*d#Y?>y~yPw*D*#@h6>pzwy%9=d4unz@qQN!M(DYgMK(X_;#vs26tbalRvIQ z)$VCLfIyBJ922&Pnd&sS*A+h>3OKuq91?iQgsVis#R^};!2oPNc--p%GA@645R$C~ z`&xmH7+Z|MnK})P*z2w%Sv%<9PFeJiDqTLbKUeJJm5 zP(4hnp8WFnw|iqlOpb;g=%hP0cOm4hCXtPknWR|_CvU)fTtQG;tG96XJ;K_o*wo*l z-^=#lldsO`>aM_Fd2I&6Kb<{$Q*>#ndI0yTN?e+;$xb0bf9heM1tl`3UxC{{UFfdC zMvfUzb7^lHtt}$JBBBSFq(Yb7ccK>b{s*2<F_z&w^uVn_LrCprdo1Q3PFr5o7zkIU=$vJy>PbJ&#GItDzNijAcIkgJ0#Tv^+!z8 zt}oK2dW62CcG`HdTRZh@7()N3u+8)Z4u(4I9EL9V*+&o4pkX7o^!P6GT~W2$3YBXiDP^!f z=SNfZSdDe!%?1mHx1#bXkFhqC4=-USK(h*vnwgRv*uw^C2l-o^tOhe;2&@;w*bTEu=b9hd7^yNY#oaN^ox`vi-%r|QpE*ItZ zRDO>n|H>HFbfF#Rvg6MFYFAtq6!ld**mKIfSqM8Gh~>M?1ay@l3V^+zOS+Y|6oJ5R z|C^IMn^}$T;WB0D^+jq582(i#G5c*mC8n9QcG~ZQPUcn*Mo-{6)7x(@>OBNspqI8- zmc?Tasq*&DqPwTSPf2rSL~&UQK@W~sS)J?-2y;~&sui!;%=`+n`t7b|YD6G+LKXPY zPTK!{`?vS#&C`d)C`=+WQu0q6>`=#_;ZSgm@40he$g5j*Y>R=W1$eAoHPEu|A*IVr zm}rIX6FfuE5TDram)b3H*UjZ!{#EavLQcB4BFCd>eg3zrUEA;u)ug; zoWk5B_!V;uX@(>l8mF67-@?*!0!0SsQ^DV;v7^JN!%&k4lU%LRJqFZQ zL3r&I=ENw$HfK#e*_7Pf&-|0^+s z!J|ZrWCO$X)ts-uC9?Udq%niXGv_k3Jq{um#pGNLSM|3g_UYF^$a2{nw?f_EW`7Vq za6J4`rPLTjzyI~+n}GturTfmZ{#Cf#k*;H>6kFb8^FlZ1ja0H&rKOWDC`NT;J5ax? z%2!_Ot68?kN-oX*67nDRv`qqwF#SBKfYwk)xjym=4pYYL|8QqFosVZ#yVkVqc9S^( z(>nkWd`t+I)LUS2Vivx>P9n9}k(e7$=;YOS+{-C1aXi!vP--&@Xoz)WuDa>I9yxMw zBY+Jo*Drk#st$YEnvTl(dy;|v)38bsfA zSFU1^Tdp$G`KM%N-u1Sh)caw{EDHh01V$DIsM%HBlJd`)#0ih(($9`0GtR4ZKyS8_3IJV!^An& zQw;d*FAS5s@nZSjf-DqMl|BN>r_92N1-9Fq<8`cOU#`SS)e=|BpZOPsZ^Mcn%puOS zt28uYrEdHJ3)gPLt(=N>)<$i_rA#5rSlHgCkOn zI!5?K_B+a10FPJX;|MP4e?bFW~+aje)Mmct-tXlD7ZoCh272mEx4smMT6Aa zD*J!)*+&_!pb2N%G2r`e6VBR96qMQGqSB(QHD4M_7+x;_?#dp^73xW-YZssQ^7de6ZF>zQ+aD8e z3YHH_U;NR+7_askEYZY0&ANDh`Wk&mLGzAz&8*$QZrx%F>5x_sxG6wxY?vL9IKY<< z2)+y;k0GBWrElmOlIm4#i;Th}($r6ry4DEs z2(XloQ!7{_j%e3-%=~EE{3&kr?l1x4Dif#r{5Wyxhc^)O_V)9!pAsRJ ziF?Y3V1&!jo%-{y>YQpm%wn)_dJE5T7s8$`LDg3aiw_*%>9#}M(}={}=I>8`iPi8K z6TH+yJ>oQe|Ku|6+b-+0e}8EOyVz(5;pdxYQ~>E*O(+C8W+bK=8H-Raq>u+UH(8qlX_cN z0IaYVUG*W0X#dBV#MJlRmnKW?A-yxm(GK{XlI|`Qr^M;9Z(AbuzH37IMoUbxg$k;E z?=8YA^c63n4)>#;RxK5UFfMVIHf^HxZp-eN(u3=fRPGi}eQv^9Cr;Xqr0IK999!uh zJ-=uArioyq?U>?McUX714JpgvqrxnlWYl|m#Y?^Kf#-j?r%MM5Hh_XhXO?9>4R_XO z1q+{)(1ch_orSetUfkE+mbI1Ishw&%;MhQ)1o*YpGezW44BS%_bBhKsT>h!gHr3&b z;`Z@`lKO+(Sc*k&3NT+xW((flJ>U1>Tcij&H4ebO-XQ|3oD6pVIT|>lW zlSAVYGaq04!J%N0aVGtZKt9p1qwGt5{^M*3OwM?&u{~8zIw4s^UiZt74}Mtj)zKtL zlE``-z9GYWjp`o5m(;i$o;SIr>ZU?mcrC#v&kvgk>jzev;KNA7VQJ-m)@KYTw^4|+ zF~l1DS-Ls3{Y-S9cM0$LO~~>??J^xj`W6TOmjL?NVI14aK|X41SH@W&HPrL9jXFA_ zb;-vCcm14kMhB{tvG2`Wc(ty@2rpvFM@q&tUyWdz8F0Mg*h=PPned)!O_@VQzty$0 ze7cD901R9J-{TS0c2dE{YrC@Eoey5eh0`9C;`luaE{BaL3wahX3?aT6a!pESNtOOK z)~r`R5^jWYkcZcSG^|~(QrumaJlx}FtR1^GXH6ATfsobvj(Ar)atse-pZaH17+k=2 zlZ|rzAXR%m3EXvg12FDa_{xNB5=?Nz{4~?mX%t{X@CC6zeQmQzzQ*u z&%wP>Tk7d=Z@*|}<3LhtzK-Y`3Ku3o5>YcjzX^^n-XR@}OI}NIMvcRJMB|){* zB+V3KYyI=v9~>&b$@REwLZ7*0$sq@SS%GGnV%K!MWRCkAtAn2jvCj_19{;vi9D?0@ zlDAqYg*}=`U8?3%eWa{Y5aLuZgrigC)kBa9-(Ee}v8gQ!#Un2;eG&@%DI;uJQ*nr9T+G!NNtTSi$hk4l*mMs*g)Q zs)XNLljkHa%M?+`Td*h36`~3;>X*())+?{=n-eP;-HW40p*6o`TJQGCnHb^;shPg@ zG^)2ooPgZg#rr3y$CzC=Tcj}8IusPI+7G$9lR%8^q<<*LvEsk7Eq?l1dHP4IJZdSA&|lu2ZeGq$N|1(svBelS*4d9S z@Nm=e{$PmeUNcl?X|wcg;URbS==Ir^4-D0h9A9KW;#Q4uC6{etz&W>!NBx=zxO#N6 zdW;hzXFHuEKY-b>5?DliDsTxbEYoMv{zTOYpTs^w5tr;`%~i$DiuodVak{5?Ule_~^p-FqNeP2^D5o4UWnl`(`0Z_vL9Z-DDNC zBo01y?od%PQjvB*f@c9s)PK3Xh4qZRUFXew25ZK)#> z`1Uasr92;;4R@pv-}%!mOmCdk<gWhPB9I(2zrl>MVnMiu}7S97^^>a_H%Hl)@IDzsb66+P&8j&AErO z)v2Hzzex}}WJPZ0!(ckOEyJT7M$eA5k%Zl(hrw~9^jlh(x>~@h30mSV&j$2eu~D;7 zt#0-#!2g1KQJgY-iAg|qubyMPE5fL5QJ&Ik+7*JS*1x@3#SCTP_azImvTiNIU!i5| z{?Ye^NFw2aW%=EkQ#O6(`ICNYMzerbtQ`fMIk$-*E$Ui=6 z9nrzIZl1#3$1_1>t^c>`^ba$R2jC><0lv!VYJFC@lV^$aT8+`I{`)RWm=E_+tJ-gD z3gpO=cfYq#s)GB02DT$++1O;_iD9B_f&81UN!G#mAbUOzp`8EiD+B==8uuiaOfD|S zZiay&T9b48M0}+W?eD)}GPny5)AWpoe3JTBpM&MrswWm`K4zEJ`ohrv_-?;IGp?zm zgP22v{L`4%S>x!94?sx3)+Di?44oWF#_$@qaA+H`i>cU$*)Cm$Bey4uyJzww_GRDb z+RK|TRQ1*acgj2iFfS$?&*a+>#cfJblu_bu^}a}>dNGObYA?O#D4RAUm3WtqtBjTV z-Cqg2RBy}z6I13ZCRDFm;ue87Co4OmlfX1-d3z*ZNlSNH8~}!xw349|f@`0-QXT{< ztGfS~4Lk%+KRCC5yYwN>0y~iYrP&*6N8f=9!qc)kM~jQk15^yq6K%4*_akiwby|Tm zlg9Rrua0nQ;m^%wy0H3WJMSnS`K`96Jdg&~^ylCgs1M7L>avzum_hu>=gwfPL^XF*S$>J0`&t(SLT4_X4wzCykrB>MR70rm3r^~#qr z^#u>}R<%O&7@-ssUq(LYJ|Sl9$DA)Ro7!3-vg*1Z#*1uCxLv>eBpn($C!cWmJ#E3H zu6}&Eg>%;*D9pJyEe0<3zeT|&3~WA>K5r+J43%|V-j|tkq;LdF*k#n%jirA|5y@YD zEBRN`wk7@tJ%~K}RUP_R@jSrrFYoZ5BAKx~dT8ZS=Hqus|6SMWG+%jtDA-TEo@5s) z!b|52Y6}nk(HUXv07@~OB}Ldx!9Tf!6yNcs2-owZwUe-~ym&G1+^Kl;i(ecLwGQ`K zb1UJMS1M&#>nQT~meq6w896>$_a9 z&#@&`nr?@R1m3c}M{R;l?+0Q>}njO0bQ7=`Y{(NDR?8M|ZRI#6ZC%#yi zmO+CN7PIlmTZoblz4VW$#DL!lrqsCG1;L(P(>KGH8OaRgg&s$s@-8ul`^E!d!bzk) z3H6aKpYB~)2<&*@y7<_>k~g#ttw9bH#4N{5nOng;c9@p9-x9_#L+qC=M-0$~+Fy3R zT054ddtFBSB04$1NpOaj^9h6@tyDxdKGP%T?>1jQWabPF%Tp4uI`@$JJd%5W*Yu$E zr2r0!uxmrXzKFkaJi+76DE_D1JKNZcRR>$&S>gk2%ua?gj73$7?J*Or+wNxHjnR`Y zzc8<)?@=0b0u!m`Z(edUw?Ftis*1QM
    vtwOn0kPHKUHG^ku1)~b5lbGN=z<1~7 zFbWTuHaJoPx^{%!FKVORU%ve7objtgXHGZ!a4J&v)P-|%dyzhT z$tI~sP}{8vzFb^d%Q){cwyX0)1>}Qec%_|W1_W4U+ty^c+-ziy5Av2qSp$a8C|ou> z=9YLc%tK7&Kl-K+yR~yTUNepqQrGAq=GN;5d8g)c+inc9{&!w;0o6L^!rh3_OsC~E zAzNR7S$^Jg*8^w%9x_GeC2OWT_5tP(Mn|^sESJEr$&PLx*NCH~ zU$V}d3M_8-Iev$`<{o)%eligjplEHjO@Q`0o7h0Ii(ogV(x1GVu!}z1L}V?G97^+y zVdFy}EhhoUF*71F>P32Mn zAEva3KQRoksNZ{V!dQbsNypY7p)~?+mNz@J9R2bAPkXzW?|iW~@Ov9(A3Z)pzPQ7N z&=)m&kLK>wh3tiGJ8IYf3$IVxwIx^vyA>0U_0Mu&PelybJ|ii4zO$QXA!>Skeo8g% zCKQ~Us%Kq?{!DYi_8PcA3dNj>H?ya5hrtTZzhs?41X$+2nmYogvJ;*1`tU@C#(y`>AwtE;*lIX{gTM*H{ohx7mAY&CT1q2RiC z1NLP|@akd6Lo*56e_rEiMwi%y5W~Ls@BcImy@$;V?D})i6B4IT+;_BGw5s*S;LGxw zm~$HSabl7gRm)S=?1KC8fvb9Rw%yHVGh7Hc_W9K~xoew<1>C9b9M{_p9WHDJ_>m31 z^(~!L)jn0Y*G+ItmW}Z^oIC4SGJ$e1&Fr^kbT8@~gR26;#-aJ((D|BPS;YAfuT;=N zlb+G^XQu!&M97!IRY$KCVWHi8depT+x$i7u&H>~fE90jP68l}j09Y0OV!+TsO>bYr|aZTlfrVPk9R32 zs)asgvi%V;Hq^2D60*h@1@sSThtX+%c!Ghx#)?0|fs*U8ggQ@sk(NW=2~Z(+xqLr4 z{AB?>ADEGueL5O7&lRiA=Rd7ma5)>!4!Bhq)WOFq6o;F=DZ(FLAbkHUHU<(+sXMNa zrK3>*3H|MT_X%2*3n8>+sns^SWk&Zj)IA`^ri&KLX08CB*{Km_+O`55#7KsC8T5oKetp~H1G+L~v2FV2` zm8gfwtYOafMrga@SZOhaEfTUjZ=#C4Bj&o|T7m8ixJ>vZg;Nj3j(mnNM<48~<5x7@ zu=kS76Vl7gRRBGZK1>E}(eyoc-Ew387#O0eczN%DEa?W^RsRHCSg*eK@PfV;SYO>g zLSUNX5Srf)ziOerRhNUQAAUmCTQt)iiJIt`XibTk& zOgu~;kw*jV<#71%i6mOP8HQDBhJ6K#?tNOt8H`EyP+X6PF%pWl#$>d~JSd8TJU1MR zH60Fv-egX5|Gfsq3qBj15$F3mK|s!lW^eu)dx@S74sH5qto~KPfFPGr1NO<;QY>2* z$20ioiR1#@Hsax#`5!Fb0{oTpoqRud7~Ma)L@!`sWq{6Q5${a7ziKGNDkJk+@k-rc zZ(lRKgt-?*f21EzVTV|;8ezIds}m5CA%w(sA6SsF6ftKQ@^{}?!yw|godERaXafnw zm!~dw9KW~6R?M-I9q8%HD(uEchD{iD`+PLFhmo`yDIi!=TQ&2X@5}{C^DfoMr?fXG zAP(28e1yKdqFuZ>+cd@-ImXa;UDob*hYM9Q(s9c9p0QTuQX$KYP)loTG}^7B=|Zi)+|R zW>e?ldQt1L{|uEvkur_HD*YVA@PuH|5Y63`Pv}}IB4=KF&O^Lqh5n#+!>l90=)Q%v5L^^9`lASKRp}6PqUUl6 zN5jj_W|E!?dOpbP1~eMRgRbW~D5gtz`uA$r7W7;jB=cZkatz%vpYiNVr=&Wr%33oy zf^%XffoyCd^!aR(mzvgWc#pKZIIvv-C*G5Ad@Htnm; zt?~5RX~?T@vh-|#P7nr}SDaQ@h6PUDiYw{!FmoyMP_v6}hh;`6&ovJdhPa7|w-;i7 zEz2qP+#Kj^9=>xo+Y4uMcsqpSinNq3xgsrnNB$z8&#qk1ChI@GCFPeZ-_k_%4-y*w z2MHBm_=8=x|M4;DqW_4Y=6}S{$j(1l=GQ-1rovx7RR2nqJkR+nXa4v5Gc>a9n>rXG z{RFzCt7C8ZzdGDuyDy*k7BhTyLue(uydTHM@0U;L#Y58dsWc_DqL(AZ(!8>IlxWpC z*k{MqKGYkz1<+8)pkF0mwT}4n^SA%F1NM>gHL#jJF>^N*^d7kPt8+-Tl=MrP7Rj^c zUNl7p4PyMVP26-lqfI1_o2)2V0;O+d51}0E?3oS0o?jL{LjrIVR*=)zt&wv&z}qtq zTB=}cJ^L(XBZa5FbwE7kQ7KBrt0Bf{Ay_-5r=4>kW^`MX(-7RVKqBcdTgN?b5I3sd zgx<3%O}HoK(H_27S~E*JQBs6Gy-=9^={X^t-Kqi8Tj$&``8}TfMPj;E=BDh0t^14P ztHXzBN9PTIdMvbc3VK)&Ug6Gcpu=D^rMM-tzcf~mZK03dbaCkVtNW{Nb3m9_JKlqd zuP+WKwtCAvd07Ww4KZ|W1nQcJ@*}5w%}5T8<)E4;F;LymdvVGGEHb`=$6M|=Dp8Fd z`^rUdD{MRQPlj*L-@JzL&%iiJ8C!Loepr`&*b<_9*8b!6y_MGHrpAMofo9_1nT=yw z)fc`NciJ;!X=1}UI)i}NeX~wUs|BkJ*>-W-hcD<(G+*?jKwiFY z%fVUl@}n5*4@%u_##2hQ8+<2@IpI$8Ql(0YUW;5UKF=C~O?+`Kjc8*~;VQZ0GfZl< z?;A5?_fLrcycvbuk~F0ODS?-RE9B~qj+G7`l#gM6OmT$mFmsg)3zNtA*WtPsWX4Hz zHJL1xhMpKn!5sx(R*vO)*K#t(;NtR^=TcYO+1kOpWuSf)%RwkFdx-iye>?GKMqo@ov-^uM}|vSm`=L0 z_@8_YIT^IRN_NNPhBfx*AX**l0;(P)Ed87M+6yJt?uC2y_kC-VO1B^^!QtlrOT}K* zUuXesOx@m(`oXECAIn>AP9)Dfr*F~kSb+4o$PAMi!IroGf5#*Ga$j zq#!b=*7{<(`ps&`S*MH`dBa2tA?v*HSQy(34PkcYB7&? zNW?>b9@yicK7TAle<@voK6oUpnPzSJWChVdXQmx1iD7cJ?@w3Hd)Pm(A0=nD%8_h_u;$cX1#KG0pepO?6@Xfu(STg?^ysC2v#HsfEsRfP*4F?Z) z2+?KpDg5-XPw@5R15c0Mv3*tzJI8?dL!aF$0Vdz}xO0yiWg&7TUCfO_Lf(_6U*9>%JZr;umMM`5$kQ?AYC~Z(yA+-yO`b_nPb5x{` zZY9XVZ{IA}0IP_;_6bJNrgfm!R6_QaoJ=~fvL9fkZD@heL2dv1p!NZ`hFsGgh^^K4 zypOs&b2KE~V;eLBv>!eB`VvRf!SmW0BTaU6OjTznW6Mfo*^0P)#NkjEd>uuH9O{CQ z$+YWVz*z(!kN7cD{tU|NC`}k(kl{{s?gL|XkbFt=yyfc{! zx_pK#Ajfl~TZ>`j&hefr+Ho|Gz+dFzW|7_4C-}{DX2c!>E=uctqX$^>MHfG%;t*^b zTHZLP8^})`@*3h1P6wb%D7|OZ0pU~}EgR>*9$KIF4Pv}i{lbP(TR-Ph^uxwE z5<23uk^uzi{cCd_1ipvxUsGF4@=?>C%-0W-&opUVWLzY=STza7ZNAOs4Yt5B zFqW=yy3AC==c$<;s+1=`yR)+jCgBtsRs5 z6KsFhx4lKM=Vw_xJ%tbBsZv`<0sUwGTT+09B5{bnOt~o(rFWc!->_YeC)zbLNe#JC zS~1!y_-0pN|DX#9&~r{Fe|`gXJ&LFcg0`#w{fR!&r;bav12!lCMQ|kW2iMGdQ}M66 zaoIJXHHdy67*QV@{Vlp?0G(h{DVRB3Rw;TUJr-`b*k9OxB?Cl9*)criTMPcr8qplWtAU3cx}5Q_9;Amv-J7kQnnjK`&sz>^P2KPL zzHgzs5taV(PUI)3j%f5@ki+R`{v*(rxu&nv85!nfU%fi21uZJ!1<;1JDy5k#D;)2$c zROYGeTRKt9Rb`1d@phQ4tnal{$3~Lv8sK&Xda%Lte&TXy=vYUW9NvS2LPQgorR#*) zzujW=Ammir@D)r6wxJoZjXDYv7$5d#L+s^*w8PLxd(%LFe5?h3W&2SDf#JxdRDTG= z>s7o*;3$EeO-KqBu|H#zNv1)4*prj1AdJLU^|duI4HOgBUi9*?>WRB3M9joDhVKve*dH|9I0eOC=dmk!(kpa}W6H}hVR z^W)E{Ah$4c7-S>kJh0yE_3|BJC_GAn8CLeAl4?fQjCi|Y&tK5>*JFL#fvPO~hUyBE zQ=F+vbbH<~ zP=QO+gcwu5F|VhuZA4(1JgV@)Q6?Q5M?yD-PcG{YatJKO20ns?u02_|EkYQDK3b++ zMI;NhG(FlB{S@yj@8)c^Q{LbP!!ky&d$F{qm|R*7i7hc^j=FEkpT!Ee02c~Xbh#5M z8}H^v9<_zX6L^sR_jgB^%~Hw$Smzcj?3CGb=KSFNciMMP_28cq&v{ah^9babOsz|@ zwUvq0U-mu{+YGnj`91j-uCQ{%@22_Kf(npWk=jRXMGODzNPQG+`a!23?SSDxU=1WL zJRE4@VZH&O*?H+3EgRKVy;D6;!C&`T!0rh%lrLnzqYmwId|Zn!-c$B(l=t#Gtr_jDA4$gOs7lJVZ+1&^Lq$ZcdE_Eb{zwDUDa~{ ze$F;D^I13sH=fPnHK9;MzU0~@P`;m})nBy3j`Te|a?<%mXU}tOUw$NhgHcAv4r&p|wyq0iiPG!p^wtP} zU|>681AZrPN0j2T9YhE+nC5d~n68tAjedmDe;Nlk#Z@n~uR_JSaB9!}cW>B`l*#`< zyVbAI?r0G0WP? zWE`|I^K$Jy`$y~caj52S_6JVAfX6tnd?en#1s;ds-HBLOHsh~1d_qT&1lgpbrQ&0;L4nJuNk4(zY}Ee#jS->TPmje$yt{CByi|)w~b)}Zf=AsN#c?TsHcNkP~ zSKK)JM8*$r?&++bkPg~~^A&c78zf@|>9GNx-dd>dzC9eq@BId;1Jt(h&5Z(DzGz|c z!89;Ue$FP7}=&5^ET%M1qIX{CM^qI0?iiUo5FZl1?_o3JM!F>XZ18WmN z;nJN$cV`OZx>c;^oyLhiqe?BzqGN|)8s{V9lNTrO!Ssgabw;H&0uJ#Y?Ub6gV59gj znRv&!{g2;kolpaXu_UPFeR*VRG}zH9ZBM>!k7aXT%M z@EN4Q1O|SIG+~;C4d~7;7Cdb;9hyB0-h-W!f*INh#;g{X%++g{DESC`=|=~HI{ltM z9q(a20(r*zG8z)=l37;sac27t}sLixaZM2&nf^iMHNBbhMg_k zqE6o6Zt9+EhJc`L9C#)X_+K|Zy&Cewz1LS!=b?EgRJzoOL6KfL|6I;O)w1IxW}7m3 zDsvEq$$9WQ4&HSLy5;ONMU|vNix^FBz}cpzOwjxs-`ZD8+j{B;TS;BDbazn}Vg+*V zT>Q<2XrO$MeTz`g{KMvhpeZXxn%g4t&Wm6}sq-m1^Y!wk9ani`#T$tUkS?7tY7!b# zwjNjn{FOp4bm#UsyeKFiBMv_(G}+@Z>wk9}Ws2_l4Q&R~Xo78D>VWCzqpgQ#L|=7; za{1>#<*GYX1MxAy#)XN?(mwC%(APv6h=yl?>J~ZG?if;FhqV|u&}SiG zjtV0pyTE za!~*M2Cvv$KC$rXHEk3h7BwvQtT}Wcf?CNm^UmTvWmCvbOn|*n131tM;F!$CQn*#zYj25?8*$Ui3(Z_Di6v}G$aJ` zD6sF@{tT@?w<%74(}{NzmUEDpO7F38h8KhKa9G~%Lv~$@qh~2v<25JrAz%xV*I`}^ ztQCO_hT28^`P_YEH&F05VzMAC^}heH?jY#80V8^f5_g(ScSQAQDnT z>ZM3qiaym)cxV$q>3Ve#;C4MT+Yc4}Q90GiC&pAX;la{c4mHZQZ7)C;;0s3F^%rmL z=4TeCX}+3=xt-uM5a08bsjbpJkRN|ZhBjlg#5?WbP2ha7PC_)mcrio0)M}FUN;#0= z6IGOJH*&|o8;`OVEBipOxjg(52WpV zyEej$oCVgObkf}me)|E~N4!Pk1gIXI{Tl(!1w2&JzGK$X_=u;yKWva3OBFq21#03a ze>HIumG-eu7nvT?5ax)eZn;!(%C}_WTT-?g*I6jPy{A6Jj>GCn{!&rQ*ml{=4icXl@U!Q{HyD3OYJZ(7UoVq zzKX}ldam&2{f!`BmI$SM;x6xRYQ;~Y`-h&W7cGRbGI>YcUtFs{Khll{UAI3on1Ql5VYxL4Iz38kbIX z=b$qGJnYeb93)4G}qpHiC^TQ{_C-^ zKL6)WH>N(o!h;}$IS+6|J_v6T3qtt0GnWKLRFQPw6u$+XJx zDtGJx%7MM6{E_pvv~q8eNV9Kkku*W&-vmp<%LS%zO15A;m7DIkNn~^hAXNSl1hGHD z(umVopXLPb-{Q(0ymqvhb7g2BYA)@I_rq^O{BQVO9EVOj!kJ?vE+nkyK9iJu-@W)i znMC*Djzmiknb>+jP+p|yzC<iBzHLzIh;lS8H#3)-=*C4Z@mbn({#f^vH;{(FpbD(*0FS2JZoWrK)kgeVYS1`Yif41c?a4e@rSy{rn4RHm(yQK29Af5Dm3KwX`cE92sCjBoSfnL@}6zawz)32(QuS zBv3xa?uJ#yEGak)81v-$g62Lv^@g6%c!Aq;`aw{7FBu}y*K_ZTUoPnmF+Jm?(pMhg zbjM-tHT;y&-!sjmuXHGIkVRi`uEy^22wc-)x-3-129=H9N$;%CnXRArnQe|~9xA&{ zE|O$}9kjsUedt|^z2X}&TFRp+Jz6EYTg1e;VR(mjqGzY%a^=0A!kf?Zr9UcuSjt>7 zNxPH8#06B)(I|%PrAF}SFO#jqPHnh$&$3}#^bbUz;ix32`dwe`$at`t5-ND|N5~19%EK4PDU?EUbZ=cO)9mGZ|ybcRpIZRwl055owr93CX*tg z@g9fO z$NL^es~^xbCD#SvM%2lFiDdcsp3BGd14{eBK6oOi-z3Ic4O=1ZWVZto&7W!kxtcQ@ z=ORaAnr6!+L8h&facNw55H~@$?RR9tuYZyz%inDubp5QgIqdc9-;2U?#ql`*P7IcU z{r~*3kl+i}wqe3ss*Llyi<6O}6^}=9ltYuLZ96{g4D?2++`RQUY`h1mB-Jsm1!BZ* ziM3}%dE@R}T`8b4Oi2DRm+z`L?f*<6{vVm*b!7^*ug~m$&z1BieY`%pM-~-=8P2Uh zi6QnXvfCEE?arFQgGfVu+23!*{b_qB`F=>TrwvDI|B-My)h56l7DjzofV26uI;8F? zS1hOX=bK)lA~B}tkkYd(snd{?&yP1nz+h(-UfTPPJ1XNKWWB6kK zRyoBT)fc_c7?n-fCqh^!Mo-9*fA+V{q3R~>P9()=U53Pusfru;F7o8tAg9X-&05}k z_|?r*3$E&Fd0uc2Ss0VFBmi}kkiS}LgtcMCa!9*T$3px?xfF|@6$=D3@<&4@gx+_~ z|B2MrgW*~M6UTMRfW$~Q;Bw0dR;ZDVb+Y+0R-lP`)eVgvGln_R3t`o}ZxLSZzPXj= zYK*53Uk!C@ZH=|8voa0vPpzNkp{-*bap1?qA_x<58|s|Ov(ajsRF~3~&O$TV#`v@Z zM{a(gQ7-sSs!&QD!$(a|ox#1Z@06v55(4!}3|jE={`#+CY-zW786D=%2CNvF#h2Fe z$ZzCMgwhJocl~3#<#b@_N+Xq2<~;5+yI=jZuHV8!Ta2OI6qv!N35Gq)1YeCmX|B5` zv7QyQu*9Ff5-lPXP-!+cdIC+;k{xgL2Ez_eItn5HOEY2&#j zXCKYe7CSYJ5G{Q$HLSm6{x;x$zUX5;yL~sSM#!@*P5LmYb9gCDRo}MM{az2-8i0!g zdWnYQBDG@>sQ6B7Vn&(ko7>UDJTVj5IQimz$^A5pvinWjU#vhQn^aWO6yJ<1K$n9+z&X5Z?Q+S2DB z)HLsWaUSHUVUU5w)D7n8k7Dim7x_EpXC;;cX;+?udg@hj&v`kMOSty4kK4CJTx-Fy zloROX;)lLe>k@)$<;1IPCtk1~HdEFwOLM-df(NsL8bEYeLT9uwN)+!dyf*=+08aM0 zgL0L4c0tQt>ZYv6^x~wOpME6Y&M&_6Phj<|;HyP8mA{K+Y~xvw*v@^qf#+2Rs9|EM zj9b1$fwa1xM8dQ;eOp%#+rLS7HrH^_Q@NANwqRzoy!?1rZxtt{!HUxcmOqts^#A}Z z?1Jc6@@Td7N*-R+ILL%y+#A=iz!ECH4;h|Dd;acFi3+neoI$|EABlr#{K)PkTFqB> zu;+7Pi4uIA|<2X&Uc9+Gnqp@Bhd^k_a=_N zVoVXSX$K!j^5>FGGfSjQD8X;@2rsBxmx^ z`Tj27W$P$4U2jkt9Z2mEn48Bao*0k@f@Tfr$8E#{pt=61|KD}psb_k z4d+pCuy|*QN(s6QO_ELT`Zk)*xCH`|i^i&JumefJpqx);E4ee>$Re6c8US1N-N&yP3(V z7&=h4Z;!j(-GuU?~kkg180Ihkx5uC^3WSF`s2CF%4m^@vsiz%!bl z3nf`6!ZU-^6GK~$l~#Z?lm0+p;hx{GlA#4K?EbGFC4tK^@-+z zP?B0&+_Nq*=h*VM@f!A|3C#7pv}o9&QT)QvX+lLirCRfd5(K-^dy(;`wASxp{RpHEd!c=vT(f{_rJx}b6(s4y`ZF6hYfxwXcV7T31EY7Y7JAH7Gof{NgW5vMK1W-A{IeG933T>0pLdx)`_9<(`yoWPVkgcsJ9;ae5HC8AHMr9n(PgtgqB`biq<-bsi^V{X zwH7c1Dpaj(UA-`t!zo#A4&#zcwAmew)l)mbdMzOCiNUL&Xn(`80;8n(BD=a)2{I@BY3bjsUY(`-y}8=%6`>d3<b~p?J);$%FYe&$m`JmyGaek&6TAv+~%4#_S6!3W` za~3srI+P@YO*(5O?s+y_gG_TAwHB#e?QAeDt2@{sRK@Pc@tF%H;479>6?4Vx&6RM0 zVmV!!@EI9>RHjv%`>Ueu$A>0p5&rGGUCAN1vk8o3%|nJpQTqPJ>E^W;Jh}DGFT8&K zG;KT)Zxt_3ksq_K4#1()S5CcE9Mkn#!55=>xnVWw7|Xo)T~oI6d7fNQh7ZN&gh}95 zsXYMjO$$VmDk<&Yue}<6tF#DcY+h62ue-|x-tLCKT6B409=@m@m~wK6+Xg2ODW(3` zK_)6Sni1Z_EBm!8}gmO@YTY`<<7vlPA?L|`u-B=zW~7gjbJ0r*kxY^TgMBXp@O70Tz`3+J+KdNkgn>~~w*f20OK`76 zmevjedCSxhw<86js2&}yk;7IwuQCAn3|}UV4NqdkrfKRF%lyp=((EuxeL7ueD%wQa zmM0&Mo;n@s2ed&H7I}jn5VJ(i!KQRSGX6z%Sp#0Tu&4o=t<9{iql;kJ=N2^ZOnqMMevS+)@xySbwWs687@ZR0m#T$H5D`-!S|XG9`vt{C9>C-3JpdsAHZ` zrlrCDbdUtb=F7cM;TFn2z7k7qiFbNBwHCg+YM&nFAQ9>HNcfd%69y>l%KTMI8cdO^ zcvuMAty|+CpzMiGy5}IFszj&PJV_nbl?mTE7je0}s*B)r`q+aQ%CtoJEypQk$#;=f zxJJq>pw!BjzsAL+LoXjq5Ty;Q5U6eKxDY&z`^w3gA7C*hFqQ?#lQoAyn(%nahOaeU zY^u>84ZhgFP!nig?$O?_!;uxlcP$b9%@behPhA{PH8Fe50S-4Q1*y_up|SD~FJY-P z;)|CwYwUBLhiHzf_-W-*Ibd<>+;$q6KL*y(ev3>fciEHXi%0>|pwPzlfgD;)&6Fk? zpKPAy(A5!+?ZF06c)9QiN1Fw&S6L=FoT z`VDpdNheYo9WzLR8sdNHe=)Y1V2xd3@v#W~=kE`3)Q=hJ-jNtuve|L|8KWjeg>e3> zAxe}Yd|O#SZ?ISQF1%7+f>Y(O`8exZt}es+HD%j~ zxRbcO2|&mi=6iqAd2MzfXIGCEzf^Q&$bI-RorWkPmHb%E&Hy{8K$#$j{cbQ(iPQP= z!m9B^^Uqm+Ax4HtMZT;z0u_pRqZzp8T*VhBbU|LL8FWp|XC(d(n?{{wb*J^Uoox@~ zhO%MlnPV35*o!uXlFy`ky<1!OvQ_l7vXrMChyA}0ezC|fLJMIaO@Kq~LjPE8&+_T- z#JN`e39#`aifKKdbzCLhR5tCM@wJJE2KLcarY#|KX!U7eOjFzJc&og%Pe7JT0Ddg} z1G&iqJ_WsudGs5Zr~;MJnw8M!4(5$3$wuW8xOg{LX|$buUY+0W1g4!4riG>AYrMC@ z#OII5OW-YvADNh-l0M%DfgOfYJkU$VZ>_PPCx~f*A)1g3Q1KH<-!R9dC$R?P9B8^S z6UZ+^*PZv~qZ$rCc{lu~es$YOSgTd0Ke5m5Gy{~eijTMPSXgl0_oyvT1=>6rD;o?% z-NY_$JiJ59FbUm&9U<28Lz_gss|SIK+nNv8PL-TdT>C~t4fxM9WOGcO-1;Qr(u?h{^rG+te?^hj!ziJ<(4v zoQu4*m*S;&9dfNtf|tYlGY-w7%B=|l%S1FnA-XLQp($?iqt1}>*G@X$8U!~85qD|A z0;^aH-nB^QjD?3JDZfO?Uaf$@2E`k~AFi4~D>VU2wm}VD)K~ABhnWjXu()~vl1>W` zBu*zSvJH;X7eBBxE;FcSMr1S6eJz;ebeP8JO2jN)4(s-jpdsJ z6DEE*h?TDjMb}^i#&FCMsJ!9Hjg?l1R5=N!up7$%eA`FUY*YglK^eM{iq2cUsV$oR zS#_xCJZuryh39GK*?gGHvs5MHW*C@{_3d0@!{6w#N+ZKlDWK~J+6*JX-S6Bg58d)M z-@aFbn&j-v#E!UQ|D~*n{n*d#y&O#aa^BBMRN4(haQCt=&3a#^jc1YoF4WHO)(8^Q zYz5j7P}HZSHTI-PO8r&bTsvab_i8~hIR;Xi)L?A1?)zF#-}CFmqIBpFSEP8u0c>5? zd)-wEa;@~Xvk6crztoRGW=hy#iB9{`h|C_XDOvtkQA8#z(BO-4YbfcW1Ryja9isk(l_=q(Q+q3-8A$`FokX z+UZVn@V`C^u;fi#?|CdX9>y&nK=|SB5_ppjHiuaQ^GJ^OzR9&H1`jV268~ImHS@6W zv|GG?{mYjHJq5i-I>vEm*Iwj%>lqi6#hc1=`uL+*`NbtOFKtuqTgKq**@b!bZD_ZS za>N22_f0{3E*8o}NJrL}ilu%1AmVDN!x0PhLUjn`nt!-s0>cnbWP;BT!MU-r4As9` zpkG{d9W%Py7~foETIsIa<9JbF-}8;>p=ZyxUL{D#W2doyB?4StPd zGG(iTC|yIAS1=0HgN@ed+RGLFP-eWUZP;(%_~uwP#9wg}5ep67gEQk0OiniTEV>C*xO=vSi>o6|0SB?cJQY z^>mZSrxsv+5|efQ#%2OHgZV-fa(W#Pf?J3>nn}KZLFQ?_FT$@2`lCG0aiNK)EE=1z ziyn?Ai7|=B3?rqgm&ImQ>9CvIUj_WUBbwow81;@S1!E>jrVKw1d}&N~(7B|zU&SL0 z1QL!2@CVxr_>Dg4_7Vrt#_cowG_Tiq?W&oL8)bN==xEICm14>ntd@GrCE5{Oe6@yH zWnS0j&zYq?e2JzRCY}qG(<3FMZVJ zR)*6>)-XCoEu{w<#Mx-RI2CYq(i7g&=64|^6z%*UptawysCXAuHZ6aFKTK4|KbR;c zSh)NkJn4^^rtlvHsWdR#Ck-Z~`BD2bMZ|x^)FeSnO%gEw!?RHr>;IVbw4mOh?vHrv zGv$I&VRFHA{B_o}{)60xzIo`lzfhPx5T~@?IyGC~NI{l@k;peNNW*OoZO5aYWbnT8 z;KmzNs$oh=UKmO6s$wqA3Z0YO9wJ8K{Rwp#m4-A8spO%4(idYH%w?EcrHbSXo|563 z<3eU^$Y%wJo4!uD#_N5v53VzqevE+3-s5$jHNHvwQA}>sQcHH;1m8RQ3=wd1O4Qmpp zRw8{Lw<*jsI#%FzWyX|El)hiktA)qPX?RAiM+NfQi${33G}=piol(4wU-R zElhiG;b{F5*zPomVLXEi19>d3ZM-qit|9wbCwDT#R4Zz?O_w{{HG55IuqY+bkzRGB zC~G>BJJBOr|KRg}L7e}0{JzUXiF2w#3hmGDlr4zw`G?+9{0FzE-e&~}Y4ma>C?gyH z&Vjvu%mEY|DeNWYAc*)rUuQ6OHV?M3pp8hp(DmHBB7p?Z{8CMee`0fb6)1?kA9R{F zNl}HcF_B|X8vfAq$fJ~P$MbV((fu>{4B!G5bv>)PGRS_v>Af<@E(HX45qI@gG~LeLALhCAVd7aAmd&#zdmM|wKyzK+ClKk zK5OlyMitt2slMw#Pe(|y@fR5Q1;VhX_c^NNb&n?zUZFM8^0*S!{~<5 zoF*NR_u_Kaa6w68NdhjIgRI^9P>?Es#(6KuB8Sgqu%GwOD_3{wI)J7@y$NIX$W1E3`ZujoTsMugU9sSO1r`|Q8Da?B zhget$B5Up0C|#HW3*Z^mli!Y8$)NB9+;0O9KX*UkesyPRosYO)o-N+)UIicjTWQN) zo&Mhp8QX^5zgOCB-2WByz}sJlhAzM#n0>Pd-D@JTnDb)13WlOG&_lJft#10BU_f-| zMC@(bGz*z4!m0p&$hczrh&8OGn1hKZ_1-MuU}F&@Z^c63y4cAOnJl=Wjk`|rR?o!y zIxbX_+?Za7NftHa<21-NYg!|7R?rrU$UzX*q#?$D8mm~51BSwBX~-0$T-&0JbPWCs&ENw$CGITTbFz?^j6Wg z-8nJC;H=7reWwGcVx(>;lE7l72kbjo^TUra{ZZjiue*3p=t7&$ars3X$!p>@sH&6@ zX}TC0D9S*hs?9lxNPTf8 zvcZCw?v|r28VIc0XIO334#Is1$Gd19FV?;Z=WY^mc7)6MW}!Y&h)Z0+a3+$iebzC* z{H4b81q<~|T>0pc+fR-;fvOf?`&h?Y1E0~dnT48{H#MMNvHcmg71q6X6)FZu2X+i> zt4?DtH+krVJ;{kXV0%k1*j$H1#HB^o4bD;DHBIM@s@udyLf1aVs@;v@U^)AC?p6LQ ztSSJTRGNDI_KT{cArfb_i7ffHn!|*g`O9o>vdzHVKi@= z(5_%w=R49zE=iO({GOU8oCA~)-Z>|A@$I7_5IP+k{;bO*tH|9KJ<>)~s+>~vis<#- zrTi!3i{@2ve}p!wc}>i8^TrBziBAM$$#4lyi86_I)RsZd7`X4@ z#t;WyMU^xEtb9ocV|YmKDE!X)=f?x5=OS28Yuvq{ZZ8(}pbfVbPo^8>75TE?xOx6w1E{-I%% zR_TuMdVZ4*?tgfIadMAUTNE)=Yjxa_O247RJbk?rCQhm$aVY3XH*tTVbOGvXNfcu} zO*-{PvNQ*60Y#BZvG~wy?E9NL=N!DmWf9UwxRGHTH~qfyox_f*^s@a@gUotkYn!kb%_T`) zJ&Ox2tHfJAO*?cY&>=K+4br=W?|P7Q1wTiiA(vKSD7t^%k`}zmHAFk} z%EPLIFcd7vk@uv&{(cm_*bS+);p?O_$HSsG^t)g_r~%9o+Nuetlq<}Eb;?CuNMU$F zuBNTcPu>*_kQxg+h$fB@#G6bPsn0qrGI9~dGS;j}d+?j_xk5oDE1lb-94?jofE_uj z5u{S}#;rS-HTyb({BJ?E>m3JP{Ljk1gCS(%RY<|BTM`lY@>F)%DKfLiR3V6_n z87aTq+XJY3M}VdVdol~?#e>ZbVIz(ERHRZ^(8652=#_c@Ba+&6l*m;?O!wT;t2tn} ztgQ!CfLFRAggcL)ZIb>42;FkT&-BA^`9d)-Mh*_fL#&K_sh~abjxf`N$xs0>)hkBA zRDd4fTaq9@ynORH(w|L(K8Eg@pD4ez-!?%lE;ctOZTx}Av+1R^1WuOV7hVavivbwT zTq8mo?MEd68~R-t_eDcMJQ-`~C*}U+@YD0;qPliIW+~d-Q_Unn77x20Uy(4oZcbn2 zipNo~eNFv~*qAWikX&L-aU}J2QWM)D0)syPCj-}D?8)w>bShwjH$IgF9xLVA80xs?$F70X3mjHmX3YZ&v;!FNt7c%^hQ?t8m-Yw zA+6z-)>yFddJSS)Xu`-#67fi2mBwixGNup(5pBbh9B;A#6%q@l>@A_an9iE?xs_A+ z$pw!N$#ijvBec}jxtqd1o264iV)^`8B)~?O7P9qyM%AoUv+!P+TKSKF$fxN{^9E^v z`Q?e>H~6q%sp_=J4ocf|U7}Kb4iGnih1kAy3**>dH0k@~19tQ>l7_yci$_Z$3+xui&v10}DY!)r$Es}K;^)8dJzF?ZoX~JGydx_98JJ+`=bxf@C}gyd+*e$5Xr z5VxDQQ*!7zLv*!Kl)eBP7o2bTN8^}l?0A!EaPDF4!NqY0x4apko>@V54;>8`I0`%u zNml^W8nbod+MuDhx}f8PuT^cOl|XO~`R369@RoLbE>c$VE}1gRI+UKF^R2Gw&giV(!Bgc{XDOodmMl z7AnxE6-SyoFuQep-=c54dMgNlh(pv~G}05DkQ7_{l;30&@qG2qL&gsFG1aIny zVxle`2`pdR&la1qBl4ABqfN4ELM~L%nY@Le=T-JM3N3a}W5OalqSn{!|2OvDIx3Ft z-SF?P@}J^0 z(6ik5XF}~ewXPYJepSi5j#=rCLRP9qvrH}14YnW7`Q`7-Vyb@UGTmHMIjZ8>M%27Y zUj29U)-Z_PI`ZR`Vg923QofXtjq5KuP#Psb31mRiP^x6V_>P~M7Rdi>sjRJBxI=p( zWE9U2%$7S?eZiKxbpGN4tzDXBgCfJ83$G~KcW!AkpPIjcLVe(rx*`{d@j5UN`mx8G zM&Y(Rr{MEK3ZajuXzL8&d_$S2^!!t}`J30=S8n2dDwxbcVYpN{2C<@v8zEI%2m#S4 zlJ8#I7O6objR&}I1!wP*+gB3|8hCKI7k(092PTf5NdjW|C}IMYkSVT^-PR|TFm#VO zZ+c%uPE%P9@?x%*xT0oxs;KUue0F)orSX_|eD3P`rT+?IzHc)W)gAHnsp03#3<)(>j_U|4ufMwasCj}?u4HfG!*i=rudpi`R4A4`eID_4nUvY zb7H}#6ni|Cu9I@>lId;x9W0;zRWYnQ4OBgrxa6hnJ%EF+%_dURA<3-mHl?mx_F~t*+ig&wC*e3?rRrIv`}-vKadNsT*T(2u zhsKU!#~ID$cfb9NX#6x|Rsl3{+4^d?xeDIv_0(u~Wfrfbv;l2yPE?GHc0|WB1dY9e zm#U#vsc|3gY)5W!>;xiu1Pfr^Ox~1rYVLqh^t+k#0ERb9B2Tx1Mx>H2;Q=rz z8y91RZjLycRguy*_ZU|lzB2*!hpqIL4O?vNqRC=MC6Jg$+*b&6L3_wpy&Wn zqJd>}<2dni|0wSI;5gk|m2`1s=Z0h*1r7bse}UrOe*-aC{O1gJ8-(hWdB4VDHAe=oHEi&LWoaK)T+oEtmsP%KRvuyhbFd9a>8<9N$zC4sR^+V8S+;UD z9&`~#@L@*qwjGYHv7U)-s2V3|lwy2HWag6=J{*%>8dTpV6n~Hq_h87M%43EKPwe#d zv}2OuXyEVoK{c3$OoI@n;XI%WL1IwF31=++4*&2{*d5nq^&wJMNVxG_1h+~p!yGqg zmq9P>^9fGl3C_=l4|+#%yb?*BzJ4y$`i(EeVz2veECA09FJF}^ zB0(P`#1{f_o}BShtv--i8|vU)8usYZvEUj0q_? z?Ui!;Wqn-4I*!xXklO0T-TxaPY|$NUSm!##EZ=*9P46%VTJDygBQlaGMQCW|MIV91 zoFS6xzVuSHZylRM&YowVk(l1}!RKvym+6|&AQWehtHsSB)V7|WQ- z%6>lCMdsc*!cXPBRu$NB{JkGom^$rLmN1Z%jl=K!5jIe7+WH8}hA>dg|1GwviVmI8Fa#HG4>t-X7yIr_Bz0+?~|1gVa=W0G7ni^6nUj z2JO$2`P$WGZ~Z?vRpw;6vDh9FfYIj^LBeQ;=;7#J>+u1ZQ z_;P~plKm}g15B9BjEae6kay!R`f~T2AfK{I56;#2N8K*qOn0tgZ@?6MyF&eA8l-4xKOGLKF9P?ZM>qucC=_qc;#v z?}0x$0X2b}oq>ua1U9#STM+sxbMSc>mt_VkDTA0DUqVqIttE#N+whA!G?o&JqRjl< z4SC&lq=JeZKDYa77^%yMI6nWJafgaW+Ed)F_@z#Ii>KRCFJAW~UKgH1w!>(aMp4fF zl{;Q8=t~L38eB|MAl=#+RpOX@i^{VLhW&0ewU?MJy?ZMbgG4{KzMHDfbLYhri|;77XN%}C3k^Ryjz#&o`^D{oJGl{m}F#%)qF4N@MF@ytc{(M8B_9D9-A29=sg$_fu1;@4Z<5W|u_o1%p89g+R?)QP72L0MkRT6p@9SNgzz$zEM zw|!GIPo9~VI?{)Jd$WE$K?S58EHsOfl8K(vf7uS_5a?>wG9lLhg?ky!I0zrI+J2rq zG>$9)ZdDF~GWVk#-tl+8!rWdz<{o;Es^hN7LyV!ZhPc@~b`V3pucwGb|8UTZ?><+L zir8JejG)98QA#rnoDilb<~2`>u$?5VSPdgPbQpW$h|~qp@#lR=Nk!I6U6%b(@TG`i zAtEZXx+$VB%hQ$FT)yuC6IEu*+07n7Me58>F&dwb9b#(8+xITz^1)0rIcH~zPS7Xx z%s917uw#T`?7_UisO?RriJ`AQPvv5sjvhkYBC+7u!oG5qB0w!8^amDBs#S zYxdBI&ZD2r4sDpWp9gzxW)nwtM-}C(Zt1hA9#F-JQ{o43+|$0O2VDk{ZixMd!7k* z3(5%>55yNSCR+*4C_zn_#_80F2Qg!5JeW2{OJbU9mL8z|VXLrl)v0RxKYnG*i$vcTOMJ_s>;NC@Cuf)pX%b|`Z^Kpk6 zI0h8qSJzP^CbfGMdChnkjw{xV5B+}2KOgVCDwxaZZ!~hgKj$=oyM|SJX;Q9mG+{P7 zR?s7l!2XE)Jrk-Q8dr$-CWD{gvmFzDq805`56tWSj%iabR2LEF;KL#YN*A#Q1a`Ah zH(UkBRU>jpAApF-4pKEKgZZK!Fhvx-!FV%{q&Zyvg?stvFrabYpUQoX`pyaWNSiA_ z)a6SgmR`UMR9Lb97nf3N#=q|Us{?4CJB=xB{8YX#>H}h7WR8zfOqE z3+^P{33g4sAK@wq+?X<=Y2(Hks^GIkmNo~lh_W5C#zCM(M`1MPt{q0ht72W^9`ivk z+&0Y3Ilu(~l2>WOd&vUu`K%f@sR!A?TDD#mq~t%ei}S?6@BLYXCLK*3d0gyaZ^C@I zN`qjg4eJYGN0i(AY*~_&Am^Xi6Q6EVMu|34>a$9&%b@#;ifk<#bG0~*44zM@T|uUo zMD?_dLz;*MmS4X$79u#xNjX#ONz3(y4I*PCmB)GozYvCzq$)@?Wt8TDyfRrvB@H0f zw!c?WQBUGWV!f&c@EqZw)XZV#9uYR3ljY$sv{t>{Qk1wkD0jx}nFfa{O4MrAsAaWPX1HY-PH4}K_`|$K zZ&l(?fATz$mOuTx)2gq~bhHf9{7; z5xg4=(@&54rDUQ}NE2m^ghbfnWH_0kKj#Q?s6VBMUd^PmxM6|BZqDa(6Ty4jNBy3V<=JfeHQ(=p*zvLYv;!EuRq*;0Md04Ha^Ib8t6Da zp<_&RmSYcRvq=cCR`7C1*nrdQQON2S!Z!3b1q{{N@#AD7+L}MGd;=%E|DxA@hvGzc z*3o5so|MziQwfM;TH|m1>q!b7*o4z%2_w@!*8|M+{g_?8MN$gp!7a8tyOxE^6#b7> zDg+&k*=$jzCD+tS*?B!R&$$JOhMZ;#nXHMe2hw9?2pPWGya{n@ zYSoy=iVRG;w5|Lrl`%cmnc+OH%=;eSvw;htZKriu3*=z z%7>1?eMh}irAj(3I>aa_ds`k4QQ&#;?^Hq8JdabLkE5of9`X*H`%4|Rae9P!^fYl| zWt5hyr}nGcUGsF-a%=@gGBIw)nY|bHUK%;&??O#$256P>0-?*l2~Q*FxI!gT_1+2l z@*JZMY{hOH-ca2u!?Q;zDXU_dOvfgb?hg9kx5i@yWoVXuQTBlB{FuzwlaHHp2~v?C zpr3UggZ|5f@>wO7FagQ8tSj1HurqE;NH7Qn8%^;=lasH@o#Qrbk7%UT*@$16&&+b8?bbvUa*vk|;tqi`uQ- z>9*ubIs9*C0k-m?vGYnTt<7iLEfKIlz24u@aZK5c(KhAWW;}R|Q+vcE8j5`eVIc*u zCpdbWi*5V@BC^N}q#C+=4O?p*T^X51FfOl^Z?=9-7Yw<+Y*o0O;9UrHaEk5{cuT%& z+493`oQR}-F5CI%%E9e~*TGLhNaHI{ghT77YGtRI0wKfJD1_Uhw| z?BNjevGUdM$K6Mth`z7Vj3I!GQ;0b5k?T)wC$QF+wA4VI+9B>S_i%vYJ4ZCRK%|+H zCw$CnbhUI89d#3$1zojrZ1T;fG%{gl!7?qa=v>kiMhcOyBciTWoQJmwRr^U9_^r3Gkbh_Q%eE0X!l}>!}OT{AjoeW z2!CEa9cdN~5&*GM3XgAL54+BxM>j@#9{HL!8G{{Y7tICSN?+|_``Wa#d~dI4T98T| zHmwR3%_wDu%N>suxKXB-m}9jJ%y2WN^R^|j=sFb&c9)hvx2ZSvCUrdz=oo%$hqV|B zpeYn=!f31>k?k^J1MYDo1+DTg$6CW7FAW^8l1H0RKj;E832U}q`C4d`6IeP8<6bzXBu->(qvzJpg%7g^w_t>mj*juVz zgb|+)4&~lDG$HsX-3}#Ow|o)$L^G%xMvoS?tnR0;yv4RzrdtIOA8do-Bl>(-?26Jv z)K9wi^Wql5I?fjfzb-NO)|@K@+bk8Xib%qCeR8=YaG|*vq#xb^t~k{p^1~9hueL6F zZ`VRdYg^90&YCPs@0?Ij7rdR8O{^U$Rz#ulWwQInViIM^2?{c`AWXpopMy z(3#yh-}9l1Cz5gh2$Q7wtTkyd=XNrflf2w?6S_&_(~g>Y_DY!?b?qGipnUi}oYawP z355a^Gi<32k9nmd@SJC*K4+AXBV$PSwQ!hn-LLk(i&<7uArA{@nWz$=gu5r~3Ak>{ z%SkjR?o{-EVC*`CM}1sfhP9Mcc*tsek>@NM1n4;4{ zEFLZ06Jy4m0bKQMZ?Z(~L)noZsDF055q#fyZ(}T09!#vQ_oN|f{C<{~9(5qb>)8Ar zw>$Bjf0Zw3YeFS`K#%!LHs;7X(YMIrn0ZGw7OFwK>X7mFylIv9nO=_MPg>d^LW| zQ;O!09A%!UO_=|)D2TMF)+Wr?3bA(&3#^@%83%d1;Cp7FL+#=v1o(H1j;A0l3b4b! zC7Q8~UBxFUkdL6hija3QZ5KbY6oL5V>GvO95McW9W*eUS5(|}}THf5Pyr3_DRrDvw zqBxv~9~0U{Ex+V578Fx!PktpwyP~>p{gjPLY%~xhO5$t)DXc?QK?zl&RpMJX%8z!n z{t*#VWkD*+=lI$w^+dT{V|o*rdgleXRt*t(O%3%*TUyra)}fX$GjF$If8M=uG$k!d z*Y1NyxsU9gg8dSj5qrR#S@bsM)~Xa+sRbCAS~T*w-3x_r808y~2q zn`cNaqb|96A`hSu}!Eq5o=Dz;P->N)a8VvU|dRM=062X`nnhzFyA<=bpLcE#C zt+cwmzVs?`t2_5t@TH0s&m~s6R_`UfHiXQWEFju|AIAtaiCuJLhaMI&W!iuhQIC3Xyba|`8<&t&fIlr3|;fv0vbh|Ow9A3&|NzWz^a;+BLrT(sqpA`OY0e-(!L{3wAanh+rwmx(mCS&~ zEaEb>l_;ZW1BGt$5-`BWTSKSf-xt4~d?BwUJh7jk^=(zQaZ z8%eUq8YmPIXe0=E<6IExlz{ z=iOiP-`HY7e#CBE$=%(7Enw~V&Lte;!i$2QcB%yAaL0s#s&o9nctrNO8SRe}K%(wP zyPNiM5Eb936h>!h<+1$X=nG%$f_Omva436^TmZ-JBWQ4M?*;+8H%rA;S($JD*yG!7 z5rO4tn0;RyV%&6b8y{U2pfiGT3-=|XEByWg&UB}>03%Dc*CWAc^rf4-nFJTzGN zlYM6BzHm$v0gbH{O8L6%x2~zxRqN#_PUMThk7~v|lznc}+y-^q(ah`kymz!bY5he!M?|&0KMJ!(y`sfiDq+M?*zYOY>t6 z%X&hht+>tJw28w4!WDDJXEYJ z`is83oXz%7&Za>uq|1Wjs3h8o_Um^RBa@BM6E1LS3fVN0MrYl1D&hiwQKm_l7X%n@Y$Pek4>-|1g~?qjt#+=lE41g^Ius22x*9<;J`hGa z<6a_44wgoP@Rr<&^{7X&NPkG6qoe*I=C69?(c?)QUX{BL$j26*C$7kG%w1T7f%KRv z6I`ws9Fe3oc6yNV=j=!nn6<5?x9xUdFU4jruj6YeTgn?_&Jal{=>Hf9}msD5jp z?5>JX&X?CG#3@6?4NsN#0Pwb6+8u$n$}P#&*~_RSgC{S+VzvuY7yd1^i`_?uagfM8 z=6lUmN7JJTl}j(NT~4>2TFu8d?$YS+)(dc^QyHuRBS~f>bvk{NzfayS~#0tx{XTPU_G$%oBRNY3%N% z6SUO4XK(C}E|stTD;Jnu;N9J`9gMbevi>*oUTZ)oerE z4h7z}{ONH`@{j!Ul6rDMo-Cn+tVWIhB-=ros4Rqw$T>o#@D~f;vQ-DQW>-jI30Xc* z>Jak77pW$mLPPdtHHtgR?p;!n9Lg}(Z@C}A8AnBC828taca&MSi+`Ya?}kza>sDP! z(Y}=UXA*8WwAo_F%dD>f{i|_tkzb;_Lm5`A2ksV*iTq2Y*_q}Fy-#2wp^sFkp}xvV zPMf<U;!zWIq=$D8S zWs`(1k|04tZ_J&^4rR)+8m<MKSGMB8PXB%*j z0#K+wUMTl0Y-E2pd};>fdRQ|GURCa2Q?ywFV(6>lf;1&cOQa)UA?)?`KB}WV z0$2HhWC>1pjYhoQF{g>ESMDUpvnAgfRxN1&@N&T6TAQbqSPSEFGv11FSWXwee2#uY z0BG1#cALWteypSJ<=YqI_>%zkZqo##*RAx%Szeop$AG`MdoaGlB|fzSESwzja!6r59;Ki@1BM4qjOpW`l7t|?vVC!O={JF$+ju-=TEr*J*}#`G z089|}O-14G(CsiuZ^&bsz}sMvy&LvcI-ljGJ;FqMZ}O{{YA0GvE!)dsrOtSXnM#!w z9T&Lyu2hqq52_@Vh1Q_n+^ki6F)}w1+8O#|w7vXL%-Lze_*k&%_sZNmYkZs*eke zWz?jp?tfoOJQhYiF3W(@+AxTE!WiV=6tnGMq@kvM1o_B!$yEEm9Uoclj*ncF8|$y@ zDChOqYT%05srRamM@3km4y{sfCBxp zh@&idVlTiwQP8oSIotM3SsX7@83H;raTaCb17Fsuuqe3Yi9G`jnopj)itMu>_JPem z(oJ1(`1XWU(ovG+A6P8jEC_wd!M_=0IL{Y%@V7fUQQ)8}o<<%Vet&6pnDpEX)ZOu4 z$aJ6|G^1m4G(D<5@WitH_N1Ifs^_(=MEV|V;!?TejC3Eq>uzY2V+h7s-u1**-YV7M z^(S6pa{ey9gi=DU7SGmV`Cub2K1p!>fQ>+AJGe5UBuAPbp6zn;4qR%VD0@pJ*GZAo z_9N1t+mUZRDBByos)n}HhSipZ1Es@2#w9>7#q;E})9mu8rL|RHl=XyG3Q(=p9W!MZ zVguGr*e!)i{HdF;_buODSvmLWTDJ!N89MHw zTPigRaoZtEyX<&qSP{f@&a8yEA9K0%ko4rMat3GpsoJuOsZO{&DPqF1z6C(~_<8bj zw>Z&@2bVmuyl*rJJ>y0X*4*VClN^`fdjc&$zzm{A8& z>N@@3KW-=tpxe&RO!~PUH#0rj7&kL9Pln+4PU}zn3`GOD)Lb*i6%r8zyhQi7}R<)&$1dvi{%DJlrF&mE>r2{NkU=679%lyI~ZPtaaYmee{oAhht?nf_F5>KMDMPfCjOR-owELBKDBE*`jbo% z_fDowIOKSd=IVf(Y6_d)wP{+5tZ;WJI}JcCkzM%&eN!QJTXuda*$E&UuC$M>iymPq zQLhZBbEB~=iPPrU=XXh2GiWNmIj4DPME;_opv3vzX#8r$j5gzIVL*td9#}s@4@(^< zV2Xp&^5l>8-5IbyUQjd~-?^`m?;pyC#rXmW2M``!>&1j&c80G!%@D>&nkAR8_H z`OW9kUkF+R{3&i{I4O`vRM(Ge4)J9SNAAV^u6f1HcT{YN$6ULP@A<{*V?!XG1=oQ5 zhAkH&?hv@+h?EH~`rF{(wC8;da(RfKvXE`{P4n4wlbpH^Is~qc4_#IiEQKbYPq>7c zA_@RLTr_<0@Lko@z%hrGcb3nBLm?H_(i3IbM_RM3p>>b0$Zg6wnFT@*lwFVmzbi&e zk>Q8|B>Tz1R5uOeC!V1GJQZ-(>ZeC4;<1g9DeBQCc1~d-{*Heg^04Mjx#mw9X0F0ALa_^Zd|044 zbSX4=j=V*wyO*m7<@Dz$Ew>x&m&Z}u*<60H*4q{-UCIX>QBmFl1joyckATm66(oQ) z1b7I89zF3Dw5KdT;i2JxuV7V9n<^mIhoLp+fWa|P@e8@@ZHV`wyb)_FMDD0edI;7wld04io=3>|KxNZ`ixWKVa`| zf5YC@|3Qxbf3z_I%Eexle6_NoV5~19mE&rYuV#cSKBio1Cch{~Vds=q{1~GyQzXKk z^PmW?w3Hp~tkLiWKsR(c=n0(Rrylgp{G%HLooj<_lX0A_}@e;ic!SR5Gh37A> zb|S0agQui^dek&}*@jR(MUbkU*F(k^!GbUHdP7b_;~TbC_G9bwIFoE4V;(T7!|aSy zr5WSAfIR8w?}n|$iI9;d)5My+#?9~@?;CBoJyNN)7ssU>Cb@Vlw79% zZq~f&t;xQB{)>l=5{O^B8RzF0MtpPXXW<{|16@lm@-quXLG*a8Iy3e^?k*AN|M^d2McbH@>D_;2jqTyFtj%GMbI!5i zE6k?e!YaSSBwPuSqd|MFtqX#aScsA58Na%a;v4xI(MR9jmg!Z?qc>2>yeEs0Md z1X2AOQtxH*{)D-c zVrU+%tckk8Irsg(zqGDJ;QCU%AanuBPBrRkOjz9Uw*E(CvIDur)6rQ4u7l&3GUvy~ z3);djYvey*{_&fEEPUC#oOqFOqKs@BxW%XU?+95S-8e#DP3VDQJ@ANm-^iw&rcxd$ z@GlZhRoq|sYrPjV?je2P2XHn&Nq&h8!>p7_lHvJq&0m*)&{4VXO>xwL+QKx^9MRbH ztvBEc71vVCl%01ttopAP9;l`kWTo}>Q=t~G?>em?jnn&Hz&+*IjC zmATh`tbr;%AAi9SFN>-eJoYf>O>n}aOJjO5Ws_{fuYA>6Dk}a8QE{H z|3G?Rd?>Z?W}xXDI9VOx{7@dSTk!|)^hKWa#MjXRWf~o0B&vC9P7~`43(RwlHXXD3 ze0va4aqqS33}jIywX0m8d5oUIrEcKJLl7?{o3Wn6HiGN!^@~iFqID{cOcXbN zhvxw<%aE4PI-+ByCpLkcW9xtOkXTPYe~K9Q!Dyr02etSqa;R)9C1wnTV0q%hE5z;$ z(r6H%DY*XzQIA&Muwq(wyCK1IA?DJtIwBSaH#KA#++ObF^_YGlWK=k@b@_?JSG~PF z$2$`HL;7Tw(a&uPs#jM5(%BlMQ@vB#D?9H1%G^6)b6Rv~4JjzPs_dY@cC%rq-4+L$ z@q21S@kCZl7f&XFaHx$ur~5BxJ}OZr^k?Gqn5f`wyh;U-ZA+R_h8AKS2HX@vv2_C% zaABa>LS=jk`RX=qu{V61dnjC2Ib(vDfl8e$p}j7$F1?7iy@{LM6lb;R;+Ku+e{F#U`j>H9%^ z^fPB7B_Rh@yY^49lLGBJW_7HF{i{aQfQ*R})o8K6u+3Df_{BoZ)z4RI5;HfYayY1M zAbUEr%CP_HV)x|0(w8D=p`Yx0aKce0)t$#}CvJ2%#m9IRYK!Hz^Rok!+fVQ%Q_G=g z4?L_VsdY*`*Hg>ZF4~d%9W&MwWHz=^J60m+avMgb+}wkl$V)=rHK|=`7myI699P3K za*9jS{|W3{w`y3hF;9-r7|Hd|#Ufy=;7HGQimV$d8Y?wguWsp^Hiie5Kab+Ge6(9~ zz+!dZvXobUP~qyD@S0Y72>mNv>oWn7>W(KiZ(<=bt+MoY_Yu_zaC58N!eNmqET=K4 zMdOFMeWWFass8G_zS?w&n2~P2j%92_exy~30+vtmrWuHLcH1E9+PU}We*@K}M9U6; z#}$co`Zuq6n9^+N4~Tb$5?RNYaz&D`{LO0yfxKwLM?ETQmp!&7T#+d(|Kda6QF%}B zr9imIJ8T!#f2Tg*wE|ivBY}5FgRwG-)2#*ExE#E>7;Izv0C+Zc_L)KyIDo!(uMYrWN|c$?`B4uZ zvu)|nyQuP)YI`l*>kbDm3}y2OT}t&iQU$@ZMDb)13c);|c4ALE?6|1x7;bEz*)&2s z;jT6&qpxPjExKnfAmW)l2+doGWzw?BgOpoOL}+FCzsq|ghpxjBro+}AuaZ){X;l80 zjNSaDkE!DTl97%GAMeS&GlEg@4its72g{YQG%oks^LX_$;I$U2<{8geq*@qyD{MV0 z1Uu+4&rkHCPTM+_pvl$hpE^bCzk2nF%F_P(`G&1VTW#c8z4%A>B6*3tiSr5_=i~!7 zHM8OpG?c)uVEMuKwq9S(q~h4O6r^I`;g0{n?|SQ>$DCip!J89QZ~ae6pWvC4@*ai% z2b%55o@Lztesw?U7D3H22aZ=3uV92sQ5fr87( z*(0-*Rr(>^1ALteqV(y!fzh{Pjq9L`5uHvUH=WJqywIyq(!NT@|%H{yRv3mX+=%^?n7JY~o!Q)TAH} zGRQ-GN-CAeYR&y^*Vg>yOU=Y;^SeBhFaRNAFZ4TKO=etiGgMJ)2N)gFTK25|ZawJ;lUyzP z5%B%+L=6;ZLS6iY)RxpAaw!C%t>lyBAY@q-sTJJb5r)b~C^8ZJg#0Q{7AVwDGhrw} zs46)4Pj-oP%u<1AH4sLPVaUE~J)p~W=*gS+PUO#&sn4bPA6c3$`MI)cxwjF4s3nz zajZVg*yKO%&?XORn?ga)LGJF)1CaX4VT0co4g z02r)rsP~oEx&Di)y6ir8+>s`RbOsM8T_j4w3fD#m_bl39KFMZ^Ne>>8XY`m0>CW3q zAJD3}bol{!-cg(XZJS`zuH}tAv;~Q*DThxuX1TV<3Gi4S6A7J6D)Fq$X1!&?*!^mJ323Q_ZV(nApM5!!ZQJllcZBHaQJpzCxQ8Y6(6j@3y z5d1iLf05~}SS%GKXC!_McOrzSy!b76y~k$|BLL8w0wVpECNg6T6HXwT(9giWWGI9D zXRhScN`?$6UW$Q4asAo&D53R_^5T9pyQ9Y-1M=u^X5{}N1M+_y5xR~@5?Vtv ziO;cp#BFJFTY$&5*SK!!&okqgnyHZQ!_8zVdfrcz*pRE4u;+E?1R1VYZDDvisH-eM zFfJjrq?VCw9HgwliGLQsC8n>Hly{gEs-NJlK%}*h((1SeLCxWCChRM}4is z^~zG8oGQPR9*flDati9_>wTZj+L?0o`^}K1vB};D9R=;^R_Sk5p~2>%pQWwL z62n8eUEXeHY+hw-p70nd^3?{8I z16tU6%!WpI-;wCCTMA(iN@KXDE7BszqPHd*6JEVkQlkQ-bqe>R) zlGC6PbTC%zC)yxb={Yw%k5h+fiB$(XA0`bon81r2|tWKfR+$Gea$mz zepCr@y!R@p&1B5Z;q5P@q3=S z(kKq2J)S;D1hRNGP#834qDmp7gaY}Y8PE^HL(W9{tV=CI6q_Q^n&))8_@@sG-uGS) zT&tty@;}IaU7S%9x5J|~gH8TWSYS!I6kY%ut4RG_qYc;E!PIryc}PU1||O5X)fG|FVZ3D8pFk*7_w@vnPMcK@eDafglt zw~VvZix%Lo&d}eco?gA@2Qe=FM%oA2!c_X{=s#)XLl^X!#4t>*>G|vP`+`PNhmsAJ zOH5L+G}0);Zvtum!^UG6V(M$iXWj^`0CO706M=^`UwqK)`OI%Ez(13Q;7*(X9Q1$< zoA5cj`DczvwBX_wo&o(n!88Kx$C&S-Iy4LYB~AVr*L9>-G4u~4%onICproFnx%~y} zj~5U!B*naU59hwzD@hH~(vORCEpkd;vvl=a$L#BF*b7S`IwX&)>1quBuws-*l;nQ< z8G_zCAz>NNkW<<;?z#!Zpmu*dI!beT{$(All;+*`UUw7q;L&peXWvyGu!{$-EN?eS zA#llZ0O?`A8B66nZQ|m5e*ArX!00-X@^C zrsU_$)KS7u_t#+TK|74Q%GjOn^xy%sy$f%vH*Bn)4~wG+K1l>Nd*FU>Sk;U}XNBmy zvv6vW&=d^&7eR;{`J3|bE72*5Bs?l91qBM09%bYiVZ?3C&#mWgUw!wcj2$$8bK7-T?~j`5AI=nAD_w^rtizB^lxLr{ZI&lT8XMXxr~K~eJ4j69dpAl| zY})Cfkozxs)b2!?sY1h8E9qUMw6a?z9+wP2S>~F~gyKqcuyuxn{f=R09xNm9kun`N z=yeB84e6ic2_#U1KOp3vG?^pQXl|B^Amh6KX zLd|cF7;Gjw%02L^ucoqkE2owTGYmT)IQCEZ`hmoeEkwi^81> zYw6`JP_~_>*cR5fZ1ua+uoWm^?mJ3??xogfG)edpaPA&tXFzKgT=Vpy^WI)tZRi$C zux=gqjZfd4*X4C9jRR_uxA51+REk&XuZchv^9SYX2mW-Msvf%k&mG}wH z4$Jc$080poj+Bw945+GFe;A*u{~-KZJg=whTm17K?o7{nQOjO`c)1wzcND)6d^xm! zRR5G!!GSL3X^3)AFRGlbH=*@IR$ua0T(A4b(_hoSUY>aBEUA{V@QPd#3x<|}o%rpP zX&giCl0RHO{$svif=qmSf#h1?7mnr#{y-uLTsl$)i|zmAoBqY&qXE??efGn4flk}- z+|6q#;KqC`x9hk@VXCjHr=|YYPYNM1$21O@{W^O603oSPX(ha~X2^{Ax;=QYnWxLZ z;;6&;r(Hrj2}B?FZN&PASfiOjN=6|6eROOoqy#rp3VjT5vtl`tvbb2^MS76JWx!UV zU6wdSX2f|mmszuZ*!fZ1*uVD|M_zN|dNh63{F}(B`T7k_Z^)zH=+()?^Kh_ZwKBYATX;wOHe$MD6!S?&=ruV!UGQJllxa z*+*YQ>H4>o4DPLq5%@1aXOyW1S{8#0uZ39WG(bM&K&6EWjBd;a@Rxc4z6GN7v5~Ix zpQ>lIaLF>@es0JhhyEnT4y&N)?WMO$Y=tcY_?BrP+j1G)>}rDmGFnaa^dxl>RX+m<>POL#%+HkhEm9C9fbFZ+cR6X-t$6g<~CVsTQ>=~ze%5$ zX`*L>^zW_VkUi~wpF#<%PqTo2%=|#Lbk|4m2=+E~pWEG+-P8vCEX=g*h3DtB$AP$s ztJA+?jXMdV3G$%4Nvl1CVyifNjgNX(+H4aj+sIV=pudcUp<n2{z1>$r-J~K4 z=QL*iPfT%Az5(xmA!Pck$28~Lu-+5pENJ%#gPA4K}#cVvFsMyzO9|uV6`H2VmoR}>JVW++Vl^YL($VDeNyRV@DX+ra z_&P>Ds{5Fcz!*s9lD<3OuWpR$Q?(3@N@LtHZ|wSp-?I;o&Lh4PJT7ccM&7S40$%cd z?j6eOJrsTn__w>XpP*~Ly3lzv-P8REg|VN3$Ec`fig2&;@xdQgrop(TUH^@}_YR6G z>h=Xy6jTI61O!Ax6hxv(kk}%ULlaaaHaQ2$nN|^yoO5V$kR;IL&>|Tm=h#S24Kz*Y zh7Pas`|iD8&AeMRZ)U1yUfuf-RrKCxpR?Cq=j^?HYpvgUkGPhijce^OM%FwWSWlJH z$(o^s%0@^QyaUzue+lZU^>r@|njnB8K_95ZZc27&AA)Q;l={C@3nd<(YNmoc>>A$* zW0!oK2`%6R$unk8R`=e^|aac`)1ffPaRLZs)T41gJzAO1<8WW9( zS{#;xP!?N1n4?sMr;NtPlQZ~PF4c`n+AM_(!ALYswywWQTFaZi*;U1w#S&K|{gu%f zJLwq`T%0-g>#uC$0d5A&AN5yIDBxCPzP4ufRo9da zxCEi~#}tc)!yNluoqfW)lEIBHr7SOqw_QE+@viHMlz)&^k?B!xH`n^E!t}JS*wL>^ z|Hrz3j%SsBLRi_|&A^%Yo++lS?JwOce9J4kYAzpSb$y=EyG3r|Q_ir{ny(pkgDb0H z4{T*pM{4iGMOE;}y)+dv`R#qZEULX{C|L&mr~6?2T+iN-~IC=)6}ns@en1SVj?I1C-fc( zaY}?z82!oFi=CmfJM0E3Jz~#6d6-~$&%ImS8CAkSx&Tl2uCN?>OaG#1WB#e%uKh^8 z!o7N)zE2grq*rC$bG+?Y1%+@Xk&;MN6V;BCe#t(TVmrU#uJIS?i^gyLc#)+S|2Qif zXd9dJgQgk$o-nE+Uk8TQ?*fQd5$@l{S*G!taO>6n-tk%Kim38Lnsh$>*dr#I^;%AU zlAv6JN0iOxi%^I-;xhDG_5>Qvhdg@!1heq6oK17Arn?NqnJ%K)VNUw{OiBG-8BH$E z$*oOiM_L{7@(O>XK7_k=S9-3R})JglgBT{AW@rO@K)KTd1rMx5xE`@Km-6(z{vaP*fh z5eRz==H~xK47O`Ti51hdt+3m`L8r(=nHJmnkEVi7sz?*_u zino60%B<^{Di6fTQVUOPogvf%t=Rt#vp|@EfZ5fO6--a>mDpQXKR4aPqK4{@x*k{M zXFrp-XO6V`jvs=6lhceKXY_N29|k-iaJt#3P??smR2hteZEs7>Y4Z@ML`cj-5m zBb~|zQW9khQ4rLhqM59m2Tu0j)X$Oe<9JI&q}#JknxOj>1uY(gqRvUaxW=I7#9!2Ex|W5JDuR*=ZOK z3x8Rd3g@DD(X54Xx;nZrrCG2|CHwaA>8C-k$f7Hk-yV8sR8?d#tJ|YziS?+K**y=3 z-!Nhn@}`yAcAmF%S_r6@?4h`wnY^^ZSEy@EHTnomW!UBJa&;kC=p>{|VODwc{5jJv zx(wDop{szl_mG#Kik+R>D^u916Oq#+7zjv$otYr{bWiRugJv4@12}RZu7}rIcf% zf~#s$fDL6dpLNO}qHNBUZ*a;Yz;4*$703JU^1$OrZTS!}yt7u(2Fn&z>@^(|U>lDq z>OVJk1rQIyHtG8ptYxLxq@~dsw0Pvz?J8>437R!Wv4_ zYr5wyzTIQ9L;HYjILt> zQYnuV+{`z~S}P}hYG7jckMhMUFsf?;cH_u8NzaoXcTH`wq2$o{%%fSn1Z`|>(huAW z4a3T@(S5N&c7bMZDqYlmv1bUXA_T}4!rDI{OVHqoT-NKs2}aIM{1K3zoRyvfmFhVF zz3su7p*f!)y0nu_vTl&vOh*ysU4}*~{4wNW2&Td@`2HCa%Z^lQ@yl5&A4D|={uj@Qjwdh{=8WxR$A!dJT ze&vpL4@qq5+Au9s94^RJAAKJMZbBaYxNHAiefFBJgKA5;4L*OS=Fa$_@tEda&Ukjz z8Uy$YO~c?llh8hMSxC}OLqNXbqssoDH~G7hVN&}kMNe=_q!I}SA&)-LHB57T)ipO? zf1vhb+F+$H%w<5akKU3`m&f2Bg#ANeDq(#1AvaHRtzCY4=eTIQLJh7nG3d?234OJR zDrp0?>JRQ3LiS4Mu7ZUMaI!$_dex7X6WH`9!GTc4@0j4QWd*yS; zw~@aV!Q}B25aaYRcNTAR9tZ!`ea$p(`f9(xIbI|aazZ_5yyAH$w^T)0S;!3=#X}+L zZ+`+~7yN^@-IL)g&pkWM)(*NQa)J}MMx>C_J zcs@{l9ox+(5;2ZE%%Sm)vd30GB z-K4q_5r~k&7m;`TAQ)bidVW38{A2?rh%-8>cY6N;A=Damluo-^zYehIOeJ?_)3paD z#?2Cj%}sV*k$VY+1AJAxv|YAd^QhjOtt8)B?;@Kb|03(9VTQas)!fMYO)k!j%7y*+ zW!g2_nEb9fiM(B#$j~=WM8Y1dt0a>=>kE6NJOEqEUI#G+)W+mw=Nmanw8W1 zv}*js(yIso{9kHmzJdT|_C?$Nb~-G_S8Npk%)=8naW?6U=9HqK5n|Jl{Wc{Yb21Ukb(tY ztA^u|O58bHUo{56eL?2=wE%m@S%th71$eCNwZcte;Y|^^r(}l5pvPtxQ+Z+UkV*kD z0QH-c>##KRPY~0{fidc^5V)#XK@aPRQBDi#THw#q`+V(r_twA5=`PdT6^3$^CUA3iKj zY<}F+a9K%|7JQ-p0t`K>GEGUPZ?<$T#t095R*f4E50$sT7}Ld5B+b1j+zv?485si| zixeN_ZQ6ZZQeJg);Kh)HzQ`2BL~+hHTiK!Ect7gwR6beVQ8;T}JvH;A^N(7?Igq$) z3%6)l4PjsaSFtjoS**C3kg&Ap5XYn-PjiPOad5dqwc-Q*L?D_h@5u>m-{IBKCLzY|W7pctzd4rAQd~{k zg*Mt?Q^8)##PcLVyy6wXXLkfVBBYItEMHO#Z^EBxdmr{HLa#+1Gn8s2?p@V|*el%Y29;>vwHDx_3(_S8_g1olt zH>#9fep1YQCxmqXqghEas+JHEAPmp+V8`H!3d`@fr*I#x=?|+mLo>!z;ywt{{ zsu)0h$1G|66I0b6V(CEA>kigRjN#D_n*_<`qbWQz14RD&k^aAsQlh{UewTF>v5j<> z&F~k4S@JA?@m+S6*IFD9$6IGNriL@>a4Cr&yme+z5aJ_x7$+OQM17D4e)N2s%=ynXB`~VOPLv?o_RMZuwUW1Mp?b;+i%i)BYjtccvsJA=IUkU?Ei>FPGNkUHDWYv`b3aN$K&dy z8ESg=+#~i{Nmb=Z=F6`heFzp*ax|G6gPJW+Uow-|PY(Z&z9B};qfc8x?15vkZt|C+ znVpOU{-f{XFK!C|GLU;mVDG>5y*~NhH~qgOUd41FTRH>3;|bS3&cb1cLt}{WqMeI3 zZf7btn8o{>L(`g^H!)7fYC)v=Gc2u=u0LY)82h#BH95~~nc#u$I4S|8Q5>azMJ$Eb zjW$C+(+DY@&pbvD8istxNtec+<>f7ChOBy!6oYC#mqi^kuVn`!5R3KqCC(U-~jV&$WqP z?5HiY?rmhd)N}90=YQ!t^Nr!%zvyh&Ckngx*koADAG6zU`f`%=d@amV9+GC?PGus-S)twebQis7ewKE>pWE0tglFFN#p^~SX~ z{ABTtO`MuU`wR$ak4?3@KU?rziGc1_^^Z30I4Xqk)o?F3k5Ra8Ai(UH@~-f$p)n$F z_^bUz7e{ZLw_}#9Jg;1P5XF?RQAI>m;q#79Q?IwsB$BF{({Xg^ER(qQal81@Sdol! zqaumy5LIk%L8YgD058(USLILvUP{E@_>N^o3AvK4N5ohR-!FLFxE8Vgw+FJ0caPoc zY#DM2?>>C)old}=hbSKHRu64&wvNXt4=3u`$E+7v6>HBgQS1gr?B znu)!o>c4L7K#n^S1b&b}FOeKMrZjsVD&j?mpW_lxX07M$h`bds;Z4x(@NNtKe#3MQ zbeqw3I2Ah{sG`pe!yZD91o{tX7?g*b1wOO-sfcGnf9&O_UFI^=sWl{^-ho>1YjPU< zfQcP~H_mYiFw1OsxC3sD9PR%u5q_S$n{_`!T#)}bHN1{)wD@6t_SL{STCyh%G9)xk ztQj}IFe$0m8#t-Q68lio|96M~o#nuxmab3;@fTY_cQaYfx{O)1xJ~BU*Dge!kqyWI zap#JSD<`l6EylVLEg(QPS6esmJ;+oQUq@HgaI)j|+SFh7RHyewIcSo+$v@ZTKXj4&txN@o0_dB~Yp@j*j5}Wyb=pMOdGDBl&9RBg}6- zrB~3aZ%nu?9|x?hjG|lV4I>)s$z9X$+9KgQw-y&dJ2=W(eOXBNj_o+nYlpW zA)T~jgFDxL#^YkoPof9O+9;kpoiBg+w3nGN`5XDx+uQT%Uw$D%17hd1KZn#ut6ls5 zSBF%AF^Qn2GEW^vV_W-tdcjkK967l!PVL_49@3?84=3j4u^w;d&^gpYql z6_U-lHdN*V%PvsvRh#2$d<{ID%kL228p5%Sbmxb-*$>7gE5M5{E$WLrD7_`0_|_jV)@VQ;GY$Q6_#V|S=;hsG2JxC@V$nYghxJ$UR$%age1IoH^_=8 zd2dtKj&Ikjh46`8eI=!8TosMacv@FS1x>Q4p*^p|Mqh{VzD5nyeR6+1l%0{~_9x=rTD z0v11(cH&FopNMX7_|p?{=3hH7o`&yAX*=<6ZQz4@#xR{YyFe75b+Xf3dSUrvTr7g^ zxYu35w^DCGB0I~?rA5N&;apZ6Dd!$H5{WmD?6{k$^6Go@y~=a^&rP$v#FRN!?LZ)kRSkwh1{o?dr+1HV-3JM@LeF7{=$ z=jbx0cPym#=g!pXR-yF#@)NpaopX?9b|6|@gnaB5IiE_{M_7DFXs29cUQ8H|99L=m zqXMJg!Cc-v&dzG>Dj*hQ%<{xVZe^N>WQ^wQRq!LoWxNDSkw;Fo(z1;MVW{2l>`QI)N zf3C`XKL@f0*WlL3$7cz;BuWAu8oBiHyPr3PKhuTl{<|-5Gx;`I(B$nGdX`3HnKEPq zB-&+cKxAabGE~-ZtzpPoDx~B4q{7B&vDOu~P zSGk_8R-xS2qw1A;>o!d7`nQOkM5eVDUM8>V@5uD?Tar$3h%9!pi=f=}#`&Dg0IPCR zK#3mr-_bX&7wc^+yX84|RUTGljG3E!It3RvrwnPxvC#OfSY^K2~dFwI~gm;y7S4TvILbG1Mp67_mOPTBC6~n z@sEWRs_zv0TPUX)$u8S)$JoV(+$mFfrU4G+BQ8{_#9<{D6|`f#5e% zidgT4sBdOuKpu6tk+nS*@>sUmPtbL$9l@KGn@>(b#b^TmggWKMox$f`l? zoNtrF8VC&$2!WLPXcgT9fY-7Kafh+i$oxqpSh!|w?C)&znVNj~3wdPLwRH#tL}eLA z-^f~p(ub!f{dC!U6(+A5nXvnPHYbYu7-<2(53x7-EDcmayacVCs-3OUNZ_jG#J z2Q6Z;>hpv-tM`3N?ngn{`SQ``>Wx)R)!J?5z+BE{eVS-5%c0BkBp)rf`o7cTa++|w zeB*`R~F3!4Mq0j6$NEFW8l!Ru?K%I;1)!j9F=J3otzQJTTJrCBn$N0{w?=7EDu; z$+$aNKy3Py)Sp8@Z%aHiq$BnQCFesL7R?HkWNzreYl)CHKgW*i8RJG(wQS|?kzvrf zp7#skvNKkp^$&|ph->d$%&vDF`D^5^Q~8Y^qW*lc#g*-W2NQEjy>oK@LuC+x)wJdl zA^)NT=!?bvKj{W+7cm6s*=&&(sH-UST>S3Z_pvIVxii#zrt=0%9xabhb(te?a|5CU#4$>~@OsAVKb?*3U&b(I)M!^A%#)T6q=ml=3YFRtz@p~_5dM(95woth z87aP>wZm>Gf2i??0qdPz2=S7GOh<$KPbnB*M*&WrvWPtxTPxhCt_KLLa*`y@3%Cit ziY(;z!;&MfxqdOl|B;Ak``|w@h`OoxY`8bDSF2zoz86RgAFSam2KguOk)8`lvG}yv z?XPHKij>)DESx_k9)1nrw%K4j5(&{vlDPbH?g{)^bT7Fits-+3#@WU5+x(|QrfyU+ zFD!8*t$S2(t@kQ{Rs#MZQJ{(t@X`uUw)ORUbheoxQ81$}HK9cmX| z-19=WBQ<@m_e+=dtNQ<;`ZK>=09)1Wr?41|_Og1=%ghvXJ!#FT(&fQg!rN%gq1%h@ z#oe9)pZViO{jfYC#n`@lux)Ezv%~~{EGQq^aYxz7K-lTwIscowl%1F}b0*PRY}`t; zsh%&FC353WvOr3fX5CONZ8yldh`f#_fb#d=j-fm2PcrL3r2#HYDHdrwAOC%^Z`YvV zj<)SuD{Pk0iCLOqiX|HmqF|GI!cz&NYp_g$;XGy^M0EEF&swqB+wOY}`D}L30J(LI?ZHU*KejLe?zjS+ zpXS(@lDRsih&y)lI9%;~>_;(5jP#Hn0uY+j?0P5;H!}Sa3)C{cbBs!RyXZSa(*QnK zUgG(^zdMz7>g{6aFxy|zA7~SI&2A)Z&{>9AwXmj&bv5Pp7pt zKClUUGc&?>Y>u5|wF?ZJ_f1UOW{m6aQ+1=@h0op2oUh+V+p4N`mVx-)6rvotK&Is% zcz@vFvSYCmkVXqjXN&)uv!J=F`C)m+?CSZdoaBy}6RX~kL@}sVzMFldvwW_bGP2^l zP`@{>qcXXQaF*t`EKR*+;%6xW zX*%Sr!x)~H*si^Gn>^93fY~*x46xR)ja)=;fgZdy>_SdKdaNk*y*~6QFj?s*u%-B< zT5Phf%!ct_>bDcMk&7v-=U(0`U})^EKY4WPr+{8$s)iXCZ&-bkb&!KVdCPT@AHNfG zE$+^Q_CMNlNX*BOP9>4KQQ^kp8no+Ldf2WPxyaX=!)a=EEszGs$My)h!snVb&1G` z=!UNdofVxENJp!nvqx3UVh!!Cx0EnPV1z{hUSh9Go=ux#8H)>6olNwpql!9o)z2AY4g}O1^#syG6xW39(_BAbpg2iPY zE$+1ZhEd$Tl-*>E7&Lk%v*+g_{0CuridW|pe1afM!7x0kU+N-*UCc2F?wnRPzM4F&-sqqo>w4Xwcv(uUqmM17Y#$D?F(Ms z#7=q&>!jS?uwd7Exb%1SO~dlby75*;$eP~Hcu(R~Tg1Kn?~k7p7GK94xQ|`pQ4$=- z6K8vtpl=)d<6=Kn9Q!O~_OfWDqTtbL?(^No*_=1+wvO10o_z>Q6B*F#V8}#d&Q8n! z(aIJ0gxYNn?HeNpvvXj))`+{72iuuZm9*-pt2p6J;#G|T5 zfK-QEAG`ck)foj`uY=Xyo&23mXl6eKP*`Ku67w-=T0p8jusVQV2rtpYqP%EV{roIx zsE;e6;G%p3bLlL8`xw}Q=j6DnHMO*;SpnWY9#VdeUyirt;R^p_WjgY8oeZ+M=W&qJ zMPP)-F~$|wM-tqy6)OObKyLyY!%~;eG91 zP+cG04%yKs>l2^4jBd*scGcyFj%9ouNaATvURS    +nPMIgkU#tLPr}#PtyWZpxpOq=5zfx{0%RZYm;>;eO?6 z$Srg0%uSEoOS?wuR*j|R#fYK*>>@*i<9I07w%fGvO4mhPr-d14Lri^=Xa1*x z29s4;zTDsLM0bV%A0J!De~{*Oo;k4=7!B^rkQ9nrY_ERkqo!yHmaqVZg#mtue=To5 zd^YO=@f+n@M@$wsi^(Nk7|xTrwmiB%Wm6;HODd#oOKYE%LASp{555J?s`iE+G%^$L zV5wJn4z1U^lV!O+&b6$k+TIbj%m1bS{`xVxP%zMr%{1D`EXCy;R&?s}^uI~*Wr2yz z4TZ`C<#Lj>jGaqQzWf!}wKbRV@YjlL=VDWz4+q`;V@|}q{;Bmp=Gs8{>K_uMiyzW> zaq~&U?mws6^KWAl4-5a31(K2@aBzKtS=z*xBxw|_jx z>OWRM8gpNW7|7VuI_Q?w?85x%{;iv;Nj2P0A;j~A664HN17*BNIZ5}8q~8Cn~Pl7beki{Hl43RI)I zQGdY|YsZ7~KbJBd_x@WOl59)bX6GM){J(`(hI&_EN~Y-Zdua~OSkBgW8pZIPf}T?R zSd4i0^pZ?2i6w*8thn2~IBwbNvD^N%;V^k-KS6_^EWzE0aPR&y=(#Wj%+Q zgzvVc4eYoR5g1Znss2bQHvjJwpgaDwt1vw79RVLt7m=9uxz3kFP2oh1x$Chq^_MJ4 z_Hh)9og}3Mv*G$7NhRW{eZKMOS6M)~Vq#7$Adf7iY=gLY5CgY;0z4?lHXl3r-l$~< z{+$IgIQl^zQZ^ib2?*(t=>JYjs41PanlBj*7x2+ojvM(Tc;zs7-6!PH8R^+8BzTBnvMSsU3 z+Wf@eW{bMw4Zz^Hd6AoJvP1U=B87&LmQxGvxlE4D(g5M#aGnA^hsG2-Lo@1BVyuDR z{=Cap6&x2ygiV!*&=8+$>XGMct#tE%aDFyv%F+_W&yw3_;FI-2QA*KOBY&QWJMRlj zu}$ZDO1Z*5Wd+Y8Q-CM#>p@j$ywB~Q;Kq;38RJbJD)X#~&$&x9sd7&|d z*>E8s-eCmu|`D~(<36o%w!k8zal78nZ@HRiVOC3Yjf?LoJm!-H(<|3(;ind z7wIT!kqreih`4^J8q$aWp+IvW1lT*QOFr;c>WZqChsE4T?MqP-_6cM~B+&yrbv!1v z$3CDoKHkDn!)zZ$%#PH&aCS`KEphwBg_${N4y_@3uzi2;17h&S?07MB{$~G(O-Z?& zqwflnH8D*=I4#CU{WW57vKD&Nn&8ih1LA8zVIV3Y^TWFtD$)DGpw5bTMj@NGTzI!B zq{s(%mVSuQR$*?GSm=8_dm(RhOz>7M04@hU8-r}_g9$#1x3>rZXVz_h$VXEwGkSs7 z?Nj}}jH=B$b!R{q+~>Zx9#86xh)OtV@*-O7_4@97SHvbQouP^g@v1weO}xP2qmgU$ zhFS0%7()1d$jzn?E2o>!Smj4s4MSHzD7b^Yy|Rk$FCjt=uI1{ABLaN!=;QdQzQ68s zV$My{5#H4Qk&Jhm`;U*TlctHo;uiO6Zjs7-2kz5;*Li>E3&B?fN=gh2|JuW1d$N)L zIE;e1+BH={xgd@wDI)y!J5Hi2=^s!671dRV9wX1;&uyf^7q1A>{XWb}44O0q|IVKR zQAuKN;|`}_Im-T6(?&$?T>TK$G7%#QWeo>oyDzsm^_Ojm!!g1XOv1NX9`%2`^8DVd zE#I7gkW};I<#GVQi-3b-==5wjd488D^EP~)1cCjuWa=UKUCX1G0IK!=HL0`NDPVqv z$E+x1DfzS`E^gBUMqu_^LXOrE#qhFw%R(9fjtv#Vdj>>bzP_c-S(0>uT{-r7dUae~NNQAr zm?Tj}e6sRdI?IMj}#pVP~3 zyJ#xAR9yM{n+;wxt_GLn$6FU!m69^~2f@#&eKEH5g}ZSA-);Z!^xGXhNZ3w~$_Zth z_xOW!N@mY_JIww!fZy3IUGs!@ji(Uc^(}elZI*^<6X?;X^4M!Ox#8bBFSZ&(riu-m zeJ6D+M}!?0yVM?SeXJkO3;HeQI?N2=igwXFH8CGr(-vj+*{xKHu}5qa@{~7jD_!gb zyanU_XUp`kH-#DQsSl=e0VmJJHnXS%x*r)SKg>S}qzAo`_dmK`Cco2!~)3@U=W8kMoIEzyePaCCUuwoBaIe#eRbqu}D@zzdt z(BKO}dnMjWS2@=n(Y5G{H8ZpGcG zA86|RzX?tN#O(#iywg|1o$^Bh3=Gr(@6JIN-eJ%X7%}oF>b4tp%Z+tXDCdzQBHX=l z2d&o)PqM^j;IXc{<`W4G3M{EyJ-*%97x5iHZbx<&L zQ?pB$<@tvTRDp1)PcZgH?f_sm(sMLA7jE|o+zEYVk3v9c=*uO!CL!$nbCY0C<7r!q zhf$%0fJ&%Lalutfq1`)dXK%nxVM!M1f72<0@p0ZkH}{|HhP(ffW9e)CxRuZF7h*tw zH^nOE*=DPv#okI(#+*On&LJ0X zA?{=@ssDI{I@m9sQuK%|yoI!Ezq9<}1_;ozM|E zrUCaj6CplX>|Eyjm?Y1S!;(=~fe5QrmCeXa9WD1wzoD4OyH59P&i$`);W4j#X4l z#4=TVFvFf-1M9uX+>2h*>b|dhj>;penhXc|TD`wXu3^59)^x16_O2d6VX#u6Vm43o z90k0T-pD-nn|1Ez(bDI|5N?BNhiZlFo*P9BA(qx8@fEK4i{w^U0f5jGgyWd1$ckdP z6LgC`4G*g!XnPZEv9p97G{*vSKr7_-Hl{F>uzrRDF%v*fRsgLrBaQQ++S|@hM&&RN z`gxHwJ2CyAA6>Iug7mum6QU~X{LXrYv=D*Q`p*?TZc#v)FVS6bVH#L3S%tj^ zb3WbFj_$odTXh0Z3y(k&TZze2M3jtEE};l|rtErFzf2P0mHk=_SbmjpY{5m5aNb7c zuK+=JaJa_L_%|W8(hk42+nN!gq|U6w2*1efd@$GjH)UAzqWpGOyt&i5``Mqg=C&?) zfJI=!p@82R9&Zuqg{ppuYS>>lBoq$~YUj}B4!kIH9@Doe#mxu5$hUfOqegAi#I_#C zYHt`>cLn<$uJ#@sjR8jN@=#=2Yvp0%FwnVHugq% zJEb_cMvPI9;rea`!f{W6FpfW6?gk@xE>fl(B?+z>-laYVm_iKdw@R1SH36@z*OMp! zhs9n!VVDEb^KEL@xd-=>oX%rgeT28U9{QIEAm?ue|6dc1g_P-*c;yB|q#wIS`EOgy zOnxn;yx_zIqIqGg^(x%y4wR_6XM-Uo%6|_WpZxQ!;KJM>E+GjE_<|omY`ZA8VgF?8 ze6fk%50B#ToQlBh@uZgd>G3nfLFmLEki;~{Zl~vWt;wE_aR2|%@vO6|?sRO+E=fX&|hH?Wq z1?;BzSuDGlg(Lm3xh$xP7R+g8`j;@iv*$1|Ym&Qst05rt6~CP{_;^**UM*LK>$0Mt z>AEYtRk69{6uaWkxYxL|b#dTSjLRHO?}>X*rKJsWqb+-B6F(VZj~h&ZvwE2)bPyQ9 z%BI9q#0f5{jm7ssS}cjJ3_gU%}eq(Ynak6!4sM0N~sD;hOOyneEu#n|_Z1kXi))P=9@T*aSOyoMM5fOaTJ>%zqFdD4QR7Qvz3 z9mOia#U}ve&66rnQ%cXn%%15qDNIPzm=;zUj3L>okZ@vUf#Q!H{bi^C zhx{VU{i)bdRd%W2#3Rbb=e#XP0=mQ$4ongbM%-uM5XbLBKsb6`#A>IkZj#jNH%C;q z3k=LVhRg}^7ejvKJ9ymVGrrGNZrcYfK1$#N2l6(o-pPEMY-aj+4u0C&qPWc<4Cg0W zDOAIbV4vbMIz3m7vlSM{EMg|Nj}Q{e=9b~TU5qu}(~-qug85$g1@y4rtLN!S+;XfV zMP_w0J(U@=mbhHiJ_jG{Ibpf1CTcF>cU;23wZ)x@owi7;`$*SES z#l->4x314U1-Yb^bh9)lR@H(TxS15GYi6=?A3Q(osd^Vt*DQutkg_G%*2Vk{g;@bI zzR9(Utkj4?Pl({R-^isOSH^|dS&7MPp3JHB=+dQ&SJgo8ah29QtPo?Ol3)FNtvXZ4 zpRGUD%wWs9^&+Rfs!nI_$0D5*0-SkSG3+RlXvZr(D!TZpjiZQ^4f!6A4T9e?X}jI) z%{;QK!;}JK?dS|_r44aOQ2?KV5(Oet$*UF0hzi!?DKOs#noDE|=GVnAe@p9p#exUO zdhm@Sgk#xf89f1;MZa$r@!UqNn(KC1XzypG*Gf z;2V~uH+Uoe0I5-ugkV&YWm#}KM_|pa0u-ZX2?k(-xZl!GLN<8b&%+Yycd`%+`T8;w z0Br#nw8gRCAs93vOCYU>v~aJ)BAo1P-4@lHe8IMH zhyPwPO6>?wLOIMKW0v!nm(TKi>}6GUqqMocolL}#eD4rNDz}I53XEQ~=^iLQkSo$tdEE+-|&FSgQ5eSMpY=C_p$#kn+dRHmVy1nd!->HqSS`d4inygC?NIW+peK6a% zzbxDB-HLLP-IF4&mHe`&nopkqp^198j?v0@h$ya>Q3{!Yh6U^|ox+;#-ai2|kN5@; zYz!4=6tnnyvH;cY13s@I0Dy|Gh5)m}fnm6l-2RGs3CI!V`ZT(~f_wC&OS?@hdj!bj z@PpdEexwV!eAtg7YfH-Ql;f2HN*>=e=ojHDlz5R6DRFq+pLqm}Z7dAi`q3UWY`n_HsW~KBWhZ?gpq`=v+%VPwjNHIPojace ziQ$#*I6r&Lm-+BwJw$op-5V0m-(?bRNVtO|0Gob@ueNTMysL%$!hZ^%FKg~eyZWpQE4Pv=zrcdN=>HS5n8_HUzKHK?EdXSrnbGAje zW2EV%_Y8!pZcjMLivw0Hv2UH6IOMyF5YG(1E#T_`pb99Lk|KN+t zvs8iUPtwiuHtPEiQSXNm1Ge6ffPQT*T@q1fD z1G+E{cJ?l{bK;xrkmN}o4Nxq`7Lg0|KaBG=CHUxz+ujGqbjpnq9WWG(Eu%_jt6d9( z`ml8df%pf0N7Vj@D?8TWXI7?}Mh%UVp-8Kf+h4Sj>gYxK<#oUnHa?fYI*f9h7@lc84CbN}`Up@=OiCqT;g z_Kr1MeI7T#cL{QYG?h}D()X%KOv=;uMMhcWQi$Z8B3h#SAu?c|!30F(ocOVu{$bhe zIl3IvNYTVr58jRN65M8t{HQ#o)Q6pf2_|^`HOYgYe&N$8A{mJ~-qv_^%m@^vCcfpN zX1Ik1t#rpwl5I}_@EN{`z1U~PT2T9l8M|8<^c-0Y6Em54xHbpH_HgpK9VFQP0a!fT z%g*|N$yi*?)*B`xA4&W%dV`BuFkYL0)}DizWu1Wa^|IH3vLmYFN>wc%P9XQ!mvqt(*}jbnbxU-#8D4DagL;CZNO2)3rf!kU8d@ek-Ef2Z)1y(NzP zPtUgX|D=VmapGa{KiGQ{c&OgL|39guEJ+KINy^e<&5~^@l|m_sWSK-LTgtwjR7epL zl4U}uEJN08lXWcFW9$=y!C;JS%zFN3d_Ld1?*IS)`~U9W@4kQk-*SH+9>sOeb*^(= z=Q`&)*Y$os->>6)SjWZ5RozZ0u$1Oga&UE>Skq~9L-f<%Wr!3_?lbSKV!R3vb!i6E zG<_DMb@)@g7HC&*JJfHNJs23a?e3>SVMO(XR9x_`*NX`so@QtVkfDg}`&r2s*+L4v ztZmiSP*e%?g`{DMf#Y%v&yrNc@DE%#dcU|w#Ke4;kW44DvTEsLkkd`L;f|(s$}=Hw zCNt5Y>%zUS8C4cP1o>dhPnt*XR=bh~4=l~UHe+xsVW>Jdwzh;j4CrL=n<8}3Vw7IeSC(n}cb;8&g<$I84JQ!ka)m#>nw&;W&K&k>xkR-H*6b}n z2jXjG_>R=B5Rh43kc`GkJRFxvN7MVgh{nQ@2Ts86BuLCHlr?;4abAazjBVXfMi}** zftJrY%S)Kvdqy@tKV4tIy4nugV@xG)<})>xV#FWu*mBz$*H6>$TUqWuFFw#+$3qdl zx6w`htvc%J@6!)oZ*EHqJuNu(& zJbwK*0IGF<@GZWf&V!zo-n1Ds^Ogdbz2f(6*aZ5^mjxTQ>DRJGOi`{K_Nh zr0Mig^_Fvu>$oZY5MZGYlkGTPjLqZ+*6UVM`2(8ph_=<-vhkPF?!u7D=yd3d<$U2Sw9+Xp(#GoeQemi1uh zR$Gmd(U3yQ%&wVVN6YB>lbk=@E;WQ@6naAnA%x)T8~P~U7r74XK4=T6gIu(y{iO~9 znPAHRcP{}K(b?&hK60q;yM-V5>95fqj0@Y;MVbKuRX1?#_^Zm>4~%^`BzLI8EXx9a;Mcf=-c~C3? zNce~8tUmKG=I7di*ZcyEC(`n~wjHzC(Esoit4khJv8yVsK06IRBz;!s7L$(ay}~GJ z)bR8P?HcfDKTVhx6mGbvKBU)be87CkSj0HX;GQ9TzOuF5eHMFFc^}9m2XVsB#4oAJ z+J0LpMQ8M4Z`Ju%juNX#8E}io5wjHw<;PQ`=aQ7f9;F^(*Te46>=ZSw`t) zj%1PnRw1%$uc<||Dg*t+3-wxUcDwp{^lFsXI0jBrh|ple0z4WD}AcQbxb6&|+zXOWG68ZLR zvd&xpdNJXn5da7oS+qyNrC37?Hg+o<$H$hJxx7-&6t$#`%{Wl3jNfM+K?>s+$ z<)2bDkbuvBv?$N^j(g~ea6WI4!vYdN-_|t|QW}_ZTY9N3AYt{A7dTm6>CalhYI*bYZa@^>13m<@;3bzvDitjQJy>z2l@XBX-1Whrw=wI( z`qoO`&$p=;8#}0bZ+->wRC5lJHy4~7t%s!4!8$S2W`O~K8inW3v_3@Fuw9J0p)vC@ zx>B21)Kh)6bnzo+TyE*;%XV#g#VO~(Qz=^p-YwUDdwXS^;aWi5=ROCSGkZ-D2Up?@ z%nj-DXt*UAlH2IavU-86R!bbsXNfrIvc6L|`G;L6-&I1j>V!U%Ib)Vmrk)a6_eTF@ zjrP#x>{mB8HJSW$lK(^Kh7Wu0Pf?r;ZQK43ubFyy()Mqm8}&{x8_EZ6?3GTI>T4-^ zKD<=0?@5zwM~8C$A%o*t?4t0y;E%eFoPU&5Qdi#ahcb^?F7F>2Py>9#eShTjEmHZj zh8j8Mf8?F%8vOo8LG$_lvrc;X2d>GXbFRfC{83G7@FLG0Y1jw1?+u8}MwJEL!dvsU z?sGbP?=u8weLMMcjbOe}JLy-8Z2z+&g^Y*CBK7C1?$)5I>i$FGoKa@QcYc%aW`5spvl0 zYuZWaV2W8XL*boEttSl~bD8SCBETI+GHEy#`J>FRwaAKcM5JbC$wCdFeF-B;XLnx8Vp4$mS~zG96oi%s4`@R#=y537q5z9YsjW!uZB(d6Dp-}9_o|6^}Ifd<+cx^umN6_^4{Zr0$sFXLR z`MD*7U)T}3Js)Z`dx8%B@+}SQNt{jrhSOIsG0a_=O3lVf;GIPOIlmpQHjhs)eM-M% z#cQ|vyd`OS;w7^a`=tO6O~a}1EVs}lvTe-p^tK-F&O>d378RyJjzQblSpw(5q|moJ zVv~ez^?D|5-&aOhRhXWI0~J&12P!bPa-Dcei`_yGK0q;hXdf-w(2`jxK&4FO+xd=T zZSzW{5AJ_}#7a$vV5LxJLn=-zdx>Yr)*He9cNr&a?RpOu{tESk%oTC)Te~u!>&)}L zU&ms?i1Rs({UAfHAc)Y zNlIPpgCj@*W(-wv7IUD=P-O(f!t}htsxucu;U6QH9TRMY+fh@ro(R=$$fuN5o+FE9 zP>OJYbR|7J;)NVxKWj)2g+2RFVV}zv-W9N&oZIlI|V0CM0`haxM5hfuuQL9tJ=CCM+bE%4d;N}8oOF{I${yBy(pjjRzF^}4S;c8*tOrN49%F7o2i4* zXfH3@2D|b+vquKJRvB_q^1a)A zL>cjLY%4^;Oom2+Yo+L(Z#Z~--Z<&rFve%f>&jko27|ul3#;-ND(%)>{(&Fb6Ep`V zGXx&`%*XkA>6BOo((Xa3VJB}Jyw@CC8m(Fz=YIq8pDg}iw1R&H)C=mh?gIcV2ySp^ zkTE@mfh&SI&=3;C4|pOKJpM+apm#4<^cR>i3@Lf)L}&n`=276AVD#rFc)ppf71^_% z8rYy^Ukqjrxdz14kp4$FRw-}Jwh zbkhF{`cCf^efq9`lryQ!`Iui^(*0^}(>K`*mECAnyVmx5&+Tr1?OkVZU7t@Q>U2E=nE@=cE`mNCjBc zQwan1S!Bo8Vv|y`A;gH*UQ^2m6G)pqP|w*VawVEK;Nt zZrv>0oPAvylAww?@Z)v@e!kW4GK2->sf2M{9o!+KWIeux245Ssv(K{~;5%LdY~p<1 zWLh4=fnOt^7wZpEF27Q;azMKcA6j9Q5)()p*Sz8WH< z0qdp%>zhLoUxzmp-@ULf3>)xha$%iM^~1c}dt3?q@@05c_RE{Ak*qGji`s)`O0oPT zSYhEY3=j!oz(6V%q@cesfHnLmn8#eCA_uc>v$W{vx0eUx@!REGa|Ia)#;aBUG-Qz{ zk<3D{OAHmyq6_1_3>vc#)%oZFWZnpUdvCcOyfu>UAl@S%XC@I@Ufy z^)2fan(ieB_SWGnSh)ZJwfD*`s0zvGvG)jQ>&W*|rgR z!VCkvPQ@fP+eh9Z07Y-i94&#AAS1yl&=+J1FwyjmGM0#z9dO()m)@b<1H|E)q6D{# z2MvGre%@tldHr7DmOBeP=WI>fpKr-CMqwjU7EX87U%JRSD!iw7dONo|7{}3e5sSd$ z$}$(Zu40=b?_vGeir?A&i-#unMK;|Tk zgsAfMph~TMj>16^ht&)@kO+EG(R0RvAPvVLwjw|{P{mNGuWCgynsJqk86=A<9=%!$ z_DveHrqHfPi}grZe%2_n6$jD*Tp-HEKVz@U()8}#WtXZb%=O69dySEv;4;9Hn-dfP zXP2N$j;>@Fu3c;gmb_T)lV}zf_-hF^E-17XAF*HhDl!?3p}`P_r{V%VZCoGJmp&Wd z&qcxa1rT5apNMBri!IVd>FvOTv1v~7gpE1aD3(oDi%_MD`3HcCfjU{E6V91NZi+;CY+%!kAfD;T{LVtnu?D#N>bvuu;)GbFxA_-2G{ux zwK6So;HK7cP|dsU9HW;P6vx!@*HeFd@dOH=7`^n!`wlfTCf%f%o>-$N)1L6;uy3hk z5o#{`W6GfENT#8x}kQ(7gcH-lBwjAfa|FZXeQOa;4}6=<_FG7aBkH>xp2 zL=8LwVl*@M*h>aMrED8)2j8Ehs5Tqxx!LWOPV;j7Fwgk!$U;E^P@FV_zZO$`;q0X- zpdei-aErjRh}7Ple9`M=WzyTZ-Jgsp1vc&adz%$t!O{!a&V9-{q+?xNhesvEL{9Cz zI+zUR!3V^jZz;FtL6UVsgq(PCtscHuVG)^Fx}hiZRJsV&*)yWVw~6Rv?-xDHeuh_B zF$d3G`XJJ{C=9oKQPbEtyEXI@30;ZixGP|Rs$yV~FxgthEOck%xe7cjt3CwT zvip>Mpn|YA-`nNA)}tL(IHMzx`jX+F?D(XTgk@{m0W7lj4b;Al?rSAC2c$=UcYK@I z68GM?KtXDQ5j#h5GMM>+(gddK8p;};00WpHbq znfMZBq;dUV?V?^Cf3_~4!ls)Kzdbm7QzK7D$clYXllZm|J7i6-e0+fM*j{&>7oH<_ zx_;A*n#nI=H|ERuti3bFLVG1bg`ONMvrvxyau6%dgF3~?_np|qd2MTawxm%pUj6x4 zYzWLGQuOYoFTXY_U=b=`*}Ygd8?D20X0Juw`%AsAiMv8f4+P%Qdh~+h)6>?Qf}aQ7 z{x`1_(2xEKGi0@}F379#-F|1GeEorx`qlBEjccJU@z*7+vUJ!nYmi`O>C^l13l=8a zlq2i%RYE0co25e;>y)iTVI4~&b3uTROUAJDu4T>Cq-}d)!#-?M|LK@c} zq$^qq-9~ua)%F+S{#)_G-5Ceh z)+L@#ui_D5?kw_D!rsuIMrTgz7t1-T~I?6x;$jJ;HyG0Gk8m{1_n@ zNuXCLh&PsBE4ErI>3YV+KgU&tCK9262NO3mI0}$lz+S?8{9ry3=t~mS&nKdYC={s8 zB%<-{{8N^50QG$1R|B7dyY+A1#SiPbm07%2x+4bu~3Fz)n?z%rqyEx0O(sp z@%U9``h#R_JPuq8o#d0t8@1$@A-j!&l_I`~I65x{DvAUk0r==LX@0(^wQb(JK+DBj zhqK!JB!#nU75bQKtErq^=^FhAo~sHdGUY=bgikvo{loSP98KVBkh{E}02Q%}o`Nf> zK33YE8U6tUK%d5nG_bh96}H`N5i2QT+8M)_mix{_Id8@o5-dDsWbbkE3{lwqftFaxL z95oj+SA+y21O@+*T^)=L%|qu19=c^K?R@^!RfA2%yZGv07&jvAm8LuMUh<}z!#ejR z(%kND{uKOBh^6-09E+GpCCU-EY~LrWC$dr2$-hp~K1(u11U3`%*)lElnp2`euyF3} zhxXN4ujAERgixFcn^oTW{x~h4a(naiUxkS@QfLWMhx(h|ifx?Z@6F}}_|jr3776(N zva3v0NQpyNGaA<4#%aA+FEY{mBG$)Myjyn1q}uBt!rD5nUqq*4E+UoOYl$}&GKB6Z zk{oz0q8e)9*r0ct z_bFwxZB*^=cK&}z`@;7@?9FUd-P4 zhBift@Q=R^>0$EESYM5prV(j{Jo%@#Upvy1$LQla?X3KD`_!qkSfmtZLMzvJ76EKU zFcWwW>_3WZpTVrsvLs_{O z_tl6>PSYs1haM*b`k~c%O8S#g`z3jbPc;T5mAub`e+)gXoJK*~Kl?0x=1rz0HJAU< z;Dd4&B;ink0&%|Jq?F>3`%U=#rjt31Pn6=eE8L0{tv$Cw^Y4r*w2l_P6~SSDLf~$` z*y-oN(+n>b;j)Ob(ureROl-aj>pvHQ7U|aFe=UgeEgcGU?g;OSDmcH}b2?h*){9Y~ z3LIT#(Ic3f=GVn@{fmM@gZ;5Sa1ivARJ(b&Y*-L zX1)`UvWINKj?8sRgy!#pb+P=cUGIczLet{zr4`yEuqJ@Mr%@34XX=UYLOp8tZyAYT zY$pqhfb%wqkxK_4y@-)r++7qjon$`>kkhJM4$bZQS51NDW+)1*WamlG?I$=lE5==_ z<)d6NS=W9%4dw;l^*aDR!AJ&h^2g6~E zfIA4krQT;K8X4q)0jOF;J~V@C{mzvFCT6L|58*~H!bJJsF{|(~+afWhhOvoTv zJo*s|17OxDxgda*Rb2!?^}w$kl8SnAE}Y}x$m_ZfG#cI+1$RLXMm~kp=M6q)b)Y>T z_@@zB0e)mLYVu36hDdjn5{r8R@Q?VJ8?eL1Kh1f#4Rw+WpvJF#E*Z$drvT*?xEOO% z+N+cVN^iZ~bZM_eDPI250^D^77|&ktR-T|9=bFGS4^m0An5RO)o3Zn1&{Bid!=wbP z;JhU`McPYmiyk|gawZzVrLaHehmj0<%S(p(i*I-C#p#7fU7Nt3{jv3U;SD{_pu=ds zyRx?uGK|K#_fS1{J+5gv5xd*)Llf%RyPYO>pWk|Kz7Tk@-XdR7KcikydWm>w>S?Um zf3l+Ww2EPc)%K)(T)&jSLIk3y1iO!_aUj(2e$x@xr?gxY%C1`_vTJgPZIn`e@?Xc=*}as=z5Tqb<{)-}no#Ek>pR ztj~V3*_^>2Jq1UuY1jHd*TbFZ!CYk(9%wpvyZ{L&-S;G4> z+zjuyxxO~p`!aQojw9f-p#fi&R#UCBvWyI5#Sn(C%X|{Nm2~B=98l<;8rUSIX!mBs zp*9xQj1>|KFD(^yzT2sNyo;aCq6Mc zAMn`VMjsUgc@=<-k%-8(hkiEjC-eMMY77U2*6PI4FGu=GUaI&U*|eItiesgOF6FJd z&S}>(xA(5oVemj(%Ggh#k(|&`?`w zGIP?{E7Nt?!tPfF1}}eQxoBB7WX&^i(7rmA?tn}`18QooP-At~qys0in-!y~_(0J+ z^sJnh1;C|Pq`0{=w+e4Nuej6GU^|B-eDGQA_ACA<*DDVtl^-1y=5!x|%3;54bp1{o zc>ZWFY|lk^ux)3DHn>8CULsveX{MJjo7{)6umENk`@dA|eurHxH~p^(ku!;ra=7x@_{ly(FUPiustS;-TS?w)RI&Iz_2r3*I?B|=k+x`^K{LU_qCGU-0XV|;6*H}t{qW%`jxcSnK%F*??oik{@p1K=z|u+JR2DcR-xs57MgNch@c8-Q&b3M(k;x zJLvNmG^@U?SK8U{ID0&0$VGEJ0jVGR9?J#0BdI15D83Fa+alB`)N8%fOUMAJQ~1? z__!!dz>#~6@$=8fI%AYZQ^N#@qN&t_u9E(%1i)o_bkdP-TW?B1zZW<~de_xd=`7s_ zdgJeEf&pto=0J;vc7Q@34D?(iqR=Hc^gCqruW;gXr~;fSZ}Uj5!%fVNdro&KuuO@X z_t#eUda<-P6W_WsFBo~xG523lQB8<_aW9J=X*cmPb$Xkz|6#B9u>`{VKxS_{PAymh zZwVlWS<9-5E0$Hm zAJcn=T9fVga9Y3Fq!BYyWBedA58k%Jjf7r+dt=d%4D`++krANktar?+4h1)$Kpc>K zBq-istoh>uod!Mn0Zavz+OaTv`2rf*RF{P6Egpy1(2z=!z2;j zZj83}6Id!>nlw!Abo>P$tr#v<)o7d_T^9;&xM&X6zE*JI@e81ij^=o;nxZO4&_#w; z-cFSd?>cCLi?GGO8@TV&G!hLwIt%<bJ+NHA6+hC#GkaV2mFC%7 zcj6nZx7&mJyV#Rjb*Pvsjq*TNQ>C2dEr{(j<>rFi~qPl7)s-+aeEyrqw})x z81qeS^C+mKnhY)gBcPL#J7|4eC^v}r(OQ^>!ToOypPw~G4vinbp{BKeo}si?!r98^bSBs6~Nv~^3$v39rb;&bL5{H7$d-O6?z%B8rrT&dF6a8 z_hrBA3trb>ZX2tZw?U>2YUhi8yzlBxJq)ejJhH^ESAnOFUsr5uTihmAx&TL>1HTmm zRDVA|V#nLSbtY`iZ63N6I%HR?dDivoRI>l<5aqABd@Ckj~ko?!{KpQ z*r%mA=fe7d;acR}f#)sjd0-x>*^_=vdya*p1DaRyeRNoS#;4&X{TodT!v2T5^oE$E zDhfb9-xwKZM~#;^DI_`vEcUG@G86;V@QogaXEBF)2GmkIWxP3$;X{>Nssbmh?XZt; z>{hO`yE?t6k|UN}CtM170aKSr4ZoC)cHGOv{NPT0s``OlK;Pre@L1`uJ~rJPLwnXGb8EH~241>CLYo~< zKSZOJ+KU^dnq$b^0iDSL_ZSZwbBS_GomhkwkCjBmH9OxQN&nKo4a*Q*ZW}7vNLoqj zk2dC^n{=?q{m-zMWZou-DM`8S7=6;RJ{CTtk%wj!kiOo|X|Q1w3ZixKcoBw(v>Mmx z`GpZv;rMgnQgf>(XW~3sAwMS(MZpzZNKzOuDF>&~-0Bm@1wFQtF$3(k!u&FT07W(G zWn!EsS0@v3j7D6O&^W1@E(Qd3R?@7*37rDlRMB$*%zMq$Gi%VZv_QZy8T9_N_IFN>0W9J&0tsIA z({*`^H<=~CT{S`1>e~;dx?)rpwO73+N04vF$NKq@>1|0?LMt?-)uAn;)JpVnx4li~bbIckR^yczpwV znG0wW7=3ra0rGd1L3+m;R$FPGcO>1_|A0-7Bb%MFflp7Xelw&XE!LML^l~Q0AAPD`#rY8HjK^w~k+QKYDD} zpxzb!BPZ&M1kMO~avPeaZBEVo@5pjHBV|;xim|p5o!^w7=y5jqcj}gtjm{%k&5I_I z0f#sBx0Qc5_b;hiCrS#$Pwy9#I3A-duxZZD^4jmziG4%;QAs-^qhl{4w{P++l>PKO zweOX))1~%cOjFB8!!4UC%=X{-oqE-vqH=^#Yh!z_TWa%@k(`~!ey1Aliio^by5o1Mp#R_3yyjues&AU>wCaG|pPa}9 zf&Z|}5Z2&o^L%1;vVbWIt;#UCMzyO28*OVTKhE>J{@4o*{J&H8s`mcTS;VyQ(BGZ) zb#%uco#ksXkl-khL!eodb4#edEh&pK2BvuKqzv@nPL-^A%)b zR%!f@ed+a3L}j(Vvuiz5wF8Myl}~;xVzZ|D>D*Pr`d=XjOWE`KoPFh>+wnU+)>-x1 zL0lqpzP3L(w4#GVJcrq^OyTWmCMLI&E~n0^eqr^PNP(u}>=UaUEgtnB*pA}@^%+)O zZaxuCu>u{CG1a9**S?nWEbP5w9j{G?UBf>*-|mAuEo3Cc6CxsscBr zI0(q(g!Wt$u|JF+m`Uq^yIFP;5ZN!PS;CiJRJlFU{8sxOe>E+D*^5OWn^v(siR;m> zPLY_k%i&UnVjfIC+%ywSL^2tLNRUE=F=>Wq7BtsiWp7IC$fvD_da-D)fWzq)A>HEN zi|L<(yHiRB1xv}>&fVgB^5p#1qXwZLUaE?{y|q8iX#1rb*J|CjfAPkj4fC*;3I6Bq z|KBc)Z0VY0V_R;(0ST*^iX8YN@6o>C$z!{sK7DvTv+D-A@!4)-toiFXQyPm8*Z~u|Ehz4-9T^|K7p(vsNrq@?LPxpnRx}MWSghlkh<-G$fNxT=vv^!aa zjEf<|9OpKpv9n{^r?Y}|0vC8*-iFxQs_J`Z3cIM0kKYr{3rg($1G0s%K>*zH{$}F{ z?rQo?iAm2VX>6xQA&-L!d&DC$RVmM1!YgPk;+fA4&RzO-Zk4^6F1m(`N3dQ>rRYY& z5Y@#ns#qy|-Q1DNn!mp0OL32yixz(w!SR^rxwUWE(^a9|nRX#_@Ot^4V;S!@KZWqs)UxXA zdqt5$f8k6d?Pe9Vo+@^I*KXSeb#=V%E`@%f+f~1Ig~3_` zwu%Sw$@@3*3*XIGDDtfl?2^-+|2ON=&AKo3}Qv0J~ zGfW&EO+o*gOXZ7Z(+j>}GoSd8PF|b!4I0$OVfCrbgiSxNb`j#QVG{vTqY|5|Ot+eD z9bJ6)<{wCCoZw#TsRVAr$(OTDR`4Bp%OqjxhOSiz2K7yXR=t?+L-SS#Tu$*Vh&(Nx z??%03yQeT)DV4F~@>w0=U+@6tb`9nc>)W?)#fCQhk^UV+{BXvm>5?Kfzv^xXZwHXz z)IOQS^bRn9X`{jZ#R6ZngI4*I;fUn!aT)`Mh4=lUF~HU&5c*2T>ek%K6NWcR3w%7J zl>UY-`C>MxO(8)!2tq_1f7Y5B+k8_n!!zwaDWUnlKg+6W!t9L)3r@oa9iu3+hK*SY zDVlv8#9fWE1~NUdrdPf^VtU_Zw2pvQK;?-ps+?7oAA7I8-u+6su^gH* z13zm{98)!swgmLAo`MJYfvEw|0st)&C3ZYn^>%oDIrv)4hW@DouEalxxag829-op! zUVuw*jsOJ#<&cv)x$RuL0>`AZf~)$%P+2X#y}TS8)(r6VS({6^LZvNDlLhHPB(h|q zzwp-_n|8lj2$KE@DGU_AHrOUg!Ob&Ct0#*y_CRARSOo^`uQyp-fc(U4q?DCS2$y~x zEz;ULmtJ^>FB1ivykMmrz#PJ&9~b_HO8bGOu<#7@Tib|tyO&S$XQ)|>@>wU{xhkQJ zImre(v6Q$h8Ecw4sCiHxz6FZA+0o2JwBvvvO7?g;a5OY-OY4RQ&*yXt?a(xf_&Lh| zA&$+0j^pRia)`>xVPG+KWI$D`!tyAxkr~HTXC z{rvuPQ#}vX;|@>e>M8;OuC9`NUyDhhs#zo=^bV(Fn_DUFT3Ln}22a=&g^$cb^+UmF zv~(+=NksU%bg{)$M)n&k_rEa2lgPA8h}?YZ8@_=L?*EIAWLv>KuXsf%+>-9L_+KB83_`|ZL?8FA6N+zD4j+(`d~$nx=vX8katB=yD`$PZ`s7Y@ zYLP&fngYkqzfR1yP%ozT;^y1hCL04E-_g{@1+d92I-ZwzcuAoizdyWz`%9lzzOSgpSyY1bK z_JeLoc=oWP#12~s!(2`Gc)9y2Z-&@ozVNKLO}^ryA@JAu5Hf^paBo*p%)q>GNP72= z&3)9!|5gySoOPHVY0PXe)gP;gr!C(2rG%K0KmWw`O2v{n41yS&4!`T!f>$#2tZUk0 z%&Ajzq(r;ves=T)`A~?5G2EtzrIxzeW+esR4dH(ObAzl*JZ;dqO5naQ#plx~apo)m zEorbEbmWTp6)dc~?!6*J7oW^h*8LI7G5;#Noy~RjtcI@0XI=C^x9atn{xeXMnlMs< zT^rA5PCa45AB1=%-jV!(g2O*!;P6^i*z|*sy8;I=V5=ND9R7Wl1erQ(6!c^6up;D- zqgT&fHE-j347$ayCwpD|C1-f%=B6Ez8=E6eJUwl&$i0e=%wSQQJi&PgP9O|%Bxlo+ z89J!tt`qM*Tz1;14imP)j4}xWcOGny`dBf0<&-wxv#i`qBLB?ULG83K8Fdo_6uygeF8-QelAhCfGx^XUWt=bS*5^ zbv~km9G2>)aqcUu!0$QcgKgdq@5`*oaY0W(3;CwjSa0cQxrLW#e z`^O5Q`Twzo0u(IN{&ISmq@e{?`>!r7 z5fShrBHE7)elnJNnRK-P-CAcIh^1vM>#rio_rnvZVd7vAX%r;6gBY0-6q-hBJ(kM; zrPOk$o!KP{O$|HXOYid`&pB(vU+*cePRe(#J$Kgx>1*2#={E#~LXpJfGsObh$1Z{Oyiv>WA}({xh?sL-5x_0mVNT9x!d6M(IJIW8u-| zOakYZBw!(A>BaKyBS)rJPhQ6(zTJb!JK=rlEtg%TBh}>2p4*(4Xn;a}i>gOT(Vd=b zWMr6|RIrFCt+Q$-h?^<#A9ei?CqzVjV8^UbkiBOXUc4mm3I5kgfUhjeRjd5KmTOjPdCv+6Fk2Q>mJV@o8RA7UQossCHUtr+i<3jaY)|*wjczajvg%>L? zJ=)Ig3!1&xUS-<5+AFj~dt+KjQ|SqgXhZ=fzgNTHuI;_?tQB&Lh4?R``& z;N^Rx&#f`J9BLlh8Vkp`1Zh9bPCp+qD!;?C{)zQXM8UB=I=$@mBn4amyZF}*rqMzA+{PM| z%~~lbb~07lm9O&_OP*5wp8o}P3#y#2Di#gR5Wl?;vAjktC~I8ARI;JINqUq5YUihx z)k^}E%(S!#2hOVMee*xUMeIH=BW54%c{6o!2l1phL@7eAszegZ-qI&1UvFRFo`l8_ zu*U_W8`=FwWOV}* z5#i;qTZ0gk=5$~#M=h}pyO|iB-oz8!o&tdZgf1`+9 zOjS95cDyGvtY7SSVI_W$v(uUF;KzjeF@vD*DaOvh7qtwZNsrCYjN`PyRVqI=I)Fu5 zhL-#38W&M-Uvp2FY^?Pkc7U2_xlKn62484{6e_v{EF=sCu779;)+55}W-g+BmL&>` zt_UkWSJ|ZT?4k8%5s5fYXf~Vib~xm5lWEtXn*3y7gCbnDzaQ4;|0#?8nthmgtm^3B zl;IptZSXwPK5T}m`UQW@kbTkI!Gwrq2R?enrOrFn_Pb=~>_-8J5_W@>cS2K=AcLD_ zb-NnWFpGuDuI4wDVucb=uuE}Uo*X56e$@?t+0bGnpUx|iLX^jSEr z-&C)P!3sv)NDerV4&8X9fLl{gual;E@y2yvP*Quha<6JOKAVO z6M2!3Tm-Lup?6@qfH+8QH1wfn-|TVi>=aSK2O6`4f+=}FullQ2tplw#!~?U(7gkGW zb}N3phiM1L&V43!%%)LrPKO`#iKSPMpSIIUwZGW(ntk)-W|eD$9?&zF9YOh+`rz43 zHeZ*FwSvvCh6pgn>O_{`V?V!d#h~uA+#IF~4Vg9@zxkP9$Gw;bcYnLg{iw;Z9}5pH zT3zPPeyt7OOBBDY`j+;R@PxOQF88L^hCOa1E&~*#vP^nb4)2A4h7mv$;`$krdPGh;!y4A_^AB} zu*x>RJQMSJ3qObYn#MCd9?Z7qH+txDIFALE(ppcM2S`5U?H49iXlv)0_~Kg$-LUV< zkt02dk9wGwYGjZjF>{G`cpu>W&Y%r62xS|WE3h&i@XY3RWL!_Nn4RNblb*Vs4M zasd(;7ZlbnT&Y&raqytdOBRnW>U-362P=Qu6?U@GYS7hr;P2= z`*v#%8c#7wolHuwV%VimZXG9`1SW16O!0zxG?UD^*&^oJwc{fon`*6w5yLBSokcZF%l)3lo zrUKvflZAFg?w___ryxe|U%Ekpx9Pp*d8AYsgvn(;v_{*k_TqQ-Dmq@&4}H1I1MEr; zIUf+nB&0$P=U4GK^XtPEnm#MjOHF~lL`*OICgVl`Jz?*g;W{^3bA(SGJa+CUdjS9k z&u2AUq%zv!UHfP(`sv>CEYINgiDMC(5#~sM5VlRS`!43wM>9j|;}@mmt2^Mgp&DV4 zc1OQ#{U$v69lth4g0oS!HEfH9xEi)zYcYLPITd#xj{GL^-J!I=6SYaKe?idj%)PV3GeV)ZLvQ zcVJB~y33(YAWA8>EtKlFgujaESr}#RcH0r0l#eadZSiFLbURv}5T4+#o|gZX>kA&l z1;n}EOM9M_zcFk>tAd$j63l}YK%VWL97CbWnY0lvoaF)zjjSr6lc-@;9dKZUN|>5~ zVsKrNRMk(=r1{qpgSwnk6~qn%Y?saP1DRcPSEu}HR(pr-&nY(0jp{u^LDrQ#Ok>9; z2eL*w&?IkG74^aA0sTrJo=Q@lmnDUM`To^Hn6@sC92x-|e^pSWZS=Wh88AtR%ZL^o zE}2v+w4Yju_{Lr;S!oPyE?+LMAo3@6%&7!aftm{JH`E}j-&No^AHP#N>>d;@ZB|`O zzX$)ym~NhI#!E5Rfs2tq%HF_H7PvIo+FIvYJ$9d3K}s1)bl_hIyxWfjkQN{{V^$8k zmF7c)WoOQ>R+XLPWinh{mQTDsGXj=_0e7)TvvKxcW^P^}Xxk1j9{gYIy$4iO&6fAA zf`CK?C5R+J5Cb`<7EnMCL69so5+q6v5?eu%3&b+ zbLV;Pn)zmZ^L?}Cy)$zcOIhnsr_Qc@>QvR)`&a+NIk)Txf%_kI>ZX~S;n_K4rJG6f zBbI#p$;)x*5=1s9mynX$Xp)GTwBcjk{TCkwH7(tlU$f+fUie!4&l~xV*n3CYP(h>-r3n`Q>shpa54AJ2u}Pbxr-NC`0dIs}H;vJ97pwmN z;(V5Ekm=JW=-Q*D&hVnu<|+#{Y5WWSh>+gD=a_#;1~Ho$*jkgZ_ylt`Z0a~q$$yXT z867u|z~Cy#^(IveeWyqU$4wkmRx*dG(Oo-P()@P#{dthrB?_T&WY-rw_uF{FTeUcD z!mMiWG+Zz92<$}Q^l3vw$jA*q$(pVoAOlv64qw4~@0+(nRve_Twtqt2wMf7cv~%Ka$+L&3}52zd^EE1$%2wME0w3 zj)>1DT3+fa4Ep8@B#qAc$tIksn&t#W$n6I#*a2gD{xrr3 zTlK0hZBqw$_c?Q>CNt!T2&7}4o(sw+j=52a8JSZ8|!T4yc;o> zJuYi&GrTT5JOKo!{s^Z|woiyqq57ZGh;SdFI{Aj-*vOAxLZg?uZ*<&prQF^OZ$)+< zyXWt*&K)sLhlhA<9HK@7j7lz$6tbS2>^L@Kn#xLe=xt3x;7lr8(X`>fzv%@{t{JRZ zC!)Aw4pg6fNL*Sf2E5b38?kbC4$gMQKqts_@3USpX%M!uFuWO)Fh=N72W(I9I$Jqy z;bu4*3wIZ+(|XTf`#K~!bWoZ4`D^C^Jb#C0%OEb$L%+WeQ|0H2`B09lF9@gajWe^| zyZc%UU!xKD0AhVc+>=nMHEVO|0`YcU)L30iOzKziujK`C3Zc&FM5E#{3>kgo9mJgYmY9!L9GGA zE!I7{P3FlV!Aci-Di#5+${BsbNHT^TL&DSdIg_`@ISR~(ZcP9K(GCdH`XR?bu_UqV zJ1znO?C_irbge7%@c$mkP>=PlKRa6Om~E?VLUx|)QK2(Dou<6e+qjpeGux@m63`)> zbmy9VZbpXPIfd$V*50)D=4yl48c=%)6eq=D26gPId!tA^22bBcnV~{M6cXX#5gEg) zEO}qQl%uYGo2L6{-e-=5QF5@^rMfqHOXQ|eDTkN{%%@7f2o8(LK-kg^TH|)Dqd49d zas9%$Fc#mOupzuFCUZ%v5Z9(Lq_9Uhz@r`h{LP~Q8`tP*R;TcD>&Zp#j>+8m_S<%*9bxDqi_k%eAoOUZS#)y~* z&;#^ebh{X3DZj4vIi54gLtC^UFRZ}xx`@j z7i=thj0yCTjqWzv;77W@(r)J=B9nltlxzOHe}(1%c^cr!_;+*@7dCrwo7#mBIYVf; zn~%2l$Gs_*x})X&VVEn_1g%E#siA9d(C@%)q_?!fRppPJ{N6->TBG#OrN>`){)*W( zn+*)CHen<9#})LE0;vGdd3Myg1I1x(nyn5)uutrR1zffFRCm?Yd{+CoJ6bz49X{Xg zlWL{%zNht4{_v!1K@1BBu-?)K!pKE{ssaF zoM&TWP_Hupr|WM?X~wK=0@Ld|+c75eruy><)!X@yiHQ&*G0RF zIEJl7|EXX24=Jihv=Pq@Hn7aGHMW&?C9rTf73wYjZV4x*|VK^9*tXS7U z1c(+QkpXvF5qlP|AdT**4TsaMLx(a7OJFyvI7qgOmB|%J#h^fH?oUE2EmHadgI0vZnEU!bP3K-kR5$q5~0bBs}bnHw8kZ5JX zdZSl9YZ;DV-?4O8>|Xq(t#9J_H!T31n4!Z5EzI~eb)&TXm_<8L2EM-&GrSX!`*D2} zjc^D-u>f11Un)px3zLW_#H`^IUAa(|Y}!(|akVcGuZY6u7ZgXp9ra%#r@Vs$_`HtJ zjyjqPEIfx>=1|^eODh0WB>ib0*hf!ucqPQFMmT;4+?Z0*Eq?~_!hUF)*nfrTxOnK+C(w@oLc+ia4{|}e$p#;(dUW(u-xONHhfi*1s=5ht(x=g)BkY-j`!!B zEu*(1D(^5TVDC;f1SU1J8xKo|TXF8&bxKnG#_@JG_8@y3D=RgJvacx986Zb^jK8_F(o1vbL4eYD)HsFDf6?m@wrel9K^!ftx?_NL{^e1Kq)9SQ!4%qdx z2e2RGpHl3Y&q3z+`N^J<1h3IdVw*61kKj-sRREqN&66bV_qnviP!X_sF)+6{_Y^?# zQf>|*|3KX=w7fTce@hS&=AT`GL(z}@Nxw_98rl4v5Fc_v;Qv8rkmNrkH0bSrcC=E` zd;pJMI->bChwZU+l$zQ)Ii1+tSzXQdiv3Yxej^SGfK%caL!lEwG5iPbs_2xm_dWo! ze;j-J?IchvY)d(IXFHVZ@w9HxxUl{N{eyk>;0G7p8Wbzo$&6*IPJGjcfIQA(I|~60 z4@)-y5}D~!w#|is(t>|eYESecSh?s7?>tT@drbO#{%;zHKz4U3SBgU9v2S1#(tRsq zh5fXbwNM512U9k7NVkVl&h5r4jxLgNYD{Jmde#wmt^x%t040K68z&fU3m2-K{S83_ zwgaA`^ROoOYC0F#yzBGBKCrSPE*)Y{pPays;}7RN5us3TH|)*~)bl8Q&v^Kqw)q&L zJyOMQCFex}`8+=a-I>R2;|)kpBG2wmS(b1E`uf>vQ(8~=s#iULVjxK@`oOQrZQ;~A zCAw2RirYG}?CT8Uc%ExVGA+0`{kxs?HcKAF^4Se}DkM%C#|u;J5uj%>^SBUlFXW*I z-+lSew^QfqS7>x<`LCLv@aJNGaDKm!&O#=x;}+M}&Z7`0|6vbrbR<^mP_AdYLJy2xIX=1DFjL{m)d9^PKB?f~ zh?iGsMhf%3s$?|51I#pE03beTXY3Bf)^G4EeX3Ph&N{3ddxC-@L%cEV`yv+(v`Fx; z8;y>Pn_atA_Uk;)1}uP!uK`jAFz5?{rOK%S zDSY`qTBT60CH~NO80fg*q{G>j%{|{?h(-FPc@hTaPxT@1E^P+hmjE;w)&G?yqh3n@ z1;o*9@4L6iRFu>(W-Zc7W2EM|WlQXdzMRAd=eFdgz2muAsVeA#sl=Ahm~RQwtL78L zX}lH|P$dc8*;c1RxXf)ViF+$ProKV6{gWEdczpa9!NULL8jp2n4Ml*G;X_;F6eFL4X8{o z=_`dt;NrR>@`vp6z&Ul3zvULa2#|l{4WWZcu-*Ly`4^@aElFvGe%@E}Gg{kPS_U=> z0BC@4n|DA;I+3gUR#7P+kf?#v;lfQfu3OX-EcMtF$!inNFPFCyhEh)u8_*^2O8Ar) zX0`?Hj5X$XV%oNMHjCZ&om~&Ia)nCGHoij|p$P)c6l*}COzF+F5I6MQ z*~a=RVc`xA{*H=Zd(7GB?6^C6`AWLeC@C%k7!8w^f145g-LmOr5pla})9FcP-)m>( zc2(qw*V)Y2oY$Eb&Y%o0DKXry9cP$N!G(^l^mdvx4(T$ zH~AAr^jaOTYtQU(-bUr+A*y0aq_GzOSskIZMb12 zcj4OY4qm60_pY0{Au#T%@FRn@_8|8?ADR8&daaQspXw&+%HNR9Bucv)_Kh&mqECdw zxM_Hn2U3#guH8_2)09d!%kh!Es(cjRrsr&KHni&)nGlVFon-C7Dx$cYO#(|_$Z*-3 zml^tY|K%vgz+-jl^n}PTwIaK4m1MHR(EjyV#3X=dyfZ zQC$1!;`Kyi{1P`jJq2=hjezQ7%@Ya32$pb=8@ffLXUUckVp|9Ra$#Wg(X`U9F~tHF zdrD24DAxumW1fcg?(oWsS;<(Tp&4raA4ii_R>&dMTLByjy3330yiR*QvtDIx-c*vh zmJE`*1x;9=oj#GIUwsKx4G!5l+HdcB_w#pu-Em+_yXgs1l>3%{6i`tUI>G+8Ll^Z>QXvtlaRH08q`v&Py=-Lu+HGalSD z0n19^wks;25pf!y@?S=2r9sr5&YS7pi~HTo^t^!~Q%j5%->OE}mvWfX^2 zXGWR>rXM8?pA)kuZ#QhjCuY~~+W1JEh~U1nnwtnQJHA1OK}V|FxV`E7r8_t~AOR)y zOwCl!$sd=yH5;?XkJW+DZqXikFLNFm=aPNxpg-=uQ++K!c;&cv54icAOfWWY19Sf1 z&mT(ooeBgfrvh7(9WdP}4tV-o7$|uyXL57x7m;^aO$uyeB=yZ2*(BPd&7aI{c!r|l z%mU-WfUSd4jTYahU%%}yp_HJzH@Zu!FU`GW;Cx-bQCo`RMB**pTxMBNE!vVa3?xs( zeSC@7G0xT1uuJ5~S3i$(hHD;;iJXJ(pXP=5M`o(YcXyT5vASAr+O{nyyP^AW{jkOh zjRcJ6qEA~$ASkS)69_RD?F9dR5Z(>YCf?(TCG}#cQ_o4oHQLD|5mGO&gwkJAA3M$E zE0oYXJ++T;!MF&zSCxb>IEP!wv$A_mZ+v#{7~`()lI-n+jDo{JpxgI;aa=F)kdUUS z*tbqas0@JI8AmrB!sk*Tj+nPgEvleS_nDmtt%MO2H&eSPV9s5SgY zQARMKnWtTAXc7cvx;5<`+8E-&ij;|_fq@0g9)g=?JPS2ThQ+z>20~~EAq#S7(R$e> z^VNPX=!-qp3CK4_IGme~_Gx!&8OBQR;fX8 zt}-OS@Fh)g1;$A6j%`eQA2dew74q^5(6GX5>Z9rG?W3X?2Q-RP63&!#+uUioWffc( zu~1UK_P8tE`B5=ubhOKbVvm;Z^$1{l`%cdbC!-iVB~eX*$ey zRcpW9p!#*3X!?+I(e%tBsopsZngZF?ViLvfdwy3MfJPA{8aRh-^QoKZA+G>kR8u%9 zB93}MnGxctNebUHTklMFwhD`PRkh zOa-Q=V~0W5U2AJphP}&!#4(N4^nD(Epu6ip+%Umzvg{-`xi!pUXCZCw@cfFHa|@HjJ_6SJ|0~X5xCM50kW%TVJN!n zP%({tz0dxDB~O}8h_)8@2#R7%zL#ZwYh{P0FD&!EzT&8;>Q6>sqvXyAd2l18x(NDu z@0qrY@@3O;!};oLvooE0B5!pdt&8??cxi5rCMxYKvMmZdi^pP$b7?G?ybdU zj(yrMBWNO~`{tGvb>y&Xi*2{&oTcjwB8}Sh%83)f!5(>Me7)g>4;W<8zCRc8* zmezbsA;>X%gCSfmJ2$S@x*X&0YxbSe^4{H60=$|#lAAEK7K`2!dTQ9mJ3n6j(YVp{ z9G{Umr0|2ZD@tGTGf3%4r{fN$Y|r`!@ADn6-mmF0(3shF5cJ@Vewl9fS<8WYkS6w! zPxyfEu;=>mpt#cH_n@nmX?AZs`!D2hAku-!ih^H1mD^lxPvf<3dss%_(jDC7B}=EE zv8#ALf0U}Hr}0LFBpeJHj`(s5B6VN)VHcTIh}-#Srb$3E=oe^K^oldKWsLdF#*+&J zLzeaLU%MI+`D&WXJ$8LjlttsbDK1d^b2+7PY0)YV_cQhULDUQ^k^`^0b?t&Y)$IFt@*=~G;t~4Z^KlHKb z8LCLT%&w{XyW8TO%@T3}B4v`|swhjz%%VQMixZA$l%nis;2AG6uVNN1;$6Md$wZI_ zBR7*nT5hL4oA=uiK040Y;nU*`X`u8KeJOl#>a}_yzpXIoX(ur^wR}@K`Qw~D_wUn0 zQ;#ww?>Cxw_WN?TM|{~}=Y4JS@omPS6ryCJ=cG_0>nF>m>fPcm?0uo7WY;GvzALSQ z5fMw^Ptulb*8z#Tpev57)_8u0MY~bRJh!fsXrqXmSNzmQWR3o;`^jVT8lvJ zP)5x`O+!9@815MVSa+@ZgN%pfyKa;`A_7rz-S>yW-IydsN~%@4aRTCPorOD_Du@Uq zM?141C2>w}K--^ZoQz1AoIT}L2>mFNzs~Z9Ytn8Q*esrm$Sc`*vfQMfmI0eAqm0;& z56PwoFgJDo*b(V^@e2| z30duovta2IxB9gfS zKWd}s$-B|>?M}2KBLs0QD;U+8jy`(kkxNxMHx-y*in+tq&)w5EOp~Z?+jlq*$i{14mY-$dxlV4yGL#x;_iqZ z+Tu&2bJ#ubF^!4A&7m)8MX|G-aIm+@(DbyBH!TbSwL|MDxf&H^248R7jj6BdS@Hbv zf!fXFWvZszt9&niMmp!1Rb6fEhl5YTQQy7x8EBGGl62F7;$Potl`IC+c)E73;SW?^ z2|tv!(w9pf8)e%^LvDxbU+h3hFFSr>J!JPb(a5^HjpxpwHKAT5iuP(FDri@2*s>X@`$R=y>VjE}V% zgPp9)uL7|W-+4LppN1dtC$h!n{kNtyoDB$DLURjRh^~}Bb^b;+QCGOpNbWO)=xJEeBq=50#>#zcHr_R@UI03F(MlQ4Kg`}2;~Aio2~(U4Y>3FM1xF@ z_70X%^@5u{8^&w;?{N}GS)gn#I6`gGYvo**P*&EoMr(#P{5~; zR7_+imu$*e_rJg_zxX{n#$s`BL@&vP=mKSnT=t(uyCQ3OIRC8Yap|@EKZ`oBaXtG> zJ=d)N8(y+vtA6wAkE{*7YU?tlDKdc#1rx!)G&m(BtT_E&JjE#m+FyU?K6HrA4UJ;7 zj#4{Fy}_?%*7HKXi|dIN8QFW0gcO?FXEFirCE*Wl4s2X7SuUaev=e=egzlI9^I z${+vJ9C+TN{vo?bP}^Y`Y3X<2n?n0@#xGc>@qSH;f4OD%#9?Z|=q-N2YG7&E@|`6! zOg?ov#`><|yVu!kA|D9yN4?(~T+9`{Y5l;h8;AmgTe5Vfllk3(i18cd2I^K8loa>h z|5hp2g`ntplInQpzH1Tc=z|lBG2Qm?B}saV-k;!-(|h8&T3@cjHBOfuGI`{g+9drd zDEiqEKBrsfu+oK5mx>!orF)#5BhDito^)FRuMWu>o*X4L^=Zzz1qF7#K10UJJ)Dp! zuTmAv>`){-kTa3Wk4++c{^%EU`F1!~lUQtRQekMw&z|t_tUc*H$Rg=*DnnyA<({24kT&V?fOmMac#yd+&SEk9Ouy||s zYVI_b)2BuSu6+Ll%iYTjamOf$=0KlOUK$flo$5u+k={UQ?v({IBtb+4jmY(Bb+jYQ zl!H8MY@Q@0&nTU=h>O%}LB;|^oOiDl?fo?0l)w(`fKX@Qofh8M{v9mplrS7$XU#4W z4nCnuWfbcSPgkJnwI?WwXue$44MbIrxJA2rmsA)bzs5V6>R4Hy`R39FRxAY)utNeC z?eQ#LUhTUoZI^7s93?NnbB$*B3v&XC&%99kBermJ!`ochFQj>7@mt=0`k=r#^zHF0 zg)ARKev)k8pFafEM#x=mA-#rQ!%1-4?J*veJxeID58Z7d8+Fph`@l68Wp3WU z=YM>48o224HL_=IeggN1-UKq&D)V0LX1$pZNb*0yfDfc6cxUWxppK2KaOzKv4Ype? zminO=aqg`BH{GcpD`*wQjX=Xq4r>4jJw?ga}{8 z-KHhqf8M75iyrv+RO_wI`U=-H+NonXKu+CDftIHq+S? z#_7zurWj-}TDw`MSVN}N^vv|E8!Q^40ZULW43P9Oj|D=s;4?{kRi4*h^JfivadFux z6uQE~I~vU_b=SKua)x`(_3&iw@lMbD(W|}@53Xe=FaKX@5e?>+-$fz?GIwWak9+wC z5)Fz6x61AXYC62|O>z0)lUn%zTqcA46rE5};b_XQudqN9V7naeJ2J!6`^7IDy0WR4 zJ+oL?c3f{^yd5($$-^=3fXP}`W{}L~w{*)kSw+c@&b_?sSEkv^IqrZ4!pSHz>(8mB z>ucR8;4`Po=w!ssvE7xX)i{3~Euo5!55eyop&nGL?* zZHz<4<9?P@R`Ef+wRCsjOatFOciT@m{H`t81G5tEjJQmiw9=CsnyfvZR+QnYf2+!} z3Z2_zKf>Phl_fkdiIZk9mA0|(*Awo&xM<7?(LGD3&#x~L;=+Nwy|?sB&4Z`JeF=Kr z)Mwl-`*N{!E_iYk9gPTosc=79^SM8@^UXpH;l!e#iwkbstBeqboRYT+9Y;(g#wR=u zX!vnF?>b>_$aSdhkM+QRvHABjV)A^K$~XDNb*>F3>rQ@iW;j#NdsxR?D-1&utFeca z_skur@z>h~rDnlW!{f;kj859>^&)vyY6iw6mIc?Ex{XExRoEGjMjf>>BA8SNpI?M=a+JbdjY2;`Wz(BYuyca?>63-k%2qFIAO{ zW@Y5+lGyH#6A}Dq5b5kfq15l~BW!;HB{lEmx#d=y-nvF6#Od{=w&+C;3B-sf;OSh9poBEA~nEIWRz zSM_72r)k1&(|lL5XWK>R-(XIygQTJ)Z1-zTDHWQ69ltd#!RLN;B|Imx(Q+mACD84_ zSDu)-!jvr(nlw2-G_}IensIUN{ccRE#jdpF$d`Pwv=CT0iya-G`8SS`zaH*`tb#US zp;vtg(C=9!OwDe3MobD=TKaPQPF&c0q!pMaBwgSXADQ?4k^4fOUP2V}%X2Aw$6H&8 zhOgE@vslWXvAvypZWQEGN@@9xCZv+r2Ht(rs^I$r|4Bc`Lnx4(a)c*CCW*REV7MOy z*!81;d4@8LPwv*%M+&uMIpw#z%japHf5Q&=ArEFvrbBZw;N)^p&Gcc{`?kE-6-@YQG~I;xIw21q{#UdI&FUd@HNx z9qboV4h>0xIA9j2e${_mWIm6}ei1oOU4?@Z*mV4ZhVxTrg!4uC_K%Z0=Oi$zsLt`_ z2sqdc^OThp2Hi(T=lV!s_c_$}9u%a8IlIi6Sbxg#cf;6krb5OU=zfvvO64Aw2?!iN z;E>v!CDqRXpE9<`VFgoijbhNv%vl@ZTO zqV|uKx+6T7_k?kA_0UdTMtb0vXg4BU3eOD_iyLd&^RBsJ65;8{-U9JX&9%{ic=%il zX*Ylz%q7C0GYoVy>rZGOY$5!`R@|cnT}R4LWIt?DY_`RCGTzB{#LK3s1m$oeZ1eEq znDBHUQN-~Sg~{ZkcV{DTne`D^JLSBbK6GiBOpTxl%N-8pjB;T`JG4ZU!v%z zL%N0wdHi8!?CaM7&j9mS^6gOORPvAUJ_-MUK%8?Bz<=$n1Wbmup$KkQ7Fmjydv+SI z=%yFdQ*`(R16Br;b6OLs80n3u0yMe%>V zSeh!GvC+7Cd7Iz6m+ETvo1VWvBN5UsI|?qOVpcHu@)Y?F`Wnwr-1pH>w|=G3^i`J4 zlAl+uvhn@Mc5j?3{aaPP^Cn{(_(YU+mTHo-w&NGZ2bfiz4G_O`K~}&Q<%38C^BH%9 ztuI)cUHu|f;?{khQmF#S_s9N8FT;=Mg)UU{6TM6wYcv7UMCBOW)Chjd=R0j+7{?*!}bixpC}^TIQ;$5EYGl)1ba8iqAO)5!WKbql!OU*+_p1 z3UD5DUB$ib(*(qm#fc3t|8dSTI^aP2d3OY`;*_T=9p-s|JHNape1k`m&X2@LDhNm) zbw662B#cB+(3Rq6x+tuow3H&337;15eYyovpeT=n&xvAJ_vGb#$;j|%*)$FhUodps z%j!ZAu1i}w{>Cj*Ab0VE1Zlsqy)d<9`uVzukC+A!A7a^5iTVH-dKf!>8|)OIVJX+xhLpWr0?JDQmI_%pvDK0+_AR%1ryfV!F3y%)JzOo<1J{jp$I~YQqsS(FoY`^rBo38}Mqf{vgO~-o+oc5E z+!XVt9^*E|(FP6}*b?|S+W8qd+v(Hnu~0E5(uZ<3?-kt8P-GZ3S@>PA5drK7*bX5N$AS|=Ji|i^VE_I9} zUGkKP$&t|tCG^f~w7MbF7a|=nbr$e+AjF)fL-~xxKVmDB?>mXzF=+ivYF z<|kiVYP}#N*Cm$5LQF97C2A+`(q-lkoo`&$U@IvH=!+G=E!@iZP7y5!%v8S5$(?*6 zaRb)qr>>*9w&5vP#T=Pu%6*kKYnU$D~&liRJ979qR`*D|>k#*_s_`=#Z< zHy?u|zQ&t7B>9Fl3j{VZ>vIn+3lK7RSzPs!t~dDHZ9y(}GR%D9Wo2L#-9%hs!o+ zGA?cw>*O|!gd+Ot>sWI`ROliaYnN#SB2ak(dtg*m$m0jj*EQ307+Bf&0%t_YZkE>e zN9}oW$!zGUWw{l67*8EJf7j>R1clXUGL-ebq~8lm_;}w1E?~|Ky#4Qx^J0Wxun~@K z2%tfzJLg2w-q$y3dB@}IewwMtgyOS>sJH%Uke-JIkZJps{a)^PDB6A7D(oSJ$9U@? zl^d^0RT-_g zDNr~340LT{3vK(ALO`Zn^rrh*ibj9`DFa{^A66k&DNGtKuKx{Pf9WZ$L`9PPvqWqk zlsf)Cxi3LE=F7AFV=8!xCWEv06{9wBqbPPG*XOuD;Kqd)WR=&h+0(keRee%nyCr%4 zmj^Z#(|d~}ej&vNGttlxOBeLOZE&e{IRh=_bmjqRcuRIk+j$I{1JB6w&pFw&)uMe;8%?d-NVYr*{wY5>vy0nVxp&wVQIE zC7Gp&H=Dp-o>Xs28G%DwTr_E?pjc0qKnF!>QA+MWP)$nBdPjS>r1{yyW^C(mg`*?o zjj2qpuwuzp;}rv_UDMVW-=s97lC0d6)()Qkt>7Xd*e)&b$uCC?)0;w5qFAvaXj#bT znbJ;PmsJo9WI<3!HTBNV>cUz-;EDIJD5nnhI%gtZ zC~1G>HnW8r9ZB6HtpV#=T|%cer$H;d{S1o+2J9Qdk@Pj%R+rAb92=86}R*+gJX=cVf-$`sdq zx{*?Zx#hvs>z{?XkCRxtec1@EsQHb=pvEQ_q8bG^ZI9|Cdkh>s9InK-hKYrcG;Wn{ zrLCm7))DF)BNlV0tAEy9be`*~s$&0k8h)2Itc=flHQn-kL7U?DZ=ppJIeJ!?aPWo$ zriG_~RrX^jrGvY;V-v;Ob9dkf!ji=5!W! zcpDm)eU8BIbLFK-y05G|d52_U2CFp3BB)-HvhYWp6V^`{ zR#5V;80i`mA|W3<9lOHb{p~cbg)GTe?tCa*D&}SKONB!AYgB8WNecwl@rLH{t4SApQ&gYmFZXw=E z<)2Pty_j!!?t|hsoDXnI+=(<)o=0U2H_KN+0B_c4Dh@5TcssXiMV}ebElIO z;_*r^G+{8H-aK`$!S-Fsn;xZAP+Xe1m$ci=QW12>Ni^$C@Htkzpp__Q?SRR&k3?`6 zv~+uiA?rJFJRmaBTJ!I<*Pq#CRh7G zyk``#dqMGxM%{O5m|`B1I&>LlO~dD0vi9?tP%p;7$6q?FQ7!RhAg!L`M996MDXX(o zCm(~pdFfW;kR69bSJ3O3t2X_zAAn}9 zJIM7@7vmDW>3Z|WtTcRR4Q|P6i=T>ya&8wt$az_&-+%L=%>I4${il;_%TF1_N*4>1 zI^s=UH1lEAWYkQ`qeeWd+bz}8?Fhm6KMKf#;*nZZluv%Y%^)j?!^2Y`rg62=1JJo9 z43O;Zn0wnCF&p~mskXKz7iuF1DIgav+Grq0NRuSVrh#lGX=xlz<{0mM_LlYK2NUpo zyhsG|3?tPY8t!btqm1Y4f$k;x-THLPOE$m&j}23U5Hh_BZ1k1eaRJgBLmuXu#bV{R z9Q%0rsB3547G8e~CS?t|Z+2}>YdAvF4Fj(*5`kg&(ZHjKF8VH;wZYe2nb_gxfQfuy zVI#tw5P73PP+de1h`nSBBp_^Yx%E|aA-~VFIDEu0D=MNjxM=xZuMn8?0o}=^A7cn{7hC!R!uSI$dnwWd9bVnY$wMELuw60B@ zO((#jjz6dj`+w!yJ#uXB^`S{r-@HNSy>l7*qd~b+=0)z=9svraNYKgg>yon^hpA%B zfRhJOhS0IL0T@=G#-nqr*fAS5EPBz_JB6Ox%z9ik4%WY(kf1$wO}!I*=jYyt@Re6C z@%ya0sSQlwh<==WNV^}D|eEpyR>=8r5iF|Qi{lzerEDUSGgva)LH zt;0ARiQSiiCHM~!*C)f9w*Cf@EZ_z`k@czqE|b5p)#?tt@$QAB2cIFzG@F;D4hEuV zsaSqUEc6{GT~t(AO~=|?i`CqG;(gUpQ%Q5aOb|C!-^F`)Ll=&2&0+jR~+?-oeNdN=001E1f|hcqXBXjOFX5+to2GU@~`41VI) zwqEIc_H!w`(oFm;nxBu|sKx$1fTZk*mHtVBeaZ2!dmH(r+kH(m_*EK82J1@1&~D+jYjZ<+L>t-RS(QYaJ$-qvA&)l-_m1#iB$IbqPIH)g#$PFfvm zG%`1WT2O<7%g4y$g{losr(mo8zV@O2;n5ik5s)YD9QFG1b!Y9 zRQV4=;N_TX+H5(Q%pV642|U7=j+n#aj7E&CQE|$#^0!d;TL;@06*sBD6CB5(B5Wp} zC)s@G8z&qv_V5d>i4KMqBbER~4VAKAw+wRVAVwTJ=80h%SGFNC;j!-Vp2wceUfmi8 zHX-h-4^6+zP1{Hl_?c7&QyE5wW0EtEth!qB)@TQmO&7v8ZU?yhU^-!CO0K;FI-`;# z?m1SdXX8Y`a$GwLpm52}2!|o`6F!4ljBrZ6t7(_bu=)6Gdw5C;b_PAdQF^D~XczzS zWjW-N+lcVQcL}+?N=jB~5Znua860$GXn~h=go}y+8<&7w7Y@W0bi;@OShf4D$nNO9 z<4m)%r7%yt&IR*Ix3^8>gwcCe8}d|lIT?>s7e$-2<(?)&p4yDgEw^QW4eA2rNbYXh z^6@Ws?RENP^_rt_HB;Q^cS|jyMS9bVs=|@T@$m zXEh#e;_&VCVG@!Mux=TA-Fi2_nw=Nb>gkRBQb(_x(f4GDvBzz7PLX%BBqyG zV=wg3c&r%7iAzUGZNFAs2FpR~H(SNKpJ?w4W)KYfi|0U&1*>G%KN4LJ;!5~&XGwj4 z59^wH;&F6kvp47#EGkM#!~U0gh=l&3F4^6WNbc=1D~f@l;qjhK z(mP%AR%FjwzQ?m2%WHUN!!%Dm=%?Llht@{vNQ9JifyY{&4oA|gm8nnCMBcxwwj(hZ zFAhN@&)tiMtoN?`a&54x8*AFppY`ZjUx8vap*>ePpcPwAJE@-W!b)g84=g{XSPxR8 ziDBC7ZRoz-q*169pA{~pD;EG`MCi(}me!$?O{ilOXXhsVEf|`4MBftMAmA+-< zuJLElY>M&Me{r||vy#7n@CO&gi~a=I%Y)Z7{!&!RFyJqp!G*V};LoDNgj=P5!Q#1c zwf<7{ zFdoUlzWI!i&#`7#p$S^=Ey6C*D;eNsxB$xq>NJSU4Dy4TSG+een9a(w%>1c?Mz#3E z1eqhQE?rf5M?By-Ba>tI8~tiNhNbuh2X8 zumVe$4zfSfwhcXLC|*tnAA8+xx^HZQ+Am)qt&g}y9YWkSUwM)j`3SpmM3D@-tN&I) zePI8TiGzh&B~SUK_FLhF9FznU>tOIZ`Bu`;gUizfe3IUfCTCdcq<|3JH2X%pu2+e` zrU2XK9OXfnE(W^SvMM>mqwNq+~gS_ z$O8JM{~K`VhI{Vv1mLdPXWnq*3T$z(@n8-i>Vwk>6q{_S(8{G-f!p7g z1qEYB$on`d-pP!u_|t#o<`zFOT~UYZaqd}J`4F_d`k4sa=ybKilqm#zFgN^aV=8j& zIVM$I=*DU5)HDBND=fbhTpR&Iy4p8Iv>S!;O)?AS+pU&b&g=_g<@{$%7VFYc@&GLDZXCEn5|XT1Uz_`XOm|GaLcY;%E95I<{83lEh z!?1{C;n>*w>6~=XkY8O9{A@|JaYG-}y$y4>i8=>$zk0$igADFHu<@8etI$Y&!OQJg z%6~xkB{}kc(Qe!Q8b9tyi%N;qTs| zDja7^XsB&`jy(g2;JVmP0f+fE#}BKpK!hgzG~-qK+?)!ymeLtD&JIbF_eaoKGtDbuxX!LFktx zNf)Be8mnNreTA=a4+UC+54^ zmI3g{4}rWXkU7m|f+P!X_BNyHyK}ULvT|s57dyn@3_D#B+^c*%C_ecndS7Rqz%Eyd zA5yg(O^#WV-;8gPt--tw5i4D?;gxv(Uak{$jo1{5I70L^Oc!m1fhX<9V9%EKw;|Xt z%w;j;SvL&wc^Z2WbY|QcPr^ISKH;tTu23UTuJHUxT@gc+AmuiL*JV0b2#5Vhd%FGk zg<~e_L|+;MZB_iJLgFyR$g@abe+`8r8*Pi#E+1!kcKa(C|ku=k!(O?B=|m|4(xgjCq97n5MQI`>AP6EL(t9GkO6VN|gwP=*A&`({ ztrMT;-TQsd{_%b1#~$C<`#YQUgE7{cYi6!l?|IMbx^7w`QUbdDiZd=}y~c199L4s) zD+TZrSrSGARD1>&;{4%N%;L_@{mJv4P%CPg2f_HqB^WIv2 zX9g4${ELgNap=tg6WT4j`JaN@;ay*@O|T{MFXs)+fQFN#Liwd0>+*ckVIvwv&P z0`b4_;l_Gbuu$`IHaz_};h#-7cG zNQ4(oFf>#Xg?uY>niKV(MFx2Wjvk%rOMU`^cpUm+H)BJm({CZLG;l2smZ_l}WN|0v zdJ4~vVhpPW8_$?vOpObH<~Zi?RU{Bdzi7!lnzU{;>f~CkwwUN6BiC6;6ifuyMnS2i zhE6~GRC5i)dTXaInkA9|e!db;?|}u}rcYN1x+c(y_2N{1KoN-@%oe)Gy7EFiMr|8% zNf@$DNi;LL#3|x)PkC8PCpNl7%@R3Y0%`#ImY@yEQ029(ZN6$!gX`BsI7%17%H|TV zP^nEm{BxF1R7vn`V9fLA)0NWqlcJvXymCA1vdqCoCiHSVkho9zeH9^$BwDn>V5~o9 z+zT`;357#W3Iu8Hb?+$keBUiCId)xA{5jh4k1o{2)`CcN%xlgI1G8oC6sGf3rrWO9 zZ?k?HbnWCI$Z#0?O?uvlo?vjQke9fqD1PNt-oZod=fo%woD7>zaab9+X#atY_mhtR zZVx=*&pvg>q8l3ct5EN@K{uu%2ao++=F~Cf?KJnvPXhPhb%=%qSmfU&+`FWMtT}#< z-np3GXcH`Mr3~CgR*t+LGr5Ev-R9}!htLBAkkNijn-0|}mcfn3OS3TFHE+AEnUcqD zZtzy~PTsUl)f4_|fFhbyK+fPvG1Z{i3wD$ZTWGT!nL@r38ESs0I>Pz3LMVA=Km@ic z{pOEn_kL9~r7SOx5ORDae5+P0W#)Y`lu2?2e_gSKKS`{~?2?-qC4pSo3i^zI5G!(X zF=DNzBOB|My~0-tj<{H?&b%2A_MLDHBM&D-&3&dLq$~qRxhp^%qmUTiZ>U_CQVtAM zhkQaln+s}jck{FK>%xmjp~A6X1wepxvJlS`J%(#M(q4jm9ljVAiVzP$+^pI>KgOeC z=r6a{>ZU$Z6y&r(un_@F{BXHM8Ibr+$^{%xkjrZZ*KmForX`4iRX)!^rV|?JGJ1nQ zV_l~zaHA0szeN>39k!jwUq!p_@qvZ&Z#+z}bVKUUH^MaTi~~ZB^LV)gp+XT{rxm5o zZ34CAw+y%CzHaUVJU@K3kXn7P1qoYqw;IFC%Pw;iZ4!7nf)uon?Z z7CdtqAc3NIJSTpoTi~wzudH6NtM|b8(dZ!BfwyVsN7>lb;j zH9=59?OHpx+y5{($u!R}b%4!*aOH@1EKW^Oxb{h}(YCktFM5Nk%TEpd z7tYq}e^DdMdG|cYEx75@R@sn)y)4dO%`9wCMh-W%h7aL zdWF?*(0hCNZ_r;SDlzrLb4#z?ev5b+>S}ILV_Wq8w98kGgk#Z3%xGNrxyUxq5Qftt z)}^aTE_;j#&P6i{p{=yeL@_#$xMIk>)l8;@^CQAnc2&asC_)Hi`i0wcCa` zV*@oHHE`*AdE+dX;4%J=U<65%KxnNi?)vdbjHigEc`dM1r3^7Ug(kVRW+b+suIOmBS*?5@tuC#;5Hcf!k2@!!39pnlQd;Q?qpf5A~=B zOAJ$6%^+B9qmAj|0c($Z0tQ?O_XE}p>R!AvXKH{*Lw=nj0qai*X4NG(H2C;Yo|gSq zQ|=wAOV%wmHx`(MEW9^i(--yFhtgM6WH^EFy#$JFv6oDn2lespNF5S zXn_1eMb&}x50TpHzvFbEK7Pt1^&L?-cz7=ZNjPcDcFc{y;_FabapX>LCDE4GP<3g* zqru!ThQ)vMe+xbj*o6g5!FzX--(gHxOF6PhF}Bwe zT^20JQO2)XsPAAdO&s;YTA3sy-iz*zlQBnk*N;75xN+S4YvgRn)N6?_4=xGs{*UCC zWJ1iU01SE%B~yRJ?tdFSLxN=I`l9fv06DLCgp2-xS6|Ed%Fbc=&Ln@TQPehG8XkJH z%jCJ!{r^e!pIRZSpW8yXnehe=v$r)$pDe^4K3WHNcii1xk1M4yex28A$vL6BGhxh^ zXcOYP7MO&*6FMilQkcx;(B$s=2Z~+NHrHvSW%rT76P=KPToV^fdRXRqqPmQ-bVgfE zCVkz+uxWgTnF(QJ`^xudST;l_d^z|A`IeCA)w#a-{bE?GCfAmTiL7AE>^5dz|AtG8 zCvP;yuqS#DV#zxGz`ny^6HmigZB}_y)J#Qwb~2I`1HNwVWjet;oas9WdGZI`#@oK& zQIH=!nZ=8k;oeDZ#%e|MlPIv(9=u=mc4~jU-*k;^+Gd=1{BZ5&AYq~edZ(_prSr%V z$(L@EkVqvGd`~;eEI2FWoY^Mh7mbOpo14}?u2Ojg1jVhuM}AmN!@}|hz#?0j($~!5 z*BkOY9%q37b4x`ae%|!O(S;8CNY+BMhflMGa?(~X9<#b=9B0^*ne{Tl)_6&7l4PYC zXI#4#Pw+*62MNO4={1t&c*=r~f5FQ+k8o@rCu{ZxK@_Fo>jBcAE#bfdoD7aRkBPTj zEHXu@f&BzowjbSZv#{{gDp;ttd5+Lr_|kpUlb%K`G7B7im#~%({Xt!8$0TSVZ>1bu z$8@ZXAobG_&JNuo@q@Uw1q>j>bjXdhWx5MF0TMp~yNh?1X|K19&){9`)ao1pU4O`n z-yKfWs_@Y`DCy63RX!xVG0SY&z`K3f$F{*-t_FHA+ey(YO~0@F;SRAOO}4i+JOHYE z=EK7aq2%N9Su+>@0j(lmV~b^tulxay_UgZwdD5=o_D!Tp(bUuU$h_jc8u#k5m0z!B z4-3FTQ~u@$^?x9=ULQhbH4qw?v-kd?^soS8;#_G_Y>(wR-2U7j2R9BvLGn9nC79OcYr26YZH>bTofW$E@4wagWMzh`_<>7A zDK})}I6-=)7eh@ZSmyNEe7%HjGP7n9FldW)rEj{4`qL{?n3`?gPD+$o{;CI#kpTH~ zdQpM`oRwFC?U!J*PQKr93+iAGIf!3Kf&^pr*|3drq{$Y2L{Ui3*Ceo}ma<07(z*B{ zS)rG&&kqOq10{BejLAe{Wp7izb-6U{^&NUYVzsg{itu(&rzhlNPGSH!XXxm72?2sGJZ)IqIY$&o4&R^EiN-$9>oJBIoES)y7nuvxn+Ojs*)*?d48xT8)##%22^qh z_@}=Oi||j`x|J*NH-E~pb*p7>(4%Zv-d_wU+}|Xyt8Cdkcx;KMWTJA+cW31rzWbt7D6TpVh}8!bkMddw>mMvR5Uh1Qj8bm;v&DUx+<5%r0uz~1OjnL5`krAXxu zP64x&1~A}}^4vyn`>lY6(9<9cO^PJ%4A&MpGsh|3BH>_~oIy^jx%&57uR*;ISg(-i zM6ZGB`fYgMh1XIK7%ABLucFWSH4b)CIK~V(ECTGFZ?rw&7bSH^q)LgYPKZ^R? zwzXQ>Z{U?Nx8DvE&*&FA?3*aEt!!M|w*Pog7nK3dW?ETjutVYcZv?VT(pz?-%&})vC7kRh1rN z?Kz_WhP37;8_jnQ~*UJ4XYAFn=#} za`C`3n(T*2D>y4*P?c>41-gI5Arax*MG!>UAPyF|&bz6UkNU7}twvN1i_cqx3z>QD z42Dp!{PmA9bKl6*F!)>N)~z9&3ETMl-VflosnC;b{7TgOGVzXu8n(}TOxxa zmDyA7#LE6C!b3r@di4ebGvsqaJSy0I|TBL&_P)-jCP@^;Zy zrRrhGorDyON?2}bR}bRMBiYZGPcPOI_u)3{`E8~Gh8P`tm+JU*n5f3iY>4wmzOY_P zDV=aF{?k=#!Mz%|XZ|#{NV8V8RDaspjYVZ(;{KTY#kH%+{eJSW zwkOxe3$O{t zc*7(9t`1KQH1{qXIHh`l<$h-@!~M+5pGTtD!n}Vjm6J9~qfc`2++Y4Cf;P9Ex~Me| z`g{O=bV8G_-4~RuiJq$A4(=bBzj`+1R=$sY8%@DM+HqgZx&Muj`G+u&T6$kj`u@3? zDb9(&!}XjJX|Klx{_us0fy)+mt>0Y#-1vIlsjX`NyFcX0Ge`x1rqv?1sKtTgshi77 zTym?4law_Cqyi@_f2r8VAl0%_AND&IlQKQzjnbI%(CzvQy6OeXg$=_@>~<&bW3>zm zJxK4f;SwH%f$}@VDU2Yl;Fs6csS#ROKUa|={AtO)iTL$1v^MdjRKCqFwg}9D4WNI@ zcxvkwylJozv6eyDyO5?Ct?2JxwcLS>6JgnjdMp)mmbQR{Wt{Wl3E8`dktXE~LTm>6VTbg zqz|ru*~=AuNlI8Q=di8LwZkH+j9T(?Vr|E)8_+lJfeq+umK;q#olZ7HaI#(*`ksG# z2M7ihr;C@x@;Ioi{H}l(%W-qDa0h*StioR;qI5D@81B6>6BY-{;tzp5M$(w_PgoFvCw{4g?Gj{PNPCWIe)ejykIF)bR{pY|%TeolGe<-vZt51fHa<_HM zJg3MHP@4WQdRvA`ePTxhf>tMzkR8`M^|j$?f88H~4T*?MSMNW$XSC|33p&(4?Ink+ zeH&XTt#fB3Eb{l7Yt~&4=7)4~0xfe!{`MC+wr&U`4Y{b`4qU^}YQWq#tBd}@i4BK+ zF~K}gRK17OEey7AoZuEsn3wxoL|z$~Um^p939?Nwb$@CHXsRIq>OHuI=3YI3_K#wvZ zb^#G|_ip-E4`NNHEa4^unyp6X*%~UJ8`I*~NZWdoW5x{Tfqn~|aZ^l?Dy$3|>%H{l zFdp$z%{_2^S>9{+EYG6W8!s$}*<-b!DFH41cO&K3v4v*0P&4CG^l~x=87)kFq#UT& zA&2sKwF;7TC=s28$ID;@O;qoo_sh`p$!9%Ie{Dw0#GCvPP zL@-nd6Fey6?kui5I9d+U6+WbqMw`RQK>P;v2uF^FLmwcAz73(GaYUpDYMd;~RAL{_ zpdi*MrCV87YXS>B=0i*3tevKm^-@g2_(TCXuriFPobQt~2-V7soyY>8YGK z1<s$nrFkxIYhN=&QgyMsP5tFPe(TwxU-}MnhAV#AZ=bG{@>9+w8z~Ih2$L zbQ{t^fHAMCuP=><5YNu2slT=g{O$XW#_l_7Wp;GYXY%NM84(Itzh{2*B1jpN(tKbv zdQw=XND1V(@;gXi$u`{2%oo$4F(G4tSJZ*UCJ)j)mkapyfJ35TAU52t*`^8;LN+vp zS#BYi4;^bRX_mUzLhO-DXFq7zD%2eSB4E;CteK}C^&xl);5iQ83NZ7VG`Fhw%~qQh zbiIVsRG!hf3db)a6Z(B8yF z{ScYqb@0(5w>(Pae$07Y_Nn_{Qru8AkiV{_ z5Gtpok(UgHaCKEFzk@5k>OS1?^^0Ttn5mBd`{du}&-VWz5Dt77K1VAw_NgMu+TrZi zjfE+dt!#5(Lx%vvPzyJKH%M7jMhCHo^@E6Gf- z%@BVBQ)+SMVi>(9yc-u=m?1(_L?Rw4Q|BIb5hT(cN((8IANSna9|nujD9qzGFdiUGvvQLg)_yCt)viD zL3+0vdbD!vOnlfac^yb-XjUOF{|*{TX$M+mdA+VxsU;dVuD zdh`3jvWR^<&9&X&8*vRyVJ)Bzt$kK8m+_7DjD*3vxWUqP;&R^g69s6O{Lrn@V8cp+ z&LZL-vy8!yTz{D0+lE+tY3~fxn6x5A13gZO+pK0rB8Gkw_A{`n6<+$Fe{02!Sw^Ta zfG4Vj;kTY`8*la@sl|3~Fxf9{mq3~y_<~-AVk!%oZ-f2dj=eOD{1uF~=%Td|g4As0 zybIx})InCyRP_=Ad>aO}rsu-wNd!@0mP19m15O62PIZh1O9`I9{DLf-e6J0^yYf?7 zBnCy^5%9|n1JnjZN-g^6)Qow1*!E|F4RkAWNh_`^3ny#3VY}bX!F# zqAP+N&rrYl8&hCxfS%Pz4Xa#HHb5teCM2+R{=GL=@cn*W(PzAl`@+$JO(rqd?kIe? z6|-2Q$-bRw`+w(cGU+D7HoyE}fOWC!GjaQ0yMT<_ZId5K&v%-ft=7AQx(vEs?Y1s; z&7~{zoiS+TB{tbwl*GzCdG!vn?~n-DXn80T@9!!;72dw{DK%yH-X@F52NX|fk5!}O zm*Uy)pjtQU51u;vWmKmBfVooL(`RyqcjvFDD(~g^Mi;whg!Jg9t~$`;o03|r^s=xX@I1r!A~t3v>b3UCME8w6Cxa2*k`HzichSZ%qbT8#s(%$_fl`&*l)g zSkZ}`a9k=4Tz3PzJy!Li$5(nk0iKi5Ie^gkQ@Eu{G5UHucy|l00~2MOqj8Kz+arIM ztTp`dM*Z+R%YSn2=_<&m2&9mkVLMP+p6dC=$3(CSrcn{dhTLH0>hTx|(~dr12o4bB zp(JgEDItt+EBSqnFbs%bJ~EyQdZ7gDB;KqBVKTm1fmmO3SIfP1w%K_#jpB_h8m1*< z0P{{`079Pj@dFE4afViC>NtocAZhua#uWb?j*}47;$%hrOqeIWygyfO+(9um07SqS zCz0^id`|RvV#(QyLs@+`&lSY~Uc8}drle&8@KB(_{miDR3#>az$`)HrlGM67$9?MT zt(Al&ZkO{XyPW64+tvOW9aqdM?%F%>=05pnM}FH|ZKtB0e0#rKvY++U=+Sn8%h%rz z$@B}1-H`k=+Vww0`?c#o)LKp8#j2Mi1NzMfp^zz`2Q_-hpuJ~p#xl_SL)SP8EA#j<7%4?pf6vfAP^3LUay{2(r zeP5eI1ae7gBrP@rxx|yn{S~$e6NPeJSTMfh(EMz1QM9d++^C^~t|FZTikVXwMjhcR z`6nI)grnlml^VDVB89*&%*~z(S=d%7q@?OH2*Ch}32w~KZku!}mo+@HJ7$Qnv@=YH zK3IS7vZVwi0h>U^v);$|L231>i3>B(iMG;U z*7I1c$DwZQu!Gc;6S{cP;#IYQg2;?a1a6cFo1*{ll>rx#byv1Pt~B!gPEZD0PW#E( zzS8r_B#6Ivl`N zGTV?kXX6IycAEMLhp*?lzLbe^O)cws!tE*quFznu$TMH&rS`=)eEo4|<80CAp^pOZ z>+`9`D}_U_0%##8<wEdc zNp1Esc9%9B6v_Wwe)VpXWEE~1JHuWJJpY?*xq9w?gznxWn()*wvlL6qqenSlUPV2+snAc*GO&# zg?EFc_TMHF%l}OaK*NQugJZH6K`8B9OUaXWiTFZTHdrqNy88{Q;>y(K&heOPtjP&O zpcR`XTbIeLZ8rr2WXhvm5brQ+VHS`40IoC<21#EL(NBH|-QtCV-n&vC087BBpDhrp zN^L}xURnsr6SKqRb8c@b6r^BGtf(w#C6mSjE`ITKR9ij9Q-aFhX~NayqUVaRbgLZ5C&`p2*yEH8f+0vjTA|5A4ZZc9%Ep}fU)cnD>XX90ExI0h zQ!jzPc4I&1I%e&CbN1oS#NvU?=jaN;GxrE zdiowGhGG6j_qq_$yu<9&61-){e01>Wv1`OhmoL7}7_#A^-On}W;>B*;>S8M{@2{-M zwP!BMqz@t4&v-h&6>#$w-FeQMdC7n7;HzJgG6Hq`AF*0$M6S*+6FuL&yHX?NR(DzfXF6IG` zSOs`P=+i#=;Qd$6cnsVz^;L-x} zKCus-q`C3v&_l2T@g6BCfjPODQ_{9u7=CSi=l$+3P_ydi270>==|^i6@vm4wZr4oJ zF-K9X(JwY?v~xUG8atWLTe5H4lz<202V3eXPCL$PASaQTK2f)U5Q*J_A~RpeO<61VhL{l29IkDCjyCQ8<=&bh&xNBhKxIr@0;)10J_nvCc+!$M4!FJ z%)!o9I1_0@3|_~XBUaeM0X>sq8R!?Swr>KqQp}uP!;}Wj*=Rht_|6z3fP}X+an6}u z;EA_4JPRNte7%_~a?lGreTa7Qx^JCMHxkZMT9-|Dy%r)kcbNC=7BP?zk%*-SB41S! z311hWi>&RVXUwJ;;zUybm53yg>mUsD-i20RWkN(8+D^UW*U~25ZYi>JwIKWk@8rfh z5m}q6VvszYHiyv=)kc~#_+>*6z(i`kixS2z8z7tyR=FME#hG~f<>vWN7*{zbk zl0Hi$eaFJefbT$Q+1W445Tm=-W4)QVcZ$U)eX_;xG1jg{( z{VeD4Ts2NG>XGe3PAP=%sDm*1oKS{V-$Cm0+RqrwLy7Vq`Lpp#2QJ%sYK7#}^qw#? zMAVl~321;VjwvXTRTinSRZ;n_2r{w19r$z9JNe6VH?_xpa$1lrto}^ZoOmO|2%O?yX2iQS@cKDZ?>M( z@tj%AyBxmqcgPOO$B#+Y_H#xTJ_lrIaTJo>PGUPSW=JFC1EZ&QWmY2s-eQOJ2Sp-x zHS87${f@~C{Js-Vu}nM%zrlf8@k9$e_LXw@fLuOR9`AOU`#V)(ys7>oqqFogrq$`K z>Z7R9_qAlMc4uDBWJw?%ECWb($peq2D>ccVbE#poeZi&gcrLLYerHb$RnTQ@8Tmc8 z#q_ZmW#Z=9Mp3C%5^e1NvLp~cS`;S?>x{rlFuQ8cXAG;h`D2rE- zLpSy@qq$CBjhfv5N<*d4w_18(I4lN3iJp>x@=%|4W(rdm3CE%Xn>-?!LosPFvvQl2 zAcivTW@>;~J6LsqtRoCt#Wd~V=_)^8fXi4Bm1qLpQ5&RAD61S<9oUWQsX4!CN%`I2 z5NUE#a$qZ+ZciFk6$R$lv|QnHP%5=eNBzzgenw%0MFMaV*lYAm=nkF$0cYW4GvO*V za&NSSF!@PU-i__$t6i7{D=>vHJeMREz+iOdVN)`Eu{iD0HJ3NbZqJZ;c0_ur@8{8r zM-&E0IZ@EKs*y;T-(*ELmyf(O;GZyUENhSIWM~P1@lg zr=)C>{U`vh2^W7daf+9> z0Z9v4`#`MyIK!cu))V&22tOkw8wkAv!jqaG<>wis=3o> zCvqdc(>q}JVBATW*1If2L)rTat1^Sz#*<`R>JB&OjI!l>A5#5j%h52XT9tT66rae+ zI0(4Jj|J?Rk;W7~H8lk`?v#-Tqb;FeXz(QX+^-V@FR9zlCrff-ijdywNb6_>xY1X! zs?T{&fTgX-@6^Fdod?~TVL>503#V&2J%GBo>_k~e6}`C=%^n2vcQK-kQ=348I%nIW ztm6tT&k!%jf*7KJS z9<*k^mIpj$73_@bz5DVVV{E}H;}QrQY~{*8kJEM)T<-XyGVPdCXQ3}3I4CGDWv=1S zUH%ybH8J~n;qFOf=Se*YCu!V3sPyuXa}i>~Fx< zIFacYOK#pRnh* zN4Tdh-G_SvI+{yAyTN5nt9#L7tbGWp94 zW%m)QWBDeB@^_p_KN}r-#I{pG@fvy+-HFFl-nc60KA7lU>#(Hg zO-mmD%JcU$^(Ny7#3Y=6j)Kt7u;6Snl|aV8lTy$;@Y{l;tqW; zVGLn5Cezj+Z@ioZOgZ{%ICh=@gLi%t?-$Zwmh>EKEA6?TLCgJ`7}9eXe{6ZdDcEye z(^z9y`2mtn@Drmht&FF!eO|^DC;GGUbxf+HfOupXV4E?p6Y(J3E^`@M{nFLsfxdo6 zbz_H+W+5};p2LVFIMiP9R987Z&O0n#HOPw2pV9Nv2q=iPZ}hk={NbrcO$|u<76i#(l zBSRDCK6xIbKEI{6S84V1EzuUzuu|XR{s>j7ebm_f_MJRSU{oOKco9`D>oaB+DNn#9 zyVk+k&J~Q=dfN!BJ4HP<;nR;JmSRRo^+S2n>47G?Gjeq;iAS8hRRX_D3>6G3Y<+K~ zJ`+m4)1$w7AAHhtrTIQ(+fa<}Ghc7iNh9X5ge%P!ZbQ9Gn)%Gw%7GpHo!}d}JB|03 zIW^Y~0aK{|>x(q-K6paPY*6&(e-4k|~bL z4sn?D;})qOJ1lqQNN6rbvO422`N8cQIgT|?*Wc)+4`AlE9gLXfLoaN{Q1T1sPbB&cN)fbLcn_}_8~BvGLHmsJIBxE_F`hc-#K;*ITR$=J zsK($aKV%H0j(_x+ahmgn(4&PIQYtIg9yAvTeznytP z$@VteDG_RKJEDqQYDqZe@O_bQrK@h};+Ou?$;-YCV)vE{-?_?TS~G4ATgUAgoH(!0 zmHOgf+)myX^JX0W9;w3i=NaAbz6Me2#)*T8*Z)+C5#V=55|kE@)_L%ybmQ&Fzh@JV z6b|cv>Tz^_h`S`C_AfaRP^}qc?8kbK3u1S;qTe3&6kj~xp&gntr0L9vlSvXk!;osc z)>MB-gimBtk(OF{aezrSFk(u9&sj#S49{2IUoA}iO$&Bv&^v}R%dgMd1bZ{9zDGfk zC~76PR1vHe9d6%?fys_wYi0CL%=&O$Q95B`k+RD?kc`WSAj>`4!9Voi-o9Uo zVLBxXjeS6#G7Nm)mxg%vnBr6^&7N!z-sn`ECMdCQGI4;7}uM*-{hk~@ewDN-y@})Po+Rf_NCzD z3%j&Z#$Hj`dup5tFhHv4Mk;oL;!v5vC{dq{duq_lGhP!#hRI52^lK`nIK`g*#%Vzh zrz6vK-s|MfG%KuGkt(Ji11|h6X6(r!-{&sZ?Lm>;LQ31)%wf=I1FX8 z%LK6DRPdc~opmqQ>8|C?;I$+l^!MwqrSI?EMQTvsC8m%Bih?<$!yv#vwY;I*T7}5vZ?b5koN<0 z!-&aiuTFvm1AQrZ%>GL>1$~qmvb^%oFpH;Nft~+&X8x0Z9&pDyN$1uXBcwTL^3a1p z+;>c||BrOMA+t2j4$(CiJ1`eG2x7bUrl?3lJ^`q;r&kE~~ZOgvjTI&h60_x8vV zJMJx~@56SzqZ7{0|HQ@(^J2%w4X(+Z6Z@}T90l5rC-}^7i;7L);vjQ#711pP3S&HB z@TP5fpRhNG-QSV9PW*B^2R}v%Ksm$!r@8OJ;LDuKeGFKe9_LCXZwE9mc`W_#`F%;c zvY$%zbLElEpkzBH%#zYW_zLkSksBW7;4@o@IFgU$K9+WPL3p{w#~1AC(bVO5aNvJh z;=g!5&5B_N30&5)&IV!Wx$zSK*dEv|Gi`S!mgjrDu#@y~q1+b{P0GwGbI)u)ty=3`y_U+O2% zLni#6DsOGttaWo@(lf5oOgN{Snl&u^;M4t_1c~_i% zW6Lk2LjS^Cjf);+;FHZUlrQQN)o`Sg^!Rh&9T?AEAL6+LP$Xma896zSHThz;$%8zn z+X+W56orljoh{mWpYVfo&#Nrbt;IN(*)ch@YT*OBJW}Gk{-sK<;ST&u?MKCaT>od% zkMn{V56i=yuntT9XLq%^Kj{0Hqkc=9 z^}o8F1m9ui_OJ$jetl!hakaVcLaDPi%&pPsY^lL*{I@D{A=!|eMTR736+j{URsPq5 zvp#BFuI11&zj8zbkw1!F_rv|Hox6#vv)G;!m+`;Ss34(h7Qd6q_oc1*Pyk1$Rp~Fm zthvYNCw&W+iw3@Q;h#PtM$P*>O%bP`14Mq%jl^;@1-8qIZ0i5%-&5!&uI;! zOb!_#Yp>2N?>^k8Y$Nz@wPq|{`K;8j0gKfg6F;wQcP@_mZP~*R@Ccy=BYX6 zFwriMsUArCxi(H@hT%-p{Fq6dYZX(j&@0qK@Qn(ghu5qCW`vJX!>UitjXVh3-G|}( zP@{0IVN3^NeL%Bimoc*84zjePL>UO8*OxlSzqzHl{`2eEnDTNQ;;3ki_A2Iv7C;%aPb*DpdO(E*Piu}l99voq zJ?XJw)k1|5!=Lp?YyH%kw~9wn=@>NFQ~iKi5e4;TMvCU2kzHnl`KXm?FEDBCI{klt z|CJw<=)8FbtVUGytLCNM9zJ)kT^?Vc0H%T#N7H$(R%su+{Bv0HlRV}GCu7&j)$<{{ zLe2%x9TB^J(eT>kzgz`S^;bhX{c3Ly??2BiaKZP|?yG)(V$o`IoP2ZHHfADYU)x+b z$Hn;&Zpi~r+s?8xjA`dRe7B2B;L*{B7)_6`<7Z>VPk;KvfA!nhH~-A~3dHuF<^gSv z_Q?|%QGAcb)~YGv9dW5Os{KpCf}I*&rAAJBAx4j9YyZ+s`uRuwmXPZsjdg2UZ%+N> z7;wGo@--7alOK2`Ip?8K#p&<0TaG#ydwI#0ehuqyba`2i_MBN{^BhWpA1?;+53eoc zPh_z&x6+BRCinl7_T|7$>kgSSMExtyeGTGXgaTIaQ}cN1r3WQiaH=uEpMm(dQf` z0ifPj)lB`_F~#VqxrejPC(5ZslECrpKfYIT0WVy-X_5&v6Bfu{1-xi+DBuH z)YJN>8MBs08t#;#IKRjmZ0}|j(rmkiNT-)<__Zz^Svs}um0Q3bqo|L%yriq`7{zuW zL!1o%Wmn9`t>3OSZ!=a5iH}u0=U0m{zBhbsZAEU07nJCKl{s=aBTvu;T#jRU1|PIBf1*dOQ3(pZvU9*{o9-gn#{VEZ*O9y`U} z9Bl3CNd3Yjvxg7w3a2lK_~_h%?&>+RkNe5Bp`V7&Y;;6^X6#LEx@h%lmptaitIYeP z#G5%N7cp7?S7Z4G63-KE2_8Ot{PHX6(}LMQNB?N~jo+)!EM8C`?cw;gBYJGw zVIrBj9TXVuze>A8*Yd`qZ#O4zvQ6cLsQ+?MB=2VfJ=%ukrcA zGs>4tJsAft^iubY5hon>ZNyzvwS_e`K4Tg6TFKsxZJ9Tgc*d~)sVwY3!7L3awnxOV za@-)Ttcto4A(BwZ_Mp$p52(%Rg4RbqW3qFn^nb2FtuF@1+AIR&*#@JllRpg$vrTMd zRi7Rmbm-IZO3|LqsZ&ev)i^tk?E4_z?li|rOmt-wX2jPyzay66lrIE`C$Eq1RRuSX zyiaUPJ%#oSOW^h3Y*~6p4&?S*5;vGQ%R@)^`rb5~#B3dDl|NikBs#K-Q$_Q*Ztbhx z?^{2ISXjLu9nln3QR~rlp54!VkD|9v>GVmYDc4`FEX(PUo6T>|7M{LZc$Qstmld4K zfIr*$Ts&rQpDZ`$V0?V^;cK^l?J`1M*mEZGJH`T;<7@lU!@WmoawOn#&bEh@z2Nfm zqoYkq2X;>cTo!MW*{w2u&p5d4VvFX1>8W64%^!5J6FZtl=9ApsgU(Og#+roGq?dw~ zQ`c*|6$S>+7KghZ-BY>!#2{vcm3VJ}fh%dgXDoVuSE)-DAuMXER=1x7ULh`wu1Qc(GQz*qBe&tR?V}k?ac3{GDs^niMCxcSI_V zKIz+=MtyqCPBMm`{2~f1Oy53B%zaU{*09#sF*I+SY&q+Ckz`ih=2I{v zkKqvOfXQA7vuXTI*k=^CtJ>#hUCFvU=FKe|{L>F3n`=LsV92Y#J+kUVWCl88qbPwl)Xg!G!6L0JOv)=34jC`N46gyoM?jC(1CV*%Dl{rZy)9(Kzn{5OWAN78XKTE`PoYR_B z`o%nEZ>9Q}jH+*UN`CY8J#32|Nr3INornLVDT#$^ZW#Ub8$aEa?68}q2TgAELws079i{|75c0`bKxks|*q%wy zscC5ad5I?XsKxn`*+yLhZi&3(jvaW176^X(PD%okFy-;t$S zdpM@|+c;%wfXnnLXYH=Dsj>3w##GF*+aGt#qjT)XLFZm}{hIG% zHXh~A6buM~L#8*NYa4spBkY_P+F5!%lN6GICoEl*t0zxG&fx98@C5ro0gY0b6M z+L)2+H&zzBJBS(%d!KlS2sDyU%;(andxu$qU?%z1at#x}mxT`e*q&jCP|82GZx2uI5d^HErK^7q4Tx62^D(g|3XhSUX`wA}aVA3u@u-#IgtKHMr4ZiXw%smMQTP|6*kc!cq` zf(>-f@{%2^Wq`PrySa8}0*P3l)D$pM*iwmQz>E8Q9~|^DBT}yZ>$@G$8+AHCnRZHH z(i52i)q1X(5xag)4B4-}9S!wNd=dR@QMM{lcF!*lb5xn=Gr?}l2KCPwHFFBp2X=M3 zz=xtfxhVM_+;#|E|2V#QewTCw)l}8Gd}c!I|96>vsvZg9wh%M4eB1O;@FJ>iS3kkV zt9a#+wS#fc9t`QCc&t$IV<`#jG*WieLm>AiP%&)(g=*7~h~ zi$0;3f(HuTo^9(+3h!@~JiPM0M*5?Lo$v*&ckrQzuSNQ_qwZH3zg{9927d&VIo*uC zmir>GwS%t#h)c;XJmU{3LYo2RtEgzysj_*d9tRG{+Wt_~Ar8CME@Zy{Lh(F|(+-Kx z>4)1-<$7m@v-dGnAhvzIKiyU3fFSp+W^94_*NtJFN_d|y{p4n4Q5-|*LX}|S&@4Bea{NlJCY-Y5qH6(WBfj^1s+F#mSO>e?;+WQ11<31gyKh zQ=2H>szKRHkN5J0DkEw}N}*Q1K(f0;gEte7nvMcWPiu`ZtxKJmAM793Rc_~gzf#$G zeEXOiMS1t_LGSzCsw4oPICA(4@5j=BuUuCt_U*5%G}bnn;1z(#l!E?aZsx4ZQ*Fd| zl<)X|UjN6yya5J*0yf5FUi+f3&UB8#Rh-Ss+Ui#@>!0wHvJN~7`rwbE{mX(QbnS}tYxNPXr*v7Rz%+9} zSw<=)hf!QSaU*uOkkKy5V()AVX(aOP8xSS2`bD5IsW62A?_p-g=(=L9>||L-`y82H!bc_i`_6+0u< z6oR>dA=P1#U-jpbr{nI;PEcfoOc}kR`blXhd+O9z$f`r zm1j~G`SC6S{iCA+Mv%)rKJR+GSQo99$~atfHt(dyU+%F8!to7A-8pAJoYOg8QA^W6 zeSYM?cSKD3+$wK6W9fRisK)MomItK^*(|_%Sa>tFx_2=rr4sCS}N>AEqD4mG&lDEJMwfF!|svr4Lp`0ZBJiMxVwI5r2uAo=FTNZoK}a( zhYNqr5}7{8v^u%JaogSd%0ZsgzK*dF36+W*tLSh2G^wYJ`l=*p`Hq5&ThPxSj_-l@ed)+Yp+_9s0pYl4{gX9)tJYSJFzR#u1p;Hzo{!osu&yM=DBPBI?s2#y3 zom&y&nXmnz_1AQm=7Th@i{B^SPp{o3=g}B!zbqKtmVq^7a3I%vKW!vS#xbbn01gN; z)P~ge%!EZmPaNg_BlD(VU}+BUZySY8x@D*6)v|L*Yb{mu(V9yE)cxGYyd@a$W@G$c z!QwYq64<$fTomS_tq)@Mz;Jtbw%I&+t+D?8e)2*9RbElL7K}wtx z#F!0>fa+>9b~)MSsy!YVZxjk6lh%L{>q7`EkVxPQwU&quDw=5#@h6X0NejUEk987i zQ!6>)QEA<uegr&KX#MCtJzB2|5(96LIT$deJgf;+mvB!+qR<035t-WgYSTmclmlD z$m={WEL_X)Re1aI@?+VT{uHUnLeoDy^5}HwXedKri&5ukZTzI*!XHi>$DLBAAG8Np zai9((TxAs(kGuBzeLSu@G7~&^vlB`tClD^bh;IUZe!ML_AS6LfV$%<|*MH-V91wLvh8PZML18w52M4`hhQuyvSl&FieLGV>Htt z52W&Q|{XS~O`pK6JuYn%=&|Nk?8E2x6pg#?D>D(#KLlHt` z(3sxlBZLgL_JGb6ei`??n<5$+dWhBnIl%Myfs!d9p?tq^`x2Bq4>deli?i;E_lEC{ z;d(J(1^Anm#r4WM-`pSYQHY%6Fb0BctXPALkc0|=X9lW9vD^}Wr(j^ln`qSumnF`M zM~)s9JYhoGC>L`vMe`&W+&-Via>;%KeB@KgHlYpRW;-4<(X_NQX0%V8Hf|;fI^D9s z(6(h-3LGGt7&2CNQTn1B@=%w{ThX$9E6m5cwUMDW$gVhGHbdv9JVmO&gkw!x-(M*h zJs@j~h_~3$%dg~l=K-_nM=Q=!Heh$%)81X5D~&QqAhFuDXphw6N5Uw4JbRyfDKrs* z121!V6SJg3kyOry7kXsaXh#}f-=DjElRV>^K#GWt@4q!ZZlrGb!4Rfg<95KA{+zva z5YXBDJijBWmUihLR;?^7*m@nyRxX(LMCUK}*MCOhj9?<0?t5w4)Gdl(e!f_TSAb&}803oEw- zIq_Y8UHX_~QQjS;6Ya)-f~Y|1XL`d?r2A2&4U&m3zH|@DV}Jo;ASvmPo4eo?D9D*4 zNM&}LP(=ne2SA6{^y;d>IJJ{p&xOxi72OFwYRMChI$ke zcbm5#@02^bmd(u%Y|nSTK(Su_TKT2vO8=XYW9--=BX6QvCqNU8ZoeE@tGNUyw&i>a zHwJY$7oXLQ+W0!jw2rz)WdVXdR&+K4#Y3dAQaRN=1=p5jc97(l9m8U`i z20YdhlcgYwrmDD@(8uGYyAY0M2AwD;qfrji&BOjJB<7>{u6bC@BJ9q>bmMKs*x`j zu=}YJUbiK>srU+-^8m6A>6_s-*xoZ&dsK{nY3Z)~9j0P>;p*Ty1zG?~%O*Yp%O`2@?=>x0Pf< z^2?i7D8qId7UB_yxn&-k*bve1QILb|^t>hM+^N2u9>@Z%ZC2$dsE0?Bj@cOuS{^nO zkX|)LhntjA`dmidl2!D8hGc`n&Lyw2zesknWF3dSReS7!BgeEiGUEgMn2Y? z2nJqxQsyD$@_zUlzL@-hqzoiVVVnw0-<9|YW|-}T#^QVu4tYNqZ$T?wydniTMv#1b zdagl}3I>3Ld?t92`V`0nS2TIpuNoH<;WmNfw)XS##umY^VqIwpV?kyU+nT_OC%}4T zcYDZ4W<_5oy<|S_WP%e%;k^5?Pm;0+xjKPUD+z$7*Bh@+^L8<(A5>P0V#*Ee^(O%# zmJi%c<(Tj>Z=%UE*k}C}r_vh!=FwGo@ws}ge)wE|Udg*U?B>Vmi38AXGKBWYS#ig1 zrKA6zblyJ?yO@%%pKhrKZPku<{IR;-9^em68DWVMq7*-w1ULhE#V|=TB$8Wd}Fm?4kvjF4xnI*)A-9WJNMd>E;z8}NW z(IXyVnTkMy$*m*k<>aXZ;K@jWzGy^$z}(&HB6=>Z7f;|^+`U}lSVMtg_J^Klt$o15Tj#2#8UVf7C)Q9tQl2uw;1P7#`C;Yf{5|v)u}Fq zg+K_wY_yxYnaJ7bmyc(g+@bo~7zslqG7Zt?k231@ImhqPllkLg1#-DJI! zrXoFvlMQ#bfP{y2c0kiME3GqbCh7owGhBuMhA9-ZhB6Bx4)a(+;Yhq_|AU1G7Rx|B z`G6kB(lS$^v>34CV7I~=5S0P_`j~IMN-CEVH)01cxUzl#X2VQg=DJn$xaq%$xc#4I zy7v6g-hXHT{DJcQ$=m&(uFU_g0!L?)0dIqxcr0L3bgRPSdeYfpFMz~X20~S0$HExK`KoEAM2R4V$#CvRQZ76yIQH_;N=`_KJ1Nl&09=jDLKN^ zTTUde{1YAQ&!srnzexiAzdz8$_62S|{5?7x_5+N(`&_$}WJ!8Ci$&D9vJ2lxCjnVO z>7;KfFYd~YN|{xf5MWp^8YG%ZEd^G%E_UGtIc5vE@i5uiov9kywR9`n4t^S8aQgrP zCAEE(<5vMYd&^^#?IC*cUVxotBz&7q8~P%l#V48P1ynzcn8Dn6d~6 z>0LczLMkSj0X208_&!z90tSwsfZr8Pm!HO3A=VD~hT7z0IGt?d4FGs6B5ILOJMb{7 z6Vj&>Jj{CHLVrHQ){9dIE8VBqK`qeyHb zLjv#ZSmrskx%W6fQP$0YG3-a2@t_m((qfwlGzYiaBJD%r z5AIwGUSIX3-^s~T+`*ODbg>a7qxQl*W>_+NT}Yi~E?9fIv39nAsXPF?a;++z$&~;= zt%S!1w*_>%I)D-jAFCpP6Mo)!_rHQ_{SOgeW#^6)ciE~!aDuCvOl7v zfq@fZz%B;hO^i?K)~|;$eQCPacmMk^ejhvgt?91+aBYsowx%n0!rkI6FUzYg2X4?# zR?3{GzJoe(SB^P$0WYVuI75%wqX#IskZ*;^by2s z-W~;)U@#zI_6LS#G`~P90-d0}v}gRF*2(HRqv6^mPruc6$M|) z!Gp>EbZ`(cFKJ~vVDzdR&27&QuML+0cXbdc9n#6czH_89oo@C%`-$Y6*Bm_kH2%#A zr+IgvBaq5uzmkAyw9N+sG%1B}Sr!0YAu zA23aB&0MqeSlPO)e?wa7Ukb{)vu4XG{vbux`}_(0`>z6bsdN#&Q{v6Rw$E?SZ-^>? zkffA?gZW_l^K-8+99c|Mb?!F92)r-%1G3=XY>VeqB-H1oR$o>kPiXt9RYk=18DoPO zZ!Hl_5%KyJVNMeWQxU+p8g<5U0EWvrxF3p;6F&|3BN>x^j%Op{M&#&Qb&`o}hb+Kl zdE--Vo6E252Mlf_7^}|$6FY!d9mFEYp)~8VWw4iK$Ae@Y0i88FRh>uD>b{nYvrL0w z=M}IFx7F{c_POiCs-BoF-q*YqwNC?hTMZ24dE9Bsv&#YdsuXl>!Q;9bmdtJp>4o!v zsEi3UKmpq+df?o)MKj0-JA3D%N*JMf_!_R~G^==+f^Uj1LfEw)zY8jRJK^@dRd-Jj z>V_Z!82UXRDn+i;Fy>|QGoPt^v(K`m64Zb!srnarbsr$Fc0MG01`w`a*p(l5I%Mz} zJ-FaeLoJF%dfZds58BG>AJSIuxQNHaw5~L+i>cwCoc#ll8iX%xc~Cvs(eglY?$R+* zD6-QxmX*4lf&dj3CV`w4UbPVzQt zK~jG&2hi-;Xa(Shc>-9OT7WW_oJ~O&k#mmlP^aGXmIPbjp2=CPoo>w?VXd0Q(zp=f zdxpoHKOwIy2!JQ9tu8p?*jBhEDY%o~XClYf!iWH&SdgETvtgGBc|iSGmo~J_rT8p% z&q6LcLoc@W;1U$#KdZhn13-`dve(8HX|Z%N6kUH``2Y2;=($_-yz$Ntic;#$YbT{{ zQC_)N&$E4WSn`K1nYZH)dODc#DKw+lV`4`rz{`$MTk8fXN`vvLAWXD)zNauSY`ah!J0)Be( zYI&?rdO**W$SW^zB2q`$66Y@%rC!W@JSV8A?W_H1Z@j7>&s$qyP;yjrqyk93UsRqk zKms1V&jAQgOnoGiW0|?ioP}y`%9Tv@IN2vmU*v^k*qw=5|Cq_M`mEGnpcba|*TQ5A z<`Sv=mWu5&rLa(?J#RI)&?Sq8ZUaDgX{M!~xE>pw54`f4dmG1&1nG5*RXMz9X$jIF z0cZnwfEWp|Ui=Lk+@I^I;gD5i`^}kvsmwgBLz{SuvI&;+K>9YB68st7Kl}1V5Q&@l zGq0pcR395hdl8n`ozyhOdj`@M^Zb368JLjqVH` zyZ3kg-hiYtK{N;Hour&w=Y5b*Q(A}$NSU(rgL4FZZX$BF?v_8@8T9nh z54KtR(6IPP#9?uECV;tLmXwSyK!@|09AHC0aDHdLE#g67&3sYDmjvYope_%+xgah; zj0`paM`P*~N!R(3QLg7Wt1pl91M^SqV6~r?(&Z!+6Fk1cU$Ya?bEBDvR2vyT5|))Cj% zI`+-)L&mFUmje}Q=*_0P*s&BFTCz%X5r&WIH0x2lcNBmCPSW(^7v98*MMLLTW9R-< zi~h+03hpQrj5UwEC(BW1&WR?J;0FMRPg73p+1yO^V)t=RgnXo0L%Aw zIWhK$gIoRd>ntdNnc3||yt_Z$OaDVn8|97E&zqYf=W)t zssdLgdJ^&10JSv{z_8XzCyiiygNOwKU>}t$Ak~5akQKPSZ|<3d&`aQEroZT5YldYo z;pW-V)*eez4bg>w!0x32rTxA^A)h70$1lJ7Hg%_oRdGgSX1i&kql@axR>Ewt7%z=Z znEO>g(|2>YBW{|?IXGCr%3fD3nT(?(QvVRUWW)o^bsRj$KeHTY`r?Sr1yy7?kR|r7 zaA1=tYO8!QAq(ScEDAXL08g=leLDxch{O#^*TOy@sq%rtzQvK#R7J$;x-E$R9{KWn z9)v=C&Ki(MMWzmMJNSdd2U(Kq@|y!fApHBjDy#U9<@e?ft}sP*4rD#N3`n^OnguRC z_zb#|?-~2q?1bu5ReJpUs->4t2A`}|WJge@mi)r2SyGHCj?zqs+lT>BUmaxI>_6~- zI83-r*Wd=34oTCSs-FC%yTN7eD5m!6<3HvAZ6G->MlsN*R4KWd&zM!%q{V=QVa?K? zsD%wjv#G&H3P}rq*MJmn&HVU$`q+ioGNE$Yh}n1ZFnn3^ZogjQADVJEge)7y7z${KLf+38nyy6`oy$C|`6aslJ+)|}N;p2@*KSZs)+37=_ zr~0Hl$_o#8*xBB)J29Vm7Nmw)%>+vDbK-yy=i8sl4Ipps`UmeUv(uVFGq>4{k@jQ= z&;(NU2K#X1&LfSmH+&iKa$E>&iV4?ir}eITirnFM+T)(vQi~EAK+)21XMdFW=(F}gZb2SrYS*Pmp|mr zkhKDl9whQn)v?6F!F5a3M}{T3|HX?fI!XtWGx91OGTJ5h`MV1jPC=NiSEoRVMWYth za=&)KPD$o;Jhe^tATI)wyZ{5RRtrG!fITLifgoNAdhh$J%VH|9iP0mOE`6PrmA8xS z4D-Ue*KJ647|4HxKdeoQ9512f{M_wq{gHMyNfOL6Q==Qni09@GF z{&eg3B;WmCjOh;F+k#jS*N=IC1pQXbX%itiE`lrJQMWLnlizUB-+OI`RxhyXE9u+$ zmbK*qU$aKJ$dlK#Y{D(_onc+ZM2i=GuEM4@L~J9O3?v)KR-Ifnr$PYhdzov$xG4aI zNA9B$qRXOh0PU^~(dB+{{4w?cE4^tyJMtjpK8X%;Ujp2AY;Z%zd`a$HCb(=M45bCMG=XD&d|>RKOQf5ll-^Be|EBScte-5qVQKeP<@ zK!EmPG2TjGAdGL(_!l*}2!5*4W{RoP%V5yyDa46`97FPPhJzf6ni{zWX zaJ@Y@A_piq@EU}OudIWM{+RSM3O4Nl-2GgAaaxmL92gZqbBV|qe$hRJWP}tsOf>m^ zNx9s!_AWpzdP7sJ7^L8|S#xp5gVm9TihAB#k?)2pog`y?MZ_+ZLM%(3Qm+Ou;BQZs z=ccCqRcp~&1LF$_EoR9;KHqEl;^p6)_PXV|XHZ+D;m07uqu!8L5*n`+Drpp>%ZzMh zJ5IVyKN!VxQXbJiK%2QPSr@Y!8DAB$tx!8;mf=QTdA^k_FB$BRC|qRua;cdiqGe4K zCP`B?%BA_S>QIH@jS4q24MGF4elp=atN1RU7*Tn(s?LE#}Wz5V&GFXL_^fRyz>3*y2Oy4 z*@`ER+O%_p2sk>xxu6$GWgV$P&rFkG_r1&e5bp=hX8Ts92}?myzJw} zLq!ehzr_rr0R6x@_wL)*5>Mnk(`^4Oi+JGOu=r2NBI3@Ic4DKCE%%EKB*}@nHLfP# z8YJsPKB{S93y4{LHeOtP?@uAZDJGmdY7~DuED9b@Sv=t>$#)5V+l#Q7E$O-l4Tp_F zba)3CU2bOMN$V|?sm3y2gf0Efx8c+FSC`7>Wy&LU=AYG{6`fKvn zF|!M)LaGbx&rZ`$RX0`>;$C_is(PMJ9!*EmmCvVDJU>{Bro zfv<9Ur{HKUc#NgDXmkdPU@|JZm>f?%3MdQcZ@|5Yg{ZA9S(0K^fPJ-$xSN}sp0BTO zzDtu?M_QeGU{WbzZ@=AU87d0|?DG3T-b9S`GPIEhC1EXW)`l^4{cufExdDR9n_x)( z*k)}dehsWiCeB;8;ifhwAHm?yo<3Zt#W)6)T?s;!Y!?$Jj(8ERd!$>wf0c$|5X&Z| z@Of5^8d7wrL(^kt!Wgj<7Ja0KbbC+XqR|H6b0)Cvb=5aKa&otCu9Xol(*wbSn!uVh zq*3C8%vZu?IiL8i4kt&5XGgxifbGt}=ZR;NvNK5j#QS#TP7n6O3%!Y@D1cSC-#eM1 zghX%MxvN`%gk2qR1Nb%wX$2(;w=6OX9+t^C1Wnq$)y^`A*z4H3Z~ZvBE12bcq>`V6 zlz4o^6^TX)c8^5OOGSSl`0w<`_9M7v2X3gZ*DSvYIxZkywm)LjA{f1%Uj}-ptwDRj zaBXq$P*+4XpUR1l@AsVTxtZ_W^P&`=yAWq={P%%>>i+0E2koMWjL4AwEYjIw^7?gG zB*k%=`6r&e6&@z{_&s?j)aYv?-L6TO^?Xv(qj_A<&YEl$8&fPUk-$R9ZCifB>(7Gi zef61>p02l2UPrz;Ou-y_Kl^tL@+`b!cl*O)1IXeZQu7o3bf*7Li@Vqf_i|13Cn@0P*u8b`eU zZ#C_Wg<`@T83Ga0x35Nf=KQ~ILk@n-e~aI!5_9tY!ivZozN-X`Q1^)gzf4ep7~Nx zpS-Q!Flvjh5JM{cMA{9s^^v>XF~${}N|GX39dZWD`ns0PGI+zuHSC0MN8qkf*h&UQ ztA_fXEj7Y6U>KOe*ov;JlYW)0Stm1O4=t_R8@O_0vx(@X>!)M@YVAQ~A^-}ma zWI+Q0OtY9yy|;wGas6~0DnH}K9%FgL_y?bKS>Ow^ez@p*Of(J`KGgftCoUQR)7OWN z_qCFs(EB`_%W?g0Td0MzYYWJUG&Yc7B+Q>+fgqu=`8K3sBo`6)+WPVc96o}C`V$;r ztXQ3J0+KFBs>1iN`tWHqc76tf&4KXnDlq6C{!vxc{jC~OSI)Y*ab!nJi2j1OmN?53 z*J=9)wzt$Q?{Ft5C%!&zkKzwyndkX(lsb|=@zYc8G#U0cY^({UY+Cm5_WU$s&E4PH z>m#Z^DDi||kT~D9bc0r)Lp}Et?Fse^ua788yNh2HyUbI1CBBQhTla9~qontd9?VY9 zLeyxr@2SN1rP1p}KmXUgHDlXUTwVSIVplsFi5vxB%!4&=JmlYyQq{S&0jePd z=HUk7>gw_lyD3JZ;1>Co)_^Gx^GCeJjq#$X2RaLjnU3Ttf=tbJ|=@0vW;mtRCN! zSYL6cZ3Um%s6N#+PO;5=!V7-y>yTXjhc74#!^t_`3kBPyRF;6$8}w$tjp{4nIp;D? zeH2ktd9pcFvIa)GBP4_LR@&p)O;9kCZ>}D>mcS`1ihVy*RreNg0~=F*yz`62LsR;7 zK?*^5^_i~t5p^vCgE)*D|14*lAyT(FGE~`8lhd7f835X?%>8F7DLOKM< zM_PskhkeTLUKI{7Jqg=Ce56soid-s^;DC#yhg!)x+1E0xtUc1NPMuPiku<&Tu|u=4 z_K2z3kCJUOmM70p@T27MdjDxvR6WH}U(JLs1xRF<*#&I%1J9zp%JND=8)X@+}Le)3$wh4|uSh3}?> zWoLBYP5Hc&ntUO^r9 zWu^l%A8%e4!$txP7^rBfoA^upUzyErUNkzBVx&tQ0+g3TpzBhy%iwmkUMB?wqKu-P zxF4XK!SqXM>lZDcMWlPcLG57S#-| zi!smu?Hjy>8o0jg&<_gcncqM1KBlr=S?li) z6Dv=|0^4QIN~*c1N-Spv3L&>fTP@f66;rm?mQq?0J_FP9)araE7z@Mr?i02HYjv=% z=w73B1Nc{IzFNPmkR$8$d4s%5?duB9$a(nDbukY`T3_q+9@6xf%V_cWn8cnZ+%72MHiKkD7N${ z#+@&5neV7ZvXB{ikHI}z;8gw+fV^1g?1DEyreW2kxzCJnqP@!R2tKr9hB)^P_{Ni} zeozaQlZUx20tL z(VF5|=1+Dw)1awP8A)0H=D8ttVblEN(;vFLdj*=(ViYeQ9$e^6n!&Ft(|+^3tih1G z8T*i>My%ZZxaHBdDGY)_cpLe#W%|J-?%s+=^5v5&qDp+ z8fy-%k#A?ik;T^ms&5F&3YeWH#dWc5+3-Jx}&^I?j*on~>6HTEfc3x9CN?RN#C?(7it;;?lLPLy zN}95(xM(=Pcg98ATy-qAkj0n~AehTpGC_0t`3WhKGjU81oKKSvkVE67&PDEJI^_*` z%Sj`qva}<@r}>;ogfn|H;o;#!Ra?;X48<1N7C2-@-!G6SCxc{6nZ9XlkiA4gTqVsr z4KIr;AQOOd)-bSTco_(Zov3}jcq7%HUAmh^IiLVY9#W=w_gXH17U4nYXY7`o&Ufr z<{W|jtV2LupP&+uq>enflW$*psJ~-2^M#tU&V9z0uMByn=GpHp9 zwdv)JZvWxOxQ)N2dIWCF-zYdP%`%=d(2*tD-m$2;6SBK=BJ-ArB7ai%TZsH^3%`S(2aK%gyiO>J&INw%&?()^=xGj<>Sg! z9cM_bts{eC3(8bzp}BJGbJp_4S58N+9NNSeZcAcVr2zjUw@?4OPX^V6N74*CsVp>dAJm6CJ!g406JiG`oxT2!_` zVqj#41B~`E1C?+hv%}A?#vulr$+hIAzB37PZxf&;DukX3s{yN6ke=l$2@%^c?jqWAmfVgJ))w~X zorxp(Vodnrhlo>8w3L+`L)13Q$;HWwTgVSA?lxEey^fIx;LQOR1YV8sI(_@*`_Qg( z8R_6Qd{dpi&#gM?dFHCC$0gg#ge#B3?*#5dvbE4W3HzF&emc7YhTao^!O_Kjz%ZGM z;+(Fe=f_h4y70{n*3uiiQ0O* zJNiwlExjTBEL}+Mc_cm`^5H~p4v?UwqVur6u;fFJmNg|w6{io^3=66mMvtIZhkT)W zT+@)NEst;=GhOcnM(6N4TEV#ajnz%`)augG$m&S(%X_0Lr8jD<=17BE;Q6?t#snlD zjF|BzC~QnMg7~#}A^x)F&r-TY220A|NNiIX996?&*3%rZgda3VfWz}_`{-X4{(5%i zccJ@g8di=$A>BG{p}tP_{C7uWPulJvM73n681Ekrz=qxTMC_Z!>+eqfSOru(#mr+A zAzzgF<5kZGRz4Dwn*!o_fDr)r?qK(6YD;yS)YBm)+~mnmbfDgo;1S^B&OJFbCU9}O z<1AC<<8w!61tz?RLHoD&y7q~f)zy)k^Pu!;&?I!a1&E353rMyuU{Tv3u03z;+R|J2 z>yYPpqU?a(UFzjcEGApxYxtQuLs#g1mvyytpikj)Bpl7_SkFcn$~{fSD83>CONI23 z144Oapfzl98Qhh(00MdC+Y5Bith>D~4(49(se(8!Gra^~328l^m!zxBZ?OJSdFR>1 z7W?bsA+~V(Y*DpUzMF|hPU7w!4?2Hc^mU?c=2y|sm1Bnf-O2V;AA{M|z!6_`-dPrkr zuZ68m_dnOtG5|baGcpxKP7(^bs~aqf)>m!zAIXR7Z@xmlS*MH`ZxP9;gT1H(0^)Fd zkfXc(ihz7`r()Qa`33A;OO5{1$+0x{`=YqTc}-T_AXvJ!eqW;dFxAMl6^4-%@(tcq zJn0TdpbwOPB|S<@Zb)WFoqx?WmQ&s4y{qQws#6BmtIZKlY0k;KIswj3;V;0 zFb=0yyc6b*pBTngiH{Ip?oGbpK#jX#G^Pw%?vmSc+x@+(W;~Z#dg!!)RI5oQLOn`V z3jp54N3a7fm+y6&g9TlO8Aj5`-SH$9LJGqGi*UTN``xdd>EpU}n#nT{7mcYk==Y+B zv)EeoeW0CyyMGIH2c#M+GndXK;j-beTt=Qe$z$E<6cz5U4?}wgHSdQe4eyI#RR@l; zSi_udHPv(Qz75(+7f78q5dxb`$+$}48gfZkyPKJ$Sn1npwe_hiC86`IKi9J#{Y zDqmR>vJ>=XrS9xX)V3CLASQFp-i2DK)ji%O!|*kyd0r7D^<}A%dVX>Q3CFwUm|FVZmZw*ZH}aof;+KP2^s7QkCzaeZd5QOPVGW1B=YuO2P4-&CAseI`k{x@D_ef}&*kYQQ zR5js8*C_2z7iV})4xnmxVf3sZl_dTKP_dsms7$>MCDEMq*PRKofdh%hGatYOfo6_F zi1h@`>8`E;x?_y~mzpQ(Jmp8eP?c*2bQZ&R)HOvuWZvp{-gY=>&LuF7#*TH@Qu`xC zKnXyRxR7>onRJgYirbvi0QQ@Wsrxx0q7~Zqj*f`|Wl#fkUPR1t{g@9%oESZmE!>(1KLaW=ws=RO)1o5&l!}*;S&%2F^kem8 zF%j6@%1G;BZ_?e?3rzfMwta9L%4F(_QE19Xl9TOg{TdQE%BDYVB4si9JZjRc{&RiQ z$%Ix>5D8QVd)Wy5InR?|`Mcc_8~Nf_DCYKOg@f?mxQXyfdNM$$#RvX8EzOJ&6TP^X zfF{kCPAyDK@4U;IGMn!nVVSu0eIV7~xY*^nZwWj$-*KIXhtMaUa*9#d#=u2&hLiuPj$pXDr~WinlAld@NY?lI?&)28`{pBuk4m zw0_#zUVlIW9Y$J1gJ-0D!|%3SV39U&KhL9%58Iv5+&ImSLMjt8c5!t9A)qrX*D=O* zOI4(yyNhbNPVUnUF`32(3$yU&=}s}-Ji}5f&xPopyBRG@KQa140uteKVv5z)!K2!d zMJ%rc*uVhziiEG(g)+^DO%bkD-rZhWuFEfW3B06w@0ntx2JZ&23T+NLL0*@p1U1f$ zFwJ+&=3HwQxj#TcPBaZ|==%nXN+DNy-F6i4Qw~5tLH=^Y=*hDF`!spZ1VYUyICb8S zM`Z2c=xXGvFXgT@c|Xl=(i#?apRG}Jhe3_;xis_5aVsA;-iszb9h<|%A!+(4R(oV* zi&}TLeBS4K7+4YOl$`1up9CU)y2HjufSFJLcz)RwwH{D}3C^pttC-6OHPPO-#S z8!Cvg$Yd)!HfG1#)x*v7;N%xU^%Z(|(?40aRB)$3awo1k2!1(vBy|BxHZzI7ZwGQKw zU6m@3!9+sFu|nd$}zW)bweZXI#~4`<;U8K*Wr=YRTfOoL(EOh*c{w6wSi`05D^F=o3` zH#HHEy4`!7Q%JcatNXiPp%H(5)wdTqXe}2sfXLdZEJQ^asZ+O*z@)QOC01IPTylf8 zVHAiA)R4wi3JEW*lqaN}N!Bt0)chNTf);0m#eY`qZZR2{rRMJg&R{tGS{;VzG^(x~ zA)~dFs4m5&8DhB}XG=2gOFFrxuUsFgAVF)`>yN{HS!rb+^{)&T+=%f9f8=Lo>rSRkzh8Cv5H4mf&qKa z`dDiaZgU5Z+tSxBgJw*-wWc0rAY`0TBu$uIpZaQMWYG~$>X~Qd3gLMiy>&ABVBm&< zyc8DICr1Iok_<08o!PPY%-EU~OE@`kX$07finv7&6dWa5kz*%~cW%2o-fG)0B*TvX zp<+d-xC|$Q0{3OS3$$y0Bv|N?fbdpPknA_aXv4PE12WzD?P}Ssop@s@2h+-xK-#=r z5vRB_GssLU($Ln3<4?}h1OihnB`LCF&uO#VP44_a z$q_b?Io!&(VTc+)0t?oE0FC1NF?+XV2*JDSulMYNYW45Rvx6}U)a{0yq-7B2#1?90 zXLl-XnmF!ua(bF(l~c;{AxW|WNgT=9c%C=i8sO{yqaAK~$)6;DeX2HBA$WOfD?MCyJ&Cd>ok4tS`C+;@Y5 z6x>d8YSa=xx0>rY_;}F-N^_LMhVlTUn06S#E*M;m%z(h(^BMCo5W2r9UM6{ z@P6*c*iG^qQbXbtPJkitZLk+>Iy1q$n7W?fE+w9x*4e+Q&Hq_OmA6{ov|5J$yPpeK z)O!SO)5GBS{A=LAC(?J~tQRUYh^I}_!((a_wp}#^&QWOhBYmIUnZxV}kmiPlfY5c^ zoySZSGNYl#;+a>qo?f7u?IZtAA3m*6*|%$R78d+{;9tByQm-i{P@Z5``1fFA|7VfX z)1X$r-MO7<#XFxl{dny*cwQ}&-4Xz9zFu6gx$crvR<_QWNjT>K_?;HGGa9Nqp_fJ4tjom%$cfqSnml}Qp(mj3> ze<7(K8Fc@yv0+DA*6)J-q5rf^>+Y!6q@B7_{grbgCnjv0J+Q04hwdsjcWo^)l#JaT zCS$k2^eN5iO!N@E{rOJbzN~WC%6ee#IHg2Ih)ab6*)dYpV1SI%$r^=j(SH^6d|`o@ zBZISdzCjmdN)>=0kkA&0Yjfl6jOhB?nOzeDGsK2V_WF$@!tq4>qAE_UBRm{8)Jp<_ zCw}ArinRN5Gjq~FIMW#&166iE@k561LDtLe@O*kx32S!mOw5KPG|tW zyS`67z{j&srg3$3zgfD*`4f?tx&{LT=+@C161M+wI*-F^Z;@DIx!b418i^H_(F%2D zd1SNle)=%+Y_ILDorNiC_H0+d-&Y2_WeyK#MO%rSLD&(S5XJEuj?j)@RPR@}FZ%^k z7kc#iS2aZMX>mK&>mS%rr zTDNOCy2a8}%47vSp~&{#v7&}li_)V(Lv z(CzDfg=0`5*j;V>_TT99zXtF?h!2~|JivJzRm zO_++hv9X(M26N&V%UYWuM%t6K9^N-U@r&0TAmA-5pb9ZtU5p1lIAT@V$+84|J_GMr zWC4)(Hc7;NzYP|>3qEuga%u=}O|ZeQ&%;=Ztf%3AcT z1C6J#gSQDT!(azB)|3ipeR^bUOr6Ar2(&%Bo$O^jI=i0fWjw0lKdrCOK}VB4(&$x}KD$;g zWR}822GzJMRR!NzWdbfxISaT#<*XC{XQnJPaUB#1ja8$U!aHroDAU-+w(y@0gn~5l zR}&X*XNq!NIt8ND|2?kde}#rV8Y~8ZBJEN5Kjdc@m~RC_YSLMog1%j8G#^OvT@cBm zBxHFneD_aS@F-$i-c60=!Fis9AFNH2U(Pt>OaM49Msjd}h`3J`^5^4c5vugMo(lJ*y}~Uf(I);6uZ5>yXcVaXBVFOS1#^PQ$h5zql^I06|Uqqpym@@)-^%*8BbddACbp9n% zLOnZ@Cs%oB^q&TX%RW@-riO=5@+JxP@K}24+o@yq-rp0$Irhq>1~B>P&K~CJMyr}8 zd%M{yebc<~tsHdq;k-+WAfvg%OSM(3tv7ZZlJ)kmb*`&Myb*~EeWlR>$1aAuX2Xhi zx7g>fCr+leW)-B!#ZIun_=K0>7Iz-t9u+CpOVOJ}-S;LOzE-~3eySY-!1&dg%+_S3 z*wF)hUF_IFaf;H&gUEP%%3>uKou|p*&Eu~{m`zl@4n06o06rOkEodDE;aCJh1d)jO z9>h}f5##f$miao)o)X5}6#q>a;D0*}`X5hAJLS#Jrw#4Sb-@g8WPQZ1tvKk1GKxei~6I8v?WQUOuwpK80Ogh zXRuqH{4XH`4uPxL(zKU*4((3Uw<*`iZ0<;E%zu_?#B zUhGliriT0>52g>{R+wl{3)V%O@asrnw?7piu^y}7evqyKE)VG1YF?A=qgeTfL z*wW&F;{oqveeae;ioNoAjM-81Td!$Q|OxU@K06 zH&KS%h7CKxv%ntMr%r1etbAqkKmlj~t8iEdfJy_0f1}qp{<_$6>bqsRJUm9`XLd4p zIh2Iyss9Xy9%C4s|J7{zS4|Ze)0MQN^xxR+Zy5Q$NA4{!)xUrQTcUC(ucT={4ll}4 zetHgihU2Op903{_!EWb21YUmV^w9au`I<8LJp#fY z^$%mb#L-OkstC%H4+K*e)^sP|_W+Q*A+V4?5;seJ#xEy&Q=U{6DdR#o|0-dfgQNns#-_Ob@wABD?;>aF9&b|4v7|kq&{a)NIA?Q) zO{cFwV5vZw6eY9V3(hp|JW9%Do-@K3#jpwiS6=gW%T*~Rl7^dIV)NMv{Mu*h7{R*2 z>>FYOU>mX0JgT*CZ>IfX7W0=g+hY}_fdqY-< zO_eOjrNEK#S{Fryi0(d;PeNLgIkeFmUHN71{~6p!o%2ePqVoVy&hcxM*~2)Yf8_%9 z;-JkIgQvKZq^GEq$6=$_K}=($!OT~{XEJ!$(eCTjK03Rt3pLsEFnL)HJU{?cv@22! zooSAT6zdc$P&nqG$(L!^06XHc+9n@gwp*B85%o(wTiJ?<>D0YIvC(5$w`W!2SQyS_ z@voq~#U|Jw6{D_b|JBlmlGTBEcmX$vXy0hw&)CuJoHsAxrCz*R`xQsn;!?!0GH`H; z2Tw85bmU1~B1|#xOcIMnhfsrP;Z5`0u%DqOuGzm2_Y!kou;&Nln4uKy&>My78wWZc zIpuKCQdA0hHCigpoCBV3={P`;Um|di@a_mleICR75{=}yneL>o98ZWwQ?L8qutep7 z`vHz-T_wlJH$fy)EZh0IhX2YrlRSWG1`Nq{$lZ?pm&%&~!4}sw9b=o5^5hv12L-eJT1jMYxKJtCv1 zwdb`_5KuK>0!{&nm9e@k-y4GZ#FEci_#D^vQ;f#yvd@Z=(SW(GUu>$_yHB{7)9LW` z=J}O-wl^J>H@ON(`tkaHDeQvwf3IizP}mG7o#G`#6~|;f{2C7L8v;r^{)=Id1W0%~}#oQWem|k63xlF@dw5UHgD- zwDmkO+efV>#UCxeM(~a%@r{k+M|>NN08tFzg-pYgC#CK_^)S) z)eDtgh_N9a)mU38c5-TL-LiDk9#ZtM0v5rrvnICLx`RyzL$RatInCJuj9brX2SdOXwtA=|FsQURy6oglh3ma0L5Qb2D>>_@X5(-3 zkH7HAnM3~5@WTIeLI24q=Xx*EH%DV?n;vX%3A!PL-IwkhIHHu^b(JCCk)$%UZrF|D z(j^N|?iVNAi8+cL>8)2s|3F&peRKCJZ>S*_-!KWS;owz3?cJgu+pzM+rJ$ToB0Sqj z(_LYhjztDHpjKk6$l5-3y)C$VX@mZk|Hfk+z52bT1?ADPD}t^{d|PdgJ=il0X9B2~ zN)IE+MrmEZ^xxSL$0ob!%}t>B^(s#c*Hos!y*y*FHrGKccpk(nH4;op$w1bV+vo#X zzSz;=h%Xzq2YH*}xF)O_ouA90%d3~*yZH|-pw8z_6DO?yeQlyPcLANVn;T>msvPl^zYBGkbU@)H_|28vx&f|g~tgez{?#f^96J2xg2N-UX$8L27egz{wh zlW<4j);l1kEz681@F7Teh-tEsZz}PcNH*c(6der=rkTy5QUrt+roGWe$-3aC(nN1i zZQTZ6U5U7MTb_*MLWRDT^yFqZK&kAH&gCF#AySyly+!Yn;P}Ii4iz*ImD5_r z1+2lLBgCfW{oo{9t*bus6*~qdxWblb?BpgBoUC+ZKEV-ZbC0 zMDgW^?MEx?F9W~~ZhC@c8L}$z^hK>q@ zOVa?B8D4`w8y~ok+z$qr=k4b-gC_^`Iwx)Iv0e)cdmyaAy!mksICgY))^c-c1komc zqJ10ug?I^|{BX099b@s??QkxRVW2GObVr|(noI+9b#LBUm*TyA5EF7bOEgOYk0s9f zCZAO@?!2(IH}8ag?_qT3>-ytm8^+gr0Y;o?_S8G~0>|If&E)JEW(Qur%5#u5d~V~T zs9Z+iFLiXh`#3ILNKjo{C*=;D&8?*QiY5Bs@)!ERO6*H5)bQIgz!e_41q$D$q_&Q$ zPISYf4*S>lK#WJ`*m1l1Jy(wg{uw7}3k(c}m0tn(naf(Uj3Ng&ulU`4QH&i1iNG+L zC;Hpq8FAB+EvoK!q&MsX6)7ySrLCiz;ldJeNB~^Hkt1QDj-NL=f&k z!>4!zI`lf2{1&N4b}nMfBvX4vB+(&D9Pk(y9UM?9gP#I4O zu-lk(7MJ&*r6vJynl)^~>iW#n8`d|oDylbUsN2)W{PWNO z5-Qk$X>shN=kV>ZEagH#A?NtyCsuj__C#tE=A*LBK94InBPo_3aoO97ol~m6Jj+m8?3i+h!@WJ3#LmXsX zmkGld>U<~+n*zhfr_0@B$6ncQL#G`st&f!%;%?eFMnafmi>`{-0^2VX*~off*716J z*p1a%A-$N|=`d^-IvYosx+DGGp2&2nOn`4s2N|tQ>K>8zPk6U%FY&i4Z@qv7xvQg3u5CmYFdbhtf0bfgB ziPJ#qPVfiOWK-7`nqRRiB#3utAu&`Jn9 z-tE{dS*BxDK@RRpk9SxSSSBd65OniqPScDAP5M2a=_6^}vY|Oo+E{G{`q6SlnJG}H zNwc}<`B}D}#Ows0)$<{(miAUbMR?^Y$eDEpaz3SnUmE$iajpY~$>%2Z%R9(c-<$NA zswe^sWzeUO8O;-$F5Gh2?1DY^}M+*I54w^I_Df8 zb$?q`{LGmyd4ufl5a*fq!AszmSQL8?XZW9roUPFzBwk?|K>|I7KmIQCi6HNT0^X)o zAc{NRNw5k*pQs!K&u)33REw~l4o^YQpZb@9JNkWh9y~`o52?a7qwyzIC=1{8FKu1a}yZR z7bzXLp@y47ZQDqn)$TJ>t449>e@-B5$ziQrZRAbEsOMFfN@fwmUlmX%Ge zRw5B~m~ynUJ`JS>wtaH-iy|OjDggm|zMt4A#fgJ{`aPeM4GI_%hI(nJCWF&xr=y*I zi~fN2QM~}_$ZcCLVa#>oHT2`an>%xR0{8+qNrNKfm>WLP(kRL$&;VkgqTQ_5)&Dy1 zztbN?$ivQhK%>bO$d=J8wh3V@J~T(i zJrdv>TLCp~jo{MN!@N;oQY|iwo&p~ZJ%M-j5hI5Htz)(V;0H(Vk`owbDc;k3e2a4H%bSY-zv0p%Ll>i!`u)@RE!sPpse~Enl zC2jiu8$nks*Qxp{p8X&FjvPTc-j9W)&JAfQxO~_DYNMS|>Yq|W3wDn;d)_AJc0da- zg?X68Vi~n$$w!XX09S|v_(5#!y2-xPZHSZ-pb?7m$sIuDr~Be7U?fuZXOWpflVy6< zCil-%fEp+k$e%i#N4q~-{cP~))o)W6y)an@d=99Eo@#Re8~0EJ7f0HENFM-MH->m+ zoSFB0RRkUDj5LO&_dZ2@5g8`2%yZ-_@pxB$^XUx$w@agq(5 z(R+Y4B3_~Vng0UF?3<@_GK^pt`*9{Fic$96jx8pqhXIgLdpWwW(5#RfN(*k(=KY)7wD{x!&#(x^l?jM`NC5e(FAey+j zAb%Tx?ub18B#;Rxdfxn(6g@Zo_Z2<=C)^v(G4nr4fc`HOI6<8ObhJGphoxy3w8uV_ znEVvi1tq$KrcaM&Gw`aGO~Gei9f{eSeF~ zN8ChOjQhn0oO%3&FKb`@#j7x-2H{ET((#fa5XKS4gp%`rC3BR0J0A#}w!`y?p~xTFUzyyrrzSI`po{g&M2k#in)0v2n%a z;N2$fQM+-c;$rEoHPc7;ZoH1v4V}%AGxRaTls>#~)VmAr@fwg?9q8jdd8{=qc*ilt zalmocZMCn~b;WB{M9|w>iRfKs)s0G)!5j363H2hfn(MIf59eN5SgO+PTeXx1)p`gz z#r}2LUmfz-6Y_uhUD*2E2fR~X}5cwsfX$p9pFMo$# zCsjv6KLz|;;1-h`27LnH8#`TV%6zS_4Im<;w_%9|wTWT+f;!^9Kbd%5M8CQP&>WMiQkub zknPrWZ0UUdLJ)~iF5|9<)j2EED>>rDZb+{JkXOYu;kji60UrWToU(kxhn5O)>g4?d)cabEmI(*}< z2F=3(uwwXf42c$43mk*TO^VMM#pQ95LuMGOTEn~+O{4{mA~7o34(tPWy<;P)loc3+ zYJa>1QdEmoT|&sZM^s8;2aqD+AOTt{GwNpM+_Jw_3sNLkON5_3GfOC0nv&d>bL>I? za@Ekm`}M3}87d_4E`9hV{e8ufNLq1^WM&{@&-&X<(>swYio5tWP5$3~uMIYDlYGMV zfu+p8n7mATz}!e)gQWE#SChoA7BoT|13v~e32j90?*-uZ!y+7sPYZ})98k-M%>X4v zEGMg{R7d}{XfbUn?p3CqMdqM^2)OM4R1B*;z+;o~)WHGsX&~w?fsJVwl4BK;1ZH2o zA)>}ECWd`#`Uv+WOQ>l0;I06+Z>TIRGM87=Hd4Zggs0TcOzv}f`SJ0sL6+3r3|L|N zH~tFhTD+Uas6OyG1RFghEJ*;>eoB^?YG`JUKEHzK1**qNV*Ef_olE!2Aad@rIkKJK z-YgLW#&iP5SNA~SSZg)AoPYS_Z@oFfelg(qQ3fnj9QbZ|n|F$0SX{e+zWx`Bh^(MS zcDlX`M4wM5mgTGs$~Uq*VWO{iS1;ht6{ShP3{6y{K@P)EK60@{dts%z;QLn}UZ=n=_$~?)IS;zaXm)=I$zc+Z8UufvD83f4 zKw^b!j2oslHwC=mN3vx%Iac?PJzH#Ttz72U#dY_fzyAKKAO5$W0Vl_{iS*1ZwYYR; zr!Oy7@0m5bTgJJR_C2)wCYbNmc8jr8B3lNZ26DAsvsOp`W)Y1`>z|I_sMZo_8uWXD zaw^NF4V)DtrR_pJ*C@v0&i5QvwwCQE$@ih}DvB=k{9|j6x01a5hRP33sy*afv=Ypo0%?mI69&@Rsos9xZRHJa??+g5Uj|*;*e6bT& z)V4e?hP4rg7uQEnY__W<3-1e^kJ$my8N1nPX_^Rp_DkVIe!HBE+cLv=5zFoK;2zSXw&Q@^`uo4m@DzcT*8 zQA1pn*K!rM$ob*(kEinMC>$Ou_V(0PRX)y$NVN?P`Alf$D@0#y2GYlO3RR_ zexh>q`00Uq>oKQ#kwgXW6VKtNhy!0D5mc>g7^vG(Y4twIN`5o-E$v2pL6W*v0j&7( zEiIhMG>h5|co_!WIl2l-`XL8_lbfC!;mH8Hk0B&G3G9gJM~d|2>CuEx?N+$8v(p|t z@Vlos0P^*;`Hm6{*NNJccp}k z>B)}l%u>ut2O*i4eJ{9H5l%exEZHrBb*4P>n1El_z;3wCOlK7 zY(5_AGCed(a|U`YdnTg%F)%LGjW-*Sf^Td|Va_MF*Y!Wd+>M@0-%tK@j&&fe(O z&=hCl_#tU|6~*OAh2p~l{)QdLYIVv{$T15;j1PEo!=~Y?UCY5*0gtoHSXn0*AtW9 zPW0V(W6woV&04M&UhgJpgD8j){$x?1`4xEUsPnef^`c*?g*8mUG6`6FLRhh`(lg&u za6f(L&G^r4)gO1lzSUD8h_94(nNwX$kU{?hqn6)+qK_@)Ft3IULs_VJh~OZ04<_>l zqUY-$kdDP{-1DUNy`A&UExb`l-X};s3Qw^G>*lyi3!dFBb`GBjyRSl)T9Gq{#hKf- zwQK{57?FDz6Q?2BeHHtq0kY#h_W*?kqSk4j!XcIHJ#)v)`VFEO1f@|gZ_`qgK)7u- ziz|9<`6nwGp8~zNXr(FfjqQg*;rZaUd)JwyKFa;L$ja>%pm$UwOwXT6?mYCFFkt@H zC0Q5Vk1fNlYtG@8Un!nbp~spG?X*NFStb*F5YPL_Jp> zJ$@#$siTVK0pv2ZO5W`Zf0JQ$4kH$Sv0wJnWv^8n)?klsBCnglQfOlg5BGGRl$@2H zBoSCS-1N5A3ZlvNXuR}@zR&?%og^AF4_?bLs2mCvxGkX7z13(VUPQmMPzLPbV=@{4t^oY@uiHK@gAr&YRdE( zi9<5o82rE%^Xi#DDS^$S#sUHCD;M7jq>d9h52C;PdWy#TP^d8%<*sFn5#!tJp1+%} zs|*|Q{vJ2l%LRuZ=Q%faH-uo{E|N6i%UbF%^2v?W`tWMs(Lynn4e)U{If;oOZI{*? z2h?hvm2)*ESJuv7fR1VraUM@G9p!mN>GPUhd0#W?Gxb7%opa}brv;4ohSS9lgj|!K z;`Soxl<%5;;N397h&aBa&|)%UlddY>52u>T5xg79yTYRO{=t=V%Uin%_H&yps(GI ztyfn@zmU+8%*6dF06n>w&9iCyQj#+6*>f2hVd@&5buDn*W#wst(RoStzIUG6mg{jv zc^hha{d2vy#yFDJVrCqjzKj>o6vlc^I%#B{5QVs<@_Z&rUAdGk99KmH0-oQ1PpM&4 zv@e>toNAgoX$|#&#VCrh=YF1#rZ!KdiRU`C>?1MkaiqW8G6JqO6eVNx(y*_$UjqB8 z`mlOg#L_!Gl>)L9)y@$gts#&Z~T}p7GjLy zW)Hy(3LN?LKf^3XUNmSbR`$5d__aR}X4@dlFnCtHd zVyShcCAyxWk$CN0D>ctp6S3{SdN@;gV-LnfP}xGz(XfQ*-J|;F&Ov-42a@T^JT|VpJ}TqCD0j2aRPHR=Gb7_0)aCGa2(R%6WJxb8N;Rvj`EWDYU!4r1ET$JA3a#mo&SPr}Bp^ zx&2J@A)|3mQ%q!7Xc;DMxIKh29Hc5uSJZh&r>a2uO&%HkWN&%lvm3+O9i%LDrW>)& z%vCS{XxE}8qf^v~v*HWq=!Cl>t?tjvAV`>%F?uX-Xd}XzGe+aZALqi0-MaSp+L?u} zUe3%4X!}r0G4A`o1L&XQ5x`^ih+i@E!-L#)7JdVp4+meqrCbMY70xZDMxw@=`pm*z z@o56xdyg-40u>eG?Qyn~FWlN9q5GG03v|q97r0L@Kq&$~gs6A`L&e#9=Sp@r={8}U zaN!C{0<}pQUlhk_T5vZU1QqFo%oj8k{lt2v^s}`ThtBO`BtC41{kI|t0CGjn>6Of%O0G63+K_aO#wem0f$Oz=MAI_xCt;q++jky$9(IH z{g#`~+X*51&ml-A#z|vkIzAqDM>hi+CH-;8HO(++caS|wB}4Uv7TEbh<%hR1i^ayQ ztB^QiS-M@6$H7K^Z(i-#uSb=E@pq&jGTv^lkL2;>=%87>6YHw>p?JAz#abeFOw!#= zgdsP>Yt|}JYK>mOd*-Lm8}vClrhOF<#V4c$DU_0RvA&H(H_n3~siqIK`d+X-d-Qxp zR99K#*nHaR9WL&5hI_|at373KWKoD;11n*$bx*S_fj;pJ;14W(^gZoI!~i77k* zQ8RY`kokRq&rN;MYntQ0x`>u(QT7(j9CxE-C=8RtJT>vBcS9|=4jET??jsUA^|?Zn z)=*y=dDztTH|Y%D8Q-hKV}@Hg)tPL(qZ=k_`F@SCB{VCqh3Hb*Bj;w)$=dvl1~MNy zC3Rnlt47hlIc1KTV{Qx=L_X&cu-@uoAHx$dS}n?hixb)0Qzw;Ij8MwMx9J+tRbO?! zGGmrU8xp~s_=0dIBDp?qV3WCK=!Fn9i;QqCSq+PXt9mj_#x6bA;_d?Vi?S(lwW z@nYZa^3TU!f4DH2A^zQeYewB!@4rBUE`S?vPzkKWK3`9!-WB^{b<}(`YwiQ}i2YUFUBBu4~ zEBVj#m0UIM2SUcz(VZ|V#=~ZYWv?5aGVf;z8C>k#)>8?)JHJ1*6s}{JM|tjC>1Ytr-i6#eMX!VRl9FI3s#3nd)G9V3eu46$m^9e8MW_W5_%Y z)5;c}aA!;$%{Ur}Y3dz^=4s}7FdA|mzoc__e=e*TFb zf=y2X{YNx z%9ngOn3}McV2I*)1I!XM=s?>`*4*?IkFr#P@=r&`}h2nh9H zvtEL^p-ygEPR;LMEQw>{c_bi=e3c6H9IsHZs;MJ&dmMdL0>$S>Xn)*D0Xx<6oB!<0 zn;4|5MVCPr=6ng(U2=U_uD_ll^7U#k!ep|SV+yWqz0}K>?YY%Q=lm{@wV-gJ48sYD zBaLUBc)1^i^GuFC7yt=h19pG;geUlLG)>*h8h6z~4-z^jli-7e2AEGG)p1Q~;f&8_ zn%G3EdJ~;ndv)QE>uQ$Xqdp9CL1Au>Bp7XXK`o;A8jABiZ;WseEB!Di&ZFCp^EcYN z-_Is~zRCn$A*Qi}#XP?O4VVkH|Jav26SCVO8o1l>o%@Qz(;wwDUf2hXTr4iN&(jXW z;p9y;;jdK)}Zg3Q65DP~^2p)Q42j-dfkEkTPzZn>Ap!gVNKKrvOmEZNb zUIt&;7jGirdxbgZacYe0vwhq2_}5!Gn_;FN<75bQAw@oRS%z&2y5c z6&5CU1*J1T?T1Oe^p9W`l)EyMMIE?ALHe}K?;aPCNg#8L691KMR@#I>V)GYQ`mV^> zCB9*fQn+`Qf@(O2If2FJyKwvcTj6G}Z}MiS%G{N`&|>}Zy&~{^a<3HAeO~($`AlEK zkCaS%A5;?|f3byx;zIRpf}3t~_>}f6p_hGVZV~~_klPO=U|)DZd;P+HKm*<$Ia?NS z!}@hKT|Aq~Rkw7X>gGf{74y>aumel$=V;l6o*(55 z;)>i5(Fz2jpqD?X@L*aPn|#SJgW`#{fcFacc_B3Rms##Z!iK;+Pd%*~I|DJ>r9CwP zqK(Uogo}*BqW>kk>i_z^`uA#p!LUAIS;fP|PGukKpSKIwFPM2fLBOZSkMaXk09_9yJ0zSlzHP{HLst>hU zSABR^A&E{HEurcx&z-2jZ{)dr<9m-aDahO}N@;AA#K$4;*&%IpYTdt5YeY+GSQJ6% zW-wQ23zu36ots~{Nk(uJWWuPgDcl_Q2RtO$6E!g5ur5u!ewCUY!mFs^r%q?v&tj(z z6II*%?XDLAs`T|Kmz5b7?aaw(^uwlXq-DLwc?7Yd)7{7EPoG_FEiLC}ER53-+#;(2 zA`58}25b8wFLZb>4spT5Da2w6;{;7|G^}yndNGVYzUlCAM-;R6GA@umO7S#5bF7av z8C>sbR6|BW8=-bUyW&*p*7+p|w(exrDQL#L_?*B~SODw(G&Tv*R`XG!7z!QtL_Q}x(_)CnU2-! z=oYUOs)~$@@y@9-bF8Q(>`*Wk^gd{FJD_-x5v{R1lXKx`g8W4ust2#54-4$Lucr-h z0aKgE^09>9oQmWA0-FQNZUA8{y z#P)({j9ikHJ6(W-0@xTlNN54H0Ghaf;vl=HZ?6TGraQwT@*RDcsCNR3?0%oSP$8!s z2Ds#{QK55@_Od-H#CPI8<#&@ES`8`CdPH~Xx@P3L&L)lLnFdP_Pb5m(Na5wW&eGcj zKs2U8?;Wy->!{q{&=nz^37I#2@+)%5ExMB@`s_#_7{W885VfkrSpD?;X(2(ZSCt&o zqZARh8G%a~bIy*<{ivhKt6sO<=9cVxZ$-Gn`td~IXBCyMCoG2F=3sD5OEREu4UZKM z;WH}fyyTX2ZI+hd(zoM07O=}h_YY_;T%dc}WrY|GWJ1fWf#5I`b{yQc~WH*4vQP&_D;{)>ymYKnJkDKRxmZ zE3K0jerpiuqfZyqcI(8xn_y0?f~2D)ZTD-8ubx(vh}+40~KS-$mew-}>AotL67mfhOsN z)+Pb%G7`iGij*=zQfWnNTA|98XyhR3gztyO15$(!i=?hnKb4p&e0CXy3xdw?jvzb^ zF(>g)cpEFW>N<;-e>o~=6JLX`zqv50{yv}Np4QLypxW9>F662P>SG_h_a#wmZXk*z zxSs#zYV8O8&Hl+HngCv7yZXE*l;d4(8s-CiK%f~bRRG0bf6#H+ef`L-mzR^6YAXyc z)z>#5I^-%|LCwR?7(r1Yri{9@l{HC>88b$@AMCv;)>(_L#g=1cNesT-rx&>QW}~IP zy!J@nU zV|WS#mz#D2oZpNy;VqqbBX%e}N*6uxS+X?W^oA7U7nyM0;sD%O3cg{OWkmYDCDdZp z&|TGvT`e)JTG)fsnxxwypL!Puvm8*9J5AF=MG$U6=)x8Ef>9Z3C>*t(*J^kes7%GM z^;m9sF#A!w<5$Y?KIkwjugf#;`U4+&2bK@MFY4_!ac_FU6zYuHa#nV)tiNMhJahr1nSZz=i~K~Zf2CZ)N_vm&{o0{e*STzah2mG(x7vJ;)$ zK*1yM4mJr0!U($9eW|?##zs?COJYw^oL{Dtvu^&m1d?K}2TLRbjwz>Hw1=Oq`CXrn zc04p$<3djfZHS*C#A`KRFeJ{@7w~?52_a zllhi4;<{I_naRM-r7lh!pc4%qNfY|pYjFQN3RpK(j8RBsu4U_=t>%%DHlR&z>% zH?h66DCaL=RRvEUICYc;x&4O036hOHQFmqpew4FO2W`_g($oz~{&j!O`>eLT5rz8@_Esa?;C+sLFp2pV~!Nm=3He0z zeM7StLAxz2#Rc~Z6q|}KlW@)?ye9qjr_UaFUwHgN`z}_S>86FCwD9^~!0z}L1@+SR z;hIK9NqZuVDE&P&ch9Ci@_0Yl*1J9lTMF;>t(s5i;Wz^8W3%r_`{^OjDef$buV}Bu zu6?&2l~ z2Cvg0;CMcLy~Al+@Ntr5FBBs&8!0m{a8NJ$=se0#*6P>xE9SzD-1v}l;;Cs*s6AKx zzKwRzzxdQH=Yw**Gr!Doxwusy6I0=Nk~q(mXj`QF-LgV^LXTDu?g zHIp&BK~?_q8690=sI!PC!!=TT#y{_#@y|5+@bA!OX2Xcr_a+?zQ8ch~zlmj^LmKGv zB_cJ!W!M=O?Rthq<05GPM)-NZesn(5iDhx}WQc)gv>VvNOWljV8kJK3CLJL6_`FC= z=~ViDu}kPOrbFJnUN03Apwsm*l*=!CkVBIrurmq;Un>ZyZRjgD*?Fi(;!WHMU4m1^ zw|Cy*oyUw~gLNZ6lJ~BSKJI+ZmzYbLyI=IrikmT#7Nl`4De4F6{uQLtK zJybLPO{8CPnAz)$T?_~5iK9EN&)>;k)#$Y!CG#7V_x3gR-wh+L@@yysxd*F|4#$hG z?k#40$Ve^;crh-*u-Gh2tlvr5HQ=Qo$AKTs%1z# zSR=dknaa#s+$^@*2?cmBatctxkKHDZe*7x49bi{$y?dvNAtYTqL|vYLYnmX-F_pOO z{nqyBfge7j%7W6NG?Saw)vSJ95=LiN`mql*Y$(PiyP{uakjww>mipwhf-`k~$jwdi zbr}ms46q}gCY(%y6>+{g-z7#&+l~E5t3plO7SA*2xmM= zTL^Ebyq~5KXd$5;Pj4t%-pZ=stIG`!>+9=zOv+{W)_rNzY}{ zcb~ru1aij&^d#zeyjULOj`!SFbH6s(u)mmJ#D#@NV~byT^^Y0n7uxDq%`CVqdy~80 zul>qURT``dh^Ng*Y(sN5u<_p*7Ng^AWc=>C*r+BJ zr>1b=x*dlmlwpny3?1v~Zb#FDZ>>EN!~8nYOu-_1?9`ntA>egkx4F+XHQSU5#dIEP z)Y>64=OPhoaj1uHoz^ARoh|SE2J}xskod)7rORXo(Tc@%&cDz74b+C(V#Ic87JK(P z89E1@xaJ!cbd1MlxRBmg_@4eew*mu?eErfV!_jlE)qc>A#6=i!39lv$i@esR483#x z0wU&Vih+7Ii5gGHuNH=xioN;$YFl2a6pvKzbC;_RwyU{p-8)s6e}sD*A;q;dhk?_rC3b9sHSondj$TD?hTOM`;q8{ zwe3255;~&slYJ)P06KzpjhUhMp7;TH3|a4~81VQSNX32E@C#7!#(qJ!dsrE*k4$Zj z8~yGZ0jwJ)8bAmBwN6U{Pi1_61`7IBry3BJ+TKNa1z;lSTruXZMs}asTDCpn(KIio zFH+PtW__cv06P@jG10Rp`Yg>=XlUyBI1t^Qbt{+zMcgsEa5d)}O@>rqO>Kf(EWkbE zUR83X3-|b(%KfN;JG2O4uxH0SmLv?x?G3zPKrdaq3c(cfh0? z0W0bN#b%p2^)-^GAAmd%Af;^2bVL#ZWP)64h^Z?|>ozA7KeoE!B~z#O-{)^NzRsap zYE&4BaQ9-=+TMM{CQa(z$N0!yO+>#utpu4!B-LBT^y8EZKOP4xjp|n%1S?pt8qOx| zA;}_Fr50KM#)^yR5PNwh~!M&K-mZ%3g;lt?cd-0h|75KDq}I zrsF96gGES8Y<%Gz*efq*B&^u8(i4@=BpW}{jBVJXGtfB7*5Y_lkO+IVH@^R3k>{^ z=uY!UZsg3^yB^ItyP^-aE+2ljL z7nUI0e!STEc#jy03|Jf)NIjC?(wjeFrhB3;2Ufma`2iZ29()D9ws2wIyoF3GISqO< zpWIu3cV{#QoY14<-zr2(2O-I@MRl`xE;UTI^4m-y;yrg39Jl0Wg5g%juf{~z|= z1FEU!Ul+E5h>D_sh!7DGkrDv~krD+J6)A#(q7VTAl`2Rt5fxD>0g)yppcE01-b?5m z0@7=wh7t%ZgtWcyj=ul%zW2N5uJ60&obTN8KkHqt#d2j&W@hi-&dhI~d7fu7!rkSd zl-!9vS8bikqkPgb4UC)j3#{cz)zIuxk`3YRh?bItH{Z}=+Z#y03=Ht~Mf&!+7@u6> z=v{#XJFQt@0Zhh-ocOtWHDVA;T-3-g-O;tYc4UIgx-ixeQU7W#i$C6>` z-|jSK(~jrS{-FqhQi;|TjdPt>FW1!`n2lBhSj6Zjzob8_W0KJ*On|@_U{So>VNku!j%)%EI`B}H0=IjhmSA}_#LF@I1@rSWLXLpDPGis^(4DTD<;9dh zPF78aK3AxEml}7LA1uO_d?&6ndUlHSES~pRk+C3&5v6P!3&GPKj2}C#;*cFmp7%;3 zq#r%JZCldYH+@~l+su8U8}k5gOGSh}a1bl1+gMOiJ+XpyVyK%qIFzghMD{H9>>V;~ z6l`(sXBK)Q zgA;uDdN`7d8vEkMWs2PygNK3z+Qy?(fO zJnTE`i{@)2DDnQ1to@Udf30QCOQS)kEPr$Ll{ZsqjTTCDde&Ipq@d^R6*9Z4srv1n zaPL6sHa7Ugf#9dP?Gx!zcSq`0sK)zrd?fL=5@m4bNo~1nc3j=X2UkGqLGT1xr?hpH zWMV=dGK?4=TXLyG52GN<8YvQj$(&9y*ZE<4@{LJ;+OUqdh#aMYMhqGZ)#5tI4ULj`7Y zn7z;FmjnYyWj`uIEmp3D`Osth%|>6Y7AuU2|0mOqixTAd9${%Z}8`bE9* zy@1S%<4zC@JZ#Ng$#h)i)mAf&$gPLZG=(%`TqerWgnq+OczZ|}KOUGD8DTsn$WIIQ zEqGoP$}as(s!4J0R$3PZ{A}S9zB&ni?=LDt&KmK4cW>eD`^Sy9PE~)s_g%@Sv06(I zJP0noTOASsKB>-@=hpY#kAP<|)CO(x+LM;7g23Kzq`3WNj6wvsS&hoyq5FN)um6LP zW>l$j3?W>hoT)Yagsyrgu$+mYW~I0IBQ`^G`!S?Dg?NBV6hzWju@SG3Zn`CJOq4sQ z$knm#79lRYx+Cq52cjNYn?{zRPBoa&l?#u0=8iq7eSN1t>$Fw8ho$?nx{#hwNxz6_ zN7mdeL%QlX|N8l_U<4D)t=%UMcdys9prfb=1e}go9Gs%RTgSPEdfC-uJN;tXZ9#CO zD7^*Yvk7Y%U2>tUzHL-hqbxQ7;56LlmQdcp7h5{Qc_p=Vbm^JlwB|OuXeJ!?SmYh{ zrL>yhDc46I9mjGlEXIX69f4$Tkuv{p&iZjEXI=;OYJNANrp5l(Q$VWG*ZKs1EhV?Y zi39pRU{~JWJtrch4abPfkl+n6Lx8yF>90-@@T}bx{l;w^OnJV2P2@99a)PKiPB~cK z<^r$x;hXw4$K*B+9W1q|;_^AlCY*lobdplSK3eN$G?;-s^Q~O=FnsLEWDDCT4@f8n zZv>BF{?Kqo-T8fO?Y-97qEA$R_#%jm5Q>_6@NUdWx9kF)uKSn0|`Jx3hynN9=Oj$@3M;w`r|;u84X8u} zs7d{)$oKfed5w=CAC{OrZIR^>Z3Bvn#Xg9Tgo+M%q_1A5je{HOr&3(YS4b_g9=CZS zDnK)mjqk#Jrde?A6Q*w`^0 z25zRUD)?isHXlMQ4BHz^14GHvv^(i7mvElfsjJh-h)TD5IyewEc4xywS>;Ch$=O3R zFR^aIqgs$YlG>s&Cpv0Q2WfZ{qzm|E^mSu(2X>aRn&8h6o+}~(_^646FUk8p(v(Qb zr6D;lAjG9Loy=aMJR|NN9d>8S{>Gx#as@t!i(_FAu^`;iop+y$_jS10+q~p(jMO0aqp`4N}8&t zGk$UHwRa01MR{cK9` zm-e`4JN9}65K+_&f$I!71R_a(hH^tnnB!Izqo-URXZcX79n1mQW#>2A;nKeX6pOMS zqei;koWb_Gv*5LO)ItV{;0GK&!z$EHg{=|)-!z${oxhZfq?hLIqm!jOMNa15;>)B8 zn1GAst50?CiTx@an;(2bKRyD^i5GVK0wHwb&dAvRn5}{*S9j~2GNBx1h7g_ZqxoA> zoP)8Z!O*5}S0C#IX#SGC=~y#Ih?OQ8hCI!p-}Gs*B;tbH_Jq9iww^<%t{9f~A-K-j z3GZ>7Z7mzFGQ~U%*E!Nygrt_tweJTp2&&HX9slwhh31+b`8}y{W@;|E@4nM|^d#J4 z!}qyZ?e0;ZPn=M8V;H{OWcfjJs7ppk^#)Q0ZRG(};^25-rs(`*_ZB&fL9hqm)^yz$ zzQ|`=FJmftp(3zUfni6W$d|_XE^B9Ivk!u6MKN^~jLIV&lSWoUo_zb5|Khdn@m$ z*ws#i`>8~l`vI7td+}U*HmH!YDIr}}F6q$`@VJ%`Zb5)caBd`Myt%%l$nQL!WCqrr zjE+!&-)o!X68(z1l_{zj?W>x|(n=ndxxV+wj2!5!Yz1Ui9eTvt}L(&QnKI$EFT?5AT8`GAM^FRGujCVhg7Rm5f=amOhNUkBX*(MF3_9(dv)5Z zP0qmOt@BT{W+n?~US;RHlJt(pkSXgEX>mO_W9lr6iNL23)AuG=9__@q$97&y*~1aY z`RE2YnXs&bhAn#+XZ^apKHl??S223O)D*(Gd;QfG@MJ>w+m5{QcpbKHLj2maH3eE) zdtKvATl3SnD^84Aaqg+y#@o&4{t-cnewXmva_ zs!~nzjXDQtA{}(^0e+fk*pl2)Ch5NF>Ks}Rmv6i<0C2@pw|dm|mYtYU2WG3MM^MU< z(vM*ehpR~rGVmdLx@s;H^g^CqlV)55*qZ<*O zCr+t2Ieas~A!Jo`gg*F@r|hG;q*E83ARO*@2HL0nJTW;SAFv-g2@U{6W+e>mF zBwD;bgZfvLj8eBz6ef1KS^K_+o%f)^6OTk+RYB%tMID#d2XlF5RT~~hmF6^=5?O_aeFkCs=EJ{f&5+h!R?Yq(rXZjz>_m%ZRsw-6=WK z-(4#LY|h!wys-hRajBgAeDKI1w~6lfyJH@0!)Nsm4(mi7Xz|e*DDomH;ls;UCS%4* zHfL9tzRY#$6^968>ZUP6>r}i2+PLMqRqX9bdL~K&hbK|FK~snf5>=wFQlIyQtXQv^W{Yu=Il=vQAa?DmYlIWRA(-f|iG6l& z@M)`*_%`p=y=`D-CNT5(%u2mTNr zv}UiZrn!@F~lT zWCh814$ZG=|B5KpeLeX`rHcYKDfip=sc(ax(Mhz|2jf26uk0C)zXWIW238io5aU)g zIJ~A7_;kZ$CbJp5RsH+=(;wFAG+F#^T{b`@wfz^iIzTGBofW8b-fjTOSz@$KFG{wB`V=dR*pIi=-Gd_y7XT*Ynrp;FI@ zd{@j>-*eBPM1eeg4>y<<>lUbL)M5{+EV)xwZ+l1{LRh}1Y+J>SG7BXLK2znn)6k{| z0wiI=D|nR+CUB{Oj#O8JAA*O9LMaaA3_o_RRn*jdw50uX+3BZV?ORmF-kLO3Fkcl# zGQs>tl{CgOJ1G2}BJBw?CJx@(z#AI+Kt5OZP~t9QshIL93~TLS*hOc8uN#$f7@HcP z_zM0RakzC7v$|t*`gTxFZ{EttwtjE?+$ol{ks)ek5XLo6FW}dr$&Pvs}L02yrf#^Q=JDSbEquB^! zi^uJ=x=Mb!7;G=asm*J05y+w!!i}}j5f>_! zC*Q6wyoq;Qvv1EOJwp6=4}VxSXAmMKz%|6Qzmw1UR)pGuwrh!#dxH;7675D5X*ul?S+A2tyI!)|h>!-g z5XD(01*IbkV-!jB2))aKzBs2rDXoTGpwu|_gxbF`if=@x(-vx5XP(PkQh4^A@kZ#& z^Ep0gajST*tJIl(?4?k*XhR|3D?%zjC)HKE4P&VNnUmkDQ%Uv&I02vjNQu*{gpikT z^D&RWb+q?dH5!$z>_BH1574%Usq@MDtmI(=d{m7?+&W*u9!OIee9)5r@aWOCWVq*b z_w_OKX?A6@V$up%#z*%dtVYG;DG!KF)2mh|0?s!%cKL(1Xr59PPUcV+Ew+MMuZ4w+ zEs{^)A!GUFR`K43=#%=# zc552^sVV-&V)&~<_zxlVFLyl5zb>SP_P_rRMaT+z%(*Yg#jPQWN4CGjs;uyxv>)udJ9$M&{-qhF0UM!#aWZg2xNlBro zJ@|kRGZkfymH2_+a!2wURm5tt^4_e7QVqqXh#)b1WmI^_%(9My3tqpfk zBE%Td)DFsh}t5~`bfLr$fC;uy|)l@fH`;rg?E^QdbAdHHs0n_-PG1&~tz zV|Ow|ckY86#BM``Z|&Io=8CM{6ANf7gXK)Q>|Q_ngRP}A?spnob_<5m5R$snn6t;E zVNxAsJUNECe#GA7epr<987syoS{u0Bblm)Dd45#ew4cRUZ%EnxfR&;ruE?lf{(8Pn zWibqwuETW?f_@K{V3;=3J> z>htjR!C((De8qCl)1O?GgDi;;==4w2ouA|ScOj9 zG97%E+FBZ$e=Ac#rSntZ(3Z)InPwEI5C|y~aFV_dBBt)y%#*(gN?S ze`mXkivoc|@p{^-ODen=rGfWCe$I=%{ZBJI08gM%I*C(|YxjzM2NTWEKj{pP29k>o zR%pDQgeP;pN7K6-uWRQ_cvoYdJP#GTqw*zb=+k8%FscbUgpDJsr{?if#l>jQAmYpQ z7Ft*-ORUcogkBL=s}~NwWe@qO)&^RgBtTZF`L#G`=wh)5&wARZH6kG+p^rY9_6mDS zw_g?5B75=b=8yp-5I4g9txx|q3FdiJnfGuZ8p9AWxt^O>F7oQ@#H5B~mwLn$yIWyz z0RO1M4fhlKzxPu8eQmIQ5j)|Dhx5gH zU!qPBDz72dk?-znJ(hF+;)*Qx9Hb1=BQzG*4to%LX7Zb#(X$eiMB}NOsqdUuo`^;G zcTZ-9fH3B)#`^46^cf%qnAto11;+4q>`a6wgIwbMS*4ZA-k8(~kd_5X z!abTlJI-3~%QId{M>2Au9V@(q(qg&#Aj737Ox689HO~x0t=FI<6e?%-I_6AP5U@Im z`6e!XxvRkn6`3QXtz4)0d?wT_fI0wd*6}d{7~`J98=CB&cGDQ;Z4z0iwFL-9S(EId zZ9b440ERBQ|8Oj3{vc##04_eqR3ZW#Yxrb0A~^YT4?aRP%NzE}kG%LNGBo%nQq%wc z=RtA8u}oz9)obf#kB7@@9sNTw9$e>lUA((4F}3LI=>9DyUItxDzIo6;e(c9{^(`SH z&rJ1N&OV!+lhRVyvE|)E5xqZ)PF;Ht_3_Vojt{)O{bx}{ZoZR$sb`n`f2k&$t%#Js zTr=u!>Q-kf4~;kFBQZW4mb-a@oLH32jK=QFWLPnk;>IXGt&0jWC}lY3F;;KJg*=~9 z^dO?4#NrE#HhRy5twN>&S!U^6571yln1;j$(sU=Jlc8%~BL5~F~XGE{@SspAN>}Spt zO&7-C3)_YRHxh?IL*{0x#oDl)!IERYQkD~laa*5oyimb+c`UMKk<9UEItR6Jx72B> zemW7gsv)olU_?RLm+}b!?5gXdjO4gy4TH}$8fqy&9{e!U4|*LlSoMcZ!w(OEZGVYV zZMNmDKZE$B>&?Z##QRLfy}!iUC|_9j&!UQZta<-Z53lX6zZBh9`{~M`^(0;SZ`@?) zz*uNk*HFI;xHICqs?KV>3KE5kzwe=LbKXPAA9{4Hv#IJ@sHxeX z9s;|V*;I-(BQyHG@y4hp#k2S-1Q_hm+blGL@(va_2tS0lSWsSaCB5wJfD zjTZTiF5$uB9i=$z?9-ObA^>7tmX*e$`l!=u7^YV=0_EdAWiE7Q!-rvFFYt!lCKYyXkb6k+ z`1h*KeO)2%)fDArA4;UYPDMygx);tO82sKSvw8iZ*GqW~smv`;)LtgI%0eCuojLxeSso2H|66!8{CgwuALUYU@FdgunCAU_ zcjAcwHq4Jt+AsPdj~Vrn2wxcc(`8>uO}gUsu6EA`eo~R&_4&>Wf^l-n@s3kcw5(?z zjF8@UizOf*H{=#Lc`%`GuRA2fXIY1h*smtqlbEOG8PFX1 z$gN++B^1U+eOlvn`a#M5>O5iF7q;rmVlP7d1BCntf#*;AfNe($gq$IWah*{z{QlrhFETzO zW7M0r?oR&#V|FTRm47>qBp-+otFsm$SCnam%^#T@Z)o-zd!t%>&hS`S{#Z`XQ|rvT zla}80A@}>noa8*e?|Ky3j3Opk|1ipwx-yvpqyUznF{LA}ZFDl{qDwR&$0W?{u&!|7 zxjmTzYJ+irXa10z#?_n>iyE;Lv-$1=`iZl-pH>eS_3u_+Tw2 z38=-Ac*HzMDJrTWB9$^hwx{idT@XSi8IPG9$JUtEI9EH#tDe(Ls8l-+K1LAE!fIVY2P}vc*P&x7a&B9RP){q!hy4$9zokYfWml=`JEr` zA><0V2`7Qr{wbujw#K`g-d4|aE{Xa#WnfSfX3VA(y`~3GD~}?q^3068RpRXDS^soUyKW6HJn2_nDOD&- z@yr8HZ|_D`+A;~QL_z*a7!b~Ul7U1=>4vJ56weEG8~An19HJYQq`sf~aqSsKUD+O)fulneQ~RT#-ydH3@D69JNy2585gb38a&82HuSUYE&S zLQ%_ZF)=5wk zD2q%*rN_Dh1S)3Dsslef{;=ZF5@H4#b71*;QFOS9R*_SLwC{TXgPr(LVOIy?@8%`C zG4+CR*Iz2_MP!;-bjsh$G`iO7E3?8o@MN=8w)n_Uv{8ZX6TW%%!(&f2pO9OG*%EGi zH;_u2ukzki`|C@Jbz5#X_kQ!cEm+KD>Xtg5+AHCI_{HfGqk@oc+bP0(NM{-O9@G1` z>xvqt^XfVORDC@j_XcB-b<}Ljx2dPSYTx#a_@627UhbX`SKo6n{K2md(D%P_J>p|j z;rMpz*AMA;IMXgTz-pGYYjx5M_sMLz<5=)i_zwHhf2mIO4i8hXAhQVLv!PFSZ)mg! zmq6%nT%o$kOF?{xZ%*RVN_vEL?ybjMXxWdQIF}rQw(TUyH#VlM*>6t903LU0*=QrG z=BjGbh>wM?u5HlEV1J*DSET&*Mq#k{cWn) z-!`=n)~Ui}nuNO@cg1k*T=FNf%Jy)w+RZan(RFW$tRU21woCjwc>g(X)I)x5_@kem zv+|cOmp*^^uAXmyrT4)xH)P9O@{OsLE4ySC2)HvR!Bwd*J$h;-H*Dr{9}ZBVoPpW+ z=_yn4IgJ#HZ~`hFzyqYFO@$4$Hx=2-d>e#hV1-h75Po^n|9Rtc_hzNTSoalw?5>=L zmB+?WdM!ewKI?P6-_y?F&w#hX?H}T6uhK{qs@0|Qt9)vf%x17C832enC^OhP)5?Ur zK^SHD1%kEme%LLK`wP%}hH7J%`+>EJTK~pApX07CsX#3qoeE_TRHa@$bB^iLIcW&Z zt5fD1$eBy@0D>hAU9jj1>qezQd@DHuX#~~A>`$j4SAzo=GoC0|3+bDM$LbxGo^Co{ z{pqS#@NkvzEweuKhyIUeyu(n1+h_bA&cpSDsSihOeukWqq1$g@z=-_bwiT@w)+oN< z@|t{UxnLH8g#Z%Pd!rj=Uch|jb@dH4Y8;_P=Hq4vNTWix;#L5s-DQcn6x~fFxLO3g z7OPJQ;x->0*o-|DBYpB&G-9Ic0vH>_*b}seHNx8Ku*TOFq!n}6gj&so+T74U&=Tzf z2ZY8h&oJWFT$d1!G&AC=E5=pP#xLvN;hqVcKXIcC0;=VhRx~tu&(UTZSh_+nF5=P| zrWmXHWAYByK1KmbOjlag2GU(vMBxTrI$cMcpRV=x#T>mC);oNIeMiiV3d_rrbvrsa z51jGF(#-pC%1zg6KBJUl+dqae*A^9z{!sj$6C(rsY=?y1$#4BpIQwn?x&naFhgg zpO-@v8XjOxO!dPg@71_wdU!_kCx;*_Jp^;ZFt9#!29d5H1;58Oy{$pquY4-PsbbxI(YD+)bFa&ux+(HNa(aTN!i=- zB1gndzA*az-1Sk>{vf2C2lEeofa7$$#1{ly8uuJ{{aIQGMZP3G93+{W5=XW*oGQFH zGym>u5BujWC35$bo=)?Aj(5v$90>!P!5$>uWJJ;$Q%z*_vX|H>bb}#6Gd*uv8Gq{* z%~xBl1v1xW?rqnAXnc-6Yy{SqG5giVt(!Dm9vA#AH%2 zz~HbBP_I)g1I%Xu^NXGsFK#8Vcx_ZXg?(e+W;&PSpk49knJcz8IZSuI=N+K_`sC4p zwkIzY!Q=c*Bg$Yza2i-}sV@5>uPf`;+lh!I_9xTT$I=GR^&IIe9dRCi^`KDT-VR(M zM+$gFHl$<@bw4gsPjR*8bz+3q(I$(sXqvi5l)i{1ctt+y$hH$t2IH`_W08xN^DMbN zwvMU~@v<&OHA>CA={@XFzgw71AXG%ME(4e18(VVa&BJqS4|3GrR$rak#VJF@FtXG+ z&rS03Y)hB<`JP8@kNk0syR3%_Jysh&BjWzMY&&jeguLGVt2jMt5sUNL$SZ1oySgw(x5{qZLBim1{}onG z7p&Arx&8N4+l@D4EfO5{ALH~d2WRisN9m)SzzTbTC8n_blmqvuVGX*miQ2E2mANkxwgMCzp<{p@7vF zY@iP6Fh{X-h|&fkmY8C5Y>SndHk(n-$xpuq9-Ltr=mpa8C^|6@H<409$^kbJ47&5H zae)DZ&oFTK5HhEU*O&63&JIti>O2aWoD3jp1d5P1{k9T_lQN&V=$B_4qoZoYqR3(( zzMMvvqrV^_=s6Vv=Di?_fd*wLTPYgE4Ci<433bmFe!O(>qC-o|HKrk$cI4Y+Mp0f{ z#KxZ3n_8M@$*iR9R=LXs{u&d+Z4>+P3sEP#=Y_Lqm;2o9;Ia#>TP3bm!@LN`wRdVW}X8Hfo z>)q1~Eb&F&iw@yM6@>LY4f#uvsw{2H|BXtk5Wi?al4xU==KQ{9+{N4r8_=}-f zHW|K*wjbgvJKi(Sy)AiY5uyD~Om`~lQrk|6yyrKReUGE|nn6`3|L0VFgQ-vdNrKi# zRx4V7Yb8Cd2sI72d{BvXZfTsZC;m9k2m85LM~i*aX?CF8S?+0uc4zAb>obtYf{CfC6`3??_%@$1=I;Uu9q4}Nf1AgzXEpwkZ@zbXMf#F@w zl3UZC;kPfpj65d1)kF4QFv%6g~%gGb^Q}o)ks=@aq z-?MogzqDLIeto+Geo1Xxhe4aOUqOh#9ch}{l@o3p+}sX@X5S?;{6@YycJZA)Uac7t z@*S}mErS1U^lb5e|#AZelHljUfADV$+971Ti>?0j|i*H!DM-1ZKBtH3WdCVlRDvP-J zLujhDe;Ggb&6$;+_m=>`3?GE=MQ&_sz!vbG$>su9vw+pbFdbEkUiORGc_oMq=7hlO zJf0uohe-N;yWT19-Nkx#j2loCmI1R1cRwnYKykA4ZZ%wQvrzF47o==7ih3lP-ToD0 zqxv@5rvMdtKk<(*hM_c5z6IyeN*(JlY^(^rWKG0_D1+?=Mfw|^3@@4N{{14@vf4;W3G=Y?WWOgXjlQc_&}d@V zd4}KqfXoB*vnz^%DH9_pYkWF@Y9H8+_L1l>fH(A`vj(x9n-{#}ii+^GApBc0LxPg! zSkYr~u03HBh40KP+}5~`6Mj;d>><|_U^SqotrY^ok~9Fjp;p78rl zo~EwF-+R5fxQM_qu??C2zB;PRv;DFR3=vh?ku^!BpjPm%OlklhmNAILGHXoAH)AlM z^VErXJivp5}68M+u(_4$)_`tEvN zZDu<&HI8F&J{24&yqi|VW~%+1vZYqfYs;NeZyYx8L@3DJs9e~HQr!sX-Ae)?3haXT zo-aD7tH2}cJ^s~Mc8Wt=DpPS?rTgv_2#LQ$df&R`nD2WJX@A7PvgV9t7^+7}U+vf( za=Lo3{28(W*-&9IUA89s1`9yWJCc3c^!k3ryq3ntqqYxeIBO;W`o)-gx;CIE{Ws%> ziktJifNHL(D|@|^f?s>)E?$4VFnJUlMlyoLnda&3a#|bP`}uc^Y5cqrwCQ`!OlZ}A zjuCSUvr?oAWM*TSZK_El+gx5zHe#@*BLr1sCJd48+5*tq;Y7b(NW@9UylfqgF+}~y z1OlwLQnkL(Pm`|oIe zUH06FmQ9qQ;u%EyF`rd9U{SoX#0j%gjt8MgPc8Z*7+u3+czRMi7&S_e9hcp9oMr*P z5R_#PBDswHPX~yT^nx-Iku?s`gGQ|)$o}nL=z(QP8v^3n_AsDxRQEz_Q3%ZB8n#*t zJToGi2Re+&iSD>I5}Et!DYMeD0aa_O*W=REa5}m?#FwLc{&w}@L;)Q3*<#j2^RB9F zMxO@ni;G|P3hfrLWDaeHfvlhV;MrWmYmHm>C@~vRr;ONB2zxk&K7B9tuX#I%?MB_w zz;CP((BNj{%62?#Sm~@+mKPDuy~(zs!M!2py1j!$#}%V*F63r>y}TToj-TYZ#TeOi zqNmvh%DMx*#=&a~83-zPp%0(B(eVK`q;y7=T4z!f;@^MPL#xwd?dl79Aq7LF+?Tpm z)^0cSmRMT^2*mM)pSU9CFrT$CL`1Y!LAQqOlkGhBYqw@ijH^vqV!Cd}9#1M@)q&JJ zdg1zv1NOMzR8SNh-!jyNTGZL^){&84XkT=v*@pN0I?ww-$L7Vk7n~A1z1tKP`mc96 z#&m>crCfSxYPesTIECj9+dJJv=)w2EmTnJ?-5`98OsQsjWqhePI}enU$pgzT1bch} z)(U130O74Fy$#P?-q={ffL^B9$QGUEi{2XH!<7_VLzMt8HawIF#G7o#;s4b4Zj=q`n_jkU3MeR9Q!zg zV6>REtJW{MgEU|T79fjaS$kcY>lidcM79t2p_r!x7r4@|xVkt|IkNw@02@Z0vF z&}!ptH`*bHBn`VMQ%8iBBA)4%?0t|AO8B_-;!Ussl3YGO5M~(BYXsN?gIZE?aUy1P z2}cw?K=(FpbXh^rU$qk{?!bYgiJD&_c4B8D*$Kg7MH$UF#d z^0||}F1?i64AYfSGPyUxdoLM++e3XdZ!E`JG<^>PCllgnd8JWIf4dVdc-?u4c<6~W z$~uU1gz)DstmEgf!wT=6fPu=WHH{9zs*1#~S#ERio^{O4-C4gA`75uk(>I5|d#c|; zuB>C4szgP*QF7wttPKAbFl70#149J}Bq|;2CajJmH@zB2w{ymv4|S8gqWBrkGt8ek zSS7uVp*_I51vHhZS~9OiOk1zwhVEhIb1W>GN4o~ouuZ*8v2<%qXmbvD<^7@eCDb!o zW{e`LP+DN|oF|bt8W0fEnX#m0SzUAr<$q^=DA;%g(D|U}KqIXq8GVznh%QMRr#1?L z7`MjM>8Ul~cLJ+3epZgj?Ks*S7I`h!c!m+4bSQSswF9q+>QaE}l@gWiviI))n(Hm! zI|6FDe8WDPNCANhI1FT|VUY0*pTr}9Yd*Lx&Ny&oEOv_Q@!HB;^T7$>`_-Yx+Q$To zgxeL#8Uyd{;ls{QHN@Qpf7UrNd^OV3W@5LamwTWoXbw?$D+SEvaT|^ToaAxrDdZmL zTJV`LRdVBPx1kiEW5WHRk=8lFQHR&j>uHFTnr?ZrD=%()_tS5Rgcl-hNjgj!p7_Ev zY@VA?l!1P`BKuL(liu^_wB>v)W?cPRRsN@^9g079$<67bZu+I#&XXkL*;9INJ9TW; zh`NrUnV(j+)kj&aD4&51YCPJE0jCb6J*fOR^7-8S=XKc2sNNdn0N1zq+6QL>7%G;J z`vd1nJ760;s*<7W>Sx#+2YwIIag`eZwx=`Sk4V2QAq>Fsz!WfF_U*T2O@r2N{8ECa z_0BR4U5{{|qwC~-5PdaL43+6d{jX&-SY?E!6jZ@>@!UifJePs0OJ0o5jYF`u1Z98nJ1l*Cm1cX6PGT%>ziudcqiJU<_&c-3#bTX+ z4yqCbMi8tK(J$h00?$#9*F8(Hx0p0iWp%~cPlf_>0!=L(><<_mJy3j=K!+`4Q`+uA!;&H@ z#Me5sjjBY*;%Q*@+=zeVejW55aNNJC;6kM%1{dv0Go8 zid(-vzb$dGXZ2!@+RYf~gQ8_e(bM~fSVbi3^7$_wcHx8@e*U}2-_Pamm*M~0kK|MF zSm;)6UO8i%8}WWtkE~k6w!Nsx;5;pgtC7oX{mF@TX_vMpqZ65_bO1J z8I{D|;RXKME6<>BFEfrJfds&M2{C!!N#Zq~nK!0|=Xq%ATsMNkF)6?P6iot35Vd~j znBdDXLAcPz6>4^b!rdFf$GR?Yb_>r=1h9+t`6VCP#x0nCM)0L{rJJsq@!yyKek}j( zUI)G#p1nV$V2b5BKZ+;Qr#jhnop$DOq68*oKW7$91jUdSdAtBSoaig1@Ifc}5aW~J zLXqjlZDEaQ@vEtTGBQ2*7poPh9a}cd-q`EWx(+RIiJLwbs)z68y-$Dkdl}Dk7)~~$ z!ArFs)kr&m=)ml2yNt4oZT=t#w=!2vL&_SReTlNHUEUFJ%vD>-IwI+r6VL`RU~oC^ zg}A0Bse`B0UTVkqtMI&+9_IB>IAzpzfV+(r??mVFubM)58ckh3D8duIJeu(JipI75 z7sw~UFw}4QaMI@#KzTdqq(-hNi^Q7-ZM3pr+Brnm!F-u(8rLC`?k{pNV9wuZbMp^u z!G3**?VcaE4ps^rDwy5Hp_V$v!T?!g(q)~_hGT*jG_=*v(Wz^Nmw&a!0!^6n>-YsF z+1$c{$H_x{ZL{=GM+(wwv3m?|JZsbMo*8emX?Z34lEWlV3w~Yo|^8O&KwoNPQucX{57ThbQ^g86C zLf~INXW{gD;3NP2+_P_F{vVuHh%`mqueNRU%o~hbq%d2IdRgSrx;!=Fu0qf7U!ot;LP!{;M;QNOjU4smC4uQBX1nOg&UbdC@^m5 zXm&v84q{jnuu8}{#8`A7KlYPl`p+HvdfWD^L<+P}UJ(c;Kdv|Jhy_`%Y6sOk^I-?_ z?De9|Tkp$OE<76l9`zfBA^?+pM>F&xZrLB}<$Dqkm$f2#-u0HVQsK&lsXjB?pCc$n z?I>zlkl&GAP)A=y$}gC(I$rXNv-(X=?Vp!b`d^aj`gf=PshP_Em%?Xp4cd#s>)EMa zPSRwLxa+kQa=xgLS3!x^M9P{mPhON{I7E}z?)+%RmZyjpeANBU9Yf1|bXnCB)B`_TrzJO@ z73Z5baP*y>a2jFT_l`Ty=cxN9?iBk~-0;?ag|s^A`1E?V7i&nnhY!wH-IW4fJ$(W; zqQK&f{xL^)z!vxy2tvIozZj++_yJyJS&kV%1fq|AZRqNPc(E*=zWKlWNrwseQ~~NE zsAf)ncU|)2(@`-Aeq_=9t=*J##Qa$4^NZPOJ=RyxYTw*a@%uwdW?OBkH77g&E5FY+ z)BCAkBDOpg-j+f#L_K6=Alk9~j~0HzsNb|-JPb|DxHi zXHH`xY7i!?2l=Z#RohM99y{bb_y+|t^xR^G{herwcWu1~Z>4cv-s)&oc-rINNbr29 zeGtN(A#S9{@sps`_M7{kHWEir|D(M#4~M$l8@MF9ETs~%Z;vE|}iH>2nDJm*~Rd9U}J=bYy~SN?Ea=Dy9` ze)DrL-|y%98NG0B*!j25-*@4ZZr`t{#%BPuL3^Iuk&g6wtc@pb7I2lRGqCgYI;V(a z;0!Eb*9&q|$*`S90A0GJ01`Sj0E|&=^BryfDe=i(on1_nKeCZVnW+b4-6Cik9cZg8 zgBb#&Iv5XFuD~|ULdhN4M1CRDw`yP(4mx!GJDsQtA39b(#8pB|`NWWmiXsx~PF(#l zFOpY##6K0cpU?B^dgJ{RjHjI^Op$n}u9sGJXx-}9z~4gZKu-lN&ESW5k>|Qcr260) zW&0th6WU+G6LG7-a^u6vEU~xeMkJiYeb0LFZ#69fquR>pJs94a9!9$l)`G{(vj_>2 zJcRh=(a#(Ct)FvG?iS!#B}Ed5YB&;s7M`=;YrD?>9P=O}Ans9>f7sM^<|-VCm&F$d zQI4c`Eb87SQjO1Hk`a?s6%K7qA?mVmuo0reod0}W1jFZPe9OCPv)Lo{B z6ko~Js)dx`8n|e@gsrM9u%Fb25)ocO?)9SAmyO^y)+=z|c%8XDt+5s5diw$9m%Ig1 z?ci-ImLff6-FqZU%-XGlwNMs5wS9$I44P>YCz#&)fzWz#)O?PyN-*o7C?V8O_%=v6 z1)c57XtxbJLfIMJ@NyGyKvWLVzu=m}?R)>R+{NtGpoK~}gH|)$Tw*nTJ9iuo&_A!H z&-utdJJ0u@huZ#Rfa8Duf{do}IKnT7i`s;Jv$*p>jlkIHiYC0GCe{0u);m6DoVBgD z*m=HPxY_ath|fJDc}?nI>;}pjMg+>@;IC)<;S+9p>~?GJU))rcdHG|9DXEA>v_^FO z_olrTj*I<(>b-=>G8)xwx92+y8Q`VekrVZ(rzerKbDgNz$nzS!WsFQ3SWPU%20dYa zvpiz)566&(@a@raPaAj_-^0felXTt|RMtXR0M<_G!l|s!70oR>OyMX-qkiL)o3~K& z_~KkT@`#Mw3Bv)QgZtPH0@mqkL?vMoO2mAuSITfY>v(&<(5)@?_V;o@q+@{mouXZH zr;i^k&(jOG6eK3{B(MUQ#yX`gY)>D3mgAE6 zcSNgQJ7q^23Nz`lZ1|a4j%wnJuiVa+lu51@b^Bt!8$!+J);>Qi5M#{O3}cfHr(uA@gQ%Nbrw(61sNT(LmN3qRaglH$!LxjJtHg@RqD3* zkF|Dcl=rJdZNO_2M_%GPh@@=30);lB2mBY963BK@qtuN6*@azC?Sp>_jx?qBX*%Pi zUF)~k*1?9%+|axAJ$32f7uuA&_+bl=jw{kQ4OViSsCJvEwvjYz;qpMiwI=?}kqGif zChY`{$o*>%6emeT3`^|5Mo?swkeYn7e$bww)7?ifG6@4VWexHv#C;psysgkq8gU7b zn-5jv)1WO}OLaaw&oVY#q~!^t*$hV1N4c%^{hC$)K7};2UNPi8`4Dpuje2_Y(2LPR zGtXZ{DreX>9S-vz@>tWSRcHO00Kc=$C5)@o-A5D?qOq75vR$}4EW%S z8H6djikv3#HjzU1v0-vld(8=m(Kj>oE}3k+-y}y&DNf|*9{HZO4Z8q%x%7jT{i4n- z(w1&kmz)#*bqLrbeK+|Hy9r-Ep7K`E0LDemEs)qEDD{08F@C&4^z82V*MDVqGzqI9 zc=u#z7iiwzewrv)9VS!RWI(V9K#>N%8hz-h;)ul4>IWb0 z8VeFz%%X8+*sDUm)OD2o2DQ|aiWV9n^G}yljGE^MVnPj!*Qo{!PS2?THZ*zLPRA>K zYt-~(Nhcv2y)}A-h{6DLW?W?+QQL01=Oe$WX&yd9HibyUe53taj%LyB8&vq#wHc_S zGVk{gP&P;cOXG&K1`|Xn= zepmb2*Kcrxx><=imFGvz;_!lx1fN&6M0cdk4J4HIj>Dh7Q0u%2aDm)~lc1D=-fzwZ z)D`c8Yv7|K&w6(ssjSf}{vOO#6rKYyS$i-06@l9!n zdJeFUkJeb&pB#^TtX33rqNWQQ%9{fs5?$E#F}OYbaviw8-*A1Jj(VL2E3k3M@zFy< z@C@3z)ix$>0`ur46;>cjbo1qaXkos+o^#n(GM981w4u9U!=U#uvGB2;wxF=`!Q*~g#fy@>4(Lo< zzJfi~EKKU!XO;z9Z~Y>ZiCdxb&f%^rQ~F&nACYgp7~W80zQEPb%>W9`+YIU z2zh2Pu#cf;BdezrFfs|N(u!;Wy&ev?I4!txyGfc#jJ>Lvm?>}MB~UOOupFV~q^$`~ z6u$Vg%g^ib^Je(p{gY^#EOn4jMI`@ZUbsnq0zCwZ>Q7B89V_hV@DE>VbbbWern?lf zEc4L1wxM4Evz;r9%y`)Iq2LQ9>s`u6$X@{QCW92c2gXLSJ?Xtl@`sB7>LMWS?1&X3 z9Ne0K_lx?(c&V;yCg5Z|5aNgZGddco*V>^hqCQO-zKYovZ)2yBH*IPsp$|bY!n>A! zIX(3|j;8nbkj!r(oaz1V=dQQScG{EN=1anGyl$PXj)|W^n1$jnZw_XTa`51$^?P+j z$(N{0N=6T5j=*>alq=~+#ALTzwR|{=%icqnOVBe&0z^C|0;P_OfFDz9^SuaJ_=?93 zq*(ztLof4Aj(b(fk6Ao(p??FdvEVfLTuyuf-?a`0==wg}MZ^@YFPv+Z%aMI?o&L74 ztAT&;0OKn7Fucuo+uJUFxY;Y9PyNig+48+e587U?>AdFFz_;~I6;5N@B&zB{WV|Qs zEl!eM@mYS@^0MTCqC!^Sfn25D)`RqFg)~2#e_odVy4ykVYVpX+FFc{^s)s#&;@P%H z9Eub?J~}m8=N`&S^MCSpRlreA$dN_f1A7)vnmK<&k4D17z(qMzsQ`_g_ZjK(#sbVcwI8b6eVNQmrchbqI6o1;CK zCs^HZ=rj=B&Is7qlCO+{y*fzEtaU#fvl4hv&@zP^g?x6HC8t$vWi5|YO`UyetCd<| zLc#t}^;5QK=9)b6?KdFn+gy80o{+^BKfadT+>bIB$ITo|KiEy6ZosrUERvT%_L?A6 zT3eu;3pC$ydaSt8=vx+`l+{99wNcxp8Kr)U7vEb!HLIxYs2hzuapsFK@I=uLZ0zhz zd_RIUR*Q(O(vKALuoi4$?fn=EJy_A8@AKGYccL;ad-0k2-&M60*1T}OFJ>s%slPV{ z=J4G~_AgVl{U5NG|IvE(FXDGLqzBD#SB17e^TA>mYf*h{A(V<26N%n0qVkf?K$O?WMjV>@9yLR0n3#M@dmO-9$iSRL5|=`Ag>6~R%VonS(*X&V2k62 zLCyw#BM(%uJftPV1%BhKAaW|nfQvT2#;FizxYHPO?sy(ZS_1_d7-Jl~TcM6eX|D(~ zXF$o}-9?66E#^F~LBUCD)mLLADmxeo+x&&~DaD2$6&PT$@$U8yZO5_{f1@q~k_#E| zd4h@&?4+;#{ll4Kog1L;L}PNLQ>rZfC=c#-XK%YvGU6$y4 zksp??N4Eqx!`NJQh#27V(uHpcXIIGG%e;Kr@hRYN#6>?q#CRVbwS5io{N9wghZA>= z_6*AjmT;ORdkCvR0lo(DcUT!H?UJ9%Y5!w?qUWm*{`7BA9Mn=79~6Y(=67m{(gYK>5SRhf4}|e zKM#leq-FjYKU#I2>?d?y&W29Hc@F;b`9u-cnq_h!=Y_xetANa|)9g!8~qd#b^ zOe&L%%-p!b;9BTDf5@11e6zAp3%f37FyNwZW+0zveb$mYIqJSSz{3XsMrY1>#IwY}h71hjnhMLx$~-EBE5&dSvY%q1X~S`aY8 z$X?9O|BuE1*79`|y>=ttE1M>BA++-OY;L zmjR38`h7;(@eZBFa?U1*-W-(3mRTdN=ztM;PwGo{W%uAMb3=P=g2`xyY|usrdWR-q z5Y_ksiFV;V?xey?9fp?<1=&yv-6^aUy#;ugg(a>}>NLCb*7)MMH)4hJ(tt2$Ynb!0 zE%%wOx08s096L3)xMYktz;GaAQKc!Y=w&#mMf~+zgOs*0yemENaWKha%RH11Ei%#k zvUEAhVjglKH4rN?N<437x+M1d@tpGyFzWo*|!Z47m zhe#$;?8thcWy+9l=os)KJ#?;r0EXKKN62CgOgpC68U)zBppVGzP~Hpn)dkocRk`l>33!ZXH0=70t%^eJl?@KX&Xv*z#2dw z+=d72AUK3{<$U(ez70^(Jqj7ju9hSr=@3|xhS5$-9T8)iC>~ObJiHuVk8iTGW*fb- zw11;m$az}Wn)0eYM8WiL-n~)Nz2%3CN9@TQLB>eepi_!4Iy9$lxQ+Z0DT>ATnw~4{$)7_d*(=MR3Dk62*dTaX5onie4zN@e!1F+(8QoNo*6wfDRp zgJbNZ`_@u&Hu1`-^^lCQhHr%@;uJOUuO5Fr2?gT(l!@#W?8MEMMGDZ0+76>N(Gf>E nf#)a21`KW&HkvhK+wl~W@~oB6EUek&y20?gk~KMWh=Pq`SKpknZjV5n;)tySw{;eB=B6kF)1+ z_SxM#=AM~*=9+6lRFtGqkqMDuU|>*XWhB&KVBjDyFtBZiuYe~rYj@v)f3S{f(qb^> zzle8XV8~%)B}6scj1Dqhx~b0)^)C~>>7nN`*QwqA`}v=-`Z$DN{O_Yq zDL5vu9sEE8+ds4XGbJA60p;I`|9M1&RGD0lNxanU2Ca`(Nw(?;~3f2BQhI zr>7^bKW}Eg@7Xj@CRT%j3#uq%H(c%YTXU;Kt@!KLZ{NNdmZP=l=OABO56C|32+;R?kGpGdW-Ia+^|M5Wtn!ZN=}j-(P|d<=J|S| z((34Z0}G3B6PBj04`0ToTI%&xzW*nkU?kXSk#qPeO-Wrgs&tWPz%Lf0KjVP1% zuRf5(iT2+ZeJg7CK_VRtg|gorA@0AQg45A*-)eQw#;?xq335;_DZu9x_P|4RttqNU zp_(!I&v610qGGcnjQF&i+owg5ZKzQ@H<)A}W(p_h<%M>Hf|zYD5s(eW7bw%(#~tWd zIr@*p{o%zrKeClc!p58YRrOgw?q9+F zlIo;kD?{8ZINvrdTHDkdoTC|CS0snO@TfR=i5wkdEK#hhLL2S8ZT0RSB?uOW(+aba zl)1k+2x(tha^TT83PqX~5vjP2RVzTAu;lQMZwuh2fp$jQfB4UyD5>9vB`502oMUft zz+0-@o^2Ry9M9}u`qzraysU$ilA_1|qsx9h*p+e$uE!J9mKGu+FAp#G(S+GZ$+20n zSP`woouKN45Z%iKcG-V7033>hR40RKj#ddT!{}J7BNppTAur!y`p7`u$A9KuDS~Ih zgAgaUOj2(+=t^{AWPtI-evFMSKFZ znM%C;U-g#|>!f6BbLk6B5cl$)uTI|D9-KqEi6Gjp@fuAf@QMzrsQ^V~{VN7jj7k}W z8e=FMUYPU;1h`n7{Gp8bxV~BvoiEt`RYYK0W0}Ggojz7RCIKQIWdRU%oz3{FVN@v4v`W z#+a%_>RUX$x)fhr2n76Lilt)(n!>KcH9t#m^wa&E)%3_fI75k>&&6X!E9GAgZ|B@{O%|n33{WXs#qHoHP)2@3oFV5zIFJoyEBmk4&AWmeb>32em&C$ zB3G2^dViPiXe#SDvraZlDwl0=>eLU4vNU~#6dmX1fhe*VI#tS&qbljmJX)n}$@?pv zs?QXp50^<8bNp~{CkJ!vPM>DbdJs^*g1n84mQU9mR#rq?<^-f730`n>b6*@U&XcN# zoO9_Y4Dg=m?4Aq-;b(3UO{d)&{CM9-PH8n0ig%!|ng1occ@TlBqx_wxZ$Ha~-tSLN zk7v$*o5E)XHt+T6x3xRJVG{%eRXaWzQsA)|w}ooj%!uJ*QEE9J6scN5THVu250)#8 z^Q;$}>5_$ox5iQfB^Wf*FXS_#c|I+d5h;=JnT7xCaKFd%!KQit2v$5H5+Xj-tHW9+ z*xL`2*Dim*4OVm^SkA_zlJJD>c>I`jwbmR1jUc==Zuj6!rh+&q3fcN%_El1T9YtPd zg}Xi&3b4>+P|LM6VAA37w^PdZ#oL|^J$nT#V;B11}-KHT6iWb2<~t~ zi*|()Nz_fGg8gC>b{hf;hU(7HdOrcI_vF6A&5kMs==c?aY1hvbN;#7G&BGQ~%jx>J z%tr0unBNe>f-9Lu`h!2)UOmrW9qzDOVxS$(y+E(yLkSzMv!+l?<+!n1uIL4U(_-O!cv%TVA=C3|*8&98`ozx<5~B2PlH zknd^k$?FE|X_U+TNzC1)AKJxm2^5sAUQ-M=j~Cdf+@HcjO#1_LHw(uyS1*O15m$?6 z$rKm^7CNF_pP$0)9k;?YP}DE(M_4)}z!mMt5H87|aWsmd`o0hTzXUx^X0}ELlW3Kb z`O@k?^*stdOJtD>hG)ec-*)u`nJ5^0od#+uQ%h#ii#^<59S&ZOa`$^y7N=E93SV#cIj7m_Ak-|O)SbwmcEK*Z z)KwTD=9VPTpR%dnyxZLG)|P}Twj9b`d!EMA&--bi)a&h(y7flC56`7OoVxrDsiS;2 z%WARPaDBA1o(Z(v1E1{IgHfrYpiIo(pJ#TucFK2Bvptq48iuzsT}9<`xX4&a!Yd#U z&FlD4!0Sduq5$x2{?3frYxfVgeL6#TB5TU0x`oPFq>T8?97evE*ULNnmeG}pDiqI` z!;)dq%yxR~2H%|d!cWe7R!s+bEhJy#_fNQ=Q{L2Au;}<%)mRYaP0GEfFz%2-VqvM$ zRjbmwsW4>hFR%sW%kWDsynPG$b&pE$6}HV&Ja2sE@&1~}`HG3_O)2qH7(UUtT*Dz0 zw^$wAn{EXOSHOF#{|fr^b|8b_=;5Rp{NEmiOHjF9nIqAs^+o$Uu4KMV zyP@OYz#(aC!*tq-4(8b&jYH6PJ-{$=gQRlaTrc~MSDQ+w^SYves?|Zt%e9rr+K5ooc3{Q?Pr#dLAfm#M<4a6yzsGMM80}F{ZR{IKGJS}rFFM!^oKpvrJFNB6X%=JcO%_pbov2dG_b)x(kGFWb zQdFZN_ykXSsnaTSZrRPRu)DD`XYmD27OUl0&DT@PmEI%(tM{+g{E;ov?nP;$REQai z`mMj!bzjR&CX3YY{sQx>aO*Sgk3y^KrM8{v!YIoi_yfT*E`??R58dpfR}6K8ToOYj zeXL&wF&-X9Sl)c7?4%ptM<)|{-!~@w8n4#sbe~B#cLR`|wf^A|^X#KaWi~|M0Z0Li z8TdLwuzD+_>oX{p2@*w0JVqs*^kVaoy`r&%Nq`uFhYGe33nKUGb?Dbf0yeP|qiU0v z{fe1P64a7ovbAay{yLQ!#fZ1byLvN`By6^wFdUzzK(NOad1H$poa&Su2VB9f| zIZOp^$l+WAx}nD<*6T|5Lp_|^RfL##6)t&FVon`yw^$o&O6hc%d(%GxGYwmiPo>ic ztkg|c$_+8m_;TuTJo{5OM?_O3t`J^|X1pbW)>~3M^l8XA#nNTH^ASkpu!J#xL4Nx^ z440XSvUQQ)xjXvlQIxmXabt|-s7wWnl6ZH&ULhT&Qsw22Y1OcGLQp_fUCy1NENT7U@1e!I&z}4|U7nQUGVOwC$#}E|ktx(ED`ZWcF z=y+yTF^Q<5BhkP!_KL+ySPL{VseTlKpY;ycOM-4wr34=#6q~+UTpU}sNBo#|U|TZZ zr%QY}?NYi@oY06~XpsM1UPPj?#c1f><(~J|dm=78HT@0hA zQnGm10-f8lth}wIB}#5C_x_=Bu|m2}h8;%4PhzCUgN>GF8<;anWCFo7cF>jKI-514 z>Sem7va$?qgXxOJ#?z4z?ed>%gSF0+xM2v=1!e2~b$PU`=0EdSoS!<}fWSKwcjiz2 zdiv-72BUr}VAPh1yStRk=l066v|FDpJH4;BqZ~CX(5nk5Ov;@Co9I-`yjGPhq&}MK zAQP90KsH67sBmb5*2REiv0{A6wJ!Ihl$FzAC)p~f1-$8{~m#{ds3&|0XvfWa%O;wbd-JyGK0eDUuLMu;Hbx^A=@#7KFIeu zVN=fu(INY+-Z-#r12Jqek9YHFHW5~T{HN%E&(l9s`X0>?Lc&K1INA8bBNWqPV?v9HG zT^Y8297T~1R={4_i9DvsDc#868ciL~bugtUlC>ojbXPOmRw*Tje|2;*SF?74dv`p1 zxlhR-6xF~Db=jrNZH@mL1rMt8zUqESL0Sy|5}w=K%XqK5y&-)U}iNm7B z^z#k9c@|1=MBJ8~hC%SR2_X^<@$til+cRFTNUKy@$!XZnpY$1@`{gY0qO!e3PX^2V zrGFi0#fG-+HIy%R#|=cOg2m=$_d%q3AK6IIe>cek0ri0tkYm)=u|Gd{!rIQY8%mfa zsFgceaoA1DpOgn%-%&y|6RF)^gG46W zEvwT{)}UMGWPWF~tE1U(cB1^m9~G|NAcpLUF1=teXm&eA@T?uM`wPlhi}f1`vwFGZ z`}|1DHEli^-Ia@2-6WYUa}@OZH!DJOuUQpN3la&2c#IvhgScO>lfT#PgX_`KA(k`& zQR`3mv6+DEEWto$u?zWz(s^Q1UO`r$e&wpO_e(Q@?{^od2cHzt%+xK!r)_m}u6~nC z4&%gJaa)`*+3K{x2CCAh*~U%JYD)^uV) zs+(rT+63yvNrgSlwrESRY;t!v-_YoD%l9jT@7un1`TFiUt=sh#iS>gHHi?H*XaYjB zZdw0e!Zv?+3Lmo;wBvk$q}FEkmHl!n62u4mGexDqg_FY)3X@7q`k{O@mFERNm;JzT zAzJTn@>eYfyG^J#I1B_b3LZI&}$6p@2kOgIC-Eb%B`}Q zJ456udY}qTqW7op>5=&?3VwW3^?R(?ly_1bOCw&he6 z=N;Oi#X=TqpFI{D0%?8PsA=voe7=LDxN8<^J$d!K;IM4)RkeEn{un5^jG&aV-1H91 zS~1HY2>=$hsXI-e?lZs2sR|(!yD)^q31zk`wKfQ7lW#(H^`=V53@Y8KG@m>9e&dvq zhEje<<-Qw#F2h8QANmF_YY@8oWjP5`b$%mjf_3_b@#{^7MCsKv$!I3sck2)LuIF83 z+)tgM#*Z;V;vOYU63*hI@1|7RKA~QaF5tgtzJ6i%6c*tV2~R4OrPNlreIsOcv*(Dc z6xypy#Q(CxZuYBx`?v8@MaR?In^jYX!!yp(xvMb4Ek2hbvT~#5ug?73&;mhyqN<=| z8rU+4OvOHSBvV5CLq_ubxZO8B$1JP|s47oJD!H?*x^vTkoA=2ga1@;;eEv*MP7oA6 zFC8;xUIH9YbzI{Y3bw^|&64*WNZ7=*isHnuw5o~&Txr3mVF7Sd3hC zsvJsE{N_K+O3#hM-rhHe9_Db((@JV_moNEM8*NIM&14qHorYRYG}H54?}g4DSX@sV zz8SZFuAOu&Pre+2;BLLKldS^gJ|d;bjn7xO<@q5gWG%#jr=54M<Vvf4Z-$oU^=Xf(LX|~O|@B~z-n53k`J5ivF4<`RBH0^ljy=p6Q5=5WbqEG0v@oqs1IrHLzR=QVmV0jTwS&-7ML?>vLpF z!!hOZ_3iIUNz=(v?Gd_2t5&Lebc8wCB9)A}k?pRxWkfh^-W$UX#QbhJ``TqM>|W)+ zvs*>!;$fCEi?LEac68f+C7ER^FA|hhQ=AR9(JSNn)Y<#e>*yO2tN$BpK)PR}mG})h ztm1A0zQ`ug>tdP9Cw$euJzE1wYBRT7A4xU{d4Jwp5jDHpW7N+4!BZP(OZsFpQxD*@ zNd4R-i@D!xd{vx3z=qhfDT;Ax?rHp9f_zVbv-@c?@q>Q4Tqi;+1NtYw5rb(so`xNY zr5$+Kb(HkxTM2-tPgvo<{@vs*O_85)CSKJo#shYcH+?vG>^N5CGe!ze6B0E;$q{CJ zR55cOi-a){@Px%VY;)PQPQF4j6tGsXZ*W?|VoDZLzG-LFtO$67y$>uB^16K!ORLO$ zmskJ&lEB2pUB)TyMoTV;<}iAFp7;%$4-OrXOofY}L~lCs==xS&TCR6>n?fqPq(pX0 z!!AR=9C64<7RB{=nZ4@=W7S@c2<0J$iCRT=4x4#OH5)~zv6#0rKwKZd-*6Nx0Qp!d zlPl{n9wrY<;zLTql3_-1s#&aIw69!&>*NA3vf7{4U6y<&Y^VU#?TNjV7MW6OJSm!0IP! z6Mj$j${ii!Yg+4S^LxW&C-)KVQi(3gK#8>Y`(~LC${lVm7$3tLSmB6Na-pmm6H>V( zmTy3k`DR-p4UgSolxa)5UF~If8XK%JNGV)z(>mL_%-X~>j}lyrIvo4Xr#}F3{Hf86 zOR=x^td*XAe@$H^4SVwYGA17=_GdVtFr|nW(hj{GOw&f(U2d=+=r~?p z-`IulxSWBsD)bS~1j}{X4J1ko%c9%NJ1ajldhe>iD;JiGYGOi!zP*yAaZl;v*d>$G z-?p*4E8DpX38{=KJsgDZcxP{p23F;kTrh)}oxkDjnxQJ^B4^-=Y8UqcE;B{5pYd$n zwV8t6-+xduT1>ev?~bs+(N(N>J#htOA>~OtC%U%o!M2&^mapjM)qH*7H3p_?0Q5%T=0Z}3@GEWAk3p5VLh44&1hHY zQC|?x&c7K4H!+&3-Q^u;4vCA(!BI`Sv@lcDaFeWGa6Njz?Nvo!wY!h+Q_>DnA%$Kxw^$KzlWt_ zHE{3Q%h%BinhYgrc}an*K0d#Vo_&RkONbm|i4^*3snB&#!=R4gp=Esr5<=BfL+knq z74uE7%Ue$!+jH>)06eZLpp7~C!;n#uHyfL{a1;Ytg z-QLH)1m8eCS$$FkWhGJ*#FlpZrw9>C21=4DdPlmqmVLuM!=OwR9+1y-+hND-i{GOo zvmLXSc8vPc&fS&9Ci^_>sGf|AOJ`8_L{b)6wO_RKl3MF)XC9lvm5Y+=;U+~Zi3s@a zV(oF-g-%e*=T;{r&E6_$MKNku5WXdwV$|;cs#|k1A4zgTAi(oe{dc)0BMK2KOb(f_ z$#}K-Y@J0^W0ZtT30UzDjBh#_6v;&!bp;?!lD@*Xw_W0o&lkoN*T<&6x&vqNaRMyH zGDA*l?dGsHN8&NPf2DIr*&_Ep4XtO;n@ZUNNqBKj$ga3_)Y`%Ax!A?_NE$vaqXbI( zgqy`%9X}fjA$y@On`=xa&`cW)AF3oyU5qt-1r~$0H+^!rQ8)u^b^1~- zSIk^l!I(pRvhdi{hCTdvI(@9?_IvG{;310#NU7}3av2K{05Tkq z)?!ANLuh)K+gd`xNj2hqTJNtVAgK|37C55?7w*O&*{@8-7NXM?HKC)y$4l+FF38n- z(HY$aIfGocox4KSS<#l-01V&_{mk1qBa$xg1rEoY*5-A_u#5{vwU2=J1J0D3CZ6fe zL`%sagP0?<$vh}H{@&gwV%hbuuhv1mSI~)7zDljH_jGfErBJN?O*7tSFP3JGW3%w; zhF$2dZjcdnuc5G=6(*W-C@1FD#G7S~Vde4bhlO~w^QJF{TaGh9ZRr*xp8u0Y6-cYC%Gf}xn} z5Sb-FAg@)9avtz2g-bCUQX9=$IGRKY_afuks{Zo^lBB|bgh*PhMz7P+L(}V9l*3~@ zZLTQ4!oF$Ks1e8y$sYggv+khVn>w@-5%E4RQfvwQp-@p>wTzn@JFm{ zVXopRrKOBO@3p>j{GFxdFdmrilr=axc1A5BJ8HbYC3b_3b{AT|6%pwYu-g%DDW*_y zAuuoRM12i>{k>R@K+=*5l;Ki@L#SSSR?tUwywGeaaH%@SB$EX(pd0pHQNWnUckXF7 z>@dCB(CvmO1_n6f;YIu|wR1EZj@9*&A|f6@B_iq%QY1Y{6`t;`u;E62jVjqU^dw4u zHwZB-{9qWKDbU}&T$HTs$i=3}uI0l*$53XQ8qOr97-K7a<}={c*Z2~M)fJE=Sir^| zSCbnf_{kW(7rj=H%J;i!4>~RN7-Q~^+fr!gQHb>+*oDe@R%u+A2jtwJ7O}p1tX7+U zt$JSTJ7LmRvPITAJs*1`Y>rIlVK@ZAF5`E`a<9Fx!~uM*=;hH zCzrKGS?KBu1WKDkrootJN9HB=Aap9z?_-5!s<&2q8Y&*G-uy0&5B9+&VO9`Z#A%6a zDt$Ky>IVn+Mg(1IOLkI8vpfb3mJ4yZc7?lwIctwLqgKla-;1xZ-E*UF6$2iA4ePbL?ucs(<(%pv~ zMDQ$J@r>!1S4z8u+@@f_<7m_>^E)JnyJ880{<-;Lm!@?pbSfO0y~B0eyv{Jd5ivv1 z#}T1l<*71F1j*{D5Op${-+Z3fM0y8{PYa~SX8tW#dx1RzQPMWfv-LLk9+$@~4@01E z#jr0C2c(AlE+~!>0y7M%p`olw!|BSPwf&&@k~aYoIl(udNcc^5{9ya*Ws3mVA9J3|_VcMUDJ3VV`FS>Ka5=}^$!+c-0aBj0ez2xN zsFk)35#NIu1RB9pY0;s|8mDqux)uVqOC{od$zYQ4q})-0RK`=140g_4My>YzJr-jp z!x3RZTU)nz`_4Z=gj|n}f;M~5X^}?p^Zn7HWnXQzuKjMSdy$DuL7@QCyz8;ln9n1t z>z&hNv1-o^N{nmsmqTdx-sxh)awq_70-*b!l3HMN*-R-xfA|{;uW8}uGx>nLwuEpZ zs#oYz+b&t`$SR=Sl^CkzcaAjW1}!wU6gZ<`8Az03n#s^YQ+BNnKpwy(qEjrR9zY}R zoYAcgc9B_7=l{b9xZQ3CY9MQA2-=tsFoN7H5E2R@elJR+4YQi}5v1dLx)@S-P?3uT z$=cfV1|H{%>*I~;?QmpTK?+!LhhsuMsz-5p78>4&ZWUAO06?S_B_v;!YHna&UxL@L zDZWHcGkBD-P)RZcv&VOoFr1JZ%~U!V=_-aka29M-H1}CVa}}23@Yi+375KA$+X4ofd>wq1Pjh*?%|fwF_;k_z%(7|l;q4Jfbzejz=uom6oJ9L zRi-(CpJkCI*V%(Lyw6S=nR@|sPyv0K6^}o4{yOVvFE*1E5pL}$1!1oXM6yedyi1B7 zn@jj_g5MR$A$=gyb$`6$9JC}9(j*DleP4#h&uxd*eS17pF`CIIGc$Pqu$g3>dboWy zRg$gvJ>E!}zE(G;+B^Dlp_q^j6o$YD#p!SeQb;M6A!NvhIR{Rkx;@`y*Plrs^~Qqi zLJIgB-=CTY$t`pTnzPwa(3OA0hPA+j4Cg4RJkoEluSu?t<&|9G zd1pt>QT_=N77OyN6~U;{>2wVpZ*he@L4oTrv;rm}uV2<62!E^Y7fr--lpS>Y#zmovUN^dLMr!H$Cv@etTPD^Iw=3+I@7LCRlQX&AE zj*310tOfUr0gSseoCyc*ARnnNG|@(~Kg`Bgv#77;*+1`F{|Hy5_=nh1A{CL4(AEmA zPOcyO!em@0=T`6y4ldd-uSz*@A+!%(M&Z6f*Kzf0oMabM=6fa$5S#ba#;(Y4W2M{S zwgQJivR@k_PfIcl+N!$x1T6DvjoS&0gr^|e0vh&brawHPJNfRvX+l@J0#GlVDy_FM zhu_Xf97FWsK;Y|_ukMZ)+U^~FM4892$k|W_{hb~-LaZW{q{G4)bwoR(M|+|UFtrx8 zK5Htzyri88N{%XC{MJ|7^OgWT7-=>T5K-z<`T6E(i}^r*#3z^C1R~J^Qo-KwRUp$b zCv;Ho>%9nXa?E%lJL2gF1eJ-voZ0sK{AUO|aYm%g4f7INTYgjMV^?~%mP9SnNPBI3 z3<>|y+Q?6cDIBwWrwN-Pe_Y*6MGF&RrcO72MndcBv~nTw-K7A@0SGhG>`+e)6*>b% z+T@(SihmV<$Pi>8@lnMk$9%tUTe0pN`MWz&{E>{+bqeWMYwIgNI*^?Az(dG5InXP9k zGKFFDUy`Ft<*J@|HZ;`vz8o);B4qiCAz?Ty3RgM114h6u3G^N)Z;gHd^p8608$2gH z9^^{@2yKz?Wt-boE8M)$!NBCwTl!p1@L|6b#L5j*aa>O}_QAkVLycTcHl?uCzeH-? z^e+7LQK3^8NrwqM^qe4U+%5);r<;^Ipa_rRV-<-qcj}P6lLnAx=Ks)XLN(G7wONc` zrtRU*FzM3A4N6z4|^i5nk9=trm88l7TKii-WPwP0Ojy&Xb zbref8sx12bT@%9AQlRL$daPaHWnd`5=%t8mqe?l&1U|gIaL`vEfBLf)+-H1yvG8Zf zb<9~Mzeub?Q^;J6C4W!Rkw&C;UYzHW}RVMmrnxvMIPOoj=MM{WN0d+{1e9hG=R{sD|k=yC-HHg&Vms`3t zOmJEuR-1>ZH6EbSpkCaMHdqNC!-5!@=*Im2Oj4>DO9yA;IksS}#A--i#2oy9=|kXRcmm)i}!A_DKt|MPW&C_hCL zJT%`!sm0>THo3Q8?yp=IpS|_cO*7k1B25|pTCwE zDFV=A6~A$B{JH?;yz}i3*BK+(N9=S%iB$IEBKnogt-KKj79;v7@9y5WqwD&hdyYsF z15<##nU_c6VD6^y*NX2kgR44Kn8;p?+mT=+~xIS$H|$7P8GD7Jn^V`6+u+Vrbves-itu7~bhzeN3fq~8+I&(|^K z#DCtOl~iE7i8obKj5;gRElb_`iw-?iq7jndhcuPt)=+Tz$!{gn+1sbCn%8Srltbf4CpBFe0;H5 z;H`k<*~Z8Hxn^dZvRdgXjY=V(I}IXD-{xqHuz=&u679D?EOr+Zp4F-@G8=zLk4c+( zrwDOpZVq>ij*jM;Rhi^^3}I0VJqOZ_AQa%xOASo9HIe;U8Vq)@Fx(b=4eu&I8Sm}D z1eNYSUs!Bz??_cF$d6k=o=~o1>ZYOsot$OGc5k|AI(+QLwYfNiBK7)b7#uqO z*1`93&} zW zfk&J_5z)e&R5irr2R2zZXKSUFz$7>~)qCpK38>#ToC$2&A9ef}rB_1E@5`xt>;^vB z^I*$ebtGoAq_DYhS+brkrY z3C~b~1N^K4mu|r~jW4BEGL;9CwWb(3gV9awhym>)z?7j1a*yvi5gqb`_QHt0wNozB z(uS*4j?IU9v@MZ{2+78#s(fXXjRo7(L18ycvacqsFKuD!4$RMgTXLLVcs$lbM@OqB zM$Rl<=7#byb|>F)(3X=J@<{hFyi-+NvH|Gx=Jvl9j2?i>2+6ZeC)FR8h9uG(r4YeE z!D<5`5NM;4 z`p}9aRj-=qI2shfh4&vz;;2#f=gYgOa^?GCL^Geo_j@mT} z)Nq0EU*?tARP4uuSg5Zmc=MW0&gn@J7t|*vJI+|J9WLw-L6&fUl-c~qdgiGX z78h&eVlN7rMobSeGc-%4%3vN)R-7#@Ew>QRNn0b(TBY)=Zt3;f^(tn3J)fT*=V>mn zf#unFv^}}Y$jH!tOEx+!eoW`fDED$Y)cdly(nVSd*)=&_z8z#D8V|9sh~(4nUaD1c zQ?+}KH%ObOCqGfOKLBM(F;z~J{)diTE&`}}TqiXf$;b6fy|N>?_W(tutyb^Q0Mg`h zz35uJ)aJRJ`ObWJex}^;eoPH*+3Q?!@AvQD-CbQ>(o9vJmK>>()l4ieqm2t8hMITd zmK?%^)m}=8n{O#7C{R&MJOur4fECsktg~6Mv@nefIrEX&^=sHt3B$gL1;%Ab;Qcs~ zc<7lRr^(8};S@*B@&ddb%(PdUpRfLfwI$WO2U-_g>T_dX9ACpTd-Z{(`*a>HZ1-k! ztd0GzZUzw)#G)zd(4G1hzolY9p?DUF=C{%?nslK|BVUdH^+BNNhUh1nW2KrnW`kri zfUQ-37MF>Ct6vYgK3?|4pZi^HKB5I9Qhk4YoCWBxp>W7PW;Ih33KEiT@j{+$Y&^&+ z->9N+&`Awu6C}I$ey0T-s|_@)cqhpfcoa-or$IQYzk%cvZOQ$lV9tEb)Uy&nRv$tE z&%?N;Q>InODKTP0a3=t0o?aZ6(T^!>3h;7=uX26to=02zHUOTk5x>$++z$!}c)-JT z!5SN%W6KRyI0w%MJN3M_q_!?oD{f8JMtQ>e?5D4*z~4!Eg7Nol-O2SwnPB}s#Vjo9 z6++6mFegB61F?gzDv?CQv8Ilf+T<@chT?o-q941Z6E}rms#RO~G9p`l<^s;)S61(d zPll4KcA3_3c0@q!scJ09p_U^71lWt_#CcOo3wIo77vIq|FPsWE$qWT3*z%e)LusZj z8Wq&Z`s#-m>7m$ne7}sGoE$|BhJ;eJVjl#REp@rJ0T{~%-klW;z*eL%A>W%q@eu$E z8?F|(e|o(4m5@#g$ZU#x?tX0x8FX^8J99oo8Aobs5B2*fdPt}YB)~H|(wQ&+G$4_S zVzHWa?YvxR2g#0^>pmI5p3;vDyoJfEy;ZK#if+^>)>sbu{#_^*WQD!?gGL!(5v9~B zX9~=T5pbe(pZC&+4YJF|z8bDJP%MOuKH>O-6$2QZ_!co-U9U$0ufUC2G7mdBzJIw4 zoX7LKx}0%K!r^KKA`02oIKM|OgXY$1zKo+H(V{GB)$%Fpdq5_xNgyjB@A8>_n}rTv zVRHMWR@tRicR;^3>0!3KLO<=J2-_`yls0=3B3fR6Tv#XbjDS2A%fWZlFt zpa&`)HkwDj-qu~%PUwJ1R!td39~fB>XkW@rq#R!z;muIeR>&K#<-SRa`l0ay3YaGg zDy6HiUnp=udo1lYCRs)m9oSe{YU*WL>Y$X|ZZlk~1Ul8+9^i95-NZCN|4P{x^l#NO zmd$mK@UgJoeG@tdcz-uHr>5R=5z?5OfYl#t7*AVra0|B~+D`8}i6;bK(asN(mubnb z&FP>#?xB*!zlc^UgtTP~L%<`zq-&##Ew09Z;LriVrROZI1N|M%`s?W2;hM8zHw2Lx z7PFJmqeR%IK@J9W!zO&?GLFK)g%0BRbEjM-830Sw@TdpLNCo-mv4$G7w6sKVrt9&c-J3r8iQ;4C8$Pd{Ps@lE#{@O<|4G zD??+eWdnMTR6Q?npYoJF+zXTni4=UfLcS~KTGrE}Mo5Wc+Vd4j+A3+3Ou51wOzk=? z0)J_8v9*9d`v_P;Et@J1An_$D=wRcydTRScEGR)Co=)}X1flcI9)r;rOg3Pj-?d5( zD{NK59}`wdnJ7BHLb2o`jf47X*DEliqJaaZ1t>gxS9re`7c;odsBhz|sKP#A8);`K zNq1|8b`x^uPJP`l6dks*d(w-bxskld&JS$&dEbA)hAMP)gg z$Vqxft3=0N$AdxJ=+&x0BVDBoVOV0y| z{C=RYiG|v?k>blzCK>Yp<$EO+$3*l2y}Tl+9)O`W9V$KicQl!W1afh8%>s_$2jE=* zmIs?`%3DkJHPHmQI+-dFuQS5e&(*Nm!jd_t15w%>h{svN=DU`r$iUs9p5GL(>(3fr z{VV#Gs=7`lU#o;)Hg-}xar0;VX-_^S(i({Xc+o?BMx$Y)rJNwE)h&

    !kU*Fa3_Exo-%jYIq;`x&AV&jt7poI}Pw&O2{_)9g zEDD^Vp>Ov=9zU%y5c`qvlxLl}Tzc>-+abEs-dQen)32%%&D(iJ^+2klB9hG2dC|kl zfkSJ3%)t$*!z$R{2t4F{foB0x!Cr(J#G?Fp6Yt_zW(~Q-A%tuA{jxL52ehv z4@P4bK^GiR9SQgtjv=kf5v+JL3vkq`2zMUe!d^!)Ge#v{hp5ANGfkWR3 zt+3@v6MqyMz?7@u^a4^B^EG(vs!Nj%F>g*0#9VttWsc3a-g4SJUBW$gbvBlBh4aO` zR{E{beYR`O&3nR2l4o>Plje1wFqf}~1-`XN(;#@UpaA|jh=E)6HE9+om<04AUEM+t-JgRPFz^k}Nzn+O;sQ(1?qlO#)~{|s78dgNyMEX$ zP965_-#}7rs8xT4jVuTlNmTYMU#kglmA}MHd;Zh_?kxX>LicFA%7#LW+Of?l4-(WU zf?cT+n>3Z{wHWBe`=-V)hUT!Cvbn|QWYk8Rg50X&<~ZfaeSOkMJe}8XX&=`S`6K;# zb)Dimlc8iT*LHA1b6w*`kMqF-2>tYf-Bm*;SnngU`0|;TMIfz1aMg1?-p2pN@WJAO z%ec0`{!HQT*=XpA<{ntKKHkMgXJ2~6<*nC#i8F)^JV!ks~$39aB{m92p@#WRce?lO}jn0E1$6sxk{#p*xj!-TPF?sL5?omYRs@e%qr;`>n9wO9gk_ zR{KZ=NJ2cS;LW9#mwer1Oc6Xdw7w`9dmtP|+2eh1ZKF+18CI|`o_D@d z^)<)m*5tspK$WM0dwxov8&1Xi;;rF&xM3St$78?7} zrY11>LvPoyiOegm72+d9OSp7Y*Q(|zP{Nyxkq7=At1+^iIY zF1KHOj;MOnIZi;gOavl-DKB)2=$23ZM!7I3NLIqLi{q}s;}(fP-*Z~;V!JzR>3j%V zm_M*xqCDHp7EK3B_5*yz&2EYz9sweq$dCmw<`AKds0(ZT%xz6}ObH6O{MLIy0GSXU zaHl2Y>$4AKy$`@xvEu#ap@gxSh}R7d!e3HS0f333HA@qxIB7)AQOMBPhLke>P~^l? z%;3L>NlHE4r(ezKR_&ZA8Z|S~Q1zI#{)w8|H_P$TXum}z(EZe9nVuk!Tj94g^kyV( zW3R%+#O98v%-g2kC++pKOAqFlp>4oUFlr>`a$t2zXXk`u&n_!&eNLy01?yUstL`iM zR^nDoJN#-dSRx3Sb)(i@m{>DYG7~u@cAduxBD1DeZ|KpT0D$ay+XB~22rSmu0$H@k zV0931GGvR1jdI}t3QuX?0UHHt+_uFN&VJmwx zse%S1(LGA#j<$!>ar8rNCj18_xhb!|B&1Wby~SH<%R)opC`WHfs{;0tl*_o*v13Sv zL%UP`A{yh8D}(KLSamJvls=;ZbR7pEa#x{l$FwUy<`0i}kGFyFlYlTXfeNLsVon|JfvCuxkXnGh{sQ;XE* z$k&IWPNxfL*JN(T?oWK+B0d>$wvv5H^Uc9PFi@0&@;?w0V_?#>w_qz^h)Mzn2kkfc z*a{#VD)m?BK;k||S;hvGgezn?60+IxT7;A&F~PwekZ-jlzFszI%gmF*1m<)#hwI{%zG52{mHDFKAY$qmt&uBXS!X_!i56#~)*$Z1dWyDiruf!ip-3$Kp#f#|Re^C?JZkmhs%D2_f1|S`^ zV<>+t|DM-@s%;bJT*!9#0Y%v=;1wl$1O{JhT_hqWi9rOCTk59Ae?&kIv^PKPVIJ;G z-w$c3mDYWjspJUd#byFHfw>qR-Et7P=Q_oG2=W%P#Y})k=yC@L5!R1|IqE?1ZW@05 z7V!IVcgA8o^6791gh}Kr$DSa#pjYd|E!mE3aIcd>1sXe8J%?A1pI{K~p+J*phDk!G zRo?>>z@zWhe}G^wm0EDvLo|FqXMVSu!VdrM6PW($cwL2_(<8+LuCnLN7J1Km1odUb z-CuQ2TWc0aMg(_(m*C}%y%9%2J2L$f+Oi$e;9sOlVZ|6l%InVN0smqKtV*L;mycp}dbkno}Gw+5JTC)ZbnH2(f3b?IE&$1tv!N^tChr+C8ji zzK)%bOg+y60^@Epe9ufJB_-#l_HU5OZ<_}DF$Ql;4*~-1P%@eZT^vN69jbVRSrEeh zUty6ol7d9$IFF@hBW^9tTstQT6x(r1F)%dqpOHM;64$UuQ$%Ut z0(Gn-2#@df6v5Nq1gvx7CVpg|7Pd9{Q+z^y5GD+W#ZNjvGVrZf-I3>Om7rW*M$`!(ej^A1U3Goi4(C%kAAq`*{RI(z3~Ldh15GfIk55V z0HUbVYoa7EXD_JJ`^iQC0<7qYd;0_q7d{ETmV`mc^8gjOE{P1TN0Er%U6OXxd*%TR zI#e-%gB6~<4w*{ZPndVx)nLdgp~GMI--&cb>AWyW06U;q$yD>PY5_P`NVQpVWz>=w zp?1O-!Avd%%b+uAnvMlfQk)D71IgMFspIG447>1lkx`@gK{`oRa|3FfA}lAVDMCyZx6_XEdM{r*3`@(@n%(ezjen zOtuHvo_y_M8sagXYa1z;kZI!W=p&;}+dbH#&3u$vsW5!WwR7Q9V{kvTQ<3Bql_U8F z>$&O6rs_AMM)=SoFF{94_W@rO`1tujQtX&pL{h*}O8fH(Fs%$_FfF63O;yw!MFGSJ zk`KEdE&W{|g%gO#Y<2}P8Y(4vTj(j0fc0XNGewlC{;6bV3h%JDC zHx2rC0LRtosr^NEqJgp!Q<=Z)}L|Z)^xa zUUl>zWXcX70{Wxbp?{r5Hz=%AuL3xF$`PIWSkO9&ZWbuoT4@B*R5|h6g)c+vISws49RPf@ z(EdJJ74_&KKL=#gBt7$AJn`H`bfaUnOP{PX_#*1^H)SbBvdbL(-pLKcpy48|oY8Qzq;+y@+~`WJZLb^yBV@IkB`RyP&w zXm@PwW00kQNr8Z{Fr%8ow%myX8Xm8Nx++Kp{hN?Wxc3;)J=2E018OH+#KDJy_l3m@ zk*;Zb8*3Pt&ummJPfYh?3^yGvcuo!w-83{bx(?f{&HJpa73koA5sCg0pt@xiFqP-= zIzS+R4=DXP;-c=M4U`-aY~KZmUv<8lBzJt_n|CWens{-#VCV+xlVfpB5q=d&D7ci; z@&@8pH?O+-~w;>3Ap5l3$RN>urnB@AzLPcBRpYmK%C1%Zyd*q}zDQWs{E4vOGqI}*UKvhuS#rvIN;N|Iw5 zHGATM?&Y!oAps4CLZcsY(kaAJG`OzZby{q(y`~^1PYWaTC7yzdm1#B;M|!UNFHzcfVn^bVSCjNxaSS6+)g3VzXAU)1aWj*A2}u2hnq$A6!; zoPrT}_L5V#Qa_qf#Pi4Dd!C4>s6WbhX`eA0(j;HJpuzq%5~o?9lRDRh{EKL;Qg5PVY7xST!(=Ds_Cdy1m)I~M0-(Zu1P5BU{Vp8(}O@O$;hXjeSLb~Hy3cbE{fhY`5#38v$Uo}zh_$?f>tWA!;~UV!>;~d zeajb941Oo-eoS$BG{vBj&fTAoV}oK@e4rKl2-?CxwBzrrb)&jEJHKt$4!;Hxc3BEt zt7t?v>^_;c(D4gA-p`oc@4&DV4*BZ-eG&0;*3VZV;bvbhg-RY=93_0{H+*%AwYPlM zvm;fb(tf0hgeVsx+c5-4(CKc)4-`G3NK!s{@+WA%ofp{J^qLL`GBotB&;8-;9LAcH z)98)QFzJ?^z@B*#PyM?*bbFkyd~wOmzjXvQTvT+z{<)|3S}=Ch9AVxQzN=3|{st`M zvKs2PvG02StSa3Lg%9)NB>Nk^Uu)q8>TfXhLT{yLO;s3D8}gUeKb6In0b?-+W80xC zcl~#4G*qv~RMs4;TNVS1y3Lo}I$$U;sztTzdBNMQ}Bu{p#m zOqvLh{WT;+XsJN;xeeTURYpfF@Tp;H^uo0@7gC6Iutfr=lxB$J*+iZKAF>+3{qIq z#ge%zlR0@nW2t&FJ52NXkbag)#C{NP#V&6wOTit>g|>@`wScas-0##<%Iln$pT8#X zOXb)ZGg1PxfCDae*1~+YE>ZsA$T>ubU7;8_<~<;xC==XQ>e>o~?~+p09rh_UP1vCKs zSbS&(v)VebVa1W_2)I+#5fE;b5}D`CHi*zUg*mu4K;YZEg(wleJa@%tX$UKAeES&a zNg8wR@$vMq+rPdGFCsjc(AuTXVH074RsPLW0~Op(!&$d)?+PgI&b}2B6@8PJY=YPJ z>Wq5w3b%fHVGE*iP%2wp4?rvM{KE2`ay}(B3#B@MJ z^;N3uspxdkZ@p9pYpdos$Z60E)%09312@+sa&55c=tNgevY@c28<6{zMz{-sOS$Wn z9m*gy%@!)dd4-ww??C_AT<}z0Ogrk7u~KpSQ{HLFG2ahUX$^m3z~_KCBD=pf3CpR~ z2G)d~sdr!o$j+Sr>WYCNWc_n?csM)4}~Lmi#o2_$;6P$Qky5GOHQ46 z8foIN81%l_vFB(5f2(OKK4I1v3|^&KCJ0LW-rDA*1ZVbfHrHn(zkaT(X$o7Ma#XZ~ znu{Xt7J+KCYkeh;#V^2{>uyeGq&x<;j4Z0GGzacnO0sL@dhgGLUI$m1x9;*FPee=0 zx`+~ps#m?gX26^2DTMIT46e3+xIR>UB|mZVe5_+T<Qwq>r} ze$u*jm-KS90P^6-JAX#=hRMp1{P9$g!y8{84BTP&tCsF$8x~cAAhZo~{r#C0AiN24OC zftbO4Bz}NeU+hyc-vv2((b^M%_bVji^Rr~$G8qoC{fY8bI zZlDxLcI;&IWc@$r{*@*H2XWi%Q0w-GO6-RLytIp(YjboHv5@u4!0_CE$q)yk8vsG7 z%i~XN8Pnt))lLLjYd;zRgf`2I_6NhXsCCZnYzxd9b{zpDYj5MXNhr zp^TKfpWRs>_$9_sjiodM#aJj(o1rE=&xY21P=76tkKIWy&jCiAl+) zXgDkj%t}Owk=v<7H&eSM7Jiao1O!eDc>A&Q)bS40b*L!2r}3!~x7 z5%AJ;PeG-Ms(JUh1rJ9dU1@C@E{sdMgQ?sTIB>Pxk#_+>BV z;Zn}!cl&jG$j`1{Y9YsLeDp0%ucuiJ)Pqwm^!L`Hz8bRZIGJAauC zRHMGBO_H>mNf?)NvhV}SqSoUNdwt>Bl!NnTlj9wvOb_POraM)tocn0de;+7E?T=!s-j*-VyIiOm*gY zYUHnt+;LtudZE_ogIG9c(z%DzvO1~dmr#at0<^T6@5FM+*Gc-1HMA&>cq1rNP2|4Npw(L&+-^a?}d0dPUWS<6j>1hYM~EP(Qia-lymD zsw0}98lZ4U7c+6iwW_Cz-zvwMPExU zt2yH{@)3A-(^6G1PXZpbq@=;&8j?^t29W0?zy!>TjIaur(aep&AX`gmL2S(j$~aioyj+F70KH8#Y2nMsYE zAa>V<7f8$=3Sl0HXkb0D|7^k%?A@~@F1#Mc$Cr@~T>xF= zZvZr3sAwPeKhZNEGmqQ{>zhJOoZmpp36mVpzif0C)hG6JkdD(LBn|=qj38avQY>~@&(~O-L z&lB?U@|refjnAmD_q>nZaS>EMfK2Q2`U)e;-~{!eKWP3(H$Wn`B%NF;KkA$Dp~U4! z;2TD=e8A<>76*laR{*><)%vv8bB(LRB_)OnI_z@m$|3-2op7mNOvH}<$XQPEQr8)z zQv47pksLY(jF8Cr8aV5nMLKH{gimRF~rJHPJTDjdKU`I|tZd_SVZHdpZV z&1s)}l6?FzpZ9G$^d}#y*vRo&24Izl7?y8)Qtuic(f}UQ)cM#jajuZaYmDBWcndVm z`P_!gNp9HOIKVgDE1I!owu>u=1ap+iF*Ejv#jfGFjLIFiGQf7xBh$USwMpPC8y~q_ z$>4yV3mfHzo>o4z~ic$G-$Lhc|@CPeqWMdKts=tlr0`}_j>@`t4>6QPWt|De<;z^U@52)|$@lQ6!9@)fn6#92G zO;6H&^jZtzQO>aH+N4n{0gox7uP)PMJe_Mxpb6DnC_;H|5Z%xLuqFV3jeUTsa!aOt zIQ;D7=YZ3^$y&}VVqzKUhKn*iM3KfCF{-bBI&SAt_;lXOZ>$BcCzDS!q|$+E_^}nt zxG|uP_Y@miz3$1IXlk&I-p!(kiHW62^QHsLteu67_|Xl=js2j)hVMK|-gyf}a4hrq z1==X=s^-nqSSx){W)w@HKJ;H4FEHYE0a;lj*y<0TY6KX$}X`z zYW$of*cVm*-I>^|^vNjp2riF|UD2a{n@WDurqluagI+@ggq-rz2A-IIvhCe?41=;K z=Ma=5T5`JRG+KTg*r`rM8OY;}AnZ|TUBu1&NKrVQTn=_h-=4^sAsQ#YFU^U;9k~O^ zQ2Gk!wGMT=U*b}Qd$wM{XDD_u*n1+%KE%YUn6UJtuj@hzY<>G5e`?Ct23`+eJj}qY zb=cZT3G4!nDG-zrJ+U=PNFatnpgE_O19pC-A}jqJ!{V7WfyPSX`3?X&?*1&DXbCU% z6n@m}p$q@Zvv;;bqrnPA;7=RQF?*CHItBjV_v}USxeBhY=)on)3I$mS3HLF){dch6 z$rR-stk~av^K18^3XwD}Di9V_>{lK%3|Aj1mbD|$rg$YaGg`=s1OzEap)Dft&s$~h5>j*8w;FZfZ)8KC1KJ6q2yF-S4Fg6+i_`;J zF_iD#gBWlrv{z~NJ~QhD4}v0(Qt{50tr2b=Ec+Vv3RTKANT zN4V^x)YF$cE?(U2CHZikIo@mJr-ndyj%(!xNlO(xc4rkdIRC-M8HiCCFma5W8(msP zo1VSkDg1bWa%{c}YNj<2CzgdQ$a>Po)Q5a?S4w}^#=I5IJy#q#e=cEmu1u?x{qQ#AIi)#!I0FOl4~MnznGFBodb+(Hc?d zY{9wV5Q#SN=iVX5kqmMH;#KH8032RN>f4mT}mJBRjq9GZN+h z2z1pVrMTAKdYil9$PO_hq>E&KXP-*&@W^CU$7aqm!B)3O3|7&WtEO8Z8z$7Y;T|-N zFJy^8pd5W?1JixsmzTc?96iRquOxtbG!X|9ILKpMJcg9Z?p z)3!$}jK>o!1N}>_M!RUq=}VfrOwFZjDt!|BTW><>L_u7a@zT&dvuJFUu!+STElGGMXwWZ%>$8sU)**K7QC+%W9=^&A77`Y|v=vJTT=0bY^gT~Ln)zYZJ@7j@!0Wkz*)u!41AkKPR-W zcnhr`G3Cd3+ER=SzxPpnqpv|@cEmT%OUiRfElJ%C0Rc@QtT3kyMh*@<@ll%+K-VbzIkJ&|3oUL ztMH`wvWx&4@70-or(xrDthb%=%D~j`F*pD?Q?~HdV2JY%m82K2BA`QcpzpOI{+$~m ztkk}*?f&23J|KR1RCw-7t9-~vMX&GqdS@AXe1vvyM(PfIz|p2O)m;8>B&0;C(YTe` zS4>a(t0r)jC1Yl8PP=LP3oeMWIH;+)M|ghnbP-DFeBCAcY1m@Vq-oDSfiS^M5e=&h V%Q37BX&ZQ)H9u!o^0!;e{{f1NA8Y^s diff --git a/copy-of-sdk-docs/docs/learn/advanced/baseapp_state-processproposal.png b/copy-of-sdk-docs/docs/learn/advanced/baseapp_state-processproposal.png deleted file mode 100644 index fb6012378dd580b0ced3ed6809288d9d312a2e96..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 248588 zcmYhjN6!4pvn6(00tBIf?ga>%{(%;RcR_E4G)3<{Ie8#i^tR~99cU4nXaU-WX4;2# zq2%vA0m4^b85Wr&Gb1BToH$wkn`Maq%af6e{Y{?8?LhHi@*Mba{s*h7XsDOy8R2~ z|AipwJpcV|(rQVE_3yFRz$WnhFnyb{DZc;ggFp!SZxH-%DCEJ|zfcAy!4pRPjUagP z&;DsujQ`Of{x<{~_-}feH{&*~^}kRSe3r+p=)o)444zFFJVoFihW;JK|DF6_z*}aX z`ywndwE@>4;3)YwN`TG(O_e-d`xnB2_kGh9;6*I*Zh8;l>SY?h76FFnzoGXJY;@By zU7G)26Yu>LTUz~dFD=?iD?JIw?njCFZ%Qe0>gjIn^889F|R4K_-2mmgMH022}L;wm*V4c~^}|J@a>puxer!w!`o z+}9H7oVa{9fPe6a$ey>hmZnVbfh6B6Il7i9`2w6!cv4=VojfdXvV!bR!G|QIjgZt) z=xoh|1_!a;X=0O{k2~)jjK9q%bL3!B9C(NOvNsI)Dr zHAaHnKo_$PPBV}RdMk3iLi`l*tJX8cx&uF$QQ4x(T*j2BntAqr(VyDhVP?YDCk ztLNKjU>JIUPG<3s4=#D!!|!{$PkDxL+=Z97`H9(>n*&bwo>KOZ50)@Na9xmgxvNgN z%|R16;$_)Bo>jNI4-p}!LrTp0`-lNGT;glbiD=9305Lt1f)gCLZtrKf%J=lUhzLeq zvG%r)&Z!ursR2%{i+APYfg@}J32KXhlk z&cKA*$^)-=UyrzKEfgx2;t|V1xn2JHj>yhChT8XTm3$_1m=Q3`*^T)2Lna2Ig+J@1 z517#@C>@)qS^jW0yD@d42R_!lXFkc@%e6iVn43^&Qkr4Eh+B!tgU>&% zO5rQa{9Z5b(EKuKaU)QZH$}8i=9gtcN``;EuC+eLcXj!rQF(r*udw@2HL7>%kYN}x z2sJNpOhPcWZ0_!{qQ7o)8lNdsU zn?3Vsa@XVpX}^vI-d|A5N|h`yZ&`}1PBA=_3qhLwo|^s>@FtZ>R}QiJbxs({<>(bo zT<-nek;Er%vP5_)i$QnJN9Gm#bycV&{nmmadnY5`8C;Xx7$EnsS7Y%-oHZ&su1y!C ztkEO)1IWB8RfCi?_bdo!;&|lH@8?&zRcRvPig6#z629yQr7~1|oh0_oe#-HYIE}eO zvg&>bH=)SCYciNvw)62b-7aC0E*ZFMYLaAjRX%*0*MppQJsVI3ZdQ4yYqi2K+ooqh zeaVV6<18?4u>x<_Onifn1-Ed@4Vj7z40qu3qKvf9}vDh5`HI-1Hb@`GK8tJuCWT>N|vV z^Np$g=_Oq7<-SLFtk8}!16`*k^|`?HdYP>C{HfBz3@!U!_x(8#!w&+`NRWq#D+~%s zD0yl;N6!04=tEB&bCP;8x9qM78{COnzxYSX(;f>xAsc+FJ|@;;^jgn7H}WYgkNM^|wh{P5NO{XDo2_v2u6*kW*;^D76nBTWB^nq9-dWszFie%GWG;)8 zr04Tm2Uxff6_vIW2JJz3UazePMXa@Pk$w97hhkSJu1HP!g?ZXwa>3q8n*rG$9 zejf}UGs}gKrg<0*E}D*L>_=*yNZNN$DVsHvCL`qrdsaG=BB(Zs-h9ez`B@A*D%fG| z7U){Zd{vpp<9WLbXEmr=9fHGkF)}+?YaKu-5bz-tX^htyed$U5oz{%-DsyxLJ54c~ z%TzR;bR_27!1Cs(6h-^S915U)Hlu6mb`Qa^D@5*>pQS2lzv(kl4cyH)%mp(62)$G+ zvV7iRp^s3phLch8A`vnRvW}{r>kgC-5|u3NatMBaD|=CqfS)8oYL~QD*-!_chrYoH z#~2JVJK3-`=G%J9hhl)wt!bF6TYQu&UnIDOy9kUVtFjKn1=A=}Sq0p?R8_ut;K1t$ zlpOF2>Fe=H5uLowgZUUO>#Aj4)3kA<)voa^x|9%WY`-{{y>}jd`v(^ctFaZGG;^Ye zr+OLRUelY^(-SyOfBCM~^pRRxsz^1F!8!j#VIb_!VQP$mDICm+_j_q0U0Rc+hSn!s z$28(`pM^uS|6{|y4{-PZ=)j<9hv^%q8%==^3-O}Cj6bf9gHxjQNRWoSI3n8kFwYXl zJ|8kS&?I9gW)J3XmrktXc8^zID{Jn>8IY4%EJ7plJdxH=3huc1`MwDqREOO0par%D z`u4{rNttXA6!1BF@N32g+9%H+#jwQ)>D_;;&^q zZqq=btJ}RmN>s@YO!4bbjcI^mW;Hl^-R6iGzi9PZHP=o3U~^8%GH^32x{U+t2wu37 zTQ3(LJFpnht#=dR$d}Vz*S>+>{F>?qzjDKMle@qneKXpb!gAm5J-G!_C-e@@k~-?P zJi3Q;O`j%AvyUfpQr#bADA=-#-+h}>-4FaCwj*Pc03x8OcVz6@?-J;SXkP`YeU|HKkNk@M*f0j(2V+WQ|&b^Vpk&u5tBtgDl8k3k5c z9fs4EiuekFe%L2@e!Ulthj7tymE8AU&7aY}-uL50h9f~nR0MlM!OT;caNjNrt zy1i$s_v(`GSi#QtxmU4pa&J^6NQmF!P+Zdqvv-2mtglc#`RW`(7)?E@~r{BHk#7 z!{7UM;%dW{Ki6V@180$K$fQ25NiI0#=&?wPob+JAT9qc(+7$%c!4nqVz2h4rJv^|;mAgIy;M&R7=w z`;j(CVrOl@lV3d(xbE3*@(o&q6yJWy2AtI6FP01tvOYAc6NzJb5eKo>9Z<@=1^_r= zQHr!1gGpZ*3N5D0Gu+jZy_S3niz$VF}P|Or)Jrc4$)VY1U7F82z)T zXxpgZ7(Z}ky@p>XGl{WL%DMI|wecp~F~XrUpyq6}`Q5ww^=E-GMXih`i@DN_dPBK+ zx^<3eeK8W83J@1to8QQ<#K;B>wlMB)-!`g{QE<`*A>cVHZX)H&ck)QEY41HN=V54O zKKxm>nT~0!?DQ1G7dKjDMOlUPtO%7)jc>{&4G$3|1M`w%+mfZ16B zj_TXzr*GEDc5b&YyXzAFnJuQUd`ZuD7qk_Z0Gyjv$Pbg-(t)sFvDwv4Y1&>BTs2+a zP{?&lqK}T5@hlYoawx+KMlK?!n(W{%A zb&=lQ`TFubp63EA!-`ziU!PBqcjB&N(;X^~0w$#bOMhZj>!uea7}w8XgzIS7pIEn= z2S`4NgF%Wd>`CB<4dvJ=1^gtxytmwT6!%EFP92O?u^i&L{Es)pDOSu=BLReaY#s92 zf&TqWJ%dOXv}4Y4*NF~5GW4#GA#j+@MU++o?m;NIYJztn7qLPk-`R#bEJ$LdQS096 z>iJgrJ9IG&Z0GalXUm$l>0uC)8z&bcc@L6iQ6gVtF8?g_tPE5S?m-EjItn1D>6e{ zKAR@{@H=^Id*4I>ze;AO>&>T9kAYgX*lu;6da7BjQm**YdVf7IKFjS-PdPHO>~7GT zv8*hA{eqb%o9l?CP+lWfIDbjIOc=2<06+luZJ@5knn(B?T*!sfG-!_gJ5b;$xE&?G zx*NF;dQsuchBcaEWniv3~@)O%kU{ z6{>O$z4%@Y?Mkb~-XJZ}thIHlj=?ThD5ZnekA3gP$Y>fQB1?RpqOD1^@#8iImHBwz z$FxT7U56)K=s~@{*Un#%sf#FPQn$T__XY>VTw}uzp{-vt zqOTkJyx6wSU4`R6W^73!xsqrIa7FH1 zJDP?~Oy8RM=V9X)f@X@!*#OKMI0hXN<$7WMJ$9a+_Kmu&8ly5x)HNTgiBT^_ z=Y$)Eie!v^#l3U^`&tWtVq>YqI@FVDpsfh1q8p+J1$a$A9e}c+&b+Q17oNZ;VB#c6 zJP{v62FbGU?WBcZ`Ozm)vWSjmB%Mwc`izJM%a|orX%~>b2l(>o&W~x>4oum}aado@ z8R{>~H%{{P1$hE-NPzY+XucV|d23UCzTP4~1|7diinW8}T|?Ioh;|Y4ympyu;S({i zsfQBP8y9IL`g18hk#)Mjr(=nv9NzZ9xFEFXrMHR>c%VB!9xMHEr@otU1FR>Mi$cow zkwMWIk5U)a=R3Dyk=2BBuv_S?wCMpNjB@QGM2VUkRoC5bC?J9L9Ps-&smH^#aCtNBR}12B9f zFQk`zipgWgzFhciuyG?!SM38TOVUeOi0twS^(wU~IoOIf|Jw+12`>B*_~)DlAF-1( z>rK7-QuMxVZxb@Z^92*va+%>RtSG7Epz9bgm# z#)Y0|kcY35O!~gO>>6p+O?BcIa ztjFY|lyL$lT69Y)V3UTCnJS5B#0>prb)6*Op}JC8B}>!O_*s>PJmfh1Q+fn^CM zbaD+_pi+hEZSy#%w6-M8LJU%Mk~vSE`0>xdg27CR&n7!xvO{oE&ZNPr^af>!`^$DfW!_S;e?u2_OXI21-K!uo`(s09Ph=#Gi{S?akhCR-~;JH=6fQ zXJ}Ps((Jgy)?Oy%Cii0GK5F5|LYW`1F$*Ud`XEDEE|^hBOfclRG15= z4x{72!oA}kfMtu0T4UVpYEf(l zI1B4BCH2c|9Bm`xf($|=!E%k{*tmb}>FhDYE<)|Q$_DzmBoLl{K{vWd*XMljfCLXzF-9D9rsEbd=W_-Rv@lAaUe>q+BY0O7e0*j@R7;-!tgZkl)}8Z zz223=8}SX~UVwJ}e$Ym(qrFwWfYS^W4w|*~;SKV06mM!ryP!-yc=-WqfC-iUBnQmJ z`i6bsy0tLn=>*RiZ5`UkcE6ICz<3<%9t~QibOCA7w3-kynbCHJQu!7-*g?*oqF;0` zzp`flMHFFJxlW0tEGq>67`v4Uel$s(p{I4@C4A6Ruts3;H?T)R*3wc0Vg4w~tkjUf zEhQn|K9#Qis1yZJ@B#a*&-d}Rgtr&(4&NT4*$|2>Z@*;E zmTR3Q`$JdlQMS!a1RNpvp~mi~|Ac%2*aZ|hX1HN`Y#HVS*O21=;za2q^I= z2H^vM%hEx$L4SlVo)Zk9r)4bEcwf5LdLM^#O~?h?o()1YJuU=ERxNK8xw(-p&2mVS zdQxC%T$Dkf8)PRY#`XeQZ7WB9l>ykE^6Mzx1&;#`n`9>|0;J7v09-0Z!2p97%ZL?F z@&X&sQ>%hqFbo&jTXTKW;aJJ}Zk)fIVu-Ux5ku&p@@PtLoUcRAK1RZ3EY7-^4Q;kK z4_8Ji<%{fRmO4L+Z|MC_V?jYscQ7Yo-6+5^(?R9D6pC<_+&>01KkA3LD@XNOLQEs-1{;f zJbsS&b(lw;tDArHpIQs*`r}YpUF5Lf&0Tu@1enm-Z9B?%?yXpvFT|X+O5JoTbXQ4cH#P#5c;3 zT(aRI>J0J$`i7ihpi9QXB)HI4n|KfqQfXi8eXZBxk zu!$|h0U^-v4%-6NgoqMLLmY^1INL0;CK20wrcY0f>NDOPZ_%FR3Om!ub^!#kP$o*o zeQ8tJmpZ?WGVCT4s43znLn)oMKK|D*aNy`qSlzMLFpN^G6hNv+=C5ajZgh^kuA59%cG=sbv0(3`150uG# z*0r~cO@hfg@D@bV%rQpHgd*EuQ@t0mBFLa`?ppAoK`p+O)8gP+m3PbPuYK4XSBnNf z0EBj{*;;0*rvyKRIfpe^8&pRnI+9ze;rK&+$JAhu=Am{1-)The?EC1z85HV7m)iF? zN~^|OwS}*gzq&es$ztk?Ufa|o$-IS9=l4IAbwaXUUCtN%U`u9$Jk7hjtB4cgxGe;8 zJNPxkcLW>`jhdtmF8Ri^c%_s!w-OK^0WuSSz;rpV6$3g<8K^J_L`5@212`gx&JSP~ zS;Za+C^kU0@B!LfO#oADWlD%gkm3-D2V1#`-TR>xgBC%}5Y|O2(6oW|G5BN`M za3KF(Vg?wsfX3|2T4>j6($>_Nt_dq%_|S2A53s%^;+1 zS?#S_@^=QcFT9W}8LmeDtmKF;$UKV8p1siAwOIn_2Et`yp@h>*Zm$E|BY) zbU7t*(@8jlM2LQ_+nEsQYtRIR>D)ez;+IA(rJ=7or{^$sL*T-+I5kKVM(;>r;wc)@ zjK(&>4EobU!;hOvf!!Ih(qzmfe(JONG=6SHR6GgEOROMH;&aQDesk{{ZfhBF;gtch zS^Fh$H)Td;O)?>yy=V-Q`V4@Cx|-BnNjBiP@g=G;nGz(z<&&?ht<6X;uI5^NU~Izg zdI6rq@V_{@Bz>qZfRU%)bt6+c-VA9fe28H zqolpO;erVY--rZcJhT0%^7`!b3-=0Nn^&AyKDQ(-gRF0vJFg#r%LIU}PL{tY7yroe z(xogr^+qgFn-hy)DWjivW{8TnL0%8yA2hz6N1czNXVo{Rldn0y_oz6B zOr68FY;LAmV`aOaD9~%?-Ae#EZrkq8$Sq%h1l;uIdU&;D7ma&_qi#U^G#Eu*yxnNS zq`KKI5mr)LQml*9k3hi3K~bk%fE8ej0NypIH2NBV|&zrIw{BA6qH=N02N+6H1)N zTnSl$jsy&s@QV<0Dz3Wqb=yFJe$`8jBZ>{l!>q1v0FmIThl}ks8Ycb0vV8I`Be4-` zRXaQb@X4@PA>KA>GR0YfK@(=Zh(KmH!-*JNh<1e1t&BEw)DpCrYC{P?;;5I4i6&PK zh!xiJVzJCIXKGt{#>(FhD5XI&x43?mw)f9tL0Q19gB-xv``?>mQn2yCxn&7n#C5>E z?{0$vE!PLqb<{f8tI&<+(n`0ZPep?$a-3t`X2wk1Nt9>fXS3!;)TpguCU`<#TMbbY z2a0{b3RSul!vqjhEaXzksvFZA&{0k$FZO_G4PMX6wuT9%Z(MJEL6sRDXuSRuF>(JI z*&tY|@V&8=U7p_pXsTOy=Yb+(Gj~l+HAoQPQm2zT0Gd#2oYHP+TXpCuAT=1AB|I}#RD?qSo<&?1jGsrD#m;*)W8r}1?a(lE5}3|9Tle!LOj@LVhE_IHBn~N zsK+Q{7OCE%EPVt=UHW`*TZ}Y&wlNKqvb28M4IGr9ML&vnJf)>CgjeQSPQwr$4gHk| z&g4{HJDA>+7^lFfmPBk_6*&@|N*d%u|EVs&RIXA+W19Ew4%WZ8dLAya@YpZ%Rvxq* zBoZf3b5G#$Ugy)*wA!!BJ~_7!&<0gI!QdB1=%+_8=mlEgvWZV z*OI9+fJ5OUpMYNh7x3ibZpWy8#t?ep=-EjHdR_E4i{Tm!)52W7Jtu-5P7D%o+I!7k z0cc5eR{Z{cQg+B;QDlf?9_dUDowANIsF4T@bV!#(6e(OX35<~HClw3G0}2H7j#DY# zf0*g3k`vX%>Z;>Uf#Lpvx8Du)FF+^_TA2GDmqs)0JAVUsfT(zVG)T?vqVPKUN{(#P zRTGGg`rvi3jcYvzJP%;}gtD;@@B+3*IQ6;}VpoU<#st20HWQsTOBHY;1L7$^NE8NX zEy#*~bgnY6=h~;nEV>hFFaWhJ4EccgLnGkAE5_9ui#Z+*cyCtvoeL9c;&durLi==( zKJMr~E^C(C_$Gco$V?4{;cp7=AnOZwnyLtb8jf_Z4lM}UMP0iS>^DjMmvTKb+eyYp zAdLMXum&Lc8)XB+&J~vslJ56*s%FmnNU=&ECh0qQtTz>^Db&`#5iCG#&;JZ@Wb@$L ze>lqfdTIN!0q-a51;nEnkaQ$x%r(?xv~vzNXKtqOK$pWx0_J}Mscqoz+=h?}gEbB{ zt^K@bJ$$-LwSFjU8j7|1yi(^k0tI;s^auBzFgz<^W*VAvYHztpm_q!_6AF_);e3rfP7EIuWClEoV15hMO&I`n zMrj&b=<=clCPY%+DV1+^hMzt-QpUJgWwG)po~1YAk0THZ1vGdagn&12Ol=Tgux;-8 zU|Rt6tfVxV=oq&bM3cYyQvwZECw^7nYgodhHA1Vm7ezkV?~1G#C`Q&(29dG-d>HH_ z$8s{9nUH?oG5mG1-kS`@ek)P|tonK{*$JsN0cDWyfR~AudBj)i zQciiICFr5>Y~=SZdW4z!rNP3Sv1d380a@0;e=G?URNj?Ff-ONUngV6L?78!GQ|V?L?dmBs>zBLu}By0baEVPOk3obK9uLXWlB96~-&(%{C@N ziE1vtE*8ks<59%NAJ7!iLL|^1sCNcnexMo+p1`8LosFe1WIskN6aX7Zd*f*jO#_A+ z!~QVVLfH{u{oPDIkR7o+E5(vTIY=1@KpjoS_rn9ZD5kwp#@g*h4LnWDuuo~B+zC|F zk3L%1r}+_6Ssi_R`Li=tpf1ZcoXquJyGoek;lY(K~tXu=1Fo6*JF45CN;CDhP<;g217@;l~R_U&V{czOkCbfEBY@Ab~s(_9DR2X8pq~ zrK17|1%xU1YAOLMWtY}Xo~)C|HLIwmlb~kVS|G--9H-{fpSAZ}K~^W2SRO4wU5_ z@_?%Y`Jdi`1s%5C{7BxQWH&{N43OKcI4pSraQ~g0y#2by%95A{#pFT%t>g8SY*vLP-^gh`qauM2BcETN4v`#gUqYpIl%6CKd1^IYqTL6Uu1}*|TSdzH;8pw4rs_z4k<43$M zfy}=E@)`5~MjMbbX6%Y+@k9eDmJMLwd)Psi(2p*^-QfOh+=fXiZ6mjaQ` z7En4k;4BR}{l1xG#+$5FNyRyB3I|qq`Tzzh9L7OdyH5(>%6Z%Aj1l?_F;B;QXt{*4 zjBaU`A@s;#wMnxsyM_v!6wI`Seb4azz~v3rL?BWag&_^fSXu4*A5AY3Wx4H)+G13R z<1Bw;=tsfKfp)I%@KYh39zs}0L1CnFxR!b^K6uRy@E9~Ks5Mx(Bf~&s;R~BaqEk`G z&pCQHH9Th~of82_Y2Z!SN!B?Wup`p|rJB5PW`SfT1iYMZ*O0CN;~hEgSHGmYV8)b; zRzPOFb?zhq84engey%v_<{0^~58f?d!g6;&t2OX-mV1FY1DTE7tJND!1(YY0VDK1$ zSk>c>j5lzrcf|z79SkGP8%91s!vX>=TMLZL@i4oB3C4=1?yzHrMkhyegJfc!0c0sv z?C)}>Gs-@M$We&oOILpJxV`ysesw0J@+&27dyO2@ z26hB<#Quz-G}jiJys5R0?+@XvQ_Yvt@Aamj$Q?wo3`Ozx>41X6q)Qu&2@CbNIS zT_yxNE+&w8bLGeC2M6y!b!eOApPDtBMtMLm&_ShCtBCy-xcV4=vpYZpM^KHPMIs5y zrQUiVTm$PA=z(-`3%vO*z^w{9Ee1$RJ{p&RRUKDU89;`Q&Gn1A%=x*1`1qk$+srQF z)3$sjdvMKk);xdd_0vUE??W6Y{%Xv`VhhAmcG$drI{ASFkL4YycAot0cF>#x5WSUM zCkK`}!oQ5zANvd|NviD>T}AV?gDrTc45&wM0T7M48`va*PGd3V#UyaWuQVT3AYrLd zu#V6c;RZ|tiZ|k925ZCKl$d%v9Ia2L1BFFYN*K+TmUfU(5PoqO#r(43w|pqrG;H>% zShIN)QxOUL2e-cx2i9nSHJ-ObE{S72A+KQ+i-r$0zp4KMXY?-sm2z+%0RkoT{VcN( zyay$1>cM3Svjb7*zi08a9@rZZdDNIYUcnlS#A;U?slGe2gO!WSlqx5UL`AKCM+6># z($G+!Cz(gEexUY$M{!h|l&doodsqvK?#vT|TQi&<_tmJ+qF@w-{WMqm;k2_|B05EY zOy}feh1fdniyR>Vl8F^8JO)<>j@%K_f5$^}TTM0uv3r)xs9?ryJaj66^<-Wex zdZu)_?;>GrWg&-b;od+Xa|_2u=tL@k(j+V`wN&VfC_dkbX&Ym%;~_{z`0%qvk}Xh~ z*z=ye<&JYzCBbE6w6;l5hX=ojRHUgm^7ounm_0t|1EoF08Jvl(-<%QoO(X(zYNWRWl7*j z@VM<%+@lnyukDS#Ov5N%4xj2IC(L7GUj$dM8J6G|4F0;{ng&2wuvv+TmBMb}9E=Z` zl)r+PzhmV z&NX^sX9mcb!4wNIo1J^J(%{tgQ({uPjtRT@kUOo?E^6fT(v*Imf%r&I(Tv!Ob~DNO zC6H}IqJ!%Zx!aMNOoDQ!0x|kG@10{%M&vn>3`s{8R^iBePBqTJZ7nVQb z!Bm#L(+~&1jewR@nKP}{&p?|8fi=ox@_YNp2Rg*I)e=5PvyUG5Ey{!BZSSSqZ^IsH5U`cMpayE? zV=;s_%8aVmueJ)mP7yGO5SW$`{*o`*$M_wy7RPydxAMAYgSuL$!fZisfd5)QT!Q(TeI8U%?*~>`CvD+1 zgiBSe^nvjPH@rVEmVrewHk_n zI5O+}mgvNhW5Yl7A#jbOam-dROK+ShGjPMKxDCOF5}vZg&23ftB;+v3=At)pkL_bS zBD^1h{185l0|GZca}o%->-(#Usgdl9h)iIyk0$NNn*-Gc?QG|$|CH`2zaUesYWbn@ z?_HqvRG)f>Zint;`i)Ur_RZ`X{JMyeKz=n^?_f;9P%cq<;ty&CLv@oVeLT>2p@ZK( zi7m;0z#Ih2qKi1|4M#dFb^7)DeG*oo>7V!Kas*T@@*n<8Yo|4T3adh`kYiuEz*7p9 zCbQtz94P)|Lem8S13C~2{C-8suzvJ~K@epnY^x!u$#Qi8!_4~p#NGAwEr>mnn`(u= z-{PeA!2}SyL2YD$ED(ZXRP1P8Z8M@)EsH94aS{51LIxZw^C0uPUm~RO_ydw#sUe1w zBhg&qNj5EiX$-0%S4Pr2_>Gg9TdQwMj;P@bd7%72`XkIindY#b(F(IYjydi(sQ{W^ z20vVo2!kh=V0GW;(o;<7A}9=aquh)ZwFY#1R9dB?h5`it2kQU;+zcdYlKS3>kU^;Vb@Kr-O#oK_AHvxKNg^ zz`~n)o?IIg=}B0{Y7`!biNmmz^yB^lwOXT;IA+&N9sIIMwI-k+620udr9DYocy|pB zUuLcYl@J7I5caEd?tu45jug3ugb*wqo)Lou|FYT`u@9lb7I|E{;TK5-^%k#5F(bgI zdg%{rHY^?}8GRA_as!EtAjJ`wH5FAR-<9m~EK;v%g*S8M|0U_Vwj4!b=r57OBba0| zCi7-Y4km-)>qqpQ(>vSkfH72+RMHJ^Ao7Y-38!|CeL$n%A#XqA&$W{1>h9zik~68w z57h?5Sn>m&6-RyF1u{4$y<1Ha>iyTidK&u4Bl&w3OgQJTs;%#BZC}DCuMmg8>y|4* zA(itH=iERzds?w5ajW$1WIy3~+~KzReU}jLv(KLz5I|7_r!Ma4@TnWOaE0$j#FFP7 zUOyi4vFC8nQ`+Y1C&B+1ykn^=Q3h{qenO$Y@nXSN#kg?1!rmN9rfag}(2T8+3h2?^ zNF4OTg@z*T$eVi{4)VUiQ17BfMLjRQ`;~0+H z*_B@6Z=pI~sg|htQO}(E6xH@(!>@0e6_ikT1h@8kG6l`fWY4exyxnA*gmApa%OisN zJN(={ELb(WuR8pA^_@4eA^yu>VX~P>t0E&)gm3ewoaq8rO~BcJ&nKIBlm-5mI`3J5 z?elIy?=x;VQ#h~py`!c4P?`#h?fOB60`JYD2N?iG>K&->zBUvHMe9UNt?E4SU(QlLgZuX=g+ACqs?zbIDnFgWjNUY z*MeX8JEu+%PGbI=a%dd<9?|TZ=M%#na_o1I=#e)Q58~nlv0utZBAI!0;2BN|$M)5* zY4a3ai*Q^nT;eDT5G9R9jWtGv1*nGtRJHC{{8y!b0FtH=HcL?a`fxKSFiaKmZ0cb8 zyzOFLGrn_(QlJ5KC}Jz#I{Wh*nvbO_3vBav)c@4DYAPxJ1kkc59}z6wym6EOwy3lL zCW3cBM)5GL=qcWt;?QveDnEw_qwew59%2%0e-QnX*{U$b-xxA#v(_& z6?LS@RbbBp6bIbHYIfcRrsxW^y0-5fE8u2QwsYdWY1p%C#w;D~M?9dWNnP{ZK?CSEFi`OF^` zG^y^$Piglu%l<0&OFx3(u)HBHisT+hAzfr)%+oBeWE^nYjx9LwP}M&|!X`}S z&h(WOFDDWYXl>r9VMesP-&k;V{0IK)gF$~3Yt9uYlzc)#`UR^x_$3!5d29bxmh~>b zxv8vD4FNjlkZ#5~Kxg0kOOz#JX1h-@1OmoW0T2}1&>K#T_>4%n{k>$4pW=7oD-BIQ z;-nicJcFBjZ;A}HxR%BaNKd(_xsYZl5+0Bs@XTxvkhw_gR^9o6bpa$J2z&$d5-R-8 z$?xmSo<@F`VMq9Vr5_Jzdj;G5rC9q#HuhcZl=i`M;gPb2Qf5N3pFH%AljlF2aY`l> zNbNhyMSHgWaP~%hNb&wx+gt_HAO7#3B?`EAG(2@jG3B0mK;s1^s^^%e2d~}in-4_}Tne;0my@?8V=Z7t^p&@?IIIQK>n)Dbm{-xe=dZoGvA`y~Ji=32@LTD`mL<2ggpyKE#0I7yF2f@>*s$SEn`cfmJgQM=jl{Jr&LY(E1=XIq+W%VG7zMyTh1Ir()fE}F3Njs|@-U+xkvTz`YJ!yubaxZdJ z%o_ism0)vqKf@pUYAjDj!J#pY!ZO@xFmZiaTLsEx4}FHekOMdh*X#vJ8xQz2NkL0v9C4 z($6;KT^&W9>+{~k#kM5yY&?K4(oQc(SxPv24|m>yC-XbJ)NkC%$k*}}MR}zmTH(aB zoAnmM3x4@jICJn^2yX5%c%S4NCB2NnU-^R9TSe+(`&fS?=1?aop`t*iux9Zgkm&gj zscHUhk;W8ZXMUG5YNNXzy~zwwR$hyr7g5(%Umj!tc(f=W^elHn6#;I0VQ{2s#<0y- z)4%|1SPJDejsb|jj-K!duts${bTIkzjm!}S>lV#-9z5>d$qUf$oJ>@$2v#>3S+obL z0E1Eh*iURgr|&}guYx7;T=`cjzonIU5%lFSS;KS%lJX~xKB#>qh@XTiCn%;uJ!iOt z1z4AF&CZru!=W`SI`^Vj!9I5@cKD6h_W`-Dy4@5sV6x)&)yYqodG}2RSa9oZ&07WX%mgnhm_*b0;@5vi?e|)Sl&+a`XMyUg(-MldzU&TnQu`p2 z7F{4hOR&e3B<@v$?n9UKn{77VGh)KmeKe*{7IjZkISP-VANsNsWA^IoU>As;AYZA3 z_w~M0MWm>f6#DTq%9I)|nIv_r@4F!G1!p>9p#C+onK zu$IUI5S1~c9U7$*f}a9$Cv9B1^zQ?bv0Jba(2<-X-_l;4Z3&%VTc zDd(b)7=Qx{R1GSsAgM5irtS(bv)XMaQV`GB-sYWGP&fd`lFE4%Z(*2(R4OhJ5Phv{ zbvpOp^7Dzt(B1{6BBun8k3P>TfX0iCd4u@d_vk>q7A_C$M&MW~(iXMwLH6+8pCw3b zPkkfbA*H|@Rseji{4!;h_)z^AE+}wUHM{E{<9UoX zF7#d^g)n(Ud&0*0ow1d_q2BL{YH2Py^Pj7%V*hnzQ?nNlC%72AgF%jrGAaQYrvrty z%7emJ!@aYRCp?SiMN!H26TR;d{K%lxN_0ueK7}Tp09_}2(8)ERl=+02#uITvClnI# z(YXDLka+*@t?`e(M?4#Npw9yHj?X_0WJmNX9JKybU7GpyYX*b|jdO;L?e%z6w(NZx zBmw4f=#Sro9d~6k;ULfs?RhSN-tQ(*;uACq=zi@pQuCn%a(O1a!tm*jwHd1Q{F0Ab z$XLR|o3kRdi1Tr-Wq_SEylg#}bSZQY&9L9!o*fVVD4LvLwamnli;dO~qtlo5q!s!i zGAQF>R5rVeBXC>&au4nh0LBhSy}zI0hsv672iyQyGP#EcM3g%bf}bN331~L^))^JF z-oN{7tTV}v2fyG#)nHSF!pQY++zTnKVfWzN$Yrdo5Bo!L)@%2$){cfViY018rpSJU z0{bJ2At?CdbN_Q19D6JhnPA_gGBH4Ah=tW{2~ zAptQ-Sr60W-pgjDv1{$Ob{S~J0Q~%M zc)zp4{KbPJ@F%brCR)1I>sr>96|4|wEm_HnIWL8yf7g)n!mJA*HQ>(PHa+zFI-lgY zxHB9T-3v+hW9U>(~Q zP-JaXB^L?v-T&dzJbxd8Y;n!jDBjK`6xY`%fTaprC3jd{WQx)f6^-pd6 zzitc@cpB_>B%cFpzVasTWcC1^&Jp&OiKv*z%LZl~KJvnvQv9>@$5AU_#MYK3Eg#^W zuuyTP&i6~OQ8!UCCj*JZZWc7sgvhsDD_fs3!zlaXz9~xkAsn{RhaYyhbbK$K*!@Mv zY0l!GDn0DuJep0e9!0_$po5h`zmRuQS`8&=HP5t39=~LSw($7FPmoB3q8i05aF{;- zUKQK3El(TI6Ed7jHS0oCOQf=zT+khv)9+c_{yxnN5tFBLkV>M=3j?VZ)}qqOD!N}f zrab|O04!Ed9fmTz4zKT5tJW8Il;?e)dA_K(lpGPHoCt!Bj zFQ8e}`%VG#dIJ3l9a0Ims{Xdplee>2&x1fAyHwPj2*aAl3-96*nu_!jI_hsBb>J0t zC9q-L6a=9QcmGZ?&B(;P?tB8!Fu}%Beu*|czET9b*q;;dT!MATbSZv7zDg`5G(-LH znJhH_VsW~v7B?YcRg3h!Sk|0sRQ$yg?n(k7truuXnd20F@!^$|wZ^NMT+8!H9Rb2>!jx2jhn}fGE=; z&oOw?pGM$D!iVSXxPE3A>lDp*MzDpgVpKoY#;$9XVzo0q%%59 z9f$IpOJ@l;oOcKs4tt6#smTv3Qyc_s-3kz%HJ_2Ykqw!>9kj;5_Sur2G4goeg224q z=%&-4ZV&k`j-6VfB_iMeVtL;7;>g~WU~nvl&T-+WmA`&BE<#h~Jzcbef{=I6C{!~{ zpep)D6NwFwIxeoOuQFgP$$V@f`YJ|`D*SY9Te7}IJqKd7mjy?aO+j5>HP@`830LzyfB`yf^F&c$Mq4lk51aF7Nmwd zqIS|(FOV5X(5;(I*a1z67DAWP&%bFs>HZ>sZYpgc=WoApQW9J4wS9f>O%>V^2D4Yz z6bcihpM8Pv?hI}op)HCS3mUMhzqKriE6wAW?+YFDc`d|o(5+ViaHS$HMG;InP`Xs6 zc^jxW#$&GQ3QMsiERnoud7*0N>zWDzz>EUx3rDNad{HYMPSkJDRpAYXcTUI z_=lhIo>G#fpeWg}Y?l)J`&tO{TMP1#3-iFnoAkR2B(LYbI&U&jfLNbn*y~L~(BMf_ z(?MAg<>hL>_q*2tRSo!m=J&0vnLZ87?i*dpi@ECiKq@(brA6o_*<)SY7YFw-zxVL* zn0tVJva3svSmZ^GFkK>XZqzbw?sI56vWvU#1Jsr7rR>{+z#=_aP!1fSr=60iW^6m3 z?#8P{(--4lHZhlaMjq2KjmQUh!F_c8TH%qI7Zc!)2ReIu*)I|0Y$`}tjv$jD95tPA zv#)Z(yms+GlUT0f3AMTGh6hJYbA)ZL+B6ZlkM@uYzGjrxe@3Hu93?N`}q z8l?0RC?d-P33UyggIq3Pzr)!*XyD>B`OQQfsv&rEt7O9q(mYo0DbRaz2jvrIIwSy} z=%4yMAAGR;aR>q#5|TgLJl@_MD6MnaKIWeL1OEGc1EEX>vo}o}de3CgRw}-h7K-zo z-}mj&jShCFvvv8lj<1EyfJt6Rr71wp2lqw(L^hZ!eFEqaR ziGn#@jCkg#x_;=3YEdId=RWU6oz9vso9*V46ok%YbMj|Ft81$5a1k=`6GJiZ{wBfx znL`WLek13l;lW$E*A#aYWV8!e22K8Sj#l_>J2co(7px?`aHJ-t+9 z6Cfa@o|>`CCMzh=)g`EcG|by5`w*#n1$D5uuAGS=1n>1h5}kZ*J=A>pIBM^U02rXpnR0aRQ-v`8qkq!b+3IeWVKs(g_H}U zq0(NmP*>Ck1^<|F!A?%>F2t#Y?}zlrw;!lOHsS)Kk`M1wnH9X1QRCe_L0t9w?drPu zNFTrYL;`#)f4hr(oe-NdnA#879!V9W3>$e>ALC<|$bu$Pa;lJf z*eVB<85Q~md`|}M61ha|9^SK~HBm&>E^#b+*sLhm2kH0oTPM2*lYE(4A?f{7nF5a8 z;nncE1lXhsz_K3Jp<-J;8OnR7ns-?}E?QV$-P!Qw8>%7_VEU(--HmktIUo3f$vr4Q z8bz?dLnHswj)j%&8Txx$Vp*a_8=~?`bdp&#RhV|FcbEp)X$LLe^8uol4Bt`S5IXz= zrU6Njj^{Sh%Q3!f6C2a`#9N$#{Ko*P({9NhC&8AD^y{qw zXoSF#eBJ3Xh+BWJ6MPoncd1jIjIxq(tC)9?R%hhV0$aLUOT!f5-!w$Nzzdu|eXpRt zHT*B=AaoN1lq?5LHjQvam-HMw{344({Xi3|FZ-35=GRz-4%szuc6m`@_qW3pf=fjC zOX55uFA2L0uoUxyA`4%%{NQxzodOs*Xg2;?LHU4CC8{1KE|TI9yB_TsKhvaskJwLn zgKYz>Aa{ypm4LOf0~@4P`C!yzy+p?0v~`q$rt;#e>{LyTvf%!GN8tw&?^M%d*MzXj zq8*t$ad0pwWF~_ryJs%Zd zK%$?^4q8+iMH%+SgJ>6U+UBM6P)dyl8-yHSdvPKvRPysbzSqrYY< zU@NTDi>6;dnTi9`3Wc$!A2F4X+Gu3`oF2i3myD%y3AA~UpF63shE1<1>fQ?Zok7`4 zB6nK#?2`)bA%?wW_m1;HR&;L7gu#J5)J-jJ(>7@?%Nm5FO2@dik3yhkEQg-Uy+OUa z2>_n$nR;hoss_iAPWUId7w#>^-e(I9#Xnd!H0#BnhBk?%%3vDy+8Y`$FH`YT9~8^_ zjNJ%Aj8ug@gCdF=&3h%nG3v{`7xynNuUtfYL}TH+jI?oSImm!tVGA&JXAb_F)9w(o@qok729CDGcarNWjeo ze0yM_oj5txpHR5{q+H~Ka7Xd!;=uB2scy&;76B;+=t9x#!w;mFc__q6Jps_MHf|rQ zAN7#2t{!T+$e&CXlW`pa6;J5hqp4(p>kgdsoqhvCiH0H=eU-8obsYvmCF4mXG11oZ zs-%_T$58GhBXZIB$Irf6%ABrH_Q;m}Hr>2}T=0CGdjTeNxt=PEi^3VBcgiADVxZ6a zUK;z<6q-TDVfUbrX`+BqHV&q?b)R z{QbVy%jDpB=!2s<@BqO-Q%RJ_26JHo@yqPd!6cBIZz7mx8@351hbw#I$VoQm-BS_wFeq1JMxJn zUjE>miW?Pu;TGw^8@!x2#b zEAKtxQ2bCZe1YFco;#MS1KpGqKPxi7BkgmP=F3O#xiWlo;cJwscx5ivV!Fh-j$jnY zEUN2k4%)V?_N_xAT{h4PImK_`K@hwLcqdxUq!v{Mx^5Y-V*pk|p_utiLc|i4)*GR% zpKbE?1<~k&uJh#RB5|g@<{N#M09wg~HQK_hIK^A)+G=-dZj|L-jr>+P)*wK>fxlOR zN~-zy*_N=*5Y?g=VDW-H6p)7UTBENAer2;rZa~E%l%d37mcqF$d#*md*$3Ap;O*rf$Q8Z{V+U04j%~2W@WiO`NNAY8SKI-sd3~@S zwNbiaj6XF)G(5MYdUzlD3wtEAEBv<2vFOeW=&tGvU@E2-(0DQCjy&!Yj!KG>55Ty{ zr>1Cl1#;r>Nrv6BoMVM*S6&_diYY%>uYMEDEeI$9gL3gjS%mM}_PwKUI|eSPu)*m( z(~)>^#eQe%^S%CSvJR!WY6(Yl)-rR={t>J@poV*BL3ByE<>l z1Ys^$zf~rAWS>`X7_1v9h6zD>-}H!YM`cg}918dl(@Uq^zK&S^#rGKEJFx&_|Et4v zq6c?Ay8}8aEJZ68Lc!@z%r7}4)NCxy#vTEY{>>v$*=Bo?#s=@J6O_2`^cNImTQ1>Z zYe*37bkF(0W{Jt%W799m?H9M;C+cAjfraEx6hLzj!_W_C;il07po0~REh6oX#DHuT zEa|1o38-$03shfVHQTa4{a7iSnyJQ&fI!#P4s;#+05lAmJ2>@H&oVZtr$3vCBe5p zHrM&~IZNQI-3`P0#S(EL^BYulov+}140ifr*1fz7qbd-ff^#p_UZxJQwt+r$2pbCH zx4yxLumAQ@{78mIHwoBmfe|5C7HOdlfnEhmz4?+yyn_u5ydP~ZfK%z*7Yp`aesjU% zaYm+cpwbPp-$@5D%4sI;DZKOn2_n$BiPZU48~K5fimrbz^{ac@Zj0cBAs2RvJR;6X zxn=|4W#vfYn~=LF%JHB{u6uyqy?VgLFi-hF+He57j^!*ndEatkchnAz0FP>lF9^8O zup$=Adl|@c;Vrjvk6YW47b5Tsc)>3(Xk2r~62h4mUww}Wq>^nzXdkWkY64uUA$Ch z-)9tx+W}I?actI;h9ux?dqscS)TBzNCHTVTI3wZorI$Yid7VGqdk#3T zQ8j+$&s{r#7BTzGKZO6=!+X85q;~{XNs4*u7r{2fX%8U6x3Q)fNnq8rKobp|AuHaD zic=$g184s=jK2_M`1W1GT$TPHVhmu?0GJFZ9I#H{!P0_q;TF%1rWzA+9l);+PT*@` z=>`r<zd6QVNexU1SQ5Y?NRnu7eZLee2>+{S{8k)nsCjBDte;~+s z$TKLUDB#b=!@i&2+*7We!iBGgIAX|&ptHs>yvM8Hl$Jxe5NJAnfm<;s<7Et}EhF%z z=b+n<<@!B-K0tOs+am-6tdn6tMSFNQ@p5*Q+6MjhJgOH#uei3_`lpPbVTBtrM@h&S zH%UChhW%b;1J%>VHCeeWEjMzv@fS$`ezL~x-%QMc&;Y!K-PgO~ z%<3mrG2?ydWj?A9sd&|!Z59q1Yl zbU-fgduFi6^o6(qD%Q|s9E9dTv$`geP9<%l{5{FCtASdUJ}=;*?K>T3F>nI=AXWGF z7Zl6;(Lb=P-%>n9K2{LjiF{RhuwwBa`{;-dASKXwaqM(Lnip46SjSjOV?5T$7fv=J zR%$SsC`tGIw{%i4#r@kVRF8XVtgcL_MPVcP1fh!wtJ!R zRs(Cx&%k1+%8~6U)Qhcl!DSSizRwT1)F%A*6^knUda&L-SOYxS!S7^&Z}uXZ2Fkeb z;M5@$G`#{Naw2dj@RJnAF;v_};+cI41FEFaH>q%b1Yu(8n2W(bzDLcJ0PfBj0y4UD z$>U0KTF?aWWxPr&C*DO@{7k2S%W!sC)NUYT4I-iauFNAg4e94VxeZKQ(-gWciaN{W z6Lw^v)IHEEs4G{RaZf5Wxl^y)pp{l$?V~r|MOi;O01(db?0u(D!5(Gc$FQ&aFA$5E zpxRyZcIqe*un4q@ghm8UM)uV)Tl*Ouqm9X?ETR^=ZAhU45#oWuv5?_&7&v58k}+>l zKffgqk8)%d`c>U~MPB!&%3_o{=Xm!$`U)Yuh`o=|R~^=NCSg116`V+5|1O zhVO(tDeb&$lJ@21e}iovL5dHxGR=NRRVRSv{sJ!BaJeN~_se7roq)a}q-Y0(N>{F{X zyl(MFY16>@%^uKWwJ2Y4r`ND(Gv#md1RDwOXE)N;qylP%2f$q-a2K(m%l~~F9^oXw z8k51oHmibrI~OpdDa54u3Jav5I`v+}v{L^D-yQ@qEmu0+TFJJT4kGb5jAqGWdp$DD za`&wS>E5}l$2fRWf3h-8-0aCiH3!POAawOfSDep|vLH@zLzI4yU~d9Y(9XpWg#+w4 zBc6$p_(SVJ3odlU;{6qJ5$l}$9tSBJn;>RLCYDv}zMD=Na=vA&|AM6fz^^RrDBdK0 zndUW`E0FU6ZcKk)v^*fe=lKzr64;KPI|G^?p`OvEk!@H0vYtBV8)PQv|9%cvRCie0 z4zl;49iAPZ4PJhajjjm;z5(OPXrL!Izvr@Ccj zrG`R+cl$%UHd-SFW4$>+;EOa_bjGA$Aij+zBZ+h&M&je)L69)9)Uls}lMX@L5nPsN z1&%4xjCU)Cz$NoXh&+gwy@`t``T;n~(St+U$#S1l01~z4WkCnx0s~-=2qzaPmk%-b zDC)V`68JlV>7@ohq7WnkU;FtMfGrExr{LKHojbMst`ty!&vZ6J@i}5`L2pPu+!MF# zo~Jc~RMR@G(N}}yaMee6LR!#gSEJGOUS|bhMiW@>whd*zNfgjL%@`**?*ZZKc_fvnslb6QzcRff9q*0kQ4l~&O>)jpCR-S56Pc^3X;^{nl#r0 z_Nu%(EnKZ(*`eL-ScC%&cb>1j<(2^o$tv$`K-kd0mxSw77g<4ojx>m`Ceo!SljjkaWrOtem$_4nNfq=OA#*Enj znf#O)Q1V4AI&0Gr#@^kF|5Jg2!1FzI zU_=-qb25WLDpZkLIR|yOss8#~}|M_}`=6(o~y`7whby~`58$O3~dt`xPFz+{?Ky#tzjQkMw-0RRMZz`FP6dB3Ip;Oh1U*j!4i6Mf(n z*fty&q1`(04tha@1ioha!lK8-SKG6yVS@#N6)YtK+u$mf6x^tT5Gq++w}bIeCNzqb z$-GCk;vg~oUsZ#1UiHZ<8eM@77+4jYZiBN9NNaf+kiHN7SH4e>4@pzrod=-lCCBXk zKy=~!Hj+AkR4Yg&+0xX>vgqHPd(I1V6n1la%b0QZ(&?FY_x;hc^>^>cl1hhj!0*-& z`;9UvRK_kOKaRamcer0{^8obQcf%T(qc0b{tQZ{gvtLhsKC}QE50FG}p3Y&+lv0YV z74`s2MCP`XOaJ2DWMBz0Vu60ZCK!+9ER473Cx{GqTLdycLrK7e9!$ZKh~?h#v&@?J zi8H5R3(`1&y#aGn{ObUn5m2%XfD#V4Bu(Q$hsXsJ=SkQeFS-gq5#EE%m;)%&*OKz> zJ=R=E3qPhP@QLrpgztO$YNNTiOHDXS;Lrx#jn^lhZ0>%shg`;UUDm|eagYk^#x|EB zn*xn9V0`J?yxX9uW69tf3oovoMD(l0=wNy0aSTr|teNI{&k{reK?4fP7g7T_7btWx zaBKHqEq>j0oIO0jL;3&}E53AaHwQEi#fHw`jxT*fPFyd(Ehecs4K~eqO@2-$AUltokduHO;&Zqv?jF;-|wvRW#faj3qFNd~(VAzTe7 zs=+46XxGI69L_nfJ)6+ zS5r~%z#fM;e$%l%5-^fug)&@#&KNQV6wQ6!$Tip(0V}9>FW5(3pSbB(%(`~|-dbn7 zqazw55c-+2b0_}El-;A$Z&#W~I+J3u4^Xf)>x%)oRs^CYw(zU=(m|t&Yf6^+DX8hU zq>k^B6)qt3jbnriq#nkCM1b_%yy;%1<1Na?KdW|bpx2hZ^4GI72myGV7{qRU{F#q$ z1m@G}{Pu}%bwN{aBVqfjtCk4F7dap`5>)*#@bt#W0;S3~Ak9-zg^37t-wnK;i#t_+ zvA+Za#9rg@9=-Q5IVs2xk*pym=#J3egqFz>c_KL|SQ5$WLp>0Vc-jnje4cBYG^PMp z;dfnlh`>VcOe8NXXGz+vG@i9MeFxvb5(wrd7XN5=e!r4$oOl6b13wRfYfHVg=wVNZ z|12u{ROJdJZxJ)ia7DHz%#XHtk=XI|8f0)Cn@%`i+v&+=Cc$e_Vbdp=FFj>12Vb0g zV*xwUki0#X;FB1N*`KWs%z0%fg3PqRXdOCXi{3_OIX_GbjB(wxsG)=5ZvMGC(`E2W z-;SvaP~y&0lLYxA9k2$peDoMR%5CdC63Zl_50ICH@pHNWXUq;}#W71|`f~?A#v9Qf zGT_R_+P9Vm5A@-8OF2KA0=q;1b~P;LaAw|?!I)(55l|5czrWycfD&9h<=vpW?Wf!s zc;jVOs7w1JNm}2}N9qC_Hq1h}F>)m$27PHTEPL^@IgS8;0B)7-wsoAUPFRg zbTv@Ao!0|Ubgv*2>R_$Ksiw|Sgyx^;qI$z02v~Tj`%*~ zW@a_v3w{@UbYmun9rKh_;{{|INY?Kh#7|YWcuqIZke?o>@`YXA2&TY91}H@^aMXLc z)gC^k^o9ANHK5=)9#Xd?+7RPdw!Gj1(hn-xSwl|KT{D@<(zvA5ViPHDDzQ*G|6C(KgZc5?AzV`IF)DCc~U8&`%?yLUZ%k z+~baEMLi7a2;v?8#V0a>50vzDlIJ@dU&9>26U#Rk`vdta1-;{jVN)*g7{t-qWW&G> zS4dG)6Deq6+6vs~pXuP}h74-KM^<+uy znfvWmkeCAM!@SMnKRqJVq=V+w1&>IUT+hz{pnG@cNRed<6a^vjOD)Kg;c{>XgIPOV zC_7e>F`$p3!GB%(-O~MA&GBP5mhyC41q77`5}L0bygpW|C>np3o`8&wVRwE~ioW-$ zD_4c9n@R3=r^@_gOjJFx^=JAsww8b|=cFkIwjOM1IaYJGH(%tX3R)WjV;N2_%rP~d z;H{vE#C=xYjU|babNsk`i{a`L0YMo*^*vDjFMBmw%Yu0>o_TT*|xSch)w3HH}2pPdPmHKb(_G17PugoE8p zc`1Gjo}R6%MCkW{u7qf4Fr)aL(*p~t0M-uOh4$_N9x0UW4@vQQJoF}i84H}J>z-r&uqJ3Gpui_fLwI}NT852k)#P~m*j_tD*7 zNA(UlY5@8K%EW?({MS8R#xN!KS|hEmlK!2uJQXG4rX&S%hnHKXE$IN?Iw*VuKNiJY zV?#l?gu%~?0u0@9++}NXl56VyigVk&7YX<=(_mQKOpo%O7TdAWQ{Z~QD~lN^6KiI! zJDn-+sQ|(sv(W0yP}c_{xxXQ*a9s2z{xL4!h@w-bzi5_ z7QbRd3moDx4~ohFl9M{k@0Nx+IjnyruW9L%rhW||X~^v{*oag_@on9mX|et+4;Bft zV+IlN1d|`j`yNFc_v+>EDSs2w(~@-hd?bp#SF#XoDq(eO7|znJ7xVkU8)zu7r-KQ@ zeWI0{4)f*=`1OvaQGh<_8+=A78XC^uC?LSyniUchY*$ zdH}}2B2O-q;!i~kZbUs{fI{N*Le(z=&21J``PX0cEFPAa4tnN3p)8hVS@ago95)^e z=C4o+DM}1dcwWD>0u=3Dq+}!lEQGvcZs><(x7q(;K$iTG5}PKlE8#C4P`3mLd}(Ca zyB{>J`XBYBgn+J`5BlY;FsCI=1V>)DV$iZ7yDkN<2K%F2%+o-L(GSGj4u6d%8y5@P zntigRk!*0VoLnDa65m5$En|{MO+iWDa*4Vju6~YjJljLvr zYRt0w66a%D%;9qvYF}#uYY^X+Lf=^5(*)zaYTBvYoxol?Jpl;gv0xBvZu~o)Y90v{gWpDB^ir-+w5R z*7hP10RYFl=?i5?)PIs7p)v1b=|R-8Bh(>c?0G>~lLY`}LiD+xEKijNG1`7E-_t^k zsb`dU6;JE0JLU4(4^s+pNMq`Nqh@F_9Ou{T7ZGSuUn-s-Zb6BNG6)J5C=3Yl=0Efs zp+xHesk6@*(+`=@OMk&5uu&jkx)xxyp@s*Vvad_lK5HdO2H-H?Vxi;S!}{$rGzmXL z3t8u7(F6&0AoujK#4hi}6$2X2 z!nX6?B=0Nq&HSnJPtknALkj5dmczX!$z%ie16o_IMlASx#Lt3-yzXEw#QtylP#a0# zL6#34uq94A`K?rVHJX>-wtKZ1>A+4ldwGL6N{cG%Q;W#}Lfdb=6REcHy zo2pbzvx0}B`cv4mlg9=(2*y|)&i{P$=Gw3+6;n<$8&{E@+dzs73B(GJx$v}HGbi+Q zDQk+Mf=|Us;xg<2Ceen zhVt0^+@eJdO@o`HwAiJxTE5Y2aVyvlcWmYG9x7Cb&4bWToD+dU?SrZfrvB}MRwy1= z2)HO_4WTm%){VJVDj)PEnlmT}fI7`g6b`tVTn?xt4y6I;4>mn*fJVCYJHaJH9l2?* z(2a?IEqzc-!hiZd3Mnie5{y6IV2){m_5SNM*s-u$x({^GPs{VVXi~Y@w*NIFltIt) z-J}`;CI8(eUfqTdiy~80n1=87=BiLcp@2(%H(-#FoHruDP!g*SYVpNpMcl%2zq~?Gbq>iX~E_Gm+cFe z=0TP5xEJ-Qi>eg^k=d7?M%e3y*QiqBTBLydj;yk6bwa}SUb)KnL>Uvv|G$#!40Yq= z`}@ye7j`9vZEWGp4Wa}{$%F@!M>sTS7hC8Dmj4dzRwwd6TGfTg$n%hzD~bEJjrbuM zWbJlj{0Q=Bq6-yX{VkdaVi2v9%_+GLPkP|vk&`_L z_TVFAoFWH`yQAC(3G|xbgRmz6AJN2g2e2k^0EOKEM>n}w29bdk+n9*?H)tEg%2Q39 z^DkZJsAw6W0kYb`D!jUh*5DQphZ7Ew^yr=Qok4>@9-VBCq1|^{+xTrM70Q4L8}}NgBWO7elBZ%U`BNNFji{F$VBL1<~t%LU%E~wxzVjzNlVAxq`O6CeWMSOrovei@pI zC+AZ>>ZhkX7RYz`?hA5246sJ_K603N2JqvGOdcqhTXpwDMq+zGK@a5j`QtA2foK*= zlIpmDMwvE#2?@-;@~wET+f?07Vk9t%ckGk7d_96({^c>-@ReT12c&O25Tji2q@Ew3 z>q(g3efGi7bJ4-R{h<0!30!lsRi#CN22cEmo*#Z|pn(gzU!9%oz%~UNhPc%aJuY1# zOC!)Q0X6qjNODmqgWwx}D2gOpn1~u(?Dyf&4Jjq5;8J~Q~YVZ=WkOAZ$CI3uE07qk$SvFGRvbbXh zr~paE#{_|RIG&b+hrN%Oc%R3gA1G?X_J<(8{xgZ)Pv~yqDVR`FoJKv;=GK?qx_Aco zk)D;Ie}Oq4+p_vY;)gPVzeZOyDRVa9iQ&i7rG zq5m{aTy=ao*$e4#X?B+v*+~cy-vJAxS%5xLR>=ejsuL18n!-i!kPdd51X86TX@%B+8v<VSJjAyE?MHs-G2r=M@BCnVHa#LG%|`u- z>&^P663>e5s&O7~{Uhnjx*TJpDEyZYg3BPLAR=PO9b!y~nfUd+Rj<`wf7Ml~jJ(c! z&fd>{#pU{fkM7MXaO1aqfhp~Nc~rWKV+pd&WXo860e{?g2iSbcTwbCqL`LRG>Pqvc^W)WwZ@TQ}PI+kc&ZA(O zXP^7RDhUKvysc;RYuN0Og7lOm^8;~t)RMYgj1AMn9QQpvL8_NaM_(fP?0ws4!S7m^ z3j)9_eLQeF>MM+s$!Z$+JtjWi?hYwX%p$^F6v%IIB-#@$W8MOCgX!$X9YK!NE(i{| z?y66aO^Zj4kIlYj^N*q8x5Dh}_P0ZAC@N2k*Z_dnu8aczwR`z2km%8eMx=Qj{@kto zU4BIonN;vvZ_DCU;o)_TB)!MOGT6$Z%O0kuD&5z6#?|(Us!jw&x6jx2YI1Ku*_&H4 zZ}i#~nc&AEnUG{P0a0po4cWtZS3ISkyRBO7mn4t8 z)V}5Z?%LadPIC}FlfMG}r^s-g6|h;Zus=q$Z>?5`09EPIy0DaCtR`q!9_?e(FZv2( zb6^zyvA^vdA51#P0RO)S+jZi-;kCuMXbTPmoFf;Y)hm3jqIjcGpLa&QmpbN4aSW`= z50R>mlI`|KZqxSNaK&N~YtfCq5yFFR{iF}h6>n-&=Ko{|LGuKGciD!wo%Tky|Ab>V z@f!S5@(lqhhj<=!n*2LRac9>&s<;nIyfHtXPT$R{)Tc@=Ew2QBjI%BwcqnCoT!LDlMgL@-Hy1P8Y~7PKgwybNn<$^1d4R@l zJ#Ygk!=BPeJ@CjKPg{v~V$DvIF`7(G0t8i?((QdwfM$1)g5TSNW(w!GfP^(id&m;x z8ixPUjv$fNI8@+bJna`4#4;gM&d2#93{mI^1A=~zS4qrdU3#_#*nd^?B}1T!7ec59 zpVId8f@+;`tbea_QEqTPr$-A@12eYRd(BDXZ%J-zl!P+3-o$XC zjq36<@aVYSy}oT6i9=ti0~I68T)WM<|MCir0TjsJhWJgxgE~rgYtk3HCX)*&8;_+g z_Rn&J5jw zAnK3wTa51TdA^wF7s_e#9*?F(Y4p?_j9&DGaUW2BClOI>n1G{drE=vlO*E)#z^J^uR*FKHxcTN_?loylBfhDbzu(yc;2=A1 zjo#{~zyzxo2He~(c&Ozbo_}fY1=(DGdVRLNd%9M!sBR?jLwxreXz8^=w#}5fIB^Ed^!x9{J5f1o_ zcR7gN@6Fr7ha)5Ai~C~96X@^jRFUb81;y9z&NJS9neUF(&r`-S=44d<(Q1VbKaRItd(u zDW{!jOt(yrJy%;|+-6g`?!^nD8#knDwqx*oko<@8pkNCHqkTd-K0l;;f>glkm1~5v z`b{UQos0LIxYNgdu{ZOKpyuymrl1Yozj4^bB_ba@wG>+7^~*PP1jmZUQ?E5>x3c%q zgG#P6M`YEjsnP?vUN9CwpNl0ax1ykq`?iH*z83MM(Db&_m}+~1UY#Rs`# zF(+ikp~8m{6upsb8H7sL|MGS)vgXYo_$gWU+zv;pBu?mczn;=z6G%)^hCR! zJi*vK#!uAsj(_7f2>mwx0Cp@_`0crdVeqPw!;dL3h%K$&f}1h+UOu9zc89f7d_qSb zKWdnP9;2nzHG+GQa&08baTE6$KV9_hPOYb(S#Nx7^MdA(F(PZR59%%Wiy^;CHshVg z@5o)K;Mrb2O-+cg{`xHY`M7+HMCfwCIW?`cLu#9~Xmd0f2Yb?hb zrLiNzBJMKz)ljj`*Up_{5p490CN}xPQ%9!5roLU|wlc5%<+>GyTP1Z#PE)f;g9Un4 zLw0BX(!8|-C)qs&s=2I?-|2`yG;8{>F2&bvYHf!kAQXd0{K~2loc}KjzYwNJc#iE2 z!4o8lXPfhkh*vIO)`f_~ywbv7@%(Z{ak<(b$%gH{(05a>ykB3SME*|e3HYJ~gIQc3 zYw*IKKL(c2Dz)nw0gXLu&kK3o_vK;Bx3jG-l_Ba zc-dlR!WPItp!NygtVC)omx3qRESLSY@cS;)Si?Q!MUMILo7JXM1;@>+2Jo$$b9n3z z^Rw=?jcMO+H4sVD)~OSzm$Ey6PQysYAy_O~xH;Zwb@5Uqp7+h5*i;gUb>x?!+UYm)bU+IfL1S+bQ9(ySAiQbJ(8|zr;8Z zrhFr8-Me2xCYlb$Ct{u1Y|InIc;n4Ks1YAin>oW{Ss-!tA|>Hoi4V<x&=;+?vj2Y3f;ll(pLE0~mm%mKJmpRefJ%-`#j=`kDN~CqgEHvr5xQrUlQ(?PRMaW z%wpv3C!9nb=|k~R27JANQf*Rm^ELF)Htv(=v;ubv4(ha>mO>*8E)ms6>a zIGdAH6C4U_CL26VX1Pay?3NzE_qA>gUki%z`-pykxmZ&BdWud>4QowR-{AXr=qkh4 z+~If&cN&F2AEB`0XWg>Qgi}L9yf(_uZkR_-nh$Z2IJYd+z3}Id^>|s(%FjLu(rtbB z+ti1?s!S}ZvFCi>Oo4-v^Dd;u?Z zhUgRldLkV%f4? zydr`*a2*K_U4W-e$? zSZnO}=Xg%qENZWb#onOnEBL-d@z>sit4X%M@JKXAk@3HhFdhjjGDpmM^1Yqi9H*@zs%$05Id-xBxA$JiT68muj;d(HVLw0v!njPhin%o@psmjLGEj>}d$c^h|i8ODLZe zaaAMT0!Q3^&W^s>cq6onYloPueU+c82jzv3$^|4n5aCd$`N)>u+hJXpD=6I);)QEf zrisT*m^m`&T-W#B-F{x>&Z>2kGzs%Dft=Ngd!V?pcY1xU>^Tgj4G32p9s5mRcQW5h z)p#Ez35ABIRTK=E_`w@H%)Oe{((8VmnCi7uFW=jlBT12QW9Dp~4s?DPOxQmv5tG}+ z@T(E{J%Btutmdf@iyy+v?FkLY*sS+EbNOunjRYUTltvGcQ<|;K9M)ZgW=P?FwG~c> z9hf0tSTIccliQDK>6o3ihypyE=D7MbZHOMP$F&08Tt6m(5+N$~BY}A-R=)H+Cddu|7&`ea<+SMWi6lwFM~t5y zp=B0Y3n^qp0wdY193Ylto=vQ&QW#lx$`HyxrwMlBg$+K7yMw2S;Q>7yvwm^?L|7r* zxwJ^GA=#`{Scg@~LVskzY@ANIdARd`sg4)Q_r^qjPC|YRx3=`$tYQFe{KckyQ}HBv zyu6@1AfP>X^@=tM41xuA*OZ*Z&-}{3Yxd;si(lye_OZ_54Y}JV@Y3bC3=YZbpWPmPqkK^nI8$#p)g0*7{KQQi`H(g ziHZpL`t&-@(%ms&Jx&Dsh$vH<|7=G8_~qArb>1+!C))GDKOc|SF}@^n2N$X)^XU0; zW>yiI5o66SEMHx=KNvmjO`9q><4N4+(=z*?oN;!rg&;)l@^6uVx#$?*HG7JB_h<3P z^s0WWsslad5~9_|vZlZ?Sk4ER)F+0i%p>w+!Jwi!A9u5`AD|(j6lNZc5E9#sH7U>P zE2?yC{S6S!w7M(YJNrX6H=_?Z$ED*RhT9$-G#S_^xw%zr9a}e z9W3CO;nJ0(NyhU88(|q9UZqR; zRihv?bpS3t4?F{8CjAKRpl}Jb_mi?-xrE?VT#v|qU?e3eh~+&L75}U9hFpL6jk`cb zbaV_q3sa&k5Jsm)G_Zsdy=Z1m9eh1+l;?+B+;ouZMW&r zLi6`n)=!XWKU3yDvu*Dy%3qj+8D#y1X6@tN`iXzedYx=Ad6ECnx$4`C8AG~w`T`F> zevTkGTP312F1iZqq|gQ1TXBREQEETZHB;2EiNsWjx}S3Q=&&4Kz>2gvw6R6C5dJR_ zfBU-a4P!uE#V`GfY^?96ejKGjEA8t|Ie-W7-E}$0f)B>IR1Syu??OFhQ8@wIw3ql# z>KmJH$gDjpT|pz@Ve%`r2}wm%TJ;($X(7y*-RmmFixPELa%p@-Yu~Q5<6UnNdxrsv z_ux^3+5?8tg__wf>41jc-L8$*af+9GIoC0`$F1WHKG_$T7jOt4DMaBpYChep4}kC5 zlnj6^p%LL?5CmZ6w@@GMO?rm}0eMPu_Sx6Hr*Yw@;0CFU>NS~~&zE!5#M{wwht_aT z{c^>zD-SGSx-YQg{e1tWt~{g#oP*w8z0&sW*lEWo8< z1Mk0CQY+Wqk7HEo{IC+*gx_4A_unD6rZPSQ;U7!riVn}LeXI_9|Dx1sh;?hAvm@MN zntC+SHJ=0@sPCXmiol?$rygU`(?8cgPUm^>Y%$386L5SJ^(Aw5cT zW5jm#3W?!#rYd3+Pv_fBH+uligPMqMS^l}WD2TuT-5Zh^O`VC`@nnhnuBk3?rG z_W>|0_oIA{^Y`WicAp2Yy^XKvmhVR@lFmQI<8l2+LuwGYW52f3ncY9=$E?)9lI&lW zgT0j;zxi`-2FEpq(_NV4-%BUa54Z{;Y0L^SlO{^-a2>w~|MM{*6TEY|hP}{_(0M9+ z{*a?(-k$nYL+&Hbx{b?ScjJMa45?4>o1FV;`^;5NAHBWQbXr@DZ>{&GNyq?%@vEE` z`L=2E`GggW^@b0>SyWYy*d^Yu+lm>sIsJN_Qed2(~YGk(|3{H;5!HB_5SQY)WRYLcxI=_QI89(DsFD6-cKObhXnZ0YOK)x?NFV;XdN%Y=P@!@ zMFqbg`^}$xJLYm9XF7LFHi_L=xzV5TcLu2;VB$ANRQC5s<`H9N2bZx4^lTy??OikB zgW~;IlsPn0pyeLEK}(}3W1UaH0wmF3KyZ4O`gCPR^7d9lg4hyLiH=A;-Gb=N89=)g zPHBV1Z|jY(dzhhuPl|DLaEgQHela0?Fro_)%RtS$b?31FG6 zZzp)bcQIHcFl1SLIA6%Y5$fxje6j>n;57@%p7Z0TRz5}=Cy&b?`~%~8+|4Ic#o)sx3|9Am`D%YJbtG!CK;iNN$dH_PXE)-&=DmgwVyH7ynM}vPDtF3N96S zbYmq!uPlX`^x!Sbv?E=gAuc8G%XbH~H*{8e?HAsISE_t!Z5}!*Db72qXMDoS*2prF zdeP+NvBlc5$cAob>#1yC6}J zpN5UUQ{QLupuW{Fz-M^$fdNz9$+TkX(i>^GDr~XBdxi-aY2TH9BcNiz4~Nup^z%LL zkJ{gde0oL+y_sRMwvwdVjwdkY+98q zPT;8mckB1qz5gH}`*!ZdrLO%!Ttna_O8R>|0#IYlQIXr#>nJG<|1N)rN^1DCk*g~h z(faSreXZmD)#cCikgoLgqrku4nIwT^^GlfdhhN~Nb8)N9FTVr@iMUnR1qug)I=f?^ zQHLTpv2R1w4Q(52edO`!E4bedxY#c%P2<#-xBZ<-to`J^ny+ocyEJaF>wL7{c}U8Q z>*){Vy^RS+U0I84ZcoiP(_r~*2nu@^yclZaXWwLAYlG8$;QA}H#NZ)e<1~1u7Ex2?*--W83vg$ya4}hQ*o@`R&&}Xk!>*gE)>*6b(_p`7 zX3c%RhTR2#`@Kdb_vH}Z9v>y3gICHdC^gp)c@U~z5Emh)0wx?93|SHvX$&reJifZ` zY=0JwaG3t{W9Nx@9zR)*eSysXT?*_5x`}Ya`hffP9Br>hPhu6I-8x~Rm2*<0GFo$^ ztZA`3=aw7wH!5WjzVkwwHU9-E9JfQJ?56%MU*REo`o3UuP1&&&Nf8ZBrJF&1SkNSD z=lB7YFyjr*M&d&c8eHF=p7e+-h>(jpDrbCgyt;s9lhTvPv&y{NxC{p$shqX#bi5#KQU-@e3?{6JkLo-y$?D|?~1;~Mbezu4nz zeS`r2Ft^73)CuN@PX3Fz_wcUWiiJN}T*{8;eTjPQpJV-bLEiF&N(gnCEML_mzw?N% z+TQng0>EnD(LIkvO1YnvJo@oVdB_G-7N zP;sA%YmddZ1OI0~eIT1)v2_QVNOoKu-|$(0o()9Ys;iJ7BriEhN0vUhr8r}a7$MBJ zK+_?IyCLtNv+TOB-)zp%&^3JJI!FCwFv@wo#)AKpKFQv3&+M{}_BV0}#3veIOI?Q} zqF9=VHcLN%mpNtFZNMokqe7A(D&Jj-a!#qhW!hhav_G$gu4m8Xtsqmtq@Bka`wlja z0Xk4iic>Yc0aqCEj6n;Yb>gMDmC(R?|p-O5Cv<8 z+)NgSRBO^knsT>%mixsy3i}4Vi}^*BX!?2IkBDm=o(zqAypOE+y6K!N2v_1Iqy770 z)Wg%abW%VChFk8tA5AE$$lFh*v84KR5Z(}LjekgPK|iD*9w2dB^()NIe7MSl$DAMgnR9LCpA1>wXTDmh_c&m{@^02cF`ZkyLqDSVAkuf* zca1!=AHymW{`?s#mXp4)V0t4ZF1bq5-7^UCehV@Ae4cH`l*ijAQeI^LKG=xgLS-q3 z=!?|U8$i|c$s;gAvx<3$-!oWO^F9-xjd)gKlB>_xj4>JNgckmZ(g?MJ^e)URD zE2Ea`>H4uL^G3#Q{yAm~Sg^U6Mu{>G1dMyAu~FoF_`?8^ds$=tQ=t;a&Op`fKRJNK zd9d~m4oA8ESiJPMjud1i-@_GzL%kpjAxbLXSWIR`(i2isxl{y=R*1A)pRXak#)T%|aj(wf&m8Y>z)`LJ zv#Y6t*XC%~{yakd_&Bf_>U-1B8-6u#TfNZ}HoB$vi z@U1Vf7avhG`i}E_8TP{w!WLSSlK+Ue*PH#`lrLVM1q z%%-_My+_d15)nW~1Bhpf9APgHlHZ-#FG?C8EEueX)u8u>Re7*Cl#q8-{I~?JHiCiw z>i(&H4oK0!MH}P&0o{!B7uP(-QvLq6pUiFJ&hfs^eUg!jiR$3dx}-WL%(P+;Pv zuG!-l@RVLfrHDzgHt-HY+CDJj57=Og_SbT1ZQlCNAs1G4o5p6;_$KdOB=vN^E2_wq zWte@x0sd&DH&(!3g*RS-zyQ9(m#30#mcc!^yt_b=X2oc3ZwLH1p{ZqYJGrgPJJm6{ zW4^8R#4ynup2U55C(QZf0(bqFKRs?RS$b8acKa(=C;jnjU7fhvMRO%E71B#&ayQ1; zNqmq^yTr`t9K^Enjaxh7H`&|ApgXHr;HgZA%x~!CZ%|YEylIU~LU6wDW|;f&nizCc z;2a`0WP5Lld1Q)#KPkkPd1qM}pVf*Y1a}&ojq_emLYKb>fzLH|t*_Gpx*_cC0*r3K zR>oJFu{AvM!8=a?XsNKv6%O;jQ8p@>;UYjapMPImP!KlD5wD>Jf56#tXCyOeOkUx4 zs;FZ5M4tR{lY{5;Ms{871Zrtx_}snaD3R(QnVWrk^gp^mHXJAA?Va#SqsE}vP~Q*h zz53}djEm>Hj=y2`3)30~mv?K7JtvQ+jbZRAF0!U(KDRGBEAxx=NLj0q!J8*L7#MqL zY7WnK*lTCXQ1)x!MGkIGJR0iwrf=p|^UnJbC%m*b>`nSTDFcEU=3^cXE zD334oAjVndUrb848*@nCuRf51iQP}#C)vrNrCQRpRkUnk_*{B-__aeGI{i7pSNQXG zn~L;D=aDk$<#j@P_%9lI76Nh|!sFO)l;Z!kIslxr({lC-z2R4m^@49H z2z=`7IiwdQvK<0vgZVoZjp!vg8tNWPEAtHmFd%3xPT-9BzzPlR*L5SE<=l)Jf^ZWM zfjk_JGJP?c0@x55`Bdk_YX(V~D84{JI%N^&1p6-7e4s?!!>xBHx!BGH3dxFnt zfXm6TrG+jA_#8Onyoh+m1ZCie@d%_fbN|?FCXR10_7&q~Iy+HPK1Ifje4;;mqYkQY;sjY)NZmo_@!$*6N1H-Cy>#l)n~z)0{@f!OmpDeEPl}<2gx(mIQ;~OGXF4bEixHWsdw~ zPSEki+d!5EgYC;tJXiW{+4iafI}FF;<;7&;>pjo{d@FuX7w!D!{a-_U%=-gb4f{tD zmS^Yk@F88+)_q$LBawW&FA{>q5Tv9g2l?{la&K1O`yTc}h0Z0B%jJw%_`vjt6Lb9y z`!(d{Gi|-soR~#_F9+X_@SZ?d3rd}G+roEI+)wfSbLR8{5Qs^tyS(Ne`*R(&ch}2m zEs6*fsj?T$s?scm2dxEQb6-knIJAJ?ovCBg&iVd=gS&&(38(x+x}A^v)%e8MJtMvs z-Rbt!W&vrq(5oAP^@QGZ3SX1Y{Mc)l!~E>OQ<*OgC(=zHbJ_fI5-ZZ_MYqG!l0B2T z)(J_}vQa`1=*F;|n&;^oY@6c{cL+vmzqnq9{cOFd9TF@`|3!^w4DLsCveLbMe|_$I z_A(k~)8w7lRoY*IHT;vaU7XSqVSQ>>FqP`03sQ?bnKs5o!88!kxv#T7$b=ChgCoa3 z%Jj|qrS~I_-a4sYJpT(zWc-qK2!u0#MHVlpRCufn8xuL}z=gQA&B02hn`5(&QMtdP zr*RV+C>}1}m5#@|%^^IXP4?Ss7r$z!s-w~-Im0nn0+ezuo?NY7DkiNbMcj6$BXvxW zZ4$}8#85UKi`L+6YS->58^?|?9>ATkrYd}k4X3xODPw1kZ?K)>(UXA7R^BQ5ZLoo( zPu!#rpnC@-kkN(PW3zj`dX#Sg=-{`{6l7HXw?D7*&pm~dLXPT^Sih7$hU{XZtdqTB zy`dG+Bs88QitWo}q_5&m1n`66ne9uCt%>y^hRW%6C8Wg@+3Sc4kW8~j>XyQynNZ;szJQ?Y9jhZXu%4bQvcp5pk5$FpTiCp@>7#I51 za#tIGoQ9<`^X~MeP#QN4xgsabu}f^de%c5>$EDO8Jss!d*t`vHw-Vl8Ct=wu7I{3J z=YVV7v|sjv>GfDKuqUY-PV5^tnEOd>Q`Y^_hCMBJ(4psnKffPC8dF6TwaMj6KZ+xN zD@NRMbt@1GOY>b^c%Rj$HI9x;d#{S`wtq$)AnQ7UXH2+16H`sc;e>4zvtPse`zHsN zl?#acr*r9>uAb-OIr1hppQ>fcjwaQ#Pfym(!>23?rT~tv=@j0 zBk$5B?(17GT3?oVyu0=qE6EW)I0-JHYD77v1 z9{g`&Y>Q0&K+aIOwgU8(A+}3$N1rzPSeHp@8PnMb!(k4}mCP z)+*XUXlYvoCN3x2dHAw|vR;|H(x8wMLWJ%m!bV5J5LSs*(>b)5LG?xJjg^tZ&%ZK1~37QUEt2 z&L~Jgu>q*-xj+cIm#G$*WPN|{2FLQ@V}XuyIAu1>gnpa~K%LMQb#3Zjc#9NUO#LOI z0O`QpT=nG&|ErL}z#HR%;@MXTCv#Ur?yK!BoFLUqFy_$ow}ga}09q)u>~XDrV@b%E z{#z_EW^r|=#!0xZ0NwYlfFF2UlC4_i{p}T7{nwCkBro#IM1a|JW11NXh>eZrZ!wpz zQ}J}ANt?YHQ=Wb>qS2?}D~`=kcOX@;aGc7&!aDSqO7-;t@AGBh=i^r0KA`dkZ@(PY zLjaPHazVpqzx9#I8vz!1W}I7K)kjnalW?ATjadO3^~`f9u8vK=INSWJMqdARZt--NBX7R>6Riw8Ucty}uw0?OhUhrN^6Z zP&aRdVSLUx_j6<&P%1ClGnq{F+#;i>K8E1}(K^nJ*7KX$I~C3_&rCP@?{^J|y3|rF z6TKFAF2W6nUW&@*AV$8Hd&0IEsNmvPiw(HhMfY{2_mZOgk~K29_62ld*J7>Q+AF7z z5oP!1-Z}uu`@^}cE0Xk+0%@@@D?tihk8ykQ{`z>|`0Kgvdp}41xP*im$Y}W?yqx2v zmuCN>f-Ey_x$cM}@My}D-VzbH!?;Qc1_Sq5vL^d>bC^~I!!-l2RQ)rB@0d=T2kD(Z zlfs_H)eDmHfaIM}A%t(>yAN-?uUM;PFF3gS#a??~K^MQEO7iq%~2LZ56aMz2jaWUlHqTDIAyY2N^eaqh7!sMK{X zSzRo8|-)u0NaK2*EXduhIJUuIJX{b?d#g^UmYwjeWy z0)BL#{8_{^;!?oO>EckCra-m~RU^TAL1#3eOF!D&5y}*bf!a03-KFIjIEqqj{0oVF z>LXHg#-+OMD-)s2w35XLSx|@iv4CpL#B-W~OuwgL=3U_gt^fvay!|5X1`nY_bj!X= zzD!BFK8X1(2{G>5uUp2tR3LrX`}%ei_wwjq4i}A3&!>e=p!>GW?Qx>=ce!n9!M==I z#b^qFKDakddm`Rj^5^?Ag0Z5@_R({XY2>C_AdF1y4b1n;N!SZ{E~3Zeb)u z*gPu!cn!R+SqbXgllOK=6Bcrv{rTOAx70@@!BzXAY(?PJRQ&NQwC~M-icl{-k+Rhr z)SronM#sP2f6M*N+t-UgH^+3eZbjNWpTy<813BbFLLS^fLPXT7zdtSz-Dy5jqqrFP zZ`u2YIG*T0h_%s|*uYekfQ=|frEuIbxMO`UjR)54z~ErrK$Jcw1H1Y>$u;Y>+~5Hp z!QoQysbpoqCchDhl9~p*@v;-1sPP|s$z~D!h|5)jOqgr{P4WzYUZf~pY6;0FF+oZSjUugFH< zUIrlyf4>fn8BI>{dn?L)(>rm5(p}@(ZY67PXSTjvykC~-^9s+U?BP?^s%^j z0(U*VRe>O(>4sC``g%XPN1Eo^UejJv=i|0-!V7}REbeK;q3*XDQB2_o*jgk;y6uI3 zYtky@d{gWNvlO1rvR^EibeyDL2h7Dfmz{OKs{zjB6VlXA_s8R-F_bNwT+(`v95KdL0S-bvjt=WeA!1!I~{9>uY*H&r-YE$hODvfm<$v^!Xki z`P)GgN6~h{kg>7Lt)1O!PAbNR6jgtDpYq$&=?ljsj7eK~V}cDSMEnw8RjxwfgSd!w z8HY5RrX|KzsTO^j416g_D7I`v%xEY>L#mKQtFwJ(YL_$+q2;V3K>mGYx%lc3vr=?% z6czJO%~ej#%=s7?2Sc$B@pn>B^>XJQI7S7sLPRuV@$GLD=Ot~`;e!Lyw*otxpkGAe z?6uXyGV;!fr%z#=kYtVp9a|uLKc}U;Y85Q#FoA>0`>Sw5C>-9`F`l1xGfZ0ENd;&o z@qE2o_fY)oBY9l1G;DS+_j}J@+Lh0tv;wAaK5B~exMZ>D-LUvf6lbaNTYp4pPQttS zX&-m7);$PQYo+tF1;|kak_tEvUUdDNBU#H+?5?S0<`V0H8_NQr$YrF1M+CFRf$GznL~(dWWMSFOOMOQx*(Ainqm zSRcq@OSNz|k|;Db>Ro>8&pTSqlg*O^IjQOgQ$_tD#R$8E=J{g_TGiqn<{P$|U@E;* z=RAlftkx6OaKw@p34S1iYPk;oD`*Pi1r0Z~Ym_V{M z|9Dl?I$Vlfy>oi$3!;>6NCQj!2~l$4QE464-It*))?1Vj`mwPUC+1}Oa7mvCNIhPj zSW+Rftn2uRbomBj&GYGk-jj)}*6d5m`$4#03O}(Ymi=UCG>^-NcP5^|m-a-rAJ;A( zAt2kCA&@TUA$s6+EUq;BwY4vl)^w$DsY}J@W_}zfkwpO5*!$8|h;nG+SMAJ=cQ_6W@OzTtwjSWL^ zng@=vUKf5DE*Tl)*$K3cq=%;*gmnkH1S}%#uU8cBxGR*_V>hturS18xz-!~=FO0I+TUGK-PYSeOA?4ox0{L#vFI{AsBMqAgt zTk>1)a0wY4DjtSlw4^iupnujiZnD*0azNFsV94(IXK9``-M zr`S6T!p*KqBO?#i6OLGXo5JlX$Zy{0BX`6qmx0B7&v(wz-nd{H<-_fJ@(eLswp~$p zS~VtPeD2L7?;f z1Uc6Ac>;H%_=9)6nnwYHQ(=MvGj(aveNABhT(HrVf=r6=!@Td3(}-oY_0@0+QK ze`#=+^!@QRv^l;ZQJ7uu5b^vqihC9TqP^X)9L1Yh0EBMt(ni`R8V^qGAWta~bbi{X zkA&_+`-6KHL`8Ob(7kOmc6#YD0c(CjqUzBbHa~-d#ztfYQHLp z0e*b&9ao1esrH zC(h9sPS5LMIwsdOg6br90ZP50*iJ)qBh~)#Iok$CMNwduEo*vhsvw31=|PtLIBg&XF-p<oWswh9NBH!w;cszcuiT2a8{z?CEd7t&`T4dL!`#OlAXsX2*sm2Yi#r2W_nx(< zU)y;=$JIT)A4_40Mlr^L#O}4M-Slzr+OYsKEB@##H&l{^25?{FU(IE{Nq61uU_gOi za--NEzRlM@J55*BGWXrTK;F8JW<;1Ti`-F=eEM^PzmV{zR)@9}8+SWa)z&25d}#(A zAtZN(XwmT`2BBYdw3{|~+L57*`ccTX_s70{;B(ENv_jy`BKgSX*WLoXV7Bbu7^WBCxp zM1N61G``O&l{)I<`M1p4m|!7cIMbqey{VT!-mAg{iOZVq^5QR}31L8f2X1Q4(FWoq z4y3`|{3%%C=Z&^X ztQl~pEt|>5!;tm(^*(`}1tG%-5n)!(8o2?y0dm%Ap_FLjv zzPLiWZ(A2VU>FC z_KWj*+#6Fv>tZA${jc;~n*i}ih1@K>p`!i?5oa)JsB=AX;ELjS_J$CIQ+ZPfRt zYb75>=iJ_Q@%KKEenaW`&KJ(SHZ)t#-G7xe?LZ4U9|I{AH+{cazt(lPlYvxB=3efO zdRu;w3fGN&F3$}z>~mqmBKJJMuIn{p3#8F_q>AgWoM6^IcT1VuWdiibmaPlTghzmJ z`}ay&2+k*2LOu!x)Gl=zt4J~HQ@tHExpO%S60B{?Ao+pJK8v1^{5$i43idlD6b2He z{HH1V*t^;3h6Yxp(EKw5kyAHa9?(!w#$f*(jg{qaeLOBJHf#{9FF_S9A8A|Y=bj2a z1$Ls&S9PAxfZj+ltT}}B_koXvxfKtWrCF~0oSG^J?H~TM zIEg}-D(mhb-zBcaHEC9GM|RH>Erho}u8IMBPB!=OE zpRiL1x$E7#8f0A#`V*_3U|xQFgjrdJd(dDQ85Tg4u>p|y2!iwT@uzxOfZ%w7@ys4A z&UEp``u&OEVip*au8RA6xyx{GzlSN%Y~ZAgpXi}N7d{_Q2YxMl{v^KhJqeZH6Wt*q z66nheV>Fv8=W`XA`V9+$0#id5?sFo-m``!eC|Q~#d0AtNx~>B*)I2j8!>!R?Xb{_% z%0plpujtb%w!>7PBY3%@q)J9_QO-NMHyjD2t2f~l#ol+UoHZKFK0>k4ux-SqW$+FC zz27t*8nhptyw3q@mS1d%Q;_!N`HSEBVM}Uu7+WeE{|?4|X^?Gyypb6_yxar(gK;R7 z^(!%TI20@S1;g(cRf4J;zq-aAM3KCJ~Hcj?wk>j1T1s_&HuO+s@zu zI+2`8KC;!fQa}7XRM`KCzMC&onGG0TXFnd0D7{Q^$X~@58ld?ajW`JW-41pO;t!<^D^3t%r+ z596mOTN5Rf@49d9euw)*{fthy9U~g;RH8C=XAQ$~Pyx9r^oJHe-heb8+=0VA!fQ>< zEi!ew2S1d&=5uO;kHb)@IEPY%xCRs)x#&Smz0r8lI&be+unyTV>3;Eh$QrH z6vO^=X`bLmqkID17lLm<(oJKf1yrzl7*ZkyB`D7A>#Td=wk15=AnlE66||iM&8A{N z_(xsNz0Su#NI_*d^|z=IW{T6Uq;+6Cq3VJgTrWIBy*@=oJ*x-q`4&$5vQ??@RBX5& zURLh%O7KESjgP`c@)WGoS$Wv}vfc{tHVIXm{bn=ztC8l@OfkCsDSE#OC0e*^{S5_n z8wyGq#9kBY=Ak|&)c6E&CH}y(+9H|j?*~hIA1`5OV^-%@d7xFUvj?#_M$c^!QW=?B zn!4BWU3aT*8z9(Hob4N*jurVtHz6^e-#sG%Txg$Ml&rSXyJcPjU~tbkqr24+CgUnR z24;`z%S;`pF^Y78QMYgT;S#dB9i#46SUh$2G@3lr=GS5e4LyQNe5kV{)~h|5N#|af zGn1b}y zDY#F}8HFtz)BZj#=wPlwdQC#|?oJgfxFLTHKK-5L!iEJqmmM;|60?WifD@Ou!l1z4 zZ~E@hTD)g5UUWg~9oi>{8p-9tExvm;BRIqHvPMR%|FUnTKjvn$qBA<<-oIW|3D99& z=O?t)2nq;~o*K^>%lD;1^T-bkCrOeXVR;KU6BX*LcYK~<5g&w&PiRw}<^1SKHS<0! zu_GgeD(bh(na2n4rEhh#w9`r2;}osJLLeeTsAyk+5ac)VzB2<2uee`MRujV$`rt4b z1=tCk(OreW{c?e_la`U2e<+Py*LU+m!NJ|>=}V~6dSy{?LWMV!uXeZqBHVLs=*h!( zv#^`sh<+%h9N4%|X{=n;mp*L~Eacmg{rl&y5qYzv=;{u`36gqta?CZTvYb=5wiygj@u zM#iLkh)z~EMvn$_wpgvI4t<{`?rw~rtk*Zm(%kL>1U|I6X0DNMr}wlv{Zrz8_8s9Z zNu0dgC-SCDofgZ^=HEW)dI*!X4S(`~VK8N2C2XeD{D1Cg@#k zy+suByQHjN&C$BjGVnb}3SIj`ZTevX%EV#a5wGFo#vTmPbpvCwgEbptaHYQF;EhNL z-X+pc8VssGmFaSC9VGkyvL2Sx9s)ES?;R`OW)rcViR)cF!}K)F=h`uZ7Bhzk1{+DB ziyK-JnO=@H{Nu{`%DQ~8zv#)Wzs@8SBVN_wGCDv=DebC7CDN>l$Nq+dMj>|azh>DOeMoA)Bh$j*)7KShFZMQ3H z2^~}u$8L(1e6$+m_Rv2}#~Ssy?T1{2OM$Ox^ZC3&7x72O#{63&rwG55GNrA7@w^Bm z(*&dcJZ)6c+1Z_YeP74@gG&sizafxLh%%YS+PUphU>>)Oj0bgnO=F!4V4y-S!$XmVf&{(Rigq3{gJ&3?nLfGEA8C$$J{@9V z8?33Q(|enZ?u<}*g3>a@uy=EK)f2T97{ux9`x|2;kBT>}oFEwboo>|xA}s8;6p)uO zrj=TR=j)f01rqZ%^v!anCcR1eq+^wL8f+$aR7 z{jY@Z$7sl$sPd57qp>jA#+A%}fKSwC{ks&?$J*nKS-<4yP5uJnJ`=W} z!nf5IIbK+4dx#xizVc-~ zY9gHzBVSI&=X#5%)r+AJeEbN|R+nVmV>2BSn}TUX&4k~lEp3V!g8mQ)HT@6PaCIlZLQ9s@rZlK$hlk_$+~0c>M? zNs8wV%2GVKN2DP&as>7UAx4rEhPM05_{PWfru71@FIGIQ5;9}T9Q%MW5qcoVj)a0<3x^wpl{ z>_FwoeL8;*RQNz+8=6`1yyl7)x(=+%+eev>gAWD7f%?5U!8(4f(^kspLg3$DEfPlZ zWxPy@BX`G|9~bH4U91ZxmtDrm&gX22^ZDAf?0$bm=g1UKhxd_*Ua+n+_^LO?1BZS} zoL?F3IbhMfNb8vV5on_Ou#(&Cjv+J2V%~vV1hf4Br*a zv8)V0*VIw>JBb%S>tY+!uSK^<+$$aj>=sUlW5g?Y{F)0SGyM2yKvrEBQ{a|oj>a1m zKBUWIU)cZ?@2*EP|D5R9I#74w>d6jepME+fS#1d z(pslWE4VXzK@lDlm&5&vPqivpfU*O53UpWD_J#lCxRK*JPpk~n;B24;v-L%bY#G*; zZAIWT$mhzQ!r<>NxeHGU1+qJ~-qeqLeD?(h0{NwFEM3Ir5mXrZ#4(TGn(@f1v!@%# zs3{CPF+c%b!0YMH*8z|vd3(0vLwcP~dU8co2^NiBU?ryuVqGP_P+`iF;q@>^I;ux( zV;ah2+wdhw)rQ>ss=Y~r@;Ia=xETH7KZh`3^SKP?)lDe%bv*wKXVBZ-w1fYU%qj^VK3yrw@dVYY3)#EyP{s8rxXCDz5D|(7yCLS1j zE3)lcu$MYCMNc+*%1{_>q>SAij?+MCn9-@6YINv5`A2gu^vX$Ik+EaHar4K65VoTe zaaFx#>|2sVUTD(;S~L)yfaJFBnP`P_PxufHA32`QU)jD%|96ZU9X8nm&n!I<)vBL` zR7th*RevRBO|X1>ns9{Kh=%g@IdYgb@Uv2ZJts+=7^=70x64bL{_J29xp`k7Id zE-34KBl+3*V4G}I+hh3~wAw#`O2LsU zw@=?=4rt$EtA1-ZT#|#jXITaM!k_=J{9H1>RKWg^~CW|*~ z_`6PuK|PvROi{O7Fa+lSWy<4@qPTM`od>$yrC|>o`MrRS<^)I%T8b_#z@V`dp`FpW z6_T)jhL-Y8we^%dAsD>CuwL;B-~yN50n4;F@9aXw@blWOyy^}@;v(#JChrc*9W?+m zLZch-LAW6mR@{%s+8P}%1yi-o@teWr;fY3vD8AmFetcaD5v9dM5A_RN0rp^7AM>K;&>2)8FeNT=&w!cv5YdhP>^dL?u`80}Fw?gzpu zq15DYu&xAWpz%0)_GeZ6J+f$Kpz%A`tK*F~m_U@I<9Avs}ZXcfRrBv_D3$5w; zmxgJUQawal;e3_iRdh#@Cq>YI(6aK}Yl$3K6x}CEs20W01#&dx>j$0Qd$e)<{&f}( z`}O`jg_nkV>;nL;a(Tx#{fLl(bY;GK!6LQ5+M7(%a9K<(+OwZnMd52N9#B@ zfL6{#@li+ng=TA#-ETb9=M32AZZElUEBl4+us(i)sBaGBLM5EysVWy2B@IURm*#XMjK?T>bt)_eQe^4Eo97@! zhLcg}E_@-|VDFK~Xnvxvw(#|HjZWu7Dxj;nPJ(x*7uS7d{OqZ3TZ^B2Jd4+N zR-oe04I6u+SN=&v)WDVu#R&5yI;X8%{IrWBPv`tpB;NUz(gJkM<8(c}WtPy`>4w-C zeOgwt4AjPC)g7Bg(z;WM%pR9PkSO7Lfo692$s>O+?!k54ZmXYn+qc(#YK3K0&s;e;9`gJbX{naD0%-yK)y5 zpCVjpwgZgIg*Vq1(B;K&8^gh7*!V0kADQ-sJ>8Uk{*Plw{r0guD4N{Ic7p~+I4%q0 z8N-_O(o~GZlBZjHX2?uhwpgl zk!+V=f2vz<9%L(>WIsY}NyF!)cvJh1p2*g%#f%w8W1_2&e4U$iX(`5`anSwNV-3*H zJOq5IN3hhkg)~F=C*KMhG&L`<&|@cCd5H9Um7dRvt_6Q9#mgUqMkdbT*DBRzwKzb; zgI(nh5W)UoOUnk=Q6)5aP_!=5CY(N_HFa#XKLsuH8*mN_y1O7GniZafX1 z+!r9$bb>_E$WU5PQ89rJY3F0xp*-3=GKM$aVEsT9U-Jg650sIiJteP?q50>;g>ECOc7UI%um#Q$644na{Ql z&CpP3xs9(WnvL7M9L9}K_}Ay2KCr!G&im*U%;f3rZI1{{?)xN(y9hsQ%Rrc)LBr6F7 z&9e;tKorp(ZT;kf4PSOeB?zQ%?z8t|Xzg?}f>TheCJZ7XT7_*ei4HIzwC=#OoJwz1 z=i7yEsgq(0?U2#O$yoBB0=*yx*5u$f=RI`Gjq6yJM>BlF9BhT<;!6v~&w=5ED;jVE z6}pf6>TXW_71i#KA66XG;#QCQLVByo1M_S;7}_+-z56t&Wk-R%93{=_y>v$dD8LPe zn=`FcK)Cz*0)E@KI}o#TK|g}yY>bblmWjYKL;3PYCU-jtymg<4hUm=1d0-%2AYCZ*cpOC8{)^(yJJSoEF2f5Fz5y0t_TiwGXx2Z_=U~FJPs%R z)M87-q~n^{b@zPTgG_E;KUIf&hB1wA1BR)^>_q2tRc?Xy3$h+9%rF%uQG5{Y5(P_Ibbo*wk?atn~R zOpH9Qn(hTN|g>@JR*1jtE^A1;Czj}K>r(IKv*c>iTb$$f!8x)$#j z^t7Zr_-A>K+tiQ$7>Fwdsv?~8`Si#MQ69|T9G=u|55dNWL=ON0uMwsR7A#aww1Qg9 zwqVInf^jz-Rk+H1xj^aCGrZxXixM)!Kt;w)e%!^^gF5bu7>wOO6@?SpciV!uq}{J| zCdxNyt5a!9*ayM(GpPNwz9iitjyyO)9JRYwT8KUEn1nbYsqSyNc{w{NT|FQmHYNf9{FCIIdC1&GfuN!Mqg)y%@ z&O@aETpj+lokR>#*vCU**y3W2^tP-g$vw3Utyy4Q-Mljj0C}~TOt=1{ab$VFe?||(hRLs|z#8YDsnr##TG)7@2BMIerS)bRB_%&@R*hb>3!6iQRxg+d$&VB49(AmgAa6M}c z&8*ouyhJq#yS(l6JI2*hvNJS=7`~c<7=+gh-bGPZLv;y}W%H~x*{`1YdSD6KuPD3k zO~dzw8~|jz^G$|1JZ@Rr$V~(<2ce;a#5YGRTZLSzGm@>=I%o%lkOQ$ zuKq!ilTG)5@xfmBWpoR6_U(E6CXsg5m)E)x&~P*@UxeCC5GMMI9&cv2Bw%Ez$X|vp zdSjy09Bp# z07ik@{Jbf*wQ&wI2LEhyGb z5xhN1OzioF=-1@dn?E|nUh$w09Mq3^%))0WzTrUj;uaZkSOUzT@}#NeU{%pDIA8me z-ycknZ-4fc(}=8{89+(&e!JdO-_Q{jtUnJHEx+da7GPNDA<2~H-g$UAw*Y8f+ijQN zF7k_K_Wjv{8$$NO+t}0*udH6wi(dtgRsJ{v^*f*8$}OEQaj9PRX|Y+|N+erIr^xc7 zX<9R^y3`NQ)a3X0MrN0_X8FS>n1L*A8mhkrFj}y^C_LU>HaaofS>e4@*2d21t`Eb% zL)zE9?{8vyt(2m%!5*%krBBxS;9#YLejXn(bnD4DV_pS#xc2^}*v})kj2~iq_ot(; zqq*d5XPuS3I0-O2KY?{a28eP?af#Bwi{+5mwwklxWKBx~XH^0l)+ccWSIWNoAKcPhfBaH?bG^goWlwqQU^4a~FkS&tB60dtSEPQW5 z(|q&wH6B7utx~RO;d1-hdTfqF15nqREbOnw%*h*+NV?tbioqQNl(7vOP+rM69}^qK z7j4D|PlEr0%f0!5s&Px4ta*ZQk^d`SW3-~ji6W@=0U+yv`LSk$%@Cx7W&8Qdk>`WL zwx=a%z47{Ovwk;TjNmL(g{7X7=xb!s7EJdse8RJNF(Ab^!#*WG^3@K|CI=tg8WDmB zRJhMksO1Qi;~Y|ld}uMtry#fdXg^F}^*#&Yh2bD@+?Yyhs*XtrPDab>{|DGVJ&B6Z zE&9XyIZg;2&-NVo?|V>wSNwVxf+@<=w1nd)t3tBa6G@2D*s6LK-D2XW3%N1!vE>it z%YTOnpEA}b?Y<}dHq=+C$t+(#!(S>J0yP`J)OI95-PO}IP2u(?JcSgsb#R`joMbCF z$7RPW@a*GbUn-L9aJVXGMK;dZpLrI0c`kA7-Hza3Ou8PI*+gF3y{0ByFgZg-2c-#bgVy*rX;K1s4tDCoE@^6i2M0+ z-{l5Fi4l|j6}};-O@JPfJZMkOf@fPp zCHvn0rgL)0nNk`~Ey}eAlJ@KC3G{=P{rEn{^};V!7Po;p|Im~qo;{$y3|n++v~Iu8 zmp$2|OY&vcXer0FCojagdXU-!y?f8TFwKrm-+Dp36Mc{zbx-xW&+9K<^SJC^k1D9l zgT4=@S9nlM>K8}a9(~mB%VmUjXW~KrBt+%kNBRiN-|BA{ z@E{(=X+Dzeky^;+x>}3_rdVZ{>3Lj2^a(JGsWRYiSOpP}LABhH&-nvw>m}z;)QQa` z{j~m8E&w=v)V&y;UMpb5`}w#8Wfv>I+O8RagCwUy{o^x^MDIP3(N@C8V``dfoPfxJ z;e<=@gXb-pwXB~VtAgs_7+*h8h(~`f!Dqg6i*XJhNrwsxdJ8-XlFt%FOWF$a{By!BD5mPgu3>Z;XgXahdQdsibKUL`0ZfUVX@! z;T;zyaW9?_q#$S37t;&KW3{Q0WL|DLa(2ahnH}N(^+EO=M>#>0`+NxpgfHgc!Y{eg zb97NSP&M4rnBX7v`LrRM%(9<09WtTy!gkohn0CCa%2784G z7OgR-_}_^v&mX}7yq|&T8>b5Kg(Qp{7ai9ZMcg{Id%<@R7xhR(8F~a|qE&q^F;9~b zF7y@nn$TX#EM<^Mx;{$%9Ii;XE3|j6)}hB31@n;Hqnt~Xs?RR*pL7F&T=4!F!;`-C zA86}e@gq(^-NfGwR65Zty?jp!LtJeuP{b*Mi-s`yw>a2M$vt(7jc^%1;$16dRQqg4Zwi@k0UaDLYW1^e_TMYQa1pyb|3&ipJ`=Lo z8^`?e=7Q6CdkxY3)jwdO@$|f#0rE6?-qJw;g4Ms2eK{6qN(Fx2cbw;8uVE53P&+?l zW$dc$0IrbcN3I`#1Yxsg(JzccxqyJ$l9^nl1xa^S`9z-L;&r7Uy2Bc!WwsBPx04i_ z`x}3ZUhkbfGZu2TM0lel{YZ4&nL=fMKxvjKS@XTzTQK!;27j!OHQML);5$!L z?7wQLD$t6fE-ZrbI{oE|YkZ_sRdPG#PIqrwiKMN^N z#UJ13`T4AykJI`Z#ssB21Nm{dUNQq~&8lHWQ1%^+LNGEQ6zyk0hYWDZzV^+-54uTJ znRx>;>q2AGL2MrxphLE3IZEHM@Q{mVKy&9Gilbpr_3Cdv}QHeTJcpS<1<@_6KK6{cWL*B)cY`t|D~+xtqE z8r$a*EMrCJ$<}F{LC-Y7S;$m?c9A$2MCX)Ty%OLIBQr@KHCz>UmRKK z5u5{{i*K!dz_(9X>M73yfzZSm~+SZ%aHo7-p}rfA@V>dEB%H zzKFlsQ^GV5Z8p4sECaIF;ScqYSo(Ya0IsDx*zRN4cgJ_-9oeK9qY?u0b{E8s$%a~3l)KzlN09e zd0d^x1NWBrR3_Of=x{bWLCV}vx(8OA6!8s@kz3h1FnGnc?Z{2rx|c4}II~GiqNGUI z&P=CI^`PB?N~)j7Utzi3!vMB3X$cBGoVPUHYG5>)2_d2KD7;1s`?kRMlPYW%ZqRq3 zg8tMBf(fik`-Al}Tt4it7haGca?b;LpR6kyc57uQ;<|sU2-Hx3U<5CHl z;a2WD48U;ThthA&YIyuCgS!+L)j4|9AwUv8tzW44O}HnzaH)FX zTdJ0z*+_sa?Z!gl7bE#O8<&>+*7Wy}fY7fAieK!ph>O=UhGo z|B_}R<@~Q_Jhh! z!FhX#Dm}I9G13TDz1fC#K(WV$Gq`hjrHTpue)fczjb;*VA7=g@T7knSAY=ArJW`nO zOYuq4Jo+>9_c`1CQu0ZqxTm@-C|5<=jn@Lq(4tDlHI?f7LR^tSX)`ARo(X{yvTYZ( zQy4jYGOB4qQbv`yzw!ge%g<1L{A;_I)}*`?Wo>}PVQ z0i(*W%P%8(6UAw?mc+Yy&Ei z3y<k{nGq-;(_!FYI?`|~;4siTUboaRI^9&`O zexfCydprdg?(r1@kpjVx5_zKG!`uUsto(dQnp!^W$}$=>4gne1V6EEA_GXZ7Zp|e) zZD|F>(T8>47v_j9pTg|-s-M1ndahB-Y;i)zbqrs z9N@H%S$;(JFAp6MS$)ydE`k>K#{JV{i@d=Uvi1);cj$fON;P-Dizv{ZebDrTg#x?l zR67{)he9bv%EJ?T)(QJ|$Z43deX>ewTt*$uIrGx+cNV zW)-1+&7xU21v?`3d)%O>{_R_as6Xu=RsBU35MPDza?0fB^*!JCeYecWWZ9ly{wMKl z)`H1(MZdYnNd1LM7sv06v0$qMak9&P+@#lH1KfmDK^*}6zya{BmeS}&KE@8JDWo&H z#~(6x7j)_#~Yl%JD(cJ`SDlo)PpYzSr^m?U!p!`8SlE6 zEcYXQa6i!}XH&>u`=Ev|kqT_qq*PH!{1xxR`_`1(&S2Z)(M`z6QFH}+n zJ`pJr!0(qw+d7@}q>_jExywg1>*|HPn9@XaIq|i&q(^Hoc@NwpQu2E1gC8ANee;+X zhPqZt!N2L^{k`pqEexmTa?%gMp^Oib>pDjbzw~~Lc7KKM|C53V?lwH4tAd$}8QI}s zarMsWCztwgSdEmE*sg1jwyZ=Jll18z3z!jjuPD~vZqwyQ?kfeo&q9l+amoJ8wsGM% z$(Tz?96vdfD2=jJTF*3Co6>n3qk>PLW-W4XD{_uAj83KGyM7KNcB~e67b46%;>z5W zBVWUM0r{89$69|9^tK*dogS6T8>jq6^t9scnk*`uPj`&1K6V$PtOtmZQQGw zy9Z~b9*^JaaiJgYsqbobj`yvK*S%}al+P_Z;Lk{oPo=fY4xA^9G$!-(dY$9=cQUtF z`Rmlm_gmWdk#U)Gh`n&*D%YlJfn>iFk29TEuOiq^@lBR{9*x@`fqk0TI%kl^sD4^t z@`x8X-iyQGRdOuvPe-$Wv8?*rLwR%Ij6u-8XvIG;AU7>B=ky_aDc?HZm5wR|0?O-$ zpLIn?*+NO?vY`pPZQc;XW<@U**xleTRxE9zSJjx=GHy=y4TGMM^t?QSh(-IUbf~`A z&Z#lxuGgeHvDff8p=}3VsT@m#89G>u6&EjrED(LTyMUN6Q zFe!(Nq3m{qrvg)msDw8Nu36?Iox_fwGN&y_bpNrVDAMSOWMCK(g=HDT*UntPG>b3$ zMoC!oJHs>2!4b>4#r4-v@v~NsIeNQ6~$ec45G`pFH8N@+pg?I>!p6@SrV% zoJsnWo}jy52_){yE_Tmi0Xz2Y&oiH!xp` zFnx^bI^^KD0L;&mg2+=fJUICMBx7;8m-|IIQ=IMYTU!pZt>V-8fJBx(HS^<1U|NUk zYbQK;x^pPr*_RJ=Oq2#?6i1$LPwo5TvMRY>!y=zm?vl)x3{h0Rqr34-l{-at2~~_7 zj(d0l-#pyS^0E5Vgp96nZjW>}?vZ^Zhi6Ty`ck?sNLx#R8j`_va3l8QM7zK7e2stf zeoVjrg*+uW_D$mQ70D8*joH#l zzvIhoG|&LX%_do9bd{gKFB2y$I{todISw%~l~r~?8Ry=PBVS&1cM2If@i-S zqz51Hz#uE(dqzW`Cr#EqKd@8LaX*0oLhn%IwHDk~A%j#d?G_K?Gr2T1ALWI`-SoS; zXG*eZAEn^G6g(#JEaa!pWbCVI=u48ZuiAsh35&DB5&)ss&+<`ID`$95%7Q(BV@YAE z#M4hFlgnUAiEmAEKa=B*1W_pGlg#^Wr3%h(zVzylIu(6tG+`Uw7D-M3U$!p4Z2M4w zsh+y*QZ{f%xLm#}@6!(m4snpM3Yzm@3GqQqR=(f5#$29k^Dj|)z>r2NKp?qv%88id zi2c&qG*2>TofMxni4-l)AP{5q2vWCYlJuIkPZBo4z!8hZjE@b1Igu`2>jO64y#U?2 z=-9onVEXld>pXCyieplgMizy)QXUTXr0Nycie7$-UX9JeN66`O@hpchl6gr|M>MAg zciRk;U_vFj??cNG3{o{Cn4}uc-Iep3FC@T~3UA;XfA6)Dc8s`q^5Yjs{(GCzPDYKQaVi9!*cu>HXXx zetbxuQU*AU&+xPRTHNvXt^4XNT~*jcW!dtP?MuWHgt5xnO$*Mg0b~M42%RuHyK?L_^`IY~ z38_CrGvR2-wIK(7;^TcAXVqrSt4@mvVFxi!CP^SV%9q?*k$|j%Am9fm6R5 z9L;u3t}>5KV>eGCIk;#pAG#5It7TRnT!QM3MTPIKt}3FuEgOCF>pSy92PuTA!Dxyc z&j&ZG(4XVj4TxhnipS~!tQ@SL{2nAHw|{TyWD6!;80X9Y^a}Hp7!s;@&E9KAJ>B#3 z#o4C(ySJFm0$sqgOc#6LFX}T+u7hHm-e(B>W<#eozC>RqgQ#wg7?>M#!_ZgyeOh{5 zCZ(_aWowOh6vk&j7^_BoYSzIxRkOCOcl+Iaap zN8(5YGq*Spf&5GNzz1BkOY@Fjk~>>i`;fv=6f2GHd!A`PY5$g73|254W_{ZC1%@ph zp3yZmm-5R|RTFvj+($gNn<pN2h7Tg~Akg?4Q#XbsJg-M%dH8m}^5k|bU(kq8cAdz{f?ul(Q9Kup`LTiR zFb)R541A&RjnuDl_Ookk4%Pg@zGTeTzn-mZ=|>|sSxOydN*atvl!qKZXzw->DRn{z z8wGdc2ceqI==WSPz50C-N5!r`vdp$h*XxA%Y1Y4F=U$Kk#5==w*sE7qFQE$J@8-#|_Gz5H)<|*_`h1c5YwGG@wI5Xdw7VYSvbShN-3e*4hBM)-dGD`3X?mOq za$_+ID7}6YeQvE#sDl)eu&}@C6E=LEFH1q|yU&%Aes_AFQ^(CU(1h4@uqIl5&>#Q{djY6 zuif#)4iSs%B6;`p`f%Pi)&{EGJcfQaU2w{%c7)0@=G)@^*Umq`2Bul5##Z(7@h(SkUjdW4uO2a%PofsDFDm62MZhX<$Ct{;8@1r z1MdeGK!7$W8eh0!t@jtlG9{?jTbgTYu5Agt&74=D!Mv@$DOWt6EOeCkhwu85`tdue zurF}fcc1(1THhrKMgAc7Dts((Gi#B!jBjv$FT10valy9;!IxMVuq@eU@gf<#ZX|q9 zRm`nxqHN7R;lGfsF6OIYvMsAKpL zRr9m-xMG?}N@llfg~Q!!P%VF2(7SEzF|K z-H*lkRNJ|$;aRijA*MoO8op=2bv>oUirvpBBq4SY*KahuZ-eI>rTRD&!iR#G)#XSw#9#LV61La^?bytUwU`zZ{Kx5N+A>5d`^Xj@Z)}py2Q_wEu<{n$NE3gU_CWKc2TkOzniC3!`U*kt5$~4* zz~31T!AO}rq%B@_GOlc%yI6=>Wq!&od{ewJ@;Ii9#3~AsxEx)1L^*icp=TBvdnz&@(}Mv8mMV zz3C%99d_e!9!Z|?6zjvBe4pY@4#B$W^Zc!7%cPQ)2F6;TrR$Hr?rA!c{|gOD$+)Nx z6(7&>6)3u|uqBjy)GiGTmXoT($d&MYjXDE4k3TwJx4tq^pg(ncGra;9ATdkCt9gC| zw6Sq#R953dF{aZPQ@vi@v9tIX#Y+PxO~cLbJ3I9Lw$TmI+;tDPrWj+2DELQOoS2ab z)fKv4t$q9QSC$b>D-_B=#uSTwAvM+^LsJKKuA<<2&PU(RX!2T7JQDj_VZR$u#iL61 z7N5pc{UhnRwiMO2=r2hUc$6p-B%{2Ef|4Xi{`#I&-%rfUSYZa%X{PBV15(!B zroPwjjohunWATprwANvQT&bmaIiB{lYS(i_>$9J^D!%l%n&?!#zEgKN(ZGq%!_U1vFImy>*A}_Cl1b9!MZlwIsnw9HYKBVvY-NQh; zf~{t7Kw%Y$`1f%q%OfQ8yB2s1DEP3S@Mjn6hv9LTg-l4qLYSuhJM0RS%6{ipyF1!Cg+5(v{$^gyl~0(R ziM@v0Z+0tN_ry5t4_}#{UdfsJ+|FTj=Mx2~)?Y+t|Du@Gg%IQQS9|*aHqTWMVXKkO zPp3G^&u3$udBK0A%K4{!kJ?u)7n?NV5YZ<2XAxF{^0vII3C0H<{H@ka<$nO#G$`mH=>+;K-@34EPr-{1ZAoS^>$Lp&#uezm?$d&O0Qdiv=U zwDupZ*O#Q`8B((VYjjgc_%Yoi>hRH4{fKgI?iK}h98e|B9|c&X5THWxd=M)XYOIs) z!y)o_yoC?4h81GBDArYM!7Q=ReBy8N)41*%Jbu7;?j-qPl;4jm!U16El|N*LPTAWJ zwemO&55eqLTnOmAP<5Zjy9cHFJ89_a}mmhVsf=2k3yM(mjEkJfk(9Y=c-!SSyVcEPhu~-Wg_yjxe zAigG#6Z@mfiO2w}U(6S@@p4d}>eHf`-Ug>j-O_MO)Q9kI--%T=hetKE>6A_6V`z5k`1d zsv_A&4lx)~Ofh`V8&T}@{Mi>?Z{KO?(Vbg| zA=u&^+LKWDH_QF_v^+Eiucc<*|BUC)%nBD6VA3xds@II#FinPb7H1^dQDzB`3lWFL z`+iY!IPPCZ68+c}%8>XI9tiI9%X1uW#2KNG*ZWUul9fl<`AEOQp^gNg!K8aHPgjDn zzjTO#F(Yl)6f)@9@f6Mie?;%$cOptXa0UkoOX>G~zqhc&c$)`uA5QCuDoZ93L~4^V z46!kHTySr<1MGgj)twEekHVKP;lbpmtSf+)lmbK{$`+|V=wnjA3$?I4wK9NXN4sxs z;>8Bktd{sym?tfywDCCZ194BeKBqDDk8R#iAItcZ@e4|%@c4^NCa{hJ1b!Zlu?zqh zK?APU6kkyu5M`ZEGeV8EKEH}Xwmgoj=Z@d&K#1)q-w0(DXzIF%-h`|YpRrI(qIaT) zWkfMlwt5^SNUwQjdx-`4q`rr$wzBV*C@FWjB)w~`{&^;HIDAfQGn9994*?3c37 zipgYuXXSY7>MlNMPHcnpT{#`h4$#0SBd_3fpcJNU!E0ZSZ8f$=IBxZOPw8=}l1@O( z{K8f{(*{gh`^-S>gU?kh3?+M1jQ2y`t7QU_@56n9ogV&>HXB|4o{*jwKDFFu-~Wu8 z!~X)hxefLp9p~FAS4F6&S(L7QCBYuc2-v2h%sbXibr@gB$wC}|)C-`|qpD2x6h8J3 zI2lVNRBUMF>7}vPr!JlWKy%b3Z`nJ6K5g$%+a89$3x-&J7W;l(w;k4?9B!)B5K3aj ztgLS;DT?KJTTDJ1xYlWp??rwP{rm##0=Tj;xGKqHTKtxalyiIUI5Sqqu8RLia?U(u(k||LvqD_iM zc=TFx4v@YHU6LiBkD60aM`U(H#`A#R5W%Ey=geXH>61t^zO8M$OUgbS|*r&30KQE6@uv)g*(ngNH6r8aV~t4nVW~pU5wOla+zaSH!e(2 zYGuBZx8HRifvwd6K(Sry_`~(a=XKyVz{dWhcw>SjVt1KbrCJjd>-wW1@1dAGFq!zf zUkD2h6d^j}!D>>p|LMZ9mLb@IAg#dOzaUlwvO>)(3_~M15)lF&_}h-IkmU>yNl5yf8^fC}l36AFyg&ck z-jqG+f$+3W=g)Y??}xl}g!H!=s2dXx`c(xy%xq6UQsC;tG0Z@bAB&?x2vh%{r`4FU zC9zF#(fisK_<4390RPp;PZA;Qqt2?*o8HctQEWA%W?vUS*7v(m!M=p_a<~NUuX#n= zn}fvJ1%T3|lM`{-Q@(H3kXd<%*EsIj6s_z3Nuv$nDHe)?vs=4ZW9x2CW zEgx5@+gGTQG`^u7PQ`-zv*OqIWXNyR7ek8v9c^1g#H6iBszEO`cz)&vD476^o)F!YBGuafncr z)t}OpBOWUQFAK;~V~{EmLK`9Y=9jx?Qn#`KYA#CfI1G|rsHQEA``RlB`<}4>8$4-~ zs9_;=`3QL|MfJV1llS&{j?CF*k;oj|3{D^HF8WA&Su&*Vqa^d92!%WOB#ogv*CTdmPE9KL7X@_$N^_o2g3RtSB`F&Bju-Vx;hnvlQ`7fL6KpETE>(P>V6k_yB+-&2GOwoHsa=dTU|w=zx`%!RMUPR56;bx zbI*Op{TT0RWjW)hcM-BKhNf%et6%!(>_Nx4y+APOcZ%*ap8qJJ_bEG-O;M^9nvR$C{SSuhik%KK2J~wjx{hvVz-y1eC+%1 zfF}g`eTH;?6{bp2LV{`;&C%Gu?w>c>50=4K7v?MQy_BAR@>v{sZ=^c|30cX0ep9am zH!*9re=7ufio2qIXVZe!%4Vp12L|eh9-D|=wXXr*c*lRIz&CHe_!Hwo4)sHWI*YIf zN3eI?uY4LuDGT8W8*67U{r|GR3~$PD;g$XZD{k#Tp|o9%+n$KM=b(QrST+^t(-YG- z7b3bGrQ7*b2A%UFZk24MwgNDJwV||S+ue(Ou$0B!U1jyW+rhIF4|%EZq^xxWaG`21 z#>91TKy)~$lrtt3e<1)Y&-im4#zcOj^jO<=`rVP60u*iW1c464m7$6BRi+mVMB(;2 zT14^;_s#glvyv^Q@V4Tu@1DwVBSIIYr~e9__zi_wA-z-7Fh5*yQ#v?vcc81B!B53P zx1%$lcdZbA?Q-JaLq1ng3XlY$ET$Ht#bJqn9iPb{pNQ`Rxw4FrFXxW0j4cE z@|XL><+~kaHI2Wy#Yt?_m%8pBc_g#y(~e-_5d_u8Z)%TaJ-#??TDxD825IHsV}9o< z7Ja4v5S27F1;6B$bTz`j$m)a>ItdYT@{n6o&BCl{v=JX7IJX#Y*(3kIA8aST^VcPt zjP2=KY4zv(4%JV*uvAQv1`&v*i$$}&a>!wxSLn`pvW1{1{9IeVHSag%ew&Z(!LI5s zmTULKdtY5yE#gCu@_l4qWuu)mbmXoaUiismovS2z4~>Smb;m0OH(v@+s-KRATcd8ERayj}QOaeBgM1=SHL@7(x;@jYakAge?E-WEwL{))}q zE%`#}#DGwqMnk95?~2*cC56{XH>E{lA8*iebz4qGjni9sroA;{yOG&PlVL?V$~uFT z$Mx&iiASUwa8syem->W)=2b?$4t55x9)W-i4)kAtt{)GsgSK`wkuYS?VN91iHfWdZ z)M&1s5{E%Y1ZS>{<7!)cv4fJIo7O&WE{px9^wJ z(*A&?J0(e@~K_nVEtJoTz&xpjSQs- z=w=)XVP%E7>=dq#T$tm+=k_i}Yec*n@*2fuwWZV4MLrYl!}b8(L;w9ghu@>;(%3XX z@&P;cOHt3MxJAse;^_1A-RF`w0(n~;lY5&#ZU;GfjaFlRZ;#`FDv9Gqnpfa*q`i)K zzlS8F*4G|tjs_!MPm2XrHTxpZ`FE&y%hQR}1&^^$%(A6!L z6Q|kfzyi5XISn!x<~0Bfb3!fpc4zFAIwEyc?qucNVF(xM_#=keQbqkP(7*vxp?LyJ zXWWnAeRau54=rG8sM&^K#kTzkf;(#V$My;Z0u-+A1rjWF#X@GVszu(uS=Ma8oaSAK zWgV^QpSoex09f14N^n}~9eno<898wQ*dh2v z(rXgFY+ucg6tPAdc`YmhfT;cXbR^sZ)(KcRd2#yonH@o@_tE`_l!T`}?@t`auIJ6d z5to=}L#_~9OG7arh3af)-2nqK=9sM^;7yFj-|_bbqqp1RJ{3 z#O7Z z_O3qE`}A@pa~i6Bl^e?ltr~t`J38$KOrCm4Z+CEIXIkVYaUZgWYklLt z6iz^H!fD{gv_x`w$z^`aA|z_Lt7>!c(RUdQ#e_C>G$a=6Nl&@VIp3=vyh;||hFia@ z3Pk2-za~8XfBI?cGysq3v3iFvOnCaQtM1ewQ^I&TAsY2!1F~BWP+3_s){=Y}{R9`$ z{;}LMqOSyOHGQ()_^>2t5Aq3)YhI-z;!$R|xP{cL_8 z_LG=C7YPxLK)lfGbzD&vl*%-`)7%ko0trx1R~Xp!1o+pH^R=`7w6@0A0q>zWDFmrD zE~0#P)n7}G=|mBW1b<`;!@oP_YzaiIiI=XC3a<5^1NrAF6c9M>Woy2s`Da(Ts= z4Dy#BY z71)t^W!L)`924kupPv_(#5jr$T%8wB??j&8-ay?@!`oiaQ9)bYet&yi(E&ZC`+c>C zx~Vs!oXKo2`7hSbNV$kNMe)ZeWemz=^ao(Z`^h-Zu%_etmP^$QH~1esMh17Gd&qyqmi;THdh^{2DLQKgQE zQ57Z(t1t?xHw2^uEn$V^dQVn37&Xk0yJP4dAYn_MZVyjSt*vQp9uw8?_+D_YGCqBZ zjGVmpx-oKeGN)=bnPT_ZdIZcI>d!t!9sNZu>T+Y?*@@dL zE>ODnGi>+3V@L&VC(>`Bz{ccb6Z=JzICK58I0z7? zstr2`aAGUy$|a3C23~h7VG?eMPGfhzt$Ddi*#nqTb@SC!5jCfd~JRgeK_s9p@(YI zZZ`d{1(rN2j> zZ7sO58_*|;?)8xJ#mPu#G@u!T`0Z<-1VfoA3LH7a54cSjF~S~2po=icoJP^28o`UJ zB^|ZmZ_$f+z8&aqG6(a6;(ypPhd7UfuRG1l={a)usNia$_<0|^2{d){Uz+YA8gL+9hPiLgH{`Ui(@gNil$UV>dxD=ODS)Pa4(9i8`P7 zEFDTFfmG6YKViz3M8-8ueT)h^YDt&Y(<0*=&`2yT0(e{3R7Tw zmCSyZ(L#DvyuRt5II;aWfO&a!)BA0?$@i4~%Rq=wJ6;Rlti4C@HR|ZO;!FiD`PS;w z9iaZ`b6)*O;}^;yBCJ52mrSR3X_V^=LkY)YGj@`>OA?|YMPLAD70B2*EK z&-nH@c1(;-d5&3g#AAtO{{(8zi@6-ue7T+b&uC`hrdA{@G0DyW=F(h_PJ3mzt03N= zpkaI%J7M@4rGQB!4wu{s)XttttAm-UaxiK|t5=x+^eaMB05j6y&T4~DJ|&{g<@c13 za2+aI$U@5Oe%nPC5~Y`!S$Z@`HuOIp-{D6a!<+}w^07^dba_K8jB__U)RVxK#&#{4kI0%!??)37ecI@p2dL+b2gq?g4UXsnD=d zrucndNXZ4|v;Oz+n};fduj3^u>xNn(vv{2E(=GNS&wF+5y2E+Sd@ngA0_wf7`WW9KlBFzH0nGVwzx)Q^_(oa!&cP+TbRjDgE z-2J{spl6;?IDB<{K(}h|B8PV@1R$oBe|hI)6ZUtxkF(Ul2p5Li0S4BR7(rVZU7$eP z-{r4Arl3xq@_E0CDKDEdZsD!I780Kuzb760Nn8K?e&5WGM-hsEOjLa)w%v~iKz@5s zozL=yxxj;gu}lk@YOmebCo6bK9Os|Pyxo4{tmGHfI!|3U?)weIfKMiOJmG>WTx=EZ zUY1bFC0E~At-{bruRWdd91}N|U-TEh(~qY9`FtNE9`!#atUmxcks?TR$bxKq$CuK` z%8};A4_`~z*Hse6cIG@h$>Y|Q)wPHN_7Ika*FJuIVVl4^?=^cKo>zAm0TDC!&|r9G zQ?lvDh~rNMgadjqAHNh|s+XQxB;xdbLD%4{RKro8arI$oy`}R63DI)j9v*eye(tM8 z$?2Dk08*Bq=2(7JQugLr_>aM@~8d3y?%jFB_zMzq`zP+>;8tbeXb zHXvkrH-=Z*=Fj2<@sUvWZoFTO=F}4q3NA0@2Yl!o$~=oXr=11gRS`IaHGoPuL?4-3 zHJF0Bepcw`f4%bevKuaUVTl^njNQwQ+!hjg6&CL_RlRft@7Heeb?PgA$0Y!^<2jtq zKA7$;TpH6L%az3e3kj#5YaU zqZarRHeY}K)!GZl+m2YeYf2{|gLL=08vr7MQUtxqCuP%(^yWxt>bJX7pwbG+ck&@9Y!(4P=@4jnbq~q5K#q>Nc=UMO$_nnl9FG%FOfhP0AL6 z>_^%vC7vTq)Wy*zniBDq60$kHmsDxK=13W&M1)T{-o& zi8i4g)I#V_A;GmqQC(gzRxsgWm!l4p&uAA3a`rUHENMio;SAA(nUn(Y`Z-+C|5;(8>(mn)5k**+(xtV$3(B`jE zWK=VtZJn-DNI!YJ@}>)idq+p^S?3NU9=JnqRN5ZKIbAL^c9AxHb@^WX8I|Oa?e}eu zv*G6K-Dsjy!8;3TYQ8UrZ=G?8dzP*V+d=+zEObcrJw^^5Pr1eN3)JK;)#QRAzNgwCHATpsB-=h9ctM4$hIU+BGSj7geWZK&o zg?5JN9W=_`mvHuryxvLt0}+II!cXT&O(59e5}fdV-{S z1(czM<)}E1$Ex4%-|KgdT7H^G7MIqpS5`Xbj<)FWhuTlAmZ+8W-rmndI`9n#;jx@O zzEREd!CcVOk~JUR<`YLN>nnWw7eF-0ubjWfD6sRCJ18E6MSsum{ziejIIPzWF>Q@&U+ppxa;2OMiW)V&yXDqknu~EgaGn+xrc{bf9Fro zEeq9GWtpBI$>%t{(-OkmsZ$w9#`A9DYg~U>LjvgA_dNh>%NG8=w=~Wll=Cvt_Q(uhm*$Lr^W~~;g#mXRu z5-_OZa&?^p)Ky0H_7(x%#=!sb!LVQC!p}7vPmpp`gHJs*uKbfdI5hGn z)L4%p8kbly1e9pO#cLT|Zs{!XBv7k*EP@^nIX4G~%Yk|C0Z4q9vY+FX?R7oAC^7UkU_x-e4$#e7r`hw*YQ)AiE5`FiIOlBuj3^@P=5{^#nBqip>&IC z_u>h^UhX9AG4FjJwt2Zr{4Af>w?ruK#G0E}?rH{n*^W0Muk{pzG9vZ>A_0bG{XLEF zx9WZ_=+}@ND~prtp)w&RK(17tzOa=Dbg6sLp{ezI1VAARkGSa03n9N97VG51Sw4P< zBke&8I(A~$wENHAh!#)L{Wp~M>wbm^6|kNs>?UuhhT3NQ@D5)nfowYZA&AQaKQdzx zgg0g%k8Zc`FY$S}k@YdAA+zKX7MyLraAWC|gNX3tt?HxGc!VaxAnnCo{$#q#+1eKt zG>~3%W;{bjc=W{z)wuMqi5~Ir`sEC0;AiQK?b<;Y`fPLY^jdE$_ieYUjSh8gW`O8= zOYOT;lM(WBAA}J7NIz<=xp(35 zn)H1!O|53yQ}Dx!mkx|!=`=&t?fJnB>X?ieHby%w5uDMhMb*Srw|21$vLrF%oHi`|P zVvUb+k_jNTBsx{Ppmmq`ImzgwI=Y%ZW~L;b4SPA&hiy6$bPqomYlgjeui!C?U=Y;T!yeB;K6~Nr-+kHtSPXa=b$hcu#mYFAY~YIqmnsl0nx@8yD?-y` zDbi9N9|wr_>?;=SKo=M9ZQwuv+tSk&X4j@YB{GUXc=+^mlHbp+o`(vZycQkzadvXw zE2UR1KMyjw*xwDl(4*OoHKlP6%ky_hB^1pCP}(Qm^rHEdvR@a@G~NWe3B>2=sk%!k z%#NoMkC%qNa%1P4wJ%6n727?>m&M@;S?dfwNUERXxYxP`g)1+=uRiwF&-JG~IfL3e zcJI%^;vXcS3T3X4>e+Ie3!CiyY|rmcSwL43$JJi0a*3ao(VGYQHs**~V!K9*Q_@A_ z*%OHrZ%Oam7{jFtbqF^rBF?7A8oSDnP=JcfsIXLtPR8&!UY*SW#6(Nc9Tvv3Mn76D z&pLuX=&;~aPGL(tU#pFVT{nlU?p&!2@;+Ce^enwEWGbbJWnb^XDQ<*yxCItrK(At7 zPxg$z3!*&T;Z+J*Mus~g;+uzh9O6^>~SZ%Q{V#dqDuB9HkHlj$8w9)ZjzXCiIYf3_lsP zI(j&lTv%ZClGj8Biq{^o%y7@U54;PpF5(cJBE!DBeicGmWJBHZ1$(nu=7}VJh+J8pM{1Aj8z1EiDT`Yw z7p~s3NQd_xgeYMIQz-T2HEF%hCil1)a+`ZR$Zua5KD?HF6`ewp$)Upc%^b_U^0)W4 zU)-Kg)f4c7(6>GHhv9)?gh#EQ8;}e)QHkG5qR4vGGXp6QQ0>!nA*99h?js zhV8e{iNjei(=`zHj9Pz|EfDdkxoVpDiY$p@!*`~2EcJcF&|4gzl-+B_IfP^jEW1Uy zt`D*V8QcE<-}r@s9Q?OF z!VLadIbC8(bx+KC7+L&&1rOuX|Bv{_OKr~)w9?WsH+E8}3$#g`U-FI}@#ACxm( zEqoV4bm=)*!3^LPK(gh<#Ba8JoUC)uI39+F5m|H4w)u^C$M0W))p}1zo_wLu5%(2E zf(buwF*KG@K7v#A+ve|lG<(O*!-|3IqFFwx)@!GqFwH#Q#<^K#`tB zNP5BIEri53T^!c3a-JF*LAx>feE@PI+VkY=zL$YQ{Frm9$TVtnpZw8H!k>PAgh71f zc9#TY63z2zKh{=_N2LW3r(jce`&MX|y(hpX^O0DaEIwD4u6qv3(MBJ-X{yWl2cUWv z_ppgiHQI=3S>vyOgad@}g;1K{T>}|Pb^8RYqK}ZVp&_@N`l{v=yP1ED0PCxhj2AGMO^lPKZdy6j;Z}_kA zaSbci3h_dT;TkpL*`SSl)EAh3?6b&P9eYXFJ>su4gqybdo)_7*oOurc)9N9{XqdfD z$k+p5t^VvFn(AfM3gFQ%7;JbYrm@1DUg|?@fA)6ku=YTYq2>{+_x|t2247tdg@{pz zpjq-^nbV(X)MyL$PFA$cnNU^!Mjrw*|A>}J2&Z30crtru$G3jANe*cYJu56EdR#L& z(SIIPf%VnJnI|yHRr7ZOvN#Zb)pZ|2^DClbpc3B4oL7)Hn|ImmZNE_0*?Nd8tF8UX zbHBmwyoJ;n9+}_$ZrxvF_5nB~P0u_Gl7}EQg?PVyw-C@p4XQLQw3k-FkPkP|j>@Am zo>yg$dvUxXlb$;7z7OyqND*c^UcP@+>0 zlbrYGxodO^cOdYux(`R^Mdg(oZaqeRG_Bw1G4*i@@$Kc|cD8+)&_Ft!j6BXM9^|kx z2f|oZjNkhG6?evxc0MV@L45I%Q8$s);Egim<#8~O5Qb9Rkv!z2j|n4gMxIXZjp$eO zPccIkO*T9t=Od=7_%sayxV2*ZKFAFmjw=guuFne8tt~qQlu@2AOI#!XHMpy|#Z2)b z)D{BXL<5P~J$TN-q!x+wOmJPMJet9<-x_}*Ry-vObA7D$6qTOluIc%Gg`^Xuv4eEH zzan*VJ%KyzJOeE%MIU}4!AmM&5wXM+@=oS_o~&RRlU~@REI|s)7lIvo*xrnk0LG~=s1^2xkU4+i(u4Dp4u6YwaM@znX&Slj-?at>MSh{jmZEZjRmlbu=DgU)_;U3b3>k?MkCW zIgu5#VaM<#ToY<$yf!5tG12<45O~UzsV_2Sd3VepgDq6@TREzrX5K#zFyICGB}B-z z=EWUMUP=mv`v=NKpZr z$B2E%5kR)5&aQKiq)=>w+mcCHZBfN3Rl^+C+Luz7P5}Z zLEH7%6{&4Pz&-F=ni*FcPd|I%BW~D=<<<>p|7^=Uy}J-Oec?j9PJzP|sNvY@cKJo& zrXG5`yXNJM5s5#{Pzt>z=REEgXT45l|KC1+#x;+6xNUN{AFfd>Wa>A_lmLfzTdTd;YwPIyjmn;Q>C))xAQ!?(Y`(I zUx@W>TfO(@`ue6~_b!7^n+0d1IRh|w=SDJ%Mi@zNj;UXG*j+fC_!4C^J+t4(>gm(z z@Kh_b1aYLf*!TU>@Wf;`IPJNW7W|jnIDU3#h_3U9ID+V#YF`_sbgQO@ton(s1|55# zMq(jBaqWhcY$v8EV9VVf5aBGpCxEcd$Z>_VZVkiBs@vssaJE|@p4HT1W;VU5Zx1U7 zLP0qH+#D*)s0^ar+c**S?zW?ZqJVEJ9DoM(`9^|w7onx!;tN5T>vQ^SW-&wZF>g(p z;)u6n3c%P4&OXi0oEbdsG7J}RJz;BSKOq(*>?SJb^*4^d#gDf_4ywQoI~Y;Zu(yfj z<@s1i{%Y`WT<{Wt+YuFtJtv{K-+%@|a%kGyxhyWz0;m{J>v-7hzO_A{PN5dwMp`zZ z)>)j|rwnn)6=4kjjgZE5C;skNL4`eF0km?j$wFyoc*1)ehd_*&c_AnZKj}_(?~iZ- z`DU?nl77d!#^-Jcll3JMY{)ppT>850riSfgJjiYqPU@kk6(j zEDzyUNW!JR{D@&*L}B?fqg+1A9_<9;2RfG+>82XdhnVE5W4v^^xB--8!s}KXgzP@W zm$cTdH~8`(0es%SD+if*>D+%YjRe{R`XYeW>xRC=?6!=tuwS?@d|z2VwC?g(z{nu8 z9}bs-@h|s~&$Z*SLSGbqqigX|z&$YGQ{5aW*iHlijN{r*r{Y$!zI-9Ghldj79B(J* zAX>U+9A1m68O7rO8j>xOS1dT!w^RBDpm(HW_BwiT4p&Ju2v&H_0yfRAKdUG-VVjSv zZqcufg#m;k`x6OuOVcXUroJFGdqgXwp4lGq2Ky!-g)qnX2sRg3yNsxQ>Mb4q{K?4>=R3MgR9JbDmAdG zR#BX~#}3m}+B+x|^neF)8*cz1klX~G4CAU-lz#{7bO_}4i#$A?#pT$6D+f{=RB&#)%dz?h|;?_)mWv zVmNp~_Q$@pWwRWe>&%8t`wGL;h~Qbkkh6VM#sVF^Q8cwgl8RrtM=0K)>MMa^@I1#;eKIoR9f=4R>_sxv?K#-`Ic zGvc0{ICpKtKe~6EH>FF@v?5Gj=#5?4?_NB7Orm%@R#5LXT9Ril5T` zYhET2bZltjy!d3@mrP2+t|J)BBY9jJ^c`bEk7GRIY0mgPu@@_`%H7&TxXzVVPF=Ek zO~K6&96QtoEM6TtD+u=zu`n!3qSO+Ybr2>32p9%t&wFTenS0hK+EqB&4b%Gq6i*)S z`AlCUB{bIgedNP8p=DT56}qrVP#?59VHxCp`}PZxUKxlDti!cqD-0VNwtk%S>|mTx z5jmn&0EcBO^Z3aaz2tay@gDW!v~?k}-qjF{8%;572zp5C{MV~-o0o!b4n4}h{q9$A z)TPY1Y=#(Gs(!y1HA=fr13)zU2rxv#>=k%F@KN~t1gmU|112rwJ;0X-71Q7MYZy02 zturpKnLR%~-LQBs=>HN?N;eZ>z{UujE}Yn;db&jWPoq91dGHAo-*kawLRm|htGtna zk3SG#PP+l*>qrltXPaBRK5dSd2n@ZkRgplwh2MB>i#QU!_D6a@D=<*_h7Uvm_dl>j zr397ScHJQn>piRsT&X*QGYNg({V-B;AosLtxE&W%;HAI2yA5~*I3q=c3+sMi@Jfj0 z@2!kM>)*$M2H;^kWBv#(<9&3lc8uDkbJocoVOj2r>>s71_SkF~vwvS&7;#{xbI3Bt4 zF!8*TOXE*HD1MpV$Vz5jG*I}kPqCt;+-q(`e(nODNym{W(ZG5?YmkY9?rR*scVl5P z_b9=3=Wz3L%oK&HA#;wK$yR%K^Ck4BW4EjE;H&Pj?MtSr4c=v6V0s^DiLvx1DyHq)YW7+0x;jG|YL=WyK(1Okk0^x0}EdF{wMyzO^iI+IV8OL(V=8i^2=@=5g2A!}a-U|qxO$+iSouwPgJA?76tezj zvZMsfl~$uTqnzhNDax5qudT+h(Y@xogv1^ZB^wAMNi zn6Vj(FKVA>KT}PwU>lf!=$ZrO=m@oWJoyj!MwcpVi}!pm;;pzK0V<%A%7T zQLT%X;U)ZAq`oNny= z>xr&JWi*<^@8NC?pyTmD>~PeWL#G5tlkIx!0&-%1QuO& z?wz0UiO%}me;>wczi8k3(5VBd8IRzDKKs5>cegp&DivlD!x?d?@W)|WM9fz~|MKvw z3JBZIxLVWbBuqxjjBKudRcT=vB!aNhFIx6E2|tJpexeh~N@xvqg^^$43%!ikmP*<_ zucrqfK=aIgwRz$f-X)A@J{e`jZ7G>AA1i*`iOh*UUe_254qIB$4lNe$ygE|OYS}L# za%BH-NgB-DIi|sHDA=&^}y#af%=6=VkH+mcYxNgCWg9%2${bT9OwiZQ#ApA-oAaE%l ztH{3IiGrYl>2R_6XODIIp@ro{!lQ7$(-tRWBb?gqPC`xP@e9`y%Y1s~!6Vrx zKA~~7_h~qyn5RKr1z75Q_vz*`|8_vnUAcP`m1GYnmLmKT%;QzI?O>qE>4VF49AF)e z)mcaueYCxrk>NRs%#8fawCAj4RJ3q!9R(bL{YX7uz~X zn%}Rf!SsWBRzp7C3J2Uv8ZM0`r2<%@ViA~$X^vzc-6Y_Ic}BaW5dIkQm{_anS(;Zql~WVGu+)FSAy zff?YmA!)fs0q#PU(VBwkbJytd&hS7P7Tbr2wSlK6*$7Cq%Zu9x)*uM>lX{Yt6U%^p zPQzbPsIPP0a(oUWW3X8I_Ti3DMcg~P1X&4&iist$hA>sFQ_uN0-9mgN{E?uBRO|q` zx#Mg3h+aCcD@*I}@Z1@Za*?pbth5?A1?9H>o!@s%erT`XteFn;lgi5t0q$$kyyX^` zoLa)YLb;JJ4NTpwqLz%*6s0jQpQgz6({vyLM92>nZf~CzT&E6uUj3ABWAPGrh<=_C<;4hpL*yV%VDV&On~_bcJMBZ#h&#_+;lwOE z4-`E42NL?XJ$~^5^wBa9=3IrxJ>_3!cJ98+&)51Hs3PX_hU4~Wu_#x_^9VcJiWYyl zL_j!bP0NQ_YJ@%VZx434;rvsS-&qA=^jVm(uC`57c-v_Br;if4jjl<@mmE=Z3L(>Y z&4FSjYsWmTQkYhC?5)V2v!CYp-V4vBqzC!$GF?B5bsF{p=8$`DcrIZr`QBzC9U;bf zuWeXrm^d2W=zaQFnZs~VbrHaA`Wuk7N}Y(}SV>R>80@CRw~ti-SFkDed)<=|!hZH( z_CU77XZ=-Zf-WElhJie(JfE+H$F@YqWh1<9FNM1T=Rw(Hj$JoK8HDN2$C&GsUa!EL7Ws{cOQWLmG+^bx#2 zdvEpkIK@mjWvn$hK1@Wmd(pn%3wjsb2cc$9iX~4?>U`dZQI|DV)I1*tcj-cg^}Tji zL^;b2iT_G{{*4I)t<*xjG0G~vsH6(ehcLTGz70$=w3nt90|rOeZ)>=w^eGNk?kgnG zpADtjR;X;Nbq<$m?TS>Lp`_gLTBaKRX_tg}^;f}8q+@LsLm)MhOX90JP~(b?L&n$R z0-gX&_gm-4THeD>(LYn)T9{lHXDy1Q*UF1S08a#60$dEvXf#X64jfzqjeUM;&jk7o z2Q2yrU-%z%?nn1vbQ>$P_PILkz52Q2cJGWcWcCOQ>kZ~G0;NIs&x=xL?$ZzZnc?w- z-v|A6`)%tf3%~Jte=?XxMo=jx*oVe+?&j+E+{j-H2f>4H&o3kJuZPrJ@A+2)nH;z3 z-|7A|U=}H<2R7~epZoNL(--@ORMFI1HJ2c{^TOQOMpT*D!S9g;cO=Qr*@HnBH7*Hk z;y#pWLREBs2iKVxu{O*8E{8Nv%T}B+Mf>IChSJu>1nadORy2CvlH8|g?UXG6O$E&_ z(qN$YU`(S%VgP6W{qv(z6?W*q5gSW+Mq|?H*-X74nUTWaDfnYh^AHdA`%tP38qAYY z^dm{J?LC$p(O%kPH=T#=W#Hr0p!25)NZ>WfA5kQ6N3lCN_2Aut2}ZzI^!i$bb-!6} z!CVtGiKA!u@j_^SMSN012aQ7#A^kF0pGOJ{w~lM!skeDiy>s^|N~>v4-#9Fl!+W36 z)?k+HI8Y2;wCf-85uB2dvcaj5TA^F>bP;E4h9d7w2$G7mUkJ1N;RG2yQD(Rxey6Hv zsrmS~-IxeMUEpkS^0Z_#>HW*=S_BN&dEbJ=-vUw+^LJ`7R3wEa+;T@E&?!b z={I&?U->@4SMS@`lVyXmF{VQJI_2Em>95%< z*%xvoD!JS`0P1sttDtvPCi*hJf_C59>Q^W!+@JAP}p>U zFmz;pC}_=lmx_@8S&S`5j7iyW%sdBE@q9DNdAQbev+r@ng@4)TfEe4uc-)O75?V%j zU`NGk9Nk71(=)uD)$f6^E?mKpMrbN*`Zgi$W)$;pkuh*>`KrZcPc;S!!R9xaeDlO=m(%uW^fM9O9~0cu!$9}y3Jj)-2)Bd2qCet`6_}lIq;As z*-{$NE-VUATQXBsJ)#@Ypt!Gih0dBAZDV|YkSrM3mlA8Pq)Z$fuXGI1qPG)yq<=~_ci2tRr{F_KGn0L^*}Y#&H9X*bE5k}z*Hg^Z*oR)>AOu20~HO}=;O{Cfs$(2GVi|o z+U{wXVGkpB?0M3ocReDl8DN}eIlGlxDKJV#oiQnJ6&>Ewgf_B?n z|3zQ;@>@N#Gi*9Dh!d*zS*l>PY?c$u;6+W-gRMt7tzc}0&DVYn3S91?cLdoud%;Gh z=S65=U`06z>Y{&4;zdRW_jh@^ZE zzKs0KovT!EY|Y{*h(G_P}W=ECM zVsNj$^cK+YAfO}6yy|_m6gGdx8qV0oWPU?scN({rasa#LP$*~YGO_du9|`UmM*H-& zqtt&3^LfyFXU)44oDyICt9Tn+1IyT|G6F+IVJr z+^#I*faP)~LCX`l?gEVQ*&Vu#d!A!`E2bxsa3@w-=_;k3#8;E9Q*hAd$9FSV9g`G} zg4uDcS0!)aG*r>K**w-~UwRwyfnvbjRi^-<+>f{K>rMq@(ab^p*;b!UnKM=O^zplI zmp203!pn1+MJAff^!r0Yw5A~Fj1w&?hU-2~7lCHtU*hNXmFJh@@NC@SCouWrF1_?4 zBUl!hJ2iF<>80>6O;wu)qba>w#X}CQjtxJ#TRIlexbK=n>h?YkHvu-tO-nfAAvv0^ zGI*!wS=7O1k$beZF?stOTMHtK*xe@at3y9CqPg&>5RYPZF?HP@=}(&tCcG3?#lv_2 zDwJ#GFwz47AT&<<=RVV0)!6R{GOlUs@46^Hn#8O8g8Oa#<9T=QdV`uZ8@776P#>bv zAHfjxplYw6r@eXfpsv9k{RVewKHZLjb;#f?iJR6Z5|zYfcbsx-x4Bq zv(LM!1AaT5f%|%=OlH~0oj1}(8+<(WG$JPXq>wLDA3th(ps&xjaZ;U{@I-}!8Uj}E zi$^(-jYo8IVPD=0OE%a=7Z!G72PU+IYty~1=9TRkGu{2uIJE^=&O#j}X61-h8)yUU5dW|oKI4U}- zj6`-A=6#m!Qe(E}$3;p@{hd#)=Q7Xte! z9DDX5x9Ahk0@B!P0xTDXZ@-$^oWc5GU+LGSwR}J^lN0vu9ei3;z_2=0vxK}VF4vwrv)ttuhBbSsfRlSl#W~X!gY2Lu zPa_DpkUhMX(fRH&2i}q6y0=TQd4!)&T)oN4b?XO&qK}*Ob)VaaMHAFknEA*0q!Et> zel`*;D9|zgi%+m5K4%Bw4=dJ8E9d>#3zi&t8t@bPGUGoC^k?+=I)4yLd>IvhU zKi#&nX2j!b_}z%m&SNOJm=BMqosf9Cn-uWRy~Hq;!86G~?EB_hOXa16#Q>Hx<^&b zy;EH9o9qDjqYp%xsGQS~FV3EB&O?3zX@!`cz5!^D!+~^4x39&;eq5GN&?C9U2fT1E znhBlYi@BZfiAFCm$B?f1fblgzOnbr%mgpO4+3xjTJ!W8K>6cXL`%?X6gg*y;gI=Yoz1|&F#5R#Ma-R{>{pd3ujq+vpYo8p43to)Opz7$Uiu=uIk2n3WlOE72ySe zShc32pxh+xpqz={rGu?}_m^F4;_mUWp|Lp9rt;W8HdZv@*qG7vD*uk3oTfZDuI%w}{UO7}q%f!tGuR^n3JaY5euTG6-WlN>tQ5@2 z%`Z#Q^pyR`1iLReJzXAGT0F`|=5@P!icC$`6YZ_c3+b!ZrVnX=p^T6YV@pcT3r{f9 zy#9h=`GD!!h0U;p)a4QyfsmXp`>4O}xxd?2BX!&m;>gngyE-5PAnnFjGE6fjl^i@; zA8JM5`O1)t<=pf8H-|sE%3i1beV8||Se4Nx1mdU~Bg!!X8?SuLY(j7&5bsG6Q(OqP zf86#Ik$tune#wjeE_+1~sy=^6;Zf;|e-x`|Gt%VYQr|#u?|WN+$(7;l<_Y6R1kVw7 zIEo)$zsnIWMZ-P4LfI|HFM;`E5|_^sjrs%igm7UYi?f?E0a>6s=MH_j?EcPrJegzn zn&DyO57)@&0S`$|)7W#5;kv`NKy$mLw@>@2(&c*hR&>U#P^K8Eb3Ilft85WdAeFHg zdo4QpkY#%h=%xdwdrwXMY&Z9^Q(CjSg6+6<&2)t_e1o>M(ihk-b<`+wx@6>&UoZ#A z`ft(y;)^V$9sZLBrZs^)c7>uFk8)BG+|k4X4A!2uk&5m>xz1ai8jpVQx$d4eVf&Kn z)5_BPwU0wjb2~IvMpcxRH)<+KnCak^@C7f3!T1AR(^{*m*ODJ+X+;i4HfF~9RcTl1 zm%6OKBzO8`R-Ekv?yYKY(Y_^L2i!vs4Y=QN&8JoUl9#3CK)N{|j#jq7W+5n-i&d%U zB(>KMaMW-OhL)4O`-2jw$*1$(vt1*)6-)$gdYIR9Y|$dsk&nCEq0!j~P4CZ+dW#X8 z$**VG$?}VH&+?vO?qC)lD~c>UvtOdieINJBO5Rk4V9ome7U2x@oxDCnB%mP~ z*t66J7F%3)`ksY{rGs*l!bA?@wRBOe$(~2(XrLW?GLIwa;F!WQi}@=v-O0m0Z70vUz<3`c(vPk2-uV7bbkgtjh%s{~SFQeHE#_95`pg4FRUnLKoc zuB|ica$xczYzSerIvC?@KMJ2+rZ^R(zdyCQmw;9QziwlN-B$6clk5{^bcDQ|5Feu! zQ!)Q!+54nZKLD*ij~m6DD6(;#miP7#j-$DAa6X-)_DT>dhe5M&_v0H~M6oP4)I%im z&Fs!-$VOIge|jigXlZ%*mutEqrHCPe%;Lh!z0kb}bk7)sh=P|wIdCB6L=gYx_V+y8 zMvj*TOiRY%zM`8WrBt z_I$MHqAln{+8$~KS1QQiqYXFDGq)cbD+6RL!HGz;BMlQ#CgG^%e)}Ou;tMkKP)*JE ze7RVyyN*sfiD2(6q`|{1rF#zL+YK#rDhtegrPh$M>TZ{>PqYYs>K)bpS!{(%5|c;z z8(z+k09GnlKvgK{q!y}u7mr6z=Yxha_$~kH^a%^3e9j+QO8TLkj+Z)wl|G%JhjY}& z7r+T3sa(d?2ozPTkLy)ew^-jp^vd3xY)H`r~1(tZnIOK(XT?{;>GtP?>Q}4fSn`nFE~t z0;*XUIw|U;)}v(hP1ffqjh>1vEOrp0H?9iIlue7d-$c6mO*G9Q7iiYEv-#}k{NN7B z*Uh>+2lg5^NwV(L3rXEc?R#Te;@V~+&WT_yzPdb2`d;8`hJ-TYbK@e{cRi!vTj+T* z)hUQ%%*%s$5pp%oT`XWjhELOe&l9FV5L($nN9h4~g{SBa5v0HV(VwB%BmrN6OGEgJ zmCe2=jq!bl%!X$UzG5F~j8vI31~aPVk6haKl~lgyf$M*9W9WDqR@gKoAMD8+atKf8 zr|~_XdV%`v?{AECwl5Ug^y40xkSpGD3ZqYUCr$>np7Sa}oO0w^Js<9vgd}u_MAkvt z&ksxKh3^rntX{$_Ja15PXfdGAFiW%{j-%pk4k$6c_y@QNzbtt;$*?HcEAiLwy>f~N zi|!Xz@1fm-ePA&u-+XyLq(I`x`uyBi%ewr8@)02OEBdZ5QQRu!_#_F|3tCqL?ydN#$!BJ7=`}U| z%h~z~Vm`*u=2~ld&y)F9pV==;@}c@>PczCGc-N5b;4}uSU-wrGlQ(zBnx`P_F$e3V zpW%6uqfKC;hUQLG#uoN4*tZ_$4fsU@Ok$e4Sc2JQCW=%r*`@H~%LenU4k8P$M|;#F zd-Y%BX}E<-*39@;ctTOI_)GZ75R89H0;?w_;q9IB?tnZip@OczUSr`L6WFnQr9kE3 z?#GzG(_S#)K0-J$a5`?up33@ zyxs>%y+Sg;#aJhZaX5Gr*_+*V$eEB%ZeJd3_N{4BLl+6xkh_&0-{TWD%xLYLMN4wz zOLeI?aO`H*^ztJQXS6p?`aINTt zd;!Hx&G-uzN$BVhY2+at~p&hiCP)jBfq(VGM_y3is21$R0&m z3r~ITvlWvM7i`mh*Rlw^+t8g2+!@1p2erlDB)a7!aj*rYIpO+!6bt1i7jY@d@V_BTN&9Q-_OvEjRD&X-sZ_Hf1k zeMjG;?-d*|Xy2bdF28L@k87#Vut7#_LQA%?UaqMJx)hZ{>_V;UM%I_I}$!q#$@DLYi@9U9>KOfkJ zBu5N;86g9FDC*#{tl*Yj0OGO6%jQhu|0}(5_ue_KF!?QCh?yoYb9%U@S4*m{@oC>1 zlb?^+bbk!H>G<}~&;E(sFt-nY(F^PZ;DI|xI}CdQAFiQ=FV%vFqV0XGbx*yDO|cDnSId9e+?-;G6fBjKu#mF^t|UZS=8KzrKPeQdAi*Gbq0 zE~#OaqXn5>U(K^sJhA~)=sRk`ael9*7r8EjyPuO*e&jFk5Q>@Q;VH z&cG|+ImawMpTZcHGxneM?lwJxp@CN)FP*x)mLnLdJfUJb98KnM;<+CF95JOb=^PxU z({VlIm4Ir}dPw40#Cj86X7kP=owYBFr_%tVZ!3zM4OAaLMMua)Ee;M=0gMYs@b4VR z&C4yhprNu~HBCTtUy9S09~K-kN7kGCw6@DEB_MEC`Ww&3eup{|$L;4R7Bs%t~{^(_3Tm21?o z|Ez-0r$4G)!l&8PX1?^EuVO_r`K`=U`whRWCBuQHC&-&)owCjDcIVq~^5^P@P$aKd z=k}-<0;Uf@Pp-mLt}L%0T8&U!D)!bM9S+k|BToDavq zHx+t7t)J-gsVa0#qA26*>nZj^2QIGr5AovSic7R)upzZ|Q;o@p^!(5xFo8hDnop5< z>fUz{kGQMTzv3e$%on3`)#%)4_wj`{Kt|c|4jOTaK~TaG@AZUsuct14e)|WD5=%8Z z^vy+EbAAdepTjn^>)IR7y+H-8Vxd{>8}dj$C{qDkdkw}F;K@u3;AMgj1RxD{?DeM$ z6@COC7Pbl*w(U-_0mCWsJ9Iwc9C!h{Wn7xRsA_JSwbX}(9Y$%-yyjnOGZef4aR}j1yzM3t# z0wTjLFScV`t%$8tYL8Qp!A4?AyT3J+C)Sk-DN+*C?x@{tRtC6gb-ALBewDJ#WYX}x zMOI-G?yKA(7>HxdKU!ufa`Q?B+b!d?i+!e>h$J%vSB{HZm^<)w$|Krt#SZMqU&rYx z_x#*i=Wo^c?lJC-2yj6B11UyrPqp3GXpFO6Iwf50$HU!H>=jnpmNQ!w3f)A056Ok< zIc%@5pchSR`bo_`a@|l6nj?5+x2=zk;>%M<1S^qpqTl>0oa*(Lx$zw5cE3&wM?7R9=6y)=q$NKhug~`No{Tto<6S+v z=jwFW=WFtm=l7yp@`H0k22Wh06CHds=3PEVaZf$5oY!-1mhY?35W>PVe0G$=E!=o)>u4iVI#etoHNg8xxw=PZO^) zd!J^2h&{@^7lEJqJzReaVdpewq%MwmA0uQ7OG1(^us%FHx$pRr2wIh!^Xu#V(%5z7 z79xAI=+x|TLS*#J#)pwV0Bn+aca8+GP9=hzf?T$dlx#Y{*;GDLPh% zlaSllR`|=FO!v;(=?hF*EH7Uj`jyh(&|gNh)AN{Papg3km_Fb}=qC-tRNn_#Rr+;A z1hdz_WPHvD^Jb%;S~CeGt;7!mOe#2$M_cct?SA6AL#saWujGDf?lYHVILP*kRYTY% z0TjV@O3Xt^{VDx>CWR6Um*|ssedEd@Kl^vGzbzZr9y(m|pdA|jan-V?@ow(!FHE0# zb5-UkbVVMt^v^MXv(OSdZ)%ar`4i`Q{DJ6=8J=tfvE2DQ*+p}QX8qft;K}T{OQ0=H z^r;%LB}DS%^4#Lx85&t;&>HY4<`dZ{_T|6a zLsv|$c@un}y$a?nJ(SxGONBt+V>I}*4*g1CUf6H%j=|P5+923TW1Aqjd!b2lL> z$(m`uDD98V&;2nqqXf8fr&wFJ%3v?MXP0r?H)sdH=RO&4>p4>ZW~;7l}7uEBj#| zG#*q=u7kg4{f46r#ksQC0Wl3 zEe@FEgz`yR!Lvl_uv$_T(_?#t-@ z6^4g8>rpWS+Sdu~+t267v?PT$a%hHQGOBSrnFPf3$L1ngEQQi;{J!%`h3q%=jJdW? zCWYuWu+x`1KaU9i;fGg!_M8~E?B^5RSqh5{yZR2Ls``{8 z4G}hZd7NYa*b{krxxL`0cZgu$xHGF4!DoS zY>U4>zkMyp#XIUZz8aW>+q5%yu(IkDR*<`*9-k44G?3P?(5s}mUeIck;}`d zvkd&&$Qd^KC%NAfk=c2Z`h7(ufOxK`$Ck+Lwr683Bx3_E_Fv-fD^ZzPfb_WD^5PU0 zs|e2DMhHCupI@~>=s74l>%8=!Bm|h<1<{@GxR%F#XG-o)9N=b@!HFr;fzJ zGaMh_vG!qaluOE>6%Sm zd3}P9`D`7_Sl_W?!CW#3NCQldsZbxWw{1@*5U?=TA4Wo?jJcY>?a zy_B}sUu0qlpZpKcSYA**yIpjur&#fA-Rq<&q{^7@BH+QE6Mf0Y5EUdmLk$&MB>^J& zb_6K>FWYEccYT6vQ4g4Wwa`W0DHh4Y>-lAU?eVu?UoYbw>n%2h<)QIGnR}wIsal2# znX7N`g56Ho&q(qLdjS_k+v&ZJCOAjo|Jfk1UCu=3hpZI$a(oo_!+~n#R!5oKQBMl{ zWv9Y456-U)nMInJ@*-`lZY41Ib!}P<@E8tMGud^--(fi@8Y}s3Cx3~LL)}ZZ9ao^* zrcMM^{!-kei@9Gyr^jDA)#Y+CQSP$Ou#hn>rG9%q1yk|v6XAK9`M!pmHa4clV+t2O z5$o1{IUppAv0VNxUn7J9NJ#{u6M7>GiKr5aVGlcdf4cn;(dq-WK5ww4<9}=98ede) z<1DejsGU9jV3s(cJAF~ksr?7yOQN!s2_%XI&E#QwduPQ_B&zg+^;fVPaBAHPbgBGV z9#s!)Ha$=nr`+W5d?eF;B0|LB-Tn|^4cqLrL;VLhZP>RN?>}b9VzsCPSdsq7MeGLm1r+7scR&1FMWHjo0qX~X<xqm>?>mHO2*z)nTULZFIC>A-a(1M@ zb;GA5c?Mr_c+e) z^u+e~y{||}nV!)vgl3`?SCtGFGVb(Q4KDhw4lfE=LF8lu%hzbX=&rdB=X&8RmPwp) zbhN$czHCC!OaHfDM03G{4(#B}lTkNHx9f{NKBt+D%D8RMQ|I_fYQjOa z_9YM9}O_>BGq>|3VB--}*0@)%_o&S^7yPmApK*z$V(fTpIv1=#aY`}$Z1 zBy({;8~t>Ft5Xfts_CbOaR0t`>+%C8L`HGn#@9XGYL&0HpLC{Og8qRXd15P1*5!Mf z1*0dx$P=>|W*6Cwtq1;k5cM<*Zze#od)7I5A;=~h2ZJ`?GelD9akx_YX-w3!$T!#K ze0{&({txfe3RQYMi{07-1NrR{RQ8Y}9pg`u+nnr;8KM{~g!8+Dce!!hTD=Lcc<*nm zL#4Q{qQ-&Ylw!29Uv?idt>%m8SY5v67J7Mq40rD^p*p-6HM^dIKEW-GkkeGHZ^ETL zHqyt?jt?}^WZ6k5XY{o#r9N#=c4Hl0P84QgPK6=&PtAHhzeh@b`+e-e^L^ZBKuz=S zn-0^rq2E`|jeS~d$aNK{8ZZNaJ*)Gsplm?GoKojnu|9nIcHFbFy(u<%E^8P(uPBMy z&%D6P6|(+?+{~R=o{Xgkl;OfVmrs}%&qalpT`pq@C`f;Xt5u`6`$#R1>(W1dQc*=* zY!B3Xal7~sJd*o95LVK=Y$5}&9D(O@W!CW>dkjv7SgoLzpP^z)9;^PS%AP_1_-m_+ zsl2MDFO-V1lv)_Mrhk%$fPGTlaB_7hE*U~>ICKMK zE_a#!k~_z)Gd~o3CJObkhL5N3n+~UkoqDEM9>P*UzlVU)F|>Sp3~~P-GR((!;ob~Ja2LZ+V(}+Gyn9wr+IWHA*)VE zHsy$=#=gGV_fV~&Bs`y>B)d`rf2~a_;D{ku;RVyY6{Y0)m+#cqcQ^AgwsmqAnYPzy zl_%+=$ekh1@91f=ib#SXTiA!msa19zrd*lnXob_I%B-r;(IVY_NMzD) z$5?iLKxTT56n5BebRWzWo~YdqUZOi_{;LieE1aB1{eDu->#Th?;r z_MX@iAraaXP*1+_+?A~y!Gnps|AM<|%8IpeLk@>{U+(n}*5M?qP1~dn4u_6lBd?I56@{%^brQ2!@)v zD+^IYj1`u@JF6YUt2kn+v2%Dse4jCFCPZ;li8>95lOp_Pki&01l=D(m9!{RBWJ7+( z{Oi`Qb`K(cf2n2|5OUHX%M5o~ap+ktepyzYH95cU%iq<9-55HK&&qeRTXv%kxs9fk zZ-!m|ok0gleLlA(ajBqPtjcfvvT}^@4z#ASB54uJz6^!|b$N4#PqWI)3QC+JwuNKtv64|I-9@H$?ydRd4f(#W?> z^=x@{G+LJS?8z_~vs>K57IL%`dbi~uC#^-xpJ zOXe|`Jtp+dJfDw7oz31mW>fW=Z>Lmnh`l&16Q@8QE<=JEW?x%PKWE3MPuDO z2hU1;QS-+yV*#a;2PgG)Z}q+>BrqB6%dHZK-yFeBu6^bD{?nFWsX9zBC*FHq&g=;~ z?Aa2r~PeI~QE3gP?%Rs+>oG7LWUN!VGp*c{1N`0xwUBxqKH zA(8U*69CVyWX%ysS8?HB)Az`tYE%1+-hCwRjn_|-|4FvXHNF{i1%v8_xCed z9uc|Mn6D%`arTJUfNDaA4drlZe^8|DK}y&&ByC5?&{8d-eV@exMkER|?fav8d2z(4 zyKXyhSDsH^9m16E{7?*SpN>!N54-iM-4}25`(m(Kz&`pfinUL{@GL)9Sl=`xKjmsdjFB+eFpSYb(5@K@t8<*3A1Zk@$x$ z78P&-TmR=c7rlCY6t3=2kM3uSx@3r}qV_#V-}DL(G?^^FpDZl}@QiP_uB96$unh9p z-6rS${VF0e@-jJ+Ew56v{zl$qBEmcPv;6sy^7~j=&Rc=K{tT6@^qSvT{ACh%cXNG7 z@2HCMdxsJh#0v3qmON34Slp~X?pqpf-+6$lEl{B>$1rU-Q4NgT*yd14(NXTg!`XWA z{>o@D65F?@>*tV|+%h7PAhiq}Rvi4bZ{%gFKobuTsLm{C6jj@Lft2g2)6sNUnpdP% zy&Ij`_w+T^?PGK9m8~o0`P_%zro-^`Wh<&b)L%nD+MwUv5OwWq zp1P>lc-easgwyy2--Ud+e+Dxs#hvOxK42abj&F1FkweXA$!%Z{vz+$42p$;icRta^ z-o^v5EG$DWBOO)#0qo)PUmKD>F?w;E=_kau*ydfm+jsfAV}T{M&@M>Eylw71Co9%( zQaZo)Q_a~BuiCe?SDw>Prf2qyj?l-mF_X$BU{&?F1u<1k5!@&N)drbQ?yfE)69VtK z&cTLz9C2mjNX&V{o$RpWATqxg*C{jMyI_*Oc%cQh%)~Z1Q@8GJbttC^+vDKHPYVGX z#Jrl^Idz181~94StK$mm0eaQv)0a+}kr4$oET?KgJ3etoFjYpe_PZ;rZok5iqk^t#h!sr2>OcXSjW z0P*piQoX`>J{1x$GyT2ZH$JzP(6sK|D{=tc03-`f4w1(!VG_7!5)5lq>YFmU!h`<$ zj46hX#-VIM`$kn|OXiR4Y3XEU_TUx3KHb2Ug5Gg@D!#|MFe4yobMuGGq$>TPAJl4@ z68>p#U+Gjovq%X(3}naH4}akTmFgO-+^(^(abHP%${Na*hx0>pgLD=STX#>bRfKzv zyTxZJkG_G2z2tFW1p4wy-6LI5)bkToYXKEERK(BU;`*(et8M>Wf^tNJ!o5%Y9H#VY zd+t-Vm4o*_u0Rs|T0x4w`#C1IKIBbklAGEblFL+}y})GLc6PxJh+`~evOM(Agd)L} z;l^^s_5gjQl9k(!-2OzG@!pr&mmHYmwcfD<-#rZkTnYu$3FAC-*~3nFij-cD?Wy0V z5M8|7v|z>rBgE_CDc7>Ln?-V}_n8>wJXY-2-3{EkC|>Hz_T3jB>pc5LSD{j*?pN%k z76|ruKbL0@t(#K99+Rq13UC=u-tWV`Q>aZR=PXr(bXQ;eeT+Z_&QT-Y9spMPVZs z9|)MS6@+leF|_{RrwjBK?Kbxtg6fj_eh5Q#>Rwy;WfE-3fChZ$SM{B2;<;4qqh84mSx<5wU=|oP(N2uvMLyCC*`L}EBr6{OmU(7SU zyTWJVNifa%Eu4?D==(fFaQidrqUP49&N-zvq!P2ln?#|DXvaapo!V|TvJ~V3#A7^?xVaR{5c6 z(`FL|B&Nrr^a3?MWp@wNnJj4S<_QWCC&MjMDs*G}T6RB=%b%WA^d0!M506@)0ZDEAqW7uoOvR<70jLqv-eEMb0qXN|faAgrd0 zj871}33u+NdyFc3QK4O|>|DL_&LO{wdb>#JZc8I|TfeWHvgJQ)<|B&QvYpOaz6`T+ ze9k9xh7gL@_;%xVnNSiBV%Q&4AL2hp){fZpxxnKd4-;WPTt5t^FE{**`-;yl-|ljA z<907>dX#cW4%H{ zz#TL)LY)|dBM*H81ic!7RE5T9>|!usrEc$fAGM8`8K3YEhsUj9M_~E*r_c=g5w;MJ z@my@mom@1Zly*qUq6KE zd?c-KAmFl0v`qC=`f|4i!ma5d`WfW5&ixU_TFw{MMyXPmS$%(?rrTu4eN^+rz9p)a zwDqSI_hfGfl`l;hpG658$E(FfScRoKoPXcw^FC?d2A`O3dw+)zPdu98b{P4|eJ36y zgSV=dzpWC&vYG@emc2nr)jfmimk`Q337@v&G==>26cQeX9hdo+S3D`7vS{B5LW2OU zMgc!Wv2Oi2PH)Wxm0o@x=Z~sow#cVcb%M8u0)L_U6E+Y=0i$ ze>t6R%BZHgle`y5*Wk^g+L)4qhIPomVU;uLi`Jv*kyXiFs2hTPmQq09Acz;n=kxQ3 zF2TONI}+q{7{ZPAK7wI;Z~v2yQwy1E zNI;|kza1}!>zR6WmcxMfoyM8AUvo`by28Zvb~%qIRip(|pr&SQ>b`f)o1v`VzNhT( z0cO}n%ayP1+1M8gIVfXvLwQG51IhjltphZLn+Lx)&&QYa9$8E&TP?M{xHy>?g|wq51ki>}$VHX?`mvwJ2GV9z*`YuB z)~VK#;wM(=+`+dsum|$5X`}1;&yC@qj{AMWLQ^{_Syaz{-17EQ2oC9-}m$z z%b{Ysj)k*Wu0I#KpXcQxPVpZ8|NRJivT(4ieW&0w`|~*RI8SU* z(qd0hW&o=6=IH!;Uu)%bX^>O^LQZC&jxSyJIu72TmC1C=t~&l?py)4q{Xi8y{gBOD z9Y%Cq%G3S?9OUY3!_*8%jVl9ATKvgQ&4oOLfjGmLY$UZg<3VVakP1ex;PA0`f?v;Ang4SdNA=E8FxQs~`Gcp^ z0fE?}iHoP76UR6j{mOgZZ>xJx>il(k-Q>f`Mo~~uwh-)ACG+5%VcuacDHdq0d;T4l zFdD9*WK^oq>XmPm^W#yA4;lL71;;045TA$#{QGou`~JH6`!tV}i%aB5;~NIxZfS>4 zZWge#I0k?H&T9SL23E!5Bzb?j)35h4oEkuN*=r2#9omUYHeT(F?FNsRwBjec7GB8a(v7$L7nq`>X7>_IN=}I?o8;_{w)l6 zzsblUA>NtB2-4H<$+l1q6{O+l`UNGW^NYpf-D$q=ez1hW8svkIJ!)1C9Q)dH!!3Oq z=(0=~ecXDcDD>EpPd9L^0{6TqpkRT{pvQ<3p9_#}Wyza67%6CIrNq zx((dv9P%Vx?=xFvN05=^KdYMg9cq`mcK=>MWEtdNX1Q0cJTc*&;?Tf9*q3slJPMAE zjUo0>YCA$osm}axwu~$JOQiltN|Jz_C0E<%3?)DcS_T{Hm#C0j;%#LJ+0;e){R7zG z2T3)vgVAd*#7WHr7}f#aj=0w?4yP|pkT z>K@7qs`%sA>|z*rSJPziHvJU^Mz%!b12X{iIQ0{Cd!BgN*tH-h}9 zZ_*(jl07A>nAE+&-!th`@l>OZ-kd{i$|r(>6|wIVRP*tdlz@6_%~ki|8eiWDp!xmP z2C?X}4d?uF&W*yX_mNPaj<)c1TwIRcYJ}gQz+Ls}PN(cLLP^WF_VmSl=H>Mr&Ge~6d|v;+xNk>VK6vw=I@CaiMDWePg?^B; zdWStKe9e-?{a}QFw+wl>#j&5}h6*S(1L#{#4MdWAH2FLuL!3{F#0#H$Bb=@5g!QPy zhWMB-c!H8f}Ez~VYftiw``vl8&jprEK%3GhXx3t?wJYN&=A z55ViDWQ=nJ143urc=1`CEcVR-{!ap$0Co90rAa6oNT7LJe>CLj>}2P}e+-uRLu)XB zTimOLbi6tp&yQ2~18h`#kEv)%?6>iwI(3p?|2vlNtd;#B)@YZOy62n|cUIQ#(L5t) z6~uk+2)`3CR!2I^`2q2Wu%-_J@K8sD>zkqMs+B(U66hPTCqcjDfE z6N|AgnakYWEA69>?rr$eM<;%e8>qFLo!m<9Bs>`k0*h^f{XsDy(*P#6FO8twM^V;S zarRc9_qTCIB{XY6ojs=7gp*Q_ez`pvU*&+NzpDyZ0Lf3(pg>{?ha2bAg$(y*P4NOB zc<-fMW6c+NXY2rld#oz$a38PROQe@rBS@=RwO@^D%T06r_HwI%;V~xf3rupk!A2w- z*e~IIj*qQ}6F_r3WyU!t3xN&T1$79AUSs*_ySi?AdGR35mAhwHj~!(p@R8R&Tept7 zlG|gNXnwt|g#UiO5j_T-^?*rE{d90I4**Pp_NB>E56`}s&whmqg&)7HNHT0GQ>RZq z)QIof(A_ufAL8wRyD?d5c64HqT6)L7JmaxUg_ zSBR7DR2f6)E4j|QCV_O3rP{!V^Rj9y2WJ!;4~B5=mshxxcX1pj_M6-VmZIdo)`aHx zQp2kzZ=K7)d_{Tpo;m$Oc#*r3yNKc7<7ZJbx{8tq8SI0pEOl}%-)JNaE@G5M#+kF1{SM==Na!dr|yi`JBpI zHN(OZ+GH>&qOps)`cR55#Rj#4O@VH!Q(L*P5yTEu;J%`#*N_U-Zy{Bs6mRAm0@LYu zZ;0XS%YJMrbn`kJ2)m@Isk1V22x`-H(0KFa&K#~(e1Rwzv%W8yc-Z$g>DHX2rQvyw z;8KC9?ScTs=UkTebL)lWts&&CJpIAfFeO_o0Rg?%4l)KOG!QSi!hi_to-# zj-k$VGa28OydD-sz9zu2Dn{w>{XTmho6 z2ZWFF_3AZzPVj6yn`#Jy;V{jHj_)bCJ1i{vR_bRA1F$`U3Q2u6b zPc%G#chP@6Byw3?=KL;C2Gv~&l1}Xwgslxto0XEPJ=vM}ICI7a-qpvxk__~XpjDGT zor>WQY_`^juD)F14vfuE@Aq;2^t_|W8X`kaC(6q<+^uk z*wIZ6c;1)?h~fv&CLYvUUyu$|uvmU0tnrZ6JC#YyZvBEgnvIW0p>lT`4|@O;9hLbz z<@^W6odfYemwk)bJFqM7JLaHpf?U$XMqjPPJ!4(~Mv}j*|US`Vi`*=*>@uM*%Z)kKB9o|GPF6rSd{<5@X zQ0BZ9paVUhuQnVk;d~RXRk7EMy`KU0%Si5vowAgX4b7uh7H77HS|CG%T2Zxl=-S)k zX)1IqxhE@QlYG5N@`V>Uh&X}UvsVHZ_pL$UrAS6K*(z_LC5G77yZDw{Ti*FUr_9Y)xC)7@FaU zmwVk0+k2LMLIR56o{(7CXYsBwTTo9|FW`-b9P_@Qb57WDL+qgy3;3sZdyL5#$Fv2`cV zE_E-6N0z1i25MM=huSZIrp_UC&H?)^50P%evWL4`&iw{bRtFPDDC*zgdx$o3!e`hfs|jez1K?s1g=J^Gq(9E+FW8BW&qCDM3bfYm# zB>D{2vmG~2I4L_d-XJ_G6^GZp7NobT(^#iyR+m6FL z`d9qn&4->%y;1%81U4TU5z%M;TA>qGcvnplJVTvpK&|aj>py?@3(o^%h!arW^jN&UvVtn zOOr)M9cC~H+-nuj4*@9d2Ti~8aA-haLHe_ZL6<@Y?NK}IY;?th?!Gj)WYosD|w@l&)Nz@;1~ z^zu?+#{jRQhHB+UtPkDXmN3NLcSJKFu8?m)&I4rUm4UT;47+e6e3-_*Wv$v0-1=u_ ze#Dm~L=McM^`jR9v~j;kS|6v{{UH@v$TUBqf9VsvF+bh+uBhJotXvxA2f@q}+>NqY z-jYQ8!|x`G#}}{5?SS+1T!l83R%_#ZpI)eauW$FYDAd=uyqJ&Kgh9{$*h{jl#&B5b zy9{T|*2nGvUEVB;pa2MC&7^RbH~gC~`|XvH0`2?Q?`g0tuYQc?Cs+H!PgW|U{n47V zgj1Y2dxTq*ou%uGbbiOdr(f5q1`Fs=s*qG@4&LY@Y?&OWqX@w%Lb3XK10ks{A(_z^ z!!Z%aW3Vo_hPtyuiVs4zS<= zz+L`nB?&N#J3O++U5UTu2~U1fqD8$01(L`6c=`%3l04h_kp?qmgUJ}$y=iS!>lHpq zJWPZ`I8qnyDRd^;;2X7=Ma_d&clIrk1eg#&TO$qCo6}4}OcK_FOWw!k`z${tnTDC%|CioO@ z*7gh!v5Eu&GfrDDCr?y|4>nJs7fZC2 z%_A03=Q9Id5ROoQK;gNXerm4{5K}F^3wD;57yq=*>crX)`Hjz?Vfk=RHZL%jdykfg zqsp(3qHaZIu{C2RB}L61Wk#+pxv-L_lA)&lik(X0XCTbW)of^a-eW z2+!Z(Ugl3Dxz))Rz>jKHDf4bc#)an6J+4T;loidSvr)r|ov+%XYcCh8bx76NWSt|& zq~FmIl9%~5F0gcgDZ%$*zfIXa+?h7g5nNIoS2~83{%K`Gv|EJKDbDU4 zlJ$jZ@9i0Hjnf^Vp#SdnIIXx{4tY8*>mp>qi$@dLJ~+J|!yp+euEf&-gGi2_qXp{F zO1Yk=k&EObMQ`%HUro@mmI)YatgnGp&f{t0l6_N~!)fNq1>6bEf4!D{uqLxA(-)Pd zW_qBTCuPBp@kzmSjN@Wzn*qG_&8KHwYqQdSg^>#o(K38_A=A$lDyMvGSo{kz7Jo_r z=f~u8ucxZRx@F8cbN_(mnc;bR#B+PM8}b2LjA6QcLulKjz7&`O@UJh?dHArHLh;GV z(bHn_XVG}vcsj#2BG`U$QFW`yAuuhT-==?tTbRr@)GGTF~k3jGW-iHPmE1ACm~9*%hnFrFKF-eZJ*A@k$$3YR>_8}U+0 z&a3xKy7<|^dHaaEp1_mv=OzDAyk(L%j(mifeJdW<@TOTd4!z2#*eQ#7kFUkP*r}qV zzBBm1og_$3mJgUE(R^s_*{eD0hf~bfbgOzj`FrS&tUM7?`1T=_1ACl#oQmkI&r$9{{{)EPJ6vuXS6-)X}b7|v*6w_25__g+#s%W{$~ zL3;qf;3uWt8%8`V_68wz;NS7SFNm(MA&TXHw%z*Sz!1BXVnpYWbuj$?bQph)-aR*R zJDjgQkza69@`jO;P}xmCDNh3G(}VoGuYr5l)B{`zvquQ|1|XfUs6>y?CyvMDPoDt? zZQ&F>)OBNi*+e|`3%5b%0gD|m>6ICm4i15hoeLRb#sIncLVgd)IeNkvA{9*X$5ZFn z-8CPC)V>NYltb^|wd)HQ(tccvUhoTp%Y*)HZOLvmBB-K*wg#lFuMX^N8Dsgp<#h2A z0{V*PWoi{>lwVxNUl@rD^Wyp}UPqa2!SlnFc%SKXKM(NLDeUb*|1Q|+q{%X+Z=O6% zwuI^HOWGGg{Kz(c5XNGpTM$Q2LjOsF;9}BL1bndbDCPZ$2xGPBbS^L6VpaI<^)C#l zNgsl(IPpo_P{xMixYPKG6k!wFSF-�Q$m+%cbW>>CE4LMI{h!Miwojp=q}grfdo zJf2$ZJp~{$KrQ%&-r+{%y?x;JDk1uqzNPhs0MqEfm zL@^n4FOd1UlT#jq{;_yg1Lh;_7$X7~GuVD7=_*G~rAR?{5N|a^61jJoi|lTBujfJw z`Z(|38-8U#638f*)mTk*PjjIHtD6;5I>oB+;8PeG9@l;4lyPjdc32| zERoh+TSid(5**q!t$B~8_Xp?VgDZ$g+8&a@e0^H4YL{scDWkbd{R*=>%b-6HhvnqE ztNG2VWj5vkXAEhC@)$sW$Dzum`94*0gvCW2@5s;jUUK5ynxX{&cLOgvz)zN^?5vlhb5+a z)|qyn&N?mdGMQl82i#>q)AZSAGP_HMmL|-4OET7n`uE6Fnco6%U!nBfQlwhazh8BG zvA635Mx4G(8!$iG*Dw(ke-?&Rb$HUVPjC$6vOJPY8@J-`9^U{AFaKdn&2 zM5JfJU=9a82I8-sk6LYcDIVX|ReGI^h})V#se9-*lC|}@&LPH;pXbQ+OJx?9z#KEb z_We%)1?mswwaE|h#krjPL>4cQGfM8)O!%0Bgkw%W{2KTL1Rq*if9_8c^9{F=1AUlXB-S(aU0T#tQEAykN zM)Ez-S&4%V#k8#NTy@~_eZn#ObB~`>2UkJPmOzjfnY==FExDg@3ddtOuzMu;iGK^3 zsPntYejJSjQPP4nqTgP0#%ToRmb&Nf!S13j{Y`0@nZmX~_aMWA>VNi)>;^KvF%OmVT&?q;CocCr3wpb! z6filQLW=yXf~N8QE!pATqNljjo-o)6$ zf2=v@7EA?iYOS^h>Jj|aj2{eifIl@FVPnMKi?Oei4GIDFZ@+H}z{>sBJdGpNfP zkzGb?a65jWcXfo4-VvCC?9EQba)MoL?>;^>k4ri}JQ~0)#djL{$lrYuoO3bw>4$wL z<7dch44_cIe|CGd#~VjOyx&AOe*JRZsh$dwKD#ufFgOTk3VSRL0r!#`c`sJkhgf$~ z9k@k*Vsz$HSnwb_&f|qgF8@h3o`H4%w9RnE)%6S&{AP>do2junqxI)Ub&*9rKc%%z z;{HlN{@4oiE4juWY&jL7_PVyA&%Vs6ePmfg1X5PUDF43eiQK)lXLtvtTW$ zU;}S*aPg>u3zL4j)D~?Ib#PWlnBlIju=ZP;5`zLCl3g)KNKO!EbvsZbLwg*^7o5d= zD3#;yiOT=AY(uFm`KLnaNDK=zFQ=33l^1Zk{6U1(J+pt-qsu(8XFN@Ld(g!pbD0KD z$(-&=enZ$7DHR1=eA~b7-!m0nPpHA{cfK;9VsVl43~u+-cj9!=qYmVqE{cvl>_tUs zfA((u4?1vP_RE}ZH-TK9H8l-7*#O9aBXVVKuFJ<*UtkC{Nl?)+{T)n7;rjbr_93?Nkd)#ax}Q}6sM zUn9$P>$D#zK$2(m)@?DdGGTJ_&sZ{ZA&Z7a_pT)+B>8|))guC1cLj~W!H~JUw%<6vi;KEg*|W^pND~>&>CFR z(z%X}zY-C!TY}p02PM7T=uFQx`1C#wss58K)iE3nL=;A9s}JSeb_aL3=NxNyZ=(oP zu+7QmRMTM&ZY?&858e!ujV^V%@n;2fM%MSQAD*o$rM|tdFMO87NZ2yix)y0}HGfeR z6$|eFy@7Z^zTSuL2gK8;J_jhk$?l2$!V*D%reg*}5|hso@BDmBwA)4lKI{hgz`o6J zM}Q66xPR+U*$BZ|UEdK@4v&e)K0(U=YS$}>`WXMb`x$32vhg?as{+f#_Gwd3osFZWWo*pKi5y-a{~_%ucHr_m%Oi|kXlS!`$ctK&Ooz=#9Qha za%BSfD-2HR$o%?iz`6C0_O{&0}z!-06*IzQy0xga3b6eaelZrV#))L z>9azRi!A|l(4vB*92j$;ZcW_Z!||(neGZ;XGrxkp6cBQ0%58Dc8I9rYjh=m35I|K> zPf!GCp0Asfi+Z-l0EJ(=jF(MTM3oUtk*1q66Q2%VI&a+T&ht>6AB5yUau@0tHc*_h zgV*pSb1)-qurXWv`@wmHl|)wuNk_L;kJ`w#ys6-5NAELeUpDIMo&muR)bkBmG7EdI z$YfxuSfobsTF-8^njE0V+=+ePLA*nZTb`a5z)SaV`LSoWIUiOD98O!msj2p?Zcg^> z(E(Y}3=>Z%i&<&&E5AW6mJXXH!=iT(J zdI*y8)?qpkC&G`v*YK(lf+0 zA9~7uj)rxF^U;OdC;3{DY^H^X0i@BiTdi#TNlm5(ujTqfAsst(M&DvBlva`p#xKZn zp>XcLyHwl$VBKR#J*yUM)9~8Nox`=sRI+S0v9)dTbbW2yr7d96{K3vWat%FUxB7;9 z-n*%@C$23{vbA+t4)#61F@Fy$Z2blrE1vkRl8{fBcL7-q?yr;m2pY)=PVnGOo1y%C zrPrfK-;khyp9d{-YZ{Ar>4%SN^kgAV(S%=N5ia}V$6Lurs(Nw#Zq3^}>fd7hn#)~z z0nbg{OUYFGbh~eiY`R#Og;Z|)=lTdQw`aSBh5usqHE06We{By^a^%(Gxj*e8VBYJ9COLzO_>M&-T_DZ}Lx6p#S#b8-wh;W^%#t4gSt#BV;{&A9 zs9)f^carU=3~ihJSo&J(InL%QZ9N5ER)6^woXh9)4F@kgh0^lv5CRJ;*DMMIhT(aw zl;wQU_22TdYPL-7C`oD6*?=S%v#;xEzX|i3H04@YCM*rTS@b8Cs51 z9uri4+1DI0Kkc{R?|#oRya}E%%4|ZSf^)tVVs3`X3w;&{b%9n-h#%f})zKKW!A$or zkd~do$;>j^BfUvO<|z;60(p@o5m&;cfMfgKpB5jCucMCql)CF(%tI5XP4`cs=~Hxt zJj_c8JZMVu6Wt}tWsU0lw}`PH2sY1_lL3bK@F8O%VD#6%_1SNPko!>o=n;Z+Apo@| zGjXAZk%Z2QdA8J+em!4;&ckAFkGJ{51MEsD2d837m*|^;2Mf;_Gu4$Nw-#;Bk{AK$ z0A&D(p*Z!ueT8UA&c;U@RzhOkcaWV?jh7?}l9D_ZSvY!6O=vUBJfHOe z{tW<-_6osaACK=-_}2+3Pxr^s-S^4qqp;>2CBf^&b0E#v3%BnI`wdNj9GE;flz+Fx zkS@5)b)WBNMUI}F4FN3!ZtiVXh}}|{{U1}0Yi2BWrBjR>-2p&t{R!p$e3%BXPuZIo zwiEBMAf8&WV485^?y!q|o*rq?XaMC5@DKxyt9l!1Bhita(aB^$%~Yj|DFh-faN%M# zOOI9-J(pCDD{yt}aZ*F*EbljY<#kgVQu*^Di1;=` z7R8c=#pLMB$M36Sqm;e*=)av7QZq;C!HnVfAv-O(Uo1SVv>rwD6-Hl%$8Dk}yWd}| zhq@LG8wp&ANxwF~=QcM!BwRO&c= zU6?Ocf{A)1xcfv8a`V8wHAa!neeVqny!W_G7Du_Dn3RoywX#&AVdJW+AINLoY#bSf z!%op3)?RzSsh3+xDyl!`+rd#3jJZEV7{OP>iU^KaTyJ;IF92#fVDe3S8W!2iRA6JSc*|bEc4PTO( zdL;^lx1qnpiEv7Cg-<=I*-kAI_NA5&g(oY=!wy7ZcBqKN|I~OG+^j61bom4QoGEkN zKH~WDhn-s3V5N72%zVzc9JFzhZZ50wUDD2Ze*E;uYdW9iKJ9<>Wx_xUv`nW_T#emn zdH{f--M9TzhbvTotldy3*vI-y--lb%2>UPxtwx&)AKgB;C*6AHGl{REq3||##y;BP z+J67$38kf?++IEcu|Ulb0yk&oRNjN$oB?M*&4oYI>C4wjb&aueIhPkk>x}x$iLj!0+(? zdEL+W~||S*gv~HZI?&F^fFy)u&V%lGfnsl_2@$sWlk`7*YshfOJfQRE$^dtH9 zdS~d%Jec^+X0fNdV13KtxAU{4_way&u(z(ok4f=?8Mv)7r!&u`JYQC|s|fvd(L+JH zza90kmZ1fUHH%d-OQh_(ysJI6lTs5tT`6nA@9%PlFXgI`B?2|cvvvsu`Q6i8nJoJx zT(hQePY=$qgUk4t-#2#rz8GVE6NMMNk>Ms6IM&Qq3%VCLM&wWEMC=N51_S{beJqGKfpY7Yq>dA)A5q@ok z(1q~I{i&xsFltV>^X&*poqc6|kE$%_a8*296nT~~Anflm(vE!~Ux}%9=udi=6si~x z1;GMiMJUwZJe}rx(4-WKcLXsKG9N@Zf)r@~^&syDzq7m!Z-Hgl!Td3&56~EXENTPs zmGlWL5cFrgvBsVM+Wh@6E=Wj`aP$tO1$W^oHuTn$-LAz=Fq-A7JZe4`UbBQ=@WpRbHiVahsOw|Y;#n0>_h4fbKRo8DKCaZi%FSA6Mx&3wPA2z{zb zD>?9Q$b`M8-(XE!%Q=n|B{_u^x#R*+UvcQIG3u(w@6shj&3&j7sfEKoB89nE?|`2Uy>73pGx#n>vu|X zy(FInnmp48XC+>T6#HOIPyWjG#*Al&vPjU%})q5L_i2(MX`WEsGQz3}f?=kTE? zwBC-8KsrVaQ%kiq%QwjI)~{q8KFRY*Uz0sy<^9SO$wWHM^S%JnOMb9##Ih8y)IML( z6HDvf(w;tp+KuLpHBS;aH}I_i%EBT{dA7I@OKKXauTkwi$-;l zR0hsc)?hlEHZLIUKSdELxHfO-+Q(1L;Elvxx_vBTxq<+!Yru9{EO#Fiiy0|6R53NQ zDdFc7%nHN=acu5^X`f)?3rd&_$?MbQrN;sSM<*e0aJM*^UwVK7iOh*xIfT|}9~Zux zeHCJ<&pyc=cVeD8k}b3z?!iGjU2G~nze?{Re=&W8%cWf^lGxq1Q7p{l!WTy3@j)L{ zJEFaG$<(M)L3F=zv;J!zkJ~!mUErG8;p2zp$;;!m{#v!;Uk>tHXR=i-|L9au*Qc(k z)#pxIB=$jm0=XV4JS{5azOwI25(12BT!T9-;-noLAsnY^zx=Koo;3C&uwiY$Dv2WE z9PM+qd|%(6gwC;9y6GWdw};$nm$`MDQEwnJ4kK~^cgwcJWPWHoPQv9*-v$zlj0PVn z%uu=&QDn#*=^>o48m9Mv1Y_Y%V3m;eot7}~8ZliC%s1xw`CO$msaDlKf10DRkD_p3 zly0ISKZkU7ull8+T3^cK6#fo6oivmQ)euP4(lD8hbnO2&lVs+Jl(MTv4Nx~DPyGw{ z4|g{{mMVzoa9{k-OTET;sDvC3Gcoj{wgpCh;28V<#&5Bb#I$+PP^MOJ&|;q&Cpqot zI?2U9w5Kt^{ojMJPr_jtDYaH`cq|0c&H z%$;UPR;lJXnJ@blq&6f=v2g#n{@tms{wIk4y^-{Hh0}ODld0~j+2c;qH7f698{D!J zsPF5$2Ps)=t0b~3T{W@7K@{;u5VOADZSuxa>o0^Z(ft}t#?>MUlmcv4x+!-T9%mw@ z1G!LLxUeeM452r2ahzddWM|%K^AadDXZ^}men4CZ@=iqT;r*yTN&G3RPxN{pB_SsDBas)y!G4^|3p4xf%zKyEpnCE_6iuyr;6-ee-YdNJaZc8g(%kuOzRLZ(Z zzC%I86ZI93v;iL4om?fvAcE*s0IsvlKA+0s_UnTEMpABehryS}MNI{6Y5K8ST!J)B z&z&>_6FCWj>tFK8ghQ#p1E96MlA_rjD8sTucVIc$>=@in60$9yiQ_AOF^T3_Xftb* zXky*jEvfc1h1KB+1Gi=`A(4;CqAAp46tTLSC-+bI|EZdg3)8(_*Dkhsy>Z3Q~-}as_v^demD!j3h1&ugCn$m`zD%$ zAGn|jl=Sf1LoI%-LhUv8Wsz##W1GMyj$Xsy#jT0C76T!WluqSy z1(Op>;4hG~YJ`xGxhH0w09mao>d(oQ0g~*)Ba7sXv@X^v6YB(;IGoQAlw<_5@QYdy z1@EZw-PdUT_0#w3@P`3BjAU!tT-l=;4snduxdpGu zW^)Qy#Nrn<(kKaMP1gfny`FWSuYS+*uAvUcBnKf%xvtRV7WVNGYU4zGT_4aH-*6uE zYKH6WGebuU9z%K8Wvl-BmV{sZVRN7@QPx<)FZGoW4|8U{9G3pv5668uISuDug#T{f zDi@1Skk1EAmeb?T*BWWf6S3MS^Q9MBgM$*%v%-odT>os_8y+~xyRt?^9P4~LT~v<= zNhGO|Tc)de|H4M}dKh}(O@HcBP*hPA<XyIqSU`3W?`qNvp^ps@c7GwV{{CJF4TZ zvw|}cGGQQ0Sa6(M-B*+!T3y?9v8`@6JzEIBZ8UK!C6XArs-{IsGiT>Jc>8q9q|=u? z!^=AG7xg(ze2j*3a2o%xF>`bv**tA7Fi|b|1DpR|kVIICB{Up46q@w-$lJp^S2iwF zf6MVlnzhNkcpZAXGjuWv1-{+kcYqCM+##Q1ch8^{(Vu__ZjqdnM0e^a;5T2yjFC$eNE=9TBomty; zrnIx*(-}#JZZo#QV4k@^*fP$cqOSYaxP!*m*$9yfh&hs;lkX82N~fr^mUlKG=b^CI zcru{X(Ch3)WR^Xc9tsIQ$ilTrrBj_9yMzqy`K@~XY=4c5#{4rCP%;*wzwEA&hxNUv z78W@aVITHN{dfINKIk*mZO`4Ij#7T~-n$TV*^~X%Q!fjwpJ&b3VOwvwsSNu<|9E;n z&=k(Ao;pNR!mE^dw}KkaBo4=C3eiHB@Y#JW<;QM>^)sqmXhkPwQ+l5sXo$A>mSlyV z6Qq={d2-ePWUa;Q#=dhh1X>EfR)lK;2eSO4{#vuYe=l_W9QS|*>8)}5i>PNyHY1hS zY2m!>vk+B7Rus`1yc&zWoG%1OvC=X`w^vg#6~3f=FbvGG?STz}pc zu?lw=UKonzer~rS+-!e_A^Tf@JH@o6wlxBP_w^c8M>xE8&Gr6%8GQP=^H!h{9m|+| z+M~6$SflxqD-}(O(bf2ztL@5@qCV_)GU&bPipY&n@fz8XoNnm*U9Qc&WKm=* zQGfW_zpE$WBp>Dgt&C_wO25l8iOf9(7~}*BdmGZ z>eVcjI2#0C9z31p-!HH#R_tSvbe+~Nbj2G4f{&Q+^pY@e3OPcq`Lko_>Cq6Da@rVj zqCn+4^|opAQurC$2W0=1x7MB>b_SvK3?X+8zx%oQyar61#4=jydx#BEZSgr`9G`1> z;$}fyAQ_wp#)>9v`{M&Zd_8ig^wC{O&>@4&1x##{K zqY9HtQHQ#b&X4AOtGqO6e;K7FRvM5|QGeZcqy_ISi4 zHh5G2k~^2_!w;olRLoW2dB%}sjf$ujh3m`5KGp-eQgXUJQ~1?YeNhlpwLX5u1||T@ z=%-eLvWAYP-y}JF`hc3f9A#&9F2>%=2|Feli z?UcWZm}9FVy?Ry%{#=jbZsm8HM%h(j3|s)%H%d9Jb-Nb}kUc#~UKs-|`Wg1wtzWN- zw%;QfvG^fg^qC?w%GUOL0b#$2ogFhIaGnSu0&fZzCkDQ+p&VsOE;kpASgB*iy?(aA zzCeuUF9S1rr|7(GAo$LVR3n zTIfGv27|5%&esRK8^BhQSB#AHS^sL2T5M!#)03?xVIYB z6MhS6v@~$ujID{KB|!H%TJX(uZy6w{u573JyKmgmXyAS?Y4T8fLh0a-yXIILr$2_? z2sN|4pwoEf1QVchaQ`GE?+x&dbiOkls4BX@FPi3w_`>T>4fk!l{DzBTtk|UY|rT~fj`L4qgaol$-ZmObO%kxbVUj=l3-lc8OIR|Yqs zprCkodY$+aswTA5qbkGB%Y%@N##(}OWcpFQDbu~(YadO{3wFduYQn%(abF$N=rt+> zmd5KG=P3{G$S_?TIy&cb1yCE&A)80U51XfIVzxq1`K8~g*cB;4R`e?%aq#|=?Uncdu;ym!uTLyXn7#!y))`hNE`W(=azOTW9fA*0K$k*TrP zz1AEtzn{xbw>i4IRnmh)U}!vVO2Xy2OcI~bHb_|7KYN@zXra!h*gx0r$?X55_t9TG z#NGM&GJB71KJa4g1Bucz%;PG$*wr6zV*k86W#@z3ntXSe3P_)sEK+O^`@Az;e57Lc zREw~&EyiBiL=xWl=1S$;9dd0yGeJ@vS(0@OlgXXkxivtZzf`%Qkxv3pQMhZk)Ag7j zQ6Lwg2YD05ceov|rrbBjA6IVRuaM73>&8z}Mzn{*d%VcqSKJ2$D?SQ9q9=^x8 zYSKZdkC9)*NZ8rEYFAUdENmqfowCwgvhFdku#k-f5;ROTv6AmW7sdx26vt1G3R;@F2eZApOVoIgiJs}bRsjv&=X-)QX>LwTEPLVg933NiNeN7~^)xO(R8dH?b z*KK(_g*zEh*L0hw22bo)Eh+FwE~HueJ*3E$BopAte~u=4pIXroVfVoKcUC>~J}Yr2 zHVxinZ9<7H@iqq{6mj}?4l=6h>egfE#P|EH3E%Q7MHfPX2%C~=N%YnOj+)jUwCr4F zr^ydkPlq4_+6{gNdm+&Xs#4c?UPRn)xjaLZbRHmFm*x_>HzW9=`CmXi;Zt}%Qa4xkMeN^ z7lJfi$OiHDgLKlmzqIa6ky)CYn04QH1^Q>ck&OSA`)o*RFMl|fT1FHiMk=XDvLdbN z_Q-you@~N+>>aDmnrm;$3(*94I=8$L%|$7v`yIUQk1Lg6r-!HcqqF0>>+*#&9O>*0h_UMcI8)X zk#E;B`*f5a{NRQruz+363$dVD6G(XQHGQ827SX{&My#22`{AA`c~hVJKD{tsAnbht zm9F=Rx(|hIssAACh506z)K7YS$@wl@o(J_9pXu5Xk(0CZ{pQX>s19!xu!mZJMU1_f^5tntbV4C*aT-DD= z&ZzFffny&R3#Il&GK`zY=O&tvU7!{NB4Lh^HxdrY~{wf^8Rft+FU zl^M>FuI@{ny16GKrBt(g8z?iY-`H|g*DnC}hy?CGuS#~&I?&sU-(OkkOwzc?0@w|) zSL?_AL>Q|ViML0kqK?%~{Xu^*5QCn&_&&9dXfp#_ZYJKABN71h;bOsS85@?c0PT22 zQpIme?yQ@sPp8|nH;^~wh~Ep7s~&qC2I`H$ujs1B;px7EpL4x;GQS0ks;mxD8L#sq ztK4e}y8tQJPlxFAv^H5DqiS+p_+6AHEbnJ>ob7Y;y8~2p(qBFitX5(SzqCnl1tJC+ zt{qg{(j#7}I|^sg{&2zr-dORo;^)L^xF>uRirY~$9Ko1WgP-KEShLWTJu$1NRC^l; z97Jx!enlg%z=k1}h$@6>h)6h4^XF=yMiZtC%@B0Oukj1Q!m=myRmhmqX~zB1lX?1m z!}It1bbJvAi)Na&^re7i9Eko3>6@AF$I|54n^}qH@3>qW{s9O{5Qv&RgaW62Z4=`$ z>_lZ``#$JMNxS^0>)~LnFLn7aInw{I=JKl1j|%bB=R1!?3U2vqjT+z^Nt45m_-b9g z>ATQM>R`;ZcQ5$y^7)?h%Nrc<%V~L})^aK}_xfrF>v~{32j!%k zZvL1Wad0=%;pPtlQEk(2+13{HLWveYNl9_( z;<1%aHO``~AIPu1XJvg<`NU2vUN&>rss?yYc@}7c(yyC&iP5yAOoVM3>Vrk@?PzggElhh8w*s!ZYD+;x>D9~A#s%c0T}t$K z^6ew?o;H}T_mJZS(U*vIMv!LuHD56%Q;F3-S?b)*>y2H%Wb;n!)V>#ohf$F3@4c zv1SQu$5;z`CHMJt#b75ca{RBakxw{-PgqE^gd{0BL-2zVcqmzGD#K#Qo$5RZ`7Q6OyJZ|6T z(YIm0oeqyTIXr`>hD;FpbJug=pXLhSk?*GI$#;LduTrjDni4Qv=Kde6R+Ub_wcsL? z_5vBOwYeCWwi3$gdCNG10$@gePi$~(S-q@nY_G(nFx*aOHSgX{w;zlSNi~Z$w#1!M zR`LFPIY|5^*k=`f&H-vtur;3*R5}+NFfOtS=VE+spDQS=*%oCQ?oa{y#r)kkSv;~6 z^;9`H53yJ8Jl04xb}jr&|DAnDy`gUi!NB3X-!&+!WxZ|-WOSVN2$|7EbZ&4w*BJY{ zOxm`jkCktUr`}@T(XVx9^es0P;nB^u1Wmlf(Ko-g?0u)#$?| zwAu{1z`lrQqmr$6Z|VSV3-|mQcgTWZoa?1AH4N_eXQ(^KPOB6+yTJe})wTQ?w z?olRihw?!6#0PH^_xbqrQp*;aeh^{VgbB=;2`Z3T^3H+qwY+XZnU~9<@qgHOnZGR( zN1urJP=^rLwjlC*SwQpF)9B;Sw!XHZvHPk}q}!-rp5hwEHx>dyZH=%E;N8SfV!s$!s-5k^{mh>Uggog z_!B-t?U_Q@uo+=)562}4U+C)cCJ6mDMwKe6wy;QEypRW-JJpw~!!<}#?wZ01MBqAJ z&N?G$gX5UocW^~W)Vxn(>P>Z^9ksBk{rFJnWVPYE_uAkT=I0xQFpoUNZ1Pd={H?}F zyWfH9m$k2Zm7M!Of>v&Rf^DRwdhp-B^SK1%{WaOcnE;cayt$ctx?LgWt(|*_Jd2UeLX?H?GXDM*LXTq=4J~h_(15G&JT4%vg>bNi#zT?fo@GM3B?R$A|@G6=6c*j zg1Qgx<8TPTT$vGjx$UC^oEW?+wH(4G`_5BnLfF_> zfAs*8Umg$6boR@IrM|~W4z_WcP13RifVCDB{YXQfey8_J4y}B9 zWDWCv#L|XLy<$2bVCdbPHUE=~i_U^EtSs#!eFeYg&EIr52f?|e7VUI_kruYE`L_oi zNf)ts3B2>m_Q^|($O{}pp!RP%(Y+?lI_f~5TlNnTSxC*a5aa5sXxFA%jY#6b%b7VS zDOi_Xirn=c(jNv3ky88d!yl3@;Fe@HLUOhqUzaj;w#fDb;MxAL zU!JJ^)m(1~xjwU(a!93VaE$qSe;9elXX}Nm`CSh!ooVlmcxg`pIbgya$kfj(Qjzyl zK{J-j5n~>m1oKg|(nK~P*C9QxU+a^8meD@ptu?Wt(|yeLvhB_9YhE!h4F}O|-n&80 zbx7?k?eA&ZvM;Z}sJ#|nh767m;vwi0hDzacJ8(uxbIHa>BFmIymEd+n5 zvTv45d~o7t+>MeIDxa_K!OY>Ct3t!FvU1n5uH!yAgkzjYkt$}Nh8yc8@rPG>f$6BX z?d^vk%;#Z*sqNIRBA+noEZ^zsNlF_3eWDyJ86HzJ>F%{)&VJdGaNQR+K4yV?y78Y& z_VY#hIm-&G1sNT^yF^egC#`Z(Zx7gsd%>r1s+Q7pGYJU-$TACiM{s{ICq9~>RRQ$d zV1SN%`Pr-SCVBhlUOrw!Hub0!g$9RR@W(kP(Z|S;&nS*c5jo%SFrEm`q0ZP2@{l|m z;%Vr@9aycC^dk503Rh5c-AIr#nOq+ffGK5Pj zLy}EUtNnib4fY7bJI`Zt#0LTvn&Grt$E6Cb($igf zk!x3|mfr~C2TaG8Sk6ONCP8UyA&QwtC&fu=e5le8G?W{H)i1)biOLi9czdav zP4n6#uEr6TybHOimg@6EdCD(so+Wb{YeAQd4<}Q>3<~^FJZ`HkhjhB%m;F!GoJnL) z`^6guP+CYUfVk+DUXVo?nwbB3y8>{&%s}-tb(L-&_c2`>q;n;xoP^s3nzS6XSgJ~` z;ntV3Cut~h)>R81XC`^ek!Nu3$(WEOE*8Y+_i6jkx}JV~zO#6gNIgW}A+8MC zVjB-OLV0yxLgfUhXU55mi*$|OFI&v}P)^;aGh&QNHL&^Sx;R5l@3WjOD(SP$4kw*qDq!y5?=uz~OC=)X_~;f}*=KB1+^#RDnAS-zw#*74$>gyFh`p z2FwYVX(~t$&`dgQ3U}qLvw6_2-yW{--x+2rD)?b@4WDFAVT`h4OvMq}!fxDQM+B#1fHDetqSVr8|{Gl3(lL)3;R-2EYXWgqB>q z7||ObvPiSIk3-d!P91HHZH?wS-*q#pSrU)4>!B z(hGKwXQy@tnFU(&yqDaV?ftc+ZZ5m|4InmnO`zG!%lFO5-?y;r2dod>Tu{Z0DhKj{ zK~<19$AbjlVe`dW6)SaRPMX7`_)UNcJ7{SNKNWTr+wyu3THd7&qM&0k|EWoURUOI? zXM5iA8_?1^U<7!}JG|sFM20J(!e28IDjjx95SQ5OBb-YV!HvjhcEGH@rDolV81?y= z(V(QH+8v zh~(_by_R7gIA2Mq)5kj`%tb9>Oa-;&T{Mueu}94%^(Vy8T5HxmFQdmLb#oRqR~93S zcO~l|e^smN_>sq3LA)vAH{I?Ju6%s&po;`-5l8h}rwC7d`#g(p@H9eB?ylCJtTya2 z7=S4hMi!rwzv3CCu)_t_m(UxUJ#~eyqeh@(&Gi)9{xIH*UnJtTXF}%57OgKIdq^T4+}!XLX9c*JL zw9kk=)xXgggQ6!0DrX-aT95u`LNF z9zBKq1*o1+c3-Hwr7p$eBmy-Z#vLAFfVzVJDJ4(&Z|zjx%9n>1)0R&tqkkc|1$km5 zY$R%CvoHmMzuJ3eS0w?e@!?MAcjcX!Fd?wleHDtUPf%ucSW*}^FU<8R+);r^p4%Gx z4R~e%x3lys%$gS?eRwH+2?*#QD(|G$2XwrJ34U)*l2W9uyy=b!-PEJ=`V$~X!IZlU z)J5)S?KgMLH3fJ7PCnKpkV9~LF;P$Xe7Fv|Q&IMGF>Z&XTz=l;el(+Q>kfns`|t^m zqr8u1BVG}V+Q&XZVN24SJ^L1tnOR@G0tv(i>JdLXhciE6qTJz-Wlb8Z=lbzF{C-Gv z2YGQxO67g-0Li=a)di(^I92-y%|G~n_B@21?*)ie(TqG_{onO&y;RJ_?RPmLQ1v?< zFXW0qh)rP+I-89Z>}cz#cQZxm@&Io*{YZ`t5VUn=qvJrK+lt1U7(pq8e}TU6c;+N?Sv-mJ^Hx+# z&Dl^0pTEkyVaL3o=$qVQlSr!SmsWgqhez>49m09U=RMEv)D*gKb7X9m!PZDuXIXJ$UOa!2e(C_H{(f#x*4x}OtP_hp1fwPeb5 zBmo-06Nfj3J}J5gewqOseEXoeo}rzW$n*WYf%Gir5lS2B#wL`|2~9!Y(T|GR|G4i5m!c&4cASy~%S;+G^nIZi~%%vPj}IPTaydoeuIt z?*JAQ+8o58HQW=8Ezw1cDc@q@iu&R@rQW7|2wuY{Mu@aM^uMmAeruxit9*6kkew1WquSuN4>^_Owvo|l7wgt7 zZM_b**!*sY_%vngZQ=p=6PJ1Z^*|uzC@%6IuI;?R0}J?bb)v@B`eF^NdBlbHYv(Z5 zSW8=qqi!LoRr|H0KLvHMt(z%UIv1U8%oHk;TIADJ0OG8CsaUq2X7U%-t&z?bahc@3 znOGh*o)BmV0Gela6Akh0M}46@vNQEsg#!<6Ao7DK<2|_^dh*_T2yc!6XDs;z=8xVEx%xWgKpwV z)EXrWh7nv(;S~PVD7(r0G^UA!Ay+bzy=s9KHn5Qg=re8EyQ<->P;F#|H1KNWksfyMpEkMhk@BW?W!kS<|$+RXCvO}IdQ(k_A z2t?&a|MB{xFMn=Nlk`xI z9mWwJk8-e_B@d5h5>ZV|C(gbG63iHJ#>}6@Px@YePj2A2hs{yfYi1pTn*Z{vLvYKP zyR1CPp#w{MXscCXd$r5+IW*`<9;T}Vc*i6DzcZK=<=OeWsM%|SOqa^|fJ~~LLL$Gh zUp^&g$6Ta(uMQ&XGnRt{&$vf_Ay!`#~FPi}`tfn*x?L)6DPs`Y5g^ zq!iJ%1KcgWl&_7*Qgg4~_9yg(1SV*cV!vl8`a5iVh0Bgu$;YfE}U&C#Z=^7+jR(Bo zul1B)PUv~yCu+gw_wK3}wj(eofKTz`Y*tU2><1+G?t=#Y4EHn&PN$iLHc@)Y@x5f; zi0atK)^-F-leM0dM%HY=xlOL*F{p(U4|~;jcsx&U$|;B|`TO$UD6T7D{+MF{RthDH z6EzIcy;p(*2ds0yvc&enNC?MkdwAXxV_sXd;$V1o=JJPCkcH`0YVk|eOIxkvK2aJ8 zwz#XWMJ>8NBB$~stCAnTU`~BM7ydSyYP>JH4-t=pA)P^~A0xu?^Ku=^XZ|n;b7K2)<^Z3-#cmK>|7+~;Z>bt=-+ij6Qi4mMJx8xCaCj)$}+djLQP%qty>$snynC`z{URv~F zy#|ElZC{@=Am}jd!Bi#(~PK|7X9~|p)QUz)CK_HH@tAT00&w@O9R;Y3#&kTj^~-kaZf9+ z&y*MJakXj%txw{)UtjHDeoJz{X$hb))2IL8)KAwH_a`427%G9Pb!d4bKBc?q^i;l+ zm$HulhEhd3elUTeZ~2aq3Ey)VFh;_C8tkVY;6BejkR9VNjL#EQt_Qu0#Fi zq?}HMyCh9`zvf#OKK9ERP;&mGP@nMA=WEhq8784DmMRfpj2st8r@ctVu6zc{4h^FN zC;?%2*@uyTe+oj|`w`fn{JM*E2tV5Rm*sGd1sVgYFb~B8wqC45BsrHsFlma)QR9RZ z5f+WaOuQE=Pp&Fv5vLS^WMFPNiabB`x26b=^>DT!s2x5!0pbE4WWQhKXGQp4w`XF! z!Q!~@1J6E&;ZHnyB49wx1v`;T*Yc)%_Rh2w=D#<)-#7t6>#W1ZJP4lP5siGidG&2Q zm6a0dqnUoHF1hWaGsCI0XdiiKgsa1#ko+BZcznND4)dEKp?Y}ZdpAfFP26ijkSg!z zcM|yda#N^c*rf) zNUIs*{m%UjfED#PtCz&vM;Ro<}RqQ+PthM6L$d+;T2lKpy z3cY?R+$9UNlhn&2SG~K13l9y0uNL1-wP%V1w^hmcZ0f zjG1AO%zOQeW%D}^V{xH`0v?Bz!)_`c3<+MiiBsmWPf(l2sAAVc7yWmB9RHDJ*%kU^ zvUpVhWGL>*^`$<3^!P^>LyTb($Td(Mmgs$_h?Aq=>59@du zxb~TdrNy(DLj;Fl6n{5iA^X%caaNUc+_K!tupSM7RI{}w;k{jxgCu<$qQUhg@GzXP zi_4G`)0Q90y!(|7~s1YMi2Y`*`(e4VCf89S^P`|1k~>${sY z@lAMD@KT!_00A^6ui(hZsf{ePfuF!9o&+81Nr^d9sc5&|o}<#O4luUoYL z$_llW=3eb25HJ!*m#L7a`U1<~@D*5K5?+i)7&IVK@8Q}@v&tiN_AOW%l*cH)Bv1x8 zS|_7hAb+2=cpHbmzLLRAJz$ReoO;Lo2y%l;Q_BW$uX)>tr*$tUCcX}Lfi1)+%{5IM zfrKi932W=A@!8j-fsl2|2bu)qBNGFP48#nL)aR3eEd62krmyuXx+=RaNUM6Kal>y= zGmmFoq3RB~YpgR7Cgy$UoshAea;weDLO0XIaCC7Bjp8pIZet;Wk*>i|s*o`+#F^Bt zHstZ*RMpfEqmBShgBm|*aPF&9r#Er~H~r#2Ma%7m^r0K)y+0QC*pP|5yVc_k3r2&c zY6mwt-n!|5%Tt;8str*xlr>4HwYC9{cH9Tp?~44Pfa9&q*i@_k?RTU1y07|Kgky*K zL_ZB4z!lZpTYk{@qhBJ)I{Za!;u8Xu?j-qMU6xvi=d zB1wA*B_@u4m2HrLhS4}9#1;WzR~j#IfRh7wP}Uf{�B$R*D8&QF$+Na-F$TkYnl$1%^ zL)#?>MwQd4IVN|)zFs_@fuRr@+aFXi0Hp4NG4Yk8@b<+WE1h4-@cHA=9Qmsvyvkt~ zuWD}zhGwIt5(X)K0+nhWoSLz)rPj#OA;8H8(P}WHGxJ;*R(&uOGHk8*czMu8O~3-% z{A1aFG*=RV!|28Ws0Kd3Zxc|DmQExxxq;rx-RjP;Joc$P4&om?2OlX^zBen$_|hKD zd-J&_8rSC9G|&7z9NYQm(Y$`qlH??HoOwblWm4RXWNr#7;+%f`LO`AL#o&APebi>$+sJ8ttW}>rXt(A*Ocvw-S^Yp{F#eL)~LldJPs}&P8 zxQE$;_vQtmfZ*MeNK@!rgPr2T`)5L%8y4k{$cj(Q{}fHmheLO$*7B9-(uY2{ctPiy zi=@TS2!gy=>B|{zTLo%J2xJYJz(imU{QUxinSTG-Cpr@aleK2`5rt3tN9}Vr6l-I+ zRI7}jBLF&CIe~U$%n4S}^78SHZuIlQAhBu`oPEas*h(pjos$s=ekN~~Zd8EOJe%Va zujPE$Ti*82VyV1$y#!(_!2C_OSe_dXR`lx!xmOzn&9nXG={y7Wf(1zBrBopVQuGG? z_IYfIo3vyt=!4hLdn^ix`Qcgx9%IJoM$Shfi@qIsfZS;>8H%WrHTT8uH+*eeU^6xz z#Br3**i|c-3Os?YvB1)LobIk$oxl1%rGN#B+FZ&p!|TU)k4$Uew6@dyZcfEDj2YfN zc=@-vjK3IS5&{GNG`?g0`R6*&>{u+|bRe;M}}evnmyPL#`;?q!jZ$J*7UmA=vPszawiee1`&T>jx5q3fkYDTU z8uq%9I{s|8F^}wm)x|}rM|5(7#r2C!+H+wT=~o?(|^26C)rvu$=`!sfPe%}U=YmK~4henZ%H;KIG2GJB&{DLQ`Fnxy| z$LdN~Wp1<>%>h$EAMQ>u?{uO3_JrMu-!*DK=BxFwlxmK_>s?>3`!(jDo0U2rVJ|p? zGygyfiB09{4G|4e?2RBL;c~oekMwv5h^#Y-&g!H*N@!P8NuFZbYK7f9J-aDzJK?FDUN=Qi` z(psLE6S*dVHXJ_!d~aY4>4*029$d2>usv{3_hU0U1LV4Le*GLP{bNVY7#@}gAQ_o< z*vFY%SZdRj&1MRHd1a z>x_ab^T(IOA|y&u%4jhkMQv~$&r^(KH^KU;n^B5J;Sf2a!_9;#wop#u&p z*5qfcyYL;5qyBl2$Rdac!`?W*2xaczNj*i>OB~m06rESWWXePqh$g^}l8LmX+ma?} z~e;$fxtFbDTLV$CtHrW9F0!7A zZduML<5Jo>6nAC$qHe|g*AQqiR3WukFGk9T&1sG#y%#;lN6_r23XC-E5DO-HcLUpI*={ra9njxXA9-RC%&-$$|8T7uet9b=)S$sDLq+5H_Ef*4t zZP$8Uqei~Xfw6RH|6DlV^&hGOjWHx)QP#ZU5Wl6B;07s1CJfHsU$n0k|5ci(Nzct! zKB@1GNBJiGjz{i&UHs1!z@jN2T;%f(TlLO@DIcD_8u({W4g;OBxdg zVh?LuB&OfO8J?YH7h!h`f_ScP@1w;l$&srrdgWfJ0G_V&G)k5poBVqqeon{h!SOIr zbH3LtkE8qKr-Wtr&s0j72o1z!xa>2BEXw+=SB)Uvz&0mAWf{aNsTX8oezDMpE&dkV z@6Uk&o?+d%0dXH}dUs6+#2p#S0O5S+Vb%K#GdaZPmwLUrNDeHKZKIDg;5I-TIiL6~ za{vop(ag9oWqMQj_p%_vot_={ar2!%Pk(vTj(EQ(E-%)+i>kqO-kHzNWJJq8g2>v3q2$CAtPhzDU`**@-YY> zJMEd}*H8iPx65t-`aaCymmKQZ6&BkU21ILQiT4Iy!osBPqo@*MN0{w$;u>X~TQtuv?NhIpxeDAAZQHj%aI*p6cd02x3L14| z6CkPN*eo+C#t+UL8*WC3E=~mggy4eW=?ZW$2)6l)r5&nvF?#-ttfT5&vKHgp9^{e% zaO|hyg*M?3q(_%wXbA-)68@s6Zu|qGyM{QkZ~o-@^ZuG&uSf8ap%G(PZW?Dkt|d}( z*TcoC1L%I>Yqa#?dPt#XdI^CzREK#A8F@VX?Dw6@-{{;t-^Dp^lU>r#-0V~itQ41$YdsI*Zpw5b;htB-2T7~Q?nJh>aZwVO z5>RuxCtQqpON1wU24OGEI$}S%kA0%OxmwIF%ct=6`9py|AhAgHo6S5ba=mRW!=Xk$KFzI$Uuy3~8mWCn8lPRdgKP$T~I{nKOYA2%pTwUWD1 zeiF6WEk*)=e?pV=eAO*Nx_-ikQD1s>7%y2FI*f8botbu6+6{C5*1;cza=x9ii-vw}b}0ISPeZTN$pfPLxEctmpfPo>Y_j;lZS?f=&4KX2JPdy8e*W)F9$?wvT4^*6J>_yE4U0) zZU1pE*I~BYbR6g&hS#*`)4|;Y{!A!K$$B8I&a>ie0-{m)DmshLE$9V4HETyDx0mtB4)UzUlydntZ&_ z!i}DqSUmxT^|2|#M%L=}x0j8Oq*xQ(bb}jRP$;Ljv<(j0UA89Ie03JcxtY=1(3{s3 z2f!h&iYD4Ji!tHhdw~Fl*tg4*Tv_R%Rr7p>WZAf#U+6VS+|m=Zz5{in@xlaN0ZYz> zh;xM$gug7S2DBo*(xdhgGUbIIr8T2&QUmmb{$Zi0xlj`-vLSQtpsXRaVMJ;Ui4WPj z%@f&T_$VJVKRD1?peg@DUi1*EuyLV-(Kdp3&YAFh8vJo4rlf|}BcF;E+cFRMqBvhG z1RlwT_;h=B3iXSyk7CX9r@Z^<$;&t|!X2AB)_c5NWL1eT2TLAm2pS!jtMEheE)(_L z36X|tt1I?Kk%GBhFM|#RpzYRInqiys!F-*R(;Ludb=tlLr{CkoxFAx<$1BjU?swj{ z=Sm5a`g|L^2uKRnQD>S?g&H9ABWxs|kBQIWa$VjrZQ0rozO(8v2j5RIH_4k{AE^ATT;rO}HJ{&Yd{4mH8t7?Wqs$fN zmoPHq>n>)}F&eNY0-vu1#0%DM?lTzEW-^(UoRO1PzsA(-l91=3$1jno$8Yiu-?O{9*Q=7PXQn>91|rPaSg~B{{xNZC?@lro)wO(Rt#c0Q z2EW@0rW5>Lqwy3k-dWM-n0Op$(LjAGt>A*}4%_UB<%&8NWLzNdfr zD1Y4ndV1fWJT^!y06~}^I-;(BC%f6V)^l#kc_aM2XTUx*ES14P7-MVi<~$zz!~|Zr znQ!`L6Vz>bz!fNWJ!WfZpIEoZ-nVHl`R9PGL}S~29+MC8*6^=ZQu^3*&d^G{uAc|8 zI?-ppZ{DkGK$OB39-f!z#l0ve{_wX0gkX(agI7uwY>gWpii31M>QceK!{EWd>Ok6hP6ZN)`A+akth-fB5ia zfQj6yim&0w}@jAaifH%Gl%IkdYJ<=+=MPchk}pI z3nOXClz#>Nm6oY8RI`ipvgD6SSNKejpE65`%S?8%QpF1x=dFiIlj$Ly-q&yS_G4{r z)8A021PsvjVcqzb8&?}+#UO_B%Y*XnoKIEr^mE8$#W6c8$*N!GeRXBrKX)X4gOFqP zLdPCXXMjul<&n8P`@Bhzzj?yX+vHakM+@{D3)UoFq;tf6+QpTE&KVMvt4Zy1%;$61 zSBm>EyB+%^D8>Nbr?)($%n18!R*u*63pG68DjjK`!RFoq0$=X0MMx%1lIC5wT*|`r zP<>!F5<)_r?$2%dKDRbu9zq;FZfUVr$kdqSPYnd8ixPF|mSYjgVP4L~<#0-4iY&2k zOCr)C4==L6u%F3<-eq5K4~Q5ZYG8ACd`}w-X``G^}SN}NvMHfQwRuVA6yehYtK8CLAh?{za zS{t!a?n(q_ynfMry26i@SkHHPmjQr?f9ymjuFLMh3euQh7n5QHlR~@zWWRfy;g?D_ zXs-LOdxNbV%yS^1nJ~Id#NIn7=JTNQPghg(g{OFgYJLwE0v(^c#2N&_sSo0Uhn*hE zZyKOSg^&HDjQ8mvzcbOoPh|4JcG9Xyrq8_RRuuM|t`qYKlg`Ok5`1+$*sr}%e>485 zUDfx48*tVH<@Zqp*Ux?<;x@Q%tv`{-No29}XT3Ca03>L88T;m`ZnQhnsN0bAH5k{#OXAnNY$ zJ4TO~?@nIt&FV^A^V}|xB(W-;L}MX*&C(zzU5#OIOp$GU@eAK)3v%7p)Nla^r6G~O zhEG)bt-6vqY6d2E={k5VHGBnQ4?Yt>U3^xoRX0CZ^tnAR91HW}b4E(=mj>jGms#bI zs15ra%R2UNQ@Y#+xmp?uI+x)o~D|g5b zhUW)_I{tDU$GG!l4o3x#lR;UQQ;}2<^|3ZBt{g${9TtH#Vvk=)Py{=!j(Dui{cH|%YToo)+)(7#2u1=eodU=ISlMxY)V`uxb!Mv_{(^*s zg-Nq(bO`iNgM3vA+4eY=Xi^4bmOCR$h-nB9{Orz~+HXr5(C*Vb2d*oe(rR(n?(=f& zeVka8f*(tj*((T3LArVOyFOCnLhW@%TfO#`ZMp(d3#n-$`Po6e4f_(ROfAu~|C*%#Zna z+3FJ0GSPv+gRJHzU~j*vI-Hi&Fh z78Xwa@A$W1ogZ%-+qPuGMb_?5g?GB0kcBEaZ}t15B+WZH57Z%mo#K6#K3=dx!e5Z< z$-3VYfrw%tl{m0|z*B77<4I8|?f6Ty%QPjhQv!!_0Cmfx=n(uwqyT#U*wCMFPbNV? zu5U}0fl+@ys0iz>x`Xk9BQw?_b(~J_{+44Tc3w7p07*vgAtpfyr|&O=84sZT2$+Ln z{cXEP3p-ZN_)sohzudF3QXBie{3J%l>0HH@*%Tu@&H>)>vcGDvmdW9p_K-kcE-U-= zu%|vQqC`5A?;(-v@`0QAbS$C&ee~MFo(Yan~?aGO_#6$yB*9jHgV?0LR?_74lDVCD@x;i~j|7^0Q%O!Zf`4?qf z+{3Ud(BMPj@OSNkcyc?BxB3h5b-*r#cYefskdkkA`BwBKcc=|N*)O*}Emk_DCt6(k zYRxWlI0*_;X5Y^Y!qjKIzh00L%aP-zs8F%20Pt>#f2WV5`=;WU7`W6@MI2!|N)V0& zcJ1`>na}&`2;mGyZt2YSeh1! zIeV>Aig$R1d%zVCLF0K$yRWr)-rA>hNNIGz7u2rL{m^j095r;9u~37EQy}WR$9@SI z+vQ)pR?xw46!x~ynh{Xk9jY(L1L31x^yp!2;Kk8z8Mea!NXX;cdTfAGNqu;o3Tdx? zgwkl^PQR}x;b>uss`H>fy)V~vm$z}&AZFrpFUA)}?295O)5o96=G1`&i^*T9J$_zQ z$~KRe7jc1~VGiSwr?ECB*@tHkGD6I2)uC`Hgv_Z9t&TjtwygXwg{VF7qBH9WTe|1- zV{%5pHRoM%PP|{vHPD#P1Y_B^$>!lT*mYF-e!@JnR(+GmeWjzuflrI0P_MMgq5OGl zCy;!dvf)mUZ4^5q&>>6Y;+0Eg#^2CYnO`p0jUn%8AK_UJ5K09XVAQEp^D*Y;&fYYV zhWGoezLX=}&`<9hR>xZj(PuAESoM;YiF1dSp>vWHF?x9YS$RNSKz&=+<1JAOKV{$i zFSrzzsW8s>H&dBw)c&OMb~Za+vqhLUKU=RK^BPl^X|4p>{eFRjId#@vT>r&X7V3c|ivF5$Pi zhT#7lT?8jr)QH{pcT(Nbnzu${Z`atnQj{Ek$6$G*iWVnh(Q;*>E-&<6(jmxeU zCPH^-T{WsWqAqzeXsHbh@>xRhaXb+*IH@3sh*s>L3;rmi=cZ3`cMl)+=8@es4S>}LaN0sQ=_c`7^aKS_3ys9X5g#P`ej^q`{z@+0 zbpHiNsKld8E~TaJNs7#ZE%g}JujvRPpy(DF%WZp-YSgDoym&fnN+AA~=m3K1zV?1`njP`w zjoudn3c5W-_VnF_XV}4dfifWfs0hyFbA8VLlwZ%bZql%*5QGEtN5SC?-;u7l0;G z@o!V8Px2_Qq)f|{8TBh({#_V%dgc*Z-0tl2-7zKi@>>Q%S+GB*;hKd?CBK+6DI)WS zwzV?LEP0YF1gR?OA_P3PS`}(t$I1I<^jQBX8*W@)nVi?J(cK%&HnBgyydPu;;cHMB zsFCFX#&w7-?+?+13p9)CBVo*|hc2yFPvP8|fIAa=c{t`vEY{#TT*z&I;U8rOS7^ z++NHemEdj+r}OgUfXyJJZ!!n-YnuDkTc23w;13Ux^`QpPxE9u$14j$_aqFms(|`;@ z*WR_%$%~x_+sgO0uX$GVJg_(Jm#5RXsj8Q(XjC?18C@UFQ~0_znBDoPA0>{1mt9r9 zQx%qy#(JgEmF@X;<%3BXUiy^Cgc)Iq8fKGjt&M`zUKrF`?v8{`G@iW?d#Vb-w3GDUtjjHgSS3NQ6zW0UfSX%NI+RaN_szV@|DZBv#O~p4j!Jwvi zO7yx2{VN~Ap9TBx%w!c@-rTb;h6q4J_U3PwOIXxO$sUJK>FhBsw5z}Ccm68P)#iJt zV)PeE7Tdw(2CMcK6*BfT8Qetw;}MoGY)?em@KQm73#CR}N-Led9C$9)9S#e;)5B?-}CHUI8aU>tE@bZ@e>L~aDJ;TXxlP= zXmi`v3`h*spF<x~)iptP=q~(njDENJ)>2h5`bRJv z*xExK0a~(zg5*}Mmib8E@+)caYxux~fl1@6Kca{Brt70!X#1@Z_l4)yWp2VCWXeB3 z>|)WOVP)uE@i0A4Z1S}(XSfwq#uefNlwKmktVJbh+ECVYzpOsy9-gMEf*$k9d8?oe zaCg=rT(6SWh1piFyje?AKtoQStVW70P zMLw9A8GXB5;_!^H(St{CvvG-ZZvAI{Fs@_r8wNS_hN*zlFNc-_b@wjo8Z>^o06mxh zPq3fK(G2>i_=_n1RJF8iU{vHY)q~rQGd%%4*88FKSdFMI;vxE8sM}{S*n$lqo?Ps|w3VJ*GjNN0@orky8;D<#!0T2(Foa@(V#&%UiJY|m>9eu>JP?GBKYh@c(f zPaG=M8IyUxZzKJzhysJ$Tx1{UupCtB2g<}xI zfTM`FF`1{Agl{VNI;^(mhUVX;MrD8eX+N_Enaey6rT$NmFXz?K zfRE^bN#{~8GGFb^!Mr{BXy%EUH1j39K8iv-Cmqj>N(oG#vb_okfw9FxW!Pa?5Dr`(!MIf{|lZ$Lev zCom6WcPHL3Nk2cdh;u&L4TpK!8#rYpo>N#pCNkQxH6wra0-V~-&{mm#kfwa@moJ>4 zi;B7ygR7%9VV-rz=7Bo9rKE>4{vDwI;z{oeb!b12L&mE2`#DB6YRmVo1gG8F_-V@L zqfK)RJwf$=XkOi5pXJ#jzT0rN;P`THo?q+QU45w6CiqeinwjWCB5$tnlN1|j_D1S{ zSgQiwk0Xn(Bfo;cdK2h0@1+UeEYCI9mH-%MM?m2Bh)gud$eZT@_g74HaGix^*b}8( zM~`0ipy6xTQp_~;^YduV@fWr?Il_OEj^~Uj)01{s_z)5r=QC-p#5pjYtzTICjzo{G z2U14=;ld|q@cp?PDtAR_RBSGB0&Yrw{h%4-2g53yjxA96;_ae@mj*edn9GMad_BHn z*FuXT;|BiId^R=v83BxXRvRM7UPq(JiH#1!S0zCoJPRQ+Jx&{X6Og-V8r1gpYB9-u zyC(J@p!G8Qw~Xw?Qx5RkI_k~1=dY=|8PdGpH!c29d$fnDIR4_{3&=LBxN1golXRc> zaNlyDKf^aY>&-nFw(K`(LGqmm1T#4nSei~-dq95wGp%CgJY zL?CA+pIRAYryW>iMAi-JS3{ua%4WT((GMV&$ZJ%4jOqM~XmzRT0Iz;?aEN~IjfkG> z{CXoVeFQ4$?`uR)Kw|2+iv(8@afO?g+f4j#PMcQ#GU_xr_e!%M#0_I|}Zg-bKi z%=z_G6-8gP&uzjolD|#wxutv5X>U7;Rb==7!U|sLfgbjIxr{q#eEFRUr4_I{i}g$e z!{`V_{-d>wWFdu&M{^YczdvF0i|Ezl6S}sn$-LO(m3)sMtPNs)ja1@viVyaDhEpVM z9s)_a!p8v575VA z|BiE1!vS&G%VZzt1-mWoc7z$J4%3L#__~$CHVntwflW1zeJojD*2h2VY@0vBlt)+_ zCoIEuo}DolZ>iC^&x9|c3k;^LvTF8Qk)|5jF~X0U_A9cL0=#q^)Q3^Yx4%6_|Uq?0L0sk+mE%$x`58p-nWdL9edHH%OhnXUQGvG2XGuvMY^$tVXhf%)l zQ^k0?O6)Q~JL^sq8KcHPs%9vbqn~RQwWKxFRLAr9*)RRDwPeI0Zb_ssjGK8d=^xd{ zwo9@*{ETW1zZ@=;Izy)5&(0C%vg;TLeRR&rN>ucseONh4&vWqU{evqp>*Kw7c!e%T zsF5pK_(@-o9zgeC&d}%B>x3cLnDN&(gMrNa8CglFH&%;4OeFACAr3QtclL%rliN`_7;CIEaAvgDR2Ax zsF+i99-qg!>+xb!l23Q~H8s~kEmWvC9rxuVFYjHGeEzsi9K{#=pyC{Rg|4Ihx<60- zCd|p`nn#KS@hUiTgGrhEDa#W;F&Ug}y%>M)j(a3hkupA}dfhx=oAAq)X;1BxUAAH1 zmRrNaQYmZ+p^iF8`8`lU)u58yud^*u&f(A0yd(tAub?^U0%&~xp*Qgs4tS?#%CpLH zWbt-V;p9EQqbz3JJ35x3`*oL_3oU~$g?e*4zFnF%=Iq@cTK0D|ySLgL0RT+#`99Bm z=KL;T%IkDl?sIotg=v=19g0$Ize+LF?w|aboV-L>KQUAw>m0s$L<7N|SB!8)>s@OP z?*0g=M<~@~T`e;`2iFoT5QzCcw#Fi`BYl`Fk~nUohdBF(un7{6AM-;FoKh?f3+f&M$KmZ{3X zm)mJ-W2fqiPL|n$nzj$&xt-)&(vxFsg^wdU*8>l~@A&na>K`Dg`+b4x;Xd!3hu|@W zw})%D$G#onhCpOAAE8Hh0N<;o-cSDxp2VN0o815+B ziBB*4d=5Y0>eBZ!D`5-ISv4qG-=?LuV?@%wxHHG@PuR9Kw%hyeT}_j_peF2zm#Z{r z9s<2VX_h-iWM==o4}Uf`ZokvtHhg&#P6AP;@wL=H9oE$Y3?A9z{>@)c@6bRBYV|%} zU4oyvvQOsYe9;){9h*w^Blj_box><`LXG&rvEk_6FIO|c%hTBjYmuz6jJ212amNp# ztQ1OQNYC>JcpiAQaE6xd1sj+P-f#*Rq1GzkV<=bS>R%I8jR!6{zvu2gvDjtvX#LZY zvaWP@s6T~mwdy;Qj@I`iIrsDPJ1=-oz3S#-0!9gy)uePT$s1zC^JzE?zc+vT2_rtX z+MiGRs?g8zxuMH_F}+>6s~>Z4X8UIA<;5*7K?BV5^*+BW26_DsX<)q2Q|5CkbIM5< zdNPL(Jzrx&^WQy|y0weYwHn?m0G2)a{1`a-;&J>K&@w!*uSYhfP#rBIIkIm)sA&D+ z;xQDpNX8C-dioFI#!=ApDgMi~`SLZ-C~yerFmBhUa>BBqQbuZ@75di;S35ZnNGKiq zAbj43O}w@w+P5Ty5Mg9a-?f#|=tzpUGs}?7U?80mhGA?}C^i)7ow-kV}GXxatFB4pkCNDP!@(6&P5nT z=BIx@cV3#b3Fj0wy$PBlUT@g{)tu`D?EG?JOZJARpZ6s{GK08})I$tvnGPlp)qv7@ zDS4}_AZcH^VvC;7P-t}`;gVfA8+D5 zA`6Y@ZZPm+ocyRrr}>o41h*bXKb1f9a)L7=Kst#>KZ`PAqGEq05gq7qgP$B{)*zW~s+o9t7LjgH5}-3;ZY_kzlZPl?swp z6tb=D+kfEWW%zf<>hb&r!$4dpj^XR8g|SSSW87jp7Z)jBh!YM|?gVs44A^t`R=?TG z5~8(pRhZzHTLAvzh$z2qx0CHU^(}^am<>g@V7P_K`vMEq8kBB9AY`qh?)mk3%5VIQ z#q~Yc`hkBi=n%gyUoOTfGZc^czIqIF0MJQK5-Wy;(ZF3$G)&D<{nT&LkAMLH*rHr@ zp&|jO#@Q3I-a`feq~l?hft$PS%j|n{QC570`yf`2*QJvq+BmBdtPy@t-t6B_n@jia z_OYGiu9q0Jbu3;^by*Il$$iHV$U(jpr0hL0LUdZ`I}%*GNtr zSEsK!<@dpkkcBZF_){P5&Dov*#@m7}Z`y`mpSX~%i{5FgekFR3ne-c+Aw!%{#8Yd^ zdCDuZzD;S6!1v}a_dOsZ}+`Qa%bI7z<7SL)xE4~MhV$=Fwx3c(jd1ba3XRmGk5un0{H6ke> zWraIjI?fPJG%4T;#OzbzLu5*%K9z^RHVR{Q#%X$vH58us7mOS1CM|SY>CX9PJjD$1 zK_9r;zj(RgxB5|@!uThWw`;(PISN!WA%mmgc|lvzD%6yV1u$mC^S%mGo}6#6jKD9z z>DLY?+UMM_cTWvLYf9osE!wFZA?WvH!~rJsGpf@Ie>=Lt3i+%vMC?w5wQp0atY6e4 zbkgK3QtcCTLZQb90kFQUwZ($!JC;xP{K88mUy)ODm=`LGSmK%pH+t0*VT(bH>Htc+ z{sR%x{jG?IBp2*(CCtQy=w$-)b@S~UL zx$pB>Uk<^{YQ`0RKq0JugyGwyDuxQ>dkl33GfG-UOmW87{bYNeAU3Q+e@b9$4-yL= zE>pBZbgDh?3sQ^X(1dQ#L9dxI@Xhu_GqZ3`0`tQPM_MqhxE`Sj6+xlAqtJGfzD7f> zY`%Y`vq|D=f?n_IShhbe$~5fb z1J9o!>7bqX;RKVYtX8Gl`Fx(K(~G6~Bpbu)=eNsai5di964yRl-DRuZ#LdnfbC;xk zzuG{No(c|WidUy`DUlyY`UBulWz7hbchsHvJt4ZJI^P=eZebepEv!& zKA-WoepHW3*mr4|^7ktj{7!@qH?O<*Zi$aFCtRBB4lkQ3;T)#|qckDj@*XWR?3s&OMG+=_ zgdrL{mWvlmG@$veoI5llmnu971ibDq+29%RnIl}xV2_rWqw;Q>L$B~_y{jOI zM~`Xc;h_!z_kGN{pK_+v_qSsUu1EE-jZ$<0VKcV@C*!8dyOSb&61-3 z-0J3qWQve+tRGbMCi#_D7|+kVG4ak*1=HO+556_~7_?wO;=sBEQ03kw5-384u>f#V z2l@_Eki+@(`%c#tBpkNr3pf(Nc-rr)v)X?gox0mkTceP&s$!fF_{S>L-xa=@_}ub! zX#TojPZuJ7 zma5PsFip_E^ydyJXpr+5n|49T!Ew*4!?U+kMa@e|xY>D-7xo;Ev{dP@+&biHe+OiL zySKMueIrUi%d7Jy@Y_BkOd~~>OY`#WAD!3Zz&#~WIRk-~_rM6jAGUiz4+rOX)B3m8 z^~%T^MZr`T57|n`v9C^W8njD`)akmO_6sm$lBsMj_&?<&(fGXzA-xFm$sZjZ@Mju- z*#iy9Paa9XisD!p&i;=VF0dK80sZ7$&CgGq!wS9g!&Jb;My!Mxi=o;Sa3djdF$uvp z8`e_^=nQ_Q=HA@SD+jC=p7Yi93Y7Du!~vt+q1Ub0|Vxr-(T}^9O{}hSl9#o z(t+RawRAAl#>srtgmXg!Zq@+oSrZX~>=)cTf36Y87WBSIrdIo=MEkEOmW_CT-Dd)M zyUUc;lW6=-cRVW2jJjfdQUke!w4!kMg(^B~1j*k{zkZ)e9(Vb!^i11X$PzO0t5psT zIgO|TAq;J%*Y06niTSvEMdgp!YC7yGYQ>?Qx{^fRi98y#Ro0onxaX9%mPYg4-oXkQ?N!P zpXi%5KM~oJ*dn^}DN#Lc-2TbYJ4%3cTXuYss9k;;^hYv+!uEMjb&w=8?z3O=$Kye} z%zy-LyAAugi3~vOc%3w8caK$a6!6{6iUu=%O0d9zwk=tNI8nd`q{5et3eJ37jJoTl*8K%>V59vB`b}d?XeI6 zVDrg1RSuAbIZobi`xHTJC7vJj4S3{d zJ%_=ExG0dC#>+T(Z zGHstT-?*c&0i`Jz*EdF*tJJ@LP1>95$M1CEQ4S#(){v?mHg$A%yZZZz1E+X3&igHV zceyeg7V@XPEOx&=HwPZ_k;pzU2~|FHeRO(Db||wLEM}4&PiVtI;2tAZ>=P^wUohjD zxnY_nPDgLoevxo(MSa}ctkcQ3P*gK4li5yh-BGJOw;O@LRr7CYq*auKbaa)R2BwJF zCa@}|nq`DLL|QCws(6DiNOOEWo~61KM|af!{N7+UEPf32yN4R|y(d~8z5tO+@G)^< z^5&MVKVbIo7MU0bc|q#R<&%LNh$i9z9(8TTgNsI7dkC-qnk?LzI^7$WP|v1a-zVpH z&0UJ(Ol7n6y_&BVv&b)fg{88vjxXJRyiQ=YUN65{19f^wo?;^_raIgn7)#>dK5m76 zC~jN@-4^P7KaHQaSsV-{|Co0e2;)-|w;PUp`ZW41_(h<{8INvX2qW%;n_=NW?RYg> zi_V+3mlpWZZ;IZ5&D>1lwpzf$O;5by(Vkookn{sRV9TQ9EPde7e4Dj;Pz|oQ?SJxj zN1hMomR|VtU(_3F9d`nyuZ&E6X-C(u_n<^HCsG+-JoBQPi?T-+*RH8K`NBGy$qz^* zx_idDjf4-C#4?b=ta@Kief{mnu3Z94V1u)h#|hjUcGS*Qx*Uaq@SqZZ1Y${^XjW>q ztlQ+)$iCl=(@EI*QPW9C1@Z!$mAGc_HRPS`@ukVbo=eO`qYiyC1CX@eAT)PAOM=Ij zt8;&^CrOZvMyiZp|4>%wcXmphXGlR=qd7hH_0N9qg;#a_-JMY@x}NwND9O2RNPr!7 z^N@@#0cnr8eLU|s=KJbLNG^RY4edy!-4H02zQYzeqnePC>to-zaM8uptYJ#;E;!)QhH)sy+J-a$F{nsft zH`StEVWRT3DxFlI%828(xM}_-<;a%2iw9E30Y0G#Xxt8CPS?4(XbCFv@xxFz0il!4 zm(W)TEDWmy`}luDYj$&4_& zBO}V2Kl?<%)BCIfEC{Xz{`~DX6{MaYaQuz^Yb(X`Wc!ksg9oUGC%HeSvxI zAIAZ+qyNyaJ&H+KU)l4CyK+CC(~xZ1JMjdq5KsM@9Oo&c6)ppc0Za2>;b0o&mW38Yy^r<6jfmLyQ5r3(>RhB;MR1 z>nNlzoQjf;aNI-dfr7 zD1|Sy&At@n7&jQ%^`{klmdRFpZl0!Ba2N-wgAWA%xmDL;d4pv2U-7_rb5QN8F>eZ3 zWd0VMU(icde1>TNK|UDctRIqIZu%kY4+(?nhZ?A^{Fpo9NNw$3FTHI! z!}3fUN4+`t5HI*9EFriH3?O3rkIARp+t(tO6rlc<+)9!CS-~cDH`z^&Z)~bRiSUwr zP!s)^^-eC|2B@&|JYc5fTSFsM`RT8C2^XiAc>PtvIr2w_uRR=-T{RJx888vShhd!X zgYqZ&PO4UeD&)|8Vve%zJ2nBn(qC~CR5_`DYm}_<4gB1=zBe*t(55M-_4bG^;^6Ip zhbHe8iIZ|fUtn6xh0c%j_je#J$AsrrqOT%h-&8g%mivUJ>$$l-?{GnQVYk29lR@mS zC&7+r1Smi-hn1mQ12+R}o5_i|NY!ktwVbbG6Rs2)H!AmKo2}Ud`-6Xgpb=B@Ox zc4IO%NZp(`Kc+2%?w_Vr+25v{GA5~^l|krx?Z=1x8@IMv(}bO3v6pK&{hh}OIj2sHB9PwPoWkS?hG9<-koDKFOKOd(PP~@*&F$9`m8-)mR(hVc zUg~MJ0O)U`d%Q%wNweZ6NhmZ)8$nwPgdB6}IP5}asE$GZXGmnV8%xKpz+slD zS|=t{AfX!gJ(8GXpw%}?U5G?2hj%x804O8wCNVex)}WfNU;HyzR0l%Ni6By~M&Bt0 z1^S$Pu{+;Ud|tfUI#LtC*DkpjYHyz{S&3j0CGl0FsYM_8xEU*4j^j&z{v6w^rsGT& zDNnNJ4lIisquSe2+T^Ew-Tq`wIJ4OMm8x6VWP>A_FD=w8GAP5V(6`b@XQ>REdeiMCw;;rK??$nni ze}6bv@8;YB&O~GAnYrd-sv9w%utgPU*WwhMIiTP00e*j~3ht|aeN@k)$*buS5*}(s zy9+ZNKg|4wW0HHVqgj%STk?V8hQqAmWlnkf#3a6797FGU;(ojq?BeQbb9sG&FX8UJ zX)(IEWeQIY%gxQqV!r9P|`LzJa()R?dv=q^@lm~p54(o4}4v!?}=M}9H$Xw%jM5i&iFGCIl-S_W? zLdLB<$5nURfS%hLcF9R)==x~^lBvk`woZsgI zP}mD!SH#8qeMtA(TGMMgZp-uw+kJ(6IPytb0PxABRyxIt!hLU%*-+g(9cj8#mQuG7 z+eil7w?*~5BbNa$%%<@$1*Zb`Cs*Qnk(gY~{_G+%%`f>qoXQWFK4M1+bz>;Mhm{@$ zN`lzn(%K`VZ64wm|v6-ifBgFGv{}`dK#;YfV2kKLlaJ%}ec;IZ>PJP8dpVy-KQ{}6&k|%|01Zny zxo@BFS#A2cbh^Yz4*v6!!jkjY%eb2&d`1tdYknT@?|xy1H{_k0`_0F`tKJz+Z>jI| z1kr+_InT1>lO*);YlU}u;6k(I>Y8r{m>0ZJAR8Ll8A$q=P=fDaUj95a)iM3VeMR`@ z062K+6aLTZ9oTue6Yt9yJ29ne#oDXD{1p3pa{4{u>f6Mxh(89{I@{tq zC@<dd|^y^DK3S6b0y_~8$$S=)3S*m41&U3cc4_X;hLse_N;93@K>&pc4 z#JtC*;@Ku^$hW7#2I1qYukO-VJwOCgiA7P3)WLdQMKgvutW!Y?u-qJ)>fb3sUEcQ>Dw z)Oo3$tn(drOjIA862^~UnUr0ZMQryEsrq}B;NC?Jsf+hf69VUVYo^IrqB)G;YiqAv zS|MoDLejTkRP$RWK~SMz5Xls~qix_*=-9>my!{^KOW)>~`1^AZBU1s@-p>FfGp&4- z@5MhI-QPLy3Qo;@CHpR~J2+Sutu04D_3kJopEJTZu{1pHp7--U$nXKF#kNSSXEYqg z$+vjys~dbtXgtHYmr9dQzL{Z{)R>-Dn$>^)AiGWd6pe)&uwp^)>St|@o}A*J$M0#K zdVqs5Ru9+Iuk8!^xVa>lr;qTf=6f1{7)cfJxit&>-t7U$~`Doj@UFse_xL+8}~0-_9=(NCy$io>3S{-Q{s z?(~nI{YMz6kW`0kw)eQ>&-aR7c&I1QrRuo6pekFsnX;!$h`rdOR>$nTZ*Vw%mn zE}V-k=xWk#(51vhZe(PsF1H9ctL9~c4m_avJBhLqM>p@H ze6NM zwNEFAPhUM*I|;p@REO>P6~Bixr;Gbnu8t~mCpTXlH8O1la-Cwk7LI(vpP!DPBV!MvVyRkA^S+!hxL@r4zwQUS%*VcVN8Hn@&iMM! zu15_QPVAXvg_^Jil!{OS-2sUW_o76XyPgd#+dyZZUfMO(G3x!OeWIDcC%gl~(l)h> z3TFZwOu*2@IR(ruEvs@Vqe+Ilt<=~8Q+`q87JgB6IR(_4F}641*#Y6wmwQLNYBk}m zP+{6{U1q-_UP(PsmYmEd=N`7`zI@EM+}z(}PR7yfA5g$Fk8LEBNyMC02_169)0m{Y z5=-{$K#>{Ex$-l}`aoT?hOf#85&&Lr(ZD+B%SCoR5Q=#of%pK&v=&tknT)(D>~l42 z`^Rk?9m`6U*w5M4eO4F)!h=+Db{@W2Hf9G*-9AQ~yre7KOR+K19TCvUM}eUoeAQnQ55xCPg?<=UQa%R;!02qm8KZ3a zX*zzVuvJpTCY$qy!1m*+uTf4XhQz*TBC-PND@QNG*Hhd7$`;bE)Yzrr0OoVfGnT%Qwo(LR16;XjvsiIDprOey^; zv>{SMzAGkt@nSq&wO_)anzLU35)R{zo+Vpo32h3z_$?G);mDLStS{$_!Z+>TXaV=T&3;$qZ*B>{OeG-ls##^&c#%ya$m;plCq2^#e{5Fc7Et8%`vmF~v5~ zptmb$_v<91bJm80(ZSE^>CwbHt;_R7H?BR%!V9i0r;wSGMDqQ^J>Ki(dUKf~t%vH{ zq@LF&3O(V-n%_60zA>k{j-F)D`g$8uL5q2zAqb!udnoKCO0dZ#I6(WxSD~|$@QMsL z;#+GR;>v!VmW8rjbnY+Tp2+s{80CQa202p4oTaFy-EuUbkRLp0E0GV>s2)&%n;wnD z{4PXr_N`Hf)`;sOt0x`%g+nsZOaS1TYbPAJF=fw=q}fnt@93%kWn<}T<*bp zJCs+UGoKf%TU-5+l0CqbEBIBtlePG)Mzu#2!{j&7_gyznpwDu|wCZwx#M zDbt2;zCv$JCV2W<_50wU&Hdw`Hz0ZemKN)@S&$p7iUSgg)JAi<;&r|J_MWywBh}h) z?j@1=+`G7t2r+qk{=pZ1`rD(M~V&$^I@EC|Q8Z`rEX! zf8fG#@D6Xs>IglD@KB(c)1XaYr?N!ZR#p_$VI82$uPUUgK1y+4S!Gn^3j27#uU&qx zU!SyM%pjg8IexX_(+M3qT+;VTooGN&YO?xFhrbdEnFdR0yZ$?5t1ZJk;W99j7en6Asg^d^<`**1oCO0*P&5STmX)voN)>Fwc>S`wd!ht7&ip!i<@zJ|srjosvil^iDA|56UL?h~9DhR)y>tt(M$$%>z zf?W_-+56?SgjuV+#f+Qu2kPRAi3rRl?BFpE4;(C*$RS+GWMR1=eAwVr4%;e{`wT;f7dDpIF@Z!c%~1t+_?-kqUzy81-@VSW_4^T2 zhi{6lMcqt+GHzuXZm>hv;ck2m_C$)O^m1LwkfJWeHu4gvFvQo>_JmF%->#jK((Y+2ACjKKiv;M z@?*Y*-qI(eIwe^8`0HNwHeX}EUAX=9k|W^( z1$BWT-DPA&yIAUAI5*d?Hd%gG-VdnP6@~?AK8k{+5_0A7^xd~Qe+b?4r!iJ&Qn%t9 zoPSq^uK2V0sTT-NA(E~SRJDh8y;hoK5+#ap$N`p^l1YPp(?-$ z7x-~l89FkDysocT{_S28=4?vOBpw%c z`Aaau{Rqd1e7fx0%y}t+_bbmlY-|RA3h+=16VH>PwV(y*+Hn3>2hekY{xbIJ4a9p( z{rOkpSNvVo1Qfhp!ZT`h$l$k$WlPLVvMb|Wp*zqOjdx8C9T|W6frIGjNqdlI2K@w( z@?K01VYf6sR_fKI@PW*TBs1mk%g|tYW#aMvrVmx6Si0;VKfHIkIw{XF_Yulg2BMe- zDWOX4;f8EUOEAloQ>$J+4hD7&C!qVHSD(K)mWHHE5cwwSHlYBCbCBX8!E= zZHf@gY9L?40&H1-}59%L*WnJE&@O zbu$9zgU8+N!B3{M>Jts{PdwXqQ0T3$RF^fvW!_gpt~vco6ZZ1#i3 ztBFSf=>^ksILDB;=Tn84_D73#)@If3@Z7EeNEefQ5?WB|IvtJua)p9#-a6-f8N|wWEy+`bl6WL zbYadz@VdXC#R6|d!!yqW%kLrouG^n zunTI{F9b(>qOS(SDg@a7Gn<(S79;i3m^*Mzlu?@*Zj+b=ER1JebfTH+v0?10cV*67 z{mPFFJGxDj?4FN50?IT(eFx%Y|K?mi10wxN#>`v`(MJBZ63$-f5tcY0-u^xqC~Z4_ z<#A&Z53^kptQVz(BMHmT|U z^fR&{NJs1X-sJURE)=RUPaXp6B)?tELr<}N`{JSLEY2_zyy<7qxd=YDk%{9YrEjf_ zv?7ZD4B_)J@^4EV?%Ce<$^KmGH8tCBjTy&}#8vVkgBr2Fy=++Qd`{obj`V?{b~el7 zdViHkDMaHJv|Fk7PCp4g-b|XZg(5D?(CV98UW_&NlG}1|x5HyNKTOCVFddL`#)%hl zsI@4WpFSUo-vXb%vPXiufYVKf~$c{w+MU-kZF89eIe) zj|M@t3Jm4&hT3}Z{gj^w1xm3wZzL+qC*;+iU>?KQcp{+&dARLEKJx4HK2$yrH(F30 z1sbx`n3FMy2k})ywIzosgZ5x%dp~1Uv#(au*1W+U3duZ=rUplO4@KT^|JZxWsH)a* zZFn0P*d1VR8+COkh^xDMnX9{d8Q8H^(5+jsz%DEdLOHW-=Fv2JBEtPT5~?@nfG(YbzfK99%Sk;K840ZgaBLxy~V14C2sxA2%|NdU3zGk z@&uF$l}_g3@Pq*pUqus{g_5vHMv8Eq7_!1>Ba0~Pkc&)E#T950i>#sXm;`W8@G=tH zMiMZAAq`BhQpkv7)e%FCr^dUPVB0`EKFIXjFb-3gf{9whJkYwuVj?23Ea>GJShTQB zMic0v(58skwMwZR=nUam&|EGuUQ)9NLxipnPe_BT--xOND7jIjbcWC@fmRwW35x>+ zJ*427WRu7b5GkDrXccHm6o7xYa2*jI9Ys34fgKXo4r<)(AOY{SmF5N=Lq<3ThwD5`MS&XfE7R5TPA zylzCl09*?NngYxlMynskw5oYwER=@f9O%sj@@NLM_=!|@oLdRxTqL83K&N}6PE7>itp7ZF>aMuyRv#X`P}%D`F7QK63pkHnN()p(1|N98CX zZ>6P}tujAGNDvc*z`GB-sSZ2N7G$}xbkL7Rh5+i{a;P?ulb zOZ?Ew?emz;Y`xJOM<}C#xrhr+Ye)_q2gv=w?4<(pC;SV4^n6yB7M6x(2va-LuQnq6 z^;Ck#jq~f2L=3=zX)vx-Vpw6fk|-Pvk*s%wu|5(Vr`D)pGBdqKJ6Wk97}+Qq@}=1g zK{Sd82w~V|A!EsM8r7}DD(QZ#5v1t@XaLY_V^*N8#hcY+;Af)?ke7)TFp2>yjx>rh zS$>QdEktgQAhuGxE-6tiLFO88N=B?E9!SGWD1eZIEhK7REUZRMV288#b*{cx2K@eC zzkpL??2GtI7$tBgQAvJ$IBF6|Ax5MHEikg5d%UE!Srk@vTm_PlG5`GN~@QI;;uM;&P%`Zk3_@E?JQ8 z1zm0n_z+aC*Q--o+|b|?1h##Y#T_*;xe_KPDg{v&8z{E|;~!e;fEOC0mwALP9ZJOV zf$VWaisgqmN}n1&f#D!AWI-Pkchn?G3~{U+9CW}KR?#GQ36L--0Kvr92x+F6KkCPD zRUrNYvx{jZQn^5;>ehyRc0bk!TRdt-On^gK1BL)wi6;=ubb%gNJ#_SNByMJbiG=yY z1bBsyhjVGPkuZzxivlw#0B_7ftyN@KD(rrXp323mKw-qgS1Up)Mu6%AX(KCHW8*tm z3=|kAG{YkCff$g1i@fm;wAmepsDc_p>HLnkiXFhl-3A_BuL0g;y-^yFpu=@u_A9M*C2%}h{JkhUem>R5rJxU`AuB07z1}f2G(l_Nfx7FWk7a? zxK&K8j*6Gtm@Y1r%Z-P5MkWUUCw7Jk_5lSQi>I|ap|e#5y+=_O*T*8d`64f31SM{n z4KXW&{jmSsEu){-a$fpNx-N9pBMExp+6J;1D`1q5DiWM ztCCq-rATbkqKI~$8e?@tQP9>EP|Ja~obJ#my#^jZuZY?#9vn#ainL+}5!f*7YLW$v zE7d26N5GT|{XAe#l>kq$D;$?Icu?i{qb0Ck1GO~(CCUAAGEe9vVxYVMA01<>yb_EQ z80c+09RVApxoLEqHy~wefVvL$8?-u*eq#F2GMCFrivJb zYo$A(fChy03U|;?Vd|m|GQ&=B>vcW~3V1C%phRm$V_6YBFi2A+AlyWPB#4blV@O#J z9|q;;2I*QI+7t)QHed6o|mfg$$B{U|@)BaXUTAXE7i$18HU|Dy+6Rk>!ZM z_2_X>O=X*K42C!yg2aT2;?S6(g%^p!B@{CV68dCejh^5zIq@2TAcW?I5TGs7>;$nz zoks4Z5Pc#u-5c{VpL<45gm#6lXt<{5Q<4Uo=?MM`DNWVi9O0%Y;j zsiMJ%T!YpS;mWV9&7W|in9PC6HO9-<-*vQ+8Z&M3tK z-859UB`(&wfW8p6!tqWGoy%1_4b-sTzy@Y(F9R2rK^qZ^hK?L@)?cuT8;sMll4f z3|b4-QL4@p!P78GsGwLOXmZ0+O$FtiAn^RkElh- zK``!B8RZ&e7$iJ7ORv=s01FAIIKLT**;sLQJZcd+0>J=MnvwIo9*qMaaxkDwrOHf> z0%xw8?jVBJN?Zq>Axe!oCUj#w3@n<`{D5CK0d6cR2P9}9 z>?47;R@h~tM?!E>r^*OYFd~8u3w_sqr2{s>70{ZHMs9TJR4^>2`JwBMECoFxjp?_SuH;dTYON9- zW8uSmI9ZIB`H`RSaeSZ^B(Nih`+@v{C;k8OWB%Jq0bxh44*vR~O(dWL3x_x{|K;YW z^kNWMVoNka6kl#Ou-s7!d{h77%|!JE&@y3)ae#D0o|Q`xa13f^0EufP7@$=EvKcfo zE@Yln>eqWIZY~u-?_{zpL=6bp%wW``jS?JYhE2w>h=CCrhtmKXM}VaFakN1JD8LI* zI3^^=EmRZT8fOPxOeBLwWSO)^6rDm0hg?)CH%>7HAv~fIo( z70KcPxrkxF$AvU5q%RR3E6DN~gaMt`Bs4;!7Lx}n4-@5)0hZH_aze|HGK>@3ku};5 zBAJSqUPKO<%*bg0okbrP#$0ZNCSq1Ou@<9+8lrikT(edJX;eDT1|b_>M#Mw^9-I#H zTruGJ#(HdSJdO-C1>h9oVuR=yO$B)#t3>VwZzp5~Uy?}P5|2nIZl4^P>@g}ZV@o6s z?(cXAn72?7k02&8aFm4P+j5Q{^iJ1b~I5XH7AqzHpP5!(lB{nFpeu2x~#=MzA$jEsYXg&rIa3u03g zJ19BXxC+pC0CYLckLO8LaV#qiB7tHEx+#7XgDNA-4_AE&g%aB`rIU>lieb1)8QA(mCgL8*W{is}e?$TE*j zpoWflCL0ow5(`l$rgMByruF#vXbKc+1RT|G)tHdg5HYcJDj(E)nOrE|+VP$s!OPi9JM~4wN?8W)t-BaaDMaz=S62=@xwq@Ah)gAT&nQA~^|oQK5|K)=|B$LIqAM#y531(Bdv zPoPpPMr%|`rP@6)J}-u`G8o>N8j3((chn+PvcN_KaPZP-h*DET2;2$KL&zY*sZ5_S z2I5_A3Y$d_1pzT@QVQZ8r6?MeyX**Tjp<|If%zuj6Z_E+Ajc#zJ5_IUMf_334Z--S zM7DtzGQ#4bX5gWrfaOyd42bdZ5mCwrS{sOJ?IH>*sMLbUk`vUJH3X+N0!C2-G+6-Z z1Fkne5z@F37r_pKTzsn@ZqjK}VWNmXE{^L|6iAV}LrRs8h^!?l0iHn-X^9F!fDQ-_ zvsoDi-Z>xD0SW{>F&P)+X#}C5N`Z;U;Ap&7poG_j8K>idZe}Q;GI2o?3o)%;(0xPN zE+Ngyq*xeEU=<)nwHBF&t@X-q7;yH~0s^p@p^Rc37KKLMJ1*VfK!wo;9m5RLLLrpc zhI9IiHsCU$p_q&amlM{TIZ`_{2*-ktFOx^TW&(6uv8)^~23Rbq(wKk+>o`TOk&(43 z22m(O1gHo&i_7N?$h|T*!7OkH^;Q!JK91_)aV-*aP-v9<>?$vCIY5FIH2J^_0HhmQ z!SDeIS%?n!2?I@L<`8s1!vQqQ2EM|9r72lKG>!zh4K<&HCB*S=8gfO%$qKW8ILA&P zcns8#DjJfh$$AyY2}MOgvY*98ThPcdPUh>ZNY%zFB_hAZ`7DJK&k2b5Jix?qgmPFE z0G%BGD4*4735FsLT0AVWdaOcNih?qe1XRXsf*4;dR?1W;$mh!l8gf7{faYwol;lR6 z@B}9mvmhk53ph~|HRxh6fLYBdkVffLg;6QO!}XnV4uxV9`WdifQn^tHSBXaZ2mvt^ z8niq;+!eqYJvNcR6#`BL22_GAze~y}JdYs7#dUZ$kHP{4SiYOV6L8sjlNv2H;srvK z$)+Lzfn?m|rUL9FpoD)w_#EaoRixF@<59#0MSKK@4aGGPHBJdz6-GlFs34|tdYL%A zfDE1cMzsM;6Gsg!S;)xsLGsW5jo})mmdHX0pc_c8m9u#=Psm7eP(m&q0V7fQ&=_1G zPSAw~P7{SE(&N=~hnF9Ht=Tm6|v)1L&Vy z0S@OwjCCA@qD*2gW!n(VudGw_OopuuSile2yUH#-~bT_9a^K;>$x<&3hl69bY!0?0N6^D+D8kK zn2@s%Q$S7-_+(>Hj<8|GBDqnaR6(1FKtPCD=~1+eiWcg00k4e@#8L3<8ZX3^K9og5 z$J%&U8wZ19fa;qGA>Dz!I4c9V8Q_k9lt&{BswH$S1JV*~o`7Hy2UIK?PX)xrM3NW0 zUM2^q!i2&&-R#jQL<%v1VB?d`E``wTf}Kmm{EeB!a*r`A~=;z)?htU1lst z?tu6KEnxEuWY9$vazidm9KcBwKi6u*Gt_vB-i;4Yxi};TT}u_aT|uD%sG{K}H4=%+t7oaCWOm5R z@r7k_0vVdNpwF8~u!H&*5w0f+dn00f7^H6eV!mEQ(9&aUz(ioMI)XR=`yp-Zbw zq(P+`gXYR4APyrZq1C{@rlOKVe81Xa#>TZ&ssZs}flY^qGl~Hm>|`> z8Ksii#p;-e2;ypPg_$dm&;b_>7s7`mOa`RO{i?7@YWMSe8Vp}5)`S=#m)_>r8(cC| z&?+GjB{mGo>J^8g9Ep%0rm#IBg#&pkxC9Y8@{uo*PL!ZfOiB>s*x4Gc#buBA-Atbz zM1Gh`chC|+99xssjugSDd@VbQgP#!l;EZ}46PZL&fIeZvE~kykH3x8BxdtUv$Mpg; zT@@8MI8u>aW42FYX~Yywn1+rW#u(4dR1<_Ix(2f-@mkpf=6lP86}PNFmb?9I?C!l0;~ zvH-I9_yJ;#Hegsvbl8r<#uU`BPy(!vXc;K{fbuqzCNlu#of&MZ4miGyZhbJIl`?<` z%Ml`bY!|(N17v$d7xYR60;0^yHINNqgyoAGBS7&B zc~VuThjxP@q;ok!Hzfa@_J1EgFSdHKu=7m9;H zj9Cn-_;?8EI9hl_V1f@?1x`Q*^37}(--yeY!wD4AOd>@nxS*LJVq=u zHECsRa@?kllRRXdNySu}bSkMx%M~yH63P^s!8?y(HGDD40ZQs*e^`q{B(v3Wg*$*^ z0l|;ijF@(k9VA2u&={hLl7wu9nxW)E;!B`1LiR9fgKyqpw*&G2R)A>V9Kr1Y!zV%oA()UMke#c`6M@V+F#QFy3Kg zyLd`E-Yv583^XC6L!Gw$BNackQT zXdfB)#yx9qRCk5(*HV46lsCe4)^&yZ3)>HL&+5%+*8cO`*qmSYhaC}wmjD3P@6p?8n}LH;|}Tq|DMJZm+xZKlZ52cJ{tr1^;z%I3t>AY7v#!n`X#5H*C%P|NPMZ+}@c3 z+xuLYeXIBXdpq?Xk(c2sBygi?gN_A<{;%8r?*kwM{(s^d_))On-lXe4=Re^}Mm0|O ze*S6sI)zR8ds2={E!~@#x*aAK>q+GB$C+tQEApu1)w_muU`(4kV9(dfT~a&W$MhDk z$Nrv&PMDP`^G|L_Y?3@tK4r^@{>hhKs?R_FDwVXKJGcIY{=3_gGUrZ}s^Hou=QBP z2OnL{-BiDR>E70Yl~acWVdasH!ICyzutZLs0wId@U^glUEi7Z=>>n;4x_fA;jM28}d{WTe>-P)Pw7VXx!RANF0LK-BeBkRyWeW^$Hwk^ zg|kOQ+yljL$|If47h0b9E4O3ir@iPQT!6N-inU7bGT(dqLQ zt1{CT_Y=hL9n0wSFe~wRWuI@0@s5_k*Y`Tz-uF~K`NE1333=ry4N49QU!SpFyCb3; zK2ZLg+%Ngkn&P%!K6H?OdRRPh&ZEBm_4{(uKU5ECa$-Qqm!~cA_Ds6n@728n3GMo2 zo_al+D0#L||Loet0e|-w&HK`9bJgvATSyb%v=^?f>o&gq;CT;6QcTAem;`ldl^eV?bW zR}Ag5Yy9vz0~^FEuKsIauNgR4`?<%oBCoO~2z@llDBl zrA_Zq*{5c^tmQvl51!fHrQMato!-gcTq82y-k&v6)^R&Q)Z@;a#Sd{O?@hKSj+lql zFE!^<^2fJF71W_{G;i6E;T3ld z4DO5#Z=HT6MYDH<=-9=r<8}_cQ&3AgJ%}M*AMGOFJ+9NoY5`+CorCfo|7^XwWB8*p z3+F7mFrwmk$^GpY9){PP`e*R+%bP|!7W5#tBYMV_US3y>cD-o(iDrBKscgl*futOu zEr&UP!C)&`twZ5vGTh&L0Z@$$0 zR8{FO{ly)*s7dtnl=1oE693nl6{wmK893*y#L!C|1KC^2)}-?_OxHVfDMRp_hg&0NsAGit&g!-I7hyEojftb6kDshSu`ym@iO^r_^* zt^1f$f+;F?Y{tW)_&jo-Mib86>{B=3Doa^eck1YP^jc0Rg*>H&CG%D3B4y|bpDLT1t&S%>C z$J;J%b@Vv!4BskhJsbJnPPd?I{n9hpjq|DP-zgKCH!WSJxBUAzEjF1qMI$V^|EOC2nnx2N80*MD*rZBDK3XVH!A=Wl2fRI~5PS5B`{RZCjVx@8L%IhEnC*4&Qn={`$Gcya9_hs1FRbU$>Gb8GD>t zx@)6*=w?ByQ?~>C|Cuwo;@11D{4`zbjPLIoe|Y?F6+XwXJ^1;}*p1wOxU-t&qsGi! zbZ?8ON5aK{UxyHWyuY&UygWkjJyCUZ3`5KcgQ!^sFxJYLp)B@J@#kJDsdp7TQyD>QjZl-{QkY zW~r{~{nsbF9c!>%roH^UwczHZ+|1`QCJrS1+%>jA-Vgqr{o`S5vRRi_Zjx-{tZJ?6 zfyeY6b?LZfz_!&UsIDt*-CvMB_JbW?6^kTxlw3FQ^zFU!L z12lV!4m0mwEz@J)M@=*W!aEH0w1{3Vp zw{A(jdSyLh-`C-HdnRWkqnjS`S1SaY+3(To>0kEbt@gfpTAn;HoGbbD_QsJ7iLPh2 z4Qsz1D_G}wzy4F=i>B|>4!07&T~k*T!8v~ZlbEF08yu?Kb*rP(KVNx3yo=uf-pdo) z$1d*8Q2OrFpwcJT%4fMY^1tNkDhquZHj_f(<>yB#`|_5ZdQd#EO46lBO-6;aG#2;68cY6(RA&utJ5RRp#E$!0u16LP$$B|$XHx6y2j@?(YH4crs5-Y3jh|3lIOJRN(=RlX?7g47 zb3YS?te6oBY?&s`>+mbyL9$=kqJz23h;ftlH|xCV!SIY%sG~c_DogTrPU+aKczp%Q z`mx@|i#3(A*Yr%azTrL|Hg0%fmaxM})~99N#78NC<&z(z-dJ=zf6LP4QyBFgijOby zI=cj%7H&*`HUUo^iX81PJ zLn8;z{yL@jAEoH$ z{p&;EKFZUz`O0tY zGG9NKcYaG|URV>}`K68F$U&LcnU`Bb_Wx*=*=l>8sbhRS{_Vlq;!``4?w{c|t5;_J zv7#M`@Um>){qP$}Bh^76rd$n`jxk)?Z zSG;?3e`4P5^6%TH(Y%wY%Q*XOqdP6>cY*bD(yZ%eig?Q}<~cjvBNggS4%(qUnjl$E zS3G!qy~mc*Yo}hR+iP?OU*7ETDy#NtgC8$XJHC5dDhrI@<+^Ll&+Qvi zFiw_yx41!i-GPQ_$1`$%(&~kdJ?AYNdbfY)YX=s_bCEB{ZP@aoab|;+<@AE@xe2Ao z$D%)*e+q0mQT9;S+qV5zM%Slx{ZDkpFZiQ$V(pugcS0|Huj+iMlj_cPJ~6ig#D^7& z>NjnBigmOoCMni-Xg^r{XW=gJ+%saCu2?4R>2p){yxk)RC9|6Kpmxf(MD-QP2fnzU zoI7m~tgiifxx}y-ZRqH{Q`EBf$FZgzkMEXw_Pal|c=Pbs9HwAmP)wWr_3O5%zMw}Mlh5y*o^;6nMCP6J z?((=X#c>UOai57p`At^O*vMI8xV<-aZvKVg&6jj;|E|H&?UIL^i+7JJrk__HP!yq? z6~DL_B(43$PM!2F>oGa}%+TPIHLa*Br(27>CcD!b3$8!$pGkUnETe}aPkH+CI@{r>*?(4aTvyB|G0J9Z;!Wo>d@Zfa@SaLFNC zQv15StFJzOek=>M*C6vQ>E7&P&ubs~P3{*3yHEcbYC5I(d@EUdqeqQuaIMkgya_9F z?8g=_5f`}I9r!$L-1Fk3^6kTComV!Zk(!hieB~@noi)Ac-_b2As}}U|V}`Zrx^VDQ zVddSXf$P6k;5P)GtXEHdKTUhhJS=B+Rhx&urW#5`Yt0K^43NK*{mET=_SN5i{a8O$ zH0a%>^j{U1D<9_DFK8d1U)6YWJR>iNYM(p;i%tD9Z`JL(Cgj)$d9R~&T?V~>{IB6p z&fh8YYnO7$=Q!CS{Ye;5>=U3 zx|2r6KK$u_dU0pbj`xpFH`_OH;+?>z9~TR59LvZ6Z?{|S-IkGwg1mo4~~S|4ZONhl~kK@e$C5_UiO-2 z>};HI&7QCMJ4B#N;HMzVpkn3sadRdf)AK2jYC1sr)mf=;DI0_j{+^T#$Eh>EK~+9)3+C zrw@MdVrc5koGlfFk=&nWbB7HZv~<|Z{Cr+1yrpY%>#rhsPG2#UCS-nEqSh9$Ab~JZ zj(LCw?{ihV@q5q8ykpk+@%$XpIQ@djw)}t9lezWI^o-QJ9OQi^+vh%B0{7yTzCv*- zZna$exb6M+@7gDK8mg_IRKEL)Ys}R>kjsmXoA#H&4vCm4T_@eGKg|%hc)o%`I3jQRBf!ecKv)y`SoQI7(_u z+%|DN7@5{h+y42EUVe4U8pw0p9k_JN=G^+`sRmV!wX~pY(YYZ-T{@9kih9Myiy(tH zHg9OFmiF>p-7c;fF{ckJb8GU`+$moNnlG-lsaVTC?H+q%Hhg|Jy#4wg<9}7J@*H0< z^38x|orX4S<<@`wxB9}bUw^XefBdV%U~!&ui0MpekBkKySXqspx*~I2Gat=vk@V>L zHd)=v-N&5aFF!s%%=_G+L4(C98ccF(wDk(CB|L9l`mgU;e|6cs=3Ov_8`C^4dd02L zmYeh{%<$w^-BWKpu{Ubiu&_uFArA1qa-ZIm&O`3{NcSf0PQ%90OQt8F<2BXEIw`i_ej{;7KSBNCl7^#qqWCi=UsyAuQ}e8? zqYnLrEB>*-O8D50Y9t#uaz18MN;q_&VEOHvN>^ zVkxoNCf@QhdvqtSH{w6|<8s~+{}b+~jN#-#${p4~GOX!M-~76{b2PV8yc*IB^Lu1` zZ<9oDjuML(z1Sk(Cf#1Vbf9eed&r@Uu6H!eTV%b``-!bzaG%I-5R^+cFt;W3=>G21 zlwo5E*Pc0*zppGC-QZGA8V#%%^;!DFTIZ*(Pyhb3RdvvP|MGsDtb8c7!GV5W=h}bY zDP#>ZFOWaZtlFLU1hwV8{=oAN>dDWVcVFOsUh9j#oSix(<ydsx+%KH{<6#Luux~Ce;sRTZD>?CR1k)qxMSMyfBHV{NsGI;(()E z|MKR}#JQ}@Es`u%6qj`txV52I=ymQgT~vJjJQ3l zq+rUAuZbt}g5jr8`kumbH-&p>if61$8J!BxA$38 zuC`nI^RuUxX7w=q`1&dFI!uRcUmp~>R$ZMF+PdO^uja*#!G*tIA`i&!F>+GjbjJyD ztIV&pcRiA|qv|DmBKseUUD8(Ztp38))=tS;U9ij>ea;5PHQ9ahm5$wXyyx=TdfJ2T zoo7zU#AIg22jbM&hlYKa3!1D;KPj^&ed;}7xAp+H-lS-E@4*bx*jww4=QlgObn|K% zlmN*0Q^z_US8vE6P`-ZlK{`3(-N?iHq9c;8?c@BRzlW+U+uM3l(+S^4xbEz?zimkQ z`vE(r`S#N(b6V#0Odfx1O1FIdY3V3_7AkE`!#l9FH9XlRZSBn0lfTstB=sq>Js86q z(V0+^-u(Uq&7KL06O)5-u*uKixoNY8_!MBL7WRp31Ia`vRRyR!}by4TWcM<&00 zkanYXUc3J9&JR0AN+^YQr4)>cyz_z~V{KU`b%KtRLb_S=RMv3zx*eK*%p3hj1%8h0 z@}~0Qr9EkrnOKLhB6}_G zNSDne-mLK%KNQml#b?(wJIQ{A?%$+cV$*Bgh6lw-om>n1)NCHXBW;c>KkQ4MDVRMR zT&*)UQa^9IMVb?P`=^jLvsQ;~IR-&Si%fj+t;Q$0Tft@=8dLWiBb31kw4zz=0Wg-9 zE#n#uP0SY78$a7H1UGHmb;$ERp@+G`*&j#CUwdD(j*6cb^)hf6YS4r@AJw| zjM{pmBKooV!n=6x7F|vJnn+Y0a{a{nko1anCtinrG7rW*SBxzS`aW-OwCe zdct?5<(-R3?T)f86&^=Jk>}x$Ok&yDgv=J$4*I#Un9tlWb@y?!VdjB_+GT&Y-q-{R z(aOfuou(Xs98X9YR<)>0ma|!A(;W@*BXcb4BH;%`F?*k}>MxTIX%_v#n{eX=`gJm` zPm@yTl097xw@!K9!bC`%?y+7%Q~r5({$2eu9ro=J%+@R&AfZl6k*#g>SabC2i@}=~ z@APeiXmw`O1?cK(>KUf2&+J*K2idd6dC!c-UTaAFg08-cxrBb*^WI11^i{owG~1W4 zIz40Defgf5rdGtC`B~&Z_11+`%L+;shKl~J5Hui??A{$uR0U7SH)}qe8P;N&!LwSi zWFdGl#&-Rx|3c~v2T$bpk(~>UFWY>a^{zk|pZKx5MfN&M1J3Bz0a*{qqS)l;^Pco0 zO-w8<-rq~R-+Hc@(~~w)w58AftMmCi50r7r$~r9QTmAChgsmMcXG(^b)lhb$WP5yu zo~4Gtjs3@_{Agb{dj83lJ2mRs%d!he%g-+ElULTO=Ih7Vr^dB-y`smy@qN6`+AcNq zza?ZAPiSjuvVLmT04TQhY3JIbyE^gwp2X^$j&pBh_@OLRu8ucBd^b&R@aiUX1P9^* zMyB5~prQ!o;zdV){Me1KtgEw*1V?_rOswqHQ%bKV8q{;n)Tngw^U>|!je|3aL81Yq z!;a?<)-Buf`dn=){)&Inek4J%ZEA9lAuo~Ya1GQ})x%7i#vXxUZNcb4w6O!c&aKbi zkqt!&nTLD}lQz^usZRp)sf}LUNW8r5R9V;5tut4QDvY6vP6*be6cEUFwh!|r=j{D( z^bPoKFNfw2?FK)3=i%&I>OZJo${%>9{WyLHvnW5TU7_3!Y0W`zcbRnY{m2@1-EJPD zO(a~HvbkGTn}5e13Ab2`KGCG=n(*bm{j;85&7QHMvA6TichxC7_QzHh->Dq3tTxb{ zM5rz{SGVk5c_DpWvwe$Zj^vK$*>jXBsj{+v?e(g4gZVQ`zh6x$n|@-_#ni%?x$6e2 zcB%hawyidsxbpdz>?L;}^!7S;OZ{uy$nEyqxvNF9>eNwYL;^wavWaC~=7 zS?a-^+5^)5d(hV(fsgj=%7!`92aUUS&@=v@YsXLr(0EMkO=DONWl_dUAFP*&ij}kJVJ{9CJweBe(X-VD_r#JHJ(Br7!)Q z)mYqmdUO)5RnFR-;F!qzKfSU^Jdla8Z#m&&7MVM&|4Sh%-#VzCFm^=hkhz?FnE~fPC zsy{Y+4PV|Ic`IH=P59*Ljum9R25;=TY!2clewuK8=uKUEDt+dtvT(GDezwI+9O%Ti z$fP|qzQ5ezVp{GL?^y4o)J1)Z+IG!6xxMt$`Ou{UIt}SzYT-uh0ei`?!0VyvJ)^oc zGH9aL&VKr*zbNM&U-q_H^4-2m#%$bD-#oht>VbK~hCRT4WMyUz`|@mdI;r3&GULp?=vmC+8h481$Idsa7dszVR+D0}4O;X}tBo(W0Zyj4AC+ut$g z5xb{$5FM$v&)n(dm7(=9t=yI0-;c;4j>_#|@<%!*?tNa_JEe`eF1qqT z`U!OLtjS+%Bz^krf0rLxGd$Ej*uB^6cZ|8^ ze=N?*Z+bVm)9y__Zhq}W-wOZocZh<62%B;n|PAlRloA|L|?* zao@A7zU!8wF5-Dpp9tEQFEsT!HD~0-5xC^L+e<^dZ-uo((oPi|?d~i=f2$hv(Tw&z zI#oI4SYq;=!HdVNJqWLdAznY)ynp24-giS+j<9`scJ7t8Y?vml?0o)o4{5wXbkep) zF!b>Z%*G#keh>YKX=3`NLA3UDb*p-{1WTP3FHkpGKC$+dM6|Jqa~%<5OZwo9Wj2+s ze42@(&)w8GJI644^yR89hxZ(-dtWtUDmTi{9a;Q=Tj08@ENNG{dYrc7^iJ#kT2xX{ z`}%IDd&!kq-E9{d#NXT_f9gJMarbi>Kfkc1tvE0RAQu~p)-Rh?!CPxSGIRJ%gD!h^ zqsQ8^l(d3W<%)`tt~h!tW1^&l*0}4qokeK^`l& zklTKb^%F$o+h7u+8jkE(zhBy!qC=HkuU60O(xomV{l;g2Qk`mDhvr?@t-15IvBya|s4ershN5YIcE&b8wf9{=O0zas z#vM#3Ejm+j2Fe)`edn{q6@yXttEcgH-|r3O8Qe0bkB!+IhfG%VYbn7J@= z>pR6zxjFHU&_gaxwl&^;yeRWP>d`5a{{3T0N&5eaP#NEK%G~^wO*3I=EFF4}it27P zsF#_eZjsqEab~lQvm3R}ZbE^~jd)$_hABU{V#h5bR_GwVT$lH~ zRBsqAd0)EYhxcCd*o4jr%}R1a6(63Qx8SSQqnocIF7?r}Vd_`@c@I5w#Vlg;>$7%~ zw>PW2e1{b6L%o!5D$9RzqD70+q7@an5J_)6-+4U$$2MYR_T{sm);{NrD$4kE^y;#g zb7u)x4m(;$z26Z1_{7SwHANq)ryi5c48=cunR#47YS}GNwrco;x_6EGq>!rbJb632 zpkLw0XVJ=Q3*PDf`Eq+*4)qej1YAO35EWs&3KbbL02b*K!IC(+s&kZ0L)} zo0g{U>Z(tku|wVV=DKdItnP~OEo-`el=M92Ju%39$HUc9IM@8+er!D$Uq)hjgO=&t|X5ZOK@6aQ9{0j6*D!#km-@g2|+pYf(b8i_| zW!H9%3J3zy9Scwq>F!2J36U=8l5UU&Nd*=nNSAasNVhEM?v`%phHozK=l%|`G)_3 zKC^m~D;_i-N!*rXpxv4x&{yQsk{es~)y?tXIE0NWn0&x`tGEB_JJyp#CyFwWG%U8h zpHXF>hwS_AYAHW-Nc_s)NU|EMVDkzr-@8dM+2s;vBSGw_?hMB_95=QW@lQ;`LR)J5 zv~<7@d&$bj8>DS!SdI*PC*HVR$(s$p3KjicRuB!d!z?80=*gq-eB zQY0Bx5N)D<=$j7Obg}NE?fXMKnpZJ-6Zo^D?k6}lpEq6& z#fr-$3(>r|a(i{P%db={`RH2UtfH{*A?)PpsGPs)6Vr{qxe#-cCWijAWD7m^cJ>vY zE#`G~;uw&&8BZSVB(! zLni@>U4P?X+dpO>0l0s{#gVBkG$-+_pxi4NZQr>>YU$4OS&dmXTxBpfYA{n-+~W;;qUi*Gn!dN%E#vc5l9y>Od=2F*wI z4}OXosPmCky!=B)zI)TA!*iVBFmo-Ej8>~HU01cIS%BL`Ov+(`y6lqa7U_`gl@cOQ zh65#ylt(oaw($)zd;C3iL84t&lb(s$=Ep>24lXa$A)0fU{+Z%*dqr65&jSl+Zv|h* zj_d*MG_AuBmKfyR`!ZI`q|!2>G&Nh}L7Z#{c&y5Vy%!KD^u`VlON z&G1!rP%Lt1;@+GF{)Am3^-A^`1iNVpI>0LaJ`aDA)Q)bicyN$tQsqNkGBXTRHGUQK zRM*oPnDMQ@(e*%Jdb}J(<)ibH$)0JN;Z881H$cjGdFtRxiv;PI?INMH?|iT?)f}jI zQhi+*q~b;$OcQze`2Krd93zdg>925Cgv>JY4hHK>2L$!x=7_xE%tyQsGN^uw*QWus z&rdz?UgZtfBOE_GcKz|vlNZ6;Drw<~{aRomjE89W7 zhtNHx*CoSh2%H_|obB<*P@2JV7d|~+JF@jX(U8bzlFDolB8cyg_Y{u4dhZaN0)+B$ zt1h1?oA+4aLod4$s2?rqmm=cj%4DZc*{wcz@&1R3LLQTUdtWDlHYto`{{6%F{o&RtwL=jTCW>L`>ZZqBIOfU}K4=G^HP)Z>7ccGU~t#oB7UkR`uN8 zI#Sj#q6D7sGL+gzTpKa)dO%Bcg+lgMM6x>2F=3S3F$XlpD>fyb>k=vB}`M=9bB79A; ztQIWBgveem5rTc3L1Bp<*3337MVZ-J9%T-zu|b4UEyXWmrbv5FEpat^Q?DJ4w=?7% z2tijZM))7X`lMd6vX54M1B@&iq-KrNEqB|0h(J_A^!*~eA8n0u=&>tH2^HHM4n%IF zMD_Jl>GUTipT`{nl;?YEPQQ-B$&>@wE#qyFu$7mlTBGrUEf8U?!9kqmX6w%}w92Gx z`gZhg0snh>1LA;*y+WucjnIn$psaoj|5jE|dyDoKnn4+*ydd z>cK*nT{2Sj0#Z}sd+xG~X@M)<#`d=(?rX)Sb)Lrp9+S+G*FS6-BH5cdw<_1F&|q+a z5(cq08ijh>F2PNQ{pVUV{HK3rvG_bsa9-S15EteswtjQU{j(RyUvM?8X3k^4#je|y^e?JhC0P&)YdNFt6U0Kj9hKjHcY55Po+Q^ITLma@TB zJhwU%O*9cw;9d6ful}U90Z2X0N-krD;hk;=SC%9l zvt+{WO#!}{c&YjyH2^Oo_{yv;TM%60U+mJ<1Wr2<1Z}t;c-Jcfm$R4yRMUk>Gm-dj z^Dx0z4KGc$;EaARaR8Ps#+#F7!wb|u;O|tpg+l;b&OQ_T$Cf~+9uIz!7%lt~coT7n z%xVP$vaw8`{QMqp@514|q4byAi#IxY#1vkp!Z=WVb$!xOuLbXwYlUm9^Xx@#(n33U zD`$@nz7B`|=%e9~rPfRL^CD`5L%B~0zHl=?ZYPFIUVdu19ma3b6AgY0ll-q5OX9cYR!_3q(fn#o! z@Rk$3tB1dh1GqTmgOeOz>STHBAqIY!*DL?^XpL7(Q(h{}_SVh(oXJ1&)D3ItaRY?1 zz#9k&#Lm?5H(u%g#Hs~0fPrZuKAw$6(jH3$L~(@>l9iXptCdSH4{e;m$&LJnG-2@a zJ(*Wri&@MdZwtp5yviui$6oC#+eX0=wTQ5iR2PduT+o3OO1*rOfGA+jB5(C6 zP%YkdyVIVS(ZGan!jY}P@>k#5&E2i126wKGAizFeGh)tu2Q8v_M*0WO-x%r5=lJJf zysfLYZrbn4#&aKOGHXNv0)eR9f>Aa2*BmU`$;U6$;ngh!LN*Sz`WYULAGwpx=#ZW4 zqAIIM&?{$oCXH4=b;L`XQz_HVAkS-RRQ3j)gp@?rCaG|C)IxSi!T#px(rK>glK3}` z?8gsi_&YQS7PH=02hjE50#>SaDhTrX<HGcfe-&lBjywt|u__pdaA-4aB zdW#eP8PaJyqSPJJl<{nepxaP}l9X%0vpSLHDfZa+%}wV3V1LmXDLLI$FUk@v`_&eXqXaX4Ij<%N(eS!oT2nh zdrr`|V(F&YCo}uL1Un{ApfK9k=auBmTbJ2x$uwmekDe=hBa5g%Q@M{M9*w%AbJBolRPdVyF`M46Q($235N-{6oFdXYz%U`}|?=zFp3`#Ipw06rz zltKVMH;CR_1FETpK%)^a>MK%XJ^e8Ro9da*%|(viN<6#qZ@_^BIP{~dv%PC7nKLfP zy~{F_8ODClBe#R}RgF{o%M-M!Z9$CJ%0A(bVUY%Bp?9?om(N6)l~9VWL7YPy$zEoG zIalwBEXk-Y{mpD|xKxQye!&ry%DfLxh}PO|^f&+e8O8^I?h5;yZ(Qzh2x)Y`C8Mz# zlZ>WBYU4i`O~+&4vi`(f`SH)y+T*dUA&RwaUhx*-x_8uSn>CnG%4L6|ES=0D9A>q zl2vvrZ&NK7!oY1Cp~m?lAk)3UROFF!WpdID|+ z_jE|sCJ`|kE~piw@ZQI>G6%EHr(2tm4rK|*supH;ZFfJj-+g_Wasc?)?t57|VBrZx zd`iH^_}{#H`A0B+fB!${=P*FQAi!|ln;`@QfXBfmiX9Gd3_rino9lV0*Knx6!S1Zf z48Z}x>+eoQzxANX49m(hI_>;mkAvxGU-tI{vPDUP$W|NjN>33VZvI@6hSRorL~WAd z20C_^Z-;hgA7u5$;v3gjzf72kAk3Qp%;9_v6R8G2rKw6o!kU}f2aInPySf8B+43Zr zPZBC{kY!`V)2_bZ0B-P@o;XbTioV1|dog&#f~UiG` z%p6%X27oB!;W(mhn^@} zj{Dwpz7FVMpqy*U{_SGEE8uUEKgxj3-gdk5)HvomF}<%0Irc07maf`=RYs)lu(td9 zx%}BZ`_RdzD~SM6&2G}+4jMA-;Q>cAc@T*{sOm0e=?3VGx9NjycE)nyB(udvW60Va zsoby)V~yGT{b$;+)^gf$w`Mzk)>2a-ja%@<4TAoBhq~ zps1m9+=S+bRmDz)FKibc!TQ$P9K@zOJTGVQ>V|E0oe5ZUw3-wLS;aXwU(-Mo=kElS zb9(a@3Zv)|y6ziwf?VE%XkG?}6EqZLpi{2INcgDF6(n7R7{?P!Q|g+?{&R`mjDw5U zX_Sw?2&mN9FUJ!n^E*DcJ7q|J*Oar#Wt34MjaP#>8$8+s-8oC~3D2N+HJBYlrS}g8?DST)FFAjGr4@zV)eDnA?}eQ3 zbPIjHw<9r$6S)>?f6n%&CcHSaQ>OUIFfO*1L&ejuL=&URqG-yff4 z^sL;Fo@9K)5`c&NiXOg^3fCmyLP?$AT90b_L5}2Cy?V>t@hdH*dR>#*qLM(Lq0}hL z+;?wShN#hgIG;30_ytS90zvD@>$4gsV!2P7eBZPi3LFVQYZA=&1so_zcNf-M2MmxG z1N|K+H2ikMu+Y^AQet}($KDgTm+D^`_1u&Jzz^kRg6Jz(sgw9}95zqn0Se*J1s6u36nViUTJNi2 zaqxd#de`p>zLcSBp=Y!{Lf%Dqt7u^wX=4^>oM~QYp!skmxHMTfh_zr$weEB79^YpI z3(h5kv?7tev0}l2*Wy1sg}*9v)bD=654P#Mcgy!y zyQ6=l2=Y=2djx(s6fwapQ`@x|q%h`oOf^QN5Pu-Tsv)`d+~>mqi?(kRet31Zbo|<| z==s==ybck!$B98VNm^e3bA0zp#z?B0fJf*1Pu#bi@4G4boGpHo>Z_68lPFr-0S1`K zIz}wAg-@1T3;ys|tTX!oiC}<3*;a)&B4BQx zkd+M9^nTc<EDwc^NG3bs#Kd0Nr5W(D}v5L3w1(6@VApVVPEtMW@ z{>ugU8|9K6J%>2SyOrDr1y8br6Fs~u5X{6Xybso89n3POeP51g&9Z>$o?i0TTEZe z&_@*#NQ$BnrBI~)9_yTl2QumZXIO3&1%ixtRRn4zY8!H{_g{KrOm(FAA3iU7i3Vw~ z?#X^i3mW43iVH~8N$a>meWS3yahx0jrT{z(M=~Pa zR0in-U=t}sm7!M-Bv0*GB8OwZN+=7pW`Me+SKd801)jiYz$wW|-;0Qzu#Gu~vQw&x zi9DtxSd^L!GzJCa%GZ;+j+5f|LqvI7?Or`5~%_B>bIx8T?rE@b7lsR|@WV zxiPdt4JK@)qCbfN4oG}3IdF}F|AtSv;AB3;->=pF9?b-Y2TtK(RfgXs_{?(;=|P33 z&`;ngw8^thjK7CH0}tZxurs;<+zBiLXz*p=A=H%Sud#uF5BS_K8bV3s|G*!XD~7=q zig={O_Ddp^6m-rLbO|va6GsiDRr{&)!b*&w3@&q@2>9EWbq(+&H%^;}xFDSVzo zlmt|E@xR$RDxeub5Dv2n{vHkYLinetZt%=q_n1Bt7i5^&41gYn{h3wwubsluGte5{ z=UJ@0)P{u3Lf0Iwhmc;fzjhM;X7$d!?*UUL;O_R?c=cD*=18`j{Z&D0tJuZ$^-9A* zvv?$>@SIVY^D}f{$Z!ZDx8Ug{`r8ZtA#-}wPXMk+6rY2U#3wvtkh!$qUY|$NDLoSc zbY#GvRJxBO=PgmRdLD4D0NUd1v|u_0A0@h=OFbvO>TS3{;k*q{T@K-TG?7fnu;Bgq z2IJ09T-!=<0X*bzcp4mKCT#DW?NA zGSINoqF|B*!Z8T09Ol(~tyP!dwr@NBRyF`zUO2)1S{{m+1JC@cRLn6twuEhmGmzH@ zQW(p-y5jN5+a=NYqFZ!?U@UlxkCLLQR|2A0#CeLq{dsa;7!L9Wr*N_N&7lJ$g^@WV zoE;m6Cw|mn9a_lAb)-%;togKHxEcaT1A+oKQ;?g8q+3!(PE^!G1G7%nGOr5^cWw%! z@V{f`4IJ;W-yLg@k{y5#nq=G5ytQyz#ic2HP8#peVA#_wX@ed{21NIatZFv+92i7& zKygmVH>Q*fH{AkB#UG&UIL-CSwuEc?%Q2jX63Hj;+F=$W0-ACx=Pt-tySL+$G()C0 zh%f*fFfmz-)q_V_*CHM8E8%qM%M9IM23%bmHXJ~;Ba?qhN-c#E!=!@n=mqq+(I2;L zDf1)p;oYBQ)T$?H-U|NhKJx&m8!UPZ0R*qgiY&E4Fm95}4Z#dyU*84>0&QaQd=q~0 zZ;QUQOUi*+YFyum&Ie$n_L3$;AwSEhl0sSP;s(=J_WN6KSe5WP<>L7=`rQ@0(F)lHRRva%U2~xB z1fOcNF`~*I8oeq5SIm%bs7JE%Ge#@4_qg(|$!IP2QDL>;U9*>$DF!8#{~+e2k-e^8II!uuiOCZAKhh6yI=!-8sDVKe!V+0ggiA%Ym0 z9|8MteC!9ax!7caz!kLpxL7CWU1r>rqqr{6KD;wZCtd!~mm#?+3VsC7bvuv+ll)b$ zI&Q5A+6}EjyBmc-x^(mlmSJhK!#7}XohE^$-GAkt?$7?74zRw^Xu8{&7G=v)(|uU7 zh`)T+Q=#lDIdZwf4Gz$>P+zvuOzRED@ z(81yz!+U<(OPsec`PkHwSJ_6F&*x#K^a(7Ym-x`)6UX~`JHFp9 zM4fRD@oAJw2Pyb*&hMK2DOb$=#DwattW1FJUh9}h0$>$v?!8aFlG)|#$$fSC!W6{8C#SwE~tn!Eo_5k$aOMu#QE z_O&JBA`Nlc6Ok0Kl}LLMk{$k@R)NR(ix}7v$sf@Ec;~KfUd;0W?Hxp$crfTyHeZ4pxoc_w9 z^Co<2LTXwLXJXfym<`>Nr>H%airC=i)-0d9JvK^p9^4)xL#*3zQ>6vZ2o@Hpy;r|< zv7mclvCRi0wuIOR^W~P4pt$pKhnPu?QYj<2JZzQR`4f;O7X7vx1*hY!)FEH!UW=dbb*jQ z{fNe&vcIQSe23Zewc+B`MUaM#bJ7}3?5p%R6}~)}yWRN0X5lzq%00-gPy2->O-M?2 z)aMULOo5iZd)1HIDiW2N8IiS5D?R#+;YXI0)>=GNaxcPF?G*%DbgHoGL|LI5ifQRD zQ^$G+El&WE)poHJRgv(m+YrS+K(ClzcV%k--^*B~AWGXD5|@z-lQ^~*vW zB93H3z@?umx1=}ff@UsU7er9uy-)}qul#t2lrt0Dm_O?)-Q!HECiAMl=o94pD8#grP>uAjvh?5+}_|zxmiR6N#9A#Jwyvg@;+N-2Lku73YVmG zn@@9_Jgx%ham7V|_u*zRN(R*Xu*4LvQmLGWJp<3_MX`cc077gWqaSuZHD|a9e&lux zePWk`3?d2{m7UhFFnPT@SEq7k^Ok~7RM2(TesgwQM;NAE&kcSEwZuYf_k9m{NT>6X z5hy))Y+y@JRepsdUBhd)jN)vbnKYSr3}3IM!T+th~7Z5O8*GdTia07~ic zJaSl|N=A3ZTN39?w#Qj8r2SazqPWFjXxDnn{x5_fN?Y+gc zDf&glM!cd4lYcx;5rTt+a!H-F<120xKqGid;wfad{OViEE2D^0ZJLEifJgW^G1yzb z1&#CMa4pe8x$l1b=l3P&h1v~7rG}!d=-{d##yY&W$$6Xaio59JHnU)cUT*4p+)4Zo zWbiV`i|xjL!KnQzTNIkFxpgw_wA}t_kv+>rmr&~EkUp>5XT+QTpc90mx>>JWfE7vm z3kdBsA12wFV#p`*bLy90v)*g7Mb89k7E5}pnUIG(ANr68HHh=*%B6t$O|<@z># zHjqL7i&YSdI^W?WwvJS7h*f`QWolsB5lph1CZrPgH`d78Oyx;N&^6z#HRqb}99Ax| zkml8~&2v)2GI9$aRN{M6yBa9i_fNmlSTie+=U@vZS%<6p5a0M@3{MHAKBCdh|)Qb_0B2VCK*HH2XPb{5wMi=P@bFzcWKaZfL-JB0lOlvaT&~95R|xT3#h1u z)3I67Pon-jA<|iY0?m7XTg~izUt-JpYy}^F?tcFD-MnC<=RM2CiJG}5y!iNydU4q6 zZs06e8ekj3sxCH3@Qk5ES7}5$9^5C%+`pEw2ux$CC+jG@P0A%fk17F)9R}3O1TnnU zQ#ioyLkfseZQf{p*sF8OL5AKJp3Rd_+TUH^5)|I3#jBKi-pa~vkCMtMzQcBy{{xCd zAPBD7=AENasdG5Ac4@aNeeI;gXodHms@Lzgv!!~CV&`NuxNPRgvEfwE!Cs9Hb5lnC zv0z*lP&9653bYAmEpIJ9)W|2+0_vdDZfBIc-C|=>(LRA#`pFYzI;Po)QvJvRwZaUb zVYxUNRb;nc661P5^Z;l-IB6h}TD3TPmgBGHG|P)-23InhZUYB9!rufwLTp@ipcTMg!JOZ89Qt3NYW=;R00jX- zR{h4JcrZpAC?_hQ!PvtHRVe>ZDkP@c^~Q#h3qBW0z=X1<2tWy=VM}A*z2VC~oQal3 z!0-`XRXi83#o)W$w`@l_$r3;w24W_nj zmneG#rPveIxqD?m^0VT#sKMmS8dz4z;6`$aRQKe&{GbXEtNUNXL&DF)AROT8izDiY zvlZ)7Jj!$72bNYbdFqcq-EnlsI8&|x4NGj;}11i=``ei=*ZoCV{#D_Ue*QjEXT@k~B zh+q3rU=%$>68r7?>0SZr=w^|-bDzQHwA{I%OER^~=%v@pz`$z}K;ut+sFW4S_TP0s z)Q6-0Qx`;mR}3p@?~OV~^i@4G8>*x#^`1Hzz^ex!1=27igr1dF%SAe8mUtgtoig@O zam!5S2dUveS2`69MoZRSW|rIUy8Y762(KrVNfn@&`KKO7K73ES&-qV9j>0>KY3%>p z7tKWv5P)_m7yUC@oVF|4tMVo=Vn+rk6)#%u?+RZr0zGDsu;*F&`{4{gbR` z4uRo)0CweRmS-GMvT9eM0Xx2NmLDieai75Tv0 zip`+)!5V)J?QRF9VpT&`S#0sM*9jc82gs?$wnA3=45IbW)X%I8lbsQwtQm6OjN0rW zQ-#!K2mHlZHOR2AF077W;4?Y(`*gb=c=G&PX*;vgCVm0Yu$`I6zq{R0lPK@uehbLg zGbuSC)fN4jx6Yej39VjPg z?+OOsd;0!NC#q)i>PD&lZZ{q-R;16S()8mzj@z)^0RS{9+rE3d-BWcQq|GUOk4p8M zUfp+%1H$7nj=k6Ux=WI4ak7BOLx|Oq9jTMNW)5%DO4*^=1uDucSp09c@c4M{AfJNZ zfFA-fs;~Ag+x>)c32taz-GDU>Q+$6cGxW*?=)54{QDK{H( zzp`HCCR6Ee2+#D(ztXAXmMiexflR}>SRGQn@)H(Q9K!DTL6k797f;kd`2-_5NJvul zNuv;q`5Mcq;Qo=Dt+CiBS*`0~(RQUlK6)sTuz<&#c#3C(<;)H7HG5at$D2H6i3NiY zn2S@+1M!z5rv2ab$k!%cneHt~iE|QyGR9ym*vU3zm3moX=VFXS`(CP>GpBX^)fF!2x+_^pmGXo#8=~topyldx_D# zIvDI0o0Z;@0`pau=}h1K<>jUZI7jQd|!2hMzVw$o%{giOmYCj_b|OY)ICpV)qs zct6)fmHLm7sNqp;2RI-|-1zY1Cm;-_`v18GW+(d8b#Pi+qb34836>;`!HW$@jIEGP?OzX9 zK5>KS4oX1XmPYM5TOYeZ%0;(|+lFfqXA|U-CnGWAS_M+R%+KAYsh}ON9 zjIu!yXZ#_7MwFV%%=DAtnPu)wpjtKf?i1V(`%nWU*Z+`kgu0H(bF7#`c z4*#YWsagt)r4|r<_7=dqJd(~J!7*YPKbF!cl7yf@1t7`oOjG6onfBKDg^u6o46Oe` zv0!<-t@;)VY9&u%5J4Px5sT7^`?~JMvoJ6MDp3B?9B<8Zmo!CfvQ0r}K2V)2iw%fR z+N@G=>En4SNnjrY4lH@AG{Xk>SGekr2PylEY%koVsx`(cR!kms!f#5Re)4%yyHKwN zNEDoCV(Z_4N1e1Ft*80-?rBPX>>c1>k_kV}gBUB1PfX-TC(0A2d+3k`Jr#@L3-DY! zyr8G9EEt)?5cP^5z!8%o5D@xJrGQufPYbSp*IfjoXNUV6Q3Sl~=i~GoQ~_#6D(IG6 z(BFdqzoU=GFv0L6+m?c4J3}8Qh}qW@7|X|8;F-aj-XUf*$WCr?6%+c0AVlpRZbbH` zpHgyl>x9pGpF9IaD2Kq+=$;p#ilf=`37>C5QO81yfUWqSBYCG@_i&HC$yOu*Hq~(Z zXbkw+@{xP>pMGmqMc1^=GwuVxeRHCt0=Rpn7uZqI;*!}0#eOP-s_pdX5kSUuu>O6* zU=6We(Y}@hGmz78g2$9Inf{U+S5acen_({mxJQ%ZG|Zn7UFn9rj%0z^($knER$M;U z%B7JMx~131AZkSG6iRr5WK@|0&QVX2 z`zH9v`9C%YBkO;^U#Kn5mxLUyzi$lS9`HBD1+UF@y~726l8MV@3Ci;Q)}s0`qW+wM zk;6>*pN{%}ZTKUCvbndgBD}AT3iq!;=|Sssnx&(qT;~%AhkAOqu!-gZ*!)-hmr@5g8 zpOeEa07HdaKE^^?f;Am}qqrT7RvpHRTH?%LQ%3YC%+xj>qcsU+fUWbx-7Y;SI|QkF zhtxGrP|5PIyiW`^a8G? zVKi6#ew$A9w$4JwJh4V=<7D|Zey)@eu2DExXc32TAP-xOyff+fHkf@&lFbfm$@>Dq z<;`Ce;UP1@tE)GTpa?!V=x^2*%dGPjI2a_Mpg}@n){nOEH7U8sw2lco2gZAcKmt@0 zFMxHM%c@443dmSi=8wJusuEy+Jvz6$jhF@Qdz*H%QT!Sr&ZNS~p!k8X%x5zJk@zLh@>fd8lw3TMsTp;uAo!%o{06*^XQRkqD$dGRZI* zdFz!NcvW;ckCX5Q|2h^)AZWlh6b70UJ87O({?ZgiE1(#|WOZUn;3LV2a^3}KyJa74P??f0gvng? z0=Ne;;fo;zpBD2a7`M09<-I})=H^X%ivLf8|9m-Sp* z3KC+txSdj!exVtDPZ$`U$r3(%m>oBE?@oJPlw`^~{k)-jf4%Sc&x0h-jR7yt*9({X z37n@hu7r?v^4<6-rS?5+b7={8|Vx*dAcPCd)Dw@H3C&S2XH@l_@&5xmlA4TdjF<`-XXyH{`aWF z@`sJ}2#)nV?wqf@FEHX-u&FrSFx$`B&FmaqZ4zf$3?jU!`dx?eE&Js)WfwgP^q^Q- zd`8$Y$(cmpO#zqn3vbQ!Yq_Y@o8=(Kd;p+H-hrrB=bAH@G}WoVO;+3VOFYZFT1w= zFm_PA_a-U;GI02bIwT8Lo3O6kPT_OylZ26cnu7!o`;&m(#oNlNO*zIOy*3{$+u>(NP*#+b#$a&8hy0LO}iH*K0dQzZ2e5@VfEx9-6)E4^eJO3 z32(h@$NEUd;#>R*|Jg?84MU{K7|#1tu7Q(q#TuD%a=XK|D)i8L0w|IZNy+=bb_WA! zSPeq}W4b+r4?o>@z8;GX7>~rqFlr2Nl>n~?=pcf{wL2iEQ$)DkH3Cl<=pbNu@7Fei zY#cf$9ZnLp1^fNG`PM_~>a?#;=5G@C ze(Sf)GT13lG9#DLzW@{B>FA>~`#|v<&ztxvk0l}`m{z4}Tv;e8TI4SVQR|r}PQj)ydKTSw<|KP(AN1~wMuqIODn_xKy#BAwlD79O@j^6GQ5z=WVz>c2mygIwzydw*p3 zVvS4yjb=_*w7uBOjO>$o+QU8hZpE(-Acg`WtjbxTE62d6hJWVw%_ZQ=P^1yFyqj{k zP2@f-t)ve^CzSnD=WPqT2`SQmf#QTi)A0td&MRLzE-Y=Hak!;T^ZI?!DCUodCi3HS zV=!&;kUweB+Trd7I8iuxrLyXaz)pcX9r(y=w*c?=()w)%*ak5CblZ%jRiuOg9`s!u zyypRkX&?gk4gq$GLk5DD$~qVc7>6bI2|Ig6dUhe_r$o!|K995#Idiul6~8152T}ZBy)|TwmM9mBRsk2k%W=jAmO;tPs_?xY9&^8#c3m-`(T@be6l;8 z-!5p?EeOmh2G<@yN-kbKl%B+fcDEGWrNU)v5@5t-5N;@A|%FwJ%!Zh>&S_ zvlC3uUm>M~Umbc^77ZROW6rq6p-0{m$F6!uBHhaZPAY^N{)gB`4Mjt2nJ+-`!JZEy za;n$S>#ec;=vgjXbeKQCmVIG^T7$mqyw)4pxIzO*vbfspaAzt(;b9cm&#s>1h{D%} z2-NZy{q1ofJ@MIAkneo{)3Y%@WS9BYW-gE41R47l6uJ~5(yM}71hsG3kSZepYu`RY z(YuY8)Ac?PH`Tsrb8pYEoN!P}9F&8K2>JT0H~TcozPy$uE|3IU4EX(k|Ji2-mhi0_}^%}9)1>7@?oe%`1&~mgSIV$*4znWdArNIgZ-J_ zsHlqTb0oB8B64y@eYB zboI`|CV0zt<{#>l2lo7L8I%H!@+FM=a+az-Z`T#P+8)rd9BsQKWf@-IjntWnC-9qz zF{FL1pY?Zrrw!3fp67_<{%T{j_{GsJ#-stBt&%B){7<)zHeY)ScejqYAfqMo3zxGbAdkCF6#r=$4+{Wa(aZ|?=MXOD(XOB}yl z5u45CVs_BU-q_r52t$Nm(zU%?u@gpPjeC76SCQ_|cR%(*^s@%bG*$zU@z=(-oUk@7 zMk91gZi*z=6Su!n#(Wa@l)K)L>WRS}>}KYT{SvZM{jEjuj= z=&!#cUS@5C;fIso%LFy7rSKbP%X~-tWI0v4@*rR9^6B)|?O?@qBvQqGiq;YAPIT>3 zNyW6+P4sm>xtz=f5hjI=;@Z&lscVpNOHbjqka*DTPkGWw^MK2ZKmQauEFTi*IG!li zhInbRr*kN6=fP0Qd?_|_O7Rq_zWS?RZ|qlOIZ+OrM)Oh6uHk-_ZKaip3HKYNy3_R? z)0@5zWsMtWI@wAo1znQ;vD}3>jms3$p@{mhgclOaDcCDcuXys5Uhg;W5v`z}Ti%B^ z9w}3m8xq>Rp?VsvultNuA=zqXxZpK~R-;jb|H_2IHmX>|?Fz4gur&0RS@NL7FumqL zu9R4oLE}TtU}b; z4aT^T_NvYkP{uJI2(q%+*M=y1s4d(r;U{p~e&H(C*Il^W9F^c^(ksb9vv?}Ma#>QG zC4P+JxPo-rcX9Imy6Wa=RwUti9o^mY?7f9DugJUSZ^POh(xKrsj5r{O#_CiW=5f#T zYcJEY7bykEb-6JCv9n3d@f5IT-_JSJ~^4LWoWE6Co)H4!uWm< z7!sDS!}vyogTsl5Fl&ZexAY`huBk5Yzk{z?PZaK(3W zpDe(v@BK%cL3*L(2P5QKL%&$K3altt#fN<|O~8$(Z&;o0&01|t@s#F1gN`iGAjwvF zj_;e4C`40+-tghUq_?O#1)`(#H^9MyuWJu7$9eaw4|*$|WFJg5!OVVd?nKVsN9(I) zS0VQR=En+UL}s&|Nv}sRLtnc5$-9_vox;27{&A(HS)Y++zu0C5hQilQiF(_r+r06~ zOeDm(5FsqESkNaHQ{RsBDL!9Ilb{fFbnxlx2e5_rp(y>SMTSPP^nrdjJR{j_zKOo& zmxB1$Uh6+1@*(c`3nliu`rg%NL&{+Juj=BYK9z!RS~_5%T=^(2ht3Pp;Q7W+OfFDn zwc?0W$*4ze*N$raG>2D+sSg2``N-KRkP$SR>A@}Dsxs+L#f&0 z>B@t2e~k@H_fAUuXHoINtq$ikib+!z=q?l&$D4%gT?w3~UoA4PavfK1JsaA~eNV?{ z#O3_Q+8y5Ke{VwLLB6x`kp7(b?z^Ym^pT4JxiI~<=7YH``{bUN2Aq^hN2po`;wj9X z*o!9y-bke;R=>1=Bj6(%rp#|{lAyJed~~*&pYkIcaPa70$FdF5W{%Lg*)MQ88e~oD z9nkkxd;qJ$H=oYYp!P}l6SmrVsQcp^hsT$w_WDNkANv8Y?sikgQoog7d3n#dor8>d zn0@{nqVS*YpmZnm`;0CY3^sqg4S~u`P8_n2`fGz!$Hk;d*FR6pa)}S;I@3lOxe@Hd zQ{>;2T_f5ZdYql+kXI37O#Gf$|NefxAJd|k`jxn=pTiK>+TK`2cXS}Yh{(Ynml#5A6s+yjG+EHMsW_|Xf~S*IiKVyrWIXpsss@r z8kRstry5AI^Xu1p{CY8mM=+af3|>RbG?o;L3Ozo%Ur6u%7g28=7u6Sa56^&fDlJ2( zbcevuBPfUK{=<^~W_%7($v>w2&kLTogFUHjB3L?D zb{kmc)h?AdzOJ-yf}KmttxSj&eN{Z*Tn?Sx9{49~lE})~JRA6AKp1lI^wP6peTro% z%C5s|xLJ{dhRH>>Jd2faHqBm~QXgIu<~6ZJZP?Et@$x(Jzn;CcjJ{J6x^I@D*W^$i z=fTx|%c;N>Q))<(xU*4{=1x;#(S_exq&tJqZ_Dhm(6bGlQd@DZiY)S&md(9fjtERM zKg+YnkG;Qw{lsCdBda!)%*SD%63;7WeM|VWsIn(ZWaD)KfFv0;`fh97Ah`9lD3E=o z4-H++5qq{y1LCpQLxTZ1uco|q%M1;2GJA#Q_2C~ZuCrPO>^$l)DomKIj$ES`G>p?F zeQCUp&}PmV7~#=63{2UvgGOeCWCCZ&$92`+k0^yiQZL$nAg9WW-(g}=I2LZ7>6j-#>3G77i?vua(sd10Ygw{kGZ)P3uMQle{Yi~%HmbUR^T%DV5F)=#oVQ&V`+u|$#ehXMdS7UIa`9!DJ1+P?^ zFZNZ5NJwIhn|yn*ZSSZM6{Yj^Ya?HYPZXgh>T~F@$z$Sp}$ewU$_ z!Jz~)l!9MaNI+EqGmC+mb$^JEbs3*HLK*JvIYj!pnwMD_wK$4a#s9(3#@2zsm zmeZio#Cxj)&FBzT{|ma-Q={K`soVBzWrD{bemrLID%g^Tl7_}A^8}R7;D?{azAE`= zDW@Q)gZB#h8sSflsp}j95z5^LlESr_hFXhv>F-~&eaj4#rMx-HLSBrBhZNupX-2A& zQXe!tir~p4{txF$vvt)aby`WvxyS9jxj}S0(v{}d=9nUwf)2@)e0N6o~0jT{@l z!#@Qmo|tm#T}c?HMA7|X3g`>?kS>)>v2USEs`j%@Hw8T?Ntb07B;0MO=XT%BujYK5 z0tAW&>joD$qeLR*HcQ^WK2dvC+!GD(^7#wHVyPt>(|1hjNC$@^1!PZjji)9Jq5sYF zK2+k=Nc-~FYdf}yAR53&pPY+r3Dwc|(}4Yl8~iVYGN|jNoGUh^z2-k}NxQ36D21rz ze;zkRUS}w4^t9v+r<{?j498ktw(MML?VEftAf~C?2)FmT+{-ge6O7JIpO}E3T4PH0 z&x5mHZYAUFV`plg9XagToxg1YA>KLRoAWWnV9;~+E>|v=8uTTQl}*kXeswc7tid>P zVT(&(GQ^nM)?k8HyCim(7Z1m(zdj-Ena}1NY{AIRz4Wavh<%k1d*K_rKiv0WcKB(6 zwbCi&^Bk%bP+oqsiezv=#wqm-y zj>+t~W#!{1n5T=$6iMf{t1%@}IbNIJ+s(5A^Mosw!{*q$hE7aSHp3=y)*dXedL7a# zHAVCLGsAw%W6$UM517)`_UnT^g8}G^`cT6eLsOIV9{6#;eoZ* z{9AAWd(z=y@Xf3i`J*KOm*MBPtfij#*H@AO>c&aeS&cGYp?v8-4etK>5Qd4PHEG*> zo8Z?Y>cQgi5SQ)*t=}|o4cff(pFJ0DJ)a$b=Av1GW&}e^hU{TGI~^upYUQT67!x8t zi%8H&*d_iBtXJIdq-W1Q6Hf@--srdQmx~<|93t-{iv?S0+MutA(o2-0v`cvJ^CHdE zPfEt;1;n=!z@{O`TxyWM#)G%N68~Hk!`9RBF?-VDr10fguKADbCytTO{&tJ)obegdAvk*tQxId&2Exz*!^kyXH_yx z@~RZ6@63aYirg4eW9HGBoK{`yjEJ549Nls;3$Gw6l;^sf98W0Y)9aMN(CqNBpB}8l zQ&>~Da|u}=HS8bt2`&$3b6UA1D0NE)+HFkTpk6w`E_vk@1c8 zZ#eKeb)36>dh##pZ*#?_VFs1g*=JBb6 zM?FneFm%U$-9>>aMdCN8rq6oX)+pjRM2s5{(S7`|R_yP2IMhNxcqqMr>w$ISgW`;W z`)*2};x3Vj2A87^%WZzo`VS?vd%ILWxw=j)&KdqNbdnDmzRV7 z^W3J1St#b`)b(=c{CmN7``cm2LdcWF46?3mLk|YRIJl_BHSS~@M`OMfeK*q?avE+k~_&web zyUaxtT7zTKD+m;@z|OUdilueIy8~lpcFKg`zyI)v{??|qZNqEm>sINT*M~vUpi8iY z<#WTvVSMPK@3S$fXf`RFCZ%Q$is^ueU_@Wllfs<8iQ~_owy_XIKU;q@W7$WtopT`i zYj9k7(2yfyc8;|{KFKVTD#rM7l4QkRJkDb7eLarl!d6M*UgOUa|I*X5xKQ42a}#*` z$G@LcZ0F4lj@P!xkJi;w5!A$MYrKxn2$bdm)zS~-i&FVInWoB!o#*M{9%O|sXvuD( zzp}2)jaNHTVFD5+LB;NVHMv!euU_A8?1Nb#eEnA{O11;RGdmCg^-vU>K@lBmuzID?4gQNva{T3zX zw>sAd>cNdlmlzNFzD~d(6!%JhkL&v#$Xy#XmjdVA~kBtGMk75wDPo)+Uh_xbC{WHIoTh$~A0};6$lBj=Np{W%H?FacB^qUoydT@2 z7BKlUR-T;6qjk^uoLsd@-D0V=TPG@Fy5bQ#?)1mDy-$nRJ^!LT>h9k}Ve~fMXN-m4 zt`=zqtYr*7SOu1iLQXGRO*q&(eH59?F`dp+yJUVE)xQN*yme^_U{h)g{%O0PI?nBI6e2z87&0aAwm2Hsvl)r&rRsuLv zo_lgO8?pVVP@*4yc>TKG@<*mPJ~5*gi=f8qAjArK>oXUOt|ws%-cZf+CE<2cy096w zL*oOju6QquCaBagx23kXM?i^N9|3EQ=B)z86kw7lc%?$S8Uy;=lj% ze_DVYIV>$Y-+t`K#A^G3?%Ro&4(CM7_{M2I$Cs(YET#da_JJhP-tVPe$!A+iikpc+ zm0MPexwTsoPsANgRpgSTb)S9Vd$UlXhuHn+T07&72Q$!_(wd8v_}tr|KM(iuUH{cq zh;VnW3O4^yF@NVkIScNM(K09juu$g)wGFMA(LBBQb!61tHeGrBL2<8uVwT%Y*~2qL zg*2n)mC}%*b+h_iQSyFz8D#mitKy5(v$XOR1gU}`VQuEaqP@`LR*H`e^*^K-z+}WmaX~1QvGHamI1?pG zy?6(=Yl-*wSMcZsi2t~69=_)fPbw!tiWWJG^v$dMiLr#&ze~m4P<5krkyE{YaNNYg z^?vN=e0x{_N{Pa-z4&TCR7Iv2tj4hmufFlSY`Gp_>hvdPajOy5UHPz~pGgV2~Q!^!iyTi8$WZ zuU{jz{MUc5<94Ei3&6e`w$byZ<;N=k@gIIMV2Q{7ABfMj;>;+QrJ0J~ zzWLw=v(C@}%x0!I4ctfAk+y)|9uL4(W(G;wovmHnWwz3{|DS6Za#SaJ)iQ-~vDXc~##gl`Hw0J2^>PsL?dPL*3un?y6|>)W&9!mA zth&AlX!dSCd#!u;a`@W}7AS_NGq z{bU>_gdT7NQ7}pUypVpKalFl{c<%Y3)MmkuK^*Dif7yGH>UZCZU&A#sLdQ07NzC^V zmUpDV$YOo0xqObXz-7ztBe08Ov;Q5)XHer5dr5HAe|kXYe@$8Z0z9Qi91bwKiP=;& z6r|bV6%;GbiQO#WP0uYrQT_RgjVPxYiiA`7@#Di({Pq~ z6u5yY2(RpS5282@JL#Jx{f<4mnLO}h5Iu4T-gdO->?29Q&OpE55&JiANEl=4@< z+D?#!ZeUC^9Lpf?n9oBgLQH8sTJc(1Pw4vfOb(q$cJe-&3&sn}^FO+Ek_L1patQUo z6j87AR7pSW$!a?qnW*3KH}n3KTgdqer#Du*)_rS4Am{8`no2WRfy9{J46#S9VeQBm z(zp+l_R|GVMC&h)rrzd_PQCZmQTN^9CJ^sfO|8ty&RB)*6Nhg-&|m~ z-W^_ZXa_ca=kqsG|vBqtxz^h*y`!Az}tZB$D`tvui=0OJ|4mBYoFqksg zujkv8t+op&-sZLa?~kb96^s{f8Z^(+e-0Q^_bI*keED%Ddr!$LIC(l$l?;|4a9YH(sAy<0#$pWbH=6LUIcWo1>MJRf8Uim&oje|AO*a*r4D-g{L%YoFqW zRaII5)%R6@Z6^C>Dt#-@u4P|>t7iS9MYo(RkgShnz1x~?GC(bWs**n7G0I0k!F*Uy znIhpF4_?URbI#|Skwzx&8; ze5i%7bjvMS%%0;(1TD>(M+ce2NfAqa{@TBBlLT->hQLlMF8R$s6Yx|?03MHhS{ky; zXjeV<;Pu4X*Ws0Chv+`zFrj!#d-Xr;CtS&*mr^ws~Y-aAx(j5q;#V`JMC zYJoaAo(oC<_5uClCPDnbnNJ)GJlVxdrOpQ>=AHttLsB)3RQM=jA2_m5O@rUiX8#Ot9Y463Tec=A~6qGM40r$x`z+9!sXT37^p2w?qU;iA*A}_~=rGIK|=6O8h zmGa~{E44|7u<5}4RxSCa&_!itpU3HbJCc>~=h3IdE-=DM(aWiudrZBm9MRwhJXvg6 z;D5gj;IrixVU7EJydqB1aJ!Mr;NU4xq17k-w=p*Jb)6RQ+=~HS4jA*uZD_*8xZ!dx zSX92(_0{FeS|=k=FcXbT?Ek`RlfJi{V3G{{nkM45qUOf74P1#VH%_-IhnGqkc0{h5*K<=MBUVb%+*g2!&qEVwx0Oh{F+hXm zfZ~AtUpgiXHrq|dv#|*#fqKkA7f7FlkDQhu7!~n9agp>tDU&%{%T~&^FKrTkvh7M6 z+ng@#rS7>i%{>=*UOdVuk$_8e$6lVCl_dIa%e67k{a8(Q$fnEH4livQeeYzsbz@aj z@4fdmAGn0VD(uEMvU#0?t}ag5MMPeL&NUBM{C9&5J$}9Z0n}rQ1r71QjIaM-SYFVe z*6GXnPQx(YfAl7)i=atOKMIPgHnSE!&c>}Jpq6cvTrW#S%gD}g+?5|&Q zK(7uF%O1)~#K9qKg?Zce-!GlzSPi*7xQ6Zp84Ruox>=fc$GBvLu>?-o?ik9f552`H z2EXOF!sUF|_jt!~MeZIopSbsdW}`P!R3g!!WN2?pL*8++&oEo)Z&GdKx4imjAR%#! z-sb!#8a5ifOLHb_)kiIABU2r8xHc+c)()&(CWj5n4pM4m5Tb7L!2OiAWO)!LVgk%) ze{t>Xo3oc?rjN!nXh*oYZ}da_hdVFeAdlUocX`ds4I>yH@g>2C7cGEW6mn@7?4jY+ zHr$J#oS47cN|R6rj48VvXTYF-9TH~6_ueDms&kot8%#Dm3EFuj`Z>2;dajR`Wm`0}9&s0-|C2r=&+PE?O z+lyc!gyQ^14OS*wq3uRe-(UzeoHX+?L`SA z`gNhdAPk80$uQvObeBxeu<>*yC0D(hVE0xLu!G?qDD92qOz~-7SnQ%Ri39hNM9F;C zzYuA^Mq$FMl^Z$wwu^3Cf!Avo7;e0TgulGR5rl_J#u{#O?ZR0!G8utNj~^$7 zssSO};GDnU6|kShkCd&>_)7u-w=*GBd#c#v-;yP9ULdcx&jf+hSdadxqn-$>z9Es=|!!?MST^g7tE z@r}A6|CRhSAnX&`$toscJqK^jHz436YUlYNiO+nrGh?3~#j679%%YLMY#CkRrakN5 zvOB@i5AbZw&2U0|-^e@3vXUg?qSxLRer(v-aWiyZUAU|L=z25}=jS{cSGjKg!qG^b zmH=|!!c5iBFjcPz(zF)(KH6)|=LZTpBplcSV|g z;dxC;sx|AqNH(UC>Y*`=3|;K(#-+D$f|P~y*S)jQ_&(?Nx5;`4_jd>kp+$S^+n)ZpmX$mbaV3|g+G(2`qA0no3&%x}T z0#{dQ%M}k$1&XlXj#UvwLAl4<=@;GAQ^dE!qmmE|i^B?`?GrdQ;+7pVZie#{Gv3(G zxLt_+!DjQUv0su$51sj7(#{tT*ly8(YZ`c-YD#>aJ6PhPc7jJjKiQE&ZJH*O)w$9v z4Y!`}QRo^nYo;Uo1VPJI&r!iDH4{Z`&`HiULdWY79)Gv*|7j0+$#^YuiFyfF{|$<& znsnzUI!0(qM>IW$du~_YX55y_y#Yj9s&EdDxbZr8Gm5b#Q#Fpu4E8e)ju~=MBV|J~ zj`Z?cv(hU6YA<)w#v{Q1gU*HK?V729%{Qj+bf!bJu!i65IZIMJ0vMhw@Z_gxl7Kum zE&8JeM@iC=ruVObLKiuVk*a#be*|d`P;@X=3O`OBwdM*#x_fSE$bGCi4llg^BBf;} zVCOrxNcqiop|57i8~^<_*q^Y7PFh*uI(RlC`5?qY!x07_AC+srHS$@A1{LpZOMGqJ zrl?IdOG&Bz==4Upd4RHJEFD-y!52Rsp(-0z>)Oj3_8|8^`gGeZI}?|w!lOlDoZ>C~ zFsiGz)I41{$E$Zjuql=^3dHw*ZL>LF%GgL%^&$^*w>c)*K|pZI&@oe}%N+$i-B&)z z66x5)0h$nf${mGg^02@&j3~sr-8He6`et#~v-I%4zBvt+PLm31KyL9_^TVb;2`-WL z`US7J7tf#)okyOVzXv-_?hqus(#6Xna@cD3;PCvxfJO>BCgKPPkh8J&%9e0r0HXmn z$fU2mlXrUp8i-t*t`-HhRrr<=;vGCJgc@;IlU3l$_zW#NSoZ9h{|?yZoDJn!DO}W? z8X!Kak;JXS+om0N1G?;*uFf{e-2Hwqti~Q;bzS)#Teq#s7k1pbd+I5r9&r(1*CzwP zfwgnj^cz30LK2gL2BV7I?p57bzIHd|vaC5vczhM~y)CT&vjy{@8q_Q)2hUr z4WA`FXZwf$!pJ_?ZAIpB!mVL?tRjMq{2MU8!dJE?c`m66pbFA3^}?G~`-mwb_N|YI zNz*#!7E$xZsO+>zMp#Ddeq`e=csvh(Qt_?- zId`yy@!-N+JxovieCwSZy1kDOT&Md^e7ik@`U|&ZmnHElPT0vZaY~MSH&*Q%(>Z1n z6$V7h^JSt<+Dp)^F>kYbIAp}7_U^Lek(}U)$X3TXFu>op@`uuEB0eP=p@QjOrW$NO z4ttJC{V6HbGJ>Z7`<6I#()5cGE_hsL(D$)wU2Z-A02HoScI zu>L?)&jFHuNc5k_?=MK)*^w`Jq!Dz@>SkKBBO6=(2a*=U@P+$h%!bNW!zbmo<_{A1 z>wY^(bl#)rm_%40{d+-lqEWRx%#Mxl@<-xt5 zv+~%_7rt<9rH5n*J7U*<9vgPa3F|&Dq~vaM$l8bYhs||AeHGcGb&Sb)^+cNBAz`eO zSVw4=LhQ$c<*7LfcAc6NoAd^1P7M%lYfUOW{q6GU?{Qb(S%!IzMp{nBW`whJsD;UY ziQ*pKB$!@1vLS(aNN3XiUD}Cq;XIXJ9l884sfJU`sqe}Gx$*S+6#j)wCLHuQPPasDNF{36yUcE|G2 z5&V)>QPYQ7xz~Y197m}+D@<7=b@hB4whzoCLY8Cl+p2Rc1G8yJ1Zl;0Ry<#BtM*RY zWOW|D-#j)p-(I!1#rpExXV9gm=pIS&AN7}qOoTk#s?(YRt^){+YF$HTZuJ$V`%c7^L; zh$S925gB|&1gp)U;kFU%?wtx)2-3TB7t$s+rupk~Y(&YeD$&)Gr&!rn{6v(bg;(zK zp3>dtb$lJkA*!X5^A)=Xw(FAeFV&kqiI-2`Z>@NK`_$r@EIYMuoASFa(( zJ`WJq_=dKrmhJZ%p^vU>_~7=dgCyjQQS(Q+bRaA9ANAQd7mSk%{ddD}G=!muF@6w| z$qz3W=8udsC>`WWD-7#RB0-8+y{;;nx&0s^dts@(LN8LwFCgnAML;RMvFhQ=*%{aa zJXf2~-;b?73H<6{a~@Lb{^Y15riQ*^IkjT(tqB-r!oEINzL_bUcamGSPBB`=T(186oKSeM!xli7A%58aE{}t4fHPxAGMuQCs3aPdD=NR3QI z*}z1{yc$MK6$(gaUCNQg?G6hHkV&D#)c`Rp{1Zh1Yd!*Xe#E6i=$ ze8cLV_Q_!S9_650iJc#C*7ZE)BZoI{o(=3TOufKilh+Y6yek*O{z$j0?Ar?wAFH_f zyir^;d=!afm)fF!w4Y$#p^s|{q1&~efqBk(NAA5@`JyL&(dkxc?@Yw$^ z0ctV#eg5N-(L6jR=qKB(I6w(Z(vCna^X!Il{$ZQjD0mNwS+wShb8<|63dHZ9U)>+8 zUS@aI@fSJo3~wk4H@S}da!z3UxjyYd&fdF^7~EqMYVPBi)Gh?8)o;wG$nM}t%-bf+ z!czLGK;KFH?H|o={AC4O=-5@8!{h&QT1$+4^gEk9*lT^GDCzlpPyoRp+@U$EWga@d2S^5 zEFxUb(!G)p7ZbO=Sedd*vl;HU;m4eC^2P%lo4g!+@Xr)wu^{$m0>i?eRf>}DPNDZ6 z_g)>*5or!vQsD@5%?$ehibvuYlDy^LF{3Ta&DmF@C{oC7<2KZOo@Gk^G+poNyXEl) zd(!y_UZ3CpBxzDyLI0H+44rM!>0o+p7F4t)&1`@59Ez5oz5U=hM;ETcp9P((uXs{^ zzsX|*|1Bsod2U5~c_wHqGG02z@Ia97<7ah^5S5w_-pbzBd%8YB_L2UwQYkQbDx3dJ zowi&>iN=um3!Y2q*F+5q_+&JJJV(u2+`6gb?mnFcbIbYnwu=`FF1QT_g@uI(T+jA$8^&k)%e5-HC#or~~9p!3h?Bf;{8ZI51`ng)B7pr^SM;+Xo}KdO#1&CMnt z$rp}q6Yz)v(<6sGO4)C()3dhWPU%BA6|>L1-cy-LQ+H# z)?3a>Q1c`-jf=8%c=})fJG3dfW#(1ojjgMJ|uwBEP>cU@HJ z@WTg}*zftuQ+Za1T5VU4t44I&Q+`+_QIxJ8DpuFrpr|3DU!@LL?_O#L2TBS{4xc@= zFZy}cLxuLZkEgn?D@>`3d;79@w8HwSI4*W5e>!#kq@k&tL*45j(Se+D=ATWYC>hN8 zQdaH@;}CN6B5A2xfNt=8eQk53=ky{e=5Y0=4>APwnqXIgyc$nj?8Me}P|d&m?;lf?~uo<(9d*9m+d^V4^QeOb5o`hr^rs(G)|G~4Q=Go{!r~Bpygy!jdh6I8Lc}r7D`~5@8{1^s6LXJ)oi^FKah+l;-XZf4@{`70WKpk)R!7YhgymGM7F{uA5+@s!V$B z*g3ZF!?TcqBPA%}OO5FLL5>DRx5^Y!s=C}$*O$t5k1^p7Ghp2Rcr8Dz1DnKEA~eZT zpJnRIhL_DJI>yixq42hdY_;5QK_yGK&gIGHjx#Gy`ch0Dr<|B5@Nj{RPMkjP2d`YQN-*A}uOuMj$<1EvIzZ5+jUBsO>zsh{jz2}h+&S<|yjR7Uu^?fq^Z0F1|+a=Xg z{^`r}97Ko(IeDvOHD~$Wo74`86Dx|RI3E$XF8y{M2wuug;r^vHygR8RB`6UG2n437 z^7zp!(>`8b6m$(MwUFSmEQ4HljQbNM#`<{H*fjCbE>%Ej1~h-_X=7euT+zIRx&_HD zt_t?AGn@my8*c54VO$P#%|`J8MsLU!Gu0u{Hb`3{0zb&(!;cru@Wraoj)yXB<+9bJ zb@;84MZtdgDS=4VcW%%`lq@P04-#evX_;0`=Fd!QhI$}qP}@6h>fyN4J@t`FC_#d< zOqvMl$+o7dk6k#)qY~=N55`5t%Mu|Upf3>lvv#aDbTYY!~i<~aaC?^P%tLA1K5y9MnOclZ#y0WqAMAB1O1klb?TaDGTo zS4Pjq0?(4kl>rh|kCUM~UM-TnwIbArI%3q*Yx17tt^zn&6);e}J@DLXmp! zl-4Fp>sq1#=`7g)S9y`*I`h?cer5;9#Lh&T7aT(g=06g}2Y1c1L4(PO&4~ogG<)1VT(4v*a z@uoYLM?S*yMOQwnlq=nnOC$^Y{j0l)y_q4*Yq^HrPHwqEkN!f0J#Z1*%Goj4#+f&S zNixLTXxIZ6Bctt@&1lJG7U$a%)Ea{P*&7~P-uCf)bJ2FM2HvneG+bk%QS`TDP8?v^ z<9BS;8pMy`o^;y55%^n4e@~x%86Yx6;3IAcK?UnDskbnDgF^%?x`2RmKiM@~+}Jw? z%91GD2K#XV+=0foD-=R%K8sNjkq7;Ds8$AbcFwgIC@J#NRO)RRwuGAr>kcj?eYF_(Qm`z%A&DB6jaS0IjpH;L@lH#Z4^Fp#=;}gf`eAXXyc3=W z;bm32{NalVg_&s(I0+Ro zS{4;$pk{Qzcw)2n?j2d@_ik9WJUN%$xNat-6F%9>C4{zDGeMReZ~bw5qKoHzZv=gg z)M6mPj@6F@PW!A-p`}TPyD_Jk4CD{@a$4N#LO3s30uEoqrc)dzhq4^}xgmN!-?gEA zmzqmJszrgPyTVU&Kp}*GC^;xJa#KVVtvOjG$cFVk+x+{q<+c`^IES`~%@7-|U)85o zDKW2^? zC^G`8JnDaq>AtJkVbqC-2ZLG??}jb*d}^R>CilMm6_PrCfrF%m>7-g-@Zj!H^*u)y>tiv6)FyY;2iIHyegbs%Glf&Ngx()5Z z<9riCG0^7g^QP~w;(6#V| z!$%|ULnVndpUVjC^}(HnTu4WxFb$xnU=IEPp4}=uVr~+&I5O{!gRDykVSqTp3+sHQ z6=6cx_$B#a=g3&(n_w-|BG8HvUk<6+6l~GTIL<)X>4W$Fq!!Qrj1aP*iK~oYzjwRp zT@0S#i&m1$52wrjnWP%iQttp7ntcF|vJyFXk>VN6Alkj=#AKH0iC}o1mSzDt$_ir^ zF{7rQ4BDCyUi7SFHT(3)j~l{khF9X!2=dUllkjDbrmNB0rIe4%-fr9*igk0SeC_?# zqMM?YHX%b2e*m|k1aO_cKR`w*LPF!L;hhDoTHWSA8c2^MYSL^xdy~3ttwugl#smSClv zPxLl^X?A;)Na%a6D;QfX;wmTx#f!psSct<3sF^4uUeJI(G#)$%Puu*U*Zknr^+ZB@xc(^uF^3F+o7iKYs^7QaVC}J1^Bdl*?!O zWrVODcY?1=6!Ishod=~{f;sJ+xrK&4Mvce0O5V> zY`H&SxNh!ehXKxbqQ#ljD&FzpS_QNev|dz_*s0DWgyGisM+xK4>dCO-VIbn=zdEhP zm}z-Bo2GWD3X7Qpz0Rm65q%F2_j2U3n2w}Y2$G>&k-wB#0xa7-Q5NoMZ&K~3+{nih zpAfl4dOOfcLn_+K$K{FtwL@O80;vFhuyN=jBO5~gcI|JFT7uq7tIey(g7vc=ke=C0RrFpu+1KQ=o(HJ_4F$g<9}bV3b^q<$zW9d zb}dSgyp)90I6ie>QH&^@HOebgb{M0*A}7Rzl{xR{N*a6TJGjmyxyxu?&OR)gV4l2+ z7jXP5|D?09ZFotI1XaQY`(6s*18-$XW>?VanZrbnFK<&n(s(EQqWOgVn;|b z`>c5&Xyn7wspczBC&nR;QY`W!RpWuh81?YC07MFZ$Sukr2wmuKCJQ_s5hW4&JiwvE zElSL@nQo+AlASq0JUe!#h*0fL%Vx5~pRrX-1q9u+o3sGnj~Mw#ZRN{04cDZlKGVEi zm9G6GiF<3uz7h_z)6g0e);42pXDw1QA_yQEg+(LS`4<3{MSMccPJR(zsY>Egzp9XApyj7 z!TKENJabuC`uj%nHw((kw$jwI0>8AEhu!{N7LLt01A(;Y`(Sd6LxH(P?7>Pg_Jxi? z0WsSv)bo!Hla{#5DRgNE$SK~W0|$RgEzTs#J5w@upPljiAHjutBU{{8p)By?0Ro90 zd?^qeqq9Se#wvYYCQ@zpbg8D6yOk5j!-JG)-`!|Cmay!q3T3n@M?*CkuRJ<+VhaW( zrIlC@qZ@}V%0q=&*_rDDaE0R;HQ8}*g%#H^4{xh$kn=q9b0zlz(#|&aBlw#X*QjRE z5RNi3vFjY&03N#iKKBDn31_oPxD(`NmD(RaBJK;B%^$RW3R`OA2@E z5Bb1Gn;(dkk-nKr6)}U*+Glvz9-u;A{(TNaI_Rnq6eYtOmQUBe|Iqesxb!SntJCI@@U8Rc2TI*u~_F@g>;Gd9)JGhEUk|DW#<;Ee z;)DsXF(xSrXA)ilo-Z%|EsujH7x~t^zrO*2;?~2W``(<@j`i(GEc#xlTd=ty4|&yp z7v51Qlm$#wT_fA*SHWx1yu#b+P?%dQZtEj;WA*gKD#_+nZ}u*^Kmm=%IH~ z@c?*2bnwA{w$bj>x)sanp8?H`2!UVbZOV>HxMOswncwkiQtn zqF|Etd>Cc{;e-jaU#1!p=+579br9P<0P?6Loz#rB$K)D0ugj!;# ztW3AD;+2j1^`gt2{imYCKIjJXG^>)zEP8}+N%>|lXQbfvQcMg2h=_tk?yOItV}dO} zBb>R9)E_i-;N*=j$~8&hkgg*SKUUz=p-h@N??N;!!AiCZMW0$xyh8di0dKu80!EWC zyunr2TPOm^@`hoypLBKc@+#&l7Rq-1RAL&32;z|w5EE3QRB&>MQNvwI+zE(Ux^fBx zW*p@vlH$nXxIjsOrN=H$Y=VkQhOiRQ;JPC4(swa(0fJM6kaS#;njBnr`zRaMg=0E^ z15u9AIpQNHB!RN>Y8Tm_wV${)3Jc-!;rPHa8rxS-Y*7h7jzj`sHxUkK3&wox{`NQz z%z%nu)$+vpH`Rn>=R362DBrz>u0d}1y284m)D0y+q?R4-qIyfPN2+#r*b^d7`hBs7 ztAXkp9d>x{*GVodLA(9-EprG7mTJ`*+ZvqP zixTzm_*mFAh`Yvxf^rtkH~TQUIfy}YC7Z}ypzjHlGx>}gCpx8r&bMoGnGj+aj>;F| zBY1L)6x(=e+_3OAB3A_CHh$F>kt5^|3B;5NRpE#!zh#S(_8M->&oyeTmc>tmzl2$$ z`o&ffJt1w7`@{G5+;mjDMMsO z2%P5=B~{P$>adXEBv7cmGi^u9_p`0N2=p3r3W5tIFeoeBpHBO1vkD&)zQ;8bN=Z7) zQx~Bk0JNT?!QazBSb)8V{2k8*N}wk?B1gcfajgxEB(8;*Joq%#pd6{uqMlAhtgXVB ze+#Y)9QrYx)zvPM5s_5NPyq?YNlWx9ziyf7+d(5*);sSkjH?Y+=@UzIO4Ea%q$B?} z9p7CYtsh|qpyzPWLk_Dtg}P@NF+NKxhq`a5W}J&0mKyLl{d&#Sv61Pi@M5BS*L{4TO9s2+I=f1Brd zyR;uCQs@?~G2f5RxR?P(_pgHfE%TH6p7TI_C}z5b-I9jOBZ_hZiLx?C#>4_b0QR;m@< z!hr$B`$S!32;*))%q!6a7f5k3#hc@Gw&7*etRLz1`@H4?Y)~9tJJTPfFrep0D>3%z zKv}@DQ<~QFmIVgQpiCuk+k5_>gc(6+?!x0ciUYhpn`<~Lt?EE#t2VIJ9B@9c>5%%| za0FmJMtDx~@2nb^flXJh;d@GSHYs%`jDmx2-|DP(V!lU6)>!P^6;*xuF3&Ry52E}O z8alpLmmi5+deQVNv>ZY^v)*;TQ*33zClCjtA^R`x;~y)5#U&|Bzlem(54{mh`Mv1@ zfsFCjD(O8LPp3dm+24rhBXdJA5$DA%CevXySpxnF8h*< zbr7C~7s1?{FsgzwAaP#&59hx+-x9Dt5I%&OIwUS`I*@jbTE1h9h+q)4PPBn^K_2cr zpv1L>%7?tz-N@LbH2+K#%Ni1_YrA09OJ8o*flsvo!D4-V-vSc`ko4jy0qyvdp9c}~ zvx-Ydx(wipX>8vw!j<*89QMZ{)vLm;aVpa(5VSq3tB2qzk#vjJb)_{sOxkKM>lQAI!Q*7QM?zKtT}k?D+uvxG4&CcCp&C-4CF)L++w(`vNMVQcgtm@_EuPup z2YAfJ0I|)He8j(x`C8yre-{Xl-S>|)gkFFwnc;$TUd+?*XsXFLxjq9!YetA*4xP|$ zh0uM0Yr-V3V^U77!sX?BI3EtWo`0jPB{qZ*(xUm*Vy0*uQ5MEuq*vAOL!gwfr!d9I zHaG4N4M;eGJ7w3UE+1E!s+NL|$~(`=7^CGb^nU)CD*Mms=uPoCV!(%f~2zoBc z+h1qXsnH=LWV@MDS$CcE+4~FPb>p?R*=53(ocLYoT$5!~ho^ZLSrXm44am=ASVonm z6_SP$00~TY*5QNJ zb>P5$vp4M2CgiVJFWSyLPI3?ozrp)!2_pMtKzD$gOCWG-oRB-1mUQYR) zBhL~WlLTi?gX(sSNSKkXp|d4T=FEag@3;gZ`>G;$II*q**Bw5?o*}bU1@Z##`KGH#d(9{loOgD+V%~ z)ns8*nC#v99V4-vAj&z990sHKSYumnId}Q9q7FDGpbm(9X1&RhYd}HQv@F80{t=CQ ze}SbU6$kPW?alq)k>1wE1T;iGt>;9ird&K5X7np1K4l{zoOW~=|G=|%>8MT0Cp*$K z*bUS#sI2ONfBlH-EcU(JTG^$Vukr`J=?#b1SJ?Dmd zYv`QAkt97xE0RV1I2dnerj3btye_dIG_k^;XmY`OU*2goEti`=%tnkMG=FziZ(7uY zC@%&a%j^*qn&+>I0*)0fVOPBCvVi+4woNZ;w!#pP{)J+~#xdMPX2to0n{!O6+{>1= zc&(H57m%U!mili@v2%T^baMa!1gpHuN^g&1VOsd`2BIXU@;t!i_=pyC`9LmPoHKe1%+Ld;ET+mt5pQ;5`|ikJDevm2v| zCHNED$YKV8c)DGvzoMp*tFtBJrz-=b?~@#hHL}EXJlX+?zMj9TpxMNX=49zpdkL>g z9P##mmnu{f@w9Mg6lG$;8iMpxG&2Izc-oo&gTU~4-0hwX7$2k3tuXC(LyewdPNVxk zrQ9zP98n;|>2aBNrczSRC_iV1L-%7pq;ElGboy%G&R-l(75c}Xxpe?q@y5!>W_r|Mq+jUadHSIGB%*AMhr5(wqx&lS-=5`QEomQ#N= z)I+S20S>;Hn;l==sSFW_=V}E~nSzkCAnN80%r%t2MViWT^CGT$<24`#77>UfR4svW zU5eRYnMRep>u5fm$_tIdsz`xZ`O*8GBAD_a2uzHF(B502C!5T2P#9x10cnl;8?ZVk zw55TVgn&al+8v}R^!R`VUx!;f>zJ%H*w4uD2)kJs`y%^M(C8pg!h|F*BmrZLYM*>k zxPw6ewwdDm`wdD66Y{Qzct;>(VYXmjrr9V988DWgg@uuW-OS05GhnXoKxD+);6Nn8 zwctGtzQ|J!aP{^#CgL$HM%uDHZqVu9rQiqq+82%o8#=I4oXuc_B3tetkDQh`io^O> zuCbC}2Fo|?8IqcmE!~4Ye2F&(|M~~gNXu+rc0R#{#BLDyZ diff --git a/copy-of-sdk-docs/docs/learn/advanced/baseapp_state.png b/copy-of-sdk-docs/docs/learn/advanced/baseapp_state.png deleted file mode 100644 index 5cf54fdb4afa95f4d57ffd6479b2aede91d5b10d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 338941 zcmYhjNzU_3vmN*s3>bwA*ki-+us*;w@DKLQkd4^)Jvq4`DRyGtH#_h`JgueFKD-Mj z-|reQ9!ZZxkx4Q$GUCLEllt$LA^wMd`Op9IkAM8*KgbgA{No@0?l18CAOH8i2V2(v zM-sum|7&$b_8|Nme9=Rf}4fBa9|C))a}Y`Wqff1%vp@BTuddR(`^Q2s9jNvG+b z-zKe=v|s-@6dTwCzVF9xQ#Qr-?|l#mLH`>B|2Gu!VC*lHfeG+}6aOSBDEWK;v?_*w zYY_h@1RD6SdYU)GHm>zwC<{Kz!&Y?QKiCXjO&7dG;0Z(j3giDu{=eWYGfiC)7Ma?B zYY=dh{3l9)&Hq)EJYD+>;lTT@X$$aAEb?}I58>)%?7gDQ9N#+}moE*|KpAIHP%g z&W3(S>5o-buZmgNY2z0NpFZM%p03!2Hmv!EmjY4aO>!0resKv7yoDCkXgnGW(;a&lV1 zH#f>4L_r@k_`(ox^(Zmioh{!2y(VZ$X}&v=uHI_YSK4IoK>$ziKoa%v;$flhThPJ5 zOerq33C37J&kP-�DEBy3G%(EP#m!cyW~)nTBt}?{jxWD`;@=?yy582=}#wS|={w z4d4kL5!vz9_M<5id?3m9N{;r&lzahBC_E`I&`ur}I9WkTlOMB)Dy%p{>|DdhWH=e7f4)%SznAgn+t9)IQX|TQIkDhtZ@GC0Hu6S(Tp6Xj-y@$K%xB?| zlOYEGxk!9yQpV)NgR_zKwv#e{m>@j}Kl0GU8Wb*-gHvS8~6?|Y@i`}gpRxD=Y$rB6!YoI^yh0PD(wdFm9W?_@KJ{l@tACF;oCxXPphj5fRR>-KQlXlu{KgOO$vOowGk zVm^+aV8p%-z-ey_dzu;O~@$HN9 z7!i%)rP9JEXR#6iee_c$4b7NWh_2ABlMbR_G>jKl<{=7YIomC>d~M#jiq-RNFfa@~ zKqs^K#|M`@?BVyl-KRW5IBvts+x*0A%*_F(drv8Q$OlW9Ah<3_yWCYL+~%N(9PzSj zAI_@X-G_*f(;+2hoj+ng^_TeCb0XUEJ3vf_q~HVxuG{+=uJS$37ZJgzE7soj(K!`^ zG&R7fbvhm_m-V+wJY?_<{?#*4d2(l1_CjS`?^+UJT>kLfzS9#$7 z-PHpwTMLDXrFg`0P;QsMz9X{pj-hs)TP2^->?Z`wa&{xWU7v}8XyMO#={;t&3QET& zYL+wZW;doTbkE1S_e>|bd%4y{0do@yO-d8&7x7PG^5C<;^W+6Z$x*pajVXMEncwN< z9hzSzEp7yA@}`Iu%KWlSNXhWr>Dtfd__i)*8kMJK{0h4dRfBq$4jG0KgHY2F$0P(} zOKwkwB;RTN#GZO_E4!aUOctNlKL#1+JBSnqQ_g~LAh6D(5XHhe6Nw>IxY-k*CU;Ga zkT$n0@cx2YR;pxydCO94b&BDcTnN(a_tvPO^G4Zac51FqDhkmD;Y>>lKO#X!7;c8EnL88SUtHQT-iY<8HGz{1u=f=kv$`9siq!Q{N$^8;{N`fllOV(6Fj~o^MR`PcPwu zFZVsdV}*8<>FGK(sm}$j*UMzB<4=|DCurICy6euK=w}E(BSG#*t}p-|qvWyi969eE zp$k26$VuwS+_Jq!tanFh{o)@jPdhC5glzDwx|mpt!TWjsYc!5j5F2iOe#oS1+Sabj z?v#VWN!4sXT~zs$%WFTVhWH;uHfN(_x7$TDVZ}f9V9T7Q=ymTb>n5Xf;(l1-{^&&r z(m2|b7<2HI^`FvUKs(WScEkt6Zg%is8#rWWckUNW3PT}m;b0b5ChdNaj}#UTbDbng zO9aqyIZI?5oC(LJ79=g7wrhx+ZI?~sa-yIE5$SBAp_XPzAj|7H}WYg zkNM^|wh{P5NO{XDo2_v2u6*kW*;^D76nFc#B^nq9-dfy!Fie%GWG;)8r03IG2Uxff z6_x%d4BCV6yk1)oidg%_MfU0P8Oy40?hFew1HP!gzlSSi)A_a^utkSH-QF8MW|j*d zjZ;4uTr?ih&<)f&lCPHIs7bO;XD#mMYnt#tsUK){Doq%mG+^rc66KCKDiRpw}Wb{u0gm#Jtt=}64E zp5@I!DT?14b0~oJ*^I8K+dTxwt`NCfW=mDnZqp~E>baY5m}bQ* zkZdnXav94OyHBB2wTJ0MDLzfa_jctx|*?Z^Vw|j8Guo_#@Ni!#kc&wM|bsem=9v{ z#_}1Z9jyfdg)7cYJ|6S=?a%jFJzH=D5OD@hI#9mCxXCLHo>J2f5`Qh@ahnDbUES^k zQld(}XNtK+HKqZMnbqLvb(;fX%+c!o)Lb|9gUvZ5%fQXB=r;7MBY5FTZXk*C*q+6R zcD6_8c6qfsb@5w(fbwcmZEUBe#%cDC;*Yt73 zH2ZimC)NEyhJr1-_}#ZD)&0OPVmmT62_OQx4XDr;zU=u_q3^O%a-ZR`-+_2_o}C|D zxCp85C!6%}n{NSTEY{(>qOOJMyma#huoSjXDOGL>Z&vOCwj$S5dXG}JYt5coo>z6; z^rd$j>*;S*fzoA*x+j(Zikwcr4``ie)6V~3s_UM^Xt8EJcNrMSIJ%H1wW7l|H_`}6Ha5PX1uI$V#b-}N3b78x9H?rcL)0vXDBg@ zB^aFlbleHJh>KzPNpXetV97*b9fE*)vr{odbjF1c!^ar?j*@9yKZ{rloSv;TBLo#Q zP16z@n18xH;#_f$W51Wru5}4c&s<`LK4v)WMS??;IHHnsmcEaZXwlQ_t(34Nyl&8C zN=Y{_R#j+KM<9p+$qpMqN6K1M*#<}Tb<(; zJ5;bUeC`$U7@okzo7L;xx(VEG_H2-dDfBXgd1H!O?$m)`Z`L{Rh7d1at@d^yXoqMr zsceX9d6NBDy#rMOzx;Ym8_YcC?OxF~00IEL3|?e9;J(+2v5VSBrHD5Q;_&yrow(X? z7ztL@3eCm;JuDMr4bq6jSVi({Fq zQbE@IdNXsl0kTWGJ`qIfG(@hc{IOrSieVbadf6zyb}7e`M?*+LOyB#rM0ouVo{2MR?vA65Q!5Pbf=b5xY5<6)< zp3L<`;JRnK$v5~Rr1+*mI9MvKFITnw2Zb!*rzXr{_xzNk zRDihH+Wba-B}O)A@CW1W_WeZ_G6+uEAOt*R#Z9Dq`A!}QHtoG*l2jDb26b1XoShHxzR1lIVkD zW;_eUa}H&A!N^7ARHGf-M*HIDI8dzEwCXs|uUc76VD@YgF!p?X-dWj%gmgUX3f^|S z!?&9MR9=>TlL4liC`4XIGnk$Dr3T+o{Aci|Vh7utcT5z{%Y14F^Vio0UKi=@ov$z7 z<9RN?GOWmD-Szndc`NQZHr}D)C}2`5u=FQZ{oM4T1ml_=M!1fKoyGd6d4S}TI2feZ z!kz?v*ieq0Qov90%X`bemf{{s*QtY%Dwab$m!Ek<9Am{iH4;F$$JQb5*VFTC>KR1B zpdE9P+g5Y{lA(8f2!X?FE~2y&a1TPsRU^C;xrh}S`OY@fVL=ir4O;t7SI@V~`Ow8M zu$|AFpDk-LOP-27;B}phVtHOnp~I+=q0a@OjO~cP?dsA$CsSl;ilEx&@8J z8r4V#sTl}V9FsYg5cx2<$0X3leBoR8^dK)AF2nWe4goMt{Z&vbAMBXY6m-v*-PV-D zzr#h!RA0B;6fIUf!$^5J&56#N44al*pe*h?t3Fi_k$NGoz+&Ccfar{dEyA94JK((= zdD{fR7!lj0AumrT0*Ltnx>}%SnU6Y@;eLMCiQ}Yjp+X<`F&z7joe^_L`&52MRm|x1;1&cO%z9Z%Q9v zqu~IOL=5K82>&2%`0J}N@Iyia@p%1G(g+xq@AIJ(clo{auNQ4-P!KWl11bDROp=LX zjn?#8L?zAF5~ZS8Q5wcn0m`Z)rt@)8=1~LeYw7O$z4%@Y z?Mkb~-XJZ}to7$uErVUIP)Y}_AN$@8k{uo;bqq4_PUV1U|MOcoDGb%D%~V z=?TL#g&EsWEl!_FfVD99_bpk#7362)*5{8}**EI`)EJdnqOSQ^O^kXeS|{8vR3u~U zEAFKW*wT3yD8Os_=>U`kwdQr@xbOr%0TU-l;)(bmGDwz% zZ!0YX%MU(@l0|eh1L?G~&}Br_TgD`@%5MSbdw?&W_WYQJ?ZA|s9EbJgoWB0DeB&fv zUyw%-hXiOJg65mSo3}RQ=j$!t7CsRJn|dfwopF&y zqCc176IrVZd^(g!%Hh8*7#4&Uz4TVm9uIV9=CRTrcIvwsH^6#AxhSM;9~l%4@gTKP zT~5T78Ca(uHK(H&lf#|F?4Is;S5|U4C~%8FdtjR&iK2pNw97} zFbFlP{=SV|Y&3-q2%m`c5+=#WS(3OSw?j9$qe_|@eq)^LzM7wOFaX0x@)l7p>y^S_NCm*B!5fq%}a_Ypfuv(D73FGcU` z_BJ6iJYO(zEteVoqt&VOu_jDN=A=J+xaPZfu%J$(%_G%|p9E`CRZi=Gbzgb{CA7yh zp@4z=%xzr9kQQoFHRi2Ug$$GlmG8f37yA$vzsq6W%jJAV*=?P5cfZddcpRQ`2@PxYGk=8UB}_rDH^Eu#3Mwu^y9;QpO3K zXwfaHfKBQLW~?Nl5i|6g)peS(97$mG9hJF!S?hdsoVeUh#qPiov z)Fth8pk36NHt|_gS+;{~9f~{zES7+!3=hZeEs7^%?&%9bHKuGc_;seU<2PYx3sEOE zmplVrj{pp(FweIU+gm`>{0NC(0}?4D7u8_2A%M|@wmIsq2UtoT?Z>8RV1@-qy}A~2 z0Xd+3dR5+46J~xWC_OQN{9g8|wOjyARR)RG6Ql#66^t718}_tCguR*$V!*vv*Nguf z5Sh|?`KW&Ee4mXWa`K@>#?g1`_MfIE!IiU;F#}wLwf?DCAjwryU|E6*om|5fs8pf) zuX&tPT7M+XLJU&1k~xj7`0>x)g27CR&n7!xvO{oE&ZNPr^af z>!`^$DfW!_RmHeq2_OXI21-K!uo`(s09Ph=#Gi{S?akhCR-~;JH=6fQr~j$UsM&Fg zt({EDP430WebmCtLYW`1F$*Ud`XGH;E|^hB6{f0pSJ}nuHHoB<}GC% z8M1pCMqGuq-zw&cb?3NzHkU zqdy4lIj$#PS2N~O_mO`Uw*6*CuRC^MS|Kc^40yCoi(6#&Sx>ks7C(xI`C1OB35b{5 zi(y*Coe!hKG45eb-v>pyuaniC$A;8L3Q%6Xsf~+5i+UWGi?>6RQfNx>IUSqEHL3C^ z71r;v7=^CyY0l8_jdMTJgQnkS{5pfocgU}PEsr;TVH#ijNA#|*VT!O8(X)VR(0q}D z7Bb4?ylE)(BLWqbaTid^@bT#>X-Ya~yimSJm06vLUuX@qBCi+oR@RB2Rg_YS%Mjsz z*f}d-*pR9hq5gCRbx1j+eqY#(qV(jgi{4qiVcFw#Yevu1U(s*NZ}F(8Q38e*kPdZW zT&qnpp|F7wNcrXiTxl9i2vhxrr!@)&<}s_%n$Yp%5_kx@T!#=TH+Lu*_p`RjKu?>l zjjFSJ-XzT9x93;Xr2fQ$$J=y@Wl6kmWTpi^j+S56VOAPMQ^|K-C3>x&M@J``Bi?Lq zEPahx+ESl5#A@oM2m>UuRt^dhY2W0C!|A7gu3W*!^}K&B;+7A-2fW*mGP&vt{0ZC{ z^wMnzt0Jr2o{uu{;ufirSO6p*9#kYeVGCi*13&PyM%^p6e8M|xs67j-jKu?O>fXRYL3D)k|_#7lta5iUk|SATrv5h9c6Vs81rIjzj2yj zRwE%ewl5e#ddI!e246(dh82jbjvRuCQeU%+XG3I|Qv`tSz%If^&6qg_xY@4fthHNb>Qf06^{VtvEDaNSy% z@^pgdjJ6hSWV>5QOkg~Yb&m!uQ@VgOX-rL#ccV9c(XWPth&9mtWb_gCdI1 zuUxCdQkE5he+=zP1v5<&XXt6|a0wsu6s!Rl{0;0;khQcFL6|?vGAlKtcS}i#w@;<3 zGnJwsNG?j~mhkrC-QwFrG#f&Z$8wA0K0%9#{@S_hb{fI;2KigUpxr{ZMSRBM9>!ofsuFD&|rSO zsHUa%IXMRvIl@A6L3}BWUP=fS^!M_jUVyVi~XkN?u?CdTLd$ z3x?q$duy(5IvguG-wxB4Qw(wPD54J?R31#}jq`Qr*~dWGjKx_Ov!Trv=i$morF@ay z#4_mb4NSs_1(YjN%Gn9~I)P$u)hx(&H+6Q#(le)@G0#E3XLDDQ7q!-#Ms~IDkh78n z2n7lsi=H7Dw7#X6(cv@Y0YytHG;V4R{H^W_^D3hqF*u?`xL!!6;wxiGBWwIx{z{#w zv#XyDF<1sKfQQAp^|OB&ofqJYYLa{(l2Ue_J}H?sv9q(oZ=-{$18VQ@Y`BpiaV-s` z7i@V}T=CiwZAk6e_QmJmcWrr@gF&|9cb8nz*%llrSite|h_PtictDvxyns1lQ>oRG_I6Lq z!mpPzYOCNDQV+fc@?7yZuV;A;M}gH`!6!R180aQI4$9{FU82Kq<=&U^;Nf$`ufsg* zT;2Sm`_x)c*B^(<>LP~)Z)($H7GOeWx9uq7sk35bieDoExdl7+T%haB!qtG+? zbgreJ4mVxd_oQ@mIqWmiA*i%UP;?+koxiOMIgo$t4@^qt+lF zpl`@22D)TDS7qp|ZFJKVq*H{Fj<{yh!TcY`LQSKH^e-M*3%Hymcqab^2b=g~I3NV- z-(g#znh;T9X@~>S4QHD~)+Az^&-C%hQGLRj<1N~=Tw!NA`C9;iER>0oabMaL_NC6R zqYT>-1!{`;$xuqCt&jgT3>-N66IOTZH4LNFDg}`0kvVsa&<@U#*H!ddvRe1{mAuw! z4&J!+^FYI;OC^*$AwYLDbWfSgXI(qX*d&;| z18+ez%^YIHOepdfY^wJ{Rs`ww&0Py#G^oY5a$4*?tMYDHoqrE|<7&|W2!POTHCf9< zb(G+zFz2uaYlG^jL`U+EYB>H--!U~9q;E-td{V@8r6R{>$Uw^5y0r`_42|o2MnD zEkGF)LS0`f#sW6|>;wd%UJV(PB%b$+jzv{fh&CE~ihZSkX zo$(b_APIaJE7tlVlI`Lcib^74w&-j?^a46v{4HMnH5Zw4W?%W^+n@LpcN z(7$8{mc#~Dj~5Z(;=WL&Fz>h>CBx&@egab$vb(e1G760F*vowpgwZe}YN6I=#zQP@ z!jD$BhYe(`rUw`gA&~Pq^NiQu9Y8R5!-G)&+7slQySBZafKx zkOAxcd5IOoNqla((r@lv{cSA+F1#{8Hv4@E+)bH5 zS(8l2CNCO-q&@>6p{_tX79~hf3UoXIuc-%Nc z#I_%-;86OUxGM>qPRC#@N`h|OiuT3k?E1z4EmR{Dk%$?Q`z-0o!Rwv6}l#734d1+IY9XlhI zsLhGRuawcxJ2M}JdgE(OY-d|?cgOz@U+C)-)B&yYMR#vPvuaRQuN&JOqRgRm_h#(^ zVmjN4!*+>=`S@l*q5E*WcJtmk4%kkqR?h=ZBW&*IH`jDW$e4Wj78L2g#s_dNkn%PT z9-+xlrDO2Ncmn0<2*mI6M7Akvxgf6x@edka&!bL9(Xr|q)5+JI-+NS?L#EDtTQ)b- ztf8{qPZa32^X?@89k*?_XXKVIKmu-hb3MFTvWvz&!cjM%ed>)OFWzpnVNzZ7=xeh+ z_Zyo>9&1+~e>r=f`;H@L`9XiA>-p(X36h?zFKjrOTW*?U^HoCDpFX7-IRu4~Wcv)C z0#j?*dtE2A$R!r+z(yACDZ6pV!F*!z`9{j5{*_vmrhIIr>>ok02#qLl9#bV`1v(Hg zT*5Cx%&E9)*Vkd$rD!2Gf+x{W^Qr)EWge_j|F7`w+?auWAElS$E0B6gLBIgyol?7JKx=U1zN5T zr0b}4uveiQ&83xYOP`7cQRFbiy3GukxRWT)#?NL=ji^yu#fHug$v2jYfp>5Tnr-0O;caAfP^e_WQlmnD- zsW)37&VXh?oi`Qm>5q!ZzJ8qf5WhvpG#N!7d)IG{^r(ss=Qg&qYqDb0{UkA%9??ht zz&f+9NKQPBI!NbNotf8#PXyWAkRZVGp5d?QDEB9Wel5XvAjLeF?@?3zxVVa#wzMx2 zY=t0br+89hGMy%WCQvt!JIDEfDWdn?v+@jB?(iHyX9q~d7gxkAY9c$`WFm5dkD%cE z&g*6Aul7xPcn#Lpx)<{3n-d>W{pQEk^8+*V@hlb^4Qdd@&>!w9PZjkOH{kZcQ97t| zINXAekm1xo-<@U=Xj`(YN9NM=+Ye607)iKYg~&HE7Z=9))7lC3bbg9w!Tkex_D+cy z0%HM{9ww7~Fp(n@3y>b3W(1=85&}uW&ZOnbj;_kmlvTku;N%~77$1;K-1A7TfHk~y zpocrWj=2p{0t-4iZF{Ug?(ZNJ*}_O53LCzg?4b?u;tr_FiM}cYz+eju%wUb1oaxI1 znZ*M#<5>GJEd<004JyWbE!4meSOw_8=aplkjgE@b2O%D8G%*C!)S4(WYSd$tA&XRR zQI;-(qc(j$xGhGSJ=vHBN?BSr?gkD@(4rs3JD$?g7s4y^EXTeNkB0urJ!f(%uN_S1 zNsLoq)Q?1LT@^VJoJ#8DM4wfcUn*BAqan>ZcL(cVTs;pLS$OOhc`FZE_7aH`sJSQb zaIe$pYFh2rWtW`W2WW$;onY{bN0kZz%z`pSMX9p8xPt7PoD5Hx8R4;B>$PO64B$}s z$S2@ezy&J!ha-aooc3PxR{&a4ofW_H zEMLp>ea1{*m7J(9 zR#zQn1%|r^-sT(VUw}{=v@mrYE)8bfwf+Y108#P!V33;KM&WgIl^ofot0oW~b;0Xm z8`pXcc}XG*uA zH_8TtohvROB<=ims%B36K(R^}Ch0qQtTz>^Db&`#5iCG#$Ipg1uzB$9J{;wJz4SNR zfcF#j0^-pONIH@;<{D}=ep3!MXKtqOK$pWx0_J}M>DR#D=@&vO4AwZ*v^IOsdiZpk zYF%I0G!$$1d8N)g00sFE=nw8aW3)owXHlF-g&)=y?!Xn%O~(so^yDBHe|tZwsfq&R zy2E<$%CdSZRlus*9Omc6^&iVu2XdYl&emBwv}5y2t|C}#Q;_`t_z4q-_;&qmTl9-+ zrEO}V`Z`g&nTF<^+FPy?#t=XAgu#*1Oh`ZP z7|yM%cP4|e--=WKtG?bz8We35fyG~7Ot2L~c0&4@fHKH;z{^C-G~lasDW^Qr67*1b zHt_owJ;F@=(qLiE&@mi_fGq3aKb8avD(^}o!Iq#OngV6LzBLu}Bw0bczSoLt?0c7IWaPrOwyD~wmnn{AAQ64hLOT`Z8N z$AgFuGtd;$LL|^1sB?N?exMo+UcjQgosFe1WIskN6aX7Zd*f*jO#_A+!~QVVLfH~v z{oO=AkR7o+E5(vTIY=1@KpjoS_rn9ZD5kwp#@g*h4LnWDuuo~B+zC|Fk3Lw~r9#BM3#Zw|MjwAvXKtUM-Y z#msXMM8GPk3Id|IAaH1}pLwC^s(4Y^H&&Avuwpg~B#;NfUIbX$tb3THbX4G=fG`DL zO(kHZ?9$rNlXVigCKc6m64Wez7Kkw{$Eo?$TMnnn-=ySA67aBt-pa0UkJO&F%v>Zh z2V|gP26D?hRYe59eb>;yvJ2{?jiACORs0R74$d3+CcgtaWI9*mKv~Wq54bvz|LH%l zpu@JCndA*hc2l&-0J;4W`z22R?!S|hw_n#-SrXHrnB430O1^;8OG1T0xflLlwAtri zUJ1+IO?4&yVc3e(>(a^Ec0v^Cbpm6<0=$DyUo<>@YwWVBWP*iH@D|0(A4?J|F2CqR^?O@zE+JKW4XijPnA?;sY0TMtMpTjOb15M_V z>EiXuNs0m)H#1E10D_!QK%tyMNb-8BFT(>Rio0_}d?9>{SSyr8Rv9gu$c@ zN)7(3k3ZSOfK*EPXm`0}2v{};+RE)%kFEi@T$b^R6qjKO@w+eYjyKfQ-W@%X_W}HK zV5UD32ri19X<$Ztd0vH~O;Y=5d)HZz?*9yHw!_Xxs_5f|$yc>j5lzr zcf|z79rOdt8%91t{Q?3lTMLZL@i4oB3C4=1?yy6PMkhyey<}pZ0c0sv?C)}>Gs-^w zIvTfK5?+jx46w^OxryN4Q?B-ak%JJ)m#)n5u)XOT*JYhaxM z-IFeEfj8d;xK&}N#Q;gkN8=K(s^f|(1IX~PseVzHIXxE;A3yYJo7qKtem_2wJ-B9C zYns0F`e`Go^C1ote>G-gu?6BOJ8WJ*oy;J?V|hoaohN_09Wt}Y5Bq_lJM+Zg)(oe^eKqQ`C>TUxKh4#CIPLr`5uGAHrgL(#LTs(} zMUIdF$;1j49)qg`NA3vezvH2~KTS3Sv3-`zs9?rGr zWg&-b;od+Xa|_2uXhkZ4(j+V`wN&VfC_dkj`8CE=$9<5B@Zo2TBwL^|vF9Cm%Pr@s zN`lMCU~QwI_78p&#|bY4_SEPf(TbU+wa1(ld31mQCyW@E`iJHo4TF22q=7Enc>q>r zfpqny<}$E0)U%j}F=e-$DKV;T%Y^N8$gNgs7d3EtX-e~_CqB|sGz0dc-Ar=k1hS1tbZ|W) zcRNy(QBdwwKqi2tAR^In>;^w~paik(xei-LpWRJ^&Pl+JgoMWU!tzHvn98zu8sY%B z5zulhbLOXY6VT>CV2v`F%x@q0K!^DIX$c=B+6DTH1soC!T?BTQ&#A{0>z>cDh+E8O zpsXm$k0bux?%n_s&mwpW)GAyUG5Ey{!BZSSSqZ^I8F3 zR$GN%rwABC2u#Zef615ZW6Z}SIUoVq)7v?ez$~gHYnk|lfLCXi7w17ytsy1_PLpJO zZuRYJAIJXPAfPqKDC+pL#)!D@EVjU+xDf2vKa5@d&{ai4rX*jS_)*>9+_<{+sBC|F z0^?vOU;{Q`i{m`KTY25HL0vzm!fZisfd5)QT!Q(TeI8U%?*~>`CvD+1giBSebb;{( zH@rJAmVr&bl`N46>>ac>Zn6>!_``W(Emk|(W$l95#S`EcO9GSKLk7&h# zW5Yl7A#ja@aZFY*NpGAfGjPMKxb?w@5}vZg&23e?B;+v3=At)p55LEDM0h_0`5}B9 z2Lx_@<|Ghu*Y{TyQzO|I5gEZ^A5GekHwUT@+S$%QpOyA0zaUesYWbn@?_HqvSf6@} zZint;`i)Ur_RZ`X{JMyeKz=n??_i8UUoKI3;ty&CeRY#4eLT>2p@VrJ#UIIkz#Ih2 zqKi1|3`aUEb)38XJ_)PP^w0ZqIRdH{`HVl~+G@?8!m3a!as&Hvz7$!R+#N^%wfMt1mxW0E-HF8eTVo*B`8TXX6IelPet!1b<9>psClPRRLCW=T$rS zRW`apibg|c)77T(m;=-Qx2 zPr@ozqi|1*9EPQ&A9ok1)f%P5F}q&s;FnFRH39vQ=wmNWG#J-prL0Ead$V6}YtjMbdR`If}&4Um}M`Fv(<0 z=FONKOa{Z(kLWq4cedLBW2h>rq#N$B4`}o|B!91h3FjPEwe`KN?MwLN72*(h-Eu`Jq;fvuoEr#d zPb(HBZk67h>?b^rJKR>k?-JsD_W4r-0w`+W)Wtm=K6T?3uJHYcSn|BX>&HVr_8cyH zO51$>B={eLcPw=!%HXZdPbl;^UM$$E7#EIL*qdX?bWL^~nz0p90X^CqiG%)~1XNJ# zUCEP60|s5Lk?NM01YjSam${%gjdV)q4bq+L$H3S56rJCv_@o?H4ZOEn{cVf;+8DHE z(fbR)%YGMhgm;UR%AYZreC)(OI~dT9Zv<}oUHU0B=m7EWeG$Lr)$l?&M*Sp}-}CB^ z&BsGVU;!OUq|4_BviTou!|-?a=q=Xx%7#YNZR-a`IQ-Vnll9hOji&dj@O&<X}oYqS{_;`1MV*f)Wak;MRUmrl8rG>=`zIx0`H}5RUhFc|=fuho75=1*>NF zRfiw1zVk*l#DDoKOg0l~Rb*s}@NNE-GhN`S2{;?@`D7E1vcUgR=RGU1ecmnTeZ~!E z3g`8{ceIorN>gF6T|dZB;JsP&AOoOCy#w_fxR0}Yd}QW*S_b}_fZzj1qur9M;7s076A)6&7cqwgx3K5Zt)j&L-ch?*1>7u9^Ee$>PNnMg$1>oXimM>FK)GTDMFNa2yuDFs| z$d8aJN%-h5r{f%il##Y{O$QYr6e2zd9MSEgBkmOmYB)T=#7m_wpZTMLCeP8mN%qDk=(;<&9u7wcnlUQ6LUf_#a3cGq>C(!nO)3i`zIDbpE9Wsp>S|1 z&x?^|t9t^-u;z>cMlO(eek?14qd9+c9ezubj00}lu>}Vns`^Jr*o4X4nZAE`VeNfp36bLWSQs`F(xa)5z~K z>UqWL4hSRtXImo@i->?fiKFA^FSsm^;abGX;R`-+EuR`9_p#WW;3Z0`!_&uR3 z7AZm#+2(y&Xp(i8%lw?#J`m$Cx}%a4O{yDtX&0T%PaMk}k#Zdl8bhCH!MI-`^znPXGj0 z*;336n-RF4Z{35)E>{V<`$EGZlYS+nH&Fra{BUMb7Re@DC0GJ*DKcJoP$_Lb}YGU4F2tLZ$Yk(~^E2o1(vCy5^S#S zXZT}ZjpgYmI5ehFScW@|e70GZ1`kd%B?8;h#|9Ye{ssD%+4{IA_jO7rmUV`rmB6R2 zOCf0&{vPcrS1t>`$NP(4aVLzd1=sc22JE*&PyYEzmVq&^7o0v&;DW?h`q`$utE0$s zecqe6*p>vIjRz1$+UW%;O9^N1;m$koWPXR2`i)x|`C7iBD6cd`E1Z~iv)*EO!7rZ* zXAYhV!OcAe?~`1kq?a-HD_`(>t4LjJAM0<#9O@(`R21kG)+{~*5(&JlZmPo!RiJhi}pYjU{DGG`-u(c z^j%2*Rj>q}EB{L6x3m&3g1#IkYnZM;QvSrz2eq#R@sm*H1jSUS=M0yy0PFIt+1XNS zIJAaE=Ux;m*ynD=4!;rmJ|Op1x0`|nOjg{!I{68+Txu!&0kj#0UpM6i6Oacq@4o2( z3vS)5d8x{a(wE(lvALEKq%QT0+s*m)+q`Y9D0Mq6;kb9C{ z+PlD1Sj67S!= zHU81}h-U*2^jTou@%g8L?1+AagVw*QOEaH-&4BQran7)@y&jLsmc37dB*0t_{qdWy zbtd`o z;1^t|8f>ai7`gt9dm*JY>>ivOxr~+dVSgyjdhH(8+R<=Eu|#di6xpv(V1HyW1O=ab z?q3l2fnQSDRqoS?9uXnbB@@hC?b1MBM)T!PO}~wGEY@>N+2YZZm?vOjPnJ71qOxH9 zf;agFdMm$I)e%10i`-u~yc%%RuB_!<-DwnNBCOt3!~jINW`PcfwaUpgBp@a!>tTA_ zd)dr1cCG!^E(5JtKz3Yl7!kk`7CceY@4(%^^g^bO)4Tt$f;*W<{fe6j?{`+1zj#mt z{si{IL`&CtUCY|Cf)xU-B`bL`=cRD;?;3Jmm~{c92He@(riXrC=aU>4cZQ>)n_<6_ zd*RcvNa)|6Bl?(Y|Cd$5Z@g=O-Yfh9Z>Xf%Zatl9)*WdMtYg~(imZ*QLyC&WFV2)&4Nan5c#%iW$ROB7-fIlH$`bbgu^!a@WT$5j_<`2yT9l-%~||YrH6f- zN3+S*qexf-bg(k$7xGR@tDyv~=9xChwjsNuhYlzLq3LUYJ*W=+^QdI+1k5h`1vHC#-zi{T zPoQ6+Ln`4`)!$Zn@^%*Mc@QXMmx{U*VOSG+;ayxpQ;~i`NBu3N4!pvy1U9Ujf*^F^ z?%ye<8JW1(olgK7CfHcYFVUvQSBgLv`*Q-GORx@^F2xVXSBa&BW~d)NlZEDAEKXO| z;wD6_YLUJd%bHV-sy`Q(p~ovaHou;24Gs-tblhJ({lnzCnld?aPd}(t0NsqTGaETJ zT0lOJH>gAU@k}!7_3m~ApfZGA8KocqDa;EX81W7l!M}I;VEoVq5M?^#IR;Pq(+J#1 z`0(5v*U#)?ouYZKtBPLVC4Wh$UKG8HqGBRaaPBZ@)6fm2+(m7gm2I2>Xj+%^sCW#*4rmPK=gt4a zne>Wtyad6@_hMy%{{|))4r?F@RjTOz@@@hDN`~mH3ZF%P?OW+cV!j)mzBA+OVrK!U z9lp4D#igAZj&~l2*=hipgyxNKQ*~gPONW)b>a1AV7{jQvikc$=F{eYEIJ&-IW+E7B zS@h3OyvA><=STg9I7aE%=p*;U{@}CqnoyNxusYqH4J5$i%zA8=bVi4%<4}Hc=`7)f z^A177VNY=-HThv>ii4o7TLHqe<}-3PvLUm#gVs3MK3mc=Mjj7b5SZ5+-E*Cpw0O$F*f*T*7jQ91u_E( zx^=S&JD@4iLg;e(`8Ta6-CqRIO{ERw{OvbRN@B~swy*EKsX{x#VD`$ILScgRvoG-7 zox#l`v_%nPK?7Fxx0Xe5rFk6leW8OsuZ1`cy7ejmu2jUOD1s>mN|(wMk3GKAnE3;- z%-o_iih%DSu`Pl7bv0{Asp=0C_`$H_mbURYE>GgQ2rL>trA}-ajlzu&|L`;3Q%bTF z6eSy$?NWk&UkgEgYe61zVIJ6clYV!B$kI>7sTOHqL~K@lF0CwMUjM$6jh?-*9a17NYs8mg_cV7cJCb(e*uL_$N!$7 z??T9Y2^>B3)Rv~NEgkmnNZvoU09yBl3gN>kz=h+Z$06zW8UZ}QdzcdtVYl9f760?| z9`XgyfD7TNk-WzSlTMQO?GC8RCUJ1ysZsrm0IdHFOMNNc?~4__l!r54d@#2>&K-Wh(^>Onv)z1>g3!5aPW~)tbxpM$E-!{)drNYHKpEU^VahFbd|9Suv>11R?5VhuPb*1$CA(Y$ELQd!y z;WccH z;2$$C*vX0Ag*dhF{g58{_5*duMqFT2^5K0dvx2uWYP_2#h^v0TU0pXH>ElgKSty#}k}p#$B)xwsQ^2u1yc%AY0Gm_+ zSk}WjRBX#9LwWC1^De8$MGNbzI~(47LsdiqO#d{qyRj}H=L26bxd#PEqX;&5Xykv| zv9Pi|Lw|2eEKAgALsVXgPBM$83e!&Y4$}ZT?V#m*K0x%6;XBG3LWh6AG$1L`@!V#5 zImWl~*Vq+Sgc#Bhz{}>>3+AaCxB-pZ%e!VpSjSx7JuRC1^ zaqI7Og3ki{E_JGtQC2c;74r_#>Wn;EU`uyvX_zAXn}*02c!Be$?-kUyhW`Z}gl>X> zlI5VurV*~_lAeQyUu1EpA82CrWxq1h{2Hs!A-e|7E-xzV{&u)RaET~?Nt|coC1IBV zmSTQTWZ{dJADm9TQvd@8&Bi|~C?622MAgH@MN%AM*P}h-XPVUS5&J1`ux)@98k8;z`=(<9jMlCe}Sfi^Glb0;;{u;~>=-CH5QGbnpWFgUP>x~Ttu9plYatD z8XQMD;h*4MxVIF0pDi>L|6tkBtQUhC+9Z}LgK5}nZ)m{0OvO)qP%P^+b|VNeQWf$H ziYRI{@0AG0s4w?k+`qWIauM+njfL|v(#ECf$j(=hPS4vW3v6^Mtj|~HH(qJFj5sW7 z!!dO(;0*14W`ZH@f@$OnyW=Z3KcFYrhY@s3Pfg=IhOH8(Frc#`0XG})?SX}M;^bI= zLgDt4a*+?h9mS`M1Iw?ax*`V9yr8j4`_Rmxt}br=Yhj3<%AL|f0Rl2(czL%EZT z$VKBHKl^GabGky=BU|#@bn^;w!SikI1(?v~da5ig3TKSoDT_>rfj;khY3x%|Xa*gJ z-Gh=^eZ;a9x~7t%NUB{TB-kr_9jO*ENZG{;2T7Gqnjl+}4m@Cl0!lUKt3OT)D7%|K zd8%KI_hK=~)B?hy2WC2Z6+J_piLuyuCQz%9yey!uKNW3|h?rN9UN-UY_xoNilY{4> zFW!OFp0@vC;QcpL1_!hiVhRsf)3I^b%1zKn2Elb@Z047}tzp_?!yaIN6$I*+)2~K$ zkCU?2gM+qQqNECs)axXu^z2x1Y2>gt=<^IAHzblf$R4 zvS^5QC%uNms^nW8?xCA9NFG1*0$V8ZtB*9UfT+X#{>gmMvvhu3U* z!MkiY;2q5_twLy$VD%pE;w5zb=nDT?Yik!eXhaCYEBfuvz^7FVM?n3ry!VJh@k7Dz z1%4xW?pUr4bW>9NtjPS1w9iqRFCV?<%J9*JuTiGrmAPDt=@RQYf>9*1sIIR$Xxp;d zw+@MP*+47g6u*TBLGT{nooG3eT2vY6x@EkM0ay)%V&*pq5ld8BZ-lmfw#nNUM57D3 z&Xc2y#F_S*Z}eFLXeAfcXbZRE6mO|(tKF%&QI>l(@>}6pg8=yk{$2?xspj8jTf#a+ zREu7K#S8LKKpM(xjlLfEmCYi#0Tqi-h7yNa3g@=$x%&8Ke<|2&)ZaDC`+|ihblc(| zLfW*pen6|N%g!%>x0in)SNJN79Zp<()7aR;pC^}&ABM(K(%{?rW7 z@Z6H>;eF^Y?2*u}@Y^=WqB}F7yQ(vQshCbxZrgt=V(R+;3H zeO|#~ux_LnCIsny(<8nel|cn?DBwd(FP(DxI%4$~-(!gH!~%%@uMX3R9^Cot4(P0~ z6s=eY1*bnTzvPfmv#~fEdjv%KH;+JNo9#gw8@#VhP~yJRUr>~7xrB?YAwjg$J?96T zB_?x^O}`|!U)+M9sE0iS7Lq?v0L?)RLqDK}n??(O4puO>h_pKr1F~7Lq?axypt>n8 zP8EP=Cj zHw^C=OT>lDZ&2BFzJm8L*y)Q|_wp``sz87W&b?53nL5PU2Kvw;Y$%N1`UW4q{@X|K zBN-aqBw(`zMucElq=h;JdKE17=1U&&4mLFKezd&+PNj2SEZBqj%>|3c8JWs~N;k-U zCmqNrrH!FidZb~WgyRm zx7^A-Zf#3mh`=-81;4zYam^WzXKJ>a=+X=StgS);_%j-o4D(5bsH9FGiEMXoVOPU{ zxunb`%K*0Zv0roij7T7#PetD>L@lu_ApHV1o2S^>u z)q3e}c;`f_7dI#xl7O%675!~flPaN>;0v4MjD*vdUj7v1b^dhkIpDxX)%cY^ckKjP z#OyQw5dLou@Ab-(-Vs-YHi z0NDj?j}Q#7PKE&$?cv$P%h^$C8}!@rs9prU;@WEKpE81m6>iKNB_U(nB=HOz_Is5L zR8Jq*WaYNB+{oR=Um*GW$r`tRGcgN71MnJlU+-Si1?xP2$J@3zKuZLBK)r(@9*p6q z`33U%P~J5hTq|Ke!zbm`qluKJFx_}-Y@iZP7*DI3J6kbM^ZolUB@hwf(MRpXFTsBf zMYGTHx|dxd$&B-7s*>f+Q~HQrwE}o8=n6YW02G)`dgo%*rP{~qA1QP(tDjiKjQ6FN z`KUsW7tc(8d^<1o1pT!)YpP80dD_FUVAM0~nAf13u&$p$hxz$;pldwP0lCEQnZY8{ z7vct}SVNO>5Sjzc>Y7YCm9&lW_aw`%25MRQynu(c?{u8SzzOVwRNdQOP%Q69|G=_- zOYs!>SV43r@>S`g}sRGUN|RZM67=EE31v5vo<@X*}#C3$cpPS{xk$o?_X!m zcD4J}@WVABBfLpPUj~GRERXjLICJRVK$%G6K9|H`a>HX=(=)V%b<_%JgF?fexR%;0^ICQeGC&^ zHMx2BTn5L@l;B`V<*!Z?Cby1(DNWyJ-lMTYLoxLN`XIPW+D2-Z2QYv^T%Ba@7f8@( z1KojBFSgnRmr-o`K0n}6oABRPEUNVD!Fu;#4e(?Kzmo;N*^6izDC5F|Q-@H{^a_l~ ziNK-2Pf{4iP;ncHXZ9%!sFFtCq{8_Tgo&wRE(ZVj9yL<}xI1eI$mq@`k1NG#K@-52 z@hYvHco$vqGo1o1!`Wp~yMd53h=lgLGLP6aq@M%jHZXBbQ|P)V>MWB_*pY!!_du_p zu3TxxJ*m{>PQ7x2R$6(rkKT9}W&P*?Ksdv*_nkrodz676!@lmnKrCW{YIo7wsiQ=| zBG4)l8WB7h*;mJG?Pqk1HYS_0h+62jA%zM=hzAPCLWa*_;E+v8#=J%S{FXpG%8^;< zS9R|ddEJ{Ti&5&FIyL5J?{MrN>z7z7KwDYn_ z+LxRE4Yqj%DL&N7H2WP@odBBq3%G2<<(6pOKQAOC>Y3V_V*Hfk{sFIU4mF_Hle&~Bl=Pb_RIjrVSn8~g}Mc^%_9h^OEdP6GWooEpZJ}#Pp#JQy2T%*O#|mQ zdq9uXqI|`jUc;izl)udrY$Uv&-AG%L3aAwx0C$PNUBrei|MzWpgp&YkOa=?vtP1Y! zT)>c~5R>XFERcfg)O!)rO8pyrdl1O9TIOz=Xwz28VU*C?GN$V zXpI<*_2vYDFVbYu8Iyv6_%@o1B+`W#iI0Z|LBhmR$9@VKE&LksOMr!;O`8k zml^TS_5&-D5X;F$|!fxHAVC*8|kBl0T^0rRx#hPE^ij(NN^bFJQrq~km|D39)Y zn6I*FKcMO%6ff98uM%^6C&*}t1) zTVQVu=LH{!KHOe=J&6^5FM;fD1sv$rx?V4ru?#>*rvh!`%iS0-zUf`dXec7eIIQcW zakzf<91Sh1%7@N7y77g24AGSgM!0^by;&9NtW8H4dv`DXPX!7B&-c`U5n+hT$qWXm zVD&U&=6s5pRNA z?c z3k)xN|{g(QJtJ@o3b1AV-^nq7k+i+ZjcI&`9 z=miZD_?qbpiyjkSZO^KP4HgJiu#^mJgR5LpaH9@FsAP5B4#q>7&?r_W^B&cTgT(ZI zRSnL0)hDlLbOkzKU{!Fs4bD0st>tAv`abku`948DBu#mD9)PBo9JBia(S`HdNa_Gm ztss?TOH(JyqJMYpIWN#r*v;)NW5(S}r)S#T_eamx-@PMCDjm)Nzgt7>H_D(;8M~1D zIQBl>;eN5r1JG~Z4QpVIzFhFKVsOmQem(j5&;o2cKoY%qI)^b+N-4Hh*aIvPncGq> z{fm2(fhEX@1^NM-U_6$yFy5Y@ATr=>5y<=uB>@+DFa=8@mV3v~GHc!^&YXrVNaFOK*=@$N;u$>G>rotA{R`YCt-WM=qdn3cn>yX4xmh5OUk$RSaTsQ{FtJ^ zC%z*SzVGR)jppVqHQ_9QLmO~6UY~ffx%t@(_|n1M9MC)z8#;eGzVr<_alQDqn55=3*kC`o^uVh^*W=|F>q53W+8SGMoa5bE$2Ad$KZBa^i z2Hq}wG~v!p?ffT!4_~@izyN5#9GvNY$XyON`XzOZ<(!R81awmZDm7zWO+~!}dmP^Q zO~>{~z(|f2%5VWXW5^g#H1~NU*I-`+tf1PxU>|vX;-*_M>)QEyYn|w;gzdAgS|Si%w} zk-V^+C26nKwc8Y&*=i3F*}$Q$1IiU&mH_2Z$yL0fGZno-&!6# z(1+hG<@{_4><<0g)v%nynR#0VW0Ju~Kt&|{{({2+N^tR%cZ2S>pK@p5jh9)WF71yb zX?;H*sS9k_Fbm)^Vyjb$R9_piV#0)j;WXUJpRg zy@E`rgS8f?nmS7nntz^)>J5J&VBw|iV*)Vsd<01@=nOJ@3jjTn{1XG4nbm|Z_+9kT zjhP^J%u`a07m#TnS-*1-KULY{Io&)%etMkB7j}6gm;w_SpcKKtQSa$id-#~r7v_uB zfP&+ANZpcXLyTkD@`4LUKd5A94LMDB&15D^*)nxEjNH~UrZj12NI^^0Y|#e2y$^LrP#8oEL2V7<*Mlh;h4MP zHa|L`kzgpJkT3hOsvSJ0=WE|b+eF(-T+y%PPln5z40EzTKaGqE&CO?Xk2|In^)RR- zhbO}WHl5Jzj14Ffk^Aw^A1q@abB zqg({q)TmIWZ{aI_#iH3M9CN!-&=96uqT@$S-B(BD(klO?rh?zdk-VhX4a z^EQkB^oUfG4w_dNJR(_gJwF40?%kauMV2X06okkxwIEN1%fTHCX6{vy{fIfx> z|8?beOZRUz$B*4u%F}HX5L6yWXuf*z`dF=^X#81v0x~*=-T6r=`rfCmTotZvCb`?4 zD)W~yQT52ypXtxoS^~bDlcpTlda$YGSk2wue36$bXl)FPWjMVs$JBU&w}K`T_gQ&2 zmLy8f@#FF>hO0{i1ZDix_dxl-?A2&33+B0a<^hsck1x$z_28^)T-_gDLC@RAOCR8W zGE&h)gqI0=$+*{{B-NNt$eC9b+K_cZYfW6%C&y-#*_xvPa2rn;f~WWAGiQ|8eK)uQ zj#(f*NZ*ow?$upVP!6=H%Uu~_9lEV2*k7xBb|z5Pkd{HjNaIBi4t6)?rT8&;dbX|} zornjxgwOOL0HTCS?^R@$z|4}HJ`Jc(v89z_ZJe_vD5&Nn8Z5?FG>m0h*g;mA76FS~ z>Xi2m6FOzeq)9pP?eUcWkPjbo_W`NP*&Eo1DR0*lz>_5cS|VuafsI}h2R<}q`6$=I z?!Cmns+1m}57{@0bk{|HD%AqA7HqJ=DZqkW>zI_B=}zmPR$NXl#P<&W0tA~Bqr!Kj zL&KT45~88OjN*4r4=ktxSUYqV+PepMq)@s)B*p9T(3|{aEO2&zEk1s&(v7NP8#1n7 zzj~{D45UCtOomYPX5fJ2EVl>mU?vT3SySf+CRI@5z8>9UTxCi|jOViTv4$M>(C*7+ z1nKg|D=0v#fR3!=@y}9tgEyP*>?nsWK9`Q~G`L1QnEHW1h4W3{M|Xc6)jQ;<0q7Gb z6AK#hU-x(!!<5`>jkLZ>`ghLqRFsIDk`%-pUT>qyv2Gpzsm=SQK-O4F%;A20t$f zFm%gtm#xi7uBrDc&TaQzB;dzPgJE$qJ<5ApY{y1Vf$IUUEM}xkteLs)bf&nc0tkQ5 zF3_-r(D`H(df`}$|62XeyzL83iEyyYzqQ~ybB_h}yLJF*EqEir0lp5eV6u%u>O_2rln7s`Za*0A-Bh1BT^B?w{>@>#rm^6SR~Aj8AQYrOnxly zdlYfptCzp0{7pNM+&xSkuXp1 z_f)*2A0mG>htD(VP!4bT0eZJ1=<`~bA84?De9^kl`*sdzS>Y_+N$WxD0T=^|Jh@Pc zKNT^!5%q)t3W?JTRlf{0w^>l-Uw_fFcvxaO=$ZS3vRIa7(OWcg+;}jUzd|XbC^1Ok zdHvD~P_%oIl933o5b}<>p&ydnX8(r)S@K6pY?{EXguiq^-4Z15rIBUte$cq;f7F)} z0=jZO=$E&`oR%~Z9C_i2LCc2hx)i(`?2mFWPXi@JKM->}{56_vTr6yB_Q{q;vcbV} za(#qJd=G)Oj7cIj1topUCF+K_`Z>n&cx!>IxgCroezi$*zJ?C23(QZcG0W;poR4WS zhtFN8eXR|wL3~#VePex36P(-DA^@`vwuEZ`-Pv!1;xm{PIV7qdB0UVcp>I#xIC&rx<`wGl7A9(kIiel7TtLs&2Ps8rK0tNm9I)&3EkJi*I*M zLAQVT_L-vnf&l-@cJ?|~8qm^&SGHJ^Och^vN|0C3Rsl_-i05s6|DjA;+lxd5037e8 zFO(fo|4D*`#=MKA2T{w8P=|=I=LKC&766n9(dT}$JXIRRX#2T*PYX4so>AgeJgvX( zl*?y7Oew@6jj02UnxV;XoL{eBM4(B1sd#?41tlWNAShU%Fd)dA|IlxQ60HZM&OT#I zKV(8L{RNM}MuCLsT7cDt8XjoMzAjn&td%4gfWv%?g^qg<>$lI)B>W65WSy5q6C~Jy z+|$PrySx`y3}`%)v-}#+s~iDi|HEFR#Q(gkSQtQ3KY>UGiwb~Y?k!sg+s=EFysywV z^QX=~Me_v@DWJn!4)>ZQlMUDpXl=O~vEb_wKMNM}x`Vk8`@ii&Z6tjMSw3{YmN@O? zw^HHNXkIGl+&;eC_V6UEek0q5w32$&Iz+Mdud%y@s7-Mxf|MStCYs02gOgYhPTt#|r11T;f5Gz3D!qalioY2>$tSN>HJ{2d4 z%di8WAYg<2SfIP%3}|LZ{g*cY;Y!QK7q*V8XD_cDQgx^Uf|2Q0ljMp4GnwqYrE(ulaJaY48XWdR38lQNGP^IN)Y-IiQj_lm?(b*z~jk8tK;W1eXwX)qv$HHpqKF~!!Ezj$sN#$bO{@09920hPrlWGK%{CAgl zbsIh`hNuwVJ6cRCJ_3-j%8D;Qw5V%sAxJ%l(nZt5PC&Du*FZp$uZHJSmR>IfEQ7&d z_*wPgiDWz~ljp6$2nr3QjG3QcfoTqZ0$$G}=>2`ppj_jp1(*9@wl7?o2UW)7Ueu>9 zs#Xj{W?y<5VXqrrqe_Wukpl8NvdXsA2?^VK~cG*p(Qz zv4t}?h!P+r6CO++;n1L6Y@r`m{yVf=oyY@eRTm~B&qHdiB<|lf;)i6AwcC;LBgmtP zE>w8+w`eAaL9|XId8ZCNCGcB}y>KwVBpg8Eeh#!Yr{q37>4A?&PWB+!gO8ALiX15J zj&dI)&})Vd!kz$pL=)2;z?#4T6m|m~-Q->wLh03d7xl!)!h>riR}diJ&@n$kGs?dqFE?Os^bP4W!m^9 zBryBRx8k{OQ*}Fuk-#Y4u}|jm^$2qLm&a_wS9%#AkiPLijB>@3dVYYeCt-f~*#|?< zMF;!#gX%veaLvh9l@IBapAxPh&8{J+0sTH z6ie|M)U@NNq+Vk3BpXF#eDWo$!Ar)pr{esAAcD_YMt^QjZ3N>{tLlm-{&)*WNBauS2HM7oy8QEMhry|EwIrNziw>10N~NDvK#TDoh3x3-DW^4p2Oppm3^ z8pj5WbRS{I+eeMiHsq$L4eHPE5Z?l{ANirjfaia`^Mmo(^oW!+8}%!$H|v{9JS(=V z#(BJzrS&fZ9^F5Z&aBHZHj2W32_d))VhSQ6hTI{>AZCeQ-&^%s{q^G~xjo%FgrnKXFIpR6a51V0c;izgNB3#xX747&PT(wujc^NT_1-$uu^nKRnN$D?+ zCCE0DtyA>@{BhqMVDlw&d5N+R8JQ=kFU_CMPggU(>9U(U<)PDikAi8QeeMgZBoJKj zww~>;WwS>L(o>Qw55(nBYwGqfHcSt5+V}JXsa`HUeTnF^_vxY)ziVAC2mrJ6>A>lz zuP{y~t9jb@nD~7AJETA{iwJj7AV0y8=uWtdc`L{brn4J&1UXXsAUNQ$pOZ@;wk;y?W;9@N%F{B&P7C(u(xY1#60)73}v1@Oqe(3?kx{@*WM0v znuF+>{1xawMTYaNfX(s?`(s4=*4OG0pekKD7nU-N)dUU8qkU|LRsRCn92kXv9BzBZ z2a^sm!2j>TcAa@|d~Go<+JXZC=fnkQ^$MS>DBft)=e-f{rH=Vh90RNJL!_FcWV^$W z+q8W*T(MZhI&`CNgz%s{KN*5^#hcok`9Ik~&^$rlUAEzEr@e_C>Tv33UV}eMz9B&6 z5HFKXlYa*(?(CXJ6<4FgoATr7^x3RReX8Wz@k;Q=IO`LFhmxmUixQGxau!nhyjQ>{ znBvF4C8!lz^g8RkrC8W@>z}kCoW{r7MEUF_??174eGR?-dTI6#jF(_OAFCYG-1U(Z z)d(saO@i%Sbv8XtKa?-~5zhRO1VV%r zUJr60f4M&$Z(gz3ZPs1(?(tk|Z7`|8bDr(Dl4+#4fp4LTbfvJ*12lHu12=*)>?y4@ z0FT`Bw3S#V*6cMIqsi1HKv1__`N-7rf_}>NLX{Uhb%#^VfZiY2oh<7 zLj^9z(|&`meeClw^`ZNhovQn;6ctQC)rp9v#=a z*QbjkaU4o@q+*1bYqtgWUtXaxfCBl`62EzTP)F%*&H8FLWO4yz z&c1D!#>WzMmYl!u$QrV5*W`h824|%$=MXhVTz6vq9zfuP+qhRNp!O~GEFt2?!~Om) zOo7u+K0GpT>rP+)Fd8)R<1w}p2%J%GWfN_S_J5jwAnK3wQ%vqy zKVMAr3+1$ZPe)UtGRk7_~$!s!h7=1eqg6`n^3TESSF~BS2eVTM~asiJE>3{q5HC`=X<7!ZU zXAx0sn1G{drE=vl&oroNz^J^uPKrX9xcT;A?loylBfhC!KA*(`;2=A1t={RUzyzxo z2He~(c&Ozbo`31?1=(JIdULk#DyMM-W^VWJ4(|gJMrpXcNv6iqBedgXW7BN)x%iIA z*ZqRri_MtNkM5vsWlBW+k)IMqThr=y-;bl;t-lg5vA<=LPS+%=gFY=PA=KJEE?@jgnjpQW3%O`W7jT_Q6yD4}+NWP{#DA+>5=$=rHFAwRSAQkX>0XZya`UiO2^}Erpi&`{COrf@8(wsn<8?wsP>%gG#P6M`YEj ztm=C{xxXp*iVt$fVou16Lxm3^ zD0(B=ItrDp|K;sqWX+pF@Kdt>xgCyHNu1E@em$kz`oiz;eG6hu=$Upsd4{ojil3rIbsS#ZB;#jez8{{*PR;l%7Ggm@zP%Tq0C1SSS?;w$IA?H-ikggX0LkgG8L z2sAAa zWcLuL=CVS5rz8H*tQo?l6koTwvmKIvPz)mRE2~Oy{=YE%LYN-mIkqWK8#=sI6ZDc+C& z?`-v_n)C(=^7_K+ZrDA^Mn{)PfG=P!W|U5*KW{o4m_GdWj3i_aFb;1awbyHCb8yMm z`fM}83R=!dt2ud=NWKd#&vl;DjZ&DZPBxEf_fg}#5p*Q&jpjo zb1k?z-${H|EaLCg{Jhuk!GBOQ$bBQG)#LSpWyQP=%N8>ewm=2~ zwK{mS5~;CV3Z7)UUiR0*@4HOn8}1=5a?DSktTCM`IBs4wf^XfP!{cyRp3R_bO!t1P zfk>LRPMt`-l-&_@8b&&fxdQC{IDvD5EN87b*h0?)*a*nTrhvm<3!_VSQO-azgmt%< z#M1-huY-^9WLWwYdqTLW1qFwMv3}F0n31P*D|N~sz3Rw+eSAY?Sg@p?2MI-*j62xg z5~gv#i0rKm0h~JrmnB}@iAO*$wQV|c2D1ydQ^I3^?MSiVusUtXnsB#tMvfC=79)2*;Uwxv zABtKT@%08uwMi}Q$IwHQ|7qCKh>D;u)^L8j1||d@j@&D+i*vbMPNhEKY)(>5a44*q zZ16Cd^&b7PTLuK*H@Z1~EGWwF6Z!$>YDwMeDLM@`ejBR#1fR!4R~f$H4#!)#(HNb0WWrj=oA5b2ysvp z_c41COyq0#NYUVD8^YjgwLHlTm^{G~yhHjnV%N&ts|sM&(@jwD9uP*r%T!#GWMW3p zClR{;ENk_q8moM@DCPnuJJh4>W8b~~rPo-5`^9kKc3yX0&B45(*hBW(#Y4m`s%?dp z5_8WJ12WScQ&Kt@XvAL%gWXH25D%Hi+M|HEDdln6KEHjt++s|zY}qbek-y#giR^4h z|MT1+nEKkt+ry2Y9*0lw{xI-)09zw&`xp8GP7qlm=HTJtco|7(% zx@%&wH|Y8bekf7=b@$+ElHD&n675lB{Es9|N5YEC3A3JjZ>K)sY`w*Y&AcQU8Q<^i z(!UQ&WgGh*zUDUMF2X}%KW-pgk4AFH?oMpHKDS5x=+5U4;Eq2)QN7RQt4~_WEk^y8 z7NY*c-I}LPl+?rJJ`gE_NZ0M%%y-Ja_YY(?9Sw5n9lr~k@H(cwlzVej5=b2|Sm){E zO1xqY^9^wt%G|@RDvyNHDgU@bVC@+%jjkz@%lRk33>AH#Zzn1}WT#;XVR&Lgzv zY`^q#%~?rJ&SOx*iJ7!rP!e@u(Q2M)DO8Nf?D6br45#!=c#}&g^%rqf6Wswv+}CGE z-)y`Q+Qqd)Ox8ZiPt}9+LP+Hbk{*a~DAaspOYiNlKFk%A?g{b2wJOuZ<0dQ|8T78} zd+&ZfuX5+B^^`OV%Q1nR)r$w9xU+Y9eSX<<7)l!ut~fgOo4)R3zL~1=K1vb_4Nt2m z7%=gJH+GnNHLa!B{W>u>-%`DNZfA}pMaGSpvvoSq`C&9+|ENSvZdb#vCgAq~@~BzO zQy~^VgqPbB8jz{|-tWxiw*@p3d<0XPJVZ`uwzhCscM+N)h5OZ3I30FihJazgIPXtx zKdPl;cG@Be@NihXyrNy0~rpB|xQ7FsJQWJLla z*`gdEmSmo7tf^8MS$E11%0QA6|O0NnVCP5Y+eNep;-L3uzxd+-_* zZ4wv+3+%2bIfFWUQaj#S+*>VZwtfw+6Tjkwr3}eviD9s^=dK$64+HJl9&^V-uCY}FLBrg zPbyvHf#RcPv)056<>2W>^xUVeU1@wP zwIDylRRZ1%LXaXn<2lR1(1afsksJFie~6HzR!aH(C7xm=kNNwR57noT$KtrQYI~@B zwpImEiFGrJn<1ee>-8N`uM|HMBJ?YxR1 zgZ#wF*5f;vSpMZXKv4Gah8FDPxU460;*8O!#Ur3@UtfngrR=Ul8Ve|OwD{{3zcWv* zl)OP2w)NR{YF2WL6Lt1fkP8qlw$C_aE`EuuNH*IrU49JUbAm-{H`hc(1blsZofqlu z7_c5Ef_+4kDb3fLF+6_xb@)1OnA{WX`QV?AN9-6M61jsb)sT7gteu5bL}tQR^8?FQ zpY0Du&wJCR3eI>Ex8<}hew{PU4z>`4=w1FT5-=AXg)+*<4#gjG+Ly5;mF|g;Ll_Tt zx^-oHkEF3qZky<8>$rD>k9%^urNhl^ue!X4XAzDByF# zwf5z;yF@BpiXefxSeJf#}JS{vO$GP*x{FoZFQ1MbD&Q4;Dx3siSleM*4-qz1= zG-_Euk@yUC&zwCoaB21p_N+2qWQkl*3}pK3D%dvT&k{*=>QLKlK6KFhJ=Sj>WZKV^ zxq7kfeMR{Tb1;K!xX`S9+*?2K&-q?w8%$p0KlHBp_F~46E}p)^!;haM2+mfCD2rsm7#9JTRwwA`^XoYSygaqP+?3z+T; zEO|fQf2l7IX#x2iw1xN=c{w@5RDpYmfaYIj+Z)X zDs_JR655R4T%Y&fA-Co-J_F$&OX!M@&#ZfV9rpe~snZhQt%c5xaF1!~(MZ>P5`3V( zgEA=sgQlK(j73kcuYa7*^XS=PknJbn^d_21@H$hb)wq41Jbu^j?Uzjv+c#fG4Cgad z5u12A-)_1&0B{~OM10Hg`r@J>0ta+&NMbZ~CT_=*CGNYj>QvLRb8Yg&0`($rRPWp8 zCL%b7_syP5J@#Ecz3uRHasv!Iaj9DI84Yo2GEm4ODt)iZ-^GALXDasrFf8|@e2Me- z<^=YT2d}-2ujrQVM=FxeYvb{_*3y_7MDEzH?Q~}M5Bjkv&95Yfm*rq@CC6|6Jea}p z8^h@?%<}K0ljsLrg^)BBg;+=vrFQt8J_o<94afxVT&`g+^doeh3ZFmZXqmUCJ~xp2 z$ct{{a@XH@ASXkr4t}$9KW+6=<@C|pOHHS<)%ezVADV;=K$t$tX_arAwwzB`!B}ss z`OTuLa>6e0hULB{VZx1GLq(grmhG?!k5ZuqE@9tsufx_L-@K8%m7sHd_+uzAlM#S% zoRZ&6_C|!euD_=NA))a6R_wm*4i-79^yAfod@?_7^OrA8{m7CL2);u?IM}>CiXW#D zT!RQX>Y<=9c+{-b#qWyll$dPwCE)MkjMsVofzGloP_c~Gh5N9hODlyMq&N7^!Fj#w9f(?3#0byqd3BXGds9UZJ=i}@#yZF2_F>i$D+)knF1~M z_z5~1MH%bV0Sk~sivhvuUF!3dnaJB)5eZ^TNF_QV^>hoOH)jCtRye^~-H&%p+U~nx zR%oHxoR4s6;WZ|C$sUfu`Tcvostt}>am6h>0C@H(C$hHqBPW1m_I*3S1HOyVDuE%( z;=}nuj*ie=ze$}Xm;!&Zpd2_qZX2aG(l~is{@@=N&*N_DP!)qGKRb^RPw$7=`z-j$ zVs3OIX85d@QOG`G~a)1N$)57^wKb^=Fl`qX!Lh-1uK zPyJpZ*sAsyof@nqu88F3XlJhre(=4u$3h5Q40`eJ)Gj*|RjlArkw>>y5)8^(n8^U% z!a_UJ^%>$)0>6BJKzl=Hwby>(J$R+cr`G17qmtshvj)Z|tn3?EM$)XhT-1G|QT8|K zD))#h*|+G7HK>r&=E-jNGA@1eg#57tc)77E2aa9b=`$xizuYcJ6y)b|f4O$zBkPRAXK~EJecRsK zQN~30j9}^Ek|o2oBg@jZ3QR> zL&C;s^iCb3rp&XU>dzP8&RpSQvgoiG%b%Z{!F7h+v{j?CR_~|5e$mX@`*IEY3jp_f zjY{szA-+95N(P@~1!%X$)Knln0kSV*VzspB>h@QSL*j!uoEJad8i&N=lkTnaMMB^N5Pzf{M;A|v5 z44}ac-RVhBxPl0|n4@yW7ssm$X!=FAn+yozUX(r%<(+=t>hMt_N4M&I#3yL`qd5Cx zmm4O&c|)F-$j6nFea53(dlL=c zHh7G}7QTx?2;{kSU(!1Qf7Ku+gPT{-TEJjmitoJs#9l$m9 zFWHOwyVJj35IK3^(jV~+!~g9|JjsvLRpJ>FU$e3oiaV|WKmLn7zBWe)@DEF8>`$Fw zj_BmSnEL?l+O1gmlf|X%bl#V!*Zw&+^$YTrCsabH%VhbgCi$I5eAV{8$1?y{`;P8; zEKC+W!2C$|(AtPvB0`4(t8f3LCNKcza^JMNiXHqrh@j)C|@BW!J&a6%MIJJV+A2k_{P42jbnh$S%uh*)7fj? z5-lFu+-ht`$(#*7vT`W5)|pa)I6VanfZauCAP9B^a%ny1nrKleVg$OlodcF65)aY(f$ZKNsp zYrWnt&QaJm=zYwuszlSz`+h`R?qr2b*UMXN={5KB=)FIn z&VR9Chv!2%Vk`z$)%;u$2+T2qHD&zasi}l!50Wn>S0P2vn6Pa3W;7a?#LWmrFxG81}q;$yRH0l|EQ=QG4KaWIfyZm3R{*JPCh*- zwxbh2n9wH06Cskv#Q zow%@dXx1mH&dwT*DXPHL;>GLreg~giS=+saIXvcbhj-{lv^64q=Y7}6Gy5^DGU3l( zpkg`cD+{JKQsR=UB;7rOAn&&jlh5bbc1(G?)sgZdhxfro{1z%pIYeKiq22(hrcWM$ z5t>yjWBgvgx?1*`0ByvJ5|dnWzGjTcP$#tTf4ywef{h@0R+xkKJQS`a*jwR-pAhtT zQNc5^O9M|##tbaYaNDF$x>$W5p7HZ@1rWahxO-Qp3hhR@I&6m&pHTbaBv8s zdB>8&6Yq%1C&hj!)RM1Z_iokjX_Qh4cpP;B&}s2r0s&&+r;bv#Mmj@`z~^Zsnuf zzfgIUnt;-f@yPvd8e%&4r+7W!0xAISq29=cqQ$c7GXsBoZe&Jp*5_G|kJ)fi6jj~6 zY(591!iDpR@j1J=pI;a(2-Wx4Y`^S^fhKGFmlPXp1avU6MXpRWkMcvY^3s$luX3#X z>v&Xr+ST&M3L}zcjzaT38m9o!^~~=WB5mxIKMvSc8@~|GEZwhO$?40erFy#7Hf7$( z*v;!>wt@wli)oZ7(@4O$hZ-A2PR$=ih}_Et^PdWpICciAcK^u%EY72~e{eX;^~dU^ zx9>zjR`NMqK{(V4!VsdQ0*=LGzDRmPYATnCpwS98Ot|j0H1S}kSwGxa)S%G&J^L^` zmtPHL_9fcbkC4Ta;=a}?!h(s1Q6dJZd+-r*R!f}=+}e@J-v4@<1bnNFs~W|Bot1ri zuQODqyuINqS1adGS3Qj4bFdT;W_=NlqY|Y8CmRDrn7=gtQQ@>t}^Z8q8M}|T6nmo7~SlH7h!W=q=C-0|S z_DKsA1-K)8kyBN-a>N-OP;%K9$}&z3(zwS-e@548j$y%el=T*0hN{(o`@9c-ihy2q zJ-a{Z9J^td?UAt=&fYT;noZsUNvM|Mbi9A@0AVvENF{)5e+ZlaAR6$kFR&LMQ8W6E z^L!ch!x6#`T9cBm#oO!6es0PKujoM*QkPwLi-D_6=?0@#vLs)pTs51XZDMd#s@0~Yhg9&!{Mtu*c(d7yDHW$fvb&R;J;>gYV`pr8n|d< zyg#Cwk^bU_$5?9E-}aL^EI)x<$S82KeS`3>&2k!*3hI3k!2<;*Ug|e{90Q)xtEdz) zN!CW*K}cH-GyaGT#$w99DXbDf^ zzPuCW@^XQ@{>z`9Hkd5Es#5#?m8-M<_;s#MTyOu>pU;*>YzhGigd*;b*R>Vyz=juHEF| z`Mi-`S37}P+8FD*w;m-@9VK(KZ;#hz{>=2i2~`w=I+v^VTc`aLNFf*O}&DWXA(dwEXAUIi$R5A`6XMdn{j zO1K+yNZ+p^kb;@rPu(Zk%b}%O(zR2xY-adediVIXLmoQAIl))>^LE>c^e5+$GU?@Y zLVNfx8hQ}|@;ipdY1k;m|Dy#D4M@QgY+y|QIA^cr>=k;$j~wd--%$|wG}&`ZFG^%P z1kMKYcPd)ZOL8>SJ(gCM8wg-P&{~|p8OwncTH0@#RyxbM88ZaoCLjWNI2>jAVzdRY zAvE%-&WG0mk}^?zfP!?&BFqW)U9ic6_^LY4ISQ^5@+SvJ0Tk^SKBo~bC&!jnx)|Ye z;EeMs;vEx|kt3!fkk-t-w!2K6-eT-4#>sScqNIF^j2rnxe=0!$5xF?4l-AyfQHW|k z6%WHpZP^bOtS#VXE>e`)(^8qR#-F;?K|sQpeQaZ`p2KyVWiPQ`WUauqLw}L#WY9wM zDt@PH-f~2q)-+J+S{^h$jX84MAm+Ckzzmw?`!(eF7PS0wMM^$>lQtp_a0 zO>7*-q4u_}i|yP_7^ndB54#+~H)4~kTB322^}(-w*CVGw>E4Cy`z91v2~D;<2uQCK zb?^SNuciF4=$q!WIu3Rw6PDBG?HJElI&>r$1RpXw0G>Nvh7WV(A4`IcFWv^SG#G4O ze&V^(Z|k;K9oS(w9xtyZ6JPIv7T{a)gSu$vH}C&isy6QrWHsy`Nm!np%fp9sS^MtW zf*6V9+kKS~EQTN@H95$a50`t3`rh}j7bc7*o?x>```l-m}*i{gHY@Aa9}3qT-dsp<2Ed+g73(%$_btBoikP^8LUFsn+7 z7#_3^fX#g=rQy&5dUv6YQMcs#3l8oMRwtbD59xM3?pNaz-wcfSUUjG6Q=0{(;XZ+2KJ#O*VGi@N|4wDTIGji~eJo}B%So(Arx)FgYex=D=2|BtQOiaNL7*GM za%!IEPq1x{L);-4Y5d}P9rv^KruIm%DE${ToiVtd(8)^o_Wkv_@7c>}TuhU9Vpr*Y z3D)pBXZtv%CBmv3S1^_8qzh7qJee-WM!_@?(z&m*Kgfg;B7-BxKg#sY`=$3Ij@~9| zUOfK`OJw|#O$dZDe?=BAs8o2Y4I2|V>%oP%b?w1Q=9^=)k4d?|qo;8bS|}ba-j$B0 zyUigypiB1KYZt%j=BlUCHaWvFSOS!CFP>bZUMePSW<}g~rz3StkZlslzQj;A9*frC zZR)=LQ#Ou0VLX64V@*}~6dO)&S5v0mp59u0>U5kQ0^OGNULpyNmdD@y~`PW#R&2_w7Goc{G<>iZdfwYMDGCA2|-*zLFJUe(0 zy?v&^)$5TFPDr2Vfjk-MbdB08QhlzZe(#)^S%GfSi`4GV|^X zrBE6-4Y?vG%&|*sy?)vRKgXriTRokY+;mv?gX#77 zVqi~FH=NivY%uqe+NP}gqYDRG?x91^1Alox#x$miD(aHUhkg`C{#H!5<=3r1C@jr) zap8SdpTBW*T)TT!e75~F>H%5T5joQx&H>a1lPC8%$L>Q(lV%w)sO9`;6aYd+ zKoE&c^`#Sdbs!iYpoM0_}d#gJk3{5;=7%x5CpW(iyH9~iR7%=iKed4}8&8iK> zgGLUjMNyJ~agKii*2ge#>!N88P3GP}1L^u=Xv(%`}WCdRhNG!Ntq zh2KtqzB0siN$%;>W*?g}DJ^3@yM++H&)EkxvR7#(@aiED1*}tH8wN zWIGRER!}xy=B~6Tq=XQmdx@~okuZkUqn3Y;)=u&rojdc`H4}_EH2p0hp(KD7N-YOmtKV1>GG_P`tBhG()2ne3 z?khn5xhvoY-qvKR)@6Tt#ZLdVq#Vhs{4x<>Hs6?bfdXPDU1`=9Z^4vj z7>#K1Y50m`bJ8716)YU5@~^NC!=+MveZ>2GS^4F-Rks>c{^0GG@Y!#D zr1DmPMV^_K4p{XG6~Zi>=Rsq>fQ@?QITXK+O}{wX{NRm7gS0SPB=Aa)H{YOc-WP`PCFk7w z$U2}@UbJU2o9ekkMp1JN!xf@+oEx3zw~KcwoN-y0e)iw*1`u_rqdF#ft?*og8xXw| zl`TPxd@c8cZ8K28#jg=taI=g4<4Er{MfoLbWO5w}=)$hWw{jb=oNFV>?$5n-0Frmj zxvVRa^pgT62{Vw<@?&^8$L%03{zU~@X5Mn$ z5k=t9lqbCyOb~?|n(y0}#S}t+o(WhXBLsl0$jqUDAKfQ^7V(U@ z6fkqTI8>%7kR3xcNU&bf84c*tk2ZILGKFHGc8zg&X?X^YqEuV|LSmo#h!mZ1slNZn zL?|%w~$_zV|Q(}?;!13nXepZE4}AP=BS z7L$9sK-w64U@JNiceOpV9zeN%p8OXmJF0I4PeE&&8n;Go-_$kkU?fD?JSzV98+d*D zC8+a2-n%hPSjctu=XWRG(h!jZSM7(g6@gb%@yD~!y*K|ULcR1v%GO{|eud2mMw5mB$<{Y;$q~#W$z#2c%lO# zHpWn515;H3HliSv!g0&sj`h7X9$B{sgM)PgQL0Y{cJ+CZYu0PM!2>>l!=>O;$;yCD zgxeQeL5_CG^Ps&Dd+>{B!z|WMa^dN8tiVjjQfQg@?BHQ7gm`x7WIamua_3O3`^W7a z4n|jHHDkRCGN?XP#T+?=2|>bDNonQF?hQy-{he?SF2fKqgNA-Jq~kF&OhuyhqLxn$ z@!ozBy;EmvY4%$->%6f>J-t8XkXz?bS|}H^*`aoD*^lfKhe#3ITSXF`SlyT-HqRJ{8rHR$~vCVxyw_g%=5#Mv^f!jYkDOD9w`ODrLE`J@R7 zaSzxs+V0zS{zME4mzz8V`_ccvf5{-80;0fYA;Sm1iL(X4K=euIV{!2W?s|Hw0zpF4 z4X48O^?q`XG|jcWroE<4?RIa%3xdil?rF=R?zdV|OyLOFIwVHA-GzT^(pSj&w%7}1 zDLkEJzgRKpI7z=An2YaH_SX5X1~`*XNK-%EACH&zy;j?E^l<2|NIcXb<@aPB05#p6 zq#uW!flwvmxpg%Owkq`jgD-`&iu3UyImwa+%7a#aRaW$h07bvX3jlfuRl$cJZ)k2x zlD&Q02gsb(>qywI)4^gdW5_HI*6dJOU(@?}k-D#qYA=-wv8Mina@e zjE!Ay-QreDQZY89sQSyR%g;ckFC3FFCT-!32{xn<@oRilxeAF7;wm;}9MWu>mKay1 zT2!|g_)?HiY}tmG(NKnlR3VK{XNSzxE@>b_%UMZ){QJs!@zpVArRd@)D(0b@tDM?} z^D!_E#$q4h@1&mU-+n+YhOWJC}2M4Ba1$H(;zlhe^YpaK4Qo zbzz*4WR3+LTOfQtr=`1U6)fm5frHBXqi{kf9NyO{UY>S4&RX6}1!yMma=lykP^|Zn zJT6%pHoKSmec&(Mm(QWJ0;X{}YKru@WU=Vou=varXQ}a9e?)0c!n;{_kGt6D9)zh4 z(;t-YSoiYr3)m7@>-t$Q<2<&nb8s?=pST~lRoCd4?Q32)=#s@E!tV#X%cS1S6)Wy| zfXAbFM)lPy3K7I+>-#(rOKY5)Uv8Rnfvb|u@tInh*K+AudM74zW4)JAIM@$wQw<# zC^R$jnQ4L5(kkJmFJfPMa)db?U}?ev(pUK(aOecvaITT#H@3 zb9(73qLgk(155lFQF7r?=^WPGm!U1zJCqUnv9%Q^=4ASCNuLNvJzkzzQX#Tzn)r!y z`4(f%^XY=#lZmX>>_f}@LAYNE>(~>^VKy|H$K}I26Hnkv2cqAPYZs3Ykln%%NEh@F zJ#ab}SDO9U+6PK&y3)ARrQ&nDJPwq|A^>a}eCaAgIW+NK?aWQ&=Y}+`ddQxZvG3;h z<@M-TQ6E{DW~?tLUhz?*YUEKFKuJmH9}i%1>fSUd`8fDLeJ=HMMgk^}fSQGeg?(btQ@X!KP7e2^b}c;Io}USm z=PLW%vW4?jMtDv4@nXFBO5HEsO0yqV+YS(sWwxyN_Kwd^=3t)adU@GAsWnI#Z%@GZ zBW^44KyP_2OXDLP6}Pj!h{kAnKW6YRh?5nk@B=SfR314LAvjLI0^6Ky#12fJ`zNB% zVsuOwe;8LrF=BkOemPNLO|kpi|5~_*b2|ic)p_39`Q4=j)eAdm`xo}=)`w6rp4I63 z+n?_8Ch_-!Au*xn_N%g);BfCVg(ObjOX72vIc}azd%&$m>`}bk1&9sdC@c@CDikPD z_Fkd-JiYBNlmSV=@jcz8(!6>Px;fM&(YRhFvFCRMcT`S+?hvi zAA1OqJ-{#qP=T#{lJpp4V6TGhO2nmH#NsdW*V}DmI2LYlNPTV!nH{f>C4PZC=2+O= z3vT%u4hMAg5Zy}Y{2;>l=8Dru*)sJSV%mOXRgpe}U|BGde!|ju-1i7|v3D4Rn_ZPg zMjosu9I^N|h1*q--@MUB?uoBl1{U`@-#JHnIGsJA!c17W7HL#4Ofg^YK z%)Z9Xn6~#@ooZ&2fnIUl!ql;473QQ@uC|{u_e;K-;dJY;*N`4ZeC*fV$>fwjKQIe& zZVsMOagh*_c-5sBksQ+-F*Mj6@1QKX&Gg`KOi7gB%ehhSR}00P6f->kC#rV7CX`*4 z7s}Qxcf*BTGk8YK&L4AUeKb)rQtn3#hCZm=FZG$mYP0)Mm z%DqD<=&)34>aZ?kdQ@HvVuGzi$h`Cq5h}?kR3u|;#P>JL`ap9Q1UlbOkYin+CvZ24 zKYGWjc@!`>6=o=5101FDFD?7bp&s*Tp=*Yewkl?Qft?m)3NF-%t*eL|<7*!7B?j{6 zt=wc_nvdPSB&|RlK8QP^nlHxl4XE?kxBCgi7M;n{e&;oGuKWMb7qMk%gIEr8#za{f zA#Oy@82H#2a<68O7)o)|zPc&)-Ym?hHM*WG=4HcCT$AoonPZDa&c;qXTfXSPb^Q>q zh`B$W!#qWRdrR(TbL{>8G z%kd3~!t8>Fi07|SJg^859qg9nDBi>ZAoNS0w$eV)cyMYDc}j_(^V3Gv61orF5AInI z71{Yg54O?T@iD}8qC1oDli!RNu01lL+zt3Pw)^kQ2|otzwc%S*`&CH{@Z*CYPsbfT z_w()m0e_GtnvcmkNYB4cMRRc11Lc+QgD2elAaBb@8xOpH-_Kra!?3PVbtlvP<+Wcp zc3rU$_=#v%DZAPOzV)(*-wWf{bjc?Gq2C#LI264d4%`0uBpK=BSbnj1Om@5}0%u22MH4zJFd9agxEqoxgYCmn+GpWp%S%0^n zh;z&S`~2&+r=dd&Ljm^8k!*q`S02Aui3KPNWOjd(@aM2!7Vu}^EfsIXs5@6GH1?0I z7>UI47lFLqB>m3jrn8Q5GHWk~MmJ3{fPjfk<5b({>Og!7JqfNthhX~Uir%@(mn3{A zh<4hpmh(IEa6uq}3f_Woc{fWhtCz!%q_byz`Qou)Mb6%k%>j`>ZP=&bb?z4^|INSM zT*#BBM{w`oU85Q!Ks1a7MgsHy!#J9x=X`f!Iy=BRe{$`$-bF znD{b4tm5JTPTAj66k3_V;3gfFFY4}EO2%6PkXTBQnES@ZvEf+aPagNS-dR`Cn zF}Z#ts7`Vhpwt_R?NoHpGtgPlo=mNhnd%ka#21dwhTo5|O}bDfS`4drGwrB2eijMm zO>JXIcn3#{V&41CqdiP*j@Abx-8D;-`=X)$zN$)})q`*VTk%?l zg$-&xqx8J`dZG$}2bR9?Crtj0KHNJ~hIBv3Go%?E@nYH(K?E$Ax=tK{eai34A|J4h zP!F&1Z*gO<+!t>*!~?`s`nBEr`L-3~GQ=DpSZZ|GuN5zgI|EktUbLs**m*$5)jhr+ zOJR*BF~)(!?zODl4sr0>u>dkF{^%?>RFZ`Ta9`tJ?Pa-1cirw`K!IO!qu3w5%{M+f z&sWtl_uaoh-uj+qM3^s&+)BBx#mw=A@F9Ad}Q#0~|Fu}sd_Ds4oCi@e#2Jwef=xPLVH5vhh?O7#r(>YC;+Ujc1^(BV$$Q7UC|yp?Po&v@v|#K!_3W zjb&2kz-EMe>`XtvKYS;OUmAx4((N^8yvw4R2xVxB0I1@ocW}3-@*#?e{-T0tdY@G) zb=1f6Z<)0*!9v1trbWy5re6MduL=_+E^E5$i@!`JgaP>-xTz&a8;FxQkOp`2r(lVb z%RhfF;7(ii^^c_U+Ex?@qUbN7Da3|~KoJ8R9F8}uS#(_LLvXCL`^ z7_uI}-Y2lLAY>RJBFySpBR7CIpia_HquEl9V{DjMycPUweMCFSeoH*d7guQaO)TO- zD=n?dnOT(z^r-hYu46@Vytzl4Gek(*nsREj#meO^*k3Dnuy78*3{A(0ai^ncVYBN( zSrqkRP|+9i>%z&!U9s)6-Z0Bwllw1LWj!uLlX+A3?#FCX*iyqWtWxjYesMmJdt+*7 zU5sR;|COF=6CggRkeh`!RMbBq;tWO&bq)%JVS2Di=wBH3c#_npjr#s{t>nY#oZH(j z{@w@DZzw(A`NEmkhGxsT`>(R59cV%4V<3g%rteql*ShX@GLVYN+{@ijZ_5u-;kvQU z<+(wIeJ*TR46U^G@ZYguSOn@HQvUQ=E@CYz&|6VBz!TBUh z$Vb6|+NDlo6)9$Ys<)#icP?i^g0)Qt`ntz5Ma_Xkb0~!j-80?>;v9cVlkH=-jh7Dr%C8)yXBW(-)+*84)z)sZpO0Ry` zA||Le2rU1u3`(lnk@#E{&>KmHHHWbNKJc+Hx8mWlG|QErQ&Z)j{llLYCs7DfW!)X* zyTrA)Cd~@&$nJTf{HeF+N+lnRE${*C8$IfiE|l`zgNX!AH~!Lx#^T$?Ti4IS;Oz_K zvW)8qc(${&T4V<*`6FpSu!si3(z^{eRpTu{*C!z9tqB}%H0)3fbjAm2i ze6Au>zhOa8U~1^XeNIFe^C`|5#fvs1^N9A8;xs9Q^e!HJ|BQdj+0>+`$9bCfWYM2h zoF%vCp6Fhy!}ynMWNZod&)_hc^Gvu`q>!tl)zJ&)KIUr|I4a-d1&^+DwD~+T#*lkU zx3d)~SEG{eU|PkT(K0Og{3(LG!!^Y#CQ9g^0_-gm5Ym_w4sWNvC+E@tH_75byODUQ za{D9LYWqdO-_$}4l;#Oop)(A3Uf+Zs!nr9|sxHZ}f4PyIJc?eA76@6O8 zc9`mO1TR;VRLSTq%6Uikh9jYL^(MTc*!zx^vqq!YM<_NLwvE`d48Ebi_nXE;gZ9Id z_c=h#@{28T3ew&@fAL#CY)Q=yV@qY@-@&*q4YKWzH!`D#mwRA;Fb;*XekG=k+}Em; zZkSxKu!yWI9pMMCyxJ{4K4sOrVWofX*QtmO-)j9rU*3QFjm)&ODqPAJY`*;XaFzgA zun=4DujX(VUh|JGx;wk1=h$i;PK^1(B!W@QF}j|f@u6G+KgUaE+ZkLyCz4aiN4EM_ z>W9B9Mz;sz;R7t>OGws-(d^*%AnOlbtj~b=Kv*_yEmU_ zQWJ|WOu}*T#1mxz!F%s+L9J2984oQO%yZGM5`EBPIJ{-zU=&s#UV2kc@*UzXo{1+0 zpQxDoV4vY}SX8p&lLc4HGMB}l+kTs#s+~tYJ6~Dj-*d{?G!*8<6IMJ8-y1c&(|qMW#;o;D?ge zd`^up=N~3T?dIePFJsvj=kY<-9SV8a$HYuNXO!(|Rh)RJfDnY5?@twpAvlEu2rW@e zt-Ki&C_Szq+?I(J-Y12Q`K&#ydiVtPk}^_BlAVib+xrk^Y^LcCk%az@V%UE!%@h1+ zluy9>Lhubpx@oMmfC^R*LrSEe1jV_1ople~wuFZpq`gtCg0_>O*;EV&|ESBk*ZCL- zDX0vm{uVXDOmW(kv<{3XR9$d`>xE~i*Qdy+XZ656-@<8Mwkj2#iVfGp%gS9|30^3v z@ln`Fo`Q8cD-WAr)>{GICZTGx-)u&IHPU>VDMq(HMekRkL<@JVzoEcxLqSP{*lS|l zJk-a88lM2J#2u&XJ z0|Z-&vwh>!u_B-7CM3r5yJsYT3+h>)^TtYUtW7ORWi>L0MMw5ry{95dwp+``O4|R6LdbLM0>D()GX7W>LJRkAt z`OdqBCWm|Qe5fzFgZ?9S=MFXN?@C$$bQ{;YTUva|j@HaHERU+lmyeMy1^0&XP2W9Qi}x(X zi!MmLL;K`VBe`6-#dptU1ZOy2*2swUU-qr^$J}gIbVg^~``4=~0XmH9{Dig|K>^{> zQ{x$9`My+W9{Hi+BuUaEEN=m4qC%bZj?XhJ;)Ag932mygoF5&jX5NP-c4VYbMg4X; z^Y{S1^sSDTb~;IWoT61&2t;HE73~WUg8W9_cV?jB75B@@YGQao9~>s506T#*x~mYl zUoKE~(lT=M52cao`fgq*IJi4KeF;@suPh2qsPKmJ)eaXxgnP~nJ$d+U7IqUH(GSIx z0~_}#jg_nV(x)wgg?wAGfB*b7BJZ|yVuoILPDnlOVA2hzsOuFBqy9488@(Vm;@SLd z6p?*Mp)Zl5Nr9c2!Ebzd=!_qx0dw^Cn=eAw_)-5>+w4&9b`5gqncJuNHSELDFKn;RjQcZ$+vRNgWLKU^!Rf0pgoM9<2-;}Qw=K(( zH@bUTJ~}?+u%MzHV+kJ$qT4TTo%8$Ke?!uha5JUVBoyzauG&YGw}+R-$e5H5(aFlj z=+R)#7OPd&q3^TA-Hj2H_4+1Rn%iA~z=t;1%r)}u^qy9ye@fiXz9YOPiIbQ6MBbFC z(_-1#{M*M}F4rd&q}C!Q@^$%Woja{pxFg$}AHd=CXtW=P?;eoB1ig!`w}@hXmz4FZ zIa*g*2EGSLp=)2LO+QRPnK-OF;x(My*n>g3ZeVP7ux4WnuGE(tyb&qEyF~g)gF*GD zGF|SigJj=d*28kzLx85^y<_FuY$Db(alMOYn4X6DTswx)V&)LRU?T~1aYIWY)621j ze_T0VS(gv?7d^T4xA_*VeMz5tti-};dgMQou&*mlkhjYuK4FG^*(fE@V33)Py#;G1 zj4Euj#Col?4;q<1MGDh8$q!%EaT(_yQ4#XRC`lv>@kFA{+nqc≀SQF zJG*nQ@9VgKaEZb6Hw4lNQ6}?PJGXrb%;T1k@u04+X$&+t51&%I^<@6|B=%uVOQ^Nt z@e`h|HfS8Q?@UVr3{=Qvcqr0Pkf7IE(au9=@C?H<(H%AUUV6xb8-)P1|CJE_7!8>d zRUT4%G!`b?xRUt~@QM1Yf0ttVSbMxN>z5q8=^q`vx#Hb(Gb$*a4u4UeSD8Rp-#3}J zFJx^wxj}J$R!T)(qE;JJMDu{Gc@CoLgT@rJ&P6u?lB?pkFqYi5OpAM4Gz^j!H9$uX z8&e!oiFC7KzvrtW2+GXi+9Q0d_w@XF69tM>*yIsrx8&KNMKBr;FVa2JM|KYK-~PF4 zu*c|&`&?gG0Fuojk_I+k(ZWPe+tu@SW4+p|}z zlJF$=sulal)!TDK^i^!ReetCp3)p-4(|_6XEsTC_*-`J`#(fPy+Vz7fu>{kH=W@ss zRF~KZq3AV@UH^HsEW!y~>$XQiWbu4E2;UXtrJy0w#XZA>QmgYJMVU!+Gu$7b_gUe< zYS&2^6}Hgrzo4dJ`?01A+79&!W=qYlF5xt5tR6B2=t#GjJ5s6HXTlbg+ye(ID8dc8 za2I}d1q&tm*j}j~p)=6aK0+$Y1w((biXhi>Q*T+0pq)>8=2V!ZYB@#3(#K zw(WR%T}6^2#|tZM53vKx*S=*}?Sz}=ug>i^A^GGntp--vW-(fa%pXNK`Y^GykQ!tH)oUpQ3c665APYjzBbOvzC={SA&y+OAKKTd7} zEoZ8&myP^W5(h?H!4KZil1c&P-5H)MrLfNg9qN%7o4S&B#Z zh%}@|j=P`@`PSjW$G+DaK+2>ko2MZ!qFjF%~K=|vdcKx`J63rK3}_*-S4mH9GT+j@IErp3)Xc8U-ia#;LuNr^DCo02Q0c5 zX&sY40!?%uR&tx&F@y#}bB~9yBZl9&YCa~Br0X`(QwF`k;jqu=_tUR%ZDq=S zVbOSdK#S+b(5l41T8t^06@kZDAyYl62f&2!_zgHQF0b z71%5ndw)Tslz0GzqUIIw9}8j+pR<`=UfBag1QE(7J?v~PyL^BdI9e%AP)`x8&~?H3n2MlTI+Oa1$SmI zD8hr{a=2gdsa7QmP<9|sf$l2YzVM$MH*#F(iIrg*oDH;Kw!UbQEyLQftq7b3`CQpk z82sHOci~B)Kz7I0oBEND@4nzbAiuPYrHj}+f(k>QIOg$NGah+$_H+XoHHBd(1}LBl zcs>33IsmdHZ_ieINUzgLPp+sc!J^R%tmJe-tgGY~Doj~2ydK6#NA-wpOhcJ$8@>do z+K`)HwKr){9*4997o%VN=MW}rK9}LVx(TI!$ZzMKw7d>P_i0AjEL7=}o?3-Gmp`Fw z)|@dP>^sAT095d8H19}jp%Hgq&kr!MdR#}(AE18o>>~nWMNcuz!~!gh2buBx|;eM^$a z3vGHpiw2?-klfZi6RlA02_M4YBgeD(E892e|Bg|k!zO#+nWYD!TJ^J#DycTU>aWDC z36^h96OJ$&(NMlVM-I~lepV{5=Ol>}L$z5xopW)%;n~J~Ck7Q+KQqeG1!bLYBtIJ; zY?F;@dn|wBmSnBxx=&+x?lg`E--|YxnO;BWm6OxlvqWbv{r5pgDL8WF_UU`f0qt9C z)o%@lOL9>6EUQ3Y`12pupH`2H@>Lf%lmo6jk89qV1GFXPN9`WLWbtMVf7eMds7LdP zDe9IBhTt5aOnKZ<6nBoL^FWuoH0*&RzZcNaoB+u|OVNb|7&Mk5v@<%lLK61R&{Dps zww{tF1cMhC)+=5CT;TFMV3`)@on5FHeqOtkSKUEKT!h`u2%#oSc(u)&wYSVuY`^Vqdf}8{XkeHl$tya)|KE4 zG#)3<{;Z0>M;6TtG=ArLb-eKg6Nr+uoErLK#qod{h-r(k2a3qzs|y8zuupx@X~OP zeE^_UF7Mc;9}zN;uFQ8YSfmzMdy{DzE{mx}d-fBnD17b31FEVngXNB|9JWkTxxqe3 ztbKc$TGoiTd@&!63+;&>mHXB!2u1XRI@7G459jG15u=+Lr{#qHv(P7R5?anR?Ot6I z<^4ApxDF{T#WC=wDeIlST!W|BL&vMc(6rxKZN|e`Z(Gfpql#~(8`%8KI&+{ z&}>bz`;CYCoB{jX?IkyEWxvoJ*2gap_055tJf)NC3651pdK?^^lW7{>kHQ&NKuP-q z{|f5B<1R~3@^<@r%}?~z7QTM2(dm3h1$0%{Y0#qR!6y$< zNGD+dR*sQ%pV5PN`UxCz6TJCGtI)Jq0e!f^HFjT_pFQ<$Yw>fBXYu;Z3RE1rVPjA9 z%0G#S8rYJd7-7Cd=d_iJpLTKN>71X6#5=!IT7ZsuoUW(0%n}+q-4Gk2Ps?hSf!dg? zx?|HwT6ap3+2b+@5+z(O(98}$dF1cKop?{*RR5ZBW}s9h8=nQ{Bh%inr<>Bx|8Wed-#(THMU(s3ZqUF8$7NwWV_36ZdJ3x+ zDa^s;0R`5ok7IQL+Mf^3Z9lceBX01z;NqT@>+_YbA@DeP;L`tY50p)k6D=FoSptv# zK^=}7ELrj%=N6RYzN@K2e6|Zkey`1Lz=2{me1=B}u0C&1_`;3Bm&^NcX#)Q24-d3D z1bEW%$No_RBw*@!^h3KZ;5^JVv(9P{?#LQ5)bNopQ;2-G`m^;p3Wvd~g`0I`5x8Qs4~@&&e!Eu2?Q^=`M#GEd@EtEblI`;APj$=9 zgKVXf>_@0AY51HJZ))Gs6WO}8m@(sMOmr2JuXEEbEyXxA4!YlZtO5F&hk#G@2$tHm zkY?!qAjo6jiY(er-P{Y%H*1d6vN+h$6b9 zt)G0b;mfY51cCI;efC}qt(|U0a0-gmgh50^tFR3w(E$d8)*X13Q|Ybhe7o>1by94h z9Wwej8A~2ipcllznjHM*yoYYNaUIL@XogRigRQV!d}*QhIWW9%MFVc2LicfB-OY)= zqT2oO!-`{C-0E>(NN+WHV4h6}Lz_mqcb_J;>?p98qoi5Am+oi)1-RjGbEcIF2zOs! zz;F9@2V!5EMNF@I`-Lb|T~!cnsRO*UUL}1Ni@r1X4_OBS|18$SB;)u-CPSfyZ}!=Smfg<( ze0+Fj;-^JGGJd=+EE??B?eX}^qxS#}2E8EM6~Uoyh9IF4zpz=D$Kk}ET5O4!bX*g= z?w+rEkjd@qr|NLeFsAWsz%aF#o#=dS+?#wo^~XkdO?aL3vz!5W*(&{TCSONGg1P1C z3No^?)P(kt-{b9Jw^#0>XmCZJig%J@cdFc>?2MIjxOT?hN&RMz3i&t^M#eLHrL>}PIa9*(5 zFD=p;oekQjJ6WYnNI0JKg`Bd(^VSpSDHP%rlJRV#eE9kO+mm^ThNBLf;tv)Bq`nz%`GqIAPYA<=ao!`-s zk)>OVj6Is)9#`i*t`mK*efEbIaZ8FSW}?DYA~6ge>J^FG(}Vt9ZUOR^NzzS{`-Wo? z{Hm$AhKB;pko)z5-NkW}06D4g!$lC|@!^axI>dDp@4xIQxi9cX*W&$xo|cpc|19ru zoBHt|198PbRfKaspB_0O%7Yo4!;`x0A=ns^=m9|BHNrH(f`!V7R#1!C7AzS`Fz$w< z3Rk%=7bsnNhBusaQ9@=IsK~gq{wEMNrMENFdbt-KM z`ykkU2DQJ|m!vzykp~GX2=1~&Qrgy@fq3G!LH=Q>Ll8&b9L9bdLASrxWIuXA;`))> z=-B+lBl4$r1%gE@;Y3RZuWca1eSm{k2?Wi!HA(@25l9^Dw5706DMo9hzg$~B&CRri z$K!P(Lv%cnVEuVn^m@O*-(`;PKh_^it@M@W#bd{_#B7}Gbz^O+Fy@uVd8jmitHa;6 zlZYV-`*3<~KdvB#P@KOcM6^UQnFU0%Z)jDOlP7mw*9k5-5iupQ|cxntn(~YH-0tTfpS?|nOvJ7~9 zxHX@P#wg5WB%vHH>+|{%zotzE+emyhxWuPEcZA)}xsSaBIvY6%u4k>GnKe6ym#8LT zm$#jM$GCb*c7~=9!&g%fgYcTcyC@24s4gM0Y@W3y`_(gF4=h3Z6=nCmY53ld1AvTo zzR56$#|`b@(-!-$_Khv^R7iJz97j4!E~?YDszQ{^*DOBK+(|n8jhyri%`1>!bE@3d`OEM{Z|oF?fKsy? z=HA=)#KV8JT5rxFxP<$jUW7CNC1l1zsKeZ-x$sfCsbkq+4Tw$-psLdzz$j3gpEu>U zHqJrD;Gd0-CeN!*pe*y(W&@S75$f&sP}?IxR8=aQzrZ){`^r%2x-;K$#f_@N6i={- ziI05Dhwk=9+vOE~haC{=mCihqGbqTJd3{;|`m5g~VI;MCLvwH)f49n`$v$o$zR`U7 zpME_U+V8eelcWWSY1Hra$Bp~NZ%@f}_}SNprOQv)ZdN^`*X3}st1A;ag12Xhi9O#C z{hHi*^GCxux?ZF4fCEEjFuLiDV1u6j^>WO>2f#m-+#k zn*1K$$n3J#EPwa}GmyniL-p4HMhmtVg~z+gMkj_lE4-J=+SobW^Xth2Hg zCjn;XC$MhF08wr!E>Svou^bZHR&y4djB4WoWSMN6-f^x9I_)rzV`u$bTchne9XV3w z=6Bh8n?}<(=ViJ2C$wl_q|qRQ<}_W4GEB5kKD$2?vPDu?;&qRPh3`#hns2_o#zUy7 zRmwFjTy9@mkIj*20P0$kh5gl-IeCK;Nw?cwF}P!ZGPXej$}1V?V`9VjqRsf=N$`Jg zxi>#hHExNMHBT@u@_*%Pj8^nGQ3SO<0AxKdKh|up8G@9sY(IZF@_bO(_Ot}8H(tMO z*6+rP5uAmpu+&o$eT_`og6TenPk1&j2Bi3A*r&utzS;rWx zoI~o64=rZ-6y%m4?T6{B-e*C)FdPJq8&hdb)iDXd$!J;q{{Z`^Cs8rFMSoa7#|fe1 z*`6c+eGkg-ieK+SFhzNqmT>%JRY(?lA_-9%TUF1ZTTJ|PAvZ=ow)~-d`R_2{Q^xwF z-S?#5hWaWsndR$e_)BF&pk@P@+KvRMyL!5&Dcs(Kr;wty4$c#mlWYa&xa@cZo_&1m zOGT0$4p-%@$i^A_GtXi#&n2$C8`8xK$oKj05mHiO65rLZYmo8X%c9!fm&E}l|5%hu zu#cQlfoGIZ=kZm20djYC7syJG`+quzj`io!lw|cA^`+62vqLr$aX(+~`}{o5ZMDDs zD;!P#j^l1V6uw?Um*#v1DqSjR?^@4zjODZ!#$%SY3CXrKu{Tr`*XX_#q2Y0>c^UUB zPQjx!U}Ns1K#NZ?D}6AIl6(k7&KOlNF=Eoc!Z+l!3D8552kpsO@N8?SWZ(PWbWRRA zQ%b|BMY;As(tdqCfqw9^AK%BgUiihz;x;hnADWWHvj_B-VT(?U*6sKCvL}0VNxtkF zE#Y z{o+X5qmTN18SRKW9zzodA3e2E#EYy*{Ijygjg-@@a^P>!0Q6OgzY+gsA-cNFRauTm9_<9>k+K%}265 zQVZE!SBr7L6sznqJ&#L>J^_X?RR;VGt03YrsFqvuIe(ySz2y9fI|*6t+chI_kmOXTe|*M~=)EU0+DiC%Oigo*6A)Q2oNx(#@VrH{ zmi4n^RZtxq!y&sSBe8b`%}jWQXjafFptF ze`}r(y)D-Ywx)jtdG8J|80vKS39GjKjS=xEE)#wwl{77ahzPUGs}DIdyyL#q24c5R0M`aX+R*|8(a7T7mt1*L}~EP4BY%-ou4M8X!@rA|P^?S`ATGM!V6QO2qBZ6e|2vW8 z`6D=h_cJhk<5VHOkc4sLqT~9ah+C(2FZeFvq8@1|Lyw?Lw5rb~=4mp*g}wq`6WU9e zr3^Aj*GH+J!xag4h4#+XI`kN$U>=ftlyj+4_1PunvwAV&ehs;zfUh%w8XRaCOC?|o#%6$)6+IwxihMK z&khJ}a_HMm4;mOnXY^Z>T^^GSdXKA1y#!d`6~>6p=%VwV*LwY${K*On=XB6-?iZ40 zsNl`Ugxjo}PCzK%OSgTRI3pu=FUR6csld%FsQ z#zM}P2yc|6ABm28(?qYpZg3zh{Au)g&M9pEyt}{+JjyVNj4h3Nr9Tf-xDniXQ?jey z^T|_S$@=m|n>z>lWfu+-y4*djDABzfmAOaC-l`cQCGC52i`$)mk4|ZN;;Z8-pM$@G zaaeo?zBU_Fi~c=06T>h^{p33jD9th@YrdCz3#LBK;ExruM*G|zeCLUZ{Z|cD1zK^` zg+)+ar@uULjgOSd>J<>Fm3VmKgCl||*^?ZyH4~ip8P()VJ|OPkjzng{Sm5ndZsm85 zINP;u@b4o(pjr4^9=0A<1GjSaIK7h9U&_W7kJk=$19U&HsR6v+$FjcPVIcN&T4Xix&nW2IMZ|W+F?uTbxy8Q=Avo~`$h94VcEzm!40~^_L zfuJ?v%RQ*Xs1-kO9FSCLEs>do?&`1o6C%T&KIRL$hmlaXBJqm*F$bXV_LarSR|6^HlU#O3TW<40gPTpy*k7#10!({`V-$>d+v zYY}BT&q$VaO{tBDMsFX<`EyYc^H){p@ya~k4T-)|;^_x3$Nez+XCcL@_~RQrKc98; zaav!)n4pwrAU_V*OJ-oLSvAZE%D#h92u22kqWvuBkO3~)*S>l9K{u%?GjBjp*d4~Bd`z^=IMcqEKYDpTIl`gRDRSF zJ%N{n`^sKt3Olu}A<8(gzteo~lh@lp9*^9u!W7Ku+G7k^zkXe0dtb>?WBXjf<>zgm za{*wnrS?&0U+yoqD)#`Sfq`-n>1Q2-Ui^~AEvt~)x>r-)c>@I)>aSs`{Qd)1Aj95( zAYxl#5=_MaZjSDJ*(c>a5u%Km1n?GW#n2L{;2Gci{1tCNtRzo5{p2LQU#5|W@c*kS z5;Pt7mX758d|bnzG=hkzE^fWg9R<=K`$t$O*s62Cpx=H@X(QIX9`;ND{&7WlJTR|{ z)OmQUsm)iir;k^NpZR6l!Wv_{Ika{2eCGKU6&-C$uLDpXvD?L^FZHZ?G!|XNo@4n9}kDJ!O7x6cHN|*+s z&4w3{WkB{i{GlEaOMmYlz_pYI+kFiC?)a{}BbyXsR6;=B?t(b9MhN&Md!H1pB{~f6 zlZO6%)&1Ed^OD#QkE`=|;NB9S z$|PF_9nNMaNSPZ-_rQviBEI1+_tHfgXEupRloaXOnd$VY9<*Cf zN%iyiD=fEr7{GQWEkVJD^OmMt4U9%JAtY2Dh1Y0d-xm0OQibip4f-xr(4SgCFoAVx zf3SXr%ZL5-!V3~a?s-5j6s(2uvi5M9>c=bb!MaS!9EB&W+p&{kTq;2`+{%520T}N4 zQ2MP|4UeCN9Ha;V8>rC?qT?}VaF^nuI!BK>1W4ki^$Qih3HL-7E>$mlOVtuI8wrr5 z-B?KcVkAFjvo@*REe$1Y?4C@fvXlyuc1ej;)T z7Uu`^P+9g!^xVM>AOi5H7;aGxr7bZsM}KDi zK4;rsNZ5sB&V!ZY z`DnlaF2!JD?@Mq@BC~dw!3Dd7#_-35pqAumCG+SuFMj83ZYV5g|c+$}yIBK&;wc#5^+LQeY za3r)g3{d~5)tAg&1j(62NSVzc8lWVtovtkZav|2uA z=0axeWpH8&h=zuJHT@~1eBxW(zJ&Q@e=lxxt8~S>$9s1#yEJ={{Y(xufOKso=3FHH-i~QA;0lu@lb8! z_4|Kh7|nj>*0TfO6CBU$2RoPV;@<9}lZ+lf-qlhu(taf}{-_Q21!wlxxYk z=dAvom%ug*OH-OJff0nH~_xYQX0L;$JjwNg>**OxOTi}A#dm> z(l|cG4_;;Y8@B%MHe1K#c!M)|=TieYKmN*{dhlf->w@~=OVp<<<6ZZX<$k0O?kD=> zYzi6f?dyVdzRywL{1`q*bbOEddb3}#VCh{KU-vofs%8fJ=!|*(g-Xi6Cn7}x`2F%| zTc?wrRPr!Ccln5BUA>SOQ<{h_C%)E}^k@wx?}2+nN?vb$@T23ZZyxi)P}fQ+_%~g= zzqehnh2hj(PWmA@l<`4wUFWFbm)?)j?yvCue^M~P-G)bWRWNfgBRf1SuHHHQzM{?Q#x;BRPgE3tVIrPMb2@C(W#Vt*Uy2(j@9DsLWFroT$#Ia1Y-(mQ{ayC~q#DF$mfht@sB9Xps9mBlzYoO&!VPS6DPmZ~NzjCMx{j?yK=O;=h^$qL=4j z|A-&%$oz$#PwmSHDYOPojFg6Xs2u>STe`E)4kglPBC&K4plBm2IeafrjJowhaCJC zfcbe+5P7PG2M52OWGpWCa=$2NinHB)Ys+D_ReTyBkjS#9W_~;gOzUuc?Sv;!cMion z`|^Q~iPE5q;>Z*3seON3RwegqSmd+HU6T2dA&Sa(bT@vfa;L~Hp^A~iaSu=6n}@qu zK31QakkK{H?UByLJ+iOl@T^HyUrN^nX=^D^Lo&DyZp5CPX!kdsuknxGkLmZnkf$Wa zzDZoZB3YtUD1b2sK`2d5lzwRGE(mA82{K5w^A0{Z7-gHRi5RaeCpBkR+25--6p>T> z(bqDT6a|3_!#%LT9~L<-7TT{i0Kn~iD12%G9p-w6Ol;B<`*q%@Nvz_r5dO_bh*H_FfHXLI*Qqr9-Vn|?R3vNav4l1 z@vTYjXL8(;APVJtl6l{)RKfYpmtGxGr=m}dCTzpoBFPEh%hu(WZ67Ky)l-*U$_5Sz zm&;e>efj~xAr2B&L392qAwHn9GxG{v}Ee7}7`u2qc$IIT4c_v0qx7=1JzP zlj5@`k)p*J1Y)cnLF%?ll3vsHNx~)=IAXDw@v%WLC(^}heZa=M7od9=9lJLcOurs* zod<4IaZHNR$fEF8%ERHFRK3Dl(aTTKtFd|b2swQ&p5+imGA~K$i01U*Zku5eOsGWn zeP}s?L8@j1lT^dGyK;W>g#@@#;SHSQ@4Z&iju976e*6N-e-E~xnF9iqadBSX*DHhX z&3ucOjY-wWB0UdKMng`+HWs(_zZd17~!q9FCB%mEK>4`yxHc#%}YM)463OG5oAo0E_pj-HuG}%$HIR zo8&kUhw4}-5b`HyN7z4Yv=0Q~76QR`MfPG@65RmjJ-7bWctBcg;tOq^#RQ}Js#_g) zafUdRRpk(K1Z?1489x_3aCyemEJYlRp!xY z?B+=%2N%udLpOqNwan^+OHkdhsPNs@RYjDyWutF?eP@2?Acash7)_Dm`QU~X`g0t+ z0dWjR@mM{8m4o$@--G1j_U}!dY{8@p0%H3MSaG}bx>^6`wW5KZ0OX+m+0$c5Y_Dw19M|;82U=TPfM@Mr1Z7FY_0K* z!uSjbW7Vin%{myTYSy;(jz0$L$oG8iF8WfA<$*wB>pmfU;3f4<8!vz7NF1qP<`xGc zkbmhO_<)OcY2NWma%T%`A5s{KVx`f2&od1u?cb7%!3u`MtWW#Cz_6vmGrFecQhqtA zY9gT+mF<(Es9dKMuwbzlKKRMLKv@ATIj>?DPwT8MG^yXe z#?&)SC~1EC3SzPoTF%S6AHsT}6{g|#!H^sH=roPEP?!R5{C*P|hwk{=Ocwqj7?GKu zedLfIt)V%x+m}UN<5k8>lElj;@_~jt!5{U?t`j*~@N0D;is!;HKQ^!(#=!uXfiD!k zk@{86es- zYJ0+DHv*G6h+Dbkd}zXG>;9-5J6avC`Xe$SURuijUeNfc*y2xIQDohA0FDeviK1ll z%ln$_5l?XX`0_hWq~gVO^XFMHsqYb3l$my{Pw%C8l@Js zkgoa{d-V$IB~(HD-8?zgK8@4YItYRA0wkw^j}7f$6D2y=7Or~pDa;CAns3s%w_xN# ze1Ua`9YR7~pD%KMOa3*{;@BQ^BO^-7{ZY*X2rPptw z&#e^-b&x_57WP+t!iKN&WeJHl>M(eY^W{=B<5)N6wy7k|X3i1k(~#KJ6L!UfRC+*8 z`7<2rgVh$;#BR6mA*p*?QqB^83fw!Foa)T+@mFc_D6AXu&N!|)B?Bcpdjuq0n&tbx zjuVIhXvKMAVyek7|4sX)3#MCcqrQ_49I}`CVsPFoKLRw6=IBYU(}u71wL6~JA!2b| zB=4SHAI|&6+Ca6N$IuU_3r-o;j!;>KJgQR@36JnXSM1>qfRK>!$K-w6EjyToT|&jV zUPmkxzu%86Vmv+;!&ATkvPYlQA&^gax#e&n1z>siU}0mvT+coq9LxB7;Qhb?2+$@) z;|n*e_5R{mrUdnROLJ|_wJm|Snez%Xn77q8<%-9Xg^m*c@LgY0KYm9Q_5}|6?sLCg z>$^mu$RFfhg^vYpW-Stz@eR)JWp`9HF8CH9_!0{PmL>ZvUL=FpjfC&1in(=7l&#q( z{1?(Srt7+~IP6hZM1C*25csbQe~OB6>4DQz_$iujliQSM3G4kDbqpV(YJQe}ydJ{D zmb%W?4oPKP&dz)W|M`YCCr| zJZly`#8hZZ!}lz>uBWtEvHKZ?B*ZS_`i+M7ZSZ`fR3C>z_)sv~v$UsFE#Z~a(T~m{ zDB35jx*W-d`0IW^!WLVg9h+IP7Sn=)|2Q2@TShCk?zfZU1ZV;I{OpG-?6bcp9}#9P z^W}DbAK9YgjZL!opvGj4!^rvobrdPlMBxZ?tHP4TLHa6~z%4&Ql z#&jBEs@JPKb`~F_cxm9IX}B4FXNTV3Ho762yYAuE6k|*g1^-Bk6EiZQx~|xocvR`$;?tNa*8NOV z_K&3N+EP^8qQ4|b;8CJTkc{#s3QCe7`RjX9eMjBXRR%=ZVTBoFK+4+N)c5+mk-K$x zEZ%XS);dg(E436a$J4%6?Rt)AefBd~#g`se6P=3Jcj^u&+ITtf@-^S{hY_cP=zwbQ zrA#}v#&;{12LragWw6ho5ApnYyl&r7%f4i%LnOGNxGv;dgy7t5V*tGk&@b3O-5ylJ z-aJS%C;3`UD6Aq8 z|32-wY+c~W6e4-%L`ito7UlfzN5MsRkYHuIF=D7+YY&FvP=@cjV`E0B+ zFZhpCIscUJQTwXpVv|N3BHASXEW%1q-uBr-6pySo#vk@l@SQp+CzQ`gy&zE%;FOL& z{s@68vug-ezm>;~JMKs#kz_um?ajPPy9`O8rOY;#}D|s2T=um)hY4Q_(1%VU+XLH~PQi>c1P6aHAAIsweE|=Jt9~fdr?|S%9w9b7!U*q5RV3TUA?9Mz z0iUuFaW{;UE8Svn4~T~S(_zVsG?TomGF(~bM#}b|Nx^2*a(oiT>xVgY?$0)UQ%oD^ zNv^$&4tTOaf^aH9cT+)P!d2T$(2WEbd)}=i2u(DAKl{S#?K=%Ux^wF=1Y4X#dlCx& zX1O1qmWSrxwbab}pYi;eS>XZ$O!`Gb^_o!|rpeIG;*3N)$}Hh=A>z<@-!DoI$NlR_ zq940L84`cO1HpZMd5+_aI3pDDdjCmHvhpZ9AL&;()R6!*m~`*u=}J)cmkv=dW~A+! zLIyoMp2At+kLW%8PDH5(&fq{{DgB=B_ZF5IZ}ULz!)ZNHWywT>NNrMvAvWfY3-0Z9 zfZflxy0hW*QTXyDJed5Hbp_CpQh+E#*&_7^eM|~?p%%8MRt9kFX!p%cyx4%6)e^r7 z^Q488HXg@)AnqyG=QO7NvCSLmV;P?^enE*89)FR^1lDnYz|X@mmH_}GXu!3a;w#Dn zqO22YMyRpY=T~vamdA1R-0^!I2(caI8=t>)b~);R`%TzCFL%cq<5{=|CWQezRJK11k^}{!wLX}{ZjT>F`4Y|tQ>D$ z-Nh%(iEWU+E2o3m0UG#Zr|lhT+r#j8!4S*OV&AXpw!<2f!%ejsLP@NcmGw;}MX@|@ zi^*pL*E;R-y~q!upWncNFpazx4NDZ{!agoE2hj_>{|5*)T4nrg^S>7V(Xm-A1fK-Q z`Qyv|wDrm0d`e|SCecnEhzP2Hw+T)NLen@dWBic5{Zb!8G9`*dv`Ntjk6vre0n#_2 zOR@y?QFAKlh|G@2cpmT@BA68JoH9|>&D zz%J4y!S)T7JY1{&a&@<#ia19AGm}jqeG+NLx3z7ziL3djXHNck8hSAu6zQ^(y4pY2 z*m!za%LLOe;cEG&LNFbpaL2g_>4knX&V^4hbMtVyi;)^mE_3Ya#)Sz=t<0D5_Pg#Q zu(dh>D7K3of4JWGybjz3*w~*GZ%mLx>@Jh5RBM7_U4Jy>Jrr{XCKG@63t_>boTHEL zJyihU+G&Yaa<;376-BtG#(A~kaTXkEa0E&ZEpniI(1&|bJeIeM5bVnyO}_ks`DAD0 zOlPlMxtzN}t)i^88+lWQ{tK&?{UeROi1%%@PF|O*Sg$5?GhuK?d7rD-(c18fi9JHc z)-hfTdJ}bZK*}8i`l!}9r}j2~cQJb8kNj$)9JW2)+qtZxo}eT(JT3%;Kw|4VDG9mj zItVaxQ`up!JR`fm(~ifYf+~E1ACb{C-+I3%F*ab6U8gEgGOMJY_vfG6o3cke5T4fQ z{29;q{g9WAkp4CUbz|Z|zp8+Tne7Qk3S50Sh8ZaGV{udnVd@|Bv>H>kB(@1IdSBZD zKhF*X;J^C#Ng{-O)LB(})7u#{imhhU?Cavk`hFKG*q4xA4wu0FHLqxUbC5W@08pBA zaw2Y<_W_=z`!;iQX{&L7JaTc{n#*(^niA0kF8eE*{> z%W^{|=AZMGM%(R3K0#CmO=R|M-K`wDfE z#y7OXsaSA-R{R>D4Eb&PVo1@yqiu_bnAA2u$?wPkv3Vl`|Mw#R8xvoUlme51FWP39 ztAwJe8EU}HaKBFb{DG||VER8KaY`M&$@6RUIS%=>Vo@|i_(Xpy4iT!d`ct}c#A9XP zWdS*A3{pixXd?vQ{Brk9>Q+`j%|!_whe6T{)wHE?Uwb8C-xKzKgC}hgH7tZKA0dyW zsJ>Tr^4>nrkvY385}9M0!RdqDMIUJ|ONP{alw@8Mp>QXkq%m~o8igwnR8@RP_)E|6 z-T+0VR~XR0)8Rf?Ou=Rg1j!{%ttRywnQ^bWVINEBZ|arcCT7j{Z-qcl zaaYvuY+A5d*$kEMz(5_*V-vBf_BFs8@A&T&_~s25e_~w7p?+vkXAu_R2=!Ksn7A$uhzk_MF9d+)8Go+Bn8GBlCC%JhPPDBNC0i%6c~z8SxG zR_^DXvc60{xt`*|% zJtaO)xQ#cDGWJf5p%6D?3HA}@EXFYF{c0=Q3zew1u%{L)|8t5z9OM;w_!cEy6YWYcf zZ!qy@IQ6_2uG!^Hu$l7w_>`2tRW4rx)7g`*-~2AgDyHbN^zIikz_cYt{&JtVe7B>l zrtvqoIEiigQrG<>k7QPT+7T=~f}r~NP3^I)#}}tfYxhgiAgvsH%t7u{~WYt^R!9 zq56pzmWoNzAOf*;v1qne4mr&83f(zRwh$DBpKI&4=KY4;Z}ZVT*i{|Ia_ydY@2e}T zMSSQ{zK`syY_yYxj@*^Q3qP5xbCpEzq0#WR?s$kuHE+KMo*?>}zQxC$Gu3H7y=!rU zRz|$<2ZxY4k5m|ww+mk@PEYu(pgJPuof}^;zK2W`WOc~j+aig@U$L3HC0{6=7!bH(AJJ75{3*qjOmic2JMoa8qM`n;xOol z;LMege3~b%-(BbS?|E$Lj!uSa8X>0H&uhH4lzLA1FZ9RuzhQI{{gBo}?_2h|ic!U| zgBNHHy|%ypBxht*6#->J|K@`yvDU-2dFg!(hkO1IntjX|S7&tWn4jSI0sRTw3xSM= z_6-x%%d?n_a8GxsV{(MlkFkB(u>-tSGNI`wzxI%8++QFBLrBP;w<|q_%M1&FNpRn= zb>3szEq_SzZ~bBI5e#P&sxP~}9N-P7*RVhDXV23of?=WWBrFdlM)Fk34K!_RID?$c zEx0HgM-K0}5kgdSUw@{O2u+lqbEdey{*LK|x*rs5hj~HE`7jsn_Wg2t9D5|cS1i)P z#2hyzaF&CL8pXC!H{&Q;tUQTu-P&rpJ;hK_KD8?xtUs%S%P&Bnk)ad;-Hc-)tgKL% zox=5z3v*of+}_1#jfhu6UZc3Iwse}h$Y-K`*dCyJ=)d3R@O$)J8k;6aK48awDe5^D zw}@F*9DSa?`&{xyAa9Ffa&Pm;?I1_5(Q3@^?QuL%C2{;n^9o#!wAT^u_mE`N`r1Ry z(O|^uX|bTHW?$qv-w(w4ozo52{J}+GZ_o%jy?hPUFn9nAx(E6ey1K=3;xs!QSRnT) zr$Gk8yau3QPN+rS?u?yMN2HF*ovge&4BGS7^{5^@VWCJd@<$Cl@b2do0-b@vD0tpkvX1kcf}@u z;jQ`l?ZMdlqqpRK-|BOqrX*iH3}WUl3@yAF=^oUy>Rg%JG%ei~_ZaJl9{rGx`zhup z#>GtRLdrZ(1N_lB*F3xKZ;Zki1{e*Ym$v`l1F|>F=UrPQ0gV^D@6S7-5kKwgyzkLB z?Kp;K^L2lZ+O%vZ7ADo8Gl+N&4hDVRK(TGOb5#MQdlXH6;R8}*eRZ7Q-qnYCpI)wH zPD8b?a$^~xRm1OVN2lF@$x|=s?GCQ&OpDwk?nCx)t#3T~w>Ma{toG}S!U@PtI1T)m zmPjryxy)}_ghVZORc$Ul`YxlPn9!z>oSIOeraO-zffyn&q*M!Ia zPd|;F2H-J0R__po2~YoZ)twq-N*FIEM5A78Kz8c^Dl2QoT9OZ=pWq_eKeqj`8<*Wh ziV!C^XSz=@H^D_$UF5_uYpSh&3T)jqeeU%%)P0jmCo~To`J^ePpUv;XeiGB?A|b*N zh!>i@jw{N7QkjN#nmYncAOQ;M3In^I0RK92zIN81*4Fqs;5`&4g&@_&MU>C3`fKSi zohV|F;E!x!_;;tAErF;t@zOPt+~@6}N2eq7dl>-OvQq6=!BeM7xDf;UdH_;MxXb%_JWGkZ)aY7_<64A6_qaS?F0UB#L1eoU2JI|~ zMAsS4y*jg(OU_XF4bgoDbZm%Ixx)e>=zgh^Yy7-?d~%=4kyI5j6r#f{s7E)KN;s4)^vQ|a;cgJL>a=#TCYR+R<7r7&?_oX`}c%G%0Ia|)}PvsAOPKz5o%^{^4I&oNZ?;w_~P0bn(6?OZM8let8P-=!kSMA&=S z`y@QPif(=tnS6cShT!Uvt=6U$1#3^0J_G)qe$Y`&E{Q&Z3MzmFhf;iyF3)mJRISHL71==K3;TL zhao)PbN`q;oj$2nH%5+5=2XolQ|vxlkARs&{n@9eqra#{U2Y6KJ8^r(1xojxrf%Em zP(Fs~A=O`-!nDTWE*HCU@u~QgO2V)1bjORPHi!05QlIbHH>i{wn5Qt521_R+m`y4$ zvF!Twuk>drhki;g+cvc z$e;7$KXfGSGy_3@)U3ou{hx7h45`5FMEWfh*qD55V!vn-XRd!12LZxVwP6PVPHY8T zxuh}2!0T>h+`5nRMlK6~ZeeI-BSKvD>_Uuk5k33!rA%mGnK?8@VLTHuUweV=j>zEh zL6XN6C-X4P?WO+<2BINsq_LRc)iY56~iQ znr6Sfv#}jg{clIG=&Nt`*SZ3Fk^iXZu&8FYAz>-I$ zJZM+7Cr);FVhpf=y{}yPGFSPH4IOV)xD@GEe?uxy!<37KB4x@5|GS~AtpzuB1NubK zy&h7&I2q}T1~h{ZzkThKU??+1fg^|b0k;VwM%beWbP*<*(2TKEu1`H`8+Mu_^YoB3;=Q?R3O_e1c$zlsJIuMiHd@o+ z@G1+%V?-X7-YWF#(6fy}iia6%%M$m>%X_^20%U|IDO=U!5!uH(4J~@c)d5-OH!SH+ z3cCR*Z0ZNC-DHWA*3)njd*=dp;oRU0g|F8KUHqLH*{d6_SYol6Bk>t zsZ-V_%6k+4a?SDY93=PpNuxSBQRfq%r9;UikV-ml zJT?wvP@Qj;4*9mP|Jbg$=RJReU$*aLtJ%ji|f#j9?^_GNw9$rzJt%&deJ=RoTO9(GgVG4||lG*PvT1c;o z*EjtWC$=94FfXredcQ3<`JS?W83++-$7|u6wf6|VMjbs@oT_?gPh}JJvGrF{ zX!_R$aQ(54hU}f^x$&}r%a{;jqWE=^2TGpfCg%TKSm17&jrwr6j#MwbZ$Vhk06QI+ z;rip819T@o6NDeI-srMlESznu1iwgtjE#W0**}z|AK*QD`^1pgS z@Lr|ERV@J*(aHfd<&~W5lzYGF8Z$s`nUw7dM8kP@>N&mC)PR7gVMP= zLTdiH-;RcXw)~b}4;hp-2L`W(JW;>)SGq5LXK-8NeQ)wD$QI#WgerpZ8Q&hqj)}1; z&oOI`cr4NEpFqudF_*)dFSm358Oi{pCk#KM z6flXz;gUOn+SyZSbud#^4o0nL^$PQ!enn^sU`86;S#1!?r$p4b{GJjLu0ur&SxA}P zZ@cJ1qVzH|OOFQ0hW^LnJN#&4nDandKDJ4*4!W(^mrC!&12Bg0-{St`9^FaU%PGb= zh=OOrNAc;#zFqSZx9Z@JALg;0c@bqeVUyD&Uhcwu`{d}yJwPrk6&g0m6u<8aDY>A0 z*8d)U^H7EGb-YAn-B2rJ7LW6Ny2YO4d9Ti0HyQq1gt~{J_&FuLj-Y`&hgN#eX3guQ z=5XZ(Uy$gwK6g^B-r461mH7I&pEI}i7ne7N$mkadb@e=QgR}oCvthqMwxYpmmyMZ| ze-|K#VS>(B;~HAf2WF4(z$4@6$RXGB-eD*nFSPh*k%|fqVOUpPd13(o1l%eR5)z*` zv(Z;Cy*yewek|AM9-hB~tQU_`q*(wr(_#8TS7O*#`Y9^!t_AnFDs?4?yWjT+^vn|q zhp&zg=vM7r>0_%MvQN&YXuQdEC0Px)yQ39>UV_+Q+XiY!i6ry=KqD^Xd*GAYuj|8Vt{DN;dr%ar~)( za6nJyu0AZSw{)H$AzJR+!=vuo&wZ6BIsLK`K*|!- z9Luk2YEmvhX2Gr|cVB5@%057v=VK+`>ivXhuxIO8zmGf^jb3gCi2i&adV81>;<4Xj zwK^!TU$$mjl*Ld}38U=Mt5TSBM66q@Or(_IGE(hvp;n{e?!8}t%iezAo=}yyxzKT2pp=xjPv$w%Bn+?zh?W}yD$Gci_0Ltw282xS#_&qp z{8_vpJ`&2_jrXh3oO%L6!R4j=fDe5`nP)NQw6oy5Dgvjl22cry=p%Eh22)Vi&kFtg zuUGzFcEjZ^EK$Rnv3uE(+d@LG!s4B#s+X?d{n{j zxw1H5A>mZ~v^=dRp@bg3)pMfVY;WTIGl3oq9=Fa5!1tMPriA%Az0nY4)B=CP=IhVD zT6+O`+Yw85P3Z(=knUc013+X@ilA5dq-?s8-W&-{{dRXM6pV|>ky_VX6Vk2sd|0&d z?~I*70JJvrlUpxLbOUnT8C^_#>g3U|0sm2~P`>EW;nk`sp(x_Ab)>(|qKsZ2sL-l* zH8@qE8j2gX`f-4kJcT9U89dI*aFLoVy1!rxbxGDb1;NI{YYD-#B-#H zx;WZIQzE`nLN=%Ok}A#D{3)AX+U@(8i37RdpuO?8eo=?Bte-EpE2q9T(I(V`S_u6q zB)HZns>=(;3MO3aa@2wH8SNrL&YlLDC5@;xoFRHJlTsj_JaL&E*aQx;cnSbH5d49s zq-bj=@2#BQ??HJ}(|)TRy8ZF$?Qlj~0_SyK+J~Sh(iNmJH!}|$+Wa+&jA{n7t)e6F19#|+O54LYr^|)LF4Cs2F5jy^qmmr5{l4vSHr$-O8%=a7 zcxORP&G+T-turoh&(bwvJILRTg$~KS$H>9sDYsajVc@erYZ5?Felc1U`>N6Do`U`9Eg03%rDJpKqdloOnGQ*3^U_HGSH@9Y3ccDu2K5m@ z1z=xuN!uKq`si|pct2?->Ej$2L?-m&Th#w)^&N&bN93gttJuJmOndvH(9STugGSl= z63%{+*E@+{!1aNH9v2aD_dNPKy87R>?k}ke2X;J_3zcWM0}sVQPmolvfHJhO92MvB zSoPced;QK)%TM#j;?mmn%1Y!C)m+`bgTbVk7Yvo$rdzc2^f129 zhBS6Y&kHQ1{LNqUp{BWdLRJ0U#LtkpubSQ+F{0tQuFuC8;S zeEr%u5gbz%WUigbORdG9f6imn&U&ZBTsMCz3$*Zdy5CEaTqTi^40gX?d)ysY-*;Ag z1>%sVG=K;uR4Oc9S=ftr_wl^mp@ZA$(z*hC#``~ps<DT2~uuq@TsT9m4C7aherN{8tXAc;}T1T zfD$dZcrBxg9CW&+bkOsF7V=gaDedtDB}FWZ5SxHNPI1e}MFyg4K#hDP|LFrNSRT88 zdW3Hj1vGTgEuAHv1Zq`}MbP6R=jPyWIWX@%0ErJ%_H(?ly{^X>rNBFA$s)M-K_D>6 z>K6raOS7)WL2c!Id(_D>{!;;#r9Ee`o?ie2j;7b?YvdCP^Bjvbg7fiDc%EMRYOVQ@ zS)T)6ba%BcbKbR3u*qMS>cm8EJiQlFTSJ z`_5$^GAKBKFI4OGA{Zs-I)3UhQSHd#@LI9lU5lx|V&UOeH~%blb> z=DqL3HZOOHpXKxVmI&pYSaTE0UCn?m+wmskwVq;7M#LUKB*4(Dzo!xYR^879{Tgy( zWpR={R3^j($d$^|7q$|CE_Dw&G_`(@04QYP5f|NgA>_BiVx62g%f}CKq&;Xs$4=~; zcK_KM(c&q(|Ax|j-OmuA0@m|{-Q*3`P}__j-r)-+kWEKF1aX<*M`kR7@W$-p(e3vA zB|Z-~vOdN%WR_gQg0t-xZY-U05D}idRef|CkI+OIq`lb7pGO-2GVQJjA!Tw zkG@!;8kZh6(IXySznlRL{4AZZT{{RvpKUIlUh9qJzU_9k(V@=G3=my!seN~9GD3dt zgAk%0=|`UUe?D=>#x|Y24ofxMHJ6H@4t2fozXr}{D9MP{MzH}@tno2UG6BSv zM5js@wC?ggXW0kU97VUHUX1nC!1afk#a?d{9Q6yAi}VJ+qdN9rf&`e(@u2E2?xmRb znY5?dsnA(KcR~ViY#4*5`@8XT#Hhu0-#-w}6L!1fJcX08C$TM@BF_b?^2#xz=ctSM zm)z}Ze1Fz{`*v+5vfRyIM_1Fw%#_5lVK1lpuuUg|?%@Yx&9E2m6}+gkZ+H4CFF|%& zp^$jJp}4umj-U~@x`ee}?Ao-aL`Lxk51*b+^84A<^H8Ca*P`P-&Q9)orS!_>=RqbH z`@6vxdNkXyrZnzhdHyb`grd0sO8canUNpZ__Upo##+zU_f%rT*kQvoh!9L-skF*o~8GNOrREc(%U{DwO66r{b$y~ z47I;gFw?P`>DH!Pec!B+Y^YnlU~e|dJdwl?kt^%-NbPZbG0lz z5G9OY3Z=fhCau@mH1?`u)bF-9!GF<=Yf>0Pc?IG*rve}ty43Z2e9AlL`+ z(!^%t@W~7QiAP#M(bvB9_aQ!LS=3pF3&e)lW9>yfaM3am@l^TH#)CG2F9dxokSL2` zPH!hGE0!Z5ZjvDI*C1zK{izS$kKQ^bhF={hHXbQ{BGj`JNqaX1TR zx(4E&QR~mL1tLB*S4|UNktI=V_|CMBrM{0CdW++evU|-qhmdT6Ww$8T^+A>(WIk-r|`%QOi|TPstrp$ z|K9uQv2*eTwZTS$i>n|Av@aAWNTrG0M>tZPFYY%H-VM$B+#3|>A=A3wF9v&u1OV;K zAja+Jt?lm8-aQBDyrbt&e+cg-bo+@=k+s7ewwO2=xA92mS!T)rYA)5mSRn z6@EFH+^YMy>~(M3Ym}RQ19yaZK9e|rroqE$e&hG0w_LGj>27?D*Rx&!?gbq;gS*Uc zsB!3f>N}xKLJ?UBy=a$L`Sus6&OYhSO9Js(nLImccKmJ7J0BGHw8E7+66@$z{iGnh z)Y+1g1k0Njh{o&8gE@{?8_Ld>yncGm==8pSm_S31ZK(W8&OnU#a~dsg6ZmHmFA)Xu zFB0ijR0= zM{ufs+x(r6X79LpSTT@YG|OkzdQCSit|zYYQGBR<=dYc)KG_thxb`lsK0YYW0w0T; zPvSgl@&@s(EXFKXcn%+@)P`ohMZVH^)8hc2A5F?8B zi^E!0&Qn7pXg5Z`4?s>td!BsV_cBn3A9GF>nMRH7lRvsi_|wmiFo@6G?vkKPqIo{; z$J(m#sI(yB6m05l-wN%r_XOBvJ`!t_#pmkMbM6ZD=@ZoK4ubvgV_Xl7T? zGkFRCXaD8kpak>>{|v{i$7Ve0i>LP4=|%W~nnXAIeA0GASABT^|K|S?XW=`1{GYi7 zpTjWyG)Qy1(}xQ;%7Q_laLZA5g=}k2u$H!0(iRG!M;##);EJWMD&K?%ycC*}X$X7! zQ+|Cm2!Dx?!YhU!`lz70GRJtoX?ncW>F1u`05egOer+^)Z}COq4gWPhu3_a`Azmmk zT%%?@8?=#+`U2CBeHK}(V=w8tNBotBaMM=b^CG*JGw&f_T0O)V4YSt?8G8V%)t?Xa6ROJJ=tE%UAJH-i;q=Q0PiF7z_}0%h$svuQXN84Ck81`e`p<(Zu)exD z^8`k@YW_|@76;<5y6!`0enoT)RKok1^9u52^Deu+?HB4gTMuz%wY5Ka?l<_Iw~$)H zBlEl8t@~@tJ^+WL>6wQ?@(`q^5bxLT76Q7cL6ydZ_R=aC^5F*BQF(O6^Q!ETF9Efx z&>RqZ8F|}{aJ*xERJ*QhGCvNPF}b_oix9*vnHcw%iF^(Xo5QaQN_6UBlJovNca2Wr z4g~&H_u=TgsJxQHt;fiZru92Lran#~zP&u$&bBWT8c3&;k;gg3gB(`oKp4x4@ms&Y z;?7vo&L@R9h%Y`e>L!vJyita{JPrmD!cdAkl82o1F=52b$kXY)5&eq(DQ2jm$%aSd ze8f~0pQb?ow^oeb2f2a6ab;o7^;v81qTjMXpil<~@u8;MeqSDjcH9fztkaVInc94$uSENp^Cvc~I z{5_Lyk~1n4NA=2C{lODtx#3&W0ar(@`4JF@+tlIvUbR}Zs`t8KoY3b^KU@(*Xty8z z*@AY3B}jq!La<{G+nbRRz&P~C4ToLzo-H2-_zh~M#}#5!s?Pr zB`U>stsP|gS5q*3GClvQHT-zGKUUzt&9U3Rj>bdmt2^>Z0hX4cU1^jkC$fSz>=?d; zYeLP8*QVqnCR!gB0#BJT^+m=k?~WN{u!Tx~D@PU7%=^ay2D~7@gb2CTytsqOOG&|S z|3KO3lRqoiEKG>>g*kbb>$PBXMJXNQ)scthn0@#~aN+Ebu~EavRx==dewq*SQRy~RHVLSEs>!jh<8Y&&Hn7@*YfuXh_|XQ371laezUl6kP^IpAi#hfKCo~({lw(*6pC$dTQVuDEvh)BYM8@X`%)?!=JY4HSLwg2Z@glXDj}%5zJIQPa~3cd%ox!9 z(xlV|&1Qu|#0^`q+`1v{pKW=kcNZe3FI582qWpuG4%@%y9=iiU!rWLXZHJ8J$*VIo@#}bAdWN_ z`@TOKo|w!Ar#-jQg8yBlw`0-ZAK^53x2P0}4_BOG+JRd8`Ukx6P z3tmESJEB6d=Oh&O8_*y~4o!PIm&IjT02Kpj9S^(Rx3=fgDb&K-NXsVFI*U{Llp!v; zB8=g`5z@Hs#NYiYsIUhtfL87`St#ucPk4{x5Qq^oF9c=bC*8^J{Si(e-z=6+((hQ; z_}ndFvc5!u4H>7HOJBF$)Uch52ieU6>P}yXAw}o0$ZjGZ@Wt-~^4Zjct!{Jge{^cI> zxprJu=!?Q{bS*v#xCbVDs+$7^+le56aa{Z9RNP9|moH@Y@KBq@%9Jpg~7Lc zclXF6hTW`Bu1*|@FB^`7#N+Y#Smon5+H-K{Vb9f*-^wfG-dJxT31A!9UW@bjVR5|9 zW=4^Rmu+=PSS3&=+is-SthicwK@shI%2b$>lvt^hePXF@aFy9lr3O~jDvDG0*kPJV zdk2Mr9`HbJ;|(ALlAFMjVO;f!^6y}s4uSlBk%vdKv&B&M(otB5Gy4M-4-<8+%jeL4 z;dS#oj=-B)N023H=Kb^M_JiWBblA0m1c=yqbZ;8Fy)6I0;AEjX{R;1&CjQe-%Q+(S zPhw1=S|n~iC&FHv&>Xk8=~oDtT_r;4Sc_f5-&gI;IMIT|eF85U|LKoI3HMsXnTa1xL~Wf{+tB`+uI{H8{Cjw4GJOW7<2mXbO%`BEG})&W zuX%tdHIagc`7%kcY$NJ*1kYLjp~5Iw$RFtd`oxn{X$VW7hmcXb+;^|1z?sDcQ{hg$ zyQmK+EMZ6s?~A;?3cq&}U|68EsCjO&K+YR22Yb8R+)VvKb>_$3*mPQFM%&;CwZiVb$47wRp(sz6G#ysFOI080Q#gc zFLc-ywXrnahfW>|XYovW3-9oEF5t}a5c`q-W-U*q%C$+u#@aHN0#=6)(Bfk1u8MRe zFG*t^)8{q0umSVF^$&E0zn}Z*Xut;Z@#Mq9WjUL$=#lDE@l(2g&C5iBjty;` z7oV*Al1WL}bp&I1B#%pjzGH0Yag0Yi%^ANZ_F^Sgxm%kE*SYe_sY_O`DYzMeV~5&+ z#j8VS1>s&I7KTMhlv)C_4#GqL0mH!Tc@K>)bI%$@y9y_}VR~PH;>qJZpXqC)gvL6* zk9_zhvVsA%EQ8!{-+n>TD+95Cb+~qHg<(U(){m2(9gH(7B1g0e;IM3E z9zPkQmmJS7-lJZewk|~0yBdOVqba5hK@Vx2|9UlU^HT85p-1_*-~9@Xx|BJW%@9LN z)$bRhMrrqH0ElKE0ftDJy#ntCJ_>)IV3logz@%lo2l(=!V*2}j4ddphb;jj2v**XB z8y4>c{a+$V>1HAf*chSHg%g`pPnT%_Y1F4A4?cn7n=X({C~GNml{fP5@dpCTX*Ym; z9qGaIY;%j(r_J#afuT3HDiWx-@Efmf5l5oe{z&g<1qKS=@PR1c{s*?Gl%SH^t~(@R zy@z#yD|KgZCZW%}A4Ww*ij;XQZfbVcjnbUJ23sy_GR&{rgzZ z06c7G%pbvJypIm~vtG1~#ijX0(b?xj;2HVWCz(w!ROVEyc7H?r>M~b;|B%H8{q)q< z5}N6m<@zt|x1v|Gpa06F;raVgf0a?KKmJt(Up3bz^@pYRLM$<2XyIR+6a1bxKN`gs zw0%=v86~@UA?!#_L;ehw$DWjvNlNW$%Fz_VJ5Boa+@F$0K(hCZ2b4Y5b`N z#V^wvS;@?c1_~ecDOQw}d(Dl=&t0H1={OQ48d&dV4Ki`ieU0PyZY)gZ9wpfB9BzJ& znW9iNWX^Fj*=i4OzJ&gC>~=LCeAPX+eaTd{!JB6vA}Yj&!Y;$HtB2GF&%|6n&edTf zwi1S7{spA|w$o0Nbg4chTRPm6hB@!KtQZ802`p0gb`y9aCUplISTBJI$xh0Zgxk@@ zmXq96lbe5Ofa+ibLABTizz@J-K-<4Mz6z*f;xngv9}T}Y!>=?J=ZqO?sok${=j_Sm z-U0<$?e{oZGod>D?PyfvTDI?01RP<2BgB4j_2S?>qG~h_@!YYj_DP;+ipg856@-vo ziN>p(-YJ?NEVy=UOhs-K;r;lykvUU(~|U?1v~)>e3*+CN<={(hO$K+$) z5ii>(#G5DhY2Eub(0h-w6#9~q^EZCTQ3*QwvwHjy6mQ7d_i&;}S#**ks&&zFyfK=! zASFIs9(Bsbj`x=JvAc0Dksb9RlxU)awzCdZC491H?@g(F5xy?R#u%MN4L@LM!6tA| zkhEBI3IR4W+j+L`Thm_det#mzo08BMyNBvhH6P@AlMPSUEH~lVO#+JK9@F)v?BO_^ zn!7BA(=9&a+1vnOAK8))1m+Y6f>Hj+Pn#gH^$Edk&J8SaH2wud-??T4fPN5fI_cnl zu4fX$)F%pJG(t(vj&oRN9DFEmG`yc6-@)Urr^>F4{(=EUrO^jf+~WX`UgTU+hkF9` z>Kj5uDmgPLT+alnH~|C<@XUSgt=9i3C>N|*d`}N_fsw16kT$5plhv8({4NtTbkxtC zh$LS(*3ZKsyGy)OYc`)&hJ4&=rf(nLEAPSEFfJ<*k@j7F3A zJ=`q;aa_-oL00dNd*6-&>#B}@Y1Z%y_n-_$$7)`jmEdyvkxpRTGTq5nZ<(C%c5`jy z`Y_$`bT=B~OUgeTyD`Md!MbjLWK>)%&0y_&tz}z@n?pz4J3Z(OIAS z@56ZQ7wuagI&~m5;}Lw&XWv)q?lvb|rNT^NI3o@f{y1!li1{k$Umku{0b$!2S8E!b zgvn@`kQqU*ALYo9 zW_TOZAaTBxtuz?m4FkNF>Csg(;w|#`yD|M#39W&yF!D=$p_dWcQc2tA_4EJ)Xr9@x zHc$M*yM*z~C!?&mEhY2iW5tgl%Z>VM{C8p~b?TS4YZOE&C-zZtWVMueg_G zdj{R7%kLdu2kSk<{uZCT?osSDzx}F>1<>)GLRSDtEIc?*taiJBGJirneR#cZkRx_& zu^q-CL>u6$H()Q;-0yhxMsMRE*DaWFFu_PT7(uGx-2npOA4_MpwI~t<;a36yflC2d zMfUYh6a*DyM|k=P{+=^^rrQk{imI&4jQG^tqWCZ&hv#zQTtfZ`Z(~{eS7S7Z&Hm10 zU{G>II$Ui2*<+o4Xkj^#@F<+`w8aV82&cBYlTcH6{KB=wGM}D#@JRNFPiS22eHxA^ z=4p^u0hT)7eY&~Kza7wXSMJ_KCD{Xtr3k+S^LUkQI~Ztk`rvXM2Uv$=brzCEA8oH@ zWOz;@Gb4X9?Kx{16)oHwdCM~h2*10vUy-SpWcjDmAC08c96P+;#kNio`BGhE2;blA z9`TC#!7;kxT~`*xSQ%(`#95fnm~5S&E`ftalgo7+#WNg}=J#uIVC}#pQMaDa{em}X z?(xB9{!|Zc!FT(7YK%swXZ#l50Tvx85uZ|M`68Z>$cT$q82J!3@D_#! zP=8&e>2^~~y5&4lp3yETgg=HnCe~_tmgd!zCFmD?a`~|g8SQ!ywFr7_UwqGdxg+#r7d$ZQ$uiHUbju^5QmvH3)+Jq@JYZ#4@0t)9{xR>g$}h z9G}C;7%Y~)eYhi35%Z@I-Kr5fBbq)AC`K z8exz8+k;(hIR6yocUD0deHLb{t8Eh%-ZmQk>7#^hqifRfB}depLdY~;bD)^X+A&Y7 z6sA=jdn>Z%?58=t_rkL&=|TRxOxMq1orb-DIpp3Oo=aFuzPFi3M~HFWYa5mtCXU88 zdY?X4<}h4TT?BBO{sv^NQYWG~RuU8e2D>To?PC?d6>N(AUiTz~u%A7cJ&^72S$`Fp zpbJQXVIWT`&*y95u`Q8t*$A)OOX04-c~JJ4W7myQ24VX1F{VGEdmLJDrSA2L4o>Qi zFXM$-rS6MG1iUevc7u6nbzwyeFX2%-dp`WPB9Zs z8EZ|B4-=8?UbOG`g5E{eM;=fX# ze`5kcE45H>jIv5EDyahWAn+9e@g{Z+6N=~$b^5J-*WlK5&4)VN~fkn#1nfF}Uc{nk0M zmiMqz^v~3{7ADulS&L%nwesQ+z!O2202hNZ8qE^20|(bYW1nBzGl9Ot0gL{@7ybvG z`_VlZ-NwqSeXdS>uYNAM-8mfDQd;ZlxCdaM%ce+0fm_Jj8?jK9nkh2J@s8{YX-5dygeY zw3qhSP3K{I8TfcL==>=H5_paBM-)liQS1&*J$ScZf)Vf)y}njq-EY=gFxLc4;^-NE zyb#)75ucRMLF14_NWVapF>TOY7sBj*I6+2Flo>9F->E8EYCisLHztBm z7dTs-JT2KwdjIme76HR`-Z$lB^i#Plx_5vvcj_X#Me#zkoaQB}ivY}9`ii5LGVA`iDhAsBtI)9}1)%*7KWZB?sjHwX5PC0jX`fK(|_JtgYN-nn! zfco6vD(GF6iN4IQpxw8&`V~qF_h)<+d2gDRHNWYp8snKJl6KrEyV{oo3?11Y3R?5t zr6S~i7Guj1V^TI8Gta?PJl~9R9I)flSl}=BX}aod z%Y80)a;-tfQwp{Bl?X4Qg9B;aPoE(;tob$%Mx4=kxv#U#NWBpf3Ae|0G^auaJsarF zPhlbx6(d^0rZFXn&9;32GO@9Ja&luZVwTUm>C9?<_yn<@)9Y|n&o(k`FksjhETl8! zFigi^oE|?R`T?kv8JvUjl0w2UY+{A0Zgbac_dvrqLP%_EzKY;X4m_kuwv-063yT8O zmdsRDkLX4;DDEp>p|j>j+Zf*;Bnt-irNo+dO^*q16~Vu<7XuM&aZ&dK$=flzZ5u*bG<%~ZF==_Bl^2Dm`?&+b0V4Y8oe z(=9SwU??klfx)CcuczVheGR$ZIN~Jlt(WYNbto$MDPCC~>B$kJhDhsg33ohD3yof- zyCZr@00Vh7@SNVKJkZ$7$Go$1F_#@0S+f5uO$;82VB^g3xt?z)qduK zPxY*5Jy6Ybvp%EdoalZKFqO!~o19Tx`fk(1Kt%&K`ndB(prjhM%)9TtwtE_8*u%)( zyGqOWwNDtE`?Zk|fOBJVm7dg2$`oFQ>x;_%PYQ*TSEzFC+hQ=PDH( zTeCO{;vH%ixWyIRb)jJ~$BB=w%fa)U4$dMir1X|Fr2KbJbj6vL*-@pm7~E?wy#+Kp z2^M}m8X(LR0cDD~gMd>-`P zS@Z4$r-a-XD*i@5zYG2p2+Uz4Y(9(?SDm<iIg<5YH{{mSxw+P4!&8 zSb|~y!KU}=yAiqz)Q^1x0Y!R$g#1_X%u!D6;nz%_qU$&risH9kPIj8Iz!u&iSsU>U z%*vg@n7bo8g&)e0mxO}E+x|wdv*2v|NOaB+oEz2ny81mvS5FP4HlEoYw=0V{V7Z)0 z(DFpCy8vT+c86}`p66KKis^|Y+=*3Ix=N`h@ztd36dd&V@!iZ-$0UWLV0K*VRmqz; z4OMh*Hjnk$m)=Hvpcrs>)hR$I_v7vRx>LbeG;>gYw$-Oo=1f&Ref;j*<&6Nh@bX+{ zk%?wA{r=DpttkjP<3x*!;ku90MWC7Zm-xAT<@u#JJR5iT2~7UDOE3M%2$n_WPK{kd zdMP|iQ`M%yXiBeE@sLBSW5ZAGmX1Xd?=OXf8Y|#G{y9OkKA}`qO5E2`@!e@h~2M3guckjPyVN z2#wSJxzF@gHTFA#jBDEZyDo~4Ch;o2;C@^Gc;4N+-k@g9hOJ&M)Q4#FM=%6EsM;&& zX>T4qsB3UXzrkIaPq(9B9WuB|(zgbnlZae%&1{!zAe$xDEg32V_FmD9TRCT#N?Hs{ zOwITCyoju1+1>or{HQqj`=SciW_f9I@}cFJdxbS%n@2|;V18fww}eRD?DKBwfZtAM z;J)4|lUX)$=Z&<{1|N?-jfhD;Ddfx4$B&vG=>>4o%#=WrAZ0?GWYePhxH zc$|~q^d67I+_tlFUnP8;EoR(zju8b|nz_sq`N(@Os`%C(Q08;rU34I` z_2$47fx@YwyYEZxv!xsBIq})bMq3H4A%SKOZD_Tp6iOng}{Ca$DV!2E&9Z> zfHd}+0Lz8p+plIeXRvOn&uh}BP#JDBwdv@_qZjIpqX3jD_DG+j7{G4n&Eeo6Il4X%b$g-TGxVM^giHP zKOZDp<~~2`Y^}dpIeCTitRH>``L&1UV;`gAXhoFwP^gQ?`v&~%l2pwOe`+TYQ<{8$ z(7d80?_DJxQ9b%3;4r6t;Nj2)0YILxK(7hz4h%XYusN^yB2W?^6o@tzI{T}8V zEIHVgr{BO~q1-KzZgQMB#PgwTs9x)M_j#oY4v1z}IB*ibvA z3&-lW-y`PI^x!@T7`CrQ2kx$>peY(XIk%2lYi`f*IrH zkTHZVh2~8CtmMD|((P*S$(1lZh}WhX8y50X~d&}pN#|y3Uti> z;u9>1&)I?a!-_T2%6UKbf+a_u2KYO;4Y`9`$FIKJEoLFCF-vkva;LnZ)(*0@I>;6JcP&Q^zRpqdcyeTPq(eC8S(fU zem5et^B4*)=ELJ@CnTQkCI$R+FELDI@Juog`@Z?sQh6z1F@Pma`LlnTB}D+7@ouun zdGCNCAJgl6hJu=uZUqmY6Uf)tVeJ@nW2@N1}U?-UpOCObg> z=mSwED(5uhi?gSj^N^oFS|O&VZvfika3G!1?Q3zdAD1N*^hj>;0WaK(W<$sNC$-cCbsqLN@(&KJtGe-?f}to(MR-9VR;{ThC^v~a zC}-k#>0m40{bd)MxO;qTXe^GjseHLT1&v&pf$wJ-&yIgD&~xNhO%M7#l4qxjjTKEe zHfD6a%D>|$rzsDPD|n#DGchv4EBhC!UAW%AK~qicSbk|D+P0M^UG2+J!L;K z!R|{=PnXA)7LT%#dEM@wB2$y~M0+dqLi*~p=|dV|C?ll9*pia-!V}CiufJeeK45xw zVKXctb-9E_ASCC@KI*S~?(g>1NF6tXIPx^Wt`5imNV_qX4AYEBB?phzhguPMzA_|Z zIrsej&Eb!(ve&79ALh*~R%NsafjFwhh;od;#w%Yln-JUx#Cwv&6c>W+AGbY4WS^~t zU-F{A%U%(Ls?Q%%cvQOLAH^!#j5K+;)He{^``*@Ha%FhCdBXS+!E?kNj^c;c?{b7o z(Qr?%PUW<-CWZB*W zy6M2_-cwUQ+s(b~l-8`SU^{MIGhLw!-=Hn6^ab`y9W{!aE*bgc7t8^&{#*3F_##Vb zhySF3X-y!HU7_g4qnuO(cQo+;gSDq^q@p`euJcx>#-m?+uDhpA*uLcYw6ZjR?c>nX z+zySEQ59w7jhYG)W;%E!e8CH1F#bT-wASkCwdBWHT9Lz%jhV52Roa#Mr7r6)$(=r# z6=(Z^d#f5;v~S7R0r${D1MYWR^J!JT*#TJ*H zzGvZK>7d-CFp-0JEnO6AvgZ*x8feF!%;QKpIHvH-V*biZck(bIPO;b=9J#l4x>s+$ zY+fIMeigynqYj_Tg$Z9V>vDm^KSz&6Uqxy!$IT``+2@s@Aa%S-CJ&vVYwOIq9GJWa z8$uYZ4#qg!kHTk{DNY6H?@z7nC7@NnuiIE*w^h9AB>O}e9U(6##K)+`RLnnF_CD#< z4?yeB<3=$jifmk`<-Prb<7n<2oKL5yy%NOAVbCnx{rE-~Q7p?1^$^K?GrKbyvXRx> zpB_pVT3TNI<(h6tDPqVVv$*hbFLdt#-7^LuqTr=a4jhO%5yZc_{XGx2QDkSF1^Ku< z&7GORc0&uD$^vs=sWs%Ry4&UJ6D`7@dPntt7F*$x#N?6whL96Q0#b!KP>(@RAyXLLw%cK<^X5EfNBs;nTF=^Mol7gjTlDQF_2#;VHU91nIAT^k*nGNx)a&(h&Y)WwS3zV|?Es zv*DS8uh>T#BUR>%!HjD8BbWAlC6zCF;QC+O7&@MY6*djY2Yd2{9KsX&X?)M8UZ6hv z`x|4O?F)rA{kTUa{ zA6QJvH(%ZlDUdj_K0o)>vMxWNd<4k+ioPpdD#coM_g&HTTU`9{Io}gle&Tu4eM{&D ztm==BtKgC)7jk9%PdF0w=l6(M6t_w_K1qW0g4Wf5dnT6DNuR1`!Oc)v=>Y` zkh)Xha@EkWtr@4sM1U8J6-Wr*<^~vIRZ>49SiR-7!Njm1ZxzSeu>JIOLcXw$9Q`8M ze6YQ75YJG%_}m_(w|k~w1x3{87Wx*VKv@~#NvW>5M3bK)@?1+J>_(9}ulGSxuaFFI zG1duU91h+@_GY&oawepc+m{EMeQTQ3&_%*E=m(UKhbQeEl|9J`q{ zz5Iv|APZ@4{1S`~`5*8_Ion&fwhHII#Cyty1EMl8Hck=96<1v}Tq}AZUqEqFGd{#4 z>2<1FqPSuSu+a7e?B39(n8Gly+(Q`c;aNQ`qgy|H7{ei_!u>QLvPV(Y!c*V-Y{lfm z1>3aWwJgH!HgsnLcgAquL2dCjiEcSb9Be^pPPl#_#X|YXMV;LVo=!YPKp#i29$tVy zbmm@o0C^R{(@XiI@Aq}=$jsPRpN*qTECX8fsu#;Pw)okooTtgXY*WG~dvv}R!vO+V zTEfyjYuh@Y!f-_iHzdj&@f z+V|&=%WvD!<63J&e1HeWBq5|JjfOxF&vN_ZE|4MJ%y?2f)On%E3Vy4N;q4y{1APE9#{y=E{m*{3ha@zG zdL%m^_P8FLoi4p)UTlN!cVm&=NVw`_rF(~gmuT%i(4O{nAKUBsbrQCLOKMo?&qYHANdPBgrbu}7md;A?J#II{Nv%QGw=#{&M}M6 zr!a=)jQyv*yG_qvXyDbyOQ$Zc*(M@*?qItPd8bX*U4C7_zL z9+J2gvEGE2*}QW|XYC8)=`_IT+lu051J%b*(GfCHi-Utz0OJA@{5uEocshYTBf?Z4 zsLtdL6mG^t*g8;oa4e(YZjFvnYnR$IbILt>A^q8&nRjc@*YH-3r|DRIMBoR`&b@5D z53zk*eow-_>Dm2e7!<9d4V5~)%41Z3hmn8=?nkWRf!lh<*b`D~_}iui5E~1tB#oLG z0N;)h)IQ5)r(<^hM8V^xg@WbIXXO?g>LvS*`_Jq9%YxSGXVl`UP+18S3%7&k1&~V? zLYS^#&0IPRJaU=hX{}u|mi)))(&0sx7BIVEygc|}m!K~;)oZj}yBepe!qe~l9E}^v zu}mR)E#xySUlPEtqgU2`iC~&(=u!%aWk`utPKle@sAOfacfEmQVBF-b`n+ImtkeTO zSJ3n3)kkNQx8_-s4AAvn50c@2&7r}=UxU**NkosTt%@U18SL+1$}}T|LEiDNHz{pC zK)Be|qKJqtf-5poc z@M$)+nJ>NPt60%Yek(K8e#0+o$#9_Q3G(Jxr);yk-TC&L{JHue6v->rxjpKIfawF! zldCY5E6Xd0R-;!OjO8*97v}uoc@I3824_XKx}G+HaM6;-Hes0n=fg4ZO@$s%>nHkr zstO&GD9ZTydWyZ!fs5<@L%g`S;u0+xY)Eb0RAVwCJwNmaOdwFP=2Ik|y7wK#Bkt<- zulPs_^Tp^~H99xieSF~!kWqHLgGQWU5R`Dldp)7u>#2*M-~Pd(#8S-;eRI*)oSy>A z=dca!y7tC%Z%~1&SZG%JhCI>_%2WW?UW0K3crp_Mc$we>0Z2m~d;RG`g&)C(g{?w{ zZM#!!z;KHE4xNuU2VTH#8JDIns+yZ-E%l*chf&&dZx`nx>^0EC5`LjhCcOlca%gj= zFRlB!BxdVKvy|8SZ*gZQi4QMS^svB4mgTV&k1CSq;TB+fz>(K?_0<@Lgs4r-t~boE zi;gB_yz<#~$1W|sWPG;pQM?;kngA$!2$CfUFPc(gq#3Ft3MR@xc>XyQE0;}fA`GfD ziHTI#b1YIZNbe&&Q{Fm*?Kx3D%JjdHJsyQX>mS$cd1DH$G%}!4G-t*p2sSPuA`(D< znDR9^l}XV5ZRkTs{>kDxvlHZORJnIuNIDlTi74<6$CGauVxFbfXHymi|rU! zD`M-E+T#>tu#uS3?r%-yiFIW{ij>5(J8CzZl>x3=U9PC3U!`m_nKXQFkyY4)`zm(` z2I5%rkCs`A+`Ll3cFQ>JVxQ?IBFPNFmE$58<_>(F@`$!uu>(8u*KxYaJwLbB`CB!< zdyIP{0vr(kK#Eb@Q*HM(8slu2P6?O$@o={kdxe#@<;+%vLN}4$Lvo>d4%_Q1=ta|- zep0iKTsIVi<_KQdZR?|>`0~^d!Ahi@=r{igr}}+w=Nt8X>3f=z!;YDE;)_$zP`~9= zdpxKfIV>WTRV#y5Zal}i-LKQa5f532c^{HIX~~bs>$82mCnHYYcvp|^xjG&8`IaJ(>phPGByve=LKH1;(`|qtNr}>#)PKz)5NRH-lrKLVvlm~ zMd0Ut57*y9*g4G^sf%OY#|YWNl8~eetPjsl?mNCDf>!0`{Q7#oG^^L_n9IR8Ejgm5> zfIbHg_*;GjvCtkNE#IG)&N_*j!~UA3cstHw7!1Mz@+3Jb8}b%)ijLLcB;v`^p_Fs^gQNRTse&>rVqFg`bh&Z)%QVGm3|!&!R+-f8J{!4 zyxHid)=UCPEAayXlL}7c(bhX@yPvr3(5jF8E4kmA`^;q-4zm4X)ev?`07bB!67x_} ze@g$JNuk8TCHmxD-?(zf&;Fh4Z_CEDhYpuKXotpsT(#_JyqmlG3)5%bT$OnWU6BVZ z{c{Z9EVRVVn_6UY{=~T+e;|5eh9_G=EO$OncG29SS^st@crttL5@<^keX2%m36VUx zJhymvhDMedv<5ti`9wB~efcjpd1G4;Vc>f(nilscULo;&Q^ZGq?F(S1?7jmie#I@PHU%;jk`enm zw19wr9){-E1kjdn2low;e13D>-@Yf3K@RU_m-xy_P#w`YabGrZzq&VgADBP(EZDu@ zXDZ5|`<*Qi=W5p5zo4Y0M|nTezZ&JP<4P&fnfrRTrG3^XhBwssb7#Be&=r$w-UQ!g zuY!3?59M~lQX$ay7!5wHL%$N37xvq`W3crMx1L+O0oK@0NP-^G+)ao|vS!*ZO8cYp zbAL?DC;{%=Dc07lGT6&*+LoVXKR-H98RU7$=V-1zWp~c~{AP%`M3-2ED-oI^6Gok^%x@n)|MdA(E%6`}fjR%#J>)|KE!B6(fy!m)`z8AkY%K{Q|ZsdZQ zJF$4AD0s3-;f>BQdiV=VJbNq-9~V)kO^lcJLz^hisZPF6N!GJMivuP(p?s27 z@GOx!tQM35NeA!KWAYX}6P^c=n@0&kx)V6To!SBdh)4b=yAWM~`!c$Jh2f#jdQ{AS z_H{!0_VYP1ElJ^x9Gc;njA|TDCINB%vAIYVOQEzIzwi7~A^S}|W3KHJ%E0dQEa-v$ zeR08PiW9#|HtY7a)0gH=^VpwgZ6}2}QaT_#cs0N)_&-OV7;g;XNLHQ*Y~Vf?=PvW) z=yAxO<9(rZ_O`#j7ZL)hUFWqFUgP`LIfp(m8Z?g`A1 zF5vMB&n0#vD?$X1{U$xXCk4Jcp!8;{Jn_ebiJYEOUlr9~nBz5=-WQZ!9j$^qef@c; zAZcOayhS6Oxm>B!w%Jfvc?EBBT+8ptXz(kQ9XOa#JTdHs`XXmRAn}K1h z2sKe&o!SkFy5eIo?DVD1&m+Qr_~BKbJtxL3`}st7mcnAguD(O5sy^jNLxfFU9_QFU z_C%guZZG)h9U|B_ZqB}HH7VR-Pr_~EVZw&nCjS)+mTcqAEczOk1MXun+v2a!Z(j?t zu`IvyufcKm$4JW3mdm~*jLMOm+Knq8N9pSCgZ#B!Z{~R)BCrW>vp+x-ZhR!ZJgUv@ z489!WrOCDBZqKuDf-3_$=jZ{gvW79Ku>xz93i;UOPL`do9{mUTvwm|7DgcfWZ}#!1 zsm}YdC|)JO1#fwVw;7&-%&BE;nA)g48o>HHyC8;5{>Y#Bfe7en!c2J~XFRk9r3))E zvPJ7RrGNF;n+Po8I=tiw@37HX%H5p#^+Nwh1H>4n`}%ggrQMr<nBmAU&?Pyf}r$DuVO35kil^ z=T~hIdJc-tIxqc8VdTipm$COl3b(l6xhTG|efu0f%TL++oq#jG>oAjbuHO&!iwNo< zuKOIsMMZc9%@I~`o(_fSS^Zkq*B-FKz)6eN`N{xhYw8x?^%@FhK~~Ebv|L1tuJvn| zG~>HV5T-vl9L%umX1mjUnC;mc;w}^Z5g*5Yh-8 z)#dVgs@BP4u2r!|)hDtRwes8(-!Q5Qh}eMY1ZliO;p=>uLNjprG{t86&j(3cVq(8| zNBOm4rN&YuL;UbJ|4G_DAMW3E`@xv$%5rPTcf|(X^Xrsdi^Dpq&G@8s{>PYqzJU9y z?_`+6oX?@Q>PO<`O1=jMN#Qik;Wtya5eQ6TKqZwa-^58nlmQ`o1-D6m9}%%N75myK zU(snOEWdkk{)}_?eLzuj*|$@(l&Dcp-4g0~LH(=8JB&hhSsSF*o#5(pFQx7E7nxYX zC;!7UmKT)IZWo>EDOP-2_d00`sWRrf2zapPL|^hTLaYe>O;Lmow4%AuGkb93O@KaG)Bw)lnvQ)RV$~*{LwigYzpx zW|3y5yht0XTL}z)U7HpIJca|+Om-ddcUTUJ#!9~1$zS5*Q1_B;#}%lysS`n!zZ5s= zV(ypF>G9W2b-CP3l)LOREM$yJso&mD!Bo8aM0lQNzOUh?jg6`Cn8Jlm#JY7~4hRWj zESJB_*9f5iQWAmagx-ikBC3R9*u&1=pKd=ywE94;&l_y%_}?12#uwG{I7=)rYG;o> zm?ci=PG6LBYX5=wlBjHD0*PWlGkMtF-dS-Ji7LHd{T1v6oLct+T`GT;N7VzHjSo(J zh==YO{`YK8PwxR+tj*I4m4sp0pwoTX2JH_@*VBh*w!!0%3spx-Rv@K3}~<`#Zk(fBJrC0Y!QE-4Fj(QRs|t!1{sUxGB%af`gA4qy4l9 zCdzj$A+F6%iI@Fw-&gs2&b?0d3%<_5>3Gv748Z0Z3mhI0xyjv6gsAU3hM77X%J&qn z$)?QTh6mdPD-<4n>@>1HX60OWAAGP!@n~aq7TkrKXk;w51XxY@VdClrlexS`wM}(B z+^3Rps=cgWk}eC_Wfz{v2Rbn7hmffTsmk(gxo-thkS~V*+dY?@F(asjEZNfqyaS9y zQb@d?0F2fjLOnKc$u%-9*EY;Og*Y{bRQ{{CzuJ zc{DRV_F%=w^&rT>WvD*KJ0-w38wM6J9klyw)+WwkTO0B)TAu5<5yEO8RKm6j#QufEJ&yA`J+VE0?<*2g zrf2jEp_wSfRV9Okj5~c+gNwea!;1n|5INbv@-^Box@+#kxn4MnWfG?x9jz}zW?ke` z@mPK2Re2vFH~y{K!dd7_8BzPqQH0WX>;o_ z!3hs;icm9MRaXc86FX zY9Yvn+mgMk!}4}E`Nv3;^2?S9iH+B$1dV=r-ZL52c=>cGLK#k41b}`o|2C};`#qz# zhB~1CESI*`Yn0)Ohv1EHK$Bec3&J-@8`)En$L_#x&u@KhZ$_ji;3NIi$FBpc(9Pr9 z;#e)&9ry2)(byIn)%f>=Kht{ysZ}dNM$(-Qg%|bUdwluIgP%E>p*s#QIUIMCwA}30 zIdZ>bOI=(N$2?kV8h=M&F}VG36d;sxtI`Trqaq^>wPQ`U>`dH32&a5_)BsfHqEH&<8coUXOnxatlS*YW3Q3M@s43G1TwEHhY2T< z93KdoDXT!}O_Ck8f4=>rmiw77v8J;2y<(vT2=Fuh6)5(>Z@;F=&3rst0Glu!v)7&5 zed~rW4X~NyMHW0=?xEj!Mq7K2)Lqul?fPPm&uM0(GH%=R)H%MAns899eM*ALZKW%bv3pL*qGs`qW^cleRa$Kw^174LQ^Uxkg%ua|wbpq>h+@IjoWL^$={ zMU@W6{X(wo7a@&gqCz_|YwhJ=rX?(8^>*j}U`3nm`Bb5d&Yi2ELp(H>%<{$x?gF@D~XYzy9e zOjht^fZ$6Qi&!njabJ!c2Hdq$heQ{=uFEVNcFR28;;o96$REyV`qEr8T#_4#Kj-~A zn$2tueSKdCV1+2o!DZh5lw$L5`9x7$L8Y`tm4kuzmJV#Cqn#cYk(-=q2Bd<8_aJZ%w;G2Iy;IDvJ?ktIeCJ z8fG{mKBIpD`QqCuYWk@m+`q5gy8M6%kx|^Y@pX^4TIH+lC!J}Rpnsr8p4iHhb@|?A!RQGv^298L z*+q6^>w&)>L_N*In+Z_to^?)M2(rn>!JrNJ43SiN9Iljp8WZ&_^3An5U*E5{|HC`A zLX{rRVz>6dKz@4!l|7_L$M}=vHYa;yhA74g;r#C4U2a^rR&T;9-uqkYP$}-KsBvI8 zr5LU3m)(a{82P}BVTro;4Y==YU# zW1kiqa$NxM4r_{MttPh{Q9rvtkZ;DNx%NhpHD@vmFGcWLRg{*%e zH*+VJCu1oBWw`LpP3#Fng zIjxC>SZ|dU;jCv2YM3LY8DUc|r4~l6>7V2wV4svXoLn7>ONI~|4&4A5d1}wWr4iDz z%U!0whi9)@s;p6H1ro-uBr=IE6xa$UDve5V)U@@uK9@MCKpXZPK*!1{4 zA3~g?>NLGB7WX@b1>``UE1n59p>GLeJe>>0ol1&G4SPW@rOD;>mb&B`6%})Qxj(A4 zq0koUu8NMqckEq5_}Vtjep0d*-7@8kzA*o>Z7%nQ^%FxoYFFTL0(&S<@uoR;31F*o?hghdt(73HTelXhhq^9uudmt zm^kQA_6dUhc@TI5b#Y-!VxQ_UN(7)xgY13Sb1gCw%e-D$`No!U!@s{y0DTC2Hi%Pc z-VE(?Akk(yd#P#`{-wLI;={VKZ2dgl_VD@Q$5Z}-JpMJajy8 z)RQkfcV#O_@L(eEzu<0~vSO{=ki#L~mwWw#bvOxY(>AGt!y&1jr$~b9GJdLW z66>S<@-)9V)2~pfsqE18NqzJzm=yU1g&ggK-fj3*7*_Ken6v%rWAa|pUER|ij*dSiJDrVGJ=B!*l6lN!j|sgq z&*!62XS4T?*;Kve+bIh(O5Un!Lt%y)coSqZhE$pptuLVv~C~6CaFqU&bzSBND5_ZoZBhJjk8;vA8tKfwc~;p(+C~ zdbbyqrFd#}+l=V;wSIZZYHbniR4@7E%{7IJKm&O-5u~^23$xZKd#h}}M?~&5<||1~ zoIT<-pqkKOLphw<9~5bOkP`L`N!t-Jv{XxI-)HfF5sAV~`~Ik2UL0}iuG4&);A5wPdQwshqJX}?iUbJ z3AH%#j$gdB=E#5UUaDAV(L?*jci9lNoOsPyhEwJE2ey1_NedfSMgNIu(_RFME5=3g z1bY%S?K!@3*z5g*v|)HJfixr#5n{fXzIxYfS&s}nnfTzl(HD_^ZvLxO!|aP@(+XrP zI;pum^1|ogkCq*wO}h|9zWYo~Y57hF6Hu9UukVnLlZW#W_rx!?q1pBpq&}C|cS@;R zDD1TWlC4B8vAgC{9%k*0`679yQhDz7>WPoS+Icd88B6xGe+6pgeP=tSzHS@kpB>tg`MFm{I*8e%q zMXz2Tg{wQ%qx;#SE*avgsC^I8H@(6GO(x6lCre8KJmcG~Yw3mwEQ36Dx5>GGzlz9= zyiAT{%c~Tvzma#Di0}^nEPsBa{5}?z^HyN5KSL!ez2-L-f0@MH-CSSNJF24m-l2pA zu|oWuB~O$h7B}mU`3sfk}F-+S{R0AV7wmDQ%bdUiRJu z;WWO%cOhTypTP`Dai_YF517Y<jSYU}Qv6tyFBlPiX%%rjjSXDi4K}=Os1UE`RwL#{SyQ|B{gur{QbFkqaM_d^> z5_6t#Cp#=Th|Dj>b;?ZmE|{b*UTA?WGqFw1)UCT)9m;9K_BeR)(?Y-oF|Q_fP95Q& z0Zgj->bSysfL`@ExnE)8MlkN94va`k3xksx`>X+WN-_@!J{#GAb#u|bDFN^+_SkKV zw&5$0+~zc@!*f-7`;8s1Umt4s8tX#+o1<>t<5XuWz3y~bDt$fn9UTP-Kzw|sRIf0e zPlW``OnU0Lj9WL*y|_m;~;b1jAaD`lgJo@SwjwV~XLUaVT5R zzEM@#lKCThS~{7TJ$MDMPdBiopm&^}itn*5%m_%@-2CA(sY-w72en$Jgn!!GS31?t zEK-6G1KBb5!(X^SrMd0-K zE0Dy#R*<6aevXN)4|x-sDhNEtoOE z2=Tgj%C)TRW|5rgeI`aZj}`lMcLVn>ikJGbefP!3I?uk*Rj3rH`xSes1%f@^&*j-e z>!y^j$E50$0$j$E_xo_~6l&ASIZG8G-PIQlAI^IhxZ8guUDuYPN)-Jik?12RNkAkh z${SfF=kWEj=~=69(54ZKqUwYlxR48hb77nl&}=?z2_QN4P|CNe$#6iFEvB6$7hqDu zk1`Ri%`)>7ZX$;-4n48>5p~XO!mhVJ_<>u$r`Q?dTeR=7HwxZtQP{}E2Lfhn1tA=A z46Q%-=>q*lyUqQEpt@wfAHqIo^i^iCJ$4HzJ{D@bf%A_4FHkkVz6|FsWYT8=C5gO1 zv?)I8nbBXwx{VSf*VGrpLg_(}`zUV+xewEsh3XaaM6(RtIEcLl3xCW6xNSt^%!)Ou zbyBAuy76#xF3WP4%CO&lc!I29MCZ$D$h7z4@5~e6uiU{MVlTu4yOdz&wAn-fiRrN@ zy+F-R+1*2RCJS1-d4ht($#Bb*3f$v@UUyuyX2isuc5%td*}=^w&q&2PqAn|A4w}52)Ha0 zEmQrJzTEABaBI4Veg?U%bAN=fmh(lmQK}SXR^K0}={DJMAJsguZ;5IpZT)G*J=q&V zXHkO2@oI4qR$=K5=ifK_yiXdq!6)Y1-rpg_6OU%N9Y%g~--!pw;H|3VZ>xl` ztR?}AWp9vDb%poQNRyTtXqGM z(_3>vrI(+_`J-x?EpjanOZ8{ImDZg;ix>BHhkuyIY2=B1{6@&_kbqJ$!R8%@)I=sq z!gnCs$sTi`n`Q^FJD=;sN9ES(Kv>G+4$9#|7`IfRMm#`*y*cnH+n)#cUry(nGODTW zB<}^%HF)!=Hm2mDVI4AXSmliRqV;HcWL2^k>V{ySr4-ON2;znD`TRVhOR#V6js!U! zhH#@jkUGCV@yY<{p6uHd1u0S-U0ZolFIskChXUGoy6Cvz+yA8F)I#PO5)f&?Z^z5w zdZu2T~o?rL zHul9r4$2taP~MT%K(fC>>i|vR=E3jH^YJCUM;24cR!eO!E>7k}IRk;P8K^M+uCOwB zo|@2V;VTnS%pH1~QTyRYlb&s3KNw1aq*MxE(52*=Xv>vQ@n@&e?P*WEF5fW-zhlF{ydI6`BK{xvI;L-`qE(z&J$adwAfRW8GtIi zIXeH|*IGGU8YC5fkdqmx<4f1Qj)OO7Wis8etByYzDEiA@KTw5FKVco3Q;q=L~a_&skcR(gRu%fHfmojRQA zUKQ-BYIlglT;RxKXdbfGk0Y>qs9P3~;MX%&=Kq|=QN42%%=M*0{^03!Kp?hg;^OJ& z#4(OWzw(~<+v?tvI)B|>H~Da~Q4|!EEd;w&$vik`n0MGqiUnHho`1(BjD~9{8I>xu zdgWW?{CL#jLx%o%!SP8M#3$kb|2|#azQ3;iKF#Cg;u3k%_=W+vTiW51n*}T_j=^8Q zvs!<*fmN|MN#39C^y~c$rv^}6_8LQbIfmv>5EF`fe+vWNZ!&U7hFE#pf55~)9uk|ZE!$<;PGLkW0_Wf=?wK`0H_m`nd%EjUfN&n{>#BWKYQ| zCUtM{_e}a!Jk_Y9H|J2B@`+$zMeO?o)qMOVC7_;KbJcyg#@BZOXnudSK`gp#!#Tg4 zbE7cpeI(SUqb+G4?vg$+snRfRr$zPY@{PCd^vyY>??{#7T)#_gmAQiEm%=7Wu12RR@ zRHSzfV^m0w1b3f~($xWDGkq!%pVvPy?%R=;58nKz4mHpr5qvXnp&#U|-eHdlU$Z1} zKNw-)Ekhn|aqOqLp#nj8RHzm zfY4btUVK(3i+yu||C4|wKwbV$X%fl?5@_Dm9}RgrJJ~t$AA=?S&>BqO7Wb+l9j{Ku z^W&8L02|fbV=9^w`)&NFPMze}|BmH5Yh^!(HQJ@6?m6egot5=_G|vcH1#zD{!tX?k z)sfC}en31Ttm%UQJd_hacKaWWpx{2`o32;cao@ow)bk#A57A<}!Ep zO8cmzdmFy=(TN}A25RkQC%2M22~UQCz+&5Ae^5-wG=PciOCu=vQIz#noW0fO{cW64 z3C&tiXOF2i;iS}~Uv5vvS2>{R@2Ub8K=KncD3Dmf;l??2A;Y~{Q@p?j-g{}+So1~R z89PAX9;-?_+{f$o66qz@2-0d+?N_7Pa?@PDz1(VGc#O&W0+U>Buo1}y_Dgu5<74aL z1kfB$nQ_j^LSO@SK^?-O*H}LKuCAM2UOb3%c z+4km35E2E^q^xQn{aCfVCsNg8y%0K4zH4~k0P2eXPI7%>tb=A$BRh%5N~t7@kV1R$ znCV75gE|$fW9^NoWb;Mx$Hc9V>)~C=df!`OdpR9i!$k=%H5T=toQt{K72>2jRmKqd zO0M&+Ng!QhsWvd;ysX;F!5PKIgCU&z1PD@sWJL?n8Wa_!aws3o_rfz8mq9t`*tz((EqLV9BBvVwpf%M~P6M1)b} zMZ|AE{}l!O)p5`OlbePd_0cykyb9axHlKg~6+L@*Il}vD^7b|NQ`B8{i(Da3EH&#Tvi!L5A@4{@U2pG@DwUKGDrKBw|l&9Jb9HW>_x zXzXIHK9u51u|ch1Q=r@G)K)HR1hE4ZxUcBxHKYRdTS!$Y#hdwtz;rs^8)7*7vL9Ot z-Mr2Q!Y*lQ>a2_$g4%Q)G~T?qGlwe`Um(iGtnZ5^9`?OWx-}rgRU_ZL`~V3RVrM7-YDw8!V;7Xj8EAbZW5e0pa6(y?PCw z6FeIduS2o=w?exDNOyhDz7BxI7@WlrzEjXQL9n&oy$Y&L3_}+hl)u^A6AjPbUG!fM ziCh+!Ils%3L3LMxq*J>EVQWLvW~HQRPj==#&YbaqclEKaBm;dTXw{@or(!q+Tdh7n zG`1aL&qKs-0uKWQQ%TJN{l&5Suyf9@Q(_m?jeRgM)g^As?+^QqSBGN`vUgiT!*NF& zko$cHEa|7iq_DUXw*z&OHC?@aYL9nc(~zu`@^XIf#Y$5fgxH!$a^Al54)C+l>Ts7% zA8ja|B<^@m*ehGC5n&wp-{R3jI>vBbA1jTCD#9J84!S6fDNyb}l2YsKmKa52zt?iT07jbo+(&Fvu9NFy}1G}^z`^(l;r zpaXZK%{2G7X(>8)xP2yrq~3W81tYP((t$0yuREx>5r0}c65^io;T(J zqWHnHi3hdT7o-CfESBF0Ydoa&PGu6aTfg9rX5%ALsN9{#!ydpyM`iv_Isbui=RiEr zW#3}<4(!VNjyWit;LlfDVb2C;%BJb@u6J|5F|{Af(c8yX!&hc}UnOL};VzbtJTlsRt&=s?fs zs|^QBIN!u;RqQom?`MGhGLrjZrz~Y;L-XjB#hLA)7Rb<`R#Yt>y7u;XnhG6D?#as7 zBwufmeBnh7B2M7;?3IAUeQQv7DUwl5w#r**i6QoNFIO({S?Su+U%vyO<6wUg?YHtP z3g(2|p$!%(Q~A512}!|rI@9!l9y)K+IVM5(Eu2={i!!ziThmrHhGux;`x$KoY;hEulGg{dL;$`K->c!B(MQ(i6drpaG)Anp$~<&VFH ze9MN_&vGo9K`J* zTR$i$<4RdD)M}S}&l_YCA=cs@)f8c`{sQ$XKq32fc=o>N9=?N4!8C`iV&i==V5hsF z=XwIT66alBhAvSvHo4M=dkeuw{?E@`Lqu9*vIdlV%hdNTD@;g+U)n1Hd^j!9-h)5C z?da_BCs2=9?YXY_Zoku8Bvo4q>8Q)wKAhtlClA&%!Q?AJ{Qxe-w&O65{uO^X`CB~g z8B+4|))|78sp~O^3P1Ne#_9eAQ(dQw{VJ#5#=sDvZ0b|db*XaI;^!}JdCqtq^3T@? zYz2xSc%0-M`>zl{K5>fSdU5zI^IiA`20S%omm^+3j-xCO0^gGdjdd(#W*JaHvJlB0 zN+7!sZvAopa`E}v498!_^2D^jx)Rc1^CPSiXW{kl36^b$q9rUB@D6m9nlPkE94uH^8nd-Wnk?d!!FziAEvQyS*x}LxBgj~AMqs#kppvR z{piI2ZQL)C*2k%Ke@KNEGR=?ZU-|@Z%un~dE2{TCE0>1(K``?KccZM9w)U-T3iUNEFXm%5VbJqG_L6L?F&viqF2h-~^|5I%Sdm3!Zs~@BJ$<_Ywlac zXX*MPo!@cr>DRTY!2&vzDkK$In7<$P5qjev=A;+yYWuE`_~ebwIc_*reGi$TD*bN7 zEoC)m4+r8=gJ_%K&hP6m{IrXD5MlUxUt`vCo!{mc=&!MT8jbak9zp!y7yG^dr|9lT z08SyY6Gm29qPIya^7$t`Wbo7iTMr~chVd)QSs^bh>W#b;f za-_|^trLEMfi?KZrH+9n{ZuQfgEzVeTP6qUC_-?GP^`Y*KuD@fNM`g!xrIA7O~@}V z5CA#(7d%g;DU>Coz@-9u4IPBz6vrL5hcVg9vZUmor`|p@FK}?E11vZIaF>5tNdnB` z4v(yHSK_aE!jqqrXi;xLf#mT%p1uN%B+qt!q`^$tU^0ewZ(1AGdWDY?4-?@Kj?~5b zN{Q?ze&%`(gRwy^zv-GM&KOREq=W4yo-F4Ei;1~8F&FdlR3H=~2WOQ`M4A%!o9_!6 z-_FX1nf*A&b@Dg|Uex{-PKYXHnL9xfoS=9y##m62>lQ3rV^@+e zWVmWym2I)(Loh_DbJ^j}v`My~*BE zy^n4-N>3?|rs(Qh=NK3iX@-HNVc6%dD33<>(2UI9JnQ)p9IF_v7(HPU0y&P>L)jU1 ztMTqA$9c<`tNPSiAxO!!eLmDzMeQ4+-TyURnQgxfFiV!YmaR~#2|mS}wLQZ_tRjKH zjMEm($rIJ#gUwTDIS&59oSiE$UlR&bvc>)gGT2`V^O$pf8Yg|}#S(30^N2;%`OJV9 zgd-FnPgXVyBY$83^-oHJcfBwDSEZ;A|Ja<|8*f6m4sW<1&9e zy*SknljIhDU-bAyXbV+be;Ev*&6QaS!um98aNrLbVC^xv_UA(|eFAD8!t*z{m-*93 zZguhn@S~bl%Dh{VaiO_%k1LWdWkoaTY}9aK=d1SU+RMdi9a1$mS?9P@C^@~?354}c zJsiEQuX?@^LX00WZ%^0aGJSt0e3?4U$12!tjVm(^hKqqnI7ooNm=k? zd{QtS#6Fn zZW(jV+&`dsW_aEn@!a0+hJ3&lW0-E=5ZZRBF9oIm{Oe0}9zHClP<--o^t4#~Su`Fu zp3bn12)18bRNZQF2uzFTx9OiD7dyDXG&G$GI2crCpjO!^5Rr6#pU;}I?2m?={{0KR z?Hv2L^3A0yCnr9!~@vEL#!b;b?&Y}!8iciJ!phBI2&tybmfy_XcuvYez#&>lcA_(`ev zh7k{oy+H^a_;|5h+_GlZMS|nFvKpU7}0rT9Spxe9mZdych8O74(Dr6=8n~0Z8X7D$(QfiQ_T((`UdzTR24zb={a> zHW5$#!fnubz+y*CdS%9?gF|3r=R(GqF+i@qkl#acj-D`vNClJp@zgnXcg+VOwXebp z<(@^7yQED@}PfPTe4e?2&$-{tpRE4s{=b*##laYIbHmOfWD%6nOcPz z-of@B!LfU3=I1d_G(JE|w4A+ZKZUGr5g#2CRd-LhjvfF5sIr9b;j zpQp&>$4gy1ODd(rc;13wh#|Ftn(6fW($%W^KF<61hF=+w z1TxBHHC7Yd(_E;)>So21PO&OH_!LHl$8}#hWgHu=-PihSnm=MFchVjBT{Vv`tl0P) z14~mJM+PTA%`(<)ryzy~XTRMJ%+Ehxi>z7rJNsIA>T@VMlpmynW5Z@$Pqm>YY>NFX zK7c3H*?G@P?Z-MjEf!Pc{4H4SzEYhf*O5N&UQS<(LKS|UgrXh-NGYl#OQbc|mJ!sx z1c!D_Yu=;j{lU5T;0hv=wufXeU!T^i+GQF<%4qIVzrw7}GUyM)VLAEkYJT%-nT>hC z8ABSOJO)PH7_ zGV3y8%dS7eeyUMcz~lF8!a|LI;|H=1FJQEgGjQqWEN8D*eIC!?VTtLUb*9~?vrY@V zOeWa&0e2bDG=27&%UM(=YEAYAiJ4{$&}*i$XVPb(BL5$TyQn8QJj zf%t3ZqgGp9ipO_#m0sr};K^)yWNm$}bBJ-|=Q(oyQklgiFvrZVeg6|cf%-#v zZSq5WaV{r6k;Mz-jFS5`6Fw&JPj}JFzY!!Y@YM}@QCou>B$6IR#P-8or&iprF>m=`-B~u0InOUU-8yc8TJmOEgiU!9=Y_t%o}*)@;Y%?; zHl;_e^)NTuJ*FoOs!ityKaBU-y`IKaZiq7%M02?B|I=xcJ*T4N%$`fRhDfXc#~w8A z%A+DWBcGbZn~t56p8VE$u+!lMpUv-b#!F_906+C>rM>#o!NB$fL$PVI3x4kDofJJf7%KT`mk$ewyR^p&T zF)iymR~>kKpK#3n+~eoe!Bvp6B@pCACa;iPOYUc!!todm>>kN|;@?6h>ill9A4g+B zl(b-t=(iW0aTe^VM}rm$_$IPnyZcN-YXVI~&sLkIgu7VJY($++RF zAGVb!9E>8W=Wp4>J)l5Oq|WfsJjX#JoM9ZgJ*QE(HsRGTx-2>DcZh4S)U8)i;&Y+K z-fz@tN@Htok2R0R~+20j9m>e^n&r!Xne|-$4t@1kOV1(>j;wsXQB7_Y1Ry;Vv23)h6 z%0*zQ^og@d228w{z4IeNt|o3EGV-&!el}}#6(B+TdQN*tQj?dYH!=3`A8XFJ1yjMB zTC44WdIWzp;|BvB;7^T4*ckEmV(cqrgF=A)+wYqKu%2-Lx|N9V4C*pRWS0>e+>RgU zT^*sMcLe4jd$W_VoM2bmyN?geEtnU%#Aps;7da&n`_V3=RUC!XAr5z`dkK-iuZCA=aH#2X4`y7@heP z7Cgv~^LXKr%YTxMXP_MbZ8KbPbv;7`zuBVrW@@a?X#M$7U1X8ZPibwFxW5vRKeht> zO0Mw-TTVr&y{>KOvoEu1A6eE|UV1LUd7Q_0tu^ELck_*ua|{Ts*4a z!la)rwME-Q9h?;sX1J>>to@dz#Gt^3WLFFlk`u&P-3}DV&>jc!1!wUdO6B-_qVj(& z+fXV?{;7~U62rpG%jsl$e-L4H&+MP|=rT|28BbH*9&~ZYT&BTOGN-$e-w^gi zN<{$|-}bNj_e_P?6KXK~ov#e2SX|^hgWEmzoj4uzr~`SYi=tx>dr?u^pS@fEgAUx6 z{W7Q9O(2(NO-+MNHUM(qh+LVQ>+&(y7Z?If5>zxye+QFNxc)v@c}EY-dleEhviGA6 zo#*YF{rhpMS5xtk>RYSl)dQ@a>GFKiyhj6wBzeLN0|?cAb@^%0)I0ym*T{0+I_(Dv zkmOmtbz4lVOqksKGnUL;$fBXqy{pM6pm;?GG#Fwr9kp&*tVRLU7LPM_?E4<_Q0VMz zC^%9J47=kpcKIvwp{5+Oq5Y19Nu>N(b?wyu?#(NH8!-cZ-7f@2{kmm+Kbc{W+plSA z?&J8!M8gIz`~>;>Fo*hXO(oV-N7C1Img=F+bF^mY;*EC)pVGH zTZ_%&gEzxuqf4D`{8>Srk@fxShi9uwsc-M=3!f!161EJsu0@(#&0kbS#e(~PZy;Wf zulM2m0r51d&jAW>vU_5`utX4`>6pQg#N@NYJ3k*2?Y7Z?54!*&MfCGYDfq!ts`eo~$FY-))t8j};tJ5O!1;pc07PXHz|XeG)J5|VoCvo=oFDFunDW45`m7M-VoN|B zw5T8{2gV$zTNC&9aQv!XpMxjU%&%ZC1%zCha$8(Er0J&2#HWLo&Kvi-^E_1N2O&9-+=V)Z4HT#B;5B^79Lz`? zY|PgFesCUPCDGME($Q_zqc*ZFZz?$2(fbVAmyNo*XF%`+^?ZYt%)*{4G8vdE7O9cE z*0Wo!CI{#-cVgdn5bqGhLvfJnbj}0>kCiX`c{hEl9)hI2b(l^B z`6E}TuulB*$ggX`3)1auzpg;VxXQEG&?B?}Zy~i9eqOj}j>GdemHzX+F z=RwQdn#N*Y`r+dmJz2<8G~riRgvJBn=Te+A(h+yxjw?n?b&W&;lG%D4VpmpU)zI}9C@{P?oWFNn0Nmw^B0tlyro9c zM26&DanriL{=iE3L6V|Kpp^xq01#!Q z29g8&T4#m2NzR}mzGG2I7l`x05MUo_7M%UIEd>8Jv*brW7K%5;_yDOi>KC}~on-qd zL)&IQmcEvHjW;NHXsSc?CW~kZ^HcM%_L{VWPKO)%jqi${Is`yseT$n8Fw^}Dq-CdYGP8{K zNN>`RdCG&iKwe}?#FcO<;Ml(Rr^N^3>!>3?rS5tc^Uwrp)BRIu`V?Iu5A#w251P{a zM0d$@S)=;?En@5kg3Yt#WPl+)e8^Y`82z(!Kv8NCHiLI!NN1fOm*eRtwr0jBt}3wKp6mHC{BHE zUm;qOv+>b}m5^BX9b{)z<0XlLq$JNp7LMLi6WROlOgAo{nWp5WVrdWoDn-X9$wUPPR=F&sk4H`=vSI8-T%ze**xdy+Ux< z$K(4H{&hmi)BSOD_kD8uD6Bb0N$@)H97yx^!tJ}lenV3r2PO{=<=-taqzf){-RJvR zk)tPPLqN-bn|qrTVz(4#|HsthnihMB?2SE`xWT5KMX{t|F*!Q( z@%!r7C}nRx`fsO&)XY(OFk?7=$WBY{7Yh$7tw#}kh0&Mcahs^g?)Mk#p{_;4Mgmu2 z(ytBeSwoIq03yeW`GF!M0T65c*!RDpS0$g=la<^l$$M*BzKQmYArLu28ysLg`it$p zh4_N9R)2`m&jQl_HoRdaK#y2~VB#ea6lxM&1m$WA3I(kJ$-C9MGxhJ{T!Ra{*LAn^ zJH&q&#ZS^Rw6|0~Ki8xOlf?Kv11mm=a_XLbO!*$Rr&dMS9R%$Zl{!ve7v_tVV4_|L z?mp3j+&pk^jZvg?-+KcC?>%ml#ZfLOCS_w_tt^#j*tqKI2lARX8%M_Buv7GhwbveS z>g86Fit3N~xcusOrR*p5)bT~^nS}VwCj6(X!MA65e|Wf|gniFf4 zgZnZ(IS45$vG+V6VNcdntI!*A>fyDbz2RzkzCQ0Nte>FQcEU<8cz`PFQ|^J_@wu0s z=r%%s^vTnSqLvM%_+OYxbYbl2bS^#SbiX!9T~~*4{f4=j3urzE3huTU0rdDe_g-L} z=~nnW&l#FNe>!hB7)@^8ZrTP3hsK$8N;*72S+(}-$CYA9HZ2iq!kVW$>0 zSm_-hGoLdq2W{M>o6Bl^m$Y-9A3y!^n$D-WPx~KznJ~}-Ez@ZfS7UdY9spoy_iaDb z;R+QXYc~`M_Obrb_u3_dpfQ9#j?njYo1?T5OQL?mJ9B@H_lJp8}R$CYGY< zQade#NLy%I zS?nnCAH}&zDv0Dnfr<^iYuQZ$~|>WoW@- z&0VkHI?WXZyCYda|K&gkPH>bRoQQf9fd@ zjGEK!d^bhtv|}I0S7NFi`jg%zg(}8FL9oDB5ehXp zPp7#aG%1DR9YKtQ%m)#UAO+fgJ;?jP?<}vwTVNS>Fn`SH12l#oi`qbZrM>!!ZrFGQ zE5p7YbV}bC>cib@m{jFT0h_TOSs#h?h#Gv13e9yF$(B^d$aMTBYnRwYd|J8y`j3TCiVV2u;6jzhnY7Xxnem_M*+J_NzGdgr{Q8Y zviCNhtf7uP6_KP92=9tG@-=tBpW^CHe0_ZZ&>DYc=!$HtkW!V*SXezi{(guU-{{2A zNKGd8=PM&rn6eJnt=>~FW*@PBgMC=-ruWrj+>_+)6<>N^GvBW&LZ7PAN)G%RGGXuO zH`(v>1G$KmzS-GD74im2;HMTn`ZqMnlS2o#w_DGxL|QG?G^YZE71 z8=QuG4IKlF!n7&J+06|Rx&&qLz4+Lw6{Jk z%?n8TPf>&luFV^|_VH6Qcq4I_ZXe57t{?#G8n9g!%iRaXVnzxMRZI9K&o(Mbp#+$|2~mmZ)%B6H$a4xx40$A#}^Uxirevrlrz zotUSNWDBi_dvMTB7n@4YuhM(SUrZn2a%q=}BzE_06bm!C@P(0he9#Bgj%Y7kGBv7H z5Z$lbtpD1_u4OZhA=A?IE|?Wp3SO)EkJ5!-yQf-Lma4nI9UDlW@7yw}AvBqrry?Gn8&c6d5u{ zdI)E%hUq;Z!B}_`SS6%=rzOn0MogCj^No3aK36GCs#UempXR9SqbM90rJHET&mo=N zt9~h{)|WClg};MNCkM|+l&KXQwAiP{NlrVuPIB=N?P&~f z|My_*lWihccK}y!z zDv9h$S52&N5JkKZ#H{ako4m2q`U{~;biYQEakYp7r2w0iZpz(-$C*g!KrU1lF09Hm zL+FiM9A}sq*_n6RyaWo(S-*0X9}pLUyb}?7ct7e-5`W6-6TM!|8+TC3Go|vjeKu3O z9Dxu_jQ!r1r* z`j>n%;ZSPu0B9|*q-eGW%CIca9av5_I|lcYglx-a;`qv6Orkj!+RWM{npk&sORD`$ zVRd-Iz^&O!NaSO(XbSZh`N{1M2H&p)2M7~4uLXuq_#8>~QdxhAHxpiU&hzl@aA8gw z5OC8Y*Vps)IdSlQZ>^u0m_K`;;Xw~1s|;uPHy^hf%XVl?mFP9yQM5S-X19OT+&P5m z<^3c>1P39JVDuO`ewBf>s!!t$6~H5qs{87VAI<`>0=jI^;0W#CzKQ1G2QH`rB|ZH1 zP>WxyPYv_cfY- z{q+4h{9ynOBiWiZ7x$Y8pC;w#+HTs1cr^@f=oExLukCBbC816Kvs|=kzd2CzOpgSJ za;{a6KetmxZj4;eU?bp6zpv78FNX!!_opXH@3{qjmbfN|LmZ=ZZozA^*_;9vvG_%e zG)lr*)AfK?uV>xotKW0HYpBC9$w7!xt}Ar8g?)U4+Bi{P*9UaQH=GB(n&Eo;%+S$- z$57sN*{Z+3CE-_p*c@m}lr`4yOMNB8!<<Z;lCTW%EjUnj;3@gp|Gp{fCz+iK={tJ~3I2%Gw>)J$VC}bf!ZY=ZmGPmYYIZMPZRq9kj_SDUtl*4GUPf@Ujm4MSTtv zAEV(MoW?(F%p4s^Hcy)iOjHa0z~;XfBoS6(2@OXMg(f{d^7in~m5s~P-*WtsW^J-B zUWeZ944sTZfp2&C9bm}qK7VY8?~g40ob4C{0m^rgHr;2QI|E<19iDF;In;B~F!@tj z_Q^93CBLDIah3RqVMl$cSYjzpqdWdmz@MHdgePhC%Se@mOHpojXV!L|DeWxybVkyl z+l*~6m}f2!wv2PAsO!Ep?x68?HbUeAVveNePHs z-OoCx{laGV@142=8!YaNCi^S6XLW-GGvn0K36T~!{}j-k@2NiA(FAMjJxGJcMokY~ z{bNr9fYU1Vb}mzwH!h$r3)}-O_$WTf?p4y%$JQ@I$~@Y1AGnJsS=Y9>TyK!}2b;Ha zr}lW1#i(AKZ%ftQa$@`EXDY2HmAQ!pp&)^hAC|WvMF`8M!Z^gNnncy=x8&H0vGMCm z|6RY65Bf}X+jDoQqm&=L_bvoo_GEwc)XM_v=UFp$*w!0vD#O0eKc1csG==l3rw-AS z@G52At)Rv;iNo=kLbT8&e0E<;`LP>e{fsIXTG2__l-{QY8lo+}C0U{81S#cfo}6_6 zS!*%7vG1G=ftCWW72%q|fh@nMzt-&U-wPc-$337ydTZSNBI?aNNVc3)g_Gs7stnIQYJsFtJ;g=XxL)3x5Lt(}%7JxzS9}|-75uo+qZwuy54z0CXY+)}b z)@c6ZN=1`mbTvNbYP<5Js1LiH40^A+B61^Cyhb)8ryKfymuqt`Srpky)E~a~@9K#- z$%i>WD#B#Q2OE+iV6<4g&CC1ryC>*U zfR_2h^D6hyIdgMPFdIBEBmVL`k+xLgkrsT4eT`Ksw_dPt>SxvI5^m#zdNoTW&IZAk z2Ty1D_Y16w75kVZU8l7RUGWBi;3FnHy(A2rLXMDY{_GffdNhQkoHmA>C{X!My=~gO z6n@6`0oi}$t+l6zok3_lL&%-O?|yDRuK^P$v5c1b9%6%3TYQcf$LCs}xLFVvNCqbY zIn62(Ys4nVJyHYKP*Q%a6dr$wsyQBly+K&Cxp|*pIj7_B?*?y zI0wifO)*V+AQINvfY$Pw^%My=g{k`rVpha<9@hQ$^f|lQqz^~m0qAF%xb=DR2~%A7 zuTM3F6MsVON^^x*Yb6lskK54z#`8&lK{&baw{=RUicaPF9E=m%2KeN+NEHiZxX|Ft zQ5OcToI!mqCCi-Mr4_3&!A}B&0jk@H5@H8+nOd#~+0qlb=BB)$PwdbQ#tOk)z&6_}}pUpG_ocr~F;S99tFX z)w4qI=XxY}E5Fk;%B~V)-~zzDQOaqp+r3zT?CDAJ${1+T&#=#K{d!fj{T|VX#SihK z&lI6iwzlUB2>Vs+?3f{e^F#;{cvHAIG4Op2N*y!q^|KB31!6oO?|nie z-{>beoQ*Sh84!g{2pU6Hx3+RTTkUD*z?kC%m;vkS%HPE;x zlDp{P1cVV4rq0KGsFpM+uT>QuC67c1q1QW*%p#)6O2+O5;LWr@)#qw6dUPsF+4WL3 z>#GZ<_1EykHl%dX4oqD9M6`MU-&1?4cqbuj1>ZL>nDBs(ZlJyq;^SJ=LjMUf7<7&J zgTduzx!p)`H)ojQd+%4*jIR0IDPY36I*x?R+YCXHy)&l5P8B-dtn3(); zpb4H^o}&?DW+mnKX_RM+YCmzRneTQuNb({#4*Yf=cmB%uq$NUXwq9YRC50y+t_c!6 zV6$^PPP|l*aNc;3c~&X@YC)=%l2lkeKln2z#My(va;HO3Jb$;|%I9#%?GVzJ_cH%Z zJ3C(xZ&0%C-r&7tljb0sWh|P&-x@jAXkTUU8PI(FsPjB+=|vO8z166m@LNcurGfKi zY)vdJ0lLr8f^VjK%K$-jWjod1edCr!1NVDLlZWCHN(X=3HOJC8{W0`LsG02royIdK zm;jxF`zIlJZ-95C^PTZPRnh%@(KJuQ7hZR2xNqa-H(VTJ#U{NcSMyf2l~^ro3~lxC zaokrUTCvZo`losuTJLEeOc8yy9zSpbbVyPVk4izA6hNr&5lPTojoEfvV8^WNp0vwJ zLn4K9#KxTQ@YU>2ltWV)Vk?49SD4DI^6GPnr^1;xYD>%^Z> zHKC;*RT*|(9)x5x))J&6(~t5^neOdg`)G1rup>TF69%q|`|6lRuTdGWG+yU8PkDGp zhUwza(K(+hfZB)-**qeC*gRDevlW8MFa1`osWVyw0`hRRCO_q(StV-S^I`rW+^8C`yjOpUefwdRQV{ak*! z&C%Vhk{%oaL*sc<5-!hWlK70aLBi7h+2hEyNkz#Y$=bho=BNe-+T7->lG4{$P zlJL$qS1RA`kZb#y36ko_lB{ExOz!N?tpW1} z!|gC##IG+i9kQdExZ*K~i^kk&W)&d%{d68(CX3VaVZT*r2Rxng@IA&=lMX_CjQk=- z!p`nhyPD!kWqzQ!35w36TIugy9ds{v+9}mS&2KbY49d%6H07} zw>c1@h|{-okWp1vw;n?$zTa<6_?BNOx)2gX*py65qPHG!)U@`XW#=+GO@6?7Is_Te zZtyeM3yDThmAbz3BI16_p&F1y+=lQ)R73xJ?=^KRpMm;U_swe8XG2nZ`NO%?GNKSMQb|RU6=_YkNA~lKz3}#A z?^u1-TzgYqh$g_(x#f*$E=oDw@8ETRT=~Ssm&f(`>#p)$JUo|Y#CJEui4XcU+3W7n z$bYB3-Z`>5Jv_}HogLR*moJ>*NM~;#_x$cR4BJ?hN?kAsU!Ra)=If~qmjV=qi}_L+|yCt1gGW6OX2EQw~uVHE5B-se7ly}r=$Gf z2RAf<1?*y8hy~S}K*EEs>H93Ohz=eyV$H1E5BE&ToBG`M>4o_MVeb>DbiGg1eJE^8 z{Rd$$%s08Dw(2#4jsEQ454jV*7!}ti&fv)B&2LNBT;Q(1^esK2m}O5T4u-@|2MwZ& z$DK`yj`52{)3r;7#>063EPY-cxFa4FZjJWqN_%aIxU7o>)3oR2s(watMs*hs9Q(Lf zD77z=S*(VLyf=@Duh*Q3UZypyt9bf8E187cC2k~nkT@Nk-5A({J?2W7rdv}#H>Y%E zNvmk6zN%~q`oraF0{ZdWM{zHB9&6tj4#zDOlAn{@W6FK5^#_Lu_@rJCj2K$%(n#+IYHegUvYByj(ERkDlLf!=2P{>oBklEzIIz;1}WT0izD!dSgX zyge!vb*ygc5BiIN81&S|_o;nEn;F=0Gx4?@kpQR<7Ykm?*sz2JXvZ^>Dt=pXXWdMF zI^CYVfxIb4{9c$`_1NPuP;U%=MOQrzPxl@Coa?=l`7K~nWp$9sc%2tn$&@1itec|VimY@egw9iXa{{_=@nwGw0arA>+}5HZMb?V#G09`Q=u zQ8<(KhZ7#~#)_X6KPOJZJ>jEJ+>V;z2*#uu{3M6PnuV_HiCI0R+S@?jAaW!2D;jwP zHVmmmR3S`5M8biZKUV`anlNQ(hM+5cjb9KJmOY`bLdKL%Gwzq3%+v21p1~smq7Sk^YA@msgE`REVcO-+3fbaLZ?F)BxW|njC(_SL^a+R}g{r-av_A zsmmd#<1tad+OI;6+WoK6SZ0KNJ;IFv|MvNA#xmO7X?{p^1-R+_SaS3%Cf?2DhAIEj z9hc_Iwi4)62V<_id%=&F&-bKX-r#^=PRk>;mQ$&@*H=4O*8}4@C@1A~^T*VPgS(Lq zH-8X_YMXxJ_B)q@SE%q&wOWEi2t*xvVd^o1L1zlUW9s1lDoi>R*Z5!X+OD3 zCtHn1ybu!iT9coyjO`apGYD9e>m=a-VQgTt_#_67SGAF5B#cwDgF z<4*J>n7EQSlTtNkA_Kb0&+|C4e1rQ@+Se9}`#hhNuz%bTc5NlFSpXAtXZM1WH6L1J zUsU;avA{I2|3L2~$|kAru*w{7RiH|SQSzfu+H>J=(BI%`T=)?YQgZx?qu)vA^RF_m zNIzyHO)uf=!qYL75B zcR?@wv`@+3Ku#SCh)bOs30>)2$H)M>6>!y6TM8mduU?)uE+8lEQlh_;Zy%BOw84D6 zha4}6zC^4uf;7{w`HC@_O053LQs;JFZ|wRdn|ETT_Psbn#FKK#V?*zUR~nj^Hs~ik zIULl{kT_hNXvdO=Yx+mllmE8S z@JLJime<)kQKkm7&wjbn)93X)Q=eX?Zp7W}5eA*w_JazxFrpy?iKJ8JFAO}e=94M2 zS3?f`z{1IZ=f)Lr*=i|Va`y#qhI&Tc*?o*yVrm1DyyI^Bp-jMafetHSb+XdnGP~;dVN!dG~I*{a|!Rs#&zLCGM26iudQsLETTtQ*YwkXqZhYHv)=I_SI;*p)Gr^>;3h`oB} zu|}$~YvE`5@9aD34Shoh1`g-_u0dHX>vdZoqvNzk$c!$cbA#i##@N?o(xx4X*5(WP zCC80SRq4&ur|b!1{h{oGU&W}neUIb^kT2?^@5Oqa9M-S#)(h^aMjtMr)n?EI_C-7! zm2ACxQwMlkxaZfnLly+%TrZ8OVQ{}cL)FRHLRXhJLFl(Js#H<6g+=n>g*@ooslHqtu0fh|*A!MD0@v|!))`3~9LMCo zgDXO!=6w=VZ>j_BsD)MS$A?NMs}1M9*9NCBKi?>XdE_Z(laF%eZ#72R{SI8etbN_9 z&%LO4 z%Ac?y1rWPxth=HsKl$(_@WJljcIkwIO|eja))s5~bm)E8JY4pQbYoFrz);Qa>k0a8 zhuG)1#?zrPH(Nl#2SUemeyAIgU4Qdh+;I;IbZc@+C}t=VG0Au`*W)G<)O~OtheH77 z%8b~{Z66)r#Nbt_<;aFuIi{}516-4io-6Rxu4wSUuz?lp1NQ3v|mvVVxkLTaXk7*}USyEfHoL=q2P&dfnc!Mf~H(rhZZEt>G^NN9KIEZHR-VJiDLuzkne^1+% zeR&N=?X~zaWN>^C4?&+WR0^Nlfm=fVv)>ee{wONKA)PIOc@u4KA^1y`eY0fZgA+gF zZj`K0`Fwp3W)9z66&jY6mAjU89rwv09OFcaR5ANB+*mJ(KfKZlOh>(KZ$AWKJ`W>I zZKrk>`Giqt`A%0)QquVE6XjsZ@R*uOcdrF=_RF4x>%Oq@F$>(&jsIM-pD)tSSyosr z$mrUmyhbquxgvLEF-(HX$)EPq%>FC!GCh@qXXE{(4a-sWy9K zAC-&iFF4)F?BKe!ZG)BrQ}ewq&oip6=3%T)RTG{6-Kz zU^>3Uavr)e2})ZFQOrC#DNah`LzRZ0q1+Ixei4>k%q)3U_bDmE+e_VSn%5q2HIA_4 zUC33nRG%NpQ+{dlESb|-3%YE4IGGA&P~eZ^aa(OUq|^Pr?0>4}Od@;QFWxYK(n4AR z#6_?4f-J(&#QfLW6@c?)2CAp2t90|YkLl7Nohw1*B-}R8q~)l^QdMdVx4x7;Nkfsd zu3GpwGs#LbPuqvq_4MQOoyDU>>LH@8ts%qy3v1J8@O=k=ovM?S zcyP4(y?)kdMjX#`{GvIk{cvQZdp}gGHoSmrX!qXFc13?zOzdO|ab?gJ+jy`M%B%Yl zDkn%iGfr+?q-*?s*<#*@a_T;v5o1)Ufz3D9#TjyXpXF>(NuRaeRQI|mV9%D5G}`Va zZ*W60cF7CPtQ6e9r3fx)vRw-AlpdaGi1q!S+U{1hHQ$c!w zX3}X>xGQg+&4YIR_Hcdw&M;e1!EgKVQ2pZIq-`?xq(A9-l2JN???ikJOTEdRnsgEO zaqE>UYxV*vQYn=`67hU_{Z>21CUX}lmEaHLVN#Ezzn9Q3#ij~7udutpR&=~(@9rZe zCrClvJKb;3>&t;QGdV04I`FWoE*@+O=_MVBlOd^`c0<-(YqUiR74QukLa6$$i??}u zVSvvolnoQm-Kiv!{8|s6zO9Nd04De+wB+K&$kRzK-!SS* zDQfe*UniIW6#~E;iXHwoC_wT2l&I~B$dSLdT5(fo^ zt<~~K70}I54)H+T_=gxUR7g!m#}hNp>vI7p>2GJ#))xDem+8s8+FKHx|p z0rSlvdZQZ`JkZ9whh< zn=jU?Sg9*>(i|SeZvs@>QH_-+w+#+fR@$) zBfwkU;U$+LGF%ZA{+f|c>9AXZxWr~3;as8!ZbU}217`ItHS1QysL#KgCg~nNR8}w6 zK8ns;aC_iO9!-Dsz_fAS^A@j_bArEgzrZ4O^7{Q0jyZ--;U)LPekFa>{d-WRV3n9M zm&Y%otP%py!os(It2I29o;^&4T`-(WD0h+4G13sTnq~V4j91c*Via^iBxhIdwG8{f z`AR~aKHec=E@}y5DyS{*qJe~sJ!&qgKOu(JTC?_f89gqko3p67vKU#sD_Q^et6E*h zk38NA;!P31>2`l`<>Pw?T_j+OII7n=MR@Al=UIG%rx9{;ceVCpwPBaR08F7UvM^-` z%0sfJq!5xhU*0o%rO{0r%x91hw*0oA`!Pe6EaV>XnpzELlW`e=7z60E5OAhDi}zmeMaPgMP+8* zQ`=qIE1i2Oi|iap;}G8XMn`L7bR{kb_=#t_J0=ZefSPQA=XiZ4&Ve?U%Y%3w*_?%5KLZAm!s=qc`6iF(TC!*$4=in6DRaXTdC^79_|qZxHucOY!ohfjDM<$W|8@rq#7 zKK2m`TaxDN*|(6)%=+pTNFY8?kNDX+ocRe8q{X5{(m|E_oIrD85_zsm`Ms^95&Ay))KYzlkO z*=(#}M_Wh5a}UTOd0A%A2$R+_rv%3@pKteY1}_Uif}hY zmzw*N2YAEjM{;a{psgz#9R~{CRy5wk2udmZ3-pD@GbfqL;z^vJx1w5V&W1wx{8i=+ zJLU~V-{c;fL{e41wBn;XJc>tbH^!Xo&a3%yUyy+ibrPJ7PaV;qe0tG^gR!{hYA6FC#pvB~z{=3D5wZIJ`0R zNzp~{(+uF?+Xv0{4DGx`p6}-kq-QygP})d0Hlc)0XbSp{cEt3#t=3|(*&PnV>N(!D z2i0eLuNkX-GVORlpZ5cnYQN8+|60-=zobwFRXc^Ea)aC;W~1d>*+Y6A5VW=w@(DJo zPE*@w)$_O;9v8R;_Yns^=;3jJWxC71_W2MrlDUpY#lTO*99x*c{eHjq3m{wO>0Ve4 zd6GPA;ymoFY>$SxB3LPnz|u+n_f0c9&}9xT`CO`dDgRs&ymTWrpgMG~iR;ug;7bdVo<2e6>v<}2$^ zW>ZAL2FDEy4_gn5&lTY|WevIwjs!yv)~hkRSX_8S5F?1ykG|#Y%F}Un>gh@bsK@|% zk$Zya(&oc1WfEJDF}^8HpYl`xE>g*N7E`%WF5h736M{U@y_e@;%GFwfgaWXfB0*bv zS_qO$>9=I>g~a=1+^fXd(i@FPu$o^#SJ&ShHT?Ycn(g$8B1P{jqyop8$)DqS*uFzE zSCn5N5WILL4Q(5@%4QqHK&EPC8%9woKf=Ee{^g5I0v?~U0T+a^^M^L^*Ys?EVIG{2 z;{Kgo_7k#d6VDK!|8+I>TN9;U<*O@)?3Ab()ds(P$f+c^jf_^iShsFz>vgcj=66HH zrzvA^6A!?jxXkmf2Ldriagq0MZRZUhSiqmF6E(Kh7i(b6BQCsOJBP8xTG~<^bqh(Y z+OHk`DX5EW-Au94x#)Cbrcja8BA>1T5NG8}#j^D@lfSTTjdZ?<%Ovm3#PX=|gg`?8 z&^)`FXozn=>I>zOovGI<9C&a8ksm}E@5%MhllR_3cyk0eW656$M;C7guRO}oZaujB zs+HC3NaBqarf||!!W(hiR9IN4s}FX+5IAVToIs%i79?nC`3376bQ4#i)+k{xjNp0- zr|_pn*-hrBF-;^4xss9WRST@JfsH&spJ~h9RSj>2Y9lMWsf=HQut!V?AyDc0^-bZ? z=(88bvrp5&>j>?RkTKF0b2fi_wPg()&%=WrZtg}9rEm%^711@ASyrlkJle1 zFVt&sFwr1qJYwPlxqWd)iWVYq_nEIX+ zh`2P+S(4dpw|f55rtHB@0@tnw^}Fy8ybso?ulA#qiJ-|T1!AiARo4_i(`cTXBUTqF z4BCj&o$Mcv8g*5ffjPo`j7Q-QZNiN~Bckfv8KGwT@C{Fh%Hf?LkqW#vf@9a!2! zTdfk?t6iSYp+QITFkL0UJ09`>ox!9i&(7aP&0ZU1x>UvoWK!)E68Vk&@+mnx<|5U5 zbr4yfu^c3L#*LzHwHHxF>E!HJz)1fH0TxXaM`R+cy~UEEwUzij zA8g5622aMH9G?ra$Gx6TRJBu7_bhn(8iwm0_&eR7bw8$lBZXmYJm3X?t*88QLeB#~ zQ42P|cUQfz9f3gse2O1uvwG5GKOnhxA2jf1xTjHYI?XJ!iPBS!?7mp`n6EKILbi(jf<+G-{DiPA{0#a(?ZYSH}> zIh7|_mHhYxbL#uK@VC)a<9*S6hY2ZK!ri=df4Z8Q^2x_SwyZdg)GF$Ndz=bpQSG(xMORH6S!6XF4d7 z_B#|lIy>d}+DgTLdyTFfGi$Fq(0v%$v?Sk)23(RT@enP7_bdKbF zKSm^bK>JfGS4~9az6#^zG935o?D0yzm-fuj$jA*7i!d7Qht;dGwO?F)W^hAFJ)zVg zUUD@TO=0foy)`l)gTXzKIl~W%eT}$KhX0kB#}`;||EjQ*kJnxgqk+JAi&(1a_@1=G z7Zg%oqQAiu(|7g*+tb~d3AT!?$WjO>QO*b+Glw@Oi_v4HY6ZS53-C%;Cq)7=54FSI z^UPbFW<>S0=)d0#b#bJjHUI#>;f2EmIM51O8o<_HSOwa1JkLaqds=yYro3Q}t5qv# zeGKl#YOPzhA6L(3cSDcwz{r}CY=lzjv+lq%Bk zg9#LU%Xf@S_@2WUcg>~9hD%bg_sOCU)AiK%`!IYAgQ~n|Nra$s9qKnH<#aOKC27L@ zHQ%!Ev0v7JlJg&h`h=f8Uy~loFbQR`REY><Jrm;%7RP-bc=j<2 zf8xm#0Rw6-*oj=amN(V2cc!f{|GnA$#t9HwXB{@?LGT2RXyn_?t8eS6tdvL}&Gb`s z$!#B<8BV1|`^ZBhTpb35fJ3|cxV`WwfJVLJyRsOty1QQh53WlpQf&9$ut|NW$zkL7nbg4%nXBM-s@*9 zo8NgDiwh+b@Hng-c2oIaNbtfU~huFxlw#j64!Lvc^8 zFZJ=O7c-SV98c!9i2Hi?MD`~S-qz^a9WIF2dPR>Ube(r)*LMGTSjW@Awa-K>EuO_3 zA~*!2_`3-U*{7z7v#OlqmgQE4^=JU3nyozv@9ml#BTo%pl+U^de zb(|yn+ro=taQt>QW_^hJoC5Xs34FhBq~%sbtf^7Q_YW5J_wp?4OGts!G-WYpV`|^I zhXh%)Hv1Tjpthc=?Snf<;M=28Mx=h{WR2gpD`#jUVx~J8K5<@2Ur@r4W|RLcr-6$( zz&?^HVqry3&%b?$$|292#v3pv=-PZ`^Zgg*>oi5n*kQ%kS6^sY-`%8%Z^EmBm)hI_ z2%s@}1xHR!ZDgqp`~*JnBrVY^s!vln+kN&*?Fo4U8=7ekVn}= zyjve%ZA|?-LhW8w@iAdjxD>1PDwh^F5u#CTg>Rvj5Lodom&-nV-J<|ufPJ6@M1i|paGG357%CrRUWCcZ^6=_JVyB?fil3+IvL#p`TMNJ z+c^C7l?-O;0dw5v)I07+kQ-E*S~h@t&D%aat$R5!@pZThY#~Nzu4&o`BvctpSX)nx z&%PcFgsf9O&?FcinHW%HAZBQ!KA#k1=?}X%eXUo~RoQhxTGcC!8-9bDc|7Y1Rd>i; zW1WdGG4Dg~gpBQ!TWwwzx|t@1ql;5$6o2V(8w(MPbPa}5g^YP2&ZKs=A&(cQs-}Jz zbp&u4)c8Szb6=f0y^$NZ=@Rebvt*96QV>`f2b0uBhhT z@`Jt~{StA0>7}rcg1pzYyfK#GH*9Hgsj_5r^I5CY_&BxqmS*h8ZB?xhN!m*&F>(B> zY=aCmjK&!uwg?Ej(s+pjoE*S|vL2Zk@1Sc{Ol%JW>)-R0J>G`Nb2=KBz1Q6fN9mf} z0JDAB_m@y7tql5iiezEL=?O~~d?cMGq5PxXhzdN_KK;Hzwo#C#q)gf#+AcXTs+>;E zF}V}=_2Tgi4296x{-BZpAax&%iLWGuw=eEk>HJED&mV{8$X^xVRSvUwReMV?G#fRQ zFi7bWs8sXd)Qp8KwMLc>0Zu-MR)Zm(ndiE&>Vu(>VQa<5%Y!az0v6cjAItuuxsnJR zMmH8fHShs`n}B+>bRv<-4fI~_R(FQwu}|f35dYvg_(-Ahy;(`dm-cAho6j}TxHi|O zdFJQg*v?0f=Jkt~Bqyok%oAcMlj3G1b5l?e=k((j0+Q9AU$j~zM2`Eb=G%RasFsP^ zPeqIA>^Iz^8^%^dwe5c~6P+b%tz1mP!-^uEryss8?jvUzni&09t(c&}J=Yl~KNH&Auqb~-R(xXqr)Y9M9J)ibmajaQKJ>xG3p&?aBrS$U5ah*5 zU(RsbDo{g0AZy43CIWNd?-wA<^!v{~(U~ZitTn5TD16#KYM;BISR2EoT4e+s0no|H z3A7_)POyrWmydUJqn{TBiB+TE>@)tyR!UjyoQy#5GkL3YqXMMn*&LsEE$74D^0tQ- zOXa=mB@kNy=5M;i^4xf^qF+DAz1k>fp6xGB=NYgUEI=wRr3xXCqBroj&tp^Eq$O)X zAH0U%V^K)V57#R27&A^cay}AS^zFz4?KOQmn7$Gb7cD5x1!z65Fr{>jbe%B|%O6XN;pfS~93p#_H9$?| zDj0Wqo}3X~sWSW77_*cS=|caBw|2dW`+3BUwcZJ)Hxg}^{hoGmdS4NP{x-Vnu*GMY zmfuTaPZPntY)miQr{pwiloG?TFn36oO~TH%wYWamzuK9T-rN#s2@h^DaO7d%OY={xK=R#&vZv-g`m*Zu7q{l-*WSvQLRww0A3X*gDQqcqH*{451M?8-&UP>ZT5@y0rUg(-bp15BDk?vLQ49O*7CfZ$TbPH z;rJ2Ydjo4oKeTuE;F|4#?SXr`ADht`AlH@i>*rYMA3Ji!@UTPx$;hLp>krI>Kgi^{NMl>j>1*s?@t~=$CMly8 z(To--=iO(wssv9q~d~KXB1SKKfWX` z*BRTP9i=Ym{h&T=-1L&9ovUW7Hv#1O+48FqQS;sVLtWtTP!;0}9dKB&CO>Q4h3|kI z_0NMu7C}T9_Qv@|D02r->M5dL;<#R;=)4LhQzo)NGy!&$Or$N{mNZEludX3~Sq&wd z_R%&#KAl&cEtb`Bk@Zw`%W_T`m(tdu zxGT#Sbt~?_hCqv<3aQ0STNBezufD>WR4lBK-TbG zr6^e!syi)D-#Loc3<+iR;N+)y)^B~up!bDc%`14z;=4g0-P)UOxsX_FyVmm>HS%o^ zjHOHa=fe4}|4g@`eV0mmdR@Kj;J^=e zyF^c4@*Y1d7ibYlEIZ`N3=hQFd&NG3p`zhx`jazXx#A!0m%;j7(wI09dsy2dG5r?K z@a#0Z2)kPl#B+UnA1z)P0Woa7*A{=ozUG85vVgp)3xTk3sm@Y0oUbh6;GU zU3LS|_hAOV(( zJuAU@xKfH8l6+NyL6Hzqr!wttpL)H_Rp6#*+r9;Yn+*WJOHDCS(5M@m07)gsW|>Jb zesJE{a5F-5aU$?11Q!%fSAdH_u+3jA?NGIg(er0y9aZO&wHV*_AeRh)V?PZqvU{SEs>JD9xhfLK=%V* zqoohmLkd09O9;fFI?PkZ$m8K>zwcE3M(5`FF3x$I?8+WvUQ(am=lQtj{7Hjemx44L zUuTo~Q`!$w~Cg4Di3HwfQNzU~jpe}KIH5G2SHjtMsM z!A$O6f!dw;IY(fPapNdvrMQ$_>v<4&Q>GIM_q-xLNLod9C$hDTi;}>UfSS`i;bO#F zB0S+U2zz1H5&O}7>=W(H)nay8K83f>9}4sViAA#a{NX1;A_V;S{%GHnA49|nV51}* zxM@=OF1_ye$`~Cx&l>j+t~A;i@KK1RvuecJ-Z_7q4e~BWe1=&5fEcdjxPi^BBBf-$ zit@v=%mREt8}rff-5V>?rQUlcGmztVQkLq68u6#^pB`iXxIsy(mE4u`lc>#ZF%tOu z6Pl#wt8Nj}^%Fjf`qHbzc*)ApVU!E%%(TPOX87Ds(#frB*l;NAr>wv3IfwNtlw3In zZ$Q=ySDcK;s7|Hoeug}IoUC^y-Gy7z&DQO0k=P584_cW`Dw6CdPkRIPgbFDsUWfDP z*(UaHA20gK9iKw{j8<{H2Z?O+Fn^IWjR28B^4j@xQ#JDNN(4q?+6h4<>aLY{IWk>!OP8tP*eR3#7`` z>m=e^rGP(gY%~k)ZAxVK(M#|)Xdlnj5Ce^VIUrJ#O}mboC^I}?!DXOo`;U9M4zuN^ z<3RT?yrw;$4(=xKXF^#@)&psEo)vEs5RJlD;n6%Bx}8jyzgs=xB^TW5ONsRzieQm? z`mU-MUIdylDZP#<>AFLN{gAz9p|JQXEIBl!a{+`-HW~xu&?QvMFlutPHS=6EG?%H9D1%dgq)oO+l+hNePP31MeJbqRR`$PIpEc zk4+givR1FZy=;Ue#hU1*8{FuELOH#qZE(=;vNgHptFu7P&5YiL-n^zb01k0gG|`q> zj0q3l3j{dCzFnT=%1RHdn&&Gd%f{{eLa#~UmY%5f9jGIX7bfruSaL2zoGYXt{AF1+ zpcUzr9<`T{DKGpetr>Nb8lW%q4+}-jg_=;24VilfWeuqfBT{one8|>qp2!x%NBN-n z!GX>KP5B@4qK8n0jSC%&wh_d0&V=XF;EyvgB{j4j`Bb#nmU+Mz#rawx@JKeqr`x+z zs9%JA6l|S4x=F=iAst zKvJ-dI@5G2)BvF$VI%Q;OneTP>++6i%hrbQomG!H`1XSIdx-n&o<1(Y(@?#lRZUpw zG6leZnmTW8KW`c8rN*D`TTC7ise%GkBL)zcapiNuH{2(opVq(_}xx0o#6Kx zji-3=&Wb+A#N$AV2I^aBg{F@^=ZrN-#dE)JJ_-`|j6(;fs25msFMLVu^*uG`BgqbW z^#tnz@hm_k0j8r$~sn0$!0hJUq^(#NKAhF0Qr{XCG>i9Y*%^Ily8 zq7=69@VrDX?nOEAhrb;l1Z(6Pyi%%QYuxZq9HjG6mkOr;%`DCy=ViweeD{Wd2;*%3 z&6VUch}fOK_hOAeOG5w6kaM~dlF@0pZUnk9!{0tOb;Ma#S@U!yS43jt8{Q|@u*%i6 z*8ci)iDR2zTGf9b91D)OWPlM?@7Mt;GsvQ#0E#|Us=yzLyR|<0!-p>u1lngmf)6>{ z2>a&wzI;&@_)Cu$k18|-O_K4ClzLW9&pQ0%eP7nNE6F?b2q%Dp^-jvHJQN7bmRIG?+c!K{cN`{7R3{YA8Tuy{)R#&V1Tv{ z>&Cy_xY`&i1~Hsp9+Y?Ie5#tKpF<`qj@emBR{b*Xt1ILFxg+r#gdDRMI`(in16$og?I1Wp5EAlq ze{R$FxwQ%N5aQ@@ON+Harp7FPY9KgWl&DL$9E(T}^KvdOhf^9;WQm1a5|Ivhc#-{u z{Y)nGF8hLeXj}q-xGet()5WGvmuPJGz{Ga1gGkJW5 zqOi$Rf8tn{p#ZDi&(|&9$No>b`p5Avx)6f5l7JEBRk_9VF?3x=+|(=7+K82MS0Xs$ z^^5M)6@IM5dcMoM3;;y@V<$RsU3L#vkj4bNm=q(J6ygOS``zOVzf`h8bKQU48*J@h zo&y2Rgwbsx_TE7;p9h_Px|*6VJjEka^Lwxm==kI%)*uK@eGnHs?DSB6(*QjxeC#J> zyiW)DorxBHB9jlclU7ACeday4qOjj|otRIUbWXmK;H%@oe(i<&oAF2Os=goGfU_nj zzmFoge)by?x50gD{fR_QB8#0*^SV9bDvnun6ol258hb?=CJKVj47xaF&Gb4P(x|wg z>9QWUi-BDx;r>hfTMdFuNY1xW2WiX>f8NKI>Lb4m*upN6?9g5ZQFn*mF?z&&ck+5~ zR#)Ph=XQxCiB;(&8VliTmIgWLY7B#8ifrqPU-&*-kn6sth6_L_4T=0Ue4^5C)s@Uq zGcdVJ*THM4;VT$>@Rcill<5kF{xWb0+I(-okL>vM5r`>f(gf~UQP`y)+882iZ&JyNbQfA`z@ zbU3aFG=1qL6I`p56t_>Qw*~4}NB-^oP7*Vv5P9>Dwu6g`&C>a2e$2bL1e44uyFE!$G-*Z z{CL~gwj~=bvUYzeywmN3EL6#PtKT0bY2L|spbi1-6z{Y2@q!%^{(@Xj*8QFcL=*$5 z#DVn#o?_b`Pl`%u$6umdrYV7)5;&9ts9PpQhu|k71<>=yhW>*`vwd$v#Minpc_2G3Yq`mqPN~4WC{l21v zqlGD|&V&B+zFgB?-o{yjn2FQ97+)B%FN&Z{AAc&FQwJ6-CV!>&_<2<++dN)g#07qa zIgCf1#@d)0GN(GUI`a71vhu$aqV~Xx&a5YF>7LJz$r%OLoOi`J z@qRhiKw~}=jAh>@n}^q6*HPvB3G>Wa^-Uu8m5v$*J}r(yz0xX&^5?OgK=O6UhC4yF zQS697hb)ncS1y?ue?wPgez{;bhP30QQKwSP$C#Ttd(%i7-tV{iQjTy# zKfP~Q9d9K>pS?g~)k|6?&K+Kc&Ph_l=;8HepS&~n=KjT`WMTw9z#1!ONVgPlbRGcMnG4{m`}|nC z{UG@mN}_R|_pmxXDIUZ*U~TQbv=$Q@b05}`qg|PvR$VG82>W8Wgx}^Gg8z4P5u996 zBX-~4Np(wW-WrX)U1RS`QE~ttgXN8uuT^Q2;VK$UJ%ZDJZ&A%QF1uQo2;H4^)u`f# zy5!BEr8Y3gX9>l}@kGSnq=FMX8qpxwnSsIBzvjy@EchxB<+S6;1OeKx>i^T$Y==Dpl?sXl$L zB<`;wDlnj7!u9I%eVFyaX$#$?o5X9;6BI-(G!hR-e30z>jaUr%E4g&j{TCpi5|1*u zl$w%A4NLeVRx_1s9ckO&sr*9wa&xF=%|9#MeVeIF15~r%L9H6Ub1;(0hMyapD zsXAYB<~X^`&A(O;cl`cLEnuy>&Rqfr9|C2f_w)7iNrk+Ogt?)Li>hl{_aW zDKZPT)MH$~rXz@eqFZPzx9v%)QJ*gH;_0v{f%sRV0|=`7+WW<6cEp!AdS47E==K!Z z({~r1VF&94%7FZ%A~=)J^*R4jem&c|NyDN_{GcUjX}{l}9-!H~a%{Xfb~TCohOMfA zFQQN#M>M)Ac=zD^Tza?spL}&$(~%@de%DSSuBmUgRL1n7m`Gh-0Gdd}zfGY&$)miI zGA&bP)USB?cVXP=nMZ7KyR*-C$CTX5Zy5+>!Ty+rYZfY%{9?|eh|C|_*2*liz>D?o90E;g~P6ScB(qA-Da7f0W_KJ++WZdnjEE!I|q) zQ~Z3DUGH#O%6kP_i-+$@+t1-#=~axxC9O`JID>9ZaQ8dsJdz|gf5W2NvoCf1@XCIC zAAxt)muB12PC*d)HDYFLoYm zE8p9`=2_A6z}~oDo=)SYs$R09QQ3@TbbUBa;p^I9cITshlsFDvc2)UKRaiy<`V zw&&NC4<==J=~E&TW`rqfm`%F1HVRUEVNh$iSAOlT~nebI-aMA^;KDo4;KyVNok3dmKKcv&Xp5uKupy`KvTnoA0HH(O)Q8YzLDY ztlC>t$k@|la1;HHM_9hFJrQZcO9crolp1j4m!LQ#K1aj#ql18u_XVkRMH?<|CV9b@n>EEP9)N<=o?l4@X#&;B^k4!!!G0!3Gw7q@ zFQWKU)zY?sQIXG74{krs^aS)+?}yT3HKMwRhv<8uZlA%B-}dbbXvA0I*>n!+B`u=O zg1!CuI-Honp!0Y21mSO4VvRhX(gx8kwkGvbrUYrMDl8-Qm@3%^;hFDL&u*Dy7Zcd= zu!s!dNB1XEdl#>_uak#}#U8KQ<|TN8{?V|D1I30$Eq{Jw0+xATV#Oj_NwN|7-OZVP z$pWMXOqM2k2o^ym!!72MUexMmwvuZ8atFzfFQ4(`ta1-9DP`Mj7pe9744~2rn?C2; z^Hm;0R~phj>baD;hUkKC`JweGtY$Cua!6$HC>fAUR5K3PU?-EU55TmCUaKT)N%}B= zcvt6H;EMP3LHFn}-nc@iI7pqyW&rRwmogyVDz(2Z!@8HE_od{0IKss{n~UEb(n4NW z*-m!?p3&6SqOA?{RCavOl!Q?ribMnf=lT!#Oor`BDr@5v7IPXrU>GuX=YsyO&J(yY zjBc^0%K)aEcAgxrlvKZHRki%fZI6mR`?j*MJ+CqNB`R;WJ3v+Q* zjr6l33RHrs!N5^RIJk)b;y>(<_tPLsuMK3_wNN5((kSzv)fERBw;!k2&A!xAlXxyj zo|Bp&`9j*NeQ-ae{!tG%2A2Qwq_bTyPs}zwJa0i(E;sA@d?u~(l{Q8WrMC1$_jQ9@ zG~QRs^9GX6b0owsp;XZ~eAY*3G(EKhP-f?HTD03ZUar*(ik+gq$9*t}#tRkpgmEM$ zgcINI&_&pATH^zQ>O4AQ5;#(kL?2m%z^!^27n54vlCHmhlGq;=jzJ6qjw0U1WS(9U zzNz5ru-cv@;)x{|1X%I}x9E}y^M!|}Gz=*Vs2BFi{NWw>?=Th2^Ic60n&#$rRGsV{ z+z;KL*zCTRFYk#v(jTIHqia#C-_;cxmHqLj{mdR@F7rH;`aea!oL5H!KB5OEolCvQ ze6>3V^Y-MUnI~$}%$Mx?C<^hMbUZUEB`~F;0`t8i=HBUU)=8?rW%d`#?h%QOxR|2f zuGdcPi&N~J4$(d+U`%>?82bg^n{xVdOd5AQiNyY#a%(c>C`M+#0riBQz&w!Mop{3} z{ru1(&iQCJ9Oh|n;FOhkPGR|&$Y{&fjQrUPaB4S0TV?t|n)10{zHovrD(YGcu8!J- zdDb192kPvWk{-(VcYywjC%rS&q5V7#8LQs!=NQ$fE#JEmoOWyDrzxM0Hq9~g1l0qg zd3A$*mS>OnZo}Dv#zYtqOQQjx4^8 z{0ai=O`y}fmnL|#Jl9-X0$`jS0fFBmGSMI-Z=MI-Uoq9ebrzOkPn2>UJ$l)LhOcEy zG1Jh`&!aiVU)bK{2>(eso-?XUPugMOLr7?x&!o8$=fHTjeqrr9598swB>E+69X_4tlm3oVL_8~9K2 z+0^W31TgAZZHORy9gQX@HaZMnl>~k8EQHMTIBn=nK<=t(P}|?D#U%Ibn%IAU*30bQ zGO`y>Ilyo0s5j%DzozbHNb`Q*wD?2q(H^Se_=|@xAlt0ssu|5q(tYB?ean6R2*379 zN4!%U*@aKD^~wN3X_)W?<7OTuy1NPwRW}wyKhXG5AD3TijnwU?=8oN`#!en#%NMem zufdH!C}ye=OsoJVyB|d;p<6I1xVZXh9InnQ8rfAoE<-f4JcxUNILcJe7ku`6*Umx(y~JUUN-h`@zf6KM22`7H)Vv=l%PwORft;0mYGsg} zc3_baSvRO(4S}L7oAstfKY&;wuTkwWrt>eN)upNfy!y?-A^N>HB6_a#>y5nh5vZiU zuMs@~iK*i*5?n>Z6>eT`Gx5JUZJIr*SM7=2?-#obFZpuY`xW;TF3m_Y=hshF6n)V? zw+YKg{x-emmhMrfz3n7ck=_3bD|n>`df4yfGVY-9<##HSR>1Bo)-x3hqazggkJd7h zg%mO#%~b^a{)EvlqF0ko=-RR-^J0%z@;!dAHi-2#Qi;sAWeFdS8ST0f05+&W{L#PfXl$lY=0%xI}BwXM)|T&731kDvC9DM ztUFO;j2Z)}nxR;Zey&;6lGadD9na%uzx2b_k`afvC6T@`Zsx(He^ejaF3IljGpaTG za=1+D44HyIJ4cwyu45$h(K#n8QPGR`VdW@2&%vkn53a6NX@8#$VeMa_t`6h-*#=@6_Q_p(H|X4y5b88>Db~8YtUPefko(6z4+jnP38XET8Z4gr9Ck^wCOVs&k{+MiTl~SWgd-Sj z$BRu#KHcfp)LaL(P@&#*+?SKQymw9V`QtWm6kqIvigWB0x{mhi{yg=YFejsH9w`>Y ztKiHHCS~%cEKdN%WN@do!=c4^j_vv+@J+27IZ-fD9M05HYp`#krV^Sgj4uhV6@ z&)szurddLFC`z^cD#c8@fAVK?@)BYF#882(bNJ>F4Fr2$F~SwCcdb3R`y-?tp;VJ~ zwaoM!TxU!#z7cqejD~Op9mp3LRODsrN@U$$k47EM>8XHEI1%q<9`yu=I!V`zE+T9=7`_Z z#>xlJAs^tgdX7me6N~%Km9j&62qPak2EDfeY$_Z9UjcN;kM5|?!`zy`tSn8Kru4v9-b~> za_2ljujSK*=v4s+@%%2qu#=P-WcNH;k8=))=|=OVi4iI~_xFq9 z;N3;K9bTPUI!V{Mp#J{Z4<|@a0W72}GI3*HZsU!zo;ZTC0GMp65na{1vDJNa%$s9iPe2ods zfA?7G)-FQVYIw5%SoY}iW8mbA$MIu8%kaRy9@&^eb+m}&$iDfYqV*tn@Od9L@!FDT z-;xxPBM)-JU%g*?c~Ad19ZGIhKLH@Dm2Hp4zbGaHwEs|zt5 zTr!R;3?`A*2UI@C`iWZ8bUp9~Es}rUd@hq<_Um^_Tn%8SG8ctRlg6oJAZ4}5Z~V1V-AZon`!`Bd&Iu>jn;eJBT|l(Udipupz#R71^I+#FI14`$mBLyQP6i2{BTn_WT=-KbzgzfX zogU0Pv8?rlEp*PB=`t6VM$oV9(uK{bnmmh}OczwtK~*Y{lO2mZmJ zL;SjYxfrX=P(0@Q>M_s(Kqoy(tQZnT19w5uFf~KMRdW%WG0Rhw5_BRO$goxbXn-v>KF z7RGeoPkp#IXLtS^ZwtD-X&Zih;zG7AdZ(@WmFPWY(r<8v3~@pcPpv8EDX+}>Hl;z5 z4_UXg@($+e%NQCF(w8A*Gk5EgcBHS~$X7DU>`ZjE$99kLHHRV%y*RhJf&72hqXR;2 zF(Cb3<|N(NLl84N|HuJIzuW~{>a5-AH>tU=gEGM4PLAB1#KUpt&=pL4(7 zJv9WaDTyPsXs2?7px=`b2bj>$s7^2Z?dS$8FmNt3fkwNKCq zg&rdW!1}h<77MEHSd!J8dS1CIft(gyQF2pvyk9U)y&hWX;Plv@#nVgL*YniD|L|vf z?x&)Yh%!j`m6&*E=i@bRWNi8BlPo%*@%{H-A=Hi=uo`STBBY=IQy=S&svk8XcyQ~! zFmfgEhs5c8S@6d_`@6|-s=Up{JWJ!`f-i%D?}5%TjX(aqp@=HZz~3BKX)chN60VB6}B~a6R7GR@aKdk6xnZzRzQQIRrDS z8CU!Pg|Pk+hHsOq7%G(SG1M8%C}|ln#Tj4slkI(i*su=$DS@p$NGy1`OwkI_srI}t zNG*y(6S_eMy=Kb5H`^1<%)&Vd%nvIZX~DSSdW0%e1cmaBLfcLH8V$9w`Tmv8CW)&F zdcCh_L31-@7wc7SLf-OMy^SwX*2{PxO+CxvF7M3H6QCUY5n=)Tmk;<02WIG?sb8%mJcYt+qXu|7=Zu|j8;&JUk% z4C%M{i(z}NVYW-%81i#Qzsp2OiHn)e>((Xd95L%Wt|W)3A>ZJb#9ygLdMF z6HKDAT9t0+^LeIDFP7$$Yz(iT-!6|OY7m4;T>Ef!m#umeH#>LCU6T6!Y6C@jDmbJm zUY*9JM1COY4}hzIpzkYQ6|21a*v$J$rRI-Hu}?rOk2WiO?Sy*mnpk2o? zq}8G%F2z0=I<0sb@H*4v2GVa#y4lOnAyQPyMxfg6Jf8^n1+Soe-t-Ime8%7UQ9UkU z-=$&7->+QoI}tvNgQ6#i7Qd`M)Z1^=UIOtamDGI(CnXcy5p{g;(abk+o}|Kr%V}SV z4xFkJT6>z_yzbt+B|gfWaA~qTylkq3bDRo{(u8=+d$h=~XD)6PMVRyvhG_6uE?zLv zfabe$?$C@}vXIm_B%$sato;NW6EHSYG>VbXq!ks(>I+3t)mZT{HfSGCz{LM}o4+6Q zEwfMK69D(iXG3d3Yh#0#b@jvpVfZ>z=G`r@B;ty64HN8U<$*ln|0 z@V@nmL>hdxIpXjg;h2RG@VdWbgJ;BNj&L!9Jz8dt%DZh2y~3~cu7V&QJ*Jh5+x{iD z^R+DY$^qX4*8nt0>DWf=sQe74(HSF zJ6%_haM+?R;7A1HX}_<|YX5O`>TW-6jY7(*ig7~VAFEJ*SNLY)bIaGE`Rjr`We{A# zeUL?uFXe9>PYzf4cTKjZNw2rO+2{E8c%&mi(uZQ7Pk22ryWGc9gzL)-rkD!jVJ{z zug;smZ~KfejTBif&C9ocbY71G_moKG3)%?}DTk{c_jTR zieq6o`#)Z|z-H(M^pkTnKRBn01VSWgkiozRi? zjsB6+-VGs062Y$cT(!o$0 zC-YGg&J7K?Sp%?VO+*B;UvTsMxkeyc(EB2pTJ4(>?Z2W}HsS$xp9$pcE>l`hqVYT3 z@u)a6>WcMA4dfEiio)R+s_3W@B!4^o`h6;S+~vE{Gi_%fOUTHtRyjE2G@=fKFtnLo zyN7ut=Hv1el|N#u3B5qEFrf(`Lq3~)^Ryq-R1o))-V(<^X}uQ9&GOFE1(IYq16O|& z4Pv_t%@r0+2dytm=!Yi30Kx^|2#3rh&ElE;)q!pD?7lnPGowDwx zBjJQ0j{e)}p)8AE`;44I`w>s(zTdT9w;-A~hf(@NJF(^f1}j6ZRvkj9bwCBTnjeGtc2lE=#11nzIAtoxi^*7XPfv@YtO zA=OIyxk8Unhli0UH!H{$*6Y?`&jb)pyp7#mzLB3W#Yiqc8pIH;yLSM}w0+KeYC{zte?BIfP(XL#le%)X~}P>hCKKoZ{6u@3-*X<;rka$e;GI z*!}k09C*k_BKyE3RQb^L(djMOq0C~im`Qd#p$!LtdyH7IPp~+A!Hj3-hH08O9lc%q zMZ&ce^>J^rPAB6+QO&SSW;?xgN3HhUZUh2X&A+9QR#6tx(N%I9m?CDIz^a&PmJ#j{ zX|cSi;tj$e&GGekmg-g<-BJJZdxPDu_%YP)9%|6{o@jaa0z@vs$Haljn_Ig6fZ4-a zWMUxX1*t2SPX=-znurH@)U_E8E*f#|A;1D?vT$eWbZ=ZjJ)3rYpPb({cPWZ9mCe@o zYQA2~BER$%mde69zI6ZbI)T}Gz5Hek)af00ijAz8>Tr8tEQy2rxE1=LxN#M9Td4Q_ zG=AP@aWItpW8PsPj89G6ZaDJk)9AC{7l9sUJi2`$jJOYOhJ^>UU}}=^|v3pb_pzj4bDy;Cvb1rQ9D=Zauf=}gG&4nh$VTVS*g{sZj)Oh`+hf0 zCt>GDO(!80$O~*%;+nnJkaxDnmnIK;E-@30I`qj5K+=AL(A@bf2_9dr&i%cfBtbSB zsWO87Ls_BU*(r6NAq8cP=JeRtKl{BGUe)n;cSfz~dg5!KB%0e0BULo&Jqq&?#H z@x0%d@2ejnx%9a-v?G;vL!emt4qNDqYC=k`kA369VYAmE2La^U zLQfn00~U80oes3D#POM_qs1pgFYn?CQkyU#H;QREv6riOSom zbW(vTBaYkRrumzcBU|z=9!Mbv_=F~)aXXATUFYJWC8)^94@2DqgibbJLSxP1_7|U` z!~4OP$nSYT!#?DLO=cR4|MU1IBKxxMo0cD}Z#UhSWobN9DrwFpGs5hSj9{xmR!YV9 zfN4$2`L8AM0f8QH=$Yk`lL_x#A1H|P9`NwDNy^{YbKz&8vyG|f?ZUqcXS2&XKRjur z&7R8$9#;A*npgQ}j*8N)1-d>I04zot?`zw$Ed>J{%pH;ck{fN9zdV4S`75EQkR{E5 zB~Fl*E6(-h3|>g1#S7o0p!ROZ6&3LSt6Bx7d17@(dI(l^xsQYQ1?IVb90$yf{zJd^ zC?;WjWzQ$>%KdmwL$Yb_#1phaJoRgGoTrRdxC|%;EX{lMb@$h;LM-^1*NGcO%sRCz zrg)8qgK3mo7FrbbKGq92B4Xc1X|$-SbCGrpx%+XTZiF4&d@;$f10aO0qmaIEDoQ%S zi90QuLj=qZJyh$B&01C5K0o2ki2K5Xf1>aeiaWwZjkESE9X)d`3cyaO8HJ`Z>6za=a_yEbWgYXu%{9zjMm z6geSK4x_b<#xW)jFXzOzktRQ~x-&cnDGotOJg4yF_tV`Y*q4RM_XBy|peZ5?rC3!#YYPX$m&C(P`pBWYh}-)6u!_l`%;u+ z++bwapH}c$CR_2jd756qVH~IqJ`nupR$YhX4U*M=#RKEbLA9^OyeVLj`CD*)K`&YH z8KwaQ`CyE*en@(`>4&gCBoGR~2B7Ync=L-+8xN)5!!Q5^k3xncyitdtc^q&)TiOy) zHA-lm`4i;#W3=xu<(180Q@i~wSbI&YENeU{b6fkj_Cvbfgd;>nE|3<+39i6(&gs6* z(7cd9f?zglW}Ln(`Am46v>qYM{FEWA2C}wY7h}^tR;;%QI~p_2%G1 zyx^O#gy1ePfQaosCZBR|UyEE)fcjT*D@FEa1)JF2WH&j!v8nzf!b|o+P4r*ZJGp!t zpu)=YfSHzW4UJIcr@!JQT%2Cw^;Ze!$R8QL_Hayg)kIuoz(fQehH=6V%Ae#rsag%H zkVE&0Im){4*aY}Wf5lBu<)i|xQL@H2@N?t(-pG(ao2Ho7+atP&gSQ7Bn!HyePRbE| zfoUxlIzP_e-+{Os6P{a%zKVo>Q`xXs?h~4>=jQgj!v*1m-TrD%2C=`M1UsS;pa8)f zR)%g3+;mY6dAZx1eSiw>R5v%!$)fVNvB~$a_<|j3*q?_%FP|{4fmcZfpX=V;o>wZY zx2v~F++EkQO$3jINskXz@lOE3`*#x6;Sjjmgv?b#vnU zn6?bMf0|Zhf17T~n51&Dt1q=ukDJATELK8Y52_kNKDTvyM=qwebY3-)`_=>PVGi7U z&)~#y6~7!EEgID2&a15Lt3+}wJe4id$JM*&4h`)gVf<3g61tF*^i~tGp9oamnm?e; zT3a$Lu&u>FTPZLvX;GZiFsb7`g<4d&GjzmwcaG7#IHs#ak9F&0i|K}gH8<}1gf`5V zZT&l|Qcwr()jJt`2nIw6yn)C020+N%FUu`NJ^5TTw_i(Ct`4tQ>3Q0Esi)NfpudUk z@e=hW&5D~Oq0l641Z^=8a?GXUunV1`ItKlpA(7Q?NFJcC3kwPWhgqg-otRL8glgdT zNMeqGR^KFbAriG5-rev4pp3Yi#NY&2gKEBh@y}pU9SAumf=IO*eWw@{=yUSL?tDk_ zdGT)RNKFJ^yX0c1y?wT1C4xzm#8-)?7JcO7W~^{IjxYWBb8NGkjx$-LJjtFruqs^6<@E`^guC~q#pvReDLgqW zH#akj1*?E_hmWj@42t(wvrpSX-qRJjUi?fX%RQCG&mfqeUMFMG6%LJjbYJ>KzuQx+ za-UmsI~xZtys3smOno7w)isg&jtLSeR}9?c@2yCOgExx>wpLY{Uw5-CZ_47XGc_{i z*8(I<-xIXbQbfyA9`Ic{tiMq@Jd&87SF}bTbB*T_oyO$83^@>V-@h9Q8MpQvSKVy` zdTwjjL3<&bz>a<(qHd3w^t|SsU+}Pm7WdfFywZlMJpf8|i}QnP)Z{8N@pwM}rBe?W zilA)QmoF|{)+fBJ5m|ud6Mp+LsveaBE}wU#%N|9b!(mF2R1KhUexDCOVK01L5f}6K zA>C_hO|R{^Ez>V-_Z9Nt$R}+9z$cel=@c&t_q|1CLv`WA%Xzs<=n02>@_S6~Ac3x1T^`bXUPv)JBoE_et!{fK|kh{L1RB7Ch$;)BDx4 z2sC4s)AOP_CKA|?qwF=wwG`r?))ullOpNYtu6eSPh+Yx}0PyV{-1LH=LKsv&YV*|+ zX@YtZz?7szu3^lBl;GToS>h#XFM~e!BFW7*&ZjPm{nC^V&FMTtmXU{82?5Ufi>Sh5 zQ9j)Cs$&PRn<{gU`^^lX#tfLGT}%1xcSX7Ivj?di^Lu~1bYMSMa`xKa7(mE-g%8Qa zW}YsN5YKo0V}!mMubvbhs83PC?dq@MneR2H3UvxPtJnRnY5 z=@KV7_|HoUOU`32<8F%Z89k`3`FXs*`-K_akauqGHy``1dS^7frM}M-L<@%IJj;?# zlF-Ai72fHA3(c0RYrY*|UhqbNY-nU>An9X53BHGU`Sa9N$Mh5T72%r$;NYoG_&=|A zVCUgZyf0(y#FVZTYp(+HQ|#}_>Gz1MZxg?c^V9OP9wLq-{up5EY>V%pyr}aGwCnS8 z|1(yGuu=PaP0kzD>yTx&>&zT{fto?YJ&TmjAJ?FL-=+kmg@aF&(+nc@Z7Xg5aICYV zWQ4uauP^l|aFu%Ya;okizclw`sg?;j&)Hr-Xk|(R81j-F9we6EMUhiCJ zWxNaFgDut@2!f!1B*=DaZ!KS7_Ql#0Dx0VZzsQV;5?=n!1tFQ;-F#Y7=cRVC&Uf4~ zQGIku7(aq#Qg&SyvE4tU>hD#8dlxyRF5X8?2%O)onI>n6<}iM*t-W?>g`iCfN#BN1 z&2OCqL4|%nBvb5;wt-KfV;A@H_Is2seVbq6@6SPuOa)YXKLeD^wDM8D7yop0f9Jd_ zI5qQ??7O_~;9y;}wj2S~yQ7qR&Iseg((t%@-p~6W!v~}m+aj@^(Qq6m-{P^aZtx|c z@eJo)DosB5W`^AjNG!|~aiUqx^pS3l5a*BT*zo&KT0S?AkJzP`2 zwlC=8=8|BZKEkh>@5zAJ;I-nt*Wh|69JD99ecGj%PHO%<7jPcJZ+|$Rmom;M=zX00 z;vKQsrX+BM@Gl_uWB0{?Ju1FrBV_;F%ZUiQ(we}%(`c#$$23yTY+ zx4od<`AX!pPF{IhoUccyFj?)xs6Oouom2Y@h%#hGKcU(w4to;%iz0=((?5FlA7P+E zQXR6{?t4ACS?N-VuS%CdEcN3j){UUh0AzgOCeX*Tb=a4xo>t4X^- zml7Abk&&gk+#+m+U8{fUKh)(1*mZaMD}=w-@Mj3X+qVfA5dH=l>Vs{TA-P<59J`s);bdcaht!UnRj^s zj(RYTGadFMdPMEkYmnEbDdzlu5j&JMK&1r20KY z$qIa|yzCb#1xW-E*$J+>Rn58X$d z4}JX-G^K(JO#l8FNVxwDcsa0-enEKjA3}i&+0`}=ZIE;wYngBw7>0{A4n+P)5Yoyp zV-S{yCoj&2lYL%!-g;|edv5jRmz7yj?sL2eDyHzb)@KN#wR(B>!ZViDKAj*wef4DR zB=mw(9k%CJ{2tPrF798sI;zZ_+&Dnbc#2P8J!ixOS#dN#Cd1D$<(Y1dH4sQ07xiDm|$@D2z|+te~DoC$C+0Yek# z6fn26tjeW~CK>LwQez8D`9+ai_(j#_6i{!**xrO^2ZT#s?j7-})r7l3g=xQanf-=% zCG|vEax$Nsd)T7;@-gFbbAOXL8Ar2!KmpS{wvkXK5pz~0bjTG?W0LMlEZMIEMP@YT z%FiI{19iGc1M8qK7uoqhDCT(t;sYGhT2wh?GV-dh&(*N)AGd9EEGt!F zKWAI_Sz!za4^qk5dH818m>n>6`xtTZlCE$s#SSex2U30u!}|!uvfJ~iTcml9jK+f} zSHlcW7j@=bf5vaAvl*-%1%`I;Rew!94BtBy`e9s2`5YJkqq7lbjI!yc>G++(R!I?? zY|a}3+mEZhMme1r68oZw$O@>h90C0yaMX$m`i zpcK)&KrpF}`%*Yfa`C(zo>2T|;){8d>CgFbp<#H5&sDq?nCKjChsw(O>fv$n;leFY zfyqP|h{kOdQbzSIm(_`5Fe0sR;?AFQeNNy-`}m23|6KMZLhgSsrSz-NhDZ(hu9)z} zi}7&PehG(a&VB(%IE*`bmTaLVv?=i7w@`eABU8$-zML!}Gn|dEQ*9!8pAIS4f3T?X9z-I6q5(Q0K%C}pIFX3P6x&3D-maY8uak_< zSsM~Y2S2N)M-%U~F3%I)xb`3mFSxp#LS{}9$@dTUc(0f1&1H(T9;$DXdS0I>^n@d8 ze&3Ax#+>FldXhow>upE{E#`%WAb@7C4SZ>@2NEBkd? z7Rq|jxxajSBHPPjlmqG;GMy{4-zKQEBCEidqH^#O0}$bMd-yIfzk&O1axM$w#exd-p}HiYrn^q5+K)fx{1HPx@HGD z&lf7`Jy$C6&Y+WQ7h(K?(wrm^u=DfeXjMJG>pM zBlH}?LxE;agEoPk$`WN;Sy51jb$~9vs*tYwD8+qcl~I)|?BfBycKN-2ebS0CgLt0g z_|=9_Cv@m=N#8GZq5(yz$?7v5{z@oh8Z4>p`tOjfwhZ%>E1@(KnJYV8x zzCK$L`(%n{kNjmnnf5plo~g$;Y*g!hkM|Cy`V}r^&LrR9?!3;YT9$uuQvysA$ftc? zhekzl0XU9w#wFa>iq}CZ>F-u?W%{}s%wF%1SoiM1H-1XA;pT>xa~giiJfg+a#2Pap z1U@S5>T?uAtDZ{iOaAD`Aoexd)>J(`W{;5n>%Q&laLxuP7TTptYa|5#vJ#9(8~o9LB?2I$c& z1fUHG2c85fE^}JNNAHH2O7>nVo{rm#c$hR0ji`sIApCx=ldWkb1Fm!kc0pWa@0ZsS zX07rTGj7r!sEaEmA~2hau@DPwNDMch>c;%^`7%!fAvlQS!SZZjH$W0 zK0hcRK6^d_GW8c&5OX>@LB1vZg%1{i^C8v`d(cWX@N`R^ifOdq}{SlrO=d;)R|F$s|_`%2DAhxrt5=k zy@E4f{%!OG`mMVGO9DTKyYV^L6Dgk3%XKM3in1UV6Yo`pT_c2 zoxAr&U#~s+I->8p&>ve*sos6Xva?0A2TkEHe|y~l)sk8nV1iWrbU*yakNFmQOP`SH zlwj%OuY1|se1Wa<&D(BNJ$d$*_ci-y#A#~55##o_A-HLN?{#_Ni;?L%% zULZJyNV+~y)gIc70~ZV@JL;Or!001r8;WSod+gwIfj6qwxe4ZS+n0!Mos6ZPG{{(O zJ3ORtT!bZ_Q`gBOtH^$oD%#jTCPz4|S9YNL#1&|SA~=`PrwufOssJZk;KyNQ=*S%M zy1ridw|hyLvnf4~i+fh{Q-oSg+2eFgb33Re$|BrD2%T@Cyy7p|wrO?O6R5RXk(Mz6 z+O`C=0Q|8n-?@PD*m5Dv8>7&0&-?AU+R7MKs?77!oS-u*i^5=$cwF4&FTn`+BOD|0 z>9TJ#=cNSRuRQaxu^9j=z(XxeJWq<&f)=D}!}(hsK+gsG%h;9T+P@ZRa_q&&ymM<`nvh+-O~getj*8?q%W z!BCUb>w51}PIT+`xHhF=%mki=S>*8p@v5iPplPz!`h_uyxccmy`Lo}@Rm!194vPdp zLKG`FMKX+lMdx^nzt>S~!oyJ*6;waG%lk?kfQd!C0?a5PV{b#Ye%)MfVeKE~I6D2h z34h$Kzwyx5I>*M1l68D-+$~( zdCZxPuWxRb>rsCb^WF%;ygrO2!KD``&3&e)sYT74?9k+Q2$P&17s5y!2>s#!>-q?z zapA0ejeK73jDmz=lq8RKiW0lZ2P=Sr)?~rlP?GB5ADU(Grmjx7`ImE8!;8fk z3%nH#&pZ<>zlZ#f*M<++dh*%0!UN6pIj2-!R-b#*p4fS9+`&}N?{w^gJ(R;M>)z^ez%c~3mvmyG?arv+-kE~r(%5FG7^ zz8Vax5Mck$Y-T1{jMPtK?!Y-wMr~%eO=1?XFrIbMiDs(DhOw*Ol{s(qD?c*q=r&QZ zdp`aMDANe_9f+6xn{)XLi1a5JGjlCO8~NKxID4f>SmJ>DhGEEew3m$~qW-C97}q^A4R&&Y-#9j)to zlh=p2P^iW{c?hhN{B|)9J;nCzi-)GOIKxQrrk_FQBKX`!CXSDkzO^#aiYx*!gwMyw zzb$dNXM5Wx`*W$+)NH>sW*k2fSILJAYQ+BbvSG3FIekAn(g%jx*({Ii{Z%HV5RG5Z zZl&Hk{UrE!Gik~einuI8t8Z?3G1k~iZp+2p4v*pdFd>7$bU?}(Ctk>*)}my7`g|yU z3w-{{9trLOUauowvuFYssYp;-rd=)_B`{t845yF#xA4?@Z}RSS%G+Jl+x{ft%3zFJLN^9Fk;B=bC)8XV<46nVpKpRXDb|HymqsHo1jT{xCR zj8Or5M-;KdIK7B%dhdN~ncjOJ1jPy(JH`f@AjT4F>|(`&73^X|tXM$oh*-|O{pCIH zTIW0GkMFN1K5%*Eje10=qRCNc{pVUdg!;W{y7h0#V9QP?3DnV^a*&?FXFL*p?C;Gp1TB({wt zU;;xLm|&%l5yz?{h8RzccQe7Zfp~n7>9=7VrZ5E)wTOA3b&JJBL}FRc%Q3KMVVjI5 z&_kh35wUBPQaR8W!dTE;E^@!5W)X%6T_K*32HC$6RS8gXqe$rtp;-d0G+YuE2MBsd z!86GwkslyZIup<;(3B_u|8U_vB0M^Zba(?hB4m^X}8KaOct^TJpt4Z~-kHy6mG8PMV^NJH<;K!MKN`6OP``#P&MdWuqkOxNPB+F8HV`QgC>tUi zUqH(DgJ3w7L*ZfJVE8fH=wW+QC-MNX6LLP0${ayPPl`E_fx;g^ezJ*J6Waz&-SA3? z5{eM0G!+4_52`g1u7!zJ8>1vO1%pF^IkQCUQ3qX!bq56`Jw_7efUYzn48Ax;%LQ3j zn>px_ar|UD8(A*`BOb|w%McztrU-Edz)S&%*o+0)Cmn{Op+pf;J8192o7~XdMIwda zQ+DW1gBOA0E9k=b!{R8JXJ=ty;fcd;Cm+hc@TMoCB}*}?kU6AvF_~sSX_yf+?S?;E zhs{brYzm7Irim>k50MtcimehqIb@aD`5Y$?mLrn!7cnt19oi8Rc*qv9;~N2*JII&# zp_kj|F`Lx0=#1?Erq8-DbBR+tu+hGhs-JJYW=BK`GL zg2#>X>y$(cz=3ISU#Y~f!fqu|I2s~Z?+9akBsxy5QNv_rdX09nQb91XQ8eVC*$qK7 ziUThIWU^Y8#La2}#E2okU! z97Ft#>JgSB$wFr{N%RPd!P6PNK~w;R#p=Z&1qYJhP*DjgqZ)wlnZrN?LKOl{tb)N2 znSe;2qN~H204**jise=r%I}f|`CicF zwtx>o<$Aq3wZ#n$K0#pHM_Jra1CuLZa-vcYb+LhRD=_|{r4Cro7`@CRbm>qcmJei) zBT_6s#8LXx@C^(Hi6IO6ptz$ZQDTT=<=~(L#;}Se!ApRIK>-LRzD7th#r#n}hN}Yc zADCTCE0M|tGF7)W?6do^K6u5WR>TB2lr>-ou$6cM!AuwEfz?At4@cr=7MMtwPfUPU z_;@&%MjHvU*uE$*lLGL@EYw;>cBR7Zx9F){yb2UXJbbkxq+$f9K9DxDk~KEIgT+9B zaY8dJ5+8^G8Mw%bcc9JgI7AiH7)s}N#8vD7Htsg?@OlmK9_x+LfCL>DLcS4)*J>RE z3=qens2IDN9HwMj2988W|!Z@6^k)&6=Yz&c93K-8de5mSBP81 z)as~sxsB=KQn}oCm}g{i0B~YwsNg-Ipkwj0b|-YUs-X8M>f-uXL^ogLMU0@tEwdqJ zMG@tIAd`d!;@N->vUghFwjvfN`bz z1n~%%a-p9G?5Psq33i3!at05o{C>0q-q%2F4M0h9znshyI*Ax4Z@^c_*eb6CBLxO} z8&5~T25D{@9p?>5*&3j(gZB+u9Y{YheQ24>Wu?Ue1Qb`NglxAUrVp@VYAKtDmIZ(< zh@sYbflO0^%zLSnPP5AZQf{E?1qLjN0pKkeC+gNJf&x>-z}B!tQ6xO1x)>a)%Ye1g zolrmnLVATe=%+AsQ3sh}r?~Yx9|Z-x79LQdwW6`Ch#nZEsS*%wB0&b3+KwmT7i^*rHA& z_fm*Hk(us|d6`f!^Gmr@kyMBrpzyd}6!UhN})Lf+!jzE-?onNMaM6pf~I? zQ8WS)!x+W$6h?fU$!D-pPO4CakI2~~wp1jdqrEXXnF`cVc;Hp%(qwM4ixRYI>{v6@ zj07y7h;2io<+vzVWv0_5pFOP9DU1?t1Qmr8O;mx!V7ML(ijK##=wWEqMnO0iibI*F6c1)hhfNP}!uI=3@Qu|PKs z)oqE3wJxA9gjeBsr-shus+|UE*l%D1v$dCj3(KI5h($!6qA{pPtQdz6R1ac_(Q8Du zMG4s!l9*i@8J*#Z`y_Ipf?^PD8aF@UrEmantdj{G6gUn*5DF381gh7j;5(xjf>s8t zh3Y6(=ZWBH7$sCttPnK0VXLNsa!(L=e&rUX!iN^neL)P6J^KR`p1hGnvIYKm|6;NITyqbg?R5?(=u$bnDt~;_6^oTU3Z(h2RM>VRoN_32c z5A)%}V!X_c{0m>l2UJ|e42n5|kh?9yZ;4IXTz@hR-0st5%T3I{=Fu;4% zFzJ}o7>;hk5EW_^ObKdGi?$<<0ZjyncrBX&3~dDH>Bn2tHg{AF8VDfd1@o8+0xn#+ zC}P0Lqijx$kBaE{6mZ?Byof+SWQIsY3zgJ8)UW`{(-|UBSa(!t*QXFEbOST$L$;Ba6*N9rY6h$=sx{`s#&qAR`EE04 zjR75ML>4CE$l!PSfpJM~MaN<$4{)l>)7vmxp*UgUE`6y7jjVbxMK*()n ziA)RP>T zVLgEaBF!;@furRFbaFLG=^{}bdQp_952H;Owoqxnaiq{ss}?b$5s)MIxa4SK6rwz! znGaLxHpD;%y>y0K7pMk7jv`a{ey4_4g*v6zetspf*gNhhN zAEH^97#y;LTf|s2PD~@Sbb=scg?&KPFQqvkQ;c;=*^rj-LfQ#sP$I=NDn!jBu>wj* zP`hC9z{Mf+BrYN#{7GVOScu|M91Mz2ZPW${Dz4Bam3nzLx<%?W@y#T-!Z9F6 zA&CNRk{BY zgR6uyQA92|MFCP*UWv zNO6l)|4AiA`8>1I3={-5@QPJhhuGu<;$4#29yhB%vw$tY&_KZkANHyd=ZzG`fmF0N z44t7sGG#W2k*`ttF`(c|cQMooH^mdhx~M*AY9wL^Y7nWxk%0RNzEo}!20=antPay= z=c+*0UaD0Hv~i)|E>gr*Rt+c)Tg-m7-NXWbJdYcs$|y0Nlt$&tIP#Fu=!0+K>CiR> zpt%5_X%u1NL5{=7v)G}FpN2S9Wd`Lip!;hqC%znBj91r@mHiuIi0@(l_pe8sdq8X&NtuhYi z5YSlEfKq@MT&s;H!ST@!K*W%u9G{)z@PgbgNf$8U{2CTsD;G1!c2gLr%n;d1yMu10 zVnMRWAL6-;DBz01c>(L=7lR}foGj>pdH|XbQxlmA8OWT5oDn`A*~D3PI?-*QgveT_ z9?QXtHA;pLr7?yhG9t=JLTd$Ron6FW1eqXk?gQ}&g9hjH;-rvF$4Q`0A@QthQMskkM8J zl_mjC!t^ z0okS10XA5!mxfegpBin)2Y5j7jA4hZY7(9kvkJ6ohb#&*&{jVHIiRj4py`zc1EgkL zAth59gNX^UK4fSN3p zT?Rr9nQkFa-E`oRjwt!+xC*$+X&e?<|EQ6{hW$`Y2VG9Yzaw&^K0k~`iqT_CJkV{7 zqx}vg^yy3W0b|Te!huo%Fv3QIJPOSvj?>)?9fQv%%G7AH6fX#(Og5kn;o0H_chnP& z3yctQgrpFnhbShahHfV#lNc0axlV_KjDhAS=t%VOLO!j-$(8wW7%kC*QRrO6kV9?3 z37iH(+@Mo|{%{PwIIa@FY*%UkU;*#9J^6n2YHPHYQ39Pk1Wowj^ zSJjvFE|(O4^% z=TSL?3J5Lq20fc^lZTm7v^8KxlhG&#$bExcIfY8p057hCq>e*FT|}qgiZ~RKQA~qI zEF2SYV&KHl2$oAA@@OHu+sFZ-X{$zw383*NyVME?fYGOFBv=bpj&jE2SQ^#kc6$xb zw~r=>1v)E=PqBn!2D#4&@KcFJt@JCc!C=6_4eC`gI!H|bx?gDmQ9=)o7*R(eDiVcZ zV5od{o=7I*Ye;w@TB_6-HHt{w&tr($DzMaOuP^4}1oc5a83Z$teb6tXQp5lnG;!>D ziyUgAIFJBDF5kwGn8*7R`9MI>2)9vp=c zAp5t~Dj^^lT((N8;ge!k5)OkigLV?y0}c7;7#+gD!vzWjjhb_Q&^8Y4Q z@BnR7;C~-0$hCN)jlv;FhBDAY1M#7HIRbA-Vg)>s`Gi;jGM{L%%Z%m79UOxiEnxEu zWKcj9azidm9AHQkKi6u*Gt_vB-i;s16TJ;ny~0|u)jhy(CGB&fa4sM*YmqLemAgaZOg zQLMwQLShko*Es!3VC7L8EG9z$Z>G@<3T=c()8RB?yw?)ZkhBgv%MnA;9_Fap64Tr9 z>TmtFfiP(6P#~l1v(a4+6^?5+vh*IC-DEWIwR!;}pu;q%072$d0-?7{MhJrpJWC7R z4@?SFAx%c1fU1ePBQC9hf|Ny~TDeF>(RyS+M#2GoaIIKp#G=Uxb4aFC5Jf&Ugcr6b z5GYwiRJjc56-*@N6oUzeZfFu{pPQo)lnE3niO$5gGSxgK2x1`x7bXpA(ik*XCIJ~3 zISH)>rZp9n9OC=c7Be=krBV$@r~M4V9!Fko*`YSrklbWJn@TU$^JfHb`xW#_0} z;E_?K7`UfmkbTwYRnYLnaDSV25sq8S(fXB98i=d&{bWN7j|G$?kS3#4QoC3kGZ8^X z&8;wV1rj{lqe!amZGX<>@5>aBqpsZf- z$v6@rKTKhJLJ9{mEI0)bdhd~kNGD2AC?+Kc!s~1e*W$9r{BEXC4{|VVBcJ<(dOHuUvx?s^fZrnXZb892}|0uJKEG zR)bF(lZm}7oKI@UXo4~Z^g&t3fdAoR-Bdo`FX!oDlIn>8x{87UAyT?N7;^<^DgniY z#G8r;N2j64l{P9K>Y(y(&_qec87_i z6d~>cf#K$Z@K@C2Vnk^U08xwC7!ni7MMJweBmguPxmm-)d;>~w2r(BODwZk|sH$QZ zz_G)$@IB}-F9g_Vk0VTF>kzd?_^5}W4nkufbPKD|USRHXS*7sM10HJ(IOL?dFj^xM zp?xu{D}*=;v=Gr3b=lZ-@Mg?FYNGN&x0Qfk^HTLn6o4ueSYONzayuNS&4x^C8wPPS z5#9hQpKahpU1(51S963Iyn|qs^GE?N-^r80yH27s0Pa3?g)k^;r!0W%`hEaYqYW6A z5*@aqurUQSER+DhBU%PpKA^G9q{$3GZf6FYsslDJqgx*gXr&CGymExd9-Bq%7GYT^ ztvn3M3BfQ=$B8R(Y7oW)-A1^(WV%McjKs;_2$FllI)K(A430E`LL?%^JQNVD64*gB zTS4JKo0e4pbY(uFmW`D=BMKbPh8RMH7~D`9ktp>=;dFRSz{|$t0C^Rb()?a|*bQME zFo!AxL600wW}EP+xQhs-9=t+@ReL-fLDT@YN>7ua@CLYQ7fTK2R8i$>I*|g|9fbnS zgu@WJnb)d`Tl~&| zMyQc0G)lQL7=rVOJT$b+0h;tq0*B95VQ>N>@Km4~I;YEH#6tU$R>mgBZR$A5L)Mv8 zOr=Sul8Urk0RzCFOraT25izWWFJ?JFGo9=YYjKD;wpy-m2T&}a@-dqc(@wI3SO@`H zKr~U3kgZTNl-#&gDo`1P49J|plXuuHK>>pp7f1aLeB4cjD-(-20xHoN@iWZ;>ml&C zhM*nmQfa(myfYTneM8F##1yiaC)V)2RH(S~R2q)P3e+-Tyu-+L@sxDDTV&@M2uwGe z&kQ{yZb(35<8mvCV`U1!0_*KEwTz|@>s4d{Mh!(_Q`oC_fDAocGYheP|J#~1yzYvc zZB8ggGl(m{Px|h=lZ4qWbchg4p;E$6J)gOHRDYEXM=y}1e@+!yX&zYn9^eNnN zJwB`c&6ccHcbi7kmwZA0HGbv0zfzm0ru_ReBcW%8bNaH}DG9k_lnI|&NG=t#wr;}x z#iWmE`JbQrlwV6XX9_uefX#z<-1vOjmxuZ+2rf8VAKNRcFC#ESIhsp9_4@{$FK zNr}zA{p8F|VCP$_#-^y*>EN{`WuG~8vbEYRQ7|6-(i~s50w-S&; zm*Esk6LOFI1)q1$UNEZ5zvmm#KSi==7W4W7M#?O>3V*^x!5p}5+4=OVm}g59 z`XeX6)NPdH{rgr*^W?Ogmru<}i8=b@1p@~SK#l+9-@!MI8B^51&!$c2*<*qUA3CRH z%$t-k{Gd_<1NRH7XI(r0PgSd|_NHF@y7LD%8(p!L&Y{lTs>>TgZ{3lXKjO{?8hzHE zZulPK;xV%*qLqEt4X7Q}m-}{PM}p$&QcufIqYfvhH4?D62}!4h!iaCbRy|Km@zzekZWaOR{_y^y1}tInn-j{VP31ONYh)G*1}`a_=<-MPH>4YNU6 zW$JS4@V(J>n;e6!6Tbzub!B< z=+cfHd*^0JmCIlroim@vI5zXPK&4BGO@fswfJr6h-5a+=)2|5Y4h#+y5SSuO}%bj zI6126x4At&PW`;in^QNwA;ppT)TAsq`sa;qzpmPIzoBu-z|(K?itf!B^Ly)o(nY3f z%E~wN*6o@J533G+eck5y?VWi|uXZQ(+kCC>EYfz&+p3bf9jE(L&Y#m|?B@78*WsCM zH=D|YyBj-?-Rl?~ZyMSo`|Ed2FXmLZ*4eLaD!<24FJ63e-<6+!{Cj1^o!G4NlfGt+ zJ@_nA!{1qd`-Hu>_s9>lKV2Wk6q}z$-rTWVA4NFzB{pu()aM^3`WJ52ZZFL(I#=-F zkYIAd_*-k^AxEaBW~zMH=<6*_>zk%^c=`NFOONeX_x{|{0sDPfvb))5KZZx#%9^4c zGew-(;p+RUvfeLzn?Jw0<#`cly7spxYgG^Zx~o-XpU>&1H*~w(H*#>)wf(){3~LIP z_iP~F9oyy3rHanyS6V7=ho3X&X5JmYcJ!G~?xXc@hDa9OeM4Wmk~+m)%-;bjJ?!*yZPmd$J3M-<;){7rMT!=Ha>%bM71#?SCkJ z?j0{`sy%l4+KxM%@5{e0JsudiYE|QgIsS1si+xA4HjF>~`KqM6@1N&ZXO!*7eO=lV zsW>XS@qqX?T>9{(GQCpKex%g9a%t(pc1Jf4o9mrgR)KGp^z3~iGMlJY`?SIT-iG<_ zUYNGF%`R=1acFI5U()?9CT z5m`7tvn05?^{~Sa3ntUQvvobzs;a)IN7lri?j?g&;SHS~*EeksFAeR!A^WTHk5LB; zFLWb)898L)hD9BQJI(3Msr{#y4p0^i9oO*oH_iJ?En3vg$b9j!-m<#f*B}{j^yo9k z{PZ7gP2GCPzwc@8+Bl22t4cKb`STUamjAr)&b#MVrjLx~E!vjn9(VV+q+eY*@0YR|A$(h7xs{Z@Gd!o))A#w4GBS4`Y(C}cx_j7vC4u80L=Jz3cat03C z(b(C&ecGizGyzr3KQr3YKG*CR*FO#4eB8%1=PNq@XEPy>#@Uljb%JeT+`?hHk_|-< zrykm~S9|SC@TMkUknnAyebX+9f-TOSxoA~tC8EONhy71t&x2^V0Xu zR)1Qr_?nnmclzjynqZN!ZpE%^pFbGx)U@iIef)=BV~!-c6obb9Yom8fvx8Sqx!{|P zrvEiEjm{L_0G`nm9m+HA3ZKSjjK8ygZHLrNqppqqIC1y=n$^x{d-t@VpZ<9G>+bnw zhYedtzcc3i@yeUnt(#vpxvAobM3~=m+2iQl=RdTCDKctjZ`aqtg{i_a!LS2QMm4l# z?P=DcZvEu1MAvWYf86(|>cGJvG?_SPJ6zx10tsnn9aMEUDoX+yh-EpR*)^6!7zLix~ z|422LeeS-e=7wtZB>gSD95-B2dgk#% zv|-cN6J7Q{%a|~ETHUyV``=~Mk88j-(FVH@AG~wr9zT850e0)DQ+Bp48r%v$>eAZr zFWYr2>b)-f{Kbp3wrwP@AMRZKOWSFRi;aPr{rQ`iL&xqDY&EQk-5h^*fO_ku505OW z_NEK0%bQ-8XLQL;7C!Df{-?fIo31P#U$`pziq4Vz?@eYxJLyjLbEjWAcI?N`kr$Rr zztneqw_@!2l!J3-OutrGzGvu}-*=_EpBXZ*Y;m#nWZXD8s)0|Dhffs@yWLPWV^*KX zshir)Ctnjjy>@44)O+d&R|<8&!BID}CKiOwhh9{-S#l}uo1qvqK4X0t{JXZ`1s-=Y zopw>{V=?0;p<2wkB(kv*>P3 zbv*oP;n%EYsSUN`vf9@y5LdoDvv75=a*}Q4~yNwilE>e|MycbKEnRn`v9{461UXXtmV~RoG|kCy>1gI zQ{HyPRSva&`lq&4$?o%cLgUM(W}br&E{!?ZVfTu{_==`g)i++edw4l~>hOvixwHE0 zT<3oJeB<+Y{dap3Umv-u8m_zFN%-hN$jBt(owkXKmoZ(XjtI zkZUepG~sAY3`-NTkA&89Pz=^fHkw=GAUN+^(aD+l32c4axp;V`RglJ$J5!Z@Y+wY5P^|&*K`OZ+($bnsI7s zE_a4&&yLMQd)M`{c^HcXw?Z_4FPqpv^gSF(QY4OsQz!<`1TUb+6+S=N6(F{z+e z_ZB*l2=YmiH+T3-%7r<_~*xg?_Rlxh@x(%R+8`%YGYch+PjC->&=SlgvJWZIkZLV=OL z@bbKG9(pmIgDQ$=PkY5XbLZPd7puoTNX&^sK%6(LF!eGIE*i}cX52?Edh!2v7mabQ zGvC=CB6zAs3{h<I^6;JTEmO%;{hpfZ8wQ0>tlUc} z>fiO^w$*n_4>mT|tad%Uv{t!Uiyt!a(4@SKvnAFqAD<7qHR;WH-Z&P){pm|ny{oKO zWamGov*tDXF5LV!%csvA*9ija4=E{<`z;pz(m1)fj*QP;nEm;qroQT6o55Q(JN_E^ z<{b9gddZqisr8rF&ChD8+w=b6V$sdqq<*zWTD0Fevf=jS-kG)NlIp2#eyi~8y*G2} zsL!v;`s{vpZS2??KX!7SnBA#c)0wV&D)ntvW<<8sZ7=Kn{&t|^#)fsPo^82nUg@em zJM8ezgYR#it;%k4l{}c2QM-9hm49`w><{|5k3Utr-3F=e_d@Yoy;oKX~LY z@KrGIWg|0p7ly8B2(Ftur_TT7@F#!CoAQi1Sn=&r?8WT{*0HCi;X4!jJ zw!Y?Qt3J4s0`jZl9qM-9a_`XYvb($!eIHkycYHxwszM0$%49vxz13TwzD_GIP zbKv48i4a4hEUeR|} z&->5D{E@=-{;sy2ymvJ3{@p9}cUb)g4L*U`%*koosYz|0Hwx-b%pd*b$*Ls!X}G7) z9%IWt`O11(#+QV5t#t3-P+8b+Fn7YFSB!?AGH29$Tr3*3J*P#hn`@U&Sh0O{{o${N zb~$fc8cO)BJO0eO)t0YICuVPl2XXsLW5wkCmOZ`)CkgJ`q>R_6`nj%c(u6<1yMC+v z=ug!r3*!^Fw_3Hf$2VVEgUMZy)GWyhi}PH8;r0%TsOjDHiFNrhp|4%)?!Lr`F3}lwff7LcTX-J+w9%(Z9+^6Yo}LHQcFD(k$f# zPe0QCte}q`AX-&RZ;{%3-Hb!BC+UXTs)HqC)0p|=CcQdA(3Q4Sl|A2j*uAbWykg|n zPj9xIKiE)pt14F0E92vnHFrMK_3Du6m+ix!-$W{cct6^tjZi`G<|&g zRCopNth}%)>%Hds#Gb`NwjQ`dmX-C++*Hyzrvvj9ggh6O_Fnrsr=jM)X`ptk@aR@n z!J-x(d2^tc$(WG!PSH^N@}~|I%C_paZ^p;Z0L%LuDltM zNnN#mz?(*x`#Z1|BQEDPmmbWWS9|#DmtV4e(ouB_r&)fp%s-WWci0HW)&s9+^SZ5V zcWB~-%sPC-xHor>zPY?fgC!0~O{Z&~e1+9oo4RpQt8LcmwOW6ly1wV6^#RSE98+v-_#OE9X zz9jbM@r(A!)JOlE{UtC&*HD$Y^+Dd4qngLzz^={@_<`w81Vm2Wz<=;MqjQ^>+L&8K!8SP)ebIs0B`_9}0t ze+_qh&yI>wx5!^eDGAbo$(J@++b2=RUYUDr{=lO;%Fo`RGgfo@{yBQpz{VFP^#!Ou zggsLWx=mNi?T&Ze&1wiWZ^LR;lY3QFaU=HTJh9D-V>fPi4u8HqiP3X@uZ(NEaxTw! zS$!z${f)9M`=1T&a$46e^5XW5o4Xt}(+Phcu0Pl?Vc?rfuq?TTK}#NL^Itm48Z-O; zRF3=v(fR%^iA< zm^^9g%LA{-cYEX}cODeo{o&BMku7tV9y-y`xuV4W<;Zp*gS{SG79*vf~B)sX+CbCO!BPc&6b{vxa1bT3#v=Eb3=7v+t= zo>)10@21LoAGS{|>r;jS2e+jD(DO_4)EgS8jik$pjq>f|!#C0vVu$^-?uV*k=c`$h zVX1J>wqDnx)x&A+M|oH8NX~0PT}52jHfm_|V<;un%gjyLwqn2eeD^&?bq&Mmr!R{} zAC!FT{P)sadBG30^QTQ6^Qhrm`@=>3@mXzV<#y~sZ%tiBrr)BIaxX~shn_!v{mQrO zz}umt92bjbbm&4F+pz%kaVqH;`StYPegD=Q7E?tO`0sH zbH*L+QX0)}bL-(U!#rQbfb!^HQxlKg`zx!nH+NuSQvbO-*4Ixg>N;Y`h)8aq$D`(q z86m1l{VqvWboHEX)vP~hv-W@AqVq8JJ$+8XpTe)7W-lszI(9}we#&3grB6;x{l3lZ zH|*&*;-|GHXIB+{16zFc_K>IH1tcdIv+PM)sz4LDvt zyRhb`2!`|RY6^hYg9 zI_zVobGPih|KlE38eY1HlYb=VV0smYk$^84Iz6$x$Nlpi(q5M49qs%2$JHHL_dS2% z?2H=h;~_%nz0$7jNYzu0$Vy?V@BNe7iB8Ecc1P#k`qyeLT0yd1>c8}LzE=H5U;F8) z&6>&*Q|K#iOs3{fwdAiaUR^)Y)2CHMkBW?`qjp7S38O{RgJ}AQyKQ#P+FR2I7nSS( zXF-1VL4&yYDfu79j_EkP^bMQdIj6Mwu~~hx)!VwvI6Mrj(8=GrJ-Bp>^xd(h-e>>U zDLh8f^7W{!Iim-BYDW82JPOS7)FoT5T%PD1#Xj+>!1(2Zul+h)((ank(|`K=$)*d7 zg$s@+&y>-M^Q_JEzJMCKTlAmg3K9I>6t&3*9{iT3<1{V7G{XaE+8tdL?s^0Jv+|=9R zmJCk8zjHNzq+(Kir+Je~^Y(?o!6>O&F{4M(8B&#V1S@}m@<~k-QIWr3@QI=+5r3bG z7OsBhMoLQG&{p)Lo*H{<%#n4olZS0QmAxtc?pb5!G&-=Eg>lUlBptO~o#z?H5pAh?0+-gA;b#U|M(}P_{m$xd% zG_>o6IZn=fC|Hac(~I*n_>}EOzFjbuVhSzX*-qN^gF!U7v%Wp+``?{EmMu>?Kd%#~ zsDH7ou~U!it&q2#*EUmLX)J#{Ub-eR?byt=fp(qVOwAui_$#w$y5d*q+QhXa_LZZR zQby}RvWJ`d{p6hhYyEihOiS*OZTHXp__MzGfZ|p6evUQtot-%Fb5lcP>b%d`+_cws zI00U#w5kamr9UO5-k$d6iECrq;l$7XF8_|HX}&KL62NEL)nU4-+kT+?;mJn>@ z`z*8ADHlbLd%sy)&rB`4JxliD+igwR+gMdyl9SN7Vn{vtenw@7v|@5Rsgtx{qx%)T zb;W?YSAYKDLYMbRsi+@W+{zE-*`2fJ?`=pmjyqc!9o0DRemApZdVQMb?(dO47gzA_ z8tBtx436Z%k4@y)NC-MzFyS3I=j{BBlqrhLo+E~J%57Wv>F9&`)qfSVzvQTlp6mU? zu&tFDcsuyyBG?+wZa69d*0v#QC+Oz?5W7kGLT@G<{W(~3yEq@7P?jL%<2)_Ih`#nSThw9dnWcwzI5Wl$kZ7fwk>P%w%5g@gEyyh zE89<-HeE*lG9szHa^Aru+KSV!Na9xWI#7SRe`i+Uc&1#vWM=D?Pxp0cmD@Ob0Vm7z z=s1Lt(xyrZzvt)h$b;JJYdaqOG_SQLU^RuiGO<)*uKlm|yT(a5SRh1PB zzlDv?*BeDpUM)Ia*0b7mv-tSSR_pi9_}tq2#YxK(Nv+AyRwQVIozPA-; zE+$W|_8sCZK6~v}Vcv+8G0WO#x4Hkjwf%#E&q&tPK~GP%ZuK}(zXsM)5B$n_pYk@% zbH{-TKK{OZnDkg8WkS0HchQ|1PrRBxx$>D!c5MAdbqL&nj_Y}Br<_A)Hsno7O1<#? zVaNfDUox;YQ(oagWpno3`j%hmILFa5HL*RIf>+yQ#`vIh12BJ`vaygTEh2>|O)~QE z(GO{l+~52N>CanyxnoAaj6Qx$xbW%Pf)%HhrLOCR__%jCd5eCfzx(vVgQfW;-{LCH z_Pr$7v#$QYQ_Ef{{g79%9yh%sGo2zen{5Dbg;ytod`k%PpeOAKpX>ida zYCA5U02lq+ApgxI%Be10@h|B?ymHApUp34m;okUW)!u7a2c)eD}q1ZAo7LKbBmhuh>;N?RCi|ZSCyP zG?*hscq)*Od6t{-@OwzQ96$x4)8NL=-PNK*ia~#1T+#d66RYL#Y;F*{Hq`i4;;lM$z(pT#zBIzXrL6HELnDREb6$a;n z!#gfjubMbavZ$s*_2gqq2VNYJnDY=4SDZt0@zkW;B6Bye^d{_^qc3pmf*XYuNsR<)2y*m+}zrKCbQ;uXCF(g~X&wk1sdGHE5o zG<%ol?x9noJ{?vESmhfR4Lsc~j{mv2rXM^2{1rR9CH=^`{@mHiez-m%bMxl0d&*xNcvIeX z%L&r-Oa0qAaj(OzWna0+x0&PfYc-b+vGeou3tn`{`G6$W z=5M|tOJXFkz0O0D3GPFU=3Alb%-;OppRaEI!@WSvf1T8RWzsJ{P{hKiqz{PgnJ?z@oF^WI_g z$$FS=7GB#j{#Ks)anhTV){LV5t(8~0(*Ll6p;*xuyvZB=6M2%UJLVs2XsSPa3nsqn z&ExX{Vd~UolF|vyda|T}-FL!cYbMR>hCRs`0-S99NS?E7AsQl>LGnUm^X3>aO(*yc0KdXQ3G+6F!zWzT!*u77}WvHXV z;ZOS`DWW^U%K}2y$6&wje}=F!Y4L{1xf|B!7w0Z29kIMi!X3D%yRFC9zK29rC49MK zgH3ZTZTgVr9ZLFf6MrGz_8$A;I(l8=8OXQobKZ zgC+Jto;w|dgwAt&j_|C>Soj-~`gBRt$D1K^DJRo$9e*j#!P~E#`k`(2oflU%yR^sK ze^7dXck0}pf~Wq==2=fppII_weD}n1k4{2u znJ)X9yPLkYzasxg7YRGw=lee?&#qQw)*sBNtlqh6)yT}7kO+D(ec+7sT%Ba*bK>Dhw9;aA_4bx5m~rEp8@+Yf(|vNZYqr#BUz{@mQx#%Fz8 z3}hIe-d+~{(ww^SPBCY3!Kv!IU;uCbP*gm2kDCyCZQRrTdtdDJ>GYD|fl>$@53QLu zd}GQ-<{jSeKX3o|?m6p3e$L0flH`Qd?#?;tMDa)E&*zGTv&ZNYj!W~maSGZ#rK3;1 zv#ebq?=kO*U}Q2$k)L?<*FY1J%9x(eBqm*3+P0#&cAKx8j>he}u(fhuQm?9~V^!mP zGhpGIV^}IP{Ya#6dCv-*?S9L4Sx3?D-ft+#e6eqfTY6}{83@&7OsF3C493XWbEJaiW~cm zT8^z6nIKLzZMfbSlUJ~?IeYr_rn5_i)I1g@&!%&dH?2qKPDxE$(E?V|#lEnTnjeBB z;yH4>BmIZ;UP#j2#(>f^yVd;}JBR()_=S{9A4fXVW&4!Hc`Z1{r$0$}Iu7Ma60<6pYTb%s;gDMqhBX1kJa1PP@@^?d~tUl&3}X@caMi7x@s7 zrsesD`qaeHh)cXfBh36+vPkx6p>14If6QNE7X6Pa;N0YQ*D8L7GtHbr&-;t99bW0! zMx`J2`#{bnphZj?2u^R&X|NXXRZw6kE}XKvKR5Z;(D0waYB2NxOVc6|$W`3L41YL_(bKi_Etxnt&m>-4blJNtx|uMtmc zRksmOyx@H&^G|+GPCLDA4YO}^24W~afuT4x0K6jSCE=K{a7ieA0&T&-*3F7GCg$WK z6~etaS4JkWyTT#UyY1XLtDi)AbNU0xVZ>uEo-lh%B8-Fbdh>c2dEbv-?03Eca~i04ay5gHeVo8MeCkTWHT z)^#eKlaQ#Gkw7ni@g8qm{335mDLkS6=l)nbvL|?b1A5N?m-|xKN_wBXUUgw{)&slq|_Yc=Q!_4#C&mGtAir>he zK9LNFrtK%BQI`idyfALeLmwgl#wj}GlJ$G0=oDsVL2|QHfnEaJOI!p}VA`bE5I*;% z=@AE`;Cp*B_YJ7DG(}ksv{HHBB%FzW)2k|iN2UVCBNIHS3JsaljvA@FtynG!AOga$ z#mX>l=uYQ|4Gu6!E10#2CO8xAGM$@!2l}^<52nWxWY+C(y?fN}YoS?5NQ-)^At~>v zmDeXs4o0K-v+V%_%lueu^lou5$Jy}NmGb?yai-Bn z0I4pyv}yt@ajn$Y%DHLpk&s#a$bjt56&sFQXL&Bil@U_QzK4`S?xpWd!nvf}t_>Is zFzPy3#UjX1Y}8n63d7_gLK+b$08nD-CMdt`S1cyIp=wE|k~!rc*pm9eUlK%i5pR)0CDZ)K;-3oXFXuI@s5Ccrjp zBZj(F0IFQ%VTU=tGH;R)6h1a*3T1IKkHBaQXy;OaD*-c0(6i$%aBU+a6jw35g*icY z!BJOEM9zq|+kTemRKX&C8~6y7XWpKB^%_#k66E%c8-UtV>h|UBVsr|mXg!v6b^x|sqqJ$Oixs;4TcvhDhk|rqlUkQNEfz?!Dz)iO*xwmc7zfDn>v9H= zQJW6uV!b}yu)9%tyMGlt=kjXD@v+U>H)|iSTU0fy*T37_fJkhbhu}PM@GyJkim_Vc zQ%$v0317Ho;&@A>aWfQ>Vz3?*%%ZLGCxv?1yrCA8ZsL$)Xj;1sj@3da{tGgq~st%SzrAUg$;*BYB*^BgH?PDm1X1d%UN*V zcrZAmf)@easPSAL=>@WiJfs}VV|oWHNV|&Rsg=Wte7l&LU0!!M9*ho07Qe7)Mg0M&i;k8 zsqnu4Iiy|uuaNfg!UzOuKZ8dzJ*x0O2DRq^d_}-of$r`Q#qL$MG+bx`Dkq!(i$YLi zta1R5A|u~mE`|oOqmzLg>9%A7xGrfbg`X}=UywILa=G4y1Pc^%;I1rBI8^rIvJes& zOPAZxQ&*qswY@0w{`TG~Y*%P3L)0oX%VS96H3-8ePMsx*?Z^0f7~C~i`=0VAPuudX(E^~in877uUbyrmPE0%IE4-vAp=V^V zwA{kzyn?Bj05_34GMJkZM%04l^h0j;IYwT(xkw3wfJ5%d<{N7AzYw-5>Uj?YVN)aa z$zxOU$N0xmR#L9&6I|~=F5RaOCoZ~<`2twq!qUCf(cv{+ejoR6m6k9Po&RhV}EArSsP-5q&u zWmu?F1@IgLmUbUZ-Pr>Yc8??((zqs}2*Ba44PSeyWuV#%`8K$b1$gbp7ki^APU2qx zf*0(m4%-X8PMl=<+hF7Iy5kd}N_r7QWw7Y((M1k5V>ASqjiTY0 z$H7B2+>RWcIxt!_3PTM@7dDI&q*Wx>2gAc|Hdu zEx40px{h6Yayi}<6HixzV0n1f$c;o$56?V!+iU0;Ar1;fq1pt)DYPeLvIdv6+C^uu zUK2xE2oJ!yE2?aSBuIv!m@i#X7@CB&F|=9{QDM$=QW3S?eZSNW z>&~L65w@Xfb<|D*@&4EX-gv*X>}GS&vERXOsM^MieN+~j?ZG;1z4gJCRHprZ4F^*Wr_EOjBlq4DM;f#|fR5fd7K&!SUO^oHdCwn9N5(ZJ2u z4}3)SndbLpD9wx1802?=H&UE!;`LzpfGX$J{Df7q0O<+Kg7Y5w`Ml&wAH(4bP=+Ic zGIvoGIS7{CLPlE{6|m?CwAoGo!i_@aE+fXq@qH2@e6;JSMG)?lwu`YES)B1K`* zDF|dS84VTe5n7a(r~zZWfPM;5&s}Ah z+ZAvh-Nbr3+(~xe=C=E0l%fDrnreArJxxF(lKm1HjX(^94x|28(IJQ_@j9%YNdWIZ z1@W+yE;UZz8nM#g8lRh}AJc`{(f~*c*rLFS%dbArXM#$t^YWt}R(e5=f*Y3vXz;<{ z`}o5DSHJK7V`vl;WLHmB3tqSQ*SCZummHKwHK%zt{S-iYBE07m^i{UYKmpH-dmALgpiqENxlOfbmXU{+h-7WKRiv(`b<>$`n6 z^Bx7~sw3c+_QBq69Lp$#+lhmt0kB*JV5=G&ki+J_Ul>aC@?I%>BhT9LND(BI$1vmS~e$`;!~h_!soO2Rs$Vgz zBO`VCV}tibsNex$D#nyZ*cZYzrkexJrirOJ901j=^{xbv&a7rpHaeUTfMpVEy#XlN zesP_Z0*of3u&F)7iPQP?)ku3T*V@zVFpgK<8SWa*^nD~$?Rq4fED-&mYUDbN01KFg zDXzn2(5}gYh!IfoKq6h{5H#osV3DhH&xgE@{Fs-G+nNV5IHz#nDYsY)hf^JjwEVON z2Ut0{)c&Uip5NZLLHKtZ!gWa*pjdH#eWQQMsbS6ZV(`8WdKNal=L`{Ln@JU6r<9my z!f8X0XSU`O6{PtezJ6Zvvi_}EC8*L&KEE`Z)I0*pg9F4DLxr1;M*-`GDwCP5|5{a= zyNf>nz@UPt0!-Xs^U?CTOiAbLDyPXY(j*AYRQ&+(PDWoJT5%Ex%!FD4Jfb~01)`52 z`B-KjZ?lHwNho`K>7H~6&+P<-6CW91O){Hi6fws=Vp0~_t51|a>N$?%F>mm4T)~$= zna?>JK&D#)YODP(NF-1WoFN*2u0ZqQS%~tlm-^J?@7+yz8YfhZ@(*`+Ps3<9)s`6j zLm*r;0Rx*CO$&yODB|H)$j3)|3PW0Q07QZWlMwlZBo$m3L~r2%v*-9V%Uj~wPmMz5 z)Kc>%5b_aP$)^L8v*8%5eMnp3H+2~U%+QJ&%>g1#I`~U_VeP!}-(8 zX)j4H6+Cblt+?eitSvdZyEGh+)hQMTd6%mcwhACkwfB^7_s7XbUw0<6_97i^_V!Vo z?v>y8S{g%30fFo5oce6}Qdry-lwf|r<{`vtmzX!zPXaE^=_U6~d{lVP0OL41kX<9S zqxa@=2|N{IVR~zqgrQoU2Cki27LB9leY?>6!0aYN!o_p%(KF~>2-zg~&Ta$AgrPt` zSwfYosu<8*I`m0z!%tbgsrkBEnX(4t;XS%QrPP^@%C@Y~Z%QM22o#(hM)U=;X0A;E z59GR?^OK(=MTS{)IZln(bNQ-Z|Gd$Lh_-(XDmQ8Gbq7EJR}^OZy^Rlf4x5VL-ht&h;ZtfRB?NOAaH_LDRs7 zp1C|1G`F1tzD%!@&v15bQPbEmuFhUMRM4_o(x%07cFNTqCPoyTXupSoQ+~qiG8s#u z3D;}&B~3|l%yqDro2C+!EAc)zc&aHJ8s5rvw*7vABe1dE(uo7RCY7*eD4y$K>~k`H zho^uVFT&>#kc-@kmCpiC9AX=4n?yhr_f1#Y9AJAON?(B;H>NA!o5`bK;7FTjjXHWfHG0o`supYQ42Z}0PT@MTN2m*daq;I3p! z^h2a{`00WA>7%+9bbiOZs1wAR0!8-T3(#_UDR zUkn{Y~r1pf$c*O^T^qAi^DwO_978lH0_ z=eW-oDC#3FImq&9lNHkNkLwmevOaC7)z(Mq;JjMQS8Gqy;wjSw%ZM+Dy(l!1(7xbyjU(xBv zxyFN3#CJ4M)F8@55PP8t2#b!j{73B^%tLJm7Hqahqf71VhFNzu{qpAi^Q2FgZLzPb z1L#n3Ok&!vV}0LQQLIMHwT3yA#}9u_h8z}8n`6KO29$7I<~q200hW;W7*ZX!WOCd} zKJI3H@1mzf%!8qYwFj-=?S2u{5a<+IKg}7gY1{^gW-MPdc7oWKjeBeq9Lr{pug<2t zJV}`q`^+~NnnvrV_JvzB=8Q<82ba9Dt8SnbkB#D0(c2P-{zRuScNuM-P)=njy@qk6 z-b7QeNQ}JU$hs+W%c88y zD~L@=az#~3N2hc=zD7tFLIAM(V<3$|(qD{#)hk$`13OTcQR_1Pya-;l?lXI|T|Q6b zyRIBR5Qr}M(!N%M(WsR*%7kN*!6r!mB40jQ(Ty~mTQenAjprOd^%(cxANl`Q8SuXo zERO*M{-{_LZ{n?bW*nmlcy!3U0i% zo!2k;v+?}306`Pgs6a z~C*)rviTGpr%6oe@}^6isIsLrOuJ(tGCaC0+vV))nHe*Y_%$H4@D; z!^@4DRL-wEd#I(d`7R`Xs=9Yw^3iX$T6$T)|L0cs3&3w>+9s`$Pu>3&cyF}g>8v7; z-Wf?Jhxx8}cboM8#;i-e1O#AxkJAxUr@*{)<-ZpQSu{`R$n9PA2l*Cpw-S?@mwU?} z?>z_|-0&RDR(tv(8`Oh(Mp@hlAuxg;Dx&;&2sHQ+#;G&(H2_~gvb_JdyePI;5StBB zH@5)$Tmww7oo6H*>>PKqOJx3qS|`nt$|&Cu>H!f`GcfK zBo+Hzz}TkWI{=jRYv4@j+*?Y~5_a9Ai_fJ7mg8DFVwFe=*AEYw%zfGbgjVoBoQ-k> zd4Vd(_5+})U83wZ_Qj3Lt^xEsMR%@gog2%KOF-sr0D=l7%@C+r8x|km!<_=Bqv$sP zn~#C!4LlCxb@GE*GM}Mbj?7AFCGe=+hHOQ(J#YW=`<`BkK2Yr=oUeSJ%pxkcZu{-I zNl$=>OId9|Oh|m-$DeZMTgN2e`oB0B7wTla-d~z-X~|6M`_L9fA`^s9``-7{Qr=ZN zM?O%ZUU;}syFKk68CmfIwAxgDuQp_vz>PA?5QsIG8b;eeggk^z_W`&Y1(-8yz6LxA zywP>DTfp>G0ZP5;7vCzS13^k+9L$Ghob$EfI^y5SA=d;69f^bk$SKmH2AJ3^n;_ux zktx@Es>$#*b-uuRV`_3h{)fW~5QWF4EnGVpA_eXMY4{$=RxmSqHk=N(qtj&KP#$3f zh;OMSCNq!ZkFPAIrAp-dcFTbOU2Di?_*pefLW?{cnVpNy;&Uwd&E6wj5OAnrk`)unWG5eOMtjRHy&5CQQv zO=JVZJjXj35UQ|~Sl5X&Y4jT{h^a&-_j2r<{3h@+3Ix{BzmEi&B0V zA^eDT48s>tFPA~(`x?n}P)yJ%qL0xT_kV6h#i|$lkW08fD~B3UvxV8Qi-ij0O^-<4 z?qi0M67ECa)Rk8CK0qM3i*ZrSn(&w_7L4sK;sKIeU}W-`=EG{>NL)30j2KbAbJYyl~s_vBtibj zp7o;r`^&yRu+bvTht`DF==qUo7455Gp*HHvAE2UR>tL6}E``CF%(|P7tzZtRiN_@9 zDF-03l;A!QKWKE(s~BZGr>c};8* z@-7+EehI>{mtVi#SbUV<$N{P7zrVWVu-ebgZ3Br4I}*}~_j~=h^$py->J4FY%8E-S zuH~smf&{%t#AAUBP}D;{kAd$muNI|f5pmxV@O;Xt<_lOKr$IuZuW5$ySaj00&LH>@ zP5>|w6|wR&=t`E!*xWMBCfi=x&y2tLwC@ZRXbcE0Ov9r+TJ8guiVS10oJ~6zmn~q0 z!r7k|yn=ChPTn>f9}6cdSuO~k%{5RLQ|T$|#Zm6S(|{{zB(RHvC7<(k&Pxk8dA>Rn zd(47L=HOWvD7P@W)e~-7{1c7aYcB^p5~+~AKh7U~ zrpnDT`V7D04`a+lKCd6@0$D5H=ZXQ-iAJ z&!bL~ySi$d0+B!>ez`)}9=8&`@ZMtRJ%R<}1_khTUfMWQ6y4rv{^8V?jXct2$K2Z1 zNcC~A+zhauLh`12gVQIEt{AQ~MBL<$=jm+JYNBdObDFBKJNrM->y+tG;1G7#Iny38 zZwTy=cWW-_o=r<@R((ASib!uNna^Cp_<0v_?$(c>aCWb#xcR0o`)~`O-_u{)q9MZQ z8$acca7fpBGX`MFWDr7P*zPE>ez-=~&?lKTpQB((&*i<;>A2<;;)o}SD!RYqTrn*) zoET}ecANlJ!U^Cm4c=R@nH;6Rv?zUEIm%J4*w%(B4oSCaiS15|{|?b-{<_iEEp^72 z5-udCfOr_*)pD9@$$gbS4^cI{E5yxbx?%a z{#nHqLA0ymU}Gb@&qYKf7ACs)a)hL zgP%m=1&U`B=NEP^)VH78cHroe($VHr?ki)-ZlcA>N2n|?1P$uftfDl8GJ-5jE5(G5 zFc%|_Md(3hMK+m4Bq9bBW}(5ztaz~`gT=y@f>1|b1zk_K8X7&M4$-eovc_Z+E^wMaq)ulpr(8bZ5Qs&6v9Qpg&rT^+JW3af6e+30k6RY&=z6~`4mgpnjxXaPxMHVO6Qw$l8c8+GedMr zK&8*omgaxM#fp~tv`^cfi#!GHp@LnO?mVLC6tuBMAbp4>zzv~W!;?^L0g$|bthw*~ zDvZXI?r9Rpz4E`a;RtAD!sW6pz#TNm-})<3_z;qKLcUV>tu$bkAApk_)3 zUlv1pCGDSPfbyWm>m@mNFAj3G0t8RPV=;Wr!=1zg!wK}pCf`l^`-xy~ zaJ#IQ(R9|EGeMuEs6qPE1|$=Jc=5FG$KRX(bIFP@0${fxjniWQw4O%!1sJ@?gTHGY#A+|gyQ`BeI|>mtQ5=5u<$l1odfv3&`0rjEN;8wVKhqZW0^Go-Vxx0u1bM&rKn<=< zpgoKM6Sre;3hEQ+M3Of5rBFTfFt6a=--nNc5ft3j2ITzB*Y;Kos})-COTY#J`R(~a zfU!u*RarVMCsjB)#ePh`2~fk}6?NtikTM?w9Wb1L>~gpL^0V3B<9V9^A|m|fA+Cs* z50ppTf7`qY+#-NV_7^}H1M1ziw?ajJzrTSa1XRp7zi)qe0h%wc$bcrPat%dle`YEv zw_}hl-hS#y=7E@{x~1To;K)OSz-fIz(q|&M4N5~1 zHvyhEw|oTk`|3ju>1u%`5{f>J2%2n3KD`X><=i0=E*V@-`7{(YDZ zm|!Lz;8Purre*l^36!L=pn1(TV7rh3njx9IUIC^O^Y_Uq^SOYyG)NCj?pk*w)fG#F ztFc8Kf@%6Y=kv-!0mRYLuRi&6z+lgWP|F{-f|fK<+=}4)nF52&i98Id&Mtd9H)jp@_#28TosQ zG=P_alvcgRk~K&yGcoi_?ePt9?IFub z9jFf+0Mk(pRTXBH)}3TfKb}>b`#?Eps55Z94y=DQkV`S!Z&?uHsn&qksv11ds42;@ zy5s$EM-X&^`VB>x{{nAye$}-9c(&CgRlo-7bU`-ueW@^Kb^6yyjT~?eRs+rlcK6rg zdoNu{=r@HUa=!pppbWT+A1()2a)>TMEm%wr)+fgS?I|*C_VonJy)mev&5!I_^B!41 z{*=fa?+!zv=|lX$dHDeFAQHqy2xYfZ&t3_vw7Y?vU0C zV6O05c~K+n8Z7<`bS+}Oe>kcKb@+jKjSW*$*d@-(<@n4+8_=PE;p-CHYx%&VTG?GK z;kts{b7el@F;1XCF04dx708z4B_RF;#mqvMXBRtTnZ|(?;g0`mx!O$q1*2eQ;K`HA zdX5GHIeX4r0Tu1X67bz!H4bSvyWRD~c6LFR6LFoOn-#Vi(Q9!6N-!vF=hPf{v{YCP zg!^%jKcqQ&u4$bE@stQYkkC^6c1+r!%;;u()gD-MK{pPU-`zOCHhMyfG;jgWGEMVh zzNnE1SvzYA*#1`8wxO-B(RXK}#kF{eI+Tcn<14U}>zva02@-SPrY;U@E(7HV=cCkt zh;D^QYDcq?uRzce!-?Wfo+QeTLCytW25Bdr1kDz}9@-U2!D0>d$^lJ;#++(riEA!s zW=J?bo&?Q=UIs4n)dT>Z)Fme#B(pgDzHxaAk&r-kNgW4>z<%0YKBiq@4C?t zAoEvWw+Q?Q5_5KdloN-Mog3KQfI7Rx3fDh3Hhrd>vuJ6_FmJGnt+0l5K+}B!hFnUF1|Jok(CcT^i{2&vP~yUolwPNw*@1?l zHYkp-2aimgTy4&qGK)*tnscRM4G^>2GOx-UpSf0^YCY_ZXZ`Bn1NEl@b{fc9y8rD- zV!Z&dqakQ%w8Cux^k2KyN^u>rL9!MbQ>d^tdSyO2TI%vES`!-beMq$~7xg;AHwXGl zwutw$Oud8F>KLF^Cnt0QPsrSL?Q(#P88r8sn8z^eaLD*5fEltuOx>{rD5#A^mbmhB zJMxANahYF_zztO&PG4L!ZBoXr%s2scT^QU1wBNHKZcV6lJ?3%@O+BvGb~4vTg32S%zByC zn^mAydMV7OzoGq_xSI~5XVM>(EnK#jL=t3d3SOZ<@BRRxIhXlcad3*|_8VXQ*s371 zJ^m@s#s^5hD2DPRpxdGNW}^u)KWilV7&2*A7qq}RFduPJ?xr$9bu+bdhfv;6$Fks_ z$fc%8KbCW=zd+8u_E=+=j)Yze>(aq>YjrpNVv|Sy0ysW(-i7#vSgNGc>T}gc1~T(_ zX$xhnM!rb*23{3!&%PXmX;+@3q{qz*d#72&ED*VveV1CAM?s4WpBXMW864pgPjN1a z+srpH?IupQMV7bI>9?A0bEB}Nt5=rK5X^!d#>2}GtqNU`c9c}7oBw_=)Kx~LugA!pZr3Q7Wfv^A zIZ=2o?Hlv_v%u9i;=KU^6NN)3+$x7$IM8SS1yVF+MlF9%*b{_h6??MYnYu4a0&^}& z!XVx%&cx7KZpXl=#vYZE3J>bOgtjj|nY*ZO?AguLrlhG&_yZ8~lf_ax6W|%G z?5q$;IB|Y|Ci&}rAJ;}h9+c{6yqx5!nRT{1XSK?zW#vfI`JdVL{lH1HVt~UUO}!^Q zbsAeg4mK)xFkW)vW=F5kvpHXzV4*HKfqw%g<0fQEBr+T@*z5HxR>9x&{_z3`+kFMr zWvQ(LKu5~7bx)n=jvrCV8Q$a6PprLlIyhCRLxJXDG#&qKoVaY%)Xyg^<_jt6>DOm; z8kSbWYWK&ibVQ??a%fO}B3-RNbpttk2ZpO+)4A&xp33?;GD#kbe5;XZydm0Z9+L`t zTJ+;@l|FMH=Hej?x|Wr0S>DQePEc};wne`OTV<6=JnGg85CqQS-Q9p*F$Oq(C)T5FZgiZkXqo?6Ai zxUDl}PvQ%cQ(7u@R}6l}FJAz?ZGKU}^L!k&8gpUtMgGC>mzigc4QnHfoY8Zs<<<#w z(Zef_rw+m?j@y@Z-gJT z6`>70F*MyCYwdiV6Idq$`bu`e5b;%?6OfhKFI1uY^CJbkS*HdrQu$Yto$CdBCN2?V zMBhr)?1q`%$Eg{l37ErL-FM{*;a_b*H@TP7rA`m#ATg*u^(>p5!oU;nBgXHm*$=cc z3xsLREOn!6Tqj~dXPrnwOvCElA%Ig8gTVb$Xwu)kv`JI%u_9fO^GlHHJ9b_G*e zePzEZ&-P_q6>|_N_=ImX5xb~;?M9#;I?2M#hu$J=N|z0t>(xoEMc7I9SITHNUOXQr zrjqfeF#vLb7tb1&ZW>Gj^>7RsjvaRsX@$)-pK$83*RrNI>y!HdC$H`wzf;wAA&#C) z@`}_`a+vj)wXL`x%;3=#%acfWd5n=ehMt$rexDk+us|rLq4~i!=7@gJKq1g3Vw9Rm zHx-fhcEtQ{F((ZQ!|FKaK}(7}Qjuf39bDPpMu>h1XU6q=6gnp}rX>)zGnn{ON$OvM zMKXDAap4tFn5r{M)F0(G_e&>&_2!0DYG5`C&!Y>NWbY9MOY$}&%1U1%q7J? zrGx`rPqlzmK=y;E2VEK_^h5P7JxzwSjUVSmE>hv7*m#Gs(Q@#@tk5?R=~ll8+JlXD zMs|gQqIe!0$XNqh?4z>E!a!-Ms zBr)?kQ)sL|xwFTCK`q%hC6}pjYJtB3S+%7O*Yn2mr0NK`3Jgrh##v46B6qYTV*D&9plM zi1MD@pHJl_RY#-jlhW=+qcJex_j9(mvg{v5R_Odxo}}-bkDkxesEW!}aaIz~f`l8u z#wl4C1Q7^OeH#pONWZZOz$r38MJJrQ1fH&_RX+Pg(};Zjt=AFi zy|&{c^6#k*+Ifux+C>e2(U|v*mwmmWzi&lFBeyI5ET37t8*A(uE@gwvSEm>AREV`; zC2G)avJnsSwmZQ@9m5dEGgYekrpc zjAm)}o6FFC#W5q)xBo@S(VuE}I~&l-Ko>aOLwnjF5wG&4$zk~3qumSU&w7H=J@n(w zdx|jjCp}hMKC@)L%0G`^7YyuIIoARQZN&L3J*s;vU8 zw%!?5{W&AB!T#OhIR~lq^3nVP(&iV`#$vpAUFwexaR>L3p3zA1H=!HRO4#}6Cc`I| zZ67Mw4j%WnFX=XRq|kMu@AOsbE@##@%?C@VMh|zRGvaD;+?ScVnF|;9-3x@e$KB3f z@G5ZHShyfDyECMgkkVhBwd4=rESY(iF&hn3JV*QmQ4@PR< z{&-PX@YywmVPj{u*8G)A4D&|)?1Gez(wlv@rgvh4IO4Ai8wa@cu4t2@!iihU)YV_` z_6Zw%WZjp=z0)Ownn^UJKeZn~0aI{}R)iiL!iqpX2QD{x?(g%w13v_v(R!5{tz_fc z8&q8opj+o{S`=WXJU80ler~$Vfx#cc zOE|?LW*r{;*mih;ZL%-YedCz5b2j!t{QJ45k@(_T)Sl2fn_-;jyueonh7EQx+)Y(0 zS*Wi>eu`9&SO=b@yaRM*c#J={o5hnQRo$@pBlyBz&XZtywZUOE2B6$pMY-P&_*8B65=v>UaazpHk92Z&$ zZ5+_mASQq=nU>%>Y$moa=5DL3=MeD}%&ivdWkgfHTZ9Li1 zp`J2oC#MkKx`l(EHl~XY77>wKh;Vz|dslX2TVTMmae`_#dRVnhUX9H)+<%ayWU_IW zR;j%~9bv|%y3&Mr@X^zmC_4>iKysc&0KQooH7* zlKC&Fl*SDLu88;y!V%R4VyBFl0|G6FPMqalBWPkQ{1ofDDNj9RobW)W_(QGhJTOH} z@wemAM~{4=`qr)nYI}6hAu3|eSsvE&_M$}@xyb7Uvx{)44R(<}3-f$+E0v$XY_ft; zUgmR}x{-3H+5NmQ4b$Rjn|XG{C7kmjYJYF)ZGyn?00 zaTQ-qG~X$o8FPL}c;_kTX1snZfZWq4q z(qkVcXy z(GjME3af(wmZg~KM)`vI=;!TxjT5wAA6?}h6vlnSV4~{Ynfd{C1R_&)c&!v*y!m*o zY3utGzitQdDEcmOTGs=@kmc(;KpKDm#^$2qewocW@+J)xeCn!NwjGs{#Yn){8{yr6 zG0yU_bz+pyC@vG2&1jX63$uGD#=XkII!D;>p3js9F8WgcNu;xWdu5w!xTFK{jjucC z&dMobDV?*$yrU7;3gM_QsaO#`=`dhU{QqaKnza?_j{Y9|Kb2QQw^^din0OaM2iybh36FwS`5^+@VuTRs`rzg=0d{4gAqMfQ;}!zy$cGiWL!q8SLeinJro!4RuL0C+{l** zL0KXl%h9LdY?Ufhr)MoCF;QktSa`vi_BXToWe@VAQ0Tu}&WuPQD+(BPZ$ zcrIC~z^B?C^B@+%Z;Yt$$h(j|JE@W+TS`lIE(1kf@>VP8_`sDCtF3Aj`y=YpGQ(N zVy-`GMcZ%FW7+^aco+0xFM3R#Czd3)8KyVHnX%5bML+Pa>^5^rPFCAK91%0_JNEic z$ij6=3t26eyfxEK?iNdON>|_0?xFEJERFKYTvmX($UU<1XvM`C^G{+CgPR=4 zw`EcsvB2!YRcf|M{oRhTVrol=>tf1EL^Iq!Mh=DN7$n2b5-HRFkeM@=K6-VhDNNFu zd3^IE_}qr__Jr1XP1y|+R?1Qfc@+V_9!6fyklvOD#&*ksR;#A7?{I*`{T__s&e}K? z&So9w89CV++JObF7gU~qy~i1ni0*g>N9jtiyb_u6#N1()N%8f80XQEU{8r>47a4Ls=yZtx<4sz{_4Ehx zp@Cc824jSvzVjgo$jSu_;9YZJ*%mjV|HMN+&e9@aLU&hCbIfw`*Gq z6MZ;l)~xI_l2_;L0^-EYrc!+RpswY~eJSk+#H@l2wW0%8fSZ+1peO->`28$G&O<9q zv0}7;*I`6h6aVoR({QxdLMpp1mc3yL0aJc1&@4`#G4DVYPDG%sPSo(wM;3jt|7*B? z*%Q(mp1K<6HSv^Pu}ah7nSI%EGU1_h0wLilex|9L=LIw%8O;a92K1@iI`1wk`g| zoDCpF#rE1?sZYu09rr_6)+BOzkPwDPa1I=ZpKG2lro)W}_slPCo89Z6tyZUX?6?PP zy^qSoIf|ASSsyqqYCWg*QrbmCUi95wKv-X&RKsR*Wknr&fdMy7lzTao7TcU=9^Sr;8ni+kX^isn1a)TrR&&!95!se!?G-wD10#wwK%zVH>HONL(BWqY-nvHLq3xu4S)6UbL+u#!BQA?o6Zy)3+ThW|Ax7c|z zT2p)oxmr2Tx)I}tWoi!>y)+P2#zU1H`E9$fhO)QauvJ)LA$-zJoiR_Lk3E^-v~~`UFfhXzo@VkdMhFx+*L@qWgtlqp1+C`?$Xy;Rg3(mzSNp}#m3uI-n zu!e?J#bmLNuh1C8G?}WGPqFZ{lhXG2*~R(vu#pc)a`hQcBTT7G+y^469^Y*$;~+hl zE2UW*%8pw9?%5DW-2k-(iT+&kY%e=rz>0m&=#<^!z@=7mp92J?aLTdusj`>|ab-FY zI#z~K6*A)?uhpWNEMK4`h4IsuclviVV3|)pIrI;n=0V_PTgAz;OSv3qr_U^!OJT^E zgb|D}-6VsI^Dv94AH0#x>)*|luv|ejiXS5yG*WH1Td>Q29wRu^P7{n`X-_H-LZeQF zVxz)TW)W}^VPYips=TtEAVNo7prcbo4awHArn1iEORubsOheq4IL#86w)x{f1dP^dsGrvA!@1b8HsYs>RX(epOHNKZzh%m`Pwq)B7UWoo0I;~_t zYP3CwkBDMM?W8IylLqc=rr|w;650lD2Gh;j1s%Id2ar04lztDny|`G%BiljLF!Q~) zn!_gan-%AQu@xN?%7?F&L>WHI8%ORh&e$WX%rziH7xnINqFf3_^I_iWa+0f{Qt{rx ztgLG-Ta8#bl>p8t_deFa)5|NrKLCNj>Kp_eMiAo3#a4)D2h)wkg*D+?`9h6wdRZ@= zxV7Um6A>R}W>%QOfFXg`geXb2t1<4tV%X2Fv6+gE|C8_bS;tSO+eypcomrH_u7$6q z7y470Qhbn~q7x}n{wf=ALB9I}_-TqVM%jxGzHU)$aqt+-ZJeH>oMIhNmCD{FALu=Z z^5nR0cle!G_Ifyrb=1Pc!L1)OuUL<)-NV1qH$M#fb#)~CpM7x*nN%dORn5invpYvt z@m<|%uwy0V)RxJRX+*y6fMJ>4)laoN(H^wdX-a2P?14vX82J!ykOdBLz|ykJJE&*H z0|x9?8x0W5t4@Wqr~n<-@KB|NW0s)7!*r4syYqc%u0QY@GN0c*W3|(+E^<1NHDPbQ zRAn|kX!B#FI{r{<>)KukKSHr8k@MrDvLe*x)SsL@ zS-zFap%_nne35q5*sq6!zy$=qwaLAU_c&e+o8kpI9S^-vN$6T4`JD;^Sg4(y51z*1*mO+4%p0llW2 z3-uom3}Q7pf=B=OYUw4#Fo1JO;FY&A65iRVw8FK#wGA5mBtnb>p1n4*Ghu(8cPaxx z6$5Ib7Bi5DR`JaXnUywkTGr&Kf91rM?ce6S_4amON3na8kneT0dOzjW@WYOpBimtf z$7Q$uVBDFHS)Ma9muf=3KWwa8in1%tWZEx029Z~(mBq@oSkbdDQ&Ie?@+w;w+Nva0 zgovZ|l#RJQGgSuFetEky$g5OJ#pCp2?(Ax<%ae~lIA;2!T7PN4vtuIkOEj7#(W2(v z7g{W@aMaB5#-W2&y=}yT$n2*JQ%YplFS_q!O>=i|)UK^awtUxqdnv{7_%Y+nZHfBF z%b&lvN2k>17TWz87Daf0Vs3SQ_&Mp`v)O$O`sztsDQuTtEn`6W?xkJ4EiY9C#kCgLU`4aYn?$D6{VK;esAR$eH{ypEIP9+$F9@kx}( zGIdvV!fEl0pIj))A$?hO!@0Lg&EP!{_anx$eWK6@Bd;u4o<UbtM>5C>`uq;#IFcG)lHxWY^9jd5@4 z3pGx@lqE~Bpo-LmV`3-hP1m$^lGwfQTnkaTx`TnCpKtGe`(VYCK3z_}Ci6N;2uqhS z%5~+nYK1KP+7&$7rSDMj+#^u>k8ioq_-XNF=9LI0LV$|)GK>)mdYV$lof;xc^; zuPwXLzWo9+ANt5IXe#N=?#*Z#dNtQE#F?IhbF3<_KU|Y|uO5=d7#v-%P+*U)=CE+UkQI#lww^Pm}74*VX*>dYj*TneP~ z^+1p!3^@qhw3Lm@SqOyFHd4ls6OamqwtkRk30oaV7vo9dg3HZ?uMQ=d_sGG-mQ=aV z6StkJQ^hM5BNzMHzG@q@SQ9%uXpb&Ga+1prjoay%x1sZD%20sOv{PRGnJuN9%Pf;8 z&1>xuqHIq;KLvg?tlhZRiJeI|soNO-k-!-%BN4o-r1#@sgA+!7cye;kBAK1%3`2B? zJv=5g3vGOmNI3p~vG<-~O|?<9Af3=d6OfkBdzB_VL*sN(X@;2m}Izj(~zv zMJyEQ0s_*TO0iHvuY%G8QWTK;M*Z&GxzGHVdFJQLFM~Nb=e&LIwfA1DGA8-_>dR+o zR%xnaaw(923aX*1GnNV9oQ{Rg2lvFb5$W`FHztlTpHvBbs{lkH6r#c=ybV=$m4cD% z^9GXw=gD|S;X^m8XQ1W9>yec`*%1R)q!7Mlt}=hfdAr_*VFCSZF8KL3Dv5!4z?-am zK7MX)`lVjRN46}+GncG+-bXtKra;_#m_^R-AJcD91^nbzT;_JrfM_dnsQq*aux|t@ z05ph-#$S+oJ-v@zJX=8i6r4(Y7Zhr?p8lTaCid=PQgo7!Q0U9Y@!aojiW}eswVN5U z4A~yldar(mr-~G_dfe6hZ%?>O22AuTe6XmzS<-3>$2M_dtB7xi7?|j~=`6@jL!0Zg zs3oYVJ`fmK9GZC>LRqZ`&mfH?o`>N%RNv;^=XRn|S-O3#55h49pTv^simQ$%Qt@F^ z=dNF+?m_{I40O(dEn3Uha$;q{Q&|pb-6yg{zD19W@lCHFAt8t7D*HN(&}#-j$spWV z<*v~o$~p2#sGvFnCY*7Zyxr9UYQIcu=fF9X9j?>BZf4WQ4PPw8;2kNke5zfE>D+F* zii?i*9EJNJn}TeMdJoE)dL9y%Gm>rVsw)+3d$YV)unN}DnA^rw{hnU25YtkXyO>xCns~^OLJM_Wm}h^t~Q-c7L&^O6L?y z*gDnxcYgs1F}>wdW=swwE7mj~tL@jXVb+1BHS*|6eNsQE-+p&Rw^4OtT9!7@08au7REuh2{<8FlN%##E zrKSLo*bs;w8q}nQfa+Ru@5ET{?jlBSdNM5Oc81G(3j;L+u^p4f0YaDBKYE*qer3gZ zVf!V@6rTgHNkw=tF{?Mrgk6i+73>$af-(&|m*>c8vA~43*-hAm{rLoX)HRCN$=*<8 zT1L!Ut>UVjA;J0+vv|BhlpBVtR|WAhoh79|<>&b)FOq@&Z?az6V57n7yewX_2MF%v z#4$2eoo|dxTOU6rxW^a`v7#uLR>dav*X+Fh}@a27DII8r5MqzEbhzf2Zg93y*dOi0vz|Orw@1Ta?S0HX)baN{EKRP130J zOa2=c7!6@qQq6SfU1eeLD-abWBGK+9A`^!o<_QSA<4;l zJELJVsT2npfC<$kXoti~SS^a%%!_>?c0X63nsne0a>3D+6-{gs?Is`CEZxH2&;Et` zPHz($+AgmnLfa8-ERVqAh*RSD!h<^U1X8~vsRYi3sv%=!;k2+5jZB+3raq||9xR7y z7gp{U3A0y3M@Sn7Cz~LSoPh#oqO6q0VvVw`v^LmRi9!xo;Wqfnd3Aj@`WSXHPNYPhL04sZ=qO2H zw(Q)eL>l*+#$Qx7Tm@MQjAr-#^9U4Rsc|BXN@w6&$}~&)#teZ`aIUVbU0#hP;uJ`1Ej$@xtYry9 zXJErTokL#d4;w3CcjAZOHK6dVTC=c=oZDi!QAXEpBk^9y-s%ki`rmt?)xAsZ z1tD*CM^%1HuMzCe#M^=bY)3i=*N%pTJtXd7MSfOalZf`Ys)smRVNBBQB`gFhl^6SX zl+#@{R|MYwQHMC#0+R3i)~R%f&JThZ^nwo-U(z;~W9xcF6J*a>X6v!Oq6M+;$|!pmco@z8j{-rW1GX^oLl1s z{ru=mT$;gsQ}zFbmxB)s?-Nns_2b-1wm^1xLQd0MDA7_%M=*u16kk+sP#;lOa>tc( z0*SLa%H#9T4?U4NN@%3^$78Pebi-A+7>;}yrnHn`>k;V2sLkaQBcfF+3ZcQW73CcI z2TqA%?m><6#mf4ER^Z90_Q+WKS0B85b5tX(*akFPx)9(qdCqJ3x zqxc@();({n$2FD1vrPWUAkDsuLbV$gJA^ImjY3$ z;18A67-WBt)aC5yx`zJ>Xl~?EsR0<~qC8(d`nQKR_=gdti%F8f;m2H=W4#GIZ(yS= zc9|}H{9BZ*L7&>2U#^syr>u3<~RJ`zCr4F=$+X9XU5PIklT-}ODU&^aEf;Z12zvntgI^wX*yfv z%)%`fB7@KiaL4b@J9krQTb6SW}x-R(d%d1c%+3rm_rHm@@#JtcrD zcB-D;La_S6=^J$K?ll&_$M_A)*BhB@R(c|r zk`oN5;mR0xU-_$2zgBL-5f2(l&P{f-+skF_hE}7RY_{}&Q?92sM=DMJzFo3apZD{1 zufj;hz{nMja>rNJ-PiRLhZWC#ak`Wh28t(TF?#=3 z@@vhC`=#Z)V8?h>aQ8odN)8Fj6+ur`e;6>-UQ&ukgr3sN!n}#b0@6g)^djIr5ayjs zmPVg@BK1+e+&-Q(953N=@5HZvd40+5%#N2&?ro`GMw#=f=|59j+bd+Q%-mhtNOMT# z;)S|+DZF<@L;M1KcS^=>_TN3|E*^!ioy*)U;_bTKxaMg#5GT7$8>g*~c9UAk8>(wa z%d(MN%Ezx2zPXr17pvUM;GP!>TY@gUcPtNFj*-w+9lIG~+xqzt=WxS>s;K_A58lJO zLknAJhw2~h%y`K7Xp>kZzOWX4RQI4v*u>O&=||3gAmBO3FiXolw zudK_{fXfZ^T1r_Xj>*Fcb)rQjZO!*`z8!*?u`n zLH+v_F>KyvoQ2eAq=|pZz`nX%yp(t!$7q`DBm68SsItF*rya(pM;D(&h1KG znnS0iM^R4hUP+A-7CooaB@1xe=-WpGKh zEL$-zHEH7(B6 zXRbqa;DG+b*wP+#bo;K7`U_h3=%0XjRO0KwRZy$(d7`56^qheH5Brk;hM9}sI95@>n&<3uf2=j3U5J^! z(&d z4GMP1BGkTt??RIgk?T9OdW!IuSdLK@&ju}cEfoVlJHNpdm9H78!CXW1MZDH<7fbu& z&X`A{p}vKMGkZCyYP}AGS12?hqNZik|<3^CJ1!sc$0_m7j|;_U~aXL zixyf5k&@|f*FSA$>nEMu4#R^1MQ|{hvDt_ERx-Bg_y`{1G0&QtLNmATwLNwUZQd%o z!N&SK5ASNYwVWYph6pLk1w38RzR#`;gV4UAyJlM9bMgNzgW%;W5RxnhD9=@^ez-K$ zQCGu`6-y(40XEZ|CMwVk{sM1Bv16=d3Wu(r*QtYlNL>W!>oLF#+M!~0>}7L`@finX zsHN2{i^NY11Iu#Rt4Q^AsWx<|IXZ!-=nZ&wAQxkGwJG3fzE7k8v5k&>KTRZ!l~eDG z^YRHt;IZB|1#wj0$m?)6!PH}fdN}mT;Utx3u!b>_(6AeX-gK36VBv5YWBzri-Tn6RFyns_%ah6?0 z%55wtXm7)X@I)|LcIo{hX*E3*7vx!|b%Zb$S*Z7;QBK6=H(W@7Omy;X{@6AZhSSxa(VxdJi$o*tU`xS`dFCDJ? z_Av_Cp|fgb2?InvK0^{~luuS>1yKga>Q844W(+-+*D4yf#K|1Rj`lXEtqYN-7pVW7 zz7bFn76K@L982J=u?Rk!W1yp$s~ZYbD$oKoo%(3VJTZ1i?j!w@8z|AcY@k9vhGzhk zAFLBX$S$he$Izyl)TgBM%CO@J9pmlf%FeaLZC8jzWJIsy6)An#c&fDKddjzmIl-DC z{)f0v(K#!Hr^=z?^uA90>qQ}MMq)PYlT|4zT{SaOc}&7}JkDTvkdrmH zj{t|(n-`=ES!@^s2^ps&#`364jAHZLYptx$3`NrnhDR&kM;(QBUFtcB=NAur1Q5w- zgu;KKe=rbhFf)L=Idab)u5UV?;`>5;Cxc}*Tx9Q`Th1D#<#|Cb zt>_uEU@EGQdF3MPc8)DpPmC<~FdRccUie{C+Kx(>-BAP-bkzVFXz}B0V|obJ;(ljm zj(vefks|B6n4(X=!STVV#*k`6AH8Vk5TqfcA+2_Poua1n1XL+ve4*E34zVI3N~5%}SqW+84Sckyyvo`}Y??tYO;z+q#*1I!!JDFJ0|Z&S zc%72!{QAQe)x3qtuZgO@8ZbW5fSPsjKMBogYFmssfhOScjq@8)Ji6HGD4Yj*Q4djJ znS*AL#&~%XDSaE<+#AQTGEucilqkggjtQcVBTuLG!Qfjt^^kqq`M4?&5mw*n<98fD zvt=3Nsi_PnkgGe--P3R3$7#mhlh8-?Ld{T&khlIrmrOHY0&bIIX(0;GuFdGUXui6+ z+0dSlfu<-!M%^+78T}aK8xifkxs9?b8HXV~jUSe#6I-8tzGwet&hSR-s#FtzB(qNW z6ioj5Utp%cVG-mSzA?szc>jnA32|kGt*?9eU5u1T$|~Yhd`bBPejGh*fj~lDpfeC> zAYbQIu*y74x&lj?t}wAwaV)FvK`{{Sh(U#QWGZ_ja5Sn*YMHdwzB?pT7_J=&By^`& zd(pg*to?$Ax^WYI-=9BIJ3k}EQ~X#> z@X1zEHiDC7sT4Dsf6v5bK!R!h1FCrL2wO7x6=kL*DM-1zNpr?sOM+ zy|uy2!qbYQUcH?QUYz~0=6HRoKicPO?v=c_`8OWOxK>w;%gr4xzW%neO)|^oDClzL zU>HwY)@qYwVUh8vPBHJl?&l=KE?$Xg?n?iF1i3Ic?j!~y;jNR{Ik+P3#{Tr(K@1Gp zT)Akd+7%z-*vno`e*gI#D{P9okV2OKOg@SBjm$^0jMs?gzxqg$R}*u@2vjAkcA&#+ z%o0-PVUozm$zl7>O7shX@*#zGXy;*@;+~34avK_>{c>%hbrE8G*aL;6tPJB-aul)-CE`;sSR9OeDjfdZEp`Mq zW+YHUmI~Uw{voRp+yBeb@^cE7TbQA9?R=7zyeQ&xt49e7>?zT*6%1pmnlz3 zEd_PXG??r-)P&2cr|JDv!=vOaR<&6C)m{(k2pU9B_?DwBHr#7g|DkyyW{XqPY++Uq zViG=7=_$1Je73DSn>7KI zVANFp2O;-h#gi`@CyT|7$v>ikNK7*6EqeMH{QEDwb7}t3Yv_XO=q!-?uKM7lQdYB; zbY^`peg$yp!bRB2^xYXBMB=9)oU{lp2vWJAZFJ9?6GT1Dyr|P zly%Q@vY_<)o_09id9Y6KNO|Pd;eXvrM8R!WZV}v#;TQpW~>c|i> ze2hWe^E!a5HX`+G8Ao@!V~AYIpi?2M1hA#=bgN4&WJy26CqUv2 zZNppPGyL?GNWE_9*NMd2v`b5keYIU2Gx+O8VoP7=-hW+98@Vwt3yP^(%ku<Xv**60gcqyn z>Fdvhh}ee;+C29GMro|hO6`X&=-Jc|vJOyWYb~fxaFRYUZ1|130N!!<3ktg&z>c7p zcmpI3C<3LVk6t@v)MG~rxlb6R^KRts3IN+Oke#204|#?UGx@F0Ix-Ur^6AS_Jecy= zZlCxPb9aDZ2f1uCd#RL_(_m6DMFI&xn+j#3DE@5+(OLkbf{IvNnaj@MC&+ZUliuK_QB70{80!ugsk zIK5LpkMdC_jU1zp?!NB+inWnj(Zdo_#aAYFM$jehlEAjksCP$A9w3L9`>Gvk47I^N z2h=NKs4EMK$5RG?+A=eXGWIwY#QnN5R7j)Pgda`6mAeL}mFfR!T7d?{%LUm9uYuH* z0{CZWP)9Os7zAiYNGsYveLu4r84E;pMY1ty%L@q1hQju-Q2NAhkdZeEswenW?*ep9 z88BbW&7I7J#xehTjHH@j8EoPT#5vY|y2u$_1v}TLpZ6mJDs-{oVaU0cO(^^VlqUv? z(1MjKUy96xY$b)nsdcI%sD|{^7$&~X9k-!Lqi~M^8wsP>^5VNv;t|v*LW0p9p-&Ni zl8+EDdoXL3XvW{W2hB7GYtw4=9|1;NAh+zi4K)|mS8meQ9R+fCXY&LFs7-tp;)G)q zp$d@nmU~Arq#HTp@QgT}B@_$nWK%Tm)R6tmivD(@4^Omdx(K|P2H!OVlswNg^P-GR zb47!{KCnpKmc~%>aMLgOA95Q}-t*^VTflI>fx-#A8rvN|Hm6lFF0z^(pBso^JW3>A z?N5JMppv1rpqPR$$FqI6bHHw{(~4{Q+f|M&ASQ7GXH~=UXA38;$@wZ;Ol81*r-JIq z&S8#>SfA#zODQ~PB)>i|GvYOf;WsLL~Xv?mh7U>OCz`>-c*r}AV-^a-fBv0rK6`8 z{SgJUs5&L>>|PGNVL?*+KT83uC=?7-yPANJrgT-#JME#+O1l-uL?~cK)|uWLv)6FYoQv z6}5aLg6{$aHQCmNC?8F%T@ndzQ1TOwf|n?CZq%xrG3b%35brUQx*){*R+q0 z%`F-@5+h%l6#wtrJh0o9(=$&nTOjHOJ>R44uO>ClGMGBo4f_$V21gkxe_7xY%&s%H zfD8lcIIWTI<;uUjG#7A$igK9UD&XL23ub8M48V_l$0B7Wd!TFU`d|K$S2PidXa`)lSb(S!Gzax8xM=T+W- zrwe4dl}P?G^=^Y7#!sl7C7`UV1l105PJ6RI5Wo3Z!uEXAcfbOe9H!dfJ7`K6x-_FZBX$35HCAx(g&XvA7YP>|M*|_MGyk#$ z&1u0`tj@O$frWu)(gBa|qJ2L9?>#pN@2MVm_iyJK5#BSdeB#Vs!>JHaz=C`SC?&iI zJlO=Am^#4WLUGIk2ymMKMN#LFzW6Jaupm$%6w_J(Fspq)2s=SIPRuRGRvZY*p#;Ik zliAagd`ZBKr5LbkZta>Iu%l4~_^f&eQau}!^+OF61P-L@^(uG$0vlnnH6h*YTxkh!(PpppqQ<6k1=1V9wC!78kUimzde>gM)C}%zdVrbN{|a8 z5OLRieP}%al+Qb_J|fV{o@{uB*8rLMG1xSOE$pQxP<%R?-U_o|QWWWe!OejNU$SRq zI|apkHNb@v*=K$8(T$ynlh)IdEv>B6?O08hDTb~e1yS_XAhAk%(RCq=aQxKn=byV} z3RN2b6_qbH2xMk;fINHxP{ckkIkB;b@6D#q1W9pXWv5cMjsI7z0+LFykaRkwsgHi@ zLk7K)CTXIkCBkHX=8s^CmME462XU`rBLHEFD z&W?ifwPXk<7*u!wxNjx^zszlU*Fjom9AHeMBT)!F-2NB{*yTH~hz$`$Nk>7`GEO8c zD`Ajgf-pUh{d5lh^(8;@$DF3I@Wb8g1ayNOh2KhP}7Pf9L* zP;2KTg@@NC=dRcj6q5h}tuoFL)UdVFq*3#R1rg4nVN*Qy4_hR<(*Tj(&p$mD#wBV1gFWErgZ*!& zQDkp2cV`VD0fv1I2>WI+Wdf~u%6^*|D$3fwfoy$W?&wXXh_BpkVZk_Y-OkO&PQI!KMueZP{5mg(h-LE%;Uv zYu&5&26+Zw1~U(;K|!#h*HnYn_P9%1x?Ynn{^tVY*AoYNl$d1&0nE;Ft}d$n08)=y zk*|Sxnh=1ry&bjyXB`DCs?{DG^xIMgYhy!zByJ>@bEFq@P1|^{RHu& zM%!h*ajo33p7XOdCm{T{f)ONS>i`{60J`7=WCSu`*i8RO7z04P! zl{wufigVdawbz{nnq6nGOpA8`qkWPO4~DX9=tvt1(}J=>uT3DK0UHwvP$}dH&}-w? zeL=$_gYUSawxQkAjt71yeOEr7kHmC7N;xWY2&77)G%DdsDPgEH+C)@IZ_hZ;52|j| zn!)0*HJ~|)bLedXOPbE?bW>2pSxy)E%@r_3b=|{3^cm7dx9~yDN*bh~E(Hrs3G0lB4q309q!uqrWnyc-2(=sKb9orXs8k%El3Cfso~c|* zHw1O(0I>{?%Rn8#16S#&7ef4;90wi!P5_se(GDpqo9@!L zGL_5H_kV`9jpArh;E`nBaK~WmxzRnLY!9XuQp=P%Y#*7w2l+z{qn@E0OUlsj&q7-Q z8%iEHnHRHwGgc+qEa~5AFUxN%R!D}3w~PoyC_{;%cLSfojX>GYxn^2uxn-MH4^V%2 zqm>8COO=IC@sLq3g@PQ$_9kK~Ckr0aj!kg^9wstvz=MAQNB2TYcO1TKrN)nD{IA`!rGwFqG8x&B|>0asSU6z@^fXf!F(f8#gmjXN5?d z6xC=hWYpbCxAoLL2AeQPpURM2kY>#ibC5}7MEha z%L_<(d2yY;+Hw|u_&JHchubgTi(6oYro5lZW^v)9K?JyhW|7b?#T;^k!1iXy{K5Bi zrV4Q~=6hA+ZCT?U4rb_mtKQlVcS$sn9J@peUFzBN9xPpJAIL?wc%8^4@D#E<%~dR; z(ku0=rULq_k$HLlET1$)fjKg6Ynb^uSyfB{L2v;`iwtW?LCK)E5RR~GSa!`r8ojUn z&HQQ%ph$Jz78(d)BqQS^hHFE$&cnAbx4OyaJ6xgeSji#yIVd%j1RGQm2HU@~yjUse z&1n)zNi6qWa3oodkA#E_?*Z6GA#skGXQfGYwT3Hcw&oo{F`13Z_%9%o93`T6Ca}7F zgr<7ej}6Sj9-6NzdC60PBakFJsvKY;ezFwWNVexoDgy+!&&&d#>pVi-(>) zBuDv2Z=4EY%y11N#35>isW+&%h*5%6;an}`kGd7@Lg`>k@aDvX^H{wuS!aV-8h2c0 zN6AqKwp;7?;P4S@6QYP!jK<@`<`m+{r@+C%i%7BDMg4dgyMnFM!jL#=<|%nT=H^|Rn|YgQz)op# zIJg~@=jv>N;B85^ib|BX+8(Zc{uVZxt>}6E#VG?A60&@re@31uVMwU5syPRwgj5?^ zoEeA(HMpFjWgI9qg!Het!11>7Si_a!bg)3XiG3mGRQtIKW7~Y5 zllvt@+szQC>#4hH9sE}{Q(NyWz1Incd1HQ5@-w`f7Z!DZrT!rHrKIT-6u{!EoQLv9 z;+S;dP2EswtfsT@IZ6rWbqB84t8am=6bL*p^JtRpJf=Z(Q75H!|6>JlOe4^7KrhqM zEYQqHv55s2OveEYYTcrcippmp`juCkX}Ay42Y*+IwC{Fosw^ZaLa4^o(}pry>*!D527d}4^&9L_Z<=?!*>^D`0#C?vtfwSN($YRBq>~pq z;H2XbVR+n+nf1v`67fCaJN!JLB>K`%P=EW!vzp7FNn?|$q-Plc@aYcibI|S+nx(;C zM1uUjU6*_FzK-fuvTaR@AVJgzmKPoZ53MM_P*_wBSq=W@R&bE%>t$4~(Z@L{<>b0i zBS{t-LA9wx_njB~&$?o268h;C=C4AT5Dy@%k;X;Lf>1+*JfzpLm&b3gCdU=s1yW}z zFk!GOp%#i)HL*!|3cKPokYp(gj;@Ju+?EK-g$1QF?d|ceU#DoY4%yRGKUBTINf52F`5S`r!tA7_+-?hfL z+|>+!o%-v}p|aJb46VD2e0EUo^=tlp8d71TY)A%12yvGe%Q9eHpP67e=)8i;c_CD% zX{VrO0=bARnarqrL`otem6P7K)=uXJ4JIQZk4(~ySzq*BuwinK@aJx!XH5L=gAZgR z4bvuBd1jhhfv)o~BKdLw+ToFdW3{i1Eb8J-#xyT!$rZJ%{^875N zzsrfEJ@RVf&z_+#c3?|N7+W;ZlM59e3DG$n85i7t{xgW2=OSVl$`PiZxK*9N)Lez4 z`&l0@?BmtF61U-;gTGcyv2*|6QlU$61^fi@*SmesiZ*2ud{axT`W;KBS(>UhnbTe1 z!Ypi;9R^`W8~ns=$1m}*2;}iEV0mQD0}UksD05)NROADWlcRoHS-9bTcOMP{rh8+G{4 zMYU-a0U=k%xZc~>mBRSX@H9MTy4cfDl+B+>H5cb(GhVi3Ap6u#Em>ewVL&N6Ozu_o zpwuIce7(0zYCydh?OX0Wy@S`yaB<=o`4@z!)+zw}ZC30R5$Rg&RXU0FQKfhBPCf%N zE4FEN2_*ETB8@wpUu~ET-K^@UL{;27Ii8rSD91ZRo<+VTfFs@?OaI^)0K7N{9Qf#q z&3BIYF{^}BC`U<5-hGCr;POL z7QY~Zs+l5cdoI-t%0T^ww=YinH!IVzZ$w^E(vl@yUY&|xbP1@zL)(}{q$S3fsf z2v1MPING0JB2wwRq8VL#g%;triJ_N7}?L#!3KTd z?N_^w-@S4c=oZiBGs_?rgvKtpr;wiq$};iw!M5t|EX91x^H%#q!I_jRn+2 z0{o98vT9~zgxY;n|JLAm_*#qGDmg^^e?RL9e>joMkdi{%=!{4Y_syk?=U((BoPR_`Jh){l0 z*jLva--~_cj0&|n-oWN;Bn`NmnNgIm4FOkykn_={f$#$eNi!>isJgVb5R+OdKcps) zEdXAic!+cV3- zz1%^Vy2bt45;0}~`@OGix+zJRy)Sjis0H==t_@tN)&I#KfrF9JRB89PBl`f-0&QmC z3Uxi0y+8^Qi8zmWWQnbWDXF6alhyZeFbH5-elLim>Tuk8dq5ws-QVzWF7-sJX`QK= zB{b%x@>~QdA_U8@1yTjLuqkW7lh}9^t&3joWrV8T6*YVpOn<@ECIdD3mlw2!R?d89WT|_}5qezAb{9*p| z0%Eq!yyv<2M6vb~o`pb|dbLo1RrC_1LD#YwnFi+;DD+LVy_RzZFBsf zm5rbz{nY8YNf)OsX!hKo3i!oR*hi~KD$0e$yS^_iCG?f+J2>vcbz&^PJU5KG6eT0o z(VjMcqrX+i#1D}2lW#HZ7TPw;I8=iO2Kg}nO9SKBTpVg{4p2J+T0Q}NYLYkS|80rC zkOjttgzyrY3lsx9(RfkXLK8u>A_N(8%4GYTH)uvg+-nwrYWLTMoQWO8-vzp@%9tCB zV$qiE%<(0p*SP;^Us8PSIewnf?z@|SE- zZR3D>Uy}LX-Wfue6|lUn??;a!swwLtg&}blv2%uV#;UGjPDWIx`|^UAD{v90Ak?p` z_Yl8GdKZ8uVGZ9)0O|33CHg@(Ln_L( zwbi$CH>IdOOCZFTA`%z?OE-@i8X)#;fA<07eZo_;xW@PR>!aeKeXJx{5;gb|<9wZj z8X;e)7BFHel18w9o+_!v$&9oJSuT%h$rP?|A6xuC|CxLkpLI;>~k4V zA!7YIfVxRUD^GfoI4uIM=@%l!FZ{DLc+iOWGy)MAh~`{-z*Vu{K0@~AO z`r~>=YU~0C2-O3n#!U6P#|4Cw0A@|5`~FS$8EZ>GtPiwZ$&L2@1zhehiqwh_7XwLz zkNdOX;qCyd`%d!W{-1cZU!qoyjI7u7yfiM-SIhredBvymNa>%`2@7plD{t~3 zMB<-VzvDB~W8~1+`L|?`VaE1_m~lc4v_Qio*kE_%RbGn`c1#gsG9Z19Pfc+dQa>Y?qPg(|=`eFe) zl4_g4#+4%vlrc|DW7WiQYL6QUrVf^<-UIB=&Z94kcqah>>z?xjsh0#TjwCc1gjdc3 z2_yZs`_^v&_#Fu3318E(%fK+_Uj7+!5UgV2Pv%nj+;XySO^}_CYdK?ESY&f8f)KtU za5vmy6afxKltB9emXW_h@*F`$9SpbqnLnmgh6KsfIc1=95&~2abY5Od;Zd)CoB(up zeTu99J)e)HTST9$7eu}}NTN?a5>j9%QHx2Q(X7`huU@lyw)%oab}Wk!yfPvKF#V0= zW3V|WhW`!?AqZUp!iFk3MI6kdn!wTj`f1`N!xi4ltb>u8h zaJu~yob0a*AD=7Em>abu+}ex`0Q8;!7kCULO^1QP!%c40z*-P{0P?HT9RaNYqD+DT z+D1eF!bN&8W9q^pfrw$)pJ^LR(6BOUE3x{wUGe~PAinp^**HQIVT6#>|FS~>9pATc z3fkaOeJ*hHGAR|r{4*RC2r^^x7fb&1>`OurYL)rk-k)0tCB7ujbarzx|U+ z2VQNw;8`Q#Pjm<2@u>chr+){Ag&o|JgtUC~&oEmN;%tHrB~pJ!{aGxy>-TX3et@17 zR1>0g5+Uw&e{K^`i0bhTltYm5MI-wAC7iSN3L6-B1!X)P*cjgQ;f&FAfB&;^i4)6LIy(GqjzLfGSN-x8_=)1yqTCmjKK}D`Ig9YM6nAmih>R>5r-6E{AiTy9%b_qV{ zZ`o@MV8UfRLdHErgGu>-5Ly?sw)Y<*1J5xqHsuCyuuAyPT(~(YxH3ZqOj1D)HM+Mj za8nktn*jt97#TN8*o*(4|2o2T6!Bj!!2i2D{r$Dx&sS(YGmZLp_Mui`%wG~QT6B=I z>8hw#U*4EqQwD@uySbkYP&jaSwer?1*b`K{;D3AUpJ<&VyNt*ph+65O^FQ}G~2x3lfsSvnRW4VgW06oV=-FMVRG~5hVCmG zG#_H_ldCYU@F$(1ete(MS^Z!b=yaaIVF`@ZCqn=K5PE+%f=SRy=Q-tjBGA!tGKJ5L zGYB2}%<7y7+&Bz;%*Zzs)PFzp{ISUZ_-i=v{%r_)f^Z+s;U9^hv#r35(iB`SoPxpm zl&wqJ{}(B^YDi5ipDyxA4(u=mf5&J!G7!kz8aIqs-6#BBAm*dYdqT2BwS2LV09ic2 z0b8iOYztaw%J$=jM=@dlE_wK+A%Pow<5Zv8BTV+5FdgJ%UCz;gO2wMuo96PM;}o2W z&LRpF32*n8K|yO2e0HI;`lR`%jh~5jBf!h?Xk7)l60Z8S6kyJRq;&wIAR2v6GU7#k z{@5+v@3xr5$x*pAmXCB_f9>|rzioN&=$&2gqV1$hRQc$g2M_#b!fZK1!*_)DKepz- zruZP`t|@KfcJIi;QN79AeC%fDu5<6(o7|JHs}!!SWu@=OS22Ruu8r?8r-$^JnbKby z=E7)E5n4`i@x31w1V1-<@C|et`^_0OoV#t3`;#;3)j7d?BeN%S{FB@DM>raW*_&?_ zw;tB*bVSo^Bqmfa6gp(Kyj@d^!B@O>uAkNXTz(;!EGEa{3)}n$UN%zvbKK*Lsb(7~!n|ItJpK+NIa?uzRFgq{+w#$RkHPvZu#{v zHyFRS-y!Zjv7GJUP=EYWV$$PjfM-vT{Kii9W-Xj@^M>vD*Yzv*Va~;OIVPmGsBKx%E==|iJrvaHL#gSt~?$5m{dHBq}o+c&Szy1;o9>lDU&?Aq|E zX8CsDuM1=3pDwh{1>;0@I@uY|S#RD=eY-ca1gnGw>Quau#MUy{hst1!R+m@miYH6@ zPron;{_M3>2W)Y`8^0Aaa2>)zuzDkP@($=PU&zo}hIi&s9Pk8PvhYh0m%X03U7b#`M47Bq#C*5KOzlh)?{z^8 zdn^q`v_kFnqJ6kh|KiWs-(GL)ab4R!+uj{rP)YuLcK6u)z^Z$4zZtD%8Iu+9okmf{ zk7a(9&kYoptEv4`;oLnI58U`@rt`X@^^xO-;<#vkYy$DMS-<*-FHep(cr;e}2Onil zIaFx+W_s4F+^?H&be~XHvU35{=`veEpLh8^e$~%fsJ33=o>;y&uv|zAEQ^AdikP;~ zU>kS4O7Ib(U`wJV@z+)r6*P%_38Q@zXw?Wo@R+(XsJq`4x-wFszwEFuyvF`NVAXe8Db`p4!RaY zLk@?Jm^%8mF+RG@Cnc{sgELMO!>12VF7uyCPr-WBgj!`fuHD*Mdu506(KuNU581B! zu+iR|PnRE}e7%|7#!^jb!TYMCC4Qx!gCT`CHGg~b2!3ZRmqDZ2dXtN%girsW_f+5A zjlh?Ncf%T9dwwY?p;|`h<%z~s9lE?9zP*xJ%GtJa!t@tGw=V`QH!u0B;0-q>=r2># zqKF&CSxpvP^%u5ZvGYI_95302@4n*p{|Gy}^*a(~cg=IUW1`l>>u9|tiaTue!euN| z-f7sfL{s=u`u>pP(~h6??{Spgba3lU(eIx;PiprRx9Y-Rcq#psUGaPX zLXwzTN>hHE?b*8bu&z^4-7{(AJZ_6#RUMn=eKXXXGXIXY{(L%%)g7jUG$YMZF;w8^ zfeM`_MRLp60b7W|qD}S^a(F7RCz)Q+04t9=5}eiA4pMHy&xG{TD5ts0%v~N2ZJyN- zgCvGodvgpLcIBn5{15itGOo(5dlywiK#&j-q(QnBrBj-PQc8DAOG`_)z@nsEM7p~{ z8U&Hf<7!`0` z72Ur0x{%r)`f+Y<5VR_Fm>10EniWJ;86qrECNK$7tx$JfQiKMz9eVPdoy!OCv-w&y z94re^GBe|Ay2;W{Nqg4zXuDs_ZoS;!r?Gl06Aa&6joT$!@@Cz9$P2C;+@S_{P%5A^ zsrYFd&~2eou){*_+82xnvVBA|?{+e`TN!n0Um@VK#xZJFhH2TpG&ue!N6R97+9L*Y zTyHB|?7?#5Ex9b(N!3Na@##>G&N$W;sri`Zr{I(EPYsNVUrZ>q8X7LoFin^%r|o?{ zeoq=U&fKy5_1VL*|9;N+Hu>84tYq>NelBZ4=Wv0`ks}$f(SEb`F2`@bfG&mD z@##wg7#WF^O^Y6auc)qhR4Y%W`mM!$OO9{bY2cSpmP9{|+Q}+Q(x1&d5%*-dg-En> zwCd?T#o*9Y>9{u{xSdjV*w1}Gen*treZlaiZCvEWrY}FgR~i)#z58{YDK4{)0`u)Z z28;M_vp&8X_pPG!cQiq8cV6Buw150f;K$^1ySI5%U>X%;xg`)@Oog(i;Lt{(Z&{#y z&u4z4vW5500GnLztF?Yu^fJkCIp)prk!B+2R>=N^$($^@r^n?Es?5mQT#lJxMeG*y z!4@k^oxkVRo{Cm>CQH-wZQ%gxbl=E3Mi3jyS)t`D8kkq^d)1^RgXL^D3LgJGl1tiD zN!kUm5lQ4%R^^&ca^?Q$IGo^cV-hiI#PIpvz3pS!(qQ$+uaO_#?P> zltsp6MuVZ9pjNi#JI(y*`3HjVFoV`6&#xy2`#(Qc3nePXT^RkAYup4C$51OPGI1ws z?<^-5#P)Q04R0a?>Xw!&8-{tDJ9zEro+`QIpoW{MPA81WjL=g5@TD_gKRqmi8%O`$ zD+*ah)oIeZesg_^nb`DkRxzwfy~h1qYfFjOUnsF)4aYj4izs>+ni|9}nCj1%Zw`D^IhI$GcT z9kGn8w2ygZ&mi<@*Z+Kb3VXYMP)8jW_)4oJhC?g8fjm+ ze$Q!$q~T0ftZcgbpo-H7f#|=CssaJ4!q6?5Lk(P9niZ3G{ojp2cbfgASGzaZ)n+}d zC)9Vv=~k|vNn5F&cVba7N{r`+Bh5vH++*^4uA=+*Y_VSmzOUI^l@F$M*0yQQLgWab=OA?~nu%s)Rd1&c;h}(sZGR-=+fZ<|8t!6zQR)$p@;V|~{lens z)#+^9lEtp~gx>m8{>$b{ZIdy@L9#yHO zpgghG;5$BWh%P9deJIRW!uZdjc`iE8){%!)0TZd8&OFS=(;|0K~o-?)}3Q&bYt=lip5leG6EL;9-ElUa^_-KY2nA52l2KJQ>e^Fdd_SE zohGT<`RE!Wu^TBS;D(XBb5afR^>|7^mgTi9dvgrnz&;ACANYpm1+2v5tPSXPUtg(Y zv>VG++?_G6GS`y%eyn<*YJc6gXgiK}2V4axM@dP3HJp-q{N2H-BIQKY{fhrYk-xw3 zu>0}pMQG5dNwSvZlmiOhU^DC^HR$&buQ1i1{r&i0xDmmdN3RRAy(l$8h#cVbxilUw z`Rve5j-up%2A7bA+mo%z!^3`y&M>SlYZLKbm+Mt~<>a0Trdt(zR<4$gVvj<<+XsN$ zxwi6mm!GgS@Nl@NopkgvxxtD2C1l5A{&MwBsbRODLOE2wrDJZ}*n9Bht&Mtu!|Sde zTf3ZXahsFbGKO;b2LV�g% zGk>fq4%JY{?v@cIG0EQhs$9oI%}}GTrp&>j#LQGDvq(?##R4N>hTX%K$l16Z7)fF3#Qh z7!K7+Jr6!M;jIt?w(_wYev?#LPp;$9!U>|&KYigeFx$^SR2xh9{bPWfjX)?`|If&WFig2}Oo;R`uV#tDF=V)Hq-uxl)e@B+^ZM8N52^zHcc z{W4LuM8}B%5B2@b2B8z9AUMf9s{;HU&L44pV1_Ap%Rl z^0a<$CmWl*Y(mJLfY+*0-&~^z5lcfO`)%O5Yxc_4txHnGv{ob!CwA1(ZxsqT;6Oon z7Wjdjl>qjj(p;diY7zlI!b@D}-J$=?+p_2nW(6--3xu}`n3D)RDtZoC^55k-6uj## ztW?Zglu6+=X|cGvp2D{12@O*6{-MzJ#KPx`fGBqY0l4Z@K=;4y`v7`xw_tb`t*4$` z!*yeSd{y&grDjLvPUDw?8RtLV6FxTtEb11Cg;UN!f^#?fGKnvaB)5hOvkPX^m1aAs z6yQ#Qe_j**Z7|h0pru&*;b4$+V{2^3r-;_K$+g9GIK5+Xw9?eXyiz~$8ml;A)MNnh zv+-u(<<(&ww&m*dh7t!cb6rxwRAXI1!{)c2b4%dNJRfA|STYsVU^)PcYMGmZ>SVj$ zqN9e{D+O{@725{{a}P4B7mg9zUmL0_fRg$I;aGTaqei}Y-SN%bt}<&_#h{vJSx~BM z+1M^`C($ca&R2->BkQR`x>;Rw`wvD-d)&S192z`vTHh=H1@#_Io)0@%v{E-o00xLp zgGU4dWrIyu&5hTmqKOAfBiSe;`q`DE_8p_6`q`Y7J;5wKD%pBI5PFKqjGZ- z`89KsPIiqY^bVGbHSo;pidv1@M=?JdEgZ+p$ink zN3&%J>ee$t6c;0~<+_jeOf(XAyjP2+=^5RE>^;Ub+PK_Mq zr5To`xAJ^0MV3BN-I6>vhn^ETI_~D!+Je-9xCGRQD+|LjEtl$oa*-uB`?~juHTd9M zgNKo1l6xVk=dZh!y_HkUf9AdubWW6p5lnuztQ&Ljph`{F<#hdlxjx%CYPtTJ@<01S zG43;O#H6Pgk&HI`!YwzQ$S1kV8jCxcm|+tewwOdyu&~6*o?fns7-BBWXMW`T1ekG_ zA25lT39Qc4%hydbsz2$Sw-Ec>Sui=hCbt-n6Bs0S94pPgI*^lsr>qll3%6J^TcmmmWC&nUR|)z!oGIB(}LwsO+@ns@OB>FTuFI z`Ko0%_`9Wz{rLNgMVI!JYUT>jB*E{-D)U|U$xF+ULeir(*Bvh*a?`|usR^_W-o4cT z%f3AF@mWOeRM6E)1?Jc$&ZL9F;eL$d6qUhTxmV7#h0mo!6(1Y-c&zockcww5r$obk zWf;j-td_$tg@)dRj?=x)rlX*lkGC%!5vErtdNI=774+$Yh3-z})+Phxl?56TIs^Rf z4{U(x2PwVJ8UGvi#7m#h$b_!O=~%4RZ*aPw#&P9P}$He zNVG?r1%?uze+lw0^g=Txng93>BbgU;nQ65z-k_JQsU86ofMo)s+yZgiJ2&f+4HB(? zb;t_oqHdMUnvIscwKE?teqDS&T>~xjcOj{jrTVLqD>i}F%IS{|Q-^82+gsM2#Z4&! zaHSbW)<+Meib zsc&^g|IpHGnbRJhXOQC$4Z{l@np?6fa=!hMm)lq59>w_m32J$({Xg1+07XF4A^48fhAC>J~0O#5^;E}3= z?xFFoEkdVxDtDvWEXFi$)GS@SmRY~TmFU9*U>%s`r5e_J9&>Z*RSvup;98yK?>QZd z&YdF-J_}uP*K0o~i@3*yRpDf{U8C#cy!@xj=VulH28Ec<3~Kx_Es_OpKTs73{&bu% zTiSPC5bvd5HU^NaUGus*tRJ1NHR&hxp~I7SA666>$5iD)Sc3kpL9nSF%mUz-5Gg-Y@NVjcGbz|^2K<5Kn!%3v2U3<*wL}r}- zfr&bWhQaLlq({Pu=(ljg_j?O;sg=2NZts+;hHQH$GCD#4iY%#Cq)jXnZRnf9_yhwa zJ{J|f!1@kY)<(hB(L`-RBF^`FNPsdUM$2U*8yvt$4b?CmD@=AroD^|=rI4ru;^NSy zHOnxL(PB4W>xSzAy3^HVHg8nq!#$(JXw#Od7EDcFqmGQ_zAedd*HpJBt$DFpr(=nw zg4frHIHgZQ;6ZJy#jAPwhC=en&4z20Z6C9-L0LGbo|1z2p!UY^~CE zzp|V$s$XyqX7I zyc9r)qz1YyIPZg9DG^4*LMh>f20YhENO0C)(=q%lkw&c{J11weWk#`D z-(aEVX+TPwJ)Du?0W@eF|C>RZ2!`LihvGY1*l;>IPbeJ=;^o;#d(DcPu=8GpO0!<2 z?WuU7$?U4zDY8#yBHUvovzt4ul!q)_ssg?$i2bGd`6rb1!AHc??Hu!2#FjoBQ>cUO zojS7E3mUAjubqFKgpBBP5T6BH`b$Rb+WxdTv`K2Zsl?DNe-)ZDNR_+tcrfTsZgD2M z=j)_2hJwIRcig}4ue`#p6g`_|`Xm9*9v1Jet`e%m2d1!< zUuhUfl~T)=Gg#hV>xf198PC_a4W(E8>_k}uT@r3Rka$~WS@JsWWA9X}c!=mz-EY~A zQ31xh1NyljZtBSVZ^skRD>$M}z*G(?0Z;ah=fGTBftohONmZ(6#Ll#9+kRfJ)ooR> zLz|D|P{hnmlBm;zHCadg)5#x~0$l2CWR13g6&IeT1IW`oxgkp-zjT$Q6@S7W(4;@~ zJE!-f@BfCvF5@2|&u%Cc3ocyreFB#8GLeWuBQx9CpC5ZDgwwNNKT%5sDA5LlmDnJZT-vT$98QQ zU+Tz>za*y&&=e-or@>yC?bJ?L7!W(zbknEg>Qp`K|FahsouynV0aFaIW*xK2qK?Zp zH+YGRD@>uSh?|%DJ`#6wCGE;7&m$IGLKLZFRO(TC<86fS4^uSjWx>FziZXm8UN91? zfrhU4Risn`t2T-&tNOvCkRLv6m#!7-4QjJ7&)t`ZsA%*eVb{EK;=km2E+)o$SDGuU zs!`NQ?Bu;pwr9edZ1C$guuq~5uyPfC-R;8I^`pDUJo)!5K-6xNn5@}*lb0&Z87@S$ z&h&*oGuE!^jXDj=U71U%4KNbF?fe!g=|$T_z`8L4uIesIynm`Vyw)Q)T>Flgr+BuB zSTdJ>>sFJkK+b~739ISd>8ul*=~#YpUusoaTJGVKp57U3%xIJ_qUyofgu__P@e;}O zLK64uA={(oM#Ws)C}^IG0dLH z3gL*Br~HJG1+N%gPTwD18TAykIolZ(vDzN)t9dRVLx%3$7m(`Ob@v#s z4D>v1OO3E5V2$mR6r#<&h#gyWT`t)(dA=WV4P#rlqca zq#G2iPK^eLR3qz)~w>1dTR4c zl-op|XZbc!Qe2HqG~M|em*Oc+R=sxD*>qBd9dWX8IQ@9Ad&z)|?c8Hk<7M`o17c-m zgRNUxLww-YFpK)&0{n1(s{YnrSoWE27WGxTSr)ZBdx#k9Ti=a{x)uUlZR1A!nOC-2 z^L&tc<^5P;Zd*~r645pr(Mg#6NWkbUla=CP6qe_*$DzC+ogqh|mjS9aebgMHzH2%C z>V59Il=RlOla+6UIn_tcOW*i>nW{-3NzLMz7&Sd z1P6p=L-us#O4d&Ij^QtZGwGNgO3T5lDpGl;1QRt--+vwJxgy+s z@s%Q6F#f*ugPtqrD*g@4loaw`N{-`|q0_h1iR>FQgUgvFRuMkt@1I~^X%-oCthM@W zjlO$q%rmTb>ba1+R1&@ZAp}MSGkjhUwQei-Hc83w@E7lua^$_qV+SBowc?p8cCq- z`g$^H{9CiTOaZMRgIfK^5__|Wn$OXiLnp9YcX>;d!Ja+kp71=+=p&aTrZ^qXni}gT zo(aB-af{O>a1owmc+_s5KJuYx~ z)}sAw#RIrU@OQavPQ>dn-UMKNc%r4Ix7+vQ4UXCI7*}d0vyBpYLIffk(8UBUY9wT5} z@~yi9Z`HOYHG|su9}%9lV>?oY_>)oQwZ@b2^-gqfpiw=6!;CdE=SwUC`#a$yZtzSK zL4}Y=__CfU2O$!V-{(m9_T!vL_;EM06pVs+>>(Kyxqw~f`%_$JZN5*Tp-I;%eXi+6 z9}5j8dN>p-E-DmVQ+sx&QKb11{B$^hG)x}0g~}z-i09p+lr#yF0qYu>b6+(K59Oz; z++?K7?;$)6e;uc%B*lVo^(8ZfVWQf`;4a}pGhkiarqCOVwy#-s%XQE#5J@H!a;dN1 z9|<{J#|ZEG`IdNPujwY1O%NfnNv5t+IqAYw^TU-b_ubhYLN2qUX^v~wiK^Ac;Vo}% z+x>J@nJK%;9-YJ+T+QZKHZ9f)?0nLrHxFXtf(+YEk`7;Y-B_$UYl9d|TN{Dmw3#sz8}$08#VSyF|U<=(LfTN z+_Zh=yqVJb!(U;EH;iJi4?@cSqf4lUs=mo4GXm0M2h?dwD)rU~ToEL4+fVM2&pEBe z*R5EzzLoPa*`98!b-gPJjYz04?_pwVe0I;eQA6AHR*B(VW$4HKdYQz+QtL2xqdwxy znT4aZR5xuh^3&?jr02upcd0T)*~~p7>-^^!ayWPj}Np`PCW*RNlJ&$_e4?B)Xe8!{G23e*4R$`@>mRGXuOw-DU2En^!s#Z^?cbZpC}7)!99dR_zx3 z9pGZC&JL#6FUt(MN_onZ?6}wrLCd!HUwqQE+OQu0G?^9+0v6?o>qo+>OI z0lzO3+oRGOyN35=gY3M%+OH-f@Rb z&I-Ik=RHuON5mjqAPmMCe@?S-MoOAhX6&ai8ue!oJdm4vqcp;zmxI#mEWU#EE0a7G zO>PHQoH>^wymz>wgb?Wg1@N)E`-jWQR5Z@d)=7xJMZ!nWM?eJ+`d2^&mrLy}E&PR% z&_E;Z)brQ;k&;e9c-GEH(~>OK|C1QXv@4P}HP2uE3Xvq|6i)v^p*t}hhJda!uBf-s*Q zJ^I>oO^~Zl_O1MbVv}kzsgUKD>k1Dh)6w<7>Rocr*K|CHFdmzks4xPy8=J<^ug>Ay zs)gRK1k&6&u_y}#;+a)CM*Mf*vyy{5J)sj1@)teHsb^aevZUVd|HAd zg~AZuw9cotzvEPrP`ZcdmGw;CplBw0b+(QmPnL?NM6b@l&B;k&385kFw{sTgE*h&{ zaye$ij_7?+c*d1-s2ls`nO&`A7PXzBp1=!ac4$RUNb@Ch`wehs39LR|BQ!iO;B(`@ zMYXCc87snG75si(Ib(b^&Sf<5q{;eR>6;s;A}6AvMY9S{%|}HejWqn@1+pzBD5r*Y zXgR!7O8W3c1<^}#@WO)O@%2@kVM|YV_B1D-R2xyhQBLWTwwbT@RS?&mjPW(P-uYAe zAtT@Ii*&08qvW@^AY`=Oy;%F{a0oQV z3=iaVYKYBLctp&0JXEU_U!MP9Yjl-cWl3Fesa|9Kll|6*OwoADmT-D$dm{lXK_X*L zMsTEQ_JEeCGMxOMJ09Kqp?^tjV{9(1rLAXv=y-``R zgRkwIuybdhAv`01CH|r17 zt~%v*jRz7&#&>XXmD80aQn?nUyWoFxy1bv*%}hM%`C{Z0`EDzP$~Cr#Pzc9SG7^NR zk_Y-|PmvxydakJd7~FD^fay~j&aFKIe+08Bb#)(KETL=GCc$+Iy|Y;L>+B!HRlUj6q!Znf`y8SmRR13IJn* z4h@O!S&-C5K@Y5dW)n8^12Zf%OB44Q=+Zl-9C~PmRNyhC3T7KSWnj6tXjx!{0$zYK zp$2xxF$qqFrhQ<7y>Ue7=(m#gDo0pWGHU$_$_T{p747wZyJfUPeyc9%ac-1*wc}Yd z#_(vuv#Rz>gsL<-C}TLFqQVf(@Cj5tOp|6<4YG|o4)siGFl|I-M-jUF zM7tpnxVbe>n_A552JNF5qQZtZ87rkaD`vy_Lyv4)Ufg)g+FladE!K9j;Iot`y zn6^giy$stzPaBG8i!5Fw35*@qh_h?=DOI^3+N~m09?T~MhEcYx*8m(11(+EjRdDD| zmp6^fN}kcJQ+U_-7xm7EUer|b?%|AzAV)>F8rRRFW>$36YJ^sbIyBZxoXGlMZfpM* zNU00#qFb~XxL0v`g6(5aTn&Q?aSUa|bI>Qa{=XQXBR{+=nsx`g!AbbgD+4m2m+d&u zk)MIG+G+j&4-05!rr|_==oJC_^}&N^En~E0Vo?6!+eJ=o5QwB`kibfXrdHXB6;z9w zAnSv{b7VzmlE(XNrbL9~FFXs?+*;iF9(E9TH9~m8$X~dT61+A?ZMDRK{Lt$?^nsXl z^_d#zYnl-mVJ$dPcfm6h@BC0Q1&wqL0k79TX~5*C2Cs@B8O0GIUHA(#N=Y~BeSnI% zE7~mC%w9X?_8d6_j9|NQ0BD<-7{x?ZyDsP7w?V7HrznWP_bsfRBKbqn^Pd0bzg+-+ z$!CDpF({lD*oactJ$f!9z1s8B#TY#L??;xQui3uM;3N~JkcP|)H$pk=->>STwTpo< zcoVpdBuXI!`WT*STctq!&o`eU(LfOZE<7{&3b_;-2{j7pt&D%a8$kt1>wffl^7%tA zL&)?d0@dCBTPqwWhH`R26^H!YLjOPY0l$Q6p;Z@aRspFfMKAQH5mMPM=mWtCctPPtQW%c7qB7L-5cm5HzbKNbkQ-+zR2xz0 z_|S_Pve?)MeYNKQzHRsd)TdPS)2M?eMGVxvz?!Q5?IK;YbEvQj$k_i0f^GkO;xLp+ z+EZHYJVjCiLkeep{MBLX-?zK;L46EM_Vc%ZsX*fbvoEj$7W<#p?nCZy)B^tfpYHIt z1G6wdJ2yloCto0!K7^V~`+TeL-wH)^Kx3xApf-m2U(5aPn9W1>x9S5vEe6aY=CBmzvYR74l*RD-mgYjKNwfv@Bfk&0Mju z&Hv$P&|J?+{(lYk|I~2%aK|rCwv0B0vr9i6=$|E~+OG6;d*8=k&&wPo1|vfM2pJI6 zQ34)~s2@ssunMz3)7YMI0P7UHGzcR?I)EamcKf!AD1{sp3<$k%mcoS$m%Adth3{0U z7)B*@4{-Au`>g88-{HmcTIr4J1>oTHpwpZ?-L)s+sD$OnCT9U486}!BVh9@V4+pAi z553@!yLRgpu`~gKS$4A#`i;?o#BIQyPBTZj#kQ6Bdp9LO3<{~w~yTxn@M2ALC z=6I8YpfbqSrlc^vszIG_2{fe}&H*_kT(8Z)8?Zz$Sx!~HHJee62W5c8$RPhw=se0~ zrX==+ehACqV`O3n3CMIaI}DOvBEztNLDBdK2rj5-Im9G6%{nXAIqtwWd@IaAT;K_6 z2IPmd;X*gnfaYF6vC?89i6j$~(G_y3hSIVWVk8D}&&?#s zanK!I#K?d%1V$+6R;~8tP-1c71;{2RDCxGcDI**q*CMqglC&?%97yb#wY4>MeRtpw|2`X#s9Le&NO_rGzbJj@0nEMb-r$_uQP}%@)fa_4kCiKLsu$y<^tQt7lZEKc zfGn%G%vSjD}W*7 zao_`w)dPIIW+1LM#n4>k?wjW!S|D$v|J)9nKCRvH$hj7Vw;6_*!+t zX=E4HLgjevI-q?Tv?&)rsN4mPd(2N?%EwY-0^X3QEexo4Is82l5Z$VeSNY?GoHUN0nEelHGtK488G!SPzaRlhpoAKYHlccAb4tS zZ?5WghrO*-!1rb1op{BR?bw&r)&qo$$nE%(Z30yN6iTY#^ZX{9G7>h^j~=uxMP03d4qF*OuGQXC~G z#@++Mo2GjxCe33SMY|fYO(uia7wxwD?T_WUN;=85qV4t%FqT)qpLWzeDqkmFdjjiD zIt*sVumbGY-?xO2y*w#2pd+kyC4%0Sb+Zy@d7*_@{iVD4TwZ2cO^RO8;<#uh2{03U<-9!^fu1 z2)j{FwM&Mc3LuaW@h$$2>M)SRvm38gW*kOUUVa3aHwjuD0dY{w#_t@y3&oLVXP`vB zt+(~#wB;WIyVi#?LG2iA0W~d+dd!S98nrJ7Qoi$LiI`r~P*8O-3{fm!OL65jVvQ`d z-xwAd4Pt9NZ)G?(EBJKO&*fLfL@z)eMjy1Dktvq0DF~>fc3(!n!P^5qs8ZN;<8nrd z&f3Gw_e0YMkko{TBi|1tHNj_C`R7rQp5Pqd=ugwuiq0v>jS1 zBcCW`a5N2jNt%tY4?F4=yfYl$HSINW00O1-B28@5We+^3%l!NI1rqA#T=xV5IG&0= z1k~9Bfwo~{ux1qVM^9f`qdt5(A85(E?Z%{3zJ^C29LP8L&|r-W&mHYs_zu|hU0mfD zd;Rr-n1J`PjUb7IG-#M9V~faI~hRp%1VWOq@1u+ZyA)JEYr*-PI*+$W+(QhA>XlzW zIoa0FHlP%%yKU23oOJOr;NPFBj5vs>j7Q=O%Bz)4}U0CvZ%43URC|3NLIi;kYqW zYtqGd-q@p0x)hkV!Ny4!-GbR3>g0K`&d zQ!U~)h9>wc5y_t%3=}&E%`vl(nb3ln>*{Xq>TR}ngzPCGSENaaQ_*aH`pwz%id9*a zZ6uk2+gRx#C7VY}&u7IzzS!ER0|CA*dfSMvQtm6lFN2>g<@_>XenGN%5~C9BzB#;A zZdvRDROTtHHi>c^UeI=tQtNg_P!?h>e=ZGi2;hv~|BPK7(14}rtr)`p(P6ljA`<6K zz8DU3Mev8z$QKt@#S#m(+34JJ@8$q&`Z}xlYe~Xyw>ZRx--Ee!O?8PZ>qA8gxL`2v z(sp>3Z|q)#WrRg;66F9;g`G4;EpU(HkKxKP9L-ld{4FQ+M71)bn?nlrvGX25)5l_R z?|YPt=ylJtkSBCIyqOhMMJMj)-mD`cTr_L1FMbTNvfmH+RPxq-XWnC#*yMXY$hV;+ z2QD@@$%)JkrK=l{ud4c zH!kjJ8ly#pWQ1Q~h@synz(BLoR7HA5YHvbE^vtW`j-pq#aHiz_&itWvtLg<5lSi++ zH5%P&%5ZUNV`rSAT^!F!M(3@(MS>F5vl>OxTIq|Dh`qjEz_{I)JRRq4TD*%t(u!z> zjwpH`_TROO=G_;=di|_rw;B%rROlmij*Qw7d&D;q@Z`R2=LPcQJ9zfdXVR+&k7>Ct zK9klh%%d_)0d*Jjv`!afe>2iH5$``pTax7m8SnEJ`$zy^X3|&GF7)2c-MT&PE>b2b z*!sO#VrEWVH0jedzf&&yy+t_g>SOnx=I6 zRe#h=)}Iw2dO+K3mt*y%3#-QF3$ltB`trjnJ~YlbaAY*Y9QDlSE_<;)S~LX3z;NBo zrvTmV-&GNJE;Wru7Ny&o4WR--E+F};Bh`qeMMDelP@q>zm!K3s_<0h1?>7!{G!qbb zwDqC6ZxqZcpCv1VIQ~9VWgkE!9+T{@>BQ~Y!t+=l3v+T4=D+AKgBQ%jH&u@LNN

    *+C=tzxRK^$2yy)hl?2*N_Yidruu#RT( z0}_eup0REt;X@^{45Tot-WOC~fBUg(m%tL(;Oyja0{4a;wR4p&N1-4*sKg(ESdu52 zm0B(9Hn}yj?|0*L5_W#nbP`g5yufB9uGxDHd1rfkY4Wh=5;M`LL!Zn5B<(i{&7IGZ z;PK_^+~4a-5@e&1DkIoGlok4&ol@r+Qc%`tPLF;4v)_B+RULnKXVi+WC%y(sa_$=v zV29m2B%@0}+9Pfs&-;z}zWNc8OP@%*Kwr%8&$QXqT8*iW>u-VI?;9CGOW9c4|Kv&x z%1M6Y!JRZoB;#dt9c(u^A*jR$_a}-WTvtBKaXD`vM>9-Y5BqWcGG=Xmc}!slICnO zBh2o|2(~I@rBr+mnAW76|5_3s5a?wAneg8Afr2>i0S|whr2LIN7k&mh+n9>p zF8sT2HoL6z!;@Cp?758KVWq#Kd6j?Ws3_f9pzA{cz+$BFzP3HvQZT^5+!6UNxzUFC z%LDkCzY>ZHS<)O>;sj~A;#^5+>hrpB%Ah5JV7hOQ@=Y*+@2IW8y`q(zgC9m~rSSq$mE_D-$ghJwW+3p@C;ooq$NeJD?Hn^KiHRTf*YA zYm=6@R^ZX*5oAKixfoeOah{ zKakfAnu7E9ZRZ3=3Qp4{`81+P=11SV%2AJ?@V=_}>MZK$p7v!}e6)~&tUeS9#VfS8 zR`xtf;R|iEFGV@V4MukTX$7BUvK613r|A_O#)0bK1Hpf8)pc0jAX)uaJTTrIRQqbo zn*tV@zXj(P^pX{yVH!Y?55_p_hoqOAehB+R0-*qG0P4PpH^1n#@lg6b38K;0j#lobKBU%?k-62xhZp#_7vK?$e(0GKR2%LjSLyIX^LsRJ)(;^ zczfWX$$LfOq#V%~nAUQk^W*&e9f->@;klLQt4P>4l?{vKKB4J)Zf?&zTo7K^?XUJ^ z5c}&%up=4)3J}a;W$4zxO&8^mm%Gi`2dL0ab#nuqEGmB+n|u$8FW8}m{dpMl@(J@A zc$IYUx$fQVd8NX7yLy|%-E}S7MDS>s^!QK}{}gcWQi^GU5sOMU3GPTaRtJfh{#UMf zD}Aipm`n{)Hz&@IY0IGdr)gF8x9O&gNh&A1`cf+mU7R5;olRDm0s6~Z4Lr08v=NQe4W4cQ8Shr5L zm~J>&bK|a0Xv2Kj*1xkV1$E$Fy_2zrU_g|>8+e>=0EEo_vfM({lg~wS`?W;n>hOw{ zo~NysdRi?2`kUw;FHvvOthh-M3Qf{R&=vzB$6PuNyU-b`W6=K@5?Sqr}~^dn4e4@qF3*Y4> zvLQg8?ICqp>{)^H#L?57d>v)Sh z^`*(*AI{agIk$i_(HMGWuDO`%M$9K{Q3cwyI0a`8=r??T-=C_2`|4jG)w5{wYPy7k zhnmsu!c4~xGr!@Otb2GD8unIVL_{f^bpm=XJ`?M|OJzb&e#m_{t+*4`%41)RTbut!R z;n2uO_oZL-yFJA!_qjE`jI#lT(u-imZMc(YhwYgLu` zbvMiMrY!C{QzK)3EkLsLJwYoiMYJsC0pF#=`WvOgBZ>KWMQa2y*LWV$X-w|RkOM*Y z{kx%%acj?U)!jCr=eC9&v=_n&?C1v~>h_pf{=W60%7@Rj8>_3iri6BTNYwh50E<3W zO7*QhfT~s@^;5LdHMwq&vjl;fvo#x}y~L3~&uiZK1rJMTagQy{D{ZLS1E5s5I6t^X zO|CK%kLUAWI`x2|2+DSS`QpN5eZt!skp*Zz;kPfN>QO1+@_9$P>`??d9Ht~m)c_jj z_xS)6_QKZ{aWQ`%(!I9U^xBTwGX27KUm+ike9{&Gd~&IkPVu5}-&uh zO)m&4ghAz_HeW4~Ca5O?Oi4QA8pb?G3C^vUC0?TTGU#(JlH6?LeCo2;FHQN-oX#_3 z8F`465a6u8h$=i5<-<*{I(7iNsWSJt-^>7N%z#PSwUpm}SCk7sdyv{OzxT&W2ljI% zXRrN@0ff9)_>f#|=IP=H@qE`mM(C^Y>Pg{&`V=MHuKp^X`CfCXP^X~w3k%7ImaWVI zmJpOq2U&2FJ%h=EFlSl9!|tF?J}A$%*X&tV85$4!ExNk;Q4!=`&L`5(%>v=G1X&nB z!%|M}+b4Whn|>~xE^(5B|GcEIiaxFv|wn?vn=@}2|fH;;hi41&}_N7=Gy`01#c9{hDLSugVj{&yM zw)hUpi#pFhyFNenKVxMG8@0dJss&)mksOmPOn8 zGJ!lX@3E+dfI-_0EM>#=8(c*kZkbAP5Rbf^4_;*75~rU#vZ$vWcqji_C~9;pOjK5R%#5 z&8H=GUTP=ne8(LV)kmj<@grC!W!Gg9+x*pX>yim4&(RQ z+H03q2->ue^lcc`{MJbjROlB(GR5v_8~7ADc5y#%zeoAfxA`Uh{v5=}R6w=&GeF5q zD<9>1@lQwhch0+lQ!`)5zRT+l4%S6$%Mnn$J4(stj4)0t4UfC${k#t{d_ZckEfVV) z4aafvEgt*o244~y&v5Rg(&UqGX4oY)rl*x=^`Ae;Zc{%+W8ns@SkSxrSzDtgr}*db zds?R+;9!i^!!`A5`+`1hE(zx8BmAoQo(zZ$UMt>v4X%g6L3^^>r(KHaq~_0a0p}t7 z_J`wnDdUWS-p9!=-VvK^N&;61{{nJ9c3%wGBlCKlVPWNO^PUJl;0k|&A17wzWgp%9 zS2%o#7b&x`u(&{a+Y8#AuS8DkeKGfIkmrlC_`rS6RMr!uqUCv zC{n09{iA395e6zG)ghbhzSm7PoW1)53wP!6(e zturAIxA|+Dd6yU9s0ZUX(_v4dN7Qb;26=6oV$Kg3u|rt{R7xN$;F_5Im@j{FH*3x* zm>3>QdYLZouCy(dtiZ?0%YKnkkVFuXo#2{l^_u;0b<6_Q=c$`5f6YNviQk(+!2y5+ zsfO0_>GbFJ(0$bT(AO_PQ!2>7^zWa6g!|8cmjnCg7lcRuArz>PU2XHw21(bkmI8wfQcsj6C-cdU zyFH(}MVj}>XgqjwHO%02QD@HeXZ)5ro59*qU}y(l_1DD1@V!%^AI6oG&w&9jIva7u zD4Twoj^8P4l@zhb=DZ=W{kZCDl+%eJu`im4tbqE;5zrq3N3FQ9ule;5`b!W=%H9!?>eo$rf5dn*uL>3&mGBGNlab%lTsYRLrl* zxQNSGj&P*98x+WS)fj&=!`TQs)h43%>5y{$2a782K_n6=8W3*%fYSsF#A*J96NzX{ zu}w7S?aJBxI?3pqwIN}2@Uwb)H1SUB@;uRvYY(#Uf~(6ZWacE1eE)Ed_j(7y3i=2)*6SnvR|iVp{y63`^&c{vb{V;IiS8lj?^({DXM9=91SSs2T$5c@&fNxAMnPG?B^A_%k^dJyh9{p6wNu8 zd+^>408lepT;eEk3JJ?GeQ=`AzhF*Ub~?vm7z4x||=e_Iqq8 z0dh^JoA~>yYj&XXe4&!wbEOjR3_8hn5yl@V%}D|Qt6#}oZ_sai{3QPJQSv5Sw-()` z2>wyZwBeht&|8xUp1xN7J~(J||2XIkh+crD#X4;kv)tUlA>uY^LT!IIjp{|?z|%P>#55=t|X zxw7M#)b6{UQ1}9;Fp=7dXcHoBWAe0KCG-zRR=xwK>vAx?No70UFJbk^FG#8DW#5en zt8FGz%N%a~WRS<^>$4@XPo`-0$Y1u8X^#`(nR<-FMz!wuc<*4UU*S^bO!5ux&g*=t zW%(yJCBQU+eA?%AXjBvzfa54Z!!O1S^0NRjn;7Oq3GN)C1^lq4`WbdWo>A1a!he-p`h02v;&$SS|=3HaL~TwuY#trwLta}Bu&^v_{J2n}X%f}!8L*rR$j+H1Vcj3NN`_$lz*cg^v?>P_l zSML;%WhM&Dn3}8W^MeB7v*#lqQ-6U4F{h&wwt@-$qZM-?|&HB=B>%8=r$ck>V-6T$eJWsEhH9<;dNbxH=Pu z`mt@c_$k~=o&rI;fdS@=9*Lrrh$1PhlvGtaL=JGj6si$N=@}>kJH_y}ihYm<4p!CM z(S}?H2D_2>X)Hh0xqEN)_1crKBl^Az{jv3w>fKi?J6kk+&=d~yx7Qs|Evc0OCP>v! z_rs6;m~WxC^a-g>36?(ox|hAp7uYJ_yzORqE0l<1OO|%m_I=9L#jk@e-|9&hZa=-` zNO(X&U0_Ie8ClUTmO2>D&GoBImfw~41L}2!VL_UYqF||nTzNcw_pQz!LihY>j1`*H ztvCng-&LV2{%n5g1%gwEr0WA!?V;T`aKUi0qpq0@j6Q<4p@`+6+&yO)GHo6_^RxMwv#MX1%3JxPPF$xX$yx*Ryt&Cx%$~-U42|A;)C=3>f z$HiU#5{z&^!Z9MBF8elfUP|Eo$}Fd?_BLee z*UbeN*8WkBqtmaO@W<^+ek{*NO$p)SkQ@YI#ZDcQPt$&Uh|e%Pr~OXBFF@w90tn;| zsv2G0jKKNead$g;%T>8tI6X{YHI50x69;_jh@W6>EJU}K7mo(LO}*Sb*Ug;l@QF5? z{h;w`;*mgl!So!?G34#}R3WDQ(PEvoS@k#U!7E7L>Y9M`OQSq2Qah&Us%3 z@$(r?Q0@8i{m0If$DHZ-`sQ}I9`!dd?~NeL>%&+QTzYZR+-G{4TGY(R4o!ZCFv;n0 zA&kU<&@T?Ku8%Mp7tY$($mjLWC`cGaN%Cl?D6y-2umUJ(O%}`zC8-|%p;-oR>gt4> ze>sOWj9FoPi8tb~xOc&|yvVL3&+XbZsCSGL3s|Z+HL5`Wr#_K zX_?8I04jSJe*aTQo*MdNrXMo$DegV`&%BGIsG@#wTSdxab$UYvyn4`__r&9U$=J_& zTA&u}f?D+p!O@=RtHH1e0rvmQW@duLNc}YC4xAHZ)Mkd;BxV5%<5?G-Xr_8>7`y6S zne$e^@*~5JZWATD=i`rnGL2B*fq2=!IhW6XNPm(sGuJ}2k-x2kvsZeAB@T$UzYhjV z+m2s39uko2+rk+kOHiGN_Y*ifQ*7V9cxXC{GmHdp`WbXCg3oPa;`m7E zTPq{2$RYqk_F z;)NV)ElTF6&xhi-z~`^*k>D=i^*Z7;iza}PiUg%)+U3$w0@L-+aQe7^3s0^0ChuNH z9^&((K~Sv%Lpi*mwqATc3OnQ?6I5{pn#3Y&XgnqX92C5a z#I}(HOkhX@6RZ?6;#hUW5aX%wZYJ0^5RVTs{Wgrl6sBOJ7BLUBZn2n%NGuC_IR+Lj zY?ILhdMLChB6h7(DhE14xE3^*i_DkQEW!|>E5sAhAp19>DgjDv6e*n{G)thBhD*ZY z06`BacqZ8-@&iOlX98LUni2)zA1;g|!lR=|hc~c8!rnoRyB#Fpy|&Wapkv4g$AEmy zOy*PRYLA#oqIx-E0!hF%=>29VEvf=Y1YmhWVJw#Apd+T#Efsl!I1@z`4%>Nhzn_YR z0)y9$=of%%p+HlBdBbS+esNvnWgq{ly4W(>Bcz11|kIl zWkZDH3rP8X5DcesC_F5D8UC1U^sqgu6M2Bx2^mkMGDncBC&iq|g~DGzezJ*J6Waz& z-SAF`5{eM0G!+4_52`g1u7!zJ8>1vO1%pF^IkQCUQ3qX!bq56`Jw_7efUYzn48Ax; z%LQ3jn>px_ar|UD8+l#?Mm&-UmmxfQOcCM^fSCdiu^9`pPdW@mLy01ycF^93H@Ts^ zi$n^;Z`q+c4c-Kfub>O#4~wH@o}Gn-2TvS!JNZ!lg%3RuEm?|Dh0GzXi^((tO2dqp zX*c}UI&4+~VpCXzFimVRd5E+iR&15{$sw!E&gVFJ@HiqFe-RTS)1e(9fro4nJN_X+ za|ihnKlF0@JZ3XnZ#2gd%4lFN;)2r}l0(Mm6aNk3`3*HELMQOs~;SRw@WaHj0Ma zG`k^)MiBua3?Es@ShAc(bt|z-x*uxrT=`YaDAgvCbU8t4_laDj%F>$8jaRwvu1L6j<)R2N+x)&yvAIZ-UP%20ln zEXenQF1H1I2rAd>)u}CRXz&RF+dj(TjvAO;36m3*f~boPlv{!E4=r`T1C7zkJVKWa zC1UwN_BbNN@FPKFyi5>6(JQPK=pyNk(I2m z@f|D%3XBt)VUhSi49LJmo_Gh^?2bcJL5-nwen(uz4q)SM0}rp)0PnHhC=E!^VIkxj zad@rPLBIfUtjia)!o*VT{y6*#d3~E1gN)>g5{MucjKD#~GQUTKvy&7$u{uCyvjH?< zVynNMQtVSdXl0x)?7aP|YsCi7OUk;4H|%dhH;|Vl=D_ z$gU8#imBC6@p2o}#ieq&@i5QGi06(PA5NTaXFp1NX#Ad#R4Xv z;N^mVI4}^#!wOLQBhjFfN`MG>N{Iw$D=d_N=cAy2*TMrzv{p2h710BOG*tq^O(aNy*r+sy zl;!YYP=0QZuGOJUao~J2xx_pN%@Rg|2)ta#ASnn2hR7DT)1!PA10pk!W~QRTYKs%u zjtE?j9tYJ_wh6~zh{GXBOt>fxjTu^aktke3F@qqXPZrkb2@aDJuOSFRXl@7r+A_^f z5L?t~hLiXe){h)c`?2$I-D zC+H2kOcafP#4twjJcSV-XYv_rl#?n{;UjXkh%FU~=xA?DPNo8N6drihxip#E?4ks% z8avhuHTeMGQ1K!Y79#=6Ct};sXgMwlR+(vZ5QvJnj~I$!EPSGjsu58@<>(&*0~ML3 zwP8h3C1M#to6jCr>J&zaH-d^niYBVSVlZ3}21Uo?S@bY8Ya>^pjR-;723|-+E(yjE za>XbTK*|y9z%|cu;3#pUK;<=a=w`qyQM@sJ)XqjMqycQ6QRmkH>8x0!RK`qp8&4}h zHcy=@8jQ#_Xbn+rVG;c}hQLMiB96AbAjg}D$*cZmCo&q zQY_F-Lv>r?Vyz443*lY(zEeZza@9@)HS9OAf!W&2z=dVdM#Lf_chMNsBUX&V2dW3L z#OO65+oFVQ3rWl_jf~E4#eEVvP(d+>HjSGf@lrSdIM&Go4hnn^KoANMOaj$wQ}CTp z3_&Y{)j4|C{_rX+^|(sLAfUgJil@aQ{h7k=)NEZ$e#THicqdo0I+~y z#&b*%jC)l^xdxdA2~W<_Yc&MGLINtzZ$@G^R-7G=T11XOFo2Y1pOej;S zGLxggnX9Hdh@iC+*Fk59Qe%z@-53u8i{^6BQnQ7w>@eO;RJPbawH7Qk}{LZ;D8x1*$7O%5gQRoktbIVOy~%EV?e0Tp~(V2;MYxn8;i;T z2^t9dNT971cA4mr5De;689@q0M9^WO@7k|)z*{f^S`*U9jV`_12}Bkl7gHN06ErL` z$s>y!)LOI#S)i&QA&6CS%n_myt$^|(;MFADpvr*?hQ%~Lbls7qphu)J{o|!8c~qlX zt3=0G_%I)SS&WzYk^kXve4rI1up@~3f&76h{eSXf{!cFjgdM#)`0Ix@k$?^?9OA_M z*UeGs#UQf8mS}`1zT9kJxuX=gQ~!E1QN01QOqgOEARUow;M>!l8C;$OGHR=`v00;!#M2M4$C*Um9kienxM*;vCCt6uN z1u(#S)UfE7)EJI#!w?l}6f6m9P>Z%BjsZ;siFhrW0Ss*f=;_B>)HZii4H^g_d=d#M12@-!mx!(1CAqwep0~A0nL1vO1B{fGU&AvcwqG7TpN+YWRN5DpjdA-k@yVc`9-^gq^R4?RD^9zn$rqW zBQ&UpVe}!Ig^9r-JGe!RMdQRYGD{~2LRQ!ZRQ*z#12V-}r<4t82`{9bPzEJZOrt{7 zOcE=gbOf~v77tt;GEd?n0>Ymp_J)NhF2%v1_|!&ikf7oUT~eu+XQNxBUK8I;q6@@M zv?3e>aukv%;3kRjVyjby@(1YzNHtM(%s>!M7mguTDsfSe(q#w#iG5WNAo86KztN#( zgn2HL1Q5k4sKFcX1SdS=Qn}scCjp-=N)9MGARq+YQ#m}kDzApa(9ty-;NIha`INHw zekqe?cMut3t!blX6OHNUM)RkA_a@pumOJ!IEVO0QbpMr%P8gbr8 zVH`+Bd&AHf3M5lzlNdRS%8vmBSGtR#R=6piDAq;wK~p0ULr{ZA4UPodPjFDVNf-qA z1h6_xo1LoyU3;lkA<)K!e!EB!S6MZnIBYTd)pipL0P;L;kSe3ZbW$3XFXPBVMxzgo z#M7Z|3P5uKKGP_|#Dg4%k!P_(7e5Vgs?36*%*+YIv})*f^2;qmCz}(J$|6!38k%!S zILJ6ys5k>TYQW(mbWzY}3~1CM;Q5e%28SO>)0q8qPdFa*X>AUtHUzQ(JU~rwP((9G zZChm=&>^6)r~#z_F}PM6O@ia29e{`-ML9k@$KeIJUy?3h#Q8NWyjCt|knN^0P?;gJ zm39Z+PQ`*`lRw0B8BxF$h4TW|$1es+Di|#2fqDR%5K|MG3K__phMW;T9@)fMb~@2* zpoGX;ryk3}i#1Ay52Z1NBQhe&NkVG{Xq{ceU<8>UaP9-~34;db^x~wDOvg!}P9gEK zP<}qB35h_l4X5_2WJE$#%?AbRxQiqXMFY|Zhc6Zcg6MzZHiHsq(s+@G*n|=T?K0WU zibQoW3oGX10!sq$nH&8vKUFW+gQ&$nYNWEW7*I7k3(7UJ=2meQ%l%PAf^ z2?dsi8TAnQYh#;~x%=un4bJ|`KSDbvU^)KMtcMdN2x| zix_gKEjWSGK!_W3D$pN}!GYr{p-+pX0wpZG8(8uKL8BlHy*Wl~fC29LTTD^Wwm#BHNd7-o$a$Q`j%kA|p3I}yK$?#G1UMm5famZ6MP4uLK5_yNlr z<6EgDu1ZBBpxyeYHLO#TxnYxmMHLx^?1(Bxb}~qKgOg3MLoY7L4J_~e5K|KkFpdBt4)L5i85}DIKPm0S#)yah+F=!+{<+*%-or4+eCkkd6xm z(L#Y-t%vvQ(9R%%@qlMXh!MtuVkknej0{kJAOq<*kwhT5d@3S8N|W0NW&xL}4M-7} z#cWrGBLLAb@w73fSgr$e=s^?MXsaCUr-O?Jtax6M5BL&HL`BpKKl|}Sol~t0iger% ziHXKqu{@8;AyhzUp*QH+e49MXl%lNxGn$M>IY90k~13mgr=<;B_@Ezo9t36d;yF;RU^S#uyT|$CdbmK zF1OojfWCb+K`hW&QGALe95cv$Mu4A6ENZ1+X$=Mg4sKAdlF>nG0?_?R6NnOec*KZ0 z5>b&T3uv-3nU5nn^X3(-=g#;8$5;(i`O%vOP=MtglR7bmC>^2s2WiR^=Z8I>Xi z(4dK9*IVRJ6UBi9AaeRPhQvgs6Byu``fH2|LTBJM_1qv3cp$i1eAV=f}e z3iRM8i~!lctyT#E$>6e8QVpLJvyyNaoEfx}&>m>WN5{Z}1CpbN&5zdl=on3aCo_97 z<}efEL;>#6Z$$aSQM5?nS2N==&>RNwX8{2Zu8kI>M=5*+o!3K<({)-8OKr6Ybb7zr zM{p?}K_1Z8!og+G_D-?62vj{$4&Vatxiut5mq>gB-R1 z-^u@%Siu9dO@aS?tRUCoi8cy{AQ{3y4++GF=;a8!9f=k2Nahn_1;~7&#V#|JBX@8N zYP5jOGmt?6QOFIsFmZq(QT$x14bM>HDS9`W0DZKO8Nia5B88s}WF-iI5?L@T4VnRd zJcMQ#je#N8aQwKC2xz3iN28)W0<~C)Vn^6=t(uHO;B)~3S0ePp z5L5$xLQRxLVRBo&nH@57d|{cK zK!)}#=;$UA?4Ywngz-dSZ$zvQgQ$&P%-5?3T6&BP=m!i|M-T_#b4XBool&!y7ey&; zjtBH!E0Wn-B{JzHNR{|@K+F&sm0(dixW>9D&Jem%t5#zm$@24o~0&rr-&+65jNRf>T*6@%=nMz4Z~Cx-iD?O+Y?eakjsK0h|qhF+(bH2fTyhD5k&#ygbll#HY(Q~zf{4F&jf-BDrX2H-`j(#v(UsSeSo+5*$LzMTd%| ziUg{v7zS|cFfDu!I?M|JHrnF|Q`tI1Z4rLe!%zpIF%Y_i)o3p;_qnW6xak3pH3l4V zQe7CWk%`d0nAH_RoCR8l=!?2+Y&v)|W*{|Dd7;}%K(KkKdL;@#6$-2`W(T<)j?-pC zmbDFoIGPA=0F}=+@S-j>D4?r3LJZzPu*!L)fS2#&N#Ro`Q5pbuAG$&q6tza)+fmqHq11y{sIY2}ha-p@z*gyLG8EnbXYFFCVN4ZOuBHImfE3^5Cczgrk|Dof^rZyD`CvMds?BtR7H(`m3kGZC}XL9kaS4H>AM z7_>$@lo~0Q2o9yjZ=`aAA(@31)VTE_9hD)CBKt@bEsyYHL_iO+k#Zqb&$Iz`BXU_v zs!@cp@LhtKhGJ(pRoWmOPnP-I*Z|oc(FMIyfq*Epat&ld7~%7x#t2a60wHII&H`uz zgU!!!sDx}t>Y`#GIV@&E{V+lc7~Dd%(9R=jY{2RmkO3wxj68g1g$u>OAjT{P^?E$u zW;j~7MBsc6S_MwP0rJgk7T<{0kOTp+qETl+L;%Wguig^(7`-N<%WIc-0Z<$85`eDI z#PTwgHauHFLNLQr7X-P;$U1}3;&aF;0TkT;8qPY3Oay5!_yqVeT||yp3xzP7p2`Qr ztD6*Kv5>HtXBUa1@IOibN`(}@-EN8l84yLOWI4|`@>osB95(=E8GDT3#fd|X2i6U z>>w6GfEExBD*zS%6VPQP>pr>K!0M59iE6tl$5( zW)1JVqGp>DiqVWt6657Mb$Zp|&?)lhxKHasW8`U_W)$rncl`MAkB{TuJ}CC5HK#Ke z`^62M6b9pbodz8`)crnw_mJ1`C!rmUG&DV z(r0fM_8c|o=VY8@bo*J#DZ%>n8Hw=n=9YSUN4UO`RyXh0bXL91lWRLv)1IgO-h6e| zg)MbXSJj)qD{i9h(;;D=dddy#{n5`0XSEx!X)b(`*|c%G7tMBK&#H^PL>{aHHzhCm_{4sT>c>0Pq{*?j;>H_a(E#~_d9UTN8 zXRlfjyEwC6y`u6>$L0-$kAEmfKTj)~b2ZA`HaS06vW+(t?@wruH-Gq)ws`}3HMMSq zcbS;WlsB31;;4Dto9;c~EH2LcfY}Zoze|H7O-vqIoVX0eWG)-pNTN267{;l-QPu~m`u0lmt)_sqPy68YEzNBWj^WS&LdbY++HjGD?0y<2_m z&ADx4Zy+bvvKLLRpp-uTQTwZF+a&(h6+i#VsGS$_jO$BV?(~i9aec_w^VqFd|L%9= z;+(y82khN{{pm+bZ}y5u`*3Zl7wk=DU+9oPuR9U0I!koOG30b?&xv(@kCZ0a}e|1%szkO8EfxeE={Z{6VcE3kOFDAVjqOGS1ysa^HTit`T z?$g-g-H10fFk9tv$^xNtEB2vCu^ZCDjE6f!)-+64a|wC=yhr{4p{?!OZ?IflI=!~{$}g;f)uulmU2XEMFeK@b@$okKtEV!hhF?n zn?q=5m|hy$wD;Ej^pOpE9G&x3b3p(7?(ByLqC;o=7((CQRB@y&f6)=kH)(b0h-t@F zDet@Gb=q)jn%s7WadX-870*x9T$;^Z`^UfqrO)OJtRFu!1l9Pp{q7V)vE5o|X`P9; zmtS>I?-V~f)nxkEZ%fJwV^ep3x-*mfoEIfc+kdRGxF#}YWa7N3+phE({^_9fVsI5E zdDM=sT|%y98~XQna$-iU?9I==O4l#g>G@TZe5XU%$+B~Tt(*;#{ts$P^Q-REL{LXU zBd$G*bmT1Eag)>Sakx)eR@PKMvSvF^gT;1XQNP*f8|~Q_6fZoTQGeDMGiJ=@(MLAr zL(vm%$@H{N1)I4ilis22m?b;-(;pPjP!A>!7}}uc%S_AL-dh%*irS7G_Dr37v8AuW zqfn(kxL4BjSJIEun?sGZEtkI-`?6%g%$!G4c5vo^c=-}3KC)xuT7TGZ=5 zZ}htgi+Ant`iB*Bx9p$aeNVR;1By4UnfmiQ@5SA`vFi84#KZ&UnZ;WZt9NS!+4oD+ za+f4mb#UCHt=RNg{U){d72k)Kg$JxHZ*+gOP>1bQ5zQ<+IZ@MV+{lSj7tO5lzIooG z{a{VQ1?#bz2aDHf|J+zGJX%${>8|h92}N1(!-Wm9c^AX3)5nh9DSKBb_&aM{*L4jS z>hl*4NiQNrn%3=c_UHybe(=rfq2bbPyn=Ej@ppqJ?Os0nmb^06+<4sZiPuC#C4Wuh z4T4d7>xO=nwA7wizGX%4h2+TJMQysT*~Gkaf2ZT#z#Ee;>hJ8&k2voxF)->%^3{l~ zxPOiFWSAuX!Glh;nJv#(l@^s>?3s~&`Erx&>}+mhVuR{QH9z_}2er?CZmW27p$+O; zheJaOw`f!onjgp+J?F0N&qrq$_YQp9Gf*9W(<6IB>U7E2!HL7LZ?7f1-TwQ)eCoQf zQ=R=AtZh&kdi)S&U7A$9+q~y@ zv)-%gcvFqZiG&iX+U1F!UC2yaPs%ZMPf92;HfyBFiwqt=Ib+Qs%A+nF2PpHJ9(Z%( z>e2LIO~Zw<{Y{tBvqC)uh}nKwENG+jV~_V_Q$d6#$`#Eo-Kp ze`e4`4t)PRQ`$Xnq51i_{aY;~_8<0r+wINmrg(;&TPj0to3%aMw$*aZM&Gv4Gnyxs zeYltWd8F^+%I>=wv@4pIqj@p<} zv3ljf-@`F)uU(&;)Z|2bez|_1^r3L)fz%w=#KEL+cN^BcAk0rl-+QFGGiPZ(%k%Z0 z{+#>zZBM;(VYvCdi6gd`A3d%da>1U_^WprmKi`dwl{cxm(nOw{vSH!Z^TM_w(LsqYfQe&A&HJk$U-T+Jn)D7oW*c)Tx_% zny7eC_^oT(7o<@6^(UdW_0#T~7v);-jnr1>wN9T*S<$8L*9umvo0gyQe(5{7YsT&B z`}Ea-jcZ5l=-({kfoBeJ@3=qD=Wvcpd_O#C&y$V`dF}q-{^cChqq53F^Oam{GQ;!b zwd`B^vrWA8r?*7~DXIix>7Rx^+nFYrf&&)ZKS8=V#uOA5}aQcIWt*}CqK&b zi&Kex*RB}M;67{_xOgl!sn;ciYfi$7IRz)~mzZj-kDkDq+MRyHpq&%_+Y$47)9(Ro-RHU(B-Z zAMV|2O}#~$A=$z_ef_$ixcK#G@Y7m@Q}VhCYGA_7IJ?91hdJ{Su`gd=U6DSgw=%Ej za^`f*8$W%xQu)YJ#qSTOQ9gN2MasBx zPo+IMxWj&O?0jkSBG%z-RbkQNN3t#X#1ZEo?$_5XoZ5U-V%qBo;9v}1lb_pr%!szr z2K+f3e8sM!>_4O}+Rqx2zVz*chx>FV-bwGdH$VJ!uJ!PuoYWb+Lxvg2Us$s9%R7#{ zU61)?>YYC4wvUa!{Iuz$H}~L~9M|a+WqT(+8ve5steyVjlGsYTzfR4Cs}C|~J}6lK zWoTbxe_#3dE~ecSMfJFsBU;Wpyk~k^{-Es9HAhK(e7B9>FKcHncwJG^NAzXm(oX9> zp>mea)}QY8YeVK|`TQN{*XBGwz(2J5-RsZSn{~CR7VQr!)B94yg0!-Gxu4G*pLTQ1 zfmc_~hPzI0c->iY>)E4zXJDi4`YyGVdtKUQ_9L!+L=pNlaYzrvyOsScJxq+B=RUh0 z9`(0L&+T@m=H`RWuEH*}+x9olnty#N??C3w7I&*nY2uwh@}70YbFa^R)2HlRhk2!s zdO!Z2Tavmcl$%Ie^6UGnv>ja=9UE!w)HU=gYt`#^33;5<_y@||lop$sq<5uu{G%Zf zSvX*w{$m05Ha*udZ@wwFUFMG-&knS-VT>;mmM>WPGn(<4w&uZ~{!_nu+-bMy(C4Qc z@I4$S*3CX#``4qzuU0j$&8$hk(?|UH{-X5rqSB{Ras!d!6TK>1zg>?vCdL=8n>wmp ze_av2q>Msra#^c0eNfV?Gqg?-Wq=QJgZlF)#HB6S9iJeOT6dn z)Si#+i`@D?XREGP?0E6&eNWve&-4Yg6K-s_lweMH@toVQoL76FA|7HAp2qekQ$7`{ zQu=fyh9Z=j;>F{OmTPN{vJCm@~4FOo7cak;l{fSsTXeQg^yk4GgnGZ z9G`!zR$kRpHKu-Wtfb$%j_F;f?WzfX4Q4loIHdIhB&0cX=Ju&^9blPuy)&}Nm{R?v zU$;jU9cOKP|5ns9w!bgM^J>N8n^PJ03NBd$%~0=4mM>oTOR@RVm9xb&XO_y>%vMFI3F6p#86ZgK_l6i60 z+=cqEwVIg1RXB^PQac%q-FLO>vUE>s`>v1N>}m9jB<9Pl9K(nP*OR}V4;TxU_RL7) zY##nwRk35N*LrR6(J#zPjn?hS9(6Cj{e+DL4`WNJrV{^3`q$;B*Om0j1{Z6AWBRs? zlY?5PRWBGwqU~FEuKkvuKOZy|L>x>|8?Apt5aZ|%BbMtdgZ>832 zlR%$Bl8=6#+VcFe>~DJ^`m4ngzqZ+h$?%s}b}m|NdslHYl-`J##q2kic|x#t6At#E z%YU8g4MC-E7sRJyGLt8M91A-)190y}rq^_p|E7r7(jc>Q&Sa3A`9J?CJoRsXC3* zuPS=M@1NQ-IlroOXVTlwdtgQyuIbW*-yTJVDH9CchUqOCodPrZkzr1xk4IkcY>BM@ z>~yW+Mi;?|H4*vJKyxL`;WWYg21!j=Jkam z)+_S2fJ8=qDTJ86QZp};8}5dia(X+nUb_Uo5XM=`+r?+Mzd0Aa8DFevcxwf`_#xF^ zfTabW9&HHg^LeCwb^ZK>MP$j1HVMIP`3rjyCIPWbIS1MU!l)j}fbrg-ZT z620z0@#t|Wo{qNVoH_N(S#X}39iwXddzzP>%zuWdoxY?oy)IU~v0@$`7U4Ad)%Gxu z3I@8CGP!zv9wb{Vqc3zyXwHJeoV`4q-UlwL0v2y)M@gRy)&vcB$_0x!DE z`eWv-dgjf@A^*^BAJ}x|QFzxpsqVR|uL*g@sr4~=1O6l-51nx6A8nD{BNfIf7N)(| z)Q1=N)|{5Nv{T9oHk5z9?l4|jBKVl6|1kO4!!AEwCf+t(X?tfAv!=pRl-EahhQ5E! z?{5cNZ@v1{A!v|i=(nreV3-Uhk{()|bVGiI(5bq%ZI2n?es78|RkD{1PMmSrH92|5 z)Md77i}0y~wV~0wpWR@u9(?rl))gBM31;tU^Kzj4Sho+F5c6bsU5g~)z0u0+WoN)Q zfAQ({!cL+dx))m|4^Qbj^jtDxJms$KPMfUwu=3y2B2MbF&HWbPBYER*FzyuZTnZ6( z@rCbq-n}3+nUuYtx^2gX{R=eqnpQPmo49!9vwKGDSd30<`8q`HKVW3R^8TkDS18^V z9yBMaEB(}8;jw>TEIJl!`D@Luxs3jv-l1d7hh5ejzfFFzU*GjhhvZ$p3|XVXE!>ma zcglBcdK`dBTP|za9#(Q+$e$jCNAcfF8=}=Qtw~-UbO;-$DxOe=imk)1TFN<_- ze5(7!#Ro_0rp;Egxin~$X!wy>i(fmg>8gKKe;#sd;o4c}I7?nuf6iKo+1UR{y=mfX zW_J=Hd&c334L51GbUd|o=JtyxGukyh{-NKC+=>ROM>|>t@>i63^V*0XOiKT~;A;PA zl6`W`Uo$5v$Mt^?EF_bJMCXUqAJP-^CJfu0cgWSgdR+8n((SDUJC~;aYMDOjWJaTD zX%EhRnrK;!i_NhXgMH@2x3+^th4LZ`bU0;uk8$Z|BL|F^%SsA~%{!y&3>`XD(rZlj zbXmV(@lVZ>Q2F4@yN; zsFv>L)FsA&Uhf_It3m1pm4+R?Shdt>)sGGxV+$x{H?Ch=pIc|J_7H3AZeew8$(jql zlAlii9{~b+%th8d>)0gXuoiyWtuMyaO^V^h4Uf&bo$+9F z!L9Whuhc@qr2PHa2~Uou_fQqA9sNDyyxP*4O#S8C~Q$GSh$JUhT+- zhwSJxBPY_QRUWn)MzzlPS>9+t$>XUImX*)vJ^FCymaS|+!*PnvCGuUZyA(b=eML7* z`gX|Nw|z3orKCfiPRbvGHxIk@zn(w-p1qHCJFzk=t;qp}e2=2l*crzRt4jYGaIs|E z$@X3A{Ve-_w$abRGfkB(r#+mp-*l^+SUBVQm}|wm&Qw*JrbNGgZ9?tw?Ch#(6U6(B ziKO_ASKk+Yx?8XQ#5bppXS8|^sGDblqQgSP1p}FaH@lnsHv^=}{eQ^-dH$OL^8J$m zn!2b_RT<_L+F=-Vqfy^s1ls)VS>K1v%Wjgs<_9tFnh0zl8*JRsmM;}ks%Ln{k00N> z`>^&!r!p)X1AhP1-Me?UJ+oz6Y3|DdvyfEsetb!uSK^+Y zJ+%1GTifdoZe}q)cRzYsS1_zK>>G!sk z*m&bh{?XzepI(f}u9m(YA-FKFOVx&V1?QX-J0J9RpR;`TynO{d+nku#PWAV%aJRFC zs=cT^V`+y2>Tu~r)U(`4Cfvb8tZzxn)#!x~d_uB=CJ!=hgX5a7;UZA1vOJ-obc%-HN^6S-GA+ z`40#?pI+(GBK7f<;g|b5S8pkZj^D~(*Rfqq_)XWuW1A!+77Xt9_4j9YyT!Xlx2bM< znDr~XF7f|0Rn?{7$;3HtcOMaQe~s;4a`n}V0_@vM+is;d$qRHCdZj|1vqIF>v{kU-O;w|Cj`aq3oln(Z1qSxdi}V$_q&f?z6AEXvhT%>zIw*B3si1ky;*zo zk&yc5ZO6P$(^$sB*_m(GT-eTyT&&x7(O?sIM)9PjX78cZnWsPe_*MC>+1bd=Wvzd% zA~l(?_V_PZz2uaUrw<+MzX%c)m2H-`ID6FA;z-J~{BS2hP0DZ2*oL%w%adqHxKjH< z<;k_a@8=|t6G~p1vZ_}#WPA8cA79?FsOp&LBzNV6vOX%st`Dh$y!hYq27N1B-f*)b zrT@IcuKADz`_iHj{s3OQ?e9U`mv%cgpm>tExJz39w*7?HI=npfk$8TMDrKMk@gGm} zf<4+P-E->{y~=%d)Zcr7yJ!~Vue=a4(e4>DD>EN+cK#6luk2T3y7t?x?4m`DFU~Ky z)zXGF>gTq`XI_zoCcVjC+WFxD!nEP9=dZTEUh^DMQ*|4TwQs%mKeA!5bvFfT>s@&t z5WL|nTH8y~$0#e`cPgXn9EU}SO22cgeq4(xz1c7C#`}in^4yGTt@38H^3b-d%b0J@ zx>dOO#BJ=PnlG`u<&E(5yQ;EUCX)^*UJl`pN{(dvz=fK;r#k^!RBx2OQ-jNbXP0JWM+p4sVh=Y z1DNiUPftp+Bv%KN33_~Bb}y;+*3%|Lm%N_xeC434l$gTocWVS>Nb!1Ueut-aO{xI zyPa@!!;rL5$Br#{`#ZU#GrqTIX7}WdU-Yuf&$7O~{+Q6>>00MFQlmS$zjNy>8(uD7 z<+{DA(e@T4b4NIq?;qJQEA_zBev~r})a0j2lV2H4o4%WFEKaQlLHEUlkQl$y#BSU~ zKJ37%p1kMOJ-?}GQLy;H!>j8$@dx>Dow?DwX?j(*tnR|nC-WAWhpor`H?2nKY+wAM z=6rFZbQxp*AGQcO6-Z@0NlH#|1*P@v#lxl=@@a}Lh02riJkM_ zUto^SxEOIO`Iic!Z32a5-vFGyJ1$~}&;z1z`6y(nh}ly!epku~f4sOs9I8yEkCM{h)iaa6q#%wABS z8#z{DTYt0$HzQ&_GwExkaHvzWzc#s3p``sX&-tmB$A8;^(==^JQxxQ89$x%n&G5Uy zc9?UX-aVPh8I$H``c0FvYf$2C<0R;3NA6*JjZkcG`m*cW(glq-&M43KR`1h zxpD++!X_nexAjGh;*#O@&wulDvweB1^Q*RhuLV>L@xqX&*UBX$FBOd48Pp73NgDL{ zd#AnC#0iHUjLA4H>a$bpQEh2|wrX+K$9t8z;mW(P&P7ead(<1#F>Sl2pQ`-n*>81D zT3B5CPB3F&VTNIE0%YeRbqd- z^2M~DXN~=PIc62VO8k_tgAo@T|9b8bZNdw;WxB0!>d`Jw@|-8y zTyVgOR)^0%k?hE7@saT8bVuHeC#E$}-8ud+iMmX)qH=!Bvcxk!PyhA`qwJ}_aVc&5 zLD%$N>ju?Aw)*c@g_-9i+qHtPe$82H#ecB?Rd1%xH=as#Sk4o<4esS6jGy>%=!w+E zuLtq6hdcXAuT4Agv1HxYKHYN9P3YFrrD>KsSuv(}|DN%eTQ66?uM?}7`*+sX`xV{W zr7zva^sO6^)4!l<_R~WB+Pz6-g8SW$E$({C*=*Ehb?U`VYdT$LJinFPx#%D*r@~Vh z={0P5L8~=W`bu`pZ&7pq{e>yn8IKFbjLmSEztg99ZhwYiqjTV#?8G%C^yh_t)Hc8T z2fgk|$e(0IE}KRxkZms`lH0Bx>%g={WBaWDCZgdbLKG-;>fp)8LYua(v#R?$guHH<*>vdPzt9xRJ5HH!XJ# zS^ahIzWF<|(l<1}urhnpug7rAblmZCsrSWO5;kn@?ZUH(Hn4kdzTfeF`MPl5hTNCK%8LRW zM>tmKMonC@^)h~S>0W35ITQ12Q&8WtcisBNBen>hyxFdGsNz)cB`W3lHs)M%>9~`Z zL^NwvkI=7OpGRd^uiNo){h;?b&t=ckYC9q@j{m?ah>Kzn{y7d75Jyb<{iWa9+;W*~ z!>Ea`#wPE4oK@B}d6KZ%k3JdOZG$#{T+wUA=sAP(a=JEF@H)&b+&Ny`oO^$2P9hfD zx!uM)r?xmw%}Kk{xx>YiO=ELJJ)iY59;S6E|T&eB+3y18&G|x62FIyz@RB;q9p5^CIz0hF!NTEnED4!^oXeQlsD9 zy?f86q0R5p@reuHbolX-eBkZng`<}KF?-{oW8d$zYkQl-%RX`C`yiqG!3O)_IU{ab zJ`KN298<4owUN63N%qJfk676LAYh;7c&Zn028}&w?7!VNsp@Uh>dG<4-$st#EQ~d+ z-kz{@`;(okg(-_|hEe%{?@0W3^w!e)$Lbykcgw6Cvwz(=?S1uz(M7h~u=kIikdUL< z05$)UwYR5r1mDlmyGP2q6Bj1TNw`SOH{{+wtY)T}Tpc zV@Xfk#H+e_&4woAeVe%KQgr*y$%l&+^@_Gf6`gOb1;ESzP20=?tuHpU)-)Qj;OyMn zC-ZajI;<$C*F7u#cg(Ywwmf3?E^{5;wPN<%dXn}xD_gD3>(}95?9PBcJHu~|?N{dN z9K#h3XpncE@D1aGbWm!K?7DF2)81jWUPe-Z{(<^e5kEt*HzM#=96MHEnVhdkM?c>_DttRYEzv^Vv-Iac^ z6c35mQ$Mc0+m2ke?bR)(<$s+k{NhYU{@>5nJp0k5@_pY^cexwpSANN;tsW`eQ7{Vu zq~LKUr;xx8I`pA$wrCQB+NTn$BSkm56;{7+B# z>}q*w^ZzCew@lt%mKB|tJGB0el+P$6s9O%anry|JjlsI3J{@b_u0&*ctT)#6~)I@yx}>8+$gm-kBw(g}Hn84PM&@8(u#eVuk$~zXr)Yx92R}5k=5E z&e)gYCod*K^w`PLs^s;C4$0#avf|_|04b<$+hhCi6u=yHx!B{*6x__(>kb4nb2a_K ze{xDX{tnyM3Mg*sOIN>sM}FLnaYcFeUAIu9Ch3lT8`gF!YI?3=9)5~R@Ro+!d$ktV zUA3ScJX&|a4SrErd5Nyl_f;4M>3B|RO3 z|74w6wP`Pse%Mo4b$ZF2$oJA6FHaO5Ef;rsl9@QJ@xYk zbp=Yd`C(`P3vhHp>mdm!Wx};KdAnZzcym4wOnkH8S;yD=%c@&6B-!POKLm&q~?;PnjXL;6NjB%fz zu!s+QJH@*v<@i)N*48f$Y~`ME)La-d4t+weu0V5WL>R$Fb^64_czMr+O0go#a&y6ZN;U$dB_%W+vc;eA7 zf-(Vm?C|icn$BcThvDmv=>R7LnL*~>$FEW0%S?cUtSi`&8N9h?p!H8zvlL6}>zJWq z*2UuwQqX~Ob)FoHc7!mBnfsy#l1y`tAGuI5Y5jmP+v_z>A2=>l@dH2sd#=8^Q2jb> z5df@uEOj5S<6QHPDc1$R;LCrO(;g~PzW*Q0y=7RHU%U28cZqb1C`bxOw+JYRbax3z zcTKvKRB1^;Ksu$FbSoj9lWv%kZg>aJ|5^K4YaQ>gkNt6fQ3SmE9^)G4^*hfwkor&& zgZO+xGWWYZ>H{*muxE6mV{|uLN6aJ~neIwF2|^WGE{A;xRi@s3PnBCw%0S^S5{mIFEV!OWbdQ{lGLE=XnG-s2_Xzv>S zrHftdLh)O&rq>0}nVhxT_X~%llYSWc^l-hi$&0PAhZ@xUmRB7;XAVmh5H@H?=y#xZ zYP;_v1JJDNGwmifP}(+tNt1Fou7n2M$F2zLhbC*!(I~6lTNYu=v$)a=1(uMI2NOE2 z2{zOPmxe43b-syrnXP$&q~I%h{$ASPaVwq4D2;FT6{E#=b@Eg#?{3dKDIh&&>z#bH zo%}bv#K_UZ{b@(Y2bZXT{Q@}q6p3X+bv-*A@E_Ori+mt$cfcs6@ z{aU$Wt^G|7;`Bt}_(tMt_)fytld$p2!+3<^bK%0sCqP1sQuWu8yW;VB?sE35rfo`3 zy){*f%Xp;WvAkAEATenXt1ry_N+s<~3pCW#%7_oio&`>vqB^d(+7IU5E$~8CUI1Y% zBgf**FDsSG?TAr9?aW`nY^{q~SzBj4iZTL-{mzgEtJTNMt+8pasZ$O_NuX)49D$^# zCk5o`TP>d#VzMGmmxA(1*SIDoCg(*TxM^TM7&<(bp+k6F?E3ulRgm>;(|UQ&gF~Ub ziz`N}8+n>JcM`2qgBU(YQH)%GL#g88tUfQ-5!w9;)g{=W@Y^N9ZkL};kRTlY>f#f8 zXXBB6+fxM`4Fg&+%SRsHv+JC6X+1 zg?k|kX@x85^G{P5bVPS|G&|>l$?Jo>t&XTlvsJ0@#S;!G7Cw|Uee}rXxi2@OHSMOu z1*(r;Y+Ln+TNe(0t@Zr#Ya@9_oPDNFqxrY`$kXJ^`kfy$xMx5{#=8r>D+~Y<8ZUsl z8i$S6o&#|0iF%l59VUuZ5j2<*+QY7oiK2~8p(=BE95_ER=!5N1eO3y8kN@Fbv;(*H;DdCjfIA^Tcd|1`mcqU*FL5x5)~x!AZ5b?fdr4rI#PK zZldXt-SSi&)vdMdr^I<$Pm>Ke=nCVjtA)a!u#qoW_dXQ$bfw26fXfvS=Prr)v8v|2 z4JB~5<90iID~P`px%f~{x!BR^_laJ>2RAm;!>MOhMavvH{lD_zXw~-Cp-EguS+GTM ztI0yK30v(@pz*bvjhV-D9+1mz2w1XC*y~4^!JzHgvb1%0RG$FD@~j8f>y*T0edy&< zkW9JlxT(1Rt|MXm&5os8TYM_#($#d8<>ud9+@PSK&!S$3M*UAS9MqtN=JweEek9KY z&htY3iYyh|LNsP8fXwo!NqNh;SF4x=l>>QW)z83bP5t@RmsGc3mRI4d>Z32kDnBY) z#3PAIPwe&rHi_gsLky%#20pI6oTw43_YiqnHjQ5x!zKwjF%@*-$D&l|YNAHP@Xh2cB>j9VR8PZ=Xd_EY@!7Op2waWy;)=5T*;ZBYx zMq#F;g)B=~of#!lf-w5gT1+-KN&u2bRIq4Q;&r>)j1m;RgfgKPqnQ^3%TLhVAl#b+f6DFg+J|t8EJrdt$yk5KHeIf0z`Dde-x>MndV0 z)0$0_*;G5`s~Vc_U^znL(PrBBR~QVIG5S_x4V<$oW7E>T?tj|`aqzcaywX#!`EBq# zmHbC>atoDKnUU0$y&bp7vH6cT>1566jU63!#2>EJ)PxptdI%FXW~+CCp7~|$G8_GJ zOvk9=-IsPnh5=5$^BbQ{x#QBy-MRXQ-@ku<9rrZ4wbsdqiny7@7=e>a4T%MMD7r$T z#qd){nz;r7Ew&!6*&yPC!h8DFRx7Jy3v_X!gmS`L9eTJ$>wV;OE(jJXu<4pb+I?=s z!%po6P@IgVl}XN@_KN&l!yx{&?9V`r6rDfV9r3NnQqJjTz33xt%%GWvK1iwD z=scL8MX;_`{B@T?%v{i3> z*!r6XhF+{rJvZAhHO#@sD|h4xujo{fVOsANULKnFRlpbNrU*Ab4fHrHuJ2KM9`Tb{ z$R~A-<||P^ZSM3i#TsYi0^tM9_KY%zBvT$%T)S6ii${vhTPRTQ0N`0#S~mIJ=q}EV zaZ#jXvKUL=-}N~E%c(&QikrLk&qJ+-`k_xhT2D9AcNl<{GnlNg=wU6Ef~l1UNQR-J zZDWsoA9x<)@c%jM8BB;=Y+NIPXGyt-zWVf#S6{^_Vr7tCs5QeB#iy{e>>ujOnZ6nk zYl~mRDJBExo{C4t7YAY*7yY~!3r5sh!If(>R5soZwEPtk(5 z^vDM*Ytv#{oNiwP=bAQ3dx)@wozvOJIRb+~9r&DKUOk`cJrN?>fekr8v8&8hilKBj zGF~4sA5*QAkU_D(fyyvI9T^s0Tf9<-RoIs;jjI6IdW!@7;!F|RYKE_5hNr-1Fl(>A zl)6|2sJrAE4hkLTb(NWSP~V&W#%aLYN_G&;pXV(dx6RvTIvF(u?!AgQa$aQ%AXqzW zb59o8uKr~rabu3DcY0+c;>(BvVQX3*SxX=@C9qbL2--+BzP{J7OuW4BIQ8sFE|hOr z8K{XhZX>m>sjDq=86B!6F4jX`l>4$D!Ig77XUdnC%?uf?8Wk7yP}cw?w!$2{C^Q&8 zlqTdLJeVPYpZUper2XuSUP3w7T?p;BHddtnjx2?p&ai3NhtR#%<2KxDm&2Ia8tWLJ zq>M#wv9P0))^GSyuMhmW)MGiDvs(qGHAyxyg?&&GX}=v@(c?J{ zbXj5Fa9DfpNgPca3Pwn#m=Bpnf4qtamz`mybmYFnlK zDVaYTxSxuD&6oc}x4Ff6GbNj21^St$Y`F7iET?oEo}-qpE_6?(gkSO#qbTSi-bC9! z?ZuIHrylo(k^+64;OX|d(kXo*Mx0nMJBhkQ&F)gKqY}5z@pdaee*ffW{*x(!SB~!l zFsfO=%NCKY*UR`)^UU(;aZx_#dMZrP&M&eYe)s;O#@@xI zzLf5wek3cPSbcWU8=%pINGO$=EtCOZV+r))g{Tk@M8fx!B(B@@V4AzlBQGjNrBePu zwT(se7wKD{l-6cU50#uYm|*1*+WuT4tw~!hDX zeuP6kV|IZkFvN7XC;l>W-4-Ke6+Jpa_H)Wp>28?rt9;J=%}S}7ZW{)(teKpOqV~opx z-KY7jSMfx2=KEULXwU9h>{ge^_PUIKN5S8`ja26C)Ee}(iX*0$&dr@9$EZCM{Mvvl zqro+;8KTxWk2@`{M}J@G6+mpVRBe|;q%WgbG;*=rOJO}(O;#5ucpmf-lnYfVMPcX} zVuXRC%9!T;pRrx?&}FATD3e0%_Ut~h$=OFa(S}DRab?+&E4Wr|5nSyPJg{X(fwjCd zhqT{2+wecFL#=Lsn37H$$C`LuRN%lD@Hxa z#o*4_dwMFrZc4Lfv*`2e9kP6(65+nl9&x7Jctw6sk*dfCSTxG-ZH&Q)VH=CId0mF89i<6 zX9q+cy5G?${@)+B4wHB@hKRO~tERKs?G5e|dOEt8&l^f#czrni)DI8G6@DnDl3_n& zirP|-yQ}9U(`S7Z!8ZFz9jbWC6OT>x@t-4mfdwU`6-Eovlm1Y>qUOp0EE}))pW_~; zzkfabRXa)r*{-DsD4EGZ`Tt0xPd(mHOoq5(!zxnh|I71p!*Z{r-n_bi zv2>e?d`C~dI)hunYe`6s|G$Z#z)xR}XD@wj9PoS}~FYy?tERx@Awu-Q2 zD$_L)PNT{k2VVzizR<8NFUqRZrt*D2>M8U?nte;1dS|No z+K&^bv-qEj#BIYa*ZCb~9R)Tym<9k&m`X9k!f$}Od0+F_$WGYKKUCa`@*ZqQ_W;MF zYx+3CBvO-hxUkkGL}2R15Z)jWX=o|hwt#^f3tJrAlEK#_8|ny7)w;Ml{$TBm?lg!J zdT>30sxRRYVH9^$l(*$HhPhS?EI5w1cqqW73V43yrf!{iiUA1o;&g}4b^q2PZ7OiS zU;}W3urRYoM9U2t&R^DcY;u#`)NBVCI=vSQL5F+t(;^@f5JlDDfAou;{O_dhldC^&c^6HF&DkO#^T8UM z1V9A0&UE+w%;IlLp~D+P!}E5GE$Ku;Up=pGX`EQD1SKc=m^TuJ@-3j~vln(t`>2d1ePZV@1r2p4R3+LEOy# z?fcZAEU9)r;mWR9OEgw3;f83QfnfsklI&D|tkv)WncXhtA#VI8zAo_CQ7R9NmrDvv z9@M!mV?i)Zmmkd@Q+|A!?#%;H(ymWuTN>NshPtK9-3vN016thx1|;EBLk5~@0DQee z5Ng9l_Kq$Zh$x3e@z~1+C^xr?ETBLM0JV8=;YOlZx^j)T9pr{M1~^_<5Q%P}WrVML zx)~1Kum{@eI`e}5WcCK4k*p`*vU+~@z0TlCm>I%`vW*pnPc&b#S)>A0{my52OcKxD zfE-`MwPOb8Zp$rbuomC0-w#mh{Db=JJH$LQfPmK17A*zPPjoC|7gBbVd+*z0|3?t8 zFqNums<5+Wfcjkoefu+;wG!~wTju{w1GG6Nd2QyZ~Z3($M$6}&2V4o1!GBz8s?=I= zVN&J7Ly0+hsf_~P#^-jkD*8f{#l>JX?1S6P(O;E_cKn1@!))paOh7C!YwBL9jePyz zlv)AtNYNe!kME|Ng2t~xR41jlUy01xALTZjYOMv z>7E$x@DK#EbDW3$t_*(+BPz+@LkElE70;Yh|JtP$9ixW9S&{n1fh0%vv= zzivj>YVXjf7@?7wAn2HlsS znKuLm@tR?n0;P`>FQWv(!=|OULEF%&fdH&u>pzTDccxrT`p>7&6~o?IEsWEFUX;sP zVwS~3#%OOMvxM|w=wfg(Nwu0z{T`5O^XzcLq=Q*08qFWeYZMT87q@iUuv1OD%GLVI zw@wex^XX|H2%*8Aspd*W?h}+384`=lJ-v5C4>Q&QjPA3bb)}UA=nj|<37p6!*a!VJ z2bCSSuu@5A; zF}O$r3bpC<7v?j^b*z~!{O zHrhi&u90T*%a**&{iUwHs5{pG#g(}v806;W1@$>0?)i>LmBWOwaf-hDyZTJK=#6h< zxh4(}X*7SO|MV;EgODN&Zea}%p!A%Xq7mMj=?I6Tnq9fffBRPX85_QA@^wd+J#stB z-(hyU#FKBS0iL=!|52c#1MD5g1VM1`CI3X_0X!EA2!<)Ia5{MZ%EGR zHbr9hh{t#=hCYRSx?S}z@=n~ki@TaWH1q2+73vC7EHoTdlwAB$^g45`1w9Se2-|Bu zjIcP}H=t%;P5enGILuNjQZ5qzS(yT4-(Q&kQV~cm{57^ID}_9Pc8vy8uNczF!m8oI z?d-m|O@@kT3yG&IDWL!hKvY)Bf^E)sz)g{b{ykC*1wZ+{SuWG9RnQ;207jXm7%7rgr`6J;W_=w1e+m10<5c%+=DnCBM;ZVOUZNE=r zA0Q6AH17fCh65R*6VtZK;Gz}joJ7CqE076u;M&-if8OGKNfB0EFysPM5xx`$upDNz zU_0P@SbySvww}rj?f~^qzlS%1v17fauMQ@yW_0cRkH;jJnzf?NKsUqh>-RcC#vZAE z89skP5C2W7QEB`pE;a%DjNR15h>R-=tU+1j^4tzR>H*YxBNB)=E+?m;nTw$3!=k++ z>;c%Q)B2))lwL#1$vI#@_YGQtUgi!sp9njz>5U(iuo|16KP5z@50FpAy^W^ZII~eF zjZ~VK?K!+yYBrGoErdvuM5O4#HZhxoCG_;%qT7Lu&su48NBMxjg~P%a&1z`sye|b4 zFQer0Y=uUAS39jFm>uk0GaO`^?%K|VLbH=%=mQ%K^m0oASc@k7*V=zx6zOD2#y-$L z`60VtQ@D5q7aI`Z9jD^oC=~luqOe|Z=N)jCX0`GGz8jSBtG|+VB~zB;U~^EhltM1d zq3|X1<&l!$+vL)CZRAd1GYzy?C&A_H!&M?RxD++2P@Sq_C&J`MlL>UtEid34TIJ5q zEGmLr5!7f6O7J7*OJPLO>(mb+NhKE#|*HcZqBct;_5sj0ILrwsX@ zP*m>20d9(3F3uji*bei)kUh`q-vnsa^I=Om)gSWs|DwAhXfANLKSmkVgtE=pY@C}O zW!GbgdWY^YJR*cUt?5+Ee#%2A;_m5}P@9=c5=ChJY{%t-!|K`{#cJe4YMO@I2XjRD zO+KAz{}ytj>nNsj=9~8`CNvcD=})j=3vXl5E@VGjtJ)%R5R)U-(xrIwoO*ua@p|b; zQphO2T)6XvvB+;)x0#tm;8slr9`z@d`^&u(C$=J#l;t>2*ls$YCY9Tt#j9x-Z%>Mz z4+|hsR$265rLLbh`tdG&XKJYHO%faa8&q^#@HZD#Bd1T`9U0lT*z9F_TuNZmFpea; z=xFh~3F5mI7j>xg(HHikPzyg^qX0_dMrbTlk6_7n)23!x$a1g;O8G+ zj?Nz+YJ`VspCaa4rdxhG%%h)_*d>r2bo0;ieRFt=P!xw0ih59P#{i$Lv)|la@l^Y( zTZr2cjOckV`5nPGvX5L#OB4&=pK)dH@h)iD`TsCk?H909dM%(ELH!)~!*0D37nk1v z|B@%MVQdEuWJkr8lC==!03QZlXqGNimtYGR`L*dTg6(?{*)m+7% zNQ}v$qm|O$45pwXoh^yGT-De$AcdMiPE~wcrp`e{Xt#q)VXp+#=-oI!TB~8x9{1qeQhvh_ zUjd|O-%OD~Q3;hrGa|BZ&~3(5opUDVypQ!|4MCxPoOrbv#(bUf+}P%NXltfv6enk; zQq4Kr$Czbx9N#+AhfZoUxzS&%Ho9HhQTHU( zQ}5-Wk6I3^D2FUli+7hUetZuI5Ky(tAWdYbq#8ka=PjQ-wUH{i-x37hh}}ODhaJa< z>jR_NPU4FAO66V~Q<(SN>BR(^5V+ zNNBL5(?~qZdJl&b_VFXp1io6~Or65_b+-7wNAa z()eB?2y~8CBN6YVD*c9sdgWgl%|ys%O4R$LJ`y}!<_~%~^DC%np-^#tqar%V-OTIY znA@j<)WPdVDrN)scX^&YVvyWGcm0JSu+j#_!dqC3u!GWpa#%T34eN%P=P$5keUz(Py#TdGz_2|B4M67J;yLsi6(5vMt zmg$R9>FsTL>R!K5(qM#R0W!^u>gXsxwn>4Y5hsc-1dz0Yw}2|!v~8&g@96qyLc_F)Ac0y@!;uRamC{gXcOfI(l2 zYnpqLY4e#NI)shv@wT;gGvU#t4i-jrap=};?7{8UUq4pIwJ~n?rH2&UPV?Ac| znE5(9M$I9byX^~Dq_@6>R70`0EY&Occ9{jhG-Jb_Ph-^%NVil+=Q{~LaP&hJQbW%< z7k$Qle&nL~^akinNOLXzMqU(Bg1_FS3qN8})L<{KjVi#ssK1YDy0;n9eq=GAxOdFT zX0}r>1L7;^m9wNih)AMM+Lni92RPj$X8IRjtyX03pQn-W&)%fx{6B1yP1v1)G-E<=!Cb>5^}~dS6sO>FN3ecHqQVJ!$5Eu<>}lRkGt-)~m-j$#p1)VG0kG z%HMLy-Y=@zyOGzB{zXFPt{y66=LQIi8%$m>oEsWD6s)l1iro8M-~AJ+rdNvZq9r-$ z-}Bo*Njj~iwKh@bixDvg`q;r%!(e!8ZOlWa`A;Y<%D`aFNvMJ}d;;Sh8AAY{$pjDc ze>M&N=@j$>YtFT}RR#}{H^yvNk2$lGWe8_5F+zJRC zd7UXPChmI~0^Fd7cWSxv7S9jl8D{R8@7%D4Ffon}?yFI^bV9&+w)}X7BzB*5_OETJ z8iSw>#ObN5r)M2cY3HYhIsSLI2n6E!PwgiZd-s-lRcV8cjKrnnn}5!G+DMf#fbRYW zIa56GQqLsE;cruT9krQNw}VdA!#qJaPxaM38Vtvbf31r)*z8eH41FOIr)?3|}>9A4f(nOgsOGEJfodw}7&hXb=bU9V)H zNRD=a0HZg%+Vx1x?hYNtdp#h@>cOwc-)j%$xbyU=*(L6XKyDv5$p*W!_KrYzhqKr#9P(2mi!MecIH~gQ-xk6gF!KO`gOb)@OtZ7)$L*VUbPjC-% zu<0@RIXfY1cL#@s1T9v-o{lJ<)Ia-tlzErl0x+C{+AEW9RB!wp`zXtI=OzGd0RXQzZdLk&h1NPls~~kJ=QAz6cv&xYCK@ zkaAEtW&l(w0w3A${CWxX*3JZ-EnG@_U*rMX&C|z#{&7rufeHu#v-22zeA>ANPA!uw z@3$QQEyGI$Al@URim#iZ<}b9mG?sjTGX)Ez|B!_eI>54uc06O2ZljB`A`UmvZ645_ z3eEWaH;NKCegnVrl6}|ObN;tTGk9~KiI}CMHrzTxW;p16@0mtjN|xC(5x-My{)LCn?do*wA`+^OGi-FV=?*dGh-QET=1vu?)?=)AGonl8X{ zofDr@miV0Ad!*~Umhd$HAYN)EIZ;@T(kRi-$pGt4-AkoR!qocYD;$uZ=)0pCR5<_d zG`jOZdi{$Se283dv{OK>l6waQ;Kk{qDc%w0w9z(Q>&Uu2x|^O7_B5n?8X}QxbZ8@tH>k=LVDUaRds+ zkJc+fddH1ZS{e~2Vo>AC0dQv+R**T!NCL(X`TvX|a*z%I7I6(=igoXq@(Y{fhq)_U?225)$CK;&iqm1*&D(!MpvDN>jv@rk6}LF<@P~mUKh3 z_C~^MkyZg>*dF{^tfilC^Y&W_1QeD(1teP6$6+<+0!S|_k_CRaL3=h*#0dnWh z$x>ceNZL#-?r06|niFYHLYWRZSfR>_5PqX>Bhm-P9Xn>=XT{Vg5I`FY(K9B}+9q`;`D+!T=yFU6kBl!EH8q6|meY%bI(%mA z@BrM%k3aD`7b4zUQzrN7HybSf6duK&sYxI`-1sikYU6Gh;JM>0p-#Eg z3UFoeLW*|Ee%&C&L>3+Z$=C5$s{J=%Elxa;1Ly!$DBor9fF|1uj7k&OMi}p~1)Qi(n zgTVv@=xH5T{%M@)aG%m{^1pf-lpYe$2>IiE-M?lgB47sONW324@=>QdySz~QwUPvK z6ZhmdqMk#u4@&|ZWJqs8P#J_>qu5B?w>ZRB1Wqk=;9fRsgO0h%j*#R z@qU4enYjFGIES0kKFlPOukCD#Zf|T|ZT_0j7Oy?5l@c)zNj}L*8>ACUUeYu0e?itY z?(i2+yZS@fHT2%+iE%k-mgx)O4|KRGfQ^@uv&M7b?zr2X2>gs{GKO zdhU@pQFTB6zx-cs$o#*7Mqnz61n&B2VX5(9;P{m770}@A%Phf$U`DyL%}$mnSGc3T zb>1XiYuMV`j|Q1sKpz4I0$bh--Z!dY`}fHG`50}QM5R%VpB2N5TL?SVo47kjwPH;Y z=(L!AIuis&c4-hW%Gi3A*ySRX;9a==6~p}QBOdHWY=ajGhgJ%oj?>Z?=ij}E5^pm} z26>Ie+A_mVAd!C30Zj@4;s{!4-6^40xUiN($Q^6u_PWG;F1^-efvM6Su(nc+6%usR zHrytr)nDDE2ATEhEK0OU%)jER+WVtKzFhSH67KC5Jw#+GcKTB#XK{U*9WKz~!enueRst z31o-DM={;oER7vN>f?ZhS7kU$F(dbh^i5oe*_RE91({dB9uPgOoA@yO4jZ;)k~v(Z zsY7&pH~RAl-F$uD5tstcN{uu{V!F_I+oK)Jtu+cfHd#{n23CmoBHLu_!QeSOseetqY;ytGr#IyUB%=02{v2ySv+!&rb_S zpS@b&vXb2DjeivSndH0IXX4y=o>i7l@ddA5yk?~Os7mmN%JtRbl&`8^mF1qLJ-*vH zI@X)r-ZStiJ1ISzhug#9E(QjB3pY_P%f0!H`pKI)4^97YEGRG69fDbQN-0%9uaUnI zdeDEpNhO7|dy5lAaT1@vsnIX2Kg+q+g#}ehw3q8}?J)ekMRKvOau%#r*7OpGbvg{5 z3vb>*8gQ`|yvZI&%M^GZ_tCVyO94kk63Ju{yNKt(b8iB#{?j>|GJ|D^i*@Cj{C)S~ zCAs>Vs(eNFQVv6FKNouPgJ1;2clL#QDf>CZLAz0yc~F2TDz?JofX7y1fkL|_{1p1g z@@;mN{#0=~b<*FRh|9t8_hV^m{JW>6`_3%r<>@DfXhnXyv^%GZaY82nN3rC;6&na< z=0|pk$-OIX$3-SmlGdmtKFsMiMJ7m;-c2+ZLc&~*>h?>egfh(zTHu#tr9(IUx8v`` zuORsYsA}(ZY88h1`37qx#*BykZchS&clS>f<4Wlj_!3X+c@5oHCWYZIQ}4Qq2%y22 zk6m-f{pV)=IinXqq`A*lWc2=-4u9mL$kF!7&U|4PpJuMSJJ;lUzg%!}&1C~~6_Tda zlwu>-t~kzP>IGCxxYiv%WQ3!roSN;;{L;*SM{6@zS26FsQ}X7K=q%!oGdB78{I_w< zibE4kTiCJ?j-$}mRjy9hQ{8a-w2y%X+3H)v-&e~0hzA<=Ls3mF0;2vB9zYLZoQByy zT&7>M>zg0*7%l4=IN$Nu-<(H1{EkYLcfNxjJ%k)=^#qj}nsGQpb8<9@-K*GE|yfPvcN|F?MfuFOh9q= zt|PKHVoj&UsQyrAQU;NJ!SPe$>TN2wo%}lHUo6!uA~xl_Yz4d9Ia-GdwP!(ab@iiP zpK!oF)s93-J~q(b-JZ4JBf%QniuRh%7WSX7g*&!+EP1U?lwAJh_ibs55vkW)(oz4N z0BQ8jy+P~=UtK->Wp)~$u^t3J-b~ixN(q7A-N5~8dgy%WBv@6mp0hEW4<7EzhBmV+ z)eaL5`4L^R$y4%u0IA8%!ui-l@2p3%Llx)BYNEHsSmZql+0cJTM&N+=iG=fIl_0|R z=#Kz(3s+o1<9@?{q3?-?&3wZz11Fj7iVi}dRifES3xz=68XH&E0|UyXy^!8oOEkN!ri41*%UxjKbQx-1dilph7Y6 zsmxEd$E%F|Z^n`MTYWB%w=|11-!JHLZ=~>A>aO)Cq*I%w9hUju3}pCSTKlZ0fKN58 zGVdcUQvM!v^-x`qCW{v-V{5tX46I4_e&)FA_YW1NIdxOo#~upPgp?#rdZI5~1;N?j zL5m^-)I=`l=Jw12^R8-x=x^&mmZA2aTuC%^G}wbq`HBxT=ck09a!(N*gdP*7WyW1% zOCb+;N0lVp`~wc4zE?9DKKs@%-?MaZzys^QQ&x(9G<`4D{k6?m)OvU`WfnUvLvFAN zm1{JM6`OdfXjjS1{a-A=w^e;KP|Dg8il1lwNfj7+CwlN|=WlLgy7zWLjrHi$MmY2e zZ@^``(!yXl=kjEyQ9Q%$^p)*GU#PLXZy{Cy-vE`>TJ!dxzr;ZqgA}f4o`TXw>4jZ-;)>>sNUT@Yrc@knLNck@U(DZs~0aJumI@oH-|0ceY(vGqi83hGcWfpBk(;4&8G78mq9 z8&&QSt&ZOR+R0}rlzcAm$!mr6zJ?*84VrvjOxjBnQK8mydb`;gH=7M!0v;Mwq|=?! z#zFDhb2H5Kx^yO8sE$_UiQ}TA(S$7Q4Ce3u*U#z6;UsDlvIBw1T>Y{lPN{GYt%p9# z{NXqMzOPS8Ts8*nhlcs@FL}Pwf4}70&K}r&$x6;v6wf}pfwv_E7WB5`Ovf^Ptu+Sa zw`pJ}6%LUpGDazOFgBhkck}sjq(`8`oCJa3A`&Ko-uL*+%^H`#({r3_q#ix%=C zj^U5FXE7rC<>r{;G>gp+!lBbI7h zw^S!35YeGm-P8`QZjB!B{q@iUiu3NSAF|O@_F}F4k~)p2F#`iO6U9zhQG6Mf)B^U^ zMt&C-X3Sz!VOU>GTV~cvw}RW0?k|c-KtMX0r|9C+{x|wg z&~3qMgLZ=-4RMqhRNlzdeEc=lpXYqgPR!5aYnETdqR+{c%V`K|sE0(BSx*eXXXN$g z4QqV$MD{h`kn3 ztg+>9fw>eO5uH4qh(!Z&C07yT*1(@RvEnoJbx|}ze|200Y^RLF>AZis^dLc-uv zHN-L3XKEeb>}#z>Eyko>GXoot%!>pTm3E!_z=cU8|M|8Ti0CJjl6goQ+V#jHi&v3c zP)ANq5(Z*i2?yooAifOgK+KEdP>We3;-yqnGOX(MnWR7Bgv zb-?Bp-h7tf^WJ%sEhWap9|av|lF+X#*5(lw!oe`#zxN}+HY87li3Cg-eyP0puv^?D zItXf7l96A%?_nRakoXY97tw|(g8Q?Dsa*ip!H10dbe~<4d&2G#BLi8Y^#M5<`#KT} znNu+wi6U`q^qmMt&mS}x;$&x14-Ct+ohw6oEk9$aF;0+u7gPO2ci6=jX)w;|5PP+& zy!LS0DF|FQbPP%eG!thw zvq<;`!C5|7WR)(8pk|Y0aiYV}t$1G~yetasJAAD}g6B~yl|d~p z$Q;;5yCO(kh@yN@y=Z5C*(C9z>p!Za=|xxQ?)VcjkWuG~lvHPr6x%A`i(FRMzIeNA zM0h(^$7fvMO-u+u-C600g;_V7EK&!ozhu<>02vCd?rdfnIZVfc>WFBXuwVTCBINX1 zikX0}Z|7JCZ3uE3LDTYwBi1Y&`xshCQ;#+{-2u<12#~O+#^A7xsUDdHh05skRt_mOOI5}nwgt*pjaXliv#pF$~E)|{U(7*&{drFkuN z2X&=h@JP(51Q_CwpM5k98o)(FpOCUxyv>3g;hzb2;KaJIdp!UOs8(8HK}lt#+gIm#{+x~|%`{BOA};OQzf(~NXr-K> z!4uLF$Kf*Rr+t@Qe|n5!v3Ru%y>e6OLxb@-Wp-31+b0OHFmz%7T0I4>p)%ovKtEb3dQ}R|Kb|V zM`ZY2( zfsQg{H+)7>mBe`+2vK23MWl1#zFlFUgRE>XbJ0OuJ~M<>%a5pm+HOsZ{J!dY(FD#2 z{CbF{B!X6#bt9uqMvCk5<0NsWvp$of&or1fJ3M}V3zY=}Ut+E5eYH4@xZgbTGa_B^ zJ*xtB6&y6y`>MF(5%>ec%JUh+{dK}Bk@Ra7fHoOko(@06)p5Ey-RsU&zwBvA!S!v_ zYokv^co!54rP@SSX%!4or?Z@ASXP1sYJvSnC_3!XD^=2eHp4=Mvx*6MSP`NQ4wolB{)Lwovu#cA^psQ10RH zKDKQxk7GbviBl5aYL|IR22!k@CL*QiYLvFu_=h^NxKu8qRki-FH##e;Rp2|urv<0G zn=?7x{6&$k`lUQ7QXdb$QfP8lhc4>AaxKV^C}VoAKx6uu==>xBdDVA00f#)9Iu zJ^g_FuN%RbEoqNXeA*3Wf?f-{AD;`;>n8L?nS=-uZHtow)WQj9^=WKx3H70n`pAyx zCvoP_LN*?k@}E=$JcNBy-(}Ky6wLH&P{eI}wR>}+xzTOwZ;#Ea$br(9NP=H6NL{$jUp6AXDCzf|OLFs*oamS*{hJ>6=6x9^GWX~sDs-n?Or z?5k=boc*qyim%eAcV=t z=18>056++BntiB+fl^>$os4U+}JbC>6qO4$dr*DB6X4mCeI^LBlV;uV~WrI zaAba@kUfi?rDTM}R`55_frl9-B$`^lUDIgJq#WsNYqY10n)AWVM2X7|HkChOv2CBB zH4sS|Z6;8H0iJ9YtzzG%w7xq~!Wb|45;vSG;IGK@ENV>riJtFRe|p*bDEhjYAOF;fWzQft z^!y%~IoROjyYyUI-(LI($Gf~1e6UWF+s?$F1;~-&8QybpVze*D*f%K>SN*)5pk0?G zwJ(W!Ox({sEeMfFp`#JM-Z_v{8!ewKD^?2`lh#)_$h~YA57}NP%;TPxjfC4>!^K8En?rw@y9RKS4y|{iJ z(;v~{*IxVe8*}H{>lJl8^z1F>k)4%qXFLdSS{;VZK_%x_u(=h?{#lYLQFBO(au{8{ zPjri`ejK$fP;VlFlne{)MWF0@$M;|qM5#_ycdm(?CA2$x05V%`y@K@Ds5kG8`|E&4 z_q`d;aZwlacQ^LTQY&U0XWLGWORa57q0+cX;zC(Se|Gb=-Vdf(n=@E&8lo_4o9S5k zw$_pproa7endTIB5Ed#xS)AgA7A?&`XzpF!B4z)gRiMGkZ=Gf$z~=O`B{7E=!Eo3H zNr|J`n>^}px;BqXf6Uxmxi$}7b9Lr_M%K@SI3V?{m57{R=r9^R*>#g-POu!}@`-RK z7c)~oyORfdb1^7jjY5GX(Mn&|5%*1qgT7SxOJ=e;jP3CvOYm7rZe&h4MyL*-5I6m7 zWrCi~OJUS=O-L5S``V@zO(;>4eA4?x{z}u7nmQq2h9*bB0$WOi4T18oY1Y$}$I+s35W4g4<$0X3hyd{b; zqT%5VS>z0g?7R7QF8aPJ+f(wZza(O-_I;8W}|hF*8ug)3Z-fv$z-xH`1)f|KHP#AtIVO z6w?cd8L`?XP`2lkn}rnIN-}{6!>1N*F}Th^rq@>qaL6K7;6uX0Lj9mE`f!Pw-h}<9 zTK+pX-xb54T*}P%*9jNFZplGx=));kFo^r=7rBOp^TdZA2yhRY#-|HlV z)j6O=4?XH2gk{Xi4rPeVL-_4x%y%ZsJpBIL5~~xQ;mo}NyIprhU9G@C4bmR<;th~^ zfj)nc#{TWridhN~eR{Q96t8X2cV^z1XZGx8@8`99tfB~adXljC`(v1}BcxYB z^l_yEpm<_d78+kX*lp#-(;Q#n7e5C>C;iZDd`LvtSCtOVeWOOo*Fd;fd|$%DHRbYxfdX2 z`bXCO>V*~EAy8Bh1;b?1=2^1h+U^9QAug?F`sYd$p_w`vx@1~oU)2MB@a@Fx*A=Wb zTcyZg`r3x>GcXH-g@M-uE+SGK*$xcW4$MlrR7#YSCf!kSD7^`v3LCmzH(SVU_&?;zA~cOi-8D(|)NP>cNqnOPd* z5CP}&iarf48`>Oq>f0*Dk$0ktYrQm0M8@0v@g?OZ{G7s<&qqtcnvS4aLt9>z3?uRX+jOoh#i zC|W7H_Kq*%!J`%JW=}|6%Rcfm9W+lt!sJe+pfA~I-VU54L9?BC+j9200pYE7d)a$LD)|D6S)=>Fs7%18;8h9BV<3l%3F$S)MRhW=PDu%<#*F=t4vheIK{USg;j^bMmxUuCL)-L5QqlI zm<}?OvXv+V>r{$4zj<2>l4{K+9LF~pc)ZtF0V0LW(}$$!hDTt<*3O~6-9S9`v!b^< zYk!w=;1MpZjj&v=;)OF=vtK{>GvQFeltH0e)L&=vW+E^7-@Q;E={xrvqH{=PGS{FI zenMw6)W++t;*Q8w5Ah+od?^_xQB2Rs#jf1?rE{;bB@2>CTHc`IoisY0xyjIB`Uv4} zEYQBf$`~VDHNd7vjQqATbfJ zc909`s^|L;IQ#|IW92oe^p^4CCD`m`zXI9~fgnBA_|(g4=>4BsxHO}OWZ~TZ>o@G4 z5X}$7ca;eETT1u;5&nJ>Z1*wE{y|LG$Iyhkx5M^)&()SL8nA_rOE#@IJ&1nAQEL#> zT~f=~?m&Xpoz^5=K&e&bZ-96Odv^iOa5fvPFyYuNZSpJk^HhD`)|C?Ty%9Py@m^<| zhx}5plyAeW9ES3%d|ffi*oiKh2d?0X{7t~A(7*bO0qZwNct_dgI3SFA1 z>bmM>HY#y$9t@)p7D-@qGiUx8%Sz(A6i5o*`(j+Trq0Huin<%YH-lAfK8|4*8FqQK z+3gz2%u#){3>6yP!`2WUS?RqFD&J1pJv6Puo8ul8+KQ=qp68&5y;x z=75#*ou`h93~mIXBduy{-GsLxJhD7gzv&OvGlar;HZT4F?4^)d(cUdwwDnt-QJyiP zN`JeB>t4Io33nFv7c<;K-+c->m$tqBG*8t*U{wHq&oo=B=y@$bzH;;vq8xKV04u&o z;<>^f?-(->rT_N&_EHNxaQNIo^A&Rt+;ykb|MLdY!+{EX{DsDLxfve=1q!)V-o@rO z$2nE!V#RvHy;P;y5YWM7Q+^Vv7lv@(lCg?kcs&L)D zl=XTrPX^z<6U4a4bM_K9k8yVsk%u2U3+d4VonO2eGw7gsR#9Um8h8l-S*7PIa;2P1 z`<{9i=+~BaO)8gjiK+f>1PsR_-n(gMSWjksW$3fnDZWE-4L=v@W-DWd+|QF^g9Gkp z1EWOgHmv;S0S(X1Rmx+`x$<{lw%C38-?N3ta-aa3cN1119{;ki!Ti7Tt*^ zts%5E9$O3Zs(S%c!uCvu04z?#X&Wx1QUhKnyfPrL$x9X`qMC$LloVk~{m)g>XgwyD z5XS(SpUu^7kL0w2lF>NF8%)YW)}p!Z*ImAZNW+*C(HVIz=h7H=w%`HnG2SK8WDPPV zZt)AjRLrtcw2JVpV~`md2So*@)Pr~kN8b7~`;$(6gvpf+3b^-@u}jg88%OW9?g2oh zf1T-J#mgSH%n*M&r8q^9B)HbMbFm?CdQHuXdR7_Xwh=E%gR6Ucy$aclyW(7D+Y-n)%g@=*< zP%c%P%a(uDpQ(f=P2OxHMLw2Y=2@(v9-5o=pC1df6TTxRGAU>Oq}g(#S!$;YF*h6_ z*A2+&^-Br(8CGrDqlU%awAF=;+BAEU?V+cSUE*ya8MmRxNkpH$3?rv&2|JVh3FbX9 zh9NmhQb{J{tRmbCIomlLTq2ht-tm!SHUQh-p!g?L4xJ+if&N4c@G$wx=^H}4 zXCoKm-1#@^KCY-otx|yt%KhgBHSsi8qXZxN(}Aq)?YAE~1p~0EUkZ@_Y(r__-NDa! z2ZCR~i;9M=|M+$4(;8&NdHI%yCq~kB{nVOI01uXriqG(^jxU-RODQ?^h~)Zm{S-?( z+x01@5U|BBmWR{{Tp1Vax30hBdU1u;)#5TiO|@@}(GsbQm)R(V4C=bmJv~z+E^NAg zr=o}F3r)R$6M#)5{!;t*PX9_FZp~mZQM8%1ULUXgUUN+%it)1Q{}gPzpa6mmH5~g> zS&4r}7OrKyvruS3|%t$313RT$wRnu3|> zLg;I-XHI_^w{O}o4)>+A%vJ~Oy=lK)^r`t^u5K`n^RnF!;{;z!)t#JIk&lxASA5bl zat~Zn>A$Y24MAfs@MpZzmT0_$?ilvdFm`)}sofMA4WMOe|Gl$24CD{{B;-gl%1;ab zplB>*lxVI+$wZOkd|=U|)%bTlF<7}wA~$B3y~KG5&+ww>J5|&Td$tJ_61HdI9naMN z`vnUH{HVSUeJ&Y?F%MNdm#`W&3E||U>l?Ryg$eiwK{fvFijzD&hDmxKSPf@32bUQ< zIu2ql~k9!pM?&Nm>?MX+MdRr^(vxH z2|=65N(ibuji>PqI*yt%z_Ds_TJ8&!&WhJeKiEvw{p^*Ub1u-TdZ+p2S?4=ubPY~O z<4QC!Ovk@SuVxI?X|&#q$(3B48q;cUcc`y6NXelS24bq{KcUjYUjt+>?Bqz$o7+!U zhZtEvf*RTg*-48yyIK$r1cug{0H8gGXbgprn|9%gvbQP@UZ;8Z;N4V@MuT$d!!=f)P z8_ov3(x4GBRDZ%6>>*g}4eKBh3_dQ(7QhXB(6(;L>6Elr@~us{6RTF0tArHrlY7`V zU85V@#j4w?BH}tni8T8zf`8A?b&y+s1fGDtyixvb8>FCXe*SHXJIrSi@#BJot>xa- zVBdR%gHJeW&8LJ6k2VIVs%rFX8(aAvv)R4q`T%0&6llQ>*kF-S-CfapRHAEEvyE)cd+hxH$L_{V z;YXd5 zGVQ2@b zXQj-Kn;W)ML`?!7rAq(sIX!l(U-?q723+FT%avhq4F_RT6D??2awKz~#{?;QXgd95 zZ_)n}WKcWR-cSByA!K(1N>i@;lyCGrwXoYxV;}7&IKpPXkI!rEeTwyNC9~6k>}I#q zdb<~ARrxu=@d{e%QqB=yvox|Z6j$97_k%aOwKt>F(+bGccPC1kbSh$LD}FdBmWj=u#&7LUx4j!H(l&VIYkk^UN8>pu$l>^D)lIpC z)%tK3ZG-tb@-zS|x)pYiQyy+#rG{%5pn596_)1Pgow z0br3C&yBEi?a};vU7Ho$`SKi;_*}XZ=^X<^cr8&tqdW0J9{Q2glzG$fZi@WDQnoGK z$p$F7Uu4vzV6VP@f8(&3R^IMxog3B`9KctF={QKxMnVR!7~W7qt``}&E zii|40Ga(Q2*gbB!tcopNyJA@WVdwRaep{bcIr9DM&-EmItJyu*&_#XUC?r2w>Fw>; zXv0VYTLLRP1~I#WTiWI;())XzLl3coRWeDru`@$9=Hlc+BBCNiqC8zJ3ii zS1_KyDN;reNmHI(Fj87$|I%kwUA^`E|jzZ_R#+l$~wU$w5IQu7xT9%lN_KS)jp~+3Qs;MU5T3l>6=8ZJp5V9ES?eT6~Z32p3n(+IRQxhvjQ{%-5WQfa+ zk~f;4UFy=%mAQ>_E-~J?T~v!60;OCdo0B7BgQHje{@+W8%^NK*QWe^MZQ9Ry`b&@|X`0LdlZD^mFWJR< znLc0dWcks?z(+^!jouB$(`vXhYoCPb#_2kP=N;*(RbNlEmg(F=%U={_uh$_1ZB8BM z+2L~~?~M+sGir1Ozr;D7^xV)AHhO8mnrfT90JokONZjC)MJh%!pFa*Z85DiZI6+pizsm(4HeXT;BGNbfU)6u+$>t-ACL`sMR zISh^V-Kv_BwohDrF@OtMtGG*5I01dUK!HZYo>>_fPTx1qjT>)L?G>uF9kVWx-}{g@ zl9SZ&x=jX`dAIhNM>)9uz z9MFMN>86{#=4elch6rE0p~Y*Tjp#$ycdoO|ZmZMBg{@=!bz#Z*M(#;P2K&L#U*_>x z^Q{737uH2e@s}qS)pnum%xX<1vkX^!`+ZN@TrI1r;t3S(U?5;W{+!D|~v;M4R zK}{+BQ?(Gf}q8;LL(b7askc(SaQ?PUl=bd{prVf5cqB_}b}PZw8^CIzD5<2`?jT;0n6>{9aQV8+Yje>z9?w{z%g9c;j$ zv^%B-g@oe$$j%Xhd9-C^?41nk9mKII@L0I?}3zN~&istRV;xG=6iP#4?d z=@Fo*SoA(^0-vluld?bcdudS8Yuvp4v|VxPRx*0Bp>^jSFWLH zt|qrzP1TYVY;&%{E%K&hk8}Z!<2+0Q04O_50RO%?>AA9hKqffSKdR>wozi^4lOi<|3;%53#8);2HY#{JfG2zh877cj=UQhq0c&94gS8 z+gm!HV54VnJ>Kyg4S6c7H_?hnq)&GnN4|X`qVSknt6<}90JhXL(_U*uGe2&xl;#H@aZx8Nrnp3s^aM6oSQZJPx@*<;~dh0JPr(DDmbftf$#O98-_EK@J`av1dBU1FXG6xy-gNOgY*3N^#J3$9NJ|=w308arz z`O}KV-SI1R?!gUhzNd#q+|Gp$4;V))U&pRD`8w`(e#$0CW((#WoPVMej}8Bp?3f>b z{gCTK4MYFfVF1k&5(1`?MvzC7blcFsqE(p4y0q1&SOXqeH}*xdz)@_1FQplXByBi- z@L2|cXZ*pRIKu=UELcNO67uWn49yG|8(4uOL>W*N5{w2fK`YSfrL8n!&`!6RzP;GH; zQei)>3y|d+ZBabgj7&rJY^g5IP>D43PkUkIt;Wi8y$_c2qZgI>-vH6_5c24EmwwiT zB_u$V;iVmGw`IYdVi)`pISLksnM&d?4LGm-Vg%g=YF&eh%eY39R?>taoo5 zzQk*-RZtYw^H3_Z(odk~+`t@%i}%`(Gk(2I>a`7Ydt*=Tv!Am}|J>qc>qQNxy>R^- zA^T6j0dgdnBiqY^Qx}EfW{tGfy)u(;a8fY|iI$5wL0CkM{p3M5x_t(C74Evu$7$!0 zv~j>objn)3f7llv)0@?ou9SS$&-L4cPwEi~`tyxzma(odvFK>AG=*QUjqHiAfQ7LO z1ULQfJ)?v}ANAeX3MVK(d+Soj(Mr$INN@K3RF8!uNuXbDb(#5BlRlaO;`H~M(pnur zAKlUmq|mGArlz>7dXo0PX>Z{CpdE&dp0(HHT-RO!#dA}d^T31M?ZL+r;QZ%^QBZ9H zQu%UuJSMPr{QHegUC52t3ctQ2?k$4ka0)C5TSI08=jbZisd3%+L>(!%b)Cslb{qOy zrLJZ&Frl&qjm5%>-tpJ+;bSF6ip-P-0`Z*~LOe;ZJ&iU7S<2lFFUjCa7SpWyIZx=2>?VSj6p zFjHQ-O}UH+d#y7Q;qy42YakCd}ZktM%DDGMV8^ta-7A~UP`o&R*p;e#(t1!%#Cwq9% z`kNY#twH;!aSu0(V`|snAP=C%yx;%?&|_d;(jlrIeWP#1cL7J+!Rb0ys5_I|=ZB?bXYS#>SW4 zp}3yW?ONb*0WyG0NkUTY;(1Y+@z@A(AjqJ|-pgQ&%g8olavV_E@=@Opbea2J_H%4{ zJ1?MGE(SoULs)miuK}T40u+6-50X@-OWWTge$D(F9oaO&x&vg#54&e_6AT?U?svCc zX*&8H#)<`YlroSDl4CB)^veTy2t z;WyO{E(@Z;ap^U5Y?IQsC+b&^ohaRo zhK7wvSu`ZxtUcU8Hj~QkE~vkP*}at1r+7G7Y#?WGys&<^AL-N&pAF>?hw2&n;L73m zPrdV*G&1{v;Z-KN_pK;b7cu@_ zunpS$44=A+257L!YA!LFjs6|8$i@PSHA2>91yMr`R5XIUtbwA06eZAZ-=}dXr1g6w z#3sCyAVq=5Qa_3ZRtYd{5Cy_Fnhy->U2QCiUW&+PU^6ZJJl9}k*L*kO$i_aPU|SYC z3~i%D*RIR06FEa}lw891s$BFoqGY@YaK@&j0oaoi346bWzui$uC|$rg1_bGf{Z*m> zk4Cjkhy%zj^*(9=5}14lsW2I1VY1FXgsCv*Cd|l|3m+jhZGST7C+h@B_1i2xCPwMV zmkB*B)tU_;hHo9=$f$T>ZuBU6Drw*c`5^HW0CU@m4Mezh5%Y51+>$ZzH)mD@ zX%$9m;~`!6^ryHCEO1b1)Wn*5eK><$CR22x5m!Qx5mxEe+@-50lXz37Omhyzd6WHx zMMB}6jR@MlC9pJW2ea2g?9xXvy*Xu_LGt;a6pP&+aGnpvWBumy>o)&q$^@}T3)v0g&7jW8C zg44qUC;~La@mnT=%E7>dmdNq?>?M92C@TJSbXg}(=FT+*ExY#lsOIMI#=ETPtnl?Q z22}jzi($+nu68$ohKuU5c!;?Iy0%%$jzRjmNzp3er$J6;FYr{PGtPm*vMa`n>oIfib}7+oZhAY}Xs{x@-~&a2}Y z((?>&cRmIVf&3;r*DgrXD)q!POEJ?Vm7Esc5~K1^m+zBrQ+&KDkhB0K^V2QC%9Kp- zX-Y^hUJ?53RqOOMevF($$?-UU*cP=jbdRkXcl^?>k@%C-Slp)lAtb(*EzC~ZPQ>q- zv#EhjY~U_=ms`0sTBkx+&H<@QE6TZj2AArY;N55uXu)#o;+twW>6durxqGzcr^q*m z8z!6W8S+aO!PSTkd-87u-`06Vg15c@$;u(Xp1njL5{xaChZ^ZClPDj>KZa1MTr9n} z51eT1$__F;DzgD{R0=4aw@<0rQwq`MPGprVQkyaSSqsvtKpLq(RcwSN_z z(mZ|s!;{OUa<6E@x0nKgZXhCz*E{54+R-2NNziva_NrV7y;K6vcEz!Kb5qj8?`JeV zXFLa!=CO}H+a+!*jE`X6xr7&9dF(g*N4Iks0x)#89dL!#y(A!-05CcMrBum*grsTa zTS5a)AmAHTc_83(UFO0Ilhl=OVv` zB_$c2zcvzjCT8PSCG!c-8xGYyX^)+bU?bsV$D|5T#%4E@(Yr-A2|X=MAzTOPzYjwP zvGJT?J*hh({=nc6#JKtO$@}NZWYZNEj|%_`m;NZU_?9EfKmdcOi1oz}>?TMn!iHv>YB%>WO?&_&m%E&;OD-{#Sgb zG)|z*63R1C1e>ivOx&m7Ft?m|epgp@A|V0*Wv)mW9qOEYyC^B#soQWS?a4yIL%CT^ zCpwd2ueGxKA7(C%?DUBMqr*743D?sxPQG(6qz4VT0gFY$or`s@>nqbdbPTDun8K9A ziJ;0~xO**Jmp=b;L4daWzLzr!Sh|n)mVEzc!-4sP-Jt6z2n#SHIyasyNZA>R!zl84bdH1}? zNlXgXY@YWC-Np5dhAp*(_H@+*h+H4D6Zh?lTd7iZ=~Vt5`fBn!&l2!tVOJ?E?Hy3> z*6l*(Kh#F6rCs0TDcaQdEUx|0!#Ig7h+wdYq4YSODJM!KTfR-tXCqXSMY=~jkWGMR;kdayFjXdL)dzQe z1E~f#^ADrwj4Hh@E;)8<%t;8XB%ymTA0VqqOXUv$@N*|9cX-jbGqFTkN1H3<3a{qV zxFnhNBum8Z-VV1-7f%<_s1kRhXNYbHk>WADXz~~s6eeZ+<77-Cuyp*x4q9`lRtFa=u6MTjpzgZ>Bl_RX*j2((a4Sob#3*WNTaxmP3~9vEz#gJjft zY{`LC0H8@@{7=lyb0Pt_lELh03_`2((_E8P1ZYcR)hVttHf2%_FA&a--p%uY;Cx{O z9n5*npG6aLX7~XyJ5~m@9<=$XbtdHcc9rGNav7%uMCBTrvW|-Faa4C`RRwKfNExu3 zuI;`llm4WxjJfTqvP-PA*pHfd7sx!1gRoCR{A?(-^n`vWd4O)Rui;iWsV=LpG|LP>6iU@; z^smSSKyYvAM=O(%4yN!cC^1kNsB7#sT&ODtpmqWQMkd@ZixRUdoYGM%vlcNzPS%Fw zr)0qw%m`=4)fuJcHpRlZP%X2<8J)tAGv{X^gJ{lioo@~YR>F;L#=d!iNN5y4 z3hjglMXibeA7Dc(RlFtS9Q6&BJkEn6gZk>|1NJ5lOkCelE>Jyb0Uw>4`bT@^EZnf) zhgFComr9l}ll=-`i`1OS@=IDj6B;2l%xFf#!A$Kf3rg87IBvmT3d&eHi|b&eX_BKr zFJ^wd8MM7KwB@|LvKbDlPRxk?&mrT&tIdf=W#Fh)Jv*P2=9zYWwOqN$Y)p|j!>2^# z=@5bXat24#2eeF+uXnaXa$|_2piZA#q#zMH3>cCd%VAxSp~wk@5TsKdlfzNE+AM`4 z6@5xSLA0oJ1x6*d)i$su5{g^LVxw-;JorMZdlPt>xglzk*6vP96TmJ!0ZRX*`ies~ zL^?4ktz;Wa2)lkJ7T9x8KijJ%E2L`95xQ2ve)-1@< zUaJ(-DFKLq)7vloC!-^G@a>eG*A<>GYM+HKCJbD-|99gA{2rY2Hv_Uv-?TFaLl4OT zbKojj9ZrCBl%Snlfr$ChGugmHLKFSZF=m)T5~&<>SUTRlOCc&guk=*?a&3bUTBoqA z6j~7;HbFucvKs0JTuza|_%^0%{wJFTB0wQY4d3k4GTp=UmbKetfsY|MgTc$hrly@P`F#Ho-19=;AV|6s?f7 zI%Y0kSE%Vs{M$cm&COoo3feh`wnHvxm_+Sd6T$Nxv0Yq5ym}icqV*b% z^4Aq6CEitu7jiKBp`9f5VsaGE0F8#!qBVNv)l1lI9JEm}XGn#FKy@)Edev6V( zR+`ZCEAO>S!0Ps2#ciyfF z7PbWnJH93}^Am*CkV44!$S#FI=9I1(tL0EYD7ac~Jpxeku3vwqN`j76t6{|{TugJo>B$-+K?_eVKO{z#IA=;E=P@1!FPDO{p9wo6h^!u(XoxDvw3;FF} zDwvk8FA;K+)a05oR_1+0_Dciu;?gi?t7n?Hu|Xiy9x+=QeA=+bmYFZb;nE*| z%|3Q>n{qI6@o{7qCFZ?XR87rMF{HiLP05*o2CDyN{wmpN9*3Dp+~PV}g2?gClH8cA zI}~MT|CvE?=YI`Zv)kn)*DoK8aO>3H@7^wq_R}g4Xgep(H!Lo?)b}>Do(PqQ_t@4X zt3fHU^tS{UHn?x5z6Z-&$jJackEw%dgD5KOHzslPy zqRP2;5eM(S)JD96Z{nW{8DX#|+xz4HN)y}=b{89G4gGNxVGQJ2PYJ59oY>k?JL z>3Lp8zLWLot(6ky7e~)V67}T3U4EvS@y}g;0O)z1TK)N>H`pcdXH;Mtj{%3KVW*3K zL6okx60UKT$^HS&9<1-NRM{IKd5A3HyPnZL;$QGHv4BpG%_KAnd*Ts`={4=1)@j^ zsS>&;27drQLA7HCV_fHHIyd63!6gr_HJF|43C!$&gnLmX;EgR!TcC3s$OD_Xjm8)5 zzXK9Qyq^!=IISF3*5LYA85;BN&mL2TUyyGnP@n{b#$#?v7VxWqEYzS`hwf*M+_lqV zz;F8IWZ&NTw~0!W=7#hsm6fn z!(W9km^2&wVN4=rhVpfKwT>^SR>i7>1xobXn~gWZf7_$dPVc>q9yJ zwscM14}oUjYkXxhQCaEKSIn&o8VL@K-SAZ#RvF81iP|GEtHHW?HF0`4vmf;UBlsAc z9F-`)KEWKrI7b<{?~M%?>8%%vtJPR)7U%#B`|CaZ{byBi#Ag{%jphKLSG#v=r0i^1 zUje>wo^=|JVNo zZ28Z^|Mh=@KmXI}i0ohg&;R#-{QrObyZ`O)?GtVNRW@Dm*S}EipHKfnpn6=lf1&)p z5G0+ZzrRgdEos00Jro<*1orpiw<(+A`_C~5grNTgg8vH&c`)%WltHNX4f-2F;pCs= z)2bN$twH>62sH4Y^fYgVZCvYrp)B|=4_ncJzhEelK&ZeWTvSr z!Xi@}a1R2Gl7FKF*!-VV$|xo7 zkod5z^3x)>@lGB)OLSAy=Lml4y8H`aCGfx53X9@*&_5LKIN~SPnX)jwC&%2XO(^~$ z{i%GrkHAk6-Sefa$g&)vuh$tzscrW#e?c>#&)9;JD5TAA^Z|z>qyR-}8KF1WvrGqh zEIB!?V9yO~g(&EQ20IM#R*w?H-P!Uj&})L0l;(R7>FTXUeWgtXUj*2Nk|(ZsiV;O zGZPw|#CoTRjdDKhymt)y2K^WxoJoIm^{KyI=aAsBg@(3b>*%@HR`cm*WPmT5Nza){J1hodG{lq z9L#6ok&__?f4N9}Xi~=H!-KPt^|q5Tf0!UW2tV@B#TpbYm4j6;WQ*~~JA%$doyktt zGx#ia7wdEzI23$gTZ`ST99Ar5u*2pD@ZR#CLbI?*TptaUua8RGqFQ4l zI1F?#>)Um!M9>}FA^|vx=p64`@>_cnyzw~!FHe6-W0Y;nM_;q`@ZM3!L;=xF> z38up`B{3hzPq5<>+%o{4#-KWOb}cbq+RZ+6K-?R zM2>h_whw33?(RcG$mx(0v(6tep!!RE?Ku%``5hppLsD>o1J~{S3|ILc=ZlD7)D>%Q z`{vaYu z{Hr|h_wMQem#u|D#Zo+CIViWwU*8egdB;$@&aINqX!a8VW;weN->%QZK(z2@z4RV4 zS_P$J6E({jce5K)7rN(T-Fv2!+`U}uqJX&xg(js5_KWx@F?sM=;Cb?bqU5ODr^Xb% z!p!gV@(#@}lNL7uHF;A+3uS&;CZuF|?sVDO ziDMFiu_d=BLz3?_e_~I)xRu>cAtsB@>mP%R^BqKrgDGc0I1pIpQHWw;or%N{D%|Xe zPm{YQM@XAn7I=R_Eh|;Bz`SKCwmQY|OfCdz_Iqr)Pr#d0CS5ti?$a_Uo!pNt)M!B0DD|-x*w!+z=plzgI)?MVvJ%TJD!FMp>gr z?gx;0RjLLlY3^AN&cyM+q2JG3xK(K);)-z}%o4ur2czUZ#Q{k23ZZXvIksGIpE8@XE;d|+;q zZx`LMOLbH4^Z|EjQpoX@7IqKvzG5KWLOaAFlMI<9I)#x@DV?NoMwiXc{+(Eny}4Jn z*h)cq)9ckz4dzwL)z9Rc+^crhL#e<=@{U;1J%z#${15nAHe>5K*zv{4=K#fH7umYz z*h(_Ae~jD_zg6K|JH-|}a2f_2k8|T=4CM!Q&h@P5ld10z(v3%FmOv+RHE3AXKF>F% z`lpw0!I%3U;juzH%Jg)dn$+h4_v>Y{*72uG_Y<`2d);+sPxLbcpphW=BUcy{lu+{6 zc#fQRkI;plIOHVtWNz7BBi6ekwSMuBmZu#Sd_p$(R$WZ2#o+xs|1}y%Du@j?KR;wr zHEnBGW_QZL;iPIdpf0L>%H_2mR73m^BAc_(vD@t;ny})Zd$46rQ}nubmUWZSIdMNM zaewq81Zf;?N{l)9%KA@fFrc02JUilpVK+N?uninCv^zHh(4;UF!WIr@ab?o(7x_qG z;V{=pqO?Q+9hb92#=)6zTxvnm@@cz5uG%hC!IuMc0CK_sKmIT5aaH7?V4jj4~ zItd(B^3Fs4iXPF^+1!xle8EJbA?_Bwr4}_>8^s3A@3+jllDE z=6NHZ!t$7Jeq$SfPlS}Wtg_h(C-2I)o{+soF+p*+e_Nt~ap0}R-3P-|iAv_ONJ)A= zt#yEf8&Of|kHVlm2+!-a6`_c=UtDCLE}yZi3g^zSKr>)R{rx>$A)C&({eUex^y&8A z@G-Mo_-LH^!Qi6th=y*U){&%r2bHo(LuoQnZg6C!Gbw^Ze0+xGqL!2WzbZCbSD%Nl^DqbW)Wt2KS3mX<0~O=NJ+KT#M6`*WBYqhJaLbK?Ep+CZ1qXsMy~3D+Tw zc-&{<(Cq%$@caP|9{?Q~H0>~5D#6w>$vUX)z`|JdvONjXcmjmh&)fEHI#xUZf4&%p@V9XJMOi>)?oi~ z!@ztHi#L|fDD7x15GY)6Zu0S%&u@Re&+6HNBY=oAaMFSD6~;|oaqyIyevtTU8IRjE zkm%}mCy)|V@;y_`EvhjMaLlX*N3Yu)5Mz#3@2BRvsUK|4DOm;{hDEobXC1){S90s* z!ee_DBii+DLLB*W+UwdkaF}0HUGGy!cU&MA~Y!W~ObQ@5iFMQeasY2gnrQ|-tW4{CO z>O4C?xNs3t-%mE_;Wys`%vh|$cST(b(|PIU4PYs3p;D^c65g!b1#CsGsq`MDY}cAS zwLGutxamvpHrCVMssg3U7IjZ70Tel%ejm^}(WagM!Bp2@`TTtPNzU3j8TJ^2AlhL# zZK;T_5a@?}lIPcZ;dlraKdzFy&I^7*iT}!;=@U+4sb;*aaAL-p#dZq zB)o3WWlBjmFIH7(RYxF*0m%*U~kqr@P-gCUaj_a zA!vtaGO28cYI&0VSiJ*P0>AuvP8-ZT=j~q6HUI(uy$s%DI^e$7im{8@NTrB33gYnh zzMZ(*aOLb;%-nMp`3srU$2G|XryLy?X_1p2OjxVZ=vupifG2pu!n=1|1^`Fks*4E> zGUG4Lp116taixhgTyum7*NvP|zp)uVDumK5Q`My1ED7NTOsnn5#3vv7ODRUap`r*Z z@{41ct5QMM{CYEUxB;?DyFL*_>NG^Isr<2DxQbyK$a>i*zji6dlSe~HLQLQ1x8y+% z3}l?#1OD~~7Y<^pB4EeO)j#!CKQAhTFK{uCb_n8ifB@~_AN~y(g4o-2;^2&B!ShVo zAc>u{9#7_aB5>Wa-Q*km5K?^mCF^lgkH1*bL&*BjtWG43=|vpGT6aJx(;5KagheUx z+Zasx%1~%AWuD>oE^aIreWS%;J}!pLkh(Q&7c^7lHyQS2@T^Wl9r77Xu7;oUO6U&r%z2vK=EFIx!e!qs@Hp?$@6L#uT+O8ZG8ZGwKcH=IPcs zrgg!StL40weMOKtmNY9E;Nu?$ATONhkoQ{DbNnp={aX&ViqV0#!Ne9f%5^z-C zEl+HW zc1iTXF*BZp;yH&hykO)aa;nh|Zlitia~vpEY+7}k=U1()CNO)p2pD_5KJTn-LP9#8 zbp;3}Q?Y|>&O0Uw=Vd;%gZb<01Fwtp z_RiOr@9{hrU>R2AvhMnPg1i-X9UJdZaTG8q6y@( zNgNDPY++9VKWr$+PAT9g`Q?4&UrTY1r0dkdNEOQ=p3Bd?A&#+Po*D@t++*vI_v`6- zHuVf5VbG2_$!#k-0Ljq1K7_zwHWyJ^33vvfaZY*l?JVSr>o~% z<$UO37}(C|&CixK{iTONjBZ#WIs?JVZ%`udCZ@hCBkn^wQ24xN<2#o!zz{npaLRFf zPThjWVvTB~gVYQJDvrqWNE>ITtomHPIh)BJVS75R3XFzmD!xmxB zx*hP|jl6AwV2p_E(vX)Y6amD10bMOnv&=^w%5Xow>%?(VIP$Dblw|AyPhcU>#}wDo zo`FKK%aY7~9+8Zzc@x|c$1^B$@cv?~G# z^)*6lPLJjJlwxha=IKhmahbiA@eZ{KGjThmeATrc<7VAqoW)L&z$gpCv?4RK<+EwB z55JSgws%bw@T+9Dy54*$_2{Wpi|wDzQ%^O?Rmv4#TJNq0#wYnV>nTS@mfiMxGnAF( zuU|0pWOE(R6v}Jl3a2k=mkA@b1^@`)xee6SSn~*`qzs#G$@D|`GFMv zBPPkju|{k9ETWR;Yl%`(tSAj*ssLrx5!3m&DD$WR_OUAkhxY~t#8hMbjL_EH4Cw2I zJ}4_lK;MMgm{k54;Fi zb!FdVyYz(NnZk^1s1~QsB*0pj`}>wG;12RLaqII(t?V0he`<`%EK%2dtR_ai6s;3( z7%Gx6_7(Ti1?+1r0E&&J66;V;s)4p5sEW3aA{5{?{d54zf?D&sa$I-MdiESmn2X^gY0rPkVk$!**cGPL9L+a!y}= zS-x?SuP?|Wh(iLj4?*+I;LTf`^7Hi;`7!ADO;W5KB<~u!en7N~nCG?2TnnFwflWP> zsLr@ZBhjBr@rkU}1wI{0B<1j57YqwRi(Y!GXpaZFGxJ#K4?FeUj2mD*p55}hB-gaaEpaWB*P}8Y0C;I(^|m4(h{$-$ zFXZLm_;^p0ax5H`7VD`#qKrBUMXR_pa)T6g|UXOJK6{{_B1r6e^3=u1L~i~yOh^;KU72C^7;vQc!EjAndSQ82`Yjw9{*#2 z;3QZ#AQ*(2Re#?`E;gD%2ZT?=dI^(cCk=vmg+)*V>4ZktYbzjX-Iv9ZABY7dc z)@FSGD36&Q36P^O>?VE(5WQq~$*E~Olk%8XLfq+rvJC&r&(blXH8{jypIDE{ zM=9e3PPFKjRKOla+3}mO zw1udXnoFJmuSWoeQ<&%5i0v()X?}#nuK|e^l8b6E+7Q5KLfag5*8?mikM?8JG%&*g zq+VT%xquwdKD{dMstGec6qKGAKz=WK)mkoqrYeKP>Iu>T&y?j(ZcD~QX5IOl!BID>gb^A|KliUGrQn-qJ-`>tYKumlhSas#Cy09cK@BY-QDJL1npmiA`vI4jcDiW|*)s?+~e zX4LGs#nw(HrvByyZ{*>JL6s2l60$XIgytd|kL zL2O1Fcwji8zp_upS#jA|^nsYG@4@9jxFb*dHn-TL<4INY#JA+@LLCSzfC^LL)M0cy zSh% zrljV)#?c=H_Z-)gud5mJsQbvj3fq1&qt_j~FRc(3QwBU*r^PKY`>ZEi6^kFm!+b3V z)C9!K?Zq%H;?9TB;TZQYr|*Lz-Pg(L&SOLBBLyh0-qglLp+!9o%*ERwN+~oY_?(VS zx<~!t9zm~@vzc7t2{v&$V*Dys`i|AQE zHE6!bK?@n>ao#i(`VoPO%D4+CW%&5?lr$wBGhQg)qspvK#4of4T9Ma_c`NHg&?-tP z#bt=_KkS^9FKkHFi%@?$gF2)fQok>3Mp1h5)aXax<+pfL)F=T% z3rL5$Fs{|6nNZlk2&8=T0j@L+CWNVe!_yiC1M`?wX-(+(aS1#GU9Lljl$$%0jQd$z zWuT``*GAP@K5r7{@!Rt&YEpko6+~qN(J&t`fc0&!eLg z%@J=lIF`P~EN!Vz9AY(fQ-lGMSt|zxiL`HW#NqVQKUc0`<9gmd7jer6-vi!lNSR#q z1^xu?40`D{gjJE%ZqG*61tS<~t15YW;o7?MM zDZBySK<))-*Y5{y)H>RK$`^2&p~69vwm!T;evaZz?PwR2$$Kw9U=1*#(x2pjxme$@ zFI=}4raYbCIisyb8`N+*;90j?&VkZ z^q`0$^efjYv6N+n;2%S~Qo&4<#2I>8J6ysCJq2q327d#46l5(eMG)qXvdl^i>D^Ki z;_XxE>P)35h>{P2Y$=TzQOt;XqwSya(~L)!S9-n=wn9*ZohODt~??uB()SY2ol2^|zISK|CyjTXTfRY#3 zfSy_v?1Evq$ljXkn-0fH&bPz#g?*LLkyO|3*cd~ZvE_EM&|`Mqnae&hoqF9r%y^|P3-LK@Z0EM>VVq&I~#5! zNL)(;=>=P!6<54=L>p3jwtewA_+49G=3tPm_&p?7bhZU&3KnpDJfdx?>}d{;H8fif zAj)D>dbrhoITS!8%Qt!*&P%ochbZ)7R(sw3rTS7+<}RdX#Irw~5FSvb4=-TO*i>q@ zq`ln}v+(QXjM^%=h17$ufjn3I&FfiS!%<*0SMbS>3;I#)OU=svX;)b+=qvbxA&!JFFjm<5>7*=;+@cL~O~KAmgnC%M4iUkoZmMk_oU3FSU(crHS8O#IdGgr)u1&T^J2-!@=-_!8eJM{>!A z`=~X@2k0Aeih(X!&s7;ZYa87(1?d!_q$94GbTI$Nu~5?}BK?a8)&g#437*M+!NDf} z7!C-5`ghnCs3t^|SQ_F$bi>&uku{0f<}-bKa#Wx2=6H+tELYf>PW~1^APZ%pWZaiF zg?*{>>nOu^M1h(jelnEOY3t*E4Fd;`{)E*Xdkw=VwMqe`dSuQWBea8a88nu9lP{XEcc=~780mxK--iR#PaMv7f;ZuPQD8%T>~P{7({O9iSbz{@H4C`xij zo^Aesf>T(H96m1;Z_(qXVVs}cXw3ZvQl`y(XKor^!=x=*7Y%Cht(+En&#JszR_EWt-nd#c00JPi zTTRw7Q5_}tDa<*n!P=lYD$$YrqZ*Ds)OSn`25BB@C-9v{^wz$Q7F(%9a(GRv{HptVw%e#s=A&%QZFt>$Y zLwrZT;n1i_>fn-ZOp8}a`Q=su;v+z2!YClifvp(OVah;-K_DucDH^~LL3Dlqv&bs; zKtQnp`u96(Fkm?Y&hh$iDkDvw8`WJnQzO^#JC~R_nm2rA?K`>dqW|(ZxP7@f$i6ep z)aGdkX$w%sgizO)im`xAKRW?Is8>SVy50gA-35wkJ3#!?I-Y1iYk(%?Y; zyTlAIY5|Seo3+rk)1rhJi~=J@?Tu7|7wyDypV|+3n_n*vyLEwF&!o*M zksD9KAtXZdbKTB_NMC~{C`{+}X%xRSYAFqU-8nsnu^R$6rp2j2qA+?#3KNgffMztd z31-lp9vXh!R0{0Ykd-E5F7Z>J&8P8mE2832NM2$EaT1?fuJoIGSASc}fD5k-kj;Ky z0(VnpP}U?9vdN2vAgRv)NT{n(&6Q*WjvHU18j~qOB3wTC%G%lt^x|r+#RtYF%-0L> zBpx@;5V7qCD|nQ`d-BAK*du&d`T6$9LB{?fe+lma&Eb~DB}Pq`fQ*MtHx!5f#W+fS zm)Bn~LE#&bfQ)CdA5~tToqpk7;cL^1^UCLzq@|bjEpw;!18|uDu+_=(7v z-Mv}6fSAtq;;>z!VLrZDQ0P7!uid=2jsvz+s@3zr(+Hb8`pq@n5i%xUz6C`(u<-$$ z3#7b_gI8!WROuM}F`hsck;mGV$6wCg=f2~}S$@zT>3V*8RDz^u>kAuB=9Zf#*?g6d^`}p1Mh-z? zB-uX0r@+)&_FmTsEpmwkJFt<3d&+JcaxkA*e7=z~seh%Gr70gr|EJ7nnoX1oN zS%D4&443eW5OXT7+VyqYK!JYMON}Fn4axnau5SR5;Hra*?KK)Eoncu%d6$vc2(_vm zo&fk{Sga6l8#S5YEWw}&lU_t1vzy>V3@$`FLg`ip8#-zU+Dx^f1R!zL%f&>Ks|Lgh z>v^$Q=9n}7e)5Es^9+>IpqX1-Kg+N4&tpMZz^#KEz}UO_%`qw1_~6{K1TW$`;Ldlq zUV)bD1L-Smv2HU%ChjE4v+=W8QzL5BRxu+yBCoB6sEGr` zK466^-HKrXh$$9wDP`4-=?&;8$C4L2z_bRhXJvne38imb|M`L{Gdj?C{V8JN{xz^c zuvFpuU@5yi^8#q9TX^SzB4QJFjZW1|5a3eBlR5yJP;8viZfIL|=qVsI=$+$?B0bE& z8RY;aTJ}i<-zzH<^gs z;43INzw>%o`m24D9$tgBweE#H`sT!kRKNML_58pLeLRbWMuQqeG4zMK%2P%C#0|K8 zaF!1091gc2BxE=>(08X<1lpGD>XEth{Pu&BF-8(@S0VDv%*BOq{Hn9mWSF6Zbrl zD_{*T9q8c>uVZdQl)!?HPTL;qkNZ0aMYb>!h{A^NCVOZ@yto6Za-y$F0WjDC12b6T zCTIFGL1yuQ%sAFQObY?ALW7DiUkf!b1Xclh@OkB!XrrUz^g)OR8%+!WHMJ(nj2iVA zWym7cTa=}X;HXWX4{nQ*W=}Szfl`*%jk|$^613QBkVwF0LT^CMUxaW=43d*Lp3P zDg!taKJp3p6>tMjF79@W>Sqk07ml8-RG`;If3p~_!7we%<=ayt=;6p90jIt9{1t$f zRAcdZ$s{mBs-ILWAP*=I)H_b4c%L!T zS0yK^i`7+!S%Km1fw%bv`WGOS1}#iohf9MQcdfqxJU~>uJ{Y8Cw^4W8c4t zM_ur`*v7S<1D<*?enQ#U2lxZFMmY7l6=GM22gU@xb~Y0oH%k?8A_L+nKS&e?`B{(^ z&2+9Zu;<#R#w@xMYA^t`KN#`>@rOphg;$KLHx_d|8t~q%G@lC-YT|e*UPAkHkUs9< zJ}zsP+wdlSGi0U)!tgf*w~+M(JWW*uK@CSbScet_zeQc!6C5{6-IsDbGuuhVM<9%y z5m*C|{Ee~!VdsiV2uVA?ovNABK2WUEg-QBO9_vkoY6`XWZv+bv+wrp@4s0HLyAMZs zUoZX5HsJk)y?}T$1Coy9jJbvyjo*}m&6%4iJkaH^l7RW&K>9WCclw2p3WGHcHLcCw zvmQR(rdrn*HVwtveO{?E4?scw1Nwt|&ls)H_gNI@QQ?QRg*$LZbkp&|89h13#oykK zYO10Dx$dxDyt1s`N)@nbHi!9nas9{g)q$Mng|l_m4(-_dlB)>T+7x6z0Di*6A--LI z+ZO$zT4|eFsJ>3rZl<9*r}mbsgfYa=JfSe@6HeFA;Y9yIL1w_S2z&D9?6)Enz^bozk_JT^MPTt47!z!Tke!fzCZG)R9q=;IG7b1@UCJqs zv;;jAo(()$=y!yf`lZ3boS|bl3;|iz!GA0X6ja`oMuIItKQsl(ddG!})7=YX+aZ|m zp6{D7nd1u@!HWYGqT7i$8Ax~}Fo)Qna|68kDLA>h{p|jt4xf0dU{)Bfm^a%P2_>qz z{JK~mPmc!?A7-E_q=iVJKTzlN!2Ccp8oYr;dpjFTVaR@rS||WElJ>^a9-0OWHHQ6R ztc9{A!1}w1ejqzyc~*)giE@xK5P&+GjPHjBa#2isql~rNjT(5GmSLaLLb(&Ds2_c> zuun4+V_6+teEE|zRG==)Hk{0L-fxvK$-{#yVaPXcw%o=Y3zM4wFO4+5gqbKVma!o3#=_IIG{wxqoxwQHpd6W z7#3M`4U`)ESs#D0i2c$q=w?4z!iqu^wFmaJekw7bz~o7UFkb-W_kKsl7XT zB<}_bZ z0pv60{f#ytXUy0Y(c+N?QY;(5!1uI+ETNe$zwPLPZ*{>BFMxKttbog6SC;~j&mW+4 zaKKp_a{7HU$&5EytCEUy+!PM1?(_i+R5*--u-`r^fGg*1r!@xX)5km=^P%Mu$}+g6 zS%%OfgViR@y6hS%a8fYQ8umTI`vaFZSQCLrVHAcmC}U-{>wh%8NR;KaGir-bC62TF zjiDa}Gke;(zWuC1I^Bn`j)KBS<#0dhz4_oZH^5`iu%Omp-Hr?ck%cd88i|fYAwTEf z;Z*;enRJc>Afn!&Ia{@9Oxl^k*m_i2HG!=y_aj0p?RKn^Du>n;-l z9Ty`=yt(pYb-jbPpgOco@~mdfrcoXc475-w)hc3t1+G5&d2)M*;0UVGvq&Uixzv9i z2-m`22o+ zCVOzrwAM6z>Gjh_ROdq+DE?~9$YKk`Q+C+Aema>!g2(cXR69@pb~|WJ0f^qpu9E}H z9N{@5_QyWMN|I_jMOV>$?O+SuDFf=!TL46(?gloApwn24c`*rG@hilZfirpzK&2d9M}R;HeLu@A1fM}k zn|g4W!t6lQ`R`eLtq1l7L>@Hej#sb-Be8y~ja1*A*}=+1W=xfnMxvtDzXJmIKxt^G z&y!38SU*tv^HCg?Cgth`#UAzpMR(?j!J`>Yhx=;OWl=DQ!hV{o{czg(TOv9|fK2D) zWQEvT?TZ{C0g{OoEIbBx2hQ9P(tpQ8bAOs_2x9vznNh)v^Q7?Bi_@Cn+!CXN$c2<)lRKcW>gOKXogEAr?715Ow*F7*%1JsJl0KuH5# zxbpz4$^z-?OU-3qZK!844`b4d9&3KDfBd)XnE^D3%%?G2{5f`f+I<xHn3Qbq zwdCtw1r%<0tOlWz6>QL6eiZM-TN_;dad|>xezas;4ZLoA{2s5IU(rD#x|5vWJy<>W zu~o;>j|`x~w8px9+hoP2ulBi#SrvH<)d`?sS6>F#iYdX?;U37TaQKr`5l{(XWX?5u zVrK@(nZXnbF`Jz_v(n(y_ETb1+m;F2>5yBk(k^P?^wN~(PfvWLr)UQ3MZ1~g%n4*0 zk?7!hMDBK^CZnL-senuXOF=}U<=72=?m!7**>fGXjy}7a2Az|D9|;MK@rC7&crcY^ z?=-{#a3i4QSmw-6>n5PhgTNYPGMV2#@_`QV_tO$SNVE&|7YjHf7P<)RE}v76Db_uo zWf8ZS&p=sGlpja@z1_V5CZ0v`7N}LgzzFZuZ({I^8G@%cfU**Thsv$Gei4RI^OjrvVM^aRGiPQV6i!WPGQdbjerXM?(aPKDWm-~j)%ez*klGy6QKqTUazuuj^-YY3OB zTImAg4Q_aMU@QZnKuC?-GeYSix$}eLkkw%YUomU*5B9Zvn=d0E&XBb;S+yF9fjBa2 z{U6ba1ILDc>O#;ud7Tpfr$MhScw(OhPHTZQAC4u~Eu-?HKgT7p%^28t13i|3MQTlkG??MOjK8in* z|A09NmPHqF))|g;R_Zu+`+X8tq3NIZ=W+y8E%F(E#+|%UEnE&N|Rae zYYr5DGNI{$fB_u{1%AIGWmrG@!XSvU61LTl)MUB3fMI5Re&p_Y`xeBW$xXFF-*0i! zdv5}W-JmuyLKX-?F)Fq+ul_QkRxOJvc5xB9gF<>7EAt@p+c^=^c$k6YR%(d;^UlT%tS47G8VLTF_CQmwL#qO; z=FY2j@T+R*VSC*8+d_-!ShQ*9Aw(VZXyGBoUY@g0JhRk?Z~PeRaNb4uD7EVO)d(gu z3*^7ANgX~aM;y^JT4E47sHncT0w%C9q{n%H%8;Q)5WeEybv$TT?e&5DfE#7$3M{;- zr_r@Rk)DKAtVZFU7�}Nk8r`P^&dciDP!X)WI*CRBHnIA<@h3TiT-Knu~&M8-9^gP;c>?6cYk`s+Z1S zvtjW-$>@vVmm5fI04a{Ztf{Cn`L1M-XOVhEE4-O2DOkw+A^sal*R|y+5<`E993H_W zlQEe$V{$MV3|~K@=bYZzZU>B^s-%)`DB;xZu@7kUJLK(${JB;VUEQ4=Lvkin`Jvi? z7)yS@v*M`lyFdoVq<5=nLcRYQSWiPgc_e?Yf(hpwR<-rLt?f(re z;+z`@XHP2@C2p18o$Mz(k2~B}zwZ*_efIfN0|F>&;MB!E9X@sA7OwF9h*`T{UrDwgLf=-CCcEf%}*%wH(o5*su&lJSJ<0l$#hM29GbBeQUN{M8;OJd zodi@+>s`r{O9KX7u951NmjqxRpqIIzIE{2l=MB=G?8m^@`4pYsr}(5CR}H+kTK#Q{ z``Q?^X3_f#z{`FYbcA<{lgghlnSAWTKRX!Ek8cES`d#`dH0S{F?|l)!=GE{*IY#{? zmEZH~kIlzJMqmLQN~Fu@2(tMfY{T$(_vkIw_{xSx)NShrML7J{&y)4mVvVNvtMGg- zt+ijWso%ECtfNxPBM%;mV0!H1y`y~IYaIR{hQoXSYXtD>{DChWUco0@O1?!UxhjBM zd1zI84DpKuwSiCgLa|5j;dNqR%zdIOhH`*Bf*g!Od%KeXuNx(yuPJi%6X6~nB)if} z{4G?+E7cMeKkAuNpQ74cZ20v}vw{)|kKopRPo|*Rnd})hfVZ1$lMs&gczHxne}|u& zhXt!<_f>}4P9$gFfnCt#(02ToYInAID5ro$O{ciCWd@e6VWXoFB{B;L!UUUz!sG@z(nv4 z$S59$6+Oj!Qye;uWDg9z!!3RHhHpM!?_Rg{px1x>| zxeDxgfZ~9ASk2Dcz!Y79R@e5uV+GtSQ1dt)S5Bqs^~W;cn~JL-xInpL21NplbyUv{ zwXV35Sjdl%DoOb0FQ?-igp`rCbWH~pArvA$2prMvqa*GW32Hbzz{E?XFQ56Nf+p1+ z`6=yQX4zlme(6UL9F{kvMUmXYY|XT~{CEr&Did=;F~wG5Jfw>(jG0}`X!|D?L7y_I z5TS5zDbI_MWvhDv$gt*&0!A*7cz!G^gQGcrbRB+6lZ*py+pz@)9;*6BNZ5qQ+?l?T z;^jo*0jX_Zth&j{m@aeK6>cV$Hb%g_2JwNWWlJ2fyT^Bya8C%Cg?&H#e14 zsv$tf9Ma7=2k7j3e~GeW%xw25hCsl0Dgc6F8+ya35uXtWx4)On@l*Uxe5Il3N1SxS zg=cV+?@f`R7T40)0qH3hH5bw>MZyCT1fH4g0Wuef-KslZur7dP1c7gWUP6W6Ir)8k z+0)4HGVBPyuk_;~ZLeUvzZ7e~$i}{_ozgydE<94!P|8e5_LGO+aq|3!Gfv5b0;zpR zxoFR}AI{#W4=LXNYMZNI`osVIvqS;+j)tf1D5l&~4`{rgMD-l=bo_r$?yZ2eLBh;u zs};i^@Wa?P_J!5VLhP5q+2)-$z)!>z=I`DG{ATfQ)(%bNt(@s1k#_1Hma zX@xH-?fCsn2wy^C|Ay1J4mrrZ!QZe8J3h!E=2;!?IB{Pu@>chg)~`a|)1d%eo(i3# zNccUWD;6n26WQi{S!j}Vm&^Q|***~CY{Nr;N6$5&df%rtFamR5`RAV|9&nA|cR0D` zu&6dXzR!3t>?!onY-lQw=7I+xm3WM?809a$6vI1x^FR=b+fmVVh-Zr& zhL28iV7z}hA0V*ZbmgD_`xL{A+UCuhiMAToLM5h{7xD_oxM)sim7@p}=Hwk7;yH{ahR z_fG%>SJ_g`4Vw|To^RcQ$Szk2y8A-IA(MV3q&HCk@BDCPQREXz1+X|?9?ey6iD>x& zWFnHzZXurxYxo}U^^R|0_Kg_mcvXQ_H2|0%0Y9Lf@X80&tZHK3V+cOV*=v9;H7los zLgcQ)(?-j{zZvt1Wm(zQnn7xl7A#60{)ihF^;Qa_IJC^dt`#_`;(eaq^C$I6J%#+k z%NL`D!t}kieI*ge9N;cJrRBan4@%EFC?&I>!d91Z)~A>#;c*y1JQh;|w19GZ{yYmC zGD{ePaDzeqrM~X07Mdny9OvE$f;ysR@!R6%%8j>>V7~-l!CXr@L92IneVk`DM8SA& z!5X4zMg!(4L-m-CXqSy70VnCvNN_EM4ml;|`!4u~ENVAfp1-%AjO}N@=&Wnpv==OU z-XeZ>p7#YW%N9uHxU3#z(HFFBc3}Bq6|jR7IcaCL!#e>NM-~nwu_w(?RPIHNido~I zv=VHt?q~R8UybGIC^$5xQCNmMjeNFQmIe<_GbIAs(#HlE?EVG%m)ZKbC--$qD3*1G zqLsj>u1g_l7ycgYDpxKGzsLKFUvVdltOeKg*#_*lLQnqrN|u2!uNRy?P~d{ZSo+zf zysM+gbA8^MxY(8io{a|(M%w8GDN6}w@8Qln@MM06m->xc8TneiqA0I4L@S(_cC+4M zc)>593TF}AvMk4 zEz+1G?9A^{Ms0N0qc@o$%F1i;^CIfn>dS)+0FM?0gr4PYs3O2^FAR=U%^0@%Y8n`T z4NIZC#xVf#*U=L`0oJHahYluxzL7b?VBMnm&V$FjJ9z>6os)^G6~XETBa8Mx6<|;b z0Q-pz==5Dk|5dOAo-6-K<+rpFFM_@tCTp0kKvMq1(Fe7!1o4wl5{vs`K^`~kEXhF>@31rv}5 zH1EFY01Iy2t$C|Jo|)if1(RqxU;O&-sQq5ckkU1C?krG!by`Bv)|cJkPHG=y(xMAQ zXbJY1lEl4A(0%BVezVQydqzz7x{t=x$)fIQDo5cl^g~~kV$5Eh9qaC6lC%^?et_z2HnoY}^=jFTH}`Xbu{*Kd6*)3G^tA`TOu+Oc%@UmE(+_cq;Z8kcaOxwcNM-jq-c3_1TxWFXdbm z5(98xfvQ186(kkr(9~T4W>&imMGE2>+uOYJ3JM3{SW-E!;w=o5kV?fR0-~>Vtxo42 zTz)>$7}~qQROFQ4@zLj51<-iWF>erm`yL&r*TUt2-3S~@McSekKFA*4`?Cb8?Wu3% zJERnN!wP`Ub$q$k#+Sn~-BXAmv{HDfgxO2{oL{EQ5+AA`!vzKIs%CfnV?2-X#)aNX zq!1>LXiwN!zcaS-H`M!mQ7z3yXZ~}QRqVg6Y-;u*;sh6icQDA2QAQ;|<8+|VR(VkP zYPfe6@`PvcyeKN!exmn1f*%=_T8S=6*{9IN6QJv)4?4L9lro<%(|96o=!8NdJ{q^5 z5fbm;y*2*P_lRc$5A<1J-tqaTf$WHWg@e|=s!KDUe$9aJpmENyvArIT%9g!PgCxLQ z4*l_)u;Z?bCL9FXp*_zf(EHs4N_>Jw0o|{CMruBkKrYXOR~SD1u{J}so?r5D3mHpz zcym^y7I8k#wG6PchL^49k}ib~q8ax4+q2`rA4QWBtd^NraIeesQ33%{7_l*?SLBqOD6XafrxS^Lhy5BA_2{2-#Vj$*86v# zjddpZ@!%I+s2XglP#C%Xje8-bHS8Xo8@Y^?^(i*;Ve-i5?Ll)Fl(lT9xMqP4h_%YeH6$P= zDeGZ++X1pWl}!bD5gdR@!fvVs)?ttBgYG3TXl^zRySUYKtK<%gi%d~kqC#sQk5QA|H;@p7`NE4$ zyqy{#wBUE3W@ph*lXupAp9?O$@Mv;iEFVLXK)>i-+6d+(pv7D`$vv03y8fxH|JRLS z0#Ae8j^uNI%~#&!oy;Df(>cQ4G7%N?c-g>=!$)3NQ;L6<{y1s{jM&=Jq~!y=6Ba7Y z)cJl1HtHry=42p|*v*1Qnh^Q6Yh~+GW*B9E+&4vOKZL_J`tZXJmyYkn6T83YIL%r7 zQ>BM}oJX_C)uTvQ19Y%5=oj)%N~@s+t>&3F$>W!d&=wwl_z4oJP*kJ11rF2a->YJK zw&iK#c|wMBsb*bhYKc@!d0`;c!dg^%Sw;6t$FwH^ z5rD<&sl!l)*Wva3YSsDzkMg|lGtc(`F18`Nq=ybD0-@<^fIX-V{PU<}?*z;)`vo+M zdfzEvUQeK3p+hR+R@L8Ddh&J_>v<3;WS5G%6Jb~rdEs4LLQ|1`LPz~Aqz=5ot^_u$ zn}Q&8;qKolrWu*I*PTxQ8Yb9S$}iET$5)C#7yEMpo=dO}nJ&c-$XAJ_gl4E8K9hy! zUo1{n)#4^ZtZI?I7t5McjjBHvm!ZciIyS$aZ4C|$WOUqLJ^jPvx|%XMb5B30RRG-Fw-1fVj6T^Xey04dB1AQn(l*WCH*r?SlkySQR0z;<5`=Hh=<1az?DVVAch=h{KS1<> z_j0jReVO!%bG!t>%J*Vrf&T_37!GS73011-{_<`C|4N4FtO}n+f9+f8NMgPlp1w2V z>|$pDs2#qzc*Uii8jg1!h}miYnS|zza8q?)noEb3yy~o2*%-s9w2GP|0x_pUoH)9^ zU}hp1YFYHpPrSx&tLI1khB!v)*ytno#Qxy3^_ozXWw1Kkoedi!ZQ_dQG?ZI(cG=4Vx94Ujc>%$_zy`Yij_ z00TKeL0M+0$mC9mmw+kkG9MjzS|8ahC?^gx{gK2&+P!Q9woP;N7PRG z>IE_b3A%N&2|J)E(L(5Q`uR7lC*5BJ&`qTckV?hH}^|zKqaiw`2^L?R%KCgv14!ZR!0IpQTr6__a2TGU96puZ= z)0p`KvCQ0}HHv`mA+ari`*k&INvY}&6ZpZfBzvrj`{Lj}=Jy^x9&-=S zPj+?b5sSR25vEHd&W&2;&3z7SM|N@deSo^sy_9`h5Ll!q3(A2b^t4kl)r@WD)7^Nr zX!>Ft%qHei&&XpsrV;r7FSw7+Un@K^^I`(r@jz#9FZ(5;oNccOnW%!se7_^hn^>rb z=9X#L3ozHM4kt{Qmylv)c9~^i!mq%uuv&tGrBj+wv*0!?Y<(9o))8b9grlYtZuV79 znAa{IXcEhHJfSw1-B97PJPYg2;wWSraDj0FSfZtZY6EZHX^mB3mWK>cn*g0SvgWIj zzK1K|kwLqS!J%Q)QmL8hvViX8h-o^FA{=z^9?uDvy3IMBjjWE2I73@-{oc_GFD;bK zD|~y4peotkIqSExo)^U7Q=*v%3X;h1m_?C*(a6@LMR zNyq=5pzlJ+d~}c32Mt`DCcl}eLp21CZk23!L7K(;Z2?uEt|KT$BJ zixJNpRo4%FQ7vi&>D=eNsMA^VWwYIUl7i5=Y)<|xXmw4s9WFv9eqtyF-rpqHKXYi| z+Hd5%G(31K_nP94f{b<{%b>}h&e00LZHERM>VlP|7mm~f7oY0)|E36gy6kCNTQR^t%sT~A4lzd5dg#0Ljw~D zqshIacmk#6PCF@(0pB*yL8ZdQJD)WO>~WV)djEO=6zODSL=d&+Y;~pd`yrIu z(Lzq>7~;2G5pNS52oEoje{bVzeA?9q43v-Zn5sW9Spzzft?soChOBlAuaI(KG*sG4 z7V3)npx_@fF4)P5-Gw-{@cob;`St^K$VOaXRPy0{Dzk#OGHSe=Cy1+lzg=B7AL-*) zpGbg@-ZP0xd`<~*P$I`K zSI1tUL~ZI1dQ2_a-T=1x@Q6cok-Mzy*vT2(^^k`Pg3LnRhTdE9?2HKAs|T%n3U($E z%Yq>WV|rKcB1)heTg?xe6wnF4o0AW=erl^ceSLJPh+!kI>SKJ&5?RnhN=_AW4_oDc zGNVHOfbYq`T_Tr=-NSo!v?hwE+9i%f51SR``XK#&e(PlSV3IFWDfR zmjIho0a(_NTUcg zcxdE*+Oe>*JwtzQODs#&XhT$9iB2+$rV7(e^$ybjJMEz5dplTlVOZWZ$m(&~&nT3}0eYiXDw{F{cz7kGj5r|%Wiw}$@( z9fWRzfRg2)$)*vm=#rj;hhJoIs2^xz^<}>@)BGB%&>_19&Mq%1?EZGRLU4&Fe@UEY zy;A@K2hGMmD<~fjszlYp#6?mZV%MWR<7b-G?-BbcZ?J8E z735CQtP-$Rc3^|lDj$q`te40*oVJcK&{ST0m7S`|Q5M|4?g5k!}F9q%^#3zrk<6CkD7I=_qWbRvvuE+@rUN8VN>iqT&)6|j|E zN)IKZGrvAb13(*;CB;}G4mb)_a`8h0uJN5!4U$P4s1LRQ&zdG>h|wP41r`gOsi1Y> z4blRd*R+v?0vS-Q2c{sL$h8CYG{*Kstl%Kuf3rG^D-4b^+B<$&)AJ1 z#7I@hGbo~{(Y#k89HYM6dvX8b^2$ZTM>H1B%SaoSrXxFFMLIoin=G)=sjxm@o!@w+ z=`!N5tPRK1xqvgY``=%Ej=}j^BA^DoWg+4h6LPfz_$k$ z+KH26{RxHJPs&9;2zL~pE)FcemgnTJBG)Dr+5YvcB@`cV%V z>*}GFi~PxSF&Wn(Q1OJ`J(@}uxbDD7-|06XlxQe|(N`&ZQP*K0R5G4K5)*AbuS!}e zehlSKG9nj^fBfvLrOfFHWshvhZ_~{y$OX^0xfftUm+PsrxG0=4dZ#QhB?kJu@1?O% zO`#cd9Ci;%YV{GzQs|mWiXy3YiI8Bg@O7kG#2{rCFB~LQI%$GzNjmU=5eg{PoUi^k zEuidf{^Y5CIo^xKAX5tniyoNi>{av(btcAQ=b1pQM)I?;^e`~J5MKJ5>qrbU9C#UwfdTvLl~J;^hy{ zskl+m7v6ya;_K`A7i5iJ)F4p=?#jLV2=|hAha&JZ;+FdhGugEB;d27vEFVCz!YDz# z7ETVIzRIE@+MV0C&j*}X%%Zx! z=AdoMYTr5}(q#j!kW>5?9t6RAfOn$hOlnbOpzD_LItE}h6pESOBt$GxX}uBJ`q?IL zUl5Hh=sHi1E)r+jYrfHE380l+Sfef6ic`F$uB~>b=0;iW)yQv!V+{i28~A%AsHB>I zpKS^23{fq50TwUFLjh?huQmF5;8!+_c%6~5xvTS*Oc3UB z^;>0EAp8m2I{MX>9PmIzfs1PJcmBw&fBowuS`J zPWPN2Y?heJJvRN4+Pw#j@eSYvN-CK{AFpV_?pi4t&0p^&jB$5?W*YK=ja4^7L)N zH2?W<1`>#~y%q6`)nG|Bb)T17ZhsL2V}erL0j{oc9EK_{n8~#KErd*UHQ-?vmYpix zT7Ca!;N-nU%9qhz|IlVZgat3<=gh6=)V!7bcc0*;o){21xSrUBvV{@Hv zpR)wc+TAd`Un~(9GQUA(*ZB(G$6%)~X5GuXFscFpDmeE-?Pcl^Ya8f8hp?eAe(M{2 z`1)@j#gAlYbd!M178ntNWsw%@5a?B~)SEAP#5>r~!28km0yvesZdRllLtrc1P{d2=J(;_=12d4J%@? zyqAGI7v6F!_qeq!c_9MNfEWDog2pvxJf5l9ZlX&s{Ij+S1>nzUSTf8f8KROpeI&Bo zy@g#3|K*Z0mn;Xcm_7++g1MlKOkO+z;xj*oudas&QU=)L@LOQ>4Eg1u(#1=4_I*a7 zxE&yMELZELyWyP^sb1WmXh;ISwpaAGO--tVT7oZZjx!QYUwZjdkk|Rsz2|@f8&%_1 z{@k?_Xc4o|{6qM^J-pW|OL|9Om86)bei3X#ob~`Bd>d<;kpxy<3pCNd8M5Nds5mv^ zH*oe}!}tq9hHu{`%vI?RBE|qF4S>mz!U5|99xN>=7jE(FXsR(G*8%+M-~_$~mTus% zME;ugv5mEOuQQ~*Kw@M3)gUKuqx(*82|O}hmp6$O>j%1SHon_s#D)i50ZaG1q2iis z$%A2^&vI?B8P$eap47XDL%r!96ot_OST&8c-}X9Yy*|(Uq@g+7Ytk{WJ2o1n%*nPcwO&6^5{2g!G;s7lX>;d%- zhIlZBpXL|H=RZI_aH@RhMcXuYaV_#jJi} z6*JzKUgo0;L0&vF{qgO*)D!gA-mIxI$>(Vg!-7%ItYcn-a>BZP1|8<--+`|2KnLU! zzh?%EOkao_pkfV8#zANfG^=Ye=~U7-%HNYLyBerv>GJ{}+P>3q76T`+4^nk+e?hUl zAN>Q%`Ypv%-7spN~q{UjG{$3{eBopxVxMF1OD)nt9nZMzp5Z#A&C z{0uCHsvOx)rTTuEI!08doT(F(Z-&`?Vo#iX+UpN(bfD|Xc`buJzVoEA1p9%qo(OQW zJM}S4aMk4I-E$cnH&cRxC6&KAO_HGYEOKrk`U$LmtuLtYhgEhdD9sEuf_+~GnX`qY?4^ACI zLDMTRA}0ce0zXM%97DxzB%ax)FrZ2reUl33M-V2aj=328<9pOh3E=LmAt0kWmprZ% zrv*&_U&gDna^hWd#m{sKxD02PMePPc)*uqv@5(%4(~y1+l-t0>HBF)GqNuY>K4C`& zO5Fp!g1U008TX`8lRNdw4O(gC)joRTU6l2s0|4O+&)#NqD0gFJZNN7axWMp3*v$dbmG1{1H$|7o^+lCY>5Fs8Y919sfhk-*jB^mP;_48W- z@hC@Tp5v2G~E7R*BYl`txlKTg|x;fN% zPOofLrx)EutlNb0s*UJNDcCau7>E6J0~P8P%r=i8s4mUeL(1gy>V4vO&OWtT!|N7* zlr{~V-|PWBR*Ui#cX|zrHdFpKPq2~jes&{mO)8*PcmUib0(TJ`y8Pd_;So*(tT7oZ zY_lr3w{rnQnnFyfudqN0s#EVpOe^(o@a;h$({iQ5t(9zh=^zr1!)TT~w$~%WEO*~Z zknWw!dW?f7^(QOi#Lb>ORCA!b3qn_)bjA7XC=22gH$>?N3HBxc1?^l6Q8>V!Gvb*j zi9fUswBSNlEZ$!s7qQN{?{Sc#u?b>^WMWyh?z`!fA?I7R`Y%`-0Q}0*j^a)7muX(3 zxdJ&K;Kua#Mau&ce4Zb1DS_?yxig^Y5$YLj8rgQ`FYBp;zCmV!{_p2-MRkX@?I3#( z+Tq#p+2G~(*yx%t;2SWmJU&l+NtzNgq``PJc^R}ENa+VQiqi!g0WiTs4N%GWWbb#L zg_rhzo$K#29qP&uy~OL5{?mT7+phi(hTX!-ze;>q*nT!fxjiw{JJbn(cB)%eR%$3D zc(*^qYoj${FxHzB1inaRZR^XU2 z&3LzR2wXCMgvf(<*_*hCq91^x96dOsoh zNHwj~8htfL4p)7IC!_^^b~PGZ?{!uHW;B82Zrf1in?wQ4(~NO~^Bxeso`>>alZ!fG z_IQ3rpXPl^cg}Q@sRups31xGtx0oDV6V!n z)56snmL1yNjzu`oaOe5TTW%SkkgW2~280a_d`Y-Yb&(YW=tzV3Y9d`)WhS`00wSYf zu|_UU;^hJ-Jbo7BCh8uj3XMYZ^BV`sa$|R8VHD+Z_JntkjYP( z0cHPgl5K&#HJlfG9Qts3?e!#9_`L+OzZGzxSL=GcT*fj09i0lajW2g&!1$(jEu*1` zDC4lMlg8ot)pInos45>i@94%C>M=xDG8p0do%Uu`sIxX5VeH+#_&*gW2t40Y2S$V; zGAA<_q=MB89Ww7^+TJ$cSqQNGIF6y!IWw$#Re3?07(g=+Q-Y!H1LV_R2%xm~HGL_= z7)HDaaBR8a7xUSiw>Em=II>9Oev+#1Cd&p%x*JVwd9S5nvZftWIvMJCw z1ICxG&ASbnI+hH+vGC&RNkqR|j1HD}9>?$m!6lm7h{E{B&(&u8Heh-m}Ia^5yI7Qq8e<1 zoVG@jJGJwl1U`J}VgUo70dsJs{~>od;OLjsHI{QWHWAQG38>VJbu|_B z4(xGw<2N1KBLO2hRw%;-=!_v_K+)Xija-9$5wL=4_kw-o^@*Eq#jI=R@2z#VJ3694 z0->KNJ9pxrOxZn3{dT2^q%$cd`v3(?v%VORYegVhVhg`&FC8?hxTa*8pMsixOX~P8 zS>Xag-#A9dKKGXx@h^Nhf$LG1WNn;9t6@J%+ zhX^e6&P4LUa+ajsO5<6J(|7O6*hf>`O;JNa`45;Hx{rn z4awVM2|kITnEl!Mz?@fxBFIb|jMkwOw&-nimh;23z!=v}iyAr@?&hDXGhGJ1^zE3+ z0444`HA#>^(gABg%SVsFqujRMBe6^(`T%)J7(b^AaK`LlRvfcbrayP^W4sX!A_J~$ ztbJ>F@IW7ax0LgeS_#lYlz?L{|f) z+j%_zMfVCap$^tsoNDSUMQHwcE~+>Dfq;dVx{nFK)bkM}xu7%1>@5KFO!7|*Y-Uyy zzTkJ!M>l4I*fCE@HC{lbfn@#8LHtx@i|2In4EgDCDqq;;jbI8)WPnlx14q55TkYXv zN?({SS_2A>;~{lRq75;QWy=dLApM|{oi*e%-8GY$ER9P_EjE$jrVA-rt6L1*p{=JEfVJEJzI`!yFdj&ljt3m+J|oD*rIcdJuCh=yjhCyY z8-!!-irf6?fJTC$j6%Nb$EtSln4YhFA8iwDFL6b`mOmLTZ!*lu0{t{HDl|8r%{}gz zR@B3wjv(IgUwk4H_&`ZdCwacZ@iojLJh6O(u|JT%QqVhY7&he+k3k%*O*RbNaD@~# zHIafAR*rHJXj89dL{AWarC1h#sKe2M@YD=&-6e5PLvj3sfX2H^UqOFQQBRiCp1I$C z1&Jx3KFr%J{?j8;O*&{^UGRux$@TmU0J?W~jucs@Kv57Pztn;}87>ERFqpN&g|cH6 z83Xzl8vNIl-!0w0)f_)|V<}I!RX|XAAffr{!RuqSilXsn=?Tc_7iM3Em2t zNZe=T-B^++ImeI7w-~N25fGH|Q{MyS|FT!3wJezD;+Y3XT0OorZ`Fgdu5opLcm+Lg zA1{4?|H(*24-sA_=q2M`hmurdJ|SmbS!hGn39U78S)Ux6QD$q72Ec7RVF;eypU<38 zV)xzP3OHtg^dNmp{<&9oNkKW#qAqu3h;`_;o?w5i^4Xa{SwmU|5hINkK{(jml$YYi z;OW`AdUPTl;1WL5hX9BYD!o^cSpqXlZu&H!KE;++inVdhnxLSXlW4FQU(qm@X<-Lh zWm*I*a;a0^J51=5DU&AU#J9&+0zf`|%-sj1E@y9GBc{AvQvgqv2xy6*r3W^8O&s{p zl;xvb3%mCc|Ef}YfIej3DAHXQ{i#$7$Xc+$2B!cEdaYwpa;7`2e_C-lxe(tw{0k6l zQj7}Ukq!-K;!22y1~ZD^IX$qT3SjNfU1;wf;E_V<{*V-}$3t)Om$AUv{k8b`wMsXt zj%~=eg8k~P@-dJC88I0`)ti9>lC#_%yn~rEyk$+DADC1@jr)3Zk8zbL88M#A*2fxh z*h9N7ml34P8?T@MtpYl-j>kVs;SJtwy0fDky7*i=zSH0u@nGr)1{KaXeIMQZbyV+= zqXwW)piC@i$ba4AWeihtuQk&8D(T-j%TrMzZc0)RcX+vF+L8|Nt%Jfx@MBTTH8vEK zOBnpTD8SGy$6dBIC%LBHuQ<2edy#-2GYy8t&GabmX|Wv}Jq4}@yt0^)GO=dny3?8B zo(drRLAyZ17DDHfQRszZE&gluKl8RPG$q2pGXK_s@60_G)bH8>ptazQ1PAy!yn@k+ zk#Wpx$}ba7oGYue`iYjPg&24<4E#G5;{iVFk1{K2_B6kBs^HURrhr&ZSgBc zw7?-A^Ps2`ihT$yjdNIEryn%)Sdpejf+$UPO z=`e53fM4%uN*=?b>1cHXB}>cvI6}Y8HE93dH;d#9{`U=h#bJ!Tyy%fq?)6n!$v6@b z9DrvWG|*)?4fB|5vTWS+WSz=!!VOS1Kprs_J|>Vj)ak}CCCUoRC-?^B;(VVOjw&$< zN3$C6`7G8HD&-(emZ?_aVX*OAcf3d=(*?;FVLRD7fbmZn3Y|}r2IUa=lMDvxvmGhe zrbWU$z28&uj(&*z)f_(0q(eEp&{_#cYLhsu-oMnZxcqgp~tp{KX zEb`<+DgIQ%;6~IF1}G#>FI4?9(A;K0m4E$3&*EW;>7Zxs6Ut&)mPK#T%yHwvVEziF zkfOvOh3EB4D?riiMM_2@z(UA7=7xSqcANbl24u+}DY0n+yAuA=0d-4|z?Vjrz57Aq zs{c`6N(ku6`Ji9k3UgZ0L~!JVD+Vnavg=atYOp`b#XJp^82v!Z?eN!VvT?Dnt=T7A z8p#F+%gOZ-Chlumize)z?9ILwBmT6oE5G6_RS~lOY zgD<|_IR)MR<=bb9_6q|1E8E%YTxmc{6JFV3NitP@;VD60L0bhhi6Wl2_5Fu3X>BhO z5dd(!o4!zXMExfT5*qU^mL5bcJ3<{I#-0~+HCX^qCPbh6$?{Zb5Totq@;xoon0iKu zSMjv|x>GKn{V=5vhcu=RIBJF_!*PDSei4Bt^`+wZ;TDvLD1)G2fx>_wZ~jBS5lXZk zkUIN}G5wGUz4RA60viPqrfUIK8)|r~2XapzOYHJqTrr^WOwRIaK(BHHjQtOLjS~O!vSMKXN&N&O9V{vUhPk(FA#6ME zP4d1%-^`yn{}jy^JfwgQZ#mp+l1w&WKcKbcYQ%!CNBk^U$m9c1~? z0bAmEzo|;q zG%I*0sy~H2J9%tygJ6u+;r!1>Z>|lSQZeO3vvC#axecVakU*>enF~+LHFH8=m$If9 zD)>~KBrd}afP#Px_G5wWhBKgo4b;!qlZ{$SJ7256*PzY|boUqmaVlA;I|L4d$38Snt1HgB=U2rTah^{j@x1|ujmlrm<1f(52I{0VqHkD&MWIfHVIpB7y1f7!lpX&zJ= zk9$#{x~N()5Se}HX@tFQc#SG0u0;yS@5n0KRwpEE@0F{JPn0o%{QoPt&QLc_zQ6wr zc41dy*v1yl+#pJTluURqd4xlQcCm$iVEOORZgnCLq*Yy*j64sixstel+lU{MLDp_Z z#*ZM6Cc04J)!(9-AO_JojpUs=^pwDFG4{g20F!V4iTgRw+MJU6@T3Pm9y!^AU=Kb* z#wl{3xI4;ykU*~)J_vgP@DWW+cK~Yw2T<4zaCDP z)o_#jouu(ge=&p#vixOQgcJhE8)E=3R1m%HCv+F%Yg1!ysJP!rZQ{c@j1 z6Hs$cg(Me+QuxIoY_lco3%)`sCsUWkAD)4OAWff~`fLn(*n{9}eOGBH@Wh1!7a-RB zR%S~Zc~C6HYf#gUr;>V!$&+jpmGQ}!tOhS33mHKEQS#4p1aLG~nPnq2E{i*MfC`Xg zd`u9ChvR8Ec-Z@hiT8Q@`GKNFY<~#i>pzp&{e5tN{USj$5NheJ3EtW!O3QC2 z{(?r5-f0{gG}3*99d92sLfep=qBf{M!$W)v(0=5H9s{2L_0A8*XVW86(rnbPxZbR9 zD)Fq?t{Ug@R+iSk40v?^NIJ7F$Ji(e|0RUrGKeXNh!}E*7=xH4etmD%YxUP(byX@O zuk)U>_p{%u0ylm)6qwSE>*a{&I6rKLy@jKyiHLAnhg7uVcW~8S4d-RVEEe$Q^U?QN zpC_fiIF=yWOtwzd2k^&zcYw{8%;hD@LS$r~q`owNIzL^__@>Kl?v#g4?>!2pdG@(4 ztdc-*#oKzezn0A&DM(LAvOEx%N3E&b$Jj7E%xT}#6Qp{%^z#q6) z*|d1%_}J`gw)_|>ek;trZhv~zhNAMshz$UE?aCLCNq+(W*|zfz9k13?~14NbGNV7_$A3BZ#fqcRl?q`wGi{%<1&0DUKFjf;ZERXiF9ajAdWOHB? z{&BeN9Un|O$N>Mp2itY#z45ihxM&Lw1e_BWpw%mUuA+FOQJ?olyq7xWOK}XW$`6rh zj*{&TM{d*h-EhTX5$n*6z7fKM?)+p3&J}NJbLRhK2SM`$fp^)4x1IJTcBsRtpLq@b zDEWo}l|#HtI!*o^q`0$d9#ve85^u_nr_*P%D)p(7YsV|WALFb~2p&qFaxF?og2`D( z>GNIzpJ0j~1DBvyXwmDe_m*N|+pT}nhHx4mZxiLSlf3`L;`KH3`s=0HKQLZ``FyN$ zOmo*qQk1g~c8~1rJJTWOQd1nFA{bnQ`h2!QNu4lSlS*?KS<(pKmETw|P99 z{?mDhD1kNkR}JVV2)B;|5msRjAFUKWC$visSL{hY1jXLDcQ*;Pd)3+WIQ>w*>_<5B zLlOuPR(L(gf&AtEbi8@RVz*g$*}KPcskOnR0?&E2-%6&D;s(BjD$6rkB1rQrAWpqaw?Eg)gd(H^n{xrX7t zv?EBQ4GtB!7*G2J2C+=Yl=E@^2xAmF!ib=s<5dzfS(l!j0rp?je#j80;*}7Z(WkWi zyr4QKoSNV3T$CG}&*{;^)WD1__TF&P^jnkLozdtpnCQRe@>7yY3MHY;eQ#no(?)gq z8F+MD?_QrSj>K^&)sc!3X0F{9+<$q6#sCWBPfPsf@j)G>yEW^p-H^!zl#Rza6#Hj6 zUp(nWj^EIss-g-x1Rw41x1gTl)@5IhzsmnxbC>C9(g1}n4scnx!L*r1azlSx6AMaT z&~>Q0`#bx#VHzJx)LC-=z9VbMzFm_C(ixnUwwy!M9C6)=^?Lw;6K>;Pt$^CM)U$+$ z8xQyUyD$Y#Kl$*;z^yxd{ljR`#E-|=N+57Xy_HS0E#mW)?81t=l$s$z`KdP?>Vl|0 z(oZqDWBq(F(Jz$K_B|ar*)mO!~e$2`-ZssW?&@;WIBVdCc7gSpqFF^%}9cKLi33xI>{ytR6# zp8^xCUKnt5yWpXgdwBk(yBB18{prowzN?(Z5tzB%!#lhWNEoHz_9mGcOOMcwmyJ!c z)#u_nB476laxXSxK0msHvXvV1^|)>>?cS8Sios zyWiWlg%3wY%oq2;k|)rg*Qp}Y8w-lB-=7z}`!e4jtDmP#zwC&*0yj!>F-S!O%kOVW zlGCXgNaV}oU#$5m^~U-hob&6@8>2&}`!S%~dfge~P&D(_G5Ho~4Z@-oW^xiZ22)Nu z)0l3V9(%5~#JDY{a@~s;L^p0o*X*X?`5^h4@}OV~1*3aHIlerkdxBKJ>y>MTv-(MA zs#}Wpo4C`*eX%$5jG&g!W1*l8-M?|z#U&yiJhc>B;_ruVn+T2-kEdSWpxes9M-M8w z(j1XhueM4L4Hn#tvG?*3MYTJuouUpMeX7+k z13gAdt7`=JBIVjhmg8owp6Wh&_ovR&+wq-?g$e56|I0VfW{Kb%8C7bci(`Vu? zRPgLBb=wePtiS4YKOfgx+>=MHw&tkK?Z(DexZPbSkwansSFX%46e*c9h z9HcTQA>8CzdXLuUrOKg@v`1r!TJBf@C#vjgy-1a7(79; zcy>9@he-`>jzhNng#BKS)u&7-XBxlkDFqTBeKbL8vD&3i!CFn&3Gi23H zZz}h!x-Td=2?E#bV|HM{8>_(qFxrN0gSYZL)naf@66Uz3h>!F~vj!-*sjDN>TchiI zEv0xr{=c);pK8(@D9GyztGi+MBpV%FCIP;HxtLKpnf|=#Y+(BE+cT1oJ-|4;h16cJ zq0PZ1U+c5Y2rFngC#~k>St9u^w2Wi-ECURjiZ2Vj`L8d>CaQ3Fp|wTN!U^hmh!f}F zI6fClCeO9t=6omdU9pJ2SM&2;#|QsG%^>%Um{yP150(}4HjuASibU+*+>%9xq$W zOxOY$2-ND}%}S)kaw&L{?Rwc?3%~C&jc>SzyvQ*>eX_=Ms^GYJ)d;?Idk&AoVR<%# zwlUrNtp*}#+B$V2^-^|6&}kUyIOYnl_u~Z439_8E=3omw6JR4CBbx#ado7GE-9E+|Ml?=kzv7-dLASc zX)^9$drO$c{UWlrHUx0)99))oaVH)Dz0|hp%o)rs+)fFP{k0>-hQt1h_$9`PFy$Lz z>)!nmGSPf6>WFm~vo%i?<4rgJphkR5ZRP@xWr4)miU*=42_ZWt|I|h^b` z{e+XKBYh}pWyIGTDAgvlv>!tcP5!50MJxk(4_#&WhC3W@ z;ZCCv=pz(%{GwZynQ&@oh}Ty6*)8+PN%JAD66cnMx)=T&vK}uhTKQS6Al=q?KW%du zs>;No8hg&?UEU4?5|XVSU4JSuEb`p^-org0U4BQG+knk(B3saal{dVYQ&BG|xR28S zuL-rh$WI*+hO?fbi9GUmPZm%Yb=DtzD_*i_F8bqi(7>ZN@*t7UK13vs@CCfs8KP4J z@FB!OQQXJuNidPG-6KVVpKS<(uhsG-Ghp%rPw)=u+lXB&bFV6ZSx+}X!Fxa$0WVW= zO_GTjL7znE{nF0aA^p#DgJ9}wBX18ketH}}z5Bz!=K*Yuxb0(pK~2jt>`^g3zvsr4&0Nr)u-4e` z`gl&dEb6X_#onOnEBK*A@z>pht4Vgh@JO^rk?}v0FdYdiGAGP>^1Yqi9w@d#%ER}8Sd-$5$kh=&EiT${Na6KByA-g-V@%r2z^`kqVKY%;_07dmam#;o) zDYqE)TUvp6>rFZ-;Y{Ki9_EPT6QAr?m zz+j!Hk1O$tIm|c2X()3Kzp6YEN~iqeo`GrT15+P`W3?3)iYl6OWs) zaAeTCuJ673{k+PZuhvu2EG)+aa#k-Mfa1>H>Gk<#&tWKSK)B-Q*l+r}llf+<#``Eq zC^S5+qF}(p58l{e?$xxGUia(7+K<9_ig#DuuF}Yn0znXyG z1IVLhHBW_D{19GlPiR1<_ItlGm){o9NbnI%Y4Q*`rP?Lwx&5e?j@fC8D8R#s;T}JJWp}m=z)n{iL^0}P@7J%~#YpIPeu>m`;QPKw`pZv{ zUR}LxWAu1Et`+F!`Y{QV2vM=M1m>k!`O@>4AUgnH=;XJS^Qy-uk|YTqF@Ac4mRV@6 zq>vQ}jAV;)fLM}wwy~y4VPxGYLns5CCfJP^Hux;=4xTE82lRN%hSl{G;S1r;r9*NJ z$!4X(I;=_-`XdV#<8;!^!=3+2b-Yl%HzoRW7V=}bb*1NK6$5bNFE;I)iYGDP2+SDyJNt5oCx+2QKmFsZ^rQW<=5fsykT-rwC96=J|3}Sd`RRDu2e(j(X)0IRuP#A zW6cjNUwyVe7(MSzn<_ZtN!*sxy7+a@I6K%v5TbYaw@AQTbd2wsJx7E4v-o3rRcov2 zL65nFX!WtIDXsnPDpPi2PVEsA$f|-K=a4G$fS5%%c@TV!N>>qZbKTl4`}J0^PRQ@>!`n>y@8qP?wRr7D3%&pS zeUUDc__+z*-FUBW+sr6GeqwvL_T^-f@iN0kScX^au-PnJ&T(_3;J8#@$#$Z223l2p1U zJ`Q0#-09Yp?LCslI=OA4tF7bS5kBt46#zBV0kHn{`#KQCkPXe05z`MxgjIG3&YD^G zw4s2{3D??}*X|OjcqxJe=3;fq0jWn6M)S1rbR6f-7xQCk&_cyajW|1rHQv(FLQU4z zYI$2fztN~=0Y&07)ID?d%)q7DH`uevc#$P?K{1f&v#Vg+j6X{x(WygixB1XP^Y>W4 zb&zR4Q|9W$w)Yj~FU-LVvf)Cr_Hl3h#6RbIooz6Ak^j)U>f4JML%MkS3J*VijvzQ& zC89Jg`U>l$&5K{x1=K`?~Fo zQ$StC5B-a5tna5`nxsN2?dwfBfCuo|bvej_52mG54u|;fLOo?sIRo3Ym-tWW6Ps_y ztUW9Jf=0l@C zBf`ZX2*Av5p+4T*^bQFE@|2dW-q*dSapC9S2C0qewV9ePmvhv{+tG5z&Tvk{dd0CT zk1SxiFRNBV@k?kkesg`^e}~+f%lHh0e=MOZIzF@R@pahy2c=F+e76=lJHkDtsYfGS z^GWc5`VPvZ2n?Ef>M<5Qy}tf&I?tnLi$S)ZfYY03F2U3qBC<^aHX&=B!0%j=7af(RVYy&;Lw)S0*)PnNjv%BoXM%g(jQ4-3?b zz)`(#pPPu_7~VH~F7?=V{q(lO)5#4m?8K#N#b-3csmVYgi>UOyE`JvT5}m2s2f(o0 zkMbqX-%tw#2c3TnuG~AdJPqA?pn6PCOk@o8n}dg$Gr|)gM9Nw_Ev(<_2G}9 zz)VH}#&Jr1Guayv?z;Y-284vd^INg|wmVqltkREH5AwI7Z)t7+3i!)y5`3E}7zCgt?S{Lrajy7@Kk_6w9 zF-f?_NAc1Z8#Z)m>$WQ!!70J_m76KcwmgAn1FkiO`y*kd+}@i*B@*?>6dAe!N*|eA zf(bnNGa{v>_@~Qw|G;OcvZQSH#SD(qjiqPPcah%UI|t|Wu6H16VG$!dv-2T9^BZ?_ zaC!qA!GV0p{qqgFW)tbC#|2guH@8&pClKpH0(@vSR_Nh&sLo)tP8XqmOw3hL!7s>u zOPz1WTpr>~=WfX+vHL1F`3wHeATXLUc` zIcdA^f?1)3YI8oqrG?j+!U8UCJB5zG@^iqKPRszs^li`yMDNn$-vX1G*XjUFU4g z4-a;}e4G4ZW|zhW&`%5JQ~h)zQ&he*TM5PMi+EL= zbFR~i?LGB-iD0YRUvz4)mbfC4o1>k*F8IOs)*cHXbTR0~zf-&HP*kykOGO^tT1hY{ zYhfk>cnb^dNY`hGO9}k){Q>O_oz-6Zh4T*%{ zjYiquq^sN`u4Lb$GuEI&PMasY-OIT2(G&8=65!>=svJ0Wai`Cm^!#$WAW@K?$Bn;J zpJ(!*KGiS4XL$610aM-Cv|{Qq7-{%b*kMifW+^6D2lFE?Zirq!um9!RiI1!^4xhy_ z3-@h%Z$}vu;WL7zhf9_W+m0+t+bS>>VKudTh6x#I-<5wOpkl!f$JBE4^F1Dp+TVwK zdPWRntBC7lL1a|=V$$JYJwB}fZC{jp+s{VsXL2pv2TzhlnMDF(ATuLuJC!X?;Hd(4 z>krty{~#dy^zOx_uERn6hQLXb^yhd4pvGLHBDbs8QBoNGUH%T0)beK|SHECH>%TYm zv5xmwpFh8c^h;lB1^)fsBnc#&U&72k`~oLkid$oT_%$d<#I3?EP&gRW***J=dKAHl zeH*KO?7CnZB9BjB!Tol?#eV(LG)`@K+uxbQ+E4DQ`Pw$TOVb9sPOS~jLsD+sK-ZA> zwk8~PWh1h=J-5?BgXOa!DC}AAVyKbzzRA2c2B-VL^;g(|e81qh8)9pJ@NV^?=>p9FNgT{^e6!xyi#UCskwg0gHZK?xCk*7FyYW($db57Q*a^V>D7N0yIwWI zVTSt0E;I2w)>)2yfz1D13hWlTiEzUDfcy3wZLdd9Vilm>I%A=gb5f)-T63eU?XWxN z)*JOVDrFJA^Fo?6{{bl+w?n4vrv5G;;URkZzF>20*|QW$5iL%on?cqrXcCQctU)Er zc!RT%_%MJ5H*}{bJ>d!>8DAW)E}-cb*={l*hexpm<(=SL2ChneJQ^4`Wxq-(A)Xne?-cz1X$@g z1$F?})W2je>hDhfdO_smflGhHHw^!`FYzQlQdfy*OnlACUMTLk2K@Lh_W0TyA;3Q@ zov}Z4f;pm-|6=X~ylb~&5${y zkoV77cHP%+F&Aj)TE23fqy91&<@~+Ig8!82Wbe3VcG*Px8#xBz6OFL7X~GFnEbUC2 zr60h{oHFb-;uMxqAxRLG?=D3-r&QoF?GHlQpI1ZIv*-F&kSSo&&f^>V4mOSfI%gGP zH%@1-bxX8(XmhKv9VK%%_{hqk+*)T!1>*D+FaUNJp@AUS6^y$ZXf|1Ac$7FT3QoMe zJ=c<$@%b=dEE&y{86K`JMp&xiA=;_i&#rb$&8o>-i)x-qgZ$k4&>|m1!P+6Wv&A9R znzWIo+^_X|zc@!>-=Oy~zp4^VKkxeyagD>1p^=aGk@a3TopS}@O1xyWe_xDxc>0!3 z3aG$v%YFBw31t;|`^hww)R2zC8)B{L56La)hZMvE1lkwWZhG z&!hMLfI9!hh8>;{<%qEuSXJ|LMIbQ84AzwKho`0znmtIqlw5@rL1V(Q-J8*9T$1~X z%S$h(`{$(0BXL)yg#M=4-~~D185&X*5Ea&nIHUwl%ol9IjwCx!6Uc7SrFua((TWI< z-(QUS5f*1TTxG&z&X4`fxwgwshODn%u9oUO4j8a}5bd_|&;6sKdc?pVFy$b|NGfbu zUO4&mpxBO1{9r~~ACF0<`WYj97~wvRZ4fQ18V_fn?yP;)_KSg&vfrCT=RLb`aMV_O zg{S7GiFV?`)}dLSs5(1qG^VHmSBn>~*ZUoOa%FAz8s_kr&mG>OAJNu`^qu!zBhT!| zu*!r#e}RhSq^~TP-bjf{u99^341&DhLQFoNXWKF5=~hR|iyYnu8}VDHEaeb=k%oE$ zsG2@`1V(69v5fJ10qbhnX9BblFG@^u&H0)!CPSUj!vFQMO$#=H=viS7+VfDjmSAs% z8-7C2<3$C}$Sw^$F&Q(kG{bF^KIvlheR$$$-~?8uG`)|i>>k#ie|bJ%{lgD=A3y6L zpuxc*h~^zj4o|!zDxVblp-@Y{hTXeaGk_v?(4H`FAeEDeVI~E2fW-Yf_{&0ti8)b) z7S9d#L1%1KLYL!N`%1Mc%a z{3!x@)%EQDsB`RwVYWxcW;lD#NN6^B3nZahiqrA_#RG)RkRX)+vi%`&0)S}1x4yt$ zd_>LYJI?cE*bhetJ7`Txz7}t~Rcu zO0S|)#3Wf8c?ThFHO%-UHW-urv7AO*wxK@c!dKnqshu>w&HEQgJ>Ab2Rpggtn0>zi z{%EAPR={6{H(r6j0KUVQr;=^g(LK1lyF!s>#b|DC2mCmpsdaUGxogTh)ib$czOCxcUG~$Q<)H%pU}fzBJgizD_IXhOoB_FuDa>8DD9} z*6_#&?>qybrNS;(ILre_*`#EKivZPp`F(IfLD(!uyv7Fn0cXpdiOi%ad4-?3qKdVS zJh^t0gXi-`c3tfRYH4Gv@7{WpNOhFV&AvT`AKfAwj+654PI#r!U{GwR?}zpN`spu> zi|4zEKVkI?(*_2YcV|okCr_u1Vel$0vZiJ}w=X+i<`?Oa@~tKYZ=UR6VC9TF)870%prZhhCm8tc0YBWWG{!7YDw2l(XyH0bLrjV*A98;4Ce%2;m_M`E7G5w zN6Ms^*9q<6zi8-12*~dk9;acW6#tJFJTxE$Pq2YC0pOgyma|vr4L@?M7ko!S;L~K! zF})~}?GQK{%-^YKMK8(GQ1@6`S#BVJ0YPhV0%t4-R%mIzX5I`8z=qJsr#c^A3rNaD@c|0bDT^>C*muDu58|upK<6m9PRO4e90gFcXZV~(xSSkY zTIphh&w(?}tB7|@P)3fJjzC&7_uB3*FSTVqT(Gu)o4H6)W=~6H!Ww_-RtEtIXZEp;wR#TMahAQrev!2T+YbFj zs*^zr&6huE*Ts9=s}-*xGtBT^pxa#E!*A{7lKMQ~mq)Zk-nN&;#Hsk5u6fIG?X;Ke zwfjU)3G)eMHBhNLk&^*gr3tWuaI;zTEC>6Mgg=g~PC;1x-PbJJ7J&#&_C>Q2;YcJu4;+KP1Xm$_Fa#h3Z;7&w(pxzU?nu! z@*p6+Qq;Zs%f6QK$D(hV)9N_bnM_ztpSNQ?XX((9U=V!B=m2=`d>KB>k$)@+I=*-t z$kJf2eff#!O24h!UUguH;ds2fnoNAX2U>t{#SiMDo!`9wYpL42Kakb1eJAo)HTlm>zLruD@}=hP-^H zYxbHGv*^#|;M)=26Xp~n5CxA8}6|`*GYT#gRC~9h(M7l zd%>(KEn;}kIsi8JrIdz43+Ua2I!4`+?=LvGJ6N4?%0Hyr`M6(=Pkb{l;(OJdeot){ zkcJDrx)E4U=uPMFHT%quy@ol=&;C1=`QmUQ-Sn}P?Jp;>BAs4zH?AEyFqvzekVGvT zB?N(P49lr`ovi1E)|=WR!J_nE)O5z+enKZJ-P`xq=e}nzqj51! z-ickM`z2Vz>zwW5l$HpqZd}1ss*^5A9r9$l7#juCKuG7l&i)`1Mu-fK9RDcOH}99; zk2rdpq@PIDaZ?9eas++5xO55ZN$6yIi%Ds4Uje4n=w3!ug+ntWoF+sLTB>NIW z*?25kgSV;s_D|V3_Jr{O?u<26;ZtllyG~d7XdmDWnu~QrE=#rSvgmR}*EO>=oY|S`lqR z<2j<(zRX7YD(*x8KPaBrzU0`N*c@W0oL*N#T0N1yPPhQcG<&3u`Rc|r>D?aC#kFM| z`EXyczi7tKC1)Hy;{x~VI4k%pTdLD>dI)q|)_aL0G+G{i_m8Is^5%yS%yNUvKRa_` zc@l)G%lhbY2p6WkX!o8XbGy+R<IKpw;>+Y@i+$UT zRPyZLLG<>S23M~~MmQmTq6hM1q|-HOuaGOBCH3NIOQb+1_D>2O{Gu5;62 z-4CYM|{lPimX8?vE}UXt{?DJrDfl{TS1jDypbUE+6_)9Qj)@;g(;w z0->-p-^GRZS$+P-(Q)nWRq@&O&!`7vT}SYY3HN7Ws_8VIu#IB&Yxr=lb8uO?fXIJ3 zm%i!hc`lxl|By)c#4UKLC?$vTtnc>|3y+OV`zvZ*S*VU6?|9|q_`c~eh&lK-lsT`D z4srf(afInPw1MECwDn@Xrb4pMqLn=5Zn=B|rH|pTbvp-8A55Oy=N!8aB~6-T#Gsb* zpHTn^6#+pcGS!z(;MGC@YN|GY7jS~L`0cIkgfKMmd||xwaDRsTn$`&21!BO+yYz|s z`ZTLH6b~9Xs1`*@0>(N130NP)z_BMBHU|Sc$|ksL5fI@_OuD$jX56ewV@rbv|C<=w zBGWvOGZcP10s6`i+aTB3 zw5KTZXpPH2m|w#_fRMT#w^{u)t$bl`5T z`g(=`RmfoAjqyP7;;V#{xnDybs_iYDAk|DT=Fs%FgoKg+S}3&~aIJo0NywPtQ>-#( zaZRtrNw}{7{pYTLA9!1nty-7;?G-!y*OGE1uky=8fZ2Rw+64-Tjg6L1v6Qb<@pPqG zTf7BRo?$ei$*18fj?GDTAXTt%oXWq#It-Ue_4N_&^JV3i<5t~jQ2B$mUyk2H0Fsb$ zLBnUi^^wY30Ty{?S~_6WCsYWtaGnQ^`2sfTndeaaIyU{{Z1aOR8V%CIY>`j=F);I5 zwO+m)-U&m_e~H3I?2{B_1mn{1s_v?~=ePJ>GnSx_Mt1 z#+RIP>m%!cQhCvy$!x0U4jDzwF$`CT)^Tohp5HFssc^<+VfxvBzZ*c*rH<;D=(WOg z5pF>AQdG7CG4i$C6SmDj1sA_YY{AVg`i~>M*A(TKtdYreD4+|w7T?NkymGFMD7!!R z)&WS~HRrOfNYYOVq{YIl1SxzyrtQi5-^csLU(drZ_&M^&B_zy1M$3=klqF<8%EGIuED z-sxR+3kqP-{tRxR+hHW^n9fO$&?no9$?K90nX9^umTk6a+9yC_oO>(_Ds`O;`4%!} zLk)a5s0eptj2{YpL7N&6#gXhF!-4s|5x;xP-yfsUzC21A)jKp(w@#_l?;SPgh|79U zp0zCPzA@DH$9=*5)Q&n#!S{yM3P};82NhnZb?XXDL}aFp)2K--*%DBgT#G^dpM@{IaJ{&D;WA5jKrx2Dpb7Hcwd#$qr0C4&nw zSEk-eN9sw+9QUI0YC$rGji3M*ovSc_u+v!g64?%JKSW347BrkcHJu@}0|o@nqLqT4 zR%pA-^T+4`AQo>F$5X6ygreu+J=s+l7nkzW3zSzRoBKL)u0NaYO4FvduhIJUlvmc{dp!}g^UmYwjwi!0)BL# z{8_{^;!?oO>EckCra*QK)gZxoMQ1diOF!D&3Ca|Tf!a03-KFIjIEqqj{R@eG>LXHg z#-;lHBNL&_bdtpgSAK=*B#+v7y#?{eGJf_)i{iqRAT zeQ??WGw+29RY=D#$Fy8>XO<1gs11S>Q8VOid%|^9=Y*_g?U$g=19|VpG+`mv*`ME?cuPY>5?r+(%2otkO~oJ2LigVMrwH}Z6DeDRLH(JC zXmtFW{kPoTvVFV=baPBcn@*(7^GRIaJCH*@B;>&zB}7EMhWq0J(VgZaHHwRo|CYUf zh~tS4gxDBEi49Cu3D}5&R0_u}gFDvu(s*Ru9t;lF4MeFv8Q9h5Nv>J1^#%|41P+&i zPbDh@HW6-LYy~;mCC`KQLhQjWq7AcHKgors)3E|GAxoiU;$mi1~>3WDT&M-petvVD8xNr%V@iA+xZhQC|qvx6zoU;1OFw1cnXLDpM?w`{3gy81Ow40p^wGI6S(W? ztqKGQO*fnh*Vp^WJ<>GS_L}yZImLv$&@%hq~WtMKOgVVC#?=>2??Xtw~=Y z=i6d0n5FP^mi=PIq~j$0dSEWTOW9lJyBgq3J|Rv0bbmZv+V@&*&(Xu7yCU&Whm_xw zc>vUOcanY_b_PO~jOW(XB-pCd2MoRx(kjl!hvXzn8YmB1{Z(1fD*_b#8ZQ9oAyfq) ze!QW%DM|MBaUURaTCXEvzfK2>y^JBVJXo_sWqnQW=SAwiHnQz;eBhSrDAk|iBY!(+ z;waiK7&10?y>*LQElI`LkfQ1@uP#3WoxX5P!kDy$HzwGSLd37}RplxqK8UN>lyOM2 zX%~{cn3bZ7qo|mN zYOZo>7tY7PI2en4h`*D1s+YU`z%eS26(XV`i*JA0I4^0d2_GDoz7^Qn1pOjfXRoau zmXY^XJlBPBLXtTabZmj}{hXHWs#UO{!vqd0?~lR>p>TL#r+9hV?Ko?BFBPDf#LM+= z-9xe7NAkF2Y1r&u?)QPebYDJ)(h8Wy<)|srt|3mXV7;=k zSD9dX%%Q&ib@zQ2fYs5zASL#pl+v+Om6St2&?H>_MxP54U9|$2E}62HgZSbPV0|Eq zE!D!sNTSf#sCW5k>UXrBXPYMpa#qzEQ$_tD#R$8E=DD^7t?FHP5FDdQT>@TC)!=?+4+2DXe2pEQi_9Xdagj?@T;_FCB<}KdxOoLO^y4 zLm*wyL-fGuSX^oLV{0EMt?5eRQkRO)?eaKKB8vd9Y4D}15arOsf3-6=k)IpVwCW*y zTE@Pc-u-O$%bUdC4~E2qp4+d=W`e`L&lHk4eJ_d6UFNuXGVKAk8nH+5b{8Nvgrl%L zpsG-yMA>_V>hturzfi8rzfVe}mD~j1ce5Y6s?o?{v5VT}bFG!%`Q#^x8f|_5?#NHG z!zE;JsCXEH(UQ^tfc{z6xXr%ynggnC1!H#4Ps{f`#0F$od@jGH(@(pFZ^Smw=#bo| zv3~>{sAW4R^XHPV5++A4ZN$b*H@;7E>4wTlHm6gpPi=Trn?B`Fk3L6Rcfkx(N)~A^ z7jkDFxqa**MD_r~7(fNK@=4NTkb%7lwkr{rauJKa%wKP}k>Oal$szT*DP(rMK9=|e z@|a^`b1%5%Yd9Rx)kAbErSpRb=bI}|BW26fYlvz4l~qOh41#6BNcss&=W*X7)WzOm z5N>u=8X0-8o^ZtC+Z1kBL4NZ_AGs&Kav50M=X~cJ?TrhTQ9j&ZAkPr9W!n{nr`5nR zmIjX8-81_dJ7e13Z*{7fO$K_!bqiC+mQ|ROUb)(S&fG8gYKGIT!(Kyr9PzPVcPEom z{`|l!$hkRqO2tJ&MB-JKUPN+CZ^Y1Gcf5nL)4Rg3eDHRZHkT zbU(OfK~!Yt2R+zEYsbeB*NN^-!cTrPUbyzigmO3F+t}{EGbj8QxYvenN$po9F~E-x zemos__}tIC0|fj*nrJ>I>mWVLf|K&S*7f15BS#0B7QH7U(+R@0EB*L=;2WGb~tSN=aXclk7N18;*FEP z*Y%N7cb;92F@EQQ6I1>{BY2U-3pOzV_hGJFlrSr`?$<;tpyk0%_O`|tCw+n$CFEer+NGe@!smRx!KVkH)!ERfm#O~RkUep$eueYaG+5u@&0 zsnFOzvSK6>%U=ZYdXw}!o14x$#>uR`92(s;#Q*{(I*n6ppQ{7$DfA?`3LS#!mn(Yb zDqoWDogmt2yIRig$ioGJ1S)t7#^v2Cy{ujiKa$R#_2rAlf)zP?LpBFQ0<~eEhS#}Y zp!_%gc5@+5mU|lT9{U;))3&WD3vM+#1?(SxVk6ZD8d!+3;-(YxJ?IBZ)laeX4#OGow%v5-XL!W;UIt<}-H+_( zobD${++yO(0I`aT12|=WPf=)P27{Y)RKBRYYbhCT2|!{gMPlw7AIFAci9_L$(EHbY z$A{pA?uVaA#Dq~W2c6AK*ha@kxxC&Te9NuSkFyhQKaQxL!^Z?E2<*a)iXihV?Zi1c znfe7Mw|bA+wt5^jbKzb3HMBrtekr91Qe@^`D591viDT;aTJCF7-wK-ZJkaX89P40_^{`;ybeO3>` z0c^!<9TqmI`Ha%@>g$Or1RhxWzMnApH~MhzOc~PsAkUCybi|8kQv?yPVCp(?1okPv zFN=J@Izm0X#=pgly>ef?-4G8DQ|Z@s@8{cAjLQ&nfMBW7VZT^xsp%iMSW0(t9unh{~XEOJLd^6AeF{zAgrMjg9SY~AfxRa={Q%cUK8gpk}B zqC>}%7=_`hqusQ@(~b;f)Q>{8y=(hc!{?emX@$U>Me>o&e+LWng2l2wd*+F}{^8g2 zs_0yVq;}zUgA-!?_%hAC?Wrt%o&E)QsscoB?of$7cNAZ}bObUPzpV%|g9Qkuv2bD6 zz2Yq0_wT^}DG@sqFvc=DU#qkc6)y5-EA|9Mlj8o--oay?{Gy+1Edk&TCsyAc&&BgpwaYvPcjm_(nzrR5E=19PX?&Yi`hsh)s8O zRh@n0<6+2p{Cc0j&VrC(gorS!XN}wd-hetuKaFNfIgYVmV)0h+uk{h_B>OG#EMHuq z-8Zp_1Ff{QE@x&{D$t|e-?)wy$?@hMZO#xOX=}=<)fOw4w_ty*;K9N<05dclC&rzQ zriIO}3uRH%i$O(S$gc}07k9;8mk^WbDu1$dWq(W{M-cV8hgora3HPksM6o%=+DxrU2+~Y}7qc-aM)3uTh zqjPR=yZCz_NWY=iUK^S%=kCACns%TCosWSOikrS)tzYZ9+sQyGCUY-$N4+gS zNQLXhK9}bP8TPrbVUc^DU)S}Tu?5m-JW|E=S57c%pSz{Z?J@y+WXsltX2K)Dxcz&j zEClD1EFm8S18SE#ja8(W^{L*Dn%udZ1qs$RWsv+pW}ih*NdBF9K?VCA6AA+fQ~uMG zeeB)rbVCEHQfU4eg2<_xE)QrZC}XgHj>gJzxIP}26&p5))t8_Omyfh9^m9)Ip8`8k z=PSMXU5l8Y-XO62yD})LYDeO8RX}ef8P*)a`uo7g!rY37%hD`Yeojr5gZ2-9TAV~7 zOqF$akna-L;+ixoxFfsgiSno3o-37nFt)%4uy6FJPr6Xba}OpGINkV59~z5q8*g1d z4}-TakjpZzC*ax6?kWv5tIKdQX@QJ*o>qf+tAA$GH+X&RcvHZHu8c<^Y!bupz)#pI zgxvM+T@A7>2mOgvPcSb(KEkXl!#!v)j0_7P%Gdx%d<4Py`S?@4EI@EP!FXnm7H7Kn zV*UO^a4`#vNms@Fz1(HEx8K7QXf|-t#!vK6p$nf6r~|(iK7SJ5`JRNz?}_dZ5ef8V zhB2B=mGilZO#OxhL4m2E3->t@Va%sEXB02mkjx|6Q;O515YoGN@clFXEoW1co*w6E z-jhXtR&kcxo_nHutq$W~vXQYR+&_cEXwEa?UXensj#fu6nERNoUErvElNUU?($VJg z$QVQJE#1ymq+E?kzJqBMb4JUs>w+7%u+kw7jgbMP1hc7iylFjN#U3FEohlOXVRj zjaT$(729E|&k?*_QBozNwhr?}nBByL#S>4I0R->8y9KpIA!j_aU@*@`yGryykKyo^iGxvCeR%0jJ;`^7 zyLcv^7<{5)?t^`X$6-;)icc0?Ez4XMe{TD2dX}#&(?ixD?)N&LxFjF;guYyLTU8j+ zd$TqUxgS#3RrdG8#gbp|!!y=WtrNQ~Ab}CUByR(MjIH-VJ75YO9Aa6jL5AML>9^tj7<`$Vc z-Gd)WUh_FM!kmAY6t$a^E4++lTb#!SS$8PpVILDS`J7RYQ8^JB!=J= z5+JlhF}3n$P@wd8w0#epzn?c$~P{nbeGX{H$6{uI4mg%T~?wf=?zyA1^; z4Pvi}b@Nak6KZ?{xDtQhS#6Qb_4k7%y^ohLv@xr5t31#u*V%(u9HZwp2&s(BElu5P z`L4Uww+#?%DbDtdPsfUUqMMKy&+nd*04}soE=pG0>D@A~0Wi2{oYCFt2$OLY9s{$- z^<}0G)EGrN!KmA}{BQ}`+>TLqD=eP6dm2q1YV&KcgN7bKB|g;I5$n|+&7^a$%$dng zq49jgr{_EG8k!vL!SkWM=nndi*quAntiLO11<-9=>uzcBDLYy-)37|MB40j6x)j_e z=8VD?j%j}%7j!UJA-yIcd3UD@7Tl1(2A}@Ua$&=Qoy!gxV2Rm7Z@`JmTVYV(?>Bw- zXf58e7%#dY^$zWmLyhEe;TGRLn-QGhcv&MO)_>Wz(jRlPSokFdN2oQVo`);m7Wu!s-B#wWC?&T@Wqq?&mjme`Sz zLKXGf<;>#)_|msJTH5I(?Qx1$VIdHaAyl+4KnU_1dEc3VhF9D#C##9!34L&wi~{Tg z&giZ};C{J4*-6XD%|DbzuIsybq2S=|^zPw%t2o~~f$^QNG*ND8^&WRa%;W;7oxPwVIoT9E*FpT=kbZ_*6 z+=yrMw^2m)A%(s~iY5hiW(L3U<)Jfvm2^qIa{n&RfoRM5_dO7P}b|4WNB`90RkV|Tr=0mx6^xCo&G6tKl_gGmLyJI z?h|=arcR4xXY+3#cez}jRFGPWoXFSZqjm1IUg3^xZ+-xW)1%RT9KL%%1{3ryw%#I& z`CU@hujXi7X&Lw)B!#Yhp*H<60cGN_?ugfLa$^q$>AHcj*}YnllX)g_GP1#K!ZVM zI`$Tm)yXRmWwVe?&#d7o#MREW{Iu77N3d_O{!VwS*3; ziDNg#Nrelrz-1bAR!ll61wE28qp^NyVV`KiUkyC`Fn&zy}qyG{=p>%)87zCCq$XdW9{7bDKL*)M#h7>zNRtI;5>Xv?beg|hF?a^46Y~xDiKfovIv;JL*>0|Bj#;jj*^rnAw^yZ3p&&{Zycsl$=d0u4# zU47qV-oB8v<>Us%`B^Cyb%|PSP!Y`ovgSF6st+1d&^j001W2xm-@;gO+cGWgZP74D zTGRj?J#0*INF~zEiv6CiiXbR6hii}UvEI}3>rE6WPGOTrnB9_RgBHPPIJ`*rOdr`f z$bb9iuE8FoFYa@FVF5@si%1&W2$`?ZhKVcW*!b|2*v@BjZ zAD+u0Pf%TACxoKcGcxBr5ghV93iE@(T{E0`@czq*9etg(8?6rdyBX6{I(W}gXLP;w6( zte^-t=)zt2*%d65=wo}OdW6nEPx}bnJ@RnAOCx{X<3(Fv0WP9Su4YH)C#Aar7z)pT zFB7Bi0NJ+V<#iQFiX1Pjv^~TQFkkzYU9}T#n!h@?--P6o$Fv$)Wt+ul9Wsy57I80s zf42&3#w#p#?3gFb7KvRXz0QneG;roAvUjsHEs(Tg6&l`V#bsbwC{Sg~>R12|LN$@j ziIFcS<8!@5)au1h2tIxUXsb)I?y;GUiA}*YB67mYV%gDIc0Vy}QqUQ|EvMu3-S-CF zBK$bH3ACK4wq7>!Pe~jYaRonkM@uRNly_%%uAE-dX^(*)3`zg-T*(Eb;Q+R=y(GnR z2W2T9-6PVF8aV=c1M;GmdRjU?TYL`dzrcGx{n4^&gBO&CcFt-RyYOQFZycFb9SKe z4M3S!CL{Ay?28Y8wpWjcv z!nKtt`-Mg0?Ex*G8$+uS18Xs+XjTLsXN64lq#ghh#^X2O#Ec&o2gk%eqnNQ=mOE<0 zE}{ENS5#oLTer&%BkmQC19l51#4+NPJbujuk{Nz{G$5<4iz#r+Ge_f%3Lnzt zv9D}^iFendnSV}nY#pdOarI<}vQIx9ldR|fWIpwO&glibuYf!>_-|b4k1l}Ze`&4L zr4`(ny`TsWip$}C#iv@8EI`?TJO#R|aQni4a@@#qohMd?X>c~sg4z0_MYarU%eEqL z8su|jPhs$Pm)wOXg#y_fTW{(|KEC^c1A+X~HkK}8^9U*oed3tMZ_Rk*)!EYxWYiRf zofx2iF5va_=j#B-lDs`z@gcoVCq22MssxKhFR+r+1+lJ@U#Ku;$?$p@BOTQvwlNK5 zvTgVhq-sNMe%0QjL3td~5?qXa@t;GOu=!ku^Xev){vp4ed(!ec5Z$L4X|qtJPkL$< z@?8FevRQM+e6a5f8v;#bI%f;z4YG)A*JBRmD{K9 zF$c77u~ok{94^U0-LtF$ec{i4SbthQF3MM3+)xg<@;t72YYxzsm>;!!1e3*^HT+#C z#h@O|E2gMhE*OGyfHLKAM^W54md*oR?$WRaj{IIgM{@!s2Q5Vx7GTg=iqOvJ+zLt9 zKSN9TrrLT+o)8RPU|6qs1#p4O?|@}moOgDiV)%LOR$g@nA#o9QJCk>Z<&GMF8KKb) z_#oVn3M=kMWNnR(mx8HU=lIRw^6*5XLlj?cPd~mcg^1E(qKEngt^j+mtdDs*Aanrn z^1OXhTtfI0p$E=gH@GuPZgmeRPK4W&Af(fEFJUP{L_PNbM!ga`9*p)V9QOlZl~8K( zI9OMLGthXPJo~dM{vKI0Gtl^*>(%kb8%!Wd(sF9(Uk)*W$e*ZcPhy8kg zp2ADRJ@x^BR=K=mn|?&dK)N#Dy7Z0eax(t>(zH-T?F{bGMh=xRw1vcUT|4K-4z}a`Kc;t|vHF8R>CwY)+Ca}S6le{xkjh+Ar;V7U8g~dq7P##Oyw8XykB@yJ@V)r#2>`n-y|)K zKMZ}5@lHe9y<)OIFE($z_x!lUXNLD{pI!Apdd_$A;ntF1!FZb{8oc_$W=nJ%Az<`AaXNC47g5>T zU!-R;J0YEf1z0&o)_q0~-svZB$W8F(8?8dqVg>Z!2G`hqWq$V5x2?s`J)XtuJ1bCe z=!T6w(JTKXB5GhuhGK;I5}nglE`Hj@k*9NhDiZJfN@)Q)=5e~7-ZD#Q>~uqHj6N-^ zSq5rjvg(daBWc|!MP`r7AV`#Oy+AWN{N$0p7kA=4eN+8w#+ix6HPlLBK$m>>I9ueA zzZ)&6d1q_i5Cps{ye)E8%ZJwTBI-smj@JBt3Hm^321*lIJf=O7LT~W>w=4WR<6%izJ|c#d&C2461k$E6AQ zvp+o0>JZ>b#~=Gg4UmAT=g|-CzJT*E*UUPrJ-8!l%uvHe#!Mmd-RjTQ=O`QouNH!R z+I?yo@SjllwHS7zLsL|W@Y}-8EV3g()6QoN~sM^9wy)?&ttqcPD{NWRWZyR;PJ&^YLR>#+vtXC4AR z)gxGH+d`V5`;%`44Vs!4Sm?2ntvp0}zDmz$Mc0DAmEz@(K_e6A@N1RovRWJ<;=!)+ z2Z&(*u%%^#>!=c%JSbY1XcJDK(V99o+Mj|J`VBaT1zq4qW?gLmF{Srz3OAkxPwop4 zYdS$9X=ErZKuz;2Y3?(!Q50!p?ZPJ(yoOws ze0krd?jc4u%=o#kW+|^~rBe^<9NAyiR3l-zySXhm(eWOrhH-V)ayp?Ue4wk+qW=tF z4yRtfDjqK9p|vEE64L z_njro8b85!>H@-oHlZ<{(m1NzNd9mvfLpvv7j^+AX_K9(H6657qp6;6^vq}5hh}J~ zwA{wm6wStMUJm0%C;aPkPaoLcG3R~s3TEBN8Nn$iRucvh5v{^Dm_!E{5L$QOSx%+5s`Kr_ zx710og?7m3<76y(P=Q_$18Z{doAVyJ<;Ha^%cB`SVGg#!a`B~w;^)Bd!W9j;fePKn zeRVe{{)%e%#}6xxX>qH^eIdQoi2H50i}J8<`A+8ot?Q z8(MZd|MT(TnTekk0m=CBy0B=lU$@8OE05j-G#K=Pa90F}x*39mM*PBNVIGGQe`>KM zV$yL? z4GHF!rz^5=_is<;B^r)8Y>Gcv z1Pv9f<19hTjs+9=KPPqXIiwATHo6xvH^coZS*bMS)jNY21P29DmN$Pl__A}3x_`VV zUdx*1@I}$92OBQO2MH0lGoOrA(#CtCcF(ZKt*^L9&hxZYkneGJ`0MY=oy^2ahN`{f z?RI`gM@E)zF*5dOetTS<_qa~l7TEs0Ws+friTZzOlc&Jw-Zch*Tcew?~TP8_2 zN$wktMewVp;u;p>m&MGVGnpo+o??YnKkThi{=Iuqra zwAHD!CG3M>`x(^!T3?dx5Jw&)s35q@4oPWSdj{f(+XnfEr4B(HeRCN5Z3Nx^UX%Uk z1&QlNZlh!K7mvuF-W3QIt%MUT9lW-I4EF&JUL_DTEdAI#X2}ypaQT+2+wD zKB%)!-7J`rHwAJLf+366kE?Ah@2jhGy36 z9A2WDgk9ct`W@ryDcKpCLJVI`K@7rc2JfOMtf9Ju$g+9Xn(SB4d_AxP?N^lD_om@{ zLk<8k-uWiO93D5ce@|QNzuGsp#8V;N`EeZSEV-yo*QyFpGGDX!M058clu7rDCs+R< z$;qbs!1!P<{4%-)JNx!Lev?Q$>&t812xvH(mM=o>CI}P#MUOW#ToN#{ROBzi7rn7l z7y?SoZkT&--xCl2)oQ&thu{+KdwLPl0F;m!3!x5kqvpa#>86fle>EUFIe@B8djO+A zZGPUA+uAq>8H0Z|I+{GMI)SpxUz-h7%0{TS+e2-S1W{F~Z2kh@xbG`Nsq4;s%M~}O z4pThAA|^iaF(10y8*P_Y^c{9Us8>4kOwOPnXXf>31?aDSkA#ub?hVbsb^P5bk0$%L zefUQ6<$wD1U}(SFMop3yB&Jcn*B>|T7r#9v*WqVhBbF{dVY^xNj9!<+$*!(U=m_4P zB_{TKL-cEM>&+h>W3PD72M+2-JZ9mu6yIcy{u$0~muf%=`#aOIZHm$+0f`?T1sZY7c}q*G-1(KM|Y zR$b}`Xln9%d?T~VTC@D&6U;ysHx1Qa0~jsXUKAehE*qT~?yT@$Dr;lsbk~RB-y!Ym z-uE{#y;e%m*kBLW&(bGreQ>bSK|hZV8M^gkoH4HgJY0K!QtaoETgDHuz5CPA*U?<^ zwzJO4UYrD&ou9zEAp=CYrMN`t;Kg!CY+KD)a5Acm3y@{9ZFunlMYvb}fssao44Tt)Ey^&_Liz0eOvn~VU5VE{8Wz4cp=rMP z`Wg?RrdBD}v~an7Z9O(eq5-IDO&0c7W9H-yN+jKGcg5h20m|404JfZa*a@xpKrIBra(HC4wX1Sg|q_5TCxpPod;=obB9 z{TwHRj%Rz0{P#U5zbk&d3&9lSX~qX>3(Ji*7OT(}mm^`PlM@^5wt7 zgijgklXl;eejDnm)MS>gpW!c+4S|{sU}`%OpziAFnx=4j6P`kf+B!H-R8F!Loa3_N z6?pdXu`d-#b~s#>vmzU3?9V)ly*!t=_HIZQFCgFNzeh+(iAj7{!>&QbcQ1=-e_s{{ znEYc=F2O!>N(G)#LY>D~^##b?*U_OEa>{X34k`B3$IiuQ&yd)_{$F z(a&s8iJk^O}P6Ca!;$r!(;&e-fhd?<0K#=5O`43wRKZ z;xr%0_DC&cb6qXQ0aL89%k(@hA^HRu##9;bH>`q)$Dmqn$>;omw)K+pC+fszl73o$ zD;EHqKI&eKPOlZP;{AMFg0hR1Uv1Znz(JBzq5kn1N22$h$Y?9!<1sbOHBLZe!EnMQ z_`&lQ&05yaj#WW*aEz~?D8!?`m*6wsxy3jKkfcL}1-%6x1<7ZLqNXm47T8gAXpO+E7+R;7394;z+kA;x=0HI^Ii8nPd2^F?t2dx4rzcu@eCaD zO`Vv-@n)6_(BrKjf;-!iz05F+P&brh>Lopp$t8OGSR9&mzbx?2p9Sa zd`)OCWtK9?BwZh+ehyb8+!fk8SL@JYjDmSc?orOAO4VnV_)oe4KrVQHjNwV&`VX}A zulNxspl;&t1}dFsmR`Om1@aO5(ppYO=xIjA2RK)2&;35VV9^rK+MD1g`gWeraZXR$ zaOKXZ@;y5sw8^1wJ3VM%6rIs;O?G)qHt0RBF7*;%fmawKI-`rue_reLYw{;6ES%Fp zzqwyXo}q#-pN&ZC#uFCU={`sEJ#j<}C2=1AIsiit=EL#LD`u3paX35!|DRIFK~0q; zgyfz&#qnI^m$N_rE)t@elfH*L*`p(w3u@P3^-%V{z+8DcEc(NrvJZ}X6nte*;YYhH z0J9F?^S&0~??$+cAMvggGpc>Iqc??2xPT507`6J@H2d!rVYrChp8q0weV++g?2Ti7 zd2_+(yuF6#{^}nv(Rg~^%>a3tJa6eB0Kw{C%Dxo-(u-7n&8mOHgvNCqn zb^upM^CQ=fKZ3AXv*;JbpXrUHOyNdw z>rKh7e$OXQfhFt97j5nw?3Z0QNa%9+w4y}!a#ZFXDSNACh?KPN%`I+s0zNvW>4~q7 zt9%ar3dUja8Ti_4P%ZlR;7km|9QBj$JfJkol&tw)?k$-5IDBy1~DX{D5ZRZ+X~ySPk6D+2iy|R(~lQTRdJn)D6)6yru^5dLPUBevgf8 z!?PLFGH`<3d=u?BH_RDg>Q!HSRWLHec7sBWv=2_#zpiwD-1m`$ctO*SE!}~?Wzg=P zN`eIS%j-}zTTkd*^CnfEz2=}P7&ox;*k^_c4!o(WD7qh>b?NpWD9zr?-57psl(j(r z#0_j@%LRhggfI7?5~Ei9z;QrQrL{z661uCu_D_fmd-|+@Xz|uP4#JqRLb(r{z{4bB zx!&XVJ1h5a@KH6BPftd2nU7L}@zY(sXT{mS=~W!wdlQ$l&x{{|;c$JF-eOo}gihOi z$|jS4Rj);q?K~q{)-|OzA{xDYBc^xS$N3BGoZQi55>_iD11Hb74+HTkT{~D;%lN@3QV0#N?2`b zBA+91E+C$oGc4b`UCP`-?1(2N+r2wP^*+PU(csAgeud^t?Tx@fRG6m+GO{?qA!(ua zqf_}&OY{U@7Vay1ohj_pwuUI)MYU^H2dFKrjV5q-_rSkg^ zT!9RG1A>Tcg-I|K1GqW5^JSlu_e6*?Y7)R(s1-v?pn_+7^Yd4{0kM)i>GYG6^nRH} zBEtW#sz}gu;9EM9_w#WLgVG2hqPn>CK6eyIf9xM&onWiZ{eph`Ii-zQ_j=ef1^CAm zQZ72Z51ciuD4%VK?vUyh&CHuK$Zd7>+pwqNG$!me*o7~9&Gn9?7QQ;@{Vj$j8O>zdAkeZ&>A7&lk9y` zxR&TJyiXeX_f_|2lgwwnnG^kHB@Fd_YF7n=yVRdg+jiupZQV;3X`I<4CQ(wPYiFj@ zr+UzCK_%7C?8nWvU;q#0Tp#DRUH_ux`grigBp~&2TIC z9R^^y??dUgW;Hy17IKgx1Z<#2Gl-7IoWWg+i|QOb>JT7_pVlu_{3hHJUAR=e@GVtK z&}<|?mUd$y@r#lCoQ+FMerx*sM?s)fiquXJfKVnoUlY8*z(4j8jm`TOUS5PW1V8_V zi@9Gk3GZ42BX2FMO-FhWpKe8?5sthjW{y&t=b{iCpS5mVAt zi};DiDOj8z%tK|_BhhmQH-HGhqhh#4Ih3}<$dD76l~D5l>A!jIVPR$Q({nDLf`3Uf zk@9G9w-v7PdkHNzD>S=s`tdE1!>K9tQ!ZQbq2e%9%HcYf>(lBSMz}2VtH%jXJz7ha zKgM)kfVNxEKj_1s^%J(Z^6I!)9WJK}KD=jpfBhgN`$qbH>$e!`V%@C%F8e`cr{KIj zM3tV}^%!XctKMuwJD}KO!x`K;yi&yke?NOd%tkW_w+}Oa53RuA6Ob|cG9D>R_@($H zX&(KV`TLx0e<}H-QruHr7L=y*EHq3@e>CGw!lh#+`>H;imwd8 zRmiDk!exkJb{v=GlcHx_GhKstCtI}+t1si4LC#$jNTH;AZf8eOi9@U0# z7->)TFTjz|+K{Uny{Sl&Sc!s?tYz|qzO?Gp>h|;5_O1%LJ38J~?_eDvD^0H5?#+rh zRMBeroS6%mwU@z(DIgje_SN*Kkn)Ldb^8+Lm;JrC&8^ZE>mKjjz3kHLLH08_)Bw`8 z@qn&aJ>@tfrpR<7ll=}XIAE@|`=!S;LF7T7p|8Ayv1@T^t_>{M^4lRx1-1bd$%RLG zm5DCx$d73s6tW0dpX+7TZA9Pv=UL1@5eDK59{T>6`0*}$QQm`T?5KVh{5Ih4`iMRn zE#4z)=9sPBiA55)sWfk&=?^w4@rpN$^qJc~7yJoP+;_Jc1qV3(Cc1lE_IZYqPCwBS z&^?|44EOj7fk=U1NQper@L}!&NmhQoBuyF9c%vJ{!;QWo>n6J$H0TCs-`;9U7y@a)48bcY7YuF5e7h7=`@C zm&HT1jo0r-J}CEyf&VzebUG&c8UV^oyMMhVW;)IHd4D{tvP}}#*&ccemJ5z)9WiH8g8d!p8N2@i7;7aB-T>NH6b zNwM1JVvjmfLHjHy*c_#1BLpRrcD#$6r@+#z{cxOmn~pM{#8Bra#su-)KH~=4t8Cz! z_}e7hQI~yZ`a1Dr^g5nD#&$lc{ycr^!lD}{JvXeWU_3}FaMKxHfzD; zx}x9QW2F8o$vsh|!3e&7K3R!eF0A|GQ1)fCbhUE|vE zo`t-jpGf2Q7(aNG5{M_XunsxO;UQB5sx}5l0ThgO7n7jw>5h;1S^}&yhtG;>63qxHi zrQqLm@&4X+#TJHBb2;gU;84Z~$#tEhhF^L=M!Ubl_y0-31a})A(N)3B#fNo?1(M_X1Ri%I%)kOj;LyjK+KZ@204Blnep-e;jj)VO5-X4|;%n`F$T zB#xgPN|Z*~Dy?T4tWD{>jZwj;PqP*|xD`3a8Ahj4@?Ad%5<6Cly9*KK9dTvu%8{>O zy@3470X&8SjaL>f+5zlQi>K#^|2FQ`%-w^t zQjf>)^|;WF_tbYaJIDK0#p~X+X3FOl9`I)*$EVU-W(Up_MjDfOdcDqZ{5zRjto(Iq z<@+sd{K&Y>ImBMLag}RRwLr38ipQBwtXC0ir}!qzJ&(q1kH9`nY@IVmV^lvaFnPp_ z9Ph>9@G3c$_ot&-z*tuO?V-H6aK<2LU$o*M7?7Kmm~;A&y_9dA?@C7%0s-aq!_T^+ zqimrhbJ@^@-8OFsVzZ)`3hZuh7%P@G(W`3AY#BGF`-VZ!NP1qLLByi{R60~&Z0FP% zbJuIq9omEY2qe%T-f4i^7+lc>a z4v1c!gZ(3ZxFhoydOo!;Bc#w8I5AQh=8ZFcfqeQ_#qDS*^uRLvU*aD>Tc{z2mhS#0n7Rxj{`q`svDTEM3_EC zbsci>TL9+gNkQbP8Xg?{ev+}c+{^uIZ^tdrMn=U{U*pD+0Hxo;9!((vL<4@vYgbMU1fi- z-cUqN@kd|FSW*-ODh&6)0)JTKxL9bv+5iBz_o48q1$3C}9Wt>=PwdxukH&0irQh-8 zHX3LE<7SgAGrG#p-IKr3D z@88*Ff1`9T@&eZiw>MFG6W%C4r=QK;ACX7qpk)B7N%O>M(ez@pKZ3!8K*6)$4$^}U zcwmr~@I9j;(32)>pC8z%=(wLi0HJp%@>&aStB^q|mv)PX@tItjnve3r;%@rg+%qNF zw2xBoUkV0XEOFxHS{IP*jMeru33>sg*OlCuPANz_Fw-RpRNV zlgVW;rNp-;xu3~#M}jDn^GW7?w^9Y?H(z>nNS%s4HJY#uZ;K=+fG=B@U$%Xyz*J9N zb}1V;BwQ|EmG|if1cx|CSOv}buY~xZCM(}>U1Kg!w)vMRJzz*96(EpYI^{%6a>RaV zZJH;UvrdZ7nna2gXAp?7dIYK4GD&((+b0Q|VBmNjpYdJo)hpB>z3wf@Tf~RK~@5 zeP6E(zBltNUN$CGBbU4JmKGaO@PU*xGM8rd7HV%A+!IR9GXc?5I;Vo zPbmYO#%K81eJ$?z`__H+maZ!7qOxrH$o3`T3Bp)q?WP6i)&MerBLsBJy=WeUiy)YUry(imBjF~UI8rLr*=Cs zy)$1*J#3QWKpd)Loj}N+oE>5Rw9!5ggj)y%+ZEZ1Wl3}cocG-NTjK#~v57CVbruth z>Z@*b*u@#*R92Nk%n`7GcWqRH)?%g)i%O8<(CQ?hI{^go#PweT+FdzzntIR=&xF*U zp_y>B=oFzQC#94UT5J zCRdq9r?HzSksMq!mk-?tzST0T4=zD<$D+b_S63BL-j;}X!9K~bx09FpxPks-QliR;Hb+QGME{t<#0D6V_N(>2Ayk_sUqn_^h`QmI- z{@q(lXMrwYTBeIV@E7$NC)Yu-P46=VezT!d8(*TYlR;FsM-0r3xnbxl{XQ+dE|b#N z{<5{kI|}17AdFR`J~iuLoT^#d);ssT|BL` zy3nM4{~A-zG@+#V?JJ1MPG~tV?|umDg;tn`+Xq8#;G@$t;zD5xyz%=@WE{HVYcpB+ zhhRize)f?=ezb<>$ZlU2d5u>YFG&(Fm&gYi@&td>E4xnQWWlf1g(#j2$Nbp9b{Gc( zUtD}Sw)CTsn=GXcGbIg1B+5e$AhdTIiIh5_gN=f_ z@qEp}qIFX7M*Ug`2#iYJ>%*CF2A?8#Rwf-IR^FB1O#V%B62=LqQ z#%h#W)Iz%IU+mQ@td~#)@ptp&So<_iU+W+Q!V8d`0zNjhgH4p^TwA#6&8ILcd}+Q( z=iY*m3-JZk9d-x_b$!0b{WW#=9CPS?CcSc zaA}tB`#Me_2A~z^iHWHu!~8exmoAuYxsCcxI&jEd>Wjg7ulxwmK$@c`y-pjx+Sl%Q zVuy&ub&a4=XxEnQ2c&BvWW5cSPV}A2gn|MR);`7;pLXYg%p70-GhaV`Eot`d~ht|?}7IN z3m`z76pb(3u-5yFW0?}v>n+W-HP^NT-e%4#&|uzH-;^sJPZl~#{KI#BN&Wa8RoE9e z?7PqXcCGIcg(82DdlfzwxS6#`T*fyzzn9%n)wtkWgy2go3|N-zvv`pVUN;iHrz+;w zHBq)^pYUHu*O;#B#^SI?T@m@c=tAJXGW;nj#-#^NPvNI%!cA^do+YgJYt%7(h^qNn z`tf=Q6I<#!TRS9`aXCBl8H_s;Xa4R>P|qtN!S_LDp~>JT=HZw7M3>_9$rff&=I+O0 zeX8x;)$puY^bk{_F%93d;JTjDV#V%f6p|3Ti0d~R-nYT?jZ%Fa3gJV+XwTA~QniFv zQb#{JhoESmwCZvs8{)6~0SQ}dfp%{e5JMjyE>R=7So$Em(PrZKR1mOnadD(t{>)SIr3pLw$uH_=xvQ0pRZp zhhU^k9@0McR>-?>)cw8~t@ruXzmOmaZ>Uyil(|0v^swvpC_lDeJyg#09@q2J{oM|) z5lweiSnUzzo4n_3M=#1QvJ%BoDwXh)y3${&EpHs=`W|Qw0_~t_;`?uCKR0s_JzRDq zIe9&R3%t>{=X8MKo#&Yo)LIx==tLomjgSsq_UTWAWJRb>QWC0}Na&fMz1UQ0_uljo zpANh6IFBSxc#8F5PQFiZCx>8N^?CkQv}ICBO9Nvq(9-osU-vYf$^V50rDR-Gh>DNr z_zD!=SJ)CtK5CbS2Fpp+VdP5qzDAvaoW~!XuUlUkDA1p}y_sGC3y_#4;?+Dq0@~QP zGb*d`p%~L?jHzC)?$}v;jN+w%lcwQj_?;bkf7|GWXzsd)TT_fNMHKuaEl$kHgz5@i zuhzbO`76r^rWFchAY+O}zmOX1kfEsqJ6BO~J?EqEXEb@OC?1J@t+3yXsNzwjdy7wF zs#y0kP1!$^u4_wCZHxYrB!NeXB0)0BnTupQ;Uf-!ZoM_|a#LL%w&mTsd z4x$69!Iv`a*c#uhTpkSA`j){yhd#vf=kdCIM=kr3oeq)UhT^)AZxMoXw~YbxHbB2% z|8#p$348M(&79ljRW-`dte=1{8eQPx!No^~3PE%R(k3Vj)aZ{~dM(N@c(EtKA*%fQFXK z0hrzyIEG?@R3Bb#M-|X%&~D-rvN?%&FfQs`4|+-FA4YfGn)fTSzmcE9$mtAxsa+9S zVU!xy1?p2en^~)$qklN-%Fu}q`4L)*xb16&X#5q7LZcqW{X(CvHh(j(=E^6`&ct3r z?l-%Yt$Sh|_J^-bPp{<6eQxKly7P&GRO>IIvwu-c>OzR|`m4Qt0GsD3h_Ka2=ciMg z{IduvL3!I}3sF3>-WY$_OTl;Qpqx-XC-s6v zNq|#2`uHORs?4q-Sp8NWGw!$}u>`)(v+wVIdrr{*fgzrgNWWU&roG~-K|TF+3R?S* z*6T}B^9-q3fHk@)B>b3e5_R}!tA0c|H+PEyI}WH4=Z^v`QV38Xc|M303N_YA_u&xv zJKn+vS;GpkTNLXmwqTZ6Xg={b`DtAD4IV$>J9m=&Fv{;o7U2M}^vWMHL#OQRhgx|Y zhKFGGD=q|dUZ}dy3SuK-W&CO?%@99~Jc zpHrY-l#41BcOKF}=Wg2Wd#F#@8511*#eDF|TlEDz6t4QAP@m%JLVJYR@CYNkD^-zf zBZruaNe6t&M#SAPPOfx|!95@v_D_c;Gtx}*uF7y_of|3Je&qi3wM2GeI{JVC;Ffk{~qE0RHR?uea|s^ytp5!w_t7 z4(&-O{F~)|d|DowgV$0s?|;VgXJ&;93^3^z4b^K#ZI~uQJBu?C?I^Q^$AySP<9)v< zIUM(|BZ+?O3S~(A2@eGK`QQrdVN_kp;lT%XgJ`o}hJsE=iQ%J>B(Qh5ADCKFi40Rle{$5;jcjGzJ6 zYKpHY4~Vi(s2QQgTAyFVAzL2D)pN)1bs)rcly8Kx3N&?HL~lY?iO*OlCeb_5!!n{6 zDqB4c5~SBWv%SQEd{W;-Ra@D2OO%wmT$0|kR{vWL;`%BBGZ0WC6%H!^6!uHmXT@Z) zzq4|@b#)h?G$*z}`mUS~W(R2ClaW{OI#3GJw&1m|$F>?7KV~ND#rVv?$t7Z$oJts!A=i%Wdv-~QRW@%raFu-r)rc0H8VQlDF)gK%cgEsBI6!-vvV~KZ||8uGTcB@cthl)M%CQx6S`r{71)T zwGey~9OsWO_tVxVgYzks6`4dkbs!?B0^TM#AqY+5xQy{b`u0nG49S!z7SSd}BRqPo zIR{AJgf7Vv&_~Uws3S5vBI9|$Z-`)0xO3((eezOr)E>|z9g=Ib{bFvqOfVgd?cuu+ z)O{qdH3Pdymjv54Sn_bK_RH1Xek$S|0nAJ`f%HkF8Q<2n-6pQ)qnX{kHFUI0HD||cKqRbluu428K%*}+s9p!zlUPo)g zFDCW~9b3nEG3ZUy)d4AY5a^>?=bYNx{N2Uqkw5aQiE`NXcyH&jj(UQU)bO|v5CVy< z@1!K;uInJc%uQv7z4DCg{!Tj{iwdgn34TOI(|qgwp2XOIO?I8CK*_9#6*^<~M zxafUt3;aAg5P<*c<0pv__EBe5=}m8E%qX^+QM0d$AM5*Fs9;}0dO2JI_t(6l?ae{r z>;gb((#eUqZQciXmhRik(WR}%0rJSjZEG&qeaF^USD;>VwVlI=3HH=qD6C(H#eRqw zt?>Pit}M$9nV5ghR~l`%Bl!eT9W;^IgO)|9Qq}hX5?C#y2b-}TG1Xl4J&%-QvzCvm z)a@(ONgChK4yR(l{aNvAd@|&>>5Cyn|BkjTB4Se8{3O342gK%$2>joV0BlTrK~f4# z2EJ&UVXhL2s%EGGGsFEl?ehn=ntl7Q$9n@5m0n>$|4xVdU@--oEtFFv)ZJIDB@dgUIa}$>0@6F&vLaEeB}*fj1>a}c zw1Tx_3Q5qM|87U%Z%z0nzIr*ndZ#9p{ELFRhMmF2?ZSGFW_fV6Dbs_1uvV$E?> zxAz_;miy3QC@X}%;1jn3ot$LES+@kjsDoL9 z5EjtVczkUz5o0z~x$oEeNOix9yxop|3xjA_e;aXgzOAmJ(BFQuH>zpBj|b=G$GPXe z<9>{HwX&RXRPs~c*>G`xIXJhU#Ds@#-?sOHfFhr(6jJ^WGFZ{Of5G>*oyK?b=+Ch8 zeDa%=P={TXcAuL&7pOoArfkewR4?uR;H7;A?n8yI%R?^7MN;11wPjqi6cO?{-GVo_ zdiCJF#-C?%P(QqH-f5qs8wb{gC?<-$wYcy?9Up_9obG5<_m{G>xyb{IGsH8G6&#+! zYrm#kGbDMRFL!C#?@7&HLk|)(AK?X0DRPn(9jl4p%cR<9XdtG0mLhr4-R!Yx?t7wg z|0XBn%D}Ny&m~x)y6UFx`wr<7KNP62gu^vquW|?r=3KD&`Qa<*5c)$~a z{60fEzY0^OC?P?$jOJ+UU-!=&?FY-?s|)iL_+CoSKlv;Uyf@OFfrPANKfkG0f}5B% z+rJe8J;hy7zq4t5w}XVQdyrO`YO{42BL6#9W5ex zhWlpx;#tWSQ+QkP)^|^3xDla?($jy1PW*<#tdQO*YM37`xG5c+xjWER&fuqFq1(|J z(7RTMzxR~*IN>(lJj&QRHHJdmj3wAdn6nuB6exu7V8c%Z#pTby_|e~#Q72&gUIYN= z99>UWjuQfce+IkFg95(MQaL=zT+c>AZw5!bhY^ju=pk2Zqay@;h;5E>8HmTz(Z4Sw zA?91hWpKI)R>Z1+so*#_X*gwOa%RD|tNJ5DI@t}4m;EAPvo_y^1ZtqKXfFwJJ_+UbtqLH^FAg^W#%e{#Lns4NPZGx_lj8ai@U4ln#O4|mOx`YhtvEg5vx4e~ly`1?!T26BO_0?ge{YK<7JtQN?v{L^ zbYeg#PotsJ>37BK=#s+gq?^(rv5z%=2c4Y(;(vrBzKLGvo3UI#k^SdTzJ1_%1DKi7{3*Fjr5nn)Nj=rE>B9vievc4{=& zPl>~zBZ4zmM)GN%w0?J;+rQ_rr8_zqu4#mrWncVS!wz1cIrQ58`jecIRaFF(3H_T7p2S)Y*XE`7H5~5wLumFfV_colv15LM;|KI7 za4!Th8rnBZP%qD7GQvIGrH;uFQa{G_WycQiR>_2>pZwZGu5o{X5DXz9d)}_}5H2$; z1SY|K!`69^X}A0#$-ni7wMQ_VO{l)?_HuwXoL2d6l z{9dt03lnqPl)zaIDrywlO5Kd3XtDAn!gXt_>Gl*uMfudOaIpTY5-z_0fkuW>1avcw zg|MLQ)~vAGd=Xy+*4szqiNnK$XPtBh4#tInrK7yx&8T zQR{0DHAjOHucyU=s+xU~=X^g9>vv8!VDkqTg}p%|==Ab6Si|4}Fz6oWTj=T*%ZbzM zbYOwprfaq=y!;HPmcFuwvW(1i>9O`(t~B0s#uw_W}tPyJ8_TSk)qL-z;l3U{3Qc#Ilao z^iSO|ao%rKmQ$)4{r zU$(DiNQzjajl33?0YKFLd^!^D0qX=ToV+-F`^=6Y)%)oFLrTKap7$pXWY_a%;fPDj zvmsXquBD+EkV18~v+jTa8FS3m5b!3(<8OHZdDF50?q)~hh|8!{2f9DmaDolp>G4_U z%UP8bvrnn#SAwNvRXw_I*SuA*2eF$AYh$eTHNfZ2fAGbWH&;gZTW@A6-^WhBp-1L; zzTFj@{DrsX>$eAE?~mS+`+cj=ftr$h@i2&)zc94$W~6&i)2ef2a?`YQSKMQ)BYN~h zI_{^KpBNW2u?s2lJPq(i=Unsby1y|BV;EpGgkIYIgAd5wFrRmAkpwhe@V-Cqghu?d zuk*e~-?ZZxp3T?&J!;dkomiMugU%r0IXD>fc>~3^;m%bBlV0~-k~t04zRHbdgjNl|uN|Fs113+sq_;b`vNJ7mleiDr!?nKg=-=L8(X!gFGYTgl zH{mq!V_G7)yyP;!Wf2m!+*P%?_~^TghGIgSIvNrS_N1p==A7@<4_+mUZ^NzMRRtpR zvtJV)|3CdSb{c@k^jN(^7$!XZ*Hw3FkSSrjoDhwAu>skw2dJ#98EZ*CjDCWPX#d#u z$8KD97b!xV+??q?#oPoJU3HNY$E>Ng`YEt=*Yvs9(@^(KDxJ_gbmWt!n0_|D5Bo_> zpNoVDM<8Bk_ByU83rb}g-f8X#IDrHxs4EQYdIJ3G$obk?e_C7P>wx!AoD_mo8y8VN zyXvo{$8@5IMS?%Fh2h_wa<&Ab*2GKKNOGUIgC3oZ(C=a3)|`+@_NpM0N0-cex=$=* zEWgGVj%Ag43yul&y3fyxOJW>F2d>VGr*|UHZ*QP(sNrod=%}DAZ@<62uIPXs)BV2ML*3LH zQO;zxm;4v&XQW)jo1*yRlrje8G5P~A+Cu_Y9;aj<$zd^64 zK#|iQ*AG5k(bWdQQiFf;Ld|>+}x&txf#_F@xnJe9)ip&oPn?Qcv69Xm~e}K#QM|O;iyta#Hb1r zhE*5^)f)oRftIjBa=j-j9E=)f$lWpY50J1WPq&Asr`FaqH;;+xcYH6nR~er^MMvAH zH^*Jm&9$QY>?><4GtDWiYR*#4$^zMG7S+Q>ygtWJ*^9T7Is|~#ytQ++luzao9e$UJ zBokrpVegah@G83bRb=w@bsK`KN48pdmvShCHpZQbjP?_5N&(h#`qrjpHSWx*z4#) z6%D_Xs zl(5e)&?0}%kN?n-xYG;-{ZX?LAN7C6#WAD;w-f2NP+(*7v5EbnNu0UF}b55hXnyCs(zN z?mj?^v}v0C_Rhw3NcF!R!J@Ce*nDxsepKm`gwRoX|^K52lQA|eJvrpNQEgdzDj1l z%V;6JDqi38Pn_6(9KgK1y6OG4+~j-8{$(IUs2#6`Z`R%;_!@QeTydrXmwapW=?+kT z^f|A7r11-77ct-CDG^qn&P%4#yEMx6g`tGwu^Btb+;PL1Y5dZ-QOg3T(`T87AU~B& z)W_CeNulXq7r^z$IvTQfp6ABP1}bOb76tIX*TM^-8xde^u7gQ zJp=4?V210Da}Lm*_)HLfzSp`Mu`B=@yq?t$w6U-4EdmW& zgUJ8t5y5+v4p+4VTtq7e(3DrII-V-1+T_r=5Jfa4pS$S4BIx51km{X4@ySIkX%>wY^L2HNsldOc)N)*KkT8uCQ_+F$9u_?^LRjrYCDw;)@De-Ww(#%Fwc z96Kh)raZ^2IpVQIvws3L=fzwOYrfph{bw|@a8oN1mY8Jc0CQNVpCa zEo32OcE9bS3yIRp%q%?`Bpdo4kMHoKjbY9MY5CYD#X9J=USBG`7Z1P~!hehVk9%|{ zVK1i`=O7B62_MC$8~b+6Pu!}5KYp0UcIHKt;e<_2lX$rc_wAFTANK&cv{Y!=C{z5t zFQnvx@>&0T_{~EV!q@Q)c#01$Ai zKuAb@-poc{z4Y>E?f9`=qkDM%3bI~2N|9y(+)Rh*3tfp}U+Jf)yt@|M*{zKA>B*cag(876K5{%D=qxu?hRT+{an!V1x_9?EnL7NsOSaj4n_h?eFr} zA5%~#Px-uG#gv!L8Mp9OUki!Pjo*`w{iLmbe!p+#$D;^EKqjg_6Wi`b1R%e?sLp43 z!(8COz*we*OtshU>ys6{B#!e>W!`Q-aaQt+YMrO98~6PNV!$VpJDzYs6)v`lcP~q* z@#mp5$@s%IaFg0ec8b!)qVEzOYT;o%fnO56`PRjDUz4d}uH{vnkp1 zW5n^N0>S}3nU7zJFV#y=EfR5hzo2VyR;uAB&$#-qwBFKrf`n+fZx4^UZ$I}{qU7|; zMgS>GP;)H5s;No20GS25n%sS*i7ER4X`YXje5>~pqQRc6XZ=3%U^IHU9U%Jif#~gF zN{GjPkJaj+ynfl5ZBZ6OO(l%7N3Tj@(h;$4tum2PhRaB`2Vx3mT9BD;#^G{kuKP(P zH^T3XG4MNVzL$ZgHJVa1sv%l=`99hxPKH{IhP(HE0WN#{fqOz#-sVEbZGlo!;y#(@ zM3XSUlla;5$_mOQYPlNvq1ltx*Fii$XSi&&sk}XfOUB5Vbt77C2&gb4UDiKWB^wYj zy&J0 zT|X=I^S@sCd)W<_yRbwJYsT(nM{WxVy$XwWnyOy9g7<5;_&W6!zvB`B+wmOEXCF-W z7A}oxkmbtafQ5up@ze6Oo`e#5_*Tz}cC)>S_s;}+FnHWLF96?X#+ef4>-0uLkWmZ# z37fA!|7z_8<&(1MMtXB3H1*rvsZcO3CP!*rcTGsQ z-t%G6%D*#q3IWjC&`)l?FwqUjb!T)j@u`zX!v_3Eu|oNxONUphri7x1%hr+pHj6TP zeV{_C+STAxfodpj*y_gtTJjW@glF(LFT+J@w&?zXEz~7h>l6eV@1opaF>@xt;JbU5 z^(%h@Gt361ZyK&Y?sxWy{syv4{6=Zgr%-+j6m=U|rlKu74NVtoIA!K}`X*%yLG~kU zl@ia9ChFp76HSTuN(tGV-b<=9U-PGIerdPwV*(r#*Sf!?E*#kLR4!DW;SM|$3q3(ny#mV6 z!g5rc$79uR_wV&PM=d|iBa2IG*DEWXb4OeB_(ScdR!h{%dT;M%A|3dKgYa0+9^a_u z`Cu;SX~~)oZ}W+xmGu?A{R<$Ph7T^!bH2Xd+EoT3*k zkBEHZy~fS{9`&mWjqO+RS#S+rI5!_$UCIa`$SPGVgoZ`8uT&Icw3tXbqO<*b6LvtrGS7W> z*Egc0%zUI5gF<2{JVy_WZao^xek7CXrSz%`Z1dWb#HlYv`0Rx6M6*^4)na9kLkSpE zak;wAf%5fh<3w;=J=727(64vSE-KRXdFH*xtc|CGP;TWPrM5w!>aM!_*zB7SJ?~(8 z%N&U;>P=HFj$0N^xKjM_>%95v7XbNRz&Puj5_8@BsVvaK+v$EUO>&h)LNeI>e(iC0 zTz%hJ@fCom_&Kw|*_LkEU)*Fk z)smO~7amIn!bsZFw7G$Gp(bTm3WaO^Yb!ZFd{L9zmY1T%X!!`zrNOxRk)%C1${Q{h zyAnokWq0!wP3I6&Tk0yKdV7n2Ze!qo`C!;Da^dG1jweXDsllh78dv_w9vm9^6Kbr- z5RFSL83IbQ;NrE6E^^T6meN7b16s&iX{5Br6O~JuEX;E((g@DSKjC?L z>8rKoLuP#re9_(2zRY>oLcu0~U5>{yNrmY!Ow{mwbU+0Qu`@p52r#%82^P|o>u03( zy-6~o*z7x(dB~vP1inzM*Nb43oa^|h%S5$Pk3>lrir4XyAE-ZvjpAsH=TN#uwR`b| zUoUr(_L%p+58J%lC4QFA>sum}cVf*=EO#{nzHG;vkk@*OK^YNy0FeMgv;Lk&_*->9 z7xZh$jg`eo_E4D+6ChVAPhZ$d1iI8c=+M;qJp!PRg-2X;=Y^2p4vTei;w&FO#F6%( z1syxFYuf#1Z$yiy=>8i@`*lAccHX*@y`VUYG>FMl%K3mQnT zIWwN2BRu+Ig=$=S*hG(bc>Qt)H1M-@#&+!>41Kn_czUfjmixBb)kcRpH#0zVy`}cu zsmTcWxer2!exx6@*4(@B_;R-uxZCTo6QBG8rLrlr+Y@V4_y6w8csM;<3`sp9ZslH* z#|Kzamw67nIo`h^GJum1C-4hS%K^H#3EIDkT1r1S&mfN`PGm~PQ~Bc`a3k8+dQJMi zn5I@U?J4--#Y+dquymTC>h}C#26aqE400uqkw_jj3m$~o_lO&HRV+ZVwqJXB%m;Td zi_;(c;Q3d(5K;K9(ak*6ME&{185`Sl@;WTlaMxTaf;!ao!v7jLpP?ipS{ua%P_f3x zILQPMTN0frUC_GA`opNTrScZ{Eq6_g9#E~I>&>m zzqprT-e=ODZl^+L0o@4+z_DQrp6>6)&k>^*-+li;I8WH^j`I{w%AUlwaEd$^sLCtH zjGm(|=3jERukrm^`|aDcmB?~8e;r*-A2U-D&xXC6>ccjj2)c(Kj5WhvyjSp|&c5C0 ztGoo+ZG}SO^@if+8askU-0Bk6QoSucB@h};)SoOO{qcKNyJo>V3B;J-sD1s%8M0DE zmsf=h5-tT=QAfLT(_wT;!e=G((jJmy9pJHVkOE&ODgG&_%7fn;+#1)}wvJ`14 zkBgW1Xo}5AL9lQ5u zVeti?JL?>f-9Iwvi0Aix0=nf0xS)(7VmS-Ko zA9Pr7DyOg|p0CwL!>*e{R(Gz{26>;WPkNT#7c!O7#ImpV;1oB)I@|(_FrZhluP1xP z-vv>g?(iywEF;4m5%JB%!L}|(z>hYIPu=SF$2GA8Mdlv$Vtxu@*{>uc$nkft{f_H1 z3h(EaS`cU0@+q44>EEx){d&Aaz-65#%e^3gQI1jw1V^p`IBM`AX%l+LK8BwRS{*%{ zOD-%hd&z5}1I25PSZ28A-3Q)hMf+>{x@|v_>XOnwe47trc9^|(#3?E+0zKTwv$>dPs`(}>iUisU5+b?d< zr|JoKLFn6_`or+RFv6qO=O{qP?$YuE{RtgKj$fVfG5z+Z!$ef6h4ct3jUoEUy}pxAh%_=!-@CSlsYvkp#%4a4@^ z=fvSGnCTjbdq%B4%NB_E)Lb=9d_|T-vEe(@I+prAV(2Z7Ps;8!;~YY=1(w~ST-OI# zf{gEXA9T9kqhtnb+|*OzCSKX^&x32`CR6t0thpPG!el$nwJJj+S*s%^E1be3J1|96 zL#Z|__56G9r^n987t{tD2`;XJAke;0pdghdb|2wLalW|UM0hte?{jZZq=!uFe!m#( z9TEVvGlLknqqnxZOMCYmr1OrRKm8%Rm(cAeLPgdNci3X$VCW7VyKnqLK@R>~A7KXn zteh?}rMf3(J&do{nNs8oqCw<%Q`94G8aEEejkzFELid z84B<^%7Q1f2{>k@`n{{iX`<(sOEU{?YbnFAF*Wy^KT++v=H9KS*FibaEgkp+1XmxX z_C!n#CRO<5WOA$S=J`zG0Gb95r}>TFm)>&4o~66-HD1ql{ks=* z+zjqAzoEvV@2T&EG6_XwCG?_QUgg_gpgQ}cKQ9TyXJzv2sM+ziLGOG}+|vqI=18og zTlJHI^ipR_P7*9{ULYE;GY{rCT5TvhTk`tpJ)_h6{$T(x(;?HTcyiMSr zNxVc9$iGOWUs=U|sIP4f=K!)(SZohjN=URuIj^+7NevG3k>X1Wzn89Ast?K;t`@$F zA-eP&tY8N43Lx3?V&XU3K2Fv-XdDm2!-%XoXxscoyyN#T!D_uHBu~Cj=!pA@BEf{8 zw-_4BC?CP8`fc-fKAOGb=3&J^cF`=KRqHj~w78zQ%17~`_MN|W=K5q)q~hAUwEFm< zKnr{Mb>GWCA%4s`Rb(19x=;S-CgD#%Kf)kBbGu7| zGKuE-v>$7$#-q}Lh*PksyL~IP%ia@Ulle%jO%|W4OV>RIz2gM7zSyid@3M!E5l_toX_ zJE56fLC@qV0G$1ogM$*#AN(^Mw;r4Es4t${XQvn82Wk@C?DI+65nc7=0sNc)L!5>0 z@bQ1<8hj4J^wS{C?M@#q+$akMfx<0E-4(K}J;7SqUP)UhfF5;(P=G6zzN&l^BJfgZ zN~R&~?N9mj*&zHSLJF@Ke(0lu?#dkF{if;hQm3DLegn)zP5QObmKn}8p2Imeb0;RTF$(OfNAv*V>HZOCuHma zuvUL|5KZ;6Y6bA<7YsJM64O{=PA~PLwLg2iby$0#$58VK)_ec=VuP=)heE_CM9?hx zu*~VtG-|YkdnYSe=1iz6f1?k9nSVsfB!ts1BRrYCv*TMo+a!lHhMpA`5;5m<*NBR0a+Y~zv{XVq4^cjF;EHbW6mqco6WoI_O@TB>uf#5mDSe%>}BL_H^T9b^-=A*vdR27WX9y~f-gc4yJTYAUncT7G;9vPE-2Bdhe^)+ z^V~H$g*y=VSKWuB^P=)f4!0g7KbqF>^qBfMh4}XJa68++OlTmTPDUQ*6c2J(nFC=g zE5>jA{)#(eNjsku;vl~G$f%o0YVbxG^71$sNC-nI?noYT(#M1mHzQA{_eS(9`lpzo ziY6N#k@FE#ReYKT0o+eiMW0?H^)m?bU}fEwIY++wEq5NZnn zZ=!)j>>fO4VN#34dM3CoQy$G=*l&%$5G$UNg}FY~dx}a=bJz6zzCzN8(%3;d-d~YA zxt_qC_VM>jx=GHcP#o1OXY~h9kmZJNO$S^ZwdO}a9BxyG?|ap1(W>6-hH*llJN7s~IW# z(+jIhDwU`d+qHI(>0eF3^vU%6tJd)2>Hb)O12@NR|2i5Ev9IpPCk0qqigu+@qMXPI z+OT8z60Qj~GhUmLkC{z{1PJMTJz!# zCNCug!~Fwgqfh>|OyobRf64&u8@8A8*_JT{F62)#o`K&~q{Z zPDGuza_S7rkWi8OlC?yJiXh%0kv99YqhHJ4Cm`Ocz9d{q8T!rQ!a+*#`hfrgcKE=; z<@6f^dXIT>RG8dv*VfH0LH!D@*%01>@#OSD;a{uCE9wr1BR~&zH?io@2y5 zbbPEzOLpji;Zz@DVp`#d7P0w12kco!(uDoW5`&UZ=oe3e<4ybi4eba8nPx z-CgtY#)!lpW+;W;l5-ySi?pvFkG&pgFVIUnuJ-qvc6aDv;JI5Kav9+#!CPO7FR+Zq z{YoExZSD{s1q$oOc>XdoFLgy{xO>G|df)HbzHlY2MP4luv8hto_S<=$+-Tn(_bxi%O|`ELQ@T}CLstF7SA&i{P$RLB zptyF!O12Zz6tLy)4~TG<-xEMsXXLm-TDOMbW!3F+Iyl=c5YK9AF*BQ9)whQg1fd|D ze{K$yWmE>y?roe1dw1JWLQ%lC6%Igy`g|k7yNl4$Z}Ej7%=I~aHnW%^`IxsRO>xBA zF$G}k1!te;XU+^BcNvBYxSp`Jv!4(P5_S`n^ZFY{;Nr(yAqQ1phaHTlY1rGu^74GF zB!4w{I4*bz!R?3&#h#N;+;2dGAUQPc?OYa@X#rFWsC7K-cHi2bPp41|ZzC<6Q0pvC z?Nf%hvcolVRl=_SlBPz7rw8oA6j?$D_~@h*$;)R>)1JFCtF?$`oIESkw8U!o6W&xXK*Pm4sny}4BR=4O^ z$HD-@k^PB;x}|9qYExg3nmwWwQqOD;d4qkEkHW6^trz);w1G_P_?L-`gtkL?vd7yW zv=;{7^4;Adj~I5dKDjz^B))7o4ib;Y=VO(R<7m&porgVFPkt+}kb7gjg(QG&WP2^n z=ZD4dI-40q9$vQ9C1I67oou_2UbEtA=>TE6Trvbvgv{`$Zle&CV7>*-J-ZAhvqTf13DD zJ1ysk&_9VWg=&$w{hSDUZ9;S0;-+6AV0M)VrDH924S!#?H{(PL7WWCfX#A%?4lx|O zAp2wA+Ok=W&UI$PrhSFsX+-cWV941%s`1JPjo0&^daoU79Omu3BDH>`nWXcxHfAP%I1#mVUTs7BYr49hV({_an2zVDcQjdm zDbZw~R=nl`qSQnR9_Gs=!Lp60*AYBt{f7#pU?G2`1LzY^PNg9%eI7za?Q-9}o&skU z8%%{e@$RBNps<7?Exa%C`YQb1Nq}L2(xT?M#R55Rv>fd1a&t5F3)Pt)dt=jSof&aY zPMo_o;vd~R&YRMuXIc@aFZ9MP?RPI8J|u8C9Kg;ZGn%e7rcK zh63o5#=OvBSJcMRbRRl-B%H-F=`Fm&-?@M@%R}r(`kS>pnJU*N4I69AUmVb>9i<&iut4f>9;p~o>E@ib@rp4f|(SmkbQB3$RnE2l15y{6!1 z2#y_U0~W6iofU+8iC7pGB~fY#%sL1Y0R#*Kv*$fDy39Rm6zwXU?1t%m0g5M&_k54>dUi0*sE8cV zDuBbXm3jPRj9zj)yLgX!aoV~NS?_8H#*LQ9 zp!M%#K?CrxoiTp|m+?M2>i8<4iiyvh?tL`;+6=$aSe!Fvq@{Mh zzMZotn|lisXtm$tXw8J`^tYo?jceJyQxR~40ge#+#np?0^N6a^IK*?uvf3wko+&18 zsa6m|b|o6Ga(bs|ez4%$wJ{aBQH1*kP{Cl?1G!JLU0glTR;>J{yumO64+>fTGg(rC z=1QwkoKenmB65kXvD*!eyUvVeZCUhBcexqq)!XBqU#@59=Xl|*l!ASzQ(9}Ch|LjR z`p*6SohUEe!i5^V(T=(&_}mY`oAJ&}!)Ot}hTxLRfQ&);1JKiPe#0)iUuFkQY^3v4 z#~qW8c}Ki#pAc`J;HP!(-$3s@&Qj=0O3vT-Ax9RF&|_p1n7v_C@%*92;YF7B&2U zr3IV7Jwei9(J2Jj&}`?~x^GQ;x%>Tz9B)cOU+f;LOVxak?@cy5VYA$XXEzBbl6y?o zo3e-FaBA+d98S0RkY{rPgneX7IuMvs90*4FBR_3|z}6=Ow>dYk#L@T{5Pj#G5diu@ zyy>Ka|GAz?2veUZh|vfoIXli_opJD?ywUJ}f_w*$zn&_)Hu?(&7?nmJRB?|3JbICH zMIG)5)T?g@6{+ORq;NeGtl|U^Fu*hSxwl&Xr=VQ0X7N2e&;>@Wazfgm4o_BRs`I-{ z(9lsocOsH}-B>>lhwLu#Qmxs1S{d?jtC_xie6Q3epvl`VbdM5A9y872N;*NG-}OXS zqB0sy;`ea31jKPYQwCYRKkj`y4y>y>_N7_FFWiGN7#*v5aaMxM=|?(&am#ckU%h2= z!rRTYk?X^B$JaRn3d(18-^q8GK?}O);zN7#r?rIK-K$e2 z@qUyeLz>}jOoPPvR<_b$fHw^AUZzJ^$%wbe-|xosQzf(py28jW@r7PSY)d6=pV!j^ z5TJQxzuG+U3-1!fGoOsI;yR!4EtMr_PR&0*ZlUYHWom~cM4qrAhGb^Jh9sC2Fm;i_4MKO zzCn)IwZ(QAhY)RmtKNXUSaZMQ)f>Hye_Xd<#=!(5;a~)*hIa=DgnulZ+18>+5QJX| z1OzSxWEI)hJ5dl+kR9RaC-{5L^qFoqTqvrtGBe^+bBp4`gdCpBiE|10BfO1e?O%=2 zBsTjylYv3W5$SNT`Dc%H`k{s8M8czRzS9;bWFwr~?oL8Y8ci|D^M*;3ameHDm>2ufU^3L!;85Y}zh_!*IC)o%{w9AXz2-YA7_LF*&mJ`c>eon(* zQmC(U-g0~nBV({w`u5?DP(|E3y98MYhKh+Lv4${Jty9nWINd^gCH#?~hE(hTxw+$O z`G{URuPaOI@bKIjk#do+#jLa%IR)jm{+-`jJq^OMTU4FT?J(!Avsmz-L{ zy+XN>Fbz!It)iBU)D)#LFQ2B!_S1AA0z}9U6>e{z6M@OLiSgU7F6+kTNnZVwZ)5Qic!++U5#_}Qe?#OTPGIq5VVjXnt2^yO(uh0HUE#zmI}a2* z`3DmEw>^IG0`$=`5awKk$35j=W_Iqr%+J^Q8K@%W@`mH~X|X6*$nyw0+lm%{xkNxX zXidw9S!#qm@^24zx#9d%l;2qeVf0y;v97jFRCwEH_@|E&x{a<$$Cn&Ya|$8Tc+G)g zCTqt$tx}j)b?mLkp0l6k_}&Z8rlbe??=oFKi**|I0_Ko=Z+I?YE&1MNA{`;dd9Q6) zYM3}0-{^h%See6cQFRf(ZTcIKwMw0c;#f&g1Q_h5#J7)C09UXn_Iurv5W;@;VD><^ z!)N_fXo4;v35J0@sXU*rg~zr;#$_YCZZCzq0_Q>5V~$-nMj3?Z&&Qblgzj-@!Iiq# zD>^u-Kfa6?W|g`x77_5qaFTCcICq%Q9yQooc z4vGIteg2IJ1g+FUy)nuvy{M!L(1$R)N4^bAGPIYb76S%H*KcdMrt~QeSMDn$(Vq>a z+E%D+t91^SYVC?touQ=M@mi)D|7n+mc=cDoPNZXP7DFI4l1t*NIZ)$@jYG!Q;{u)l zO!r&o$XedRPSHP8-&&Yl7iTSsrPs=fLjX?%T>@MT&S*4C$POG_1C4!tY0m`u4hJmy z2VeLfbnZv@V00TRv-Y_fh=9 zG+-7fsRuUg{Ga>ugwq%MhE&niTQ!#;x%0x@*+x{E*un3S1$QLL&)I`P7d0*kY~ntY zYC=_Xe+So@7_m0X{w{|!Ps>)EGDZ94Xzi3O0Zj$XFVbM3 z_+U(>Df%ZAeoWE;3@cHQ1cKE_WMw(3>wUnQuHH9 zvF$yU9MN9dV>g|L?PcKO)u8jI2uR>H${$fAaYwN`IQ8J&f(b^zSM>T?g>}DKZ^2v> zG>M~U`0+w$e?@#!LI;gQ5+VIES)WG=3%8DI;iska1*LmNRlhIG*w&>mg#@wlk=oZBb(Q=xXs4fC9Z|OI7 zUtkI8l16k_7H|dAGpgSc_kwAksu;G|hwJ>2-dFG2*OO&~voWSZ_&Vj>-RZB{E7=!v zBr3VwIsoc(gR7u-RVMl}zk+t(+Ui#*Dcqm&Rph;CUe^4kr)rF6nn>DlqwH#55-@aR ze<*0pdzXrk|5=PJM~q3?aLhahQ}KK=%6YifbhGbq#)W^`=ztj8!+6|{BobOidSFMz zYaHE17Sl7lp4IPxu`XP}kw$1LZ2C4K?Pe9`6czjDR!Kj;y9cC5bO8I*9;q*6)M0_Y z+^6ZPw=MU%+{v{D9ZxCL-d7^Lhz<^}I-_e{3 z8T4$RH$R1mOjL|$37f{0BsSaj0m#J0_Q}bO!H8Kt^QJSa_2Co5dQPvySv}jxw84O3 zU$BtQki#$?e{p*Jgy;vLQf6=t&Pxgj$FPYNuDZ=#v)uy?;|L+KvH2>3Gdb{(CfQON z&@LH~*q0J(-ZecYz*PkQ%3cgau*F5)6C`iz zthf$}bsGiTO%LmDa_@JOUxx$626eh!dd|7-;RwIf=o~qZ!3ua5f6*2`C&D~n?$n*I z_iy7*&%?CZ>KU9sQ%1?==SG1SspkW2oDp|>%&cojT*4mPzBN;(ps`n;Zo$M-eldgF+bytiJmKh~kB;HP+Hd88*tj2a@Xza`x9 zKrJ+SmF|w{B>@cN)xdLlpYlL&lh4Oz9RX|#2*@wQyCZD=zyPN|Jg6E1dW|9FQhVIZ zPbWiC$%7)B?q^AmshRNJ0p}!XG+aX;O&>?;2w{Z41P;W0j|DiKki3>mfE;jPV=fS4 zs#W`$4?fkiqV+&E)6M#fnscK2LBLcZ7jJS#ap}8F4+9kq*y!WV8-bE)*fQ_F``Yel zm|+hicke1K*$yIt%J1J9m9g^3LYCiAjZ;9XEywDn>n}T-RT>nL1 z`0`slvomZuGl&za_F1Z6v}~3W%-}^$(}S%?Ijvx9h0WJ~4GLWDp?3t?ID5fHr{_gz zUtmQ!3F@MMOyWgG2lsb*x@~cE*te8AHjN4i!IAFgl2UHIObx#(edEJq2VV<+w!Vz~ z%blxKaBR)uD2R8cUEmg1aMy)~#T+L-x-JLLb2>PSw2;zU(vb4sJ<%0sT4qO;(qeG0 zz4R8)@F1Wg%)IJ-wG=jg#v0Dp#bka%Wp^64mT~~Q=1?eS>@uJ)A5d;+J{SoqC$umbexrbjfd5W&%WGIT?dO6u?$^u(> zhh%NUH!v%A3S;h$>=b?|LtYXJ5^wt(!OnuS?IY1SLvU_XTh-X_2r{l|>+iZKKAOa<{DS*!{o{Fe?|OrpH5;~ixlkXX(I3GO z^q^|5pr^fg^q{W69sLG(X+GVKf_2E?DoNiOfKDQE%{8-Ku7PZpShr-T5ZHS~Gj8Ra zVJc}cEHO3T=kp@6l4W=ESM#Id@QX(| zkc~%lb75cJ3rjZGMHd!!V+SU*yhL@p;atWD;UB3E*9|5y!#+y%S*I7$7oNjWFbE{` zyY`JqBj9mPg437$D2xg8U9Yq2z1(L1TUOHBXXpc1@YG1bV|IeLvRhd3%as*FT- z80LMJ?NVd5=Ep@!Oa8brH88X9Yq2zUvf!9;W7t0vQOFWtyh)7&`g^V`8W#flDI9zD zA-Cug&jQleYXU46hHt-`*_^@pVPEOjrL}xOF_RPa?;U(vRKT!0RI`MoXkkC1d#+T7!oM1p2+v9Dn9Z8A1_*K3B~O-^9p^DciDu4-Ki zhSB?gYyEtXY?=G~th2TLX657+&a-~_8RXXqj-wS(-b0}-9`76QvrAGnJN&7g zL`-S&0YdYNmb`bBctrK+lYqmV`hkZ-8w3D(!UDY}xQ`2aq$9pa45O0A*dMfoX?vz| zw)K0MbFk!KTb_OchlO&tM7qgw;teD*{L&f_ZxVLD6n3ey z^)QShoh%%y-+qsnOVfk5>>${ut0Qj{d^(rA{RK363A~bM0Z+3AENSl3-1rA2;2*v75Y9pc0y?_rT)6zKuc(N(fR!{`b&d-@~t=y1i3e z@SE%a`J)d+nW&u8kT1@jZq7q~0%?Vqp1uKSkHdjHAXsWQ0Elel&xQY3v2E zj%Z)l_hXN7Vd)2T(d{2w+y-qj20;DP;cKMi2+i%eeqHlUukR(ja2uMKcp^O9h%K|b zJt!v*zabeLw{WHd`V$iuRw~ObN)qf#pj6EbZ?RB{pMT{ij|+-+{AZag)hGYapC38^ zX|3Go+DG{sOfS=hvw2+S_V(ASMamx^ zFvt@s4Qmvv?!?yLpZ?9tj|*p6db2x3)SlE*7u0#!-^f2Ww65yLdkTi4FcskifmpSs zqM+O)?x38B-=%}CeD{}KY~t?mv7xaz(x&p|_7pU7Wd^>VWjs6ny+F^AUo}1G_eh?d zE;d#);nQ;!0tyS9{eFbEOWqmb9IO<~$;~fI z(e#x4$OOADIXzt-S6V#EM&@<9dx}g=))Vcm%nRwO*QO6?fT4_#4r5D7&I?a4)4cwI zVfldR*@expgw*8{8iA0UFZ-y!?zz9)S0i=Y5aP(w0J}OM10e0jSTamACY2mKS|4gf z;Q7jsjOE<(`!|O_y2@Us{(YD?uUM7QCIsTB8Y9Xv0voS<&1^z&BM|RN5>s3Vwtw9A z6p?+l7JkW#{w{k(5UM_ZNa0cGihmTVXfx8};Zol~aPNCtf60~M?dA#NM+DCicQ}e4 zUcbu`E=9vVy+YY7$1j2TV-lCo5{>!;^@MO?A&aw{GXYtkJLe94x$OSVdOVq9_nP5h zIsdGJ6BCBi>Qy`VG7<(-` z`jBON59p=?r+ZIL{cJb)vQt{Kx`OSvb(k28 z{I!omPjfpoRz_8nl{acCNSNv1mGA{Gh{5;+UDH~ttJjhrXK6(aM>b~0`c-LH>X*8# zza)41WLBK*1MaPAaM8XcUkBVn4-L5Aam}Yy{gRiZ=0LhR9*$PFz-A#Rmy1=Y=p?n* z4{+3Q4ThGJy!(R^sL7}E-LqXIx)n?WZ+e*5b8OKf)sc_8+o93f2TkwKj(Up`o5`9tjV57=xCrFdoqtB>EM{cGmH5vGu_FvCZ7B5Vj@v^p5$Y(EO0U8Xn{q`yD4x|e`f0l#izh22*1s*~&!WpsqRoDd(Q7E>|* zWZC%e~OO2XxOEgouKdLOF0C=0p(x=JxkI+(wa| zaTes`@<1n?Ay-MM9@0#Gr*!*OA?bu`Ws%( zkN{RHSwK}N=%f~^eHV{MPv?V%GWae3>huWp@(zS#}~i} zBB@-))Cd$+tB>ndSGQQ-L-k+?H6bgt*mY7X+W{#A^x!V<4~D#O%3&JikSnP{Q|04 z7&AQx!Xx3l@|==|Ug$=A)g zI|ud}Hc7JX)C)=7N$q=MTjJVgBF>3mF21@vO!{8nYleg}=z;5habxIs8dlgeBp>X_8*&Iw=%?{L zpL&7%?C)=kb+#`Q+VtZdnUE{qatfnQb|+2-wVv}TL7Z~rT0I}`n1m#BheXyv+RqP5 z>4onRs;pkZEIe;ea%eH2&oE20A&#TsZVo6hzW4{Y3BN3PILWXm*emhZ@4a%02aE0( zR_~$Rf_-2yDc^i~Kcqn7$ol-;SIfHmgz^y}^DFwUbg2|;+1+@f%HrJvz> zlA}#vp@!y8RK^zeFxa;q<_-8o0!(6>x>$nQWhRPLFxjQ>($q4VCE@Lz^6r2HcF38KPHtZwZ1$~bQbQLB*O0rF9^c~=Hq2=4oJC7=#Xz;X{^w1;Q)w2W^3^kEE#oC^2TfXE(2Sqo2n z@3R$?4;O6He%G=HyW7y64cr;Sc?Y${-z2)_Byq3>r8(jHeH07jCl_^gCwMyX6ajr4 z!FqTB{?M6w;Q{1T2v0BNkG|j6u_H5MUwt-?GO-M3(W_o8+t}h~qjH`m_p(h1pX|~3 zUJM5aU}*_U_pEK}fC|IeLDSt1gckNlNzh&L%?DbsvViqT$MB8*S|9AFY`*STOF#v} z7wy71jqwTR7b8p)hEs=&eJwo-6CV#1P+9e`I7zky558_`-Uio2>CTr}5B6}z0DVW_ zqwf_QF=*ePKQ6y*M~`c*4e?hReLP96DabdnA zLL(UU&V=r(=^En5DaeR#$~J-vd*;>huxQ*gN4|y3Ab<2O;lf(}PI8vp(!P8K!FdgS zz~sB9u^qlX^L&|YZahcwH># zm7@ijUSG|#RXnl*ROmZu!Et`Cr5Cv_gS(%TR(|9!@DPel4qY@xqqoDL+3=5tv(CUP z;5o-EKA*xEmNWLB_U<-4gQ0;}A1|G{yp|&vsyv}$Ivh>raN@Zh{v0u-GU*%~rqgjf zuRsoC)Nbv6*$m8h* z`iuxueV{s%J5ab84`J&-<-xIxhPyR7My*|H)66ON=!NuWduHCPL0`jLIi99t^$~#| zI6L>U`98$^iU)4%8DmdKt>JH*8bE9; ztdcZpW&nIUN>KYOmz|E;`4a_?n-&U|JD-(XaHyB;JMKTP?=K5ltDjMer$S{VP%PXI zo)j)8HLx9anP zwXsqU_*_BHn^zy5RoMCU!ks-*WfM5-KuLt_w_9NsFiEfvHz@s z(5FADUBai?)Mmc)p08p>Gx@E|RQnCTtR=&NrYFdoW1X_i?sn(fZ}R8rhfpN1Sm*Yr z7XqdaKu@m1RIV(qAX<%HaWIz4JY1Obhvz-;U>cki+3I@Q1j0p29@~Uv0-O)Wz&90o zK&_wX^QkIyOrj{`>+31@LI*Cc`w#Kr;)+YOWUwK%byJPWi1hr>BQSwL#hOo%c)CCnG2bJghFX!r4jH$X<&@eUesia}7q5%2YccCV){et!E0ixNvUJM_&( zTXTL2ET6+RwCma%&%Hqfu418C?Hlq)KPXcHTzd`172wHC4B%yg4+J0$b?o)03l)9@ z9~QO>8Mf_Cu>r#=@;h`s;v9GZyJcLOzNl($nzhu2h8;#}&%Iroi?G)~4@>xkI+^qm zOv<6nnZC5{>yntQBh6A?@4v;Jog_ZIP|?EzBUzTmQaq|io`+k2?Eyz#-_=)R7!sm3 zF}vO{!!A0SknzfA*B!gG^pf$}!bkCLXlVkV>>)^&B)n)!jge-kk|>xc1L67SP^?@w zxrs2S(j+EQUC*&d#UQKvI{R`dFdj;u`-~_@sw3G-etF3$c(H!LL$ig<=3~5wcXIh0 zE#7H(mG)K?I^7`~b zEiblXT&;+$Q)-V>kikY`O1r-`l_%Df2`N$%)9$Fy+u}G z6Yi_rAsC2b%|BXZDRT2l1=}s-w2OVFn}{Sc1XqrWT$nrXb;={!Zp9Al$Y00lD);={ zTIX-o`0g?8jRN#w$ zub>xAYx+seK62eq5Sk-+Ww))5j^fKxM+7U8a-!e-E1c^0y`68=_oeS?N)9__-ia?x zK|}qPQ|qZ1u`H0E7CM{!R*v7Fa)ZkF$?7C<5SaGziBCp>3}$UsjD z$icY4moMJ0S;nP>Y(gjiss!s3R^vT#fz@8U))rt#VG_3aX=Nl86)=v|!GJBt9 zfQUWHy%&L>`#oHL3t{IpXQVEUc^@NW3rj+hF0ej4JGt-pk_cLroAc}I{nFTV@z{ zc1p}cN&PAPdnSbv3zz7VcYWi^AwTa^3VvJhJ-^p!gNHoZ1w~ zR7ghb@6ZAQ{&^UhUlTxE!X4ZYK%A>tZ~ualmLBE(NdIb-yN)ZRL}%{n-In%QpBUaycZHKPQ$bEjBax5{8IyJ=f~mi_$bKxL5UA)lkU`jp){_w$<}t`a|GtbAXB zAh}|*m(gVLYWJ(YUX_C@r3Ccwa|0yNv8S<}lzIQQJabc+4kR7CPmjr4@Jx6fL~b4>2o~#zYp@)cD@9csYHu)oe;s+w2rwKFVg`Dxw z8k8=q$jBD0-<1BM0-s;CLFhRsI_tdjFNKjKJ731$4=LQ@g6E?6#`f)V_$)tV?{@;u_^!iD*13K^ z)Gs2agShT<5Em8U88k;&!Ff6qrf2nQU0-{^3IiuCTIVYRn60T>eAjCzm<3raU(j+9 zF}l{TUDAy2EbJKYw@Bko+jAz^crEf^+csB+ZVEu88?ms`m^dSpKq;aca37 zF6iu@REgk8g5XA$%x*?UM=}(+@pEk9v6dG;QHPn*SwBBS@dFFP*?AP(#t@80HJ$hiDVAf=VcsI{%@@`H%q_Tl zzo>gc4OW-S@2OfRkGWRG9#x;nTGYyOPkh6uDj;G5suQH~4u!AtVG7N_<CEpbrbkDC-b}bI;s5ax1*7+Y} z{`ms#ufCIE4s$+-+NvLkmn-=m7$k+$IEUX%-9{iVi2;>VrhF484N(S!>=oQ5{e48l z)>Q0kqkKiDp|Je!#rZSN-S+`S&1K(C%~GO9J#|Z{=LPkz9`7&;*=22zT6co0)4i0o z*I#5}37`BA&sbhiKD%9Xs;5}-ZQbjnDWuAn?;_yAo)dk^#}E}HJVOl?TO|P^`E~>- z{V&^SU3YzgY*7!Ge6`R;-YFKz!|VBFeeLnLUtcfd9qTPNhUKC0L797^uc=yw3Yn{K z@Pge=*w0Av3VQ(;Mce7Uk0v-r;s4nnv0ctY=ZCBm_i}s`_QQc{xX zG!M?N44FlmnerlStZpSR_;qbs4Dc8ZR5RIi#NS~#C>ksIZYO_H&IG4#$yT>J`wBI zeK{Z`jImt)E?*;r0!T>&q7!-}3W=x^ieV2sdw;t95Yg%bwLWjKrQ?5V^FH{nSWrI%lWgE0VC|yqg7{52q+iG2|S}{z*@>D@dD< z_eD1n_G^#01;@0m<~lyKtMyoLj?9~b_AMO!r4N5Sm-y!(!YTtkF6cKjPHgTUf7^IH zybaszv_t&|IBnRs8Sg)4$YQmq16Yy%$VKc1_XQN?;dej$TScKW!U5|Cg5#z<9}5mX zW{mdJBA6)OwS>4fJ0)KB!+l@n?>YB6*)RAy2dCprn=k;IYbt@L*;#NGZlaN~*b-nh;fIN<8%*Z% z8r3${^>Cj`#;NwQf=Rk8V3%EZA|L3$s2@V68l)=Ax8=SSNI||B`fvAKa>k6H7P4ed z7w`@+7D*xTegZIBe+c#1z$M!tQ0Yk4f&91N4(N^9N0sEAPoOIv8Fmv5M}n)vm-Ua` z;_&zFbmh^^_}GILAJ>B*2bZDx9Pg9>-)tCI#B|W^vss%si*0Sl*WgAmBO-T&Q>A(d zC6(^cI=9dL%pQ5Rc^x@JkWC|C!-AdQTI-37N$)#^Xb8q{om*CfE;xD*+H!WJzjedB z7qMtB)bqKr1FtGGvN5wz@~2iXeze8IXg{8Q3u<|;=SB#teNYM8DiHe@68AXH@ASm> z_`R=4NSU6|FN9{I6jzlD7BcSiSq(1wt`08>SV81u1IyQFzv!;H59fN}ES5=}a&)x5 z44HM2OT}aLkyqt?gxvVIY71wfE0t&2kQsl!;+@dpby3Pp&SmWi>r3hs>X%PVWz5Ls> zKJ535-WuwF{Yo`8?^Qy;$$ ztU@=BZ;NBKWOv-ZQ$}N3Y*gdl5B^N=4Ww4B2pLItIuu^igYWU>D-V9=WQOiIyyS4) zQPOg=Tj$9Ak}Y-RT*0V*-0H=)PbZz{4}cASOEkaRZzV{wxaDF(l$lB^f35eiK!APh z1TYNDnJUzz(iSe9p5&*8S*Fv$gW)g9b=Wkcs*lG#Je*DLwX$+^M322j8pk_^xe&;_ zt{f(uL~?u}WTvbFp*Kl()c*PQk6P|$!o-@&+V_fu8X&;W_*bCV2fzKACO7l(YyoV- zpwNNijaA6JQP6}Pm9QvuI72nTnDVDv5dyth+Jh`_jE&X3n+FNoMlglwrzJ}La#cI0 z70zCFZuhMl!Zg5Uk{4OxTxrL3I zl)m-OuZkVo3XRbs-#q1aISbMlBlxSfY5$&DnDg57+0Phm%`Bw4r5_a3u+MSwvE2e# zyW?L{%-r^~ai#0V_m$OO>wW5#m#N;jq2J+0G9QmuR93v(p?noKI=^1_)q;8|oWcij zniApEdlywY9QO;&x+|#8AF270D`7{`4%au{&eN*xki@VYLuY}hUHc#F3xRw92mqv=a?&2UL> zDE^%H>u5H!IrQ~?9e@?0I0u(``%{X|zvUA}Z3UIm8kMh|HX`qf5B_SX*g1dHZQ}PI z)Z{9SQm&bCxZV!S<@@r!=x4;!PF~OkTt+GPM`b48W<8%H=7(DAt2No}%$*9Bf#um4 z9d8Ox0mF=@vJ0Pn6kQxZqu0|VKEn3dKN0Jh58wUS5u%rTJC4^q{=GHr3K^iUiK#3` zoUJx*qH37oi1>{D1?*d<#@~xxHu4x{7tU!jdryn(_So`z{D7vWzy;XzQ2Y8=2PAWG zKO6mYfvZyu)vD>IhH(GBcI)y3CPYSY-^SNH-fESvwx4vSU4s6B9(iIbPuAson+2mM zz{nG`7-kpQjjad%dJy$A3vVVsv3u4zc_GLq8wZ0n;4?&0>2bJH`e{tmv&c8s=6rp> z-u@5o)CyI4Jd54h0|WW(5mfe&A|2yTlG~i@jTxdCD}?jAgLk=c-CDf~uXyiotwW`_ zucF3*;gn*uvR`%|GOgx|=U837<`#N+e++l;FrhlU7&W_|ffjz79uApo{!kkj)TCqNS`gYv2vb`xbc`j=hJg+E;+Rwbe z%N4Tzh1|@YSe}ff2$bQ%JC{$G7tck7m|ZSo2`ET^hO1Shw);pekL%Jueo|3ITx<{2 zdvUw?5ImCmJ`h&YyKEu@upEKsa%I->9eWH;hFGnjmY<bV- zrZ1F=vgEWT7Gk|sT7(%r7#5HNd9HXS*o3|%jPZ0X6n82qA~oyeugBgM~B=P zPO|ykv#i%k_(pP_a;lHkUQQiXesfC8>;-vk*_G#mzJrHAB6xa{d+v<|jMU^O_#BQ! zG{8EYm|^0eL)j+?_UA$14b;VjEs1@q$0!kiG7Yl#Vb8V5NG$VuW#t=N#tr}eIsx<{ z@Yx_vrFk>7&w)gn7ES}TqyWN4zY{QUcMLchE1={vS*)#w2yr+3|CLya%NH*n& zrN+L#+V@bcp(H$?pd`Ce1AnbeD&UAASm6cJycMP7`Iqn1*LOGbGPZSc7MZr!X_Y7G zqsW~h&hO}HvWiH8AzRpo$*EO#9j08F>1c)1rOK?T(9X#T4X8Y`TfNBw?M&E;+0g72G$%i0z`x?9$A<@TP~ z6Cn}W6i`pT@Z6QH9KnN$y#Io`Y08SVazhS>cwg@I57yx%tWDdb4i1N;dY&Q)uFLqT zzLnPyut=<vs-qf4!Mn{m2ZY! z{+&SwNqs)IC2^^sU98G){IYV4@D8-5vLa~_%f1YT0d;wEhflNI+Bm)65o28U_wU{r zOH1`2=Mi*43n|OWx;(exF`RWS{!YAlh&qz^uoey-5Oz=8hvU*vFBGSmWP4#Sf zbu?O*_Uy?p7_(d4!xnP16MDDdS7BJqZ(z>$tB=WhO?P!qcQ`u!l;uyml1~ zUm>5ge#;`m@A449`C2ll&=T`Y8HcjZnZvKs`U6+BqET?q)-1!65>AKfmPKRTJO|H8 zd{OhqFJl3vlLsgDb#L{)CnPW#?aQqah~FH+O|E_A`u@|FVW~PyFel!7UC!(YI_%jJ zvE=c+X}}bCCQ8a2+~peHI(;UywhH0=16BjoSTYPg_DR@Tx7ZxXSorV@(4!ij}YVaU;>c`^JCkY)onAP+t>Q#DXXmy z*O;#)IdS%g*MMq5hYjU$YJX6q?LkV|GbC+C$k0+Pp?#ml14bkYGwu7MdU;ZJ&-$?hm{5s@)fF_4{J5TEIT~FN(EK!SF0US6JUPBtPYFnI6v8 zin(7vNF~(b$UA=V)|w;#xqGQ%p+yhv8{cI^)N#0!X$Jxy0_8OL>^JH|C4vnM&ok+p8x&zN2Kf_zLbM*|eA`6T(B!1){)^zv5o;^Fq(Kq>P1el&E|K_$E*2GV z0bBp)I2XNoeH5=3si@IcptD^QjNZ<4d4>Xx9zn?5E1@Me-x2~ldCa?_h*xe@Q z{{1Q9XcSf3dV!Sds?*VQS(;a*RlOUX z+4uA{*6m|+?v<@8=K0)*-loIw^kplmKh$6)Y}EHooob|k*6=miV_H>gP0#eV9f`Yb zD*WoTHjxyxO4O-4J!{Yo5BO z*Lc}`6NJO9voVv(CSXvfIa9apZgnW93ESh~#ZLj8Sz=j48ci5tPVk2)|SEiDXAX6&;D*eS_8Aoy%#2iDC+|E2`M zuh?U^G1`W&L~@(cs1DCn>FqamyncPC-D|81^>2>4d5=?_t@OInWvTS_*mrakAOP|4 zol?ERcs>;pFf;wV-ZwtCme92B-79hc-2fyDPY#jCEMXG3XA%r+RqC5Ey26A0`iv=t zkH(>FLHkBkWlQFd>}ly_X7=C}z&_o;mV(}KdMduhx-cUkX>;?3%cLs(p&!(0nG*hK zZ(r$DKeI>)J`7~X*bjf<0+s3-tlX}#uyJ2We99Wim51{~bc1vj4qJCmtyP43j=RNY zDv!Q_hrQ%+VFdc}O5Gz}QPlGjR%-zjH&n#W-{ShMoU3jBT!L~$gu=Z~{2ZqAYJ2We zwv~hTKCVC#`&vPYzWX^Qwm#%dXp)=S9FogapuNCk+;(=s4~SzdWwJc<(1aqvmEp#6 z#r6PwrIMA~kKF!5n(^M3*_RxckL{`7rx0Dd z+_YfE1S7=j;wjg%wwpzAs`r@~KiYig`mqenE zpdL3zBu&6;z!guw+Xx6{@@30{hnfHh;Pxp$KEJ-vqfPe7as_i zu@!`H$T773;HL}p7wtCp8-nVR`F;pPb?RPQ_+=7o$$$oY=U4TeY~s08?WBCoi9uOg zeWH_tc8+~CbLKZVaGOK5VTKjL6S_Y}-RVS5#z&~>JVT0j{`t3S?WHKFWM9lPzPrL_ z<4G{h`7NA}v*`OgLvZ^u>Z0b>sLna1Hlz}>#G6E+i)hC|!Q?aiEyVKUU^ejln$P9u zVg+NIB_R(Qp9y4RqtI8G!S>iKr1)5=+xXBMhg%oEKrbmJiQ8Z7)V6X3QH zjWa9Otky}Ldg#W(&ABYgT`I$V`{4<)h7p}Ft0B|gkH0fdfWLAFcZj_Z5A0HcnbT$y z1tg}&qVxhaKV^3h)tM}4?dAyz5+}ngQz~?0`{aB2RT|9g2~C&zu=hoT@BkQnOs3J> zbC_!OVN`KZ4$Er7*aAmu^%aCDwkY=*kr&zU0#>fo{6j>G6)a(XeP@ljA0VuzjEqkZ zya{*ir+bVldr_fXtn6I9^3EZ@ih8?9>26CSbz8r$o3iCUY~~}1+OnO_TD}aka(vDw zbA}L#*7$bgc9~ET4`SFKR3G9$N7jzm^tr&}9uE^?KwLizrY|@AjQfhuF5m8QbK`a| zY>Cig*TSJ}n0I!}U?ZxO_*)$Afv&!-5@(lkfiHS82~%lr;{MmM{5k}3 z!+^P@_lo-P%XS^1$mPh-78L%GdLOlom>Hk&4~NICVMk#3_@~ee`VqDekn%`j z*|=JK@l$E2C%a&80liFs8*0G81E}elV!^|%Rqv8_Hob-dKkuP4%-EW1(LTkZ`Ftd; za3J8aOteh(Q~GkZ2g0rCBKjHRw$A+###+u7)kdjOm|1;)pr+eo$9+`u#J(k}m9+Jz z758Ls2$e5Q8J|T78po@}MOcNUJDh*t=<_~l;0B+VZ+m}-5Klas;dU7L$$cjtB!joA zmcOkM!m^qKES9}NO4U7s>X#78I|-k*;xvW)^%N2whaH#smsdO~pR#D*3POVbtwsSq zM6quDIZkiQ1(jZY9_Np$Wwyw*JS^3p`BqwY`Yc}D+a3O49;cBf`tchfw?hI-$po8s z98wdRC<)(zY$toneQuf^!0vpm6CagZrvqUri#sTX3t`++g&Oey3HIi|r)+;7;D0%t zZ_22qx|6&YNY~)aquQ8~gNAj;z+sg$>WkK+>5)~*UZ@*_eU?%{-ynz=#^>|%h%Ujt zy*m=*bQr>o_CV_V{=_Q-q|v$Ob%nH}Cj`)jO~^%+{ra(=#s<=6Q`w7^5jcxPsl2~Z0SpfIXF*jQPN^h zQDy+D^ycXNdtYnibZL-O076b?ppGwH_c{*Vpq0sV%dR^9WT5CTd;LHaKK+o*TOCGp zT*}k_1RUh*Y{S$HM~y23PFnoQPR)fpg@HK3muw`pIpaZSmXHcYui*E*tyt*=?kxXG z^L6TQs(V$itE$~05_5qgkD+T3+c4UU}|k(3o&)0>sBJg>2`k-0CIfHFF~F2ed>_=EjZyH*zQc|)&4CEc)!WW zAtBzG#t72W@5#1M4i%)~==udErSpr$<2!1Dy5xULfI?v+`}F(ty2z?ek}UQUGc7n7n3>SfB5>h(8m&OL$IV zZvzTb%oW7X)dHT;gqI2-(y{`uzjg;0H-J zG-@;kiQH?}xbDvT*M0O|lNbGd_>|XZhU?yKksy*)RAe>2P=Vv4>jEd_E>O=4@#-GR z3#$0z*X&{#cvsV8@izSx1xB_+;{!7Q^*Hqtb$gzJN7!4RKhEn!$@)LCy#k`ZZ#L4aA{5OL9r*G0B zACf&KtC-Zi!QV6KQ}I-zj^3O@ZOSKtffcdu6IAo@mz02dYRy&m;Tm7x384A?)dsQX zvJL0_a?XvytoM;npN_WhbzEGI-fD#3puk=A=}xEYGD1nqxAyeKedgu9=bY!l;Jo_FqFuSLN3iQEuVnw| zXulDlThv2+aN0-E2T=0Id&sH}{b$b}>B0aUAhL4Z`mdNR+) zYY)g2NmG&DIgC*uJrdk~I!adujLr0^M0{TVz_@QmT0VI5pE}e)heYtrz=eL0vwDX; zDtyh7#Qk7|fwv5KxW%!b=7tI=H3R5dO$|hndo=kxBSV}|io^?_dn25!?1c5G!-n{n zFXPV_eAeT$dGwa&5rld-j&|&51;L15Q!UgjNP(G>qWc8Pc8%v4+sa#?u)0E6PY-!Z zMb~9L`mqI@L~(qML3mdvgs_59-6gp#v>fen*_~YEdJCZ29i?2E1q)$kKWeCk8xO$i zreutB1Oq~6-FWd?ohFi|Z#D5Hy_(N+jfm__G zhIG6-9nX(b_5*BGdylDTO6<4sqdIkxU;jIn@2r*mAl7J?mb&Mh6L(hD@6kLXXcfeL z?g+mVF;+)9%lQHEh_I#)0`O2y0FCpW>#`?XXX{pN;*klT3?#7JRED?3g?HlKe-n$b zFPY2S-7D>*j_z&v(nlwLkQ=DAo1NTB?j$@J3IdC5gZ)7CMjTaHW{rp!H^jF70159oja@0rPyznY)x7&RF`B(Jp-Q@`HtI6Bf+)rUT@CCZv zoUD?qdb1}DUoCQlJh9Zc?^P28&yTe}aICWi@&>o|Ej+}DdVex~4|`GkV)>lPTQ$SN z653=iD59~8x%yCwFU1D6f=z*Lt5aLKuo1)#RN%g%r`M1Q)NdhGr4(=G8v@hmcyEZ| z?8|;^DRlEX8wk6ksj0IvatLbEb_jBuo<*gy-8w%(VN6pO9`XHYdmiM8C3hvndd_Nr=OjyCVS@+fQevYBe zbu$^?mb@MoMZPA$u_{LC@clk}9-GoVJh#nm-ziu%pkk2WzHYFT5~EGQ%G0UAwg-fd z^Y!XAd`|FeNW2ck>fZ|O3LxF}J^MNU5@T={L-MxzX?1H7)&KK3-lMq?!(SGzfOr=P&f9$z*LvGF~2|TJ6;`*Imq5^ z2@S^`Z9wk#9k8UI4wJ&-PTUUEN!E1r`l&tMeN98MQp(Huy%#G@Z4hE>BFTCC(mTM< zMytbJI(@XEbdtE^Jz=kGu||Y(n>sXy$Kp1WMkh;pKyAC9p$=rYuM3E z4tU;}2Z-Va&n6z!T3?V3RIpfnBdqa|);pC+%x?XHJDQD;NTG6f8V`E_6CIWLJLUWb z#+?K4K$m@s**mZ+?>pw8aDqQyX@xx-m?@j4$Gi4jA*8uz(hv&7cjceH3pRYC?Ea7|;uT`O<7p~% zEV(BuW0QQnN%DmkIfyuc+p|{!7Wb_|;iX7MHQ6d}p(Tdc*S%c1#Al^zOMm?ifR2Ox zMYP|_uPB%ka)&lpq)g@SiY6ol+v!Zx2YTqdP3M>d-M4UBZ7<5$Hf&8>*%+GPiI;ob z58Hc|eL@0?;hvCK*=O;tGUZoXa!IZk`+0t|bM6ym@T|fsYAV6iNaCC2ozG3y?O%8D z{SAOYD!al1(PvB^Q1LG*eVgx4MEi!~UihJE02cK0o1U?z-!)nJ@L8@c97^5emP`?$jpF07mb`UJV6* z#c8hv{w@8YbV_AA-ZyvRq8;HM)Yvm#!0h^jW_4UK^VQf07|qoCK!_ov)_K+U+Skz<8t!fDJuzZ5LUA>)96Ex}Fh$pN2aA?YDj)f{IM@*R=73-TU z+{pGH^ZJ1RfQ^9SBkpmO|2_Jea2$)5;2BQYQWvI%+$%?jh~fqE(@lA`$eSjA(Sf)> z*pxs18uBe0RzKsx(bnoaDsic#w9uctcG9e~zVCmvBafwe`!sYRBceRrMs%YwOCubIt9}lx{8hW z#ekjef}ZOM;7Xi#c^SGy&Di8hAMPy#ANfB&a}5z`jma8N@-0)}zpOAJ8GdQ61n}Xs zM0*eZ{I;XB$DcqwUbW}C;=BD$Z;@1ODWsz=Z~JhLZ=5_>(*%>R1oZ>B6x)u&Jo;Ds z;pA`ev}Z`k&s%2*R;I4U94h?W^BAZ57ff}XGWM&Sej5WrgtDnmMc1XuRg0g$xaB$H zdB{IsAFvfDg5YtIbL_uD0QtlzhU>-Qx6F6p8yN7^lwFQ^{Wy-YJP3SG9yHdml$m8f z1<67rdnkeILb&zE{maGYYcm{w8OsyX0_#dhhs}?$PMn3;zb9C>A(Ddu2?>67r>HPv zzhi6J>CFr*q^vi`6K+U zMZ!r5l!vO^3cu(lKVl*>gxl?YdpaxSC>%*%B5(!D@ieWl>m|?GMj*zG4yv9l)g=C-m}C zVaEWkqK0baN30Ls+?FuJ-giVZAg+*aK+XeX=aqrAdknj9BYc>~zGbc265RS{Wq!n$ zBt#C(q4lE|1GI6!NLnAK+WjFFTF5j%qJQZVyfHuB_pYek`>b3V<_E#d6WoomTHcaG z{KM}ii^mtQ%k6;k^IU~Cl~!xxeV<;aeXno#wJ6lrxV)H;*@QvQ|JX~it;TRz>bneQ z&DO{60bSlKil6`pW6h*+mpA;IFZ=D4kpk`e*zakuEw6rz<|kMC!%tQ!qy5pEw1iWf zID3R!l%1vPi*$a+!KYu>ss;<_P^yqrWMTe(*hlD%f0&bAxU22ELgJG*I_J3IRP{Y% zhN|?t6}ObtpgkOjM-8HFhC9En!|>BC>Oq9z?|qF~%XNO6U!cFn_GvWMLwW@9e_!nT z0-U0|BLO&t$W9npWr^Mj_ z;9YsXP*5j&OI5P(3qQR+jwuv8ZwAp-o>o->#9NN1D&Ba4&~9&*{0SzW+=rz>A7=LBIQK!kIXU+ZK7|8u$jJ%U^LbJGS2!W6lx6M&O>lzZ#Ta8jNv>P4 zaE)C_!jR#rePJr}15U;3Hgf0dfRPr!sV4XoZ`Sq< z53z~_0y9oqFegt`hYvPSq2)OE3v+g^zQe`DvW=r58)ImCYj- zQRg!QUJ#B@fI#87ntp1p4iHl8dRw?stMaG5Z(mk$7zLXWsq_a`OiJh<7qiZi0t93}#*kqj}$E4;l zoRaR+Of#4)A1`;l(7=u+n}AFs-ood zUMCRNH}!Dzwvw0mHZHJqfhocFV!ut!HY)|**-YE9>X9RE3U-T0E0-5pQ8op&`PSTa014eM4y5rM?uH0`RXd(Rui=m_qT%%hA(f z@n_L^+;}>}HX_)5aZz=v$ssT;p5LZ_hFt960@KiRD&SyHoq<|qqd-K``F%cX%CbKi za{Bi#^tN;C=gK#iu8>=JI_OIr5GF}*C(oWZ;L1(r6A&`!&TH8zg3~jH&9Pi{XatCDD9n?b)k2>xWa!)^w|SJ^6d+j;uTpQuy{EjUmb#b9Z!Le%xn)^Y1Rc zeGY#yRU(J*VF@C3A0BC`34}Juc$*xfZB zgw(zYFO);?-?i%t7}9=Ri(c>xgUf^dZEeYJH6o~@g0=>vt*;L3Y#C$uyybN969W2* z=4EOXW|UuC#$OnT4D;gpEM7;MZNc-ym3W`&bUzR9)hX=lLH{n;>7>arrEi`*OtysS z>r2`fLj1@!e-OrEq+1Y2PeT7mgWzJ)R0Mpm^C;#0i3nr0>2xkH-eOhw?e#AVs7W7! ztvK;X+fc@a6?JTL3661Lbf+2>~3Tmd)?@ybg!=-_J)rV!rG1ug9yuoWul)$bJ62DUUC7v`BvdjYeEZMMN=+{g7cq1;J#;CIzL zy0Bv7ZwxF=aU2<(05!{4x1E9*8l3%hJ1{^0d@ZtO;qUBg;i=D|=um!;4vr0*bv@OF zny@MMv-kj>RA=WsFSQ@*^t4z^k@L4;x%*0WmRv{ryn8u)F$z`qbrOnt2q2}Xjx3SZ zTw6v^`w|@5HLZD%ruPTu;)5%QNZKBf!F+vMuWFZR5GkX%OZ^J7I?JFx5QpXDyQ}%l zt7SIk0cQ+pgz^|bf5)N9ru&#_KC)8j8`AE*yQn5O;#(c9X&Z@lKgzfac*T8|DBmZb z+fx6TQOc~#h%LMR4Ew1@SpkpVuL%n^{*52VI=q0hn6PHdP_3ahx+%(Q<>iaa9^SH-BP4l(!XDId$G6c z1xB2{OdBvi+Sf1<6@M0nRCRdLvrljg)m3_(i-_BrK&gA^HK`Fk+#0&cl3_3#FuwaJke*s`zs9`fgLP-wNaj4h>~!n61!~EgX%RN%O`I3{{(6p% zorW*P{MeKpz1G9rX!n?&G^jS6AN(-hWA}O*Te%_5ToBFSzW-0BP4=9Mk~4cQLsPI~fN`&@xYSr*F7ib20qjGa!v{-8A zpZ;v#^;F)1*FLGbhml5(>IV0%RaNlt@gC*m5FYt+ARs%4C*Ag*009=oJuCC0sYdcW z&{>It4#l*r?_71@@qNNE`*V+==PjO-P(j#zv!~$u-_rB!BV$g zNr}&e8hgJ{rzwrCxjpK@(tl%D5%(a&gX(|wjqC<8zA+D#^IWa-pC>N&JqvofrxY+b zoI;BHtb(TT{w>^Ghp1n%mt=oe=wNcpcs@t$FGYAP3jrP3$PDj6{GUiQw92)UZLfyl_u>iXHN(N%y1?dv)1AxTYMlHSDF!+)$f z=N3!_Z)&Z!2kH_0)r=nubbvoK8ewC^-;1%Ylnn|2_HVy$3cz~8{p(gD!ZWDL9Fbi{ zY;Ze%pm%kIlHL)RgY3;t#&UvPZSOulG>=O>UM=t+KHlBfY0JP0;#ntr;75rw4;+v_lI-~XHM|F`!K0l?kP2&Da zK>pYY^eef>A8a`lq4v7Aq0hd|s(oZxW0kMZ*K6&4;VwSX5y>CqkJZ}{#dUUHW*#*5D(a$j1*MJZGeA=9p831mVH+eOdg6Md`o@xGAH z;MGLkTxH{@)IRz8B2;=oXFWt`C!LOc@a4@Xx$5MZ@J{21^9s>Loz+iQ5VK${sbB+d za&Ymef(w&=y3`hJ4|Q->NSNWSuCVr7ni7KoACg@$NJvf)XLUPJBtv@~$QPW&dnlFT z?}^I)wQNJFEcvHG>PQR=GcTu;?UfgByZk|f)jhL+)}zZjv1dF@d3(^sA#<4qPsyC_ zN`6Dw7bz75TzuQV?%y*NUQejO?03F0pki^6^9*kH)OX@^(4!9Ioi2)wJ?uqAX@B-^ z{SP{DU-rwKZa0Bko;5WMI@tiofg^HdZm!G6SYKcWG)Yj=F#R1&O5ytZT;&}-Fz;1J z%*fu4Hgul1Z}#uUsa{RRN2+hFo>vdBdZx?sN%I~JAd=(>GYlY9`_<*AMN{wmD_ z$U~vCv!UQfEimkk%h=_w%!itC%!c+m7ABGMW7V}&|GPJ@_-(`t_;tS!81?Ix_5Eaq zL2kdMskx8i9}^85yzmp`>%$!CyNyfdcYkw9>{NX)@(RMn^WsiWJh>$a`4$TNj=Bg8 zcRp-m8JSSsN?d+h4%$1ULe>>2_5_0a(Ph_!K@dqWn-RMluHu&^D4ypc=E!8m`4n!12YO4?B+;#_dxaS;ecWIMI^%1R6n+FyK-7expKB*J{@h)d?3|A z6;E2dL7%r@<@?;u*s`%P3e5c>uyX?s5wD{UmzTV+qmWumT>C|JUCuzWhs0az8FFO; z`70wTFb?UwoF2zcGFD$w?u#oxzXInAq5}|>NdQ0FB2yR5M{pwC4sm|CH)6^IkLj~Q zkc%w=b(28~ogakcKynxA7&cIxvV+&~ zC37$%ZLl$0`}@Ipgq1{B2T4b_Rgc=pw!Ep}Xh-ieXkRw!>Yf3?57hGwS~3fJuE=Cy zs#v5(@>ckH2^>yazp1JAtZq*B?9l=U zLnyRge*4A>=u+GbKgF;#L;vxem;F(O_NIk0-Y}4@C%$>uv$yBmzH?g&C@^pP|+@&pG()_{BJ#q~_VYm8*dfvOK zvnQ@CPO`OiSq}C+zA=9fD{TD+8Y`aot&)&Wn0EnL4eqa#{RkS#2~P0fO`D&K& z-Al<-`*gc+jBL7Cn1xhs`{()yFSlpAg@ylO_BCh%)qiadQgYNEks3%2>}#DB>LxjZiujI2C0!uS2Sb2;s9A9K+qMw=-^`L90a+;C6ypP=(x_kH zx_6T8rwnbI{aE^1>N(ElD{VamURHnk6`afG^9=_tJcZKo?GOSBE7vRv1cu>xt(4__ z(e>Z*vud_X?kGuV)!Bd~7_+bIX}<~cn>Ul36_fQ{)Gw#6DDczX_NDr1a2Z;TR2~yl ze%aR?GC%FN;O~CVGQ0_%GRka1qJne26=H6N$qRiJ2z7y0PlzAhch%7twZTmHFOZg< z!pY1s+9SP5L*^+D<^p+@^Ap`A%Vmw~`?rX(9|$(jmXiU7`0ycPAz<{^zV+E}gpm7C|L75dbRht>CNpuN zhmnNNig~uwmVP~7g3iNYZ;!Y6!vpL}CoE7&FzCBexc9&ypAc=>TN_ zh@m+3y?upfNzTSc8&*PM-FJ|kQH_@*3X+mM7g;!ZPfchu%sij<0pug+YJxxFkFeA{ zgf!S{3*z&Mo~M(PU@)CUzIi&9EkX3g^Ol)?Zl57Y8avrGNjzsg4egiagl_-_EB*}t zkoF3}VIPn0Q~1{jDNpyu(cSmS>7%gb93{c)#B(6c*9*7r3i}OBfgG4TIFx_4#E>qy z%ypmdXGM;loDBgj18(kZR*2nFnEfA9k85TuccoK|8{GjwZT$)5{d|}Puus{W7`7Ad zu^^sWv0$2T;_k4Ee4ZX@&}abV4Db*GjjMVaY9rB+ozcl;K+RO8iYWvlFL2>vHA|0H z7Co0#jw^6=>~T^<=q&FydF6Fe8&di6B8d1lJSpCYNst**>tQU`$gnr|VB!Xwb{55w zhQ;LQ%*XGmW22P4`RKo$7E&`u>A{TQ_#rzjxnC?ith63Q^c6;5hR1E9CcEEXtcSW5 z4I2quiAldUv}X-DdI5+WFXjh|j08Ze`D5Szie8m`Voz3brzG#KY56AFH-j|r1%io}L{O+na1oTNEhrSU1|;uR>(11_i*pSw z>|WR1&hHTaVH7_}&(Pjd`TSgy9!wJB_YAD~Aj+wG`Z48u*q&MyVRsO;Q&j3WeO;I@ zR)UFoCAj-U4|4Osy){OW&VBC<47~TaO%_MFpqP}6fwi(!qG98zs~^Z~-fSEhhr>?M zAJ$%bz^Rv8Nh+#8=Hv3K-<7hT)KkY7v1bzEH=FREt_I(p<^AE|h7$IPi)P*2eYfy2 zE7pC-@(=FI@Z=z*ti;~)fP_6+Q>{X8$f<|diuQ)9<@x%&tFV58UfT&Pz2E_=tWUWI zg2(4xcB0z|{m~~+CyH7&l;VG3D$#|pr_;IgnA82*Bz0XK%Jm!OW-g%l94NTkW(3gV z=iGaNai&}0^E_v0`uyp<-C#7idAn&FBpe!N)+y=m1ZCCQuOC;6CE2t@s109|nR+D( zg}0%<#EEc9a)nPls@YC0685E*4}~Wy$HNXpVs@yA#Q)TI7~HHZpmg~I{hTRt-9F;@ z@`s&T*kGl1gv@--xE!=`lWs1n@mpPOW%iE(+K-82dze%3Lo7*wxqTF6S0?=H`g7@6|5U+qYNCa@177DoX^PilIU-?ks>4zIQ5B9PZV0lDum{lM?=|9lEq zc9~d;rc3R#5Gn-`t>$5#DUGPf&LpMxLRHdK!)V2oA};N361gJ6&YhI0;VnjGA<`lkxGRQj!i{c&VFwQGkczRP-bH_IhXN z%RHF)&1SKuykLFH;W0BB@d-?MtUM=Y4)Y zy&;9=kyfP~5*y)U9Dg=?D9d4qU(bC*FenZ)m-gIG1w97qq@V5E%Ie96&JliXhR}uZ z%KfRQJTPibxAW}?Nu7OVe2=Ou=x|j$ToiehFd*#jGt!QIAYX~8cIZ!fmlUcP4+X&j zV?`*`;5?n?deEd4igyGt5;7k|ID!;t|Mej62fwqt4sU^F*unfUrw`B=ek^JO@s;-K zE4pFh6|4;Ve$Xj>W2g^zuVGS^D+O%Eeq?c;t%ZJRJq>E+sW@ zHJpZv*~s48e6of*@>E2UP9VH1;>g$B0e_0CJMs1P1wd>3nV~DPu|i5!GGk%&`1t!F zVtk_$M_iPd zQ>{&$Y;ABF@-=h}FbdPA9A`H-MCcNf!S~{0t5%R!QFk$F<10qt(G8ROy^Q;6KELTi zVT+M7lJATw6cqRQY3cDcF}Fxq(vEI6`4`48u$%egw=Q6m-d~avQ=dxoQtNk0bG;;= z1)4n52xlc;hZOr@Oi%)lbY(ami6GqeC5^`T1O>G^tkAK7X2{vX7#0V3cm6 zAwP$7cCY%Spjuzb3Dpot)zUDTj&$t*Hj`xLiIlRdMh#FmBTxMc_z!nC zK9(wo=x|^B&r7|=c&LON4>K|JqP7J_e&87U{>E>ylEk!m&`_pUaL{6(8YemJ=sL;8 zKeVSY!2REYu}{Kb87aAV&~*fHVxi`6d=+1v^_R3%PP0yV) z0~0w3g6m)M$%I3x!2_VRypp2X9w@`IM0a30+3XnHPZF{%pNZoue=&*XSZFhAlW1by z*)6H|GlkXR2?MugFCmeS$)YLLW8^2dKNx(!5*#2*+`JYTI^lC9)k|glCEiSU)j7|@ zyTgS!X+XeDk6d5R*XP8+`@OY(Vq*U6eTD};kgPJC<==eVZYw6M!y}92jkGS-DiiAjnmC-#5R_yDvha&q5C!k3 z@!i*G{`J%M>+pvGJd9*(+FaakB7B;ZqiefqAL7+8yrEMN`nvXHC}wUcH`mpRaz;@vfl`$0P?KO1ZAk%jUJ6%+d2}vZW zkXxp!djG;k^m-V2;7xz(Q&3b<6y?u(*@CC!XaD=Ate<3dE~M}5C5*>+%%zF^{@{J| zcgDQ4=NDY^>)vM+l52EfpfoP=85GdHuoCyDvg($<@>oE25$|f!4CBy81wmk({3o=m z0(EYuIxYp=WB;tB(5|?CnROjvN7TisWbA6i}8b+N5(I6Yekzil*eDn5CkaSMcQvXb zNyFq%Y1t>wJe2%~F2+^jCx#vMsbYzxJdN)7O96j+q7a^>*)Jni8ZJe--JMz6b*8kl z;L{mNhi)^r!C;=bK-e3y3+Ao|Eqp7)qz8vzB)@A?Km6*LX6Z z)zItgMP!yem>voVKFGqgNu^Vr9lL}K@A<8I{%n7Zi^lvj6;Lu3p}*{|k%#rYs1_DE z6k#OZ$aX*Lp!N%!-M@G03T&{rFPiMH;GWeD7R-!OOD9BH;QUiSd%maoa7PoYt@j`e z9vd}1aP^Np4FFE7)Z4jCUEa8WzASJLwBV!oB)eBhQy*Ku5GnI$(|zDBqGVm$;&Qz~ z+8=D*(w*AlQ5K_malS28d&`OKpP#9;o>b;07KDNXN`6@0h7=(zp9r)l)AEtedPqOtK;AzXjn7O@I< z7hV{O=6-IsBHV0$h9Ub~e>=srrM5K!fcNzpRYy3ycFpzvei?lFx${<_5gp5zd)lM5 zzncVy%hQUWWavXQ1KeskeqJl`(3Why<|~jD^Y*= z+P|wO;v^sD0IiH@LQ22OGKtJR1sLQ63VR#U-@(_1DTL%#(VjH^4l^prc5_`4g zubERtAb)g_je@(cKuhS@N_P5Q?~!iI!z5dV!S2CJV|QL0j;*U6njUOOih$8#@is5- z)9;?3O95Ku6VI#ML+8xRIl*l3#EkgM??l>CiAP%SDfTs1t=xLS!l|ECr%Skv59-w{ zl{gy&UmiT2<=-!`Dpu@cl60NcE_B5k1cHy4@br=}a0)p>uKBZL=;_fAmU7w{a-u-x zJN33{^HTU3+XrO-mABTO9(D$y^$a0*4!`@k`Md^9oWwF(>U)R{Qf=`$VjQ1qdE#b4 zTp$^o2;?-YNURZ?Aon;=Ywq}<#0GfhkO7brmz12E&VzJiDy)7@$;)l%jQL((N5QNH z?ifB}I~!7vS>R-fG79)OxOLUU4V~~#Ay{L@TK=#c<-q*_>D$`zhEUpR9i9+Q7k_e5 zP?jWEGUFT|hcv}B>48XCYXe%#Yt~aF+!UtnD~MSU+j&^`-_z&pYLh-3eFvbQY2w!B z$tO&4;lDoB6i)mJwJXgPUagfts6TE;0~pUI0S4jZ!r#^@nJPM!>vJ$pXdB>@-y&5k zl;J{yGe=z*xN-``PV-X9nXZHt{2Pv|*|@EA8ZAF~87Kawj847}gVZ4s5U8@f^TzZz zwR8+1yx8_dQ~drsDwwvHK5oXsT;+N=fXMgS=UJN@dZu1|;4&}(tjMgB@O=_5`HTLm z*}tCEK9fv2BoNpO_hvm-eKDZFhocQ_4#G<_5B%G9*Y+IJ6SVJndF(9n^SS5#9-|7A zOHqfqk&c5uBHI$=F$>rvv5i51fxYy4%*cXWL ze7yGwjeMh@;BYq1;AKD*HX&$aRYv2*TD#M67K#P_)MH|NRWG0$ibCr2eY&4)Pl|&; zV%0$7o=EPZhZ7J+RG2y+_n}(SpuAR9c$7R6A%tGl z7jzoWoL~ZU4(^|XyyGu%VCP?sPyfeyg!Ln!EJCf;o!m)RrYcjO!@5 zPp=byLe+$pdQ@fDd3g|$(O656j!ZwwH)XoFd+npidBKkONKF{HD(cz9T}#JLr3R)t^jHyI%M;R_+j%@P0UsZD!=qw6}uuu$m)K#hVWd0zuCi~1ZsC9 z%h}qU;g1NU^td6aDYKi~llRW~ZHTej))*=)Mc?n9#*9H!dg*ufHe_`9H8M5Uy4RW` z=J#{?={84qw@P|&2n>zqO-Z;smr3F?+6DM~^gjBFhqyam zUuN&o%?DnreIQYKhIw2?7rXl7P3)hSr|f)?Ta)iDQvvBSlSPWnVV`$~i;q<7o@x;` zw#C>hn@GYt-(0DDyF;$+XC_FhBTKT5VKTY1JGTbN^Oq_&H1bIRDhhWEce)-EBnspr z^dN7-_zt(jbP>P4%yh_(YT}B=94;DjqnTBJ==alkbeSwp&xie1r5*5e&cpW@S4}zy z^)d2`7zsPOSM6$wmxZmwqEl9yOV&LG78bIxK!S#;CRXx2=)(A*gW~wVl8Wf%Yr|=H=>z3i3ogA@9XyC8SMo=m;Mb*@XCK~1`Ofaz5P@=El(;3N z(W-T(uCF&7N=&IVyC*~fAQg6jJgv!oPTl09+$r*gGl5QswXcbUw%T{QN@I$$`MND{ zr*J1D>Y8rz)ZmHzswD*;$%Qm)zlRjLl4Jrr`Oncr?^7!}BJ3VG|IVss-e)E5#HPWU ztW7AfCEn&hgd$Gg&Ot_1UEO*No%nvgHQ`%+rRYLP5Mfg?Es5TGz){oMgO;7k>@@iS z>*)|=K)b=uU@s&ZK~?Jd&WniqEthAAlFkE!>(X38_lBgQ_3IsB2{+oaiGZ*DihG|! z+xX!h>#coM=d<~fgZ$XqLi#QV)6x7bMq<;O@U=x-^^D!=LB(nvjcm^)*BApx3lsmw+TJF$wP|3wMX; z@ymz`NSv|he+xZH`YC(~S46;_JMZ;14~r2w#uB09g)IPr&ds}x>s|Wu-`BQ(MN+o@K|BN|}j(3PLeB$s#%;CNCWKzbt)rC_6 zU+;k{DDK*r=g*=XdghB3!-41Xb092xA;haQ_xdORJ-y}ZezEbbZn?(E@=-pn;6jkb z3)vvvevnRD_m|eaDKblw6SM9cuR#CIHWQp<=!#7HF-Nmisa-5%M` zGxoyUlf7g0S##}8c_EqrPv@35qPZyLbiaew{c+_J7hfLN>#w`Yck%FCo)O>O5GOw9 z*JQ7|Mh$n5e{^^JC2#6;-=`Pm3xvH-pwjg| zQTL&+E%hISy)fV8lG>`*2sZk&e?R0-_+nICpE!dfpEtiPU2}oE{?fPfh+>vKl{gp@ zI~_ELE*^I_B|6407ERYK9U2eg{j>CWdEkzCRJb+TuPg1fCE~I!7EIHgo2&X6$r;sM zIB@LaVxiQ&NM^AbBJ$omCca*CCVH9Hu&(0i`>bRVa+kP~As|o1GZy&|I;CZZlXE+?UR7ieKa*rwZxz-;XCXh31zB0o( z($#&bQ#bcyq?BrwZv$m!^&4A`>iPx19+ANP=T*rrS_gWY@%t-Fokcku0X^f!?lBI zTYAJRbw}Y$+8<7Mz#A)mR{Wee4flkPLUB84h9el0YVeaB7Hbx|vL|NslxlASfrH46 z*so~h71%JO5>bUP4G{?kYW`de)M&z#p&5d%_%(h(SXlOiz6u#rI?cFWdNNPHZ+QNG zpN=mAVbM&pmcA6wj04eMA$>FR{aBhjdowHX{2iBT!#@Ba2?9~Ghfv_uuWe#HhMlO4 zY~KeRDQTAw z+Is^fhNUitppM5x0c*bsIcoR6N@JN3`t=Am2K?LSyBW)9cc=Lw%@yFL^JB@;vzT}{ zlN+Y|OLttFFWX9>Qyq-C_U;8gUOwNGetClfemO0V)LKrZ=3ZazU|kQ4=b)UF)6E}K zBM$CHI^6t0AgXQpjoa^B4qlp zsm58f^#l3U_pGdsDxcVi#mi>yTGas0DbE6JQ2KQrSqx^~b&)FC3V|=JS zLE~}3dXGENlVIXX;!H}_pot9VDnHNT$np*DM`>SMDDLxoQo{amL)f*Iz-9qV)ScZ6 zPS$*Ak$q9++rW3o(d)LKrP8adDiAK5%dquk>kk^l~TW0P; zBlm3}|DsN507UaMbtk_GCR86OSr0MVKl-#ELcjhhV*K*i?~*w=j4HVGxR0N3y=+&g z8E_Lz*xWq~I4x4vlGzG@1OEBpwC;K0vEAs=^K!{pm%=a%S?C)W`eV(mlV*4l!PsAB znp5u2$J_!q&Ir;>zve5(WGb=xCrh2%dA+ggmu%jNo!a-}5D`zxC65igA6{u_ zUfQ6a^yF|*C-+)(_c>m_Ylc9?GZs1%SXCwHfq1A~4uYFHQ$}*cA3)-8aiSed9PBObOchy-(U1&&c%&e5Fm{&&ez_i&(ibw8Sqs*0yJ_t z$gfts-)9cjGd6kE1uO#mi*QXY7G*XvgK5IAb9D00iujnp{dkID+G5v!j>ql$Jo+~5 zx6|SACWmM6)Q|~6f9`q?{L@?kJo4Q%J^Ai$_f^W3OH%@d%iRBC)vD6zw-#Jv(q13~ zwl)_7(^f)xJ#QIjPyo#6?}-hLEvuKcjqR1V6o%XBtmfUj>Gp%sA*p83#+JBK$|~NU zF9(Ug1pBPQ&pAL%3by96f=cIt1I9&m;arUG?Q;c%HQS<0!yPJMznH%pCyPgRqMj-T z=OOm$oyQuf#;%2*>A$n@s5kTtAs9HE_qzsVwXD}|fsBsR9w9Tjh|Ud;=Ne;Qmr0v; zC|a8@=$9NfGF7EFSD&&cjP-}I4}KM+;`Tj~A3(mSkG>b{d2(34##=AAqZ)mP?#y!de z?ob}6p7`Kx;yxdrUTWDw(+?snn=pYHGeHG1OWrvUzLwWbDD!eTH2x18FY~uW;^-3* zAL_J*}>ADhV}L1=Z`IDW8lNSuI8LM%!LLp2T=DEK{(xCu$~pV#j8Bp7k|P> zs6A5%8#W`%?cult;R{_|-UOlF#;8(7)fN`Xix={sbEo=pb+`s;%3V`ffe2j3%UNe6 zZEzfu`wp%MiJJFGOueZNw4)YQwI3fUovb#T_g)*E!u))r5ayAmm`y&)oxjx>Y4 zwLkZw;wgW^h7>^TsaQL^ z^2_7Fna+N>u+;ZB$-y>Gvq@T(0I=4Aq919BrSlpXJOW$uhe8Zb$M5uB$)S~RkE~(d zk67A}saH$~1Pr~Kv*v$tanV^YhLxpVq_5!jy!o3B=O8$@)S{g(Fw(;IHUIX&Bk3YG zFM)S{**BOXMo7-q)^*$`hj5G&DN@Dk({N+GB>wP9FEAbTw!Qrj zg!w#-Ftwf9Rpb*!o#i`SJxNL9zfY8dCBtKCCf&Uj%-Jt{60ZBg#>XshPdEN^$$q{_ zKWABCwIHLTcb5q2<)l?E>g@qLaWD8ZPSsMHZYCi?09j^X?+ES>=EO%6v?_pp8w}8q zFF$)V-Xw1y-OI;o$fh2ZqR`;53;sCgB>ET`@)^ZZDI(`P9>x>FIn){3K^~H4Lp%*# zxC5(ol3wHqke%9*pGT2X%HPiz){y-OKfAE#`oK#_n0Y3MF7QKynTBf zkx`(n=;)hMNJmdNta~w#ZT3xOZfo1{(z7!^ou_|4``d)Xz&zaoa-VSar^Wky_xkHa zouu0AjeS%uuD{@PC$od=*0v2=4ouDWzKl0petMTHxT;c-?_(Lck7?5nLxyl^Wk|9K zYPH{wzrh}1c*ps3hLZelI@FiOBS$=L#i_>skTwLzkN7~qLNlCp>$p^*ReHKhFLLb) z)$$ub{DA5B63cn$$|NXlEkrT%=%hF)jSp2Cf`)QKu=+(30k3~w)WvuR#? z#ML;$l6N6j)lz+aC{OvN&9h`qV=d^i@!@1Dm_dO*ipOoW<&aMI`?CM3nlp*)X}@^G z07?sK1rQg#(hIT(Llg5~Z&v`$ml>#@rmoV><36TKgLJM0m6LGWK$DiE7E4vBHQf4A z_9P8O&bn&hi7Ctrx|fP&+&`qsP@B=mG1pet=jMcvZ393Kid`kT`{qfDa4gQTWsUO zMkufDOQ@V6^~^ZAagna^`(=xHAIhowbViI(sRlORTo-4^>3x>7MJ0XKdQ;u&rhq+L zPSR+*o4mmd$=D??G`C7;8S<;CWnb0;5XAuKC|}p^0gDCHz`}#MZxtl9AaVa%+qqb7 zgV3?VcYSu_4;zyaNY}h=8aTY|kvh7GN>FrnMns8xh$?Vr;ajC#wSs<#dlx9M)_^$y zGff5Q0h&ptP2sM*bv6&$_1nYs{X4^KMFqd@$3yjtgOj$&*pvRG=SfEC489ZbH7xZe zcWTl_+{dj~uB_P$s7R$${z%00<@H)g;apNCiz)&GI868i|Jg?6MprpT@O^AhSSgp7)X)v%SBT)Xil#zX8MsuL(4JdHKE>`TG`@{ebnMn+vMAQRP5hFsKUh z=6I0cJ8ZsKt74_D%t>>26u${jVFxWu;itl`Vq0GCLCd?;K@@aM=07zFu&P7(;cU-a zegj%s2aEu3d54!=hRAS5RQPK~LZ!oQ3E~o)eS~v~BDfJ5%?_B=x74g#5u-l;a+;)j z_)uBBSoFL^Zm)dSPUea~CGR?Z3j()|L9)XD4jQ#j@rI)#_q6Z@6)QTOjb znSxbf%3L15jIv4yKnn}s{;k&VSbFv_8Fs;NE}`5-O2lERsZ=YxJ4W35G$=%i3lhuY@1_LmK z!pOpuAt(>Yo{~aH=71qsP-R$impo2t|7O<;ZfynKkp}BR(QnvgA83n;ZyAq<$k0&g zY`++C3-uQ^C-mRvCJ&)~^69>+-S!s$=|rtk_ui6a#S6j|jaM_9LwdZRn|w=johE++ z32N3`@F-bXl{3d+{G2{n%pb;^@ry*<_Dsk;*`oF3V-HEhgPR+^;;aA{lc-=ImG&8t z2Nso?c~5P3X|Htdr7W^@B#lFO;~O2VjnS33AmAsS>F$^`kO6A437+HinK%d9TrLmd zb!3MrJm2?eR!5D2t&d6|ZQX&eVIMx>ag_Jb zY{V;qQTy0OC~QfZvuEEzGBfL|S0I7-Kt1AT=WymHOq4quvaCsC^;|z*hu;sW?jSEN zNvXWg9UyskzPg|k52tD$q4@_N(4L3T^SuDEDw>h!tN**+t(S_qxcx3C1gd_gUeOwUhSA@C0N zz3;1!SzT)GPafb6ryt3&0fM%!Y;+tbbX(DQ6C)_4@GsC89?zU)E{i8|e%^{|sW}@8 z;qzCSH|&@<6n&F>Y!XRT{nCn$?(ircvE3MRvOBNl%Y8uxLeyQBmWcn}4}0fw>&yVUu+6Mx_sq=4R_=)X2!+QFEYO^WSNC(m>b{KdsFqB*jwC<> zc;fKJ&?iL~!A~=QgKr-+*E6*95_!I#H;|s?JVI$B-PnW@I-x1(JK7P`=eAml#b$Rn z5Ub~S(;ifx?Y(BK_Q|y41%2KRSgQR#hyH6xcl?q<6;$mMipmXggP4t$Z)FeZbwJSC zQphLRs5(t;pH#)(@vr_(`x=pDd< zf}5|bLzztx1sfbUFg$EMEIwC++mtovHaHRtIasg8@M3Y{5kZU~RzLcdw<}M_*{P>1 z8K5Eq=tb@crc0X-yOc?6J;wN^G=0iX{kupd-&suMO1XT4rB4X*K=)prgDF>Q4H62# za*70P>1iQIE~Vd+y%!SimvOHWXG?E1BEf2Y{ajstbJXzj+iSMdD~c4ouaF8HXC{A+ z=VAK}&0JA_g+TD)l{B<%+$x)G5CfU2m2DVBsr(54M);R6G6{Hm&IVi%#?Bww#9!01 z{e^jOLW=u$cG*wJs!cpYfd1Fj)Nf6cewDAT9I{iQW>g#e_93T|+%_^=?PA@!rLEV& z7MtG<5uc`vy-hp-f8sLFza9w09K}W6!?m3^cwhm4u1?h0T3@VzHIKOPe(fB_8f$4w zanvm&wQ9e1^rxUMwskYbO6Q`}jhRA4Qj2`L3P7BdFBQwy(@g%tx;4`IA}*7>HxtXF z#uEY!0YLNYZlWQ+{irXLM|P%Ot8n1K4MctrWxOZXLr>m&58=%b;EW}IB^+J69lY`= zL%a3h?yFW-vm=Q&TA0E~QweXxaZ_PorLI2M{X*cN1#<$04p@+&rR5i_Z_rI#iCUwC z!7zgBDV)Ne8f7<`pT;ziFyu-`vR5sz!Ui_-0DYz{dsj8Q6{?M_@TM|;5yBoZA%sAs z=hrudN2AYPsFzVIan$YPY(RTZBvsKGr3GmD^WDD_U04(BCz;knLUzcrXUfZu5P_)t z=s#Y6l)O-{#lb{_@BtxgKw0`6xW0Q)!;48HaOTb{pa+!@@ZkPSVN>^SLG z-;O3Ft>XYt3TC~w4TBPTsWSdL$JZiXHAoYRJ$95A*POJD-;rV*k*%%EZ;I~M43OED z<74W3QXt~eKxav2x83UbPn)s_Hwj$39@Ou`L-0OWr@q>cQYL~Xrxb{(-d9~y08OKL zZjM-8q%deBN_VnBQOBK!O<~&Y1a=_(|XE@5v1u_pmwYdd;k3Q1f4YbqH=bbC;DT zIdouY4{fzdY_E2CK8FS!$-{J&0PlFj|91wHqC7i)7d3lrkm*txACO74Q%K}D_RFW_ z?3jyG@6|zMea3Q-;2AfHzSUkt8Ksl6UjZZiBLrA9RUDCtwDuNDir$*IVa4{@sDHJ^ z1~`bFdEs#{f`)z06}=Owcsm$S?keDTMbIu6d_QPoZ81OZZ&Se1W}5k3UmwNwgp?xM zc7VI3m-4j{S!(Xp+x~>UkiZ0OQtbCEMSq8luW;EBD|vZeEN|D*$8fZlX7b}+t~kE% z=&I`-|9`M0Zy7upe{y^-$R784I#Jb5QQfoP?Q0mWd*JVMf7bn&`i&HZwef%#{I#C) z%LzRX{6sC-{N7#l!gd4(1@I|;oXzSe=fdAcQ;qjU_aWkOFr+icGi9b{2T$7zwey?K^ay*U^W<-h zRF`E;cki-AZu+WSmHiEbBDSI0DV@V!b(7;dghtz0z`mHR4;m&hj_`=Tr`Ebr}x&#d<+KnMCJ@XDE2ktLK*&7W*%Q)!TqbkQa)aLJ&Xnd=PhEX zs^fdo4qs46eTn`CQ%v944{T3&XC~MxvLZ_%phP(%c+4E$m@Gz*m8uo^vMj(WU7ZvO z#5~jvd(Sg(b(#^?)1v==Gt|YAhS~rC{Dv0}7vMlEXlVdje_<79&+$AHIqqrY^_lX5 zJ+4-*p!G>S_v@=2%x_8VH!T4)X8QC$ocigy;{N0#14AWHwGJ(B#HVyOou0~f@>2E@ zz)-44#}6h@^ex{pGU0m;W85{DA{#DA!QLl}K1|nB-|xflF$}8mo+S~2%5|vUoRrha zaF?VB@7H|G!pDAD14_<+6zUUx`g~1#EW;#}#Zo0AjFIC4>9iNg*p<&f*`Z-{03{&o zF8eU@?@vK!dp`mjlwWtT4&g@||FRs;u|Q)$73QIMz}Aa(h$QDS2qsNYIcl7cBEq7P zn2Gm7<;hjWEaH?RkPOT%N0H};{?-)1u^!Gg1hvCQCqP`lgY5UK{HzGy>-J2HH&`6^ zec;*0F#L%pPXr98xnL)9=~~`Y&)%7~!uV!umApWc_?g4QVw) zyx+OMq5KKgH{0UhaNL%ub}o>miv_|#=p++HFZ=*LuZn#Kp0!r|8QC(<{$QS$P@&gP zg}Y>dc9ME|McBNpZlT7R0lrX|yCpq9OBKwVh6pD{BG zl6kM6v21?lVJt3`P{8A`a@bAfgCW5SH*v~5_6cg!7**_g=%WA5kK;eGEW1LVOct*S zfDFYwxxUoLuU^bl{%|~*+am7k-4ofLJa}89Yj?OHV(S$>lF)VDm0jEY=V2XB1J^zi zv9x#=bBN#&jN~9M%iox;Q*_ibq?sE#%+b8h-!jYC+5wWI59p67#)ZfdqurDD6PScdd zppB`0=N=Md(c0`|G=kcCrnV369D#3-N*R&*os%_w+pe6Ujfk1j<@bS;fbMP2p0k)~j4v+(d{*wH3aFT0&sOw_Gm!^mU8&Us<8H z(%h?^1Oi3^=`t1aR9|2j9KHezOu~!t2!jSh>OEY0X;yip&b|dpgYp>VmjucHN9$yC z3*_&!7H{M5*HR3?lo`w@U-sb#KhO(F0h3drMaeQBal#K zFkx*yH9q@#G!U{*`9PCkd}Lxkk%5?@k@|d6kflHD-t@IzMOS6l1!+~UG;a6}YUc5* zD^%Sfca3!>!o<7}y%RFFQ*O0+S?Fe(7>+JZp;7#$!)+`?Fw!*`N)hwl#;HF>vr)as|kUn(dy!Xcf9~&}}cei@nVZmt7RPEp< z$6Gf&aCs^-U$r4hhO#CJwbnMk(T@87`(2Sg6mYzi8JlYLzx{6XUiVc$i*W2PpXjH- z1Gu7^d&>{{e)LPk`K6b_LJIO;*Yd_#g5R*E$)(DY(amSAPUGX$-dmcnBezwxLL_M~ zp~S@Tud)p?&@dWjgxDe=>`LP$4sdb+56XIEX1s&0RWY$W46J|8SN3=tCeP_;VD?^j zFC3+7as$lvW#3;yowPFO-zk!X5vM0CS@4l`o`mv`dLt_ERQvS%3fV?MnvybUduY4l zz^HOMHOJ&m*w>54GcXiFWBY?j27uIkFebi|6yCnLW2N&e89sj;nj?QzgjYGt;#KV} z!O(2fRKg&oPoPrGgHtmWw$vI~Is`cRAX*KEbY`CG!m1C3LWZpsA1@EOs0mnLn}00( zkLF4ua2VZK0M)<;_-z8}(b9=TCO6P~xm(>Cmd8Go$3gsq=inoS%J*g^8DH9?d2c?~ zMC00Ao93CHhhsY*J(|}qT9TZkjx$e)rA&&Ok<3j&MV!-*UkFH6e}2(wkq|lVubOZ7 zIigx7YCjb%rnBF0i*6WO5!JT;#Y}XTthI762@flZbe?|rwz!X+WoTmbW3^&}2KO*~ z@ZP*26cD_75@`y3Yp_#%c>hdjbHk$i5n1tx`JbZ6`EckC)mpytT>8)l7cb~sbCI+d z8bOd3D}6b`ZL2^H34yF36PO6hfxlmXFw^fp`$T7=V6xV%KBDkx|EPWLhGK0Dmui&} zbOb;rD<{y7j5)z7T3$Zh(T#py7$jDWg0s)~A6qG9v2!v4!O!Ha(v1p`nrCx-;90KmS|@nw)+gb$raucfUlp=V;c}GSXic4c?JR_I+b1-I#O7M8x;S zKi0gN8eR`GQ$Jb?+oIKB9%7Fe3v3qc)eZlX-nS=kH26GQKYmP-c$|SHJT)ew))mcO10PY>0tUwL|n9>I2WMxyuy^yHPUs)JS=}KEry>b19OP% zRn`DCk*i?b>3MQSbfwDdXJgD#Mx+b+>vW)-ZJ)+Y&hOg*a;=fq>Ch;W@g|Y?+#s65ieK;~6{hd7<5*qk zs?3cRqd8zI=)>J9=AAB--=45L@w-Ot$9%OumQu|zc)jcEb-%{^bF)(CBkTodaONLq zA+f1Ey&Pyq-Te1ly@l{8Wks8E5e07 z6q@(RBTgZ3KK8}@{*lm4zXv};-#lpYF@9Th-nH2;+6T}N(0eD9G>G8FUI{7bLt4x8 zaw69x(1znjfbR{gA^p(a-Gghk1GWe5>3(cRXMkK+&aaEo_`x``g-eP>_lXew|TJ zW&Ze*xLjv!hjx^@r1yjRv~kl*l6J0|vEBrb>u1ZaMnuhb?+!$Vb!D|EnN#hU!A zbr-$^a@0Q$5?KThVb~kz7op4@JgKLMdWqwDjiU1^m`s_-0?`E6Q8JOXbX(FSZM?dM z{AD$iY}!ZL0Qq!Yb&fM%~aC4=4oRCk`lApgCrpMIWBkFCH?Zz)aLMfP1P?df&( zvV#LZ-0c!QeaUFP0XYUpJ42Ft^tLab9eC3LNxL*eAcS&R7KIK#8k>>})LK@iXN?R~U(B{_1{MX%f|6~NP#o<_;iW0QXm#Lww?JvbgFYR>n% z<#BYM{FJZ^|Cve&6QO~a43~Z8kVRR)^{NrX8`$O~s4RmxCG~<#%r6%Du*Khk`~5jE zz%#5HHz4kVP4BMhfVd-L86ceRJgj=3VJ3(8{8F!17s-JovTgK{2HXZ{Bj*#pWe#BB zE1DS>rc7@t|6UekxYM)aK5o9#=jktx+7a*f#04mX&K-ZNqy{w6i9!RPy~;&K!Et*u zHtY;^%bqYVk}w=0Y}XIu2?7UGucq+&i2&P2RJVVRy{AcqO!mpGrPMEh-`(`|g#!3? z5=25==P{O<{PY7)vr2)qk~Fh(`)3(d_mQ9%`$ip1r=l z`e z9Ghh(#rVN_W5dk|(Zz|tpAcM7JY4}U2EjIev9v?gE=JFvk#$s^OV(n1+k;#(0FM1M zywD~bg7oMz3@xExM8aS6)Qx{2bk`7P_RXI>f8Jm7>-7jeGBjcg%T43V$F)RC?s~Xb zbpYKDe2tbqTn{PqOfMl2hw3m-AtR56pZ&g5`5T>^=es!PZL%wSjCo0YexK*#p7SRS zdR+?AaD1Ij=1*^y7SKe*CpXTV1xmd>gXYkTMXaW=@i9Pt@q`2%9Omg5FC zw~CaK`6|i}&oT?}1#Qen%Xe?ANSAu=nan_r-$_}jA8N#(zJGd*{o@8DsaA4V%1@#; zyTwT0?@wrwp0Bz^NY_vJFzQRM4&x;&Lx)i=s58?JOPk?yKS?LIu3^KWw4bv6y5}6$ zuTXO39J~QpFI;gl9-}&ys{0x8>~XT*nRFL!O*dP&w?$$vNIqy~HmOLmqde^m)DtSC zq<9_9r)QhkzkR&uD|dVf@iSV*@g5|y&BOdf(li1@2FYvZ&rQ|H!iLNZ+Xpys zPRKspkShO08^&Pb8&xEJ_e(2a+913;IPUUD0#T-Y+WgH0EARa?o}P{^#himjxk<~b zzJ$^B9B(fSvLlqe@s`k_H%FmRYb(PQ)`^lRmGyid(UWR&KRlS!Rj>)aKCO!?y0c2W zu`iG+SFe+ZZgl_xUU(5`%B1ub@zo0dlj*R*;gH)Pm_-qTDZ|u z6RRh{us$|r*vMMF{`RsFk`!yAn{IHU3kv1*mbSq`yUW((ny=0RIX5$U8+!Aa;s7|r zRnbISW-%r_d@m5-5c_s{k}E4cv}&HOkSrUw^9#KuiCcQ2)_0(eG+vm%D`3gF5OJ=M zg7BAR)qqx{S9;W5LZ-a%qqJt!O=^I?&_65`H5Y0^MK)ya9h5bsHjGHkA@Lzww|OF4 z3?Jo#<_8Bl3pC|_$cr9A6*ew(Fxo~C&p8vGPlG?s#FW&~dgN2lVq4|`UliwSg}@`( z5T9=EPN9Ag_ED^P{*-qgJ$V`DMYv;A$9j*qi>xZ~t)cP0JPouN;7P8KA5kQa(V;$tWMk4;PiXk7#Bne`FI8T)&0)f_FO4p zQlD>Q7XeAZI_gZ*sZaxieuRz0^D*%`T&~MIrY&0=!gp3Z=HS~4((fVevwQlu1W!Zt zidHpYrOOlm18VBLx&63hmH8Ay`zCqw>jRa)m1|tHx#sh`jqeFKTLV4KYm~Xd{1Qfn zeBH%NIz|K5MBwwafOx_B&3y)A+DserZhT@vzK^!Oz*b-X{7&eSTIm5SLy z7@ZxxL*l25^7u{O;d^#B_j*;b^~}_V*Fc0h8!MJe-9IKy?cGV{qPmt3t#!^p-QagS z!E}P(Yc!tX#XBqd921WNEgGnAr4^b!_M9`;AQjL3zWFFf+%paxoT6S}&Asp?wb%F5 zoR1_s=+zUf3&gVkm5^6Di^=nRK~w|l?_3Xw7^N7EK7^Hh+x|Svs`(Vy+xPS@ALXw* zKu_-*l*a~%1t19XLr2v0?_@Xo)_TrOId6o&_YByFhNUtX2xDyR-JHi`pP0Z4H}g&3 zY=XK?54Zy5uE%UG?Gx)3+50x_CI1|-m1u0+&tvi--WvYZN=hG_&KX*X*Y)#2Rww%G z_sx5C4Tw_M!o%|ty|@?U#2@~4fDo*aYw${`f~|4GLvfJKM_nqI{x`EYdz_aYPw?Fv z1|p2J{Wn*V&mdxV{@#l<0xb#sH$%?pPDnADf<#teV^*whhcS!K=Bm0S^tjc<6L zSi>q;(^~uM&n1p+erZ+zfp9E1-jV@ESiNHhq|6|Tf&wV|RH*`gDDKw!=no&hOb}?F z{RlqfY$NQO=lk+SS>P`{UOcMM5Hv}~KT_&hIX&y}llOgD(3VQiVTFVK;>rSbd6*Me$WXA;h!Y=%1i*z*qx72lPez3i!hB_1Ae85})s%dsSwa zax`hh-hTzE~7bAd=^z-5ZaVI*!swLre*A z3+z+RX*!F>_Kf{=NQhH7?^UY7h(=?b3-@>6CBahb_ZR;qXb_etA&do%5+`o_-FQtT<+8C0X^$ysxf|`{$0tZxC|KUg+4v z=?rjbzdSOxXP-9-@;6WTd7J#o;%I?>W5Jrli*%0IPrJBM&^bebay6-aj`@5J`$};i zX18OX1jQHt{PdQGlo?^a&C2n5exZg3T%{xJGuYf)K;X;$wFt?iNz%LvmrGf=9;y$_ zMnXu))BU+k-{;mQ%tMHy$1N?^3Yi+S{HcN9bWx%%-Eu4|#=kU{Z(|fb4gVGyGD?2F-Q< zb#Jh>gLw`FG!sU*iP(Dw#e5!g{^@FJzVH-}P|febLZIW5mso=!IQ2nX@UYWE`Aq}# zsPM6$l<__tTkv$wX6Dm za0AYop!`0H;QHBbMBE1Vt@S4oIf*QGKF#a)jH@_i(NPdqTWahTX_zPoJ~Qazlr_`q za7d%#f~L!Q;4TJsnS}c<@ozNr}sU=4P1T&>F^AUR@XMoA7Ch?zq^9< z?oq`r4H!uFx|Jep`TocYH&{Z%Vm1WdFlRV8Prgmq9zNUg=JKbff15w|V&x9`!SMWm zP{&`c;~00o%;BiuaWW{&aw?JvqCVE9#g!xIy~84~M(ptm35sB+sstFtxxdkEd1k$2 zsGNgJh$Fq7-Vu+rxu4BpPR*NsiyMmk8o@}QrBmSeA1gb~kJ?vMtIlk-!(WiFurO(M zjShhxYLKr=A=@6u5>3j0%yMUB2{8@ffuG%ZQ~Pa61KNF>=fHJ^Q(7(V+I?P*y^j;C zQt)G`GJ6GKDM&Z(e%D8eT&TUyXsg%0vQ1ZjF0RkTk?pgJCkdYR8t#uY8DZ=vKlDhs z#{AuH=hNZ1CeZYylT2`}Qc~PLrQQ~(TOIkg_d7|oOB=0D)&~bWE~HAXlGdc*Aemt-UgAa%EH3Q z{~iAptn=e-W80Q&xX9Z5sqjv>6S7bx=dFH!l%#nl=Ycu|uv5Ix(#H#SNcanKJz4jA zA`npwq!I_#4|s}gdps#Br5%5XcA2IGc1qw-4xnzC6di(}h!jB29~=4;?#Uzw$n|Z> zGBE1z2Nhx6Rd+CcaAd|>q>j_c-QRMI#Lmm64z8|0R%&D4m!HJwIGwB5GMi$A$2q_|UiMcl)-pMK(;gDY%VlMs9`@A7 zMU+Tq@;xMST|RI#pN=K;zmHx!*fYTqs@$jgUE#6a5oM1ie<%AO8IC6_&B?ti==4P| zN9wa$uX4(utX(N=sqdyL2E`<=@!IK@&@UstCG>Yq)vbh!lYH~*rni+dP$ z1sZ%v9R99d5KnIB@m7B!z7E)>@Xn8T4^r~&F5ilt@M+w4_z^ zKJ$5B9U+{-$Ss}O-tS@9gbD7ABOt)W0hJi|SR=dFE8hm=Mad_nE{+z$;0%uz#!84ERtI0d54d+e8hv0eVf zYXuz)M`3UKtQi5t-J$w|JP9Lk@^b^^)Q zDI4wt*+#J=0v)nME?&80X8a9ZmHFj@-5Bzo_7R@t0HIWH0Y;rlH6LSc?(9t?X?VZi z>PtDo4gK`KVRgKf5PkLng;g(UnK*ZN89FCP5u=CKpOpvX1=P27J>C+v@Kg59|AI?l znF`~4e>0W2M(tmF)Lsp%1Gp%|TE14LO@^yzH1!Bh|Gh;u+qmp%VIp*Q z)>Wg5BkGbjgO=LBAfF`^AIB3BgOdu9h-k&`x!{jNdT#n8clYp7ZywoQ(*PJ5eA)6J z2O_&}$GeqPXJg$8$b!Xdcq%L0x&Ze)ZV^i_IS+ZJPIT z*QNUOy^^@Uim1SVh6&fJ%lBc{3#Tn~lWr2PMNd!=wa`dB9PvT2?>AyG2p8Gqr%V>N-vD~&NsYZRe#EYlHrUc?&i4GvB?rZNCr`Zu--spWX zprG4RWKZ8+c!nLU7bpYrkBZ<-KG)~`Pxn070D)EDssHOdWe|mss@5-_9;@H(B z@*B3Q0=|esbsW*?rr_O!^K!o575_Gc z`XrC?O3JiMnNh#u<==&Ir)M6q#qG{M-yKtOFTZ6Vlm+`^8m?KWRPu{ClOi&IXj?0@ z%#tU`LXfJWE<(U#t5u=ab)39!MvwKMvf;+%mC1Si8r{9YY!mzQ%lkow5WWV5ff`vJ zU|fgT^8OHAxInYGJ`%>fdg#(>^%TyX3Ai({mxp7%#9|Ge!-d@T7yeO(BlpxoD(#_k zH3Vm_OHJ|fRd&6@X({g&WGx=PD{ViAbEQ`?5|^|(apDZRIl+b4@b0!s{M2WaOAHM~o*udlt6p4Kq61A!@YLr(UwqVD4j&+Www zQVH(Ha5^tf4%iGr`X+NQzoxlwz4eJ@4*u{ESs!WujcZ}8IdHU)AGeNLI1R`kbnRVB zoxIq2u&sP=` zSI#ZbN4>UgX`Dt;?*Y)59X3CUXG(vc&I7cxJYvptHML;r7+jFii*Sp8)73@TdDRo6?t5Rzj-@4kq20W+r8)$XnZg?|&{TYb6AWsKr$n!d z(7*B#{8_O7&P-Op<;^|oVu%1lWN-dru z&49#E{W&x;99)9pkoX)8*N+YYLf#jo(iLsExS8YyTW;1Aw|D>wPJ4bO8KenVuORJ- zN|G_2Eu)~Is)xFS9Wfqz#_W{pa%3HgAII$#f%?Sg`J2y|-i&JnGRz$uHLHOAq^(wd zq0FOwFIxGG1VeU|+Y81?uP9It1hSS#5M=x$Rb3Nwhwj2J$LM#fZ!J|7qkja$fvr8% z5uhbYC`fMAYMGDpEx(c$zlIM?7??E9`XhR1Z@NC(g|^=sabI|DUFIeXLZwD(EqvoVNzhRI=Zn2PPkK?SpV>;P`O6(7L%w{*le5Y_z@(IIw_T*x>ob5# zFKqgpZ_ihG3|(nR`>5wq<{F|4zU7D3r?8s6)XO1}#iL|EGEvPqV1u1ZwmtyU9(t{k ztR?Bg0ODPpXMro;(+Az7$9Urko#G&MBAWrg<6O#se5=&{x(w@Hir$x!_u&W^?`$r9 zdq@j;U1dAn33x_RTZ^_f%v0I%K~oY&fhZCY1f1(X+%p-rE2*rFS6Iwx@PJ{+*qsad zyE;$c$}qacqAmlNZrXWrxKdL6qE*%MFSk7^`s~}v!uGtz;FqYp+3o;Yi3r*u{=}hD zoiUmB`!>?giYQPCss;l`9pT_60*L>xKi*G+D7`k2Vb?;5z)7Rbe^yrz6WpRpCd?Nep3*R+ETCT4EAxkU!T>dbJFq5sFc8ziVDp4j+lF=yICix{+8KaEW1Y} zI^trAe!E^fxi3z!b2>!(pnx&y>0#^_d~eF>&oOD-@gx%abIPsBl%p7#{RY$%dIIx6 zc6Z_pll1dLi#X?_-Ef$vy@69!;yH!oV1&OIApAPzn^1NqqcnSN^sh(ji07`KH43GhlGCgUBg%2U2aXypgN}L1Z+4_aG?@096dLU)= zA1-`?2H&5%p>kJ*M#bh5C*Y>^*AJROelV=U>DU65FWxRncxjMRin)AQXSE@M>~%DnoY?3vd{q+k!LtxD)8n+EHvze;ra^6guNITsw`*em z0a`D!f6K^TJmmntt)t$Id;Xfbn<35nebeF(wMToXisLUHzJP4AimPTcH%a%25BDwi z`6K+=D;@Dpaby=h&DJXe2&G}d6O5aAl<4j%JXGCS5dA>oM}1s=tu<1&o0>azpBg)P zge_mlYQ6?H{-BttMli7gnCyNOp@eS1q~PM}r*XJCuV`df`M3=IoSlC1{h0IS>r(L4 zF>Fghik3&f#q%KU1>z`EL0|CM?_E0!74#B^Ju10iNc=Jh${0{>!cp^nq%6CPO$2gQ z@~M?UcG`hOMr7Tfel-M&u58wu8vOubiM&R&$C%E)h*p=X4)E$X2Z!kQ-iYYA&aXG} z(np|@{=P=^1SF=8yGU>q5m&f*xy{7?=Co<{s9v=vcE4ZjHoWA^ZSPmyQ@AuE&75C9 zRZ;Xs``jihBl+9(o?E&{o%XhqSVeaKFRb8|9_V4em&>?=#+TozP+9@IvslkmFpQ2+ zM)H+jjvlNY{PJ@9oSUk*vFFfWqtg!&bIk8OnHR0al$fe z=h+!^@s=8m`%L&Ey1-z{DywF{6=|xW9V7gxX}=;{DZop&L46pNeEU1KCcHHRVe0{_GrKF1wDA&`0N-tVBgG+J}{+^gIWj-aoh!vp(LNhgaxggc`Y$ zg`e~V=>c>P<_vv~y-pZ{jTwJ!Q^>V@a3iicA-q$EPlb{QxjB%o`)-iJT}p7&6?mGZW~kBT`( z=ka-ryB;q#CHZuxUsH1()Ix=N({W!;^77s_$>)#T#8G^)4=T>FSLiz0ulw`VZ^E36 zu6d+b5U+wWH<*;kpRzmw6qCWp){F7y?zl%H6)EFms@Kf}wh6y%nfBC9*<~9BZn-r) zES18R5bCIdl-~mtR1GTG{W{wsxzIBBQm8k##?f%K1$;nHE^%Fw{vd-a~M>G)ZdBq4u* zdW2F<*3~l8b8ww8z4%7pDKZ+u6?7n9U{H~ltt*jrdy!}TdVm@vb%hf_e$_Etpn+zZbGnP`8+h0gWW`6uZiEQJgH{~o_cC9Of*&fY|%(38rXpR3#2%EQ~_xM^t zj+rBVPa7*AJcoRk@7_m8;GQI02(xs@By^pPp1CtgZuG!Vw}Bv7T_T+o@yiPDh#ux7 zj`wH?vM%G<AM=wz84sA>BUp4&;jB|SODR`@uwb3O3z`;K3)sr~_?y5AS59`5trc?ce3czd{Z zd+ggGZU{t1^AUQ42k^aW>izWJ;7JU77Ch3F0QKqq0e5&X=Z4!p|F{<;{piCB5Cg@? zsC#(2fXSWn1ih9|8=_YQ9K`dx1jA0!jcGBE6>ENy8T{?=mXO`^Xg$t3Af_A5mnKH2 z=-l5gii39->2`Q^YU#XwTVzm&4ywtoADl$yIo7*RtHA?Cw^LiCAaaevpKC);r$a9I ztC)OetpdUqUAC%Y=tmAzg1vHr#q8`|l^@oy;nV(gW*F&`%6C7XBO=MOlo%HJ^(kbc z;`Y^WFz)JcVu5=M$XkrmMjbO0zi%B!UyKTHyP>6j$hv0cr-Z$0(A}#1UJ=7;?iKbh zIm@+`Ob0fsfSlrfKL@|^$slWy=kfl%>(G{u5mD#fcwN+I|4E3bMw2)Sjp2^6o%r;! z&*$(1t}cB)vl6!OoK=I8^=(>eJ4Ph^i#v1d{)BB?W4pcY-qkd@3u?lic)3c0<{{7< zlxDeOL}vES`|xLDp65o)ahK8A8NuKqPq)p+2N^Ly^@6N_CokJdjeDeFpi zhx$|4R;#`<>1cgVl5;;lzw?6k)T?eTCSa6MSxrjklDr{CJfDWc@O$&OpD^NMtNr=3 zuL}JfpBuW|7t`C7yZSK)XSQ#)US8bd5;VX(U+?qFVvyJGkOsyJJ!L+(GN+t$p(k_r z(DOAWH2>XWsav}UU8~{E0$|yr&yRtVFCNE_0WHG=`+8(!3f0jfk|X=(gNoK4E*?Ws zi)8HZr>FlQZX5+opW?qIfrQer55nht z*u-l~qJ2wJNRB+n4S)51>EWrz9p%RXT4*;`di9&P9{=p?+kIITHGV$u_)V-_KsWN? zROC-U)$VV~&>EH;zG`uz$S%zGAmhT9T~0E46fhje=YS{@d&$)C8rZrCSKH@#qsgS! zW=TbeZzC-IQ_MLTtP0bed1uOmORQ^i%mmFDE!70;H381eCs&;+THvC#Mr*^*R|Oc#b&L<8t9o zo&0X$i*c01XwQ{Q5!huKhc3x->$yf3g&twHG)1VYw2>YiVpr~Jm>SX|$8 ztsnRYgAVcQ^5tTzGDGp0@2kf^2LPS)B(Y*h7!BM7MZ?q#)ldB<{RkKUfGx^Z7b+5f zYMebW>pf%uKsp{~8MwLIzRbQS7iGm~xDR6WcwIUw7GQuZXerO z4*QNWFK|-NnW3%3t%hrCQfd~mIGWKYU5zm-gr*I6qMET^j2+NagF4}adrBt zQ+^-p2w51@fj{-(-kja}Z@ew&@}_P0^@$7Fy6By@>Q|!om`T6E88XBPMLe~poTt1p z>)VtDNj_xV(#kuSt1n|{L`YwTkj>n!Puh{bdLv)SEVDDw)gIeD#@8H*H1y)!>IU-v zU5^e3xy69=dzq7TV-G>h?EE7KApLR|XsNSyr{ARJz7EO&i<3*1EM`3UUr^WxUxb?5 zz!n+$s`t}z!p+NFH-}7%WdW`Bv*LU3C^oI{bt{Wcmse(sarWBg9|0Qj06Yojn`XPl^76EZj&o)@$gtwK$?SO8;IJnyS8<;nR5%Lx1eoPOSo=1$%KAk;LMKhm zBGo=YClq>&5CH4jT3alrzGF#NbLx5JsswUcbVbQc-SK|GH1&FDse{vFdlpYGXRH%8}lrUlMB8K3cd$A%QONhus^de2+S3;_lALj zs~?QKQ=PksE0;6W4{ts<1}qsz#V@>6@)bEXhk2p0h$XIxaHCf}5w;lAs1BgCJI*OT zjxcX`uFYSc`GeW2KG=KlImf-L`q<2Tl8WGC%NUC4?TPGNe8Tm3V_RJ-4nKN{p8GzJ z_2m%EtY%#C2Nc5kM;N|Ms$!^6zQ<5!Fr%bp#1v1#C9%I5o5 zI-4Y}Cg}CPo(0X#lwGV>xe0m8U-dT93}qLSC=w~y_m01sddWM%;dRv3Q1-gd{vpAh zJBqOoTdw=Y18aq5rg(K4mlFAbq(1qqstgngHWDSy9m!S6))Fb;~IBwGBk`cQAbQF{r*pHx!!8Jv_%a7Wbfy+;M;M~P zW4U<2L<5@d%DF=`a>+tc-;jj5Yq0hca7@71OwlMtLX%chB&#nJMO90!6cZo&K3D-vn&)#ix9cZ6dWLcr_(k`0~_pE<(C4EAW5IV$hAIrIv@*1HOVc=VW7 zE^hmm+|Jjs*eeHo4_pgS-)~OSLOZl6`b8Eu=q>3+5kT@w4$r_qwbxj})GR6b&#i7= zNTvuG$NE84Z<1emh4K8%8x!w5RWRMH^Wa;vk3kCtBo3@w09Ec?B7q`w7z+R=b)fGs z1v#8gzwdNiLBe5+zJMbUjHms+I;;K1(W$%rv^5GTt189`fq$$*{axXkiO(%xhvu&f z_LMsf@b%c{PXQ>KJ z0@DQjOMmWwf(AK{v1u2S931z&Iy`$zRn)wcgqxiQd124tNK2Le%B@4L_IE(`w|jdl z);FRQw7fcR0>AAu!ZcE3xil}|{?U0o4%|~Bl`{}%c@K;b{9(Hn^l)&FH?4nbU9XI+ zQ4~yd@sO=_9Q*17r$M{4NS&_hX}$bP}i^XD3YY(ejfWNNiNg)AW>zgp$skkg1d z5W>)AdhH(Om6(sqS5*FpttRvW#lnOpfDHL;^3BtJP*XwNOL|Kj1Euv^EH}$LPZvm% z;S5~;O*Dw@GBjUE0V@?DJ(JLVICUWwTlERWRD94Pt|^)%$Sj~__5eXoJOyh+@`=7_ z^AnLhi7lclpAyyM#_gXRy`uzJw`IpCiQ46tL4PD8C~TkiR0l~i<39T(e>@(v%M3{1 zw%f3;o5%pfj@LV{vg|=x@(ZtIj+CQVte^erv>N1qaPgKWM>)LRpx);mUb52Y*&YiK05+eD zQ{@0@nB(LPx35uWS=Gv)6Zq#OP2a+m=upkz))hs*jEwdf@A9OtS>pLY-+)Jc)^iwq zh>HTLX?z=1f7~!9MD;4>RLLK`9}n`%K8Eq!_4RlhpaZSVHxQesvbH2i?U7bgN?jE8 zfp*Hen~sDNhB*3fr-!mEe(f`I3hhTcnfrd%e%*p-vMf6K^a}vej%ALvlJ7~aQMG_e zk;w((5ub&S;zLDNa8D~;XG~kMNHPAznL-*z?w0^RiuFMpUr8P-Zxgt`owDw8dRf;W z{L{Lqe}+^m>E{YPLLDAPqTH+?S6HuGhdmQOJn=Smclkzs!W1L9{AdtExbEHoDAV>i z^Nl+S8&H~paeZT?xk~-}*QC9`riwQRgEYt2<5{X(adb!h&+iR(!{WzKzk8@b-+Q9v;R_JC1RoOzCU0)( z`U7SUZ;^?CkQbz`Ts|4dfoLKg;8E9RJh*7YwTA!;pvl6Wsnfl23H5B+^?h=F*W9Hj z&QvyA->dn0F^l}tS6C_w>-f_B$Lj=U>-F-RHBhH_p-;EdI~qmx%1kzHeH7u)f`NUzVluOsS+fo6HEaJ2HZ; z3Rx)?-vg#KDd)eI#0La=z@cZBOHL-dcYUBB&U?Va-zF)4W6y=3fzCFjqPGkGE}YFS z>-_Mfl{R}WBY0TpuV`N7pE)W@w-)I7PynzPX}qs(&$bi{a4>g7{!4DOVgB*}e&(-) zqC%E52bMTNTCO|6 z7%}VAu9)IA9uB5aZdqti)caU3+=z&MAEnWvs?J5)HRSHcfw~cPaP!3^#}0rHwvIyj z!l@|f2q*5eYz`4HKlD(oH#Tckar^v)J0tE36aI<9S19fX7d6h>uaG|<5Nenpv~V_( z4cVA@5vsJU{|aUtdJ5@@fA-2mOGOV*zD;Q0nN%krQt%FFg!??)t^by=`0U!G<*gNX zw0Q&>)llSwKsk)oG8)I2JiMF}+eVuF$m-7U9Hck|De;`bliyEwk6>RGD&G&}b%Unh z{C(RwfsumKbV)vqD3bZn_pWl(BPhJDD!w|4I=ZKQ85SQcBp|B~g+lQP?X8tPk5c$T z+w4nGj&XyLU4L4^XPIop=jLg81&48>fy-;dG0!<1JxhfVGFw_xoxt+K4~pv-OU-`Wr9dJ~Qi6}doK7$>*_ z*Ey&AHbe750ttfIteJ88vXJ|<=lr;&w|IZw%8$7tj?~uv_0rpxGc3=v zanzfG5AlL;!V-eJzyKn)|CoHry?rfmNdf9#$*mOGpA~Fkcaz=Z_{OIClL#-_2Q|@u zS?}cXZGZ|Z&jV&!zBM#Lm7o5KmvC`Fw6lTCUJLN%Qg`_8YVqHRK-699K4ibnqb7D(oKRpQjXO@Vy6FBP1mHlnHDPxk#$*#WCNwR4EfyF?H#$8+R}N|MDAM; zw1+ux^F4zT$5s4tbhKztmpiYrwyzS&weVE7NFP`4qB}IShlKGl4~AU$*t{tV%&0xL5CF>>(HsCGZ9w=NkYabH6ON5cTA9(cFG5QMo$2Vx{M4>!qGn z3xNJ6y2ne@n=~tKl7vE&v=Ow$K*%wdj>9f=hUysfe}+U>yCHdizAh{%032qSs&!&Q z1rn-(-y?}R23mcS)P+dYa(H*c2Y@o-ZW4nNU=6DI`o%wkMRg$LoCqS-YV@6AP@vDr z7rXNv#plJlts^xNeC?8pq4xIKl9dQ1Q4(Jznp*UckDIZ=a?*X>W{gfpA%(hmIyliNcQSb2Lqv8IqN5h?=s^Gr**GKg%n!K7WA>pBBw7W3V z@x#n-I3~H*I+`WPxFsJbZaB<3UgngyPfX(b#WD1rC+^2N_S#q+Bs@m%q0n9S+_s7T8)9GDr>F`KmeqPZUfy_0YM|2vK`!eJ}(0%`IC}iB) zb6j<|4d}V8VF&GnZ~{B}frz?2W|qHieW>!`bM40JYOX1v-5wIP{w2VokCjq=YY(8R zRY?65?Q~79+v6-jpyq7N25B#GB+&DkcYeXc5?b72OY=$_s`daV)h*5su2GY#%*5mQ z{FhEWU?_sJU0=Sqa9N-5wnk(Dnos!c%cy!(3b=gUkuG}_fewc$Nm4a{#`%3d0ENBq zbwymv--mRstu?*2Rm$=_7WOP&bD1dsyjFpd^S5 zF0DN>+U6mCQI6FIHmKqrsU`rxHC6ng72kdWjnQ2NTTvTD+TJIzHv?7?L-H%Dw_5O= zJ529a&mz!_Sx(Q3>X=AiLyof7B-c`ie_C6}>M$|7zq#hgP9l0q6ac`tcW~1Sf(l_! z`KZlTOQZ?vNdQxl4!MRg4^o12D`tt8sJ#sO+>0bP+c=-PEcQ!NJ~XHE3|U4VVkHDP z>o1}Tk45=#)2oghz;3F{J?=L%fEqJkl6EcSx8D`z!p|P0cFgbn@zR0)T*=vMe`5e4 z?-f2I7n^yyI6^$%^^XzyYP@<ko-hrKmJMq4Zu@h6eR;;}W%ulhuC#T;duD(tDI?hka&w7YBj`(AMt+Oq@gYu%z zGtjQj&;8F>8Nx>G?=?AZRIfvp)vhyh@C9lH5%(-oK7U+;_I;ZYlok#?QBE_6)VHm) z`NOf!j*=1fO259;qrg?_*~_WAgZ$FmlcicFNu8J4 z$vWS0$3*qfDPjBwmPy%lS;Th#kgC5|3GQ9wkh*vuH6d_*w`Q80C7Q$dy|(t+r4@oU zEhK##Mm4{65(E|c1(8g#JK6?5g^pd^&)e@&zVvN=iN8MwF)|fU?fnc;GSkXO`Ck0f z(fytCuHe+nSF-Q&x`Tst(b{qZRPT;b@;M`n6HCM6?s-4&gA5;#T5OBNdPc)>oP3MN zzPiDegvK+Rd#N<}WWi?DlDwVmhh$^IX7r2*3T|cwWjl zqoDV3@{4!GW}A}06~e!O+>hNC1NO+gUT0WX`P;lF!VkE@pWw%dS$Ww<_x=?QAL2#I zY%DA;klyx!cIPXR(>i(OX>qQ4XY z*?)wA3Q2XyX1nk8*axTU83*7eh0`F~4J)zq_9)BNAs)q6V0zW5h5TM=FQ(bN>%zI% zg03d*23<;AT-*)6?U!ussB)yA7Izr>5mhByJ}uG=)ePtzmq5{adh)8%J*8x z-s9y6b1Xr|UEKE#M-D57CZ~7DuYB`b>!b-)pMF4brBM2(QfPr@(ms@fEL-bL2*hpv znr7bR1vu)#IL>s~ljsq(TdzT0o2Hoa14isn)&P|f2n)C-W9bd;6SROwR}4L zxjl3rbw2d#9-h27A5Qjp<$3F^jqSPBmtR(9MY+%MCa9Rg<655~jMnPq*$dBDR{L~< z`1IA2wUf{bN_E(tU-5fLbGo>Hcf>ud>Wr@s?RwO3 z;l!RvR;USUK&c2N&>fK2a4$-9x$D``vJG_h>7`vm9i!fl+9#SBe8M{*ENxTEsBk90 z!2}FVoKwKu(y}U-GMZ$#+e(csFy$9TZs8YIms3E!8Do1Bo*fV_eYtnUt5y^43KgdP z)@Ak^;+51BWy#5Wa_(V^?#suF%gy~w=42er{s9F{^Vmj0nMBN4mCzwqJdH`ZE3st1 z4iuTuoGU+rtPj*RYxt^sAOYa@77eU}zFcJI1EHAb5r_|POlwi)kjcoa!ai5Swtw8V z(Xp&liT#{y-Dia{AUsGVXXoLYWn*^0)a_%$$xFJzy%amN=p0D-Ee!7?6w7YUr*4tv zJu(^(o?HzxI9=44bNv~=rOsxsb`%)e!B_n?@i2VvROp9sCFOHq0F2H?oH5F#pQht? z3R@*bY_d6T2y8#D`WoeQVo2#K*y z$%hNKKm{ffVIUf}RY)1tyIfW$j=_ku!ihV7&h}9mk7E4!IaXkLK`AA zrtM%6kxr1d0ZPTR-450RwTGzu`n88dGc&4SKtB zcE3(CI%jQ27#;kqo*qrS)4DuQbmQ8CEWF_AatfI_NhIGt+~d7ot~Zw{(t4=AP3n1l zqRKk*K>*z@at*^Hs6||Ta8iD|tv4_HLq6C{PfHz|UDlrnAj z<}38pWP+!!Rlg4o+T1@5dIO>tU}>>Vn+3VSsyHB_NNqHyD_+;jZ|`Y4G*Yb%=Ux(- z&%KKai4c>lTkmfLvo%X7gxHIuueV;JJ35$v#fEQY8SV5UpX~2)fszHdtiMew`v)!@ z2k-E9td7ug2oD9CIStwbb}CDhZDmD49o7N5{Hj8_>Z26*l~qPnuCR{>{MzOB`t?aG z#thU!CCW5Q~i$<#83 zTR$1(vHALJN$is;nmzKD{bbtXM0lni#2jBQ9(T1BFTFzi5$X}Ocs_4!iNn`<*=iYbkfcWhB2*}i5U_s33=mhze^cOx@1kQ(8KkQM1^i7&jrMzn=^ETW&KVaF5 z@3cRBCLoos6Wv{@;0Xomx8BD(abaVL9TQ0O(i~NAhu=v+^p&~H^WEz_TfZMcb@-;( zTGY)HDC1VP;RgHgU>&~nZ8@@Oq`juTU8Mysk<&*lsgrigK9xdKN>XP=0j@UGpc>E; zoS3c;w)G0mfcdx46X>_@1}q8u9PY;FU{9oYN-x)?3@Pejd}BFsHzuym#G!s{n=O6{ z_mZbT&~9LW`JzXnXeFXZ3M(a5)eeyZ+%JV{#8G+%%D_%Byscs%q=AD~^>(x&*MY%q zR%^oy`!~E@a2UJUHWq=7%_0#?EBR}R_ z=q-Ihs#AickH79^Z}SDV$~SMj8Quyd;@Fa<-L-w6a&__R;LEpq(uLbkFF6t(P*4{b z(p^SYw2P$kE|m5QL1QT|Ck)%uwL1L?h{v_5sKhkMxQp&5UK*4aDg9( zm7ybZ$m{xg<=^flVa}%XJTC58%})_(HD!;}HO=jynkb8K4daK$fwJ`&77AKc)#+@!^UO+r~nVOF!4MoS_@i`t_|mJbpSmV=r3ch-ax#!)SrJf ze#PHaO+dlxB|M{6hYWt3ShmE>B)c;16}kgm(RkPN(2?<{A2^7fp0o#fX3$RnDeuMP z5Oz!BW2IhQ3LnUfNHS9nzYGngS0*0sZ~9PGilxi`@xyzktCR8^b048>Wgv=akP@oo z9&X5%v;;#X1r+4^;J!G*Pd zl;i01>n8khyOJNv^HEbm_&6j7L0GX<$K=zrA0Of~%+6`QQ}7FrxvT&Jxr3@kS2rVY zK6u>SPTq1=E*DM@6IhL7!tlfa-#X$aSQ`t`t>wj|L2pwpch7Y*Cp&zi&1OGnyqb6< zkX|r7hjR>hdp=c&X@9g>XKhyf4$tixfOIj*C!qzUuG7)jFIOn|=B;zymqGk|MiW$f z{(S$jGvzU7I=;TSU9Ly{P0V{E2=n?dmIRkxoHX~Do~9NxbFxE|-yuwLdRz!2aUk@I z1FY*KjK+nt_BHZ(y)z0DhEb9{+9^uxDj%!>3R;r|b3;k0hkt06!JE1|;pSh?VGUze z7+>OzI4tg6a4j#gE6H=ab`2`uV!yPpmKF5jcp;$iz6ix9Mqg)-O{T#IK!^P_LKo&d z1h4xGS}gEZG(7W6u>2nKKVBO?VC%_e;|dQn)90L0d0Bn#O?zVJwQ&biIlq@sji(5> zLG9njPJ;w29FJDNBnG&qv$zY;IKAvUTT+2gyEJgHB~wtI!>e{1dU6?J(qUR=vL=Aa z9){ol6q2Wg{+Q{9jC_iFkNz|7A}OkreTkO8kAH0M3>cwaL1vz`{H1-qbD z{X%fGC;DnItU`eOKeL&cU@=lZjkyEoL>aZ2;Wmj`z`}UeMJJl69vjB4dROMW)vx@> zu%p{V$?p01BcMzp)OR3W_HWMRGa%BRWX#O95N+gdE8*;w9$|?C;_dH)fzr0)SB{4S ztor~ae8<{vhQu@})NGq}k zzz{wkBmcI<;hybnpX|@2UQ@IE)|hepNL(c!GN=*z+slT<&gb;~>_{INYG<=NuJ>1& zltMIqLA#ZD@AQ-4w>%Gal*O7<#{AdtV ztH4kWZ>X&o-%t68P@oi>^G2ewd_rFR3Fa|;jVBUnkcZnoUco1JTR9kYGGH4HGw)ZnuHT!BcZOt3(p^(h;Xlihj_fX^ww|%~9MEv9Kt>dCv z+jntu+kuHKBDTQvj6L1mV@`MXh+>P12rAg!E!d)%Aa;v|g^7wSw!eG%zI%V)b3X4m zpY!)`e?~S;JhRrbo^?NWT=#W(Y!oD?N`W^TB(!G z75IrfB~@q=h(kgtG0btGNpgdgBqXzfP7+=jlcR`ClA6k8;K4z`Nr@~gkFMh4oRc3g=>gZ3FT60K;cR+l?VII${=aLF*QS4hu!nfQPMTQbSfLm9K+Bn>=jO zC?qnVGlX+NaX83)NlZdC0lGrmK{c{}BdQXhFadkb-BBj6xqk zq_jq$RiG+T0sO;(afCQj1nKYwc1YMeC^46v2)x%8sta@s>7gi)kC{k33Qgq}QHT@| zTZAX_IeMMX1N~@Z3ZQ-sTbxN^3q^P~0gYyeA#5NLAW+ta*L2@vRr%;u6 zoGzeJi#cWnMrDW)Rb(_43Fb^*1dMUvC2|wYX<1s_jkR&8UnA#aWl>zCmr{LW#tWT>T zpaBj{g?XhALUNmhNM@@EB%M8k@e*lRm0AUhnc*?mND4XLz)Gbe7tN**pi&8d5Qdk` zBn(MLrMMIr1~LnE)|rH%!{2}Z0Zxq}3GtWE z3gAwn5Pi5%#K@OGj7SZbVS3>fOm%5tDg1el)nyInfpZ=%02;<2C;}h>>&DVWf2bbe zb|jiXA6x$q|bB{ zgBVOWriNY-GzVyCIbNHPXK}E+YDB4$L2=SlA+?_xlMzHRi!{~elm>Vn(B(FR4?*F0 zJX)361r0s{VB1eMyCQl9N6cVHBp~Wy1?5&?{6k6Xa6_YYQn$dVO%*b|AbT8^V0b~c z!mEOBpxcRbX}}A`9TkxrMI0+T8|62IlvFWJ3?vM4Krr#t0;)0Ui}=tSC5ZpP>S9<3 z6b_K7x-=oL&4=;AGj5eU%EzW!{CYo2fy3iXG`3s z;SiJMjQ}$#0B=kJjYViv$ZbBej>5qyL1DzrQ^|u$x}V|&X(J0sZROdS^i(iTD7snf z1u-B!2f5?zD3dD&Q3WNMs`c4pN|qlJbLqJ_of>$Lbq0xFj0y=L--yL&G%0A@jmCAXR1o*9lDvjPX2^9c32Ejbug8DAux+F!8B$fy1DW z0y&)BZ9(o(j$Q&Ih(bDKUDHH3A)aD#`ivZr2n|O;0@iCgQ5vOUq(F9sxK#{|mV%R6 z8BPv`!-<8s1_m1dCpNkgUIPj`CRbx~KxeBGdXFMbj+aSr@q`}42#Q@&D`HmU5jF@i ziK!r-4ag9gR!yP**}^12CsT%p>Z{K~XE_|afZ6GAV8c;Yz#H`&fr6I<0^-0x7z@ck z?T<)>PAWbk;3*;Cp{)pSRvBUvot=pC5P?wxzAxf+Kz}Cu0^cd+6Z8%MtCE-+g-~SG zq!Mgg720Btq(WPlUnK+Da++PM@aVaCojhVSyRjhIE7XYW1YpCksfcDUt`sjn76wx; z@Nt1XRSZ1A&QMH7=R%d=hZ4inS?E9+OH3@RpPvacSfMzA>z4shPqE5*|{VbT-AQ$5?0%D4+o$ zz1$V>kr~>EokX{hT{^9ooC>@aZcw7NpfJp^4j7~qWCqgAl+=*Q>_E07JjboWLN%3T z#M0@aP!JLmPO@EXf)-vR3Kx@2AV}zyhSWN|-RQun@%$i)6GVWv43h)I7PV@bhfMGa zO*Bu`!+?UBPr{)HB?9CPa<@~-m6=SyUPi*HIjVp>kV>V;#3nxkNi2c`^oE^AvYJn% z8zMNa+<=QQcyv~(gCbDk!ZMbSB@qf~C{I*Iq5yRi4tUi$RH@74BnK>N8^#1Rc|YJ# zaY7>oEe6XcWLZ%t88!k|nPITw3G$ei5R9VDJc5*>7Lq~b=nsK`l0?;5F~W!fv5cV2 zXA3E`a)a0tPK`i{CL+h6(Hu8Am4?GHX(4FVM$SYN7J#%3{2~@Q#b|xd86}GWDTlWK z*F4jXCC3bWrN_jknEpO=T9+e2HbXZJ#bu6( zG)|x|glFOX4mFL#Q91OKkWbG7W@`@}8fW{L0J>xfjK!c>`!5d-nOs0-070zyiDp$2LMR?ok?K zYGfM3Tp3fRQR4v%38*-q35nU5F;*;M7TWy*KT?{JaXoIe9UyWrp$vu6M2Y}su8L+S zfYwS(3!NbfwJ9oaq1|*0io-@pOlF#bi}Q$yB!h})KwGuYQ;HZxu3Bld31wWn1Juz; z;SexON{vdr9cIL6#WQpUOjsa6?pz%(p(E^#et}$zBJq8IUpE47EFuFWs6XT-g0@!3 zX{3dNFsMUm04W$DUWy9J=JtDR7kC(3CQVc4M0u^QALOl4e z2q*O+|A(*R0j(gO6-L|-x%k$U-1Xb@-9EMvMkp1t6P2A@f4wNNh?d z3+v4aqF)#EfdG(&of-@UK;o26h+#o0k^(yu2nNt;qzIpZCvseLOi<6}MqQAUwMKAQ zv`I)bS)yST2_Ny%e0m`_jE`6)0*SzghkkyNSq_937@te4W^=Vt8UqvuJTf6xj|Igq zaTLtGoEJ97B7O^Om;fQfN*q39bx9~rMDUNn5^(7J7$+?d7Q<{Y zup|mr7B|%)ft)xa zY>Wl9RF#nd1u?RNO{7Icbi{cD78DS<#|hP(uQ}MK~f1855=t)YoQMq+T@VpKAjwea=n}bfM=60 z7zN%JD$xdqC+7(qD78mxw)j|1EQ%Z^`GwG^5`_VnG=WEN2Yzci5AvNr5zh>GfsB?y zqzl=IvmbSe>~6IH3*}80n6sFbg*Kw`B&?Dj1CS*lViQrQJ`lo^4{xe`aQlQozq_;vufCqNT` z0$#_62*AVxPccn+BaLeSCUI9PI2O?MMTDTkWN=}je_16qprGPwHJW&KIZvX}m|b+x zi^D-(FT~NS30jAo9*d}DRv%Vkjbdd$CBZT5!QfR*lz7;s^M2FyuTcNaw0;WTIPuM5IvzU^W#NYXG|L6ns(;U|uBO zAJJZ^-iFY6P|RW_+~EvlOimDx#JD&Ivi;~NQa+N;kU{4@g9@@d91RZ&Q5b0LhG$(Yo5;w*1B)r} zUoz1|xq%mEYI!`a!z$!J6CsI_8u4?y-mos>#rf@QqQOpQq`JsHhQJ)Q=$RU*g^+YK z0bU@0E>;rCiMA4Oc!x|0(G9Ts0u-B%xR_?QJ*ap4>=8n$#;=LdQl)H-p6l_(z`Tno zp0Jx16Vk9DA{j@)P|+fQ4mmMFxm(I0Ndhzs9$at0X95&d?cpeOA$8CimT0X2YKxIV zDmR@*WP z;K!1Aeu>9OiUk#^kem%L9V#L{h~k=1N-;|52W*W6c!47HMG zH>-s)8;l+{4<4`h|b4wYx!Y02!KgQ zI=wn10zXGhVMo!P5R=EJGN`x!TSbwo)i|j2>SQ6Qo#-;gXb^+{k#2?T5OlAbtxma# z5wQT9fl1Cc0RX~i@h}BEh7KAtsA?em6WgRxBj}9dc~GF`aDq`I)y&k3AxUd>Q%zJ% zh#PikobnJu!V-hLEQ(=Pc=f;*V7K~+6ik$rDrVD2o=`L(ka^5190;8IBw>jNF%LpN z!=j{fEa9kEz#)S0G*K)A;Al9YRr&E?Dxk(kg7S7yg78Q(w0e$+jR9O&j7z2Xyb&@J zr*?u7i3H#z337Z4n!a30+8>7qx|ROWo68(rlg3DN7(mz8Lw9%#B9$OD6)y~>N>Fx& zGL;)}fbNJ%FQU4gV8@a4j8@LpYk3Bu4M_HI1P>8{0=iAcvl+qD)c=uSppir%fWb#h zon0sK%aII@&EX=V)nYM|MHcvke6`l*^PolcpoYv!HESax6HbIT$*B?|h#PvSv7ieb z4aP8rpavRVxjvpEXi;;>mOudfON4!!5`!*q_?5smD&>Dx6g%t}`ZYc-5F&Am9wG}i zK?>yQ&03~C2xO-+mQMw+03VeM4Mz&A8nFn#swM*J09ZOwMI=H{)A2&QBILs1Jzj|% z)EEOE8&LXc@CsuT3e|qELghm{K;hPo;l<=UiUEbQNJ(au6G#KOIBQr*;YE#F6ZD7^ z4C<&(sKe{cscb&7?}n@{MkFjH(_Q8W6-AS?F$%ScCG@CuQfRLuv0&UNE0hZ2)zP3O z{6~|=?r@t3px34#@sL{x%Zvfhr-LO`85kC|-boXXfU;F7H8SNMkUk>_0I00SBA$mz zjnSc_HZ@;JqzM^evkk!17NE$K`M4T`Tdlxjpo3H@huzF>0Tv0BH&tqiNvHtmqXiry zWY(lo_-PM{&?2!YB9jEsDkZ2fMrZ^I-Gf0a1TQrJ5i)KVxLm-X1A7^o!%|WiDm(!S>nOdCLh?wMXs**` z2r58j6YpmNg%bu3;sF6Q*{+gtNhqIR58}5(lU*SoMN|MqlG=n}FJDe30|6(+po<{m z`?NkvNDO4BL>@otGXn?~mH~rCV3E|I=Wdqag_01&Hx!?MVO42JE(;=aLopF`1Pcum z)P+zt0U;b(YRE{$dGSuKT&2a>#6k+0ug3#8T+HGF3=HI5Y_L(gy=s(R&Lv_3It&%I zABvi4QmZg(pM}g2(%521vH=vut_N}xuU1X<64c^I0Px!$A^^AW7Oz0AjPNxijwuMz zIS!Oo!=?bYsV-vI8OeB#GQ?3LeMJm2-6{z9OwcnKfbYN%Sdk#Ks^Mr1CJDN*IW&ua zL&k(9$ZINtoefx9Ce9X0rE^(g5jrU4NlZ>T^bNu5Km)I^+b9GN8U%NVOu1iRSLl5K zu|DSTaAh<>3>0h7Xdw3y=>jf;gz1Yiq*@hZ$dLPupcO|=&M-+0BBHRAJYJVW!{$RE zp{1zUF~o%dX<)BRDMk7fC#vg`P3bf;K~5uahL^;o-QG=z&nlkBX}b4@#C>LpI=A9hPja-S&Nek+)?li zfy@?w-9&IQBv?E~mdZDH#5l5)9$d5aaMVwVf^#cz{@gO7{y4 z5j?PoYeH^-V~VUXgUSb2oe>ez-ChnB^jD2Qc%W7AAt+*6!KVfMJeEsFJn^vI5}-x} zexLw?bhpB2cY#WR&}BpG&?uEtD{^5CCYjxY5t&^YrBQ_@g<)6XQq?4&1Oe83l9VV1 z3IZ4i9t@ku$KXKDQyW3du0R-|V2LIO(5*qDGYaaHBFGo3m8lefk^3niRxV}oxH>V- zZIq$;ZX2E>1?xdk14ATy8g#Zn6`N=gseAxY2ztmQ90xppAa2LHV`ecO6%LzXG=?SM zj&Ya*fjtrg!Y7Ft&58ywY813in}8?))R=GzGE1Nix;bW=)nc=14Fo7)TLWPel8Lk! zQ39#Jq}AX}Y_C*lAp?U1GgV2G7z0?kI?9THbP>k_Z={%HLMLAhav%Y3V}@4%fnI)XbBkE zK!eDEJ_jl|xD0P9L!pCaG#l^|nPNJVjzR)RDaLO=!;VSuGf}A~&?qy6EKtkxN-e2M zl+8_yn3-n32n6YnXa!|)%lrnT1_Y@zLc|iYQI>!X@Gnvzs8^A#2D`->fFtoafFK(c zBr9U6d=YS1Aw8-L;Ohi$54=yXYv77Qdc+9=1b#7xM{+T^I;91+ zb_!2p1Eo(60L|Dyh@|5{Qb;OPib-q?T?$5(ftQ<26gkt43qtcek)sh9H8P=yKmf@` zZI}x3CuXeyOsiRnve3zdm{UTNlBq_&Sj5(H@p>$jb8L2zO3foiB{JBvJSe}!NEF2& z6X&rhtrnp;DA31ZR?nYCWeW~ZB#OjJPXur^C^Oqe!G%Bw0@*!6f2gz3(9!3lghDJ( zm?nZGTR;pHzf8U$0##s%ng(n%VV_xx=6Xb7iPNG3r~;mXB7kzM&jyG(oeJagxa|s$ z%qQgO%`|DMGelC_U4AXx(mpFl1HczW0Ss=5VtHm2L8V7|^~yhj;eNN+i8C-%zzm_a z`#^72#!zpgjOixX_>o=p6)=-;^3rJ6#}s1eG#^6VhZV98h;D^j?xv=d0`lS*pk= zMqC`kwe#>*F{_P0QlQ9GIvYf2f!x<#0g20{Z;1qFy`Ku8r6FhDAax{zwZn{1Et>| z22>_Zt_y*#utg4JBr3X8i*w?*9E?~C8n1q;&k0u2T_F0 zWT0rROyB~ugIB@{3L;V#3GyZil_&;c>AtWQuA3R3>QzDWEnVw^UTj#8dyYOIwMez#o2M0i<-p7{48^fJ0Te$J;o{jr0}@6s+*GV7 zECNhOp|=8#Dga7(z&2x)fSRV)r64M>S_RO= zfR;s!Cqnxi7EpC^$aPLBjRVbcphn6eiTKD-QDYJh&+i98H?)?AMp*$V#~=tSe>y8% zu~dSM92jaVqS}yrR7FAsvtSw^81Wv16S(@_S$eDro==@ zGBT7h7-Zsq&j7%GV0Z`x&fK8Y+86$>t4m>t9BRT zM28~4Fo68mtg1?Kw|v&X;&RTabwA4rzq*S~XR}Sy*d_ONwb_z=ckE*l;p(998~+7m z?wQZugeun28FliuzIu7`#w~1v>>B^^n6R(qmxj8#+sw7y&yKzuIOFKbUzjPnSKYrj z^6IcA{KsQh15xJJuEg9L#Wy#7xkdbsA&}vU7hasO3*ND8aBatm|M(O#LY#g`Z9&p7 zRH)B*yr5S1VgKj!!-y&QLaXVd?=s3Mr!A@%>gDhoTzxvkBc z|Bh{~{&^^;PSKR3m228Q{+e-cw50Bvr2m=xbePw)uK!+=AwpBs@~c~ymREmZwD{7Z z)}Ef**2bqd7uD2(#+S4Qyn@DgVk3fW9y{9SM<>?$lK~~ zXaRvk)t!AiPJI1XRetATa9Ut$tBUL%7e4clJ8#fGcP()-EW^t*^$LES5hF8?e5>sH z;_8Mue0{@Lx@({Ar~f8x9b%T#P@y)_y^WBwtoP57%tCG$toVkxWzBGNJ#%J1+MS$F zx9Z%P*jAd^ss23qE#3s31B1Tz&mG#l4svL5|IcTDEUo{`i3W?m{QQ2T`|!_Qegsp4 zl^-QV4ta0o_QhO&`NPET>%8+e|N1tcAS7=RAD;N-%VW=`qScr#L&wiQH-v5cbY|Jy z?rh(J7hQ^P8rL6RpC!t49)D8MHf0G`@@s!ceLHJuWx=?{8}+U9`xYmM{x)8BCr#ke zGk<@3x$MW%3TC^3CCV%7Pj~(OCN8EE8%ZB{rP@Y zqZ_k}##Rf~UyScL_Oolj{k*T-`H z(WK(Y-Zz}n*$K1e{;s~Co)lhw?aF3jTlR_}v(7CfjanD|St2iRoNhx3SIy6CKX{ny z-oa#2!LyvEonqYirD9{%A?y2RE8I^Wt-Jr^+@h9q`#wv#azHwCM*O?s2Rsj#p8L40 zYfnLEIMl1`@&V_&OG~!;-aUGwD064Lo1rH>dAZ}rjiOOSK5`#$b7ZtTMew|tOJscc2f39J^ZA$y`WzLt!eftFueq2zN zvix-R(>>kC=12;x$9SF0hh4Rcd#1;c#*NwcYUI8V$EVKeHMVR=_LTd-d!7F)Gw;i3 z$(IW6laF3C+Pgn(MUOR(k!Yr5?b+_@D)IB8iQi5iUQ)K!@VZ2jAFX$|UfH*%RSDr8 zqjP!DhOD1ele*Txcm;mSMj6Wfyn!fh6}?*?LT+!5mz+3d-{mN?(@d(U0{DEU{88Hl=ZXo#cdlJD>Rl&X?kM%W&)-ypG74%{>@gd}i4|g7NXj zUwyvxmi*{GvT)yANm5_V)c4odu`W9%&3_ki9z1)DI@WM`wYp$znfk!E@6+aQ5e?g{ z+>vsmO>)vzQ)X`2j?t&LF6t}$ad~>1{sT@=tX;T!TjKQXXSUrb1N&jSvgK6suT_Pm zS5`@-FD{SEetce

    • z;%Q;zBZLSHeU;wQt-7{#IGvu@c`j_w=?!5_Nw$8yizy#Db+@GTBZ_4YDl$2VwBB~1 z*w!9)Zy&KztcUezxUYp(4c4A)HAp>L9B!%YKA-ogS8^_@;x%EYbrmqKwdRG|^r8T& zu^sO0o3g3#pshg1{gt}daUnMNh5@ALrj&kjf#>lBX{Bg<#+m1o%-Ei@{vtL394lXe zgfQe(Cke?UTI!K_jPbjaUWRoj(b`i`6G42qUbtgzay|NX)a=UhvdJm^AB-uE0 zpuZ9xa+n=}#mWdz70>|edp+WIA>QIwP!?*Jh?3gGPHbxyi2sFl0j-C1@wAcMJw=3c zemnHD0V*cno4JntY(@wXM~@OSve)KM3f{F_!D5O_s>fX zpZ#rHtL_#yojZTt^K)v{G{2~{D=6d^P&g7c1?nDd4;N)U96!d?fV?_Jc=4*&Jcqtr zd&s!EPg`4xX&26$0(u~h?cezcM~7IC>(`Y;*5|{#?W37D4B{X>7-K z(K|yVofUyEcM(ZN&}BxSz#fTb@6YK~usZ2pas#lv35MUN91td_Qa(V~&CCo5uUo=v zSjA7YU>X(C1j%$saurtD0ZJdPDw7Xy5m*7kJyAMNCdftj%(0H*^`5m=-Y6T+N(if?>}@@73guoxxE?>+#8AF@+wA8tH+1x>=PH##1{{(+AESG%?JIX5 ztT0GpdVbp>Pcr&eocH7`6Z2*+g8#ry;h}GnOU0IcuH^snt;`r}^*aF{#Y#Vw4dcq1 zP@5KGQSxgJr18^D@=9&w8!6LaR1wC8kKu?3Xy;Q^S=~G4;`>uP(e!YTnJ#_T)@PNB zoT&)0wZEUXINu!ATpF|4)L_K-%=8DF#ZN=(?r9)5qBpW=Wsr&{^7(aTXflbH!hTs> zS%QyI2M<~E6_o*|rXs9?_S-{4>^To1H~iNFL!}W~npXiODx(f~ObX^ljfO+M5tHnE z4feg#s8nwu_{Q2oETjQWo>jh5ryTA`E@1g`eawM^jy2_dR0DQleXEy!_W95@n0zfz z8AtR^Lg-Xo$yYY;VlIxdahF;sXO{#cMSvycuR}8$k^SbE(`gRj6P+V4vpcw2Jm}VV zDsB|?sDy3fMSN1yR{A_iUzUHtmA0YafaV_#PRr=kBi|ws{xYNz!?`f>c!k@xlIWWHG)#o9Sk~qE^^2kjBfF zfQUB}%#+tUV*1A3*9~kF>7mUnuHHf)UXiVBTxOar_ACx~YfWj{MNL<1=Gc#o4xyh^ zfCx*)u^%90Kr?I0(gZhdg!VDEp?J_W9Ga2B889mZUA%%0qL2_;7`jzM^Go*hI zB__{|4z_z4zD8+aX7*n5Wb**Mb|TLqxnifjlDGc(X%m9+tB3Z}wq`b`DYBRFfgvMZ zlsw|*3120GSQnT}3qVwBLYiPbsYx^3tBEY+05rpPFV3N35tFHjs`+?U;(svu8h~9m z{xhBk-j?IVaN%u=- z6^&)l#Ccsiog;A(`8R%K z#F+NvXE}i}k%T5|QZNFm$niUTo=3INUV-VUsXpQpPfh}2a6M*_JQ_vilVbV#>rp2g zjJFEe{z{26HBQ5qE*;K4$dcOngoEOELAbI)>>sWn?_tYczx>T_e-?o-vJVbt9e%Hc z#nGC5vlCF6r6d;?wz=oa@=8sb9xHlgdPC`TDA%y3w_>wKZ)@mTqm$h6{E7GQG*?o^ z1du%ee^4nDMb)l&;dm71JYglqL@3L(OuK7Rhjt9?RmE&v9DVxcKPyx1LUF&}L}^x* zd7Io1-EeluHS_`qyb#V&d2SK>tQE6;jCR0^AA53(&QXc0a|Qeq3Ivh|2ft`xT-yE! zo5g8-+sn)M8J7R)7k!LT{4be#^O)t_g9Guxn^U)$VCTnjT;I$P#m_)GAN3hq14Lrb`PPZdCKnT2?w|-2yv&#AcbjAAb zz*tjA|Bvg>7!RPX76vvaAUt^e7Q44&j6Tf_CM$Mb>?(wP>qw>a7tXSASLrTGK`)!> zn8+H`ol*~z#U^2IDZez;x#n0cWOCQDrB1hRC1KZCl|j_uvqe4@fM;9W6U4O=op10- zK<*i?((`*7PJqMwjge5(>^u|f>FMVQ97kW^3i`gZ(K&#(oBgkGXQ)Pt2j*_@4y{5M z6qK_W07bGyeDmRP&Hpz`h2{HCSOmnY z-g`kIEVM)-f?vPHkmTHO^p1b;41EPLf2jK8Y85k#r;lr41*>94lnnq{%SrVw!2RZ7mI+pel&iV+tb$oBwsig@%jy^^Bmy^L zM_K(kL{MdL&{Fe!!PhIzi5Y~CRZxc+T{QY8XZ%`B)L3O0JcYExihx=KkqklD+ zjGV2TBXQ9ohJxfSn9sxPER~63!tLT)>vjuDT;qqmnCBAP&m$TU3UeR$N8@+U6NnI= z@mEhOKUAd>(tWAtEhH0@LlFWKbpY!H)aSHU63yLY>^P<)`kTwBXw=HjN5eSy?1P*~ z_0(Bb-F`IIs?@Xr&!yb9MG*Dd*Rdaey~%meTgD|w^FtTp^&OjmMaU@)BT))3N6G&J zHwMKlNVpc%3$1h}zt3$qpRkB~Qpuk@9oVSS-nvdnNixo`JHmWMb7tPg*Pd&kz>1GG zl;5s){nLcEv2Wq}&;}+ONzO!OTcwuWx%fRp2W!xQ>pZ|sayH`eqKYH$K6*H*{1fex z6Q}d*3*jc~ILU_C_uJ)mmRz^eRCC1D@=!Q4+pV}<>(djsLnCvr4!v*Cy1o~K7)Tr=y z?Ffy{lKgZ2`w!Jj;V_k!#&7k=@G-o-@5ZDb|1I*uXT$aW9-%Tx1LK3EUbd!hB31aV zKyRyhE5-y)Kr@tMWY5n2OADYdjsDJI3Y?}u8=?pP(_obj-UG*Z<-gpy8BG8->5>OqJE37aPsPG#<#7d&@Nr`g{0vf?S8Fu;Q16&0|N-f`8 zf?3V(%Kj8Cd_Brp~dio_(xht`3S)-ZAN#ap(edgilKN9Hh)fER~|^tltrIm>Hl%_ zkoC>;hBx-qhzv3%{LJBDb@_HV!sYb*&}mNy3zj`Aw3~YS-suED{H*18m_;hPn?27y zJUr^0B%2$i0EYbF(|5sGyW})cgK6(he^07~fr}u_^~8G9Wsu1BliICI%7h|DOosC` zDs}>Rq5ll@)8EevLNZvp(UDOdcYjB)P<7~U$4uS{zwd+!3$Ff}49`gXsvGI=U+pV= zuAxWYQup>6|5gP1;j`?3vC8cavy#1s!Y|BV*nJASXfd=MP4L-^p{-uXy&M-TP#&2z zY;ENSU4_eg9_a@t{NSJZ5;Sr9v)1R&hNiF9#ojQdca*gDoK7YgB4V;HUwn8aeiQeu?>pQ^^IbIf}H7ExZfa~T$ zAm3uMP}7;g@beVki+%<~5n~mOcnNI*t#FW-^?{zAM065X10DIX^e}tk@z{sxW7iDZ z`u>p0s|m$HLk+l03p6&Rr-hZ{H+ziuSs2H=?BMcTf$n7bf~g=A2Si5>f@|NUHVcG4=1oI7-VzD)@i=ph&lM)4tt`T7vqap5e5!MC*a^z z);9`TKOxjR8P23)DQT``t?1e)Wi{%1fG}8gp2ISk2ww8(BQ=SIa)-lsyq zidvd~!Pb<-f7Nje{Eh9PZ)0rt;BZjNA9CuY_ZvUx+%eY^;FDIU9y%Bf^XQgEKLVqj6_SsW)}R^Z-YnH$>{W4L_Rh&QZOYdvu` zPT|N|X*mj6@{nI}#Z~E55eQXQ*{xTl?1mvM>tR;`z=W$|#@0_4 z-vT;QXzHb_QR|nRcSNKOgjD~|nfL5*k6>~5h{Gwk2FoWfF$P>^@xo#=q#=S6oE zk~PLH!!C~;SYnZ7>Au<=rr^)jf9*3##P>U`UJx~8^tfzg_K&izm~3nKYMdGZ@zH#= zSS$-j4P+7w3Se;+kGo?vRimL2~jtE8FnFMw6{p@+YGa(fH&J32oISA%p$o=%w% z-$)pkcve#fBH}J`67Az$ic?#0MgPk9!ax$)0Qa3vSTA;G_k+-f=f2OsBj+(rzxzN! z<4Cyg(VH9DJ^tCWI`YlmCRRseVIs`|M_UDi>h6_>m77~swf(Zr^{TLMfogQe)X-6wJH zg|shF**m>NGf$`52*PGKU)~a1465#e+e{nkVvAl$+^?bo2@d6Bm&bq~E!4*d3;A6)C?ogP7KGQqDrG& z0Xl=w4m2Fc1&ZW_Pe+VOWcNm}j`Y%F4$6+nL0W2BZ zap=X3s#5$d&_#$m00W%@_jdva>{773orE|%ovu2a;pMllusfpYWOV|A)yL-q@WH~FlNh(!kre5%_@DAi-Syga_&f!MdI)xl1;PU-XO~Oe_ z(RK$JWEI^IJOT!jiZL}mr|dwhgEpW;M3)yogFmB3EL5k$$|8&q>h|HeUP+KC4%^#*E)T1VNCo0qE~^*CDM`Hi-C z$q(WGm$QYnQ=W=k@8h8tVlYpe8fyDVYp9^;0Nt`kDT9;C+c@(32P$H|Ts3iXxrivC zu4p4O1jQ2)S%7QVY?Y`=GGSthUGeW9Va+qpT0bXsAl=posh&%fI{G)hQaAl!q=7x@ zGWUtpZ2UW~MS|kkMq>TAvt@pt|M~x${C{gKiHG{5u@GB7{zq4I9}e&e#&^ z`97fXR#h56IRFISgLydZBrF(mY*ck@Ui0b8d#By9hf%A?Q6?B-4<=NNLM0ZTrhYNV z_hM7T-^gZ7(Gnp6khhOb6eOnRU3PT}2^1chBHcK%J_+LFlP`$=tG^={Q4{|?AZVXV z*Ru~4SdAh{H$%`~3;uHJRAW@Gc+BP+^|)={uE+>c-jGxvOvpts3+OgjB0lP~Tui$a z4#Rru9${MnBUGq3Pl<@v;Pl^jJcNCbu3sOPf4RxQxEAv>e`Ah`0kc>f+FcAf#UC4- zM%E||)`RMh{K@co1g<(`oJTWn`^VB9#(iY2$aD6l3O;=?M8yo>o~X9^$!lF%Qe1xV zS-`)B* z&yk2987&MFJFahuC(A5(K7uj>=Leaxq6cp__Z`U-dSB-f8&#-BfXEfCdj7kM-Je)y zDiXi4=9>Lys~LwJR>&3zp8)3nx}vAvbZ`5=yQ2XfPv}U`Y*+B#ZP3;19-k^{E_@75 zWTlr!??Z}kc}%Ge;8C-ZBKWUKU@sKA1^-X&W-LN;Q8U67$cp}ZA<7@S_P6>R)3KBqCCF`g z3>6dcj4ED3CT}1b59rv9+TQvLy6N{FRip8pi?x@>I}58dbUH5Lx4?b{_*)eJI5yYQ zjIPsYn@Xw6Q2r)IjD68TC@L1~9XGTCzlZvSDpK~~YYn$npbME(h@o#KzSYQn9m$iaU`oN}g;w;8I*IdnVJ_EDD!kS2@h+1{ z@GHhGx?67xF=3I{Dvo=~dJ*9qP6{~Xp7u}VdsCLlq5V-EIy%yq2`2%uKjyGf4n1Uk zR@}s}lF#!Z4>vZzj1$hZ)8`l}5LurQ<_4fpb%=HoyaBCHWpG>pmKm(Y;q43;=P@#J z!l9BgQWxi|B=nR(zQt1+j~hno1kv$FD}ei!IhyT#o@HjcTS88|dAmJCF%P|ZBkhN& z3oIDrnQe2xB6ONMRBkwe!=#`Km-?&|_Zylbe#WUvQybTGQh9tnC8H?scTQM5&Q6xH z29Y;DO7+Da(viP-5qIiM>qxOm^es5)Fj+uzhkObk7$E@NUrlb$tL5l9aglw=XFn(* z+L$0Lg%*_Pk;_krTZA;?t&!5)o@$bH0gIk)(pzrJ_1n2#X`IyzDV%^%# zDx8`;KTkmtz|Dy2iQ%@S46#VzEZ_?f1i=sLqu%uzPO4Huf~wg#7w;UJ?axOjNaVO` z6;*8B^BKHt*8@dnL0qb35Nn_bwF@vHd5kBYydiF3=+(bDe$@B;VuUUqbPaN+YBn#o zX^1^gl^C{I1zFb{1)3_KFDuAIlZWTjpN;GvuGTpuz2%wCZC*OIR>M!D7?ucja>DM^ z$r!2oy|7vwJG%-7wAvmFSKuSh{v)403T+_re0-Yz6&R!F4;s70h3&B-^cgo_Y;KT; z)Ci8Wmti0>ehA@+)gw=!*TdIcV6{*~j6YcUc1&qNkST1{i4EJf=k;qVDrxL+q}-no zxsj7sI^qXN%Hq=1j|XKByt1a2)%n2`;|SOTV>M5$%ro`Kn{h; zS?)R2u--fKj6bs*ZPr-GacJsWu`eXj8sr89mCJfG;K?&~3wzO69t<6tB;v%FBy*X@ zs|86o7pbd3{`KRb=P~z*L|8?ggv@OjTXZogzn`M#``0yprsUu?6Vml?D>ZSD?om^E zSyaHe=JF=6iAW#S2NApyI@$G;$QXK+MA^4~O0AD@k!gpJ3+b^f5ze^4jqA zBGkI=(?l8Y>EW3G(yrTSlgDMjD~mE<`1r=5{=DY^=yYg#CBlsnldMp@O?5+iOpCOW zHwt3MJEL)UOQ7*pR#w~G)zzrv4+X2D^;1+8snkoge;t+}ohmEKdnv+A71~&Sh16_l z`8>nd_FbCjPCo*LolnUs0T=K; z@)WAof3&3jmKntFsQ*uPzbH4kcd5XTDBNlGBT3Ka6NB*H=m+9a!9=CDN5XGOpiDXA zB+Uckj0PBN?$x)wzl|hASZ4c588o3EkhqtE3B32EJZ)r^=1;$!^jGdAp zGpp&rCm*7FXR{wn4G|Mp@}5&KU8_OHNIxfDK%5us6^~nG#`!q zh`W(7HX0mRtJUY|M%b|5Xk$K`=`oY09JsvV{mACEb5FF@pq8`Uea_MNusK`joyL#h z%gZh$epszxmerV{@FBJL07_L0nEO2p1RR#l^3|oI8*ntO;n|#?U}gZSe_>?y&A1tj zrC6Qg>f0hGYs-rwLL#KbCNezh_1(3G0q-yYJPr^6?ko&GXpH=WVKQ@V%@Q1&W5`o<_)Sj7=0RhNz4YZu} z&6l;8)P4y@XwN@9WOalJ6v!yJV(B$Hiu%(;cm;5_I`WG+C6A({B|!1q@e&URWkgZT zaR+;CC%})Hw|)Hz0Tj+-fzDj) zF$QMq!RIC+I^L#tI;c`ZQU7raz<=OqXpYhI*_6=lBNq025skCJUJV@GK!wx*l6?e= zbwLYOSDBse3Mvde&1l!lVt70`cz8}>_-g-dVpJy_*QSf84T;e(L+9hw?5-plv;Ss! zx>WiRuLvOH3w5%cbv9{=RZCXhb7!Y zAF#QO#=42Qdl-MbQdVfAQ?=A&dB_VAIKtK)+&GFHGvcVUCy)20ck2kIrvrR&98 zuI=a}o5{wK$inq!vcA-Ue~G5q1CUd956V#48Qp@|zGpY0aU!9{@7&y|9;B2?1&vDL z8Y0M%vy_BkC2@679~`yxu8{u5PXpGdT`zE7zBEEg*CPI z3(31^d=*Z`doT2>XC$vZ|K4uZjR(@3kQ8+vOOF7>8_qS=EjeBe2mR$TV|d!|9cv>) zXyl|Af|K6XGd@)?KwO&{-A)aN`m@+{tZNcqs6ThNY}Jo3-VN+vO8X zs;Zm=Ub7W!JT>owuC^3ETtK3lLewardO<`dFvfi>;6!1 zca!Fr2zKYb{68MTLp`qA!!VRtp$v((-PM^ zPS3z$9zR+~Bu0*GDXASb%2?};sZ*b% zI!OOvxmup&OwgSfqoSEOT1!;W?}5!QS$9(UO;-UizmWVP-6UwjP#7wn9VoItHK6p|rF5Q^1Jf)&=~dDFVtZG^WSW#s=*KFy}J zkp~E(tf_lek_?-q@MSs+=4?IKJ%Cp#fGH@vBRbL_A#!<2Psqu_x1L!y_E5^VkKVkN zUUgdPeukvvxt~H2aDY?5-te8s__1oXJ;0FiqPXhj?L$dWt`qtTyhNp!H}AgM zkAdgLd;2VvUOO|FA+Q3@>U9`wUkV>oe_b^-Uo8xBZzX44%xS3p_AbX~t{GkNd3mZ^ z{s0zSrxn^fa>;v;Cf}7ttLfJKN5Re84n&s^&522@nKi(?aU^8=ig?4ON4^9o&0cP4 z+iSB1tgS{a0QnGbB0?ub?Vv{ntzB_bYkg6Jk69b1IV4zu?$*mj1-%k#r z(K$zBwcm7Mmkb9z||>ISBo%ezEE+e#Wv@w5zhMvqL3+%jOs+rk#`ab78!E8L)T5ny}FF% z8K|Rh4FG`vhuO-a`J%uD)|Wjxe2M(jcjsFi&>+v%#pErj)T4_W8hKfyD$1T&gLiiA zUpY8$cbom3aJ}d?NZpNuGwq!q{IE-&g!hS#!$NE9+0c(>C6jgSwYBYknr|Uor{cmP zzO0lgPjcd2DnTAAKB_DJxB4YKloh(mVNHDQoy(+H5Z{|Zaz{&>`x6n67bRDbwAB%U z=hw_L8c(}uVuB}M1(ZQmk`Y;Bb_5-kozh>hourS%z zV;+dATS*p&Jq&7$isNH6?w&La#vLyxOjbIB?msWUIiMFmmYf$k8zS)GYAB_(2SpP* zV^Z5~gpbD5U+s!G#t^8A+ktC=W!BT?$F~KxzN5Lg3k$Q9Hinh6Cr$m=T1Hh5_>9}& zrFpLP&6w@MvetMI@Su_0ev-VMY^d_t(40Wq_Po1>{A1vnA6Dg$`_+m};lYG*%h{He zWmeBC%JpbQ&EW0hkCVg=^Xb;Q-<6lUcbg&};|1lwC1x28ZpC|8&GjXCqZi-pXsmbTC_lqXKb|J>vMh8$ z`is4CR}HiYd)0L zqUL@6&cZ{#?F(}wdS+8XfGhNfa8`uH$uggwYVj_ZLjATARK=-7;laoRBt!6W#v3Z7 zq-FQzPo?#_b*xQS;4OqSaa2Z?R z@?9JMl6NIw*W7X?eClg8XJj{xzX%+b0jlf`PuvZMt&f=!qE!zi@NL1j*#ak++NM!_ zl2*OZV0j%1|I|NK4-I5_%3b>=)AzY>Uf5|xFC<>^QI8!+ z=R|IoVVNZM)SVuv76Orn$=J1*^yXbo78nm7_0Qro>~s+36@+T+>lvfRDS^|I+1 z!X9D1AlI(WGaU|5{Qie4eCD}=ry?VB;7)X88kcFux%zY?ZBA6;;kllB^%OLJ^<9&o ze-9rwV*OZW{@++@7URk8PET0cNW>|fbUOHqJD&wJ>0+xa6%oybup&hcuH%)weB;8B zF@o2Jcq+u`ND(6SY&#;J>qi5Dip9&V|J)YTm`Iz>_5Zms@~fUZ6WUo3^^V4(1~>`n zW%C7^*auJkuh<&@pL*Qr%00;tNM~@t9*b1ho4=n0v#pSMqsp$CL_Z;~e+k0Cz@>JE z-H8|M3?5Vd!J;*EHoA(m%zJVuVmCujFyZw_WFp9<4t1H4#G+cuYWg_bg1FtGO-}@z zF+XS|opALlQbT&Xk{fw08hIvurr7oH@-&Eg-}B)uKw{rp$vM3WzULdFhN+6(7FUC^ zayY(oU<_tQ2$sTi2#%H<1qGNLX&g&xW|GCqJJ(}jIEhjGD{a$c*9e#-dfs9`gAFWP z&$>Uae9iHDanp!!szfnM*}8uiI;FQ<>)plRZx8$>sgDkMNn1a6A-6Vi8G6O~AhzY& zPb>{<#Z~56(u5cfy~aWCG1}-Ci0$Jz|2z;)_EDq%2TL)P$J(zjwCh6_j&zf*OpgJt z`a{!+t^Ub8%0GDQMN7hW^z+^kY}GIppI@v9T&s}+psvWyPL$yiebi*(qU{>qtsP5Z z4HUt@$b|OtirVv(m5h94qI0()*-$Aq=`}1w~f(t1IZ_0n0S@7Q;Se(2&ha zLbb>93aWeH>Ixc?zGlgE2liMp@1P*DzP#IiZTS-I9j~$!jeI^vATO1Ay#$s7{2m>@ z@P2Q7MJtYN`NNuJYF#w1b#uv*=c4k_^AUgEx8EqiD3KK(q-?<)8nlq8gACYsUG_Od zE;)EplsX!G#K1fv*8GH!+Vm=CTI8$)p0>b?#Sx>zSKmem^vxuuk(g|Lh;WBE;k}I- zaj%2#HkHljTS??PM&p5YZ_mpdJ{cBv_}O_kc-)?FqcsgJ7^P@yYm-DLlb-Zarj17l zS(DXRmD9-5ynEuw-o6RtntJP4nW%3mGT{v9jy)P0fCZuxy+=+r9ai9ZIxFj!H+8cq zPnUIbw;Z<>q+%M7s;9_c%54Ow@=r`VXYh)q{=)okv1L$P79;SOLh9j^LaY{$?u*grkIKX zWug!Ev6Qt2y&(uI{_OC{>$Qhgae#CbPQ|40?2bO6V@0U$31Zx z9!oBDqK_SnKO`KF!Iylqee6xV2{!21iHc?QG4)=zhgMC$+e zi)Abo`wGcZFA@8mTLM`z^30ArN77x@RCo-9Q}w_DA6)X0LSSdbb5Uac&$+wx!_nQK zlkOw92dK%K`^<@&k7DPfJ^WSDk{&I3SoB*IEC%*cei%g})b7yKsHQkAM%x9}09$AC zKhB8G5zlQCJpgZ7_sEBKE`-8EG5XJNY0pVkyQW7o3^(r`o}8v5dOk)|TF&iL0DmjU zq)z+SI#3D0*4Cb+BBbckJE^KdakNkBn?n=s`m$bP+7TXW z0yW2V=9E>x4UhJpkFdi-?`kt3?I+vLXa{2>BP#C-`yV{>$wzof3}}2V%P4UqS|pj> zC>%FH*>x8h}g+o=uvJ6|+yTXOj$MlP{7WX_ZS{KG%&aF|G} z_K?Y@+(uW(S7;j<(q{B)j7DAvRx()S0D%IRs_B_Pqog4#^#=9UQ9-TCN`8+CRej0+Z-=~fPxSLEtkyVD^(MgpQ zk(1U%BG)4FatBPS>g&&y2h1#kjfZwruN+BkB~#ndR~{}U4`q}GKU%!)pmY8hL8$Jg z?V$5Awc`N@SDXVq9`Ok6c0`nOo{?j%7fY{*-ONcn=s6cYq4&~vKY;J=E%w33HO|Y* z0*$rE4x~FlJ(@ekg z*UX)tjXa(Xtjy_WAEW=&cy=4S<*I}$7iFEbgx4C64@S-%9}Lfvl}+uak_6^%EELjK<~c$oti z|MW!;L{89G@pJbI@^QTXmUf1?Z|d&wsC{LJkk78{%apVK)2mIK=Lspu>6wzi=6cXl zVb+CwC#A=&3DSc!y+|{{Gx+At=eJiNxAY_k z|Bxj4O5YEmD9?At)suBsA?uaEO@g*Kz1IRllqc%+*%A}y#*T=ppG)we87MQc^($s< z3;gW*`641*G4w;oHcm5gIXSN6`;?u8_6r8Y329K{Ki9X>JwD>pxa~T${=IFVI(z zh+V#a9Lu{mD}VZT(sUNyIa4yzf+Mzx>3?k#5F)lxQ|TrD6^=DX>4{=A^#6C_|M5&@ z$eMF*BcG8x5xM_)#)R~%H=DK9av@e+MK%tPgLf9E%yHN{S&_5@%b`}%_N|0w-|NX& zKlz)DF)stSV-6rc3?J*npI#J_=;ojm9Q~66c7LWsYaFyZnpovsiXtfSH^O?7-uJ*Y zY4;`X4Hcw9vWOFLv|sadNX>a%F_T5 zq3Qy;S9PQhNfUo6i71EYePXeC*)QAj?j1o9h}N3gPLnKFN=d~FbtTZ@?ftHy+)!g#TS%=kR-FR#@Sap4C1wqtMH`NQMQ zz-aH=F&BLRuI@q2%32Xwy61dX(Tm}=c{W5FqkwXh#??~{6IezgYF34#rudf8oBr~` zuzj;**7(QyT7V+&0HNMpti!iy0lSAL`pZHt;is6|Hn2rUYJ|+!QC~sqi5LP8upq@o zh@``Tq3t_fP3@NvJ@rc^JcW!@jOJ&UTusn_U8SLO$%n7_c@IvfYVwgez0aW~+o3Abb>xA@Xzve(R7>cnlEUlB&9mk3eBS=vL?(U{)`l3lBGMf|r7w zl%apkMTt0H?`>@R%LcmmOEcgcii9ww@#n@&s!c$GusHY7l|FFe_Lw>m8uHr7QRe5! zg%gpYg@l>WD3x_<`zDs|bV#$X>+$x`jJ?=jtiy>;JJ@x9x?ZDDI-rP)*ZymmSBN*c zwdtC8C~*0mAJs(s4B8AcMz+(nF+w!91PqHd03w(}+2^4D6uYOqLjt4baK!8f&X)H_ z#NH4`_Ws_2K&>O=`7i!3S7!>i{jgW}&4}LFABCF9%53p|_UQRp)SHV$rrJRvhy3x^ z_wh~I52Ya21tVT0gm;B$TKh}3z{sx^>KJ{vCjM0*ce85oBgf3xtvT&L`Nxw?E~`_9 zEIl`&tjN_R=Kxem4{gtcy*G^;Ph*(P$_ob-?|z?SzpRbbj(g3}B_wZ~!XYBoN>TU~ z`*1Z^jrOOgRebV&ZLqFK7i6)$A zQsUbqL1 zyN_t(;3&ds#v|~OCKNp4Wym@1klZvsXe1#Ws6Ov{zh51l?eU@I!ZJ_9ZPpZQ zQ&ux7l$3j+Qj##By{dD#=mU%j+nl<W`bEmu%Fkl*zFi*2W6I9Lfj&d09>D3 z&>6PlGw{vIT|h0yX)8~(gcu=KtiV@G=kUoV;l|CKI`HwA>&w{oIw-*fp!BfXp)8Q} zX`lq=D%*o6HkrYbc>8j&BJZB`z-xn~J`*{7f#5kxrAx$u@2hLkbF8HiN7QOS_3$>O z_t=y57;~9+X;dTnZM$hhn!Tpnnx-;3?(f)W4&T#vZ$Ey592xdJV5))s$RhNPz z8g}_}-ego1ZtqVvts&mOJkjhe>I06;C=6MAZiWUaNM!dy@dgJyEzpz^Z*;?C%sKH{ zFjF09arDjtK7O_nLbiX&Kj4f`xBE#LZVrsXA&A8Yjt2AMUGziQ5b&-|pn(F|!+a~t z!_JPdM07L7p^%D*BcqCMWfeM_Uc(Xbt(?d*wX~Wh9k?lbxGMwSb@IlYlY75Ce>r~~ zx-Y$2CE{_=kbMkph-b}D=o4tQr6ywN>yF9HRwQvIq%quSpjY4a)$n~d)b$Z1NHQ0< z;2U=xdj_#IkQVw^OpNazayFixQdJ;lLQ|Hf45F zpSmpD!UTGK>#w@lmR6wZJ7JLmT(ztkiie)OSdU+VTYy&*2GK1kowA=64#9=K57#kq z52OrUQgy}tTieH^bLN(aNGR%wb9}; ztpSs@qkPjin?2CK4KT8=4#Y>`5jSipFueVK)QgImrY+8!JBi42nV}D;``^fW51^*H zcW=}}5h;R*^xgynq$r(;h@c1vA}B2?AV}{Wq9RR7=m-j-3W|XAP6UC_r1uV?x0uip zQuY_#_dWOg?{{YI{mwmi<~wum>=`Cu@9g!gXRp21Q+~f^eIK&9j02N~)6!~7$5gJ0 zkqojLbFL3_zb4p!O<84WSS(Fyuy8i76EdAl%_+dqF}*I1g~-XtRp3Movaa`1r}bi- zdslxhpUt=iuK2;W5jwe@)Ls)ED@#@LoS@0(fv>e7d#@;gcpMBTy#Oqi&&cM3<_}JU zWT2p=oQjW3U8FRkGIW@ zMc}5_oXS2m24|O|S!x31NT2#a>0Oif&mQlxya!$cU20x@TB_9DArN=N^3K<{U9B*mH{pYBF5MYr1W&${lP-#wSvN{+Ai}W=5W}n!EidYDp{W2| zIj_GVPB|dwu-*w6fFD(_{`3u2aOQUAb>7&%581H>g(~>{+Fd`kY}!D8uiJjaQ#*=o z*e>&y;K0alrX+b%8M$C+9@uh09KC)9w5_itu$)PdpV6wuVX<3L0&5>e8xmF zqHkxAs70XW!Mfqv?1KH3{1?EFKF##dLN=&-=5cDPkGJnqfj1ftDW$LJ*6vjf?9Qy; z0`^d(mY|vAAYWYULO>paqYXXF1>7KCM>hDAwrqe)0_qncVq+xY?4PM%mesTq5 z_JQ~?5a%pi7*vKV^I~Z5(}lZC1naXr%8RLo!TnRDCdWw#TfY}71`gPxsoFR+`01Tw zqPU)$AU=!XUTdczx|z1I zS4H&lHG6s;D9|0erFfn>=feuirKwRmm+w~HOBfy*G5S3 z1tH;WEOq=>O7vJRJ4CmR<3_vaKGeh2kz5IhGz+MTJB=X?)*z?H5m4++$U_YgoHLD@ zRKRf}g-TuA$j?_tDL2KV$zL`$K7|(14v$^d)At-4QlK_u%`XPrDLiq zuk>3(dx7h&WqfI>y+=l9ocjAq>Q9dbX|F;@1Yi2qA7`TSZwf1ce;Nsat8i^8A%Q{? z#QO@_ES_E+Hk+i(SegbM_G{M*ZqS@u{+3pkf6;?+|8fn`?@PRot0)^kR{CQX(h3JI ztn*HMdp+bg7j|0cboNR%`b1cmxzhyU*zgGy(?(y{r&iWi?|pJUT>!C>!8% zfKb~qe2HXK|FcBhgCe%_CO7UW8CmuETDoC3w14tyOSh25z=RG=IWN8l(=ia>v(zvc zLf_n^iDWqli5dtVX6^;G0Owb=yc7_{079BERy^C_q>Y#G7IU~yyPE0>9AO&31ltqa zN*BNxL_)4gz=+>}lmTl1K@aC0@by^NrLm+51vD9e@Ne5%KR+&Ld%v5-w-F*Im_xEI^Ye;l*f@6{KK=Fp5u|fI_c?Dth03@5^KcyK2 z_F4B_0)AfVdVhX_+YR4qWjGJyT$;8Xhmmjwc~PHJFpv>$e)yk;iTmvHg)od5%qV0{ z6jHI14SsV%2s}5piw8t`iP-owlu zYWrU8W#Y@1zWSk5JIZ>MF;=`|qos_5;OBL7a z+M8)xTufHoT31eTK=aK}I_?IHUr$HDvJ=X|P&Pm$~BZ#0GXz zP3VTzbrm?lq_YP`tkYJk2iN_Nr!}&>Y5D9j6^~K8a(F@-=1XAoakJ^J0DbRX{V_` zwnTdiL2Dy6c51}vtY;*GwEhD;A@UoXICI=hsU2)j;~Lv(SrdIjH>7E}T!Ccbzapsq zt?BR>0uS2t%+iD-T$&<4gcqy#4g6mEv!O}HV3I8k>DwH=4$BXI<<3oTi9uzn2$fFx z&_44!YXOXA@9IA62=^-RBrWK^5^fzL1tYSIcFJuM`OGB&;jF4ei^*)DY}P$+ zsZsWovp{HDS6KaXc;uWCJ;#sS-?EmOCaCo4R;DDs_Px(k^cE?*WhEu4{uz-g{VlPV z*^!rAcXsxa8vZos2;Mjr$Q^thtFroo*4F5qW_!rVrN%#@TGwoSCY%Jn-k&g<9D6?a zW^DX=xgI#PSUw~81&XQBlS4j!_i>XKyvA}e7a2;Uy38#@W4_b>dhn+|6mSpluOf2g z^+J>~3z0&+K)*Zy?Y3^csP@)8shB-(j>F8vkfTSg75ce~mnY2qZi8Fi44 z^V<;PUue|_%t+OQR^&jiYJyBd)vU~Mg z>qt8R@1cO7JI3X6a3^c>am#U8L2wAy$ZnaRmjACZpkY+2%w1Hhpxc0U4DAj*slz-7 z_&ma_zFqnLR|#oDH?t%COiUSVn^~_Va}VY{VdgFCDlK_V@bKEW2ana80U}Bo3`j0mkp4KkCS7h?K1$mt zSi!s2r+=F?alzec*k4J5Bq+pN{UL>|if+W6U%TeHkLR^MPKgKXrh!X_PUNynUQ3%d zEd7=h?|(0LGSobnl&#K|$E#6+k3mpSQ;b{%@hg@$AJL1Bj8)-YvxjwunMS?h9YSvi zLPy-`Dk7KdEJWbSp*Ze^*T0Cy%X%KeUHB40)wb~P*6@G7Jklz}XaLw#ah!a>wlFfh`!dF^F~H}CHch5A>k12h zPRP~?p?eiR6g}sfhd3YnhNmO{Fa>iTO3KG@1&DS|j7STDQn!{~`L)`NaBkWnwZX&; zOs4|rRto-1;L0VIAQm;MZO#n_@)nd>i*>=Lwa{Z=**7TAe^;7xnSIWVYbvB3AG-5d zR`u;Zd8|)X9DPwpb=(MR0sdS9!2U~6QlvUnbdde?$k45S^g5d{{-V+PxK`&@uoVKHT&qUf)K+#)Dfwv}{~?2XDFoEP$_q=Jv4Q%dn*pK{~JY63A@Jg#=R$M;(+&7QqJ_Zc#!-nNc( zGIT)SN;-Q*RpNC4jm0iHP5aGmj`kbFL~ga9OGJTS)82W>A4Kb@@{}Wp3;f<~eCxZ1 zRy(uR#k2RA*`uQmFbC)Ho`hQViY-Or(+?BJ7y4|@P--o!dpjY(ux|H;3-$ZSFB4RBvNrewyzTNq4uWEqv z^6Z!i0JV@z&8zyP#&tmo)$6w+xY;qr*$z2oRm~%;1}^9_pW9v~ha(}wcRS&UN4(j- z`Lm)>BQt4U01bPjzLm%Gb}{L590+Ox!I`288U^>Hw+r=CBGh(XtPVj*?H;=~FDdPk zAa8i2y^o7gVi8sW+PE2bVWXtJp}^q!@VLdk4N^PNJ>ySjGe#6}^zR(m2wO;0a6r<; zCLL#9zeJ3LUYi(sKdWugE4@Ci2#kwSnr^Nhp+b&fsiNv=n$`O-BE`4n)de-saR#QQ z7T&Cirhz><3fhGa9oarot0fNjLkd>l??2ZB<&g&&;kPa6i>n8!E8D2b6@wMDG`#Z> z!TW*ISKF*=#%w(-rze2~*0tY6R~PHim_8>-@>)nq97L+@Ipcrz=2Dw0TxfgaPU!;Q zTPtY>Bn@=I}^S0iRBGOnHO9ECZWawB;o16~DCRj4-u0d4Bbs{T(bsRP1QV~&j z0E8h34#2DAHp<($WzJ}=;UYq2_NmP%x@H7;Zgj;j03L+jNCR%qB9Mg%Qrhyzs=Dri zQp4Wfz?GN0tj<3#anYTRAERM0f^Wu5r0v!|q$z(Qj9gfCj7$)j?CbNknKNM+kv>@W z*}D>MK_{XB67MNhWLohB->9WGt`6BM;cyh&`%rZx`J{lSG&T58j0}3MjP_o(#dEpF zDn?mad-BNtZ~(aDKUYRD@~57&ZA0PWo0fN1 zX87&fme9~ZCx5EuANVh>*iMYJI+|Ibnb>HRW7EKg23x7? zK!=osTGyju3JQqR7M<|$xpVFs%L^wj*5G%~EQL4e5FzP25K(4!FV;?svxEm>omUJ? zlw%w4AQV#{W;AB9wM$^jL-~uD#aFbZfuo^8DVrLDoO(9|?*iP0mv1kg9f*OffpHfB$Fk%=u@TkNEeons1dr2*8=}A;v6i_hPi%vz4^Xn>o#M zT`Y7#nK_ROk|*zR%_r}U>~&*ngEpC6LkTnP#2AZ}-~koj<5MneVaJd$nu|i8tj?z7 zggxs_+0&rhG~nSChJO+LF47#?SFMs+?`?H=yV%=2(*i_H3e~8QE-x|79#AHI>{`6R zQ^@KEI$`FOJhaqDuOrmaf>k^k(o3Wb=!v~QyYC**s{r^5Sflh5y7LMc7J?NK3#z2S zjW%sY?r(QDP0oYuHjKq2YnUPwEW6i1K?gNM z_QOjU108|-ju>e_$ygyEHrFZ~|x0R&Rg0^r4WNIYkKZRO_#yYiC{ zQO@m4q;5a+{rS#Rv!X821rAOBJf*{TF7kv@kIHhCmh8ySypmIYcgq9SQ* zN3|R+mP)klKI}g_VhNZ-I)RZoj>opo@^alP4zI=m3@w6Ww|m~V`LS$zs1}XEQ)+FS zE3Yxak43L4W)ooY7W8(}tJiV)46!vgQmh*2To7?WO3p%luC8a~wM}cwuru6v)wBBCW_gP;Vvm2$oku<8_Ljkli@6Wk!zPo%;5~G5xf4)q-UtjCc*n(n>*zeXd?Z;xOb60#0a9sL zRB-9~(Y|sz0eInhNQD`-72+J}Hv>?Okf25mY?<*I( zbRW%px9$WdhE*VE_gxWvbhg}jHck87#;}Kv?JqvaFd}+rgi(Hx^&4JF&X+K7?y_TK zV9B;S*WDhT?A$F8degm{DxMr#I*Y<&}eu%#*=i$6kfbo*J-X8a1 zQb0W*2jK7#vGk@3*fMIVX{nh`E+B})gD^lCAfW~v>V1ug;)=j;H1yamj%+7t@~#Kj z_u>>uo80Vk&-o{u>oU0gK+!5e*Hwo{_}|nivT0T)Fo#r@g_v zAj@Ga)>?rx|AvHx0{dha*l99r7j}!ZK(>2K_xyi5Zd5aGuMS3oEn2oDvNF*F1eHRP z??yrG$lcCejJ;S0MOXUu(NNn2DemMKn{PkSduQM1>d3Enfs@fKlDnpP^wT+Z{Pon? z7f-caX|&!A%h}po$#b@cKD3+t#V3piTY00a9lRUoI|?L{2i{lGb5nG51U zNVu?q4eWrzXEs>aJ*JAieWr?~ez6;+mAyjQLbsUpMgH7zso!v1c=(7GOd8W|fAD?f zr?q(v41MYK&-?tn#-#4Moo!7PyiLcM@(CKE7ZYC_y}`tZ&|Slslg4N$#BQs-d;PgC z;76#wh?F)ny<})gq0iBTx&}ph+Te!@BJC9*)N2S=lQt*y76`|MVSa%Q&NsN8zMG@0 ztN63Fh^Yf0%r(H}nTmVU^|=7YDZqJQP1$>Q#-=qF`KHwQ(HmwXk0IVoao9z_;^8Ih zSQ%+HRhYx zF80@Y&VJz9X88PJMW+4*yHz4v#LX|p%6RY*dx=$Xl>;|(0Cf;r6~K&)DdNK zPTFQ*pBFSN@JNYtQuMT91r65ZZ;pO(I?KJ6FTy1t%i{9ARXct-41ImG!+L_%oUqw+ zkn%Rh(J}Mdw9P_h@2e%-g|VsxJ}&!y-tcu()(wTW*N?6ZT$G+_>CCxj`tr)TCv!p~ zeX(vFS9&VjdMV@JL2o}7M$tKJ4Umcc3!k}~wpsMmQxYy|-chVFqCJnnP(<9=q88q_AFivw@L-Ks`|Z`=49_C&8oFA` z6P*l;Qdz8INgNR|a3Re#Uhk+uLx+I)kN>VZK%QX=5Mme7zLPup=U+~wLpUP#lOZSe zVx_Wo8*9$CnqF9C-M*X0{TzRWL~m2<<8(B`;&j*U`weo=7-mb79AWKZIXPGFxE{N@ zkqOe>{4KpS4u;(ShQ3HETvhP&w`RY4z7XiwZ@cC`=SSM{&+d6_wp01itu}tRWq3FhLQk|mqd=HXLQ89j$}$Xj?vax{Fw*Oud-}KX zJt=Q&_PuYI5{^FC9C-d#B1UgI1mVn}Yg&0DJJ=2+ciY-&y`h`>agDT0LeZZGS1Ii- z1D}q0ufY!_-~#9%OcJQ9X|1%;ftwxZ19gk{P$#}QbEBT*8)=0Jj+}?KCZ*}t?nvO_ zNEJsZtrt(UDjjy(WtD>_hG*3auhm&izmeVQxQe|@Z-nzz)8ok5H4OXI=YlJu+C z$JA>>XIEknV1E#mEgO*hMmsYJ6B2Ve#pN{R%6B2jeq2o44JA@m8rpYxQD4yg2!48! zY9t7przGv7qJzb~^LJFAdC#!08|&NyrTjUy(W?~^h0 zYH58p^Nt(k3D}+ zF_o{p7)}PLd0SDp#(w$MdV!{*`>>+Mr)eigTURYC>wXZq978H*F;xDgds=}mQa)h& zOh3yYBxa4p;pT2{;l}V)u*rgc(23EvCvUe-E`0Jjf)%fc;659tI)Pt$wjcosS3gbv z*5SnWSWnnNJ_Z!Wv)0_#$d82Kd`*b1S$my|A9X|` zVRYLAvb-F^Y@e6^i+#H9{gZyGzIdyN;T@;mlTfD1Hc4A=I4e9&$Nae|6f(Y12?}+I zkX354Uixic`GSl56Z(5P@p|9RyL9ziK3Vtve_hGuN(N! z=*Zvt&z{^-3i)hRp~KAXS?Rg@C$sGO>J><4zSf883c|NQf>~+5Tvx3=P9w&GRum%n z>l|&Gp@6{$#xL+&uQe#Qt-oAIC{w2NEH^W;m?G780*aqW7_Oes{Fg?8 z^Yl&sU4qT&?HqC=f3BAeBK6Wti|Wkcc+`wuZ3bOYo}eu~EBC`U$nf8w!DP<3z|3m)1BT>O@{tSlEf8_9}IGhDIayM_&|Dy{z(*OMPfHioy zz4D`f9)DL1U_&8)cjPU{KchpxCd7XY5~v*>?B+zHYqj-+`?%P(p1>4yQso7d+xHt!`_) zzL(7E;P!T_Asr{UEePi6R~0L98CZeuHdp=j6WbY0K-wYi@NqbS$SBjGYhuEKq+JvSr_z(jxc~^61xkV(qYC z0mF6f!SfW{QW(5}T2@bvCjq+&{eq->${!r1N?OByLZVD~AaZ2yQw~_AmCSs*c*4vr zxapR@&g)O&H(gvAeN7;A!}Mb1o`)R>OYPy(W)qmy!^NnU3ps~=wjVyz$$R%a{KC7L zE9VnbbKge!@W)rsui)3oB}md+%^?Q^?(Aoc+QUxxz&Mu!{Dz zF=HR2hTEr?e2LofH-@D04K;3PQnWgMc&o!R^z&|G{5{H6Iwp!*F)9K7yXTpA?{KjE zZ@WQE(>bq+z_Y)P(8Aq)!z}Oxw5f^2AjzkghxC{tjs{IlLG8yEFaLNf%g@hD zx083VF6R0Lw2o6jU^k^-!7Kbtz@bl;l+2nANoxYo)&(Yeb)hH9$J>VS2^b8S zJMnMb0u>qX0|?gIruaCixbRfTXr6x zr6tE@k`ouPT%GJwNG!5TWj45VphQ89SZg5{U3a@QUO+nmy zQZW84^IcCbeelcylW}$1>BKN26@uVC>({V6< znb2niZYm%3kH~!FZS_0Y*pw!P54@&lSKL0D`O=}B(X1V3H+Z|ofa%YW;vC6!=&&He zJCbW4`)p3&?#tQ%-=}W)V=gsuW_Hf%g?VUsY>1Ahgx<;+;sJTD^=Gr=?DB5iwJ^{d zK%UbXK2ua`d~o;on9JasN6o3b;CUourZ%MP<~E~Jmd5#dK;?b+V11P+Y9QB zpZ={S$$b#{fb%d1A=tdW(`Ux*`jLSkYed(BIJ&u-IvSV2IT7c+*S5(MlkYMd?z&gQqS_EuVW zeFvEy0G|LhLmVtYl%_(k_a;T5mtvf*sJv*L*Uu|xnCudsLcnK5R5ncv4$+I^x??zp zB%eyNFAXJJn=zHa^zYllUZ$Z7n-;lx2#wi9*DzFP9noiV=Cdc>bto#vW4C&`_BAUV z>y*qbA3EaDaHW>1HD5py;;qn!0EM+GBQ^7bgtqw=_hK5IW=_waDT5gM`&65AAO25W zl7v(Q(|l-m7V;xs87&kapsc%MY$v0lK!V%%lG>=?>dr00~iYaZ~gM=0G z<%R}HTXP@fey4f}hBbF1O_<3duD$t$TR6R7(LV_xnRuIg!FiWXI5c%buytPqYA*Da z{J5xRV<5beL)!1w^>}J^&iySdgs>YIv-xI`bu;e8;O*#-*)YJmrFaMi+(!}rJ`6MvW{G%esw%L8{FbjY0kIdg6H+pICG zy&@Xj)VVUn-ZG7)1;6&GwObv+Hre zmmM?MIJ1&r?~yr$2jF^(JbA^X;c#k+E}oT*y-ev{x4&rkh|Qe?8+Jk}(Y)`C=pt3} zD{|L#UlEi@61~)$Ku%j>jBc$|3XvMC#{SsQTv|@WX9FkTjx9HG)?n8;yjxO!s9K(t zwuW7xbQE`Z>?6g%YhzmQ%_S2@#tj{TKs1h)MQ10#Y@IDEnSV6CDLAy;Jq@9rW`^pS z+Op4ro-<}u$kD6oNOIh)ZcQSh$d&cv6Wl)>y=cDO7TAAObQW%UK8}vdOeYazdAV1zc_WWF&MB@EMe^;T%%V%`k#%5H8 zinJ&crg9nzFEsv9ZsH*<)Z_mf6rzM75L6518n_@(F1187JQD5t%k&8FjLekRGUJqMqbuaDd=6b&#Ma(H5LpniFz@Mb~i;-he2i>t1p8*Hh1WPsa!IeT&9^asW>y3QqI;i~3t z*I(|<(^(dP&6&->($jJoEWFp^2qu?Ij@uuXRQlw z3Tnn3G_xcXugdtkhL;YPm0URcV|3iixvP>AA+UDzDn#ffPs7JMpnM76g<#+Gyhd3p z=NElt#-upuicy{~wo?PX&z(e%#gwV`S$--@bO#CGZskk)Q#~sA@ZMM=Kj1}1bV8~0 zAxHlEU?MB9}`@g+!3shwtFd1@eoB`d?FEo+yaK@ z$KLZ&d`iJOKeas-cK0ItKi#|`zQ@(f-r&k!VMe9G&qqX#OZsYv`r5{x~ z&zBd?kmljP)vL-!hie*gI!o-IMkxmT)v6=K->n8#jXWCu3pVJgeOPj1P9#@`iF)Jd05DjETx;>0&LpYIbDUk!P0^r&UF!zJ#q0 zrVUynHVPKVv7Le0`{W7u(MypROLc>caHnAf1J|!QqauAa~pyf_ceYYQHzksoBL4Fs{^Khxk^axPV=V7?uS{{ zuLDwhfoF-+sadxAsLt#?Gv71W95%Z_%Pg6`W)gxdm1l#^>GQT#N$v!tAm!l)@fO!v z8mjkg31V!Qq2&BLwm;@s!$*~B8|dU0eeDXajO6#>9<4&> zH800?P8Cv3d3Yp_C~=AbsFIR-M~-fnH45g$oy7vLwheA)$Y6W+RJH)#HQeR0~C7Xo>r9-26Tc7df&A;(z$k>M&Pk*8r}Q|D&5QHb|?9$nYmPMC(Gth1`8`Q zhBpMK_rXt(=qcdp)?F&!ZsCST`zVwY#&S3S6;K~1B8z2M)N1j}gQRud1=dv}e%UN! zySR4!#qtA;fuz|*lD%c;?P{gD6K86wE95h$bR_T*h(oSTNg2xTPl6$(W9c(4-UQ8- zYi5t6E7Z_kn~z7pNLZwZto$Pxi(kZS8Q<$~ORnS17hF{Nx|UiTy|bI#>9dpNE*NJ{ zG-WrbB$az|m>PB0xcqhE%?{nUC+jz*ufcX}70+ros!4!F$}Ce+sZX-T zlEbCyNCUEr!uw$4BJw@sop(bv(frGH7U!S;-70MlIp?E)JDx)fZUQ~#ymhAKZy`^U zi|G(agExFkIU-|7VmSSq-M_d1zn)vsw*76Faz}ji=SgqTdDJH_Qmt+-+n!{y`qk)nsZLqf$hgh1BU^#cYBPm1TfIk0uTE29dkV=k(FA@_}#7?5) zBdG;Im{{jvz`UMlD<6e6Lf`j4+1!~cYpU#1Tm4FoDQ-|MSWsVeG|qUEW(H0dTBV(^WV2QHtv{z2bLmk1ob`5 zPxIwn^tHhjbcUg3pB8xj7Ea%B<3bDiiLr0RZ_U8*Fow(I@;qimH7Q{FV}}N_u{B-{CWPJkG`T{ek@;yoSTYfjjIa1jCIrnjR0P^{hJiL`KLVJ$#ZD1Qk{hfLrIt4 zFLU+A{d@It)-DtJ7rmN$bHndSEy=MhE=n2q z!iePDJAKdASwBPz&ZIS3$dVG>$l!vAeosK~_gFi#cIptPw{hPykOMZ1hMaD&Y(X7)_NO7L0tGAf9ho{6#- zon(ob<`gM47C5K&(&3Pe{6|Gi=L4AMA%MkUqwy}O2V~>AJD-YZ^ocjHJ%ohx={C0oM-gd|dX=B5Rn z7xchk^=PI#$sNceK^9*HfEg^^64L^U5rhrs%f)^Rd|{!XFXa|LY-MSH(s!0&Ckv5#e+$}^^jSe_H}qI#vl z(p`LKKuO)|>d~KQ`0I){p0U;sX${1$59fWk>Y9Vld!}@5#{Qm$a`@m!`>}J2!K|uh z`B6P*s>k#6en5MS@&e9k%-DUaLa;mzJ4v7Ha`;=xJc!_^G`#~jOFeTak7yW4JJZQ$ zB6ju9Qe*E?#AsTe=iF%c0jRS{2SCOtmXDHtTZQ!x#*B5Vhx-$LVW+ipmy^*GIpCx) z0k145B>gWRjXV?)Oq))!iUx52VK15`BKhNuT2l)dgDCf${ zR|sw9g$SLJ6g96sF;GxWX7+l(_Ugt^-a#&^o(s69uS8nMy4qRzlTr|XD$qLg`dT9r zs(x=Gz(7TP40*{kejVaZN?V7FGWBB!u9LWYxv5sO#@y|Ai!%;KpbyN{OKq_r<%G9y zbRReTM<&~UmP$ta&IgFQymi@4qoGpY+piTp39F$~&7bDxn7t}JO5=~wFs}TnJ4-MA zjVqX6G5CdW@sYJd#G8#ip`Usau2s2}A2dujZPfnq&+peJrW`Tti8txM42!mVmdFr> zy|zUanfy=PC&p9No~HHWdc0&x5}h}l_>#C;GnrebP%jok=FJKJH{s1?ywB$Sxs!7Y z{^Qu6YM*;YM3xJ-#1QcPN*Yp|B@Soz$|wHVIQ`R%<+#aa>2m>HOV!OGhFk3kk2UN( zV4WKLS-ls@oW_R#iPQN11?Jy>n!8x2n{N$Gbx1Sg^vyk2pj@bN-o(7}Ky<5wT`TKZ zu%HO~FKSuWk=P^RVZ+r-js?DZWZIO38i{c23@L@%)r>e77@MTeb$wW{(C=BU%1y7F z=x*7sw{hmk9C)dUma?ToAzyK(bYl`dSSw0Gz4W~dZHU*EV6j&PCc?HI6M7au^iFey zWzSM@+G_8VJB@B>luJ!@qra>z;!XyC!)OJ3lzMFjNY~yQn{rA@?W^W^t!k~ z;n--(THe3acJ*_T`d|pTvb4^d8dTrSmzTk0*8Nn!%g^|-HfzUUKO=qrg zD%NeqzvTr;&Er9c1_Cu)^dh;HhMCQ#9VgV7E+~B-TsUl8cs1uHTIL%~S-`T8PP3!t zh3e~1N`p#1ZIegGXLdmOeku+@bd42}N=4OauJ~;6V|X|>#R|v?WV_9Y9|mG!A~Mqz z)d&zz(O`t4h-&Abx@Fc$zA0+DO&n8TIO4f2o}E0?t{_3uNVRr-_V2FmsJ|8<#>s-$ zO#%J+0J z3|bTl@+S>35LatOU3&>E`9hLY?<{{!xV0Mrn-2an6YWOq_=XeqcSD( zZ=Jx*Ldb=dNQZzCR{aJdB*kh^Q2~*};plNpVc_v6@2vf#BpDqx5=Gx)9@-alW4VPt ziPeb4apg|i6ZlsSuO+fap{G+CrrU$s(;B*L1P!t+t#!Xve(R3FOj?~S;pU~A(KY%c zGVIRK#Qq!-8>KMvrBVIPoSn~venz|EL+Qhi$fItK&s^kO4C2N#mC*wR&Z-jD^qI3h zS%>e?FlL#*m}i$Pi;n1+#&x?kcl!?2lhr)Q@9udm3ub zG(W=jfnxN^gEJpSqbqjLdxr64V{*7|bS*NU7Qum`2uNSMKbdS18)@Eqt&eO|Tl{!H zHD>xl&YT_)igf{D zZO85!*VlYGWK5f}6O_*VW0wi^Uh?If~r>zBC|Qu=mN zQ~hBYcYYbV!zsk%qs0IZJ0!9fDs*SA`l6@<;cNYqlQ599-AGG2yha+<>&!0B=?JTh z;|;r85=KDE&XS&zcBku;=3d|j3WC4JOivVz5d@KYoW5~219bfzyEjQjS?b$TTbHA^jZzpBCiWI?Z@Y*nAf^Fu+B z4xg>p0||$CKIFnnN%#6Y`>wlKaWx~m60XHG!5P`f#gLIQ27!Wi4HQc3+T!t6QCiP6Tk8F4VG87YmV9*GU4>aYyt6^rwgcb-xD1!LMmY!0hmz41(R z%#DZpGy-bqSp6$BH$+&eZb%k5279qgs>&+O}6LFN8VKsi{(hFGM*whGPe(F1DH1)rph*Y*7WUtiPoD? z&9`M3rXLQ_PlH$pKtb|FSi{0F!#2(GN)m@9m+A>LZhMREJe4f zXl$YBeLy>;w}HM$S2 zfCtBcUKpc$vf+M(u@biii&)7T#t?iN2e=^p4uq-BvaTZQ`hwh5b}|KMsai9zF+qY2 ztE^f0K&(7gu}N&Ea4re$iW?T4*Xn{ZJ0f~z0{X5jgt;%bn?1{uu1w7HVrWOwOJDbk zyJM`bunf*i(ja2P8j}S?rN>P4f(+xS`Pug@93 z_TXE1$Qpci%T52R;}IZH4B*{q@Qfad+jN=Y9qqT4|9t6vP1uLg&d@9U@ebFY9(!N+ zZ?yn^?-pLrd3f&}Qm-D^$7_cGiN*YRh(Ruh{JD@m`%sBo=Cap618&BG=JEtzAGXISmBl8(D;0M40EyQd~}6JdF?r_#Fy6vG4#?!z{IKD*=Dx6LB~ zgSYn>mF-|wQIEYS%|(S3cZ|a^0|xd#^wttj zfU|0^)MN1W6VKG3_x0DM+l-Z8L`kuGQ?>FabZCix+FpW`2j5NEsn9cfQ3F-G%b)oH zWWa&N?mJ!9+jNhq1#9AwS2|LCsZqtdhr%<}QX$El(#uK8Rcbr2TVD^0p?I!|->A~1 z*{s#5!oAfwi`!FGYs7AEd`C?OC%fa$v);nF3$I}2(W&9T?bgF zt<%1dkU)f<+=X3HB0b+}vOp|QrguG+h{oi)1Q>JBqjtI33O=tiN^Z%lG^DeuT^zy= zAmD-risD&LX=J?FKAG9Hy%v7LEKX*A(Z+ln1V**CRe_%UGSZ_@$iMPh(?v74LD^&u z7#BqNoFIQU5=zxE&bo<}U}g^)H}$1JeNjH?6|H~@<1Zn?Ud3MJ$FVTuC?H;c_%3lj zy|MjqSNF#?D>B!B|Gw|8fH909DInxGmrcqF$k{cv6G@&)oR;ajNuPgldreC33KM(T7;j`4grNAN}EqG(2FOQ*;_K6dy8=&m6CqT zka|4Z-dcQC-J4rw(Uk%6sG+)JdS zU?af`hB&kASDb~H*IqURd&}linW3aBI^dbB4A-RyeUmY5@b{q(h_2kk>L9Gk=S&y! zaYR_{86QHI^meIQvm@RVJ3xM^DMO~M9ihkau=H!N$cKqLXQCenNmuDhProG>@gt&% zb%T8DNy=%*v)x|0nJg8XzfqoIgt=~4$C1hsCE19`oU|;(Leu#!?e&RnlJ~UD#pi0y zg_*25O$ATfVUl&IY2O9D)DpILhK-th#*!b8kXu4>H{K6*Y757QvT15>^xZKvjpshe zK7!Tb@jL3f4%InDO+r^SGofF$b>-g7PscC8B{aGOYcfrG?^mny4I+5yFEU5oijA+FDdcu{yuJ^B#R2c;6WqgsUk?x*94nN(`M0e) zk270V0#-Bx_6_ij{x0r}LLqfJt`eb0xucxqgQ9QlfSxuSea>Y2RFd-?{CqYZda^&{R{oUTgqvA{Z;O!o)JP63`01eKwTWa}f*kTsIPwUGWun31q z9ZSS62KM*vR1e`QOh75+yB#Remkv+{9UJ#6SA;Bz@WevNYwt-Gb4Zwt<)?U&~ zWQ<=oUUL?={LuDh`RH`_am%h?5MUpd%i*QCN?PMa$~oZ*o*K@tV2SEJwnLB9#ptYYLq|)}#eCj6 zULgTU$|K3@EtOPi`{5Mji*k~5C3d07AUtY7eT)gJ9r^!;jX1aUU#fWW@Mxco^MdCjqiTWUa@J#onduf?EZ==K=4_cFnZrs5i_Ik1} z2o}LobF?T;rs>E*jEYKa@5Zdvne>|X#Dr%cCxsr9wFQ!GyYRUpH1gWI)aPjzHDu48 zUNHT^i-UJ?;@~_X^VhGxy2$pI4cq$QvI~DVhurz|`C;L0&l_m;LR9^3`*!0;WYY`r zBbquMiJap#XHN#}$wRDQ$7fpa|3Nl&{y{d`gVis4!K5a*GB}U+@eLDmbS%8!NBjXz zkUV+k%;)#{gYCWB2t{COdZZOwGniZnrttPfu_Uy;vUJI)&}tI?7?kFRUtwkgBA1qISkKO&Vb^zGVs;Y@)A(ayDTh{M8HwM zIDww~dX@p?llp1y+jN7PHMFKcCE)yk!}u@c(q-tkPMt-oMfL^NOz0hxF0`g*n5_TR zkehl4=|9<{ggNR3uoI&fJn_TvN4Y~|&aYx#QpyQwdcBgogH!E4C1krTHf#Q_4y}{A zJTK6^9J}15qvU>3bi1|`;yHI3RtvLYS#;>l(1LI9sX_+u51@HPIR&RD7&-00wyos6wOvZ@papxE> za6AHVCrOg5r9FKmNZ0m;B2YUAW*xdVtX@&Rr1o493nre6%g?(*Od(s~=;ypA#0p)A zi#bPbOxd;^<8ZGh*G6#s9|@BA`(rx)cs&rSoQ{7QNlCDlQ>bfVQTDu3SXFcqa9dTa zac9pX+s^~JEr)*rL;oqe_Wz4{0)ZjdJO36K>Ipt8XT()~i|`?7ZM7~x{%dTSl>bj! zwKp-q*PjI%qVr~F9p2dy?TFoXA6${s6Osx@;fuIU(w?7%-p!7r>qt#C|B&>n64B>O z4?fiZYRMDBmq;0Q8A;+giRNKd(D*Q+2aN43OozkL`A$g!FI>Tb60Tqsfq}Z$ME?9O zeE3JP3oRAd0-fx(=5Y|ZQ>Rrk0S@jkf_i|?s$}2ETGDN_8}0MegHO0r^ix#0nz%707Gcm%Us%B^@{>3Qz7k z*y11GNKV;*Ums&spFL8+3PLbH{DkM==p~zy`RDqS$%e0?EKkpd%;hYAc*@B^ur$hH z`6aYw$8m^QJ&pR0FuhK1#Sn6^?_hHlKheonyFoE*!tKd44Ks)(CH@^M%25JEg3^Ks zvpnlCiOH=NLJyMO%D4ALZF1NdSNDh7!Ui<9bKhJL=TIzP0N4Hw zOFDI>e5W9n$q|?wLVX3xKH~?K!Q~Ag{N#sba!zrhd6Fq5)($9{9 z{Se>!?qb*zOScQ+A-ada$ol9sz!Iu#mIFIJ2=XlP$Bi~RSRM}QEXzMW#v zqmNA;|31vXD;K6h)_UZJpu))a-^iD5%7~(F^{%X=>|!5{y$e226szYJNc;X;upGNa zd2y39Z1YuyBM77n7Zsn){0;bEvmSb~A@;oR=Zz3*qi79X*G-FVg8TjZt#84yf|Ebj zJ)ckWzWY);v!V4T2Y7x1yt^m8la3-jc>?xCW2*1186sCMON;yDEcSwRj=&5AWD6J0%nA04jQnrT z1pJNMT_?c!B=iiannKF#s*l3I9MvSJs!u$hp7)u;=7)FvZ9|UQ;0LT_;sJCz4{-9| zZSlOvIOQb3Zw@nRf)RxQW@c z|Ms`mftL^PQ|Xz#yrFJufv=%-l#!aGVnz;6`q5*ocJ=NCS5}Kcr~q3lRMdQ zy8Xc5bmEa<>05xpC2LH%fX%2nMPq2OE~A_gW`c`EbJw?-iH zxuaoEm!aoRGf=O}oLx3(=IpSFfygglMea}WZ|Tp&1LbT9pRUeZoeGT(k4+=@5||d- zn4c-F`*G@JVIF#pKkpPRUmF^l$_j0XTt0C737NX`2<;HoQp_49)2A>8iG#2k`usdD zKSkwBCQs)cF~>eO<3X5$Ys~Fw;)xM6>|1pK-aTUH#%91iz!s~Wox*3&dJuz3GN4l- zlu8CWKXRPilq;tNG{=9D7I`sQAIYB4`P3MZ2!207sS_ATjvZ z@yL@GirF?~T#mTdpDU6t_lqPJdia)L5U7!Yf|`!Fgt^%`7HNrIPf8DbjPnuo^xqB$ zzl0l{crF}fYu@rI=>0D9*b!~nL+Im74~Q3d@+P{h8d3CsA9wxg`?Ib5FV8HrcqbY^ zKivY!k;>o65yu)15(*>owtCAXv{+al*yPFXvN=ov?q;InKepXD>7SA8oTXUFbSKe7~=fepvaVjX3YM zHmjWb+2T()u*3xyVSO*gs<-MG$a9MOF?iZJ(JfdEIrBwwvFnvCYc29IrlVY2)E`5J zG>DOSS}gw-wfcLbkfS`2m(2spsce#J9>!+raj5|b_c%NkuBzeRoV@d7$mhCuFf8Pi zop27osd&;Q9pDDkh>64Zu6;T}u9Z~UViGRiYo?xr zydCs;dq)|pR5n$j3g^7T9A?Octvk-sJi{n|pA|Z(d>!pIIdBdQ+h59yRQ_~c={QKf zM3-}b>)|k}g+o?X^My`C{!8c#LUL$clhY$h9AQ+)v z;BOm_5A(&}mT?*zu3>CA!lh1(#_Hh6VnyDWj|;qn`D$1Bner&KC{tOMk8uw`Jc#{DTmuLX;u=BbBHA-7Q|>DdTef_w z3fZVzg&Izoo(7OUrZkKaR|j%WUbnD#NO>^=t$9BRZ?ZIrR2Z-5^oP}T^6<8ktZ(kP zwj(E=O`IF-TVyk?)~9(KwXItbM<{(*nin7kDeDbHe5&*RSIO>OeGFGbk%2 z;-bm5a>|nNpJxINO=FHa*WJkpVn4&K*RC|pmhkYfbv3-8fd{da)XvnjiDVVj;Fpwt z7{~$I_j8pEG}L07xQ8Td@LI?HRgFjnIZxVK?y%wZN0^za98xL$r;-Pys`ooS8@WtV zP@Zx#@dp*~ad{4qS$2Yc=QZFYQy}Np&d#ot(XX9xXa?}^2S$Z%wO83xMxWR!i1F0l zMKQ63F#Y%Y4Fp&6#U$1*bmT zu}kQ;y(eORyD^dP+?w;VA};Qul>+McH^JTUTNT4y{r%(Gv=KxGf+z$cLeQ3v*m>D8 zpwy4M18-{oZNmY3hdvtacBNMMzg9LEP`CwafqNK<-h7~g4^6C}(0Uw!wtO*kQ z1{idUcCd&2`bOLSC+xJU^^vD(B)g1Xou~K&V%Rj&+N4`#w(`~7w#Mg2z0wY}lGbM>g7^NRyu9ouC@)vAtk%yEqqt?Wz(p<~ z0ggP_nR#}&O*}_)X$LDg6Bm#~3r&a4;%S$x`k7LNEIN+RF_EHu8q%L1<)SZs+i~`Q zy9^>0_uI`EyaUS~^Dld7PkA-ogTOQf_aH=W7Ys5+;l>zM7kNJ!9~?xt3bjw%=*~i| z6SY6=7CfOs)aOaJ%sYKNdI704wEUT2EmQf-OX>@AOT_qu*QKh1GB!5Khck|Y=h0B1C*k2Ki{dqWp_5;Ju=qq6wiK^DC9=;>^7tjLT zw9Jke))C7GV3#e$df0zX7B@Qv%MzQ-gW+3l9q7WVZRjPAEX^WJ5bpt$^o%pHfOIEHbiiQKEAHZ4~C=T@WR?QQrG-NgYq&=W%e0!vp2^Bl-*T11~hwSnkQX z--8|2@duQ(MKts^muG7l{4ZFUgR0uN-GEOEF&Bl+H1P_MS2=(oSPmsQA%ej*4&B(< za04c|1qUUbq)@85@IV%TxNdEBis}>C8KK?7_Yw9+ySpnU~<8V~7p-h^KqH`|RT?+tScZ zia~gz1L1fEbU`Hyx{}TOkvX*r;S%qf^z-PznRYYtEjRiPYE(uW-#MvyZ!7M^?DF2B zD~~{UaiDA~U*7MiZLBNSug`c|bX)j(^DCV9#^!w*T58avQc7x_HS%Pssy}sRkb+z#owg%?nQTH=XE%YcpLAI(Hkr~87;Ynu36;C|i`nhVme zebcM{edk3ROKUJ>EpB{@Ic@3a-W}B8!)haN_yd0FIAl1B-v|h$`lYMvYr>ka+1_}a zszJ}FRS1ugk$4C5z%T91iB2U`?crYl2v3X&61v_b8svrFuO6y`$KK5yevOlCtnr<6 zQvL=_4s%)ZN`|N62B|OaNBJPt4ysuR#B@DsVP74zrVYj<(2-tzz9a=OGf-~eqKLl! z(NrvdZ`C}jDlB^*q+7A$qeObLy!$pbr-RNn(EK^;uE>K z(1vNz5T@^Ta1Du0+WTKr?R0msoIt&s1CAayNZ^b^3>uEg9mxT}(Z`j);(xf){(YuxgoPTap8o=R2K=q8%Cxp4k2w2|-Xh5wXUjbz_I2!EC>uR~#lm); ztS?lI;%1_KX!0^xrePV1WXglxWaSMH|I1enKqce>+>0E=eM__Z2dDUZi<4C<34D4t zG;gHxOu2T%FqtuJ=K>2wj$Z8L`;WN4plw2vBM==w4C8Klbt;&n#(OX&CQWPm??o$naGM)ZWjpUILw#OH^+OJBx6Vc0vHp` z$bw0^WRYt>Wv=es7_QiKv^%Iqc|CgJcFef@sofl2QuZB~)pd*FJQP zoH@@uXw^KUb=qEFO1=!j{ss-Xt9888zxtzaJ+seklB&_!c=Y!&^)8d9q%!rTx~6{=aQCn$ z6>$GoL;nlL=nJlk8^sXHmRh46U1?Tf2iRZ^~a=;$J4`scXW@e3FGU z{2bc^scP4NwIp-oxD;@-|HTW--OA+rXwioHVhY|nPU=NeNXEnuf>h7U(<=X{(mywF zSf$^!=MUq9ScNwOY1w)mN|#t4&$oHW1&Ks$gcd~u1)fK-7}}X9Z2Fz)kUd*!;Z$-1 zN!vNLudV2lpY5v1x${Ih?tmr(&!o{2T9Mu%i|bi3+WQyIPBU4aTvxi^tQZsDaOE=( zPBhr%?4{>73(envr_OzoyioR}+rK$H=(|uO=={6Og7o@ZlFPzq!CR82!lAykzKY~O z@SmT@|A2|fi>lA^_#>5|J*mS!$0pY4JoaC%=>d+o{OvhoCnPc z03NxUVXp`!L$2^sK>K0*+?G$=?v*w7Tyk7UG|?*$To4)&TAqm#x(rXUa1z{FOv`dp zFtiu1Ny-6B_+JiHxGoqHc~{?A5VSMs(tFdM^-8sQ{-q9*O5x|dcd04N;)w4%Qf7U5x$*I$>*(9n!kK?#DQyFOLO>au>TiTc&z+@iWfF?p0>-y$uM z=HA7oEs|0fe8Y$Agf2s+>BO4FjJ(o81*~(^9|~B~nyF?GX9xT&s2)pYdLigkT3b^7 z7Bn-cR(&UQd>4HleD|c@3B@V`lVBlE)R*$$D?8qVqzabpX`=qz{i6rHUZ=aa8LSjt zTTu@jbA8-j-3|bK@9wBPd%3mKqmd3)`9B3#`B&WOoUu!`N}ATEeK=7&a363ic~*@S zvPzVmo>xNM-SGGEN9kBy3MhF)B)~o9bRAoE#u9?}OA<}AAvo0FW#h-a9(@N4pUXmZ zAK8Arv$gdZhHxvKS(n>@K_GDdOF}W; zAjBF8O0ojT@wlijN7m7|hF@s(AL1y?&XApx15lA=@V=w3P=w=hmVs7~BV;abVRreRl z4FC~!OQ^KX%QRC24Zq_2Kps19j0|PC`--g@AbNc|E0d?N-k7lHGdjbLf9ODem!fBo zWqs$fsGr-h1}UC_I0aX@@>YBcs_Lfb)n)muK`2(oe>-iOXZOnJ9qx?Bqo&V2ZgQ+z z>wDohT5(p6qkWplS2S5@Xx%=bY}PGauzhsm!M&N_;nBjzV< zI_I&%7NKNZHz?UC$eOnw65|<%11}~xSe~PChbw<L}{=~ktLB4H5$WFdR602{agR@`U|vsZgY{09q*Mt`Gn2Kyal9v@9s2Exwf)FCOGydX zovXrRyeVG|Y55(0uLaUM^N-pZuce0opfR z?VxtiyC_vj;No(m)mYxJO%sQiI)1yxU*-;0zO}7yHcSXlS`fF!@5H356i6g-0YgKi zye_+Z5Vd^Bs)L{n-vFe(F3Dy~N)DLzU!7UtTM*D@+<*e!s55X#O5?Ge)MkL1xc5Qo zanCC+%y4JdwX@#CR=mTvdWtY;SkUDl+d-vAsv<#J=Snl*u0n#bxN;~_#|#6d*VPej zxVdraT3xNnwip4>TuRTy>5F4~3^nujn(b{I&)}d-Q$7XJBFzH2in9@3t22OQZOFjt z3}M~J&d432+A!%3-CnI0|MCfvJl*gk47EQ86J2-^-P4*y=;S8)O!{e>&Fz#Y&ka(y z>dB(pns4dfz$qW!+I%+6Gt?lWjl+L`HV6&S|C+{T5wopMDb)1pzNTF-Vdiun%`4D1 zV+9=neDC*lnOIWpMF8{JZl;L+94GldtnQToK(v z$P&Gd%{gOEPsfw)bz^LQfl{@A%WHivICom0C_9akPDCnaPrA!Xp!04d_ z{K;lBJwX&)WC67UFKGjlHSMvvC+4lgaGm(r8V zcTrz$U~8`My|qa=UTRH;T68_&yYkd6>&)vil{0!W)sNBU8M-YWL6Q24^Ok87gqfXd zO$FOfZ#GwS5vE;~^=0ih|Fj1}7Hi~Z6<2l<2Vcqy27}fgeT3|PAIx8?n@M^{OxZoF zy!o9BwQ7a)m;d?hQ(Iq!r7b20h2I|37xhEyc+$86Jyw>lrJ);(ZPy)pg=?>evj^8t zjnHbeyl!RsSoK)GjO4zdSdQJF!EFF}w=A2Yq-rR2HG)z3$-85#Z|^QU$vE7rUDF>- zc&wjaCxVxVn`Zp3pA}n}_ES-7?D=zGUei3*ZVD11?25f(;(K8O& zHk&KHWfG}E77x}pQ@(g8OL@GdzroBT-yBp}N}=eylA%=i%IRCq9!cD;1B%--lqe?G zN3|O=N$wBDp!-AB(i7&jy5aLJ{3Mr$NYLfMe(hklMEAfSsro|U8~hLNMd~pl34%SqxZ4<|Mi9_Xa|!k2viDPy4^dY=As#%J%YR` z&sHv$69_e^mW?T{DX6GYUsk}bj%bTls;axo<#$J>rtEQA=q(m$_Kti zgnM)_p=>Z55nA{$q`7;`EqRPi_@c!4#ZJ$(z2Ojs*`L=t7pf?Nl2{r=r!;xYI?5+X zFWimIyj}Bc&U>=9<5iNWw<$InqD;hN-=1Kw7}^&$$7GT>ciX%XAPb&&23u&0OjzDF z#B4qrf5psv(_xYslVEtG{nMG!H=hNHif*^a__-V>14p*AORg+bxTr`2!v~AKcNM%I zj93p>D6%c`JXD$9H_Lc1pK~gS%J7?+ih9l2oxkif1r+w|3k6K5|9%-1mo7F@x(_#M z$3Ba4y7|kRL?Iw9es14bz#5-8%~e!1Y6y0bo6%t7r<_I{Q8PP&XyPB8m1Cxf{-a^J z1NP8a^iSxnM#p!uXOYiHoPcNB@w1gxw4il^nX^-fCULf{r{Pj_KLeA4{du!zpP$t% z3PlrO`*TY^t+urT*6)27$2u=o6$y|Pr<-jr#3lV_NgvN_l7(%4AHErQrEoOx zF-hMq{^?8h|3=ILSyfn`sd!SY#Gj4 z17=@Fk5El)2tap;Kd6IbgJu)p=gL@VOZm!I8-kcaxEVkt)IMJ) z7#)qNT(Dde>R}XCDQOrDtUwa0i$_NCavd_sS1j>ZfmBr`_FhAY&J+5d`_YUF-oo*% zNzaDQ=lMI8zQg(|(i6%*MkKSa%XkpN z=cwcgBf!DK(~coL2&-G6DrBi@E=pYk$M-pE3`$MaKf=K1++A-D#%9}>qx=fW;Q>^z z*}dN@IXy<1zA2IK`SK-%GIA_lTm6Fgc-=!rfovy({)m0&kI_Vanj(1$L2)8azdA8n ztln$md>IwXstkGRTjS5EG^E#0tA`8uD=c|xM8EMxI10lsVbd`rgD!rgMhx=8?lo^i zle`Jv!)?V%>t~}-AJ2%kbxD|>6>ofqSY2-#aVif`!umDmV-ny*p3>&69@E0_kZv?E zQCgSxi5lm5K-?QFa7Bg-Q?PrT3p#M5m?-R=-Ro4j$q$u?+Ve@K4&(?rcu%&N0u`y> ze1>^?*IRr#hDin~ZFs`30bHoiS6Hu3aGCB@J{YbZvkXYoy)cjfC7Op%Pd4~<^jBZu zM)gS!+;A?dc`)t2PW=dq_d|j?j=}=e$SqI1n+fWnOU*A%6)q$g>Jy2b*t&EmKhnOi zz$&{l*8Nz_5Skq^_*_c$lN&r}|0yj!RIU3#$N#=}fZR(0T2^Ziq~I zRm3o#%UdsEy*~PUBf11nupf4*eOWy_8Z1|OJM#80bxWh>2+v>B^GP!QN zvkrfdH5s^sM!$^)H|{|Iz14C=uvyaXMuiLTULPu-fiHFM-gVJ; zFJi$oge)v7j4w?5~?+zB}lZ<$i*3<(xw_kI5q zMTU8jXRKBBwv_qc=eWC&kfEr6iPiB-14%ohcV+tPQGDOtx{nlg?I+kaKas9mbFbRL zEvs}aV38s2pQ*es3|1M zQ%vbomZIXz4rDX0b1YNZZoG^`N_(_uyBVGcBX-uE(9wV4Hf!=YSzP~c4j9pO}%xbuIY(%(s*F5xc0pr_ZSwU>D_y!|$WRzLdWC&DVtbtRRoj zt|4zjrggbt8~cyw{nd7b9qO@8I*_V3W$1-^uWQAvi9zu3?R>Qn1{Gh3E+Act3m9<6 z`mC1LY8e;mC-C@;I~IPE*$$$Q!H@Mrm*76ZOwW6q(416Vl!K5=|Z@0CdH0=;?uCn`vvPu*$A=6f>K87oDLHBJ8Bi;Q2CcP|NL~O`u>86kDt4WRnW-VrxM__;hE}zWdJwuF zGx5H4`)dfYRsOzxw{nzDT<)H)B3M7MCTqa~e(af_m{b@HjO`3;&MOUVo`HHt@ms@I zsn<(A2;zvlP?ClYd?AISn`8$NUV4eWbzQ)=6Vb=rR*JQ`@s1r_X5P3J1Xz6J?gf)I zTr4ziATcQC)_PxTb5?As4)fy&+*i6#*ty9f0cEcg(+IN)wgjg*(49Q0e!NV$f!%}3)9}C$wZGaBi*4;-GgZSXkMj&AL`^@x$$0I z42V~Hvg@)~vZwvhGna$F^zsdAh+=|uUBu@AFfK1Z82sE%(6Ry!#vG^P6y6Ykc2T~< zg?(WfA2On|70yXMg6+jSl#rF&r52nL^Ik1Bfl_#n!wzfpH@W6%gFm{T6iH{cYqAQfx*XqMpul zJVwRFq`9YZc7o;*@2sc5e<{bm2draFz{-*KQI%aYkO2IK6wiLk12sZDrL??XNyd>C!76`OJ2BFRQc^(8NCj^4*L6d zNM>@nCdi2v3Fl7`{mdH|$7k{<+?teH9!BymZ(p06oS+D$I3AhG;f`2?JMPphmlKN# zL6F@FOuW+Gt5RT?dQc0T2sBP`A4~5G0Ha?b8^?cRR#Ia@;^unhRL(L%dT`lfw z?8`Zo(IOINE6qSFE+SC~tZDkyCN4W%mRU=ww)A+M{7M&QAyV^tA0ikzHUi$N=zm-f zr31o=I0JcN8|}!CaQ1;Ky|e7f4{?D%>jxIBh+CM3!64<*mR)9vgwWcK)o77=j+r=AIeBb^vyE9+z?Hn8=#y&14 zTZnbeT8!drHA-?7U|&mqe^kXYoe#+@qd0`^XO02aZ#H!0!j;)OwjDW=$m{7uf14j* znY(>iPU{!<=zg1ozfGKHTf@PTwCD0Pdj59Wf~qJGgh3vf`EdP>na?mF^&d=6MJ9qi zL^!l#YPXvnUCu*1suJBm8PV|8?03p%-YJ)au|Sw88RhIalCn)`#k{X4#k}mKcPge} zdz;btOKoUEEy{e^FI}a2*OIm4vNO#R2(d7Q8R{e1;8AJo;@<{sE%-rm;VU!j4cl66)L-K-kiK=vQ+dvc)Jr!q`L=A zO!(sfQ~L~cneDNM6WU@MqL6u6ycki6j@dWF^c-6|%>N#@mdH;Cgc)!$x8G_icGOsohRIV*!tEa^L1Ss5|`0n;P}rM1(i zdGpqFf<3gx?}xKiTfezx(HPL+&leaz-DYaf8YL-eyCf(6V2GKi5_Y?Gf*7!@G9=Oz z$WeMQe#;S<`gF#mZd5C*3vuyuY>C1-Ymqm4KMgpH+o+9_YL-V`JBJz!)E!L?oj1PR z??Xmv;lC9}V!jEou~l!Tuvd+mIet{eMZ~?#uZn7T8}mZ<5cvAI#MRvKo;ozw{Zel!0De-^nB2i(2i3_omG7gF- z7C2g{>-SGTqc&1xt&>#4NjuO;CPke48?q|`+6Lj*#V{o;bH13Sun0WyfkH4dZi4Ao zh9mrk^?B~&NERwOE0qCZ15z`j#oRsFSO~G#3QN_r>NXC^;5@MU0+cl#tW=};(w4Ew z!3(`QOn8@PsvYi3%VxkLqPb7`EmGodPAgOFgvKb-@x$k4Tk&Tt^W}5f`zO`dB?^ zLQ^QGRMxn1>BF6D0ynBZEK+l`(A6kaVqpt2%YaZ5kaTMnFV&oQUvpU%KG?XK6ODY3 z=9cP4z|AaJK4=2i^JM6$vestRSG<>>)9T#_5B#z1=iK!H&21Fy@xj$mu=_ddvThPU z=(9&2!;@=UzL$N%x39b~!LP##$s3d^)qZsAp5K=@R=gGOiQBJw0&S)J$C{AS7>4y| z#62`-VumPk*Ozz#H8F$r{zA+QSWi^eaL;;(GXWz4@4n%6on+In>1kQn(s%f%t;kv! zEkh?1&|iluS5Jhy03`2uKW?(MN350e1Zewdp#m~0MGn_@AIQHwy?s3v%};<(bR6e8 z?np%uRnD+8kZKTnc)C+Rt7e!0}`MB^_6 z&hdHhtz{V8TAD=JkwsP^zHhewV(bFXS3QkaQJ6NH+W(EnqdTNJzyvz4pzP7(!>pJf%#P zasq;`ryWt4)|$9>261YO9&15+MGc~rWa{?XYa}MEt#hIRygTM~C*Msa9xNfWM|4C9 zIa02v11&i`xdra&UN3{qqU&Dwc+*#U;LgNczPf&+YjO`fU8{n@Yr^$I&+-`!m5FFr z{s>Co(-K?sz-`*?bOsWKPYQw`liE|t_nJn#)AL3>j&YptE@)Ylj z#WsS8wzzlxP3m|O3i$^;IRJ&NVauE2Kip3`GI2!`W&2$yMI~Cn>2$`^-m4e7g`^Gl zy1nb$v-PkQ4}>*vGyte9QIvmwmLqiFMQ6gillb-}5X=Gj2oGX5NJD<(GmlVdeb4p! zS;7f%E`aOeUDUCnA*PhGw|L6GlI9-!tfr{8*mEpSs^cH44qe5@ysI$8-@foYl{h@kBgx-Op?^Z96kNSY?@){WgAwkJ~~ci{>tFYrqfc zv5~wPd8P)+3dQgHPd{}+dfeq44&;gZv`BJy3rK(Zl?1-sR)s0OZU0UFl>HA~SP0Iv zQJ+n9=-OFF(R|Xf`j+2iI3P=0$_yxDsVg=vC}3z=RyTrBIKL@%P{lbKJ0?pJDS{VA z9FsGA#1U@v?wn~F`QZRgOc&pxbud*kcKx+*-K3GSZacN)JK#-Oqm%qLW@O~q;3y&C zWA$wC2WrX8mLXLh>KnZ+E^;0oYpcV|OfoZGRi8Os7YQ>Cxjy+eabM)rNibJN8eYKz z8UMLTqo?ir=b6q8U1}-5A+odUUg;+t43{a}Q!;+qFrwjUAXj6ueh(Rtnz-sV4EPE( zK3Tpuf);#Wd6-ki%4~`99@BoKTYHYI406TvoDCb6pg%SpxKpOU#|$?i@vHt|H5||g zO8Z~@YDk>&FT@u*%tH4Dd5zq1zr2p>U?ya_^f_xlaL`F!wBlLKp$V#F{U3F7Uf=BD zFl1pYMs&B(A{b1d2W{|Ev>3gYp>@9tR{mqhvW^?HSyTt;cm8nH@wk}DXz6~VTProZOyI$LHx_w$>Wu`oT5C{=p-d;5g`+@eBRkH%{41h~pLIl`k1vWpjsV z^&Fa&y{nDl9p9@cvKcf3abP;MW)TS#e&;~1YA0WnDZ{lZ516t=4}Ug*V=7 zKq`0wC2FL-2{0}W504Mx4jdiqp^lc!P;M!*Jx|eq*RfGb-ZR{5O*5?p%nv)Ei+!&p zDh@6n@Vxy`a=pL8u^Wj8ZT$ggQXMW;m^$V_bQ@D|N9Z}j02u1s& zk6+0Zo=ao-#}uRk?GHX}lqX0iCU=<6Y|*EN-)mk29?#D;sJf`!m$c>Ze(ctYUECTy zJ@e2qc5!nPy+nYZm}iExz85cNtyGVaF5xdS{B5aq!e*6Lop*6Qwm{QbF);+(Hjv^^`92Ppz=8S|s%)9u%!J8 z(@zqu7rL{ed>x!`J-ByWCJsmvzX6&@L$BSA+wU)lcPsrqTUT(2=uCHInIyqb^9aY(YLK5n0a32ds0-%?{f=~gX^EzRZm&g z1#4{HxfC8JSKZ3(&Ls|mjg5)y)qH$qaM`@)xmeoPWNdlg9Ax1 z-kygMiRzO36%o7GE?Nifge*|tTII95vAPt>MW|f|2-hd$9{HgyAz_;f^Hc}KvWjoU z%u?8ln-Ub&fpOLUs&@)?SqQ$2xL(HA-M{L+Swjr}KrWvJeu_Ue^OZFFoh)$q3@@Z+ zOT!W6QmOm#HV~Qn?h14S>TiwMKW505r2~W{^aLa~WOUuLI-C7@z|3`Bz2xhx|36pg zK|r>ath>Fi)RZm>J2T;z@&vNgha8^N-5eQdrZ@X~`rCYQSad5HNKvn3JmjNduCogL zX-JMHMa;c0ZHX#WAO%Xv{mo1<*;$EWZj)EKPGBA-u>PW*#P1g^^jBs)>S}ZVruU&P zXm(@0L?3ZtJ4E}y>Z>>Z;t$B05H_v(;!i?P5!J*5T#B3+cyss$`uSFlTng8df$Vo` z>trzOP;X_412{^Dqa+O~%B@b}1@o;Mvv%4EGLMc*vyQ&y-5hQ+yVweq6tjcPo#x~? z~^+mtn(s)A5U;%)1qQtlXn3~MP`RaES`*M1dH=Wb>` zalIlowSNn+`Y3aad|tPP>>ql;X*sWM`=3EYBWn83AeVuq$nlzH9`t4mgr!Xp$aoak zj1;nVatNFJQP~~h1_tGU-yAj{ny=D2R1i+E^t-{X3_PD5^y&jKQ~sno-(-|1Jo`JQ zQ$AtQq(gymy_*|m(MqtZKMo(T3&<|fzLk|T&_|Hkd6QQCz9HsAqWx<9c1apZj)&~Z zQB<+l|E<* z++>pARheS1aKd9L7ATyZspHv)SFc+Fkc9Jdy`~rZS~i2Kx7PA>5V|(F!@heJ&%=6WpE+)-R5qy(IM?Q)ODlPIefvUTut%Vd;*qc`qDqd#n72 z)1?GuCpnm7YJ`Tbau)SViiQ1qAlFI}wT$n#DGpA=AJtp0UgdbjYD_h>f9<>S?*_?k z!AxE5-Uwe|1Ye5M=HlNA&y@oJ23csq16Is+D5A~ykp7b3t?xb8ycz`RHE*)}Z)3ko ztGO&UYV*)*klAp|@+G3Y3A5-y=Ziux=35OLEyC7B%G9=p)OKF0%cRUFpH~z2QE^uT z9+|D8oe(!#ECFL}%>1O7VEV^4LWxGI#Sq3KczcWxyd6o|a;KlqA<(N~w?++`U30^- z1{sA_*s#P#BQ4u<6Zrl(Xb2Jg8TLq|kQEq0|Be&(9F`j?E3KE{`Nm$-41Cn!MTSk} zb43#cN)XI(1pKHUrq7`J4GfK3ewe6ZIpw@G$frysv#q0RRGLr(TTO)JRxSLjt{Q|6 zT<)EztG(uheltWZC-v!5J7g1(1M8_%zu86O94l{ay8CBSzQ|Wzg{$~%FHz4vu13+^ zo`^XztGD+|nGyX%24xKQhe|N{M68`Hmdx99r*A}sV5=5DXY+25hrhb}vE^z|+9XCt^ped@FyY7{=mx;Xv1BN7;Tg|67!FrWO18*J&1WOzWlHzqdxTZ@y zLTuYR`BU+rmz@V_UN-GsH$6mu`hb3)P7G5sWl5VligL1nIHZ2mw$IR-c{RO`_IjY^ z)I{ZjYnzErr99|)8nBs3z^D!c%u4zMyq8ZEv?%l@=|9V_X*}WC{EUbO4?2@-u9QT8 zNA##FBlGIGN>O89ZQ_Ec%C#<-Z^IsBs?5pEJnE~&(qTKHF!yPTq;z(#xcs!USb zAxtmwV5i+uS0iON zU0F$_<~!ivwRnDft7+e7W~e-~cRZ+frr78C-8WB>v zRHjDmw@FXB`TKu?4mM+OK)fFoErzb~AW?@3WU?tHj{@r3r8(}0@7oPu*Q{P4jp`S+LI&ePpjzGv}(OixeNs^k6WQB~>>}cAfTM_t1X9 zcQ?l@TKuV9<*@wQbf;gK7I6QmfpcrnIOb%+2z=~{Vl8QyzdTLIDZ?HIGG-)SJwUp) z0Vbu4YlEcDRyRh)#8bO{cRP?W`eFBS0VE)`vfe zw#K!7dq6VBGkR{a+^i@WeGvmuWrsQ`*RN0|4b3o#x=b6T&HtEmo!K3knLn*Ya(gPW zs9mY`RiQEU+vdFYO4oi73-K!)#kJSC7kV{-^cfc6<6(03?-KOy4LAbb{x+&yNpO|u7R&?N+g8MV~{@fPB| zRPLUjepnUx3*g3do~Ma+86DejLT+DZd(D|`5>!d18NYd2g1-8`cu*EG4`h+g9MpFY zH_Lu!e?$hk8(xx)b@BbtR~A7H>5*5j#_QW=Pyja1OR|kka{j`Izqla{ta&q7zw-02l?K~_8Cz0HZt@goI+t_&i zU=rOkz)W4+4my#&Y!@?+F-W4XQzlota4lqT`yDQBumd-DGUjR_WaKWS>G`~S?LiyS zN)&!2Hj{KW@pJ(KnTWCY6rsLh=~-JoFulE^MyvD=y|q<&PDEKI=8bj)qVsu0k1tvk zbll5O#sGDO^DvDWCEsC@WRN%y+r6?dIw!z#UxE?cA{sQ)5RdPzQT%La3lRG#TVHXX z`S(_y*``95#1CMOnGp`39;u~E@Su0{LD?Z9e6eA5fZGUGr>WRK>)TDg3BuN~OCJsW zM(zYrDf8)@5?(frx7Fz`*CL>_tV=U0o4TGVLG0A9a2d|0E`9es^;UhSMArl;kZ-kg z9;bWl)otRWh6J9SOpQj5%i6l3>UuhnYdtX=6qZH9jch2(2xxcv6Z0%?UoWXWM=Odg z>d|H`m3f77><^Wq=+o`;=Ng-YgpuH?^M0v^$Y<>_utVh22cRJim4=r9q$g=ZK>F<& zY=<>d>>B@pdUu!b?KIA=OU$QXhS!nTtDSZXljXgJWLJwZfD*>ysT}( zL6La+4OF&vWbsA_bsrKFb zDwRPyQeB0&++6pY{SUqi+{>EL5#h2f+Y!lyL)Us6Lm4-7fkc1F_&v-7Y-G=CCnL{L zCTJ@Qr~qbt0hAdY?`Cnv1AO&Ac$9p0@@cUhG&+9nqZnSKJOM=OiB*@>bls8ZQW_cv zR}wjV?J43jvY8LMN-@@vR!2iFkz6Ayy$SFrQIrT80jAgFl+c;h9NUZELBj2s%7OJoyL_rb?*jpv=nTk=&rF?Lsz zuS-vQC$ZK>Uek>X*suh)JXRatyHJRFuDCtGCwJxjmXJX)@U$t zn;rK3TFio}t67{~lN`LEe{zlP*{ID1qP#y*5nV?zDcxkjIw!2(Q2F|rD_8G3A{r&R zux5mj!D{I_JU-I~_d^k3h%&Rbk^bxrEa`9>IW~8YmZ!0Y<&V*@t-)JWu3QF4jMR~$ z#7cybsu6lC3`raap&Qof!MpoJR>)vq@BuY5 z(kP7Bd+j93)IkThmiql7wpK}25zd%ZMkSQaj}S&r?Rjk-KL#zSxZNxCt>{w`a&X6? z!tbWYbI`@%x`*&Nn#1?D$JSZ1=t2h88-^E+IRjLo`G6i!oq|({_qPF9U68UYcH*Nf zwttT0S{ei}^fYp1I>-GA_Hl-*p42Z*&3~O$D4gJ^vmLzHBb$EJ{Ban+>R=)Hf$gqY zlt-iNmH5!Thm^Xuk3LC}X&qZWI}L^H+uVMG1Tj9?<@t-n6LuKlznZgc|j*nYgbFJ8*o?kd%RGWAkK@hZB{ zkEQSWhaawIXEouMn?wol31IjSyq(1a3$1Lo&2jn6V-DB79^yVg3@UU=sC>f;-;aYh z(XD-hY{ryrG&yaF30CqqJ2{5pSk|s{6aiqO7c+Sgo)!jVO9~a-m$O-gx&SlhRD=Zc z<_-Rn1|?#Csy4b;Z)KLthQl#QUQwqcI`8OnoeOc+UL@lc_Wf#8=`cdvLl{W}BI63P zR}NySjd?$de=n5cYWzDIDq(=hCufU8T$hKOjUt1P<{VWU|Y3Ut0c?U%-H-@-HtcfBq*`tD~5 zSyJ!59{O7?zQ)l3z_mS2r`X(YS_sq(dYh4|ik!phH-9N8xEYfyVfTL8v&e3vLxgL$ zY4CF;DT8^XM)WzU`p)qytQUfIAsO@H)7ygxdI+F1!vlzTzCie{WmI^x&wl)~NbH3v zs)6;%Pr7kxtN_LgMT*+hyrnGpd1E^4ni{Fy0R5^k-#Qu>>ZfEd+YVl&j3lOL0CEJsK0;7AdW4w84z2br)ZEb_RAaXAvim> z^N>%W>AM)_@G7vB0f7Pyreg(yk8cO-s<@hNqT}u%KwXeXY!Afw4p1}z%EF-#nmxf) zL*3Xd!}Hi9pIve+FWxUFZaQpKP7}bYJj@gn>-=ws&;JpiBjNaF$SEl~goStlyFYa< zy$SGuRHcCT(}aG)(`jqgOT;i){Jy#Z<0oS4%e0&t&53}(rZ*^W98z-gge^bXivNZ& z{T~Iaithom1ZrlD*D-JUj7=xty5aV>Z&c(PB!3Z1o;>-R*dl8tt@#fqOvZKP%KvOj z9(AJlFMdn#4JNPYAf5LmpzrLh$1DM=2*QUaM zGmLT^ezyJtqyvx+-u`3e7mNe{G4mg$k%j+&AvL$&;`%o!X{vJb?LU^qC-AP;zt^|I z243`!t6biqE&lfq%;9C?O`EhIe*R+!YH5aV|9zDa(MjWf z3?c35|E3!)2(ySLHVbHpr}Fg=<{fVVO2!9{j&t~LKUEFes<%ECc7`~44{$MCx{uPX@ywaN zR6z`n9u(yy1w*=*W;YX*+s6mRZprH|JH z7A_Kifg{g0lk5D1&>ol%*Uskv1E~iN&A;9@v2MfN}id~w8P@(K{a!!lzcj- z`YFYXaY|mX`>iWYUxs_VQ_8!|`%$#^iV;*i@trqx?rGnGsUp|$@g{%zeI%v4?;Q8s zd&r{v#$6t`93J=W7T%K>?ynNB9CSWYlle^b2qK0CB+7p${L)>CYW55$mW%yfQk1@|e5EGL?g*&H+V!`IRrc!}z_BhuC#)+3K6f?{Ty-z4X$ zro@lyc+pFrTGYn|NRWZQv77p7M{X?lh?ScU%j{^9)uNJdCTnVDFe+ zUc@o;``@|+|0kXUi#~js5m7F~cbZeTqDLY~aB_L&Dvn{nyPO(TU(sJnsut>$Pi~eA z>L86ZA2m>7KO)|AKI!gZS?lp;V{9IJx4yK^{AisdrPB0cBn(X()6A3 z51it7ZWgu(FfC;I9KI=%U69Mi89#>>$6$7>KyWuReK)krrEphup><=P@y7vpLe>V)`&)z2E!= z9r(d)pd3N#SHvI_YLDVJxqImzxrB){>SZr%9{}k>v<-VGPAe)f<&DuDM66Y+L&gL*1QHy-;S zq$Dh1L`+<(gTcR?T}d8E_o|CB`at*&Wzapzi*Jstv8RkxXjb@W!Ry?5$MZLpD5PCp ze_K!2=czuZQ%{w!qtN-C!rfiTLOam6_w>QiPqHFrxhR7^Kdq@)RVNHr z^VfP{UsNqDgSZ2^^^^xHQMTx^zObhlWHc<@&HOXT%8-BboQ9d|7$rSkHtNSf3yD++ ziS8A-KXnu(q~9h=iCDFVBQRS6Px63H;+5g3F0d;c!A0U^6s+cN`a!bBql=%d@iSf$ z^hM}yLrSn!n29b%dWz+id-C`H)y*0aBg-Toh}bu9<5OD@KN+n&9F2ni!W`;I;7|oj zbH4R@&ojC=`OOv(^enXb)Ie(^fvnj+}-QR zVj19qvH#L*&&{wX^f0b7RE6)sjGE|L=Z#G=cc&NMlCURE7h$z&A~gd3r4cuWoTeMp zkS-QS)R4C^gy)BXG%&mcUj9^^V3@IH{a%@t*D3gGHS;C=U7>LZm z0@n!B4u0$p(qNlBq{7tyxWOs0rJ$qQ6Vv_TWvLl%t>6?$gOaHBnX!wyaA~F4szv$p zXd;(qP!4iC)#T9nRYrG~a-}gR^6DRch!HHaaXUnlfh?fwxEoE-*Kw?1Q2&v6;NsXp z5g^N?RS%jeTxrVA$TdAASX$;xeC#$`K=jB{U(E0udo)#d>L50{Q)OhNVL$OWg+re^ zSvCInA=JK6XIi&barbN%|GJH6Ry_HE4lagmq{ zB7YlZi@0}U;K>#4SnJ!kM|sotn3%KpF;uWM>KoN9`?iqj$^si&9c~?mxn7&>g4Y0B zxGeo?yuQvmO5vxIAG3wcx|}b>OHW3!-DU;ss!p`D)>{~&7RC1Lh=8qA`Em4PpDV`I zustm_S6(vsuT|tD3mvvTbhwzfG}@ymHzOt%_>T>x-Pz5ErU-T7J^abaOU!Z{J;0oV z_sWFpNg+ixrzyJ_|NaIY`#R3gpAR04g$>^?r=UxAbB<2XyCT0c`@=X!O+#aB?X>u$ zHeEDXqje0gq*OCIE6X#?I((9lx*|4avB=a8d?8&r5aSit4b8tRMw9l865w(97c&l7xVRl#+x_bFaJI_5BAZ0TT{%O z_p#d1FQtf+^xK}8cz$j7TEh(OTJ-n~l5gh3=GKMn={2lwjvFksG03vSH)4@T4XN_Y zl_K=-wUnaw&wpgB=Mo!CCI*rN^b53KV{Ym z6`u~^rHo?VaeuK?+OU#eWsdXQ=O_m^!}3-07o9}NX)nZ8=|k}0N}tmq;@9u}K|e62 zSG|8p>9d}>#`{dEIR8P4{iT*Gk(Sm$g-jpsarZm&yGxt+POrM#f@<<5lV&sP{HhPX z5JgW+Cqb*@>FV?{TI#$uHKSU^#7i6ExJ=&#-js(@#{PV!@QoVc&88jNY9+(T_al-q zCg|}MDh`}VR8jjGpLL~U`Y2^tDV(r}i@VF(FbsUGbacmqqgrym@g=2Y;+B<=`te;C zW>Plg1)b!*c&KoL-ICp=dhdmv1=(73XT-{6qKdCwG1yi$ksVw;yG3Smwab`NomOs_ zDsG#%R!GEJOvo#yw{T`bFNL7U}%7-W6zQXrwc$ zkx91tdnl}ni8EULmrV~^+`XcpX(zp%L_EuKGx#OJYUqQzzuJ`;b03t5{2GQ&I{?oU zm1pQng7Ws;43-2@GRj=KwwBrXC$MX|fJnL{GjP)6Ch4z0`G0k}G`fC42Qe%UJ>TIE z2$_1G9WxR>o;tN*gD$)7^@7xKgUOY;wSDLNu!4=8?Vk@wDQ)zAspNiq*h0g~y`+4( zql9Nfl-!DLJu91n9%pU4M62nf5s5u36{^Pl0XS^oE+#mdC_pOEwoCqI$d)jt*4CE&OG-+BS~38?eu|UfK8iE7o1Q#s}JlHO=(+?j;d#t(+S{}^rK~XdGz4;eA^GLL?>%5H&>t6SUr0+wE+eB zHrs@wP~;gcEx3W)_>26pr}YW@ZDdw~N~7&Y5$AXihtJrz6+PxWAt>75gMqjaAmJll}U3PA3tH z&yr~t(kJ*uzMx9GxXOWsf@NjsIk9%AV|VeB{#Ot4$4%=fv6PTVZRVFiYeH7{WP0IC zjuPvVl&B0!tXB+-+q`EkkYq>Pok4>@pzuK{&CbD`=XW9sDw7LFD(5=+ppw!~&^j(| zO|VPvxQqjtu=3lFvNnHzbZ8;w9M%Yj#^^VAxrT*1PLt)`EHo35u4tPH#;fr8QW&{^ z;iu4%J zC9FXX5lJ$#>A9hz&vr?TR=ci9M_6|$h9JJC8C4dQnH?voZu#o4`qePuB&5O?B5JZOIOQ|t|$!=`JIgcuF+%Jz`X%qYLYC?^d z1`P`3r}wsx(H-I=tRUK(Tkg;?LMbc! zPo-m9yQHG&<+4@2u;}BK^WP<^w>XlvwHlrhGj93ie$X&@M8r5T2s5Ma;GZry?nHQ_}AB8=**%Z*3nSfh}9U4(L!7|g;zqlS5Gl(x8Js2Z!Pw8b&LZV z+;(sy5`>YJcUyeYuKC>Y-fMlA@#Wprg0#ph&Ah5X4jonHQKIl+O?@gyw+Yob^I0!4 z9P^ZtO5IoHT%{4U4Yqmqf_qJ&H!6Mu&?AnD2NQC$b0V)rY0eB~Z|GP8h_3rn04!>6 z@A`~hd@O$4zW@+Y_=ipxGB>wBqiS7ERAkQ*rvPl1T=jB&XhVbL78_zd;x<$N2LO)5 zqUUJPF=rs;lHj;6cQe+a8bEo)mDKVs@0F(1_tu`V;PwdW*;IY+(faS<{ol+U?RjzC zG4ks0cZv|#JA>B+;?=XO_Y>c~)#dr|{$`)?W97}i)>)hNKNhO#uEh(3*W$k?oswQ_ z7g=4g9(|Hhu^72jPeC@S`39_4zzj1m=OGLE#{-gl=@87t(aOzvidW4hdZQMaR3QFG z3ylH=5<2r_<)w{hIK?NTv2M?b8w{tP89FxtsM?v13e|fK!WPQY&wMorDS9tos|mJ7 zLWy5A2!7%Q^#>|BUa%*OUOHJX@zkDJ`Yhv7^q)t#t7;==n$;7t?S=&eqI=h9*Nl=V z7w4#*?uoHYw#bRoCEb>uw=JtzrnFew7GKh5>vinmcGp#5Ydt)cMyy(lU%q}V!5Qtw zWBkG=UPi!Q4p+50hBid$Q>8zlN1ERR^seSy#%v4tPHR3NEDXE)d;GNr>#l>5z?~pg8^6?of^}4eXNp z;Pi0BuacA8u3vqorkc!_ElVbtW_zLd9ebqIh!6HC`HRM;+rbS_KEo`Xy#Eb4%TBlZWDb z5oFwwmn!kKh27W8rz}r>*NjdxH^Jk}hACwPTq34mD(?&~YMeKXcvX{(FcXzwjXB=i zn{fF2(XZD)8l?&lzPPiYw*7pj_2KBJ#Y*JH;r^SfRW$08-KfVJpf)AW8`~PaXeE9@ zQgxo)-KqFRzc(~&%+dMJs2=8PMtAa;p|Qk72x%E6pNPiQf73bTppL}ZZxP;~xHYo* zL{d|hxHdfLuwX^)S&0u}TyRXUS*F=6cd?04CyfAQ^V^{?5pNz$q?uyfoobZXWhLrY zTF5wdS=+u{ZIbr4&uz2FmZz8%v5rjqavOvLEyPTnczFzcDYRegVY4?|XEX3kJdm9) zaSV;p!<_l<*wgi|Lpn4Ra#&-;$fpw2B@Q257$9}*P$i}PxA#+h(5*(B3!I?-&u2=g zlQM|faT!eJPr4`{8psPBPBIa~;lc7RJpqk9!m4F7mNt%h^2BZT67A&oQQS%EHSMgo zN%&L!B`CZ=kOsu8Hs?%nQI}d^Q+O^K3(J`xbgml*#|1_93NqWlYn(tl)j>52ycCxa zhrIT`KW;aXPqzvSSk@->c-=iXvSi-Iz0J05m&Fi4qABm1?AL9yy}+}tqs{wk@G|-i zV2g@3%vG%p3`x@N55R{QDnjqY!e$kCjY()~SnCP3I3#^^@xrAFJ_a`C<59GFde`PB zK>7tX`S=Ku3Vd3RGHzb5e?s*=7x;M6nB&A9y734m9Gs-g7ca*u{!H3eT3uZJHv+Na zLWV6Kl)^dc+%1dA<%$7jBWHf9 z@lPF*nheeMv~-Yzj$nFxQx<&lz!p%W4xXWLRQ4Nu{0NyLg&e~T9cwR+Oq@aex4FsW zpA1?;L49v`x3@l9kWtbPMUUD?kpD>BB_fsa=KWzL+G?%W|DD@AYunNCPVIX+fu&^A z3)0B74T6!xT#ei;p8{317-TeKhJ8SR$!>f%yV1VR_r5RFG;B5R;^^jBfb$GbP2K|Z zssV|B!_s(RJLKrFf|Ba#Cnkqi7JObh(;n;TyZVlFp>Y{^)fF+TW+K$5t@*NJRk(Zz z_TI_VOt-Rf``w!JnrmwmgR^tvZPu8(Dt0JBMDfj+7*epgbJye(?E|@&3`g0$5h4Bl zSM)3I1NK%WjQz;(miRQSbj7-#>!Q%E9SFqtRcJ6vNBeOe-Yt&dp=%w-sh{z68$AEo z7}{$@APu6cJbd?(Y-aEvMIo|wi9K+9!5Htt1{yUIeDt{!Ni&mI0Dl?>YhDnP ze&4Oo4@)=4F*CbJVdV@oP4>9|o&Q}z(4{cOv_}{}*?b+m7y6vtw@QlSMPdJ^KbJhT zcQCs1Y#~d(AE}3zTJ9o{Kll6+6wDD9tR&h9>wG3@eK_&zv%CB3UyICx)x|6^$T@ZKN&SX~m-LcMAnN<6(bCo9&7J;GPGR}T_(&ENVj9r81e4@n zzdTLk17s=Xhf`;{B#CaNc=3VHGl8%~vkO2Z%FK!LG1@Zr02+(`cjN!3v!PHF(r@$! zvev`uB4|0l{0siU<4N{;l*5%K0oszR4DaY)Gp`-{m?MhjKi1 z3eOSg1nx_x0FOdU;e$3-3G2lr)ZIkB6J@-& zPfxaUDz)WIO=$^2k|b;mEC=+3iD90RGk+OplCH?=d&5s)GpqEX6NaB$E)%$|z0V}` z0rr1AQwePT)+QrniDpyHL5g2`?-1OB)@m?p9YI$L2-$ks|Fyk?F?M>Kin2=bacg0| z-6TCEw}SG_VoItU9G@BTKa~Bi_pOWKA>qM128VLcWU~A{bM(Y_)VdjFQj;O|u}db7 z#yI7)97GWfbmk;-6Z1vzWD6eCdA$-(yoqTAe(E}0>T~XN{#12MdUsudE&IbHjm%X> z!S~kDE6!Y>6Cn?ANVOvgqIAYtZl+j#9y%%`VSkzYawQ9(Y}x#-pya_2lLk(AVaKt1 zh;t#ZZ=VGWeVWiL!ux01cF;KsMI7r^IgUl@g}6x))ZtZQL@TkoFo5L$$s+U%C{Clf z)gydW(J~#UlptfI2?MXDMp+MUT?qOvJX&%$xjIFLRT@LskO%X+l(Ffn{DUmp zP*?$|Ob(U**hv8MnUx=T4|o+mlecFo z6>r3I_bEHP0RSP|Fi4S&& zT1ZhoRPZu1qKxU1V@zm~Bp9%yV5O}2t(a1nzYHq?kg;Kff(#rte!%;4F>w?#*ZJ7% zcCI8YM{_`cUZ&@*+19_lo21XM@SsTa8N63QDo$WM{ZN_)FmZ1d7gb|wG|{9URaoDv z{ssZdJco35(`eJ4{DB)k{yOV<*&CFZyUKl{a9`sS;@ZF^nGWnszPH{&lGDl9yD6{x z2bF=vAHKUblA0KJtm7N@Nc*JGY)%0Qex8>?(64!R^|>hIP-x?i`DVwTgp(U;b+W+ ztyw1jk&tqc5*6?b&5~JZ!MG1Q%;~fOolQAcNUgdI_9#wU zZrcHAlhQAsUA3pvws2kBvabO9{;G1nnNNMtW1a}8w7lMF(7%$7cZ3W!z^>$f3Q?@{qJSN&UQ!(8j;vt}M!LAG=-;M;B|0h#|gt-fWE99$;q*So<0< z7gXi0XooY#GdOyp@z+|P7qMma70eYovxhwnsxg4HS5dk#aXDfSuRaZ`DbSy!ICqr| z#zJE}Wv4%_Wo%wjI3rZ!6Dx_^~Lm2U+zUJ$nXrI6#bqMH{%<`igVv}l1V zZnS~)eFalYjXDdF=#^2=NFKuLuTkVqh@t94T4lXboO$KSHnWPCr14GPcENOPIp)#( zi<&1$kTiz#AVfm43JmR1^8N(i<5_D#0PGv!@emZ*oJFnwUctxJ`*W zmD@(qMD5xB<%^a3(D>LMrMc;|vQzZ7?Ss>71 zRP(<({7=nNxGUOaB7Yx>@$up714u=w)svJwIlw7Wl73IB9zxPMXKJ(Ct^K)$l=So`?q7#= zQI89EFZIsq;^_mY-U)@|=Xh3Ty-IsYP^5-ID`7M*H?l!c-;;i$JkHnoIbjs+xkaUo zx*5*YN_su7Y5075Rp3O1sEW#|aUpXYy!{@IgcwK17oW&L^p9c0_;*-yAvd_#Fgv$) zKCbD0`5+^({^Iz<;&S9t`$bU&NZ(m+{YR3IyF@(TN8|SY>JQ(t^F=?y?vzct7;0_zH z&Knubx7V$dJ{@0z=H%kY1U!zYxBv}%__^#QtFRQ=)p=xbZ%=4)@!wx2M8vIX48zFf z!cQU-qekxdSq1ry&V|1ni#m{veP%n94Fc?AXPWWKNtpf%aK4mXOql^h3%xyvPlXZ( zYAQj&KXvvyZfz849MdF>#yjmOA#J+gRRioI!FIs~ZHVRf!6&w%^k+t729$>`rw9PW2l zLIjjl;|!=hiplWy0)NIS*o-&(n9Hi#+b)z5GM7e@Jj#|A|4rF{fA(FWyM~u7WDJJ2 zUH~bBv>zOUqyYBJxA2UCbvA->(Ng|XfM3e+O2sPXj#U`@^z%p=o?1;wKA!JYM!b;> z@9xGb6m-m}k!U^Hd*o$<1AM?RjRLk8NnXKs_8*sE9UISL#TH{LG)Gj3tpASTYTrxv z>&NQ}j#=?Tl7k5eRKI+;SodNjf!y$yUn1np2on?(dHLzk4?aui?M)ix_>%C&*IM`O5=Pr_ zMysD=v2SbN5+4RS?5dEj7+RO#A!B_r1*|>b%64jP3vDA=&hEcKZ5)~z1zK%`cP%`{ zRBy-JrG2XPnJn;?MFa33ARz#M8ao$nklBea7>AmuHDYTw0Aww|`%m+Aza$;Gq;>f6 zboyhUbLT>-V$Af?@MejFmzQTB{4B1aF6_v_`d~fX+~s+*N8for(btek`9~d-0fj%f zCBA=2tdf*7s2MtEjmYKZkDPoHhXKCTFz&9VOkZ(3z;$%?aTmhcKhg=2;iGp$YHUux zFfP-<PAXi?k!O3kSD$PkS6mxKj6=GE6m~FGZ@ZK(ux|!Y+PUC0)#^hURLG7>_rP zn08T3Axk6kmqsG9pBY~MaJowaIggI?hexF>Hx>Bd_&O36vgky1@#dQY0TX{c;S1QVnArs0=7X4uWajCYqm=1PI`E4VZ&dYs&b|QuJ>pc^grg5nt!?WUT}tBqO4iS?0=l{a6OX-!rOoxah|1$QCX1Q zZP*-;+*3rb^~}UsIJq|{$OzJ(uhryRNo`LZRqTgVhcYu@s-CPt4}20qn>WX_7(Oz* z;*RmolDqw00YBcPkATpnCCezrLO}KbbuI&Q=jm)NN}uvU*vsvHmzvYZY!y0@BJT?; z&sjMrNh6{*vI=tnQ{PhNCWP8CUMl4<#KS5l273kTy>c&A1fv`Bb7Fi~SZ%y$LY5O7 zyaZf`>EC+1-*%LJ-GGr2o?t{uf4F|GcdtTDg2i}s_BpQpzVq+bcV3x=E<1*6mfxv- za1wetwT;&funIi**bH{V3$-07rH6T*N|QBrzMz^1K3DR*HblFzyp@sNz^b!^)N zm2>}kOy;eN@5JTXMhW3@a|+4Jfo!)g;!n=M1eYX#$A3dfDfRi!atZqS>sa&-OUsAo z$kMx}8zauI%SHmi16v+dSX46+oceQCZsiB9m)?V7iUh)Pmaf+Q75 zDj+%2k~1i%AW@Ql=oBs1P*@p{F~bxDu0p7Wa=#H$`jf2rI4H8c4|rcoWq z<;mG=m)kCAW?!A4REJG^vqD{DsS4STl`pXa`Q33?Qhpo(&0H2{ic>)79?zWNqOjh# zkhsbw5c+g4-}+##{>}k2F!J@4{kwULdvCb#`DCnH*g>s+aTs6_D|!8-r{B>LV`GMq zXg)!oe%GRA4JLCct1+j9yzpKHC5R7ZMu&-)d(WTOyXlHW@MmYar~A*!?oc1pj}*LD z-2OoLG74HSCdKx%2!9t7^N z{)lm-zrwa4Ycuc_ePp@;B5QmW_cAAzUF}QD?=eNm8HmcN@m1Pv<&lxqA(>u&SBxzA z>o<$%X*E0H{x@|^uXw%-ioO1*h@qxDv1)Le)}a4`Z&6FJkne}7uIr7QMnk&@Idse2 z2{tk-ko+(x^`pIFEb(VQ+_}P$D_}3^)wuPs&B1RG?ydc7#~mysxJ83q3k8wlFnF~2 zSP|d3tVW$qbuINhH0{3FS%{DD$7c*U8L3Grj#d5|{kr~v`1vA$3)c=Kz6MK{l3rS@ zCi6?nKZ`D6pwAdV_GKKN-0@~qs9nbcsjMTL=4-)|&s)LA>EEKA(_^wv>DLbOxDes0Q7R$-W3C#d1`%cxJNw7 zs?gnGq?z75-&2dV8177UV7kEp&f5iNFtW!=B&R&{_ZiGCih;o-%tAZg!NBPd-$CW} z_krg$A?F(C5_c5MLs=CBAJK&S)3RfAA6r)P!i*uNE6EO$M?1 zh<&Ce^6IOrn;6%N$5rQa;sHs1{M{0jB#Q>RI9*=C0{9kC`qDA`wu*@K_c> zAo+BZ2=Yb?5f97StA=aqAW?0kO^o4$lumDE?6?PgopLip?kkf)8t;JL+|YkzFU2aD zV`Msc_a=9lD|*y}ACnjB$qfX^Git~`|6;}r*hpoTmi8=U#OjlXZQ#>Zp-EkzVA}(s z5F4fEjRdbFG+q!jsukJ1k5%tVoe$Vb_FrX;meT04__&IEbY`4Vzb5gYdR+L{ zuqNQyx@axwhgi#_8e>eO@>zd6{rcs5S!Dt?(zYgyzQH3*qfdfaP39u!lqwMKU3$RQ zp?T-RtKj%uX%(`9w-PySFhZG6Oy@7vao_gY99}`6SnK)Ib@(YcM`hh~h0%@@yWrFw z=;sD}<{)bp6#>!gd8;=lEPniLh*F`jSt}So(E!c7L>0xx$dbD4?NeV?%B1G=vl6+F zD`Oa0kZ5i2V$%4D_9-U1HE&<#BKRQPJ5U;57x_w%YN%s9x|W8p1dE0J_`Rz`FxkJ}^G_9*vr2MH9R(G>&&&{l z#mRM6r;=>7`vh^{u0QFBZi(V|;cHw+Ibk~4KXEUm+S>$SG1zhJMb$^7I%!D6eCUU} zA0}y26q7OC<0M4Jn;Ts;cgf+nFjont1e5%jyLl8Xj8F}8mS=fImPmX?=w01>OYo;>M}z`%`3a`F-*#9JYnIEbDmfZU zxs}@qTZ1P~0B`0|@pwa+R)14xOo9|ervPmZ6%=xiM&!n$RJJInI@oSy_7(`D5nm?x z+&_Y?Vk+Lk4_5HYs!og=XExx+ut5+$l|bKHHr}YBmdkO>$fAy#8GjCbYP`3d*3-Vl zoGKSg#{Z`J+;-Cyn|Iqjw-egS^BSyyHnI7GDv)ctNPWl54USYFX7UKkoEc4JI zYS*6mSq|2r2LwzlW|TFX!*B_+-|Jts`~w@ca0axn-;II_%5EW;$H zhcF&ttSZ+J3cO2y_$eG+b6Kr19^QPtcN!QDG`KHRtfsDGe1UQr8;k^%Te%eiLM9Kd zK?KAr%j_4#56saeA+*%g9_J_l+?*P0`>yGiHqLK{suz}-0nXaO_rM7>ZY*2~(#*#E zO-1GgRoXWr#;=6+Oeycky@;RIRWX@zDo5>(QQE0E%zY+UxY1jz@HsOw${>C{EvbBE z=-c6KX$$kdC!sMf8aQ$1W2hWIdGoxrF;$r`&U!JO&9|AeTU+s@5i3d~sa%qlu9sy{ zgvYQu<<}xX#N12_*Apfg2NTTM1on$=TY9Wcdzo_9h43(6P z(n|EU=))L%wNm_-yrfbfMgCp084PvmV12&JhtOL`Xh`S1c>C$&|H`}ee7!HY`2up~ zjsWjwMJq-*8Vndbi0sn;EX(l0FYVTU=sB*Lppg`-opl)1CBgk*{<5ko5{(>Hn!}t^ zrE3_!g1Ra5iV59!;@G=l39GHQzPk?`-pl!RLQ?$>3nnZbSUy$zCDLg4Oyh!QNAnM`43!!< z$^WfLN3jzrNv=qFYR4?$DE@YOoJHXuioIR`m!7t4CxK1B{wKSlc9?U(YlB5!xbISc z2Sz|6F@!ytcXLZUXg|Os3Zs#ciO)djQXiKg@H}nTB%b~siU#^ZV~p*A-l;#bH^c5Q zy3S}l&PNfW?!m<3H!elWw|G4L;pSxp&grVY_I0ef_U4y`f>PI)koVudD`@wJs_}^h~ed z$2vAkx~V{1KSE|^O=Uc}PLcJ6dBoJG1Efy*YS?Kz4eAZ}5SvC`F7CBVl3Bfp%NfN& zlr{>1eYR`=42!LGgEeW}Ir3&O!4sO%wcw(6KD1+TjAqVlq&ywjawLZo3Ry9cF8QYB z{JMqmc@x^0a4Kv~XN$Mts$_x>6FlNE-X)WN2Ent1XvPs^$>X?4+>#;DL1z!Y#eCh{pD%2wdYef=Jd4RlvF?|$GU{&oRA~txPKzyP35?GQZP&`c?`UlL z;5U*$+KzjwsFjhC}N$rJ~a`6T?W4`8$z==s$JgY~X?!2yd1Xe|Hw)Nt-fI8bmNokDYQd0My9oXS0C zOgm~Fd2>2#SK(JsDaCtS61EV$q@(vBn!?5B{v^@-XKVBPEa}2aJIlT(g9z%Z$3yn& zU_mD#%Hlf>6T-_2n3=hy!Zw5q??>J7@oBmvj25+}w2^x@k(7Ksf6=+MLIc!>+%+`4 zfMEtcgOFwZ>2>G~QUyRk=V#Y;jL7+M-(jvk@CSZ%BSB@`X=g*X=QmUA;7y_QRp#sp z>HqRl3I7wE`hPLeh(}gSzN9&-7-{vb912T$l^l%JunWd+V+ZaQp#Zk366?#nC&=Fl z_4I1Zkv1rS1TeU-QIHEC+TWAd<&JH0vH4v5sH6Nd-{IjJnSJnZ!B2$xbwEgGhp0E% z+S}?&jn^+I0~9bJtr|cJy!Lnt`@qE&0Rusy6Izz@r^pRqR`78&RQ4f#58ukksmY&9cUrCraO7v@IgC=7?RC{KgW{ADbmy6tWf=sEV zeS7urrG_cYHg-2yuM#6&@cy@S!P3R!k3ZJle5(GP=uyz{b7~S%YDgp)WPl-pcOdP} zlOOaI6m$C~{*H=UrcvotEMVt8pRPKp35A&>_YPQoRne=woJBdI>g-#+?2xL8(o$6R zS=Fa`DGrL=lz@)OO1_H0f~8w35FKc{S4vx7`el6c_|!)}_1ef7H;+p2-28h(MUY#D z=*B|!&1AxtqFU;isWk6Qp-|Ug5OLNT4avDWAXY*K-LJK^Ms$X|M+m=UMRir5acku2 z3q$N&kPlPST&CBsB=Lg`NW1geI1F}`Z%_0&fWlz&)wnZ#J`=(}h^{zHj^e*8eyhvS z=rxomH@&jFpa4IpG>-l5sWPpOK3j(hN4~%L^46nDZpX(sIk1HY3!%Tz}{yP0{LLHyOIE0KSQDSKM85cQYz<_?sB#m7 z)954Xz!#AijyGa<86Fz9E!2v+Ah{QT7y{jYjs&o%{BUqr8*@p|WehOz`D*p0V`jFC z(qRVEGO^4b=H2mE2(T8f9jASmL7F2GOqxy3QLWSsMy+z%M=PAB?JzK04$2IXFub0% z8KMmM0e^4k&ssh8rp`kFws|w4wRwFeN;)UjCe1(?c36G>KtB-A%lFbG!~p6&xor7B zM38gdVDeZg>Xvf`*6+x#!pTOiK)jQwKd@rm-o*Y|ZTr=x5o zcY}hq2mXzA&j!}96#w}~3d7wVm42&BZNuDv{J_8N+ur~8ztwd9celF`fGXp9rkAq*hLM?SppBwIQcI=E?YnuA!m`y-g`8ZwvsX2jvz8|=eoouGcdl;o z4p4)+FwCg^?;&3maz)i-k9^@XWe4FuaihN*8+G)*4|u+hIyj#t&9QV_N!kLTS00+6 z2)N~0A!|EhA{9p*%wvg^A=E_l{+@9wxmm0ELCB;>ZjPPDYsa=A{$9e2n07}|t5v!= zgz7Sa?tv8R*J)aRCmw=+j1&bKbG%TU*Mxg8Y}GG|a_nB-8m8qFS{c@IT!=(pkb)Er zAd>=iKGS9ugJag+U^bznz)NSQ5Popd*En9rP!-cMN~xk2tIek*WO)q^<@njorp$51 zdnYqX(0tr}5&Z9qx(*|onUxt;U%6e>ulLY3^MD_Q_4b^rVD9#|)*Z2jdQTO;)a2k@ zG?ZO?L+pCT`h@My6jV3HOkJ( zs%Zo}%p80yiAT2F33}T5OPme&1BGb5VO&@Z*|(|?V}t-&z54Jd`n`*JRLc&kqaYdD7nb{wDm*(~zxE?Prdd>=EzjZY{CD#=j$!R}Bzh&&K)K&DEgO75poPA=I zEe8x(Ou`&c7c6u)R4tqCCyjo@jnrI99Bqb_^ul478fPIITgjN$_ngt5zV2`6vgfVg zA4Zbx)jn_i*X=UH8QIYpWenVB#ZmD8$jtu-j{c3^R-!_A=93rrj2!q^LO90OH3Xl7 z_p%PMOp?rhNa;SLaJs4AC~v)*`^w1kUsb$QAaAKYg5 zt&M`)eQV^BP8!z%pMnAJ6vzg!6~5I7helh}>bkpZp-W`Pb1h+AYXC;}BAb=!WZG`4 zlQjFn{jii%f7aZP;O(*X<2|6J*K0S~8zX&u>Tf$fV_F=WdPD?7gz=rL(FDIqv=UtI z(O(G3cJ7_Q(eu?hzgQucpZT!e|@Th<+ZS%)uUbbNGa+#C^G;mxcjj6m-* zZKw9{VF{NbFnW4um=~ z^~5V)`opI|G^XF59c#d7?GtUJrqC-S$E2QLD9P!dkK^qFMn(Me<*H8uF|s7#*2WvG z@ibc}d)Ev<)@twf(@$ z9|eGeIt=OKIB_ucO6RJN)4AzvEQu&JMH}3b#K{wxkHKM~-ebLY%ibhhWm9tK==qS- zn|%&=2KmF!t*nB{oJ6X$IU;C{#rjNKji0|NsKI3GL`o5fqM5bJd8v?os<|LwizqRv z2S(at2gCTG4Jsz}M9U_2B+e~6ldS@(Fgtm~KrSe-W;hFb0adfqj@=~ zvh$NhHnWvt<|z!6e9~~5Gr7<3=yNTZzj|CQtNY$+Kw>5?Jkozy}Eo#Vp zuvl%Bv!ZWLWQ<|pvy}}^+}Ff^pdgC=nsd4207hnIYs)|M6!I^6>JLQ($fn+Z&n_yF z_=l_ei=M;G-AMf7ApZltNTVMV++Gj`F&a!ta(@*)bdb!^eIVxKBN2zmriXs^S^5_; zOHG)>;I6EG7dYR0EoH~!?=z}3SLrN^i{2Z!v^mBD8B()M zZb}A2s2Gg#pV5*3^Ch_k1DNqsLi1@hYpxOs2FO#Gb8>-q1VGYB=AO{l@<2KHh!~uE z`2??s@0X851b?SX+pq5JbuvB(*xyyuaD!mgUsd0V5jHW$SJ*8#G z60&Z)6-X!SPXbZ=M$iunZvy7GT;W&MUEjp%_W_iOR5k{=@O_mG$i=hBJ!DW+qdNwY zE7r4X8r>m#kWC|%Tt$gt`I-eA+b1Hhn5RVo&P}IdDD8xW<7&rjd-{@0s-{^W47sYi z1#3na4yGTm-#4qiTHne#062?l(0)%C?Cf*`ezpkPp=gw1QqE>M#&&C{J&YvBZc~^= z3|+6#tZ^hTCZ65w@CqQVcH#K_)LV#K(?;xe%XE(ib@%3Wzn+3CBJ->^1%7qn>j{nRZ21o$nm7`+Pi<*qU**e^OB-p+qJ6 zJHIDKm|qljDPo?6DKU$Zw~=03P#D|@pt=p5#JvYw6M*I;w8<`YGqw>m6S z@;0Kv8#gpNRv@Bkki&s{ITHE$zl0zl$(x`+v&}yYoDkc?HtfSIR_#W{Ce+@6Gz_s; zg2`-#GlQ3WqKm2O7EEo&UK0|yYSp*!%(@j>M`Cjyp5eXz-d7=`_!~QW7thc6UhJ5N%!Od!+e9%2xII zN0VwUTfe%Gq|IP4_y7`;yk`B_StYq;DzMTMbSYDSt+exY9+T35b`c|~&tZ@os(9V^ zko=j+bKf<_%<$UFdl})%LfHFXjQ3o}*uO@E-2W#K?)ML!N4^ZbWf%MBy?^J@tlJo1|z9=UH06WR?mv@atP6kYRc#_YUQgZnL}dxW-* z`&ne-HSONlqw5PXGKUM_Cp0Wkm3t1ex!pq6JkG7h)iXobzl7;^&+^vPtU~&aL~Vug zaW{}OdFPPJrh_aZm{GMm{xEn+&QMQ_KHac=!!KOMM@h6KY@>wXl~F#PW#%f)3S?M_ zc8iM@Y*By7N@_C7uwO03kMOa~mU+0!dc~!!Jl?d5S^Y0lO@yGTX0XxM{xJFRnt2P~ z*_z=sbUzF}hzdoDPZYk!KQ@RJ3XT4lOmzG<`mK`EiEfZ!ne{f2d&2K{KHa7YNrLUg zyxe#{6d>9vDEv{0jO6NprZ`(*JoplYL)j+K!~t8nk$uUij9wuzrWx_8 zB)jQiK>*r#cO4`=TfP?U+e(;M%l_Qk#=|4yc({N$uU}=@Lx2neJalZgkKSh&jhU|% zWo`DV7yR=`F+noSl1k026a1b~HZ+>1Cog4QS!;g!Z@?}Jt!*Mypo;F}svHyPPRstV zlZP3Qu{wUN-P)b6m-+dtX(Ua5WO?mL#DzOH$b-z?w-9k4zqAeY+Xl;D1q0`A%6lya}e*PsA+^J4`xp-utU zaAN1WqfAFXTQB_2N*mclhpw$>S9aog00mIXePx$-Cxo72-;8#cF)Z@6Bs8L~H z3Qb3<^ZiEyBC&FUKN_Pk8JB}|Tp^`4P``JMV=`)9)4x2kY*&LkoxTiQ8OLz7SLhrUmltAE>p9i@q)F)H1 z2qg3>h9L(B&ten_bSy#Tt_82J)O8fsaJkUH@sRh}FyvGWg&Y;GHWC7Sw+^63W_%^x zSw}0~xhHE3@xqRm3}eWhA1COGjQG8H;lmPOGzowqdc(&X;726kR}_XtPA9FlpXz~& zPWV1(ABwKgB*|Vl&za1s*hpns>8d@g_QsGw)Gm2A>6WZC&JBRc1?XZ8-92_sAJ=vE zjhxcWY79+e$(01W#_))6u2!*0vU1r?E!tCB@79Q&6@m=r?##P$PC+UN9sl{6c#p-@ zIsY6I$X!3F_VFPR>8IYU7&zMQ4FR6Rn?E^5GCqIcgKR86oLPea<4H`+@eoyUZ+S>K~@DdQ)R@@$nLCMG)nlm_sh>n6Rii7G-t@dlNd|l2a^<>1C$fRSYJm}1D zk$qvWvR{83l5&i4<6SIry5`jetKxQ%kl?xo$pQ9tCaj~`A0 zrbEg*>Ly|5zcRuiy1Pf4;Z8h?wLQgCEl2*X;6IPk`_Cr<|NUopzqBMp87XYL8o3oQ zZM(|4v9}>rdE-CKsovpt*Za0UkdVGA`xZkz22K3`!miD2_bm+sPX;(JCdgN^SFiT& zZW-AE5fkvY?&`NIfx;tR|yc1yH_17 zEaEi*&r*6d5SJ@wF~UG?QFrw<5U8z8l}A{C-rcuX8Gb z`kp?>^dSv>jHo#OOY`N=lCHHyorYUR5`?Xr+ph z+qYYPyZ(HeUF+-r6uSGLM?~9zOC7;dNsH7D;WBvnLVshgHNIB(kqLuBITOv|Z&!%D zRz^gEVLth;uy+~JCxyg93)Imh?_I6n2T4B)Utdw9SNm&}Z`=)8(!pT)$U2?B=Ys9nW z<7-TEeK7y|h)bgorl0bAd8<1eJN#?esia!FNkh-TI(4+mPwHessv?^`D8@;A3zO;+ zptujEjcylIMq$6>V?yuV+qJS8xWNwnZu`u&UetX=`s)jr-GI>;sjzMBklakT?Y{(hpYTFt+AP%;++FDb!49+a^?t=GtK*2=wy0Wjs~=BJ4T%IMfC?b z#baVc)CAe1ENoNO*=wS7$arslrW5Y>e`|; z^3sq+{>yCS_0<-6RwatoQJNtIJ$~(mHr8Dz8J5mXK@^{!K#|hl;>~epR1+zmtp7Mt zMXRjdC0^~WRN#pX1kUWSzBCF3dL!6`*q=v_Cz;pRHTJK8GuPokT{OYM{@_)eO7QEv zlw)t5sSTEH?||Z-4ajwy@79*9u(r35qISlh8j%2?1UaugtpuaruVk9fgF+#}C1vLAXuse(bQYz_eBvv30C}{iN^n-SYP(oQ}FkK!!@X>M)JK3nPLj$_zuf=;RN@m_LtDk8;Dc_^! zM99e>MAxl{f~5M!KV$FXb!1(6aA(* zJ!SuRyf8)r2-?q@K!WG~=$n6vgY1FR#q~IKMQRj%k51mT8UsNZfqRrOWNXaOB%`s2 zlsPOL{Alc?=hw2)*D;#}1K${hoi)e#)N^xd$*zo#wJ6us4fkfp?Op`&It~v!=11-F z@hO8dvDfI&hl7bI#&{vDOb1lqg|$i0>nF$$?k)usK&%i@2SdY8&v{^q%h?GnIUh4D zs(~z_ui5$IIhbUUWay9pX?KvhGXfb8yb^LI(e5)_0s5*-iv5u7cQI86w2{V>1xJ=B zbit4xOB4>!E!~oXfE;TRFX}iKBwf>UEohMp(s6&e(`Lt|?Nw})E(MJYXzV<}T@eG$ zp<5EH;OV?8P}~VjBy6J&63(!^JC5vvK!4!*lHl>RJ-Y&6Ai%_Ba&{qW4I_&q$-kFt z)KeDt5^HxIAc8^E5hJefbob;F)#kI5(e@dn86($q1gdN-hI^!~hfNnxDFM|K(Dsr+)4xrWn3oJ+2^!JQ7tbg9O; zY>3K5*}cX}j|q2jGNB(&o`x$2)+A9DeVCKM5Y)fT2Ap**{=;1Ks45 zTu%F_z;5$eIFVky6y`qZGh)`BmA;xxI26Z*VV%VXPVe$DJff!^Ld_>^6_-G=$;^+D zi;hh^P3LEpiVx`(OAQ{fpAZozv2f>Uy_S}q`d~!yNl#*?yEO(;`BEc9q)Ppw9fndu z&*F|V!I22S=z#ZzdqK0*hsxN>%qF?sp?gfvgN&8c4csa(7O)KsD!D4Yzl`@4Zf~Z3UA^ zSFf5W9k*y`tB!T_sIN_M>0~xm@&Sf{Z~_?7kLJ^x)y8|Oh3_AJ`(=9L*S9nUH?>b+ z2ibRlnxhI81}ex4;l+q^MK??OqClb_5z7F&;0W|%F#Qd9<^#8*Y&^Bqx0+O(z2O8Q zyfA?boY!qiw!PS8FVMj!z{Ko_BR__|2$i z)t48YBU$UsrC&xxv*Jbk9}0-oR1DEQi>DJx1jJvUbhmW)fgpZIADNOyd`!^Q&t!bT z|7=1->51;pHlf+eaFAo#2_6Y(Cy(dPPL#I!5ZQH_zaINlH9 z)9eR<=eTVFQl*H~h78T6&3~@pQPST`E z9U&-6V1GVVvFbj3f902fzk-rNpfg>=Ee;0)j217W1=@SHT$V*SgpFIgX-KTRIYP4=S2Jmi+}*!1bj@=)#YyKjw2j8gkZ2 zdbs@k{UM#`%$+*rHL7&o=$ulFR#0aACo>&>7GaVal5@xjw&^kb_VKGvM-(ZOE!Gj8 z1}`E;Yd_oO)k74fj9>+&RQrMNZ(m1IzS;mvHo#aV3W+yPn!n>w#KXx7mS-Qv9;wJ5 z=SVPJA}gjx3QUB~A54QTN7|PLPFVd2xL-qefN&$XJ9`@3Yhhyyf!Z5FteRH3D~vIp zenPe>{WU!=H4=_M)e5$k#xtB27w@U~MM`X0^(I%RAr2i6t&aF4%xuZKI71nL_VaNK zS-TPE6J~Dzb>^8C?d$zu*AE|BhYdfz#k#r*rvmJN2B?dmd<&0$5750R)}B$ps)nhK zz}cjgH0sHeO~UxY+<_LSZd`J~j}=Eec?Sw_4DN%E&H2o#r%B%E4T$f;C`qxxbdsrk~Q?v3W;_{oDu-J_Up!tX^MsitMRf86wueHnt5>h7TvUKu8X zu%S<79}h4;V?QF^+`OgoXX^47b_JGXK30nucc z8K2#jHA(VRoklAfK(2&0_8!-=4OV?z}loPdujRN+Anz)q<|uCRMwGL z&B$FM_dM^~*KG}-{VS;e9d`uQJ~=4SwU-V=%jYqR|DMAXIW_f>+X%!I zpn7dPR%ZT-zdb0)5=&sWk^_x^G}UFl%aClCIFqmYf64ce!{+Gzl+J! zJ)+r9GpRc@=cAreeOUm9a5CW|%aUeJlCMj`_wh)_G>C09t-(6HwVk@gKBrsEg(E;# z_PNpWoIt^2;SV;c;1zEr!Biule|SSQxC{5)W4AdjEX1BBy<&S73Y(&=A?!10A6aMFo zq@lx4B8?iLRg;X<%aUg4Xr%Ns>_k31Q5pcT0q@#MokhwOZH9W3Lmu_wB*fE}7JY~O z{c_2YakIWikSYy%-68hGmYM2{g)wiadAS&}G96F&QJO+Xep@BDAo`Mu9}{JC zNr~P9cBd=Sy7Q^DP(Q!TJQRJ(bN?E~A{;{=7QC8d-uzf@4tiuozpwDdVgPS$T-|LEDb(sslA=SBKV7LOFmMqtBd$lHOHpYV;5LZBsPMjdK+T1(gJ zG|feu?VII5f87hA!nY|dXS$Q~=c_znEW!=AA(TfiKHg?X(Y}>y&%AuDcCD#{1zgmj z@6{fJrO#yza>I$K-Sl1*`Rn&e6#xec&J>7?W~>D_^P3-s_p+=r(c>bEkw)4ceY1Ov z&9t|BKQq$pUc!Wr9&g$#mkGx6%ewD|2?SPcg+GFb&|5*d~%3xt=4F|as)ezJYBvSsI0`*u8KDWH| z{#_%N(G7kY%_SYr$Ug@~KCgRpVsk6*@t!_X0$@0bB5WjsTs4uYBfcj#sJbnJf%i!#$V&Vy-^-xKG!F{J|36O#G`K zXSS!15Ew788^Rdz&djUK3CsTL^?)}|JsZ%0+(9pwjgp*L4#3!e8S?i}(`S-Rk8W-c zgk8m3TsD#}qbwVN>{xDBQT&jSA~(oBj)YLd%!Y^m4G#47q*5Y3;z zeo238Fy&zWMyzVAnuSky%H&F4txp6cainjQMPfCCX|Tuff|=QDOwY17%g zYHz7jDsOseY@*8P9B10^C%p{fR$!swI_&sb4 zt>Z^Ttj_tv8ybzc$+Pw225mPi%#}RG;Ve>Du(W^%22dydTo|5(ILw*8v#to*h}S9F~HsjQa3MTH7d&t@U}l+!Kj+mJRQOZTS( z30(cbuFD(gVSMPU7Bueog0CrS1KAyAC0-I~?EXTa_c&i@$VV~Pp3XM}X!48!7nBU2 zsoreDd5dfQ#Qhvc_15_~D!0A}u&muyb~2vQ8sj#T_QpeD4y&04?o84i_G6 zj;`HGjYr|)dw3s;bg3IooNFB-EM5!kJt+8f7VjKaUHdAcT~F!@)$=xvF33B&$D!w= z3=_jc&>>UVd{*BfYX?HPesMr$3gfwZa!}F>LOyL5K8p;LR+&_=OO13_KTe)_6k#P6 zChulTFL7^sZq<`mz6kM?W5&oR9hL#`dGYpKcEpn}`;OAHPYh}X_`Je-&)NmGmA`=wp#ZTPM&Uh{*+u!E7exY5!6D4_eB=4$q_%rP_EnZ17Bz`6L8zWKlyNCBP+gk2; zUF6F95$>r6Q%+||x@p&Ddc{CCX)@L(J`+9R5+ZxK&Jx=WjG`Ak!Cyv-o9IFx;O*2KE>h(=K4obJ?qMS|@rdSJNoT*<4!QSF zn5V5UX?;nOon4Y_kxLsNm0I);V;W=8yqE`vH!YQ$TC{bZrRYwVcOG8S5-s1n^fmL? zg>zal{xlu&xmF_L>$s0aOoF;_U%erauL-TTrO6t81P=*DG9eF5vjI$N4( zb);o+p;=+53Tp#D|H(>FI)JHOqI@O>C=lL7tg)lo!+p@N!_5l)EA!jCPiPVW2w=|k zGrv6ZXYgJ7(pvS_ z8693))}Ry*N5+RwYNHg$TbH{*^AHM1AwPOfM$iOVh>8o{X(O%8m4j(qi;Q~{w(+zb zirj7>P@+VtvwI#P!WT}OBgw{j_28r84yp7dGCp-=4{tYzU?_25lJoOSVt!g29wU~3T#z;T$UDTYe6dkvZ=^Ya`?09E;%)J2 zaY=dn=%NhpM#UyzcKB%V7Te?d(>KYje|JoJ=+?kxi++xWF9iI@lGCK$W^v7fg*0r- zc>&CucM@*o1HH$|wR{Gr3wZ4PbnTXSwVC8DW)&Oih*QVhrNixX&&uojy#O=MkSPHa z>;Z)9+k}tvB_6P2L4D`!P<8Rtgb8)V3zY4U#BEu&b*MfHk){=EBL@50pmDg^rBBwZ z_0v^19!6T#*WSR$=ooX%X)H#FX|!VzP%QcNT(=~e#))u0&he!zps+^hH+XbuGQY!WrUY0 zBaS@Q2?p7FS8Z=!MEfyV9Zc19YH;NjV5y4HJLKJ5X$RqrfGiQGr}8Hm;ww7Wa2fx zIsTlpwbYtF@6sxxRUb%Pz^YaL=tteErqgkme=j?_=62&7Yj(5Br7lg7HF60#9Ljdy zy|O@PsHRM$?4=tfv~DR>(wv|QQf=!;u(>F}7+#mNsG7DK>q zdL!n2Xc^BXVW<2U!A2Y!z!w2JOX#^S|dWb2lo1O;b}u2 zJ)a^TRG0`yPG&KEcs(=BUvh)t(B!QFo+!WYIe%z~lW%Bnv;}1|YE39|0!|w6RRMvhkOJCsVDKhTl(yl|lL%iNB z=A}i82M3c=@N0|3=%Ho4s;BT*>9V+sZf#RobSiaF-ZC98iJQm1r7f|7^YM&jQ1}Wv zNh`>ua-{eNeNUzba+EgJ3vYOz<(reX-*_B}#1kHK!aafH8`mH5`|KY?b5nJJ+{>sh zE;eLmfV~>{;fZ*6yGCs*CskwV7Rj@!_YJ$v44O8-2ud-oVrAe7u@p=c;BF#MQK+la zq6V%3DPDXhk66K{Lc))xKiedRZEBs6g7R)xbOi}PM{I~}9^I9DN$l<&>7k1ipKGPV z9-;2JPw5Z0anD-xqsPC#?h5T^70zWq1|)r@0h=*Q%iZ+-IUcDbghiS%i!B$7id1vN zDZnhEz*y7+EM+)5o2Z0W)^~#~$MBm;;Q>8Ipy{Hfi=hw9G#7%Wk9Mmk7es*R@t;;^ z!Dm2BZ>?jewRsB1d#rBQ@_LdO!JM}~gG(Xy1*NmyCH9+*@z0uJ3!?dr?TY0x+#2od zoT-{MPGMH+Q(vgJN06@eNM6Paf8Ky`qw-Y9wE4M${pzXCH_-=ZsgEbE4lmHg-X|89 z`31d~w~0))E~BaIJeMtb=7yK`!hE&rs7G7X)Jkv6P|c7vBah`K=&pr^1c|}~jtnen zr=o42T_Zo;anA_+Z|uEgR9suPExHpdcyI^=2ofN{B{+m&0YdQL5CQ}XuE7d-CrE-6 z?wUY=;O_2PxLctGRMoo0-rs5WYwyo%@4S0kJNKRUcU4VU)7Bhg^xg;g+QAxHb=n;y zlb^8=2!=y|?Ss{dMSJN+oiG}?7$wgr$KSMeRlX$07*5;+{i72=?4IpY@5a!>#IslKrU5DZVhB7G>Umh1e$EvM=s zJ1gB$WL*wmIQ7=$RQS<1rXrjwl3=orQePQ%!;ln`T{olcZ9K&25zd4G4-aKbFmzNi zABlW|htqw6J90Zjq5H2d1!nyvs;2XR994S^C1^dA5=4VX!zh&{bWP9N_MY^EAI4UA z7Gn<>W+D*Ns*w1+qbocy3zaITg6oDp2J~X7Um0WypY6ntv>3f14H3WP=enw_mb1#- zTw)UICw0XwsA=mPCgUuxby_4!2%0r`dQkBUEekR{%NR_^MPNrD|J40qS?#u7)k}^d zJ_;3`81hQX_T<4v7)zUo2Lp)=G{80n0R|z7Vr(WKQowfV<%Ik&2(9LEI2+C|S*58{ zC#A0XXmT!eOR^Dn3@G6&*)rzVpv_B7PS(LXmh>5Xkqug$JRTsea&6Uf8l`4)OQZGc zgS?O}x^-m9^FS9?6;=;SNLBsj5??bSg{76y+zP;-+FNNVVEJmymkU(JB{uRsppJqK0a%DwMJGH28J%!j*9ChB@?T3 z;MYUG!^s<&mO*+BAMR?xhBji$4+J-9i*yT(xRFy1R|2l|g#b#e4Ev8O>N=|$h6J4l zst~ykR7f&05NN4d!W--gRjM7>dpam6aV1_gi1oa|4G*5U=!xG@+p-4jH`;e%AL&idmo;T37bWR!b z_U1p}6mFytJD=K^(A^x@C)3}sXzAlB3uKXj_T2(&SjYYcoV|7Or50AR=<>#_KUVG?;5Vma{{uHQ(*_q_0|8mqH}zpfoV?;RD$TMT)-6WC>MJ^Y7qGI zJ42_!gyN8-3))E~#7c!ZMp23TSe0@I73HDCymwV-aEF@lg#wIb6J6mj+(kVeU=tRm z%L9;S>R?nzCcV)5G&|iuZD-xncW`Za(3d!iN1YT)xpbdwx2Zs{Ya4c zp&Pk0`ni**JZ;dIKplU!W|Fh9qZ#H%Mcprfb| zy!k55M=HVQkmxAZ|JO(>sh}!nX9t%<;z=^rw5xCp=>@f?;8fWW`FU~dW>iz>1^89d zag06D?l^E|qMCd4;5!loLq+PYPPZ#;b+~SiH#x;uzg57-;*{6cOQDi2{QltNlA-B@ z1|%#i8&ksa6mO|@J;cVrdC%+Q^UR>Vj~{{y3p|WOj}gkt20a?f*04xD9S}t{q5&l*czFAk=Yw9IQbON%wCE^#s zSo=2c;f&~N2M@le;9%A);)$LN_Z5zCj1AC-kIe0sa4w0)&=X0m@yj9S>g51I@Si5O(3(4K;4p zfyE^ZYfj|G#ykZ}2P#=;OuZ9&K60|>jDw&I-#Gi}th$HiA^Kd@Ra$lE0T9MQ8?RCz zJpYVCuaj){ay#ec1~4i56suC%`@6nVM}MI-#bIIw@R9^*(JcTp*9PXU&HE+iSg3&~ zAVLU;5Rb|Om)~aL8=aZvoQuXzg9qZK&;SG%(vx9H+hRKol-~aR9lJ#B@$=~(XzT{v ztTE0=hFOl;4r;NsrmHA5c-C{T-4sOrI;hxDSF>}}e&XM3DKhvFW$WA;VBMyrw^=C0 zd0qB#&?30pRd|r=@RxCG_de=SXA8TB(Ki&8TsN6gQccL+={mner2Z^qrP)gwBH<&% z{&}M#7X6VN;h$$lAe`VwBB3lgNOotUZ(ZNJ-xkT=H`Ts>2n-xcVY+Iq54he+P5?{U z%oOm>J4l{_DQq{FiW^?M^YQNKp0mspiB(O7?Bvf_8dz`Z0jo3j#~ZIJ)+r<|UDjQH zZ>J1=TAWOLC+B6Ba7%fW!`dhes61V)#5Gyt!d*?XZwaVuMH2h=jEZrr2;W3kr7S!FeY&HlmccAVf(pEQ2*ERQIxZfuAV_Y zM*8UI(SS}uJ67*aaS_46*k5#%V$f5x*WlqB?_-*|-xF^2-<_0~mKuo;L*qP) z5dbvwBwMZAXP#3+(C_K#xnkh4@8ee;#y%S0V)4z$Ji{>IyNfjYKluneNRTi*?zSk5 z*X&D;0tQ@W(z$B9M+YlOHp5C|1!aWOM1uj{RhwK9eVP?=&OgN0W~(A3qGpMBbrMCi zL){XO-{1Mtc<-9{`{-#FcDwRA0UNn~mni|-J+Z;@ zDv|^zDn5jQ!ANqqMN_UKqecSX=ZC6GU%W+m*Y1k1ildW9pA-NmEy3Wb4iyqdmTF)$ z>MI$9pdBHhNC`r1&Tpo6oXy{*L!azmK9GpoWv8|+KdoL}%C8!+*2g}gC36H)EPCHxDATVL6<%uCvYvvnuE4p$Fz@Khm`iyxEFk0 z_8dbcG*aym_nw4#t!Ljsr8d6igqo_icw^Ml(cO+??x1#;nLUNocAN>JbW+Lm6#Jsl zIP4tkk{2YtCabjrBvo_e7g^2$L0m_FaIPJx5JQhFUFS?-^tlw8OJ6k96`t}Z%su`Y z>zDRzB97%{*HF@#&Zbh;Bdmy0Zf!PH*r&HG3SxyQv{9 z6iX4S;@~(2G#10Z*%c-)~eI^x-sen zZ?vvd(O-N>B^I4{i(m5R*`V5hX3+p`#OrPxjZgAVilwv!&4d-d<7mxG6BX&0C?39L z6e!vcVV7sq$bR9)`jG79yYQ!0d6-(uaa*kBFEq^w?^|W7W{jT7Dxv;Klm9NbP!Dv`uRL8_iVork_?( zBHwE4sJsQID)b>~^kz$QJFDt&{*eHT`rhEul67+ZzICzW@m#Gm#z1Hm)WuL03!7_0;z?}oANINZ{lB!T zIXOQ|^0^V0wYFn6ASJh8SKK$z3Qc1^9c;&mIwQ!tlV;qf3*#2w@&K+D9*h}dkk8UZ zgCJhJiq3d77w0>|9t>;Y4?ghX=MmPR(k+vpajm6IpPDu#{%G?QOtrSo0 zW{upQMfG4ggwifNjPN9HC#NLQ#Ht;od(ip#|4RqRSuPZ;}%N0zjtnuhg7FxjsJewJ+Ug0K#n#sT7_jtE_aABkhM8Zy~W z2LIa^=P1^+(l3)mej{AzdtEWBC1Vm}XdbR;(p|A#KX-^B-7emvd zaC8DL;?HXFZ-;5>Srs=_m^g|iI$o3>3_K$$QDUVldq$aDh@t<1M@77%rI?Op>QL2e zW04f>`%v4^o73)8IZedIc5toc*kZNvSf#fcfR3Hlkmzo2S%P073M3{vPDJgSAF$B5 z=S}JoXhWuq_gU^NyX)o!qQTW4pPGSx6yE!Y6w*D0hzvq#@}Q`+CxX_Vk2EW_DBQa6 zf4;P@%g`6<{aL~5hCL(Tb=B*zM8x4(?dh*CBlmos8^Q7e4(hO4UK?4oGvN_HUKm-N zvqYT1LH!NQe&iX&B^i#n=MUVMu&BS(6TR!kdb9%`ANC0dyW+CKoV}p+^ZAQXq>66I zZ7_NT$;Y)?82)=nJuS*L7*Y6YEZzdV5ges4e8}GcbwGg6UbVzK^0&mdbFgDj7`O@4 zSbO2k%61nukyyn?A%uVNkaLQp(9P)p;2C_=wQnQbdr2wT@;fAXoMkZwoh02iJ}}IO zlXI_*DZ+6NSb4>w0y2+5H@IB`?~(P0ZiE?W2JzGwvxzzP?=(0j-Zi>Ku#lT5HenkBy$i zluniU6Zz{z(GCij8~%JDLQQq3w+~t=jfy|aO9+xKf_BD`V~`_dX~jGx+rsDtt5|~G zXGC-;FuUOSdTtj$|w2H3a2I~EIZ>^cNx_65HLQO@{Xxgs^b zKC#~3iISX8?Af}5EO7AyMK~fj-H_=NBR_j$@dq6GGy~w|94x94)|5mNuP`;#CK$6U zRQvZ$P!Rn@@88#PkI@sdf8PWPMcIF^h%ftNt?Zs7j<{3L}N*_vzz??cM z@MNiSWCV1FHJ)jk_0KC&K{az8Pe~tIg2kgLzPQR>v<4|riYv15KQmY5GVjt5e!`T? z*kc?e85Jx9z%|2e#uQIbw6*K#qT zZ{>RF=s@KJHrOXk2u{!>xaA1U{yInCOCtMOgiovnvNO=C?yVIChn4BdXIL|`(s5j4 zVQBw5$@Cx054FnqM^L`^NiZ)Y*{fx|SH-FiUM)G8!Z(LQs-$kBO?orjwtv#S%fKmg zv&6!6%(ZsJAU84ev#V8% zclvg<97~t0rZ9yAu%15rxb_V1JGSqb<}1}bk1*3}{i z1cyHsr+-bDv(Pju8T#uF_~9g^*LcH*=QtV$IoFz$H4FH~wH!B;ee}XnnV8y()ecF-oK=FlZ3~BMMSt55Z>V^Ax`;LKNu&x}N@uN&5&jTM{C8-TV$dc-h z3%lM>xw>U1zE8x!l*5xq7P$?5p`q@T2ADAld^`mKsc1d};(XayW9_HCfo1oy(!zpa z{f;ETl@8yVz21|xJk!OFGAh128mB$ugWvM)4HU+~ca3on#r9Dc)i2zU{Rbq*U&G7y z5xpFNr^@-BmkriWQDOqVp_3xNL*1dz(rTz*4hauz>nO5(&?IL-lg1AX(Idsx|J4tjtUA zR_uZl)DkGqH+tp%F1bK_@2$Cqen9TQ=>>T#Fdvo-|PUCZvLC;;R2O#ww z3N!;h`1b^gbbn!f=&HpK{0K#EfWHFcf3$2o4vy;9MzCmuo3G~yLu1YuIStPD8M=cE z_`bgT8vlyQ==s;8z0Kr=VwxBLt@Ai2t+EBru{faR$GdB~i~c+`f-iWefOc@ksj`20 z-3s}PL7K#YOhNS*o~sjQ>KBWmaFn}pxFA;SiBjklsLQy+*!>3MbRXte_1ATZ&_&fN zhkk+jLiB|!*_oDEW9-i3ri?p<3)*@@c`#D?KH^2X2;3O^V4R;m7-sOMS1tFnWetvm zL)Kb|>Ie^U376doe|Odr9Bd*VV=d<*3WMi<9#mj4_9}PyygvPUWE^E`bGOW4aiw#HD~@_T-+XZ1=kCqRYFBg^Q)^ z0kg(F*u&HlEws9KgY~w4kz3jwL`P5({kN0VF3?ZA9#bZ;uesO7q}pB{jizf+&YS_Y zGn|80wO)CZ8!CpWqB|t8t2FzMwlssw*InYu_3uf?BuiEI&3`g?aHk8=EV-)A0`D#|Dxi z#VFW5^P}*kG6Kb}*sxi1n)ixFnQ$ zDGoVBFcNYB9?5tw{`CExI(q(Wj*3e-fUO8FKAJdwv!S9sVH^(_o`&HQ2uU^YzX~!f z^+RZg(qJbVgYaW47co6uP97|-7ecDgkrcDWUBDs1)w4XOlA(heqjKDSo{QlTXgt3Sbd$NS8E4xFot_i~nUNEKq zh1-Q&hUu|a2V=GqLH-YG z?QCr=jL}E&uMe?fg9e1ZS(g|F8)=b=G0HrwMz!%`N42Ebjm%R^>-4`-MQSD!Hi-`H zy5tRFkY{?C3Mw8<<(b)98b>cKB1%@No)L$Muf?khqlUk>bgZ-_z#`}^{Z)|sn=Kke zf$54jl_fZtL=66OB(&H`&aBg#jX2FEDDFcT`X^LHnj_ho_Z5}=XDbrIMCjc_&l-oe zU$4J$n%*~xer&Xq)oNn77yAJ(+<&VW=XN86e2c0#G3;%qaFHg?whs@Mq=hE!N~dvX zN{4aENf@=Fc9CklQbS2S{YC|)Ryh{5_*1Q<-H74^+kWZojUOhK=biC}bc`ccOwXubGn)OU7{q?*=saOlfs*+tz2wA>yIhPHz9eqV z{EJJF76Q^b>gupV5C1|c%3E#R+ArlWQEX^Ju~d_`zln4%{A;CCka?E^<{fvUTF=}P zJXXHbP^B`BFwyWf4bg19yP{r!d#%6RSi6Z==_G_x@$4<8V%win3v}OrzYw&ZaC&UE z-(?}HpZd|J<`GU*Z`j|dc;%%}Uy>T<@%40sXEf%v96aiMxjuze!9oLCuYS%D)%dC9 zjZ7X*+Yr^{8a#9P<4iAKs^IakRTY6mRKk;dhKUSGkVH+-@FK<9BGtwB=kOWISYW%} zUFmM)y&q%ju^*x5K#rlFA{NXIIXhNky-D_D#Y4) zMQis`^Z&5JfYj#C4y6%$ccDqFFwP6 zz!G@GWC4nn%E$K15|JqXw((<<`=BPtx&8JFjnw!}^`2AGN=fLg#xBA0zFN+rher31 z>>jwj(DG*{UazoW%1q=j+{^5aaZSKG5f$XB41JD87eS3znaHkq1}~7+zU7tNQZP{8 z#N3#@B^uy;-qP$JnIaKtNulAx=yt1ZShL+f-N0)W^CIU@ea|-pDj7nju&m+7rPT2; zTnMqy6Uf`uVJ1aO@D(0w$0z}`VC)NtiswgzNzDEWT;HGV%F?1sAo!)I?Uqkxd0@6L zqroP}N1*YfHJFO-UEm&F6Ct03CmmgwH~K+&>jM<;=eg!Q9YvLPHBh<_Fb^hoH<|4sw?8NyG1@E&G3?-SzI&YWej2RL#p24Qg8tN?vlTu|! z?O+lIC4fRpg1!N*H)l#PT1g(Q26c09zCxOwI|v`3oe%I8s)W9D;L5m$cwy<)+6|}q zX!nfHD!4hC1V~x=bU{tull~$G6oxRHG{w?#FjU!;-=OC8=pf9@kQ}xUj%IWrDZ&*# zT!uAC1EqDO>eN8pNI=01tf@Af-yRzI-}Ks>F=eyJrd}1vzj>vu$6^y?t&sFxolWia z4@I&4_;fqM}NZlVU>kgu|?3tGgtH_ zz+9;8V!Qn&#Td7iu!u`Sii)mcWx5yuX~D_PKsB*afh2>YFY%b7B_o8B)zBmKa(13? z^unI^CsBY2H6R&yp-Ty7f`4im4U<~cHL!(LO+2~7QD%8*hX|a=SjP`)Nbq7TG97vsT3ysHX zZd(#)n97G;-kS{m^!Tk9PhOe$P0@xgLu2kId*)PL>f6X!HA7{;@K>hTdt@Ag>qhO2 z3>-$iFB{R*E%}n;jK+VmACrkOOsu;$In~5gWTi1=s6{d7xqma)U3%#ulh=LVv9$|w zk-Y#BbD*9Rk`Df?*FFtHRSO;9L5`8}AQLQ2*q`}i=_GeI2gu9lHN|MhKtn6SpeZuA zs5a5M|E+;2Nf+6uRwg}4rMGmf$>xrgt3;>{ZzKUc(Cf7e!nLwrqap4qJ`@onLUaT+ ziv%-}$E}E1<$TE@s%L)npq1B=k?ai589c@c6LhE^0MUxLp6}%jB3w@CZi7zOnXva} zk?It`miwnKQWin>XK4iA)<7)g7% zX*>p!w40+l=Dq#cKf!#uexB5IuaY`@G-S&QEy9a@_=9SU0&l zIzn1juj#$|i~pD|^~6u8xsZ1?1twQMiS&L=Hivd4MugXRJe`h4s(3~2(d?j#k*K_Q zj+!1#!CT2AjsoX&3te&*vEtOXT3B=)gImT_CCRT5vQguwMe@Y1JvdN>BHmzi{=A^V zgw3l&E*}N57S2)?kF^D2-69h8-z{^%E(meX(nB|jC#fs;iRE27hzIzHSKp8j5tRyZ z9bqNK3jXG**M#gkP(dLC)Sv(Be|YP`u)Ko*sQR96`U(D>YF#aM4m;4}nM9k5!J+6$ z)A`4<&Hl04*{@?I%3gDi1R1skIbhi6Bd^#;1XelF&r>D~gHCs@kJCv1xc8iG!5XN1 z`=latV(f(9Vo7#(*|VLBKN>bFk^iJqSppt3G#`y%pZ)l zP`18Zg?((U_C)X!$#u~h2c)ngpSGk5QncJ{i?Zt5am;-hwEft5R&P}s83-DLQS3{0 zpM$=_wd;_r-1}CPORZeqXHaiL0@tB2}|zWcxP9XCRHQ=CN}R z!zk7he+-Z+j>i#aD(3in&mIR{n7cc%BISclMuTC$9Z*Bs!XR@IVaqSJPo(cR2&-09 zNazVQmmVOGxY7>2i6!JsUZec;S3dNdai2)EYquAgYq>#(5Ko7Xly={&3$KEko+ zuQ-UTW$uU_#(_hBdZD;5Xzye?D4%=>tbju2rMi4uPa}>9d2;{tmKJO}eiVQfeh-sv zUk$qvTmic8jFl7617)oGNFn5o9z{fzt)-op?zb1QtMK#Dz`7MrG?8l|+!#xD{x9|8 zJ>IriHid^+{)~|-d>-u!QKE)#EM)W% zN3TPv?0M?+XEFBmZmZuD50B<4q-1J?QgoELONTvlx*{jPPBN{~;raJ(3Q6Cec^_*vRWCoteuKwrz|E`Ktv=IDD(@TRBFl3_=1cvM59nn&I z(pvpg3gXs$j}okcOl0o738PndM>V6lFa#_ZBa!kJRg(8Gg`+!R%5P>?Jptq4J^Q(GF)&5a_Db1w42PdGNTT#;d<EMn~%9<=i+yk2TG#_pqI;0x>G}NZz zLutLmdmo;CXPa_fdn+(u;HovKPjA3|kL!8ehWbvK`F7pN_kY?t8=X_j{n*zg!A(ME z#&5e2blo>+JG*R{lkIsH>w%D_7*Fp6gn+m-Zb_wp51N$TuXvMrhsj{P>sF+v7}7;= zcK)Fv@h5(O+*qviy;VM^*Nq$EHAvwYq!2tlb&9RG#yc9!kBf>hm${>Hnqgk?83%kt zJOK};9=gU3SZA*?PJfXOYLpz2YaE66*mM&2NBRbm1`1t^PX*1B_0ajQYl! zWTCf#!f3Ph9UEXDM24{Ga|5S-+0%hik}QoKyD?-c0ZdK~<7VkmfzW`H%;`>+hwB63 zC3#|oH$vrN&pKEK({Ykysdg|oMFr#(ABdw%VN<_;`crD(0CP|@V9!$W7QD{d1AfPl zX)45r!U(sd*dv6vaOWm1#Z zoYKv265h+zqx(39LiKbuS$pshiJw?HP(|DYp8@TP|pPmg?wqX~#_~*um6TPaa!hZDw`B#r} zGxQyZevqrZm}`#OlR?UljX0-5B5d`2F1nSEgA{`0l~0@Oz@un(37wJ1pPCf9uPKjm zDRKZd^-pkUje|4uNNdut{z{{>F)HeM|5U~-M-(vnZAadsa%ak zbr;8U>xE2^Y_)E3|I@c{>zu;WH{&%H@j4B?;yJe=?L}iQ1&j+6l5^u9V%apK(Vt6b z0$&Ydi+-DMzu?c<8#^2KU1#YgjVL_SW%_XJ7+cix&ky%(0(cUX1)QwDlLlQYIK|Jy zi=_A}Lw)e^2UzLlWc%YeU#0wUiIIq15DsQ^I=Z7{VcSa~InMHTSkfP(ET0xVMvRWA zj>-bLq6sgPa7ocuq+*i(F1R`6kHdqU%ieE@0=uF&y}1DGavu=7CImhUgBBh`d4i*a zfDQ-6yS_UdqBM$0&v*B&b-^^QJ-`g8aAh@A&}xDS74rD}{&2H9S40R;Z0mCc2lOOX zQVc19^dL8Io6qO=g)2EYoPTimv@>bac;rqjx@%A1PV@K)iO9Jr=D7oyul!-1Au6=&>N0}4cJ%QMgz(FWIu zWFqLew~i-dS(p-aA+-^zGLc?7Y@|4Bt`qB9#gI$uDNXc}C|bOKF5j@1ymt5Sy}y;Y2xS0ZgJeeCh!jd~ z8B=*}WoflDWELaEIz+;AHmK!lP7*`hpD^q{3;s~x!Jx#Q#Ac=-_l0sC7za45Y=$0B zJyNqYk6`(UuJQd%vRPLMs=xOU-V9FKeLS^Y3`_+x?9W|MKbaU`p+5#Pmb-_BbNbI|A>ITkFimv3_gThHpY0ZU)zKdfaEZ6&cQ=PdUw#ICl%Sqm% zOzld$cTK4uUug6Ziw)nJksCO6lX1Hp>J))Knl7=RPK`fUzP=cUQG4C`7ce5sbF+}K zQzqQKpPp~+O~z6a-x6G}2Cn>EZQr&wuO=f4lZ_lRz;T?=eNP?ni~j!Lu6J}K--z{= za%T9><%qN*kSffwpSamUHrj`J*|*|vgZSuBXSg42{k%I0hA$-GsM9d#)Q{tDq8e~V za?+aPLnYe0oWK)?Oqo~Cro5lHKYTcZ8P9N}i&ewf+b2BP`@`@zfaumOkG$vw_yDgd z*VHi1&-ALGnO?|C{9lSWsTEAhUc+VdgU|u&0LAf^r3;q#JUR>ERtu${F?3_J-#^ww zDfl3J^|zRwvnLbe@E^JU3SjSj$@1t0iVhB?K(*P*#74=UAu~~~jpOhj zRj&gsWM14VI%YJOt5Iv0SwZlAc3-NaE<=xi`q2a#~L~mp^vaoCmkeZ zq{@)-VWMW=oOl|N0!k3%Epkj>eMgW_{U^P!>nkFzrNFa{Nm?Wx`wvtm=$HcIu|9#> zn0PT^CF&z2*#jPlVdp1#tJ+C#%S<)FHqv@;+(ggPy+eoI9!xT_$SK62f}1M!fHkB- z{9QV~zv*#17F~dzz-f8Zy&=kkf3qh~pqq3D3NH;e7!2&B3(^y?2@>eJqsz1)wgjT? zT2&-6@MjHN@uPh0NT;kE=+h?}L=USe5Z2$3`_8R@U2n+oxA3(4`+u6C7Z9Tq5=Xux zHJpN;$gaGU)+`c1o+lxrm;#XB=nZw-9_ur$-T7OBeY(y^Z<6TFWPn~2{Xf|BB7%)cD+8 zaa*m+AQ`P;r&taufqFTW|8HJ{t>XD7gK-{jn8WWyCqkV7p3LTDW zXFH1G8M9|lvIF1j>Yp7O-StnRmrxV>uD%Y-wc3iMmEhj{n)jIYm@1Tug*xEeegM&l zbIZ*C^p-w|;`vRb`)1>xT%R4BlY?ELl@CeIg~T`NRoPVrKE8k>5A4U*Hb<&P{v3p~ zSMn$u2->0U9$;=?_9Z@-$5U2wk76W{Oss|>D=`V2sNjTOPmTRQPJU!DC1qJ#og|3rzhq80YUY@vY6k0&(z^X{3dC9OJNwqwqF$Hmaw#%;}&| zAEcS?NsDTu8@|VC``Wr3L?IS#gGz571JJ;0mQcnYmWt#Z-c&^(A@BQ>2VNiMRVqe> z%)G&=o(}DVPwRidxC6~8TkSkcs6cQ%z^T+MQIhJF(X$ zLy@P)Wyb+Z;r_s1sKp`Ci3LKj-l-(M3#0W0=aN($iU0LPz_usR+%+2LB&fgwkACm` z^~dw*kHa*+56W&zJB>0l+^~NQK3E%(LW5}!yBFu zMp0|2>1iJ^Z>~#+qj<7Wt!WwRtE#%&cO<50a&dB#JgO-cIbQK^Ze zR>T!TpdF^wEUnsHQ1y5;S>d!vJzR4GVwlrZuG+b!XI8-2KVvt@R6ku+Z{3CBjweH{Q-nL}_B0Iw4<@vVY=Q8mShlH!*b8I`%mWmxLzZ4`hf)tG~U-^??#KAY!k9 zgl?tmci$(*0a9n0a8jS(4g2vNte;rt zmkX7}DVPkn*WzQLgAn+_k@}gPq>dKGE*Lf9`yPkOD3l^8%8w7vnYFhLl^BUPPGTb^&*>Ry2u>W#3u#m;PeW9Q?u8)-WZAGOOH|2f&e(@6 z={pI$|K2<*+tEX0e5R!4lsjPWwb^Y-*SM`<4>>d{9)O7=^It)=ZR0b)O~phWGIPrN zAa19U{r1Ds2cLA<`2SWSHAGall01LsC*kAOd5~xnS|VV*R+u005n^4VAbK@SD8gyJ zjvvC_obcN0*6Qg5N%6}df3+7o=juA)>=FCH5mBel_!5Q`RC&mc00m@gxv?>&NERW@ zM2>)guaCWxNDMBAwmd))(JC=(jNf@oBSX8M3&eS4i5#Izne>C+l>!^;uB^6ct+Y#j=BZRnBzHxTfYrpSkSn0y!=P|HHs~cGF?-Q zLUGdUelH9ImD@g;(wJ9)EOcMvFtJKD(kNw@BeO;x)Ed^@aXJBs@9b`{-#atv@a6Ip zitTEyLyUKEckrM|(A0a`)xx1Grr$!ZeVBB814?nlv8e9xb$7knbjys4e9N{47vt&l zR0x@%)c0t??~C%@RLV1}PjW1%@Vc(*KjTH>xJ8Ti4_+wgJwMp9 zkaCm!KPk023H}DM@D?Mvy*fr?%%pvwRXW>-MJ1kXUHhZ{?RsE>ybP_`>fA?yxZlh? z?{HsCeew}2P-fo6VbnnrI6cDWjQx_Z)=nt>xKQO1X2hs?1wukuQbo3GVJIqNs^GOV z?5NJzB(l6NU!aosP@*^AJ{lpY%j0|4291az;`1j{gtLBg><*L_74 zCX0%TJGa2-PZh>y-VH#dS`s+mT8r}(U~=P`Q4y=9MupcgF_sm(|5i6MQQmiir$Fi- zMsdrfL&@_lQ`p!R-j{?fFZrdu zCYws3!D zcsojNMM7H3kp$0q4B@Az&|XcCfxqP&ga4Lq{M!UUP3br8FGi1ksl>47r!$x$)j-=q zJwH)q$c^AOBo)MFve49qJ@qfWNQJ-kBJVXwJ|SLU4aWtf_ z=)M)yyJnakYoU7Hks(2{wMJ5%9iQiB+#rMU>ftw4ZPY6X~^+K5K z4pQ3U- z=gSr%<%w_pyiw8@Td*M9te5d&We}4Gc9x{FjF-B{W!3%teiHmfX&3Ub=0yMP`*kUa zyg`}usi2N28z&2fD&g7n_l%)rm7sM}P|Pg&9J;boY(v)WY7c&^b{G#jOVT&1wYS<$g*x%X&{^FDM$iYEU66-Vte#;`>(Cim zOWvNMc_8Nt9XmIjs%93<*EYUSn%ve{ag*E_P|QkEPBYm1zfDtJHLJsGp|+m24Lj7T z<2vg8(NM-t5H4_B>++ZWnZ+e=QUj^6)AEj!@_P0yK&j#nErIQF2n7pJfdnE5pGhEG z$cKLLpaEcl6A(9kK?@%hIVUWC4mvxRMPv&4L*OEMZXks0nlxD2?1c>6g8JW<0;ZycqKqA)dN7CmVVD0#-B!gL_D6KPs-xZp=w^tP1kWmyj zq_<9-bbI9HT>+yW#QH$-baNMaD6U7t1Rk4u0<2RCZMeWUNiT_nmq*125no@tG8Bkw z#zBmx0h%P!2#ev?O76;KaSwX2vr}&Gf?7;Tq5X*){#^%e`8}pZca~X-LE@#06e^T# z-%MZ}4JA#^&ZrQQD#Mb_C&7`%ljq1(NqQe0_-7jRRlkq1n+2k?zmf=RKc`*_O2PdT=*^qX#cQ zT5VJ@aalg*$d^U-UIQn;ja&DRVFhTML#8__J>qKb_a@M`M*+;1AJ+|HtFK$j>PG(j zi-+NU+t~}?!Zqg_6Cr+r#^5k8ffp9aVhQYJu!mdae*Qv0OG-x!5<%X=6no=lSZCX+ zOCj}aOAZH*+2iRzrRxCHR1T$brebn;@J*jkZo?vbpj^q`w9Fe0il7dvvziHOl;ROs zjWMZ$Ag9*`zn*_Y3L3Yg1QlWl&u2oM%m+J?VS6VT6&=NeiUSi`San;=Wwba%8 zXqas+heV&pF|!j^Z$J-lWzYH4zRTiLNTrNqWJ~wPOc?LGGy(0 z{AK_idDZWA7)%D^I#6>jk3#u}<=d+RVErilt!~(P1-)bsT;52hnDK8_uFx ze)g(z)*V60qOe&ef$=Sv6rvl&ufLKI^^$*^0qbYg%nF|I#D5}{xE=Zl#efs%`Hg)D z3ic9p5#RHGkzQZb+n{dacSd*hRR&-0D*Wn3A6*76DzoVI-Jah9?hD4JlPY6b+bjI9 zk#Fz7SV?r`NgY@Z1GA-a1FQOXQ&6HUAj6u+nbZOgGuy;*S2}%EKFmmTqam!p1bV84 zDm1nMRd0eLs%G?Hx;*e8QXlK6i`^q|zEZN(@Pcc$ZfU0vFaeb}?5Dx#0Xlwpwe1qA z{Jf3tb@Thh*%ak?g{5ck9Yx)#Rd7H_k--0Yza#I60DT@Rt(s5P|G2#A3+oMj@o{R9$Ff3C|AvkRJ&?!9VA3-fnj3>Y z$ss+D&9K@pN(Gf^Gnq{Z$`HMmzt_k{H)&IoVhJaw;CtoL6vEmKXXHCVrN9bW#KaFm zL4a&fxzwHVM3bs3K~dM@RxVWW(}JAw>{>_2a+uTnUY>X;N$I1L%@=1MkCjAw-wTxbAT z&sAe92viCdu*}GEJj(N~ob6v1%5%+lmrnuU~ zZNmGdUhS*X)4I5j=-B_k-g`$y^)+pxDmg148CoR?ND|4RB`Z;Kl#Jw@5omG_B2fWb zl0*rTgEYAjkRUloYLFz7p&PpUO#6GkZ_Rt}T6fLdd;gi4_5I1&;hf&PYE!$ao~Nk$ zL0PA#u-s$Ilk3A5G>A+*dRfo!-|;>k_k2%m0`^7_o*ro}p5U~@wWRT1y&djQs`tzz zNBxBsAAvnU70QU0)xzCTj)aWCpg2N#%4(As_!Bn>GrDn_rubN%aPb)&&<){3#49p& zFSkh$N@%;Vy`XYu4QXj*ak=J01Hc*N>RQkG8LaCFd{Kkvp2W0EHQ#gk`)h!X>qE^u z9c2z+vc&kr@_2&Vckb4G{E$`jB)#%skNDfSp)F#_z5?2XR3d^3imyB?zo1#+oWqDccDCBHJAI-cGjQ%S~X4(HjFbQRn z4M06}`54xQ?sH*W(TpJ@usm}N;dk9@{`kQ`m`D4T+b`AXPVMkp#i4io@JD0Rhclj< zT?l#|y%Z+V7hyin+rc z+Y`&|aZ7c>A-37QO_rOn4F3;@@=-mRrtt(`m=^uyj|Rgr))KqIZ={R4A5%9s59dEh zSANGH9dffdEG1S|6Go}Nq~NP*e0)WEH}x;b6$MPuyOG{cYWBeEn^yt3@A5nuYkV;;8EYKcKlwNpz! zS(-lam^iAkQV&^*5(~{dJO#pBEiW^qytTXpV)TFAvNoav{FtBgizkUi&deHe>A> zhifuxA*d_pA>;&O)CG)Qt_I$$2&Sm$^lpv2hr%ZPfytqewyhh9d{#RXg~%IC_gQA@ zMH=VbuaVpqt(1Dn=WicDirUMkB)h@*D5KOuZ8aO+gtrv+;uhkBW77M+@4?{*0a#}9 z2@hhtHpArwPB{tAP^-yL=H(r9So;Hl3$CmeS*`Vi0W)aW3EBtggp;CWLrWjckQ=My z*(UC7LC(PFJCXH-inMN;jI!=g6L9YjoOd+t8m;h%X0P z9o+*tFR@inz@rOG-R#ntkWx>-F6x=rV2d zQV@MI>Q~)OEt^NWFt(PAZv8}muqgI)5vYOvQfsZdWDLO?^(Ih+u}6i_ZD?bY4#1~q zbs;0HP7?-P3d}VF1|v8`k7ekwa;wb?%fLUokUpCv;BME|hPni0X|ft{to4GP`u!wSbY?JC%4`7 z=f=Q?DJ9PEQLN&QI^GW9LyE>?NvtqK>G}u?{w?d;k_}P^$qcxoK`EALdWwu<*9fwk zcmrRR!8+rsWpG$RPR@yF*e!8R$@3PE)vo0!senJ#vI1!^*!uoBTp}G8xe{V{yoniYWH zSCOw9Y}yq2$02_tgULLbRfq@(y><&^1*f0wjR z89qDVIrSasI5VDx+^y6*rU);ChENBe$$?DWVKmpr*j@3tE1ASaH5w@@%)Uk7QN;C{ zz4>Nf4*`92-r;Kox?F9xMjX*FvrsEAfHdqWFsDboWyd#$^{9BdLvPkGb?H21-uEhF zDAND)d#YodnYwjI%yb?c;U!H|5S&?Sb~PI$M+_1T&wYCrmcaO#Z=l)fVh^!8>}6^im*TpPVBZnb~R|9Kg4I_fjOYC z(!53(!}@j7i)}DwrSYTNNgq{@uen{wzFR=_-|}Y(kV)YC+)Ik>jdn`fH?o%tpx_Pe z8oTRVl=xMmypYY%Q^(N2*AiDqtsjQV*QbY=@$PdOwgTjh_;TF( z>(k$;`o6(I6e-6kZ&v8fVwCr0iuWc}gMd5~Lc`)kfgJxu|K_(N9KUeyg7Kd|s?{iY z%#kMjqpuHeBoIlV?1xK-7-+y?MQ0636Aqf*f@6MEHFN_HB#24Y6=KS1fc*rQX8imZR1&Hb?Yjej7W z>Nv$g-up3^tIW;(Rn9;jK0;BxreK;F8kVYg{kt3nyashT!sRATJuFHNe$_U525U|d7sJyQsoL9_%;CYtXT~~c_XG2pVqDd3h z|C;Ro#hP(R`3=)LE;d%&o9=##+X#cw%6k>M6_F{4^550Se%+I*vb~#E8CjxMN-D;S z+b{mysGaIm1J_E@x4c=r^W_ZF)s0q^MGaDh^%cC&D)lR^ifvvr{D_o{AKNn?_*8k1 z;76G@XlE4$R$LtCmdfUEgDIc-S*BUTO ztZz8hgX!sct*v2@0eV$Jy)>_T*}DyWmFkMJd-cp8lEz&9KTeiD2F!2zu3O>Ylc zCV3F$D^t~tV5Sr;Oyh$$o5Xw6_-cn!<}UOK6p79TEaNPP*Lxh>w517XucXmCwuQFa z8Ix*Mfm_y?773>Y_!vL#!XT#{%9^Yb;ONso8M0%}$cE!~q*{RpYN0#viJINX(hv`( zT2_5!VNR3P1I=}8T92j&T7sd6>y60cl4PPOF}9y086TMmhZ zEi<&E1hVlqaq{MqG)uhy`r#b=zpLM0SfSe`KJ;7buw6>>IWkv9Qc z{WB4wa~8~lKmDPZ{KsIIUym4qP*3xp1Tu=P7V(5-yGUcrnG6~=i&H$Q9i-0b7=$*Q z9hZIiNMd~+s4|Sh-Vd$!ygrP@Y!HkAtVa}|POm8kW5#yNJ>w(?w@K2R#A@8UfUg1F z_wrw$4m%Ey>i2rj;rX7_=%a%GA#`E{t$RL$%Z<6^WEvmNxpsa4B71a^bVl3qhGvIu)*R7_mLt~G~ z)Tta(D}P#v$H%X%nVF)e;*?-%KvE)A_d|DDX+gq1v$BDj_uqP(ZWtN-`(%67(WL*@ zI~!?`^>33^Nb&t|{pzApk5##eTBwXCTfl*Y<6N`i5M4dm>h4IP&UUkRl{ z<%=Rg3Ps^%^aPhL-YJDL#cQ+eqB9skrW^CUF}*#As5vZs0gym+w}8MkF*;&)d9TcT$j_tJkrT(u^y;q@AR)G2KGtvZhCt2P1_2#MU!_~COj zhkf}mln6Zla{<<{p;q&6)H$=Gf8nKJTO-$io{I6O7#KRs_IW(~lSX7}9Oyw@Y$6_& zByIb}&P!43;o9ap*nc4vbBJt#A^QGAoFy~2Ji%fFWr&vKl3#)*u3qfSA|A=y3Vy+| zkwy)=&sQQbgBS-si@%KX$erjf=ue8=EglsEiG>k9z8CHA+N8-ABLg!#;6)R3rKo(t_4A%tTna~bL#yQh5KSHXmH>vY~4&*&|5aM zR{GCXz^S0$3=0q%u*9|!dP*Uq`wbZT`MO8mE$zi+c>$iF%;h6oMGQgnhZyiD?$}fx zD4r>I%4qLbcL-<+I9Lxm5j@ zhsBC@iJxP}LLiW~cD zEAe$%jh%R$i(K;`tIe2@-2J!S{Kr+i|2CPfpP>T5zx7r}SE~KnWcmeJ|HD`F2-T!p z6VN`*Y!+%qP~?2km@Il0`!3UYfbQ~@{a^|4v%UL%7vt$;$1VCpDDIz}2eQ08elLgX z|29(NFF1~11TVp(F)~7Eh3;uR)NVQ!p-_7SRx7 zQ$|y$?toTymjiMa-|w@$uhV-u1|fNNj)hoN843}=0BtXpfP*H9^hxq0M|6k=yNBT` zjl>&#+G2~9*V^h;CHiXg|9y6>F}5sJilT-olvCTaCWQ*Uh+twoy8&fm@peH)@XKz} z#>gD0eE0+Qw0(C?aY8OHJKQWJ&WlS{nF*J9PcqlmcSmTqki?u1>-av~btdUe<{=3OjT9KDW^!uACnA&6-hJ&;N{J*SzqjAv8_Y&)t z6X&h|zSI6s3$%A*Jfs_Ynpo-j$8|#SS<@u&R{~EB*ra9$#Z7D4cHLcoR+pN{q_N!u z`-)CiGchO1f{x2*0y^^>?j6U346-5dC{Pf;oE6-U=7|ad{xZcwCjS+-W8IA88nHwY zBA~Vb!OT}7<;7SvzAEqaC~9|g_XrFEi4i#`4govy&3%@ameUYoxE7?X7W-{X>TG8m z=qEuAj?^Ou$>InC{I;Lcqc?xxg1CuLwCU|np(pnTOGUfh9Wl)c5v`u}SYmC>(WtU7 z=6qX3C%%6=0Xh1!SQixv2iP_1GM(0L5FINeyvX$W9DR+>6ZPQ&C50>|RIT|v-8p!d z<&}=2S_K5p{>-p`(h6pv3jY#8MUF56%^gb+mTUVCXiKF#EHbTK(XrRG-TVdhxS7o( z9=L&5`WPrF@oxs7-7sIq3JXk8tdcGOYhu-9EhfW@f_^c%_q^x3vFrKk$CLGIs6%l( z{I2tQJREZuIl5#f#`C)Ydz+R!k=AYK87utzIxZC4-Sw3KM9g6)vf`VLqgL_hZU_*|qy_@*h z6MHnop7wM<%1m)Cqr+R;mwrqlZh8#H^o}?3p_?#v7{@02fbo@XN{`?%6p;5|iH1&RJK~#o5$jokh-+Z{X-}UTMX(-pCkg`RLXg$g(MpoE7&pWM_r8= zv2^)nT7uCr&<5K4HH3!dQDBbK>_vEcpnvS3e5 z0@v{XBnk9$i{l&Qq5suF9Z0TwaLD`h_L@WZ#cC*b;C0HJ37h|n#C)}m?S=L+jC|F! z&3kj}7w{n=t?zBCz_X?cXiA1i%THgtnX!HA<>T-(<=$&#TJJcBqT7$Z9JBPNPQ=`I z;lT#H(&oIKkP(F1tG3dr7NTxWltD3x4(l2fccBKBRdil7KZ{9aT=t!3(I_2{Com*XKo-Z*3o z$On8`$;}v`CMqA`^Nt4k3XIu~&tCAW&@L%-u1gi z3iGro>6Tm>IKTL>N&fF^QaRBTdL<9ThN8mG`^UHy9D>>V+)O_ha4{g>Y*jy)snx|f zX=!;fay5mx2y&h!>ciA1DsSkOXxNDL-Zy-GRN}JO{Ui~ zo*~3?FO#}^kQLCevit~wU)}iTtHnzstZ(3P9Xqw>)~Zi){x}$4OHvwpZ{Puu!pQEh ztt_KhciHiX7&?pjJ?SzB@z$-_{ds`brTV7$%5gY8ei{jI9PwN!f?f&iI9{M5=q61F z-uAVNqd^%H|3-ixb*9T7c+}&#_rBc=KE1iWsrFq~L|1E3+lyJ!_x9jc?;4c!=AgZ% z1#z&wIZ@PxH^tzVSu$BDSMnm{sPJHo15NuD3@nEEKd*}fMg*|j=8}kO`#GSmAW6$xLM#zDR$VXY?~iN6 zy#DhQGCmH^*?iLkTQ*Tq(p3i_Z*J=T2)kN&|4vYfS4&-B}ud6{B)_w zE%Z1B2#~>sMtInn%U&?G?(~wOB7CoHr4eOW7i-7iAW`oy8dW~MiTJcM+Mw><+H>|S zcq=mXrkqfduu=z^F1R`UeGR>c!}rKn6m!{EFBX7A9rW)YTl6ak=Bo9LkfD+vh8l~@ zU}HjVGoA%;Ew}1!>>ZVr3$Xfgy0$y9ORDIcZvEb`g+(9at!=CYTI@Q+Oskm+Mckj) zatC9tz6zK~$oUmoV1k9PVUq+5^c&!IHbf4R*crhDV*c-IobUXbH2DhwQ3Zf)M zn&wbth!RCvvbm3~=Y#tT5Jj1>JGLG+T?~-7X_DxtA>FcBp|(09>NZcFthU=bp@}YG z_$uad;Y(8?RoR}qb(43oPO@?07OyE*Z5Hm()wBp*eI~OEjq!47_j0-}z2&QM@G)iS z2@zdI%fn=t`bIBTDt(hyv-3fVty0Lyfq%GMl*%)-m!&IM@KwZJlh60F^}Dx0U+;Uz z=e@CFu>Ez!3_5dqBqbx~&mjj4T1ZmQO?00>pGf-v+%cN88>EZRe~oRCwGs@(ww2ZY zkn{|hn>uPR_~O{n3>m9lIO?}e+gRiWZMzvc6t`iGx3!k0+up51=WbejS6%>kf-urF(08$1Uqc z#}xJ0#Y-UQJMiV=G`^3!=@lT@c|?9D_mvra^s{B6#LKqz&((h6fEd5ksDY6+ABP@N zpWY^V(9V{;W%&!=Gn@5j6l)sr9#Zf3{B)|BP>(u80ivaz^ZdTMqYY(1R~nrZ9o4B>QS2e{WYqe7vYCYI8 zrAbd2`|T}~469B^PVnA!;sP3#al2(LavtAt!jlH)kf*yCP}TBq5_)TJ7mIhB@TK?7 zWEL@r@EcqjC@KMCtWou2Hvs7ZUt465y#dp|i^bOBMIGmyrsTN|z~OhJf9ZS^E{;_I zCzG-E#xlFzDjxiq7~%?WgTiifxUG_Z_xWg>qjw~t2B*&CHVD4l8OBy@jFnw<5B#|9 zZ4nU?AU?wGF7wx)>9TC6h`ZQr`&lf3U5`qI&c3M6&vE5>L?r31J{3UaCLVD2b#AUI zUarRNzhsGNibf)Y^%~5Y+~Pb&CQP|n(`gpxx$e4P3ts%(60z#|`n9dG0eB7*CD_ym9*cE)(bpvjc(m2!x#c|F73W$V9iV1LX8F+(iEuqG1BtB$6gUF~(_a@S7}SH2bo zo&Nd@Z$F6#c$|HfSjLQPTkCQpw9oPb6=U*nB7A@o;S7u|e#jGVv~ZOV_PG|a-&0m? z{y&=fBm}q6rzmdA>@QYa5ejbS>qc+bJhC!{l%I@n#(W(<%`!-AdZqEmK&io8cfLvn zNEI=;*sPZKBz`s2PglHuJn`R+;Wp&!xlg^vTcU-6mw%xtpPWHd*+{gA3^D zRc@$d6{j4Nyfilk(cAy=SMm5rG=3Jqg|QwZzq5(TX{eqWy2oFwK-rZ+{_O8P(~m~J>-yGyC(oSvU}+1^=DVYCNSO34G)C>XU7wp zm_fx}({=w*2tHC1_LL^{<^NrJS+X%_J zZ?EzcGkz^~|E<0PG0B&UiHT9XzJ3`(X)bD$D+5*byR`Tkgd>ZMI7X}uv7>HtNorI? zqLw_^s2uWxsloY0!7a{hvS*B*1h9o3d(W7&B@d=FGKs0pTTW-4H$bN~uYZqF@C^cT z=In*iHCa!0wz4hnxI=|ZJR4PkfS+MxXEKan^%w*9I5L>!JVdCa*x^#ZbMCYFW5*WR zOKZ@owYhr-iZB{3#(HSI-lag;Lk{JMXLdtD%@X*8bOoY8qmi$&)!>eANzvasC z@}ADbQ=iMewj_RywgtP=b-jytJTrd&Lb<6=x|_2HPcD zQ+7<)0-L$-hKs_EZCrdwt1IsNB=u@6pFnj@N<{D|kK;y4UQ4)q-%$#o>l-UiZF2Vk ztdT3&_BJ0pc5B-kO9HD=ud#Jwv*VwX7wEvpXBX1cd64+kwRPvQ_r7% z5^c}?5RlIUb~aca@B#Nd-=^`gQ+P73;aSaQdTCFNqy+ ztT(5YsXYlvF7d``TJby!VAE(UK=Q#TNKQpp5~m0{zd>NE1j$%m0E44#AA6a|4*|PD zCYtq8gQ*N1H?>kn-UKcF;}hnZ$An^o^iR9qf3R}a<5kvs?(6&wyBokSpfJdUz>5tL zmF=1Sq@Vcd?auUD1QY>19Y4Qqn{v!bh;j~&tkA5W)#RM4;Jkz_1Kxm-Y`?K>NSyrt zWip&I8rNt}B|OWpYW=466L;=nrrM-Fb%CijaJ_W}3KiH1M*kjOaDaY?CQBmB(OuXp z<_(h`k#6m7;l-g7R5$q27#t^88kH8=Cob=M5GjeYDxeejbgHO*zf=N~BEej!viXZRE6lMuC?L4Lznde7O_Q+$Bggf$t-eWl zo*fq)@n_L&l@AelolamK>OwkZfoJFzsZCF`Xqak#vXy`m5D z)|}tRXOqpCF-X)Wq~t^A{huvA$$>D^xtF;qoXB|v^l_)_WGfFjV+u^J%tt>SfF0B5 ztFkVVo>K#H9|GCHy9OZ6;M-uL@$czJx3%Ucyja5YiFW2InAv#*w2Q&LtWjR+q7p*+ z_o<#>r^PDcw1W~LQblb|km;iyp&P5u?r?PXX@A8h6Z|5So!5e_0zk)lnznHAICViu zP!;vKZy?|2PNvSwKTEohAs9`^dH8|-xSyo2){7yxhE*)YO zpWD6s@NeL3S?s*_7?cVj!g@+KendMSOI(lHdjx_)-C^$%I-aPlI{_3DarOZX-B znsT2?68%h~e#t51!#CUoQ|b^Ja&iZaAk#rwqYc(KLUKPF~_}9Ny1%yXr613 zmfh%}WB*OjRQZ`mTHEXgzTG4j{qd1MLq3Xc3sAZact0nYtU%~0UDW0{QtD9WvjF*! z`Q0NB29tdaWmeh<=T_Sn9}M*DEsOu_`;BvN?ak&OB1K*0z@akOU;9*)1gNX3D2_?H zkG?kYhe`Ny$~f2X;ri9}R*vOq-`9pQDZJSpl4Ozbj(G0JJH5~6v`nbNrAV4%L5YJj zhsuLR&nvhnYm0mAbre;W-P^FH=J74k0{r1=kL^=$HbtzHq}(VmC!cc)dS4w}6C1#{ zenlg`DxHoQ>-Atx>2Rh!lLTBFop898xb|&}5T5GBy~>G(eUc*~xsq*vNdQAg75BOM z=Z6tLiQiTsFEl-PM%Rf}#D7Ln`Rp!y77Le!U%V+lFjTYeU<;s?@daS5Y|f-nZ(I|h z6wb3Y(qX6e-`3uTC9%DYFu=8p3+<(~l?#GQP6iXMwzd<}-(^4_hl*J;CO~acc3zd~oPRQ;)Vfw}fh6o(3YO>;8-CZ??Wc~eX825_03CeG z)sJ>rs=;HKYmx?OnP4GF9+ZAP-`Emk2BDNu-d?mdwqKCCjmE9UjhL1c7$w+fHYF{a zZ7uEVmWA=_pXcibEh~{p;|By8+_Lcp@NZ4H;ITB9Mg#$!=^IQ2X4&HBdIh%-h=EzgGQ9C39Kj9a|X%x>T2UZxd5c!A`!lXt{np^NFJel@}71|={@6} zd6Sj32_#s~o;sP~@x+NG0=5!syxO|-(f#FbVr!o`_Iib{Y2fFJVNl4aH@4zIO;W)N zcXZ?N_UAdv7`8IsSQ81xK;(K{&u&=(B@PA6v+PY4xQy3^fSC<=dbx9lZ%w-zp9KCztc|2Z7Vl4 zDPJ|aWA|U5_`ljJCTIb_`0|HZNrEqWafrv+7!hEBXciuqeMK*3jZ7ee-MkOO&k+?m zy3fhVE{m_I(ArI^O2w95tm)P}9bx9t&K3-v&2sKv%~pSn>=DCjjnAqys+H5KbGI0iBRm|U+3y35as&3Q zxuVv@N@OWidk|ss7#Hn8AdYqBPHM3qS>43Ib^*bhh3JE6yw)%UL5cE%bzGRd2{JqS z&XcbBR4c?s!B(EKeBeyN7$exV`J+ywn|>qpu*UL0)P45W_Y z3UIWE9V2S%06s{27L^wx9XM*3dtKfyYY@>ti5_g&!UfPox}v5!{QI??e+p9Gme*Xk zyk{OzME@E5_7^VELo?QPkxl7gwcZ#wbmg~tvgG|XOe>g`esyL0M*n)xS7fh`=aVi; zMI6Lp=U>nX23c3ADs?|^E_}g~d_eE?i42{d!Z|9j)7HyKg zPzq~MNv)t<_WbVH`Y}MTapF^{Qu}(%wRO|XtP1p$4i`G!jW1Dif(^nJQ9v7FT-pOh zDck;mcok8$m+A`P$oJoKn!qvZwPG%oKHL9LfaNp~%ele&EjM_#hi&n2XVTMuJChb* zDzYlQs!6CPcK<7#U!8otG>qO6WtEMmpU#8lMmtE6H;f16#V0fP^rPRs@He;5!5~Tt z`f?E3ElHhi=G3zX1^n9}!YD-gKe&MH=s&gv57S^VxzFs-a(|%!+?J5t$8Qh8Cm7W( zV8bP<15W#Q%qql2NP_LuA3#xr&Hft9^L$XON)_f)co~C1(&&Y(DnOkd#8&o7@zCsE z#7LkTX|xpIyfcp_YB@`I*t5PeeEWlnNTYRxU>BNYk*$tCY;l`at|_c#fzC`pB*f|~ zNlioD)q9tXCDM`627q7On6;`XN5 z>PAvXQM`>j)T#Y!!)JlsDBL5`^Xa5vGb@Bz>nTeRxs44P90JIO>Dg@HUG~HUhE!F5 zA+32=kN5k_wFRyeZJrq#xE@;)a-Ap@TJP#u|59kw%Z0ok(w3oJ)b_ZU%q-GADhpb4 zcBvs?7xsr>_NnOrCr~JHhx;79OQkK%i?2rqv9gz+TBA=bys?mel7g1iqE?NlyN2DZ z)$L4Ir9Kg_NpHIiiHsChL_u}iiRgd1r?pGT$oni|(uSf9ZhYql95)<(L{ast9h;{z zLZm++Vp*sTfvg3z_xTy63^GbOlXnLr zaapphJ7NRoOG@bcg@(0m*??Ga%hxHZ(LB-sq|YZvOiOpVLNUYmhOG)^47T;5v{4Lb z?_-Ol7Wf)kH-{xEHsLaC1VWFu99q|2YX{=b-Fhb+D)qbm5IeEIoK(RiM>h<-Yj~wF zMKLD^a2Esa6~X$>rwP?~N;j%rWi6*wZU8oY19q z7oF6Q3)ml*C2+bygn^ZT7Ei5x?^_|#7`~l}bz_OG%#1=DLxbmBK|oyon^!ppr5N9< zhh;pGt=1vBhP0glVuW9kx2QwQqp5O{duA7Dg};urklW}HOqwdGcsB9=#n^=zBV?JG zF(yJl()de|GK2Tm;lz&h`QL-l&iSreq#6YMd|x1J-l5MPg-BxkCBGmUGEUPJ*Eg(# z^sIRAS>SZ%4OZOkh6xT4w4ofPTnElkG#tI^2g{qrzCqGJzggdVXkxn#N|3rW}8d z^GE&~Y-fJbO#laOHM|;&r2+?1fx^KzsStRZ*N6Q?^JjVi%d;;%@X(K@UK(pHg2_M+ zz`|QPfwxv`0)MS)Z z$jKgSdr8-Qx1Ojxx2{`@Bzu1S69p1E@!kno4+?Bt@7!1yb?*{o@tXFMcs_As4`KGW z;pj8{`@kUFOV;dqF*tBvz!CF9U+nI|dl&b1nvp5RoxS6-z=AlaelTh)=c8F#gLQ_c z(-$s|J8`6ZRri4_iwWi$M$!DV47NBbHeteM*Y>7<7AiY;EJO_}i>!U^iAfYVV%56m z+Pd&ch#D+t?;w&7sXUxapz0w}Z5fE4G*KpqI6{jr`|3G{&g;}6R{b*qi{BmTd(0uy z=pOxA73TJj@rSbrZV{U(UROA;=1e*i<=tkgI(PQyBVDva{c3h*}$tF=3QvkP;jzB9eWvGb#X zrn=)#u;*du<;G+Taw_8SzTJ;3x4XA%i9>s;s#E8+i_D1ZX1^KM{3CkTWo+MV+c-ZA z3c{hbitBZm!d%pF2SHP<$d5Ehchb(wo)b&gQh&(#vVB0RvC}$bl3J^$dZ@8Xb40Z^-G`IF z_1ZWtTfADB)SvW~@+Vn0Q#qVn&&Ol61plYIPMw|*-{S+PsS})OZ~pw|lH6?J7KKZ4 zWWj$-pN6yU)kxM8j>jBROu(~c%;yk2Y!!5R2Qy4}rb|N0uMGAl#7#i>tQ#dAY# zZ*Mh+Rx6G$&oU556Er-S`XI&+!kPJ5v~>rztfnh(Oy;h#v3`Fb-;(S?f$9d>WM^)~j#^mz2$dgLUeQkm1xW z#bBL;wNy68)4t%46Sc6-TBF8~qcXfEyTj_`i_U2jjXEn zD_wrTw;N`SIHDtmv8y|TX9LV>f+Co+DQ&ANx}{!WxL-uf{$%egu!Mx2&N2(R z9^F75E_rNh_cQgTcKjyH6LY?GI?2p#u<;K-Wq$isE9olTM;aqn;6c(fyfq|>E6gEW zOAu;V=ws!VJaXQ$3a_`btvfZPH8&Zm;KfRg{JIaU^bsu-NH<2|n4!qW+UlqT27gkg zAs{&r5CnZk=E=H+W23!DSVM&=7Dw}=)ata%fTT^U^2+#ZwT&w(*#w>)?3}b3ya3{9 z?0-tL;?Z~&9@2C`DL*d_GxO%#5d)>ytE2D0IE-dzq=!5|!N?;R%Pau<4g)E18r#!{-w=F`Z4?)nR=D+ z&jvOQ2APW;|E0~@7ikE`r>zEnfqN@ctpsiHXvMu#I5FT~ zr;8+(I?hrA2z=0|l_b3W6nRUaY(Qghr-zr$NhYd`;?|nCsl-HPW~TfNjQ$OAen!TM z*$YDA_qrxo5uf@cC#7z`!T1P0@y3O&D52Z;4R|+fZcdpOc~_D@;gkfP$k6HOZ(`w- zbrTH5@}!OBf>{QPj%wamr@$wTI7i-Jv-t!Wb*HYdhk=#j7XO~Qy#e8S>TRWcrKe+H z%2*YF5AiGj$1S>h-&sqra#;tYq)#|uYS{1He)R4zjF<#!)4lG8T2(LjnlhY1Y|;3H zrM4yiPoTN4W8*fwdOFp!dVN8}?73=SyM~@^=_5HAu~OPhp|vhbEK5ODWUi1Nb)jzh z^f9mv{8{pd{qR#N<|2l$i1z&E5Wt!bI3LWt!c3k5my1{&{GS;c;lc8`Yj97 zYzTW$;xroX9Gw}QcQQ#Q*~DY79<#vXjrKwJDXaU$mcNSE_0W@Bd{8D<>RKTrtvm+H zhe!gA9Sk#UMbqS|3C%;2A`Snv{K5ICwy;LO#ZXsqcM4(S%g=N~RYVJM+vZhGT%?D7 zKDcUvJiy|Br%V?M4j|*3^wV;%L#uh*C0)pG^JeE@e3_6j{fS_-8r$YxNt7MeJ3BHO z5c-8#Ba@*(sxv{OPHVR^9oI*+Po<{)-&A$s-7wo zXh0{nuKANWCIaHCMI?{f$ZPg{mO#arCu^BFQtqP$*_M?+*05L?jvBrbx!%nJA{n1i z!4C9E=j|X|i12Cgpr%ztX%5NuySv*M{yryw1skG0?*AMj2;Pm^zhDGe|rp9zGsFE(0s6wb)SKwdd3S&!?!IQ^9SV z!R+)=aY7J zpO~H7%H3q1&a$6O)sA-hdFy20oH|?F`)uhL96Bg|v?6`j-O~CjSk|1|R@r>IBMfsj z9S&B$M*Ysr2NlTH7azVhc#N>l!&T+B&wfeB7JPKy{F-2H{g|1{p$izfgrKnF0_|M^Lu&_` zPjX)`Ok~BXr9`l2T(5#~>9-zs6HdQqetXBd@2I`neZ+1)OT158DEIZ<8z_4^8IH`H zo$J-j0*vj`GkSIw#J^my3!ZvCtv8j7%kI@BYB;G@{tY+K)7-a&RKNCwzZpxf1?STH zkLTCIVDskz!_(h{f`;vOrYqFD0J1sGuQFR$`Ul}RQ9PG0JudACJTun#nEmc1L`}>q z%{-w)#J7TXc$ys{7=V8n=)As=p0LTItDF8Z(#wg7>sHBgO?8M>c^TrWj;Qq~XMt?5 zxe%WXeGoK^CXN!x2v1tQhR?2JzT`XAXmLF?mKS@Jc6SJm<2a`LsElVO7qk7ZyBHw> z6XmZ^^t+31adrD*Db_(Dd^4VZ^LQ%BEI0E!ViC+lSt_~c%d%fa3|+z# z)`|paV6Nf^U|_;gUzh%=bwT6=@8i;!W4OR1HW!hmVdvQEQ#m4FAo;DH(n8vBUw6;> zxq+5bHAn%UT(?R9v8UtOSPB$6~oU{{f-vvO>=aO)GNK;+Ol@~SI?GC z&%CY7-!vwwWv%+pA2QDu)s`(9`|d$J_9|Gzim7JgJlFbE^s)!xL@Dj_fV?~ zP~?zzDsVmC*`=FFVb+$oO=A~K{49g&(fiaJyMr0bC8P|de35GD56AE5P!pa?=R)vP*&;C2A-Bq<+gzR1qigk)r z?(9fbs{hiCk;;3o^uNMJBQUJ)7WYF)+LZ>3XQhkl2ZvHPB8$0jW{wShNJ->pr2)Es z9vd$gbHP{PMGTl9JNkUx!46Mmb6Ftdp2uPQDrJwaB(a>6JUUz0v^#69t!oS}8vp#e zJ67!=rD7^&cdfgf5DL%awK?*@KJjkI5O0(sT^-}fJR>|*!(sKC*K z$cs_xBteo;LW-!^Ja++jTv>8jgOHcJ)PmiENa6Lf6Nl0x^l2WQ;~MN$&@DVabLQ-l z;BP8f@G{?ZBsmlNkgANO4#p%B7 zBDK(Ny6W0dA7u=^W$-(Ctb5}CoecG^gktEo(?TCfUEFW+y7})PZ@z|ShI_b$w8fVY z5Rky-OPx~n^3!o_vscI|yCj z&u%JK>+_6MsbS2=h>(a{?Q9%AS0GYvt;Yuo5hOkGm zwfpb+-qN!3t*=f@PHWq~i(_A$>jK`1xiMkYf_#i!>jw%~*VZRIMM5Ux@LcnwyL}?d zR4qQdA=+!aC%zjnw{+x&HacmlDVsH4;#NlNy2T|jsY)fTTt(AKv_Oys^+k75t;qpE zp%hz{>&?|gI4&VEE!nHpb?XPw7e-JoFe(Gd60h_);`dAvm9ih9sacZe{b8;}Xnz$j>pj^X4R@ zJWGY^?-qPRr1?W9L~@MQn zQ|;R*c&VWXNJm> zGz-`w(T=sY*G{$tNwn{sa8|z>Bh25c3Y+b71crSF7 z)R#1^qw$Zq_e#Y?(EH6o9h)fn!-21#atalEnR;Q4Rin~C;0Sh;OJtPV6357s?Er)$ zJm`9pby9d1^bhmR?UlYiRFsZ{*5h^;zJr$WmV9 zI%~2Pps|~EUceD8*3Wk}Mj||Hdm^G=07~$|fsNwaVKj&}f0ZCyg-9l>WqI^PYmDI5K<6V0-sDU7P-ziqtTa$G6!r-GMd$5CfKfbj z8O{yz{MExs2N?Gu#2ZR$i(bIS3c7hTrE&7g^w z-&*wXaZ_>vRnMI46#l?f&9O7e5D7BzQ_G%h1~zBC}j{|(S}(myV|8gQxZ)A$}d z^rl58qEB1Y1#7SrMG^VGe$$_q;ZTokf3o&RPg)-`73=`!#l5$8jfHLCZR%W&h&CKC z>EiZWVvh9^126z{(8nj(4i>e+jf2V4cE$dn%Mg2|q)b63Y2i;YP9s4@sV2cPt}ieg zdC}QnwtQ#&U8t;g&P+2QE(c{fH**Oyyy2nSojxyGq?&>>K*FN=QIC?&U=3>?uMMjN zCUS3!v|UE!TV8jr&xr^<^}~Y{v>EEq+!yF_*1ccywxRg zo3OkO9nr452NyO^E1pMZ^57XwQ+8Y(zK-cfr(PiDbuI#RcYgsFeujS$17t>n4Wh+6PoZ1vkNr2tpMuU%&ir@nbi=9`_B1G8xl=TUvyy(;Kt z$#pwcm1xvl^>FcfsHhwXu2tVjSi{M;Xw=ed<*l|f+NTb=vEURI0gYP&Hw&~O>4!+j zA|!;1Y;vh}?I$>k4k4E#Dv*~5;}*$~a5VPY&8ZCE)O+>Ym1#R9b02ne36AxX$X71H zwgmu!vCN-J3FRx+tT$MkJj5K2lWJ+~<_zt)+Gf9#-j3hv+LV2KGCk8%Z=m;v_-WaHWe41qGBn&qzFEN*#v zS88q(liL3+?iA{RS$=mNw#|vhR+HiM(q%QeqWZZ(MMvx7O2zhD&3P*?_;wp@TU)kD ztWJko+kDnh?j){T$k?hV4{1P31pK8Fc<6+BOSFGFpYM{|4W&=&*|^HZJv^B*Hz;ym z+ZK$wA=lW)(BEzwtFo2!$xFQr;8O(a zn_?AHa+8{Q9AoG#`NjtX7Z?2E5~%lrv|CB}3cnm+V36|>k~{C=aG6LewkY2CX+7UN z1!sL43Ep@&U)*|lbdw)T;x>!<&$Nm7bldSQ0$s6Al$v67dK^tW82Aai9)e}}-0`Br zvRz+qIE@qASHHcbRP7pn|Hh9+qqIkqfdN+hv_05>X}h(=G%h9UN|Gvqtj&XUeVs~X zpl``wgi}~Ev=5hdgBh3yj!@lrv7Q8565t?+S?-H%g79rhUQ+$EyT5%gbvioJZdd~@ zZCcF)y>~iKbJ`pfhtM{;ITh=eVvTIx49-HT+^-5@Gr`$MLrRJk7toDGM*9+Sq1WWs zSv~KH*+o;|^Z}HewGY};gen!_Z#&!{K$IEo@yi+6Zc5%6risU==7+*0i99=FwwB$h z^B^}tGZD6d%T2I>cYCNj37*I;Pqgse;|(~if6m&!Hu8)@Gt4^0WKTOCc)dT4`|I@? z%iiyp56)zprsGgB@A=hEYx6D^?tf8xFr7!yUKF3V9LX2n_Nh1Vx!B>|+E+N9f9_UR zbPE6E5t=G$Z7jcL+q)&klR%Vg%{%a^2g^ewjm;oQl90k5+)i23XV;(9u^0p&WQ#-0 z@U11PoBnh3V=+~{Zw1zaXHAGX-DvX+BVRWCsm{)=8Q$ey6uC2MM?oXhn+G z$1+QOnv5zq^v?~!=F4O|3gsNA{=W7+VNx}l3>VmiJUq;7oD$n^XBa*o2t#$P3JBrW5Jz;xQ1 zALg%rEo{CaP8FJG-kYeQE5f|}tZ2C9h&?yw1Saryoj8t~hYr|*;)S>7LP$W8uv{u1 z>y7q4V*$4a6XWVI=Ai$O(~ewtzS+EQF>`6t50FQ&TnA(OXyyb>s!C0in%VNeaJJ0r zD6%s^OO=IOk2Q;^J%XaUH#%Mj8UIMga@xgq#*(Qh#5sA`Hz@|f_F@4=&HpJeK8B`a z?6jK+$dCDU>2(=T9dmJ&<8$H44(2G`1P-!q>~FZ_tnIB{y!R}rwwFGUt9n$!Ib5*G z>oE@|Iwat$wcWqq-6BdOO$B++T9AAFzZP2m6R7L|yHn~*>#%+bQGwd$XHgZyZBZ4} zT94+5IW?XPLl$c{M$&|GVAPfxEp%=;lVduC zp>(qCNm-1DJT2$bY|C_oLa4EG7$t*Q&t6CdqByuMLK~~jff)Q-``6n9NY-F z0~{Fl)`g2B?gk$S8r}%!ZW&aRO3HXB_s+ViyzB+OjP>&>;A%8Juj&r;uWGZx`2;B^ z#E@ST%3;aPSXbSsAh*7jjqSe%zTnFWL;O|rOShmaFp{H)mnI(|qv4P7EvmB(@V$AB zZ=+cyK7rx~XD^~?kZ(qq5`8!7ePTkI{>K-2pVl9=JY&J>V+6fafq#0bOffTXMj$u! zB!rLfB;?uIG-R-;!r70?4a0Znd|EOyeER0zaz1_bs;T*l_;Vrb9&yF7NWbgh&|Tn{ z|E~CNUo~!@oBieiN6#wu8p!VOjMWz(%SMA}qW^Ws?hih#m;St$6#K9}zu&^qLtm*7 zi_d|5KYv-DwOoir&${wbKD~Kx5FSM7gYuk0>L7P3dlY}@>LY({W$l=ewi{M{mJTjT zDP7qePpWPd|Ad3}-!?JDv)-1fpLcY?W!RjM_;!X%!)`=^wtCo64|g2uP|tkKcT-kD zGh%cl*F!U?_b+wSR&s`MBlNM4C*R%d)uGm(XrqAV;2il3#wx1@c`t`uLK(B(6k9`r z5qSo|N#!u~dB_hi(&*@fek{j>`R5swO(=f^y`Y9ol{mOJIgSXVaBKF~vS zj#^3194xC7;n*JtzA_uajbXew5~b0&mEKOWjzjlYEb!#6+L!(ycbIXofAU-&y?zYzHCNwere>vp%JQXG*^D$x0`SGMoBo(q2=gJ*TkFk) zp}F4ReKst7{B-Qyr^dXhCwkad7f=ve`8`{CFBUj`E)vh50ZA3jUKHa=`fa z5vCTW*L!$2S&L`f=uP<`NdMC_(#=Kp>E^xWO|3mEM1VY56ZVj=sQLHDia#4BZC|7?CQhNETKC?~Jrs7FYr^x`nZL9-fyV%iD4TAN%;iwG5<3QXLzat} zhMz6&^?HYEjp5Xqco6d7$p~irXAK@UkR7{-*V@F zAyB&Y^Mm*-v;4)e9%?F2yUm>5T#c2E{XOeWuS%Tv>Z(6FF@Y7f;(dr@gRT}?&Q@Hf zjS776@eR%KjYBZS?yB4?^IOt)HNRw=XzZ-V(n#sE%-*s z(}Nv7?Uv}9qR#^{_>;%ZO+iCQ#fz(aAi*XS^UEB$%eg;|Ug`@CN3C^>0a1w#Q8=X| z72Urs@JgplKVb9#EGP6Uuy=5Hloo{&gU{`Hhett7Tag)H|Gu1LS{~4Aa9Js@?)&1> z|AV@C1D+25BiihM{c$)Nbuc8V9kQA28|j{5SLh_c1dO5Me^j3xy9>Ozo$>_NbK(eo zT9WS41M`Y7G7l84b|jY*3geQezj$;BOxXcES+Z>%#AmJ6siz^5zkEmu$rb#?^Y zUVGQ!t?!uU?g&xcaB3!gXEywocWOt=#{sga2F2<$`qKYjt^dT;;JeDwY2h^7GK5zFEBi?;jf#!9#2gi1uzIO>C`|AU8Ddca8gA3e>H zX9V1TbDN?NM)6tP0?iLyQ2~NAZLwofWra!~yi~1-XZjAE%~pZYsG$`+KjQ(DK_HFEDeOej!S;wbiNReKxXSk# z+?yeTE{z9urW#Z2WgUMyrnh4>IN;k{`~=}r*tCkfwJDrx;DUU4t?_Pw7AKgklZFOaH+-1iF72 zT(i@40Ni72AYQs&R(M=q78Y;bk$im9M?kBiK%lFua3em2ibklV!->Ge|9spgSRSvW zIZT@X%e|3#uWB(c)rU@oZ}0Qsz>M_kmtM^?-(}U*8()$HB|%b*4>L5b_}29AR9d&z zgYr`vxf1{KTBkJF-XFF+RyRxR1^q=accV7qPjVIG2~#hwc*eWP3?BT)tWWHE?M1FU z*Oz;0QvdOCx6MSu6#DSg@A_(TUFnVk&xpC-Go+QqTeuM1$d3tsy7ot#0GE%$IdI@) z-N$xg6rJ_)MTdv-~@C+LVUc4BNXHT&#o&NgcX}T~E-gFk{jIH{r zHX~e!eiUW(j4cKxBGQo;p{7QVxOip8F>83(|G#9Mk~0vnq&6k+*sK6&V04^r7>1IbtZALqi&U`bpk$3>_WXJyj+b+V;Hhqzf6(Pz+klVG;aeqE z?ddgMR{6Tfou2;t;#x(P-}MXfo{gUZBiOT9SM|WLAY5OSVl~^5hP(dq+oGuJL&86h zI+gbc0?llEL5$I^qPO6~<<>5MYQK5Vr!LqQHFOWJT=O--ulBI&C<&QjpF3~t!6>vx zE7Vq-uuSpsezcA3A=&A@8-C9u?;qyg0_eD~0k6FxD%&F}frYbK$T>Me zAj2xKJ*wzN7Pt9s)3r1v^7itWwtVnYQJXf3dhCE3M!{Ly-?oCd}q~NdtqL9ntU)Fa;7+xeQ!B24it#`PjC%t;!!B`v6_+*eSFcb)XElLbZ4702Kt3WqDsUnLHSGU9Y-E4 z4A&YnBSh9#!?bZH7@a)9L8DXN+mD$-De;TrGBO(-w9hc--5rwJX&>bz<$~;*APU~ zN-V%JduQh2b`vXe1ISfwg&z%`aBqMI0Q}G}&n+6;`FdinKfXH6*fJq<=u6by1pw>2 z58vLeW%9=$;Y)qlQ>|tfyAXB3kj3|#GXXMLdy-_A5+1O?C!C_dulTshVa|;q*yVLF z$nbhM1FkwPYAyv1A6+}%yV!w1nEe^XX98`Wc>g%5lrm~Vr6U5amwrHy>^EOHGl(yf zPrGgJ77=2g!lb{=E0*j3yib2Xc=?;t{^0FTntLqVP{H#wdinI*uuY|VQSX5LW;D!J zr!KZ8dG^8X84}U&xnU_MIu@ataKcM7PRZ=d? zz0nD82Y0fN-ms2`ZNMzrdv{{NVt~j`2;?lWkmyEYuUP^pKV)Hup?##Cu(iehwY%vZ ztcjxuL?!M+Xxf(}pb}idJsN6-u<8pt8J(~YT`>C)xsgJF#gCUF8~O^Vq;qX~XWHS# ze#dXL|-^2~-#^mf%ZhAS=-pG@=*26(msxLhw7W09d<4=N?WMf~#Wv~?(tlZdmRwh7UKe=( zPiyaOdJkyr3D+z9%i8;2`65b%TE29QlG3rpGg0;?%U*$eSI!1qRW=-9L(DDRBqW!DaYH)z! z;Tcv9fW8f_o8rT3nJEJ zeSG5e&rV`bHRm3y3-oq{oeYJceb%4P++z)$Y^PBijeQK5vU)#`bs?R?F7|_qH3MdEnk!@#D4|`$!V(3a6ih>yY(|Hb!=@T{4S?&)Mcb7bx@HG5ORJN&O~_Je)NcTDC|ha z43|4I7?IA~1N5a7E(cG?xy^t&3JxoL+4HpcJ3HVWn2r}iKEs4n-Xy=AY!_EAV-o4Z zxLfKHkluj5QkC+e8?PE>2iElZXzR=`&1aGRKEH#$FCX>`bf3WGBNRg*%I)D~xnDI+ z{2$gD@AN#QRMXM>R+<$L8pN=lkT$|h;NEyAbK#NTGkB5oOtgOlDUwD zoaNfb$)lzwAnjl4TO_ne+^?`X>S5QFBzc68Y3Vf{&4VMVHZfr>?qmrZrKrR>&~x?4 zKB>NT_=ZyQfwTDyeeSV$RPX00^Bb^6fCsaDU6GyFQrC9p3=jeJzs4;tLlc;G&jh!3 zH;=`MM)^8dr;a6$j2&=3VSiPFEyTE9pl#!WGr{-0iEBe;_?Pf^K-jKvt8(JL_1PBu z+qzNc!l^@xv(8S1`@JHwJT6uS7RnYf)RL9XqM1+ZMyr-Blbj!BKM;!u+|jiiJJgS* zVws>8Yzne(;HS3?XCxtFMQi}h(^+r+X#q?u$hL=8THTONwd#U<^%cjud+Cn$sVsXS z7l~n0wMaS>g`XKrxB*ReyPi{4^Um?`u|+sVth@*G2o59;9nIbKx1DEw2V-e@WAE2? zkbC*}gm~@#ybia+?z2Uf31O)@kmRVYPy{Dxx;c`?rh*@>lt&Le!Xe zmU|m_cz;n6oF<4jWcA}ZsAgUL4V!unj;+8t=H2o*p;otHJv{-qcbKl3?n_LjjRV5C z@{F%Actr-qTwR}VXKP>KInG&=2HHqJ$c!^~cy~KObdn+5kEatpQVzS=s}pQI8k7Z1 z;~y607>(=N8{uz6Dyvd7W4FzH#{R6iBJL~)3n5b~T{>@Pq2zYmTNF{m8H%>5_&@Sn zA4)90xbx??#tI!#J609&yL)&d@D`}Uo-huZZw;OAh!%YtQK?uRJh8Zo;R}!v^Y!4M zfJDy1HdD=)d`;ZFQ+afG zUc0j~ZfI(De-O{kmMW_$_5tL_q|CNbdplFB#M~~CiSu`sCNgE`dpbNbbYfU%H&e6l zbi~h4VQN*|`pmF}q~7+J$0n0lbI7)HoBOx#$!@bFhT*sC zE1NFKX*e9yG4X!!5(5^;;;5F6`eoRnvUJ*#D2V$*Txofk!Lr>SD>+}t>VNvD&@Jf6Q5TM3C&V$*VbsX6o{Hl}TmN?X@>>DtNJbpOiMs`jp9 z;EHf#3ULi$R&#f=RO3P%Xl@@$-F;RbThnYGXTNk~KsYk&6dw8ResYrWT?5Qq9YSk% zJ=N(-8`qEnZScrQonxZz>h zxU}*^kk-VqcR5--JlBk*J)b#OvLpGUe*Q=<3rMmh0H&OJ7;EOW>+i-o)@dpY7+EH- z4s|tCLjt0m=1u(8+@dnNMR#Q-!q*Obia))fG!1_#KwTR8mkRZ^#x6QYJvODEmgbaq z$VQxpd-98L7t`2Jq?PEi{&Z8c0B_4M5p=8=^QIRiu zZ2n<07{%XU>MFkDt)py4l)*)K4B^%sm^mWMn75|p$=5nB_9Nu50P6Dy-hcPrYl+PJ zkV(WM*d#Y?>y~yPw*D*#@h6>pzwy%9=d4unz@qQN!M(DYgMK(X_;#vs26tbalRvIQ z)$VCLfIyBJ922&Pnd&sS*A+h>3OKuq91?iQgsVis#R^};!2oPNc--p%GA@645R$C~ z`&xmH7+Z|MnK})P*z2w%Sv%<9PFeJiDqTLbKUeJJm5 zP(4hnp8WFnw|iqlOpb;g=%hP0cOm4hCXtPknWR|_CvU)fTtQG;tG96XJ;K_o*wo*l z-^=#lldsO`>aM_Fd2I&6Kb<{$Q*>#ndI0yTN?e+;$xb0bf9heM1tl`3UxC{{UFfdC zMvfUzb7^lHtt}$JBBBSFq(Yb7ccK>b{s*2<F_z&w^uVn_LrCprdo1Q3PFr5o7zkIU=$vJy>PbJ&#GItDzNijAcIkgJ0#Tv^+!z8 zt}oK2dW62CcG`HdTRZh@7()N3u+8)Z4u(4I9EL9V*+&o4pkX7o^!P6GT~W2$3YBXiDP^!f z=SNfZSdDe!%?1mHx1#bXkFhqC4=-USK(h*vnwgRv*uw^C2l-o^tOhe;2&@;w*bTEu=b9hd7^yNY#oaN^ox`vi-%r|QpE*ItZ zRDO>n|H>HFbfF#Rvg6MFYFAtq6!ld**mKIfSqM8Gh~>M?1ay@l3V^+zOS+Y|6oJ5R z|C^IMn^}$T;WB0D^+jq582(i#G5c*mC8n9QcG~ZQPUcn*Mo-{6)7x(@>OBNspqI8- zmc?Tasq*&DqPwTSPf2rSL~&UQK@W~sS)J?-2y;~&sui!;%=`+n`t7b|YD6G+LKXPY zPTK!{`?vS#&C`d)C`=+WQu0q6>`=#_;ZSgm@40he$g5j*Y>R=W1$eAoHPEu|A*IVr zm}rIX6FfuE5TDram)b3H*UjZ!{#EavLQcB4BFCd>eg3zrUEA;u)ug; zoWk5B_!V;uX@(>l8mF67-@?*!0!0SsQ^DV;v7^JN!%&k4lU%LRJqFZQ zL3r&I=ENw$HfK#e*_7Pf&-|0^+s z!J|ZrWCO$X)ts-uC9?Udq%niXGv_k3Jq{um#pGNLSM|3g_UYF^$a2{nw?f_EW`7Vq za6J4`rPLTjzyI~+n}GturTfmZ{#Cf#k*;H>6kFb8^FlZ1ja0H&rKOWDC`NT;J5ax? z%2!_Ot68?kN-oX*67nDRv`qqwF#SBKfYwk)xjym=4pYYL|8QqFosVZ#yVkVqc9S^( z(>nkWd`t+I)LUS2Vivx>P9n9}k(e7$=;YOS+{-C1aXi!vP--&@Xoz)WuDa>I9yxMw zBY+Jo*Drk#st$YEnvTl(dy;|v)38bsfA zSFU1^Tdp$G`KM%N-u1Sh)caw{EDHh01V$DIsM%HBlJd`)#0ih(($9`0GtR4ZKyS8_3IJV!^An& zQw;d*FAS5s@nZSjf-DqMl|BN>r_92N1-9Fq<8`cOU#`SS)e=|BpZOPsZ^Mcn%puOS zt28uYrEdHJ3)gPLt(=N>)<$i_rA#5rSlHgCkOn zI!5?K_B+a10FPJX;|MP4e?bFW~+aje)Mmct-tXlD7ZoCh272mEx4smMT6Aa zD*J!)*+&_!pb2N%G2r`e6VBR96qMQGqSB(QHD4M_7+x;_?#dp^73xW-YZssQ^7de6ZF>zQ+aD8e z3YHH_U;NR+7_askEYZY0&ANDh`Wk&mLGzAz&8*$QZrx%F>5x_sxG6wxY?vL9IKY<< z2)+y;k0GBWrElmOlIm4#i;Th}($r6ry4DEs z2(XloQ!7{_j%e3-%=~EE{3&kr?l1x4Dif#r{5Wyxhc^)O_V)9!pAsRJ ziF?Y3V1&!jo%-{y>YQpm%wn)_dJE5T7s8$`LDg3aiw_*%>9#}M(}={}=I>8`iPi8K z6TH+yJ>oQe|Ku|6+b-+0e}8EOyVz(5;pdxYQ~>E*O(+C8W+bK=8H-Raq>u+UH(8qlX_cN z0IaYVUG*W0X#dBV#MJlRmnKW?A-yxm(GK{XlI|`Qr^M;9Z(AbuzH37IMoUbxg$k;E z?=8YA^c63n4)>#;RxK5UFfMVIHf^HxZp-eN(u3=fRPGi}eQv^9Cr;Xqr0IK999!uh zJ-=uArioyq?U>?McUX714JpgvqrxnlWYl|m#Y?^Kf#-j?r%MM5Hh_XhXO?9>4R_XO z1q+{)(1ch_orSetUfkE+mbI1Ishw&%;MhQ)1o*YpGezW44BS%_bBhKsT>h!gHr3&b z;`Z@`lKO+(Sc*k&3NT+xW((flJ>U1>Tcij&H4ebO-XQ|3oD6pVIT|>lW zlSAVYGaq04!J%N0aVGtZKt9p1qwGt5{^M*3OwM?&u{~8zIw4s^UiZt74}Mtj)zKtL zlE``-z9GYWjp`o5m(;i$o;SIr>ZU?mcrC#v&kvgk>jzev;KNA7VQJ-m)@KYTw^4|+ zF~l1DS-Ls3{Y-S9cM0$LO~~>??J^xj`W6TOmjL?NVI14aK|X41SH@W&HPrL9jXFA_ zb;-vCcm14kMhB{tvG2`Wc(ty@2rpvFM@q&tUyWdz8F0Mg*h=PPned)!O_@VQzty$0 ze7cD901R9J-{TS0c2dE{YrC@Eoey5eh0`9C;`luaE{BaL3wahX3?aT6a!pESNtOOK z)~r`R5^jWYkcZcSG^|~(QrumaJlx}FtR1^GXH6ATfsobvj(Ar)atse-pZaH17+k=2 zlZ|rzAXR%m3EXvg12FDa_{xNB5=?Nz{4~?mX%t{X@CC6zeQmQzzQ*u z&%wP>Tk7d=Z@*|}<3LhtzK-Y`3Ku3o5>YcjzX^^n-XR@}OI}NIMvcRJMB|){* zB+V3KYyI=v9~>&b$@REwLZ7*0$sq@SS%GGnV%K!MWRCkAtAn2jvCj_19{;vi9D?0@ zlDAqYg*}=`U8?3%eWa{Y5aLuZgrigC)kBa9-(Ee}v8gQ!#Un2;eG&@%DI;uJQ*nr9T+G!NNtTSi$hk4l*mMs*g)Q zs)XNLljkHa%M?+`Td*h36`~3;>X*())+?{=n-eP;-HW40p*6o`TJQGCnHb^;shPg@ zG^)2ooPgZg#rr3y$CzC=Tcj}8IusPI+7G$9lR%8^q<<*LvEsk7Eq?l1dHP4IJZdSA&|lu2ZeGq$N|1(svBelS*4d9S z@Nm=e{$PmeUNcl?X|wcg;URbS==Ir^4-D0h9A9KW;#Q4uC6{etz&W>!NBx=zxO#N6 zdW;hzXFHuEKY-b>5?DliDsTxbEYoMv{zTOYpTs^w5tr;`%~i$DiuodVak{5?Ule_~^p-FqNeP2^D5o4UWnl`(`0Z_vL9Z-DDNC zBo01y?od%PQjvB*f@c9s)PK3Xh4qZRUFXew25ZK)#> z`1Uasr92;;4R@pv-}%!mOmCdk<gWhPB9I(2zrl>MVnMiu}7S97^^>a_H%Hl)@IDzsb66+P&8j&AErO z)v2Hzzex}}WJPZ0!(ckOEyJT7M$eA5k%Zl(hrw~9^jlh(x>~@h30mSV&j$2eu~D;7 zt#0-#!2g1KQJgY-iAg|qubyMPE5fL5QJ&Ik+7*JS*1x@3#SCTP_azImvTiNIU!i5| z{?Ye^NFw2aW%=EkQ#O6(`ICNYMzerbtQ`fMIk$-*E$Ui=6 z9nrzIZl1#3$1_1>t^c>`^ba$R2jC><0lv!VYJFC@lV^$aT8+`I{`)RWm=E_+tJ-gD z3gpO=cfYq#s)GB02DT$++1O;_iD9B_f&81UN!G#mAbUOzp`8EiD+B==8uuiaOfD|S zZiay&T9b48M0}+W?eD)}GPny5)AWpoe3JTBpM&MrswWm`K4zEJ`ohrv_-?;IGp?zm zgP22v{L`4%S>x!94?sx3)+Di?44oWF#_$@qaA+H`i>cU$*)Cm$Bey4uyJzww_GRDb z+RK|TRQ1*acgj2iFfS$?&*a+>#cfJblu_bu^}a}>dNGObYA?O#D4RAUm3WtqtBjTV z-Cqg2RBy}z6I13ZCRDFm;ue87Co4OmlfX1-d3z*ZNlSNH8~}!xw349|f@`0-QXT{< ztGfS~4Lk%+KRCC5yYwN>0y~iYrP&*6N8f=9!qc)kM~jQk15^yq6K%4*_akiwby|Tm zlg9Rrua0nQ;m^%wy0H3WJMSnS`K`96Jdg&~^ylCgs1M7L>avzum_hu>=gwfPL^XF*S$>J0`&t(SLT4_X4wzCykrB>MR70rm3r^~#qr z^#u>}R<%O&7@-ssUq(LYJ|Sl9$DA)Ro7!3-vg*1Z#*1uCxLv>eBpn($C!cWmJ#E3H zu6}&Eg>%;*D9pJyEe0<3zeT|&3~WA>K5r+J43%|V-j|tkq;LdF*k#n%jirA|5y@YD zEBRN`wk7@tJ%~K}RUP_R@jSrrFYoZ5BAKx~dT8ZS=Hqus|6SMWG+%jtDA-TEo@5s) z!b|52Y6}nk(HUXv07@~OB}Ldx!9Tf!6yNcs2-owZwUe-~ym&G1+^Kl;i(ecLwGQ`K zb1UJMS1M&#>nQT~meq6w896>$_a9 z&#@&`nr?@R1m3c}M{R;l?+0Q>}njO0bQ7=`Y{(NDR?8M|ZRI#6ZC%#yi zmO+CN7PIlmTZoblz4VW$#DL!lrqsCG1;L(P(>KGH8OaRgg&s$s@-8ul`^E!d!bzk) z3H6aKpYB~)2<&*@y7<_>k~g#ttw9bH#4N{5nOng;c9@p9-x9_#L+qC=M-0$~+Fy3R zT054ddtFBSB04$1NpOaj^9h6@tyDxdKGP%T?>1jQWabPF%Tp4uI`@$JJd%5W*Yu$E zr2r0!uxmrXzKFkaJi+76DE_D1JKNZcRR>$&S>gk2%ua?gj73$7?J*Or+wNxHjnR`Y zzc8<)?@=0b0u!m`Z(edUw?Ftis*1QM
    vtwOn0kPHKUHG^ku1)~b5lbGN=z<1~7 zFbWTuHaJoPx^{%!FKVORU%ve7objtgXHGZ!a4J&v)P-|%dyzhT z$tI~sP}{8vzFb^d%Q){cwyX0)1>}Qec%_|W1_W4U+ty^c+-ziy5Av2qSp$a8C|ou> z=9YLc%tK7&Kl-K+yR~yTUNepqQrGAq=GN;5d8g)c+inc9{&!w;0o6L^!rh3_OsC~E zAzNR7S$^Jg*8^w%9x_GeC2OWT_5tP(Mn|^sESJEr$&PLx*NCH~ zU$V}d3M_8-Iev$`<{o)%eligjplEHjO@Q`0o7h0Ii(ogV(x1GVu!}z1L}V?G97^+y zVdFy}EhhoUF*71F>P32Mn zAEva3KQRoksNZ{V!dQbsNypY7p)~?+mNz@J9R2bAPkXzW?|iW~@Ov9(A3Z)pzPQ7N z&=)m&kLK>wh3tiGJ8IYf3$IVxwIx^vyA>0U_0Mu&PelybJ|ii4zO$QXA!>Skeo8g% zCKQ~Us%Kq?{!DYi_8PcA3dNj>H?ya5hrtTZzhs?41X$+2nmYogvJ;*1`tU@C#(y`>AwtE;*lIX{gTM*H{ohx7mAY&CT1q2RiC z1NLP|@akd6Lo*56e_rEiMwi%y5W~Ls@BcImy@$;V?D})i6B4IT+;_BGw5s*S;LGxw zm~$HSabl7gRm)S=?1KC8fvb9Rw%yHVGh7Hc_W9K~xoew<1>C9b9M{_p9WHDJ_>m31 z^(~!L)jn0Y*G+ItmW}Z^oIC4SGJ$e1&Fr^kbT8@~gR26;#-aJ((D|BPS;YAfuT;=N zlb+G^XQu!&M97!IRY$KCVWHi8depT+x$i7u&H>~fE90jP68l}j09Y0OV!+TsO>bYr|aZTlfrVPk9R32 zs)asgvi%V;Hq^2D60*h@1@sSThtX+%c!Ghx#)?0|fs*U8ggQ@sk(NW=2~Z(+xqLr4 z{AB?>ADEGueL5O7&lRiA=Rd7ma5)>!4!Bhq)WOFq6o;F=DZ(FLAbkHUHU<(+sXMNa zrK3>*3H|MT_X%2*3n8>+sns^SWk&Zj)IA`^ri&KLX08CB*{Km_+O`55#7KsC8T5oKetp~H1G+L~v2FV2` zm8gfwtYOafMrga@SZOhaEfTUjZ=#C4Bj&o|T7m8ixJ>vZg;Nj3j(mnNM<48~<5x7@ zu=kS76Vl7gRRBGZK1>E}(eyoc-Ew387#O0eczN%DEa?W^RsRHCSg*eK@PfV;SYO>g zLSUNX5Srf)ziOerRhNUQAAUmCTQt)iiJIt`XibTk& zOgu~;kw*jV<#71%i6mOP8HQDBhJ6K#?tNOt8H`EyP+X6PF%pWl#$>d~JSd8TJU1MR zH60Fv-egX5|Gfsq3qBj15$F3mK|s!lW^eu)dx@S74sH5qto~KPfFPGr1NO<;QY>2* z$20ioiR1#@Hsax#`5!Fb0{oTpoqRud7~Ma)L@!`sWq{6Q5${a7ziKGNDkJk+@k-rc zZ(lRKgt-?*f21EzVTV|;8ezIds}m5CA%w(sA6SsF6ftKQ@^{}?!yw|godERaXafnw zm!~dw9KW~6R?M-I9q8%HD(uEchD{iD`+PLFhmo`yDIi!=TQ&2X@5}{C^DfoMr?fXG zAP(28e1yKdqFuZ>+cd@-ImXa;UDob*hYM9Q(s9c9p0QTuQX$KYP)loTG}^7B=|Zi)+|R zW>e?ldQt1L{|uEvkur_HD*YVA@PuH|5Y63`Pv}}IB4=KF&O^Lqh5n#+!>l90=)Q%v5L^^9`lASKRp}6PqUUl6 zN5jj_W|E!?dOpbP1~eMRgRbW~D5gtz`uA$r7W7;jB=cZkatz%vpYiNVr=&Wr%33oy zf^%XffoyCd^!aR(mzvgWc#pKZIIvv-C*G5Ad@Htnm; zt?~5RX~?T@vh-|#P7nr}SDaQ@h6PUDiYw{!FmoyMP_v6}hh;`6&ovJdhPa7|w-;i7 zEz2qP+#Kj^9=>xo+Y4uMcsqpSinNq3xgsrnNB$z8&#qk1ChI@GCFPeZ-_k_%4-y*w z2MHBm_=8=x|M4;DqW_4Y=6}S{$j(1l=GQ-1rovx7RR2nqJkR+nXa4v5Gc>a9n>rXG z{RFzCt7C8ZzdGDuyDy*k7BhTyLue(uydTHM@0U;L#Y58dsWc_DqL(AZ(!8>IlxWpC z*k{MqKGYkz1<+8)pkF0mwT}4n^SA%F1NM>gHL#jJF>^N*^d7kPt8+-Tl=MrP7Rj^c zUNl7p4PyMVP26-lqfI1_o2)2V0;O+d51}0E?3oS0o?jL{LjrIVR*=)zt&wv&z}qtq zTB=}cJ^L(XBZa5FbwE7kQ7KBrt0Bf{Ay_-5r=4>kW^`MX(-7RVKqBcdTgN?b5I3sd zgx<3%O}HoK(H_27S~E*JQBs6Gy-=9^={X^t-Kqi8Tj$&``8}TfMPj;E=BDh0t^14P ztHXzBN9PTIdMvbc3VK)&Ug6Gcpu=D^rMM-tzcf~mZK03dbaCkVtNW{Nb3m9_JKlqd zuP+WKwtCAvd07Ww4KZ|W1nQcJ@*}5w%}5T8<)E4;F;LymdvVGGEHb`=$6M|=Dp8Fd z`^rUdD{MRQPlj*L-@JzL&%iiJ8C!Loepr`&*b<_9*8b!6y_MGHrpAMofo9_1nT=yw z)fc`NciJ;!X=1}UI)i}NeX~wUs|BkJ*>-W-hcD<(G+*?jKwiFY z%fVUl@}n5*4@%u_##2hQ8+<2@IpI$8Ql(0YUW;5UKF=C~O?+`Kjc8*~;VQZ0GfZl< z?;A5?_fLrcycvbuk~F0ODS?-RE9B~qj+G7`l#gM6OmT$mFmsg)3zNtA*WtPsWX4Hz zHJL1xhMpKn!5sx(R*vO)*K#t(;NtR^=TcYO+1kOpWuSf)%RwkFdx-iye>?GKMqo@ov-^uM}|vSm`=L0 z_@8_YIT^IRN_NNPhBfx*AX**l0;(P)Ed87M+6yJt?uC2y_kC-VO1B^^!QtlrOT}K* zUuXesOx@m(`oXECAIn>AP9)Dfr*F~kSb+4o$PAMi!IroGf5#*Ga$j zq#!b=*7{<(`ps&`S*MH`dBa2tA?v*HSQy(34PkcYB7&? zNW?>b9@yicK7TAle<@voK6oUpnPzSJWChVdXQmx1iD7cJ?@w3Hd)Pm(A0=nD%8_h_u;$cX1#KG0pepO?6@Xfu(STg?^ysC2v#HsfEsRfP*4F?Z) z2+?KpDg5-XPw@5R15c0Mv3*tzJI8?dL!aF$0Vdz}xO0yiWg&7TUCfO_Lf(_6U*9>%JZr;umMM`5$kQ?AYC~Z(yA+-yO`b_nPb5x{` zZY9XVZ{IA}0IP_;_6bJNrgfm!R6_QaoJ=~fvL9fkZD@heL2dv1p!NZ`hFsGgh^^K4 zypOs&b2KE~V;eLBv>!eB`VvRf!SmW0BTaU6OjTznW6Mfo*^0P)#NkjEd>uuH9O{CQ z$+YWVz*z(!kN7cD{tU|NC`}k(kl{{s?gL|XkbFt=yyfc{! zx_pK#Ajfl~TZ>`j&hefr+Ho|Gz+dFzW|7_4C-}{DX2c!>E=uctqX$^>MHfG%;t*^b zTHZLP8^})`@*3h1P6wb%D7|OZ0pU~}EgR>*9$KIF4Pv}i{lbP(TR-Ph^uxwE z5<23uk^uzi{cCd_1ipvxUsGF4@=?>C%-0W-&opUVWLzY=STza7ZNAOs4Yt5B zFqW=yy3AC==c$<;s+1=`yR)+jCgBtsRs5 z6KsFhx4lKM=Vw_xJ%tbBsZv`<0sUwGTT+09B5{bnOt~o(rFWc!->_YeC)zbLNe#JC zS~1!y_-0pN|DX#9&~r{Fe|`gXJ&LFcg0`#w{fR!&r;bav12!lCMQ|kW2iMGdQ}M66 zaoIJXHHdy67*QV@{Vlp?0G(h{DVRB3Rw;TUJr-`b*k9OxB?Cl9*)criTMPcr8qplWtAU3cx}5Q_9;Amv-J7kQnnjK`&sz>^P2KPL zzHgzs5taV(PUI)3j%f5@ki+R`{v*(rxu&nv85!nfU%fi21uZJ!1<;1JDy5k#D;)2$c zROYGeTRKt9Rb`1d@phQ4tnal{$3~Lv8sK&Xda%Lte&TXy=vYUW9NvS2LPQgorR#*) zzujW=Ammir@D)r6wxJoZjXDYv7$5d#L+s^*w8PLxd(%LFe5?h3W&2SDf#JxdRDTG= z>s7o*;3$EeO-KqBu|H#zNv1)4*prj1AdJLU^|duI4HOgBUi9*?>WRB3M9joDhVKve*dH|9I0eOC=dmk!(kpa}W6H}hVR z^W)E{Ah$4c7-S>kJh0yE_3|BJC_GAn8CLeAl4?fQjCi|Y&tK5>*JFL#fvPO~hUyBE zQ=F+vbbH<~ zP=QO+gcwu5F|VhuZA4(1JgV@)Q6?Q5M?yD-PcG{YatJKO20ns?u02_|EkYQDK3b++ zMI;NhG(FlB{S@yj@8)c^Q{LbP!!ky&d$F{qm|R*7i7hc^j=FEkpT!Ee02c~Xbh#5M z8}H^v9<_zX6L^sR_jgB^%~Hw$Smzcj?3CGb=KSFNciMMP_28cq&v{ah^9babOsz|@ zwUvq0U-mu{+YGnj`91j-uCQ{%@22_Kf(npWk=jRXMGODzNPQG+`a!23?SSDxU=1WL zJRE4@VZH&O*?H+3EgRKVy;D6;!C&`T!0rh%lrLnzqYmwId|Zn!-c$B(l=t#Gtr_jDA4$gOs7lJVZ+1&^Lq$ZcdE_Eb{zwDUDa~{ ze$F;D^I13sH=fPnHK9;MzU0~@P`;m})nBy3j`Te|a?<%mXU}tOUw$NhgHcAv4r&p|wyq0iiPG!p^wtP} zU|>681AZrPN0j2T9YhE+nC5d~n68tAjedmDe;Nlk#Z@n~uR_JSaB9!}cW>B`l*#`< zyVbAI?r0G0WP? zWE`|I^K$Jy`$y~caj52S_6JVAfX6tnd?en#1s;ds-HBLOHsh~1d_qT&1lgpbrQ&0;L4nJuNk4(zY}Ee#jS->TPmje$yt{CByi|)w~b)}Zf=AsN#c?TsHcNkP~ zSKK)JM8*$r?&++bkPg~~^A&c78zf@|>9GNx-dd>dzC9eq@BId;1Jt(h&5Z(DzGz|c z!89;Ue$FP7}=&5^ET%M1qIX{CM^qI0?iiUo5FZl1?_o3JM!F>XZ18WmN z;nJN$cV`OZx>c;^oyLhiqe?BzqGN|)8s{V9lNTrO!Ssgabw;H&0uJ#Y?Ub6gV59gj znRv&!{g2;kolpaXu_UPFeR*VRG}zH9ZBM>!k7aXT%M z@EN4Q1O|SIG+~;C4d~7;7Cdb;9hyB0-h-W!f*INh#;g{X%++g{DESC`=|=~HI{ltM z9q(a20(r*zG8z)=l37;sac27t}sLixaZM2&nf^iMHNBbhMg_k zqE6o6Zt9+EhJc`L9C#)X_+K|Zy&Cewz1LS!=b?EgRJzoOL6KfL|6I;O)w1IxW}7m3 zDsvEq$$9WQ4&HSLy5;ONMU|vNix^FBz}cpzOwjxs-`ZD8+j{B;TS;BDbazn}Vg+*V zT>Q<2XrO$MeTz`g{KMvhpeZXxn%g4t&Wm6}sq-m1^Y!wk9ani`#T$tUkS?7tY7!b# zwjNjn{FOp4bm#UsyeKFiBMv_(G}+@Z>wk9}Ws2_l4Q&R~Xo78D>VWCzqpgQ#L|=7; za{1>#<*GYX1MxAy#)XN?(mwC%(APv6h=yl?>J~ZG?if;FhqV|u&}SiG zjtV0pyTE za!~*M2Cvv$KC$rXHEk3h7BwvQtT}Wcf?CNm^UmTvWmCvbOn|*n131tM;F!$CQn*#zYj25?8*$Ui3(Z_Di6v}G$aJ` zD6sF@{tT@?w<%74(}{NzmUEDpO7F38h8KhKa9G~%Lv~$@qh~2v<25JrAz%xV*I`}^ ztQCO_hT28^`P_YEH&F05VzMAC^}heH?jY#80V8^f5_g(ScSQAQDnT z>ZM3qiaym)cxV$q>3Ve#;C4MT+Yc4}Q90GiC&pAX;la{c4mHZQZ7)C;;0s3F^%rmL z=4TeCX}+3=xt-uM5a08bsjbpJkRN|ZhBjlg#5?WbP2ha7PC_)mcrio0)M}FUN;#0= z6IGOJH*&|o8;`OVEBipOxjg(52WpV zyEej$oCVgObkf}me)|E~N4!Pk1gIXI{Tl(!1w2&JzGK$X_=u;yKWva3OBFq21#03a ze>HIumG-eu7nvT?5ax)eZn;!(%C}_WTT-?g*I6jPy{A6Jj>GCn{!&rQ*ml{=4icXl@U!Q{HyD3OYJZ(7UoVq zzKX}ldam&2{f!`BmI$SM;x6xRYQ;~Y`-h&W7cGRbGI>YcUtFs{Khll{UAI3on1Ql5VYxL4Iz38kbIX z=b$qGJnYeb93)4G}qpHiC^TQ{_C-^ zKL6)WH>N(o!h;}$IS+6|J_v6T3qtt0GnWKLRFQPw6u$+XJx zDtGJx%7MM6{E_pvv~q8eNV9Kkku*W&-vmp<%LS%zO15A;m7DIkNn~^hAXNSl1hGHD z(umVopXLPb-{Q(0ymqvhb7g2BYA)@I_rq^O{BQVO9EVOj!kJ?vE+nkyK9iJu-@W)i znMC*Djzmiknb>+jP+p|yzC<iBzHLzIh;lS8H#3)-=*C4Z@mbn({#f^vH;{(FpbD(*0FS2JZoWrK)kgeVYS1`Yif41c?a4e@rSy{rn4RHm(yQK29Af5Dm3KwX`cE92sCjBoSfnL@}6zawz)32(QuS zBv3xa?uJ#yEGak)81v-$g62Lv^@g6%c!Aq;`aw{7FBu}y*K_ZTUoPnmF+Jm?(pMhg zbjM-tHT;y&-!sjmuXHGIkVRi`uEy^22wc-)x-3-129=H9N$;%CnXRArnQe|~9xA&{ zE|O$}9kjsUedt|^z2X}&TFRp+Jz6EYTg1e;VR(mjqGzY%a^=0A!kf?Zr9UcuSjt>7 zNxPH8#06B)(I|%PrAF}SFO#jqPHnh$&$3}#^bbUz;ix32`dwe`$at`t5-ND|N5~19%EK4PDU?EUbZ=cO)9mGZ|ybcRpIZRwl055owr93CX*tg z@g9fO z$NL^es~^xbCD#SvM%2lFiDdcsp3BGd14{eBK6oOi-z3Ic4O=1ZWVZto&7W!kxtcQ@ z=ORaAnr6!+L8h&facNw55H~@$?RR9tuYZyz%inDubp5QgIqdc9-;2U?#ql`*P7IcU z{r~*3kl+i}wqe3ss*Llyi<6O}6^}=9ltYuLZ96{g4D?2++`RQUY`h1mB-Jsm1!BZ* ziM3}%dE@R}T`8b4Oi2DRm+z`L?f*<6{vVm*b!7^*ug~m$&z1BieY`%pM-~-=8P2Uh zi6QnXvfCEE?arFQgGfVu+23!*{b_qB`F=>TrwvDI|B-My)h56l7DjzofV26uI;8F? zS1hOX=bK)lA~B}tkkYd(snd{?&yP1nz+h(-UfTPPJ1XNKWWB6kK zRyoBT)fc_c7?n-fCqh^!Mo-9*fA+V{q3R~>P9()=U53Pusfru;F7o8tAg9X-&05}k z_|?r*3$E&Fd0uc2Ss0VFBmi}kkiS}LgtcMCa!9*T$3px?xfF|@6$=D3@<&4@gx+_~ z|B2MrgW*~M6UTMRfW$~Q;Bw0dR;ZDVb+Y+0R-lP`)eVgvGln_R3t`o}ZxLSZzPXj= zYK*53Uk!C@ZH=|8voa0vPpzNkp{-*bap1?qA_x<58|s|Ov(ajsRF~3~&O$TV#`v@Z zM{a(gQ7-sSs!&QD!$(a|ox#1Z@06v55(4!}3|jE={`#+CY-zW786D=%2CNvF#h2Fe z$ZzCMgwhJocl~3#<#b@_N+Xq2<~;5+yI=jZuHV8!Ta2OI6qv!N35Gq)1YeCmX|B5` zv7QyQu*9Ff5-lPXP-!+cdIC+;k{xgL2Ez_eItn5HOEY2&#j zXCKYe7CSYJ5G{Q$HLSm6{x;x$zUX5;yL~sSM#!@*P5LmYb9gCDRo}MM{az2-8i0!g zdWnYQBDG@>sQ6B7Vn&(ko7>UDJTVj5IQimz$^A5pvinWjU#vhQn^aWO6yJ<1K$n9+z&X5Z?Q+S2DB z)HLsWaUSHUVUU5w)D7n8k7Dim7x_EpXC;;cX;+?udg@hj&v`kMOSty4kK4CJTx-Fy zloROX;)lLe>k@)$<;1IPCtk1~HdEFwOLM-df(NsL8bEYeLT9uwN)+!dyf*=+08aM0 zgL0L4c0tQt>ZYv6^x~wOpME6Y&M&_6Phj<|;HyP8mA{K+Y~xvw*v@^qf#+2Rs9|EM zj9b1$fwa1xM8dQ;eOp%#+rLS7HrH^_Q@NANwqRzoy!?1rZxtt{!HUxcmOqts^#A}Z z?1Jc6@@Td7N*-R+ILL%y+#A=iz!ECH4;h|Dd;acFi3+neoI$|EABlr#{K)PkTFqB> zu;+7Pi4uIA|<2X&Uc9+Gnqp@Bhd^k_a=_N zVoVXSX$K!j^5>FGGfSjQD8X;@2rsBxmx^ z`Tj27W$P$4U2jkt9Z2mEn48Bao*0k@f@Tfr$8E#{pt=61|KD}psb_k z4d+pCuy|*QN(s6QO_ELT`Zk)*xCH`|i^i&JumefJpqx);E4ee>$Re6c8US1N-N&yP3(V z7&=h4Z;!j(-GuU?~kkg180Ihkx5uC^3WSF`s2CF%4m^@vsiz%!bl z3nf`6!ZU-^6GK~$l~#Z?lm0+p;hx{GlA#4K?EbGFC4tK^@-+z zP?B0&+_Nq*=h*VM@f!A|3C#7pv}o9&QT)QvX+lLirCRfd5(K-^dy(;`wASxp{RpHEd!c=vT(f{_rJx}b6(s4y`ZF6hYfxwXcV7T31EY7Y7JAH7Gof{NgW5vMK1W-A{IeG933T>0pLdx)`_9<(`yoWPVkgcsJ9;ae5HC8AHMr9n(PgtgqB`biq<-bsi^V{X zwH7c1Dpaj(UA-`t!zo#A4&#zcwAmew)l)mbdMzOCiNUL&Xn(`80;8n(BD=a)2{I@BY3bjsUY(`-y}8=%6`>d3<b~p?J);$%FYe&$m`JmyGaek&6TAv+~%4#_S6!3W` za~3srI+P@YO*(5O?s+y_gG_TAwHB#e?QAeDt2@{sRK@Pc@tF%H;479>6?4Vx&6RM0 zVmV!!@EI9>RHjv%`>Ueu$A>0p5&rGGUCAN1vk8o3%|nJpQTqPJ>E^W;Jh}DGFT8&K zG;KT)Zxt_3ksq_K4#1()S5CcE9Mkn#!55=>xnVWw7|Xo)T~oI6d7fNQh7ZN&gh}95 zsXYMjO$$VmDk<&Yue}<6tF#DcY+h62ue-|x-tLCKT6B409=@m@m~wK6+Xg2ODW(3` zK_)6Sni1Z_EBm!8}gmO@YTY`<<7vlPA?L|`u-B=zW~7gjbJ0r*kxY^TgMBXp@O70Tz`3+J+KdNkgn>~~w*f20OK`76 zmevjedCSxhw<86js2&}yk;7IwuQCAn3|}UV4NqdkrfKRF%lyp=((EuxeL7ueD%wQa zmM0&Mo;n@s2ed&H7I}jn5VJ(i!KQRSGX6z%Sp#0Tu&4o=t<9{iql;kJ=N2^ZOnqMMevS+)@xySbwWs687@ZR0m#T$H5D`-!S|XG9`vt{C9>C-3JpdsAHZ` zrlrCDbdUtb=F7cM;TFn2z7k7qiFbNBwHCg+YM&nFAQ9>HNcfd%69y>l%KTMI8cdO^ zcvuMAty|+CpzMiGy5}IFszj&PJV_nbl?mTE7je0}s*B)r`q+aQ%CtoJEypQk$#;=f zxJJq>pw!BjzsAL+LoXjq5Ty;Q5U6eKxDY&z`^w3gA7C*hFqQ?#lQoAyn(%nahOaeU zY^u>84ZhgFP!nig?$O?_!;uxlcP$b9%@behPhA{PH8Fe50S-4Q1*y_up|SD~FJY-P z;)|CwYwUBLhiHzf_-W-*Ibd<>+;$q6KL*y(ev3>fciEHXi%0>|pwPzlfgD;)&6Fk? zpKPAy(A5!+?ZF06c)9QiN1Fw&S6L=FoT z`VDpdNheYo9WzLR8sdNHe=)Y1V2xd3@v#W~=kE`3)Q=hJ-jNtuve|L|8KWjeg>e3> zAxe}Yd|O#SZ?ISQF1%7+f>Y(O`8exZt}es+HD%j~ zxRbcO2|&mi=6iqAd2MzfXIGCEzf^Q&$bI-RorWkPmHb%E&Hy{8K$#$j{cbQ(iPQP= z!m9B^^Uqm+Ax4HtMZT;z0u_pRqZzp8T*VhBbU|LL8FWp|XC(d(n?{{wb*J^Uoox@~ zhO%MlnPV35*o!uXlFy`ky<1!OvQ_l7vXrMChyA}0ezC|fLJMIaO@Kq~LjPE8&+_T- z#JN`e39#`aifKKdbzCLhR5tCM@wJJE2KLcarY#|KX!U7eOjFzJc&og%Pe7JT0Ddg} z1G&iqJ_WsudGs5Zr~;MJnw8M!4(5$3$wuW8xOg{LX|$buUY+0W1g4!4riG>AYrMC@ z#OII5OW-YvADNh-l0M%DfgOfYJkU$VZ>_PPCx~f*A)1g3Q1KH<-!R9dC$R?P9B8^S z6UZ+^*PZv~qZ$rCc{lu~es$YOSgTd0Ke5m5Gy{~eijTMPSXgl0_oyvT1=>6rD;o?% z-NY_$JiJ59FbUm&9U<28Lz_gss|SIK+nNv8PL-TdT>C~t4fxM9WOGcO-1;Qr(u?h{^rG+te?^hj!ziJ<(4v zoQu4*m*S;&9dfNtf|tYlGY-w7%B=|l%S1FnA-XLQp($?iqt1}>*G@X$8U!~85qD|A z0;^aH-nB^QjD?3JDZfO?Uaf$@2E`k~AFi4~D>VU2wm}VD)K~ABhnWjXu()~vl1>W` zBu*zSvJH;X7eBBxE;FcSMr1S6eJz;ebeP8JO2jN)4(s-jpdsJ z6DEE*h?TDjMb}^i#&FCMsJ!9Hjg?l1R5=N!up7$%eA`FUY*YglK^eM{iq2cUsV$oR zS#_xCJZuryh39GK*?gGHvs5MHW*C@{_3d0@!{6w#N+ZKlDWK~J+6*JX-S6Bg58d)M z-@aFbn&j-v#E!UQ|D~*n{n*d#y&O#aa^BBMRN4(haQCt=&3a#^jc1YoF4WHO)(8^Q zYz5j7P}HZSHTI-PO8r&bTsvab_i8~hIR;Xi)L?A1?)zF#-}CFmqIBpFSEP8u0c>5? zd)-wEa;@~Xvk6crztoRGW=hy#iB9{`h|C_XDOvtkQA8#z(BO-4YbfcW1Ryja9isk(l_=q(Q+q3-8A$`FokX z+UZVn@V`C^u;fi#?|CdX9>y&nK=|SB5_ppjHiuaQ^GJ^OzR9&H1`jV268~ImHS@6W zv|GG?{mYjHJq5i-I>vEm*Iwj%>lqi6#hc1=`uL+*`NbtOFKtuqTgKq**@b!bZD_ZS za>N22_f0{3E*8o}NJrL}ilu%1AmVDN!x0PhLUjn`nt!-s0>cnbWP;BT!MU-r4As9` zpkG{d9W%Py7~foETIsIa<9JbF-}8;>p=ZyxUL{D#W2doyB?4StPd zGG(iTC|yIAS1=0HgN@ed+RGLFP-eWUZP;(%_~uwP#9wg}5ep67gEQk0OiniTEV>C*xO=vSi>o6|0SB?cJQY z^>mZSrxsv+5|efQ#%2OHgZV-fa(W#Pf?J3>nn}KZLFQ?_FT$@2`lCG0aiNK)EE=1z ziyn?Ai7|=B3?rqgm&ImQ>9CvIUj_WUBbwow81;@S1!E>jrVKw1d}&N~(7B|zU&SL0 z1QL!2@CVxr_>Dg4_7Vrt#_cowG_Tiq?W&oL8)bN==xEICm14>ntd@GrCE5{Oe6@yH zWnS0j&zYq?e2JzRCY}qG(<3FMZVJ zR)*6>)-XCoEu{w<#Mx-RI2CYq(i7g&=64|^6z%*UptawysCXAuHZ6aFKTK4|KbR;c zSh)NkJn4^^rtlvHsWdR#Ck-Z~`BD2bMZ|x^)FeSnO%gEw!?RHr>;IVbw4mOh?vHrv zGv$I&VRFHA{B_o}{)60xzIo`lzfhPx5T~@?IyGC~NI{l@k;peNNW*OoZO5aYWbnT8 z;KmzNs$oh=UKmO6s$wqA3Z0YO9wJ8K{Rwp#m4-A8spO%4(idYH%w?EcrHbSXo|563 z<3eU^$Y%wJo4!uD#_N5v53VzqevE+3-s5$jHNHvwQA}>sQcHH;1m8RQ3=wd1O4Qmpp zRw8{Lw<*jsI#%FzWyX|El)hiktA)qPX?RAiM+NfQi${33G}=piol(4wU-R zElhiG;b{F5*zPomVLXEi19>d3ZM-qit|9wbCwDT#R4Zz?O_w{{HG55IuqY+bkzRGB zC~G>BJJBOr|KRg}L7e}0{JzUXiF2w#3hmGDlr4zw`G?+9{0FzE-e&~}Y4ma>C?gyH z&Vjvu%mEY|DeNWYAc*)rUuQ6OHV?M3pp8hp(DmHBB7p?Z{8CMee`0fb6)1?kA9R{F zNl}HcF_B|X8vfAq$fJ~P$MbV((fu>{4B!G5bv>)PGRS_v>Af<@E(HX45qI@gG~LeLALhCAVd7aAmd&#zdmM|wKyzK+ClKk zK5OlyMitt2slMw#Pe(|y@fR5Q1;VhX_c^NNb&n?zUZFM8^0*S!{~<5 zoF*NR_u_Kaa6w68NdhjIgRI^9P>?Es#(6KuB8Sgqu%GwOD_3{wI)J7@y$NIX$W1E3`ZujoTsMugU9sSO1r`|Q8Da?B zhget$B5Up0C|#HW3*Z^mli!Y8$)NB9+;0O9KX*UkesyPRosYO)o-N+)UIicjTWQN) zo&Mhp8QX^5zgOCB-2WByz}sJlhAzM#n0>Pd-D@JTnDb)13WlOG&_lJft#10BU_f-| zMC@(bGz*z4!m0p&$hczrh&8OGn1hKZ_1-MuU}F&@Z^c63y4cAOnJl=Wjk`|rR?o!y zIxbX_+?Za7NftHa<21-NYg!|7R?rrU$UzX*q#?$D8mm~51BSwBX~-0$T-&0JbPWCs&ENw$CGITTbFz?^j6Wg z-8nJC;H=7reWwGcVx(>;lE7l72kbjo^TUra{ZZjiue*3p=t7&$ars3X$!p>@sH&6@ zX}TC0D9S*hs?9lxNPTf8 zvcZCw?v|r28VIc0XIO334#Is1$Gd19FV?;Z=WY^mc7)6MW}!Y&h)Z0+a3+$iebzC* z{H4b81q<~|T>0pc+fR-;fvOf?`&h?Y1E0~dnT48{H#MMNvHcmg71q6X6)FZu2X+i> zt4?DtH+krVJ;{kXV0%k1*j$H1#HB^o4bD;DHBIM@s@udyLf1aVs@;v@U^)AC?p6LQ ztSSJTRGNDI_KT{cArfb_i7ffHn!|*g`O9o>vdzHVKi@= z(5_%w=R49zE=iO({GOU8oCA~)-Z>|A@$I7_5IP+k{;bO*tH|9KJ<>)~s+>~vis<#- zrTi!3i{@2ve}p!wc}>i8^TrBziBAM$$#4lyi86_I)RsZd7`X4@ z#t;WyMU^xEtb9ocV|YmKDE!X)=f?x5=OS28Yuvq{ZZ8(}pbfVbPo^8>75TE?xOx6w1E{-I%% zR_TuMdVZ4*?tgfIadMAUTNE)=Yjxa_O247RJbk?rCQhm$aVY3XH*tTVbOGvXNfcu} zO*-{PvNQ*60Y#BZvG~wy?E9NL=N!DmWf9UwxRGHTH~qfyox_f*^s@a@gUotkYn!kb%_T`) zJ&Ox2tHfJAO*?cY&>=K+4br=W?|P7Q1wTiiA(vKSD7t^%k`}zmHAFk} z%EPLIFcd7vk@uv&{(cm_*bS+);p?O_$HSsG^t)g_r~%9o+Nuetlq<}Eb;?CuNMU$F zuBNTcPu>*_kQxg+h$fB@#G6bPsn0qrGI9~dGS;j}d+?j_xk5oDE1lb-94?jofE_uj z5u{S}#;rS-HTyb({BJ?E>m3JP{Ljk1gCS(%RY<|BTM`lY@>F)%DKfLiR3V6_n z87aTq+XJY3M}VdVdol~?#e>ZbVIz(ERHRZ^(8652=#_c@Ba+&6l*m;?O!wT;t2tn} ztgQ!CfLFRAggcL)ZIb>42;FkT&-BA^`9d)-Mh*_fL#&K_sh~abjxf`N$xs0>)hkBA zRDd4fTaq9@ynORH(w|L(K8Eg@pD4ez-!?%lE;ctOZTx}Av+1R^1WuOV7hVavivbwT zTq8mo?MEd68~R-t_eDcMJQ-`~C*}U+@YD0;qPliIW+~d-Q_Unn77x20Uy(4oZcbn2 zipNo~eNFv~*qAWikX&L-aU}J2QWM)D0)syPCj-}D?8)w>bShwjH$IgF9xLVA80xs?$F70X3mjHmX3YZ&v;!FNt7c%^hQ?t8m-Yw zA+6z-)>yFddJSS)Xu`-#67fi2mBwixGNup(5pBbh9B;A#6%q@l>@A_an9iE?xs_A+ z$pw!N$#ijvBec}jxtqd1o264iV)^`8B)~?O7P9qyM%AoUv+!P+TKSKF$fxN{^9E^v z`Q?e>H~6q%sp_=J4ocf|U7}Kb4iGnih1kAy3**>dH0k@~19tQ>l7_yci$_Z$3+xui&v10}DY!)r$Es}K;^)8dJzF?ZoX~JGydx_98JJ+`=bxf@C}gyd+*e$5Xr z5VxDQQ*!7zLv*!Kl)eBP7o2bTN8^}l?0A!EaPDF4!NqY0x4apko>@V54;>8`I0`%u zNml^W8nbod+MuDhx}f8PuT^cOl|XO~`R369@RoLbE>c$VE}1gRI+UKF^R2Gw&giV(!Bgc{XDOodmMl z7AnxE6-SyoFuQep-=c54dMgNlh(pv~G}05DkQ7_{l;30&@qG2qL&gsFG1aIny zVxle`2`pdR&la1qBl4ABqfN4ELM~L%nY@Le=T-JM3N3a}W5OalqSn{!|2OvDIx3Ft z-SF?P@}J^0 z(6ik5XF}~ewXPYJepSi5j#=rCLRP9qvrH}14YnW7`Q`7-Vyb@UGTmHMIjZ8>M%27Y zUj29U)-Z_PI`ZR`Vg923QofXtjq5KuP#Psb31mRiP^x6V_>P~M7Rdi>sjRJBxI=p( zWE9U2%$7S?eZiKxbpGN4tzDXBgCfJ83$G~KcW!AkpPIjcLVe(rx*`{d@j5UN`mx8G zM&Y(Rr{MEK3ZajuXzL8&d_$S2^!!t}`J30=S8n2dDwxbcVYpN{2C<@v8zEI%2m#S4 zlJ8#I7O6objR&}I1!wP*+gB3|8hCKI7k(092PTf5NdjW|C}IMYkSVT^-PR|TFm#VO zZ+c%uPE%P9@?x%*xT0oxs;KUue0F)orSX_|eD3P`rT+?IzHc)W)gAHnsp03#3<)(>j_U|4ufMwasCj}?u4HfG!*i=rudpi`R4A4`eID_4nUvY zb7H}#6ni|Cu9I@>lId;x9W0;zRWYnQ4OBgrxa6hnJ%EF+%_dURA<3-mHl?mx_F~t*+ig&wC*e3?rRrIv`}-vKadNsT*T(2u zhsKU!#~ID$cfb9NX#6x|Rsl3{+4^d?xeDIv_0(u~Wfrfbv;l2yPE?GHc0|WB1dY9e zm#U#vsc|3gY)5W!>;xiu1Pfr^Ox~1rYVLqh^t+k#0ERb9B2Tx1Mx>H2;Q=rz z8y91RZjLycRguy*_ZU|lzB2*!hpqIL4O?vNqRC=MC6Jg$+*b&6L3_wpy&Wn zqJd>}<2dni|0wSI;5gk|m2`1s=Z0h*1r7bse}UrOe*-aC{O1gJ8-(hWdB4VDHAe=oHEi&LWoaK)T+oEtmsP%KRvuyhbFd9a>8<9N$zC4sR^+V8S+;UD z9&`~#@L@*qwjGYHv7U)-s2V3|lwy2HWag6=J{*%>8dTpV6n~Hq_h87M%43EKPwe#d zv}2OuXyEVoK{c3$OoI@n;XI%WL1IwF31=++4*&2{*d5nq^&wJMNVxG_1h+~p!yGqg zmq9P>^9fGl3C_=l4|+#%yb?*BzJ4y$`i(EeVz2veECA09FJF}^ zB0(P`#1{f_o}BShtv--i8|vU)8usYZvEUj0q_? z?Ui!;Wqn-4I*!xXklO0T-TxaPY|$NUSm!##EZ=*9P46%VTJDygBQlaGMQCW|MIV91 zoFS6xzVuSHZylRM&YowVk(l1}!RKvym+6|&AQWehtHsSB)V7|WQ- z%6>lCMdsc*!cXPBRu$NB{JkGom^$rLmN1Z%jl=K!5jIe7+WH8}hA>dg|1GwviVmI8Fa#HG4>t-X7yIr_Bz0+?~|1gVa=W0G7ni^6nUj z2JO$2`P$WGZ~Z?vRpw;6vDh9FfYIj^LBeQ;=;7#J>+u1ZQ z_;P~plKm}g15B9BjEae6kay!R`f~T2AfK{I56;#2N8K*qOn0tgZ@?6MyF&eA8l-4xKOGLKF9P?ZM>qucC=_qc;#v z?}0x$0X2b}oq>ua1U9#STM+sxbMSc>mt_VkDTA0DUqVqIttE#N+whA!G?o&JqRjl< z4SC&lq=JeZKDYa77^%yMI6nWJafgaW+Ed)F_@z#Ii>KRCFJAW~UKgH1w!>(aMp4fF zl{;Q8=t~L38eB|MAl=#+RpOX@i^{VLhW&0ewU?MJy?ZMbgG4{KzMHDfbLYhri|;77XN%}C3k^Ryjz#&o`^D{oJGl{m}F#%)qF4N@MF@ytc{(M8B_9D9-A29=sg$_fu1;@4Z<5W|u_o1%p89g+R?)QP72L0MkRT6p@9SNgzz$zEM zw|!GIPo9~VI?{)Jd$WE$K?S58EHsOfl8K(vf7uS_5a?>wG9lLhg?ky!I0zrI+J2rq zG>$9)ZdDF~GWVk#-tl+8!rWdz<{o;Es^hN7LyV!ZhPc@~b`V3pucwGb|8UTZ?><+L zir8JejG)98QA#rnoDilb<~2`>u$?5VSPdgPbQpW$h|~qp@#lR=Nk!I6U6%b(@TG`i zAtEZXx+$VB%hQ$FT)yuC6IEu*+07n7Me58>F&dwb9b#(8+xITz^1)0rIcH~zPS7Xx z%s917uw#T`?7_UisO?RriJ`AQPvv5sjvhkYBC+7u!oG5qB0w!8^amDBs#S zYxdBI&ZD2r4sDpWp9gzxW)nwtM-}C(Zt1hA9#F-JQ{o43+|$0O2VDk{ZixMd!7k* z3(5%>55yNSCR+*4C_zn_#_80F2Qg!5JeW2{OJbU9mL8z|VXLrl)v0RxKYnG*i$vcTOMJ_s>;NC@Cuf)pX%b|`Z^Kpk6 zI0h8qSJzP^CbfGMdChnkjw{xV5B+}2KOgVCDwxaZZ!~hgKj$=oyM|SJX;Q9mG+{P7 zR?s7l!2XE)Jrk-Q8dr$-CWD{gvmFzDq805`56tWSj%iabR2LEF;KL#YN*A#Q1a`Ah zH(UkBRU>jpAApF-4pKEKgZZK!Fhvx-!FV%{q&Zyvg?stvFrabYpUQoX`pyaWNSiA_ z)a6SgmR`UMR9Lb97nf3N#=q|Us{?4CJB=xB{8YX#>H}h7WR8zfOqE z3+^P{33g4sAK@wq+?X<=Y2(Hks^GIkmNo~lh_W5C#zCM(M`1MPt{q0ht72W^9`ivk z+&0Y3Ilu(~l2>WOd&vUu`K%f@sR!A?TDD#mq~t%ei}S?6@BLYXCLK*3d0gyaZ^C@I zN`qjg4eJYGN0i(AY*~_&Am^Xi6Q6EVMu|34>a$9&%b@#;ifk<#bG0~*44zM@T|uUo zMD?_dLz;*MmS4X$79u#xNjX#ONz3(y4I*PCmB)GozYvCzq$)@?Wt8TDyfRrvB@H0f zw!c?WQBUGWV!f&c@EqZw)XZV#9uYR3ljY$sv{t>{Qk1wkD0jx}nFfa{O4MrAsAaWPX1HY-PH4}K_`|$K zZ&l(?fATz$mOuTx)2gq~bhHf9{7; z5xg4=(@&54rDUQ}NE2m^ghbfnWH_0kKj#Q?s6VBMUd^PmxM6|BZqDa(6Ty4jNBy3V<=JfeHQ(=p*zvLYv;!EuRq*;0Md04Ha^Ib8t6Da zp<_&RmSYcRvq=cCR`7C1*nrdQQON2S!Z!3b1q{{N@#AD7+L}MGd;=%E|DxA@hvGzc z*3o5so|MziQwfM;TH|m1>q!b7*o4z%2_w@!*8|M+{g_?8MN$gp!7a8tyOxE^6#b7> zDg+&k*=$jzCD+tS*?B!R&$$JOhMZ;#nXHMe2hw9?2pPWGya{n@ zYSoy=iVRG;w5|Lrl`%cmnc+OH%=;eSvw;htZKriu3*=z z%7>1?eMh}irAj(3I>aa_ds`k4QQ&#;?^Hq8JdabLkE5of9`X*H`%4|Rae9P!^fYl| zWt5hyr}nGcUGsF-a%=@gGBIw)nY|bHUK%;&??O#$256P>0-?*l2~Q*FxI!gT_1+2l z@*JZMY{hOH-ca2u!?Q;zDXU_dOvfgb?hg9kx5i@yWoVXuQTBlB{FuzwlaHHp2~v?C zpr3UggZ|5f@>wO7FagQ8tSj1HurqE;NH7Qn8%^;=lasH@o#Qrbk7%UT*@$16&&+b8?bbvUa*vk|;tqi`uQ- z>9*ubIs9*C0k-m?vGYnTt<7iLEfKIlz24u@aZK5c(KhAWW;}R|Q+vcE8j5`eVIc*u zCpdbWi*5V@BC^N}q#C+=4O?p*T^X51FfOl^Z?=9-7Yw<+Y*o0O;9UrHaEk5{cuT%& z+493`oQR}-F5CI%%E9e~*TGLhNaHI{ghT77YGtRI0wKfJD1_Uhw| z?BNjevGUdM$K6Mth`z7Vj3I!GQ;0b5k?T)wC$QF+wA4VI+9B>S_i%vYJ4ZCRK%|+H zCw$CnbhUI89d#3$1zojrZ1T;fG%{gl!7?qa=v>kiMhcOyBciTWoQJmwRr^U9_^r3Gkbh_Q%eE0X!l}>!}OT{AjoeW z2!CEa9cdN~5&*GM3XgAL54+BxM>j@#9{HL!8G{{Y7tICSN?+|_``Wa#d~dI4T98T| zHmwR3%_wDu%N>suxKXB-m}9jJ%y2WN^R^|j=sFb&c9)hvx2ZSvCUrdz=oo%$hqV|B zpeYn=!f31>k?k^J1MYDo1+DTg$6CW7FAW^8l1H0RKj;E832U}q`C4d`6IeP8<6bzXBu->(qvzJpg%7g^w_t>mj*juVz zgb|+)4&~lDG$HsX-3}#Ow|o)$L^G%xMvoS?tnR0;yv4RzrdtIOA8do-Bl>(-?26Jv z)K9wi^Wql5I?fjfzb-NO)|@K@+bk8Xib%qCeR8=YaG|*vq#xb^t~k{p^1~9hueL6F zZ`VRdYg^90&YCPs@0?Ij7rdR8O{^U$Rz#ulWwQInViIM^2?{c`AWXpopMy z(3#yh-}9l1Cz5gh2$Q7wtTkyd=XNrflf2w?6S_&_(~g>Y_DY!?b?qGipnUi}oYawP z355a^Gi<32k9nmd@SJC*K4+AXBV$PSwQ!hn-LLk(i&<7uArA{@nWz$=gu5r~3Ak>{ z%SkjR?o{-EVC*`CM}1sfhP9Mcc*tsek>@NM1n4;4{ zEFLZ06Jy4m0bKQMZ?Z(~L)noZsDF055q#fyZ(}T09!#vQ_oN|f{C<{~9(5qb>)8Ar zw>$Bjf0Zw3YeFS`K#%!LHs;7X(YMIrn0ZGw7OFwK>X7mFylIv9nO=_MPg>d^LW| zQ;O!09A%!UO_=|)D2TMF)+Wr?3bA(&3#^@%83%d1;Cp7FL+#=v1o(H1j;A0l3b4b! zC7Q8~UBxFUkdL6hija3QZ5KbY6oL5V>GvO95McW9W*eUS5(|}}THf5Pyr3_DRrDvw zqBxv~9~0U{Ex+V578Fx!PktpwyP~>p{gjPLY%~xhO5$t)DXc?QK?zl&RpMJX%8z!n z{t*#VWkD*+=lI$w^+dT{V|o*rdgleXRt*t(O%3%*TUyra)}fX$GjF$If8M=uG$k!d z*Y1NyxsU9gg8dSj5qrR#S@bsM)~Xa+sRbCAS~T*w-3x_r808y~2q zn`cNaqb|96A`hSu}!Eq5o=Dz;P->N)a8VvU|dRM=062X`nnhzFyA<=bpLcE#C zt+cwmzVs?`t2_5t@TH0s&m~s6R_`UfHiXQWEFju|AIAtaiCuJLhaMI&W!iuhQIC3Xyba|`8<&t&fIlr3|;fv0vbh|Ow9A3&|NzWz^a;+BLrT(sqpA`OY0e-(!L{3wAanh+rwmx(mCS&~ zEaEb>l_;ZW1BGt$5-`BWTSKSf-xt4~d?BwUJh7jk^=(zQaZ z8%eUq8YmPIXe0=E<6IExlz{ z=iOiP-`HY7e#CBE$=%(7Enw~V&Lte;!i$2QcB%yAaL0s#s&o9nctrNO8SRe}K%(wP zyPNiM5Eb936h>!h<+1$X=nG%$f_Omva436^TmZ-JBWQ4M?*;+8H%rA;S($JD*yG!7 z5rO4tn0;RyV%&6b8y{U2pfiGT3-=|XEByWg&UB}>03%Dc*CWAc^rf4-nFJTzGN zlYM6BzHm$v0gbH{O8L6%x2~zxRqN#_PUMThk7~v|lznc}+y-^q(ah`kymz!bY5he!M?|&0KMJ!(y`sfiDq+M?*zYOY>t6 z%X&hht+>tJw28w4!WDDJXEYJ z`is83oXz%7&Za>uq|1Wjs3h8o_Um^RBa@BM6E1LS3fVN0MrYl1D&hiwQKm_l7X%n@Y$Pek4>-|1g~?qjt#+=lE41g^Ius22x*9<;J`hGa z<6a_44wgoP@Rr<&^{7X&NPkG6qoe*I=C69?(c?)QUX{BL$j26*C$7kG%w1T7f%KRv z6I`ws9Fe3oc6yNV=j=!nn6<5?x9xUdFU4jruj6YeTgn?_&Jal{=>Hf9}msD5jp z?5>JX&X?CG#3@6?4NsN#0Pwb6+8u$n$}P#&*~_RSgC{S+VzvuY7yd1^i`_?uagfM8 z=6lUmN7JJTl}j(NT~4>2TFu8d?$YS+)(dc^QyHuRBS~f>bvk{NzfayS~#0tx{XTPU_G$%oBRNY3%N% z6SUO4XK(C}E|stTD;Jnu;N9J`9gMbevi>*oUTZ)oerE z4h7z}{ONH`@{j!Ul6rDMo-Cn+tVWIhB-=ros4Rqw$T>o#@D~f;vQ-DQW>-jI30Xc* z>Jak77pW$mLPPdtHHtgR?p;!n9Lg}(Z@C}A8AnBC828taca&MSi+`Ya?}kza>sDP! z(Y}=UXA*8WwAo_F%dD>f{i|_tkzb;_Lm5`A2ksV*iTq2Y*_q}Fy-#2wp^sFkp}xvV zPMf<U;!zWIq=$D8S zWs`(1k|04tZ_J&^4rR)+8m<MKSGMB8PXB%*j z0#K+wUMTl0Y-E2pd};>fdRQ|GURCa2Q?ywFV(6>lf;1&cOQa)UA?)?`KB}WV z0$2HhWC>1pjYhoQF{g>ESMDUpvnAgfRxN1&@N&T6TAQbqSPSEFGv11FSWXwee2#uY z0BG1#cALWteypSJ<=YqI_>%zkZqo##*RAx%Szeop$AG`MdoaGlB|fzSESwzja!6r59;Ki@1BM4qjOpW`l7t|?vVC!O={JF$+ju-=TEr*J*}#`G z089|}O-14G(CsiuZ^&bsz}sMvy&LvcI-ljGJ;FqMZ}O{{YA0GvE!)dsrOtSXnM#!w z9T&Lyu2hqq52_@Vh1Q_n+^ki6F)}w1+8O#|w7vXL%-Lze_*k&%_sZNmYkZs*eke zWz?jp?tfoOJQhYiF3W(@+AxTE!WiV=6tnGMq@kvM1o_B!$yEEm9Uoclj*ncF8|$y@ zDChOqYT%05srRamM@3km4y{sfCBxp zh@&idVlTiwQP8oSIotM3SsX7@83H;raTaCb17Fsuuqe3Yi9G`jnopj)itMu>_JPem z(oJ1(`1XWU(ovG+A6P8jEC_wd!M_=0IL{Y%@V7fUQQ)8}o<<%Vet&6pnDpEX)ZOu4 z$aJ6|G^1m4G(D<5@WitH_N1Ifs^_(=MEV|V;!?TejC3Eq>uzY2V+h7s-u1**-YV7M z^(S6pa{ey9gi=DU7SGmV`Cub2K1p!>fQ>+AJGe5UBuAPbp6zn;4qR%VD0@pJ*GZAo z_9N1t+mUZRDBByos)n}HhSipZ1Es@2#w9>7#q;E})9mu8rL|RHl=XyG3Q(=p9W!MZ zVguGr*e!)i{HdF;_buODSvmLWTDJ!N89MHw zTPigRaoZtEyX<&qSP{f@&a8yEA9K0%ko4rMat3GpsoJuOsZO{&DPqF1z6C(~_<8bj zw>Z&@2bVmuyl*rJJ>y0X*4*VClN^`fdjc&$zzm{A8& z>N@@3KW-=tpxe&RO!~PUH#0rj7&kL9Pln+4PU}zn3`GOD)Lb*i6%r8zyhQi7}R<)&$1dvi{%DJlrF&mE>r2{NkU=679%lyI~ZPtaaYmee{oAhht?nf_F5>KMDMPfCjOR-owELBKDBE*`jbo% z_fDowIOKSd=IVf(Y6_d)wP{+5tZ;WJI}JcCkzM%&eN!QJTXuda*$E&UuC$M>iymPq zQLhZBbEB~=iPPrU=XXh2GiWNmIj4DPME;_opv3vzX#8r$j5gzIVL*td9#}s@4@(^< zV2Xp&^5l>8-5IbyUQjd~-?^`m?;pyC#rXmW2M``!>&1j&c80G!%@D>&nkAR8_H z`OW9kUkF+R{3&i{I4O`vRM(Ge4)J9SNAAV^u6f1HcT{YN$6ULP@A<{*V?!XG1=oQ5 zhAkH&?hv@+h?EH~`rF{(wC8;da(RfKvXE`{P4n4wlbpH^Is~qc4_#IiEQKbYPq>7c zA_@RLTr_<0@Lko@z%hrGcb3nBLm?H_(i3IbM_RM3p>>b0$Zg6wnFT@*lwFVmzbi&e zk>Q8|B>Tz1R5uOeC!V1GJQZ-(>ZeC4;<1g9DeBQCc1~d-{*Heg^04Mjx#mw9X0F0ALa_^Zd|044 zbSX4=j=V*wyO*m7<@Dz$Ew>x&m&Z}u*<60H*4q{-UCIX>QBmFl1joyckATm66(oQ) z1b7I89zF3Dw5KdT;i2JxuV7V9n<^mIhoLp+fWa|P@e8@@ZHV`wyb)_FMDD0edI;7wld04io=3>|KxNZ`ixWKVa`| zf5YC@|3Qxbf3z_I%Eexle6_NoV5~19mE&rYuV#cSKBio1Cch{~Vds=q{1~GyQzXKk z^PmW?w3Hp~tkLiWKsR(c=n0(Rrylgp{G%HLooj<_lX0A_}@e;ic!SR5Gh37A> zb|S0agQui^dek&}*@jR(MUbkU*F(k^!GbUHdP7b_;~TbC_G9bwIFoE4V;(T7!|aSy zr5WSAfIR8w?}n|$iI9;d)5My+#?9~@?;CBoJyNN)7ssU>Cb@Vlw79% zZq~f&t;xQB{)>l=5{O^B8RzF0MtpPXXW<{|16@lm@-quXLG*a8Iy3e^?k*AN|M^d2McbH@>D_;2jqTyFtj%GMbI!5i zE6k?e!YaSSBwPuSqd|MFtqX#aScsA58Na%a;v4xI(MR9jmg!Z?qc>2>yeEs0Md z1X2AOQtxH*{)D-c zVrU+%tckk8Irsg(zqGDJ;QCU%AanuBPBrRkOjz9Uw*E(CvIDur)6rQ4u7l&3GUvy~ z3);djYvey*{_&fEEPUC#oOqFOqKs@BxW%XU?+95S-8e#DP3VDQJ@ANm-^iw&rcxd$ z@GlZhRoq|sYrPjV?je2P2XHn&Nq&h8!>p7_lHvJq&0m*)&{4VXO>xwL+QKx^9MRbH ztvBEc71vVCl%01ttopAP9;l`kWTo}>Q=t~G?>em?jnn&Hz&+*IjC zmATh`tbr;%AAi9SFN>-eJoYf>O>n}aOJjO5Ws_{fuYA>6Dk}a8QE{H z|3G?Rd?>Z?W}xXDI9VOx{7@dSTk!|)^hKWa#MjXRWf~o0B&vC9P7~`43(RwlHXXD3 ze0va4aqqS33}jIywX0m8d5oUIrEcKJLl7?{o3Wn6HiGN!^@~iFqID{cOcXbN zhvxw<%aE4PI-+ByCpLkcW9xtOkXTPYe~K9Q!Dyr02etSqa;R)9C1wnTV0q%hE5z;$ z(r6H%DY*XzQIA&Muwq(wyCK1IA?DJtIwBSaH#KA#++ObF^_YGlWK=k@b@_?JSG~PF z$2$`HL;7Tw(a&uPs#jM5(%BlMQ@vB#D?9H1%G^6)b6Rv~4JjzPs_dY@cC%rq-4+L$ z@q21S@kCZl7f&XFaHx$ur~5BxJ}OZr^k?Gqn5f`wyh;U-ZA+R_h8AKS2HX@vv2_C% zaABa>LS=jk`RX=qu{V61dnjC2Ib(vDfl8e$p}j7$F1?7iy@{LM6lb;R;+Ku+e{F#U`j>H9%^ z^fPB7B_Rh@yY^49lLGBJW_7HF{i{aQfQ*R})o8K6u+3Df_{BoZ)z4RI5;HfYayY1M zAbUEr%CP_HV)x|0(w8D=p`Yx0aKce0)t$#}CvJ2%#m9IRYK!Hz^Rok!+fVQ%Q_G=g z4?L_VsdY*`*Hg>ZF4~d%9W&MwWHz=^J60m+avMgb+}wkl$V)=rHK|=`7myI699P3K za*9jS{|W3{w`y3hF;9-r7|Hd|#Ufy=;7HGQimV$d8Y?wguWsp^Hiie5Kab+Ge6(9~ zz+!dZvXobUP~qyD@S0Y72>mNv>oWn7>W(KiZ(<=bt+MoY_Yu_zaC58N!eNmqET=K4 zMdOFMeWWFass8G_zS?w&n2~P2j%92_exy~30+vtmrWuHLcH1E9+PU}We*@K}M9U6; z#}$co`Zuq6n9^+N4~Tb$5?RNYaz&D`{LO0yfxKwLM?ETQmp!&7T#+d(|Kda6QF%}B zr9imIJ8T!#f2Tg*wE|ivBY}5FgRwG-)2#*ExE#E>7;Izv0C+Zc_L)KyIDo!(uMYrWN|c$?`B4uZ zvu)|nyQuP)YI`l*>kbDm3}y2OT}t&iQU$@ZMDb)13c);|c4ALE?6|1x7;bEz*)&2s z;jT6&qpxPjExKnfAmW)l2+doGWzw?BgOpoOL}+FCzsq|ghpxjBro+}AuaZ){X;l80 zjNSaDkE!DTl97%GAMeS&GlEg@4its72g{YQG%oks^LX_$;I$U2<{8geq*@qyD{MV0 z1Uu+4&rkHCPTM+_pvl$hpE^bCzk2nF%F_P(`G&1VTW#c8z4%A>B6*3tiSr5_=i~!7 zHM8OpG?c)uVEMuKwq9S(q~h4O6r^I`;g0{n?|SQ>$DCip!J89QZ~ae6pWvC4@*ai% z2b%55o@Lztesw?U7D3H22aZ=3uV92sQ5fr87( z*(0-*Rr(>^1ALteqV(y!fzh{Pjq9L`5uHvUH=WJqywIyq(!NT@|%H{yRv3mX+=%^?n7JY~o!Q)TAH} zGRQ-GN-CAeYR&y^*Vg>yOU=Y;^SeBhFaRNAFZ4TKO=etiGgMJ)2N)gFTK25|ZawJ;lUyzP z5%B%+L=6;ZLS6iY)RxpAaw!C%t>lyBAY@q-sTJJb5r)b~C^8ZJg#0Q{7AVwDGhrw} zs46)4Pj-oP%u<1AH4sLPVaUE~J)p~W=*gS+PUO#&sn4bPA6c3$`MI)cxwjF4s3nz zajZVg*yKO%&?XORn?ga)LGJF)1CaX4VT0co4g z02r)rsP~oEx&Di)y6ir8+>s`RbOsM8T_j4w3fD#m_bl39KFMZ^Ne>>8XY`m0>CW3q zAJD3}bol{!-cg(XZJS`zuH}tAv;~Q*DThxuX1TV<3Gi4S6A7J6D)Fq$X1!&?*!^mJ323Q_ZV(nApM5!!ZQJllcZBHaQJpzCxQ8Y6(6j@3y z5d1iLf05~}SS%GKXC!_McOrzSy!b76y~k$|BLL8w0wVpECNg6T6HXwT(9giWWGI9D zXRhScN`?$6UW$Q4asAo&D53R_^5T9pyQ9Y-1M=u^X5{}N1M+_y5xR~@5?Vtv ziO;cp#BFJFTY$&5*SK!!&okqgnyHZQ!_8zVdfrcz*pRE4u;+E?1R1VYZDDvisH-eM zFfJjrq?VCw9HgwliGLQsC8n>Hly{gEs-NJlK%}*h((1SeLCxWCChRM}4is z^~zG8oGQPR9*flDati9_>wTZj+L?0o`^}K1vB};D9R=;^R_Sk5p~2>%pQWwL z62n8eUEXeHY+hw-p70nd^3?{8I z16tU6%!WpI-;wCCTMA(iN@KXDE7BszqPHd*6JEVkQlkQ-bqe>R) zlGC6PbTC%zC)yxb={Yw%k5h+fiB$(XA0`bon81r2|tWKfR+$Gea$mz zepCr@y!R@p&1B5Z;q5P@q3=S z(kKq2J)S;D1hRNGP#834qDmp7gaY}Y8PE^HL(W9{tV=CI6q_Q^n&))8_@@sG-uGS) zT&tty@;}IaU7S%9x5J|~gH8TWSYS!I6kY%ut4RG_qYc;E!PIryc}PU1||O5X)fG|FVZ3D8pFk*7_w@vnPMcK@eDafglt zw~VvZix%Lo&d}eco?gA@2Qe=FM%oA2!c_X{=s#)XLl^X!#4t>*>G|vP`+`PNhmsAJ zOH5L+G}0);Zvtum!^UG6V(M$iXWj^`0CO706M=^`UwqK)`OI%Ez(13Q;7*(X9Q1$< zoA5cj`DczvwBX_wo&o(n!88Kx$C&S-Iy4LYB~AVr*L9>-G4u~4%onICproFnx%~y} zj~5U!B*naU59hwzD@hH~(vORCEpkd;vvl=a$L#BF*b7S`IwX&)>1quBuws-*l;nQ< z8G_zCAz>NNkW<<;?z#!Zpmu*dI!beT{$(All;+*`UUw7q;L&peXWvyGu!{$-EN?eS zA#llZ0O?`A8B66nZQ|m5e*ArX!00-X@^C zrsU_$)KS7u_t#+TK|74Q%GjOn^xy%sy$f%vH*Bn)4~wG+K1l>Nd*FU>Sk;U}XNBmy zvv6vW&=d^&7eR;{`J3|bE72*5Bs?l91qBM09%bYiVZ?3C&#mWgUw!wcj2$$8bK7-T?~j`5AI=nAD_w^rtizB^lxLr{ZI&lT8XMXxr~K~eJ4j69dpAl| zY})Cfkozxs)b2!?sY1h8E9qUMw6a?z9+wP2S>~F~gyKqcuyuxn{f=R09xNm9kun`N z=yeB84e6ic2_#U1KOp3vG?^pQXl|B^Amh6KX zLd|cF7;Gjw%02L^ucoqkE2owTGYmT)IQCEZ`hmoeEkwi^81> zYw6`JP_~_>*cR5fZ1ua+uoWm^?mJ3??xogfG)edpaPA&tXFzKgT=Vpy^WI)tZRi$C zux=gqjZfd4*X4C9jRR_uxA51+REk&XuZchv^9SYX2mW-Msvf%k&mG}wH z4$Jc$080poj+Bw945+GFe;A*u{~-KZJg=whTm17K?o7{nQOjO`c)1wzcND)6d^xm! zRR5G!!GSL3X^3)AFRGlbH=*@IR$ua0T(A4b(_hoSUY>aBEUA{V@QPd#3x<|}o%rpP zX&giCl0RHO{$svif=qmSf#h1?7mnr#{y-uLTsl$)i|zmAoBqY&qXE??efGn4flk}- z+|6q#;KqC`x9hk@VXCjHr=|YYPYNM1$21O@{W^O603oSPX(ha~X2^{Ax;=QYnWxLZ z;;6&;r(Hrj2}B?FZN&PASfiOjN=6|6eROOoqy#rp3VjT5vtl`tvbb2^MS76JWx!UV zU6wdSX2f|mmszuZ*!fZ1*uVD|M_zN|dNh63{F}(B`T7k_Z^)zH=+()?^Kh_ZwKBYATX;wOHe$MD6!S?&=ruV!UGQJllxa z*+*YQ>H4>o4DPLq5%@1aXOyW1S{8#0uZ39WG(bM&K&6EWjBd;a@Rxc4z6GN7v5~Ix zpQ>lIaLF>@es0JhhyEnT4y&N)?WMO$Y=tcY_?BrP+j1G)>}rDmGFnaa^dxl>RX+m<>POL#%+HkhEm9C9fbFZ+cR6X-t$6g<~CVsTQ>=~ze%5$ zX`*L>^zW_VkUi~wpF#<%PqTo2%=|#Lbk|4m2=+E~pWEG+-P8vCEX=g*h3DtB$AP$s ztJA+?jXMdV3G$%4Nvl1CVyifNjgNX(+H4aj+sIV=pudcUp<n2{z1>$r-J~K4 z=QL*iPfT%Az5(xmA!Pck$28~Lu-+5pENJ%#gPA4K}#cVvFsMyzO9|uV6`H2VmoR}>JVW++Vl^YL($VDeNyRV@DX+ra z_&P>Ds{5Fcz!*s9lD<3OuWpR$Q?(3@N@LtHZ|wSp-?I;o&Lh4PJT7ccM&7S40$%cd z?j6eOJrsTn__w>XpP*~Ly3lzv-P8REg|VN3$Ec`fig2&;@xdQgrop(TUH^@}_YR6G z>h=Xy6jTI61O!Ax6hxv(kk}%ULlaaaHaQ2$nN|^yoO5V$kR;IL&>|Tm=h#S24Kz*Y zh7Pas`|iD8&AeMRZ)U1yUfuf-RrKCxpR?Cq=j^?HYpvgUkGPhijce^OM%FwWSWlJH z$(o^s%0@^QyaUzue+lZU^>r@|njnB8K_95ZZc27&AA)Q;l={C@3nd<(YNmoc>>A$* zW0!oK2`%6R$unk8R`=e^|aac`)1ffPaRLZs)T41gJzAO1<8WW9( zS{#;xP!?N1n4?sMr;NtPlQZ~PF4c`n+AM_(!ALYswywWQTFaZi*;U1w#S&K|{gu%f zJLwq`T%0-g>#uC$0d5A&AN5yIDBxCPzP4ufRo9da zxCEi~#}tc)!yNluoqfW)lEIBHr7SOqw_QE+@viHMlz)&^k?B!xH`n^E!t}JS*wL>^ z|Hrz3j%SsBLRi_|&A^%Yo++lS?JwOce9J4kYAzpSb$y=EyG3r|Q_ir{ny(pkgDb0H z4{T*pM{4iGMOE;}y)+dv`R#qZEULX{C|L&mr~6?2T+iN-~IC=)6}ns@en1SVj?I1C-fc( zaY}?z82!oFi=CmfJM0E3Jz~#6d6-~$&%ImS8CAkSx&Tl2uCN?>OaG#1WB#e%uKh^8 z!o7N)zE2grq*rC$bG+?Y1%+@Xk&;MN6V;BCe#t(TVmrU#uJIS?i^gyLc#)+S|2Qif zXd9dJgQgk$o-nE+Uk8TQ?*fQd5$@l{S*G!taO>6n-tk%Kim38Lnsh$>*dr#I^;%AU zlAv6JN0iOxi%^I-;xhDG_5>Qvhdg@!1heq6oK17Arn?NqnJ%K)VNUw{OiBG-8BH$E z$*oOiM_L{7@(O>XK7_k=S9-3R})JglgBT{AW@rO@K)KTd1rMx5xE`@Km-6(z{vaP*fh z5eRz==H~xK47O`Ti51hdt+3m`L8r(=nHJmnkEVi7sz?*_u zino60%B<^{Di6fTQVUOPogvf%t=Rt#vp|@EfZ5fO6--a>mDpQXKR4aPqK4{@x*k{M zXFrp-XO6V`jvs=6lhceKXY_N29|k-iaJt#3P??smR2hteZEs7>Y4Z@ML`cj-5m zBb~|zQW9khQ4rLhqM59m2Tu0j)X$Oe<9JI&q}#JknxOj>1uY(gqRvUaxW=I7#9!2Ex|W5JDuR*=ZOK z3x8Rd3g@DD(X54Xx;nZrrCG2|CHwaA>8C-k$f7Hk-yV8sR8?d#tJ|YziS?+K**y=3 z-!Nhn@}`yAcAmF%S_r6@?4h`wnY^^ZSEy@EHTnomW!UBJa&;kC=p>{|VODwc{5jJv zx(wDop{szl_mG#Kik+R>D^u916Oq#+7zjv$otYr{bWiRugJv4@12}RZu7}rIcf% zf~#s$fDL6dpLNO}qHNBUZ*a;Yz;4*$703JU^1$OrZTS!}yt7u(2Fn&z>@^(|U>lDq z>OVJk1rQIyHtG8ptYxLxq@~dsw0Pvz?J8>437R!Wv4_ zYr5wyzTIQ9L;HYjILt> zQYnuV+{`z~S}P}hYG7jckMhMUFsf?;cH_u8NzaoXcTH`wq2$o{%%fSn1Z`|>(huAW z4a3T@(S5N&c7bMZDqYlmv1bUXA_T}4!rDI{OVHqoT-NKs2}aIM{1K3zoRyvfmFhVF zz3su7p*f!)y0nu_vTl&vOh*ysU4}*~{4wNW2&Td@`2HCa%Z^lQ@yl5&A4D|={uj@Qjwdh{=8WxR$A!dJT ze&vpL4@qq5+Au9s94^RJAAKJMZbBaYxNHAiefFBJgKA5;4L*OS=Fa$_@tEda&Ukjz z8Uy$YO~c?llh8hMSxC}OLqNXbqssoDH~G7hVN&}kMNe=_q!I}SA&)-LHB57T)ipO? zf1vhb+F+$H%w<5akKU3`m&f2Bg#ANeDq(#1AvaHRtzCY4=eTIQLJh7nG3d?234OJR zDrp0?>JRQ3LiS4Mu7ZUMaI!$_dex7X6WH`9!GTc4@0j4QWd*yS; zw~@aV!Q}B25aaYRcNTAR9tZ!`ea$p(`f9(xIbI|aazZ_5yyAH$w^T)0S;!3=#X}+L zZ+`+~7yN^@-IL)g&pkWM)(*NQa)J}MMx>C_J zcs@{l9ox+(5;2ZE%%Sm)vd30GB z-K4q_5r~k&7m;`TAQ)bidVW38{A2?rh%-8>cY6N;A=Damluo-^zYehIOeJ?_)3paD z#?2Cj%}sV*k$VY+1AJAxv|YAd^QhjOtt8)B?;@Kb|03(9VTQas)!fMYO)k!j%7y*+ zW!g2_nEb9fiM(B#$j~=WM8Y1dt0a>=>kE6NJOEqEUI#G+)W+mw=Nmanw8W1 zv}*js(yIso{9kHmzJdT|_C?$Nb~-G_S8Npk%)=8naW?6U=9HqK5n|Jl{Wc{Yb21Ukb(tY ztA^u|O58bHUo{56eL?2=wE%m@S%th71$eCNwZcte;Y|^^r(}l5pvPtxQ+Z+UkV*kD z0QH-c>##KRPY~0{fidc^5V)#XK@aPRQBDi#THw#q`+V(r_twA5=`PdT6^3$^CUA3iKj zY<}F+a9K%|7JQ-p0t`K>GEGUPZ?<$T#t095R*f4E50$sT7}Ld5B+b1j+zv?485si| zixeN_ZQ6ZZQeJg);Kh)HzQ`2BL~+hHTiK!Ect7gwR6beVQ8;T}JvH;A^N(7?Igq$) z3%6)l4PjsaSFtjoS**C3kg&Ap5XYn-PjiPOad5dqwc-Q*L?D_h@5u>m-{IBKCLzY|W7pctzd4rAQd~{k zg*Mt?Q^8)##PcLVyy6wXXLkfVBBYItEMHO#Z^EBxdmr{HLa#+1Gn8s2?p@V|*el%Y29;>vwHDx_3(_S8_g1olt zH>#9fep1YQCxmqXqghEas+JHEAPmp+V8`H!3d`@fr*I#x=?|+mLo>!z;ywt{{ zsu)0h$1G|66I0b6V(CEA>kigRjN#D_n*_<`qbWQz14RD&k^aAsQlh{UewTF>v5j<> z&F~k4S@JA?@m+S6*IFD9$6IGNriL@>a4Cr&yme+z5aJ_x7$+OQM17D4e)N2s%=ynXB`~VOPLv?o_RMZuwUW1Mp?b;+i%i)BYjtccvsJA=IUkU?Ei>FPGNkUHDWYv`b3aN$K&dy z8ESg=+#~i{Nmb=Z=F6`heFzp*ax|G6gPJW+Uow-|PY(Z&z9B};qfc8x?15vkZt|C+ znVpOU{-f{XFK!C|GLU;mVDG>5y*~NhH~qgOUd41FTRH>3;|bS3&cb1cLt}{WqMeI3 zZf7btn8o{>L(`g^H!)7fYC)v=Gc2u=u0LY)82h#BH95~~nc#u$I4S|8Q5>azMJ$Eb zjW$C+(+DY@&pbvD8istxNtec+<>f7ChOBy!6oYC#mqi^kuVn`!5R3KqCC(U-~jV&$WqP z?5HiY?rmhd)N}90=YQ!t^Nr!%zvyh&Ckngx*koADAG6zU`f`%=d@amV9+GC?PGus-S)twebQis7ewKE>pWE0tglFFN#p^~SX~ z{ABTtO`MuU`wR$ak4?3@KU?rziGc1_^^Z30I4Xqk)o?F3k5Ra8Ai(UH@~-f$p)n$F z_^bUz7e{ZLw_}#9Jg;1P5XF?RQAI>m;q#79Q?IwsB$BF{({Xg^ER(qQal81@Sdol! zqaumy5LIk%L8YgD058(USLILvUP{E@_>N^o3AvK4N5ohR-!FLFxE8Vgw+FJ0caPoc zY#DM2?>>C)old}=hbSKHRu64&wvNXt4=3u`$E+7v6>HBgQS1gr?B znu)!o>c4L7K#n^S1b&b}FOeKMrZjsVD&j?mpW_lxX07M$h`bds;Z4x(@NNtKe#3MQ zbeqw3I2Ah{sG`pe!yZD91o{tX7?g*b1wOO-sfcGnf9&O_UFI^=sWl{^-ho>1YjPU< zfQcP~H_mYiFw1OsxC3sD9PR%u5q_S$n{_`!T#)}bHN1{)wD@6t_SL{STCyh%G9)xk ztQj}IFe$0m8#t-Q68lio|96M~o#nuxmab3;@fTY_cQaYfx{O)1xJ~BU*Dge!kqyWI zap#JSD<`l6EylVLEg(QPS6esmJ;+oQUq@HgaI)j|+SFh7RHyewIcSo+$v@ZTKXj4&txN@o0_dB~Yp@j*j5}Wyb=pMOdGDBl&9RBg}6- zrB~3aZ%nu?9|x?hjG|lV4I>)s$z9X$+9KgQw-y&dJ2=W(eOXBNj_o+nYlpW zA)T~jgFDxL#^YkoPof9O+9;kpoiBg+w3nGN`5XDx+uQT%Uw$D%17hd1KZn#ut6ls5 zSBF%AF^Qn2GEW^vV_W-tdcjkK967l!PVL_49@3?84=3j4u^w;d&^gpYql z6_U-lHdN*V%PvsvRh#2$d<{ID%kL228p5%Sbmxb-*$>7gE5M5{E$WLrD7_`0_|_jV)@VQ;GY$Q6_#V|S=;hsG2JxC@V$nYghxJ$UR$%age1IoH^_=8 zd2dtKj&Ikjh46`8eI=!8TosMacv@FS1x>Q4p*^p|Mqh{VzD5nyeR6+1l%0{~_9x=rTD z0v11(cH&FopNMX7_|p?{=3hH7o`&yAX*=<6ZQz4@#xR{YyFe75b+Xf3dSUrvTr7g^ zxYu35w^DCGB0I~?rA5N&;apZ6Dd!$H5{WmD?6{k$^6Go@y~=a^&rP$v#FRN!?LZ)kRSkwh1{o?dr+1HV-3JM@LeF7{=$ z=jbx0cPym#=g!pXR-yF#@)NpaopX?9b|6|@gnaB5IiE_{M_7DFXs29cUQ8H|99L=m zqXMJg!Cc-v&dzG>Dj*hQ%<{xVZe^N>WQ^wQRq!LoWxNDSkw;Fo(z1;MVW{2l>`QI)N zf3C`XKL@f0*WlL3$7cz;BuWAu8oBiHyPr3PKhuTl{<|-5Gx;`I(B$nGdX`3HnKEPq zB-&+cKxAabGE~-ZtzpPoDx~B4q{7B&vDOu~P zSGk_8R-xS2qw1A;>o!d7`nQOkM5eVDUM8>V@5uD?Tar$3h%9!pi=f=}#`&Dg0IPCR zK#3mr-_bX&7wc^+yX84|RUTGljG3E!It3RvrwnPxvC#OfSY^K2~dFwI~gm;y7S4TvILbG1Mp67_mOPTBC6~n z@sEWRs_zv0TPUX)$u8S)$JoV(+$mFfrU4G+BQ8{_#9<{D6|`f#5e% zidgT4sBdOuKpu6tk+nS*@>sUmPtbL$9l@KGn@>(b#b^TmggWKMox$f`l? zoNtrF8VC&$2!WLPXcgT9fY-7Kafh+i$oxqpSh!|w?C)&znVNj~3wdPLwRH#tL}eLA z-^f~p(ub!f{dC!U6(+A5nXvnPHYbYu7-<2(53x7-EDcmayacVCs-3OUNZ_jG#J z2Q6Z;>hpv-tM`3N?ngn{`SQ``>Wx)R)!J?5z+BE{eVS-5%c0BkBp)rf`o7cTa++|w zeB*`R~F3!4Mq0j6$NEFW8l!Ru?K%I;1)!j9F=J3otzQJTTJrCBn$N0{w?=7EDu; z$+$aNKy3Py)Sp8@Z%aHiq$BnQCFesL7R?HkWNzreYl)CHKgW*i8RJG(wQS|?kzvrf zp7#skvNKkp^$&|ph->d$%&vDF`D^5^Q~8Y^qW*lc#g*-W2NQEjy>oK@LuC+x)wJdl zA^)NT=!?bvKj{W+7cm6s*=&&(sH-UST>S3Z_pvIVxii#zrt=0%9xabhb(te?a|5CU#4$>~@OsAVKb?*3U&b(I)M!^A%#)T6q=ml=3YFRtz@p~_5dM(95woth z87aP>wZm>Gf2i??0qdPz2=S7GOh<$KPbnB*M*&WrvWPtxTPxhCt_KLLa*`y@3%Cit ziY(;z!;&MfxqdOl|B;Ak``|w@h`OoxY`8bDSF2zoz86RgAFSam2KguOk)8`lvG}yv z?XPHKij>)DESx_k9)1nrw%K4j5(&{vlDPbH?g{)^bT7Fits-+3#@WU5+x(|QrfyU+ zFD!8*t$S2(t@kQ{Rs#MZQJ{(t@X`uUw)ORUbheoxQ81$}HK9cmX| z-19=WBQ<@m_e+=dtNQ<;`ZK>=09)1Wr?41|_Og1=%ghvXJ!#FT(&fQg!rN%gq1%h@ z#oe9)pZViO{jfYC#n`@lux)Ezv%~~{EGQq^aYxz7K-lTwIscowl%1F}b0*PRY}`t; zsh%&FC353WvOr3fX5CONZ8yldh`f#_fb#d=j-fm2PcrL3r2#HYDHdrwAOC%^Z`YvV zj<)SuD{Pk0iCLOqiX|HmqF|GI!cz&NYp_g$;XGy^M0EEF&swqB+wOY}`D}L30J(LI?ZHU*KejLe?zjS+ zpXS(@lDRsih&y)lI9%;~>_;(5jP#Hn0uY+j?0P5;H!}Sa3)C{cbBs!RyXZSa(*QnK zUgG(^zdMz7>g{6aFxy|zA7~SI&2A)Z&{>9AwXmj&bv5Pp7pt zKClUUGc&?>Y>u5|wF?ZJ_f1UOW{m6aQ+1=@h0op2oUh+V+p4N`mVx-)6rvotK&Is% zcz@vFvSYCmkVXqjXN&)uv!J=F`C)m+?CSZdoaBy}6RX~kL@}sVzMFldvwW_bGP2^l zP`@{>qcXXQaF*t`EKR*+;%6xW zX*%Sr!x)~H*si^Gn>^93fY~*x46xR)ja)=;fgZdy>_SdKdaNk*y*~6QFj?s*u%-B< zT5Phf%!ct_>bDcMk&7v-=U(0`U})^EKY4WPr+{8$s)iXCZ&-bkb&!KVdCPT@AHNfG zE$+^Q_CMNlNX*BOP9>4KQQ^kp8no+Ldf2WPxyaX=!)a=EEszGs$My)h!snVb&1G` z=!UNdofVxENJp!nvqx3UVh!!Cx0EnPV1z{hUSh9Go=ux#8H)>6olNwpql!9o)z2AY4g}O1^#syG6xW39(_BAbpg2iPY zE$+1ZhEd$Tl-*>E7&Lk%v*+g_{0CuridW|pe1afM!7x0kU+N-*UCc2F?wnRPzM4F&-sqqo>w4Xwcv(uUqmM17Y#$D?F(Ms z#7=q&>!jS?uwd7Exb%1SO~dlby75*;$eP~Hcu(R~Tg1Kn?~k7p7GK94xQ|`pQ4$=- z6K8vtpl=)d<6=Kn9Q!O~_OfWDqTtbL?(^No*_=1+wvO10o_z>Q6B*F#V8}#d&Q8n! z(aIJ0gxYNn?HeNpvvXj))`+{72iuuZm9*-pt2p6J;#G|T5 zfK-QEAG`ck)foj`uY=Xyo&23mXl6eKP*`Ku67w-=T0p8jusVQV2rtpYqP%EV{roIx zsE;e6;G%p3bLlL8`xw}Q=j6DnHMO*;SpnWY9#VdeUyirt;R^p_WjgY8oeZ+M=W&qJ zMPP)-F~$|wM-tqy6)OObKyLyY!%~;eG91 zP+cG04%yKs>l2^4jBd*scGcyFj%9ouNaATvURS    +nPMIgkU#tLPr}#PtyWZpxpOq=5zfx{0%RZYm;>;eO?6 z$Srg0%uSEoOS?wuR*j|R#fYK*>>@*i<9I07w%fGvO4mhPr-d14Lri^=Xa1*x z29s4;zTDsLM0bV%A0J!De~{*Oo;k4=7!B^rkQ9nrY_ERkqo!yHmaqVZg#mtue=To5 zd^YO=@f+n@M@$wsi^(Nk7|xTrwmiB%Wm6;HODd#oOKYE%LASp{555J?s`iE+G%^$L zV5wJn4z1U^lV!O+&b6$k+TIbj%m1bS{`xVxP%zMr%{1D`EXCy;R&?s}^uI~*Wr2yz z4TZ`C<#Lj>jGaqQzWf!}wKbRV@YjlL=VDWz4+q`;V@|}q{;Bmp=Gs8{>K_uMiyzW> zaq~&U?mws6^KWAl4-5a31(K2@aBzKtS=z*xBxw|_jx z>OWRM8gpNW7|7VuI_Q?w?85x%{;iv;Nj2P0A;j~A664HN17*BNIZ5}8q~8Cn~Pl7beki{Hl43RI)I zQGdY|YsZ7~KbJBd_x@WOl59)bX6GM){J(`(hI&_EN~Y-Zdua~OSkBgW8pZIPf}T?R zSd4i0^pZ?2i6w*8thn2~IBwbNvD^N%;V^k-KS6_^EWzE0aPR&y=(#Wj%+Q zgzvVc4eYoR5g1Znss2bQHvjJwpgaDwt1vw79RVLt7m=9uxz3kFP2oh1x$Chq^_MJ4 z_Hh)9og}3Mv*G$7NhRW{eZKMOS6M)~Vq#7$Adf7iY=gLY5CgY;0z4?lHXl3r-l$~< z{+$IgIQl^zQZ^ib2?*(t=>JYjs41PanlBj*7x2+ojvM(Tc;zs7-6!PH8R^+8BzTBnvMSsU3 z+Wf@eW{bMw4Zz^Hd6AoJvP1U=B87&LmQxGvxlE4D(g5M#aGnA^hsG2-Lo@1BVyuDR z{=Cap6&x2ygiV!*&=8+$>XGMct#tE%aDFyv%F+_W&yw3_;FI-2QA*KOBY&QWJMRlj zu}$ZDO1Z*5Wd+Y8Q-CM#>p@j$ywB~Q;Kq;38RJbJD)X#~&$&x9sd7&|d z*>E8s-eCmu|`D~(<36o%w!k8zal78nZ@HRiVOC3Yjf?LoJm!-H(<|3(;ind z7wIT!kqreih`4^J8q$aWp+IvW1lT*QOFr;c>WZqChsE4T?MqP-_6cM~B+&yrbv!1v z$3CDoKHkDn!)zZ$%#PH&aCS`KEphwBg_${N4y_@3uzi2;17h&S?07MB{$~G(O-Z?& zqwflnH8D*=I4#CU{WW57vKD&Nn&8ih1LA8zVIV3Y^TWFtD$)DGpw5bTMj@NGTzI!B zq{s(%mVSuQR$*?GSm=8_dm(RhOz>7M04@hU8-r}_g9$#1x3>rZXVz_h$VXEwGkSs7 z?Nj}}jH=B$b!R{q+~>Zx9#86xh)OtV@*-O7_4@97SHvbQouP^g@v1weO}xP2qmgU$ zhFS0%7()1d$jzn?E2o>!Smj4s4MSHzD7b^Yy|Rk$FCjt=uI1{ABLaN!=;QdQzQ68s zV$My{5#H4Qk&Jhm`;U*TlctHo;uiO6Zjs7-2kz5;*Li>E3&B?fN=gh2|JuW1d$N)L zIE;e1+BH={xgd@wDI)y!J5Hi2=^s!671dRV9wX1;&uyf^7q1A>{XWb}44O0q|IVKR zQAuKN;|`}_Im-T6(?&$?T>TK$G7%#QWeo>oyDzsm^_Ojm!!g1XOv1NX9`%2`^8DVd zE#I7gkW};I<#GVQi-3b-==5wjd488D^EP~)1cCjuWa=UKUCX1G0IK!=HL0`NDPVqv z$E+x1DfzS`E^gBUMqu_^LXOrE#qhFw%R(9fjtv#Vdj>>bzP_c-S(0>uT{-r7dUae~NNQAr zm?Tj}e6sRdI?IMj}#pVP~3 zyJ#xAR9yM{n+;wxt_GLn$6FU!m69^~2f@#&eKEH5g}ZSA-);Z!^xGXhNZ3w~$_Zth z_xOW!N@mY_JIww!fZy3IUGs!@ji(Uc^(}elZI*^<6X?;X^4M!Ox#8bBFSZ&(riu-m zeJ6D+M}!?0yVM?SeXJkO3;HeQI?N2=igwXFH8CGr(-vj+*{xKHu}5qa@{~7jD_!gb zyanU_XUp`kH-#DQsSl=e0VmJJHnXS%x*r)SKg>S}qzAo`_dmK`Cco2!~)3@U=W8kMoIEzyePaCCUuwoBaIe#eRbqu}D@zzdt z(BKO}dnMjWS2@=n(Y5G{H8ZpGcG zA86|RzX?tN#O(#iywg|1o$^Bh3=Gr(@6JIN-eJ%X7%}oF>b4tp%Z+tXDCdzQBHX=l z2d&o)PqM^j;IXc{<`W4G3M{EyJ-*%97x5iHZbx<&L zQ?pB$<@tvTRDp1)PcZgH?f_sm(sMLA7jE|o+zEYVk3v9c=*uO!CL!$nbCY0C<7r!q zhf$%0fJ&%Lalutfq1`)dXK%nxVM!M1f72<0@p0ZkH}{|HhP(ffW9e)CxRuZF7h*tw zH^nOE*=DPv#okI(#+*On&LJ0X zA?{=@ssDI{I@m9sQuK%|yoI!Ezq9<}1_;ozM|E zrUCaj6CplX>|Eyjm?Y1S!;(=~fe5QrmCeXa9WD1wzoD4OyH59P&i$`);W4j#X4l z#4=TVFvFf-1M9uX+>2h*>b|dhj>;penhXc|TD`wXu3^59)^x16_O2d6VX#u6Vm43o z90k0T-pD-nn|1Ez(bDI|5N?BNhiZlFo*P9BA(qx8@fEK4i{w^U0f5jGgyWd1$ckdP z6LgC`4G*g!XnPZEv9p97G{*vSKr7_-Hl{F>uzrRDF%v*fRsgLrBaQQ++S|@hM&&RN z`gxHwJ2CyAA6>Iug7mum6QU~X{LXrYv=D*Q`p*?TZc#v)FVS6bVH#L3S%tj^ zb3WbFj_$odTXh0Z3y(k&TZze2M3jtEE};l|rtErFzf2P0mHk=_SbmjpY{5m5aNb7c zuK+=JaJa_L_%|W8(hk42+nN!gq|U6w2*1efd@$GjH)UAzqWpGOyt&i5``Mqg=C&?) zfJI=!p@82R9&Zuqg{ppuYS>>lBoq$~YUj}B4!kIH9@Doe#mxu5$hUfOqegAi#I_#C zYHt`>cLn<$uJ#@sjR8jN@=#=2Yvp0%FwnVHugq% zJEb_cMvPI9;rea`!f{W6FpfW6?gk@xE>fl(B?+z>-laYVm_iKdw@R1SH36@z*OMp! zhs9n!VVDEb^KEL@xd-=>oX%rgeT28U9{QIEAm?ue|6dc1g_P-*c;yB|q#wIS`EOgy zOnxn;yx_zIqIqGg^(x%y4wR_6XM-Uo%6|_WpZxQ!;KJM>E+GjE_<|omY`ZA8VgF?8 ze6fk%50B#ToQlBh@uZgd>G3nfLFmLEki;~{Zl~vWt;wE_aR2|%@vO6|?sRO+E=fX&|hH?Wq z1?;BzSuDGlg(Lm3xh$xP7R+g8`j;@iv*$1|Ym&Qst05rt6~CP{_;^**UM*LK>$0Mt z>AEYtRk69{6uaWkxYxL|b#dTSjLRHO?}>X*rKJsWqb+-B6F(VZj~h&ZvwE2)bPyQ9 z%BI9q#0f5{jm7ssS}cjJ3_gU%}eq(Ynak6!4sM0N~sD;hOOyneEu#n|_Z1kXi))P=9@T*aSOyoMM5fOaTJ>%zqFdD4QR7Qvz3 z9mOia#U}ve&66rnQ%cXn%%15qDNIPzm=;zUj3L>okZ@vUf#Q!H{bi^C zhx{VU{i)bdRd%W2#3Rbb=e#XP0=mQ$4ongbM%-uM5XbLBKsb6`#A>IkZj#jNH%C;q z3k=LVhRg}^7ejvKJ9ymVGrrGNZrcYfK1$#N2l6(o-pPEMY-aj+4u0C&qPWc<4Cg0W zDOAIbV4vbMIz3m7vlSM{EMg|Nj}Q{e=9b~TU5qu}(~-qug85$g1@y4rtLN!S+;XfV zMP_w0J(U@=mbhHiJ_jG{Ibpf1CTcF>cU;23wZ)x@owi7;`$*SES z#l->4x314U1-Yb^bh9)lR@H(TxS15GYi6=?A3Q(osd^Vt*DQutkg_G%*2Vk{g;@bI zzR9(Utkj4?Pl({R-^isOSH^|dS&7MPp3JHB=+dQ&SJgo8ah29QtPo?Ol3)FNtvXZ4 zpRGUD%wWs9^&+Rfs!nI_$0D5*0-SkSG3+RlXvZr(D!TZpjiZQ^4f!6A4T9e?X}jI) z%{;QK!;}JK?dS|_r44aOQ2?KV5(Oet$*UF0hzi!?DKOs#noDE|=GVnAe@p9p#exUO zdhm@Sgk#xf89f1;MZa$r@!UqNn(KC1XzypG*Gf z;2V~uH+Uoe0I5-ugkV&YWm#}KM_|pa0u-ZX2?k(-xZl!GLN<8b&%+Yycd`%+`T8;w z0Br#nw8gRCAs93vOCYU>v~aJ)BAo1P-4@lHe8IMH zhyPwPO6>?wLOIMKW0v!nm(TKi>}6GUqqMocolL}#eD4rNDz}I53XEQ~=^iLQkSo$tdEE+-|&FSgQ5eSMpY=C_p$#kn+dRHmVy1nd!->HqSS`d4inygC?NIW+peK6a% zzbxDB-HLLP-IF4&mHe`&nopkqp^198j?v0@h$ya>Q3{!Yh6U^|ox+;#-ai2|kN5@; zYz!4=6tnnyvH;cY13s@I0Dy|Gh5)m}fnm6l-2RGs3CI!V`ZT(~f_wC&OS?@hdj!bj z@PpdEexwV!eAtg7YfH-Ql;f2HN*>=e=ojHDlz5R6DRFq+pLqm}Z7dAi`q3UWY`n_HsW~KBWhZ?gpq`=v+%VPwjNHIPojace ziQ$#*I6r&Lm-+BwJw$op-5V0m-(?bRNVtO|0Gob@ueNTMysL%$!hZ^%FKg~eyZWpQE4Pv=zrcdN=>HS5n8_HUzKHK?EdXSrnbGAje zW2EV%_Y8!pZcjMLivw0Hv2UH6IOMyF5YG(1E#T_`pb99Lk|KN+t zvs8iUPtwiuHtPEiQSXNm1Ge6ffPQT*T@q1fD z1G+E{cJ?l{bK;xrkmN}o4Nxq`7Lg0|KaBG=CHUxz+ujGqbjpnq9WWG(Eu%_jt6d9( z`ml8df%pf0N7Vj@D?8TWXI7?}Mh%UVp-8Kf+h4Sj>gYxK<#oUnHa?fYI*f9h7@lc84CbN}`Up@=OiCqT;g z_Kr1MeI7T#cL{QYG?h}D()X%KOv=;uMMhcWQi$Z8B3h#SAu?c|!30F(ocOVu{$bhe zIl3IvNYTVr58jRN65M8t{HQ#o)Q6pf2_|^`HOYgYe&N$8A{mJ~-qv_^%m@^vCcfpN zX1Ik1t#rpwl5I}_@EN{`z1U~PT2T9l8M|8<^c-0Y6Em54xHbpH_HgpK9VFQP0a!fT z%g*|N$yi*?)*B`xA4&W%dV`BuFkYL0)}DizWu1Wa^|IH3vLmYFN>wc%P9XQ!mvqt(*}jbnbxU-#8D4DagL;CZNO2)3rf!kU8d@ek-Ef2Z)1y(NzP zPtUgX|D=VmapGa{KiGQ{c&OgL|39guEJ+KINy^e<&5~^@l|m_sWSK-LTgtwjR7epL zl4U}uEJN08lXWcFW9$=y!C;JS%zFN3d_Ld1?*IS)`~U9W@4kQk-*SH+9>sOeb*^(= z=Q`&)*Y$os->>6)SjWZ5RozZ0u$1Oga&UE>Skq~9L-f<%Wr!3_?lbSKV!R3vb!i6E zG<_DMb@)@g7HC&*JJfHNJs23a?e3>SVMO(XR9x_`*NX`so@QtVkfDg}`&r2s*+L4v ztZmiSP*e%?g`{DMf#Y%v&yrNc@DE%#dcU|w#Ke4;kW44DvTEsLkkd`L;f|(s$}=Hw zCNt5Y>%zUS8C4cP1o>dhPnt*XR=bh~4=l~UHe+xsVW>Jdwzh;j4CrL=n<8}3Vw7IeSC(n}cb;8&g<$I84JQ!ka)m#>nw&;W&K&k>xkR-H*6b}n z2jXjG_>R=B5Rh43kc`GkJRFxvN7MVgh{nQ@2Ts86BuLCHlr?;4abAazjBVXfMi}** zftJrY%S)Kvdqy@tKV4tIy4nugV@xG)<})>xV#FWu*mBz$*H6>$TUqWuFFw#+$3qdl zx6w`htvc%J@6!)oZ*EHqJuNu(& zJbwK*0IGF<@GZWf&V!zo-n1Ds^Ogdbz2f(6*aZ5^mjxTQ>DRJGOi`{K_Nh zr0Mig^_Fvu>$oZY5MZGYlkGTPjLqZ+*6UVM`2(8ph_=<-vhkPF?!u7D=yd3d<$U2Sw9+Xp(#GoeQemi1uh zR$Gmd(U3yQ%&wVVN6YB>lbk=@E;WQ@6naAnA%x)T8~P~U7r74XK4=T6gIu(y{iO~9 znPAHRcP{}K(b?&hK60q;yM-V5>95fqj0@Y;MVbKuRX1?#_^Zm>4~%^`BzLI8EXx9a;Mcf=-c~C3? zNce~8tUmKG=I7di*ZcyEC(`n~wjHzC(Esoit4khJv8yVsK06IRBz;!s7L$(ay}~GJ z)bR8P?HcfDKTVhx6mGbvKBU)be87CkSj0HX;GQ9TzOuF5eHMFFc^}9m2XVsB#4oAJ z+J0LpMQ8M4Z`Ju%juNX#8E}io5wjHw<;PQ`=aQ7f9;F^(*Te46>=ZSw`t) zj%1PnRw1%$uc<||Dg*t+3-wxUcDwp{^lFsXI0jBrh|ple0z4WD}AcQbxb6&|+zXOWG68ZLR zvd&xpdNJXn5da7oS+qyNrC37?Hg+o<$H$hJxx7-&6t$#`%{Wl3jNfM+K?>s+$ z<)2bDkbuvBv?$N^j(g~ea6WI4!vYdN-_|t|QW}_ZTY9N3AYt{A7dTm6>CalhYI*bYZa@^>13m<@;3bzvDitjQJy>z2l@XBX-1Whrw=wI( z`qoO`&$p=;8#}0bZ+->wRC5lJHy4~7t%s!4!8$S2W`O~K8inW3v_3@Fuw9J0p)vC@ zx>B21)Kh)6bnzo+TyE*;%XV#g#VO~(Qz=^p-YwUDdwXS^;aWi5=ROCSGkZ-D2Up?@ z%nj-DXt*UAlH2IavU-86R!bbsXNfrIvc6L|`G;L6-&I1j>V!U%Ib)Vmrk)a6_eTF@ zjrP#x>{mB8HJSW$lK(^Kh7Wu0Pf?r;ZQK43ubFyy()Mqm8}&{x8_EZ6?3GTI>T4-^ zKD<=0?@5zwM~8C$A%o*t?4t0y;E%eFoPU&5Qdi#ahcb^?F7F>2Py>9#eShTjEmHZj zh8j8Mf8?F%8vOo8LG$_lvrc;X2d>GXbFRfC{83G7@FLG0Y1jw1?+u8}MwJEL!dvsU z?sGbP?=u8weLMMcjbOe}JLy-8Z2z+&g^Y*CBK7C1?$)5I>i$FGoKa@QcYc%aW`5spvl0 zYuZWaV2W8XL*boEttSl~bD8SCBETI+GHEy#`J>FRwaAKcM5JbC$wCdFeF-B;XLnx8Vp4$mS~zG96oi%s4`@R#=y537q5z9YsjW!uZB(d6Dp-}9_o|6^}Ifd<+cx^umN6_^4{Zr0$sFXLR z`MD*7U)T}3Js)Z`dx8%B@+}SQNt{jrhSOIsG0a_=O3lVf;GIPOIlmpQHjhs)eM-M% z#cQ|vyd`OS;w7^a`=tO6O~a}1EVs}lvTe-p^tK-F&O>d378RyJjzQblSpw(5q|moJ zVv~ez^?D|5-&aOhRhXWI0~J&12P!bPa-Dcei`_yGK0q;hXdf-w(2`jxK&4FO+xd=T zZSzW{5AJ_}#7a$vV5LxJLn=-zdx>Yr)*He9cNr&a?RpOu{tESk%oTC)Te~u!>&)}L zU&ms?i1Rs({UAfHAc)Y zNlIPpgCj@*W(-wv7IUD=P-O(f!t}htsxucu;U6QH9TRMY+fh@ro(R=$$fuN5o+FE9 zP>OJYbR|7J;)NVxKWj)2g+2RFVV}zv-W9N&oZIlI|V0CM0`haxM5hfuuQL9tJ=CCM+bE%4d;N}8oOF{I${yBy(pjjRzF^}4S;c8*tOrN49%F7o2i4* zXfH3@2D|b+vquKJRvB_q^1a)A zL>cjLY%4^;Oom2+Yo+L(Z#Z~--Z<&rFve%f>&jko27|ul3#;-ND(%)>{(&Fb6Ep`V zGXx&`%*XkA>6BOo((Xa3VJB}Jyw@CC8m(Fz=YIq8pDg}iw1R&H)C=mh?gIcV2ySp^ zkTE@mfh&SI&=3;C4|pOKJpM+apm#4<^cR>i3@Lf)L}&n`=276AVD#rFc)ppf71^_% z8rYy^Ukqjrxdz14kp4$FRw-}Jwh zbkhF{`cCf^efq9`lryQ!`Iui^(*0^}(>K`*mECAnyVmx5&+Tr1?OkVZU7t@Q>U2E=nE@=cE`mNCjBc zQwan1S!Bo8Vv|y`A;gH*UQ^2m6G)pqP|w*VawVEK;Nt zZrv>0oPAvylAww?@Z)v@e!kW4GK2->sf2M{9o!+KWIeux245Ssv(K{~;5%LdY~p<1 zWLh4=fnOt^7wZpEF27Q;azMKcA6j9Q5)()p*Sz8WH< z0qdp%>zhLoUxzmp-@ULf3>)xha$%iM^~1c}dt3?q@@05c_RE{Ak*qGji`s)`O0oPT zSYhEY3=j!oz(6V%q@cesfHnLmn8#eCA_uc>v$W{vx0eUx@!REGa|Ia)#;aBUG-Qz{ zk<3D{OAHmyq6_1_3>vc#)%oZFWZnpUdvCcOyfu>UAl@S%XC@I@Ufy z^)2fan(ieB_SWGnSh)ZJwfD*`s0zvGvG)jQ>&W*|rgR z!VCkvPQ@fP+eh9Z07Y-i94&#AAS1yl&=+J1FwyjmGM0#z9dO()m)@b<1H|E)q6D{# z2MvGre%@tldHr7DmOBeP=WI>fpKr-CMqwjU7EX87U%JRSD!iw7dONo|7{}3e5sSd$ z$}$(Zu40=b?_vGeir?A&i-#unMK;|Tk zgsAfMph~TMj>16^ht&)@kO+EG(R0RvAPvVLwjw|{P{mNGuWCgynsJqk86=A<9=%!$ z_DveHrqHfPi}grZe%2_n6$jD*Tp-HEKVz@U()8}#WtXZb%=O69dySEv;4;9Hn-dfP zXP2N$j;>@Fu3c;gmb_T)lV}zf_-hF^E-17XAF*HhDl!?3p}`P_r{V%VZCoGJmp&Wd z&qcxa1rT5apNMBri!IVd>FvOTv1v~7gpE1aD3(oDi%_MD`3HcCfjU{E6V91NZi+;CY+%!kAfD;T{LVtnu?D#N>bvuu;)GbFxA_-2G{ux zwK6So;HK7cP|dsU9HW;P6vx!@*HeFd@dOH=7`^n!`wlfTCf%f%o>-$N)1L6;uy3hk z5o#{`W6GfENT#8x}kQ(7gcH-lBwjAfa|FZXeQOa;4}6=<_FG7aBkH>xp2 zL=8LwVl*@M*h>aMrED8)2j8Ehs5Tqxx!LWOPV;j7Fwgk!$U;E^P@FV_zZO$`;q0X- zpdei-aErjRh}7Ple9`M=WzyTZ-Jgsp1vc&adz%$t!O{!a&V9-{q+?xNhesvEL{9Cz zI+zUR!3V^jZz;FtL6UVsgq(PCtscHuVG)^Fx}hiZRJsV&*)yWVw~6Rv?-xDHeuh_B zF$d3G`XJJ{C=9oKQPbEtyEXI@30;ZixGP|Rs$yV~FxgthEOck%xe7cjt3CwT zvip>Mpn|YA-`nNA)}tL(IHMzx`jX+F?D(XTgk@{m0W7lj4b;Al?rSAC2c$=UcYK@I z68GM?KtXDQ5j#h5GMM>+(gddK8p;};00WpHbq znfMZBq;dUV?V?^Cf3_~4!ls)Kzdbm7QzK7D$clYXllZm|J7i6-e0+fM*j{&>7oH<_ zx_;A*n#nI=H|ERuti3bFLVG1bg`ONMvrvxyau6%dgF3~?_np|qd2MTawxm%pUj6x4 zYzWLGQuOYoFTXY_U=b=`*}Ygd8?D20X0Juw`%AsAiMv8f4+P%Qdh~+h)6>?Qf}aQ7 z{x`1_(2xEKGi0@}F379#-F|1GeEorx`qlBEjccJU@z*7+vUJ!nYmi`O>C^l13l=8a zlq2i%RYE0co25e;>y)iTVI4~&b3uTROUAJDu4T>Cq-}d)!#-?M|LK@c} zq$^qq-9~ua)%F+S{#)_G-5Ceh z)+L@#ui_D5?kw_D!rsuIMrTgz7t1-T~I?6x;$jJ;HyG0Gk8m{1_n@ zNuXCLh&PsBE4ErI>3YV+KgU&tCK9262NO3mI0}$lz+S?8{9ry3=t~mS&nKdYC={s8 zB%<-{{8N^50QG$1R|B7dyY+A1#SiPbm07%2x+4bu~3Fz)n?z%rqyEx0O(sp z@%U9``h#R_JPuq8o#d0t8@1$@A-j!&l_I`~I65x{DvAUk0r==LX@0(^wQb(JK+DBj zhqK!JB!#nU75bQKtErq^=^FhAo~sHdGUY=bgikvo{loSP98KVBkh{E}02Q%}o`Nf> zK33YE8U6tUK%d5nG_bh96}H`N5i2QT+8M)_mix{_Id8@o5-dDsWbbkE3{lwqftFaxL z95oj+SA+y21O@+*T^)=L%|qu19=c^K?R@^!RfA2%yZGv07&jvAm8LuMUh<}z!#ejR z(%kND{uKOBh^6-09E+GpCCU-EY~LrWC$dr2$-hp~K1(u11U3`%*)lElnp2`euyF3} zhxXN4ujAERgixFcn^oTW{x~h4a(naiUxkS@QfLWMhx(h|ifx?Z@6F}}_|jr3776(N zva3v0NQpyNGaA<4#%aA+FEY{mBG$)Myjyn1q}uBt!rD5nUqq*4E+UoOYl$}&GKB6Z zk{oz0q8e)9*r0ct z_bFwxZB*^=cK&}z`@;7@?9FUd-P4 zhBift@Q=R^>0$EESYM5prV(j{Jo%@#Upvy1$LQla?X3KD`_!qkSfmtZLMzvJ76EKU zFcWwW>_3WZpTVrsvLs_{O z_tl6>PSYs1haM*b`k~c%O8S#g`z3jbPc;T5mAub`e+)gXoJK*~Kl?0x=1rz0HJAU< z;Dd4&B;ink0&%|Jq?F>3`%U=#rjt31Pn6=eE8L0{tv$Cw^Y4r*w2l_P6~SSDLf~$` z*y-oN(+n>b;j)Ob(ureROl-aj>pvHQ7U|aFe=UgeEgcGU?g;OSDmcH}b2?h*){9Y~ z3LIT#(Ic3f=GVn@{fmM@gZ;5Sa1ivARJ(b&Y*-L zX1)`UvWINKj?8sRgy!#pb+P=cUGIczLet{zr4`yEuqJ@Mr%@34XX=UYLOp8tZyAYT zY$pqhfb%wqkxK_4y@-)r++7qjon$`>kkhJM4$bZQS51NDW+)1*WamlG?I$=lE5==_ z<)d6NS=W9%4dw;l^*aDR!AJ&h^2g6~E zfIA4krQT;K8X4q)0jOF;J~V@C{mzvFCT6L|58*~H!bJJsF{|(~+afWhhOvoTv zJo*s|17OxDxgda*Rb2!?^}w$kl8SnAE}Y}x$m_ZfG#cI+1$RLXMm~kp=M6q)b)Y>T z_@@zB0e)mLYVu36hDdjn5{r8R@Q?VJ8?eL1Kh1f#4Rw+WpvJF#E*Z$drvT*?xEOO% z+N+cVN^iZ~bZM_eDPI250^D^77|&ktR-T|9=bFGS4^m0An5RO)o3Zn1&{Bid!=wbP z;JhU`McPYmiyk|gawZzVrLaHehmj0<%S(p(i*I-C#p#7fU7Nt3{jv3U;SD{_pu=ds zyRx?uGK|K#_fS1{J+5gv5xd*)Llf%RyPYO>pWk|Kz7Tk@-XdR7KcikydWm>w>S?Um zf3l+Ww2EPc)%K)(T)&jSLIk3y1iO!_aUj(2e$x@xr?gxY%C1`_vTJgPZIn`e@?Xc=*}as=z5Tqb<{)-}no#Ek>pR ztj~V3*_^>2Jq1UuY1jHd*TbFZ!CYk(9%wpvyZ{L&-S;G4> z+zjuyxxO~p`!aQojw9f-p#fi&R#UCBvWyI5#Sn(C%X|{Nm2~B=98l<;8rUSIX!mBs zp*9xQj1>|KFD(^yzT2sNyo;aCq6Mc zAMn`VMjsUgc@=<-k%-8(hkiEjC-eMMY77U2*6PI4FGu=GUaI&U*|eItiesgOF6FJd z&S}>(xA(5oVemj(%Ggh#k(|&`?`w zGIP?{E7Nt?!tPfF1}}eQxoBB7WX&^i(7rmA?tn}`18QooP-At~qys0in-!y~_(0J+ z^sJnh1;C|Pq`0{=w+e4Nuej6GU^|B-eDGQA_ACA<*DDVtl^-1y=5!x|%3;54bp1{o zc>ZWFY|lk^ux)3DHn>8CULsveX{MJjo7{)6umENk`@dA|eurHxH~p^(ku!;ra=7x@_{ly(FUPiustS;-TS?w)RI&Iz_2r3*I?B|=k+x`^K{LU_qCGU-0XV|;6*H}t{qW%`jxcSnK%F*??oik{@p1K=z|u+JR2DcR-xs57MgNch@c8-Q&b3M(k;x zJLvNmG^@U?SK8U{ID0&0$VGEJ0jVGR9?J#0BdI15D83Fa+alB`)N8%fOUMAJQ~1? z__!!dz>#~6@$=8fI%AYZQ^N#@qN&t_u9E(%1i)o_bkdP-TW?B1zZW<~de_xd=`7s_ zdgJeEf&pto=0J;vc7Q@34D?(iqR=Hc^gCqruW;gXr~;fSZ}Uj5!%fVNdro&KuuO@X z_t#eUda<-P6W_WsFBo~xG523lQB8<_aW9J=X*cmPb$Xkz|6#B9u>`{VKxS_{PAymh zZwVlWS<9-5E0$Hm zAJcn=T9fVga9Y3Fq!BYyWBedA58k%Jjf7r+dt=d%4D`++krANktar?+4h1)$Kpc>K zBq-istoh>uod!Mn0Zavz+OaTv`2rf*RF{P6Egpy1(2z=!z2;j zZj83}6Id!>nlw!Abo>P$tr#v<)o7d_T^9;&xM&X6zE*JI@e81ij^=o;nxZO4&_#w; z-cFSd?>cCLi?GGO8@TV&G!hLwIt%<bJ+NHA6+hC#GkaV2mFC%7 zcj6nZx7&mJyV#Rjb*Pvsjq*TNQ>C2dEr{(j<>rFi~qPl7)s-+aeEyrqw})x z81qeS^C+mKnhY)gBcPL#J7|4eC^v}r(OQ^>!ToOypPw~G4vinbp{BKeo}si?!r98^bSBs6~Nv~^3$v39rb;&bL5{H7$d-O6?z%B8rrT&dF6a8 z_hrBA3trb>ZX2tZw?U>2YUhi8yzlBxJq)ejJhH^ESAnOFUsr5uTihmAx&TL>1HTmm zRDVA|V#nLSbtY`iZ63N6I%HR?dDivoRI>l<5aqABd@Ckj~ko?!{KpQ z*r%mA=fe7d;acR}f#)sjd0-x>*^_=vdya*p1DaRyeRNoS#;4&X{TodT!v2T5^oE$E zDhfb9-xwKZM~#;^DI_`vEcUG@G86;V@QogaXEBF)2GmkIWxP3$;X{>Nssbmh?XZt; z>{hO`yE?t6k|UN}CtM170aKSr4ZoC)cHGOv{NPT0s``OlK;Pre@L1`uJ~rJPLwnXGb8EH~241>CLYo~< zKSZOJ+KU^dnq$b^0iDSL_ZSZwbBS_GomhkwkCjBmH9OxQN&nKo4a*Q*ZW}7vNLoqj zk2dC^n{=?q{m-zMWZou-DM`8S7=6;RJ{CTtk%wj!kiOo|X|Q1w3ZixKcoBw(v>Mmx z`GpZv;rMgnQgf>(XW~3sAwMS(MZpzZNKzOuDF>&~-0Bm@1wFQtF$3(k!u&FT07W(G zWn!EsS0@v3j7D6O&^W1@E(Qd3R?@7*37rDlRMB$*%zMq$Gi%VZv_QZy8T9_N_IFN>0W9J&0tsIA z({*`^H<=~CT{S`1>e~;dx?)rpwO73+N04vF$NKq@>1|0?LMt?-)uAn;)JpVnx4li~bbIckR^yczpwV znG0wW7=3ra0rGd1L3+m;R$FPGcO>1_|A0-7Bb%MFflp7Xelw&XE!LML^l~Q0AAPD`#rY8HjK^w~k+QKYDD} zpxzb!BPZ&M1kMO~avPeaZBEVo@5pjHBV|;xim|p5o!^w7=y5jqcj}gtjm{%k&5I_I z0f#sBx0Qc5_b;hiCrS#$Pwy9#I3A-duxZZD^4jmziG4%;QAs-^qhl{4w{P++l>PKO zweOX))1~%cOjFB8!!4UC%=X{-oqE-vqH=^#Yh!z_TWa%@k(`~!ey1Aliio^by5o1Mp#R_3yyjues&AU>wCaG|pPa}9 zf&Z|}5Z2&o^L%1;vVbWIt;#UCMzyO28*OVTKhE>J{@4o*{J&H8s`mcTS;VyQ(BGZ) zb#%uco#ksXkl-khL!eodb4#edEh&pK2BvuKqzv@nPL-^A%)b zR%!f@ed+a3L}j(Vvuiz5wF8Myl}~;xVzZ|D>D*Pr`d=XjOWE`KoPFh>+wnU+)>-x1 zL0lqpzP3L(w4#GVJcrq^OyTWmCMLI&E~n0^eqr^PNP(u}>=UaUEgtnB*pA}@^%+)O zZaxuCu>u{CG1a9**S?nWEbP5w9j{G?UBf>*-|mAuEo3Cc6CxsscBr zI0(q(g!Wt$u|JF+m`Uq^yIFP;5ZN!PS;CiJRJlFU{8sxOe>E+D*^5OWn^v(siR;m> zPLY_k%i&UnVjfIC+%ywSL^2tLNRUE=F=>Wq7BtsiWp7IC$fvD_da-D)fWzq)A>HEN zi|L<(yHiRB1xv}>&fVgB^5p#1qXwZLUaE?{y|q8iX#1rb*J|CjfAPkj4fC*;3I6Bq z|KBc)Z0VY0V_R;(0ST*^iX8YN@6o>C$z!{sK7DvTv+D-A@!4)-toiFXQyPm8*Z~u|Ehz4-9T^|K7p(vsNrq@?LPxpnRx}MWSghlkh<-G$fNxT=vv^!aa zjEf<|9OpKpv9n{^r?Y}|0vC8*-iFxQs_J`Z3cIM0kKYr{3rg($1G0s%K>*zH{$}F{ z?rQo?iAm2VX>6xQA&-L!d&DC$RVmM1!YgPk;+fA4&RzO-Zk4^6F1m(`N3dQ>rRYY& z5Y@#ns#qy|-Q1DNn!mp0OL32yixz(w!SR^rxwUWE(^a9|nRX#_@Ot^4V;S!@KZWqs)UxXA zdqt5$f8k6d?Pe9Vo+@^I*KXSeb#=V%E`@%f+f~1Ig~3_` zwu%Sw$@@3*3*XIGDDtfl?2^-+|2ON=&AKo3}Qv0J~ zGfW&EO+o*gOXZ7Z(+j>}GoSd8PF|b!4I0$OVfCrbgiSxNb`j#QVG{vTqY|5|Ot+eD z9bJ6)<{wCCoZw#TsRVAr$(OTDR`4Bp%OqjxhOSiz2K7yXR=t?+L-SS#Tu$*Vh&(Nx z??%03yQeT)DV4F~@>w0=U+@6tb`9nc>)W?)#fCQhk^UV+{BXvm>5?Kfzv^xXZwHXz z)IOQS^bRn9X`{jZ#R6ZngI4*I;fUn!aT)`Mh4=lUF~HU&5c*2T>ek%K6NWcR3w%7J zl>UY-`C>MxO(8)!2tq_1f7Y5B+k8_n!!zwaDWUnlKg+6W!t9L)3r@oa9iu3+hK*SY zDVlv8#9fWE1~NUdrdPf^VtU_Zw2pvQK;?-ps+?7oAA7I8-u+6su^gH* z13zm{98)!swgmLAo`MJYfvEw|0st)&C3ZYn^>%oDIrv)4hW@DouEalxxag829-op! zUVuw*jsOJ#<&cv)x$RuL0>`AZf~)$%P+2X#y}TS8)(r6VS({6^LZvNDlLhHPB(h|q zzwp-_n|8lj2$KE@DGU_AHrOUg!Ob&Ct0#*y_CRARSOo^`uQyp-fc(U4q?DCS2$y~x zEz;ULmtJ^>FB1ivykMmrz#PJ&9~b_HO8bGOu<#7@Tib|tyO&S$XQ)|>@>wU{xhkQJ zImre(v6Q$h8Ecw4sCiHxz6FZA+0o2JwBvvvO7?g;a5OY-OY4RQ&*yXt?a(xf_&Lh| zA&$+0j^pRia)`>xVPG+KWI$D`!tyAxkr~HTXC z{rvuPQ#}vX;|@>e>M8;OuC9`NUyDhhs#zo=^bV(Fn_DUFT3Ln}22a=&g^$cb^+UmF zv~(+=NksU%bg{)$M)n&k_rEa2lgPA8h}?YZ8@_=L?*EIAWLv>KuXsf%+>-9L_+KB83_`|ZL?8FA6N+zD4j+(`d~$nx=vX8katB=yD`$PZ`s7Y@ zYLP&fngYkqzfR1yP%ozT;^y1hCL04E-_g{@1+d92I-ZwzcuAoizdyWz`%9lzzOSgpSyY1bK z_JeLoc=oWP#12~s!(2`Gc)9y2Z-&@ozVNKLO}^ryA@JAu5Hf^paBo*p%)q>GNP72= z&3)9!|5gySoOPHVY0PXe)gP;gr!C(2rG%K0KmWw`O2v{n41yS&4!`T!f>$#2tZUk0 z%&Ajzq(r;ves=T)`A~?5G2EtzrIxzeW+esR4dH(ObAzl*JZ;dqO5naQ#plx~apo)m zEorbEbmWTp6)dc~?!6*J7oW^h*8LI7G5;#Noy~RjtcI@0XI=C^x9atn{xeXMnlMs< zT^rA5PCa45AB1=%-jV!(g2O*!;P6^i*z|*sy8;I=V5=ND9R7Wl1erQ(6!c^6up;D- zqgT&fHE-j347$ayCwpD|C1-f%=B6Ez8=E6eJUwl&$i0e=%wSQQJi&PgP9O|%Bxlo+ z89J!tt`qM*Tz1;14imP)j4}xWcOGny`dBf0<&-wxv#i`qBLB?ULG83K8Fdo_6uygeF8-QelAhCfGx^XUWt=bS*5^ zbv~km9G2>)aqcUu!0$QcgKgdq@5`*oaY0W(3;CwjSa0cQxrLW#e z`^O5Q`Twzo0u(IN{&ISmq@e{?`>!r7 z5fShrBHE7)elnJNnRK-P-CAcIh^1vM>#rio_rnvZVd7vAX%r;6gBY0-6q-hBJ(kM; zrPOk$o!KP{O$|HXOYid`&pB(vU+*cePRe(#J$Kgx>1*2#={E#~LXpJfGsObh$1Z{Oyiv>WA}({xh?sL-5x_0mVNT9x!d6M(IJIW8u-| zOakYZBw!(A>BaKyBS)rJPhQ6(zTJb!JK=rlEtg%TBh}>2p4*(4Xn;a}i>gOT(Vd=b zWMr6|RIrFCt+Q$-h?^<#A9ei?CqzVjV8^UbkiBOXUc4mm3I5kgfUhjeRjd5KmTOjPdCv+6Fk2Q>mJV@o8RA7UQossCHUtr+i<3jaY)|*wjczajvg%>L? zJ=)Ig3!1&xUS-<5+AFj~dt+KjQ|SqgXhZ=fzgNTHuI;_?tQB&Lh4?R``& z;N^Rx&#f`J9BLlh8Vkp`1Zh9bPCp+qD!;?C{)zQXM8UB=I=$@mBn4amyZF}*rqMzA+{PM| z%~~lbb~07lm9O&_OP*5wp8o}P3#y#2Di#gR5Wl?;vAjktC~I8ARI;JINqUq5YUihx z)k^}E%(S!#2hOVMee*xUMeIH=BW54%c{6o!2l1phL@7eAszegZ-qI&1UvFRFo`l8_ zu*U_W8`=FwWOV}* z5#i;qTZ0gk=5$~#M=h}pyO|iB-oz8!o&tdZgf1`+9 zOjS95cDyGvtY7SSVI_W$v(uUF;KzjeF@vD*DaOvh7qtwZNsrCYjN`PyRVqI=I)Fu5 zhL-#38W&M-Uvp2FY^?Pkc7U2_xlKn62484{6e_v{EF=sCu779;)+55}W-g+BmL&>` zt_UkWSJ|ZT?4k8%5s5fYXf~Vib~xm5lWEtXn*3y7gCbnDzaQ4;|0#?8nthmgtm^3B zl;IptZSXwPK5T}m`UQW@kbTkI!Gwrq2R?enrOrFn_Pb=~>_-8J5_W@>cS2K=AcLD_ zb-NnWFpGuDuI4wDVucb=uuE}Uo*X56e$@?t+0bGnpUx|iLX^jSEr z-&C)P!3sv)NDerV4&8X9fLl{gual;E@y2yvP*Quha<6JOKAVO z6M2!3Tm-Lup?6@qfH+8QH1wfn-|TVi>=aSK2O6`4f+=}FullQ2tplw#!~?U(7gkGW zb}N3phiM1L&V43!%%)LrPKO`#iKSPMpSIIUwZGW(ntk)-W|eD$9?&zF9YOh+`rz43 zHeZ*FwSvvCh6pgn>O_{`V?V!d#h~uA+#IF~4Vg9@zxkP9$Gw;bcYnLg{iw;Z9}5pH zT3zPPeyt7OOBBDY`j+;R@PxOQF88L^hCOa1E&~*#vP^nb4)2A4h7mv$;`$krdPGh;!y4A_^AB} zu*x>RJQMSJ3qObYn#MCd9?Z7qH+txDIFALE(ppcM2S`5U?H49iXlv)0_~Kg$-LUV< zkt02dk9wGwYGjZjF>{G`cpu>W&Y%r62xS|WE3h&i@XY3RWL!_Nn4RNblb*Vs4M zasd(;7ZlbnT&Y&raqytdOBRnW>U-362P=Qu6?U@GYS7hr;P2= z`*v#%8c#7wolHuwV%VimZXG9`1SW16O!0zxG?UD^*&^oJwc{fon`*6w5yLBSokcZF%l)3lo zrUKvflZAFg?w___ryxe|U%Ekpx9Pp*d8AYsgvn(;v_{*k_TqQ-Dmq@&4}H1I1MEr; zIUf+nB&0$P=U4GK^XtPEnm#MjOHF~lL`*OICgVl`Jz?*g;W{^3bA(SGJa+CUdjS9k z&u2AUq%zv!UHfP(`sv>CEYINgiDMC(5#~sM5VlRS`!43wM>9j|;}@mmt2^Mgp&DV4 zc1OQ#{U$v69lth4g0oS!HEfH9xEi)zYcYLPITd#xj{GL^-J!I=6SYaKe?idj%)PV3GeV)ZLvQ zcVJB~y33(YAWA8>EtKlFgujaESr}#RcH0r0l#eadZSiFLbURv}5T4+#o|gZX>kA&l z1;n}EOM9M_zcFk>tAd$j63l}YK%VWL97CbWnY0lvoaF)zjjSr6lc-@;9dKZUN|>5~ zVsKrNRMk(=r1{qpgSwnk6~qn%Y?saP1DRcPSEu}HR(pr-&nY(0jp{u^LDrQ#Ok>9; z2eL*w&?IkG74^aA0sTrJo=Q@lmnDUM`To^Hn6@sC92x-|e^pSWZS=Wh88AtR%ZL^o zE}2v+w4Yju_{Lr;S!oPyE?+LMAo3@6%&7!aftm{JH`E}j-&No^AHP#N>>d;@ZB|`O zzX$)ym~NhI#!E5Rfs2tq%HF_H7PvIo+FIvYJ$9d3K}s1)bl_hIyxWfjkQN{{V^$8k zmF7c)WoOQ>R+XLPWinh{mQTDsGXj=_0e7)TvvKxcW^P^}Xxk1j9{gYIy$4iO&6fAA zf`CK?C5R+J5Cb`<7EnMCL69so5+q6v5?eu%3&b+ zbLV;Pn)zmZ^L?}Cy)$zcOIhnsr_Qc@>QvR)`&a+NIk)Txf%_kI>ZX~S;n_K4rJG6f zBbI#p$;)x*5=1s9mynX$Xp)GTwBcjk{TCkwH7(tlU$f+fUie!4&l~xV*n3CYP(h>-r3n`Q>shpa54AJ2u}Pbxr-NC`0dIs}H;vJ97pwmN z;(V5Ekm=JW=-Q*D&hVnu<|+#{Y5WWSh>+gD=a_#;1~Ho$*jkgZ_ylt`Z0a~q$$yXT z867u|z~Cy#^(IveeWyqU$4wkmRx*dG(Oo-P()@P#{dthrB?_T&WY-rw_uF{FTeUcD z!mMiWG+Zz92<$}Q^l3vw$jA*q$(pVoAOlv64qw4~@0+(nRve_Twtqt2wMf7cv~%Ka$+L&3}52zd^EE1$%2wME0w3 zj)>1DT3+fa4Ep8@B#qAc$tIksn&t#W$n6I#*a2gD{xrr3 zTlK0hZBqw$_c?Q>CNt!T2&7}4o(sw+j=52a8JSZ8|!T4yc;o> zJuYi&GrTT5JOKo!{s^Z|woiyqq57ZGh;SdFI{Aj-*vOAxLZg?uZ*<&prQF^OZ$)+< zyXWt*&K)sLhlhA<9HK@7j7lz$6tbS2>^L@Kn#xLe=xt3x;7lr8(X`>fzv%@{t{JRZ zC!)Aw4pg6fNL*Sf2E5b38?kbC4$gMQKqts_@3USpX%M!uFuWO)Fh=N72W(I9I$Jqy z;bu4*3wIZ+(|XTf`#K~!bWoZ4`D^C^Jb#C0%OEb$L%+WeQ|0H2`B09lF9@gajWe^| zyZc%UU!xKD0AhVc+>=nMHEVO|0`YcU)L30iOzKziujK`C3Zc&FM5E#{3>kgo9mJgYmY9!L9GGA zE!I7{P3FlV!Aci-Di#5+${BsbNHT^TL&DSdIg_`@ISR~(ZcP9K(GCdH`XR?bu_UqV zJ1znO?C_irbge7%@c$mkP>=PlKRa6Om~E?VLUx|)QK2(Dou<6e+qjpeGux@m63`)> zbmy9VZbpXPIfd$V*50)D=4yl48c=%)6eq=D26gPId!tA^22bBcnV~{M6cXX#5gEg) zEO}qQl%uYGo2L6{-e-=5QF5@^rMfqHOXQ|eDTkN{%%@7f2o8(LK-kg^TH|)Dqd49d zas9%$Fc#mOupzuFCUZ%v5Z9(Lq_9Uhz@r`h{LP~Q8`tP*R;TcD>&Zp#j>+8m_S<%*9bxDqi_k%eAoOUZS#)y~* z&;#^ebh{X3DZj4vIi54gLtC^UFRZ}xx`@j z7i=thj0yCTjqWzv;77W@(r)J=B9nltlxzOHe}(1%c^cr!_;+*@7dCrwo7#mBIYVf; zn~%2l$Gs_*x})X&VVEn_1g%E#siA9d(C@%)q_?!fRppPJ{N6->TBG#OrN>`){)*W( zn+*)CHen<9#})LE0;vGdd3Myg1I1x(nyn5)uutrR1zffFRCm?Yd{+CoJ6bz49X{Xg zlWL{%zNht4{_v!1K@1BBu-?)K!pKE{ssaF zoM&TWP_Hupr|WM?X~wK=0@Ld|+c75eruy><)!X@yiHQ&*G0RF zIEJl7|EXX24=Jihv=Pq@Hn7aGHMW&?C9rTf73wYjZV4x*|VK^9*tXS7U z1c(+QkpXvF5qlP|AdT**4TsaMLx(a7OJFyvI7qgOmB|%J#h^fH?oUE2EmHadgI0vZnEU!bP3K-kR5$q5~0bBs}bnHw8kZ5JX zdZSl9YZ;DV-?4O8>|Xq(t#9J_H!T31n4!Z5EzI~eb)&TXm_<8L2EM-&GrSX!`*D2} zjc^D-u>f11Un)px3zLW_#H`^IUAa(|Y}!(|akVcGuZY6u7ZgXp9ra%#r@Vs$_`HtJ zjyjqPEIfx>=1|^eODh0WB>ib0*hf!ucqPQFMmT;4+?Z0*Eq?~_!hUF)*nfrTxOnK+C(w@oLc+ia4{|}e$p#;(dUW(u-xONHhfi*1s=5ht(x=g)BkY-j`!!B zEu*(1D(^5TVDC;f1SU1J8xKo|TXF8&bxKnG#_@JG_8@y3D=RgJvacx986Zb^jK8_F(o1vbL4eYD)HsFDf6?m@wrel9K^!ftx?_NL{^e1Kq)9SQ!4%qdx z2e2RGpHl3Y&q3z+`N^J<1h3IdVw*61kKj-sRREqN&66bV_qnviP!X_sF)+6{_Y^?# zQf>|*|3KX=w7fTce@hS&=AT`GL(z}@Nxw_98rl4v5Fc_v;Qv8rkmNrkH0bSrcC=E` zd;pJMI->bChwZU+l$zQ)Ii1+tSzXQdiv3Yxej^SGfK%caL!lEwG5iPbs_2xm_dWo! ze;j-J?IchvY)d(IXFHVZ@w9HxxUl{N{eyk>;0G7p8Wbzo$&6*IPJGjcfIQA(I|~60 z4@)-y5}D~!w#|is(t>|eYESecSh?s7?>tT@drbO#{%;zHKz4U3SBgU9v2S1#(tRsq zh5fXbwNM512U9k7NVkVl&h5r4jxLgNYD{Jmde#wmt^x%t040K68z&fU3m2-K{S83_ zwgaA`^ROoOYC0F#yzBGBKCrSPE*)Y{pPays;}7RN5us3TH|)*~)bl8Q&v^Kqw)q&L zJyOMQCFex}`8+=a-I>R2;|)kpBG2wmS(b1E`uf>vQ(8~=s#iULVjxK@`oOQrZQ;~A zCAw2RirYG}?CT8Uc%ExVGA+0`{kxs?HcKAF^4Se}DkM%C#|u;J5uj%>^SBUlFXW*I z-+lSew^QfqS7>x<`LCLv@aJNGaDKm!&O#=x;}+M}&Z7`0|6vbrbR<^mP_AdYLJy2xIX=1DFjL{m)d9^PKB?f~ zh?iGsMhf%3s$?|51I#pE03beTXY3Bf)^G4EeX3Ph&N{3ddxC-@L%cEV`yv+(v`Fx; z8;y>Pn_atA_Uk;)1}uP!uK`jAFz5?{rOK%S zDSY`qTBT60CH~NO80fg*q{G>j%{|{?h(-FPc@hTaPxT@1E^P+hmjE;w)&G?yqh3n@ z1;o*9@4L6iRFu>(W-Zc7W2EM|WlQXdzMRAd=eFdgz2muAsVeA#sl=Ahm~RQwtL78L zX}lH|P$dc8*;c1RxXf)ViF+$ProKV6{gWEdczpa9!NULL8jp2n4Ml*G;X_;F6eFL4X8{o z=_`dt;NrR>@`vp6z&Ul3zvULa2#|l{4WWZcu-*Ly`4^@aElFvGe%@E}Gg{kPS_U=> z0BC@4n|DA;I+3gUR#7P+kf?#v;lfQfu3OX-EcMtF$!inNFPFCyhEh)u8_*^2O8Ar) zX0`?Hj5X$XV%oNMHjCZ&om~&Ia)nCGHoij|p$P)c6l*}COzF+F5I6MQ z*~a=RVc`xA{*H=Zd(7GB?6^C6`AWLeC@C%k7!8w^f145g-LmOr5pla})9FcP-)m>( zc2(qw*V)Y2oY$Eb&Y%o0DKXry9cP$N!G(^l^mdvx4(T$ zH~AAr^jaOTYtQU(-bUr+A*y0aq_GzOSskIZMb12 zcj4OY4qm60_pY0{Au#T%@FRn@_8|8?ADR8&daaQspXw&+%HNR9Bucv)_Kh&mqECdw zxM_Hn2U3#guH8_2)09d!%kh!Es(cjRrsr&KHni&)nGlVFon-C7Dx$cYO#(|_$Z*-3 zml^tY|K%vgz+-jl^n}PTwIaK4m1MHR(EjyV#3X=dyfZ zQC$1!;`Kyi{1P`jJq2=hjezQ7%@Ya32$pb=8@ffLXUUckVp|9Ra$#Wg(X`U9F~tHF zdrD24DAxumW1fcg?(oWsS;<(Tp&4raA4ii_R>&dMTLByjy3330yiR*QvtDIx-c*vh zmJE`*1x;9=oj#GIUwsKx4G!5l+HdcB_w#pu-Em+_yXgs1l>3%{6i`tUI>G+8Ll^Z>QXvtlaRH08q`v&Py=-Lu+HGalSD z0n19^wks;25pf!y@?S=2r9sr5&YS7pi~HTo^t^!~Q%j5%->OE}mvWfX^2 zXGWR>rXM8?pA)kuZ#QhjCuY~~+W1JEh~U1nnwtnQJHA1OK}V|FxV`E7r8_t~AOR)y zOwCl!$sd=yH5;?XkJW+DZqXikFLNFm=aPNxpg-=uQ++K!c;&cv54icAOfWWY19Sf1 z&mT(ooeBgfrvh7(9WdP}4tV-o7$|uyXL57x7m;^aO$uyeB=yZ2*(BPd&7aI{c!r|l z%mU-WfUSd4jTYahU%%}yp_HJzH@Zu!FU`GW;Cx-bQCo`RMB**pTxMBNE!vVa3?xs( zeSC@7G0xT1uuJ5~S3i$(hHD;;iJXJ(pXP=5M`o(YcXyT5vASAr+O{nyyP^AW{jkOh zjRcJ6qEA~$ASkS)69_RD?F9dR5Z(>YCf?(TCG}#cQ_o4oHQLD|5mGO&gwkJAA3M$E zE0oYXJ++T;!MF&zSCxb>IEP!wv$A_mZ+v#{7~`()lI-n+jDo{JpxgI;aa=F)kdUUS z*tbqas0@JI8AmrB!sk*Tj+nPgEvleS_nDmtt%MO2H&eSPV9s5SgY zQARMKnWtTAXc7cvx;5<`+8E-&ij;|_fq@0g9)g=?JPS2ThQ+z>20~~EAq#S7(R$e> z^VNPX=!-qp3CK4_IGme~_Gx!&8OBQR;fX8 zt}-OS@Fh)g1;$A6j%`eQA2dew74q^5(6GX5>Z9rG?W3X?2Q-RP63&!#+uUioWffc( zu~1UK_P8tE`B5=ubhOKbVvm;Z^$1{l`%cdbC!-iVB~eX*$ey zRcpW9p!#*3X!?+I(e%tBsopsZngZF?ViLvfdwy3MfJPA{8aRh-^QoKZA+G>kR8u%9 zB93}MnGxctNebUHTklMFwhD`PRkh zOa-Q=V~0W5U2AJphP}&!#4(N4^nD(Epu6ip+%Umzvg{-`xi!pUXCZCw@cfFHa|@HjJ_6SJ|0~X5xCM50kW%TVJN!n zP%({tz0dxDB~O}8h_)8@2#R7%zL#ZwYh{P0FD&!EzT&8;>Q6>sqvXyAd2l18x(NDu z@0qrY@@3O;!};oLvooE0B5!pdt&8??cxi5rCMxYKvMmZdi^pP$b7?G?ybdU zj(yrMBWNO~`{tGvb>y&Xi*2{&oTcjwB8}Sh%83)f!5(>Me7)g>4;W<8zCRc8* zmezbsA;>X%gCSfmJ2$S@x*X&0YxbSe^4{H60=$|#lAAEK7K`2!dTQ9mJ3n6j(YVp{ z9G{Umr0|2ZD@tGTGf3%4r{fN$Y|r`!@ADn6-mmF0(3shF5cJ@Vewl9fS<8WYkS6w! zPxyfEu;=>mpt#cH_n@nmX?AZs`!D2hAku-!ih^H1mD^lxPvf<3dss%_(jDC7B}=EE zv8#ALf0U}Hr}0LFBpeJHj`(s5B6VN)VHcTIh}-#Srb$3E=oe^K^oldKWsLdF#*+&J zLzeaLU%MI+`D&WXJ$8LjlttsbDK1d^b2+7PY0)YV_cQhULDUQ^k^`^0b?t&Y)$IFt@*=~G;t~4Z^KlHKb z8LCLT%&w{XyW8TO%@T3}B4v`|swhjz%%VQMixZA$l%nis;2AG6uVNN1;$6Md$wZI_ zBR7*nT5hL4oA=uiK040Y;nU*`X`u8KeJOl#>a}_yzpXIoX(ur^wR}@K`Qw~D_wUn0 zQ;#ww?>Cxw_WN?TM|{~}=Y4JS@omPS6ryCJ=cG_0>nF>m>fPcm?0uo7WY;GvzALSQ z5fMw^Ptulb*8z#Tpev57)_8u0MY~bRJh!fsXrqXmSNzmQWR3o;`^jVT8lvJ zP)5x`O+!9@815MVSa+@ZgN%pfyKa;`A_7rz-S>yW-IydsN~%@4aRTCPorOD_Du@Uq zM?141C2>w}K--^ZoQz1AoIT}L2>mFNzs~Z9Ytn8Q*esrm$Sc`*vfQMfmI0eAqm0;& z56PwoFgJDo*b(V^@e2| z30duovta2IxB9gfS zKWd}s$-B|>?M}2KBLs0QD;U+8jy`(kkxNxMHx-y*in+tq&)w5EOp~Z?+jlq*$i{14mY-$dxlV4yGL#x;_iqZ z+Tu&2bJ#ubF^!4A&7m)8MX|G-aIm+@(DbyBH!TbSwL|MDxf&H^248R7jj6BdS@Hbv zf!fXFWvZszt9&niMmp!1Rb6fEhl5YTQQy7x8EBGGl62F7;$Potl`IC+c)E73;SW?^ z2|tv!(w9pf8)e%^LvDxbU+h3hFFSr>J!JPb(a5^HjpxpwHKAT5iuP(FDri@2*s>X@`$R=y>VjE}V% zgPp9)uL7|W-+4LppN1dtC$h!n{kNtyoDB$DLURjRh^~}Bb^b;+QCGOpNbWO)=xJEeBq=50#>#zcHr_R@UI03F(MlQ4Kg`}2;~Aio2~(U4Y>3FM1xF@ z_70X%^@5u{8^&w;?{N}GS)gn#I6`gGYvo**P*&EoMr(#P{5~; zR7_+imu$*e_rJg_zxX{n#$s`BL@&vP=mKSnT=t(uyCQ3OIRC8Yap|@EKZ`oBaXtG> zJ=d)N8(y+vtA6wAkE{*7YU?tlDKdc#1rx!)G&m(BtT_E&JjE#m+FyU?K6HrA4UJ;7 zj#4{Fy}_?%*7HKXi|dIN8QFW0gcO?FXEFirCE*Wl4s2X7SuUaev=e=egzlI9^I z${+vJ9C+TN{vo?bP}^Y`Y3X<2n?n0@#xGc>@qSH;f4OD%#9?Z|=q-N2YG7&E@|`6! zOg?ov#`><|yVu!kA|D9yN4?(~T+9`{Y5l;h8;AmgTe5Vfllk3(i18cd2I^K8loa>h z|5hp2g`ntplInQpzH1Tc=z|lBG2Qm?B}saV-k;!-(|h8&T3@cjHBOfuGI`{g+9drd zDEiqEKBrsfu+oK5mx>!orF)#5BhDito^)FRuMWu>o*X4L^=Zzz1qF7#K10UJJ)Dp! zuTmAv>`){-kTa3Wk4++c{^%EU`F1!~lUQtRQekMw&z|t_tUc*H$Rg=*DnnyA<({24kT&V?fOmMac#yd+&SEk9Ouy||s zYVI_b)2BuSu6+Ll%iYTjamOf$=0KlOUK$flo$5u+k={UQ?v({IBtb+4jmY(Bb+jYQ zl!H8MY@Q@0&nTU=h>O%}LB;|^oOiDl?fo?0l)w(`fKX@Qofh8M{v9mplrS7$XU#4W z4nCnuWfbcSPgkJnwI?WwXue$44MbIrxJA2rmsA)bzs5V6>R4Hy`R39FRxAY)utNeC z?eQ#LUhTUoZI^7s93?NnbB$*B3v&XC&%99kBermJ!`ochFQj>7@mt=0`k=r#^zHF0 zg)ARKev)k8pFafEM#x=mA-#rQ!%1-4?J*veJxeID58Z7d8+Fph`@l68Wp3WU z=YM>48o224HL_=IeggN1-UKq&D)V0LX1$pZNb*0yfDfc6cxUWxppK2KaOzKv4Ype? zminO=aqg`BH{GcpD`*wQjX=Xq4r>4jJw?ga}{8 z-KHhqf8M75iyrv+RO_wI`U=-H+NonXKu+CDftIHq+S? z#_7zurWj-}TDw`MSVN}N^vv|E8!Q^40ZULW43P9Oj|D=s;4?{kRi4*h^JfivadFux z6uQE~I~vU_b=SKua)x`(_3&iw@lMbD(W|}@53Xe=FaKX@5e?>+-$fz?GIwWak9+wC z5)Fz6x61AXYC62|O>z0)lUn%zTqcA46rE5};b_XQudqN9V7naeJ2J!6`^7IDy0WR4 zJ+oL?c3f{^yd5($$-^=3fXP}`W{}L~w{*)kSw+c@&b_?sSEkv^IqrZ4!pSHz>(8mB z>ucR8;4`Po=w!ssvE7xX)i{3~Euo5!55eyop&nGL?* zZHz<4<9?P@R`Ef+wRCsjOatFOciT@m{H`t81G5tEjJQmiw9=CsnyfvZR+QnYf2+!} z3Z2_zKf>Phl_fkdiIZk9mA0|(*Awo&xM<7?(LGD3&#x~L;=+Nwy|?sB&4Z`JeF=Kr z)Mwl-`*N{!E_iYk9gPTosc=79^SM8@^UXpH;l!e#iwkbstBeqboRYT+9Y;(g#wR=u zX!vnF?>b>_$aSdhkM+QRvHABjV)A^K$~XDNb*>F3>rQ@iW;j#NdsxR?D-1&utFeca z_skur@z>h~rDnlW!{f;kj859>^&)vyY6iw6mIc?Ex{XExRoEGjMjf>>BA8SNpI?M=a+JbdjY2;`Wz(BYuyca?>63-k%2qFIAO{ zW@Y5+lGyH#6A}Dq5b5kfq15l~BW!;HB{lEmx#d=y-nvF6#Od{=w&+C;3B-sf;OSh9poBEA~nEIWRz zSM_72r)k1&(|lL5XWK>R-(XIygQTJ)Z1-zTDHWQ69ltd#!RLN;B|Imx(Q+mACD84_ zSDu)-!jvr(nlw2-G_}IensIUN{ccRE#jdpF$d`Pwv=CT0iya-G`8SS`zaH*`tb#US zp;vtg(C=9!OwDe3MobD=TKaPQPF&c0q!pMaBwgSXADQ?4k^4fOUP2V}%X2Aw$6H&8 zhOgE@vslWXvAvypZWQEGN@@9xCZv+r2Ht(rs^I$r|4Bc`Lnx4(a)c*CCW*REV7MOy z*!81;d4@8LPwv*%M+&uMIpw#z%japHf5Q&=ArEFvrbBZw;N)^p&Gcc{`?kE-6-@YQG~I;xIw21q{#UdI&FUd@HNx z9qboV4h>0xIA9j2e${_mWIm6}ei1oOU4?@Z*mV4ZhVxTrg!4uC_K%Z0=Oi$zsLt`_ z2sqdc^OThp2Hi(T=lV!s_c_$}9u%a8IlIi6Sbxg#cf;6krb5OU=zfvvO64Aw2?!iN z;E>v!CDqRXpE9<`VFgoijbhNv%vl@ZTO zqV|uKx+6T7_k?kA_0UdTMtb0vXg4BU3eOD_iyLd&^RBsJ65;8{-U9JX&9%{ic=%il zX*Ylz%q7C0GYoVy>rZGOY$5!`R@|cnT}R4LWIt?DY_`RCGTzB{#LK3s1m$oeZ1eEq znDBHUQN-~Sg~{ZkcV{DTne`D^JLSBbK6GiBOpTxl%N-8pjB;T`JG4ZU!v%z zL%N0wdHi8!?CaM7&j9mS^6gOORPvAUJ_-MUK%8?Bz<=$n1Wbmup$KkQ7Fmjydv+SI z=%yFdQ*`(R16Br;b6OLs80n3u0yMe%>V zSeh!GvC+7Cd7Iz6m+ETvo1VWvBN5UsI|?qOVpcHu@)Y?F`Wnwr-1pH>w|=G3^i`J4 zlAl+uvhn@Mc5j?3{aaPP^Cn{(_(YU+mTHo-w&NGZ2bfiz4G_O`K~}&Q<%38C^BH%9 ztuI)cUHu|f;?{khQmF#S_s9N8FT;=Mg)UU{6TM6wYcv7UMCBOW)Chjd=R0j+7{?*!}bixpC}^TIQ;$5EYGl)1ba8iqAO)5!WKbql!OU*+_p1 z3UD5DUB$ib(*(qm#fc3t|8dSTI^aP2d3OY`;*_T=9p-s|JHNape1k`m&X2@LDhNm) zbw662B#cB+(3Rq6x+tuow3H&337;15eYyovpeT=n&xvAJ_vGb#$;j|%*)$FhUodps z%j!ZAu1i}w{>Cj*Ab0VE1Zlsqy)d<9`uVzukC+A!A7a^5iTVH-dKf!>8|)OIVJX+xhLpWr0?JDQmI_%pvDK0+_AR%1ryfV!F3y%)JzOo<1J{jp$I~YQqsS(FoY`^rBo38}Mqf{vgO~-o+oc5E z+!XVt9^*E|(FP6}*b?|S+W8qd+v(Hnu~0E5(uZ<3?-kt8P-GZ3S@>PA5drK7*bX5N$AS|=Ji|i^VE_I9} zUGkKP$&t|tCG^f~w7MbF7a|=nbr$e+AjF)fL-~xxKVmDB?>mXzF=+ivYF z<|kiVYP}#N*Cm$5LQF97C2A+`(q-lkoo`&$U@IvH=!+G=E!@iZP7y5!%v8S5$(?*6 zaRb)qr>>*9w&5vP#T=Pu%6*kKYnU$D~&liRJ979qR`*D|>k#*_s_`=#Z< zHy?u|zQ&t7B>9Fl3j{VZ>vIn+3lK7RSzPs!t~dDHZ9y(}GR%D9Wo2L#-9%hs!o+ zGA?cw>*O|!gd+Ot>sWI`ROliaYnN#SB2ak(dtg*m$m0jj*EQ307+Bf&0%t_YZkE>e zN9}oW$!zGUWw{l67*8EJf7j>R1clXUGL-ebq~8lm_;}w1E?~|Ky#4Qx^J0Wxun~@K z2%tfzJLg2w-q$y3dB@}IewwMtgyOS>sJH%Uke-JIkZJps{a)^PDB6A7D(oSJ$9U@? zl^d^0RT-_g zDNr~340LT{3vK(ALO`Zn^rrh*ibj9`DFa{^A66k&DNGtKuKx{Pf9WZ$L`9PPvqWqk zlsf)Cxi3LE=F7AFV=8!xCWEv06{9wBqbPPG*XOuD;Kqd)WR=&h+0(keRee%nyCr%4 zmj^Z#(|d~}ej&vNGttlxOBeLOZE&e{IRh=_bmjqRcuRIk+j$I{1JB6w&pFw&)uMe;8%?d-NVYr*{wY5>vy0nVxp&wVQIE zC7Gp&H=Dp-o>Xs28G%DwTr_E?pjc0qKnF!>QA+MWP)$nBdPjS>r1{yyW^C(mg`*?o zjj2qpuwuzp;}rv_UDMVW-=s97lC0d6)()Qkt>7Xd*e)&b$uCC?)0;w5qFAvaXj#bT znbJ;PmsJo9WI<3!HTBNV>cUz-;EDIJD5nnhI%gtZ zC~1G>HnW8r9ZB6HtpV#=T|%cer$H;d{S1o+2J9Qdk@Pj%R+rAb92=86}R*+gJX=cVf-$`sdq zx{*?Zx#hvs>z{?XkCRxtec1@EsQHb=pvEQ_q8bG^ZI9|Cdkh>s9InK-hKYrcG;Wn{ zrLCm7))DF)BNlV0tAEy9be`*~s$&0k8h)2Itc=flHQn-kL7U?DZ=ppJIeJ!?aPWo$ zriG_~RrX^jrGvY;V-v;Ob9dkf!ji=5!W! zcpDm)eU8BIbLFK-y05G|d52_U2CFp3BB)-HvhYWp6V^`{ zR#5V;80i`mA|W3<9lOHb{p~cbg)GTe?tCa*D&}SKONB!AYgB8WNecwl@rLH{t4SApQ&gYmFZXw=E z<)2Pty_j!!?t|hsoDXnI+=(<)o=0U2H_KN+0B_c4Dh@5TcssXiMV}ebElIO z;_*r^G+{8H-aK`$!S-Fsn;xZAP+Xe1m$ci=QW12>Ni^$C@Htkzpp__Q?SRR&k3?`6 zv~+uiA?rJFJRmaBTJ!I<*Pq#CRh7G zyk``#dqMGxM%{O5m|`B1I&>LlO~dD0vi9?tP%p;7$6q?FQ7!RhAg!L`M996MDXX(o zCm(~pdFfW;kR69bSJ3O3t2X_zAAn}9 zJIM7@7vmDW>3Z|WtTcRR4Q|P6i=T>ya&8wt$az_&-+%L=%>I4${il;_%TF1_N*4>1 zI^s=UH1lEAWYkQ`qeeWd+bz}8?Fhm6KMKf#;*nZZluv%Y%^)j?!^2Y`rg62=1JJo9 z43O;Zn0wnCF&p~mskXKz7iuF1DIgav+Grq0NRuSVrh#lGX=xlz<{0mM_LlYK2NUpo zyhsG|3?tPY8t!btqm1Y4f$k;x-THLPOE$m&j}23U5Hh_BZ1k1eaRJgBLmuXu#bV{R z9Q%0rsB3547G8e~CS?t|Z+2}>YdAvF4Fj(*5`kg&(ZHjKF8VH;wZYe2nb_gxfQfuy zVI#tw5P73PP+de1h`nSBBp_^Yx%E|aA-~VFIDEu0D=MNjxM=xZuMn8?0o}=^A7cn{7hC!R!uSI$dnwWd9bVnY$wMELuw60B@ zO((#jjz6dj`+w!yJ#uXB^`S{r-@HNSy>l7*qd~b+=0)z=9svraNYKgg>yon^hpA%B zfRhJOhS0IL0T@=G#-nqr*fAS5EPBz_JB6Ox%z9ik4%WY(kf1$wO}!I*=jYyt@Re6C z@%ya0sSQlwh<==WNV^}D|eEpyR>=8r5iF|Qi{lzerEDUSGgva)LH zt;0ARiQSiiCHM~!*C)f9w*Cf@EZ_z`k@czqE|b5p)#?tt@$QAB2cIFzG@F;D4hEuV zsaSqUEc6{GT~t(AO~=|?i`CqG;(gUpQ%Q5aOb|C!-^F`)Ll=&2&0+jR~+?-oeNdN=001E1f|hcqXBXjOFX5+to2GU@~`41VI) zwqEIc_H!w`(oFm;nxBu|sKx$1fTZk*mHtVBeaZ2!dmH(r+kH(m_*EK82J1@1&~D+jYjZ<+L>t-RS(QYaJ$-qvA&)l-_m1#iB$IbqPIH)g#$PFfvm zG%`1WT2O<7%g4y$g{losr(mo8zV@O2;n5ik5s)YD9QFG1b!Y9 zRQV4=;N_TX+H5(Q%pV642|U7=j+n#aj7E&CQE|$#^0!d;TL;@06*sBD6CB5(B5Wp} zC)s@G8z&qv_V5d>i4KMqBbER~4VAKAw+wRVAVwTJ=80h%SGFNC;j!-Vp2wceUfmi8 zHX-h-4^6+zP1{Hl_?c7&QyE5wW0EtEth!qB)@TQmO&7v8ZU?yhU^-!CO0K;FI-`;# z?m1SdXX8Y`a$GwLpm52}2!|o`6F!4ljBrZ6t7(_bu=)6Gdw5C;b_PAdQF^D~XczzS zWjW-N+lcVQcL}+?N=jB~5Znua860$GXn~h=go}y+8<&7w7Y@W0bi;@OShf4D$nNO9 z<4m)%r7%yt&IR*Ix3^8>gwcCe8}d|lIT?>s7e$-2<(?)&p4yDgEw^QW4eA2rNbYXh z^6@Ws?RENP^_rt_HB;Q^cS|jyMS9bVs=|@T@$m zXEh#e;_&VCVG@!Mux=TA-Fi2_nw=Nb>gkRBQb(_x(f4GDvBzz7PLX%BBqyG zV=wg3c&r%7iAzUGZNFAs2FpR~H(SNKpJ?w4W)KYfi|0U&1*>G%KN4LJ;!5~&XGwj4 z59^wH;&F6kvp47#EGkM#!~U0gh=l&3F4^6WNbc=1D~f@l;qjhK z(mP%AR%FjwzQ?m2%WHUN!!%Dm=%?Llht@{vNQ9JifyY{&4oA|gm8nnCMBcxwwj(hZ zFAhN@&)tiMtoN?`a&54x8*AFppY`ZjUx8vap*>ePpcPwAJE@-W!b)g84=g{XSPxR8 ziDBC7ZRoz-q*169pA{~pD;EG`MCi(}me!$?O{ilOXXhsVEf|`4MBftMAmA+-< zuJLElY>M&Me{r||vy#7n@CO&gi~a=I%Y)Z7{!&!RFyJqp!G*V};LoDNgj=P5!Q#1c zwf<7{ zFdoUlzWI!i&#`7#p$S^=Ey6C*D;eNsxB$xq>NJSU4Dy4TSG+een9a(w%>1c?Mz#3E z1eqhQE?rf5M?By-Ba>tI8~tiNhNbuh2X8 zumVe$4zfSfwhcXLC|*tnAA8+xx^HZQ+Am)qt&g}y9YWkSUwM)j`3SpmM3D@-tN&I) zePI8TiGzh&B~SUK_FLhF9FznU>tOIZ`Bu`;gUizfe3IUfCTCdcq<|3JH2X%pu2+e` zrU2XK9OXfnE(W^SvMM>mqwNq+~gS_ z$O8JM{~K`VhI{Vv1mLdPXWnq*3T$z(@n8-i>Vwk>6q{_S(8{G-f!p7g z1qEYB$on`d-pP!u_|t#o<`zFOT~UYZaqd}J`4F_d`k4sa=ybKilqm#zFgN^aV=8j& zIVM$I=*DU5)HDBND=fbhTpR&Iy4p8Iv>S!;O)?AS+pU&b&g=_g<@{$%7VFYc@&GLDZXCEn5|XT1Uz_`XOm|GaLcY;%E95I<{83lEh z!?1{C;n>*w>6~=XkY8O9{A@|JaYG-}y$y4>i8=>$zk0$igADFHu<@8etI$Y&!OQJg z%6~xkB{}kc(Qe!Q8b9tyi%N;qTs| zDja7^XsB&`jy(g2;JVmP0f+fE#}BKpK!hgzG~-qK+?)!ymeLtD&JIbF_eaoKGtDbuxX!LFktx zNf)Be8mnNreTA=a4+UC+54^ zmI3g{4}rWXkU7m|f+P!X_BNyHyK}ULvT|s57dyn@3_D#B+^c*%C_ecndS7Rqz%Eyd zA5yg(O^#WV-;8gPt--tw5i4D?;gxv(Uak{$jo1{5I70L^Oc!m1fhX<9V9%EKw;|Xt z%w;j;SvL&wc^Z2WbY|QcPr^ISKH;tTu23UTuJHUxT@gc+AmuiL*JV0b2#5Vhd%FGk zg<~e_L|+;MZB_iJLgFyR$g@abe+`8r8*Pi#E+1!kcKa(C|ku=k!(O?B=|m|4(xgjCq97n5MQI`>AP6EL(t9GkO6VN|gwP=*A&`({ ztrMT;-TQsd{_%b1#~$C<`#YQUgE7{cYi6!l?|IMbx^7w`QUbdDiZd=}y~c199L4s) zD+TZrSrSGARD1>&;{4%N%;L_@{mJv4P%CPg2f_HqB^WIv2 zX9g4${ELgNap=tg6WT4j`JaN@;ay*@O|T{MFXs)+fQFN#Liwd0>+*ckVIvwv&P z0`b4_;l_Gbuu$`IHaz_};h#-7cG zNQ4(oFf>#Xg?uY>niKV(MFx2Wjvk%rOMU`^cpUm+H)BJm({CZLG;l2smZ_l}WN|0v zdJ4~vVhpPW8_$?vOpObH<~Zi?RU{Bdzi7!lnzU{;>f~CkwwUN6BiC6;6ifuyMnS2i zhE6~GRC5i)dTXaInkA9|e!db;?|}u}rcYN1x+c(y_2N{1KoN-@%oe)Gy7EFiMr|8% zNf@$DNi;LL#3|x)PkC8PCpNl7%@R3Y0%`#ImY@yEQ029(ZN6$!gX`BsI7%17%H|TV zP^nEm{BxF1R7vn`V9fLA)0NWqlcJvXymCA1vdqCoCiHSVkho9zeH9^$BwDn>V5~o9 z+zT`;357#W3Iu8Hb?+$keBUiCId)xA{5jh4k1o{2)`CcN%xlgI1G8oC6sGf3rrWO9 zZ?k?HbnWCI$Z#0?O?uvlo?vjQke9fqD1PNt-oZod=fo%woD7>zaab9+X#atY_mhtR zZVx=*&pvg>q8l3ct5EN@K{uu%2ao++=F~Cf?KJnvPXhPhb%=%qSmfU&+`FWMtT}#< z-np3GXcH`Mr3~CgR*t+LGr5Ev-R9}!htLBAkkNijn-0|}mcfn3OS3TFHE+AEnUcqD zZtzy~PTsUl)f4_|fFhbyK+fPvG1Z{i3wD$ZTWGT!nL@r38ESs0I>Pz3LMVA=Km@ic z{pOEn_kL9~r7SOx5ORDae5+P0W#)Y`lu2?2e_gSKKS`{~?2?-qC4pSo3i^zI5G!(X zF=DNzBOB|My~0-tj<{H?&b%2A_MLDHBM&D-&3&dLq$~qRxhp^%qmUTiZ>U_CQVtAM zhkQaln+s}jck{FK>%xmjp~A6X1wepxvJlS`J%(#M(q4jm9ljVAiVzP$+^pI>KgOeC z=r6a{>ZU$Z6y&r(un_@F{BXHM8Ibr+$^{%xkjrZZ*KmForX`4iRX)!^rV|?JGJ1nQ zV_l~zaHA0szeN>39k!jwUq!p_@qvZ&Z#+z}bVKUUH^MaTi~~ZB^LV)gp+XT{rxm5o zZ34CAw+y%CzHaUVJU@K3kXn7P1qoYqw;IFC%Pw;iZ4!7nf)uon?Z z7CdtqAc3NIJSTpoTi~wzudH6NtM|b8(dZ!BfwyVsN7>lb;j zH9=59?OHpx+y5{($u!R}b%4!*aOH@1EKW^Oxb{h}(YCktFM5Nk%TEpd z7tYq}e^DdMdG|cYEx75@R@sn)y)4dO%`9wCMh-W%h7aL zdWF?*(0hCNZ_r;SDlzrLb4#z?ev5b+>S}ILV_Wq8w98kGgk#Z3%xGNrxyUxq5Qftt z)}^aTE_;j#&P6i{p{=yeL@_#$xMIk>)l8;@^CQAnc2&asC_)Hi`i0wcCa` zV*@oHHE`*AdE+dX;4%J=U<65%KxnNi?)vdbjHigEc`dM1r3^7Ug(kVRW+b+suIOmBS*?5@tuC#;5Hcf!k2@!!39pnlQd;Q?qpf5A~=B zOAJ$6%^+B9qmAj|0c($Z0tQ?O_XE}p>R!AvXKH{*Lw=nj0qai*X4NG(H2C;Yo|gSq zQ|=wAOV%wmHx`(MEW9^i(--yFhtgM6WH^EFy#$JFv6oDn2lespNF5S zXn_1eMb&}x50TpHzvFbEK7Pt1^&L?-cz7=ZNjPcDcFc{y;_FabapX>LCDE4GP<3g* zqru!ThQ)vMe+xbj*o6g5!FzX--(gHxOF6PhF}Bwe zT^20JQO2)XsPAAdO&s;YTA3sy-iz*zlQBnk*N;75xN+S4YvgRn)N6?_4=xGs{*UCC zWJ1iU01SE%B~yRJ?tdFSLxN=I`l9fv06DLCgp2-xS6|Ed%Fbc=&Ln@TQPehG8XkJH z%jCJ!{r^e!pIRZSpW8yXnehe=v$r)$pDe^4K3WHNcii1xk1M4yex28A$vL6BGhxh^ zXcOYP7MO&*6FMilQkcx;(B$s=2Z~+NHrHvSW%rT76P=KPToV^fdRXRqqPmQ-bVgfE zCVkz+uxWgTnF(QJ`^xudST;l_d^z|A`IeCA)w#a-{bE?GCfAmTiL7AE>^5dz|AtG8 zCvP;yuqS#DV#zxGz`ny^6HmigZB}_y)J#Qwb~2I`1HNwVWjet;oas9WdGZI`#@oK& zQIH=!nZ=8k;oeDZ#%e|MlPIv(9=u=mc4~jU-*k;^+Gd=1{BZ5&AYq~edZ(_prSr%V z$(L@EkVqvGd`~;eEI2FWoY^Mh7mbOpo14}?u2Ojg1jVhuM}AmN!@}|hz#?0j($~!5 z*BkOY9%q37b4x`ae%|!O(S;8CNY+BMhflMGa?(~X9<#b=9B0^*ne{Tl)_6&7l4PYC zXI#4#Pw+*62MNO4={1t&c*=r~f5FQ+k8o@rCu{ZxK@_Fo>jBcAE#bfdoD7aRkBPTj zEHXu@f&BzowjbSZv#{{gDp;ttd5+Lr_|kpUlb%K`G7B7im#~%({Xt!8$0TSVZ>1bu z$8@ZXAobG_&JNuo@q@Uw1q>j>bjXdhWx5MF0TMp~yNh?1X|K19&){9`)ao1pU4O`n z-yKfWs_@Y`DCy63RX!xVG0SY&z`K3f$F{*-t_FHA+ey(YO~0@F;SRAOO}4i+JOHYE z=EK7aq2%N9Su+>@0j(lmV~b^tulxay_UgZwdD5=o_D!Tp(bUuU$h_jc8u#k5m0z!B z4-3FTQ~u@$^?x9=ULQhbH4qw?v-kd?^soS8;#_G_Y>(wR-2U7j2R9BvLGn9nC79OcYr26YZH>bTofW$E@4wagWMzh`_<>7A zDK})}I6-=)7eh@ZSmyNEe7%HjGP7n9FldW)rEj{4`qL{?n3`?gPD+$o{;CI#kpTH~ zdQpM`oRwFC?U!J*PQKr93+iAGIf!3Kf&^pr*|3drq{$Y2L{Ui3*Ceo}ma<07(z*B{ zS)rG&&kqOq10{BejLAe{Wp7izb-6U{^&NUYVzsg{itu(&rzhlNPGSH!XXxm72?2sGJZ)IqIY$&o4&R^EiN-$9>oJBIoES)y7nuvxn+Ojs*)*?d48xT8)##%22^qh z_@}=Oi||j`x|J*NH-E~pb*p7>(4%Zv-d_wU+}|Xyt8Cdkcx;KMWTJA+cW31rzWbt7D6TpVh}8!bkMddw>mMvR5Uh1Qj8bm;v&DUx+<5%r0uz~1OjnL5`krAXxu zP64x&1~A}}^4vyn`>lY6(9<9cO^PJ%4A&MpGsh|3BH>_~oIy^jx%&57uR*;ISg(-i zM6ZGB`fYgMh1XIK7%ABLucFWSH4b)CIK~V(ECTGFZ?rw&7bSH^q)LgYPKZ^R? zwzXQ>Z{U?Nx8DvE&*&FA?3*aEt!!M|w*Pog7nK3dW?ETjutVYcZv?VT(pz?-%&})vC7kRh1rN z?Kz_WhP37;8_jnQ~*UJ4XYAFn=#} za`C`3n(T*2D>y4*P?c>41-gI5Arax*MG!>UAPyF|&bz6UkNU7}twvN1i_cqx3z>QD z42Dp!{PmA9bKl6*F!)>N)~z9&3ETMl-VflosnC;b{7TgOGVzXu8n(}TOxxa zmDyA7#LE6C!b3r@di4ebGvsqaJSy0I|TBL&_P)-jCP@^;Zy zrRrhGorDyON?2}bR}bRMBiYZGPcPOI_u)3{`E8~Gh8P`tm+JU*n5f3iY>4wmzOY_P zDV=aF{?k=#!Mz%|XZ|#{NV8V8RDaspjYVZ(;{KTY#kH%+{eJSW zwkOxe3$O{t zc*7(9t`1KQH1{qXIHh`l<$h-@!~M+5pGTtD!n}Vjm6J9~qfc`2++Y4Cf;P9Ex~Me| z`g{O=bV8G_-4~RuiJq$A4(=bBzj`+1R=$sY8%@DM+HqgZx&Muj`G+u&T6$kj`u@3? zDb9(&!}XjJX|Klx{_us0fy)+mt>0Y#-1vIlsjX`NyFcX0Ge`x1rqv?1sKtTgshi77 zTym?4law_Cqyi@_f2r8VAl0%_AND&IlQKQzjnbI%(CzvQy6OeXg$=_@>~<&bW3>zm zJxK4f;SwH%f$}@VDU2Yl;Fs6csS#ROKUa|={AtO)iTL$1v^MdjRKCqFwg}9D4WNI@ zcxvkwylJozv6eyDyO5?Ct?2JxwcLS>6JgnjdMp)mmbQR{Wt{Wl3E8`dktXE~LTm>6VTbg zqz|ru*~=AuNlI8Q=di8LwZkH+j9T(?Vr|E)8_+lJfeq+umK;q#olZ7HaI#(*`ksG# z2M7ihr;C@x@;Ioi{H}l(%W-qDa0h*StioR;qI5D@81B6>6BY-{;tzp5M$(w_PgoFvCw{4g?Gj{PNPCWIe)ejykIF)bR{pY|%TeolGe<-vZt51fHa<_HM zJg3MHP@4WQdRvA`ePTxhf>tMzkR8`M^|j$?f88H~4T*?MSMNW$XSC|33p&(4?Ink+ zeH&XTt#fB3Eb{l7Yt~&4=7)4~0xfe!{`MC+wr&U`4Y{b`4qU^}YQWq#tBd}@i4BK+ zF~K}gRK17OEey7AoZuEsn3wxoL|z$~Um^p939?Nwb$@CHXsRIq>OHuI=3YI3_K#wvZ zb^#G|_ip-E4`NNHEa4^unyp6X*%~UJ8`I*~NZWdoW5x{Tfqn~|aZ^l?Dy$3|>%H{l zFdp$z%{_2^S>9{+EYG6W8!s$}*<-b!DFH41cO&K3v4v*0P&4CG^l~x=87)kFq#UT& zA&2sKwF;7TC=s28$ID;@O;qoo_sh`p$!9%Ie{Dw0#GCvPP zL@-nd6Fey6?kui5I9d+U6+WbqMw`RQK>P;v2uF^FLmwcAz73(GaYUpDYMd;~RAL{_ zpdi*MrCV87YXS>B=0i*3tevKm^-@g2_(TCXuriFPobQt~2-V7soyY>8YGK z1<s$nrFkxIYhN=&QgyMsP5tFPe(TwxU-}MnhAV#AZ=bG{@>9+w8z~Ih2$L zbQ{t^fHAMCuP=><5YNu2slT=g{O$XW#_l_7Wp;GYXY%NM84(Itzh{2*B1jpN(tKbv zdQw=XND1V(@;gXi$u`{2%oo$4F(G4tSJZ*UCJ)j)mkapyfJ35TAU52t*`^8;LN+vp zS#BYi4;^bRX_mUzLhO-DXFq7zD%2eSB4E;CteK}C^&xl);5iQ83NZ7VG`Fhw%~qQh zbiIVsRG!hf3db)a6Z(B8yF z{ScYqb@0(5w>(Pae$07Y_Nn_{Qru8AkiV{_ z5Gtpok(UgHaCKEFzk@5k>OS1?^^0Ttn5mBd`{du}&-VWz5Dt77K1VAw_NgMu+TrZi zjfE+dt!#5(Lx%vvPzyJKH%M7jMhCHo^@E6Gf- z%@BVBQ)+SMVi>(9yc-u=m?1(_L?Rw4Q|BIb5hT(cN((8IANSna9|nujD9qzGFdiUGvvQLg)_yCt)viD zL3+0vdbD!vOnlfac^yb-XjUOF{|*{TX$M+mdA+VxsU;dVuD zdh`3jvWR^<&9&X&8*vRyVJ)Bzt$kK8m+_7DjD*3vxWUqP;&R^g69s6O{Lrn@V8cp+ z&LZL-vy8!yTz{D0+lE+tY3~fxn6x5A13gZO+pK0rB8Gkw_A{`n6<+$Fe{02!Sw^Ta zfG4Vj;kTY`8*la@sl|3~Fxf9{mq3~y_<~-AVk!%oZ-f2dj=eOD{1uF~=%Td|g4As0 zybIx})InCyRP_=Ad>aO}rsu-wNd!@0mP19m15O62PIZh1O9`I9{DLf-e6J0^yYf?7 zBnCy^5%9|n1JnjZN-g^6)Qow1*!E|F4RkAWNh_`^3ny#3VY}bX!F# zqAP+N&rrYl8&hCxfS%Pz4Xa#HHb5teCM2+R{=GL=@cn*W(PzAl`@+$JO(rqd?kIe? z6|-2Q$-bRw`+w(cGU+D7HoyE}fOWC!GjaQ0yMT<_ZId5K&v%-ft=7AQx(vEs?Y1s; z&7~{zoiS+TB{tbwl*GzCdG!vn?~n-DXn80T@9!!;72dw{DK%yH-X@F52NX|fk5!}O zm*Uy)pjtQU51u;vWmKmBfVooL(`RyqcjvFDD(~g^Mi;whg!Jg9t~$`;o03|r^s=xX@I1r!A~t3v>b3UCME8w6Cxa2*k`HzichSZ%qbT8#s(%$_fl`&*l)g zSkZ}`a9k=4Tz3PzJy!Li$5(nk0iKi5Ie^gkQ@Eu{G5UHucy|l00~2MOqj8Kz+arIM ztTp`dM*Z+R%YSn2=_<&m2&9mkVLMP+p6dC=$3(CSrcn{dhTLH0>hTx|(~dr12o4bB zp(JgEDItt+EBSqnFbs%bJ~EyQdZ7gDB;KqBVKTm1fmmO3SIfP1w%K_#jpB_h8m1*< z0P{{`079Pj@dFE4afViC>NtocAZhua#uWb?j*}47;$%hrOqeIWygyfO+(9um07SqS zCz0^id`|RvV#(QyLs@+`&lSY~Uc8}drle&8@KB(_{miDR3#>az$`)HrlGM67$9?MT zt(Al&ZkO{XyPW64+tvOW9aqdM?%F%>=05pnM}FH|ZKtB0e0#rKvY++U=+Sn8%h%rz z$@B}1-H`k=+Vww0`?c#o)LKp8#j2Mi1NzMfp^zz`2Q_-hpuJ~p#xl_SL)SP8EA#j<7%4?pf6vfAP^3LUay{2(r zeP5eI1ae7gBrP@rxx|yn{S~$e6NPeJSTMfh(EMz1QM9d++^C^~t|FZTikVXwMjhcR z`6nI)grnlml^VDVB89*&%*~z(S=d%7q@?OH2*Ch}32w~KZku!}mo+@HJ7$Qnv@=YH zK3IS7vZVwi0h>U^v);$|L231>i3>B(iMG;U z*7I1c$DwZQu!Gc;6S{cP;#IYQg2;?a1a6cFo1*{ll>rx#byv1Pt~B!gPEZD0PW#E( zzS8r_B#6Ivl`N zGTV?kXX6IycAEMLhp*?lzLbe^O)cws!tE*quFznu$TMH&rS`=)eEo4|<80CAp^pOZ z>+`9`D}_U_0%##8<wEdc zNp1Esc9%9B6v_Wwe)VpXWEE~1JHuWJJpY?*xq9w?gznxWn()*wvlL6qqenSlUPV2+snAc*GO&# zg?EFc_TMHF%l}OaK*NQugJZH6K`8B9OUaXWiTFZTHdrqNy88{Q;>y(K&heOPtjP&O zpcR`XTbIeLZ8rr2WXhvm5brQ+VHS`40IoC<21#EL(NBH|-QtCV-n&vC087BBpDhrp zN^L}xURnsr6SKqRb8c@b6r^BGtf(w#C6mSjE`ITKR9ij9Q-aFhX~NayqUVaRbgLZ5C&`p2*yEH8f+0vjTA|5A4ZZc9%Ep}fU)cnD>XX90ExI0h zQ!jzPc4I&1I%e&CbN1oS#NvU?=jaN;GxrE zdiowGhGG6j_qq_$yu<9&61-){e01>Wv1`OhmoL7}7_#A^-On}W;>B*;>S8M{@2{-M zwP!BMqz@t4&v-h&6>#$w-FeQMdC7n7;HzJgG6Hq`AF*0$M6S*+6FuL&yHX?NR(DzfXF6IG` zSOs`P=+i#=;Qd$6cnsVz^;L-x} zKCus-q`C3v&_l2T@g6BCfjPODQ_{9u7=CSi=l$+3P_ydi270>==|^i6@vm4wZr4oJ zF-K9X(JwY?v~xUG8atWLTe5H4lz<202V3eXPCL$PASaQTK2f)U5Q*J_A~RpeO<61VhL{l29IkDCjyCQ8<=&bh&xNBhKxIr@0;)10J_nvCc+!$M4!FJ z%)!o9I1_0@3|_~XBUaeM0X>sq8R!?Swr>KqQp}uP!;}Wj*=Rht_|6z3fP}X+an6}u z;EA_4JPRNte7%_~a?lGreTa7Qx^JCMHxkZMT9-|Dy%r)kcbNC=7BP?zk%*-SB41S! z311hWi>&RVXUwJ;;zUybm53yg>mUsD-i20RWkN(8+D^UW*U~25ZYi>JwIKWk@8rfh z5m}q6VvszYHiyv=)kc~#_+>*6z(i`kixS2z8z7tyR=FME#hG~f<>vWN7*{zbk zl0Hi$eaFJefbT$Q+1W445Tm=-W4)QVcZ$U)eX_;xG1jg{( z{VeD4Ts2NG>XGe3PAP=%sDm*1oKS{V-$Cm0+RqrwLy7Vq`Lpp#2QJ%sYK7#}^qw#? zMAVl~321;VjwvXTRTinSRZ;n_2r{w19r$z9JNe6VH?_xpa$1lrto}^ZoOmO|2%O?yX2iQS@cKDZ?>M( z@tj%AyBxmqcgPOO$B#+Y_H#xTJ_lrIaTJo>PGUPSW=JFC1EZ&QWmY2s-eQOJ2Sp-x zHS87${f@~C{Js-Vu}nM%zrlf8@k9$e_LXw@fLuOR9`AOU`#V)(ys7>oqqFogrq$`K z>Z7R9_qAlMc4uDBWJw?%ECWb($peq2D>ccVbE#poeZi&gcrLLYerHb$RnTQ@8Tmc8 z#q_ZmW#Z=9Mp3C%5^e1NvLp~cS`;S?>x{rlFuQ8cXAG;h`D2rE- zLpSy@qq$CBjhfv5N<*d4w_18(I4lN3iJp>x@=%|4W(rdm3CE%Xn>-?!LosPFvvQl2 zAcivTW@>;~J6LsqtRoCt#Wd~V=_)^8fXi4Bm1qLpQ5&RAD61S<9oUWQsX4!CN%`I2 z5NUE#a$qZ+ZciFk6$R$lv|QnHP%5=eNBzzgenw%0MFMaV*lYAm=nkF$0cYW4GvO*V za&NSSF!@PU-i__$t6i7{D=>vHJeMREz+iOdVN)`Eu{iD0HJ3NbZqJZ;c0_ur@8{8r zM-&E0IZ@EKs*y;T-(*ELmyf(O;GZyUENhSIWM~P1@lg zr=)C>{U`vh2^W7daf+9> z0Z9v4`#`MyIK!cu))V&22tOkw8wkAv!jqaG<>wis=3o> zCvqdc(>q}JVBATW*1If2L)rTat1^Sz#*<`R>JB&OjI!l>A5#5j%h52XT9tT66rae+ zI0(4Jj|J?Rk;W7~H8lk`?v#-Tqb;FeXz(QX+^-V@FR9zlCrff-ijdywNb6_>xY1X! zs?T{&fTgX-@6^Fdod?~TVL>503#V&2J%GBo>_k~e6}`C=%^n2vcQK-kQ=348I%nIW ztm6tT&k!%jf*7KJS z9<*k^mIpj$73_@bz5DVVV{E}H;}QrQY~{*8kJEM)T<-XyGVPdCXQ3}3I4CGDWv=1S zUH%ybH8J~n;qFOf=Se*YCu!V3sPyuXa}i>~Fx< zIFacYOK#pRnh* zN4Tdh-G_SvI+{yAyTN5nt9#L7tbGWp94 zW%m)QWBDeB@^_p_KN}r-#I{pG@fvy+-HFFl-nc60KA7lU>#(Hg zO-mmD%JcU$^(Ny7#3Y=6j)Kt7u;6Snl|aV8lTy$;@Y{l;tqW; zVGLn5Cezj+Z@ioZOgZ{%ICh=@gLi%t?-$Zwmh>EKEA6?TLCgJ`7}9eXe{6ZdDcEye z(^z9y`2mtn@Drmht&FF!eO|^DC;GGUbxf+HfOupXV4E?p6Y(J3E^`@M{nFLsfxdo6 zbz_H+W+5};p2LVFIMiP9R987Z&O0n#HOPw2pV9Nv2q=iPZ}hk={NbrcO$|u<76i#(l zBSRDCK6xIbKEI{6S84V1EzuUzuu|XR{s>j7ebm_f_MJRSU{oOKco9`D>oaB+DNn#9 zyVk+k&J~Q=dfN!BJ4HP<;nR;JmSRRo^+S2n>47G?Gjeq;iAS8hRRX_D3>6G3Y<+K~ zJ`+m4)1$w7AAHhtrTIQ(+fa<}Ghc7iNh9X5ge%P!ZbQ9Gn)%Gw%7GpHo!}d}JB|03 zIW^Y~0aK{|>x(q-K6paPY*6&(e-4k|~bL z4sn?D;})qOJ1lqQNN6rbvO422`N8cQIgT|?*Wc)+4`AlE9gLXfLoaN{Q1T1sPbB&cN)fbLcn_}_8~BvGLHmsJIBxE_F`hc-#K;*ITR$=J zsK($aKV%H0j(_x+ahmgn(4&PIQYtIg9yAvTeznytP z$@VteDG_RKJEDqQYDqZe@O_bQrK@h};+Ou?$;-YCV)vE{-?_?TS~G4ATgUAgoH(!0 zmHOgf+)myX^JX0W9;w3i=NaAbz6Me2#)*T8*Z)+C5#V=55|kE@)_L%ybmQ&Fzh@JV z6b|cv>Tz^_h`S`C_AfaRP^}qc?8kbK3u1S;qTe3&6kj~xp&gntr0L9vlSvXk!;osc z)>MB-gimBtk(OF{aezrSFk(u9&sj#S49{2IUoA}iO$&Bv&^v}R%dgMd1bZ{9zDGfk zC~76PR1vHe9d6%?fys_wYi0CL%=&O$Q95B`k+RD?kc`WSAj>`4!9Voi-o9Uo zVLBxXjeS6#G7Nm)mxg%vnBr6^&7N!z-sn`ECMdCQGI4;7}uM*-{hk~@ewDN-y@})Po+Rf_NCzD z3%j&Z#$Hj`dup5tFhHv4Mk;oL;!v5vC{dq{duq_lGhP!#hRI52^lK`nIK`g*#%Vzh zrz6vK-s|MfG%KuGkt(Ji11|h6X6(r!-{&sZ?Lm>;LQ31)%wf=I1FX8 z%LK6DRPdc~opmqQ>8|C?;I$+l^!MwqrSI?EMQTvsC8m%Bih?<$!yv#vwY;I*T7}5vZ?b5koN<0 z!-&aiuTFvm1AQrZ%>GL>1$~qmvb^%oFpH;Nft~+&X8x0Z9&pDyN$1uXBcwTL^3a1p z+;>c||BrOMA+t2j4$(CiJ1`eG2x7bUrl?3lJ^`q;r&kE~~ZOgvjTI&h60_x8vV zJMJx~@56SzqZ7{0|HQ@(^J2%w4X(+Z6Z@}T90l5rC-}^7i;7L);vjQ#711pP3S&HB z@TP5fpRhNG-QSV9PW*B^2R}v%Ksm$!r@8OJ;LDuKeGFKe9_LCXZwE9mc`W_#`F%;c zvY$%zbLElEpkzBH%#zYW_zLkSksBW7;4@o@IFgU$K9+WPL3p{w#~1AC(bVO5aNvJh z;=g!5&5B_N30&5)&IV!Wx$zSK*dEv|Gi`S!mgjrDu#@y~q1+b{P0GwGbI)u)ty=3`y_U+O2% zLni#6DsOGttaWo@(lf5oOgN{Snl&u^;M4t_1c~_i% zW6Lk2LjS^Cjf);+;FHZUlrQQN)o`Sg^!Rh&9T?AEAL6+LP$Xma896zSHThz;$%8zn z+X+W56orljoh{mWpYVfo&#Nrbt;IN(*)ch@YT*OBJW}Gk{-sK<;ST&u?MKCaT>od% zkMn{V56i=yuntT9XLq%^Kj{0Hqkc=9 z^}o8F1m9ui_OJ$jetl!hakaVcLaDPi%&pPsY^lL*{I@D{A=!|eMTR736+j{URsPq5 zvp#BFuI11&zj8zbkw1!F_rv|Hox6#vv)G;!m+`;Ss34(h7Qd6q_oc1*Pyk1$Rp~Fm zthvYNCw&W+iw3@Q;h#PtM$P*>O%bP`14Mq%jl^;@1-8qIZ0i5%-&5!&uI;! zOb!_#Yp>2N?>^k8Y$Nz@wPq|{`K;8j0gKfg6F;wQcP@_mZP~*R@Ccy=BYX6 zFwriMsUArCxi(H@hT%-p{Fq6dYZX(j&@0qK@Qn(ghu5qCW`vJX!>UitjXVh3-G|}( zP@{0IVN3^NeL%Bimoc*84zjePL>UO8*OxlSzqzHl{`2eEnDTNQ;;3ki_A2Iv7C;%aPb*DpdO(E*Piu}l99voq zJ?XJw)k1|5!=Lp?YyH%kw~9wn=@>NFQ~iKi5e4;TMvCU2kzHnl`KXm?FEDBCI{klt z|CJw<=)8FbtVUGytLCNM9zJ)kT^?Vc0H%T#N7H$(R%su+{Bv0HlRV}GCu7&j)$<{{ zLe2%x9TB^J(eT>kzgz`S^;bhX{c3Ly??2BiaKZP|?yG)(V$o`IoP2ZHHfADYU)x+b z$Hn;&Zpi~r+s?8xjA`dRe7B2B;L*{B7)_6`<7Z>VPk;KvfA!nhH~-A~3dHuF<^gSv z_Q?|%QGAcb)~YGv9dW5Os{KpCf}I*&rAAJBAx4j9YyZ+s`uRuwmXPZsjdg2UZ%+N> z7;wGo@--7alOK2`Ip?8K#p&<0TaG#ydwI#0ehuqyba`2i_MBN{^BhWpA1?;+53eoc zPh_z&x6+BRCinl7_T|7$>kgSSMExtyeGTGXgaTIaQ}cN1r3WQiaH=uEpMm(dQf` z0ifPj)lB`_F~#VqxrejPC(5ZslECrpKfYIT0WVy-X_5&v6Bfu{1-xi+DBuH z)YJN>8MBs08t#;#IKRjmZ0}|j(rmkiNT-)<__Zz^Svs}um0Q3bqo|L%yriq`7{zuW zL!1o%Wmn9`t>3OSZ!=a5iH}u0=U0m{zBhbsZAEU07nJCKl{s=aBTvu;T#jRU1|PIBf1*dOQ3(pZvU9*{o9-gn#{VEZ*O9y`U} z9Bl3CNd3Yjvxg7w3a2lK_~_h%?&>+RkNe5Bp`V7&Y;;6^X6#LEx@h%lmptaitIYeP z#G5%N7cp7?S7Z4G63-KE2_8Ot{PHX6(}LMQNB?N~jo+)!EM8C`?cw;gBYJGw zVIrBj9TXVuze>A8*Yd`qZ#O4zvQ6cLsQ+?MB=2VfJ=%ukrcA zGs>4tJsAft^iubY5hon>ZNyzvwS_e`K4Tg6TFKsxZJ9Tgc*d~)sVwY3!7L3awnxOV za@-)Ttcto4A(BwZ_Mp$p52(%Rg4RbqW3qFn^nb2FtuF@1+AIR&*#@JllRpg$vrTMd zRi7Rmbm-IZO3|LqsZ&ev)i^tk?E4_z?li|rOmt-wX2jPyzay66lrIE`C$Eq1RRuSX zyiaUPJ%#oSOW^h3Y*~6p4&?S*5;vGQ%R@)^`rb5~#B3dDl|NikBs#K-Q$_Q*Ztbhx z?^{2ISXjLu9nln3QR~rlp54!VkD|9v>GVmYDc4`FEX(PUo6T>|7M{LZc$Qstmld4K zfIr*$Ts&rQpDZ`$V0?V^;cK^l?J`1M*mEZGJH`T;<7@lU!@WmoawOn#&bEh@z2Nfm zqoYkq2X;>cTo!MW*{w2u&p5d4VvFX1>8W64%^!5J6FZtl=9ApsgU(Og#+roGq?dw~ zQ`c*|6$S>+7KghZ-BY>!#2{vcm3VJ}fh%dgXDoVuSE)-DAuMXER=1x7ULh`wu1Qc(GQz*qBe&tR?V}k?ac3{GDs^niMCxcSI_V zKIz+=MtyqCPBMm`{2~f1Oy53B%zaU{*09#sF*I+SY&q+Ckz`ih=2I{v zkKqvOfXQA7vuXTI*k=^CtJ>#hUCFvU=FKe|{L>F3n`=LsV92Y#J+kUVWCl88qbPwl)Xg!G!6L0JOv)=34jC`N46gyoM?jC(1CV*%Dl{rZy)9(Kzn{5OWAN78XKTE`PoYR_B z`o%nEZ>9Q}jH+*UN`CY8J#32|Nr3INornLVDT#$^ZW#Ub8$aEa?68}q2TgAELws079i{|75c0`bKxks|*q%wy zscC5ad5I?XsKxn`*+yLhZi&3(jvaW176^X(PD%okFy-;t$S zdpM@|+c;%wfXnnLXYH=Dsj>3w##GF*+aGt#qjT)XLFZm}{hIG% zHXh~A6buM~L#8*NYa4spBkY_P+F5!%lN6GICoEl*t0zxG&fx98@C5ro0gY0b6M z+L)2+H&zzBJBS(%d!KlS2sDyU%;(andxu$qU?%z1at#x}mxT`e*q&jCP|82GZx2uI5d^HErK^7q4Tx62^D(g|3XhSUX`wA}aVA3u@u-#IgtKHMr4ZiXw%smMQTP|6*kc!cq` zf(>-f@{%2^Wq`PrySa8}0*P3l)D$pM*iwmQz>E8Q9~|^DBT}yZ>$@G$8+AHCnRZHH z(i52i)q1X(5xag)4B4-}9S!wNd=dR@QMM{lcF!*lb5xn=Gr?}l2KCPwHFFBp2X=M3 zz=xtfxhVM_+;#|E|2V#QewTCw)l}8Gd}c!I|96>vsvZg9wh%M4eB1O;@FJ>iS3kkV zt9a#+wS#fc9t`QCc&t$IV<`#jG*WieLm>AiP%&)(g=*7~h~ zi$0;3f(HuTo^9(+3h!@~JiPM0M*5?Lo$v*&ckrQzuSNQ_qwZH3zg{9927d&VIo*uC zmir>GwS%t#h)c;XJmU{3LYo2RtEgzysj_*d9tRG{+Wt_~Ar8CME@Zy{Lh(F|(+-Kx z>4)1-<$7m@v-dGnAhvzIKiyU3fFSp+W^94_*NtJFN_d|y{p4n4Q5-|*LX}|S&@4Bea{NlJCY-Y5qH6(WBfj^1s+F#mSO>e?;+WQ11<31gyKh zQ=2H>szKRHkN5J0DkEw}N}*Q1K(f0;gEte7nvMcWPiu`ZtxKJmAM793Rc_~gzf#$G zeEXOiMS1t_LGSzCsw4oPICA(4@5j=BuUuCt_U*5%G}bnn;1z(#l!E?aZsx4ZQ*Fd| zl<)X|UjN6yya5J*0yf5FUi+f3&UB8#Rh-Ss+Ui#@>!0wHvJN~7`rwbE{mX(QbnS}tYxNPXr*v7Rz%+9} zSw<=)hf!QSaU*uOkkKy5V()AVX(aOP8xSS2`bD5IsW62A?_p-g=(=L9>||L-`y82H!bc_i`_6+0u< z6oR>dA=P1#U-jpbr{nI;PEcfoOc}kR`blXhd+O9z$f`r zm1j~G`SC6S{iCA+Mv%)rKJR+GSQo99$~atfHt(dyU+%F8!to7A-8pAJoYOg8QA^W6 zeSYM?cSKD3+$wK6W9fRisK)MomItK^*(|_%Sa>tFx_2=rr4sCS}N>AEqD4mG&lDEJMwfF!|svr4Lp`0ZBJiMxVwI5r2uAo=FTNZoK}a( zhYNqr5}7{8v^u%JaogSd%0ZsgzK*dF36+W*tLSh2G^wYJ`l=*p`Hq5&ThPxSj_-l@ed)+Yp+_9s0pYl4{gX9)tJYSJFzR#u1p;Hzo{!osu&yM=DBPBI?s2#y3 zom&y&nXmnz_1AQm=7Th@i{B^SPp{o3=g}B!zbqKtmVq^7a3I%vKW!vS#xbbn01gN; z)P~ge%!EZmPaNg_BlD(VU}+BUZySY8x@D*6)v|L*Yb{mu(V9yE)cxGYyd@a$W@G$c z!QwYq64<$fTomS_tq)@Mz;Jtbw%I&+t+D?8e)2*9RbElL7K}wtx z#F!0>fa+>9b~)MSsy!YVZxjk6lh%L{>q7`EkVxPQwU&quDw=5#@h6X0NejUEk987i zQ!6>)QEA<uegr&KX#MCtJzB2|5(96LIT$deJgf;+mvB!+qR<035t-WgYSTmclmlD z$m={WEL_X)Re1aI@?+VT{uHUnLeoDy^5}HwXedKri&5ukZTzI*!XHi>$DLBAAG8Np zai9((TxAs(kGuBzeLSu@G7~&^vlB`tClD^bh;IUZe!ML_AS6LfV$%<|*MH-V91wLvh8PZML18w52M4`hhQuyvSl&FieLGV>Htt z52W&Q|{XS~O`pK6JuYn%=&|Nk?8E2x6pg#?D>D(#KLlHt` z(3sxlBZLgL_JGb6ei`??n<5$+dWhBnIl%Myfs!d9p?tq^`x2Bq4>deli?i;E_lEC{ z;d(J(1^Anm#r4WM-`pSYQHY%6Fb0BctXPALkc0|=X9lW9vD^}Wr(j^ln`qSumnF`M zM~)s9JYhoGC>L`vMe`&W+&-Via>;%KeB@KgHlYpRW;-4<(X_NQX0%V8Hf|;fI^D9s z(6(h-3LGGt7&2CNQTn1B@=%w{ThX$9E6m5cwUMDW$gVhGHbdv9JVmO&gkw!x-(M*h zJs@j~h_~3$%dg~l=K-_nM=Q=!Heh$%)81X5D~&QqAhFuDXphw6N5Uw4JbRyfDKrs* z121!V6SJg3kyOry7kXsaXh#}f-=DjElRV>^K#GWt@4q!ZZlrGb!4Rfg<95KA{+zva z5YXBDJijBWmUihLR;?^7*m@nyRxX(LMCUK}*MCOhj9?<0?t5w4)Gdl(e!f_TSAb&}803oEw- zIq_Y8UHX_~QQjS;6Ya)-f~Y|1XL`d?r2A2&4U&m3zH|@DV}Jo;ASvmPo4eo?D9D*4 zNM&}LP(=ne2SA6{^y;d>IJJ{p&xOxi72OFwYRMChI$ke zcbm5#@02^bmd(u%Y|nSTK(Su_TKT2vO8=XYW9--=BX6QvCqNU8ZoeE@tGNUyw&i>a zHwJY$7oXLQ+W0!jw2rz)WdVXdR&+K4#Y3dAQaRN=1=p5jc97(l9m8U`i z20YdhlcgYwrmDD@(8uGYyAY0M2AwD;qfrji&BOjJB<7>{u6bC@BJ9q>bmMKs*x`j zu=}YJUbiK>srU+-^8m6A>6_s-*xoZ&dsK{nY3Z)~9j0P>;p*Ty1zG?~%O*Yp%O`2@?=>x0Pf< z^2?i7D8qId7UB_yxn&-k*bve1QILb|^t>hM+^N2u9>@Z%ZC2$dsE0?Bj@cOuS{^nO zkX|)LhntjA`dmidl2!D8hGc`n&Lyw2zesknWF3dSReS7!BgeEiGUEgMn2Y? z2nJqxQsyD$@_zUlzL@-hqzoiVVVnw0-<9|YW|-}T#^QVu4tYNqZ$T?wydniTMv#1b zdagl}3I>3Ld?t92`V`0nS2TIpuNoH<;WmNfw)XS##umY^VqIwpV?kyU+nT_OC%}4T zcYDZ4W<_5oy<|S_WP%e%;k^5?Pm;0+xjKPUD+z$7*Bh@+^L8<(A5>P0V#*Ee^(O%# zmJi%c<(Tj>Z=%UE*k}C}r_vh!=FwGo@ws}ge)wE|Udg*U?B>Vmi38AXGKBWYS#ig1 zrKA6zblyJ?yO@%%pKhrKZPku<{IR;-9^em68DWVMq7*-w1ULhE#V|=TB$8Wd}Fm?4kvjF4xnI*)A-9WJNMd>E;z8}NW z(IXyVnTkMy$*m*k<>aXZ;K@jWzGy^$z}(&HB6=>Z7f;|^+`U}lSVMtg_J^Klt$o15Tj#2#8UVf7C)Q9tQl2uw;1P7#`C;Yf{5|v)u}Fq zg+K_wY_yxYnaJ7bmyc(g+@bo~7zslqG7Zt?k231@ImhqPllkLg1#-DJI! zrXoFvlMQ#bfP{y2c0kiME3GqbCh7owGhBuMhA9-ZhB6Bx4)a(+;Yhq_|AU1G7Rx|B z`G6kB(lS$^v>34CV7I~=5S0P_`j~IMN-CEVH)01cxUzl#X2VQg=DJn$xaq%$xc#4I zy7v6g-hXHT{DJcQ$=m&(uFU_g0!L?)0dIqxcr0L3bgRPSdeYfpFMz~X20~S0$HExK`KoEAM2R4V$#CvRQZ76yIQH_;N=`_KJ1Nl&09=jDLKN^ zTTUde{1YAQ&!srnzexiAzdz8$_62S|{5?7x_5+N(`&_$}WJ!8Ci$&D9vJ2lxCjnVO z>7;KfFYd~YN|{xf5MWp^8YG%ZEd^G%E_UGtIc5vE@i5uiov9kywR9`n4t^S8aQgrP zCAEE(<5vMYd&^^#?IC*cUVxotBz&7q8~P%l#V48P1ynzcn8Dn6d~6 z>0LczLMkSj0X208_&!z90tSwsfZr8Pm!HO3A=VD~hT7z0IGt?d4FGs6B5ILOJMb{7 z6Vj&>Jj{CHLVrHQ){9dIE8VBqK`qeyHb zLjv#ZSmrskx%W6fQP$0YG3-a2@t_m((qfwlGzYiaBJD%r z5AIwGUSIX3-^s~T+`*ODbg>a7qxQl*W>_+NT}Yi~E?9fIv39nAsXPF?a;++z$&~;= zt%S!1w*_>%I)D-jAFCpP6Mo)!_rHQ_{SOgeW#^6)ciE~!aDuCvOl7v zfq@fZz%B;hO^i?K)~|;$eQCPacmMk^ejhvgt?91+aBYsowx%n0!rkI6FUzYg2X4?# zR?3{GzJoe(SB^P$0WYVuI75%wqX#IskZ*;^by2s z-W~;)U@#zI_6LS#G`~P90-d0}v}gRF*2(HRqv6^mPruc6$M|) z!Gp>EbZ`(cFKJ~vVDzdR&27&QuML+0cXbdc9n#6czH_89oo@C%`-$Y6*Bm_kH2%#A zr+IgvBaq5uzmkAyw9N+sG%1B}Sr!0YAu zA23aB&0MqeSlPO)e?wa7Ukb{)vu4XG{vbux`}_(0`>z6bsdN#&Q{v6Rw$E?SZ-^>? zkffA?gZW_l^K-8+99c|Mb?!F92)r-%1G3=XY>VeqB-H1oR$o>kPiXt9RYk=18DoPO zZ!Hl_5%KyJVNMeWQxU+p8g<5U0EWvrxF3p;6F&|3BN>x^j%Op{M&#&Qb&`o}hb+Kl zdE--Vo6E252Mlf_7^}|$6FY!d9mFEYp)~8VWw4iK$Ae@Y0i88FRh>uD>b{nYvrL0w z=M}IFx7F{c_POiCs-BoF-q*YqwNC?hTMZ24dE9Bsv&#YdsuXl>!Q;9bmdtJp>4o!v zsEi3UKmpq+df?o)MKj0-JA3D%N*JMf_!_R~G^==+f^Uj1LfEw)zY8jRJK^@dRd-Jj z>V_Z!82UXRDn+i;Fy>|QGoPt^v(K`m64Zb!srnarbsr$Fc0MG01`w`a*p(l5I%Mz} zJ-FaeLoJF%dfZds58BG>AJSIuxQNHaw5~L+i>cwCoc#ll8iX%xc~Cvs(eglY?$R+* zD6-QxmX*4lf&dj3CV`w4UbPVzQt zK~jG&2hi-;Xa(Shc>-9OT7WW_oJ~O&k#mmlP^aGXmIPbjp2=CPoo>w?VXd0Q(zp=f zdxpoHKOwIy2!JQ9tu8p?*jBhEDY%o~XClYf!iWH&SdgETvtgGBc|iSGmo~J_rT8p% z&q6LcLoc@W;1U$#KdZhn13-`dve(8HX|Z%N6kUH``2Y2;=($_-yz$Ntic;#$YbT{{ zQC_)N&$E4WSn`K1nYZH)dODc#DKw+lV`4`rz{`$MTk8fXN`vvLAWXD)zNauSY`ah!J0)Be( zYI&?rdO**W$SW^zB2q`$66Y@%rC!W@JSV8A?W_H1Z@j7>&s$qyP;yjrqyk93UsRqk zKms1V&jAQgOnoGiW0|?ioP}y`%9Tv@IN2vmU*v^k*qw=5|Cq_M`mEGnpcba|*TQ5A z<`Sv=mWu5&rLa(?J#RI)&?Sq8ZUaDgX{M!~xE>pw54`f4dmG1&1nG5*RXMz9X$jIF z0cZnwfEWp|Ui=Lk+@I^I;gD5i`^}kvsmwgBLz{SuvI&;+K>9YB68st7Kl}1V5Q&@l zGq0pcR395hdl8n`ozyhOdj`@M^Zb368JLjqVH` zyZ3kg-hiYtK{N;Hour&w=Y5b*Q(A}$NSU(rgL4FZZX$BF?v_8@8T9nh z54KtR(6IPP#9?uECV;tLmXwSyK!@|09AHC0aDHdLE#g67&3sYDmjvYope_%+xgah; zj0`paM`P*~N!R(3QLg7Wt1pl91M^SqV6~r?(&Z!+6Fk1cU$Ya?bEBDvR2vyT5|))Cj% zI`+-)L&mFUmje}Q=*_0P*s&BFTCz%X5r&WIH0x2lcNBmCPSW(^7v98*MMLLTW9R-< zi~h+03hpQrj5UwEC(BW1&WR?J;0FMRPg73p+1yO^V)t=RgnXo0L%Aw zIWhK$gIoRd>ntdNnc3||yt_Z$OaDVn8|97E&zqYf=W)t zssdLgdJ^&10JSv{z_8XzCyiiygNOwKU>}t$Ak~5akQKPSZ|<3d&`aQEroZT5YldYo z;pW-V)*eez4bg>w!0x32rTxA^A)h70$1lJ7Hg%_oRdGgSX1i&kql@axR>Ewt7%z=Z znEO>g(|2>YBW{|?IXGCr%3fD3nT(?(QvVRUWW)o^bsRj$KeHTY`r?Sr1yy7?kR|r7 zaA1=tYO8!QAq(ScEDAXL08g=leLDxch{O#^*TOy@sq%rtzQvK#R7J$;x-E$R9{KWn z9)v=C&Ki(MMWzmMJNSdd2U(Kq@|y!fApHBjDy#U9<@e?ft}sP*4rD#N3`n^OnguRC z_zb#|?-~2q?1bu5ReJpUs->4t2A`}|WJge@mi)r2SyGHCj?zqs+lT>BUmaxI>_6~- zI83-r*Wd=34oTCSs-FC%yTN7eD5m!6<3HvAZ6G->MlsN*R4KWd&zM!%q{V=QVa?K? zsD%wjv#G&H3P}rq*MJmn&HVU$`q+ioGNE$Yh}n1ZFnn3^ZogjQADVJEge)7y7z${KLf+38nyy6`oy$C|`6aslJ+)|}N;p2@*KSZs)+37=_ zr~0Hl$_o#8*xBB)J29Vm7Nmw)%>+vDbK-yy=i8sl4Ipps`UmeUv(uVFGq>4{k@jQ= z&;(NU2K#X1&LfSmH+&iKa$E>&iV4?ir}eITirnFM+T)(vQi~EAK+)21XMdFW=(F}gZb2SrYS*Pmp|mr zkhKDl9whQn)v?6F!F5a3M}{T3|HX?fI!XtWGx91OGTJ5h`MV1jPC=NiSEoRVMWYth za=&)KPD$o;Jhe^tATI)wyZ{5RRtrG!fITLifgoNAdhh$J%VH|9iP0mOE`6PrmA8xS z4D-Ue*KJ647|4HxKdeoQ9512f{M_wq{gHMyNfOL6Q==Qni09@GF z{&eg3B;WmCjOh;F+k#jS*N=IC1pQXbX%itiE`lrJQMWLnlizUB-+OI`RxhyXE9u+$ zmbK*qU$aKJ$dlK#Y{D(_onc+ZM2i=GuEM4@L~J9O3?v)KR-Ifnr$PYhdzov$xG4aI zNA9B$qRXOh0PU^~(dB+{{4w?cE4^tyJMtjpK8X%;Ujp2AY;Z%zd`a$HCb(=M45bCMG=XD&d|>RKOQf5ll-^Be|EBScte-5qVQKeP<@ zK!EmPG2TjGAdGL(_!l*}2!5*4W{RoP%V5yyDa46`97FPPhJzf6ni{zWX zaJ@Y@A_piq@EU}OudIWM{+RSM3O4Nl-2GgAaaxmL92gZqbBV|qe$hRJWP}tsOf>m^ zNx9s!_AWpzdP7sJ7^L8|S#xp5gVm9TihAB#k?)2pog`y?MZ_+ZLM%(3Qm+Ou;BQZs z=ccCqRcp~&1LF$_EoR9;KHqEl;^p6)_PXV|XHZ+D;m07uqu!8L5*n`+Drpp>%ZzMh zJ5IVyKN!VxQXbJiK%2QPSr@Y!8DAB$tx!8;mf=QTdA^k_FB$BRC|qRua;cdiqGe4K zCP`B?%BA_S>QIH@jS4q24MGF4elp=atN1RU7*Tn(s?LE#}Wz5V&GFXL_^fRyz>3*y2Oy4 z*@`ER+O%_p2sk>xxu6$GWgV$P&rFkG_r1&e5bp=hX8Ts92}?myzJw} zLq!ehzr_rr0R6x@_wL)*5>Mnk(`^4Oi+JGOu=r2NBI3@Ic4DKCE%%EKB*}@nHLfP# z8YJsPKB{S93y4{LHeOtP?@uAZDJGmdY7~DuED9b@Sv=t>$#)5V+l#Q7E$O-l4Tp_F zba)3CU2bOMN$V|?sm3y2gf0Efx8c+FSC`7>Wy&LU=AYG{6`fKvn zF|!M)LaGbx&rZ`$RX0`>;$C_is(PMJ9!*EmmCvVDJU>{Bro zfv<9Ur{HKUc#NgDXmkdPU@|JZm>f?%3MdQcZ@|5Yg{ZA9S(0K^fPJ-$xSN}sp0BTO zzDtu?M_QeGU{WbzZ@=AU87d0|?DG3T-b9S`GPIEhC1EXW)`l^4{cufExdDR9n_x)( z*k)}dehsWiCeB;8;ifhwAHm?yo<3Zt#W)6)T?s;!Y!?$Jj(8ERd!$>wf0c$|5X&Z| z@Of5^8d7wrL(^kt!Wgj<7Ja0KbbC+XqR|H6b0)Cvb=5aKa&otCu9Xol(*wbSn!uVh zq*3C8%vZu?IiL8i4kt&5XGgxifbGt}=ZR;NvNK5j#QS#TP7n6O3%!Y@D1cSC-#eM1 zghX%MxvN`%gk2qR1Nb%wX$2(;w=6OX9+t^C1Wnq$)y^`A*z4H3Z~ZvBE12bcq>`V6 zlz4o^6^TX)c8^5OOGSSl`0w<`_9M7v2X3gZ*DSvYIxZkywm)LjA{f1%Uj}-ptwDRj zaBXq$P*+4XpUR1l@AsVTxtZ_W^P&`=yAWq={P%%>>i+0E2koMWjL4AwEYjIw^7?gG zB*k%=`6r&e6&@z{_&s?j)aYv?-L6TO^?Xv(qj_A<&YEl$8&fPUk-$R9ZCifB>(7Gi zef61>p02l2UPrz;Ou-y_Kl^tL@+`b!cl*O)1IXeZQu7o3bf*7Li@Vqf_i|13Cn@0P*u8b`eU zZ#C_Wg<`@T83Ga0x35Nf=KQ~ILk@n-e~aI!5_9tY!ivZozN-X`Q1^)gzf4ep7~Nx zpS-Q!Flvjh5JM{cMA{9s^^v>XF~${}N|GX39dZWD`ns0PGI+zuHSC0MN8qkf*h&UQ ztA_fXEj7Y6U>KOe*ov;JlYW)0Stm1O4=t_R8@O_0vx(@X>!)M@YVAQ~A^-}ma zWI+Q0OtY9yy|;wGas6~0DnH}K9%FgL_y?bKS>Ow^ez@p*Of(J`KGgftCoUQR)7OWN z_qCFs(EB`_%W?g0Td0MzYYWJUG&Yc7B+Q>+fgqu=`8K3sBo`6)+WPVc96o}C`V$;r ztXQ3J0+KFBs>1iN`tWHqc76tf&4KXnDlq6C{!vxc{jC~OSI)Y*ab!nJi2j1OmN?53 z*J=9)wzt$Q?{Ft5C%!&zkKzwyndkX(lsb|=@zYc8G#U0cY^({UY+Cm5_WU$s&E4PH z>m#Z^DDi||kT~D9bc0r)Lp}Et?Fse^ua788yNh2HyUbI1CBBQhTla9~qontd9?VY9 zLeyxr@2SN1rP1p}KmXUgHDlXUTwVSIVplsFi5vxB%!4&=JmlYyQq{S&0jePd z=HUk7>gw_lyD3JZ;1>Co)_^Gx^GCeJjq#$X2RaLjnU3Ttf=tbJ|=@0vW;mtRCN! zSYL6cZ3Um%s6N#+PO;5=!V7-y>yTXjhc74#!^t_`3kBPyRF;6$8}w$tjp{4nIp;D? zeH2ktd9pcFvIa)GBP4_LR@&p)O;9kCZ>}D>mcS`1ihVy*RreNg0~=F*yz`62LsR;7 zK?*^5^_i~t5p^vCgE)*D|14*lAyT(FGE~`8lhd7f835X?%>8F7DLOKM< zM_PskhkeTLUKI{7Jqg=Ce56soid-s^;DC#yhg!)x+1E0xtUc1NPMuPiku<&Tu|u=4 z_K2z3kCJUOmM70p@T27MdjDxvR6WH}U(JLs1xRF<*#&I%1J9zp%JND=8)X@+}Le)3$wh4|uSh3}?> zWoLBYP5Hc&ntUO^r9 zWu^l%A8%e4!$txP7^rBfoA^upUzyErUNkzBVx&tQ0+g3TpzBhy%iwmkUMB?wqKu-P zxF4XK!SqXM>lZDcMWlPcLG57S#-| zi!smu?Hjy>8o0jg&<_gcncqM1KBlr=S?li) z6Dv=|0^4QIN~*c1N-Spv3L&>fTP@f66;rm?mQq?0J_FP9)araE7z@Mr?i02HYjv=% z=w73B1Nc{IzFNPmkR$8$d4s%5?duB9$a(nDbukY`T3_q+9@6xf%V_cWn8cnZ+%72MHiKkD7N${ z#+@&5neV7ZvXB{ikHI}z;8gw+fV^1g?1DEyreW2kxzCJnqP@!R2tKr9hB)^P_{Ni} zeozaQlZUx20tL z(VF5|=1+Dw)1awP8A)0H=D8ttVblEN(;vFLdj*=(ViYeQ9$e^6n!&Ft(|+^3tih1G z8T*i>My%ZZxaHBdDGY)_cpLe#W%|J-?%s+=^5v5&qDp+ z8fy-%k#A?ik;T^ms&5F&3YeWH#dWc5+3-Jx}&^I?j*on~>6HTEfc3x9CN?RN#C?(7it;;?lLPLy zN}95(xM(=Pcg98ATy-qAkj0n~AehTpGC_0t`3WhKGjU81oKKSvkVE67&PDEJI^_*` z%Sj`qva}<@r}>;ogfn|H;o;#!Ra?;X48<1N7C2-@-!G6SCxc{6nZ9XlkiA4gTqVsr z4KIr;AQOOd)-bSTco_(Zov3}jcq7%HUAmh^IiLVY9#W=w_gXH17U4nYXY7`o&Ufr z<{W|jtV2LupP&+uq>enflW$*psJ~-2^M#tU&V9z0uMByn=GpHp9 zwdv)JZvWxOxQ)N2dIWCF-zYdP%`%=d(2*tD-m$2;6SBK=BJ-ArB7ai%TZsH^3%`S(2aK%gyiO>J&INw%&?()^=xGj<>Sg! z9cM_bts{eC3(8bzp}BJGbJp_4S58N+9NNSeZcAcVr2zjUw@?4OPX^V6N74*CsVp>dAJm6CJ!g406JiG`oxT2!_` zVqj#41B~`E1C?+hv%}A?#vulr$+hIAzB37PZxf&;DukX3s{yN6ke=l$2@%^c?jqWAmfVgJ))w~X zorxp(Vodnrhlo>8w3L+`L)13Q$;HWwTgVSA?lxEey^fIx;LQOR1YV8sI(_@*`_Qg( z8R_6Qd{dpi&#gM?dFHCC$0gg#ge#B3?*#5dvbE4W3HzF&emc7YhTao^!O_Kjz%ZGM z;+(Fe=f_h4y70{n*3uiiQ0O* zJNiwlExjTBEL}+Mc_cm`^5H~p4v?UwqVur6u;fFJmNg|w6{io^3=66mMvtIZhkT)W zT+@)NEst;=GhOcnM(6N4TEV#ajnz%`)augG$m&S(%X_0Lr8jD<=17BE;Q6?t#snlD zjF|BzC~QnMg7~#}A^x)F&r-TY220A|NNiIX996?&*3%rZgda3VfWz}_`{-X4{(5%i zccJ@g8di=$A>BG{p}tP_{C7uWPulJvM73n681Ekrz=qxTMC_Z!>+eqfSOru(#mr+A zAzzgF<5kZGRz4Dwn*!o_fDr)r?qK(6YD;yS)YBm)+~mnmbfDgo;1S^B&OJFbCU9}O z<1AC<<8w!61tz?RLHoD&y7q~f)zy)k^Pu!;&?I!a1&E353rMyuU{Tv3u03z;+R|J2 z>yYPpqU?a(UFzjcEGApxYxtQuLs#g1mvyytpikj)Bpl7_SkFcn$~{fSD83>CONI23 z144Oapfzl98Qhh(00MdC+Y5Bith>D~4(49(se(8!Gra^~328l^m!zxBZ?OJSdFR>1 z7W?bsA+~V(Y*DpUzMF|hPU7w!4?2Hc^mU?c=2y|sm1Bnf-O2V;AA{M|z!6_`-dPrkr zuZ68m_dnOtG5|baGcpxKP7(^bs~aqf)>m!zAIXR7Z@xmlS*MH`ZxP9;gT1H(0^)Fd zkfXc(ihz7`r()Qa`33A;OO5{1$+0x{`=YqTc}-T_AXvJ!eqW;dFxAMl6^4-%@(tcq zJn0TdpbwOPB|S<@Zb)WFoqx?WmQ&s4y{qQws#6BmtIZKlY0k;KIswj3;V;0 zFb=0yyc6b*pBTngiH{Ip?oGbpK#jX#G^Pw%?vmSc+x@+(W;~Z#dg!!)RI5oQLOn`V z3jp54N3a7fm+y6&g9TlO8Aj5`-SH$9LJGqGi*UTN``xdd>EpU}n#nT{7mcYk==Y+B zv)EeoeW0CyyMGIH2c#M+GndXK;j-beTt=Qe$z$E<6cz5U4?}wgHSdQe4eyI#RR@l; zSi_udHPv(Qz75(+7f78q5dxb`$+$}48gfZkyPKJ$Sn1npwe_hiC86`IKi9J#{Y zDqmR>vJ>=XrS9xX)V3CLASQFp-i2DK)ji%O!|*kyd0r7D^<}A%dVX>Q3CFwUm|FVZmZw*ZH}aof;+KP2^s7QkCzaeZd5QOPVGW1B=YuO2P4-&CAseI`k{x@D_ef}&*kYQQ zR5js8*C_2z7iV})4xnmxVf3sZl_dTKP_dsms7$>MCDEMq*PRKofdh%hGatYOfo6_F zi1h@`>8`E;x?_y~mzpQ(Jmp8eP?c*2bQZ&R)HOvuWZvp{-gY=>&LuF7#*TH@Qu`xC zKnXyRxR7>onRJgYirbvi0QQ@Wsrxx0q7~Zqj*f`|Wl#fkUPR1t{g@9%oESZmE!>(1KLaW=ws=RO)1o5&l!}*;S&%2F^kem8 zF%j6@%1G;BZ_?e?3rzfMwta9L%4F(_QE19Xl9TOg{TdQE%BDYVB4si9JZjRc{&RiQ z$%Ix>5D8QVd)Wy5InR?|`Mcc_8~Nf_DCYKOg@f?mxQXyfdNM$$#RvX8EzOJ&6TP^X zfF{kCPAyDK@4U;IGMn!nVVSu0eIV7~xY*^nZwWj$-*KIXhtMaUa*9#d#=u2&hLiuPj$pXDr~WinlAld@NY?lI?&)28`{pBuk4m zw0_#zUVlIW9Y$J1gJ-0D!|%3SV39U&KhL9%58Iv5+&ImSLMjt8c5!t9A)qrX*D=O* zOI4(yyNhbNPVUnUF`32(3$yU&=}s}-Ji}5f&xPopyBRG@KQa140uteKVv5z)!K2!d zMJ%rc*uVhziiEG(g)+^DO%bkD-rZhWuFEfW3B06w@0ntx2JZ&23T+NLL0*@p1U1f$ zFwJ+&=3HwQxj#TcPBaZ|==%nXN+DNy-F6i4Qw~5tLH=^Y=*hDF`!spZ1VYUyICb8S zM`Z2c=xXGvFXgT@c|Xl=(i#?apRG}Jhe3_;xis_5aVsA;-iszb9h<|%A!+(4R(oV* zi&}TLeBS4K7+4YOl$`1up9CU)y2HjufSFJLcz)RwwH{D}3C^pttC-6OHPPO-#S z8!Cvg$Yd)!HfG1#)x*v7;N%xU^%Z(|(?40aRB)$3awo1k2!1(vBy|BxHZzI7ZwGQKw zU6m@3!9+sFu|nd$}zW)bweZXI#~4`<;U8K*Wr=YRTfOoL(EOh*c{w6wSi`05D^F=o3` zH#HHEy4`!7Q%JcatNXiPp%H(5)wdTqXe}2sfXLdZEJQ^asZ+O*z@)QOC01IPTylf8 zVHAiA)R4wi3JEW*lqaN}N!Bt0)chNTf);0m#eY`qZZR2{rRMJg&R{tGS{;VzG^(x~ zA)~dFs4m5&8DhB}XG=2gOFFrxuUsFgAVF)`>yN{HS!rb+^{)&T+=%f9f8=Lo>rSRkzh8Cv5H4mf&qKa z`dDiaZgU5Z+tSxBgJw*-wWc0rAY`0TBu$uIpZaQMWYG~$>X~Qd3gLMiy>&ABVBm&< zyc8DICr1Iok_<08o!PPY%-EU~OE@`kX$07finv7&6dWa5kz*%~cW%2o-fG)0B*TvX zp<+d-xC|$Q0{3OS3$$y0Bv|N?fbdpPknA_aXv4PE12WzD?P}Ssop@s@2h+-xK-#=r z5vRB_GssLU($Ln3<4?}h1OihnB`LCF&uO#VP44_a z$q_b?Io!&(VTc+)0t?oE0FC1NF?+XV2*JDSulMYNYW45Rvx6}U)a{0yq-7B2#1?90 zXLl-XnmF!ua(bF(l~c;{AxW|WNgT=9c%C=i8sO{yqaAK~$)6;DeX2HBA$WOfD?MCyJ&Cd>ok4tS`C+;@Y5 z6x>d8YSa=xx0>rY_;}F-N^_LMhVlTUn06S#E*M;m%z(h(^BMCo5W2r9UM6{ z@P6*c*iG^qQbXbtPJkitZLk+>Iy1q$n7W?fE+w9x*4e+Q&Hq_OmA6{ov|5J$yPpeK z)O!SO)5GBS{A=LAC(?J~tQRUYh^I}_!((a_wp}#^&QWOhBYmIUnZxV}kmiPlfY5c^ zoySZSGNYl#;+a>qo?f7u?IZtAA3m*6*|%$R78d+{;9tByQm-i{P@Z5``1fFA|7VfX z)1X$r-MO7<#XFxl{dny*cwQ}&-4Xz9zFu6gx$crvR<_QWNjT>K_?;HGGa9Nqp_fJ4tjom%$cfqSnml}Qp(mj3> ze<7(K8Fc@yv0+DA*6)J-q5rf^>+Y!6q@B7_{grbgCnjv0J+Q04hwdsjcWo^)l#JaT zCS$k2^eN5iO!N@E{rOJbzN~WC%6ee#IHg2Ih)ab6*)dYpV1SI%$r^=j(SH^6d|`o@ zBZISdzCjmdN)>=0kkA&0Yjfl6jOhB?nOzeDGsK2V_WF$@!tq4>qAE_UBRm{8)Jp<_ zCw}ArinRN5Gjq~FIMW#&166iE@k561LDtLe@O*kx32S!mOw5KPG|tW zyS`67z{j&srg3$3zgfD*`4f?tx&{LT=+@C161M+wI*-F^Z;@DIx!b418i^H_(F%2D zd1SNle)=%+Y_ILDorNiC_H0+d-&Y2_WeyK#MO%rSLD&(S5XJEuj?j)@RPR@}FZ%^k z7kc#iS2aZMX>mK&>mS%rr zTDNOCy2a8}%47vSp~&{#v7&}li_)V(Lv z(CzDfg=0`5*j;V>_TT99zXtF?h!2~|JivJzRm zO_++hv9X(M26N&V%UYWuM%t6K9^N-U@r&0TAmA-5pb9ZtU5p1lIAT@V$+84|J_GMr zWC4)(Hc7;NzYP|>3qEuga%u=}O|ZeQ&%;=Ztf%3AcT z1C6J#gSQDT!(azB)|3ipeR^bUOr6Ar2(&%Bo$O^jI=i0fWjw0lKdrCOK}VB4(&$x}KD$;g zWR}822GzJMRR!NzWdbfxISaT#<*XC{XQnJPaUB#1ja8$U!aHroDAU-+w(y@0gn~5l zR}&X*XNq!NIt8ND|2?kde}#rV8Y~8ZBJEN5Kjdc@m~RC_YSLMog1%j8G#^OvT@cBm zBxHFneD_aS@F-$i-c60=!Fis9AFNH2U(Pt>OaM49Msjd}h`3J`^5^4c5vugMo(lJ*y}~Uf(I);6uZ5>yXcVaXBVFOS1#^PQ$h5zql^I06|Uqqpym@@)-^%*8BbddACbp9n% zLOnZ@Cs%oB^q&TX%RW@-riO=5@+JxP@K}24+o@yq-rp0$Irhq>1~B>P&K~CJMyr}8 zd%M{yebc<~tsHdq;k-+WAfvg%OSM(3tv7ZZlJ)kmb*`&Myb*~EeWlR>$1aAuX2Xhi zx7g>fCr+leW)-B!#ZIun_=K0>7Iz-t9u+CpOVOJ}-S;LOzE-~3eySY-!1&dg%+_S3 z*wF)hUF_IFaf;H&gUEP%%3>uKou|p*&Eu~{m`zl@4n06o06rOkEodDE;aCJh1d)jO z9>h}f5##f$miao)o)X5}6#q>a;D0*}`X5hAJLS#Jrw#4Sb-@g8WPQZ1tvKk1GKxei~6I8v?WQUOuwpK80Ogh zXRuqH{4XH`4uPxL(zKU*4((3Uw<*`iZ0<;E%zu_?#B zUhGliriT0>52g>{R+wl{3)V%O@asrnw?7piu^y}7evqyKE)VG1YF?A=qgeTfL z*wW&F;{oqveeae;ioNoAjM-81Td!$Q|OxU@K06 zH&KS%h7CKxv%ntMr%r1etbAqkKmlj~t8iEdfJy_0f1}qp{<_$6>bqsRJUm9`XLd4p zIh2Iyss9Xy9%C4s|J7{zS4|Ze)0MQN^xxR+Zy5Q$NA4{!)xUrQTcUC(ucT={4ll}4 zetHgihU2Op903{_!EWb21YUmV^w9au`I<8LJp#fY z^$%mb#L-OkstC%H4+K*e)^sP|_W+Q*A+V4?5;seJ#xEy&Q=U{6DdR#o|0-dfgQNns#-_Ob@wABD?;>aF9&b|4v7|kq&{a)NIA?Q) zO{cFwV5vZw6eY9V3(hp|JW9%Do-@K3#jpwiS6=gW%T*~Rl7^dIV)NMv{Mu*h7{R*2 z>>FYOU>mX0JgT*CZ>IfX7W0=g+hY}_fdqY-< zO_eOjrNEK#S{Fryi0(d;PeNLgIkeFmUHN71{~6p!o%2ePqVoVy&hcxM*~2)Yf8_%9 z;-JkIgQvKZq^GEq$6=$_K}=($!OT~{XEJ!$(eCTjK03Rt3pLsEFnL)HJU{?cv@22! zooSAT6zdc$P&nqG$(L!^06XHc+9n@gwp*B85%o(wTiJ?<>D0YIvC(5$w`W!2SQyS_ z@voq~#U|Jw6{D_b|JBlmlGTBEcmX$vXy0hw&)CuJoHsAxrCz*R`xQsn;!?!0GH`H; z2Tw85bmU1~B1|#xOcIMnhfsrP;Z5`0u%DqOuGzm2_Y!kou;&Nln4uKy&>My78wWZc zIpuKCQdA0hHCigpoCBV3={P`;Um|di@a_mleICR75{=}yneL>o98ZWwQ?L8qutep7 z`vHz-T_wlJH$fy)EZh0IhX2YrlRSWG1`Nq{$lZ?pm&%&~!4}sw9b=o5^5hv12L-eJT1jMYxKJtCv1 zwdb`_5KuK>0!{&nm9e@k-y4GZ#FEci_#D^vQ;f#yvd@Z=(SW(GUu>$_yHB{7)9LW` z=J}O-wl^J>H@ON(`tkaHDeQvwf3IizP}mG7o#G`#6~|;f{2C7L8v;r^{)=Id1W0%~}#oQWem|k63xlF@dw5UHgD- zwDmkO+efV>#UCxeM(~a%@r{k+M|>NN08tFzg-pYgC#CK_^)S) z)eDtgh_N9a)mU38c5-TL-LiDk9#ZtM0v5rrvnICLx`RyzL$RatInCJuj9brX2SdOXwtA=|FsQURy6oglh3ma0L5Qb2D>>_@X5(-3 zkH7HAnM3~5@WTIeLI24q=Xx*EH%DV?n;vX%3A!PL-IwkhIHHu^b(JCCk)$%UZrF|D z(j^N|?iVNAi8+cL>8)2s|3F&peRKCJZ>S*_-!KWS;owz3?cJgu+pzM+rJ$ToB0Sqj z(_LYhjztDHpjKk6$l5-3y)C$VX@mZk|Hfk+z52bT1?ADPD}t^{d|PdgJ=il0X9B2~ zN)IE+MrmEZ^xxSL$0ob!%}t>B^(s#c*Hos!y*y*FHrGKccpk(nH4;op$w1bV+vo#X zzSz;=h%Xzq2YH*}xF)O_ouA90%d3~*yZH|-pw8z_6DO?yeQlyPcLANVn;T>msvPl^zYBGkbU@)H_|28vx&f|g~tgez{?#f^96J2xg2N-UX$8L27egz{wh zlW<4j);l1kEz681@F7Teh-tEsZz}PcNH*c(6der=rkTy5QUrt+roGWe$-3aC(nN1i zZQTZ6U5U7MTb_*MLWRDT^yFqZK&kAH&gCF#AySyly+!Yn;P}Ii4iz*ImD5_r z1+2lLBgCfW{oo{9t*bus6*~qdxWblb?BpgBoUC+ZKEV-ZbC0 zMDgW^?MEx?F9W~~ZhC@c8L}$z^hK>q@ zOVa?B8D4`w8y~ok+z$qr=k4b-gC_^`Iwx)Iv0e)cdmyaAy!mksICgY))^c-c1komc zqJ10ug?I^|{BX099b@s??QkxRVW2GObVr|(noI+9b#LBUm*TyA5EF7bOEgOYk0s9f zCZAO@?!2(IH}8ag?_qT3>-ytm8^+gr0Y;o?_S8G~0>|If&E)JEW(Qur%5#u5d~V~T zs9Z+iFLiXh`#3ILNKjo{C*=;D&8?*QiY5Bs@)!ERO6*H5)bQIgz!e_41q$D$q_&Q$ zPISYf4*S>lK#WJ`*m1l1Jy(wg{uw7}3k(c}m0tn(naf(Uj3Ng&ulU`4QH&i1iNG+L zC;Hpq8FAB+EvoK!q&MsX6)7ySrLCiz;ldJeNB~^Hkt1QDj-NL=f&k z!>4!zI`lf2{1&N4b}nMfBvX4vB+(&D9Pk(y9UM?9gP#I4O zu-lk(7MJ&*r6vJynl)^~>iW#n8`d|oDylbUsN2)W{PWNO z5-Qk$X>shN=kV>ZEagH#A?NtyCsuj__C#tE=A*LBK94InBPo_3aoO97ol~m6Jj+m8?3i+h!@WJ3#LmXsX zmkGld>U<~+n*zhfr_0@B$6ncQL#G`st&f!%;%?eFMnafmi>`{-0^2VX*~off*716J z*p1a%A-$N|=`d^-IvYosx+DGGp2&2nOn`4s2N|tQ>K>8zPk6U%FY&i4Z@qv7xvQg3u5CmYFdbhtf0bfgB ziPJ#qPVfiOWK-7`nqRRiB#3utAu&`Jn9 z-tE{dS*BxDK@RRpk9SxSSSBd65OniqPScDAP5M2a=_6^}vY|Oo+E{G{`q6SlnJG}H zNwc}<`B}D}#Ows0)$<{(miAUbMR?^Y$eDEpaz3SnUmE$iajpY~$>%2Z%R9(c-<$NA zswe^sWzeUO8O;-$F5Gh2?1DY^}M+*I54w^I_Df8 zb$?q`{LGmyd4ufl5a*fq!AszmSQL8?XZW9roUPFzBwk?|K>|I7KmIQCi6HNT0^X)o zAc{NRNw5k*pQs!K&u)33REw~l4o^YQpZb@9JNkWh9y~`o52?a7qwyzIC=1{8FKu1a}yZR z7bzXLp@y47ZQDqn)$TJ>t449>e@-B5$ziQrZRAbEsOMFfN@fwmUlmX%Ge zRw5B~m~ynUJ`JS>wtaH-iy|OjDggm|zMt4A#fgJ{`aPeM4GI_%hI(nJCWF&xr=y*I zi~fN2QM~}_$ZcCLVa#>oHT2`an>%xR0{8+qNrNKfm>WLP(kRL$&;VkgqTQ_5)&Dy1 zztbN?$ivQhK%>bO$d=J8wh3V@J~T(i zJrdv>TLCp~jo{MN!@N;oQY|iwo&p~ZJ%M-j5hI5Htz)(V;0H(Vk`owbDc;k3e2a4H%bSY-zv0p%Ll>i!`u)@RE!sPpse~Enl zC2jiu8$nks*Qxp{p8X&FjvPTc-j9W)&JAfQxO~_DYNMS|>Yq|W3wDn;d)_AJc0da- zg?X68Vi~n$$w!XX09S|v_(5#!y2-xPZHSZ-pb?7m$sIuDr~Be7U?fuZXOWpflVy6< zCil-%fEp+k$e%i#N4q~-{cP~))o)W6y)an@d=99Eo@#Re8~0EJ7f0HENFM-MH->m+ zoSFB0RRkUDj5LO&_dZ2@5g8`2%yZ-_@pxB$^XUx$w@agq(5 z(R+Y4B3_~Vng0UF?3<@_GK^pt`*9{Fic$96jx8pqhXIgLdpWwW(5#RfN(*k(=KY)7wD{x!&#(x^l?jM`NC5e(FAey+j zAb%Tx?ub18B#;Rxdfxn(6g@Zo_Z2<=C)^v(G4nr4fc`HOI6<8ObhJGphoxy3w8uV_ znEVvi1tq$KrcaM&Gw`aGO~Gei9f{eSeF~ zN8ChOjQhn0oO%3&FKb`@#j7x-2H{ET((#fa5XKS4gp%`rC3BR0J0A#}w!`y?p~xTFUzyyrrzSI`po{g&M2k#in)0v2n%a z;N2$fQM+-c;$rEoHPc7;ZoH1v4V}%AGxRaTls>#~)VmAr@fwg?9q8jdd8{=qc*ilt zalmocZMCn~b;WB{M9|w>iRfKs)s0G)!5j363H2hfn(MIf59eN5SgO+PTeXx1)p`gz z#r}2LUmfz-6Y_uhUD*2E2fR~X}5cwsfX$p9pFMo$# zCsjv6KLz|;;1-h`27LnH8#`TV%6zS_4Im<;w_%9|wTWT+f;!^9Kbd%5M8CQP&>WMiQkub zknPrWZ0UUdLJ)~iF5|9<)j2EED>>rDZb+{JkXOYu;kji60UrWToU(kxhn5O)>g4?d)cabEmI(*}< z2F=3(uwwXf42c$43mk*TO^VMM#pQ95LuMGOTEn~+O{4{mA~7o34(tPWy<;P)loc3+ zYJa>1QdEmoT|&sZM^s8;2aqD+AOTt{GwNpM+_Jw_3sNLkON5_3GfOC0nv&d>bL>I? za@Ekm`}M3}87d_4E`9hV{e8ufNLq1^WM&{@&-&X<(>swYio5tWP5$3~uMIYDlYGMV zfu+p8n7mATz}!e)gQWE#SChoA7BoT|13v~e32j90?*-uZ!y+7sPYZ})98k-M%>X4v zEGMg{R7d}{XfbUn?p3CqMdqM^2)OM4R1B*;z+;o~)WHGsX&~w?fsJVwl4BK;1ZH2o zA)>}ECWd`#`Uv+WOQ>l0;I06+Z>TIRGM87=Hd4Zggs0TcOzv}f`SJ0sL6+3r3|L|N zH~tFhTD+Uas6OyG1RFghEJ*;>eoB^?YG`JUKEHzK1**qNV*Ef_olE!2Aad@rIkKJK z-YgLW#&iP5SNA~SSZg)AoPYS_Z@oFfelg(qQ3fnj9QbZ|n|F$0SX{e+zWx`Bh^(MS zcDlX`M4wM5mgTGs$~Uq*VWO{iS1;ht6{ShP3{6y{K@P)EK60@{dts%z;QLn}UZ=n=_$~?)IS;zaXm)=I$zc+Z8UufvD83f4 zKw^b!j2oslHwC=mN3vx%Iac?PJzH#Ttz72U#dY_fzyAKKAO5$W0Vl_{iS*1ZwYYR; zr!Oy7@0m5bTgJJR_C2)wCYbNmc8jr8B3lNZ26DAsvsOp`W)Y1`>z|I_sMZo_8uWXD zaw^NF4V)DtrR_pJ*C@v0&i5QvwwCQE$@ih}DvB=k{9|j6x01a5hRP33sy*afv=Ypo0%?mI69&@Rsos9xZRHJa??+g5Uj|*;*e6bT& z)V4e?hP4rg7uQEnY__W<3-1e^kJ$my8N1nPX_^Rp_DkVIe!HBE+cLv=5zFoK;2zSXw&Q@^`uo4m@DzcT*8 zQA1pn*K!rM$ob*(kEinMC>$Ou_V(0PRX)y$NVN?P`Alf$D@0#y2GYlO3RR_ zexh>q`00Uq>oKQ#kwgXW6VKtNhy!0D5mc>g7^vG(Y4twIN`5o-E$v2pL6W*v0j&7( zEiIhMG>h5|co_!WIl2l-`XL8_lbfC!;mH8Hk0B&G3G9gJM~d|2>CuEx?N+$8v(p|t z@Vlos0P^*;`Hm6{*NNJccp}k z>B)}l%u>ut2O*i4eJ{9H5l%exEZHrBb*4P>n1El_z;3wCOlK7 zY(5_AGCed(a|U`YdnTg%F)%LGjW-*Sf^Td|Va_MF*Y!Wd+>M@0-%tK@j&&fe(O z&=hCl_#tU|6~*OAh2p~l{)QdLYIVv{$T15;j1PEo!=~Y?UCY5*0gtoHSXn0*AtW9 zPW0V(W6woV&04M&UhgJpgD8j){$x?1`4xEUsPnef^`c*?g*8mUG6`6FLRhh`(lg&u za6f(L&G^r4)gO1lzSUD8h_94(nNwX$kU{?hqn6)+qK_@)Ft3IULs_VJh~OZ04<_>l zqUY-$kdDP{-1DUNy`A&UExb`l-X};s3Qw^G>*lyi3!dFBb`GBjyRSl)T9Gq{#hKf- zwQK{57?FDz6Q?2BeHHtq0kY#h_W*?kqSk4j!XcIHJ#)v)`VFEO1f@|gZ_`qgK)7u- ziz|9<`6nwGp8~zNXr(FfjqQg*;rZaUd)JwyKFa;L$ja>%pm$UwOwXT6?mYCFFkt@H zC0Q5Vk1fNlYtG@8Un!nbp~spG?X*NFStb*F5YPL_Jp> zJ$@#$siTVK0pv2ZO5W`Zf0JQ$4kH$Sv0wJnWv^8n)?klsBCnglQfOlg5BGGRl$@2H zBoSCS-1N5A3ZlvNXuR}@zR&?%og^AF4_?bLs2mCvxGkX7z13(VUPQmMPzLPbV=@{4t^oY@uiHK@gAr&YRdE( zi9<5o82rE%^Xi#DDS^$S#sUHCD;M7jq>d9h52C;PdWy#TP^d8%<*sFn5#!tJp1+%} zs|*|Q{vJ2l%LRuZ=Q%faH-uo{E|N6i%UbF%^2v?W`tWMs(Lynn4e)U{If;oOZI{*? z2h?hvm2)*ESJuv7fR1VraUM@G9p!mN>GPUhd0#W?Gxb7%opa}brv;4ohSS9lgj|!K z;`Soxl<%5;;N397h&aBa&|)%UlddY>52u>T5xg79yTYRO{=t=V%Uin%_H&yps(GI ztyfn@zmU+8%*6dF06n>w&9iCyQj#+6*>f2hVd@&5buDn*W#wst(RoStzIUG6mg{jv zc^hha{d2vy#yFDJVrCqjzKj>o6vlc^I%#B{5QVs<@_Z&rUAdGk99KmH0-oQ1PpM&4 zv@e>toNAgoX$|#&#VCrh=YF1#rZ!KdiRU`C>?1MkaiqW8G6JqO6eVNx(y*_$UjqB8 z`mlOg#L_!Gl>)L9)y@$gts#&Z~T}p7GjLy zW)Hy(3LN?LKf^3XUNmSbR`$5d__aR}X4@dlFnCtHd zVyShcCAyxWk$CN0D>ctp6S3{SdN@;gV-LnfP}xGz(XfQ*-J|;F&Ov-42a@T^JT|VpJ}TqCD0j2aRPHR=Gb7_0)aCGa2(R%6WJxb8N;Rvj`EWDYU!4r1ET$JA3a#mo&SPr}Bp^ zx&2J@A)|3mQ%q!7Xc;DMxIKh29Hc5uSJZh&r>a2uO&%HkWN&%lvm3+O9i%LDrW>)& z%vCS{XxE}8qf^v~v*HWq=!Cl>t?tjvAV`>%F?uX-Xd}XzGe+aZALqi0-MaSp+L?u} zUe3%4X!}r0G4A`o1L&XQ5x`^ih+i@E!-L#)7JdVp4+meqrCbMY70xZDMxw@=`pm*z z@o56xdyg-40u>eG?Qyn~FWlN9q5GG03v|q97r0L@Kq&$~gs6A`L&e#9=Sp@r={8}U zaN!C{0<}pQUlhk_T5vZU1QqFo%oj8k{lt2v^s}`ThtBO`BtC41{kI|t0CGjn>6Of%O0G63+K_aO#wem0f$Oz=MAI_xCt;q++jky$9(IH z{g#`~+X*51&ml-A#z|vkIzAqDM>hi+CH-;8HO(++caS|wB}4Uv7TEbh<%hR1i^ayQ ztB^QiS-M@6$H7K^Z(i-#uSb=E@pq&jGTv^lkL2;>=%87>6YHw>p?JAz#abeFOw!#= zgdsP>Yt|}JYK>mOd*-Lm8}vClrhOF<#V4c$DU_0RvA&H(H_n3~siqIK`d+X-d-Qxp zR99K#*nHaR9WL&5hI_|at373KWKoD;11n*$bx*S_fj;pJ;14W(^gZoI!~i77k* zQ8RY`kokRq&rN;MYntQ0x`>u(QT7(j9CxE-C=8RtJT>vBcS9|=4jET??jsUA^|?Zn z)=*y=dDztTH|Y%D8Q-hKV}@Hg)tPL(qZ=k_`F@SCB{VCqh3Hb*Bj;w)$=dvl1~MNy zC3Rnlt47hlIc1KTV{Qx=L_X&cu-@uoAHx$dS}n?hixb)0Qzw;Ij8MwMx9J+tRbO?! zGGmrU8xp~s_=0dIBDp?qV3WCK=!Fn9i;QqCSq+PXt9mj_#x6bA;_d?Vi?S(lwW z@nYZa^3TU!f4DH2A^zQeYewB!@4rBUE`S?vPzkKWK3`9!-WB^{b<}(`YwiQ}i2YUFUBBu4~ zEBVj#m0UIM2SUcz(VZ|V#=~ZYWv?5aGVf;z8C>k#)>8?)JHJ1*6s}{JM|tjC>1Ytr-i6#eMX!VRl9FI3s#3nd)G9V3eu46$m^9e8MW_W5_%Y z)5;c}aA!;$%{Ur}Y3dz^=4s}7FdA|mzoc__e=e*TFb zf=y2X{YNx z%9ngOn3}McV2I*)1I!XM=s?>`*4*?IkFr#P@=r&`}h2nh9H zvtEL^p-ygEPR;LMEQw>{c_bi=e3c6H9IsHZs;MJ&dmMdL0>$S>Xn)*D0Xx<6oB!<0 zn;4|5MVCPr=6ng(U2=U_uD_ll^7U#k!ep|SV+yWqz0}K>?YY%Q=lm{@wV-gJ48sYD zBaLUBc)1^i^GuFC7yt=h19pG;geUlLG)>*h8h6z~4-z^jli-7e2AEGG)p1Q~;f&8_ zn%G3EdJ~;ndv)QE>uQ$Xqdp9CL1Au>Bp7XXK`o;A8jABiZ;WseEB!Di&ZFCp^EcYN z-_Is~zRCn$A*Qi}#XP?O4VVkH|Jav26SCVO8o1l>o%@Qz(;wwDUf2hXTr4iN&(jXW z;p9y;;jdK)}Zg3Q65DP~^2p)Q42j-dfkEkTPzZn>Ap!gVNKKrvOmEZNb zUIt&;7jGirdxbgZacYe0vwhq2_}5!Gn_;FN<75bQAw@oRS%z&2y5c z6&5CU1*J1T?T1Oe^p9W`l)EyMMIE?ALHe}K?;aPCNg#8L691KMR@#I>V)GYQ`mV^> zCB9*fQn+`Qf@(O2If2FJyKwvcTj6G}Z}MiS%G{N`&|>}Zy&~{^a<3HAeO~($`AlEK zkCaS%A5;?|f3byx;zIRpf}3t~_>}f6p_hGVZV~~_klPO=U|)DZd;P+HKm*<$Ia?NS z!}@hKT|Aq~Rkw7X>gGf{74y>aumel$=V;l6o*(55 z;)>i5(Fz2jpqD?X@L*aPn|#SJgW`#{fcFacc_B3Rms##Z!iK;+Pd%*~I|DJ>r9CwP zqK(Uogo}*BqW>kk>i_z^`uA#p!LUAIS;fP|PGukKpSKIwFPM2fLBOZSkMaXk09_9yJ0zSlzHP{HLst>hU zSABR^A&E{HEurcx&z-2jZ{)dr<9m-aDahO}N@;AA#K$4;*&%IpYTdt5YeY+GSQJ6% zW-wQ23zu36ots~{Nk(uJWWuPgDcl_Q2RtO$6E!g5ur5u!ewCUY!mFs^r%q?v&tj(z z6II*%?XDLAs`T|Kmz5b7?aaw(^uwlXq-DLwc?7Yd)7{7EPoG_FEiLC}ER53-+#;(2 zA`58}25b8wFLZb>4spT5Da2w6;{;7|G^}yndNGVYzUlCAM-;R6GA@umO7S#5bF7av z8C>sbR6|BW8=-bUyW&*p*7+p|w(exrDQL#L_?*B~SODw(G&Tv*R`XG!7z!QtL_Q}x(_)CnU2-! z=oYUOs)~$@@y@9-bF8Q(>`*Wk^gd{FJD_-x5v{R1lXKx`g8W4ust2#54-4$Lucr-h z0aKgE^09>9oQmWA0-FQNZUA8{y z#P)({j9ikHJ6(W-0@xTlNN54H0Ghaf;vl=HZ?6TGraQwT@*RDcsCNR3?0%oSP$8!s z2Ds#{QK55@_Od-H#CPI8<#&@ES`8`CdPH~Xx@P3L&L)lLnFdP_Pb5m(Na5wW&eGcj zKs2U8?;Wy->!{q{&=nz^37I#2@+)%5ExMB@`s_#_7{W885VfkrSpD?;X(2(ZSCt&o zqZARh8G%a~bIy*<{ivhKt6sO<=9cVxZ$-Gn`td~IXBCyMCoG2F=3sD5OEREu4UZKM z;WH}fyyTX2ZI+hd(zoM07O=}h_YY_;T%dc}WrY|GWJ1fWf#5I`b{yQc~WH*4vQP&_D;{)>ymYKnJkDKRxmZ zE3K0jerpiuqfZyqcI(8xn_y0?f~2D)ZTD-8ubx(vh}+40~KS-$mew-}>AotL67mfhOsN z)+Pb%G7`iGij*=zQfWnNTA|98XyhR3gztyO15$(!i=?hnKb4p&e0CXy3xdw?jvzb^ zF(>g)cpEFW>N<;-e>o~=6JLX`zqv50{yv}Np4QLypxW9>F662P>SG_h_a#wmZXk*z zxSs#zYV8O8&Hl+HngCv7yZXE*l;d4(8s-CiK%f~bRRG0bf6#H+ef`L-mzR^6YAXyc z)z>#5I^-%|LCwR?7(r1Yri{9@l{HC>88b$@AMCv;)>(_L#g=1cNesT-rx&>QW}~IP zy!J@nU zV|WS#mz#D2oZpNy;VqqbBX%e}N*6uxS+X?W^oA7U7nyM0;sD%O3cg{OWkmYDCDdZp z&|TGvT`e)JTG)fsnxxwypL!Puvm8*9J5AF=MG$U6=)x8Ef>9Z3C>*t(*J^kes7%GM z^;m9sF#A!w<5$Y?KIkwjugf#;`U4+&2bK@MFY4_!ac_FU6zYuHa#nV)tiNMhJahr1nSZz=i~K~Zf2CZ)N_vm&{o0{e*STzah2mG(x7vJ;)$ zK*1yM4mJr0!U($9eW|?##zs?COJYw^oL{Dtvu^&m1d?K}2TLRbjwz>Hw1=Oq`CXrn zc04p$<3djfZHS*C#A`KRFeJ{@7w~?52_a zllhi4;<{I_naRM-r7lh!pc4%qNfY|pYjFQN3RpK(j8RBsu4U_=t>%%DHlR&z>% zH?h66DCaL=RRvEUICYc;x&4O036hOHQFmqpew4FO2W`_g($oz~{&j!O`>eLT5rz8@_Esa?;C+sLFp2pV~!Nm=3He0z zeM7StLAxz2#Rc~Z6q|}KlW@)?ye9qjr_UaFUwHgN`z}_S>86FCwD9^~!0z}L1@+SR z;hIK9NqZuVDE&P&ch9Ci@_0Yl*1J9lTMF;>t(s5i;Wz^8W3%r_`{^OjDef$buV}Bu zu6?&2l~ z2Cvg0;CMcLy~Al+@Ntr5FBBs&8!0m{a8NJ$=se0#*6P>xE9SzD-1v}l;;Cs*s6AKx zzKwRzzxdQH=Yw**Gr!Doxwusy6I0=Nk~q(mXj`QF-LgV^LXTDu?g zHIp&BK~?_q8690=sI!PC!!=TT#y{_#@y|5+@bA!OX2Xcr_a+?zQ8ch~zlmj^LmKGv zB_cJ!W!M=O?Rthq<05GPM)-NZesn(5iDhx}WQc)gv>VvNOWljV8kJK3CLJL6_`FC= z=~ViDu}kPOrbFJnUN03Apwsm*l*=!CkVBIrurmq;Un>ZyZRjgD*?Fi(;!WHMU4m1^ zw|Cy*oyUw~gLNZ6lJ~BSKJI+ZmzYbLyI=IrikmT#7Nl`4De4F6{uQLtK zJybLPO{8CPnAz)$T?_~5iK9EN&)>;k)#$Y!CG#7V_x3gR-wh+L@@yysxd*F|4#$hG z?k#40$Ve^;crh-*u-Gh2tlvr5HQ=Qo$AKTs%1z# zSR=dknaa#s+$^@*2?cmBatctxkKHDZe*7x49bi{$y?dvNAtYTqL|vYLYnmX-F_pOO z{nqyBfge7j%7W6NG?Saw)vSJ95=LiN`mql*Y$(PiyP{uakjww>mipwhf-`k~$jwdi zbr}ms46q}gCY(%y6>+{g-z7#&+l~E5t3plO7SA*2xmM= zTL^Ebyq~5KXd$5;Pj4t%-pZ=stIG`!>+9=zOv+{W)_rNzY}{ zcb~ru1aij&^d#zeyjULOj`!SFbH6s(u)mmJ#D#@NV~byT^^Y0n7uxDq%`CVqdy~80 zul>qURT``dh^Ng*Y(sN5u<_p*7Ng^AWc=>C*r+BJ zr>1b=x*dlmlwpny3?1v~Zb#FDZ>>EN!~8nYOu-_1?9`ntA>egkx4F+XHQSU5#dIEP z)Y>64=OPhoaj1uHoz^ARoh|SE2J}xskod)7rORXo(Tc@%&cDz74b+C(V#Ic87JK(P z89E1@xaJ!cbd1MlxRBmg_@4eew*mu?eErfV!_jlE)qc>A#6=i!39lv$i@esR483#x z0wU&Vih+7Ii5gGHuNH=xioN;$YFl2a6pvKzbC;_RwyU{p-8)s6e}sD*A;q;dhk?_rC3b9sHSondj$TD?hTOM`;q8{ zwe3255;~&slYJ)P06KzpjhUhMp7;TH3|a4~81VQSNX32E@C#7!#(qJ!dsrE*k4$Zj z8~yGZ0jwJ)8bAmBwN6U{Pi1_61`7IBry3BJ+TKNa1z;lSTruXZMs}asTDCpn(KIio zFH+PtW__cv06P@jG10Rp`Yg>=XlUyBI1t^Qbt{+zMcgsEa5d)}O@>rqO>Kf(EWkbE zUR83X3-|b(%KfN;JG2O4uxH0SmLv?x?G3zPKrdaq3c(cfh0? z0W0bN#b%p2^)-^GAAmd%Af;^2bVL#ZWP)64h^Z?|>ozA7KeoE!B~z#O-{)^NzRsap zYE&4BaQ9-=+TMM{CQa(z$N0!yO+>#utpu4!B-LBT^y8EZKOP4xjp|n%1S?pt8qOx| zA;}_Fr50KM#)^yR5PNwh~!M&K-mZ%3g;lt?cd-0h|75KDq}I zrsF96gGES8Y<%Gz*efq*B&^u8(i4@=BpW}{jBVJXGtfB7*5Y_lkO+IVH@^R3k>{^ z=uY!UZsg3^yB^ItyP^-aE+2ljL z7nUI0e!STEc#jy03|Jf)NIjC?(wjeFrhB3;2Ufma`2iZ29()D9ws2wIyoF3GISqO< zpWIu3cV{#QoY14<-zr2(2O-I@MRl`xE;UTI^4m-y;yrg39Jl0Wg5g%juf{~z|= z1FEU!Ul+E5h>D_sh!7DGkrDv~krD+J6)A#(q7VTAl`2Rt5fxD>0g)yppcE01-b?5m z0@7=wh7t%ZgtWcyj=ul%zW2N5uJ60&obTN8KkHqt#d2j&W@hi-&dhI~d7fu7!rkSd zl-!9vS8bikqkPgb4UC)j3#{cz)zIuxk`3YRh?bItH{Z}=+Z#y03=Ht~Mf&!+7@u6> z=v{#XJFQt@0Zhh-ocOtWHDVA;T-3-g-O;tYc4UIgx-ixeQU7W#i$C6>` z-|jSK(~jrS{-FqhQi;|TjdPt>FW1!`n2lBhSj6Zjzob8_W0KJ*On|@_U{So>VNku!j%)%EI`B}H0=IjhmSA}_#LF@I1@rSWLXLpDPGis^(4DTD<;9dh zPF78aK3AxEml}7LA1uO_d?&6ndUlHSES~pRk+C3&5v6P!3&GPKj2}C#;*cFmp7%;3 zq#r%JZCldYH+@~l+su8U8}k5gOGSh}a1bl1+gMOiJ+XpyVyK%qIFzghMD{H9>>V;~ z6l`(sXBK)Q zgA;uDdN`7d8vEkMWs2PygNK3z+Qy?(fO zJnTE`i{@)2DDnQ1to@Udf30QCOQS)kEPr$Ll{ZsqjTTCDde&Ipq@d^R6*9Z4srv1n zaPL6sHa7Ugf#9dP?Gx!zcSq`0sK)zrd?fL=5@m4bNo~1nc3j=X2UkGqLGT1xr?hpH zWMV=dGK?4=TXLyG52GN<8YvQj$(&9y*ZE<4@{LJ;+OUqdh#aMYMhqGZ)#5tI4ULj`7Y zn7z;FmjnYyWj`uIEmp3D`Osth%|>6Y7AuU2|0mOqixTAd9${%Z}8`bE9* zy@1S%<4zC@JZ#Ng$#h)i)mAf&$gPLZG=(%`TqerWgnq+OczZ|}KOUGD8DTsn$WIIQ zEqGoP$}as(s!4J0R$3PZ{A}S9zB&ni?=LDt&KmK4cW>eD`^Sy9PE~)s_g%@Sv06(I zJP0noTOASsKB>-@=hpY#kAP<|)CO(x+LM;7g23Kzq`3WNj6wvsS&hoyq5FN)um6LP zW>l$j3?W>hoT)Yagsyrgu$+mYW~I0IBQ`^G`!S?Dg?NBV6hzWju@SG3Zn`CJOq4sQ z$knm#79lRYx+Cq52cjNYn?{zRPBoa&l?#u0=8iq7eSN1t>$Fw8ho$?nx{#hwNxz6_ zN7mdeL%QlX|N8l_U<4D)t=%UMcdys9prfb=1e}go9Gs%RTgSPEdfC-uJN;tXZ9#CO zD7^*Yvk7Y%U2>tUzHL-hqbxQ7;56LlmQdcp7h5{Qc_p=Vbm^JlwB|OuXeJ!?SmYh{ zrL>yhDc46I9mjGlEXIX69f4$Tkuv{p&iZjEXI=;OYJNANrp5l(Q$VWG*ZKs1EhV?Y zi39pRU{~JWJtrch4abPfkl+n6Lx8yF>90-@@T}bx{l;w^OnJV2P2@99a)PKiPB~cK z<^r$x;hXw4$K*B+9W1q|;_^AlCY*lobdplSK3eN$G?;-s^Q~O=FnsLEWDDCT4@f8n zZv>BF{?Kqo-T8fO?Y-97qEA$R_#%jm5Q>_6@NUdWx9kF)uKSn0|`Jx3hynN9=Oj$@3M;w`r|;u84X8u} zs7d{)$oKfed5w=CAC{OrZIR^>Z3Bvn#Xg9Tgo+M%q_1A5je{HOr&3(YS4b_g9=CZS zDnK)mjqk#Jrde?A6Q*w`^0 z25zRUD)?isHXlMQ4BHz^14GHvv^(i7mvElfsjJh-h)TD5IyewEc4xywS>;Ch$=O3R zFR^aIqgs$YlG>s&Cpv0Q2WfZ{qzm|E^mSu(2X>aRn&8h6o+}~(_^646FUk8p(v(Qb zr6D;lAjG9Loy=aMJR|NN9d>8S{>Gx#as@t!i(_FAu^`;iop+y$_jS10+q~p(jMO0aqp`4N}8&t zGk$UHwRa01MR{cK9` zm-e`4JN9}65K+_&f$I!71R_a(hH^tnnB!Izqo-URXZcX79n1mQW#>2A;nKeX6pOMS zqei;koWb_Gv*5LO)ItV{;0GK&!z$EHg{=|)-!z${oxhZfq?hLIqm!jOMNa15;>)B8 zn1GAst50?CiTx@an;(2bKRyD^i5GVK0wHwb&dAvRn5}{*S9j~2GNBx1h7g_ZqxoA> zoP)8Z!O*5}S0C#IX#SGC=~y#Ih?OQ8hCI!p-}Gs*B;tbH_Jq9iww^<%t{9f~A-K-j z3GZ>7Z7mzFGQ~U%*E!Nygrt_tweJTp2&&HX9slwhh31+b`8}y{W@;|E@4nM|^d#J4 z!}qyZ?e0;ZPn=M8V;H{OWcfjJs7ppk^#)Q0ZRG(};^25-rs(`*_ZB&fL9hqm)^yz$ zzQ|`=FJmftp(3zUfni6W$d|_XE^B9Ivk!u6MKN^~jLIV&lSWoUo_zb5|Khdn@m$ z*ws#i`>8~l`vI7td+}U*HmH!YDIr}}F6q$`@VJ%`Zb5)caBd`Myt%%l$nQL!WCqrr zjE+!&-)o!X68(z1l_{zj?W>x|(n=ndxxV+wj2!5!Yz1Ui9eTvt}L(&QnKI$EFT?5AT8`GAM^FRGujCVhg7Rm5f=amOhNUkBX*(MF3_9(dv)5Z zP0qmOt@BT{W+n?~US;RHlJt(pkSXgEX>mO_W9lr6iNL23)AuG=9__@q$97&y*~1aY z`RE2YnXs&bhAn#+XZ^apKHl??S223O)D*(Gd;QfG@MJ>w+m5{QcpbKHLj2maH3eE) zdtKvATl3SnD^84Aaqg+y#@o&4{t-cnewXmva_ zs!~nzjXDQtA{}(^0e+fk*pl2)Ch5NF>Ks}Rmv6i<0C2@pw|dm|mYtYU2WG3MM^MU< z(vM*ehpR~rGVmdLx@s;H^g^CqlV)55*qZ<*O zCr+t2Ieas~A!Jo`gg*F@r|hG;q*E83ARO*@2HL0nJTW;SAFv-g2@U{6W+e>mF zBwD;bgZfvLj8eBz6ef1KS^K_+o%f)^6OTk+RYB%tMID#d2XlF5RT~~hmF6^=5?O_aeFkCs=EJ{f&5+h!R?Yq(rXZjz>_m%ZRsw-6=WK z-(4#LY|h!wys-hRajBgAeDKI1w~6lfyJH@0!)Nsm4(mi7Xz|e*DDomH;ls;UCS%4* zHfL9tzRY#$6^968>ZUP6>r}i2+PLMqRqX9bdL~K&hbK|FK~snf5>=wFQlIyQtXQv^W{Yu=Il=vQAa?DmYlIWRA(-f|iG6l& z@M)`*_%`p=y=`D-CNT5(%u2mTNr zv}UiZrn!@F~lT zWCh814$ZG=|B5KpeLeX`rHcYKDfip=sc(ax(Mhz|2jf26uk0C)zXWIW238io5aU)g zIJ~A7_;kZ$CbJp5RsH+=(;wFAG+F#^T{b`@wfz^iIzTGBofW8b-fjTOSz@$KFG{wB`V=dR*pIi=-Gd_y7XT*Ynrp;FI@ zd{@j>-*eBPM1eeg4>y<<>lUbL)M5{+EV)xwZ+l1{LRh}1Y+J>SG7BXLK2znn)6k{| z0wiI=D|nR+CUB{Oj#O8JAA*O9LMaaA3_o_RRn*jdw50uX+3BZV?ORmF-kLO3Fkcl# zGQs>tl{CgOJ1G2}BJBw?CJx@(z#AI+Kt5OZP~t9QshIL93~TLS*hOc8uN#$f7@HcP z_zM0RakzC7v$|t*`gTxFZ{EttwtjE?+$ol{ks)ek5XLo6FW}dr$&Pvs}L02yrf#^Q=JDSbEquB^! zi^uJ=x=Mb!7;G=asm*J05y+w!!i}}j5f>_! zC*Q6wyoq;Qvv1EOJwp6=4}VxSXAmMKz%|6Qzmw1UR)pGuwrh!#dxH;7675D5X*ul?S+A2tyI!)|h>!-g z5XD(01*IbkV-!jB2))aKzBs2rDXoTGpwu|_gxbF`if=@x(-vx5XP(PkQh4^A@kZ#& z^Ep0gajST*tJIl(?4?k*XhR|3D?%zjC)HKE4P&VNnUmkDQ%Uv&I02vjNQu*{gpikT z^D&RWb+q?dH5!$z>_BH1574%Usq@MDtmI(=d{m7?+&W*u9!OIee9)5r@aWOCWVq*b z_w_OKX?A6@V$up%#z*%dtVYG;DG!KF)2mh|0?s!%cKL(1Xr59PPUcV+Ew+MMuZ4w+ zEs{^)A!GUFR`K43=#%=# zc552^sVV-&V)&~<_zxlVFLyl5zb>SP_P_rRMaT+z%(*Yg#jPQWN4CGjs;uyxv>)udJ9$M&{-qhF0UM!#aWZg2xNlBro zJ@|kRGZkfymH2_+a!2wURm5tt^4_e7QVqqXh#)b1WmI^_%(9My3tqpfk zBE%Td)DFsh}t5~`bfLr$fC;uy|)l@fH`;rg?E^QdbAdHHs0n_-PG1&~tz zV|Ow|ckY86#BM``Z|&Io=8CM{6ANf7gXK)Q>|Q_ngRP}A?spnob_<5m5R$snn6t;E zVNxAsJUNECe#GA7epr<987syoS{u0Bblm)Dd45#ew4cRUZ%EnxfR&;ruE?lf{(8Pn zWibqwuETW?f_@K{V3;=3J> z>htjR!C((De8qCl)1O?GgDi;;==4w2ouA|ScOj9 zG97%E+FBZ$e=Ac#rSntZ(3Z)InPwEI5C|y~aFV_dBBt)y%#*(gN?S ze`mXkivoc|@p{^-ODen=rGfWCe$I=%{ZBJI08gM%I*C(|YxjzM2NTWEKj{pP29k>o zR%pDQgeP;pN7K6-uWRQ_cvoYdJP#GTqw*zb=+k8%FscbUgpDJsr{?if#l>jQAmYpQ z7Ft*-ORUcogkBL=s}~NwWe@qO)&^RgBtTZF`L#G`=wh)5&wARZH6kG+p^rY9_6mDS zw_g?5B75=b=8yp-5I4g9txx|q3FdiJnfGuZ8p9AWxt^O>F7oQ@#H5B~mwLn$yIWyz z0RO1M4fhlKzxPu8eQmIQ5j)|Dhx5gH zU!qPBDz72dk?-znJ(hF+;)*Qx9Hb1=BQzG*4to%LX7Zb#(X$eiMB}NOsqdUuo`^;G zcTZ-9fH3B)#`^46^cf%qnAto11;+4q>`a6wgIwbMS*4ZA-k8(~kd_5X z!abTlJI-3~%QId{M>2Au9V@(q(qg&#Aj737Ox689HO~x0t=FI<6e?%-I_6AP5U@Im z`6e!XxvRkn6`3QXtz4)0d?wT_fI0wd*6}d{7~`J98=CB&cGDQ;Z4z0iwFL-9S(EId zZ9b440ERBQ|8Oj3{vc##04_eqR3ZW#Yxrb0A~^YT4?aRP%NzE}kG%LNGBo%nQq%wc z=RtA8u}oz9)obf#kB7@@9sNTw9$e>lUA((4F}3LI=>9DyUItxDzIo6;e(c9{^(`SH z&rJ1N&OV!+lhRVyvE|)E5xqZ)PF;Ht_3_Vojt{)O{bx}{ZoZR$sb`n`f2k&$t%#Js zTr=u!>Q-kf4~;kFBQZW4mb-a@oLH32jK=QFWLPnk;>IXGt&0jWC}lY3F;;KJg*=~9 z^dO?4#NrE#HhRy5twN>&S!U^6571yln1;j$(sU=Jlc8%~BL5~F~XGE{@SspAN>}Spt zO&7-C3)_YRHxh?IL*{0x#oDl)!IERYQkD~laa*5oyimb+c`UMKk<9UEItR6Jx72B> zemW7gsv)olU_?RLm+}b!?5gXdjO4gy4TH}$8fqy&9{e!U4|*LlSoMcZ!w(OEZGVYV zZMNmDKZE$B>&?Z##QRLfy}!iUC|_9j&!UQZta<-Z53lX6zZBh9`{~M`^(0;SZ`@?) zz*uNk*HFI;xHICqs?KV>3KE5kzwe=LbKXPAA9{4Hv#IJ@sHxeX z9s;|V*;I-(BQyHG@y4hp#k2S-1Q_hm+blGL@(va_2tS0lSWsSaCB5wJfD zjTZTiF5$uB9i=$z?9-ObA^>7tmX*e$`l!=u7^YV=0_EdAWiE7Q!-rvFFYt!lCKYyXkb6k+ z`1h*KeO)2%)fDArA4;UYPDMygx);tO82sKSvw8iZ*GqW~smv`;)LtgI%0eCuojLxeSso2H|66!8{CgwuALUYU@FdgunCAU_ zcjAcwHq4Jt+AsPdj~Vrn2wxcc(`8>uO}gUsu6EA`eo~R&_4&>Wf^l-n@s3kcw5(?z zjF8@UizOf*H{=#Lc`%`GuRA2fXIY1h*smtqlbEOG8PFX1 z$gN++B^1U+eOlvn`a#M5>O5iF7q;rmVlP7d1BCntf#*;AfNe($gq$IWah*{z{QlrhFETzO zW7M0r?oR&#V|FTRm47>qBp-+otFsm$SCnam%^#T@Z)o-zd!t%>&hS`S{#Z`XQ|rvT zla}80A@}>noa8*e?|Ky3j3Opk|1ipwx-yvpqyUznF{LA}ZFDl{qDwR&$0W?{u&!|7 zxjmTzYJ+irXa10z#?_n>iyE;Lv-$1=`iZl-pH>eS_3u_+Tw2 z38=-Ac*HzMDJrTWB9$^hwx{idT@XSi8IPG9$JUtEI9EH#tDe(Ls8l-+K1LAE!fIVY2P}vc*P&x7a&B9RP){q!hy4$9zokYfWml=`JEr` zA><0V2`7Qr{wbujw#K`g-d4|aE{Xa#WnfSfX3VA(y`~3GD~}?q^3068RpRXDS^soUyKW6HJn2_nDOD&- z@yr8HZ|_D`+A;~QL_z*a7!b~Ul7U1=>4vJ56weEG8~An19HJYQq`sf~aqSsKUD+O)fulneQ~RT#-ydH3@D69JNy2585gb38a&82HuSUYE&S zLQ%_ZF)=5wk zD2q%*rN_Dh1S)3Dsslef{;=ZF5@H4#b71*;QFOS9R*_SLwC{TXgPr(LVOIy?@8%`C zG4+CR*Iz2_MP!;-bjsh$G`iO7E3?8o@MN=8w)n_Uv{8ZX6TW%%!(&f2pO9OG*%EGi zH;_u2ukzki`|C@Jbz5#X_kQ!cEm+KD>Xtg5+AHCI_{HfGqk@oc+bP0(NM{-O9@G1` z>xvqt^XfVORDC@j_XcB-b<}Ljx2dPSYTx#a_@627UhbX`SKo6n{K2md(D%P_J>p|j z;rMpz*AMA;IMXgTz-pGYYjx5M_sMLz<5=)i_zwHhf2mIO4i8hXAhQVLv!PFSZ)mg! zmq6%nT%o$kOF?{xZ%*RVN_vEL?ybjMXxWdQIF}rQw(TUyH#VlM*>6t903LU0*=QrG z=BjGbh>wM?u5HlEV1J*DSET&*Mq#k{cWn) z-!`=n)~Ui}nuNO@cg1k*T=FNf%Jy)w+RZan(RFW$tRU21woCjwc>g(X)I)x5_@kem zv+|cOmp*^^uAXmyrT4)xH)P9O@{OsLE4ySC2)HvR!Bwd*J$h;-H*Dr{9}ZBVoPpW+ z=_yn4IgJ#HZ~`hFzyqYFO@$4$Hx=2-d>e#hV1-h75Po^n|9Rtc_hzNTSoalw?5>=L zmB+?WdM!ewKI?P6-_y?F&w#hX?H}T6uhK{qs@0|Qt9)vf%x17C832enC^OhP)5?Ur zK^SHD1%kEme%LLK`wP%}hH7J%`+>EJTK~pApX07CsX#3qoeE_TRHa@$bB^iLIcW&Z zt5fD1$eBy@0D>hAU9jj1>qezQd@DHuX#~~A>`$j4SAzo=GoC0|3+bDM$LbxGo^Co{ z{pqS#@NkvzEweuKhyIUeyu(n1+h_bA&cpSDsSihOeukWqq1$g@z=-_bwiT@w)+oN< z@|t{UxnLH8g#Z%Pd!rj=Uch|jb@dH4Y8;_P=Hq4vNTWix;#L5s-DQcn6x~fFxLO3g z7OPJQ;x->0*o-|DBYpB&G-9Ic0vH>_*b}seHNx8Ku*TOFq!n}6gj&so+T74U&=Tzf z2ZY8h&oJWFT$d1!G&AC=E5=pP#xLvN;hqVcKXIcC0;=VhRx~tu&(UTZSh_+nF5=P| zrWmXHWAYByK1KmbOjlag2GU(vMBxTrI$cMcpRV=x#T>mC);oNIeMiiV3d_rrbvrsa z51jGF(#-pC%1zg6KBJUl+dqae*A^9z{!sj$6C(rsY=?y1$#4BpIQwn?x&naFhgg zpO-@v8XjOxO!dPg@71_wdU!_kCx;*_Jp^;ZFt9#!29d5H1;58Oy{$pquY4-PsbbxI(YD+)bFa&ux+(HNa(aTN!i=- zB1gndzA*az-1Sk>{vf2C2lEeofa7$$#1{ly8uuJ{{aIQGMZP3G93+{W5=XW*oGQFH zGym>u5BujWC35$bo=)?Aj(5v$90>!P!5$>uWJJ;$Q%z*_vX|H>bb}#6Gd*uv8Gq{* z%~xBl1v1xW?rqnAXnc-6Yy{SqG5giVt(!Dm9vA#AH%2 zz~HbBP_I)g1I%Xu^NXGsFK#8Vcx_ZXg?(e+W;&PSpk49knJcz8IZSuI=N+K_`sC4p zwkIzY!Q=c*Bg$Yza2i-}sV@5>uPf`;+lh!I_9xTT$I=GR^&IIe9dRCi^`KDT-VR(M zM+$gFHl$<@bw4gsPjR*8bz+3q(I$(sXqvi5l)i{1ctt+y$hH$t2IH`_W08xN^DMbN zwvMU~@v<&OHA>CA={@XFzgw71AXG%ME(4e18(VVa&BJqS4|3GrR$rak#VJF@FtXG+ z&rS03Y)hB<`JP8@kNk0syR3%_Jysh&BjWzMY&&jeguLGVt2jMt5sUNL$SZ1oySgw(x5{qZLBim1{}onG z7p&Arx&8N4+l@D4EfO5{ALH~d2WRisN9m)SzzTbTC8n_blmqvuVGX*miQ2E2mANkxwgMCzp<{p@7vF zY@iP6Fh{X-h|&fkmY8C5Y>SndHk(n-$xpuq9-Ltr=mpa8C^|6@H<409$^kbJ47&5H zae)DZ&oFTK5HhEU*O&63&JIti>O2aWoD3jp1d5P1{k9T_lQN&V=$B_4qoZoYqR3(( zzMMvvqrV^_=s6Vv=Di?_fd*wLTPYgE4Ci<433bmFe!O(>qC-o|HKrk$cI4Y+Mp0f{ z#KxZ3n_8M@$*iR9R=LXs{u&d+Z4>+P3sEP#=Y_Lqm;2o9;Ia#>TP3bm!@LN`wRdVW}X8Hfo z>)q1~Eb&F&iw@yM6@>LY4f#uvsw{2H|BXtk5Wi?al4xU==KQ{9+{N4r8_=}-f zHW|K*wjbgvJKi(Sy)AiY5uyD~Om`~lQrk|6yyrKReUGE|nn6`3|L0VFgQ-vdNrKi# zRx4V7Yb8Cd2sI72d{BvXZfTsZC;m9k2m85LM~i*aX?CF8S?+0uc4zAb>obtYf{CfC6`3??_%@$1=I;Uu9q4}Nf1AgzXEpwkZ@zbXMf#F@w zl3UZC;kPfpj65d1)kF4QFv%6g~%gGb^Q}o)ks=@aq z-?MogzqDLIeto+Geo1Xxhe4aOUqOh#9ch}{l@o3p+}sX@X5S?;{6@YycJZA)Uac7t z@*S}mErS1U^lb5e|#AZelHljUfADV$+971Ti>?0j|i*H!DM-1ZKBtH3WdCVlRDvP-J zLujhDe;Ggb&6$;+_m=>`3?GE=MQ&_sz!vbG$>su9vw+pbFdbEkUiORGc_oMq=7hlO zJf0uohe-N;yWT19-Nkx#j2loCmI1R1cRwnYKykA4ZZ%wQvrzF47o==7ih3lP-ToD0 zqxv@5rvMdtKk<(*hM_c5z6IyeN*(JlY^(^rWKG0_D1+?=Mfw|^3@@4N{{14@vf4;W3G=Y?WWOgXjlQc_&}d@V zd4}KqfXoB*vnz^%DH9_pYkWF@Y9H8+_L1l>fH(A`vj(x9n-{#}ii+^GApBc0LxPg! zSkYr~u03HBh40KP+}5~`6Mj;d>><|_U^SqotrY^ok~9Fjp;p78rl zo~EwF-+R5fxQM_qu??C2zB;PRv;DFR3=vh?ku^!BpjPm%OlklhmNAILGHXoAH)AlM z^VErXJivp5}68M+u(_4$)_`tEvN zZDu<&HI8F&J{24&yqi|VW~%+1vZYqfYs;NeZyYx8L@3DJs9e~HQr!sX-Ae)?3haXT zo-aD7tH2}cJ^s~Mc8Wt=DpPS?rTgv_2#LQ$df&R`nD2WJX@A7PvgV9t7^+7}U+vf( za=Lo3{28(W*-&9IUA89s1`9yWJCc3c^!k3ryq3ntqqYxeIBO;W`o)-gx;CIE{Ws%> ziktJifNHL(D|@|^f?s>)E?$4VFnJUlMlyoLnda&3a#|bP`}uc^Y5cqrwCQ`!OlZ}A zjuCSUvr?oAWM*TSZK_El+gx5zHe#@*BLr1sCJd48+5*tq;Y7b(NW@9UylfqgF+}~y z1OlwLQnkL(Pm`|oIe zUH06FmQ9qQ;u%EyF`rd9U{SoX#0j%gjt8MgPc8Z*7+u3+czRMi7&S_e9hcp9oMr*P z5R_#PBDswHPX~yT^nx-Iku?s`gGQ|)$o}nL=z(QP8v^3n_AsDxRQEz_Q3%ZB8n#*t zJToGi2Re+&iSD>I5}Et!DYMeD0aa_O*W=REa5}m?#FwLc{&w}@L;)Q3*<#j2^RB9F zMxO@ni;G|P3hfrLWDaeHfvlhV;MrWmYmHm>C@~vRr;ONB2zxk&K7B9tuX#I%?MB_w zz;CP((BNj{%62?#Sm~@+mKPDuy~(zs!M!2py1j!$#}%V*F63r>y}TToj-TYZ#TeOi zqNmvh%DMx*#=&a~83-zPp%0(B(eVK`q;y7=T4z!f;@^MPL#xwd?dl79Aq7LF+?Tpm z)^0cSmRMT^2*mM)pSU9CFrT$CL`1Y!LAQqOlkGhBYqw@ijH^vqV!Cd}9#1M@)q&JJ zdg1zv1NOMzR8SNh-!jyNTGZL^){&84XkT=v*@pN0I?ww-$L7Vk7n~A1z1tKP`mc96 z#&m>crCfSxYPesTIECj9+dJJv=)w2EmTnJ?-5`98OsQsjWqhePI}enU$pgzT1bch} z)(U130O74Fy$#P?-q={ffL^B9$QGUEi{2XH!<7_VLzMt8HawIF#G7o#;s4b4Zj=q`n_jkU3MeR9Q!zg zV6>REtJW{MgEU|T79fjaS$kcY>lidcM79t2p_r!x7r4@|xVkt|IkNw@02@Z0vF z&}!ptH`*bHBn`VMQ%8iBBA)4%?0t|AO8B_-;!Ussl3YGO5M~(BYXsN?gIZE?aUy1P z2}cw?K=(FpbXh^rU$qk{?!bYgiJD&_c4B8D*$Kg7MH$UF#d z^0||}F1?i64AYfSGPyUxdoLM++e3XdZ!E`JG<^>PCllgnd8JWIf4dVdc-?u4c<6~W z$~uU1gz)DstmEgf!wT=6fPu=WHH{9zs*1#~S#ERio^{O4-C4gA`75uk(>I5|d#c|; zuB>C4szgP*QF7wttPKAbFl70#149J}Bq|;2CajJmH@zB2w{ymv4|S8gqWBrkGt8ek zSS7uVp*_I51vHhZS~9OiOk1zwhVEhIb1W>GN4o~ouuZ*8v2<%qXmbvD<^7@eCDb!o zW{e`LP+DN|oF|bt8W0fEnX#m0SzUAr<$q^=DA;%g(D|U}KqIXq8GVznh%QMRr#1?L z7`MjM>8Ul~cLJ+3epZgj?Ks*S7I`h!c!m+4bSQSswF9q+>QaE}l@gWiviI))n(Hm! zI|6FDe8WDPNCANhI1FT|VUY0*pTr}9Yd*Lx&Ny&oEOv_Q@!HB;^T7$>`_-Yx+Q$To zgxeL#8Uyd{;ls{QHN@Qpf7UrNd^OV3W@5LamwTWoXbw?$D+SEvaT|^ToaAxrDdZmL zTJV`LRdVBPx1kiEW5WHRk=8lFQHR&j>uHFTnr?ZrD=%()_tS5Rgcl-hNjgj!p7_Ev zY@VA?l!1P`BKuL(liu^_wB>v)W?cPRRsN@^9g079$<67bZu+I#&XXkL*;9INJ9TW; zh`NrUnV(j+)kj&aD4&51YCPJE0jCb6J*fOR^7-8S=XKc2sNNdn0N1zq+6QL>7%G;J z`vd1nJ760;s*<7W>Sx#+2YwIIag`eZwx=`Sk4V2QAq>Fsz!WfF_U*T2O@r2N{8ECa z_0BR4U5{{|qwC~-5PdaL43+6d{jX&-SY?E!6jZ@>@!UifJePs0OJ0o5jYF`u1Z98nJ1l*Cm1cX6PGT%>ziudcqiJU<_&c-3#bTX+ z4yqCbMi8tK(J$h00?$#9*F8(Hx0p0iWp%~cPlf_>0!=L(><<_mJy3j=K!+`4Q`+uA!;&H@ z#Me5sjjBY*;%Q*@+=zeVejW55aNNJC;6kM%1{dv0Go8 zid(-vzb$dGXZ2!@+RYf~gQ8_e(bM~fSVbi3^7$_wcHx8@e*U}2-_Pamm*M~0kK|MF zSm;)6UO8i%8}WWtkE~k6w!Nsx;5;pgtC7oX{mF@TX_vMpqZ65_bO1J z8I{D|;RXKME6<>BFEfrJfds&M2{C!!N#Zq~nK!0|=Xq%ATsMNkF)6?P6iot35Vd~j znBdDXLAcPz6>4^b!rdFf$GR?Yb_>r=1h9+t`6VCP#x0nCM)0L{rJJsq@!yyKek}j( zUI)G#p1nV$V2b5BKZ+;Qr#jhnop$DOq68*oKW7$91jUdSdAtBSoaig1@Ifc}5aW~J zLXqjlZDEaQ@vEtTGBQ2*7poPh9a}cd-q`EWx(+RIiJLwbs)z68y-$Dkdl}Dk7)~~$ z!ArFs)kr&m=)ml2yNt4oZT=t#w=!2vL&_SReTlNHUEUFJ%vD>-IwI+r6VL`RU~oC^ zg}A0Bse`B0UTVkqtMI&+9_IB>IAzpzfV+(r??mVFubM)58ckh3D8duIJeu(JipI75 z7sw~UFw}4QaMI@#KzTdqq(-hNi^Q7-ZM3pr+Brnm!F-u(8rLC`?k{pNV9wuZbMp^u z!G3**?VcaE4ps^rDwy5Hp_V$v!T?!g(q)~_hGT*jG_=*v(Wz^Nmw&a!0!^6n>-YsF z+1$c{$H_x{ZL{=GM+(wwv3m?|JZsbMo*8emX?Z34lEWlV3w~Yo|^8O&KwoNPQucX{57ThbQ^g86C zLf~INXW{gD;3NP2+_P_F{vVuHh%`mqueNRU%o~hbq%d2IdRgSrx;!=Fu0qf7U!ot;LP!{;M;QNOjU4smC4uQBX1nOg&UbdC@^m5 zXm&v84q{jnuu8}{#8`A7KlYPl`p+HvdfWD^L<+P}UJ(c;Kdv|Jhy_`%Y6sOk^I-?_ z?De9|Tkp$OE<76l9`zfBA^?+pM>F&xZrLB}<$Dqkm$f2#-u0HVQsK&lsXjB?pCc$n z?I>zlkl&GAP)A=y$}gC(I$rXNv-(X=?Vp!b`d^aj`gf=PshP_Em%?Xp4cd#s>)EMa zPSRwLxa+kQa=xgLS3!x^M9P{mPhON{I7E}z?)+%RmZyjpeANBU9Yf1|bXnCB)B`_TrzJO@ z73Z5baP*y>a2jFT_l`Ty=cxN9?iBk~-0;?ag|s^A`1E?V7i&nnhY!wH-IW4fJ$(W; zqQK&f{xL^)z!vxy2tvIozZj++_yJyJS&kV%1fq|AZRqNPc(E*=zWKlWNrwseQ~~NE zsAf)ncU|)2(@`-Aeq_=9t=*J##Qa$4^NZPOJ=RyxYTw*a@%uwdW?OBkH77g&E5FY+ z)BCAkBDOpg-j+f#L_K6=Alk9~j~0HzsNb|-JPb|DxHi zXHH`xY7i!?2l=Z#RohM99y{bb_y+|t^xR^G{herwcWu1~Z>4cv-s)&oc-rINNbr29 zeGtN(A#S9{@sps`_M7{kHWEir|D(M#4~M$l8@MF9ETs~%Z;vE|}iH>2nDJm*~Rd9U}J=bYy~SN?Ea=Dy9` ze)DrL-|y%98NG0B*!j25-*@4ZZr`t{#%BPuL3^Iuk&g6wtc@pb7I2lRGqCgYI;V(a z;0!Eb*9&q|$*`S90A0GJ01`Sj0E|&=^BryfDe=i(on1_nKeCZVnW+b4-6Cik9cZg8 zgBb#&Iv5XFuD~|ULdhN4M1CRDw`yP(4mx!GJDsQtA39b(#8pB|`NWWmiXsx~PF(#l zFOpY##6K0cpU?B^dgJ{RjHjI^Op$n}u9sGJXx-}9z~4gZKu-lN&ESW5k>|Qcr260) zW&0th6WU+G6LG7-a^u6vEU~xeMkJiYeb0LFZ#69fquR>pJs94a9!9$l)`G{(vj_>2 zJcRh=(a#(Ct)FvG?iS!#B}Ed5YB&;s7M`=;YrD?>9P=O}Ans9>f7sM^<|-VCm&F$d zQI4c`Eb87SQjO1Hk`a?s6%K7qA?mVmuo0reod0}W1jFZPe9OCPv)Lo{B z6ko~Js)dx`8n|e@gsrM9u%Fb25)ocO?)9SAmyO^y)+=z|c%8XDt+5s5diw$9m%Ig1 z?ci-ImLff6-FqZU%-XGlwNMs5wS9$I44P>YCz#&)fzWz#)O?PyN-*o7C?V8O_%=v6 z1)c57XtxbJLfIMJ@NyGyKvWLVzu=m}?R)>R+{NtGpoK~}gH|)$Tw*nTJ9iuo&_A!H z&-utdJJ0u@huZ#Rfa8Duf{do}IKnT7i`s;Jv$*p>jlkIHiYC0GCe{0u);m6DoVBgD z*m=HPxY_ath|fJDc}?nI>;}pjMg+>@;IC)<;S+9p>~?GJU))rcdHG|9DXEA>v_^FO z_olrTj*I<(>b-=>G8)xwx92+y8Q`VekrVZ(rzerKbDgNz$nzS!WsFQ3SWPU%20dYa zvpiz)566&(@a@raPaAj_-^0felXTt|RMtXR0M<_G!l|s!70oR>OyMX-qkiL)o3~K& z_~KkT@`#Mw3Bv)QgZtPH0@mqkL?vMoO2mAuSITfY>v(&<(5)@?_V;o@q+@{mouXZH zr;i^k&(jOG6eK3{B(MUQ#yX`gY)>D3mgAE6 zcSNgQJ7q^23Nz`lZ1|a4j%wnJuiVa+lu51@b^Bt!8$!+J);>Qi5M#{O3}cfHr(uA@gQ%Nbrw(61sNT(LmN3qRaglH$!LxjJtHg@RqD3* zkF|Dcl=rJdZNO_2M_%GPh@@=30);lB2mBY963BK@qtuN6*@azC?Sp>_jx?qBX*%Pi zUF)~k*1?9%+|axAJ$32f7uuA&_+bl=jw{kQ4OViSsCJvEwvjYz;qpMiwI=?}kqGif zChY`{$o*>%6emeT3`^|5Mo?swkeYn7e$bww)7?ifG6@4VWexHv#C;psysgkq8gU7b zn-5jv)1WO}OLaaw&oVY#q~!^t*$hV1N4c%^{hC$)K7};2UNPi8`4Dpuje2_Y(2LPR zGtXZ{DreX>9S-vz@>tWSRcHO00Kc=$C5)@o-A5D?qOq75vR$}4EW%S z8H6djikv3#HjzU1v0-vld(8=m(Kj>oE}3k+-y}y&DNf|*9{HZO4Z8q%x%7jT{i4n- z(w1&kmz)#*bqLrbeK+|Hy9r-Ep7K`E0LDemEs)qEDD{08F@C&4^z82V*MDVqGzqI9 zc=u#z7iiwzewrv)9VS!RWI(V9K#>N%8hz-h;)ul4>IWb0 z8VeFz%%X8+*sDUm)OD2o2DQ|aiWV9n^G}yljGE^MVnPj!*Qo{!PS2?THZ*zLPRA>K zYt-~(Nhcv2y)}A-h{6DLW?W?+QQL01=Oe$WX&yd9HibyUe53taj%LyB8&vq#wHc_S zGVk{gP&P;cOXG&K1`|Xn= zepmb2*Kcrxx><=imFGvz;_!lx1fN&6M0cdk4J4HIj>Dh7Q0u%2aDm)~lc1D=-fzwZ z)D`c8Yv7|K&w6(ssjSf}{vOO#6rKYyS$i-06@l9!n zdJeFUkJeb&pB#^TtX33rqNWQQ%9{fs5?$E#F}OYbaviw8-*A1Jj(VL2E3k3M@zFy< z@C@3z)ix$>0`ur46;>cjbo1qaXkos+o^#n(GM981w4u9U!=U#uvGB2;wxF=`!Q*~g#fy@>4(Lo< zzJfi~EKKU!XO;z9Z~Y>ZiCdxb&f%^rQ~F&nACYgp7~W80zQEPb%>W9`+YIU z2zh2Pu#cf;BdezrFfs|N(u!;Wy&ev?I4!txyGfc#jJ>Lvm?>}MB~UOOupFV~q^$`~ z6u$Vg%g^ib^Je(p{gY^#EOn4jMI`@ZUbsnq0zCwZ>Q7B89V_hV@DE>VbbbWern?lf zEc4L1wxM4Evz;r9%y`)Iq2LQ9>s`u6$X@{QCW92c2gXLSJ?Xtl@`sB7>LMWS?1&X3 z9Ne0K_lx?(c&V;yCg5Z|5aNgZGddco*V>^hqCQO-zKYovZ)2yBH*IPsp$|bY!n>A! zIX(3|j;8nbkj!r(oaz1V=dQQScG{EN=1anGyl$PXj)|W^n1$jnZw_XTa`51$^?P+j z$(N{0N=6T5j=*>alq=~+#ALTzwR|{=%icqnOVBe&0z^C|0;P_OfFDz9^SuaJ_=?93 zq*(ztLof4Aj(b(fk6Ao(p??FdvEVfLTuyuf-?a`0==wg}MZ^@YFPv+Z%aMI?o&L74 ztAT&;0OKn7Fucuo+uJUFxY;Y9PyNig+48+e587U?>AdFFz_;~I6;5N@B&zB{WV|Qs zEl!eM@mYS@^0MTCqC!^Sfn25D)`RqFg)~2#e_odVy4ykVYVpX+FFc{^s)s#&;@P%H z9Eub?J~}m8=N`&S^MCSpRlreA$dN_f1A7)vnmK<&k4D17z(qMzsQ`_g_ZjK(#sbVcwI8b6eVNQmrchbqI6o1;CK zCs^HZ=rj=B&Is7qlCO+{y*fzEtaU#fvl4hv&@zP^g?x6HC8t$vWi5|YO`UyetCd<| zLc#t}^;5QK=9)b6?KdFn+gy80o{+^BKfadT+>bIB$ITo|KiEy6ZosrUERvT%_L?A6 zT3eu;3pC$ydaSt8=vx+`l+{99wNcxp8Kr)U7vEb!HLIxYs2hzuapsFK@I=uLZ0zhz zd_RIUR*Q(O(vKALuoi4$?fn=EJy_A8@AKGYccL;ad-0k2-&M60*1T}OFJ>s%slPV{ z=J4G~_AgVl{U5NG|IvE(FXDGLqzBD#SB17e^TA>mYf*h{A(V<26N%n0qVkf?K$O?WMjV>@9yLR0n3#M@dmO-9$iSRL5|=`Ag>6~R%VonS(*X&V2k62 zLCyw#BM(%uJftPV1%BhKAaW|nfQvT2#;FizxYHPO?sy(ZS_1_d7-Jl~TcM6eX|D(~ zXF$o}-9?66E#^F~LBUCD)mLLADmxeo+x&&~DaD2$6&PT$@$U8yZO5_{f1@q~k_#E| zd4h@&?4+;#{ll4Kog1L;L}PNLQ>rZfC=c#-XK%YvGU6$y4 zksp??N4Eqx!`NJQh#27V(uHpcXIIGG%e;Kr@hRYN#6>?q#CRVbwS5io{N9wghZA>= z_6*AjmT;ORdkCvR0lo(DcUT!H?UJ9%Y5!w?qUWm*{`7BA9Mn=79~6Y(=67m{(gYK>5SRhf4}|e zKM#leq-FjYKU#I2>?d?y&W29Hc@F;b`9u-cnq_h!=Y_xetANa|)9g!8~qd#b^ zOe&L%%-p!b;9BTDf5@11e6zAp3%f37FyNwZW+0zveb$mYIqJSSz{3XsMrY1>#IwY}h71hjnhMLx$~-EBE5&dSvY%q1X~S`aY8 z$X?9O|BuE1*79`|y>=ttE1M>BA++-OY;L zmjR38`h7;(@eZBFa?U1*-W-(3mRTdN=ztM;PwGo{W%uAMb3=P=g2`xyY|usrdWR-q z5Y_ksiFV;V?xey?9fp?<1=&yv-6^aUy#;ugg(a>}>NLCb*7)MMH)4hJ(tt2$Ynb!0 zE%%wOx08s096L3)xMYktz;GaAQKc!Y=w&#mMf~+zgOs*0yemENaWKha%RH11Ei%#k zvUEAhVjglKH4rN?N<437x+M1d@tpGyFzWo*|!Z47m zhe#$;?8thcWy+9l=os)KJ#?;r0EXKKN62CgOgpC68U)zBppVGzP~Hpn)dkocRk`l>33!ZXH0=70t%^eJl?@KX&Xv*z#2dw z+=d72AUK3{<$U(ez70^(Jqj7ju9hSr=@3|xhS5$-9T8)iC>~ObJiHuVk8iTGW*fb- zw11;m$az}Wn)0eYM8WiL-n~)Nz2%3CN9@TQLB>eepi_!4Iy9$lxQ+Z0DT>ATnw~4{$)7_d*(=MR3Dk62*dTaX5onie4zN@e!1F+(8QoNo*6wfDRp zgJbNZ`_@u&Hu1`-^^lCQhHr%@;uJOUuO5Fr2?gT(l!@#W?8MEMMGDZ0+76>N(Gf>E nf#)a21`KW&HkvhK+wl~W@~oB6EUek&y20?gk~KMWh=Pq`SKpknZjV5n;)tySw{;eB=B6kF)1+ z_SxM#=AM~*=9+6lRFtGqkqMDuU|>*XWhB&KVBjDyFtBZiuYe~rYj@v)f3S{f(qb^> zzle8XV8~%)B}6scj1Dqhx~b0)^)C~>>7nN`*QwqA`}v=-`Z$DN{O_Yq zDL5vu9sEE8+ds4XGbJA60p;I`|9M1&RGD0lNxanU2Ca`(Nw(?;~3f2BQhI zr>7^bKW}Eg@7Xj@CRT%j3#uq%H(c%YTXU;Kt@!KLZ{NNdmZP=l=OABO56C|32+;R?kGpGdW-Ia+^|M5Wtn!ZN=}j-(P|d<=J|S| z((34Z0}G3B6PBj04`0ToTI%&xzW*nkU?kXSk#qPeO-Wrgs&tWPz%Lf0KjVP1% zuRf5(iT2+ZeJg7CK_VRtg|gorA@0AQg45A*-)eQw#;?xq335;_DZu9x_P|4RttqNU zp_(!I&v610qGGcnjQF&i+owg5ZKzQ@H<)A}W(p_h<%M>Hf|zYD5s(eW7bw%(#~tWd zIr@*p{o%zrKeClc!p58YRrOgw?q9+F zlIo;kD?{8ZINvrdTHDkdoTC|CS0snO@TfR=i5wkdEK#hhLL2S8ZT0RSB?uOW(+aba zl)1k+2x(tha^TT83PqX~5vjP2RVzTAu;lQMZwuh2fp$jQfB4UyD5>9vB`502oMUft zz+0-@o^2Ry9M9}u`qzraysU$ilA_1|qsx9h*p+e$uE!J9mKGu+FAp#G(S+GZ$+20n zSP`woouKN45Z%iKcG-V7033>hR40RKj#ddT!{}J7BNppTAur!y`p7`u$A9KuDS~Ih zgAgaUOj2(+=t^{AWPtI-evFMSKFZ znM%C;U-g#|>!f6BbLk6B5cl$)uTI|D9-KqEi6Gjp@fuAf@QMzrsQ^V~{VN7jj7k}W z8e=FMUYPU;1h`n7{Gp8bxV~BvoiEt`RYYK0W0}Ggojz7RCIKQIWdRU%oz3{FVN@v4v`W z#+a%_>RUX$x)fhr2n76Lilt)(n!>KcH9t#m^wa&E)%3_fI75k>&&6X!E9GAgZ|B@{O%|n33{WXs#qHoHP)2@3oFV5zIFJoyEBmk4&AWmeb>32em&C$ zB3G2^dViPiXe#SDvraZlDwl0=>eLU4vNU~#6dmX1fhe*VI#tS&qbljmJX)n}$@?pv zs?QXp50^<8bNp~{CkJ!vPM>DbdJs^*g1n84mQU9mR#rq?<^-f730`n>b6*@U&XcN# zoO9_Y4Dg=m?4Aq-;b(3UO{d)&{CM9-PH8n0ig%!|ng1occ@TlBqx_wxZ$Ha~-tSLN zk7v$*o5E)XHt+T6x3xRJVG{%eRXaWzQsA)|w}ooj%!uJ*QEE9J6scN5THVu250)#8 z^Q;$}>5_$ox5iQfB^Wf*FXS_#c|I+d5h;=JnT7xCaKFd%!KQit2v$5H5+Xj-tHW9+ z*xL`2*Dim*4OVm^SkA_zlJJD>c>I`jwbmR1jUc==Zuj6!rh+&q3fcN%_El1T9YtPd zg}Xi&3b4>+P|LM6VAA37w^PdZ#oL|^J$nT#V;B11}-KHT6iWb2<~t~ zi*|()Nz_fGg8gC>b{hf;hU(7HdOrcI_vF6A&5kMs==c?aY1hvbN;#7G&BGQ~%jx>J z%tr0unBNe>f-9Lu`h!2)UOmrW9qzDOVxS$(y+E(yLkSzMv!+l?<+!n1uIL4U(_-O!cv%TVA=C3|*8&98`ozx<5~B2PlH zknd^k$?FE|X_U+TNzC1)AKJxm2^5sAUQ-M=j~Cdf+@HcjO#1_LHw(uyS1*O15m$?6 z$rKm^7CNF_pP$0)9k;?YP}DE(M_4)}z!mMt5H87|aWsmd`o0hTzXUx^X0}ELlW3Kb z`O@k?^*stdOJtD>hG)ec-*)u`nJ5^0od#+uQ%h#ii#^<59S&ZOa`$^y7N=E93SV#cIj7m_Ak-|O)SbwmcEK*Z z)KwTD=9VPTpR%dnyxZLG)|P}Twj9b`d!EMA&--bi)a&h(y7flC56`7OoVxrDsiS;2 z%WARPaDBA1o(Z(v1E1{IgHfrYpiIo(pJ#TucFK2Bvptq48iuzsT}9<`xX4&a!Yd#U z&FlD4!0Sduq5$x2{?3frYxfVgeL6#TB5TU0x`oPFq>T8?97evE*ULNnmeG}pDiqI` z!;)dq%yxR~2H%|d!cWe7R!s+bEhJy#_fNQ=Q{L2Au;}<%)mRYaP0GEfFz%2-VqvM$ zRjbmwsW4>hFR%sW%kWDsynPG$b&pE$6}HV&Ja2sE@&1~}`HG3_O)2qH7(UUtT*Dz0 zw^$wAn{EXOSHOF#{|fr^b|8b_=;5Rp{NEmiOHjF9nIqAs^+o$Uu4KMV zyP@OYz#(aC!*tq-4(8b&jYH6PJ-{$=gQRlaTrc~MSDQ+w^SYves?|Zt%e9rr+K5ooc3{Q?Pr#dLAfm#M<4a6yzsGMM80}F{ZR{IKGJS}rFFM!^oKpvrJFNB6X%=JcO%_pbov2dG_b)x(kGFWb zQdFZN_ykXSsnaTSZrRPRu)DD`XYmD27OUl0&DT@PmEI%(tM{+g{E;ov?nP;$REQai z`mMj!bzjR&CX3YY{sQx>aO*Sgk3y^KrM8{v!YIoi_yfT*E`??R58dpfR}6K8ToOYj zeXL&wF&-X9Sl)c7?4%ptM<)|{-!~@w8n4#sbe~B#cLR`|wf^A|^X#KaWi~|M0Z0Li z8TdLwuzD+_>oX{p2@*w0JVqs*^kVaoy`r&%Nq`uFhYGe33nKUGb?Dbf0yeP|qiU0v z{fe1P64a7ovbAay{yLQ!#fZ1byLvN`By6^wFdUzzK(NOad1H$poa&Su2VB9f| zIZOp^$l+WAx}nD<*6T|5Lp_|^RfL##6)t&FVon`yw^$o&O6hc%d(%GxGYwmiPo>ic ztkg|c$_+8m_;TuTJo{5OM?_O3t`J^|X1pbW)>~3M^l8XA#nNTH^ASkpu!J#xL4Nx^ z440XSvUQQ)xjXvlQIxmXabt|-s7wWnl6ZH&ULhT&Qsw22Y1OcGLQp_fUCy1NENT7U@1e!I&z}4|U7nQUGVOwC$#}E|ktx(ED`ZWcF z=y+yTF^Q<5BhkP!_KL+ySPL{VseTlKpY;ycOM-4wr34=#6q~+UTpU}sNBo#|U|TZZ zr%QY}?NYi@oY06~XpsM1UPPj?#c1f><(~J|dm=78HT@0hA zQnGm10-f8lth}wIB}#5C_x_=Bu|m2}h8;%4PhzCUgN>GF8<;anWCFo7cF>jKI-514 z>Sem7va$?qgXxOJ#?z4z?ed>%gSF0+xM2v=1!e2~b$PU`=0EdSoS!<}fWSKwcjiz2 zdiv-72BUr}VAPh1yStRk=l066v|FDpJH4;BqZ~CX(5nk5Ov;@Co9I-`yjGPhq&}MK zAQP90KsH67sBmb5*2REiv0{A6wJ!Ihl$FzAC)p~f1-$8{~m#{ds3&|0XvfWa%O;wbd-JyGK0eDUuLMu;Hbx^A=@#7KFIeu zVN=fu(INY+-Z-#r12Jqek9YHFHW5~T{HN%E&(l9s`X0>?Lc&K1INA8bBNWqPV?v9HG zT^Y8297T~1R={4_i9DvsDc#868ciL~bugtUlC>ojbXPOmRw*Tje|2;*SF?74dv`p1 zxlhR-6xF~Db=jrNZH@mL1rMt8zUqESL0Sy|5}w=K%XqK5y&-)U}iNm7B z^z#k9c@|1=MBJ8~hC%SR2_X^<@$til+cRFTNUKy@$!XZnpY$1@`{gY0qO!e3PX^2V zrGFi0#fG-+HIy%R#|=cOg2m=$_d%q3AK6IIe>cek0ri0tkYm)=u|Gd{!rIQY8%mfa zsFgceaoA1DpOgn%-%&y|6RF)^gG46W zEvwT{)}UMGWPWF~tE1U(cB1^m9~G|NAcpLUF1=teXm&eA@T?uM`wPlhi}f1`vwFGZ z`}|1DHEli^-Ia@2-6WYUa}@OZH!DJOuUQpN3la&2c#IvhgScO>lfT#PgX_`KA(k`& zQR`3mv6+DEEWto$u?zWz(s^Q1UO`r$e&wpO_e(Q@?{^od2cHzt%+xK!r)_m}u6~nC z4&%gJaa)`*+3K{x2CCAh*~U%JYD)^uV) zs+(rT+63yvNrgSlwrESRY;t!v-_YoD%l9jT@7un1`TFiUt=sh#iS>gHHi?H*XaYjB zZdw0e!Zv?+3Lmo;wBvk$q}FEkmHl!n62u4mGexDqg_FY)3X@7q`k{O@mFERNm;JzT zAzJTn@>eYfyG^J#I1B_b3LZI&}$6p@2kOgIC-Eb%B`}Q zJ456udY}qTqW7op>5=&?3VwW3^?R(?ly_1bOCw&he6 z=N;Oi#X=TqpFI{D0%?8PsA=voe7=LDxN8<^J$d!K;IM4)RkeEn{un5^jG&aV-1H91 zS~1HY2>=$hsXI-e?lZs2sR|(!yD)^q31zk`wKfQ7lW#(H^`=V53@Y8KG@m>9e&dvq zhEje<<-Qw#F2h8QANmF_YY@8oWjP5`b$%mjf_3_b@#{^7MCsKv$!I3sck2)LuIF83 z+)tgM#*Z;V;vOYU63*hI@1|7RKA~QaF5tgtzJ6i%6c*tV2~R4OrPNlreIsOcv*(Dc z6xypy#Q(CxZuYBx`?v8@MaR?In^jYX!!yp(xvMb4Ek2hbvT~#5ug?73&;mhyqN<=| z8rU+4OvOHSBvV5CLq_ubxZO8B$1JP|s47oJD!H?*x^vTkoA=2ga1@;;eEv*MP7oA6 zFC8;xUIH9YbzI{Y3bw^|&64*WNZ7=*isHnuw5o~&Txr3mVF7Sd3hC zsvJsE{N_K+O3#hM-rhHe9_Db((@JV_moNEM8*NIM&14qHorYRYG}H54?}g4DSX@sV zz8SZFuAOu&Pre+2;BLLKldS^gJ|d;bjn7xO<@q5gWG%#jr=54M<Vvf4Z-$oU^=Xf(LX|~O|@B~z-n53k`J5ivF4<`RBH0^ljy=p6Q5=5WbqEG0v@oqs1IrHLzR=QVmV0jTwS&-7ML?>vLpF z!!hOZ_3iIUNz=(v?Gd_2t5&Lebc8wCB9)A}k?pRxWkfh^-W$UX#QbhJ``TqM>|W)+ zvs*>!;$fCEi?LEac68f+C7ER^FA|hhQ=AR9(JSNn)Y<#e>*yO2tN$BpK)PR}mG})h ztm1A0zQ`ug>tdP9Cw$euJzE1wYBRT7A4xU{d4Jwp5jDHpW7N+4!BZP(OZsFpQxD*@ zNd4R-i@D!xd{vx3z=qhfDT;Ax?rHp9f_zVbv-@c?@q>Q4Tqi;+1NtYw5rb(so`xNY zr5$+Kb(HkxTM2-tPgvo<{@vs*O_85)CSKJo#shYcH+?vG>^N5CGe!ze6B0E;$q{CJ zR55cOi-a){@Px%VY;)PQPQF4j6tGsXZ*W?|VoDZLzG-LFtO$67y$>uB^16K!ORLO$ zmskJ&lEB2pUB)TyMoTV;<}iAFp7;%$4-OrXOofY}L~lCs==xS&TCR6>n?fqPq(pX0 z!!AR=9C64<7RB{=nZ4@=W7S@c2<0J$iCRT=4x4#OH5)~zv6#0rKwKZd-*6Nx0Qp!d zlPl{n9wrY<;zLTql3_-1s#&aIw69!&>*NA3vf7{4U6y<&Y^VU#?TNjV7MW6OJSm!0IP! z6Mj$j${ii!Yg+4S^LxW&C-)KVQi(3gK#8>Y`(~LC${lVm7$3tLSmB6Na-pmm6H>V( zmTy3k`DR-p4UgSolxa)5UF~If8XK%JNGV)z(>mL_%-X~>j}lyrIvo4Xr#}F3{Hf86 zOR=x^td*XAe@$H^4SVwYGA17=_GdVtFr|nW(hj{GOw&f(U2d=+=r~?p z-`IulxSWBsD)bS~1j}{X4J1ko%c9%NJ1ajldhe>iD;JiGYGOi!zP*yAaZl;v*d>$G z-?p*4E8DpX38{=KJsgDZcxP{p23F;kTrh)}oxkDjnxQJ^B4^-=Y8UqcE;B{5pYd$n zwV8t6-+xduT1>ev?~bs+(N(N>J#htOA>~OtC%U%o!M2&^mapjM)qH*7H3p_?0Q5%T=0Z}3@GEWAk3p5VLh44&1hHY zQC|?x&c7K4H!+&3-Q^u;4vCA(!BI`Sv@lcDaFeWGa6Njz?Nvo!wY!h+Q_>DnA%$Kxw^$KzlWt_ zHE{3Q%h%BinhYgrc}an*K0d#Vo_&RkONbm|i4^*3snB&#!=R4gp=Esr5<=BfL+knq z74uE7%Ue$!+jH>)06eZLpp7~C!;n#uHyfL{a1;Ytg z-QLH)1m8eCS$$FkWhGJ*#FlpZrw9>C21=4DdPlmqmVLuM!=OwR9+1y-+hND-i{GOo zvmLXSc8vPc&fS&9Ci^_>sGf|AOJ`8_L{b)6wO_RKl3MF)XC9lvm5Y+=;U+~Zi3s@a zV(oF-g-%e*=T;{r&E6_$MKNku5WXdwV$|;cs#|k1A4zgTAi(oe{dc)0BMK2KOb(f_ z$#}K-Y@J0^W0ZtT30UzDjBh#_6v;&!bp;?!lD@*Xw_W0o&lkoN*T<&6x&vqNaRMyH zGDA*l?dGsHN8&NPf2DIr*&_Ep4XtO;n@ZUNNqBKj$ga3_)Y`%Ax!A?_NE$vaqXbI( zgqy`%9X}fjA$y@On`=xa&`cW)AF3oyU5qt-1r~$0H+^!rQ8)u^b^1~- zSIk^l!I(pRvhdi{hCTdvI(@9?_IvG{;310#NU7}3av2K{05Tkq z)?!ANLuh)K+gd`xNj2hqTJNtVAgK|37C55?7w*O&*{@8-7NXM?HKC)y$4l+FF38n- z(HY$aIfGocox4KSS<#l-01V&_{mk1qBa$xg1rEoY*5-A_u#5{vwU2=J1J0D3CZ6fe zL`%sagP0?<$vh}H{@&gwV%hbuuhv1mSI~)7zDljH_jGfErBJN?O*7tSFP3JGW3%w; zhF$2dZjcdnuc5G=6(*W-C@1FD#G7S~Vde4bhlO~w^QJF{TaGh9ZRr*xp8u0Y6-cYC%Gf}xn} z5Sb-FAg@)9avtz2g-bCUQX9=$IGRKY_afuks{Zo^lBB|bgh*PhMz7P+L(}V9l*3~@ zZLTQ4!oF$Ks1e8y$sYggv+khVn>w@-5%E4RQfvwQp-@p>wTzn@JFm{ zVXopRrKOBO@3p>j{GFxdFdmrilr=axc1A5BJ8HbYC3b_3b{AT|6%pwYu-g%DDW*_y zAuuoRM12i>{k>R@K+=*5l;Ki@L#SSSR?tUwywGeaaH%@SB$EX(pd0pHQNWnUckXF7 z>@dCB(CvmO1_n6f;YIu|wR1EZj@9*&A|f6@B_iq%QY1Y{6`t;`u;E62jVjqU^dw4u zHwZB-{9qWKDbU}&T$HTs$i=3}uI0l*$53XQ8qOr97-K7a<}={c*Z2~M)fJE=Sir^| zSCbnf_{kW(7rj=H%J;i!4>~RN7-Q~^+fr!gQHb>+*oDe@R%u+A2jtwJ7O}p1tX7+U zt$JSTJ7LmRvPITAJs*1`Y>rIlVK@ZAF5`E`a<9Fx!~uM*=;hH zCzrKGS?KBu1WKDkrootJN9HB=Aap9z?_-5!s<&2q8Y&*G-uy0&5B9+&VO9`Z#A%6a zDt$Ky>IVn+Mg(1IOLkI8vpfb3mJ4yZc7?lwIctwLqgKla-;1xZ-E*UF6$2iA4ePbL?ucs(<(%pv~ zMDQ$J@r>!1S4z8u+@@f_<7m_>^E)JnyJ880{<-;Lm!@?pbSfO0y~B0eyv{Jd5ivv1 z#}T1l<*71F1j*{D5Op${-+Z3fM0y8{PYa~SX8tW#dx1RzQPMWfv-LLk9+$@~4@01E z#jr0C2c(AlE+~!>0y7M%p`olw!|BSPwf&&@k~aYoIl(udNcc^5{9ya*Ws3mVA9J3|_VcMUDJ3VV`FS>Ka5=}^$!+c-0aBj0ez2xN zsFk)35#NIu1RB9pY0;s|8mDqux)uVqOC{od$zYQ4q})-0RK`=140g_4My>YzJr-jp z!x3RZTU)nz`_4Z=gj|n}f;M~5X^}?p^Zn7HWnXQzuKjMSdy$DuL7@QCyz8;ln9n1t z>z&hNv1-o^N{nmsmqTdx-sxh)awq_70-*b!l3HMN*-R-xfA|{;uW8}uGx>nLwuEpZ zs#oYz+b&t`$SR=Sl^CkzcaAjW1}!wU6gZ<`8Az03n#s^YQ+BNnKpwy(qEjrR9zY}R zoYAcgc9B_7=l{b9xZQ3CY9MQA2-=tsFoN7H5E2R@elJR+4YQi}5v1dLx)@S-P?3uT z$=cfV1|H{%>*I~;?QmpTK?+!LhhsuMsz-5p78>4&ZWUAO06?S_B_v;!YHna&UxL@L zDZWHcGkBD-P)RZcv&VOoFr1JZ%~U!V=_-aka29M-H1}CVa}}23@Yi+375KA$+X4ofd>wq1Pjh*?%|fwF_;k_z%(7|l;q4Jfbzejz=uom6oJ9L zRi-(CpJkCI*V%(Lyw6S=nR@|sPyv0K6^}o4{yOVvFE*1E5pL}$1!1oXM6yedyi1B7 zn@jj_g5MR$A$=gyb$`6$9JC}9(j*DleP4#h&uxd*eS17pF`CIIGc$Pqu$g3>dboWy zRg$gvJ>E!}zE(G;+B^Dlp_q^j6o$YD#p!SeQb;M6A!NvhIR{Rkx;@`y*Plrs^~Qqi zLJIgB-=CTY$t`pTnzPwa(3OA0hPA+j4Cg4RJkoEluSu?t<&|9G zd1pt>QT_=N77OyN6~U;{>2wVpZ*he@L4oTrv;rm}uV2<62!E^Y7fr--lpS>Y#zmovUN^dLMr!H$Cv@etTPD^Iw=3+I@7LCRlQX&AE zj*310tOfUr0gSseoCyc*ARnnNG|@(~Kg`Bgv#77;*+1`F{|Hy5_=nh1A{CL4(AEmA zPOcyO!em@0=T`6y4ldd-uSz*@A+!%(M&Z6f*Kzf0oMabM=6fa$5S#ba#;(Y4W2M{S zwgQJivR@k_PfIcl+N!$x1T6DvjoS&0gr^|e0vh&brawHPJNfRvX+l@J0#GlVDy_FM zhu_Xf97FWsK;Y|_ukMZ)+U^~FM4892$k|W_{hb~-LaZW{q{G4)bwoR(M|+|UFtrx8 zK5Htzyri88N{%XC{MJ|7^OgWT7-=>T5K-z<`T6E(i}^r*#3z^C1R~J^Qo-KwRUp$b zCv;Ho>%9nXa?E%lJL2gF1eJ-voZ0sK{AUO|aYm%g4f7INTYgjMV^?~%mP9SnNPBI3 z3<>|y+Q?6cDIBwWrwN-Pe_Y*6MGF&RrcO72MndcBv~nTw-K7A@0SGhG>`+e)6*>b% z+T@(SihmV<$Pi>8@lnMk$9%tUTe0pN`MWz&{E>{+bqeWMYwIgNI*^?Az(dG5InXP9k zGKFFDUy`Ft<*J@|HZ;`vz8o);B4qiCAz?Ty3RgM114h6u3G^N)Z;gHd^p8608$2gH z9^^{@2yKz?Wt-boE8M)$!NBCwTl!p1@L|6b#L5j*aa>O}_QAkVLycTcHl?uCzeH-? z^e+7LQK3^8NrwqM^qe4U+%5);r<;^Ipa_rRV-<-qcj}P6lLnAx=Ks)XLN(G7wONc` zrtRU*FzM3A4N6z4|^i5nk9=trm88l7TKii-WPwP0Ojy&Xb zbref8sx12bT@%9AQlRL$daPaHWnd`5=%t8mqe?l&1U|gIaL`vEfBLf)+-H1yvG8Zf zb<9~Mzeub?Q^;J6C4W!Rkw&C;UYzHW}RVMmrnxvMIPOoj=MM{WN0d+{1e9hG=R{sD|k=yC-HHg&Vms`3t zOmJEuR-1>ZH6EbSpkCaMHdqNC!-5!@=*Im2Oj4>DO9yA;IksS}#A--i#2oy9=|kXRcmm)i}!A_DKt|MPW&C_hCL zJT%`!sm0>THo3Q8?yp=IpS|_cO*7k1B25|pTCwE zDFV=A6~A$B{JH?;yz}i3*BK+(N9=S%iB$IEBKnogt-KKj79;v7@9y5WqwD&hdyYsF z15<##nU_c6VD6^y*NX2kgR44Kn8;p?+mT=+~xIS$H|$7P8GD7Jn^V`6+u+Vrbves-itu7~bhzeN3fq~8+I&(|^K z#DCtOl~iE7i8obKj5;gRElb_`iw-?iq7jndhcuPt)=+Tz$!{gn+1sbCn%8Srltbf4CpBFe0;H5 z;H`k<*~Z8Hxn^dZvRdgXjY=V(I}IXD-{xqHuz=&u679D?EOr+Zp4F-@G8=zLk4c+( zrwDOpZVq>ij*jM;Rhi^^3}I0VJqOZ_AQa%xOASo9HIe;U8Vq)@Fx(b=4eu&I8Sm}D z1eNYSUs!Bz??_cF$d6k=o=~o1>ZYOsot$OGc5k|AI(+QLwYfNiBK7)b7#uqO z*1`93&} zW zfk&J_5z)e&R5irr2R2zZXKSUFz$7>~)qCpK38>#ToC$2&A9ef}rB_1E@5`xt>;^vB z^I*$ebtGoAq_DYhS+brkrY z3C~b~1N^K4mu|r~jW4BEGL;9CwWb(3gV9awhym>)z?7j1a*yvi5gqb`_QHt0wNozB z(uS*4j?IU9v@MZ{2+78#s(fXXjRo7(L18ycvacqsFKuD!4$RMgTXLLVcs$lbM@OqB zM$Rl<=7#byb|>F)(3X=J@<{hFyi-+NvH|Gx=Jvl9j2?i>2+6ZeC)FR8h9uG(r4YeE z!D<5`5NM;4 z`p}9aRj-=qI2shfh4&vz;;2#f=gYgOa^?GCL^Geo_j@mT} z)Nq0EU*?tARP4uuSg5Zmc=MW0&gn@J7t|*vJI+|J9WLw-L6&fUl-c~qdgiGX z78h&eVlN7rMobSeGc-%4%3vN)R-7#@Ew>QRNn0b(TBY)=Zt3;f^(tn3J)fT*=V>mn zf#unFv^}}Y$jH!tOEx+!eoW`fDED$Y)cdly(nVSd*)=&_z8z#D8V|9sh~(4nUaD1c zQ?+}KH%ObOCqGfOKLBM(F;z~J{)diTE&`}}TqiXf$;b6fy|N>?_W(tutyb^Q0Mg`h zz35uJ)aJRJ`ObWJex}^;eoPH*+3Q?!@AvQD-CbQ>(o9vJmK>>()l4ieqm2t8hMITd zmK?%^)m}=8n{O#7C{R&MJOur4fECsktg~6Mv@nefIrEX&^=sHt3B$gL1;%Ab;Qcs~ zc<7lRr^(8};S@*B@&ddb%(PdUpRfLfwI$WO2U-_g>T_dX9ACpTd-Z{(`*a>HZ1-k! ztd0GzZUzw)#G)zd(4G1hzolY9p?DUF=C{%?nslK|BVUdH^+BNNhUh1nW2KrnW`kri zfUQ-37MF>Ct6vYgK3?|4pZi^HKB5I9Qhk4YoCWBxp>W7PW;Ih33KEiT@j{+$Y&^&+ z->9N+&`Awu6C}I$ey0T-s|_@)cqhpfcoa-or$IQYzk%cvZOQ$lV9tEb)Uy&nRv$tE z&%?N;Q>InODKTP0a3=t0o?aZ6(T^!>3h;7=uX26to=02zHUOTk5x>$++z$!}c)-JT z!5SN%W6KRyI0w%MJN3M_q_!?oD{f8JMtQ>e?5D4*z~4!Eg7Nol-O2SwnPB}s#Vjo9 z6++6mFegB61F?gzDv?CQv8Ilf+T<@chT?o-q941Z6E}rms#RO~G9p`l<^s;)S61(d zPll4KcA3_3c0@q!scJ09p_U^71lWt_#CcOo3wIo77vIq|FPsWE$qWT3*z%e)LusZj z8Wq&Z`s#-m>7m$ne7}sGoE$|BhJ;eJVjl#REp@rJ0T{~%-klW;z*eL%A>W%q@eu$E z8?F|(e|o(4m5@#g$ZU#x?tX0x8FX^8J99oo8Aobs5B2*fdPt}YB)~H|(wQ&+G$4_S zVzHWa?YvxR2g#0^>pmI5p3;vDyoJfEy;ZK#if+^>)>sbu{#_^*WQD!?gGL!(5v9~B zX9~=T5pbe(pZC&+4YJF|z8bDJP%MOuKH>O-6$2QZ_!co-U9U$0ufUC2G7mdBzJIw4 zoX7LKx}0%K!r^KKA`02oIKM|OgXY$1zKo+H(V{GB)$%Fpdq5_xNgyjB@A8>_n}rTv zVRHMWR@tRicR;^3>0!3KLO<=J2-_`yls0=3B3fR6Tv#XbjDS2A%fWZlFt zpa&`)HkwDj-qu~%PUwJ1R!td39~fB>XkW@rq#R!z;muIeR>&K#<-SRa`l0ay3YaGg zDy6HiUnp=udo1lYCRs)m9oSe{YU*WL>Y$X|ZZlk~1Ul8+9^i95-NZCN|4P{x^l#NO zmd$mK@UgJoeG@tdcz-uHr>5R=5z?5OfYl#t7*AVra0|B~+D`8}i6;bK(asN(mubnb z&FP>#?xB*!zlc^UgtTP~L%<`zq-&##Ew09Z;LriVrROZI1N|M%`s?W2;hM8zHw2Lx z7PFJmqeR%IK@J9W!zO&?GLFK)g%0BRbEjM-830Sw@TdpLNCo-mv4$G7w6sKVrt9&c-J3r8iQ;4C8$Pd{Ps@lE#{@O<|4G zD??+eWdnMTR6Q?npYoJF+zXTni4=UfLcS~KTGrE}Mo5Wc+Vd4j+A3+3Ou51wOzk=? z0)J_8v9*9d`v_P;Et@J1An_$D=wRcydTRScEGR)Co=)}X1flcI9)r;rOg3Pj-?d5( zD{NK59}`wdnJ7BHLb2o`jf47X*DEliqJaaZ1t>gxS9re`7c;odsBhz|sKP#A8);`K zNq1|8b`x^uPJP`l6dks*d(w-bxskld&JS$&dEbA)hAMP)gg z$Vqxft3=0N$AdxJ=+&x0BVDBoVOV0y| z{C=RYiG|v?k>blzCK>Yp<$EO+$3*l2y}Tl+9)O`W9V$KicQl!W1afh8%>s_$2jE=* zmIs?`%3DkJHPHmQI+-dFuQS5e&(*Nm!jd_t15w%>h{svN=DU`r$iUs9p5GL(>(3fr z{VV#Gs=7`lU#o;)Hg-}xar0;VX-_^S(i({Xc+o?BMx$Y)rJNwE)h&

    !kU*Fa3_Exo-%jYIq;`x&AV&jt7poI}Pw&O2{_)9g zEDD^Vp>Ov=9zU%y5c`qvlxLl}Tzc>-+abEs-dQen)32%%&D(iJ^+2klB9hG2dC|kl zfkSJ3%)t$*!z$R{2t4F{foB0x!Cr(J#G?Fp6Yt_zW(~Q-A%tuA{jxL52ehv z4@P4bK^GiR9SQgtjv=kf5v+JL3vkq`2zMUe!d^!)Ge#v{hp5ANGfkWR3 zt+3@v6MqyMz?7@u^a4^B^EG(vs!Nj%F>g*0#9VttWsc3a-g4SJUBW$gbvBlBh4aO` zR{E{beYR`O&3nR2l4o>Plje1wFqf}~1-`XN(;#@UpaA|jh=E)6HE9+om<04AUEM+t-JgRPFz^k}Nzn+O;sQ(1?qlO#)~{|s78dgNyMEX$ zP965_-#}7rs8xT4jVuTlNmTYMU#kglmA}MHd;Zh_?kxX>LicFA%7#LW+Of?l4-(WU zf?cT+n>3Z{wHWBe`=-V)hUT!Cvbn|QWYk8Rg50X&<~ZfaeSOkMJe}8XX&=`S`6K;# zb)Dimlc8iT*LHA1b6w*`kMqF-2>tYf-Bm*;SnngU`0|;TMIfz1aMg1?-p2pN@WJAO z%ec0`{!HQT*=XpA<{ntKKHkMgXJ2~6<*nC#i8F)^JV!ks~$39aB{m92p@#WRce?lO}jn0E1$6sxk{#p*xj!-TPF?sL5?omYRs@e%qr;`>n9wO9gk_ zR{KZ=NJ2cS;LW9#mwer1Oc6Xdw7w`9dmtP|+2eh1ZKF+18CI|`o_D@d z^)<)m*5tspK$WM0dwxov8&1Xi;;rF&xM3St$78?7} zrY11>LvPoyiOegm72+d9OSp7Y*Q(|zP{Nyxkq7=At1+^iIY zF1KHOj;MOnIZi;gOavl-DKB)2=$23ZM!7I3NLIqLi{q}s;}(fP-*Z~;V!JzR>3j%V zm_M*xqCDHp7EK3B_5*yz&2EYz9sweq$dCmw<`AKds0(ZT%xz6}ObH6O{MLIy0GSXU zaHl2Y>$4AKy$`@xvEu#ap@gxSh}R7d!e3HS0f333HA@qxIB7)AQOMBPhLke>P~^l? z%;3L>NlHE4r(ezKR_&ZA8Z|S~Q1zI#{)w8|H_P$TXum}z(EZe9nVuk!Tj94g^kyV( zW3R%+#O98v%-g2kC++pKOAqFlp>4oUFlr>`a$t2zXXk`u&n_!&eNLy01?yUstL`iM zR^nDoJN#-dSRx3Sb)(i@m{>DYG7~u@cAduxBD1DeZ|KpT0D$ay+XB~22rSmu0$H@k zV0931GGvR1jdI}t3QuX?0UHHt+_uFN&VJmwx zse%S1(LGA#j<$!>ar8rNCj18_xhb!|B&1Wby~SH<%R)opC`WHfs{;0tl*_o*v13Sv zL%UP`A{yh8D}(KLSamJvls=;ZbR7pEa#x{l$FwUy<`0i}kGFyFlYlTXfeNLsVon|JfvCuxkXnGh{sQ;XE* z$k&IWPNxfL*JN(T?oWK+B0d>$wvv5H^Uc9PFi@0&@;?w0V_?#>w_qz^h)Mzn2kkfc z*a{#VD)m?BK;k||S;hvGgezn?60+IxT7;A&F~PwekZ-jlzFszI%gmF*1m<)#hwI{%zG52{mHDFKAY$qmt&uBXS!X_!i56#~)*$Z1dWyDiruf!ip-3$Kp#f#|Re^C?JZkmhs%D2_f1|S`^ zV<>+t|DM-@s%;bJT*!9#0Y%v=;1wl$1O{JhT_hqWi9rOCTk59Ae?&kIv^PKPVIJ;G z-w$c3mDYWjspJUd#byFHfw>qR-Et7P=Q_oG2=W%P#Y})k=yC@L5!R1|IqE?1ZW@05 z7V!IVcgA8o^6791gh}Kr$DSa#pjYd|E!mE3aIcd>1sXe8J%?A1pI{K~p+J*phDk!G zRo?>>z@zWhe}G^wm0EDvLo|FqXMVSu!VdrM6PW($cwL2_(<8+LuCnLN7J1Km1odUb z-CuQ2TWc0aMg(_(m*C}%y%9%2J2L$f+Oi$e;9sOlVZ|6l%InVN0smqKtV*L;mycp}dbkno}Gw+5JTC)ZbnH2(f3b?IE&$1tv!N^tChr+C8ji zzK)%bOg+y60^@Epe9ufJB_-#l_HU5OZ<_}DF$Ql;4*~-1P%@eZT^vN69jbVRSrEeh zUty6ol7d9$IFF@hBW^9tTstQT6x(r1F)%dqpOHM;64$UuQ$%Ut z0(Gn-2#@df6v5Nq1gvx7CVpg|7Pd9{Q+z^y5GD+W#ZNjvGVrZf-I3>Om7rW*M$`!(ej^A1U3Goi4(C%kAAq`*{RI(z3~Ldh15GfIk55V z0HUbVYoa7EXD_JJ`^iQC0<7qYd;0_q7d{ETmV`mc^8gjOE{P1TN0Er%U6OXxd*%TR zI#e-%gB6~<4w*{ZPndVx)nLdgp~GMI--&cb>AWyW06U;q$yD>PY5_P`NVQpVWz>=w zp?1O-!Avd%%b+uAnvMlfQk)D71IgMFspIG447>1lkx`@gK{`oRa|3FfA}lAVDMCyZx6_XEdM{r*3`@(@n%(ezjen zOtuHvo_y_M8sagXYa1z;kZI!W=p&;}+dbH#&3u$vsW5!WwR7Q9V{kvTQ<3Bql_U8F z>$&O6rs_AMM)=SoFF{94_W@rO`1tujQtX&pL{h*}O8fH(Fs%$_FfF63O;yw!MFGSJ zk`KEdE&W{|g%gO#Y<2}P8Y(4vTj(j0fc0XNGewlC{;6bV3h%JDC zHx2rC0LRtosr^NEqJgp!Q<=Z)}L|Z)^xa zUUl>zWXcX70{Wxbp?{r5Hz=%AuL3xF$`PIWSkO9&ZWbuoT4@B*R5|h6g)c+vISws49RPf@ z(EdJJ74_&KKL=#gBt7$AJn`H`bfaUnOP{PX_#*1^H)SbBvdbL(-pLKcpy48|oY8Qzq;+y@+~`WJZLb^yBV@IkB`RyP&w zXm@PwW00kQNr8Z{Fr%8ow%myX8Xm8Nx++Kp{hN?Wxc3;)J=2E018OH+#KDJy_l3m@ zk*;Zb8*3Pt&ummJPfYh?3^yGvcuo!w-83{bx(?f{&HJpa73koA5sCg0pt@xiFqP-= zIzS+R4=DXP;-c=M4U`-aY~KZmUv<8lBzJt_n|CWens{-#VCV+xlVfpB5q=d&D7ci; z@&@8pH?O+-~w;>3Ap5l3$RN>urnB@AzLPcBRpYmK%C1%Zyd*q}zDQWs{E4vOGqI}*UKvhuS#rvIN;N|Iw5 zHGATM?&Y!oAps4CLZcsY(kaAJG`OzZby{q(y`~^1PYWaTC7yzdm1#B;M|!UNFHzcfVn^bVSCjNxaSS6+)g3VzXAU)1aWj*A2}u2hnq$A6!; zoPrT}_L5V#Qa_qf#Pi4Dd!C4>s6WbhX`eA0(j;HJpuzq%5~o?9lRDRh{EKL;Qg5PVY7xST!(=Ds_Cdy1m)I~M0-(Zu1P5BU{Vp8(}O@O$;hXjeSLb~Hy3cbE{fhY`5#38v$Uo}zh_$?f>tWA!;~UV!>;~d zeajb941Oo-eoS$BG{vBj&fTAoV}oK@e4rKl2-?CxwBzrrb)&jEJHKt$4!;Hxc3BEt zt7t?v>^_;c(D4gA-p`oc@4&DV4*BZ-eG&0;*3VZV;bvbhg-RY=93_0{H+*%AwYPlM zvm;fb(tf0hgeVsx+c5-4(CKc)4-`G3NK!s{@+WA%ofp{J^qLL`GBotB&;8-;9LAcH z)98)QFzJ?^z@B*#PyM?*bbFkyd~wOmzjXvQTvT+z{<)|3S}=Ch9AVxQzN=3|{st`M zvKs2PvG02StSa3Lg%9)NB>Nk^Uu)q8>TfXhLT{yLO;s3D8}gUeKb6In0b?-+W80xC zcl~#4G*qv~RMs4;TNVS1y3Lo}I$$U;sztTzdBNMQ}Bu{p#m zOqvLh{WT;+XsJN;xeeTURYpfF@Tp;H^uo0@7gC6Iutfr=lxB$J*+iZKAF>+3{qIq z#ge%zlR0@nW2t&FJ52NXkbag)#C{NP#V&6wOTit>g|>@`wScas-0##<%Iln$pT8#X zOXb)ZGg1PxfCDae*1~+YE>ZsA$T>ubU7;8_<~<;xC==XQ>e>o~?~+p09rh_UP1vCKs zSbS&(v)VebVa1W_2)I+#5fE;b5}D`CHi*zUg*mu4K;YZEg(wleJa@%tX$UKAeES&a zNg8wR@$vMq+rPdGFCsjc(AuTXVH074RsPLW0~Op(!&$d)?+PgI&b}2B6@8PJY=YPJ z>Wq5w3b%fHVGE*iP%2wp4?rvM{KE2`ay}(B3#B@MJ z^;N3uspxdkZ@p9pYpdos$Z60E)%09312@+sa&55c=tNgevY@c28<6{zMz{-sOS$Wn z9m*gy%@!)dd4-ww??C_AT<}z0Ogrk7u~KpSQ{HLFG2ahUX$^m3z~_KCBD=pf3CpR~ z2G)d~sdr!o$j+Sr>WYCNWc_n?csM)4}~Lmi#o2_$;6P$Qky5GOHQ46 z8foIN81%l_vFB(5f2(OKK4I1v3|^&KCJ0LW-rDA*1ZVbfHrHn(zkaT(X$o7Ma#XZ~ znu{Xt7J+KCYkeh;#V^2{>uyeGq&x<;j4Z0GGzacnO0sL@dhgGLUI$m1x9;*FPee=0 zx`+~ps#m?gX26^2DTMIT46e3+xIR>UB|mZVe5_+T<Qwq>r} ze$u*jm-KS90P^6-JAX#=hRMp1{P9$g!y8{84BTP&tCsF$8x~cAAhZo~{r#C0AiN24OC zftbO4Bz}NeU+hyc-vv2((b^M%_bVji^Rr~$G8qoC{fY8bI zZlDxLcI;&IWc@$r{*@*H2XWi%Q0w-GO6-RLytIp(YjboHv5@u4!0_CE$q)yk8vsG7 z%i~XN8Pnt))lLLjYd;zRgf`2I_6NhXsCCZnYzxd9b{zpDYj5MXNhr zp^TKfpWRs>_$9_sjiodM#aJj(o1rE=&xY21P=76tkKIWy&jCiAl+) zXgDkj%t}Owk=v<7H&eSM7Jiao1O!eDc>A&Q)bS40b*L!2r}3!~x7 z5%AJ;PeG-Ms(JUh1rJ9dU1@C@E{sdMgQ?sTIB>Pxk#_+>BV z;Zn}!cl&jG$j`1{Y9YsLeDp0%ucuiJ)Pqwm^!L`Hz8bRZIGJAauC zRHMGBO_H>mNf?)NvhV}SqSoUNdwt>Bl!NnTlj9wvOb_POraM)tocn0de;+7E?T=!s-j*-VyIiOm*gY zYUHnt+;LtudZE_ogIG9c(z%DzvO1~dmr#at0<^T6@5FM+*Gc-1HMA&>cq1rNP2|4Npw(L&+-^a?}d0dPUWS<6j>1hYM~EP(Qia-lymD zsw0}98lZ4U7c+6iwW_Cz-zvwMPExU zt2yH{@)3A-(^6G1PXZpbq@=;&8j?^t29W0?zy!>TjIaur(aep&AX`gmL2S(j$~aioyj+F70KH8#Y2nMsYE zAa>V<7f8$=3Sl0HXkb0D|7^k%?A@~@F1#Mc$Cr@~T>xF= zZvZr3sAwPeKhZNEGmqQ{>zhJOoZmpp36mVpzif0C)hG6JkdD(LBn|=qj38avQY>~@&(~O-L z&lB?U@|refjnAmD_q>nZaS>EMfK2Q2`U)e;-~{!eKWP3(H$Wn`B%NF;KkA$Dp~U4! z;2TD=e8A<>76*laR{*><)%vv8bB(LRB_)OnI_z@m$|3-2op7mNOvH}<$XQPEQr8)z zQv47pksLY(jF8Cr8aV5nMLKH{gimRF~rJHPJTDjdKU`I|tZd_SVZHdpZV z&1s)}l6?FzpZ9G$^d}#y*vRo&24Izl7?y8)Qtuic(f}UQ)cM#jajuZaYmDBWcndVm z`P_!gNp9HOIKVgDE1I!owu>u=1ap+iF*Ejv#jfGFjLIFiGQf7xBh$USwMpPC8y~q_ z$>4yV3mfHzo>o4z~ic$G-$Lhc|@CPeqWMdKts=tlr0`}_j>@`t4>6QPWt|De<;z^U@52)|$@lQ6!9@)fn6#92G zO;6H&^jZtzQO>aH+N4n{0gox7uP)PMJe_Mxpb6DnC_;H|5Z%xLuqFV3jeUTsa!aOt zIQ;D7=YZ3^$y&}VVqzKUhKn*iM3KfCF{-bBI&SAt_;lXOZ>$BcCzDS!q|$+E_^}nt zxG|uP_Y@miz3$1IXlk&I-p!(kiHW62^QHsLteu67_|Xl=js2j)hVMK|-gyf}a4hrq z1==X=s^-nqSSx){W)w@HKJ;H4FEHYE0a;lj*y<0TY6KX$}X`z zYW$of*cVm*-I>^|^vNjp2riF|UD2a{n@WDurqluagI+@ggq-rz2A-IIvhCe?41=;K z=Ma=5T5`JRG+KTg*r`rM8OY;}AnZ|TUBu1&NKrVQTn=_h-=4^sAsQ#YFU^U;9k~O^ zQ2Gk!wGMT=U*b}Qd$wM{XDD_u*n1+%KE%YUn6UJtuj@hzY<>G5e`?Ct23`+eJj}qY zb=cZT3G4!nDG-zrJ+U=PNFatnpgE_O19pC-A}jqJ!{V7WfyPSX`3?X&?*1&DXbCU% z6n@m}p$q@Zvv;;bqrnPA;7=RQF?*CHItBjV_v}USxeBhY=)on)3I$mS3HLF){dch6 z$rR-stk~av^K18^3XwD}Di9V_>{lK%3|Aj1mbD|$rg$YaGg`=s1OzEap)Dft&s$~h5>j*8w;FZfZ)8KC1KJ6q2yF-S4Fg6+i_`;J zF_iD#gBWlrv{z~NJ~QhD4}v0(Qt{50tr2b=Ec+Vv3RTKANT zN4V^x)YF$cE?(U2CHZikIo@mJr-ndyj%(!xNlO(xc4rkdIRC-M8HiCCFma5W8(msP zo1VSkDg1bWa%{c}YNj<2CzgdQ$a>Po)Q5a?S4w}^#=I5IJy#q#e=cEmu1u?x{qQ#AIi)#!I0FOl4~MnznGFBodb+(Hc?d zY{9wV5Q#SN=iVX5kqmMH;#KH8032RN>f4mT}mJBRjq9GZN+h z2z1pVrMTAKdYil9$PO_hq>E&KXP-*&@W^CU$7aqm!B)3O3|7&WtEO8Z8z$7Y;T|-N zFJy^8pd5W?1JixsmzTc?96iRquOxtbG!X|9ILKpMJcg9Z?p z)3!$}jK>o!1N}>_M!RUq=}VfrOwFZjDt!|BTW><>L_u7a@zT&dvuJFUu!+STElGGMXwWZ%>$8sU)**K7QC+%W9=^&A77`Y|v=vJTT=0bY^gT~Ln)zYZJ@7j@!0Wkz*)u!41AkKPR-W zcnhr`G3Cd3+ER=SzxPpnqpv|@cEmT%OUiRfElJ%C0Rc@QtT3kyMh*@<@ll%+K-VbzIkJ&|3oUL ztMH`wvWx&4@70-or(xrDthb%=%D~j`F*pD?Q?~HdV2JY%m82K2BA`QcpzpOI{+$~m ztkk}*?f&23J|KR1RCw-7t9-~vMX&GqdS@AXe1vvyM(PfIz|p2O)m;8>B&0;C(YTe` zS4>a(t0r)jC1Yl8PP=LP3oeMWIH;+)M|ghnbP-DFeBCAcY1m@Vq-oDSfiS^M5e=&h V%Q37BX&ZQ)H9u!o^0!;e{{f1NA8Y^s literal 0 HcmV?d00001 diff --git a/copy-of-sdk-docs/docs/learn/advanced/baseapp_state-processproposal.png b/copy-of-sdk-docs/docs/learn/advanced/baseapp_state-processproposal.png new file mode 100644 index 0000000000000000000000000000000000000000..fb6012378dd580b0ced3ed6809288d9d312a2e96 GIT binary patch literal 248588 zcmYhjN6!4pvn6(00tBIf?ga>%{(%;RcR_E4G)3<{Ie8#i^tR~99cU4nXaU-WX4;2# zq2%vA0m4^b85Wr&Gb1BToH$wkn`Maq%af6e{Y{?8?LhHi@*Mba{s*h7XsDOy8R2~ z|AipwJpcV|(rQVE_3yFRz$WnhFnyb{DZc;ggFp!SZxH-%DCEJ|zfcAy!4pRPjUagP z&;DsujQ`Of{x<{~_-}feH{&*~^}kRSe3r+p=)o)444zFFJVoFihW;JK|DF6_z*}aX z`ywndwE@>4;3)YwN`TG(O_e-d`xnB2_kGh9;6*I*Zh8;l>SY?h76FFnzoGXJY;@By zU7G)26Yu>LTUz~dFD=?iD?JIw?njCFZ%Qe0>gjIn^889F|R4K_-2mmgMH022}L;wm*V4c~^}|J@a>puxer!w!`o z+}9H7oVa{9fPe6a$ey>hmZnVbfh6B6Il7i9`2w6!cv4=VojfdXvV!bR!G|QIjgZt) z=xoh|1_!a;X=0O{k2~)jjK9q%bL3!B9C(NOvNsI)Dr zHAaHnKo_$PPBV}RdMk3iLi`l*tJX8cx&uF$QQ4x(T*j2BntAqr(VyDhVP?YDCk ztLNKjU>JIUPG<3s4=#D!!|!{$PkDxL+=Z97`H9(>n*&bwo>KOZ50)@Na9xmgxvNgN z%|R16;$_)Bo>jNI4-p}!LrTp0`-lNGT;glbiD=9305Lt1f)gCLZtrKf%J=lUhzLeq zvG%r)&Z!ursR2%{i+APYfg@}J32KXhlk z&cKA*$^)-=UyrzKEfgx2;t|V1xn2JHj>yhChT8XTm3$_1m=Q3`*^T)2Lna2Ig+J@1 z517#@C>@)qS^jW0yD@d42R_!lXFkc@%e6iVn43^&Qkr4Eh+B!tgU>&% zO5rQa{9Z5b(EKuKaU)QZH$}8i=9gtcN``;EuC+eLcXj!rQF(r*udw@2HL7>%kYN}x z2sJNpOhPcWZ0_!{qQ7o)8lNdsU zn?3Vsa@XVpX}^vI-d|A5N|h`yZ&`}1PBA=_3qhLwo|^s>@FtZ>R}QiJbxs({<>(bo zT<-nek;Er%vP5_)i$QnJN9Gm#bycV&{nmmadnY5`8C;Xx7$EnsS7Y%-oHZ&su1y!C ztkEO)1IWB8RfCi?_bdo!;&|lH@8?&zRcRvPig6#z629yQr7~1|oh0_oe#-HYIE}eO zvg&>bH=)SCYciNvw)62b-7aC0E*ZFMYLaAjRX%*0*MppQJsVI3ZdQ4yYqi2K+ooqh zeaVV6<18?4u>x<_Onifn1-Ed@4Vj7z40qu3qKvf9}vDh5`HI-1Hb@`GK8tJuCWT>N|vV z^Np$g=_Oq7<-SLFtk8}!16`*k^|`?HdYP>C{HfBz3@!U!_x(8#!w&+`NRWq#D+~%s zD0yl;N6!04=tEB&bCP;8x9qM78{COnzxYSX(;f>xAsc+FJ|@;;^jgn7H}WYgkNM^|wh{P5NO{XDo2_v2u6*kW*;^D76nBTWB^nq9-dWszFie%GWG;)8 zr04Tm2Uxff6_vIW2JJz3UazePMXa@Pk$w97hhkSJu1HP!g?ZXwa>3q8n*rG$9 zejf}UGs}gKrg<0*E}D*L>_=*yNZNN$DVsHvCL`qrdsaG=BB(Zs-h9ez`B@A*D%fG| z7U){Zd{vpp<9WLbXEmr=9fHGkF)}+?YaKu-5bz-tX^htyed$U5oz{%-DsyxLJ54c~ z%TzR;bR_27!1Cs(6h-^S915U)Hlu6mb`Qa^D@5*>pQS2lzv(kl4cyH)%mp(62)$G+ zvV7iRp^s3phLch8A`vnRvW}{r>kgC-5|u3NatMBaD|=CqfS)8oYL~QD*-!_chrYoH z#~2JVJK3-`=G%J9hhl)wt!bF6TYQu&UnIDOy9kUVtFjKn1=A=}Sq0p?R8_ut;K1t$ zlpOF2>Fe=H5uLowgZUUO>#Aj4)3kA<)voa^x|9%WY`-{{y>}jd`v(^ctFaZGG;^Ye zr+OLRUelY^(-SyOfBCM~^pRRxsz^1F!8!j#VIb_!VQP$mDICm+_j_q0U0Rc+hSn!s z$28(`pM^uS|6{|y4{-PZ=)j<9hv^%q8%==^3-O}Cj6bf9gHxjQNRWoSI3n8kFwYXl zJ|8kS&?I9gW)J3XmrktXc8^zID{Jn>8IY4%EJ7plJdxH=3huc1`MwDqREOO0par%D z`u4{rNttXA6!1BF@N32g+9%H+#jwQ)>D_;;&^q zZqq=btJ}RmN>s@YO!4bbjcI^mW;Hl^-R6iGzi9PZHP=o3U~^8%GH^32x{U+t2wu37 zTQ3(LJFpnht#=dR$d}Vz*S>+>{F>?qzjDKMle@qneKXpb!gAm5J-G!_C-e@@k~-?P zJi3Q;O`j%AvyUfpQr#bADA=-#-+h}>-4FaCwj*Pc03x8OcVz6@?-J;SXkP`YeU|HKkNk@M*f0j(2V+WQ|&b^Vpk&u5tBtgDl8k3k5c z9fs4EiuekFe%L2@e!Ulthj7tymE8AU&7aY}-uL50h9f~nR0MlM!OT;caNjNrt zy1i$s_v(`GSi#QtxmU4pa&J^6NQmF!P+Zdqvv-2mtglc#`RW`(7)?E@~r{BHk#7 z!{7UM;%dW{Ki6V@180$K$fQ25NiI0#=&?wPob+JAT9qc(+7$%c!4nqVz2h4rJv^|;mAgIy;M&R7=w z`;j(CVrOl@lV3d(xbE3*@(o&q6yJWy2AtI6FP01tvOYAc6NzJb5eKo>9Z<@=1^_r= zQHr!1gGpZ*3N5D0Gu+jZy_S3niz$VF}P|Or)Jrc4$)VY1U7F82z)T zXxpgZ7(Z}ky@p>XGl{WL%DMI|wecp~F~XrUpyq6}`Q5ww^=E-GMXih`i@DN_dPBK+ zx^<3eeK8W83J@1to8QQ<#K;B>wlMB)-!`g{QE<`*A>cVHZX)H&ck)QEY41HN=V54O zKKxm>nT~0!?DQ1G7dKjDMOlUPtO%7)jc>{&4G$3|1M`w%+mfZ16B zj_TXzr*GEDc5b&YyXzAFnJuQUd`ZuD7qk_Z0Gyjv$Pbg-(t)sFvDwv4Y1&>BTs2+a zP{?&lqK}T5@hlYoawx+KMlK?!n(W{%A zb&=lQ`TFubp63EA!-`ziU!PBqcjB&N(;X^~0w$#bOMhZj>!uea7}w8XgzIS7pIEn= z2S`4NgF%Wd>`CB<4dvJ=1^gtxytmwT6!%EFP92O?u^i&L{Es)pDOSu=BLReaY#s92 zf&TqWJ%dOXv}4Y4*NF~5GW4#GA#j+@MU++o?m;NIYJztn7qLPk-`R#bEJ$LdQS096 z>iJgrJ9IG&Z0GalXUm$l>0uC)8z&bcc@L6iQ6gVtF8?g_tPE5S?m-EjItn1D>6e{ zKAR@{@H=^Id*4I>ze;AO>&>T9kAYgX*lu;6da7BjQm**YdVf7IKFjS-PdPHO>~7GT zv8*hA{eqb%o9l?CP+lWfIDbjIOc=2<06+luZJ@5knn(B?T*!sfG-!_gJ5b;$xE&?G zx*NF;dQsuchBcaEWniv3~@)O%kU{ z6{>O$z4%@Y?Mkb~-XJZ}thIHlj=?ThD5ZnekA3gP$Y>fQB1?RpqOD1^@#8iImHBwz z$FxT7U56)K=s~@{*Un#%sf#FPQn$T__XY>VTw}uzp{-vt zqOTkJyx6wSU4`R6W^73!xsqrIa7FH1 zJDP?~Oy8RM=V9X)f@X@!*#OKMI0hXN<$7WMJ$9a+_Kmu&8ly5x)HNTgiBT^_ z=Y$)Eie!v^#l3U^`&tWtVq>YqI@FVDpsfh1q8p+J1$a$A9e}c+&b+Q17oNZ;VB#c6 zJP{v62FbGU?WBcZ`Ozm)vWSjmB%Mwc`izJM%a|orX%~>b2l(>o&W~x>4oum}aado@ z8R{>~H%{{P1$hE-NPzY+XucV|d23UCzTP4~1|7diinW8}T|?Ioh;|Y4ympyu;S({i zsfQBP8y9IL`g18hk#)Mjr(=nv9NzZ9xFEFXrMHR>c%VB!9xMHEr@otU1FR>Mi$cow zkwMWIk5U)a=R3Dyk=2BBuv_S?wCMpNjB@QGM2VUkRoC5bC?J9L9Ps-&smH^#aCtNBR}12B9f zFQk`zipgWgzFhciuyG?!SM38TOVUeOi0twS^(wU~IoOIf|Jw+12`>B*_~)DlAF-1( z>rK7-QuMxVZxb@Z^92*va+%>RtSG7Epz9bgm# z#)Y0|kcY35O!~gO>>6p+O?BcIa ztjFY|lyL$lT69Y)V3UTCnJS5B#0>prb)6*Op}JC8B}>!O_*s>PJmfh1Q+fn^CM zbaD+_pi+hEZSy#%w6-M8LJU%Mk~vSE`0>xdg27CR&n7!xvO{oE&ZNPr^af>!`^$DfW!_S;e?u2_OXI21-K!uo`(s09Ph=#Gi{S?akhCR-~;JH=6fQ zXJ}Ps((Jgy)?Oy%Cii0GK5F5|LYW`1F$*Ud`XEDEE|^hBOfclRG15= z4x{72!oA}kfMtu0T4UVpYEf(l zI1B4BCH2c|9Bm`xf($|=!E%k{*tmb}>FhDYE<)|Q$_DzmBoLl{K{vWd*XMljfCLXzF-9D9rsEbd=W_-Rv@lAaUe>q+BY0O7e0*j@R7;-!tgZkl)}8Z zz223=8}SX~UVwJ}e$Ym(qrFwWfYS^W4w|*~;SKV06mM!ryP!-yc=-WqfC-iUBnQmJ z`i6bsy0tLn=>*RiZ5`UkcE6ICz<3<%9t~QibOCA7w3-kynbCHJQu!7-*g?*oqF;0` zzp`flMHFFJxlW0tEGq>67`v4Uel$s(p{I4@C4A6Ruts3;H?T)R*3wc0Vg4w~tkjUf zEhQn|K9#Qis1yZJ@B#a*&-d}Rgtr&(4&NT4*$|2>Z@*;E zmTR3Q`$JdlQMS!a1RNpvp~mi~|Ac%2*aZ|hX1HN`Y#HVS*O21=;za2q^I= z2H^vM%hEx$L4SlVo)Zk9r)4bEcwf5LdLM^#O~?h?o()1YJuU=ERxNK8xw(-p&2mVS zdQxC%T$Dkf8)PRY#`XeQZ7WB9l>ykE^6Mzx1&;#`n`9>|0;J7v09-0Z!2p97%ZL?F z@&X&sQ>%hqFbo&jTXTKW;aJJ}Zk)fIVu-Ux5ku&p@@PtLoUcRAK1RZ3EY7-^4Q;kK z4_8Ji<%{fRmO4L+Z|MC_V?jYscQ7Yo-6+5^(?R9D6pC<_+&>01KkA3LD@XNOLQEs-1{;f zJbsS&b(lw;tDArHpIQs*`r}YpUF5Lf&0Tu@1enm-Z9B?%?yXpvFT|X+O5JoTbXQ4cH#P#5c;3 zT(aRI>J0J$`i7ihpi9QXB)HI4n|KfqQfXi8eXZBxk zu!$|h0U^-v4%-6NgoqMLLmY^1INL0;CK20wrcY0f>NDOPZ_%FR3Om!ub^!#kP$o*o zeQ8tJmpZ?WGVCT4s43znLn)oMKK|D*aNy`qSlzMLFpN^G6hNv+=C5ajZgh^kuA59%cG=sbv0(3`150uG# z*0r~cO@hfg@D@bV%rQpHgd*EuQ@t0mBFLa`?ppAoK`p+O)8gP+m3PbPuYK4XSBnNf z0EBj{*;;0*rvyKRIfpe^8&pRnI+9ze;rK&+$JAhu=Am{1-)The?EC1z85HV7m)iF? zN~^|OwS}*gzq&es$ztk?Ufa|o$-IS9=l4IAbwaXUUCtN%U`u9$Jk7hjtB4cgxGe;8 zJNPxkcLW>`jhdtmF8Ri^c%_s!w-OK^0WuSSz;rpV6$3g<8K^J_L`5@212`gx&JSP~ zS;Za+C^kU0@B!LfO#oADWlD%gkm3-D2V1#`-TR>xgBC%}5Y|O2(6oW|G5BN`M za3KF(Vg?wsfX3|2T4>j6($>_Nt_dq%_|S2A53s%^;+1 zS?#S_@^=QcFT9W}8LmeDtmKF;$UKV8p1siAwOIn_2Et`yp@h>*Zm$E|BY) zbU7t*(@8jlM2LQ_+nEsQYtRIR>D)ez;+IA(rJ=7or{^$sL*T-+I5kKVM(;>r;wc)@ zjK(&>4EobU!;hOvf!!Ih(qzmfe(JONG=6SHR6GgEOROMH;&aQDesk{{ZfhBF;gtch zS^Fh$H)Td;O)?>yy=V-Q`V4@Cx|-BnNjBiP@g=G;nGz(z<&&?ht<6X;uI5^NU~Izg zdI6rq@V_{@Bz>qZfRU%)bt6+c-VA9fe28H zqolpO;erVY--rZcJhT0%^7`!b3-=0Nn^&AyKDQ(-gRF0vJFg#r%LIU}PL{tY7yroe z(xogr^+qgFn-hy)DWjivW{8TnL0%8yA2hz6N1czNXVo{Rldn0y_oz6B zOr68FY;LAmV`aOaD9~%?-Ae#EZrkq8$Sq%h1l;uIdU&;D7ma&_qi#U^G#Eu*yxnNS zq`KKI5mr)LQml*9k3hi3K~bk%fE8ej0NypIH2NBV|&zrIw{BA6qH=N02N+6H1)N zTnSl$jsy&s@QV<0Dz3Wqb=yFJe$`8jBZ>{l!>q1v0FmIThl}ks8Ycb0vV8I`Be4-` zRXaQb@X4@PA>KA>GR0YfK@(=Zh(KmH!-*JNh<1e1t&BEw)DpCrYC{P?;;5I4i6&PK zh!xiJVzJCIXKGt{#>(FhD5XI&x43?mw)f9tL0Q19gB-xv``?>mQn2yCxn&7n#C5>E z?{0$vE!PLqb<{f8tI&<+(n`0ZPep?$a-3t`X2wk1Nt9>fXS3!;)TpguCU`<#TMbbY z2a0{b3RSul!vqjhEaXzksvFZA&{0k$FZO_G4PMX6wuT9%Z(MJEL6sRDXuSRuF>(JI z*&tY|@V&8=U7p_pXsTOy=Yb+(Gj~l+HAoQPQm2zT0Gd#2oYHP+TXpCuAT=1AB|I}#RD?qSo<&?1jGsrD#m;*)W8r}1?a(lE5}3|9Tle!LOj@LVhE_IHBn~N zsK+Q{7OCE%EPVt=UHW`*TZ}Y&wlNKqvb28M4IGr9ML&vnJf)>CgjeQSPQwr$4gHk| z&g4{HJDA>+7^lFfmPBk_6*&@|N*d%u|EVs&RIXA+W19Ew4%WZ8dLAya@YpZ%Rvxq* zBoZf3b5G#$Ugy)*wA!!BJ~_7!&<0gI!QdB1=%+_8=mlEgvWZV z*OI9+fJ5OUpMYNh7x3ibZpWy8#t?ep=-EjHdR_E4i{Tm!)52W7Jtu-5P7D%o+I!7k z0cc5eR{Z{cQg+B;QDlf?9_dUDowANIsF4T@bV!#(6e(OX35<~HClw3G0}2H7j#DY# zf0*g3k`vX%>Z;>Uf#Lpvx8Du)FF+^_TA2GDmqs)0JAVUsfT(zVG)T?vqVPKUN{(#P zRTGGg`rvi3jcYvzJP%;}gtD;@@B+3*IQ6;}VpoU<#st20HWQsTOBHY;1L7$^NE8NX zEy#*~bgnY6=h~;nEV>hFFaWhJ4EccgLnGkAE5_9ui#Z+*cyCtvoeL9c;&durLi==( zKJMr~E^C(C_$Gco$V?4{;cp7=AnOZwnyLtb8jf_Z4lM}UMP0iS>^DjMmvTKb+eyYp zAdLMXum&Lc8)XB+&J~vslJ56*s%FmnNU=&ECh0qQtTz>^Db&`#5iCG#&;JZ@Wb@$L ze>lqfdTIN!0q-a51;nEnkaQ$x%r(?xv~vzNXKtqOK$pWx0_J}Mscqoz+=h?}gEbB{ zt^K@bJ$$-LwSFjU8j7|1yi(^k0tI;s^auBzFgz<^W*VAvYHztpm_q!_6AF_);e3rfP7EIuWClEoV15hMO&I`n zMrj&b=<=clCPY%+DV1+^hMzt-QpUJgWwG)po~1YAk0THZ1vGdagn&12Ol=Tgux;-8 zU|Rt6tfVxV=oq&bM3cYyQvwZECw^7nYgodhHA1Vm7ezkV?~1G#C`Q&(29dG-d>HH_ z$8s{9nUH?oG5mG1-kS`@ek)P|tonK{*$JsN0cDWyfR~AudBj)i zQciiICFr5>Y~=SZdW4z!rNP3Sv1d380a@0;e=G?URNj?Ff-ONUngV6L?78!GQ|V?L?dmBs>zBLu}By0baEVPOk3obK9uLXWlB96~-&(%{C@N ziE1vtE*8ks<59%NAJ7!iLL|^1sCNcnexMo+p1`8LosFe1WIskN6aX7Zd*f*jO#_A+ z!~QVVLfH{u{oPDIkR7o+E5(vTIY=1@KpjoS_rn9ZD5kwp#@g*h4LnWDuuo~B+zC|F zk3L%1r}+_6Ssi_R`Li=tpf1ZcoXquJyGoek;lY(K~tXu=1Fo6*JF45CN;CDhP<;g217@;l~R_U&V{czOkCbfEBY@Ab~s(_9DR2X8pq~ zrK17|1%xU1YAOLMWtY}Xo~)C|HLIwmlb~kVS|G--9H-{fpSAZ}K~^W2SRO4wU5_ z@_?%Y`Jdi`1s%5C{7BxQWH&{N43OKcI4pSraQ~g0y#2by%95A{#pFT%t>g8SY*vLP-^gh`qauM2BcETN4v`#gUqYpIl%6CKd1^IYqTL6Uu1}*|TSdzH;8pw4rs_z4k<43$M zfy}=E@)`5~MjMbbX6%Y+@k9eDmJMLwd)Psi(2p*^-QfOh+=fXiZ6mjaQ` z7En4k;4BR}{l1xG#+$5FNyRyB3I|qq`Tzzh9L7OdyH5(>%6Z%Aj1l?_F;B;QXt{*4 zjBaU`A@s;#wMnxsyM_v!6wI`Seb4azz~v3rL?BWag&_^fSXu4*A5AY3Wx4H)+G13R z<1Bw;=tsfKfp)I%@KYh39zs}0L1CnFxR!b^K6uRy@E9~Ks5Mx(Bf~&s;R~BaqEk`G z&pCQHH9Th~of82_Y2Z!SN!B?Wup`p|rJB5PW`SfT1iYMZ*O0CN;~hEgSHGmYV8)b; zRzPOFb?zhq84engey%v_<{0^~58f?d!g6;&t2OX-mV1FY1DTE7tJND!1(YY0VDK1$ zSk>c>j5lzrcf|z79SkGP8%91s!vX>=TMLZL@i4oB3C4=1?yzHrMkhyegJfc!0c0sv z?C)}>Gs-@M$We&oOILpJxV`ysesw0J@+&27dyO2@ z26hB<#Quz-G}jiJys5R0?+@XvQ_Yvt@Aamj$Q?wo3`Ozx>41X6q)Qu&2@CbNIS zT_yxNE+&w8bLGeC2M6y!b!eOApPDtBMtMLm&_ShCtBCy-xcV4=vpYZpM^KHPMIs5y zrQUiVTm$PA=z(-`3%vO*z^w{9Ee1$RJ{p&RRUKDU89;`Q&Gn1A%=x*1`1qk$+srQF z)3$sjdvMKk);xdd_0vUE??W6Y{%Xv`VhhAmcG$drI{ASFkL4YycAot0cF>#x5WSUM zCkK`}!oQ5zANvd|NviD>T}AV?gDrTc45&wM0T7M48`va*PGd3V#UyaWuQVT3AYrLd zu#V6c;RZ|tiZ|k925ZCKl$d%v9Ia2L1BFFYN*K+TmUfU(5PoqO#r(43w|pqrG;H>% zShIN)QxOUL2e-cx2i9nSHJ-ObE{S72A+KQ+i-r$0zp4KMXY?-sm2z+%0RkoT{VcN( zyay$1>cM3Svjb7*zi08a9@rZZdDNIYUcnlS#A;U?slGe2gO!WSlqx5UL`AKCM+6># z($G+!Cz(gEexUY$M{!h|l&doodsqvK?#vT|TQi&<_tmJ+qF@w-{WMqm;k2_|B05EY zOy}feh1fdniyR>Vl8F^8JO)<>j@%K_f5$^}TTM0uv3r)xs9?ryJaj66^<-Wex zdZu)_?;>GrWg&-b;od+Xa|_2u=tL@k(j+V`wN&VfC_dkbX&Ym%;~_{z`0%qvk}Xh~ z*z=ye<&JYzCBbE6w6;l5hX=ojRHUgm^7ounm_0t|1EoF08Jvl(-<%QoO(X(zYNWRWl7*j z@VM<%+@lnyukDS#Ov5N%4xj2IC(L7GUj$dM8J6G|4F0;{ng&2wuvv+TmBMb}9E=Z` zl)r+PzhmV z&NX^sX9mcb!4wNIo1J^J(%{tgQ({uPjtRT@kUOo?E^6fT(v*Imf%r&I(Tv!Ob~DNO zC6H}IqJ!%Zx!aMNOoDQ!0x|kG@10{%M&vn>3`s{8R^iBePBqTJZ7nVQb z!Bm#L(+~&1jewR@nKP}{&p?|8fi=ox@_YNp2Rg*I)e=5PvyUG5Ey{!BZSSSqZ^IsH5U`cMpayE? zV=;s_%8aVmueJ)mP7yGO5SW$`{*o`*$M_wy7RPydxAMAYgSuL$!fZisfd5)QT!Q(TeI8U%?*~>`CvD+1 zgiBSe^nvjPH@rVEmVrewHk_n zI5O+}mgvNhW5Yl7A#jbOam-dROK+ShGjPMKxDCOF5}vZg&23ftB;+v3=At)pkL_bS zBD^1h{185l0|GZca}o%->-(#Usgdl9h)iIyk0$NNn*-Gc?QG|$|CH`2zaUesYWbn@ z?_HqvRG)f>Zint;`i)Ur_RZ`X{JMyeKz=n^?_f;9P%cq<;ty&CLv@oVeLT>2p@ZK( zi7m;0z#Ih2qKi1|4M#dFb^7)DeG*oo>7V!Kas*T@@*n<8Yo|4T3adh`kYiuEz*7p9 zCbQtz94P)|Lem8S13C~2{C-8suzvJ~K@epnY^x!u$#Qi8!_4~p#NGAwEr>mnn`(u= z-{PeA!2}SyL2YD$ED(ZXRP1P8Z8M@)EsH94aS{51LIxZw^C0uPUm~RO_ydw#sUe1w zBhg&qNj5EiX$-0%S4Pr2_>Gg9TdQwMj;P@bd7%72`XkIindY#b(F(IYjydi(sQ{W^ z20vVo2!kh=V0GW;(o;<7A}9=aquh)ZwFY#1R9dB?h5`it2kQU;+zcdYlKS3>kU^;Vb@Kr-O#oK_AHvxKNg^ zz`~n)o?IIg=}B0{Y7`!biNmmz^yB^lwOXT;IA+&N9sIIMwI-k+620udr9DYocy|pB zUuLcYl@J7I5caEd?tu45jug3ugb*wqo)Lou|FYT`u@9lb7I|E{;TK5-^%k#5F(bgI zdg%{rHY^?}8GRA_as!EtAjJ`wH5FAR-<9m~EK;v%g*S8M|0U_Vwj4!b=r57OBba0| zCi7-Y4km-)>qqpQ(>vSkfH72+RMHJ^Ao7Y-38!|CeL$n%A#XqA&$W{1>h9zik~68w z57h?5Sn>m&6-RyF1u{4$y<1Ha>iyTidK&u4Bl&w3OgQJTs;%#BZC}DCuMmg8>y|4* zA(itH=iERzds?w5ajW$1WIy3~+~KzReU}jLv(KLz5I|7_r!Ma4@TnWOaE0$j#FFP7 zUOyi4vFC8nQ`+Y1C&B+1ykn^=Q3h{qenO$Y@nXSN#kg?1!rmN9rfag}(2T8+3h2?^ zNF4OTg@z*T$eVi{4)VUiQ17BfMLjRQ`;~0+H z*_B@6Z=pI~sg|htQO}(E6xH@(!>@0e6_ikT1h@8kG6l`fWY4exyxnA*gmApa%OisN zJN(={ELb(WuR8pA^_@4eA^yu>VX~P>t0E&)gm3ewoaq8rO~BcJ&nKIBlm-5mI`3J5 z?elIy?=x;VQ#h~py`!c4P?`#h?fOB60`JYD2N?iG>K&->zBUvHMe9UNt?E4SU(QlLgZuX=g+ACqs?zbIDnFgWjNUY z*MeX8JEu+%PGbI=a%dd<9?|TZ=M%#na_o1I=#e)Q58~nlv0utZBAI!0;2BN|$M)5* zY4a3ai*Q^nT;eDT5G9R9jWtGv1*nGtRJHC{{8y!b0FtH=HcL?a`fxKSFiaKmZ0cb8 zyzOFLGrn_(QlJ5KC}Jz#I{Wh*nvbO_3vBav)c@4DYAPxJ1kkc59}z6wym6EOwy3lL zCW3cBM)5GL=qcWt;?QveDnEw_qwew59%2%0e-QnX*{U$b-xxA#v(_& z6?LS@RbbBp6bIbHYIfcRrsxW^y0-5fE8u2QwsYdWY1p%C#w;D~M?9dWNnP{ZK?CSEFi`OF^` zG^y^$Piglu%l<0&OFx3(u)HBHisT+hAzfr)%+oBeWE^nYjx9LwP}M&|!X`}S z&h(WOFDDWYXl>r9VMesP-&k;V{0IK)gF$~3Yt9uYlzc)#`UR^x_$3!5d29bxmh~>b zxv8vD4FNjlkZ#5~Kxg0kOOz#JX1h-@1OmoW0T2}1&>K#T_>4%n{k>$4pW=7oD-BIQ z;-nicJcFBjZ;A}HxR%BaNKd(_xsYZl5+0Bs@XTxvkhw_gR^9o6bpa$J2z&$d5-R-8 z$?xmSo<@F`VMq9Vr5_Jzdj;G5rC9q#HuhcZl=i`M;gPb2Qf5N3pFH%AljlF2aY`l> zNbNhyMSHgWaP~%hNb&wx+gt_HAO7#3B?`EAG(2@jG3B0mK;s1^s^^%e2d~}in-4_}Tne;0my@?8V=Z7t^p&@?IIIQK>n)Dbm{-xe=dZoGvA`y~Ji=32@LTD`mL<2ggpyKE#0I7yF2f@>*s$SEn`cfmJgQM=jl{Jr&LY(E1=XIq+W%VG7zMyTh1Ir()fE}F3Njs|@-U+xkvTz`YJ!yubaxZdJ z%o_ism0)vqKf@pUYAjDj!J#pY!ZO@xFmZiaTLsEx4}FHekOMdh*X#vJ8xQz2NkL0v9C4 z($6;KT^&W9>+{~k#kM5yY&?K4(oQc(SxPv24|m>yC-XbJ)NkC%$k*}}MR}zmTH(aB zoAnmM3x4@jICJn^2yX5%c%S4NCB2NnU-^R9TSe+(`&fS?=1?aop`t*iux9Zgkm&gj zscHUhk;W8ZXMUG5YNNXzy~zwwR$hyr7g5(%Umj!tc(f=W^elHn6#;I0VQ{2s#<0y- z)4%|1SPJDejsb|jj-K!duts${bTIkzjm!}S>lV#-9z5>d$qUf$oJ>@$2v#>3S+obL z0E1Eh*iURgr|&}guYx7;T=`cjzonIU5%lFSS;KS%lJX~xKB#>qh@XTiCn%;uJ!iOt z1z4AF&CZru!=W`SI`^Vj!9I5@cKD6h_W`-Dy4@5sV6x)&)yYqodG}2RSa9oZ&07WX%mgnhm_*b0;@5vi?e|)Sl&+a`XMyUg(-MldzU&TnQu`p2 z7F{4hOR&e3B<@v$?n9UKn{77VGh)KmeKe*{7IjZkISP-VANsNsWA^IoU>As;AYZA3 z_w~M0MWm>f6#DTq%9I)|nIv_r@4F!G1!p>9p#C+onK zu$IUI5S1~c9U7$*f}a9$Cv9B1^zQ?bv0Jba(2<-X-_l;4Z3&%VTc zDd(b)7=Qx{R1GSsAgM5irtS(bv)XMaQV`GB-sYWGP&fd`lFE4%Z(*2(R4OhJ5Phv{ zbvpOp^7Dzt(B1{6BBun8k3P>TfX0iCd4u@d_vk>q7A_C$M&MW~(iXMwLH6+8pCw3b zPkkfbA*H|@Rseji{4!;h_)z^AE+}wUHM{E{<9UoX zF7#d^g)n(Ud&0*0ow1d_q2BL{YH2Py^Pj7%V*hnzQ?nNlC%72AgF%jrGAaQYrvrty z%7emJ!@aYRCp?SiMN!H26TR;d{K%lxN_0ueK7}Tp09_}2(8)ERl=+02#uITvClnI# z(YXDLka+*@t?`e(M?4#Npw9yHj?X_0WJmNX9JKybU7GpyYX*b|jdO;L?e%z6w(NZx zBmw4f=#Sro9d~6k;ULfs?RhSN-tQ(*;uACq=zi@pQuCn%a(O1a!tm*jwHd1Q{F0Ab z$XLR|o3kRdi1Tr-Wq_SEylg#}bSZQY&9L9!o*fVVD4LvLwamnli;dO~qtlo5q!s!i zGAQF>R5rVeBXC>&au4nh0LBhSy}zI0hsv672iyQyGP#EcM3g%bf}bN331~L^))^JF z-oN{7tTV}v2fyG#)nHSF!pQY++zTnKVfWzN$Yrdo5Bo!L)@%2$){cfViY018rpSJU z0{bJ2At?CdbN_Q19D6JhnPA_gGBH4Ah=tW{2~ zAptQ-Sr60W-pgjDv1{$Ob{S~J0Q~%M zc)zp4{KbPJ@F%brCR)1I>sr>96|4|wEm_HnIWL8yf7g)n!mJA*HQ>(PHa+zFI-lgY zxHB9T-3v+hW9U>(~Q zP-JaXB^L?v-T&dzJbxd8Y;n!jDBjK`6xY`%fTaprC3jd{WQx)f6^-pd6 zzitc@cpB_>B%cFpzVasTWcC1^&Jp&OiKv*z%LZl~KJvnvQv9>@$5AU_#MYK3Eg#^W zuuyTP&i6~OQ8!UCCj*JZZWc7sgvhsDD_fs3!zlaXz9~xkAsn{RhaYyhbbK$K*!@Mv zY0l!GDn0DuJep0e9!0_$po5h`zmRuQS`8&=HP5t39=~LSw($7FPmoB3q8i05aF{;- zUKQK3El(TI6Ed7jHS0oCOQf=zT+khv)9+c_{yxnN5tFBLkV>M=3j?VZ)}qqOD!N}f zrab|O04!Ed9fmTz4zKT5tJW8Il;?e)dA_K(lpGPHoCt!Bj zFQ8e}`%VG#dIJ3l9a0Ims{Xdplee>2&x1fAyHwPj2*aAl3-96*nu_!jI_hsBb>J0t zC9q-L6a=9QcmGZ?&B(;P?tB8!Fu}%Beu*|czET9b*q;;dT!MATbSZv7zDg`5G(-LH znJhH_VsW~v7B?YcRg3h!Sk|0sRQ$yg?n(k7truuXnd20F@!^$|wZ^NMT+8!H9Rb2>!jx2jhn}fGE=; z&oOw?pGM$D!iVSXxPE3A>lDp*MzDpgVpKoY#;$9XVzo0q%%59 z9f$IpOJ@l;oOcKs4tt6#smTv3Qyc_s-3kz%HJ_2Ykqw!>9kj;5_Sur2G4goeg224q z=%&-4ZV&k`j-6VfB_iMeVtL;7;>g~WU~nvl&T-+WmA`&BE<#h~Jzcbef{=I6C{!~{ zpep)D6NwFwIxeoOuQFgP$$V@f`YJ|`D*SY9Te7}IJqKd7mjy?aO+j5>HP@`830LzyfB`yf^F&c$Mq4lk51aF7Nmwd zqIS|(FOV5X(5;(I*a1z67DAWP&%bFs>HZ>sZYpgc=WoApQW9J4wS9f>O%>V^2D4Yz z6bcihpM8Pv?hI}op)HCS3mUMhzqKriE6wAW?+YFDc`d|o(5+ViaHS$HMG;InP`Xs6 zc^jxW#$&GQ3QMsiERnoud7*0N>zWDzz>EUx3rDNad{HYMPSkJDRpAYXcTUI z_=lhIo>G#fpeWg}Y?l)J`&tO{TMP1#3-iFnoAkR2B(LYbI&U&jfLNbn*y~L~(BMf_ z(?MAg<>hL>_q*2tRSo!m=J&0vnLZ87?i*dpi@ECiKq@(brA6o_*<)SY7YFw-zxVL* zn0tVJva3svSmZ^GFkK>XZqzbw?sI56vWvU#1Jsr7rR>{+z#=_aP!1fSr=60iW^6m3 z?#8P{(--4lHZhlaMjq2KjmQUh!F_c8TH%qI7Zc!)2ReIu*)I|0Y$`}tjv$jD95tPA zv#)Z(yms+GlUT0f3AMTGh6hJYbA)ZL+B6ZlkM@uYzGjrxe@3Hu93?N`}q z8l?0RC?d-P33UyggIq3Pzr)!*XyD>B`OQQfsv&rEt7O9q(mYo0DbRaz2jvrIIwSy} z=%4yMAAGR;aR>q#5|TgLJl@_MD6MnaKIWeL1OEGc1EEX>vo}o}de3CgRw}-h7K-zo z-}mj&jShCFvvv8lj<1EyfJt6Rr71wp2lqw(L^hZ!eFEqaR ziGn#@jCkg#x_;=3YEdId=RWU6oz9vso9*V46ok%YbMj|Ft81$5a1k=`6GJiZ{wBfx znL`WLek13l;lW$E*A#aYWV8!e22K8Sj#l_>J2co(7px?`aHJ-t+9 z6Cfa@o|>`CCMzh=)g`EcG|by5`w*#n1$D5uuAGS=1n>1h5}kZ*J=A>pIBM^U02rXpnR0aRQ-v`8qkq!b+3IeWVKs(g_H}U zq0(NmP*>Ck1^<|F!A?%>F2t#Y?}zlrw;!lOHsS)Kk`M1wnH9X1QRCe_L0t9w?drPu zNFTrYL;`#)f4hr(oe-NdnA#879!V9W3>$e>ALC<|$bu$Pa;lJf z*eVB<85Q~md`|}M61ha|9^SK~HBm&>E^#b+*sLhm2kH0oTPM2*lYE(4A?f{7nF5a8 z;nncE1lXhsz_K3Jp<-J;8OnR7ns-?}E?QV$-P!Qw8>%7_VEU(--HmktIUo3f$vr4Q z8bz?dLnHswj)j%&8Txx$Vp*a_8=~?`bdp&#RhV|FcbEp)X$LLe^8uol4Bt`S5IXz= zrU6Njj^{Sh%Q3!f6C2a`#9N$#{Ko*P({9NhC&8AD^y{qw zXoSF#eBJ3Xh+BWJ6MPoncd1jIjIxq(tC)9?R%hhV0$aLUOT!f5-!w$Nzzdu|eXpRt zHT*B=AaoN1lq?5LHjQvam-HMw{344({Xi3|FZ-35=GRz-4%szuc6m`@_qW3pf=fjC zOX55uFA2L0uoUxyA`4%%{NQxzodOs*Xg2;?LHU4CC8{1KE|TI9yB_TsKhvaskJwLn zgKYz>Aa{ypm4LOf0~@4P`C!yzy+p?0v~`q$rt;#e>{LyTvf%!GN8tw&?^M%d*MzXj zq8*t$ad0pwWF~_ryJs%Zd zK%$?^4q8+iMH%+SgJ>6U+UBM6P)dyl8-yHSdvPKvRPysbzSqrYY< zU@NTDi>6;dnTi9`3Wc$!A2F4X+Gu3`oF2i3myD%y3AA~UpF63shE1<1>fQ?Zok7`4 zB6nK#?2`)bA%?wW_m1;HR&;L7gu#J5)J-jJ(>7@?%Nm5FO2@dik3yhkEQg-Uy+OUa z2>_n$nR;hoss_iAPWUId7w#>^-e(I9#Xnd!H0#BnhBk?%%3vDy+8Y`$FH`YT9~8^_ zjNJ%Aj8ug@gCdF=&3h%nG3v{`7xynNuUtfYL}TH+jI?oSImm!tVGA&JXAb_F)9w(o@qok729CDGcarNWjeo ze0yM_oj5txpHR5{q+H~Ka7Xd!;=uB2scy&;76B;+=t9x#!w;mFc__q6Jps_MHf|rQ zAN7#2t{!T+$e&CXlW`pa6;J5hqp4(p>kgdsoqhvCiH0H=eU-8obsYvmCF4mXG11oZ zs-%_T$58GhBXZIB$Irf6%ABrH_Q;m}Hr>2}T=0CGdjTeNxt=PEi^3VBcgiADVxZ6a zUK;z<6q-TDVfUbrX`+BqHV&q?b)R z{QbVy%jDpB=!2s<@BqO-Q%RJ_26JHo@yqPd!6cBIZz7mx8@351hbw#I$VoQm-BS_wFeq1JMxJn zUjE>miW?Pu;TGw^8@!x2#b zEAKtxQ2bCZe1YFco;#MS1KpGqKPxi7BkgmP=F3O#xiWlo;cJwscx5ivV!Fh-j$jnY zEUN2k4%)V?_N_xAT{h4PImK_`K@hwLcqdxUq!v{Mx^5Y-V*pk|p_utiLc|i4)*GR% zpKbE?1<~k&uJh#RB5|g@<{N#M09wg~HQK_hIK^A)+G=-dZj|L-jr>+P)*wK>fxlOR zN~-zy*_N=*5Y?g=VDW-H6p)7UTBENAer2;rZa~E%l%d37mcqF$d#*md*$3Ap;O*rf$Q8Z{V+U04j%~2W@WiO`NNAY8SKI-sd3~@S zwNbiaj6XF)G(5MYdUzlD3wtEAEBv<2vFOeW=&tGvU@E2-(0DQCjy&!Yj!KG>55Ty{ zr>1Cl1#;r>Nrv6BoMVM*S6&_diYY%>uYMEDEeI$9gL3gjS%mM}_PwKUI|eSPu)*m( z(~)>^#eQe%^S%CSvJR!WY6(Yl)-rR={t>J@poV*BL3ByE<>l z1Ys^$zf~rAWS>`X7_1v9h6zD>-}H!YM`cg}918dl(@Uq^zK&S^#rGKEJFx&_|Et4v zq6c?Ay8}8aEJZ68Lc!@z%r7}4)NCxy#vTEY{>>v$*=Bo?#s=@J6O_2`^cNImTQ1>Z zYe*37bkF(0W{Jt%W799m?H9M;C+cAjfraEx6hLzj!_W_C;il07po0~REh6oX#DHuT zEa|1o38-$03shfVHQTa4{a7iSnyJQ&fI!#P4s;#+05lAmJ2>@H&oVZtr$3vCBe5p zHrM&~IZNQI-3`P0#S(EL^BYulov+}140ifr*1fz7qbd-ff^#p_UZxJQwt+r$2pbCH zx4yxLumAQ@{78mIHwoBmfe|5C7HOdlfnEhmz4?+yyn_u5ydP~ZfK%z*7Yp`aesjU% zaYm+cpwbPp-$@5D%4sI;DZKOn2_n$BiPZU48~K5fimrbz^{ac@Zj0cBAs2RvJR;6X zxn=|4W#vfYn~=LF%JHB{u6uyqy?VgLFi-hF+He57j^!*ndEatkchnAz0FP>lF9^8O zup$=Adl|@c;Vrjvk6YW47b5Tsc)>3(Xk2r~62h4mUww}Wq>^nzXdkWkY64uUA$Ch z-)9tx+W}I?actI;h9ux?dqscS)TBzNCHTVTI3wZorI$Yid7VGqdk#3T zQ8j+$&s{r#7BTzGKZO6=!+X85q;~{XNs4*u7r{2fX%8U6x3Q)fNnq8rKobp|AuHaD zic=$g184s=jK2_M`1W1GT$TPHVhmu?0GJFZ9I#H{!P0_q;TF%1rWzA+9l);+PT*@` z=>`r<zd6QVNexU1SQ5Y?NRnu7eZLee2>+{S{8k)nsCjBDte;~+s z$TKLUDB#b=!@i&2+*7We!iBGgIAX|&ptHs>yvM8Hl$Jxe5NJAnfm<;s<7Et}EhF%z z=b+n<<@!B-K0tOs+am-6tdn6tMSFNQ@p5*Q+6MjhJgOH#uei3_`lpPbVTBtrM@h&S zH%UChhW%b;1J%>VHCeeWEjMzv@fS$`ezL~x-%QMc&;Y!K-PgO~ z%<3mrG2?ydWj?A9sd&|!Z59q1Yl zbU-fgduFi6^o6(qD%Q|s9E9dTv$`geP9<%l{5{FCtASdUJ}=;*?K>T3F>nI=AXWGF z7Zl6;(Lb=P-%>n9K2{LjiF{RhuwwBa`{;-dASKXwaqM(Lnip46SjSjOV?5T$7fv=J zR%$SsC`tGIw{%i4#r@kVRF8XVtgcL_MPVcP1fh!wtJ!R zRs(Cx&%k1+%8~6U)Qhcl!DSSizRwT1)F%A*6^knUda&L-SOYxS!S7^&Z}uXZ2Fkeb z;M5@$G`#{Naw2dj@RJnAF;v_};+cI41FEFaH>q%b1Yu(8n2W(bzDLcJ0PfBj0y4UD z$>U0KTF?aWWxPr&C*DO@{7k2S%W!sC)NUYT4I-iauFNAg4e94VxeZKQ(-gWciaN{W z6Lw^v)IHEEs4G{RaZf5Wxl^y)pp{l$?V~r|MOi;O01(db?0u(D!5(Gc$FQ&aFA$5E zpxRyZcIqe*un4q@ghm8UM)uV)Tl*Ouqm9X?ETR^=ZAhU45#oWuv5?_&7&v58k}+>l zKffgqk8)%d`c>U~MPB!&%3_o{=Xm!$`U)Yuh`o=|R~^=NCSg116`V+5|1O zhVO(tDeb&$lJ@21e}iovL5dHxGR=NRRVRSv{sJ!BaJeN~_se7roq)a}q-Y0(N>{F{X zyl(MFY16>@%^uKWwJ2Y4r`ND(Gv#md1RDwOXE)N;qylP%2f$q-a2K(m%l~~F9^oXw z8k51oHmibrI~OpdDa54u3Jav5I`v+}v{L^D-yQ@qEmu0+TFJJT4kGb5jAqGWdp$DD za`&wS>E5}l$2fRWf3h-8-0aCiH3!POAawOfSDep|vLH@zLzI4yU~d9Y(9XpWg#+w4 zBc6$p_(SVJ3odlU;{6qJ5$l}$9tSBJn;>RLCYDv}zMD=Na=vA&|AM6fz^^RrDBdK0 zndUW`E0FU6ZcKk)v^*fe=lKzr64;KPI|G^?p`OvEk!@H0vYtBV8)PQv|9%cvRCie0 z4zl;49iAPZ4PJhajjjm;z5(OPXrL!Izvr@Ccj zrG`R+cl$%UHd-SFW4$>+;EOa_bjGA$Aij+zBZ+h&M&je)L69)9)Uls}lMX@L5nPsN z1&%4xjCU)Cz$NoXh&+gwy@`t``T;n~(St+U$#S1l01~z4WkCnx0s~-=2qzaPmk%-b zDC)V`68JlV>7@ohq7WnkU;FtMfGrExr{LKHojbMst`ty!&vZ6J@i}5`L2pPu+!MF# zo~Jc~RMR@G(N}}yaMee6LR!#gSEJGOUS|bhMiW@>whd*zNfgjL%@`**?*ZZKc_fvnslb6QzcRff9q*0kQ4l~&O>)jpCR-S56Pc^3X;^{nl#r0 z_Nu%(EnKZ(*`eL-ScC%&cb>1j<(2^o$tv$`K-kd0mxSw77g<4ojx>m`Ceo!SljjkaWrOtem$_4nNfq=OA#*Enj znf#O)Q1V4AI&0Gr#@^kF|5Jg2!1FzI zU_=-qb25WLDpZkLIR|yOss8#~}|M_}`=6(o~y`7whby~`58$O3~dt`xPFz+{?Ky#tzjQkMw-0RRMZz`FP6dB3Ip;Oh1U*j!4i6Mf(n z*fty&q1`(04tha@1ioha!lK8-SKG6yVS@#N6)YtK+u$mf6x^tT5Gq++w}bIeCNzqb z$-GCk;vg~oUsZ#1UiHZ<8eM@77+4jYZiBN9NNaf+kiHN7SH4e>4@pzrod=-lCCBXk zKy=~!Hj+AkR4Yg&+0xX>vgqHPd(I1V6n1la%b0QZ(&?FY_x;hc^>^>cl1hhj!0*-& z`;9UvRK_kOKaRamcer0{^8obQcf%T(qc0b{tQZ{gvtLhsKC}QE50FG}p3Y&+lv0YV z74`s2MCP`XOaJ2DWMBz0Vu60ZCK!+9ER473Cx{GqTLdycLrK7e9!$ZKh~?h#v&@?J zi8H5R3(`1&y#aGn{ObUn5m2%XfD#V4Bu(Q$hsXsJ=SkQeFS-gq5#EE%m;)%&*OKz> zJ=R=E3qPhP@QLrpgztO$YNNTiOHDXS;Lrx#jn^lhZ0>%shg`;UUDm|eagYk^#x|EB zn*xn9V0`J?yxX9uW69tf3oovoMD(l0=wNy0aSTr|teNI{&k{reK?4fP7g7T_7btWx zaBKHqEq>j0oIO0jL;3&}E53AaHwQEi#fHw`jxT*fPFyd(Ehecs4K~eqO@2-$AUltokduHO;&Zqv?jF;-|wvRW#faj3qFNd~(VAzTe7 zs=+46XxGI69L_nfJ)6+ zS5r~%z#fM;e$%l%5-^fug)&@#&KNQV6wQ6!$Tip(0V}9>FW5(3pSbB(%(`~|-dbn7 zqazw55c-+2b0_}El-;A$Z&#W~I+J3u4^Xf)>x%)oRs^CYw(zU=(m|t&Yf6^+DX8hU zq>k^B6)qt3jbnriq#nkCM1b_%yy;%1<1Na?KdW|bpx2hZ^4GI72myGV7{qRU{F#q$ z1m@G}{Pu}%bwN{aBVqfjtCk4F7dap`5>)*#@bt#W0;S3~Ak9-zg^37t-wnK;i#t_+ zvA+Za#9rg@9=-Q5IVs2xk*pym=#J3egqFz>c_KL|SQ5$WLp>0Vc-jnje4cBYG^PMp z;dfnlh`>VcOe8NXXGz+vG@i9MeFxvb5(wrd7XN5=e!r4$oOl6b13wRfYfHVg=wVNZ z|12u{ROJdJZxJ)ia7DHz%#XHtk=XI|8f0)Cn@%`i+v&+=Cc$e_Vbdp=FFj>12Vb0g zV*xwUki0#X;FB1N*`KWs%z0%fg3PqRXdOCXi{3_OIX_GbjB(wxsG)=5ZvMGC(`E2W z-;SvaP~y&0lLYxA9k2$peDoMR%5CdC63Zl_50ICH@pHNWXUq;}#W71|`f~?A#v9Qf zGT_R_+P9Vm5A@-8OF2KA0=q;1b~P;LaAw|?!I)(55l|5czrWycfD&9h<=vpW?Wf!s zc;jVOs7w1JNm}2}N9qC_Hq1h}F>)m$27PHTEPL^@IgS8;0B)7-wsoAUPFRg zbTv@Ao!0|Ubgv*2>R_$Ksiw|Sgyx^;qI$z02v~Tj`%*~ zW@a_v3w{@UbYmun9rKh_;{{|INY?Kh#7|YWcuqIZke?o>@`YXA2&TY91}H@^aMXLc z)gC^k^o9ANHK5=)9#Xd?+7RPdw!Gj1(hn-xSwl|KT{D@<(zvA5ViPHDDzQ*G|6C(KgZc5?AzV`IF)DCc~U8&`%?yLUZ%k z+~baEMLi7a2;v?8#V0a>50vzDlIJ@dU&9>26U#Rk`vdta1-;{jVN)*g7{t-qWW&G> zS4dG)6Deq6+6vs~pXuP}h74-KM^<+uy znfvWmkeCAM!@SMnKRqJVq=V+w1&>IUT+hz{pnG@cNRed<6a^vjOD)Kg;c{>XgIPOV zC_7e>F`$p3!GB%(-O~MA&GBP5mhyC41q77`5}L0bygpW|C>np3o`8&wVRwE~ioW-$ zD_4c9n@R3=r^@_gOjJFx^=JAsww8b|=cFkIwjOM1IaYJGH(%tX3R)WjV;N2_%rP~d z;H{vE#C=xYjU|babNsk`i{a`L0YMo*^*vDjFMBmw%Yu0>o_TT*|xSch)w3HH}2pPdPmHKb(_G17PugoE8p zc`1Gjo}R6%MCkW{u7qf4Fr)aL(*p~t0M-uOh4$_N9x0UW4@vQQJoF}i84H}J>z-r&uqJ3Gpui_fLwI}NT852k)#P~m*j_tD*7 zNA(UlY5@8K%EW?({MS8R#xN!KS|hEmlK!2uJQXG4rX&S%hnHKXE$IN?Iw*VuKNiJY zV?#l?gu%~?0u0@9++}NXl56VyigVk&7YX<=(_mQKOpo%O7TdAWQ{Z~QD~lN^6KiI! zJDn-+sQ|(sv(W0yP}c_{xxXQ*a9s2z{xL4!h@w-bzi5_ z7QbRd3moDx4~ohFl9M{k@0Nx+IjnyruW9L%rhW||X~^v{*oag_@on9mX|et+4;Bft zV+IlN1d|`j`yNFc_v+>EDSs2w(~@-hd?bp#SF#XoDq(eO7|znJ7xVkU8)zu7r-KQ@ zeWI0{4)f*=`1OvaQGh<_8+=A78XC^uC?LSyniUchY*$ zdH}}2B2O-q;!i~kZbUs{fI{N*Le(z=&21J``PX0cEFPAa4tnN3p)8hVS@ago95)^e z=C4o+DM}1dcwWD>0u=3Dq+}!lEQGvcZs><(x7q(;K$iTG5}PKlE8#C4P`3mLd}(Ca zyB{>J`XBYBgn+J`5BlY;FsCI=1V>)DV$iZ7yDkN<2K%F2%+o-L(GSGj4u6d%8y5@P zntigRk!*0VoLnDa65m5$En|{MO+iWDa*4Vju6~YjJljLvr zYRt0w66a%D%;9qvYF}#uYY^X+Lf=^5(*)zaYTBvYoxol?Jpl;gv0xBvZu~o)Y90v{gWpDB^ir-+w5R z*7hP10RYFl=?i5?)PIs7p)v1b=|R-8Bh(>c?0G>~lLY`}LiD+xEKijNG1`7E-_t^k zsb`dU6;JE0JLU4(4^s+pNMq`Nqh@F_9Ou{T7ZGSuUn-s-Zb6BNG6)J5C=3Yl=0Efs zp+xHesk6@*(+`=@OMk&5uu&jkx)xxyp@s*Vvad_lK5HdO2H-H?Vxi;S!}{$rGzmXL z3t8u7(F6&0AoujK#4hi}6$2X2 z!nX6?B=0Nq&HSnJPtknALkj5dmczX!$z%ie16o_IMlASx#Lt3-yzXEw#QtylP#a0# zL6#34uq94A`K?rVHJX>-wtKZ1>A+4ldwGL6N{cG%Q;W#}Lfdb=6REcHy zo2pbzvx0}B`cv4mlg9=(2*y|)&i{P$=Gw3+6;n<$8&{E@+dzs73B(GJx$v}HGbi+Q zDQk+Mf=|Us;xg<2Ceen zhVt0^+@eJdO@o`HwAiJxTE5Y2aVyvlcWmYG9x7Cb&4bWToD+dU?SrZfrvB}MRwy1= z2)HO_4WTm%){VJVDj)PEnlmT}fI7`g6b`tVTn?xt4y6I;4>mn*fJVCYJHaJH9l2?* z(2a?IEqzc-!hiZd3Mnie5{y6IV2){m_5SNM*s-u$x({^GPs{VVXi~Y@w*NIFltIt) z-J}`;CI8(eUfqTdiy~80n1=87=BiLcp@2(%H(-#FoHruDP!g*SYVpNpMcl%2zq~?Gbq>iX~E_Gm+cFe z=0TP5xEJ-Qi>eg^k=d7?M%e3y*QiqBTBLydj;yk6bwa}SUb)KnL>Uvv|G$#!40Yq= z`}@ye7j`9vZEWGp4Wa}{$%F@!M>sTS7hC8Dmj4dzRwwd6TGfTg$n%hzD~bEJjrbuM zWbJlj{0Q=Bq6-yX{VkdaVi2v9%_+GLPkP|vk&`_L z_TVFAoFWH`yQAC(3G|xbgRmz6AJN2g2e2k^0EOKEM>n}w29bdk+n9*?H)tEg%2Q39 z^DkZJsAw6W0kYb`D!jUh*5DQphZ7Ew^yr=Qok4>@9-VBCq1|^{+xTrM70Q4L8}}NgBWO7elBZ%U`BNNFji{F$VBL1<~t%LU%E~wxzVjzNlVAxq`O6CeWMSOrovei@pI zC+AZ>>ZhkX7RYz`?hA5246sJ_K603N2JqvGOdcqhTXpwDMq+zGK@a5j`QtA2foK*= zlIpmDMwvE#2?@-;@~wET+f?07Vk9t%ckGk7d_96({^c>-@ReT12c&O25Tji2q@Ew3 z>q(g3efGi7bJ4-R{h<0!30!lsRi#CN22cEmo*#Z|pn(gzU!9%oz%~UNhPc%aJuY1# zOC!)Q0X6qjNODmqgWwx}D2gOpn1~u(?Dyf&4Jjq5;8J~Q~YVZ=WkOAZ$CI3uE07qk$SvFGRvbbXh zr~paE#{_|RIG&b+hrN%Oc%R3gA1G?X_J<(8{xgZ)Pv~yqDVR`FoJKv;=GK?qx_Aco zk)D;Ie}Oq4+p_vY;)gPVzeZOyDRVa9iQ&i7rG zq5m{aTy=ao*$e4#X?B+v*+~cy-vJAxS%5xLR>=ejsuL18n!-i!kPdd51X86TX@%B+8v<VSJjAyE?MHs-G2r=M@BCnVHa#LG%|`u- z>&^P663>e5s&O7~{Uhnjx*TJpDEyZYg3BPLAR=PO9b!y~nfUd+Rj<`wf7Ml~jJ(c! z&fd>{#pU{fkM7MXaO1aqfhp~Nc~rWKV+pd&WXo860e{?g2iSbcTwbCqL`LRG>Pqvc^W)WwZ@TQ}PI+kc&ZA(O zXP^7RDhUKvysc;RYuN0Og7lOm^8;~t)RMYgj1AMn9QQpvL8_NaM_(fP?0ws4!S7m^ z3j)9_eLQeF>MM+s$!Z$+JtjWi?hYwX%p$^F6v%IIB-#@$W8MOCgX!$X9YK!NE(i{| z?y66aO^Zj4kIlYj^N*q8x5Dh}_P0ZAC@N2k*Z_dnu8aczwR`z2km%8eMx=Qj{@kto zU4BIonN;vvZ_DCU;o)_TB)!MOGT6$Z%O0kuD&5z6#?|(Us!jw&x6jx2YI1Ku*_&H4 zZ}i#~nc&AEnUG{P0a0po4cWtZS3ISkyRBO7mn4t8 z)V}5Z?%LadPIC}FlfMG}r^s-g6|h;Zus=q$Z>?5`09EPIy0DaCtR`q!9_?e(FZv2( zb6^zyvA^vdA51#P0RO)S+jZi-;kCuMXbTPmoFf;Y)hm3jqIjcGpLa&QmpbN4aSW`= z50R>mlI`|KZqxSNaK&N~YtfCq5yFFR{iF}h6>n-&=Ko{|LGuKGciD!wo%Tky|Ab>V z@f!S5@(lqhhj<=!n*2LRac9>&s<;nIyfHtXPT$R{)Tc@=Ew2QBjI%BwcqnCoT!LDlMgL@-Hy1P8Y~7PKgwybNn<$^1d4R@l zJ#Ygk!=BPeJ@CjKPg{v~V$DvIF`7(G0t8i?((QdwfM$1)g5TSNW(w!GfP^(id&m;x z8ixPUjv$fNI8@+bJna`4#4;gM&d2#93{mI^1A=~zS4qrdU3#_#*nd^?B}1T!7ec59 zpVId8f@+;`tbea_QEqTPr$-A@12eYRd(BDXZ%J-zl!P+3-o$XC zjq36<@aVYSy}oT6i9=ti0~I68T)WM<|MCir0TjsJhWJgxgE~rgYtk3HCX)*&8;_+g z_Rn&J5jw zAnK3wTa51TdA^wF7s_e#9*?F(Y4p?_j9&DGaUW2BClOI>n1G{drE=vlO*E)#z^J^uR*FKHxcTN_?loylBfhDbzu(yc;2=A1 zjo#{~zyzxo2He~(c&Ozbo_}fY1=(DGdVRLNd%9M!sBR?jLwxreXz8^=w#}5fIB^Ed^!x9{J5f1o_ zcR7gN@6Fr7ha)5Ai~C~96X@^jRFUb81;y9z&NJS9neUF(&r`-S=44d<(Q1VbKaRItd(u zDW{!jOt(yrJy%;|+-6g`?!^nD8#knDwqx*oko<@8pkNCHqkTd-K0l;;f>glkm1~5v z`b{UQos0LIxYNgdu{ZOKpyuymrl1Yozj4^bB_ba@wG>+7^~*PP1jmZUQ?E5>x3c%q zgG#P6M`YEjsnP?vUN9CwpNl0ax1ykq`?iH*z83MM(Db&_m}+~1UY#Rs`# zF(+ikp~8m{6upsb8H7sL|MGS)vgXYo_$gWU+zv;pBu?mczn;=z6G%)^hCR! zJi*vK#!uAsj(_7f2>mwx0Cp@_`0crdVeqPw!;dL3h%K$&f}1h+UOu9zc89f7d_qSb zKWdnP9;2nzHG+GQa&08baTE6$KV9_hPOYb(S#Nx7^MdA(F(PZR59%%Wiy^;CHshVg z@5o)K;Mrb2O-+cg{`xHY`M7+HMCfwCIW?`cLu#9~Xmd0f2Yb?hb zrLiNzBJMKz)ljj`*Up_{5p490CN}xPQ%9!5roLU|wlc5%<+>GyTP1Z#PE)f;g9Un4 zLw0BX(!8|-C)qs&s=2I?-|2`yG;8{>F2&bvYHf!kAQXd0{K~2loc}KjzYwNJc#iE2 z!4o8lXPfhkh*vIO)`f_~ywbv7@%(Z{ak<(b$%gH{(05a>ykB3SME*|e3HYJ~gIQc3 zYw*IKKL(c2Dz)nw0gXLu&kK3o_vK;Bx3jG-l_Ba zc-dlR!WPItp!NygtVC)omx3qRESLSY@cS;)Si?Q!MUMILo7JXM1;@>+2Jo$$b9n3z z^Rw=?jcMO+H4sVD)~OSzm$Ey6PQysYAy_O~xH;Zwb@5Uqp7+h5*i;gUb>x?!+UYm)bU+IfL1S+bQ9(ySAiQbJ(8|zr;8Z zrhFr8-Me2xCYlb$Ct{u1Y|InIc;n4Ks1YAin>oW{Ss-!tA|>Hoi4V<x&=;+?vj2Y3f;ll(pLE0~mm%mKJmpRefJ%-`#j=`kDN~CqgEHvr5xQrUlQ(?PRMaW z%wpv3C!9nb=|k~R27JANQf*Rm^ELF)Htv(=v;ubv4(ha>mO>*8E)ms6>a zIGdAH6C4U_CL26VX1Pay?3NzE_qA>gUki%z`-pykxmZ&BdWud>4QowR-{AXr=qkh4 z+~If&cN&F2AEB`0XWg>Qgi}L9yf(_uZkR_-nh$Z2IJYd+z3}Id^>|s(%FjLu(rtbB z+ti1?s!S}ZvFCi>Oo4-v^Dd;u?Z zhUgRldLkV%f4? zydr`*a2*K_U4W-e$? zSZnO}=Xg%qENZWb#onOnEBL-d@z>sit4X%M@JKXAk@3HhFdhjjGDpmM^1Yqi9H*@zs%$05Id-xBxA$JiT68muj;d(HVLw0v!njPhin%o@psmjLGEj>}d$c^h|i8ODLZe zaaAMT0!Q3^&W^s>cq6onYloPueU+c82jzv3$^|4n5aCd$`N)>u+hJXpD=6I);)QEf zrisT*m^m`&T-W#B-F{x>&Z>2kGzs%Dft=Ngd!V?pcY1xU>^Tgj4G32p9s5mRcQW5h z)p#Ez35ABIRTK=E_`w@H%)Oe{((8VmnCi7uFW=jlBT12QW9Dp~4s?DPOxQmv5tG}+ z@T(E{J%Btutmdf@iyy+v?FkLY*sS+EbNOunjRYUTltvGcQ<|;K9M)ZgW=P?FwG~c> z9hf0tSTIccliQDK>6o3ihypyE=D7MbZHOMP$F&08Tt6m(5+N$~BY}A-R=)H+Cddu|7&`ea<+SMWi6lwFM~t5y zp=B0Y3n^qp0wdY193Ylto=vQ&QW#lx$`HyxrwMlBg$+K7yMw2S;Q>7yvwm^?L|7r* zxwJ^GA=#`{Scg@~LVskzY@ANIdARd`sg4)Q_r^qjPC|YRx3=`$tYQFe{KckyQ}HBv zyu6@1AfP>X^@=tM41xuA*OZ*Z&-}{3Yxd;si(lye_OZ_54Y}JV@Y3bC3=YZbpWPmPqkK^nI8$#p)g0*7{KQQi`H(g ziHZpL`t&-@(%ms&Jx&Dsh$vH<|7=G8_~qArb>1+!C))GDKOc|SF}@^n2N$X)^XU0; zW>yiI5o66SEMHx=KNvmjO`9q><4N4+(=z*?oN;!rg&;)l@^6uVx#$?*HG7JB_h<3P z^s0WWsslad5~9_|vZlZ?Sk4ER)F+0i%p>w+!Jwi!A9u5`AD|(j6lNZc5E9#sH7U>P zE2?yC{S6S!w7M(YJNrX6H=_?Z$ED*RhT9$-G#S_^xw%zr9a}e z9W3CO;nJ0(NyhU88(|q9UZqR; zRihv?bpS3t4?F{8CjAKRpl}Jb_mi?-xrE?VT#v|qU?e3eh~+&L75}U9hFpL6jk`cb zbaV_q3sa&k5Jsm)G_Zsdy=Z1m9eh1+l;?+B+;ouZMW&r zLi6`n)=!XWKU3yDvu*Dy%3qj+8D#y1X6@tN`iXzedYx=Ad6ECnx$4`C8AG~w`T`F> zevTkGTP312F1iZqq|gQ1TXBREQEETZHB;2EiNsWjx}S3Q=&&4Kz>2gvw6R6C5dJR_ zfBU-a4P!uE#V`GfY^?96ejKGjEA8t|Ie-W7-E}$0f)B>IR1Syu??OFhQ8@wIw3ql# z>KmJH$gDjpT|pz@Ve%`r2}wm%TJ;($X(7y*-RmmFixPELa%p@-Yu~Q5<6UnNdxrsv z_ux^3+5?8tg__wf>41jc-L8$*af+9GIoC0`$F1WHKG_$T7jOt4DMaBpYChep4}kC5 zlnj6^p%LL?5CmZ6w@@GMO?rm}0eMPu_Sx6Hr*Yw@;0CFU>NS~~&zE!5#M{wwht_aT z{c^>zD-SGSx-YQg{e1tWt~{g#oP*w8z0&sW*lEWo8< z1Mk0CQY+Wqk7HEo{IC+*gx_4A_unD6rZPSQ;U7!riVn}LeXI_9|Dx1sh;?hAvm@MN zntC+SHJ=0@sPCXmiol?$rygU`(?8cgPUm^>Y%$386L5SJ^(Aw5cT zW5jm#3W?!#rYd3+Pv_fBH+uligPMqMS^l}WD2TuT-5Zh^O`VC`@nnhnuBk3?rG z_W>|0_oIA{^Y`WicAp2Yy^XKvmhVR@lFmQI<8l2+LuwGYW52f3ncY9=$E?)9lI&lW zgT0j;zxi`-2FEpq(_NV4-%BUa54Z{;Y0L^SlO{^-a2>w~|MM{*6TEY|hP}{_(0M9+ z{*a?(-k$nYL+&Hbx{b?ScjJMa45?4>o1FV;`^;5NAHBWQbXr@DZ>{&GNyq?%@vEE` z`L=2E`GggW^@b0>SyWYy*d^Yu+lm>sIsJN_Qed2(~YGk(|3{H;5!HB_5SQY)WRYLcxI=_QI89(DsFD6-cKObhXnZ0YOK)x?NFV;XdN%Y=P@!@ zMFqbg`^}$xJLYm9XF7LFHi_L=xzV5TcLu2;VB$ANRQC5s<`H9N2bZx4^lTy??OikB zgW~;IlsPn0pyeLEK}(}3W1UaH0wmF3KyZ4O`gCPR^7d9lg4hyLiH=A;-Gb=N89=)g zPHBV1Z|jY(dzhhuPl|DLaEgQHela0?Fro_)%RtS$b?31FG6 zZzp)bcQIHcFl1SLIA6%Y5$fxje6j>n;57@%p7Z0TRz5}=Cy&b?`~%~8+|4Ic#o)sx3|9Am`D%YJbtG!CK;iNN$dH_PXE)-&=DmgwVyH7ynM}vPDtF3N96S zbYmq!uPlX`^x!Sbv?E=gAuc8G%XbH~H*{8e?HAsISE_t!Z5}!*Db72qXMDoS*2prF zdeP+NvBlc5$cAob>#1yC6}J zpN5UUQ{QLupuW{Fz-M^$fdNz9$+TkX(i>^GDr~XBdxi-aY2TH9BcNiz4~Nup^z%LL zkJ{gde0oL+y_sRMwvwdVjwdkY+98q zPT;8mckB1qz5gH}`*!ZdrLO%!Ttna_O8R>|0#IYlQIXr#>nJG<|1N)rN^1DCk*g~h z(faSreXZmD)#cCikgoLgqrku4nIwT^^GlfdhhN~Nb8)N9FTVr@iMUnR1qug)I=f?^ zQHLTpv2R1w4Q(52edO`!E4bedxY#c%P2<#-xBZ<-to`J^ny+ocyEJaF>wL7{c}U8Q z>*){Vy^RS+U0I84ZcoiP(_r~*2nu@^yclZaXWwLAYlG8$;QA}H#NZ)e<1~1u7Ex2?*--W83vg$ya4}hQ*o@`R&&}Xk!>*gE)>*6b(_p`7 zX3c%RhTR2#`@Kdb_vH}Z9v>y3gICHdC^gp)c@U~z5Emh)0wx?93|SHvX$&reJifZ` zY=0JwaG3t{W9Nx@9zR)*eSysXT?*_5x`}Ya`hffP9Br>hPhu6I-8x~Rm2*<0GFo$^ ztZA`3=aw7wH!5WjzVkwwHU9-E9JfQJ?56%MU*REo`o3UuP1&&&Nf8ZBrJF&1SkNSD z=lB7YFyjr*M&d&c8eHF=p7e+-h>(jpDrbCgyt;s9lhTvPv&y{NxC{p$shqX#bi5#KQU-@e3?{6JkLo-y$?D|?~1;~Mbezu4nz zeS`r2Ft^73)CuN@PX3Fz_wcUWiiJN}T*{8;eTjPQpJV-bLEiF&N(gnCEML_mzw?N% z+TQng0>EnD(LIkvO1YnvJo@oVdB_G-7N zP;sA%YmddZ1OI0~eIT1)v2_QVNOoKu-|$(0o()9Ys;iJ7BriEhN0vUhr8r}a7$MBJ zK+_?IyCLtNv+TOB-)zp%&^3JJI!FCwFv@wo#)AKpKFQv3&+M{}_BV0}#3veIOI?Q} zqF9=VHcLN%mpNtFZNMokqe7A(D&Jj-a!#qhW!hhav_G$gu4m8Xtsqmtq@Bka`wlja z0Xk4iic>Yc0aqCEj6n;Yb>gMDmC(R?|p-O5Cv<8 z+)NgSRBO^knsT>%mixsy3i}4Vi}^*BX!?2IkBDm=o(zqAypOE+y6K!N2v_1Iqy770 z)Wg%abW%VChFk8tA5AE$$lFh*v84KR5Z(}LjekgPK|iD*9w2dB^()NIe7MSl$DAMgnR9LCpA1>wXTDmh_c&m{@^02cF`ZkyLqDSVAkuf* zca1!=AHymW{`?s#mXp4)V0t4ZF1bq5-7^UCehV@Ae4cH`l*ijAQeI^LKG=xgLS-q3 z=!?|U8$i|c$s;gAvx<3$-!oWO^F9-xjd)gKlB>_xj4>JNgckmZ(g?MJ^e)URD zE2Ea`>H4uL^G3#Q{yAm~Sg^U6Mu{>G1dMyAu~FoF_`?8^ds$=tQ=t;a&Op`fKRJNK zd9d~m4oA8ESiJPMjud1i-@_GzL%kpjAxbLXSWIR`(i2isxl{y=R*1A)pRXak#)T%|aj(wf&m8Y>z)`LJ zv#Y6t*XC%~{yakd_&Bf_>U-1B8-6u#TfNZ}HoB$vi z@U1Vf7avhG`i}E_8TP{w!WLSSlK+Ue*PH#`lrLVM1q z%%-_My+_d15)nW~1Bhpf9APgHlHZ-#FG?C8EEueX)u8u>Re7*Cl#q8-{I~?JHiCiw z>i(&H4oK0!MH}P&0o{!B7uP(-QvLq6pUiFJ&hfs^eUg!jiR$3dx}-WL%(P+;Pv zuG!-l@RVLfrHDzgHt-HY+CDJj57=Og_SbT1ZQlCNAs1G4o5p6;_$KdOB=vN^E2_wq zWte@x0sd&DH&(!3g*RS-zyQ9(m#30#mcc!^yt_b=X2oc3ZwLH1p{ZqYJGrgPJJm6{ zW4^8R#4ynup2U55C(QZf0(bqFKRs?RS$b8acKa(=C;jnjU7fhvMRO%E71B#&ayQ1; zNqmq^yTr`t9K^Enjaxh7H`&|ApgXHr;HgZA%x~!CZ%|YEylIU~LU6wDW|;f&nizCc z;2a`0WP5Lld1Q)#KPkkPd1qM}pVf*Y1a}&ojq_emLYKb>fzLH|t*_Gpx*_cC0*r3K zR>oJFu{AvM!8=a?XsNKv6%O;jQ8p@>;UYjapMPImP!KlD5wD>Jf56#tXCyOeOkUx4 zs;FZ5M4tR{lY{5;Ms{871Zrtx_}snaD3R(QnVWrk^gp^mHXJAA?Va#SqsE}vP~Q*h zz53}djEm>Hj=y2`3)30~mv?K7JtvQ+jbZRAF0!U(KDRGBEAxx=NLj0q!J8*L7#MqL zY7WnK*lTCXQ1)x!MGkIGJR0iwrf=p|^UnJbC%m*b>`nSTDFcEU=3^cXE zD334oAjVndUrb848*@nCuRf51iQP}#C)vrNrCQRpRkUnk_*{B-__aeGI{i7pSNQXG zn~L;D=aDk$<#j@P_%9lI76Nh|!sFO)l;Z!kIslxr({lC-z2R4m^@49H z2z=`7IiwdQvK<0vgZVoZjp!vg8tNWPEAtHmFd%3xPT-9BzzPlR*L5SE<=l)Jf^ZWM zfjk_JGJP?c0@x55`Bdk_YX(V~D84{JI%N^&1p6-7e4s?!!>xBHx!BGH3dxFnt zfXm6TrG+jA_#8Onyoh+m1ZCie@d%_fbN|?FCXR10_7&q~Iy+HPK1Ifje4;;mqYkQY;sjY)NZmo_@!$*6N1H-Cy>#l)n~z)0{@f!OmpDeEPl}<2gx(mIQ;~OGXF4bEixHWsdw~ zPSEki+d!5EgYC;tJXiW{+4iafI}FF;<;7&;>pjo{d@FuX7w!D!{a-_U%=-gb4f{tD zmS^Yk@F88+)_q$LBawW&FA{>q5Tv9g2l?{la&K1O`yTc}h0Z0B%jJw%_`vjt6Lb9y z`!(d{Gi|-soR~#_F9+X_@SZ?d3rd}G+roEI+)wfSbLR8{5Qs^tyS(Ne`*R(&ch}2m zEs6*fsj?T$s?scm2dxEQb6-knIJAJ?ovCBg&iVd=gS&&(38(x+x}A^v)%e8MJtMvs z-Rbt!W&vrq(5oAP^@QGZ3SX1Y{Mc)l!~E>OQ<*OgC(=zHbJ_fI5-ZZ_MYqG!l0B2T z)(J_}vQa`1=*F;|n&;^oY@6c{cL+vmzqnq9{cOFd9TF@`|3!^w4DLsCveLbMe|_$I z_A(k~)8w7lRoY*IHT;vaU7XSqVSQ>>FqP`03sQ?bnKs5o!88!kxv#T7$b=ChgCoa3 z%Jj|qrS~I_-a4sYJpT(zWc-qK2!u0#MHVlpRCufn8xuL}z=gQA&B02hn`5(&QMtdP zr*RV+C>}1}m5#@|%^^IXP4?Ss7r$z!s-w~-Im0nn0+ezuo?NY7DkiNbMcj6$BXvxW zZ4$}8#85UKi`L+6YS->58^?|?9>ATkrYd}k4X3xODPw1kZ?K)>(UXA7R^BQ5ZLoo( zPu!#rpnC@-kkN(PW3zj`dX#Sg=-{`{6l7HXw?D7*&pm~dLXPT^Sih7$hU{XZtdqTB zy`dG+Bs88QitWo}q_5&m1n`66ne9uCt%>y^hRW%6C8Wg@+3Sc4kW8~j>XyQynNZ;szJQ?Y9jhZXu%4bQvcp5pk5$FpTiCp@>7#I51 za#tIGoQ9<`^X~MeP#QN4xgsabu}f^de%c5>$EDO8Jss!d*t`vHw-Vl8Ct=wu7I{3J z=YVV7v|sjv>GfDKuqUY-PV5^tnEOd>Q`Y^_hCMBJ(4psnKffPC8dF6TwaMj6KZ+xN zD@NRMbt@1GOY>b^c%Rj$HI9x;d#{S`wtq$)AnQ7UXH2+16H`sc;e>4zvtPse`zHsN zl?#acr*r9>uAb-OIr1hppQ>fcjwaQ#Pfym(!>23?rT~tv=@j0 zBk$5B?(17GT3?oVyu0=qE6EW)I0-JHYD77v1 z9{g`&Y>Q0&K+aIOwgU8(A+}3$N1rzPSeHp@8PnMb!(k4}mCP z)+*XUXlYvoCN3x2dHAw|vR;|H(x8wMLWJ%m!bV5J5LSs*(>b)5LG?xJjg^tZ&%ZK1~37QUEt2 z&L~Jgu>q*-xj+cIm#G$*WPN|{2FLQ@V}XuyIAu1>gnpa~K%LMQb#3Zjc#9NUO#LOI z0O`QpT=nG&|ErL}z#HR%;@MXTCv#Ur?yK!BoFLUqFy_$ow}ga}09q)u>~XDrV@b%E z{#z_EW^r|=#!0xZ0NwYlfFF2UlC4_i{p}T7{nwCkBro#IM1a|JW11NXh>eZrZ!wpz zQ}J}ANt?YHQ=Wb>qS2?}D~`=kcOX@;aGc7&!aDSqO7-;t@AGBh=i^r0KA`dkZ@(PY zLjaPHazVpqzx9#I8vz!1W}I7K)kjnalW?ATjadO3^~`f9u8vK=INSWJMqdARZt--NBX7R>6Riw8Ucty}uw0?OhUhrN^6Z zP&aRdVSLUx_j6<&P%1ClGnq{F+#;i>K8E1}(K^nJ*7KX$I~C3_&rCP@?{^J|y3|rF z6TKFAF2W6nUW&@*AV$8Hd&0IEsNmvPiw(HhMfY{2_mZOgk~K29_62ld*J7>Q+AF7z z5oP!1-Z}uu`@^}cE0Xk+0%@@@D?tihk8ykQ{`z>|`0Kgvdp}41xP*im$Y}W?yqx2v zmuCN>f-Ey_x$cM}@My}D-VzbH!?;Qc1_Sq5vL^d>bC^~I!!-l2RQ)rB@0d=T2kD(Z zlfs_H)eDmHfaIM}A%t(>yAN-?uUM;PFF3gS#a??~K^MQEO7iq%~2LZ56aMz2jaWUlHqTDIAyY2N^eaqh7!sMK{X zSzRo8|-)u0NaK2*EXduhIJUuIJX{b?d#g^UmYwjeWy z0)BL#{8_{^;!?oO>EckCra-m~RU^TAL1#3eOF!D&5y}*bf!a03-KFIjIEqqj{0oVF z>LXHg#-+OMD-)s2w35XLSx|@iv4CpL#B-W~OuwgL=3U_gt^fvay!|5X1`nY_bj!X= zzD!BFK8X1(2{G>5uUp2tR3LrX`}%ei_wwjq4i}A3&!>e=p!>GW?Qx>=ce!n9!M==I z#b^qFKDakddm`Rj^5^?Ag0Z5@_R({XY2>C_AdF1y4b1n;N!SZ{E~3Zeb)u z*gPu!cn!R+SqbXgllOK=6Bcrv{rTOAx70@@!BzXAY(?PJRQ&NQwC~M-icl{-k+Rhr z)SronM#sP2f6M*N+t-UgH^+3eZbjNWpTy<813BbFLLS^fLPXT7zdtSz-Dy5jqqrFP zZ`u2YIG*T0h_%s|*uYekfQ=|frEuIbxMO`UjR)54z~ErrK$Jcw1H1Y>$u;Y>+~5Hp z!QoQysbpoqCchDhl9~p*@v;-1sPP|s$z~D!h|5)jOqgr{P4WzYUZf~pY6;0FF+oZSjUugFH< zUIrlyf4>fn8BI>{dn?L)(>rm5(p}@(ZY67PXSTjvykC~-^9s+U?BP?^s%^j z0(U*VRe>O(>4sC``g%XPN1Eo^UejJv=i|0-!V7}REbeK;q3*XDQB2_o*jgk;y6uI3 zYtky@d{gWNvlO1rvR^EibeyDL2h7Dfmz{OKs{zjB6VlXA_s8R-F_bNwT+(`v95KdL0S-bvjt=WeA!1!I~{9>uY*H&r-YE$hODvfm<$v^!Xki z`P)GgN6~h{kg>7Lt)1O!PAbNR6jgtDpYq$&=?ljsj7eK~V}cDSMEnw8RjxwfgSd!w z8HY5RrX|KzsTO^j416g_D7I`v%xEY>L#mKQtFwJ(YL_$+q2;V3K>mGYx%lc3vr=?% z6czJO%~ej#%=s7?2Sc$B@pn>B^>XJQI7S7sLPRuV@$GLD=Ot~`;e!Lyw*otxpkGAe z?6uXyGV;!fr%z#=kYtVp9a|uLKc}U;Y85Q#FoA>0`>Sw5C>-9`F`l1xGfZ0ENd;&o z@qE2o_fY)oBY9l1G;DS+_j}J@+Lh0tv;wAaK5B~exMZ>D-LUvf6lbaNTYp4pPQttS zX&-m7);$PQYo+tF1;|kak_tEvUUdDNBU#H+?5?S0<`V0H8_NQr$YrF1M+CFRf$GznL~(dWWMSFOOMOQx*(Ainqm zSRcq@OSNz|k|;Db>Ro>8&pTSqlg*O^IjQOgQ$_tD#R$8E=J{g_TGiqn<{P$|U@E;* z=RAlftkx6OaKw@p34S1iYPk;oD`*Pi1r0Z~Ym_V{M z|9Dl?I$Vlfy>oi$3!;>6NCQj!2~l$4QE464-It*))?1Vj`mwPUC+1}Oa7mvCNIhPj zSW+Rftn2uRbomBj&GYGk-jj)}*6d5m`$4#03O}(Ymi=UCG>^-NcP5^|m-a-rAJ;A( zAt2kCA&@TUA$s6+EUq;BwY4vl)^w$DsY}J@W_}zfkwpO5*!$8|h;nG+SMAJ=cQ_6W@OzTtwjSWL^ zng@=vUKf5DE*Tl)*$K3cq=%;*gmnkH1S}%#uU8cBxGR*_V>hturS18xz-!~=FO0I+TUGK-PYSeOA?4ox0{L#vFI{AsBMqAgt zTk>1)a0wY4DjtSlw4^iupnujiZnD*0azNFsV94(IXK9``-M zr`S6T!p*KqBO?#i6OLGXo5JlX$Zy{0BX`6qmx0B7&v(wz-nd{H<-_fJ@(eLswp~$p zS~VtPeD2L7?;f z1Uc6Ac>;H%_=9)6nnwYHQ(=MvGj(aveNABhT(HrVf=r6=!@Td3(}-oY_0@0+QK ze`#=+^!@QRv^l;ZQJ7uu5b^vqihC9TqP^X)9L1Yh0EBMt(ni`R8V^qGAWta~bbi{X zkA&_+`-6KHL`8Ob(7kOmc6#YD0c(CjqUzBbHa~-d#ztfYQHLp z0e*b&9ao1esrH zC(h9sPS5LMIwsdOg6br90ZP50*iJ)qBh~)#Iok$CMNwduEo*vhsvw31=|PtLIBg&XF-p<oWswh9NBH!w;cszcuiT2a8{z?CEd7t&`T4dL!`#OlAXsX2*sm2Yi#r2W_nx(< zU)y;=$JIT)A4_40Mlr^L#O}4M-Slzr+OYsKEB@##H&l{^25?{FU(IE{Nq61uU_gOi za--NEzRlM@J55*BGWXrTK;F8JW<;1Ti`-F=eEM^PzmV{zR)@9}8+SWa)z&25d}#(A zAtZN(XwmT`2BBYdw3{|~+L57*`ccTX_s70{;B(ENv_jy`BKgSX*WLoXV7Bbu7^WBCxp zM1N61G``O&l{)I<`M1p4m|!7cIMbqey{VT!-mAg{iOZVq^5QR}31L8f2X1Q4(FWoq z4y3`|{3%%C=Z&^X ztQl~pEt|>5!;tm(^*(`}1tG%-5n)!(8o2?y0dm%Ap_FLjv zzPLiWZ(A2VU>FC z_KWj*+#6Fv>tZA${jc;~n*i}ih1@K>p`!i?5oa)JsB=AX;ELjS_J$CIQ+ZPfRt zYb75>=iJ_Q@%KKEenaW`&KJ(SHZ)t#-G7xe?LZ4U9|I{AH+{cazt(lPlYvxB=3efO zdRu;w3fGN&F3$}z>~mqmBKJJMuIn{p3#8F_q>AgWoM6^IcT1VuWdiibmaPlTghzmJ z`}ay&2+k*2LOu!x)Gl=zt4J~HQ@tHExpO%S60B{?Ao+pJK8v1^{5$i43idlD6b2He z{HH1V*t^;3h6Yxp(EKw5kyAHa9?(!w#$f*(jg{qaeLOBJHf#{9FF_S9A8A|Y=bj2a z1$Ls&S9PAxfZj+ltT}}B_koXvxfKtWrCF~0oSG^J?H~TM zIEg}-D(mhb-zBcaHEC9GM|RH>Erho}u8IMBPB!=OE zpRiL1x$E7#8f0A#`V*_3U|xQFgjrdJd(dDQ85Tg4u>p|y2!iwT@uzxOfZ%w7@ys4A z&UEp``u&OEVip*au8RA6xyx{GzlSN%Y~ZAgpXi}N7d{_Q2YxMl{v^KhJqeZH6Wt*q z66nheV>Fv8=W`XA`V9+$0#id5?sFo-m``!eC|Q~#d0AtNx~>B*)I2j8!>!R?Xb{_% z%0plpujtb%w!>7PBY3%@q)J9_QO-NMHyjD2t2f~l#ol+UoHZKFK0>k4ux-SqW$+FC zz27t*8nhptyw3q@mS1d%Q;_!N`HSEBVM}Uu7+WeE{|?4|X^?Gyypb6_yxar(gK;R7 z^(!%TI20@S1;g(cRf4J;zq-aAM3KCJ~Hcj?wk>j1T1s_&HuO+s@zu zI+2`8KC;!fQa}7XRM`KCzMC&onGG0TXFnd0D7{Q^$X~@58ld?ajW`JW-41pO;t!<^D^3t%r+ z596mOTN5Rf@49d9euw)*{fthy9U~g;RH8C=XAQ$~Pyx9r^oJHe-heb8+=0VA!fQ>< zEi!ew2S1d&=5uO;kHb)@IEPY%xCRs)x#&Smz0r8lI&be+unyTV>3;Eh$QrH z6vO^=X`bLmqkID17lLm<(oJKf1yrzl7*ZkyB`D7A>#Td=wk15=AnlE66||iM&8A{N z_(xsNz0Su#NI_*d^|z=IW{T6Uq;+6Cq3VJgTrWIBy*@=oJ*x-q`4&$5vQ??@RBX5& zURLh%O7KESjgP`c@)WGoS$Wv}vfc{tHVIXm{bn=ztC8l@OfkCsDSE#OC0e*^{S5_n z8wyGq#9kBY=Ak|&)c6E&CH}y(+9H|j?*~hIA1`5OV^-%@d7xFUvj?#_M$c^!QW=?B zn!4BWU3aT*8z9(Hob4N*jurVtHz6^e-#sG%Txg$Ml&rSXyJcPjU~tbkqr24+CgUnR z24;`z%S;`pF^Y78QMYgT;S#dB9i#46SUh$2G@3lr=GS5e4LyQNe5kV{)~h|5N#|af zGn1b}y zDY#F}8HFtz)BZj#=wPlwdQC#|?oJgfxFLTHKK-5L!iEJqmmM;|60?WifD@Ou!l1z4 zZ~E@hTD)g5UUWg~9oi>{8p-9tExvm;BRIqHvPMR%|FUnTKjvn$qBA<<-oIW|3D99& z=O?t)2nq;~o*K^>%lD;1^T-bkCrOeXVR;KU6BX*LcYK~<5g&w&PiRw}<^1SKHS<0! zu_GgeD(bh(na2n4rEhh#w9`r2;}osJLLeeTsAyk+5ac)VzB2<2uee`MRujV$`rt4b z1=tCk(OreW{c?e_la`U2e<+Py*LU+m!NJ|>=}V~6dSy{?LWMV!uXeZqBHVLs=*h!( zv#^`sh<+%h9N4%|X{=n;mp*L~Eacmg{rl&y5qYzv=;{u`36gqta?CZTvYb=5wiygj@u zM#iLkh)z~EMvn$_wpgvI4t<{`?rw~rtk*Zm(%kL>1U|I6X0DNMr}wlv{Zrz8_8s9Z zNu0dgC-SCDofgZ^=HEW)dI*!X4S(`~VK8N2C2XeD{D1Cg@#k zy+suByQHjN&C$BjGVnb}3SIj`ZTevX%EV#a5wGFo#vTmPbpvCwgEbptaHYQF;EhNL z-X+pc8VssGmFaSC9VGkyvL2Sx9s)ES?;R`OW)rcViR)cF!}K)F=h`uZ7Bhzk1{+DB ziyK-JnO=@H{Nu{`%DQ~8zv#)Wzs@8SBVN_wGCDv=DebC7CDN>l$Nq+dMj>|azh>DOeMoA)Bh$j*)7KShFZMQ3H z2^~}u$8L(1e6$+m_Rv2}#~Ssy?T1{2OM$Ox^ZC3&7x72O#{63&rwG55GNrA7@w^Bm z(*&dcJZ)6c+1Z_YeP74@gG&sizafxLh%%YS+PUphU>>)Oj0bgnO=F!4V4y-S!$XmVf&{(Rigq3{gJ&3?nLfGEA8C$$J{@9V z8?33Q(|enZ?u<}*g3>a@uy=EK)f2T97{ux9`x|2;kBT>}oFEwboo>|xA}s8;6p)uO zrj=TR=j)f01rqZ%^v!anCcR1eq+^wL8f+$aR7 z{jY@Z$7sl$sPd57qp>jA#+A%}fKSwC{ks&?$J*nKS-<4yP5uJnJ`=W} z!nf5IIbK+4dx#xizVc-~ zY9gHzBVSI&=X#5%)r+AJeEbN|R+nVmV>2BSn}TUX&4k~lEp3V!g8mQ)HT@6PaCIlZLQ9s@rZlK$hlk_$+~0c>M? zNs8wV%2GVKN2DP&as>7UAx4rEhPM05_{PWfru71@FIGIQ5;9}T9Q%MW5qcoVj)a0<3x^wpl{ z>_FwoeL8;*RQNz+8=6`1yyl7)x(=+%+eev>gAWD7f%?5U!8(4f(^kspLg3$DEfPlZ zWxPy@BX`G|9~bH4U91ZxmtDrm&gX22^ZDAf?0$bm=g1UKhxd_*Ua+n+_^LO?1BZS} zoL?F3IbhMfNb8vV5on_Ou#(&Cjv+J2V%~vV1hf4Br*a zv8)V0*VIw>JBb%S>tY+!uSK^<+$$aj>=sUlW5g?Y{F)0SGyM2yKvrEBQ{a|oj>a1m zKBUWIU)cZ?@2*EP|D5R9I#74w>d6jepME+fS#1d z(pslWE4VXzK@lDlm&5&vPqivpfU*O53UpWD_J#lCxRK*JPpk~n;B24;v-L%bY#G*; zZAIWT$mhzQ!r<>NxeHGU1+qJ~-qeqLeD?(h0{NwFEM3Ir5mXrZ#4(TGn(@f1v!@%# zs3{CPF+c%b!0YMH*8z|vd3(0vLwcP~dU8co2^NiBU?ryuVqGP_P+`iF;q@>^I;ux( zV;ah2+wdhw)rQ>ss=Y~r@;Ia=xETH7KZh`3^SKP?)lDe%bv*wKXVBZ-w1fYU%qj^VK3yrw@dVYY3)#EyP{s8rxXCDz5D|(7yCLS1j zE3)lcu$MYCMNc+*%1{_>q>SAij?+MCn9-@6YINv5`A2gu^vX$Ik+EaHar4K65VoTe zaaFx#>|2sVUTD(;S~L)yfaJFBnP`P_PxufHA32`QU)jD%|96ZU9X8nm&n!I<)vBL` zR7th*RevRBO|X1>ns9{Kh=%g@IdYgb@Uv2ZJts+=7^=70x64bL{_J29xp`k7Id zE-34KBl+3*V4G}I+hh3~wAw#`O2LsU zw@=?=4rt$EtA1-ZT#|#jXITaM!k_=J{9H1>RKWg^~CW|*~ z_`6PuK|PvROi{O7Fa+lSWy<4@qPTM`od>$yrC|>o`MrRS<^)I%T8b_#z@V`dp`FpW z6_T)jhL-Y8we^%dAsD>CuwL;B-~yN50n4;F@9aXw@blWOyy^}@;v(#JChrc*9W?+m zLZch-LAW6mR@{%s+8P}%1yi-o@teWr;fY3vD8AmFetcaD5v9dM5A_RN0rp^7AM>K;&>2)8FeNT=&w!cv5YdhP>^dL?u`80}Fw?gzpu zq15DYu&xAWpz%0)_GeZ6J+f$Kpz%A`tK*F~m_U@I<9Avs}ZXcfRrBv_D3$5w; zmxgJUQawal;e3_iRdh#@Cq>YI(6aK}Yl$3K6x}CEs20W01#&dx>j$0Qd$e)<{&f}( z`}O`jg_nkV>;nL;a(Tx#{fLl(bY;GK!6LQ5+M7(%a9K<(+OwZnMd52N9#B@ zfL6{#@li+ng=TA#-ETb9=M32AZZElUEBl4+us(i)sBaGBLM5EysVWy2B@IURm*#XMjK?T>bt)_eQe^4Eo97@! zhLcg}E_@-|VDFK~Xnvxvw(#|HjZWu7Dxj;nPJ(x*7uS7d{OqZ3TZ^B2Jd4+N zR-oe04I6u+SN=&v)WDVu#R&5yI;X8%{IrWBPv`tpB;NUz(gJkM<8(c}WtPy`>4w-C zeOgwt4AjPC)g7Bg(z;WM%pR9PkSO7Lfo692$s>O+?!k54ZmXYn+qc(#YK3K0&s;e;9`gJbX{naD0%-yK)y5 zpCVjpwgZgIg*Vq1(B;K&8^gh7*!V0kADQ-sJ>8Uk{*Plw{r0guD4N{Ic7p~+I4%q0 z8N-_O(o~GZlBZjHX2?uhwpgl zk!+V=f2vz<9%L(>WIsY}NyF!)cvJh1p2*g%#f%w8W1_2&e4U$iX(`5`anSwNV-3*H zJOq5IN3hhkg)~F=C*KMhG&L`<&|@cCd5H9Um7dRvt_6Q9#mgUqMkdbT*DBRzwKzb; zgI(nh5W)UoOUnk=Q6)5aP_!=5CY(N_HFa#XKLsuH8*mN_y1O7GniZafX1 z+!r9$bb>_E$WU5PQ89rJY3F0xp*-3=GKM$aVEsT9U-Jg650sIiJteP?q50>;g>ECOc7UI%um#Q$644na{Ql z&CpP3xs9(WnvL7M9L9}K_}Ay2KCr!G&im*U%;f3rZI1{{?)xN(y9hsQ%Rrc)LBr6F7 z&9e;tKorp(ZT;kf4PSOeB?zQ%?z8t|Xzg?}f>TheCJZ7XT7_*ei4HIzwC=#OoJwz1 z=i7yEsgq(0?U2#O$yoBB0=*yx*5u$f=RI`Gjq6yJM>BlF9BhT<;!6v~&w=5ED;jVE z6}pf6>TXW_71i#KA66XG;#QCQLVByo1M_S;7}_+-z56t&Wk-R%93{=_y>v$dD8LPe zn=`FcK)Cz*0)E@KI}o#TK|g}yY>bblmWjYKL;3PYCU-jtymg<4hUm=1d0-%2AYCZ*cpOC8{)^(yJJSoEF2f5Fz5y0t_TiwGXx2Z_=U~FJPs%R z)M87-q~n^{b@zPTgG_E;KUIf&hB1wA1BR)^>_q2tRc?Xy3$h+9%rF%uQG5{Y5(P_Ibbo*wk?atn~R zOpH9Qn(hTN|g>@JR*1jtE^A1;Czj}K>r(IKv*c>iTb$$f!8x)$#j z^t7Zr_-A>K+tiQ$7>Fwdsv?~8`Si#MQ69|T9G=u|55dNWL=ON0uMwsR7A#aww1Qg9 zwqVInf^jz-Rk+H1xj^aCGrZxXixM)!Kt;w)e%!^^gF5bu7>wOO6@?SpciV!uq}{J| zCdxNyt5a!9*ayM(GpPNwz9iitjyyO)9JRYwT8KUEn1nbYsqSyNc{w{NT|FQmHYNf9{FCIIdC1&GfuN!Mqg)y%@ z&O@aETpj+lokR>#*vCU**y3W2^tP-g$vw3Utyy4Q-Mljj0C}~TOt=1{ab$VFe?||(hRLs|z#8YDsnr##TG)7@2BMIerS)bRB_%&@R*hb>3!6iQRxg+d$&VB49(AmgAa6M}c z&8*ouyhJq#yS(l6JI2*hvNJS=7`~c<7=+gh-bGPZLv;y}W%H~x*{`1YdSD6KuPD3k zO~dzw8~|jz^G$|1JZ@Rr$V~(<2ce;a#5YGRTZLSzGm@>=I%o%lkOQ$ zuKq!ilTG)5@xfmBWpoR6_U(E6CXsg5m)E)x&~P*@UxeCC5GMMI9&cv2Bw%Ez$X|vp zdSjy09Bp# z07ik@{Jbf*wQ&wI2LEhyGb z5xhN1OzioF=-1@dn?E|nUh$w09Mq3^%))0WzTrUj;uaZkSOUzT@}#NeU{%pDIA8me z-ycknZ-4fc(}=8{89+(&e!JdO-_Q{jtUnJHEx+da7GPNDA<2~H-g$UAw*Y8f+ijQN zF7k_K_Wjv{8$$NO+t}0*udH6wi(dtgRsJ{v^*f*8$}OEQaj9PRX|Y+|N+erIr^xc7 zX<9R^y3`NQ)a3X0MrN0_X8FS>n1L*A8mhkrFj}y^C_LU>HaaofS>e4@*2d21t`Eb% zL)zE9?{8vyt(2m%!5*%krBBxS;9#YLejXn(bnD4DV_pS#xc2^}*v})kj2~iq_ot(; zqq*d5XPuS3I0-O2KY?{a28eP?af#Bwi{+5mwwklxWKBx~XH^0l)+ccWSIWNoAKcPhfBaH?bG^goWlwqQU^4a~FkS&tB60dtSEPQW5 z(|q&wH6B7utx~RO;d1-hdTfqF15nqREbOnw%*h*+NV?tbioqQNl(7vOP+rM69}^qK z7j4D|PlEr0%f0!5s&Px4ta*ZQk^d`SW3-~ji6W@=0U+yv`LSk$%@Cx7W&8Qdk>`WL zwx=a%z47{Ovwk;TjNmL(g{7X7=xb!s7EJdse8RJNF(Ab^!#*WG^3@K|CI=tg8WDmB zRJhMksO1Qi;~Y|ld}uMtry#fdXg^F}^*#&Yh2bD@+?Yyhs*XtrPDab>{|DGVJ&B6Z zE&9XyIZg;2&-NVo?|V>wSNwVxf+@<=w1nd)t3tBa6G@2D*s6LK-D2XW3%N1!vE>it z%YTOnpEA}b?Y<}dHq=+C$t+(#!(S>J0yP`J)OI95-PO}IP2u(?JcSgsb#R`joMbCF z$7RPW@a*GbUn-L9aJVXGMK;dZpLrI0c`kA7-Hza3Ou8PI*+gF3y{0ByFgZg-2c-#bgVy*rX;K1s4tDCoE@^6i2M0+ z-{l5Fi4l|j6}};-O@JPfJZMkOf@fPp zCHvn0rgL)0nNk`~Ey}eAlJ@KC3G{=P{rEn{^};V!7Po;p|Im~qo;{$y3|n++v~Iu8 zmp$2|OY&vcXer0FCojagdXU-!y?f8TFwKrm-+Dp36Mc{zbx-xW&+9K<^SJC^k1D9l zgT4=@S9nlM>K8}a9(~mB%VmUjXW~KrBt+%kNBRiN-|BA{ z@E{(=X+Dzeky^;+x>}3_rdVZ{>3Lj2^a(JGsWRYiSOpP}LABhH&-nvw>m}z;)QQa` z{j~m8E&w=v)V&y;UMpb5`}w#8Wfv>I+O8RagCwUy{o^x^MDIP3(N@C8V``dfoPfxJ z;e<=@gXb-pwXB~VtAgs_7+*h8h(~`f!Dqg6i*XJhNrwsxdJ8-XlFt%FOWF$a{By!BD5mPgu3>Z;XgXahdQdsibKUL`0ZfUVX@! z;T;zyaW9?_q#$S37t;&KW3{Q0WL|DLa(2ahnH}N(^+EO=M>#>0`+NxpgfHgc!Y{eg zb97NSP&M4rnBX7v`LrRM%(9<09WtTy!gkohn0CCa%2784G z7OgR-_}_^v&mX}7yq|&T8>b5Kg(Qp{7ai9ZMcg{Id%<@R7xhR(8F~a|qE&q^F;9~b zF7y@nn$TX#EM<^Mx;{$%9Ii;XE3|j6)}hB31@n;Hqnt~Xs?RR*pL7F&T=4!F!;`-C zA86}e@gq(^-NfGwR65Zty?jp!LtJeuP{b*Mi-s`yw>a2M$vt(7jc^%1;$16dRQqg4Zwi@k0UaDLYW1^e_TMYQa1pyb|3&ipJ`=Lo z8^`?e=7Q6CdkxY3)jwdO@$|f#0rE6?-qJw;g4Ms2eK{6qN(Fx2cbw;8uVE53P&+?l zW$dc$0IrbcN3I`#1Yxsg(JzccxqyJ$l9^nl1xa^S`9z-L;&r7Uy2Bc!WwsBPx04i_ z`x}3ZUhkbfGZu2TM0lel{YZ4&nL=fMKxvjKS@XTzTQK!;27j!OHQML);5$!L z?7wQLD$t6fE-ZrbI{oE|YkZ_sRdPG#PIqrwiKMN^N z#UJ13`T4AykJI`Z#ssB21Nm{dUNQq~&8lHWQ1%^+LNGEQ6zyk0hYWDZzV^+-54uTJ znRx>;>q2AGL2MrxphLE3IZEHM@Q{mVKy&9Gilbpr_3Cdv}QHeTJcpS<1<@_6KK6{cWL*B)cY`t|D~+xtqE z8r$a*EMrCJ$<}F{LC-Y7S;$m?c9A$2MCX)Ty%OLIBQr@KHCz>UmRKK z5u5{{i*K!dz_(9X>M73yfzZSm~+SZ%aHo7-p}rfA@V>dEB%H zzKFlsQ^GV5Z8p4sECaIF;ScqYSo(Ya0IsDx*zRN4cgJ_-9oeK9qY?u0b{E8s$%a~3l)KzlN09e zd0d^x1NWBrR3_Of=x{bWLCV}vx(8OA6!8s@kz3h1FnGnc?Z{2rx|c4}II~GiqNGUI z&P=CI^`PB?N~)j7Utzi3!vMB3X$cBGoVPUHYG5>)2_d2KD7;1s`?kRMlPYW%ZqRq3 zg8tMBf(fik`-Al}Tt4it7haGca?b;LpR6kyc57uQ;<|sU2-Hx3U<5CHl z;a2WD48U;ThthA&YIyuCgS!+L)j4|9AwUv8tzW44O}HnzaH)FX zTdJ0z*+_sa?Z!gl7bE#O8<&>+*7Wy}fY7fAieK!ph>O=UhGo z|B_}R<@~Q_Jhh! z!FhX#Dm}I9G13TDz1fC#K(WV$Gq`hjrHTpue)fczjb;*VA7=g@T7knSAY=ArJW`nO zOYuq4Jo+>9_c`1CQu0ZqxTm@-C|5<=jn@Lq(4tDlHI?f7LR^tSX)`ARo(X{yvTYZ( zQy4jYGOB4qQbv`yzw!ge%g<1L{A;_I)}*`?Wo>}PVQ z0i(*W%P%8(6UAw?mc+Yy&Ei z3y<k{nGq-;(_!FYI?`|~;4siTUboaRI^9&`O zexfCydprdg?(r1@kpjVx5_zKG!`uUsto(dQnp!^W$}$=>4gne1V6EEA_GXZ7Zp|e) zZD|F>(T8>47v_j9pTg|-s-M1ndahB-Y;i)zbqrs z9N@H%S$;(JFAp6MS$)ydE`k>K#{JV{i@d=Uvi1);cj$fON;P-Dizv{ZebDrTg#x?l zR67{)he9bv%EJ?T)(QJ|$Z43deX>ewTt*$uIrGx+cNV zW)-1+&7xU21v?`3d)%O>{_R_as6Xu=RsBU35MPDza?0fB^*!JCeYecWWZ9ly{wMKl z)`H1(MZdYnNd1LM7sv06v0$qMak9&P+@#lH1KfmDK^*}6zya{BmeS}&KE@8JDWo&H z#~(6x7j)_#~Yl%JD(cJ`SDlo)PpYzSr^m?U!p!`8SlE6 zEcYXQa6i!}XH&>u`=Ev|kqT_qq*PH!{1xxR`_`1(&S2Z)(M`z6QFH}+n zJ`pJr!0(qw+d7@}q>_jExywg1>*|HPn9@XaIq|i&q(^Hoc@NwpQu2E1gC8ANee;+X zhPqZt!N2L^{k`pqEexmTa?%gMp^Oib>pDjbzw~~Lc7KKM|C53V?lwH4tAd$}8QI}s zarMsWCztwgSdEmE*sg1jwyZ=Jll18z3z!jjuPD~vZqwyQ?kfeo&q9l+amoJ8wsGM% z$(Tz?96vdfD2=jJTF*3Co6>n3qk>PLW-W4XD{_uAj83KGyM7KNcB~e67b46%;>z5W zBVWUM0r{89$69|9^tK*dogS6T8>jq6^t9scnk*`uPj`&1K6V$PtOtmZQQGw zy9Z~b9*^JaaiJgYsqbobj`yvK*S%}al+P_Z;Lk{oPo=fY4xA^9G$!-(dY$9=cQUtF z`Rmlm_gmWdk#U)Gh`n&*D%YlJfn>iFk29TEuOiq^@lBR{9*x@`fqk0TI%kl^sD4^t z@`x8X-iyQGRdOuvPe-$Wv8?*rLwR%Ij6u-8XvIG;AU7>B=ky_aDc?HZm5wR|0?O-$ zpLIn?*+NO?vY`pPZQc;XW<@U**xleTRxE9zSJjx=GHy=y4TGMM^t?QSh(-IUbf~`A z&Z#lxuGgeHvDff8p=}3VsT@m#89G>u6&EjrED(LTyMUN6Q zFe!(Nq3m{qrvg)msDw8Nu36?Iox_fwGN&y_bpNrVDAMSOWMCK(g=HDT*UntPG>b3$ zMoC!oJHs>2!4b>4#r4-v@v~NsIeNQ6~$ec45G`pFH8N@+pg?I>!p6@SrV% zoJsnWo}jy52_){yE_Tmi0Xz2Y&oiH!xp` zFnx^bI^^KD0L;&mg2+=fJUICMBx7;8m-|IIQ=IMYTU!pZt>V-8fJBx(HS^<1U|NUk zYbQK;x^pPr*_RJ=Oq2#?6i1$LPwo5TvMRY>!y=zm?vl)x3{h0Rqr34-l{-at2~~_7 zj(d0l-#pyS^0E5Vgp96nZjW>}?vZ^Zhi6Ty`ck?sNLx#R8j`_va3l8QM7zK7e2stf zeoVjrg*+uW_D$mQ70D8*joH#l zzvIhoG|&LX%_do9bd{gKFB2y$I{todISw%~l~r~?8Ry=PBVS&1cM2If@i-S zqz51Hz#uE(dqzW`Cr#EqKd@8LaX*0oLhn%IwHDk~A%j#d?G_K?Gr2T1ALWI`-SoS; zXG*eZAEn^G6g(#JEaa!pWbCVI=u48ZuiAsh35&DB5&)ss&+<`ID`$95%7Q(BV@YAE z#M4hFlgnUAiEmAEKa=B*1W_pGlg#^Wr3%h(zVzylIu(6tG+`Uw7D-M3U$!p4Z2M4w zsh+y*QZ{f%xLm#}@6!(m4snpM3Yzm@3GqQqR=(f5#$29k^Dj|)z>r2NKp?qv%88id zi2c&qG*2>TofMxni4-l)AP{5q2vWCYlJuIkPZBo4z!8hZjE@b1Igu`2>jO64y#U?2 z=-9onVEXld>pXCyieplgMizy)QXUTXr0Nycie7$-UX9JeN66`O@hpchl6gr|M>MAg zciRk;U_vFj??cNG3{o{Cn4}uc-Iep3FC@T~3UA;XfA6)Dc8s`q^5Yjs{(GCzPDYKQaVi9!*cu>HXXx zetbxuQU*AU&+xPRTHNvXt^4XNT~*jcW!dtP?MuWHgt5xnO$*Mg0b~M42%RuHyK?L_^`IY~ z38_CrGvR2-wIK(7;^TcAXVqrSt4@mvVFxi!CP^SV%9q?*k$|j%Am9fm6R5 z9L;u3t}>5KV>eGCIk;#pAG#5It7TRnT!QM3MTPIKt}3FuEgOCF>pSy92PuTA!Dxyc z&j&ZG(4XVj4TxhnipS~!tQ@SL{2nAHw|{TyWD6!;80X9Y^a}Hp7!s;@&E9KAJ>B#3 z#o4C(ySJFm0$sqgOc#6LFX}T+u7hHm-e(B>W<#eozC>RqgQ#wg7?>M#!_ZgyeOh{5 zCZ(_aWowOh6vk&j7^_BoYSzIxRkOCOcl+Iaap zN8(5YGq*Spf&5GNzz1BkOY@Fjk~>>i`;fv=6f2GHd!A`PY5$g73|254W_{ZC1%@ph zp3yZmm-5R|RTFvj+($gNn<pN2h7Tg~Akg?4Q#XbsJg-M%dH8m}^5k|bU(kq8cAdz{f?ul(Q9Kup`LTiR zFb)R541A&RjnuDl_Ookk4%Pg@zGTeTzn-mZ=|>|sSxOydN*atvl!qKZXzw->DRn{z z8wGdc2ceqI==WSPz50C-N5!r`vdp$h*XxA%Y1Y4F=U$Kk#5==w*sE7qFQE$J@8-#|_Gz5H)<|*_`h1c5YwGG@wI5Xdw7VYSvbShN-3e*4hBM)-dGD`3X?mOq za$_+ID7}6YeQvE#sDl)eu&}@C6E=LEFH1q|yU&%Aes_AFQ^(CU(1h4@uqIl5&>#Q{djY6 zuif#)4iSs%B6;`p`f%Pi)&{EGJcfQaU2w{%c7)0@=G)@^*Umq`2Bul5##Z(7@h(SkUjdW4uO2a%PofsDFDm62MZhX<$Ct{;8@1r z1MdeGK!7$W8eh0!t@jtlG9{?jTbgTYu5Agt&74=D!Mv@$DOWt6EOeCkhwu85`tdue zurF}fcc1(1THhrKMgAc7Dts((Gi#B!jBjv$FT10valy9;!IxMVuq@eU@gf<#ZX|q9 zRm`nxqHN7R;lGfsF6OIYvMsAKpL zRr9m-xMG?}N@llfg~Q!!P%VF2(7SEzF|K z-H*lkRNJ|$;aRijA*MoO8op=2bv>oUirvpBBq4SY*KahuZ-eI>rTRD&!iR#G)#XSw#9#LV61La^?bytUwU`zZ{Kx5N+A>5d`^Xj@Z)}py2Q_wEu<{n$NE3gU_CWKc2TkOzniC3!`U*kt5$~4* zz~31T!AO}rq%B@_GOlc%yI6=>Wq!&od{ewJ@;Ii9#3~AsxEx)1L^*icp=TBvdnz&@(}Mv8mMV zz3C%99d_e!9!Z|?6zjvBe4pY@4#B$W^Zc!7%cPQ)2F6;TrR$Hr?rA!c{|gOD$+)Nx z6(7&>6)3u|uqBjy)GiGTmXoT($d&MYjXDE4k3TwJx4tq^pg(ncGra;9ATdkCt9gC| zw6Sq#R953dF{aZPQ@vi@v9tIX#Y+PxO~cLbJ3I9Lw$TmI+;tDPrWj+2DELQOoS2ab z)fKv4t$q9QSC$b>D-_B=#uSTwAvM+^LsJKKuA<<2&PU(RX!2T7JQDj_VZR$u#iL61 z7N5pc{UhnRwiMO2=r2hUc$6p-B%{2Ef|4Xi{`#I&-%rfUSYZa%X{PBV15(!B zroPwjjohunWATprwANvQT&bmaIiB{lYS(i_>$9J^D!%l%n&?!#zEgKN(ZGq%!_U1vFImy>*A}_Cl1b9!MZlwIsnw9HYKBVvY-NQh; zf~{t7Kw%Y$`1f%q%OfQ8yB2s1DEP3S@Mjn6hv9LTg-l4qLYSuhJM0RS%6{ipyF1!Cg+5(v{$^gyl~0(R ziM@v0Z+0tN_ry5t4_}#{UdfsJ+|FTj=Mx2~)?Y+t|Du@Gg%IQQS9|*aHqTWMVXKkO zPp3G^&u3$udBK0A%K4{!kJ?u)7n?NV5YZ<2XAxF{^0vII3C0H<{H@ka<$nO#G$`mH=>+;K-@34EPr-{1ZAoS^>$Lp&#uezm?$d&O0Qdiv=U zwDupZ*O#Q`8B((VYjjgc_%Yoi>hRH4{fKgI?iK}h98e|B9|c&X5THWxd=M)XYOIs) z!y)o_yoC?4h81GBDArYM!7Q=ReBy8N)41*%Jbu7;?j-qPl;4jm!U16El|N*LPTAWJ zwemO&55eqLTnOmAP<5Zjy9cHFJ89_a}mmhVsf=2k3yM(mjEkJfk(9Y=c-!SSyVcEPhu~-Wg_yjxe zAigG#6Z@mfiO2w}U(6S@@p4d}>eHf`-Ug>j-O_MO)Q9kI--%T=hetKE>6A_6V`z5k`1d zsv_A&4lx)~Ofh`V8&T}@{Mi>?Z{KO?(Vbg| zA=u&^+LKWDH_QF_v^+Eiucc<*|BUC)%nBD6VA3xds@II#FinPb7H1^dQDzB`3lWFL z`+iY!IPPCZ68+c}%8>XI9tiI9%X1uW#2KNG*ZWUul9fl<`AEOQp^gNg!K8aHPgjDn zzjTO#F(Yl)6f)@9@f6Mie?;%$cOptXa0UkoOX>G~zqhc&c$)`uA5QCuDoZ93L~4^V z46!kHTySr<1MGgj)twEekHVKP;lbpmtSf+)lmbK{$`+|V=wnjA3$?I4wK9NXN4sxs z;>8Bktd{sym?tfywDCCZ194BeKBqDDk8R#iAItcZ@e4|%@c4^NCa{hJ1b!Zlu?zqh zK?APU6kkyu5M`ZEGeV8EKEH}Xwmgoj=Z@d&K#1)q-w0(DXzIF%-h`|YpRrI(qIaT) zWkfMlwt5^SNUwQjdx-`4q`rr$wzBV*C@FWjB)w~`{&^;HIDAfQGn9994*?3c37 zipgYuXXSY7>MlNMPHcnpT{#`h4$#0SBd_3fpcJNU!E0ZSZ8f$=IBxZOPw8=}l1@O( z{K8f{(*{gh`^-S>gU?kh3?+M1jQ2y`t7QU_@56n9ogV&>HXB|4o{*jwKDFFu-~Wu8 z!~X)hxefLp9p~FAS4F6&S(L7QCBYuc2-v2h%sbXibr@gB$wC}|)C-`|qpD2x6h8J3 zI2lVNRBUMF>7}vPr!JlWKy%b3Z`nJ6K5g$%+a89$3x-&J7W;l(w;k4?9B!)B5K3aj ztgLS;DT?KJTTDJ1xYlWp??rwP{rm##0=Tj;xGKqHTKtxalyiIUI5Sqqu8RLia?U(u(k||LvqD_iM zc=TFx4v@YHU6LiBkD60aM`U(H#`A#R5W%Ey=geXH>61t^zO8M$OUgbS|*r&30KQE6@uv)g*(ngNH6r8aV~t4nVW~pU5wOla+zaSH!e(2 zYGuBZx8HRifvwd6K(Sry_`~(a=XKyVz{dWhcw>SjVt1KbrCJjd>-wW1@1dAGFq!zf zUkD2h6d^j}!D>>p|LMZ9mLb@IAg#dOzaUlwvO>)(3_~M15)lF&_}h-IkmU>yNl5yf8^fC}l36AFyg&ck z-jqG+f$+3W=g)Y??}xl}g!H!=s2dXx`c(xy%xq6UQsC;tG0Z@bAB&?x2vh%{r`4FU zC9zF#(fisK_<4390RPp;PZA;Qqt2?*o8HctQEWA%W?vUS*7v(m!M=p_a<~NUuX#n= zn}fvJ1%T3|lM`{-Q@(H3kXd<%*EsIj6s_z3Nuv$nDHe)?vs=4ZW9x2CW zEgx5@+gGTQG`^u7PQ`-zv*OqIWXNyR7ek8v9c^1g#H6iBszEO`cz)&vD476^o)F!YBGuafncr z)t}OpBOWUQFAK;~V~{EmLK`9Y=9jx?Qn#`KYA#CfI1G|rsHQEA``RlB`<}4>8$4-~ zs9_;=`3QL|MfJV1llS&{j?CF*k;oj|3{D^HF8WA&Su&*Vqa^d92!%WOB#ogv*CTdmPE9KL7X@_$N^_o2g3RtSB`F&Bju-Vx;hnvlQ`7fL6KpETE>(P>V6k_yB+-&2GOwoHsa=dTU|w=zx`%!RMUPR56;bx zbI*Op{TT0RWjW)hcM-BKhNf%et6%!(>_Nx4y+APOcZ%*ap8qJJ_bEG-O;M^9nvR$C{SSuhik%KK2J~wjx{hvVz-y1eC+%1 zfF}g`eTH;?6{bp2LV{`;&C%Gu?w>c>50=4K7v?MQy_BAR@>v{sZ=^c|30cX0ep9am zH!*9re=7ufio2qIXVZe!%4Vp12L|eh9-D|=wXXr*c*lRIz&CHe_!Hwo4)sHWI*YIf zN3eI?uY4LuDGT8W8*67U{r|GR3~$PD;g$XZD{k#Tp|o9%+n$KM=b(QrST+^t(-YG- z7b3bGrQ7*b2A%UFZk24MwgNDJwV||S+ue(Ou$0B!U1jyW+rhIF4|%EZq^xxWaG`21 z#>91TKy)~$lrtt3e<1)Y&-im4#zcOj^jO<=`rVP60u*iW1c464m7$6BRi+mVMB(;2 zT14^;_s#glvyv^Q@V4Tu@1DwVBSIIYr~e9__zi_wA-z-7Fh5*yQ#v?vcc81B!B53P zx1%$lcdZbA?Q-JaLq1ng3XlY$ET$Ht#bJqn9iPb{pNQ`Rxw4FrFXxW0j4cE z@|XL><+~kaHI2Wy#Yt?_m%8pBc_g#y(~e-_5d_u8Z)%TaJ-#??TDxD825IHsV}9o< z7Ja4v5S27F1;6B$bTz`j$m)a>ItdYT@{n6o&BCl{v=JX7IJX#Y*(3kIA8aST^VcPt zjP2=KY4zv(4%JV*uvAQv1`&v*i$$}&a>!wxSLn`pvW1{1{9IeVHSag%ew&Z(!LI5s zmTULKdtY5yE#gCu@_l4qWuu)mbmXoaUiismovS2z4~>Smb;m0OH(v@+s-KRATcd8ERayj}QOaeBgM1=SHL@7(x;@jYakAge?E-WEwL{))}q zE%`#}#DGwqMnk95?~2*cC56{XH>E{lA8*iebz4qGjni9sroA;{yOG&PlVL?V$~uFT z$Mx&iiASUwa8syem->W)=2b?$4t55x9)W-i4)kAtt{)GsgSK`wkuYS?VN91iHfWdZ z)M&1s5{E%Y1ZS>{<7!)cv4fJIo7O&WE{px9^wJ z(*A&?J0(e@~K_nVEtJoTz&xpjSQs- z=w=)XVP%E7>=dq#T$tm+=k_i}Yec*n@*2fuwWZV4MLrYl!}b8(L;w9ghu@>;(%3XX z@&P;cOHt3MxJAse;^_1A-RF`w0(n~;lY5&#ZU;GfjaFlRZ;#`FDv9Gqnpfa*q`i)K zzlS8F*4G|tjs_!MPm2XrHTxpZ`FE&y%hQR}1&^^$%(A6!L z6Q|kfzyi5XISn!x<~0Bfb3!fpc4zFAIwEyc?qucNVF(xM_#=keQbqkP(7*vxp?LyJ zXWWnAeRau54=rG8sM&^K#kTzkf;(#V$My;Z0u-+A1rjWF#X@GVszu(uS=Ma8oaSAK zWgV^QpSoex09f14N^n}~9eno<898wQ*dh2v z(rXgFY+ucg6tPAdc`YmhfT;cXbR^sZ)(KcRd2#yonH@o@_tE`_l!T`}?@t`auIJ6d z5to=}L#_~9OG7arh3af)-2nqK=9sM^;7yFj-|_bbqqp1RJ{3 z#O7Z z_O3qE`}A@pa~i6Bl^e?ltr~t`J38$KOrCm4Z+CEIXIkVYaUZgWYklLt z6iz^H!fD{gv_x`w$z^`aA|z_Lt7>!c(RUdQ#e_C>G$a=6Nl&@VIp3=vyh;||hFia@ z3Pk2-za~8XfBI?cGysq3v3iFvOnCaQtM1ewQ^I&TAsY2!1F~BWP+3_s){=Y}{R9`$ z{;}LMqOSyOHGQ()_^>2t5Aq3)YhI-z;!$R|xP{cL_8 z_LG=C7YPxLK)lfGbzD&vl*%-`)7%ko0trx1R~Xp!1o+pH^R=`7w6@0A0q>zWDFmrD zE~0#P)n7}G=|mBW1b<`;!@oP_YzaiIiI=XC3a<5^1NrAF6c9M>Woy2s`Da(Ts= z4Dy#BY z71)t^W!L)`924kupPv_(#5jr$T%8wB??j&8-ay?@!`oiaQ9)bYet&yi(E&ZC`+c>C zx~Vs!oXKo2`7hSbNV$kNMe)ZeWemz=^ao(Z`^h-Zu%_etmP^$QH~1esMh17Gd&qyqmi;THdh^{2DLQKgQE zQ57Z(t1t?xHw2^uEn$V^dQVn37&Xk0yJP4dAYn_MZVyjSt*vQp9uw8?_+D_YGCqBZ zjGVmpx-oKeGN)=bnPT_ZdIZcI>d!t!9sNZu>T+Y?*@@dL zE>ODnGi>+3V@L&VC(>`Bz{ccb6Z=JzICK58I0z7? zstr2`aAGUy$|a3C23~h7VG?eMPGfhzt$Ddi*#nqTb@SC!5jCfd~JRgeK_s9p@(YI zZZ`d{1(rN2j> zZ7sO58_*|;?)8xJ#mPu#G@u!T`0Z<-1VfoA3LH7a54cSjF~S~2po=icoJP^28o`UJ zB^|ZmZ_$f+z8&aqG6(a6;(ypPhd7UfuRG1l={a)usNia$_<0|^2{d){Uz+YA8gL+9hPiLgH{`Ui(@gNil$UV>dxD=ODS)Pa4(9i8`P7 zEFDTFfmG6YKViz3M8-8ueT)h^YDt&Y(<0*=&`2yT0(e{3R7Tw zmCSyZ(L#DvyuRt5II;aWfO&a!)BA0?$@i4~%Rq=wJ6;Rlti4C@HR|ZO;!FiD`PS;w z9iaZ`b6)*O;}^;yBCJ52mrSR3X_V^=LkY)YGj@`>OA?|YMPLAD70B2*EK z&-nH@c1(;-d5&3g#AAtO{{(8zi@6-ue7T+b&uC`hrdA{@G0DyW=F(h_PJ3mzt03N= zpkaI%J7M@4rGQB!4wu{s)XttttAm-UaxiK|t5=x+^eaMB05j6y&T4~DJ|&{g<@c13 za2+aI$U@5Oe%nPC5~Y`!S$Z@`HuOIp-{D6a!<+}w^07^dba_K8jB__U)RVxK#&#{4kI0%!??)37ecI@p2dL+b2gq?g4UXsnD=d zrucndNXZ4|v;Oz+n};fduj3^u>xNn(vv{2E(=GNS&wF+5y2E+Sd@ngA0_wf7`WW9KlBFzH0nGVwzx)Q^_(oa!&cP+TbRjDgE z-2J{spl6;?IDB<{K(}h|B8PV@1R$oBe|hI)6ZUtxkF(Ul2p5Li0S4BR7(rVZU7$eP z-{r4Arl3xq@_E0CDKDEdZsD!I780Kuzb760Nn8K?e&5WGM-hsEOjLa)w%v~iKz@5s zozL=yxxj;gu}lk@YOmebCo6bK9Os|Pyxo4{tmGHfI!|3U?)weIfKMiOJmG>WTx=EZ zUY1bFC0E~At-{bruRWdd91}N|U-TEh(~qY9`FtNE9`!#atUmxcks?TR$bxKq$CuK` z%8};A4_`~z*Hse6cIG@h$>Y|Q)wPHN_7Ika*FJuIVVl4^?=^cKo>zAm0TDC!&|r9G zQ?lvDh~rNMgadjqAHNh|s+XQxB;xdbLD%4{RKro8arI$oy`}R63DI)j9v*eye(tM8 z$?2Dk08*Bq=2(7JQugLr_>aM@~8d3y?%jFB_zMzq`zP+>;8tbeXb zHXvkrH-=Z*=Fj2<@sUvWZoFTO=F}4q3NA0@2Yl!o$~=oXr=11gRS`IaHGoPuL?4-3 zHJF0Bepcw`f4%bevKuaUVTl^njNQwQ+!hjg6&CL_RlRft@7Heeb?PgA$0Y!^<2jtq zKA7$;TpH6L%az3e3kj#5YaU zqZarRHeY}K)!GZl+m2YeYf2{|gLL=08vr7MQUtxqCuP%(^yWxt>bJX7pwbG+ck&@9Y!(4P=@4jnbq~q5K#q>Nc=UMO$_nnl9FG%FOfhP0AL6 z>_^%vC7vTq)Wy*zniBDq60$kHmsDxK=13W&M1)T{-o& zi8i4g)I#V_A;GmqQC(gzRxsgWm!l4p&uAA3a`rUHENMio;SAA(nUn(Y`Z-+C|5;(8>(mn)5k**+(xtV$3(B`jE zWK=VtZJn-DNI!YJ@}>)idq+p^S?3NU9=JnqRN5ZKIbAL^c9AxHb@^WX8I|Oa?e}eu zv*G6K-Dsjy!8;3TYQ8UrZ=G?8dzP*V+d=+zEObcrJw^^5Pr1eN3)JK;)#QRAzNgwCHATpsB-=h9ctM4$hIU+BGSj7geWZK&o zg?5JN9W=_`mvHuryxvLt0}+II!cXT&O(59e5}fdV-{S z1(czM<)}E1$Ex4%-|KgdT7H^G7MIqpS5`Xbj<)FWhuTlAmZ+8W-rmndI`9n#;jx@O zzEREd!CcVOk~JUR<`YLN>nnWw7eF-0ubjWfD6sRCJ18E6MSsum{ziejIIPzWF>Q@&U+ppxa;2OMiW)V&yXDqknu~EgaGn+xrc{bf9Fro zEeq9GWtpBI$>%t{(-OkmsZ$w9#`A9DYg~U>LjvgA_dNh>%NG8=w=~Wll=Cvt_Q(uhm*$Lr^W~~;g#mXRu z5-_OZa&?^p)Ky0H_7(x%#=!sb!LVQC!p}7vPmpp`gHJs*uKbfdI5hGn z)L4%p8kbly1e9pO#cLT|Zs{!XBv7k*EP@^nIX4G~%Yk|C0Z4q9vY+FX?R7oAC^7UkU_x-e4$#e7r`hw*YQ)AiE5`FiIOlBuj3^@P=5{^#nBqip>&IC z_u>h^UhX9AG4FjJwt2Zr{4Af>w?ruK#G0E}?rH{n*^W0Muk{pzG9vZ>A_0bG{XLEF zx9WZ_=+}@ND~prtp)w&RK(17tzOa=Dbg6sLp{ezI1VAARkGSa03n9N97VG51Sw4P< zBke&8I(A~$wENHAh!#)L{Wp~M>wbm^6|kNs>?UuhhT3NQ@D5)nfowYZA&AQaKQdzx zgg0g%k8Zc`FY$S}k@YdAA+zKX7MyLraAWC|gNX3tt?HxGc!VaxAnnCo{$#q#+1eKt zG>~3%W;{bjc=W{z)wuMqi5~Ir`sEC0;AiQK?b<;Y`fPLY^jdE$_ieYUjSh8gW`O8= zOYOT;lM(WBAA}J7NIz<=xp(35 zn)H1!O|53yQ}Dx!mkx|!=`=&t?fJnB>X?ieHby%w5uDMhMb*Srw|21$vLrF%oHi`|P zVvUb+k_jNTBsx{Ppmmq`ImzgwI=Y%ZW~L;b4SPA&hiy6$bPqomYlgjeui!C?U=Y;T!yeB;K6~Nr-+kHtSPXa=b$hcu#mYFAY~YIqmnsl0nx@8yD?-y` zDbi9N9|wr_>?;=SKo=M9ZQwuv+tSk&X4j@YB{GUXc=+^mlHbp+o`(vZycQkzadvXw zE2UR1KMyjw*xwDl(4*OoHKlP6%ky_hB^1pCP}(Qm^rHEdvR@a@G~NWe3B>2=sk%!k z%#NoMkC%qNa%1P4wJ%6n727?>m&M@;S?dfwNUERXxYxP`g)1+=uRiwF&-JG~IfL3e zcJI%^;vXcS3T3X4>e+Ie3!CiyY|rmcSwL43$JJi0a*3ao(VGYQHs**~V!K9*Q_@A_ z*%OHrZ%Oam7{jFtbqF^rBF?7A8oSDnP=JcfsIXLtPR8&!UY*SW#6(Nc9Tvv3Mn76D z&pLuX=&;~aPGL(tU#pFVT{nlU?p&!2@;+Ce^enwEWGbbJWnb^XDQ<*yxCItrK(At7 zPxg$z3!*&T;Z+J*Mus~g;+uzh9O6^>~SZ%Q{V#dqDuB9HkHlj$8w9)ZjzXCiIYf3_lsP zI(j&lTv%ZClGj8Biq{^o%y7@U54;PpF5(cJBE!DBeicGmWJBHZ1$(nu=7}VJh+J8pM{1Aj8z1EiDT`Yw z7p~s3NQd_xgeYMIQz-T2HEF%hCil1)a+`ZR$Zua5KD?HF6`ewp$)Upc%^b_U^0)W4 zU)-Kg)f4c7(6>GHhv9)?gh#EQ8;}e)QHkG5qR4vGGXp6QQ0>!nA*99h?js zhV8e{iNjei(=`zHj9Pz|EfDdkxoVpDiY$p@!*`~2EcJcF&|4gzl-+B_IfP^jEW1Uy zt`D*V8QcE<-}r@s9Q?OF z!VLadIbC8(bx+KC7+L&&1rOuX|Bv{_OKr~)w9?WsH+E8}3$#g`U-FI}@#ACxm( zEqoV4bm=)*!3^LPK(gh<#Ba8JoUC)uI39+F5m|H4w)u^C$M0W))p}1zo_wLu5%(2E zf(buwF*KG@K7v#A+ve|lG<(O*!-|3IqFFwx)@!GqFwH#Q#<^K#`tB zNP5BIEri53T^!c3a-JF*LAx>feE@PI+VkY=zL$YQ{Frm9$TVtnpZw8H!k>PAgh71f zc9#TY63z2zKh{=_N2LW3r(jce`&MX|y(hpX^O0DaEIwD4u6qv3(MBJ-X{yWl2cUWv z_ppgiHQI=3S>vyOgad@}g;1K{T>}|Pb^8RYqK}ZVp&_@N`l{v=yP1ED0PCxhj2AGMO^lPKZdy6j;Z}_kA zaSbci3h_dT;TkpL*`SSl)EAh3?6b&P9eYXFJ>su4gqybdo)_7*oOurc)9N9{XqdfD z$k+p5t^VvFn(AfM3gFQ%7;JbYrm@1DUg|?@fA)6ku=YTYq2>{+_x|t2247tdg@{pz zpjq-^nbV(X)MyL$PFA$cnNU^!Mjrw*|A>}J2&Z30crtru$G3jANe*cYJu56EdR#L& z(SIIPf%VnJnI|yHRr7ZOvN#Zb)pZ|2^DClbpc3B4oL7)Hn|ImmZNE_0*?Nd8tF8UX zbHBmwyoJ;n9+}_$ZrxvF_5nB~P0u_Gl7}EQg?PVyw-C@p4XQLQw3k-FkPkP|j>@Am zo>yg$dvUxXlb$;7z7OyqND*c^UcP@+>0 zlbrYGxodO^cOdYux(`R^Mdg(oZaqeRG_Bw1G4*i@@$Kc|cD8+)&_Ft!j6BXM9^|kx z2f|oZjNkhG6?evxc0MV@L45I%Q8$s);Egim<#8~O5Qb9Rkv!z2j|n4gMxIXZjp$eO zPccIkO*T9t=Od=7_%sayxV2*ZKFAFmjw=guuFne8tt~qQlu@2AOI#!XHMpy|#Z2)b z)D{BXL<5P~J$TN-q!x+wOmJPMJet9<-x_}*Ry-vObA7D$6qTOluIc%Gg`^Xuv4eEH zzan*VJ%KyzJOeE%MIU}4!AmM&5wXM+@=oS_o~&RRlU~@REI|s)7lIvo*xrnk0LG~=s1^2xkU4+i(u4Dp4u6YwaM@znX&Slj-?at>MSh{jmZEZjRmlbu=DgU)_;U3b3>k?MkCW zIgu5#VaM<#ToY<$yf!5tG12<45O~UzsV_2Sd3VepgDq6@TREzrX5K#zFyICGB}B-z z=EWUMUP=mv`v=NKpZr z$B2E%5kR)5&aQKiq)=>w+mcCHZBfN3Rl^+C+Luz7P5}Z zLEH7%6{&4Pz&-F=ni*FcPd|I%BW~D=<<<>p|7^=Uy}J-Oec?j9PJzP|sNvY@cKJo& zrXG5`yXNJM5s5#{Pzt>z=REEgXT45l|KC1+#x;+6xNUN{AFfd>Wa>A_lmLfzTdTd;YwPIyjmn;Q>C))xAQ!?(Y`(I zUx@W>TfO(@`ue6~_b!7^n+0d1IRh|w=SDJ%Mi@zNj;UXG*j+fC_!4C^J+t4(>gm(z z@Kh_b1aYLf*!TU>@Wf;`IPJNW7W|jnIDU3#h_3U9ID+V#YF`_sbgQO@ton(s1|55# zMq(jBaqWhcY$v8EV9VVf5aBGpCxEcd$Z>_VZVkiBs@vssaJE|@p4HT1W;VU5Zx1U7 zLP0qH+#D*)s0^ar+c**S?zW?ZqJVEJ9DoM(`9^|w7onx!;tN5T>vQ^SW-&wZF>g(p z;)u6n3c%P4&OXi0oEbdsG7J}RJz;BSKOq(*>?SJb^*4^d#gDf_4ywQoI~Y;Zu(yfj z<@s1i{%Y`WT<{Wt+YuFtJtv{K-+%@|a%kGyxhyWz0;m{J>v-7hzO_A{PN5dwMp`zZ z)>)j|rwnn)6=4kjjgZE5C;skNL4`eF0km?j$wFyoc*1)ehd_*&c_AnZKj}_(?~iZ- z`DU?nl77d!#^-Jcll3JMY{)ppT>850riSfgJjiYqPU@kk6(j zEDzyUNW!JR{D@&*L}B?fqg+1A9_<9;2RfG+>82XdhnVE5W4v^^xB--8!s}KXgzP@W zm$cTdH~8`(0es%SD+if*>D+%YjRe{R`XYeW>xRC=?6!=tuwS?@d|z2VwC?g(z{nu8 z9}bs-@h|s~&$Z*SLSGbqqigX|z&$YGQ{5aW*iHlijN{r*r{Y$!zI-9Ghldj79B(J* zAX>U+9A1m68O7rO8j>xOS1dT!w^RBDpm(HW_BwiT4p&Ju2v&H_0yfRAKdUG-VVjSv zZqcufg#m;k`x6OuOVcXUroJFGdqgXwp4lGq2Ky!-g)qnX2sRg3yNsxQ>Mb4q{K?4>=R3MgR9JbDmAdG zR#BX~#}3m}+B+x|^neF)8*cz1klX~G4CAU-lz#{7bO_}4i#$A?#pT$6D+f{=RB&#)%dz?h|;?_)mWv zVmNp~_Q$@pWwRWe>&%8t`wGL;h~Qbkkh6VM#sVF^Q8cwgl8RrtM=0K)>MMa^@I1#;eKIoR9f=4R>_sxv?K#-`Ic zGvc0{ICpKtKe~6EH>FF@v?5Gj=#5?4?_NB7Orm%@R#5LXT9Ril5T` zYhET2bZltjy!d3@mrP2+t|J)BBY9jJ^c`bEk7GRIY0mgPu@@_`%H7&TxXzVVPF=Ek zO~K6&96QtoEM6TtD+u=zu`n!3qSO+Ybr2>32p9%t&wFTenS0hK+EqB&4b%Gq6i*)S z`AlCUB{bIgedNP8p=DT56}qrVP#?59VHxCp`}PZxUKxlDti!cqD-0VNwtk%S>|mTx z5jmn&0EcBO^Z3aaz2tay@gDW!v~?k}-qjF{8%;572zp5C{MV~-o0o!b4n4}h{q9$A z)TPY1Y=#(Gs(!y1HA=fr13)zU2rxv#>=k%F@KN~t1gmU|112rwJ;0X-71Q7MYZy02 zturpKnLR%~-LQBs=>HN?N;eZ>z{UujE}Yn;db&jWPoq91dGHAo-*kawLRm|htGtna zk3SG#PP+l*>qrltXPaBRK5dSd2n@ZkRgplwh2MB>i#QU!_D6a@D=<*_h7Uvm_dl>j zr397ScHJQn>piRsT&X*QGYNg({V-B;AosLtxE&W%;HAI2yA5~*I3q=c3+sMi@Jfj0 z@2!kM>)*$M2H;^kWBv#(<9&3lc8uDkbJocoVOj2r>>s71_SkF~vwvS&7;#{xbI3Bt4 zF!8*TOXE*HD1MpV$Vz5jG*I}kPqCt;+-q(`e(nODNym{W(ZG5?YmkY9?rR*scVl5P z_b9=3=Wz3L%oK&HA#;wK$yR%K^Ck4BW4EjE;H&Pj?MtSr4c=v6V0s^DiLvx1DyHq)YW7+0x;jG|YL=WyK(1Okk0^x0}EdF{wMyzO^iI+IV8OL(V=8i^2=@=5g2A!}a-U|qxO$+iSouwPgJA?76tezj zvZMsfl~$uTqnzhNDax5qudT+h(Y@xogv1^ZB^wAMNi zn6Vj(FKVA>KT}PwU>lf!=$ZrO=m@oWJoyj!MwcpVi}!pm;;pzK0V<%A%7T zQLT%X;U)ZAq`oNny= z>xr&JWi*<^@8NC?pyTmD>~PeWL#G5tlkIx!0&-%1QuO& z?wz0UiO%}me;>wczi8k3(5VBd8IRzDKKs5>cegp&DivlD!x?d?@W)|WM9fz~|MKvw z3JBZIxLVWbBuqxjjBKudRcT=vB!aNhFIx6E2|tJpexeh~N@xvqg^^$43%!ikmP*<_ zucrqfK=aIgwRz$f-X)A@J{e`jZ7G>AA1i*`iOh*UUe_254qIB$4lNe$ygE|OYS}L# za%BH-NgB-DIi|sHDA=&^}y#af%=6=VkH+mcYxNgCWg9%2${bT9OwiZQ#ApA-oAaE%l ztH{3IiGrYl>2R_6XODIIp@ro{!lQ7$(-tRWBb?gqPC`xP@e9`y%Y1s~!6Vrx zKA~~7_h~qyn5RKr1z75Q_vz*`|8_vnUAcP`m1GYnmLmKT%;QzI?O>qE>4VF49AF)e z)mcaueYCxrk>NRs%#8fawCAj4RJ3q!9R(bL{YX7uz~X zn%}Rf!SsWBRzp7C3J2Uv8ZM0`r2<%@ViA~$X^vzc-6Y_Ic}BaW5dIkQm{_anS(;Zql~WVGu+)FSAy zff?YmA!)fs0q#PU(VBwkbJytd&hS7P7Tbr2wSlK6*$7Cq%Zu9x)*uM>lX{Yt6U%^p zPQzbPsIPP0a(oUWW3X8I_Ti3DMcg~P1X&4&iist$hA>sFQ_uN0-9mgN{E?uBRO|q` zx#Mg3h+aCcD@*I}@Z1@Za*?pbth5?A1?9H>o!@s%erT`XteFn;lgi5t0q$$kyyX^` zoLa)YLb;JJ4NTpwqLz%*6s0jQpQgz6({vyLM92>nZf~CzT&E6uUj3ABWAPGrh<=_C<;4hpL*yV%VDV&On~_bcJMBZ#h&#_+;lwOE z4-`E42NL?XJ$~^5^wBa9=3IrxJ>_3!cJ98+&)51Hs3PX_hU4~Wu_#x_^9VcJiWYyl zL_j!bP0NQ_YJ@%VZx434;rvsS-&qA=^jVm(uC`57c-v_Br;if4jjl<@mmE=Z3L(>Y z&4FSjYsWmTQkYhC?5)V2v!CYp-V4vBqzC!$GF?B5bsF{p=8$`DcrIZr`QBzC9U;bf zuWeXrm^d2W=zaQFnZs~VbrHaA`Wuk7N}Y(}SV>R>80@CRw~ti-SFkDed)<=|!hZH( z_CU77XZ=-Zf-WElhJie(JfE+H$F@YqWh1<9FNM1T=Rw(Hj$JoK8HDN2$C&GsUa!EL7Ws{cOQWLmG+^bx#2 zdvEpkIK@mjWvn$hK1@Wmd(pn%3wjsb2cc$9iX~4?>U`dZQI|DV)I1*tcj-cg^}Tji zL^;b2iT_G{{*4I)t<*xjG0G~vsH6(ehcLTGz70$=w3nt90|rOeZ)>=w^eGNk?kgnG zpADtjR;X;Nbq<$m?TS>Lp`_gLTBaKRX_tg}^;f}8q+@LsLm)MhOX90JP~(b?L&n$R z0-gX&_gm-4THeD>(LYn)T9{lHXDy1Q*UF1S08a#60$dEvXf#X64jfzqjeUM;&jk7o z2Q2yrU-%z%?nn1vbQ>$P_PILkz52Q2cJGWcWcCOQ>kZ~G0;NIs&x=xL?$ZzZnc?w- z-v|A6`)%tf3%~Jte=?XxMo=jx*oVe+?&j+E+{j-H2f>4H&o3kJuZPrJ@A+2)nH;z3 z-|7A|U=}H<2R7~epZoNL(--@ORMFI1HJ2c{^TOQOMpT*D!S9g;cO=Qr*@HnBH7*Hk z;y#pWLREBs2iKVxu{O*8E{8Nv%T}B+Mf>IChSJu>1nadORy2CvlH8|g?UXG6O$E&_ z(qN$YU`(S%VgP6W{qv(z6?W*q5gSW+Mq|?H*-X74nUTWaDfnYh^AHdA`%tP38qAYY z^dm{J?LC$p(O%kPH=T#=W#Hr0p!25)NZ>WfA5kQ6N3lCN_2Aut2}ZzI^!i$bb-!6} z!CVtGiKA!u@j_^SMSN012aQ7#A^kF0pGOJ{w~lM!skeDiy>s^|N~>v4-#9Fl!+W36 z)?k+HI8Y2;wCf-85uB2dvcaj5TA^F>bP;E4h9d7w2$G7mUkJ1N;RG2yQD(Rxey6Hv zsrmS~-IxeMUEpkS^0Z_#>HW*=S_BN&dEbJ=-vUw+^LJ`7R3wEa+;T@E&?!b z={I&?U->@4SMS@`lVyXmF{VQJI_2Em>95%< z*%xvoD!JS`0P1sttDtvPCi*hJf_C59>Q^W!+@JAP}p>U zFmz;pC}_=lmx_@8S&S`5j7iyW%sdBE@q9DNdAQbev+r@ng@4)TfEe4uc-)O75?V%j zU`NGk9Nk71(=)uD)$f6^E?mKpMrbN*`Zgi$W)$;pkuh*>`KrZcPc;S!!R9xaeDlO=m(%uW^fM9O9~0cu!$9}y3Jj)-2)Bd2qCet`6_}lIq;As z*-{$NE-VUATQXBsJ)#@Ypt!Gih0dBAZDV|YkSrM3mlA8Pq)Z$fuXGI1qPG)yq<=~_ci2tRr{F_KGn0L^*}Y#&H9X*bE5k}z*Hg^Z*oR)>AOu20~HO}=;O{Cfs$(2GVi|o z+U{wXVGkpB?0M3ocReDl8DN}eIlGlxDKJV#oiQnJ6&>Ewgf_B?n z|3zQ;@>@N#Gi*9Dh!d*zS*l>PY?c$u;6+W-gRMt7tzc}0&DVYn3S91?cLdoud%;Gh z=S65=U`06z>Y{&4;zdRW_jh@^ZE zzKs0KovT!EY|Y{*h(G_P}W=ECM zVsNj$^cK+YAfO}6yy|_m6gGdx8qV0oWPU?scN({rasa#LP$*~YGO_du9|`UmM*H-& zqtt&3^LfyFXU)44oDyICt9Tn+1IyT|G6F+IVJr z+^#I*faP)~LCX`l?gEVQ*&Vu#d!A!`E2bxsa3@w-=_;k3#8;E9Q*hAd$9FSV9g`G} zg4uDcS0!)aG*r>K**w-~UwRwyfnvbjRi^-<+>f{K>rMq@(ab^p*;b!UnKM=O^zplI zmp203!pn1+MJAff^!r0Yw5A~Fj1w&?hU-2~7lCHtU*hNXmFJh@@NC@SCouWrF1_?4 zBUl!hJ2iF<>80>6O;wu)qba>w#X}CQjtxJ#TRIlexbK=n>h?YkHvu-tO-nfAAvv0^ zGI*!wS=7O1k$beZF?stOTMHtK*xe@at3y9CqPg&>5RYPZF?HP@=}(&tCcG3?#lv_2 zDwJ#GFwz47AT&<<=RVV0)!6R{GOlUs@46^Hn#8O8g8Oa#<9T=QdV`uZ8@776P#>bv zAHfjxplYw6r@eXfpsv9k{RVewKHZLjb;#f?iJR6Z5|zYfcbsx-x4Bq zv(LM!1AaT5f%|%=OlH~0oj1}(8+<(WG$JPXq>wLDA3th(ps&xjaZ;U{@I-}!8Uj}E zi$^(-jYo8IVPD=0OE%a=7Z!G72PU+IYty~1=9TRkGu{2uIJE^=&O#j}X61-h8)yUU5dW|oKI4U}- zj6`-A=6#m!Qe(E}$3;p@{hd#)=Q7Xte! z9DDX5x9Ahk0@B!P0xTDXZ@-$^oWc5GU+LGSwR}J^lN0vu9ei3;z_2=0vxK}VF4vwrv)ttuhBbSsfRlSl#W~X!gY2Lu zPa_DpkUhMX(fRH&2i}q6y0=TQd4!)&T)oN4b?XO&qK}*Ob)VaaMHAFknEA*0q!Et> zel`*;D9|zgi%+m5K4%Bw4=dJ8E9d>#3zi&t8t@bPGUGoC^k?+=I)4yLd>IvhU zKi#&nX2j!b_}z%m&SNOJm=BMqosf9Cn-uWRy~Hq;!86G~?EB_hOXa16#Q>Hx<^&b zy;EH9o9qDjqYp%xsGQS~FV3EB&O?3zX@!`cz5!^D!+~^4x39&;eq5GN&?C9U2fT1E znhBlYi@BZfiAFCm$B?f1fblgzOnbr%mgpO4+3xjTJ!W8K>6cXL`%?X6gg*y;gI=Yoz1|&F#5R#Ma-R{>{pd3ujq+vpYo8p43to)Opz7$Uiu=uIk2n3WlOE72ySe zShc32pxh+xpqz={rGu?}_m^F4;_mUWp|Lp9rt;W8HdZv@*qG7vD*uk3oTfZDuI%w}{UO7}q%f!tGuR^n3JaY5euTG6-WlN>tQ5@2 z%`Z#Q^pyR`1iLReJzXAGT0F`|=5@P!icC$`6YZ_c3+b!ZrVnX=p^T6YV@pcT3r{f9 zy#9h=`GD!!h0U;p)a4QyfsmXp`>4O}xxd?2BX!&m;>gngyE-5PAnnFjGE6fjl^i@; zA8JM5`O1)t<=pf8H-|sE%3i1beV8||Se4Nx1mdU~Bg!!X8?SuLY(j7&5bsG6Q(OqP zf86#Ik$tune#wjeE_+1~sy=^6;Zf;|e-x`|Gt%VYQr|#u?|WN+$(7;l<_Y6R1kVw7 zIEo)$zsnIWMZ-P4LfI|HFM;`E5|_^sjrs%igm7UYi?f?E0a>6s=MH_j?EcPrJegzn zn&DyO57)@&0S`$|)7W#5;kv`NKy$mLw@>@2(&c*hR&>U#P^K8Eb3Ilft85WdAeFHg zdo4QpkY#%h=%xdwdrwXMY&Z9^Q(CjSg6+6<&2)t_e1o>M(ihk-b<`+wx@6>&UoZ#A z`ft(y;)^V$9sZLBrZs^)c7>uFk8)BG+|k4X4A!2uk&5m>xz1ai8jpVQx$d4eVf&Kn z)5_BPwU0wjb2~IvMpcxRH)<+KnCak^@C7f3!T1AR(^{*m*ODJ+X+;i4HfF~9RcTl1 zm%6OKBzO8`R-Ekv?yYKY(Y_^L2i!vs4Y=QN&8JoUl9#3CK)N{|j#jq7W+5n-i&d%U zB(>KMaMW-OhL)4O`-2jw$*1$(vt1*)6-)$gdYIR9Y|$dsk&nCEq0!j~P4CZ+dW#X8 z$**VG$?}VH&+?vO?qC)lD~c>UvtOdieINJBO5Rk4V9ome7U2x@oxDCnB%mP~ z*t66J7F%3)`ksY{rGs*l!bA?@wRBOe$(~2(XrLW?GLIwa;F!WQi}@=v-O0m0Z70vUz<3`c(vPk2-uV7bbkgtjh%s{~SFQeHE#_95`pg4FRUnLKoc zuB|ica$xczYzSerIvC?@KMJ2+rZ^R(zdyCQmw;9QziwlN-B$6clk5{^bcDQ|5Feu! zQ!)Q!+54nZKLD*ij~m6DD6(;#miP7#j-$DAa6X-)_DT>dhe5M&_v0H~M6oP4)I%im z&Fs!-$VOIge|jigXlZ%*mutEqrHCPe%;Lh!z0kb}bk7)sh=P|wIdCB6L=gYx_V+y8 zMvj*TOiRY%zM`8WrBt z_I$MHqAln{+8$~KS1QQiqYXFDGq)cbD+6RL!HGz;BMlQ#CgG^%e)}Ou;tMkKP)*JE ze7RVyyN*sfiD2(6q`|{1rF#zL+YK#rDhtegrPh$M>TZ{>PqYYs>K)bpS!{(%5|c;z z8(z+k09GnlKvgK{q!y}u7mr6z=Yxha_$~kH^a%^3e9j+QO8TLkj+Z)wl|G%JhjY}& z7r+T3sa(d?2ozPTkLy)ew^-jp^vd3xY)H`r~1(tZnIOK(XT?{;>GtP?>Q}4fSn`nFE~t z0;*XUIw|U;)}v(hP1ffqjh>1vEOrp0H?9iIlue7d-$c6mO*G9Q7iiYEv-#}k{NN7B z*Uh>+2lg5^NwV(L3rXEc?R#Te;@V~+&WT_yzPdb2`d;8`hJ-TYbK@e{cRi!vTj+T* z)hUQ%%*%s$5pp%oT`XWjhELOe&l9FV5L($nN9h4~g{SBa5v0HV(VwB%BmrN6OGEgJ zmCe2=jq!bl%!X$UzG5F~j8vI31~aPVk6haKl~lgyf$M*9W9WDqR@gKoAMD8+atKf8 zr|~_XdV%`v?{AECwl5Ug^y40xkSpGD3ZqYUCr$>np7Sa}oO0w^Js<9vgd}u_MAkvt z&ksxKh3^rntX{$_Ja15PXfdGAFiW%{j-%pk4k$6c_y@QNzbtt;$*?HcEAiLwy>f~N zi|!Xz@1fm-ePA&u-+XyLq(I`x`uyBi%ewr8@)02OEBdZ5QQRu!_#_F|3tCqL?ydN#$!BJ7=`}U| z%h~z~Vm`*u=2~ld&y)F9pV==;@}c@>PczCGc-N5b;4}uSU-wrGlQ(zBnx`P_F$e3V zpW%6uqfKC;hUQLG#uoN4*tZ_$4fsU@Ok$e4Sc2JQCW=%r*`@H~%LenU4k8P$M|;#F zd-Y%BX}E<-*39@;ctTOI_)GZ75R89H0;?w_;q9IB?tnZip@OczUSr`L6WFnQr9kE3 z?#GzG(_S#)K0-J$a5`?up33@ zyxs>%y+Sg;#aJhZaX5Gr*_+*V$eEB%ZeJd3_N{4BLl+6xkh_&0-{TWD%xLYLMN4wz zOLeI?aO`H*^ztJQXS6p?`aINTt zd;!Hx&G-uzN$BVhY2+at~p&hiCP)jBfq(VGM_y3is21$R0&m z3r~ITvlWvM7i`mh*Rlw^+t8g2+!@1p2erlDB)a7!aj*rYIpO+!6bt1i7jY@d@V_BTN&9Q-_OvEjRD&X-sZ_Hf1k zeMjG;?-d*|Xy2bdF28L@k87#Vut7#_LQA%?UaqMJx)hZ{>_V;UM%I_I}$!q#$@DLYi@9U9>KOfkJ zBu5N;86g9FDC*#{tl*Yj0OGO6%jQhu|0}(5_ue_KF!?QCh?yoYb9%U@S4*m{@oC>1 zlb?^+bbk!H>G<}~&;E(sFt-nY(F^PZ;DI|xI}CdQAFiQ=FV%vFqV0XGbx*yDO|cDnSId9e+?-;G6fBjKu#mF^t|UZS=8KzrKPeQdAi*Gbq0 zE~#OaqXn5>U(K^sJhA~)=sRk`ael9*7r8EjyPuO*e&jFk5Q>@Q;VH z&cG|+ImawMpTZcHGxneM?lwJxp@CN)FP*x)mLnLdJfUJb98KnM;<+CF95JOb=^PxU z({VlIm4Ir}dPw40#Cj86X7kP=owYBFr_%tVZ!3zM4OAaLMMua)Ee;M=0gMYs@b4VR z&C4yhprNu~HBCTtUy9S09~K-kN7kGCw6@DEB_MEC`Ww&3eup{|$L;4R7Bs%t~{^(_3Tm21?o z|Ez-0r$4G)!l&8PX1?^EuVO_r`K`=U`whRWCBuQHC&-&)owCjDcIVq~^5^P@P$aKd z=k}-<0;Uf@Pp-mLt}L%0T8&U!D)!bM9S+k|BToDavq zHx+t7t)J-gsVa0#qA26*>nZj^2QIGr5AovSic7R)upzZ|Q;o@p^!(5xFo8hDnop5< z>fUz{kGQMTzv3e$%on3`)#%)4_wj`{Kt|c|4jOTaK~TaG@AZUsuct14e)|WD5=%8Z z^vy+EbAAdepTjn^>)IR7y+H-8Vxd{>8}dj$C{qDkdkw}F;K@u3;AMgj1RxD{?DeM$ z6@COC7Pbl*w(U-_0mCWsJ9Iwc9C!h{Wn7xRsA_JSwbX}(9Y$%-yyjnOGZef4aR}j1yzM3t# z0wTjLFScV`t%$8tYL8Qp!A4?AyT3J+C)Sk-DN+*C?x@{tRtC6gb-ALBewDJ#WYX}x zMOI-G?yKA(7>HxdKU!ufa`Q?B+b!d?i+!e>h$J%vSB{HZm^<)w$|Krt#SZMqU&rYx z_x#*i=Wo^c?lJC-2yj6B11UyrPqp3GXpFO6Iwf50$HU!H>=jnpmNQ!w3f)A056Ok< zIc%@5pchSR`bo_`a@|l6nj?5+x2=zk;>%M<1S^qpqTl>0oa*(Lx$zw5cE3&wM?7R9=6y)=q$NKhug~`No{Tto<6S+v z=jwFW=WFtm=l7yp@`H0k22Wh06CHds=3PEVaZf$5oY!-1mhY?35W>PVe0G$=E!=o)>u4iVI#etoHNg8xxw=PZO^) zd!J^2h&{@^7lEJqJzReaVdpewq%MwmA0uQ7OG1(^us%FHx$pRr2wIh!^Xu#V(%5z7 z79xAI=+x|TLS*#J#)pwV0Bn+aca8+GP9=hzf?T$dlx#Y{*;GDLPh% zlaSllR`|=FO!v;(=?hF*EH7Uj`jyh(&|gNh)AN{Papg3km_Fb}=qC-tRNn_#Rr+;A z1hdz_WPHvD^Jb%;S~CeGt;7!mOe#2$M_cct?SA6AL#saWujGDf?lYHVILP*kRYTY% z0TjV@O3Xt^{VDx>CWR6Um*|ssedEd@Kl^vGzbzZr9y(m|pdA|jan-V?@ow(!FHE0# zb5-UkbVVMt^v^MXv(OSdZ)%ar`4i`Q{DJ6=8J=tfvE2DQ*+p}QX8qft;K}T{OQ0=H z^r;%LB}DS%^4#Lx85&t;&>HY4<`dZ{_T|6a zLsv|$c@un}y$a?nJ(SxGONBt+V>I}*4*g1CUf6H%j=|P5+923TW1Aqjd!b2lL> z$(m`uDD98V&;2nqqXf8fr&wFJ%3v?MXP0r?H)sdH=RO&4>p4>ZW~;7l}7uEBj#| zG#*q=u7kg4{f46r#ksQC0Wl3 zEe@FEgz`yR!Lvl_uv$_T(_?#t-@ z6^4g8>rpWS+Sdu~+t267v?PT$a%hHQGOBSrnFPf3$L1ngEQQi;{J!%`h3q%=jJdW? zCWYuWu+x`1KaU9i;fGg!_M8~E?B^5RSqh5{yZR2Ls``{8 z4G}hZd7NYa*b{krxxL`0cZgu$xHGF4!DoS zY>U4>zkMyp#XIUZz8aW>+q5%yu(IkDR*<`*9-k44G?3P?(5s}mUeIck;}`d zvkd&&$Qd^KC%NAfk=c2Z`h7(ufOxK`$Ck+Lwr683Bx3_E_Fv-fD^ZzPfb_WD^5PU0 zs|e2DMhHCupI@~>=s74l>%8=!Bm|h<1<{@GxR%F#XG-o)9N=b@!HFr;fzJ zGaMh_vG!qaluOE>6%Sm zd3}P9`D`7_Sl_W?!CW#3NCQldsZbxWw{1@*5U?=TA4Wo?jJcY>?a zy_B}sUu0qlpZpKcSYA**yIpjur&#fA-Rq<&q{^7@BH+QE6Mf0Y5EUdmLk$&MB>^J& zb_6K>FWYEccYT6vQ4g4Wwa`W0DHh4Y>-lAU?eVu?UoYbw>n%2h<)QIGnR}wIsal2# znX7N`g56Ho&q(qLdjS_k+v&ZJCOAjo|Jfk1UCu=3hpZI$a(oo_!+~n#R!5oKQBMl{ zWv9Y456-U)nMInJ@*-`lZY41Ib!}P<@E8tMGud^--(fi@8Y}s3Cx3~LL)}ZZ9ao^* zrcMM^{!-kei@9Gyr^jDA)#Y+CQSP$Ou#hn>rG9%q1yk|v6XAK9`M!pmHa4clV+t2O z5$o1{IUppAv0VNxUn7J9NJ#{u6M7>GiKr5aVGlcdf4cn;(dq-WK5ww4<9}=98ede) z<1DejsGU9jV3s(cJAF~ksr?7yOQN!s2_%XI&E#QwduPQ_B&zg+^;fVPaBAHPbgBGV z9#s!)Ha$=nr`+W5d?eF;B0|LB-Tn|^4cqLrL;VLhZP>RN?>}b9VzsCPSdsq7MeGLm1r+7scR&1FMWHjo0qX~X<xqm>?>mHO2*z)nTULZFIC>A-a(1M@ zb;GA5c?Mr_c+e) z^u+e~y{||}nV!)vgl3`?SCtGFGVb(Q4KDhw4lfE=LF8lu%hzbX=&rdB=X&8RmPwp) zbhN$czHCC!OaHfDM03G{4(#B}lTkNHx9f{NKBt+D%D8RMQ|I_fYQjOa z_9YM9}O_>BGq>|3VB--}*0@)%_o&S^7yPmApK*z$V(fTpIv1=#aY`}$Z1 zBy({;8~t>Ft5Xfts_CbOaR0t`>+%C8L`HGn#@9XGYL&0HpLC{Og8qRXd15P1*5!Mf z1*0dx$P=>|W*6Cwtq1;k5cM<*Zze#od)7I5A;=~h2ZJ`?GelD9akx_YX-w3!$T!#K ze0{&({txfe3RQYMi{07-1NrR{RQ8Y}9pg`u+nnr;8KM{~g!8+Dce!!hTD=Lcc<*nm zL#4Q{qQ-&Ylw!29Uv?idt>%m8SY5v67J7Mq40rD^p*p-6HM^dIKEW-GkkeGHZ^ETL zHqyt?jt?}^WZ6k5XY{o#r9N#=c4Hl0P84QgPK6=&PtAHhzeh@b`+e-e^L^ZBKuz=S zn-0^rq2E`|jeS~d$aNK{8ZZNaJ*)Gsplm?GoKojnu|9nIcHFbFy(u<%E^8P(uPBMy z&%D6P6|(+?+{~R=o{Xgkl;OfVmrs}%&qalpT`pq@C`f;Xt5u`6`$#R1>(W1dQc*=* zY!B3Xal7~sJd*o95LVK=Y$5}&9D(O@W!CW>dkjv7SgoLzpP^z)9;^PS%AP_1_-m_+ zsl2MDFO-V1lv)_Mrhk%$fPGTlaB_7hE*U~>ICKMK zE_a#!k~_z)Gd~o3CJObkhL5N3n+~UkoqDEM9>P*UzlVU)F|>Sp3~~P-GR((!;ob~Ja2LZ+V(}+Gyn9wr+IWHA*)VE zHsy$=#=gGV_fV~&Bs`y>B)d`rf2~a_;D{ku;RVyY6{Y0)m+#cqcQ^AgwsmqAnYPzy zl_%+=$ekh1@91f=ib#SXTiA!msa19zrd*lnXob_I%B-r;(IVY_NMzD) z$5?iLKxTT56n5BebRWzWo~YdqUZOi_{;LieE1aB1{eDu->#Th?;r z_MX@iAraaXP*1+_+?A~y!Gnps|AM<|%8IpeLk@>{U+(n}*5M?qP1~dn4u_6lBd?I56@{%^brQ2!@)v zD+^IYj1`u@JF6YUt2kn+v2%Dse4jCFCPZ;li8>95lOp_Pki&01l=D(m9!{RBWJ7+( z{Oi`Qb`K(cf2n2|5OUHX%M5o~ap+ktepyzYH95cU%iq<9-55HK&&qeRTXv%kxs9fk zZ-!m|ok0gleLlA(ajBqPtjcfvvT}^@4z#ASB54uJz6^!|b$N4#PqWI)3QC+JwuNKtv64|I-9@H$?ydRd4f(#W?> z^=x@{G+LJS?8z_~vs>K57IL%`dbi~uC#^-xpJ zOXe|`Jtp+dJfDw7oz31mW>fW=Z>Lmnh`l&16Q@8QE<=JEW?x%PKWE3MPuDO z2hU1;QS-+yV*#a;2PgG)Z}q+>BrqB6%dHZK-yFeBu6^bD{?nFWsX9zBC*FHq&g=;~ z?Aa2r~PeI~QE3gP?%Rs+>oG7LWUN!VGp*c{1N`0xwUBxqKH zA(8U*69CVyWX%ysS8?HB)Az`tYE%1+-hCwRjn_|-|4FvXHNF{i1%v8_xCed z9uc|Mn6D%`arTJUfNDaA4drlZe^8|DK}y&&ByC5?&{8d-eV@exMkER|?fav8d2z(4 zyKXyhSDsH^9m16E{7?*SpN>!N54-iM-4}25`(m(Kz&`pfinUL{@GL)9Sl=`xKjmsdjFB+eFpSYb(5@K@t8<*3A1Zk@$x$ z78P&-TmR=c7rlCY6t3=2kM3uSx@3r}qV_#V-}DL(G?^^FpDZl}@QiP_uB96$unh9p z-6rS${VF0e@-jJ+Ew56v{zl$qBEmcPv;6sy^7~j=&Rc=K{tT6@^qSvT{ACh%cXNG7 z@2HCMdxsJh#0v3qmON34Slp~X?pqpf-+6$lEl{B>$1rU-Q4NgT*yd14(NXTg!`XWA z{>o@D65F?@>*tV|+%h7PAhiq}Rvi4bZ{%gFKobuTsLm{C6jj@Lft2g2)6sNUnpdP% zy&Ij`_w+T^?PGK9m8~o0`P_%zro-^`Wh<&b)L%nD+MwUv5OwWq zp1P>lc-easgwyy2--Ud+e+Dxs#hvOxK42abj&F1FkweXA$!%Z{vz+$42p$;icRta^ z-o^v5EG$DWBOO)#0qo)PUmKD>F?w;E=_kau*ydfm+jsfAV}T{M&@M>Eylw71Co9%( zQaZo)Q_a~BuiCe?SDw>Prf2qyj?l-mF_X$BU{&?F1u<1k5!@&N)drbQ?yfE)69VtK z&cTLz9C2mjNX&V{o$RpWATqxg*C{jMyI_*Oc%cQh%)~Z1Q@8GJbttC^+vDKHPYVGX z#Jrl^Idz181~94StK$mm0eaQv)0a+}kr4$oET?KgJ3etoFjYpe_PZ;rZok5iqk^t#h!sr2>OcXSjW z0P*piQoX`>J{1x$GyT2ZH$JzP(6sK|D{=tc03-`f4w1(!VG_7!5)5lq>YFmU!h`<$ zj46hX#-VIM`$kn|OXiR4Y3XEU_TUx3KHb2Ug5Gg@D!#|MFe4yobMuGGq$>TPAJl4@ z68>p#U+Gjovq%X(3}naH4}akTmFgO-+^(^(abHP%${Na*hx0>pgLD=STX#>bRfKzv zyTxZJkG_G2z2tFW1p4wy-6LI5)bkToYXKEERK(BU;`*(et8M>Wf^tNJ!o5%Y9H#VY zd+t-Vm4o*_u0Rs|T0x4w`#C1IKIBbklAGEblFL+}y})GLc6PxJh+`~evOM(Agd)L} z;l^^s_5gjQl9k(!-2OzG@!pr&mmHYmwcfD<-#rZkTnYu$3FAC-*~3nFij-cD?Wy0V z5M8|7v|z>rBgE_CDc7>Ln?-V}_n8>wJXY-2-3{EkC|>Hz_T3jB>pc5LSD{j*?pN%k z76|ruKbL0@t(#K99+Rq13UC=u-tWV`Q>aZR=PXr(bXQ;eeT+Z_&QT-Y9spMPVZs z9|)MS6@+leF|_{RrwjBK?Kbxtg6fj_eh5Q#>Rwy;WfE-3fChZ$SM{B2;<;4qqh84mSx<5wU=|oP(N2uvMLyCC*`L}EBr6{OmU(7SU zyTWJVNifa%Eu4?D==(fFaQidrqUP49&N-zvq!P2ln?#|DXvaapo!V|TvJ~V3#A7^?xVaR{5c6 z(`FL|B&Nrr^a3?MWp@wNnJj4S<_QWCC&MjMDs*G}T6RB=%b%WA^d0!M506@)0ZDEAqW7uoOvR<70jLqv-eEMb0qXN|faAgrd0 zj871}33u+NdyFc3QK4O|>|DL_&LO{wdb>#JZc8I|TfeWHvgJQ)<|B&QvYpOaz6`T+ ze9k9xh7gL@_;%xVnNSiBV%Q&4AL2hp){fZpxxnKd4-;WPTt5t^FE{**`-;yl-|ljA z<907>dX#cW4%H{ zz#TL)LY)|dBM*H81ic!7RE5T9>|!usrEc$fAGM8`8K3YEhsUj9M_~E*r_c=g5w;MJ z@my@mom@1Zly*qUq6KE zd?c-KAmFl0v`qC=`f|4i!ma5d`WfW5&ixU_TFw{MMyXPmS$%(?rrTu4eN^+rz9p)a zwDqSI_hfGfl`l;hpG658$E(FfScRoKoPXcw^FC?d2A`O3dw+)zPdu98b{P4|eJ36y zgSV=dzpWC&vYG@emc2nr)jfmimk`Q337@v&G==>26cQeX9hdo+S3D`7vS{B5LW2OU zMgc!Wv2Oi2PH)Wxm0o@x=Z~sow#cVcb%M8u0)L_U6E+Y=0i$ ze>t6R%BZHgle`y5*Wk^g+L)4qhIPomVU;uLi`Jv*kyXiFs2hTPmQq09Acz;n=kxQ3 zF2TONI}+q{7{ZPAK7wI;Z~v2yQwy1E zNI;|kza1}!>zR6WmcxMfoyM8AUvo`by28Zvb~%qIRip(|pr&SQ>b`f)o1v`VzNhT( z0cO}n%ayP1+1M8gIVfXvLwQG51IhjltphZLn+Lx)&&QYa9$8E&TP?M{xHy>?g|wq51ki>}$VHX?`mvwJ2GV9z*`YuB z)~VK#;wM(=+`+dsum|$5X`}1;&yC@qj{AMWLQ^{_Syaz{-17EQ2oC9-}m$z z%b{Ysj)k*Wu0I#KpXcQxPVpZ8|NRJivT(4ieW&0w`|~*RI8SU* z(qd0hW&o=6=IH!;Uu)%bX^>O^LQZC&jxSyJIu72TmC1C=t~&l?py)4q{Xi8y{gBOD z9Y%Cq%G3S?9OUY3!_*8%jVl9ATKvgQ&4oOLfjGmLY$UZg<3VVakP1ex;PA0`f?v;Ang4SdNA=E8FxQs~`Gcp^ z0fE?}iHoP76UR6j{mOgZZ>xJx>il(k-Q>f`Mo~~uwh-)ACG+5%VcuacDHdq0d;T4l zFdD9*WK^oq>XmPm^W#yA4;lL71;;045TA$#{QGou`~JH6`!tV}i%aB5;~NIxZfS>4 zZWge#I0k?H&T9SL23E!5Bzb?j)35h4oEkuN*=r2#9omUYHeT(F?FNsRwBjec7GB8a(v7$L7nq`>X7>_IN=}I?o8;_{w)l6 zzsblUA>NtB2-4H<$+l1q6{O+l`UNGW^NYpf-D$q=ez1hW8svkIJ!)1C9Q)dH!!3Oq z=(0=~ecXDcDD>EpPd9L^0{6TqpkRT{pvQ<3p9_#}Wyza67%6CIrNq zx((dv9P%Vx?=xFvN05=^KdYMg9cq`mcK=>MWEtdNX1Q0cJTc*&;?Tf9*q3slJPMAE zjUo0>YCA$osm}axwu~$JOQiltN|Jz_C0E<%3?)DcS_T{Hm#C0j;%#LJ+0;e){R7zG z2T3)vgVAd*#7WHr7}f#aj=0w?4yP|pkT z>K@7qs`%sA>|z*rSJPziHvJU^Mz%!b12X{iIQ0{Cd!BgN*tH-h}9 zZ_*(jl07A>nAE+&-!th`@l>OZ-kd{i$|r(>6|wIVRP*tdlz@6_%~ki|8eiWDp!xmP z2C?X}4d?uF&W*yX_mNPaj<)c1TwIRcYJ}gQz+Ls}PN(cLLP^WF_VmSl=H>Mr&Ge~6d|v;+xNk>VK6vw=I@CaiMDWePg?^B; zdWStKe9e-?{a}QFw+wl>#j&5}h6*S(1L#{#4MdWAH2FLuL!3{F#0#H$Bb=@5g!QPy zhWMB-c!H8f}Ez~VYftiw``vl8&jprEK%3GhXx3t?wJYN&=A z55ViDWQ=nJ143urc=1`CEcVR-{!ap$0Co90rAa6oNT7LJe>CLj>}2P}e+-uRLu)XB zTimOLbi6tp&yQ2~18h`#kEv)%?6>iwI(3p?|2vlNtd;#B)@YZOy62n|cUIQ#(L5t) z6~uk+2)`3CR!2I^`2q2Wu%-_J@K8sD>zkqMs+B(U66hPTCqcjDfE z6N|AgnakYWEA69>?rr$eM<;%e8>qFLo!m<9Bs>`k0*h^f{XsDy(*P#6FO8twM^V;S zarRc9_qTCIB{XY6ojs=7gp*Q_ez`pvU*&+NzpDyZ0Lf3(pg>{?ha2bAg$(y*P4NOB zc<-fMW6c+NXY2rld#oz$a38PROQe@rBS@=RwO@^D%T06r_HwI%;V~xf3rupk!A2w- z*e~IIj*qQ}6F_r3WyU!t3xN&T1$79AUSs*_ySi?AdGR35mAhwHj~!(p@R8R&Tept7 zlG|gNXnwt|g#UiO5j_T-^?*rE{d90I4**Pp_NB>E56`}s&whmqg&)7HNHT0GQ>RZq z)QIof(A_ufAL8wRyD?d5c64HqT6)L7JmaxUg_ zSBR7DR2f6)E4j|QCV_O3rP{!V^Rj9y2WJ!;4~B5=mshxxcX1pj_M6-VmZIdo)`aHx zQp2kzZ=K7)d_{Tpo;m$Oc#*r3yNKc7<7ZJbx{8tq8SI0pEOl}%-)JNaE@G5M#+kF1{SM==Na!dr|yi`JBpI zHN(OZ+GH>&qOps)`cR55#Rj#4O@VH!Q(L*P5yTEu;J%`#*N_U-Zy{Bs6mRAm0@LYu zZ;0XS%YJMrbn`kJ2)m@Isk1V22x`-H(0KFa&K#~(e1Rwzv%W8yc-Z$g>DHX2rQvyw z;8KC9?ScTs=UkTebL)lWts&&CJpIAfFeO_o0Rg?%4l)KOG!QSi!hi_to-# zj-k$VGa28OydD-sz9zu2Dn{w>{XTmho6 z2ZWFF_3AZzPVj6yn`#Jy;V{jHj_)bCJ1i{vR_bRA1F$`U3Q2u6b zPc%G#chP@6Byw3?=KL;C2Gv~&l1}Xwgslxto0XEPJ=vM}ICI7a-qpvxk__~XpjDGT zor>WQY_`^juD)F14vfuE@Aq;2^t_|W8X`kaC(6q<+^uk z*wIZ6c;1)?h~fv&CLYvUUyu$|uvmU0tnrZ6JC#YyZvBEgnvIW0p>lT`4|@O;9hLbz z<@^W6odfYemwk)bJFqM7JLaHpf?U$XMqjPPJ!4(~Mv}j*|US`Vi`*=*>@uM*%Z)kKB9o|GPF6rSd{<5@X zQ0BZ9paVUhuQnVk;d~RXRk7EMy`KU0%Si5vowAgX4b7uh7H77HS|CG%T2Zxl=-S)k zX)1IqxhE@QlYG5N@`V>Uh&X}UvsVHZ_pL$UrAS6K*(z_LC5G77yZDw{Ti*FUr_9Y)xC)7@FaU zmwVk0+k2LMLIR56o{(7CXYsBwTTo9|FW`-b9P_@Qb57WDL+qgy3;3sZdyL5#$Fv2`cV zE_E-6N0z1i25MM=huSZIrp_UC&H?)^50P%evWL4`&iw{bRtFPDDC*zgdx$o3!e`hfs|jez1K?s1g=J^Gq(9E+FW8BW&qCDM3bfYm# zB>D{2vmG~2I4L_d-XJ_G6^GZp7NobT(^#iyR+m6FL z`d9qn&4->%y;1%81U4TU5z%M;TA>qGcvnplJVTvpK&|aj>py?@3(o^%h!arW^jN&UvVtn zOOr)M9cC~H+-nuj4*@9d2Ti~8aA-haLHe_ZL6<@Y?NK}IY;?th?!Gj)WYosD|w@l&)Nz@;1~ z^zu?+#{jRQhHB+UtPkDXmN3NLcSJKFu8?m)&I4rUm4UT;47+e6e3-_*Wv$v0-1=u_ ze#Dm~L=McM^`jR9v~j;kS|6v{{UH@v$TUBqf9VsvF+bh+uBhJotXvxA2f@q}+>NqY z-jYQ8!|x`G#}}{5?SS+1T!l83R%_#ZpI)eauW$FYDAd=uyqJ&Kgh9{$*h{jl#&B5b zy9{T|*2nGvUEVB;pa2MC&7^RbH~gC~`|XvH0`2?Q?`g0tuYQc?Cs+H!PgW|U{n47V zgj1Y2dxTq*ou%uGbbiOdr(f5q1`Fs=s*qG@4&LY@Y?&OWqX@w%Lb3XK10ks{A(_z^ z!!Z%aW3Vo_hPtyuiVs4zS<= zz+L`nB?&N#J3O++U5UTu2~U1fqD8$01(L`6c=`%3l04h_kp?qmgUJ}$y=iS!>lHpq zJWPZ`I8qnyDRd^;;2X7=Ma_d&clIrk1eg#&TO$qCo6}4}OcK_FOWw!k`z${tnTDC%|CioO@ z*7gh!v5Eu&GfrDDCr?y|4>nJs7fZC2 z%_A03=Q9Id5ROoQK;gNXerm4{5K}F^3wD;57yq=*>crX)`Hjz?Vfk=RHZL%jdykfg zqsp(3qHaZIu{C2RB}L61Wk#+pxv-L_lA)&lik(X0XCTbW)of^a-eW z2+!Z(Ugl3Dxz))Rz>jKHDf4bc#)an6J+4T;loidSvr)r|ov+%XYcCh8bx76NWSt|& zq~FmIl9%~5F0gcgDZ%$*zfIXa+?h7g5nNIoS2~83{%K`Gv|EJKDbDU4 zlJ$jZ@9i0Hjnf^Vp#SdnIIXx{4tY8*>mp>qi$@dLJ~+J|!yp+euEf&-gGi2_qXp{F zO1Yk=k&EObMQ`%HUro@mmI)YatgnGp&f{t0l6_N~!)fNq1>6bEf4!D{uqLxA(-)Pd zW_qBTCuPBp@kzmSjN@Wzn*qG_&8KHwYqQdSg^>#o(K38_A=A$lDyMvGSo{kz7Jo_r z=f~u8ucxZRx@F8cbN_(mnc;bR#B+PM8}b2LjA6QcLulKjz7&`O@UJh?dHArHLh;GV z(bHn_XVG}vcsj#2BG`U$QFW`yAuuhT-==?tTbRr@)GGTF~k3jGW-iHPmE1ACm~9*%hnFrFKF-eZJ*A@k$$3YR>_8}U+0 z&a3xKy7<|^dHaaEp1_mv=OzDAyk(L%j(mifeJdW<@TOTd4!z2#*eQ#7kFUkP*r}qV zzBBm1og_$3mJgUE(R^s_*{eD0hf~bfbgOzj`FrS&tUM7?`1T=_1ACl#oQmkI&r$9{{{)EPJ6vuXS6-)X}b7|v*6w_25__g+#s%W{$~ zL3;qf;3uWt8%8`V_68wz;NS7SFNm(MA&TXHw%z*Sz!1BXVnpYWbuj$?bQph)-aR*R zJDjgQkza69@`jO;P}xmCDNh3G(}VoGuYr5l)B{`zvquQ|1|XfUs6>y?CyvMDPoDt? zZQ&F>)OBNi*+e|`3%5b%0gD|m>6ICm4i15hoeLRb#sIncLVgd)IeNkvA{9*X$5ZFn z-8CPC)V>NYltb^|wd)HQ(tccvUhoTp%Y*)HZOLvmBB-K*wg#lFuMX^N8Dsgp<#h2A z0{V*PWoi{>lwVxNUl@rD^Wyp}UPqa2!SlnFc%SKXKM(NLDeUb*|1Q|+q{%X+Z=O6% zwuI^HOWGGg{Kz(c5XNGpTM$Q2LjOsF;9}BL1bndbDCPZ$2xGPBbS^L6VpaI<^)C#l zNgsl(IPpo_P{xMixYPKG6k!wFSF-�Q$m+%cbW>>CE4LMI{h!Miwojp=q}grfdo zJf2$ZJp~{$KrQ%&-r+{%y?x;JDk1uqzNPhs0MqEfm zL@^n4FOd1UlT#jq{;_yg1Lh;_7$X7~GuVD7=_*G~rAR?{5N|a^61jJoi|lTBujfJw z`Z(|38-8U#638f*)mTk*PjjIHtD6;5I>oB+;8PeG9@l;4lyPjdc32| zERoh+TSid(5**q!t$B~8_Xp?VgDZ$g+8&a@e0^H4YL{scDWkbd{R*=>%b-6HhvnqE ztNG2VWj5vkXAEhC@)$sW$Dzum`94*0gvCW2@5s;jUUK5ynxX{&cLOgvz)zN^?5vlhb5+a z)|qyn&N?mdGMQl82i#>q)AZSAGP_HMmL|-4OET7n`uE6Fnco6%U!nBfQlwhazh8BG zvA635Mx4G(8!$iG*Dw(ke-?&Rb$HUVPjC$6vOJPY8@J-`9^U{AFaKdn&2 zM5JfJU=9a82I8-sk6LYcDIVX|ReGI^h})V#se9-*lC|}@&LPH;pXbQ+OJx?9z#KEb z_We%)1?mswwaE|h#krjPL>4cQGfM8)O!%0Bgkw%W{2KTL1Rq*if9_8c^9{F=1AUlXB-S(aU0T#tQEAykN zM)Ez-S&4%V#k8#NTy@~_eZn#ObB~`>2UkJPmOzjfnY==FExDg@3ddtOuzMu;iGK^3 zsPntYejJSjQPP4nqTgP0#%ToRmb&Nf!S13j{Y`0@nZmX~_aMWA>VNi)>;^KvF%OmVT&?q;CocCr3wpb! z6filQLW=yXf~N8QE!pATqNljjo-o)6$ zf2=v@7EA?iYOS^h>Jj|aj2{eifIl@FVPnMKi?Oei4GIDFZ@+H}z{>sBJdGpNfP zkzGb?a65jWcXfo4-VvCC?9EQba)MoL?>;^>k4ri}JQ~0)#djL{$lrYuoO3bw>4$wL z<7dch44_cIe|CGd#~VjOyx&AOe*JRZsh$dwKD#ufFgOTk3VSRL0r!#`c`sJkhgf$~ z9k@k*Vsz$HSnwb_&f|qgF8@h3o`H4%w9RnE)%6S&{AP>do2junqxI)Ub&*9rKc%%z z;{HlN{@4oiE4juWY&jL7_PVyA&%Vs6ePmfg1X5PUDF43eiQK)lXLtvtTW$ zU;}S*aPg>u3zL4j)D~?Ib#PWlnBlIju=ZP;5`zLCl3g)KNKO!EbvsZbLwg*^7o5d= zD3#;yiOT=AY(uFm`KLnaNDK=zFQ=33l^1Zk{6U1(J+pt-qsu(8XFN@Ld(g!pbD0KD z$(-&=enZ$7DHR1=eA~b7-!m0nPpHA{cfK;9VsVl43~u+-cj9!=qYmVqE{cvl>_tUs zfA((u4?1vP_RE}ZH-TK9H8l-7*#O9aBXVVKuFJ<*UtkC{Nl?)+{T)n7;rjbr_93?Nkd)#ax}Q}6sM zUn9$P>$D#zK$2(m)@?DdGGTJ_&sZ{ZA&Z7a_pT)+B>8|))guC1cLj~W!H~JUw%<6vi;KEg*|W^pND~>&>CFR z(z%X}zY-C!TY}p02PM7T=uFQx`1C#wss58K)iE3nL=;A9s}JSeb_aL3=NxNyZ=(oP zu+7QmRMTM&ZY?&858e!ujV^V%@n;2fM%MSQAD*o$rM|tdFMO87NZ2yix)y0}HGfeR z6$|eFy@7Z^zTSuL2gK8;J_jhk$?l2$!V*D%reg*}5|hso@BDmBwA)4lKI{hgz`o6J zM}Q66xPR+U*$BZ|UEdK@4v&e)K0(U=YS$}>`WXMb`x$32vhg?as{+f#_Gwd3osFZWWo*pKi5y-a{~_%ucHr_m%Oi|kXlS!`$ctK&Ooz=#9Qha za%BSfD-2HR$o%?iz`6C0_O{&0}z!-06*IzQy0xga3b6eaelZrV#))L z>9azRi!A|l(4vB*92j$;ZcW_Z!||(neGZ;XGrxkp6cBQ0%58Dc8I9rYjh=m35I|K> zPf!GCp0Asfi+Z-l0EJ(=jF(MTM3oUtk*1q66Q2%VI&a+T&ht>6AB5yUau@0tHc*_h zgV*pSb1)-qurXWv`@wmHl|)wuNk_L;kJ`w#ys6-5NAELeUpDIMo&muR)bkBmG7EdI z$YfxuSfobsTF-8^njE0V+=+ePLA*nZTb`a5z)SaV`LSoWIUiOD98O!msj2p?Zcg^> z(E(Y}3=>Z%i&<&&E5AW6mJXXH!=iT(J zdI*y8)?qpkC&G`v*YK(lf+0 zA9~7uj)rxF^U;OdC;3{DY^H^X0i@BiTdi#TNlm5(ujTqfAsst(M&DvBlva`p#xKZn zp>XcLyHwl$VBKR#J*yUM)9~8Nox`=sRI+S0v9)dTbbW2yr7d96{K3vWat%FUxB7;9 z-n*%@C$23{vbA+t4)#61F@Fy$Z2blrE1vkRl8{fBcL7-q?yr;m2pY)=PVnGOo1y%C zrPrfK-;khyp9d{-YZ{Ar>4%SN^kgAV(S%=N5ia}V$6Lurs(Nw#Zq3^}>fd7hn#)~z z0nbg{OUYFGbh~eiY`R#Og;Z|)=lTdQw`aSBh5usqHE06We{By^a^%(Gxj*e8VBYJ9COLzO_>M&-T_DZ}Lx6p#S#b8-wh;W^%#t4gSt#BV;{&A9 zs9)f^carU=3~ihJSo&J(InL%QZ9N5ER)6^woXh9)4F@kgh0^lv5CRJ;*DMMIhT(aw zl;wQU_22TdYPL-7C`oD6*?=S%v#;xEzX|i3H04@YCM*rTS@b8Cs51 z9uri4+1DI0Kkc{R?|#oRya}E%%4|ZSf^)tVVs3`X3w;&{b%9n-h#%f})zKKW!A$or zkd~do$;>j^BfUvO<|z;60(p@o5m&;cfMfgKpB5jCucMCql)CF(%tI5XP4`cs=~Hxt zJj_c8JZMVu6Wt}tWsU0lw}`PH2sY1_lL3bK@F8O%VD#6%_1SNPko!>o=n;Z+Apo@| zGjXAZk%Z2QdA8J+em!4;&ckAFkGJ{51MEsD2d837m*|^;2Mf;_Gu4$Nw-#;Bk{AK$ z0A&D(p*Z!ueT8UA&c;U@RzhOkcaWV?jh7?}l9D_ZSvY!6O=vUBJfHOe z{tW<-_6osaACK=-_}2+3Pxr^s-S^4qqp;>2CBf^&b0E#v3%BnI`wdNj9GE;flz+Fx zkS@5)b)WBNMUI}F4FN3!ZtiVXh}}|{{U1}0Yi2BWrBjR>-2p&t{R!p$e3%BXPuZIo zwiEBMAf8&WV485^?y!q|o*rq?XaMC5@DKxyt9l!1Bhita(aB^$%~Yj|DFh-faN%M# zOOI9-J(pCDD{yt}aZ*F*EbljY<#kgVQu*^Di1;=` z7R8c=#pLMB$M36Sqm;e*=)av7QZq;C!HnVfAv-O(Uo1SVv>rwD6-Hl%$8Dk}yWd}| zhq@LG8wp&ANxwF~=QcM!BwRO&c= zU6?Ocf{A)1xcfv8a`V8wHAa!neeVqny!W_G7Du_Dn3RoywX#&AVdJW+AINLoY#bSf z!%op3)?RzSsh3+xDyl!`+rd#3jJZEV7{OP>iU^KaTyJ;IF92#fVDe3S8W!2iRA6JSc*|bEc4PTO( zdL;^lx1qnpiEv7Cg-<=I*-kAI_NA5&g(oY=!wy7ZcBqKN|I~OG+^j61bom4QoGEkN zKH~WDhn-s3V5N72%zVzc9JFzhZZ50wUDD2Ze*E;uYdW9iKJ9<>Wx_xUv`nW_T#emn zdH{f--M9TzhbvTotldy3*vI-y--lb%2>UPxtwx&)AKgB;C*6AHGl{REq3||##y;BP z+J67$38kf?++IEcu|Ulb0yk&oRNjN$oB?M*&4oYI>C4wjb&aueIhPkk>x}x$iLj!0+(? zdEL+W~||S*gv~HZI?&F^fFy)u&V%lGfnsl_2@$sWlk`7*YshfOJfQRE$^dtH9 zdS~d%Jec^+X0fNdV13KtxAU{4_way&u(z(ok4f=?8Mv)7r!&u`JYQC|s|fvd(L+JH zza90kmZ1fUHH%d-OQh_(ysJI6lTs5tT`6nA@9%PlFXgI`B?2|cvvvsu`Q6i8nJoJx zT(hQePY=$qgUk4t-#2#rz8GVE6NMMNk>Ms6IM&Qq3%VCLM&wWEMC=N51_S{beJqGKfpY7Yq>dA)A5q@ok z(1q~I{i&xsFltV>^X&*poqc6|kE$%_a8*296nT~~Anflm(vE!~Ux}%9=udi=6si~x z1;GMiMJUwZJe}rx(4-WKcLXsKG9N@Zf)r@~^&syDzq7m!Z-Hgl!Td3&56~EXENTPs zmGlWL5cFrgvBsVM+Wh@6E=Wj`aP$tO1$W^oHuTn$-LAz=Fq-A7JZe4`UbBQ=@WpRbHiVahsOw|Y;#n0>_h4fbKRo8DKCaZi%FSA6Mx&3wPA2z{zb zD>?9Q$b`M8-(XE!%Q=n|B{_u^x#R*+UvcQIG3u(w@6shj&3&j7sfEKoB89nE?|`2Uy>73pGx#n>vu|X zy(FInnmp48XC+>T6#HOIPyWjG#*Al&vPjU%})q5L_i2(MX`WEsGQz3}f?=kTE? zwBC-8KsrVaQ%kiq%QwjI)~{q8KFRY*Uz0sy<^9SO$wWHM^S%JnOMb9##Ih8y)IML( z6HDvf(w;tp+KuLpHBS;aH}I_i%EBT{dA7I@OKKXauTkwi$-;l zR0hsc)?hlEHZLIUKSdELxHfO-+Q(1L;Elvxx_vBTxq<+!Yru9{EO#Fiiy0|6R53NQ zDdFc7%nHN=acu5^X`f)?3rd&_$?MbQrN;sSM<*e0aJM*^UwVK7iOh*xIfT|}9~Zux zeHCJ<&pyc=cVeD8k}b3z?!iGjU2G~nze?{Re=&W8%cWf^lGxq1Q7p{l!WTy3@j)L{ zJEFaG$<(M)L3F=zv;J!zkJ~!mUErG8;p2zp$;;!m{#v!;Uk>tHXR=i-|L9au*Qc(k z)#pxIB=$jm0=XV4JS{5azOwI25(12BT!T9-;-noLAsnY^zx=Koo;3C&uwiY$Dv2WE z9PM+qd|%(6gwC;9y6GWdw};$nm$`MDQEwnJ4kK~^cgwcJWPWHoPQv9*-v$zlj0PVn z%uu=&QDn#*=^>o48m9Mv1Y_Y%V3m;eot7}~8ZliC%s1xw`CO$msaDlKf10DRkD_p3 zly0ISKZkU7ull8+T3^cK6#fo6oivmQ)euP4(lD8hbnO2&lVs+Jl(MTv4Nx~DPyGw{ z4|g{{mMVzoa9{k-OTET;sDvC3Gcoj{wgpCh;28V<#&5Bb#I$+PP^MOJ&|;q&Cpqot zI?2U9w5Kt^{ojMJPr_jtDYaH`cq|0c&H z%$;UPR;lJXnJ@blq&6f=v2g#n{@tms{wIk4y^-{Hh0}ODld0~j+2c;qH7f698{D!J zsPF5$2Ps)=t0b~3T{W@7K@{;u5VOADZSuxa>o0^Z(ft}t#?>MUlmcv4x+!-T9%mw@ z1G!LLxUeeM452r2ahzddWM|%K^AadDXZ^}men4CZ@=iqT;r*yTN&G3RPxN{pB_SsDBas)y!G4^|3p4xf%zKyEpnCE_6iuyr;6-ee-YdNJaZc8g(%kuOzRLZ(Z zzC%I86ZI93v;iL4om?fvAcE*s0IsvlKA+0s_UnTEMpABehryS}MNI{6Y5K8ST!J)B z&z&>_6FCWj>tFK8ghQ#p1E96MlA_rjD8sTucVIc$>=@in60$9yiQ_AOF^T3_Xftb* zXky*jEvfc1h1KB+1Gi=`A(4;CqAAp46tTLSC-+bI|EZdg3)8(_*Dkhsy>Z3Q~-}as_v^demD!j3h1&ugCn$m`zD%$ zAGn|jl=Sf1LoI%-LhUv8Wsz##W1GMyj$Xsy#jT0C76T!WluqSy z1(Op>;4hG~YJ`xGxhH0w09mao>d(oQ0g~*)Ba7sXv@X^v6YB(;IGoQAlw<_5@QYdy z1@EZw-PdUT_0#w3@P`3BjAU!tT-l=;4snduxdpGu zW^)Qy#Nrn<(kKaMP1gfny`FWSuYS+*uAvUcBnKf%xvtRV7WVNGYU4zGT_4aH-*6uE zYKH6WGebuU9z%K8Wvl-BmV{sZVRN7@QPx<)FZGoW4|8U{9G3pv5668uISuDug#T{f zDi@1Skk1EAmeb?T*BWWf6S3MS^Q9MBgM$*%v%-odT>os_8y+~xyRt?^9P4~LT~v<= zNhGO|Tc)de|H4M}dKh}(O@HcBP*hPA<XyIqSU`3W?`qNvp^ps@c7GwV{{CJF4TZ zvw|}cGGQQ0Sa6(M-B*+!T3y?9v8`@6JzEIBZ8UK!C6XArs-{IsGiT>Jc>8q9q|=u? z!^=AG7xg(ze2j*3a2o%xF>`bv**tA7Fi|b|1DpR|kVIICB{Up46q@w-$lJp^S2iwF zf6MVlnzhNkcpZAXGjuWv1-{+kcYqCM+##Q1ch8^{(Vu__ZjqdnM0e^a;5T2yjFC$eNE=9TBomty; zrnIx*(-}#JZZo#QV4k@^*fP$cqOSYaxP!*m*$9yfh&hs;lkX82N~fr^mUlKG=b^CI zcru{X(Ch3)WR^Xc9tsIQ$ilTrrBj_9yMzqy`K@~XY=4c5#{4rCP%;*wzwEA&hxNUv z78W@aVITHN{dfINKIk*mZO`4Ij#7T~-n$TV*^~X%Q!fjwpJ&b3VOwvwsSNu<|9E;n z&=k(Ao;pNR!mE^dw}KkaBo4=C3eiHB@Y#JW<;QM>^)sqmXhkPwQ+l5sXo$A>mSlyV z6Qq={d2-ePWUa;Q#=dhh1X>EfR)lK;2eSO4{#vuYe=l_W9QS|*>8)}5i>PNyHY1hS zY2m!>vk+B7Rus`1yc&zWoG%1OvC=X`w^vg#6~3f=FbvGG?STz}pc zu?lw=UKonzer~rS+-!e_A^Tf@JH@o6wlxBP_w^c8M>xE8&Gr6%8GQP=^H!h{9m|+| z+M~6$SflxqD-}(O(bf2ztL@5@qCV_)GU&bPipY&n@fz8XoNnm*U9Qc&WKm=* zQGfW_zpE$WBp>Dgt&C_wO25l8iOf9(7~}*BdmGZ z>eVcjI2#0C9z31p-!HH#R_tSvbe+~Nbj2G4f{&Q+^pY@e3OPcq`Lko_>Cq6Da@rVj zqCn+4^|opAQurC$2W0=1x7MB>b_SvK3?X+8zx%oQyar61#4=jydx#BEZSgr`9G`1> z;$}fyAQ_wp#)>9v`{M&Zd_8ig^wC{O&>@4&1x##{K zqY9HtQHQ#b&X4AOtGqO6e;K7FRvM5|QGeZcqy_ISi4 zHh5G2k~^2_!w;olRLoW2dB%}sjf$ujh3m`5KGp-eQgXUJQ~1?YeNhlpwLX5u1||T@ z=%-eLvWAYP-y}JF`hc3f9A#&9F2>%=2|Feli z?UcWZm}9FVy?Ry%{#=jbZsm8HM%h(j3|s)%H%d9Jb-Nb}kUc#~UKs-|`Wg1wtzWN- zw%;QfvG^fg^qC?w%GUOL0b#$2ogFhIaGnSu0&fZzCkDQ+p&VsOE;kpASgB*iy?(aA zzCeuUF9S1rr|7(GAo$LVR3n zTIfGv27|5%&esRK8^BhQSB#AHS^sL2T5M!#)03?xVIYB z6MhS6v@~$ujID{KB|!H%TJX(uZy6w{u573JyKmgmXyAS?Y4T8fLh0a-yXIILr$2_? z2sN|4pwoEf1QVchaQ`GE?+x&dbiOkls4BX@FPi3w_`>T>4fk!l{DzBTtk|UY|rT~fj`L4qgaol$-ZmObO%kxbVUj=l3-lc8OIR|Yqs zprCkodY$+aswTA5qbkGB%Y%@N##(}OWcpFQDbu~(YadO{3wFduYQn%(abF$N=rt+> zmd5KG=P3{G$S_?TIy&cb1yCE&A)80U51XfIVzxq1`K8~g*cB;4R`e?%aq#|=?Uncdu;ym!uTLyXn7#!y))`hNE`W(=azOTW9fA*0K$k*TrP zz1AEtzn{xbw>i4IRnmh)U}!vVO2Xy2OcI~bHb_|7KYN@zXra!h*gx0r$?X55_t9TG z#NGM&GJB71KJa4g1Bucz%;PG$*wr6zV*k86W#@z3ntXSe3P_)sEK+O^`@Az;e57Lc zREw~&EyiBiL=xWl=1S$;9dd0yGeJ@vS(0@OlgXXkxivtZzf`%Qkxv3pQMhZk)Ag7j zQ6Lwg2YD05ceov|rrbBjA6IVRuaM73>&8z}Mzn{*d%VcqSKJ2$D?SQ9q9=^x8 zYSKZdkC9)*NZ8rEYFAUdENmqfowCwgvhFdku#k-f5;ROTv6AmW7sdx26vt1G3R;@F2eZApOVoIgiJs}bRsjv&=X-)QX>LwTEPLVg933NiNeN7~^)xO(R8dH?b z*KK(_g*zEh*L0hw22bo)Eh+FwE~HueJ*3E$BopAte~u=4pIXroVfVoKcUC>~J}Yr2 zHVxinZ9<7H@iqq{6mj}?4l=6h>egfE#P|EH3E%Q7MHfPX2%C~=N%YnOj+)jUwCr4F zr^ydkPlq4_+6{gNdm+&Xs#4c?UPRn)xjaLZbRHmFm*x_>HzW9=`CmXi;Zt}%Qa4xkMeN^ z7lJfi$OiHDgLKlmzqIa6ky)CYn04QH1^Q>ck&OSA`)o*RFMl|fT1FHiMk=XDvLdbN z_Q-you@~N+>>aDmnrm;$3(*94I=8$L%|$7v`yIUQk1Lg6r-!HcqqF0>>+*#&9O>*0h_UMcI8)X zk#E;B`*f5a{NRQruz+363$dVD6G(XQHGQ827SX{&My#22`{AA`c~hVJKD{tsAnbht zm9F=Rx(|hIssAACh506z)K7YS$@wl@o(J_9pXu5Xk(0CZ{pQX>s19!xu!mZJMU1_f^5tntbV4C*aT-DD= z&ZzFffny&R3#Il&GK`zY=O&tvU7!{NB4Lh^HxdrY~{wf^8Rft+FU zl^M>FuI@{ny16GKrBt(g8z?iY-`H|g*DnC}hy?CGuS#~&I?&sU-(OkkOwzc?0@w|) zSL?_AL>Q|ViML0kqK?%~{Xu^*5QCn&_&&9dXfp#_ZYJKABN71h;bOsS85@?c0PT22 zQpIme?yQ@sPp8|nH;^~wh~Ep7s~&qC2I`H$ujs1B;px7EpL4x;GQS0ks;mxD8L#sq ztK4e}y8tQJPlxFAv^H5DqiS+p_+6AHEbnJ>ob7Y;y8~2p(qBFitX5(SzqCnl1tJC+ zt{qg{(j#7}I|^sg{&2zr-dORo;^)L^xF>uRirY~$9Ko1WgP-KEShLWTJu$1NRC^l; z97Jx!enlg%z=k1}h$@6>h)6h4^XF=yMiZtC%@B0Oukj1Q!m=myRmhmqX~zB1lX?1m z!}It1bbJvAi)Na&^re7i9Eko3>6@AF$I|54n^}qH@3>qW{s9O{5Qv&RgaW62Z4=`$ z>_lZ``#$JMNxS^0>)~LnFLn7aInw{I=JKl1j|%bB=R1!?3U2vqjT+z^Nt45m_-b9g z>ATQM>R`;ZcQ5$y^7)?h%Nrc<%V~L})^aK}_xfrF>v~{32j!%k zZvL1Wad0=%;pPtlQEk(2+13{HLWveYNl9_( z;<1%aHO``~AIPu1XJvg<`NU2vUN&>rss?yYc@}7c(yyC&iP5yAOoVM3>Vrk@?PzggElhh8w*s!ZYD+;x>D9~A#s%c0T}t$K z^6ew?o;H}T_mJZS(U*vIMv!LuHD56%Q;F3-S?b)*>y2H%Wb;n!)V>#ohf$F3@4c zv1SQu$5;z`CHMJt#b75ca{RBakxw{-PgqE^gd{0BL-2zVcqmzGD#K#Qo$5RZ`7Q6OyJZ|6T z(YIm0oeqyTIXr`>hD;FpbJug=pXLhSk?*GI$#;LduTrjDni4Qv=Kde6R+Ub_wcsL? z_5vBOwYeCWwi3$gdCNG10$@gePi$~(S-q@nY_G(nFx*aOHSgX{w;zlSNi~Z$w#1!M zR`LFPIY|5^*k=`f&H-vtur;3*R5}+NFfOtS=VE+spDQS=*%oCQ?oa{y#r)kkSv;~6 z^;9`H53yJ8Jl04xb}jr&|DAnDy`gUi!NB3X-!&+!WxZ|-WOSVN2$|7EbZ&4w*BJY{ zOxm`jkCktUr`}@T(XVx9^es0P;nB^u1Wmlf(Ko-g?0u)#$?| zwAu{1z`lrQqmr$6Z|VSV3-|mQcgTWZoa?1AH4N_eXQ(^KPOB6+yTJe})wTQ?w z?olRihw?!6#0PH^_xbqrQp*;aeh^{VgbB=;2`Z3T^3H+qwY+XZnU~9<@qgHOnZGR( zN1urJP=^rLwjlC*SwQpF)9B;Sw!XHZvHPk}q}!-rp5hwEHx>dyZH=%E;N8SfV!s$!s-5k^{mh>Uggog z_!B-t?U_Q@uo+=)562}4U+C)cCJ6mDMwKe6wy;QEypRW-JJpw~!!<}#?wZ01MBqAJ z&N?G$gX5UocW^~W)Vxn(>P>Z^9ksBk{rFJnWVPYE_uAkT=I0xQFpoUNZ1Pd={H?}F zyWfH9m$k2Zm7M!Of>v&Rf^DRwdhp-B^SK1%{WaOcnE;cayt$ctx?LgWt(|*_Jd2UeLX?H?GXDM*LXTq=4J~h_(15G&JT4%vg>bNi#zT?fo@GM3B?R$A|@G6=6c*j zg1Qgx<8TPTT$vGjx$UC^oEW?+wH(4G`_5BnLfF_> zfAs*8Umg$6boR@IrM|~W4z_WcP13RifVCDB{YXQfey8_J4y}B9 zWDWCv#L|XLy<$2bVCdbPHUE=~i_U^EtSs#!eFeYg&EIr52f?|e7VUI_kruYE`L_oi zNf)ts3B2>m_Q^|($O{}pp!RP%(Y+?lI_f~5TlNnTSxC*a5aa5sXxFA%jY#6b%b7VS zDOi_Xirn=c(jNv3ky88d!yl3@;Fe@HLUOhqUzaj;w#fDb;MxAL zU!JJ^)m(1~xjwU(a!93VaE$qSe;9elXX}Nm`CSh!ooVlmcxg`pIbgya$kfj(Qjzyl zK{J-j5n~>m1oKg|(nK~P*C9QxU+a^8meD@ptu?Wt(|yeLvhB_9YhE!h4F}O|-n&80 zbx7?k?eA&ZvM;Z}sJ#|nh767m;vwi0hDzacJ8(uxbIHa>BFmIymEd+n5 zvTv45d~o7t+>MeIDxa_K!OY>Ct3t!FvU1n5uH!yAgkzjYkt$}Nh8yc8@rPG>f$6BX z?d^vk%;#Z*sqNIRBA+noEZ^zsNlF_3eWDyJ86HzJ>F%{)&VJdGaNQR+K4yV?y78Y& z_VY#hIm-&G1sNT^yF^egC#`Z(Zx7gsd%>r1s+Q7pGYJU-$TACiM{s{ICq9~>RRQ$d zV1SN%`Pr-SCVBhlUOrw!Hub0!g$9RR@W(kP(Z|S;&nS*c5jo%SFrEm`q0ZP2@{l|m z;%Vr@9aycC^dk503Rh5c-AIr#nOq+ffGK5Pj zLy}EUtNnib4fY7bJI`Zt#0LTvn&Grt$E6Cb($igf zk!x3|mfr~C2TaG8Sk6ONCP8UyA&QwtC&fu=e5le8G?W{H)i1)biOLi9czdav zP4n6#uEr6TybHOimg@6EdCD(so+Wb{YeAQd4<}Q>3<~^FJZ`HkhjhB%m;F!GoJnL) z`^6guP+CYUfVk+DUXVo?nwbB3y8>{&%s}-tb(L-&_c2`>q;n;xoP^s3nzS6XSgJ~` z;ntV3Cut~h)>R81XC`^ek!Nu3$(WEOE*8Y+_i6jkx}JV~zO#6gNIgW}A+8MC zVjB-OLV0yxLgfUhXU55mi*$|OFI&v}P)^;aGh&QNHL&^Sx;R5l@3WjOD(SP$4kw*qDq!y5?=uz~OC=)X_~;f}*=KB1+^#RDnAS-zw#*74$>gyFh`p z2FwYVX(~t$&`dgQ3U}qLvw6_2-yW{--x+2rD)?b@4WDFAVT`h4OvMq}!fxDQM+B#1fHDetqSVr8|{Gl3(lL)3;R-2EYXWgqB>q z7||ObvPiSIk3-d!P91HHZH?wS-*q#pSrU)4>!B z(hGKwXQy@tnFU(&yqDaV?ftc+ZZ5m|4InmnO`zG!%lFO5-?y;r2dod>Tu{Z0DhKj{ zK~<19$AbjlVe`dW6)SaRPMX7`_)UNcJ7{SNKNWTr+wyu3THd7&qM&0k|EWoURUOI? zXM5iA8_?1^U<7!}JG|sFM20J(!e28IDjjx95SQ5OBb-YV!HvjhcEGH@rDolV81?y= z(V(QH+8v zh~(_by_R7gIA2Mq)5kj`%tb9>Oa-;&T{Mueu}94%^(Vy8T5HxmFQdmLb#oRqR~93S zcO~l|e^smN_>sq3LA)vAH{I?Ju6%s&po;`-5l8h}rwC7d`#g(p@H9eB?ylCJtTya2 z7=S4hMi!rwzv3CCu)_t_m(UxUJ#~eyqeh@(&Gi)9{xIH*UnJtTXF}%57OgKIdq^T4+}!XLX9c*JL zw9kk=)xXgggQ6!0DrX-aT95u`LNF z9zBKq1*o1+c3-Hwr7p$eBmy-Z#vLAFfVzVJDJ4(&Z|zjx%9n>1)0R&tqkkc|1$km5 zY$R%CvoHmMzuJ3eS0w?e@!?MAcjcX!Fd?wleHDtUPf%ucSW*}^FU<8R+);r^p4%Gx z4R~e%x3lys%$gS?eRwH+2?*#QD(|G$2XwrJ34U)*l2W9uyy=b!-PEJ=`V$~X!IZlU z)J5)S?KgMLH3fJ7PCnKpkV9~LF;P$Xe7Fv|Q&IMGF>Z&XTz=l;el(+Q>kfns`|t^m zqr8u1BVG}V+Q&XZVN24SJ^L1tnOR@G0tv(i>JdLXhciE6qTJz-Wlb8Z=lbzF{C-Gv z2YGQxO67g-0Li=a)di(^I92-y%|G~n_B@21?*)ie(TqG_{onO&y;RJ_?RPmLQ1v?< zFXW0qh)rP+I-89Z>}cz#cQZxm@&Io*{YZ`t5VUn=qvJrK+lt1U7(pq8e}TU6c;+N?Sv-mJ^Hx+# z&Dl^0pTEkyVaL3o=$qVQlSr!SmsWgqhez>49m09U=RMEv)D*gKb7X9m!PZDuXIXJ$UOa!2e(C_H{(f#x*4x}OtP_hp1fwPeb5 zBmo-06Nfj3J}J5gewqOseEXoeo}rzW$n*WYf%Gir5lS2B#wL`|2~9!Y(T|GR|G4i5m!c&4cASy~%S;+G^nIZi~%%vPj}IPTaydoeuIt z?*JAQ+8o58HQW=8Ezw1cDc@q@iu&R@rQW7|2wuY{Mu@aM^uMmAeruxit9*6kkew1WquSuN4>^_Owvo|l7wgt7 zZM_b**!*sY_%vngZQ=p=6PJ1Z^*|uzC@%6IuI;?R0}J?bb)v@B`eF^NdBlbHYv(Z5 zSW8=qqi!LoRr|H0KLvHMt(z%UIv1U8%oHk;TIADJ0OG8CsaUq2X7U%-t&z?bahc@3 znOGh*o)BmV0Gela6Akh0M}46@vNQEsg#!<6Ao7DK<2|_^dh*_T2yc!6XDs;z=8xVEx%xWgKpwV z)EXrWh7nv(;S~PVD7(r0G^UA!Ay+bzy=s9KHn5Qg=re8EyQ<->P;F#|H1KNWksfyMpEkMhk@BW?W!kS<|$+RXCvO}IdQ(k_A z2t?&a|MB{xFMn=Nlk`xI z9mWwJk8-e_B@d5h5>ZV|C(gbG63iHJ#>}6@Px@YePj2A2hs{yfYi1pTn*Z{vLvYKP zyR1CPp#w{MXscCXd$r5+IW*`<9;T}Vc*i6DzcZK=<=OeWsM%|SOqa^|fJ~~LLL$Gh zUp^&g$6Ta(uMQ&XGnRt{&$vf_Ay!`#~FPi}`tfn*x?L)6DPs`Y5g^ zq!iJ%1KcgWl&_7*Qgg4~_9yg(1SV*cV!vl8`a5iVh0Bgu$;YfE}U&C#Z=^7+jR(Bo zul1B)PUv~yCu+gw_wK3}wj(eofKTz`Y*tU2><1+G?t=#Y4EHn&PN$iLHc@)Y@x5f; zi0atK)^-F-leM0dM%HY=xlOL*F{p(U4|~;jcsx&U$|;B|`TO$UD6T7D{+MF{RthDH z6EzIcy;p(*2ds0yvc&enNC?MkdwAXxV_sXd;$V1o=JJPCkcH`0YVk|eOIxkvK2aJ8 zwz#XWMJ>8NBB$~stCAnTU`~BM7ydSyYP>JH4-t=pA)P^~A0xu?^Ku=^XZ|n;b7K2)<^Z3-#cmK>|7+~;Z>bt=-+ij6Qi4mMJx8xCaCj)$}+djLQP%qty>$snynC`z{URv~F zy#|ElZC{@=Am}jd!Bi#(~PK|7X9~|p)QUz)CK_HH@tAT00&w@O9R;Y3#&kTj^~-kaZf9+ z&y*MJakXj%txw{)UtjHDeoJz{X$hb))2IL8)KAwH_a`427%G9Pb!d4bKBc?q^i;l+ zm$HulhEhd3elUTeZ~2aq3Ey)VFh;_C8tkVY;6BejkR9VNjL#EQt_Qu0#Fi zq?}HMyCh9`zvf#OKK9ERP;&mGP@nMA=WEhq8784DmMRfpj2st8r@ctVu6zc{4h^FN zC;?%2*@uyTe+oj|`w`fn{JM*E2tV5Rm*sGd1sVgYFb~B8wqC45BsrHsFlma)QR9RZ z5f+WaOuQE=Pp&Fv5vLS^WMFPNiabB`x26b=^>DT!s2x5!0pbE4WWQhKXGQp4w`XF! z!Q!~@1J6E&;ZHnyB49wx1v`;T*Yc)%_Rh2w=D#<)-#7t6>#W1ZJP4lP5siGidG&2Q zm6a0dqnUoHF1hWaGsCI0XdiiKgsa1#ko+BZcznND4)dEKp?Y}ZdpAfFP26ijkSg!z zcM|yda#N^c*rf) zNUIs*{m%UjfED#PtCz&vM;Ro<}RqQ+PthM6L$d+;T2lKpy z3cY?R+$9UNlhn&2SG~K13l9y0uNL1-wP%V1w^hmcZ0f zjG1AO%zOQeW%D}^V{xH`0v?Bz!)_`c3<+MiiBsmWPf(l2sAAVc7yWmB9RHDJ*%kU^ zvUpVhWGL>*^`$<3^!P^>LyTb($Td(Mmgs$_h?Aq=>59@du zxb~TdrNy(DLj;Fl6n{5iA^X%caaNUc+_K!tupSM7RI{}w;k{jxgCu<$qQUhg@GzXP zi_4G`)0Q90y!(|7~s1YMi2Y`*`(e4VCf89S^P`|1k~>${sY z@lAMD@KT!_00A^6ui(hZsf{ePfuF!9o&+81Nr^d9sc5&|o}<#O4luUoYL z$_llW=3eb25HJ!*m#L7a`U1<~@D*5K5?+i)7&IVK@8Q}@v&tiN_AOW%l*cH)Bv1x8 zS|_7hAb+2=cpHbmzLLRAJz$ReoO;Lo2y%l;Q_BW$uX)>tr*$tUCcX}Lfi1)+%{5IM zfrKi932W=A@!8j-fsl2|2bu)qBNGFP48#nL)aR3eEd62krmyuXx+=RaNUM6Kal>y= zGmmFoq3RB~YpgR7Cgy$UoshAea;weDLO0XIaCC7Bjp8pIZet;Wk*>i|s*o`+#F^Bt zHstZ*RMpfEqmBShgBm|*aPF&9r#Er~H~r#2Ma%7m^r0K)y+0QC*pP|5yVc_k3r2&c zY6mwt-n!|5%Tt;8str*xlr>4HwYC9{cH9Tp?~44Pfa9&q*i@_k?RTU1y07|Kgky*K zL_ZB4z!lZpTYk{@qhBJ)I{Za!;u8Xu?j-qMU6xvi=d zB1wA*B_@u4m2HrLhS4}9#1;WzR~j#IfRh7wP}Uf{�B$R*D8&QF$+Na-F$TkYnl$1%^ zL)#?>MwQd4IVN|)zFs_@fuRr@+aFXi0Hp4NG4Yk8@b<+WE1h4-@cHA=9Qmsvyvkt~ zuWD}zhGwIt5(X)K0+nhWoSLz)rPj#OA;8H8(P}WHGxJ;*R(&uOGHk8*czMu8O~3-% z{A1aFG*=RV!|28Ws0Kd3Zxc|DmQExxxq;rx-RjP;Joc$P4&om?2OlX^zBen$_|hKD zd-J&_8rSC9G|&7z9NYQm(Y$`qlH??HoOwblWm4RXWNr#7;+%f`LO`AL#o&APebi>$+sJ8ttW}>rXt(A*Ocvw-S^Yp{F#eL)~LldJPs}&P8 zxQE$;_vQtmfZ*MeNK@!rgPr2T`)5L%8y4k{$cj(Q{}fHmheLO$*7B9-(uY2{ctPiy zi=@TS2!gy=>B|{zTLo%J2xJYJz(imU{QUxinSTG-Cpr@aleK2`5rt3tN9}Vr6l-I+ zRI7}jBLF&CIe~U$%n4S}^78SHZuIlQAhBu`oPEas*h(pjos$s=ekN~~Zd8EOJe%Va zujPE$Ti*82VyV1$y#!(_!2C_OSe_dXR`lx!xmOzn&9nXG={y7Wf(1zBrBopVQuGG? z_IYfIo3vyt=!4hLdn^ix`Qcgx9%IJoM$Shfi@qIsfZS;>8H%WrHTT8uH+*eeU^6xz z#Br3**i|c-3Os?YvB1)LobIk$oxl1%rGN#B+FZ&p!|TU)k4$Uew6@dyZcfEDj2YfN zc=@-vjK3IS5&{GNG`?g0`R6*&>{u+|bRe;M}}evnmyPL#`;?q!jZ$J*7UmA=vPszawiee1`&T>jx5q3fkYDTU z8uq%9I{s|8F^}wm)x|}rM|5(7#r2C!+H+wT=~o?(|^26C)rvu$=`!sfPe%}U=YmK~4henZ%H;KIG2GJB&{DLQ`Fnxy| z$LdN~Wp1<>%>h$EAMQ>u?{uO3_JrMu-!*DK=BxFwlxmK_>s?>3`!(jDo0U2rVJ|p? zGygyfiB09{4G|4e?2RBL;c~oekMwv5h^#Y-&g!H*N@!P8NuFZbYK7f9J-aDzJK?FDUN=Qi` z(psLE6S*dVHXJ_!d~aY4>4*029$d2>usv{3_hU0U1LV4Le*GLP{bNVY7#@}gAQ_o< z*vFY%SZdRj&1MRHd1a z>x_ab^T(IOA|y&u%4jhkMQv~$&r^(KH^KU;n^B5J;Sf2a!_9;#wop#u&p z*5qfcyYL;5qyBl2$Rdac!`?W*2xaczNj*i>OB~m06rESWWXePqh$g^}l8LmX+ma?} z~e;$fxtFbDTLV$CtHrW9F0!7A zZduML<5Jo>6nAC$qHe|g*AQqiR3WukFGk9T&1sG#y%#;lN6_r23XC-E5DO-HcLUpI*={ra9njxXA9-RC%&-$$|8T7uet9b=)S$sDLq+5H_Ef*4t zZP$8Uqei~Xfw6RH|6DlV^&hGOjWHx)QP#ZU5Wl6B;07s1CJfHsU$n0k|5ci(Nzct! zKB@1GNBJiGjz{i&UHs1!z@jN2T;%f(TlLO@DIcD_8u({W4g;OBxdg zVh?LuB&OfO8J?YH7h!h`f_ScP@1w;l$&srrdgWfJ0G_V&G)k5poBVqqeon{h!SOIr zbH3LtkE8qKr-Wtr&s0j72o1z!xa>2BEXw+=SB)Uvz&0mAWf{aNsTX8oezDMpE&dkV z@6Uk&o?+d%0dXH}dUs6+#2p#S0O5S+Vb%K#GdaZPmwLUrNDeHKZKIDg;5I-TIiL6~ za{vop(ag9oWqMQj_p%_vot_={ar2!%Pk(vTj(EQ(E-%)+i>kqO-kHzNWJJq8g2>v3q2$CAtPhzDU`**@-YY> zJMEd}*H8iPx65t-`aaCymmKQZ6&BkU21ILQiT4Iy!osBPqo@*MN0{w$;u>X~TQtuv?NhIpxeDAAZQHj%aI*p6cd02x3L14| z6CkPN*eo+C#t+UL8*WC3E=~mggy4eW=?ZW$2)6l)r5&nvF?#-ttfT5&vKHgp9^{e% zaO|hyg*M?3q(_%wXbA-)68@s6Zu|qGyM{QkZ~o-@^ZuG&uSf8ap%G(PZW?Dkt|d}( z*TcoC1L%I>Yqa#?dPt#XdI^CzREK#A8F@VX?Dw6@-{{;t-^Dp^lU>r#-0V~itQ41$YdsI*Zpw5b;htB-2T7~Q?nJh>aZwVO z5>RuxCtQqpON1wU24OGEI$}S%kA0%OxmwIF%ct=6`9py|AhAgHo6S5ba=mRW!=Xk$KFzI$Uuy3~8mWCn8lPRdgKP$T~I{nKOYA2%pTwUWD1 zeiF6WEk*)=e?pV=eAO*Nx_-ikQD1s>7%y2FI*f8botbu6+6{C5*1;cza=x9ii-vw}b}0ISPeZTN$pfPLxEctmpfPo>Y_j;lZS?f=&4KX2JPdy8e*W)F9$?wvT4^*6J>_yE4U0) zZU1pE*I~BYbR6g&hS#*`)4|;Y{!A!K$$B8I&a>ie0-{m)DmshLE$9V4HETyDx0mtB4)UzUlydntZ&_ z!i}DqSUmxT^|2|#M%L=}x0j8Oq*xQ(bb}jRP$;Ljv<(j0UA89Ie03JcxtY=1(3{s3 z2f!h&iYD4Ji!tHhdw~Fl*tg4*Tv_R%Rr7p>WZAf#U+6VS+|m=Zz5{in@xlaN0ZYz> zh;xM$gug7S2DBo*(xdhgGUbIIr8T2&QUmmb{$Zi0xlj`-vLSQtpsXRaVMJ;Ui4WPj z%@f&T_$VJVKRD1?peg@DUi1*EuyLV-(Kdp3&YAFh8vJo4rlf|}BcF;E+cFRMqBvhG z1RlwT_;h=B3iXSyk7CX9r@Z^<$;&t|!X2AB)_c5NWL1eT2TLAm2pS!jtMEheE)(_L z36X|tt1I?Kk%GBhFM|#RpzYRInqiys!F-*R(;Ludb=tlLr{CkoxFAx<$1BjU?swj{ z=Sm5a`g|L^2uKRnQD>S?g&H9ABWxs|kBQIWa$VjrZQ0rozO(8v2j5RIH_4k{AE^ATT;rO}HJ{&Yd{4mH8t7?Wqs$fN zmoPHq>n>)}F&eNY0-vu1#0%DM?lTzEW-^(UoRO1PzsA(-l91=3$1jno$8Yiu-?O{9*Q=7PXQn>91|rPaSg~B{{xNZC?@lro)wO(Rt#c0Q z2EW@0rW5>Lqwy3k-dWM-n0Op$(LjAGt>A*}4%_UB<%&8NWLzNdfr zD1Y4ndV1fWJT^!y06~}^I-;(BC%f6V)^l#kc_aM2XTUx*ES14P7-MVi<~$zz!~|Zr znQ!`L6Vz>bz!fNWJ!WfZpIEoZ-nVHl`R9PGL}S~29+MC8*6^=ZQu^3*&d^G{uAc|8 zI?-ppZ{DkGK$OB39-f!z#l0ve{_wX0gkX(agI7uwY>gWpii31M>QceK!{EWd>Ok6hP6ZN)`A+akth-fB5ia zfQj6yim&0w}@jAaifH%Gl%IkdYJ<=+=MPchk}pI z3nOXClz#>Nm6oY8RI`ipvgD6SSNKejpE65`%S?8%QpF1x=dFiIlj$Ly-q&yS_G4{r z)8A021PsvjVcqzb8&?}+#UO_B%Y*XnoKIEr^mE8$#W6c8$*N!GeRXBrKX)X4gOFqP zLdPCXXMjul<&n8P`@Bhzzj?yX+vHakM+@{D3)UoFq;tf6+QpTE&KVMvt4Zy1%;$61 zSBm>EyB+%^D8>Nbr?)($%n18!R*u*63pG68DjjK`!RFoq0$=X0MMx%1lIC5wT*|`r zP<>!F5<)_r?$2%dKDRbu9zq;FZfUVr$kdqSPYnd8ixPF|mSYjgVP4L~<#0-4iY&2k zOCr)C4==L6u%F3<-eq5K4~Q5ZYG8ACd`}w-X``G^}SN}NvMHfQwRuVA6yehYtK8CLAh?{za zS{t!a?n(q_ynfMry26i@SkHHPmjQr?f9ymjuFLMh3euQh7n5QHlR~@zWWRfy;g?D_ zXs-LOdxNbV%yS^1nJ~Id#NIn7=JTNQPghg(g{OFgYJLwE0v(^c#2N&_sSo0Uhn*hE zZyKOSg^&HDjQ8mvzcbOoPh|4JcG9Xyrq8_RRuuM|t`qYKlg`Ok5`1+$*sr}%e>485 zUDfx48*tVH<@Zqp*Ux?<;x@Q%tv`{-No29}XT3Ca03>L88T;m`ZnQhnsN0bAH5k{#OXAnNY$ zJ4TO~?@nIt&FV^A^V}|xB(W-;L}MX*&C(zzU5#OIOp$GU@eAK)3v%7p)Nla^r6G~O zhEG)bt-6vqY6d2E={k5VHGBnQ4?Yt>U3^xoRX0CZ^tnAR91HW}b4E(=mj>jGms#bI zs15ra%R2UNQ@Y#+xmp?uI+x)o~D|g5b zhUW)_I{tDU$GG!l4o3x#lR;UQQ;}2<^|3ZBt{g${9TtH#Vvk=)Py{=!j(Dui{cH|%YToo)+)(7#2u1=eodU=ISlMxY)V`uxb!Mv_{(^*s zg-Nq(bO`iNgM3vA+4eY=Xi^4bmOCR$h-nB9{Orz~+HXr5(C*Vb2d*oe(rR(n?(=f& zeVka8f*(tj*((T3LArVOyFOCnLhW@%TfO#`ZMp(d3#n-$`Po6e4f_(ROfAu~|C*%#Zna z+3FJ0GSPv+gRJHzU~j*vI-Hi&Fh z78Xwa@A$W1ogZ%-+qPuGMb_?5g?GB0kcBEaZ}t15B+WZH57Z%mo#K6#K3=dx!e5Z< z$-3VYfrw%tl{m0|z*B77<4I8|?f6Ty%QPjhQv!!_0Cmfx=n(uwqyT#U*wCMFPbNV? zu5U}0fl+@ys0iz>x`Xk9BQw?_b(~J_{+44Tc3w7p07*vgAtpfyr|&O=84sZT2$+Ln z{cXEP3p-ZN_)sohzudF3QXBie{3J%l>0HH@*%Tu@&H>)>vcGDvmdW9p_K-kcE-U-= zu%|vQqC`5A?;(-v@`0QAbS$C&ee~MFo(Yan~?aGO_#6$yB*9jHgV?0LR?_74lDVCD@x;i~j|7^0Q%O!Zf`4?qf z+{3Ud(BMPj@OSNkcyc?BxB3h5b-*r#cYefskdkkA`BwBKcc=|N*)O*}Emk_DCt6(k zYRxWlI0*_;X5Y^Y!qjKIzh00L%aP-zs8F%20Pt>#f2WV5`=;WU7`W6@MI2!|N)V0& zcJ1`>na}&`2;mGyZt2YSeh1! zIeV>Aig$R1d%zVCLF0K$yRWr)-rA>hNNIGz7u2rL{m^j095r;9u~37EQy}WR$9@SI z+vQ)pR?xw46!x~ynh{Xk9jY(L1L31x^yp!2;Kk8z8Mea!NXX;cdTfAGNqu;o3Tdx? zgwkl^PQR}x;b>uss`H>fy)V~vm$z}&AZFrpFUA)}?295O)5o96=G1`&i^*T9J$_zQ z$~KRe7jc1~VGiSwr?ECB*@tHkGD6I2)uC`Hgv_Z9t&TjtwygXwg{VF7qBH9WTe|1- zV{%5pHRoM%PP|{vHPD#P1Y_B^$>!lT*mYF-e!@JnR(+GmeWjzuflrI0P_MMgq5OGl zCy;!dvf)mUZ4^5q&>>6Y;+0Eg#^2CYnO`p0jUn%8AK_UJ5K09XVAQEp^D*Y;&fYYV zhWGoezLX=}&`<9hR>xZj(PuAESoM;YiF1dSp>vWHF?x9YS$RNSKz&=+<1JAOKV{$i zFSrzzsW8s>H&dBw)c&OMb~Za+vqhLUKU=RK^BPl^X|4p>{eFRjId#@vT>r&X7V3c|ivF5$Pi zhT#7lT?8jr)QH{pcT(Nbnzu${Z`atnQj{Ek$6$G*iWVnh(Q;*>E-&<6(jmxeU zCPH^-T{WsWqAqzeXsHbh@>xRhaXb+*IH@3sh*s>L3;rmi=cZ3`cMl)+=8@es4S>}LaN0sQ=_c`7^aKS_3ys9X5g#P`ej^q`{z@+0 zbpHiNsKld8E~TaJNs7#ZE%g}JujvRPpy(DF%WZp-YSgDoym&fnN+AA~=m3K1zV?1`njP`w zjoudn3c5W-_VnF_XV}4dfifWfs0hyFbA8VLlwZ%bZql%*5QGEtN5SC?-;u7l0;G z@o!V8Px2_Qq)f|{8TBh({#_V%dgc*Z-0tl2-7zKi@>>Q%S+GB*;hKd?CBK+6DI)WS zwzV?LEP0YF1gR?OA_P3PS`}(t$I1I<^jQBX8*W@)nVi?J(cK%&HnBgyydPu;;cHMB zsFCFX#&w7-?+?+13p9)CBVo*|hc2yFPvP8|fIAa=c{t`vEY{#TT*z&I;U8rOS7^ z++NHemEdj+r}OgUfXyJJZ!!n-YnuDkTc23w;13Ux^`QpPxE9u$14j$_aqFms(|`;@ z*WR_%$%~x_+sgO0uX$GVJg_(Jm#5RXsj8Q(XjC?18C@UFQ~0_znBDoPA0>{1mt9r9 zQx%qy#(JgEmF@X;<%3BXUiy^Cgc)Iq8fKGjt&M`zUKrF`?v8{`G@iW?d#Vb-w3GDUtjjHgSS3NQ6zW0UfSX%NI+RaN_szV@|DZBv#O~p4j!Jwvi zO7yx2{VN~Ap9TBx%w!c@-rTb;h6q4J_U3PwOIXxO$sUJK>FhBsw5z}Ccm68P)#iJt zV)PeE7Tdw(2CMcK6*BfT8Qetw;}MoGY)?em@KQm73#CR}N-Led9C$9)9S#e;)5B?-}CHUI8aU>tE@bZ@e>L~aDJ;TXxlP= zXmi`v3`h*spF<x~)iptP=q~(njDENJ)>2h5`bRJv z*xExK0a~(zg5*}Mmib8E@+)caYxux~fl1@6Kca{Brt70!X#1@Z_l4)yWp2VCWXeB3 z>|)WOVP)uE@i0A4Z1S}(XSfwq#uefNlwKmktVJbh+ECVYzpOsy9-gMEf*$k9d8?oe zaCg=rT(6SWh1piFyje?AKtoQStVW70P zMLw9A8GXB5;_!^H(St{CvvG-ZZvAI{Fs@_r8wNS_hN*zlFNc-_b@wjo8Z>^o06mxh zPq3fK(G2>i_=_n1RJF8iU{vHY)q~rQGd%%4*88FKSdFMI;vxE8sM}{S*n$lqo?Ps|w3VJ*GjNN0@orky8;D<#!0T2(Foa@(V#&%UiJY|m>9eu>JP?GBKYh@c(f zPaG=M8IyUxZzKJzhysJ$Tx1{UupCtB2g<}xI zfTM`FF`1{Agl{VNI;^(mhUVX;MrD8eX+N_Enaey6rT$NmFXz?K zfRE^bN#{~8GGFb^!Mr{BXy%EUH1j39K8iv-Cmqj>N(oG#vb_okfw9FxW!Pa?5Dr`(!MIf{|lZ$Lev zCom6WcPHL3Nk2cdh;u&L4TpK!8#rYpo>N#pCNkQxH6wra0-V~-&{mm#kfwa@moJ>4 zi;B7ygR7%9VV-rz=7Bo9rKE>4{vDwI;z{oeb!b12L&mE2`#DB6YRmVo1gG8F_-V@L zqfK)RJwf$=XkOi5pXJ#jzT0rN;P`THo?q+QU45w6CiqeinwjWCB5$tnlN1|j_D1S{ zSgQiwk0Xn(Bfo;cdK2h0@1+UeEYCI9mH-%MM?m2Bh)gud$eZT@_g74HaGix^*b}8( zM~`0ipy6xTQp_~;^YduV@fWr?Il_OEj^~Uj)01{s_z)5r=QC-p#5pjYtzTICjzo{G z2U14=;ld|q@cp?PDtAR_RBSGB0&Yrw{h%4-2g53yjxA96;_ae@mj*edn9GMad_BHn z*FuXT;|BiId^R=v83BxXRvRM7UPq(JiH#1!S0zCoJPRQ+Jx&{X6Og-V8r1gpYB9-u zyC(J@p!G8Qw~Xw?Qx5RkI_k~1=dY=|8PdGpH!c29d$fnDIR4_{3&=LBxN1golXRc> zaNlyDKf^aY>&-nFw(K`(LGqmm1T#4nSei~-dq95wGp%CgJY zL?CA+pIRAYryW>iMAi-JS3{ua%4WT((GMV&$ZJ%4jOqM~XmzRT0Iz;?aEN~IjfkG> z{CXoVeFQ4$?`uR)Kw|2+iv(8@afO?g+f4j#PMcQ#GU_xr_e!%M#0_I|}Zg-bKi z%=z_G6-8gP&uzjolD|#wxutv5X>U7;Rb==7!U|sLfgbjIxr{q#eEFRUr4_I{i}g$e z!{`V_{-d>wWFdu&M{^YczdvF0i|Ezl6S}sn$-LO(m3)sMtPNs)ja1@viVyaDhEpVM z9s)_a!p8v575VA z|BiE1!vS&G%VZzt1-mWoc7z$J4%3L#__~$CHVntwflW1zeJojD*2h2VY@0vBlt)+_ zCoIEuo}DolZ>iC^&x9|c3k;^LvTF8Qk)|5jF~X0U_A9cL0=#q^)Q3^Yx4%6_|Uq?0L0sk+mE%$x`58p-nWdL9edHH%OhnXUQGvG2XGuvMY^$tVXhf%)l zQ^k0?O6)Q~JL^sq8KcHPs%9vbqn~RQwWKxFRLAr9*)RRDwPeI0Zb_ssjGK8d=^xd{ zwo9@*{ETW1zZ@=;Izy)5&(0C%vg;TLeRR&rN>ucseONh4&vWqU{evqp>*Kw7c!e%T zsF5pK_(@-o9zgeC&d}%B>x3cLnDN&(gMrNa8CglFH&%;4OeFACAr3QtclL%rliN`_7;CIEaAvgDR2Ax zsF+i99-qg!>+xb!l23Q~H8s~kEmWvC9rxuVFYjHGeEzsi9K{#=pyC{Rg|4Ihx<60- zCd|p`nn#KS@hUiTgGrhEDa#W;F&Ug}y%>M)j(a3hkupA}dfhx=oAAq)X;1BxUAAH1 zmRrNaQYmZ+p^iF8`8`lU)u58yud^*u&f(A0yd(tAub?^U0%&~xp*Qgs4tS?#%CpLH zWbt-V;p9EQqbz3JJ35x3`*oL_3oU~$g?e*4zFnF%=Iq@cTK0D|ySLgL0RT+#`99Bm z=KL;T%IkDl?sIotg=v=19g0$Ize+LF?w|aboV-L>KQUAw>m0s$L<7N|SB!8)>s@OP z?*0g=M<~@~T`e;`2iFoT5QzCcw#Fi`BYl`Fk~nUohdBF(un7{6AM-;FoKh?f3+f&M$KmZ{3X zm)mJ-W2fqiPL|n$nzj$&xt-)&(vxFsg^wdU*8>l~@A&na>K`Dg`+b4x;Xd!3hu|@W zw})%D$G#onhCpOAAE8Hh0N<;o-cSDxp2VN0o815+B ziBB*4d=5Y0>eBZ!D`5-ISv4qG-=?LuV?@%wxHHG@PuR9Kw%hyeT}_j_peF2zm#Z{r z9s<2VX_h-iWM==o4}Uf`ZokvtHhg&#P6AP;@wL=H9oE$Y3?A9z{>@)c@6bRBYV|%} zU4oyvvQOsYe9;){9h*w^Blj_box><`LXG&rvEk_6FIO|c%hTBjYmuz6jJ212amNp# ztQ1OQNYC>JcpiAQaE6xd1sj+P-f#*Rq1GzkV<=bS>R%I8jR!6{zvu2gvDjtvX#LZY zvaWP@s6T~mwdy;Qj@I`iIrsDPJ1=-oz3S#-0!9gy)uePT$s1zC^JzE?zc+vT2_rtX z+MiGRs?g8zxuMH_F}+>6s~>Z4X8UIA<;5*7K?BV5^*+BW26_DsX<)q2Q|5CkbIM5< zdNPL(Jzrx&^WQy|y0weYwHn?m0G2)a{1`a-;&J>K&@w!*uSYhfP#rBIIkIm)sA&D+ z;xQDpNX8C-dioFI#!=ApDgMi~`SLZ-C~yerFmBhUa>BBqQbuZ@75di;S35ZnNGKiq zAbj43O}w@w+P5Ty5Mg9a-?f#|=tzpUGs}?7U?80mhGA?}C^i)7ow-kV}GXxatFB4pkCNDP!@(6&P5nT z=BIx@cV3#b3Fj0wy$PBlUT@g{)tu`D?EG?JOZJARpZ6s{GK08})I$tvnGPlp)qv7@ zDS4}_AZcH^VvC;7P-t}`;gVfA8+D5 zA`6Y@ZZPm+ocyRrr}>o41h*bXKb1f9a)L7=Kst#>KZ`PAqGEq05gq7qgP$B{)*zW~s+o9t7LjgH5}-3;ZY_kzlZPl?swp z6tb=D+kfEWW%zf<>hb&r!$4dpj^XR8g|SSSW87jp7Z)jBh!YM|?gVs44A^t`R=?TG z5~8(pRhZzHTLAvzh$z2qx0CHU^(}^am<>g@V7P_K`vMEq8kBB9AY`qh?)mk3%5VIQ z#q~Yc`hkBi=n%gyUoOTfGZc^czIqIF0MJQK5-Wy;(ZF3$G)&D<{nT&LkAMLH*rHr@ zp&|jO#@Q3I-a`feq~l?hft$PS%j|n{QC570`yf`2*QJvq+BmBdtPy@t-t6B_n@jia z_OYGiu9q0Jbu3;^by*Il$$iHV$U(jpr0hL0LUdZ`I}%*GNtr zSEsK!<@dpkkcBZF_){P5&Dov*#@m7}Z`y`mpSX~%i{5FgekFR3ne-c+Aw!%{#8Yd^ zdCDuZzD;S6!1v}a_dOsZ}+`Qa%bI7z<7SL)xE4~MhV$=Fwx3c(jd1ba3XRmGk5un0{H6ke> zWraIjI?fPJG%4T;#OzbzLu5*%K9z^RHVR{Q#%X$vH58us7mOS1CM|SY>CX9PJjD$1 zK_9r;zj(RgxB5|@!uThWw`;(PISN!WA%mmgc|lvzD%6yV1u$mC^S%mGo}6#6jKD9z z>DLY?+UMM_cTWvLYf9osE!wFZA?WvH!~rJsGpf@Ie>=Lt3i+%vMC?w5wQp0atY6e4 zbkgK3QtcCTLZQb90kFQUwZ($!JC;xP{K88mUy)ODm=`LGSmK%pH+t0*VT(bH>Htc+ z{sR%x{jG?IBp2*(CCtQy=w$-)b@S~UL zx$pB>Uk<^{YQ`0RKq0JugyGwyDuxQ>dkl33GfG-UOmW87{bYNeAU3Q+e@b9$4-yL= zE>pBZbgDh?3sQ^X(1dQ#L9dxI@Xhu_GqZ3`0`tQPM_MqhxE`Sj6+xlAqtJGfzD7f> zY`%Y`vq|D=f?n_IShhbe$~5fb z1J9o!>7bqX;RKVYtX8Gl`Fx(K(~G6~Bpbu)=eNsai5di964yRl-DRuZ#LdnfbC;xk zzuG{No(c|WidUy`DUlyY`UBulWz7hbchsHvJt4ZJI^P=eZebepEv!& zKA-WoepHW3*mr4|^7ktj{7!@qH?O<*Zi$aFCtRBB4lkQ3;T)#|qckDj@*XWR?3s&OMG+=_ zgdrL{mWvlmG@$veoI5llmnu971ibDq+29%RnIl}xV2_rWqw;Q>L$B~_y{jOI zM~`Xc;h_!z_kGN{pK_+v_qSsUu1EE-jZ$<0VKcV@C*!8dyOSb&61-3 z-0J3qWQve+tRGbMCi#_D7|+kVG4ak*1=HO+556_~7_?wO;=sBEQ03kw5-384u>f#V z2l@_Eki+@(`%c#tBpkNr3pf(Nc-rr)v)X?gox0mkTceP&s$!fF_{S>L-xa=@_}ub! zX#TojPZuJ7 zma5PsFip_E^ydyJXpr+5n|49T!Ew*4!?U+kMa@e|xY>D-7xo;Ev{dP@+&biHe+OiL zySKMueIrUi%d7Jy@Y_BkOd~~>OY`#WAD!3Zz&#~WIRk-~_rM6jAGUiz4+rOX)B3m8 z^~%T^MZr`T57|n`v9C^W8njD`)akmO_6sm$lBsMj_&?<&(fGXzA-xFm$sZjZ@Mju- z*#iy9Paa9XisD!p&i;=VF0dK80sZ7$&CgGq!wS9g!&Jb;My!Mxi=o;Sa3djdF$uvp z8`e_^=nQ_Q=HA@SD+jC=p7Yi93Y7Du!~vt+q1Ub0|Vxr-(T}^9O{}hSl9#o z(t+RawRAAl#>srtgmXg!Zq@+oSrZX~>=)cTf36Y87WBSIrdIo=MEkEOmW_CT-Dd)M zyUUc;lW6=-cRVW2jJjfdQUke!w4!kMg(^B~1j*k{zkZ)e9(Vb!^i11X$PzO0t5psT zIgO|TAq;J%*Y06niTSvEMdgp!YC7yGYQ>?Qx{^fRi98y#Ro0onxaX9%mPYg4-oXkQ?N!P zpXi%5KM~oJ*dn^}DN#Lc-2TbYJ4%3cTXuYss9k;;^hYv+!uEMjb&w=8?z3O=$Kye} z%zy-LyAAugi3~vOc%3w8caK$a6!6{6iUu=%O0d9zwk=tNI8nd`q{5et3eJ37jJoTl*8K%>V59vB`b}d?XeI6 zVDrg1RSuAbIZobi`xHTJC7vJj4S3{d zJ%_=ExG0dC#>+T(Z zGHstT-?*c&0i`Jz*EdF*tJJ@LP1>95$M1CEQ4S#(){v?mHg$A%yZZZz1E+X3&igHV zceyeg7V@XPEOx&=HwPZ_k;pzU2~|FHeRO(Db||wLEM}4&PiVtI;2tAZ>=P^wUohjD zxnY_nPDgLoevxo(MSa}ctkcQ3P*gK4li5yh-BGJOw;O@LRr7CYq*auKbaa)R2BwJF zCa@}|nq`DLL|QCws(6DiNOOEWo~61KM|af!{N7+UEPf32yN4R|y(d~8z5tO+@G)^< z^5&MVKVbIo7MU0bc|q#R<&%LNh$i9z9(8TTgNsI7dkC-qnk?LzI^7$WP|v1a-zVpH z&0UJ(Ol7n6y_&BVv&b)fg{88vjxXJRyiQ=YUN65{19f^wo?;^_raIgn7)#>dK5m76 zC~jN@-4^P7KaHQaSsV-{|Co0e2;)-|w;PUp`ZW41_(h<{8INvX2qW%;n_=NW?RYg> zi_V+3mlpWZZ;IZ5&D>1lwpzf$O;5by(Vkookn{sRV9TQ9EPde7e4Dj;Pz|oQ?SJxj zN1hMomR|VtU(_3F9d`nyuZ&E6X-C(u_n<^HCsG+-JoBQPi?T-+*RH8K`NBGy$qz^* zx_idDjf4-C#4?b=ta@Kief{mnu3Z94V1u)h#|hjUcGS*Qx*Uaq@SqZZ1Y${^XjW>q ztlQ+)$iCl=(@EI*QPW9C1@Z!$mAGc_HRPS`@ukVbo=eO`qYiyC1CX@eAT)PAOM=Ij zt8;&^CrOZvMyiZp|4>%wcXmphXGlR=qd7hH_0N9qg;#a_-JMY@x}NwND9O2RNPr!7 z^N@@#0cnr8eLU|s=KJbLNG^RY4edy!-4H02zQYzeqnePC>to-zaM8uptYJ#;E;!)QhH)sy+J-a$F{nsft zH`StEVWRT3DxFlI%828(xM}_-<;a%2iw9E30Y0G#Xxt8CPS?4(XbCFv@xxFz0il!4 zm(W)TEDWmy`}luDYj$&4_& zBO}V2Kl?<%)BCIfEC{Xz{`~DX6{MaYaQuz^Yb(X`Wc!ksg9oUGC%HeSvxI zAIAZ+qyNyaJ&H+KU)l4CyK+CC(~xZ1JMjdq5KsM@9Oo&c6)ppc0Za2>;b0o&mW38Yy^r<6jfmLyQ5r3(>RhB;MR1 z>nNlzoQjf;aNI-dfr7 zD1|Sy&At@n7&jQ%^`{klmdRFpZl0!Ba2N-wgAWA%xmDL;d4pv2U-7_rb5QN8F>eZ3 zWd0VMU(icde1>TNK|UDctRIqIZu%kY4+(?nhZ?A^{Fpo9NNw$3FTHI! z!}3fUN4+`t5HI*9EFriH3?O3rkIARp+t(tO6rlc<+)9!CS-~cDH`z^&Z)~bRiSUwr zP!s)^^-eC|2B@&|JYc5fTSFsM`RT8C2^XiAc>PtvIr2w_uRR=-T{RJx888vShhd!X zgYqZ&PO4UeD&)|8Vve%zJ2nBn(qC~CR5_`DYm}_<4gB1=zBe*t(55M-_4bG^;^6Ip zhbHe8iIZ|fUtn6xh0c%j_je#J$AsrrqOT%h-&8g%mivUJ>$$l-?{GnQVYk29lR@mS zC&7+r1Smi-hn1mQ12+R}o5_i|NY!ktwVbbG6Rs2)H!AmKo2}Ud`-6Xgpb=B@Ox zc4IO%NZp(`Kc+2%?w_Vr+25v{GA5~^l|krx?Z=1x8@IMv(}bO3v6pK&{hh}OIj2sHB9PwPoWkS?hG9<-koDKFOKOd(PP~@*&F$9`m8-)mR(hVc zUg~MJ0O)U`d%Q%wNweZ6NhmZ)8$nwPgdB6}IP5}asE$GZXGmnV8%xKpz+slD zS|=t{AfX!gJ(8GXpw%}?U5G?2hj%x804O8wCNVex)}WfNU;HyzR0l%Ni6By~M&Bt0 z1^S$Pu{+;Ud|tfUI#LtC*DkpjYHyz{S&3j0CGl0FsYM_8xEU*4j^j&z{v6w^rsGT& zDNnNJ4lIisquSe2+T^Ew-Tq`wIJ4OMm8x6VWP>A_FD=w8GAP5V(6`b@XQ>REdeiMCw;;rK??$nni ze}6bv@8;YB&O~GAnYrd-sv9w%utgPU*WwhMIiTP00e*j~3ht|aeN@k)$*buS5*}(s zy9+ZNKg|4wW0HHVqgj%STk?V8hQqAmWlnkf#3a6797FGU;(ojq?BeQbb9sG&FX8UJ zX)(IEWeQIY%gxQqV!r9P|`LzJa()R?dv=q^@lm~p54(o4}4v!?}=M}9H$Xw%jM5i&iFGCIl-S_W? zLdLB<$5nURfS%hLcF9R)==x~^lBvk`woZsgI zP}mD!SH#8qeMtA(TGMMgZp-uw+kJ(6IPytb0PxABRyxIt!hLU%*-+g(9cj8#mQuG7 z+eil7w?*~5BbNa$%%<@$1*Zb`Cs*Qnk(gY~{_G+%%`f>qoXQWFK4M1+bz>;Mhm{@$ zN`lzn(%K`VZ64wm|v6-ifBgFGv{}`dK#;YfV2kKLlaJ%}ec;IZ>PJP8dpVy-KQ{}6&k|%|01Zny zxo@BFS#A2cbh^Yz4*v6!!jkjY%eb2&d`1tdYknT@?|xy1H{_k0`_0F`tKJz+Z>jI| z1kr+_InT1>lO*);YlU}u;6k(I>Y8r{m>0ZJAR8Ll8A$q=P=fDaUj95a)iM3VeMR`@ z062K+6aLTZ9oTue6Yt9yJ29ne#oDXD{1p3pa{4{u>f6Mxh(89{I@{tq zC@<dd|^y^DK3S6b0y_~8$$S=)3S*m41&U3cc4_X;hLse_N;93@K>&pc4 z#JtC*;@Ku^$hW7#2I1qYukO-VJwOCgiA7P3)WLdQMKgvutW!Y?u-qJ)>fb3sUEcQ>Dw z)Oo3$tn(drOjIA862^~UnUr0ZMQryEsrq}B;NC?Jsf+hf69VUVYo^IrqB)G;YiqAv zS|MoDLejTkRP$RWK~SMz5Xls~qix_*=-9>my!{^KOW)>~`1^AZBU1s@-p>FfGp&4- z@5MhI-QPLy3Qo;@CHpR~J2+Sutu04D_3kJopEJTZu{1pHp7--U$nXKF#kNSSXEYqg z$+vjys~dbtXgtHYmr9dQzL{Z{)R>-Dn$>^)AiGWd6pe)&uwp^)>St|@o}A*J$M0#K zdVqs5Ru9+Iuk8!^xVa>lr;qTf=6f1{7)cfJxit&>-t7U$~`Doj@UFse_xL+8}~0-_9=(NCy$io>3S{-Q{s z?(~nI{YMz6kW`0kw)eQ>&-aR7c&I1QrRuo6pekFsnX;!$h`rdOR>$nTZ*Vw%mn zE}V-k=xWk#(51vhZe(PsF1H9ctL9~c4m_avJBhLqM>p@H ze6NM zwNEFAPhUM*I|;p@REO>P6~Bixr;Gbnu8t~mCpTXlH8O1la-Cwk7LI(vpP!DPBV!MvVyRkA^S+!hxL@r4zwQUS%*VcVN8Hn@&iMM! zu15_QPVAXvg_^Jil!{OS-2sUW_o76XyPgd#+dyZZUfMO(G3x!OeWIDcC%gl~(l)h> z3TFZwOu*2@IR(ruEvs@Vqe+Ilt<=~8Q+`q87JgB6IR(_4F}641*#Y6wmwQLNYBk}m zP+{6{U1q-_UP(PsmYmEd=N`7`zI@EM+}z(}PR7yfA5g$Fk8LEBNyMC02_169)0m{Y z5=-{$K#>{Ex$-l}`aoT?hOf#85&&Lr(ZD+B%SCoR5Q=#of%pK&v=&tknT)(D>~l42 z`^Rk?9m`6U*w5M4eO4F)!h=+Db{@W2Hf9G*-9AQ~yre7KOR+K19TCvUM}eUoeAQnQ55xCPg?<=UQa%R;!02qm8KZ3a zX*zzVuvJpTCY$qy!1m*+uTf4XhQz*TBC-PND@QNG*Hhd7$`;bE)Yzrr0OoVfGnT%Qwo(LR16;XjvsiIDprOey^; zv>{SMzAGkt@nSq&wO_)anzLU35)R{zo+Vpo32h3z_$?G);mDLStS{$_!Z+>TXaV=T&3;$qZ*B>{OeG-ls##^&c#%ya$m;plCq2^#e{5Fc7Et8%`vmF~v5~ zptmb$_v<91bJm80(ZSE^>CwbHt;_R7H?BR%!V9i0r;wSGMDqQ^J>Ki(dUKf~t%vH{ zq@LF&3O(V-n%_60zA>k{j-F)D`g$8uL5q2zAqb!udnoKCO0dZ#I6(WxSD~|$@QMsL z;#+GR;>v!VmW8rjbnY+Tp2+s{80CQa202p4oTaFy-EuUbkRLp0E0GV>s2)&%n;wnD z{4PXr_N`Hf)`;sOt0x`%g+nsZOaS1TYbPAJF=fw=q}fnt@93%kWn<}T<*bp zJCs+UGoKf%TU-5+l0CqbEBIBtlePG)Mzu#2!{j&7_gyznpwDu|wCZwx#M zDbt2;zCv$JCV2W<_50wU&Hdw`Hz0ZemKN)@S&$p7iUSgg)JAi<;&r|J_MWywBh}h) z?j@1=+`G7t2r+qk{=pZ1`rD(M~V&$^I@EC|Q8Z`rEX! zf8fG#@D6Xs>IglD@KB(c)1XaYr?N!ZR#p_$VI82$uPUUgK1y+4S!Gn^3j27#uU&qx zU!SyM%pjg8IexX_(+M3qT+;VTooGN&YO?xFhrbdEnFdR0yZ$?5t1ZJk;W99j7en6Asg^d^<`**1oCO0*P&5STmX)voN)>Fwc>S`wd!ht7&ip!i<@zJ|srjosvil^iDA|56UL?h~9DhR)y>tt(M$$%>z zf?W_-+56?SgjuV+#f+Qu2kPRAi3rRl?BFpE4;(C*$RS+GWMR1=eAwVr4%;e{`wT;f7dDpIF@Z!c%~1t+_?-kqUzy81-@VSW_4^T2 zhi{6lMcqt+GHzuXZm>hv;ck2m_C$)O^m1LwkfJWeHu4gvFvQo>_JmF%->#jK((Y+2ACjKKiv;M z@?*Y*-qI(eIwe^8`0HNwHeX}EUAX=9k|W^( z1$BWT-DPA&yIAUAI5*d?Hd%gG-VdnP6@~?AK8k{+5_0A7^xd~Qe+b?4r!iJ&Qn%t9 zoPSq^uK2V0sTT-NA(E~SRJDh8y;hoK5+#ap$N`p^l1YPp(?-$ z7x-~l89FkDysocT{_S28=4?vOBpw%c z`Aaau{Rqd1e7fx0%y}t+_bbmlY-|RA3h+=16VH>PwV(y*+Hn3>2hekY{xbIJ4a9p( z{rOkpSNvVo1Qfhp!ZT`h$l$k$WlPLVvMb|Wp*zqOjdx8C9T|W6frIGjNqdlI2K@w( z@?K01VYf6sR_fKI@PW*TBs1mk%g|tYW#aMvrVmx6Si0;VKfHIkIw{XF_Yulg2BMe- zDWOX4;f8EUOEAloQ>$J+4hD7&C!qVHSD(K)mWHHE5cwwSHlYBCbCBX8!E= zZHf@gY9L?40&H1-}59%L*WnJE&@O zbu$9zgU8+N!B3{M>Jts{PdwXqQ0T3$RF^fvW!_gpt~vco6ZZ1#i3 ztBFSf=>^ksILDB;=Tn84_D73#)@If3@Z7EeNEefQ5?WB|IvtJua)p9#-a6-f8N|wWEy+`bl6WL zbYadz@VdXC#R6|d!!yqW%kLrouG^n zunTI{F9b(>qOS(SDg@a7Gn<(S79;i3m^*Mzlu?@*Zj+b=ER1JebfTH+v0?10cV*67 z{mPFFJGxDj?4FN50?IT(eFx%Y|K?mi10wxN#>`v`(MJBZ63$-f5tcY0-u^xqC~Z4_ z<#A&Z53^kptQVz(BMHmT|U z^fR&{NJs1X-sJURE)=RUPaXp6B)?tELr<}N`{JSLEY2_zyy<7qxd=YDk%{9YrEjf_ zv?7ZD4B_)J@^4EV?%Ce<$^KmGH8tCBjTy&}#8vVkgBr2Fy=++Qd`{obj`V?{b~el7 zdViHkDMaHJv|Fk7PCp4g-b|XZg(5D?(CV98UW_&NlG}1|x5HyNKTOCVFddL`#)%hl zsI@4WpFSUo-vXb%vPXiufYVKf~$c{w+MU-kZF89eIe) zj|M@t3Jm4&hT3}Z{gj^w1xm3wZzL+qC*;+iU>?KQcp{+&dARLEKJx4HK2$yrH(F30 z1sbx`n3FMy2k})ywIzosgZ5x%dp~1Uv#(au*1W+U3duZ=rUplO4@KT^|JZxWsH)a* zZFn0P*d1VR8+COkh^xDMnX9{d8Q8H^(5+jsz%DEdLOHW-=Fv2JBEtPT5~?@nfG(YbzfK99%Sk;K840ZgaBLxy~V14C2sxA2%|NdU3zGk z@&uF$l}_g3@Pq*pUqus{g_5vHMv8Eq7_!1>Ba0~Pkc&)E#T950i>#sXm;`W8@G=tH zMiMZAAq`BhQpkv7)e%FCr^dUPVB0`EKFIXjFb-3gf{9whJkYwuVj?23Ea>GJShTQB zMic0v(58skwMwZR=nUam&|EGuUQ)9NLxipnPe_BT--xOND7jIjbcWC@fmRwW35x>+ zJ*427WRu7b5GkDrXccHm6o7xYa2*jI9Ys34fgKXo4r<)(AOY{SmF5N=Lq<3ThwD5`MS&XfE7R5TPA zylzCl09*?NngYxlMynskw5oYwER=@f9O%sj@@NLM_=!|@oLdRxTqL83K&N}6PE7>itp7ZF>aMuyRv#X`P}%D`F7QK63pkHnN()p(1|N98CX zZ>6P}tujAGNDvc*z`GB-sSZ2N7G$}xbkL7Rh5+i{a;P?ulb zOZ?Ew?emz;Y`xJOM<}C#xrhr+Ye)_q2gv=w?4<(pC;SV4^n6yB7M6x(2va-LuQnq6 z^;Ck#jq~f2L=3=zX)vx-Vpw6fk|-Pvk*s%wu|5(Vr`D)pGBdqKJ6Wk97}+Qq@}=1g zK{Sd82w~V|A!EsM8r7}DD(QZ#5v1t@XaLY_V^*N8#hcY+;Af)?ke7)TFp2>yjx>rh zS$>QdEktgQAhuGxE-6tiLFO88N=B?E9!SGWD1eZIEhK7REUZRMV288#b*{cx2K@eC zzkpL??2GtI7$tBgQAvJ$IBF6|Ax5MHEikg5d%UE!Srk@vTm_PlG5`GN~@QI;;uM;&P%`Zk3_@E?JQ8 z1zm0n_z+aC*Q--o+|b|?1h##Y#T_*;xe_KPDg{v&8z{E|;~!e;fEOC0mwALP9ZJOV zf$VWaisgqmN}n1&f#D!AWI-Pkchn?G3~{U+9CW}KR?#GQ36L--0Kvr92x+F6KkCPD zRUrNYvx{jZQn^5;>ehyRc0bk!TRdt-On^gK1BL)wi6;=ubb%gNJ#_SNByMJbiG=yY z1bBsyhjVGPkuZzxivlw#0B_7ftyN@KD(rrXp323mKw-qgS1Up)Mu6%AX(KCHW8*tm z3=|kAG{YkCff$g1i@fm;wAmepsDc_p>HLnkiXFhl-3A_BuL0g;y-^yFpu=@u_A9M*C2%}h{JkhUem>R5rJxU`AuB07z1}f2G(l_Nfx7FWk7a? zxK&K8j*6Gtm@Y1r%Z-P5MkWUUCw7Jk_5lSQi>I|ap|e#5y+=_O*T*8d`64f31SM{n z4KXW&{jmSsEu){-a$fpNx-N9pBMExp+6J;1D`1q5DiWM ztCCq-rATbkqKI~$8e?@tQP9>EP|Ja~obJ#my#^jZuZY?#9vn#ainL+}5!f*7YLW$v zE7d26N5GT|{XAe#l>kq$D;$?Icu?i{qb0Ck1GO~(CCUAAGEe9vVxYVMA01<>yb_EQ z80c+09RVApxoLEqHy~wefVvL$8?-u*eq#F2GMCFrivJb zYo$A(fChy03U|;?Vd|m|GQ&=B>vcW~3V1C%phRm$V_6YBFi2A+AlyWPB#4blV@O#J z9|q;;2I*QI+7t)QHed6o|mfg$$B{U|@)BaXUTAXE7i$18HU|Dy+6Rk>!ZM z_2_X>O=X*K42C!yg2aT2;?S6(g%^p!B@{CV68dCejh^5zIq@2TAcW?I5TGs7>;$nz zoks4Z5Pc#u-5c{VpL<45gm#6lXt<{5Q<4Uo=?MM`DNWVi9O0%Y;j zsiMJ%T!YpS;mWV9&7W|in9PC6HO9-<-*vQ+8Z&M3tK z-859UB`(&wfW8p6!tqWGoy%1_4b-sTzy@Y(F9R2rK^qZ^hK?L@)?cuT8;sMll4f z3|b4-QL4@p!P78GsGwLOXmZ0+O$FtiAn^RkElh- zK``!B8RZ&e7$iJ7ORv=s01FAIIKLT**;sLQJZcd+0>J=MnvwIo9*qMaaxkDwrOHf> z0%xw8?jVBJN?Zq>Axe!oCUj#w3@n<`{D5CK0d6cR2P9}9 z>?47;R@h~tM?!E>r^*OYFd~8u3w_sqr2{s>70{ZHMs9TJR4^>2`JwBMECoFxjp?_SuH;dTYON9- zW8uSmI9ZIB`H`RSaeSZ^B(Nih`+@v{C;k8OWB%Jq0bxh44*vR~O(dWL3x_x{|K;YW z^kNWMVoNka6kl#Ou-s7!d{h77%|!JE&@y3)ae#D0o|Q`xa13f^0EufP7@$=EvKcfo zE@Yln>eqWIZY~u-?_{zpL=6bp%wW``jS?JYhE2w>h=CCrhtmKXM}VaFakN1JD8LI* zI3^^=EmRZT8fOPxOeBLwWSO)^6rDm0hg?)CH%>7HAv~fIo( z70KcPxrkxF$AvU5q%RR3E6DN~gaMt`Bs4;!7Lx}n4-@5)0hZH_aze|HGK>@3ku};5 zBAJSqUPKO<%*bg0okbrP#$0ZNCSq1Ou@<9+8lrikT(edJX;eDT1|b_>M#Mw^9-I#H zTruGJ#(HdSJdO-C1>h9oVuR=yO$B)#t3>VwZzp5~Uy?}P5|2nIZl4^P>@g}ZV@o6s z?(cXAn72?7k02&8aFm4P+j5Q{^iJ1b~I5XH7AqzHpP5!(lB{nFpeu2x~#=MzA$jEsYXg&rIa3u03g zJ19BXxC+pC0CYLckLO8LaV#qiB7tHEx+#7XgDNA-4_AE&g%aB`rIU>lieb1)8QA(mCgL8*W{is}e?$TE*j zpoWflCL0ow5(`l$rgMByruF#vXbKc+1RT|G)tHdg5HYcJDj(E)nOrE|+VP$s!OPi9JM~4wN?8W)t-BaaDMaz=S62=@xwq@Ah)gAT&nQA~^|oQK5|K)=|B$LIqAM#y531(Bdv zPoPpPMr%|`rP@6)J}-u`G8o>N8j3((chn+PvcN_KaPZP-h*DET2;2$KL&zY*sZ5_S z2I5_A3Y$d_1pzT@QVQZ8r6?MeyX**Tjp<|If%zuj6Z_E+Ajc#zJ5_IUMf_334Z--S zM7DtzGQ#4bX5gWrfaOyd42bdZ5mCwrS{sOJ?IH>*sMLbUk`vUJH3X+N0!C2-G+6-Z z1Fkne5z@F37r_pKTzsn@ZqjK}VWNmXE{^L|6iAV}LrRs8h^!?l0iHn-X^9F!fDQ-_ zvsoDi-Z>xD0SW{>F&P)+X#}C5N`Z;U;Ap&7poG_j8K>idZe}Q;GI2o?3o)%;(0xPN zE+Ngyq*xeEU=<)nwHBF&t@X-q7;yH~0s^p@p^Rc37KKLMJ1*VfK!wo;9m5RLLLrpc zhI9IiHsCU$p_q&amlM{TIZ`_{2*-ktFOx^TW&(6uv8)^~23Rbq(wKk+>o`TOk&(43 z22m(O1gHo&i_7N?$h|T*!7OkH^;Q!JK91_)aV-*aP-v9<>?$vCIY5FIH2J^_0HhmQ z!SDeIS%?n!2?I@L<`8s1!vQqQ2EM|9r72lKG>!zh4K<&HCB*S=8gfO%$qKW8ILA&P zcns8#DjJfh$$AyY2}MOgvY*98ThPcdPUh>ZNY%zFB_hAZ`7DJK&k2b5Jix?qgmPFE z0G%BGD4*4735FsLT0AVWdaOcNih?qe1XRXsf*4;dR?1W;$mh!l8gf7{faYwol;lR6 z@B}9mvmhk53ph~|HRxh6fLYBdkVffLg;6QO!}XnV4uxV9`WdifQn^tHSBXaZ2mvt^ z8niq;+!eqYJvNcR6#`BL22_GAze~y}JdYs7#dUZ$kHP{4SiYOV6L8sjlNv2H;srvK z$)+Lzfn?m|rUL9FpoD)w_#EaoRixF@<59#0MSKK@4aGGPHBJdz6-GlFs34|tdYL%A zfDE1cMzsM;6Gsg!S;)xsLGsW5jo})mmdHX0pc_c8m9u#=Psm7eP(m&q0V7fQ&=_1G zPSAw~P7{SE(&N=~hnF9Ht=Tm6|v)1L&Vy z0S@OwjCCA@qD*2gW!n(VudGw_OopuuSile2yUH#-~bT_9a^K;>$x<&3hl69bY!0?0N6^D+D8kK zn2@s%Q$S7-_+(>Hj<8|GBDqnaR6(1FKtPCD=~1+eiWcg00k4e@#8L3<8ZX3^K9og5 z$J%&U8wZ19fa;qGA>Dz!I4c9V8Q_k9lt&{BswH$S1JV*~o`7Hy2UIK?PX)xrM3NW0 zUM2^q!i2&&-R#jQL<%v1VB?d`E``wTf}Kmm{EeB!a*r`A~=;z)?htU1lst z?tu6KEnxEuWY9$vazidm9KcBwKi6u*Gt_vB-i;4Yxi};TT}u_aT|uD%sG{K}H4=%+t7oaCWOm5R z@r7k_0vVdNpwF8~u!H&*5w0f+dn00f7^H6eV!mEQ(9&aUz(ioMI)XR=`yp-Zbw zq(P+`gXYR4APyrZq1C{@rlOKVe81Xa#>TZ&ssZs}flY^qGl~Hm>|`> z8Ksii#p;-e2;ypPg_$dm&;b_>7s7`mOa`RO{i?7@YWMSe8Vp}5)`S=#m)_>r8(cC| z&?+GjB{mGo>J^8g9Ep%0rm#IBg#&pkxC9Y8@{uo*PL!ZfOiB>s*x4Gc#buBA-Atbz zM1Gh`chC|+99xssjugSDd@VbQgP#!l;EZ}46PZL&fIeZvE~kykH3x8BxdtUv$Mpg; zT@@8MI8u>aW42FYX~Yywn1+rW#u(4dR1<_Ix(2f-@mkpf=6lP86}PNFmb?9I?C!l0;~ zvH-I9_yJ;#Hegsvbl8r<#uU`BPy(!vXc;K{fbuqzCNlu#of&MZ4miGyZhbJIl`?<` z%Ml`bY!|(N17v$d7xYR60;0^yHINNqgyoAGBS7&B zc~VuThjxP@q;ok!Hzfa@_J1EgFSdHKu=7m9;H zj9Cn-_;?8EI9hl_V1f@?1x`Q*^37}(--yeY!wD4AOd>@nxS*LJVq=u zHECsRa@?kllRRXdNySu}bSkMx%M~yH63P^s!8?y(HGDD40ZQs*e^`q{B(v3Wg*$*^ z0l|;ijF@(k9VA2u&={hLl7wu9nxW)E;!B`1LiR9fgKyqpw*&G2R)A>V9Kr1Y!zV%oA()UMke#c`6M@V+F#QFy3Kg zyLd`E-Yv583^XC6L!Gw$BNackQT zXdfB)#yx9qRCk5(*HV46lsCe4)^&yZ3)>HL&+5%+*8cO`*qmSYhaC}wmjD3P@6p?8n}LH;|}Tq|DMJZm+xZKlZ52cJ{tr1^;z%I3t>AY7v#!n`X#5H*C%P|NPMZ+}@c3 z+xuLYeXIBXdpq?Xk(c2sBygi?gN_A<{;%8r?*kwM{(s^d_))On-lXe4=Re^}Mm0|O ze*S6sI)zR8ds2={E!~@#x*aAK>q+GB$C+tQEApu1)w_muU`(4kV9(dfT~a&W$MhDk z$Nrv&PMDP`^G|L_Y?3@tK4r^@{>hhKs?R_FDwVXKJGcIY{=3_gGUrZ}s^Hou=QBP z2OnL{-BiDR>E70Yl~acWVdasH!ICyzutZLs0wId@U^glUEi7Z=>>n;4x_fA;jM28}d{WTe>-P)Pw7VXx!RANF0LK-BeBkRyWeW^$Hwk^ zg|kOQ+yljL$|If47h0b9E4O3ir@iPQT!6N-inU7bGT(dqLQ zt1{CT_Y=hL9n0wSFe~wRWuI@0@s5_k*Y`Tz-uF~K`NE1333=ry4N49QU!SpFyCb3; zK2ZLg+%Ngkn&P%!K6H?OdRRPh&ZEBm_4{(uKU5ECa$-Qqm!~cA_Ds6n@728n3GMo2 zo_al+D0#L||Loet0e|-w&HK`9bJgvATSyb%v=^?f>o&gq;CT;6QcTAem;`ldl^eV?bW zR}Ag5Yy9vz0~^FEuKsIauNgR4`?<%oBCoO~2z@llDBl zrA_Zq*{5c^tmQvl51!fHrQMato!-gcTq82y-k&v6)^R&Q)Z@;a#Sd{O?@hKSj+lql zFE!^<^2fJF71W_{G;i6E;T3ld z4DO5#Z=HT6MYDH<=-9=r<8}_cQ&3AgJ%}M*AMGOFJ+9NoY5`+CorCfo|7^XwWB8*p z3+F7mFrwmk$^GpY9){PP`e*R+%bP|!7W5#tBYMV_US3y>cD-o(iDrBKscgl*futOu zEr&UP!C)&`twZ5vGTh&L0Z@$$0 zR8{FO{ly)*s7dtnl=1oE693nl6{wmK893*y#L!C|1KC^2)}-?_OxHVfDMRp_hg&0NsAGit&g!-I7hyEojftb6kDshSu`ym@iO^r_^* zt^1f$f+;F?Y{tW)_&jo-Mib86>{B=3Doa^eck1YP^jc0Rg*>H&CG%D3B4y|bpDLT1t&S%>C z$J;J%b@Vv!4BskhJsbJnPPd?I{n9hpjq|DP-zgKCH!WSJxBUAzEjF1qMI$V^|EOC2nnx2N80*MD*rZBDK3XVH!A=Wl2fRI~5PS5B`{RZCjVx@8L%IhEnC*4&Qn={`$Gcya9_hs1FRbU$>Gb8GD>t zx@)6*=w?ByQ?~>C|Cuwo;@11D{4`zbjPLIoe|Y?F6+XwXJ^1;}*p1wOxU-t&qsGi! zbZ?8ON5aK{UxyHWyuY&UygWkjJyCUZ3`5KcgQ!^sFxJYLp)B@J@#kJDsdp7TQyD>QjZl-{QkY zW~r{~{nsbF9c!>%roH^UwczHZ+|1`QCJrS1+%>jA-Vgqr{o`S5vRRi_Zjx-{tZJ?6 zfyeY6b?LZfz_!&UsIDt*-CvMB_JbW?6^kTxlw3FQ^zFU!L z12lV!4m0mwEz@J)M@=*W!aEH0w1{3Vp zw{A(jdSyLh-`C-HdnRWkqnjS`S1SaY+3(To>0kEbt@gfpTAn;HoGbbD_QsJ7iLPh2 z4Qsz1D_G}wzy4F=i>B|>4!07&T~k*T!8v~ZlbEF08yu?Kb*rP(KVNx3yo=uf-pdo) z$1d*8Q2OrFpwcJT%4fMY^1tNkDhquZHj_f(<>yB#`|_5ZdQd#EO46lBO-6;aG#2;68cY6(RA&utJ5RRp#E$!0u16LP$$B|$XHx6y2j@?(YH4crs5-Y3jh|3lIOJRN(=RlX?7g47 zb3YS?te6oBY?&s`>+mbyL9$=kqJz23h;ftlH|xCV!SIY%sG~c_DogTrPU+aKczp%Q z`mx@|i#3(A*Yr%azTrL|Hg0%fmaxM})~99N#78NC<&z(z-dJ=zf6LP4QyBFgijOby zI=cj%7H&*`HUUo^iX81PJ zLn8;z{yL@jAEoH$ z{p&;EKFZUz`O0tY zGG9NKcYaG|URV>}`K68F$U&LcnU`Bb_Wx*=*=l>8sbhRS{_Vlq;!``4?w{c|t5;_J zv7#M`@Um>){qP$}Bh^76rd$n`jxk)?Z zSG;?3e`4P5^6%TH(Y%wY%Q*XOqdP6>cY*bD(yZ%eig?Q}<~cjvBNggS4%(qUnjl$E zS3G!qy~mc*Yo}hR+iP?OU*7ETDy#NtgC8$XJHC5dDhrI@<+^Ll&+Qvi zFiw_yx41!i-GPQ_$1`$%(&~kdJ?AYNdbfY)YX=s_bCEB{ZP@aoab|;+<@AE@xe2Ao z$D%)*e+q0mQT9;S+qV5zM%Slx{ZDkpFZiQ$V(pugcS0|Huj+iMlj_cPJ~6ig#D^7& z>NjnBigmOoCMni-Xg^r{XW=gJ+%saCu2?4R>2p){yxk)RC9|6Kpmxf(MD-QP2fnzU zoI7m~tgiifxx}y-ZRqH{Q`EBf$FZgzkMEXw_Pal|c=Pbs9HwAmP)wWr_3O5%zMw}Mlh5y*o^;6nMCP6J z?((=X#c>UOai57p`At^O*vMI8xV<-aZvKVg&6jj;|E|H&?UIL^i+7JJrk__HP!yq? z6~DL_B(43$PM!2F>oGa}%+TPIHLa*Br(27>CcD!b3$8!$pGkUnETe}aPkH+CI@{r>*?(4aTvyB|G0J9Z;!Wo>d@Zfa@SaLFNC zQv15StFJzOek=>M*C6vQ>E7&P&ubs~P3{*3yHEcbYC5I(d@EUdqeqQuaIMkgya_9F z?8g=_5f`}I9r!$L-1Fk3^6kTComV!Zk(!hieB~@noi)Ac-_b2As}}U|V}`Zrx^VDQ zVddSXf$P6k;5P)GtXEHdKTUhhJS=B+Rhx&urW#5`Yt0K^43NK*{mET=_SN5i{a8O$ zH0a%>^j{U1D<9_DFK8d1U)6YWJR>iNYM(p;i%tD9Z`JL(Cgj)$d9R~&T?V~>{IB6p z&fh8YYnO7$=Q!CS{Ye;5>=U3 zx|2r6KK$u_dU0pbj`xpFH`_OH;+?>z9~TR59LvZ6Z?{|S-IkGwg1mo4~~S|4ZONhl~kK@e$C5_UiO-2 z>};HI&7QCMJ4B#N;HMzVpkn3sadRdf)AK2jYC1sr)mf=;DI0_j{+^T#$Eh>EK~+9)3+C zrw@MdVrc5koGlfFk=&nWbB7HZv~<|Z{Cr+1yrpY%>#rhsPG2#UCS-nEqSh9$Ab~JZ zj(LCw?{ihV@q5q8ykpk+@%$XpIQ@djw)}t9lezWI^o-QJ9OQi^+vh%B0{7yTzCv*- zZna$exb6M+@7gDK8mg_IRKEL)Ys}R>kjsmXoA#H&4vCm4T_@eGKg|%hc)o%`I3jQRBf!ecKv)y`SoQI7(_u z+%|DN7@5{h+y42EUVe4U8pw0p9k_JN=G^+`sRmV!wX~pY(YYZ-T{@9kih9Myiy(tH zHg9OFmiF>p-7c;fF{ckJb8GU`+$moNnlG-lsaVTC?H+q%Hhg|Jy#4wg<9}7J@*H0< z^38x|orX4S<<@`wxB9}bUw^XefBdV%U~!&ui0MpekBkKySXqspx*~I2Gat=vk@V>L zHd)=v-N&5aFF!s%%=_G+L4(C98ccF(wDk(CB|L9l`mgU;e|6cs=3Ov_8`C^4dd02L zmYeh{%<$w^-BWKpu{Ubiu&_uFArA1qa-ZIm&O`3{NcSf0PQ%90OQt8F<2BXEIw`i_ej{;7KSBNCl7^#qqWCi=UsyAuQ}e8? zqYnLrEB>*-O8D50Y9t#uaz18MN;q_&VEOHvN>^ zVkxoNCf@QhdvqtSH{w6|<8s~+{}b+~jN#-#${p4~GOX!M-~76{b2PV8yc*IB^Lu1` zZ<9oDjuML(z1Sk(Cf#1Vbf9eed&r@Uu6H!eTV%b``-!bzaG%I-5R^+cFt;W3=>G21 zlwo5E*Pc0*zppGC-QZGA8V#%%^;!DFTIZ*(Pyhb3RdvvP|MGsDtb8c7!GV5W=h}bY zDP#>ZFOWaZtlFLU1hwV8{=oAN>dDWVcVFOsUh9j#oSix(<ydsx+%KH{<6#Luux~Ce;sRTZD>?CR1k)qxMSMyfBHV{NsGI;(()E z|MKR}#JQ}@Es`u%6qj`txV52I=ymQgT~vJjJQ3l zq+rUAuZbt}g5jr8`kumbH-&p>if61$8J!BxA$38 zuC`nI^RuUxX7w=q`1&dFI!uRcUmp~>R$ZMF+PdO^uja*#!G*tIA`i&!F>+GjbjJyD ztIV&pcRiA|qv|DmBKseUUD8(Ztp38))=tS;U9ij>ea;5PHQ9ahm5$wXyyx=TdfJ2T zoo7zU#AIg22jbM&hlYKa3!1D;KPj^&ed;}7xAp+H-lS-E@4*bx*jww4=QlgObn|K% zlmN*0Q^z_US8vE6P`-ZlK{`3(-N?iHq9c;8?c@BRzlW+U+uM3l(+S^4xbEz?zimkQ z`vE(r`S#N(b6V#0Odfx1O1FIdY3V3_7AkE`!#l9FH9XlRZSBn0lfTstB=sq>Js86q z(V0+^-u(Uq&7KL06O)5-u*uKixoNY8_!MBL7WRp31Ia`vRRyR!}by4TWcM<&00 zkanYXUc3J9&JR0AN+^YQr4)>cyz_z~V{KU`b%KtRLb_S=RMv3zx*eK*%p3hj1%8h0 z@}~0Qr9EkrnOKLhB6}_G zNSDne-mLK%KNQml#b?(wJIQ{A?%$+cV$*Bgh6lw-om>n1)NCHXBW;c>KkQ4MDVRMR zT&*)UQa^9IMVb?P`=^jLvsQ;~IR-&Si%fj+t;Q$0Tft@=8dLWiBb31kw4zz=0Wg-9 zE#n#uP0SY78$a7H1UGHmb;$ERp@+G`*&j#CUwdD(j*6cb^)hf6YS4r@AJw| zjM{pmBKooV!n=6x7F|vJnn+Y0a{a{nko1anCtinrG7rW*SBxzS`aW-OwCe zdct?5<(-R3?T)f86&^=Jk>}x$Ok&yDgv=J$4*I#Un9tlWb@y?!VdjB_+GT&Y-q-{R z(aOfuou(Xs98X9YR<)>0ma|!A(;W@*BXcb4BH;%`F?*k}>MxTIX%_v#n{eX=`gJm` zPm@yTl097xw@!K9!bC`%?y+7%Q~r5({$2eu9ro=J%+@R&AfZl6k*#g>SabC2i@}=~ z@APeiXmw`O1?cK(>KUf2&+J*K2idd6dC!c-UTaAFg08-cxrBb*^WI11^i{owG~1W4 zIz40Defgf5rdGtC`B~&Z_11+`%L+;shKl~J5Hui??A{$uR0U7SH)}qe8P;N&!LwSi zWFdGl#&-Rx|3c~v2T$bpk(~>UFWY>a^{zk|pZKx5MfN&M1J3Bz0a*{qqS)l;^Pco0 zO-w8<-rq~R-+Hc@(~~w)w58AftMmCi50r7r$~r9QTmAChgsmMcXG(^b)lhb$WP5yu zo~4Gtjs3@_{Agb{dj83lJ2mRs%d!he%g-+ElULTO=Ih7Vr^dB-y`smy@qN6`+AcNq zza?ZAPiSjuvVLmT04TQhY3JIbyE^gwp2X^$j&pBh_@OLRu8ucBd^b&R@aiUX1P9^* zMyB5~prQ!o;zdV){Me1KtgEw*1V?_rOswqHQ%bKV8q{;n)Tngw^U>|!je|3aL81Yq z!;a?<)-Buf`dn=){)&Inek4J%ZEA9lAuo~Ya1GQ})x%7i#vXxUZNcb4w6O!c&aKbi zkqt!&nTLD}lQz^usZRp)sf}LUNW8r5R9V;5tut4QDvY6vP6*be6cEUFwh!|r=j{D( z^bPoKFNfw2?FK)3=i%&I>OZJo${%>9{WyLHvnW5TU7_3!Y0W`zcbRnY{m2@1-EJPD zO(a~HvbkGTn}5e13Ab2`KGCG=n(*bm{j;85&7QHMvA6TichxC7_QzHh->Dq3tTxb{ zM5rz{SGVk5c_DpWvwe$Zj^vK$*>jXBsj{+v?e(g4gZVQ`zh6x$n|@-_#ni%?x$6e2 zcB%hawyidsxbpdz>?L;}^!7S;OZ{uy$nEyqxvNF9>eNwYL;^wavWaC~=7 zS?a-^+5^)5d(hV(fsgj=%7!`92aUUS&@=v@YsXLr(0EMkO=DONWl_dUAFP*&ij}kJVJ{9CJweBe(X-VD_r#JHJ(Br7!)Q z)mYqmdUO)5RnFR-;F!qzKfSU^Jdla8Z#m&&7MVM&|4Sh%-#VzCFm^=hkhz?FnE~fPC zsy{Y+4PV|Ic`IH=P59*Ljum9R25;=TY!2clewuK8=uKUEDt+dtvT(GDezwI+9O%Ti z$fP|qzQ5ezVp{GL?^y4o)J1)Z+IG!6xxMt$`Ou{UIt}SzYT-uh0ei`?!0VyvJ)^oc zGH9aL&VKr*zbNM&U-q_H^4-2m#%$bD-#oht>VbK~hCRT4WMyUz`|@mdI;r3&GULp?=vmC+8h481$Idsa7dszVR+D0}4O;X}tBo(W0Zyj4AC+ut$g z5xb{$5FM$v&)n(dm7(=9t=yI0-;c;4j>_#|@<%!*?tNa_JEe`eF1qqT z`U!OLtjS+%Bz^krf0rLxGd$Ej*uB^6cZ|8^ ze=N?*Z+bVm)9y__Zhq}W-wOZocZh<62%B;n|PAlRloA|L|?* zao@A7zU!8wF5-Dpp9tEQFEsT!HD~0-5xC^L+e<^dZ-uo((oPi|?d~i=f2$hv(Tw&z zI#oI4SYq;=!HdVNJqWLdAznY)ynp24-giS+j<9`scJ7t8Y?vml?0o)o4{5wXbkep) zF!b>Z%*G#keh>YKX=3`NLA3UDb*p-{1WTP3FHkpGKC$+dM6|Jqa~%<5OZwo9Wj2+s ze42@(&)w8GJI644^yR89hxZ(-dtWtUDmTi{9a;Q=Tj08@ENNG{dYrc7^iJ#kT2xX{ z`}%IDd&!kq-E9{d#NXT_f9gJMarbi>Kfkc1tvE0RAQu~p)-Rh?!CPxSGIRJ%gD!h^ zqsQ8^l(d3W<%)`tt~h!tW1^&l*0}4qokeK^`l& zklTKb^%F$o+h7u+8jkE(zhBy!qC=HkuU60O(xomV{l;g2Qk`mDhvr?@t-15IvBya|s4ershN5YIcE&b8wf9{=O0zas z#vM#3Ejm+j2Fe)`edn{q6@yXttEcgH-|r3O8Qe0bkB!+IhfG%VYbn7J@= z>pR6zxjFHU&_gaxwl&^;yeRWP>d`5a{{3T0N&5eaP#NEK%G~^wO*3I=EFF4}it27P zsF#_eZjsqEab~lQvm3R}ZbE^~jd)$_hABU{V#h5bR_GwVT$lH~ zRBsqAd0)EYhxcCd*o4jr%}R1a6(63Qx8SSQqnocIF7?r}Vd_`@c@I5w#Vlg;>$7%~ zw>PW2e1{b6L%o!5D$9RzqD70+q7@an5J_)6-+4U$$2MYR_T{sm);{NrD$4kE^y;#g zb7u)x4m(;$z26Z1_{7SwHANq)ryi5c48=cunR#47YS}GNwrco;x_6EGq>!rbJb632 zpkLw0XVJ=Q3*PDf`Eq+*4)qej1YAO35EWs&3KbbL02b*K!IC(+s&kZ0L)} zo0g{U>Z(tku|wVV=DKdItnP~OEo-`el=M92Ju%39$HUc9IM@8+er!D$Uq)hjgO=&t|X5ZOK@6aQ9{0j6*D!#km-@g2|+pYf(b8i_| zW!H9%3J3zy9Scwq>F!2J36U=8l5UU&Nd*=nNSAasNVhEM?v`%phHozK=l%|`G)_3 zKC^m~D;_i-N!*rXpxv4x&{yQsk{es~)y?tXIE0NWn0&x`tGEB_JJyp#CyFwWG%U8h zpHXF>hwS_AYAHW-Nc_s)NU|EMVDkzr-@8dM+2s;vBSGw_?hMB_95=QW@lQ;`LR)J5 zv~<7@d&$bj8>DS!SdI*PC*HVR$(s$p3KjicRuB!d!z?80=*gq-eB zQY0Bx5N)D<=$j7Obg}NE?fXMKnpZJ-6Zo^D?k6}lpEq6& z#fr-$3(>r|a(i{P%db={`RH2UtfH{*A?)PpsGPs)6Vr{qxe#-cCWijAWD7m^cJ>vY zE#`G~;uw&&8BZSVB(! zLni@>U4P?X+dpO>0l0s{#gVBkG$-+_pxi4NZQr>>YU$4OS&dmXTxBpfYA{n-+~W;;qUi*Gn!dN%E#vc5l9y>Od=2F*wI z4}OXosPmCky!=B)zI)TA!*iVBFmo-Ej8>~HU01cIS%BL`Ov+(`y6lqa7U_`gl@cOQ zh65#ylt(oaw($)zd;C3iL84t&lb(s$=Ep>24lXa$A)0fU{+Z%*dqr65&jSl+Zv|h* zj_d*MG_AuBmKfyR`!ZI`q|!2>G&Nh}L7Z#{c&y5Vy%!KD^u`VlON z&G1!rP%Lt1;@+GF{)Am3^-A^`1iNVpI>0LaJ`aDA)Q)bicyN$tQsqNkGBXTRHGUQK zRM*oPnDMQ@(e*%Jdb}J(<)ibH$)0JN;Z881H$cjGdFtRxiv;PI?INMH?|iT?)f}jI zQhi+*q~b;$OcQze`2Krd93zdg>925Cgv>JY4hHK>2L$!x=7_xE%tyQsGN^uw*QWus z&rdz?UgZtfBOE_GcKz|vlNZ6;Drw<~{aRomjE89W7 zhtNHx*CoSh2%H_|obB<*P@2JV7d|~+JF@jX(U8bzlFDolB8cyg_Y{u4dhZaN0)+B$ zt1h1?oA+4aLod4$s2?rqmm=cj%4DZc*{wcz@&1R3LLQTUdtWDlHYto`{{6%F{o&RtwL=jTCW>L`>ZZqBIOfU}K4=G^HP)Z>7ccGU~t#oB7UkR`uN8 zI#Sj#q6D7sGL+gzTpKa)dO%Bcg+lgMM6x>2F=3S3F$XlpD>fyb>k=vB}`M=9bB79A; ztQIWBgveem5rTc3L1Bp<*3337MVZ-J9%T-zu|b4UEyXWmrbv5FEpat^Q?DJ4w=?7% z2tijZM))7X`lMd6vX54M1B@&iq-KrNEqB|0h(J_A^!*~eA8n0u=&>tH2^HHM4n%IF zMD_Jl>GUTipT`{nl;?YEPQQ-B$&>@wE#qyFu$7mlTBGrUEf8U?!9kqmX6w%}w92Gx z`gZhg0snh>1LA;*y+WucjnIn$psaoj|5jE|dyDoKnn4+*ydd z>cK*nT{2Sj0#Z}sd+xG~X@M)<#`d=(?rX)Sb)Lrp9+S+G*FS6-BH5cdw<_1F&|q+a z5(cq08ijh>F2PNQ{pVUV{HK3rvG_bsa9-S15EteswtjQU{j(RyUvM?8X3k^4#je|y^e?JhC0P&)YdNFt6U0Kj9hKjHcY55Po+Q^ITLma@TB zJhwU%O*9cw;9d6ful}U90Z2X0N-krD;hk;=SC%9l zvt+{WO#!}{c&YjyH2^Oo_{yv;TM%60U+mJ<1Wr2<1Z}t;c-Jcfm$R4yRMUk>Gm-dj z^Dx0z4KGc$;EaARaR8Ps#+#F7!wb|u;O|tpg+l;b&OQ_T$Cf~+9uIz!7%lt~coT7n z%xVP$vaw8`{QMqp@514|q4byAi#IxY#1vkp!Z=WVb$!xOuLbXwYlUm9^Xx@#(n33U zD`$@nz7B`|=%e9~rPfRL^CD`5L%B~0zHl=?ZYPFIUVdu19ma3b6AgY0ll-q5OX9cYR!_3q(fn#o! z@Rk$3tB1dh1GqTmgOeOz>STHBAqIY!*DL?^XpL7(Q(h{}_SVh(oXJ1&)D3ItaRY?1 zz#9k&#Lm?5H(u%g#Hs~0fPrZuKAw$6(jH3$L~(@>l9iXptCdSH4{e;m$&LJnG-2@a zJ(*Wri&@MdZwtp5yviui$6oC#+eX0=wTQ5iR2PduT+o3OO1*rOfGA+jB5(C6 zP%YkdyVIVS(ZGan!jY}P@>k#5&E2i126wKGAizFeGh)tu2Q8v_M*0WO-x%r5=lJJf zysfLYZrbn4#&aKOGHXNv0)eR9f>Aa2*BmU`$;U6$;ngh!LN*Sz`WYULAGwpx=#ZW4 zqAIIM&?{$oCXH4=b;L`XQz_HVAkS-RRQ3j)gp@?rCaG|C)IxSi!T#px(rK>glK3}` z?8gsi_&YQS7PH=02hjE50#>SaDhTrX<HGcfe-&lBjywt|u__pdaA-4aB zdW#eP8PaJyqSPJJl<{nepxaP}l9X%0vpSLHDfZa+%}wV3V1LmXDLLI$FUk@v`_&eXqXaX4Ij<%N(eS!oT2nh zdrr`|V(F&YCo}uL1Un{ApfK9k=auBmTbJ2x$uwmekDe=hBa5g%Q@M{M9*w%AbJBolRPdVyF`M46Q($235N-{6oFdXYz%U`}|?=zFp3`#Ipw06rz zltKVMH;CR_1FETpK%)^a>MK%XJ^e8Ro9da*%|(viN<6#qZ@_^BIP{~dv%PC7nKLfP zy~{F_8ODClBe#R}RgF{o%M-M!Z9$CJ%0A(bVUY%Bp?9?om(N6)l~9VWL7YPy$zEoG zIalwBEXk-Y{mpD|xKxQye!&ry%DfLxh}PO|^f&+e8O8^I?h5;yZ(Qzh2x)Y`C8Mz# zlZ>WBYU4i`O~+&4vi`(f`SH)y+T*dUA&RwaUhx*-x_8uSn>CnG%4L6|ES=0D9A>q zl2vvrZ&NK7!oY1Cp~m?lAk)3UROFF!WpdID|+ z_jE|sCJ`|kE~piw@ZQI>G6%EHr(2tm4rK|*supH;ZFfJj-+g_Wasc?)?t57|VBrZx zd`iH^_}{#H`A0B+fB!${=P*FQAi!|ln;`@QfXBfmiX9Gd3_rino9lV0*Knx6!S1Zf z48Z}x>+eoQzxANX49m(hI_>;mkAvxGU-tI{vPDUP$W|NjN>33VZvI@6hSRorL~WAd z20C_^Z-;hgA7u5$;v3gjzf72kAk3Qp%;9_v6R8G2rKw6o!kU}f2aInPySf8B+43Zr zPZBC{kY!`V)2_bZ0B-P@o;XbTioV1|dog&#f~UiG` z%p6%X27oB!;W(mhn^@} zj{Dwpz7FVMpqy*U{_SGEE8uUEKgxj3-gdk5)HvomF}<%0Irc07maf`=RYs)lu(td9 zx%}BZ`_RdzD~SM6&2G}+4jMA-;Q>cAc@T*{sOm0e=?3VGx9NjycE)nyB(udvW60Va zsoby)V~yGT{b$;+)^gf$w`Mzk)>2a-ja%@<4TAoBhq~ zps1m9+=S+bRmDz)FKibc!TQ$P9K@zOJTGVQ>V|E0oe5ZUw3-wLS;aXwU(-Mo=kElS zb9(a@3Zv)|y6ziwf?VE%XkG?}6EqZLpi{2INcgDF6(n7R7{?P!Q|g+?{&R`mjDw5U zX_Sw?2&mN9FUJ!n^E*DcJ7q|J*Oar#Wt34MjaP#>8$8+s-8oC~3D2N+HJBYlrS}g8?DST)FFAjGr4@zV)eDnA?}eQ3 zbPIjHw<9r$6S)>?f6n%&CcHSaQ>OUIFfO*1L&ejuL=&URqG-yff4 z^sL;Fo@9K)5`c&NiXOg^3fCmyLP?$AT90b_L5}2Cy?V>t@hdH*dR>#*qLM(Lq0}hL z+;?wShN#hgIG;30_ytS90zvD@>$4gsV!2P7eBZPi3LFVQYZA=&1so_zcNf-M2MmxG z1N|K+H2ikMu+Y^AQet}($KDgTm+D^`_1u&Jzz^kRg6Jz(sgw9}95zqn0Se*J1s6u36nViUTJNi2 zaqxd#de`p>zLcSBp=Y!{Lf%Dqt7u^wX=4^>oM~QYp!skmxHMTfh_zr$weEB79^YpI z3(h5kv?7tev0}l2*Wy1sg}*9v)bD=654P#Mcgy!y zyQ6=l2=Y=2djx(s6fwapQ`@x|q%h`oOf^QN5Pu-Tsv)`d+~>mqi?(kRet31Zbo|<| z==s==ybck!$B98VNm^e3bA0zp#z?B0fJf*1Pu#bi@4G4boGpHo>Z_68lPFr-0S1`K zIz}wAg-@1T3;ys|tTX!oiC}<3*;a)&B4BQx zkd+M9^nTc<EDwc^NG3bs#Kd0Nr5W(D}v5L3w1(6@VApVVPEtMW@ z{>ugU8|9K6J%>2SyOrDr1y8br6Fs~u5X{6Xybso89n3POeP51g&9Z>$o?i0TTEZe z&_@*#NQ$BnrBI~)9_yTl2QumZXIO3&1%ixtRRn4zY8!H{_g{KrOm(FAA3iU7i3Vw~ z?#X^i3mW43iVH~8N$a>meWS3yahx0jrT{z(M=~Pa zR0in-U=t}sm7!M-Bv0*GB8OwZN+=7pW`Me+SKd801)jiYz$wW|-;0Qzu#Gu~vQw&x zi9DtxSd^L!GzJCa%GZ;+j+5f|LqvI7?Or`5~%_B>bIx8T?rE@b7lsR|@WV zxiPdt4JK@)qCbfN4oG}3IdF}F|AtSv;AB3;->=pF9?b-Y2TtK(RfgXs_{?(;=|P33 z&`;ngw8^thjK7CH0}tZxurs;<+zBiLXz*p=A=H%Sud#uF5BS_K8bV3s|G*!XD~7=q zig={O_Ddp^6m-rLbO|va6GsiDRr{&)!b*&w3@&q@2>9EWbq(+&H%^;}xFDSVzo zlmt|E@xR$RDxeub5Dv2n{vHkYLinetZt%=q_n1Bt7i5^&41gYn{h3wwubsluGte5{ z=UJ@0)P{u3Lf0Iwhmc;fzjhM;X7$d!?*UUL;O_R?c=cD*=18`j{Z&D0tJuZ$^-9A* zvv?$>@SIVY^D}f{$Z!ZDx8Ug{`r8ZtA#-}wPXMk+6rY2U#3wvtkh!$qUY|$NDLoSc zbY#GvRJxBO=PgmRdLD4D0NUd1v|u_0A0@h=OFbvO>TS3{;k*q{T@K-TG?7fnu;Bgq z2IJ09T-!=<0X*bzcp4mKCT#DW?NA zGSINoqF|B*!Z8T09Ol(~tyP!dwr@NBRyF`zUO2)1S{{m+1JC@cRLn6twuEhmGmzH@ zQW(p-y5jN5+a=NYqFZ!?U@UlxkCLLQR|2A0#CeLq{dsa;7!L9Wr*N_N&7lJ$g^@WV zoE;m6Cw|mn9a_lAb)-%;togKHxEcaT1A+oKQ;?g8q+3!(PE^!G1G7%nGOr5^cWw%! z@V{f`4IJ;W-yLg@k{y5#nq=G5ytQyz#ic2HP8#peVA#_wX@ed{21NIatZFv+92i7& zKygmVH>Q*fH{AkB#UG&UIL-CSwuEc?%Q2jX63Hj;+F=$W0-ACx=Pt-tySL+$G()C0 zh%f*fFfmz-)q_V_*CHM8E8%qM%M9IM23%bmHXJ~;Ba?qhN-c#E!=!@n=mqq+(I2;L zDf1)p;oYBQ)T$?H-U|NhKJx&m8!UPZ0R*qgiY&E4Fm95}4Z#dyU*84>0&QaQd=q~0 zZ;QUQOUi*+YFyum&Ie$n_L3$;AwSEhl0sSP;s(=J_WN6KSe5WP<>L7=`rQ@0(F)lHRRva%U2~xB z1fOcNF`~*I8oeq5SIm%bs7JE%Ge#@4_qg(|$!IP2QDL>;U9*>$DF!8#{~+e2k-e^8II!uuiOCZAKhh6yI=!-8sDVKe!V+0ggiA%Ym0 z9|8MteC!9ax!7caz!kLpxL7CWU1r>rqqr{6KD;wZCtd!~mm#?+3VsC7bvuv+ll)b$ zI&Q5A+6}EjyBmc-x^(mlmSJhK!#7}XohE^$-GAkt?$7?74zRw^Xu8{&7G=v)(|uU7 zh`)T+Q=#lDIdZwf4Gz$>P+zvuOzRED@ z(81yz!+U<(OPsec`PkHwSJ_6F&*x#K^a(7Ym-x`)6UX~`JHFp9 zM4fRD@oAJw2Pyb*&hMK2DOb$=#DwattW1FJUh9}h0$>$v?!8aFlG)|#$$fSC!W6{8C#SwE~tn!Eo_5k$aOMu#QE z_O&JBA`Nlc6Ok0Kl}LLMk{$k@R)NR(ix}7v$sf@Ec;~KfUd;0W?Hxp$crfTyHeZ4pxoc_w9 z^Co<2LTXwLXJXfym<`>Nr>H%airC=i)-0d9JvK^p9^4)xL#*3zQ>6vZ2o@Hpy;r|< zv7mclvCRi0wuIOR^W~P4pt$pKhnPu?QYj<2JZzQR`4f;O7X7vx1*hY!)FEH!UW=dbb*jQ z{fNe&vcIQSe23Zewc+B`MUaM#bJ7}3?5p%R6}~)}yWRN0X5lzq%00-gPy2->O-M?2 z)aMULOo5iZd)1HIDiW2N8IiS5D?R#+;YXI0)>=GNaxcPF?G*%DbgHoGL|LI5ifQRD zQ^$G+El&WE)poHJRgv(m+YrS+K(ClzcV%k--^*B~AWGXD5|@z-lQ^~*vW zB93H3z@?umx1=}ff@UsU7er9uy-)}qul#t2lrt0Dm_O?)-Q!HECiAMl=o94pD8#grP>uAjvh?5+}_|zxmiR6N#9A#Jwyvg@;+N-2Lku73YVmG zn@@9_Jgx%ham7V|_u*zRN(R*Xu*4LvQmLGWJp<3_MX`cc077gWqaSuZHD|a9e&lux zePWk`3?d2{m7UhFFnPT@SEq7k^Ok~7RM2(TesgwQM;NAE&kcSEwZuYf_k9m{NT>6X z5hy))Y+y@JRepsdUBhd)jN)vbnKYSr3}3IM!T+th~7Z5O8*GdTia07~ic zJaSl|N=A3ZTN39?w#Qj8r2SazqPWFjXxDnn{x5_fN?Y+gc zDf&glM!cd4lYcx;5rTt+a!H-F<120xKqGid;wfad{OViEE2D^0ZJLEifJgW^G1yzb z1&#CMa4pe8x$l1b=l3P&h1v~7rG}!d=-{d##yY&W$$6Xaio59JHnU)cUT*4p+)4Zo zWbiV`i|xjL!KnQzTNIkFxpgw_wA}t_kv+>rmr&~EkUp>5XT+QTpc90mx>>JWfE7vm z3kdBsA12wFV#p`*bLy90v)*g7Mb89k7E5}pnUIG(ANr68HHh=*%B6t$O|<@z># zHjqL7i&YSdI^W?WwvJS7h*f`QWolsB5lph1CZrPgH`d78Oyx;N&^6z#HRqb}99Ax| zkml8~&2v)2GI9$aRN{M6yBa9i_fNmlSTie+=U@vZS%<6p5a0M@3{MHAKBCdh|)Qb_0B2VCK*HH2XPb{5wMi=P@bFzcWKaZfL-JB0lOlvaT&~95R|xT3#h1u z)3I67Pon-jA<|iY0?m7XTg~izUt-JpYy}^F?tcFD-MnC<=RM2CiJG}5y!iNydU4q6 zZs06e8ekj3sxCH3@Qk5ES7}5$9^5C%+`pEw2ux$CC+jG@P0A%fk17F)9R}3O1TnnU zQ#ioyLkfseZQf{p*sF8OL5AKJp3Rd_+TUH^5)|I3#jBKi-pa~vkCMtMzQcBy{{xCd zAPBD7=AENasdG5Ac4@aNeeI;gXodHms@Lzgv!!~CV&`NuxNPRgvEfwE!Cs9Hb5lnC zv0z*lP&9653bYAmEpIJ9)W|2+0_vdDZfBIc-C|=>(LRA#`pFYzI;Po)QvJvRwZaUb zVYxUNRb;nc661P5^Z;l-IB6h}TD3TPmgBGHG|P)-23InhZUYB9!rufwLTp@ipcTMg!JOZ89Qt3NYW=;R00jX- zR{h4JcrZpAC?_hQ!PvtHRVe>ZDkP@c^~Q#h3qBW0z=X1<2tWy=VM}A*z2VC~oQal3 z!0-`XRXi83#o)W$w`@l_$r3;w24W_nj zmneG#rPveIxqD?m^0VT#sKMmS8dz4z;6`$aRQKe&{GbXEtNUNXL&DF)AROT8izDiY zvlZ)7Jj!$72bNYbdFqcq-EnlsI8&|x4NGj;}11i=``ei=*ZoCV{#D_Ue*QjEXT@k~B zh+q3rU=%$>68r7?>0SZr=w^|-bDzQHwA{I%OER^~=%v@pz`$z}K;ut+sFW4S_TP0s z)Q6-0Qx`;mR}3p@?~OV~^i@4G8>*x#^`1Hzz^ex!1=27igr1dF%SAe8mUtgtoig@O zam!5S2dUveS2`69MoZRSW|rIUy8Y762(KrVNfn@&`KKO7K73ES&-qV9j>0>KY3%>p z7tKWv5P)_m7yUC@oVF|4tMVo=Vn+rk6)#%u?+RZr0zGDsu;*F&`{4{gbR` z4uRo)0CweRmS-GMvT9eM0Xx2NmLDieai75Tv0 zip`+)!5V)J?QRF9VpT&`S#0sM*9jc82gs?$wnA3=45IbW)X%I8lbsQwtQm6OjN0rW zQ-#!K2mHlZHOR2AF077W;4?Y(`*gb=c=G&PX*;vgCVm0Yu$`I6zq{R0lPK@uehbLg zGbuSC)fN4jx6Yej39VjPg z?+OOsd;0!NC#q)i>PD&lZZ{q-R;16S()8mzj@z)^0RS{9+rE3d-BWcQq|GUOk4p8M zUfp+%1H$7nj=k6Ux=WI4ak7BOLx|Oq9jTMNW)5%DO4*^=1uDucSp09c@c4M{AfJNZ zfFA-fs;~Ag+x>)c32taz-GDU>Q+$6cGxW*?=)54{QDK{H( zzp`HCCR6Ee2+#D(ztXAXmMiexflR}>SRGQn@)H(Q9K!DTL6k797f;kd`2-_5NJvul zNuv;q`5Mcq;Qo=Dt+CiBS*`0~(RQUlK6)sTuz<&#c#3C(<;)H7HG5at$D2H6i3NiY zn2S@+1M!z5rv2ab$k!%cneHt~iE|QyGR9ym*vU3zm3moX=VFXS`(CP>GpBX^)fF!2x+_^pmGXo#8=~topyldx_D# zIvDI0o0Z;@0`pau=}h1K<>jUZI7jQd|!2hMzVw$o%{giOmYCj_b|OY)ICpV)qs zct6)fmHLm7sNqp;2RI-|-1zY1Cm;-_`v18GW+(d8b#Pi+qb34836>;`!HW$@jIEGP?OzX9 zK5>KS4oX1XmPYM5TOYeZ%0;(|+lFfqXA|U-CnGWAS_M+R%+KAYsh}ON9 zjIu!yXZ#_7MwFV%%=DAtnPu)wpjtKf?i1V(`%nWU*Z+`kgu0H(bF7#`c z4*#YWsagt)r4|r<_7=dqJd(~J!7*YPKbF!cl7yf@1t7`oOjG6onfBKDg^u6o46Oe` zv0!<-t@;)VY9&u%5J4Px5sT7^`?~JMvoJ6MDp3B?9B<8Zmo!CfvQ0r}K2V)2iw%fR z+N@G=>En4SNnjrY4lH@AG{Xk>SGekr2PylEY%koVsx`(cR!kms!f#5Re)4%yyHKwN zNEDoCV(Z_4N1e1Ft*80-?rBPX>>c1>k_kV}gBUB1PfX-TC(0A2d+3k`Jr#@L3-DY! zyr8G9EEt)?5cP^5z!8%o5D@xJrGQufPYbSp*IfjoXNUV6Q3Sl~=i~GoQ~_#6D(IG6 z(BFdqzoU=GFv0L6+m?c4J3}8Qh}qW@7|X|8;F-aj-XUf*$WCr?6%+c0AVlpRZbbH` zpHgyl>x9pGpF9IaD2Kq+=$;p#ilf=`37>C5QO81yfUWqSBYCG@_i&HC$yOu*Hq~(Z zXbkw+@{xP>pMGmqMc1^=GwuVxeRHCt0=Rpn7uZqI;*!}0#eOP-s_pdX5kSUuu>O6* zU=6We(Y}@hGmz78g2$9Inf{U+S5acen_({mxJQ%ZG|Zn7UFn9rj%0z^($knER$M;U z%B7JMx~131AZkSG6iRr5WK@|0&QVX2 z`zH9v`9C%YBkO;^U#Kn5mxLUyzi$lS9`HBD1+UF@y~726l8MV@3Ci;Q)}s0`qW+wM zk;6>*pN{%}ZTKUCvbndgBD}AT3iq!;=|Sssnx&(qT;~%AhkAOqu!-gZ*!)-hmr@5g8 zpOeEa07HdaKE^^?f;Am}qqrT7RvpHRTH?%LQ%3YC%+xj>qcsU+fUWbx-7Y;SI|QkF zhtxGrP|5PIyiW`^a8G? zVKi6#ew$A9w$4JwJh4V=<7D|Zey)@eu2DExXc32TAP-xOyff+fHkf@&lFbfm$@>Dq z<;`Ce;UP1@tE)GTpa?!V=x^2*%dGPjI2a_Mpg}@n){nOEH7U8sw2lco2gZAcKmt@0 zFMxHM%c@443dmSi=8wJusuEy+Jvz6$jhF@Qdz*H%QT!Sr&ZNS~p!k8X%x5zJk@zLh@>fd8lw3TMsTp;uAo!%o{06*^XQRkqD$dGRZI* zdFz!NcvW;ckCX5Q|2h^)AZWlh6b70UJ87O({?ZgiE1(#|WOZUn;3LV2a^3}KyJa74P??f0gvng? z0=Ne;;fo;zpBD2a7`M09<-I})=H^X%ivLf8|9m-Sp* z3KC+txSdj!exVtDPZ$`U$r3(%m>oBE?@oJPlw`^~{k)-jf4%Sc&x0h-jR7yt*9({X z37n@hu7r?v^4<6-rS?5+b7={8|Vx*dAcPCd)Dw@H3C&S2XH@l_@&5xmlA4TdjF<`-XXyH{`aWF z@`sJ}2#)nV?wqf@FEHX-u&FrSFx$`B&FmaqZ4zf$3?jU!`dx?eE&Js)WfwgP^q^Q- zd`8$Y$(cmpO#zqn3vbQ!Yq_Y@o8=(Kd;p+H-hrrB=bAH@G}WoVO;+3VOFYZFT1w= zFm_PA_a-U;GI02bIwT8Lo3O6kPT_OylZ26cnu7!o`;&m(#oNlNO*zIOy*3{$+u>(NP*#+b#$a&8hy0LO}iH*K0dQzZ2e5@VfEx9-6)E4^eJO3 z32(h@$NEUd;#>R*|Jg?84MU{K7|#1tu7Q(q#TuD%a=XK|D)i8L0w|IZNy+=bb_WA! zSPeq}W4b+r4?o>@z8;GX7>~rqFlr2Nl>n~?=pcf{wL2iEQ$)DkH3Cl<=pbNu@7Fei zY#cf$9ZnLp1^fNG`PM_~>a?#;=5G@C ze(Sf)GT13lG9#DLzW@{B>FA>~`#|v<&ztxvk0l}`m{z4}Tv;e8TI4SVQR|r}PQj)ydKTSw<|KP(AN1~wMuqIODn_xKy#BAwlD79O@j^6GQ5z=WVz>c2mygIwzydw*p3 zVvS4yjb=_*w7uBOjO>$o+QU8hZpE(-Acg`WtjbxTE62d6hJWVw%_ZQ=P^1yFyqj{k zP2@f-t)ve^CzSnD=WPqT2`SQmf#QTi)A0td&MRLzE-Y=Hak!;T^ZI?!DCUodCi3HS zV=!&;kUweB+Trd7I8iuxrLyXaz)pcX9r(y=w*c?=()w)%*ak5CblZ%jRiuOg9`s!u zyypRkX&?gk4gq$GLk5DD$~qVc7>6bI2|Ig6dUhe_r$o!|K995#Idiul6~8152T}ZBy)|TwmM9mBRsk2k%W=jAmO;tPs_?xY9&^8#c3m-`(T@be6l;8 z-!5p?EeOmh2G<@yN-kbKl%B+fcDEGWrNU)v5@5t-5N;@A|%FwJ%!Zh>&S_ zvlC3uUm>M~Umbc^77ZROW6rq6p-0{m$F6!uBHhaZPAY^N{)gB`4Mjt2nJ+-`!JZEy za;n$S>#ec;=vgjXbeKQCmVIG^T7$mqyw)4pxIzO*vbfspaAzt(;b9cm&#s>1h{D%} z2-NZy{q1ofJ@MIAkneo{)3Y%@WS9BYW-gE41R47l6uJ~5(yM}71hsG3kSZepYu`RY z(YuY8)Ac?PH`Tsrb8pYEoN!P}9F&8K2>JT0H~TcozPy$uE|3IU4EX(k|Ji2-mhi0_}^%}9)1>7@?oe%`1&~mgSIV$*4znWdArNIgZ-J_ zsHlqTb0oB8B64y@eYB zboI`|CV0zt<{#>l2lo7L8I%H!@+FM=a+az-Z`T#P+8)rd9BsQKWf@-IjntWnC-9qz zF{FL1pY?Zrrw!3fp67_<{%T{j_{GsJ#-stBt&%B){7<)zHeY)ScejqYAfqMo3zxGbAdkCF6#r=$4+{Wa(aZ|?=MXOD(XOB}yl z5u45CVs_BU-q_r52t$Nm(zU%?u@gpPjeC76SCQ_|cR%(*^s@%bG*$zU@z=(-oUk@7 zMk91gZi*z=6Su!n#(Wa@l)K)L>WRS}>}KYT{SvZM{jEjuj= z=&!#cUS@5C;fIso%LFy7rSKbP%X~-tWI0v4@*rR9^6B)|?O?@qBvQqGiq;YAPIT>3 zNyW6+P4sm>xtz=f5hjI=;@Z&lscVpNOHbjqka*DTPkGWw^MK2ZKmQauEFTi*IG!li zhInbRr*kN6=fP0Qd?_|_O7Rq_zWS?RZ|qlOIZ+OrM)Oh6uHk-_ZKaip3HKYNy3_R? z)0@5zWsMtWI@wAo1znQ;vD}3>jms3$p@{mhgclOaDcCDcuXys5Uhg;W5v`z}Ti%B^ z9w}3m8xq>Rp?VsvultNuA=zqXxZpK~R-;jb|H_2IHmX>|?Fz4gur&0RS@NL7FumqL zu9R4oLE}TtU}b; z4aT^T_NvYkP{uJI2(q%+*M=y1s4d(r;U{p~e&H(C*Il^W9F^c^(ksb9vv?}Ma#>QG zC4P+JxPo-rcX9Imy6Wa=RwUti9o^mY?7f9DugJUSZ^POh(xKrsj5r{O#_CiW=5f#T zYcJEY7bykEb-6JCv9n3d@f5IT-_JSJ~^4LWoWE6Co)H4!uWm< z7!sDS!}vyogTsl5Fl&ZexAY`huBk5Yzk{z?PZaK(3W zpDe(v@BK%cL3*L(2P5QKL%&$K3altt#fN<|O~8$(Z&;o0&01|t@s#F1gN`iGAjwvF zj_;e4C`40+-tghUq_?O#1)`(#H^9MyuWJu7$9eaw4|*$|WFJg5!OVVd?nKVsN9(I) zS0VQR=En+UL}s&|Nv}sRLtnc5$-9_vox;27{&A(HS)Y++zu0C5hQilQiF(_r+r06~ zOeDm(5FsqESkNaHQ{RsBDL!9Ilb{fFbnxlx2e5_rp(y>SMTSPP^nrdjJR{j_zKOo& zmxB1$Uh6+1@*(c`3nliu`rg%NL&{+Juj=BYK9z!RS~_5%T=^(2ht3Pp;Q7W+OfFDn zwc?0W$*4ze*N$raG>2D+sSg2``N-KRkP$SR>A@}Dsxs+L#f&0 z>B@t2e~k@H_fAUuXHoINtq$ikib+!z=q?l&$D4%gT?w3~UoA4PavfK1JsaA~eNV?{ z#O3_Q+8y5Ke{VwLLB6x`kp7(b?z^Ym^pT4JxiI~<=7YH``{bUN2Aq^hN2po`;wj9X z*o!9y-bke;R=>1=Bj6(%rp#|{lAyJed~~*&pYkIcaPa70$FdF5W{%Lg*)MQ88e~oD z9nkkxd;qJ$H=oYYp!P}l6SmrVsQcp^hsT$w_WDNkANv8Y?sikgQoog7d3n#dor8>d zn0@{nqVS*YpmZnm`;0CY3^sqg4S~u`P8_n2`fGz!$Hk;d*FR6pa)}S;I@3lOxe@Hd zQ{>;2T_f5ZdYql+kXI37O#Gf$|NefxAJd|k`jxn=pTiK>+TK`2cXS}Yh{(Ynml#5A6s+yjG+EHMsW_|Xf~S*IiKVyrWIXpsss@r z8kRstry5AI^Xu1p{CY8mM=+af3|>RbG?o;L3Ozo%Ur6u%7g28=7u6Sa56^&fDlJ2( zbcevuBPfUK{=<^~W_%7($v>w2&kLTogFUHjB3L?D zb{kmc)h?AdzOJ-yf}KmttxSj&eN{Z*Tn?Sx9{49~lE})~JRA6AKp1lI^wP6peTro% z%C5s|xLJ{dhRH>>Jd2faHqBm~QXgIu<~6ZJZP?Et@$x(Jzn;CcjJ{J6x^I@D*W^$i z=fTx|%c;N>Q))<(xU*4{=1x;#(S_exq&tJqZ_Dhm(6bGlQd@DZiY)S&md(9fjtERM zKg+YnkG;Qw{lsCdBda!)%*SD%63;7WeM|VWsIn(ZWaD)KfFv0;`fh97Ah`9lD3E=o z4-H++5qq{y1LCpQLxTZ1uco|q%M1;2GJA#Q_2C~ZuCrPO>^$l)DomKIj$ES`G>p?F zeQCUp&}PmV7~#=63{2UvgGOeCWCCZ&$92`+k0^yiQZL$nAg9WW-(g}=I2LZ7>6j-#>3G77i?vua(sd10Ygw{kGZ)P3uMQle{Yi~%HmbUR^T%DV5F)=#oVQ&V`+u|$#ehXMdS7UIa`9!DJ1+P?^ zFZNZ5NJwIhn|yn*ZSSZM6{Yj^Ya?HYPZXgh>T~F@$z$Sp}$ewU$_ z!Jz~)l!9MaNI+EqGmC+mb$^JEbs3*HLK*JvIYj!pnwMD_wK$4a#s9(3#@2zsm zmeZio#Cxj)&FBzT{|ma-Q={K`soVBzWrD{bemrLID%g^Tl7_}A^8}R7;D?{azAE`= zDW@Q)gZB#h8sSflsp}j95z5^LlESr_hFXhv>F-~&eaj4#rMx-HLSBrBhZNupX-2A& zQXe!tir~p4{txF$vvt)aby`WvxyS9jxj}S0(v{}d=9nUwf)2@)e0N6o~0jT{@l z!#@Qmo|tm#T}c?HMA7|X3g`>?kS>)>v2USEs`j%@Hw8T?Ntb07B;0MO=XT%BujYK5 z0tAW&>joD$qeLR*HcQ^WK2dvC+!GD(^7#wHVyPt>(|1hjNC$@^1!PZjji)9Jq5sYF zK2+k=Nc-~FYdf}yAR53&pPY+r3Dwc|(}4Yl8~iVYGN|jNoGUh^z2-k}NxQ36D21rz ze;zkRUS}w4^t9v+r<{?j498ktw(MML?VEftAf~C?2)FmT+{-ge6O7JIpO}E3T4PH0 z&x5mHZYAUFV`plg9XagToxg1YA>KLRoAWWnV9;~+E>|v=8uTTQl}*kXeswc7tid>P zVT(&(GQ^nM)?k8HyCim(7Z1m(zdj-Ena}1NY{AIRz4Wavh<%k1d*K_rKiv0WcKB(6 zwbCi&^Bk%bP+oqsiezv=#wqm-y zj>+t~W#!{1n5T=$6iMf{t1%@}IbNIJ+s(5A^Mosw!{*q$hE7aSHp3=y)*dXedL7a# zHAVCLGsAw%W6$UM517)`_UnT^g8}G^`cT6eLsOIV9{6#;eoZ* z{9AAWd(z=y@Xf3i`J*KOm*MBPtfij#*H@AO>c&aeS&cGYp?v8-4etK>5Qd4PHEG*> zo8Z?Y>cQgi5SQ)*t=}|o4cff(pFJ0DJ)a$b=Av1GW&}e^hU{TGI~^upYUQT67!x8t zi%8H&*d_iBtXJIdq-W1Q6Hf@--srdQmx~<|93t-{iv?S0+MutA(o2-0v`cvJ^CHdE zPfEt;1;n=!z@{O`TxyWM#)G%N68~Hk!`9RBF?-VDr10fguKADbCytTO{&tJ)obegdAvk*tQxId&2Exz*!^kyXH_yx z@~RZ6@63aYirg4eW9HGBoK{`yjEJ549Nls;3$Gw6l;^sf98W0Y)9aMN(CqNBpB}8l zQ&>~Da|u}=HS8bt2`&$3b6UA1D0NE)+HFkTpk6w`E_vk@1c8 zZ#eKeb)36>dh##pZ*#?_VFs1g*=JBb6 zM?FneFm%U$-9>>aMdCN8rq6oX)+pjRM2s5{(S7`|R_yP2IMhNxcqqMr>w$ISgW`;W z`)*2};x3Vj2A87^%WZzo`VS?vd%ILWxw=j)&KdqNbdnDmzRV7 z^W3J1St#b`)b(=c{CmN7``cm2LdcWF46?3mLk|YRIJl_BHSS~@M`OMfeK*q?avE+k~_&web zyUaxtT7zTKD+m;@z|OUdilueIy8~lpcFKg`zyI)v{??|qZNqEm>sINT*M~vUpi8iY z<#WTvVSMPK@3S$fXf`RFCZ%Q$is^ueU_@Wllfs<8iQ~_owy_XIKU;q@W7$WtopT`i zYj9k7(2yfyc8;|{KFKVTD#rM7l4QkRJkDb7eLarl!d6M*UgOUa|I*X5xKQ42a}#*` z$G@LcZ0F4lj@P!xkJi;w5!A$MYrKxn2$bdm)zS~-i&FVInWoB!o#*M{9%O|sXvuD( zzp}2)jaNHTVFD5+LB;NVHMv!euU_A8?1Nb#eEnA{O11;RGdmCg^-vU>K@lBmuzID?4gQNva{T3zX zw>sAd>cNdlmlzNFzD~d(6!%JhkL&v#$Xy#XmjdVA~kBtGMk75wDPo)+Uh_xbC{WHIoTh$~A0};6$lBj=Np{W%H?FacB^qUoydT@2 z7BKlUR-T;6qjk^uoLsd@-D0V=TPG@Fy5bQ#?)1mDy-$nRJ^!LT>h9k}Ve~fMXN-m4 zt`=zqtYr*7SOu1iLQXGRO*q&(eH59?F`dp+yJUVE)xQN*yme^_U{h)g{%O0PI?nBI6e2z87&0aAwm2Hsvl)r&rRsuLv zo_lgO8?pVVP@*4yc>TKG@<*mPJ~5*gi=f8qAjArK>oXUOt|ws%-cZf+CE<2cy096w zL*oOju6QquCaBagx23kXM?i^N9|3EQ=B)z86kw7lc%?$S8Uy;=lj% ze_DVYIV>$Y-+t`K#A^G3?%Ro&4(CM7_{M2I$Cs(YET#da_JJhP-tVPe$!A+iikpc+ zm0MPexwTsoPsANgRpgSTb)S9Vd$UlXhuHn+T07&72Q$!_(wd8v_}tr|KM(iuUH{cq zh;VnW3O4^yF@NVkIScNM(K09juu$g)wGFMA(LBBQb!61tHeGrBL2<8uVwT%Y*~2qL zg*2n)mC}%*b+h_iQSyFz8D#mitKy5(v$XOR1gU}`VQuEaqP@`LR*H`e^*^K-z+}WmaX~1QvGHamI1?pG zy?6(=Yl-*wSMcZsi2t~69=_)fPbw!tiWWJG^v$dMiLr#&ze~m4P<5krkyE{YaNNYg z^?vN=e0x{_N{Pa-z4&TCR7Iv2tj4hmufFlSY`Gp_>hvdPajOy5UHPz~pGgV2~Q!^!iyTi8$WZ zuU{jz{MUc5<94Ei3&6e`w$byZ<;N=k@gIIMV2Q{7ABfMj;>;+QrJ0J~ zzWLw=v(C@}%x0!I4ctfAk+y)|9uL4(W(G;wovmHnWwz3{|DS6Za#SaJ)iQ-~vDXc~##gl`Hw0J2^>PsL?dPL*3un?y6|>)W&9!mA zth&AlX!dSCd#!u;a`@W}7AS_NGq z{bU>_gdT7NQ7}pUypVpKalFl{c<%Y3)MmkuK^*Dif7yGH>UZCZU&A#sLdQ07NzC^V zmUpDV$YOo0xqObXz-7ztBe08Ov;Q5)XHer5dr5HAe|kXYe@$8Z0z9Qi91bwKiP=;& z6r|bV6%;GbiQO#WP0uYrQT_RgjVPxYiiA`7@#Di({Pq~ z6u5yY2(RpS5282@JL#Jx{f<4mnLO}h5Iu4T-gdO->?29Q&OpE55&JiANEl=4@< z+D?#!ZeUC^9Lpf?n9oBgLQH8sTJc(1Pw4vfOb(q$cJe-&3&sn}^FO+Ek_L1patQUo z6j87AR7pSW$!a?qnW*3KH}n3KTgdqer#Du*)_rS4Am{8`no2WRfy9{J46#S9VeQBm z(zp+l_R|GVMC&h)rrzd_PQCZmQTN^9CJ^sfO|8ty&RB)*6Nhg-&|m~ z-W^_ZXa_ca=kqsG|vBqtxz^h*y`!Az}tZB$D`tvui=0OJ|4mBYoFqksg zujkv8t+op&-sZLa?~kb96^s{f8Z^(+e-0Q^_bI*keED%Ddr!$LIC(l$l?;|4a9YH(sAy<0#$pWbH=6LUIcWo1>MJRf8Uim&oje|AO*a*r4D-g{L%YoFqW zRaII5)%R6@Z6^C>Dt#-@u4P|>t7iS9MYo(RkgShnz1x~?GC(bWs**n7G0I0k!F*Uy znIhpF4_?URbI#|Skwzx&8; ze5i%7bjvMS%%0;(1TD>(M+ce2NfAqa{@TBBlLT->hQLlMF8R$s6Yx|?03MHhS{ky; zXjeV<;Pu4X*Ws0Chv+`zFrj!#d-Xr;CtS&*mr^ws~Y-aAx(j5q;#V`JMC zYJoaAo(oC<_5uClCPDnbnNJ)GJlVxdrOpQ>=AHttLsB)3RQM=jA2_m5O@rUiX8#Ot9Y463Tec=A~6qGM40r$x`z+9!sXT37^p2w?qU;iA*A}_~=rGIK|=6O8h zmGa~{E44|7u<5}4RxSCa&_!itpU3HbJCc>~=h3IdE-=DM(aWiudrZBm9MRwhJXvg6 z;D5gj;IrixVU7EJydqB1aJ!Mr;NU4xq17k-w=p*Jb)6RQ+=~HS4jA*uZD_*8xZ!dx zSX92(_0{FeS|=k=FcXbT?Ek`RlfJi{V3G{{nkM45qUOf74P1#VH%_-IhnGqkc0{h5*K<=MBUVb%+*g2!&qEVwx0Oh{F+hXm zfZ~AtUpgiXHrq|dv#|*#fqKkA7f7FlkDQhu7!~n9agp>tDU&%{%T~&^FKrTkvh7M6 z+ng@#rS7>i%{>=*UOdVuk$_8e$6lVCl_dIa%e67k{a8(Q$fnEH4livQeeYzsbz@aj z@4fdmAGn0VD(uEMvU#0?t}ag5MMPeL&NUBM{C9&5J$}9Z0n}rQ1r71QjIaM-SYFVe z*6GXnPQx(YfAl7)i=atOKMIPgHnSE!&c>}Jpq6cvTrW#S%gD}g+?5|&Q zK(7uF%O1)~#K9qKg?Zce-!GlzSPi*7xQ6Zp84Ruox>=fc$GBvLu>?-o?ik9f552`H z2EXOF!sUF|_jt!~MeZIopSbsdW}`P!R3g!!WN2?pL*8++&oEo)Z&GdKx4imjAR%#! z-sb!#8a5ifOLHb_)kiIABU2r8xHc+c)()&(CWj5n4pM4m5Tb7L!2OiAWO)!LVgk%) ze{t>Xo3oc?rjN!nXh*oYZ}da_hdVFeAdlUocX`ds4I>yH@g>2C7cGEW6mn@7?4jY+ zHr$J#oS47cN|R6rj48VvXTYF-9TH~6_ueDms&kot8%#Dm3EFuj`Z>2;dajR`Wm`0}9&s0-|C2r=&+PE?O z+lyc!gyQ^14OS*wq3uRe-(UzeoHX+?L`SA z`gNhdAPk80$uQvObeBxeu<>*yC0D(hVE0xLu!G?qDD92qOz~-7SnQ%Ri39hNM9F;C zzYuA^Mq$FMl^Z$wwu^3Cf!Avo7;e0TgulGR5rl_J#u{#O?ZR0!G8utNj~^$7 zssSO};GDnU6|kShkCd&>_)7u-w=*GBd#c#v-;yP9ULdcx&jf+hSdadxqn-$>z9Es=|!!?MST^g7tE z@r}A6|CRhSAnX&`$toscJqK^jHz436YUlYNiO+nrGh?3~#j679%%YLMY#CkRrakN5 zvOB@i5AbZw&2U0|-^e@3vXUg?qSxLRer(v-aWiyZUAU|L=z25}=jS{cSGjKg!qG^b zmH=|!!c5iBFjcPz(zF)(KH6)|=LZTpBplcSV|g z;dxC;sx|AqNH(UC>Y*`=3|;K(#-+D$f|P~y*S)jQ_&(?Nx5;`4_jd>kp+$S^+n)ZpmX$mbaV3|g+G(2`qA0no3&%x}T z0#{dQ%M}k$1&XlXj#UvwLAl4<=@;GAQ^dE!qmmE|i^B?`?GrdQ;+7pVZie#{Gv3(G zxLt_+!DjQUv0su$51sj7(#{tT*ly8(YZ`c-YD#>aJ6PhPc7jJjKiQE&ZJH*O)w$9v z4Y!`}QRo^nYo;Uo1VPJI&r!iDH4{Z`&`HiULdWY79)Gv*|7j0+$#^YuiFyfF{|$<& znsnzUI!0(qM>IW$du~_YX55y_y#Yj9s&EdDxbZr8Gm5b#Q#Fpu4E8e)ju~=MBV|J~ zj`Z?cv(hU6YA<)w#v{Q1gU*HK?V729%{Qj+bf!bJu!i65IZIMJ0vMhw@Z_gxl7Kum zE&8JeM@iC=ruVObLKiuVk*a#be*|d`P;@X=3O`OBwdM*#x_fSE$bGCi4llg^BBf;} zVCOrxNcqiop|57i8~^<_*q^Y7PFh*uI(RlC`5?qY!x07_AC+srHS$@A1{LpZOMGqJ zrl?IdOG&Bz==4Upd4RHJEFD-y!52Rsp(-0z>)Oj3_8|8^`gGeZI}?|w!lOlDoZ>C~ zFsiGz)I41{$E$Zjuql=^3dHw*ZL>LF%GgL%^&$^*w>c)*K|pZI&@oe}%N+$i-B&)z z66x5)0h$nf${mGg^02@&j3~sr-8He6`et#~v-I%4zBvt+PLm31KyL9_^TVb;2`-WL z`US7J7tf#)okyOVzXv-_?hqus(#6Xna@cD3;PCvxfJO>BCgKPPkh8J&%9e0r0HXmn z$fU2mlXrUp8i-t*t`-HhRrr<=;vGCJgc@;IlU3l$_zW#NSoZ9h{|?yZoDJn!DO}W? z8X!Kak;JXS+om0N1G?;*uFf{e-2Hwqti~Q;bzS)#Teq#s7k1pbd+I5r9&r(1*CzwP zfwgnj^cz30LK2gL2BV7I?p57bzIHd|vaC5vczhM~y)CT&vjy{@8q_Q)2hUr z4WA`FXZwf$!pJ_?ZAIpB!mVL?tRjMq{2MU8!dJE?c`m66pbFA3^}?G~`-mwb_N|YI zNz*#!7E$xZsO+>zMp#Ddeq`e=csvh(Qt_?- zId`yy@!-N+JxovieCwSZy1kDOT&Md^e7ik@`U|&ZmnHElPT0vZaY~MSH&*Q%(>Z1n z6$V7h^JSt<+Dp)^F>kYbIAp}7_U^Lek(}U)$X3TXFu>op@`uuEB0eP=p@QjOrW$NO z4ttJC{V6HbGJ>Z7`<6I#()5cGE_hsL(D$)wU2Z-A02HoScI zu>L?)&jFHuNc5k_?=MK)*^w`Jq!Dz@>SkKBBO6=(2a*=U@P+$h%!bNW!zbmo<_{A1 z>wY^(bl#)rm_%40{d+-lqEWRx%#Mxl@<-xt5 zv+~%_7rt<9rH5n*J7U*<9vgPa3F|&Dq~vaM$l8bYhs||AeHGcGb&Sb)^+cNBAz`eO zSVw4=LhQ$c<*7LfcAc6NoAd^1P7M%lYfUOW{q6GU?{Qb(S%!IzMp{nBW`whJsD;UY ziQ*pKB$!@1vLS(aNN3XiUD}Cq;XIXJ9l884sfJU`sqe}Gx$*S+6#j)wCLHuQPPasDNF{36yUcE|G2 z5&V)>QPYQ7xz~Y197m}+D@<7=b@hB4whzoCLY8Cl+p2Rc1G8yJ1Zl;0Ry<#BtM*RY zWOW|D-#j)p-(I!1#rpExXV9gm=pIS&AN7}qOoTk#s?(YRt^){+YF$HTZuJ$V`%c7^L; zh$S925gB|&1gp)U;kFU%?wtx)2-3TB7t$s+rupk~Y(&YeD$&)Gr&!rn{6v(bg;(zK zp3>dtb$lJkA*!X5^A)=Xw(FAeFV&kqiI-2`Z>@NK`_$r@EIYMuoASFa(( zJ`WJq_=dKrmhJZ%p^vU>_~7=dgCyjQQS(Q+bRaA9ANAQd7mSk%{ddD}G=!muF@6w| z$qz3W=8udsC>`WWD-7#RB0-8+y{;;nx&0s^dts@(LN8LwFCgnAML;RMvFhQ=*%{aa zJXf2~-;b?73H<6{a~@Lb{^Y15riQ*^IkjT(tqB-r!oEINzL_bUcamGSPBB`=T(186oKSeM!xli7A%58aE{}t4fHPxAGMuQCs3aPdD=NR3QI z*}z1{yc$MK6$(gaUCNQg?G6hHkV&D#)c`Rp{1Zh1Yd!*Xe#E6i=$ ze8cLV_Q_!S9_650iJc#C*7ZE)BZoI{o(=3TOufKilh+Y6yek*O{z$j0?Ar?wAFH_f zyir^;d=!afm)fF!w4Y$#p^s|{q1&~efqBk(NAA5@`JyL&(dkxc?@Yw$^ z0ctV#eg5N-(L6jR=qKB(I6w(Z(vCna^X!Il{$ZQjD0mNwS+wShb8<|63dHZ9U)>+8 zUS@aI@fSJo3~wk4H@S}da!z3UxjyYd&fdF^7~EqMYVPBi)Gh?8)o;wG$nM}t%-bf+ z!czLGK;KFH?H|o={AC4O=-5@8!{h&QT1$+4^gEk9*lT^GDCzlpPyoRp+@U$EWga@d2S^5 zEFxUb(!G)p7ZbO=Sedd*vl;HU;m4eC^2P%lo4g!+@Xr)wu^{$m0>i?eRf>}DPNDZ6 z_g)>*5or!vQsD@5%?$ehibvuYlDy^LF{3Ta&DmF@C{oC7<2KZOo@Gk^G+poNyXEl) zd(!y_UZ3CpBxzDyLI0H+44rM!>0o+p7F4t)&1`@59Ez5oz5U=hM;ETcp9P((uXs{^ zzsX|*|1Bsod2U5~c_wHqGG02z@Ia97<7ah^5S5w_-pbzBd%8YB_L2UwQYkQbDx3dJ zowi&>iN=um3!Y2q*F+5q_+&JJJV(u2+`6gb?mnFcbIbYnwu=`FF1QT_g@uI(T+jA$8^&k)%e5-HC#or~~9p!3h?Bf;{8ZI51`ng)B7pr^SM;+Xo}KdO#1&CMnt z$rp}q6Yz)v(<6sGO4)C()3dhWPU%BA6|>L1-cy-LQ+H# z)?3a>Q1c`-jf=8%c=})fJG3dfW#(1ojjgMJ|uwBEP>cU@HJ z@WTg}*zftuQ+Za1T5VU4t44I&Q+`+_QIxJ8DpuFrpr|3DU!@LL?_O#L2TBS{4xc@= zFZy}cLxuLZkEgn?D@>`3d;79@w8HwSI4*W5e>!#kq@k&tL*45j(Se+D=ATWYC>hN8 zQdaH@;}CN6B5A2xfNt=8eQk53=ky{e=5Y0=4>APwnqXIgyc$nj?8Me}P|d&m?;lf?~uo<(9d*9m+d^V4^QeOb5o`hr^rs(G)|G~4Q=Go{!r~Bpygy!jdh6I8Lc}r7D`~5@8{1^s6LXJ)oi^FKah+l;-XZf4@{`70WKpk)R!7YhgymGM7F{uA5+@s!V$B z*g3ZF!?TcqBPA%}OO5FLL5>DRx5^Y!s=C}$*O$t5k1^p7Ghp2Rcr8Dz1DnKEA~eZT zpJnRIhL_DJI>yixq42hdY_;5QK_yGK&gIGHjx#Gy`ch0Dr<|B5@Nj{RPMkjP2d`YQN-*A}uOuMj$<1EvIzZ5+jUBsO>zsh{jz2}h+&S<|yjR7Uu^?fq^Z0F1|+a=Xg z{^`r}97Ko(IeDvOHD~$Wo74`86Dx|RI3E$XF8y{M2wuug;r^vHygR8RB`6UG2n437 z^7zp!(>`8b6m$(MwUFSmEQ4HljQbNM#`<{H*fjCbE>%Ej1~h-_X=7euT+zIRx&_HD zt_t?AGn@my8*c54VO$P#%|`J8MsLU!Gu0u{Hb`3{0zb&(!;cru@Wraoj)yXB<+9bJ zb@;84MZtdgDS=4VcW%%`lq@P04-#evX_;0`=Fd!QhI$}qP}@6h>fyN4J@t`FC_#d< zOqvMl$+o7dk6k#)qY~=N55`5t%Mu|Upf3>lvv#aDbTYY!~i<~aaC?^P%tLA1K5y9MnOclZ#y0WqAMAB1O1klb?TaDGTo zS4Pjq0?(4kl>rh|kCUM~UM-TnwIbArI%3q*Yx17tt^zn&6);e}J@DLXmp! zl-4Fp>sq1#=`7g)S9y`*I`h?cer5;9#Lh&T7aT(g=06g}2Y1c1L4(PO&4~ogG<)1VT(4v*a z@uoYLM?S*yMOQwnlq=nnOC$^Y{j0l)y_q4*Yq^HrPHwqEkN!f0J#Z1*%Goj4#+f&S zNixLTXxIZ6Bctt@&1lJG7U$a%)Ea{P*&7~P-uCf)bJ2FM2HvneG+bk%QS`TDP8?v^ z<9BS;8pMy`o^;y55%^n4e@~x%86Yx6;3IAcK?UnDskbnDgF^%?x`2RmKiM@~+}Jw? z%91GD2K#XV+=0foD-=R%K8sNjkq7;Ds8$AbcFwgIC@J#NRO)RRwuGAr>kcj?eYF_(Qm`z%A&DB6jaS0IjpH;L@lH#Z4^Fp#=;}gf`eAXXyc3=W z;bm32{NalVg_&s(I0+Ro zS{4;$pk{Qzcw)2n?j2d@_ik9WJUN%$xNat-6F%9>C4{zDGeMReZ~bw5qKoHzZv=gg z)M6mPj@6F@PW!A-p`}TPyD_Jk4CD{@a$4N#LO3s30uEoqrc)dzhq4^}xgmN!-?gEA zmzqmJszrgPyTVU&Kp}*GC^;xJa#KVVtvOjG$cFVk+x+{q<+c`^IES`~%@7-|U)85o zDKW2^? zC^G`8JnDaq>AtJkVbqC-2ZLG??}jb*d}^R>CilMm6_PrCfrF%m>7-g-@Zj!H^*u)y>tiv6)FyY;2iIHyegbs%Glf&Ngx()5Z z<9riCG0^7g^QP~w;(6#V| z!$%|ULnVndpUVjC^}(HnTu4WxFb$xnU=IEPp4}=uVr~+&I5O{!gRDykVSqTp3+sHQ z6=6cx_$B#a=g3&(n_w-|BG8HvUk<6+6l~GTIL<)X>4W$Fq!!Qrj1aP*iK~oYzjwRp zT@0S#i&m1$52wrjnWP%iQttp7ntcF|vJyFXk>VN6Alkj=#AKH0iC}o1mSzDt$_ir^ zF{7rQ4BDCyUi7SFHT(3)j~l{khF9X!2=dUllkjDbrmNB0rIe4%-fr9*igk0SeC_?# zqMM?YHX%b2e*m|k1aO_cKR`w*LPF!L;hhDoTHWSA8c2^MYSL^xdy~3ttwugl#smSClv zPxLl^X?A;)Na%a6D;QfX;wmTx#f!psSct<3sF^4uUeJI(G#)$%Puu*U*Zknr^+ZB@xc(^uF^3F+o7iKYs^7QaVC}J1^Bdl*?!O zWrVODcY?1=6!Ishod=~{f;sJ+xrK&4Mvce0O5V> zY`H&SxNh!ehXKxbqQ#ljD&FzpS_QNev|dz_*s0DWgyGisM+xK4>dCO-VIbn=zdEhP zm}z-Bo2GWD3X7Qpz0Rm65q%F2_j2U3n2w}Y2$G>&k-wB#0xa7-Q5NoMZ&K~3+{nih zpAfl4dOOfcLn_+K$K{FtwL@O80;vFhuyN=jBO5~gcI|JFT7uq7tIey(g7vc=ke=C0RrFpu+1KQ=o(HJ_4F$g<9}bV3b^q<$zW9d zb}dSgyp)90I6ie>QH&^@HOebgb{M0*A}7Rzl{xR{N*a6TJGjmyxyxu?&OR)gV4l2+ z7jXP5|D?09ZFotI1XaQY`(6s*18-$XW>?VanZrbnFK<&n(s(EQqWOgVn;|b z`>c5&Xyn7wspczBC&nR;QY`W!RpWuh81?YC07MFZ$Sukr2wmuKCJQ_s5hW4&JiwvE zElSL@nQo+AlASq0JUe!#h*0fL%Vx5~pRrX-1q9u+o3sGnj~Mw#ZRN{04cDZlKGVEi zm9G6GiF<3uz7h_z)6g0e);42pXDw1QA_yQEg+(LS`4<3{MSMccPJR(zsY>Egzp9XApyj7 z!TKENJabuC`uj%nHw((kw$jwI0>8AEhu!{N7LLt01A(;Y`(Sd6LxH(P?7>Pg_Jxi? z0WsSv)bo!Hla{#5DRgNE$SK~W0|$RgEzTs#J5w@upPljiAHjutBU{{8p)By?0Ro90 zd?^qeqq9Se#wvYYCQ@zpbg8D6yOk5j!-JG)-`!|Cmay!q3T3n@M?*CkuRJ<+VhaW( zrIlC@qZ@}V%0q=&*_rDDaE0R;HQ8}*g%#H^4{xh$kn=q9b0zlz(#|&aBlw#X*QjRE z5RNi3vFjY&03N#iKKBDn31_oPxD(`NmD(RaBJK;B%^$RW3R`OA2@E z5Bb1Gn;(dkk-nKr6)}U*+Glvz9-u;A{(TNaI_Rnq6eYtOmQUBe|Iqesxb!SntJCI@@U8Rc2TI*u~_F@g>;Gd9)JGhEUk|DW#<;Ee z;)DsXF(xSrXA)ilo-Z%|EsujH7x~t^zrO*2;?~2W``(<@j`i(GEc#xlTd=ty4|&yp z7v51Qlm$#wT_fA*SHWx1yu#b+P?%dQZtEj;WA*gKD#_+nZ}u*^Kmm=%IH~ z@c?*2bnwA{w$bj>x)sanp8?H`2!UVbZOV>HxMOswncwkiQtn zqF|Etd>Cc{;e-jaU#1!p=+579br9P<0P?6Loz#rB$K)D0ugj!;# ztW3AD;+2j1^`gt2{imYCKIjJXG^>)zEP8}+N%>|lXQbfvQcMg2h=_tk?yOItV}dO} zBb>R9)E_i-;N*=j$~8&hkgg*SKUUz=p-h@N??N;!!AiCZMW0$xyh8di0dKu80!EWC zyunr2TPOm^@`hoypLBKc@+#&l7Rq-1RAL&32;z|w5EE3QRB&>MQNvwI+zE(Ux^fBx zW*p@vlH$nXxIjsOrN=H$Y=VkQhOiRQ;JPC4(swa(0fJM6kaS#;njBnr`zRaMg=0E^ z15u9AIpQNHB!RN>Y8Tm_wV${)3Jc-!;rPHa8rxS-Y*7h7jzj`sHxUkK3&wox{`NQz z%z%nu)$+vpH`Rn>=R362DBrz>u0d}1y284m)D0y+q?R4-qIyfPN2+#r*b^d7`hBs7 ztAXkp9d>x{*GVodLA(9-EprG7mTJ`*+ZvqP zixTzm_*mFAh`Yvxf^rtkH~TQUIfy}YC7Z}ypzjHlGx>}gCpx8r&bMoGnGj+aj>;F| zBY1L)6x(=e+_3OAB3A_CHh$F>kt5^|3B;5NRpE#!zh#S(_8M->&oyeTmc>tmzl2$$ z`o&ffJt1w7`@{G5+;mjDMMsO z2%P5=B~{P$>adXEBv7cmGi^u9_p`0N2=p3r3W5tIFeoeBpHBO1vkD&)zQ;8bN=Z7) zQx~Bk0JNT?!QazBSb)8V{2k8*N}wk?B1gcfajgxEB(8;*Joq%#pd6{uqMlAhtgXVB ze+#Y)9QrYx)zvPM5s_5NPyq?YNlWx9ziyf7+d(5*);sSkjH?Y+=@UzIO4Ea%q$B?} z9p7CYtsh|qpyzPWLk_Dtg}P@NF+NKxhq`a5W}J&0mKyLl{d&#Sv61Pi@M5BS*L{4TO9s2+I=f1Brd zyR;uCQs@?~G2f5RxR?P(_pgHfE%TH6p7TI_C}z5b-I9jOBZ_hZiLx?C#>4_b0QR;m@< z!hr$B`$S!32;*))%q!6a7f5k3#hc@Gw&7*etRLz1`@H4?Y)~9tJJTPfFrep0D>3%z zKv}@DQ<~QFmIVgQpiCuk+k5_>gc(6+?!x0ciUYhpn`<~Lt?EE#t2VIJ9B@9c>5%%| za0FmJMtDx~@2nb^flXJh;d@GSHYs%`jDmx2-|DP(V!lU6)>!P^6;*xuF3&Ry52E}O z8alpLmmi5+deQVNv>ZY^v)*;TQ*33zClCjtA^R`x;~y)5#U&|Bzlem(54{mh`Mv1@ zfsFCjD(O8LPp3dm+24rhBXdJA5$DA%CevXySpxnF8h*< zbr7C~7s1?{FsgzwAaP#&59hx+-x9Dt5I%&OIwUS`I*@jbTE1h9h+q)4PPBn^K_2cr zpv1L>%7?tz-N@LbH2+K#%Ni1_YrA09OJ8o*flsvo!D4-V-vSc`ko4jy0qyvdp9c}~ zvx-Ydx(wipX>8vw!j<*89QMZ{)vLm;aVpa(5VSq3tB2qzk#vjJb)_{sOxkKM>lQAI!Q*7QM?zKtT}k?D+uvxG4&CcCp&C-4CF)L++w(`vNMVQcgtm@_EuPup z2YAfJ0I|)He8j(x`C8yre-{Xl-S>|)gkFFwnc;$TUd+?*XsXFLxjq9!YetA*4xP|$ zh0uM0Yr-V3V^U77!sX?BI3EtWo`0jPB{qZ*(xUm*Vy0*uQ5MEuq*vAOL!gwfr!d9I zHaG4N4M;eGJ7w3UE+1E!s+NL|$~(`=7^CGb^nU)CD*Mms=uPoCV!(%f~2zoBc z+h1qXsnH=LWV@MDS$CcE+4~FPb>p?R*=53(ocLYoT$5!~ho^ZLSrXm44am=ASVonm z6_SP$00~TY*5QNJ zb>P5$vp4M2CgiVJFWSyLPI3?ozrp)!2_pMtKzD$gOCWG-oRB-1mUQYR) zBhL~WlLTi?gX(sSNSKkXp|d4T=FEag@3;gZ`>G;$II*q**Bw5?o*}bU1@Z##`KGH#d(9{loOgD+V%~ z)ns8*nC#v99V4-vAj&z990sHKSYumnId}Q9q7FDGpbm(9X1&RhYd}HQv@F80{t=CQ ze}SbU6$kPW?alq)k>1wE1T;iGt>;9ird&K5X7np1K4l{zoOW~=|G=|%>8MT0Cp*$K z*bUS#sI2ONfBlH-EcU(JTG^$Vukr`J=?#b1SJ?Dmd zYv`QAkt97xE0RV1I2dnerj3btye_dIG_k^;XmY`OU*2goEti`=%tnkMG=FziZ(7uY zC@%&a%j^*qn&+>I0*)0fVOPBCvVi+4woNZ;w!#pP{)J+~#xdMPX2to0n{!O6+{>1= zc&(H57m%U!mili@v2%T^baMa!1gpHuN^g&1VOsd`2BIXU@;t!i_=pyC`9LmPoHKe1%+Ld;ET+mt5pQ;5`|ikJDevm2v| zCHNED$YKV8c)DGvzoMp*tFtBJrz-=b?~@#hHL}EXJlX+?zMj9TpxMNX=49zpdkL>g z9P##mmnu{f@w9Mg6lG$;8iMpxG&2Izc-oo&gTU~4-0hwX7$2k3tuXC(LyewdPNVxk zrQ9zP98n;|>2aBNrczSRC_iV1L-%7pq;ElGboy%G&R-l(75c}Xxpe?q@y5!>W_r|Mq+jUadHSIGB%*AMhr5(wqx&lS-=5`QEomQ#N= z)I+S20S>;Hn;l==sSFW_=V}E~nSzkCAnN80%r%t2MViWT^CGT$<24`#77>UfR4svW zU5eRYnMRep>u5fm$_tIdsz`xZ`O*8GBAD_a2uzHF(B502C!5T2P#9x10cnl;8?ZVk zw55TVgn&al+8v}R^!R`VUx!;f>zJ%H*w4uD2)kJs`y%^M(C8pg!h|F*BmrZLYM*>k zxPw6ewwdDm`wdD66Y{Qzct;>(VYXmjrr9V988DWgg@uuW-OS05GhnXoKxD+);6Nn8 zwctGtzQ|J!aP{^#CgL$HM%uDHZqVu9rQiqq+82%o8#=I4oXuc_B3tetkDQh`io^O> zuCbC}2Fo|?8IqcmE!~4Ye2F&(|M~~gNXu+rc0R#{#BLDyZ literal 0 HcmV?d00001 diff --git a/copy-of-sdk-docs/docs/learn/advanced/baseapp_state.png b/copy-of-sdk-docs/docs/learn/advanced/baseapp_state.png new file mode 100644 index 0000000000000000000000000000000000000000..5cf54fdb4afa95f4d57ffd6479b2aede91d5b10d GIT binary patch literal 338941 zcmYhjNzU_3vmN*s3>bwA*ki-+us*;w@DKLQkd4^)Jvq4`DRyGtH#_h`JgueFKD-Mj z-|reQ9!ZZxkx4Q$GUCLEllt$LA^wMd`Op9IkAM8*KgbgA{No@0?l18CAOH8i2V2(v zM-sum|7&$b_8|Nme9=Rf}4fBa9|C))a}Y`Wqff1%vp@BTuddR(`^Q2s9jNvG+b z-zKe=v|s-@6dTwCzVF9xQ#Qr-?|l#mLH`>B|2Gu!VC*lHfeG+}6aOSBDEWK;v?_*w zYY_h@1RD6SdYU)GHm>zwC<{Kz!&Y?QKiCXjO&7dG;0Z(j3giDu{=eWYGfiC)7Ma?B zYY=dh{3l9)&Hq)EJYD+>;lTT@X$$aAEb?}I58>)%?7gDQ9N#+}moE*|KpAIHP%g z&W3(S>5o-buZmgNY2z0NpFZM%p03!2Hmv!EmjY4aO>!0resKv7yoDCkXgnGW(;a&lV1 zH#f>4L_r@k_`(ox^(Zmioh{!2y(VZ$X}&v=uHI_YSK4IoK>$ziKoa%v;$flhThPJ5 zOerq33C37J&kP-�DEBy3G%(EP#m!cyW~)nTBt}?{jxWD`;@=?yy582=}#wS|={w z4d4kL5!vz9_M<5id?3m9N{;r&lzahBC_E`I&`ur}I9WkTlOMB)Dy%p{>|DdhWH=e7f4)%SznAgn+t9)IQX|TQIkDhtZ@GC0Hu6S(Tp6Xj-y@$K%xB?| zlOYEGxk!9yQpV)NgR_zKwv#e{m>@j}Kl0GU8Wb*-gHvS8~6?|Y@i`}gpRxD=Y$rB6!YoI^yh0PD(wdFm9W?_@KJ{l@tACF;oCxXPphj5fRR>-KQlXlu{KgOO$vOowGk zVm^+aV8p%-z-ey_dzu;O~@$HN9 z7!i%)rP9JEXR#6iee_c$4b7NWh_2ABlMbR_G>jKl<{=7YIomC>d~M#jiq-RNFfa@~ zKqs^K#|M`@?BVyl-KRW5IBvts+x*0A%*_F(drv8Q$OlW9Ah<3_yWCYL+~%N(9PzSj zAI_@X-G_*f(;+2hoj+ng^_TeCb0XUEJ3vf_q~HVxuG{+=uJS$37ZJgzE7soj(K!`^ zG&R7fbvhm_m-V+wJY?_<{?#*4d2(l1_CjS`?^+UJT>kLfzS9#$7 z-PHpwTMLDXrFg`0P;QsMz9X{pj-hs)TP2^->?Z`wa&{xWU7v}8XyMO#={;t&3QET& zYL+wZW;doTbkE1S_e>|bd%4y{0do@yO-d8&7x7PG^5C<;^W+6Z$x*pajVXMEncwN< z9hzSzEp7yA@}`Iu%KWlSNXhWr>Dtfd__i)*8kMJK{0h4dRfBq$4jG0KgHY2F$0P(} zOKwkwB;RTN#GZO_E4!aUOctNlKL#1+JBSnqQ_g~LAh6D(5XHhe6Nw>IxY-k*CU;Ga zkT$n0@cx2YR;pxydCO94b&BDcTnN(a_tvPO^G4Zac51FqDhkmD;Y>>lKO#X!7;c8EnL88SUtHQT-iY<8HGz{1u=f=kv$`9siq!Q{N$^8;{N`fllOV(6Fj~o^MR`PcPwu zFZVsdV}*8<>FGK(sm}$j*UMzB<4=|DCurICy6euK=w}E(BSG#*t}p-|qvWyi969eE zp$k26$VuwS+_Jq!tanFh{o)@jPdhC5glzDwx|mpt!TWjsYc!5j5F2iOe#oS1+Sabj z?v#VWN!4sXT~zs$%WFTVhWH;uHfN(_x7$TDVZ}f9V9T7Q=ymTb>n5Xf;(l1-{^&&r z(m2|b7<2HI^`FvUKs(WScEkt6Zg%is8#rWWckUNW3PT}m;b0b5ChdNaj}#UTbDbng zO9aqyIZI?5oC(LJ79=g7wrhx+ZI?~sa-yIE5$SBAp_XPzAj|7H}WYg zkNM^|wh{P5NO{XDo2_v2u6*kW*;^D76nFc#B^nq9-dfy!Fie%GWG;)8r03IG2Uxff z6_x%d4BCV6yk1)oidg%_MfU0P8Oy40?hFew1HP!gzlSSi)A_a^utkSH-QF8MW|j*d zjZ;4uTr?ih&<)f&lCPHIs7bO;XD#mMYnt#tsUK){Doq%mG+^rc66KCKDiRpw}Wb{u0gm#Jtt=}64E zp5@I!DT?14b0~oJ*^I8K+dTxwt`NCfW=mDnZqp~E>baY5m}bQ* zkZdnXav94OyHBB2wTJ0MDLzfa_jctx|*?Z^Vw|j8Guo_#@Ni!#kc&wM|bsem=9v{ z#_}1Z9jyfdg)7cYJ|6S=?a%jFJzH=D5OD@hI#9mCxXCLHo>J2f5`Qh@ahnDbUES^k zQld(}XNtK+HKqZMnbqLvb(;fX%+c!o)Lb|9gUvZ5%fQXB=r;7MBY5FTZXk*C*q+6R zcD6_8c6qfsb@5w(fbwcmZEUBe#%cDC;*Yt73 zH2ZimC)NEyhJr1-_}#ZD)&0OPVmmT62_OQx4XDr;zU=u_q3^O%a-ZR`-+_2_o}C|D zxCp85C!6%}n{NSTEY{(>qOOJMyma#huoSjXDOGL>Z&vOCwj$S5dXG}JYt5coo>z6; z^rd$j>*;S*fzoA*x+j(Zikwcr4``ie)6V~3s_UM^Xt8EJcNrMSIJ%H1wW7l|H_`}6Ha5PX1uI$V#b-}N3b78x9H?rcL)0vXDBg@ zB^aFlbleHJh>KzPNpXetV97*b9fE*)vr{odbjF1c!^ar?j*@9yKZ{rloSv;TBLo#Q zP16z@n18xH;#_f$W51Wru5}4c&s<`LK4v)WMS??;IHHnsmcEaZXwlQ_t(34Nyl&8C zN=Y{_R#j+KM<9p+$qpMqN6K1M*#<}Tb<(; zJ5;bUeC`$U7@okzo7L;xx(VEG_H2-dDfBXgd1H!O?$m)`Z`L{Rh7d1at@d^yXoqMr zsceX9d6NBDy#rMOzx;Ym8_YcC?OxF~00IEL3|?e9;J(+2v5VSBrHD5Q;_&yrow(X? z7ztL@3eCm;JuDMr4bq6jSVi({Fq zQbE@IdNXsl0kTWGJ`qIfG(@hc{IOrSieVbadf6zyb}7e`M?*+LOyB#rM0ouVo{2MR?vA65Q!5Pbf=b5xY5<6)< zp3L<`;JRnK$v5~Rr1+*mI9MvKFITnw2Zb!*rzXr{_xzNk zRDihH+Wba-B}O)A@CW1W_WeZ_G6+uEAOt*R#Z9Dq`A!}QHtoG*l2jDb26b1XoShHxzR1lIVkD zW;_eUa}H&A!N^7ARHGf-M*HIDI8dzEwCXs|uUc76VD@YgF!p?X-dWj%gmgUX3f^|S z!?&9MR9=>TlL4liC`4XIGnk$Dr3T+o{Aci|Vh7utcT5z{%Y14F^Vio0UKi=@ov$z7 z<9RN?GOWmD-Szndc`NQZHr}D)C}2`5u=FQZ{oM4T1ml_=M!1fKoyGd6d4S}TI2feZ z!kz?v*ieq0Qov90%X`bemf{{s*QtY%Dwab$m!Ek<9Am{iH4;F$$JQb5*VFTC>KR1B zpdE9P+g5Y{lA(8f2!X?FE~2y&a1TPsRU^C;xrh}S`OY@fVL=ir4O;t7SI@V~`Ow8M zu$|AFpDk-LOP-27;B}phVtHOnp~I+=q0a@OjO~cP?dsA$CsSl;ilEx&@8J z8r4V#sTl}V9FsYg5cx2<$0X3leBoR8^dK)AF2nWe4goMt{Z&vbAMBXY6m-v*-PV-D zzr#h!RA0B;6fIUf!$^5J&56#N44al*pe*h?t3Fi_k$NGoz+&Ccfar{dEyA94JK((= zdD{fR7!lj0AumrT0*Ltnx>}%SnU6Y@;eLMCiQ}Yjp+X<`F&z7joe^_L`&52MRm|x1;1&cO%z9Z%Q9v zqu~IOL=5K82>&2%`0J}N@Iyia@p%1G(g+xq@AIJ(clo{auNQ4-P!KWl11bDROp=LX zjn?#8L?zAF5~ZS8Q5wcn0m`Z)rt@)8=1~LeYw7O$z4%@Y z?Mkb~-XJZ}to7$uErVUIP)Y}_AN$@8k{uo;bqq4_PUV1U|MOcoDGb%D%~V z=?TL#g&EsWEl!_FfVD99_bpk#7362)*5{8}**EI`)EJdnqOSQ^O^kXeS|{8vR3u~U zEAFKW*wT3yD8Os_=>U`kwdQr@xbOr%0TU-l;)(bmGDwz% zZ!0YX%MU(@l0|eh1L?G~&}Br_TgD`@%5MSbdw?&W_WYQJ?ZA|s9EbJgoWB0DeB&fv zUyw%-hXiOJg65mSo3}RQ=j$!t7CsRJn|dfwopF&y zqCc176IrVZd^(g!%Hh8*7#4&Uz4TVm9uIV9=CRTrcIvwsH^6#AxhSM;9~l%4@gTKP zT~5T78Ca(uHK(H&lf#|F?4Is;S5|U4C~%8FdtjR&iK2pNw97} zFbFlP{=SV|Y&3-q2%m`c5+=#WS(3OSw?j9$qe_|@eq)^LzM7wOFaX0x@)l7p>y^S_NCm*B!5fq%}a_Ypfuv(D73FGcU` z_BJ6iJYO(zEteVoqt&VOu_jDN=A=J+xaPZfu%J$(%_G%|p9E`CRZi=Gbzgb{CA7yh zp@4z=%xzr9kQQoFHRi2Ug$$GlmG8f37yA$vzsq6W%jJAV*=?P5cfZddcpRQ`2@PxYGk=8UB}_rDH^Eu#3Mwu^y9;QpO3K zXwfaHfKBQLW~?Nl5i|6g)peS(97$mG9hJF!S?hdsoVeUh#qPiov z)Fth8pk36NHt|_gS+;{~9f~{zES7+!3=hZeEs7^%?&%9bHKuGc_;seU<2PYx3sEOE zmplVrj{pp(FweIU+gm`>{0NC(0}?4D7u8_2A%M|@wmIsq2UtoT?Z>8RV1@-qy}A~2 z0Xd+3dR5+46J~xWC_OQN{9g8|wOjyARR)RG6Ql#66^t718}_tCguR*$V!*vv*Nguf z5Sh|?`KW&Ee4mXWa`K@>#?g1`_MfIE!IiU;F#}wLwf?DCAjwryU|E6*om|5fs8pf) zuX&tPT7M+XLJU&1k~xj7`0>x)g27CR&n7!xvO{oE&ZNPr^af z>!`^$DfW!_RmHeq2_OXI21-K!uo`(s09Ph=#Gi{S?akhCR-~;JH=6fQr~j$UsM&Fg zt({EDP430WebmCtLYW`1F$*Ud`XGH;E|^hB6{f0pSJ}nuHHoB<}GC% z8M1pCMqGuq-zw&cb?3NzHkU zqdy4lIj$#PS2N~O_mO`Uw*6*CuRC^MS|Kc^40yCoi(6#&Sx>ks7C(xI`C1OB35b{5 zi(y*Coe!hKG45eb-v>pyuaniC$A;8L3Q%6Xsf~+5i+UWGi?>6RQfNx>IUSqEHL3C^ z71r;v7=^CyY0l8_jdMTJgQnkS{5pfocgU}PEsr;TVH#ijNA#|*VT!O8(X)VR(0q}D z7Bb4?ylE)(BLWqbaTid^@bT#>X-Ya~yimSJm06vLUuX@qBCi+oR@RB2Rg_YS%Mjsz z*f}d-*pR9hq5gCRbx1j+eqY#(qV(jgi{4qiVcFw#Yevu1U(s*NZ}F(8Q38e*kPdZW zT&qnpp|F7wNcrXiTxl9i2vhxrr!@)&<}s_%n$Yp%5_kx@T!#=TH+Lu*_p`RjKu?>l zjjFSJ-XzT9x93;Xr2fQ$$J=y@Wl6kmWTpi^j+S56VOAPMQ^|K-C3>x&M@J``Bi?Lq zEPahx+ESl5#A@oM2m>UuRt^dhY2W0C!|A7gu3W*!^}K&B;+7A-2fW*mGP&vt{0ZC{ z^wMnzt0Jr2o{uu{;ufirSO6p*9#kYeVGCi*13&PyM%^p6e8M|xs67j-jKu?O>fXRYL3D)k|_#7lta5iUk|SATrv5h9c6Vs81rIjzj2yj zRwE%ewl5e#ddI!e246(dh82jbjvRuCQeU%+XG3I|Qv`tSz%If^&6qg_xY@4fthHNb>Qf06^{VtvEDaNSy% z@^pgdjJ6hSWV>5QOkg~Yb&m!uQ@VgOX-rL#ccV9c(XWPth&9mtWb_gCdI1 zuUxCdQkE5he+=zP1v5<&XXt6|a0wsu6s!Rl{0;0;khQcFL6|?vGAlKtcS}i#w@;<3 zGnJwsNG?j~mhkrC-QwFrG#f&Z$8wA0K0%9#{@S_hb{fI;2KigUpxr{ZMSRBM9>!ofsuFD&|rSO zsHUa%IXMRvIl@A6L3}BWUP=fS^!M_jUVyVi~XkN?u?CdTLd$ z3x?q$duy(5IvguG-wxB4Qw(wPD54J?R31#}jq`Qr*~dWGjKx_Ov!Trv=i$morF@ay z#4_mb4NSs_1(YjN%Gn9~I)P$u)hx(&H+6Q#(le)@G0#E3XLDDQ7q!-#Ms~IDkh78n z2n7lsi=H7Dw7#X6(cv@Y0YytHG;V4R{H^W_^D3hqF*u?`xL!!6;wxiGBWwIx{z{#w zv#XyDF<1sKfQQAp^|OB&ofqJYYLa{(l2Ue_J}H?sv9q(oZ=-{$18VQ@Y`BpiaV-s` z7i@V}T=CiwZAk6e_QmJmcWrr@gF&|9cb8nz*%llrSite|h_PtictDvxyns1lQ>oRG_I6Lq z!mpPzYOCNDQV+fc@?7yZuV;A;M}gH`!6!R180aQI4$9{FU82Kq<=&U^;Nf$`ufsg* zT;2Sm`_x)c*B^(<>LP~)Z)($H7GOeWx9uq7sk35bieDoExdl7+T%haB!qtG+? zbgreJ4mVxd_oQ@mIqWmiA*i%UP;?+koxiOMIgo$t4@^qt+lF zpl`@22D)TDS7qp|ZFJKVq*H{Fj<{yh!TcY`LQSKH^e-M*3%Hymcqab^2b=g~I3NV- z-(g#znh;T9X@~>S4QHD~)+Az^&-C%hQGLRj<1N~=Tw!NA`C9;iER>0oabMaL_NC6R zqYT>-1!{`;$xuqCt&jgT3>-N66IOTZH4LNFDg}`0kvVsa&<@U#*H!ddvRe1{mAuw! z4&J!+^FYI;OC^*$AwYLDbWfSgXI(qX*d&;| z18+ez%^YIHOepdfY^wJ{Rs`ww&0Py#G^oY5a$4*?tMYDHoqrE|<7&|W2!POTHCf9< zb(G+zFz2uaYlG^jL`U+EYB>H--!U~9q;E-td{V@8r6R{>$Uw^5y0r`_42|o2MnD zEkGF)LS0`f#sW6|>;wd%UJV(PB%b$+jzv{fh&CE~ihZSkX zo$(b_APIaJE7tlVlI`Lcib^74w&-j?^a46v{4HMnH5Zw4W?%W^+n@LpcN z(7$8{mc#~Dj~5Z(;=WL&Fz>h>CBx&@egab$vb(e1G760F*vowpgwZe}YN6I=#zQP@ z!jD$BhYe(`rUw`gA&~Pq^NiQu9Y8R5!-G)&+7slQySBZafKx zkOAxcd5IOoNqla((r@lv{cSA+F1#{8Hv4@E+)bH5 zS(8l2CNCO-q&@>6p{_tX79~hf3UoXIuc-%Nc z#I_%-;86OUxGM>qPRC#@N`h|OiuT3k?E1z4EmR{Dk%$?Q`z-0o!Rwv6}l#734d1+IY9XlhI zsLhGRuawcxJ2M}JdgE(OY-d|?cgOz@U+C)-)B&yYMR#vPvuaRQuN&JOqRgRm_h#(^ zVmjN4!*+>=`S@l*q5E*WcJtmk4%kkqR?h=ZBW&*IH`jDW$e4Wj78L2g#s_dNkn%PT z9-+xlrDO2Ncmn0<2*mI6M7Akvxgf6x@edka&!bL9(Xr|q)5+JI-+NS?L#EDtTQ)b- ztf8{qPZa32^X?@89k*?_XXKVIKmu-hb3MFTvWvz&!cjM%ed>)OFWzpnVNzZ7=xeh+ z_Zyo>9&1+~e>r=f`;H@L`9XiA>-p(X36h?zFKjrOTW*?U^HoCDpFX7-IRu4~Wcv)C z0#j?*dtE2A$R!r+z(yACDZ6pV!F*!z`9{j5{*_vmrhIIr>>ok02#qLl9#bV`1v(Hg zT*5Cx%&E9)*Vkd$rD!2Gf+x{W^Qr)EWge_j|F7`w+?auWAElS$E0B6gLBIgyol?7JKx=U1zN5T zr0b}4uveiQ&83xYOP`7cQRFbiy3GukxRWT)#?NL=ji^yu#fHug$v2jYfp>5Tnr-0O;caAfP^e_WQlmnD- zsW)37&VXh?oi`Qm>5q!ZzJ8qf5WhvpG#N!7d)IG{^r(ss=Qg&qYqDb0{UkA%9??ht zz&f+9NKQPBI!NbNotf8#PXyWAkRZVGp5d?QDEB9Wel5XvAjLeF?@?3zxVVa#wzMx2 zY=t0br+89hGMy%WCQvt!JIDEfDWdn?v+@jB?(iHyX9q~d7gxkAY9c$`WFm5dkD%cE z&g*6Aul7xPcn#Lpx)<{3n-d>W{pQEk^8+*V@hlb^4Qdd@&>!w9PZjkOH{kZcQ97t| zINXAekm1xo-<@U=Xj`(YN9NM=+Ye607)iKYg~&HE7Z=9))7lC3bbg9w!Tkex_D+cy z0%HM{9ww7~Fp(n@3y>b3W(1=85&}uW&ZOnbj;_kmlvTku;N%~77$1;K-1A7TfHk~y zpocrWj=2p{0t-4iZF{Ug?(ZNJ*}_O53LCzg?4b?u;tr_FiM}cYz+eju%wUb1oaxI1 znZ*M#<5>GJEd<004JyWbE!4meSOw_8=aplkjgE@b2O%D8G%*C!)S4(WYSd$tA&XRR zQI;-(qc(j$xGhGSJ=vHBN?BSr?gkD@(4rs3JD$?g7s4y^EXTeNkB0urJ!f(%uN_S1 zNsLoq)Q?1LT@^VJoJ#8DM4wfcUn*BAqan>ZcL(cVTs;pLS$OOhc`FZE_7aH`sJSQb zaIe$pYFh2rWtW`W2WW$;onY{bN0kZz%z`pSMX9p8xPt7PoD5Hx8R4;B>$PO64B$}s z$S2@ezy&J!ha-aooc3PxR{&a4ofW_H zEMLp>ea1{*m7J(9 zR#zQn1%|r^-sT(VUw}{=v@mrYE)8bfwf+Y108#P!V33;KM&WgIl^ofot0oW~b;0Xm z8`pXcc}XG*uA zH_8TtohvROB<=ims%B36K(R^}Ch0qQtTz>^Db&`#5iCG#$Ipg1uzB$9J{;wJz4SNR zfcF#j0^-pONIH@;<{D}=ep3!MXKtqOK$pWx0_J}M>DR#D=@&vO4AwZ*v^IOsdiZpk zYF%I0G!$$1d8N)g00sFE=nw8aW3)owXHlF-g&)=y?!Xn%O~(so^yDBHe|tZwsfq&R zy2E<$%CdSZRlus*9Omc6^&iVu2XdYl&emBwv}5y2t|C}#Q;_`t_z4q-_;&qmTl9-+ zrEO}V`Z`g&nTF<^+FPy?#t=XAgu#*1Oh`ZP z7|yM%cP4|e--=WKtG?bz8We35fyG~7Ot2L~c0&4@fHKH;z{^C-G~lasDW^Qr67*1b zHt_owJ;F@=(qLiE&@mi_fGq3aKb8avD(^}o!Iq#OngV6LzBLu}Bw0bczSoLt?0c7IWaPrOwyD~wmnn{AAQ64hLOT`Z8N z$AgFuGtd;$LL|^1sB?N?exMo+UcjQgosFe1WIskN6aX7Zd*f*jO#_A+!~QVVLfH~v z{oO=AkR7o+E5(vTIY=1@KpjoS_rn9ZD5kwp#@g*h4LnWDuuo~B+zC|Fk3Lw~r9#BM3#Zw|MjwAvXKtUM-Y z#msXMM8GPk3Id|IAaH1}pLwC^s(4Y^H&&Avuwpg~B#;NfUIbX$tb3THbX4G=fG`DL zO(kHZ?9$rNlXVigCKc6m64Wez7Kkw{$Eo?$TMnnn-=ySA67aBt-pa0UkJO&F%v>Zh z2V|gP26D?hRYe59eb>;yvJ2{?jiACORs0R74$d3+CcgtaWI9*mKv~Wq54bvz|LH%l zpu@JCndA*hc2l&-0J;4W`z22R?!S|hw_n#-SrXHrnB430O1^;8OG1T0xflLlwAtri zUJ1+IO?4&yVc3e(>(a^Ec0v^Cbpm6<0=$DyUo<>@YwWVBWP*iH@D|0(A4?J|F2CqR^?O@zE+JKW4XijPnA?;sY0TMtMpTjOb15M_V z>EiXuNs0m)H#1E10D_!QK%tyMNb-8BFT(>Rio0_}d?9>{SSyr8Rv9gu$c@ zN)7(3k3ZSOfK*EPXm`0}2v{};+RE)%kFEi@T$b^R6qjKO@w+eYjyKfQ-W@%X_W}HK zV5UD32ri19X<$Ztd0vH~O;Y=5d)HZz?*9yHw!_Xxs_5f|$yc>j5lzr zcf|z79rOdt8%91t{Q?3lTMLZL@i4oB3C4=1?yy6PMkhyey<}pZ0c0sv?C)}>Gs-^w zIvTfK5?+jx46w^OxryN4Q?B-ak%JJ)m#)n5u)XOT*JYhaxM z-IFeEfj8d;xK&}N#Q;gkN8=K(s^f|(1IX~PseVzHIXxE;A3yYJo7qKtem_2wJ-B9C zYns0F`e`Go^C1ote>G-gu?6BOJ8WJ*oy;J?V|hoaohN_09Wt}Y5Bq_lJM+Zg)(oe^eKqQ`C>TUxKh4#CIPLr`5uGAHrgL(#LTs(} zMUIdF$;1j49)qg`NA3vezvH2~KTS3Sv3-`zs9?rGr zWg&-b;od+Xa|_2uXhkZ4(j+V`wN&VfC_dkj`8CE=$9<5B@Zo2TBwL^|vF9Cm%Pr@s zN`lMCU~QwI_78p&#|bY4_SEPf(TbU+wa1(ld31mQCyW@E`iJHo4TF22q=7Enc>q>r zfpqny<}$E0)U%j}F=e-$DKV;T%Y^N8$gNgs7d3EtX-e~_CqB|sGz0dc-Ar=k1hS1tbZ|W) zcRNy(QBdwwKqi2tAR^In>;^w~paik(xei-LpWRJ^&Pl+JgoMWU!tzHvn98zu8sY%B z5zulhbLOXY6VT>CV2v`F%x@q0K!^DIX$c=B+6DTH1soC!T?BTQ&#A{0>z>cDh+E8O zpsXm$k0bux?%n_s&mwpW)GAyUG5Ey{!BZSSSqZ^I8F3 zR$GN%rwABC2u#Zef615ZW6Z}SIUoVq)7v?ez$~gHYnk|lfLCXi7w17ytsy1_PLpJO zZuRYJAIJXPAfPqKDC+pL#)!D@EVjU+xDf2vKa5@d&{ai4rX*jS_)*>9+_<{+sBC|F z0^?vOU;{Q`i{m`KTY25HL0vzm!fZisfd5)QT!Q(TeI8U%?*~>`CvD+1giBSebb;{( zH@rJAmVr&bl`N46>>ac>Zn6>!_``W(Emk|(W$l95#S`EcO9GSKLk7&h# zW5Yl7A#ja@aZFY*NpGAfGjPMKxb?w@5}vZg&23e?B;+v3=At)p55LEDM0h_0`5}B9 z2Lx_@<|Ghu*Y{TyQzO|I5gEZ^A5GekHwUT@+S$%QpOyA0zaUesYWbn@?_HqvSf6@} zZint;`i)Ur_RZ`X{JMyeKz=n??_i8UUoKI3;ty&CeRY#4eLT>2p@VrJ#UIIkz#Ih2 zqKi1|3`aUEb)38XJ_)PP^w0ZqIRdH{`HVl~+G@?8!m3a!as&Hvz7$!R+#N^%wfMt1mxW0E-HF8eTVo*B`8TXX6IelPet!1b<9>psClPRRLCW=T$rS zRW`apibg|c)77T(m;=-Qx2 zPr@ozqi|1*9EPQ&A9ok1)f%P5F}q&s;FnFRH39vQ=wmNWG#J-prL0Ead$V6}YtjMbdR`If}&4Um}M`Fv(<0 z=FONKOa{Z(kLWq4cedLBW2h>rq#N$B4`}o|B!91h3FjPEwe`KN?MwLN72*(h-Eu`Jq;fvuoEr#d zPb(HBZk67h>?b^rJKR>k?-JsD_W4r-0w`+W)Wtm=K6T?3uJHYcSn|BX>&HVr_8cyH zO51$>B={eLcPw=!%HXZdPbl;^UM$$E7#EIL*qdX?bWL^~nz0p90X^CqiG%)~1XNJ# zUCEP60|s5Lk?NM01YjSam${%gjdV)q4bq+L$H3S56rJCv_@o?H4ZOEn{cVf;+8DHE z(fbR)%YGMhgm;UR%AYZreC)(OI~dT9Zv<}oUHU0B=m7EWeG$Lr)$l?&M*Sp}-}CB^ z&BsGVU;!OUq|4_BviTou!|-?a=q=Xx%7#YNZR-a`IQ-Vnll9hOji&dj@O&<X}oYqS{_;`1MV*f)Wak;MRUmrl8rG>=`zIx0`H}5RUhFc|=fuho75=1*>NF zRfiw1zVk*l#DDoKOg0l~Rb*s}@NNE-GhN`S2{;?@`D7E1vcUgR=RGU1ecmnTeZ~!E z3g`8{ceIorN>gF6T|dZB;JsP&AOoOCy#w_fxR0}Yd}QW*S_b}_fZzj1qur9M;7s076A)6&7cqwgx3K5Zt)j&L-ch?*1>7u9^Ee$>PNnMg$1>oXimM>FK)GTDMFNa2yuDFs| z$d8aJN%-h5r{f%il##Y{O$QYr6e2zd9MSEgBkmOmYB)T=#7m_wpZTMLCeP8mN%qDk=(;<&9u7wcnlUQ6LUf_#a3cGq>C(!nO)3i`zIDbpE9Wsp>S|1 z&x?^|t9t^-u;z>cMlO(eek?14qd9+c9ezubj00}lu>}Vns`^Jr*o4X4nZAE`VeNfp36bLWSQs`F(xa)5z~K z>UqWL4hSRtXImo@i->?fiKFA^FSsm^;abGX;R`-+EuR`9_p#WW;3Z0`!_&uR3 z7AZm#+2(y&Xp(i8%lw?#J`m$Cx}%a4O{yDtX&0T%PaMk}k#Zdl8bhCH!MI-`^znPXGj0 z*;336n-RF4Z{35)E>{V<`$EGZlYS+nH&Fra{BUMb7Re@DC0GJ*DKcJoP$_Lb}YGU4F2tLZ$Yk(~^E2o1(vCy5^S#S zXZT}ZjpgYmI5ehFScW@|e70GZ1`kd%B?8;h#|9Ye{ssD%+4{IA_jO7rmUV`rmB6R2 zOCf0&{vPcrS1t>`$NP(4aVLzd1=sc22JE*&PyYEzmVq&^7o0v&;DW?h`q`$utE0$s zecqe6*p>vIjRz1$+UW%;O9^N1;m$koWPXR2`i)x|`C7iBD6cd`E1Z~iv)*EO!7rZ* zXAYhV!OcAe?~`1kq?a-HD_`(>t4LjJAM0<#9O@(`R21kG)+{~*5(&JlZmPo!RiJhi}pYjU{DGG`-u(c z^j%2*Rj>q}EB{L6x3m&3g1#IkYnZM;QvSrz2eq#R@sm*H1jSUS=M0yy0PFIt+1XNS zIJAaE=Ux;m*ynD=4!;rmJ|Op1x0`|nOjg{!I{68+Txu!&0kj#0UpM6i6Oacq@4o2( z3vS)5d8x{a(wE(lvALEKq%QT0+s*m)+q`Y9D0Mq6;kb9C{ z+PlD1Sj67S!= zHU81}h-U*2^jTou@%g8L?1+AagVw*QOEaH-&4BQran7)@y&jLsmc37dB*0t_{qdWy zbtd`o z;1^t|8f>ai7`gt9dm*JY>>ivOxr~+dVSgyjdhH(8+R<=Eu|#di6xpv(V1HyW1O=ab z?q3l2fnQSDRqoS?9uXnbB@@hC?b1MBM)T!PO}~wGEY@>N+2YZZm?vOjPnJ71qOxH9 zf;agFdMm$I)e%10i`-u~yc%%RuB_!<-DwnNBCOt3!~jINW`PcfwaUpgBp@a!>tTA_ zd)dr1cCG!^E(5JtKz3Yl7!kk`7CceY@4(%^^g^bO)4Tt$f;*W<{fe6j?{`+1zj#mt z{si{IL`&CtUCY|Cf)xU-B`bL`=cRD;?;3Jmm~{c92He@(riXrC=aU>4cZQ>)n_<6_ zd*RcvNa)|6Bl?(Y|Cd$5Z@g=O-Yfh9Z>Xf%Zatl9)*WdMtYg~(imZ*QLyC&WFV2)&4Nan5c#%iW$ROB7-fIlH$`bbgu^!a@WT$5j_<`2yT9l-%~||YrH6f- zN3+S*qexf-bg(k$7xGR@tDyv~=9xChwjsNuhYlzLq3LUYJ*W=+^QdI+1k5h`1vHC#-zi{T zPoQ6+Ln`4`)!$Zn@^%*Mc@QXMmx{U*VOSG+;ayxpQ;~i`NBu3N4!pvy1U9Ujf*^F^ z?%ye<8JW1(olgK7CfHcYFVUvQSBgLv`*Q-GORx@^F2xVXSBa&BW~d)NlZEDAEKXO| z;wD6_YLUJd%bHV-sy`Q(p~ovaHou;24Gs-tblhJ({lnzCnld?aPd}(t0NsqTGaETJ zT0lOJH>gAU@k}!7_3m~ApfZGA8KocqDa;EX81W7l!M}I;VEoVq5M?^#IR;Pq(+J#1 z`0(5v*U#)?ouYZKtBPLVC4Wh$UKG8HqGBRaaPBZ@)6fm2+(m7gm2I2>Xj+%^sCW#*4rmPK=gt4a zne>Wtyad6@_hMy%{{|))4r?F@RjTOz@@@hDN`~mH3ZF%P?OW+cV!j)mzBA+OVrK!U z9lp4D#igAZj&~l2*=hipgyxNKQ*~gPONW)b>a1AV7{jQvikc$=F{eYEIJ&-IW+E7B zS@h3OyvA><=STg9I7aE%=p*;U{@}CqnoyNxusYqH4J5$i%zA8=bVi4%<4}Hc=`7)f z^A177VNY=-HThv>ii4o7TLHqe<}-3PvLUm#gVs3MK3mc=Mjj7b5SZ5+-E*Cpw0O$F*f*T*7jQ91u_E( zx^=S&JD@4iLg;e(`8Ta6-CqRIO{ERw{OvbRN@B~swy*EKsX{x#VD`$ILScgRvoG-7 zox#l`v_%nPK?7Fxx0Xe5rFk6leW8OsuZ1`cy7ejmu2jUOD1s>mN|(wMk3GKAnE3;- z%-o_iih%DSu`Pl7bv0{Asp=0C_`$H_mbURYE>GgQ2rL>trA}-ajlzu&|L`;3Q%bTF z6eSy$?NWk&UkgEgYe61zVIJ6clYV!B$kI>7sTOHqL~K@lF0CwMUjM$6jh?-*9a17NYs8mg_cV7cJCb(e*uL_$N!$7 z??T9Y2^>B3)Rv~NEgkmnNZvoU09yBl3gN>kz=h+Z$06zW8UZ}QdzcdtVYl9f760?| z9`XgyfD7TNk-WzSlTMQO?GC8RCUJ1ysZsrm0IdHFOMNNc?~4__l!r54d@#2>&K-Wh(^>Onv)z1>g3!5aPW~)tbxpM$E-!{)drNYHKpEU^VahFbd|9Suv>11R?5VhuPb*1$CA(Y$ELQd!y z;WccH z;2$$C*vX0Ag*dhF{g58{_5*duMqFT2^5K0dvx2uWYP_2#h^v0TU0pXH>ElgKSty#}k}p#$B)xwsQ^2u1yc%AY0Gm_+ zSk}WjRBX#9LwWC1^De8$MGNbzI~(47LsdiqO#d{qyRj}H=L26bxd#PEqX;&5Xykv| zv9Pi|Lw|2eEKAgALsVXgPBM$83e!&Y4$}ZT?V#m*K0x%6;XBG3LWh6AG$1L`@!V#5 zImWl~*Vq+Sgc#Bhz{}>>3+AaCxB-pZ%e!VpSjSx7JuRC1^ zaqI7Og3ki{E_JGtQC2c;74r_#>Wn;EU`uyvX_zAXn}*02c!Be$?-kUyhW`Z}gl>X> zlI5VurV*~_lAeQyUu1EpA82CrWxq1h{2Hs!A-e|7E-xzV{&u)RaET~?Nt|coC1IBV zmSTQTWZ{dJADm9TQvd@8&Bi|~C?622MAgH@MN%AM*P}h-XPVUS5&J1`ux)@98k8;z`=(<9jMlCe}Sfi^Glb0;;{u;~>=-CH5QGbnpWFgUP>x~Ttu9plYatD z8XQMD;h*4MxVIF0pDi>L|6tkBtQUhC+9Z}LgK5}nZ)m{0OvO)qP%P^+b|VNeQWf$H ziYRI{@0AG0s4w?k+`qWIauM+njfL|v(#ECf$j(=hPS4vW3v6^Mtj|~HH(qJFj5sW7 z!!dO(;0*14W`ZH@f@$OnyW=Z3KcFYrhY@s3Pfg=IhOH8(Frc#`0XG})?SX}M;^bI= zLgDt4a*+?h9mS`M1Iw?ax*`V9yr8j4`_Rmxt}br=Yhj3<%AL|f0Rl2(czL%EZT z$VKBHKl^GabGky=BU|#@bn^;w!SikI1(?v~da5ig3TKSoDT_>rfj;khY3x%|Xa*gJ z-Gh=^eZ;a9x~7t%NUB{TB-kr_9jO*ENZG{;2T7Gqnjl+}4m@Cl0!lUKt3OT)D7%|K zd8%KI_hK=~)B?hy2WC2Z6+J_piLuyuCQz%9yey!uKNW3|h?rN9UN-UY_xoNilY{4> zFW!OFp0@vC;QcpL1_!hiVhRsf)3I^b%1zKn2Elb@Z047}tzp_?!yaIN6$I*+)2~K$ zkCU?2gM+qQqNECs)axXu^z2x1Y2>gt=<^IAHzblf$R4 zvS^5QC%uNms^nW8?xCA9NFG1*0$V8ZtB*9UfT+X#{>gmMvvhu3U* z!MkiY;2q5_twLy$VD%pE;w5zb=nDT?Yik!eXhaCYEBfuvz^7FVM?n3ry!VJh@k7Dz z1%4xW?pUr4bW>9NtjPS1w9iqRFCV?<%J9*JuTiGrmAPDt=@RQYf>9*1sIIR$Xxp;d zw+@MP*+47g6u*TBLGT{nooG3eT2vY6x@EkM0ay)%V&*pq5ld8BZ-lmfw#nNUM57D3 z&Xc2y#F_S*Z}eFLXeAfcXbZRE6mO|(tKF%&QI>l(@>}6pg8=yk{$2?xspj8jTf#a+ zREu7K#S8LKKpM(xjlLfEmCYi#0Tqi-h7yNa3g@=$x%&8Ke<|2&)ZaDC`+|ihblc(| zLfW*pen6|N%g!%>x0in)SNJN79Zp<()7aR;pC^}&ABM(K(%{?rW7 z@Z6H>;eF^Y?2*u}@Y^=WqB}F7yQ(vQshCbxZrgt=V(R+;3H zeO|#~ux_LnCIsny(<8nel|cn?DBwd(FP(DxI%4$~-(!gH!~%%@uMX3R9^Cot4(P0~ z6s=eY1*bnTzvPfmv#~fEdjv%KH;+JNo9#gw8@#VhP~yJRUr>~7xrB?YAwjg$J?96T zB_?x^O}`|!U)+M9sE0iS7Lq?v0L?)RLqDK}n??(O4puO>h_pKr1F~7Lq?axypt>n8 zP8EP=Cj zHw^C=OT>lDZ&2BFzJm8L*y)Q|_wp``sz87W&b?53nL5PU2Kvw;Y$%N1`UW4q{@X|K zBN-aqBw(`zMucElq=h;JdKE17=1U&&4mLFKezd&+PNj2SEZBqj%>|3c8JWs~N;k-U zCmqNrrH!FidZb~WgyRm zx7^A-Zf#3mh`=-81;4zYam^WzXKJ>a=+X=StgS);_%j-o4D(5bsH9FGiEMXoVOPU{ zxunb`%K*0Zv0roij7T7#PetD>L@lu_ApHV1o2S^>u z)q3e}c;`f_7dI#xl7O%675!~flPaN>;0v4MjD*vdUj7v1b^dhkIpDxX)%cY^ckKjP z#OyQw5dLou@Ab-(-Vs-YHi z0NDj?j}Q#7PKE&$?cv$P%h^$C8}!@rs9prU;@WEKpE81m6>iKNB_U(nB=HOz_Is5L zR8Jq*WaYNB+{oR=Um*GW$r`tRGcgN71MnJlU+-Si1?xP2$J@3zKuZLBK)r(@9*p6q z`33U%P~J5hTq|Ke!zbm`qluKJFx_}-Y@iZP7*DI3J6kbM^ZolUB@hwf(MRpXFTsBf zMYGTHx|dxd$&B-7s*>f+Q~HQrwE}o8=n6YW02G)`dgo%*rP{~qA1QP(tDjiKjQ6FN z`KUsW7tc(8d^<1o1pT!)YpP80dD_FUVAM0~nAf13u&$p$hxz$;pldwP0lCEQnZY8{ z7vct}SVNO>5Sjzc>Y7YCm9&lW_aw`%25MRQynu(c?{u8SzzOVwRNdQOP%Q69|G=_- zOYs!>SV43r@>S`g}sRGUN|RZM67=EE31v5vo<@X*}#C3$cpPS{xk$o?_X!m zcD4J}@WVABBfLpPUj~GRERXjLICJRVK$%G6K9|H`a>HX=(=)V%b<_%JgF?fexR%;0^ICQeGC&^ zHMx2BTn5L@l;B`V<*!Z?Cby1(DNWyJ-lMTYLoxLN`XIPW+D2-Z2QYv^T%Ba@7f8@( z1KojBFSgnRmr-o`K0n}6oABRPEUNVD!Fu;#4e(?Kzmo;N*^6izDC5F|Q-@H{^a_l~ ziNK-2Pf{4iP;ncHXZ9%!sFFtCq{8_Tgo&wRE(ZVj9yL<}xI1eI$mq@`k1NG#K@-52 z@hYvHco$vqGo1o1!`Wp~yMd53h=lgLGLP6aq@M%jHZXBbQ|P)V>MWB_*pY!!_du_p zu3TxxJ*m{>PQ7x2R$6(rkKT9}W&P*?Ksdv*_nkrodz676!@lmnKrCW{YIo7wsiQ=| zBG4)l8WB7h*;mJG?Pqk1HYS_0h+62jA%zM=hzAPCLWa*_;E+v8#=J%S{FXpG%8^;< zS9R|ddEJ{Ti&5&FIyL5J?{MrN>z7z7KwDYn_ z+LxRE4Yqj%DL&N7H2WP@odBBq3%G2<<(6pOKQAOC>Y3V_V*Hfk{sFIU4mF_Hle&~Bl=Pb_RIjrVSn8~g}Mc^%_9h^OEdP6GWooEpZJ}#Pp#JQy2T%*O#|mQ zdq9uXqI|`jUc;izl)udrY$Uv&-AG%L3aAwx0C$PNUBrei|MzWpgp&YkOa=?vtP1Y! zT)>c~5R>XFERcfg)O!)rO8pyrdl1O9TIOz=Xwz28VU*C?GN$V zXpI<*_2vYDFVbYu8Iyv6_%@o1B+`W#iI0Z|LBhmR$9@VKE&LksOMr!;O`8k zml^TS_5&-D5X;F$|!fxHAVC*8|kBl0T^0rRx#hPE^ij(NN^bFJQrq~km|D39)Y zn6I*FKcMO%6ff98uM%^6C&*}t1) zTVQVu=LH{!KHOe=J&6^5FM;fD1sv$rx?V4ru?#>*rvh!`%iS0-zUf`dXec7eIIQcW zakzf<91Sh1%7@N7y77g24AGSgM!0^by;&9NtW8H4dv`DXPX!7B&-c`U5n+hT$qWXm zVD&U&=6s5pRNA z?c z3k)xN|{g(QJtJ@o3b1AV-^nq7k+i+ZjcI&`9 z=miZD_?qbpiyjkSZO^KP4HgJiu#^mJgR5LpaH9@FsAP5B4#q>7&?r_W^B&cTgT(ZI zRSnL0)hDlLbOkzKU{!Fs4bD0st>tAv`abku`948DBu#mD9)PBo9JBia(S`HdNa_Gm ztss?TOH(JyqJMYpIWN#r*v;)NW5(S}r)S#T_eamx-@PMCDjm)Nzgt7>H_D(;8M~1D zIQBl>;eN5r1JG~Z4QpVIzFhFKVsOmQem(j5&;o2cKoY%qI)^b+N-4Hh*aIvPncGq> z{fm2(fhEX@1^NM-U_6$yFy5Y@ATr=>5y<=uB>@+DFa=8@mV3v~GHc!^&YXrVNaFOK*=@$N;u$>G>rotA{R`YCt-WM=qdn3cn>yX4xmh5OUk$RSaTsQ{FtJ^ zC%z*SzVGR)jppVqHQ_9QLmO~6UY~ffx%t@(_|n1M9MC)z8#;eGzVr<_alQDqn55=3*kC`o^uVh^*W=|F>q53W+8SGMoa5bE$2Ad$KZBa^i z2Hq}wG~v!p?ffT!4_~@izyN5#9GvNY$XyON`XzOZ<(!R81awmZDm7zWO+~!}dmP^Q zO~>{~z(|f2%5VWXW5^g#H1~NU*I-`+tf1PxU>|vX;-*_M>)QEyYn|w;gzdAgS|Si%w} zk-V^+C26nKwc8Y&*=i3F*}$Q$1IiU&mH_2Z$yL0fGZno-&!6# z(1+hG<@{_4><<0g)v%nynR#0VW0Ju~Kt&|{{({2+N^tR%cZ2S>pK@p5jh9)WF71yb zX?;H*sS9k_Fbm)^Vyjb$R9_piV#0)j;WXUJpRg zy@E`rgS8f?nmS7nntz^)>J5J&VBw|iV*)Vsd<01@=nOJ@3jjTn{1XG4nbm|Z_+9kT zjhP^J%u`a07m#TnS-*1-KULY{Io&)%etMkB7j}6gm;w_SpcKKtQSa$id-#~r7v_uB zfP&+ANZpcXLyTkD@`4LUKd5A94LMDB&15D^*)nxEjNH~UrZj12NI^^0Y|#e2y$^LrP#8oEL2V7<*Mlh;h4MP zHa|L`kzgpJkT3hOsvSJ0=WE|b+eF(-T+y%PPln5z40EzTKaGqE&CO?Xk2|In^)RR- zhbO}WHl5Jzj14Ffk^Aw^A1q@abB zqg({q)TmIWZ{aI_#iH3M9CN!-&=96uqT@$S-B(BD(klO?rh?zdk-VhX4a z^EQkB^oUfG4w_dNJR(_gJwF40?%kauMV2X06okkxwIEN1%fTHCX6{vy{fIfx> z|8?beOZRUz$B*4u%F}HX5L6yWXuf*z`dF=^X#81v0x~*=-T6r=`rfCmTotZvCb`?4 zD)W~yQT52ypXtxoS^~bDlcpTlda$YGSk2wue36$bXl)FPWjMVs$JBU&w}K`T_gQ&2 zmLy8f@#FF>hO0{i1ZDix_dxl-?A2&33+B0a<^hsck1x$z_28^)T-_gDLC@RAOCR8W zGE&h)gqI0=$+*{{B-NNt$eC9b+K_cZYfW6%C&y-#*_xvPa2rn;f~WWAGiQ|8eK)uQ zj#(f*NZ*ow?$upVP!6=H%Uu~_9lEV2*k7xBb|z5Pkd{HjNaIBi4t6)?rT8&;dbX|} zornjxgwOOL0HTCS?^R@$z|4}HJ`Jc(v89z_ZJe_vD5&Nn8Z5?FG>m0h*g;mA76FS~ z>Xi2m6FOzeq)9pP?eUcWkPjbo_W`NP*&Eo1DR0*lz>_5cS|VuafsI}h2R<}q`6$=I z?!Cmns+1m}57{@0bk{|HD%AqA7HqJ=DZqkW>zI_B=}zmPR$NXl#P<&W0tA~Bqr!Kj zL&KT45~88OjN*4r4=ktxSUYqV+PepMq)@s)B*p9T(3|{aEO2&zEk1s&(v7NP8#1n7 zzj~{D45UCtOomYPX5fJ2EVl>mU?vT3SySf+CRI@5z8>9UTxCi|jOViTv4$M>(C*7+ z1nKg|D=0v#fR3!=@y}9tgEyP*>?nsWK9`Q~G`L1QnEHW1h4W3{M|Xc6)jQ;<0q7Gb z6AK#hU-x(!!<5`>jkLZ>`ghLqRFsIDk`%-pUT>qyv2Gpzsm=SQK-O4F%;A20t$f zFm%gtm#xi7uBrDc&TaQzB;dzPgJE$qJ<5ApY{y1Vf$IUUEM}xkteLs)bf&nc0tkQ5 zF3_-r(D`H(df`}$|62XeyzL83iEyyYzqQ~ybB_h}yLJF*EqEir0lp5eV6u%u>O_2rln7s`Za*0A-Bh1BT^B?w{>@>#rm^6SR~Aj8AQYrOnxly zdlYfptCzp0{7pNM+&xSkuXp1 z_f)*2A0mG>htD(VP!4bT0eZJ1=<`~bA84?De9^kl`*sdzS>Y_+N$WxD0T=^|Jh@Pc zKNT^!5%q)t3W?JTRlf{0w^>l-Uw_fFcvxaO=$ZS3vRIa7(OWcg+;}jUzd|XbC^1Ok zdHvD~P_%oIl933o5b}<>p&ydnX8(r)S@K6pY?{EXguiq^-4Z15rIBUte$cq;f7F)} z0=jZO=$E&`oR%~Z9C_i2LCc2hx)i(`?2mFWPXi@JKM->}{56_vTr6yB_Q{q;vcbV} za(#qJd=G)Oj7cIj1topUCF+K_`Z>n&cx!>IxgCroezi$*zJ?C23(QZcG0W;poR4WS zhtFN8eXR|wL3~#VePex36P(-DA^@`vwuEZ`-Pv!1;xm{PIV7qdB0UVcp>I#xIC&rx<`wGl7A9(kIiel7TtLs&2Ps8rK0tNm9I)&3EkJi*I*M zLAQVT_L-vnf&l-@cJ?|~8qm^&SGHJ^Och^vN|0C3Rsl_-i05s6|DjA;+lxd5037e8 zFO(fo|4D*`#=MKA2T{w8P=|=I=LKC&766n9(dT}$JXIRRX#2T*PYX4so>AgeJgvX( zl*?y7Oew@6jj02UnxV;XoL{eBM4(B1sd#?41tlWNAShU%Fd)dA|IlxQ60HZM&OT#I zKV(8L{RNM}MuCLsT7cDt8XjoMzAjn&td%4gfWv%?g^qg<>$lI)B>W65WSy5q6C~Jy z+|$PrySx`y3}`%)v-}#+s~iDi|HEFR#Q(gkSQtQ3KY>UGiwb~Y?k!sg+s=EFysywV z^QX=~Me_v@DWJn!4)>ZQlMUDpXl=O~vEb_wKMNM}x`Vk8`@ii&Z6tjMSw3{YmN@O? zw^HHNXkIGl+&;eC_V6UEek0q5w32$&Iz+Mdud%y@s7-Mxf|MStCYs02gOgYhPTt#|r11T;f5Gz3D!qalioY2>$tSN>HJ{2d4 z%di8WAYg<2SfIP%3}|LZ{g*cY;Y!QK7q*V8XD_cDQgx^Uf|2Q0ljMp4GnwqYrE(ulaJaY48XWdR38lQNGP^IN)Y-IiQj_lm?(b*z~jk8tK;W1eXwX)qv$HHpqKF~!!Ezj$sN#$bO{@09920hPrlWGK%{CAgl zbsIh`hNuwVJ6cRCJ_3-j%8D;Qw5V%sAxJ%l(nZt5PC&Du*FZp$uZHJSmR>IfEQ7&d z_*wPgiDWz~ljp6$2nr3QjG3QcfoTqZ0$$G}=>2`ppj_jp1(*9@wl7?o2UW)7Ueu>9 zs#Xj{W?y<5VXqrrqe_Wukpl8NvdXsA2?^VK~cG*p(Qz zv4t}?h!P+r6CO++;n1L6Y@r`m{yVf=oyY@eRTm~B&qHdiB<|lf;)i6AwcC;LBgmtP zE>w8+w`eAaL9|XId8ZCNCGcB}y>KwVBpg8Eeh#!Yr{q37>4A?&PWB+!gO8ALiX15J zj&dI)&})Vd!kz$pL=)2;z?#4T6m|m~-Q->wLh03d7xl!)!h>riR}diJ&@n$kGs?dqFE?Os^bP4W!m^9 zBryBRx8k{OQ*}Fuk-#Y4u}|jm^$2qLm&a_wS9%#AkiPLijB>@3dVYYeCt-f~*#|?< zMF;!#gX%veaLvh9l@IBapAxPh&8{J+0sTH z6ie|M)U@NNq+Vk3BpXF#eDWo$!Ar)pr{esAAcD_YMt^QjZ3N>{tLlm-{&)*WNBauS2HM7oy8QEMhry|EwIrNziw>10N~NDvK#TDoh3x3-DW^4p2Oppm3^ z8pj5WbRS{I+eeMiHsq$L4eHPE5Z?l{ANirjfaia`^Mmo(^oW!+8}%!$H|v{9JS(=V z#(BJzrS&fZ9^F5Z&aBHZHj2W32_d))VhSQ6hTI{>AZCeQ-&^%s{q^G~xjo%FgrnKXFIpR6a51V0c;izgNB3#xX747&PT(wujc^NT_1-$uu^nKRnN$D?+ zCCE0DtyA>@{BhqMVDlw&d5N+R8JQ=kFU_CMPggU(>9U(U<)PDikAi8QeeMgZBoJKj zww~>;WwS>L(o>Qw55(nBYwGqfHcSt5+V}JXsa`HUeTnF^_vxY)ziVAC2mrJ6>A>lz zuP{y~t9jb@nD~7AJETA{iwJj7AV0y8=uWtdc`L{brn4J&1UXXsAUNQ$pOZ@;wk;y?W;9@N%F{B&P7C(u(xY1#60)73}v1@Oqe(3?kx{@*WM0v znuF+>{1xawMTYaNfX(s?`(s4=*4OG0pekKD7nU-N)dUU8qkU|LRsRCn92kXv9BzBZ z2a^sm!2j>TcAa@|d~Go<+JXZC=fnkQ^$MS>DBft)=e-f{rH=Vh90RNJL!_FcWV^$W z+q8W*T(MZhI&`CNgz%s{KN*5^#hcok`9Ik~&^$rlUAEzEr@e_C>Tv33UV}eMz9B&6 z5HFKXlYa*(?(CXJ6<4FgoATr7^x3RReX8Wz@k;Q=IO`LFhmxmUixQGxau!nhyjQ>{ znBvF4C8!lz^g8RkrC8W@>z}kCoW{r7MEUF_??174eGR?-dTI6#jF(_OAFCYG-1U(Z z)d(saO@i%Sbv8XtKa?-~5zhRO1VV%r zUJr60f4M&$Z(gz3ZPs1(?(tk|Z7`|8bDr(Dl4+#4fp4LTbfvJ*12lHu12=*)>?y4@ z0FT`Bw3S#V*6cMIqsi1HKv1__`N-7rf_}>NLX{Uhb%#^VfZiY2oh<7 zLj^9z(|&`meeClw^`ZNhovQn;6ctQC)rp9v#=a z*QbjkaU4o@q+*1bYqtgWUtXaxfCBl`62EzTP)F%*&H8FLWO4yz z&c1D!#>WzMmYl!u$QrV5*W`h824|%$=MXhVTz6vq9zfuP+qhRNp!O~GEFt2?!~Om) zOo7u+K0GpT>rP+)Fd8)R<1w}p2%J%GWfN_S_J5jwAnK3wQ%vqy zKVMAr3+1$ZPe)UtGRk7_~$!s!h7=1eqg6`n^3TESSF~BS2eVTM~asiJE>3{q5HC`=X<7!ZU zXAx0sn1G{drE=vl&oroNz^J^uPKrX9xcT;A?loylBfhC!KA*(`;2=A1t={RUzyzxo z2He~(c&Ozbo`31?1=(JIdULk#DyMM-W^VWJ4(|gJMrpXcNv6iqBedgXW7BN)x%iIA z*ZqRri_MtNkM5vsWlBW+k)IMqThr=y-;bl;t-lg5vA<=LPS+%=gFY=PA=KJEE?@jgnjpQW3%O`W7jT_Q6yD4}+NWP{#DA+>5=$=rHFAwRSAQkX>0XZya`UiO2^}Erpi&`{COrf@8(wsn<8?wsP>%gG#P6M`YEj ztm=C{xxXp*iVt$fVou16Lxm3^ zD0(B=ItrDp|K;sqWX+pF@Kdt>xgCyHNu1E@em$kz`oiz;eG6hu=$Upsd4{ojil3rIbsS#ZB;#jez8{{*PR;l%7Ggm@zP%Tq0C1SSS?;w$IA?H-ikggX0LkgG8L z2sAAa zWcLuL=CVS5rz8H*tQo?l6koTwvmKIvPz)mRE2~Oy{=YE%LYN-mIkqWK8#=sI6ZDc+C& z?`-v_n)C(=^7_K+ZrDA^Mn{)PfG=P!W|U5*KW{o4m_GdWj3i_aFb;1awbyHCb8yMm z`fM}83R=!dt2ud=NWKd#&vl;DjZ&DZPBxEf_fg}#5p*Q&jpjo zb1k?z-${H|EaLCg{Jhuk!GBOQ$bBQG)#LSpWyQP=%N8>ewm=2~ zwK{mS5~;CV3Z7)UUiR0*@4HOn8}1=5a?DSktTCM`IBs4wf^XfP!{cyRp3R_bO!t1P zfk>LRPMt`-l-&_@8b&&fxdQC{IDvD5EN87b*h0?)*a*nTrhvm<3!_VSQO-azgmt%< z#M1-huY-^9WLWwYdqTLW1qFwMv3}F0n31P*D|N~sz3Rw+eSAY?Sg@p?2MI-*j62xg z5~gv#i0rKm0h~JrmnB}@iAO*$wQV|c2D1ydQ^I3^?MSiVusUtXnsB#tMvfC=79)2*;Uwxv zABtKT@%08uwMi}Q$IwHQ|7qCKh>D;u)^L8j1||d@j@&D+i*vbMPNhEKY)(>5a44*q zZ16Cd^&b7PTLuK*H@Z1~EGWwF6Z!$>YDwMeDLM@`ejBR#1fR!4R~f$H4#!)#(HNb0WWrj=oA5b2ysvp z_c41COyq0#NYUVD8^YjgwLHlTm^{G~yhHjnV%N&ts|sM&(@jwD9uP*r%T!#GWMW3p zClR{;ENk_q8moM@DCPnuJJh4>W8b~~rPo-5`^9kKc3yX0&B45(*hBW(#Y4m`s%?dp z5_8WJ12WScQ&Kt@XvAL%gWXH25D%Hi+M|HEDdln6KEHjt++s|zY}qbek-y#giR^4h z|MT1+nEKkt+ry2Y9*0lw{xI-)09zw&`xp8GP7qlm=HTJtco|7(% zx@%&wH|Y8bekf7=b@$+ElHD&n675lB{Es9|N5YEC3A3JjZ>K)sY`w*Y&AcQU8Q<^i z(!UQ&WgGh*zUDUMF2X}%KW-pgk4AFH?oMpHKDS5x=+5U4;Eq2)QN7RQt4~_WEk^y8 z7NY*c-I}LPl+?rJJ`gE_NZ0M%%y-Ja_YY(?9Sw5n9lr~k@H(cwlzVej5=b2|Sm){E zO1xqY^9^wt%G|@RDvyNHDgU@bVC@+%jjkz@%lRk33>AH#Zzn1}WT#;XVR&Lgzv zY`^q#%~?rJ&SOx*iJ7!rP!e@u(Q2M)DO8Nf?D6br45#!=c#}&g^%rqf6Wswv+}CGE z-)y`Q+Qqd)Ox8ZiPt}9+LP+Hbk{*a~DAaspOYiNlKFk%A?g{b2wJOuZ<0dQ|8T78} zd+&ZfuX5+B^^`OV%Q1nR)r$w9xU+Y9eSX<<7)l!ut~fgOo4)R3zL~1=K1vb_4Nt2m z7%=gJH+GnNHLa!B{W>u>-%`DNZfA}pMaGSpvvoSq`C&9+|ENSvZdb#vCgAq~@~BzO zQy~^VgqPbB8jz{|-tWxiw*@p3d<0XPJVZ`uwzhCscM+N)h5OZ3I30FihJazgIPXtx zKdPl;cG@Be@NihXyrNy0~rpB|xQ7FsJQWJLla z*`gdEmSmo7tf^8MS$E11%0QA6|O0NnVCP5Y+eNep;-L3uzxd+-_* zZ4wv+3+%2bIfFWUQaj#S+*>VZwtfw+6Tjkwr3}eviD9s^=dK$64+HJl9&^V-uCY}FLBrg zPbyvHf#RcPv)056<>2W>^xUVeU1@wP zwIDylRRZ1%LXaXn<2lR1(1afsksJFie~6HzR!aH(C7xm=kNNwR57noT$KtrQYI~@B zwpImEiFGrJn<1ee>-8N`uM|HMBJ?YxR1 zgZ#wF*5f;vSpMZXKv4Gah8FDPxU460;*8O!#Ur3@UtfngrR=Ul8Ve|OwD{{3zcWv* zl)OP2w)NR{YF2WL6Lt1fkP8qlw$C_aE`EuuNH*IrU49JUbAm-{H`hc(1blsZofqlu z7_c5Ef_+4kDb3fLF+6_xb@)1OnA{WX`QV?AN9-6M61jsb)sT7gteu5bL}tQR^8?FQ zpY0Du&wJCR3eI>Ex8<}hew{PU4z>`4=w1FT5-=AXg)+*<4#gjG+Ly5;mF|g;Ll_Tt zx^-oHkEF3qZky<8>$rD>k9%^urNhl^ue!X4XAzDByF# zwf5z;yF@BpiXefxSeJf#}JS{vO$GP*x{FoZFQ1MbD&Q4;Dx3siSleM*4-qz1= zG-_Euk@yUC&zwCoaB21p_N+2qWQkl*3}pK3D%dvT&k{*=>QLKlK6KFhJ=Sj>WZKV^ zxq7kfeMR{Tb1;K!xX`S9+*?2K&-q?w8%$p0KlHBp_F~46E}p)^!;haM2+mfCD2rsm7#9JTRwwA`^XoYSygaqP+?3z+T; zEO|fQf2l7IX#x2iw1xN=c{w@5RDpYmfaYIj+Z)X zDs_JR655R4T%Y&fA-Co-J_F$&OX!M@&#ZfV9rpe~snZhQt%c5xaF1!~(MZ>P5`3V( zgEA=sgQlK(j73kcuYa7*^XS=PknJbn^d_21@H$hb)wq41Jbu^j?Uzjv+c#fG4Cgad z5u12A-)_1&0B{~OM10Hg`r@J>0ta+&NMbZ~CT_=*CGNYj>QvLRb8Yg&0`($rRPWp8 zCL%b7_syP5J@#Ecz3uRHasv!Iaj9DI84Yo2GEm4ODt)iZ-^GALXDasrFf8|@e2Me- z<^=YT2d}-2ujrQVM=FxeYvb{_*3y_7MDEzH?Q~}M5Bjkv&95Yfm*rq@CC6|6Jea}p z8^h@?%<}K0ljsLrg^)BBg;+=vrFQt8J_o<94afxVT&`g+^doeh3ZFmZXqmUCJ~xp2 z$ct{{a@XH@ASXkr4t}$9KW+6=<@C|pOHHS<)%ezVADV;=K$t$tX_arAwwzB`!B}ss z`OTuLa>6e0hULB{VZx1GLq(grmhG?!k5ZuqE@9tsufx_L-@K8%m7sHd_+uzAlM#S% zoRZ&6_C|!euD_=NA))a6R_wm*4i-79^yAfod@?_7^OrA8{m7CL2);u?IM}>CiXW#D zT!RQX>Y<=9c+{-b#qWyll$dPwCE)MkjMsVofzGloP_c~Gh5N9hODlyMq&N7^!Fj#w9f(?3#0byqd3BXGds9UZJ=i}@#yZF2_F>i$D+)knF1~M z_z5~1MH%bV0Sk~sivhvuUF!3dnaJB)5eZ^TNF_QV^>hoOH)jCtRye^~-H&%p+U~nx zR%oHxoR4s6;WZ|C$sUfu`Tcvostt}>am6h>0C@H(C$hHqBPW1m_I*3S1HOyVDuE%( z;=}nuj*ie=ze$}Xm;!&Zpd2_qZX2aG(l~is{@@=N&*N_DP!)qGKRb^RPw$7=`z-j$ zVs3OIX85d@QOG`G~a)1N$)57^wKb^=Fl`qX!Lh-1uK zPyJpZ*sAsyof@nqu88F3XlJhre(=4u$3h5Q40`eJ)Gj*|RjlArkw>>y5)8^(n8^U% z!a_UJ^%>$)0>6BJKzl=Hwby>(J$R+cr`G17qmtshvj)Z|tn3?EM$)XhT-1G|QT8|K zD))#h*|+G7HK>r&=E-jNGA@1eg#57tc)77E2aa9b=`$xizuYcJ6y)b|f4O$zBkPRAXK~EJecRsK zQN~30j9}^Ek|o2oBg@jZ3QR> zL&C;s^iCb3rp&XU>dzP8&RpSQvgoiG%b%Z{!F7h+v{j?CR_~|5e$mX@`*IEY3jp_f zjY{szA-+95N(P@~1!%X$)Knln0kSV*VzspB>h@QSL*j!uoEJad8i&N=lkTnaMMB^N5Pzf{M;A|v5 z44}ac-RVhBxPl0|n4@yW7ssm$X!=FAn+yozUX(r%<(+=t>hMt_N4M&I#3yL`qd5Cx zmm4O&c|)F-$j6nFea53(dlL=c zHh7G}7QTx?2;{kSU(!1Qf7Ku+gPT{-TEJjmitoJs#9l$m9 zFWHOwyVJj35IK3^(jV~+!~g9|JjsvLRpJ>FU$e3oiaV|WKmLn7zBWe)@DEF8>`$Fw zj_BmSnEL?l+O1gmlf|X%bl#V!*Zw&+^$YTrCsabH%VhbgCi$I5eAV{8$1?y{`;P8; zEKC+W!2C$|(AtPvB0`4(t8f3LCNKcza^JMNiXHqrh@j)C|@BW!J&a6%MIJJV+A2k_{P42jbnh$S%uh*)7fj? z5-lFu+-ht`$(#*7vT`W5)|pa)I6VanfZauCAP9B^a%ny1nrKleVg$OlodcF65)aY(f$ZKNsp zYrWnt&QaJm=zYwuszlSz`+h`R?qr2b*UMXN={5KB=)FIn z&VR9Chv!2%Vk`z$)%;u$2+T2qHD&zasi}l!50Wn>S0P2vn6Pa3W;7a?#LWmrFxG81}q;$yRH0l|EQ=QG4KaWIfyZm3R{*JPCh*- zwxbh2n9wH06Cskv#Q zow%@dXx1mH&dwT*DXPHL;>GLreg~giS=+saIXvcbhj-{lv^64q=Y7}6Gy5^DGU3l( zpkg`cD+{JKQsR=UB;7rOAn&&jlh5bbc1(G?)sgZdhxfro{1z%pIYeKiq22(hrcWM$ z5t>yjWBgvgx?1*`0ByvJ5|dnWzGjTcP$#tTf4ywef{h@0R+xkKJQS`a*jwR-pAhtT zQNc5^O9M|##tbaYaNDF$x>$W5p7HZ@1rWahxO-Qp3hhR@I&6m&pHTbaBv8s zdB>8&6Yq%1C&hj!)RM1Z_iokjX_Qh4cpP;B&}s2r0s&&+r;bv#Mmj@`z~^Zsnuf zzfgIUnt;-f@yPvd8e%&4r+7W!0xAISq29=cqQ$c7GXsBoZe&Jp*5_G|kJ)fi6jj~6 zY(591!iDpR@j1J=pI;a(2-Wx4Y`^S^fhKGFmlPXp1avU6MXpRWkMcvY^3s$luX3#X z>v&Xr+ST&M3L}zcjzaT38m9o!^~~=WB5mxIKMvSc8@~|GEZwhO$?40erFy#7Hf7$( z*v;!>wt@wli)oZ7(@4O$hZ-A2PR$=ih}_Et^PdWpICciAcK^u%EY72~e{eX;^~dU^ zx9>zjR`NMqK{(V4!VsdQ0*=LGzDRmPYATnCpwS98Ot|j0H1S}kSwGxa)S%G&J^L^` zmtPHL_9fcbkC4Ta;=a}?!h(s1Q6dJZd+-r*R!f}=+}e@J-v4@<1bnNFs~W|Bot1ri zuQODqyuINqS1adGS3Qj4bFdT;W_=NlqY|Y8CmRDrn7=gtQQ@>t}^Z8q8M}|T6nmo7~SlH7h!W=q=C-0|S z_DKsA1-K)8kyBN-a>N-OP;%K9$}&z3(zwS-e@548j$y%el=T*0hN{(o`@9c-ihy2q zJ-a{Z9J^td?UAt=&fYT;noZsUNvM|Mbi9A@0AVvENF{)5e+ZlaAR6$kFR&LMQ8W6E z^L!ch!x6#`T9cBm#oO!6es0PKujoM*QkPwLi-D_6=?0@#vLs)pTs51XZDMd#s@0~Yhg9&!{Mtu*c(d7yDHW$fvb&R;J;>gYV`pr8n|d< zyg#Cwk^bU_$5?9E-}aL^EI)x<$S82KeS`3>&2k!*3hI3k!2<;*Ug|e{90Q)xtEdz) zN!CW*K}cH-GyaGT#$w99DXbDf^ zzPuCW@^XQ@{>z`9Hkd5Es#5#?m8-M<_;s#MTyOu>pU;*>YzhGigd*;b*R>Vyz=juHEF| z`Mi-`S37}P+8FD*w;m-@9VK(KZ;#hz{>=2i2~`w=I+v^VTc`aLNFf*O}&DWXA(dwEXAUIi$R5A`6XMdn{j zO1K+yNZ+p^kb;@rPu(Zk%b}%O(zR2xY-adediVIXLmoQAIl))>^LE>c^e5+$GU?@Y zLVNfx8hQ}|@;ipdY1k;m|Dy#D4M@QgY+y|QIA^cr>=k;$j~wd--%$|wG}&`ZFG^%P z1kMKYcPd)ZOL8>SJ(gCM8wg-P&{~|p8OwncTH0@#RyxbM88ZaoCLjWNI2>jAVzdRY zAvE%-&WG0mk}^?zfP!?&BFqW)U9ic6_^LY4ISQ^5@+SvJ0Tk^SKBo~bC&!jnx)|Ye z;EeMs;vEx|kt3!fkk-t-w!2K6-eT-4#>sScqNIF^j2rnxe=0!$5xF?4l-AyfQHW|k z6%WHpZP^bOtS#VXE>e`)(^8qR#-F;?K|sQpeQaZ`p2KyVWiPQ`WUauqLw}L#WY9wM zDt@PH-f~2q)-+J+S{^h$jX84MAm+Ckzzmw?`!(eF7PS0wMM^$>lQtp_a0 zO>7*-q4u_}i|yP_7^ndB54#+~H)4~kTB322^}(-w*CVGw>E4Cy`z91v2~D;<2uQCK zb?^SNuciF4=$q!WIu3Rw6PDBG?HJElI&>r$1RpXw0G>Nvh7WV(A4`IcFWv^SG#G4O ze&V^(Z|k;K9oS(w9xtyZ6JPIv7T{a)gSu$vH}C&isy6QrWHsy`Nm!np%fp9sS^MtW zf*6V9+kKS~EQTN@H95$a50`t3`rh}j7bc7*o?x>```l-m}*i{gHY@Aa9}3qT-dsp<2Ed+g73(%$_btBoikP^8LUFsn+7 z7#_3^fX#g=rQy&5dUv6YQMcs#3l8oMRwtbD59xM3?pNaz-wcfSUUjG6Q=0{(;XZ+2KJ#O*VGi@N|4wDTIGji~eJo}B%So(Arx)FgYex=D=2|BtQOiaNL7*GM za%!IEPq1x{L);-4Y5d}P9rv^KruIm%DE${ToiVtd(8)^o_Wkv_@7c>}TuhU9Vpr*Y z3D)pBXZtv%CBmv3S1^_8qzh7qJee-WM!_@?(z&m*Kgfg;B7-BxKg#sY`=$3Ij@~9| zUOfK`OJw|#O$dZDe?=BAs8o2Y4I2|V>%oP%b?w1Q=9^=)k4d?|qo;8bS|}ba-j$B0 zyUigypiB1KYZt%j=BlUCHaWvFSOS!CFP>bZUMePSW<}g~rz3StkZlslzQj;A9*frC zZR)=LQ#Ou0VLX64V@*}~6dO)&S5v0mp59u0>U5kQ0^OGNULpyNmdD@y~`PW#R&2_w7Goc{G<>iZdfwYMDGCA2|-*zLFJUe(0 zy?v&^)$5TFPDr2Vfjk-MbdB08QhlzZe(#)^S%GfSi`4GV|^X zrBE6-4Y?vG%&|*sy?)vRKgXriTRokY+;mv?gX#77 zVqi~FH=NivY%uqe+NP}gqYDRG?x91^1Alox#x$miD(aHUhkg`C{#H!5<=3r1C@jr) zap8SdpTBW*T)TT!e75~F>H%5T5joQx&H>a1lPC8%$L>Q(lV%w)sO9`;6aYd+ zKoE&c^`#Sdbs!iYpoM0_}d#gJk3{5;=7%x5CpW(iyH9~iR7%=iKed4}8&8iK> zgGLUjMNyJ~agKii*2ge#>!N88P3GP}1L^u=Xv(%`}WCdRhNG!Ntq zh2KtqzB0siN$%;>W*?g}DJ^3@yM++H&)EkxvR7#(@aiED1*}tH8wN zWIGRER!}xy=B~6Tq=XQmdx@~okuZkUqn3Y;)=u&rojdc`H4}_EH2p0hp(KD7N-YOmtKV1>GG_P`tBhG()2ne3 z?khn5xhvoY-qvKR)@6Tt#ZLdVq#Vhs{4x<>Hs6?bfdXPDU1`=9Z^4vj z7>#K1Y50m`bJ8716)YU5@~^NC!=+MveZ>2GS^4F-Rks>c{^0GG@Y!#D zr1DmPMV^_K4p{XG6~Zi>=Rsq>fQ@?QITXK+O}{wX{NRm7gS0SPB=Aa)H{YOc-WP`PCFk7w z$U2}@UbJU2o9ekkMp1JN!xf@+oEx3zw~KcwoN-y0e)iw*1`u_rqdF#ft?*og8xXw| zl`TPxd@c8cZ8K28#jg=taI=g4<4Er{MfoLbWO5w}=)$hWw{jb=oNFV>?$5n-0Frmj zxvVRa^pgT62{Vw<@?&^8$L%03{zU~@X5Mn$ z5k=t9lqbCyOb~?|n(y0}#S}t+o(WhXBLsl0$jqUDAKfQ^7V(U@ z6fkqTI8>%7kR3xcNU&bf84c*tk2ZILGKFHGc8zg&X?X^YqEuV|LSmo#h!mZ1slNZn zL?|%w~$_zV|Q(}?;!13nXepZE4}AP=BS z7L$9sK-w64U@JNiceOpV9zeN%p8OXmJF0I4PeE&&8n;Go-_$kkU?fD?JSzV98+d*D zC8+a2-n%hPSjctu=XWRG(h!jZSM7(g6@gb%@yD~!y*K|ULcR1v%GO{|eud2mMw5mB$<{Y;$q~#W$z#2c%lO# zHpWn515;H3HliSv!g0&sj`h7X9$B{sgM)PgQL0Y{cJ+CZYu0PM!2>>l!=>O;$;yCD zgxeQeL5_CG^Ps&Dd+>{B!z|WMa^dN8tiVjjQfQg@?BHQ7gm`x7WIamua_3O3`^W7a z4n|jHHDkRCGN?XP#T+?=2|>bDNonQF?hQy-{he?SF2fKqgNA-Jq~kF&OhuyhqLxn$ z@!ozBy;EmvY4%$->%6f>J-t8XkXz?bS|}H^*`aoD*^lfKhe#3ITSXF`SlyT-HqRJ{8rHR$~vCVxyw_g%=5#Mv^f!jYkDOD9w`ODrLE`J@R7 zaSzxs+V0zS{zME4mzz8V`_ccvf5{-80;0fYA;Sm1iL(X4K=euIV{!2W?s|Hw0zpF4 z4X48O^?q`XG|jcWroE<4?RIa%3xdil?rF=R?zdV|OyLOFIwVHA-GzT^(pSj&w%7}1 zDLkEJzgRKpI7z=An2YaH_SX5X1~`*XNK-%EACH&zy;j?E^l<2|NIcXb<@aPB05#p6 zq#uW!flwvmxpg%Owkq`jgD-`&iu3UyImwa+%7a#aRaW$h07bvX3jlfuRl$cJZ)k2x zlD&Q02gsb(>qywI)4^gdW5_HI*6dJOU(@?}k-D#qYA=-wv8Mina@e zjE!Ay-QreDQZY89sQSyR%g;ckFC3FFCT-!32{xn<@oRilxeAF7;wm;}9MWu>mKay1 zT2!|g_)?HiY}tmG(NKnlR3VK{XNSzxE@>b_%UMZ){QJs!@zpVArRd@)D(0b@tDM?} z^D!_E#$q4h@1&mU-+n+YhOWJC}2M4Ba1$H(;zlhe^YpaK4Qo zbzz*4WR3+LTOfQtr=`1U6)fm5frHBXqi{kf9NyO{UY>S4&RX6}1!yMma=lykP^|Zn zJT6%pHoKSmec&(Mm(QWJ0;X{}YKru@WU=Vou=varXQ}a9e?)0c!n;{_kGt6D9)zh4 z(;t-YSoiYr3)m7@>-t$Q<2<&nb8s?=pST~lRoCd4?Q32)=#s@E!tV#X%cS1S6)Wy| zfXAbFM)lPy3K7I+>-#(rOKY5)Uv8Rnfvb|u@tInh*K+AudM74zW4)JAIM@$wQw<# zC^R$jnQ4L5(kkJmFJfPMa)db?U}?ev(pUK(aOecvaITT#H@3 zb9(73qLgk(155lFQF7r?=^WPGm!U1zJCqUnv9%Q^=4ASCNuLNvJzkzzQX#Tzn)r!y z`4(f%^XY=#lZmX>>_f}@LAYNE>(~>^VKy|H$K}I26Hnkv2cqAPYZs3Ykln%%NEh@F zJ#ab}SDO9U+6PK&y3)ARrQ&nDJPwq|A^>a}eCaAgIW+NK?aWQ&=Y}+`ddQxZvG3;h z<@M-TQ6E{DW~?tLUhz?*YUEKFKuJmH9}i%1>fSUd`8fDLeJ=HMMgk^}fSQGeg?(btQ@X!KP7e2^b}c;Io}USm z=PLW%vW4?jMtDv4@nXFBO5HEsO0yqV+YS(sWwxyN_Kwd^=3t)adU@GAsWnI#Z%@GZ zBW^44KyP_2OXDLP6}Pj!h{kAnKW6YRh?5nk@B=SfR314LAvjLI0^6Ky#12fJ`zNB% zVsuOwe;8LrF=BkOemPNLO|kpi|5~_*b2|ic)p_39`Q4=j)eAdm`xo}=)`w6rp4I63 z+n?_8Ch_-!Au*xn_N%g);BfCVg(ObjOX72vIc}azd%&$m>`}bk1&9sdC@c@CDikPD z_Fkd-JiYBNlmSV=@jcz8(!6>Px;fM&(YRhFvFCRMcT`S+?hvi zAA1OqJ-{#qP=T#{lJpp4V6TGhO2nmH#NsdW*V}DmI2LYlNPTV!nH{f>C4PZC=2+O= z3vT%u4hMAg5Zy}Y{2;>l=8Dru*)sJSV%mOXRgpe}U|BGde!|ju-1i7|v3D4Rn_ZPg zMjosu9I^N|h1*q--@MUB?uoBl1{U`@-#JHnIGsJA!c17W7HL#4Ofg^YK z%)Z9Xn6~#@ooZ&2fnIUl!ql;473QQ@uC|{u_e;K-;dJY;*N`4ZeC*fV$>fwjKQIe& zZVsMOagh*_c-5sBksQ+-F*Mj6@1QKX&Gg`KOi7gB%ehhSR}00P6f->kC#rV7CX`*4 z7s}Qxcf*BTGk8YK&L4AUeKb)rQtn3#hCZm=FZG$mYP0)Mm z%DqD<=&)34>aZ?kdQ@HvVuGzi$h`Cq5h}?kR3u|;#P>JL`ap9Q1UlbOkYin+CvZ24 zKYGWjc@!`>6=o=5101FDFD?7bp&s*Tp=*Yewkl?Qft?m)3NF-%t*eL|<7*!7B?j{6 zt=wc_nvdPSB&|RlK8QP^nlHxl4XE?kxBCgi7M;n{e&;oGuKWMb7qMk%gIEr8#za{f zA#Oy@82H#2a<68O7)o)|zPc&)-Ym?hHM*WG=4HcCT$AoonPZDa&c;qXTfXSPb^Q>q zh`B$W!#qWRdrR(TbL{>8G z%kd3~!t8>Fi07|SJg^859qg9nDBi>ZAoNS0w$eV)cyMYDc}j_(^V3Gv61orF5AInI z71{Yg54O?T@iD}8qC1oDli!RNu01lL+zt3Pw)^kQ2|otzwc%S*`&CH{@Z*CYPsbfT z_w()m0e_GtnvcmkNYB4cMRRc11Lc+QgD2elAaBb@8xOpH-_Kra!?3PVbtlvP<+Wcp zc3rU$_=#v%DZAPOzV)(*-wWf{bjc?Gq2C#LI264d4%`0uBpK=BSbnj1Om@5}0%u22MH4zJFd9agxEqoxgYCmn+GpWp%S%0^n zh;z&S`~2&+r=dd&Ljm^8k!*q`S02Aui3KPNWOjd(@aM2!7Vu}^EfsIXs5@6GH1?0I z7>UI47lFLqB>m3jrn8Q5GHWk~MmJ3{fPjfk<5b({>Og!7JqfNthhX~Uir%@(mn3{A zh<4hpmh(IEa6uq}3f_Woc{fWhtCz!%q_byz`Qou)Mb6%k%>j`>ZP=&bb?z4^|INSM zT*#BBM{w`oU85Q!Ks1a7MgsHy!#J9x=X`f!Iy=BRe{$`$-bF znD{b4tm5JTPTAj66k3_V;3gfFFY4}EO2%6PkXTBQnES@ZvEf+aPagNS-dR`Cn zF}Z#ts7`Vhpwt_R?NoHpGtgPlo=mNhnd%ka#21dwhTo5|O}bDfS`4drGwrB2eijMm zO>JXIcn3#{V&41CqdiP*j@Abx-8D;-`=X)$zN$)})q`*VTk%?l zg$-&xqx8J`dZG$}2bR9?Crtj0KHNJ~hIBv3Go%?E@nYH(K?E$Ax=tK{eai34A|J4h zP!F&1Z*gO<+!t>*!~?`s`nBEr`L-3~GQ=DpSZZ|GuN5zgI|EktUbLs**m*$5)jhr+ zOJR*BF~)(!?zODl4sr0>u>dkF{^%?>RFZ`Ta9`tJ?Pa-1cirw`K!IO!qu3w5%{M+f z&sWtl_uaoh-uj+qM3^s&+)BBx#mw=A@F9Ad}Q#0~|Fu}sd_Ds4oCi@e#2Jwef=xPLVH5vhh?O7#r(>YC;+Ujc1^(BV$$Q7UC|yp?Po&v@v|#K!_3W zjb&2kz-EMe>`XtvKYS;OUmAx4((N^8yvw4R2xVxB0I1@ocW}3-@*#?e{-T0tdY@G) zb=1f6Z<)0*!9v1trbWy5re6MduL=_+E^E5$i@!`JgaP>-xTz&a8;FxQkOp`2r(lVb z%RhfF;7(ii^^c_U+Ex?@qUbN7Da3|~KoJ8R9F8}uS#(_LLvXCL`^ z7_uI}-Y2lLAY>RJBFySpBR7CIpia_HquEl9V{DjMycPUweMCFSeoH*d7guQaO)TO- zD=n?dnOT(z^r-hYu46@Vytzl4Gek(*nsREj#meO^*k3Dnuy78*3{A(0ai^ncVYBN( zSrqkRP|+9i>%z&!U9s)6-Z0Bwllw1LWj!uLlX+A3?#FCX*iyqWtWxjYesMmJdt+*7 zU5sR;|COF=6CggRkeh`!RMbBq;tWO&bq)%JVS2Di=wBH3c#_npjr#s{t>nY#oZH(j z{@w@DZzw(A`NEmkhGxsT`>(R59cV%4V<3g%rteql*ShX@GLVYN+{@ijZ_5u-;kvQU z<+(wIeJ*TR46U^G@ZYguSOn@HQvUQ=E@CYz&|6VBz!TBUh z$Vb6|+NDlo6)9$Ys<)#icP?i^g0)Qt`ntz5Ma_Xkb0~!j-80?>;v9cVlkH=-jh7Dr%C8)yXBW(-)+*84)z)sZpO0Ry` zA||Le2rU1u3`(lnk@#E{&>KmHHHWbNKJc+Hx8mWlG|QErQ&Z)j{llLYCs7DfW!)X* zyTrA)Cd~@&$nJTf{HeF+N+lnRE${*C8$IfiE|l`zgNX!AH~!Lx#^T$?Ti4IS;Oz_K zvW)8qc(${&T4V<*`6FpSu!si3(z^{eRpTu{*C!z9tqB}%H0)3fbjAm2i ze6Au>zhOa8U~1^XeNIFe^C`|5#fvs1^N9A8;xs9Q^e!HJ|BQdj+0>+`$9bCfWYM2h zoF%vCp6Fhy!}ynMWNZod&)_hc^Gvu`q>!tl)zJ&)KIUr|I4a-d1&^+DwD~+T#*lkU zx3d)~SEG{eU|PkT(K0Og{3(LG!!^Y#CQ9g^0_-gm5Ym_w4sWNvC+E@tH_75byODUQ za{D9LYWqdO-_$}4l;#Oop)(A3Uf+Zs!nr9|sxHZ}f4PyIJc?eA76@6O8 zc9`mO1TR;VRLSTq%6Uikh9jYL^(MTc*!zx^vqq!YM<_NLwvE`d48Ebi_nXE;gZ9Id z_c=h#@{28T3ew&@fAL#CY)Q=yV@qY@-@&*q4YKWzH!`D#mwRA;Fb;*XekG=k+}Em; zZkSxKu!yWI9pMMCyxJ{4K4sOrVWofX*QtmO-)j9rU*3QFjm)&ODqPAJY`*;XaFzgA zun=4DujX(VUh|JGx;wk1=h$i;PK^1(B!W@QF}j|f@u6G+KgUaE+ZkLyCz4aiN4EM_ z>W9B9Mz;sz;R7t>OGws-(d^*%AnOlbtj~b=Kv*_yEmU_ zQWJ|WOu}*T#1mxz!F%s+L9J2984oQO%yZGM5`EBPIJ{-zU=&s#UV2kc@*UzXo{1+0 zpQxDoV4vY}SX8p&lLc4HGMB}l+kTs#s+~tYJ6~Dj-*d{?G!*8<6IMJ8-y1c&(|qMW#;o;D?ge zd`^up=N~3T?dIePFJsvj=kY<-9SV8a$HYuNXO!(|Rh)RJfDnY5?@twpAvlEu2rW@e zt-Ki&C_Szq+?I(J-Y12Q`K&#ydiVtPk}^_BlAVib+xrk^Y^LcCk%az@V%UE!%@h1+ zluy9>Lhubpx@oMmfC^R*LrSEe1jV_1ople~wuFZpq`gtCg0_>O*;EV&|ESBk*ZCL- zDX0vm{uVXDOmW(kv<{3XR9$d`>xE~i*Qdy+XZ656-@<8Mwkj2#iVfGp%gS9|30^3v z@ln`Fo`Q8cD-WAr)>{GICZTGx-)u&IHPU>VDMq(HMekRkL<@JVzoEcxLqSP{*lS|l zJk-a88lM2J#2u&XJ z0|Z-&vwh>!u_B-7CM3r5yJsYT3+h>)^TtYUtW7ORWi>L0MMw5ry{95dwp+``O4|R6LdbLM0>D()GX7W>LJRkAt z`OdqBCWm|Qe5fzFgZ?9S=MFXN?@C$$bQ{;YTUva|j@HaHERU+lmyeMy1^0&XP2W9Qi}x(X zi!MmLL;K`VBe`6-#dptU1ZOy2*2swUU-qr^$J}gIbVg^~``4=~0XmH9{Dig|K>^{> zQ{x$9`My+W9{Hi+BuUaEEN=m4qC%bZj?XhJ;)Ag932mygoF5&jX5NP-c4VYbMg4X; z^Y{S1^sSDTb~;IWoT61&2t;HE73~WUg8W9_cV?jB75B@@YGQao9~>s506T#*x~mYl zUoKE~(lT=M52cao`fgq*IJi4KeF;@suPh2qsPKmJ)eaXxgnP~nJ$d+U7IqUH(GSIx z0~_}#jg_nV(x)wgg?wAGfB*b7BJZ|yVuoILPDnlOVA2hzsOuFBqy9488@(Vm;@SLd z6p?*Mp)Zl5Nr9c2!Ebzd=!_qx0dw^Cn=eAw_)-5>+w4&9b`5gqncJuNHSELDFKn;RjQcZ$+vRNgWLKU^!Rf0pgoM9<2-;}Qw=K(( zH@bUTJ~}?+u%MzHV+kJ$qT4TTo%8$Ke?!uha5JUVBoyzauG&YGw}+R-$e5H5(aFlj z=+R)#7OPd&q3^TA-Hj2H_4+1Rn%iA~z=t;1%r)}u^qy9ye@fiXz9YOPiIbQ6MBbFC z(_-1#{M*M}F4rd&q}C!Q@^$%Woja{pxFg$}AHd=CXtW=P?;eoB1ig!`w}@hXmz4FZ zIa*g*2EGSLp=)2LO+QRPnK-OF;x(My*n>g3ZeVP7ux4WnuGE(tyb&qEyF~g)gF*GD zGF|SigJj=d*28kzLx85^y<_FuY$Db(alMOYn4X6DTswx)V&)LRU?T~1aYIWY)621j ze_T0VS(gv?7d^T4xA_*VeMz5tti-};dgMQou&*mlkhjYuK4FG^*(fE@V33)Py#;G1 zj4Euj#Col?4;q<1MGDh8$q!%EaT(_yQ4#XRC`lv>@kFA{+nqc≀SQF zJG*nQ@9VgKaEZb6Hw4lNQ6}?PJGXrb%;T1k@u04+X$&+t51&%I^<@6|B=%uVOQ^Nt z@e`h|HfS8Q?@UVr3{=Qvcqr0Pkf7IE(au9=@C?H<(H%AUUV6xb8-)P1|CJE_7!8>d zRUT4%G!`b?xRUt~@QM1Yf0ttVSbMxN>z5q8=^q`vx#Hb(Gb$*a4u4UeSD8Rp-#3}J zFJx^wxj}J$R!T)(qE;JJMDu{Gc@CoLgT@rJ&P6u?lB?pkFqYi5OpAM4Gz^j!H9$uX z8&e!oiFC7KzvrtW2+GXi+9Q0d_w@XF69tM>*yIsrx8&KNMKBr;FVa2JM|KYK-~PF4 zu*c|&`&?gG0Fuojk_I+k(ZWPe+tu@SW4+p|}z zlJF$=sulal)!TDK^i^!ReetCp3)p-4(|_6XEsTC_*-`J`#(fPy+Vz7fu>{kH=W@ss zRF~KZq3AV@UH^HsEW!y~>$XQiWbu4E2;UXtrJy0w#XZA>QmgYJMVU!+Gu$7b_gUe< zYS&2^6}Hgrzo4dJ`?01A+79&!W=qYlF5xt5tR6B2=t#GjJ5s6HXTlbg+ye(ID8dc8 za2I}d1q&tm*j}j~p)=6aK0+$Y1w((biXhi>Q*T+0pq)>8=2V!ZYB@#3(#K zw(WR%T}6^2#|tZM53vKx*S=*}?Sz}=ug>i^A^GGntp--vW-(fa%pXNK`Y^GykQ!tH)oUpQ3c665APYjzBbOvzC={SA&y+OAKKTd7} zEoZ8&myP^W5(h?H!4KZil1c&P-5H)MrLfNg9qN%7o4S&B#Z zh%}@|j=P`@`PSjW$G+DaK+2>ko2MZ!qFjF%~K=|vdcKx`J63rK3}_*-S4mH9GT+j@IErp3)Xc8U-ia#;LuNr^DCo02Q0c5 zX&sY40!?%uR&tx&F@y#}bB~9yBZl9&YCa~Br0X`(QwF`k;jqu=_tUR%ZDq=S zVbOSdK#S+b(5l41T8t^06@kZDAyYl62f&2!_zgHQF0b z71%5ndw)Tslz0GzqUIIw9}8j+pR<`=UfBag1QE(7J?v~PyL^BdI9e%AP)`x8&~?H3n2MlTI+Oa1$SmI zD8hr{a=2gdsa7QmP<9|sf$l2YzVM$MH*#F(iIrg*oDH;Kw!UbQEyLQftq7b3`CQpk z82sHOci~B)Kz7I0oBEND@4nzbAiuPYrHj}+f(k>QIOg$NGah+$_H+XoHHBd(1}LBl zcs>33IsmdHZ_ieINUzgLPp+sc!J^R%tmJe-tgGY~Doj~2ydK6#NA-wpOhcJ$8@>do z+K`)HwKr){9*4997o%VN=MW}rK9}LVx(TI!$ZzMKw7d>P_i0AjEL7=}o?3-Gmp`Fw z)|@dP>^sAT095d8H19}jp%Hgq&kr!MdR#}(AE18o>>~nWMNcuz!~!gh2buBx|;eM^$a z3vGHpiw2?-klfZi6RlA02_M4YBgeD(E892e|Bg|k!zO#+nWYD!TJ^J#DycTU>aWDC z36^h96OJ$&(NMlVM-I~lepV{5=Ol>}L$z5xopW)%;n~J~Ck7Q+KQqeG1!bLYBtIJ; zY?F;@dn|wBmSnBxx=&+x?lg`E--|YxnO;BWm6OxlvqWbv{r5pgDL8WF_UU`f0qt9C z)o%@lOL9>6EUQ3Y`12pupH`2H@>Lf%lmo6jk89qV1GFXPN9`WLWbtMVf7eMds7LdP zDe9IBhTt5aOnKZ<6nBoL^FWuoH0*&RzZcNaoB+u|OVNb|7&Mk5v@<%lLK61R&{Dps zww{tF1cMhC)+=5CT;TFMV3`)@on5FHeqOtkSKUEKT!h`u2%#oSc(u)&wYSVuY`^Vqdf}8{XkeHl$tya)|KE4 zG#)3<{;Z0>M;6TtG=ArLb-eKg6Nr+uoErLK#qod{h-r(k2a3qzs|y8zuupx@X~OP zeE^_UF7Mc;9}zN;uFQ8YSfmzMdy{DzE{mx}d-fBnD17b31FEVngXNB|9JWkTxxqe3 ztbKc$TGoiTd@&!63+;&>mHXB!2u1XRI@7G459jG15u=+Lr{#qHv(P7R5?anR?Ot6I z<^4ApxDF{T#WC=wDeIlST!W|BL&vMc(6rxKZN|e`Z(Gfpql#~(8`%8KI&+{ z&}>bz`;CYCoB{jX?IkyEWxvoJ*2gap_055tJf)NC3651pdK?^^lW7{>kHQ&NKuP-q z{|f5B<1R~3@^<@r%}?~z7QTM2(dm3h1$0%{Y0#qR!6y$< zNGD+dR*sQ%pV5PN`UxCz6TJCGtI)Jq0e!f^HFjT_pFQ<$Yw>fBXYu;Z3RE1rVPjA9 z%0G#S8rYJd7-7Cd=d_iJpLTKN>71X6#5=!IT7ZsuoUW(0%n}+q-4Gk2Ps?hSf!dg? zx?|HwT6ap3+2b+@5+z(O(98}$dF1cKop?{*RR5ZBW}s9h8=nQ{Bh%inr<>Bx|8Wed-#(THMU(s3ZqUF8$7NwWV_36ZdJ3x+ zDa^s;0R`5ok7IQL+Mf^3Z9lceBX01z;NqT@>+_YbA@DeP;L`tY50p)k6D=FoSptv# zK^=}7ELrj%=N6RYzN@K2e6|Zkey`1Lz=2{me1=B}u0C&1_`;3Bm&^NcX#)Q24-d3D z1bEW%$No_RBw*@!^h3KZ;5^JVv(9P{?#LQ5)bNopQ;2-G`m^;p3Wvd~g`0I`5x8Qs4~@&&e!Eu2?Q^=`M#GEd@EtEblI`;APj$=9 zgKVXf>_@0AY51HJZ))Gs6WO}8m@(sMOmr2JuXEEbEyXxA4!YlZtO5F&hk#G@2$tHm zkY?!qAjo6jiY(er-P{Y%H*1d6vN+h$6b9 zt)G0b;mfY51cCI;efC}qt(|U0a0-gmgh50^tFR3w(E$d8)*X13Q|Ybhe7o>1by94h z9Wwej8A~2ipcllznjHM*yoYYNaUIL@XogRigRQV!d}*QhIWW9%MFVc2LicfB-OY)= zqT2oO!-`{C-0E>(NN+WHV4h6}Lz_mqcb_J;>?p98qoi5Am+oi)1-RjGbEcIF2zOs! zz;F9@2V!5EMNF@I`-Lb|T~!cnsRO*UUL}1Ni@r1X4_OBS|18$SB;)u-CPSfyZ}!=Smfg<( ze0+Fj;-^JGGJd=+EE??B?eX}^qxS#}2E8EM6~Uoyh9IF4zpz=D$Kk}ET5O4!bX*g= z?w+rEkjd@qr|NLeFsAWsz%aF#o#=dS+?#wo^~XkdO?aL3vz!5W*(&{TCSONGg1P1C z3No^?)P(kt-{b9Jw^#0>XmCZJig%J@cdFc>?2MIjxOT?hN&RMz3i&t^M#eLHrL>}PIa9*(5 zFD=p;oekQjJ6WYnNI0JKg`Bd(^VSpSDHP%rlJRV#eE9kO+mm^ThNBLf;tv)Bq`nz%`GqIAPYA<=ao!`-s zk)>OVj6Is)9#`i*t`mK*efEbIaZ8FSW}?DYA~6ge>J^FG(}Vt9ZUOR^NzzS{`-Wo? z{Hm$AhKB;pko)z5-NkW}06D4g!$lC|@!^axI>dDp@4xIQxi9cX*W&$xo|cpc|19ru zoBHt|198PbRfKaspB_0O%7Yo4!;`x0A=ns^=m9|BHNrH(f`!V7R#1!C7AzS`Fz$w< z3Rk%=7bsnNhBusaQ9@=IsK~gq{wEMNrMENFdbt-KM z`ykkU2DQJ|m!vzykp~GX2=1~&Qrgy@fq3G!LH=Q>Ll8&b9L9bdLASrxWIuXA;`))> z=-B+lBl4$r1%gE@;Y3RZuWca1eSm{k2?Wi!HA(@25l9^Dw5706DMo9hzg$~B&CRri z$K!P(Lv%cnVEuVn^m@O*-(`;PKh_^it@M@W#bd{_#B7}Gbz^O+Fy@uVd8jmitHa;6 zlZYV-`*3<~KdvB#P@KOcM6^UQnFU0%Z)jDOlP7mw*9k5-5iupQ|cxntn(~YH-0tTfpS?|nOvJ7~9 zxHX@P#wg5WB%vHH>+|{%zotzE+emyhxWuPEcZA)}xsSaBIvY6%u4k>GnKe6ym#8LT zm$#jM$GCb*c7~=9!&g%fgYcTcyC@24s4gM0Y@W3y`_(gF4=h3Z6=nCmY53ld1AvTo zzR56$#|`b@(-!-$_Khv^R7iJz97j4!E~?YDszQ{^*DOBK+(|n8jhyri%`1>!bE@3d`OEM{Z|oF?fKsy? z=HA=)#KV8JT5rxFxP<$jUW7CNC1l1zsKeZ-x$sfCsbkq+4Tw$-psLdzz$j3gpEu>U zHqJrD;Gd0-CeN!*pe*y(W&@S75$f&sP}?IxR8=aQzrZ){`^r%2x-;K$#f_@N6i={- ziI05Dhwk=9+vOE~haC{=mCihqGbqTJd3{;|`m5g~VI;MCLvwH)f49n`$v$o$zR`U7 zpME_U+V8eelcWWSY1Hra$Bp~NZ%@f}_}SNprOQv)ZdN^`*X3}st1A;ag12Xhi9O#C z{hHi*^GCxux?ZF4fCEEjFuLiDV1u6j^>WO>2f#m-+#k zn*1K$$n3J#EPwa}GmyniL-p4HMhmtVg~z+gMkj_lE4-J=+SobW^Xth2Hg zCjn;XC$MhF08wr!E>Svou^bZHR&y4djB4WoWSMN6-f^x9I_)rzV`u$bTchne9XV3w z=6Bh8n?}<(=ViJ2C$wl_q|qRQ<}_W4GEB5kKD$2?vPDu?;&qRPh3`#hns2_o#zUy7 zRmwFjTy9@mkIj*20P0$kh5gl-IeCK;Nw?cwF}P!ZGPXej$}1V?V`9VjqRsf=N$`Jg zxi>#hHExNMHBT@u@_*%Pj8^nGQ3SO<0AxKdKh|up8G@9sY(IZF@_bO(_Ot}8H(tMO z*6+rP5uAmpu+&o$eT_`og6TenPk1&j2Bi3A*r&utzS;rWx zoI~o64=rZ-6y%m4?T6{B-e*C)FdPJq8&hdb)iDXd$!J;q{{Z`^Cs8rFMSoa7#|fe1 z*`6c+eGkg-ieK+SFhzNqmT>%JRY(?lA_-9%TUF1ZTTJ|PAvZ=ow)~-d`R_2{Q^xwF z-S?#5hWaWsndR$e_)BF&pk@P@+KvRMyL!5&Dcs(Kr;wty4$c#mlWYa&xa@cZo_&1m zOGT0$4p-%@$i^A_GtXi#&n2$C8`8xK$oKj05mHiO65rLZYmo8X%c9!fm&E}l|5%hu zu#cQlfoGIZ=kZm20djYC7syJG`+quzj`io!lw|cA^`+62vqLr$aX(+~`}{o5ZMDDs zD;!P#j^l1V6uw?Um*#v1DqSjR?^@4zjODZ!#$%SY3CXrKu{Tr`*XX_#q2Y0>c^UUB zPQjx!U}Ns1K#NZ?D}6AIl6(k7&KOlNF=Eoc!Z+l!3D8552kpsO@N8?SWZ(PWbWRRA zQ%b|BMY;As(tdqCfqw9^AK%BgUiihz;x;hnADWWHvj_B-VT(?U*6sKCvL}0VNxtkF zE#Y z{o+X5qmTN18SRKW9zzodA3e2E#EYy*{Ijygjg-@@a^P>!0Q6OgzY+gsA-cNFRauTm9_<9>k+K%}265 zQVZE!SBr7L6sznqJ&#L>J^_X?RR;VGt03YrsFqvuIe(ySz2y9fI|*6t+chI_kmOXTe|*M~=)EU0+DiC%Oigo*6A)Q2oNx(#@VrH{ zmi4n^RZtxq!y&sSBe8b`%}jWQXjafFptF ze`}r(y)D-Ywx)jtdG8J|80vKS39GjKjS=xEE)#wwl{77ahzPUGs}DIdyyL#q24c5R0M`aX+R*|8(a7T7mt1*L}~EP4BY%-ou4M8X!@rA|P^?S`ATGM!V6QO2qBZ6e|2vW8 z`6D=h_cJhk<5VHOkc4sLqT~9ah+C(2FZeFvq8@1|Lyw?Lw5rb~=4mp*g}wq`6WU9e zr3^Aj*GH+J!xag4h4#+XI`kN$U>=ftlyj+4_1PunvwAV&ehs;zfUh%w8XRaCOC?|o#%6$)6+IwxihMK z&khJ}a_HMm4;mOnXY^Z>T^^GSdXKA1y#!d`6~>6p=%VwV*LwY${K*On=XB6-?iZ40 zsNl`Ugxjo}PCzK%OSgTRI3pu=FUR6csld%FsQ z#zM}P2yc|6ABm28(?qYpZg3zh{Au)g&M9pEyt}{+JjyVNj4h3Nr9Tf-xDniXQ?jey z^T|_S$@=m|n>z>lWfu+-y4*djDABzfmAOaC-l`cQCGC52i`$)mk4|ZN;;Z8-pM$@G zaaeo?zBU_Fi~c=06T>h^{p33jD9th@YrdCz3#LBK;ExruM*G|zeCLUZ{Z|cD1zK^` zg+)+ar@uULjgOSd>J<>Fm3VmKgCl||*^?ZyH4~ip8P()VJ|OPkjzng{Sm5ndZsm85 zINP;u@b4o(pjr4^9=0A<1GjSaIK7h9U&_W7kJk=$19U&HsR6v+$FjcPVIcN&T4Xix&nW2IMZ|W+F?uTbxy8Q=Avo~`$h94VcEzm!40~^_L zfuJ?v%RQ*Xs1-kO9FSCLEs>do?&`1o6C%T&KIRL$hmlaXBJqm*F$bXV_LarSR|6^HlU#O3TW<40gPTpy*k7#10!({`V-$>d+v zYY}BT&q$VaO{tBDMsFX<`EyYc^H){p@ya~k4T-)|;^_x3$Nez+XCcL@_~RQrKc98; zaav!)n4pwrAU_V*OJ-oLSvAZE%D#h92u22kqWvuBkO3~)*S>l9K{u%?GjBjp*d4~Bd`z^=IMcqEKYDpTIl`gRDRSF zJ%N{n`^sKt3Olu}A<8(gzteo~lh@lp9*^9u!W7Ku+G7k^zkXe0dtb>?WBXjf<>zgm za{*wnrS?&0U+yoqD)#`Sfq`-n>1Q2-Ui^~AEvt~)x>r-)c>@I)>aSs`{Qd)1Aj95( zAYxl#5=_MaZjSDJ*(c>a5u%Km1n?GW#n2L{;2Gci{1tCNtRzo5{p2LQU#5|W@c*kS z5;Pt7mX758d|bnzG=hkzE^fWg9R<=K`$t$O*s62Cpx=H@X(QIX9`;ND{&7WlJTR|{ z)OmQUsm)iir;k^NpZR6l!Wv_{Ika{2eCGKU6&-C$uLDpXvD?L^FZHZ?G!|XNo@4n9}kDJ!O7x6cHN|*+s z&4w3{WkB{i{GlEaOMmYlz_pYI+kFiC?)a{}BbyXsR6;=B?t(b9MhN&Md!H1pB{~f6 zlZO6%)&1Ed^OD#QkE`=|;NB9S z$|PF_9nNMaNSPZ-_rQviBEI1+_tHfgXEupRloaXOnd$VY9<*Cf zN%iyiD=fEr7{GQWEkVJD^OmMt4U9%JAtY2Dh1Y0d-xm0OQibip4f-xr(4SgCFoAVx zf3SXr%ZL5-!V3~a?s-5j6s(2uvi5M9>c=bb!MaS!9EB&W+p&{kTq;2`+{%520T}N4 zQ2MP|4UeCN9Ha;V8>rC?qT?}VaF^nuI!BK>1W4ki^$Qih3HL-7E>$mlOVtuI8wrr5 z-B?KcVkAFjvo@*REe$1Y?4C@fvXlyuc1ej;)T z7Uu`^P+9g!^xVM>AOi5H7;aGxr7bZsM}KDi zK4;rsNZ5sB&V!ZY z`DnlaF2!JD?@Mq@BC~dw!3Dd7#_-35pqAumCG+SuFMj83ZYV5g|c+$}yIBK&;wc#5^+LQeY za3r)g3{d~5)tAg&1j(62NSVzc8lWVtovtkZav|2uA z=0axeWpH8&h=zuJHT@~1eBxW(zJ&Q@e=lxxt8~S>$9s1#yEJ={{Y(xufOKso=3FHH-i~QA;0lu@lb8! z_4|Kh7|nj>*0TfO6CBU$2RoPV;@<9}lZ+lf-qlhu(taf}{-_Q21!wlxxYk z=dAvom%ug*OH-OJff0nH~_xYQX0L;$JjwNg>**OxOTi}A#dm> z(l|cG4_;;Y8@B%MHe1K#c!M)|=TieYKmN*{dhlf->w@~=OVp<<<6ZZX<$k0O?kD=> zYzi6f?dyVdzRywL{1`q*bbOEddb3}#VCh{KU-vofs%8fJ=!|*(g-Xi6Cn7}x`2F%| zTc?wrRPr!Ccln5BUA>SOQ<{h_C%)E}^k@wx?}2+nN?vb$@T23ZZyxi)P}fQ+_%~g= zzqehnh2hj(PWmA@l<`4wUFWFbm)?)j?yvCue^M~P-G)bWRWNfgBRf1SuHHHQzM{?Q#x;BRPgE3tVIrPMb2@C(W#Vt*Uy2(j@9DsLWFroT$#Ia1Y-(mQ{ayC~q#DF$mfht@sB9Xps9mBlzYoO&!VPS6DPmZ~NzjCMx{j?yK=O;=h^$qL=4j z|A-&%$oz$#PwmSHDYOPojFg6Xs2u>STe`E)4kglPBC&K4plBm2IeafrjJowhaCJC zfcbe+5P7PG2M52OWGpWCa=$2NinHB)Ys+D_ReTyBkjS#9W_~;gOzUuc?Sv;!cMion z`|^Q~iPE5q;>Z*3seON3RwegqSmd+HU6T2dA&Sa(bT@vfa;L~Hp^A~iaSu=6n}@qu zK31QakkK{H?UByLJ+iOl@T^HyUrN^nX=^D^Lo&DyZp5CPX!kdsuknxGkLmZnkf$Wa zzDZoZB3YtUD1b2sK`2d5lzwRGE(mA82{K5w^A0{Z7-gHRi5RaeCpBkR+25--6p>T> z(bqDT6a|3_!#%LT9~L<-7TT{i0Kn~iD12%G9p-w6Ol;B<`*q%@Nvz_r5dO_bh*H_FfHXLI*Qqr9-Vn|?R3vNav4l1 z@vTYjXL8(;APVJtl6l{)RKfYpmtGxGr=m}dCTzpoBFPEh%hu(WZ67Ky)l-*U$_5Sz zm&;e>efj~xAr2B&L392qAwHn9GxG{v}Ee7}7`u2qc$IIT4c_v0qx7=1JzP zlj5@`k)p*J1Y)cnLF%?ll3vsHNx~)=IAXDw@v%WLC(^}heZa=M7od9=9lJLcOurs* zod<4IaZHNR$fEF8%ERHFRK3Dl(aTTKtFd|b2swQ&p5+imGA~K$i01U*Zku5eOsGWn zeP}s?L8@j1lT^dGyK;W>g#@@#;SHSQ@4Z&iju976e*6N-e-E~xnF9iqadBSX*DHhX z&3ucOjY-wWB0UdKMng`+HWs(_zZd17~!q9FCB%mEK>4`yxHc#%}YM)463OG5oAo0E_pj-HuG}%$HIR zo8&kUhw4}-5b`HyN7z4Yv=0Q~76QR`MfPG@65RmjJ-7bWctBcg;tOq^#RQ}Js#_g) zafUdRRpk(K1Z?1489x_3aCyemEJYlRp!xY z?B+=%2N%udLpOqNwan^+OHkdhsPNs@RYjDyWutF?eP@2?Acash7)_Dm`QU~X`g0t+ z0dWjR@mM{8m4o$@--G1j_U}!dY{8@p0%H3MSaG}bx>^6`wW5KZ0OX+m+0$c5Y_Dw19M|;82U=TPfM@Mr1Z7FY_0K* z!uSjbW7Vin%{myTYSy;(jz0$L$oG8iF8WfA<$*wB>pmfU;3f4<8!vz7NF1qP<`xGc zkbmhO_<)OcY2NWma%T%`A5s{KVx`f2&od1u?cb7%!3u`MtWW#Cz_6vmGrFecQhqtA zY9gT+mF<(Es9dKMuwbzlKKRMLKv@ATIj>?DPwT8MG^yXe z#?&)SC~1EC3SzPoTF%S6AHsT}6{g|#!H^sH=roPEP?!R5{C*P|hwk{=Ocwqj7?GKu zedLfIt)V%x+m}UN<5k8>lElj;@_~jt!5{U?t`j*~@N0D;is!;HKQ^!(#=!uXfiD!k zk@{86es- zYJ0+DHv*G6h+Dbkd}zXG>;9-5J6avC`Xe$SURuijUeNfc*y2xIQDohA0FDeviK1ll z%ln$_5l?XX`0_hWq~gVO^XFMHsqYb3l$my{Pw%C8l@Js zkgoa{d-V$IB~(HD-8?zgK8@4YItYRA0wkw^j}7f$6D2y=7Or~pDa;CAns3s%w_xN# ze1Ua`9YR7~pD%KMOa3*{;@BQ^BO^-7{ZY*X2rPptw z&#e^-b&x_57WP+t!iKN&WeJHl>M(eY^W{=B<5)N6wy7k|X3i1k(~#KJ6L!UfRC+*8 z`7<2rgVh$;#BR6mA*p*?QqB^83fw!Foa)T+@mFc_D6AXu&N!|)B?Bcpdjuq0n&tbx zjuVIhXvKMAVyek7|4sX)3#MCcqrQ_49I}`CVsPFoKLRw6=IBYU(}u71wL6~JA!2b| zB=4SHAI|&6+Ca6N$IuU_3r-o;j!;>KJgQR@36JnXSM1>qfRK>!$K-w6EjyToT|&jV zUPmkxzu%86Vmv+;!&ATkvPYlQA&^gax#e&n1z>siU}0mvT+coq9LxB7;Qhb?2+$@) z;|n*e_5R{mrUdnROLJ|_wJm|Snez%Xn77q8<%-9Xg^m*c@LgY0KYm9Q_5}|6?sLCg z>$^mu$RFfhg^vYpW-Stz@eR)JWp`9HF8CH9_!0{PmL>ZvUL=FpjfC&1in(=7l&#q( z{1?(Srt7+~IP6hZM1C*25csbQe~OB6>4DQz_$iujliQSM3G4kDbqpV(YJQe}ydJ{D zmb%W?4oPKP&dz)W|M`YCCr| zJZly`#8hZZ!}lz>uBWtEvHKZ?B*ZS_`i+M7ZSZ`fR3C>z_)sv~v$UsFE#Z~a(T~m{ zDB35jx*W-d`0IW^!WLVg9h+IP7Sn=)|2Q2@TShCk?zfZU1ZV;I{OpG-?6bcp9}#9P z^W}DbAK9YgjZL!opvGj4!^rvobrdPlMBxZ?tHP4TLHa6~z%4&Ql z#&jBEs@JPKb`~F_cxm9IX}B4FXNTV3Ho762yYAuE6k|*g1^-Bk6EiZQx~|xocvR`$;?tNa*8NOV z_K&3N+EP^8qQ4|b;8CJTkc{#s3QCe7`RjX9eMjBXRR%=ZVTBoFK+4+N)c5+mk-K$x zEZ%XS);dg(E436a$J4%6?Rt)AefBd~#g`se6P=3Jcj^u&+ITtf@-^S{hY_cP=zwbQ zrA#}v#&;{12LragWw6ho5ApnYyl&r7%f4i%LnOGNxGv;dgy7t5V*tGk&@b3O-5ylJ z-aJS%C;3`UD6Aq8 z|32-wY+c~W6e4-%L`ito7UlfzN5MsRkYHuIF=D7+YY&FvP=@cjV`E0B+ zFZhpCIscUJQTwXpVv|N3BHASXEW%1q-uBr-6pySo#vk@l@SQp+CzQ`gy&zE%;FOL& z{s@68vug-ezm>;~JMKs#kz_um?ajPPy9`O8rOY;#}D|s2T=um)hY4Q_(1%VU+XLH~PQi>c1P6aHAAIsweE|=Jt9~fdr?|S%9w9b7!U*q5RV3TUA?9Mz z0iUuFaW{;UE8Svn4~T~S(_zVsG?TomGF(~bM#}b|Nx^2*a(oiT>xVgY?$0)UQ%oD^ zNv^$&4tTOaf^aH9cT+)P!d2T$(2WEbd)}=i2u(DAKl{S#?K=%Ux^wF=1Y4X#dlCx& zX1O1qmWSrxwbab}pYi;eS>XZ$O!`Gb^_o!|rpeIG;*3N)$}Hh=A>z<@-!DoI$NlR_ zq940L84`cO1HpZMd5+_aI3pDDdjCmHvhpZ9AL&;()R6!*m~`*u=}J)cmkv=dW~A+! zLIyoMp2At+kLW%8PDH5(&fq{{DgB=B_ZF5IZ}ULz!)ZNHWywT>NNrMvAvWfY3-0Z9 zfZflxy0hW*QTXyDJed5Hbp_CpQh+E#*&_7^eM|~?p%%8MRt9kFX!p%cyx4%6)e^r7 z^Q488HXg@)AnqyG=QO7NvCSLmV;P?^enE*89)FR^1lDnYz|X@mmH_}GXu!3a;w#Dn zqO22YMyRpY=T~vamdA1R-0^!I2(caI8=t>)b~);R`%TzCFL%cq<5{=|CWQezRJK11k^}{!wLX}{ZjT>F`4Y|tQ>D$ z-Nh%(iEWU+E2o3m0UG#Zr|lhT+r#j8!4S*OV&AXpw!<2f!%ejsLP@NcmGw;}MX@|@ zi^*pL*E;R-y~q!upWncNFpazx4NDZ{!agoE2hj_>{|5*)T4nrg^S>7V(Xm-A1fK-Q z`Qyv|wDrm0d`e|SCecnEhzP2Hw+T)NLen@dWBic5{Zb!8G9`*dv`Ntjk6vre0n#_2 zOR@y?QFAKlh|G@2cpmT@BA68JoH9|>&D zz%J4y!S)T7JY1{&a&@<#ia19AGm}jqeG+NLx3z7ziL3djXHNck8hSAu6zQ^(y4pY2 z*m!za%LLOe;cEG&LNFbpaL2g_>4knX&V^4hbMtVyi;)^mE_3Ya#)Sz=t<0D5_Pg#Q zu(dh>D7K3of4JWGybjz3*w~*GZ%mLx>@Jh5RBM7_U4Jy>Jrr{XCKG@63t_>boTHEL zJyihU+G&Yaa<;376-BtG#(A~kaTXkEa0E&ZEpniI(1&|bJeIeM5bVnyO}_ks`DAD0 zOlPlMxtzN}t)i^88+lWQ{tK&?{UeROi1%%@PF|O*Sg$5?GhuK?d7rD-(c18fi9JHc z)-hfTdJ}bZK*}8i`l!}9r}j2~cQJb8kNj$)9JW2)+qtZxo}eT(JT3%;Kw|4VDG9mj zItVaxQ`up!JR`fm(~ifYf+~E1ACb{C-+I3%F*ab6U8gEgGOMJY_vfG6o3cke5T4fQ z{29;q{g9WAkp4CUbz|Z|zp8+Tne7Qk3S50Sh8ZaGV{udnVd@|Bv>H>kB(@1IdSBZD zKhF*X;J^C#Ng{-O)LB(})7u#{imhhU?Cavk`hFKG*q4xA4wu0FHLqxUbC5W@08pBA zaw2Y<_W_=z`!;iQX{&L7JaTc{n#*(^niA0kF8eE*{> z%W^{|=AZMGM%(R3K0#CmO=R|M-K`wDfE z#y7OXsaSA-R{R>D4Eb&PVo1@yqiu_bnAA2u$?wPkv3Vl`|Mw#R8xvoUlme51FWP39 ztAwJe8EU}HaKBFb{DG||VER8KaY`M&$@6RUIS%=>Vo@|i_(Xpy4iT!d`ct}c#A9XP zWdS*A3{pixXd?vQ{Brk9>Q+`j%|!_whe6T{)wHE?Uwb8C-xKzKgC}hgH7tZKA0dyW zsJ>Tr^4>nrkvY385}9M0!RdqDMIUJ|ONP{alw@8Mp>QXkq%m~o8igwnR8@RP_)E|6 z-T+0VR~XR0)8Rf?Ou=Rg1j!{%ttRywnQ^bWVINEBZ|arcCT7j{Z-qcl zaaYvuY+A5d*$kEMz(5_*V-vBf_BFs8@A&T&_~s25e_~w7p?+vkXAu_R2=!Ksn7A$uhzk_MF9d+)8Go+Bn8GBlCC%JhPPDBNC0i%6c~z8SxG zR_^DXvc60{xt`*|% zJtaO)xQ#cDGWJf5p%6D?3HA}@EXFYF{c0=Q3zew1u%{L)|8t5z9OM;w_!cEy6YWYcf zZ!qy@IQ6_2uG!^Hu$l7w_>`2tRW4rx)7g`*-~2AgDyHbN^zIikz_cYt{&JtVe7B>l zrtvqoIEiigQrG<>k7QPT+7T=~f}r~NP3^I)#}}tfYxhgiAgvsH%t7u{~WYt^R!9 zq56pzmWoNzAOf*;v1qne4mr&83f(zRwh$DBpKI&4=KY4;Z}ZVT*i{|Ia_ydY@2e}T zMSSQ{zK`syY_yYxj@*^Q3qP5xbCpEzq0#WR?s$kuHE+KMo*?>}zQxC$Gu3H7y=!rU zRz|$<2ZxY4k5m|ww+mk@PEYu(pgJPuof}^;zK2W`WOc~j+aig@U$L3HC0{6=7!bH(AJJ75{3*qjOmic2JMoa8qM`n;xOol z;LMege3~b%-(BbS?|E$Lj!uSa8X>0H&uhH4lzLA1FZ9RuzhQI{{gBo}?_2h|ic!U| zgBNHHy|%ypBxht*6#->J|K@`yvDU-2dFg!(hkO1IntjX|S7&tWn4jSI0sRTw3xSM= z_6-x%%d?n_a8GxsV{(MlkFkB(u>-tSGNI`wzxI%8++QFBLrBP;w<|q_%M1&FNpRn= zb>3szEq_SzZ~bBI5e#P&sxP~}9N-P7*RVhDXV23of?=WWBrFdlM)Fk34K!_RID?$c zEx0HgM-K0}5kgdSUw@{O2u+lqbEdey{*LK|x*rs5hj~HE`7jsn_Wg2t9D5|cS1i)P z#2hyzaF&CL8pXC!H{&Q;tUQTu-P&rpJ;hK_KD8?xtUs%S%P&Bnk)ad;-Hc-)tgKL% zox=5z3v*of+}_1#jfhu6UZc3Iwse}h$Y-K`*dCyJ=)d3R@O$)J8k;6aK48awDe5^D zw}@F*9DSa?`&{xyAa9Ffa&Pm;?I1_5(Q3@^?QuL%C2{;n^9o#!wAT^u_mE`N`r1Ry z(O|^uX|bTHW?$qv-w(w4ozo52{J}+GZ_o%jy?hPUFn9nAx(E6ey1K=3;xs!QSRnT) zr$Gk8yau3QPN+rS?u?yMN2HF*ovge&4BGS7^{5^@VWCJd@<$Cl@b2do0-b@vD0tpkvX1kcf}@u z;jQ`l?ZMdlqqpRK-|BOqrX*iH3}WUl3@yAF=^oUy>Rg%JG%ei~_ZaJl9{rGx`zhup z#>GtRLdrZ(1N_lB*F3xKZ;Zki1{e*Ym$v`l1F|>F=UrPQ0gV^D@6S7-5kKwgyzkLB z?Kp;K^L2lZ+O%vZ7ADo8Gl+N&4hDVRK(TGOb5#MQdlXH6;R8}*eRZ7Q-qnYCpI)wH zPD8b?a$^~xRm1OVN2lF@$x|=s?GCQ&OpDwk?nCx)t#3T~w>Ma{toG}S!U@PtI1T)m zmPjryxy)}_ghVZORc$Ul`YxlPn9!z>oSIOeraO-zffyn&q*M!Ia zPd|;F2H-J0R__po2~YoZ)twq-N*FIEM5A78Kz8c^Dl2QoT9OZ=pWq_eKeqj`8<*Wh ziV!C^XSz=@H^D_$UF5_uYpSh&3T)jqeeU%%)P0jmCo~To`J^ePpUv;XeiGB?A|b*N zh!>i@jw{N7QkjN#nmYncAOQ;M3In^I0RK92zIN81*4Fqs;5`&4g&@_&MU>C3`fKSi zohV|F;E!x!_;;tAErF;t@zOPt+~@6}N2eq7dl>-OvQq6=!BeM7xDf;UdH_;MxXb%_JWGkZ)aY7_<64A6_qaS?F0UB#L1eoU2JI|~ zMAsS4y*jg(OU_XF4bgoDbZm%Ixx)e>=zgh^Yy7-?d~%=4kyI5j6r#f{s7E)KN;s4)^vQ|a;cgJL>a=#TCYR+R<7r7&?_oX`}c%G%0Ia|)}PvsAOPKz5o%^{^4I&oNZ?;w_~P0bn(6?OZM8let8P-=!kSMA&=S z`y@QPif(=tnS6cShT!Uvt=6U$1#3^0J_G)qe$Y`&E{Q&Z3MzmFhf;iyF3)mJRISHL71==K3;TL zhao)PbN`q;oj$2nH%5+5=2XolQ|vxlkARs&{n@9eqra#{U2Y6KJ8^r(1xojxrf%Em zP(Fs~A=O`-!nDTWE*HCU@u~QgO2V)1bjORPHi!05QlIbHH>i{wn5Qt521_R+m`y4$ zvF!Twuk>drhki;g+cvc z$e;7$KXfGSGy_3@)U3ou{hx7h45`5FMEWfh*qD55V!vn-XRd!12LZxVwP6PVPHY8T zxuh}2!0T>h+`5nRMlK6~ZeeI-BSKvD>_Uuk5k33!rA%mGnK?8@VLTHuUweV=j>zEh zL6XN6C-X4P?WO+<2BINsq_LRc)iY56~iQ znr6Sfv#}jg{clIG=&Nt`*SZ3Fk^iXZu&8FYAz>-I$ zJZM+7Cr);FVhpf=y{}yPGFSPH4IOV)xD@GEe?uxy!<37KB4x@5|GS~AtpzuB1NubK zy&h7&I2q}T1~h{ZzkThKU??+1fg^|b0k;VwM%beWbP*<*(2TKEu1`H`8+Mu_^YoB3;=Q?R3O_e1c$zlsJIuMiHd@o+ z@G1+%V?-X7-YWF#(6fy}iia6%%M$m>%X_^20%U|IDO=U!5!uH(4J~@c)d5-OH!SH+ z3cCR*Z0ZNC-DHWA*3)njd*=dp;oRU0g|F8KUHqLH*{d6_SYol6Bk>t zsZ-V_%6k+4a?SDY93=PpNuxSBQRfq%r9;UikV-ml zJT?wvP@Qj;4*9mP|Jbg$=RJReU$*aLtJ%ji|f#j9?^_GNw9$rzJt%&deJ=RoTO9(GgVG4||lG*PvT1c;o z*EjtWC$=94FfXredcQ3<`JS?W83++-$7|u6wf6|VMjbs@oT_?gPh}JJvGrF{ zX!_R$aQ(54hU}f^x$&}r%a{;jqWE=^2TGpfCg%TKSm17&jrwr6j#MwbZ$Vhk06QI+ z;rip819T@o6NDeI-srMlESznu1iwgtjE#W0**}z|AK*QD`^1pgS z@Lr|ERV@J*(aHfd<&~W5lzYGF8Z$s`nUw7dM8kP@>N&mC)PR7gVMP= zLTdiH-;RcXw)~b}4;hp-2L`W(JW;>)SGq5LXK-8NeQ)wD$QI#WgerpZ8Q&hqj)}1; z&oOI`cr4NEpFqudF_*)dFSm358Oi{pCk#KM z6flXz;gUOn+SyZSbud#^4o0nL^$PQ!enn^sU`86;S#1!?r$p4b{GJjLu0ur&SxA}P zZ@cJ1qVzH|OOFQ0hW^LnJN#&4nDandKDJ4*4!W(^mrC!&12Bg0-{St`9^FaU%PGb= zh=OOrNAc;#zFqSZx9Z@JALg;0c@bqeVUyD&Uhcwu`{d}yJwPrk6&g0m6u<8aDY>A0 z*8d)U^H7EGb-YAn-B2rJ7LW6Ny2YO4d9Ti0HyQq1gt~{J_&FuLj-Y`&hgN#eX3guQ z=5XZ(Uy$gwK6g^B-r461mH7I&pEI}i7ne7N$mkadb@e=QgR}oCvthqMwxYpmmyMZ| ze-|K#VS>(B;~HAf2WF4(z$4@6$RXGB-eD*nFSPh*k%|fqVOUpPd13(o1l%eR5)z*` zv(Z;Cy*yewek|AM9-hB~tQU_`q*(wr(_#8TS7O*#`Y9^!t_AnFDs?4?yWjT+^vn|q zhp&zg=vM7r>0_%MvQN&YXuQdEC0Px)yQ39>UV_+Q+XiY!i6ry=KqD^Xd*GAYuj|8Vt{DN;dr%ar~)( za6nJyu0AZSw{)H$AzJR+!=vuo&wZ6BIsLK`K*|!- z9Luk2YEmvhX2Gr|cVB5@%057v=VK+`>ivXhuxIO8zmGf^jb3gCi2i&adV81>;<4Xj zwK^!TU$$mjl*Ld}38U=Mt5TSBM66q@Or(_IGE(hvp;n{e?!8}t%iezAo=}yyxzKT2pp=xjPv$w%Bn+?zh?W}yD$Gci_0Ltw282xS#_&qp z{8_vpJ`&2_jrXh3oO%L6!R4j=fDe5`nP)NQw6oy5Dgvjl22cry=p%Eh22)Vi&kFtg zuUGzFcEjZ^EK$Rnv3uE(+d@LG!s4B#s+X?d{n{j zxw1H5A>mZ~v^=dRp@bg3)pMfVY;WTIGl3oq9=Fa5!1tMPriA%Az0nY4)B=CP=IhVD zT6+O`+Yw85P3Z(=knUc013+X@ilA5dq-?s8-W&-{{dRXM6pV|>ky_VX6Vk2sd|0&d z?~I*70JJvrlUpxLbOUnT8C^_#>g3U|0sm2~P`>EW;nk`sp(x_Ab)>(|qKsZ2sL-l* zH8@qE8j2gX`f-4kJcT9U89dI*aFLoVy1!rxbxGDb1;NI{YYD-#B-#H zx;WZIQzE`nLN=%Ok}A#D{3)AX+U@(8i37RdpuO?8eo=?Bte-EpE2q9T(I(V`S_u6q zB)HZns>=(;3MO3aa@2wH8SNrL&YlLDC5@;xoFRHJlTsj_JaL&E*aQx;cnSbH5d49s zq-bj=@2#BQ??HJ}(|)TRy8ZF$?Qlj~0_SyK+J~Sh(iNmJH!}|$+Wa+&jA{n7t)e6F19#|+O54LYr^|)LF4Cs2F5jy^qmmr5{l4vSHr$-O8%=a7 zcxORP&G+T-turoh&(bwvJILRTg$~KS$H>9sDYsajVc@erYZ5?Felc1U`>N6Do`U`9Eg03%rDJpKqdloOnGQ*3^U_HGSH@9Y3ccDu2K5m@ z1z=xuN!uKq`si|pct2?->Ej$2L?-m&Th#w)^&N&bN93gttJuJmOndvH(9STugGSl= z63%{+*E@+{!1aNH9v2aD_dNPKy87R>?k}ke2X;J_3zcWM0}sVQPmolvfHJhO92MvB zSoPced;QK)%TM#j;?mmn%1Y!C)m+`bgTbVk7Yvo$rdzc2^f129 zhBS6Y&kHQ1{LNqUp{BWdLRJ0U#LtkpubSQ+F{0tQuFuC8;S zeEr%u5gbz%WUigbORdG9f6imn&U&ZBTsMCz3$*Zdy5CEaTqTi^40gX?d)ysY-*;Ag z1>%sVG=K;uR4Oc9S=ftr_wl^mp@ZA$(z*hC#``~ps<DT2~uuq@TsT9m4C7aherN{8tXAc;}T1T zfD$dZcrBxg9CW&+bkOsF7V=gaDedtDB}FWZ5SxHNPI1e}MFyg4K#hDP|LFrNSRT88 zdW3Hj1vGTgEuAHv1Zq`}MbP6R=jPyWIWX@%0ErJ%_H(?ly{^X>rNBFA$s)M-K_D>6 z>K6raOS7)WL2c!Id(_D>{!;;#r9Ee`o?ie2j;7b?YvdCP^Bjvbg7fiDc%EMRYOVQ@ zS)T)6ba%BcbKbR3u*qMS>cm8EJiQlFTSJ z`_5$^GAKBKFI4OGA{Zs-I)3UhQSHd#@LI9lU5lx|V&UOeH~%blb> z=DqL3HZOOHpXKxVmI&pYSaTE0UCn?m+wmskwVq;7M#LUKB*4(Dzo!xYR^879{Tgy( zWpR={R3^j($d$^|7q$|CE_Dw&G_`(@04QYP5f|NgA>_BiVx62g%f}CKq&;Xs$4=~; zcK_KM(c&q(|Ax|j-OmuA0@m|{-Q*3`P}__j-r)-+kWEKF1aX<*M`kR7@W$-p(e3vA zB|Z-~vOdN%WR_gQg0t-xZY-U05D}idRef|CkI+OIq`lb7pGO-2GVQJjA!Tw zkG@!;8kZh6(IXySznlRL{4AZZT{{RvpKUIlUh9qJzU_9k(V@=G3=my!seN~9GD3dt zgAk%0=|`UUe?D=>#x|Y24ofxMHJ6H@4t2fozXr}{D9MP{MzH}@tno2UG6BSv zM5js@wC?ggXW0kU97VUHUX1nC!1afk#a?d{9Q6yAi}VJ+qdN9rf&`e(@u2E2?xmRb znY5?dsnA(KcR~ViY#4*5`@8XT#Hhu0-#-w}6L!1fJcX08C$TM@BF_b?^2#xz=ctSM zm)z}Ze1Fz{`*v+5vfRyIM_1Fw%#_5lVK1lpuuUg|?%@Yx&9E2m6}+gkZ+H4CFF|%& zp^$jJp}4umj-U~@x`ee}?Ao-aL`Lxk51*b+^84A<^H8Ca*P`P-&Q9)orS!_>=RqbH z`@6vxdNkXyrZnzhdHyb`grd0sO8canUNpZ__Upo##+zU_f%rT*kQvoh!9L-skF*o~8GNOrREc(%U{DwO66r{b$y~ z47I;gFw?P`>DH!Pec!B+Y^YnlU~e|dJdwl?kt^%-NbPZbG0lz z5G9OY3Z=fhCau@mH1?`u)bF-9!GF<=Yf>0Pc?IG*rve}ty43Z2e9AlL`+ z(!^%t@W~7QiAP#M(bvB9_aQ!LS=3pF3&e)lW9>yfaM3am@l^TH#)CG2F9dxokSL2` zPH!hGE0!Z5ZjvDI*C1zK{izS$kKQ^bhF={hHXbQ{BGj`JNqaX1TR zx(4E&QR~mL1tLB*S4|UNktI=V_|CMBrM{0CdW++evU|-qhmdT6Ww$8T^+A>(WIk-r|`%QOi|TPstrp$ z|K9uQv2*eTwZTS$i>n|Av@aAWNTrG0M>tZPFYY%H-VM$B+#3|>A=A3wF9v&u1OV;K zAja+Jt?lm8-aQBDyrbt&e+cg-bo+@=k+s7ewwO2=xA92mS!T)rYA)5mSRn z6@EFH+^YMy>~(M3Ym}RQ19yaZK9e|rroqE$e&hG0w_LGj>27?D*Rx&!?gbq;gS*Uc zsB!3f>N}xKLJ?UBy=a$L`Sus6&OYhSO9Js(nLImccKmJ7J0BGHw8E7+66@$z{iGnh z)Y+1g1k0Njh{o&8gE@{?8_Ld>yncGm==8pSm_S31ZK(W8&OnU#a~dsg6ZmHmFA)Xu zFB0ijR0= zM{ufs+x(r6X79LpSTT@YG|OkzdQCSit|zYYQGBR<=dYc)KG_thxb`lsK0YYW0w0T; zPvSgl@&@s(EXFKXcn%+@)P`ohMZVH^)8hc2A5F?8B zi^E!0&Qn7pXg5Z`4?s>td!BsV_cBn3A9GF>nMRH7lRvsi_|wmiFo@6G?vkKPqIo{; z$J(m#sI(yB6m05l-wN%r_XOBvJ`!t_#pmkMbM6ZD=@ZoK4ubvgV_Xl7T? zGkFRCXaD8kpak>>{|v{i$7Ve0i>LP4=|%W~nnXAIeA0GASABT^|K|S?XW=`1{GYi7 zpTjWyG)Qy1(}xQ;%7Q_laLZA5g=}k2u$H!0(iRG!M;##);EJWMD&K?%ycC*}X$X7! zQ+|Cm2!Dx?!YhU!`lz70GRJtoX?ncW>F1u`05egOer+^)Z}COq4gWPhu3_a`Azmmk zT%%?@8?=#+`U2CBeHK}(V=w8tNBotBaMM=b^CG*JGw&f_T0O)V4YSt?8G8V%)t?Xa6ROJJ=tE%UAJH-i;q=Q0PiF7z_}0%h$svuQXN84Ck81`e`p<(Zu)exD z^8`k@YW_|@76;<5y6!`0enoT)RKok1^9u52^Deu+?HB4gTMuz%wY5Ka?l<_Iw~$)H zBlEl8t@~@tJ^+WL>6wQ?@(`q^5bxLT76Q7cL6ydZ_R=aC^5F*BQF(O6^Q!ETF9Efx z&>RqZ8F|}{aJ*xERJ*QhGCvNPF}b_oix9*vnHcw%iF^(Xo5QaQN_6UBlJovNca2Wr z4g~&H_u=TgsJxQHt;fiZru92Lran#~zP&u$&bBWT8c3&;k;gg3gB(`oKp4x4@ms&Y z;?7vo&L@R9h%Y`e>L!vJyita{JPrmD!cdAkl82o1F=52b$kXY)5&eq(DQ2jm$%aSd ze8f~0pQb?ow^oeb2f2a6ab;o7^;v81qTjMXpil<~@u8;MeqSDjcH9fztkaVInc94$uSENp^Cvc~I z{5_Lyk~1n4NA=2C{lODtx#3&W0ar(@`4JF@+tlIvUbR}Zs`t8KoY3b^KU@(*Xty8z z*@AY3B}jq!La<{G+nbRRz&P~C4ToLzo-H2-_zh~M#}#5!s?Pr zB`U>stsP|gS5q*3GClvQHT-zGKUUzt&9U3Rj>bdmt2^>Z0hX4cU1^jkC$fSz>=?d; zYeLP8*QVqnCR!gB0#BJT^+m=k?~WN{u!Tx~D@PU7%=^ay2D~7@gb2CTytsqOOG&|S z|3KO3lRqoiEKG>>g*kbb>$PBXMJXNQ)scthn0@#~aN+Ebu~EavRx==dewq*SQRy~RHVLSEs>!jh<8Y&&Hn7@*YfuXh_|XQ371laezUl6kP^IpAi#hfKCo~({lw(*6pC$dTQVuDEvh)BYM8@X`%)?!=JY4HSLwg2Z@glXDj}%5zJIQPa~3cd%ox!9 z(xlV|&1Qu|#0^`q+`1v{pKW=kcNZe3FI582qWpuG4%@%y9=iiU!rWLXZHJ8J$*VIo@#}bAdWN_ z`@TOKo|w!Ar#-jQg8yBlw`0-ZAK^53x2P0}4_BOG+JRd8`Ukx6P z3tmESJEB6d=Oh&O8_*y~4o!PIm&IjT02Kpj9S^(Rx3=fgDb&K-NXsVFI*U{Llp!v; zB8=g`5z@Hs#NYiYsIUhtfL87`St#ucPk4{x5Qq^oF9c=bC*8^J{Si(e-z=6+((hQ; z_}ndFvc5!u4H>7HOJBF$)Uch52ieU6>P}yXAw}o0$ZjGZ@Wt-~^4Zjct!{Jge{^cI> zxprJu=!?Q{bS*v#xCbVDs+$7^+le56aa{Z9RNP9|moH@Y@KBq@%9Jpg~7Lc zclXF6hTW`Bu1*|@FB^`7#N+Y#Smon5+H-K{Vb9f*-^wfG-dJxT31A!9UW@bjVR5|9 zW=4^Rmu+=PSS3&=+is-SthicwK@shI%2b$>lvt^hePXF@aFy9lr3O~jDvDG0*kPJV zdk2Mr9`HbJ;|(ALlAFMjVO;f!^6y}s4uSlBk%vdKv&B&M(otB5Gy4M-4-<8+%jeL4 z;dS#oj=-B)N023H=Kb^M_JiWBblA0m1c=yqbZ;8Fy)6I0;AEjX{R;1&CjQe-%Q+(S zPhw1=S|n~iC&FHv&>Xk8=~oDtT_r;4Sc_f5-&gI;IMIT|eF85U|LKoI3HMsXnTa1xL~Wf{+tB`+uI{H8{Cjw4GJOW7<2mXbO%`BEG})&W zuX%tdHIagc`7%kcY$NJ*1kYLjp~5Iw$RFtd`oxn{X$VW7hmcXb+;^|1z?sDcQ{hg$ zyQmK+EMZ6s?~A;?3cq&}U|68EsCjO&K+YR22Yb8R+)VvKb>_$3*mPQFM%&;CwZiVb$47wRp(sz6G#ysFOI080Q#gc zFLc-ywXrnahfW>|XYovW3-9oEF5t}a5c`q-W-U*q%C$+u#@aHN0#=6)(Bfk1u8MRe zFG*t^)8{q0umSVF^$&E0zn}Z*Xut;Z@#Mq9WjUL$=#lDE@l(2g&C5iBjty;` z7oV*Al1WL}bp&I1B#%pjzGH0Yag0Yi%^ANZ_F^Sgxm%kE*SYe_sY_O`DYzMeV~5&+ z#j8VS1>s&I7KTMhlv)C_4#GqL0mH!Tc@K>)bI%$@y9y_}VR~PH;>qJZpXqC)gvL6* zk9_zhvVsA%EQ8!{-+n>TD+95Cb+~qHg<(U(){m2(9gH(7B1g0e;IM3E z9zPkQmmJS7-lJZewk|~0yBdOVqba5hK@Vx2|9UlU^HT85p-1_*-~9@Xx|BJW%@9LN z)$bRhMrrqH0ElKE0ftDJy#ntCJ_>)IV3logz@%lo2l(=!V*2}j4ddphb;jj2v**XB z8y4>c{a+$V>1HAf*chSHg%g`pPnT%_Y1F4A4?cn7n=X({C~GNml{fP5@dpCTX*Ym; z9qGaIY;%j(r_J#afuT3HDiWx-@Efmf5l5oe{z&g<1qKS=@PR1c{s*?Gl%SH^t~(@R zy@z#yD|KgZCZW%}A4Ww*ij;XQZfbVcjnbUJ23sy_GR&{rgzZ z06c7G%pbvJypIm~vtG1~#ijX0(b?xj;2HVWCz(w!ROVEyc7H?r>M~b;|B%H8{q)q< z5}N6m<@zt|x1v|Gpa06F;raVgf0a?KKmJt(Up3bz^@pYRLM$<2XyIR+6a1bxKN`gs zw0%=v86~@UA?!#_L;ehw$DWjvNlNW$%Fz_VJ5Boa+@F$0K(hCZ2b4Y5b`N z#V^wvS;@?c1_~ecDOQw}d(Dl=&t0H1={OQ48d&dV4Ki`ieU0PyZY)gZ9wpfB9BzJ& znW9iNWX^Fj*=i4OzJ&gC>~=LCeAPX+eaTd{!JB6vA}Yj&!Y;$HtB2GF&%|6n&edTf zwi1S7{spA|w$o0Nbg4chTRPm6hB@!KtQZ802`p0gb`y9aCUplISTBJI$xh0Zgxk@@ zmXq96lbe5Ofa+ibLABTizz@J-K-<4Mz6z*f;xngv9}T}Y!>=?J=ZqO?sok${=j_Sm z-U0<$?e{oZGod>D?PyfvTDI?01RP<2BgB4j_2S?>qG~h_@!YYj_DP;+ipg856@-vo ziN>p(-YJ?NEVy=UOhs-K;r;lykvUU(~|U?1v~)>e3*+CN<={(hO$K+$) z5ii>(#G5DhY2Eub(0h-w6#9~q^EZCTQ3*QwvwHjy6mQ7d_i&;}S#**ks&&zFyfK=! zASFIs9(Bsbj`x=JvAc0Dksb9RlxU)awzCdZC491H?@g(F5xy?R#u%MN4L@LM!6tA| zkhEBI3IR4W+j+L`Thm_det#mzo08BMyNBvhH6P@AlMPSUEH~lVO#+JK9@F)v?BO_^ zn!7BA(=9&a+1vnOAK8))1m+Y6f>Hj+Pn#gH^$Edk&J8SaH2wud-??T4fPN5fI_cnl zu4fX$)F%pJG(t(vj&oRN9DFEmG`yc6-@)Urr^>F4{(=EUrO^jf+~WX`UgTU+hkF9` z>Kj5uDmgPLT+alnH~|C<@XUSgt=9i3C>N|*d`}N_fsw16kT$5plhv8({4NtTbkxtC zh$LS(*3ZKsyGy)OYc`)&hJ4&=rf(nLEAPSEFfJ<*k@j7F3A zJ=`q;aa_-oL00dNd*6-&>#B}@Y1Z%y_n-_$$7)`jmEdyvkxpRTGTq5nZ<(C%c5`jy z`Y_$`bT=B~OUgeTyD`Md!MbjLWK>)%&0y_&tz}z@n?pz4J3Z(OIAS z@56ZQ7wuagI&~m5;}Lw&XWv)q?lvb|rNT^NI3o@f{y1!li1{k$Umku{0b$!2S8E!b zgvn@`kQqU*ALYo9 zW_TOZAaTBxtuz?m4FkNF>Csg(;w|#`yD|M#39W&yF!D=$p_dWcQc2tA_4EJ)Xr9@x zHc$M*yM*z~C!?&mEhY2iW5tgl%Z>VM{C8p~b?TS4YZOE&C-zZtWVMueg_G zdj{R7%kLdu2kSk<{uZCT?osSDzx}F>1<>)GLRSDtEIc?*taiJBGJirneR#cZkRx_& zu^q-CL>u6$H()Q;-0yhxMsMRE*DaWFFu_PT7(uGx-2npOA4_MpwI~t<;a36yflC2d zMfUYh6a*DyM|k=P{+=^^rrQk{imI&4jQG^tqWCZ&hv#zQTtfZ`Z(~{eS7S7Z&Hm10 zU{G>II$Ui2*<+o4Xkj^#@F<+`w8aV82&cBYlTcH6{KB=wGM}D#@JRNFPiS22eHxA^ z=4p^u0hT)7eY&~Kza7wXSMJ_KCD{Xtr3k+S^LUkQI~Ztk`rvXM2Uv$=brzCEA8oH@ zWOz;@Gb4X9?Kx{16)oHwdCM~h2*10vUy-SpWcjDmAC08c96P+;#kNio`BGhE2;blA z9`TC#!7;kxT~`*xSQ%(`#95fnm~5S&E`ftalgo7+#WNg}=J#uIVC}#pQMaDa{em}X z?(xB9{!|Zc!FT(7YK%swXZ#l50Tvx85uZ|M`68Z>$cT$q82J!3@D_#! zP=8&e>2^~~y5&4lp3yETgg=HnCe~_tmgd!zCFmD?a`~|g8SQ!ywFr7_UwqGdxg+#r7d$ZQ$uiHUbju^5QmvH3)+Jq@JYZ#4@0t)9{xR>g$}h z9G}C;7%Y~)eYhi35%Z@I-Kr5fBbq)AC`K z8exz8+k;(hIR6yocUD0deHLb{t8Eh%-ZmQk>7#^hqifRfB}depLdY~;bD)^X+A&Y7 z6sA=jdn>Z%?58=t_rkL&=|TRxOxMq1orb-DIpp3Oo=aFuzPFi3M~HFWYa5mtCXU88 zdY?X4<}h4TT?BBO{sv^NQYWG~RuU8e2D>To?PC?d6>N(AUiTz~u%A7cJ&^72S$`Fp zpbJQXVIWT`&*y95u`Q8t*$A)OOX04-c~JJ4W7myQ24VX1F{VGEdmLJDrSA2L4o>Qi zFXM$-rS6MG1iUevc7u6nbzwyeFX2%-dp`WPB9Zs z8EZ|B4-=8?UbOG`g5E{eM;=fX# ze`5kcE45H>jIv5EDyahWAn+9e@g{Z+6N=~$b^5J-*WlK5&4)VN~fkn#1nfF}Uc{nk0M zmiMqz^v~3{7ADulS&L%nwesQ+z!O2202hNZ8qE^20|(bYW1nBzGl9Ot0gL{@7ybvG z`_VlZ-NwqSeXdS>uYNAM-8mfDQd;ZlxCdaM%ce+0fm_Jj8?jK9nkh2J@s8{YX-5dygeY zw3qhSP3K{I8TfcL==>=H5_paBM-)liQS1&*J$ScZf)Vf)y}njq-EY=gFxLc4;^-NE zyb#)75ucRMLF14_NWVapF>TOY7sBj*I6+2Flo>9F->E8EYCisLHztBm z7dTs-JT2KwdjIme76HR`-Z$lB^i#Plx_5vvcj_X#Me#zkoaQB}ivY}9`ii5LGVA`iDhAsBtI)9}1)%*7KWZB?sjHwX5PC0jX`fK(|_JtgYN-nn! zfco6vD(GF6iN4IQpxw8&`V~qF_h)<+d2gDRHNWYp8snKJl6KrEyV{oo3?11Y3R?5t zr6S~i7Guj1V^TI8Gta?PJl~9R9I)flSl}=BX}aod z%Y80)a;-tfQwp{Bl?X4Qg9B;aPoE(;tob$%Mx4=kxv#U#NWBpf3Ae|0G^auaJsarF zPhlbx6(d^0rZFXn&9;32GO@9Ja&luZVwTUm>C9?<_yn<@)9Y|n&o(k`FksjhETl8! zFigi^oE|?R`T?kv8JvUjl0w2UY+{A0Zgbac_dvrqLP%_EzKY;X4m_kuwv-063yT8O zmdsRDkLX4;DDEp>p|j>j+Zf*;Bnt-irNo+dO^*q16~Vu<7XuM&aZ&dK$=flzZ5u*bG<%~ZF==_Bl^2Dm`?&+b0V4Y8oe z(=9SwU??klfx)CcuczVheGR$ZIN~Jlt(WYNbto$MDPCC~>B$kJhDhsg33ohD3yof- zyCZr@00Vh7@SNVKJkZ$7$Go$1F_#@0S+f5uO$;82VB^g3xt?z)qduK zPxY*5Jy6Ybvp%EdoalZKFqO!~o19Tx`fk(1Kt%&K`ndB(prjhM%)9TtwtE_8*u%)( zyGqOWwNDtE`?Zk|fOBJVm7dg2$`oFQ>x;_%PYQ*TSEzFC+hQ=PDH( zTeCO{;vH%ixWyIRb)jJ~$BB=w%fa)U4$dMir1X|Fr2KbJbj6vL*-@pm7~E?wy#+Kp z2^M}m8X(LR0cDD~gMd>-`P zS@Z4$r-a-XD*i@5zYG2p2+Uz4Y(9(?SDm<iIg<5YH{{mSxw+P4!&8 zSb|~y!KU}=yAiqz)Q^1x0Y!R$g#1_X%u!D6;nz%_qU$&risH9kPIj8Iz!u&iSsU>U z%*vg@n7bo8g&)e0mxO}E+x|wdv*2v|NOaB+oEz2ny81mvS5FP4HlEoYw=0V{V7Z)0 z(DFpCy8vT+c86}`p66KKis^|Y+=*3Ix=N`h@ztd36dd&V@!iZ-$0UWLV0K*VRmqz; z4OMh*Hjnk$m)=Hvpcrs>)hR$I_v7vRx>LbeG;>gYw$-Oo=1f&Ref;j*<&6Nh@bX+{ zk%?wA{r=DpttkjP<3x*!;ku90MWC7Zm-xAT<@u#JJR5iT2~7UDOE3M%2$n_WPK{kd zdMP|iQ`M%yXiBeE@sLBSW5ZAGmX1Xd?=OXf8Y|#G{y9OkKA}`qO5E2`@!e@h~2M3guckjPyVN z2#wSJxzF@gHTFA#jBDEZyDo~4Ch;o2;C@^Gc;4N+-k@g9hOJ&M)Q4#FM=%6EsM;&& zX>T4qsB3UXzrkIaPq(9B9WuB|(zgbnlZae%&1{!zAe$xDEg32V_FmD9TRCT#N?Hs{ zOwITCyoju1+1>or{HQqj`=SciW_f9I@}cFJdxbS%n@2|;V18fww}eRD?DKBwfZtAM z;J)4|lUX)$=Z&<{1|N?-jfhD;Ddfx4$B&vG=>>4o%#=WrAZ0?GWYePhxH zc$|~q^d67I+_tlFUnP8;EoR(zju8b|nz_sq`N(@Os`%C(Q08;rU34I` z_2$47fx@YwyYEZxv!xsBIq})bMq3H4A%SKOZD_Tp6iOng}{Ca$DV!2E&9Z> zfHd}+0Lz8p+plIeXRvOn&uh}BP#JDBwdv@_qZjIpqX3jD_DG+j7{G4n&Eeo6Il4X%b$g-TGxVM^giHP zKOZDp<~~2`Y^}dpIeCTitRH>``L&1UV;`gAXhoFwP^gQ?`v&~%l2pwOe`+TYQ<{8$ z(7d80?_DJxQ9b%3;4r6t;Nj2)0YILxK(7hz4h%XYusN^yB2W?^6o@tzI{T}8V zEIHVgr{BO~q1-KzZgQMB#PgwTs9x)M_j#oY4v1z}IB*ibvA z3&-lW-y`PI^x!@T7`CrQ2kx$>peY(XIk%2lYi`f*IrH zkTHZVh2~8CtmMD|((P*S$(1lZh}WhX8y50X~d&}pN#|y3Uti> z;u9>1&)I?a!-_T2%6UKbf+a_u2KYO;4Y`9`$FIKJEoLFCF-vkva;LnZ)(*0@I>;6JcP&Q^zRpqdcyeTPq(eC8S(fU zem5et^B4*)=ELJ@CnTQkCI$R+FELDI@Juog`@Z?sQh6z1F@Pma`LlnTB}D+7@ouun zdGCNCAJgl6hJu=uZUqmY6Uf)tVeJ@nW2@N1}U?-UpOCObg> z=mSwED(5uhi?gSj^N^oFS|O&VZvfika3G!1?Q3zdAD1N*^hj>;0WaK(W<$sNC$-cCbsqLN@(&KJtGe-?f}to(MR-9VR;{ThC^v~a zC}-k#>0m40{bd)MxO;qTXe^GjseHLT1&v&pf$wJ-&yIgD&~xNhO%M7#l4qxjjTKEe zHfD6a%D>|$rzsDPD|n#DGchv4EBhC!UAW%AK~qicSbk|D+P0M^UG2+J!L;K z!R|{=PnXA)7LT%#dEM@wB2$y~M0+dqLi*~p=|dV|C?ll9*pia-!V}CiufJeeK45xw zVKXctb-9E_ASCC@KI*S~?(g>1NF6tXIPx^Wt`5imNV_qX4AYEBB?phzhguPMzA_|Z zIrsej&Eb!(ve&79ALh*~R%NsafjFwhh;od;#w%Yln-JUx#Cwv&6c>W+AGbY4WS^~t zU-F{A%U%(Ls?Q%%cvQOLAH^!#j5K+;)He{^``*@Ha%FhCdBXS+!E?kNj^c;c?{b7o z(Qr?%PUW<-CWZB*W zy6M2_-cwUQ+s(b~l-8`SU^{MIGhLw!-=Hn6^ab`y9W{!aE*bgc7t8^&{#*3F_##Vb zhySF3X-y!HU7_g4qnuO(cQo+;gSDq^q@p`euJcx>#-m?+uDhpA*uLcYw6ZjR?c>nX z+zySEQ59w7jhYG)W;%E!e8CH1F#bT-wASkCwdBWHT9Lz%jhV52Roa#Mr7r6)$(=r# z6=(Z^d#f5;v~S7R0r${D1MYWR^J!JT*#TJ*H zzGvZK>7d-CFp-0JEnO6AvgZ*x8feF!%;QKpIHvH-V*biZck(bIPO;b=9J#l4x>s+$ zY+fIMeigynqYj_Tg$Z9V>vDm^KSz&6Uqxy!$IT``+2@s@Aa%S-CJ&vVYwOIq9GJWa z8$uYZ4#qg!kHTk{DNY6H?@z7nC7@NnuiIE*w^h9AB>O}e9U(6##K)+`RLnnF_CD#< z4?yeB<3=$jifmk`<-Prb<7n<2oKL5yy%NOAVbCnx{rE-~Q7p?1^$^K?GrKbyvXRx> zpB_pVT3TNI<(h6tDPqVVv$*hbFLdt#-7^LuqTr=a4jhO%5yZc_{XGx2QDkSF1^Ku< z&7GORc0&uD$^vs=sWs%Ry4&UJ6D`7@dPntt7F*$x#N?6whL96Q0#b!KP>(@RAyXLLw%cK<^X5EfNBs;nTF=^Mol7gjTlDQF_2#;VHU91nIAT^k*nGNx)a&(h&Y)WwS3zV|?Es zv*DS8uh>T#BUR>%!HjD8BbWAlC6zCF;QC+O7&@MY6*djY2Yd2{9KsX&X?)M8UZ6hv z`x|4O?F)rA{kTUa{ zA6QJvH(%ZlDUdj_K0o)>vMxWNd<4k+ioPpdD#coM_g&HTTU`9{Io}gle&Tu4eM{&D ztm==BtKgC)7jk9%PdF0w=l6(M6t_w_K1qW0g4Wf5dnT6DNuR1`!Oc)v=>Y` zkh)Xha@EkWtr@4sM1U8J6-Wr*<^~vIRZ>49SiR-7!Njm1ZxzSeu>JIOLcXw$9Q`8M ze6YQ75YJG%_}m_(w|k~w1x3{87Wx*VKv@~#NvW>5M3bK)@?1+J>_(9}ulGSxuaFFI zG1duU91h+@_GY&oawepc+m{EMeQTQ3&_%*E=m(UKhbQeEl|9J`q{ zz5Iv|APZ@4{1S`~`5*8_Ion&fwhHII#Cyty1EMl8Hck=96<1v}Tq}AZUqEqFGd{#4 z>2<1FqPSuSu+a7e?B39(n8Gly+(Q`c;aNQ`qgy|H7{ei_!u>QLvPV(Y!c*V-Y{lfm z1>3aWwJgH!HgsnLcgAquL2dCjiEcSb9Be^pPPl#_#X|YXMV;LVo=!YPKp#i29$tVy zbmm@o0C^R{(@XiI@Aq}=$jsPRpN*qTECX8fsu#;Pw)okooTtgXY*WG~dvv}R!vO+V zTEfyjYuh@Y!f-_iHzdj&@f z+V|&=%WvD!<63J&e1HeWBq5|JjfOxF&vN_ZE|4MJ%y?2f)On%E3Vy4N;q4y{1APE9#{y=E{m*{3ha@zG zdL%m^_P8FLoi4p)UTlN!cVm&=NVw`_rF(~gmuT%i(4O{nAKUBsbrQCLOKMo?&qYHANdPBgrbu}7md;A?J#II{Nv%QGw=#{&M}M6 zr!a=)jQyv*yG_qvXyDbyOQ$Zc*(M@*?qItPd8bX*U4C7_zL z9+J2gvEGE2*}QW|XYC8)=`_IT+lu051J%b*(GfCHi-Utz0OJA@{5uEocshYTBf?Z4 zsLtdL6mG^t*g8;oa4e(YZjFvnYnR$IbILt>A^q8&nRjc@*YH-3r|DRIMBoR`&b@5D z53zk*eow-_>Dm2e7!<9d4V5~)%41Z3hmn8=?nkWRf!lh<*b`D~_}iui5E~1tB#oLG z0N;)h)IQ5)r(<^hM8V^xg@WbIXXO?g>LvS*`_Jq9%YxSGXVl`UP+18S3%7&k1&~V? zLYS^#&0IPRJaU=hX{}u|mi)))(&0sx7BIVEygc|}m!K~;)oZj}yBepe!qe~l9E}^v zu}mR)E#xySUlPEtqgU2`iC~&(=u!%aWk`utPKle@sAOfacfEmQVBF-b`n+ImtkeTO zSJ3n3)kkNQx8_-s4AAvn50c@2&7r}=UxU**NkosTt%@U18SL+1$}}T|LEiDNHz{pC zK)Be|qKJqtf-5poc z@M$)+nJ>NPt60%Yek(K8e#0+o$#9_Q3G(Jxr);yk-TC&L{JHue6v->rxjpKIfawF! zldCY5E6Xd0R-;!OjO8*97v}uoc@I3824_XKx}G+HaM6;-Hes0n=fg4ZO@$s%>nHkr zstO&GD9ZTydWyZ!fs5<@L%g`S;u0+xY)Eb0RAVwCJwNmaOdwFP=2Ik|y7wK#Bkt<- zulPs_^Tp^~H99xieSF~!kWqHLgGQWU5R`Dldp)7u>#2*M-~Pd(#8S-;eRI*)oSy>A z=dca!y7tC%Z%~1&SZG%JhCI>_%2WW?UW0K3crp_Mc$we>0Z2m~d;RG`g&)C(g{?w{ zZM#!!z;KHE4xNuU2VTH#8JDIns+yZ-E%l*chf&&dZx`nx>^0EC5`LjhCcOlca%gj= zFRlB!BxdVKvy|8SZ*gZQi4QMS^svB4mgTV&k1CSq;TB+fz>(K?_0<@Lgs4r-t~boE zi;gB_yz<#~$1W|sWPG;pQM?;kngA$!2$CfUFPc(gq#3Ft3MR@xc>XyQE0;}fA`GfD ziHTI#b1YIZNbe&&Q{Fm*?Kx3D%JjdHJsyQX>mS$cd1DH$G%}!4G-t*p2sSPuA`(D< znDR9^l}XV5ZRkTs{>kDxvlHZORJnIuNIDlTi74<6$CGauVxFbfXHymi|rU! zD`M-E+T#>tu#uS3?r%-yiFIW{ij>5(J8CzZl>x3=U9PC3U!`m_nKXQFkyY4)`zm(` z2I5%rkCs`A+`Ll3cFQ>JVxQ?IBFPNFmE$58<_>(F@`$!uu>(8u*KxYaJwLbB`CB!< zdyIP{0vr(kK#Eb@Q*HM(8slu2P6?O$@o={kdxe#@<;+%vLN}4$Lvo>d4%_Q1=ta|- zep0iKTsIVi<_KQdZR?|>`0~^d!Ahi@=r{igr}}+w=Nt8X>3f=z!;YDE;)_$zP`~9= zdpxKfIV>WTRV#y5Zal}i-LKQa5f532c^{HIX~~bs>$82mCnHYYcvp|^xjG&8`IaJ(>phPGByve=LKH1;(`|qtNr}>#)PKz)5NRH-lrKLVvlm~ zMd0Ut57*y9*g4G^sf%OY#|YWNl8~eetPjsl?mNCDf>!0`{Q7#oG^^L_n9IR8Ejgm5> zfIbHg_*;GjvCtkNE#IG)&N_*j!~UA3cstHw7!1Mz@+3Jb8}b%)ijLLcB;v`^p_Fs^gQNRTse&>rVqFg`bh&Z)%QVGm3|!&!R+-f8J{!4 zyxHid)=UCPEAayXlL}7c(bhX@yPvr3(5jF8E4kmA`^;q-4zm4X)ev?`07bB!67x_} ze@g$JNuk8TCHmxD-?(zf&;Fh4Z_CEDhYpuKXotpsT(#_JyqmlG3)5%bT$OnWU6BVZ z{c{Z9EVRVVn_6UY{=~T+e;|5eh9_G=EO$OncG29SS^st@crttL5@<^keX2%m36VUx zJhymvhDMedv<5ti`9wB~efcjpd1G4;Vc>f(nilscULo;&Q^ZGq?F(S1?7jmie#I@PHU%;jk`enm zw19wr9){-E1kjdn2low;e13D>-@Yf3K@RU_m-xy_P#w`YabGrZzq&VgADBP(EZDu@ zXDZ5|`<*Qi=W5p5zo4Y0M|nTezZ&JP<4P&fnfrRTrG3^XhBwssb7#Be&=r$w-UQ!g zuY!3?59M~lQX$ay7!5wHL%$N37xvq`W3crMx1L+O0oK@0NP-^G+)ao|vS!*ZO8cYp zbAL?DC;{%=Dc07lGT6&*+LoVXKR-H98RU7$=V-1zWp~c~{AP%`M3-2ED-oI^6Gok^%x@n)|MdA(E%6`}fjR%#J>)|KE!B6(fy!m)`z8AkY%K{Q|ZsdZQ zJF$4AD0s3-;f>BQdiV=VJbNq-9~V)kO^lcJLz^hisZPF6N!GJMivuP(p?s27 z@GOx!tQM35NeA!KWAYX}6P^c=n@0&kx)V6To!SBdh)4b=yAWM~`!c$Jh2f#jdQ{AS z_H{!0_VYP1ElJ^x9Gc;njA|TDCINB%vAIYVOQEzIzwi7~A^S}|W3KHJ%E0dQEa-v$ zeR08PiW9#|HtY7a)0gH=^VpwgZ6}2}QaT_#cs0N)_&-OV7;g;XNLHQ*Y~Vf?=PvW) z=yAxO<9(rZ_O`#j7ZL)hUFWqFUgP`LIfp(m8Z?g`A1 zF5vMB&n0#vD?$X1{U$xXCk4Jcp!8;{Jn_ebiJYEOUlr9~nBz5=-WQZ!9j$^qef@c; zAZcOayhS6Oxm>B!w%Jfvc?EBBT+8ptXz(kQ9XOa#JTdHs`XXmRAn}K1h z2sKe&o!SkFy5eIo?DVD1&m+Qr_~BKbJtxL3`}st7mcnAguD(O5sy^jNLxfFU9_QFU z_C%guZZG)h9U|B_ZqB}HH7VR-Pr_~EVZw&nCjS)+mTcqAEczOk1MXun+v2a!Z(j?t zu`IvyufcKm$4JW3mdm~*jLMOm+Knq8N9pSCgZ#B!Z{~R)BCrW>vp+x-ZhR!ZJgUv@ z489!WrOCDBZqKuDf-3_$=jZ{gvW79Ku>xz93i;UOPL`do9{mUTvwm|7DgcfWZ}#!1 zsm}YdC|)JO1#fwVw;7&-%&BE;nA)g48o>HHyC8;5{>Y#Bfe7en!c2J~XFRk9r3))E zvPJ7RrGNF;n+Po8I=tiw@37HX%H5p#^+Nwh1H>4n`}%ggrQMr<nBmAU&?Pyf}r$DuVO35kil^ z=T~hIdJc-tIxqc8VdTipm$COl3b(l6xhTG|efu0f%TL++oq#jG>oAjbuHO&!iwNo< zuKOIsMMZc9%@I~`o(_fSS^Zkq*B-FKz)6eN`N{xhYw8x?^%@FhK~~Ebv|L1tuJvn| zG~>HV5T-vl9L%umX1mjUnC;mc;w}^Z5g*5Yh-8 z)#dVgs@BP4u2r!|)hDtRwes8(-!Q5Qh}eMY1ZliO;p=>uLNjprG{t86&j(3cVq(8| zNBOm4rN&YuL;UbJ|4G_DAMW3E`@xv$%5rPTcf|(X^Xrsdi^Dpq&G@8s{>PYqzJU9y z?_`+6oX?@Q>PO<`O1=jMN#Qik;Wtya5eQ6TKqZwa-^58nlmQ`o1-D6m9}%%N75myK zU(snOEWdkk{)}_?eLzuj*|$@(l&Dcp-4g0~LH(=8JB&hhSsSF*o#5(pFQx7E7nxYX zC;!7UmKT)IZWo>EDOP-2_d00`sWRrf2zapPL|^hTLaYe>O;Lmow4%AuGkb93O@KaG)Bw)lnvQ)RV$~*{LwigYzpx zW|3y5yht0XTL}z)U7HpIJca|+Om-ddcUTUJ#!9~1$zS5*Q1_B;#}%lysS`n!zZ5s= zV(ypF>G9W2b-CP3l)LOREM$yJso&mD!Bo8aM0lQNzOUh?jg6`Cn8Jlm#JY7~4hRWj zESJB_*9f5iQWAmagx-ikBC3R9*u&1=pKd=ywE94;&l_y%_}?12#uwG{I7=)rYG;o> zm?ci=PG6LBYX5=wlBjHD0*PWlGkMtF-dS-Ji7LHd{T1v6oLct+T`GT;N7VzHjSo(J zh==YO{`YK8PwxR+tj*I4m4sp0pwoTX2JH_@*VBh*w!!0%3spx-Rv@K3}~<`#Zk(fBJrC0Y!QE-4Fj(QRs|t!1{sUxGB%af`gA4qy4l9 zCdzj$A+F6%iI@Fw-&gs2&b?0d3%<_5>3Gv748Z0Z3mhI0xyjv6gsAU3hM77X%J&qn z$)?QTh6mdPD-<4n>@>1HX60OWAAGP!@n~aq7TkrKXk;w51XxY@VdClrlexS`wM}(B z+^3Rps=cgWk}eC_Wfz{v2Rbn7hmffTsmk(gxo-thkS~V*+dY?@F(asjEZNfqyaS9y zQb@d?0F2fjLOnKc$u%-9*EY;Og*Y{bRQ{{CzuJ zc{DRV_F%=w^&rT>WvD*KJ0-w38wM6J9klyw)+WwkTO0B)TAu5<5yEO8RKm6j#QufEJ&yA`J+VE0?<*2g zrf2jEp_wSfRV9Okj5~c+gNwea!;1n|5INbv@-^Box@+#kxn4MnWfG?x9jz}zW?ke` z@mPK2Re2vFH~y{K!dd7_8BzPqQH0WX>;o_ z!3hs;icm9MRaXc86FX zY9Yvn+mgMk!}4}E`Nv3;^2?S9iH+B$1dV=r-ZL52c=>cGLK#k41b}`o|2C};`#qz# zhB~1CESI*`Yn0)Ohv1EHK$Bec3&J-@8`)En$L_#x&u@KhZ$_ji;3NIi$FBpc(9Pr9 z;#e)&9ry2)(byIn)%f>=Kht{ysZ}dNM$(-Qg%|bUdwluIgP%E>p*s#QIUIMCwA}30 zIdZ>bOI=(N$2?kV8h=M&F}VG36d;sxtI`Trqaq^>wPQ`U>`dH32&a5_)BsfHqEH&<8coUXOnxatlS*YW3Q3M@s43G1TwEHhY2T< z93KdoDXT!}O_Ck8f4=>rmiw77v8J;2y<(vT2=Fuh6)5(>Z@;F=&3rst0Glu!v)7&5 zed~rW4X~NyMHW0=?xEj!Mq7K2)Lqul?fPPm&uM0(GH%=R)H%MAns899eM*ALZKW%bv3pL*qGs`qW^cleRa$Kw^174LQ^Uxkg%ua|wbpq>h+@IjoWL^$={ zMU@W6{X(wo7a@&gqCz_|YwhJ=rX?(8^>*j}U`3nm`Bb5d&Yi2ELp(H>%<{$x?gF@D~XYzy9e zOjht^fZ$6Qi&!njabJ!c2Hdq$heQ{=uFEVNcFR28;;o96$REyV`qEr8T#_4#Kj-~A zn$2tueSKdCV1+2o!DZh5lw$L5`9x7$L8Y`tm4kuzmJV#Cqn#cYk(-=q2Bd<8_aJZ%w;G2Iy;IDvJ?ktIeCJ z8fG{mKBIpD`QqCuYWk@m+`q5gy8M6%kx|^Y@pX^4TIH+lC!J}Rpnsr8p4iHhb@|?A!RQGv^298L z*+q6^>w&)>L_N*In+Z_to^?)M2(rn>!JrNJ43SiN9Iljp8WZ&_^3An5U*E5{|HC`A zLX{rRVz>6dKz@4!l|7_L$M}=vHYa;yhA74g;r#C4U2a^rR&T;9-uqkYP$}-KsBvI8 zr5LU3m)(a{82P}BVTro;4Y==YU# zW1kiqa$NxM4r_{MttPh{Q9rvtkZ;DNx%NhpHD@vmFGcWLRg{*%e zH*+VJCu1oBWw`LpP3#Fng zIjxC>SZ|dU;jCv2YM3LY8DUc|r4~l6>7V2wV4svXoLn7>ONI~|4&4A5d1}wWr4iDz z%U!0whi9)@s;p6H1ro-uBr=IE6xa$UDve5V)U@@uK9@MCKpXZPK*!1{4 zA3~g?>NLGB7WX@b1>``UE1n59p>GLeJe>>0ol1&G4SPW@rOD;>mb&B`6%})Qxj(A4 zq0koUu8NMqckEq5_}Vtjep0d*-7@8kzA*o>Z7%nQ^%FxoYFFTL0(&S<@uoR;31F*o?hghdt(73HTelXhhq^9uudmt zm^kQA_6dUhc@TI5b#Y-!VxQ_UN(7)xgY13Sb1gCw%e-D$`No!U!@s{y0DTC2Hi%Pc z-VE(?Akk(yd#P#`{-wLI;={VKZ2dgl_VD@Q$5Z}-JpMJajy8 z)RQkfcV#O_@L(eEzu<0~vSO{=ki#L~mwWw#bvOxY(>AGt!y&1jr$~b9GJdLW z66>S<@-)9V)2~pfsqE18NqzJzm=yU1g&ggK-fj3*7*_Ken6v%rWAa|pUER|ij*dSiJDrVGJ=B!*l6lN!j|sgq z&*!62XS4T?*;Kve+bIh(O5Un!Lt%y)coSqZhE$pptuLVv~C~6CaFqU&bzSBND5_ZoZBhJjk8;vA8tKfwc~;p(+C~ zdbbyqrFd#}+l=V;wSIZZYHbniR4@7E%{7IJKm&O-5u~^23$xZKd#h}}M?~&5<||1~ zoIT<-pqkKOLphw<9~5bOkP`L`N!t-Jv{XxI-)HfF5sAV~`~Ik2UL0}iuG4&);A5wPdQwshqJX}?iUbJ z3AH%#j$gdB=E#5UUaDAV(L?*jci9lNoOsPyhEwJE2ey1_NedfSMgNIu(_RFME5=3g z1bY%S?K!@3*z5g*v|)HJfixr#5n{fXzIxYfS&s}nnfTzl(HD_^ZvLxO!|aP@(+XrP zI;pum^1|ogkCq*wO}h|9zWYo~Y57hF6Hu9UukVnLlZW#W_rx!?q1pBpq&}C|cS@;R zDD1TWlC4B8vAgC{9%k*0`679yQhDz7>WPoS+Icd88B6xGe+6pgeP=tSzHS@kpB>tg`MFm{I*8e%q zMXz2Tg{wQ%qx;#SE*avgsC^I8H@(6GO(x6lCre8KJmcG~Yw3mwEQ36Dx5>GGzlz9= zyiAT{%c~Tvzma#Di0}^nEPsBa{5}?z^HyN5KSL!ez2-L-f0@MH-CSSNJF24m-l2pA zu|oWuB~O$h7B}mU`3sfk}F-+S{R0AV7wmDQ%bdUiRJu z;WWO%cOhTypTP`Dai_YF517Y<jSYU}Qv6tyFBlPiX%%rjjSXDi4K}=Os1UE`RwL#{SyQ|B{gur{QbFkqaM_d^> z5_6t#Cp#=Th|Dj>b;?ZmE|{b*UTA?WGqFw1)UCT)9m;9K_BeR)(?Y-oF|Q_fP95Q& z0Zgj->bSysfL`@ExnE)8MlkN94va`k3xksx`>X+WN-_@!J{#GAb#u|bDFN^+_SkKV zw&5$0+~zc@!*f-7`;8s1Umt4s8tX#+o1<>t<5XuWz3y~bDt$fn9UTP-Kzw|sRIf0e zPlW``OnU0Lj9WL*y|_m;~;b1jAaD`lgJo@SwjwV~XLUaVT5R zzEM@#lKCThS~{7TJ$MDMPdBiopm&^}itn*5%m_%@-2CA(sY-w72en$Jgn!!GS31?t zEK-6G1KBb5!(X^SrMd0-K zE0Dy#R*<6aevXN)4|x-sDhNEtoOE z2=Tgj%C)TRW|5rgeI`aZj}`lMcLVn>ikJGbefP!3I?uk*Rj3rH`xSes1%f@^&*j-e z>!y^j$E50$0$j$E_xo_~6l&ASIZG8G-PIQlAI^IhxZ8guUDuYPN)-Jik?12RNkAkh z${SfF=kWEj=~=69(54ZKqUwYlxR48hb77nl&}=?z2_QN4P|CNe$#6iFEvB6$7hqDu zk1`Ri%`)>7ZX$;-4n48>5p~XO!mhVJ_<>u$r`Q?dTeR=7HwxZtQP{}E2Lfhn1tA=A z46Q%-=>q*lyUqQEpt@wfAHqIo^i^iCJ$4HzJ{D@bf%A_4FHkkVz6|FsWYT8=C5gO1 zv?)I8nbBXwx{VSf*VGrpLg_(}`zUV+xewEsh3XaaM6(RtIEcLl3xCW6xNSt^%!)Ou zbyBAuy76#xF3WP4%CO&lc!I29MCZ$D$h7z4@5~e6uiU{MVlTu4yOdz&wAn-fiRrN@ zy+F-R+1*2RCJS1-d4ht($#Bb*3f$v@UUyuyX2isuc5%td*}=^w&q&2PqAn|A4w}52)Ha0 zEmQrJzTEABaBI4Veg?U%bAN=fmh(lmQK}SXR^K0}={DJMAJsguZ;5IpZT)G*J=q&V zXHkO2@oI4qR$=K5=ifK_yiXdq!6)Y1-rpg_6OU%N9Y%g~--!pw;H|3VZ>xl` ztR?}AWp9vDb%poQNRyTtXqGM z(_3>vrI(+_`J-x?EpjanOZ8{ImDZg;ix>BHhkuyIY2=B1{6@&_kbqJ$!R8%@)I=sq z!gnCs$sTi`n`Q^FJD=;sN9ES(Kv>G+4$9#|7`IfRMm#`*y*cnH+n)#cUry(nGODTW zB<}^%HF)!=Hm2mDVI4AXSmliRqV;HcWL2^k>V{ySr4-ON2;znD`TRVhOR#V6js!U! zhH#@jkUGCV@yY<{p6uHd1u0S-U0ZolFIskChXUGoy6Cvz+yA8F)I#PO5)f&?Z^z5w zdZu2T~o?rL zHul9r4$2taP~MT%K(fC>>i|vR=E3jH^YJCUM;24cR!eO!E>7k}IRk;P8K^M+uCOwB zo|@2V;VTnS%pH1~QTyRYlb&s3KNw1aq*MxE(52*=Xv>vQ@n@&e?P*WEF5fW-zhlF{ydI6`BK{xvI;L-`qE(z&J$adwAfRW8GtIi zIXeH|*IGGU8YC5fkdqmx<4f1Qj)OO7Wis8etByYzDEiA@KTw5FKVco3Q;q=L~a_&skcR(gRu%fHfmojRQA zUKQ-BYIlglT;RxKXdbfGk0Y>qs9P3~;MX%&=Kq|=QN42%%=M*0{^03!Kp?hg;^OJ& z#4(OWzw(~<+v?tvI)B|>H~Da~Q4|!EEd;w&$vik`n0MGqiUnHho`1(BjD~9{8I>xu zdgWW?{CL#jLx%o%!SP8M#3$kb|2|#azQ3;iKF#Cg;u3k%_=W+vTiW51n*}T_j=^8Q zvs!<*fmN|MN#39C^y~c$rv^}6_8LQbIfmv>5EF`fe+vWNZ!&U7hFE#pf55~)9uk|ZE!$<;PGLkW0_Wf=?wK`0H_m`nd%EjUfN&n{>#BWKYQ| zCUtM{_e}a!Jk_Y9H|J2B@`+$zMeO?o)qMOVC7_;KbJcyg#@BZOXnudSK`gp#!#Tg4 zbE7cpeI(SUqb+G4?vg$+snRfRr$zPY@{PCd^vyY>??{#7T)#_gmAQiEm%=7Wu12RR@ zRHSzfV^m0w1b3f~($xWDGkq!%pVvPy?%R=;58nKz4mHpr5qvXnp&#U|-eHdlU$Z1} zKNw-)Ekhn|aqOqLp#nj8RHzm zfY4btUVK(3i+yu||C4|wKwbV$X%fl?5@_Dm9}RgrJJ~t$AA=?S&>BqO7Wb+l9j{Ku z^W&8L02|fbV=9^w`)&NFPMze}|BmH5Yh^!(HQJ@6?m6egot5=_G|vcH1#zD{!tX?k z)sfC}en31Ttm%UQJd_hacKaWWpx{2`o32;cao@ow)bk#A57A<}!Ep zO8cmzdmFy=(TN}A25RkQC%2M22~UQCz+&5Ae^5-wG=PciOCu=vQIz#noW0fO{cW64 z3C&tiXOF2i;iS}~Uv5vvS2>{R@2Ub8K=KncD3Dmf;l??2A;Y~{Q@p?j-g{}+So1~R z89PAX9;-?_+{f$o66qz@2-0d+?N_7Pa?@PDz1(VGc#O&W0+U>Buo1}y_Dgu5<74aL z1kfB$nQ_j^LSO@SK^?-O*H}LKuCAM2UOb3%c z+4km35E2E^q^xQn{aCfVCsNg8y%0K4zH4~k0P2eXPI7%>tb=A$BRh%5N~t7@kV1R$ znCV75gE|$fW9^NoWb;Mx$Hc9V>)~C=df!`OdpR9i!$k=%H5T=toQt{K72>2jRmKqd zO0M&+Ng!QhsWvd;ysX;F!5PKIgCU&z1PD@sWJL?n8Wa_!aws3o_rfz8mq9t`*tz((EqLV9BBvVwpf%M~P6M1)b} zMZ|AE{}l!O)p5`OlbePd_0cykyb9axHlKg~6+L@*Il}vD^7b|NQ`B8{i(Da3EH&#Tvi!L5A@4{@U2pG@DwUKGDrKBw|l&9Jb9HW>_x zXzXIHK9u51u|ch1Q=r@G)K)HR1hE4ZxUcBxHKYRdTS!$Y#hdwtz;rs^8)7*7vL9Ot z-Mr2Q!Y*lQ>a2_$g4%Q)G~T?qGlwe`Um(iGtnZ5^9`?OWx-}rgRU_ZL`~V3RVrM7-YDw8!V;7Xj8EAbZW5e0pa6(y?PCw z6FeIduS2o=w?exDNOyhDz7BxI7@WlrzEjXQL9n&oy$Y&L3_}+hl)u^A6AjPbUG!fM ziCh+!Ils%3L3LMxq*J>EVQWLvW~HQRPj==#&YbaqclEKaBm;dTXw{@or(!q+Tdh7n zG`1aL&qKs-0uKWQQ%TJN{l&5Suyf9@Q(_m?jeRgM)g^As?+^QqSBGN`vUgiT!*NF& zko$cHEa|7iq_DUXw*z&OHC?@aYL9nc(~zu`@^XIf#Y$5fgxH!$a^Al54)C+l>Ts7% zA8ja|B<^@m*ehGC5n&wp-{R3jI>vBbA1jTCD#9J84!S6fDNyb}l2YsKmKa52zt?iT07jbo+(&Fvu9NFy}1G}^z`^(l;r zpaXZK%{2G7X(>8)xP2yrq~3W81tYP((t$0yuREx>5r0}c65^io;T(J zqWHnHi3hdT7o-CfESBF0Ydoa&PGu6aTfg9rX5%ALsN9{#!ydpyM`iv_Isbui=RiEr zW#3}<4(!VNjyWit;LlfDVb2C;%BJb@u6J|5F|{Af(c8yX!&hc}UnOL};VzbtJTlsRt&=s?fs zs|^QBIN!u;RqQom?`MGhGLrjZrz~Y;L-XjB#hLA)7Rb<`R#Yt>y7u;XnhG6D?#as7 zBwufmeBnh7B2M7;?3IAUeQQv7DUwl5w#r**i6QoNFIO({S?Su+U%vyO<6wUg?YHtP z3g(2|p$!%(Q~A512}!|rI@9!l9y)K+IVM5(Eu2={i!!ziThmrHhGux;`x$KoY;hEulGg{dL;$`K->c!B(MQ(i6drpaG)Anp$~<&VFH ze9MN_&vGo9K`J* zTR$i$<4RdD)M}S}&l_YCA=cs@)f8c`{sQ$XKq32fc=o>N9=?N4!8C`iV&i==V5hsF z=XwIT66alBhAvSvHo4M=dkeuw{?E@`Lqu9*vIdlV%hdNTD@;g+U)n1Hd^j!9-h)5C z?da_BCs2=9?YXY_Zoku8Bvo4q>8Q)wKAhtlClA&%!Q?AJ{Qxe-w&O65{uO^X`CB~g z8B+4|))|78sp~O^3P1Ne#_9eAQ(dQw{VJ#5#=sDvZ0b|db*XaI;^!}JdCqtq^3T@? zYz2xSc%0-M`>zl{K5>fSdU5zI^IiA`20S%omm^+3j-xCO0^gGdjdd(#W*JaHvJlB0 zN+7!sZvAopa`E}v498!_^2D^jx)Rc1^CPSiXW{kl36^b$q9rUB@D6m9nlPkE94uH^8nd-Wnk?d!!FziAEvQyS*x}LxBgj~AMqs#kppvR z{piI2ZQL)C*2k%Ke@KNEGR=?ZU-|@Z%un~dE2{TCE0>1(K``?KccZM9w)U-T3iUNEFXm%5VbJqG_L6L?F&viqF2h-~^|5I%Sdm3!Zs~@BJ$<_Ywlac zXX*MPo!@cr>DRTY!2&vzDkK$In7<$P5qjev=A;+yYWuE`_~ebwIc_*reGi$TD*bN7 zEoC)m4+r8=gJ_%K&hP6m{IrXD5MlUxUt`vCo!{mc=&!MT8jbak9zp!y7yG^dr|9lT z08SyY6Gm29qPIya^7$t`Wbo7iTMr~chVd)QSs^bh>W#b;f za-_|^trLEMfi?KZrH+9n{ZuQfgEzVeTP6qUC_-?GP^`Y*KuD@fNM`g!xrIA7O~@}V z5CA#(7d%g;DU>Coz@-9u4IPBz6vrL5hcVg9vZUmor`|p@FK}?E11vZIaF>5tNdnB` z4v(yHSK_aE!jqqrXi;xLf#mT%p1uN%B+qt!q`^$tU^0ewZ(1AGdWDY?4-?@Kj?~5b zN{Q?ze&%`(gRwy^zv-GM&KOREq=W4yo-F4Ei;1~8F&FdlR3H=~2WOQ`M4A%!o9_!6 z-_FX1nf*A&b@Dg|Uex{-PKYXHnL9xfoS=9y##m62>lQ3rV^@+e zWVmWym2I)(Loh_DbJ^j}v`My~*BE zy^n4-N>3?|rs(Qh=NK3iX@-HNVc6%dD33<>(2UI9JnQ)p9IF_v7(HPU0y&P>L)jU1 ztMTqA$9c<`tNPSiAxO!!eLmDzMeQ4+-TyURnQgxfFiV!YmaR~#2|mS}wLQZ_tRjKH zjMEm($rIJ#gUwTDIS&59oSiE$UlR&bvc>)gGT2`V^O$pf8Yg|}#S(30^N2;%`OJV9 zgd-FnPgXVyBY$83^-oHJcfBwDSEZ;A|Ja<|8*f6m4sW<1&9e zy*SknljIhDU-bAyXbV+be;Ev*&6QaS!um98aNrLbVC^xv_UA(|eFAD8!t*z{m-*93 zZguhn@S~bl%Dh{VaiO_%k1LWdWkoaTY}9aK=d1SU+RMdi9a1$mS?9P@C^@~?354}c zJsiEQuX?@^LX00WZ%^0aGJSt0e3?4U$12!tjVm(^hKqqnI7ooNm=k? zd{QtS#6Fn zZW(jV+&`dsW_aEn@!a0+hJ3&lW0-E=5ZZRBF9oIm{Oe0}9zHClP<--o^t4#~Su`Fu zp3bn12)18bRNZQF2uzFTx9OiD7dyDXG&G$GI2crCpjO!^5Rr6#pU;}I?2m?={{0KR z?Hv2L^3A0yCnr9!~@vEL#!b;b?&Y}!8iciJ!phBI2&tybmfy_XcuvYez#&>lcA_(`ev zh7k{oy+H^a_;|5h+_GlZMS|nFvKpU7}0rT9Spxe9mZdych8O74(Dr6=8n~0Z8X7D$(QfiQ_T((`UdzTR24zb={a> zHW5$#!fnubz+y*CdS%9?gF|3r=R(GqF+i@qkl#acj-D`vNClJp@zgnXcg+VOwXebp z<(@^7yQED@}PfPTe4e?2&$-{tpRE4s{=b*##laYIbHmOfWD%6nOcPz z-of@B!LfU3=I1d_G(JE|w4A+ZKZUGr5g#2CRd-LhjvfF5sIr9b;j zpQp&>$4gy1ODd(rc;13wh#|Ftn(6fW($%W^KF<61hF=+w z1TxBHHC7Yd(_E;)>So21PO&OH_!LHl$8}#hWgHu=-PihSnm=MFchVjBT{Vv`tl0P) z14~mJM+PTA%`(<)ryzy~XTRMJ%+Ehxi>z7rJNsIA>T@VMlpmynW5Z@$Pqm>YY>NFX zK7c3H*?G@P?Z-MjEf!Pc{4H4SzEYhf*O5N&UQS<(LKS|UgrXh-NGYl#OQbc|mJ!sx z1c!D_Yu=;j{lU5T;0hv=wufXeU!T^i+GQF<%4qIVzrw7}GUyM)VLAEkYJT%-nT>hC z8ABSOJO)PH7_ zGV3y8%dS7eeyUMcz~lF8!a|LI;|H=1FJQEgGjQqWEN8D*eIC!?VTtLUb*9~?vrY@V zOeWa&0e2bDG=27&%UM(=YEAYAiJ4{$&}*i$XVPb(BL5$TyQn8QJj zf%t3ZqgGp9ipO_#m0sr};K^)yWNm$}bBJ-|=Q(oyQklgiFvrZVeg6|cf%-#v zZSq5WaV{r6k;Mz-jFS5`6Fw&JPj}JFzY!!Y@YM}@QCou>B$6IR#P-8or&iprF>m=`-B~u0InOUU-8yc8TJmOEgiU!9=Y_t%o}*)@;Y%?; zHl;_e^)NTuJ*FoOs!ityKaBU-y`IKaZiq7%M02?B|I=xcJ*T4N%$`fRhDfXc#~w8A z%A+DWBcGbZn~t56p8VE$u+!lMpUv-b#!F_906+C>rM>#o!NB$fL$PVI3x4kDofJJf7%KT`mk$ewyR^p&T zF)iymR~>kKpK#3n+~eoe!Bvp6B@pCACa;iPOYUc!!todm>>kN|;@?6h>ill9A4g+B zl(b-t=(iW0aTe^VM}rm$_$IPnyZcN-YXVI~&sLkIgu7VJY($++RF zAGVb!9E>8W=Wp4>J)l5Oq|WfsJjX#JoM9ZgJ*QE(HsRGTx-2>DcZh4S)U8)i;&Y+K z-fz@tN@Htok2R0R~+20j9m>e^n&r!Xne|-$4t@1kOV1(>j;wsXQB7_Y1Ry;Vv23)h6 z%0*zQ^og@d228w{z4IeNt|o3EGV-&!el}}#6(B+TdQN*tQj?dYH!=3`A8XFJ1yjMB zTC44WdIWzp;|BvB;7^T4*ckEmV(cqrgF=A)+wYqKu%2-Lx|N9V4C*pRWS0>e+>RgU zT^*sMcLe4jd$W_VoM2bmyN?geEtnU%#Aps;7da&n`_V3=RUC!XAr5z`dkK-iuZCA=aH#2X4`y7@heP z7Cgv~^LXKr%YTxMXP_MbZ8KbPbv;7`zuBVrW@@a?X#M$7U1X8ZPibwFxW5vRKeht> zO0Mw-TTVr&y{>KOvoEu1A6eE|UV1LUd7Q_0tu^ELck_*ua|{Ts*4a z!la)rwME-Q9h?;sX1J>>to@dz#Gt^3WLFFlk`u&P-3}DV&>jc!1!wUdO6B-_qVj(& z+fXV?{;7~U62rpG%jsl$e-L4H&+MP|=rT|28BbH*9&~ZYT&BTOGN-$e-w^gi zN<{$|-}bNj_e_P?6KXK~ov#e2SX|^hgWEmzoj4uzr~`SYi=tx>dr?u^pS@fEgAUx6 z{W7Q9O(2(NO-+MNHUM(qh+LVQ>+&(y7Z?If5>zxye+QFNxc)v@c}EY-dleEhviGA6 zo#*YF{rhpMS5xtk>RYSl)dQ@a>GFKiyhj6wBzeLN0|?cAb@^%0)I0ym*T{0+I_(Dv zkmOmtbz4lVOqksKGnUL;$fBXqy{pM6pm;?GG#Fwr9kp&*tVRLU7LPM_?E4<_Q0VMz zC^%9J47=kpcKIvwp{5+Oq5Y19Nu>N(b?wyu?#(NH8!-cZ-7f@2{kmm+Kbc{W+plSA z?&J8!M8gIz`~>;>Fo*hXO(oV-N7C1Img=F+bF^mY;*EC)pVGH zTZ_%&gEzxuqf4D`{8>Srk@fxShi9uwsc-M=3!f!161EJsu0@(#&0kbS#e(~PZy;Wf zulM2m0r51d&jAW>vU_5`utX4`>6pQg#N@NYJ3k*2?Y7Z?54!*&MfCGYDfq!ts`eo~$FY-))t8j};tJ5O!1;pc07PXHz|XeG)J5|VoCvo=oFDFunDW45`m7M-VoN|B zw5T8{2gV$zTNC&9aQv!XpMxjU%&%ZC1%zCha$8(Er0J&2#HWLo&Kvi-^E_1N2O&9-+=V)Z4HT#B;5B^79Lz`? zY|PgFesCUPCDGME($Q_zqc*ZFZz?$2(fbVAmyNo*XF%`+^?ZYt%)*{4G8vdE7O9cE z*0Wo!CI{#-cVgdn5bqGhLvfJnbj}0>kCiX`c{hEl9)hI2b(l^B z`6E}TuulB*$ggX`3)1auzpg;VxXQEG&?B?}Zy~i9eqOj}j>GdemHzX+F z=RwQdn#N*Y`r+dmJz2<8G~riRgvJBn=Te+A(h+yxjw?n?b&W&;lG%D4VpmpU)zI}9C@{P?oWFNn0Nmw^B0tlyro9c zM26&DanriL{=iE3L6V|Kpp^xq01#!Q z29g8&T4#m2NzR}mzGG2I7l`x05MUo_7M%UIEd>8Jv*brW7K%5;_yDOi>KC}~on-qd zL)&IQmcEvHjW;NHXsSc?CW~kZ^HcM%_L{VWPKO)%jqi${Is`yseT$n8Fw^}Dq-CdYGP8{K zNN>`RdCG&iKwe}?#FcO<;Ml(Rr^N^3>!>3?rS5tc^Uwrp)BRIu`V?Iu5A#w251P{a zM0d$@S)=;?En@5kg3Yt#WPl+)e8^Y`82z(!Kv8NCHiLI!NN1fOm*eRtwr0jBt}3wKp6mHC{BHE zUm;qOv+>b}m5^BX9b{)z<0XlLq$JNp7LMLi6WROlOgAo{nWp5WVrdWoDn-X9$wUPPR=F&sk4H`=vSI8-T%ze**xdy+Ux< z$K(4H{&hmi)BSOD_kD8uD6Bb0N$@)H97yx^!tJ}lenV3r2PO{=<=-taqzf){-RJvR zk)tPPLqN-bn|qrTVz(4#|HsthnihMB?2SE`xWT5KMX{t|F*!Q( z@%!r7C}nRx`fsO&)XY(OFk?7=$WBY{7Yh$7tw#}kh0&Mcahs^g?)Mk#p{_;4Mgmu2 z(ytBeSwoIq03yeW`GF!M0T65c*!RDpS0$g=la<^l$$M*BzKQmYArLu28ysLg`it$p zh4_N9R)2`m&jQl_HoRdaK#y2~VB#ea6lxM&1m$WA3I(kJ$-C9MGxhJ{T!Ra{*LAn^ zJH&q&#ZS^Rw6|0~Ki8xOlf?Kv11mm=a_XLbO!*$Rr&dMS9R%$Zl{!ve7v_tVV4_|L z?mp3j+&pk^jZvg?-+KcC?>%ml#ZfLOCS_w_tt^#j*tqKI2lARX8%M_Buv7GhwbveS z>g86Fit3N~xcusOrR*p5)bT~^nS}VwCj6(X!MA65e|Wf|gniFf4 zgZnZ(IS45$vG+V6VNcdntI!*A>fyDbz2RzkzCQ0Nte>FQcEU<8cz`PFQ|^J_@wu0s z=r%%s^vTnSqLvM%_+OYxbYbl2bS^#SbiX!9T~~*4{f4=j3urzE3huTU0rdDe_g-L} z=~nnW&l#FNe>!hB7)@^8ZrTP3hsK$8N;*72S+(}-$CYA9HZ2iq!kVW$>0 zSm_-hGoLdq2W{M>o6Bl^m$Y-9A3y!^n$D-WPx~KznJ~}-Ez@ZfS7UdY9spoy_iaDb z;R+QXYc~`M_Obrb_u3_dpfQ9#j?njYo1?T5OQL?mJ9B@H_lJp8}R$CYGY< zQade#NLy%I zS?nnCAH}&zDv0Dnfr<^iYuQZ$~|>WoW@- z&0VkHI?WXZyCYda|K&gkPH>bRoQQf9fd@ zjGEK!d^bhtv|}I0S7NFi`jg%zg(}8FL9oDB5ehXp zPp7#aG%1DR9YKtQ%m)#UAO+fgJ;?jP?<}vwTVNS>Fn`SH12l#oi`qbZrM>!!ZrFGQ zE5p7YbV}bC>cib@m{jFT0h_TOSs#h?h#Gv13e9yF$(B^d$aMTBYnRwYd|J8y`j3TCiVV2u;6jzhnY7Xxnem_M*+J_NzGdgr{Q8Y zviCNhtf7uP6_KP92=9tG@-=tBpW^CHe0_ZZ&>DYc=!$HtkW!V*SXezi{(guU-{{2A zNKGd8=PM&rn6eJnt=>~FW*@PBgMC=-ruWrj+>_+)6<>N^GvBW&LZ7PAN)G%RGGXuO zH`(v>1G$KmzS-GD74im2;HMTn`ZqMnlS2o#w_DGxL|QG?G^YZE71 z8=QuG4IKlF!n7&J+06|Rx&&qLz4+Lw6{Jk z%?n8TPf>&luFV^|_VH6Qcq4I_ZXe57t{?#G8n9g!%iRaXVnzxMRZI9K&o(Mbp#+$|2~mmZ)%B6H$a4xx40$A#}^Uxirevrlrz zotUSNWDBi_dvMTB7n@4YuhM(SUrZn2a%q=}BzE_06bm!C@P(0he9#Bgj%Y7kGBv7H z5Z$lbtpD1_u4OZhA=A?IE|?Wp3SO)EkJ5!-yQf-Lma4nI9UDlW@7yw}AvBqrry?Gn8&c6d5u{ zdI)E%hUq;Z!B}_`SS6%=rzOn0MogCj^No3aK36GCs#UempXR9SqbM90rJHET&mo=N zt9~h{)|WClg};MNCkM|+l&KXQwAiP{NlrVuPIB=N?P&~f z|My_*lWihccK}y!z zDv9h$S52&N5JkKZ#H{ako4m2q`U{~;biYQEakYp7r2w0iZpz(-$C*g!KrU1lF09Hm zL+FiM9A}sq*_n6RyaWo(S-*0X9}pLUyb}?7ct7e-5`W6-6TM!|8+TC3Go|vjeKu3O z9Dxu_jQ!r1r* z`j>n%;ZSPu0B9|*q-eGW%CIca9av5_I|lcYglx-a;`qv6Orkj!+RWM{npk&sORD`$ zVRd-Iz^&O!NaSO(XbSZh`N{1M2H&p)2M7~4uLXuq_#8>~QdxhAHxpiU&hzl@aA8gw z5OC8Y*Vps)IdSlQZ>^u0m_K`;;Xw~1s|;uPHy^hf%XVl?mFP9yQM5S-X19OT+&P5m z<^3c>1P39JVDuO`ewBf>s!!t$6~H5qs{87VAI<`>0=jI^;0W#CzKQ1G2QH`rB|ZH1 zP>WxyPYv_cfY- z{q+4h{9ynOBiWiZ7x$Y8pC;w#+HTs1cr^@f=oExLukCBbC816Kvs|=kzd2CzOpgSJ za;{a6KetmxZj4;eU?bp6zpv78FNX!!_opXH@3{qjmbfN|LmZ=ZZozA^*_;9vvG_%e zG)lr*)AfK?uV>xotKW0HYpBC9$w7!xt}Ar8g?)U4+Bi{P*9UaQH=GB(n&Eo;%+S$- z$57sN*{Z+3CE-_p*c@m}lr`4yOMNB8!<<Z;lCTW%EjUnj;3@gp|Gp{fCz+iK={tJ~3I2%Gw>)J$VC}bf!ZY=ZmGPmYYIZMPZRq9kj_SDUtl*4GUPf@Ujm4MSTtv zAEV(MoW?(F%p4s^Hcy)iOjHa0z~;XfBoS6(2@OXMg(f{d^7in~m5s~P-*WtsW^J-B zUWeZ944sTZfp2&C9bm}qK7VY8?~g40ob4C{0m^rgHr;2QI|E<19iDF;In;B~F!@tj z_Q^93CBLDIah3RqVMl$cSYjzpqdWdmz@MHdgePhC%Se@mOHpojXV!L|DeWxybVkyl z+l*~6m}f2!wv2PAsO!Ep?x68?HbUeAVveNePHs z-OoCx{laGV@142=8!YaNCi^S6XLW-GGvn0K36T~!{}j-k@2NiA(FAMjJxGJcMokY~ z{bNr9fYU1Vb}mzwH!h$r3)}-O_$WTf?p4y%$JQ@I$~@Y1AGnJsS=Y9>TyK!}2b;Ha zr}lW1#i(AKZ%ftQa$@`EXDY2HmAQ!pp&)^hAC|WvMF`8M!Z^gNnncy=x8&H0vGMCm z|6RY65Bf}X+jDoQqm&=L_bvoo_GEwc)XM_v=UFp$*w!0vD#O0eKc1csG==l3rw-AS z@G52At)Rv;iNo=kLbT8&e0E<;`LP>e{fsIXTG2__l-{QY8lo+}C0U{81S#cfo}6_6 zS!*%7vG1G=ftCWW72%q|fh@nMzt-&U-wPc-$337ydTZSNBI?aNNVc3)g_Gs7stnIQYJsFtJ;g=XxL)3x5Lt(}%7JxzS9}|-75uo+qZwuy54z0CXY+)}b z)@c6ZN=1`mbTvNbYP<5Js1LiH40^A+B61^Cyhb)8ryKfymuqt`Srpky)E~a~@9K#- z$%i>WD#B#Q2OE+iV6<4g&CC1ryC>*U zfR_2h^D6hyIdgMPFdIBEBmVL`k+xLgkrsT4eT`Ksw_dPt>SxvI5^m#zdNoTW&IZAk z2Ty1D_Y16w75kVZU8l7RUGWBi;3FnHy(A2rLXMDY{_GffdNhQkoHmA>C{X!My=~gO z6n@6`0oi}$t+l6zok3_lL&%-O?|yDRuK^P$v5c1b9%6%3TYQcf$LCs}xLFVvNCqbY zIn62(Ys4nVJyHYKP*Q%a6dr$wsyQBly+K&Cxp|*pIj7_B?*?y zI0wifO)*V+AQINvfY$Pw^%My=g{k`rVpha<9@hQ$^f|lQqz^~m0qAF%xb=DR2~%A7 zuTM3F6MsVON^^x*Yb6lskK54z#`8&lK{&baw{=RUicaPF9E=m%2KeN+NEHiZxX|Ft zQ5OcToI!mqCCi-Mr4_3&!A}B&0jk@H5@H8+nOd#~+0qlb=BB)$PwdbQ#tOk)z&6_}}pUpG_ocr~F;S99tFX z)w4qI=XxY}E5Fk;%B~V)-~zzDQOaqp+r3zT?CDAJ${1+T&#=#K{d!fj{T|VX#SihK z&lI6iwzlUB2>Vs+?3f{e^F#;{cvHAIG4Op2N*y!q^|KB31!6oO?|nie z-{>beoQ*Sh84!g{2pU6Hx3+RTTkUD*z?kC%m;vkS%HPE;x zlDp{P1cVV4rq0KGsFpM+uT>QuC67c1q1QW*%p#)6O2+O5;LWr@)#qw6dUPsF+4WL3 z>#GZ<_1EykHl%dX4oqD9M6`MU-&1?4cqbuj1>ZL>nDBs(ZlJyq;^SJ=LjMUf7<7&J zgTduzx!p)`H)ojQd+%4*jIR0IDPY36I*x?R+YCXHy)&l5P8B-dtn3(); zpb4H^o}&?DW+mnKX_RM+YCmzRneTQuNb({#4*Yf=cmB%uq$NUXwq9YRC50y+t_c!6 zV6$^PPP|l*aNc;3c~&X@YC)=%l2lkeKln2z#My(va;HO3Jb$;|%I9#%?GVzJ_cH%Z zJ3C(xZ&0%C-r&7tljb0sWh|P&-x@jAXkTUU8PI(FsPjB+=|vO8z166m@LNcurGfKi zY)vdJ0lLr8f^VjK%K$-jWjod1edCr!1NVDLlZWCHN(X=3HOJC8{W0`LsG02royIdK zm;jxF`zIlJZ-95C^PTZPRnh%@(KJuQ7hZR2xNqa-H(VTJ#U{NcSMyf2l~^ro3~lxC zaokrUTCvZo`losuTJLEeOc8yy9zSpbbVyPVk4izA6hNr&5lPTojoEfvV8^WNp0vwJ zLn4K9#KxTQ@YU>2ltWV)Vk?49SD4DI^6GPnr^1;xYD>%^Z> zHKC;*RT*|(9)x5x))J&6(~t5^neOdg`)G1rup>TF69%q|`|6lRuTdGWG+yU8PkDGp zhUwza(K(+hfZB)-**qeC*gRDevlW8MFa1`osWVyw0`hRRCO_q(StV-S^I`rW+^8C`yjOpUefwdRQV{ak*! z&C%Vhk{%oaL*sc<5-!hWlK70aLBi7h+2hEyNkz#Y$=bho=BNe-+T7->lG4{$P zlJL$qS1RA`kZb#y36ko_lB{ExOz!N?tpW1} z!|gC##IG+i9kQdExZ*K~i^kk&W)&d%{d68(CX3VaVZT*r2Rxng@IA&=lMX_CjQk=- z!p`nhyPD!kWqzQ!35w36TIugy9ds{v+9}mS&2KbY49d%6H07} zw>c1@h|{-okWp1vw;n?$zTa<6_?BNOx)2gX*py65qPHG!)U@`XW#=+GO@6?7Is_Te zZtyeM3yDThmAbz3BI16_p&F1y+=lQ)R73xJ?=^KRpMm;U_swe8XG2nZ`NO%?GNKSMQb|RU6=_YkNA~lKz3}#A z?^u1-TzgYqh$g_(x#f*$E=oDw@8ETRT=~Ssm&f(`>#p)$JUo|Y#CJEui4XcU+3W7n z$bYB3-Z`>5Jv_}HogLR*moJ>*NM~;#_x$cR4BJ?hN?kAsU!Ra)=If~qmjV=qi}_L+|yCt1gGW6OX2EQw~uVHE5B-se7ly}r=$Gf z2RAf<1?*y8hy~S}K*EEs>H93Ohz=eyV$H1E5BE&ToBG`M>4o_MVeb>DbiGg1eJE^8 z{Rd$$%s08Dw(2#4jsEQ454jV*7!}ti&fv)B&2LNBT;Q(1^esK2m}O5T4u-@|2MwZ& z$DK`yj`52{)3r;7#>063EPY-cxFa4FZjJWqN_%aIxU7o>)3oR2s(watMs*hs9Q(Lf zD77z=S*(VLyf=@Duh*Q3UZypyt9bf8E187cC2k~nkT@Nk-5A({J?2W7rdv}#H>Y%E zNvmk6zN%~q`oraF0{ZdWM{zHB9&6tj4#zDOlAn{@W6FK5^#_Lu_@rJCj2K$%(n#+IYHegUvYByj(ERkDlLf!=2P{>oBklEzIIz;1}WT0izD!dSgX zyge!vb*ygc5BiIN81&S|_o;nEn;F=0Gx4?@kpQR<7Ykm?*sz2JXvZ^>Dt=pXXWdMF zI^CYVfxIb4{9c$`_1NPuP;U%=MOQrzPxl@Coa?=l`7K~nWp$9sc%2tn$&@1itec|VimY@egw9iXa{{_=@nwGw0arA>+}5HZMb?V#G09`Q=u zQ8<(KhZ7#~#)_X6KPOJZJ>jEJ+>V;z2*#uu{3M6PnuV_HiCI0R+S@?jAaW!2D;jwP zHVmmmR3S`5M8biZKUV`anlNQ(hM+5cjb9KJmOY`bLdKL%Gwzq3%+v21p1~smq7Sk^YA@msgE`REVcO-+3fbaLZ?F)BxW|njC(_SL^a+R}g{r-av_A zsmmd#<1tad+OI;6+WoK6SZ0KNJ;IFv|MvNA#xmO7X?{p^1-R+_SaS3%Cf?2DhAIEj z9hc_Iwi4)62V<_id%=&F&-bKX-r#^=PRk>;mQ$&@*H=4O*8}4@C@1A~^T*VPgS(Lq zH-8X_YMXxJ_B)q@SE%q&wOWEi2t*xvVd^o1L1zlUW9s1lDoi>R*Z5!X+OD3 zCtHn1ybu!iT9coyjO`apGYD9e>m=a-VQgTt_#_67SGAF5B#cwDgF z<4*J>n7EQSlTtNkA_Kb0&+|C4e1rQ@+Se9}`#hhNuz%bTc5NlFSpXAtXZM1WH6L1J zUsU;avA{I2|3L2~$|kAru*w{7RiH|SQSzfu+H>J=(BI%`T=)?YQgZx?qu)vA^RF_m zNIzyHO)uf=!qYL75B zcR?@wv`@+3Ku#SCh)bOs30>)2$H)M>6>!y6TM8mduU?)uE+8lEQlh_;Zy%BOw84D6 zha4}6zC^4uf;7{w`HC@_O053LQs;JFZ|wRdn|ETT_Psbn#FKK#V?*zUR~nj^Hs~ik zIULl{kT_hNXvdO=Yx+mllmE8S z@JLJime<)kQKkm7&wjbn)93X)Q=eX?Zp7W}5eA*w_JazxFrpy?iKJ8JFAO}e=94M2 zS3?f`z{1IZ=f)Lr*=i|Va`y#qhI&Tc*?o*yVrm1DyyI^Bp-jMafetHSb+XdnGP~;dVN!dG~I*{a|!Rs#&zLCGM26iudQsLETTtQ*YwkXqZhYHv)=I_SI;*p)Gr^>;3h`oB} zu|}$~YvE`5@9aD34Shoh1`g-_u0dHX>vdZoqvNzk$c!$cbA#i##@N?o(xx4X*5(WP zCC80SRq4&ur|b!1{h{oGU&W}neUIb^kT2?^@5Oqa9M-S#)(h^aMjtMr)n?EI_C-7! zm2ACxQwMlkxaZfnLly+%TrZ8OVQ{}cL)FRHLRXhJLFl(Js#H<6g+=n>g*@ooslHqtu0fh|*A!MD0@v|!))`3~9LMCo zgDXO!=6w=VZ>j_BsD)MS$A?NMs}1M9*9NCBKi?>XdE_Z(laF%eZ#72R{SI8etbN_9 z&%LO4 z%Ac?y1rWPxth=HsKl$(_@WJljcIkwIO|eja))s5~bm)E8JY4pQbYoFrz);Qa>k0a8 zhuG)1#?zrPH(Nl#2SUemeyAIgU4Qdh+;I;IbZc@+C}t=VG0Au`*W)G<)O~OtheH77 z%8b~{Z66)r#Nbt_<;aFuIi{}516-4io-6Rxu4wSUuz?lp1NQ3v|mvVVxkLTaXk7*}USyEfHoL=q2P&dfnc!Mf~H(rhZZEt>G^NN9KIEZHR-VJiDLuzkne^1+% zeR&N=?X~zaWN>^C4?&+WR0^Nlfm=fVv)>ee{wONKA)PIOc@u4KA^1y`eY0fZgA+gF zZj`K0`Fwp3W)9z66&jY6mAjU89rwv09OFcaR5ANB+*mJ(KfKZlOh>(KZ$AWKJ`W>I zZKrk>`Giqt`A%0)QquVE6XjsZ@R*uOcdrF=_RF4x>%Oq@F$>(&jsIM-pD)tSSyosr z$mrUmyhbquxgvLEF-(HX$)EPq%>FC!GCh@qXXE{(4a-sWy9K zAC-&iFF4)F?BKe!ZG)BrQ}ewq&oip6=3%T)RTG{6-Kz zU^>3Uavr)e2})ZFQOrC#DNah`LzRZ0q1+Ixei4>k%q)3U_bDmE+e_VSn%5q2HIA_4 zUC33nRG%NpQ+{dlESb|-3%YE4IGGA&P~eZ^aa(OUq|^Pr?0>4}Od@;QFWxYK(n4AR z#6_?4f-J(&#QfLW6@c?)2CAp2t90|YkLl7Nohw1*B-}R8q~)l^QdMdVx4x7;Nkfsd zu3GpwGs#LbPuqvq_4MQOoyDU>>LH@8ts%qy3v1J8@O=k=ovM?S zcyP4(y?)kdMjX#`{GvIk{cvQZdp}gGHoSmrX!qXFc13?zOzdO|ab?gJ+jy`M%B%Yl zDkn%iGfr+?q-*?s*<#*@a_T;v5o1)Ufz3D9#TjyXpXF>(NuRaeRQI|mV9%D5G}`Va zZ*W60cF7CPtQ6e9r3fx)vRw-AlpdaGi1q!S+U{1hHQ$c!w zX3}X>xGQg+&4YIR_Hcdw&M;e1!EgKVQ2pZIq-`?xq(A9-l2JN???ikJOTEdRnsgEO zaqE>UYxV*vQYn=`67hU_{Z>21CUX}lmEaHLVN#Ezzn9Q3#ij~7udutpR&=~(@9rZe zCrClvJKb;3>&t;QGdV04I`FWoE*@+O=_MVBlOd^`c0<-(YqUiR74QukLa6$$i??}u zVSvvolnoQm-Kiv!{8|s6zO9Nd04De+wB+K&$kRzK-!SS* zDQfe*UniIW6#~E;iXHwoC_wT2l&I~B$dSLdT5(fo^ zt<~~K70}I54)H+T_=gxUR7g!m#}hNp>vI7p>2GJ#))xDem+8s8+FKHx|p z0rSlvdZQZ`JkZ9whh< zn=jU?Sg9*>(i|SeZvs@>QH_-+w+#+fR@$) zBfwkU;U$+LGF%ZA{+f|c>9AXZxWr~3;as8!ZbU}217`ItHS1QysL#KgCg~nNR8}w6 zK8ns;aC_iO9!-Dsz_fAS^A@j_bArEgzrZ4O^7{Q0jyZ--;U)LPekFa>{d-WRV3n9M zm&Y%otP%py!os(It2I29o;^&4T`-(WD0h+4G13sTnq~V4j91c*Via^iBxhIdwG8{f z`AR~aKHec=E@}y5DyS{*qJe~sJ!&qgKOu(JTC?_f89gqko3p67vKU#sD_Q^et6E*h zk38NA;!P31>2`l`<>Pw?T_j+OII7n=MR@Al=UIG%rx9{;ceVCpwPBaR08F7UvM^-` z%0sfJq!5xhU*0o%rO{0r%x91hw*0oA`!Pe6EaV>XnpzELlW`e=7z60E5OAhDi}zmeMaPgMP+8* zQ`=qIE1i2Oi|iap;}G8XMn`L7bR{kb_=#t_J0=ZefSPQA=XiZ4&Ve?U%Y%3w*_?%5KLZAm!s=qc`6iF(TC!*$4=in6DRaXTdC^79_|qZxHucOY!ohfjDM<$W|8@rq#7 zKK2m`TaxDN*|(6)%=+pTNFY8?kNDX+ocRe8q{X5{(m|E_oIrD85_zsm`Ms^95&Ay))KYzlkO z*=(#}M_Wh5a}UTOd0A%A2$R+_rv%3@pKteY1}_Uif}hY zmzw*N2YAEjM{;a{psgz#9R~{CRy5wk2udmZ3-pD@GbfqL;z^vJx1w5V&W1wx{8i=+ zJLU~V-{c;fL{e41wBn;XJc>tbH^!Xo&a3%yUyy+ibrPJ7PaV;qe0tG^gR!{hYA6FC#pvB~z{=3D5wZIJ`0R zNzp~{(+uF?+Xv0{4DGx`p6}-kq-QygP})d0Hlc)0XbSp{cEt3#t=3|(*&PnV>N(!D z2i0eLuNkX-GVORlpZ5cnYQN8+|60-=zobwFRXc^Ea)aC;W~1d>*+Y6A5VW=w@(DJo zPE*@w)$_O;9v8R;_Yns^=;3jJWxC71_W2MrlDUpY#lTO*99x*c{eHjq3m{wO>0Ve4 zd6GPA;ymoFY>$SxB3LPnz|u+n_f0c9&}9xT`CO`dDgRs&ymTWrpgMG~iR;ug;7bdVo<2e6>v<}2$^ zW>ZAL2FDEy4_gn5&lTY|WevIwjs!yv)~hkRSX_8S5F?1ykG|#Y%F}Un>gh@bsK@|% zk$Zya(&oc1WfEJDF}^8HpYl`xE>g*N7E`%WF5h736M{U@y_e@;%GFwfgaWXfB0*bv zS_qO$>9=I>g~a=1+^fXd(i@FPu$o^#SJ&ShHT?Ycn(g$8B1P{jqyop8$)DqS*uFzE zSCn5N5WILL4Q(5@%4QqHK&EPC8%9woKf=Ee{^g5I0v?~U0T+a^^M^L^*Ys?EVIG{2 z;{Kgo_7k#d6VDK!|8+I>TN9;U<*O@)?3Ab()ds(P$f+c^jf_^iShsFz>vgcj=66HH zrzvA^6A!?jxXkmf2Ldriagq0MZRZUhSiqmF6E(Kh7i(b6BQCsOJBP8xTG~<^bqh(Y z+OHk`DX5EW-Au94x#)Cbrcja8BA>1T5NG8}#j^D@lfSTTjdZ?<%Ovm3#PX=|gg`?8 z&^)`FXozn=>I>zOovGI<9C&a8ksm}E@5%MhllR_3cyk0eW656$M;C7guRO}oZaujB zs+HC3NaBqarf||!!W(hiR9IN4s}FX+5IAVToIs%i79?nC`3376bQ4#i)+k{xjNp0- zr|_pn*-hrBF-;^4xss9WRST@JfsH&spJ~h9RSj>2Y9lMWsf=HQut!V?AyDc0^-bZ? z=(88bvrp5&>j>?RkTKF0b2fi_wPg()&%=WrZtg}9rEm%^711@ASyrlkJle1 zFVt&sFwr1qJYwPlxqWd)iWVYq_nEIX+ zh`2P+S(4dpw|f55rtHB@0@tnw^}Fy8ybso?ulA#qiJ-|T1!AiARo4_i(`cTXBUTqF z4BCj&o$Mcv8g*5ffjPo`j7Q-QZNiN~Bckfv8KGwT@C{Fh%Hf?LkqW#vf@9a!2! zTdfk?t6iSYp+QITFkL0UJ09`>ox!9i&(7aP&0ZU1x>UvoWK!)E68Vk&@+mnx<|5U5 zbr4yfu^c3L#*LzHwHHxF>E!HJz)1fH0TxXaM`R+cy~UEEwUzij zA8g5622aMH9G?ra$Gx6TRJBu7_bhn(8iwm0_&eR7bw8$lBZXmYJm3X?t*88QLeB#~ zQ42P|cUQfz9f3gse2O1uvwG5GKOnhxA2jf1xTjHYI?XJ!iPBS!?7mp`n6EKILbi(jf<+G-{DiPA{0#a(?ZYSH}> zIh7|_mHhYxbL#uK@VC)a<9*S6hY2ZK!ri=df4Z8Q^2x_SwyZdg)GF$Ndz=bpQSG(xMORH6S!6XF4d7 z_B#|lIy>d}+DgTLdyTFfGi$Fq(0v%$v?Sk)23(RT@enP7_bdKbF zKSm^bK>JfGS4~9az6#^zG935o?D0yzm-fuj$jA*7i!d7Qht;dGwO?F)W^hAFJ)zVg zUUD@TO=0foy)`l)gTXzKIl~W%eT}$KhX0kB#}`;||EjQ*kJnxgqk+JAi&(1a_@1=G z7Zg%oqQAiu(|7g*+tb~d3AT!?$WjO>QO*b+Glw@Oi_v4HY6ZS53-C%;Cq)7=54FSI z^UPbFW<>S0=)d0#b#bJjHUI#>;f2EmIM51O8o<_HSOwa1JkLaqds=yYro3Q}t5qv# zeGKl#YOPzhA6L(3cSDcwz{r}CY=lzjv+lq%Bk zg9#LU%Xf@S_@2WUcg>~9hD%bg_sOCU)AiK%`!IYAgQ~n|Nra$s9qKnH<#aOKC27L@ zHQ%!Ev0v7JlJg&h`h=f8Uy~loFbQR`REY><Jrm;%7RP-bc=j<2 zf8xm#0Rw6-*oj=amN(V2cc!f{|GnA$#t9HwXB{@?LGT2RXyn_?t8eS6tdvL}&Gb`s z$!#B<8BV1|`^ZBhTpb35fJ3|cxV`WwfJVLJyRsOty1QQh53WlpQf&9$ut|NW$zkL7nbg4%nXBM-s@*9 zo8NgDiwh+b@Hng-c2oIaNbtfU~huFxlw#j64!Lvc^8 zFZJ=O7c-SV98c!9i2Hi?MD`~S-qz^a9WIF2dPR>Ube(r)*LMGTSjW@Awa-K>EuO_3 zA~*!2_`3-U*{7z7v#OlqmgQE4^=JU3nyozv@9ml#BTo%pl+U^de zb(|yn+ro=taQt>QW_^hJoC5Xs34FhBq~%sbtf^7Q_YW5J_wp?4OGts!G-WYpV`|^I zhXh%)Hv1Tjpthc=?Snf<;M=28Mx=h{WR2gpD`#jUVx~J8K5<@2Ur@r4W|RLcr-6$( zz&?^HVqry3&%b?$$|292#v3pv=-PZ`^Zgg*>oi5n*kQ%kS6^sY-`%8%Z^EmBm)hI_ z2%s@}1xHR!ZDgqp`~*JnBrVY^s!vln+kN&*?Fo4U8=7ekVn}= zyjve%ZA|?-LhW8w@iAdjxD>1PDwh^F5u#CTg>Rvj5Lodom&-nV-J<|ufPJ6@M1i|paGG357%CrRUWCcZ^6=_JVyB?fil3+IvL#p`TMNJ z+c^C7l?-O;0dw5v)I07+kQ-E*S~h@t&D%aat$R5!@pZThY#~Nzu4&o`BvctpSX)nx z&%PcFgsf9O&?FcinHW%HAZBQ!KA#k1=?}X%eXUo~RoQhxTGcC!8-9bDc|7Y1Rd>i; zW1WdGG4Dg~gpBQ!TWwwzx|t@1ql;5$6o2V(8w(MPbPa}5g^YP2&ZKs=A&(cQs-}Jz zbp&u4)c8Szb6=f0y^$NZ=@Rebvt*96QV>`f2b0uBhhT z@`Jt~{StA0>7}rcg1pzYyfK#GH*9Hgsj_5r^I5CY_&BxqmS*h8ZB?xhN!m*&F>(B> zY=aCmjK&!uwg?Ej(s+pjoE*S|vL2Zk@1Sc{Ol%JW>)-R0J>G`Nb2=KBz1Q6fN9mf} z0JDAB_m@y7tql5iiezEL=?O~~d?cMGq5PxXhzdN_KK;Hzwo#C#q)gf#+AcXTs+>;E zF}V}=_2Tgi4296x{-BZpAax&%iLWGuw=eEk>HJED&mV{8$X^xVRSvUwReMV?G#fRQ zFi7bWs8sXd)Qp8KwMLc>0Zu-MR)Zm(ndiE&>Vu(>VQa<5%Y!az0v6cjAItuuxsnJR zMmH8fHShs`n}B+>bRv<-4fI~_R(FQwu}|f35dYvg_(-Ahy;(`dm-cAho6j}TxHi|O zdFJQg*v?0f=Jkt~Bqyok%oAcMlj3G1b5l?e=k((j0+Q9AU$j~zM2`Eb=G%RasFsP^ zPeqIA>^Iz^8^%^dwe5c~6P+b%tz1mP!-^uEryss8?jvUzni&09t(c&}J=Yl~KNH&Auqb~-R(xXqr)Y9M9J)ibmajaQKJ>xG3p&?aBrS$U5ah*5 zU(RsbDo{g0AZy43CIWNd?-wA<^!v{~(U~ZitTn5TD16#KYM;BISR2EoT4e+s0no|H z3A7_)POyrWmydUJqn{TBiB+TE>@)tyR!UjyoQy#5GkL3YqXMMn*&LsEE$74D^0tQ- zOXa=mB@kNy=5M;i^4xf^qF+DAz1k>fp6xGB=NYgUEI=wRr3xXCqBroj&tp^Eq$O)X zAH0U%V^K)V57#R27&A^cay}AS^zFz4?KOQmn7$Gb7cD5x1!z65Fr{>jbe%B|%O6XN;pfS~93p#_H9$?| zDj0Wqo}3X~sWSW77_*cS=|caBw|2dW`+3BUwcZJ)Hxg}^{hoGmdS4NP{x-Vnu*GMY zmfuTaPZPntY)miQr{pwiloG?TFn36oO~TH%wYWamzuK9T-rN#s2@h^DaO7d%OY={xK=R#&vZv-g`m*Zu7q{l-*WSvQLRww0A3X*gDQqcqH*{451M?8-&UP>ZT5@y0rUg(-bp15BDk?vLQ49O*7CfZ$TbPH z;rJ2Ydjo4oKeTuE;F|4#?SXr`ADht`AlH@i>*rYMA3Ji!@UTPx$;hLp>krI>Kgi^{NMl>j>1*s?@t~=$CMly8 z(To--=iO(wssv9q~d~KXB1SKKfWX` z*BRTP9i=Ym{h&T=-1L&9ovUW7Hv#1O+48FqQS;sVLtWtTP!;0}9dKB&CO>Q4h3|kI z_0NMu7C}T9_Qv@|D02r->M5dL;<#R;=)4LhQzo)NGy!&$Or$N{mNZEludX3~Sq&wd z_R%&#KAl&cEtb`Bk@Zw`%W_T`m(tdu zxGT#Sbt~?_hCqv<3aQ0STNBezufD>WR4lBK-TbG zr6^e!syi)D-#Loc3<+iR;N+)y)^B~up!bDc%`14z;=4g0-P)UOxsX_FyVmm>HS%o^ zjHOHa=fe4}|4g@`eV0mmdR@Kj;J^=e zyF^c4@*Y1d7ibYlEIZ`N3=hQFd&NG3p`zhx`jazXx#A!0m%;j7(wI09dsy2dG5r?K z@a#0Z2)kPl#B+UnA1z)P0Woa7*A{=ozUG85vVgp)3xTk3sm@Y0oUbh6;GU zU3LS|_hAOV(( zJuAU@xKfH8l6+NyL6Hzqr!wttpL)H_Rp6#*+r9;Yn+*WJOHDCS(5M@m07)gsW|>Jb zesJE{a5F-5aU$?11Q!%fSAdH_u+3jA?NGIg(er0y9aZO&wHV*_AeRh)V?PZqvU{SEs>JD9xhfLK=%V* zqoohmLkd09O9;fFI?PkZ$m8K>zwcE3M(5`FF3x$I?8+WvUQ(am=lQtj{7Hjemx44L zUuTo~Q`!$w~Cg4Di3HwfQNzU~jpe}KIH5G2SHjtMsM z!A$O6f!dw;IY(fPapNdvrMQ$_>v<4&Q>GIM_q-xLNLod9C$hDTi;}>UfSS`i;bO#F zB0S+U2zz1H5&O}7>=W(H)nay8K83f>9}4sViAA#a{NX1;A_V;S{%GHnA49|nV51}* zxM@=OF1_ye$`~Cx&l>j+t~A;i@KK1RvuecJ-Z_7q4e~BWe1=&5fEcdjxPi^BBBf-$ zit@v=%mREt8}rff-5V>?rQUlcGmztVQkLq68u6#^pB`iXxIsy(mE4u`lc>#ZF%tOu z6Pl#wt8Nj}^%Fjf`qHbzc*)ApVU!E%%(TPOX87Ds(#frB*l;NAr>wv3IfwNtlw3In zZ$Q=ySDcK;s7|Hoeug}IoUC^y-Gy7z&DQO0k=P584_cW`Dw6CdPkRIPgbFDsUWfDP z*(UaHA20gK9iKw{j8<{H2Z?O+Fn^IWjR28B^4j@xQ#JDNN(4q?+6h4<>aLY{IWk>!OP8tP*eR3#7`` z>m=e^rGP(gY%~k)ZAxVK(M#|)Xdlnj5Ce^VIUrJ#O}mboC^I}?!DXOo`;U9M4zuN^ z<3RT?yrw;$4(=xKXF^#@)&psEo)vEs5RJlD;n6%Bx}8jyzgs=xB^TW5ONsRzieQm? z`mU-MUIdylDZP#<>AFLN{gAz9p|JQXEIBl!a{+`-HW~xu&?QvMFlutPHS=6EG?%H9D1%dgq)oO+l+hNePP31MeJbqRR`$PIpEc zk4+givR1FZy=;Ue#hU1*8{FuELOH#qZE(=;vNgHptFu7P&5YiL-n^zb01k0gG|`q> zj0q3l3j{dCzFnT=%1RHdn&&Gd%f{{eLa#~UmY%5f9jGIX7bfruSaL2zoGYXt{AF1+ zpcUzr9<`T{DKGpetr>Nb8lW%q4+}-jg_=;24VilfWeuqfBT{one8|>qp2!x%NBN-n z!GX>KP5B@4qK8n0jSC%&wh_d0&V=XF;EyvgB{j4j`Bb#nmU+Mz#rawx@JKeqr`x+z zs9%JA6l|S4x=F=iAst zKvJ-dI@5G2)BvF$VI%Q;OneTP>++6i%hrbQomG!H`1XSIdx-n&o<1(Y(@?#lRZUpw zG6leZnmTW8KW`c8rN*D`TTC7ise%GkBL)zcapiNuH{2(opVq(_}xx0o#6Kx zji-3=&Wb+A#N$AV2I^aBg{F@^=ZrN-#dE)JJ_-`|j6(;fs25msFMLVu^*uG`BgqbW z^#tnz@hm_k0j8r$~sn0$!0hJUq^(#NKAhF0Qr{XCG>i9Y*%^Ily8 zq7=69@VrDX?nOEAhrb;l1Z(6Pyi%%QYuxZq9HjG6mkOr;%`DCy=ViweeD{Wd2;*%3 z&6VUch}fOK_hOAeOG5w6kaM~dlF@0pZUnk9!{0tOb;Ma#S@U!yS43jt8{Q|@u*%i6 z*8ci)iDR2zTGf9b91D)OWPlM?@7Mt;GsvQ#0E#|Us=yzLyR|<0!-p>u1lngmf)6>{ z2>a&wzI;&@_)Cu$k18|-O_K4ClzLW9&pQ0%eP7nNE6F?b2q%Dp^-jvHJQN7bmRIG?+c!K{cN`{7R3{YA8Tuy{)R#&V1Tv{ z>&Cy_xY`&i1~Hsp9+Y?Ie5#tKpF<`qj@emBR{b*Xt1ILFxg+r#gdDRMI`(in16$og?I1Wp5EAlq ze{R$FxwQ%N5aQ@@ON+Harp7FPY9KgWl&DL$9E(T}^KvdOhf^9;WQm1a5|Ivhc#-{u z{Y)nGF8hLeXj}q-xGet()5WGvmuPJGz{Ga1gGkJW5 zqOi$Rf8tn{p#ZDi&(|&9$No>b`p5Avx)6f5l7JEBRk_9VF?3x=+|(=7+K82MS0Xs$ z^^5M)6@IM5dcMoM3;;y@V<$RsU3L#vkj4bNm=q(J6ygOS``zOVzf`h8bKQU48*J@h zo&y2Rgwbsx_TE7;p9h_Px|*6VJjEka^Lwxm==kI%)*uK@eGnHs?DSB6(*QjxeC#J> zyiW)DorxBHB9jlclU7ACeday4qOjj|otRIUbWXmK;H%@oe(i<&oAF2Os=goGfU_nj zzmFoge)by?x50gD{fR_QB8#0*^SV9bDvnun6ol258hb?=CJKVj47xaF&Gb4P(x|wg z>9QWUi-BDx;r>hfTMdFuNY1xW2WiX>f8NKI>Lb4m*upN6?9g5ZQFn*mF?z&&ck+5~ zR#)Ph=XQxCiB;(&8VliTmIgWLY7B#8ifrqPU-&*-kn6sth6_L_4T=0Ue4^5C)s@Uq zGcdVJ*THM4;VT$>@Rcill<5kF{xWb0+I(-okL>vM5r`>f(gf~UQP`y)+882iZ&JyNbQfA`z@ zbU3aFG=1qL6I`p56t_>Qw*~4}NB-^oP7*Vv5P9>Dwu6g`&C>a2e$2bL1e44uyFE!$G-*Z z{CL~gwj~=bvUYzeywmN3EL6#PtKT0bY2L|spbi1-6z{Y2@q!%^{(@Xj*8QFcL=*$5 z#DVn#o?_b`Pl`%u$6umdrYV7)5;&9ts9PpQhu|k71<>=yhW>*`vwd$v#Minpc_2G3Yq`mqPN~4WC{l21v zqlGD|&V&B+zFgB?-o{yjn2FQ97+)B%FN&Z{AAc&FQwJ6-CV!>&_<2<++dN)g#07qa zIgCf1#@d)0GN(GUI`a71vhu$aqV~Xx&a5YF>7LJz$r%OLoOi`J z@qRhiKw~}=jAh>@n}^q6*HPvB3G>Wa^-Uu8m5v$*J}r(yz0xX&^5?OgK=O6UhC4yF zQS697hb)ncS1y?ue?wPgez{;bhP30QQKwSP$C#Ttd(%i7-tV{iQjTy# zKfP~Q9d9K>pS?g~)k|6?&K+Kc&Ph_l=;8HepS&~n=KjT`WMTw9z#1!ONVgPlbRGcMnG4{m`}|nC z{UG@mN}_R|_pmxXDIUZ*U~TQbv=$Q@b05}`qg|PvR$VG82>W8Wgx}^Gg8z4P5u996 zBX-~4Np(wW-WrX)U1RS`QE~ttgXN8uuT^Q2;VK$UJ%ZDJZ&A%QF1uQo2;H4^)u`f# zy5!BEr8Y3gX9>l}@kGSnq=FMX8qpxwnSsIBzvjy@EchxB<+S6;1OeKx>i^T$Y==Dpl?sXl$L zB<`;wDlnj7!u9I%eVFyaX$#$?o5X9;6BI-(G!hR-e30z>jaUr%E4g&j{TCpi5|1*u zl$w%A4NLeVRx_1s9ckO&sr*9wa&xF=%|9#MeVeIF15~r%L9H6Ub1;(0hMyapD zsXAYB<~X^`&A(O;cl`cLEnuy>&Rqfr9|C2f_w)7iNrk+Ogt?)Li>hl{_aW zDKZPT)MH$~rXz@eqFZPzx9v%)QJ*gH;_0v{f%sRV0|=`7+WW<6cEp!AdS47E==K!Z z({~r1VF&94%7FZ%A~=)J^*R4jem&c|NyDN_{GcUjX}{l}9-!H~a%{Xfb~TCohOMfA zFQQN#M>M)Ac=zD^Tza?spL}&$(~%@de%DSSuBmUgRL1n7m`Gh-0Gdd}zfGY&$)miI zGA&bP)USB?cVXP=nMZ7KyR*-C$CTX5Zy5+>!Ty+rYZfY%{9?|eh|C|_*2*liz>D?o90E;g~P6ScB(qA-Da7f0W_KJ++WZdnjEE!I|q) zQ~Z3DUGH#O%6kP_i-+$@+t1-#=~axxC9O`JID>9ZaQ8dsJdz|gf5W2NvoCf1@XCIC zAAxt)muB12PC*d)HDYFLoYm zE8p9`=2_A6z}~oDo=)SYs$R09QQ3@TbbUBa;p^I9cITshlsFDvc2)UKRaiy<`V zw&&NC4<==J=~E&TW`rqfm`%F1HVRUEVNh$iSAOlT~nebI-aMA^;KDo4;KyVNok3dmKKcv&Xp5uKupy`KvTnoA0HH(O)Q8YzLDY ztlC>t$k@|la1;HHM_9hFJrQZcO9crolp1j4m!LQ#K1aj#ql18u_XVkRMH?<|CV9b@n>EEP9)N<=o?l4@X#&;B^k4!!!G0!3Gw7q@ zFQWKU)zY?sQIXG74{krs^aS)+?}yT3HKMwRhv<8uZlA%B-}dbbXvA0I*>n!+B`u=O zg1!CuI-Honp!0Y21mSO4VvRhX(gx8kwkGvbrUYrMDl8-Qm@3%^;hFDL&u*Dy7Zcd= zu!s!dNB1XEdl#>_uak#}#U8KQ<|TN8{?V|D1I30$Eq{Jw0+xATV#Oj_NwN|7-OZVP z$pWMXOqM2k2o^ym!!72MUexMmwvuZ8atFzfFQ4(`ta1-9DP`Mj7pe9744~2rn?C2; z^Hm;0R~phj>baD;hUkKC`JweGtY$Cua!6$HC>fAUR5K3PU?-EU55TmCUaKT)N%}B= zcvt6H;EMP3LHFn}-nc@iI7pqyW&rRwmogyVDz(2Z!@8HE_od{0IKss{n~UEb(n4NW z*-m!?p3&6SqOA?{RCavOl!Q?ribMnf=lT!#Oor`BDr@5v7IPXrU>GuX=YsyO&J(yY zjBc^0%K)aEcAgxrlvKZHRki%fZI6mR`?j*MJ+CqNB`R;WJ3v+Q* zjr6l33RHrs!N5^RIJk)b;y>(<_tPLsuMK3_wNN5((kSzv)fERBw;!k2&A!xAlXxyj zo|Bp&`9j*NeQ-ae{!tG%2A2Qwq_bTyPs}zwJa0i(E;sA@d?u~(l{Q8WrMC1$_jQ9@ zG~QRs^9GX6b0owsp;XZ~eAY*3G(EKhP-f?HTD03ZUar*(ik+gq$9*t}#tRkpgmEM$ zgcINI&_&pATH^zQ>O4AQ5;#(kL?2m%z^!^27n54vlCHmhlGq;=jzJ6qjw0U1WS(9U zzNz5ru-cv@;)x{|1X%I}x9E}y^M!|}Gz=*Vs2BFi{NWw>?=Th2^Ic60n&#$rRGsV{ z+z;KL*zCTRFYk#v(jTIHqia#C-_;cxmHqLj{mdR@F7rH;`aea!oL5H!KB5OEolCvQ ze6>3V^Y-MUnI~$}%$Mx?C<^hMbUZUEB`~F;0`t8i=HBUU)=8?rW%d`#?h%QOxR|2f zuGdcPi&N~J4$(d+U`%>?82bg^n{xVdOd5AQiNyY#a%(c>C`M+#0riBQz&w!Mop{3} z{ru1(&iQCJ9Oh|n;FOhkPGR|&$Y{&fjQrUPaB4S0TV?t|n)10{zHovrD(YGcu8!J- zdDb192kPvWk{-(VcYywjC%rS&q5V7#8LQs!=NQ$fE#JEmoOWyDrzxM0Hq9~g1l0qg zd3A$*mS>OnZo}Dv#zYtqOQQjx4^8 z{0ai=O`y}fmnL|#Jl9-X0$`jS0fFBmGSMI-Z=MI-Uoq9ebrzOkPn2>UJ$l)LhOcEy zG1Jh`&!aiVU)bK{2>(eso-?XUPugMOLr7?x&!o8$=fHTjeqrr9598swB>E+69X_4tlm3oVL_8~9K2 z+0^W31TgAZZHORy9gQX@HaZMnl>~k8EQHMTIBn=nK<=t(P}|?D#U%Ibn%IAU*30bQ zGO`y>Ilyo0s5j%DzozbHNb`Q*wD?2q(H^Se_=|@xAlt0ssu|5q(tYB?ean6R2*379 zN4!%U*@aKD^~wN3X_)W?<7OTuy1NPwRW}wyKhXG5AD3TijnwU?=8oN`#!en#%NMem zufdH!C}ye=OsoJVyB|d;p<6I1xVZXh9InnQ8rfAoE<-f4JcxUNILcJe7ku`6*Umx(y~JUUN-h`@zf6KM22`7H)Vv=l%PwORft;0mYGsg} zc3_baSvRO(4S}L7oAstfKY&;wuTkwWrt>eN)upNfy!y?-A^N>HB6_a#>y5nh5vZiU zuMs@~iK*i*5?n>Z6>eT`Gx5JUZJIr*SM7=2?-#obFZpuY`xW;TF3m_Y=hshF6n)V? zw+YKg{x-emmhMrfz3n7ck=_3bD|n>`df4yfGVY-9<##HSR>1Bo)-x3hqazggkJd7h zg%mO#%~b^a{)EvlqF0ko=-RR-^J0%z@;!dAHi-2#Qi;sAWeFdS8ST0f05+&W{L#PfXl$lY=0%xI}BwXM)|T&731kDvC9DM ztUFO;j2Z)}nxR;Zey&;6lGadD9na%uzx2b_k`afvC6T@`Zsx(He^ejaF3IljGpaTG za=1+D44HyIJ4cwyu45$h(K#n8QPGR`VdW@2&%vkn53a6NX@8#$VeMa_t`6h-*#=@6_Q_p(H|X4y5b88>Db~8YtUPefko(6z4+jnP38XET8Z4gr9Ck^wCOVs&k{+MiTl~SWgd-Sj z$BRu#KHcfp)LaL(P@&#*+?SKQymw9V`QtWm6kqIvigWB0x{mhi{yg=YFejsH9w`>Y ztKiHHCS~%cEKdN%WN@do!=c4^j_vv+@J+27IZ-fD9M05HYp`#krV^Sgj4uhV6@ z&)szurddLFC`z^cD#c8@fAVK?@)BYF#882(bNJ>F4Fr2$F~SwCcdb3R`y-?tp;VJ~ zwaoM!TxU!#z7cqejD~Op9mp3LRODsrN@U$$k47EM>8XHEI1%q<9`yu=I!V`zE+T9=7`_Z z#>xlJAs^tgdX7me6N~%Km9j&62qPak2EDfeY$_Z9UjcN;kM5|?!`zy`tSn8Kru4v9-b~> za_2ljujSK*=v4s+@%%2qu#=P-WcNH;k8=))=|=OVi4iI~_xFq9 z;N3;K9bTPUI!V{Mp#J{Z4<|@a0W72}GI3*HZsU!zo;ZTC0GMp65na{1vDJNa%$s9iPe2ods zfA?7G)-FQVYIw5%SoY}iW8mbA$MIu8%kaRy9@&^eb+m}&$iDfYqV*tn@Od9L@!FDT z-;xxPBM)-JU%g*?c~Ad19ZGIhKLH@Dm2Hp4zbGaHwEs|zt5 zTr!R;3?`A*2UI@C`iWZ8bUp9~Es}rUd@hq<_Um^_Tn%8SG8ctRlg6oJAZ4}5Z~V1V-AZon`!`Bd&Iu>jn;eJBT|l(Udipupz#R71^I+#FI14`$mBLyQP6i2{BTn_WT=-KbzgzfX zogU0Pv8?rlEp*PB=`t6VM$oV9(uK{bnmmh}OczwtK~*Y{lO2mZmJ zL;SjYxfrX=P(0@Q>M_s(Kqoy(tQZnT19w5uFf~KMRdW%WG0Rhw5_BRO$goxbXn-v>KF z7RGeoPkp#IXLtS^ZwtD-X&Zih;zG7AdZ(@WmFPWY(r<8v3~@pcPpv8EDX+}>Hl;z5 z4_UXg@($+e%NQCF(w8A*Gk5EgcBHS~$X7DU>`ZjE$99kLHHRV%y*RhJf&72hqXR;2 zF(Cb3<|N(NLl84N|HuJIzuW~{>a5-AH>tU=gEGM4PLAB1#KUpt&=pL4(7 zJv9WaDTyPsXs2?7px=`b2bj>$s7^2Z?dS$8FmNt3fkwNKCq zg&rdW!1}h<77MEHSd!J8dS1CIft(gyQF2pvyk9U)y&hWX;Plv@#nVgL*YniD|L|vf z?x&)Yh%!j`m6&*E=i@bRWNi8BlPo%*@%{H-A=Hi=uo`STBBY=IQy=S&svk8XcyQ~! zFmfgEhs5c8S@6d_`@6|-s=Up{JWJ!`f-i%D?}5%TjX(aqp@=HZz~3BKX)chN60VB6}B~a6R7GR@aKdk6xnZzRzQQIRrDS z8CU!Pg|Pk+hHsOq7%G(SG1M8%C}|ln#Tj4slkI(i*su=$DS@p$NGy1`OwkI_srI}t zNG*y(6S_eMy=Kb5H`^1<%)&Vd%nvIZX~DSSdW0%e1cmaBLfcLH8V$9w`Tmv8CW)&F zdcCh_L31-@7wc7SLf-OMy^SwX*2{PxO+CxvF7M3H6QCUY5n=)Tmk;<02WIG?sb8%mJcYt+qXu|7=Zu|j8;&JUk% z4C%M{i(z}NVYW-%81i#Qzsp2OiHn)e>((Xd95L%Wt|W)3A>ZJb#9ygLdMF z6HKDAT9t0+^LeIDFP7$$Yz(iT-!6|OY7m4;T>Ef!m#umeH#>LCU6T6!Y6C@jDmbJm zUY*9JM1COY4}hzIpzkYQ6|21a*v$J$rRI-Hu}?rOk2WiO?Sy*mnpk2o? zq}8G%F2z0=I<0sb@H*4v2GVa#y4lOnAyQPyMxfg6Jf8^n1+Soe-t-Ime8%7UQ9UkU z-=$&7->+QoI}tvNgQ6#i7Qd`M)Z1^=UIOtamDGI(CnXcy5p{g;(abk+o}|Kr%V}SV z4xFkJT6>z_yzbt+B|gfWaA~qTylkq3bDRo{(u8=+d$h=~XD)6PMVRyvhG_6uE?zLv zfabe$?$C@}vXIm_B%$sato;NW6EHSYG>VbXq!ks(>I+3t)mZT{HfSGCz{LM}o4+6Q zEwfMK69D(iXG3d3Yh#0#b@jvpVfZ>z=G`r@B;ty64HN8U<$*ln|0 z@V@nmL>hdxIpXjg;h2RG@VdWbgJ;BNj&L!9Jz8dt%DZh2y~3~cu7V&QJ*Jh5+x{iD z^R+DY$^qX4*8nt0>DWf=sQe74(HSF zJ6%_haM+?R;7A1HX}_<|YX5O`>TW-6jY7(*ig7~VAFEJ*SNLY)bIaGE`Rjr`We{A# zeUL?uFXe9>PYzf4cTKjZNw2rO+2{E8c%&mi(uZQ7Pk22ryWGc9gzL)-rkD!jVJ{z zug;smZ~KfejTBif&C9ocbY71G_moKG3)%?}DTk{c_jTR zieq6o`#)Z|z-H(M^pkTnKRBn01VSWgkiozRi? zjsB6+-VGs062Y$cT(!o$0 zC-YGg&J7K?Sp%?VO+*B;UvTsMxkeyc(EB2pTJ4(>?Z2W}HsS$xp9$pcE>l`hqVYT3 z@u)a6>WcMA4dfEiio)R+s_3W@B!4^o`h6;S+~vE{Gi_%fOUTHtRyjE2G@=fKFtnLo zyN7ut=Hv1el|N#u3B5qEFrf(`Lq3~)^Ryq-R1o))-V(<^X}uQ9&GOFE1(IYq16O|& z4Pv_t%@r0+2dytm=!Yi30Kx^|2#3rh&ElE;)q!pD?7lnPGowDwx zBjJQ0j{e)}p)8AE`;44I`w>s(zTdT9w;-A~hf(@NJF(^f1}j6ZRvkj9bwCBTnjeGtc2lE=#11nzIAtoxi^*7XPfv@YtO zA=OIyxk8Unhli0UH!H{$*6Y?`&jb)pyp7#mzLB3W#Yiqc8pIH;yLSM}w0+KeYC{zte?BIfP(XL#le%)X~}P>hCKKoZ{6u@3-*X<;rka$e;GI z*!}k09C*k_BKyE3RQb^L(djMOq0C~im`Qd#p$!LtdyH7IPp~+A!Hj3-hH08O9lc%q zMZ&ce^>J^rPAB6+QO&SSW;?xgN3HhUZUh2X&A+9QR#6tx(N%I9m?CDIz^a&PmJ#j{ zX|cSi;tj$e&GGekmg-g<-BJJZdxPDu_%YP)9%|6{o@jaa0z@vs$Haljn_Ig6fZ4-a zWMUxX1*t2SPX=-znurH@)U_E8E*f#|A;1D?vT$eWbZ=ZjJ)3rYpPb({cPWZ9mCe@o zYQA2~BER$%mde69zI6ZbI)T}Gz5Hek)af00ijAz8>Tr8tEQy2rxE1=LxN#M9Td4Q_ zG=AP@aWItpW8PsPj89G6ZaDJk)9AC{7l9sUJi2`$jJOYOhJ^>UU}}=^|v3pb_pzj4bDy;Cvb1rQ9D=Zauf=}gG&4nh$VTVS*g{sZj)Oh`+hf0 zCt>GDO(!80$O~*%;+nnJkaxDnmnIK;E-@30I`qj5K+=AL(A@bf2_9dr&i%cfBtbSB zsWO87Ls_BU*(r6NAq8cP=JeRtKl{BGUe)n;cSfz~dg5!KB%0e0BULo&Jqq&?#H z@x0%d@2ejnx%9a-v?G;vL!emt4qNDqYC=k`kA369VYAmE2La^U zLQfn00~U80oes3D#POM_qs1pgFYn?CQkyU#H;QREv6riOSom zbW(vTBaYkRrumzcBU|z=9!Mbv_=F~)aXXATUFYJWC8)^94@2DqgibbJLSxP1_7|U` z!~4OP$nSYT!#?DLO=cR4|MU1IBKxxMo0cD}Z#UhSWobN9DrwFpGs5hSj9{xmR!YV9 zfN4$2`L8AM0f8QH=$Yk`lL_x#A1H|P9`NwDNy^{YbKz&8vyG|f?ZUqcXS2&XKRjur z&7R8$9#;A*npgQ}j*8N)1-d>I04zot?`zw$Ed>J{%pH;ck{fN9zdV4S`75EQkR{E5 zB~Fl*E6(-h3|>g1#S7o0p!ROZ6&3LSt6Bx7d17@(dI(l^xsQYQ1?IVb90$yf{zJd^ zC?;WjWzQ$>%KdmwL$Yb_#1phaJoRgGoTrRdxC|%;EX{lMb@$h;LM-^1*NGcO%sRCz zrg)8qgK3mo7FrbbKGq92B4Xc1X|$-SbCGrpx%+XTZiF4&d@;$f10aO0qmaIEDoQ%S zi90QuLj=qZJyh$B&01C5K0o2ki2K5Xf1>aeiaWwZjkESE9X)d`3cyaO8HJ`Z>6za=a_yEbWgYXu%{9zjMm z6geSK4x_b<#xW)jFXzOzktRQ~x-&cnDGotOJg4yF_tV`Y*q4RM_XBy|peZ5?rC3!#YYPX$m&C(P`pBWYh}-)6u!_l`%;u+ z++bwapH}c$CR_2jd756qVH~IqJ`nupR$YhX4U*M=#RKEbLA9^OyeVLj`CD*)K`&YH z8KwaQ`CyE*en@(`>4&gCBoGR~2B7Ync=L-+8xN)5!!Q5^k3xncyitdtc^q&)TiOy) zHA-lm`4i;#W3=xu<(180Q@i~wSbI&YENeU{b6fkj_Cvbfgd;>nE|3<+39i6(&gs6* z(7cd9f?zglW}Ln(`Am46v>qYM{FEWA2C}wY7h}^tR;;%QI~p_2%G1 zyx^O#gy1ePfQaosCZBR|UyEE)fcjT*D@FEa1)JF2WH&j!v8nzf!b|o+P4r*ZJGp!t zpu)=YfSHzW4UJIcr@!JQT%2Cw^;Ze!$R8QL_Hayg)kIuoz(fQehH=6V%Ae#rsag%H zkVE&0Im){4*aY}Wf5lBu<)i|xQL@H2@N?t(-pG(ao2Ho7+atP&gSQ7Bn!HyePRbE| zfoUxlIzP_e-+{Os6P{a%zKVo>Q`xXs?h~4>=jQgj!v*1m-TrD%2C=`M1UsS;pa8)f zR)%g3+;mY6dAZx1eSiw>R5v%!$)fVNvB~$a_<|j3*q?_%FP|{4fmcZfpX=V;o>wZY zx2v~F++EkQO$3jINskXz@lOE3`*#x6;Sjjmgv?b#vnU zn6?bMf0|Zhf17T~n51&Dt1q=ukDJATELK8Y52_kNKDTvyM=qwebY3-)`_=>PVGi7U z&)~#y6~7!EEgID2&a15Lt3+}wJe4id$JM*&4h`)gVf<3g61tF*^i~tGp9oamnm?e; zT3a$Lu&u>FTPZLvX;GZiFsb7`g<4d&GjzmwcaG7#IHs#ak9F&0i|K}gH8<}1gf`5V zZT&l|Qcwr()jJt`2nIw6yn)C020+N%FUu`NJ^5TTw_i(Ct`4tQ>3Q0Esi)NfpudUk z@e=hW&5D~Oq0l641Z^=8a?GXUunV1`ItKlpA(7Q?NFJcC3kwPWhgqg-otRL8glgdT zNMeqGR^KFbAriG5-rev4pp3Yi#NY&2gKEBh@y}pU9SAumf=IO*eWw@{=yUSL?tDk_ zdGT)RNKFJ^yX0c1y?wT1C4xzm#8-)?7JcO7W~^{IjxYWBb8NGkjx$-LJjtFruqs^6<@E`^guC~q#pvReDLgqW zH#akj1*?E_hmWj@42t(wvrpSX-qRJjUi?fX%RQCG&mfqeUMFMG6%LJjbYJ>KzuQx+ za-UmsI~xZtys3smOno7w)isg&jtLSeR}9?c@2yCOgExx>wpLY{Uw5-CZ_47XGc_{i z*8(I<-xIXbQbfyA9`Ic{tiMq@Jd&87SF}bTbB*T_oyO$83^@>V-@h9Q8MpQvSKVy` zdTwjjL3<&bz>a<(qHd3w^t|SsU+}Pm7WdfFywZlMJpf8|i}QnP)Z{8N@pwM}rBe?W zilA)QmoF|{)+fBJ5m|ud6Mp+LsveaBE}wU#%N|9b!(mF2R1KhUexDCOVK01L5f}6K zA>C_hO|R{^Ez>V-_Z9Nt$R}+9z$cel=@c&t_q|1CLv`WA%Xzs<=n02>@_S6~Ac3x1T^`bXUPv)JBoE_et!{fK|kh{L1RB7Ch$;)BDx4 z2sC4s)AOP_CKA|?qwF=wwG`r?))ullOpNYtu6eSPh+Yx}0PyV{-1LH=LKsv&YV*|+ zX@YtZz?7szu3^lBl;GToS>h#XFM~e!BFW7*&ZjPm{nC^V&FMTtmXU{82?5Ufi>Sh5 zQ9j)Cs$&PRn<{gU`^^lX#tfLGT}%1xcSX7Ivj?di^Lu~1bYMSMa`xKa7(mE-g%8Qa zW}YsN5YKo0V}!mMubvbhs83PC?dq@MneR2H3UvxPtJnRnY5 z=@KV7_|HoUOU`32<8F%Z89k`3`FXs*`-K_akauqGHy``1dS^7frM}M-L<@%IJj;?# zlF-Ai72fHA3(c0RYrY*|UhqbNY-nU>An9X53BHGU`Sa9N$Mh5T72%r$;NYoG_&=|A zVCUgZyf0(y#FVZTYp(+HQ|#}_>Gz1MZxg?c^V9OP9wLq-{up5EY>V%pyr}aGwCnS8 z|1(yGuu=PaP0kzD>yTx&>&zT{fto?YJ&TmjAJ?FL-=+kmg@aF&(+nc@Z7Xg5aICYV zWQ4uauP^l|aFu%Ya;okizclw`sg?;j&)Hr-Xk|(R81j-F9we6EMUhiCJ zWxNaFgDut@2!f!1B*=DaZ!KS7_Ql#0Dx0VZzsQV;5?=n!1tFQ;-F#Y7=cRVC&Uf4~ zQGIku7(aq#Qg&SyvE4tU>hD#8dlxyRF5X8?2%O)onI>n6<}iM*t-W?>g`iCfN#BN1 z&2OCqL4|%nBvb5;wt-KfV;A@H_Is2seVbq6@6SPuOa)YXKLeD^wDM8D7yop0f9Jd_ zI5qQ??7O_~;9y;}wj2S~yQ7qR&Iseg((t%@-p~6W!v~}m+aj@^(Qq6m-{P^aZtx|c z@eJo)DosB5W`^AjNG!|~aiUqx^pS3l5a*BT*zo&KT0S?AkJzP`2 zwlC=8=8|BZKEkh>@5zAJ;I-nt*Wh|69JD99ecGj%PHO%<7jPcJZ+|$Rmom;M=zX00 z;vKQsrX+BM@Gl_uWB0{?Ju1FrBV_;F%ZUiQ(we}%(`c#$$23yTY+ zx4od<`AX!pPF{IhoUccyFj?)xs6Oouom2Y@h%#hGKcU(w4to;%iz0=((?5FlA7P+E zQXR6{?t4ACS?N-VuS%CdEcN3j){UUh0AzgOCeX*Tb=a4xo>t4X^- zml7Abk&&gk+#+m+U8{fUKh)(1*mZaMD}=w-@Mj3X+qVfA5dH=l>Vs{TA-P<59J`s);bdcaht!UnRj^s zj(RYTGadFMdPMEkYmnEbDdzlu5j&JMK&1r20KY z$qIa|yzCb#1xW-E*$J+>Rn58X$d z4}JX-G^K(JO#l8FNVxwDcsa0-enEKjA3}i&+0`}=ZIE;wYngBw7>0{A4n+P)5Yoyp zV-S{yCoj&2lYL%!-g;|edv5jRmz7yj?sL2eDyHzb)@KN#wR(B>!ZViDKAj*wef4DR zB=mw(9k%CJ{2tPrF798sI;zZ_+&Dnbc#2P8J!ixOS#dN#Cd1D$<(Y1dH4sQ07xiDm|$@D2z|+te~DoC$C+0Yek# z6fn26tjeW~CK>LwQez8D`9+ai_(j#_6i{!**xrO^2ZT#s?j7-})r7l3g=xQanf-=% zCG|vEax$Nsd)T7;@-gFbbAOXL8Ar2!KmpS{wvkXK5pz~0bjTG?W0LMlEZMIEMP@YT z%FiI{19iGc1M8qK7uoqhDCT(t;sYGhT2wh?GV-dh&(*N)AGd9EEGt!F zKWAI_Sz!za4^qk5dH818m>n>6`xtTZlCE$s#SSex2U30u!}|!uvfJ~iTcml9jK+f} zSHlcW7j@=bf5vaAvl*-%1%`I;Rew!94BtBy`e9s2`5YJkqq7lbjI!yc>G++(R!I?? zY|a}3+mEZhMme1r68oZw$O@>h90C0yaMX$m`i zpcK)&KrpF}`%*Yfa`C(zo>2T|;){8d>CgFbp<#H5&sDq?nCKjChsw(O>fv$n;leFY zfyqP|h{kOdQbzSIm(_`5Fe0sR;?AFQeNNy-`}m23|6KMZLhgSsrSz-NhDZ(hu9)z} zi}7&PehG(a&VB(%IE*`bmTaLVv?=i7w@`eABU8$-zML!}Gn|dEQ*9!8pAIS4f3T?X9z-I6q5(Q0K%C}pIFX3P6x&3D-maY8uak_< zSsM~Y2S2N)M-%U~F3%I)xb`3mFSxp#LS{}9$@dTUc(0f1&1H(T9;$DXdS0I>^n@d8 ze&3Ax#+>FldXhow>upE{E#`%WAb@7C4SZ>@2NEBkd? z7Rq|jxxajSBHPPjlmqG;GMy{4-zKQEBCEidqH^#O0}$bMd-yIfzk&O1axM$w#exd-p}HiYrn^q5+K)fx{1HPx@HGD z&lf7`Jy$C6&Y+WQ7h(K?(wrm^u=DfeXjMJG>pM zBlH}?LxE;agEoPk$`WN;Sy51jb$~9vs*tYwD8+qcl~I)|?BfBycKN-2ebS0CgLt0g z_|=9_Cv@m=N#8GZq5(yz$?7v5{z@oh8Z4>p`tOjfwhZ%>E1@(KnJYV8x zzCK$L`(%n{kNjmnnf5plo~g$;Y*g!hkM|Cy`V}r^&LrR9?!3;YT9$uuQvysA$ftc? zhekzl0XU9w#wFa>iq}CZ>F-u?W%{}s%wF%1SoiM1H-1XA;pT>xa~giiJfg+a#2Pap z1U@S5>T?uAtDZ{iOaAD`Aoexd)>J(`W{;5n>%Q&laLxuP7TTptYa|5#vJ#9(8~o9LB?2I$c& z1fUHG2c85fE^}JNNAHH2O7>nVo{rm#c$hR0ji`sIApCx=ldWkb1Fm!kc0pWa@0ZsS zX07rTGj7r!sEaEmA~2hau@DPwNDMch>c;%^`7%!fAvlQS!SZZjH$W0 zK0hcRK6^d_GW8c&5OX>@LB1vZg%1{i^C8v`d(cWX@N`R^ifOdq}{SlrO=d;)R|F$s|_`%2DAhxrt5=k zy@E4f{%!OG`mMVGO9DTKyYV^L6Dgk3%XKM3in1UV6Yo`pT_c2 zoxAr&U#~s+I->8p&>ve*sos6Xva?0A2TkEHe|y~l)sk8nV1iWrbU*yakNFmQOP`SH zlwj%OuY1|se1Wa<&D(BNJ$d$*_ci-y#A#~55##o_A-HLN?{#_Ni;?L%% zULZJyNV+~y)gIc70~ZV@JL;Or!001r8;WSod+gwIfj6qwxe4ZS+n0!Mos6ZPG{{(O zJ3ORtT!bZ_Q`gBOtH^$oD%#jTCPz4|S9YNL#1&|SA~=`PrwufOssJZk;KyNQ=*S%M zy1ridw|hyLvnf4~i+fh{Q-oSg+2eFgb33Re$|BrD2%T@Cyy7p|wrO?O6R5RXk(Mz6 z+O`C=0Q|8n-?@PD*m5Dv8>7&0&-?AU+R7MKs?77!oS-u*i^5=$cwF4&FTn`+BOD|0 z>9TJ#=cNSRuRQaxu^9j=z(XxeJWq<&f)=D}!}(hsK+gsG%h;9T+P@ZRa_q&&ymM<`nvh+-O~getj*8?q%W z!BCUb>w51}PIT+`xHhF=%mki=S>*8p@v5iPplPz!`h_uyxccmy`Lo}@Rm!194vPdp zLKG`FMKX+lMdx^nzt>S~!oyJ*6;waG%lk?kfQd!C0?a5PV{b#Ye%)MfVeKE~I6D2h z34h$Kzwyx5I>*M1l68D-+$~( zdCZxPuWxRb>rsCb^WF%;ygrO2!KD``&3&e)sYT74?9k+Q2$P&17s5y!2>s#!>-q?z zapA0ejeK73jDmz=lq8RKiW0lZ2P=Sr)?~rlP?GB5ADU(Grmjx7`ImE8!;8fk z3%nH#&pZ<>zlZ#f*M<++dh*%0!UN6pIj2-!R-b#*p4fS9+`&}N?{w^gJ(R;M>)z^ez%c~3mvmyG?arv+-kE~r(%5FG7^ zz8Vax5Mck$Y-T1{jMPtK?!Y-wMr~%eO=1?XFrIbMiDs(DhOw*Ol{s(qD?c*q=r&QZ zdp`aMDANe_9f+6xn{)XLi1a5JGjlCO8~NKxID4f>SmJ>DhGEEew3m$~qW-C97}q^A4R&&Y-#9j)to zlh=p2P^iW{c?hhN{B|)9J;nCzi-)GOIKxQrrk_FQBKX`!CXSDkzO^#aiYx*!gwMyw zzb$dNXM5Wx`*W$+)NH>sW*k2fSILJAYQ+BbvSG3FIekAn(g%jx*({Ii{Z%HV5RG5Z zZl&Hk{UrE!Gik~einuI8t8Z?3G1k~iZp+2p4v*pdFd>7$bU?}(Ctk>*)}my7`g|yU z3w-{{9trLOUauowvuFYssYp;-rd=)_B`{t845yF#xA4?@Z}RSS%G+Jl+x{ft%3zFJLN^9Fk;B=bC)8XV<46nVpKpRXDb|HymqsHo1jT{xCR zj8Or5M-;KdIK7B%dhdN~ncjOJ1jPy(JH`f@AjT4F>|(`&73^X|tXM$oh*-|O{pCIH zTIW0GkMFN1K5%*Eje10=qRCNc{pVUdg!;W{y7h0#V9QP?3DnV^a*&?FXFL*p?C;Gp1TB({wt zU;;xLm|&%l5yz?{h8RzccQe7Zfp~n7>9=7VrZ5E)wTOA3b&JJBL}FRc%Q3KMVVjI5 z&_kh35wUBPQaR8W!dTE;E^@!5W)X%6T_K*32HC$6RS8gXqe$rtp;-d0G+YuE2MBsd z!86GwkslyZIup<;(3B_u|8U_vB0M^Zba(?hB4m^X}8KaOct^TJpt4Z~-kHy6mG8PMV^NJH<;K!MKN`6OP``#P&MdWuqkOxNPB+F8HV`QgC>tUi zUqH(DgJ3w7L*ZfJVE8fH=wW+QC-MNX6LLP0${ayPPl`E_fx;g^ezJ*J6Waz&-SA3? z5{eM0G!+4_52`g1u7!zJ8>1vO1%pF^IkQCUQ3qX!bq56`Jw_7efUYzn48Ax;%LQ3j zn>px_ar|UD8(A*`BOb|w%McztrU-Edz)S&%*o+0)Cmn{Op+pf;J8192o7~XdMIwda zQ+DW1gBOA0E9k=b!{R8JXJ=ty;fcd;Cm+hc@TMoCB}*}?kU6AvF_~sSX_yf+?S?;E zhs{brYzm7Irim>k50MtcimehqIb@aD`5Y$?mLrn!7cnt19oi8Rc*qv9;~N2*JII&# zp_kj|F`Lx0=#1?Erq8-DbBR+tu+hGhs-JJYW=BK`GL zg2#>X>y$(cz=3ISU#Y~f!fqu|I2s~Z?+9akBsxy5QNv_rdX09nQb91XQ8eVC*$qK7 ziUThIWU^Y8#La2}#E2okU! z97Ft#>JgSB$wFr{N%RPd!P6PNK~w;R#p=Z&1qYJhP*DjgqZ)wlnZrN?LKOl{tb)N2 znSe;2qN~H204**jise=r%I}f|`CicF zwtx>o<$Aq3wZ#n$K0#pHM_Jra1CuLZa-vcYb+LhRD=_|{r4Cro7`@CRbm>qcmJei) zBT_6s#8LXx@C^(Hi6IO6ptz$ZQDTT=<=~(L#;}Se!ApRIK>-LRzD7th#r#n}hN}Yc zADCTCE0M|tGF7)W?6do^K6u5WR>TB2lr>-ou$6cM!AuwEfz?At4@cr=7MMtwPfUPU z_;@&%MjHvU*uE$*lLGL@EYw;>cBR7Zx9F){yb2UXJbbkxq+$f9K9DxDk~KEIgT+9B zaY8dJ5+8^G8Mw%bcc9JgI7AiH7)s}N#8vD7Htsg?@OlmK9_x+LfCL>DLcS4)*J>RE z3=qens2IDN9HwMj2988W|!Z@6^k)&6=Yz&c93K-8de5mSBP81 z)as~sxsB=KQn}oCm}g{i0B~YwsNg-Ipkwj0b|-YUs-X8M>f-uXL^ogLMU0@tEwdqJ zMG@tIAd`d!;@N->vUghFwjvfN`bz z1n~%%a-p9G?5Psq33i3!at05o{C>0q-q%2F4M0h9znshyI*Ax4Z@^c_*eb6CBLxO} z8&5~T25D{@9p?>5*&3j(gZB+u9Y{YheQ24>Wu?Ue1Qb`NglxAUrVp@VYAKtDmIZ(< zh@sYbflO0^%zLSnPP5AZQf{E?1qLjN0pKkeC+gNJf&x>-z}B!tQ6xO1x)>a)%Ye1g zolrmnLVATe=%+AsQ3sh}r?~Yx9|Z-x79LQdwW6`Ch#nZEsS*%wB0&b3+KwmT7i^*rHA& z_fm*Hk(us|d6`f!^Gmr@kyMBrpzyd}6!UhN})Lf+!jzE-?onNMaM6pf~I? zQ8WS)!x+W$6h?fU$!D-pPO4CakI2~~wp1jdqrEXXnF`cVc;Hp%(qwM4ixRYI>{v6@ zj07y7h;2io<+vzVWv0_5pFOP9DU1?t1Qmr8O;mx!V7ML(ijK##=wWEqMnO0iibI*F6c1)hhfNP}!uI=3@Qu|PKs z)oqE3wJxA9gjeBsr-shus+|UE*l%D1v$dCj3(KI5h($!6qA{pPtQdz6R1ac_(Q8Du zMG4s!l9*i@8J*#Z`y_Ipf?^PD8aF@UrEmantdj{G6gUn*5DF381gh7j;5(xjf>s8t zh3Y6(=ZWBH7$sCttPnK0VXLNsa!(L=e&rUX!iN^neL)P6J^KR`p1hGnvIYKm|6;NITyqbg?R5?(=u$bnDt~;_6^oTU3Z(h2RM>VRoN_32c z5A)%}V!X_c{0m>l2UJ|e42n5|kh?9yZ;4IXTz@hR-0st5%T3I{=Fu;4% zFzJ}o7>;hk5EW_^ObKdGi?$<<0ZjyncrBX&3~dDH>Bn2tHg{AF8VDfd1@o8+0xn#+ zC}P0Lqijx$kBaE{6mZ?Byof+SWQIsY3zgJ8)UW`{(-|UBSa(!t*QXFEbOST$L$;Ba6*N9rY6h$=sx{`s#&qAR`EE04 zjR75ML>4CE$l!PSfpJM~MaN<$4{)l>)7vmxp*UgUE`6y7jjVbxMK*()n ziA)RP>T zVLgEaBF!;@furRFbaFLG=^{}bdQp_952H;Owoqxnaiq{ss}?b$5s)MIxa4SK6rwz! znGaLxHpD;%y>y0K7pMk7jv`a{ey4_4g*v6zetspf*gNhhN zAEH^97#y;LTf|s2PD~@Sbb=scg?&KPFQqvkQ;c;=*^rj-LfQ#sP$I=NDn!jBu>wj* zP`hC9z{Mf+BrYN#{7GVOScu|M91Mz2ZPW${Dz4Bam3nzLx<%?W@y#T-!Z9F6 zA&CNRk{BY zgR6uyQA92|MFCP*UWv zNO6l)|4AiA`8>1I3={-5@QPJhhuGu<;$4#29yhB%vw$tY&_KZkANHyd=ZzG`fmF0N z44t7sGG#W2k*`ttF`(c|cQMooH^mdhx~M*AY9wL^Y7nWxk%0RNzEo}!20=antPay= z=c+*0UaD0Hv~i)|E>gr*Rt+c)Tg-m7-NXWbJdYcs$|y0Nlt$&tIP#Fu=!0+K>CiR> zpt%5_X%u1NL5{=7v)G}FpN2S9Wd`Lip!;hqC%znBj91r@mHiuIi0@(l_pe8sdq8X&NtuhYi z5YSlEfKq@MT&s;H!ST@!K*W%u9G{)z@PgbgNf$8U{2CTsD;G1!c2gLr%n;d1yMu10 zVnMRWAL6-;DBz01c>(L=7lR}foGj>pdH|XbQxlmA8OWT5oDn`A*~D3PI?-*QgveT_ z9?QXtHA;pLr7?yhG9t=JLTd$Ron6FW1eqXk?gQ}&g9hjH;-rvF$4Q`0A@QthQMskkM8J zl_mjC!t^ z0okS10XA5!mxfegpBin)2Y5j7jA4hZY7(9kvkJ6ohb#&*&{jVHIiRj4py`zc1EgkL zAth59gNX^UK4fSN3p zT?Rr9nQkFa-E`oRjwt!+xC*$+X&e?<|EQ6{hW$`Y2VG9Yzaw&^K0k~`iqT_CJkV{7 zqx}vg^yy3W0b|Te!huo%Fv3QIJPOSvj?>)?9fQv%%G7AH6fX#(Og5kn;o0H_chnP& z3yctQgrpFnhbShahHfV#lNc0axlV_KjDhAS=t%VOLO!j-$(8wW7%kC*QRrO6kV9?3 z37iH(+@Mo|{%{PwIIa@FY*%UkU;*#9J^6n2YHPHYQ39Pk1Wowj^ zSJjvFE|(O4^% z=TSL?3J5Lq20fc^lZTm7v^8KxlhG&#$bExcIfY8p057hCq>e*FT|}qgiZ~RKQA~qI zEF2SYV&KHl2$oAA@@OHu+sFZ-X{$zw383*NyVME?fYGOFBv=bpj&jE2SQ^#kc6$xb zw~r=>1v)E=PqBn!2D#4&@KcFJt@JCc!C=6_4eC`gI!H|bx?gDmQ9=)o7*R(eDiVcZ zV5od{o=7I*Ye;w@TB_6-HHt{w&tr($DzMaOuP^4}1oc5a83Z$teb6tXQp5lnG;!>D ziyUgAIFJBDF5kwGn8*7R`9MI>2)9vp=c zAp5t~Dj^^lT((N8;ge!k5)OkigLV?y0}c7;7#+gD!vzWjjhb_Q&^8Y4Q z@BnR7;C~-0$hCN)jlv;FhBDAY1M#7HIRbA-Vg)>s`Gi;jGM{L%%Z%m79UOxiEnxEu zWKcj9azidm9AHQkKi6u*Gt_vB-i;s16TJ;ny~0|u)jhy(CGB&fa4sM*YmqLemAgaZOg zQLMwQLShko*Es!3VC7L8EG9z$Z>G@<3T=c()8RB?yw?)ZkhBgv%MnA;9_Fap64Tr9 z>TmtFfiP(6P#~l1v(a4+6^?5+vh*IC-DEWIwR!;}pu;q%072$d0-?7{MhJrpJWC7R z4@?SFAx%c1fU1ePBQC9hf|Ny~TDeF>(RyS+M#2GoaIIKp#G=Uxb4aFC5Jf&Ugcr6b z5GYwiRJjc56-*@N6oUzeZfFu{pPQo)lnE3niO$5gGSxgK2x1`x7bXpA(ik*XCIJ~3 zISH)>rZp9n9OC=c7Be=krBV$@r~M4V9!Fko*`YSrklbWJn@TU$^JfHb`xW#_0} z;E_?K7`UfmkbTwYRnYLnaDSV25sq8S(fXB98i=d&{bWN7j|G$?kS3#4QoC3kGZ8^X z&8;wV1rj{lqe!amZGX<>@5>aBqpsZf- z$v6@rKTKhJLJ9{mEI0)bdhd~kNGD2AC?+Kc!s~1e*W$9r{BEXC4{|VVBcJ<(dOHuUvx?s^fZrnXZb892}|0uJKEG zR)bF(lZm}7oKI@UXo4~Z^g&t3fdAoR-Bdo`FX!oDlIn>8x{87UAyT?N7;^<^DgniY z#G8r;N2j64l{P9K>Y(y(&_qec87_i z6d~>cf#K$Z@K@C2Vnk^U08xwC7!ni7MMJweBmguPxmm-)d;>~w2r(BODwZk|sH$QZ zz_G)$@IB}-F9g_Vk0VTF>kzd?_^5}W4nkufbPKD|USRHXS*7sM10HJ(IOL?dFj^xM zp?xu{D}*=;v=Gr3b=lZ-@Mg?FYNGN&x0Qfk^HTLn6o4ueSYONzayuNS&4x^C8wPPS z5#9hQpKahpU1(51S963Iyn|qs^GE?N-^r80yH27s0Pa3?g)k^;r!0W%`hEaYqYW6A z5*@aqurUQSER+DhBU%PpKA^G9q{$3GZf6FYsslDJqgx*gXr&CGymExd9-Bq%7GYT^ ztvn3M3BfQ=$B8R(Y7oW)-A1^(WV%McjKs;_2$FllI)K(A430E`LL?%^JQNVD64*gB zTS4JKo0e4pbY(uFmW`D=BMKbPh8RMH7~D`9ktp>=;dFRSz{|$t0C^Rb()?a|*bQME zFo!AxL600wW}EP+xQhs-9=t+@ReL-fLDT@YN>7ua@CLYQ7fTK2R8i$>I*|g|9fbnS zgu@WJnb)d`Tl~&| zMyQc0G)lQL7=rVOJT$b+0h;tq0*B95VQ>N>@Km4~I;YEH#6tU$R>mgBZR$A5L)Mv8 zOr=Sul8Urk0RzCFOraT25izWWFJ?JFGo9=YYjKD;wpy-m2T&}a@-dqc(@wI3SO@`H zKr~U3kgZTNl-#&gDo`1P49J|plXuuHK>>pp7f1aLeB4cjD-(-20xHoN@iWZ;>ml&C zhM*nmQfa(myfYTneM8F##1yiaC)V)2RH(S~R2q)P3e+-Tyu-+L@sxDDTV&@M2uwGe z&kQ{yZb(35<8mvCV`U1!0_*KEwTz|@>s4d{Mh!(_Q`oC_fDAocGYheP|J#~1yzYvc zZB8ggGl(m{Px|h=lZ4qWbchg4p;E$6J)gOHRDYEXM=y}1e@+!yX&zYn9^eNnN zJwB`c&6ccHcbi7kmwZA0HGbv0zfzm0ru_ReBcW%8bNaH}DG9k_lnI|&NG=t#wr;}x z#iWmE`JbQrlwV6XX9_uefX#z<-1vOjmxuZ+2rf8VAKNRcFC#ESIhsp9_4@{$FK zNr}zA{p8F|VCP$_#-^y*>EN{`WuG~8vbEYRQ7|6-(i~s50w-S&; zm*Esk6LOFI1)q1$UNEZ5zvmm#KSi==7W4W7M#?O>3V*^x!5p}5+4=OVm}g59 z`XeX6)NPdH{rgr*^W?Ogmru<}i8=b@1p@~SK#l+9-@!MI8B^51&!$c2*<*qUA3CRH z%$t-k{Gd_<1NRH7XI(r0PgSd|_NHF@y7LD%8(p!L&Y{lTs>>TgZ{3lXKjO{?8hzHE zZulPK;xV%*qLqEt4X7Q}m-}{PM}p$&QcufIqYfvhH4?D62}!4h!iaCbRy|Km@zzekZWaOR{_y^y1}tInn-j{VP31ONYh)G*1}`a_=<-MPH>4YNU6 zW$JS4@V(J>n;e6!6Tbzub!B< z=+cfHd*^0JmCIlroim@vI5zXPK&4BGO@fswfJr6h-5a+=)2|5Y4h#+y5SSuO}%bj zI6126x4At&PW`;in^QNwA;ppT)TAsq`sa;qzpmPIzoBu-z|(K?itf!B^Ly)o(nY3f z%E~wN*6o@J533G+eck5y?VWi|uXZQ(+kCC>EYfz&+p3bf9jE(L&Y#m|?B@78*WsCM zH=D|YyBj-?-Rl?~ZyMSo`|Ed2FXmLZ*4eLaD!<24FJ63e-<6+!{Cj1^o!G4NlfGt+ zJ@_nA!{1qd`-Hu>_s9>lKV2Wk6q}z$-rTWVA4NFzB{pu()aM^3`WJ52ZZFL(I#=-F zkYIAd_*-k^AxEaBW~zMH=<6*_>zk%^c=`NFOONeX_x{|{0sDPfvb))5KZZx#%9^4c zGew-(;p+RUvfeLzn?Jw0<#`cly7spxYgG^Zx~o-XpU>&1H*~w(H*#>)wf(){3~LIP z_iP~F9oyy3rHanyS6V7=ho3X&X5JmYcJ!G~?xXc@hDa9OeM4Wmk~+m)%-;bjJ?!*yZPmd$J3M-<;){7rMT!=Ha>%bM71#?SCkJ z?j0{`sy%l4+KxM%@5{e0JsudiYE|QgIsS1si+xA4HjF>~`KqM6@1N&ZXO!*7eO=lV zsW>XS@qqX?T>9{(GQCpKex%g9a%t(pc1Jf4o9mrgR)KGp^z3~iGMlJY`?SIT-iG<_ zUYNGF%`R=1acFI5U()?9CT z5m`7tvn05?^{~Sa3ntUQvvobzs;a)IN7lri?j?g&;SHS~*EeksFAeR!A^WTHk5LB; zFLWb)898L)hD9BQJI(3Msr{#y4p0^i9oO*oH_iJ?En3vg$b9j!-m<#f*B}{j^yo9k z{PZ7gP2GCPzwc@8+Bl22t4cKb`STUamjAr)&b#MVrjLx~E!vjn9(VV+q+eY*@0YR|A$(h7xs{Z@Gd!o))A#w4GBS4`Y(C}cx_j7vC4u80L=Jz3cat03C z(b(C&ecGizGyzr3KQr3YKG*CR*FO#4eB8%1=PNq@XEPy>#@Uljb%JeT+`?hHk_|-< zrykm~S9|SC@TMkUknnAyebX+9f-TOSxoA~tC8EONhy71t&x2^V0Xu zR)1Qr_?nnmclzjynqZN!ZpE%^pFbGx)U@iIef)=BV~!-c6obb9Yom8fvx8Sqx!{|P zrvEiEjm{L_0G`nm9m+HA3ZKSjjK8ygZHLrNqppqqIC1y=n$^x{d-t@VpZ<9G>+bnw zhYedtzcc3i@yeUnt(#vpxvAobM3~=m+2iQl=RdTCDKctjZ`aqtg{i_a!LS2QMm4l# z?P=DcZvEu1MAvWYf86(|>cGJvG?_SPJ6zx10tsnn9aMEUDoX+yh-EpR*)^6!7zLix~ z|422LeeS-e=7wtZB>gSD95-B2dgk#% zv|-cN6J7Q{%a|~ETHUyV``=~Mk88j-(FVH@AG~wr9zT850e0)DQ+Bp48r%v$>eAZr zFWYr2>b)-f{Kbp3wrwP@AMRZKOWSFRi;aPr{rQ`iL&xqDY&EQk-5h^*fO_ku505OW z_NEK0%bQ-8XLQL;7C!Df{-?fIo31P#U$`pziq4Vz?@eYxJLyjLbEjWAcI?N`kr$Rr zztneqw_@!2l!J3-OutrGzGvu}-*=_EpBXZ*Y;m#nWZXD8s)0|Dhffs@yWLPWV^*KX zshir)Ctnjjy>@44)O+d&R|<8&!BID}CKiOwhh9{-S#l}uo1qvqK4X0t{JXZ`1s-=Y zopw>{V=?0;p<2wkB(kv*>P3 zbv*oP;n%EYsSUN`vf9@y5LdoDvv75=a*}Q4~yNwilE>e|MycbKEnRn`v9{461UXXtmV~RoG|kCy>1gI zQ{HyPRSva&`lq&4$?o%cLgUM(W}br&E{!?ZVfTu{_==`g)i++edw4l~>hOvixwHE0 zT<3oJeB<+Y{dap3Umv-u8m_zFN%-hN$jBt(owkXKmoZ(XjtI zkZUepG~sAY3`-NTkA&89Pz=^fHkw=GAUN+^(aD+l32c4axp;V`RglJ$J5!Z@Y+wY5P^|&*K`OZ+($bnsI7s zE_a4&&yLMQd)M`{c^HcXw?Z_4FPqpv^gSF(QY4OsQz!<`1TUb+6+S=N6(F{z+e z_ZB*l2=YmiH+T3-%7r<_~*xg?_Rlxh@x(%R+8`%YGYch+PjC->&=SlgvJWZIkZLV=OL z@bbKG9(pmIgDQ$=PkY5XbLZPd7puoTNX&^sK%6(LF!eGIE*i}cX52?Edh!2v7mabQ zGvC=CB6zAs3{h<I^6;JTEmO%;{hpfZ8wQ0>tlUc} z>fiO^w$*n_4>mT|tad%Uv{t!Uiyt!a(4@SKvnAFqAD<7qHR;WH-Z&P){pm|ny{oKO zWamGov*tDXF5LV!%csvA*9ija4=E{<`z;pz(m1)fj*QP;nEm;qroQT6o55Q(JN_E^ z<{b9gddZqisr8rF&ChD8+w=b6V$sdqq<*zWTD0Fevf=jS-kG)NlIp2#eyi~8y*G2} zsL!v;`s{vpZS2??KX!7SnBA#c)0wV&D)ntvW<<8sZ7=Kn{&t|^#)fsPo^82nUg@em zJM8ezgYR#it;%k4l{}c2QM-9hm49`w><{|5k3Utr-3F=e_d@Yoy;oKX~LY z@KrGIWg|0p7ly8B2(Ftur_TT7@F#!CoAQi1Sn=&r?8WT{*0HCi;X4!jJ zw!Y?Qt3J4s0`jZl9qM-9a_`XYvb($!eIHkycYHxwszM0$%49vxz13TwzD_GIP zbKv48i4a4hEUeR|} z&->5D{E@=-{;sy2ymvJ3{@p9}cUb)g4L*U`%*koosYz|0Hwx-b%pd*b$*Ls!X}G7) z9%IWt`O11(#+QV5t#t3-P+8b+Fn7YFSB!?AGH29$Tr3*3J*P#hn`@U&Sh0O{{o${N zb~$fc8cO)BJO0eO)t0YICuVPl2XXsLW5wkCmOZ`)CkgJ`q>R_6`nj%c(u6<1yMC+v z=ug!r3*!^Fw_3Hf$2VVEgUMZy)GWyhi}PH8;r0%TsOjDHiFNrhp|4%)?!Lr`F3}lwff7LcTX-J+w9%(Z9+^6Yo}LHQcFD(k$f# zPe0QCte}q`AX-&RZ;{%3-Hb!BC+UXTs)HqC)0p|=CcQdA(3Q4Sl|A2j*uAbWykg|n zPj9xIKiE)pt14F0E92vnHFrMK_3Du6m+ix!-$W{cct6^tjZi`G<|&g zRCopNth}%)>%Hds#Gb`NwjQ`dmX-C++*Hyzrvvj9ggh6O_Fnrsr=jM)X`ptk@aR@n z!J-x(d2^tc$(WG!PSH^N@}~|I%C_paZ^p;Z0L%LuDltM zNnN#mz?(*x`#Z1|BQEDPmmbWWS9|#DmtV4e(ouB_r&)fp%s-WWci0HW)&s9+^SZ5V zcWB~-%sPC-xHor>zPY?fgC!0~O{Z&~e1+9oo4RpQt8LcmwOW6ly1wV6^#RSE98+v-_#OE9X zz9jbM@r(A!)JOlE{UtC&*HD$Y^+Dd4qngLzz^={@_<`w81Vm2Wz<=;MqjQ^>+L&8K!8SP)ebIs0B`_9}0t ze+_qh&yI>wx5!^eDGAbo$(J@++b2=RUYUDr{=lO;%Fo`RGgfo@{yBQpz{VFP^#!Ou zggsLWx=mNi?T&Ze&1wiWZ^LR;lY3QFaU=HTJh9D-V>fPi4u8HqiP3X@uZ(NEaxTw! zS$!z${f)9M`=1T&a$46e^5XW5o4Xt}(+Phcu0Pl?Vc?rfuq?TTK}#NL^Itm48Z-O; zRF3=v(fR%^iA< zm^^9g%LA{-cYEX}cODeo{o&BMku7tV9y-y`xuV4W<;Zp*gS{SG79*vf~B)sX+CbCO!BPc&6b{vxa1bT3#v=Eb3=7v+t= zo>)10@21LoAGS{|>r;jS2e+jD(DO_4)EgS8jik$pjq>f|!#C0vVu$^-?uV*k=c`$h zVX1J>wqDnx)x&A+M|oH8NX~0PT}52jHfm_|V<;un%gjyLwqn2eeD^&?bq&Mmr!R{} zAC!FT{P)sadBG30^QTQ6^Qhrm`@=>3@mXzV<#y~sZ%tiBrr)BIaxX~shn_!v{mQrO zz}umt92bjbbm&4F+pz%kaVqH;`StYPegD=Q7E?tO`0sH zbH*L+QX0)}bL-(U!#rQbfb!^HQxlKg`zx!nH+NuSQvbO-*4Ixg>N;Y`h)8aq$D`(q z86m1l{VqvWboHEX)vP~hv-W@AqVq8JJ$+8XpTe)7W-lszI(9}we#&3grB6;x{l3lZ zH|*&*;-|GHXIB+{16zFc_K>IH1tcdIv+PM)sz4LDvt zyRhb`2!`|RY6^hYg9 zI_zVobGPih|KlE38eY1HlYb=VV0smYk$^84Iz6$x$Nlpi(q5M49qs%2$JHHL_dS2% z?2H=h;~_%nz0$7jNYzu0$Vy?V@BNe7iB8Ecc1P#k`qyeLT0yd1>c8}LzE=H5U;F8) z&6>&*Q|K#iOs3{fwdAiaUR^)Y)2CHMkBW?`qjp7S38O{RgJ}AQyKQ#P+FR2I7nSS( zXF-1VL4&yYDfu79j_EkP^bMQdIj6Mwu~~hx)!VwvI6Mrj(8=GrJ-Bp>^xd(h-e>>U zDLh8f^7W{!Iim-BYDW82JPOS7)FoT5T%PD1#Xj+>!1(2Zul+h)((ank(|`K=$)*d7 zg$s@+&y>-M^Q_JEzJMCKTlAmg3K9I>6t&3*9{iT3<1{V7G{XaE+8tdL?s^0Jv+|=9R zmJCk8zjHNzq+(Kir+Je~^Y(?o!6>O&F{4M(8B&#V1S@}m@<~k-QIWr3@QI=+5r3bG z7OsBhMoLQG&{p)Lo*H{<%#n4olZS0QmAxtc?pb5!G&-=Eg>lUlBptO~o#z?H5pAh?0+-gA;b#U|M(}P_{m$xd% zG_>o6IZn=fC|Hac(~I*n_>}EOzFjbuVhSzX*-qN^gF!U7v%Wp+``?{EmMu>?Kd%#~ zsDH7ou~U!it&q2#*EUmLX)J#{Ub-eR?byt=fp(qVOwAui_$#w$y5d*q+QhXa_LZZR zQby}RvWJ`d{p6hhYyEihOiS*OZTHXp__MzGfZ|p6evUQtot-%Fb5lcP>b%d`+_cws zI00U#w5kamr9UO5-k$d6iECrq;l$7XF8_|HX}&KL62NEL)nU4-+kT+?;mJn>@ z`z*8ADHlbLd%sy)&rB`4JxliD+igwR+gMdyl9SN7Vn{vtenw@7v|@5Rsgtx{qx%)T zb;W?YSAYKDLYMbRsi+@W+{zE-*`2fJ?`=pmjyqc!9o0DRemApZdVQMb?(dO47gzA_ z8tBtx436Z%k4@y)NC-MzFyS3I=j{BBlqrhLo+E~J%57Wv>F9&`)qfSVzvQTlp6mU? zu&tFDcsuyyBG?+wZa69d*0v#QC+Oz?5W7kGLT@G<{W(~3yEq@7P?jL%<2)_Ih`#nSThw9dnWcwzI5Wl$kZ7fwk>P%w%5g@gEyyh zE89<-HeE*lG9szHa^Aru+KSV!Na9xWI#7SRe`i+Uc&1#vWM=D?Pxp0cmD@Ob0Vm7z z=s1Lt(xyrZzvt)h$b;JJYdaqOG_SQLU^RuiGO<)*uKlm|yT(a5SRh1PB zzlDv?*BeDpUM)Ia*0b7mv-tSSR_pi9_}tq2#YxK(Nv+AyRwQVIozPA-; zE+$W|_8sCZK6~v}Vcv+8G0WO#x4Hkjwf%#E&q&tPK~GP%ZuK}(zXsM)5B$n_pYk@% zbH{-TKK{OZnDkg8WkS0HchQ|1PrRBxx$>D!c5MAdbqL&nj_Y}Br<_A)Hsno7O1<#? zVaNfDUox;YQ(oagWpno3`j%hmILFa5HL*RIf>+yQ#`vIh12BJ`vaygTEh2>|O)~QE z(GO{l+~52N>CanyxnoAaj6Qx$xbW%Pf)%HhrLOCR__%jCd5eCfzx(vVgQfW;-{LCH z_Pr$7v#$QYQ_Ef{{g79%9yh%sGo2zen{5Dbg;ytod`k%PpeOAKpX>ida zYCA5U02lq+ApgxI%Be10@h|B?ymHApUp34m;okUW)!u7a2c)eD}q1ZAo7LKbBmhuh>;N?RCi|ZSCyP zG?*hscq)*Od6t{-@OwzQ96$x4)8NL=-PNK*ia~#1T+#d66RYL#Y;F*{Hq`i4;;lM$z(pT#zBIzXrL6HELnDREb6$a;n z!#gfjubMbavZ$s*_2gqq2VNYJnDY=4SDZt0@zkW;B6Bye^d{_^qc3pmf*XYuNsR<)2y*m+}zrKCbQ;uXCF(g~X&wk1sdGHE5o zG<%ol?x9noJ{?vESmhfR4Lsc~j{mv2rXM^2{1rR9CH=^`{@mHiez-m%bMxl0d&*xNcvIeX z%L&r-Oa0qAaj(OzWna0+x0&PfYc-b+vGeou3tn`{`G6$W z=5M|tOJXFkz0O0D3GPFU=3Alb%-;OppRaEI!@WSvf1T8RWzsJ{P{hKiqz{PgnJ?z@oF^WI_g z$$FS=7GB#j{#Ks)anhTV){LV5t(8~0(*Ll6p;*xuyvZB=6M2%UJLVs2XsSPa3nsqn z&ExX{Vd~UolF|vyda|T}-FL!cYbMR>hCRs`0-S99NS?E7AsQl>LGnUm^X3>aO(*yc0KdXQ3G+6F!zWzT!*u77}WvHXV z;ZOS`DWW^U%K}2y$6&wje}=F!Y4L{1xf|B!7w0Z29kIMi!X3D%yRFC9zK29rC49MK zgH3ZTZTgVr9ZLFf6MrGz_8$A;I(l8=8OXQobKZ zgC+Jto;w|dgwAt&j_|C>Soj-~`gBRt$D1K^DJRo$9e*j#!P~E#`k`(2oflU%yR^sK ze^7dXck0}pf~Wq==2=fppII_weD}n1k4{2u znJ)X9yPLkYzasxg7YRGw=lee?&#qQw)*sBNtlqh6)yT}7kO+D(ec+7sT%Ba*bK>Dhw9;aA_4bx5m~rEp8@+Yf(|vNZYqr#BUz{@mQx#%Fz8 z3}hIe-d+~{(ww^SPBCY3!Kv!IU;uCbP*gm2kDCyCZQRrTdtdDJ>GYD|fl>$@53QLu zd}GQ-<{jSeKX3o|?m6p3e$L0flH`Qd?#?;tMDa)E&*zGTv&ZNYj!W~maSGZ#rK3;1 zv#ebq?=kO*U}Q2$k)L?<*FY1J%9x(eBqm*3+P0#&cAKx8j>he}u(fhuQm?9~V^!mP zGhpGIV^}IP{Ya#6dCv-*?S9L4Sx3?D-ft+#e6eqfTY6}{83@&7OsF3C493XWbEJaiW~cm zT8^z6nIKLzZMfbSlUJ~?IeYr_rn5_i)I1g@&!%&dH?2qKPDxE$(E?V|#lEnTnjeBB z;yH4>BmIZ;UP#j2#(>f^yVd;}JBR()_=S{9A4fXVW&4!Hc`Z1{r$0$}Iu7Ma60<6pYTb%s;gDMqhBX1kJa1PP@@^?d~tUl&3}X@caMi7x@s7 zrsesD`qaeHh)cXfBh36+vPkx6p>14If6QNE7X6Pa;N0YQ*D8L7GtHbr&-;t99bW0! zMx`J2`#{bnphZj?2u^R&X|NXXRZw6kE}XKvKR5Z;(D0waYB2NxOVc6|$W`3L41YL_(bKi_Etxnt&m>-4blJNtx|uMtmc zRksmOyx@H&^G|+GPCLDA4YO}^24W~afuT4x0K6jSCE=K{a7ieA0&T&-*3F7GCg$WK z6~etaS4JkWyTT#UyY1XLtDi)AbNU0xVZ>uEo-lh%B8-Fbdh>c2dEbv-?03Eca~i04ay5gHeVo8MeCkTWHT z)^#eKlaQ#Gkw7ni@g8qm{335mDLkS6=l)nbvL|?b1A5N?m-|xKN_wBXUUgw{)&slq|_Yc=Q!_4#C&mGtAir>he zK9LNFrtK%BQI`idyfALeLmwgl#wj}GlJ$G0=oDsVL2|QHfnEaJOI!p}VA`bE5I*;% z=@AE`;Cp*B_YJ7DG(}ksv{HHBB%FzW)2k|iN2UVCBNIHS3JsaljvA@FtynG!AOga$ z#mX>l=uYQ|4Gu6!E10#2CO8xAGM$@!2l}^<52nWxWY+C(y?fN}YoS?5NQ-)^At~>v zmDeXs4o0K-v+V%_%lueu^lou5$Jy}NmGb?yai-Bn z0I4pyv}yt@ajn$Y%DHLpk&s#a$bjt56&sFQXL&Bil@U_QzK4`S?xpWd!nvf}t_>Is zFzPy3#UjX1Y}8n63d7_gLK+b$08nD-CMdt`S1cyIp=wE|k~!rc*pm9eUlK%i5pR)0CDZ)K;-3oXFXuI@s5Ccrjp zBZj(F0IFQ%VTU=tGH;R)6h1a*3T1IKkHBaQXy;OaD*-c0(6i$%aBU+a6jw35g*icY z!BJOEM9zq|+kTemRKX&C8~6y7XWpKB^%_#k66E%c8-UtV>h|UBVsr|mXg!v6b^x|sqqJ$Oixs;4TcvhDhk|rqlUkQNEfz?!Dz)iO*xwmc7zfDn>v9H= zQJW6uV!b}yu)9%tyMGlt=kjXD@v+U>H)|iSTU0fy*T37_fJkhbhu}PM@GyJkim_Vc zQ%$v0317Ho;&@A>aWfQ>Vz3?*%%ZLGCxv?1yrCA8ZsL$)Xj;1sj@3da{tGgq~st%SzrAUg$;*BYB*^BgH?PDm1X1d%UN*V zcrZAmf)@easPSAL=>@WiJfs}VV|oWHNV|&Rsg=Wte7l&LU0!!M9*ho07Qe7)Mg0M&i;k8 zsqnu4Iiy|uuaNfg!UzOuKZ8dzJ*x0O2DRq^d_}-of$r`Q#qL$MG+bx`Dkq!(i$YLi zta1R5A|u~mE`|oOqmzLg>9%A7xGrfbg`X}=UywILa=G4y1Pc^%;I1rBI8^rIvJes& zOPAZxQ&*qswY@0w{`TG~Y*%P3L)0oX%VS96H3-8ePMsx*?Z^0f7~C~i`=0VAPuudX(E^~in877uUbyrmPE0%IE4-vAp=V^V zwA{kzyn?Bj05_34GMJkZM%04l^h0j;IYwT(xkw3wfJ5%d<{N7AzYw-5>Uj?YVN)aa z$zxOU$N0xmR#L9&6I|~=F5RaOCoZ~<`2twq!qUCf(cv{+ejoR6m6k9Po&RhV}EArSsP-5q&u zWmu?F1@IgLmUbUZ-Pr>Yc8??((zqs}2*Ba44PSeyWuV#%`8K$b1$gbp7ki^APU2qx zf*0(m4%-X8PMl=<+hF7Iy5kd}N_r7QWw7Y((M1k5V>ASqjiTY0 z$H7B2+>RWcIxt!_3PTM@7dDI&q*Wx>2gAc|Hdu zEx40px{h6Yayi}<6HixzV0n1f$c;o$56?V!+iU0;Ar1;fq1pt)DYPeLvIdv6+C^uu zUK2xE2oJ!yE2?aSBuIv!m@i#X7@CB&F|=9{QDM$=QW3S?eZSNW z>&~L65w@Xfb<|D*@&4EX-gv*X>}GS&vERXOsM^MieN+~j?ZG;1z4gJCRHprZ4F^*Wr_EOjBlq4DM;f#|fR5fd7K&!SUO^oHdCwn9N5(ZJ2u z4}3)SndbLpD9wx1802?=H&UE!;`LzpfGX$J{Df7q0O<+Kg7Y5w`Ml&wAH(4bP=+Ic zGIvoGIS7{CLPlE{6|m?CwAoGo!i_@aE+fXq@qH2@e6;JSMG)?lwu`YES)B1K`* zDF|dS84VTe5n7a(r~zZWfPM;5&s}Ah z+ZAvh-Nbr3+(~xe=C=E0l%fDrnreArJxxF(lKm1HjX(^94x|28(IJQ_@j9%YNdWIZ z1@W+yE;UZz8nM#g8lRh}AJc`{(f~*c*rLFS%dbArXM#$t^YWt}R(e5=f*Y3vXz;<{ z`}o5DSHJK7V`vl;WLHmB3tqSQ*SCZummHKwHK%zt{S-iYBE07m^i{UYKmpH-dmALgpiqENxlOfbmXU{+h-7WKRiv(`b<>$`n6 z^Bx7~sw3c+_QBq69Lp$#+lhmt0kB*JV5=G&ki+J_Ul>aC@?I%>BhT9LND(BI$1vmS~e$`;!~h_!soO2Rs$Vgz zBO`VCV}tibsNex$D#nyZ*cZYzrkexJrirOJ901j=^{xbv&a7rpHaeUTfMpVEy#XlN zesP_Z0*of3u&F)7iPQP?)ku3T*V@zVFpgK<8SWa*^nD~$?Rq4fED-&mYUDbN01KFg zDXzn2(5}gYh!IfoKq6h{5H#osV3DhH&xgE@{Fs-G+nNV5IHz#nDYsY)hf^JjwEVON z2Ut0{)c&Uip5NZLLHKtZ!gWa*pjdH#eWQQMsbS6ZV(`8WdKNal=L`{Ln@JU6r<9my z!f8X0XSU`O6{PtezJ6Zvvi_}EC8*L&KEE`Z)I0*pg9F4DLxr1;M*-`GDwCP5|5{a= zyNf>nz@UPt0!-Xs^U?CTOiAbLDyPXY(j*AYRQ&+(PDWoJT5%Ex%!FD4Jfb~01)`52 z`B-KjZ?lHwNho`K>7H~6&+P<-6CW91O){Hi6fws=Vp0~_t51|a>N$?%F>mm4T)~$= zna?>JK&D#)YODP(NF-1WoFN*2u0ZqQS%~tlm-^J?@7+yz8YfhZ@(*`+Ps3<9)s`6j zLm*r;0Rx*CO$&yODB|H)$j3)|3PW0Q07QZWlMwlZBo$m3L~r2%v*-9V%Uj~wPmMz5 z)Kc>%5b_aP$)^L8v*8%5eMnp3H+2~U%+QJ&%>g1#I`~U_VeP!}-(8 zX)j4H6+Cblt+?eitSvdZyEGh+)hQMTd6%mcwhACkwfB^7_s7XbUw0<6_97i^_V!Vo z?v>y8S{g%30fFo5oce6}Qdry-lwf|r<{`vtmzX!zPXaE^=_U6~d{lVP0OL41kX<9S zqxa@=2|N{IVR~zqgrQoU2Cki27LB9leY?>6!0aYN!o_p%(KF~>2-zg~&Ta$AgrPt` zSwfYosu<8*I`m0z!%tbgsrkBEnX(4t;XS%QrPP^@%C@Y~Z%QM22o#(hM)U=;X0A;E z59GR?^OK(=MTS{)IZln(bNQ-Z|Gd$Lh_-(XDmQ8Gbq7EJR}^OZy^Rlf4x5VL-ht&h;ZtfRB?NOAaH_LDRs7 zp1C|1G`F1tzD%!@&v15bQPbEmuFhUMRM4_o(x%07cFNTqCPoyTXupSoQ+~qiG8s#u z3D;}&B~3|l%yqDro2C+!EAc)zc&aHJ8s5rvw*7vABe1dE(uo7RCY7*eD4y$K>~k`H zho^uVFT&>#kc-@kmCpiC9AX=4n?yhr_f1#Y9AJAON?(B;H>NA!o5`bK;7FTjjXHWfHG0o`supYQ42Z}0PT@MTN2m*daq;I3p! z^h2a{`00WA>7%+9bbiOZs1wAR0!8-T3(#_UDR zUkn{Y~r1pf$c*O^T^qAi^DwO_978lH0_ z=eW-oDC#3FImq&9lNHkNkLwmevOaC7)z(Mq;JjMQS8Gqy;wjSw%ZM+Dy(l!1(7xbyjU(xBv zxyFN3#CJ4M)F8@55PP8t2#b!j{73B^%tLJm7Hqahqf71VhFNzu{qpAi^Q2FgZLzPb z1L#n3Ok&!vV}0LQQLIMHwT3yA#}9u_h8z}8n`6KO29$7I<~q200hW;W7*ZX!WOCd} zKJI3H@1mzf%!8qYwFj-=?S2u{5a<+IKg}7gY1{^gW-MPdc7oWKjeBeq9Lr{pug<2t zJV}`q`^+~NnnvrV_JvzB=8Q<82ba9Dt8SnbkB#D0(c2P-{zRuScNuM-P)=njy@qk6 z-b7QeNQ}JU$hs+W%c88y zD~L@=az#~3N2hc=zD7tFLIAM(V<3$|(qD{#)hk$`13OTcQR_1Pya-;l?lXI|T|Q6b zyRIBR5Qr}M(!N%M(WsR*%7kN*!6r!mB40jQ(Ty~mTQenAjprOd^%(cxANl`Q8SuXo zERO*M{-{_LZ{n?bW*nmlcy!3U0i% zo!2k;v+?}306`Pgs6a z~C*)rviTGpr%6oe@}^6isIsLrOuJ(tGCaC0+vV))nHe*Y_%$H4@D; z!^@4DRL-wEd#I(d`7R`Xs=9Yw^3iX$T6$T)|L0cs3&3w>+9s`$Pu>3&cyF}g>8v7; z-Wf?Jhxx8}cboM8#;i-e1O#AxkJAxUr@*{)<-ZpQSu{`R$n9PA2l*Cpw-S?@mwU?} z?>z_|-0&RDR(tv(8`Oh(Mp@hlAuxg;Dx&;&2sHQ+#;G&(H2_~gvb_JdyePI;5StBB zH@5)$Tmww7oo6H*>>PKqOJx3qS|`nt$|&Cu>H!f`GcfK zBo+Hzz}TkWI{=jRYv4@j+*?Y~5_a9Ai_fJ7mg8DFVwFe=*AEYw%zfGbgjVoBoQ-k> zd4Vd(_5+})U83wZ_Qj3Lt^xEsMR%@gog2%KOF-sr0D=l7%@C+r8x|km!<_=Bqv$sP zn~#C!4LlCxb@GE*GM}Mbj?7AFCGe=+hHOQ(J#YW=`<`BkK2Yr=oUeSJ%pxkcZu{-I zNl$=>OId9|Oh|m-$DeZMTgN2e`oB0B7wTla-d~z-X~|6M`_L9fA`^s9``-7{Qr=ZN zM?O%ZUU;}syFKk68CmfIwAxgDuQp_vz>PA?5QsIG8b;eeggk^z_W`&Y1(-8yz6LxA zywP>DTfp>G0ZP5;7vCzS13^k+9L$Ghob$EfI^y5SA=d;69f^bk$SKmH2AJ3^n;_ux zktx@Es>$#*b-uuRV`_3h{)fW~5QWF4EnGVpA_eXMY4{$=RxmSqHk=N(qtj&KP#$3f zh;OMSCNq!ZkFPAIrAp-dcFTbOU2Di?_*pefLW?{cnVpNy;&Uwd&E6wj5OAnrk`)unWG5eOMtjRHy&5CQQv zO=JVZJjXj35UQ|~Sl5X&Y4jT{h^a&-_j2r<{3h@+3Ix{BzmEi&B0V zA^eDT48s>tFPA~(`x?n}P)yJ%qL0xT_kV6h#i|$lkW08fD~B3UvxV8Qi-ij0O^-<4 z?qi0M67ECa)Rk8CK0qM3i*ZrSn(&w_7L4sK;sKIeU}W-`=EG{>NL)30j2KbAbJYyl~s_vBtibj zp7o;r`^&yRu+bvTht`DF==qUo7455Gp*HHvAE2UR>tL6}E``CF%(|P7tzZtRiN_@9 zDF-03l;A!QKWKE(s~BZGr>c};8* z@-7+EehI>{mtVi#SbUV<$N{P7zrVWVu-ebgZ3Br4I}*}~_j~=h^$py->J4FY%8E-S zuH~smf&{%t#AAUBP}D;{kAd$muNI|f5pmxV@O;Xt<_lOKr$IuZuW5$ySaj00&LH>@ zP5>|w6|wR&=t`E!*xWMBCfi=x&y2tLwC@ZRXbcE0Ov9r+TJ8guiVS10oJ~6zmn~q0 z!r7k|yn=ChPTn>f9}6cdSuO~k%{5RLQ|T$|#Zm6S(|{{zB(RHvC7<(k&Pxk8dA>Rn zd(47L=HOWvD7P@W)e~-7{1c7aYcB^p5~+~AKh7U~ zrpnDT`V7D04`a+lKCd6@0$D5H=ZXQ-iAJ z&!bL~ySi$d0+B!>ez`)}9=8&`@ZMtRJ%R<}1_khTUfMWQ6y4rv{^8V?jXct2$K2Z1 zNcC~A+zhauLh`12gVQIEt{AQ~MBL<$=jm+JYNBdObDFBKJNrM->y+tG;1G7#Iny38 zZwTy=cWW-_o=r<@R((ASib!uNna^Cp_<0v_?$(c>aCWb#xcR0o`)~`O-_u{)q9MZQ z8$acca7fpBGX`MFWDr7P*zPE>ez-=~&?lKTpQB((&*i<;>A2<;;)o}SD!RYqTrn*) zoET}ecANlJ!U^Cm4c=R@nH;6Rv?zUEIm%J4*w%(B4oSCaiS15|{|?b-{<_iEEp^72 z5-udCfOr_*)pD9@$$gbS4^cI{E5yxbx?%a z{#nHqLA0ymU}Gb@&qYKf7ACs)a)hL zgP%m=1&U`B=NEP^)VH78cHroe($VHr?ki)-ZlcA>N2n|?1P$uftfDl8GJ-5jE5(G5 zFc%|_Md(3hMK+m4Bq9bBW}(5ztaz~`gT=y@f>1|b1zk_K8X7&M4$-eovc_Z+E^wMaq)ulpr(8bZ5Qs&6v9Qpg&rT^+JW3af6e+30k6RY&=z6~`4mgpnjxXaPxMHVO6Qw$l8c8+GedMr zK&8*omgaxM#fp~tv`^cfi#!GHp@LnO?mVLC6tuBMAbp4>zzv~W!;?^L0g$|bthw*~ zDvZXI?r9Rpz4E`a;RtAD!sW6pz#TNm-})<3_z;qKLcUV>tu$bkAApk_)3 zUlv1pCGDSPfbyWm>m@mNFAj3G0t8RPV=;Wr!=1zg!wK}pCf`l^`-xy~ zaJ#IQ(R9|EGeMuEs6qPE1|$=Jc=5FG$KRX(bIFP@0${fxjniWQw4O%!1sJ@?gTHGY#A+|gyQ`BeI|>mtQ5=5u<$l1odfv3&`0rjEN;8wVKhqZW0^Go-Vxx0u1bM&rKn<=< zpgoKM6Sre;3hEQ+M3Of5rBFTfFt6a=--nNc5ft3j2ITzB*Y;Kos})-COTY#J`R(~a zfU!u*RarVMCsjB)#ePh`2~fk}6?NtikTM?w9Wb1L>~gpL^0V3B<9V9^A|m|fA+Cs* z50ppTf7`qY+#-NV_7^}H1M1ziw?ajJzrTSa1XRp7zi)qe0h%wc$bcrPat%dle`YEv zw_}hl-hS#y=7E@{x~1To;K)OSz-fIz(q|&M4N5~1 zHvyhEw|oTk`|3ju>1u%`5{f>J2%2n3KD`X><=i0=E*V@-`7{(YDZ zm|!Lz;8Purre*l^36!L=pn1(TV7rh3njx9IUIC^O^Y_Uq^SOYyG)NCj?pk*w)fG#F ztFc8Kf@%6Y=kv-!0mRYLuRi&6z+lgWP|F{-f|fK<+=}4)nF52&i98Id&Mtd9H)jp@_#28TosQ zG=P_alvcgRk~K&yGcoi_?ePt9?IFub z9jFf+0Mk(pRTXBH)}3TfKb}>b`#?Eps55Z94y=DQkV`S!Z&?uHsn&qksv11ds42;@ zy5s$EM-X&^`VB>x{{nAye$}-9c(&CgRlo-7bU`-ueW@^Kb^6yyjT~?eRs+rlcK6rg zdoNu{=r@HUa=!pppbWT+A1()2a)>TMEm%wr)+fgS?I|*C_VonJy)mev&5!I_^B!41 z{*=fa?+!zv=|lX$dHDeFAQHqy2xYfZ&t3_vw7Y?vU0C zV6O05c~K+n8Z7<`bS+}Oe>kcKb@+jKjSW*$*d@-(<@n4+8_=PE;p-CHYx%&VTG?GK z;kts{b7el@F;1XCF04dx708z4B_RF;#mqvMXBRtTnZ|(?;g0`mx!O$q1*2eQ;K`HA zdX5GHIeX4r0Tu1X67bz!H4bSvyWRD~c6LFR6LFoOn-#Vi(Q9!6N-!vF=hPf{v{YCP zg!^%jKcqQ&u4$bE@stQYkkC^6c1+r!%;;u()gD-MK{pPU-`zOCHhMyfG;jgWGEMVh zzNnE1SvzYA*#1`8wxO-B(RXK}#kF{eI+Tcn<14U}>zva02@-SPrY;U@E(7HV=cCkt zh;D^QYDcq?uRzce!-?Wfo+QeTLCytW25Bdr1kDz}9@-U2!D0>d$^lJ;#++(riEA!s zW=J?bo&?Q=UIs4n)dT>Z)Fme#B(pgDzHxaAk&r-kNgW4>z<%0YKBiq@4C?t zAoEvWw+Q?Q5_5KdloN-Mog3KQfI7Rx3fDh3Hhrd>vuJ6_FmJGnt+0l5K+}B!hFnUF1|Jok(CcT^i{2&vP~yUolwPNw*@1?l zHYkp-2aimgTy4&qGK)*tnscRM4G^>2GOx-UpSf0^YCY_ZXZ`Bn1NEl@b{fc9y8rD- zV!Z&dqakQ%w8Cux^k2KyN^u>rL9!MbQ>d^tdSyO2TI%vES`!-beMq$~7xg;AHwXGl zwutw$Oud8F>KLF^Cnt0QPsrSL?Q(#P88r8sn8z^eaLD*5fEltuOx>{rD5#A^mbmhB zJMxANahYF_zztO&PG4L!ZBoXr%s2scT^QU1wBNHKZcV6lJ?3%@O+BvGb~4vTg32S%zByC zn^mAydMV7OzoGq_xSI~5XVM>(EnK#jL=t3d3SOZ<@BRRxIhXlcad3*|_8VXQ*s371 zJ^m@s#s^5hD2DPRpxdGNW}^u)KWilV7&2*A7qq}RFduPJ?xr$9bu+bdhfv;6$Fks_ z$fc%8KbCW=zd+8u_E=+=j)Yze>(aq>YjrpNVv|Sy0ysW(-i7#vSgNGc>T}gc1~T(_ zX$xhnM!rb*23{3!&%PXmX;+@3q{qz*d#72&ED*VveV1CAM?s4WpBXMW864pgPjN1a z+srpH?IupQMV7bI>9?A0bEB}Nt5=rK5X^!d#>2}GtqNU`c9c}7oBw_=)Kx~LugA!pZr3Q7Wfv^A zIZ=2o?Hlv_v%u9i;=KU^6NN)3+$x7$IM8SS1yVF+MlF9%*b{_h6??MYnYu4a0&^}& z!XVx%&cx7KZpXl=#vYZE3J>bOgtjj|nY*ZO?AguLrlhG&_yZ8~lf_ax6W|%G z?5q$;IB|Y|Ci&}rAJ;}h9+c{6yqx5!nRT{1XSK?zW#vfI`JdVL{lH1HVt~UUO}!^Q zbsAeg4mK)xFkW)vW=F5kvpHXzV4*HKfqw%g<0fQEBr+T@*z5HxR>9x&{_z3`+kFMr zWvQ(LKu5~7bx)n=jvrCV8Q$a6PprLlIyhCRLxJXDG#&qKoVaY%)Xyg^<_jt6>DOm; z8kSbWYWK&ibVQ??a%fO}B3-RNbpttk2ZpO+)4A&xp33?;GD#kbe5;XZydm0Z9+L`t zTJ+;@l|FMH=Hej?x|Wr0S>DQePEc};wne`OTV<6=JnGg85CqQS-Q9p*F$Oq(C)T5FZgiZkXqo?6Ai zxUDl}PvQ%cQ(7u@R}6l}FJAz?ZGKU}^L!k&8gpUtMgGC>mzigc4QnHfoY8Zs<<<#w z(Zef_rw+m?j@y@Z-gJT z6`>70F*MyCYwdiV6Idq$`bu`e5b;%?6OfhKFI1uY^CJbkS*HdrQu$Yto$CdBCN2?V zMBhr)?1q`%$Eg{l37ErL-FM{*;a_b*H@TP7rA`m#ATg*u^(>p5!oU;nBgXHm*$=cc z3xsLREOn!6Tqj~dXPrnwOvCElA%Ig8gTVb$Xwu)kv`JI%u_9fO^GlHHJ9b_G*e zePzEZ&-P_q6>|_N_=ImX5xb~;?M9#;I?2M#hu$J=N|z0t>(xoEMc7I9SITHNUOXQr zrjqfeF#vLb7tb1&ZW>Gj^>7RsjvaRsX@$)-pK$83*RrNI>y!HdC$H`wzf;wAA&#C) z@`}_`a+vj)wXL`x%;3=#%acfWd5n=ehMt$rexDk+us|rLq4~i!=7@gJKq1g3Vw9Rm zHx-fhcEtQ{F((ZQ!|FKaK}(7}Qjuf39bDPpMu>h1XU6q=6gnp}rX>)zGnn{ON$OvM zMKXDAap4tFn5r{M)F0(G_e&>&_2!0DYG5`C&!Y>NWbY9MOY$}&%1U1%q7J? zrGx`rPqlzmK=y;E2VEK_^h5P7JxzwSjUVSmE>hv7*m#Gs(Q@#@tk5?R=~ll8+JlXD zMs|gQqIe!0$XNqh?4z>E!a!-Ms zBr)?kQ)sL|xwFTCK`q%hC6}pjYJtB3S+%7O*Yn2mr0NK`3Jgrh##v46B6qYTV*D&9plM zi1MD@pHJl_RY#-jlhW=+qcJex_j9(mvg{v5R_Odxo}}-bkDkxesEW!}aaIz~f`l8u z#wl4C1Q7^OeH#pONWZZOz$r38MJJrQ1fH&_RX+Pg(};Zjt=AFi zy|&{c^6#k*+Ifux+C>e2(U|v*mwmmWzi&lFBeyI5ET37t8*A(uE@gwvSEm>AREV`; zC2G)avJnsSwmZQ@9m5dEGgYekrpc zjAm)}o6FFC#W5q)xBo@S(VuE}I~&l-Ko>aOLwnjF5wG&4$zk~3qumSU&w7H=J@n(w zdx|jjCp}hMKC@)L%0G`^7YyuIIoARQZN&L3J*s;vU8 zw%!?5{W&AB!T#OhIR~lq^3nVP(&iV`#$vpAUFwexaR>L3p3zA1H=!HRO4#}6Cc`I| zZ67Mw4j%WnFX=XRq|kMu@AOsbE@##@%?C@VMh|zRGvaD;+?ScVnF|;9-3x@e$KB3f z@G5ZHShyfDyECMgkkVhBwd4=rESY(iF&hn3JV*QmQ4@PR< z{&-PX@YywmVPj{u*8G)A4D&|)?1Gez(wlv@rgvh4IO4Ai8wa@cu4t2@!iihU)YV_` z_6Zw%WZjp=z0)Ownn^UJKeZn~0aI{}R)iiL!iqpX2QD{x?(g%w13v_v(R!5{tz_fc z8&q8opj+o{S`=WXJU80ler~$Vfx#cc zOE|?LW*r{;*mih;ZL%-YedCz5b2j!t{QJ45k@(_T)Sl2fn_-;jyueonh7EQx+)Y(0 zS*Wi>eu`9&SO=b@yaRM*c#J={o5hnQRo$@pBlyBz&XZtywZUOE2B6$pMY-P&_*8B65=v>UaazpHk92Z&$ zZ5+_mASQq=nU>%>Y$moa=5DL3=MeD}%&ivdWkgfHTZ9Li1 zp`J2oC#MkKx`l(EHl~XY77>wKh;Vz|dslX2TVTMmae`_#dRVnhUX9H)+<%ayWU_IW zR;j%~9bv|%y3&Mr@X^zmC_4>iKysc&0KQooH7* zlKC&Fl*SDLu88;y!V%R4VyBFl0|G6FPMqalBWPkQ{1ofDDNj9RobW)W_(QGhJTOH} z@wemAM~{4=`qr)nYI}6hAu3|eSsvE&_M$}@xyb7Uvx{)44R(<}3-f$+E0v$XY_ft; zUgmR}x{-3H+5NmQ4b$Rjn|XG{C7kmjYJYF)ZGyn?00 zaTQ-qG~X$o8FPL}c;_kTX1snZfZWq4q z(qkVcXy z(GjME3af(wmZg~KM)`vI=;!TxjT5wAA6?}h6vlnSV4~{Ynfd{C1R_&)c&!v*y!m*o zY3utGzitQdDEcmOTGs=@kmc(;KpKDm#^$2qewocW@+J)xeCn!NwjGs{#Yn){8{yr6 zG0yU_bz+pyC@vG2&1jX63$uGD#=XkII!D;>p3js9F8WgcNu;xWdu5w!xTFK{jjucC z&dMobDV?*$yrU7;3gM_QsaO#`=`dhU{QqaKnza?_j{Y9|Kb2QQw^^din0OaM2iybh36FwS`5^+@VuTRs`rzg=0d{4gAqMfQ;}!zy$cGiWL!q8SLeinJro!4RuL0C+{l** zL0KXl%h9LdY?Ufhr)MoCF;QktSa`vi_BXToWe@VAQ0Tu}&WuPQD+(BPZ$ zcrIC~z^B?C^B@+%Z;Yt$$h(j|JE@W+TS`lIE(1kf@>VP8_`sDCtF3Aj`y=YpGQ(N zVy-`GMcZ%FW7+^aco+0xFM3R#Czd3)8KyVHnX%5bML+Pa>^5^rPFCAK91%0_JNEic z$ij6=3t26eyfxEK?iNdON>|_0?xFEJERFKYTvmX($UU<1XvM`C^G{+CgPR=4 zw`EcsvB2!YRcf|M{oRhTVrol=>tf1EL^Iq!Mh=DN7$n2b5-HRFkeM@=K6-VhDNNFu zd3^IE_}qr__Jr1XP1y|+R?1Qfc@+V_9!6fyklvOD#&*ksR;#A7?{I*`{T__s&e}K? z&So9w89CV++JObF7gU~qy~i1ni0*g>N9jtiyb_u6#N1()N%8f80XQEU{8r>47a4Ls=yZtx<4sz{_4Ehx zp@Cc824jSvzVjgo$jSu_;9YZJ*%mjV|HMN+&e9@aLU&hCbIfw`*Gq z6MZ;l)~xI_l2_;L0^-EYrc!+RpswY~eJSk+#H@l2wW0%8fSZ+1peO->`28$G&O<9q zv0}7;*I`6h6aVoR({QxdLMpp1mc3yL0aJc1&@4`#G4DVYPDG%sPSo(wM;3jt|7*B? z*%Q(mp1K<6HSv^Pu}ah7nSI%EGU1_h0wLilex|9L=LIw%8O;a92K1@iI`1wk`g| zoDCpF#rE1?sZYu09rr_6)+BOzkPwDPa1I=ZpKG2lro)W}_slPCo89Z6tyZUX?6?PP zy^qSoIf|ASSsyqqYCWg*QrbmCUi95wKv-X&RKsR*Wknr&fdMy7lzTao7TcU=9^Sr;8ni+kX^isn1a)TrR&&!95!se!?G-wD10#wwK%zVH>HONL(BWqY-nvHLq3xu4S)6UbL+u#!BQA?o6Zy)3+ThW|Ax7c|z zT2p)oxmr2Tx)I}tWoi!>y)+P2#zU1H`E9$fhO)QauvJ)LA$-zJoiR_Lk3E^-v~~`UFfhXzo@VkdMhFx+*L@qWgtlqp1+C`?$Xy;Rg3(mzSNp}#m3uI-n zu!e?J#bmLNuh1C8G?}WGPqFZ{lhXG2*~R(vu#pc)a`hQcBTT7G+y^469^Y*$;~+hl zE2UW*%8pw9?%5DW-2k-(iT+&kY%e=rz>0m&=#<^!z@=7mp92J?aLTdusj`>|ab-FY zI#z~K6*A)?uhpWNEMK4`h4IsuclviVV3|)pIrI;n=0V_PTgAz;OSv3qr_U^!OJT^E zgb|D}-6VsI^Dv94AH0#x>)*|luv|ejiXS5yG*WH1Td>Q29wRu^P7{n`X-_H-LZeQF zVxz)TW)W}^VPYips=TtEAVNo7prcbo4awHArn1iEORubsOheq4IL#86w)x{f1dP^dsGrvA!@1b8HsYs>RX(epOHNKZzh%m`Pwq)B7UWoo0I;~_t zYP3CwkBDMM?W8IylLqc=rr|w;650lD2Gh;j1s%Id2ar04lztDny|`G%BiljLF!Q~) zn!_gan-%AQu@xN?%7?F&L>WHI8%ORh&e$WX%rziH7xnINqFf3_^I_iWa+0f{Qt{rx ztgLG-Ta8#bl>p8t_deFa)5|NrKLCNj>Kp_eMiAo3#a4)D2h)wkg*D+?`9h6wdRZ@= zxV7Um6A>R}W>%QOfFXg`geXb2t1<4tV%X2Fv6+gE|C8_bS;tSO+eypcomrH_u7$6q z7y470Qhbn~q7x}n{wf=ALB9I}_-TqVM%jxGzHU)$aqt+-ZJeH>oMIhNmCD{FALu=Z z^5nR0cle!G_Ifyrb=1Pc!L1)OuUL<)-NV1qH$M#fb#)~CpM7x*nN%dORn5invpYvt z@m<|%uwy0V)RxJRX+*y6fMJ>4)laoN(H^wdX-a2P?14vX82J!ykOdBLz|ykJJE&*H z0|x9?8x0W5t4@Wqr~n<-@KB|NW0s)7!*r4syYqc%u0QY@GN0c*W3|(+E^<1NHDPbQ zRAn|kX!B#FI{r{<>)KukKSHr8k@MrDvLe*x)SsL@ zS-zFap%_nne35q5*sq6!zy$=qwaLAU_c&e+o8kpI9S^-vN$6T4`JD;^Sg4(y51z*1*mO+4%p0llW2 z3-uom3}Q7pf=B=OYUw4#Fo1JO;FY&A65iRVw8FK#wGA5mBtnb>p1n4*Ghu(8cPaxx z6$5Ib7Bi5DR`JaXnUywkTGr&Kf91rM?ce6S_4amON3na8kneT0dOzjW@WYOpBimtf z$7Q$uVBDFHS)Ma9muf=3KWwa8in1%tWZEx029Z~(mBq@oSkbdDQ&Ie?@+w;w+Nva0 zgovZ|l#RJQGgSuFetEky$g5OJ#pCp2?(Ax<%ae~lIA;2!T7PN4vtuIkOEj7#(W2(v z7g{W@aMaB5#-W2&y=}yT$n2*JQ%YplFS_q!O>=i|)UK^awtUxqdnv{7_%Y+nZHfBF z%b&lvN2k>17TWz87Daf0Vs3SQ_&Mp`v)O$O`sztsDQuTtEn`6W?xkJ4EiY9C#kCgLU`4aYn?$D6{VK;esAR$eH{ypEIP9+$F9@kx}( zGIdvV!fEl0pIj))A$?hO!@0Lg&EP!{_anx$eWK6@Bd;u4o<UbtM>5C>`uq;#IFcG)lHxWY^9jd5@4 z3pGx@lqE~Bpo-LmV`3-hP1m$^lGwfQTnkaTx`TnCpKtGe`(VYCK3z_}Ci6N;2uqhS z%5~+nYK1KP+7&$7rSDMj+#^u>k8ioq_-XNF=9LI0LV$|)GK>)mdYV$lof;xc^; zuPwXLzWo9+ANt5IXe#N=?#*Z#dNtQE#F?IhbF3<_KU|Y|uO5=d7#v-%P+*U)=CE+UkQI#lww^Pm}74*VX*>dYj*TneP~ z^+1p!3^@qhw3Lm@SqOyFHd4ls6OamqwtkRk30oaV7vo9dg3HZ?uMQ=d_sGG-mQ=aV z6StkJQ^hM5BNzMHzG@q@SQ9%uXpb&Ga+1prjoay%x1sZD%20sOv{PRGnJuN9%Pf;8 z&1>xuqHIq;KLvg?tlhZRiJeI|soNO-k-!-%BN4o-r1#@sgA+!7cye;kBAK1%3`2B? zJv=5g3vGOmNI3p~vG<-~O|?<9Af3=d6OfkBdzB_VL*sN(X@;2m}Izj(~zv zMJyEQ0s_*TO0iHvuY%G8QWTK;M*Z&GxzGHVdFJQLFM~Nb=e&LIwfA1DGA8-_>dR+o zR%xnaaw(923aX*1GnNV9oQ{Rg2lvFb5$W`FHztlTpHvBbs{lkH6r#c=ybV=$m4cD% z^9GXw=gD|S;X^m8XQ1W9>yec`*%1R)q!7Mlt}=hfdAr_*VFCSZF8KL3Dv5!4z?-am zK7MX)`lVjRN46}+GncG+-bXtKra;_#m_^R-AJcD91^nbzT;_JrfM_dnsQq*aux|t@ z05ph-#$S+oJ-v@zJX=8i6r4(Y7Zhr?p8lTaCid=PQgo7!Q0U9Y@!aojiW}eswVN5U z4A~yldar(mr-~G_dfe6hZ%?>O22AuTe6XmzS<-3>$2M_dtB7xi7?|j~=`6@jL!0Zg zs3oYVJ`fmK9GZC>LRqZ`&mfH?o`>N%RNv;^=XRn|S-O3#55h49pTv^simQ$%Qt@F^ z=dNF+?m_{I40O(dEn3Uha$;q{Q&|pb-6yg{zD19W@lCHFAt8t7D*HN(&}#-j$spWV z<*v~o$~p2#sGvFnCY*7Zyxr9UYQIcu=fF9X9j?>BZf4WQ4PPw8;2kNke5zfE>D+F* zii?i*9EJNJn}TeMdJoE)dL9y%Gm>rVsw)+3d$YV)unN}DnA^rw{hnU25YtkXyO>xCns~^OLJM_Wm}h^t~Q-c7L&^O6L?y z*gDnxcYgs1F}>wdW=swwE7mj~tL@jXVb+1BHS*|6eNsQE-+p&Rw^4OtT9!7@08au7REuh2{<8FlN%##E zrKSLo*bs;w8q}nQfa+Ru@5ET{?jlBSdNM5Oc81G(3j;L+u^p4f0YaDBKYE*qer3gZ zVf!V@6rTgHNkw=tF{?Mrgk6i+73>$af-(&|m*>c8vA~43*-hAm{rLoX)HRCN$=*<8 zT1L!Ut>UVjA;J0+vv|BhlpBVtR|WAhoh79|<>&b)FOq@&Z?az6V57n7yewX_2MF%v z#4$2eoo|dxTOU6rxW^a`v7#uLR>dav*X+Fh}@a27DII8r5MqzEbhzf2Zg93y*dOi0vz|Orw@1Ta?S0HX)baN{EKRP130J zOa2=c7!6@qQq6SfU1eeLD-abWBGK+9A`^!o<_QSA<4;l zJELJVsT2npfC<$kXoti~SS^a%%!_>?c0X63nsne0a>3D+6-{gs?Is`CEZxH2&;Et` zPHz($+AgmnLfa8-ERVqAh*RSD!h<^U1X8~vsRYi3sv%=!;k2+5jZB+3raq||9xR7y z7gp{U3A0y3M@Sn7Cz~LSoPh#oqO6q0VvVw`v^LmRi9!xo;Wqfnd3Aj@`WSXHPNYPhL04sZ=qO2H zw(Q)eL>l*+#$Qx7Tm@MQjAr-#^9U4Rsc|BXN@w6&$}~&)#teZ`aIUVbU0#hP;uJ`1Ej$@xtYry9 zXJErTokL#d4;w3CcjAZOHK6dVTC=c=oZDi!QAXEpBk^9y-s%ki`rmt?)xAsZ z1tD*CM^%1HuMzCe#M^=bY)3i=*N%pTJtXd7MSfOalZf`Ys)smRVNBBQB`gFhl^6SX zl+#@{R|MYwQHMC#0+R3i)~R%f&JThZ^nwo-U(z;~W9xcF6J*a>X6v!Oq6M+;$|!pmco@z8j{-rW1GX^oLl1s z{ru=mT$;gsQ}zFbmxB)s?-Nns_2b-1wm^1xLQd0MDA7_%M=*u16kk+sP#;lOa>tc( z0*SLa%H#9T4?U4NN@%3^$78Pebi-A+7>;}yrnHn`>k;V2sLkaQBcfF+3ZcQW73CcI z2TqA%?m><6#mf4ER^Z90_Q+WKS0B85b5tX(*akFPx)9(qdCqJ3x zqxc@();({n$2FD1vrPWUAkDsuLbV$gJA^ImjY3$ z;18A67-WBt)aC5yx`zJ>Xl~?EsR0<~qC8(d`nQKR_=gdti%F8f;m2H=W4#GIZ(yS= zc9|}H{9BZ*L7&>2U#^syr>u3<~RJ`zCr4F=$+X9XU5PIklT-}ODU&^aEf;Z12zvntgI^wX*yfv z%)%`fB7@KiaL4b@J9krQTb6SW}x-R(d%d1c%+3rm_rHm@@#JtcrD zcB-D;La_S6=^J$K?ll&_$M_A)*BhB@R(c|r zk`oN5;mR0xU-_$2zgBL-5f2(l&P{f-+skF_hE}7RY_{}&Q?92sM=DMJzFo3apZD{1 zufj;hz{nMja>rNJ-PiRLhZWC#ak`Wh28t(TF?#=3 z@@vhC`=#Z)V8?h>aQ8odN)8Fj6+ur`e;6>-UQ&ukgr3sN!n}#b0@6g)^djIr5ayjs zmPVg@BK1+e+&-Q(953N=@5HZvd40+5%#N2&?ro`GMw#=f=|59j+bd+Q%-mhtNOMT# z;)S|+DZF<@L;M1KcS^=>_TN3|E*^!ioy*)U;_bTKxaMg#5GT7$8>g*~c9UAk8>(wa z%d(MN%Ezx2zPXr17pvUM;GP!>TY@gUcPtNFj*-w+9lIG~+xqzt=WxS>s;K_A58lJO zLknAJhw2~h%y`K7Xp>kZzOWX4RQI4v*u>O&=||3gAmBO3FiXolw zudK_{fXfZ^T1r_Xj>*Fcb)rQjZO!*`z8!*?u`n zLH+v_F>KyvoQ2eAq=|pZz`nX%yp(t!$7q`DBm68SsItF*rya(pM;D(&h1KG znnS0iM^R4hUP+A-7CooaB@1xe=-WpGKh zEL$-zHEH7(B6 zXRbqa;DG+b*wP+#bo;K7`U_h3=%0XjRO0KwRZy$(d7`56^qheH5Brk;hM9}sI95@>n&<3uf2=j3U5J^! z(&d z4GMP1BGkTt??RIgk?T9OdW!IuSdLK@&ju}cEfoVlJHNpdm9H78!CXW1MZDH<7fbu& z&X`A{p}vKMGkZCyYP}AGS12?hqNZik|<3^CJ1!sc$0_m7j|;_U~aXL zixyf5k&@|f*FSA$>nEMu4#R^1MQ|{hvDt_ERx-Bg_y`{1G0&QtLNmATwLNwUZQd%o z!N&SK5ASNYwVWYph6pLk1w38RzR#`;gV4UAyJlM9bMgNzgW%;W5RxnhD9=@^ez-K$ zQCGu`6-y(40XEZ|CMwVk{sM1Bv16=d3Wu(r*QtYlNL>W!>oLF#+M!~0>}7L`@finX zsHN2{i^NY11Iu#Rt4Q^AsWx<|IXZ!-=nZ&wAQxkGwJG3fzE7k8v5k&>KTRZ!l~eDG z^YRHt;IZB|1#wj0$m?)6!PH}fdN}mT;Utx3u!b>_(6AeX-gK36VBv5YWBzri-Tn6RFyns_%ah6?0 z%55wtXm7)X@I)|LcIo{hX*E3*7vx!|b%Zb$S*Z7;QBK6=H(W@7Omy;X{@6AZhSSxa(VxdJi$o*tU`xS`dFCDJ? z_Av_Cp|fgb2?InvK0^{~luuS>1yKga>Q844W(+-+*D4yf#K|1Rj`lXEtqYN-7pVW7 zz7bFn76K@L982J=u?Rk!W1yp$s~ZYbD$oKoo%(3VJTZ1i?j!w@8z|AcY@k9vhGzhk zAFLBX$S$he$Izyl)TgBM%CO@J9pmlf%FeaLZC8jzWJIsy6)An#c&fDKddjzmIl-DC z{)f0v(K#!Hr^=z?^uA90>qQ}MMq)PYlT|4zT{SaOc}&7}JkDTvkdrmH zj{t|(n-`=ES!@^s2^ps&#`364jAHZLYptx$3`NrnhDR&kM;(QBUFtcB=NAur1Q5w- zgu;KKe=rbhFf)L=Idab)u5UV?;`>5;Cxc}*Tx9Q`Th1D#<#|Cb zt>_uEU@EGQdF3MPc8)DpPmC<~FdRccUie{C+Kx(>-BAP-bkzVFXz}B0V|obJ;(ljm zj(vefks|B6n4(X=!STVV#*k`6AH8Vk5TqfcA+2_Poua1n1XL+ve4*E34zVI3N~5%}SqW+84Sckyyvo`}Y??tYO;z+q#*1I!!JDFJ0|Z&S zc%72!{QAQe)x3qtuZgO@8ZbW5fSPsjKMBogYFmssfhOScjq@8)Ji6HGD4Yj*Q4djJ znS*AL#&~%XDSaE<+#AQTGEucilqkggjtQcVBTuLG!Qfjt^^kqq`M4?&5mw*n<98fD zvt=3Nsi_PnkgGe--P3R3$7#mhlh8-?Ld{T&khlIrmrOHY0&bIIX(0;GuFdGUXui6+ z+0dSlfu<-!M%^+78T}aK8xifkxs9?b8HXV~jUSe#6I-8tzGwet&hSR-s#FtzB(qNW z6ioj5Utp%cVG-mSzA?szc>jnA32|kGt*?9eU5u1T$|~Yhd`bBPejGh*fj~lDpfeC> zAYbQIu*y74x&lj?t}wAwaV)FvK`{{Sh(U#QWGZ_ja5Sn*YMHdwzB?pT7_J=&By^`& zd(pg*to?$Ax^WYI-=9BIJ3k}EQ~X#> z@X1zEHiDC7sT4Dsf6v5bK!R!h1FCrL2wO7x6=kL*DM-1zNpr?sOM+ zy|uy2!qbYQUcH?QUYz~0=6HRoKicPO?v=c_`8OWOxK>w;%gr4xzW%neO)|^oDClzL zU>HwY)@qYwVUh8vPBHJl?&l=KE?$Xg?n?iF1i3Ic?j!~y;jNR{Ik+P3#{Tr(K@1Gp zT)Akd+7%z-*vno`e*gI#D{P9okV2OKOg@SBjm$^0jMs?gzxqg$R}*u@2vjAkcA&#+ z%o0-PVUozm$zl7>O7shX@*#zGXy;*@;+~34avK_>{c>%hbrE8G*aL;6tPJB-aul)-CE`;sSR9OeDjfdZEp`Mq zW+YHUmI~Uw{voRp+yBeb@^cE7TbQA9?R=7zyeQ&xt49e7>?zT*6%1pmnlz3 zEd_PXG??r-)P&2cr|JDv!=vOaR<&6C)m{(k2pU9B_?DwBHr#7g|DkyyW{XqPY++Uq zViG=7=_$1Je73DSn>7KI zVANFp2O;-h#gi`@CyT|7$v>ikNK7*6EqeMH{QEDwb7}t3Yv_XO=q!-?uKM7lQdYB; zbY^`peg$yp!bRB2^xYXBMB=9)oU{lp2vWJAZFJ9?6GT1Dyr|P zly%Q@vY_<)o_09id9Y6KNO|Pd;eXvrM8R!WZV}v#;TQpW~>c|i> ze2hWe^E!a5HX`+G8Ao@!V~AYIpi?2M1hA#=bgN4&WJy26CqUv2 zZNppPGyL?GNWE_9*NMd2v`b5keYIU2Gx+O8VoP7=-hW+98@Vwt3yP^(%ku<Xv**60gcqyn z>Fdvhh}ee;+C29GMro|hO6`X&=-Jc|vJOyWYb~fxaFRYUZ1|130N!!<3ktg&z>c7p zcmpI3C<3LVk6t@v)MG~rxlb6R^KRts3IN+Oke#204|#?UGx@F0Ix-Ur^6AS_Jecy= zZlCxPb9aDZ2f1uCd#RL_(_m6DMFI&xn+j#3DE@5+(OLkbf{IvNnaj@MC&+ZUliuK_QB70{80!ugsk zIK5LpkMdC_jU1zp?!NB+inWnj(Zdo_#aAYFM$jehlEAjksCP$A9w3L9`>Gvk47I^N z2h=NKs4EMK$5RG?+A=eXGWIwY#QnN5R7j)Pgda`6mAeL}mFfR!T7d?{%LUm9uYuH* z0{CZWP)9Os7zAiYNGsYveLu4r84E;pMY1ty%L@q1hQju-Q2NAhkdZeEswenW?*ep9 z88BbW&7I7J#xehTjHH@j8EoPT#5vY|y2u$_1v}TLpZ6mJDs-{oVaU0cO(^^VlqUv? z(1MjKUy96xY$b)nsdcI%sD|{^7$&~X9k-!Lqi~M^8wsP>^5VNv;t|v*LW0p9p-&Ni zl8+EDdoXL3XvW{W2hB7GYtw4=9|1;NAh+zi4K)|mS8meQ9R+fCXY&LFs7-tp;)G)q zp$d@nmU~Arq#HTp@QgT}B@_$nWK%Tm)R6tmivD(@4^Omdx(K|P2H!OVlswNg^P-GR zb47!{KCnpKmc~%>aMLgOA95Q}-t*^VTflI>fx-#A8rvN|Hm6lFF0z^(pBso^JW3>A z?N5JMppv1rpqPR$$FqI6bHHw{(~4{Q+f|M&ASQ7GXH~=UXA38;$@wZ;Ol81*r-JIq z&S8#>SfA#zODQ~PB)>i|GvYOf;WsLL~Xv?mh7U>OCz`>-c*r}AV-^a-fBv0rK6`8 z{SgJUs5&L>>|PGNVL?*+KT83uC=?7-yPANJrgT-#JME#+O1l-uL?~cK)|uWLv)6FYoQv z6}5aLg6{$aHQCmNC?8F%T@ndzQ1TOwf|n?CZq%xrG3b%35brUQx*){*R+q0 z%`F-@5+h%l6#wtrJh0o9(=$&nTOjHOJ>R44uO>ClGMGBo4f_$V21gkxe_7xY%&s%H zfD8lcIIWTI<;uUjG#7A$igK9UD&XL23ub8M48V_l$0B7Wd!TFU`d|K$S2PidXa`)lSb(S!Gzax8xM=T+W- zrwe4dl}P?G^=^Y7#!sl7C7`UV1l105PJ6RI5Wo3Z!uEXAcfbOe9H!dfJ7`K6x-_FZBX$35HCAx(g&XvA7YP>|M*|_MGyk#$ z&1u0`tj@O$frWu)(gBa|qJ2L9?>#pN@2MVm_iyJK5#BSdeB#Vs!>JHaz=C`SC?&iI zJlO=Am^#4WLUGIk2ymMKMN#LFzW6Jaupm$%6w_J(Fspq)2s=SIPRuRGRvZY*p#;Ik zliAagd`ZBKr5LbkZta>Iu%l4~_^f&eQau}!^+OF61P-L@^(uG$0vlnnH6h*YTxkh!(PpppqQ<6k1=1V9wC!78kUimzde>gM)C}%zdVrbN{|a8 z5OLRieP}%al+Qb_J|fV{o@{uB*8rLMG1xSOE$pQxP<%R?-U_o|QWWWe!OejNU$SRq zI|apkHNb@v*=K$8(T$ynlh)IdEv>B6?O08hDTb~e1yS_XAhAk%(RCq=aQxKn=byV} z3RN2b6_qbH2xMk;fINHxP{ckkIkB;b@6D#q1W9pXWv5cMjsI7z0+LFykaRkwsgHi@ zLk7K)CTXIkCBkHX=8s^CmME462XU`rBLHEFD z&W?ifwPXk<7*u!wxNjx^zszlU*Fjom9AHeMBT)!F-2NB{*yTH~hz$`$Nk>7`GEO8c zD`Ajgf-pUh{d5lh^(8;@$DF3I@Wb8g1ayNOh2KhP}7Pf9L* zP;2KTg@@NC=dRcj6q5h}tuoFL)UdVFq*3#R1rg4nVN*Qy4_hR<(*Tj(&p$mD#wBV1gFWErgZ*!& zQDkp2cV`VD0fv1I2>WI+Wdf~u%6^*|D$3fwfoy$W?&wXXh_BpkVZk_Y-OkO&PQI!KMueZP{5mg(h-LE%;Uv zYu&5&26+Zw1~U(;K|!#h*HnYn_P9%1x?Ynn{^tVY*AoYNl$d1&0nE;Ft}d$n08)=y zk*|Sxnh=1ry&bjyXB`DCs?{DG^xIMgYhy!zByJ>@bEFq@P1|^{RHu& zM%!h*ajo33p7XOdCm{T{f)ONS>i`{60J`7=WCSu`*i8RO7z04P! zl{wufigVdawbz{nnq6nGOpA8`qkWPO4~DX9=tvt1(}J=>uT3DK0UHwvP$}dH&}-w? zeL=$_gYUSawxQkAjt71yeOEr7kHmC7N;xWY2&77)G%DdsDPgEH+C)@IZ_hZ;52|j| zn!)0*HJ~|)bLedXOPbE?bW>2pSxy)E%@r_3b=|{3^cm7dx9~yDN*bh~E(Hrs3G0lB4q309q!uqrWnyc-2(=sKb9orXs8k%El3Cfso~c|* zHw1O(0I>{?%Rn8#16S#&7ef4;90wi!P5_se(GDpqo9@!L zGL_5H_kV`9jpArh;E`nBaK~WmxzRnLY!9XuQp=P%Y#*7w2l+z{qn@E0OUlsj&q7-Q z8%iEHnHRHwGgc+qEa~5AFUxN%R!D}3w~PoyC_{;%cLSfojX>GYxn^2uxn-MH4^V%2 zqm>8COO=IC@sLq3g@PQ$_9kK~Ckr0aj!kg^9wstvz=MAQNB2TYcO1TKrN)nD{IA`!rGwFqG8x&B|>0asSU6z@^fXf!F(f8#gmjXN5?d z6xC=hWYpbCxAoLL2AeQPpURM2kY>#ibC5}7MEha z%L_<(d2yY;+Hw|u_&JHchubgTi(6oYro5lZW^v)9K?JyhW|7b?#T;^k!1iXy{K5Bi zrV4Q~=6hA+ZCT?U4rb_mtKQlVcS$sn9J@peUFzBN9xPpJAIL?wc%8^4@D#E<%~dR; z(ku0=rULq_k$HLlET1$)fjKg6Ynb^uSyfB{L2v;`iwtW?LCK)E5RR~GSa!`r8ojUn z&HQQ%ph$Jz78(d)BqQS^hHFE$&cnAbx4OyaJ6xgeSji#yIVd%j1RGQm2HU@~yjUse z&1n)zNi6qWa3oodkA#E_?*Z6GA#skGXQfGYwT3Hcw&oo{F`13Z_%9%o93`T6Ca}7F zgr<7ej}6Sj9-6NzdC60PBakFJsvKY;ezFwWNVexoDgy+!&&&d#>pVi-(>) zBuDv2Z=4EY%y11N#35>isW+&%h*5%6;an}`kGd7@Lg`>k@aDvX^H{wuS!aV-8h2c0 zN6AqKwp;7?;P4S@6QYP!jK<@`<`m+{r@+C%i%7BDMg4dgyMnFM!jL#=<|%nT=H^|Rn|YgQz)op# zIJg~@=jv>N;B85^ib|BX+8(Zc{uVZxt>}6E#VG?A60&@re@31uVMwU5syPRwgj5?^ zoEeA(HMpFjWgI9qg!Het!11>7Si_a!bg)3XiG3mGRQtIKW7~Y5 zllvt@+szQC>#4hH9sE}{Q(NyWz1Incd1HQ5@-w`f7Z!DZrT!rHrKIT-6u{!EoQLv9 z;+S;dP2EswtfsT@IZ6rWbqB84t8am=6bL*p^JtRpJf=Z(Q75H!|6>JlOe4^7KrhqM zEYQqHv55s2OveEYYTcrcippmp`juCkX}Ay42Y*+IwC{Fosw^ZaLa4^o(}pry>*!D527d}4^&9L_Z<=?!*>^D`0#C?vtfwSN($YRBq>~pq z;H2XbVR+n+nf1v`67fCaJN!JLB>K`%P=EW!vzp7FNn?|$q-Plc@aYcibI|S+nx(;C zM1uUjU6*_FzK-fuvTaR@AVJgzmKPoZ53MM_P*_wBSq=W@R&bE%>t$4~(Z@L{<>b0i zBS{t-LA9wx_njB~&$?o268h;C=C4AT5Dy@%k;X;Lf>1+*JfzpLm&b3gCdU=s1yW}z zFk!GOp%#i)HL*!|3cKPokYp(gj;@Ju+?EK-g$1QF?d|ceU#DoY4%yRGKUBTINf52F`5S`r!tA7_+-?hfL z+|>+!o%-v}p|aJb46VD2e0EUo^=tlp8d71TY)A%12yvGe%Q9eHpP67e=)8i;c_CD% zX{VrO0=bARnarqrL`otem6P7K)=uXJ4JIQZk4(~ySzq*BuwinK@aJx!XH5L=gAZgR z4bvuBd1jhhfv)o~BKdLw+ToFdW3{i1Eb8J-#xyT!$rZJ%{^875N zzsrfEJ@RVf&z_+#c3?|N7+W;ZlM59e3DG$n85i7t{xgW2=OSVl$`PiZxK*9N)Lez4 z`&l0@?BmtF61U-;gTGcyv2*|6QlU$61^fi@*SmesiZ*2ud{axT`W;KBS(>UhnbTe1 z!Ypi;9R^`W8~ns=$1m}*2;}iEV0mQD0}UksD05)NROADWlcRoHS-9bTcOMP{rh8+G{4 zMYU-a0U=k%xZc~>mBRSX@H9MTy4cfDl+B+>H5cb(GhVi3Ap6u#Em>ewVL&N6Ozu_o zpwuIce7(0zYCydh?OX0Wy@S`yaB<=o`4@z!)+zw}ZC30R5$Rg&RXU0FQKfhBPCf%N zE4FEN2_*ETB8@wpUu~ET-K^@UL{;27Ii8rSD91ZRo<+VTfFs@?OaI^)0K7N{9Qf#q z&3BIYF{^}BC`U<5-hGCr;POL z7QY~Zs+l5cdoI-t%0T^ww=YinH!IVzZ$w^E(vl@yUY&|xbP1@zL)(}{q$S3fsf z2v1MPING0JB2wwRq8VL#g%;triJ_N7}?L#!3KTd z?N_^w-@S4c=oZiBGs_?rgvKtpr;wiq$};iw!M5t|EX91x^H%#q!I_jRn+2 z0{o98vT9~zgxY;n|JLAm_*#qGDmg^^e?RL9e>joMkdi{%=!{4Y_syk?=U((BoPR_`Jh){l0 z*jLva--~_cj0&|n-oWN;Bn`NmnNgIm4FOkykn_={f$#$eNi!>isJgVb5R+OdKcps) zEdXAic!+cV3- zz1%^Vy2bt45;0}~`@OGix+zJRy)Sjis0H==t_@tN)&I#KfrF9JRB89PBl`f-0&QmC z3Uxi0y+8^Qi8zmWWQnbWDXF6alhyZeFbH5-elLim>Tuk8dq5ws-QVzWF7-sJX`QK= zB{b%x@>~QdA_U8@1yTjLuqkW7lh}9^t&3joWrV8T6*YVpOn<@ECIdD3mlw2!R?d89WT|_}5qezAb{9*p| z0%Eq!yyv<2M6vb~o`pb|dbLo1RrC_1LD#YwnFi+;DD+LVy_RzZFBsf zm5rbz{nY8YNf)OsX!hKo3i!oR*hi~KD$0e$yS^_iCG?f+J2>vcbz&^PJU5KG6eT0o z(VjMcqrX+i#1D}2lW#HZ7TPw;I8=iO2Kg}nO9SKBTpVg{4p2J+T0Q}NYLYkS|80rC zkOjttgzyrY3lsx9(RfkXLK8u>A_N(8%4GYTH)uvg+-nwrYWLTMoQWO8-vzp@%9tCB zV$qiE%<(0p*SP;^Us8PSIewnf?z@|SE- zZR3D>Uy}LX-Wfue6|lUn??;a!swwLtg&}blv2%uV#;UGjPDWIx`|^UAD{v90Ak?p` z_Yl8GdKZ8uVGZ9)0O|33CHg@(Ln_L( zwbi$CH>IdOOCZFTA`%z?OE-@i8X)#;fA<07eZo_;xW@PR>!aeKeXJx{5;gb|<9wZj z8X;e)7BFHel18w9o+_!v$&9oJSuT%h$rP?|A6xuC|CxLkpLI;>~k4V zA!7YIfVxRUD^GfoI4uIM=@%l!FZ{DLc+iOWGy)MAh~`{-z*Vu{K0@~AO z`r~>=YU~0C2-O3n#!U6P#|4Cw0A@|5`~FS$8EZ>GtPiwZ$&L2@1zhehiqwh_7XwLz zkNdOX;qCyd`%d!W{-1cZU!qoyjI7u7yfiM-SIhredBvymNa>%`2@7plD{t~3 zMB<-VzvDB~W8~1+`L|?`VaE1_m~lc4v_Qio*kE_%RbGn`c1#gsG9Z19Pfc+dQa>Y?qPg(|=`eFe) zl4_g4#+4%vlrc|DW7WiQYL6QUrVf^<-UIB=&Z94kcqah>>z?xjsh0#TjwCc1gjdc3 z2_yZs`_^v&_#Fu3318E(%fK+_Uj7+!5UgV2Pv%nj+;XySO^}_CYdK?ESY&f8f)KtU za5vmy6afxKltB9emXW_h@*F`$9SpbqnLnmgh6KsfIc1=95&~2abY5Od;Zd)CoB(up zeTu99J)e)HTST9$7eu}}NTN?a5>j9%QHx2Q(X7`huU@lyw)%oab}Wk!yfPvKF#V0= zW3V|WhW`!?AqZUp!iFk3MI6kdn!wTj`f1`N!xi4ltb>u8h zaJu~yob0a*AD=7Em>abu+}ex`0Q8;!7kCULO^1QP!%c40z*-P{0P?HT9RaNYqD+DT z+D1eF!bN&8W9q^pfrw$)pJ^LR(6BOUE3x{wUGe~PAinp^**HQIVT6#>|FS~>9pATc z3fkaOeJ*hHGAR|r{4*RC2r^^x7fb&1>`OurYL)rk-k)0tCB7ujbarzx|U+ z2VQNw;8`Q#Pjm<2@u>chr+){Ag&o|JgtUC~&oEmN;%tHrB~pJ!{aGxy>-TX3et@17 zR1>0g5+Uw&e{K^`i0bhTltYm5MI-wAC7iSN3L6-B1!X)P*cjgQ;f&FAfB&;^i4)6LIy(GqjzLfGSN-x8_=)1yqTCmjKK}D`Ig9YM6nAmih>R>5r-6E{AiTy9%b_qV{ zZ`o@MV8UfRLdHErgGu>-5Ly?sw)Y<*1J5xqHsuCyuuAyPT(~(YxH3ZqOj1D)HM+Mj za8nktn*jt97#TN8*o*(4|2o2T6!Bj!!2i2D{r$Dx&sS(YGmZLp_Mui`%wG~QT6B=I z>8hw#U*4EqQwD@uySbkYP&jaSwer?1*b`K{;D3AUpJ<&VyNt*ph+65O^FQ}G~2x3lfsSvnRW4VgW06oV=-FMVRG~5hVCmG zG#_H_ldCYU@F$(1ete(MS^Z!b=yaaIVF`@ZCqn=K5PE+%f=SRy=Q-tjBGA!tGKJ5L zGYB2}%<7y7+&Bz;%*Zzs)PFzp{ISUZ_-i=v{%r_)f^Z+s;U9^hv#r35(iB`SoPxpm zl&wqJ{}(B^YDi5ipDyxA4(u=mf5&J!G7!kz8aIqs-6#BBAm*dYdqT2BwS2LV09ic2 z0b8iOYztaw%J$=jM=@dlE_wK+A%Pow<5Zv8BTV+5FdgJ%UCz;gO2wMuo96PM;}o2W z&LRpF32*n8K|yO2e0HI;`lR`%jh~5jBf!h?Xk7)l60Z8S6kyJRq;&wIAR2v6GU7#k z{@5+v@3xr5$x*pAmXCB_f9>|rzioN&=$&2gqV1$hRQc$g2M_#b!fZK1!*_)DKepz- zruZP`t|@KfcJIi;QN79AeC%fDu5<6(o7|JHs}!!SWu@=OS22Ruu8r?8r-$^JnbKby z=E7)E5n4`i@x31w1V1-<@C|et`^_0OoV#t3`;#;3)j7d?BeN%S{FB@DM>raW*_&?_ zw;tB*bVSo^Bqmfa6gp(Kyj@d^!B@O>uAkNXTz(;!EGEa{3)}n$UN%zvbKK*Lsb(7~!n|ItJpK+NIa?uzRFgq{+w#$RkHPvZu#{v zHyFRS-y!Zjv7GJUP=EYWV$$PjfM-vT{Kii9W-Xj@^M>vD*Yzv*Va~;OIVPmGsBKx%E==|iJrvaHL#gSt~?$5m{dHBq}o+c&Szy1;o9>lDU&?Aq|E zX8CsDuM1=3pDwh{1>;0@I@uY|S#RD=eY-ca1gnGw>Quau#MUy{hst1!R+m@miYH6@ zPron;{_M3>2W)Y`8^0Aaa2>)zuzDkP@($=PU&zo}hIi&s9Pk8PvhYh0m%X03U7b#`M47Bq#C*5KOzlh)?{z^8 zdn^q`v_kFnqJ6kh|KiWs-(GL)ab4R!+uj{rP)YuLcK6u)z^Z$4zZtD%8Iu+9okmf{ zk7a(9&kYoptEv4`;oLnI58U`@rt`X@^^xO-;<#vkYy$DMS-<*-FHep(cr;e}2Onil zIaFx+W_s4F+^?H&be~XHvU35{=`veEpLh8^e$~%fsJ33=o>;y&uv|zAEQ^AdikP;~ zU>kS4O7Ib(U`wJV@z+)r6*P%_38Q@zXw?Wo@R+(XsJq`4x-wFszwEFuyvF`NVAXe8Db`p4!RaY zLk@?Jm^%8mF+RG@Cnc{sgELMO!>12VF7uyCPr-WBgj!`fuHD*Mdu506(KuNU581B! zu+iR|PnRE}e7%|7#!^jb!TYMCC4Qx!gCT`CHGg~b2!3ZRmqDZ2dXtN%girsW_f+5A zjlh?Ncf%T9dwwY?p;|`h<%z~s9lE?9zP*xJ%GtJa!t@tGw=V`QH!u0B;0-q>=r2># zqKF&CSxpvP^%u5ZvGYI_95302@4n*p{|Gy}^*a(~cg=IUW1`l>>u9|tiaTue!euN| z-f7sfL{s=u`u>pP(~h6??{Spgba3lU(eIx;PiprRx9Y-Rcq#psUGaPX zLXwzTN>hHE?b*8bu&z^4-7{(AJZ_6#RUMn=eKXXXGXIXY{(L%%)g7jUG$YMZF;w8^ zfeM`_MRLp60b7W|qD}S^a(F7RCz)Q+04t9=5}eiA4pMHy&xG{TD5ts0%v~N2ZJyN- zgCvGodvgpLcIBn5{15itGOo(5dlywiK#&j-q(QnBrBj-PQc8DAOG`_)z@nsEM7p~{ z8U&Hf<7!`0` z72Ur0x{%r)`f+Y<5VR_Fm>10EniWJ;86qrECNK$7tx$JfQiKMz9eVPdoy!OCv-w&y z94re^GBe|Ay2;W{Nqg4zXuDs_ZoS;!r?Gl06Aa&6joT$!@@Cz9$P2C;+@S_{P%5A^ zsrYFd&~2eou){*_+82xnvVBA|?{+e`TN!n0Um@VK#xZJFhH2TpG&ue!N6R97+9L*Y zTyHB|?7?#5Ex9b(N!3Na@##>G&N$W;sri`Zr{I(EPYsNVUrZ>q8X7LoFin^%r|o?{ zeoq=U&fKy5_1VL*|9;N+Hu>84tYq>NelBZ4=Wv0`ks}$f(SEb`F2`@bfG&mD z@##wg7#WF^O^Y6auc)qhR4Y%W`mM!$OO9{bY2cSpmP9{|+Q}+Q(x1&d5%*-dg-En> zwCd?T#o*9Y>9{u{xSdjV*w1}Gen*treZlaiZCvEWrY}FgR~i)#z58{YDK4{)0`u)Z z28;M_vp&8X_pPG!cQiq8cV6Buw150f;K$^1ySI5%U>X%;xg`)@Oog(i;Lt{(Z&{#y z&u4z4vW5500GnLztF?Yu^fJkCIp)prk!B+2R>=N^$($^@r^n?Es?5mQT#lJxMeG*y z!4@k^oxkVRo{Cm>CQH-wZQ%gxbl=E3Mi3jyS)t`D8kkq^d)1^RgXL^D3LgJGl1tiD zN!kUm5lQ4%R^^&ca^?Q$IGo^cV-hiI#PIpvz3pS!(qQ$+uaO_#?P> zltsp6MuVZ9pjNi#JI(y*`3HjVFoV`6&#xy2`#(Qc3nePXT^RkAYup4C$51OPGI1ws z?<^-5#P)Q04R0a?>Xw!&8-{tDJ9zEro+`QIpoW{MPA81WjL=g5@TD_gKRqmi8%O`$ zD+*ah)oIeZesg_^nb`DkRxzwfy~h1qYfFjOUnsF)4aYj4izs>+ni|9}nCj1%Zw`D^IhI$GcT z9kGn8w2ygZ&mi<@*Z+Kb3VXYMP)8jW_)4oJhC?g8fjm+ ze$Q!$q~T0ftZcgbpo-H7f#|=CssaJ4!q6?5Lk(P9niZ3G{ojp2cbfgASGzaZ)n+}d zC)9Vv=~k|vNn5F&cVba7N{r`+Bh5vH++*^4uA=+*Y_VSmzOUI^l@F$M*0yQQLgWab=OA?~nu%s)Rd1&c;h}(sZGR-=+fZ<|8t!6zQR)$p@;V|~{lens z)#+^9lEtp~gx>m8{>$b{ZIdy@L9#yHO zpgghG;5$BWh%P9deJIRW!uZdjc`iE8){%!)0TZd8&OFS=(;|0K~o-?)}3Q&bYt=lip5leG6EL;9-ElUa^_-KY2nA52l2KJQ>e^Fdd_SE zohGT<`RE!Wu^TBS;D(XBb5afR^>|7^mgTi9dvgrnz&;ACANYpm1+2v5tPSXPUtg(Y zv>VG++?_G6GS`y%eyn<*YJc6gXgiK}2V4axM@dP3HJp-q{N2H-BIQKY{fhrYk-xw3 zu>0}pMQG5dNwSvZlmiOhU^DC^HR$&buQ1i1{r&i0xDmmdN3RRAy(l$8h#cVbxilUw z`Rve5j-up%2A7bA+mo%z!^3`y&M>SlYZLKbm+Mt~<>a0Trdt(zR<4$gVvj<<+XsN$ zxwi6mm!GgS@Nl@NopkgvxxtD2C1l5A{&MwBsbRODLOE2wrDJZ}*n9Bht&Mtu!|Sde zTf3ZXahsFbGKO;b2LV�g% zGk>fq4%JY{?v@cIG0EQhs$9oI%}}GTrp&>j#LQGDvq(?##R4N>hTX%K$l16Z7)fF3#Qh z7!K7+Jr6!M;jIt?w(_wYev?#LPp;$9!U>|&KYigeFx$^SR2xh9{bPWfjX)?`|If&WFig2}Oo;R`uV#tDF=V)Hq-uxl)e@B+^ZM8N52^zHcc z{W4LuM8}B%5B2@b2B8z9AUMf9s{;HU&L44pV1_Ap%Rl z^0a<$CmWl*Y(mJLfY+*0-&~^z5lcfO`)%O5Yxc_4txHnGv{ob!CwA1(ZxsqT;6Oon z7Wjdjl>qjj(p;diY7zlI!b@D}-J$=?+p_2nW(6--3xu}`n3D)RDtZoC^55k-6uj## ztW?Zglu6+=X|cGvp2D{12@O*6{-MzJ#KPx`fGBqY0l4Z@K=;4y`v7`xw_tb`t*4$` z!*yeSd{y&grDjLvPUDw?8RtLV6FxTtEb11Cg;UN!f^#?fGKnvaB)5hOvkPX^m1aAs z6yQ#Qe_j**Z7|h0pru&*;b4$+V{2^3r-;_K$+g9GIK5+Xw9?eXyiz~$8ml;A)MNnh zv+-u(<<(&ww&m*dh7t!cb6rxwRAXI1!{)c2b4%dNJRfA|STYsVU^)PcYMGmZ>SVj$ zqN9e{D+O{@725{{a}P4B7mg9zUmL0_fRg$I;aGTaqei}Y-SN%bt}<&_#h{vJSx~BM z+1M^`C($ca&R2->BkQR`x>;Rw`wvD-d)&S192z`vTHh=H1@#_Io)0@%v{E-o00xLp zgGU4dWrIyu&5hTmqKOAfBiSe;`q`DE_8p_6`q`Y7J;5wKD%pBI5PFKqjGZ- z`89KsPIiqY^bVGbHSo;pidv1@M=?JdEgZ+p$ink zN3&%J>ee$t6c;0~<+_jeOf(XAyjP2+=^5RE>^;Ub+PK_Mq zr5To`xAJ^0MV3BN-I6>vhn^ETI_~D!+Je-9xCGRQD+|LjEtl$oa*-uB`?~juHTd9M zgNKo1l6xVk=dZh!y_HkUf9AdubWW6p5lnuztQ&Ljph`{F<#hdlxjx%CYPtTJ@<01S zG43;O#H6Pgk&HI`!YwzQ$S1kV8jCxcm|+tewwOdyu&~6*o?fns7-BBWXMW`T1ekG_ zA25lT39Qc4%hydbsz2$Sw-Ec>Sui=hCbt-n6Bs0S94pPgI*^lsr>qll3%6J^TcmmmWC&nUR|)z!oGIB(}LwsO+@ns@OB>FTuFI z`Ko0%_`9Wz{rLNgMVI!JYUT>jB*E{-D)U|U$xF+ULeir(*Bvh*a?`|usR^_W-o4cT z%f3AF@mWOeRM6E)1?Jc$&ZL9F;eL$d6qUhTxmV7#h0mo!6(1Y-c&zockcww5r$obk zWf;j-td_$tg@)dRj?=x)rlX*lkGC%!5vErtdNI=774+$Yh3-z})+Phxl?56TIs^Rf z4{U(x2PwVJ8UGvi#7m#h$b_!O=~%4RZ*aPw#&P9P}$He zNVG?r1%?uze+lw0^g=Txng93>BbgU;nQ65z-k_JQsU86ofMo)s+yZgiJ2&f+4HB(? zb;t_oqHdMUnvIscwKE?teqDS&T>~xjcOj{jrTVLqD>i}F%IS{|Q-^82+gsM2#Z4&! zaHSbW)<+Meib zsc&^g|IpHGnbRJhXOQC$4Z{l@np?6fa=!hMm)lq59>w_m32J$({Xg1+07XF4A^48fhAC>J~0O#5^;E}3= z?xFFoEkdVxDtDvWEXFi$)GS@SmRY~TmFU9*U>%s`r5e_J9&>Z*RSvup;98yK?>QZd z&YdF-J_}uP*K0o~i@3*yRpDf{U8C#cy!@xj=VulH28Ec<3~Kx_Es_OpKTs73{&bu% zTiSPC5bvd5HU^NaUGus*tRJ1NHR&hxp~I7SA666>$5iD)Sc3kpL9nSF%mUz-5Gg-Y@NVjcGbz|^2K<5Kn!%3v2U3<*wL}r}- zfr&bWhQaLlq({Pu=(ljg_j?O;sg=2NZts+;hHQH$GCD#4iY%#Cq)jXnZRnf9_yhwa zJ{J|f!1@kY)<(hB(L`-RBF^`FNPsdUM$2U*8yvt$4b?CmD@=AroD^|=rI4ru;^NSy zHOnxL(PB4W>xSzAy3^HVHg8nq!#$(JXw#Od7EDcFqmGQ_zAedd*HpJBt$DFpr(=nw zg4frHIHgZQ;6ZJy#jAPwhC=en&4z20Z6C9-L0LGbo|1z2p!UY^~CE zzp|V$s$XyqX7I zyc9r)qz1YyIPZg9DG^4*LMh>f20YhENO0C)(=q%lkw&c{J11weWk#`D z-(aEVX+TPwJ)Du?0W@eF|C>RZ2!`LihvGY1*l;>IPbeJ=;^o;#d(DcPu=8GpO0!<2 z?WuU7$?U4zDY8#yBHUvovzt4ul!q)_ssg?$i2bGd`6rb1!AHc??Hu!2#FjoBQ>cUO zojS7E3mUAjubqFKgpBBP5T6BH`b$Rb+WxdTv`K2Zsl?DNe-)ZDNR_+tcrfTsZgD2M z=j)_2hJwIRcig}4ue`#p6g`_|`Xm9*9v1Jet`e%m2d1!< zUuhUfl~T)=Gg#hV>xf198PC_a4W(E8>_k}uT@r3Rka$~WS@JsWWA9X}c!=mz-EY~A zQ31xh1NyljZtBSVZ^skRD>$M}z*G(?0Z;ah=fGTBftohONmZ(6#Ll#9+kRfJ)ooR> zLz|D|P{hnmlBm;zHCadg)5#x~0$l2CWR13g6&IeT1IW`oxgkp-zjT$Q6@S7W(4;@~ zJE!-f@BfCvF5@2|&u%Cc3ocyreFB#8GLeWuBQx9CpC5ZDgwwNNKT%5sDA5LlmDnJZT-vT$98QQ zU+Tz>za*y&&=e-or@>yC?bJ?L7!W(zbknEg>Qp`K|FahsouynV0aFaIW*xK2qK?Zp zH+YGRD@>uSh?|%DJ`#6wCGE;7&m$IGLKLZFRO(TC<86fS4^uSjWx>FziZXm8UN91? zfrhU4Risn`t2T-&tNOvCkRLv6m#!7-4QjJ7&)t`ZsA%*eVb{EK;=km2E+)o$SDGuU zs!`NQ?Bu;pwr9edZ1C$guuq~5uyPfC-R;8I^`pDUJo)!5K-6xNn5@}*lb0&Z87@S$ z&h&*oGuE!^jXDj=U71U%4KNbF?fe!g=|$T_z`8L4uIesIynm`Vyw)Q)T>Flgr+BuB zSTdJ>>sFJkK+b~739ISd>8ul*=~#YpUusoaTJGVKp57U3%xIJ_qUyofgu__P@e;}O zLK64uA={(oM#Ws)C}^IG0dLH z3gL*Br~HJG1+N%gPTwD18TAykIolZ(vDzN)t9dRVLx%3$7m(`Ob@v#s z4D>v1OO3E5V2$mR6r#<&h#gyWT`t)(dA=WV4P#rlqca zq#G2iPK^eLR3qz)~w>1dTR4c zl-op|XZbc!Qe2HqG~M|em*Oc+R=sxD*>qBd9dWX8IQ@9Ad&z)|?c8Hk<7M`o17c-m zgRNUxLww-YFpK)&0{n1(s{YnrSoWE27WGxTSr)ZBdx#k9Ti=a{x)uUlZR1A!nOC-2 z^L&tc<^5P;Zd*~r645pr(Mg#6NWkbUla=CP6qe_*$DzC+ogqh|mjS9aebgMHzH2%C z>V59Il=RlOla+6UIn_tcOW*i>nW{-3NzLMz7&Sd z1P6p=L-us#O4d&Ij^QtZGwGNgO3T5lDpGl;1QRt--+vwJxgy+s z@s%Q6F#f*ugPtqrD*g@4loaw`N{-`|q0_h1iR>FQgUgvFRuMkt@1I~^X%-oCthM@W zjlO$q%rmTb>ba1+R1&@ZAp}MSGkjhUwQei-Hc83w@E7lua^$_qV+SBowc?p8cCq- z`g$^H{9CiTOaZMRgIfK^5__|Wn$OXiLnp9YcX>;d!Ja+kp71=+=p&aTrZ^qXni}gT zo(aB-af{O>a1owmc+_s5KJuYx~ z)}sAw#RIrU@OQavPQ>dn-UMKNc%r4Ix7+vQ4UXCI7*}d0vyBpYLIffk(8UBUY9wT5} z@~yi9Z`HOYHG|su9}%9lV>?oY_>)oQwZ@b2^-gqfpiw=6!;CdE=SwUC`#a$yZtzSK zL4}Y=__CfU2O$!V-{(m9_T!vL_;EM06pVs+>>(Kyxqw~f`%_$JZN5*Tp-I;%eXi+6 z9}5j8dN>p-E-DmVQ+sx&QKb11{B$^hG)x}0g~}z-i09p+lr#yF0qYu>b6+(K59Oz; z++?K7?;$)6e;uc%B*lVo^(8ZfVWQf`;4a}pGhkiarqCOVwy#-s%XQE#5J@H!a;dN1 z9|<{J#|ZEG`IdNPujwY1O%NfnNv5t+IqAYw^TU-b_ubhYLN2qUX^v~wiK^Ac;Vo}% z+x>J@nJK%;9-YJ+T+QZKHZ9f)?0nLrHxFXtf(+YEk`7;Y-B_$UYl9d|TN{Dmw3#sz8}$08#VSyF|U<=(LfTN z+_Zh=yqVJb!(U;EH;iJi4?@cSqf4lUs=mo4GXm0M2h?dwD)rU~ToEL4+fVM2&pEBe z*R5EzzLoPa*`98!b-gPJjYz04?_pwVe0I;eQA6AHR*B(VW$4HKdYQz+QtL2xqdwxy znT4aZR5xuh^3&?jr02upcd0T)*~~p7>-^^!ayWPj}Np`PCW*RNlJ&$_e4?B)Xe8!{G23e*4R$`@>mRGXuOw-DU2En^!s#Z^?cbZpC}7)!99dR_zx3 z9pGZC&JL#6FUt(MN_onZ?6}wrLCd!HUwqQE+OQu0G?^9+0v6?o>qo+>OI z0lzO3+oRGOyN35=gY3M%+OH-f@Rb z&I-Ik=RHuON5mjqAPmMCe@?S-MoOAhX6&ai8ue!oJdm4vqcp;zmxI#mEWU#EE0a7G zO>PHQoH>^wymz>wgb?Wg1@N)E`-jWQR5Z@d)=7xJMZ!nWM?eJ+`d2^&mrLy}E&PR% z&_E;Z)brQ;k&;e9c-GEH(~>OK|C1QXv@4P}HP2uE3Xvq|6i)v^p*t}hhJda!uBf-s*Q zJ^I>oO^~Zl_O1MbVv}kzsgUKD>k1Dh)6w<7>Rocr*K|CHFdmzks4xPy8=J<^ug>Ay zs)gRK1k&6&u_y}#;+a)CM*Mf*vyy{5J)sj1@)teHsb^aevZUVd|HAd zg~AZuw9cotzvEPrP`ZcdmGw;CplBw0b+(QmPnL?NM6b@l&B;k&385kFw{sTgE*h&{ zaye$ij_7?+c*d1-s2ls`nO&`A7PXzBp1=!ac4$RUNb@Ch`wehs39LR|BQ!iO;B(`@ zMYXCc87snG75si(Ib(b^&Sf<5q{;eR>6;s;A}6AvMY9S{%|}HejWqn@1+pzBD5r*Y zXgR!7O8W3c1<^}#@WO)O@%2@kVM|YV_B1D-R2xyhQBLWTwwbT@RS?&mjPW(P-uYAe zAtT@Ii*&08qvW@^AY`=Oy;%F{a0oQV z3=iaVYKYBLctp&0JXEU_U!MP9Yjl-cWl3Fesa|9Kll|6*OwoADmT-D$dm{lXK_X*L zMsTEQ_JEeCGMxOMJ09Kqp?^tjV{9(1rLAXv=y-``R zgRkwIuybdhAv`01CH|r17 zt~%v*jRz7&#&>XXmD80aQn?nUyWoFxy1bv*%}hM%`C{Z0`EDzP$~Cr#Pzc9SG7^NR zk_Y-|PmvxydakJd7~FD^fay~j&aFKIe+08Bb#)(KETL=GCc$+Iy|Y;L>+B!HRlUj6q!Znf`y8SmRR13IJn* z4h@O!S&-C5K@Y5dW)n8^12Zf%OB44Q=+Zl-9C~PmRNyhC3T7KSWnj6tXjx!{0$zYK zp$2xxF$qqFrhQ<7y>Ue7=(m#gDo0pWGHU$_$_T{p747wZyJfUPeyc9%ac-1*wc}Yd z#_(vuv#Rz>gsL<-C}TLFqQVf(@Cj5tOp|6<4YG|o4)siGFl|I-M-jUF zM7tpnxVbe>n_A552JNF5qQZtZ87rkaD`vy_Lyv4)Ufg)g+FladE!K9j;Iot`y zn6^giy$stzPaBG8i!5Fw35*@qh_h?=DOI^3+N~m09?T~MhEcYx*8m(11(+EjRdDD| zmp6^fN}kcJQ+U_-7xm7EUer|b?%|AzAV)>F8rRRFW>$36YJ^sbIyBZxoXGlMZfpM* zNU00#qFb~XxL0v`g6(5aTn&Q?aSUa|bI>Qa{=XQXBR{+=nsx`g!AbbgD+4m2m+d&u zk)MIG+G+j&4-05!rr|_==oJC_^}&N^En~E0Vo?6!+eJ=o5QwB`kibfXrdHXB6;z9w zAnSv{b7VzmlE(XNrbL9~FFXs?+*;iF9(E9TH9~m8$X~dT61+A?ZMDRK{Lt$?^nsXl z^_d#zYnl-mVJ$dPcfm6h@BC0Q1&wqL0k79TX~5*C2Cs@B8O0GIUHA(#N=Y~BeSnI% zE7~mC%w9X?_8d6_j9|NQ0BD<-7{x?ZyDsP7w?V7HrznWP_bsfRBKbqn^Pd0bzg+-+ z$!CDpF({lD*oactJ$f!9z1s8B#TY#L??;xQui3uM;3N~JkcP|)H$pk=->>STwTpo< zcoVpdBuXI!`WT*STctq!&o`eU(LfOZE<7{&3b_;-2{j7pt&D%a8$kt1>wffl^7%tA zL&)?d0@dCBTPqwWhH`R26^H!YLjOPY0l$Q6p;Z@aRspFfMKAQH5mMPM=mWtCctPPtQW%c7qB7L-5cm5HzbKNbkQ-+zR2xz0 z_|S_Pve?)MeYNKQzHRsd)TdPS)2M?eMGVxvz?!Q5?IK;YbEvQj$k_i0f^GkO;xLp+ z+EZHYJVjCiLkeep{MBLX-?zK;L46EM_Vc%ZsX*fbvoEj$7W<#p?nCZy)B^tfpYHIt z1G6wdJ2yloCto0!K7^V~`+TeL-wH)^Kx3xApf-m2U(5aPn9W1>x9S5vEe6aY=CBmzvYR74l*RD-mgYjKNwfv@Bfk&0Mju z&Hv$P&|J?+{(lYk|I~2%aK|rCwv0B0vr9i6=$|E~+OG6;d*8=k&&wPo1|vfM2pJI6 zQ34)~s2@ssunMz3)7YMI0P7UHGzcR?I)EamcKf!AD1{sp3<$k%mcoS$m%Adth3{0U z7)B*@4{-Au`>g88-{HmcTIr4J1>oTHpwpZ?-L)s+sD$OnCT9U486}!BVh9@V4+pAi z553@!yLRgpu`~gKS$4A#`i;?o#BIQyPBTZj#kQ6Bdp9LO3<{~w~yTxn@M2ALC z=6I8YpfbqSrlc^vszIG_2{fe}&H*_kT(8Z)8?Zz$Sx!~HHJee62W5c8$RPhw=se0~ zrX==+ehACqV`O3n3CMIaI}DOvBEztNLDBdK2rj5-Im9G6%{nXAIqtwWd@IaAT;K_6 z2IPmd;X*gnfaYF6vC?89i6j$~(G_y3hSIVWVk8D}&&?#s zanK!I#K?d%1V$+6R;~8tP-1c71;{2RDCxGcDI**q*CMqglC&?%97yb#wY4>MeRtpw|2`X#s9Le&NO_rGzbJj@0nEMb-r$_uQP}%@)fa_4kCiKLsu$y<^tQt7lZEKc zfGn%G%vSjD}W*7 zao_`w)dPIIW+1LM#n4>k?wjW!S|D$v|J)9nKCRvH$hj7Vw;6_*!+t zX=E4HLgjevI-q?Tv?&)rsN4mPd(2N?%EwY-0^X3QEexo4Is82l5Z$VeSNY?GoHUN0nEelHGtK488G!SPzaRlhpoAKYHlccAb4tS zZ?5WghrO*-!1rb1op{BR?bw&r)&qo$$nE%(Z30yN6iTY#^ZX{9G7>h^j~=uxMP03d4qF*OuGQXC~G z#@++Mo2GjxCe33SMY|fYO(uia7wxwD?T_WUN;=85qV4t%FqT)qpLWzeDqkmFdjjiD zIt*sVumbGY-?xO2y*w#2pd+kyC4%0Sb+Zy@d7*_@{iVD4TwZ2cO^RO8;<#uh2{03U<-9!^fu1 z2)j{FwM&Mc3LuaW@h$$2>M)SRvm38gW*kOUUVa3aHwjuD0dY{w#_t@y3&oLVXP`vB zt+(~#wB;WIyVi#?LG2iA0W~d+dd!S98nrJ7Qoi$LiI`r~P*8O-3{fm!OL65jVvQ`d z-xwAd4Pt9NZ)G?(EBJKO&*fLfL@z)eMjy1Dktvq0DF~>fc3(!n!P^5qs8ZN;<8nrd z&f3Gw_e0YMkko{TBi|1tHNj_C`R7rQp5Pqd=ugwuiq0v>jS1 zBcCW`a5N2jNt%tY4?F4=yfYl$HSINW00O1-B28@5We+^3%l!NI1rqA#T=xV5IG&0= z1k~9Bfwo~{ux1qVM^9f`qdt5(A85(E?Z%{3zJ^C29LP8L&|r-W&mHYs_zu|hU0mfD zd;Rr-n1J`PjUb7IG-#M9V~faI~hRp%1VWOq@1u+ZyA)JEYr*-PI*+$W+(QhA>XlzW zIoa0FHlP%%yKU23oOJOr;NPFBj5vs>j7Q=O%Bz)4}U0CvZ%43URC|3NLIi;kYqW zYtqGd-q@p0x)hkV!Ny4!-GbR3>g0K`&d zQ!U~)h9>wc5y_t%3=}&E%`vl(nb3ln>*{Xq>TR}ngzPCGSENaaQ_*aH`pwz%id9*a zZ6uk2+gRx#C7VY}&u7IzzS!ER0|CA*dfSMvQtm6lFN2>g<@_>XenGN%5~C9BzB#;A zZdvRDROTtHHi>c^UeI=tQtNg_P!?h>e=ZGi2;hv~|BPK7(14}rtr)`p(P6ljA`<6K zz8DU3Mev8z$QKt@#S#m(+34JJ@8$q&`Z}xlYe~Xyw>ZRx--Ee!O?8PZ>qA8gxL`2v z(sp>3Z|q)#WrRg;66F9;g`G4;EpU(HkKxKP9L-ld{4FQ+M71)bn?nlrvGX25)5l_R z?|YPt=ylJtkSBCIyqOhMMJMj)-mD`cTr_L1FMbTNvfmH+RPxq-XWnC#*yMXY$hV;+ z2QD@@$%)JkrK=l{ud4c zH!kjJ8ly#pWQ1Q~h@synz(BLoR7HA5YHvbE^vtW`j-pq#aHiz_&itWvtLg<5lSi++ zH5%P&%5ZUNV`rSAT^!F!M(3@(MS>F5vl>OxTIq|Dh`qjEz_{I)JRRq4TD*%t(u!z> zjwpH`_TROO=G_;=di|_rw;B%rROlmij*Qw7d&D;q@Z`R2=LPcQJ9zfdXVR+&k7>Ct zK9klh%%d_)0d*Jjv`!afe>2iH5$``pTax7m8SnEJ`$zy^X3|&GF7)2c-MT&PE>b2b z*!sO#VrEWVH0jedzf&&yy+t_g>SOnx=I6 zRe#h=)}Iw2dO+K3mt*y%3#-QF3$ltB`trjnJ~YlbaAY*Y9QDlSE_<;)S~LX3z;NBo zrvTmV-&GNJE;Wru7Ny&o4WR--E+F};Bh`qeMMDelP@q>zm!K3s_<0h1?>7!{G!qbb zwDqC6ZxqZcpCv1VIQ~9VWgkE!9+T{@>BQ~Y!t+=l3v+T4=D+AKgBQ%jH&u@LNN

    *+C=tzxRK^$2yy)hl?2*N_Yidruu#RT( z0}_eup0REt;X@^{45Tot-WOC~fBUg(m%tL(;Oyja0{4a;wR4p&N1-4*sKg(ESdu52 zm0B(9Hn}yj?|0*L5_W#nbP`g5yufB9uGxDHd1rfkY4Wh=5;M`LL!Zn5B<(i{&7IGZ z;PK_^+~4a-5@e&1DkIoGlok4&ol@r+Qc%`tPLF;4v)_B+RULnKXVi+WC%y(sa_$=v zV29m2B%@0}+9Pfs&-;z}zWNc8OP@%*Kwr%8&$QXqT8*iW>u-VI?;9CGOW9c4|Kv&x z%1M6Y!JRZoB;#dt9c(u^A*jR$_a}-WTvtBKaXD`vM>9-Y5BqWcGG=Xmc}!slICnO zBh2o|2(~I@rBr+mnAW76|5_3s5a?wAneg8Afr2>i0S|whr2LIN7k&mh+n9>p zF8sT2HoL6z!;@Cp?758KVWq#Kd6j?Ws3_f9pzA{cz+$BFzP3HvQZT^5+!6UNxzUFC z%LDkCzY>ZHS<)O>;sj~A;#^5+>hrpB%Ah5JV7hOQ@=Y*+@2IW8y`q(zgC9m~rSSq$mE_D-$ghJwW+3p@C;ooq$NeJD?Hn^KiHRTf*YA zYm=6@R^ZX*5oAKixfoeOah{ zKakfAnu7E9ZRZ3=3Qp4{`81+P=11SV%2AJ?@V=_}>MZK$p7v!}e6)~&tUeS9#VfS8 zR`xtf;R|iEFGV@V4MukTX$7BUvK613r|A_O#)0bK1Hpf8)pc0jAX)uaJTTrIRQqbo zn*tV@zXj(P^pX{yVH!Y?55_p_hoqOAehB+R0-*qG0P4PpH^1n#@lg6b38K;0j#lobKBU%?k-62xhZp#_7vK?$e(0GKR2%LjSLyIX^LsRJ)(;^ zczfWX$$LfOq#V%~nAUQk^W*&e9f->@;klLQt4P>4l?{vKKB4J)Zf?&zTo7K^?XUJ^ z5c}&%up=4)3J}a;W$4zxO&8^mm%Gi`2dL0ab#nuqEGmB+n|u$8FW8}m{dpMl@(J@A zc$IYUx$fQVd8NX7yLy|%-E}S7MDS>s^!QK}{}gcWQi^GU5sOMU3GPTaRtJfh{#UMf zD}Aipm`n{)Hz&@IY0IGdr)gF8x9O&gNh&A1`cf+mU7R5;olRDm0s6~Z4Lr08v=NQe4W4cQ8Shr5L zm~J>&bK|a0Xv2Kj*1xkV1$E$Fy_2zrU_g|>8+e>=0EEo_vfM({lg~wS`?W;n>hOw{ zo~NysdRi?2`kUw;FHvvOthh-M3Qf{R&=vzB$6PuNyU-b`W6=K@5?Sqr}~^dn4e4@qF3*Y4> zvLQg8?ICqp>{)^H#L?57d>v)Sh z^`*(*AI{agIk$i_(HMGWuDO`%M$9K{Q3cwyI0a`8=r??T-=C_2`|4jG)w5{wYPy7k zhnmsu!c4~xGr!@Otb2GD8unIVL_{f^bpm=XJ`?M|OJzb&e#m_{t+*4`%41)RTbut!R z;n2uO_oZL-yFJA!_qjE`jI#lT(u-imZMc(YhwYgLu` zbvMiMrY!C{QzK)3EkLsLJwYoiMYJsC0pF#=`WvOgBZ>KWMQa2y*LWV$X-w|RkOM*Y z{kx%%acj?U)!jCr=eC9&v=_n&?C1v~>h_pf{=W60%7@Rj8>_3iri6BTNYwh50E<3W zO7*QhfT~s@^;5LdHMwq&vjl;fvo#x}y~L3~&uiZK1rJMTagQy{D{ZLS1E5s5I6t^X zO|CK%kLUAWI`x2|2+DSS`QpN5eZt!skp*Zz;kPfN>QO1+@_9$P>`??d9Ht~m)c_jj z_xS)6_QKZ{aWQ`%(!I9U^xBTwGX27KUm+ike9{&Gd~&IkPVu5}-&uh zO)m&4ghAz_HeW4~Ca5O?Oi4QA8pb?G3C^vUC0?TTGU#(JlH6?LeCo2;FHQN-oX#_3 z8F`465a6u8h$=i5<-<*{I(7iNsWSJt-^>7N%z#PSwUpm}SCk7sdyv{OzxT&W2ljI% zXRrN@0ff9)_>f#|=IP=H@qE`mM(C^Y>Pg{&`V=MHuKp^X`CfCXP^X~w3k%7ImaWVI zmJpOq2U&2FJ%h=EFlSl9!|tF?J}A$%*X&tV85$4!ExNk;Q4!=`&L`5(%>v=G1X&nB z!%|M}+b4Whn|>~xE^(5B|GcEIiaxFv|wn?vn=@}2|fH;;hi41&}_N7=Gy`01#c9{hDLSugVj{&yM zw)hUpi#pFhyFNenKVxMG8@0dJss&)mksOmPOn8 zGJ!lX@3E+dfI-_0EM>#=8(c*kZkbAP5Rbf^4_;*75~rU#vZ$vWcqji_C~9;pOjK5R%#5 z&8H=GUTP=ne8(LV)kmj<@grC!W!Gg9+x*pX>yim4&(RQ z+H03q2->ue^lcc`{MJbjROlB(GR5v_8~7ADc5y#%zeoAfxA`Uh{v5=}R6w=&GeF5q zD<9>1@lQwhch0+lQ!`)5zRT+l4%S6$%Mnn$J4(stj4)0t4UfC${k#t{d_ZckEfVV) z4aafvEgt*o244~y&v5Rg(&UqGX4oY)rl*x=^`Ae;Zc{%+W8ns@SkSxrSzDtgr}*db zds?R+;9!i^!!`A5`+`1hE(zx8BmAoQo(zZ$UMt>v4X%g6L3^^>r(KHaq~_0a0p}t7 z_J`wnDdUWS-p9!=-VvK^N&;61{{nJ9c3%wGBlCKlVPWNO^PUJl;0k|&A17wzWgp%9 zS2%o#7b&x`u(&{a+Y8#AuS8DkeKGfIkmrlC_`rS6RMr!uqUCv zC{n09{iA395e6zG)ghbhzSm7PoW1)53wP!6(e zturAIxA|+Dd6yU9s0ZUX(_v4dN7Qb;26=6oV$Kg3u|rt{R7xN$;F_5Im@j{FH*3x* zm>3>QdYLZouCy(dtiZ?0%YKnkkVFuXo#2{l^_u;0b<6_Q=c$`5f6YNviQk(+!2y5+ zsfO0_>GbFJ(0$bT(AO_PQ!2>7^zWa6g!|8cmjnCg7lcRuArz>PU2XHw21(bkmI8wfQcsj6C-cdU zyFH(}MVj}>XgqjwHO%02QD@HeXZ)5ro59*qU}y(l_1DD1@V!%^AI6oG&w&9jIva7u zD4Twoj^8P4l@zhb=DZ=W{kZCDl+%eJu`im4tbqE;5zrq3N3FQ9ule;5`b!W=%H9!?>eo$rf5dn*uL>3&mGBGNlab%lTsYRLrl* zxQNSGj&P*98x+WS)fj&=!`TQs)h43%>5y{$2a782K_n6=8W3*%fYSsF#A*J96NzX{ zu}w7S?aJBxI?3pqwIN}2@Uwb)H1SUB@;uRvYY(#Uf~(6ZWacE1eE)Ed_j(7y3i=2)*6SnvR|iVp{y63`^&c{vb{V;IiS8lj?^({DXM9=91SSs2T$5c@&fNxAMnPG?B^A_%k^dJyh9{p6wNu8 zd+^>408lepT;eEk3JJ?GeQ=`AzhF*Ub~?vm7z4x||=e_Iqq8 z0dh^JoA~>yYj&XXe4&!wbEOjR3_8hn5yl@V%}D|Qt6#}oZ_sai{3QPJQSv5Sw-()` z2>wyZwBeht&|8xUp1xN7J~(J||2XIkh+crD#X4;kv)tUlA>uY^LT!IIjp{|?z|%P>#55=t|X zxw7M#)b6{UQ1}9;Fp=7dXcHoBWAe0KCG-zRR=xwK>vAx?No70UFJbk^FG#8DW#5en zt8FGz%N%a~WRS<^>$4@XPo`-0$Y1u8X^#`(nR<-FMz!wuc<*4UU*S^bO!5ux&g*=t zW%(yJCBQU+eA?%AXjBvzfa54Z!!O1S^0NRjn;7Oq3GN)C1^lq4`WbdWo>A1a!he-p`h02v;&$SS|=3HaL~TwuY#trwLta}Bu&^v_{J2n}X%f}!8L*rR$j+H1Vcj3NN`_$lz*cg^v?>P_l zSML;%WhM&Dn3}8W^MeB7v*#lqQ-6U4F{h&wwt@-$qZM-?|&HB=B>%8=r$ck>V-6T$eJWsEhH9<;dNbxH=Pu z`mt@c_$k~=o&rI;fdS@=9*Lrrh$1PhlvGtaL=JGj6si$N=@}>kJH_y}ihYm<4p!CM z(S}?H2D_2>X)Hh0xqEN)_1crKBl^Az{jv3w>fKi?J6kk+&=d~yx7Qs|Evc0OCP>v! z_rs6;m~WxC^a-g>36?(ox|hAp7uYJ_yzORqE0l<1OO|%m_I=9L#jk@e-|9&hZa=-` zNO(X&U0_Ie8ClUTmO2>D&GoBImfw~41L}2!VL_UYqF||nTzNcw_pQz!LihY>j1`*H ztvCng-&LV2{%n5g1%gwEr0WA!?V;T`aKUi0qpq0@j6Q<4p@`+6+&yO)GHo6_^RxMwv#MX1%3JxPPF$xX$yx*Ryt&Cx%$~-U42|A;)C=3>f z$HiU#5{z&^!Z9MBF8elfUP|Eo$}Fd?_BLee z*UbeN*8WkBqtmaO@W<^+ek{*NO$p)SkQ@YI#ZDcQPt$&Uh|e%Pr~OXBFF@w90tn;| zsv2G0jKKNead$g;%T>8tI6X{YHI50x69;_jh@W6>EJU}K7mo(LO}*Sb*Ug;l@QF5? z{h;w`;*mgl!So!?G34#}R3WDQ(PEvoS@k#U!7E7L>Y9M`OQSq2Qah&Us%3 z@$(r?Q0@8i{m0If$DHZ-`sQ}I9`!dd?~NeL>%&+QTzYZR+-G{4TGY(R4o!ZCFv;n0 zA&kU<&@T?Ku8%Mp7tY$($mjLWC`cGaN%Cl?D6y-2umUJ(O%}`zC8-|%p;-oR>gt4> ze>sOWj9FoPi8tb~xOc&|yvVL3&+XbZsCSGL3s|Z+HL5`Wr#_K zX_?8I04jSJe*aTQo*MdNrXMo$DegV`&%BGIsG@#wTSdxab$UYvyn4`__r&9U$=J_& zTA&u}f?D+p!O@=RtHH1e0rvmQW@duLNc}YC4xAHZ)Mkd;BxV5%<5?G-Xr_8>7`y6S zne$e^@*~5JZWATD=i`rnGL2B*fq2=!IhW6XNPm(sGuJ}2k-x2kvsZeAB@T$UzYhjV z+m2s39uko2+rk+kOHiGN_Y*ifQ*7V9cxXC{GmHdp`WbXCg3oPa;`m7E zTPq{2$RYqk_F z;)NV)ElTF6&xhi-z~`^*k>D=i^*Z7;iza}PiUg%)+U3$w0@L-+aQe7^3s0^0ChuNH z9^&((K~Sv%Lpi*mwqATc3OnQ?6I5{pn#3Y&XgnqX92C5a z#I}(HOkhX@6RZ?6;#hUW5aX%wZYJ0^5RVTs{Wgrl6sBOJ7BLUBZn2n%NGuC_IR+Lj zY?ILhdMLChB6h7(DhE14xE3^*i_DkQEW!|>E5sAhAp19>DgjDv6e*n{G)thBhD*ZY z06`BacqZ8-@&iOlX98LUni2)zA1;g|!lR=|hc~c8!rnoRyB#Fpy|&Wapkv4g$AEmy zOy*PRYLA#oqIx-E0!hF%=>29VEvf=Y1YmhWVJw#Apd+T#Efsl!I1@z`4%>Nhzn_YR z0)y9$=of%%p+HlBdBbS+esNvnWgq{ly4W(>Bcz11|kIl zWkZDH3rP8X5DcesC_F5D8UC1U^sqgu6M2Bx2^mkMGDncBC&iq|g~DGzezJ*J6Waz& z-SAF`5{eM0G!+4_52`g1u7!zJ8>1vO1%pF^IkQCUQ3qX!bq56`Jw_7efUYzn48Ax; z%LQ3jn>px_ar|UD8+l#?Mm&-UmmxfQOcCM^fSCdiu^9`pPdW@mLy01ycF^93H@Ts^ zi$n^;Z`q+c4c-Kfub>O#4~wH@o}Gn-2TvS!JNZ!lg%3RuEm?|Dh0GzXi^((tO2dqp zX*c}UI&4+~VpCXzFimVRd5E+iR&15{$sw!E&gVFJ@HiqFe-RTS)1e(9fro4nJN_X+ za|ihnKlF0@JZ3XnZ#2gd%4lFN;)2r}l0(Mm6aNk3`3*HELMQOs~;SRw@WaHj0Ma zG`k^)MiBua3?Es@ShAc(bt|z-x*uxrT=`YaDAgvCbU8t4_laDj%F>$8jaRwvu1L6j<)R2N+x)&yvAIZ-UP%20ln zEXenQF1H1I2rAd>)u}CRXz&RF+dj(TjvAO;36m3*f~boPlv{!E4=r`T1C7zkJVKWa zC1UwN_BbNN@FPKFyi5>6(JQPK=pyNk(I2m z@f|D%3XBt)VUhSi49LJmo_Gh^?2bcJL5-nwen(uz4q)SM0}rp)0PnHhC=E!^VIkxj zad@rPLBIfUtjia)!o*VT{y6*#d3~E1gN)>g5{MucjKD#~GQUTKvy&7$u{uCyvjH?< zVynNMQtVSdXl0x)?7aP|YsCi7OUk;4H|%dhH;|Vl=D_ z$gU8#imBC6@p2o}#ieq&@i5QGi06(PA5NTaXFp1NX#Ad#R4Xv z;N^mVI4}^#!wOLQBhjFfN`MG>N{Iw$D=d_N=cAy2*TMrzv{p2h710BOG*tq^O(aNy*r+sy zl;!YYP=0QZuGOJUao~J2xx_pN%@Rg|2)ta#ASnn2hR7DT)1!PA10pk!W~QRTYKs%u zjtE?j9tYJ_wh6~zh{GXBOt>fxjTu^aktke3F@qqXPZrkb2@aDJuOSFRXl@7r+A_^f z5L?t~hLiXe){h)c`?2$I-D zC+H2kOcafP#4twjJcSV-XYv_rl#?n{;UjXkh%FU~=xA?DPNo8N6drihxip#E?4ks% z8avhuHTeMGQ1K!Y79#=6Ct};sXgMwlR+(vZ5QvJnj~I$!EPSGjsu58@<>(&*0~ML3 zwP8h3C1M#to6jCr>J&zaH-d^niYBVSVlZ3}21Uo?S@bY8Ya>^pjR-;723|-+E(yjE za>XbTK*|y9z%|cu;3#pUK;<=a=w`qyQM@sJ)XqjMqycQ6QRmkH>8x0!RK`qp8&4}h zHcy=@8jQ#_Xbn+rVG;c}hQLMiB96AbAjg}D$*cZmCo&q zQY_F-Lv>r?Vyz443*lY(zEeZza@9@)HS9OAf!W&2z=dVdM#Lf_chMNsBUX&V2dW3L z#OO65+oFVQ3rWl_jf~E4#eEVvP(d+>HjSGf@lrSdIM&Go4hnn^KoANMOaj$wQ}CTp z3_&Y{)j4|C{_rX+^|(sLAfUgJil@aQ{h7k=)NEZ$e#THicqdo0I+~y z#&b*%jC)l^xdxdA2~W<_Yc&MGLINtzZ$@G^R-7G=T11XOFo2Y1pOej;S zGLxggnX9Hdh@iC+*Fk59Qe%z@-53u8i{^6BQnQ7w>@eO;RJPbawH7Qk}{LZ;D8x1*$7O%5gQRoktbIVOy~%EV?e0Tp~(V2;MYxn8;i;T z2^t9dNT971cA4mr5De;689@q0M9^WO@7k|)z*{f^S`*U9jV`_12}Bkl7gHN06ErL` z$s>y!)LOI#S)i&QA&6CS%n_myt$^|(;MFADpvr*?hQ%~Lbls7qphu)J{o|!8c~qlX zt3=0G_%I)SS&WzYk^kXve4rI1up@~3f&76h{eSXf{!cFjgdM#)`0Ix@k$?^?9OA_M z*UeGs#UQf8mS}`1zT9kJxuX=gQ~!E1QN01QOqgOEARUow;M>!l8C;$OGHR=`v00;!#M2M4$C*Um9kienxM*;vCCt6uN z1u(#S)UfE7)EJI#!w?l}6f6m9P>Z%BjsZ;siFhrW0Ss*f=;_B>)HZii4H^g_d=d#M12@-!mx!(1CAqwep0~A0nL1vO1B{fGU&AvcwqG7TpN+YWRN5DpjdA-k@yVc`9-^gq^R4?RD^9zn$rqW zBQ&UpVe}!Ig^9r-JGe!RMdQRYGD{~2LRQ!ZRQ*z#12V-}r<4t82`{9bPzEJZOrt{7 zOcE=gbOf~v77tt;GEd?n0>Ymp_J)NhF2%v1_|!&ikf7oUT~eu+XQNxBUK8I;q6@@M zv?3e>aukv%;3kRjVyjby@(1YzNHtM(%s>!M7mguTDsfSe(q#w#iG5WNAo86KztN#( zgn2HL1Q5k4sKFcX1SdS=Qn}scCjp-=N)9MGARq+YQ#m}kDzApa(9ty-;NIha`INHw zekqe?cMut3t!blX6OHNUM)RkA_a@pumOJ!IEVO0QbpMr%P8gbr8 zVH`+Bd&AHf3M5lzlNdRS%8vmBSGtR#R=6piDAq;wK~p0ULr{ZA4UPodPjFDVNf-qA z1h6_xo1LoyU3;lkA<)K!e!EB!S6MZnIBYTd)pipL0P;L;kSe3ZbW$3XFXPBVMxzgo z#M7Z|3P5uKKGP_|#Dg4%k!P_(7e5Vgs?36*%*+YIv})*f^2;qmCz}(J$|6!38k%!S zILJ6ys5k>TYQW(mbWzY}3~1CM;Q5e%28SO>)0q8qPdFa*X>AUtHUzQ(JU~rwP((9G zZChm=&>^6)r~#z_F}PM6O@ia29e{`-ML9k@$KeIJUy?3h#Q8NWyjCt|knN^0P?;gJ zm39Z+PQ`*`lRw0B8BxF$h4TW|$1es+Di|#2fqDR%5K|MG3K__phMW;T9@)fMb~@2* zpoGX;ryk3}i#1Ay52Z1NBQhe&NkVG{Xq{ceU<8>UaP9-~34;db^x~wDOvg!}P9gEK zP<}qB35h_l4X5_2WJE$#%?AbRxQiqXMFY|Zhc6Zcg6MzZHiHsq(s+@G*n|=T?K0WU zibQoW3oGX10!sq$nH&8vKUFW+gQ&$nYNWEW7*I7k3(7UJ=2meQ%l%PAf^ z2?dsi8TAnQYh#;~x%=un4bJ|`KSDbvU^)KMtcMdN2x| zix_gKEjWSGK!_W3D$pN}!GYr{p-+pX0wpZG8(8uKL8BlHy*Wl~fC29LTTD^Wwm#BHNd7-o$a$Q`j%kA|p3I}yK$?#G1UMm5famZ6MP4uLK5_yNlr z<6EgDu1ZBBpxyeYHLO#TxnYxmMHLx^?1(Bxb}~qKgOg3MLoY7L4J_~e5K|KkFpdBt4)L5i85}DIKPm0S#)yah+F=!+{<+*%-or4+eCkkd6xm z(L#Y-t%vvQ(9R%%@qlMXh!MtuVkknej0{kJAOq<*kwhT5d@3S8N|W0NW&xL}4M-7} z#cWrGBLLAb@w73fSgr$e=s^?MXsaCUr-O?Jtax6M5BL&HL`BpKKl|}Sol~t0iger% ziHXKqu{@8;AyhzUp*QH+e49MXl%lNxGn$M>IY90k~13mgr=<;B_@Ezo9t36d;yF;RU^S#uyT|$CdbmK zF1OojfWCb+K`hW&QGALe95cv$Mu4A6ENZ1+X$=Mg4sKAdlF>nG0?_?R6NnOec*KZ0 z5>b&T3uv-3nU5nn^X3(-=g#;8$5;(i`O%vOP=MtglR7bmC>^2s2WiR^=Z8I>Xi z(4dK9*IVRJ6UBi9AaeRPhQvgs6Byu``fH2|LTBJM_1qv3cp$i1eAV=f}e z3iRM8i~!lctyT#E$>6e8QVpLJvyyNaoEfx}&>m>WN5{Z}1CpbN&5zdl=on3aCo_97 z<}efEL;>#6Z$$aSQM5?nS2N==&>RNwX8{2Zu8kI>M=5*+o!3K<({)-8OKr6Ybb7zr zM{p?}K_1Z8!og+G_D-?62vj{$4&Vatxiut5mq>gB-R1 z-^u@%Siu9dO@aS?tRUCoi8cy{AQ{3y4++GF=;a8!9f=k2Nahn_1;~7&#V#|JBX@8N zYP5jOGmt?6QOFIsFmZq(QT$x14bM>HDS9`W0DZKO8Nia5B88s}WF-iI5?L@T4VnRd zJcMQ#je#N8aQwKC2xz3iN28)W0<~C)Vn^6=t(uHO;B)~3S0ePp z5L5$xLQRxLVRBo&nH@57d|{cK zK!)}#=;$UA?4Ywngz-dSZ$zvQgQ$&P%-5?3T6&BP=m!i|M-T_#b4XBool&!y7ey&; zjtBH!E0Wn-B{JzHNR{|@K+F&sm0(dixW>9D&Jem%t5#zm$@24o~0&rr-&+65jNRf>T*6@%=nMz4Z~Cx-iD?O+Y?eakjsK0h|qhF+(bH2fTyhD5k&#ygbll#HY(Q~zf{4F&jf-BDrX2H-`j(#v(UsSeSo+5*$LzMTd%| ziUg{v7zS|cFfDu!I?M|JHrnF|Q`tI1Z4rLe!%zpIF%Y_i)o3p;_qnW6xak3pH3l4V zQe7CWk%`d0nAH_RoCR8l=!?2+Y&v)|W*{|Dd7;}%K(KkKdL;@#6$-2`W(T<)j?-pC zmbDFoIGPA=0F}=+@S-j>D4?r3LJZzPu*!L)fS2#&N#Ro`Q5pbuAG$&q6tza)+fmqHq11y{sIY2}ha-p@z*gyLG8EnbXYFFCVN4ZOuBHImfE3^5Cczgrk|Dof^rZyD`CvMds?BtR7H(`m3kGZC}XL9kaS4H>AM z7_>$@lo~0Q2o9yjZ=`aAA(@31)VTE_9hD)CBKt@bEsyYHL_iO+k#Zqb&$Iz`BXU_v zs!@cp@LhtKhGJ(pRoWmOPnP-I*Z|oc(FMIyfq*Epat&ld7~%7x#t2a60wHII&H`uz zgU!!!sDx}t>Y`#GIV@&E{V+lc7~Dd%(9R=jY{2RmkO3wxj68g1g$u>OAjT{P^?E$u zW;j~7MBsc6S_MwP0rJgk7T<{0kOTp+qETl+L;%Wguig^(7`-N<%WIc-0Z<$85`eDI z#PTwgHauHFLNLQr7X-P;$U1}3;&aF;0TkT;8qPY3Oay5!_yqVeT||yp3xzP7p2`Qr ztD6*Kv5>HtXBUa1@IOibN`(}@-EN8l84yLOWI4|`@>osB95(=E8GDT3#fd|X2i6U z>>w6GfEExBD*zS%6VPQP>pr>K!0M59iE6tl$5( zW)1JVqGp>DiqVWt6657Mb$Zp|&?)lhxKHasW8`U_W)$rncl`MAkB{TuJ}CC5HK#Ke z`^62M6b9pbodz8`)crnw_mJ1`C!rmUG&DV z(r0fM_8c|o=VY8@bo*J#DZ%>n8Hw=n=9YSUN4UO`RyXh0bXL91lWRLv)1IgO-h6e| zg)MbXSJj)qD{i9h(;;D=dddy#{n5`0XSEx!X)b(`*|c%G7tMBK&#H^PL>{aHHzhCm_{4sT>c>0Pq{*?j;>H_a(E#~_d9UTN8 zXRlfjyEwC6y`u6>$L0-$kAEmfKTj)~b2ZA`HaS06vW+(t?@wruH-Gq)ws`}3HMMSq zcbS;WlsB31;;4Dto9;c~EH2LcfY}Zoze|H7O-vqIoVX0eWG)-pNTN267{;l-QPu~m`u0lmt)_sqPy68YEzNBWj^WS&LdbY++HjGD?0y<2_m z&ADx4Zy+bvvKLLRpp-uTQTwZF+a&(h6+i#VsGS$_jO$BV?(~i9aec_w^VqFd|L%9= z;+(y82khN{{pm+bZ}y5u`*3Zl7wk=DU+9oPuR9U0I!koOG30b?&xv(@kCZ0a}e|1%szkO8EfxeE={Z{6VcE3kOFDAVjqOGS1ysa^HTit`T z?$g-g-H10fFk9tv$^xNtEB2vCu^ZCDjE6f!)-+64a|wC=yhr{4p{?!OZ?IflI=!~{$}g;f)uulmU2XEMFeK@b@$okKtEV!hhF?n zn?q=5m|hy$wD;Ej^pOpE9G&x3b3p(7?(ByLqC;o=7((CQRB@y&f6)=kH)(b0h-t@F zDet@Gb=q)jn%s7WadX-870*x9T$;^Z`^UfqrO)OJtRFu!1l9Pp{q7V)vE5o|X`P9; zmtS>I?-V~f)nxkEZ%fJwV^ep3x-*mfoEIfc+kdRGxF#}YWa7N3+phE({^_9fVsI5E zdDM=sT|%y98~XQna$-iU?9I==O4l#g>G@TZe5XU%$+B~Tt(*;#{ts$P^Q-REL{LXU zBd$G*bmT1Eag)>Sakx)eR@PKMvSvF^gT;1XQNP*f8|~Q_6fZoTQGeDMGiJ=@(MLAr zL(vm%$@H{N1)I4ilis22m?b;-(;pPjP!A>!7}}uc%S_AL-dh%*irS7G_Dr37v8AuW zqfn(kxL4BjSJIEun?sGZEtkI-`?6%g%$!G4c5vo^c=-}3KC)xuT7TGZ=5 zZ}htgi+Ant`iB*Bx9p$aeNVR;1By4UnfmiQ@5SA`vFi84#KZ&UnZ;WZt9NS!+4oD+ za+f4mb#UCHt=RNg{U){d72k)Kg$JxHZ*+gOP>1bQ5zQ<+IZ@MV+{lSj7tO5lzIooG z{a{VQ1?#bz2aDHf|J+zGJX%${>8|h92}N1(!-Wm9c^AX3)5nh9DSKBb_&aM{*L4jS z>hl*4NiQNrn%3=c_UHybe(=rfq2bbPyn=Ej@ppqJ?Os0nmb^06+<4sZiPuC#C4Wuh z4T4d7>xO=nwA7wizGX%4h2+TJMQysT*~Gkaf2ZT#z#Ee;>hJ8&k2voxF)->%^3{l~ zxPOiFWSAuX!Glh;nJv#(l@^s>?3s~&`Erx&>}+mhVuR{QH9z_}2er?CZmW27p$+O; zheJaOw`f!onjgp+J?F0N&qrq$_YQp9Gf*9W(<6IB>U7E2!HL7LZ?7f1-TwQ)eCoQf zQ=R=AtZh&kdi)S&U7A$9+q~y@ zv)-%gcvFqZiG&iX+U1F!UC2yaPs%ZMPf92;HfyBFiwqt=Ib+Qs%A+nF2PpHJ9(Z%( z>e2LIO~Zw<{Y{tBvqC)uh}nKwENG+jV~_V_Q$d6#$`#Eo-Kp ze`e4`4t)PRQ`$Xnq51i_{aY;~_8<0r+wINmrg(;&TPj0to3%aMw$*aZM&Gv4Gnyxs zeYltWd8F^+%I>=wv@4pIqj@p<} zv3ljf-@`F)uU(&;)Z|2bez|_1^r3L)fz%w=#KEL+cN^BcAk0rl-+QFGGiPZ(%k%Z0 z{+#>zZBM;(VYvCdi6gd`A3d%da>1U_^WprmKi`dwl{cxm(nOw{vSH!Z^TM_w(LsqYfQe&A&HJk$U-T+Jn)D7oW*c)Tx_% zny7eC_^oT(7o<@6^(UdW_0#T~7v);-jnr1>wN9T*S<$8L*9umvo0gyQe(5{7YsT&B z`}Ea-jcZ5l=-({kfoBeJ@3=qD=Wvcpd_O#C&y$V`dF}q-{^cChqq53F^Oam{GQ;!b zwd`B^vrWA8r?*7~DXIix>7Rx^+nFYrf&&)ZKS8=V#uOA5}aQcIWt*}CqK&b zi&Kex*RB}M;67{_xOgl!sn;ciYfi$7IRz)~mzZj-kDkDq+MRyHpq&%_+Y$47)9(Ro-RHU(B-Z zAMV|2O}#~$A=$z_ef_$ixcK#G@Y7m@Q}VhCYGA_7IJ?91hdJ{Su`gd=U6DSgw=%Ej za^`f*8$W%xQu)YJ#qSTOQ9gN2MasBx zPo+IMxWj&O?0jkSBG%z-RbkQNN3t#X#1ZEo?$_5XoZ5U-V%qBo;9v}1lb_pr%!szr z2K+f3e8sM!>_4O}+Rqx2zVz*chx>FV-bwGdH$VJ!uJ!PuoYWb+Lxvg2Us$s9%R7#{ zU61)?>YYC4wvUa!{Iuz$H}~L~9M|a+WqT(+8ve5steyVjlGsYTzfR4Cs}C|~J}6lK zWoTbxe_#3dE~ecSMfJFsBU;Wpyk~k^{-Es9HAhK(e7B9>FKcHncwJG^NAzXm(oX9> zp>mea)}QY8YeVK|`TQN{*XBGwz(2J5-RsZSn{~CR7VQr!)B94yg0!-Gxu4G*pLTQ1 zfmc_~hPzI0c->iY>)E4zXJDi4`YyGVdtKUQ_9L!+L=pNlaYzrvyOsScJxq+B=RUh0 z9`(0L&+T@m=H`RWuEH*}+x9olnty#N??C3w7I&*nY2uwh@}70YbFa^R)2HlRhk2!s zdO!Z2Tavmcl$%Ie^6UGnv>ja=9UE!w)HU=gYt`#^33;5<_y@||lop$sq<5uu{G%Zf zSvX*w{$m05Ha*udZ@wwFUFMG-&knS-VT>;mmM>WPGn(<4w&uZ~{!_nu+-bMy(C4Qc z@I4$S*3CX#``4qzuU0j$&8$hk(?|UH{-X5rqSB{Ras!d!6TK>1zg>?vCdL=8n>wmp ze_av2q>Msra#^c0eNfV?Gqg?-Wq=QJgZlF)#HB6S9iJeOT6dn z)Si#+i`@D?XREGP?0E6&eNWve&-4Yg6K-s_lweMH@toVQoL76FA|7HAp2qekQ$7`{ zQu=fyh9Z=j;>F{OmTPN{vJCm@~4FOo7cak;l{fSsTXeQg^yk4GgnGZ z9G`!zR$kRpHKu-Wtfb$%j_F;f?WzfX4Q4loIHdIhB&0cX=Ju&^9blPuy)&}Nm{R?v zU$;jU9cOKP|5ns9w!bgM^J>N8n^PJ03NBd$%~0=4mM>oTOR@RVm9xb&XO_y>%vMFI3F6p#86ZgK_l6i60 z+=cqEwVIg1RXB^PQac%q-FLO>vUE>s`>v1N>}m9jB<9Pl9K(nP*OR}V4;TxU_RL7) zY##nwRk35N*LrR6(J#zPjn?hS9(6Cj{e+DL4`WNJrV{^3`q$;B*Om0j1{Z6AWBRs? zlY?5PRWBGwqU~FEuKkvuKOZy|L>x>|8?Apt5aZ|%BbMtdgZ>832 zlR%$Bl8=6#+VcFe>~DJ^`m4ngzqZ+h$?%s}b}m|NdslHYl-`J##q2kic|x#t6At#E z%YU8g4MC-E7sRJyGLt8M91A-)190y}rq^_p|E7r7(jc>Q&Sa3A`9J?CJoRsXC3* zuPS=M@1NQ-IlroOXVTlwdtgQyuIbW*-yTJVDH9CchUqOCodPrZkzr1xk4IkcY>BM@ z>~yW+Mi;?|H4*vJKyxL`;WWYg21!j=Jkam z)+_S2fJ8=qDTJ86QZp};8}5dia(X+nUb_Uo5XM=`+r?+Mzd0Aa8DFevcxwf`_#xF^ zfTabW9&HHg^LeCwb^ZK>MP$j1HVMIP`3rjyCIPWbIS1MU!l)j}fbrg-ZT z620z0@#t|Wo{qNVoH_N(S#X}39iwXddzzP>%zuWdoxY?oy)IU~v0@$`7U4Ad)%Gxu z3I@8CGP!zv9wb{Vqc3zyXwHJeoV`4q-UlwL0v2y)M@gRy)&vcB$_0x!DE z`eWv-dgjf@A^*^BAJ}x|QFzxpsqVR|uL*g@sr4~=1O6l-51nx6A8nD{BNfIf7N)(| z)Q1=N)|{5Nv{T9oHk5z9?l4|jBKVl6|1kO4!!AEwCf+t(X?tfAv!=pRl-EahhQ5E! z?{5cNZ@v1{A!v|i=(nreV3-Uhk{()|bVGiI(5bq%ZI2n?es78|RkD{1PMmSrH92|5 z)Md77i}0y~wV~0wpWR@u9(?rl))gBM31;tU^Kzj4Sho+F5c6bsU5g~)z0u0+WoN)Q zfAQ({!cL+dx))m|4^Qbj^jtDxJms$KPMfUwu=3y2B2MbF&HWbPBYER*FzyuZTnZ6( z@rCbq-n}3+nUuYtx^2gX{R=eqnpQPmo49!9vwKGDSd30<`8q`HKVW3R^8TkDS18^V z9yBMaEB(}8;jw>TEIJl!`D@Luxs3jv-l1d7hh5ejzfFFzU*GjhhvZ$p3|XVXE!>ma zcglBcdK`dBTP|za9#(Q+$e$jCNAcfF8=}=Qtw~-UbO;-$DxOe=imk)1TFN<_- ze5(7!#Ro_0rp;Egxin~$X!wy>i(fmg>8gKKe;#sd;o4c}I7?nuf6iKo+1UR{y=mfX zW_J=Hd&c334L51GbUd|o=JtyxGukyh{-NKC+=>ROM>|>t@>i63^V*0XOiKT~;A;PA zl6`W`Uo$5v$Mt^?EF_bJMCXUqAJP-^CJfu0cgWSgdR+8n((SDUJC~;aYMDOjWJaTD zX%EhRnrK;!i_NhXgMH@2x3+^th4LZ`bU0;uk8$Z|BL|F^%SsA~%{!y&3>`XD(rZlj zbXmV(@lVZ>Q2F4@yN; zsFv>L)FsA&Uhf_It3m1pm4+R?Shdt>)sGGxV+$x{H?Ch=pIc|J_7H3AZeew8$(jql zlAlii9{~b+%th8d>)0gXuoiyWtuMyaO^V^h4Uf&bo$+9F z!L9Whuhc@qr2PHa2~Uou_fQqA9sNDyyxP*4O#S8C~Q$GSh$JUhT+- zhwSJxBPY_QRUWn)MzzlPS>9+t$>XUImX*)vJ^FCymaS|+!*PnvCGuUZyA(b=eML7* z`gX|Nw|z3orKCfiPRbvGHxIk@zn(w-p1qHCJFzk=t;qp}e2=2l*crzRt4jYGaIs|E z$@X3A{Ve-_w$abRGfkB(r#+mp-*l^+SUBVQm}|wm&Qw*JrbNGgZ9?tw?Ch#(6U6(B ziKO_ASKk+Yx?8XQ#5bppXS8|^sGDblqQgSP1p}FaH@lnsHv^=}{eQ^-dH$OL^8J$m zn!2b_RT<_L+F=-Vqfy^s1ls)VS>K1v%Wjgs<_9tFnh0zl8*JRsmM;}ks%Ln{k00N> z`>^&!r!p)X1AhP1-Me?UJ+oz6Y3|DdvyfEsetb!uSK^+Y zJ+%1GTifdoZe}q)cRzYsS1_zK>>G!sk z*m&bh{?XzepI(f}u9m(YA-FKFOVx&V1?QX-J0J9RpR;`TynO{d+nku#PWAV%aJRFC zs=cT^V`+y2>Tu~r)U(`4Cfvb8tZzxn)#!x~d_uB=CJ!=hgX5a7;UZA1vOJ-obc%-HN^6S-GA+ z`40#?pI+(GBK7f<;g|b5S8pkZj^D~(*Rfqq_)XWuW1A!+77Xt9_4j9YyT!Xlx2bM< znDr~XF7f|0Rn?{7$;3HtcOMaQe~s;4a`n}V0_@vM+is;d$qRHCdZj|1vqIF>v{kU-O;w|Cj`aq3oln(Z1qSxdi}V$_q&f?z6AEXvhT%>zIw*B3si1ky;*zo zk&yc5ZO6P$(^$sB*_m(GT-eTyT&&x7(O?sIM)9PjX78cZnWsPe_*MC>+1bd=Wvzd% zA~l(?_V_PZz2uaUrw<+MzX%c)m2H-`ID6FA;z-J~{BS2hP0DZ2*oL%w%adqHxKjH< z<;k_a@8=|t6G~p1vZ_}#WPA8cA79?FsOp&LBzNV6vOX%st`Dh$y!hYq27N1B-f*)b zrT@IcuKADz`_iHj{s3OQ?e9U`mv%cgpm>tExJz39w*7?HI=npfk$8TMDrKMk@gGm} zf<4+P-E->{y~=%d)Zcr7yJ!~Vue=a4(e4>DD>EN+cK#6luk2T3y7t?x?4m`DFU~Ky z)zXGF>gTq`XI_zoCcVjC+WFxD!nEP9=dZTEUh^DMQ*|4TwQs%mKeA!5bvFfT>s@&t z5WL|nTH8y~$0#e`cPgXn9EU}SO22cgeq4(xz1c7C#`}in^4yGTt@38H^3b-d%b0J@ zx>dOO#BJ=PnlG`u<&E(5yQ;EUCX)^*UJl`pN{(dvz=fK;r#k^!RBx2OQ-jNbXP0JWM+p4sVh=Y z1DNiUPftp+Bv%KN33_~Bb}y;+*3%|Lm%N_xeC434l$gTocWVS>Nb!1Ueut-aO{xI zyPa@!!;rL5$Br#{`#ZU#GrqTIX7}WdU-Yuf&$7O~{+Q6>>00MFQlmS$zjNy>8(uD7 z<+{DA(e@T4b4NIq?;qJQEA_zBev~r})a0j2lV2H4o4%WFEKaQlLHEUlkQl$y#BSU~ zKJ37%p1kMOJ-?}GQLy;H!>j8$@dx>Dow?DwX?j(*tnR|nC-WAWhpor`H?2nKY+wAM z=6rFZbQxp*AGQcO6-Z@0NlH#|1*P@v#lxl=@@a}Lh02riJkM_ zUto^SxEOIO`Iic!Z32a5-vFGyJ1$~}&;z1z`6y(nh}ly!epku~f4sOs9I8yEkCM{h)iaa6q#%wABS z8#z{DTYt0$HzQ&_GwExkaHvzWzc#s3p``sX&-tmB$A8;^(==^JQxxQ89$x%n&G5Uy zc9?UX-aVPh8I$H``c0FvYf$2C<0R;3NA6*JjZkcG`m*cW(glq-&M43KR`1h zxpD++!X_nexAjGh;*#O@&wulDvweB1^Q*RhuLV>L@xqX&*UBX$FBOd48Pp73NgDL{ zd#AnC#0iHUjLA4H>a$bpQEh2|wrX+K$9t8z;mW(P&P7ead(<1#F>Sl2pQ`-n*>81D zT3B5CPB3F&VTNIE0%YeRbqd- z^2M~DXN~=PIc62VO8k_tgAo@T|9b8bZNdw;WxB0!>d`Jw@|-8y zTyVgOR)^0%k?hE7@saT8bVuHeC#E$}-8ud+iMmX)qH=!Bvcxk!PyhA`qwJ}_aVc&5 zLD%$N>ju?Aw)*c@g_-9i+qHtPe$82H#ecB?Rd1%xH=as#Sk4o<4esS6jGy>%=!w+E zuLtq6hdcXAuT4Agv1HxYKHYN9P3YFrrD>KsSuv(}|DN%eTQ66?uM?}7`*+sX`xV{W zr7zva^sO6^)4!l<_R~WB+Pz6-g8SW$E$({C*=*Ehb?U`VYdT$LJinFPx#%D*r@~Vh z={0P5L8~=W`bu`pZ&7pq{e>yn8IKFbjLmSEztg99ZhwYiqjTV#?8G%C^yh_t)Hc8T z2fgk|$e(0IE}KRxkZms`lH0Bx>%g={WBaWDCZgdbLKG-;>fp)8LYua(v#R?$guHH<*>vdPzt9xRJ5HH!XJ# zS^ahIzWF<|(l<1}urhnpug7rAblmZCsrSWO5;kn@?ZUH(Hn4kdzTfeF`MPl5hTNCK%8LRW zM>tmKMonC@^)h~S>0W35ITQ12Q&8WtcisBNBen>hyxFdGsNz)cB`W3lHs)M%>9~`Z zL^NwvkI=7OpGRd^uiNo){h;?b&t=ckYC9q@j{m?ah>Kzn{y7d75Jyb<{iWa9+;W*~ z!>Ea`#wPE4oK@B}d6KZ%k3JdOZG$#{T+wUA=sAP(a=JEF@H)&b+&Ny`oO^$2P9hfD zx!uM)r?xmw%}Kk{xx>YiO=ELJJ)iY59;S6E|T&eB+3y18&G|x62FIyz@RB;q9p5^CIz0hF!NTEnED4!^oXeQlsD9 zy?f86q0R5p@reuHbolX-eBkZng`<}KF?-{oW8d$zYkQl-%RX`C`yiqG!3O)_IU{ab zJ`KN298<4owUN63N%qJfk676LAYh;7c&Zn028}&w?7!VNsp@Uh>dG<4-$st#EQ~d+ z-kz{@`;(okg(-_|hEe%{?@0W3^w!e)$Lbykcgw6Cvwz(=?S1uz(M7h~u=kIikdUL< z05$)UwYR5r1mDlmyGP2q6Bj1TNw`SOH{{+wtY)T}Tpc zV@Xfk#H+e_&4woAeVe%KQgr*y$%l&+^@_Gf6`gOb1;ESzP20=?tuHpU)-)Qj;OyMn zC-ZajI;<$C*F7u#cg(Ywwmf3?E^{5;wPN<%dXn}xD_gD3>(}95?9PBcJHu~|?N{dN z9K#h3XpncE@D1aGbWm!K?7DF2)81jWUPe-Z{(<^e5kEt*HzM#=96MHEnVhdkM?c>_DttRYEzv^Vv-Iac^ z6c35mQ$Mc0+m2ke?bR)(<$s+k{NhYU{@>5nJp0k5@_pY^cexwpSANN;tsW`eQ7{Vu zq~LKUr;xx8I`pA$wrCQB+NTn$BSkm56;{7+B# z>}q*w^ZzCew@lt%mKB|tJGB0el+P$6s9O%anry|JjlsI3J{@b_u0&*ctT)#6~)I@yx}>8+$gm-kBw(g}Hn84PM&@8(u#eVuk$~zXr)Yx92R}5k=5E z&e)gYCod*K^w`PLs^s;C4$0#avf|_|04b<$+hhCi6u=yHx!B{*6x__(>kb4nb2a_K ze{xDX{tnyM3Mg*sOIN>sM}FLnaYcFeUAIu9Ch3lT8`gF!YI?3=9)5~R@Ro+!d$ktV zUA3ScJX&|a4SrErd5Nyl_f;4M>3B|RO3 z|74w6wP`Pse%Mo4b$ZF2$oJA6FHaO5Ef;rsl9@QJ@xYk zbp=Yd`C(`P3vhHp>mdm!Wx};KdAnZzcym4wOnkH8S;yD=%c@&6B-!POKLm&q~?;PnjXL;6NjB%fz zu!s+QJH@*v<@i)N*48f$Y~`ME)La-d4t+weu0V5WL>R$Fb^64_czMr+O0go#a&y6ZN;U$dB_%W+vc;eA7 zf-(Vm?C|icn$BcThvDmv=>R7LnL*~>$FEW0%S?cUtSi`&8N9h?p!H8zvlL6}>zJWq z*2UuwQqX~Ob)FoHc7!mBnfsy#l1y`tAGuI5Y5jmP+v_z>A2=>l@dH2sd#=8^Q2jb> z5df@uEOj5S<6QHPDc1$R;LCrO(;g~PzW*Q0y=7RHU%U28cZqb1C`bxOw+JYRbax3z zcTKvKRB1^;Ksu$FbSoj9lWv%kZg>aJ|5^K4YaQ>gkNt6fQ3SmE9^)G4^*hfwkor&& zgZO+xGWWYZ>H{*muxE6mV{|uLN6aJ~neIwF2|^WGE{A;xRi@s3PnBCw%0S^S5{mIFEV!OWbdQ{lGLE=XnG-s2_Xzv>S zrHftdLh)O&rq>0}nVhxT_X~%llYSWc^l-hi$&0PAhZ@xUmRB7;XAVmh5H@H?=y#xZ zYP;_v1JJDNGwmifP}(+tNt1Fou7n2M$F2zLhbC*!(I~6lTNYu=v$)a=1(uMI2NOE2 z2{zOPmxe43b-syrnXP$&q~I%h{$ASPaVwq4D2;FT6{E#=b@Eg#?{3dKDIh&&>z#bH zo%}bv#K_UZ{b@(Y2bZXT{Q@}q6p3X+bv-*A@E_Ori+mt$cfcs6@ z{aU$Wt^G|7;`Bt}_(tMt_)fytld$p2!+3<^bK%0sCqP1sQuWu8yW;VB?sE35rfo`3 zy){*f%Xp;WvAkAEATenXt1ry_N+s<~3pCW#%7_oio&`>vqB^d(+7IU5E$~8CUI1Y% zBgf**FDsSG?TAr9?aW`nY^{q~SzBj4iZTL-{mzgEtJTNMt+8pasZ$O_NuX)49D$^# zCk5o`TP>d#VzMGmmxA(1*SIDoCg(*TxM^TM7&<(bp+k6F?E3ulRgm>;(|UQ&gF~Ub ziz`N}8+n>JcM`2qgBU(YQH)%GL#g88tUfQ-5!w9;)g{=W@Y^N9ZkL};kRTlY>f#f8 zXXBB6+fxM`4Fg&+%SRsHv+JC6X+1 zg?k|kX@x85^G{P5bVPS|G&|>l$?Jo>t&XTlvsJ0@#S;!G7Cw|Uee}rXxi2@OHSMOu z1*(r;Y+Ln+TNe(0t@Zr#Ya@9_oPDNFqxrY`$kXJ^`kfy$xMx5{#=8r>D+~Y<8ZUsl z8i$S6o&#|0iF%l59VUuZ5j2<*+QY7oiK2~8p(=BE95_ER=!5N1eO3y8kN@Fbv;(*H;DdCjfIA^Tcd|1`mcqU*FL5x5)~x!AZ5b?fdr4rI#PK zZldXt-SSi&)vdMdr^I<$Pm>Ke=nCVjtA)a!u#qoW_dXQ$bfw26fXfvS=Prr)v8v|2 z4JB~5<90iID~P`px%f~{x!BR^_laJ>2RAm;!>MOhMavvH{lD_zXw~-Cp-EguS+GTM ztI0yK30v(@pz*bvjhV-D9+1mz2w1XC*y~4^!JzHgvb1%0RG$FD@~j8f>y*T0edy&< zkW9JlxT(1Rt|MXm&5os8TYM_#($#d8<>ud9+@PSK&!S$3M*UAS9MqtN=JweEek9KY z&htY3iYyh|LNsP8fXwo!NqNh;SF4x=l>>QW)z83bP5t@RmsGc3mRI4d>Z32kDnBY) z#3PAIPwe&rHi_gsLky%#20pI6oTw43_YiqnHjQ5x!zKwjF%@*-$D&l|YNAHP@Xh2cB>j9VR8PZ=Xd_EY@!7Op2waWy;)=5T*;ZBYx zMq#F;g)B=~of#!lf-w5gT1+-KN&u2bRIq4Q;&r>)j1m;RgfgKPqnQ^3%TLhVAl#b+f6DFg+J|t8EJrdt$yk5KHeIf0z`Dde-x>MndV0 z)0$0_*;G5`s~Vc_U^znL(PrBBR~QVIG5S_x4V<$oW7E>T?tj|`aqzcaywX#!`EBq# zmHbC>atoDKnUU0$y&bp7vH6cT>1566jU63!#2>EJ)PxptdI%FXW~+CCp7~|$G8_GJ zOvk9=-IsPnh5=5$^BbQ{x#QBy-MRXQ-@ku<9rrZ4wbsdqiny7@7=e>a4T%MMD7r$T z#qd){nz;r7Ew&!6*&yPC!h8DFRx7Jy3v_X!gmS`L9eTJ$>wV;OE(jJXu<4pb+I?=s z!%po6P@IgVl}XN@_KN&l!yx{&?9V`r6rDfV9r3NnQqJjTz33xt%%GWvK1iwD z=scL8MX;_`{B@T?%v{i3> z*!r6XhF+{rJvZAhHO#@sD|h4xujo{fVOsANULKnFRlpbNrU*Ab4fHrHuJ2KM9`Tb{ z$R~A-<||P^ZSM3i#TsYi0^tM9_KY%zBvT$%T)S6ii${vhTPRTQ0N`0#S~mIJ=q}EV zaZ#jXvKUL=-}N~E%c(&QikrLk&qJ+-`k_xhT2D9AcNl<{GnlNg=wU6Ef~l1UNQR-J zZDWsoA9x<)@c%jM8BB;=Y+NIPXGyt-zWVf#S6{^_Vr7tCs5QeB#iy{e>>ujOnZ6nk zYl~mRDJBExo{C4t7YAY*7yY~!3r5sh!If(>R5soZwEPtk(5 z^vDM*Ytv#{oNiwP=bAQ3dx)@wozvOJIRb+~9r&DKUOk`cJrN?>fekr8v8&8hilKBj zGF~4sA5*QAkU_D(fyyvI9T^s0Tf9<-RoIs;jjI6IdW!@7;!F|RYKE_5hNr-1Fl(>A zl)6|2sJrAE4hkLTb(NWSP~V&W#%aLYN_G&;pXV(dx6RvTIvF(u?!AgQa$aQ%AXqzW zb59o8uKr~rabu3DcY0+c;>(BvVQX3*SxX=@C9qbL2--+BzP{J7OuW4BIQ8sFE|hOr z8K{XhZX>m>sjDq=86B!6F4jX`l>4$D!Ig77XUdnC%?uf?8Wk7yP}cw?w!$2{C^Q&8 zlqTdLJeVPYpZUper2XuSUP3w7T?p;BHddtnjx2?p&ai3NhtR#%<2KxDm&2Ia8tWLJ zq>M#wv9P0))^GSyuMhmW)MGiDvs(qGHAyxyg?&&GX}=v@(c?J{ zbXj5Fa9DfpNgPca3Pwn#m=Bpnf4qtamz`mybmYFnlK zDVaYTxSxuD&6oc}x4Ff6GbNj21^St$Y`F7iET?oEo}-qpE_6?(gkSO#qbTSi-bC9! z?ZuIHrylo(k^+64;OX|d(kXo*Mx0nMJBhkQ&F)gKqY}5z@pdaee*ffW{*x(!SB~!l zFsfO=%NCKY*UR`)^UU(;aZx_#dMZrP&M&eYe)s;O#@@xI zzLf5wek3cPSbcWU8=%pINGO$=EtCOZV+r))g{Tk@M8fx!B(B@@V4AzlBQGjNrBePu zwT(se7wKD{l-6cU50#uYm|*1*+WuT4tw~!hDX zeuP6kV|IZkFvN7XC;l>W-4-Ke6+Jpa_H)Wp>28?rt9;J=%}S}7ZW{)(teKpOqV~opx z-KY7jSMfx2=KEULXwU9h>{ge^_PUIKN5S8`ja26C)Ee}(iX*0$&dr@9$EZCM{Mvvl zqro+;8KTxWk2@`{M}J@G6+mpVRBe|;q%WgbG;*=rOJO}(O;#5ucpmf-lnYfVMPcX} zVuXRC%9!T;pRrx?&}FATD3e0%_Ut~h$=OFa(S}DRab?+&E4Wr|5nSyPJg{X(fwjCd zhqT{2+wecFL#=Lsn37H$$C`LuRN%lD@Hxa z#o*4_dwMFrZc4Lfv*`2e9kP6(65+nl9&x7Jctw6sk*dfCSTxG-ZH&Q)VH=CId0mF89i<6 zX9q+cy5G?${@)+B4wHB@hKRO~tERKs?G5e|dOEt8&l^f#czrni)DI8G6@DnDl3_n& zirP|-yQ}9U(`S7Z!8ZFz9jbWC6OT>x@t-4mfdwU`6-Eovlm1Y>qUOp0EE}))pW_~; zzkfabRXa)r*{-DsD4EGZ`Tt0xPd(mHOoq5(!zxnh|I71p!*Z{r-n_bi zv2>e?d`C~dI)hunYe`6s|G$Z#z)xR}XD@wj9PoS}~FYy?tERx@Awu-Q2 zD$_L)PNT{k2VVzizR<8NFUqRZrt*D2>M8U?nte;1dS|No z+K&^bv-qEj#BIYa*ZCb~9R)Tym<9k&m`X9k!f$}Od0+F_$WGYKKUCa`@*ZqQ_W;MF zYx+3CBvO-hxUkkGL}2R15Z)jWX=o|hwt#^f3tJrAlEK#_8|ny7)w;Ml{$TBm?lg!J zdT>30sxRRYVH9^$l(*$HhPhS?EI5w1cqqW73V43yrf!{iiUA1o;&g}4b^q2PZ7OiS zU;}W3urRYoM9U2t&R^DcY;u#`)NBVCI=vSQL5F+t(;^@f5JlDDfAou;{O_dhldC^&c^6HF&DkO#^T8UM z1V9A0&UE+w%;IlLp~D+P!}E5GE$Ku;Up=pGX`EQD1SKc=m^TuJ@-3j~vln(t`>2d1ePZV@1r2p4R3+LEOy# z?fcZAEU9)r;mWR9OEgw3;f83QfnfsklI&D|tkv)WncXhtA#VI8zAo_CQ7R9NmrDvv z9@M!mV?i)Zmmkd@Q+|A!?#%;H(ymWuTN>NshPtK9-3vN016thx1|;EBLk5~@0DQee z5Ng9l_Kq$Zh$x3e@z~1+C^xr?ETBLM0JV8=;YOlZx^j)T9pr{M1~^_<5Q%P}WrVML zx)~1Kum{@eI`e}5WcCK4k*p`*vU+~@z0TlCm>I%`vW*pnPc&b#S)>A0{my52OcKxD zfE-`MwPOb8Zp$rbuomC0-w#mh{Db=JJH$LQfPmK17A*zPPjoC|7gBbVd+*z0|3?t8 zFqNums<5+Wfcjkoefu+;wG!~wTju{w1GG6Nd2QyZ~Z3($M$6}&2V4o1!GBz8s?=I= zVN&J7Ly0+hsf_~P#^-jkD*8f{#l>JX?1S6P(O;E_cKn1@!))paOh7C!YwBL9jePyz zlv)AtNYNe!kME|Ng2t~xR41jlUy01xALTZjYOMv z>7E$x@DK#EbDW3$t_*(+BPz+@LkElE70;Yh|JtP$9ixW9S&{n1fh0%vv= zzivj>YVXjf7@?7wAn2HlsS znKuLm@tR?n0;P`>FQWv(!=|OULEF%&fdH&u>pzTDccxrT`p>7&6~o?IEsWEFUX;sP zVwS~3#%OOMvxM|w=wfg(Nwu0z{T`5O^XzcLq=Q*08qFWeYZMT87q@iUuv1OD%GLVI zw@wex^XX|H2%*8Aspd*W?h}+384`=lJ-v5C4>Q&QjPA3bb)}UA=nj|<37p6!*a!VJ z2bCSSuu@5A; zF}O$r3bpC<7v?j^b*z~!{O zHrhi&u90T*%a**&{iUwHs5{pG#g(}v806;W1@$>0?)i>LmBWOwaf-hDyZTJK=#6h< zxh4(}X*7SO|MV;EgODN&Zea}%p!A%Xq7mMj=?I6Tnq9fffBRPX85_QA@^wd+J#stB z-(hyU#FKBS0iL=!|52c#1MD5g1VM1`CI3X_0X!EA2!<)Ia5{MZ%EGR zHbr9hh{t#=hCYRSx?S}z@=n~ki@TaWH1q2+73vC7EHoTdlwAB$^g45`1w9Se2-|Bu zjIcP}H=t%;P5enGILuNjQZ5qzS(yT4-(Q&kQV~cm{57^ID}_9Pc8vy8uNczF!m8oI z?d-m|O@@kT3yG&IDWL!hKvY)Bf^E)sz)g{b{ykC*1wZ+{SuWG9RnQ;207jXm7%7rgr`6J;W_=w1e+m10<5c%+=DnCBM;ZVOUZNE=r zA0Q6AH17fCh65R*6VtZK;Gz}joJ7CqE076u;M&-if8OGKNfB0EFysPM5xx`$upDNz zU_0P@SbySvww}rj?f~^qzlS%1v17fauMQ@yW_0cRkH;jJnzf?NKsUqh>-RcC#vZAE z89skP5C2W7QEB`pE;a%DjNR15h>R-=tU+1j^4tzR>H*YxBNB)=E+?m;nTw$3!=k++ z>;c%Q)B2))lwL#1$vI#@_YGQtUgi!sp9njz>5U(iuo|16KP5z@50FpAy^W^ZII~eF zjZ~VK?K!+yYBrGoErdvuM5O4#HZhxoCG_;%qT7Lu&su48NBMxjg~P%a&1z`sye|b4 zFQer0Y=uUAS39jFm>uk0GaO`^?%K|VLbH=%=mQ%K^m0oASc@k7*V=zx6zOD2#y-$L z`60VtQ@D5q7aI`Z9jD^oC=~luqOe|Z=N)jCX0`GGz8jSBtG|+VB~zB;U~^EhltM1d zq3|X1<&l!$+vL)CZRAd1GYzy?C&A_H!&M?RxD++2P@Sq_C&J`MlL>UtEid34TIJ5q zEGmLr5!7f6O7J7*OJPLO>(mb+NhKE#|*HcZqBct;_5sj0ILrwsX@ zP*m>20d9(3F3uji*bei)kUh`q-vnsa^I=Om)gSWs|DwAhXfANLKSmkVgtE=pY@C}O zW!GbgdWY^YJR*cUt?5+Ee#%2A;_m5}P@9=c5=ChJY{%t-!|K`{#cJe4YMO@I2XjRD zO+KAz{}ytj>nNsj=9~8`CNvcD=})j=3vXl5E@VGjtJ)%R5R)U-(xrIwoO*ua@p|b; zQphO2T)6XvvB+;)x0#tm;8slr9`z@d`^&u(C$=J#l;t>2*ls$YCY9Tt#j9x-Z%>Mz z4+|hsR$265rLLbh`tdG&XKJYHO%faa8&q^#@HZD#Bd1T`9U0lT*z9F_TuNZmFpea; z=xFh~3F5mI7j>xg(HHikPzyg^qX0_dMrbTlk6_7n)23!x$a1g;O8G+ zj?Nz+YJ`VspCaa4rdxhG%%h)_*d>r2bo0;ieRFt=P!xw0ih59P#{i$Lv)|la@l^Y( zTZr2cjOckV`5nPGvX5L#OB4&=pK)dH@h)iD`TsCk?H909dM%(ELH!)~!*0D37nk1v z|B@%MVQdEuWJkr8lC==!03QZlXqGNimtYGR`L*dTg6(?{*)m+7% zNQ}v$qm|O$45pwXoh^yGT-De$AcdMiPE~wcrp`e{Xt#q)VXp+#=-oI!TB~8x9{1qeQhvh_ zUjd|O-%OD~Q3;hrGa|BZ&~3(5opUDVypQ!|4MCxPoOrbv#(bUf+}P%NXltfv6enk; zQq4Kr$Czbx9N#+AhfZoUxzS&%Ho9HhQTHU( zQ}5-Wk6I3^D2FUli+7hUetZuI5Ky(tAWdYbq#8ka=PjQ-wUH{i-x37hh}}ODhaJa< z>jR_NPU4FAO66V~Q<(SN>BR(^5V+ zNNBL5(?~qZdJl&b_VFXp1io6~Or65_b+-7wNAa z()eB?2y~8CBN6YVD*c9sdgWgl%|ys%O4R$LJ`y}!<_~%~^DC%np-^#tqar%V-OTIY znA@j<)WPdVDrN)scX^&YVvyWGcm0JSu+j#_!dqC3u!GWpa#%T34eN%P=P$5keUz(Py#TdGz_2|B4M67J;yLsi6(5vMt zmg$R9>FsTL>R!K5(qM#R0W!^u>gXsxwn>4Y5hsc-1dz0Yw}2|!v~8&g@96qyLc_F)Ac0y@!;uRamC{gXcOfI(l2 zYnpqLY4e#NI)shv@wT;gGvU#t4i-jrap=};?7{8UUq4pIwJ~n?rH2&UPV?Ac| znE5(9M$I9byX^~Dq_@6>R70`0EY&Occ9{jhG-Jb_Ph-^%NVil+=Q{~LaP&hJQbW%< z7k$Qle&nL~^akinNOLXzMqU(Bg1_FS3qN8})L<{KjVi#ssK1YDy0;n9eq=GAxOdFT zX0}r>1L7;^m9wNih)AMM+Lni92RPj$X8IRjtyX03pQn-W&)%fx{6B1yP1v1)G-E<=!Cb>5^}~dS6sO>FN3ecHqQVJ!$5Eu<>}lRkGt-)~m-j$#p1)VG0kG z%HMLy-Y=@zyOGzB{zXFPt{y66=LQIi8%$m>oEsWD6s)l1iro8M-~AJ+rdNvZq9r-$ z-}Bo*Njj~iwKh@bixDvg`q;r%!(e!8ZOlWa`A;Y<%D`aFNvMJ}d;;Sh8AAY{$pjDc ze>M&N=@j$>YtFT}RR#}{H^yvNk2$lGWe8_5F+zJRC zd7UXPChmI~0^Fd7cWSxv7S9jl8D{R8@7%D4Ffon}?yFI^bV9&+w)}X7BzB*5_OETJ z8iSw>#ObN5r)M2cY3HYhIsSLI2n6E!PwgiZd-s-lRcV8cjKrnnn}5!G+DMf#fbRYW zIa56GQqLsE;cruT9krQNw}VdA!#qJaPxaM38Vtvbf31r)*z8eH41FOIr)?3|}>9A4f(nOgsOGEJfodw}7&hXb=bU9V)H zNRD=a0HZg%+Vx1x?hYNtdp#h@>cOwc-)j%$xbyU=*(L6XKyDv5$p*W!_KrYzhqKr#9P(2mi!MecIH~gQ-xk6gF!KO`gOb)@OtZ7)$L*VUbPjC-% zu<0@RIXfY1cL#@s1T9v-o{lJ<)Ia-tlzErl0x+C{+AEW9RB!wp`zXtI=OzGd0RXQzZdLk&h1NPls~~kJ=QAz6cv&xYCK@ zkaAEtW&l(w0w3A${CWxX*3JZ-EnG@_U*rMX&C|z#{&7rufeHu#v-22zeA>ANPA!uw z@3$QQEyGI$Al@URim#iZ<}b9mG?sjTGX)Ez|B!_eI>54uc06O2ZljB`A`UmvZ645_ z3eEWaH;NKCegnVrl6}|ObN;tTGk9~KiI}CMHrzTxW;p16@0mtjN|xC(5x-My{)LCn?do*wA`+^OGi-FV=?*dGh-QET=1vu?)?=)AGonl8X{ zofDr@miV0Ad!*~Umhd$HAYN)EIZ;@T(kRi-$pGt4-AkoR!qocYD;$uZ=)0pCR5<_d zG`jOZdi{$Se283dv{OK>l6waQ;Kk{qDc%w0w9z(Q>&Uu2x|^O7_B5n?8X}QxbZ8@tH>k=LVDUaRds+ zkJc+fddH1ZS{e~2Vo>AC0dQv+R**T!NCL(X`TvX|a*z%I7I6(=igoXq@(Y{fhq)_U?225)$CK;&iqm1*&D(!MpvDN>jv@rk6}LF<@P~mUKh3 z_C~^MkyZg>*dF{^tfilC^Y&W_1QeD(1teP6$6+<+0!S|_k_CRaL3=h*#0dnWh z$x>ceNZL#-?r06|niFYHLYWRZSfR>_5PqX>Bhm-P9Xn>=XT{Vg5I`FY(K9B}+9q`;`D+!T=yFU6kBl!EH8q6|meY%bI(%mA z@BrM%k3aD`7b4zUQzrN7HybSf6duK&sYxI`-1sikYU6Gh;JM>0p-#Eg z3UFoeLW*|Ee%&C&L>3+Z$=C5$s{J=%Elxa;1Ly!$DBor9fF|1uj7k&OMi}p~1)Qi(n zgTVv@=xH5T{%M@)aG%m{^1pf-lpYe$2>IiE-M?lgB47sONW324@=>QdySz~QwUPvK z6ZhmdqMk#u4@&|ZWJqs8P#J_>qu5B?w>ZRB1Wqk=;9fRsgO0h%j*#R z@qU4enYjFGIES0kKFlPOukCD#Zf|T|ZT_0j7Oy?5l@c)zNj}L*8>ACUUeYu0e?itY z?(i2+yZS@fHT2%+iE%k-mgx)O4|KRGfQ^@uv&M7b?zr2X2>gs{GKO zdhU@pQFTB6zx-cs$o#*7Mqnz61n&B2VX5(9;P{m770}@A%Phf$U`DyL%}$mnSGc3T zb>1XiYuMV`j|Q1sKpz4I0$bh--Z!dY`}fHG`50}QM5R%VpB2N5TL?SVo47kjwPH;Y z=(L!AIuis&c4-hW%Gi3A*ySRX;9a==6~p}QBOdHWY=ajGhgJ%oj?>Z?=ij}E5^pm} z26>Ie+A_mVAd!C30Zj@4;s{!4-6^40xUiN($Q^6u_PWG;F1^-efvM6Su(nc+6%usR zHrytr)nDDE2ATEhEK0OU%)jER+WVtKzFhSH67KC5Jw#+GcKTB#XK{U*9WKz~!enueRst z31o-DM={;oER7vN>f?ZhS7kU$F(dbh^i5oe*_RE91({dB9uPgOoA@yO4jZ;)k~v(Z zsY7&pH~RAl-F$uD5tstcN{uu{V!F_I+oK)Jtu+cfHd#{n23CmoBHLu_!QeSOseetqY;ytGr#IyUB%=02{v2ySv+!&rb_S zpS@b&vXb2DjeivSndH0IXX4y=o>i7l@ddA5yk?~Os7mmN%JtRbl&`8^mF1qLJ-*vH zI@X)r-ZStiJ1ISzhug#9E(QjB3pY_P%f0!H`pKI)4^97YEGRG69fDbQN-0%9uaUnI zdeDEpNhO7|dy5lAaT1@vsnIX2Kg+q+g#}ehw3q8}?J)ekMRKvOau%#r*7OpGbvg{5 z3vb>*8gQ`|yvZI&%M^GZ_tCVyO94kk63Ju{yNKt(b8iB#{?j>|GJ|D^i*@Cj{C)S~ zCAs>Vs(eNFQVv6FKNouPgJ1;2clL#QDf>CZLAz0yc~F2TDz?JofX7y1fkL|_{1p1g z@@;mN{#0=~b<*FRh|9t8_hV^m{JW>6`_3%r<>@DfXhnXyv^%GZaY82nN3rC;6&na< z=0|pk$-OIX$3-SmlGdmtKFsMiMJ7m;-c2+ZLc&~*>h?>egfh(zTHu#tr9(IUx8v`` zuORsYsA}(ZY88h1`37qx#*BykZchS&clS>f<4Wlj_!3X+c@5oHCWYZIQ}4Qq2%y22 zk6m-f{pV)=IinXqq`A*lWc2=-4u9mL$kF!7&U|4PpJuMSJJ;lUzg%!}&1C~~6_Tda zlwu>-t~kzP>IGCxxYiv%WQ3!roSN;;{L;*SM{6@zS26FsQ}X7K=q%!oGdB78{I_w< zibE4kTiCJ?j-$}mRjy9hQ{8a-w2y%X+3H)v-&e~0hzA<=Ls3mF0;2vB9zYLZoQByy zT&7>M>zg0*7%l4=IN$Nu-<(H1{EkYLcfNxjJ%k)=^#qj}nsGQpb8<9@-K*GE|yfPvcN|F?MfuFOh9q= zt|PKHVoj&UsQyrAQU;NJ!SPe$>TN2wo%}lHUo6!uA~xl_Yz4d9Ia-GdwP!(ab@iiP zpK!oF)s93-J~q(b-JZ4JBf%QniuRh%7WSX7g*&!+EP1U?lwAJh_ibs55vkW)(oz4N z0BQ8jy+P~=UtK->Wp)~$u^t3J-b~ixN(q7A-N5~8dgy%WBv@6mp0hEW4<7EzhBmV+ z)eaL5`4L^R$y4%u0IA8%!ui-l@2p3%Llx)BYNEHsSmZql+0cJTM&N+=iG=fIl_0|R z=#Kz(3s+o1<9@?{q3?-?&3wZz11Fj7iVi}dRifES3xz=68XH&E0|UyXy^!8oOEkN!ri41*%UxjKbQx-1dilph7Y6 zsmxEd$E%F|Z^n`MTYWB%w=|11-!JHLZ=~>A>aO)Cq*I%w9hUju3}pCSTKlZ0fKN58 zGVdcUQvM!v^-x`qCW{v-V{5tX46I4_e&)FA_YW1NIdxOo#~upPgp?#rdZI5~1;N?j zL5m^-)I=`l=Jw12^R8-x=x^&mmZA2aTuC%^G}wbq`HBxT=ck09a!(N*gdP*7WyW1% zOCb+;N0lVp`~wc4zE?9DKKs@%-?MaZzys^QQ&x(9G<`4D{k6?m)OvU`WfnUvLvFAN zm1{JM6`OdfXjjS1{a-A=w^e;KP|Dg8il1lwNfj7+CwlN|=WlLgy7zWLjrHi$MmY2e zZ@^``(!yXl=kjEyQ9Q%$^p)*GU#PLXZy{Cy-vE`>TJ!dxzr;ZqgA}f4o`TXw>4jZ-;)>>sNUT@Yrc@knLNck@U(DZs~0aJumI@oH-|0ceY(vGqi83hGcWfpBk(;4&8G78mq9 z8&&QSt&ZOR+R0}rlzcAm$!mr6zJ?*84VrvjOxjBnQK8mydb`;gH=7M!0v;Mwq|=?! z#zFDhb2H5Kx^yO8sE$_UiQ}TA(S$7Q4Ce3u*U#z6;UsDlvIBw1T>Y{lPN{GYt%p9# z{NXqMzOPS8Ts8*nhlcs@FL}Pwf4}70&K}r&$x6;v6wf}pfwv_E7WB5`Ovf^Ptu+Sa zw`pJ}6%LUpGDazOFgBhkck}sjq(`8`oCJa3A`&Ko-uL*+%^H`#({r3_q#ix%=C zj^U5FXE7rC<>r{;G>gp+!lBbI7h zw^S!35YeGm-P8`QZjB!B{q@iUiu3NSAF|O@_F}F4k~)p2F#`iO6U9zhQG6Mf)B^U^ zMt&C-X3Sz!VOU>GTV~cvw}RW0?k|c-KtMX0r|9C+{x|wg z&~3qMgLZ=-4RMqhRNlzdeEc=lpXYqgPR!5aYnETdqR+{c%V`K|sE0(BSx*eXXXN$g z4QqV$MD{h`kn3 ztg+>9fw>eO5uH4qh(!Z&C07yT*1(@RvEnoJbx|}ze|200Y^RLF>AZis^dLc-uv zHN-L3XKEeb>}#z>Eyko>GXoot%!>pTm3E!_z=cU8|M|8Ti0CJjl6goQ+V#jHi&v3c zP)ANq5(Z*i2?yooAifOgK+KEdP>We3;-yqnGOX(MnWR7Bgv zb-?Bp-h7tf^WJ%sEhWap9|av|lF+X#*5(lw!oe`#zxN}+HY87li3Cg-eyP0puv^?D zItXf7l96A%?_nRakoXY97tw|(g8Q?Dsa*ip!H10dbe~<4d&2G#BLi8Y^#M5<`#KT} znNu+wi6U`q^qmMt&mS}x;$&x14-Ct+ohw6oEk9$aF;0+u7gPO2ci6=jX)w;|5PP+& zy!LS0DF|FQbPP%eG!thw zvq<;`!C5|7WR)(8pk|Y0aiYV}t$1G~yetasJAAD}g6B~yl|d~p z$Q;;5yCO(kh@yN@y=Z5C*(C9z>p!Za=|xxQ?)VcjkWuG~lvHPr6x%A`i(FRMzIeNA zM0h(^$7fvMO-u+u-C600g;_V7EK&!ozhu<>02vCd?rdfnIZVfc>WFBXuwVTCBINX1 zikX0}Z|7JCZ3uE3LDTYwBi1Y&`xshCQ;#+{-2u<12#~O+#^A7xsUDdHh05skRt_mOOI5}nwgt*pjaXliv#pF$~E)|{U(7*&{drFkuN z2X&=h@JP(51Q_CwpM5k98o)(FpOCUxyv>3g;hzb2;KaJIdp!UOs8(8HK}lt#+gIm#{+x~|%`{BOA};OQzf(~NXr-K> z!4uLF$Kf*Rr+t@Qe|n5!v3Ru%y>e6OLxb@-Wp-31+b0OHFmz%7T0I4>p)%ovKtEb3dQ}R|Kb|V zM`ZY2( zfsQg{H+)7>mBe`+2vK23MWl1#zFlFUgRE>XbJ0OuJ~M<>%a5pm+HOsZ{J!dY(FD#2 z{CbF{B!X6#bt9uqMvCk5<0NsWvp$of&or1fJ3M}V3zY=}Ut+E5eYH4@xZgbTGa_B^ zJ*xtB6&y6y`>MF(5%>ec%JUh+{dK}Bk@Ra7fHoOko(@06)p5Ey-RsU&zwBvA!S!v_ zYokv^co!54rP@SSX%!4or?Z@ASXP1sYJvSnC_3!XD^=2eHp4=Mvx*6MSP`NQ4wolB{)Lwovu#cA^psQ10RH zKDKQxk7GbviBl5aYL|IR22!k@CL*QiYLvFu_=h^NxKu8qRki-FH##e;Rp2|urv<0G zn=?7x{6&$k`lUQ7QXdb$QfP8lhc4>AaxKV^C}VoAKx6uu==>xBdDVA00f#)9Iu zJ^g_FuN%RbEoqNXeA*3Wf?f-{AD;`;>n8L?nS=-uZHtow)WQj9^=WKx3H70n`pAyx zCvoP_LN*?k@}E=$JcNBy-(}Ky6wLH&P{eI}wR>}+xzTOwZ;#Ea$br(9NP=H6NL{$jUp6AXDCzf|OLFs*oamS*{hJ>6=6x9^GWX~sDs-n?Or z?5k=boc*qyim%eAcV=t z=18>056++BntiB+fl^>$os4U+}JbC>6qO4$dr*DB6X4mCeI^LBlV;uV~WrI zaAba@kUfi?rDTM}R`55_frl9-B$`^lUDIgJq#WsNYqY10n)AWVM2X7|HkChOv2CBB zH4sS|Z6;8H0iJ9YtzzG%w7xq~!Wb|45;vSG;IGK@ENV>riJtFRe|p*bDEhjYAOF;fWzQft z^!y%~IoROjyYyUI-(LI($Gf~1e6UWF+s?$F1;~-&8QybpVze*D*f%K>SN*)5pk0?G zwJ(W!Ox({sEeMfFp`#JM-Z_v{8!ewKD^?2`lh#)_$h~YA57}NP%;TPxjfC4>!^K8En?rw@y9RKS4y|{iJ z(;v~{*IxVe8*}H{>lJl8^z1F>k)4%qXFLdSS{;VZK_%x_u(=h?{#lYLQFBO(au{8{ zPjri`ejK$fP;VlFlne{)MWF0@$M;|qM5#_ycdm(?CA2$x05V%`y@K@Ds5kG8`|E&4 z_q`d;aZwlacQ^LTQY&U0XWLGWORa57q0+cX;zC(Se|Gb=-Vdf(n=@E&8lo_4o9S5k zw$_pproa7endTIB5Ed#xS)AgA7A?&`XzpF!B4z)gRiMGkZ=Gf$z~=O`B{7E=!Eo3H zNr|J`n>^}px;BqXf6Uxmxi$}7b9Lr_M%K@SI3V?{m57{R=r9^R*>#g-POu!}@`-RK z7c)~oyORfdb1^7jjY5GX(Mn&|5%*1qgT7SxOJ=e;jP3CvOYm7rZe&h4MyL*-5I6m7 zWrCi~OJUS=O-L5S``V@zO(;>4eA4?x{z}u7nmQq2h9*bB0$WOi4T18oY1Y$}$I+s35W4g4<$0X3hyd{b; zqT%5VS>z0g?7R7QF8aPJ+f(wZza(O-_I;8W}|hF*8ug)3Z-fv$z-xH`1)f|KHP#AtIVO z6w?cd8L`?XP`2lkn}rnIN-}{6!>1N*F}Th^rq@>qaL6K7;6uX0Lj9mE`f!Pw-h}<9 zTK+pX-xb54T*}P%*9jNFZplGx=));kFo^r=7rBOp^TdZA2yhRY#-|HlV z)j6O=4?XH2gk{Xi4rPeVL-_4x%y%ZsJpBIL5~~xQ;mo}NyIprhU9G@C4bmR<;th~^ zfj)nc#{TWridhN~eR{Q96t8X2cV^z1XZGx8@8`99tfB~adXljC`(v1}BcxYB z^l_yEpm<_d78+kX*lp#-(;Q#n7e5C>C;iZDd`LvtSCtOVeWOOo*Fd;fd|$%DHRbYxfdX2 z`bXCO>V*~EAy8Bh1;b?1=2^1h+U^9QAug?F`sYd$p_w`vx@1~oU)2MB@a@Fx*A=Wb zTcyZg`r3x>GcXH-g@M-uE+SGK*$xcW4$MlrR7#YSCf!kSD7^`v3LCmzH(SVU_&?;zA~cOi-8D(|)NP>cNqnOPd* z5CP}&iarf48`>Oq>f0*Dk$0ktYrQm0M8@0v@g?OZ{G7s<&qqtcnvS4aLt9>z3?uRX+jOoh#i zC|W7H_Kq*%!J`%JW=}|6%Rcfm9W+lt!sJe+pfA~I-VU54L9?BC+j9200pYE7d)a$LD)|D6S)=>Fs7%18;8h9BV<3l%3F$S)MRhW=PDu%<#*F=t4vheIK{USg;j^bMmxUuCL)-L5QqlI zm<}?OvXv+V>r{$4zj<2>l4{K+9LF~pc)ZtF0V0LW(}$$!hDTt<*3O~6-9S9`v!b^< zYk!w=;1MpZjj&v=;)OF=vtK{>GvQFeltH0e)L&=vW+E^7-@Q;E={xrvqH{=PGS{FI zenMw6)W++t;*Q8w5Ah+od?^_xQB2Rs#jf1?rE{;bB@2>CTHc`IoisY0xyjIB`Uv4} zEYQBf$`~VDHNd7vjQqATbfJ zc909`s^|L;IQ#|IW92oe^p^4CCD`m`zXI9~fgnBA_|(g4=>4BsxHO}OWZ~TZ>o@G4 z5X}$7ca;eETT1u;5&nJ>Z1*wE{y|LG$Iyhkx5M^)&()SL8nA_rOE#@IJ&1nAQEL#> zT~f=~?m&Xpoz^5=K&e&bZ-96Odv^iOa5fvPFyYuNZSpJk^HhD`)|C?Ty%9Py@m^<| zhx}5plyAeW9ES3%d|ffi*oiKh2d?0X{7t~A(7*bO0qZwNct_dgI3SFA1 z>bmM>HY#y$9t@)p7D-@qGiUx8%Sz(A6i5o*`(j+Trq0Huin<%YH-lAfK8|4*8FqQK z+3gz2%u#){3>6yP!`2WUS?RqFD&J1pJv6Puo8ul8+KQ=qp68&5y;x z=75#*ou`h93~mIXBduy{-GsLxJhD7gzv&OvGlar;HZT4F?4^)d(cUdwwDnt-QJyiP zN`JeB>t4Io33nFv7c<;K-+c->m$tqBG*8t*U{wHq&oo=B=y@$bzH;;vq8xKV04u&o z;<>^f?-(->rT_N&_EHNxaQNIo^A&Rt+;ykb|MLdY!+{EX{DsDLxfve=1q!)V-o@rO z$2nE!V#RvHy;P;y5YWM7Q+^Vv7lv@(lCg?kcs&L)D zl=XTrPX^z<6U4a4bM_K9k8yVsk%u2U3+d4VonO2eGw7gsR#9Um8h8l-S*7PIa;2P1 z`<{9i=+~BaO)8gjiK+f>1PsR_-n(gMSWjksW$3fnDZWE-4L=v@W-DWd+|QF^g9Gkp z1EWOgHmv;S0S(X1Rmx+`x$<{lw%C38-?N3ta-aa3cN1119{;ki!Ti7Tt*^ zts%5E9$O3Zs(S%c!uCvu04z?#X&Wx1QUhKnyfPrL$x9X`qMC$LloVk~{m)g>XgwyD z5XS(SpUu^7kL0w2lF>NF8%)YW)}p!Z*ImAZNW+*C(HVIz=h7H=w%`HnG2SK8WDPPV zZt)AjRLrtcw2JVpV~`md2So*@)Pr~kN8b7~`;$(6gvpf+3b^-@u}jg88%OW9?g2oh zf1T-J#mgSH%n*M&r8q^9B)HbMbFm?CdQHuXdR7_Xwh=E%gR6Ucy$aclyW(7D+Y-n)%g@=*< zP%c%P%a(uDpQ(f=P2OxHMLw2Y=2@(v9-5o=pC1df6TTxRGAU>Oq}g(#S!$;YF*h6_ z*A2+&^-Br(8CGrDqlU%awAF=;+BAEU?V+cSUE*ya8MmRxNkpH$3?rv&2|JVh3FbX9 zh9NmhQb{J{tRmbCIomlLTq2ht-tm!SHUQh-p!g?L4xJ+if&N4c@G$wx=^H}4 zXCoKm-1#@^KCY-otx|yt%KhgBHSsi8qXZxN(}Aq)?YAE~1p~0EUkZ@_Y(r__-NDa! z2ZCR~i;9M=|M+$4(;8&NdHI%yCq~kB{nVOI01uXriqG(^jxU-RODQ?^h~)Zm{S-?( z+x01@5U|BBmWR{{Tp1Vax30hBdU1u;)#5TiO|@@}(GsbQm)R(V4C=bmJv~z+E^NAg zr=o}F3r)R$6M#)5{!;t*PX9_FZp~mZQM8%1ULUXgUUN+%it)1Q{}gPzpa6mmH5~g> zS&4r}7OrKyvruS3|%t$313RT$wRnu3|> zLg;I-XHI_^w{O}o4)>+A%vJ~Oy=lK)^r`t^u5K`n^RnF!;{;z!)t#JIk&lxASA5bl zat~Zn>A$Y24MAfs@MpZzmT0_$?ilvdFm`)}sofMA4WMOe|Gl$24CD{{B;-gl%1;ab zplB>*lxVI+$wZOkd|=U|)%bTlF<7}wA~$B3y~KG5&+ww>J5|&Td$tJ_61HdI9naMN z`vnUH{HVSUeJ&Y?F%MNdm#`W&3E||U>l?Ryg$eiwK{fvFijzD&hDmxKSPf@32bUQ< zIu2ql~k9!pM?&Nm>?MX+MdRr^(vxH z2|=65N(ibuji>PqI*yt%z_Ds_TJ8&!&WhJeKiEvw{p^*Ub1u-TdZ+p2S?4=ubPY~O z<4QC!Ovk@SuVxI?X|&#q$(3B48q;cUcc`y6NXelS24bq{KcUjYUjt+>?Bqz$o7+!U zhZtEvf*RTg*-48yyIK$r1cug{0H8gGXbgprn|9%gvbQP@UZ;8Z;N4V@MuT$d!!=f)P z8_ov3(x4GBRDZ%6>>*g}4eKBh3_dQ(7QhXB(6(;L>6Elr@~us{6RTF0tArHrlY7`V zU85V@#j4w?BH}tni8T8zf`8A?b&y+s1fGDtyixvb8>FCXe*SHXJIrSi@#BJot>xa- zVBdR%gHJeW&8LJ6k2VIVs%rFX8(aAvv)R4q`T%0&6llQ>*kF-S-CfapRHAEEvyE)cd+hxH$L_{V z;YXd5 zGVQ2@b zXQj-Kn;W)ML`?!7rAq(sIX!l(U-?q723+FT%avhq4F_RT6D??2awKz~#{?;QXgd95 zZ_)n}WKcWR-cSByA!K(1N>i@;lyCGrwXoYxV;}7&IKpPXkI!rEeTwyNC9~6k>}I#q zdb<~ARrxu=@d{e%QqB=yvox|Z6j$97_k%aOwKt>F(+bGccPC1kbSh$LD}FdBmWj=u#&7LUx4j!H(l&VIYkk^UN8>pu$l>^D)lIpC z)%tK3ZG-tb@-zS|x)pYiQyy+#rG{%5pn596_)1Pgow z0br3C&yBEi?a};vU7Ho$`SKi;_*}XZ=^X<^cr8&tqdW0J9{Q2glzG$fZi@WDQnoGK z$p$F7Uu4vzV6VP@f8(&3R^IMxog3B`9KctF={QKxMnVR!7~W7qt``}&E zii|40Ga(Q2*gbB!tcopNyJA@WVdwRaep{bcIr9DM&-EmItJyu*&_#XUC?r2w>Fw>; zXv0VYTLLRP1~I#WTiWI;())XzLl3coRWeDru`@$9=Hlc+BBCNiqC8zJ3ii zS1_KyDN;reNmHI(Fj87$|I%kwUA^`E|jzZ_R#+l$~wU$w5IQu7xT9%lN_KS)jp~+3Qs;MU5T3l>6=8ZJp5V9ES?eT6~Z32p3n(+IRQxhvjQ{%-5WQfa+ zk~f;4UFy=%mAQ>_E-~J?T~v!60;OCdo0B7BgQHje{@+W8%^NK*QWe^MZQ9Ry`b&@|X`0LdlZD^mFWJR< znLc0dWcks?z(+^!jouB$(`vXhYoCPb#_2kP=N;*(RbNlEmg(F=%U={_uh$_1ZB8BM z+2L~~?~M+sGir1Ozr;D7^xV)AHhO8mnrfT90JokONZjC)MJh%!pFa*Z85DiZI6+pizsm(4HeXT;BGNbfU)6u+$>t-ACL`sMR zISh^V-Kv_BwohDrF@OtMtGG*5I01dUK!HZYo>>_fPTx1qjT>)L?G>uF9kVWx-}{g@ zl9SZ&x=jX`dAIhNM>)9uz z9MFMN>86{#=4elch6rE0p~Y*Tjp#$ycdoO|ZmZMBg{@=!bz#Z*M(#;P2K&L#U*_>x z^Q{737uH2e@s}qS)pnum%xX<1vkX^!`+ZN@TrI1r;t3S(U?5;W{+!D|~v;M4R zK}{+BQ?(Gf}q8;LL(b7askc(SaQ?PUl=bd{prVf5cqB_}b}PZw8^CIzD5<2`?jT;0n6>{9aQV8+Yje>z9?w{z%g9c;j$ zv^%B-g@oe$$j%Xhd9-C^?41nk9mKII@L0I?}3zN~&istRV;xG=6iP#4?d z=@Fo*SoA(^0-vluld?bcdudS8Yuvp4v|VxPRx*0Bp>^jSFWLH zt|qrzP1TYVY;&%{E%K&hk8}Z!<2+0Q04O_50RO%?>AA9hKqffSKdR>wozi^4lOi<|3;%53#8);2HY#{JfG2zh877cj=UQhq0c&94gS8 z+gm!HV54VnJ>Kyg4S6c7H_?hnq)&GnN4|X`qVSknt6<}90JhXL(_U*uGe2&xl;#H@aZx8Nrnp3s^aM6oSQZJPx@*<;~dh0JPr(DDmbftf$#O98-_EK@J`av1dBU1FXG6xy-gNOgY*3N^#J3$9NJ|=w308arz z`O}KV-SI1R?!gUhzNd#q+|Gp$4;V))U&pRD`8w`(e#$0CW((#WoPVMej}8Bp?3f>b z{gCTK4MYFfVF1k&5(1`?MvzC7blcFsqE(p4y0q1&SOXqeH}*xdz)@_1FQplXByBi- z@L2|cXZ*pRIKu=UELcNO67uWn49yG|8(4uOL>W*N5{w2fK`YSfrL8n!&`!6RzP;GH; zQei)>3y|d+ZBabgj7&rJY^g5IP>D43PkUkIt;Wi8y$_c2qZgI>-vH6_5c24EmwwiT zB_u$V;iVmGw`IYdVi)`pISLksnM&d?4LGm-Vg%g=YF&eh%eY39R?>taoo5 zzQk*-RZtYw^H3_Z(odk~+`t@%i}%`(Gk(2I>a`7Ydt*=Tv!Am}|J>qc>qQNxy>R^- zA^T6j0dgdnBiqY^Qx}EfW{tGfy)u(;a8fY|iI$5wL0CkM{p3M5x_t(C74Evu$7$!0 zv~j>objn)3f7llv)0@?ou9SS$&-L4cPwEi~`tyxzma(odvFK>AG=*QUjqHiAfQ7LO z1ULQfJ)?v}ANAeX3MVK(d+Soj(Mr$INN@K3RF8!uNuXbDb(#5BlRlaO;`H~M(pnur zAKlUmq|mGArlz>7dXo0PX>Z{CpdE&dp0(HHT-RO!#dA}d^T31M?ZL+r;QZ%^QBZ9H zQu%UuJSMPr{QHegUC52t3ctQ2?k$4ka0)C5TSI08=jbZisd3%+L>(!%b)Cslb{qOy zrLJZ&Frl&qjm5%>-tpJ+;bSF6ip-P-0`Z*~LOe;ZJ&iU7S<2lFFUjCa7SpWyIZx=2>?VSj6p zFjHQ-O}UH+d#y7Q;qy42YakCd}ZktM%DDGMV8^ta-7A~UP`o&R*p;e#(t1!%#Cwq9% z`kNY#twH;!aSu0(V`|snAP=C%yx;%?&|_d;(jlrIeWP#1cL7J+!Rb0ys5_I|=ZB?bXYS#>SW4 zp}3yW?ONb*0WyG0NkUTY;(1Y+@z@A(AjqJ|-pgQ&%g8olavV_E@=@Opbea2J_H%4{ zJ1?MGE(SoULs)miuK}T40u+6-50X@-OWWTge$D(F9oaO&x&vg#54&e_6AT?U?svCc zX*&8H#)<`YlroSDl4CB)^veTy2t z;WyO{E(@Z;ap^U5Y?IQsC+b&^ohaRo zhK7wvSu`ZxtUcU8Hj~QkE~vkP*}at1r+7G7Y#?WGys&<^AL-N&pAF>?hw2&n;L73m zPrdV*G&1{v;Z-KN_pK;b7cu@_ zunpS$44=A+257L!YA!LFjs6|8$i@PSHA2>91yMr`R5XIUtbwA06eZAZ-=}dXr1g6w z#3sCyAVq=5Qa_3ZRtYd{5Cy_Fnhy->U2QCiUW&+PU^6ZJJl9}k*L*kO$i_aPU|SYC z3~i%D*RIR06FEa}lw891s$BFoqGY@YaK@&j0oaoi346bWzui$uC|$rg1_bGf{Z*m> zk4Cjkhy%zj^*(9=5}14lsW2I1VY1FXgsCv*Cd|l|3m+jhZGST7C+h@B_1i2xCPwMV zmkB*B)tU_;hHo9=$f$T>ZuBU6Drw*c`5^HW0CU@m4Mezh5%Y51+>$ZzH)mD@ zX%$9m;~`!6^ryHCEO1b1)Wn*5eK><$CR22x5m!Qx5mxEe+@-50lXz37Omhyzd6WHx zMMB}6jR@MlC9pJW2ea2g?9xXvy*Xu_LGt;a6pP&+aGnpvWBumy>o)&q$^@}T3)v0g&7jW8C zg44qUC;~La@mnT=%E7>dmdNq?>?M92C@TJSbXg}(=FT+*ExY#lsOIMI#=ETPtnl?Q z22}jzi($+nu68$ohKuU5c!;?Iy0%%$jzRjmNzp3er$J6;FYr{PGtPm*vMa`n>oIfib}7+oZhAY}Xs{x@-~&a2}Y z((?>&cRmIVf&3;r*DgrXD)q!POEJ?Vm7Esc5~K1^m+zBrQ+&KDkhB0K^V2QC%9Kp- zX-Y^hUJ?53RqOOMevF($$?-UU*cP=jbdRkXcl^?>k@%C-Slp)lAtb(*EzC~ZPQ>q- zv#EhjY~U_=ms`0sTBkx+&H<@QE6TZj2AArY;N55uXu)#o;+twW>6durxqGzcr^q*m z8z!6W8S+aO!PSTkd-87u-`06Vg15c@$;u(Xp1njL5{xaChZ^ZClPDj>KZa1MTr9n} z51eT1$__F;DzgD{R0=4aw@<0rQwq`MPGprVQkyaSSqsvtKpLq(RcwSN_z z(mZ|s!;{OUa<6E@x0nKgZXhCz*E{54+R-2NNziva_NrV7y;K6vcEz!Kb5qj8?`JeV zXFLa!=CO}H+a+!*jE`X6xr7&9dF(g*N4Iks0x)#89dL!#y(A!-05CcMrBum*grsTa zTS5a)AmAHTc_83(UFO0Ilhl=OVv` zB_$c2zcvzjCT8PSCG!c-8xGYyX^)+bU?bsV$D|5T#%4E@(Yr-A2|X=MAzTOPzYjwP zvGJT?J*hh({=nc6#JKtO$@}NZWYZNEj|%_`m;NZU_?9EfKmdcOi1oz}>?TMn!iHv>YB%>WO?&_&m%E&;OD-{#Sgb zG)|z*63R1C1e>ivOx&m7Ft?m|epgp@A|V0*Wv)mW9qOEYyC^B#soQWS?a4yIL%CT^ zCpwd2ueGxKA7(C%?DUBMqr*743D?sxPQG(6qz4VT0gFY$or`s@>nqbdbPTDun8K9A ziJ;0~xO**Jmp=b;L4daWzLzr!Sh|n)mVEzc!-4sP-Jt6z2n#SHIyasyNZA>R!zl84bdH1}? zNlXgXY@YWC-Np5dhAp*(_H@+*h+H4D6Zh?lTd7iZ=~Vt5`fBn!&l2!tVOJ?E?Hy3> z*6l*(Kh#F6rCs0TDcaQdEUx|0!#Ig7h+wdYq4YSODJM!KTfR-tXCqXSMY=~jkWGMR;kdayFjXdL)dzQe z1E~f#^ADrwj4Hh@E;)8<%t;8XB%ymTA0VqqOXUv$@N*|9cX-jbGqFTkN1H3<3a{qV zxFnhNBum8Z-VV1-7f%<_s1kRhXNYbHk>WADXz~~s6eeZ+<77-Cuyp*x4q9`lRtFa=u6MTjpzgZ>Bl_RX*j2((a4Sob#3*WNTaxmP3~9vEz#gJjft zY{`LC0H8@@{7=lyb0Pt_lELh03_`2((_E8P1ZYcR)hVttHf2%_FA&a--p%uY;Cx{O z9n5*npG6aLX7~XyJ5~m@9<=$XbtdHcc9rGNav7%uMCBTrvW|-Faa4C`RRwKfNExu3 zuI;`llm4WxjJfTqvP-PA*pHfd7sx!1gRoCR{A?(-^n`vWd4O)Rui;iWsV=LpG|LP>6iU@; z^smSSKyYvAM=O(%4yN!cC^1kNsB7#sT&ODtpmqWQMkd@ZixRUdoYGM%vlcNzPS%Fw zr)0qw%m`=4)fuJcHpRlZP%X2<8J)tAGv{X^gJ{lioo@~YR>F;L#=d!iNN5y4 z3hjglMXibeA7Dc(RlFtS9Q6&BJkEn6gZk>|1NJ5lOkCelE>Jyb0Uw>4`bT@^EZnf) zhgFComr9l}ll=-`i`1OS@=IDj6B;2l%xFf#!A$Kf3rg87IBvmT3d&eHi|b&eX_BKr zFJ^wd8MM7KwB@|LvKbDlPRxk?&mrT&tIdf=W#Fh)Jv*P2=9zYWwOqN$Y)p|j!>2^# z=@5bXat24#2eeF+uXnaXa$|_2piZA#q#zMH3>cCd%VAxSp~wk@5TsKdlfzNE+AM`4 z6@5xSLA0oJ1x6*d)i$su5{g^LVxw-;JorMZdlPt>xglzk*6vP96TmJ!0ZRX*`ies~ zL^?4ktz;Wa2)lkJ7T9x8KijJ%E2L`95xQ2ve)-1@< zUaJ(-DFKLq)7vloC!-^G@a>eG*A<>GYM+HKCJbD-|99gA{2rY2Hv_Uv-?TFaLl4OT zbKojj9ZrCBl%Snlfr$ChGugmHLKFSZF=m)T5~&<>SUTRlOCc&guk=*?a&3bUTBoqA z6j~7;HbFucvKs0JTuza|_%^0%{wJFTB0wQY4d3k4GTp=UmbKetfsY|MgTc$hrly@P`F#Ho-19=;AV|6s?f7 zI%Y0kSE%Vs{M$cm&COoo3feh`wnHvxm_+Sd6T$Nxv0Yq5ym}icqV*b% z^4Aq6CEitu7jiKBp`9f5VsaGE0F8#!qBVNv)l1lI9JEm}XGn#FKy@)Edev6V( zR+`ZCEAO>S!0Ps2#ciyfF z7PbWnJH93}^Am*CkV44!$S#FI=9I1(tL0EYD7ac~Jpxeku3vwqN`j76t6{|{TugJo>B$-+K?_eVKO{z#IA=;E=P@1!FPDO{p9wo6h^!u(XoxDvw3;FF} zDwvk8FA;K+)a05oR_1+0_Dciu;?gi?t7n?Hu|Xiy9x+=QeA=+bmYFZb;nE*| z%|3Q>n{qI6@o{7qCFZ?XR87rMF{HiLP05*o2CDyN{wmpN9*3Dp+~PV}g2?gClH8cA zI}~MT|CvE?=YI`Zv)kn)*DoK8aO>3H@7^wq_R}g4Xgep(H!Lo?)b}>Do(PqQ_t@4X zt3fHU^tS{UHn?x5z6Z-&$jJackEw%dgD5KOHzslPy zqRP2;5eM(S)JD96Z{nW{8DX#|+xz4HN)y}=b{89G4gGNxVGQJ2PYJ59oY>k?JL z>3Lp8zLWLot(6ky7e~)V67}T3U4EvS@y}g;0O)z1TK)N>H`pcdXH;Mtj{%3KVW*3K zL6okx60UKT$^HS&9<1-NRM{IKd5A3HyPnZL;$QGHv4BpG%_KAnd*Ts`={4=1)@j^ zsS>&;27drQLA7HCV_fHHIyd63!6gr_HJF|43C!$&gnLmX;EgR!TcC3s$OD_Xjm8)5 zzXK9Qyq^!=IISF3*5LYA85;BN&mL2TUyyGnP@n{b#$#?v7VxWqEYzS`hwf*M+_lqV zz;F8IWZ&NTw~0!W=7#hsm6fn z!(W9km^2&wVN4=rhVpfKwT>^SR>i7>1xobXn~gWZf7_$dPVc>q9yJ zwscM14}oUjYkXxhQCaEKSIn&o8VL@K-SAZ#RvF81iP|GEtHHW?HF0`4vmf;UBlsAc z9F-`)KEWKrI7b<{?~M%?>8%%vtJPR)7U%#B`|CaZ{byBi#Ag{%jphKLSG#v=r0i^1 zUje>wo^=|JVNo zZ28Z^|Mh=@KmXI}i0ohg&;R#-{QrObyZ`O)?GtVNRW@Dm*S}EipHKfnpn6=lf1&)p z5G0+ZzrRgdEos00Jro<*1orpiw<(+A`_C~5grNTgg8vH&c`)%WltHNX4f-2F;pCs= z)2bN$twH>62sH4Y^fYgVZCvYrp)B|=4_ncJzhEelK&ZeWTvSr z!Xi@}a1R2Gl7FKF*!-VV$|xo7 zkod5z^3x)>@lGB)OLSAy=Lml4y8H`aCGfx53X9@*&_5LKIN~SPnX)jwC&%2XO(^~$ z{i%GrkHAk6-Sefa$g&)vuh$tzscrW#e?c>#&)9;JD5TAA^Z|z>qyR-}8KF1WvrGqh zEIB!?V9yO~g(&EQ20IM#R*w?H-P!Uj&})L0l;(R7>FTXUeWgtXUj*2Nk|(ZsiV;O zGZPw|#CoTRjdDKhymt)y2K^WxoJoIm^{KyI=aAsBg@(3b>*%@HR`cm*WPmT5Nza){J1hodG{lq z9L#6ok&__?f4N9}Xi~=H!-KPt^|q5Tf0!UW2tV@B#TpbYm4j6;WQ*~~JA%$doyktt zGx#ia7wdEzI23$gTZ`ST99Ar5u*2pD@ZR#CLbI?*TptaUua8RGqFQ4l zI1F?#>)Um!M9>}FA^|vx=p64`@>_cnyzw~!FHe6-W0Y;nM_;q`@ZM3!L;=xF> z38up`B{3hzPq5<>+%o{4#-KWOb}cbq+RZ+6K-?R zM2>h_whw33?(RcG$mx(0v(6tep!!RE?Ku%``5hppLsD>o1J~{S3|ILc=ZlD7)D>%Q z`{vaYu z{Hr|h_wMQem#u|D#Zo+CIViWwU*8egdB;$@&aINqX!a8VW;weN->%QZK(z2@z4RV4 zS_P$J6E({jce5K)7rN(T-Fv2!+`U}uqJX&xg(js5_KWx@F?sM=;Cb?bqU5ODr^Xb% z!p!gV@(#@}lNL7uHF;A+3uS&;CZuF|?sVDO ziDMFiu_d=BLz3?_e_~I)xRu>cAtsB@>mP%R^BqKrgDGc0I1pIpQHWw;or%N{D%|Xe zPm{YQM@XAn7I=R_Eh|;Bz`SKCwmQY|OfCdz_Iqr)Pr#d0CS5ti?$a_Uo!pNt)M!B0DD|-x*w!+z=plzgI)?MVvJ%TJD!FMp>gr z?gx;0RjLLlY3^AN&cyM+q2JG3xK(K);)-z}%o4ur2czUZ#Q{k23ZZXvIksGIpE8@XE;d|+;q zZx`LMOLbH4^Z|EjQpoX@7IqKvzG5KWLOaAFlMI<9I)#x@DV?NoMwiXc{+(Eny}4Jn z*h)cq)9ckz4dzwL)z9Rc+^crhL#e<=@{U;1J%z#${15nAHe>5K*zv{4=K#fH7umYz z*h(_Ae~jD_zg6K|JH-|}a2f_2k8|T=4CM!Q&h@P5ld10z(v3%FmOv+RHE3AXKF>F% z`lpw0!I%3U;juzH%Jg)dn$+h4_v>Y{*72uG_Y<`2d);+sPxLbcpphW=BUcy{lu+{6 zc#fQRkI;plIOHVtWNz7BBi6ekwSMuBmZu#Sd_p$(R$WZ2#o+xs|1}y%Du@j?KR;wr zHEnBGW_QZL;iPIdpf0L>%H_2mR73m^BAc_(vD@t;ny})Zd$46rQ}nubmUWZSIdMNM zaewq81Zf;?N{l)9%KA@fFrc02JUilpVK+N?uninCv^zHh(4;UF!WIr@ab?o(7x_qG z;V{=pqO?Q+9hb92#=)6zTxvnm@@cz5uG%hC!IuMc0CK_sKmIT5aaH7?V4jj4~ zItd(B^3Fs4iXPF^+1!xle8EJbA?_Bwr4}_>8^s3A@3+jllDE z=6NHZ!t$7Jeq$SfPlS}Wtg_h(C-2I)o{+soF+p*+e_Nt~ap0}R-3P-|iAv_ONJ)A= zt#yEf8&Of|kHVlm2+!-a6`_c=UtDCLE}yZi3g^zSKr>)R{rx>$A)C&({eUex^y&8A z@G-Mo_-LH^!Qi6th=y*U){&%r2bHo(LuoQnZg6C!Gbw^Ze0+xGqL!2WzbZCbSD%Nl^DqbW)Wt2KS3mX<0~O=NJ+KT#M6`*WBYqhJaLbK?Ep+CZ1qXsMy~3D+Tw zc-&{<(Cq%$@caP|9{?Q~H0>~5D#6w>$vUX)z`|JdvONjXcmjmh&)fEHI#xUZf4&%p@V9XJMOi>)?oi~ z!@ztHi#L|fDD7x15GY)6Zu0S%&u@Re&+6HNBY=oAaMFSD6~;|oaqyIyevtTU8IRjE zkm%}mCy)|V@;y_`EvhjMaLlX*N3Yu)5Mz#3@2BRvsUK|4DOm;{hDEobXC1){S90s* z!ee_DBii+DLLB*W+UwdkaF}0HUGGy!cU&MA~Y!W~ObQ@5iFMQeasY2gnrQ|-tW4{CO z>O4C?xNs3t-%mE_;Wys`%vh|$cST(b(|PIU4PYs3p;D^c65g!b1#CsGsq`MDY}cAS zwLGutxamvpHrCVMssg3U7IjZ70Tel%ejm^}(WagM!Bp2@`TTtPNzU3j8TJ^2AlhL# zZK;T_5a@?}lIPcZ;dlraKdzFy&I^7*iT}!;=@U+4sb;*aaAL-p#dZq zB)o3WWlBjmFIH7(RYxF*0m%*U~kqr@P-gCUaj_a zA!vtaGO28cYI&0VSiJ*P0>AuvP8-ZT=j~q6HUI(uy$s%DI^e$7im{8@NTrB33gYnh zzMZ(*aOLb;%-nMp`3srU$2G|XryLy?X_1p2OjxVZ=vupifG2pu!n=1|1^`Fks*4E> zGUG4Lp116taixhgTyum7*NvP|zp)uVDumK5Q`My1ED7NTOsnn5#3vv7ODRUap`r*Z z@{41ct5QMM{CYEUxB;?DyFL*_>NG^Isr<2DxQbyK$a>i*zji6dlSe~HLQLQ1x8y+% z3}l?#1OD~~7Y<^pB4EeO)j#!CKQAhTFK{uCb_n8ifB@~_AN~y(g4o-2;^2&B!ShVo zAc>u{9#7_aB5>Wa-Q*km5K?^mCF^lgkH1*bL&*BjtWG43=|vpGT6aJx(;5KagheUx z+Zasx%1~%AWuD>oE^aIreWS%;J}!pLkh(Q&7c^7lHyQS2@T^Wl9r77Xu7;oUO6U&r%z2vK=EFIx!e!qs@Hp?$@6L#uT+O8ZG8ZGwKcH=IPcs zrgg!StL40weMOKtmNY9E;Nu?$ATONhkoQ{DbNnp={aX&ViqV0#!Ne9f%5^z-C zEl+HW zc1iTXF*BZp;yH&hykO)aa;nh|Zlitia~vpEY+7}k=U1()CNO)p2pD_5KJTn-LP9#8 zbp;3}Q?Y|>&O0Uw=Vd;%gZb<01Fwtp z_RiOr@9{hrU>R2AvhMnPg1i-X9UJdZaTG8q6y@( zNgNDPY++9VKWr$+PAT9g`Q?4&UrTY1r0dkdNEOQ=p3Bd?A&#+Po*D@t++*vI_v`6- zHuVf5VbG2_$!#k-0Ljq1K7_zwHWyJ^33vvfaZY*l?JVSr>o~% z<$UO37}(C|&CixK{iTONjBZ#WIs?JVZ%`udCZ@hCBkn^wQ24xN<2#o!zz{npaLRFf zPThjWVvTB~gVYQJDvrqWNE>ITtomHPIh)BJVS75R3XFzmD!xmxB zx*hP|jl6AwV2p_E(vX)Y6amD10bMOnv&=^w%5Xow>%?(VIP$Dblw|AyPhcU>#}wDo zo`FKK%aY7~9+8Zzc@x|c$1^B$@cv?~G# z^)*6lPLJjJlwxha=IKhmahbiA@eZ{KGjThmeATrc<7VAqoW)L&z$gpCv?4RK<+EwB z55JSgws%bw@T+9Dy54*$_2{Wpi|wDzQ%^O?Rmv4#TJNq0#wYnV>nTS@mfiMxGnAF( zuU|0pWOE(R6v}Jl3a2k=mkA@b1^@`)xee6SSn~*`qzs#G$@D|`GFMv zBPPkju|{k9ETWR;Yl%`(tSAj*ssLrx5!3m&DD$WR_OUAkhxY~t#8hMbjL_EH4Cw2I zJ}4_lK;MMgm{k54;Fi zb!FdVyYz(NnZk^1s1~QsB*0pj`}>wG;12RLaqII(t?V0he`<`%EK%2dtR_ai6s;3( z7%Gx6_7(Ti1?+1r0E&&J66;V;s)4p5sEW3aA{5{?{d54zf?D&sa$I-MdiESmn2X^gY0rPkVk$!**cGPL9L+a!y}= zS-x?SuP?|Wh(iLj4?*+I;LTf`^7Hi;`7!ADO;W5KB<~u!en7N~nCG?2TnnFwflWP> zsLr@ZBhjBr@rkU}1wI{0B<1j57YqwRi(Y!GXpaZFGxJ#K4?FeUj2mD*p55}hB-gaaEpaWB*P}8Y0C;I(^|m4(h{$-$ zFXZLm_;^p0ax5H`7VD`#qKrBUMXR_pa)T6g|UXOJK6{{_B1r6e^3=u1L~i~yOh^;KU72C^7;vQc!EjAndSQ82`Yjw9{*#2 z;3QZ#AQ*(2Re#?`E;gD%2ZT?=dI^(cCk=vmg+)*V>4ZktYbzjX-Iv9ZABY7dc z)@FSGD36&Q36P^O>?VE(5WQq~$*E~Olk%8XLfq+rvJC&r&(blXH8{jypIDE{ zM=9e3PPFKjRKOla+3}mO zw1udXnoFJmuSWoeQ<&%5i0v()X?}#nuK|e^l8b6E+7Q5KLfag5*8?mikM?8JG%&*g zq+VT%xquwdKD{dMstGec6qKGAKz=WK)mkoqrYeKP>Iu>T&y?j(ZcD~QX5IOl!BID>gb^A|KliUGrQn-qJ-`>tYKumlhSas#Cy09cK@BY-QDJL1npmiA`vI4jcDiW|*)s?+~e zX4LGs#nw(HrvByyZ{*>JL6s2l60$XIgytd|kL zL2O1Fcwji8zp_upS#jA|^nsYG@4@9jxFb*dHn-TL<4INY#JA+@LLCSzfC^LL)M0cy zSh% zrljV)#?c=H_Z-)gud5mJsQbvj3fq1&qt_j~FRc(3QwBU*r^PKY`>ZEi6^kFm!+b3V z)C9!K?Zq%H;?9TB;TZQYr|*Lz-Pg(L&SOLBBLyh0-qglLp+!9o%*ERwN+~oY_?(VS zx<~!t9zm~@vzc7t2{v&$V*Dys`i|AQE zHE6!bK?@n>ao#i(`VoPO%D4+CW%&5?lr$wBGhQg)qspvK#4of4T9Ma_c`NHg&?-tP z#bt=_KkS^9FKkHFi%@?$gF2)fQok>3Mp1h5)aXax<+pfL)F=T% z3rL5$Fs{|6nNZlk2&8=T0j@L+CWNVe!_yiC1M`?wX-(+(aS1#GU9Lljl$$%0jQd$z zWuT``*GAP@K5r7{@!Rt&YEpko6+~qN(J&t`fc0&!eLg z%@J=lIF`P~EN!Vz9AY(fQ-lGMSt|zxiL`HW#NqVQKUc0`<9gmd7jer6-vi!lNSR#q z1^xu?40`D{gjJE%ZqG*61tS<~t15YW;o7?MM zDZBySK<))-*Y5{y)H>RK$`^2&p~69vwm!T;evaZz?PwR2$$Kw9U=1*#(x2pjxme$@ zFI=}4raYbCIisyb8`N+*;90j?&VkZ z^q`0$^efjYv6N+n;2%S~Qo&4<#2I>8J6ysCJq2q327d#46l5(eMG)qXvdl^i>D^Ki z;_XxE>P)35h>{P2Y$=TzQOt;XqwSya(~L)!S9-n=wn9*ZohODt~??uB()SY2ol2^|zISK|CyjTXTfRY#3 zfSy_v?1Evq$ljXkn-0fH&bPz#g?*LLkyO|3*cd~ZvE_EM&|`Mqnae&hoqF9r%y^|P3-LK@Z0EM>VVq&I~#5! zNL)(;=>=P!6<54=L>p3jwtewA_+49G=3tPm_&p?7bhZU&3KnpDJfdx?>}d{;H8fif zAj)D>dbrhoITS!8%Qt!*&P%ochbZ)7R(sw3rTS7+<}RdX#Irw~5FSvb4=-TO*i>q@ zq`ln}v+(QXjM^%=h17$ufjn3I&FfiS!%<*0SMbS>3;I#)OU=svX;)b+=qvbxA&!JFFjm<5>7*=;+@cL~O~KAmgnC%M4iUkoZmMk_oU3FSU(crHS8O#IdGgr)u1&T^J2-!@=-_!8eJM{>!A z`=~X@2k0Aeih(X!&s7;ZYa87(1?d!_q$94GbTI$Nu~5?}BK?a8)&g#437*M+!NDf} z7!C-5`ghnCs3t^|SQ_F$bi>&uku{0f<}-bKa#Wx2=6H+tELYf>PW~1^APZ%pWZaiF zg?*{>>nOu^M1h(jelnEOY3t*E4Fd;`{)E*Xdkw=VwMqe`dSuQWBea8a88nu9lP{XEcc=~780mxK--iR#PaMv7f;ZuPQD8%T>~P{7({O9iSbz{@H4C`xij zo^Aesf>T(H96m1;Z_(qXVVs}cXw3ZvQl`y(XKor^!=x=*7Y%Cht(+En&#JszR_EWt-nd#c00JPi zTTRw7Q5_}tDa<*n!P=lYD$$YrqZ*Ds)OSn`25BB@C-9v{^wz$Q7F(%9a(GRv{HptVw%e#s=A&%QZFt>$Y zLwrZT;n1i_>fn-ZOp8}a`Q=su;v+z2!YClifvp(OVah;-K_DucDH^~LL3Dlqv&bs; zKtQnp`u96(Fkm?Y&hh$iDkDvw8`WJnQzO^#JC~R_nm2rA?K`>dqW|(ZxP7@f$i6ep z)aGdkX$w%sgizO)im`xAKRW?Is8>SVy50gA-35wkJ3#!?I-Y1iYk(%?Y; zyTlAIY5|Seo3+rk)1rhJi~=J@?Tu7|7wyDypV|+3n_n*vyLEwF&!o*M zksD9KAtXZdbKTB_NMC~{C`{+}X%xRSYAFqU-8nsnu^R$6rp2j2qA+?#3KNgffMztd z31-lp9vXh!R0{0Ykd-E5F7Z>J&8P8mE2832NM2$EaT1?fuJoIGSASc}fD5k-kj;Ky z0(VnpP}U?9vdN2vAgRv)NT{n(&6Q*WjvHU18j~qOB3wTC%G%lt^x|r+#RtYF%-0L> zBpx@;5V7qCD|nQ`d-BAK*du&d`T6$9LB{?fe+lma&Eb~DB}Pq`fQ*MtHx!5f#W+fS zm)Bn~LE#&bfQ)CdA5~tToqpk7;cL^1^UCLzq@|bjEpw;!18|uDu+_=(7v z-Mv}6fSAtq;;>z!VLrZDQ0P7!uid=2jsvz+s@3zr(+Hb8`pq@n5i%xUz6C`(u<-$$ z3#7b_gI8!WROuM}F`hsck;mGV$6wCg=f2~}S$@zT>3V*8RDz^u>kAuB=9Zf#*?g6d^`}p1Mh-z? zB-uX0r@+)&_FmTsEpmwkJFt<3d&+JcaxkA*e7=z~seh%Gr70gr|EJ7nnoX1oN zS%D4&443eW5OXT7+VyqYK!JYMON}Fn4axnau5SR5;Hra*?KK)Eoncu%d6$vc2(_vm zo&fk{Sga6l8#S5YEWw}&lU_t1vzy>V3@$`FLg`ip8#-zU+Dx^f1R!zL%f&>Ks|Lgh z>v^$Q=9n}7e)5Es^9+>IpqX1-Kg+N4&tpMZz^#KEz}UO_%`qw1_~6{K1TW$`;Ldlq zUV)bD1L-Smv2HU%ChjE4v+=W8QzL5BRxu+yBCoB6sEGr` zK466^-HKrXh$$9wDP`4-=?&;8$C4L2z_bRhXJvne38imb|M`L{Gdj?C{V8JN{xz^c zuvFpuU@5yi^8#q9TX^SzB4QJFjZW1|5a3eBlR5yJP;8viZfIL|=qVsI=$+$?B0bE& z8RY;aTJ}i<-zzH<^gs z;43INzw>%o`m24D9$tgBweE#H`sT!kRKNML_58pLeLRbWMuQqeG4zMK%2P%C#0|K8 zaF!1091gc2BxE=>(08X<1lpGD>XEth{Pu&BF-8(@S0VDv%*BOq{Hn9mWSF6Zbrl zD_{*T9q8c>uVZdQl)!?HPTL;qkNZ0aMYb>!h{A^NCVOZ@yto6Za-y$F0WjDC12b6T zCTIFGL1yuQ%sAFQObY?ALW7DiUkf!b1Xclh@OkB!XrrUz^g)OR8%+!WHMJ(nj2iVA zWym7cTa=}X;HXWX4{nQ*W=}Szfl`*%jk|$^613QBkVwF0LT^CMUxaW=43d*Lp3P zDg!taKJp3p6>tMjF79@W>Sqk07ml8-RG`;If3p~_!7we%<=ayt=;6p90jIt9{1t$f zRAcdZ$s{mBs-ILWAP*=I)H_b4c%L!T zS0yK^i`7+!S%Km1fw%bv`WGOS1}#iohf9MQcdfqxJU~>uJ{Y8Cw^4W8c4t zM_ur`*v7S<1D<*?enQ#U2lxZFMmY7l6=GM22gU@xb~Y0oH%k?8A_L+nKS&e?`B{(^ z&2+9Zu;<#R#w@xMYA^t`KN#`>@rOphg;$KLHx_d|8t~q%G@lC-YT|e*UPAkHkUs9< zJ}zsP+wdlSGi0U)!tgf*w~+M(JWW*uK@CSbScet_zeQc!6C5{6-IsDbGuuhVM<9%y z5m*C|{Ee~!VdsiV2uVA?ovNABK2WUEg-QBO9_vkoY6`XWZv+bv+wrp@4s0HLyAMZs zUoZX5HsJk)y?}T$1Coy9jJbvyjo*}m&6%4iJkaH^l7RW&K>9WCclw2p3WGHcHLcCw zvmQR(rdrn*HVwtveO{?E4?scw1Nwt|&ls)H_gNI@QQ?QRg*$LZbkp&|89h13#oykK zYO10Dx$dxDyt1s`N)@nbHi!9nas9{g)q$Mng|l_m4(-_dlB)>T+7x6z0Di*6A--LI z+ZO$zT4|eFsJ>3rZl<9*r}mbsgfYa=JfSe@6HeFA;Y9yIL1w_S2z&D9?6)Enz^bozk_JT^MPTt47!z!Tke!fzCZG)R9q=;IG7b1@UCJqs zv;;jAo(()$=y!yf`lZ3boS|bl3;|iz!GA0X6ja`oMuIItKQsl(ddG!})7=YX+aZ|m zp6{D7nd1u@!HWYGqT7i$8Ax~}Fo)Qna|68kDLA>h{p|jt4xf0dU{)Bfm^a%P2_>qz z{JK~mPmc!?A7-E_q=iVJKTzlN!2Ccp8oYr;dpjFTVaR@rS||WElJ>^a9-0OWHHQ6R ztc9{A!1}w1ejqzyc~*)giE@xK5P&+GjPHjBa#2isql~rNjT(5GmSLaLLb(&Ds2_c> zuun4+V_6+teEE|zRG==)Hk{0L-fxvK$-{#yVaPXcw%o=Y3zM4wFO4+5gqbKVma!o3#=_IIG{wxqoxwQHpd6W z7#3M`4U`)ESs#D0i2c$q=w?4z!iqu^wFmaJekw7bz~o7UFkb-W_kKsl7XT zB<}_bZ z0pv60{f#ytXUy0Y(c+N?QY;(5!1uI+ETNe$zwPLPZ*{>BFMxKttbog6SC;~j&mW+4 zaKKp_a{7HU$&5EytCEUy+!PM1?(_i+R5*--u-`r^fGg*1r!@xX)5km=^P%Mu$}+g6 zS%%OfgViR@y6hS%a8fYQ8umTI`vaFZSQCLrVHAcmC}U-{>wh%8NR;KaGir-bC62TF zjiDa}Gke;(zWuC1I^Bn`j)KBS<#0dhz4_oZH^5`iu%Omp-Hr?ck%cd88i|fYAwTEf z;Z*;enRJc>Afn!&Ia{@9Oxl^k*m_i2HG!=y_aj0p?RKn^Du>n;-l z9Ty`=yt(pYb-jbPpgOco@~mdfrcoXc475-w)hc3t1+G5&d2)M*;0UVGvq&Uixzv9i z2-m`22o+ zCVOzrwAM6z>Gjh_ROdq+DE?~9$YKk`Q+C+Aema>!g2(cXR69@pb~|WJ0f^qpu9E}H z9N{@5_QyWMN|I_jMOV>$?O+SuDFf=!TL46(?gloApwn24c`*rG@hilZfirpzK&2d9M}R;HeLu@A1fM}k zn|g4W!t6lQ`R`eLtq1l7L>@Hej#sb-Be8y~ja1*A*}=+1W=xfnMxvtDzXJmIKxt^G z&y!38SU*tv^HCg?Cgth`#UAzpMR(?j!J`>Yhx=;OWl=DQ!hV{o{czg(TOv9|fK2D) zWQEvT?TZ{C0g{OoEIbBx2hQ9P(tpQ8bAOs_2x9vznNh)v^Q7?Bi_@Cn+!CXN$c2<)lRKcW>gOKXogEAr?715Ow*F7*%1JsJl0KuH5# zxbpz4$^z-?OU-3qZK!844`b4d9&3KDfBd)XnE^D3%%?G2{5f`f+I<xHn3Qbq zwdCtw1r%<0tOlWz6>QL6eiZM-TN_;dad|>xezas;4ZLoA{2s5IU(rD#x|5vWJy<>W zu~o;>j|`x~w8px9+hoP2ulBi#SrvH<)d`?sS6>F#iYdX?;U37TaQKr`5l{(XWX?5u zVrK@(nZXnbF`Jz_v(n(y_ETb1+m;F2>5yBk(k^P?^wN~(PfvWLr)UQ3MZ1~g%n4*0 zk?7!hMDBK^CZnL-senuXOF=}U<=72=?m!7**>fGXjy}7a2Az|D9|;MK@rC7&crcY^ z?=-{#a3i4QSmw-6>n5PhgTNYPGMV2#@_`QV_tO$SNVE&|7YjHf7P<)RE}v76Db_uo zWf8ZS&p=sGlpja@z1_V5CZ0v`7N}LgzzFZuZ({I^8G@%cfU**Thsv$Gei4RI^OjrvVM^aRGiPQV6i!WPGQdbjerXM?(aPKDWm-~j)%ez*klGy6QKqTUazuuj^-YY3OB zTImAg4Q_aMU@QZnKuC?-GeYSix$}eLkkw%YUomU*5B9Zvn=d0E&XBb;S+yF9fjBa2 z{U6ba1ILDc>O#;ud7Tpfr$MhScw(OhPHTZQAC4u~Eu-?HKgT7p%^28t13i|3MQTlkG??MOjK8in* z|A09NmPHqF))|g;R_Zu+`+X8tq3NIZ=W+y8E%F(E#+|%UEnE&N|Rae zYYr5DGNI{$fB_u{1%AIGWmrG@!XSvU61LTl)MUB3fMI5Re&p_Y`xeBW$xXFF-*0i! zdv5}W-JmuyLKX-?F)Fq+ul_QkRxOJvc5xB9gF<>7EAt@p+c^=^c$k6YR%(d;^UlT%tS47G8VLTF_CQmwL#qO; z=FY2j@T+R*VSC*8+d_-!ShQ*9Aw(VZXyGBoUY@g0JhRk?Z~PeRaNb4uD7EVO)d(gu z3*^7ANgX~aM;y^JT4E47sHncT0w%C9q{n%H%8;Q)5WeEybv$TT?e&5DfE#7$3M{;- zr_r@Rk)DKAtVZFU7�}Nk8r`P^&dciDP!X)WI*CRBHnIA<@h3TiT-Knu~&M8-9^gP;c>?6cYk`s+Z1S zvtjW-$>@vVmm5fI04a{Ztf{Cn`L1M-XOVhEE4-O2DOkw+A^sal*R|y+5<`E993H_W zlQEe$V{$MV3|~K@=bYZzZU>B^s-%)`DB;xZu@7kUJLK(${JB;VUEQ4=Lvkin`Jvi? z7)yS@v*M`lyFdoVq<5=nLcRYQSWiPgc_e?Yf(hpwR<-rLt?f(re z;+z`@XHP2@C2p18o$Mz(k2~B}zwZ*_efIfN0|F>&;MB!E9X@sA7OwF9h*`T{UrDwgLf=-CCcEf%}*%wH(o5*su&lJSJ<0l$#hM29GbBeQUN{M8;OJd zodi@+>s`r{O9KX7u951NmjqxRpqIIzIE{2l=MB=G?8m^@`4pYsr}(5CR}H+kTK#Q{ z``Q?^X3_f#z{`FYbcA<{lgghlnSAWTKRX!Ek8cES`d#`dH0S{F?|l)!=GE{*IY#{? zmEZH~kIlzJMqmLQN~Fu@2(tMfY{T$(_vkIw_{xSx)NShrML7J{&y)4mVvVNvtMGg- zt+ijWso%ECtfNxPBM%;mV0!H1y`y~IYaIR{hQoXSYXtD>{DChWUco0@O1?!UxhjBM zd1zI84DpKuwSiCgLa|5j;dNqR%zdIOhH`*Bf*g!Od%KeXuNx(yuPJi%6X6~nB)if} z{4G?+E7cMeKkAuNpQ74cZ20v}vw{)|kKopRPo|*Rnd})hfVZ1$lMs&gczHxne}|u& zhXt!<_f>}4P9$gFfnCt#(02ToYInAID5ro$O{ciCWd@e6VWXoFB{B;L!UUUz!sG@z(nv4 z$S59$6+Oj!Qye;uWDg9z!!3RHhHpM!?_Rg{px1x>| zxeDxgfZ~9ASk2Dcz!Y79R@e5uV+GtSQ1dt)S5Bqs^~W;cn~JL-xInpL21NplbyUv{ zwXV35Sjdl%DoOb0FQ?-igp`rCbWH~pArvA$2prMvqa*GW32Hbzz{E?XFQ56Nf+p1+ z`6=yQX4zlme(6UL9F{kvMUmXYY|XT~{CEr&Did=;F~wG5Jfw>(jG0}`X!|D?L7y_I z5TS5zDbI_MWvhDv$gt*&0!A*7cz!G^gQGcrbRB+6lZ*py+pz@)9;*6BNZ5qQ+?l?T z;^jo*0jX_Zth&j{m@aeK6>cV$Hb%g_2JwNWWlJ2fyT^Bya8C%Cg?&H#e14 zsv$tf9Ma7=2k7j3e~GeW%xw25hCsl0Dgc6F8+ya35uXtWx4)On@l*Uxe5Il3N1SxS zg=cV+?@f`R7T40)0qH3hH5bw>MZyCT1fH4g0Wuef-KslZur7dP1c7gWUP6W6Ir)8k z+0)4HGVBPyuk_;~ZLeUvzZ7e~$i}{_ozgydE<94!P|8e5_LGO+aq|3!Gfv5b0;zpR zxoFR}AI{#W4=LXNYMZNI`osVIvqS;+j)tf1D5l&~4`{rgMD-l=bo_r$?yZ2eLBh;u zs};i^@Wa?P_J!5VLhP5q+2)-$z)!>z=I`DG{ATfQ)(%bNt(@s1k#_1Hma zX@xH-?fCsn2wy^C|Ay1J4mrrZ!QZe8J3h!E=2;!?IB{Pu@>chg)~`a|)1d%eo(i3# zNccUWD;6n26WQi{S!j}Vm&^Q|***~CY{Nr;N6$5&df%rtFamR5`RAV|9&nA|cR0D` zu&6dXzR!3t>?!onY-lQw=7I+xm3WM?809a$6vI1x^FR=b+fmVVh-Zr& zhL28iV7z}hA0V*ZbmgD_`xL{A+UCuhiMAToLM5h{7xD_oxM)sim7@p}=Hwk7;yH{ahR z_fG%>SJ_g`4Vw|To^RcQ$Szk2y8A-IA(MV3q&HCk@BDCPQREXz1+X|?9?ey6iD>x& zWFnHzZXurxYxo}U^^R|0_Kg_mcvXQ_H2|0%0Y9Lf@X80&tZHK3V+cOV*=v9;H7los zLgcQ)(?-j{zZvt1Wm(zQnn7xl7A#60{)ihF^;Qa_IJC^dt`#_`;(eaq^C$I6J%#+k z%NL`D!t}kieI*ge9N;cJrRBan4@%EFC?&I>!d91Z)~A>#;c*y1JQh;|w19GZ{yYmC zGD{ePaDzeqrM~X07Mdny9OvE$f;ysR@!R6%%8j>>V7~-l!CXr@L92IneVk`DM8SA& z!5X4zMg!(4L-m-CXqSy70VnCvNN_EM4ml;|`!4u~ENVAfp1-%AjO}N@=&Wnpv==OU z-XeZ>p7#YW%N9uHxU3#z(HFFBc3}Bq6|jR7IcaCL!#e>NM-~nwu_w(?RPIHNido~I zv=VHt?q~R8UybGIC^$5xQCNmMjeNFQmIe<_GbIAs(#HlE?EVG%m)ZKbC--$qD3*1G zqLsj>u1g_l7ycgYDpxKGzsLKFUvVdltOeKg*#_*lLQnqrN|u2!uNRy?P~d{ZSo+zf zysM+gbA8^MxY(8io{a|(M%w8GDN6}w@8Qln@MM06m->xc8TneiqA0I4L@S(_cC+4M zc)>593TF}AvMk4 zEz+1G?9A^{Ms0N0qc@o$%F1i;^CIfn>dS)+0FM?0gr4PYs3O2^FAR=U%^0@%Y8n`T z4NIZC#xVf#*U=L`0oJHahYluxzL7b?VBMnm&V$FjJ9z>6os)^G6~XETBa8Mx6<|;b z0Q-pz==5Dk|5dOAo-6-K<+rpFFM_@tCTp0kKvMq1(Fe7!1o4wl5{vs`K^`~kEXhF>@31rv}5 zH1EFY01Iy2t$C|Jo|)if1(RqxU;O&-sQq5ckkU1C?krG!by`Bv)|cJkPHG=y(xMAQ zXbJY1lEl4A(0%BVezVQydqzz7x{t=x$)fIQDo5cl^g~~kV$5Eh9qaC6lC%^?et_z2HnoY}^=jFTH}`Xbu{*Kd6*)3G^tA`TOu+Oc%@UmE(+_cq;Z8kcaOxwcNM-jq-c3_1TxWFXdbm z5(98xfvQ186(kkr(9~T4W>&imMGE2>+uOYJ3JM3{SW-E!;w=o5kV?fR0-~>Vtxo42 zTz)>$7}~qQROFQ4@zLj51<-iWF>erm`yL&r*TUt2-3S~@McSekKFA*4`?Cb8?Wu3% zJERnN!wP`Ub$q$k#+Sn~-BXAmv{HDfgxO2{oL{EQ5+AA`!vzKIs%CfnV?2-X#)aNX zq!1>LXiwN!zcaS-H`M!mQ7z3yXZ~}QRqVg6Y-;u*;sh6icQDA2QAQ;|<8+|VR(VkP zYPfe6@`PvcyeKN!exmn1f*%=_T8S=6*{9IN6QJv)4?4L9lro<%(|96o=!8NdJ{q^5 z5fbm;y*2*P_lRc$5A<1J-tqaTf$WHWg@e|=s!KDUe$9aJpmENyvArIT%9g!PgCxLQ z4*l_)u;Z?bCL9FXp*_zf(EHs4N_>Jw0o|{CMruBkKrYXOR~SD1u{J}so?r5D3mHpz zcym^y7I8k#wG6PchL^49k}ib~q8ax4+q2`rA4QWBtd^NraIeesQ33%{7_l*?SLBqOD6XafrxS^Lhy5BA_2{2-#Vj$*86v# zjddpZ@!%I+s2XglP#C%Xje8-bHS8Xo8@Y^?^(i*;Ve-i5?Ll)Fl(lT9xMqP4h_%YeH6$P= zDeGZ++X1pWl}!bD5gdR@!fvVs)?ttBgYG3TXl^zRySUYKtK<%gi%d~kqC#sQk5QA|H;@p7`NE4$ zyqy{#wBUE3W@ph*lXupAp9?O$@Mv;iEFVLXK)>i-+6d+(pv7D`$vv03y8fxH|JRLS z0#Ae8j^uNI%~#&!oy;Df(>cQ4G7%N?c-g>=!$)3NQ;L6<{y1s{jM&=Jq~!y=6Ba7Y z)cJl1HtHry=42p|*v*1Qnh^Q6Yh~+GW*B9E+&4vOKZL_J`tZXJmyYkn6T83YIL%r7 zQ>BM}oJX_C)uTvQ19Y%5=oj)%N~@s+t>&3F$>W!d&=wwl_z4oJP*kJ11rF2a->YJK zw&iK#c|wMBsb*bhYKc@!d0`;c!dg^%Sw;6t$FwH^ z5rD<&sl!l)*Wva3YSsDzkMg|lGtc(`F18`Nq=ybD0-@<^fIX-V{PU<}?*z;)`vo+M zdfzEvUQeK3p+hR+R@L8Ddh&J_>v<3;WS5G%6Jb~rdEs4LLQ|1`LPz~Aqz=5ot^_u$ zn}Q&8;qKolrWu*I*PTxQ8Yb9S$}iET$5)C#7yEMpo=dO}nJ&c-$XAJ_gl4E8K9hy! zUo1{n)#4^ZtZI?I7t5McjjBHvm!ZciIyS$aZ4C|$WOUqLJ^jPvx|%XMb5B30RRG-Fw-1fVj6T^Xey04dB1AQn(l*WCH*r?SlkySQR0z;<5`=Hh=<1az?DVVAch=h{KS1<> z_j0jReVO!%bG!t>%J*Vrf&T_37!GS73011-{_<`C|4N4FtO}n+f9+f8NMgPlp1w2V z>|$pDs2#qzc*Uii8jg1!h}miYnS|zza8q?)noEb3yy~o2*%-s9w2GP|0x_pUoH)9^ zU}hp1YFYHpPrSx&tLI1khB!v)*ytno#Qxy3^_ozXWw1Kkoedi!ZQ_dQG?ZI(cG=4Vx94Ujc>%$_zy`Yij_ z00TKeL0M+0$mC9mmw+kkG9MjzS|8ahC?^gx{gK2&+P!Q9woP;N7PRG z>IE_b3A%N&2|J)E(L(5Q`uR7lC*5BJ&`qTckV?hH}^|zKqaiw`2^L?R%KCgv14!ZR!0IpQTr6__a2TGU96puZ= z)0p`KvCQ0}HHv`mA+ari`*k&INvY}&6ZpZfBzvrj`{Lj}=Jy^x9&-=S zPj+?b5sSR25vEHd&W&2;&3z7SM|N@deSo^sy_9`h5Ll!q3(A2b^t4kl)r@WD)7^Nr zX!>Ft%qHei&&XpsrV;r7FSw7+Un@K^^I`(r@jz#9FZ(5;oNccOnW%!se7_^hn^>rb z=9X#L3ozHM4kt{Qmylv)c9~^i!mq%uuv&tGrBj+wv*0!?Y<(9o))8b9grlYtZuV79 znAa{IXcEhHJfSw1-B97PJPYg2;wWSraDj0FSfZtZY6EZHX^mB3mWK>cn*g0SvgWIj zzK1K|kwLqS!J%Q)QmL8hvViX8h-o^FA{=z^9?uDvy3IMBjjWE2I73@-{oc_GFD;bK zD|~y4peotkIqSExo)^U7Q=*v%3X;h1m_?C*(a6@LMR zNyq=5pzlJ+d~}c32Mt`DCcl}eLp21CZk23!L7K(;Z2?uEt|KT$BJ zixJNpRo4%FQ7vi&>D=eNsMA^VWwYIUl7i5=Y)<|xXmw4s9WFv9eqtyF-rpqHKXYi| z+Hd5%G(31K_nP94f{b<{%b>}h&e00LZHERM>VlP|7mm~f7oY0)|E36gy6kCNTQR^t%sT~A4lzd5dg#0Ljw~D zqshIacmk#6PCF@(0pB*yL8ZdQJD)WO>~WV)djEO=6zODSL=d&+Y;~pd`yrIu z(Lzq>7~;2G5pNS52oEoje{bVzeA?9q43v-Zn5sW9Spzzft?soChOBlAuaI(KG*sG4 z7V3)npx_@fF4)P5-Gw-{@cob;`St^K$VOaXRPy0{Dzk#OGHSe=Cy1+lzg=B7AL-*) zpGbg@-ZP0xd`<~*P$I`K zSI1tUL~ZI1dQ2_a-T=1x@Q6cok-Mzy*vT2(^^k`Pg3LnRhTdE9?2HKAs|T%n3U($E z%Yq>WV|rKcB1)heTg?xe6wnF4o0AW=erl^ceSLJPh+!kI>SKJ&5?RnhN=_AW4_oDc zGNVHOfbYq`T_Tr=-NSo!v?hwE+9i%f51SR``XK#&e(PlSV3IFWDfR zmjIho0a(_NTUcg zcxdE*+Oe>*JwtzQODs#&XhT$9iB2+$rV7(e^$ybjJMEz5dplTlVOZWZ$m(&~&nT3}0eYiXDw{F{cz7kGj5r|%Wiw}$@( z9fWRzfRg2)$)*vm=#rj;hhJoIs2^xz^<}>@)BGB%&>_19&Mq%1?EZGRLU4&Fe@UEY zy;A@K2hGMmD<~fjszlYp#6?mZV%MWR<7b-G?-BbcZ?J8E z735CQtP-$Rc3^|lDj$q`te40*oVJcK&{ST0m7S`|Q5M|4?g5k!}F9q%^#3zrk<6CkD7I=_qWbRvvuE+@rUN8VN>iqT&)6|j|E zN)IKZGrvAb13(*;CB;}G4mb)_a`8h0uJN5!4U$P4s1LRQ&zdG>h|wP41r`gOsi1Y> z4blRd*R+v?0vS-Q2c{sL$h8CYG{*Kstl%Kuf3rG^D-4b^+B<$&)AJ1 z#7I@hGbo~{(Y#k89HYM6dvX8b^2$ZTM>H1B%SaoSrXxFFMLIoin=G)=sjxm@o!@w+ z=`!N5tPRK1xqvgY``=%Ej=}j^BA^DoWg+4h6LPfz_$k$ z+KH26{RxHJPs&9;2zL~pE)FcemgnTJBG)Dr+5YvcB@`cV%V z>*}GFi~PxSF&Wn(Q1OJ`J(@}uxbDD7-|06XlxQe|(N`&ZQP*K0R5G4K5)*AbuS!}e zehlSKG9nj^fBfvLrOfFHWshvhZ_~{y$OX^0xfftUm+PsrxG0=4dZ#QhB?kJu@1?O% zO`#cd9Ci;%YV{GzQs|mWiXy3YiI8Bg@O7kG#2{rCFB~LQI%$GzNjmU=5eg{PoUi^k zEuidf{^Y5CIo^xKAX5tniyoNi>{av(btcAQ=b1pQM)I?;^e`~J5MKJ5>qrbU9C#UwfdTvLl~J;^hy{ zskl+m7v6ya;_K`A7i5iJ)F4p=?#jLV2=|hAha&JZ;+FdhGugEB;d27vEFVCz!YDz# z7ETVIzRIE@+MV0C&j*}X%%Zx! z=AdoMYTr5}(q#j!kW>5?9t6RAfOn$hOlnbOpzD_LItE}h6pESOBt$GxX}uBJ`q?IL zUl5Hh=sHi1E)r+jYrfHE380l+Sfef6ic`F$uB~>b=0;iW)yQv!V+{i28~A%AsHB>I zpKS^23{fq50TwUFLjh?huQmF5;8!+_c%6~5xvTS*Oc3UB z^;>0EAp8m2I{MX>9PmIzfs1PJcmBw&fBowuS`J zPWPN2Y?heJJvRN4+Pw#j@eSYvN-CK{AFpV_?pi4t&0p^&jB$5?W*YK=ja4^7L)N zH2?W<1`>#~y%q6`)nG|Bb)T17ZhsL2V}erL0j{oc9EK_{n8~#KErd*UHQ-?vmYpix zT7Ca!;N-nU%9qhz|IlVZgat3<=gh6=)V!7bcc0*;o){21xSrUBvV{@Hv zpR)wc+TAd`Un~(9GQUA(*ZB(G$6%)~X5GuXFscFpDmeE-?Pcl^Ya8f8hp?eAe(M{2 z`1)@j#gAlYbd!M178ntNWsw%@5a?B~)SEAP#5>r~!28km0yvesZdRllLtrc1P{d2=J(;_=12d4J%@? zyqAGI7v6F!_qeq!c_9MNfEWDog2pvxJf5l9ZlX&s{Ij+S1>nzUSTf8f8KROpeI&Bo zy@g#3|K*Z0mn;Xcm_7++g1MlKOkO+z;xj*oudas&QU=)L@LOQ>4Eg1u(#1=4_I*a7 zxE&yMELZELyWyP^sb1WmXh;ISwpaAGO--tVT7oZZjx!QYUwZjdkk|Rsz2|@f8&%_1 z{@k?_Xc4o|{6qM^J-pW|OL|9Om86)bei3X#ob~`Bd>d<;kpxy<3pCNd8M5Nds5mv^ zH*oe}!}tq9hHu{`%vI?RBE|qF4S>mz!U5|99xN>=7jE(FXsR(G*8%+M-~_$~mTus% zME;ugv5mEOuQQ~*Kw@M3)gUKuqx(*82|O}hmp6$O>j%1SHon_s#D)i50ZaG1q2iis z$%A2^&vI?B8P$eap47XDL%r!96ot_OST&8c-}X9Yy*|(Uq@g+7Ytk{WJ2o1n%*nPcwO&6^5{2g!G;s7lX>;d%- zhIlZBpXL|H=RZI_aH@RhMcXuYaV_#jJi} z6*JzKUgo0;L0&vF{qgO*)D!gA-mIxI$>(Vg!-7%ItYcn-a>BZP1|8<--+`|2KnLU! zzh?%EOkao_pkfV8#zANfG^=Ye=~U7-%HNYLyBerv>GJ{}+P>3q76T`+4^nk+e?hUl zAN>Q%`Ypv%-7spN~q{UjG{$3{eBopxVxMF1OD)nt9nZMzp5Z#A&C z{0uCHsvOx)rTTuEI!08doT(F(Z-&`?Vo#iX+UpN(bfD|Xc`buJzVoEA1p9%qo(OQW zJM}S4aMk4I-E$cnH&cRxC6&KAO_HGYEOKrk`U$LmtuLtYhgEhdD9sEuf_+~GnX`qY?4^ACI zLDMTRA}0ce0zXM%97DxzB%ax)FrZ2reUl33M-V2aj=328<9pOh3E=LmAt0kWmprZ% zrv*&_U&gDna^hWd#m{sKxD02PMePPc)*uqv@5(%4(~y1+l-t0>HBF)GqNuY>K4C`& zO5Fp!g1U008TX`8lRNdw4O(gC)joRTU6l2s0|4O+&)#NqD0gFJZNN7axWMp3*v$dbmG1{1H$|7o^+lCY>5Fs8Y919sfhk-*jB^mP;_48W- z@hC@Tp5v2G~E7R*BYl`txlKTg|x;fN% zPOofLrx)EutlNb0s*UJNDcCau7>E6J0~P8P%r=i8s4mUeL(1gy>V4vO&OWtT!|N7* zlr{~V-|PWBR*Ui#cX|zrHdFpKPq2~jes&{mO)8*PcmUib0(TJ`y8Pd_;So*(tT7oZ zY_lr3w{rnQnnFyfudqN0s#EVpOe^(o@a;h$({iQ5t(9zh=^zr1!)TT~w$~%WEO*~Z zknWw!dW?f7^(QOi#Lb>ORCA!b3qn_)bjA7XC=22gH$>?N3HBxc1?^l6Q8>V!Gvb*j zi9fUswBSNlEZ$!s7qQN{?{Sc#u?b>^WMWyh?z`!fA?I7R`Y%`-0Q}0*j^a)7muX(3 zxdJ&K;Kua#Mau&ce4Zb1DS_?yxig^Y5$YLj8rgQ`FYBp;zCmV!{_p2-MRkX@?I3#( z+Tq#p+2G~(*yx%t;2SWmJU&l+NtzNgq``PJc^R}ENa+VQiqi!g0WiTs4N%GWWbb#L zg_rhzo$K#29qP&uy~OL5{?mT7+phi(hTX!-ze;>q*nT!fxjiw{JJbn(cB)%eR%$3D zc(*^qYoj${FxHzB1inaRZR^XU2 z&3LzR2wXCMgvf(<*_*hCq91^x96dOsoh zNHwj~8htfL4p)7IC!_^^b~PGZ?{!uHW;B82Zrf1in?wQ4(~NO~^Bxeso`>>alZ!fG z_IQ3rpXPl^cg}Q@sRups31xGtx0oDV6V!n z)56snmL1yNjzu`oaOe5TTW%SkkgW2~280a_d`Y-Yb&(YW=tzV3Y9d`)WhS`00wSYf zu|_UU;^hJ-Jbo7BCh8uj3XMYZ^BV`sa$|R8VHD+Z_JntkjYP( z0cHPgl5K&#HJlfG9Qts3?e!#9_`L+OzZGzxSL=GcT*fj09i0lajW2g&!1$(jEu*1` zDC4lMlg8ot)pInos45>i@94%C>M=xDG8p0do%Uu`sIxX5VeH+#_&*gW2t40Y2S$V; zGAA<_q=MB89Ww7^+TJ$cSqQNGIF6y!IWw$#Re3?07(g=+Q-Y!H1LV_R2%xm~HGL_= z7)HDaaBR8a7xUSiw>Em=II>9Oev+#1Cd&p%x*JVwd9S5nvZftWIvMJCw z1ICxG&ASbnI+hH+vGC&RNkqR|j1HD}9>?$m!6lm7h{E{B&(&u8Heh-m}Ia^5yI7Qq8e<1 zoVG@jJGJwl1U`J}VgUo70dsJs{~>od;OLjsHI{QWHWAQG38>VJbu|_B z4(xGw<2N1KBLO2hRw%;-=!_v_K+)Xija-9$5wL=4_kw-o^@*Eq#jI=R@2z#VJ3694 z0->KNJ9pxrOxZn3{dT2^q%$cd`v3(?v%VORYegVhVhg`&FC8?hxTa*8pMsixOX~P8 zS>Xag-#A9dKKGXx@h^Nhf$LG1WNn;9t6@J%+ zhX^e6&P4LUa+ajsO5<6J(|7O6*hf>`O;JNa`45;Hx{rn z4awVM2|kITnEl!Mz?@fxBFIb|jMkwOw&-nimh;23z!=v}iyAr@?&hDXGhGJ1^zE3+ z0444`HA#>^(gABg%SVsFqujRMBe6^(`T%)J7(b^AaK`LlRvfcbrayP^W4sX!A_J~$ ztbJ>F@IW7ax0LgeS_#lYlz?L{|f) z+j%_zMfVCap$^tsoNDSUMQHwcE~+>Dfq;dVx{nFK)bkM}xu7%1>@5KFO!7|*Y-Uyy zzTkJ!M>l4I*fCE@HC{lbfn@#8LHtx@i|2In4EgDCDqq;;jbI8)WPnlx14q55TkYXv zN?({SS_2A>;~{lRq75;QWy=dLApM|{oi*e%-8GY$ER9P_EjE$jrVA-rt6L1*p{=JEfVJEJzI`!yFdj&ljt3m+J|oD*rIcdJuCh=yjhCyY z8-!!-irf6?fJTC$j6%Nb$EtSln4YhFA8iwDFL6b`mOmLTZ!*lu0{t{HDl|8r%{}gz zR@B3wjv(IgUwk4H_&`ZdCwacZ@iojLJh6O(u|JT%QqVhY7&he+k3k%*O*RbNaD@~# zHIafAR*rHJXj89dL{AWarC1h#sKe2M@YD=&-6e5PLvj3sfX2H^UqOFQQBRiCp1I$C z1&Jx3KFr%J{?j8;O*&{^UGRux$@TmU0J?W~jucs@Kv57Pztn;}87>ERFqpN&g|cH6 z83Xzl8vNIl-!0w0)f_)|V<}I!RX|XAAffr{!RuqSilXsn=?Tc_7iM3Em2t zNZe=T-B^++ImeI7w-~N25fGH|Q{MyS|FT!3wJezD;+Y3XT0OorZ`Fgdu5opLcm+Lg zA1{4?|H(*24-sA_=q2M`hmurdJ|SmbS!hGn39U78S)Ux6QD$q72Ec7RVF;eypU<38 zV)xzP3OHtg^dNmp{<&9oNkKW#qAqu3h;`_;o?w5i^4Xa{SwmU|5hINkK{(jml$YYi z;OW`AdUPTl;1WL5hX9BYD!o^cSpqXlZu&H!KE;++inVdhnxLSXlW4FQU(qm@X<-Lh zWm*I*a;a0^J51=5DU&AU#J9&+0zf`|%-sj1E@y9GBc{AvQvgqv2xy6*r3W^8O&s{p zl;xvb3%mCc|Ef}YfIej3DAHXQ{i#$7$Xc+$2B!cEdaYwpa;7`2e_C-lxe(tw{0k6l zQj7}Ukq!-K;!22y1~ZD^IX$qT3SjNfU1;wf;E_V<{*V-}$3t)Om$AUv{k8b`wMsXt zj%~=eg8k~P@-dJC88I0`)ti9>lC#_%yn~rEyk$+DADC1@jr)3Zk8zbL88M#A*2fxh z*h9N7ml34P8?T@MtpYl-j>kVs;SJtwy0fDky7*i=zSH0u@nGr)1{KaXeIMQZbyV+= zqXwW)piC@i$ba4AWeihtuQk&8D(T-j%TrMzZc0)RcX+vF+L8|Nt%Jfx@MBTTH8vEK zOBnpTD8SGy$6dBIC%LBHuQ<2edy#-2GYy8t&GabmX|Wv}Jq4}@yt0^)GO=dny3?8B zo(drRLAyZ17DDHfQRszZE&gluKl8RPG$q2pGXK_s@60_G)bH8>ptazQ1PAy!yn@k+ zk#Wpx$}ba7oGYue`iYjPg&24<4E#G5;{iVFk1{K2_B6kBs^HURrhr&ZSgBc zw7?-A^Ps2`ihT$yjdNIEryn%)Sdpejf+$UPO z=`e53fM4%uN*=?b>1cHXB}>cvI6}Y8HE93dH;d#9{`U=h#bJ!Tyy%fq?)6n!$v6@b z9DrvWG|*)?4fB|5vTWS+WSz=!!VOS1Kprs_J|>Vj)ak}CCCUoRC-?^B;(VVOjw&$< zN3$C6`7G8HD&-(emZ?_aVX*OAcf3d=(*?;FVLRD7fbmZn3Y|}r2IUa=lMDvxvmGhe zrbWU$z28&uj(&*z)f_(0q(eEp&{_#cYLhsu-oMnZxcqgp~tp{KX zEb`<+DgIQ%;6~IF1}G#>FI4?9(A;K0m4E$3&*EW;>7Zxs6Ut&)mPK#T%yHwvVEziF zkfOvOh3EB4D?riiMM_2@z(UA7=7xSqcANbl24u+}DY0n+yAuA=0d-4|z?Vjrz57Aq zs{c`6N(ku6`Ji9k3UgZ0L~!JVD+Vnavg=atYOp`b#XJp^82v!Z?eN!VvT?Dnt=T7A z8p#F+%gOZ-Chlumize)z?9ILwBmT6oE5G6_RS~lOY zgD<|_IR)MR<=bb9_6q|1E8E%YTxmc{6JFV3NitP@;VD60L0bhhi6Wl2_5Fu3X>BhO z5dd(!o4!zXMExfT5*qU^mL5bcJ3<{I#-0~+HCX^qCPbh6$?{Zb5Totq@;xoon0iKu zSMjv|x>GKn{V=5vhcu=RIBJF_!*PDSei4Bt^`+wZ;TDvLD1)G2fx>_wZ~jBS5lXZk zkUIN}G5wGUz4RA60viPqrfUIK8)|r~2XapzOYHJqTrr^WOwRIaK(BHHjQtOLjS~O!vSMKXN&N&O9V{vUhPk(FA#6ME zP4d1%-^`yn{}jy^JfwgQZ#mp+l1w&WKcKbcYQ%!CNBk^U$m9c1~? z0bAmEzo|;q zG%I*0sy~H2J9%tygJ6u+;r!1>Z>|lSQZeO3vvC#axecVakU*>enF~+LHFH8=m$If9 zD)>~KBrd}afP#Px_G5wWhBKgo4b;!qlZ{$SJ7256*PzY|boUqmaVlA;I|L4d$38Snt1HgB=U2rTah^{j@x1|ujmlrm<1f(52I{0VqHkD&MWIfHVIpB7y1f7!lpX&zJ= zk9$#{x~N()5Se}HX@tFQc#SG0u0;yS@5n0KRwpEE@0F{JPn0o%{QoPt&QLc_zQ6wr zc41dy*v1yl+#pJTluURqd4xlQcCm$iVEOORZgnCLq*Yy*j64sixstel+lU{MLDp_Z z#*ZM6Cc04J)!(9-AO_JojpUs=^pwDFG4{g20F!V4iTgRw+MJU6@T3Pm9y!^AU=Kb* z#wl{3xI4;ykU*~)J_vgP@DWW+cK~Yw2T<4zaCDP z)o_#jouu(ge=&p#vixOQgcJhE8)E=3R1m%HCv+F%Yg1!ysJP!rZQ{c@j1 z6Hs$cg(Me+QuxIoY_lco3%)`sCsUWkAD)4OAWff~`fLn(*n{9}eOGBH@Wh1!7a-RB zR%S~Zc~C6HYf#gUr;>V!$&+jpmGQ}!tOhS33mHKEQS#4p1aLG~nPnq2E{i*MfC`Xg zd`u9ChvR8Ec-Z@hiT8Q@`GKNFY<~#i>pzp&{e5tN{USj$5NheJ3EtW!O3QC2 z{(?r5-f0{gG}3*99d92sLfep=qBf{M!$W)v(0=5H9s{2L_0A8*XVW86(rnbPxZbR9 zD)Fq?t{Ug@R+iSk40v?^NIJ7F$Ji(e|0RUrGKeXNh!}E*7=xH4etmD%YxUP(byX@O zuk)U>_p{%u0ylm)6qwSE>*a{&I6rKLy@jKyiHLAnhg7uVcW~8S4d-RVEEe$Q^U?QN zpC_fiIF=yWOtwzd2k^&zcYw{8%;hD@LS$r~q`owNIzL^__@>Kl?v#g4?>!2pdG@(4 ztdc-*#oKzezn0A&DM(LAvOEx%N3E&b$Jj7E%xT}#6Qp{%^z#q6) z*|d1%_}J`gw)_|>ek;trZhv~zhNAMshz$UE?aCLCNq+(W*|zfz9k13?~14NbGNV7_$A3BZ#fqcRl?q`wGi{%<1&0DUKFjf;ZERXiF9ajAdWOHB? z{&BeN9Un|O$N>Mp2itY#z45ihxM&Lw1e_BWpw%mUuA+FOQJ?olyq7xWOK}XW$`6rh zj*{&TM{d*h-EhTX5$n*6z7fKM?)+p3&J}NJbLRhK2SM`$fp^)4x1IJTcBsRtpLq@b zDEWo}l|#HtI!*o^q`0$d9#ve85^u_nr_*P%D)p(7YsV|WALFb~2p&qFaxF?og2`D( z>GNIzpJ0j~1DBvyXwmDe_m*N|+pT}nhHx4mZxiLSlf3`L;`KH3`s=0HKQLZ``FyN$ zOmo*qQk1g~c8~1rJJTWOQd1nFA{bnQ`h2!QNu4lSlS*?KS<(pKmETw|P99 z{?mDhD1kNkR}JVV2)B;|5msRjAFUKWC$visSL{hY1jXLDcQ*;Pd)3+WIQ>w*>_<5B zLlOuPR(L(gf&AtEbi8@RVz*g$*}KPcskOnR0?&E2-%6&D;s(BjD$6rkB1rQrAWpqaw?Eg)gd(H^n{xrX7t zv?EBQ4GtB!7*G2J2C+=Yl=E@^2xAmF!ib=s<5dzfS(l!j0rp?je#j80;*}7Z(WkWi zyr4QKoSNV3T$CG}&*{;^)WD1__TF&P^jnkLozdtpnCQRe@>7yY3MHY;eQ#no(?)gq z8F+MD?_QrSj>K^&)sc!3X0F{9+<$q6#sCWBPfPsf@j)G>yEW^p-H^!zl#Rza6#Hj6 zUp(nWj^EIss-g-x1Rw41x1gTl)@5IhzsmnxbC>C9(g1}n4scnx!L*r1azlSx6AMaT z&~>Q0`#bx#VHzJx)LC-=z9VbMzFm_C(ixnUwwy!M9C6)=^?Lw;6K>;Pt$^CM)U$+$ z8xQyUyD$Y#Kl$*;z^yxd{ljR`#E-|=N+57Xy_HS0E#mW)?81t=l$s$z`KdP?>Vl|0 z(oZqDWBq(F(Jz$K_B|ar*)mO!~e$2`-ZssW?&@;WIBVdCc7gSpqFF^%}9cKLi33xI>{ytR6# zp8^xCUKnt5yWpXgdwBk(yBB18{prowzN?(Z5tzB%!#lhWNEoHz_9mGcOOMcwmyJ!c z)#u_nB476laxXSxK0msHvXvV1^|)>>?cS8Sios zyWiWlg%3wY%oq2;k|)rg*Qp}Y8w-lB-=7z}`!e4jtDmP#zwC&*0yj!>F-S!O%kOVW zlGCXgNaV}oU#$5m^~U-hob&6@8>2&}`!S%~dfge~P&D(_G5Ho~4Z@-oW^xiZ22)Nu z)0l3V9(%5~#JDY{a@~s;L^p0o*X*X?`5^h4@}OV~1*3aHIlerkdxBKJ>y>MTv-(MA zs#}Wpo4C`*eX%$5jG&g!W1*l8-M?|z#U&yiJhc>B;_ruVn+T2-kEdSWpxes9M-M8w z(j1XhueM4L4Hn#tvG?*3MYTJuouUpMeX7+k z13gAdt7`=JBIVjhmg8owp6Wh&_ovR&+wq-?g$e56|I0VfW{Kb%8C7bci(`Vu? zRPgLBb=wePtiS4YKOfgx+>=MHw&tkK?Z(DexZPbSkwansSFX%46e*c9h z9HcTQA>8CzdXLuUrOKg@v`1r!TJBf@C#vjgy-1a7(79; zcy>9@he-`>jzhNng#BKS)u&7-XBxlkDFqTBeKbL8vD&3i!CFn&3Gi23H zZz}h!x-Td=2?E#bV|HM{8>_(qFxrN0gSYZL)naf@66Uz3h>!F~vj!-*sjDN>TchiI zEv0xr{=c);pK8(@D9GyztGi+MBpV%FCIP;HxtLKpnf|=#Y+(BE+cT1oJ-|4;h16cJ zq0PZ1U+c5Y2rFngC#~k>St9u^w2Wi-ECURjiZ2Vj`L8d>CaQ3Fp|wTN!U^hmh!f}F zI6fClCeO9t=6omdU9pJ2SM&2;#|QsG%^>%Um{yP150(}4HjuASibU+*+>%9xq$W zOxOY$2-ND}%}S)kaw&L{?Rwc?3%~C&jc>SzyvQ*>eX_=Ms^GYJ)d;?Idk&AoVR<%# zwlUrNtp*}#+B$V2^-^|6&}kUyIOYnl_u~Z439_8E=3omw6JR4CBbx#ado7GE-9E+|Ml?=kzv7-dLASc zX)^9$drO$c{UWlrHUx0)99))oaVH)Dz0|hp%o)rs+)fFP{k0>-hQt1h_$9`PFy$Lz z>)!nmGSPf6>WFm~vo%i?<4rgJphkR5ZRP@xWr4)miU*=42_ZWt|I|h^b` z{e+XKBYh}pWyIGTDAgvlv>!tcP5!50MJxk(4_#&WhC3W@ z;ZCCv=pz(%{GwZynQ&@oh}Ty6*)8+PN%JAD66cnMx)=T&vK}uhTKQS6Al=q?KW%du zs>;No8hg&?UEU4?5|XVSU4JSuEb`p^-org0U4BQG+knk(B3saal{dVYQ&BG|xR28S zuL-rh$WI*+hO?fbi9GUmPZm%Yb=DtzD_*i_F8bqi(7>ZN@*t7UK13vs@CCfs8KP4J z@FB!OQQXJuNidPG-6KVVpKS<(uhsG-Ghp%rPw)=u+lXB&bFV6ZSx+}X!Fxa$0WVW= zO_GTjL7znE{nF0aA^p#DgJ9}wBX18ketH}}z5Bz!=K*Yuxb0(pK~2jt>`^g3zvsr4&0Nr)u-4e` z`gl&dEb6X_#onOnEBK*A@z>pht4Vgh@JO^rk?}v0FdYdiGAGP>^1Yqi9w@d#%ER}8Sd-$5$kh=&EiT${Na6KByA-g-V@%r2z^`kqVKY%;_07dmam#;o) zDYqE)TUvp6>rFZ-;Y{Ki9_EPT6QAr?m zz+j!Hk1O$tIm|c2X()3Kzp6YEN~iqeo`GrT15+P`W3?3)iYl6OWs) zaAeTCuJ673{k+PZuhvu2EG)+aa#k-Mfa1>H>Gk<#&tWKSK)B-Q*l+r}llf+<#``Eq zC^S5+qF}(p58l{e?$xxGUia(7+K<9_ig#DuuF}Yn0znXyG z1IVLhHBW_D{19GlPiR1<_ItlGm){o9NbnI%Y4Q*`rP?Lwx&5e?j@fC8D8R#s;T}JJWp}m=z)n{iL^0}P@7J%~#YpIPeu>m`;QPKw`pZv{ zUR}LxWAu1Et`+F!`Y{QV2vM=M1m>k!`O@>4AUgnH=;XJS^Qy-uk|YTqF@Ac4mRV@6 zq>vQ}jAV;)fLM}wwy~y4VPxGYLns5CCfJP^Hux;=4xTE82lRN%hSl{G;S1r;r9*NJ z$!4X(I;=_-`XdV#<8;!^!=3+2b-Yl%HzoRW7V=}bb*1NK6$5bNFE;I)iYGDP2+SDyJNt5oCx+2QKmFsZ^rQW<=5fsykT-rwC96=J|3}Sd`RRDu2e(j(X)0IRuP#A zW6cjNUwyVe7(MSzn<_ZtN!*sxy7+a@I6K%v5TbYaw@AQTbd2wsJx7E4v-o3rRcov2 zL65nFX!WtIDXsnPDpPi2PVEsA$f|-K=a4G$fS5%%c@TV!N>>qZbKTl4`}J0^PRQ@>!`n>y@8qP?wRr7D3%&pS zeUUDc__+z*-FUBW+sr6GeqwvL_T^-f@iN0kScX^au-PnJ&T(_3;J8#@$#$Z223l2p1U zJ`Q0#-09Yp?LCslI=OA4tF7bS5kBt46#zBV0kHn{`#KQCkPXe05z`MxgjIG3&YD^G zw4s2{3D??}*X|OjcqxJe=3;fq0jWn6M)S1rbR6f-7xQCk&_cyajW|1rHQv(FLQU4z zYI$2fztN~=0Y&07)ID?d%)q7DH`uevc#$P?K{1f&v#Vg+j6X{x(WygixB1XP^Y>W4 zb&zR4Q|9W$w)Yj~FU-LVvf)Cr_Hl3h#6RbIooz6Ak^j)U>f4JML%MkS3J*VijvzQ& zC89Jg`U>l$&5K{x1=K`?~Fo zQ$StC5B-a5tna5`nxsN2?dwfBfCuo|bvej_52mG54u|;fLOo?sIRo3Ym-tWW6Ps_y ztUW9Jf=0l@C zBf`ZX2*Av5p+4T*^bQFE@|2dW-q*dSapC9S2C0qewV9ePmvhv{+tG5z&Tvk{dd0CT zk1SxiFRNBV@k?kkesg`^e}~+f%lHh0e=MOZIzF@R@pahy2c=F+e76=lJHkDtsYfGS z^GWc5`VPvZ2n?Ef>M<5Qy}tf&I?tnLi$S)ZfYY03F2U3qBC<^aHX&=B!0%j=7af(RVYy&;Lw)S0*)PnNjv%BoXM%g(jQ4-3?b zz)`(#pPPu_7~VH~F7?=V{q(lO)5#4m?8K#N#b-3csmVYgi>UOyE`JvT5}m2s2f(o0 zkMbqX-%tw#2c3TnuG~AdJPqA?pn6PCOk@o8n}dg$Gr|)gM9Nw_Ev(<_2G}9 zz)VH}#&Jr1Guayv?z;Y-284vd^INg|wmVqltkREH5AwI7Z)t7+3i!)y5`3E}7zCgt?S{Lrajy7@Kk_6w9 zF-f?_NAc1Z8#Z)m>$WQ!!70J_m76KcwmgAn1FkiO`y*kd+}@i*B@*?>6dAe!N*|eA zf(bnNGa{v>_@~Qw|G;OcvZQSH#SD(qjiqPPcah%UI|t|Wu6H16VG$!dv-2T9^BZ?_ zaC!qA!GV0p{qqgFW)tbC#|2guH@8&pClKpH0(@vSR_Nh&sLo)tP8XqmOw3hL!7s>u zOPz1WTpr>~=WfX+vHL1F`3wHeATXLUc` zIcdA^f?1)3YI8oqrG?j+!U8UCJB5zG@^iqKPRszs^li`yMDNn$-vX1G*XjUFU4g z4-a;}e4G4ZW|zhW&`%5JQ~h)zQ&he*TM5PMi+EL= zbFR~i?LGB-iD0YRUvz4)mbfC4o1>k*F8IOs)*cHXbTR0~zf-&HP*kykOGO^tT1hY{ zYhfk>cnb^dNY`hGO9}k){Q>O_oz-6Zh4T*%{ zjYiquq^sN`u4Lb$GuEI&PMasY-OIT2(G&8=65!>=svJ0Wai`Cm^!#$WAW@K?$Bn;J zpJ(!*KGiS4XL$610aM-Cv|{Qq7-{%b*kMifW+^6D2lFE?Zirq!um9!RiI1!^4xhy_ z3-@h%Z$}vu;WL7zhf9_W+m0+t+bS>>VKudTh6x#I-<5wOpkl!f$JBE4^F1Dp+TVwK zdPWRntBC7lL1a|=V$$JYJwB}fZC{jp+s{VsXL2pv2TzhlnMDF(ATuLuJC!X?;Hd(4 z>krty{~#dy^zOx_uERn6hQLXb^yhd4pvGLHBDbs8QBoNGUH%T0)beK|SHECH>%TYm zv5xmwpFh8c^h;lB1^)fsBnc#&U&72k`~oLkid$oT_%$d<#I3?EP&gRW***J=dKAHl zeH*KO?7CnZB9BjB!Tol?#eV(LG)`@K+uxbQ+E4DQ`Pw$TOVb9sPOS~jLsD+sK-ZA> zwk8~PWh1h=J-5?BgXOa!DC}AAVyKbzzRA2c2B-VL^;g(|e81qh8)9pJ@NV^?=>p9FNgT{^e6!xyi#UCskwg0gHZK?xCk*7FyYW($db57Q*a^V>D7N0yIwWI zVTSt0E;I2w)>)2yfz1D13hWlTiEzUDfcy3wZLdd9Vilm>I%A=gb5f)-T63eU?XWxN z)*JOVDrFJA^Fo?6{{bl+w?n4vrv5G;;URkZzF>20*|QW$5iL%on?cqrXcCQctU)Er zc!RT%_%MJ5H*}{bJ>d!>8DAW)E}-cb*={l*hexpm<(=SL2ChneJQ^4`Wxq-(A)Xne?-cz1X$@g z1$F?})W2je>hDhfdO_smflGhHHw^!`FYzQlQdfy*OnlACUMTLk2K@Lh_W0TyA;3Q@ zov}Z4f;pm-|6=X~ylb~&5${y zkoV77cHP%+F&Aj)TE23fqy91&<@~+Ig8!82Wbe3VcG*Px8#xBz6OFL7X~GFnEbUC2 zr60h{oHFb-;uMxqAxRLG?=D3-r&QoF?GHlQpI1ZIv*-F&kSSo&&f^>V4mOSfI%gGP zH%@1-bxX8(XmhKv9VK%%_{hqk+*)T!1>*D+FaUNJp@AUS6^y$ZXf|1Ac$7FT3QoMe zJ=c<$@%b=dEE&y{86K`JMp&xiA=;_i&#rb$&8o>-i)x-qgZ$k4&>|m1!P+6Wv&A9R znzWIo+^_X|zc@!>-=Oy~zp4^VKkxeyagD>1p^=aGk@a3TopS}@O1xyWe_xDxc>0!3 z3aG$v%YFBw31t;|`^hww)R2zC8)B{L56La)hZMvE1lkwWZhG z&!hMLfI9!hh8>;{<%qEuSXJ|LMIbQ84AzwKho`0znmtIqlw5@rL1V(Q-J8*9T$1~X z%S$h(`{$(0BXL)yg#M=4-~~D185&X*5Ea&nIHUwl%ol9IjwCx!6Uc7SrFua((TWI< z-(QUS5f*1TTxG&z&X4`fxwgwshODn%u9oUO4j8a}5bd_|&;6sKdc?pVFy$b|NGfbu zUO4&mpxBO1{9r~~ACF0<`WYj97~wvRZ4fQ18V_fn?yP;)_KSg&vfrCT=RLb`aMV_O zg{S7GiFV?`)}dLSs5(1qG^VHmSBn>~*ZUoOa%FAz8s_kr&mG>OAJNu`^qu!zBhT!| zu*!r#e}RhSq^~TP-bjf{u99^341&DhLQFoNXWKF5=~hR|iyYnu8}VDHEaeb=k%oE$ zsG2@`1V(69v5fJ10qbhnX9BblFG@^u&H0)!CPSUj!vFQMO$#=H=viS7+VfDjmSAs% z8-7C2<3$C}$Sw^$F&Q(kG{bF^KIvlheR$$$-~?8uG`)|i>>k#ie|bJ%{lgD=A3y6L zpuxc*h~^zj4o|!zDxVblp-@Y{hTXeaGk_v?(4H`FAeEDeVI~E2fW-Yf_{&0ti8)b) z7S9d#L1%1KLYL!N`%1Mc%a z{3!x@)%EQDsB`RwVYWxcW;lD#NN6^B3nZahiqrA_#RG)RkRX)+vi%`&0)S}1x4yt$ zd_>LYJI?cE*bhetJ7`Txz7}t~Rcu zO0S|)#3Wf8c?ThFHO%-UHW-urv7AO*wxK@c!dKnqshu>w&HEQgJ>Ab2Rpggtn0>zi z{%EAPR={6{H(r6j0KUVQr;=^g(LK1lyF!s>#b|DC2mCmpsdaUGxogTh)ib$czOCxcUG~$Q<)H%pU}fzBJgizD_IXhOoB_FuDa>8DD9} z*6_#&?>qybrNS;(ILre_*`#EKivZPp`F(IfLD(!uyv7Fn0cXpdiOi%ad4-?3qKdVS zJh^t0gXi-`c3tfRYH4Gv@7{WpNOhFV&AvT`AKfAwj+654PI#r!U{GwR?}zpN`spu> zi|4zEKVkI?(*_2YcV|okCr_u1Vel$0vZiJ}w=X+i<`?Oa@~tKYZ=UR6VC9TF)870%prZhhCm8tc0YBWWG{!7YDw2l(XyH0bLrjV*A98;4Ce%2;m_M`E7G5w zN6Ms^*9q<6zi8-12*~dk9;acW6#tJFJTxE$Pq2YC0pOgyma|vr4L@?M7ko!S;L~K! zF})~}?GQK{%-^YKMK8(GQ1@6`S#BVJ0YPhV0%t4-R%mIzX5I`8z=qJsr#c^A3rNaD@c|0bDT^>C*muDu58|upK<6m9PRO4e90gFcXZV~(xSSkY zTIphh&w(?}tB7|@P)3fJjzC&7_uB3*FSTVqT(Gu)o4H6)W=~6H!Ww_-RtEtIXZEp;wR#TMahAQrev!2T+YbFj zs*^zr&6huE*Ts9=s}-*xGtBT^pxa#E!*A{7lKMQ~mq)Zk-nN&;#Hsk5u6fIG?X;Ke zwfjU)3G)eMHBhNLk&^*gr3tWuaI;zTEC>6Mgg=g~PC;1x-PbJJ7J&#&_C>Q2;YcJu4;+KP1Xm$_Fa#h3Z;7&w(pxzU?nu! z@*p6+Qq;Zs%f6QK$D(hV)9N_bnM_ztpSNQ?XX((9U=V!B=m2=`d>KB>k$)@+I=*-t z$kJf2eff#!O24h!UUguH;ds2fnoNAX2U>t{#SiMDo!`9wYpL42Kakb1eJAo)HTlm>zLruD@}=hP-^H zYxbHGv*^#|;M)=26Xp~n5CxA8}6|`*GYT#gRC~9h(M7l zd%>(KEn;}kIsi8JrIdz43+Ua2I!4`+?=LvGJ6N4?%0Hyr`M6(=Pkb{l;(OJdeot){ zkcJDrx)E4U=uPMFHT%quy@ol=&;C1=`QmUQ-Sn}P?Jp;>BAs4zH?AEyFqvzekVGvT zB?N(P49lr`ovi1E)|=WR!J_nE)O5z+enKZJ-P`xq=e}nzqj51! z-ickM`z2Vz>zwW5l$HpqZd}1ss*^5A9r9$l7#juCKuG7l&i)`1Mu-fK9RDcOH}99; zk2rdpq@PIDaZ?9eas++5xO55ZN$6yIi%Ds4Uje4n=w3!ug+ntWoF+sLTB>NIW z*?25kgSV;s_D|V3_Jr{O?u<26;ZtllyG~d7XdmDWnu~QrE=#rSvgmR}*EO>=oY|S`lqR z<2j<(zRX7YD(*x8KPaBrzU0`N*c@W0oL*N#T0N1yPPhQcG<&3u`Rc|r>D?aC#kFM| z`EXyczi7tKC1)Hy;{x~VI4k%pTdLD>dI)q|)_aL0G+G{i_m8Is^5%yS%yNUvKRa_` zc@l)G%lhbY2p6WkX!o8XbGy+R<IKpw;>+Y@i+$UT zRPyZLLG<>S23M~~MmQmTq6hM1q|-HOuaGOBCH3NIOQb+1_D>2O{Gu5;62 z-4CYM|{lPimX8?vE}UXt{?DJrDfl{TS1jDypbUE+6_)9Qj)@;g(;w z0->-p-^GRZS$+P-(Q)nWRq@&O&!`7vT}SYY3HN7Ws_8VIu#IB&Yxr=lb8uO?fXIJ3 zm%i!hc`lxl|By)c#4UKLC?$vTtnc>|3y+OV`zvZ*S*VU6?|9|q_`c~eh&lK-lsT`D z4srf(afInPw1MECwDn@Xrb4pMqLn=5Zn=B|rH|pTbvp-8A55Oy=N!8aB~6-T#Gsb* zpHTn^6#+pcGS!z(;MGC@YN|GY7jS~L`0cIkgfKMmd||xwaDRsTn$`&21!BO+yYz|s z`ZTLH6b~9Xs1`*@0>(N130NP)z_BMBHU|Sc$|ksL5fI@_OuD$jX56ewV@rbv|C<=w zBGWvOGZcP10s6`i+aTB3 zw5KTZXpPH2m|w#_fRMT#w^{u)t$bl`5T z`g(=`RmfoAjqyP7;;V#{xnDybs_iYDAk|DT=Fs%FgoKg+S}3&~aIJo0NywPtQ>-#( zaZRtrNw}{7{pYTLA9!1nty-7;?G-!y*OGE1uky=8fZ2Rw+64-Tjg6L1v6Qb<@pPqG zTf7BRo?$ei$*18fj?GDTAXTt%oXWq#It-Ue_4N_&^JV3i<5t~jQ2B$mUyk2H0Fsb$ zLBnUi^^wY30Ty{?S~_6WCsYWtaGnQ^`2sfTndeaaIyU{{Z1aOR8V%CIY>`j=F);I5 zwO+m)-U&m_e~H3I?2{B_1mn{1s_v?~=ePJ>GnSx_Mt1 z#+RIP>m%!cQhCvy$!x0U4jDzwF$`CT)^Tohp5HFssc^<+VfxvBzZ*c*rH<;D=(WOg z5pF>AQdG7CG4i$C6SmDj1sA_YY{AVg`i~>M*A(TKtdYreD4+|w7T?NkymGFMD7!!R z)&WS~HRrOfNYYOVq{YIl1SxzyrtQi5-^csLU(drZ_&M^&B_zy1M$3=klqF<8%EGIuED z-sxR+3kqP-{tRxR+hHW^n9fO$&?no9$?K90nX9^umTk6a+9yC_oO>(_Ds`O;`4%!} zLk)a5s0eptj2{YpL7N&6#gXhF!-4s|5x;xP-yfsUzC21A)jKp(w@#_l?;SPgh|79U zp0zCPzA@DH$9=*5)Q&n#!S{yM3P};82NhnZb?XXDL}aFp)2K--*%DBgT#G^dpM@{IaJ{&D;WA5jKrx2Dpb7Hcwd#$qr0C4&nw zSEk-eN9sw+9QUI0YC$rGji3M*ovSc_u+v!g64?%JKSW347BrkcHJu@}0|o@nqLqT4 zR%pA-^T+4`AQo>F$5X6ygreu+J=s+l7nkzW3zSzRoBKL)u0NaYO4FvduhIJUlvmc{dp!}g^UmYwjwi!0)BL# z{8_{^;!?oO>EckCra*QK)gZxoMQ1diOF!D&3Ca|Tf!a03-KFIjIEqqj{R@eG>LXHg z#-;lHBNL&_bdtpgSAK=*B#+v7y#?{eGJf_)i{iqRAT zeQ??WGw+29RY=D#$Fy8>XO<1gs11S>Q8VOid%|^9=Y*_g?U$g=19|VpG+`mv*`ME?cuPY>5?r+(%2otkO~oJ2LigVMrwH}Z6DeDRLH(JC zXmtFW{kPoTvVFV=baPBcn@*(7^GRIaJCH*@B;>&zB}7EMhWq0J(VgZaHHwRo|CYUf zh~tS4gxDBEi49Cu3D}5&R0_u}gFDvu(s*Ru9t;lF4MeFv8Q9h5Nv>J1^#%|41P+&i zPbDh@HW6-LYy~;mCC`KQLhQjWq7AcHKgors)3E|GAxoiU;$mi1~>3WDT&M-petvVD8xNr%V@iA+xZhQC|qvx6zoU;1OFw1cnXLDpM?w`{3gy81Ow40p^wGI6S(W? ztqKGQO*fnh*Vp^WJ<>GS_L}yZImLv$&@%hq~WtMKOgVVC#?=>2??Xtw~=Y z=i6d0n5FP^mi=PIq~j$0dSEWTOW9lJyBgq3J|Rv0bbmZv+V@&*&(Xu7yCU&Whm_xw zc>vUOcanY_b_PO~jOW(XB-pCd2MoRx(kjl!hvXzn8YmB1{Z(1fD*_b#8ZQ9oAyfq) ze!QW%DM|MBaUURaTCXEvzfK2>y^JBVJXo_sWqnQW=SAwiHnQz;eBhSrDAk|iBY!(+ z;waiK7&10?y>*LQElI`LkfQ1@uP#3WoxX5P!kDy$HzwGSLd37}RplxqK8UN>lyOM2 zX%~{cn3bZ7qo|mN zYOZo>7tY7PI2en4h`*D1s+YU`z%eS26(XV`i*JA0I4^0d2_GDoz7^Qn1pOjfXRoau zmXY^XJlBPBLXtTabZmj}{hXHWs#UO{!vqd0?~lR>p>TL#r+9hV?Ko?BFBPDf#LM+= z-9xe7NAkF2Y1r&u?)QPebYDJ)(h8Wy<)|srt|3mXV7;=k zSD9dX%%Q&ib@zQ2fYs5zASL#pl+v+Om6St2&?H>_MxP54U9|$2E}62HgZSbPV0|Eq zE!D!sNTSf#sCW5k>UXrBXPYMpa#qzEQ$_tD#R$8E=DD^7t?FHP5FDdQT>@TC)!=?+4+2DXe2pEQi_9Xdagj?@T;_FCB<}KdxOoLO^y4 zLm*wyL-fGuSX^oLV{0EMt?5eRQkRO)?eaKKB8vd9Y4D}15arOsf3-6=k)IpVwCW*y zTE@Pc-u-O$%bUdC4~E2qp4+d=W`e`L&lHk4eJ_d6UFNuXGVKAk8nH+5b{8Nvgrl%L zpsG-yMA>_V>hturzfi8rzfVe}mD~j1ce5Y6s?o?{v5VT}bFG!%`Q#^x8f|_5?#NHG z!zE;JsCXEH(UQ^tfc{z6xXr%ynggnC1!H#4Ps{f`#0F$od@jGH(@(pFZ^Smw=#bo| zv3~>{sAW4R^XHPV5++A4ZN$b*H@;7E>4wTlHm6gpPi=Trn?B`Fk3L6Rcfkx(N)~A^ z7jkDFxqa**MD_r~7(fNK@=4NTkb%7lwkr{rauJKa%wKP}k>Oal$szT*DP(rMK9=|e z@|a^`b1%5%Yd9Rx)kAbErSpRb=bI}|BW26fYlvz4l~qOh41#6BNcss&=W*X7)WzOm z5N>u=8X0-8o^ZtC+Z1kBL4NZ_AGs&Kav50M=X~cJ?TrhTQ9j&ZAkPr9W!n{nr`5nR zmIjX8-81_dJ7e13Z*{7fO$K_!bqiC+mQ|ROUb)(S&fG8gYKGIT!(Kyr9PzPVcPEom z{`|l!$hkRqO2tJ&MB-JKUPN+CZ^Y1Gcf5nL)4Rg3eDHRZHkT zbU(OfK~!Yt2R+zEYsbeB*NN^-!cTrPUbyzigmO3F+t}{EGbj8QxYvenN$po9F~E-x zemos__}tIC0|fj*nrJ>I>mWVLf|K&S*7f15BS#0B7QH7U(+R@0EB*L=;2WGb~tSN=aXclk7N18;*FEP z*Y%N7cb;92F@EQQ6I1>{BY2U-3pOzV_hGJFlrSr`?$<;tpyk0%_O`|tCw+n$CFEer+NGe@!smRx!KVkH)!ERfm#O~RkUep$eueYaG+5u@&0 zsnFOzvSK6>%U=ZYdXw}!o14x$#>uR`92(s;#Q*{(I*n6ppQ{7$DfA?`3LS#!mn(Yb zDqoWDogmt2yIRig$ioGJ1S)t7#^v2Cy{ujiKa$R#_2rAlf)zP?LpBFQ0<~eEhS#}Y zp!_%gc5@+5mU|lT9{U;))3&WD3vM+#1?(SxVk6ZD8d!+3;-(YxJ?IBZ)laeX4#OGow%v5-XL!W;UIt<}-H+_( zobD${++yO(0I`aT12|=WPf=)P27{Y)RKBRYYbhCT2|!{gMPlw7AIFAci9_L$(EHbY z$A{pA?uVaA#Dq~W2c6AK*ha@kxxC&Te9NuSkFyhQKaQxL!^Z?E2<*a)iXihV?Zi1c znfe7Mw|bA+wt5^jbKzb3HMBrtekr91Qe@^`D591viDT;aTJCF7-wK-ZJkaX89P40_^{`;ybeO3>` z0c^!<9TqmI`Ha%@>g$Or1RhxWzMnApH~MhzOc~PsAkUCybi|8kQv?yPVCp(?1okPv zFN=J@Izm0X#=pgly>ef?-4G8DQ|Z@s@8{cAjLQ&nfMBW7VZT^xsp%iMSW0(t9unh{~XEOJLd^6AeF{zAgrMjg9SY~AfxRa={Q%cUK8gpk}B zqC>}%7=_`hqusQ@(~b;f)Q>{8y=(hc!{?emX@$U>Me>o&e+LWng2l2wd*+F}{^8g2 zs_0yVq;}zUgA-!?_%hAC?Wrt%o&E)QsscoB?of$7cNAZ}bObUPzpV%|g9Qkuv2bD6 zz2Yq0_wT^}DG@sqFvc=DU#qkc6)y5-EA|9Mlj8o--oay?{Gy+1Edk&TCsyAc&&BgpwaYvPcjm_(nzrR5E=19PX?&Yi`hsh)s8O zRh@n0<6+2p{Cc0j&VrC(gorS!XN}wd-hetuKaFNfIgYVmV)0h+uk{h_B>OG#EMHuq z-8Zp_1Ff{QE@x&{D$t|e-?)wy$?@hMZO#xOX=}=<)fOw4w_ty*;K9N<05dclC&rzQ zriIO}3uRH%i$O(S$gc}07k9;8mk^WbDu1$dWq(W{M-cV8hgora3HPksM6o%=+DxrU2+~Y}7qc-aM)3uTh zqjPR=yZCz_NWY=iUK^S%=kCACns%TCosWSOikrS)tzYZ9+sQyGCUY-$N4+gS zNQLXhK9}bP8TPrbVUc^DU)S}Tu?5m-JW|E=S57c%pSz{Z?J@y+WXsltX2K)Dxcz&j zEClD1EFm8S18SE#ja8(W^{L*Dn%udZ1qs$RWsv+pW}ih*NdBF9K?VCA6AA+fQ~uMG zeeB)rbVCEHQfU4eg2<_xE)QrZC}XgHj>gJzxIP}26&p5))t8_Omyfh9^m9)Ip8`8k z=PSMXU5l8Y-XO62yD})LYDeO8RX}ef8P*)a`uo7g!rY37%hD`Yeojr5gZ2-9TAV~7 zOqF$akna-L;+ixoxFfsgiSno3o-37nFt)%4uy6FJPr6Xba}OpGINkV59~z5q8*g1d z4}-TakjpZzC*ax6?kWv5tIKdQX@QJ*o>qf+tAA$GH+X&RcvHZHu8c<^Y!bupz)#pI zgxvM+T@A7>2mOgvPcSb(KEkXl!#!v)j0_7P%Gdx%d<4Py`S?@4EI@EP!FXnm7H7Kn zV*UO^a4`#vNms@Fz1(HEx8K7QXf|-t#!vK6p$nf6r~|(iK7SJ5`JRNz?}_dZ5ef8V zhB2B=mGilZO#OxhL4m2E3->t@Va%sEXB02mkjx|6Q;O515YoGN@clFXEoW1co*w6E z-jhXtR&kcxo_nHutq$W~vXQYR+&_cEXwEa?UXensj#fu6nERNoUErvElNUU?($VJg z$QVQJE#1ymq+E?kzJqBMb4JUs>w+7%u+kw7jgbMP1hc7iylFjN#U3FEohlOXVRj zjaT$(729E|&k?*_QBozNwhr?}nBByL#S>4I0R->8y9KpIA!j_aU@*@`yGryykKyo^iGxvCeR%0jJ;`^7 zyLcv^7<{5)?t^`X$6-;)icc0?Ez4XMe{TD2dX}#&(?ixD?)N&LxFjF;guYyLTU8j+ zd$TqUxgS#3RrdG8#gbp|!!y=WtrNQ~Ab}CUByR(MjIH-VJ75YO9Aa6jL5AML>9^tj7<`$Vc z-Gd)WUh_FM!kmAY6t$a^E4++lTb#!SS$8PpVILDS`J7RYQ8^JB!=J= z5+JlhF}3n$P@wd8w0#epzn?c$~P{nbeGX{H$6{uI4mg%T~?wf=?zyA1^; z4Pvi}b@Nak6KZ?{xDtQhS#6Qb_4k7%y^ohLv@xr5t31#u*V%(u9HZwp2&s(BElu5P z`L4Uww+#?%DbDtdPsfUUqMMKy&+nd*04}soE=pG0>D@A~0Wi2{oYCFt2$OLY9s{$- z^<}0G)EGrN!KmA}{BQ}`+>TLqD=eP6dm2q1YV&KcgN7bKB|g;I5$n|+&7^a$%$dng zq49jgr{_EG8k!vL!SkWM=nndi*quAntiLO11<-9=>uzcBDLYy-)37|MB40j6x)j_e z=8VD?j%j}%7j!UJA-yIcd3UD@7Tl1(2A}@Ua$&=Qoy!gxV2Rm7Z@`JmTVYV(?>Bw- zXf58e7%#dY^$zWmLyhEe;TGRLn-QGhcv&MO)_>Wz(jRlPSokFdN2oQVo`);m7Wu!s-B#wWC?&T@Wqq?&mjme`Sz zLKXGf<;>#)_|msJTH5I(?Qx1$VIdHaAyl+4KnU_1dEc3VhF9D#C##9!34L&wi~{Tg z&giZ};C{J4*-6XD%|DbzuIsybq2S=|^zPw%t2o~~f$^QNG*ND8^&WRa%;W;7oxPwVIoT9E*FpT=kbZ_*6 z+=yrMw^2m)A%(s~iY5hiW(L3U<)Jfvm2^qIa{n&RfoRM5_dO7P}b|4WNB`90RkV|Tr=0mx6^xCo&G6tKl_gGmLyJI z?h|=arcR4xXY+3#cez}jRFGPWoXFSZqjm1IUg3^xZ+-xW)1%RT9KL%%1{3ryw%#I& z`CU@hujXi7X&Lw)B!#Yhp*H<60cGN_?ugfLa$^q$>AHcj*}YnllX)g_GP1#K!ZVM zI`$Tm)yXRmWwVe?&#d7o#MREW{Iu77N3d_O{!VwS*3; ziDNg#Nrelrz-1bAR!ll61wE28qp^NyVV`KiUkyC`Fn&zy}qyG{=p>%)87zCCq$XdW9{7bDKL*)M#h7>zNRtI;5>Xv?beg|hF?a^46Y~xDiKfovIv;JL*>0|Bj#;jj*^rnAw^yZ3p&&{Zycsl$=d0u4# zU47qV-oB8v<>Us%`B^Cyb%|PSP!Y`ovgSF6st+1d&^j001W2xm-@;gO+cGWgZP74D zTGRj?J#0*INF~zEiv6CiiXbR6hii}UvEI}3>rE6WPGOTrnB9_RgBHPPIJ`*rOdr`f z$bb9iuE8FoFYa@FVF5@si%1&W2$`?ZhKVcW*!b|2*v@BjZ zAD+u0Pf%TACxoKcGcxBr5ghV93iE@(T{E0`@czq*9etg(8?6rdyBX6{I(W}gXLP;w6( zte^-t=)zt2*%d65=wo}OdW6nEPx}bnJ@RnAOCx{X<3(Fv0WP9Su4YH)C#Aar7z)pT zFB7Bi0NJ+V<#iQFiX1Pjv^~TQFkkzYU9}T#n!h@?--P6o$Fv$)Wt+ul9Wsy57I80s zf42&3#w#p#?3gFb7KvRXz0QneG;roAvUjsHEs(Tg6&l`V#bsbwC{Sg~>R12|LN$@j ziIFcS<8!@5)au1h2tIxUXsb)I?y;GUiA}*YB67mYV%gDIc0Vy}QqUQ|EvMu3-S-CF zBK$bH3ACK4wq7>!Pe~jYaRonkM@uRNly_%%uAE-dX^(*)3`zg-T*(Eb;Q+R=y(GnR z2W2T9-6PVF8aV=c1M;GmdRjU?TYL`dzrcGx{n4^&gBO&CcFt-RyYOQFZycFb9SKe z4M3S!CL{Ay?28Y8wpWjcv z!nKtt`-Mg0?Ex*G8$+uS18Xs+XjTLsXN64lq#ghh#^X2O#Ec&o2gk%eqnNQ=mOE<0 zE}{ENS5#oLTer&%BkmQC19l51#4+NPJbujuk{Nz{G$5<4iz#r+Ge_f%3Lnzt zv9D}^iFendnSV}nY#pdOarI<}vQIx9ldR|fWIpwO&glibuYf!>_-|b4k1l}Ze`&4L zr4`(ny`TsWip$}C#iv@8EI`?TJO#R|aQni4a@@#qohMd?X>c~sg4z0_MYarU%eEqL z8su|jPhs$Pm)wOXg#y_fTW{(|KEC^c1A+X~HkK}8^9U*oed3tMZ_Rk*)!EYxWYiRf zofx2iF5va_=j#B-lDs`z@gcoVCq22MssxKhFR+r+1+lJ@U#Ku;$?$p@BOTQvwlNK5 zvTgVhq-sNMe%0QjL3td~5?qXa@t;GOu=!ku^Xev){vp4ed(!ec5Z$L4X|qtJPkL$< z@?8FevRQM+e6a5f8v;#bI%f;z4YG)A*JBRmD{K9 zF$c77u~ok{94^U0-LtF$ec{i4SbthQF3MM3+)xg<@;t72YYxzsm>;!!1e3*^HT+#C z#h@O|E2gMhE*OGyfHLKAM^W54md*oR?$WRaj{IIgM{@!s2Q5Vx7GTg=iqOvJ+zLt9 zKSN9TrrLT+o)8RPU|6qs1#p4O?|@}moOgDiV)%LOR$g@nA#o9QJCk>Z<&GMF8KKb) z_#oVn3M=kMWNnR(mx8HU=lIRw^6*5XLlj?cPd~mcg^1E(qKEngt^j+mtdDs*Aanrn z^1OXhTtfI0p$E=gH@GuPZgmeRPK4W&Af(fEFJUP{L_PNbM!ga`9*p)V9QOlZl~8K( zI9OMLGthXPJo~dM{vKI0Gtl^*>(%kb8%!Wd(sF9(Uk)*W$e*ZcPhy8kg zp2ADRJ@x^BR=K=mn|?&dK)N#Dy7Z0eax(t>(zH-T?F{bGMh=xRw1vcUT|4K-4z}a`Kc;t|vHF8R>CwY)+Ca}S6le{xkjh+Ar;V7U8g~dq7P##Oyw8XykB@yJ@V)r#2>`n-y|)K zKMZ}5@lHe9y<)OIFE($z_x!lUXNLD{pI!Apdd_$A;ntF1!FZb{8oc_$W=nJ%Az<`AaXNC47g5>T zU!-R;J0YEf1z0&o)_q0~-svZB$W8F(8?8dqVg>Z!2G`hqWq$V5x2?s`J)XtuJ1bCe z=!T6w(JTKXB5GhuhGK;I5}nglE`Hj@k*9NhDiZJfN@)Q)=5e~7-ZD#Q>~uqHj6N-^ zSq5rjvg(daBWc|!MP`r7AV`#Oy+AWN{N$0p7kA=4eN+8w#+ix6HPlLBK$m>>I9ueA zzZ)&6d1q_i5Cps{ye)E8%ZJwTBI-smj@JBt3Hm^321*lIJf=O7LT~W>w=4WR<6%izJ|c#d&C2461k$E6AQ zvp+o0>JZ>b#~=Gg4UmAT=g|-CzJT*E*UUPrJ-8!l%uvHe#!Mmd-RjTQ=O`QouNH!R z+I?yo@SjllwHS7zLsL|W@Y}-8EV3g()6QoN~sM^9wy)?&ttqcPD{NWRWZyR;PJ&^YLR>#+vtXC4AR z)gxGH+d`V5`;%`44Vs!4Sm?2ntvp0}zDmz$Mc0DAmEz@(K_e6A@N1RovRWJ<;=!)+ z2Z&(*u%%^#>!=c%JSbY1XcJDK(V99o+Mj|J`VBaT1zq4qW?gLmF{Srz3OAkxPwop4 zYdS$9X=ErZKuz;2Y3?(!Q50!p?ZPJ(yoOws ze0krd?jc4u%=o#kW+|^~rBe^<9NAyiR3l-zySXhm(eWOrhH-V)ayp?Ue4wk+qW=tF z4yRtfDjqK9p|vEE64L z_njro8b85!>H@-oHlZ<{(m1NzNd9mvfLpvv7j^+AX_K9(H6657qp6;6^vq}5hh}J~ zwA{wm6wStMUJm0%C;aPkPaoLcG3R~s3TEBN8Nn$iRucvh5v{^Dm_!E{5L$QOSx%+5s`Kr_ zx710og?7m3<76y(P=Q_$18Z{doAVyJ<;Ha^%cB`SVGg#!a`B~w;^)Bd!W9j;fePKn zeRVe{{)%e%#}6xxX>qH^eIdQoi2H50i}J8<`A+8ot?Q z8(MZd|MT(TnTekk0m=CBy0B=lU$@8OE05j-G#K=Pa90F}x*39mM*PBNVIGGQe`>KM zV$yL? z4GHF!rz^5=_is<;B^r)8Y>Gcv z1Pv9f<19hTjs+9=KPPqXIiwATHo6xvH^coZS*bMS)jNY21P29DmN$Pl__A}3x_`VV zUdx*1@I}$92OBQO2MH0lGoOrA(#CtCcF(ZKt*^L9&hxZYkneGJ`0MY=oy^2ahN`{f z?RI`gM@E)zF*5dOetTS<_qa~l7TEs0Ws+friTZzOlc&Jw-Zch*Tcew?~TP8_2 zN$wktMewVp;u;p>m&MGVGnpo+o??YnKkThi{=Iuqra zwAHD!CG3M>`x(^!T3?dx5Jw&)s35q@4oPWSdj{f(+XnfEr4B(HeRCN5Z3Nx^UX%Uk z1&QlNZlh!K7mvuF-W3QIt%MUT9lW-I4EF&JUL_DTEdAI#X2}ypaQT+2+wD zKB%)!-7J`rHwAJLf+366kE?Ah@2jhGy36 z9A2WDgk9ct`W@ryDcKpCLJVI`K@7rc2JfOMtf9Ju$g+9Xn(SB4d_AxP?N^lD_om@{ zLk<8k-uWiO93D5ce@|QNzuGsp#8V;N`EeZSEV-yo*QyFpGGDX!M058clu7rDCs+R< z$;qbs!1!P<{4%-)JNx!Lev?Q$>&t812xvH(mM=o>CI}P#MUOW#ToN#{ROBzi7rn7l z7y?SoZkT&--xCl2)oQ&thu{+KdwLPl0F;m!3!x5kqvpa#>86fle>EUFIe@B8djO+A zZGPUA+uAq>8H0Z|I+{GMI)SpxUz-h7%0{TS+e2-S1W{F~Z2kh@xbG`Nsq4;s%M~}O z4pThAA|^iaF(10y8*P_Y^c{9Us8>4kOwOPnXXf>31?aDSkA#ub?hVbsb^P5bk0$%L zefUQ6<$wD1U}(SFMop3yB&Jcn*B>|T7r#9v*WqVhBbF{dVY^xNj9!<+$*!(U=m_4P zB_{TKL-cEM>&+h>W3PD72M+2-JZ9mu6yIcy{u$0~muf%=`#aOIZHm$+0f`?T1sZY7c}q*G-1(KM|Y zR$b}`Xln9%d?T~VTC@D&6U;ysHx1Qa0~jsXUKAehE*qT~?yT@$Dr;lsbk~RB-y!Ym z-uE{#y;e%m*kBLW&(bGreQ>bSK|hZV8M^gkoH4HgJY0K!QtaoETgDHuz5CPA*U?<^ zwzJO4UYrD&ou9zEAp=CYrMN`t;Kg!CY+KD)a5Acm3y@{9ZFunlMYvb}fssao44Tt)Ey^&_Liz0eOvn~VU5VE{8Wz4cp=rMP z`Wg?RrdBD}v~an7Z9O(eq5-IDO&0c7W9H-yN+jKGcg5h20m|404JfZa*a@xpKrIBra(HC4wX1Sg|q_5TCxpPod;=obB9 z{TwHRj%Rz0{P#U5zbk&d3&9lSX~qX>3(Ji*7OT(}mm^`PlM@^5wt7 zgijgklXl;eejDnm)MS>gpW!c+4S|{sU}`%OpziAFnx=4j6P`kf+B!H-R8F!Loa3_N z6?pdXu`d-#b~s#>vmzU3?9V)ly*!t=_HIZQFCgFNzeh+(iAj7{!>&QbcQ1=-e_s{{ znEYc=F2O!>N(G)#LY>D~^##b?*U_OEa>{X34k`B3$IiuQ&yd)_{$F z(a&s8iJk^O}P6Ca!;$r!(;&e-fhd?<0K#=5O`43wRKZ z;xr%0_DC&cb6qXQ0aL89%k(@hA^HRu##9;bH>`q)$Dmqn$>;omw)K+pC+fszl73o$ zD;EHqKI&eKPOlZP;{AMFg0hR1Uv1Znz(JBzq5kn1N22$h$Y?9!<1sbOHBLZe!EnMQ z_`&lQ&05yaj#WW*aEz~?D8!?`m*6wsxy3jKkfcL}1-%6x1<7ZLqNXm47T8gAXpO+E7+R;7394;z+kA;x=0HI^Ii8nPd2^F?t2dx4rzcu@eCaD zO`Vv-@n)6_(BrKjf;-!iz05F+P&brh>Lopp$t8OGSR9&mzbx?2p9Sa zd`)OCWtK9?BwZh+ehyb8+!fk8SL@JYjDmSc?orOAO4VnV_)oe4KrVQHjNwV&`VX}A zulNxspl;&t1}dFsmR`Om1@aO5(ppYO=xIjA2RK)2&;35VV9^rK+MD1g`gWeraZXR$ zaOKXZ@;y5sw8^1wJ3VM%6rIs;O?G)qHt0RBF7*;%fmawKI-`rue_reLYw{;6ES%Fp zzqwyXo}q#-pN&ZC#uFCU={`sEJ#j<}C2=1AIsiit=EL#LD`u3paX35!|DRIFK~0q; zgyfz&#qnI^m$N_rE)t@elfH*L*`p(w3u@P3^-%V{z+8DcEc(NrvJZ}X6nte*;YYhH z0J9F?^S&0~??$+cAMvggGpc>Iqc??2xPT507`6J@H2d!rVYrChp8q0weV++g?2Ti7 zd2_+(yuF6#{^}nv(Rg~^%>a3tJa6eB0Kw{C%Dxo-(u-7n&8mOHgvNCqn zb^upM^CQ=fKZ3AXv*;JbpXrUHOyNdw z>rKh7e$OXQfhFt97j5nw?3Z0QNa%9+w4y}!a#ZFXDSNACh?KPN%`I+s0zNvW>4~q7 zt9%ar3dUja8Ti_4P%ZlR;7km|9QBj$JfJkol&tw)?k$-5IDBy1~DX{D5ZRZ+X~ySPk6D+2iy|R(~lQTRdJn)D6)6yru^5dLPUBevgf8 z!?PLFGH`<3d=u?BH_RDg>Q!HSRWLHec7sBWv=2_#zpiwD-1m`$ctO*SE!}~?Wzg=P zN`eIS%j-}zTTkd*^CnfEz2=}P7&ox;*k^_c4!o(WD7qh>b?NpWD9zr?-57psl(j(r z#0_j@%LRhggfI7?5~Ei9z;QrQrL{z661uCu_D_fmd-|+@Xz|uP4#JqRLb(r{z{4bB zx!&XVJ1h5a@KH6BPftd2nU7L}@zY(sXT{mS=~W!wdlQ$l&x{{|;c$JF-eOo}gihOi z$|jS4Rj);q?K~q{)-|OzA{xDYBc^xS$N3BGoZQi55>_iD11Hb74+HTkT{~D;%lN@3QV0#N?2`b zBA+91E+C$oGc4b`UCP`-?1(2N+r2wP^*+PU(csAgeud^t?Tx@fRG6m+GO{?qA!(ua zqf_}&OY{U@7Vay1ohj_pwuUI)MYU^H2dFKrjV5q-_rSkg^ zT!9RG1A>Tcg-I|K1GqW5^JSlu_e6*?Y7)R(s1-v?pn_+7^Yd4{0kM)i>GYG6^nRH} zBEtW#sz}gu;9EM9_w#WLgVG2hqPn>CK6eyIf9xM&onWiZ{eph`Ii-zQ_j=ef1^CAm zQZ72Z51ciuD4%VK?vUyh&CHuK$Zd7>+pwqNG$!me*o7~9&Gn9?7QQ;@{Vj$j8O>zdAkeZ&>A7&lk9y` zxR&TJyiXeX_f_|2lgwwnnG^kHB@Fd_YF7n=yVRdg+jiupZQV;3X`I<4CQ(wPYiFj@ zr+UzCK_%7C?8nWvU;q#0Tp#DRUH_ux`grigBp~&2TIC z9R^^y??dUgW;Hy17IKgx1Z<#2Gl-7IoWWg+i|QOb>JT7_pVlu_{3hHJUAR=e@GVtK z&}<|?mUd$y@r#lCoQ+FMerx*sM?s)fiquXJfKVnoUlY8*z(4j8jm`TOUS5PW1V8_V zi@9Gk3GZ42BX2FMO-FhWpKe8?5sthjW{y&t=b{iCpS5mVAt zi};DiDOj8z%tK|_BhhmQH-HGhqhh#4Ih3}<$dD76l~D5l>A!jIVPR$Q({nDLf`3Uf zk@9G9w-v7PdkHNzD>S=s`tdE1!>K9tQ!ZQbq2e%9%HcYf>(lBSMz}2VtH%jXJz7ha zKgM)kfVNxEKj_1s^%J(Z^6I!)9WJK}KD=jpfBhgN`$qbH>$e!`V%@C%F8e`cr{KIj zM3tV}^%!XctKMuwJD}KO!x`K;yi&yke?NOd%tkW_w+}Oa53RuA6Ob|cG9D>R_@($H zX&(KV`TLx0e<}H-QruHr7L=y*EHq3@e>CGw!lh#+`>H;imwd8 zRmiDk!exkJb{v=GlcHx_GhKstCtI}+t1si4LC#$jNTH;AZf8eOi9@U0# z7->)TFTjz|+K{Uny{Sl&Sc!s?tYz|qzO?Gp>h|;5_O1%LJ38J~?_eDvD^0H5?#+rh zRMBeroS6%mwU@z(DIgje_SN*Kkn)Ldb^8+Lm;JrC&8^ZE>mKjjz3kHLLH08_)Bw`8 z@qn&aJ>@tfrpR<7ll=}XIAE@|`=!S;LF7T7p|8Ayv1@T^t_>{M^4lRx1-1bd$%RLG zm5DCx$d73s6tW0dpX+7TZA9Pv=UL1@5eDK59{T>6`0*}$QQm`T?5KVh{5Ih4`iMRn zE#4z)=9sPBiA55)sWfk&=?^w4@rpN$^qJc~7yJoP+;_Jc1qV3(Cc1lE_IZYqPCwBS z&^?|44EOj7fk=U1NQper@L}!&NmhQoBuyF9c%vJ{!;QWo>n6J$H0TCs-`;9U7y@a)48bcY7YuF5e7h7=`@C zm&HT1jo0r-J}CEyf&VzebUG&c8UV^oyMMhVW;)IHd4D{tvP}}#*&ccemJ5z)9WiH8g8d!p8N2@i7;7aB-T>NH6b zNwM1JVvjmfLHjHy*c_#1BLpRrcD#$6r@+#z{cxOmn~pM{#8Bra#su-)KH~=4t8Cz! z_}e7hQI~yZ`a1Dr^g5nD#&$lc{ycr^!lD}{JvXeWU_3}FaMKxHfzD; zx}x9QW2F8o$vsh|!3e&7K3R!eF0A|GQ1)fCbhUE|vE zo`t-jpGf2Q7(aNG5{M_XunsxO;UQB5sx}5l0ThgO7n7jw>5h;1S^}&yhtG;>63qxHi zrQqLm@&4X+#TJHBb2;gU;84Z~$#tEhhF^L=M!Ubl_y0-31a})A(N)3B#fNo?1(M_X1Ri%I%)kOj;LyjK+KZ@204Blnep-e;jj)VO5-X4|;%n`F$T zB#xgPN|Z*~Dy?T4tWD{>jZwj;PqP*|xD`3a8Ahj4@?Ad%5<6Cly9*KK9dTvu%8{>O zy@3470X&8SjaL>f+5zlQi>K#^|2FQ`%-w^t zQjf>)^|;WF_tbYaJIDK0#p~X+X3FOl9`I)*$EVU-W(Up_MjDfOdcDqZ{5zRjto(Iq z<@+sd{K&Y>ImBMLag}RRwLr38ipQBwtXC0ir}!qzJ&(q1kH9`nY@IVmV^lvaFnPp_ z9Ph>9@G3c$_ot&-z*tuO?V-H6aK<2LU$o*M7?7Kmm~;A&y_9dA?@C7%0s-aq!_T^+ zqimrhbJ@^@-8OFsVzZ)`3hZuh7%P@G(W`3AY#BGF`-VZ!NP1qLLByi{R60~&Z0FP% zbJuIq9omEY2qe%T-f4i^7+lc>a z4v1c!gZ(3ZxFhoydOo!;Bc#w8I5AQh=8ZFcfqeQ_#qDS*^uRLvU*aD>Tc{z2mhS#0n7Rxj{`q`svDTEM3_EC zbsci>TL9+gNkQbP8Xg?{ev+}c+{^uIZ^tdrMn=U{U*pD+0Hxo;9!((vL<4@vYgbMU1fi- z-cUqN@kd|FSW*-ODh&6)0)JTKxL9bv+5iBz_o48q1$3C}9Wt>=PwdxukH&0irQh-8 zHX3LE<7SgAGrG#p-IKr3D z@88*Ff1`9T@&eZiw>MFG6W%C4r=QK;ACX7qpk)B7N%O>M(ez@pKZ3!8K*6)$4$^}U zcwmr~@I9j;(32)>pC8z%=(wLi0HJp%@>&aStB^q|mv)PX@tItjnve3r;%@rg+%qNF zw2xBoUkV0XEOFxHS{IP*jMeru33>sg*OlCuPANz_Fw-RpRNV zlgVW;rNp-;xu3~#M}jDn^GW7?w^9Y?H(z>nNS%s4HJY#uZ;K=+fG=B@U$%Xyz*J9N zb}1V;BwQ|EmG|if1cx|CSOv}buY~xZCM(}>U1Kg!w)vMRJzz*96(EpYI^{%6a>RaV zZJH;UvrdZ7nna2gXAp?7dIYK4GD&((+b0Q|VBmNjpYdJo)hpB>z3wf@Tf~RK~@5 zeP6E(zBltNUN$CGBbU4JmKGaO@PU*xGM8rd7HV%A+!IR9GXc?5I;Vo zPbmYO#%K81eJ$?z`__H+maZ!7qOxrH$o3`T3Bp)q?WP6i)&MerBLsBJy=WeUiy)YUry(imBjF~UI8rLr*=Cs zy)$1*J#3QWKpd)Loj}N+oE>5Rw9!5ggj)y%+ZEZ1Wl3}cocG-NTjK#~v57CVbruth z>Z@*b*u@#*R92Nk%n`7GcWqRH)?%g)i%O8<(CQ?hI{^go#PweT+FdzzntIR=&xF*U zp_y>B=oFzQC#94UT5J zCRdq9r?HzSksMq!mk-?tzST0T4=zD<$D+b_S63BL-j;}X!9K~bx09FpxPks-QliR;Hb+QGME{t<#0D6V_N(>2Ayk_sUqn_^h`QmI- z{@q(lXMrwYTBeIV@E7$NC)Yu-P46=VezT!d8(*TYlR;FsM-0r3xnbxl{XQ+dE|b#N z{<5{kI|}17AdFR`J~iuLoT^#d);ssT|BL` zy3nM4{~A-zG@+#V?JJ1MPG~tV?|umDg;tn`+Xq8#;G@$t;zD5xyz%=@WE{HVYcpB+ zhhRize)f?=ezb<>$ZlU2d5u>YFG&(Fm&gYi@&td>E4xnQWWlf1g(#j2$Nbp9b{Gc( zUtD}Sw)CTsn=GXcGbIg1B+5e$AhdTIiIh5_gN=f_ z@qEp}qIFX7M*Ug`2#iYJ>%*CF2A?8#Rwf-IR^FB1O#V%B62=LqQ z#%h#W)Iz%IU+mQ@td~#)@ptp&So<_iU+W+Q!V8d`0zNjhgH4p^TwA#6&8ILcd}+Q( z=iY*m3-JZk9d-x_b$!0b{WW#=9CPS?CcSc zaA}tB`#Me_2A~z^iHWHu!~8exmoAuYxsCcxI&jEd>Wjg7ulxwmK$@c`y-pjx+Sl%Q zVuy&ub&a4=XxEnQ2c&BvWW5cSPV}A2gn|MR);`7;pLXYg%p70-GhaV`Eot`d~ht|?}7IN z3m`z76pb(3u-5yFW0?}v>n+W-HP^NT-e%4#&|uzH-;^sJPZl~#{KI#BN&Wa8RoE9e z?7PqXcCGIcg(82DdlfzwxS6#`T*fyzzn9%n)wtkWgy2go3|N-zvv`pVUN;iHrz+;w zHBq)^pYUHu*O;#B#^SI?T@m@c=tAJXGW;nj#-#^NPvNI%!cA^do+YgJYt%7(h^qNn z`tf=Q6I<#!TRS9`aXCBl8H_s;Xa4R>P|qtN!S_LDp~>JT=HZw7M3>_9$rff&=I+O0 zeX8x;)$puY^bk{_F%93d;JTjDV#V%f6p|3Ti0d~R-nYT?jZ%Fa3gJV+XwTA~QniFv zQb#{JhoESmwCZvs8{)6~0SQ}dfp%{e5JMjyE>R=7So$Em(PrZKR1mOnadD(t{>)SIr3pLw$uH_=xvQ0pRZp zhhU^k9@0McR>-?>)cw8~t@ruXzmOmaZ>Uyil(|0v^swvpC_lDeJyg#09@q2J{oM|) z5lweiSnUzzo4n_3M=#1QvJ%BoDwXh)y3${&EpHs=`W|Qw0_~t_;`?uCKR0s_JzRDq zIe9&R3%t>{=X8MKo#&Yo)LIx==tLomjgSsq_UTWAWJRb>QWC0}Na&fMz1UQ0_uljo zpANh6IFBSxc#8F5PQFiZCx>8N^?CkQv}ICBO9Nvq(9-osU-vYf$^V50rDR-Gh>DNr z_zD!=SJ)CtK5CbS2Fpp+VdP5qzDAvaoW~!XuUlUkDA1p}y_sGC3y_#4;?+Dq0@~QP zGb*d`p%~L?jHzC)?$}v;jN+w%lcwQj_?;bkf7|GWXzsd)TT_fNMHKuaEl$kHgz5@i zuhzbO`76r^rWFchAY+O}zmOX1kfEsqJ6BO~J?EqEXEb@OC?1J@t+3yXsNzwjdy7wF zs#y0kP1!$^u4_wCZHxYrB!NeXB0)0BnTupQ;Uf-!ZoM_|a#LL%w&mTsd z4x$69!Iv`a*c#uhTpkSA`j){yhd#vf=kdCIM=kr3oeq)UhT^)AZxMoXw~YbxHbB2% z|8#p$348M(&79ljRW-`dte=1{8eQPx!No^~3PE%R(k3Vj)aZ{~dM(N@c(EtKA*%fQFXK z0hrzyIEG?@R3Bb#M-|X%&~D-rvN?%&FfQs`4|+-FA4YfGn)fTSzmcE9$mtAxsa+9S zVU!xy1?p2en^~)$qklN-%Fu}q`4L)*xb16&X#5q7LZcqW{X(CvHh(j(=E^6`&ct3r z?l-%Yt$Sh|_J^-bPp{<6eQxKly7P&GRO>IIvwu-c>OzR|`m4Qt0GsD3h_Ka2=ciMg z{IduvL3!I}3sF3>-WY$_OTl;Qpqx-XC-s6v zNq|#2`uHORs?4q-Sp8NWGw!$}u>`)(v+wVIdrr{*fgzrgNWWU&roG~-K|TF+3R?S* z*6T}B^9-q3fHk@)B>b3e5_R}!tA0c|H+PEyI}WH4=Z^v`QV38Xc|M303N_YA_u&xv zJKn+vS;GpkTNLXmwqTZ6Xg={b`DtAD4IV$>J9m=&Fv{;o7U2M}^vWMHL#OQRhgx|Y zhKFGGD=q|dUZ}dy3SuK-W&CO?%@99~Jc zpHrY-l#41BcOKF}=Wg2Wd#F#@8511*#eDF|TlEDz6t4QAP@m%JLVJYR@CYNkD^-zf zBZruaNe6t&M#SAPPOfx|!95@v_D_c;Gtx}*uF7y_of|3Je&qi3wM2GeI{JVC;Ffk{~qE0RHR?uea|s^ytp5!w_t7 z4(&-O{F~)|d|DowgV$0s?|;VgXJ&;93^3^z4b^K#ZI~uQJBu?C?I^Q^$AySP<9)v< zIUM(|BZ+?O3S~(A2@eGK`QQrdVN_kp;lT%XgJ`o}hJsE=iQ%J>B(Qh5ADCKFi40Rle{$5;jcjGzJ6 zYKpHY4~Vi(s2QQgTAyFVAzL2D)pN)1bs)rcly8Kx3N&?HL~lY?iO*OlCeb_5!!n{6 zDqB4c5~SBWv%SQEd{W;-Ra@D2OO%wmT$0|kR{vWL;`%BBGZ0WC6%H!^6!uHmXT@Z) zzq4|@b#)h?G$*z}`mUS~W(R2ClaW{OI#3GJw&1m|$F>?7KV~ND#rVv?$t7Z$oJts!A=i%Wdv-~QRW@%raFu-r)rc0H8VQlDF)gK%cgEsBI6!-vvV~KZ||8uGTcB@cthl)M%CQx6S`r{71)T zwGey~9OsWO_tVxVgYzks6`4dkbs!?B0^TM#AqY+5xQy{b`u0nG49S!z7SSd}BRqPo zIR{AJgf7Vv&_~Uws3S5vBI9|$Z-`)0xO3((eezOr)E>|z9g=Ib{bFvqOfVgd?cuu+ z)O{qdH3Pdymjv54Sn_bK_RH1Xek$S|0nAJ`f%HkF8Q<2n-6pQ)qnX{kHFUI0HD||cKqRbluu428K%*}+s9p!zlUPo)g zFDCW~9b3nEG3ZUy)d4AY5a^>?=bYNx{N2Uqkw5aQiE`NXcyH&jj(UQU)bO|v5CVy< z@1!K;uInJc%uQv7z4DCg{!Tj{iwdgn34TOI(|qgwp2XOIO?I8CK*_9#6*^<~M zxafUt3;aAg5P<*c<0pv__EBe5=}m8E%qX^+QM0d$AM5*Fs9;}0dO2JI_t(6l?ae{r z>;gb((#eUqZQciXmhRik(WR}%0rJSjZEG&qeaF^USD;>VwVlI=3HH=qD6C(H#eRqw zt?>Pit}M$9nV5ghR~l`%Bl!eT9W;^IgO)|9Qq}hX5?C#y2b-}TG1Xl4J&%-QvzCvm z)a@(ONgChK4yR(l{aNvAd@|&>>5Cyn|BkjTB4Se8{3O342gK%$2>joV0BlTrK~f4# z2EJ&UVXhL2s%EGGGsFEl?ehn=ntl7Q$9n@5m0n>$|4xVdU@--oEtFFv)ZJIDB@dgUIa}$>0@6F&vLaEeB}*fj1>a}c zw1Tx_3Q5qM|87U%Z%z0nzIr*ndZ#9p{ELFRhMmF2?ZSGFW_fV6Dbs_1uvV$E?> zxAz_;miy3QC@X}%;1jn3ot$LES+@kjsDoL9 z5EjtVczkUz5o0z~x$oEeNOix9yxop|3xjA_e;aXgzOAmJ(BFQuH>zpBj|b=G$GPXe z<9>{HwX&RXRPs~c*>G`xIXJhU#Ds@#-?sOHfFhr(6jJ^WGFZ{Of5G>*oyK?b=+Ch8 zeDa%=P={TXcAuL&7pOoArfkewR4?uR;H7;A?n8yI%R?^7MN;11wPjqi6cO?{-GVo_ zdiCJF#-C?%P(QqH-f5qs8wb{gC?<-$wYcy?9Up_9obG5<_m{G>xyb{IGsH8G6&#+! zYrm#kGbDMRFL!C#?@7&HLk|)(AK?X0DRPn(9jl4p%cR<9XdtG0mLhr4-R!Yx?t7wg z|0XBn%D}Ny&m~x)y6UFx`wr<7KNP62gu^vquW|?r=3KD&`Qa<*5c)$~a z{60fEzY0^OC?P?$jOJ+UU-!=&?FY-?s|)iL_+CoSKlv;Uyf@OFfrPANKfkG0f}5B% z+rJe8J;hy7zq4t5w}XVQdyrO`YO{42BL6#9W5ex zhWlpx;#tWSQ+QkP)^|^3xDla?($jy1PW*<#tdQO*YM37`xG5c+xjWER&fuqFq1(|J z(7RTMzxR~*IN>(lJj&QRHHJdmj3wAdn6nuB6exu7V8c%Z#pTby_|e~#Q72&gUIYN= z99>UWjuQfce+IkFg95(MQaL=zT+c>AZw5!bhY^ju=pk2Zqay@;h;5E>8HmTz(Z4Sw zA?91hWpKI)R>Z1+so*#_X*gwOa%RD|tNJ5DI@t}4m;EAPvo_y^1ZtqKXfFwJJ_+UbtqLH^FAg^W#%e{#Lns4NPZGx_lj8ai@U4ln#O4|mOx`YhtvEg5vx4e~ly`1?!T26BO_0?ge{YK<7JtQN?v{L^ zbYeg#PotsJ>37BK=#s+gq?^(rv5z%=2c4Y(;(vrBzKLGvo3UI#k^SdTzJ1_%1DKi7{3*Fjr5nn)Nj=rE>B9vievc4{=& zPl>~zBZ4zmM)GN%w0?J;+rQ_rr8_zqu4#mrWncVS!wz1cIrQ58`jecIRaFF(3H_T7p2S)Y*XE`7H5~5wLumFfV_colv15LM;|KI7 za4!Th8rnBZP%qD7GQvIGrH;uFQa{G_WycQiR>_2>pZwZGu5o{X5DXz9d)}_}5H2$; z1SY|K!`69^X}A0#$-ni7wMQ_VO{l)?_HuwXoL2d6l z{9dt03lnqPl)zaIDrywlO5Kd3XtDAn!gXt_>Gl*uMfudOaIpTY5-z_0fkuW>1avcw zg|MLQ)~vAGd=Xy+*4szqiNnK$XPtBh4#tInrK7yx&8T zQR{0DHAjOHucyU=s+xU~=X^g9>vv8!VDkqTg}p%|==Ab6Si|4}Fz6oWTj=T*%ZbzM zbYOwprfaq=y!;HPmcFuwvW(1i>9O`(t~B0s#uw_W}tPyJ8_TSk)qL-z;l3U{3Qc#Ilao z^iSO|ao%rKmQ$)4{r zU$(DiNQzjajl33?0YKFLd^!^D0qX=ToV+-F`^=6Y)%)oFLrTKap7$pXWY_a%;fPDj zvmsXquBD+EkV18~v+jTa8FS3m5b!3(<8OHZdDF50?q)~hh|8!{2f9DmaDolp>G4_U z%UP8bvrnn#SAwNvRXw_I*SuA*2eF$AYh$eTHNfZ2fAGbWH&;gZTW@A6-^WhBp-1L; zzTFj@{DrsX>$eAE?~mS+`+cj=ftr$h@i2&)zc94$W~6&i)2ef2a?`YQSKMQ)BYN~h zI_{^KpBNW2u?s2lJPq(i=Unsby1y|BV;EpGgkIYIgAd5wFrRmAkpwhe@V-Cqghu?d zuk*e~-?ZZxp3T?&J!;dkomiMugU%r0IXD>fc>~3^;m%bBlV0~-k~t04zRHbdgjNl|uN|Fs113+sq_;b`vNJ7mleiDr!?nKg=-=L8(X!gFGYTgl zH{mq!V_G7)yyP;!Wf2m!+*P%?_~^TghGIgSIvNrS_N1p==A7@<4_+mUZ^NzMRRtpR zvtJV)|3CdSb{c@k^jN(^7$!XZ*Hw3FkSSrjoDhwAu>skw2dJ#98EZ*CjDCWPX#d#u z$8KD97b!xV+??q?#oPoJU3HNY$E>Ng`YEt=*Yvs9(@^(KDxJ_gbmWt!n0_|D5Bo_> zpNoVDM<8Bk_ByU83rb}g-f8X#IDrHxs4EQYdIJ3G$obk?e_C7P>wx!AoD_mo8y8VN zyXvo{$8@5IMS?%Fh2h_wa<&Ab*2GKKNOGUIgC3oZ(C=a3)|`+@_NpM0N0-cex=$=* zEWgGVj%Ag43yul&y3fyxOJW>F2d>VGr*|UHZ*QP(sNrod=%}DAZ@<62uIPXs)BV2ML*3LH zQO;zxm;4v&XQW)jo1*yRlrje8G5P~A+Cu_Y9;aj<$zd^64 zK#|iQ*AG5k(bWdQQiFf;Ld|>+}x&txf#_F@xnJe9)ip&oPn?Qcv69Xm~e}K#QM|O;iyta#Hb1r zhE*5^)f)oRftIjBa=j-j9E=)f$lWpY50J1WPq&Asr`FaqH;;+xcYH6nR~er^MMvAH zH^*Jm&9$QY>?><4GtDWiYR*#4$^zMG7S+Q>ygtWJ*^9T7Is|~#ytQ++luzao9e$UJ zBokrpVegah@G83bRb=w@bsK`KN48pdmvShCHpZQbjP?_5N&(h#`qrjpHSWx*z4#) z6%D_Xs zl(5e)&?0}%kN?n-xYG;-{ZX?LAN7C6#WAD;w-f2NP+(*7v5EbnNu0UF}b55hXnyCs(zN z?mj?^v}v0C_Rhw3NcF!R!J@Ce*nDxsepKm`gwRoX|^K52lQA|eJvrpNQEgdzDj1l z%V;6JDqi38Pn_6(9KgK1y6OG4+~j-8{$(IUs2#6`Z`R%;_!@QeTydrXmwapW=?+kT z^f|A7r11-77ct-CDG^qn&P%4#yEMx6g`tGwu^Btb+;PL1Y5dZ-QOg3T(`T87AU~B& z)W_CeNulXq7r^z$IvTQfp6ABP1}bOb76tIX*TM^-8xde^u7gQ zJp=4?V210Da}Lm*_)HLfzSp`Mu`B=@yq?t$w6U-4EdmW& zgUJ8t5y5+v4p+4VTtq7e(3DrII-V-1+T_r=5Jfa4pS$S4BIx51km{X4@ySIkX%>wY^L2HNsldOc)N)*KkT8uCQ_+F$9u_?^LRjrYCDw;)@De-Ww(#%Fwc z96Kh)raZ^2IpVQIvws3L=fzwOYrfph{bw|@a8oN1mY8Jc0CQNVpCa zEo32OcE9bS3yIRp%q%?`Bpdo4kMHoKjbY9MY5CYD#X9J=USBG`7Z1P~!hehVk9%|{ zVK1i`=O7B62_MC$8~b+6Pu!}5KYp0UcIHKt;e<_2lX$rc_wAFTANK&cv{Y!=C{z5t zFQnvx@>&0T_{~EV!q@Q)c#01$Ai zKuAb@-poc{z4Y>E?f9`=qkDM%3bI~2N|9y(+)Rh*3tfp}U+Jf)yt@|M*{zKA>B*cag(876K5{%D=qxu?hRT+{an!V1x_9?EnL7NsOSaj4n_h?eFr} zA5%~#Px-uG#gv!L8Mp9OUki!Pjo*`w{iLmbe!p+#$D;^EKqjg_6Wi`b1R%e?sLp43 z!(8COz*we*OtshU>ys6{B#!e>W!`Q-aaQt+YMrO98~6PNV!$VpJDzYs6)v`lcP~q* z@#mp5$@s%IaFg0ec8b!)qVEzOYT;o%fnO56`PRjDUz4d}uH{vnkp1 zW5n^N0>S}3nU7zJFV#y=EfR5hzo2VyR;uAB&$#-qwBFKrf`n+fZx4^UZ$I}{qU7|; zMgS>GP;)H5s;No20GS25n%sS*i7ER4X`YXje5>~pqQRc6XZ=3%U^IHU9U%Jif#~gF zN{GjPkJaj+ynfl5ZBZ6OO(l%7N3Tj@(h;$4tum2PhRaB`2Vx3mT9BD;#^G{kuKP(P zH^T3XG4MNVzL$ZgHJVa1sv%l=`99hxPKH{IhP(HE0WN#{fqOz#-sVEbZGlo!;y#(@ zM3XSUlla;5$_mOQYPlNvq1ltx*Fii$XSi&&sk}XfOUB5Vbt77C2&gb4UDiKWB^wYj zy&J0 zT|X=I^S@sCd)W<_yRbwJYsT(nM{WxVy$XwWnyOy9g7<5;_&W6!zvB`B+wmOEXCF-W z7A}oxkmbtafQ5up@ze6Oo`e#5_*Tz}cC)>S_s;}+FnHWLF96?X#+ef4>-0uLkWmZ# z37fA!|7z_8<&(1MMtXB3H1*rvsZcO3CP!*rcTGsQ z-t%G6%D*#q3IWjC&`)l?FwqUjb!T)j@u`zX!v_3Eu|oNxONUphri7x1%hr+pHj6TP zeV{_C+STAxfodpj*y_gtTJjW@glF(LFT+J@w&?zXEz~7h>l6eV@1opaF>@xt;JbU5 z^(%h@Gt361ZyK&Y?sxWy{syv4{6=Zgr%-+j6m=U|rlKu74NVtoIA!K}`X*%yLG~kU zl@ia9ChFp76HSTuN(tGV-b<=9U-PGIerdPwV*(r#*Sf!?E*#kLR4!DW;SM|$3q3(ny#mV6 z!g5rc$79uR_wV&PM=d|iBa2IG*DEWXb4OeB_(ScdR!h{%dT;M%A|3dKgYa0+9^a_u z`Cu;SX~~)oZ}W+xmGu?A{R<$Ph7T^!bH2Xd+EoT3*k zkBEHZy~fS{9`&mWjqO+RS#S+rI5!_$UCIa`$SPGVgoZ`8uT&Icw3tXbqO<*b6LvtrGS7W> z*Egc0%zUI5gF<2{JVy_WZao^xek7CXrSz%`Z1dWb#HlYv`0Rx6M6*^4)na9kLkSpE zak;wAf%5fh<3w;=J=727(64vSE-KRXdFH*xtc|CGP;TWPrM5w!>aM!_*zB7SJ?~(8 z%N&U;>P=HFj$0N^xKjM_>%95v7XbNRz&Puj5_8@BsVvaK+v$EUO>&h)LNeI>e(iC0 zTz%hJ@fCom_&Kw|*_LkEU)*Fk z)smO~7amIn!bsZFw7G$Gp(bTm3WaO^Yb!ZFd{L9zmY1T%X!!`zrNOxRk)%C1${Q{h zyAnokWq0!wP3I6&Tk0yKdV7n2Ze!qo`C!;Da^dG1jweXDsllh78dv_w9vm9^6Kbr- z5RFSL83IbQ;NrE6E^^T6meN7b16s&iX{5Br6O~JuEX;E((g@DSKjC?L z>8rKoLuP#re9_(2zRY>oLcu0~U5>{yNrmY!Ow{mwbU+0Qu`@p52r#%82^P|o>u03( zy-6~o*z7x(dB~vP1inzM*Nb43oa^|h%S5$Pk3>lrir4XyAE-ZvjpAsH=TN#uwR`b| zUoUr(_L%p+58J%lC4QFA>sum}cVf*=EO#{nzHG;vkk@*OK^YNy0FeMgv;Lk&_*->9 z7xZh$jg`eo_E4D+6ChVAPhZ$d1iI8c=+M;qJp!PRg-2X;=Y^2p4vTei;w&FO#F6%( z1syxFYuf#1Z$yiy=>8i@`*lAccHX*@y`VUYG>FMl%K3mQnT zIWwN2BRu+Ig=$=S*hG(bc>Qt)H1M-@#&+!>41Kn_czUfjmixBb)kcRpH#0zVy`}cu zsmTcWxer2!exx6@*4(@B_;R-uxZCTo6QBG8rLrlr+Y@V4_y6w8csM;<3`sp9ZslH* z#|Kzamw67nIo`h^GJum1C-4hS%K^H#3EIDkT1r1S&mfN`PGm~PQ~Bc`a3k8+dQJMi zn5I@U?J4--#Y+dquymTC>h}C#26aqE400uqkw_jj3m$~o_lO&HRV+ZVwqJXB%m;Td zi_;(c;Q3d(5K;K9(ak*6ME&{185`Sl@;WTlaMxTaf;!ao!v7jLpP?ipS{ua%P_f3x zILQPMTN0frUC_GA`opNTrScZ{Eq6_g9#E~I>&>m zzqprT-e=ODZl^+L0o@4+z_DQrp6>6)&k>^*-+li;I8WH^j`I{w%AUlwaEd$^sLCtH zjGm(|=3jERukrm^`|aDcmB?~8e;r*-A2U-D&xXC6>ccjj2)c(Kj5WhvyjSp|&c5C0 ztGoo+ZG}SO^@if+8askU-0Bk6QoSucB@h};)SoOO{qcKNyJo>V3B;J-sD1s%8M0DE zmsf=h5-tT=QAfLT(_wT;!e=G((jJmy9pJHVkOE&ODgG&_%7fn;+#1)}wvJ`14 zkBgW1Xo}5AL9lQ5u zVeti?JL?>f-9Iwvi0Aix0=nf0xS)(7VmS-Ko zA9Pr7DyOg|p0CwL!>*e{R(Gz{26>;WPkNT#7c!O7#ImpV;1oB)I@|(_FrZhluP1xP z-vv>g?(iywEF;4m5%JB%!L}|(z>hYIPu=SF$2GA8Mdlv$Vtxu@*{>uc$nkft{f_H1 z3h(EaS`cU0@+q44>EEx){d&Aaz-65#%e^3gQI1jw1V^p`IBM`AX%l+LK8BwRS{*%{ zOD-%hd&z5}1I25PSZ28A-3Q)hMf+>{x@|v_>XOnwe47trc9^|(#3?E+0zKTwv$>dPs`(}>iUisU5+b?d< zr|JoKLFn6_`or+RFv6qO=O{qP?$YuE{RtgKj$fVfG5z+Z!$ef6h4ct3jUoEUy}pxAh%_=!-@CSlsYvkp#%4a4@^ z=fvSGnCTjbdq%B4%NB_E)Lb=9d_|T-vEe(@I+prAV(2Z7Ps;8!;~YY=1(w~ST-OI# zf{gEXA9T9kqhtnb+|*OzCSKX^&x32`CR6t0thpPG!el$nwJJj+S*s%^E1be3J1|96 zL#Z|__56G9r^n987t{tD2`;XJAke;0pdghdb|2wLalW|UM0hte?{jZZq=!uFe!m#( z9TEVvGlLknqqnxZOMCYmr1OrRKm8%Rm(cAeLPgdNci3X$VCW7VyKnqLK@R>~A7KXn zteh?}rMf3(J&do{nNs8oqCw<%Q`94G8aEEejkzFELid z84B<^%7Q1f2{>k@`n{{iX`<(sOEU{?YbnFAF*Wy^KT++v=H9KS*FibaEgkp+1XmxX z_C!n#CRO<5WOA$S=J`zG0Gb95r}>TFm)>&4o~66-HD1ql{ks=* z+zjqAzoEvV@2T&EG6_XwCG?_QUgg_gpgQ}cKQ9TyXJzv2sM+ziLGOG}+|vqI=18og zTlJHI^ipR_P7*9{ULYE;GY{rCT5TvhTk`tpJ)_h6{$T(x(;?HTcyiMSr zNxVc9$iGOWUs=U|sIP4f=K!)(SZohjN=URuIj^+7NevG3k>X1Wzn89Ast?K;t`@$F zA-eP&tY8N43Lx3?V&XU3K2Fv-XdDm2!-%XoXxscoyyN#T!D_uHBu~Cj=!pA@BEf{8 zw-_4BC?CP8`fc-fKAOGb=3&J^cF`=KRqHj~w78zQ%17~`_MN|W=K5q)q~hAUwEFm< zKnr{Mb>GWCA%4s`Rb(19x=;S-CgD#%Kf)kBbGu7| zGKuE-v>$7$#-q}Lh*PksyL~IP%ia@Ulle%jO%|W4OV>RIz2gM7zSyid@3M!E5l_toX_ zJE56fLC@qV0G$1ogM$*#AN(^Mw;r4Es4t${XQvn82Wk@C?DI+65nc7=0sNc)L!5>0 z@bQ1<8hj4J^wS{C?M@#q+$akMfx<0E-4(K}J;7SqUP)UhfF5;(P=G6zzN&l^BJfgZ zN~R&~?N9mj*&zHSLJF@Ke(0lu?#dkF{if;hQm3DLegn)zP5QObmKn}8p2Imeb0;RTF$(OfNAv*V>HZOCuHma zuvUL|5KZ;6Y6bA<7YsJM64O{=PA~PLwLg2iby$0#$58VK)_ec=VuP=)heE_CM9?hx zu*~VtG-|YkdnYSe=1iz6f1?k9nSVsfB!ts1BRrYCv*TMo+a!lHhMpA`5;5m<*NBR0a+Y~zv{XVq4^cjF;EHbW6mqco6WoI_O@TB>uf#5mDSe%>}BL_H^T9b^-=A*vdR27WX9y~f-gc4yJTYAUncT7G;9vPE-2Bdhe^)+ z^V~H$g*y=VSKWuB^P=)f4!0g7KbqF>^qBfMh4}XJa68++OlTmTPDUQ*6c2J(nFC=g zE5>jA{)#(eNjsku;vl~G$f%o0YVbxG^71$sNC-nI?noYT(#M1mHzQA{_eS(9`lpzo ziY6N#k@FE#ReYKT0o+eiMW0?H^)m?bU}fEwIY++wEq5NZnn zZ=!)j>>fO4VN#34dM3CoQy$G=*l&%$5G$UNg}FY~dx}a=bJz6zzCzN8(%3;d-d~YA zxt_qC_VM>jx=GHcP#o1OXY~h9kmZJNO$S^ZwdO}a9BxyG?|ap1(W>6-hH*llJN7s~IW# z(+jIhDwU`d+qHI(>0eF3^vU%6tJd)2>Hb)O12@NR|2i5Ev9IpPCk0qqigu+@qMXPI z+OT8z60Qj~GhUmLkC{z{1PJMTJz!# zCNCug!~Fwgqfh>|OyobRf64&u8@8A8*_JT{F62)#o`K&~q{Z zPDGuza_S7rkWi8OlC?yJiXh%0kv99YqhHJ4Cm`Ocz9d{q8T!rQ!a+*#`hfrgcKE=; z<@6f^dXIT>RG8dv*VfH0LH!D@*%01>@#OSD;a{uCE9wr1BR~&zH?io@2y5 zbbPEzOLpji;Zz@DVp`#d7P0w12kco!(uDoW5`&UZ=oe3e<4ybi4eba8nPx z-CgtY#)!lpW+;W;l5-ySi?pvFkG&pgFVIUnuJ-qvc6aDv;JI5Kav9+#!CPO7FR+Zq z{YoExZSD{s1q$oOc>XdoFLgy{xO>G|df)HbzHlY2MP4luv8hto_S<=$+-Tn(_bxi%O|`ELQ@T}CLstF7SA&i{P$RLB zptyF!O12Zz6tLy)4~TG<-xEMsXXLm-TDOMbW!3F+Iyl=c5YK9AF*BQ9)whQg1fd|D ze{K$yWmE>y?roe1dw1JWLQ%lC6%Igy`g|k7yNl4$Z}Ej7%=I~aHnW%^`IxsRO>xBA zF$G}k1!te;XU+^BcNvBYxSp`Jv!4(P5_S`n^ZFY{;Nr(yAqQ1phaHTlY1rGu^74GF zB!4w{I4*bz!R?3&#h#N;+;2dGAUQPc?OYa@X#rFWsC7K-cHi2bPp41|ZzC<6Q0pvC z?Nf%hvcolVRl=_SlBPz7rw8oA6j?$D_~@h*$;)R>)1JFCtF?$`oIESkw8U!o6W&xXK*Pm4sny}4BR=4O^ z$HD-@k^PB;x}|9qYExg3nmwWwQqOD;d4qkEkHW6^trz);w1G_P_?L-`gtkL?vd7yW zv=;{7^4;Adj~I5dKDjz^B))7o4ib;Y=VO(R<7m&porgVFPkt+}kb7gjg(QG&WP2^n z=ZD4dI-40q9$vQ9C1I67oou_2UbEtA=>TE6Trvbvgv{`$Zle&CV7>*-J-ZAhvqTf13DD zJ1ysk&_9VWg=&$w{hSDUZ9;S0;-+6AV0M)VrDH924S!#?H{(PL7WWCfX#A%?4lx|O zAp2wA+Ok=W&UI$PrhSFsX+-cWV941%s`1JPjo0&^daoU79Omu3BDH>`nWXcxHfAP%I1#mVUTs7BYr49hV({_an2zVDcQjdm zDbZw~R=nl`qSQnR9_Gs=!Lp60*AYBt{f7#pU?G2`1LzY^PNg9%eI7za?Q-9}o&skU z8%%{e@$RBNps<7?Exa%C`YQb1Nq}L2(xT?M#R55Rv>fd1a&t5F3)Pt)dt=jSof&aY zPMo_o;vd~R&YRMuXIc@aFZ9MP?RPI8J|u8C9Kg;ZGn%e7rcK zh63o5#=OvBSJcMRbRRl-B%H-F=`Fm&-?@M@%R}r(`kS>pnJU*N4I69AUmVb>9i<&iut4f>9;p~o>E@ib@rp4f|(SmkbQB3$RnE2l15y{6!1 z2#y_U0~W6iofU+8iC7pGB~fY#%sL1Y0R#*Kv*$fDy39Rm6zwXU?1t%m0g5M&_k54>dUi0*sE8cV zDuBbXm3jPRj9zj)yLgX!aoV~NS?_8H#*LQ9 zp!M%#K?CrxoiTp|m+?M2>i8<4iiyvh?tL`;+6=$aSe!Fvq@{Mh zzMZotn|lisXtm$tXw8J`^tYo?jceJyQxR~40ge#+#np?0^N6a^IK*?uvf3wko+&18 zsa6m|b|o6Ga(bs|ez4%$wJ{aBQH1*kP{Cl?1G!JLU0glTR;>J{yumO64+>fTGg(rC z=1QwkoKenmB65kXvD*!eyUvVeZCUhBcexqq)!XBqU#@59=Xl|*l!ASzQ(9}Ch|LjR z`p*6SohUEe!i5^V(T=(&_}mY`oAJ&}!)Ot}hTxLRfQ&);1JKiPe#0)iUuFkQY^3v4 z#~qW8c}Ki#pAc`J;HP!(-$3s@&Qj=0O3vT-Ax9RF&|_p1n7v_C@%*92;YF7B&2U zr3IV7Jwei9(J2Jj&}`?~x^GQ;x%>Tz9B)cOU+f;LOVxak?@cy5VYA$XXEzBbl6y?o zo3e-FaBA+d98S0RkY{rPgneX7IuMvs90*4FBR_3|z}6=Ow>dYk#L@T{5Pj#G5diu@ zyy>Ka|GAz?2veUZh|vfoIXli_opJD?ywUJ}f_w*$zn&_)Hu?(&7?nmJRB?|3JbICH zMIG)5)T?g@6{+ORq;NeGtl|U^Fu*hSxwl&Xr=VQ0X7N2e&;>@Wazfgm4o_BRs`I-{ z(9lsocOsH}-B>>lhwLu#Qmxs1S{d?jtC_xie6Q3epvl`VbdM5A9y872N;*NG-}OXS zqB0sy;`ea31jKPYQwCYRKkj`y4y>y>_N7_FFWiGN7#*v5aaMxM=|?(&am#ckU%h2= z!rRTYk?X^B$JaRn3d(18-^q8GK?}O);zN7#r?rIK-K$e2 z@qUyeLz>}jOoPPvR<_b$fHw^AUZzJ^$%wbe-|xosQzf(py28jW@r7PSY)d6=pV!j^ z5TJQxzuG+U3-1!fGoOsI;yR!4EtMr_PR&0*ZlUYHWom~cM4qrAhGb^Jh9sC2Fm;i_4MKO zzCn)IwZ(QAhY)RmtKNXUSaZMQ)f>Hye_Xd<#=!(5;a~)*hIa=DgnulZ+18>+5QJX| z1OzSxWEI)hJ5dl+kR9RaC-{5L^qFoqTqvrtGBe^+bBp4`gdCpBiE|10BfO1e?O%=2 zBsTjylYv3W5$SNT`Dc%H`k{s8M8czRzS9;bWFwr~?oL8Y8ci|D^M*;3ameHDm>2ufU^3L!;85Y}zh_!*IC)o%{w9AXz2-YA7_LF*&mJ`c>eon(* zQmC(U-g0~nBV({w`u5?DP(|E3y98MYhKh+Lv4${Jty9nWINd^gCH#?~hE(hTxw+$O z`G{URuPaOI@bKIjk#do+#jLa%IR)jm{+-`jJq^OMTU4FT?J(!Avsmz-L{ zy+XN>Fbz!It)iBU)D)#LFQ2B!_S1AA0z}9U6>e{z6M@OLiSgU7F6+kTNnZVwZ)5Qic!++U5#_}Qe?#OTPGIq5VVjXnt2^yO(uh0HUE#zmI}a2* z`3DmEw>^IG0`$=`5awKk$35j=W_Iqr%+J^Q8K@%W@`mH~X|X6*$nyw0+lm%{xkNxX zXidw9S!#qm@^24zx#9d%l;2qeVf0y;v97jFRCwEH_@|E&x{a<$$Cn&Ya|$8Tc+G)g zCTqt$tx}j)b?mLkp0l6k_}&Z8rlbe??=oFKi**|I0_Ko=Z+I?YE&1MNA{`;dd9Q6) zYM3}0-{^h%See6cQFRf(ZTcIKwMw0c;#f&g1Q_h5#J7)C09UXn_Iurv5W;@;VD><^ z!)N_fXo4;v35J0@sXU*rg~zr;#$_YCZZCzq0_Q>5V~$-nMj3?Z&&Qblgzj-@!Iiq# zD>^u-Kfa6?W|g`x77_5qaFTCcICq%Q9yQooc z4vGIteg2IJ1g+FUy)nuvy{M!L(1$R)N4^bAGPIYb76S%H*KcdMrt~QeSMDn$(Vq>a z+E%D+t91^SYVC?touQ=M@mi)D|7n+mc=cDoPNZXP7DFI4l1t*NIZ)$@jYG!Q;{u)l zO!r&o$XedRPSHP8-&&Yl7iTSsrPs=fLjX?%T>@MT&S*4C$POG_1C4!tY0m`u4hJmy z2VeLfbnZv@V00TRv-Y_fh=9 zG+-7fsRuUg{Ga>ugwq%MhE&niTQ!#;x%0x@*+x{E*un3S1$QLL&)I`P7d0*kY~ntY zYC=_Xe+So@7_m0X{w{|!Ps>)EGDZ94Xzi3O0Zj$XFVbM3 z_+U(>Df%ZAeoWE;3@cHQ1cKE_WMw(3>wUnQuHH9 zvF$yU9MN9dV>g|L?PcKO)u8jI2uR>H${$fAaYwN`IQ8J&f(b^zSM>T?g>}DKZ^2v> zG>M~U`0+w$e?@#!LI;gQ5+VIES)WG=3%8DI;iska1*LmNRlhIG*w&>mg#@wlk=oZBb(Q=xXs4fC9Z|OI7 zUtkI8l16k_7H|dAGpgSc_kwAksu;G|hwJ>2-dFG2*OO&~voWSZ_&Vj>-RZB{E7=!v zBr3VwIsoc(gR7u-RVMl}zk+t(+Ui#*Dcqm&Rph;CUe^4kr)rF6nn>DlqwH#55-@aR ze<*0pdzXrk|5=PJM~q3?aLhahQ}KK=%6YifbhGbq#)W^`=ztj8!+6|{BobOidSFMz zYaHE17Sl7lp4IPxu`XP}kw$1LZ2C4K?Pe9`6czjDR!Kj;y9cC5bO8I*9;q*6)M0_Y z+^6ZPw=MU%+{v{D9ZxCL-d7^Lhz<^}I-_e{3 z8T4$RH$R1mOjL|$37f{0BsSaj0m#J0_Q}bO!H8Kt^QJSa_2Co5dQPvySv}jxw84O3 zU$BtQki#$?e{p*Jgy;vLQf6=t&Pxgj$FPYNuDZ=#v)uy?;|L+KvH2>3Gdb{(CfQON z&@LH~*q0J(-ZecYz*PkQ%3cgau*F5)6C`iz zthf$}bsGiTO%LmDa_@JOUxx$626eh!dd|7-;RwIf=o~qZ!3ua5f6*2`C&D~n?$n*I z_iy7*&%?CZ>KU9sQ%1?==SG1SspkW2oDp|>%&cojT*4mPzBN;(ps`n;Zo$M-eldgF+bytiJmKh~kB;HP+Hd88*tj2a@Xza`x9 zKrJ+SmF|w{B>@cN)xdLlpYlL&lh4Oz9RX|#2*@wQyCZD=zyPN|Jg6E1dW|9FQhVIZ zPbWiC$%7)B?q^AmshRNJ0p}!XG+aX;O&>?;2w{Z41P;W0j|DiKki3>mfE;jPV=fS4 zs#W`$4?fkiqV+&E)6M#fnscK2LBLcZ7jJS#ap}8F4+9kq*y!WV8-bE)*fQ_F``Yel zm|+hicke1K*$yIt%J1J9m9g^3LYCiAjZ;9XEywDn>n}T-RT>nL1 z`0`slvomZuGl&za_F1Z6v}~3W%-}^$(}S%?Ijvx9h0WJ~4GLWDp?3t?ID5fHr{_gz zUtmQ!3F@MMOyWgG2lsb*x@~cE*te8AHjN4i!IAFgl2UHIObx#(edEJq2VV<+w!Vz~ z%blxKaBR)uD2R8cUEmg1aMy)~#T+L-x-JLLb2>PSw2;zU(vb4sJ<%0sT4qO;(qeG0 zz4R8)@F1Wg%)IJ-wG=jg#v0Dp#bka%Wp^64mT~~Q=1?eS>@uJ)A5d;+J{SoqC$umbexrbjfd5W&%WGIT?dO6u?$^u(> zhh%NUH!v%A3S;h$>=b?|LtYXJ5^wt(!OnuS?IY1SLvU_XTh-X_2r{l|>+iZKKAOa<{DS*!{o{Fe?|OrpH5;~ixlkXX(I3GO z^q^|5pr^fg^q{W69sLG(X+GVKf_2E?DoNiOfKDQE%{8-Ku7PZpShr-T5ZHS~Gj8Ra zVJc}cEHO3T=kp@6l4W=ESM#Id@QX(| zkc~%lb75cJ3rjZGMHd!!V+SU*yhL@p;atWD;UB3E*9|5y!#+y%S*I7$7oNjWFbE{` zyY`JqBj9mPg437$D2xg8U9Yq2z1(L1TUOHBXXpc1@YG1bV|IeLvRhd3%as*FT- z80LMJ?NVd5=Ep@!Oa8brH88X9Yq2zUvf!9;W7t0vQOFWtyh)7&`g^V`8W#flDI9zD zA-Cug&jQleYXU46hHt-`*_^@pVPEOjrL}xOF_RPa?;U(vRKT!0RI`MoXkkC1d#+T7!oM1p2+v9Dn9Z8A1_*K3B~O-^9p^DciDu4-Ki zhSB?gYyEtXY?=G~th2TLX657+&a-~_8RXXqj-wS(-b0}-9`76QvrAGnJN&7g zL`-S&0YdYNmb`bBctrK+lYqmV`hkZ-8w3D(!UDY}xQ`2aq$9pa45O0A*dMfoX?vz| zw)K0MbFk!KTb_OchlO&tM7qgw;teD*{L&f_ZxVLD6n3ey z^)QShoh%%y-+qsnOVfk5>>${ut0Qj{d^(rA{RK363A~bM0Z+3AENSl3-1rA2;2*v75Y9pc0y?_rT)6zKuc(N(fR!{`b&d-@~t=y1i3e z@SE%a`J)d+nW&u8kT1@jZq7q~0%?Vqp1uKSkHdjHAXsWQ0Elel&xQY3v2E zj%Z)l_hXN7Vd)2T(d{2w+y-qj20;DP;cKMi2+i%eeqHlUukR(ja2uMKcp^O9h%K|b zJt!v*zabeLw{WHd`V$iuRw~ObN)qf#pj6EbZ?RB{pMT{ij|+-+{AZag)hGYapC38^ zX|3Go+DG{sOfS=hvw2+S_V(ASMamx^ zFvt@s4Qmvv?!?yLpZ?9tj|*p6db2x3)SlE*7u0#!-^f2Ww65yLdkTi4FcskifmpSs zqM+O)?x38B-=%}CeD{}KY~t?mv7xaz(x&p|_7pU7Wd^>VWjs6ny+F^AUo}1G_eh?d zE;d#);nQ;!0tyS9{eFbEOWqmb9IO<~$;~fI z(e#x4$OOADIXzt-S6V#EM&@<9dx}g=))Vcm%nRwO*QO6?fT4_#4r5D7&I?a4)4cwI zVfldR*@expgw*8{8iA0UFZ-y!?zz9)S0i=Y5aP(w0J}OM10e0jSTamACY2mKS|4gf z;Q7jsjOE<(`!|O_y2@Us{(YD?uUM7QCIsTB8Y9Xv0voS<&1^z&BM|RN5>s3Vwtw9A z6p?+l7JkW#{w{k(5UM_ZNa0cGihmTVXfx8};Zol~aPNCtf60~M?dA#NM+DCicQ}e4 zUcbu`E=9vVy+YY7$1j2TV-lCo5{>!;^@MO?A&aw{GXYtkJLe94x$OSVdOVq9_nP5h zIsdGJ6BCBi>Qy`VG7<(-` z`jBON59p=?r+ZIL{cJb)vQt{Kx`OSvb(k28 z{I!omPjfpoRz_8nl{acCNSNv1mGA{Gh{5;+UDH~ttJjhrXK6(aM>b~0`c-LH>X*8# zza)41WLBK*1MaPAaM8XcUkBVn4-L5Aam}Yy{gRiZ=0LhR9*$PFz-A#Rmy1=Y=p?n* z4{+3Q4ThGJy!(R^sL7}E-LqXIx)n?WZ+e*5b8OKf)sc_8+o93f2TkwKj(Up`o5`9tjV57=xCrFdoqtB>EM{cGmH5vGu_FvCZ7B5Vj@v^p5$Y(EO0U8Xn{q`yD4x|e`f0l#izh22*1s*~&!WpsqRoDd(Q7E>|* zWZC%e~OO2XxOEgouKdLOF0C=0p(x=JxkI+(wa| zaTes`@<1n?Ay-MM9@0#Gr*!*OA?bu`Ws%( zkN{RHSwK}N=%f~^eHV{MPv?V%GWae3>huWp@(zS#}~i} zBB@-))Cd$+tB>ndSGQQ-L-k+?H6bgt*mY7X+W{#A^x!V<4~D#O%3&JikSnP{Q|04 z7&AQx!Xx3l@|==|Ug$=A)g zI|ud}Hc7JX)C)=7N$q=MTjJVgBF>3mF21@vO!{8nYleg}=z;5habxIs8dlgeBp>X_8*&Iw=%?{L zpL&7%?C)=kb+#`Q+VtZdnUE{qatfnQb|+2-wVv}TL7Z~rT0I}`n1m#BheXyv+RqP5 z>4onRs;pkZEIe;ea%eH2&oE20A&#TsZVo6hzW4{Y3BN3PILWXm*emhZ@4a%02aE0( zR_~$Rf_-2yDc^i~Kcqn7$ol-;SIfHmgz^y}^DFwUbg2|;+1+@f%HrJvz> zlA}#vp@!y8RK^zeFxa;q<_-8o0!(6>x>$nQWhRPLFxjQ>($q4VCE@Lz^6r2HcF38KPHtZwZ1$~bQbQLB*O0rF9^c~=Hq2=4oJC7=#Xz;X{^w1;Q)w2W^3^kEE#oC^2TfXE(2Sqo2n z@3R$?4;O6He%G=HyW7y64cr;Sc?Y${-z2)_Byq3>r8(jHeH07jCl_^gCwMyX6ajr4 z!FqTB{?M6w;Q{1T2v0BNkG|j6u_H5MUwt-?GO-M3(W_o8+t}h~qjH`m_p(h1pX|~3 zUJM5aU}*_U_pEK}fC|IeLDSt1gckNlNzh&L%?DbsvViqT$MB8*S|9AFY`*STOF#v} z7wy71jqwTR7b8p)hEs=&eJwo-6CV#1P+9e`I7zky558_`-Uio2>CTr}5B6}z0DVW_ zqwf_QF=*ePKQ6y*M~`c*4e?hReLP96DabdnA zLL(UU&V=r(=^En5DaeR#$~J-vd*;>huxQ*gN4|y3Ab<2O;lf(}PI8vp(!P8K!FdgS zz~sB9u^qlX^L&|YZahcwH># zm7@ijUSG|#RXnl*ROmZu!Et`Cr5Cv_gS(%TR(|9!@DPel4qY@xqqoDL+3=5tv(CUP z;5o-EKA*xEmNWLB_U<-4gQ0;}A1|G{yp|&vsyv}$Ivh>raN@Zh{v0u-GU*%~rqgjf zuRsoC)Nbv6*$m8h* z`iuxueV{s%J5ab84`J&-<-xIxhPyR7My*|H)66ON=!NuWduHCPL0`jLIi99t^$~#| zI6L>U`98$^iU)4%8DmdKt>JH*8bE9; ztdcZpW&nIUN>KYOmz|E;`4a_?n-&U|JD-(XaHyB;JMKTP?=K5ltDjMer$S{VP%PXI zo)j)8HLx9anP zwXsqU_*_BHn^zy5RoMCU!ks-*WfM5-KuLt_w_9NsFiEfvHz@s z(5FADUBai?)Mmc)p08p>Gx@E|RQnCTtR=&NrYFdoW1X_i?sn(fZ}R8rhfpN1Sm*Yr z7XqdaKu@m1RIV(qAX<%HaWIz4JY1Obhvz-;U>cki+3I@Q1j0p29@~Uv0-O)Wz&90o zK&_wX^QkIyOrj{`>+31@LI*Cc`w#Kr;)+YOWUwK%byJPWi1hr>BQSwL#hOo%c)CCnG2bJghFX!r4jH$X<&@eUesia}7q5%2YccCV){et!E0ixNvUJM_&( zTXTL2ET6+RwCma%&%Hqfu418C?Hlq)KPXcHTzd`172wHC4B%yg4+J0$b?o)03l)9@ z9~QO>8Mf_Cu>r#=@;h`s;v9GZyJcLOzNl($nzhu2h8;#}&%Iroi?G)~4@>xkI+^qm zOv<6nnZC5{>yntQBh6A?@4v;Jog_ZIP|?EzBUzTmQaq|io`+k2?Eyz#-_=)R7!sm3 zF}vO{!!A0SknzfA*B!gG^pf$}!bkCLXlVkV>>)^&B)n)!jge-kk|>xc1L67SP^?@w zxrs2S(j+EQUC*&d#UQKvI{R`dFdj;u`-~_@sw3G-etF3$c(H!LL$ig<=3~5wcXIh0 zE#7H(mG)K?I^7`~b zEiblXT&;+$Q)-V>kikY`O1r-`l_%Df2`N$%)9$Fy+u}G z6Yi_rAsC2b%|BXZDRT2l1=}s-w2OVFn}{Sc1XqrWT$nrXb;={!Zp9Al$Y00lD);={ zTIX-o`0g?8jRN#w$ zub>xAYx+seK62eq5Sk-+Ww))5j^fKxM+7U8a-!e-E1c^0y`68=_oeS?N)9__-ia?x zK|}qPQ|qZ1u`H0E7CM{!R*v7Fa)ZkF$?7C<5SaGziBCp>3}$UsjD z$icY4moMJ0S;nP>Y(gjiss!s3R^vT#fz@8U))rt#VG_3aX=Nl86)=v|!GJBt9 zfQUWHy%&L>`#oHL3t{IpXQVEUc^@NW3rj+hF0ej4JGt-pk_cLroAc}I{nFTV@z{ zc1p}cN&PAPdnSbv3zz7VcYWi^AwTa^3VvJhJ-^p!gNHoZ1w~ zR7ghb@6ZAQ{&^UhUlTxE!X4ZYK%A>tZ~ualmLBE(NdIb-yN)ZRL}%{n-In%QpBUaycZHKPQ$bEjBax5{8IyJ=f~mi_$bKxL5UA)lkU`jp){_w$<}t`a|GtbAXB zAh}|*m(gVLYWJ(YUX_C@r3Ccwa|0yNv8S<}lzIQQJabc+4kR7CPmjr4@Jx6fL~b4>2o~#zYp@)cD@9csYHu)oe;s+w2rwKFVg`Dxw z8k8=q$jBD0-<1BM0-s;CLFhRsI_tdjFNKjKJ731$4=LQ@g6E?6#`f)V_$)tV?{@;u_^!iD*13K^ z)Gs2agShT<5Em8U88k;&!Ff6qrf2nQU0-{^3IiuCTIVYRn60T>eAjCzm<3raU(j+9 zF}l{TUDAy2EbJKYw@Bko+jAz^crEf^+csB+ZVEu88?ms`m^dSpKq;aca37 zF6iu@REgk8g5XA$%x*?UM=}(+@pEk9v6dG;QHPn*SwBBS@dFFP*?AP(#t@80HJ$hiDVAf=VcsI{%@@`H%q_Tl zzo>gc4OW-S@2OfRkGWRG9#x;nTGYyOPkh6uDj;G5suQH~4u!AtVG7N_<CEpbrbkDC-b}bI;s5ax1*7+Y} z{`ms#ufCIE4s$+-+NvLkmn-=m7$k+$IEUX%-9{iVi2;>VrhF484N(S!>=oQ5{e48l z)>Q0kqkKiDp|Je!#rZSN-S+`S&1K(C%~GO9J#|Z{=LPkz9`7&;*=22zT6co0)4i0o z*I#5}37`BA&sbhiKD%9Xs;5}-ZQbjnDWuAn?;_yAo)dk^#}E}HJVOl?TO|P^`E~>- z{V&^SU3YzgY*7!Ge6`R;-YFKz!|VBFeeLnLUtcfd9qTPNhUKC0L797^uc=yw3Yn{K z@Pge=*w0Av3VQ(;Mce7Uk0v-r;s4nnv0ctY=ZCBm_i}s`_QQc{xX zG!M?N44FlmnerlStZpSR_;qbs4Dc8ZR5RIi#NS~#C>ksIZYO_H&IG4#$yT>J`wBI zeK{Z`jImt)E?*;r0!T>&q7!-}3W=x^ieV2sdw;t95Yg%bwLWjKrQ?5V^FH{nSWrI%lWgE0VC|yqg7{52q+iG2|S}{z*@>D@dD< z_eD1n_G^#01;@0m<~lyKtMyoLj?9~b_AMO!r4N5Sm-y!(!YTtkF6cKjPHgTUf7^IH zybaszv_t&|IBnRs8Sg)4$YQmq16Yy%$VKc1_XQN?;dej$TScKW!U5|Cg5#z<9}5mX zW{mdJBA6)OwS>4fJ0)KB!+l@n?>YB6*)RAy2dCprn=k;IYbt@L*;#NGZlaN~*b-nh;fIN<8%*Z% z8r3${^>Cj`#;NwQf=Rk8V3%EZA|L3$s2@V68l)=Ax8=SSNI||B`fvAKa>k6H7P4ed z7w`@+7D*xTegZIBe+c#1z$M!tQ0Yk4f&91N4(N^9N0sEAPoOIv8Fmv5M}n)vm-Ua` z;_&zFbmh^^_}GILAJ>B*2bZDx9Pg9>-)tCI#B|W^vss%si*0Sl*WgAmBO-T&Q>A(d zC6(^cI=9dL%pQ5Rc^x@JkWC|C!-AdQTI-37N$)#^Xb8q{om*CfE;xD*+H!WJzjedB z7qMtB)bqKr1FtGGvN5wz@~2iXeze8IXg{8Q3u<|;=SB#teNYM8DiHe@68AXH@ASm> z_`R=4NSU6|FN9{I6jzlD7BcSiSq(1wt`08>SV81u1IyQFzv!;H59fN}ES5=}a&)x5 z44HM2OT}aLkyqt?gxvVIY71wfE0t&2kQsl!;+@dpby3Pp&SmWi>r3hs>X%PVWz5Ls> zKJ535-WuwF{Yo`8?^Qy;$$ ztU@=BZ;NBKWOv-ZQ$}N3Y*gdl5B^N=4Ww4B2pLItIuu^igYWU>D-V9=WQOiIyyS4) zQPOg=Tj$9Ak}Y-RT*0V*-0H=)PbZz{4}cASOEkaRZzV{wxaDF(l$lB^f35eiK!APh z1TYNDnJUzz(iSe9p5&*8S*Fv$gW)g9b=Wkcs*lG#Je*DLwX$+^M322j8pk_^xe&;_ zt{f(uL~?u}WTvbFp*Kl()c*PQk6P|$!o-@&+V_fu8X&;W_*bCV2fzKACO7l(YyoV- zpwNNijaA6JQP6}Pm9QvuI72nTnDVDv5dyth+Jh`_jE&X3n+FNoMlglwrzJ}La#cI0 z70zCFZuhMl!Zg5Uk{4OxTxrL3I zl)m-OuZkVo3XRbs-#q1aISbMlBlxSfY5$&DnDg57+0Phm%`Bw4r5_a3u+MSwvE2e# zyW?L{%-r^~ai#0V_m$OO>wW5#m#N;jq2J+0G9QmuR93v(p?noKI=^1_)q;8|oWcij zniApEdlywY9QO;&x+|#8AF270D`7{`4%au{&eN*xki@VYLuY}hUHc#F3xRw92mqv=a?&2UL> zDE^%H>u5H!IrQ~?9e@?0I0u(``%{X|zvUA}Z3UIm8kMh|HX`qf5B_SX*g1dHZQ}PI z)Z{9SQm&bCxZV!S<@@r!=x4;!PF~OkTt+GPM`b48W<8%H=7(DAt2No}%$*9Bf#um4 z9d8Ox0mF=@vJ0Pn6kQxZqu0|VKEn3dKN0Jh58wUS5u%rTJC4^q{=GHr3K^iUiK#3` zoUJx*qH37oi1>{D1?*d<#@~xxHu4x{7tU!jdryn(_So`z{D7vWzy;XzQ2Y8=2PAWG zKO6mYfvZyu)vD>IhH(GBcI)y3CPYSY-^SNH-fESvwx4vSU4s6B9(iIbPuAson+2mM zz{nG`7-kpQjjad%dJy$A3vVVsv3u4zc_GLq8wZ0n;4?&0>2bJH`e{tmv&c8s=6rp> z-u@5o)CyI4Jd54h0|WW(5mfe&A|2yTlG~i@jTxdCD}?jAgLk=c-CDf~uXyiotwW`_ zucF3*;gn*uvR`%|GOgx|=U837<`#N+e++l;FrhlU7&W_|ffjz79uApo{!kkj)TCqNS`gYv2vb`xbc`j=hJg+E;+Rwbe z%N4Tzh1|@YSe}ff2$bQ%JC{$G7tck7m|ZSo2`ET^hO1Shw);pekL%Jueo|3ITx<{2 zdvUw?5ImCmJ`h&YyKEu@upEKsa%I->9eWH;hFGnjmY<bV- zrZ1F=vgEWT7Gk|sT7(%r7#5HNd9HXS*o3|%jPZ0X6n82qA~oyeugBgM~B=P zPO|ykv#i%k_(pP_a;lHkUQQiXesfC8>;-vk*_G#mzJrHAB6xa{d+v<|jMU^O_#BQ! zG{8EYm|^0eL)j+?_UA$14b;VjEs1@q$0!kiG7Yl#Vb8V5NG$VuW#t=N#tr}eIsx<{ z@Yx_vrFk>7&w)gn7ES}TqyWN4zY{QUcMLchE1={vS*)#w2yr+3|CLya%NH*n& zrN+L#+V@bcp(H$?pd`Ce1AnbeD&UAASm6cJycMP7`Iqn1*LOGbGPZSc7MZr!X_Y7G zqsW~h&hO}HvWiH8AzRpo$*EO#9j08F>1c)1rOK?T(9X#T4X8Y`TfNBw?M&E;+0g72G$%i0z`x?9$A<@TP~ z6Cn}W6i`pT@Z6QH9KnN$y#Io`Y08SVazhS>cwg@I57yx%tWDdb4i1N;dY&Q)uFLqT zzLnPyut=<vs-qf4!Mn{m2ZY! z{+&SwNqs)IC2^^sU98G){IYV4@D8-5vLa~_%f1YT0d;wEhflNI+Bm)65o28U_wU{r zOH1`2=Mi*43n|OWx;(exF`RWS{!YAlh&qz^uoey-5Oz=8hvU*vFBGSmWP4#Sf zbu?O*_Uy?p7_(d4!xnP16MDDdS7BJqZ(z>$tB=WhO?P!qcQ`u!l;uyml1~ zUm>5ge#;`m@A449`C2ll&=T`Y8HcjZnZvKs`U6+BqET?q)-1!65>AKfmPKRTJO|H8 zd{OhqFJl3vlLsgDb#L{)CnPW#?aQqah~FH+O|E_A`u@|FVW~PyFel!7UC!(YI_%jJ zvE=c+X}}bCCQ8a2+~peHI(;UywhH0=16BjoSTYPg_DR@Tx7ZxXSorV@(4!ij}YVaU;>c`^JCkY)onAP+t>Q#DXXmy z*O;#)IdS%g*MMq5hYjU$YJX6q?LkV|GbC+C$k0+Pp?#ml14bkYGwu7MdU;ZJ&-$?hm{5s@)fF_4{J5TEIT~FN(EK!SF0US6JUPBtPYFnI6v8 zin(7vNF~(b$UA=V)|w;#xqGQ%p+yhv8{cI^)N#0!X$Jxy0_8OL>^JH|C4vnM&ok+p8x&zN2Kf_zLbM*|eA`6T(B!1){)^zv5o;^Fq(Kq>P1el&E|K_$E*2GV z0bBp)I2XNoeH5=3si@IcptD^QjNZ<4d4>Xx9zn?5E1@Me-x2~ldCa?_h*xe@Q z{{1Q9XcSf3dV!Sds?*VQS(;a*RlOUX z+4uA{*6m|+?v<@8=K0)*-loIw^kplmKh$6)Y}EHooob|k*6=miV_H>gP0#eV9f`Yb zD*WoTHjxyxO4O-4J!{Yo5BO z*Lc}`6NJO9voVv(CSXvfIa9apZgnW93ESh~#ZLj8Sz=j48ci5tPVk2)|SEiDXAX6&;D*eS_8Aoy%#2iDC+|E2`M zuh?U^G1`W&L~@(cs1DCn>FqamyncPC-D|81^>2>4d5=?_t@OInWvTS_*mrakAOP|4 zol?ERcs>;pFf;wV-ZwtCme92B-79hc-2fyDPY#jCEMXG3XA%r+RqC5Ey26A0`iv=t zkH(>FLHkBkWlQFd>}ly_X7=C}z&_o;mV(}KdMduhx-cUkX>;?3%cLs(p&!(0nG*hK zZ(r$DKeI>)J`7~X*bjf<0+s3-tlX}#uyJ2We99Wim51{~bc1vj4qJCmtyP43j=RNY zDv!Q_hrQ%+VFdc}O5Gz}QPlGjR%-zjH&n#W-{ShMoU3jBT!L~$gu=Z~{2ZqAYJ2We zwv~hTKCVC#`&vPYzWX^Qwm#%dXp)=S9FogapuNCk+;(=s4~SzdWwJc<(1aqvmEp#6 z#r6PwrIMA~kKF!5n(^M3*_RxckL{`7rx0Dd z+_YfE1S7=j;wjg%wwpzAs`r@~KiYig`mqenE zpdL3zBu&6;z!guw+Xx6{@@30{hnfHh;Pxp$KEJ-vqfPe7as_i zu@!`H$T773;HL}p7wtCp8-nVR`F;pPb?RPQ_+=7o$$$oY=U4TeY~s08?WBCoi9uOg zeWH_tc8+~CbLKZVaGOK5VTKjL6S_Y}-RVS5#z&~>JVT0j{`t3S?WHKFWM9lPzPrL_ z<4G{h`7NA}v*`OgLvZ^u>Z0b>sLna1Hlz}>#G6E+i)hC|!Q?aiEyVKUU^ejln$P9u zVg+NIB_R(Qp9y4RqtI8G!S>iKr1)5=+xXBMhg%oEKrbmJiQ8Z7)V6X3QH zjWa9Otky}Ldg#W(&ABYgT`I$V`{4<)h7p}Ft0B|gkH0fdfWLAFcZj_Z5A0HcnbT$y z1tg}&qVxhaKV^3h)tM}4?dAyz5+}ngQz~?0`{aB2RT|9g2~C&zu=hoT@BkQnOs3J> zbC_!OVN`KZ4$Er7*aAmu^%aCDwkY=*kr&zU0#>fo{6j>G6)a(XeP@ljA0VuzjEqkZ zya{*ir+bVldr_fXtn6I9^3EZ@ih8?9>26CSbz8r$o3iCUY~~}1+OnO_TD}aka(vDw zbA}L#*7$bgc9~ET4`SFKR3G9$N7jzm^tr&}9uE^?KwLizrY|@AjQfhuF5m8QbK`a| zY>Cig*TSJ}n0I!}U?ZxO_*)$Afv&!-5@(lkfiHS82~%lr;{MmM{5k}3 z!+^P@_lo-P%XS^1$mPh-78L%GdLOlom>Hk&4~NICVMk#3_@~ee`VqDekn%`j z*|=JK@l$E2C%a&80liFs8*0G81E}elV!^|%Rqv8_Hob-dKkuP4%-EW1(LTkZ`Ftd; za3J8aOteh(Q~GkZ2g0rCBKjHRw$A+###+u7)kdjOm|1;)pr+eo$9+`u#J(k}m9+Jz z758Ls2$e5Q8J|T78po@}MOcNUJDh*t=<_~l;0B+VZ+m}-5Klas;dU7L$$cjtB!joA zmcOkM!m^qKES9}NO4U7s>X#78I|-k*;xvW)^%N2whaH#smsdO~pR#D*3POVbtwsSq zM6quDIZkiQ1(jZY9_Np$Wwyw*JS^3p`BqwY`Yc}D+a3O49;cBf`tchfw?hI-$po8s z98wdRC<)(zY$toneQuf^!0vpm6CagZrvqUri#sTX3t`++g&Oey3HIi|r)+;7;D0%t zZ_22qx|6&YNY~)aquQ8~gNAj;z+sg$>WkK+>5)~*UZ@*_eU?%{-ynz=#^>|%h%Ujt zy*m=*bQr>o_CV_V{=_Q-q|v$Ob%nH}Cj`)jO~^%+{ra(=#s<=6Q`w7^5jcxPsl2~Z0SpfIXF*jQPN^h zQDy+D^ycXNdtYnibZL-O076b?ppGwH_c{*Vpq0sV%dR^9WT5CTd;LHaKK+o*TOCGp zT*}k_1RUh*Y{S$HM~y23PFnoQPR)fpg@HK3muw`pIpaZSmXHcYui*E*tyt*=?kxXG z^L6TQs(V$itE$~05_5qgkD+T3+c4UU}|k(3o&)0>sBJg>2`k-0CIfHFF~F2ed>_=EjZyH*zQc|)&4CEc)!WW zAtBzG#t72W@5#1M4i%)~==udErSpr$<2!1Dy5xULfI?v+`}F(ty2z?ek}UQUGc7n7n3>SfB5>h(8m&OL$IV zZvzTb%oW7X)dHT;gqI2-(y{`uzjg;0H-J zG-@;kiQH?}xbDvT*M0O|lNbGd_>|XZhU?yKksy*)RAe>2P=Vv4>jEd_E>O=4@#-GR z3#$0z*X&{#cvsV8@izSx1xB_+;{!7Q^*Hqtb$gzJN7!4RKhEn!$@)LCy#k`ZZ#L4aA{5OL9r*G0B zACf&KtC-Zi!QV6KQ}I-zj^3O@ZOSKtffcdu6IAo@mz02dYRy&m;Tm7x384A?)dsQX zvJL0_a?XvytoM;npN_WhbzEGI-fD#3puk=A=}xEYGD1nqxAyeKedgu9=bY!l;Jo_FqFuSLN3iQEuVnw| zXulDlThv2+aN0-E2T=0Id&sH}{b$b}>B0aUAhL4Z`mdNR+) zYY)g2NmG&DIgC*uJrdk~I!adujLr0^M0{TVz_@QmT0VI5pE}e)heYtrz=eL0vwDX; zDtyh7#Qk7|fwv5KxW%!b=7tI=H3R5dO$|hndo=kxBSV}|io^?_dn25!?1c5G!-n{n zFXPV_eAeT$dGwa&5rld-j&|&51;L15Q!UgjNP(G>qWc8Pc8%v4+sa#?u)0E6PY-!Z zMb~9L`mqI@L~(qML3mdvgs_59-6gp#v>fen*_~YEdJCZ29i?2E1q)$kKWeCk8xO$i zreutB1Oq~6-FWd?ohFi|Z#D5Hy_(N+jfm__G zhIG6-9nX(b_5*BGdylDTO6<4sqdIkxU;jIn@2r*mAl7J?mb&Mh6L(hD@6kLXXcfeL z?g+mVF;+)9%lQHEh_I#)0`O2y0FCpW>#`?XXX{pN;*klT3?#7JRED?3g?HlKe-n$b zFPY2S-7D>*j_z&v(nlwLkQ=DAo1NTB?j$@J3IdC5gZ)7CMjTaHW{rp!H^jF70159oja@0rPyznY)x7&RF`B(Jp-Q@`HtI6Bf+)rUT@CCZv zoUD?qdb1}DUoCQlJh9Zc?^P28&yTe}aICWi@&>o|Ej+}DdVex~4|`GkV)>lPTQ$SN z653=iD59~8x%yCwFU1D6f=z*Lt5aLKuo1)#RN%g%r`M1Q)NdhGr4(=G8v@hmcyEZ| z?8|;^DRlEX8wk6ksj0IvatLbEb_jBuo<*gy-8w%(VN6pO9`XHYdmiM8C3hvndd_Nr=OjyCVS@+fQevYBe zbu$^?mb@MoMZPA$u_{LC@clk}9-GoVJh#nm-ziu%pkk2WzHYFT5~EGQ%G0UAwg-fd z^Y!XAd`|FeNW2ck>fZ|O3LxF}J^MNU5@T={L-MxzX?1H7)&KK3-lMq?!(SGzfOr=P&f9$z*LvGF~2|TJ6;`*Imq5^ z2@S^`Z9wk#9k8UI4wJ&-PTUUEN!E1r`l&tMeN98MQp(Huy%#G@Z4hE>BFTCC(mTM< zMytbJI(@XEbdtE^Jz=kGu||Y(n>sXy$Kp1WMkh;pKyAC9p$=rYuM3E z4tU;}2Z-Va&n6z!T3?V3RIpfnBdqa|);pC+%x?XHJDQD;NTG6f8V`E_6CIWLJLUWb z#+?K4K$m@s**mZ+?>pw8aDqQyX@xx-m?@j4$Gi4jA*8uz(hv&7cjceH3pRYC?Ea7|;uT`O<7p~% zEV(BuW0QQnN%DmkIfyuc+p|{!7Wb_|;iX7MHQ6d}p(Tdc*S%c1#Al^zOMm?ifR2Ox zMYP|_uPB%ka)&lpq)g@SiY6ol+v!Zx2YTqdP3M>d-M4UBZ7<5$Hf&8>*%+GPiI;ob z58Hc|eL@0?;hvCK*=O;tGUZoXa!IZk`+0t|bM6ym@T|fsYAV6iNaCC2ozG3y?O%8D z{SAOYD!al1(PvB^Q1LG*eVgx4MEi!~UihJE02cK0o1U?z-!)nJ@L8@c97^5emP`?$jpF07mb`UJV6* z#c8hv{w@8YbV_AA-ZyvRq8;HM)Yvm#!0h^jW_4UK^VQf07|qoCK!_ov)_K+U+Skz<8t!fDJuzZ5LUA>)96Ex}Fh$pN2aA?YDj)f{IM@*R=73-TU z+{pGH^ZJ1RfQ^9SBkpmO|2_Jea2$)5;2BQYQWvI%+$%?jh~fqE(@lA`$eSjA(Sf)> z*pxs18uBe0RzKsx(bnoaDsic#w9uctcG9e~zVCmvBafwe`!sYRBceRrMs%YwOCubIt9}lx{8hW z#ekjef}ZOM;7Xi#c^SGy&Di8hAMPy#ANfB&a}5z`jma8N@-0)}zpOAJ8GdQ61n}Xs zM0*eZ{I;XB$DcqwUbW}C;=BD$Z;@1ODWsz=Z~JhLZ=5_>(*%>R1oZ>B6x)u&Jo;Ds z;pA`ev}Z`k&s%2*R;I4U94h?W^BAZ57ff}XGWM&Sej5WrgtDnmMc1XuRg0g$xaB$H zdB{IsAFvfDg5YtIbL_uD0QtlzhU>-Qx6F6p8yN7^lwFQ^{Wy-YJP3SG9yHdml$m8f z1<67rdnkeILb&zE{maGYYcm{w8OsyX0_#dhhs}?$PMn3;zb9C>A(Ddu2?>67r>HPv zzhi6J>CFr*q^vi`6K+U zMZ!r5l!vO^3cu(lKVl*>gxl?YdpaxSC>%*%B5(!D@ieWl>m|?GMj*zG4yv9l)g=C-m}C zVaEWkqK0baN30Ls+?FuJ-giVZAg+*aK+XeX=aqrAdknj9BYc>~zGbc265RS{Wq!n$ zBt#C(q4lE|1GI6!NLnAK+WjFFTF5j%qJQZVyfHuB_pYek`>b3V<_E#d6WoomTHcaG z{KM}ii^mtQ%k6;k^IU~Cl~!xxeV<;aeXno#wJ6lrxV)H;*@QvQ|JX~it;TRz>bneQ z&DO{60bSlKil6`pW6h*+mpA;IFZ=D4kpk`e*zakuEw6rz<|kMC!%tQ!qy5pEw1iWf zID3R!l%1vPi*$a+!KYu>ss;<_P^yqrWMTe(*hlD%f0&bAxU22ELgJG*I_J3IRP{Y% zhN|?t6}ObtpgkOjM-8HFhC9En!|>BC>Oq9z?|qF~%XNO6U!cFn_GvWMLwW@9e_!nT z0-U0|BLO&t$W9npWr^Mj_ z;9YsXP*5j&OI5P(3qQR+jwuv8ZwAp-o>o->#9NN1D&Ba4&~9&*{0SzW+=rz>A7=LBIQK!kIXU+ZK7|8u$jJ%U^LbJGS2!W6lx6M&O>lzZ#Ta8jNv>P4 zaE)C_!jR#rePJr}15U;3Hgf0dfRPr!sV4XoZ`Sq< z53z~_0y9oqFegt`hYvPSq2)OE3v+g^zQe`DvW=r58)ImCYj- zQRg!QUJ#B@fI#87ntp1p4iHl8dRw?stMaG5Z(mk$7zLXWsq_a`OiJh<7qiZi0t93}#*kqj}$E4;l zoRaR+Of#4)A1`;l(7=u+n}AFs-ood zUMCRNH}!Dzwvw0mHZHJqfhocFV!ut!HY)|**-YE9>X9RE3U-T0E0-5pQ8op&`PSTa014eM4y5rM?uH0`RXd(Rui=m_qT%%hA(f z@n_L^+;}>}HX_)5aZz=v$ssT;p5LZ_hFt960@KiRD&SyHoq<|qqd-K``F%cX%CbKi za{Bi#^tN;C=gK#iu8>=JI_OIr5GF}*C(oWZ;L1(r6A&`!&TH8zg3~jH&9Pi{XatCDD9n?b)k2>xWa!)^w|SJ^6d+j;uTpQuy{EjUmb#b9Z!Le%xn)^Y1Rc zeGY#yRU(J*VF@C3A0BC`34}Juc$*xfZB zgw(zYFO);?-?i%t7}9=Ri(c>xgUf^dZEeYJH6o~@g0=>vt*;L3Y#C$uyybN969W2* z=4EOXW|UuC#$OnT4D;gpEM7;MZNc-ym3W`&bUzR9)hX=lLH{n;>7>arrEi`*OtysS z>r2`fLj1@!e-OrEq+1Y2PeT7mgWzJ)R0Mpm^C;#0i3nr0>2xkH-eOhw?e#AVs7W7! ztvK;X+fc@a6?JTL3661Lbf+2>~3Tmd)?@ybg!=-_J)rV!rG1ug9yuoWul)$bJ62DUUC7v`BvdjYeEZMMN=+{g7cq1;J#;CIzL zy0Bv7ZwxF=aU2<(05!{4x1E9*8l3%hJ1{^0d@ZtO;qUBg;i=D|=um!;4vr0*bv@OF zny@MMv-kj>RA=WsFSQ@*^t4z^k@L4;x%*0WmRv{ryn8u)F$z`qbrOnt2q2}Xjx3SZ zTw6v^`w|@5HLZD%ruPTu;)5%QNZKBf!F+vMuWFZR5GkX%OZ^J7I?JFx5QpXDyQ}%l zt7SIk0cQ+pgz^|bf5)N9ru&#_KC)8j8`AE*yQn5O;#(c9X&Z@lKgzfac*T8|DBmZb z+fx6TQOc~#h%LMR4Ew1@SpkpVuL%n^{*52VI=q0hn6PHdP_3ahx+%(Q<>iaa9^SH-BP4l(!XDId$G6c z1xB2{OdBvi+Sf1<6@M0nRCRdLvrljg)m3_(i-_BrK&gA^HK`Fk+#0&cl3_3#FuwaJke*s`zs9`fgLP-wNaj4h>~!n61!~EgX%RN%O`I3{{(6p% zorW*P{MeKpz1G9rX!n?&G^jS6AN(-hWA}O*Te%_5ToBFSzW-0BP4=9Mk~4cQLsPI~fN`&@xYSr*F7ib20qjGa!v{-8A zpZ;v#^;F)1*FLGbhml5(>IV0%RaNlt@gC*m5FYt+ARs%4C*Ag*009=oJuCC0sYdcW z&{>It4#l*r?_71@@qNNE`*V+==PjO-P(j#zv!~$u-_rB!BV$g zNr}&e8hgJ{rzwrCxjpK@(tl%D5%(a&gX(|wjqC<8zA+D#^IWa-pC>N&JqvofrxY+b zoI;BHtb(TT{w>^Ghp1n%mt=oe=wNcpcs@t$FGYAP3jrP3$PDj6{GUiQw92)UZLfyl_u>iXHN(N%y1?dv)1AxTYMlHSDF!+)$f z=N3!_Z)&Z!2kH_0)r=nubbvoK8ewC^-;1%Ylnn|2_HVy$3cz~8{p(gD!ZWDL9Fbi{ zY;Ze%pm%kIlHL)RgY3;t#&UvPZSOulG>=O>UM=t+KHlBfY0JP0;#ntr;75rw4;+v_lI-~XHM|F`!K0l?kP2&Da zK>pYY^eef>A8a`lq4v7Aq0hd|s(oZxW0kMZ*K6&4;VwSX5y>CqkJZ}{#dUUHW*#*5D(a$j1*MJZGeA=9p831mVH+eOdg6Md`o@xGAH z;MGLkTxH{@)IRz8B2;=oXFWt`C!LOc@a4@Xx$5MZ@J{21^9s>Loz+iQ5VK${sbB+d za&Ymef(w&=y3`hJ4|Q->NSNWSuCVr7ni7KoACg@$NJvf)XLUPJBtv@~$QPW&dnlFT z?}^I)wQNJFEcvHG>PQR=GcTu;?UfgByZk|f)jhL+)}zZjv1dF@d3(^sA#<4qPsyC_ zN`6Dw7bz75TzuQV?%y*NUQejO?03F0pki^6^9*kH)OX@^(4!9Ioi2)wJ?uqAX@B-^ z{SP{DU-rwKZa0Bko;5WMI@tiofg^HdZm!G6SYKcWG)Yj=F#R1&O5ytZT;&}-Fz;1J z%*fu4Hgul1Z}#uUsa{RRN2+hFo>vdBdZx?sN%I~JAd=(>GYlY9`_<*AMN{wmD_ z$U~vCv!UQfEimkk%h=_w%!itC%!c+m7ABGMW7V}&|GPJ@_-(`t_;tS!81?Ix_5Eaq zL2kdMskx8i9}^85yzmp`>%$!CyNyfdcYkw9>{NX)@(RMn^WsiWJh>$a`4$TNj=Bg8 zcRp-m8JSSsN?d+h4%$1ULe>>2_5_0a(Ph_!K@dqWn-RMluHu&^D4ypc=E!8m`4n!12YO4?B+;#_dxaS;ecWIMI^%1R6n+FyK-7expKB*J{@h)d?3|A z6;E2dL7%r@<@?;u*s`%P3e5c>uyX?s5wD{UmzTV+qmWumT>C|JUCuzWhs0az8FFO; z`70wTFb?UwoF2zcGFD$w?u#oxzXInAq5}|>NdQ0FB2yR5M{pwC4sm|CH)6^IkLj~Q zkc%w=b(28~ogakcKynxA7&cIxvV+&~ zC37$%ZLl$0`}@Ipgq1{B2T4b_Rgc=pw!Ep}Xh-ieXkRw!>Yf3?57hGwS~3fJuE=Cy zs#v5(@>ckH2^>yazp1JAtZq*B?9l=U zLnyRge*4A>=u+GbKgF;#L;vxem;F(O_NIk0-Y}4@C%$>uv$yBmzH?g&C@^pP|+@&pG()_{BJ#q~_VYm8*dfvOK zvnQ@CPO`OiSq}C+zA=9fD{TD+8Y`aot&)&Wn0EnL4eqa#{RkS#2~P0fO`D&K& z-Al<-`*gc+jBL7Cn1xhs`{()yFSlpAg@ylO_BCh%)qiadQgYNEks3%2>}#DB>LxjZiujI2C0!uS2Sb2;s9A9K+qMw=-^`L90a+;C6ypP=(x_kH zx_6T8rwnbI{aE^1>N(ElD{VamURHnk6`afG^9=_tJcZKo?GOSBE7vRv1cu>xt(4__ z(e>Z*vud_X?kGuV)!Bd~7_+bIX}<~cn>Ul36_fQ{)Gw#6DDczX_NDr1a2Z;TR2~yl ze%aR?GC%FN;O~CVGQ0_%GRka1qJne26=H6N$qRiJ2z7y0PlzAhch%7twZTmHFOZg< z!pY1s+9SP5L*^+D<^p+@^Ap`A%Vmw~`?rX(9|$(jmXiU7`0ycPAz<{^zV+E}gpm7C|L75dbRht>CNpuN zhmnNNig~uwmVP~7g3iNYZ;!Y6!vpL}CoE7&FzCBexc9&ypAc=>TN_ zh@m+3y?upfNzTSc8&*PM-FJ|kQH_@*3X+mM7g;!ZPfchu%sij<0pug+YJxxFkFeA{ zgf!S{3*z&Mo~M(PU@)CUzIi&9EkX3g^Ol)?Zl57Y8avrGNjzsg4egiagl_-_EB*}t zkoF3}VIPn0Q~1{jDNpyu(cSmS>7%gb93{c)#B(6c*9*7r3i}OBfgG4TIFx_4#E>qy z%ypmdXGM;loDBgj18(kZR*2nFnEfA9k85TuccoK|8{GjwZT$)5{d|}Puus{W7`7Ad zu^^sWv0$2T;_k4Ee4ZX@&}abV4Db*GjjMVaY9rB+ozcl;K+RO8iYWvlFL2>vHA|0H z7Co0#jw^6=>~T^<=q&FydF6Fe8&di6B8d1lJSpCYNst**>tQU`$gnr|VB!Xwb{55w zhQ;LQ%*XGmW22P4`RKo$7E&`u>A{TQ_#rzjxnC?ith63Q^c6;5hR1E9CcEEXtcSW5 z4I2quiAldUv}X-DdI5+WFXjh|j08Ze`D5Szie8m`Voz3brzG#KY56AFH-j|r1%io}L{O+na1oTNEhrSU1|;uR>(11_i*pSw z>|WR1&hHTaVH7_}&(Pjd`TSgy9!wJB_YAD~Aj+wG`Z48u*q&MyVRsO;Q&j3WeO;I@ zR)UFoCAj-U4|4Osy){OW&VBC<47~TaO%_MFpqP}6fwi(!qG98zs~^Z~-fSEhhr>?M zAJ$%bz^Rv8Nh+#8=Hv3K-<7hT)KkY7v1bzEH=FREt_I(p<^AE|h7$IPi)P*2eYfy2 zE7pC-@(=FI@Z=z*ti;~)fP_6+Q>{X8$f<|diuQ)9<@x%&tFV58UfT&Pz2E_=tWUWI zg2(4xcB0z|{m~~+CyH7&l;VG3D$#|pr_;IgnA82*Bz0XK%Jm!OW-g%l94NTkW(3gV z=iGaNai&}0^E_v0`uyp<-C#7idAn&FBpe!N)+y=m1ZCCQuOC;6CE2t@s109|nR+D( zg}0%<#EEc9a)nPls@YC0685E*4}~Wy$HNXpVs@yA#Q)TI7~HHZpmg~I{hTRt-9F;@ z@`s&T*kGl1gv@--xE!=`lWs1n@mpPOW%iE(+K-82dze%3Lo7*wxqTF6S0?=H`g7@6|5U+qYNCa@177DoX^PilIU-?ks>4zIQ5B9PZV0lDum{lM?=|9lEq zc9~d;rc3R#5Gn-`t>$5#DUGPf&LpMxLRHdK!)V2oA};N361gJ6&YhI0;VnjGA<`lkxGRQj!i{c&VFwQGkczRP-bH_IhXN z%RHF)&1SKuykLFH;W0BB@d-?MtUM=Y4)Y zy&;9=kyfP~5*y)U9Dg=?D9d4qU(bC*FenZ)m-gIG1w97qq@V5E%Ie96&JliXhR}uZ z%KfRQJTPibxAW}?Nu7OVe2=Ou=x|j$ToiehFd*#jGt!QIAYX~8cIZ!fmlUcP4+X&j zV?`*`;5?n?deEd4igyGt5;7k|ID!;t|Mej62fwqt4sU^F*unfUrw`B=ek^JO@s;-K zE4pFh6|4;Ve$Xj>W2g^zuVGS^D+O%Eeq?c;t%ZJRJq>E+sW@ zHJpZv*~s48e6of*@>E2UP9VH1;>g$B0e_0CJMs1P1wd>3nV~DPu|i5!GGk%&`1t!F zVtk_$M_iPd zQ>{&$Y;ABF@-=h}FbdPA9A`H-MCcNf!S~{0t5%R!QFk$F<10qt(G8ROy^Q;6KELTi zVT+M7lJATw6cqRQY3cDcF}Fxq(vEI6`4`48u$%egw=Q6m-d~avQ=dxoQtNk0bG;;= z1)4n52xlc;hZOr@Oi%)lbY(ami6GqeC5^`T1O>G^tkAK7X2{vX7#0V3cm6 zAwP$7cCY%Spjuzb3Dpot)zUDTj&$t*Hj`xLiIlRdMh#FmBTxMc_z!nC zK9(wo=x|^B&r7|=c&LON4>K|JqP7J_e&87U{>E>ylEk!m&`_pUaL{6(8YemJ=sL;8 zKeVSY!2REYu}{Kb87aAV&~*fHVxi`6d=+1v^_R3%PP0yV) z0~0w3g6m)M$%I3x!2_VRypp2X9w@`IM0a30+3XnHPZF{%pNZoue=&*XSZFhAlW1by z*)6H|GlkXR2?MugFCmeS$)YLLW8^2dKNx(!5*#2*+`JYTI^lC9)k|glCEiSU)j7|@ zyTgS!X+XeDk6d5R*XP8+`@OY(Vq*U6eTD};kgPJC<==eVZYw6M!y}92jkGS-DiiAjnmC-#5R_yDvha&q5C!k3 z@!i*G{`J%M>+pvGJd9*(+FaakB7B;ZqiefqAL7+8yrEMN`nvXHC}wUcH`mpRaz;@vfl`$0P?KO1ZAk%jUJ6%+d2}vZW zkXxp!djG;k^m-V2;7xz(Q&3b<6y?u(*@CC!XaD=Ate<3dE~M}5C5*>+%%zF^{@{J| zcgDQ4=NDY^>)vM+l52EfpfoP=85GdHuoCyDvg($<@>oE25$|f!4CBy81wmk({3o=m z0(EYuIxYp=WB;tB(5|?CnROjvN7TisWbA6i}8b+N5(I6Yekzil*eDn5CkaSMcQvXb zNyFq%Y1t>wJe2%~F2+^jCx#vMsbYzxJdN)7O96j+q7a^>*)Jni8ZJe--JMz6b*8kl z;L{mNhi)^r!C;=bK-e3y3+Ao|Eqp7)qz8vzB)@A?Km6*LX6Z z)zItgMP!yem>voVKFGqgNu^Vr9lL}K@A<8I{%n7Zi^lvj6;Lu3p}*{|k%#rYs1_DE z6k#OZ$aX*Lp!N%!-M@G03T&{rFPiMH;GWeD7R-!OOD9BH;QUiSd%maoa7PoYt@j`e z9vd}1aP^Np4FFE7)Z4jCUEa8WzASJLwBV!oB)eBhQy*Ku5GnI$(|zDBqGVm$;&Qz~ z+8=D*(w*AlQ5K_malS28d&`OKpP#9;o>b;07KDNXN`6@0h7=(zp9r)l)AEtedPqOtK;AzXjn7O@I< z7hV{O=6-IsBHV0$h9Ub~e>=srrM5K!fcNzpRYy3ycFpzvei?lFx${<_5gp5zd)lM5 zzncVy%hQUWWavXQ1KeskeqJl`(3Why<|~jD^Y*= z+P|wO;v^sD0IiH@LQ22OGKtJR1sLQ63VR#U-@(_1DTL%#(VjH^4l^prc5_`4g zubERtAb)g_je@(cKuhS@N_P5Q?~!iI!z5dV!S2CJV|QL0j;*U6njUOOih$8#@is5- z)9;?3O95Ku6VI#ML+8xRIl*l3#EkgM??l>CiAP%SDfTs1t=xLS!l|ECr%Skv59-w{ zl{gy&UmiT2<=-!`Dpu@cl60NcE_B5k1cHy4@br=}a0)p>uKBZL=;_fAmU7w{a-u-x zJN33{^HTU3+XrO-mABTO9(D$y^$a0*4!`@k`Md^9oWwF(>U)R{Qf=`$VjQ1qdE#b4 zTp$^o2;?-YNURZ?Aon;=Ywq}<#0GfhkO7brmz12E&VzJiDy)7@$;)l%jQL((N5QNH z?ifB}I~!7vS>R-fG79)OxOLUU4V~~#Ay{L@TK=#c<-q*_>D$`zhEUpR9i9+Q7k_e5 zP?jWEGUFT|hcv}B>48XCYXe%#Yt~aF+!UtnD~MSU+j&^`-_z&pYLh-3eFvbQY2w!B z$tO&4;lDoB6i)mJwJXgPUagfts6TE;0~pUI0S4jZ!r#^@nJPM!>vJ$pXdB>@-y&5k zl;J{yGe=z*xN-``PV-X9nXZHt{2Pv|*|@EA8ZAF~87Kawj847}gVZ4s5U8@f^TzZz zwR8+1yx8_dQ~drsDwwvHK5oXsT;+N=fXMgS=UJN@dZu1|;4&}(tjMgB@O=_5`HTLm z*}tCEK9fv2BoNpO_hvm-eKDZFhocQ_4#G<_5B%G9*Y+IJ6SVJndF(9n^SS5#9-|7A zOHqfqk&c5uBHI$=F$>rvv5i51fxYy4%*cXWL ze7yGwjeMh@;BYq1;AKD*HX&$aRYv2*TD#M67K#P_)MH|NRWG0$ibCr2eY&4)Pl|&; zV%0$7o=EPZhZ7J+RG2y+_n}(SpuAR9c$7R6A%tGl z7jzoWoL~ZU4(^|XyyGu%VCP?sPyfeyg!Ln!EJCf;o!m)RrYcjO!@5 zPp=byLe+$pdQ@fDd3g|$(O656j!ZwwH)XoFd+npidBKkONKF{HD(cz9T}#JLr3R)t^jHyI%M;R_+j%@P0UsZD!=qw6}uuu$m)K#hVWd0zuCi~1ZsC9 z%h}qU;g1NU^td6aDYKi~llRW~ZHTej))*=)Mc?n9#*9H!dg*ufHe_`9H8M5Uy4RW` z=J#{?={84qw@P|&2n>zqO-Z;smr3F?+6DM~^gjBFhqyam zUuN&o%?DnreIQYKhIw2?7rXl7P3)hSr|f)?Ta)iDQvvBSlSPWnVV`$~i;q<7o@x;` zw#C>hn@GYt-(0DDyF;$+XC_FhBTKT5VKTY1JGTbN^Oq_&H1bIRDhhWEce)-EBnspr z^dN7-_zt(jbP>P4%yh_(YT}B=94;DjqnTBJ==alkbeSwp&xie1r5*5e&cpW@S4}zy z^)d2`7zsPOSM6$wmxZmwqEl9yOV&LG78bIxK!S#;CRXx2=)(A*gW~wVl8Wf%Yr|=H=>z3i3ogA@9XyC8SMo=m;Mb*@XCK~1`Ofaz5P@=El(;3N z(W-T(uCF&7N=&IVyC*~fAQg6jJgv!oPTl09+$r*gGl5QswXcbUw%T{QN@I$$`MND{ zr*J1D>Y8rz)ZmHzswD*;$%Qm)zlRjLl4Jrr`Oncr?^7!}BJ3VG|IVss-e)E5#HPWU ztW7AfCEn&hgd$Gg&Ot_1UEO*No%nvgHQ`%+rRYLP5Mfg?Es5TGz){oMgO;7k>@@iS z>*)|=K)b=uU@s&ZK~?Jd&WniqEthAAlFkE!>(X38_lBgQ_3IsB2{+oaiGZ*DihG|! z+xX!h>#coM=d<~fgZ$XqLi#QV)6x7bMq<;O@U=x-^^D!=LB(nvjcm^)*BApx3lsmw+TJF$wP|3wMX; z@ymz`NSv|he+xZH`YC(~S46;_JMZ;14~r2w#uB09g)IPr&ds}x>s|Wu-`BQ(MN+o@K|BN|}j(3PLeB$s#%;CNCWKzbt)rC_6 zU+;k{DDK*r=g*=XdghB3!-41Xb092xA;haQ_xdORJ-y}ZezEbbZn?(E@=-pn;6jkb z3)vvvevnRD_m|eaDKblw6SM9cuR#CIHWQp<=!#7HF-Nmisa-5%M` zGxoyUlf7g0S##}8c_EqrPv@35qPZyLbiaew{c+_J7hfLN>#w`Yck%FCo)O>O5GOw9 z*JQ7|Mh$n5e{^^JC2#6;-=`Pm3xvH-pwjg| zQTL&+E%hISy)fV8lG>`*2sZk&e?R0-_+nICpE!dfpEtiPU2}oE{?fPfh+>vKl{gp@ zI~_ELE*^I_B|6407ERYK9U2eg{j>CWdEkzCRJb+TuPg1fCE~I!7EIHgo2&X6$r;sM zIB@LaVxiQ&NM^AbBJ$omCca*CCVH9Hu&(0i`>bRVa+kP~As|o1GZy&|I;CZZlXE+?UR7ieKa*rwZxz-;XCXh31zB0o( z($#&bQ#bcyq?BrwZv$m!^&4A`>iPx19+ANP=T*rrS_gWY@%t-Fokcku0X^f!?lBI zTYAJRbw}Y$+8<7Mz#A)mR{Wee4flkPLUB84h9el0YVeaB7Hbx|vL|NslxlASfrH46 z*so~h71%JO5>bUP4G{?kYW`de)M&z#p&5d%_%(h(SXlOiz6u#rI?cFWdNNPHZ+QNG zpN=mAVbM&pmcA6wj04eMA$>FR{aBhjdowHX{2iBT!#@Ba2?9~Ghfv_uuWe#HhMlO4 zY~KeRDQTAw z+Is^fhNUitppM5x0c*bsIcoR6N@JN3`t=Am2K?LSyBW)9cc=Lw%@yFL^JB@;vzT}{ zlN+Y|OLttFFWX9>Qyq-C_U;8gUOwNGetClfemO0V)LKrZ=3ZazU|kQ4=b)UF)6E}K zBM$CHI^6t0AgXQpjoa^B4qlp zsm58f^#l3U_pGdsDxcVi#mi>yTGas0DbE6JQ2KQrSqx^~b&)FC3V|=JS zLE~}3dXGENlVIXX;!H}_pot9VDnHNT$np*DM`>SMDDLxoQo{amL)f*Iz-9qV)ScZ6 zPS$*Ak$q9++rW3o(d)LKrP8adDiAK5%dquk>kk^l~TW0P; zBlm3}|DsN507UaMbtk_GCR86OSr0MVKl-#ELcjhhV*K*i?~*w=j4HVGxR0N3y=+&g z8E_Lz*xWq~I4x4vlGzG@1OEBpwC;K0vEAs=^K!{pm%=a%S?C)W`eV(mlV*4l!PsAB znp5u2$J_!q&Ir;>zve5(WGb=xCrh2%dA+ggmu%jNo!a-}5D`zxC65igA6{u_ zUfQ6a^yF|*C-+)(_c>m_Ylc9?GZs1%SXCwHfq1A~4uYFHQ$}*cA3)-8aiSed9PBObOchy-(U1&&c%&e5Fm{&&ez_i&(ibw8Sqs*0yJ_t z$gfts-)9cjGd6kE1uO#mi*QXY7G*XvgK5IAb9D00iujnp{dkID+G5v!j>ql$Jo+~5 zx6|SACWmM6)Q|~6f9`q?{L@?kJo4Q%J^Ai$_f^W3OH%@d%iRBC)vD6zw-#Jv(q13~ zwl)_7(^f)xJ#QIjPyo#6?}-hLEvuKcjqR1V6o%XBtmfUj>Gp%sA*p83#+JBK$|~NU zF9(Ug1pBPQ&pAL%3by96f=cIt1I9&m;arUG?Q;c%HQS<0!yPJMznH%pCyPgRqMj-T z=OOm$oyQuf#;%2*>A$n@s5kTtAs9HE_qzsVwXD}|fsBsR9w9Tjh|Ud;=Ne;Qmr0v; zC|a8@=$9NfGF7EFSD&&cjP-}I4}KM+;`Tj~A3(mSkG>b{d2(34##=AAqZ)mP?#y!de z?ob}6p7`Kx;yxdrUTWDw(+?snn=pYHGeHG1OWrvUzLwWbDD!eTH2x18FY~uW;^-3* zAL_J*}>ADhV}L1=Z`IDW8lNSuI8LM%!LLp2T=DEK{(xCu$~pV#j8Bp7k|P> zs6A5%8#W`%?cult;R{_|-UOlF#;8(7)fN`Xix={sbEo=pb+`s;%3V`ffe2j3%UNe6 zZEzfu`wp%MiJJFGOueZNw4)YQwI3fUovb#T_g)*E!u))r5ayAmm`y&)oxjx>Y4 zwLkZw;wgW^h7>^TsaQL^ z^2_7Fna+N>u+;ZB$-y>Gvq@T(0I=4Aq919BrSlpXJOW$uhe8Zb$M5uB$)S~RkE~(d zk67A}saH$~1Pr~Kv*v$tanV^YhLxpVq_5!jy!o3B=O8$@)S{g(Fw(;IHUIX&Bk3YG zFM)S{**BOXMo7-q)^*$`hj5G&DN@Dk({N+GB>wP9FEAbTw!Qrj zg!w#-Ftwf9Rpb*!o#i`SJxNL9zfY8dCBtKCCf&Uj%-Jt{60ZBg#>XshPdEN^$$q{_ zKWABCwIHLTcb5q2<)l?E>g@qLaWD8ZPSsMHZYCi?09j^X?+ES>=EO%6v?_pp8w}8q zFF$)V-Xw1y-OI;o$fh2ZqR`;53;sCgB>ET`@)^ZZDI(`P9>x>FIn){3K^~H4Lp%*# zxC5(ol3wHqke%9*pGT2X%HPiz){y-OKfAE#`oK#_n0Y3MF7QKynTBf zkx`(n=;)hMNJmdNta~w#ZT3xOZfo1{(z7!^ou_|4``d)Xz&zaoa-VSar^Wky_xkHa zouu0AjeS%uuD{@PC$od=*0v2=4ouDWzKl0petMTHxT;c-?_(Lck7?5nLxyl^Wk|9K zYPH{wzrh}1c*ps3hLZelI@FiOBS$=L#i_>skTwLzkN7~qLNlCp>$p^*ReHKhFLLb) z)$$ub{DA5B63cn$$|NXlEkrT%=%hF)jSp2Cf`)QKu=+(30k3~w)WvuR#? z#ML;$l6N6j)lz+aC{OvN&9h`qV=d^i@!@1Dm_dO*ipOoW<&aMI`?CM3nlp*)X}@^G z07?sK1rQg#(hIT(Llg5~Z&v`$ml>#@rmoV><36TKgLJM0m6LGWK$DiE7E4vBHQf4A z_9P8O&bn&hi7Ctrx|fP&+&`qsP@B=mG1pet=jMcvZ393Kid`kT`{qfDa4gQTWsUO zMkufDOQ@V6^~^ZAagna^`(=xHAIhowbViI(sRlORTo-4^>3x>7MJ0XKdQ;u&rhq+L zPSR+*o4mmd$=D??G`C7;8S<;CWnb0;5XAuKC|}p^0gDCHz`}#MZxtl9AaVa%+qqb7 zgV3?VcYSu_4;zyaNY}h=8aTY|kvh7GN>FrnMns8xh$?Vr;ajC#wSs<#dlx9M)_^$y zGff5Q0h&ptP2sM*bv6&$_1nYs{X4^KMFqd@$3yjtgOj$&*pvRG=SfEC489ZbH7xZe zcWTl_+{dj~uB_P$s7R$${z%00<@H)g;apNCiz)&GI868i|Jg?6MprpT@O^AhSSgp7)X)v%SBT)Xil#zX8MsuL(4JdHKE>`TG`@{ebnMn+vMAQRP5hFsKUh z=6I0cJ8ZsKt74_D%t>>26u${jVFxWu;itl`Vq0GCLCd?;K@@aM=07zFu&P7(;cU-a zegj%s2aEu3d54!=hRAS5RQPK~LZ!oQ3E~o)eS~v~BDfJ5%?_B=x74g#5u-l;a+;)j z_)uBBSoFL^Zm)dSPUea~CGR?Z3j()|L9)XD4jQ#j@rI)#_q6Z@6)QTOjb znSxbf%3L15jIv4yKnn}s{;k&VSbFv_8Fs;NE}`5-O2lERsZ=YxJ4W35G$=%i3lhuY@1_LmK z!pOpuAt(>Yo{~aH=71qsP-R$impo2t|7O<;ZfynKkp}BR(QnvgA83n;ZyAq<$k0&g zY`++C3-uQ^C-mRvCJ&)~^69>+-S!s$=|rtk_ui6a#S6j|jaM_9LwdZRn|w=johE++ z32N3`@F-bXl{3d+{G2{n%pb;^@ry*<_Dsk;*`oF3V-HEhgPR+^;;aA{lc-=ImG&8t z2Nso?c~5P3X|Htdr7W^@B#lFO;~O2VjnS33AmAsS>F$^`kO6A437+HinK%d9TrLmd zb!3MrJm2?eR!5D2t&d6|ZQX&eVIMx>ag_Jb zY{V;qQTy0OC~QfZvuEEzGBfL|S0I7-Kt1AT=WymHOq4quvaCsC^;|z*hu;sW?jSEN zNvXWg9UyskzPg|k52tD$q4@_N(4L3T^SuDEDw>h!tN**+t(S_qxcx3C1gd_gUeOwUhSA@C0N zz3;1!SzT)GPafb6ryt3&0fM%!Y;+tbbX(DQ6C)_4@GsC89?zU)E{i8|e%^{|sW}@8 z;qzCSH|&@<6n&F>Y!XRT{nCn$?(ircvE3MRvOBNl%Y8uxLeyQBmWcn}4}0fw>&yVUu+6Mx_sq=4R_=)X2!+QFEYO^WSNC(m>b{KdsFqB*jwC<> zc;fKJ&?iL~!A~=QgKr-+*E6*95_!I#H;|s?JVI$B-PnW@I-x1(JK7P`=eAml#b$Rn z5Ub~S(;ifx?Y(BK_Q|y41%2KRSgQR#hyH6xcl?q<6;$mMipmXggP4t$Z)FeZbwJSC zQphLRs5(t;pH#)(@vr_(`x=pDd< zf}5|bLzztx1sfbUFg$EMEIwC++mtovHaHRtIasg8@M3Y{5kZU~RzLcdw<}M_*{P>1 z8K5Eq=tb@crc0X-yOc?6J;wN^G=0iX{kupd-&suMO1XT4rB4X*K=)prgDF>Q4H62# za*70P>1iQIE~Vd+y%!SimvOHWXG?E1BEf2Y{ajstbJXzj+iSMdD~c4ouaF8HXC{A+ z=VAK}&0JA_g+TD)l{B<%+$x)G5CfU2m2DVBsr(54M);R6G6{Hm&IVi%#?Bww#9!01 z{e^jOLW=u$cG*wJs!cpYfd1Fj)Nf6cewDAT9I{iQW>g#e_93T|+%_^=?PA@!rLEV& z7MtG<5uc`vy-hp-f8sLFza9w09K}W6!?m3^cwhm4u1?h0T3@VzHIKOPe(fB_8f$4w zanvm&wQ9e1^rxUMwskYbO6Q`}jhRA4Qj2`L3P7BdFBQwy(@g%tx;4`IA}*7>HxtXF z#uEY!0YLNYZlWQ+{irXLM|P%Ot8n1K4MctrWxOZXLr>m&58=%b;EW}IB^+J69lY`= zL%a3h?yFW-vm=Q&TA0E~QweXxaZ_PorLI2M{X*cN1#<$04p@+&rR5i_Z_rI#iCUwC z!7zgBDV)Ne8f7<`pT;ziFyu-`vR5sz!Ui_-0DYz{dsj8Q6{?M_@TM|;5yBoZA%sAs z=hrudN2AYPsFzVIan$YPY(RTZBvsKGr3GmD^WDD_U04(BCz;knLUzcrXUfZu5P_)t z=s#Y6l)O-{#lb{_@BtxgKw0`6xW0Q)!;48HaOTb{pa+!@@ZkPSVN>^SLG z-;O3Ft>XYt3TC~w4TBPTsWSdL$JZiXHAoYRJ$95A*POJD-;rV*k*%%EZ;I~M43OED z<74W3QXt~eKxav2x83UbPn)s_Hwj$39@Ou`L-0OWr@q>cQYL~Xrxb{(-d9~y08OKL zZjM-8q%deBN_VnBQOBK!O<~&Y1a=_(|XE@5v1u_pmwYdd;k3Q1f4YbqH=bbC;DT zIdouY4{fzdY_E2CK8FS!$-{J&0PlFj|91wHqC7i)7d3lrkm*txACO74Q%K}D_RFW_ z?3jyG@6|zMea3Q-;2AfHzSUkt8Ksl6UjZZiBLrA9RUDCtwDuNDir$*IVa4{@sDHJ^ z1~`bFdEs#{f`)z06}=Owcsm$S?keDTMbIu6d_QPoZ81OZZ&Se1W}5k3UmwNwgp?xM zc7VI3m-4j{S!(Xp+x~>UkiZ0OQtbCEMSq8luW;EBD|vZeEN|D*$8fZlX7b}+t~kE% z=&I`-|9`M0Zy7upe{y^-$R784I#Jb5QQfoP?Q0mWd*JVMf7bn&`i&HZwef%#{I#C) z%LzRX{6sC-{N7#l!gd4(1@I|;oXzSe=fdAcQ;qjU_aWkOFr+icGi9b{2T$7zwey?K^ay*U^W<-h zRF`E;cki-AZu+WSmHiEbBDSI0DV@V!b(7;dghtz0z`mHR4;m&hj_`=Tr`Ebr}x&#d<+KnMCJ@XDE2ktLK*&7W*%Q)!TqbkQa)aLJ&Xnd=PhEX zs^fdo4qs46eTn`CQ%v944{T3&XC~MxvLZ_%phP(%c+4E$m@Gz*m8uo^vMj(WU7ZvO z#5~jvd(Sg(b(#^?)1v==Gt|YAhS~rC{Dv0}7vMlEXlVdje_<79&+$AHIqqrY^_lX5 zJ+4-*p!G>S_v@=2%x_8VH!T4)X8QC$ocigy;{N0#14AWHwGJ(B#HVyOou0~f@>2E@ zz)-44#}6h@^ex{pGU0m;W85{DA{#DA!QLl}K1|nB-|xflF$}8mo+S~2%5|vUoRrha zaF?VB@7H|G!pDAD14_<+6zUUx`g~1#EW;#}#Zo0AjFIC4>9iNg*p<&f*`Z-{03{&o zF8eU@?@vK!dp`mjlwWtT4&g@||FRs;u|Q)$73QIMz}Aa(h$QDS2qsNYIcl7cBEq7P zn2Gm7<;hjWEaH?RkPOT%N0H};{?-)1u^!Gg1hvCQCqP`lgY5UK{HzGy>-J2HH&`6^ zec;*0F#L%pPXr98xnL)9=~~`Y&)%7~!uV!umApWc_?g4QVw) zyx+OMq5KKgH{0UhaNL%ub}o>miv_|#=p++HFZ=*LuZn#Kp0!r|8QC(<{$QS$P@&gP zg}Y>dc9ME|McBNpZlT7R0lrX|yCpq9OBKwVh6pD{BG zl6kM6v21?lVJt3`P{8A`a@bAfgCW5SH*v~5_6cg!7**_g=%WA5kK;eGEW1LVOct*S zfDFYwxxUoLuU^bl{%|~*+am7k-4ofLJa}89Yj?OHV(S$>lF)VDm0jEY=V2XB1J^zi zv9x#=bBN#&jN~9M%iox;Q*_ibq?sE#%+b8h-!jYC+5wWI59p67#)ZfdqurDD6PScdd zppB`0=N=Md(c0`|G=kcCrnV369D#3-N*R&*os%_w+pe6Ujfk1j<@bS;fbMP2p0k)~j4v+(d{*wH3aFT0&sOw_Gm!^mU8&Us<8H z(%h?^1Oi3^=`t1aR9|2j9KHezOu~!t2!jSh>OEY0X;yip&b|dpgYp>VmjucHN9$yC z3*_&!7H{M5*HR3?lo`w@U-sb#KhO(F0h3drMaeQBal#K zFkx*yH9q@#G!U{*`9PCkd}Lxkk%5?@k@|d6kflHD-t@IzMOS6l1!+~UG;a6}YUc5* zD^%Sfca3!>!o<7}y%RFFQ*O0+S?Fe(7>+JZp;7#$!)+`?Fw!*`N)hwl#;HF>vr)as|kUn(dy!Xcf9~&}}cei@nVZmt7RPEp< z$6Gf&aCs^-U$r4hhO#CJwbnMk(T@87`(2Sg6mYzi8JlYLzx{6XUiVc$i*W2PpXjH- z1Gu7^d&>{{e)LPk`K6b_LJIO;*Yd_#g5R*E$)(DY(amSAPUGX$-dmcnBezwxLL_M~ zp~S@Tud)p?&@dWjgxDe=>`LP$4sdb+56XIEX1s&0RWY$W46J|8SN3=tCeP_;VD?^j zFC3+7as$lvW#3;yowPFO-zk!X5vM0CS@4l`o`mv`dLt_ERQvS%3fV?MnvybUduY4l zz^HOMHOJ&m*w>54GcXiFWBY?j27uIkFebi|6yCnLW2N&e89sj;nj?QzgjYGt;#KV} z!O(2fRKg&oPoPrGgHtmWw$vI~Is`cRAX*KEbY`CG!m1C3LWZpsA1@EOs0mnLn}00( zkLF4ua2VZK0M)<;_-z8}(b9=TCO6P~xm(>Cmd8Go$3gsq=inoS%J*g^8DH9?d2c?~ zMC00Ao93CHhhsY*J(|}qT9TZkjx$e)rA&&Ok<3j&MV!-*UkFH6e}2(wkq|lVubOZ7 zIigx7YCjb%rnBF0i*6WO5!JT;#Y}XTthI762@flZbe?|rwz!X+WoTmbW3^&}2KO*~ z@ZP*26cD_75@`y3Yp_#%c>hdjbHk$i5n1tx`JbZ6`EckC)mpytT>8)l7cb~sbCI+d z8bOd3D}6b`ZL2^H34yF36PO6hfxlmXFw^fp`$T7=V6xV%KBDkx|EPWLhGK0Dmui&} zbOb;rD<{y7j5)z7T3$Zh(T#py7$jDWg0s)~A6qG9v2!v4!O!Ha(v1p`nrCx-;90KmS|@nw)+gb$raucfUlp=V;c}GSXic4c?JR_I+b1-I#O7M8x;S zKi0gN8eR`GQ$Jb?+oIKB9%7Fe3v3qc)eZlX-nS=kH26GQKYmP-c$|SHJT)ew))mcO10PY>0tUwL|n9>I2WMxyuy^yHPUs)JS=}KEry>b19OP% zRn`DCk*i?b>3MQSbfwDdXJgD#Mx+b+>vW)-ZJ)+Y&hOg*a;=fq>Ch;W@g|Y?+#s65ieK;~6{hd7<5*qk zs?3cRqd8zI=)>J9=AAB--=45L@w-Ot$9%OumQu|zc)jcEb-%{^bF)(CBkTodaONLq zA+f1Ey&Pyq-Te1ly@l{8Wks8E5e07 z6q@(RBTgZ3KK8}@{*lm4zXv};-#lpYF@9Th-nH2;+6T}N(0eD9G>G8FUI{7bLt4x8 zaw69x(1znjfbR{gA^p(a-Gghk1GWe5>3(cRXMkK+&aaEo_`x``g-eP>_lXew|TJ zW&Ze*xLjv!hjx^@r1yjRv~kl*l6J0|vEBrb>u1ZaMnuhb?+!$Vb!D|EnN#hU!A zbr-$^a@0Q$5?KThVb~kz7op4@JgKLMdWqwDjiU1^m`s_-0?`E6Q8JOXbX(FSZM?dM z{AD$iY}!ZL0Qq!Yb&fM%~aC4=4oRCk`lApgCrpMIWBkFCH?Zz)aLMfP1P?df&( zvV#LZ-0c!QeaUFP0XYUpJ42Ft^tLab9eC3LNxL*eAcS&R7KIK#8k>>})LK@iXN?R~U(B{_1{MX%f|6~NP#o<_;iW0QXm#Lww?JvbgFYR>n% z<#BYM{FJZ^|Cve&6QO~a43~Z8kVRR)^{NrX8`$O~s4RmxCG~<#%r6%Du*Khk`~5jE zz%#5HHz4kVP4BMhfVd-L86ceRJgj=3VJ3(8{8F!17s-JovTgK{2HXZ{Bj*#pWe#BB zE1DS>rc7@t|6UekxYM)aK5o9#=jktx+7a*f#04mX&K-ZNqy{w6i9!RPy~;&K!Et*u zHtY;^%bqYVk}w=0Y}XIu2?7UGucq+&i2&P2RJVVRy{AcqO!mpGrPMEh-`(`|g#!3? z5=25==P{O<{PY7)vr2)qk~Fh(`)3(d_mQ9%`$ip1r=l z`e z9Ghh(#rVN_W5dk|(Zz|tpAcM7JY4}U2EjIev9v?gE=JFvk#$s^OV(n1+k;#(0FM1M zywD~bg7oMz3@xExM8aS6)Qx{2bk`7P_RXI>f8Jm7>-7jeGBjcg%T43V$F)RC?s~Xb zbpYKDe2tbqTn{PqOfMl2hw3m-AtR56pZ&g5`5T>^=es!PZL%wSjCo0YexK*#p7SRS zdR+?AaD1Ij=1*^y7SKe*CpXTV1xmd>gXYkTMXaW=@i9Pt@q`2%9Omg5FC zw~CaK`6|i}&oT?}1#Qen%Xe?ANSAu=nan_r-$_}jA8N#(zJGd*{o@8DsaA4V%1@#; zyTwT0?@wrwp0Bz^NY_vJFzQRM4&x;&Lx)i=s58?JOPk?yKS?LIu3^KWw4bv6y5}6$ zuTXO39J~QpFI;gl9-}&ys{0x8>~XT*nRFL!O*dP&w?$$vNIqy~HmOLmqde^m)DtSC zq<9_9r)QhkzkR&uD|dVf@iSV*@g5|y&BOdf(li1@2FYvZ&rQ|H!iLNZ+Xpys zPRKspkShO08^&Pb8&xEJ_e(2a+913;IPUUD0#T-Y+WgH0EARa?o}P{^#himjxk<~b zzJ$^B9B(fSvLlqe@s`k_H%FmRYb(PQ)`^lRmGyid(UWR&KRlS!Rj>)aKCO!?y0c2W zu`iG+SFe+ZZgl_xUU(5`%B1ub@zo0dlj*R*;gH)Pm_-qTDZ|u z6RRh{us$|r*vMMF{`RsFk`!yAn{IHU3kv1*mbSq`yUW((ny=0RIX5$U8+!Aa;s7|r zRnbISW-%r_d@m5-5c_s{k}E4cv}&HOkSrUw^9#KuiCcQ2)_0(eG+vm%D`3gF5OJ=M zg7BAR)qqx{S9;W5LZ-a%qqJt!O=^I?&_65`H5Y0^MK)ya9h5bsHjGHkA@Lzww|OF4 z3?Jo#<_8Bl3pC|_$cr9A6*ew(Fxo~C&p8vGPlG?s#FW&~dgN2lVq4|`UliwSg}@`( z5T9=EPN9Ag_ED^P{*-qgJ$V`DMYv;A$9j*qi>xZ~t)cP0JPouN;7P8KA5kQa(V;$tWMk4;PiXk7#Bne`FI8T)&0)f_FO4p zQlD>Q7XeAZI_gZ*sZaxieuRz0^D*%`T&~MIrY&0=!gp3Z=HS~4((fVevwQlu1W!Zt zidHpYrOOlm18VBLx&63hmH8Ay`zCqw>jRa)m1|tHx#sh`jqeFKTLV4KYm~Xd{1Qfn zeBH%NIz|K5MBwwafOx_B&3y)A+DserZhT@vzK^!Oz*b-X{7&eSTIm5SLy z7@ZxxL*l25^7u{O;d^#B_j*;b^~}_V*Fc0h8!MJe-9IKy?cGV{qPmt3t#!^p-QagS z!E}P(Yc!tX#XBqd921WNEgGnAr4^b!_M9`;AQjL3zWFFf+%paxoT6S}&Asp?wb%F5 zoR1_s=+zUf3&gVkm5^6Di^=nRK~w|l?_3Xw7^N7EK7^Hh+x|Svs`(Vy+xPS@ALXw* zKu_-*l*a~%1t19XLr2v0?_@Xo)_TrOId6o&_YByFhNUtX2xDyR-JHi`pP0Z4H}g&3 zY=XK?54Zy5uE%UG?Gx)3+50x_CI1|-m1u0+&tvi--WvYZN=hG_&KX*X*Y)#2Rww%G z_sx5C4Tw_M!o%|ty|@?U#2@~4fDo*aYw${`f~|4GLvfJKM_nqI{x`EYdz_aYPw?Fv z1|p2J{Wn*V&mdxV{@#l<0xb#sH$%?pPDnADf<#teV^*whhcS!K=Bm0S^tjc<6L zSi>q;(^~uM&n1p+erZ+zfp9E1-jV@ESiNHhq|6|Tf&wV|RH*`gDDKw!=no&hOb}?F z{RlqfY$NQO=lk+SS>P`{UOcMM5Hv}~KT_&hIX&y}llOgD(3VQiVTFVK;>rSbd6*Me$WXA;h!Y=%1i*z*qx72lPez3i!hB_1Ae85})s%dsSwa zax`hh-hTzE~7bAd=^z-5ZaVI*!swLre*A z3+z+RX*!F>_Kf{=NQhH7?^UY7h(=?b3-@>6CBahb_ZR;qXb_etA&do%5+`o_-FQtT<+8C0X^$ysxf|`{$0tZxC|KUg+4v z=?rjbzdSOxXP-9-@;6WTd7J#o;%I?>W5Jrli*%0IPrJBM&^bebay6-aj`@5J`$};i zX18OX1jQHt{PdQGlo?^a&C2n5exZg3T%{xJGuYf)K;X;$wFt?iNz%LvmrGf=9;y$_ zMnXu))BU+k-{;mQ%tMHy$1N?^3Yi+S{HcN9bWx%%-Eu4|#=kU{Z(|fb4gVGyGD?2F-Q< zb#Jh>gLw`FG!sU*iP(Dw#e5!g{^@FJzVH-}P|febLZIW5mso=!IQ2nX@UYWE`Aq}# zsPM6$l<__tTkv$wX6Dm za0AYop!`0H;QHBbMBE1Vt@S4oIf*QGKF#a)jH@_i(NPdqTWahTX_zPoJ~Qazlr_`q za7d%#f~L!Q;4TJsnS}c<@ozNr}sU=4P1T&>F^AUR@XMoA7Ch?zq^9< z?oq`r4H!uFx|Jep`TocYH&{Z%Vm1WdFlRV8Prgmq9zNUg=JKbff15w|V&x9`!SMWm zP{&`c;~00o%;BiuaWW{&aw?JvqCVE9#g!xIy~84~M(ptm35sB+sstFtxxdkEd1k$2 zsGNgJh$Fq7-Vu+rxu4BpPR*NsiyMmk8o@}QrBmSeA1gb~kJ?vMtIlk-!(WiFurO(M zjShhxYLKr=A=@6u5>3j0%yMUB2{8@ffuG%ZQ~Pa61KNF>=fHJ^Q(7(V+I?P*y^j;C zQt)G`GJ6GKDM&Z(e%D8eT&TUyXsg%0vQ1ZjF0RkTk?pgJCkdYR8t#uY8DZ=vKlDhs z#{AuH=hNZ1CeZYylT2`}Qc~PLrQQ~(TOIkg_d7|oOB=0D)&~bWE~HAXlGdc*Aemt-UgAa%EH3Q z{~iAptn=e-W80Q&xX9Z5sqjv>6S7bx=dFH!l%#nl=Ycu|uv5Ix(#H#SNcanKJz4jA zA`npwq!I_#4|s}gdps#Br5%5XcA2IGc1qw-4xnzC6di(}h!jB29~=4;?#Uzw$n|Z> zGBE1z2Nhx6Rd+CcaAd|>q>j_c-QRMI#Lmm64z8|0R%&D4m!HJwIGwB5GMi$A$2q_|UiMcl)-pMK(;gDY%VlMs9`@A7 zMU+Tq@;xMST|RI#pN=K;zmHx!*fYTqs@$jgUE#6a5oM1ie<%AO8IC6_&B?ti==4P| zN9wa$uX4(utX(N=sqdyL2E`<=@!IK@&@UstCG>Yq)vbh!lYH~*rni+dP$ z1sZ%v9R99d5KnIB@m7B!z7E)>@Xn8T4^r~&F5ilt@M+w4_z^ zKJ$5B9U+{-$Ss}O-tS@9gbD7ABOt)W0hJi|SR=dFE8hm=Mad_nE{+z$;0%uz#!84ERtI0d54d+e8hv0eVf zYXuz)M`3UKtQi5t-J$w|JP9Lk@^b^^)Q zDI4wt*+#J=0v)nME?&80X8a9ZmHFj@-5Bzo_7R@t0HIWH0Y;rlH6LSc?(9t?X?VZi z>PtDo4gK`KVRgKf5PkLng;g(UnK*ZN89FCP5u=CKpOpvX1=P27J>C+v@Kg59|AI?l znF`~4e>0W2M(tmF)Lsp%1Gp%|TE14LO@^yzH1!Bh|Gh;u+qmp%VIp*Q z)>Wg5BkGbjgO=LBAfF`^AIB3BgOdu9h-k&`x!{jNdT#n8clYp7ZywoQ(*PJ5eA)6J z2O_&}$GeqPXJg$8$b!Xdcq%L0x&Ze)ZV^i_IS+ZJPIT z*QNUOy^^@Uim1SVh6&fJ%lBc{3#Tn~lWr2PMNd!=wa`dB9PvT2?>AyG2p8Gqr%V>N-vD~&NsYZRe#EYlHrUc?&i4GvB?rZNCr`Zu--spWX zprG4RWKZ8+c!nLU7bpYrkBZ<-KG)~`Pxn070D)EDssHOdWe|mss@5-_9;@H(B z@*B3Q0=|esbsW*?rr_O!^K!o575_Gc z`XrC?O3JiMnNh#u<==&Ir)M6q#qG{M-yKtOFTZ6Vlm+`^8m?KWRPu{ClOi&IXj?0@ z%#tU`LXfJWE<(U#t5u=ab)39!MvwKMvf;+%mC1Si8r{9YY!mzQ%lkow5WWV5ff`vJ zU|fgT^8OHAxInYGJ`%>fdg#(>^%TyX3Ai({mxp7%#9|Ge!-d@T7yeO(BlpxoD(#_k zH3Vm_OHJ|fRd&6@X({g&WGx=PD{ViAbEQ`?5|^|(apDZRIl+b4@b0!s{M2WaOAHM~o*udlt6p4Kq61A!@YLr(UwqVD4j&+Www zQVH(Ha5^tf4%iGr`X+NQzoxlwz4eJ@4*u{ESs!WujcZ}8IdHU)AGeNLI1R`kbnRVB zoxIq2u&sP=` zSI#ZbN4>UgX`Dt;?*Y)59X3CUXG(vc&I7cxJYvptHML;r7+jFii*Sp8)73@TdDRo6?t5Rzj-@4kq20W+r8)$XnZg?|&{TYb6AWsKr$n!d z(7*B#{8_O7&P-Op<;^|oVu%1lWN-dru z&49#E{W&x;99)9pkoX)8*N+YYLf#jo(iLsExS8YyTW;1Aw|D>wPJ4bO8KenVuORJ- zN|G_2Eu)~Is)xFS9Wfqz#_W{pa%3HgAII$#f%?Sg`J2y|-i&JnGRz$uHLHOAq^(wd zq0FOwFIxGG1VeU|+Y81?uP9It1hSS#5M=x$Rb3Nwhwj2J$LM#fZ!J|7qkja$fvr8% z5uhbYC`fMAYMGDpEx(c$zlIM?7??E9`XhR1Z@NC(g|^=sabI|DUFIeXLZwD(EqvoVNzhRI=Zn2PPkK?SpV>;P`O6(7L%w{*le5Y_z@(IIw_T*x>ob5# zFKqgpZ_ihG3|(nR`>5wq<{F|4zU7D3r?8s6)XO1}#iL|EGEvPqV1u1ZwmtyU9(t{k ztR?Bg0ODPpXMro;(+Az7$9Urko#G&MBAWrg<6O#se5=&{x(w@Hir$x!_u&W^?`$r9 zdq@j;U1dAn33x_RTZ^_f%v0I%K~oY&fhZCY1f1(X+%p-rE2*rFS6Iwx@PJ{+*qsad zyE;$c$}qacqAmlNZrXWrxKdL6qE*%MFSk7^`s~}v!uGtz;FqYp+3o;Yi3r*u{=}hD zoiUmB`!>?giYQPCss;l`9pT_60*L>xKi*G+D7`k2Vb?;5z)7Rbe^yrz6WpRpCd?Nep3*R+ETCT4EAxkU!T>dbJFq5sFc8ziVDp4j+lF=yICix{+8KaEW1Y} zI^trAe!E^fxi3z!b2>!(pnx&y>0#^_d~eF>&oOD-@gx%abIPsBl%p7#{RY$%dIIx6 zc6Z_pll1dLi#X?_-Ef$vy@69!;yH!oV1&OIApAPzn^1NqqcnSN^sh(ji07`KH43GhlGCgUBg%2U2aXypgN}L1Z+4_aG?@096dLU)= zA1-`?2H&5%p>kJ*M#bh5C*Y>^*AJROelV=U>DU65FWxRncxjMRin)AQXSE@M>~%DnoY?3vd{q+k!LtxD)8n+EHvze;ra^6guNITsw`*em z0a`D!f6K^TJmmntt)t$Id;Xfbn<35nebeF(wMToXisLUHzJP4AimPTcH%a%25BDwi z`6K+=D;@Dpaby=h&DJXe2&G}d6O5aAl<4j%JXGCS5dA>oM}1s=tu<1&o0>azpBg)P zge_mlYQ6?H{-BttMli7gnCyNOp@eS1q~PM}r*XJCuV`df`M3=IoSlC1{h0IS>r(L4 zF>Fghik3&f#q%KU1>z`EL0|CM?_E0!74#B^Ju10iNc=Jh${0{>!cp^nq%6CPO$2gQ z@~M?UcG`hOMr7Tfel-M&u58wu8vOubiM&R&$C%E)h*p=X4)E$X2Z!kQ-iYYA&aXG} z(np|@{=P=^1SF=8yGU>q5m&f*xy{7?=Co<{s9v=vcE4ZjHoWA^ZSPmyQ@AuE&75C9 zRZ;Xs``jihBl+9(o?E&{o%XhqSVeaKFRb8|9_V4em&>?=#+TozP+9@IvslkmFpQ2+ zM)H+jjvlNY{PJ@9oSUk*vFFfWqtg!&bIk8OnHR0al$fe z=h+!^@s=8m`%L&Ey1-z{DywF{6=|xW9V7gxX}=;{DZop&L46pNeEU1KCcHHRVe0{_GrKF1wDA&`0N-tVBgG+J}{+^gIWj-aoh!vp(LNhgaxggc`Y$ zg`e~V=>c>P<_vv~y-pZ{jTwJ!Q^>V@a3iicA-q$EPlb{QxjB%o`)-iJT}p7&6?mGZW~kBT`( z=ka-ryB;q#CHZuxUsH1()Ix=N({W!;^77s_$>)#T#8G^)4=T>FSLiz0ulw`VZ^E36 zu6d+b5U+wWH<*;kpRzmw6qCWp){F7y?zl%H6)EFms@Kf}wh6y%nfBC9*<~9BZn-r) zES18R5bCIdl-~mtR1GTG{W{wsxzIBBQm8k##?f%K1$;nHE^%Fw{vd-a~M>G)ZdBq4u* zdW2F<*3~l8b8ww8z4%7pDKZ+u6?7n9U{H~ltt*jrdy!}TdVm@vb%hf_e$_Etpn+zZbGnP`8+h0gWW`6uZiEQJgH{~o_cC9Of*&fY|%(38rXpR3#2%EQ~_xM^t zj+rBVPa7*AJcoRk@7_m8;GQI02(xs@By^pPp1CtgZuG!Vw}Bv7T_T+o@yiPDh#ux7 zj`wH?vM%G<AM=wz84sA>BUp4&;jB|SODR`@uwb3O3z`;K3)sr~_?y5AS59`5trc?ce3czd{Z zd+ggGZU{t1^AUQ42k^aW>izWJ;7JU77Ch3F0QKqq0e5&X=Z4!p|F{<;{piCB5Cg@? zsC#(2fXSWn1ih9|8=_YQ9K`dx1jA0!jcGBE6>ENy8T{?=mXO`^Xg$t3Af_A5mnKH2 z=-l5gii39->2`Q^YU#XwTVzm&4ywtoADl$yIo7*RtHA?Cw^LiCAaaevpKC);r$a9I ztC)OetpdUqUAC%Y=tmAzg1vHr#q8`|l^@oy;nV(gW*F&`%6C7XBO=MOlo%HJ^(kbc z;`Y^WFz)JcVu5=M$XkrmMjbO0zi%B!UyKTHyP>6j$hv0cr-Z$0(A}#1UJ=7;?iKbh zIm@+`Ob0fsfSlrfKL@|^$slWy=kfl%>(G{u5mD#fcwN+I|4E3bMw2)Sjp2^6o%r;! z&*$(1t}cB)vl6!OoK=I8^=(>eJ4Ph^i#v1d{)BB?W4pcY-qkd@3u?lic)3c0<{{7< zlxDeOL}vES`|xLDp65o)ahK8A8NuKqPq)p+2N^Ly^@6N_CokJdjeDeFpi zhx$|4R;#`<>1cgVl5;;lzw?6k)T?eTCSa6MSxrjklDr{CJfDWc@O$&OpD^NMtNr=3 zuL}JfpBuW|7t`C7yZSK)XSQ#)US8bd5;VX(U+?qFVvyJGkOsyJJ!L+(GN+t$p(k_r z(DOAWH2>XWsav}UU8~{E0$|yr&yRtVFCNE_0WHG=`+8(!3f0jfk|X=(gNoK4E*?Ws zi)8HZr>FlQZX5+opW?qIfrQer55nht z*u-l~qJ2wJNRB+n4S)51>EWrz9p%RXT4*;`di9&P9{=p?+kIITHGV$u_)V-_KsWN? zROC-U)$VV~&>EH;zG`uz$S%zGAmhT9T~0E46fhje=YS{@d&$)C8rZrCSKH@#qsgS! zW=TbeZzC-IQ_MLTtP0bed1uOmORQ^i%mmFDE!70;H381eCs&;+THvC#Mr*^*R|Oc#b&L<8t9o zo&0X$i*c01XwQ{Q5!huKhc3x->$yf3g&twHG)1VYw2>YiVpr~Jm>SX|$8 ztsnRYgAVcQ^5tTzGDGp0@2kf^2LPS)B(Y*h7!BM7MZ?q#)ldB<{RkKUfGx^Z7b+5f zYMebW>pf%uKsp{~8MwLIzRbQS7iGm~xDR6WcwIUw7GQuZXerO z4*QNWFK|-NnW3%3t%hrCQfd~mIGWKYU5zm-gr*I6qMET^j2+NagF4}adrBt zQ+^-p2w51@fj{-(-kja}Z@ew&@}_P0^@$7Fy6By@>Q|!om`T6E88XBPMLe~poTt1p z>)VtDNj_xV(#kuSt1n|{L`YwTkj>n!Puh{bdLv)SEVDDw)gIeD#@8H*H1y)!>IU-v zU5^e3xy69=dzq7TV-G>h?EE7KApLR|XsNSyr{ARJz7EO&i<3*1EM`3UUr^WxUxb?5 zz!n+$s`t}z!p+NFH-}7%WdW`Bv*LU3C^oI{bt{Wcmse(sarWBg9|0Qj06Yojn`XPl^76EZj&o)@$gtwK$?SO8;IJnyS8<;nR5%Lx1eoPOSo=1$%KAk;LMKhm zBGo=YClq>&5CH4jT3alrzGF#NbLx5JsswUcbVbQc-SK|GH1&FDse{vFdlpYGXRH%8}lrUlMB8K3cd$A%QONhus^de2+S3;_lALj zs~?QKQ=PksE0;6W4{ts<1}qsz#V@>6@)bEXhk2p0h$XIxaHCf}5w;lAs1BgCJI*OT zjxcX`uFYSc`GeW2KG=KlImf-L`q<2Tl8WGC%NUC4?TPGNe8Tm3V_RJ-4nKN{p8GzJ z_2m%EtY%#C2Nc5kM;N|Ms$!^6zQ<5!Fr%bp#1v1#C9%I5o5 zI-4Y}Cg}CPo(0X#lwGV>xe0m8U-dT93}qLSC=w~y_m01sddWM%;dRv3Q1-gd{vpAh zJBqOoTdw=Y18aq5rg(K4mlFAbq(1qqstgngHWDSy9m!S6))Fb;~IBwGBk`cQAbQF{r*pHx!!8Jv_%a7Wbfy+;M;M~P zW4U<2L<5@d%DF=`a>+tc-;jj5Yq0hca7@71OwlMtLX%chB&#nJMO90!6cZo&K3D-vn&)#ix9cZ6dWLcr_(k`0~_pE<(C4EAW5IV$hAIrIv@*1HOVc=VW7 zE^hmm+|Jjs*eeHo4_pgS-)~OSLOZl6`b8Eu=q>3+5kT@w4$r_qwbxj})GR6b&#i7= zNTvuG$NE84Z<1emh4K8%8x!w5RWRMH^Wa;vk3kCtBo3@w09Ec?B7q`w7z+R=b)fGs z1v#8gzwdNiLBe5+zJMbUjHms+I;;K1(W$%rv^5GTt189`fq$$*{axXkiO(%xhvu&f z_LMsf@b%c{PXQ>KJ z0@DQjOMmWwf(AK{v1u2S931z&Iy`$zRn)wcgqxiQd124tNK2Le%B@4L_IE(`w|jdl z);FRQw7fcR0>AAu!ZcE3xil}|{?U0o4%|~Bl`{}%c@K;b{9(Hn^l)&FH?4nbU9XI+ zQ4~yd@sO=_9Q*17r$M{4NS&_hX}$bP}i^XD3YY(ejfWNNiNg)AW>zgp$skkg1d z5W>)AdhH(Om6(sqS5*FpttRvW#lnOpfDHL;^3BtJP*XwNOL|Kj1Euv^EH}$LPZvm% z;S5~;O*Dw@GBjUE0V@?DJ(JLVICUWwTlERWRD94Pt|^)%$Sj~__5eXoJOyh+@`=7_ z^AnLhi7lclpAyyM#_gXRy`uzJw`IpCiQ46tL4PD8C~TkiR0l~i<39T(e>@(v%M3{1 zw%f3;o5%pfj@LV{vg|=x@(ZtIj+CQVte^erv>N1qaPgKWM>)LRpx);mUb52Y*&YiK05+eD zQ{@0@nB(LPx35uWS=Gv)6Zq#OP2a+m=upkz))hs*jEwdf@A9OtS>pLY-+)Jc)^iwq zh>HTLX?z=1f7~!9MD;4>RLLK`9}n`%K8Eq!_4RlhpaZSVHxQesvbH2i?U7bgN?jE8 zfp*Hen~sDNhB*3fr-!mEe(f`I3hhTcnfrd%e%*p-vMf6K^a}vej%ALvlJ7~aQMG_e zk;w((5ub&S;zLDNa8D~;XG~kMNHPAznL-*z?w0^RiuFMpUr8P-Zxgt`owDw8dRf;W z{L{Lqe}+^m>E{YPLLDAPqTH+?S6HuGhdmQOJn=Smclkzs!W1L9{AdtExbEHoDAV>i z^Nl+S8&H~paeZT?xk~-}*QC9`riwQRgEYt2<5{X(adb!h&+iR(!{WzKzk8@b-+Q9v;R_JC1RoOzCU0)( z`U7SUZ;^?CkQbz`Ts|4dfoLKg;8E9RJh*7YwTA!;pvl6Wsnfl23H5B+^?h=F*W9Hj z&QvyA->dn0F^l}tS6C_w>-f_B$Lj=U>-F-RHBhH_p-;EdI~qmx%1kzHeH7u)f`NUzVluOsS+fo6HEaJ2HZ; z3Rx)?-vg#KDd)eI#0La=z@cZBOHL-dcYUBB&U?Va-zF)4W6y=3fzCFjqPGkGE}YFS z>-_Mfl{R}WBY0TpuV`N7pE)W@w-)I7PynzPX}qs(&$bi{a4>g7{!4DOVgB*}e&(-) zqC%E52bMTNTCO|6 z7%}VAu9)IA9uB5aZdqti)caU3+=z&MAEnWvs?J5)HRSHcfw~cPaP!3^#}0rHwvIyj z!l@|f2q*5eYz`4HKlD(oH#Tckar^v)J0tE36aI<9S19fX7d6h>uaG|<5Nenpv~V_( z4cVA@5vsJU{|aUtdJ5@@fA-2mOGOV*zD;Q0nN%krQt%FFg!??)t^by=`0U!G<*gNX zw0Q&>)llSwKsk)oG8)I2JiMF}+eVuF$m-7U9Hck|De;`bliyEwk6>RGD&G&}b%Unh z{C(RwfsumKbV)vqD3bZn_pWl(BPhJDD!w|4I=ZKQ85SQcBp|B~g+lQP?X8tPk5c$T z+w4nGj&XyLU4L4^XPIop=jLg81&48>fy-;dG0!<1JxhfVGFw_xoxt+K4~pv-OU-`Wr9dJ~Qi6}doK7$>*_ z*Ey&AHbe750ttfIteJ88vXJ|<=lr;&w|IZw%8$7tj?~uv_0rpxGc3=v zanzfG5AlL;!V-eJzyKn)|CoHry?rfmNdf9#$*mOGpA~Fkcaz=Z_{OIClL#-_2Q|@u zS?}cXZGZ|Z&jV&!zBM#Lm7o5KmvC`Fw6lTCUJLN%Qg`_8YVqHRK-699K4ibnqb7D(oKRpQjXO@Vy6FBP1mHlnHDPxk#$*#WCNwR4EfyF?H#$8+R}N|MDAM; zw1+ux^F4zT$5s4tbhKztmpiYrwyzS&weVE7NFP`4qB}IShlKGl4~AU$*t{tV%&0xL5CF>>(HsCGZ9w=NkYabH6ON5cTA9(cFG5QMo$2Vx{M4>!qGn z3xNJ6y2ne@n=~tKl7vE&v=Ow$K*%wdj>9f=hUysfe}+U>yCHdizAh{%032qSs&!&Q z1rn-(-y?}R23mcS)P+dYa(H*c2Y@o-ZW4nNU=6DI`o%wkMRg$LoCqS-YV@6AP@vDr z7rXNv#plJlts^xNeC?8pq4xIKl9dQ1Q4(Jznp*UckDIZ=a?*X>W{gfpA%(hmIyliNcQSb2Lqv8IqN5h?=s^Gr**GKg%n!K7WA>pBBw7W3V z@x#n-I3~H*I+`WPxFsJbZaB<3UgngyPfX(b#WD1rC+^2N_S#q+Bs@m%q0n9S+_s7T8)9GDr>F`KmeqPZUfy_0YM|2vK`!eJ}(0%`IC}iB) zb6j<|4d}V8VF&GnZ~{B}frz?2W|qHieW>!`bM40JYOX1v-5wIP{w2VokCjq=YY(8R zRY?65?Q~79+v6-jpyq7N25B#GB+&DkcYeXc5?b72OY=$_s`daV)h*5su2GY#%*5mQ z{FhEWU?_sJU0=Sqa9N-5wnk(Dnos!c%cy!(3b=gUkuG}_fewc$Nm4a{#`%3d0ENBq zbwymv--mRstu?*2Rm$=_7WOP&bD1dsyjFpd^S5 zF0DN>+U6mCQI6FIHmKqrsU`rxHC6ng72kdWjnQ2NTTvTD+TJIzHv?7?L-H%Dw_5O= zJ529a&mz!_Sx(Q3>X=AiLyof7B-c`ie_C6}>M$|7zq#hgP9l0q6ac`tcW~1Sf(l_! z`KZlTOQZ?vNdQxl4!MRg4^o12D`tt8sJ#sO+>0bP+c=-PEcQ!NJ~XHE3|U4VVkHDP z>o1}Tk45=#)2oghz;3F{J?=L%fEqJkl6EcSx8D`z!p|P0cFgbn@zR0)T*=vMe`5e4 z?-f2I7n^yyI6^$%^^XzyYP@<ko-hrKmJMq4Zu@h6eR;;}W%ulhuC#T;duD(tDI?hka&w7YBj`(AMt+Oq@gYu%z zGtjQj&;8F>8Nx>G?=?AZRIfvp)vhyh@C9lH5%(-oK7U+;_I;ZYlok#?QBE_6)VHm) z`NOf!j*=1fO259;qrg?_*~_WAgZ$FmlcicFNu8J4 z$vWS0$3*qfDPjBwmPy%lS;Th#kgC5|3GQ9wkh*vuH6d_*w`Q80C7Q$dy|(t+r4@oU zEhK##Mm4{65(E|c1(8g#JK6?5g^pd^&)e@&zVvN=iN8MwF)|fU?fnc;GSkXO`Ck0f z(fytCuHe+nSF-Q&x`Tst(b{qZRPT;b@;M`n6HCM6?s-4&gA5;#T5OBNdPc)>oP3MN zzPiDegvK+Rd#N<}WWi?DlDwVmhh$^IX7r2*3T|cwWjl zqoDV3@{4!GW}A}06~e!O+>hNC1NO+gUT0WX`P;lF!VkE@pWw%dS$Ww<_x=?QAL2#I zY%DA;klyx!cIPXR(>i(OX>qQ4XY z*?)wA3Q2XyX1nk8*axTU83*7eh0`F~4J)zq_9)BNAs)q6V0zW5h5TM=FQ(bN>%zI% zg03d*23<;AT-*)6?U!ussB)yA7Izr>5mhByJ}uG=)ePtzmq5{adh)8%J*8x z-s9y6b1Xr|UEKE#M-D57CZ~7DuYB`b>!b-)pMF4brBM2(QfPr@(ms@fEL-bL2*hpv znr7bR1vu)#IL>s~ljsq(TdzT0o2Hoa14isn)&P|f2n)C-W9bd;6SROwR}4L zxjl3rbw2d#9-h27A5Qjp<$3F^jqSPBmtR(9MY+%MCa9Rg<655~jMnPq*$dBDR{L~< z`1IA2wUf{bN_E(tU-5fLbGo>Hcf>ud>Wr@s?RwO3 z;l!RvR;USUK&c2N&>fK2a4$-9x$D``vJG_h>7`vm9i!fl+9#SBe8M{*ENxTEsBk90 z!2}FVoKwKu(y}U-GMZ$#+e(csFy$9TZs8YIms3E!8Do1Bo*fV_eYtnUt5y^43KgdP z)@Ak^;+51BWy#5Wa_(V^?#suF%gy~w=42er{s9F{^Vmj0nMBN4mCzwqJdH`ZE3st1 z4iuTuoGU+rtPj*RYxt^sAOYa@77eU}zFcJI1EHAb5r_|POlwi)kjcoa!ai5Swtw8V z(Xp&liT#{y-Dia{AUsGVXXoLYWn*^0)a_%$$xFJzy%amN=p0D-Ee!7?6w7YUr*4tv zJu(^(o?HzxI9=44bNv~=rOsxsb`%)e!B_n?@i2VvROp9sCFOHq0F2H?oH5F#pQht? z3R@*bY_d6T2y8#D`WoeQVo2#K*y z$%hNKKm{ffVIUf}RY)1tyIfW$j=_ku!ihV7&h}9mk7E4!IaXkLK`AA zrtM%6kxr1d0ZPTR-450RwTGzu`n88dGc&4SKtB zcE3(CI%jQ27#;kqo*qrS)4DuQbmQ8CEWF_AatfI_NhIGt+~d7ot~Zw{(t4=AP3n1l zqRKk*K>*z@at*^Hs6||Ta8iD|tv4_HLq6C{PfHz|UDlrnAj z<}38pWP+!!Rlg4o+T1@5dIO>tU}>>Vn+3VSsyHB_NNqHyD_+;jZ|`Y4G*Yb%=Ux(- z&%KKai4c>lTkmfLvo%X7gxHIuueV;JJ35$v#fEQY8SV5UpX~2)fszHdtiMew`v)!@ z2k-E9td7ug2oD9CIStwbb}CDhZDmD49o7N5{Hj8_>Z26*l~qPnuCR{>{MzOB`t?aG z#thU!CCW5Q~i$<#83 zTR$1(vHALJN$is;nmzKD{bbtXM0lni#2jBQ9(T1BFTFzi5$X}Ocs_4!iNn`<*=iYbkfcWhB2*}i5U_s33=mhze^cOx@1kQ(8KkQM1^i7&jrMzn=^ETW&KVaF5 z@3cRBCLoos6Wv{@;0Xomx8BD(abaVL9TQ0O(i~NAhu=v+^p&~H^WEz_TfZMcb@-;( zTGY)HDC1VP;RgHgU>&~nZ8@@Oq`juTU8Mysk<&*lsgrigK9xdKN>XP=0j@UGpc>E; zoS3c;w)G0mfcdx46X>_@1}q8u9PY;FU{9oYN-x)?3@Pejd}BFsHzuym#G!s{n=O6{ z_mZbT&~9LW`JzXnXeFXZ3M(a5)eeyZ+%JV{#8G+%%D_%Byscs%q=AD~^>(x&*MY%q zR%^oy`!~E@a2UJUHWq=7%_0#?EBR}R_ z=q-Ihs#AickH79^Z}SDV$~SMj8Quyd;@Fa<-L-w6a&__R;LEpq(uLbkFF6t(P*4{b z(p^SYw2P$kE|m5QL1QT|Ck)%uwL1L?h{v_5sKhkMxQp&5UK*4aDg9( zm7ybZ$m{xg<=^flVa}%XJTC58%})_(HD!;}HO=jynkb8K4daK$fwJ`&77AKc)#+@!^UO+r~nVOF!4MoS_@i`t_|mJbpSmV=r3ch-ax#!)SrJf ze#PHaO+dlxB|M{6hYWt3ShmE>B)c;16}kgm(RkPN(2?<{A2^7fp0o#fX3$RnDeuMP z5Oz!BW2IhQ3LnUfNHS9nzYGngS0*0sZ~9PGilxi`@xyzktCR8^b048>Wgv=akP@oo z9&X5%v;;#X1r+4^;J!G*Pd zl;i01>n8khyOJNv^HEbm_&6j7L0GX<$K=zrA0Of~%+6`QQ}7FrxvT&Jxr3@kS2rVY zK6u>SPTq1=E*DM@6IhL7!tlfa-#X$aSQ`t`t>wj|L2pwpch7Y*Cp&zi&1OGnyqb6< zkX|r7hjR>hdp=c&X@9g>XKhyf4$tixfOIj*C!qzUuG7)jFIOn|=B;zymqGk|MiW$f z{(S$jGvzU7I=;TSU9Ly{P0V{E2=n?dmIRkxoHX~Do~9NxbFxE|-yuwLdRz!2aUk@I z1FY*KjK+nt_BHZ(y)z0DhEb9{+9^uxDj%!>3R;r|b3;k0hkt06!JE1|;pSh?VGUze z7+>OzI4tg6a4j#gE6H=ab`2`uV!yPpmKF5jcp;$iz6ix9Mqg)-O{T#IK!^P_LKo&d z1h4xGS}gEZG(7W6u>2nKKVBO?VC%_e;|dQn)90L0d0Bn#O?zVJwQ&biIlq@sji(5> zLG9njPJ;w29FJDNBnG&qv$zY;IKAvUTT+2gyEJgHB~wtI!>e{1dU6?J(qUR=vL=Aa z9){ol6q2Wg{+Q{9jC_iFkNz|7A}OkreTkO8kAH0M3>cwaL1vz`{H1-qbD z{X%fGC;DnItU`eOKeL&cU@=lZjkyEoL>aZ2;Wmj`z`}UeMJJl69vjB4dROMW)vx@> zu%p{V$?p01BcMzp)OR3W_HWMRGa%BRWX#O95N+gdE8*;w9$|?C;_dH)fzr0)SB{4S ztor~ae8<{vhQu@})NGq}k zzz{wkBmcI<;hybnpX|@2UQ@IE)|hepNL(c!GN=*z+slT<&gb;~>_{INYG<=NuJ>1& zltMIqLA#ZD@AQ-4w>%Gal*O7<#{AdtV ztH4kWZ>X&o-%t68P@oi>^G2ewd_rFR3Fa|;jVBUnkcZnoUco1JTR9kYGGH4HGw)ZnuHT!BcZOt3(p^(h;Xlihj_fX^ww|%~9MEv9Kt>dCv z+jntu+kuHKBDTQvj6L1mV@`MXh+>P12rAg!E!d)%Aa;v|g^7wSw!eG%zI%V)b3X4m zpY!)`e?~S;JhRrbo^?NWT=#W(Y!oD?N`W^TB(!G z75IrfB~@q=h(kgtG0btGNpgdgBqXzfP7+=jlcR`ClA6k8;K4z`Nr@~gkFMh4oRc3g=>gZ3FT60K;cR+l?VII${=aLF*QS4hu!nfQPMTQbSfLm9K+Bn>=jO zC?qnVGlX+NaX83)NlZdC0lGrmK{c{}BdQXhFadkb-BBj6xqk zq_jq$RiG+T0sO;(afCQj1nKYwc1YMeC^46v2)x%8sta@s>7gi)kC{k33Qgq}QHT@| zTZAX_IeMMX1N~@Z3ZQ-sTbxN^3q^P~0gYyeA#5NLAW+ta*L2@vRr%;u6 zoGzeJi#cWnMrDW)Rb(_43Fb^*1dMUvC2|wYX<1s_jkR&8UnA#aWl>zCmr{LW#tWT>T zpaBj{g?XhALUNmhNM@@EB%M8k@e*lRm0AUhnc*?mND4XLz)Gbe7tN**pi&8d5Qdk` zBn(MLrMMIr1~LnE)|rH%!{2}Z0Zxq}3GtWE z3gAwn5Pi5%#K@OGj7SZbVS3>fOm%5tDg1el)nyInfpZ=%02;<2C;}h>>&DVWf2bbe zb|jiXA6x$q|bB{ zgBVOWriNY-GzVyCIbNHPXK}E+YDB4$L2=SlA+?_xlMzHRi!{~elm>Vn(B(FR4?*F0 zJX)361r0s{VB1eMyCQl9N6cVHBp~Wy1?5&?{6k6Xa6_YYQn$dVO%*b|AbT8^V0b~c z!mEOBpxcRbX}}A`9TkxrMI0+T8|62IlvFWJ3?vM4Krr#t0;)0Ui}=tSC5ZpP>S9<3 z6b_K7x-=oL&4=;AGj5eU%EzW!{CYo2fy3iXG`3s z;SiJMjQ}$#0B=kJjYViv$ZbBej>5qyL1DzrQ^|u$x}V|&X(J0sZROdS^i(iTD7snf z1u-B!2f5?zD3dD&Q3WNMs`c4pN|qlJbLqJ_of>$Lbq0xFj0y=L--yL&G%0A@jmCAXR1o*9lDvjPX2^9c32Ejbug8DAux+F!8B$fy1DW z0y&)BZ9(o(j$Q&Ih(bDKUDHH3A)aD#`ivZr2n|O;0@iCgQ5vOUq(F9sxK#{|mV%R6 z8BPv`!-<8s1_m1dCpNkgUIPj`CRbx~KxeBGdXFMbj+aSr@q`}42#Q@&D`HmU5jF@i ziK!r-4ag9gR!yP**}^12CsT%p>Z{K~XE_|afZ6GAV8c;Yz#H`&fr6I<0^-0x7z@ck z?T<)>PAWbk;3*;Cp{)pSRvBUvot=pC5P?wxzAxf+Kz}Cu0^cd+6Z8%MtCE-+g-~SG zq!Mgg720Btq(WPlUnK+Da++PM@aVaCojhVSyRjhIE7XYW1YpCksfcDUt`sjn76wx; z@Nt1XRSZ1A&QMH7=R%d=hZ4inS?E9+OH3@RpPvacSfMzA>z4shPqE5*|{VbT-AQ$5?0%D4+o$ zz1$V>kr~>EokX{hT{^9ooC>@aZcw7NpfJp^4j7~qWCqgAl+=*Q>_E07JjboWLN%3T z#M0@aP!JLmPO@EXf)-vR3Kx@2AV}zyhSWN|-RQun@%$i)6GVWv43h)I7PV@bhfMGa zO*Bu`!+?UBPr{)HB?9CPa<@~-m6=SyUPi*HIjVp>kV>V;#3nxkNi2c`^oE^AvYJn% z8zMNa+<=QQcyv~(gCbDk!ZMbSB@qf~C{I*Iq5yRi4tUi$RH@74BnK>N8^#1Rc|YJ# zaY7>oEe6XcWLZ%t88!k|nPITw3G$ei5R9VDJc5*>7Lq~b=nsK`l0?;5F~W!fv5cV2 zXA3E`a)a0tPK`i{CL+h6(Hu8Am4?GHX(4FVM$SYN7J#%3{2~@Q#b|xd86}GWDTlWK z*F4jXCC3bWrN_jknEpO=T9+e2HbXZJ#bu6( zG)|x|glFOX4mFL#Q91OKkWbG7W@`@}8fW{L0J>xfjK!c>`!5d-nOs0-070zyiDp$2LMR?ok?K zYGfM3Tp3fRQR4v%38*-q35nU5F;*;M7TWy*KT?{JaXoIe9UyWrp$vu6M2Y}su8L+S zfYwS(3!NbfwJ9oaq1|*0io-@pOlF#bi}Q$yB!h})KwGuYQ;HZxu3Bld31wWn1Juz; z;SexON{vdr9cIL6#WQpUOjsa6?pz%(p(E^#et}$zBJq8IUpE47EFuFWs6XT-g0@!3 zX{3dNFsMUm04W$DUWy9J=JtDR7kC(3CQVc4M0u^QALOl4e z2q*O+|A(*R0j(gO6-L|-x%k$U-1Xb@-9EMvMkp1t6P2A@f4wNNh?d z3+v4aqF)#EfdG(&of-@UK;o26h+#o0k^(yu2nNt;qzIpZCvseLOi<6}MqQAUwMKAQ zv`I)bS)yST2_Ny%e0m`_jE`6)0*SzghkkyNSq_937@te4W^=Vt8UqvuJTf6xj|Igq zaTLtGoEJ97B7O^Om;fQfN*q39bx9~rMDUNn5^(7J7$+?d7Q<{Y zup|mr7B|%)ft)xa zY>Wl9RF#nd1u?RNO{7Icbi{cD78DS<#|hP(uQ}MK~f1855=t)YoQMq+T@VpKAjwea=n}bfM=60 z7zN%JD$xdqC+7(qD78mxw)j|1EQ%Z^`GwG^5`_VnG=WEN2Yzci5AvNr5zh>GfsB?y zqzl=IvmbSe>~6IH3*}80n6sFbg*Kw`B&?Dj1CS*lViQrQJ`lo^4{xe`aQlQozq_;vufCqNT` z0$#_62*AVxPccn+BaLeSCUI9PI2O?MMTDTkWN=}je_16qprGPwHJW&KIZvX}m|b+x zi^D-(FT~NS30jAo9*d}DRv%Vkjbdd$CBZT5!QfR*lz7;s^M2FyuTcNaw0;WTIPuM5IvzU^W#NYXG|L6ns(;U|uBO zAJJZ^-iFY6P|RW_+~EvlOimDx#JD&Ivi;~NQa+N;kU{4@g9@@d91RZ&Q5b0LhG$(Yo5;w*1B)r} zUoz1|xq%mEYI!`a!z$!J6CsI_8u4?y-mos>#rf@QqQOpQq`JsHhQJ)Q=$RU*g^+YK z0bU@0E>;rCiMA4Oc!x|0(G9Ts0u-B%xR_?QJ*ap4>=8n$#;=LdQl)H-p6l_(z`Tno zp0Jx16Vk9DA{j@)P|+fQ4mmMFxm(I0Ndhzs9$at0X95&d?cpeOA$8CimT0X2YKxIV zDmR@*WP z;K!1Aeu>9OiUk#^kem%L9V#L{h~k=1N-;|52W*W6c!47HMG zH>-s)8;l+{4<4`h|b4wYx!Y02!KgQ zI=wn10zXGhVMo!P5R=EJGN`x!TSbwo)i|j2>SQ6Qo#-;gXb^+{k#2?T5OlAbtxma# z5wQT9fl1Cc0RX~i@h}BEh7KAtsA?em6WgRxBj}9dc~GF`aDq`I)y&k3AxUd>Q%zJ% zh#PikobnJu!V-hLEQ(=Pc=f;*V7K~+6ik$rDrVD2o=`L(ka^5190;8IBw>jNF%LpN z!=j{fEa9kEz#)S0G*K)A;Al9YRr&E?Dxk(kg7S7yg78Q(w0e$+jR9O&j7z2Xyb&@J zr*?u7i3H#z337Z4n!a30+8>7qx|ROWo68(rlg3DN7(mz8Lw9%#B9$OD6)y~>N>Fx& zGL;)}fbNJ%FQU4gV8@a4j8@LpYk3Bu4M_HI1P>8{0=iAcvl+qD)c=uSppir%fWb#h zon0sK%aII@&EX=V)nYM|MHcvke6`l*^PolcpoYv!HESax6HbIT$*B?|h#PvSv7ieb z4aP8rpavRVxjvpEXi;;>mOudfON4!!5`!*q_?5smD&>Dx6g%t}`ZYc-5F&Am9wG}i zK?>yQ&03~C2xO-+mQMw+03VeM4Mz&A8nFn#swM*J09ZOwMI=H{)A2&QBILs1Jzj|% z)EEOE8&LXc@CsuT3e|qELghm{K;hPo;l<=UiUEbQNJ(au6G#KOIBQr*;YE#F6ZD7^ z4C<&(sKe{cscb&7?}n@{MkFjH(_Q8W6-AS?F$%ScCG@CuQfRLuv0&UNE0hZ2)zP3O z{6~|=?r@t3px34#@sL{x%Zvfhr-LO`85kC|-boXXfU;F7H8SNMkUk>_0I00SBA$mz zjnSc_HZ@;JqzM^evkk!17NE$K`M4T`Tdlxjpo3H@huzF>0Tv0BH&tqiNvHtmqXiry zWY(lo_-PM{&?2!YB9jEsDkZ2fMrZ^I-Gf0a1TQrJ5i)KVxLm-X1A7^o!%|WiDm(!S>nOdCLh?wMXs**` z2r58j6YpmNg%bu3;sF6Q*{+gtNhqIR58}5(lU*SoMN|MqlG=n}FJDe30|6(+po<{m z`?NkvNDO4BL>@otGXn?~mH~rCV3E|I=Wdqag_01&Hx!?MVO42JE(;=aLopF`1Pcum z)P+zt0U;b(YRE{$dGSuKT&2a>#6k+0ug3#8T+HGF3=HI5Y_L(gy=s(R&Lv_3It&%I zABvi4QmZg(pM}g2(%521vH=vut_N}xuU1X<64c^I0Px!$A^^AW7Oz0AjPNxijwuMz zIS!Oo!=?bYsV-vI8OeB#GQ?3LeMJm2-6{z9OwcnKfbYN%Sdk#Ks^Mr1CJDN*IW&ua zL&k(9$ZINtoefx9Ce9X0rE^(g5jrU4NlZ>T^bNu5Km)I^+b9GN8U%NVOu1iRSLl5K zu|DSTaAh<>3>0h7Xdw3y=>jf;gz1Yiq*@hZ$dLPupcO|=&M-+0BBHRAJYJVW!{$RE zp{1zUF~o%dX<)BRDMk7fC#vg`P3bf;K~5uahL^;o-QG=z&nlkBX}b4@#C>LpI=A9hPja-S&Nek+)?li zfy@?w-9&IQBv?E~mdZDH#5l5)9$d5aaMVwVf^#cz{@gO7{y4 z5j?PoYeH^-V~VUXgUSb2oe>ez-ChnB^jD2Qc%W7AAt+*6!KVfMJeEsFJn^vI5}-x} zexLw?bhpB2cY#WR&}BpG&?uEtD{^5CCYjxY5t&^YrBQ_@g<)6XQq?4&1Oe83l9VV1 z3IZ4i9t@ku$KXKDQyW3du0R-|V2LIO(5*qDGYaaHBFGo3m8lefk^3niRxV}oxH>V- zZIq$;ZX2E>1?xdk14ATy8g#Zn6`N=gseAxY2ztmQ90xppAa2LHV`ecO6%LzXG=?SM zj&Ya*fjtrg!Y7Ft&58ywY813in}8?))R=GzGE1Nix;bW=)nc=14Fo7)TLWPel8Lk! zQ39#Jq}AX}Y_C*lAp?U1GgV2G7z0?kI?9THbP>k_Z={%HLMLAhav%Y3V}@4%fnI)XbBkE zK!eDEJ_jl|xD0P9L!pCaG#l^|nPNJVjzR)RDaLO=!;VSuGf}A~&?qy6EKtkxN-e2M zl+8_yn3-n32n6YnXa!|)%lrnT1_Y@zLc|iYQI>!X@Gnvzs8^A#2D`->fFtoafFK(c zBr9U6d=YS1Aw8-L;Ohi$54=yXYv77Qdc+9=1b#7xM{+T^I;91+ zb_!2p1Eo(60L|Dyh@|5{Qb;OPib-q?T?$5(ftQ<26gkt43qtcek)sh9H8P=yKmf@` zZI}x3CuXeyOsiRnve3zdm{UTNlBq_&Sj5(H@p>$jb8L2zO3foiB{JBvJSe}!NEF2& z6X&rhtrnp;DA31ZR?nYCWeW~ZB#OjJPXur^C^Oqe!G%Bw0@*!6f2gz3(9!3lghDJ( zm?nZGTR;pHzf8U$0##s%ng(n%VV_xx=6Xb7iPNG3r~;mXB7kzM&jyG(oeJagxa|s$ z%qQgO%`|DMGelC_U4AXx(mpFl1HczW0Ss=5VtHm2L8V7|^~yhj;eNN+i8C-%zzm_a z`#^72#!zpgjOixX_>o=p6)=-;^3rJ6#}s1eG#^6VhZV98h;D^j?xv=d0`lS*pk= zMqC`kwe#>*F{_P0QlQ9GIvYf2f!x<#0g20{Z;1qFy`Ku8r6FhDAax{zwZn{1Et>| z22>_Zt_y*#utg4JBr3X8i*w?*9E?~C8n1q;&k0u2T_F0 zWT0rROyB~ugIB@{3L;V#3GyZil_&;c>AtWQuA3R3>QzDWEnVw^UTj#8dyYOIwMez#o2M0i<-p7{48^fJ0Te$J;o{jr0}@6s+*GV7 zECNhOp|=8#Dga7(z&2x)fSRV)r64M>S_RO= zfR;s!Cqnxi7EpC^$aPLBjRVbcphn6eiTKD-QDYJh&+i98H?)?AMp*$V#~=tSe>y8% zu~dSM92jaVqS}yrR7FAsvtSw^81Wv16S(@_S$eDro==@ zGBT7h7-Zsq&j7%GV0Z`x&fK8Y+86$>t4m>t9BRT zM28~4Fo68mtg1?Kw|v&X;&RTabwA4rzq*S~XR}Sy*d_ONwb_z=ckE*l;p(998~+7m z?wQZugeun28FliuzIu7`#w~1v>>B^^n6R(qmxj8#+sw7y&yKzuIOFKbUzjPnSKYrj z^6IcA{KsQh15xJJuEg9L#Wy#7xkdbsA&}vU7hasO3*ND8aBatm|M(O#LY#g`Z9&p7 zRH)B*yr5S1VgKj!!-y&QLaXVd?=s3Mr!A@%>gDhoTzxvkBc z|Bh{~{&^^;PSKR3m228Q{+e-cw50Bvr2m=xbePw)uK!+=AwpBs@~c~ymREmZwD{7Z z)}Ef**2bqd7uD2(#+S4Qyn@DgVk3fW9y{9SM<>?$lK~~ zXaRvk)t!AiPJI1XRetATa9Ut$tBUL%7e4clJ8#fGcP()-EW^t*^$LES5hF8?e5>sH z;_8Mue0{@Lx@({Ar~f8x9b%T#P@y)_y^WBwtoP57%tCG$toVkxWzBGNJ#%J1+MS$F zx9Z%P*jAd^ss23qE#3s31B1Tz&mG#l4svL5|IcTDEUo{`i3W?m{QQ2T`|!_Qegsp4 zl^-QV4ta0o_QhO&`NPET>%8+e|N1tcAS7=RAD;N-%VW=`qScr#L&wiQH-v5cbY|Jy z?rh(J7hQ^P8rL6RpC!t49)D8MHf0G`@@s!ceLHJuWx=?{8}+U9`xYmM{x)8BCr#ke zGk<@3x$MW%3TC^3CCV%7Pj~(OCN8EE8%ZB{rP@Y zqZ_k}##Rf~UyScL_Oolj{k*T-`H z(WK(Y-Zz}n*$K1e{;s~Co)lhw?aF3jTlR_}v(7CfjanD|St2iRoNhx3SIy6CKX{ny z-oa#2!LyvEonqYirD9{%A?y2RE8I^Wt-Jr^+@h9q`#wv#azHwCM*O?s2Rsj#p8L40 zYfnLEIMl1`@&V_&OG~!;-aUGwD064Lo1rH>dAZ}rjiOOSK5`#$b7ZtTMew|tOJscc2f39J^ZA$y`WzLt!eftFueq2zN zvix-R(>>kC=12;x$9SF0hh4Rcd#1;c#*NwcYUI8V$EVKeHMVR=_LTd-d!7F)Gw;i3 z$(IW6laF3C+Pgn(MUOR(k!Yr5?b+_@D)IB8iQi5iUQ)K!@VZ2jAFX$|UfH*%RSDr8 zqjP!DhOD1ele*Txcm;mSMj6Wfyn!fh6}?*?LT+!5mz+3d-{mN?(@d(U0{DEU{88Hl=ZXo#cdlJD>Rl&X?kM%W&)-ypG74%{>@gd}i4|g7NXj zUwyvxmi*{GvT)yANm5_V)c4odu`W9%&3_ki9z1)DI@WM`wYp$znfk!E@6+aQ5e?g{ z+>vsmO>)vzQ)X`2j?t&LF6t}$ad~>1{sT@=tX;T!TjKQXXSUrb1N&jSvgK6suT_Pm zS5`@-FD{SEetce

    !kU*Fa3_Exo-%jYIq;`x&AV&jt7poI}Pw&O2{_)9g zEDD^Vp>Ov=9zU%y5c`qvlxLl}Tzc>-+abEs-dQen)32%%&D(iJ^+2klB9hG2dC|kl zfkSJ3%)t$*!z$R{2t4F{foB0x!Cr(J#G?Fp6Yt_zW(~Q-A%tuA{jxL52ehv z4@P4bK^GiR9SQgtjv=kf5v+JL3vkq`2zMUe!d^!)Ge#v{hp5ANGfkWR3 zt+3@v6MqyMz?7@u^a4^B^EG(vs!Nj%F>g*0#9VttWsc3a-g4SJUBW$gbvBlBh4aO` zR{E{beYR`O&3nR2l4o>Plje1wFqf}~1-`XN(;#@UpaA|jh=E)6HE9+om<04AUEM+t-JgRPFz^k}Nzn+O;sQ(1?qlO#)~{|s78dgNyMEX$ zP965_-#}7rs8xT4jVuTlNmTYMU#kglmA}MHd;Zh_?kxX>LicFA%7#LW+Of?l4-(WU zf?cT+n>3Z{wHWBe`=-V)hUT!Cvbn|QWYk8Rg50X&<~ZfaeSOkMJe}8XX&=`S`6K;# zb)Dimlc8iT*LHA1b6w*`kMqF-2>tYf-Bm*;SnngU`0|;TMIfz1aMg1?-p2pN@WJAO z%ec0`{!HQT*=XpA<{ntKKHkMgXJ2~6<*nC#i8F)^JV!ks~$39aB{m92p@#WRce?lO}jn0E1$6sxk{#p*xj!-TPF?sL5?omYRs@e%qr;`>n9wO9gk_ zR{KZ=NJ2cS;LW9#mwer1Oc6Xdw7w`9dmtP|+2eh1ZKF+18CI|`o_D@d z^)<)m*5tspK$WM0dwxov8&1Xi;;rF&xM3St$78?7} zrY11>LvPoyiOegm72+d9OSp7Y*Q(|zP{Nyxkq7=At1+^iIY zF1KHOj;MOnIZi;gOavl-DKB)2=$23ZM!7I3NLIqLi{q}s;}(fP-*Z~;V!JzR>3j%V zm_M*xqCDHp7EK3B_5*yz&2EYz9sweq$dCmw<`AKds0(ZT%xz6}ObH6O{MLIy0GSXU zaHl2Y>$4AKy$`@xvEu#ap@gxSh}R7d!e3HS0f333HA@qxIB7)AQOMBPhLke>P~^l? z%;3L>NlHE4r(ezKR_&ZA8Z|S~Q1zI#{)w8|H_P$TXum}z(EZe9nVuk!Tj94g^kyV( zW3R%+#O98v%-g2kC++pKOAqFlp>4oUFlr>`a$t2zXXk`u&n_!&eNLy01?yUstL`iM zR^nDoJN#-dSRx3Sb)(i@m{>DYG7~u@cAduxBD1DeZ|KpT0D$ay+XB~22rSmu0$H@k zV0931GGvR1jdI}t3QuX?0UHHt+_uFN&VJmwx zse%S1(LGA#j<$!>ar8rNCj18_xhb!|B&1Wby~SH<%R)opC`WHfs{;0tl*_o*v13Sv zL%UP`A{yh8D}(KLSamJvls=;ZbR7pEa#x{l$FwUy<`0i}kGFyFlYlTXfeNLsVon|JfvCuxkXnGh{sQ;XE* z$k&IWPNxfL*JN(T?oWK+B0d>$wvv5H^Uc9PFi@0&@;?w0V_?#>w_qz^h)Mzn2kkfc z*a{#VD)m?BK;k||S;hvGgezn?60+IxT7;A&F~PwekZ-jlzFszI%gmF*1m<)#hwI{%zG52{mHDFKAY$qmt&uBXS!X_!i56#~)*$Z1dWyDiruf!ip-3$Kp#f#|Re^C?JZkmhs%D2_f1|S`^ zV<>+t|DM-@s%;bJT*!9#0Y%v=;1wl$1O{JhT_hqWi9rOCTk59Ae?&kIv^PKPVIJ;G z-w$c3mDYWjspJUd#byFHfw>qR-Et7P=Q_oG2=W%P#Y})k=yC@L5!R1|IqE?1ZW@05 z7V!IVcgA8o^6791gh}Kr$DSa#pjYd|E!mE3aIcd>1sXe8J%?A1pI{K~p+J*phDk!G zRo?>>z@zWhe}G^wm0EDvLo|FqXMVSu!VdrM6PW($cwL2_(<8+LuCnLN7J1Km1odUb z-CuQ2TWc0aMg(_(m*C}%y%9%2J2L$f+Oi$e;9sOlVZ|6l%InVN0smqKtV*L;mycp}dbkno}Gw+5JTC)ZbnH2(f3b?IE&$1tv!N^tChr+C8ji zzK)%bOg+y60^@Epe9ufJB_-#l_HU5OZ<_}DF$Ql;4*~-1P%@eZT^vN69jbVRSrEeh zUty6ol7d9$IFF@hBW^9tTstQT6x(r1F)%dqpOHM;64$UuQ$%Ut z0(Gn-2#@df6v5Nq1gvx7CVpg|7Pd9{Q+z^y5GD+W#ZNjvGVrZf-I3>Om7rW*M$`!(ej^A1U3Goi4(C%kAAq`*{RI(z3~Ldh15GfIk55V z0HUbVYoa7EXD_JJ`^iQC0<7qYd;0_q7d{ETmV`mc^8gjOE{P1TN0Er%U6OXxd*%TR zI#e-%gB6~<4w*{ZPndVx)nLdgp~GMI--&cb>AWyW06U;q$yD>PY5_P`NVQpVWz>=w zp?1O-!Avd%%b+uAnvMlfQk)D71IgMFspIG447>1lkx`@gK{`oRa|3FfA}lAVDMCyZx6_XEdM{r*3`@(@n%(ezjen zOtuHvo_y_M8sagXYa1z;kZI!W=p&;}+dbH#&3u$vsW5!WwR7Q9V{kvTQ<3Bql_U8F z>$&O6rs_AMM)=SoFF{94_W@rO`1tujQtX&pL{h*}O8fH(Fs%$_FfF63O;yw!MFGSJ zk`KEdE&W{|g%gO#Y<2}P8Y(4vTj(j0fc0XNGewlC{;6bV3h%JDC zHx2rC0LRtosr^NEqJgp!Q<=Z)}L|Z)^xa zUUl>zWXcX70{Wxbp?{r5Hz=%AuL3xF$`PIWSkO9&ZWbuoT4@B*R5|h6g)c+vISws49RPf@ z(EdJJ74_&KKL=#gBt7$AJn`H`bfaUnOP{PX_#*1^H)SbBvdbL(-pLKcpy48|oY8Qzq;+y@+~`WJZLb^yBV@IkB`RyP&w zXm@PwW00kQNr8Z{Fr%8ow%myX8Xm8Nx++Kp{hN?Wxc3;)J=2E018OH+#KDJy_l3m@ zk*;Zb8*3Pt&ummJPfYh?3^yGvcuo!w-83{bx(?f{&HJpa73koA5sCg0pt@xiFqP-= zIzS+R4=DXP;-c=M4U`-aY~KZmUv<8lBzJt_n|CWens{-#VCV+xlVfpB5q=d&D7ci; z@&@8pH?O+-~w;>3Ap5l3$RN>urnB@AzLPcBRpYmK%C1%Zyd*q}zDQWs{E4vOGqI}*UKvhuS#rvIN;N|Iw5 zHGATM?&Y!oAps4CLZcsY(kaAJG`OzZby{q(y`~^1PYWaTC7yzdm1#B;M|!UNFHzcfVn^bVSCjNxaSS6+)g3VzXAU)1aWj*A2}u2hnq$A6!; zoPrT}_L5V#Qa_qf#Pi4Dd!C4>s6WbhX`eA0(j;HJpuzq%5~o?9lRDRh{EKL;Qg5PVY7xST!(=Ds_Cdy1m)I~M0-(Zu1P5BU{Vp8(}O@O$;hXjeSLb~Hy3cbE{fhY`5#38v$Uo}zh_$?f>tWA!;~UV!>;~d zeajb941Oo-eoS$BG{vBj&fTAoV}oK@e4rKl2-?CxwBzrrb)&jEJHKt$4!;Hxc3BEt zt7t?v>^_;c(D4gA-p`oc@4&DV4*BZ-eG&0;*3VZV;bvbhg-RY=93_0{H+*%AwYPlM zvm;fb(tf0hgeVsx+c5-4(CKc)4-`G3NK!s{@+WA%ofp{J^qLL`GBotB&;8-;9LAcH z)98)QFzJ?^z@B*#PyM?*bbFkyd~wOmzjXvQTvT+z{<)|3S}=Ch9AVxQzN=3|{st`M zvKs2PvG02StSa3Lg%9)NB>Nk^Uu)q8>TfXhLT{yLO;s3D8}gUeKb6In0b?-+W80xC zcl~#4G*qv~RMs4;TNVS1y3Lo}I$$U;sztTzdBNMQ}Bu{p#m zOqvLh{WT;+XsJN;xeeTURYpfF@Tp;H^uo0@7gC6Iutfr=lxB$J*+iZKAF>+3{qIq z#ge%zlR0@nW2t&FJ52NXkbag)#C{NP#V&6wOTit>g|>@`wScas-0##<%Iln$pT8#X zOXb)ZGg1PxfCDae*1~+YE>ZsA$T>ubU7;8_<~<;xC==XQ>e>o~?~+p09rh_UP1vCKs zSbS&(v)VebVa1W_2)I+#5fE;b5}D`CHi*zUg*mu4K;YZEg(wleJa@%tX$UKAeES&a zNg8wR@$vMq+rPdGFCsjc(AuTXVH074RsPLW0~Op(!&$d)?+PgI&b}2B6@8PJY=YPJ z>Wq5w3b%fHVGE*iP%2wp4?rvM{KE2`ay}(B3#B@MJ z^;N3uspxdkZ@p9pYpdos$Z60E)%09312@+sa&55c=tNgevY@c28<6{zMz{-sOS$Wn z9m*gy%@!)dd4-ww??C_AT<}z0Ogrk7u~KpSQ{HLFG2ahUX$^m3z~_KCBD=pf3CpR~ z2G)d~sdr!o$j+Sr>WYCNWc_n?csM)4}~Lmi#o2_$;6P$Qky5GOHQ46 z8foIN81%l_vFB(5f2(OKK4I1v3|^&KCJ0LW-rDA*1ZVbfHrHn(zkaT(X$o7Ma#XZ~ znu{Xt7J+KCYkeh;#V^2{>uyeGq&x<;j4Z0GGzacnO0sL@dhgGLUI$m1x9;*FPee=0 zx`+~ps#m?gX26^2DTMIT46e3+xIR>UB|mZVe5_+T<Qwq>r} ze$u*jm-KS90P^6-JAX#=hRMp1{P9$g!y8{84BTP&tCsF$8x~cAAhZo~{r#C0AiN24OC zftbO4Bz}NeU+hyc-vv2((b^M%_bVji^Rr~$G8qoC{fY8bI zZlDxLcI;&IWc@$r{*@*H2XWi%Q0w-GO6-RLytIp(YjboHv5@u4!0_CE$q)yk8vsG7 z%i~XN8Pnt))lLLjYd;zRgf`2I_6NhXsCCZnYzxd9b{zpDYj5MXNhr zp^TKfpWRs>_$9_sjiodM#aJj(o1rE=&xY21P=76tkKIWy&jCiAl+) zXgDkj%t}Owk=v<7H&eSM7Jiao1O!eDc>A&Q)bS40b*L!2r}3!~x7 z5%AJ;PeG-Ms(JUh1rJ9dU1@C@E{sdMgQ?sTIB>Pxk#_+>BV z;Zn}!cl&jG$j`1{Y9YsLeDp0%ucuiJ)Pqwm^!L`Hz8bRZIGJAauC zRHMGBO_H>mNf?)NvhV}SqSoUNdwt>Bl!NnTlj9wvOb_POraM)tocn0de;+7E?T=!s-j*-VyIiOm*gY zYUHnt+;LtudZE_ogIG9c(z%DzvO1~dmr#at0<^T6@5FM+*Gc-1HMA&>cq1rNP2|4Npw(L&+-^a?}d0dPUWS<6j>1hYM~EP(Qia-lymD zsw0}98lZ4U7c+6iwW_Cz-zvwMPExU zt2yH{@)3A-(^6G1PXZpbq@=;&8j?^t29W0?zy!>TjIaur(aep&AX`gmL2S(j$~aioyj+F70KH8#Y2nMsYE zAa>V<7f8$=3Sl0HXkb0D|7^k%?A@~@F1#Mc$Cr@~T>xF= zZvZr3sAwPeKhZNEGmqQ{>zhJOoZmpp36mVpzif0C)hG6JkdD(LBn|=qj38avQY>~@&(~O-L z&lB?U@|refjnAmD_q>nZaS>EMfK2Q2`U)e;-~{!eKWP3(H$Wn`B%NF;KkA$Dp~U4! z;2TD=e8A<>76*laR{*><)%vv8bB(LRB_)OnI_z@m$|3-2op7mNOvH}<$XQPEQr8)z zQv47pksLY(jF8Cr8aV5nMLKH{gimRF~rJHPJTDjdKU`I|tZd_SVZHdpZV z&1s)}l6?FzpZ9G$^d}#y*vRo&24Izl7?y8)Qtuic(f}UQ)cM#jajuZaYmDBWcndVm z`P_!gNp9HOIKVgDE1I!owu>u=1ap+iF*Ejv#jfGFjLIFiGQf7xBh$USwMpPC8y~q_ z$>4yV3mfHzo>o4z~ic$G-$Lhc|@CPeqWMdKts=tlr0`}_j>@`t4>6QPWt|De<;z^U@52)|$@lQ6!9@)fn6#92G zO;6H&^jZtzQO>aH+N4n{0gox7uP)PMJe_Mxpb6DnC_;H|5Z%xLuqFV3jeUTsa!aOt zIQ;D7=YZ3^$y&}VVqzKUhKn*iM3KfCF{-bBI&SAt_;lXOZ>$BcCzDS!q|$+E_^}nt zxG|uP_Y@miz3$1IXlk&I-p!(kiHW62^QHsLteu67_|Xl=js2j)hVMK|-gyf}a4hrq z1==X=s^-nqSSx){W)w@HKJ;H4FEHYE0a;lj*y<0TY6KX$}X`z zYW$of*cVm*-I>^|^vNjp2riF|UD2a{n@WDurqluagI+@ggq-rz2A-IIvhCe?41=;K z=Ma=5T5`JRG+KTg*r`rM8OY;}AnZ|TUBu1&NKrVQTn=_h-=4^sAsQ#YFU^U;9k~O^ zQ2Gk!wGMT=U*b}Qd$wM{XDD_u*n1+%KE%YUn6UJtuj@hzY<>G5e`?Ct23`+eJj}qY zb=cZT3G4!nDG-zrJ+U=PNFatnpgE_O19pC-A}jqJ!{V7WfyPSX`3?X&?*1&DXbCU% z6n@m}p$q@Zvv;;bqrnPA;7=RQF?*CHItBjV_v}USxeBhY=)on)3I$mS3HLF){dch6 z$rR-stk~av^K18^3XwD}Di9V_>{lK%3|Aj1mbD|$rg$YaGg`=s1OzEap)Dft&s$~h5>j*8w;FZfZ)8KC1KJ6q2yF-S4Fg6+i_`;J zF_iD#gBWlrv{z~NJ~QhD4}v0(Qt{50tr2b=Ec+Vv3RTKANT zN4V^x)YF$cE?(U2CHZikIo@mJr-ndyj%(!xNlO(xc4rkdIRC-M8HiCCFma5W8(msP zo1VSkDg1bWa%{c}YNj<2CzgdQ$a>Po)Q5a?S4w}^#=I5IJy#q#e=cEmu1u?x{qQ#AIi)#!I0FOl4~MnznGFBodb+(Hc?d zY{9wV5Q#SN=iVX5kqmMH;#KH8032RN>f4mT}mJBRjq9GZN+h z2z1pVrMTAKdYil9$PO_hq>E&KXP-*&@W^CU$7aqm!B)3O3|7&WtEO8Z8z$7Y;T|-N zFJy^8pd5W?1JixsmzTc?96iRquOxtbG!X|9ILKpMJcg9Z?p z)3!$}jK>o!1N}>_M!RUq=}VfrOwFZjDt!|BTW><>L_u7a@zT&dvuJFUu!+STElGGMXwWZ%>$8sU)**K7QC+%W9=^&A77`Y|v=vJTT=0bY^gT~Ln)zYZJ@7j@!0Wkz*)u!41AkKPR-W zcnhr`G3Cd3+ER=SzxPpnqpv|@cEmT%OUiRfElJ%C0Rc@QtT3kyMh*@<@ll%+K-VbzIkJ&|3oUL ztMH`wvWx&4@70-or(xrDthb%=%D~j`F*pD?Q?~HdV2JY%m82K2BA`QcpzpOI{+$~m ztkk}*?f&23J|KR1RCw-7t9-~vMX&GqdS@AXe1vvyM(PfIz|p2O)m;8>B&0;C(YTe` zS4>a(t0r)jC1Yl8PP=LP3oeMWIH;+)M|ghnbP-DFeBCAcY1m@Vq-oDSfiS^M5e=&h V%Q37BX&ZQ)H9u!o^0!;e{{f1NA8Y^s literal 0 HcmV?d00001 diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/baseapp_state-processproposal.png b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/baseapp_state-processproposal.png new file mode 100644 index 0000000000000000000000000000000000000000..fb6012378dd580b0ced3ed6809288d9d312a2e96 GIT binary patch literal 248588 zcmYhjN6!4pvn6(00tBIf?ga>%{(%;RcR_E4G)3<{Ie8#i^tR~99cU4nXaU-WX4;2# zq2%vA0m4^b85Wr&Gb1BToH$wkn`Maq%af6e{Y{?8?LhHi@*Mba{s*h7XsDOy8R2~ z|AipwJpcV|(rQVE_3yFRz$WnhFnyb{DZc;ggFp!SZxH-%DCEJ|zfcAy!4pRPjUagP z&;DsujQ`Of{x<{~_-}feH{&*~^}kRSe3r+p=)o)444zFFJVoFihW;JK|DF6_z*}aX z`ywndwE@>4;3)YwN`TG(O_e-d`xnB2_kGh9;6*I*Zh8;l>SY?h76FFnzoGXJY;@By zU7G)26Yu>LTUz~dFD=?iD?JIw?njCFZ%Qe0>gjIn^889F|R4K_-2mmgMH022}L;wm*V4c~^}|J@a>puxer!w!`o z+}9H7oVa{9fPe6a$ey>hmZnVbfh6B6Il7i9`2w6!cv4=VojfdXvV!bR!G|QIjgZt) z=xoh|1_!a;X=0O{k2~)jjK9q%bL3!B9C(NOvNsI)Dr zHAaHnKo_$PPBV}RdMk3iLi`l*tJX8cx&uF$QQ4x(T*j2BntAqr(VyDhVP?YDCk ztLNKjU>JIUPG<3s4=#D!!|!{$PkDxL+=Z97`H9(>n*&bwo>KOZ50)@Na9xmgxvNgN z%|R16;$_)Bo>jNI4-p}!LrTp0`-lNGT;glbiD=9305Lt1f)gCLZtrKf%J=lUhzLeq zvG%r)&Z!ursR2%{i+APYfg@}J32KXhlk z&cKA*$^)-=UyrzKEfgx2;t|V1xn2JHj>yhChT8XTm3$_1m=Q3`*^T)2Lna2Ig+J@1 z517#@C>@)qS^jW0yD@d42R_!lXFkc@%e6iVn43^&Qkr4Eh+B!tgU>&% zO5rQa{9Z5b(EKuKaU)QZH$}8i=9gtcN``;EuC+eLcXj!rQF(r*udw@2HL7>%kYN}x z2sJNpOhPcWZ0_!{qQ7o)8lNdsU zn?3Vsa@XVpX}^vI-d|A5N|h`yZ&`}1PBA=_3qhLwo|^s>@FtZ>R}QiJbxs({<>(bo zT<-nek;Er%vP5_)i$QnJN9Gm#bycV&{nmmadnY5`8C;Xx7$EnsS7Y%-oHZ&su1y!C ztkEO)1IWB8RfCi?_bdo!;&|lH@8?&zRcRvPig6#z629yQr7~1|oh0_oe#-HYIE}eO zvg&>bH=)SCYciNvw)62b-7aC0E*ZFMYLaAjRX%*0*MppQJsVI3ZdQ4yYqi2K+ooqh zeaVV6<18?4u>x<_Onifn1-Ed@4Vj7z40qu3qKvf9}vDh5`HI-1Hb@`GK8tJuCWT>N|vV z^Np$g=_Oq7<-SLFtk8}!16`*k^|`?HdYP>C{HfBz3@!U!_x(8#!w&+`NRWq#D+~%s zD0yl;N6!04=tEB&bCP;8x9qM78{COnzxYSX(;f>xAsc+FJ|@;;^jgn7H}WYgkNM^|wh{P5NO{XDo2_v2u6*kW*;^D76nBTWB^nq9-dWszFie%GWG;)8 zr04Tm2Uxff6_vIW2JJz3UazePMXa@Pk$w97hhkSJu1HP!g?ZXwa>3q8n*rG$9 zejf}UGs}gKrg<0*E}D*L>_=*yNZNN$DVsHvCL`qrdsaG=BB(Zs-h9ez`B@A*D%fG| z7U){Zd{vpp<9WLbXEmr=9fHGkF)}+?YaKu-5bz-tX^htyed$U5oz{%-DsyxLJ54c~ z%TzR;bR_27!1Cs(6h-^S915U)Hlu6mb`Qa^D@5*>pQS2lzv(kl4cyH)%mp(62)$G+ zvV7iRp^s3phLch8A`vnRvW}{r>kgC-5|u3NatMBaD|=CqfS)8oYL~QD*-!_chrYoH z#~2JVJK3-`=G%J9hhl)wt!bF6TYQu&UnIDOy9kUVtFjKn1=A=}Sq0p?R8_ut;K1t$ zlpOF2>Fe=H5uLowgZUUO>#Aj4)3kA<)voa^x|9%WY`-{{y>}jd`v(^ctFaZGG;^Ye zr+OLRUelY^(-SyOfBCM~^pRRxsz^1F!8!j#VIb_!VQP$mDICm+_j_q0U0Rc+hSn!s z$28(`pM^uS|6{|y4{-PZ=)j<9hv^%q8%==^3-O}Cj6bf9gHxjQNRWoSI3n8kFwYXl zJ|8kS&?I9gW)J3XmrktXc8^zID{Jn>8IY4%EJ7plJdxH=3huc1`MwDqREOO0par%D z`u4{rNttXA6!1BF@N32g+9%H+#jwQ)>D_;;&^q zZqq=btJ}RmN>s@YO!4bbjcI^mW;Hl^-R6iGzi9PZHP=o3U~^8%GH^32x{U+t2wu37 zTQ3(LJFpnht#=dR$d}Vz*S>+>{F>?qzjDKMle@qneKXpb!gAm5J-G!_C-e@@k~-?P zJi3Q;O`j%AvyUfpQr#bADA=-#-+h}>-4FaCwj*Pc03x8OcVz6@?-J;SXkP`YeU|HKkNk@M*f0j(2V+WQ|&b^Vpk&u5tBtgDl8k3k5c z9fs4EiuekFe%L2@e!Ulthj7tymE8AU&7aY}-uL50h9f~nR0MlM!OT;caNjNrt zy1i$s_v(`GSi#QtxmU4pa&J^6NQmF!P+Zdqvv-2mtglc#`RW`(7)?E@~r{BHk#7 z!{7UM;%dW{Ki6V@180$K$fQ25NiI0#=&?wPob+JAT9qc(+7$%c!4nqVz2h4rJv^|;mAgIy;M&R7=w z`;j(CVrOl@lV3d(xbE3*@(o&q6yJWy2AtI6FP01tvOYAc6NzJb5eKo>9Z<@=1^_r= zQHr!1gGpZ*3N5D0Gu+jZy_S3niz$VF}P|Or)Jrc4$)VY1U7F82z)T zXxpgZ7(Z}ky@p>XGl{WL%DMI|wecp~F~XrUpyq6}`Q5ww^=E-GMXih`i@DN_dPBK+ zx^<3eeK8W83J@1to8QQ<#K;B>wlMB)-!`g{QE<`*A>cVHZX)H&ck)QEY41HN=V54O zKKxm>nT~0!?DQ1G7dKjDMOlUPtO%7)jc>{&4G$3|1M`w%+mfZ16B zj_TXzr*GEDc5b&YyXzAFnJuQUd`ZuD7qk_Z0Gyjv$Pbg-(t)sFvDwv4Y1&>BTs2+a zP{?&lqK}T5@hlYoawx+KMlK?!n(W{%A zb&=lQ`TFubp63EA!-`ziU!PBqcjB&N(;X^~0w$#bOMhZj>!uea7}w8XgzIS7pIEn= z2S`4NgF%Wd>`CB<4dvJ=1^gtxytmwT6!%EFP92O?u^i&L{Es)pDOSu=BLReaY#s92 zf&TqWJ%dOXv}4Y4*NF~5GW4#GA#j+@MU++o?m;NIYJztn7qLPk-`R#bEJ$LdQS096 z>iJgrJ9IG&Z0GalXUm$l>0uC)8z&bcc@L6iQ6gVtF8?g_tPE5S?m-EjItn1D>6e{ zKAR@{@H=^Id*4I>ze;AO>&>T9kAYgX*lu;6da7BjQm**YdVf7IKFjS-PdPHO>~7GT zv8*hA{eqb%o9l?CP+lWfIDbjIOc=2<06+luZJ@5knn(B?T*!sfG-!_gJ5b;$xE&?G zx*NF;dQsuchBcaEWniv3~@)O%kU{ z6{>O$z4%@Y?Mkb~-XJZ}thIHlj=?ThD5ZnekA3gP$Y>fQB1?RpqOD1^@#8iImHBwz z$FxT7U56)K=s~@{*Un#%sf#FPQn$T__XY>VTw}uzp{-vt zqOTkJyx6wSU4`R6W^73!xsqrIa7FH1 zJDP?~Oy8RM=V9X)f@X@!*#OKMI0hXN<$7WMJ$9a+_Kmu&8ly5x)HNTgiBT^_ z=Y$)Eie!v^#l3U^`&tWtVq>YqI@FVDpsfh1q8p+J1$a$A9e}c+&b+Q17oNZ;VB#c6 zJP{v62FbGU?WBcZ`Ozm)vWSjmB%Mwc`izJM%a|orX%~>b2l(>o&W~x>4oum}aado@ z8R{>~H%{{P1$hE-NPzY+XucV|d23UCzTP4~1|7diinW8}T|?Ioh;|Y4ympyu;S({i zsfQBP8y9IL`g18hk#)Mjr(=nv9NzZ9xFEFXrMHR>c%VB!9xMHEr@otU1FR>Mi$cow zkwMWIk5U)a=R3Dyk=2BBuv_S?wCMpNjB@QGM2VUkRoC5bC?J9L9Ps-&smH^#aCtNBR}12B9f zFQk`zipgWgzFhciuyG?!SM38TOVUeOi0twS^(wU~IoOIf|Jw+12`>B*_~)DlAF-1( z>rK7-QuMxVZxb@Z^92*va+%>RtSG7Epz9bgm# z#)Y0|kcY35O!~gO>>6p+O?BcIa ztjFY|lyL$lT69Y)V3UTCnJS5B#0>prb)6*Op}JC8B}>!O_*s>PJmfh1Q+fn^CM zbaD+_pi+hEZSy#%w6-M8LJU%Mk~vSE`0>xdg27CR&n7!xvO{oE&ZNPr^af>!`^$DfW!_S;e?u2_OXI21-K!uo`(s09Ph=#Gi{S?akhCR-~;JH=6fQ zXJ}Ps((Jgy)?Oy%Cii0GK5F5|LYW`1F$*Ud`XEDEE|^hBOfclRG15= z4x{72!oA}kfMtu0T4UVpYEf(l zI1B4BCH2c|9Bm`xf($|=!E%k{*tmb}>FhDYE<)|Q$_DzmBoLl{K{vWd*XMljfCLXzF-9D9rsEbd=W_-Rv@lAaUe>q+BY0O7e0*j@R7;-!tgZkl)}8Z zz223=8}SX~UVwJ}e$Ym(qrFwWfYS^W4w|*~;SKV06mM!ryP!-yc=-WqfC-iUBnQmJ z`i6bsy0tLn=>*RiZ5`UkcE6ICz<3<%9t~QibOCA7w3-kynbCHJQu!7-*g?*oqF;0` zzp`flMHFFJxlW0tEGq>67`v4Uel$s(p{I4@C4A6Ruts3;H?T)R*3wc0Vg4w~tkjUf zEhQn|K9#Qis1yZJ@B#a*&-d}Rgtr&(4&NT4*$|2>Z@*;E zmTR3Q`$JdlQMS!a1RNpvp~mi~|Ac%2*aZ|hX1HN`Y#HVS*O21=;za2q^I= z2H^vM%hEx$L4SlVo)Zk9r)4bEcwf5LdLM^#O~?h?o()1YJuU=ERxNK8xw(-p&2mVS zdQxC%T$Dkf8)PRY#`XeQZ7WB9l>ykE^6Mzx1&;#`n`9>|0;J7v09-0Z!2p97%ZL?F z@&X&sQ>%hqFbo&jTXTKW;aJJ}Zk)fIVu-Ux5ku&p@@PtLoUcRAK1RZ3EY7-^4Q;kK z4_8Ji<%{fRmO4L+Z|MC_V?jYscQ7Yo-6+5^(?R9D6pC<_+&>01KkA3LD@XNOLQEs-1{;f zJbsS&b(lw;tDArHpIQs*`r}YpUF5Lf&0Tu@1enm-Z9B?%?yXpvFT|X+O5JoTbXQ4cH#P#5c;3 zT(aRI>J0J$`i7ihpi9QXB)HI4n|KfqQfXi8eXZBxk zu!$|h0U^-v4%-6NgoqMLLmY^1INL0;CK20wrcY0f>NDOPZ_%FR3Om!ub^!#kP$o*o zeQ8tJmpZ?WGVCT4s43znLn)oMKK|D*aNy`qSlzMLFpN^G6hNv+=C5ajZgh^kuA59%cG=sbv0(3`150uG# z*0r~cO@hfg@D@bV%rQpHgd*EuQ@t0mBFLa`?ppAoK`p+O)8gP+m3PbPuYK4XSBnNf z0EBj{*;;0*rvyKRIfpe^8&pRnI+9ze;rK&+$JAhu=Am{1-)The?EC1z85HV7m)iF? zN~^|OwS}*gzq&es$ztk?Ufa|o$-IS9=l4IAbwaXUUCtN%U`u9$Jk7hjtB4cgxGe;8 zJNPxkcLW>`jhdtmF8Ri^c%_s!w-OK^0WuSSz;rpV6$3g<8K^J_L`5@212`gx&JSP~ zS;Za+C^kU0@B!LfO#oADWlD%gkm3-D2V1#`-TR>xgBC%}5Y|O2(6oW|G5BN`M za3KF(Vg?wsfX3|2T4>j6($>_Nt_dq%_|S2A53s%^;+1 zS?#S_@^=QcFT9W}8LmeDtmKF;$UKV8p1siAwOIn_2Et`yp@h>*Zm$E|BY) zbU7t*(@8jlM2LQ_+nEsQYtRIR>D)ez;+IA(rJ=7or{^$sL*T-+I5kKVM(;>r;wc)@ zjK(&>4EobU!;hOvf!!Ih(qzmfe(JONG=6SHR6GgEOROMH;&aQDesk{{ZfhBF;gtch zS^Fh$H)Td;O)?>yy=V-Q`V4@Cx|-BnNjBiP@g=G;nGz(z<&&?ht<6X;uI5^NU~Izg zdI6rq@V_{@Bz>qZfRU%)bt6+c-VA9fe28H zqolpO;erVY--rZcJhT0%^7`!b3-=0Nn^&AyKDQ(-gRF0vJFg#r%LIU}PL{tY7yroe z(xogr^+qgFn-hy)DWjivW{8TnL0%8yA2hz6N1czNXVo{Rldn0y_oz6B zOr68FY;LAmV`aOaD9~%?-Ae#EZrkq8$Sq%h1l;uIdU&;D7ma&_qi#U^G#Eu*yxnNS zq`KKI5mr)LQml*9k3hi3K~bk%fE8ej0NypIH2NBV|&zrIw{BA6qH=N02N+6H1)N zTnSl$jsy&s@QV<0Dz3Wqb=yFJe$`8jBZ>{l!>q1v0FmIThl}ks8Ycb0vV8I`Be4-` zRXaQb@X4@PA>KA>GR0YfK@(=Zh(KmH!-*JNh<1e1t&BEw)DpCrYC{P?;;5I4i6&PK zh!xiJVzJCIXKGt{#>(FhD5XI&x43?mw)f9tL0Q19gB-xv``?>mQn2yCxn&7n#C5>E z?{0$vE!PLqb<{f8tI&<+(n`0ZPep?$a-3t`X2wk1Nt9>fXS3!;)TpguCU`<#TMbbY z2a0{b3RSul!vqjhEaXzksvFZA&{0k$FZO_G4PMX6wuT9%Z(MJEL6sRDXuSRuF>(JI z*&tY|@V&8=U7p_pXsTOy=Yb+(Gj~l+HAoQPQm2zT0Gd#2oYHP+TXpCuAT=1AB|I}#RD?qSo<&?1jGsrD#m;*)W8r}1?a(lE5}3|9Tle!LOj@LVhE_IHBn~N zsK+Q{7OCE%EPVt=UHW`*TZ}Y&wlNKqvb28M4IGr9ML&vnJf)>CgjeQSPQwr$4gHk| z&g4{HJDA>+7^lFfmPBk_6*&@|N*d%u|EVs&RIXA+W19Ew4%WZ8dLAya@YpZ%Rvxq* zBoZf3b5G#$Ugy)*wA!!BJ~_7!&<0gI!QdB1=%+_8=mlEgvWZV z*OI9+fJ5OUpMYNh7x3ibZpWy8#t?ep=-EjHdR_E4i{Tm!)52W7Jtu-5P7D%o+I!7k z0cc5eR{Z{cQg+B;QDlf?9_dUDowANIsF4T@bV!#(6e(OX35<~HClw3G0}2H7j#DY# zf0*g3k`vX%>Z;>Uf#Lpvx8Du)FF+^_TA2GDmqs)0JAVUsfT(zVG)T?vqVPKUN{(#P zRTGGg`rvi3jcYvzJP%;}gtD;@@B+3*IQ6;}VpoU<#st20HWQsTOBHY;1L7$^NE8NX zEy#*~bgnY6=h~;nEV>hFFaWhJ4EccgLnGkAE5_9ui#Z+*cyCtvoeL9c;&durLi==( zKJMr~E^C(C_$Gco$V?4{;cp7=AnOZwnyLtb8jf_Z4lM}UMP0iS>^DjMmvTKb+eyYp zAdLMXum&Lc8)XB+&J~vslJ56*s%FmnNU=&ECh0qQtTz>^Db&`#5iCG#&;JZ@Wb@$L ze>lqfdTIN!0q-a51;nEnkaQ$x%r(?xv~vzNXKtqOK$pWx0_J}Mscqoz+=h?}gEbB{ zt^K@bJ$$-LwSFjU8j7|1yi(^k0tI;s^auBzFgz<^W*VAvYHztpm_q!_6AF_);e3rfP7EIuWClEoV15hMO&I`n zMrj&b=<=clCPY%+DV1+^hMzt-QpUJgWwG)po~1YAk0THZ1vGdagn&12Ol=Tgux;-8 zU|Rt6tfVxV=oq&bM3cYyQvwZECw^7nYgodhHA1Vm7ezkV?~1G#C`Q&(29dG-d>HH_ z$8s{9nUH?oG5mG1-kS`@ek)P|tonK{*$JsN0cDWyfR~AudBj)i zQciiICFr5>Y~=SZdW4z!rNP3Sv1d380a@0;e=G?URNj?Ff-ONUngV6L?78!GQ|V?L?dmBs>zBLu}By0baEVPOk3obK9uLXWlB96~-&(%{C@N ziE1vtE*8ks<59%NAJ7!iLL|^1sCNcnexMo+p1`8LosFe1WIskN6aX7Zd*f*jO#_A+ z!~QVVLfH{u{oPDIkR7o+E5(vTIY=1@KpjoS_rn9ZD5kwp#@g*h4LnWDuuo~B+zC|F zk3L%1r}+_6Ssi_R`Li=tpf1ZcoXquJyGoek;lY(K~tXu=1Fo6*JF45CN;CDhP<;g217@;l~R_U&V{czOkCbfEBY@Ab~s(_9DR2X8pq~ zrK17|1%xU1YAOLMWtY}Xo~)C|HLIwmlb~kVS|G--9H-{fpSAZ}K~^W2SRO4wU5_ z@_?%Y`Jdi`1s%5C{7BxQWH&{N43OKcI4pSraQ~g0y#2by%95A{#pFT%t>g8SY*vLP-^gh`qauM2BcETN4v`#gUqYpIl%6CKd1^IYqTL6Uu1}*|TSdzH;8pw4rs_z4k<43$M zfy}=E@)`5~MjMbbX6%Y+@k9eDmJMLwd)Psi(2p*^-QfOh+=fXiZ6mjaQ` z7En4k;4BR}{l1xG#+$5FNyRyB3I|qq`Tzzh9L7OdyH5(>%6Z%Aj1l?_F;B;QXt{*4 zjBaU`A@s;#wMnxsyM_v!6wI`Seb4azz~v3rL?BWag&_^fSXu4*A5AY3Wx4H)+G13R z<1Bw;=tsfKfp)I%@KYh39zs}0L1CnFxR!b^K6uRy@E9~Ks5Mx(Bf~&s;R~BaqEk`G z&pCQHH9Th~of82_Y2Z!SN!B?Wup`p|rJB5PW`SfT1iYMZ*O0CN;~hEgSHGmYV8)b; zRzPOFb?zhq84engey%v_<{0^~58f?d!g6;&t2OX-mV1FY1DTE7tJND!1(YY0VDK1$ zSk>c>j5lzrcf|z79SkGP8%91s!vX>=TMLZL@i4oB3C4=1?yzHrMkhyegJfc!0c0sv z?C)}>Gs-@M$We&oOILpJxV`ysesw0J@+&27dyO2@ z26hB<#Quz-G}jiJys5R0?+@XvQ_Yvt@Aamj$Q?wo3`Ozx>41X6q)Qu&2@CbNIS zT_yxNE+&w8bLGeC2M6y!b!eOApPDtBMtMLm&_ShCtBCy-xcV4=vpYZpM^KHPMIs5y zrQUiVTm$PA=z(-`3%vO*z^w{9Ee1$RJ{p&RRUKDU89;`Q&Gn1A%=x*1`1qk$+srQF z)3$sjdvMKk);xdd_0vUE??W6Y{%Xv`VhhAmcG$drI{ASFkL4YycAot0cF>#x5WSUM zCkK`}!oQ5zANvd|NviD>T}AV?gDrTc45&wM0T7M48`va*PGd3V#UyaWuQVT3AYrLd zu#V6c;RZ|tiZ|k925ZCKl$d%v9Ia2L1BFFYN*K+TmUfU(5PoqO#r(43w|pqrG;H>% zShIN)QxOUL2e-cx2i9nSHJ-ObE{S72A+KQ+i-r$0zp4KMXY?-sm2z+%0RkoT{VcN( zyay$1>cM3Svjb7*zi08a9@rZZdDNIYUcnlS#A;U?slGe2gO!WSlqx5UL`AKCM+6># z($G+!Cz(gEexUY$M{!h|l&doodsqvK?#vT|TQi&<_tmJ+qF@w-{WMqm;k2_|B05EY zOy}feh1fdniyR>Vl8F^8JO)<>j@%K_f5$^}TTM0uv3r)xs9?ryJaj66^<-Wex zdZu)_?;>GrWg&-b;od+Xa|_2u=tL@k(j+V`wN&VfC_dkbX&Ym%;~_{z`0%qvk}Xh~ z*z=ye<&JYzCBbE6w6;l5hX=ojRHUgm^7ounm_0t|1EoF08Jvl(-<%QoO(X(zYNWRWl7*j z@VM<%+@lnyukDS#Ov5N%4xj2IC(L7GUj$dM8J6G|4F0;{ng&2wuvv+TmBMb}9E=Z` zl)r+PzhmV z&NX^sX9mcb!4wNIo1J^J(%{tgQ({uPjtRT@kUOo?E^6fT(v*Imf%r&I(Tv!Ob~DNO zC6H}IqJ!%Zx!aMNOoDQ!0x|kG@10{%M&vn>3`s{8R^iBePBqTJZ7nVQb z!Bm#L(+~&1jewR@nKP}{&p?|8fi=ox@_YNp2Rg*I)e=5PvyUG5Ey{!BZSSSqZ^IsH5U`cMpayE? zV=;s_%8aVmueJ)mP7yGO5SW$`{*o`*$M_wy7RPydxAMAYgSuL$!fZisfd5)QT!Q(TeI8U%?*~>`CvD+1 zgiBSe^nvjPH@rVEmVrewHk_n zI5O+}mgvNhW5Yl7A#jbOam-dROK+ShGjPMKxDCOF5}vZg&23ftB;+v3=At)pkL_bS zBD^1h{185l0|GZca}o%->-(#Usgdl9h)iIyk0$NNn*-Gc?QG|$|CH`2zaUesYWbn@ z?_HqvRG)f>Zint;`i)Ur_RZ`X{JMyeKz=n^?_f;9P%cq<;ty&CLv@oVeLT>2p@ZK( zi7m;0z#Ih2qKi1|4M#dFb^7)DeG*oo>7V!Kas*T@@*n<8Yo|4T3adh`kYiuEz*7p9 zCbQtz94P)|Lem8S13C~2{C-8suzvJ~K@epnY^x!u$#Qi8!_4~p#NGAwEr>mnn`(u= z-{PeA!2}SyL2YD$ED(ZXRP1P8Z8M@)EsH94aS{51LIxZw^C0uPUm~RO_ydw#sUe1w zBhg&qNj5EiX$-0%S4Pr2_>Gg9TdQwMj;P@bd7%72`XkIindY#b(F(IYjydi(sQ{W^ z20vVo2!kh=V0GW;(o;<7A}9=aquh)ZwFY#1R9dB?h5`it2kQU;+zcdYlKS3>kU^;Vb@Kr-O#oK_AHvxKNg^ zz`~n)o?IIg=}B0{Y7`!biNmmz^yB^lwOXT;IA+&N9sIIMwI-k+620udr9DYocy|pB zUuLcYl@J7I5caEd?tu45jug3ugb*wqo)Lou|FYT`u@9lb7I|E{;TK5-^%k#5F(bgI zdg%{rHY^?}8GRA_as!EtAjJ`wH5FAR-<9m~EK;v%g*S8M|0U_Vwj4!b=r57OBba0| zCi7-Y4km-)>qqpQ(>vSkfH72+RMHJ^Ao7Y-38!|CeL$n%A#XqA&$W{1>h9zik~68w z57h?5Sn>m&6-RyF1u{4$y<1Ha>iyTidK&u4Bl&w3OgQJTs;%#BZC}DCuMmg8>y|4* zA(itH=iERzds?w5ajW$1WIy3~+~KzReU}jLv(KLz5I|7_r!Ma4@TnWOaE0$j#FFP7 zUOyi4vFC8nQ`+Y1C&B+1ykn^=Q3h{qenO$Y@nXSN#kg?1!rmN9rfag}(2T8+3h2?^ zNF4OTg@z*T$eVi{4)VUiQ17BfMLjRQ`;~0+H z*_B@6Z=pI~sg|htQO}(E6xH@(!>@0e6_ikT1h@8kG6l`fWY4exyxnA*gmApa%OisN zJN(={ELb(WuR8pA^_@4eA^yu>VX~P>t0E&)gm3ewoaq8rO~BcJ&nKIBlm-5mI`3J5 z?elIy?=x;VQ#h~py`!c4P?`#h?fOB60`JYD2N?iG>K&->zBUvHMe9UNt?E4SU(QlLgZuX=g+ACqs?zbIDnFgWjNUY z*MeX8JEu+%PGbI=a%dd<9?|TZ=M%#na_o1I=#e)Q58~nlv0utZBAI!0;2BN|$M)5* zY4a3ai*Q^nT;eDT5G9R9jWtGv1*nGtRJHC{{8y!b0FtH=HcL?a`fxKSFiaKmZ0cb8 zyzOFLGrn_(QlJ5KC}Jz#I{Wh*nvbO_3vBav)c@4DYAPxJ1kkc59}z6wym6EOwy3lL zCW3cBM)5GL=qcWt;?QveDnEw_qwew59%2%0e-QnX*{U$b-xxA#v(_& z6?LS@RbbBp6bIbHYIfcRrsxW^y0-5fE8u2QwsYdWY1p%C#w;D~M?9dWNnP{ZK?CSEFi`OF^` zG^y^$Piglu%l<0&OFx3(u)HBHisT+hAzfr)%+oBeWE^nYjx9LwP}M&|!X`}S z&h(WOFDDWYXl>r9VMesP-&k;V{0IK)gF$~3Yt9uYlzc)#`UR^x_$3!5d29bxmh~>b zxv8vD4FNjlkZ#5~Kxg0kOOz#JX1h-@1OmoW0T2}1&>K#T_>4%n{k>$4pW=7oD-BIQ z;-nicJcFBjZ;A}HxR%BaNKd(_xsYZl5+0Bs@XTxvkhw_gR^9o6bpa$J2z&$d5-R-8 z$?xmSo<@F`VMq9Vr5_Jzdj;G5rC9q#HuhcZl=i`M;gPb2Qf5N3pFH%AljlF2aY`l> zNbNhyMSHgWaP~%hNb&wx+gt_HAO7#3B?`EAG(2@jG3B0mK;s1^s^^%e2d~}in-4_}Tne;0my@?8V=Z7t^p&@?IIIQK>n)Dbm{-xe=dZoGvA`y~Ji=32@LTD`mL<2ggpyKE#0I7yF2f@>*s$SEn`cfmJgQM=jl{Jr&LY(E1=XIq+W%VG7zMyTh1Ir()fE}F3Njs|@-U+xkvTz`YJ!yubaxZdJ z%o_ism0)vqKf@pUYAjDj!J#pY!ZO@xFmZiaTLsEx4}FHekOMdh*X#vJ8xQz2NkL0v9C4 z($6;KT^&W9>+{~k#kM5yY&?K4(oQc(SxPv24|m>yC-XbJ)NkC%$k*}}MR}zmTH(aB zoAnmM3x4@jICJn^2yX5%c%S4NCB2NnU-^R9TSe+(`&fS?=1?aop`t*iux9Zgkm&gj zscHUhk;W8ZXMUG5YNNXzy~zwwR$hyr7g5(%Umj!tc(f=W^elHn6#;I0VQ{2s#<0y- z)4%|1SPJDejsb|jj-K!duts${bTIkzjm!}S>lV#-9z5>d$qUf$oJ>@$2v#>3S+obL z0E1Eh*iURgr|&}guYx7;T=`cjzonIU5%lFSS;KS%lJX~xKB#>qh@XTiCn%;uJ!iOt z1z4AF&CZru!=W`SI`^Vj!9I5@cKD6h_W`-Dy4@5sV6x)&)yYqodG}2RSa9oZ&07WX%mgnhm_*b0;@5vi?e|)Sl&+a`XMyUg(-MldzU&TnQu`p2 z7F{4hOR&e3B<@v$?n9UKn{77VGh)KmeKe*{7IjZkISP-VANsNsWA^IoU>As;AYZA3 z_w~M0MWm>f6#DTq%9I)|nIv_r@4F!G1!p>9p#C+onK zu$IUI5S1~c9U7$*f}a9$Cv9B1^zQ?bv0Jba(2<-X-_l;4Z3&%VTc zDd(b)7=Qx{R1GSsAgM5irtS(bv)XMaQV`GB-sYWGP&fd`lFE4%Z(*2(R4OhJ5Phv{ zbvpOp^7Dzt(B1{6BBun8k3P>TfX0iCd4u@d_vk>q7A_C$M&MW~(iXMwLH6+8pCw3b zPkkfbA*H|@Rseji{4!;h_)z^AE+}wUHM{E{<9UoX zF7#d^g)n(Ud&0*0ow1d_q2BL{YH2Py^Pj7%V*hnzQ?nNlC%72AgF%jrGAaQYrvrty z%7emJ!@aYRCp?SiMN!H26TR;d{K%lxN_0ueK7}Tp09_}2(8)ERl=+02#uITvClnI# z(YXDLka+*@t?`e(M?4#Npw9yHj?X_0WJmNX9JKybU7GpyYX*b|jdO;L?e%z6w(NZx zBmw4f=#Sro9d~6k;ULfs?RhSN-tQ(*;uACq=zi@pQuCn%a(O1a!tm*jwHd1Q{F0Ab z$XLR|o3kRdi1Tr-Wq_SEylg#}bSZQY&9L9!o*fVVD4LvLwamnli;dO~qtlo5q!s!i zGAQF>R5rVeBXC>&au4nh0LBhSy}zI0hsv672iyQyGP#EcM3g%bf}bN331~L^))^JF z-oN{7tTV}v2fyG#)nHSF!pQY++zTnKVfWzN$Yrdo5Bo!L)@%2$){cfViY018rpSJU z0{bJ2At?CdbN_Q19D6JhnPA_gGBH4Ah=tW{2~ zAptQ-Sr60W-pgjDv1{$Ob{S~J0Q~%M zc)zp4{KbPJ@F%brCR)1I>sr>96|4|wEm_HnIWL8yf7g)n!mJA*HQ>(PHa+zFI-lgY zxHB9T-3v+hW9U>(~Q zP-JaXB^L?v-T&dzJbxd8Y;n!jDBjK`6xY`%fTaprC3jd{WQx)f6^-pd6 zzitc@cpB_>B%cFpzVasTWcC1^&Jp&OiKv*z%LZl~KJvnvQv9>@$5AU_#MYK3Eg#^W zuuyTP&i6~OQ8!UCCj*JZZWc7sgvhsDD_fs3!zlaXz9~xkAsn{RhaYyhbbK$K*!@Mv zY0l!GDn0DuJep0e9!0_$po5h`zmRuQS`8&=HP5t39=~LSw($7FPmoB3q8i05aF{;- zUKQK3El(TI6Ed7jHS0oCOQf=zT+khv)9+c_{yxnN5tFBLkV>M=3j?VZ)}qqOD!N}f zrab|O04!Ed9fmTz4zKT5tJW8Il;?e)dA_K(lpGPHoCt!Bj zFQ8e}`%VG#dIJ3l9a0Ims{Xdplee>2&x1fAyHwPj2*aAl3-96*nu_!jI_hsBb>J0t zC9q-L6a=9QcmGZ?&B(;P?tB8!Fu}%Beu*|czET9b*q;;dT!MATbSZv7zDg`5G(-LH znJhH_VsW~v7B?YcRg3h!Sk|0sRQ$yg?n(k7truuXnd20F@!^$|wZ^NMT+8!H9Rb2>!jx2jhn}fGE=; z&oOw?pGM$D!iVSXxPE3A>lDp*MzDpgVpKoY#;$9XVzo0q%%59 z9f$IpOJ@l;oOcKs4tt6#smTv3Qyc_s-3kz%HJ_2Ykqw!>9kj;5_Sur2G4goeg224q z=%&-4ZV&k`j-6VfB_iMeVtL;7;>g~WU~nvl&T-+WmA`&BE<#h~Jzcbef{=I6C{!~{ zpep)D6NwFwIxeoOuQFgP$$V@f`YJ|`D*SY9Te7}IJqKd7mjy?aO+j5>HP@`830LzyfB`yf^F&c$Mq4lk51aF7Nmwd zqIS|(FOV5X(5;(I*a1z67DAWP&%bFs>HZ>sZYpgc=WoApQW9J4wS9f>O%>V^2D4Yz z6bcihpM8Pv?hI}op)HCS3mUMhzqKriE6wAW?+YFDc`d|o(5+ViaHS$HMG;InP`Xs6 zc^jxW#$&GQ3QMsiERnoud7*0N>zWDzz>EUx3rDNad{HYMPSkJDRpAYXcTUI z_=lhIo>G#fpeWg}Y?l)J`&tO{TMP1#3-iFnoAkR2B(LYbI&U&jfLNbn*y~L~(BMf_ z(?MAg<>hL>_q*2tRSo!m=J&0vnLZ87?i*dpi@ECiKq@(brA6o_*<)SY7YFw-zxVL* zn0tVJva3svSmZ^GFkK>XZqzbw?sI56vWvU#1Jsr7rR>{+z#=_aP!1fSr=60iW^6m3 z?#8P{(--4lHZhlaMjq2KjmQUh!F_c8TH%qI7Zc!)2ReIu*)I|0Y$`}tjv$jD95tPA zv#)Z(yms+GlUT0f3AMTGh6hJYbA)ZL+B6ZlkM@uYzGjrxe@3Hu93?N`}q z8l?0RC?d-P33UyggIq3Pzr)!*XyD>B`OQQfsv&rEt7O9q(mYo0DbRaz2jvrIIwSy} z=%4yMAAGR;aR>q#5|TgLJl@_MD6MnaKIWeL1OEGc1EEX>vo}o}de3CgRw}-h7K-zo z-}mj&jShCFvvv8lj<1EyfJt6Rr71wp2lqw(L^hZ!eFEqaR ziGn#@jCkg#x_;=3YEdId=RWU6oz9vso9*V46ok%YbMj|Ft81$5a1k=`6GJiZ{wBfx znL`WLek13l;lW$E*A#aYWV8!e22K8Sj#l_>J2co(7px?`aHJ-t+9 z6Cfa@o|>`CCMzh=)g`EcG|by5`w*#n1$D5uuAGS=1n>1h5}kZ*J=A>pIBM^U02rXpnR0aRQ-v`8qkq!b+3IeWVKs(g_H}U zq0(NmP*>Ck1^<|F!A?%>F2t#Y?}zlrw;!lOHsS)Kk`M1wnH9X1QRCe_L0t9w?drPu zNFTrYL;`#)f4hr(oe-NdnA#879!V9W3>$e>ALC<|$bu$Pa;lJf z*eVB<85Q~md`|}M61ha|9^SK~HBm&>E^#b+*sLhm2kH0oTPM2*lYE(4A?f{7nF5a8 z;nncE1lXhsz_K3Jp<-J;8OnR7ns-?}E?QV$-P!Qw8>%7_VEU(--HmktIUo3f$vr4Q z8bz?dLnHswj)j%&8Txx$Vp*a_8=~?`bdp&#RhV|FcbEp)X$LLe^8uol4Bt`S5IXz= zrU6Njj^{Sh%Q3!f6C2a`#9N$#{Ko*P({9NhC&8AD^y{qw zXoSF#eBJ3Xh+BWJ6MPoncd1jIjIxq(tC)9?R%hhV0$aLUOT!f5-!w$Nzzdu|eXpRt zHT*B=AaoN1lq?5LHjQvam-HMw{344({Xi3|FZ-35=GRz-4%szuc6m`@_qW3pf=fjC zOX55uFA2L0uoUxyA`4%%{NQxzodOs*Xg2;?LHU4CC8{1KE|TI9yB_TsKhvaskJwLn zgKYz>Aa{ypm4LOf0~@4P`C!yzy+p?0v~`q$rt;#e>{LyTvf%!GN8tw&?^M%d*MzXj zq8*t$ad0pwWF~_ryJs%Zd zK%$?^4q8+iMH%+SgJ>6U+UBM6P)dyl8-yHSdvPKvRPysbzSqrYY< zU@NTDi>6;dnTi9`3Wc$!A2F4X+Gu3`oF2i3myD%y3AA~UpF63shE1<1>fQ?Zok7`4 zB6nK#?2`)bA%?wW_m1;HR&;L7gu#J5)J-jJ(>7@?%Nm5FO2@dik3yhkEQg-Uy+OUa z2>_n$nR;hoss_iAPWUId7w#>^-e(I9#Xnd!H0#BnhBk?%%3vDy+8Y`$FH`YT9~8^_ zjNJ%Aj8ug@gCdF=&3h%nG3v{`7xynNuUtfYL}TH+jI?oSImm!tVGA&JXAb_F)9w(o@qok729CDGcarNWjeo ze0yM_oj5txpHR5{q+H~Ka7Xd!;=uB2scy&;76B;+=t9x#!w;mFc__q6Jps_MHf|rQ zAN7#2t{!T+$e&CXlW`pa6;J5hqp4(p>kgdsoqhvCiH0H=eU-8obsYvmCF4mXG11oZ zs-%_T$58GhBXZIB$Irf6%ABrH_Q;m}Hr>2}T=0CGdjTeNxt=PEi^3VBcgiADVxZ6a zUK;z<6q-TDVfUbrX`+BqHV&q?b)R z{QbVy%jDpB=!2s<@BqO-Q%RJ_26JHo@yqPd!6cBIZz7mx8@351hbw#I$VoQm-BS_wFeq1JMxJn zUjE>miW?Pu;TGw^8@!x2#b zEAKtxQ2bCZe1YFco;#MS1KpGqKPxi7BkgmP=F3O#xiWlo;cJwscx5ivV!Fh-j$jnY zEUN2k4%)V?_N_xAT{h4PImK_`K@hwLcqdxUq!v{Mx^5Y-V*pk|p_utiLc|i4)*GR% zpKbE?1<~k&uJh#RB5|g@<{N#M09wg~HQK_hIK^A)+G=-dZj|L-jr>+P)*wK>fxlOR zN~-zy*_N=*5Y?g=VDW-H6p)7UTBENAer2;rZa~E%l%d37mcqF$d#*md*$3Ap;O*rf$Q8Z{V+U04j%~2W@WiO`NNAY8SKI-sd3~@S zwNbiaj6XF)G(5MYdUzlD3wtEAEBv<2vFOeW=&tGvU@E2-(0DQCjy&!Yj!KG>55Ty{ zr>1Cl1#;r>Nrv6BoMVM*S6&_diYY%>uYMEDEeI$9gL3gjS%mM}_PwKUI|eSPu)*m( z(~)>^#eQe%^S%CSvJR!WY6(Yl)-rR={t>J@poV*BL3ByE<>l z1Ys^$zf~rAWS>`X7_1v9h6zD>-}H!YM`cg}918dl(@Uq^zK&S^#rGKEJFx&_|Et4v zq6c?Ay8}8aEJZ68Lc!@z%r7}4)NCxy#vTEY{>>v$*=Bo?#s=@J6O_2`^cNImTQ1>Z zYe*37bkF(0W{Jt%W799m?H9M;C+cAjfraEx6hLzj!_W_C;il07po0~REh6oX#DHuT zEa|1o38-$03shfVHQTa4{a7iSnyJQ&fI!#P4s;#+05lAmJ2>@H&oVZtr$3vCBe5p zHrM&~IZNQI-3`P0#S(EL^BYulov+}140ifr*1fz7qbd-ff^#p_UZxJQwt+r$2pbCH zx4yxLumAQ@{78mIHwoBmfe|5C7HOdlfnEhmz4?+yyn_u5ydP~ZfK%z*7Yp`aesjU% zaYm+cpwbPp-$@5D%4sI;DZKOn2_n$BiPZU48~K5fimrbz^{ac@Zj0cBAs2RvJR;6X zxn=|4W#vfYn~=LF%JHB{u6uyqy?VgLFi-hF+He57j^!*ndEatkchnAz0FP>lF9^8O zup$=Adl|@c;Vrjvk6YW47b5Tsc)>3(Xk2r~62h4mUww}Wq>^nzXdkWkY64uUA$Ch z-)9tx+W}I?actI;h9ux?dqscS)TBzNCHTVTI3wZorI$Yid7VGqdk#3T zQ8j+$&s{r#7BTzGKZO6=!+X85q;~{XNs4*u7r{2fX%8U6x3Q)fNnq8rKobp|AuHaD zic=$g184s=jK2_M`1W1GT$TPHVhmu?0GJFZ9I#H{!P0_q;TF%1rWzA+9l);+PT*@` z=>`r<zd6QVNexU1SQ5Y?NRnu7eZLee2>+{S{8k)nsCjBDte;~+s z$TKLUDB#b=!@i&2+*7We!iBGgIAX|&ptHs>yvM8Hl$Jxe5NJAnfm<;s<7Et}EhF%z z=b+n<<@!B-K0tOs+am-6tdn6tMSFNQ@p5*Q+6MjhJgOH#uei3_`lpPbVTBtrM@h&S zH%UChhW%b;1J%>VHCeeWEjMzv@fS$`ezL~x-%QMc&;Y!K-PgO~ z%<3mrG2?ydWj?A9sd&|!Z59q1Yl zbU-fgduFi6^o6(qD%Q|s9E9dTv$`geP9<%l{5{FCtASdUJ}=;*?K>T3F>nI=AXWGF z7Zl6;(Lb=P-%>n9K2{LjiF{RhuwwBa`{;-dASKXwaqM(Lnip46SjSjOV?5T$7fv=J zR%$SsC`tGIw{%i4#r@kVRF8XVtgcL_MPVcP1fh!wtJ!R zRs(Cx&%k1+%8~6U)Qhcl!DSSizRwT1)F%A*6^knUda&L-SOYxS!S7^&Z}uXZ2Fkeb z;M5@$G`#{Naw2dj@RJnAF;v_};+cI41FEFaH>q%b1Yu(8n2W(bzDLcJ0PfBj0y4UD z$>U0KTF?aWWxPr&C*DO@{7k2S%W!sC)NUYT4I-iauFNAg4e94VxeZKQ(-gWciaN{W z6Lw^v)IHEEs4G{RaZf5Wxl^y)pp{l$?V~r|MOi;O01(db?0u(D!5(Gc$FQ&aFA$5E zpxRyZcIqe*un4q@ghm8UM)uV)Tl*Ouqm9X?ETR^=ZAhU45#oWuv5?_&7&v58k}+>l zKffgqk8)%d`c>U~MPB!&%3_o{=Xm!$`U)Yuh`o=|R~^=NCSg116`V+5|1O zhVO(tDeb&$lJ@21e}iovL5dHxGR=NRRVRSv{sJ!BaJeN~_se7roq)a}q-Y0(N>{F{X zyl(MFY16>@%^uKWwJ2Y4r`ND(Gv#md1RDwOXE)N;qylP%2f$q-a2K(m%l~~F9^oXw z8k51oHmibrI~OpdDa54u3Jav5I`v+}v{L^D-yQ@qEmu0+TFJJT4kGb5jAqGWdp$DD za`&wS>E5}l$2fRWf3h-8-0aCiH3!POAawOfSDep|vLH@zLzI4yU~d9Y(9XpWg#+w4 zBc6$p_(SVJ3odlU;{6qJ5$l}$9tSBJn;>RLCYDv}zMD=Na=vA&|AM6fz^^RrDBdK0 zndUW`E0FU6ZcKk)v^*fe=lKzr64;KPI|G^?p`OvEk!@H0vYtBV8)PQv|9%cvRCie0 z4zl;49iAPZ4PJhajjjm;z5(OPXrL!Izvr@Ccj zrG`R+cl$%UHd-SFW4$>+;EOa_bjGA$Aij+zBZ+h&M&je)L69)9)Uls}lMX@L5nPsN z1&%4xjCU)Cz$NoXh&+gwy@`t``T;n~(St+U$#S1l01~z4WkCnx0s~-=2qzaPmk%-b zDC)V`68JlV>7@ohq7WnkU;FtMfGrExr{LKHojbMst`ty!&vZ6J@i}5`L2pPu+!MF# zo~Jc~RMR@G(N}}yaMee6LR!#gSEJGOUS|bhMiW@>whd*zNfgjL%@`**?*ZZKc_fvnslb6QzcRff9q*0kQ4l~&O>)jpCR-S56Pc^3X;^{nl#r0 z_Nu%(EnKZ(*`eL-ScC%&cb>1j<(2^o$tv$`K-kd0mxSw77g<4ojx>m`Ceo!SljjkaWrOtem$_4nNfq=OA#*Enj znf#O)Q1V4AI&0Gr#@^kF|5Jg2!1FzI zU_=-qb25WLDpZkLIR|yOss8#~}|M_}`=6(o~y`7whby~`58$O3~dt`xPFz+{?Ky#tzjQkMw-0RRMZz`FP6dB3Ip;Oh1U*j!4i6Mf(n z*fty&q1`(04tha@1ioha!lK8-SKG6yVS@#N6)YtK+u$mf6x^tT5Gq++w}bIeCNzqb z$-GCk;vg~oUsZ#1UiHZ<8eM@77+4jYZiBN9NNaf+kiHN7SH4e>4@pzrod=-lCCBXk zKy=~!Hj+AkR4Yg&+0xX>vgqHPd(I1V6n1la%b0QZ(&?FY_x;hc^>^>cl1hhj!0*-& z`;9UvRK_kOKaRamcer0{^8obQcf%T(qc0b{tQZ{gvtLhsKC}QE50FG}p3Y&+lv0YV z74`s2MCP`XOaJ2DWMBz0Vu60ZCK!+9ER473Cx{GqTLdycLrK7e9!$ZKh~?h#v&@?J zi8H5R3(`1&y#aGn{ObUn5m2%XfD#V4Bu(Q$hsXsJ=SkQeFS-gq5#EE%m;)%&*OKz> zJ=R=E3qPhP@QLrpgztO$YNNTiOHDXS;Lrx#jn^lhZ0>%shg`;UUDm|eagYk^#x|EB zn*xn9V0`J?yxX9uW69tf3oovoMD(l0=wNy0aSTr|teNI{&k{reK?4fP7g7T_7btWx zaBKHqEq>j0oIO0jL;3&}E53AaHwQEi#fHw`jxT*fPFyd(Ehecs4K~eqO@2-$AUltokduHO;&Zqv?jF;-|wvRW#faj3qFNd~(VAzTe7 zs=+46XxGI69L_nfJ)6+ zS5r~%z#fM;e$%l%5-^fug)&@#&KNQV6wQ6!$Tip(0V}9>FW5(3pSbB(%(`~|-dbn7 zqazw55c-+2b0_}El-;A$Z&#W~I+J3u4^Xf)>x%)oRs^CYw(zU=(m|t&Yf6^+DX8hU zq>k^B6)qt3jbnriq#nkCM1b_%yy;%1<1Na?KdW|bpx2hZ^4GI72myGV7{qRU{F#q$ z1m@G}{Pu}%bwN{aBVqfjtCk4F7dap`5>)*#@bt#W0;S3~Ak9-zg^37t-wnK;i#t_+ zvA+Za#9rg@9=-Q5IVs2xk*pym=#J3egqFz>c_KL|SQ5$WLp>0Vc-jnje4cBYG^PMp z;dfnlh`>VcOe8NXXGz+vG@i9MeFxvb5(wrd7XN5=e!r4$oOl6b13wRfYfHVg=wVNZ z|12u{ROJdJZxJ)ia7DHz%#XHtk=XI|8f0)Cn@%`i+v&+=Cc$e_Vbdp=FFj>12Vb0g zV*xwUki0#X;FB1N*`KWs%z0%fg3PqRXdOCXi{3_OIX_GbjB(wxsG)=5ZvMGC(`E2W z-;SvaP~y&0lLYxA9k2$peDoMR%5CdC63Zl_50ICH@pHNWXUq;}#W71|`f~?A#v9Qf zGT_R_+P9Vm5A@-8OF2KA0=q;1b~P;LaAw|?!I)(55l|5czrWycfD&9h<=vpW?Wf!s zc;jVOs7w1JNm}2}N9qC_Hq1h}F>)m$27PHTEPL^@IgS8;0B)7-wsoAUPFRg zbTv@Ao!0|Ubgv*2>R_$Ksiw|Sgyx^;qI$z02v~Tj`%*~ zW@a_v3w{@UbYmun9rKh_;{{|INY?Kh#7|YWcuqIZke?o>@`YXA2&TY91}H@^aMXLc z)gC^k^o9ANHK5=)9#Xd?+7RPdw!Gj1(hn-xSwl|KT{D@<(zvA5ViPHDDzQ*G|6C(KgZc5?AzV`IF)DCc~U8&`%?yLUZ%k z+~baEMLi7a2;v?8#V0a>50vzDlIJ@dU&9>26U#Rk`vdta1-;{jVN)*g7{t-qWW&G> zS4dG)6Deq6+6vs~pXuP}h74-KM^<+uy znfvWmkeCAM!@SMnKRqJVq=V+w1&>IUT+hz{pnG@cNRed<6a^vjOD)Kg;c{>XgIPOV zC_7e>F`$p3!GB%(-O~MA&GBP5mhyC41q77`5}L0bygpW|C>np3o`8&wVRwE~ioW-$ zD_4c9n@R3=r^@_gOjJFx^=JAsww8b|=cFkIwjOM1IaYJGH(%tX3R)WjV;N2_%rP~d z;H{vE#C=xYjU|babNsk`i{a`L0YMo*^*vDjFMBmw%Yu0>o_TT*|xSch)w3HH}2pPdPmHKb(_G17PugoE8p zc`1Gjo}R6%MCkW{u7qf4Fr)aL(*p~t0M-uOh4$_N9x0UW4@vQQJoF}i84H}J>z-r&uqJ3Gpui_fLwI}NT852k)#P~m*j_tD*7 zNA(UlY5@8K%EW?({MS8R#xN!KS|hEmlK!2uJQXG4rX&S%hnHKXE$IN?Iw*VuKNiJY zV?#l?gu%~?0u0@9++}NXl56VyigVk&7YX<=(_mQKOpo%O7TdAWQ{Z~QD~lN^6KiI! zJDn-+sQ|(sv(W0yP}c_{xxXQ*a9s2z{xL4!h@w-bzi5_ z7QbRd3moDx4~ohFl9M{k@0Nx+IjnyruW9L%rhW||X~^v{*oag_@on9mX|et+4;Bft zV+IlN1d|`j`yNFc_v+>EDSs2w(~@-hd?bp#SF#XoDq(eO7|znJ7xVkU8)zu7r-KQ@ zeWI0{4)f*=`1OvaQGh<_8+=A78XC^uC?LSyniUchY*$ zdH}}2B2O-q;!i~kZbUs{fI{N*Le(z=&21J``PX0cEFPAa4tnN3p)8hVS@ago95)^e z=C4o+DM}1dcwWD>0u=3Dq+}!lEQGvcZs><(x7q(;K$iTG5}PKlE8#C4P`3mLd}(Ca zyB{>J`XBYBgn+J`5BlY;FsCI=1V>)DV$iZ7yDkN<2K%F2%+o-L(GSGj4u6d%8y5@P zntigRk!*0VoLnDa65m5$En|{MO+iWDa*4Vju6~YjJljLvr zYRt0w66a%D%;9qvYF}#uYY^X+Lf=^5(*)zaYTBvYoxol?Jpl;gv0xBvZu~o)Y90v{gWpDB^ir-+w5R z*7hP10RYFl=?i5?)PIs7p)v1b=|R-8Bh(>c?0G>~lLY`}LiD+xEKijNG1`7E-_t^k zsb`dU6;JE0JLU4(4^s+pNMq`Nqh@F_9Ou{T7ZGSuUn-s-Zb6BNG6)J5C=3Yl=0Efs zp+xHesk6@*(+`=@OMk&5uu&jkx)xxyp@s*Vvad_lK5HdO2H-H?Vxi;S!}{$rGzmXL z3t8u7(F6&0AoujK#4hi}6$2X2 z!nX6?B=0Nq&HSnJPtknALkj5dmczX!$z%ie16o_IMlASx#Lt3-yzXEw#QtylP#a0# zL6#34uq94A`K?rVHJX>-wtKZ1>A+4ldwGL6N{cG%Q;W#}Lfdb=6REcHy zo2pbzvx0}B`cv4mlg9=(2*y|)&i{P$=Gw3+6;n<$8&{E@+dzs73B(GJx$v}HGbi+Q zDQk+Mf=|Us;xg<2Ceen zhVt0^+@eJdO@o`HwAiJxTE5Y2aVyvlcWmYG9x7Cb&4bWToD+dU?SrZfrvB}MRwy1= z2)HO_4WTm%){VJVDj)PEnlmT}fI7`g6b`tVTn?xt4y6I;4>mn*fJVCYJHaJH9l2?* z(2a?IEqzc-!hiZd3Mnie5{y6IV2){m_5SNM*s-u$x({^GPs{VVXi~Y@w*NIFltIt) z-J}`;CI8(eUfqTdiy~80n1=87=BiLcp@2(%H(-#FoHruDP!g*SYVpNpMcl%2zq~?Gbq>iX~E_Gm+cFe z=0TP5xEJ-Qi>eg^k=d7?M%e3y*QiqBTBLydj;yk6bwa}SUb)KnL>Uvv|G$#!40Yq= z`}@ye7j`9vZEWGp4Wa}{$%F@!M>sTS7hC8Dmj4dzRwwd6TGfTg$n%hzD~bEJjrbuM zWbJlj{0Q=Bq6-yX{VkdaVi2v9%_+GLPkP|vk&`_L z_TVFAoFWH`yQAC(3G|xbgRmz6AJN2g2e2k^0EOKEM>n}w29bdk+n9*?H)tEg%2Q39 z^DkZJsAw6W0kYb`D!jUh*5DQphZ7Ew^yr=Qok4>@9-VBCq1|^{+xTrM70Q4L8}}NgBWO7elBZ%U`BNNFji{F$VBL1<~t%LU%E~wxzVjzNlVAxq`O6CeWMSOrovei@pI zC+AZ>>ZhkX7RYz`?hA5246sJ_K603N2JqvGOdcqhTXpwDMq+zGK@a5j`QtA2foK*= zlIpmDMwvE#2?@-;@~wET+f?07Vk9t%ckGk7d_96({^c>-@ReT12c&O25Tji2q@Ew3 z>q(g3efGi7bJ4-R{h<0!30!lsRi#CN22cEmo*#Z|pn(gzU!9%oz%~UNhPc%aJuY1# zOC!)Q0X6qjNODmqgWwx}D2gOpn1~u(?Dyf&4Jjq5;8J~Q~YVZ=WkOAZ$CI3uE07qk$SvFGRvbbXh zr~paE#{_|RIG&b+hrN%Oc%R3gA1G?X_J<(8{xgZ)Pv~yqDVR`FoJKv;=GK?qx_Aco zk)D;Ie}Oq4+p_vY;)gPVzeZOyDRVa9iQ&i7rG zq5m{aTy=ao*$e4#X?B+v*+~cy-vJAxS%5xLR>=ejsuL18n!-i!kPdd51X86TX@%B+8v<VSJjAyE?MHs-G2r=M@BCnVHa#LG%|`u- z>&^P663>e5s&O7~{Uhnjx*TJpDEyZYg3BPLAR=PO9b!y~nfUd+Rj<`wf7Ml~jJ(c! z&fd>{#pU{fkM7MXaO1aqfhp~Nc~rWKV+pd&WXo860e{?g2iSbcTwbCqL`LRG>Pqvc^W)WwZ@TQ}PI+kc&ZA(O zXP^7RDhUKvysc;RYuN0Og7lOm^8;~t)RMYgj1AMn9QQpvL8_NaM_(fP?0ws4!S7m^ z3j)9_eLQeF>MM+s$!Z$+JtjWi?hYwX%p$^F6v%IIB-#@$W8MOCgX!$X9YK!NE(i{| z?y66aO^Zj4kIlYj^N*q8x5Dh}_P0ZAC@N2k*Z_dnu8aczwR`z2km%8eMx=Qj{@kto zU4BIonN;vvZ_DCU;o)_TB)!MOGT6$Z%O0kuD&5z6#?|(Us!jw&x6jx2YI1Ku*_&H4 zZ}i#~nc&AEnUG{P0a0po4cWtZS3ISkyRBO7mn4t8 z)V}5Z?%LadPIC}FlfMG}r^s-g6|h;Zus=q$Z>?5`09EPIy0DaCtR`q!9_?e(FZv2( zb6^zyvA^vdA51#P0RO)S+jZi-;kCuMXbTPmoFf;Y)hm3jqIjcGpLa&QmpbN4aSW`= z50R>mlI`|KZqxSNaK&N~YtfCq5yFFR{iF}h6>n-&=Ko{|LGuKGciD!wo%Tky|Ab>V z@f!S5@(lqhhj<=!n*2LRac9>&s<;nIyfHtXPT$R{)Tc@=Ew2QBjI%BwcqnCoT!LDlMgL@-Hy1P8Y~7PKgwybNn<$^1d4R@l zJ#Ygk!=BPeJ@CjKPg{v~V$DvIF`7(G0t8i?((QdwfM$1)g5TSNW(w!GfP^(id&m;x z8ixPUjv$fNI8@+bJna`4#4;gM&d2#93{mI^1A=~zS4qrdU3#_#*nd^?B}1T!7ec59 zpVId8f@+;`tbea_QEqTPr$-A@12eYRd(BDXZ%J-zl!P+3-o$XC zjq36<@aVYSy}oT6i9=ti0~I68T)WM<|MCir0TjsJhWJgxgE~rgYtk3HCX)*&8;_+g z_Rn&J5jw zAnK3wTa51TdA^wF7s_e#9*?F(Y4p?_j9&DGaUW2BClOI>n1G{drE=vlO*E)#z^J^uR*FKHxcTN_?loylBfhDbzu(yc;2=A1 zjo#{~zyzxo2He~(c&Ozbo_}fY1=(DGdVRLNd%9M!sBR?jLwxreXz8^=w#}5fIB^Ed^!x9{J5f1o_ zcR7gN@6Fr7ha)5Ai~C~96X@^jRFUb81;y9z&NJS9neUF(&r`-S=44d<(Q1VbKaRItd(u zDW{!jOt(yrJy%;|+-6g`?!^nD8#knDwqx*oko<@8pkNCHqkTd-K0l;;f>glkm1~5v z`b{UQos0LIxYNgdu{ZOKpyuymrl1Yozj4^bB_ba@wG>+7^~*PP1jmZUQ?E5>x3c%q zgG#P6M`YEjsnP?vUN9CwpNl0ax1ykq`?iH*z83MM(Db&_m}+~1UY#Rs`# zF(+ikp~8m{6upsb8H7sL|MGS)vgXYo_$gWU+zv;pBu?mczn;=z6G%)^hCR! zJi*vK#!uAsj(_7f2>mwx0Cp@_`0crdVeqPw!;dL3h%K$&f}1h+UOu9zc89f7d_qSb zKWdnP9;2nzHG+GQa&08baTE6$KV9_hPOYb(S#Nx7^MdA(F(PZR59%%Wiy^;CHshVg z@5o)K;Mrb2O-+cg{`xHY`M7+HMCfwCIW?`cLu#9~Xmd0f2Yb?hb zrLiNzBJMKz)ljj`*Up_{5p490CN}xPQ%9!5roLU|wlc5%<+>GyTP1Z#PE)f;g9Un4 zLw0BX(!8|-C)qs&s=2I?-|2`yG;8{>F2&bvYHf!kAQXd0{K~2loc}KjzYwNJc#iE2 z!4o8lXPfhkh*vIO)`f_~ywbv7@%(Z{ak<(b$%gH{(05a>ykB3SME*|e3HYJ~gIQc3 zYw*IKKL(c2Dz)nw0gXLu&kK3o_vK;Bx3jG-l_Ba zc-dlR!WPItp!NygtVC)omx3qRESLSY@cS;)Si?Q!MUMILo7JXM1;@>+2Jo$$b9n3z z^Rw=?jcMO+H4sVD)~OSzm$Ey6PQysYAy_O~xH;Zwb@5Uqp7+h5*i;gUb>x?!+UYm)bU+IfL1S+bQ9(ySAiQbJ(8|zr;8Z zrhFr8-Me2xCYlb$Ct{u1Y|InIc;n4Ks1YAin>oW{Ss-!tA|>Hoi4V<x&=;+?vj2Y3f;ll(pLE0~mm%mKJmpRefJ%-`#j=`kDN~CqgEHvr5xQrUlQ(?PRMaW z%wpv3C!9nb=|k~R27JANQf*Rm^ELF)Htv(=v;ubv4(ha>mO>*8E)ms6>a zIGdAH6C4U_CL26VX1Pay?3NzE_qA>gUki%z`-pykxmZ&BdWud>4QowR-{AXr=qkh4 z+~If&cN&F2AEB`0XWg>Qgi}L9yf(_uZkR_-nh$Z2IJYd+z3}Id^>|s(%FjLu(rtbB z+ti1?s!S}ZvFCi>Oo4-v^Dd;u?Z zhUgRldLkV%f4? zydr`*a2*K_U4W-e$? zSZnO}=Xg%qENZWb#onOnEBL-d@z>sit4X%M@JKXAk@3HhFdhjjGDpmM^1Yqi9H*@zs%$05Id-xBxA$JiT68muj;d(HVLw0v!njPhin%o@psmjLGEj>}d$c^h|i8ODLZe zaaAMT0!Q3^&W^s>cq6onYloPueU+c82jzv3$^|4n5aCd$`N)>u+hJXpD=6I);)QEf zrisT*m^m`&T-W#B-F{x>&Z>2kGzs%Dft=Ngd!V?pcY1xU>^Tgj4G32p9s5mRcQW5h z)p#Ez35ABIRTK=E_`w@H%)Oe{((8VmnCi7uFW=jlBT12QW9Dp~4s?DPOxQmv5tG}+ z@T(E{J%Btutmdf@iyy+v?FkLY*sS+EbNOunjRYUTltvGcQ<|;K9M)ZgW=P?FwG~c> z9hf0tSTIccliQDK>6o3ihypyE=D7MbZHOMP$F&08Tt6m(5+N$~BY}A-R=)H+Cddu|7&`ea<+SMWi6lwFM~t5y zp=B0Y3n^qp0wdY193Ylto=vQ&QW#lx$`HyxrwMlBg$+K7yMw2S;Q>7yvwm^?L|7r* zxwJ^GA=#`{Scg@~LVskzY@ANIdARd`sg4)Q_r^qjPC|YRx3=`$tYQFe{KckyQ}HBv zyu6@1AfP>X^@=tM41xuA*OZ*Z&-}{3Yxd;si(lye_OZ_54Y}JV@Y3bC3=YZbpWPmPqkK^nI8$#p)g0*7{KQQi`H(g ziHZpL`t&-@(%ms&Jx&Dsh$vH<|7=G8_~qArb>1+!C))GDKOc|SF}@^n2N$X)^XU0; zW>yiI5o66SEMHx=KNvmjO`9q><4N4+(=z*?oN;!rg&;)l@^6uVx#$?*HG7JB_h<3P z^s0WWsslad5~9_|vZlZ?Sk4ER)F+0i%p>w+!Jwi!A9u5`AD|(j6lNZc5E9#sH7U>P zE2?yC{S6S!w7M(YJNrX6H=_?Z$ED*RhT9$-G#S_^xw%zr9a}e z9W3CO;nJ0(NyhU88(|q9UZqR; zRihv?bpS3t4?F{8CjAKRpl}Jb_mi?-xrE?VT#v|qU?e3eh~+&L75}U9hFpL6jk`cb zbaV_q3sa&k5Jsm)G_Zsdy=Z1m9eh1+l;?+B+;ouZMW&r zLi6`n)=!XWKU3yDvu*Dy%3qj+8D#y1X6@tN`iXzedYx=Ad6ECnx$4`C8AG~w`T`F> zevTkGTP312F1iZqq|gQ1TXBREQEETZHB;2EiNsWjx}S3Q=&&4Kz>2gvw6R6C5dJR_ zfBU-a4P!uE#V`GfY^?96ejKGjEA8t|Ie-W7-E}$0f)B>IR1Syu??OFhQ8@wIw3ql# z>KmJH$gDjpT|pz@Ve%`r2}wm%TJ;($X(7y*-RmmFixPELa%p@-Yu~Q5<6UnNdxrsv z_ux^3+5?8tg__wf>41jc-L8$*af+9GIoC0`$F1WHKG_$T7jOt4DMaBpYChep4}kC5 zlnj6^p%LL?5CmZ6w@@GMO?rm}0eMPu_Sx6Hr*Yw@;0CFU>NS~~&zE!5#M{wwht_aT z{c^>zD-SGSx-YQg{e1tWt~{g#oP*w8z0&sW*lEWo8< z1Mk0CQY+Wqk7HEo{IC+*gx_4A_unD6rZPSQ;U7!riVn}LeXI_9|Dx1sh;?hAvm@MN zntC+SHJ=0@sPCXmiol?$rygU`(?8cgPUm^>Y%$386L5SJ^(Aw5cT zW5jm#3W?!#rYd3+Pv_fBH+uligPMqMS^l}WD2TuT-5Zh^O`VC`@nnhnuBk3?rG z_W>|0_oIA{^Y`WicAp2Yy^XKvmhVR@lFmQI<8l2+LuwGYW52f3ncY9=$E?)9lI&lW zgT0j;zxi`-2FEpq(_NV4-%BUa54Z{;Y0L^SlO{^-a2>w~|MM{*6TEY|hP}{_(0M9+ z{*a?(-k$nYL+&Hbx{b?ScjJMa45?4>o1FV;`^;5NAHBWQbXr@DZ>{&GNyq?%@vEE` z`L=2E`GggW^@b0>SyWYy*d^Yu+lm>sIsJN_Qed2(~YGk(|3{H;5!HB_5SQY)WRYLcxI=_QI89(DsFD6-cKObhXnZ0YOK)x?NFV;XdN%Y=P@!@ zMFqbg`^}$xJLYm9XF7LFHi_L=xzV5TcLu2;VB$ANRQC5s<`H9N2bZx4^lTy??OikB zgW~;IlsPn0pyeLEK}(}3W1UaH0wmF3KyZ4O`gCPR^7d9lg4hyLiH=A;-Gb=N89=)g zPHBV1Z|jY(dzhhuPl|DLaEgQHela0?Fro_)%RtS$b?31FG6 zZzp)bcQIHcFl1SLIA6%Y5$fxje6j>n;57@%p7Z0TRz5}=Cy&b?`~%~8+|4Ic#o)sx3|9Am`D%YJbtG!CK;iNN$dH_PXE)-&=DmgwVyH7ynM}vPDtF3N96S zbYmq!uPlX`^x!Sbv?E=gAuc8G%XbH~H*{8e?HAsISE_t!Z5}!*Db72qXMDoS*2prF zdeP+NvBlc5$cAob>#1yC6}J zpN5UUQ{QLupuW{Fz-M^$fdNz9$+TkX(i>^GDr~XBdxi-aY2TH9BcNiz4~Nup^z%LL zkJ{gde0oL+y_sRMwvwdVjwdkY+98q zPT;8mckB1qz5gH}`*!ZdrLO%!Ttna_O8R>|0#IYlQIXr#>nJG<|1N)rN^1DCk*g~h z(faSreXZmD)#cCikgoLgqrku4nIwT^^GlfdhhN~Nb8)N9FTVr@iMUnR1qug)I=f?^ zQHLTpv2R1w4Q(52edO`!E4bedxY#c%P2<#-xBZ<-to`J^ny+ocyEJaF>wL7{c}U8Q z>*){Vy^RS+U0I84ZcoiP(_r~*2nu@^yclZaXWwLAYlG8$;QA}H#NZ)e<1~1u7Ex2?*--W83vg$ya4}hQ*o@`R&&}Xk!>*gE)>*6b(_p`7 zX3c%RhTR2#`@Kdb_vH}Z9v>y3gICHdC^gp)c@U~z5Emh)0wx?93|SHvX$&reJifZ` zY=0JwaG3t{W9Nx@9zR)*eSysXT?*_5x`}Ya`hffP9Br>hPhu6I-8x~Rm2*<0GFo$^ ztZA`3=aw7wH!5WjzVkwwHU9-E9JfQJ?56%MU*REo`o3UuP1&&&Nf8ZBrJF&1SkNSD z=lB7YFyjr*M&d&c8eHF=p7e+-h>(jpDrbCgyt;s9lhTvPv&y{NxC{p$shqX#bi5#KQU-@e3?{6JkLo-y$?D|?~1;~Mbezu4nz zeS`r2Ft^73)CuN@PX3Fz_wcUWiiJN}T*{8;eTjPQpJV-bLEiF&N(gnCEML_mzw?N% z+TQng0>EnD(LIkvO1YnvJo@oVdB_G-7N zP;sA%YmddZ1OI0~eIT1)v2_QVNOoKu-|$(0o()9Ys;iJ7BriEhN0vUhr8r}a7$MBJ zK+_?IyCLtNv+TOB-)zp%&^3JJI!FCwFv@wo#)AKpKFQv3&+M{}_BV0}#3veIOI?Q} zqF9=VHcLN%mpNtFZNMokqe7A(D&Jj-a!#qhW!hhav_G$gu4m8Xtsqmtq@Bka`wlja z0Xk4iic>Yc0aqCEj6n;Yb>gMDmC(R?|p-O5Cv<8 z+)NgSRBO^knsT>%mixsy3i}4Vi}^*BX!?2IkBDm=o(zqAypOE+y6K!N2v_1Iqy770 z)Wg%abW%VChFk8tA5AE$$lFh*v84KR5Z(}LjekgPK|iD*9w2dB^()NIe7MSl$DAMgnR9LCpA1>wXTDmh_c&m{@^02cF`ZkyLqDSVAkuf* zca1!=AHymW{`?s#mXp4)V0t4ZF1bq5-7^UCehV@Ae4cH`l*ijAQeI^LKG=xgLS-q3 z=!?|U8$i|c$s;gAvx<3$-!oWO^F9-xjd)gKlB>_xj4>JNgckmZ(g?MJ^e)URD zE2Ea`>H4uL^G3#Q{yAm~Sg^U6Mu{>G1dMyAu~FoF_`?8^ds$=tQ=t;a&Op`fKRJNK zd9d~m4oA8ESiJPMjud1i-@_GzL%kpjAxbLXSWIR`(i2isxl{y=R*1A)pRXak#)T%|aj(wf&m8Y>z)`LJ zv#Y6t*XC%~{yakd_&Bf_>U-1B8-6u#TfNZ}HoB$vi z@U1Vf7avhG`i}E_8TP{w!WLSSlK+Ue*PH#`lrLVM1q z%%-_My+_d15)nW~1Bhpf9APgHlHZ-#FG?C8EEueX)u8u>Re7*Cl#q8-{I~?JHiCiw z>i(&H4oK0!MH}P&0o{!B7uP(-QvLq6pUiFJ&hfs^eUg!jiR$3dx}-WL%(P+;Pv zuG!-l@RVLfrHDzgHt-HY+CDJj57=Og_SbT1ZQlCNAs1G4o5p6;_$KdOB=vN^E2_wq zWte@x0sd&DH&(!3g*RS-zyQ9(m#30#mcc!^yt_b=X2oc3ZwLH1p{ZqYJGrgPJJm6{ zW4^8R#4ynup2U55C(QZf0(bqFKRs?RS$b8acKa(=C;jnjU7fhvMRO%E71B#&ayQ1; zNqmq^yTr`t9K^Enjaxh7H`&|ApgXHr;HgZA%x~!CZ%|YEylIU~LU6wDW|;f&nizCc z;2a`0WP5Lld1Q)#KPkkPd1qM}pVf*Y1a}&ojq_emLYKb>fzLH|t*_Gpx*_cC0*r3K zR>oJFu{AvM!8=a?XsNKv6%O;jQ8p@>;UYjapMPImP!KlD5wD>Jf56#tXCyOeOkUx4 zs;FZ5M4tR{lY{5;Ms{871Zrtx_}snaD3R(QnVWrk^gp^mHXJAA?Va#SqsE}vP~Q*h zz53}djEm>Hj=y2`3)30~mv?K7JtvQ+jbZRAF0!U(KDRGBEAxx=NLj0q!J8*L7#MqL zY7WnK*lTCXQ1)x!MGkIGJR0iwrf=p|^UnJbC%m*b>`nSTDFcEU=3^cXE zD334oAjVndUrb848*@nCuRf51iQP}#C)vrNrCQRpRkUnk_*{B-__aeGI{i7pSNQXG zn~L;D=aDk$<#j@P_%9lI76Nh|!sFO)l;Z!kIslxr({lC-z2R4m^@49H z2z=`7IiwdQvK<0vgZVoZjp!vg8tNWPEAtHmFd%3xPT-9BzzPlR*L5SE<=l)Jf^ZWM zfjk_JGJP?c0@x55`Bdk_YX(V~D84{JI%N^&1p6-7e4s?!!>xBHx!BGH3dxFnt zfXm6TrG+jA_#8Onyoh+m1ZCie@d%_fbN|?FCXR10_7&q~Iy+HPK1Ifje4;;mqYkQY;sjY)NZmo_@!$*6N1H-Cy>#l)n~z)0{@f!OmpDeEPl}<2gx(mIQ;~OGXF4bEixHWsdw~ zPSEki+d!5EgYC;tJXiW{+4iafI}FF;<;7&;>pjo{d@FuX7w!D!{a-_U%=-gb4f{tD zmS^Yk@F88+)_q$LBawW&FA{>q5Tv9g2l?{la&K1O`yTc}h0Z0B%jJw%_`vjt6Lb9y z`!(d{Gi|-soR~#_F9+X_@SZ?d3rd}G+roEI+)wfSbLR8{5Qs^tyS(Ne`*R(&ch}2m zEs6*fsj?T$s?scm2dxEQb6-knIJAJ?ovCBg&iVd=gS&&(38(x+x}A^v)%e8MJtMvs z-Rbt!W&vrq(5oAP^@QGZ3SX1Y{Mc)l!~E>OQ<*OgC(=zHbJ_fI5-ZZ_MYqG!l0B2T z)(J_}vQa`1=*F;|n&;^oY@6c{cL+vmzqnq9{cOFd9TF@`|3!^w4DLsCveLbMe|_$I z_A(k~)8w7lRoY*IHT;vaU7XSqVSQ>>FqP`03sQ?bnKs5o!88!kxv#T7$b=ChgCoa3 z%Jj|qrS~I_-a4sYJpT(zWc-qK2!u0#MHVlpRCufn8xuL}z=gQA&B02hn`5(&QMtdP zr*RV+C>}1}m5#@|%^^IXP4?Ss7r$z!s-w~-Im0nn0+ezuo?NY7DkiNbMcj6$BXvxW zZ4$}8#85UKi`L+6YS->58^?|?9>ATkrYd}k4X3xODPw1kZ?K)>(UXA7R^BQ5ZLoo( zPu!#rpnC@-kkN(PW3zj`dX#Sg=-{`{6l7HXw?D7*&pm~dLXPT^Sih7$hU{XZtdqTB zy`dG+Bs88QitWo}q_5&m1n`66ne9uCt%>y^hRW%6C8Wg@+3Sc4kW8~j>XyQynNZ;szJQ?Y9jhZXu%4bQvcp5pk5$FpTiCp@>7#I51 za#tIGoQ9<`^X~MeP#QN4xgsabu}f^de%c5>$EDO8Jss!d*t`vHw-Vl8Ct=wu7I{3J z=YVV7v|sjv>GfDKuqUY-PV5^tnEOd>Q`Y^_hCMBJ(4psnKffPC8dF6TwaMj6KZ+xN zD@NRMbt@1GOY>b^c%Rj$HI9x;d#{S`wtq$)AnQ7UXH2+16H`sc;e>4zvtPse`zHsN zl?#acr*r9>uAb-OIr1hppQ>fcjwaQ#Pfym(!>23?rT~tv=@j0 zBk$5B?(17GT3?oVyu0=qE6EW)I0-JHYD77v1 z9{g`&Y>Q0&K+aIOwgU8(A+}3$N1rzPSeHp@8PnMb!(k4}mCP z)+*XUXlYvoCN3x2dHAw|vR;|H(x8wMLWJ%m!bV5J5LSs*(>b)5LG?xJjg^tZ&%ZK1~37QUEt2 z&L~Jgu>q*-xj+cIm#G$*WPN|{2FLQ@V}XuyIAu1>gnpa~K%LMQb#3Zjc#9NUO#LOI z0O`QpT=nG&|ErL}z#HR%;@MXTCv#Ur?yK!BoFLUqFy_$ow}ga}09q)u>~XDrV@b%E z{#z_EW^r|=#!0xZ0NwYlfFF2UlC4_i{p}T7{nwCkBro#IM1a|JW11NXh>eZrZ!wpz zQ}J}ANt?YHQ=Wb>qS2?}D~`=kcOX@;aGc7&!aDSqO7-;t@AGBh=i^r0KA`dkZ@(PY zLjaPHazVpqzx9#I8vz!1W}I7K)kjnalW?ATjadO3^~`f9u8vK=INSWJMqdARZt--NBX7R>6Riw8Ucty}uw0?OhUhrN^6Z zP&aRdVSLUx_j6<&P%1ClGnq{F+#;i>K8E1}(K^nJ*7KX$I~C3_&rCP@?{^J|y3|rF z6TKFAF2W6nUW&@*AV$8Hd&0IEsNmvPiw(HhMfY{2_mZOgk~K29_62ld*J7>Q+AF7z z5oP!1-Z}uu`@^}cE0Xk+0%@@@D?tihk8ykQ{`z>|`0Kgvdp}41xP*im$Y}W?yqx2v zmuCN>f-Ey_x$cM}@My}D-VzbH!?;Qc1_Sq5vL^d>bC^~I!!-l2RQ)rB@0d=T2kD(Z zlfs_H)eDmHfaIM}A%t(>yAN-?uUM;PFF3gS#a??~K^MQEO7iq%~2LZ56aMz2jaWUlHqTDIAyY2N^eaqh7!sMK{X zSzRo8|-)u0NaK2*EXduhIJUuIJX{b?d#g^UmYwjeWy z0)BL#{8_{^;!?oO>EckCra-m~RU^TAL1#3eOF!D&5y}*bf!a03-KFIjIEqqj{0oVF z>LXHg#-+OMD-)s2w35XLSx|@iv4CpL#B-W~OuwgL=3U_gt^fvay!|5X1`nY_bj!X= zzD!BFK8X1(2{G>5uUp2tR3LrX`}%ei_wwjq4i}A3&!>e=p!>GW?Qx>=ce!n9!M==I z#b^qFKDakddm`Rj^5^?Ag0Z5@_R({XY2>C_AdF1y4b1n;N!SZ{E~3Zeb)u z*gPu!cn!R+SqbXgllOK=6Bcrv{rTOAx70@@!BzXAY(?PJRQ&NQwC~M-icl{-k+Rhr z)SronM#sP2f6M*N+t-UgH^+3eZbjNWpTy<813BbFLLS^fLPXT7zdtSz-Dy5jqqrFP zZ`u2YIG*T0h_%s|*uYekfQ=|frEuIbxMO`UjR)54z~ErrK$Jcw1H1Y>$u;Y>+~5Hp z!QoQysbpoqCchDhl9~p*@v;-1sPP|s$z~D!h|5)jOqgr{P4WzYUZf~pY6;0FF+oZSjUugFH< zUIrlyf4>fn8BI>{dn?L)(>rm5(p}@(ZY67PXSTjvykC~-^9s+U?BP?^s%^j z0(U*VRe>O(>4sC``g%XPN1Eo^UejJv=i|0-!V7}REbeK;q3*XDQB2_o*jgk;y6uI3 zYtky@d{gWNvlO1rvR^EibeyDL2h7Dfmz{OKs{zjB6VlXA_s8R-F_bNwT+(`v95KdL0S-bvjt=WeA!1!I~{9>uY*H&r-YE$hODvfm<$v^!Xki z`P)GgN6~h{kg>7Lt)1O!PAbNR6jgtDpYq$&=?ljsj7eK~V}cDSMEnw8RjxwfgSd!w z8HY5RrX|KzsTO^j416g_D7I`v%xEY>L#mKQtFwJ(YL_$+q2;V3K>mGYx%lc3vr=?% z6czJO%~ej#%=s7?2Sc$B@pn>B^>XJQI7S7sLPRuV@$GLD=Ot~`;e!Lyw*otxpkGAe z?6uXyGV;!fr%z#=kYtVp9a|uLKc}U;Y85Q#FoA>0`>Sw5C>-9`F`l1xGfZ0ENd;&o z@qE2o_fY)oBY9l1G;DS+_j}J@+Lh0tv;wAaK5B~exMZ>D-LUvf6lbaNTYp4pPQttS zX&-m7);$PQYo+tF1;|kak_tEvUUdDNBU#H+?5?S0<`V0H8_NQr$YrF1M+CFRf$GznL~(dWWMSFOOMOQx*(Ainqm zSRcq@OSNz|k|;Db>Ro>8&pTSqlg*O^IjQOgQ$_tD#R$8E=J{g_TGiqn<{P$|U@E;* z=RAlftkx6OaKw@p34S1iYPk;oD`*Pi1r0Z~Ym_V{M z|9Dl?I$Vlfy>oi$3!;>6NCQj!2~l$4QE464-It*))?1Vj`mwPUC+1}Oa7mvCNIhPj zSW+Rftn2uRbomBj&GYGk-jj)}*6d5m`$4#03O}(Ymi=UCG>^-NcP5^|m-a-rAJ;A( zAt2kCA&@TUA$s6+EUq;BwY4vl)^w$DsY}J@W_}zfkwpO5*!$8|h;nG+SMAJ=cQ_6W@OzTtwjSWL^ zng@=vUKf5DE*Tl)*$K3cq=%;*gmnkH1S}%#uU8cBxGR*_V>hturS18xz-!~=FO0I+TUGK-PYSeOA?4ox0{L#vFI{AsBMqAgt zTk>1)a0wY4DjtSlw4^iupnujiZnD*0azNFsV94(IXK9``-M zr`S6T!p*KqBO?#i6OLGXo5JlX$Zy{0BX`6qmx0B7&v(wz-nd{H<-_fJ@(eLswp~$p zS~VtPeD2L7?;f z1Uc6Ac>;H%_=9)6nnwYHQ(=MvGj(aveNABhT(HrVf=r6=!@Td3(}-oY_0@0+QK ze`#=+^!@QRv^l;ZQJ7uu5b^vqihC9TqP^X)9L1Yh0EBMt(ni`R8V^qGAWta~bbi{X zkA&_+`-6KHL`8Ob(7kOmc6#YD0c(CjqUzBbHa~-d#ztfYQHLp z0e*b&9ao1esrH zC(h9sPS5LMIwsdOg6br90ZP50*iJ)qBh~)#Iok$CMNwduEo*vhsvw31=|PtLIBg&XF-p<oWswh9NBH!w;cszcuiT2a8{z?CEd7t&`T4dL!`#OlAXsX2*sm2Yi#r2W_nx(< zU)y;=$JIT)A4_40Mlr^L#O}4M-Slzr+OYsKEB@##H&l{^25?{FU(IE{Nq61uU_gOi za--NEzRlM@J55*BGWXrTK;F8JW<;1Ti`-F=eEM^PzmV{zR)@9}8+SWa)z&25d}#(A zAtZN(XwmT`2BBYdw3{|~+L57*`ccTX_s70{;B(ENv_jy`BKgSX*WLoXV7Bbu7^WBCxp zM1N61G``O&l{)I<`M1p4m|!7cIMbqey{VT!-mAg{iOZVq^5QR}31L8f2X1Q4(FWoq z4y3`|{3%%C=Z&^X ztQl~pEt|>5!;tm(^*(`}1tG%-5n)!(8o2?y0dm%Ap_FLjv zzPLiWZ(A2VU>FC z_KWj*+#6Fv>tZA${jc;~n*i}ih1@K>p`!i?5oa)JsB=AX;ELjS_J$CIQ+ZPfRt zYb75>=iJ_Q@%KKEenaW`&KJ(SHZ)t#-G7xe?LZ4U9|I{AH+{cazt(lPlYvxB=3efO zdRu;w3fGN&F3$}z>~mqmBKJJMuIn{p3#8F_q>AgWoM6^IcT1VuWdiibmaPlTghzmJ z`}ay&2+k*2LOu!x)Gl=zt4J~HQ@tHExpO%S60B{?Ao+pJK8v1^{5$i43idlD6b2He z{HH1V*t^;3h6Yxp(EKw5kyAHa9?(!w#$f*(jg{qaeLOBJHf#{9FF_S9A8A|Y=bj2a z1$Ls&S9PAxfZj+ltT}}B_koXvxfKtWrCF~0oSG^J?H~TM zIEg}-D(mhb-zBcaHEC9GM|RH>Erho}u8IMBPB!=OE zpRiL1x$E7#8f0A#`V*_3U|xQFgjrdJd(dDQ85Tg4u>p|y2!iwT@uzxOfZ%w7@ys4A z&UEp``u&OEVip*au8RA6xyx{GzlSN%Y~ZAgpXi}N7d{_Q2YxMl{v^KhJqeZH6Wt*q z66nheV>Fv8=W`XA`V9+$0#id5?sFo-m``!eC|Q~#d0AtNx~>B*)I2j8!>!R?Xb{_% z%0plpujtb%w!>7PBY3%@q)J9_QO-NMHyjD2t2f~l#ol+UoHZKFK0>k4ux-SqW$+FC zz27t*8nhptyw3q@mS1d%Q;_!N`HSEBVM}Uu7+WeE{|?4|X^?Gyypb6_yxar(gK;R7 z^(!%TI20@S1;g(cRf4J;zq-aAM3KCJ~Hcj?wk>j1T1s_&HuO+s@zu zI+2`8KC;!fQa}7XRM`KCzMC&onGG0TXFnd0D7{Q^$X~@58ld?ajW`JW-41pO;t!<^D^3t%r+ z596mOTN5Rf@49d9euw)*{fthy9U~g;RH8C=XAQ$~Pyx9r^oJHe-heb8+=0VA!fQ>< zEi!ew2S1d&=5uO;kHb)@IEPY%xCRs)x#&Smz0r8lI&be+unyTV>3;Eh$QrH z6vO^=X`bLmqkID17lLm<(oJKf1yrzl7*ZkyB`D7A>#Td=wk15=AnlE66||iM&8A{N z_(xsNz0Su#NI_*d^|z=IW{T6Uq;+6Cq3VJgTrWIBy*@=oJ*x-q`4&$5vQ??@RBX5& zURLh%O7KESjgP`c@)WGoS$Wv}vfc{tHVIXm{bn=ztC8l@OfkCsDSE#OC0e*^{S5_n z8wyGq#9kBY=Ak|&)c6E&CH}y(+9H|j?*~hIA1`5OV^-%@d7xFUvj?#_M$c^!QW=?B zn!4BWU3aT*8z9(Hob4N*jurVtHz6^e-#sG%Txg$Ml&rSXyJcPjU~tbkqr24+CgUnR z24;`z%S;`pF^Y78QMYgT;S#dB9i#46SUh$2G@3lr=GS5e4LyQNe5kV{)~h|5N#|af zGn1b}y zDY#F}8HFtz)BZj#=wPlwdQC#|?oJgfxFLTHKK-5L!iEJqmmM;|60?WifD@Ou!l1z4 zZ~E@hTD)g5UUWg~9oi>{8p-9tExvm;BRIqHvPMR%|FUnTKjvn$qBA<<-oIW|3D99& z=O?t)2nq;~o*K^>%lD;1^T-bkCrOeXVR;KU6BX*LcYK~<5g&w&PiRw}<^1SKHS<0! zu_GgeD(bh(na2n4rEhh#w9`r2;}osJLLeeTsAyk+5ac)VzB2<2uee`MRujV$`rt4b z1=tCk(OreW{c?e_la`U2e<+Py*LU+m!NJ|>=}V~6dSy{?LWMV!uXeZqBHVLs=*h!( zv#^`sh<+%h9N4%|X{=n;mp*L~Eacmg{rl&y5qYzv=;{u`36gqta?CZTvYb=5wiygj@u zM#iLkh)z~EMvn$_wpgvI4t<{`?rw~rtk*Zm(%kL>1U|I6X0DNMr}wlv{Zrz8_8s9Z zNu0dgC-SCDofgZ^=HEW)dI*!X4S(`~VK8N2C2XeD{D1Cg@#k zy+suByQHjN&C$BjGVnb}3SIj`ZTevX%EV#a5wGFo#vTmPbpvCwgEbptaHYQF;EhNL z-X+pc8VssGmFaSC9VGkyvL2Sx9s)ES?;R`OW)rcViR)cF!}K)F=h`uZ7Bhzk1{+DB ziyK-JnO=@H{Nu{`%DQ~8zv#)Wzs@8SBVN_wGCDv=DebC7CDN>l$Nq+dMj>|azh>DOeMoA)Bh$j*)7KShFZMQ3H z2^~}u$8L(1e6$+m_Rv2}#~Ssy?T1{2OM$Ox^ZC3&7x72O#{63&rwG55GNrA7@w^Bm z(*&dcJZ)6c+1Z_YeP74@gG&sizafxLh%%YS+PUphU>>)Oj0bgnO=F!4V4y-S!$XmVf&{(Rigq3{gJ&3?nLfGEA8C$$J{@9V z8?33Q(|enZ?u<}*g3>a@uy=EK)f2T97{ux9`x|2;kBT>}oFEwboo>|xA}s8;6p)uO zrj=TR=j)f01rqZ%^v!anCcR1eq+^wL8f+$aR7 z{jY@Z$7sl$sPd57qp>jA#+A%}fKSwC{ks&?$J*nKS-<4yP5uJnJ`=W} z!nf5IIbK+4dx#xizVc-~ zY9gHzBVSI&=X#5%)r+AJeEbN|R+nVmV>2BSn}TUX&4k~lEp3V!g8mQ)HT@6PaCIlZLQ9s@rZlK$hlk_$+~0c>M? zNs8wV%2GVKN2DP&as>7UAx4rEhPM05_{PWfru71@FIGIQ5;9}T9Q%MW5qcoVj)a0<3x^wpl{ z>_FwoeL8;*RQNz+8=6`1yyl7)x(=+%+eev>gAWD7f%?5U!8(4f(^kspLg3$DEfPlZ zWxPy@BX`G|9~bH4U91ZxmtDrm&gX22^ZDAf?0$bm=g1UKhxd_*Ua+n+_^LO?1BZS} zoL?F3IbhMfNb8vV5on_Ou#(&Cjv+J2V%~vV1hf4Br*a zv8)V0*VIw>JBb%S>tY+!uSK^<+$$aj>=sUlW5g?Y{F)0SGyM2yKvrEBQ{a|oj>a1m zKBUWIU)cZ?@2*EP|D5R9I#74w>d6jepME+fS#1d z(pslWE4VXzK@lDlm&5&vPqivpfU*O53UpWD_J#lCxRK*JPpk~n;B24;v-L%bY#G*; zZAIWT$mhzQ!r<>NxeHGU1+qJ~-qeqLeD?(h0{NwFEM3Ir5mXrZ#4(TGn(@f1v!@%# zs3{CPF+c%b!0YMH*8z|vd3(0vLwcP~dU8co2^NiBU?ryuVqGP_P+`iF;q@>^I;ux( zV;ah2+wdhw)rQ>ss=Y~r@;Ia=xETH7KZh`3^SKP?)lDe%bv*wKXVBZ-w1fYU%qj^VK3yrw@dVYY3)#EyP{s8rxXCDz5D|(7yCLS1j zE3)lcu$MYCMNc+*%1{_>q>SAij?+MCn9-@6YINv5`A2gu^vX$Ik+EaHar4K65VoTe zaaFx#>|2sVUTD(;S~L)yfaJFBnP`P_PxufHA32`QU)jD%|96ZU9X8nm&n!I<)vBL` zR7th*RevRBO|X1>ns9{Kh=%g@IdYgb@Uv2ZJts+=7^=70x64bL{_J29xp`k7Id zE-34KBl+3*V4G}I+hh3~wAw#`O2LsU zw@=?=4rt$EtA1-ZT#|#jXITaM!k_=J{9H1>RKWg^~CW|*~ z_`6PuK|PvROi{O7Fa+lSWy<4@qPTM`od>$yrC|>o`MrRS<^)I%T8b_#z@V`dp`FpW z6_T)jhL-Y8we^%dAsD>CuwL;B-~yN50n4;F@9aXw@blWOyy^}@;v(#JChrc*9W?+m zLZch-LAW6mR@{%s+8P}%1yi-o@teWr;fY3vD8AmFetcaD5v9dM5A_RN0rp^7AM>K;&>2)8FeNT=&w!cv5YdhP>^dL?u`80}Fw?gzpu zq15DYu&xAWpz%0)_GeZ6J+f$Kpz%A`tK*F~m_U@I<9Avs}ZXcfRrBv_D3$5w; zmxgJUQawal;e3_iRdh#@Cq>YI(6aK}Yl$3K6x}CEs20W01#&dx>j$0Qd$e)<{&f}( z`}O`jg_nkV>;nL;a(Tx#{fLl(bY;GK!6LQ5+M7(%a9K<(+OwZnMd52N9#B@ zfL6{#@li+ng=TA#-ETb9=M32AZZElUEBl4+us(i)sBaGBLM5EysVWy2B@IURm*#XMjK?T>bt)_eQe^4Eo97@! zhLcg}E_@-|VDFK~Xnvxvw(#|HjZWu7Dxj;nPJ(x*7uS7d{OqZ3TZ^B2Jd4+N zR-oe04I6u+SN=&v)WDVu#R&5yI;X8%{IrWBPv`tpB;NUz(gJkM<8(c}WtPy`>4w-C zeOgwt4AjPC)g7Bg(z;WM%pR9PkSO7Lfo692$s>O+?!k54ZmXYn+qc(#YK3K0&s;e;9`gJbX{naD0%-yK)y5 zpCVjpwgZgIg*Vq1(B;K&8^gh7*!V0kADQ-sJ>8Uk{*Plw{r0guD4N{Ic7p~+I4%q0 z8N-_O(o~GZlBZjHX2?uhwpgl zk!+V=f2vz<9%L(>WIsY}NyF!)cvJh1p2*g%#f%w8W1_2&e4U$iX(`5`anSwNV-3*H zJOq5IN3hhkg)~F=C*KMhG&L`<&|@cCd5H9Um7dRvt_6Q9#mgUqMkdbT*DBRzwKzb; zgI(nh5W)UoOUnk=Q6)5aP_!=5CY(N_HFa#XKLsuH8*mN_y1O7GniZafX1 z+!r9$bb>_E$WU5PQ89rJY3F0xp*-3=GKM$aVEsT9U-Jg650sIiJteP?q50>;g>ECOc7UI%um#Q$644na{Ql z&CpP3xs9(WnvL7M9L9}K_}Ay2KCr!G&im*U%;f3rZI1{{?)xN(y9hsQ%Rrc)LBr6F7 z&9e;tKorp(ZT;kf4PSOeB?zQ%?z8t|Xzg?}f>TheCJZ7XT7_*ei4HIzwC=#OoJwz1 z=i7yEsgq(0?U2#O$yoBB0=*yx*5u$f=RI`Gjq6yJM>BlF9BhT<;!6v~&w=5ED;jVE z6}pf6>TXW_71i#KA66XG;#QCQLVByo1M_S;7}_+-z56t&Wk-R%93{=_y>v$dD8LPe zn=`FcK)Cz*0)E@KI}o#TK|g}yY>bblmWjYKL;3PYCU-jtymg<4hUm=1d0-%2AYCZ*cpOC8{)^(yJJSoEF2f5Fz5y0t_TiwGXx2Z_=U~FJPs%R z)M87-q~n^{b@zPTgG_E;KUIf&hB1wA1BR)^>_q2tRc?Xy3$h+9%rF%uQG5{Y5(P_Ibbo*wk?atn~R zOpH9Qn(hTN|g>@JR*1jtE^A1;Czj}K>r(IKv*c>iTb$$f!8x)$#j z^t7Zr_-A>K+tiQ$7>Fwdsv?~8`Si#MQ69|T9G=u|55dNWL=ON0uMwsR7A#aww1Qg9 zwqVInf^jz-Rk+H1xj^aCGrZxXixM)!Kt;w)e%!^^gF5bu7>wOO6@?SpciV!uq}{J| zCdxNyt5a!9*ayM(GpPNwz9iitjyyO)9JRYwT8KUEn1nbYsqSyNc{w{NT|FQmHYNf9{FCIIdC1&GfuN!Mqg)y%@ z&O@aETpj+lokR>#*vCU**y3W2^tP-g$vw3Utyy4Q-Mljj0C}~TOt=1{ab$VFe?||(hRLs|z#8YDsnr##TG)7@2BMIerS)bRB_%&@R*hb>3!6iQRxg+d$&VB49(AmgAa6M}c z&8*ouyhJq#yS(l6JI2*hvNJS=7`~c<7=+gh-bGPZLv;y}W%H~x*{`1YdSD6KuPD3k zO~dzw8~|jz^G$|1JZ@Rr$V~(<2ce;a#5YGRTZLSzGm@>=I%o%lkOQ$ zuKq!ilTG)5@xfmBWpoR6_U(E6CXsg5m)E)x&~P*@UxeCC5GMMI9&cv2Bw%Ez$X|vp zdSjy09Bp# z07ik@{Jbf*wQ&wI2LEhyGb z5xhN1OzioF=-1@dn?E|nUh$w09Mq3^%))0WzTrUj;uaZkSOUzT@}#NeU{%pDIA8me z-ycknZ-4fc(}=8{89+(&e!JdO-_Q{jtUnJHEx+da7GPNDA<2~H-g$UAw*Y8f+ijQN zF7k_K_Wjv{8$$NO+t}0*udH6wi(dtgRsJ{v^*f*8$}OEQaj9PRX|Y+|N+erIr^xc7 zX<9R^y3`NQ)a3X0MrN0_X8FS>n1L*A8mhkrFj}y^C_LU>HaaofS>e4@*2d21t`Eb% zL)zE9?{8vyt(2m%!5*%krBBxS;9#YLejXn(bnD4DV_pS#xc2^}*v})kj2~iq_ot(; zqq*d5XPuS3I0-O2KY?{a28eP?af#Bwi{+5mwwklxWKBx~XH^0l)+ccWSIWNoAKcPhfBaH?bG^goWlwqQU^4a~FkS&tB60dtSEPQW5 z(|q&wH6B7utx~RO;d1-hdTfqF15nqREbOnw%*h*+NV?tbioqQNl(7vOP+rM69}^qK z7j4D|PlEr0%f0!5s&Px4ta*ZQk^d`SW3-~ji6W@=0U+yv`LSk$%@Cx7W&8Qdk>`WL zwx=a%z47{Ovwk;TjNmL(g{7X7=xb!s7EJdse8RJNF(Ab^!#*WG^3@K|CI=tg8WDmB zRJhMksO1Qi;~Y|ld}uMtry#fdXg^F}^*#&Yh2bD@+?Yyhs*XtrPDab>{|DGVJ&B6Z zE&9XyIZg;2&-NVo?|V>wSNwVxf+@<=w1nd)t3tBa6G@2D*s6LK-D2XW3%N1!vE>it z%YTOnpEA}b?Y<}dHq=+C$t+(#!(S>J0yP`J)OI95-PO}IP2u(?JcSgsb#R`joMbCF z$7RPW@a*GbUn-L9aJVXGMK;dZpLrI0c`kA7-Hza3Ou8PI*+gF3y{0ByFgZg-2c-#bgVy*rX;K1s4tDCoE@^6i2M0+ z-{l5Fi4l|j6}};-O@JPfJZMkOf@fPp zCHvn0rgL)0nNk`~Ey}eAlJ@KC3G{=P{rEn{^};V!7Po;p|Im~qo;{$y3|n++v~Iu8 zmp$2|OY&vcXer0FCojagdXU-!y?f8TFwKrm-+Dp36Mc{zbx-xW&+9K<^SJC^k1D9l zgT4=@S9nlM>K8}a9(~mB%VmUjXW~KrBt+%kNBRiN-|BA{ z@E{(=X+Dzeky^;+x>}3_rdVZ{>3Lj2^a(JGsWRYiSOpP}LABhH&-nvw>m}z;)QQa` z{j~m8E&w=v)V&y;UMpb5`}w#8Wfv>I+O8RagCwUy{o^x^MDIP3(N@C8V``dfoPfxJ z;e<=@gXb-pwXB~VtAgs_7+*h8h(~`f!Dqg6i*XJhNrwsxdJ8-XlFt%FOWF$a{By!BD5mPgu3>Z;XgXahdQdsibKUL`0ZfUVX@! z;T;zyaW9?_q#$S37t;&KW3{Q0WL|DLa(2ahnH}N(^+EO=M>#>0`+NxpgfHgc!Y{eg zb97NSP&M4rnBX7v`LrRM%(9<09WtTy!gkohn0CCa%2784G z7OgR-_}_^v&mX}7yq|&T8>b5Kg(Qp{7ai9ZMcg{Id%<@R7xhR(8F~a|qE&q^F;9~b zF7y@nn$TX#EM<^Mx;{$%9Ii;XE3|j6)}hB31@n;Hqnt~Xs?RR*pL7F&T=4!F!;`-C zA86}e@gq(^-NfGwR65Zty?jp!LtJeuP{b*Mi-s`yw>a2M$vt(7jc^%1;$16dRQqg4Zwi@k0UaDLYW1^e_TMYQa1pyb|3&ipJ`=Lo z8^`?e=7Q6CdkxY3)jwdO@$|f#0rE6?-qJw;g4Ms2eK{6qN(Fx2cbw;8uVE53P&+?l zW$dc$0IrbcN3I`#1Yxsg(JzccxqyJ$l9^nl1xa^S`9z-L;&r7Uy2Bc!WwsBPx04i_ z`x}3ZUhkbfGZu2TM0lel{YZ4&nL=fMKxvjKS@XTzTQK!;27j!OHQML);5$!L z?7wQLD$t6fE-ZrbI{oE|YkZ_sRdPG#PIqrwiKMN^N z#UJ13`T4AykJI`Z#ssB21Nm{dUNQq~&8lHWQ1%^+LNGEQ6zyk0hYWDZzV^+-54uTJ znRx>;>q2AGL2MrxphLE3IZEHM@Q{mVKy&9Gilbpr_3Cdv}QHeTJcpS<1<@_6KK6{cWL*B)cY`t|D~+xtqE z8r$a*EMrCJ$<}F{LC-Y7S;$m?c9A$2MCX)Ty%OLIBQr@KHCz>UmRKK z5u5{{i*K!dz_(9X>M73yfzZSm~+SZ%aHo7-p}rfA@V>dEB%H zzKFlsQ^GV5Z8p4sECaIF;ScqYSo(Ya0IsDx*zRN4cgJ_-9oeK9qY?u0b{E8s$%a~3l)KzlN09e zd0d^x1NWBrR3_Of=x{bWLCV}vx(8OA6!8s@kz3h1FnGnc?Z{2rx|c4}II~GiqNGUI z&P=CI^`PB?N~)j7Utzi3!vMB3X$cBGoVPUHYG5>)2_d2KD7;1s`?kRMlPYW%ZqRq3 zg8tMBf(fik`-Al}Tt4it7haGca?b;LpR6kyc57uQ;<|sU2-Hx3U<5CHl z;a2WD48U;ThthA&YIyuCgS!+L)j4|9AwUv8tzW44O}HnzaH)FX zTdJ0z*+_sa?Z!gl7bE#O8<&>+*7Wy}fY7fAieK!ph>O=UhGo z|B_}R<@~Q_Jhh! z!FhX#Dm}I9G13TDz1fC#K(WV$Gq`hjrHTpue)fczjb;*VA7=g@T7knSAY=ArJW`nO zOYuq4Jo+>9_c`1CQu0ZqxTm@-C|5<=jn@Lq(4tDlHI?f7LR^tSX)`ARo(X{yvTYZ( zQy4jYGOB4qQbv`yzw!ge%g<1L{A;_I)}*`?Wo>}PVQ z0i(*W%P%8(6UAw?mc+Yy&Ei z3y<k{nGq-;(_!FYI?`|~;4siTUboaRI^9&`O zexfCydprdg?(r1@kpjVx5_zKG!`uUsto(dQnp!^W$}$=>4gne1V6EEA_GXZ7Zp|e) zZD|F>(T8>47v_j9pTg|-s-M1ndahB-Y;i)zbqrs z9N@H%S$;(JFAp6MS$)ydE`k>K#{JV{i@d=Uvi1);cj$fON;P-Dizv{ZebDrTg#x?l zR67{)he9bv%EJ?T)(QJ|$Z43deX>ewTt*$uIrGx+cNV zW)-1+&7xU21v?`3d)%O>{_R_as6Xu=RsBU35MPDza?0fB^*!JCeYecWWZ9ly{wMKl z)`H1(MZdYnNd1LM7sv06v0$qMak9&P+@#lH1KfmDK^*}6zya{BmeS}&KE@8JDWo&H z#~(6x7j)_#~Yl%JD(cJ`SDlo)PpYzSr^m?U!p!`8SlE6 zEcYXQa6i!}XH&>u`=Ev|kqT_qq*PH!{1xxR`_`1(&S2Z)(M`z6QFH}+n zJ`pJr!0(qw+d7@}q>_jExywg1>*|HPn9@XaIq|i&q(^Hoc@NwpQu2E1gC8ANee;+X zhPqZt!N2L^{k`pqEexmTa?%gMp^Oib>pDjbzw~~Lc7KKM|C53V?lwH4tAd$}8QI}s zarMsWCztwgSdEmE*sg1jwyZ=Jll18z3z!jjuPD~vZqwyQ?kfeo&q9l+amoJ8wsGM% z$(Tz?96vdfD2=jJTF*3Co6>n3qk>PLW-W4XD{_uAj83KGyM7KNcB~e67b46%;>z5W zBVWUM0r{89$69|9^tK*dogS6T8>jq6^t9scnk*`uPj`&1K6V$PtOtmZQQGw zy9Z~b9*^JaaiJgYsqbobj`yvK*S%}al+P_Z;Lk{oPo=fY4xA^9G$!-(dY$9=cQUtF z`Rmlm_gmWdk#U)Gh`n&*D%YlJfn>iFk29TEuOiq^@lBR{9*x@`fqk0TI%kl^sD4^t z@`x8X-iyQGRdOuvPe-$Wv8?*rLwR%Ij6u-8XvIG;AU7>B=ky_aDc?HZm5wR|0?O-$ zpLIn?*+NO?vY`pPZQc;XW<@U**xleTRxE9zSJjx=GHy=y4TGMM^t?QSh(-IUbf~`A z&Z#lxuGgeHvDff8p=}3VsT@m#89G>u6&EjrED(LTyMUN6Q zFe!(Nq3m{qrvg)msDw8Nu36?Iox_fwGN&y_bpNrVDAMSOWMCK(g=HDT*UntPG>b3$ zMoC!oJHs>2!4b>4#r4-v@v~NsIeNQ6~$ec45G`pFH8N@+pg?I>!p6@SrV% zoJsnWo}jy52_){yE_Tmi0Xz2Y&oiH!xp` zFnx^bI^^KD0L;&mg2+=fJUICMBx7;8m-|IIQ=IMYTU!pZt>V-8fJBx(HS^<1U|NUk zYbQK;x^pPr*_RJ=Oq2#?6i1$LPwo5TvMRY>!y=zm?vl)x3{h0Rqr34-l{-at2~~_7 zj(d0l-#pyS^0E5Vgp96nZjW>}?vZ^Zhi6Ty`ck?sNLx#R8j`_va3l8QM7zK7e2stf zeoVjrg*+uW_D$mQ70D8*joH#l zzvIhoG|&LX%_do9bd{gKFB2y$I{todISw%~l~r~?8Ry=PBVS&1cM2If@i-S zqz51Hz#uE(dqzW`Cr#EqKd@8LaX*0oLhn%IwHDk~A%j#d?G_K?Gr2T1ALWI`-SoS; zXG*eZAEn^G6g(#JEaa!pWbCVI=u48ZuiAsh35&DB5&)ss&+<`ID`$95%7Q(BV@YAE z#M4hFlgnUAiEmAEKa=B*1W_pGlg#^Wr3%h(zVzylIu(6tG+`Uw7D-M3U$!p4Z2M4w zsh+y*QZ{f%xLm#}@6!(m4snpM3Yzm@3GqQqR=(f5#$29k^Dj|)z>r2NKp?qv%88id zi2c&qG*2>TofMxni4-l)AP{5q2vWCYlJuIkPZBo4z!8hZjE@b1Igu`2>jO64y#U?2 z=-9onVEXld>pXCyieplgMizy)QXUTXr0Nycie7$-UX9JeN66`O@hpchl6gr|M>MAg zciRk;U_vFj??cNG3{o{Cn4}uc-Iep3FC@T~3UA;XfA6)Dc8s`q^5Yjs{(GCzPDYKQaVi9!*cu>HXXx zetbxuQU*AU&+xPRTHNvXt^4XNT~*jcW!dtP?MuWHgt5xnO$*Mg0b~M42%RuHyK?L_^`IY~ z38_CrGvR2-wIK(7;^TcAXVqrSt4@mvVFxi!CP^SV%9q?*k$|j%Am9fm6R5 z9L;u3t}>5KV>eGCIk;#pAG#5It7TRnT!QM3MTPIKt}3FuEgOCF>pSy92PuTA!Dxyc z&j&ZG(4XVj4TxhnipS~!tQ@SL{2nAHw|{TyWD6!;80X9Y^a}Hp7!s;@&E9KAJ>B#3 z#o4C(ySJFm0$sqgOc#6LFX}T+u7hHm-e(B>W<#eozC>RqgQ#wg7?>M#!_ZgyeOh{5 zCZ(_aWowOh6vk&j7^_BoYSzIxRkOCOcl+Iaap zN8(5YGq*Spf&5GNzz1BkOY@Fjk~>>i`;fv=6f2GHd!A`PY5$g73|254W_{ZC1%@ph zp3yZmm-5R|RTFvj+($gNn<pN2h7Tg~Akg?4Q#XbsJg-M%dH8m}^5k|bU(kq8cAdz{f?ul(Q9Kup`LTiR zFb)R541A&RjnuDl_Ookk4%Pg@zGTeTzn-mZ=|>|sSxOydN*atvl!qKZXzw->DRn{z z8wGdc2ceqI==WSPz50C-N5!r`vdp$h*XxA%Y1Y4F=U$Kk#5==w*sE7qFQE$J@8-#|_Gz5H)<|*_`h1c5YwGG@wI5Xdw7VYSvbShN-3e*4hBM)-dGD`3X?mOq za$_+ID7}6YeQvE#sDl)eu&}@C6E=LEFH1q|yU&%Aes_AFQ^(CU(1h4@uqIl5&>#Q{djY6 zuif#)4iSs%B6;`p`f%Pi)&{EGJcfQaU2w{%c7)0@=G)@^*Umq`2Bul5##Z(7@h(SkUjdW4uO2a%PofsDFDm62MZhX<$Ct{;8@1r z1MdeGK!7$W8eh0!t@jtlG9{?jTbgTYu5Agt&74=D!Mv@$DOWt6EOeCkhwu85`tdue zurF}fcc1(1THhrKMgAc7Dts((Gi#B!jBjv$FT10valy9;!IxMVuq@eU@gf<#ZX|q9 zRm`nxqHN7R;lGfsF6OIYvMsAKpL zRr9m-xMG?}N@llfg~Q!!P%VF2(7SEzF|K z-H*lkRNJ|$;aRijA*MoO8op=2bv>oUirvpBBq4SY*KahuZ-eI>rTRD&!iR#G)#XSw#9#LV61La^?bytUwU`zZ{Kx5N+A>5d`^Xj@Z)}py2Q_wEu<{n$NE3gU_CWKc2TkOzniC3!`U*kt5$~4* zz~31T!AO}rq%B@_GOlc%yI6=>Wq!&od{ewJ@;Ii9#3~AsxEx)1L^*icp=TBvdnz&@(}Mv8mMV zz3C%99d_e!9!Z|?6zjvBe4pY@4#B$W^Zc!7%cPQ)2F6;TrR$Hr?rA!c{|gOD$+)Nx z6(7&>6)3u|uqBjy)GiGTmXoT($d&MYjXDE4k3TwJx4tq^pg(ncGra;9ATdkCt9gC| zw6Sq#R953dF{aZPQ@vi@v9tIX#Y+PxO~cLbJ3I9Lw$TmI+;tDPrWj+2DELQOoS2ab z)fKv4t$q9QSC$b>D-_B=#uSTwAvM+^LsJKKuA<<2&PU(RX!2T7JQDj_VZR$u#iL61 z7N5pc{UhnRwiMO2=r2hUc$6p-B%{2Ef|4Xi{`#I&-%rfUSYZa%X{PBV15(!B zroPwjjohunWATprwANvQT&bmaIiB{lYS(i_>$9J^D!%l%n&?!#zEgKN(ZGq%!_U1vFImy>*A}_Cl1b9!MZlwIsnw9HYKBVvY-NQh; zf~{t7Kw%Y$`1f%q%OfQ8yB2s1DEP3S@Mjn6hv9LTg-l4qLYSuhJM0RS%6{ipyF1!Cg+5(v{$^gyl~0(R ziM@v0Z+0tN_ry5t4_}#{UdfsJ+|FTj=Mx2~)?Y+t|Du@Gg%IQQS9|*aHqTWMVXKkO zPp3G^&u3$udBK0A%K4{!kJ?u)7n?NV5YZ<2XAxF{^0vII3C0H<{H@ka<$nO#G$`mH=>+;K-@34EPr-{1ZAoS^>$Lp&#uezm?$d&O0Qdiv=U zwDupZ*O#Q`8B((VYjjgc_%Yoi>hRH4{fKgI?iK}h98e|B9|c&X5THWxd=M)XYOIs) z!y)o_yoC?4h81GBDArYM!7Q=ReBy8N)41*%Jbu7;?j-qPl;4jm!U16El|N*LPTAWJ zwemO&55eqLTnOmAP<5Zjy9cHFJ89_a}mmhVsf=2k3yM(mjEkJfk(9Y=c-!SSyVcEPhu~-Wg_yjxe zAigG#6Z@mfiO2w}U(6S@@p4d}>eHf`-Ug>j-O_MO)Q9kI--%T=hetKE>6A_6V`z5k`1d zsv_A&4lx)~Ofh`V8&T}@{Mi>?Z{KO?(Vbg| zA=u&^+LKWDH_QF_v^+Eiucc<*|BUC)%nBD6VA3xds@II#FinPb7H1^dQDzB`3lWFL z`+iY!IPPCZ68+c}%8>XI9tiI9%X1uW#2KNG*ZWUul9fl<`AEOQp^gNg!K8aHPgjDn zzjTO#F(Yl)6f)@9@f6Mie?;%$cOptXa0UkoOX>G~zqhc&c$)`uA5QCuDoZ93L~4^V z46!kHTySr<1MGgj)twEekHVKP;lbpmtSf+)lmbK{$`+|V=wnjA3$?I4wK9NXN4sxs z;>8Bktd{sym?tfywDCCZ194BeKBqDDk8R#iAItcZ@e4|%@c4^NCa{hJ1b!Zlu?zqh zK?APU6kkyu5M`ZEGeV8EKEH}Xwmgoj=Z@d&K#1)q-w0(DXzIF%-h`|YpRrI(qIaT) zWkfMlwt5^SNUwQjdx-`4q`rr$wzBV*C@FWjB)w~`{&^;HIDAfQGn9994*?3c37 zipgYuXXSY7>MlNMPHcnpT{#`h4$#0SBd_3fpcJNU!E0ZSZ8f$=IBxZOPw8=}l1@O( z{K8f{(*{gh`^-S>gU?kh3?+M1jQ2y`t7QU_@56n9ogV&>HXB|4o{*jwKDFFu-~Wu8 z!~X)hxefLp9p~FAS4F6&S(L7QCBYuc2-v2h%sbXibr@gB$wC}|)C-`|qpD2x6h8J3 zI2lVNRBUMF>7}vPr!JlWKy%b3Z`nJ6K5g$%+a89$3x-&J7W;l(w;k4?9B!)B5K3aj ztgLS;DT?KJTTDJ1xYlWp??rwP{rm##0=Tj;xGKqHTKtxalyiIUI5Sqqu8RLia?U(u(k||LvqD_iM zc=TFx4v@YHU6LiBkD60aM`U(H#`A#R5W%Ey=geXH>61t^zO8M$OUgbS|*r&30KQE6@uv)g*(ngNH6r8aV~t4nVW~pU5wOla+zaSH!e(2 zYGuBZx8HRifvwd6K(Sry_`~(a=XKyVz{dWhcw>SjVt1KbrCJjd>-wW1@1dAGFq!zf zUkD2h6d^j}!D>>p|LMZ9mLb@IAg#dOzaUlwvO>)(3_~M15)lF&_}h-IkmU>yNl5yf8^fC}l36AFyg&ck z-jqG+f$+3W=g)Y??}xl}g!H!=s2dXx`c(xy%xq6UQsC;tG0Z@bAB&?x2vh%{r`4FU zC9zF#(fisK_<4390RPp;PZA;Qqt2?*o8HctQEWA%W?vUS*7v(m!M=p_a<~NUuX#n= zn}fvJ1%T3|lM`{-Q@(H3kXd<%*EsIj6s_z3Nuv$nDHe)?vs=4ZW9x2CW zEgx5@+gGTQG`^u7PQ`-zv*OqIWXNyR7ek8v9c^1g#H6iBszEO`cz)&vD476^o)F!YBGuafncr z)t}OpBOWUQFAK;~V~{EmLK`9Y=9jx?Qn#`KYA#CfI1G|rsHQEA``RlB`<}4>8$4-~ zs9_;=`3QL|MfJV1llS&{j?CF*k;oj|3{D^HF8WA&Su&*Vqa^d92!%WOB#ogv*CTdmPE9KL7X@_$N^_o2g3RtSB`F&Bju-Vx;hnvlQ`7fL6KpETE>(P>V6k_yB+-&2GOwoHsa=dTU|w=zx`%!RMUPR56;bx zbI*Op{TT0RWjW)hcM-BKhNf%et6%!(>_Nx4y+APOcZ%*ap8qJJ_bEG-O;M^9nvR$C{SSuhik%KK2J~wjx{hvVz-y1eC+%1 zfF}g`eTH;?6{bp2LV{`;&C%Gu?w>c>50=4K7v?MQy_BAR@>v{sZ=^c|30cX0ep9am zH!*9re=7ufio2qIXVZe!%4Vp12L|eh9-D|=wXXr*c*lRIz&CHe_!Hwo4)sHWI*YIf zN3eI?uY4LuDGT8W8*67U{r|GR3~$PD;g$XZD{k#Tp|o9%+n$KM=b(QrST+^t(-YG- z7b3bGrQ7*b2A%UFZk24MwgNDJwV||S+ue(Ou$0B!U1jyW+rhIF4|%EZq^xxWaG`21 z#>91TKy)~$lrtt3e<1)Y&-im4#zcOj^jO<=`rVP60u*iW1c464m7$6BRi+mVMB(;2 zT14^;_s#glvyv^Q@V4Tu@1DwVBSIIYr~e9__zi_wA-z-7Fh5*yQ#v?vcc81B!B53P zx1%$lcdZbA?Q-JaLq1ng3XlY$ET$Ht#bJqn9iPb{pNQ`Rxw4FrFXxW0j4cE z@|XL><+~kaHI2Wy#Yt?_m%8pBc_g#y(~e-_5d_u8Z)%TaJ-#??TDxD825IHsV}9o< z7Ja4v5S27F1;6B$bTz`j$m)a>ItdYT@{n6o&BCl{v=JX7IJX#Y*(3kIA8aST^VcPt zjP2=KY4zv(4%JV*uvAQv1`&v*i$$}&a>!wxSLn`pvW1{1{9IeVHSag%ew&Z(!LI5s zmTULKdtY5yE#gCu@_l4qWuu)mbmXoaUiismovS2z4~>Smb;m0OH(v@+s-KRATcd8ERayj}QOaeBgM1=SHL@7(x;@jYakAge?E-WEwL{))}q zE%`#}#DGwqMnk95?~2*cC56{XH>E{lA8*iebz4qGjni9sroA;{yOG&PlVL?V$~uFT z$Mx&iiASUwa8syem->W)=2b?$4t55x9)W-i4)kAtt{)GsgSK`wkuYS?VN91iHfWdZ z)M&1s5{E%Y1ZS>{<7!)cv4fJIo7O&WE{px9^wJ z(*A&?J0(e@~K_nVEtJoTz&xpjSQs- z=w=)XVP%E7>=dq#T$tm+=k_i}Yec*n@*2fuwWZV4MLrYl!}b8(L;w9ghu@>;(%3XX z@&P;cOHt3MxJAse;^_1A-RF`w0(n~;lY5&#ZU;GfjaFlRZ;#`FDv9Gqnpfa*q`i)K zzlS8F*4G|tjs_!MPm2XrHTxpZ`FE&y%hQR}1&^^$%(A6!L z6Q|kfzyi5XISn!x<~0Bfb3!fpc4zFAIwEyc?qucNVF(xM_#=keQbqkP(7*vxp?LyJ zXWWnAeRau54=rG8sM&^K#kTzkf;(#V$My;Z0u-+A1rjWF#X@GVszu(uS=Ma8oaSAK zWgV^QpSoex09f14N^n}~9eno<898wQ*dh2v z(rXgFY+ucg6tPAdc`YmhfT;cXbR^sZ)(KcRd2#yonH@o@_tE`_l!T`}?@t`auIJ6d z5to=}L#_~9OG7arh3af)-2nqK=9sM^;7yFj-|_bbqqp1RJ{3 z#O7Z z_O3qE`}A@pa~i6Bl^e?ltr~t`J38$KOrCm4Z+CEIXIkVYaUZgWYklLt z6iz^H!fD{gv_x`w$z^`aA|z_Lt7>!c(RUdQ#e_C>G$a=6Nl&@VIp3=vyh;||hFia@ z3Pk2-za~8XfBI?cGysq3v3iFvOnCaQtM1ewQ^I&TAsY2!1F~BWP+3_s){=Y}{R9`$ z{;}LMqOSyOHGQ()_^>2t5Aq3)YhI-z;!$R|xP{cL_8 z_LG=C7YPxLK)lfGbzD&vl*%-`)7%ko0trx1R~Xp!1o+pH^R=`7w6@0A0q>zWDFmrD zE~0#P)n7}G=|mBW1b<`;!@oP_YzaiIiI=XC3a<5^1NrAF6c9M>Woy2s`Da(Ts= z4Dy#BY z71)t^W!L)`924kupPv_(#5jr$T%8wB??j&8-ay?@!`oiaQ9)bYet&yi(E&ZC`+c>C zx~Vs!oXKo2`7hSbNV$kNMe)ZeWemz=^ao(Z`^h-Zu%_etmP^$QH~1esMh17Gd&qyqmi;THdh^{2DLQKgQE zQ57Z(t1t?xHw2^uEn$V^dQVn37&Xk0yJP4dAYn_MZVyjSt*vQp9uw8?_+D_YGCqBZ zjGVmpx-oKeGN)=bnPT_ZdIZcI>d!t!9sNZu>T+Y?*@@dL zE>ODnGi>+3V@L&VC(>`Bz{ccb6Z=JzICK58I0z7? zstr2`aAGUy$|a3C23~h7VG?eMPGfhzt$Ddi*#nqTb@SC!5jCfd~JRgeK_s9p@(YI zZZ`d{1(rN2j> zZ7sO58_*|;?)8xJ#mPu#G@u!T`0Z<-1VfoA3LH7a54cSjF~S~2po=icoJP^28o`UJ zB^|ZmZ_$f+z8&aqG6(a6;(ypPhd7UfuRG1l={a)usNia$_<0|^2{d){Uz+YA8gL+9hPiLgH{`Ui(@gNil$UV>dxD=ODS)Pa4(9i8`P7 zEFDTFfmG6YKViz3M8-8ueT)h^YDt&Y(<0*=&`2yT0(e{3R7Tw zmCSyZ(L#DvyuRt5II;aWfO&a!)BA0?$@i4~%Rq=wJ6;Rlti4C@HR|ZO;!FiD`PS;w z9iaZ`b6)*O;}^;yBCJ52mrSR3X_V^=LkY)YGj@`>OA?|YMPLAD70B2*EK z&-nH@c1(;-d5&3g#AAtO{{(8zi@6-ue7T+b&uC`hrdA{@G0DyW=F(h_PJ3mzt03N= zpkaI%J7M@4rGQB!4wu{s)XttttAm-UaxiK|t5=x+^eaMB05j6y&T4~DJ|&{g<@c13 za2+aI$U@5Oe%nPC5~Y`!S$Z@`HuOIp-{D6a!<+}w^07^dba_K8jB__U)RVxK#&#{4kI0%!??)37ecI@p2dL+b2gq?g4UXsnD=d zrucndNXZ4|v;Oz+n};fduj3^u>xNn(vv{2E(=GNS&wF+5y2E+Sd@ngA0_wf7`WW9KlBFzH0nGVwzx)Q^_(oa!&cP+TbRjDgE z-2J{spl6;?IDB<{K(}h|B8PV@1R$oBe|hI)6ZUtxkF(Ul2p5Li0S4BR7(rVZU7$eP z-{r4Arl3xq@_E0CDKDEdZsD!I780Kuzb760Nn8K?e&5WGM-hsEOjLa)w%v~iKz@5s zozL=yxxj;gu}lk@YOmebCo6bK9Os|Pyxo4{tmGHfI!|3U?)weIfKMiOJmG>WTx=EZ zUY1bFC0E~At-{bruRWdd91}N|U-TEh(~qY9`FtNE9`!#atUmxcks?TR$bxKq$CuK` z%8};A4_`~z*Hse6cIG@h$>Y|Q)wPHN_7Ika*FJuIVVl4^?=^cKo>zAm0TDC!&|r9G zQ?lvDh~rNMgadjqAHNh|s+XQxB;xdbLD%4{RKro8arI$oy`}R63DI)j9v*eye(tM8 z$?2Dk08*Bq=2(7JQugLr_>aM@~8d3y?%jFB_zMzq`zP+>;8tbeXb zHXvkrH-=Z*=Fj2<@sUvWZoFTO=F}4q3NA0@2Yl!o$~=oXr=11gRS`IaHGoPuL?4-3 zHJF0Bepcw`f4%bevKuaUVTl^njNQwQ+!hjg6&CL_RlRft@7Heeb?PgA$0Y!^<2jtq zKA7$;TpH6L%az3e3kj#5YaU zqZarRHeY}K)!GZl+m2YeYf2{|gLL=08vr7MQUtxqCuP%(^yWxt>bJX7pwbG+ck&@9Y!(4P=@4jnbq~q5K#q>Nc=UMO$_nnl9FG%FOfhP0AL6 z>_^%vC7vTq)Wy*zniBDq60$kHmsDxK=13W&M1)T{-o& zi8i4g)I#V_A;GmqQC(gzRxsgWm!l4p&uAA3a`rUHENMio;SAA(nUn(Y`Z-+C|5;(8>(mn)5k**+(xtV$3(B`jE zWK=VtZJn-DNI!YJ@}>)idq+p^S?3NU9=JnqRN5ZKIbAL^c9AxHb@^WX8I|Oa?e}eu zv*G6K-Dsjy!8;3TYQ8UrZ=G?8dzP*V+d=+zEObcrJw^^5Pr1eN3)JK;)#QRAzNgwCHATpsB-=h9ctM4$hIU+BGSj7geWZK&o zg?5JN9W=_`mvHuryxvLt0}+II!cXT&O(59e5}fdV-{S z1(czM<)}E1$Ex4%-|KgdT7H^G7MIqpS5`Xbj<)FWhuTlAmZ+8W-rmndI`9n#;jx@O zzEREd!CcVOk~JUR<`YLN>nnWw7eF-0ubjWfD6sRCJ18E6MSsum{ziejIIPzWF>Q@&U+ppxa;2OMiW)V&yXDqknu~EgaGn+xrc{bf9Fro zEeq9GWtpBI$>%t{(-OkmsZ$w9#`A9DYg~U>LjvgA_dNh>%NG8=w=~Wll=Cvt_Q(uhm*$Lr^W~~;g#mXRu z5-_OZa&?^p)Ky0H_7(x%#=!sb!LVQC!p}7vPmpp`gHJs*uKbfdI5hGn z)L4%p8kbly1e9pO#cLT|Zs{!XBv7k*EP@^nIX4G~%Yk|C0Z4q9vY+FX?R7oAC^7UkU_x-e4$#e7r`hw*YQ)AiE5`FiIOlBuj3^@P=5{^#nBqip>&IC z_u>h^UhX9AG4FjJwt2Zr{4Af>w?ruK#G0E}?rH{n*^W0Muk{pzG9vZ>A_0bG{XLEF zx9WZ_=+}@ND~prtp)w&RK(17tzOa=Dbg6sLp{ezI1VAARkGSa03n9N97VG51Sw4P< zBke&8I(A~$wENHAh!#)L{Wp~M>wbm^6|kNs>?UuhhT3NQ@D5)nfowYZA&AQaKQdzx zgg0g%k8Zc`FY$S}k@YdAA+zKX7MyLraAWC|gNX3tt?HxGc!VaxAnnCo{$#q#+1eKt zG>~3%W;{bjc=W{z)wuMqi5~Ir`sEC0;AiQK?b<;Y`fPLY^jdE$_ieYUjSh8gW`O8= zOYOT;lM(WBAA}J7NIz<=xp(35 zn)H1!O|53yQ}Dx!mkx|!=`=&t?fJnB>X?ieHby%w5uDMhMb*Srw|21$vLrF%oHi`|P zVvUb+k_jNTBsx{Ppmmq`ImzgwI=Y%ZW~L;b4SPA&hiy6$bPqomYlgjeui!C?U=Y;T!yeB;K6~Nr-+kHtSPXa=b$hcu#mYFAY~YIqmnsl0nx@8yD?-y` zDbi9N9|wr_>?;=SKo=M9ZQwuv+tSk&X4j@YB{GUXc=+^mlHbp+o`(vZycQkzadvXw zE2UR1KMyjw*xwDl(4*OoHKlP6%ky_hB^1pCP}(Qm^rHEdvR@a@G~NWe3B>2=sk%!k z%#NoMkC%qNa%1P4wJ%6n727?>m&M@;S?dfwNUERXxYxP`g)1+=uRiwF&-JG~IfL3e zcJI%^;vXcS3T3X4>e+Ie3!CiyY|rmcSwL43$JJi0a*3ao(VGYQHs**~V!K9*Q_@A_ z*%OHrZ%Oam7{jFtbqF^rBF?7A8oSDnP=JcfsIXLtPR8&!UY*SW#6(Nc9Tvv3Mn76D z&pLuX=&;~aPGL(tU#pFVT{nlU?p&!2@;+Ce^enwEWGbbJWnb^XDQ<*yxCItrK(At7 zPxg$z3!*&T;Z+J*Mus~g;+uzh9O6^>~SZ%Q{V#dqDuB9HkHlj$8w9)ZjzXCiIYf3_lsP zI(j&lTv%ZClGj8Biq{^o%y7@U54;PpF5(cJBE!DBeicGmWJBHZ1$(nu=7}VJh+J8pM{1Aj8z1EiDT`Yw z7p~s3NQd_xgeYMIQz-T2HEF%hCil1)a+`ZR$Zua5KD?HF6`ewp$)Upc%^b_U^0)W4 zU)-Kg)f4c7(6>GHhv9)?gh#EQ8;}e)QHkG5qR4vGGXp6QQ0>!nA*99h?js zhV8e{iNjei(=`zHj9Pz|EfDdkxoVpDiY$p@!*`~2EcJcF&|4gzl-+B_IfP^jEW1Uy zt`D*V8QcE<-}r@s9Q?OF z!VLadIbC8(bx+KC7+L&&1rOuX|Bv{_OKr~)w9?WsH+E8}3$#g`U-FI}@#ACxm( zEqoV4bm=)*!3^LPK(gh<#Ba8JoUC)uI39+F5m|H4w)u^C$M0W))p}1zo_wLu5%(2E zf(buwF*KG@K7v#A+ve|lG<(O*!-|3IqFFwx)@!GqFwH#Q#<^K#`tB zNP5BIEri53T^!c3a-JF*LAx>feE@PI+VkY=zL$YQ{Frm9$TVtnpZw8H!k>PAgh71f zc9#TY63z2zKh{=_N2LW3r(jce`&MX|y(hpX^O0DaEIwD4u6qv3(MBJ-X{yWl2cUWv z_ppgiHQI=3S>vyOgad@}g;1K{T>}|Pb^8RYqK}ZVp&_@N`l{v=yP1ED0PCxhj2AGMO^lPKZdy6j;Z}_kA zaSbci3h_dT;TkpL*`SSl)EAh3?6b&P9eYXFJ>su4gqybdo)_7*oOurc)9N9{XqdfD z$k+p5t^VvFn(AfM3gFQ%7;JbYrm@1DUg|?@fA)6ku=YTYq2>{+_x|t2247tdg@{pz zpjq-^nbV(X)MyL$PFA$cnNU^!Mjrw*|A>}J2&Z30crtru$G3jANe*cYJu56EdR#L& z(SIIPf%VnJnI|yHRr7ZOvN#Zb)pZ|2^DClbpc3B4oL7)Hn|ImmZNE_0*?Nd8tF8UX zbHBmwyoJ;n9+}_$ZrxvF_5nB~P0u_Gl7}EQg?PVyw-C@p4XQLQw3k-FkPkP|j>@Am zo>yg$dvUxXlb$;7z7OyqND*c^UcP@+>0 zlbrYGxodO^cOdYux(`R^Mdg(oZaqeRG_Bw1G4*i@@$Kc|cD8+)&_Ft!j6BXM9^|kx z2f|oZjNkhG6?evxc0MV@L45I%Q8$s);Egim<#8~O5Qb9Rkv!z2j|n4gMxIXZjp$eO zPccIkO*T9t=Od=7_%sayxV2*ZKFAFmjw=guuFne8tt~qQlu@2AOI#!XHMpy|#Z2)b z)D{BXL<5P~J$TN-q!x+wOmJPMJet9<-x_}*Ry-vObA7D$6qTOluIc%Gg`^Xuv4eEH zzan*VJ%KyzJOeE%MIU}4!AmM&5wXM+@=oS_o~&RRlU~@REI|s)7lIvo*xrnk0LG~=s1^2xkU4+i(u4Dp4u6YwaM@znX&Slj-?at>MSh{jmZEZjRmlbu=DgU)_;U3b3>k?MkCW zIgu5#VaM<#ToY<$yf!5tG12<45O~UzsV_2Sd3VepgDq6@TREzrX5K#zFyICGB}B-z z=EWUMUP=mv`v=NKpZr z$B2E%5kR)5&aQKiq)=>w+mcCHZBfN3Rl^+C+Luz7P5}Z zLEH7%6{&4Pz&-F=ni*FcPd|I%BW~D=<<<>p|7^=Uy}J-Oec?j9PJzP|sNvY@cKJo& zrXG5`yXNJM5s5#{Pzt>z=REEgXT45l|KC1+#x;+6xNUN{AFfd>Wa>A_lmLfzTdTd;YwPIyjmn;Q>C))xAQ!?(Y`(I zUx@W>TfO(@`ue6~_b!7^n+0d1IRh|w=SDJ%Mi@zNj;UXG*j+fC_!4C^J+t4(>gm(z z@Kh_b1aYLf*!TU>@Wf;`IPJNW7W|jnIDU3#h_3U9ID+V#YF`_sbgQO@ton(s1|55# zMq(jBaqWhcY$v8EV9VVf5aBGpCxEcd$Z>_VZVkiBs@vssaJE|@p4HT1W;VU5Zx1U7 zLP0qH+#D*)s0^ar+c**S?zW?ZqJVEJ9DoM(`9^|w7onx!;tN5T>vQ^SW-&wZF>g(p z;)u6n3c%P4&OXi0oEbdsG7J}RJz;BSKOq(*>?SJb^*4^d#gDf_4ywQoI~Y;Zu(yfj z<@s1i{%Y`WT<{Wt+YuFtJtv{K-+%@|a%kGyxhyWz0;m{J>v-7hzO_A{PN5dwMp`zZ z)>)j|rwnn)6=4kjjgZE5C;skNL4`eF0km?j$wFyoc*1)ehd_*&c_AnZKj}_(?~iZ- z`DU?nl77d!#^-Jcll3JMY{)ppT>850riSfgJjiYqPU@kk6(j zEDzyUNW!JR{D@&*L}B?fqg+1A9_<9;2RfG+>82XdhnVE5W4v^^xB--8!s}KXgzP@W zm$cTdH~8`(0es%SD+if*>D+%YjRe{R`XYeW>xRC=?6!=tuwS?@d|z2VwC?g(z{nu8 z9}bs-@h|s~&$Z*SLSGbqqigX|z&$YGQ{5aW*iHlijN{r*r{Y$!zI-9Ghldj79B(J* zAX>U+9A1m68O7rO8j>xOS1dT!w^RBDpm(HW_BwiT4p&Ju2v&H_0yfRAKdUG-VVjSv zZqcufg#m;k`x6OuOVcXUroJFGdqgXwp4lGq2Ky!-g)qnX2sRg3yNsxQ>Mb4q{K?4>=R3MgR9JbDmAdG zR#BX~#}3m}+B+x|^neF)8*cz1klX~G4CAU-lz#{7bO_}4i#$A?#pT$6D+f{=RB&#)%dz?h|;?_)mWv zVmNp~_Q$@pWwRWe>&%8t`wGL;h~Qbkkh6VM#sVF^Q8cwgl8RrtM=0K)>MMa^@I1#;eKIoR9f=4R>_sxv?K#-`Ic zGvc0{ICpKtKe~6EH>FF@v?5Gj=#5?4?_NB7Orm%@R#5LXT9Ril5T` zYhET2bZltjy!d3@mrP2+t|J)BBY9jJ^c`bEk7GRIY0mgPu@@_`%H7&TxXzVVPF=Ek zO~K6&96QtoEM6TtD+u=zu`n!3qSO+Ybr2>32p9%t&wFTenS0hK+EqB&4b%Gq6i*)S z`AlCUB{bIgedNP8p=DT56}qrVP#?59VHxCp`}PZxUKxlDti!cqD-0VNwtk%S>|mTx z5jmn&0EcBO^Z3aaz2tay@gDW!v~?k}-qjF{8%;572zp5C{MV~-o0o!b4n4}h{q9$A z)TPY1Y=#(Gs(!y1HA=fr13)zU2rxv#>=k%F@KN~t1gmU|112rwJ;0X-71Q7MYZy02 zturpKnLR%~-LQBs=>HN?N;eZ>z{UujE}Yn;db&jWPoq91dGHAo-*kawLRm|htGtna zk3SG#PP+l*>qrltXPaBRK5dSd2n@ZkRgplwh2MB>i#QU!_D6a@D=<*_h7Uvm_dl>j zr397ScHJQn>piRsT&X*QGYNg({V-B;AosLtxE&W%;HAI2yA5~*I3q=c3+sMi@Jfj0 z@2!kM>)*$M2H;^kWBv#(<9&3lc8uDkbJocoVOj2r>>s71_SkF~vwvS&7;#{xbI3Bt4 zF!8*TOXE*HD1MpV$Vz5jG*I}kPqCt;+-q(`e(nODNym{W(ZG5?YmkY9?rR*scVl5P z_b9=3=Wz3L%oK&HA#;wK$yR%K^Ck4BW4EjE;H&Pj?MtSr4c=v6V0s^DiLvx1DyHq)YW7+0x;jG|YL=WyK(1Okk0^x0}EdF{wMyzO^iI+IV8OL(V=8i^2=@=5g2A!}a-U|qxO$+iSouwPgJA?76tezj zvZMsfl~$uTqnzhNDax5qudT+h(Y@xogv1^ZB^wAMNi zn6Vj(FKVA>KT}PwU>lf!=$ZrO=m@oWJoyj!MwcpVi}!pm;;pzK0V<%A%7T zQLT%X;U)ZAq`oNny= z>xr&JWi*<^@8NC?pyTmD>~PeWL#G5tlkIx!0&-%1QuO& z?wz0UiO%}me;>wczi8k3(5VBd8IRzDKKs5>cegp&DivlD!x?d?@W)|WM9fz~|MKvw z3JBZIxLVWbBuqxjjBKudRcT=vB!aNhFIx6E2|tJpexeh~N@xvqg^^$43%!ikmP*<_ zucrqfK=aIgwRz$f-X)A@J{e`jZ7G>AA1i*`iOh*UUe_254qIB$4lNe$ygE|OYS}L# za%BH-NgB-DIi|sHDA=&^}y#af%=6=VkH+mcYxNgCWg9%2${bT9OwiZQ#ApA-oAaE%l ztH{3IiGrYl>2R_6XODIIp@ro{!lQ7$(-tRWBb?gqPC`xP@e9`y%Y1s~!6Vrx zKA~~7_h~qyn5RKr1z75Q_vz*`|8_vnUAcP`m1GYnmLmKT%;QzI?O>qE>4VF49AF)e z)mcaueYCxrk>NRs%#8fawCAj4RJ3q!9R(bL{YX7uz~X zn%}Rf!SsWBRzp7C3J2Uv8ZM0`r2<%@ViA~$X^vzc-6Y_Ic}BaW5dIkQm{_anS(;Zql~WVGu+)FSAy zff?YmA!)fs0q#PU(VBwkbJytd&hS7P7Tbr2wSlK6*$7Cq%Zu9x)*uM>lX{Yt6U%^p zPQzbPsIPP0a(oUWW3X8I_Ti3DMcg~P1X&4&iist$hA>sFQ_uN0-9mgN{E?uBRO|q` zx#Mg3h+aCcD@*I}@Z1@Za*?pbth5?A1?9H>o!@s%erT`XteFn;lgi5t0q$$kyyX^` zoLa)YLb;JJ4NTpwqLz%*6s0jQpQgz6({vyLM92>nZf~CzT&E6uUj3ABWAPGrh<=_C<;4hpL*yV%VDV&On~_bcJMBZ#h&#_+;lwOE z4-`E42NL?XJ$~^5^wBa9=3IrxJ>_3!cJ98+&)51Hs3PX_hU4~Wu_#x_^9VcJiWYyl zL_j!bP0NQ_YJ@%VZx434;rvsS-&qA=^jVm(uC`57c-v_Br;if4jjl<@mmE=Z3L(>Y z&4FSjYsWmTQkYhC?5)V2v!CYp-V4vBqzC!$GF?B5bsF{p=8$`DcrIZr`QBzC9U;bf zuWeXrm^d2W=zaQFnZs~VbrHaA`Wuk7N}Y(}SV>R>80@CRw~ti-SFkDed)<=|!hZH( z_CU77XZ=-Zf-WElhJie(JfE+H$F@YqWh1<9FNM1T=Rw(Hj$JoK8HDN2$C&GsUa!EL7Ws{cOQWLmG+^bx#2 zdvEpkIK@mjWvn$hK1@Wmd(pn%3wjsb2cc$9iX~4?>U`dZQI|DV)I1*tcj-cg^}Tji zL^;b2iT_G{{*4I)t<*xjG0G~vsH6(ehcLTGz70$=w3nt90|rOeZ)>=w^eGNk?kgnG zpADtjR;X;Nbq<$m?TS>Lp`_gLTBaKRX_tg}^;f}8q+@LsLm)MhOX90JP~(b?L&n$R z0-gX&_gm-4THeD>(LYn)T9{lHXDy1Q*UF1S08a#60$dEvXf#X64jfzqjeUM;&jk7o z2Q2yrU-%z%?nn1vbQ>$P_PILkz52Q2cJGWcWcCOQ>kZ~G0;NIs&x=xL?$ZzZnc?w- z-v|A6`)%tf3%~Jte=?XxMo=jx*oVe+?&j+E+{j-H2f>4H&o3kJuZPrJ@A+2)nH;z3 z-|7A|U=}H<2R7~epZoNL(--@ORMFI1HJ2c{^TOQOMpT*D!S9g;cO=Qr*@HnBH7*Hk z;y#pWLREBs2iKVxu{O*8E{8Nv%T}B+Mf>IChSJu>1nadORy2CvlH8|g?UXG6O$E&_ z(qN$YU`(S%VgP6W{qv(z6?W*q5gSW+Mq|?H*-X74nUTWaDfnYh^AHdA`%tP38qAYY z^dm{J?LC$p(O%kPH=T#=W#Hr0p!25)NZ>WfA5kQ6N3lCN_2Aut2}ZzI^!i$bb-!6} z!CVtGiKA!u@j_^SMSN012aQ7#A^kF0pGOJ{w~lM!skeDiy>s^|N~>v4-#9Fl!+W36 z)?k+HI8Y2;wCf-85uB2dvcaj5TA^F>bP;E4h9d7w2$G7mUkJ1N;RG2yQD(Rxey6Hv zsrmS~-IxeMUEpkS^0Z_#>HW*=S_BN&dEbJ=-vUw+^LJ`7R3wEa+;T@E&?!b z={I&?U->@4SMS@`lVyXmF{VQJI_2Em>95%< z*%xvoD!JS`0P1sttDtvPCi*hJf_C59>Q^W!+@JAP}p>U zFmz;pC}_=lmx_@8S&S`5j7iyW%sdBE@q9DNdAQbev+r@ng@4)TfEe4uc-)O75?V%j zU`NGk9Nk71(=)uD)$f6^E?mKpMrbN*`Zgi$W)$;pkuh*>`KrZcPc;S!!R9xaeDlO=m(%uW^fM9O9~0cu!$9}y3Jj)-2)Bd2qCet`6_}lIq;As z*-{$NE-VUATQXBsJ)#@Ypt!Gih0dBAZDV|YkSrM3mlA8Pq)Z$fuXGI1qPG)yq<=~_ci2tRr{F_KGn0L^*}Y#&H9X*bE5k}z*Hg^Z*oR)>AOu20~HO}=;O{Cfs$(2GVi|o z+U{wXVGkpB?0M3ocReDl8DN}eIlGlxDKJV#oiQnJ6&>Ewgf_B?n z|3zQ;@>@N#Gi*9Dh!d*zS*l>PY?c$u;6+W-gRMt7tzc}0&DVYn3S91?cLdoud%;Gh z=S65=U`06z>Y{&4;zdRW_jh@^ZE zzKs0KovT!EY|Y{*h(G_P}W=ECM zVsNj$^cK+YAfO}6yy|_m6gGdx8qV0oWPU?scN({rasa#LP$*~YGO_du9|`UmM*H-& zqtt&3^LfyFXU)44oDyICt9Tn+1IyT|G6F+IVJr z+^#I*faP)~LCX`l?gEVQ*&Vu#d!A!`E2bxsa3@w-=_;k3#8;E9Q*hAd$9FSV9g`G} zg4uDcS0!)aG*r>K**w-~UwRwyfnvbjRi^-<+>f{K>rMq@(ab^p*;b!UnKM=O^zplI zmp203!pn1+MJAff^!r0Yw5A~Fj1w&?hU-2~7lCHtU*hNXmFJh@@NC@SCouWrF1_?4 zBUl!hJ2iF<>80>6O;wu)qba>w#X}CQjtxJ#TRIlexbK=n>h?YkHvu-tO-nfAAvv0^ zGI*!wS=7O1k$beZF?stOTMHtK*xe@at3y9CqPg&>5RYPZF?HP@=}(&tCcG3?#lv_2 zDwJ#GFwz47AT&<<=RVV0)!6R{GOlUs@46^Hn#8O8g8Oa#<9T=QdV`uZ8@776P#>bv zAHfjxplYw6r@eXfpsv9k{RVewKHZLjb;#f?iJR6Z5|zYfcbsx-x4Bq zv(LM!1AaT5f%|%=OlH~0oj1}(8+<(WG$JPXq>wLDA3th(ps&xjaZ;U{@I-}!8Uj}E zi$^(-jYo8IVPD=0OE%a=7Z!G72PU+IYty~1=9TRkGu{2uIJE^=&O#j}X61-h8)yUU5dW|oKI4U}- zj6`-A=6#m!Qe(E}$3;p@{hd#)=Q7Xte! z9DDX5x9Ahk0@B!P0xTDXZ@-$^oWc5GU+LGSwR}J^lN0vu9ei3;z_2=0vxK}VF4vwrv)ttuhBbSsfRlSl#W~X!gY2Lu zPa_DpkUhMX(fRH&2i}q6y0=TQd4!)&T)oN4b?XO&qK}*Ob)VaaMHAFknEA*0q!Et> zel`*;D9|zgi%+m5K4%Bw4=dJ8E9d>#3zi&t8t@bPGUGoC^k?+=I)4yLd>IvhU zKi#&nX2j!b_}z%m&SNOJm=BMqosf9Cn-uWRy~Hq;!86G~?EB_hOXa16#Q>Hx<^&b zy;EH9o9qDjqYp%xsGQS~FV3EB&O?3zX@!`cz5!^D!+~^4x39&;eq5GN&?C9U2fT1E znhBlYi@BZfiAFCm$B?f1fblgzOnbr%mgpO4+3xjTJ!W8K>6cXL`%?X6gg*y;gI=Yoz1|&F#5R#Ma-R{>{pd3ujq+vpYo8p43to)Opz7$Uiu=uIk2n3WlOE72ySe zShc32pxh+xpqz={rGu?}_m^F4;_mUWp|Lp9rt;W8HdZv@*qG7vD*uk3oTfZDuI%w}{UO7}q%f!tGuR^n3JaY5euTG6-WlN>tQ5@2 z%`Z#Q^pyR`1iLReJzXAGT0F`|=5@P!icC$`6YZ_c3+b!ZrVnX=p^T6YV@pcT3r{f9 zy#9h=`GD!!h0U;p)a4QyfsmXp`>4O}xxd?2BX!&m;>gngyE-5PAnnFjGE6fjl^i@; zA8JM5`O1)t<=pf8H-|sE%3i1beV8||Se4Nx1mdU~Bg!!X8?SuLY(j7&5bsG6Q(OqP zf86#Ik$tune#wjeE_+1~sy=^6;Zf;|e-x`|Gt%VYQr|#u?|WN+$(7;l<_Y6R1kVw7 zIEo)$zsnIWMZ-P4LfI|HFM;`E5|_^sjrs%igm7UYi?f?E0a>6s=MH_j?EcPrJegzn zn&DyO57)@&0S`$|)7W#5;kv`NKy$mLw@>@2(&c*hR&>U#P^K8Eb3Ilft85WdAeFHg zdo4QpkY#%h=%xdwdrwXMY&Z9^Q(CjSg6+6<&2)t_e1o>M(ihk-b<`+wx@6>&UoZ#A z`ft(y;)^V$9sZLBrZs^)c7>uFk8)BG+|k4X4A!2uk&5m>xz1ai8jpVQx$d4eVf&Kn z)5_BPwU0wjb2~IvMpcxRH)<+KnCak^@C7f3!T1AR(^{*m*ODJ+X+;i4HfF~9RcTl1 zm%6OKBzO8`R-Ekv?yYKY(Y_^L2i!vs4Y=QN&8JoUl9#3CK)N{|j#jq7W+5n-i&d%U zB(>KMaMW-OhL)4O`-2jw$*1$(vt1*)6-)$gdYIR9Y|$dsk&nCEq0!j~P4CZ+dW#X8 z$**VG$?}VH&+?vO?qC)lD~c>UvtOdieINJBO5Rk4V9ome7U2x@oxDCnB%mP~ z*t66J7F%3)`ksY{rGs*l!bA?@wRBOe$(~2(XrLW?GLIwa;F!WQi}@=v-O0m0Z70vUz<3`c(vPk2-uV7bbkgtjh%s{~SFQeHE#_95`pg4FRUnLKoc zuB|ica$xczYzSerIvC?@KMJ2+rZ^R(zdyCQmw;9QziwlN-B$6clk5{^bcDQ|5Feu! zQ!)Q!+54nZKLD*ij~m6DD6(;#miP7#j-$DAa6X-)_DT>dhe5M&_v0H~M6oP4)I%im z&Fs!-$VOIge|jigXlZ%*mutEqrHCPe%;Lh!z0kb}bk7)sh=P|wIdCB6L=gYx_V+y8 zMvj*TOiRY%zM`8WrBt z_I$MHqAln{+8$~KS1QQiqYXFDGq)cbD+6RL!HGz;BMlQ#CgG^%e)}Ou;tMkKP)*JE ze7RVyyN*sfiD2(6q`|{1rF#zL+YK#rDhtegrPh$M>TZ{>PqYYs>K)bpS!{(%5|c;z z8(z+k09GnlKvgK{q!y}u7mr6z=Yxha_$~kH^a%^3e9j+QO8TLkj+Z)wl|G%JhjY}& z7r+T3sa(d?2ozPTkLy)ew^-jp^vd3xY)H`r~1(tZnIOK(XT?{;>GtP?>Q}4fSn`nFE~t z0;*XUIw|U;)}v(hP1ffqjh>1vEOrp0H?9iIlue7d-$c6mO*G9Q7iiYEv-#}k{NN7B z*Uh>+2lg5^NwV(L3rXEc?R#Te;@V~+&WT_yzPdb2`d;8`hJ-TYbK@e{cRi!vTj+T* z)hUQ%%*%s$5pp%oT`XWjhELOe&l9FV5L($nN9h4~g{SBa5v0HV(VwB%BmrN6OGEgJ zmCe2=jq!bl%!X$UzG5F~j8vI31~aPVk6haKl~lgyf$M*9W9WDqR@gKoAMD8+atKf8 zr|~_XdV%`v?{AECwl5Ug^y40xkSpGD3ZqYUCr$>np7Sa}oO0w^Js<9vgd}u_MAkvt z&ksxKh3^rntX{$_Ja15PXfdGAFiW%{j-%pk4k$6c_y@QNzbtt;$*?HcEAiLwy>f~N zi|!Xz@1fm-ePA&u-+XyLq(I`x`uyBi%ewr8@)02OEBdZ5QQRu!_#_F|3tCqL?ydN#$!BJ7=`}U| z%h~z~Vm`*u=2~ld&y)F9pV==;@}c@>PczCGc-N5b;4}uSU-wrGlQ(zBnx`P_F$e3V zpW%6uqfKC;hUQLG#uoN4*tZ_$4fsU@Ok$e4Sc2JQCW=%r*`@H~%LenU4k8P$M|;#F zd-Y%BX}E<-*39@;ctTOI_)GZ75R89H0;?w_;q9IB?tnZip@OczUSr`L6WFnQr9kE3 z?#GzG(_S#)K0-J$a5`?up33@ zyxs>%y+Sg;#aJhZaX5Gr*_+*V$eEB%ZeJd3_N{4BLl+6xkh_&0-{TWD%xLYLMN4wz zOLeI?aO`H*^ztJQXS6p?`aINTt zd;!Hx&G-uzN$BVhY2+at~p&hiCP)jBfq(VGM_y3is21$R0&m z3r~ITvlWvM7i`mh*Rlw^+t8g2+!@1p2erlDB)a7!aj*rYIpO+!6bt1i7jY@d@V_BTN&9Q-_OvEjRD&X-sZ_Hf1k zeMjG;?-d*|Xy2bdF28L@k87#Vut7#_LQA%?UaqMJx)hZ{>_V;UM%I_I}$!q#$@DLYi@9U9>KOfkJ zBu5N;86g9FDC*#{tl*Yj0OGO6%jQhu|0}(5_ue_KF!?QCh?yoYb9%U@S4*m{@oC>1 zlb?^+bbk!H>G<}~&;E(sFt-nY(F^PZ;DI|xI}CdQAFiQ=FV%vFqV0XGbx*yDO|cDnSId9e+?-;G6fBjKu#mF^t|UZS=8KzrKPeQdAi*Gbq0 zE~#OaqXn5>U(K^sJhA~)=sRk`ael9*7r8EjyPuO*e&jFk5Q>@Q;VH z&cG|+ImawMpTZcHGxneM?lwJxp@CN)FP*x)mLnLdJfUJb98KnM;<+CF95JOb=^PxU z({VlIm4Ir}dPw40#Cj86X7kP=owYBFr_%tVZ!3zM4OAaLMMua)Ee;M=0gMYs@b4VR z&C4yhprNu~HBCTtUy9S09~K-kN7kGCw6@DEB_MEC`Ww&3eup{|$L;4R7Bs%t~{^(_3Tm21?o z|Ez-0r$4G)!l&8PX1?^EuVO_r`K`=U`whRWCBuQHC&-&)owCjDcIVq~^5^P@P$aKd z=k}-<0;Uf@Pp-mLt}L%0T8&U!D)!bM9S+k|BToDavq zHx+t7t)J-gsVa0#qA26*>nZj^2QIGr5AovSic7R)upzZ|Q;o@p^!(5xFo8hDnop5< z>fUz{kGQMTzv3e$%on3`)#%)4_wj`{Kt|c|4jOTaK~TaG@AZUsuct14e)|WD5=%8Z z^vy+EbAAdepTjn^>)IR7y+H-8Vxd{>8}dj$C{qDkdkw}F;K@u3;AMgj1RxD{?DeM$ z6@COC7Pbl*w(U-_0mCWsJ9Iwc9C!h{Wn7xRsA_JSwbX}(9Y$%-yyjnOGZef4aR}j1yzM3t# z0wTjLFScV`t%$8tYL8Qp!A4?AyT3J+C)Sk-DN+*C?x@{tRtC6gb-ALBewDJ#WYX}x zMOI-G?yKA(7>HxdKU!ufa`Q?B+b!d?i+!e>h$J%vSB{HZm^<)w$|Krt#SZMqU&rYx z_x#*i=Wo^c?lJC-2yj6B11UyrPqp3GXpFO6Iwf50$HU!H>=jnpmNQ!w3f)A056Ok< zIc%@5pchSR`bo_`a@|l6nj?5+x2=zk;>%M<1S^qpqTl>0oa*(Lx$zw5cE3&wM?7R9=6y)=q$NKhug~`No{Tto<6S+v z=jwFW=WFtm=l7yp@`H0k22Wh06CHds=3PEVaZf$5oY!-1mhY?35W>PVe0G$=E!=o)>u4iVI#etoHNg8xxw=PZO^) zd!J^2h&{@^7lEJqJzReaVdpewq%MwmA0uQ7OG1(^us%FHx$pRr2wIh!^Xu#V(%5z7 z79xAI=+x|TLS*#J#)pwV0Bn+aca8+GP9=hzf?T$dlx#Y{*;GDLPh% zlaSllR`|=FO!v;(=?hF*EH7Uj`jyh(&|gNh)AN{Papg3km_Fb}=qC-tRNn_#Rr+;A z1hdz_WPHvD^Jb%;S~CeGt;7!mOe#2$M_cct?SA6AL#saWujGDf?lYHVILP*kRYTY% z0TjV@O3Xt^{VDx>CWR6Um*|ssedEd@Kl^vGzbzZr9y(m|pdA|jan-V?@ow(!FHE0# zb5-UkbVVMt^v^MXv(OSdZ)%ar`4i`Q{DJ6=8J=tfvE2DQ*+p}QX8qft;K}T{OQ0=H z^r;%LB}DS%^4#Lx85&t;&>HY4<`dZ{_T|6a zLsv|$c@un}y$a?nJ(SxGONBt+V>I}*4*g1CUf6H%j=|P5+923TW1Aqjd!b2lL> z$(m`uDD98V&;2nqqXf8fr&wFJ%3v?MXP0r?H)sdH=RO&4>p4>ZW~;7l}7uEBj#| zG#*q=u7kg4{f46r#ksQC0Wl3 zEe@FEgz`yR!Lvl_uv$_T(_?#t-@ z6^4g8>rpWS+Sdu~+t267v?PT$a%hHQGOBSrnFPf3$L1ngEQQi;{J!%`h3q%=jJdW? zCWYuWu+x`1KaU9i;fGg!_M8~E?B^5RSqh5{yZR2Ls``{8 z4G}hZd7NYa*b{krxxL`0cZgu$xHGF4!DoS zY>U4>zkMyp#XIUZz8aW>+q5%yu(IkDR*<`*9-k44G?3P?(5s}mUeIck;}`d zvkd&&$Qd^KC%NAfk=c2Z`h7(ufOxK`$Ck+Lwr683Bx3_E_Fv-fD^ZzPfb_WD^5PU0 zs|e2DMhHCupI@~>=s74l>%8=!Bm|h<1<{@GxR%F#XG-o)9N=b@!HFr;fzJ zGaMh_vG!qaluOE>6%Sm zd3}P9`D`7_Sl_W?!CW#3NCQldsZbxWw{1@*5U?=TA4Wo?jJcY>?a zy_B}sUu0qlpZpKcSYA**yIpjur&#fA-Rq<&q{^7@BH+QE6Mf0Y5EUdmLk$&MB>^J& zb_6K>FWYEccYT6vQ4g4Wwa`W0DHh4Y>-lAU?eVu?UoYbw>n%2h<)QIGnR}wIsal2# znX7N`g56Ho&q(qLdjS_k+v&ZJCOAjo|Jfk1UCu=3hpZI$a(oo_!+~n#R!5oKQBMl{ zWv9Y456-U)nMInJ@*-`lZY41Ib!}P<@E8tMGud^--(fi@8Y}s3Cx3~LL)}ZZ9ao^* zrcMM^{!-kei@9Gyr^jDA)#Y+CQSP$Ou#hn>rG9%q1yk|v6XAK9`M!pmHa4clV+t2O z5$o1{IUppAv0VNxUn7J9NJ#{u6M7>GiKr5aVGlcdf4cn;(dq-WK5ww4<9}=98ede) z<1DejsGU9jV3s(cJAF~ksr?7yOQN!s2_%XI&E#QwduPQ_B&zg+^;fVPaBAHPbgBGV z9#s!)Ha$=nr`+W5d?eF;B0|LB-Tn|^4cqLrL;VLhZP>RN?>}b9VzsCPSdsq7MeGLm1r+7scR&1FMWHjo0qX~X<xqm>?>mHO2*z)nTULZFIC>A-a(1M@ zb;GA5c?Mr_c+e) z^u+e~y{||}nV!)vgl3`?SCtGFGVb(Q4KDhw4lfE=LF8lu%hzbX=&rdB=X&8RmPwp) zbhN$czHCC!OaHfDM03G{4(#B}lTkNHx9f{NKBt+D%D8RMQ|I_fYQjOa z_9YM9}O_>BGq>|3VB--}*0@)%_o&S^7yPmApK*z$V(fTpIv1=#aY`}$Z1 zBy({;8~t>Ft5Xfts_CbOaR0t`>+%C8L`HGn#@9XGYL&0HpLC{Og8qRXd15P1*5!Mf z1*0dx$P=>|W*6Cwtq1;k5cM<*Zze#od)7I5A;=~h2ZJ`?GelD9akx_YX-w3!$T!#K ze0{&({txfe3RQYMi{07-1NrR{RQ8Y}9pg`u+nnr;8KM{~g!8+Dce!!hTD=Lcc<*nm zL#4Q{qQ-&Ylw!29Uv?idt>%m8SY5v67J7Mq40rD^p*p-6HM^dIKEW-GkkeGHZ^ETL zHqyt?jt?}^WZ6k5XY{o#r9N#=c4Hl0P84QgPK6=&PtAHhzeh@b`+e-e^L^ZBKuz=S zn-0^rq2E`|jeS~d$aNK{8ZZNaJ*)Gsplm?GoKojnu|9nIcHFbFy(u<%E^8P(uPBMy z&%D6P6|(+?+{~R=o{Xgkl;OfVmrs}%&qalpT`pq@C`f;Xt5u`6`$#R1>(W1dQc*=* zY!B3Xal7~sJd*o95LVK=Y$5}&9D(O@W!CW>dkjv7SgoLzpP^z)9;^PS%AP_1_-m_+ zsl2MDFO-V1lv)_Mrhk%$fPGTlaB_7hE*U~>ICKMK zE_a#!k~_z)Gd~o3CJObkhL5N3n+~UkoqDEM9>P*UzlVU)F|>Sp3~~P-GR((!;ob~Ja2LZ+V(}+Gyn9wr+IWHA*)VE zHsy$=#=gGV_fV~&Bs`y>B)d`rf2~a_;D{ku;RVyY6{Y0)m+#cqcQ^AgwsmqAnYPzy zl_%+=$ekh1@91f=ib#SXTiA!msa19zrd*lnXob_I%B-r;(IVY_NMzD) z$5?iLKxTT56n5BebRWzWo~YdqUZOi_{;LieE1aB1{eDu->#Th?;r z_MX@iAraaXP*1+_+?A~y!Gnps|AM<|%8IpeLk@>{U+(n}*5M?qP1~dn4u_6lBd?I56@{%^brQ2!@)v zD+^IYj1`u@JF6YUt2kn+v2%Dse4jCFCPZ;li8>95lOp_Pki&01l=D(m9!{RBWJ7+( z{Oi`Qb`K(cf2n2|5OUHX%M5o~ap+ktepyzYH95cU%iq<9-55HK&&qeRTXv%kxs9fk zZ-!m|ok0gleLlA(ajBqPtjcfvvT}^@4z#ASB54uJz6^!|b$N4#PqWI)3QC+JwuNKtv64|I-9@H$?ydRd4f(#W?> z^=x@{G+LJS?8z_~vs>K57IL%`dbi~uC#^-xpJ zOXe|`Jtp+dJfDw7oz31mW>fW=Z>Lmnh`l&16Q@8QE<=JEW?x%PKWE3MPuDO z2hU1;QS-+yV*#a;2PgG)Z}q+>BrqB6%dHZK-yFeBu6^bD{?nFWsX9zBC*FHq&g=;~ z?Aa2r~PeI~QE3gP?%Rs+>oG7LWUN!VGp*c{1N`0xwUBxqKH zA(8U*69CVyWX%ysS8?HB)Az`tYE%1+-hCwRjn_|-|4FvXHNF{i1%v8_xCed z9uc|Mn6D%`arTJUfNDaA4drlZe^8|DK}y&&ByC5?&{8d-eV@exMkER|?fav8d2z(4 zyKXyhSDsH^9m16E{7?*SpN>!N54-iM-4}25`(m(Kz&`pfinUL{@GL)9Sl=`xKjmsdjFB+eFpSYb(5@K@t8<*3A1Zk@$x$ z78P&-TmR=c7rlCY6t3=2kM3uSx@3r}qV_#V-}DL(G?^^FpDZl}@QiP_uB96$unh9p z-6rS${VF0e@-jJ+Ew56v{zl$qBEmcPv;6sy^7~j=&Rc=K{tT6@^qSvT{ACh%cXNG7 z@2HCMdxsJh#0v3qmON34Slp~X?pqpf-+6$lEl{B>$1rU-Q4NgT*yd14(NXTg!`XWA z{>o@D65F?@>*tV|+%h7PAhiq}Rvi4bZ{%gFKobuTsLm{C6jj@Lft2g2)6sNUnpdP% zy&Ij`_w+T^?PGK9m8~o0`P_%zro-^`Wh<&b)L%nD+MwUv5OwWq zp1P>lc-easgwyy2--Ud+e+Dxs#hvOxK42abj&F1FkweXA$!%Z{vz+$42p$;icRta^ z-o^v5EG$DWBOO)#0qo)PUmKD>F?w;E=_kau*ydfm+jsfAV}T{M&@M>Eylw71Co9%( zQaZo)Q_a~BuiCe?SDw>Prf2qyj?l-mF_X$BU{&?F1u<1k5!@&N)drbQ?yfE)69VtK z&cTLz9C2mjNX&V{o$RpWATqxg*C{jMyI_*Oc%cQh%)~Z1Q@8GJbttC^+vDKHPYVGX z#Jrl^Idz181~94StK$mm0eaQv)0a+}kr4$oET?KgJ3etoFjYpe_PZ;rZok5iqk^t#h!sr2>OcXSjW z0P*piQoX`>J{1x$GyT2ZH$JzP(6sK|D{=tc03-`f4w1(!VG_7!5)5lq>YFmU!h`<$ zj46hX#-VIM`$kn|OXiR4Y3XEU_TUx3KHb2Ug5Gg@D!#|MFe4yobMuGGq$>TPAJl4@ z68>p#U+Gjovq%X(3}naH4}akTmFgO-+^(^(abHP%${Na*hx0>pgLD=STX#>bRfKzv zyTxZJkG_G2z2tFW1p4wy-6LI5)bkToYXKEERK(BU;`*(et8M>Wf^tNJ!o5%Y9H#VY zd+t-Vm4o*_u0Rs|T0x4w`#C1IKIBbklAGEblFL+}y})GLc6PxJh+`~evOM(Agd)L} z;l^^s_5gjQl9k(!-2OzG@!pr&mmHYmwcfD<-#rZkTnYu$3FAC-*~3nFij-cD?Wy0V z5M8|7v|z>rBgE_CDc7>Ln?-V}_n8>wJXY-2-3{EkC|>Hz_T3jB>pc5LSD{j*?pN%k z76|ruKbL0@t(#K99+Rq13UC=u-tWV`Q>aZR=PXr(bXQ;eeT+Z_&QT-Y9spMPVZs z9|)MS6@+leF|_{RrwjBK?Kbxtg6fj_eh5Q#>Rwy;WfE-3fChZ$SM{B2;<;4qqh84mSx<5wU=|oP(N2uvMLyCC*`L}EBr6{OmU(7SU zyTWJVNifa%Eu4?D==(fFaQidrqUP49&N-zvq!P2ln?#|DXvaapo!V|TvJ~V3#A7^?xVaR{5c6 z(`FL|B&Nrr^a3?MWp@wNnJj4S<_QWCC&MjMDs*G}T6RB=%b%WA^d0!M506@)0ZDEAqW7uoOvR<70jLqv-eEMb0qXN|faAgrd0 zj871}33u+NdyFc3QK4O|>|DL_&LO{wdb>#JZc8I|TfeWHvgJQ)<|B&QvYpOaz6`T+ ze9k9xh7gL@_;%xVnNSiBV%Q&4AL2hp){fZpxxnKd4-;WPTt5t^FE{**`-;yl-|ljA z<907>dX#cW4%H{ zz#TL)LY)|dBM*H81ic!7RE5T9>|!usrEc$fAGM8`8K3YEhsUj9M_~E*r_c=g5w;MJ z@my@mom@1Zly*qUq6KE zd?c-KAmFl0v`qC=`f|4i!ma5d`WfW5&ixU_TFw{MMyXPmS$%(?rrTu4eN^+rz9p)a zwDqSI_hfGfl`l;hpG658$E(FfScRoKoPXcw^FC?d2A`O3dw+)zPdu98b{P4|eJ36y zgSV=dzpWC&vYG@emc2nr)jfmimk`Q337@v&G==>26cQeX9hdo+S3D`7vS{B5LW2OU zMgc!Wv2Oi2PH)Wxm0o@x=Z~sow#cVcb%M8u0)L_U6E+Y=0i$ ze>t6R%BZHgle`y5*Wk^g+L)4qhIPomVU;uLi`Jv*kyXiFs2hTPmQq09Acz;n=kxQ3 zF2TONI}+q{7{ZPAK7wI;Z~v2yQwy1E zNI;|kza1}!>zR6WmcxMfoyM8AUvo`by28Zvb~%qIRip(|pr&SQ>b`f)o1v`VzNhT( z0cO}n%ayP1+1M8gIVfXvLwQG51IhjltphZLn+Lx)&&QYa9$8E&TP?M{xHy>?g|wq51ki>}$VHX?`mvwJ2GV9z*`YuB z)~VK#;wM(=+`+dsum|$5X`}1;&yC@qj{AMWLQ^{_Syaz{-17EQ2oC9-}m$z z%b{Ysj)k*Wu0I#KpXcQxPVpZ8|NRJivT(4ieW&0w`|~*RI8SU* z(qd0hW&o=6=IH!;Uu)%bX^>O^LQZC&jxSyJIu72TmC1C=t~&l?py)4q{Xi8y{gBOD z9Y%Cq%G3S?9OUY3!_*8%jVl9ATKvgQ&4oOLfjGmLY$UZg<3VVakP1ex;PA0`f?v;Ang4SdNA=E8FxQs~`Gcp^ z0fE?}iHoP76UR6j{mOgZZ>xJx>il(k-Q>f`Mo~~uwh-)ACG+5%VcuacDHdq0d;T4l zFdD9*WK^oq>XmPm^W#yA4;lL71;;045TA$#{QGou`~JH6`!tV}i%aB5;~NIxZfS>4 zZWge#I0k?H&T9SL23E!5Bzb?j)35h4oEkuN*=r2#9omUYHeT(F?FNsRwBjec7GB8a(v7$L7nq`>X7>_IN=}I?o8;_{w)l6 zzsblUA>NtB2-4H<$+l1q6{O+l`UNGW^NYpf-D$q=ez1hW8svkIJ!)1C9Q)dH!!3Oq z=(0=~ecXDcDD>EpPd9L^0{6TqpkRT{pvQ<3p9_#}Wyza67%6CIrNq zx((dv9P%Vx?=xFvN05=^KdYMg9cq`mcK=>MWEtdNX1Q0cJTc*&;?Tf9*q3slJPMAE zjUo0>YCA$osm}axwu~$JOQiltN|Jz_C0E<%3?)DcS_T{Hm#C0j;%#LJ+0;e){R7zG z2T3)vgVAd*#7WHr7}f#aj=0w?4yP|pkT z>K@7qs`%sA>|z*rSJPziHvJU^Mz%!b12X{iIQ0{Cd!BgN*tH-h}9 zZ_*(jl07A>nAE+&-!th`@l>OZ-kd{i$|r(>6|wIVRP*tdlz@6_%~ki|8eiWDp!xmP z2C?X}4d?uF&W*yX_mNPaj<)c1TwIRcYJ}gQz+Ls}PN(cLLP^WF_VmSl=H>Mr&Ge~6d|v;+xNk>VK6vw=I@CaiMDWePg?^B; zdWStKe9e-?{a}QFw+wl>#j&5}h6*S(1L#{#4MdWAH2FLuL!3{F#0#H$Bb=@5g!QPy zhWMB-c!H8f}Ez~VYftiw``vl8&jprEK%3GhXx3t?wJYN&=A z55ViDWQ=nJ143urc=1`CEcVR-{!ap$0Co90rAa6oNT7LJe>CLj>}2P}e+-uRLu)XB zTimOLbi6tp&yQ2~18h`#kEv)%?6>iwI(3p?|2vlNtd;#B)@YZOy62n|cUIQ#(L5t) z6~uk+2)`3CR!2I^`2q2Wu%-_J@K8sD>zkqMs+B(U66hPTCqcjDfE z6N|AgnakYWEA69>?rr$eM<;%e8>qFLo!m<9Bs>`k0*h^f{XsDy(*P#6FO8twM^V;S zarRc9_qTCIB{XY6ojs=7gp*Q_ez`pvU*&+NzpDyZ0Lf3(pg>{?ha2bAg$(y*P4NOB zc<-fMW6c+NXY2rld#oz$a38PROQe@rBS@=RwO@^D%T06r_HwI%;V~xf3rupk!A2w- z*e~IIj*qQ}6F_r3WyU!t3xN&T1$79AUSs*_ySi?AdGR35mAhwHj~!(p@R8R&Tept7 zlG|gNXnwt|g#UiO5j_T-^?*rE{d90I4**Pp_NB>E56`}s&whmqg&)7HNHT0GQ>RZq z)QIof(A_ufAL8wRyD?d5c64HqT6)L7JmaxUg_ zSBR7DR2f6)E4j|QCV_O3rP{!V^Rj9y2WJ!;4~B5=mshxxcX1pj_M6-VmZIdo)`aHx zQp2kzZ=K7)d_{Tpo;m$Oc#*r3yNKc7<7ZJbx{8tq8SI0pEOl}%-)JNaE@G5M#+kF1{SM==Na!dr|yi`JBpI zHN(OZ+GH>&qOps)`cR55#Rj#4O@VH!Q(L*P5yTEu;J%`#*N_U-Zy{Bs6mRAm0@LYu zZ;0XS%YJMrbn`kJ2)m@Isk1V22x`-H(0KFa&K#~(e1Rwzv%W8yc-Z$g>DHX2rQvyw z;8KC9?ScTs=UkTebL)lWts&&CJpIAfFeO_o0Rg?%4l)KOG!QSi!hi_to-# zj-k$VGa28OydD-sz9zu2Dn{w>{XTmho6 z2ZWFF_3AZzPVj6yn`#Jy;V{jHj_)bCJ1i{vR_bRA1F$`U3Q2u6b zPc%G#chP@6Byw3?=KL;C2Gv~&l1}Xwgslxto0XEPJ=vM}ICI7a-qpvxk__~XpjDGT zor>WQY_`^juD)F14vfuE@Aq;2^t_|W8X`kaC(6q<+^uk z*wIZ6c;1)?h~fv&CLYvUUyu$|uvmU0tnrZ6JC#YyZvBEgnvIW0p>lT`4|@O;9hLbz z<@^W6odfYemwk)bJFqM7JLaHpf?U$XMqjPPJ!4(~Mv}j*|US`Vi`*=*>@uM*%Z)kKB9o|GPF6rSd{<5@X zQ0BZ9paVUhuQnVk;d~RXRk7EMy`KU0%Si5vowAgX4b7uh7H77HS|CG%T2Zxl=-S)k zX)1IqxhE@QlYG5N@`V>Uh&X}UvsVHZ_pL$UrAS6K*(z_LC5G77yZDw{Ti*FUr_9Y)xC)7@FaU zmwVk0+k2LMLIR56o{(7CXYsBwTTo9|FW`-b9P_@Qb57WDL+qgy3;3sZdyL5#$Fv2`cV zE_E-6N0z1i25MM=huSZIrp_UC&H?)^50P%evWL4`&iw{bRtFPDDC*zgdx$o3!e`hfs|jez1K?s1g=J^Gq(9E+FW8BW&qCDM3bfYm# zB>D{2vmG~2I4L_d-XJ_G6^GZp7NobT(^#iyR+m6FL z`d9qn&4->%y;1%81U4TU5z%M;TA>qGcvnplJVTvpK&|aj>py?@3(o^%h!arW^jN&UvVtn zOOr)M9cC~H+-nuj4*@9d2Ti~8aA-haLHe_ZL6<@Y?NK}IY;?th?!Gj)WYosD|w@l&)Nz@;1~ z^zu?+#{jRQhHB+UtPkDXmN3NLcSJKFu8?m)&I4rUm4UT;47+e6e3-_*Wv$v0-1=u_ ze#Dm~L=McM^`jR9v~j;kS|6v{{UH@v$TUBqf9VsvF+bh+uBhJotXvxA2f@q}+>NqY z-jYQ8!|x`G#}}{5?SS+1T!l83R%_#ZpI)eauW$FYDAd=uyqJ&Kgh9{$*h{jl#&B5b zy9{T|*2nGvUEVB;pa2MC&7^RbH~gC~`|XvH0`2?Q?`g0tuYQc?Cs+H!PgW|U{n47V zgj1Y2dxTq*ou%uGbbiOdr(f5q1`Fs=s*qG@4&LY@Y?&OWqX@w%Lb3XK10ks{A(_z^ z!!Z%aW3Vo_hPtyuiVs4zS<= zz+L`nB?&N#J3O++U5UTu2~U1fqD8$01(L`6c=`%3l04h_kp?qmgUJ}$y=iS!>lHpq zJWPZ`I8qnyDRd^;;2X7=Ma_d&clIrk1eg#&TO$qCo6}4}OcK_FOWw!k`z${tnTDC%|CioO@ z*7gh!v5Eu&GfrDDCr?y|4>nJs7fZC2 z%_A03=Q9Id5ROoQK;gNXerm4{5K}F^3wD;57yq=*>crX)`Hjz?Vfk=RHZL%jdykfg zqsp(3qHaZIu{C2RB}L61Wk#+pxv-L_lA)&lik(X0XCTbW)of^a-eW z2+!Z(Ugl3Dxz))Rz>jKHDf4bc#)an6J+4T;loidSvr)r|ov+%XYcCh8bx76NWSt|& zq~FmIl9%~5F0gcgDZ%$*zfIXa+?h7g5nNIoS2~83{%K`Gv|EJKDbDU4 zlJ$jZ@9i0Hjnf^Vp#SdnIIXx{4tY8*>mp>qi$@dLJ~+J|!yp+euEf&-gGi2_qXp{F zO1Yk=k&EObMQ`%HUro@mmI)YatgnGp&f{t0l6_N~!)fNq1>6bEf4!D{uqLxA(-)Pd zW_qBTCuPBp@kzmSjN@Wzn*qG_&8KHwYqQdSg^>#o(K38_A=A$lDyMvGSo{kz7Jo_r z=f~u8ucxZRx@F8cbN_(mnc;bR#B+PM8}b2LjA6QcLulKjz7&`O@UJh?dHArHLh;GV z(bHn_XVG}vcsj#2BG`U$QFW`yAuuhT-==?tTbRr@)GGTF~k3jGW-iHPmE1ACm~9*%hnFrFKF-eZJ*A@k$$3YR>_8}U+0 z&a3xKy7<|^dHaaEp1_mv=OzDAyk(L%j(mifeJdW<@TOTd4!z2#*eQ#7kFUkP*r}qV zzBBm1og_$3mJgUE(R^s_*{eD0hf~bfbgOzj`FrS&tUM7?`1T=_1ACl#oQmkI&r$9{{{)EPJ6vuXS6-)X}b7|v*6w_25__g+#s%W{$~ zL3;qf;3uWt8%8`V_68wz;NS7SFNm(MA&TXHw%z*Sz!1BXVnpYWbuj$?bQph)-aR*R zJDjgQkza69@`jO;P}xmCDNh3G(}VoGuYr5l)B{`zvquQ|1|XfUs6>y?CyvMDPoDt? zZQ&F>)OBNi*+e|`3%5b%0gD|m>6ICm4i15hoeLRb#sIncLVgd)IeNkvA{9*X$5ZFn z-8CPC)V>NYltb^|wd)HQ(tccvUhoTp%Y*)HZOLvmBB-K*wg#lFuMX^N8Dsgp<#h2A z0{V*PWoi{>lwVxNUl@rD^Wyp}UPqa2!SlnFc%SKXKM(NLDeUb*|1Q|+q{%X+Z=O6% zwuI^HOWGGg{Kz(c5XNGpTM$Q2LjOsF;9}BL1bndbDCPZ$2xGPBbS^L6VpaI<^)C#l zNgsl(IPpo_P{xMixYPKG6k!wFSF-�Q$m+%cbW>>CE4LMI{h!Miwojp=q}grfdo zJf2$ZJp~{$KrQ%&-r+{%y?x;JDk1uqzNPhs0MqEfm zL@^n4FOd1UlT#jq{;_yg1Lh;_7$X7~GuVD7=_*G~rAR?{5N|a^61jJoi|lTBujfJw z`Z(|38-8U#638f*)mTk*PjjIHtD6;5I>oB+;8PeG9@l;4lyPjdc32| zERoh+TSid(5**q!t$B~8_Xp?VgDZ$g+8&a@e0^H4YL{scDWkbd{R*=>%b-6HhvnqE ztNG2VWj5vkXAEhC@)$sW$Dzum`94*0gvCW2@5s;jUUK5ynxX{&cLOgvz)zN^?5vlhb5+a z)|qyn&N?mdGMQl82i#>q)AZSAGP_HMmL|-4OET7n`uE6Fnco6%U!nBfQlwhazh8BG zvA635Mx4G(8!$iG*Dw(ke-?&Rb$HUVPjC$6vOJPY8@J-`9^U{AFaKdn&2 zM5JfJU=9a82I8-sk6LYcDIVX|ReGI^h})V#se9-*lC|}@&LPH;pXbQ+OJx?9z#KEb z_We%)1?mswwaE|h#krjPL>4cQGfM8)O!%0Bgkw%W{2KTL1Rq*if9_8c^9{F=1AUlXB-S(aU0T#tQEAykN zM)Ez-S&4%V#k8#NTy@~_eZn#ObB~`>2UkJPmOzjfnY==FExDg@3ddtOuzMu;iGK^3 zsPntYejJSjQPP4nqTgP0#%ToRmb&Nf!S13j{Y`0@nZmX~_aMWA>VNi)>;^KvF%OmVT&?q;CocCr3wpb! z6filQLW=yXf~N8QE!pATqNljjo-o)6$ zf2=v@7EA?iYOS^h>Jj|aj2{eifIl@FVPnMKi?Oei4GIDFZ@+H}z{>sBJdGpNfP zkzGb?a65jWcXfo4-VvCC?9EQba)MoL?>;^>k4ri}JQ~0)#djL{$lrYuoO3bw>4$wL z<7dch44_cIe|CGd#~VjOyx&AOe*JRZsh$dwKD#ufFgOTk3VSRL0r!#`c`sJkhgf$~ z9k@k*Vsz$HSnwb_&f|qgF8@h3o`H4%w9RnE)%6S&{AP>do2junqxI)Ub&*9rKc%%z z;{HlN{@4oiE4juWY&jL7_PVyA&%Vs6ePmfg1X5PUDF43eiQK)lXLtvtTW$ zU;}S*aPg>u3zL4j)D~?Ib#PWlnBlIju=ZP;5`zLCl3g)KNKO!EbvsZbLwg*^7o5d= zD3#;yiOT=AY(uFm`KLnaNDK=zFQ=33l^1Zk{6U1(J+pt-qsu(8XFN@Ld(g!pbD0KD z$(-&=enZ$7DHR1=eA~b7-!m0nPpHA{cfK;9VsVl43~u+-cj9!=qYmVqE{cvl>_tUs zfA((u4?1vP_RE}ZH-TK9H8l-7*#O9aBXVVKuFJ<*UtkC{Nl?)+{T)n7;rjbr_93?Nkd)#ax}Q}6sM zUn9$P>$D#zK$2(m)@?DdGGTJ_&sZ{ZA&Z7a_pT)+B>8|))guC1cLj~W!H~JUw%<6vi;KEg*|W^pND~>&>CFR z(z%X}zY-C!TY}p02PM7T=uFQx`1C#wss58K)iE3nL=;A9s}JSeb_aL3=NxNyZ=(oP zu+7QmRMTM&ZY?&858e!ujV^V%@n;2fM%MSQAD*o$rM|tdFMO87NZ2yix)y0}HGfeR z6$|eFy@7Z^zTSuL2gK8;J_jhk$?l2$!V*D%reg*}5|hso@BDmBwA)4lKI{hgz`o6J zM}Q66xPR+U*$BZ|UEdK@4v&e)K0(U=YS$}>`WXMb`x$32vhg?as{+f#_Gwd3osFZWWo*pKi5y-a{~_%ucHr_m%Oi|kXlS!`$ctK&Ooz=#9Qha za%BSfD-2HR$o%?iz`6C0_O{&0}z!-06*IzQy0xga3b6eaelZrV#))L z>9azRi!A|l(4vB*92j$;ZcW_Z!||(neGZ;XGrxkp6cBQ0%58Dc8I9rYjh=m35I|K> zPf!GCp0Asfi+Z-l0EJ(=jF(MTM3oUtk*1q66Q2%VI&a+T&ht>6AB5yUau@0tHc*_h zgV*pSb1)-qurXWv`@wmHl|)wuNk_L;kJ`w#ys6-5NAELeUpDIMo&muR)bkBmG7EdI z$YfxuSfobsTF-8^njE0V+=+ePLA*nZTb`a5z)SaV`LSoWIUiOD98O!msj2p?Zcg^> z(E(Y}3=>Z%i&<&&E5AW6mJXXH!=iT(J zdI*y8)?qpkC&G`v*YK(lf+0 zA9~7uj)rxF^U;OdC;3{DY^H^X0i@BiTdi#TNlm5(ujTqfAsst(M&DvBlva`p#xKZn zp>XcLyHwl$VBKR#J*yUM)9~8Nox`=sRI+S0v9)dTbbW2yr7d96{K3vWat%FUxB7;9 z-n*%@C$23{vbA+t4)#61F@Fy$Z2blrE1vkRl8{fBcL7-q?yr;m2pY)=PVnGOo1y%C zrPrfK-;khyp9d{-YZ{Ar>4%SN^kgAV(S%=N5ia}V$6Lurs(Nw#Zq3^}>fd7hn#)~z z0nbg{OUYFGbh~eiY`R#Og;Z|)=lTdQw`aSBh5usqHE06We{By^a^%(Gxj*e8VBYJ9COLzO_>M&-T_DZ}Lx6p#S#b8-wh;W^%#t4gSt#BV;{&A9 zs9)f^carU=3~ihJSo&J(InL%QZ9N5ER)6^woXh9)4F@kgh0^lv5CRJ;*DMMIhT(aw zl;wQU_22TdYPL-7C`oD6*?=S%v#;xEzX|i3H04@YCM*rTS@b8Cs51 z9uri4+1DI0Kkc{R?|#oRya}E%%4|ZSf^)tVVs3`X3w;&{b%9n-h#%f})zKKW!A$or zkd~do$;>j^BfUvO<|z;60(p@o5m&;cfMfgKpB5jCucMCql)CF(%tI5XP4`cs=~Hxt zJj_c8JZMVu6Wt}tWsU0lw}`PH2sY1_lL3bK@F8O%VD#6%_1SNPko!>o=n;Z+Apo@| zGjXAZk%Z2QdA8J+em!4;&ckAFkGJ{51MEsD2d837m*|^;2Mf;_Gu4$Nw-#;Bk{AK$ z0A&D(p*Z!ueT8UA&c;U@RzhOkcaWV?jh7?}l9D_ZSvY!6O=vUBJfHOe z{tW<-_6osaACK=-_}2+3Pxr^s-S^4qqp;>2CBf^&b0E#v3%BnI`wdNj9GE;flz+Fx zkS@5)b)WBNMUI}F4FN3!ZtiVXh}}|{{U1}0Yi2BWrBjR>-2p&t{R!p$e3%BXPuZIo zwiEBMAf8&WV485^?y!q|o*rq?XaMC5@DKxyt9l!1Bhita(aB^$%~Yj|DFh-faN%M# zOOI9-J(pCDD{yt}aZ*F*EbljY<#kgVQu*^Di1;=` z7R8c=#pLMB$M36Sqm;e*=)av7QZq;C!HnVfAv-O(Uo1SVv>rwD6-Hl%$8Dk}yWd}| zhq@LG8wp&ANxwF~=QcM!BwRO&c= zU6?Ocf{A)1xcfv8a`V8wHAa!neeVqny!W_G7Du_Dn3RoywX#&AVdJW+AINLoY#bSf z!%op3)?RzSsh3+xDyl!`+rd#3jJZEV7{OP>iU^KaTyJ;IF92#fVDe3S8W!2iRA6JSc*|bEc4PTO( zdL;^lx1qnpiEv7Cg-<=I*-kAI_NA5&g(oY=!wy7ZcBqKN|I~OG+^j61bom4QoGEkN zKH~WDhn-s3V5N72%zVzc9JFzhZZ50wUDD2Ze*E;uYdW9iKJ9<>Wx_xUv`nW_T#emn zdH{f--M9TzhbvTotldy3*vI-y--lb%2>UPxtwx&)AKgB;C*6AHGl{REq3||##y;BP z+J67$38kf?++IEcu|Ulb0yk&oRNjN$oB?M*&4oYI>C4wjb&aueIhPkk>x}x$iLj!0+(? zdEL+W~||S*gv~HZI?&F^fFy)u&V%lGfnsl_2@$sWlk`7*YshfOJfQRE$^dtH9 zdS~d%Jec^+X0fNdV13KtxAU{4_way&u(z(ok4f=?8Mv)7r!&u`JYQC|s|fvd(L+JH zza90kmZ1fUHH%d-OQh_(ysJI6lTs5tT`6nA@9%PlFXgI`B?2|cvvvsu`Q6i8nJoJx zT(hQePY=$qgUk4t-#2#rz8GVE6NMMNk>Ms6IM&Qq3%VCLM&wWEMC=N51_S{beJqGKfpY7Yq>dA)A5q@ok z(1q~I{i&xsFltV>^X&*poqc6|kE$%_a8*296nT~~Anflm(vE!~Ux}%9=udi=6si~x z1;GMiMJUwZJe}rx(4-WKcLXsKG9N@Zf)r@~^&syDzq7m!Z-Hgl!Td3&56~EXENTPs zmGlWL5cFrgvBsVM+Wh@6E=Wj`aP$tO1$W^oHuTn$-LAz=Fq-A7JZe4`UbBQ=@WpRbHiVahsOw|Y;#n0>_h4fbKRo8DKCaZi%FSA6Mx&3wPA2z{zb zD>?9Q$b`M8-(XE!%Q=n|B{_u^x#R*+UvcQIG3u(w@6shj&3&j7sfEKoB89nE?|`2Uy>73pGx#n>vu|X zy(FInnmp48XC+>T6#HOIPyWjG#*Al&vPjU%})q5L_i2(MX`WEsGQz3}f?=kTE? zwBC-8KsrVaQ%kiq%QwjI)~{q8KFRY*Uz0sy<^9SO$wWHM^S%JnOMb9##Ih8y)IML( z6HDvf(w;tp+KuLpHBS;aH}I_i%EBT{dA7I@OKKXauTkwi$-;l zR0hsc)?hlEHZLIUKSdELxHfO-+Q(1L;Elvxx_vBTxq<+!Yru9{EO#Fiiy0|6R53NQ zDdFc7%nHN=acu5^X`f)?3rd&_$?MbQrN;sSM<*e0aJM*^UwVK7iOh*xIfT|}9~Zux zeHCJ<&pyc=cVeD8k}b3z?!iGjU2G~nze?{Re=&W8%cWf^lGxq1Q7p{l!WTy3@j)L{ zJEFaG$<(M)L3F=zv;J!zkJ~!mUErG8;p2zp$;;!m{#v!;Uk>tHXR=i-|L9au*Qc(k z)#pxIB=$jm0=XV4JS{5azOwI25(12BT!T9-;-noLAsnY^zx=Koo;3C&uwiY$Dv2WE z9PM+qd|%(6gwC;9y6GWdw};$nm$`MDQEwnJ4kK~^cgwcJWPWHoPQv9*-v$zlj0PVn z%uu=&QDn#*=^>o48m9Mv1Y_Y%V3m;eot7}~8ZliC%s1xw`CO$msaDlKf10DRkD_p3 zly0ISKZkU7ull8+T3^cK6#fo6oivmQ)euP4(lD8hbnO2&lVs+Jl(MTv4Nx~DPyGw{ z4|g{{mMVzoa9{k-OTET;sDvC3Gcoj{wgpCh;28V<#&5Bb#I$+PP^MOJ&|;q&Cpqot zI?2U9w5Kt^{ojMJPr_jtDYaH`cq|0c&H z%$;UPR;lJXnJ@blq&6f=v2g#n{@tms{wIk4y^-{Hh0}ODld0~j+2c;qH7f698{D!J zsPF5$2Ps)=t0b~3T{W@7K@{;u5VOADZSuxa>o0^Z(ft}t#?>MUlmcv4x+!-T9%mw@ z1G!LLxUeeM452r2ahzddWM|%K^AadDXZ^}men4CZ@=iqT;r*yTN&G3RPxN{pB_SsDBas)y!G4^|3p4xf%zKyEpnCE_6iuyr;6-ee-YdNJaZc8g(%kuOzRLZ(Z zzC%I86ZI93v;iL4om?fvAcE*s0IsvlKA+0s_UnTEMpABehryS}MNI{6Y5K8ST!J)B z&z&>_6FCWj>tFK8ghQ#p1E96MlA_rjD8sTucVIc$>=@in60$9yiQ_AOF^T3_Xftb* zXky*jEvfc1h1KB+1Gi=`A(4;CqAAp46tTLSC-+bI|EZdg3)8(_*Dkhsy>Z3Q~-}as_v^demD!j3h1&ugCn$m`zD%$ zAGn|jl=Sf1LoI%-LhUv8Wsz##W1GMyj$Xsy#jT0C76T!WluqSy z1(Op>;4hG~YJ`xGxhH0w09mao>d(oQ0g~*)Ba7sXv@X^v6YB(;IGoQAlw<_5@QYdy z1@EZw-PdUT_0#w3@P`3BjAU!tT-l=;4snduxdpGu zW^)Qy#Nrn<(kKaMP1gfny`FWSuYS+*uAvUcBnKf%xvtRV7WVNGYU4zGT_4aH-*6uE zYKH6WGebuU9z%K8Wvl-BmV{sZVRN7@QPx<)FZGoW4|8U{9G3pv5668uISuDug#T{f zDi@1Skk1EAmeb?T*BWWf6S3MS^Q9MBgM$*%v%-odT>os_8y+~xyRt?^9P4~LT~v<= zNhGO|Tc)de|H4M}dKh}(O@HcBP*hPA<XyIqSU`3W?`qNvp^ps@c7GwV{{CJF4TZ zvw|}cGGQQ0Sa6(M-B*+!T3y?9v8`@6JzEIBZ8UK!C6XArs-{IsGiT>Jc>8q9q|=u? z!^=AG7xg(ze2j*3a2o%xF>`bv**tA7Fi|b|1DpR|kVIICB{Up46q@w-$lJp^S2iwF zf6MVlnzhNkcpZAXGjuWv1-{+kcYqCM+##Q1ch8^{(Vu__ZjqdnM0e^a;5T2yjFC$eNE=9TBomty; zrnIx*(-}#JZZo#QV4k@^*fP$cqOSYaxP!*m*$9yfh&hs;lkX82N~fr^mUlKG=b^CI zcru{X(Ch3)WR^Xc9tsIQ$ilTrrBj_9yMzqy`K@~XY=4c5#{4rCP%;*wzwEA&hxNUv z78W@aVITHN{dfINKIk*mZO`4Ij#7T~-n$TV*^~X%Q!fjwpJ&b3VOwvwsSNu<|9E;n z&=k(Ao;pNR!mE^dw}KkaBo4=C3eiHB@Y#JW<;QM>^)sqmXhkPwQ+l5sXo$A>mSlyV z6Qq={d2-ePWUa;Q#=dhh1X>EfR)lK;2eSO4{#vuYe=l_W9QS|*>8)}5i>PNyHY1hS zY2m!>vk+B7Rus`1yc&zWoG%1OvC=X`w^vg#6~3f=FbvGG?STz}pc zu?lw=UKonzer~rS+-!e_A^Tf@JH@o6wlxBP_w^c8M>xE8&Gr6%8GQP=^H!h{9m|+| z+M~6$SflxqD-}(O(bf2ztL@5@qCV_)GU&bPipY&n@fz8XoNnm*U9Qc&WKm=* zQGfW_zpE$WBp>Dgt&C_wO25l8iOf9(7~}*BdmGZ z>eVcjI2#0C9z31p-!HH#R_tSvbe+~Nbj2G4f{&Q+^pY@e3OPcq`Lko_>Cq6Da@rVj zqCn+4^|opAQurC$2W0=1x7MB>b_SvK3?X+8zx%oQyar61#4=jydx#BEZSgr`9G`1> z;$}fyAQ_wp#)>9v`{M&Zd_8ig^wC{O&>@4&1x##{K zqY9HtQHQ#b&X4AOtGqO6e;K7FRvM5|QGeZcqy_ISi4 zHh5G2k~^2_!w;olRLoW2dB%}sjf$ujh3m`5KGp-eQgXUJQ~1?YeNhlpwLX5u1||T@ z=%-eLvWAYP-y}JF`hc3f9A#&9F2>%=2|Feli z?UcWZm}9FVy?Ry%{#=jbZsm8HM%h(j3|s)%H%d9Jb-Nb}kUc#~UKs-|`Wg1wtzWN- zw%;QfvG^fg^qC?w%GUOL0b#$2ogFhIaGnSu0&fZzCkDQ+p&VsOE;kpASgB*iy?(aA zzCeuUF9S1rr|7(GAo$LVR3n zTIfGv27|5%&esRK8^BhQSB#AHS^sL2T5M!#)03?xVIYB z6MhS6v@~$ujID{KB|!H%TJX(uZy6w{u573JyKmgmXyAS?Y4T8fLh0a-yXIILr$2_? z2sN|4pwoEf1QVchaQ`GE?+x&dbiOkls4BX@FPi3w_`>T>4fk!l{DzBTtk|UY|rT~fj`L4qgaol$-ZmObO%kxbVUj=l3-lc8OIR|Yqs zprCkodY$+aswTA5qbkGB%Y%@N##(}OWcpFQDbu~(YadO{3wFduYQn%(abF$N=rt+> zmd5KG=P3{G$S_?TIy&cb1yCE&A)80U51XfIVzxq1`K8~g*cB;4R`e?%aq#|=?Uncdu;ym!uTLyXn7#!y))`hNE`W(=azOTW9fA*0K$k*TrP zz1AEtzn{xbw>i4IRnmh)U}!vVO2Xy2OcI~bHb_|7KYN@zXra!h*gx0r$?X55_t9TG z#NGM&GJB71KJa4g1Bucz%;PG$*wr6zV*k86W#@z3ntXSe3P_)sEK+O^`@Az;e57Lc zREw~&EyiBiL=xWl=1S$;9dd0yGeJ@vS(0@OlgXXkxivtZzf`%Qkxv3pQMhZk)Ag7j zQ6Lwg2YD05ceov|rrbBjA6IVRuaM73>&8z}Mzn{*d%VcqSKJ2$D?SQ9q9=^x8 zYSKZdkC9)*NZ8rEYFAUdENmqfowCwgvhFdku#k-f5;ROTv6AmW7sdx26vt1G3R;@F2eZApOVoIgiJs}bRsjv&=X-)QX>LwTEPLVg933NiNeN7~^)xO(R8dH?b z*KK(_g*zEh*L0hw22bo)Eh+FwE~HueJ*3E$BopAte~u=4pIXroVfVoKcUC>~J}Yr2 zHVxinZ9<7H@iqq{6mj}?4l=6h>egfE#P|EH3E%Q7MHfPX2%C~=N%YnOj+)jUwCr4F zr^ydkPlq4_+6{gNdm+&Xs#4c?UPRn)xjaLZbRHmFm*x_>HzW9=`CmXi;Zt}%Qa4xkMeN^ z7lJfi$OiHDgLKlmzqIa6ky)CYn04QH1^Q>ck&OSA`)o*RFMl|fT1FHiMk=XDvLdbN z_Q-you@~N+>>aDmnrm;$3(*94I=8$L%|$7v`yIUQk1Lg6r-!HcqqF0>>+*#&9O>*0h_UMcI8)X zk#E;B`*f5a{NRQruz+363$dVD6G(XQHGQ827SX{&My#22`{AA`c~hVJKD{tsAnbht zm9F=Rx(|hIssAACh506z)K7YS$@wl@o(J_9pXu5Xk(0CZ{pQX>s19!xu!mZJMU1_f^5tntbV4C*aT-DD= z&ZzFffny&R3#Il&GK`zY=O&tvU7!{NB4Lh^HxdrY~{wf^8Rft+FU zl^M>FuI@{ny16GKrBt(g8z?iY-`H|g*DnC}hy?CGuS#~&I?&sU-(OkkOwzc?0@w|) zSL?_AL>Q|ViML0kqK?%~{Xu^*5QCn&_&&9dXfp#_ZYJKABN71h;bOsS85@?c0PT22 zQpIme?yQ@sPp8|nH;^~wh~Ep7s~&qC2I`H$ujs1B;px7EpL4x;GQS0ks;mxD8L#sq ztK4e}y8tQJPlxFAv^H5DqiS+p_+6AHEbnJ>ob7Y;y8~2p(qBFitX5(SzqCnl1tJC+ zt{qg{(j#7}I|^sg{&2zr-dORo;^)L^xF>uRirY~$9Ko1WgP-KEShLWTJu$1NRC^l; z97Jx!enlg%z=k1}h$@6>h)6h4^XF=yMiZtC%@B0Oukj1Q!m=myRmhmqX~zB1lX?1m z!}It1bbJvAi)Na&^re7i9Eko3>6@AF$I|54n^}qH@3>qW{s9O{5Qv&RgaW62Z4=`$ z>_lZ``#$JMNxS^0>)~LnFLn7aInw{I=JKl1j|%bB=R1!?3U2vqjT+z^Nt45m_-b9g z>ATQM>R`;ZcQ5$y^7)?h%Nrc<%V~L})^aK}_xfrF>v~{32j!%k zZvL1Wad0=%;pPtlQEk(2+13{HLWveYNl9_( z;<1%aHO``~AIPu1XJvg<`NU2vUN&>rss?yYc@}7c(yyC&iP5yAOoVM3>Vrk@?PzggElhh8w*s!ZYD+;x>D9~A#s%c0T}t$K z^6ew?o;H}T_mJZS(U*vIMv!LuHD56%Q;F3-S?b)*>y2H%Wb;n!)V>#ohf$F3@4c zv1SQu$5;z`CHMJt#b75ca{RBakxw{-PgqE^gd{0BL-2zVcqmzGD#K#Qo$5RZ`7Q6OyJZ|6T z(YIm0oeqyTIXr`>hD;FpbJug=pXLhSk?*GI$#;LduTrjDni4Qv=Kde6R+Ub_wcsL? z_5vBOwYeCWwi3$gdCNG10$@gePi$~(S-q@nY_G(nFx*aOHSgX{w;zlSNi~Z$w#1!M zR`LFPIY|5^*k=`f&H-vtur;3*R5}+NFfOtS=VE+spDQS=*%oCQ?oa{y#r)kkSv;~6 z^;9`H53yJ8Jl04xb}jr&|DAnDy`gUi!NB3X-!&+!WxZ|-WOSVN2$|7EbZ&4w*BJY{ zOxm`jkCktUr`}@T(XVx9^es0P;nB^u1Wmlf(Ko-g?0u)#$?| zwAu{1z`lrQqmr$6Z|VSV3-|mQcgTWZoa?1AH4N_eXQ(^KPOB6+yTJe})wTQ?w z?olRihw?!6#0PH^_xbqrQp*;aeh^{VgbB=;2`Z3T^3H+qwY+XZnU~9<@qgHOnZGR( zN1urJP=^rLwjlC*SwQpF)9B;Sw!XHZvHPk}q}!-rp5hwEHx>dyZH=%E;N8SfV!s$!s-5k^{mh>Uggog z_!B-t?U_Q@uo+=)562}4U+C)cCJ6mDMwKe6wy;QEypRW-JJpw~!!<}#?wZ01MBqAJ z&N?G$gX5UocW^~W)Vxn(>P>Z^9ksBk{rFJnWVPYE_uAkT=I0xQFpoUNZ1Pd={H?}F zyWfH9m$k2Zm7M!Of>v&Rf^DRwdhp-B^SK1%{WaOcnE;cayt$ctx?LgWt(|*_Jd2UeLX?H?GXDM*LXTq=4J~h_(15G&JT4%vg>bNi#zT?fo@GM3B?R$A|@G6=6c*j zg1Qgx<8TPTT$vGjx$UC^oEW?+wH(4G`_5BnLfF_> zfAs*8Umg$6boR@IrM|~W4z_WcP13RifVCDB{YXQfey8_J4y}B9 zWDWCv#L|XLy<$2bVCdbPHUE=~i_U^EtSs#!eFeYg&EIr52f?|e7VUI_kruYE`L_oi zNf)ts3B2>m_Q^|($O{}pp!RP%(Y+?lI_f~5TlNnTSxC*a5aa5sXxFA%jY#6b%b7VS zDOi_Xirn=c(jNv3ky88d!yl3@;Fe@HLUOhqUzaj;w#fDb;MxAL zU!JJ^)m(1~xjwU(a!93VaE$qSe;9elXX}Nm`CSh!ooVlmcxg`pIbgya$kfj(Qjzyl zK{J-j5n~>m1oKg|(nK~P*C9QxU+a^8meD@ptu?Wt(|yeLvhB_9YhE!h4F}O|-n&80 zbx7?k?eA&ZvM;Z}sJ#|nh767m;vwi0hDzacJ8(uxbIHa>BFmIymEd+n5 zvTv45d~o7t+>MeIDxa_K!OY>Ct3t!FvU1n5uH!yAgkzjYkt$}Nh8yc8@rPG>f$6BX z?d^vk%;#Z*sqNIRBA+noEZ^zsNlF_3eWDyJ86HzJ>F%{)&VJdGaNQR+K4yV?y78Y& z_VY#hIm-&G1sNT^yF^egC#`Z(Zx7gsd%>r1s+Q7pGYJU-$TACiM{s{ICq9~>RRQ$d zV1SN%`Pr-SCVBhlUOrw!Hub0!g$9RR@W(kP(Z|S;&nS*c5jo%SFrEm`q0ZP2@{l|m z;%Vr@9aycC^dk503Rh5c-AIr#nOq+ffGK5Pj zLy}EUtNnib4fY7bJI`Zt#0LTvn&Grt$E6Cb($igf zk!x3|mfr~C2TaG8Sk6ONCP8UyA&QwtC&fu=e5le8G?W{H)i1)biOLi9czdav zP4n6#uEr6TybHOimg@6EdCD(so+Wb{YeAQd4<}Q>3<~^FJZ`HkhjhB%m;F!GoJnL) z`^6guP+CYUfVk+DUXVo?nwbB3y8>{&%s}-tb(L-&_c2`>q;n;xoP^s3nzS6XSgJ~` z;ntV3Cut~h)>R81XC`^ek!Nu3$(WEOE*8Y+_i6jkx}JV~zO#6gNIgW}A+8MC zVjB-OLV0yxLgfUhXU55mi*$|OFI&v}P)^;aGh&QNHL&^Sx;R5l@3WjOD(SP$4kw*qDq!y5?=uz~OC=)X_~;f}*=KB1+^#RDnAS-zw#*74$>gyFh`p z2FwYVX(~t$&`dgQ3U}qLvw6_2-yW{--x+2rD)?b@4WDFAVT`h4OvMq}!fxDQM+B#1fHDetqSVr8|{Gl3(lL)3;R-2EYXWgqB>q z7||ObvPiSIk3-d!P91HHZH?wS-*q#pSrU)4>!B z(hGKwXQy@tnFU(&yqDaV?ftc+ZZ5m|4InmnO`zG!%lFO5-?y;r2dod>Tu{Z0DhKj{ zK~<19$AbjlVe`dW6)SaRPMX7`_)UNcJ7{SNKNWTr+wyu3THd7&qM&0k|EWoURUOI? zXM5iA8_?1^U<7!}JG|sFM20J(!e28IDjjx95SQ5OBb-YV!HvjhcEGH@rDolV81?y= z(V(QH+8v zh~(_by_R7gIA2Mq)5kj`%tb9>Oa-;&T{Mueu}94%^(Vy8T5HxmFQdmLb#oRqR~93S zcO~l|e^smN_>sq3LA)vAH{I?Ju6%s&po;`-5l8h}rwC7d`#g(p@H9eB?ylCJtTya2 z7=S4hMi!rwzv3CCu)_t_m(UxUJ#~eyqeh@(&Gi)9{xIH*UnJtTXF}%57OgKIdq^T4+}!XLX9c*JL zw9kk=)xXgggQ6!0DrX-aT95u`LNF z9zBKq1*o1+c3-Hwr7p$eBmy-Z#vLAFfVzVJDJ4(&Z|zjx%9n>1)0R&tqkkc|1$km5 zY$R%CvoHmMzuJ3eS0w?e@!?MAcjcX!Fd?wleHDtUPf%ucSW*}^FU<8R+);r^p4%Gx z4R~e%x3lys%$gS?eRwH+2?*#QD(|G$2XwrJ34U)*l2W9uyy=b!-PEJ=`V$~X!IZlU z)J5)S?KgMLH3fJ7PCnKpkV9~LF;P$Xe7Fv|Q&IMGF>Z&XTz=l;el(+Q>kfns`|t^m zqr8u1BVG}V+Q&XZVN24SJ^L1tnOR@G0tv(i>JdLXhciE6qTJz-Wlb8Z=lbzF{C-Gv z2YGQxO67g-0Li=a)di(^I92-y%|G~n_B@21?*)ie(TqG_{onO&y;RJ_?RPmLQ1v?< zFXW0qh)rP+I-89Z>}cz#cQZxm@&Io*{YZ`t5VUn=qvJrK+lt1U7(pq8e}TU6c;+N?Sv-mJ^Hx+# z&Dl^0pTEkyVaL3o=$qVQlSr!SmsWgqhez>49m09U=RMEv)D*gKb7X9m!PZDuXIXJ$UOa!2e(C_H{(f#x*4x}OtP_hp1fwPeb5 zBmo-06Nfj3J}J5gewqOseEXoeo}rzW$n*WYf%Gir5lS2B#wL`|2~9!Y(T|GR|G4i5m!c&4cASy~%S;+G^nIZi~%%vPj}IPTaydoeuIt z?*JAQ+8o58HQW=8Ezw1cDc@q@iu&R@rQW7|2wuY{Mu@aM^uMmAeruxit9*6kkew1WquSuN4>^_Owvo|l7wgt7 zZM_b**!*sY_%vngZQ=p=6PJ1Z^*|uzC@%6IuI;?R0}J?bb)v@B`eF^NdBlbHYv(Z5 zSW8=qqi!LoRr|H0KLvHMt(z%UIv1U8%oHk;TIADJ0OG8CsaUq2X7U%-t&z?bahc@3 znOGh*o)BmV0Gela6Akh0M}46@vNQEsg#!<6Ao7DK<2|_^dh*_T2yc!6XDs;z=8xVEx%xWgKpwV z)EXrWh7nv(;S~PVD7(r0G^UA!Ay+bzy=s9KHn5Qg=re8EyQ<->P;F#|H1KNWksfyMpEkMhk@BW?W!kS<|$+RXCvO}IdQ(k_A z2t?&a|MB{xFMn=Nlk`xI z9mWwJk8-e_B@d5h5>ZV|C(gbG63iHJ#>}6@Px@YePj2A2hs{yfYi1pTn*Z{vLvYKP zyR1CPp#w{MXscCXd$r5+IW*`<9;T}Vc*i6DzcZK=<=OeWsM%|SOqa^|fJ~~LLL$Gh zUp^&g$6Ta(uMQ&XGnRt{&$vf_Ay!`#~FPi}`tfn*x?L)6DPs`Y5g^ zq!iJ%1KcgWl&_7*Qgg4~_9yg(1SV*cV!vl8`a5iVh0Bgu$;YfE}U&C#Z=^7+jR(Bo zul1B)PUv~yCu+gw_wK3}wj(eofKTz`Y*tU2><1+G?t=#Y4EHn&PN$iLHc@)Y@x5f; zi0atK)^-F-leM0dM%HY=xlOL*F{p(U4|~;jcsx&U$|;B|`TO$UD6T7D{+MF{RthDH z6EzIcy;p(*2ds0yvc&enNC?MkdwAXxV_sXd;$V1o=JJPCkcH`0YVk|eOIxkvK2aJ8 zwz#XWMJ>8NBB$~stCAnTU`~BM7ydSyYP>JH4-t=pA)P^~A0xu?^Ku=^XZ|n;b7K2)<^Z3-#cmK>|7+~;Z>bt=-+ij6Qi4mMJx8xCaCj)$}+djLQP%qty>$snynC`z{URv~F zy#|ElZC{@=Am}jd!Bi#(~PK|7X9~|p)QUz)CK_HH@tAT00&w@O9R;Y3#&kTj^~-kaZf9+ z&y*MJakXj%txw{)UtjHDeoJz{X$hb))2IL8)KAwH_a`427%G9Pb!d4bKBc?q^i;l+ zm$HulhEhd3elUTeZ~2aq3Ey)VFh;_C8tkVY;6BejkR9VNjL#EQt_Qu0#Fi zq?}HMyCh9`zvf#OKK9ERP;&mGP@nMA=WEhq8784DmMRfpj2st8r@ctVu6zc{4h^FN zC;?%2*@uyTe+oj|`w`fn{JM*E2tV5Rm*sGd1sVgYFb~B8wqC45BsrHsFlma)QR9RZ z5f+WaOuQE=Pp&Fv5vLS^WMFPNiabB`x26b=^>DT!s2x5!0pbE4WWQhKXGQp4w`XF! z!Q!~@1J6E&;ZHnyB49wx1v`;T*Yc)%_Rh2w=D#<)-#7t6>#W1ZJP4lP5siGidG&2Q zm6a0dqnUoHF1hWaGsCI0XdiiKgsa1#ko+BZcznND4)dEKp?Y}ZdpAfFP26ijkSg!z zcM|yda#N^c*rf) zNUIs*{m%UjfED#PtCz&vM;Ro<}RqQ+PthM6L$d+;T2lKpy z3cY?R+$9UNlhn&2SG~K13l9y0uNL1-wP%V1w^hmcZ0f zjG1AO%zOQeW%D}^V{xH`0v?Bz!)_`c3<+MiiBsmWPf(l2sAAVc7yWmB9RHDJ*%kU^ zvUpVhWGL>*^`$<3^!P^>LyTb($Td(Mmgs$_h?Aq=>59@du zxb~TdrNy(DLj;Fl6n{5iA^X%caaNUc+_K!tupSM7RI{}w;k{jxgCu<$qQUhg@GzXP zi_4G`)0Q90y!(|7~s1YMi2Y`*`(e4VCf89S^P`|1k~>${sY z@lAMD@KT!_00A^6ui(hZsf{ePfuF!9o&+81Nr^d9sc5&|o}<#O4luUoYL z$_llW=3eb25HJ!*m#L7a`U1<~@D*5K5?+i)7&IVK@8Q}@v&tiN_AOW%l*cH)Bv1x8 zS|_7hAb+2=cpHbmzLLRAJz$ReoO;Lo2y%l;Q_BW$uX)>tr*$tUCcX}Lfi1)+%{5IM zfrKi932W=A@!8j-fsl2|2bu)qBNGFP48#nL)aR3eEd62krmyuXx+=RaNUM6Kal>y= zGmmFoq3RB~YpgR7Cgy$UoshAea;weDLO0XIaCC7Bjp8pIZet;Wk*>i|s*o`+#F^Bt zHstZ*RMpfEqmBShgBm|*aPF&9r#Er~H~r#2Ma%7m^r0K)y+0QC*pP|5yVc_k3r2&c zY6mwt-n!|5%Tt;8str*xlr>4HwYC9{cH9Tp?~44Pfa9&q*i@_k?RTU1y07|Kgky*K zL_ZB4z!lZpTYk{@qhBJ)I{Za!;u8Xu?j-qMU6xvi=d zB1wA*B_@u4m2HrLhS4}9#1;WzR~j#IfRh7wP}Uf{�B$R*D8&QF$+Na-F$TkYnl$1%^ zL)#?>MwQd4IVN|)zFs_@fuRr@+aFXi0Hp4NG4Yk8@b<+WE1h4-@cHA=9Qmsvyvkt~ zuWD}zhGwIt5(X)K0+nhWoSLz)rPj#OA;8H8(P}WHGxJ;*R(&uOGHk8*czMu8O~3-% z{A1aFG*=RV!|28Ws0Kd3Zxc|DmQExxxq;rx-RjP;Joc$P4&om?2OlX^zBen$_|hKD zd-J&_8rSC9G|&7z9NYQm(Y$`qlH??HoOwblWm4RXWNr#7;+%f`LO`AL#o&APebi>$+sJ8ttW}>rXt(A*Ocvw-S^Yp{F#eL)~LldJPs}&P8 zxQE$;_vQtmfZ*MeNK@!rgPr2T`)5L%8y4k{$cj(Q{}fHmheLO$*7B9-(uY2{ctPiy zi=@TS2!gy=>B|{zTLo%J2xJYJz(imU{QUxinSTG-Cpr@aleK2`5rt3tN9}Vr6l-I+ zRI7}jBLF&CIe~U$%n4S}^78SHZuIlQAhBu`oPEas*h(pjos$s=ekN~~Zd8EOJe%Va zujPE$Ti*82VyV1$y#!(_!2C_OSe_dXR`lx!xmOzn&9nXG={y7Wf(1zBrBopVQuGG? z_IYfIo3vyt=!4hLdn^ix`Qcgx9%IJoM$Shfi@qIsfZS;>8H%WrHTT8uH+*eeU^6xz z#Br3**i|c-3Os?YvB1)LobIk$oxl1%rGN#B+FZ&p!|TU)k4$Uew6@dyZcfEDj2YfN zc=@-vjK3IS5&{GNG`?g0`R6*&>{u+|bRe;M}}evnmyPL#`;?q!jZ$J*7UmA=vPszawiee1`&T>jx5q3fkYDTU z8uq%9I{s|8F^}wm)x|}rM|5(7#r2C!+H+wT=~o?(|^26C)rvu$=`!sfPe%}U=YmK~4henZ%H;KIG2GJB&{DLQ`Fnxy| z$LdN~Wp1<>%>h$EAMQ>u?{uO3_JrMu-!*DK=BxFwlxmK_>s?>3`!(jDo0U2rVJ|p? zGygyfiB09{4G|4e?2RBL;c~oekMwv5h^#Y-&g!H*N@!P8NuFZbYK7f9J-aDzJK?FDUN=Qi` z(psLE6S*dVHXJ_!d~aY4>4*029$d2>usv{3_hU0U1LV4Le*GLP{bNVY7#@}gAQ_o< z*vFY%SZdRj&1MRHd1a z>x_ab^T(IOA|y&u%4jhkMQv~$&r^(KH^KU;n^B5J;Sf2a!_9;#wop#u&p z*5qfcyYL;5qyBl2$Rdac!`?W*2xaczNj*i>OB~m06rESWWXePqh$g^}l8LmX+ma?} z~e;$fxtFbDTLV$CtHrW9F0!7A zZduML<5Jo>6nAC$qHe|g*AQqiR3WukFGk9T&1sG#y%#;lN6_r23XC-E5DO-HcLUpI*={ra9njxXA9-RC%&-$$|8T7uet9b=)S$sDLq+5H_Ef*4t zZP$8Uqei~Xfw6RH|6DlV^&hGOjWHx)QP#ZU5Wl6B;07s1CJfHsU$n0k|5ci(Nzct! zKB@1GNBJiGjz{i&UHs1!z@jN2T;%f(TlLO@DIcD_8u({W4g;OBxdg zVh?LuB&OfO8J?YH7h!h`f_ScP@1w;l$&srrdgWfJ0G_V&G)k5poBVqqeon{h!SOIr zbH3LtkE8qKr-Wtr&s0j72o1z!xa>2BEXw+=SB)Uvz&0mAWf{aNsTX8oezDMpE&dkV z@6Uk&o?+d%0dXH}dUs6+#2p#S0O5S+Vb%K#GdaZPmwLUrNDeHKZKIDg;5I-TIiL6~ za{vop(ag9oWqMQj_p%_vot_={ar2!%Pk(vTj(EQ(E-%)+i>kqO-kHzNWJJq8g2>v3q2$CAtPhzDU`**@-YY> zJMEd}*H8iPx65t-`aaCymmKQZ6&BkU21ILQiT4Iy!osBPqo@*MN0{w$;u>X~TQtuv?NhIpxeDAAZQHj%aI*p6cd02x3L14| z6CkPN*eo+C#t+UL8*WC3E=~mggy4eW=?ZW$2)6l)r5&nvF?#-ttfT5&vKHgp9^{e% zaO|hyg*M?3q(_%wXbA-)68@s6Zu|qGyM{QkZ~o-@^ZuG&uSf8ap%G(PZW?Dkt|d}( z*TcoC1L%I>Yqa#?dPt#XdI^CzREK#A8F@VX?Dw6@-{{;t-^Dp^lU>r#-0V~itQ41$YdsI*Zpw5b;htB-2T7~Q?nJh>aZwVO z5>RuxCtQqpON1wU24OGEI$}S%kA0%OxmwIF%ct=6`9py|AhAgHo6S5ba=mRW!=Xk$KFzI$Uuy3~8mWCn8lPRdgKP$T~I{nKOYA2%pTwUWD1 zeiF6WEk*)=e?pV=eAO*Nx_-ikQD1s>7%y2FI*f8botbu6+6{C5*1;cza=x9ii-vw}b}0ISPeZTN$pfPLxEctmpfPo>Y_j;lZS?f=&4KX2JPdy8e*W)F9$?wvT4^*6J>_yE4U0) zZU1pE*I~BYbR6g&hS#*`)4|;Y{!A!K$$B8I&a>ie0-{m)DmshLE$9V4HETyDx0mtB4)UzUlydntZ&_ z!i}DqSUmxT^|2|#M%L=}x0j8Oq*xQ(bb}jRP$;Ljv<(j0UA89Ie03JcxtY=1(3{s3 z2f!h&iYD4Ji!tHhdw~Fl*tg4*Tv_R%Rr7p>WZAf#U+6VS+|m=Zz5{in@xlaN0ZYz> zh;xM$gug7S2DBo*(xdhgGUbIIr8T2&QUmmb{$Zi0xlj`-vLSQtpsXRaVMJ;Ui4WPj z%@f&T_$VJVKRD1?peg@DUi1*EuyLV-(Kdp3&YAFh8vJo4rlf|}BcF;E+cFRMqBvhG z1RlwT_;h=B3iXSyk7CX9r@Z^<$;&t|!X2AB)_c5NWL1eT2TLAm2pS!jtMEheE)(_L z36X|tt1I?Kk%GBhFM|#RpzYRInqiys!F-*R(;Ludb=tlLr{CkoxFAx<$1BjU?swj{ z=Sm5a`g|L^2uKRnQD>S?g&H9ABWxs|kBQIWa$VjrZQ0rozO(8v2j5RIH_4k{AE^ATT;rO}HJ{&Yd{4mH8t7?Wqs$fN zmoPHq>n>)}F&eNY0-vu1#0%DM?lTzEW-^(UoRO1PzsA(-l91=3$1jno$8Yiu-?O{9*Q=7PXQn>91|rPaSg~B{{xNZC?@lro)wO(Rt#c0Q z2EW@0rW5>Lqwy3k-dWM-n0Op$(LjAGt>A*}4%_UB<%&8NWLzNdfr zD1Y4ndV1fWJT^!y06~}^I-;(BC%f6V)^l#kc_aM2XTUx*ES14P7-MVi<~$zz!~|Zr znQ!`L6Vz>bz!fNWJ!WfZpIEoZ-nVHl`R9PGL}S~29+MC8*6^=ZQu^3*&d^G{uAc|8 zI?-ppZ{DkGK$OB39-f!z#l0ve{_wX0gkX(agI7uwY>gWpii31M>QceK!{EWd>Ok6hP6ZN)`A+akth-fB5ia zfQj6yim&0w}@jAaifH%Gl%IkdYJ<=+=MPchk}pI z3nOXClz#>Nm6oY8RI`ipvgD6SSNKejpE65`%S?8%QpF1x=dFiIlj$Ly-q&yS_G4{r z)8A021PsvjVcqzb8&?}+#UO_B%Y*XnoKIEr^mE8$#W6c8$*N!GeRXBrKX)X4gOFqP zLdPCXXMjul<&n8P`@Bhzzj?yX+vHakM+@{D3)UoFq;tf6+QpTE&KVMvt4Zy1%;$61 zSBm>EyB+%^D8>Nbr?)($%n18!R*u*63pG68DjjK`!RFoq0$=X0MMx%1lIC5wT*|`r zP<>!F5<)_r?$2%dKDRbu9zq;FZfUVr$kdqSPYnd8ixPF|mSYjgVP4L~<#0-4iY&2k zOCr)C4==L6u%F3<-eq5K4~Q5ZYG8ACd`}w-X``G^}SN}NvMHfQwRuVA6yehYtK8CLAh?{za zS{t!a?n(q_ynfMry26i@SkHHPmjQr?f9ymjuFLMh3euQh7n5QHlR~@zWWRfy;g?D_ zXs-LOdxNbV%yS^1nJ~Id#NIn7=JTNQPghg(g{OFgYJLwE0v(^c#2N&_sSo0Uhn*hE zZyKOSg^&HDjQ8mvzcbOoPh|4JcG9Xyrq8_RRuuM|t`qYKlg`Ok5`1+$*sr}%e>485 zUDfx48*tVH<@Zqp*Ux?<;x@Q%tv`{-No29}XT3Ca03>L88T;m`ZnQhnsN0bAH5k{#OXAnNY$ zJ4TO~?@nIt&FV^A^V}|xB(W-;L}MX*&C(zzU5#OIOp$GU@eAK)3v%7p)Nla^r6G~O zhEG)bt-6vqY6d2E={k5VHGBnQ4?Yt>U3^xoRX0CZ^tnAR91HW}b4E(=mj>jGms#bI zs15ra%R2UNQ@Y#+xmp?uI+x)o~D|g5b zhUW)_I{tDU$GG!l4o3x#lR;UQQ;}2<^|3ZBt{g${9TtH#Vvk=)Py{=!j(Dui{cH|%YToo)+)(7#2u1=eodU=ISlMxY)V`uxb!Mv_{(^*s zg-Nq(bO`iNgM3vA+4eY=Xi^4bmOCR$h-nB9{Orz~+HXr5(C*Vb2d*oe(rR(n?(=f& zeVka8f*(tj*((T3LArVOyFOCnLhW@%TfO#`ZMp(d3#n-$`Po6e4f_(ROfAu~|C*%#Zna z+3FJ0GSPv+gRJHzU~j*vI-Hi&Fh z78Xwa@A$W1ogZ%-+qPuGMb_?5g?GB0kcBEaZ}t15B+WZH57Z%mo#K6#K3=dx!e5Z< z$-3VYfrw%tl{m0|z*B77<4I8|?f6Ty%QPjhQv!!_0Cmfx=n(uwqyT#U*wCMFPbNV? zu5U}0fl+@ys0iz>x`Xk9BQw?_b(~J_{+44Tc3w7p07*vgAtpfyr|&O=84sZT2$+Ln z{cXEP3p-ZN_)sohzudF3QXBie{3J%l>0HH@*%Tu@&H>)>vcGDvmdW9p_K-kcE-U-= zu%|vQqC`5A?;(-v@`0QAbS$C&ee~MFo(Yan~?aGO_#6$yB*9jHgV?0LR?_74lDVCD@x;i~j|7^0Q%O!Zf`4?qf z+{3Ud(BMPj@OSNkcyc?BxB3h5b-*r#cYefskdkkA`BwBKcc=|N*)O*}Emk_DCt6(k zYRxWlI0*_;X5Y^Y!qjKIzh00L%aP-zs8F%20Pt>#f2WV5`=;WU7`W6@MI2!|N)V0& zcJ1`>na}&`2;mGyZt2YSeh1! zIeV>Aig$R1d%zVCLF0K$yRWr)-rA>hNNIGz7u2rL{m^j095r;9u~37EQy}WR$9@SI z+vQ)pR?xw46!x~ynh{Xk9jY(L1L31x^yp!2;Kk8z8Mea!NXX;cdTfAGNqu;o3Tdx? zgwkl^PQR}x;b>uss`H>fy)V~vm$z}&AZFrpFUA)}?295O)5o96=G1`&i^*T9J$_zQ z$~KRe7jc1~VGiSwr?ECB*@tHkGD6I2)uC`Hgv_Z9t&TjtwygXwg{VF7qBH9WTe|1- zV{%5pHRoM%PP|{vHPD#P1Y_B^$>!lT*mYF-e!@JnR(+GmeWjzuflrI0P_MMgq5OGl zCy;!dvf)mUZ4^5q&>>6Y;+0Eg#^2CYnO`p0jUn%8AK_UJ5K09XVAQEp^D*Y;&fYYV zhWGoezLX=}&`<9hR>xZj(PuAESoM;YiF1dSp>vWHF?x9YS$RNSKz&=+<1JAOKV{$i zFSrzzsW8s>H&dBw)c&OMb~Za+vqhLUKU=RK^BPl^X|4p>{eFRjId#@vT>r&X7V3c|ivF5$Pi zhT#7lT?8jr)QH{pcT(Nbnzu${Z`atnQj{Ek$6$G*iWVnh(Q;*>E-&<6(jmxeU zCPH^-T{WsWqAqzeXsHbh@>xRhaXb+*IH@3sh*s>L3;rmi=cZ3`cMl)+=8@es4S>}LaN0sQ=_c`7^aKS_3ys9X5g#P`ej^q`{z@+0 zbpHiNsKld8E~TaJNs7#ZE%g}JujvRPpy(DF%WZp-YSgDoym&fnN+AA~=m3K1zV?1`njP`w zjoudn3c5W-_VnF_XV}4dfifWfs0hyFbA8VLlwZ%bZql%*5QGEtN5SC?-;u7l0;G z@o!V8Px2_Qq)f|{8TBh({#_V%dgc*Z-0tl2-7zKi@>>Q%S+GB*;hKd?CBK+6DI)WS zwzV?LEP0YF1gR?OA_P3PS`}(t$I1I<^jQBX8*W@)nVi?J(cK%&HnBgyydPu;;cHMB zsFCFX#&w7-?+?+13p9)CBVo*|hc2yFPvP8|fIAa=c{t`vEY{#TT*z&I;U8rOS7^ z++NHemEdj+r}OgUfXyJJZ!!n-YnuDkTc23w;13Ux^`QpPxE9u$14j$_aqFms(|`;@ z*WR_%$%~x_+sgO0uX$GVJg_(Jm#5RXsj8Q(XjC?18C@UFQ~0_znBDoPA0>{1mt9r9 zQx%qy#(JgEmF@X;<%3BXUiy^Cgc)Iq8fKGjt&M`zUKrF`?v8{`G@iW?d#Vb-w3GDUtjjHgSS3NQ6zW0UfSX%NI+RaN_szV@|DZBv#O~p4j!Jwvi zO7yx2{VN~Ap9TBx%w!c@-rTb;h6q4J_U3PwOIXxO$sUJK>FhBsw5z}Ccm68P)#iJt zV)PeE7Tdw(2CMcK6*BfT8Qetw;}MoGY)?em@KQm73#CR}N-Led9C$9)9S#e;)5B?-}CHUI8aU>tE@bZ@e>L~aDJ;TXxlP= zXmi`v3`h*spF<x~)iptP=q~(njDENJ)>2h5`bRJv z*xExK0a~(zg5*}Mmib8E@+)caYxux~fl1@6Kca{Brt70!X#1@Z_l4)yWp2VCWXeB3 z>|)WOVP)uE@i0A4Z1S}(XSfwq#uefNlwKmktVJbh+ECVYzpOsy9-gMEf*$k9d8?oe zaCg=rT(6SWh1piFyje?AKtoQStVW70P zMLw9A8GXB5;_!^H(St{CvvG-ZZvAI{Fs@_r8wNS_hN*zlFNc-_b@wjo8Z>^o06mxh zPq3fK(G2>i_=_n1RJF8iU{vHY)q~rQGd%%4*88FKSdFMI;vxE8sM}{S*n$lqo?Ps|w3VJ*GjNN0@orky8;D<#!0T2(Foa@(V#&%UiJY|m>9eu>JP?GBKYh@c(f zPaG=M8IyUxZzKJzhysJ$Tx1{UupCtB2g<}xI zfTM`FF`1{Agl{VNI;^(mhUVX;MrD8eX+N_Enaey6rT$NmFXz?K zfRE^bN#{~8GGFb^!Mr{BXy%EUH1j39K8iv-Cmqj>N(oG#vb_okfw9FxW!Pa?5Dr`(!MIf{|lZ$Lev zCom6WcPHL3Nk2cdh;u&L4TpK!8#rYpo>N#pCNkQxH6wra0-V~-&{mm#kfwa@moJ>4 zi;B7ygR7%9VV-rz=7Bo9rKE>4{vDwI;z{oeb!b12L&mE2`#DB6YRmVo1gG8F_-V@L zqfK)RJwf$=XkOi5pXJ#jzT0rN;P`THo?q+QU45w6CiqeinwjWCB5$tnlN1|j_D1S{ zSgQiwk0Xn(Bfo;cdK2h0@1+UeEYCI9mH-%MM?m2Bh)gud$eZT@_g74HaGix^*b}8( zM~`0ipy6xTQp_~;^YduV@fWr?Il_OEj^~Uj)01{s_z)5r=QC-p#5pjYtzTICjzo{G z2U14=;ld|q@cp?PDtAR_RBSGB0&Yrw{h%4-2g53yjxA96;_ae@mj*edn9GMad_BHn z*FuXT;|BiId^R=v83BxXRvRM7UPq(JiH#1!S0zCoJPRQ+Jx&{X6Og-V8r1gpYB9-u zyC(J@p!G8Qw~Xw?Qx5RkI_k~1=dY=|8PdGpH!c29d$fnDIR4_{3&=LBxN1golXRc> zaNlyDKf^aY>&-nFw(K`(LGqmm1T#4nSei~-dq95wGp%CgJY zL?CA+pIRAYryW>iMAi-JS3{ua%4WT((GMV&$ZJ%4jOqM~XmzRT0Iz;?aEN~IjfkG> z{CXoVeFQ4$?`uR)Kw|2+iv(8@afO?g+f4j#PMcQ#GU_xr_e!%M#0_I|}Zg-bKi z%=z_G6-8gP&uzjolD|#wxutv5X>U7;Rb==7!U|sLfgbjIxr{q#eEFRUr4_I{i}g$e z!{`V_{-d>wWFdu&M{^YczdvF0i|Ezl6S}sn$-LO(m3)sMtPNs)ja1@viVyaDhEpVM z9s)_a!p8v575VA z|BiE1!vS&G%VZzt1-mWoc7z$J4%3L#__~$CHVntwflW1zeJojD*2h2VY@0vBlt)+_ zCoIEuo}DolZ>iC^&x9|c3k;^LvTF8Qk)|5jF~X0U_A9cL0=#q^)Q3^Yx4%6_|Uq?0L0sk+mE%$x`58p-nWdL9edHH%OhnXUQGvG2XGuvMY^$tVXhf%)l zQ^k0?O6)Q~JL^sq8KcHPs%9vbqn~RQwWKxFRLAr9*)RRDwPeI0Zb_ssjGK8d=^xd{ zwo9@*{ETW1zZ@=;Izy)5&(0C%vg;TLeRR&rN>ucseONh4&vWqU{evqp>*Kw7c!e%T zsF5pK_(@-o9zgeC&d}%B>x3cLnDN&(gMrNa8CglFH&%;4OeFACAr3QtclL%rliN`_7;CIEaAvgDR2Ax zsF+i99-qg!>+xb!l23Q~H8s~kEmWvC9rxuVFYjHGeEzsi9K{#=pyC{Rg|4Ihx<60- zCd|p`nn#KS@hUiTgGrhEDa#W;F&Ug}y%>M)j(a3hkupA}dfhx=oAAq)X;1BxUAAH1 zmRrNaQYmZ+p^iF8`8`lU)u58yud^*u&f(A0yd(tAub?^U0%&~xp*Qgs4tS?#%CpLH zWbt-V;p9EQqbz3JJ35x3`*oL_3oU~$g?e*4zFnF%=Iq@cTK0D|ySLgL0RT+#`99Bm z=KL;T%IkDl?sIotg=v=19g0$Ize+LF?w|aboV-L>KQUAw>m0s$L<7N|SB!8)>s@OP z?*0g=M<~@~T`e;`2iFoT5QzCcw#Fi`BYl`Fk~nUohdBF(un7{6AM-;FoKh?f3+f&M$KmZ{3X zm)mJ-W2fqiPL|n$nzj$&xt-)&(vxFsg^wdU*8>l~@A&na>K`Dg`+b4x;Xd!3hu|@W zw})%D$G#onhCpOAAE8Hh0N<;o-cSDxp2VN0o815+B ziBB*4d=5Y0>eBZ!D`5-ISv4qG-=?LuV?@%wxHHG@PuR9Kw%hyeT}_j_peF2zm#Z{r z9s<2VX_h-iWM==o4}Uf`ZokvtHhg&#P6AP;@wL=H9oE$Y3?A9z{>@)c@6bRBYV|%} zU4oyvvQOsYe9;){9h*w^Blj_box><`LXG&rvEk_6FIO|c%hTBjYmuz6jJ212amNp# ztQ1OQNYC>JcpiAQaE6xd1sj+P-f#*Rq1GzkV<=bS>R%I8jR!6{zvu2gvDjtvX#LZY zvaWP@s6T~mwdy;Qj@I`iIrsDPJ1=-oz3S#-0!9gy)uePT$s1zC^JzE?zc+vT2_rtX z+MiGRs?g8zxuMH_F}+>6s~>Z4X8UIA<;5*7K?BV5^*+BW26_DsX<)q2Q|5CkbIM5< zdNPL(Jzrx&^WQy|y0weYwHn?m0G2)a{1`a-;&J>K&@w!*uSYhfP#rBIIkIm)sA&D+ z;xQDpNX8C-dioFI#!=ApDgMi~`SLZ-C~yerFmBhUa>BBqQbuZ@75di;S35ZnNGKiq zAbj43O}w@w+P5Ty5Mg9a-?f#|=tzpUGs}?7U?80mhGA?}C^i)7ow-kV}GXxatFB4pkCNDP!@(6&P5nT z=BIx@cV3#b3Fj0wy$PBlUT@g{)tu`D?EG?JOZJARpZ6s{GK08})I$tvnGPlp)qv7@ zDS4}_AZcH^VvC;7P-t}`;gVfA8+D5 zA`6Y@ZZPm+ocyRrr}>o41h*bXKb1f9a)L7=Kst#>KZ`PAqGEq05gq7qgP$B{)*zW~s+o9t7LjgH5}-3;ZY_kzlZPl?swp z6tb=D+kfEWW%zf<>hb&r!$4dpj^XR8g|SSSW87jp7Z)jBh!YM|?gVs44A^t`R=?TG z5~8(pRhZzHTLAvzh$z2qx0CHU^(}^am<>g@V7P_K`vMEq8kBB9AY`qh?)mk3%5VIQ z#q~Yc`hkBi=n%gyUoOTfGZc^czIqIF0MJQK5-Wy;(ZF3$G)&D<{nT&LkAMLH*rHr@ zp&|jO#@Q3I-a`feq~l?hft$PS%j|n{QC570`yf`2*QJvq+BmBdtPy@t-t6B_n@jia z_OYGiu9q0Jbu3;^by*Il$$iHV$U(jpr0hL0LUdZ`I}%*GNtr zSEsK!<@dpkkcBZF_){P5&Dov*#@m7}Z`y`mpSX~%i{5FgekFR3ne-c+Aw!%{#8Yd^ zdCDuZzD;S6!1v}a_dOsZ}+`Qa%bI7z<7SL)xE4~MhV$=Fwx3c(jd1ba3XRmGk5un0{H6ke> zWraIjI?fPJG%4T;#OzbzLu5*%K9z^RHVR{Q#%X$vH58us7mOS1CM|SY>CX9PJjD$1 zK_9r;zj(RgxB5|@!uThWw`;(PISN!WA%mmgc|lvzD%6yV1u$mC^S%mGo}6#6jKD9z z>DLY?+UMM_cTWvLYf9osE!wFZA?WvH!~rJsGpf@Ie>=Lt3i+%vMC?w5wQp0atY6e4 zbkgK3QtcCTLZQb90kFQUwZ($!JC;xP{K88mUy)ODm=`LGSmK%pH+t0*VT(bH>Htc+ z{sR%x{jG?IBp2*(CCtQy=w$-)b@S~UL zx$pB>Uk<^{YQ`0RKq0JugyGwyDuxQ>dkl33GfG-UOmW87{bYNeAU3Q+e@b9$4-yL= zE>pBZbgDh?3sQ^X(1dQ#L9dxI@Xhu_GqZ3`0`tQPM_MqhxE`Sj6+xlAqtJGfzD7f> zY`%Y`vq|D=f?n_IShhbe$~5fb z1J9o!>7bqX;RKVYtX8Gl`Fx(K(~G6~Bpbu)=eNsai5di964yRl-DRuZ#LdnfbC;xk zzuG{No(c|WidUy`DUlyY`UBulWz7hbchsHvJt4ZJI^P=eZebepEv!& zKA-WoepHW3*mr4|^7ktj{7!@qH?O<*Zi$aFCtRBB4lkQ3;T)#|qckDj@*XWR?3s&OMG+=_ zgdrL{mWvlmG@$veoI5llmnu971ibDq+29%RnIl}xV2_rWqw;Q>L$B~_y{jOI zM~`Xc;h_!z_kGN{pK_+v_qSsUu1EE-jZ$<0VKcV@C*!8dyOSb&61-3 z-0J3qWQve+tRGbMCi#_D7|+kVG4ak*1=HO+556_~7_?wO;=sBEQ03kw5-384u>f#V z2l@_Eki+@(`%c#tBpkNr3pf(Nc-rr)v)X?gox0mkTceP&s$!fF_{S>L-xa=@_}ub! zX#TojPZuJ7 zma5PsFip_E^ydyJXpr+5n|49T!Ew*4!?U+kMa@e|xY>D-7xo;Ev{dP@+&biHe+OiL zySKMueIrUi%d7Jy@Y_BkOd~~>OY`#WAD!3Zz&#~WIRk-~_rM6jAGUiz4+rOX)B3m8 z^~%T^MZr`T57|n`v9C^W8njD`)akmO_6sm$lBsMj_&?<&(fGXzA-xFm$sZjZ@Mju- z*#iy9Paa9XisD!p&i;=VF0dK80sZ7$&CgGq!wS9g!&Jb;My!Mxi=o;Sa3djdF$uvp z8`e_^=nQ_Q=HA@SD+jC=p7Yi93Y7Du!~vt+q1Ub0|Vxr-(T}^9O{}hSl9#o z(t+RawRAAl#>srtgmXg!Zq@+oSrZX~>=)cTf36Y87WBSIrdIo=MEkEOmW_CT-Dd)M zyUUc;lW6=-cRVW2jJjfdQUke!w4!kMg(^B~1j*k{zkZ)e9(Vb!^i11X$PzO0t5psT zIgO|TAq;J%*Y06niTSvEMdgp!YC7yGYQ>?Qx{^fRi98y#Ro0onxaX9%mPYg4-oXkQ?N!P zpXi%5KM~oJ*dn^}DN#Lc-2TbYJ4%3cTXuYss9k;;^hYv+!uEMjb&w=8?z3O=$Kye} z%zy-LyAAugi3~vOc%3w8caK$a6!6{6iUu=%O0d9zwk=tNI8nd`q{5et3eJ37jJoTl*8K%>V59vB`b}d?XeI6 zVDrg1RSuAbIZobi`xHTJC7vJj4S3{d zJ%_=ExG0dC#>+T(Z zGHstT-?*c&0i`Jz*EdF*tJJ@LP1>95$M1CEQ4S#(){v?mHg$A%yZZZz1E+X3&igHV zceyeg7V@XPEOx&=HwPZ_k;pzU2~|FHeRO(Db||wLEM}4&PiVtI;2tAZ>=P^wUohjD zxnY_nPDgLoevxo(MSa}ctkcQ3P*gK4li5yh-BGJOw;O@LRr7CYq*auKbaa)R2BwJF zCa@}|nq`DLL|QCws(6DiNOOEWo~61KM|af!{N7+UEPf32yN4R|y(d~8z5tO+@G)^< z^5&MVKVbIo7MU0bc|q#R<&%LNh$i9z9(8TTgNsI7dkC-qnk?LzI^7$WP|v1a-zVpH z&0UJ(Ol7n6y_&BVv&b)fg{88vjxXJRyiQ=YUN65{19f^wo?;^_raIgn7)#>dK5m76 zC~jN@-4^P7KaHQaSsV-{|Co0e2;)-|w;PUp`ZW41_(h<{8INvX2qW%;n_=NW?RYg> zi_V+3mlpWZZ;IZ5&D>1lwpzf$O;5by(Vkookn{sRV9TQ9EPde7e4Dj;Pz|oQ?SJxj zN1hMomR|VtU(_3F9d`nyuZ&E6X-C(u_n<^HCsG+-JoBQPi?T-+*RH8K`NBGy$qz^* zx_idDjf4-C#4?b=ta@Kief{mnu3Z94V1u)h#|hjUcGS*Qx*Uaq@SqZZ1Y${^XjW>q ztlQ+)$iCl=(@EI*QPW9C1@Z!$mAGc_HRPS`@ukVbo=eO`qYiyC1CX@eAT)PAOM=Ij zt8;&^CrOZvMyiZp|4>%wcXmphXGlR=qd7hH_0N9qg;#a_-JMY@x}NwND9O2RNPr!7 z^N@@#0cnr8eLU|s=KJbLNG^RY4edy!-4H02zQYzeqnePC>to-zaM8uptYJ#;E;!)QhH)sy+J-a$F{nsft zH`StEVWRT3DxFlI%828(xM}_-<;a%2iw9E30Y0G#Xxt8CPS?4(XbCFv@xxFz0il!4 zm(W)TEDWmy`}luDYj$&4_& zBO}V2Kl?<%)BCIfEC{Xz{`~DX6{MaYaQuz^Yb(X`Wc!ksg9oUGC%HeSvxI zAIAZ+qyNyaJ&H+KU)l4CyK+CC(~xZ1JMjdq5KsM@9Oo&c6)ppc0Za2>;b0o&mW38Yy^r<6jfmLyQ5r3(>RhB;MR1 z>nNlzoQjf;aNI-dfr7 zD1|Sy&At@n7&jQ%^`{klmdRFpZl0!Ba2N-wgAWA%xmDL;d4pv2U-7_rb5QN8F>eZ3 zWd0VMU(icde1>TNK|UDctRIqIZu%kY4+(?nhZ?A^{Fpo9NNw$3FTHI! z!}3fUN4+`t5HI*9EFriH3?O3rkIARp+t(tO6rlc<+)9!CS-~cDH`z^&Z)~bRiSUwr zP!s)^^-eC|2B@&|JYc5fTSFsM`RT8C2^XiAc>PtvIr2w_uRR=-T{RJx888vShhd!X zgYqZ&PO4UeD&)|8Vve%zJ2nBn(qC~CR5_`DYm}_<4gB1=zBe*t(55M-_4bG^;^6Ip zhbHe8iIZ|fUtn6xh0c%j_je#J$AsrrqOT%h-&8g%mivUJ>$$l-?{GnQVYk29lR@mS zC&7+r1Smi-hn1mQ12+R}o5_i|NY!ktwVbbG6Rs2)H!AmKo2}Ud`-6Xgpb=B@Ox zc4IO%NZp(`Kc+2%?w_Vr+25v{GA5~^l|krx?Z=1x8@IMv(}bO3v6pK&{hh}OIj2sHB9PwPoWkS?hG9<-koDKFOKOd(PP~@*&F$9`m8-)mR(hVc zUg~MJ0O)U`d%Q%wNweZ6NhmZ)8$nwPgdB6}IP5}asE$GZXGmnV8%xKpz+slD zS|=t{AfX!gJ(8GXpw%}?U5G?2hj%x804O8wCNVex)}WfNU;HyzR0l%Ni6By~M&Bt0 z1^S$Pu{+;Ud|tfUI#LtC*DkpjYHyz{S&3j0CGl0FsYM_8xEU*4j^j&z{v6w^rsGT& zDNnNJ4lIisquSe2+T^Ew-Tq`wIJ4OMm8x6VWP>A_FD=w8GAP5V(6`b@XQ>REdeiMCw;;rK??$nni ze}6bv@8;YB&O~GAnYrd-sv9w%utgPU*WwhMIiTP00e*j~3ht|aeN@k)$*buS5*}(s zy9+ZNKg|4wW0HHVqgj%STk?V8hQqAmWlnkf#3a6797FGU;(ojq?BeQbb9sG&FX8UJ zX)(IEWeQIY%gxQqV!r9P|`LzJa()R?dv=q^@lm~p54(o4}4v!?}=M}9H$Xw%jM5i&iFGCIl-S_W? zLdLB<$5nURfS%hLcF9R)==x~^lBvk`woZsgI zP}mD!SH#8qeMtA(TGMMgZp-uw+kJ(6IPytb0PxABRyxIt!hLU%*-+g(9cj8#mQuG7 z+eil7w?*~5BbNa$%%<@$1*Zb`Cs*Qnk(gY~{_G+%%`f>qoXQWFK4M1+bz>;Mhm{@$ zN`lzn(%K`VZ64wm|v6-ifBgFGv{}`dK#;YfV2kKLlaJ%}ec;IZ>PJP8dpVy-KQ{}6&k|%|01Zny zxo@BFS#A2cbh^Yz4*v6!!jkjY%eb2&d`1tdYknT@?|xy1H{_k0`_0F`tKJz+Z>jI| z1kr+_InT1>lO*);YlU}u;6k(I>Y8r{m>0ZJAR8Ll8A$q=P=fDaUj95a)iM3VeMR`@ z062K+6aLTZ9oTue6Yt9yJ29ne#oDXD{1p3pa{4{u>f6Mxh(89{I@{tq zC@<dd|^y^DK3S6b0y_~8$$S=)3S*m41&U3cc4_X;hLse_N;93@K>&pc4 z#JtC*;@Ku^$hW7#2I1qYukO-VJwOCgiA7P3)WLdQMKgvutW!Y?u-qJ)>fb3sUEcQ>Dw z)Oo3$tn(drOjIA862^~UnUr0ZMQryEsrq}B;NC?Jsf+hf69VUVYo^IrqB)G;YiqAv zS|MoDLejTkRP$RWK~SMz5Xls~qix_*=-9>my!{^KOW)>~`1^AZBU1s@-p>FfGp&4- z@5MhI-QPLy3Qo;@CHpR~J2+Sutu04D_3kJopEJTZu{1pHp7--U$nXKF#kNSSXEYqg z$+vjys~dbtXgtHYmr9dQzL{Z{)R>-Dn$>^)AiGWd6pe)&uwp^)>St|@o}A*J$M0#K zdVqs5Ru9+Iuk8!^xVa>lr;qTf=6f1{7)cfJxit&>-t7U$~`Doj@UFse_xL+8}~0-_9=(NCy$io>3S{-Q{s z?(~nI{YMz6kW`0kw)eQ>&-aR7c&I1QrRuo6pekFsnX;!$h`rdOR>$nTZ*Vw%mn zE}V-k=xWk#(51vhZe(PsF1H9ctL9~c4m_avJBhLqM>p@H ze6NM zwNEFAPhUM*I|;p@REO>P6~Bixr;Gbnu8t~mCpTXlH8O1la-Cwk7LI(vpP!DPBV!MvVyRkA^S+!hxL@r4zwQUS%*VcVN8Hn@&iMM! zu15_QPVAXvg_^Jil!{OS-2sUW_o76XyPgd#+dyZZUfMO(G3x!OeWIDcC%gl~(l)h> z3TFZwOu*2@IR(ruEvs@Vqe+Ilt<=~8Q+`q87JgB6IR(_4F}641*#Y6wmwQLNYBk}m zP+{6{U1q-_UP(PsmYmEd=N`7`zI@EM+}z(}PR7yfA5g$Fk8LEBNyMC02_169)0m{Y z5=-{$K#>{Ex$-l}`aoT?hOf#85&&Lr(ZD+B%SCoR5Q=#of%pK&v=&tknT)(D>~l42 z`^Rk?9m`6U*w5M4eO4F)!h=+Db{@W2Hf9G*-9AQ~yre7KOR+K19TCvUM}eUoeAQnQ55xCPg?<=UQa%R;!02qm8KZ3a zX*zzVuvJpTCY$qy!1m*+uTf4XhQz*TBC-PND@QNG*Hhd7$`;bE)Yzrr0OoVfGnT%Qwo(LR16;XjvsiIDprOey^; zv>{SMzAGkt@nSq&wO_)anzLU35)R{zo+Vpo32h3z_$?G);mDLStS{$_!Z+>TXaV=T&3;$qZ*B>{OeG-ls##^&c#%ya$m;plCq2^#e{5Fc7Et8%`vmF~v5~ zptmb$_v<91bJm80(ZSE^>CwbHt;_R7H?BR%!V9i0r;wSGMDqQ^J>Ki(dUKf~t%vH{ zq@LF&3O(V-n%_60zA>k{j-F)D`g$8uL5q2zAqb!udnoKCO0dZ#I6(WxSD~|$@QMsL z;#+GR;>v!VmW8rjbnY+Tp2+s{80CQa202p4oTaFy-EuUbkRLp0E0GV>s2)&%n;wnD z{4PXr_N`Hf)`;sOt0x`%g+nsZOaS1TYbPAJF=fw=q}fnt@93%kWn<}T<*bp zJCs+UGoKf%TU-5+l0CqbEBIBtlePG)Mzu#2!{j&7_gyznpwDu|wCZwx#M zDbt2;zCv$JCV2W<_50wU&Hdw`Hz0ZemKN)@S&$p7iUSgg)JAi<;&r|J_MWywBh}h) z?j@1=+`G7t2r+qk{=pZ1`rD(M~V&$^I@EC|Q8Z`rEX! zf8fG#@D6Xs>IglD@KB(c)1XaYr?N!ZR#p_$VI82$uPUUgK1y+4S!Gn^3j27#uU&qx zU!SyM%pjg8IexX_(+M3qT+;VTooGN&YO?xFhrbdEnFdR0yZ$?5t1ZJk;W99j7en6Asg^d^<`**1oCO0*P&5STmX)voN)>Fwc>S`wd!ht7&ip!i<@zJ|srjosvil^iDA|56UL?h~9DhR)y>tt(M$$%>z zf?W_-+56?SgjuV+#f+Qu2kPRAi3rRl?BFpE4;(C*$RS+GWMR1=eAwVr4%;e{`wT;f7dDpIF@Z!c%~1t+_?-kqUzy81-@VSW_4^T2 zhi{6lMcqt+GHzuXZm>hv;ck2m_C$)O^m1LwkfJWeHu4gvFvQo>_JmF%->#jK((Y+2ACjKKiv;M z@?*Y*-qI(eIwe^8`0HNwHeX}EUAX=9k|W^( z1$BWT-DPA&yIAUAI5*d?Hd%gG-VdnP6@~?AK8k{+5_0A7^xd~Qe+b?4r!iJ&Qn%t9 zoPSq^uK2V0sTT-NA(E~SRJDh8y;hoK5+#ap$N`p^l1YPp(?-$ z7x-~l89FkDysocT{_S28=4?vOBpw%c z`Aaau{Rqd1e7fx0%y}t+_bbmlY-|RA3h+=16VH>PwV(y*+Hn3>2hekY{xbIJ4a9p( z{rOkpSNvVo1Qfhp!ZT`h$l$k$WlPLVvMb|Wp*zqOjdx8C9T|W6frIGjNqdlI2K@w( z@?K01VYf6sR_fKI@PW*TBs1mk%g|tYW#aMvrVmx6Si0;VKfHIkIw{XF_Yulg2BMe- zDWOX4;f8EUOEAloQ>$J+4hD7&C!qVHSD(K)mWHHE5cwwSHlYBCbCBX8!E= zZHf@gY9L?40&H1-}59%L*WnJE&@O zbu$9zgU8+N!B3{M>Jts{PdwXqQ0T3$RF^fvW!_gpt~vco6ZZ1#i3 ztBFSf=>^ksILDB;=Tn84_D73#)@If3@Z7EeNEefQ5?WB|IvtJua)p9#-a6-f8N|wWEy+`bl6WL zbYadz@VdXC#R6|d!!yqW%kLrouG^n zunTI{F9b(>qOS(SDg@a7Gn<(S79;i3m^*Mzlu?@*Zj+b=ER1JebfTH+v0?10cV*67 z{mPFFJGxDj?4FN50?IT(eFx%Y|K?mi10wxN#>`v`(MJBZ63$-f5tcY0-u^xqC~Z4_ z<#A&Z53^kptQVz(BMHmT|U z^fR&{NJs1X-sJURE)=RUPaXp6B)?tELr<}N`{JSLEY2_zyy<7qxd=YDk%{9YrEjf_ zv?7ZD4B_)J@^4EV?%Ce<$^KmGH8tCBjTy&}#8vVkgBr2Fy=++Qd`{obj`V?{b~el7 zdViHkDMaHJv|Fk7PCp4g-b|XZg(5D?(CV98UW_&NlG}1|x5HyNKTOCVFddL`#)%hl zsI@4WpFSUo-vXb%vPXiufYVKf~$c{w+MU-kZF89eIe) zj|M@t3Jm4&hT3}Z{gj^w1xm3wZzL+qC*;+iU>?KQcp{+&dARLEKJx4HK2$yrH(F30 z1sbx`n3FMy2k})ywIzosgZ5x%dp~1Uv#(au*1W+U3duZ=rUplO4@KT^|JZxWsH)a* zZFn0P*d1VR8+COkh^xDMnX9{d8Q8H^(5+jsz%DEdLOHW-=Fv2JBEtPT5~?@nfG(YbzfK99%Sk;K840ZgaBLxy~V14C2sxA2%|NdU3zGk z@&uF$l}_g3@Pq*pUqus{g_5vHMv8Eq7_!1>Ba0~Pkc&)E#T950i>#sXm;`W8@G=tH zMiMZAAq`BhQpkv7)e%FCr^dUPVB0`EKFIXjFb-3gf{9whJkYwuVj?23Ea>GJShTQB zMic0v(58skwMwZR=nUam&|EGuUQ)9NLxipnPe_BT--xOND7jIjbcWC@fmRwW35x>+ zJ*427WRu7b5GkDrXccHm6o7xYa2*jI9Ys34fgKXo4r<)(AOY{SmF5N=Lq<3ThwD5`MS&XfE7R5TPA zylzCl09*?NngYxlMynskw5oYwER=@f9O%sj@@NLM_=!|@oLdRxTqL83K&N}6PE7>itp7ZF>aMuyRv#X`P}%D`F7QK63pkHnN()p(1|N98CX zZ>6P}tujAGNDvc*z`GB-sSZ2N7G$}xbkL7Rh5+i{a;P?ulb zOZ?Ew?emz;Y`xJOM<}C#xrhr+Ye)_q2gv=w?4<(pC;SV4^n6yB7M6x(2va-LuQnq6 z^;Ck#jq~f2L=3=zX)vx-Vpw6fk|-Pvk*s%wu|5(Vr`D)pGBdqKJ6Wk97}+Qq@}=1g zK{Sd82w~V|A!EsM8r7}DD(QZ#5v1t@XaLY_V^*N8#hcY+;Af)?ke7)TFp2>yjx>rh zS$>QdEktgQAhuGxE-6tiLFO88N=B?E9!SGWD1eZIEhK7REUZRMV288#b*{cx2K@eC zzkpL??2GtI7$tBgQAvJ$IBF6|Ax5MHEikg5d%UE!Srk@vTm_PlG5`GN~@QI;;uM;&P%`Zk3_@E?JQ8 z1zm0n_z+aC*Q--o+|b|?1h##Y#T_*;xe_KPDg{v&8z{E|;~!e;fEOC0mwALP9ZJOV zf$VWaisgqmN}n1&f#D!AWI-Pkchn?G3~{U+9CW}KR?#GQ36L--0Kvr92x+F6KkCPD zRUrNYvx{jZQn^5;>ehyRc0bk!TRdt-On^gK1BL)wi6;=ubb%gNJ#_SNByMJbiG=yY z1bBsyhjVGPkuZzxivlw#0B_7ftyN@KD(rrXp323mKw-qgS1Up)Mu6%AX(KCHW8*tm z3=|kAG{YkCff$g1i@fm;wAmepsDc_p>HLnkiXFhl-3A_BuL0g;y-^yFpu=@u_A9M*C2%}h{JkhUem>R5rJxU`AuB07z1}f2G(l_Nfx7FWk7a? zxK&K8j*6Gtm@Y1r%Z-P5MkWUUCw7Jk_5lSQi>I|ap|e#5y+=_O*T*8d`64f31SM{n z4KXW&{jmSsEu){-a$fpNx-N9pBMExp+6J;1D`1q5DiWM ztCCq-rATbkqKI~$8e?@tQP9>EP|Ja~obJ#my#^jZuZY?#9vn#ainL+}5!f*7YLW$v zE7d26N5GT|{XAe#l>kq$D;$?Icu?i{qb0Ck1GO~(CCUAAGEe9vVxYVMA01<>yb_EQ z80c+09RVApxoLEqHy~wefVvL$8?-u*eq#F2GMCFrivJb zYo$A(fChy03U|;?Vd|m|GQ&=B>vcW~3V1C%phRm$V_6YBFi2A+AlyWPB#4blV@O#J z9|q;;2I*QI+7t)QHed6o|mfg$$B{U|@)BaXUTAXE7i$18HU|Dy+6Rk>!ZM z_2_X>O=X*K42C!yg2aT2;?S6(g%^p!B@{CV68dCejh^5zIq@2TAcW?I5TGs7>;$nz zoks4Z5Pc#u-5c{VpL<45gm#6lXt<{5Q<4Uo=?MM`DNWVi9O0%Y;j zsiMJ%T!YpS;mWV9&7W|in9PC6HO9-<-*vQ+8Z&M3tK z-859UB`(&wfW8p6!tqWGoy%1_4b-sTzy@Y(F9R2rK^qZ^hK?L@)?cuT8;sMll4f z3|b4-QL4@p!P78GsGwLOXmZ0+O$FtiAn^RkElh- zK``!B8RZ&e7$iJ7ORv=s01FAIIKLT**;sLQJZcd+0>J=MnvwIo9*qMaaxkDwrOHf> z0%xw8?jVBJN?Zq>Axe!oCUj#w3@n<`{D5CK0d6cR2P9}9 z>?47;R@h~tM?!E>r^*OYFd~8u3w_sqr2{s>70{ZHMs9TJR4^>2`JwBMECoFxjp?_SuH;dTYON9- zW8uSmI9ZIB`H`RSaeSZ^B(Nih`+@v{C;k8OWB%Jq0bxh44*vR~O(dWL3x_x{|K;YW z^kNWMVoNka6kl#Ou-s7!d{h77%|!JE&@y3)ae#D0o|Q`xa13f^0EufP7@$=EvKcfo zE@Yln>eqWIZY~u-?_{zpL=6bp%wW``jS?JYhE2w>h=CCrhtmKXM}VaFakN1JD8LI* zI3^^=EmRZT8fOPxOeBLwWSO)^6rDm0hg?)CH%>7HAv~fIo( z70KcPxrkxF$AvU5q%RR3E6DN~gaMt`Bs4;!7Lx}n4-@5)0hZH_aze|HGK>@3ku};5 zBAJSqUPKO<%*bg0okbrP#$0ZNCSq1Ou@<9+8lrikT(edJX;eDT1|b_>M#Mw^9-I#H zTruGJ#(HdSJdO-C1>h9oVuR=yO$B)#t3>VwZzp5~Uy?}P5|2nIZl4^P>@g}ZV@o6s z?(cXAn72?7k02&8aFm4P+j5Q{^iJ1b~I5XH7AqzHpP5!(lB{nFpeu2x~#=MzA$jEsYXg&rIa3u03g zJ19BXxC+pC0CYLckLO8LaV#qiB7tHEx+#7XgDNA-4_AE&g%aB`rIU>lieb1)8QA(mCgL8*W{is}e?$TE*j zpoWflCL0ow5(`l$rgMByruF#vXbKc+1RT|G)tHdg5HYcJDj(E)nOrE|+VP$s!OPi9JM~4wN?8W)t-BaaDMaz=S62=@xwq@Ah)gAT&nQA~^|oQK5|K)=|B$LIqAM#y531(Bdv zPoPpPMr%|`rP@6)J}-u`G8o>N8j3((chn+PvcN_KaPZP-h*DET2;2$KL&zY*sZ5_S z2I5_A3Y$d_1pzT@QVQZ8r6?MeyX**Tjp<|If%zuj6Z_E+Ajc#zJ5_IUMf_334Z--S zM7DtzGQ#4bX5gWrfaOyd42bdZ5mCwrS{sOJ?IH>*sMLbUk`vUJH3X+N0!C2-G+6-Z z1Fkne5z@F37r_pKTzsn@ZqjK}VWNmXE{^L|6iAV}LrRs8h^!?l0iHn-X^9F!fDQ-_ zvsoDi-Z>xD0SW{>F&P)+X#}C5N`Z;U;Ap&7poG_j8K>idZe}Q;GI2o?3o)%;(0xPN zE+Ngyq*xeEU=<)nwHBF&t@X-q7;yH~0s^p@p^Rc37KKLMJ1*VfK!wo;9m5RLLLrpc zhI9IiHsCU$p_q&amlM{TIZ`_{2*-ktFOx^TW&(6uv8)^~23Rbq(wKk+>o`TOk&(43 z22m(O1gHo&i_7N?$h|T*!7OkH^;Q!JK91_)aV-*aP-v9<>?$vCIY5FIH2J^_0HhmQ z!SDeIS%?n!2?I@L<`8s1!vQqQ2EM|9r72lKG>!zh4K<&HCB*S=8gfO%$qKW8ILA&P zcns8#DjJfh$$AyY2}MOgvY*98ThPcdPUh>ZNY%zFB_hAZ`7DJK&k2b5Jix?qgmPFE z0G%BGD4*4735FsLT0AVWdaOcNih?qe1XRXsf*4;dR?1W;$mh!l8gf7{faYwol;lR6 z@B}9mvmhk53ph~|HRxh6fLYBdkVffLg;6QO!}XnV4uxV9`WdifQn^tHSBXaZ2mvt^ z8niq;+!eqYJvNcR6#`BL22_GAze~y}JdYs7#dUZ$kHP{4SiYOV6L8sjlNv2H;srvK z$)+Lzfn?m|rUL9FpoD)w_#EaoRixF@<59#0MSKK@4aGGPHBJdz6-GlFs34|tdYL%A zfDE1cMzsM;6Gsg!S;)xsLGsW5jo})mmdHX0pc_c8m9u#=Psm7eP(m&q0V7fQ&=_1G zPSAw~P7{SE(&N=~hnF9Ht=Tm6|v)1L&Vy z0S@OwjCCA@qD*2gW!n(VudGw_OopuuSile2yUH#-~bT_9a^K;>$x<&3hl69bY!0?0N6^D+D8kK zn2@s%Q$S7-_+(>Hj<8|GBDqnaR6(1FKtPCD=~1+eiWcg00k4e@#8L3<8ZX3^K9og5 z$J%&U8wZ19fa;qGA>Dz!I4c9V8Q_k9lt&{BswH$S1JV*~o`7Hy2UIK?PX)xrM3NW0 zUM2^q!i2&&-R#jQL<%v1VB?d`E``wTf}Kmm{EeB!a*r`A~=;z)?htU1lst z?tu6KEnxEuWY9$vazidm9KcBwKi6u*Gt_vB-i;4Yxi};TT}u_aT|uD%sG{K}H4=%+t7oaCWOm5R z@r7k_0vVdNpwF8~u!H&*5w0f+dn00f7^H6eV!mEQ(9&aUz(ioMI)XR=`yp-Zbw zq(P+`gXYR4APyrZq1C{@rlOKVe81Xa#>TZ&ssZs}flY^qGl~Hm>|`> z8Ksii#p;-e2;ypPg_$dm&;b_>7s7`mOa`RO{i?7@YWMSe8Vp}5)`S=#m)_>r8(cC| z&?+GjB{mGo>J^8g9Ep%0rm#IBg#&pkxC9Y8@{uo*PL!ZfOiB>s*x4Gc#buBA-Atbz zM1Gh`chC|+99xssjugSDd@VbQgP#!l;EZ}46PZL&fIeZvE~kykH3x8BxdtUv$Mpg; zT@@8MI8u>aW42FYX~Yywn1+rW#u(4dR1<_Ix(2f-@mkpf=6lP86}PNFmb?9I?C!l0;~ zvH-I9_yJ;#Hegsvbl8r<#uU`BPy(!vXc;K{fbuqzCNlu#of&MZ4miGyZhbJIl`?<` z%Ml`bY!|(N17v$d7xYR60;0^yHINNqgyoAGBS7&B zc~VuThjxP@q;ok!Hzfa@_J1EgFSdHKu=7m9;H zj9Cn-_;?8EI9hl_V1f@?1x`Q*^37}(--yeY!wD4AOd>@nxS*LJVq=u zHECsRa@?kllRRXdNySu}bSkMx%M~yH63P^s!8?y(HGDD40ZQs*e^`q{B(v3Wg*$*^ z0l|;ijF@(k9VA2u&={hLl7wu9nxW)E;!B`1LiR9fgKyqpw*&G2R)A>V9Kr1Y!zV%oA()UMke#c`6M@V+F#QFy3Kg zyLd`E-Yv583^XC6L!Gw$BNackQT zXdfB)#yx9qRCk5(*HV46lsCe4)^&yZ3)>HL&+5%+*8cO`*qmSYhaC}wmjD3P@6p?8n}LH;|}Tq|DMJZm+xZKlZ52cJ{tr1^;z%I3t>AY7v#!n`X#5H*C%P|NPMZ+}@c3 z+xuLYeXIBXdpq?Xk(c2sBygi?gN_A<{;%8r?*kwM{(s^d_))On-lXe4=Re^}Mm0|O ze*S6sI)zR8ds2={E!~@#x*aAK>q+GB$C+tQEApu1)w_muU`(4kV9(dfT~a&W$MhDk z$Nrv&PMDP`^G|L_Y?3@tK4r^@{>hhKs?R_FDwVXKJGcIY{=3_gGUrZ}s^Hou=QBP z2OnL{-BiDR>E70Yl~acWVdasH!ICyzutZLs0wId@U^glUEi7Z=>>n;4x_fA;jM28}d{WTe>-P)Pw7VXx!RANF0LK-BeBkRyWeW^$Hwk^ zg|kOQ+yljL$|If47h0b9E4O3ir@iPQT!6N-inU7bGT(dqLQ zt1{CT_Y=hL9n0wSFe~wRWuI@0@s5_k*Y`Tz-uF~K`NE1333=ry4N49QU!SpFyCb3; zK2ZLg+%Ngkn&P%!K6H?OdRRPh&ZEBm_4{(uKU5ECa$-Qqm!~cA_Ds6n@728n3GMo2 zo_al+D0#L||Loet0e|-w&HK`9bJgvATSyb%v=^?f>o&gq;CT;6QcTAem;`ldl^eV?bW zR}Ag5Yy9vz0~^FEuKsIauNgR4`?<%oBCoO~2z@llDBl zrA_Zq*{5c^tmQvl51!fHrQMato!-gcTq82y-k&v6)^R&Q)Z@;a#Sd{O?@hKSj+lql zFE!^<^2fJF71W_{G;i6E;T3ld z4DO5#Z=HT6MYDH<=-9=r<8}_cQ&3AgJ%}M*AMGOFJ+9NoY5`+CorCfo|7^XwWB8*p z3+F7mFrwmk$^GpY9){PP`e*R+%bP|!7W5#tBYMV_US3y>cD-o(iDrBKscgl*futOu zEr&UP!C)&`twZ5vGTh&L0Z@$$0 zR8{FO{ly)*s7dtnl=1oE693nl6{wmK893*y#L!C|1KC^2)}-?_OxHVfDMRp_hg&0NsAGit&g!-I7hyEojftb6kDshSu`ym@iO^r_^* zt^1f$f+;F?Y{tW)_&jo-Mib86>{B=3Doa^eck1YP^jc0Rg*>H&CG%D3B4y|bpDLT1t&S%>C z$J;J%b@Vv!4BskhJsbJnPPd?I{n9hpjq|DP-zgKCH!WSJxBUAzEjF1qMI$V^|EOC2nnx2N80*MD*rZBDK3XVH!A=Wl2fRI~5PS5B`{RZCjVx@8L%IhEnC*4&Qn={`$Gcya9_hs1FRbU$>Gb8GD>t zx@)6*=w?ByQ?~>C|Cuwo;@11D{4`zbjPLIoe|Y?F6+XwXJ^1;}*p1wOxU-t&qsGi! zbZ?8ON5aK{UxyHWyuY&UygWkjJyCUZ3`5KcgQ!^sFxJYLp)B@J@#kJDsdp7TQyD>QjZl-{QkY zW~r{~{nsbF9c!>%roH^UwczHZ+|1`QCJrS1+%>jA-Vgqr{o`S5vRRi_Zjx-{tZJ?6 zfyeY6b?LZfz_!&UsIDt*-CvMB_JbW?6^kTxlw3FQ^zFU!L z12lV!4m0mwEz@J)M@=*W!aEH0w1{3Vp zw{A(jdSyLh-`C-HdnRWkqnjS`S1SaY+3(To>0kEbt@gfpTAn;HoGbbD_QsJ7iLPh2 z4Qsz1D_G}wzy4F=i>B|>4!07&T~k*T!8v~ZlbEF08yu?Kb*rP(KVNx3yo=uf-pdo) z$1d*8Q2OrFpwcJT%4fMY^1tNkDhquZHj_f(<>yB#`|_5ZdQd#EO46lBO-6;aG#2;68cY6(RA&utJ5RRp#E$!0u16LP$$B|$XHx6y2j@?(YH4crs5-Y3jh|3lIOJRN(=RlX?7g47 zb3YS?te6oBY?&s`>+mbyL9$=kqJz23h;ftlH|xCV!SIY%sG~c_DogTrPU+aKczp%Q z`mx@|i#3(A*Yr%azTrL|Hg0%fmaxM})~99N#78NC<&z(z-dJ=zf6LP4QyBFgijOby zI=cj%7H&*`HUUo^iX81PJ zLn8;z{yL@jAEoH$ z{p&;EKFZUz`O0tY zGG9NKcYaG|URV>}`K68F$U&LcnU`Bb_Wx*=*=l>8sbhRS{_Vlq;!``4?w{c|t5;_J zv7#M`@Um>){qP$}Bh^76rd$n`jxk)?Z zSG;?3e`4P5^6%TH(Y%wY%Q*XOqdP6>cY*bD(yZ%eig?Q}<~cjvBNggS4%(qUnjl$E zS3G!qy~mc*Yo}hR+iP?OU*7ETDy#NtgC8$XJHC5dDhrI@<+^Ll&+Qvi zFiw_yx41!i-GPQ_$1`$%(&~kdJ?AYNdbfY)YX=s_bCEB{ZP@aoab|;+<@AE@xe2Ao z$D%)*e+q0mQT9;S+qV5zM%Slx{ZDkpFZiQ$V(pugcS0|Huj+iMlj_cPJ~6ig#D^7& z>NjnBigmOoCMni-Xg^r{XW=gJ+%saCu2?4R>2p){yxk)RC9|6Kpmxf(MD-QP2fnzU zoI7m~tgiifxx}y-ZRqH{Q`EBf$FZgzkMEXw_Pal|c=Pbs9HwAmP)wWr_3O5%zMw}Mlh5y*o^;6nMCP6J z?((=X#c>UOai57p`At^O*vMI8xV<-aZvKVg&6jj;|E|H&?UIL^i+7JJrk__HP!yq? z6~DL_B(43$PM!2F>oGa}%+TPIHLa*Br(27>CcD!b3$8!$pGkUnETe}aPkH+CI@{r>*?(4aTvyB|G0J9Z;!Wo>d@Zfa@SaLFNC zQv15StFJzOek=>M*C6vQ>E7&P&ubs~P3{*3yHEcbYC5I(d@EUdqeqQuaIMkgya_9F z?8g=_5f`}I9r!$L-1Fk3^6kTComV!Zk(!hieB~@noi)Ac-_b2As}}U|V}`Zrx^VDQ zVddSXf$P6k;5P)GtXEHdKTUhhJS=B+Rhx&urW#5`Yt0K^43NK*{mET=_SN5i{a8O$ zH0a%>^j{U1D<9_DFK8d1U)6YWJR>iNYM(p;i%tD9Z`JL(Cgj)$d9R~&T?V~>{IB6p z&fh8YYnO7$=Q!CS{Ye;5>=U3 zx|2r6KK$u_dU0pbj`xpFH`_OH;+?>z9~TR59LvZ6Z?{|S-IkGwg1mo4~~S|4ZONhl~kK@e$C5_UiO-2 z>};HI&7QCMJ4B#N;HMzVpkn3sadRdf)AK2jYC1sr)mf=;DI0_j{+^T#$Eh>EK~+9)3+C zrw@MdVrc5koGlfFk=&nWbB7HZv~<|Z{Cr+1yrpY%>#rhsPG2#UCS-nEqSh9$Ab~JZ zj(LCw?{ihV@q5q8ykpk+@%$XpIQ@djw)}t9lezWI^o-QJ9OQi^+vh%B0{7yTzCv*- zZna$exb6M+@7gDK8mg_IRKEL)Ys}R>kjsmXoA#H&4vCm4T_@eGKg|%hc)o%`I3jQRBf!ecKv)y`SoQI7(_u z+%|DN7@5{h+y42EUVe4U8pw0p9k_JN=G^+`sRmV!wX~pY(YYZ-T{@9kih9Myiy(tH zHg9OFmiF>p-7c;fF{ckJb8GU`+$moNnlG-lsaVTC?H+q%Hhg|Jy#4wg<9}7J@*H0< z^38x|orX4S<<@`wxB9}bUw^XefBdV%U~!&ui0MpekBkKySXqspx*~I2Gat=vk@V>L zHd)=v-N&5aFF!s%%=_G+L4(C98ccF(wDk(CB|L9l`mgU;e|6cs=3Ov_8`C^4dd02L zmYeh{%<$w^-BWKpu{Ubiu&_uFArA1qa-ZIm&O`3{NcSf0PQ%90OQt8F<2BXEIw`i_ej{;7KSBNCl7^#qqWCi=UsyAuQ}e8? zqYnLrEB>*-O8D50Y9t#uaz18MN;q_&VEOHvN>^ zVkxoNCf@QhdvqtSH{w6|<8s~+{}b+~jN#-#${p4~GOX!M-~76{b2PV8yc*IB^Lu1` zZ<9oDjuML(z1Sk(Cf#1Vbf9eed&r@Uu6H!eTV%b``-!bzaG%I-5R^+cFt;W3=>G21 zlwo5E*Pc0*zppGC-QZGA8V#%%^;!DFTIZ*(Pyhb3RdvvP|MGsDtb8c7!GV5W=h}bY zDP#>ZFOWaZtlFLU1hwV8{=oAN>dDWVcVFOsUh9j#oSix(<ydsx+%KH{<6#Luux~Ce;sRTZD>?CR1k)qxMSMyfBHV{NsGI;(()E z|MKR}#JQ}@Es`u%6qj`txV52I=ymQgT~vJjJQ3l zq+rUAuZbt}g5jr8`kumbH-&p>if61$8J!BxA$38 zuC`nI^RuUxX7w=q`1&dFI!uRcUmp~>R$ZMF+PdO^uja*#!G*tIA`i&!F>+GjbjJyD ztIV&pcRiA|qv|DmBKseUUD8(Ztp38))=tS;U9ij>ea;5PHQ9ahm5$wXyyx=TdfJ2T zoo7zU#AIg22jbM&hlYKa3!1D;KPj^&ed;}7xAp+H-lS-E@4*bx*jww4=QlgObn|K% zlmN*0Q^z_US8vE6P`-ZlK{`3(-N?iHq9c;8?c@BRzlW+U+uM3l(+S^4xbEz?zimkQ z`vE(r`S#N(b6V#0Odfx1O1FIdY3V3_7AkE`!#l9FH9XlRZSBn0lfTstB=sq>Js86q z(V0+^-u(Uq&7KL06O)5-u*uKixoNY8_!MBL7WRp31Ia`vRRyR!}by4TWcM<&00 zkanYXUc3J9&JR0AN+^YQr4)>cyz_z~V{KU`b%KtRLb_S=RMv3zx*eK*%p3hj1%8h0 z@}~0Qr9EkrnOKLhB6}_G zNSDne-mLK%KNQml#b?(wJIQ{A?%$+cV$*Bgh6lw-om>n1)NCHXBW;c>KkQ4MDVRMR zT&*)UQa^9IMVb?P`=^jLvsQ;~IR-&Si%fj+t;Q$0Tft@=8dLWiBb31kw4zz=0Wg-9 zE#n#uP0SY78$a7H1UGHmb;$ERp@+G`*&j#CUwdD(j*6cb^)hf6YS4r@AJw| zjM{pmBKooV!n=6x7F|vJnn+Y0a{a{nko1anCtinrG7rW*SBxzS`aW-OwCe zdct?5<(-R3?T)f86&^=Jk>}x$Ok&yDgv=J$4*I#Un9tlWb@y?!VdjB_+GT&Y-q-{R z(aOfuou(Xs98X9YR<)>0ma|!A(;W@*BXcb4BH;%`F?*k}>MxTIX%_v#n{eX=`gJm` zPm@yTl097xw@!K9!bC`%?y+7%Q~r5({$2eu9ro=J%+@R&AfZl6k*#g>SabC2i@}=~ z@APeiXmw`O1?cK(>KUf2&+J*K2idd6dC!c-UTaAFg08-cxrBb*^WI11^i{owG~1W4 zIz40Defgf5rdGtC`B~&Z_11+`%L+;shKl~J5Hui??A{$uR0U7SH)}qe8P;N&!LwSi zWFdGl#&-Rx|3c~v2T$bpk(~>UFWY>a^{zk|pZKx5MfN&M1J3Bz0a*{qqS)l;^Pco0 zO-w8<-rq~R-+Hc@(~~w)w58AftMmCi50r7r$~r9QTmAChgsmMcXG(^b)lhb$WP5yu zo~4Gtjs3@_{Agb{dj83lJ2mRs%d!he%g-+ElULTO=Ih7Vr^dB-y`smy@qN6`+AcNq zza?ZAPiSjuvVLmT04TQhY3JIbyE^gwp2X^$j&pBh_@OLRu8ucBd^b&R@aiUX1P9^* zMyB5~prQ!o;zdV){Me1KtgEw*1V?_rOswqHQ%bKV8q{;n)Tngw^U>|!je|3aL81Yq z!;a?<)-Buf`dn=){)&Inek4J%ZEA9lAuo~Ya1GQ})x%7i#vXxUZNcb4w6O!c&aKbi zkqt!&nTLD}lQz^usZRp)sf}LUNW8r5R9V;5tut4QDvY6vP6*be6cEUFwh!|r=j{D( z^bPoKFNfw2?FK)3=i%&I>OZJo${%>9{WyLHvnW5TU7_3!Y0W`zcbRnY{m2@1-EJPD zO(a~HvbkGTn}5e13Ab2`KGCG=n(*bm{j;85&7QHMvA6TichxC7_QzHh->Dq3tTxb{ zM5rz{SGVk5c_DpWvwe$Zj^vK$*>jXBsj{+v?e(g4gZVQ`zh6x$n|@-_#ni%?x$6e2 zcB%hawyidsxbpdz>?L;}^!7S;OZ{uy$nEyqxvNF9>eNwYL;^wavWaC~=7 zS?a-^+5^)5d(hV(fsgj=%7!`92aUUS&@=v@YsXLr(0EMkO=DONWl_dUAFP*&ij}kJVJ{9CJweBe(X-VD_r#JHJ(Br7!)Q z)mYqmdUO)5RnFR-;F!qzKfSU^Jdla8Z#m&&7MVM&|4Sh%-#VzCFm^=hkhz?FnE~fPC zsy{Y+4PV|Ic`IH=P59*Ljum9R25;=TY!2clewuK8=uKUEDt+dtvT(GDezwI+9O%Ti z$fP|qzQ5ezVp{GL?^y4o)J1)Z+IG!6xxMt$`Ou{UIt}SzYT-uh0ei`?!0VyvJ)^oc zGH9aL&VKr*zbNM&U-q_H^4-2m#%$bD-#oht>VbK~hCRT4WMyUz`|@mdI;r3&GULp?=vmC+8h481$Idsa7dszVR+D0}4O;X}tBo(W0Zyj4AC+ut$g z5xb{$5FM$v&)n(dm7(=9t=yI0-;c;4j>_#|@<%!*?tNa_JEe`eF1qqT z`U!OLtjS+%Bz^krf0rLxGd$Ej*uB^6cZ|8^ ze=N?*Z+bVm)9y__Zhq}W-wOZocZh<62%B;n|PAlRloA|L|?* zao@A7zU!8wF5-Dpp9tEQFEsT!HD~0-5xC^L+e<^dZ-uo((oPi|?d~i=f2$hv(Tw&z zI#oI4SYq;=!HdVNJqWLdAznY)ynp24-giS+j<9`scJ7t8Y?vml?0o)o4{5wXbkep) zF!b>Z%*G#keh>YKX=3`NLA3UDb*p-{1WTP3FHkpGKC$+dM6|Jqa~%<5OZwo9Wj2+s ze42@(&)w8GJI644^yR89hxZ(-dtWtUDmTi{9a;Q=Tj08@ENNG{dYrc7^iJ#kT2xX{ z`}%IDd&!kq-E9{d#NXT_f9gJMarbi>Kfkc1tvE0RAQu~p)-Rh?!CPxSGIRJ%gD!h^ zqsQ8^l(d3W<%)`tt~h!tW1^&l*0}4qokeK^`l& zklTKb^%F$o+h7u+8jkE(zhBy!qC=HkuU60O(xomV{l;g2Qk`mDhvr?@t-15IvBya|s4ershN5YIcE&b8wf9{=O0zas z#vM#3Ejm+j2Fe)`edn{q6@yXttEcgH-|r3O8Qe0bkB!+IhfG%VYbn7J@= z>pR6zxjFHU&_gaxwl&^;yeRWP>d`5a{{3T0N&5eaP#NEK%G~^wO*3I=EFF4}it27P zsF#_eZjsqEab~lQvm3R}ZbE^~jd)$_hABU{V#h5bR_GwVT$lH~ zRBsqAd0)EYhxcCd*o4jr%}R1a6(63Qx8SSQqnocIF7?r}Vd_`@c@I5w#Vlg;>$7%~ zw>PW2e1{b6L%o!5D$9RzqD70+q7@an5J_)6-+4U$$2MYR_T{sm);{NrD$4kE^y;#g zb7u)x4m(;$z26Z1_{7SwHANq)ryi5c48=cunR#47YS}GNwrco;x_6EGq>!rbJb632 zpkLw0XVJ=Q3*PDf`Eq+*4)qej1YAO35EWs&3KbbL02b*K!IC(+s&kZ0L)} zo0g{U>Z(tku|wVV=DKdItnP~OEo-`el=M92Ju%39$HUc9IM@8+er!D$Uq)hjgO=&t|X5ZOK@6aQ9{0j6*D!#km-@g2|+pYf(b8i_| zW!H9%3J3zy9Scwq>F!2J36U=8l5UU&Nd*=nNSAasNVhEM?v`%phHozK=l%|`G)_3 zKC^m~D;_i-N!*rXpxv4x&{yQsk{es~)y?tXIE0NWn0&x`tGEB_JJyp#CyFwWG%U8h zpHXF>hwS_AYAHW-Nc_s)NU|EMVDkzr-@8dM+2s;vBSGw_?hMB_95=QW@lQ;`LR)J5 zv~<7@d&$bj8>DS!SdI*PC*HVR$(s$p3KjicRuB!d!z?80=*gq-eB zQY0Bx5N)D<=$j7Obg}NE?fXMKnpZJ-6Zo^D?k6}lpEq6& z#fr-$3(>r|a(i{P%db={`RH2UtfH{*A?)PpsGPs)6Vr{qxe#-cCWijAWD7m^cJ>vY zE#`G~;uw&&8BZSVB(! zLni@>U4P?X+dpO>0l0s{#gVBkG$-+_pxi4NZQr>>YU$4OS&dmXTxBpfYA{n-+~W;;qUi*Gn!dN%E#vc5l9y>Od=2F*wI z4}OXosPmCky!=B)zI)TA!*iVBFmo-Ej8>~HU01cIS%BL`Ov+(`y6lqa7U_`gl@cOQ zh65#ylt(oaw($)zd;C3iL84t&lb(s$=Ep>24lXa$A)0fU{+Z%*dqr65&jSl+Zv|h* zj_d*MG_AuBmKfyR`!ZI`q|!2>G&Nh}L7Z#{c&y5Vy%!KD^u`VlON z&G1!rP%Lt1;@+GF{)Am3^-A^`1iNVpI>0LaJ`aDA)Q)bicyN$tQsqNkGBXTRHGUQK zRM*oPnDMQ@(e*%Jdb}J(<)ibH$)0JN;Z881H$cjGdFtRxiv;PI?INMH?|iT?)f}jI zQhi+*q~b;$OcQze`2Krd93zdg>925Cgv>JY4hHK>2L$!x=7_xE%tyQsGN^uw*QWus z&rdz?UgZtfBOE_GcKz|vlNZ6;Drw<~{aRomjE89W7 zhtNHx*CoSh2%H_|obB<*P@2JV7d|~+JF@jX(U8bzlFDolB8cyg_Y{u4dhZaN0)+B$ zt1h1?oA+4aLod4$s2?rqmm=cj%4DZc*{wcz@&1R3LLQTUdtWDlHYto`{{6%F{o&RtwL=jTCW>L`>ZZqBIOfU}K4=G^HP)Z>7ccGU~t#oB7UkR`uN8 zI#Sj#q6D7sGL+gzTpKa)dO%Bcg+lgMM6x>2F=3S3F$XlpD>fyb>k=vB}`M=9bB79A; ztQIWBgveem5rTc3L1Bp<*3337MVZ-J9%T-zu|b4UEyXWmrbv5FEpat^Q?DJ4w=?7% z2tijZM))7X`lMd6vX54M1B@&iq-KrNEqB|0h(J_A^!*~eA8n0u=&>tH2^HHM4n%IF zMD_Jl>GUTipT`{nl;?YEPQQ-B$&>@wE#qyFu$7mlTBGrUEf8U?!9kqmX6w%}w92Gx z`gZhg0snh>1LA;*y+WucjnIn$psaoj|5jE|dyDoKnn4+*ydd z>cK*nT{2Sj0#Z}sd+xG~X@M)<#`d=(?rX)Sb)Lrp9+S+G*FS6-BH5cdw<_1F&|q+a z5(cq08ijh>F2PNQ{pVUV{HK3rvG_bsa9-S15EteswtjQU{j(RyUvM?8X3k^4#je|y^e?JhC0P&)YdNFt6U0Kj9hKjHcY55Po+Q^ITLma@TB zJhwU%O*9cw;9d6ful}U90Z2X0N-krD;hk;=SC%9l zvt+{WO#!}{c&YjyH2^Oo_{yv;TM%60U+mJ<1Wr2<1Z}t;c-Jcfm$R4yRMUk>Gm-dj z^Dx0z4KGc$;EaARaR8Ps#+#F7!wb|u;O|tpg+l;b&OQ_T$Cf~+9uIz!7%lt~coT7n z%xVP$vaw8`{QMqp@514|q4byAi#IxY#1vkp!Z=WVb$!xOuLbXwYlUm9^Xx@#(n33U zD`$@nz7B`|=%e9~rPfRL^CD`5L%B~0zHl=?ZYPFIUVdu19ma3b6AgY0ll-q5OX9cYR!_3q(fn#o! z@Rk$3tB1dh1GqTmgOeOz>STHBAqIY!*DL?^XpL7(Q(h{}_SVh(oXJ1&)D3ItaRY?1 zz#9k&#Lm?5H(u%g#Hs~0fPrZuKAw$6(jH3$L~(@>l9iXptCdSH4{e;m$&LJnG-2@a zJ(*Wri&@MdZwtp5yviui$6oC#+eX0=wTQ5iR2PduT+o3OO1*rOfGA+jB5(C6 zP%YkdyVIVS(ZGan!jY}P@>k#5&E2i126wKGAizFeGh)tu2Q8v_M*0WO-x%r5=lJJf zysfLYZrbn4#&aKOGHXNv0)eR9f>Aa2*BmU`$;U6$;ngh!LN*Sz`WYULAGwpx=#ZW4 zqAIIM&?{$oCXH4=b;L`XQz_HVAkS-RRQ3j)gp@?rCaG|C)IxSi!T#px(rK>glK3}` z?8gsi_&YQS7PH=02hjE50#>SaDhTrX<HGcfe-&lBjywt|u__pdaA-4aB zdW#eP8PaJyqSPJJl<{nepxaP}l9X%0vpSLHDfZa+%}wV3V1LmXDLLI$FUk@v`_&eXqXaX4Ij<%N(eS!oT2nh zdrr`|V(F&YCo}uL1Un{ApfK9k=auBmTbJ2x$uwmekDe=hBa5g%Q@M{M9*w%AbJBolRPdVyF`M46Q($235N-{6oFdXYz%U`}|?=zFp3`#Ipw06rz zltKVMH;CR_1FETpK%)^a>MK%XJ^e8Ro9da*%|(viN<6#qZ@_^BIP{~dv%PC7nKLfP zy~{F_8ODClBe#R}RgF{o%M-M!Z9$CJ%0A(bVUY%Bp?9?om(N6)l~9VWL7YPy$zEoG zIalwBEXk-Y{mpD|xKxQye!&ry%DfLxh}PO|^f&+e8O8^I?h5;yZ(Qzh2x)Y`C8Mz# zlZ>WBYU4i`O~+&4vi`(f`SH)y+T*dUA&RwaUhx*-x_8uSn>CnG%4L6|ES=0D9A>q zl2vvrZ&NK7!oY1Cp~m?lAk)3UROFF!WpdID|+ z_jE|sCJ`|kE~piw@ZQI>G6%EHr(2tm4rK|*supH;ZFfJj-+g_Wasc?)?t57|VBrZx zd`iH^_}{#H`A0B+fB!${=P*FQAi!|ln;`@QfXBfmiX9Gd3_rino9lV0*Knx6!S1Zf z48Z}x>+eoQzxANX49m(hI_>;mkAvxGU-tI{vPDUP$W|NjN>33VZvI@6hSRorL~WAd z20C_^Z-;hgA7u5$;v3gjzf72kAk3Qp%;9_v6R8G2rKw6o!kU}f2aInPySf8B+43Zr zPZBC{kY!`V)2_bZ0B-P@o;XbTioV1|dog&#f~UiG` z%p6%X27oB!;W(mhn^@} zj{Dwpz7FVMpqy*U{_SGEE8uUEKgxj3-gdk5)HvomF}<%0Irc07maf`=RYs)lu(td9 zx%}BZ`_RdzD~SM6&2G}+4jMA-;Q>cAc@T*{sOm0e=?3VGx9NjycE)nyB(udvW60Va zsoby)V~yGT{b$;+)^gf$w`Mzk)>2a-ja%@<4TAoBhq~ zps1m9+=S+bRmDz)FKibc!TQ$P9K@zOJTGVQ>V|E0oe5ZUw3-wLS;aXwU(-Mo=kElS zb9(a@3Zv)|y6ziwf?VE%XkG?}6EqZLpi{2INcgDF6(n7R7{?P!Q|g+?{&R`mjDw5U zX_Sw?2&mN9FUJ!n^E*DcJ7q|J*Oar#Wt34MjaP#>8$8+s-8oC~3D2N+HJBYlrS}g8?DST)FFAjGr4@zV)eDnA?}eQ3 zbPIjHw<9r$6S)>?f6n%&CcHSaQ>OUIFfO*1L&ejuL=&URqG-yff4 z^sL;Fo@9K)5`c&NiXOg^3fCmyLP?$AT90b_L5}2Cy?V>t@hdH*dR>#*qLM(Lq0}hL z+;?wShN#hgIG;30_ytS90zvD@>$4gsV!2P7eBZPi3LFVQYZA=&1so_zcNf-M2MmxG z1N|K+H2ikMu+Y^AQet}($KDgTm+D^`_1u&Jzz^kRg6Jz(sgw9}95zqn0Se*J1s6u36nViUTJNi2 zaqxd#de`p>zLcSBp=Y!{Lf%Dqt7u^wX=4^>oM~QYp!skmxHMTfh_zr$weEB79^YpI z3(h5kv?7tev0}l2*Wy1sg}*9v)bD=654P#Mcgy!y zyQ6=l2=Y=2djx(s6fwapQ`@x|q%h`oOf^QN5Pu-Tsv)`d+~>mqi?(kRet31Zbo|<| z==s==ybck!$B98VNm^e3bA0zp#z?B0fJf*1Pu#bi@4G4boGpHo>Z_68lPFr-0S1`K zIz}wAg-@1T3;ys|tTX!oiC}<3*;a)&B4BQx zkd+M9^nTc<EDwc^NG3bs#Kd0Nr5W(D}v5L3w1(6@VApVVPEtMW@ z{>ugU8|9K6J%>2SyOrDr1y8br6Fs~u5X{6Xybso89n3POeP51g&9Z>$o?i0TTEZe z&_@*#NQ$BnrBI~)9_yTl2QumZXIO3&1%ixtRRn4zY8!H{_g{KrOm(FAA3iU7i3Vw~ z?#X^i3mW43iVH~8N$a>meWS3yahx0jrT{z(M=~Pa zR0in-U=t}sm7!M-Bv0*GB8OwZN+=7pW`Me+SKd801)jiYz$wW|-;0Qzu#Gu~vQw&x zi9DtxSd^L!GzJCa%GZ;+j+5f|LqvI7?Or`5~%_B>bIx8T?rE@b7lsR|@WV zxiPdt4JK@)qCbfN4oG}3IdF}F|AtSv;AB3;->=pF9?b-Y2TtK(RfgXs_{?(;=|P33 z&`;ngw8^thjK7CH0}tZxurs;<+zBiLXz*p=A=H%Sud#uF5BS_K8bV3s|G*!XD~7=q zig={O_Ddp^6m-rLbO|va6GsiDRr{&)!b*&w3@&q@2>9EWbq(+&H%^;}xFDSVzo zlmt|E@xR$RDxeub5Dv2n{vHkYLinetZt%=q_n1Bt7i5^&41gYn{h3wwubsluGte5{ z=UJ@0)P{u3Lf0Iwhmc;fzjhM;X7$d!?*UUL;O_R?c=cD*=18`j{Z&D0tJuZ$^-9A* zvv?$>@SIVY^D}f{$Z!ZDx8Ug{`r8ZtA#-}wPXMk+6rY2U#3wvtkh!$qUY|$NDLoSc zbY#GvRJxBO=PgmRdLD4D0NUd1v|u_0A0@h=OFbvO>TS3{;k*q{T@K-TG?7fnu;Bgq z2IJ09T-!=<0X*bzcp4mKCT#DW?NA zGSINoqF|B*!Z8T09Ol(~tyP!dwr@NBRyF`zUO2)1S{{m+1JC@cRLn6twuEhmGmzH@ zQW(p-y5jN5+a=NYqFZ!?U@UlxkCLLQR|2A0#CeLq{dsa;7!L9Wr*N_N&7lJ$g^@WV zoE;m6Cw|mn9a_lAb)-%;togKHxEcaT1A+oKQ;?g8q+3!(PE^!G1G7%nGOr5^cWw%! z@V{f`4IJ;W-yLg@k{y5#nq=G5ytQyz#ic2HP8#peVA#_wX@ed{21NIatZFv+92i7& zKygmVH>Q*fH{AkB#UG&UIL-CSwuEc?%Q2jX63Hj;+F=$W0-ACx=Pt-tySL+$G()C0 zh%f*fFfmz-)q_V_*CHM8E8%qM%M9IM23%bmHXJ~;Ba?qhN-c#E!=!@n=mqq+(I2;L zDf1)p;oYBQ)T$?H-U|NhKJx&m8!UPZ0R*qgiY&E4Fm95}4Z#dyU*84>0&QaQd=q~0 zZ;QUQOUi*+YFyum&Ie$n_L3$;AwSEhl0sSP;s(=J_WN6KSe5WP<>L7=`rQ@0(F)lHRRva%U2~xB z1fOcNF`~*I8oeq5SIm%bs7JE%Ge#@4_qg(|$!IP2QDL>;U9*>$DF!8#{~+e2k-e^8II!uuiOCZAKhh6yI=!-8sDVKe!V+0ggiA%Ym0 z9|8MteC!9ax!7caz!kLpxL7CWU1r>rqqr{6KD;wZCtd!~mm#?+3VsC7bvuv+ll)b$ zI&Q5A+6}EjyBmc-x^(mlmSJhK!#7}XohE^$-GAkt?$7?74zRw^Xu8{&7G=v)(|uU7 zh`)T+Q=#lDIdZwf4Gz$>P+zvuOzRED@ z(81yz!+U<(OPsec`PkHwSJ_6F&*x#K^a(7Ym-x`)6UX~`JHFp9 zM4fRD@oAJw2Pyb*&hMK2DOb$=#DwattW1FJUh9}h0$>$v?!8aFlG)|#$$fSC!W6{8C#SwE~tn!Eo_5k$aOMu#QE z_O&JBA`Nlc6Ok0Kl}LLMk{$k@R)NR(ix}7v$sf@Ec;~KfUd;0W?Hxp$crfTyHeZ4pxoc_w9 z^Co<2LTXwLXJXfym<`>Nr>H%airC=i)-0d9JvK^p9^4)xL#*3zQ>6vZ2o@Hpy;r|< zv7mclvCRi0wuIOR^W~P4pt$pKhnPu?QYj<2JZzQR`4f;O7X7vx1*hY!)FEH!UW=dbb*jQ z{fNe&vcIQSe23Zewc+B`MUaM#bJ7}3?5p%R6}~)}yWRN0X5lzq%00-gPy2->O-M?2 z)aMULOo5iZd)1HIDiW2N8IiS5D?R#+;YXI0)>=GNaxcPF?G*%DbgHoGL|LI5ifQRD zQ^$G+El&WE)poHJRgv(m+YrS+K(ClzcV%k--^*B~AWGXD5|@z-lQ^~*vW zB93H3z@?umx1=}ff@UsU7er9uy-)}qul#t2lrt0Dm_O?)-Q!HECiAMl=o94pD8#grP>uAjvh?5+}_|zxmiR6N#9A#Jwyvg@;+N-2Lku73YVmG zn@@9_Jgx%ham7V|_u*zRN(R*Xu*4LvQmLGWJp<3_MX`cc077gWqaSuZHD|a9e&lux zePWk`3?d2{m7UhFFnPT@SEq7k^Ok~7RM2(TesgwQM;NAE&kcSEwZuYf_k9m{NT>6X z5hy))Y+y@JRepsdUBhd)jN)vbnKYSr3}3IM!T+th~7Z5O8*GdTia07~ic zJaSl|N=A3ZTN39?w#Qj8r2SazqPWFjXxDnn{x5_fN?Y+gc zDf&glM!cd4lYcx;5rTt+a!H-F<120xKqGid;wfad{OViEE2D^0ZJLEifJgW^G1yzb z1&#CMa4pe8x$l1b=l3P&h1v~7rG}!d=-{d##yY&W$$6Xaio59JHnU)cUT*4p+)4Zo zWbiV`i|xjL!KnQzTNIkFxpgw_wA}t_kv+>rmr&~EkUp>5XT+QTpc90mx>>JWfE7vm z3kdBsA12wFV#p`*bLy90v)*g7Mb89k7E5}pnUIG(ANr68HHh=*%B6t$O|<@z># zHjqL7i&YSdI^W?WwvJS7h*f`QWolsB5lph1CZrPgH`d78Oyx;N&^6z#HRqb}99Ax| zkml8~&2v)2GI9$aRN{M6yBa9i_fNmlSTie+=U@vZS%<6p5a0M@3{MHAKBCdh|)Qb_0B2VCK*HH2XPb{5wMi=P@bFzcWKaZfL-JB0lOlvaT&~95R|xT3#h1u z)3I67Pon-jA<|iY0?m7XTg~izUt-JpYy}^F?tcFD-MnC<=RM2CiJG}5y!iNydU4q6 zZs06e8ekj3sxCH3@Qk5ES7}5$9^5C%+`pEw2ux$CC+jG@P0A%fk17F)9R}3O1TnnU zQ#ioyLkfseZQf{p*sF8OL5AKJp3Rd_+TUH^5)|I3#jBKi-pa~vkCMtMzQcBy{{xCd zAPBD7=AENasdG5Ac4@aNeeI;gXodHms@Lzgv!!~CV&`NuxNPRgvEfwE!Cs9Hb5lnC zv0z*lP&9653bYAmEpIJ9)W|2+0_vdDZfBIc-C|=>(LRA#`pFYzI;Po)QvJvRwZaUb zVYxUNRb;nc661P5^Z;l-IB6h}TD3TPmgBGHG|P)-23InhZUYB9!rufwLTp@ipcTMg!JOZ89Qt3NYW=;R00jX- zR{h4JcrZpAC?_hQ!PvtHRVe>ZDkP@c^~Q#h3qBW0z=X1<2tWy=VM}A*z2VC~oQal3 z!0-`XRXi83#o)W$w`@l_$r3;w24W_nj zmneG#rPveIxqD?m^0VT#sKMmS8dz4z;6`$aRQKe&{GbXEtNUNXL&DF)AROT8izDiY zvlZ)7Jj!$72bNYbdFqcq-EnlsI8&|x4NGj;}11i=``ei=*ZoCV{#D_Ue*QjEXT@k~B zh+q3rU=%$>68r7?>0SZr=w^|-bDzQHwA{I%OER^~=%v@pz`$z}K;ut+sFW4S_TP0s z)Q6-0Qx`;mR}3p@?~OV~^i@4G8>*x#^`1Hzz^ex!1=27igr1dF%SAe8mUtgtoig@O zam!5S2dUveS2`69MoZRSW|rIUy8Y762(KrVNfn@&`KKO7K73ES&-qV9j>0>KY3%>p z7tKWv5P)_m7yUC@oVF|4tMVo=Vn+rk6)#%u?+RZr0zGDsu;*F&`{4{gbR` z4uRo)0CweRmS-GMvT9eM0Xx2NmLDieai75Tv0 zip`+)!5V)J?QRF9VpT&`S#0sM*9jc82gs?$wnA3=45IbW)X%I8lbsQwtQm6OjN0rW zQ-#!K2mHlZHOR2AF077W;4?Y(`*gb=c=G&PX*;vgCVm0Yu$`I6zq{R0lPK@uehbLg zGbuSC)fN4jx6Yej39VjPg z?+OOsd;0!NC#q)i>PD&lZZ{q-R;16S()8mzj@z)^0RS{9+rE3d-BWcQq|GUOk4p8M zUfp+%1H$7nj=k6Ux=WI4ak7BOLx|Oq9jTMNW)5%DO4*^=1uDucSp09c@c4M{AfJNZ zfFA-fs;~Ag+x>)c32taz-GDU>Q+$6cGxW*?=)54{QDK{H( zzp`HCCR6Ee2+#D(ztXAXmMiexflR}>SRGQn@)H(Q9K!DTL6k797f;kd`2-_5NJvul zNuv;q`5Mcq;Qo=Dt+CiBS*`0~(RQUlK6)sTuz<&#c#3C(<;)H7HG5at$D2H6i3NiY zn2S@+1M!z5rv2ab$k!%cneHt~iE|QyGR9ym*vU3zm3moX=VFXS`(CP>GpBX^)fF!2x+_^pmGXo#8=~topyldx_D# zIvDI0o0Z;@0`pau=}h1K<>jUZI7jQd|!2hMzVw$o%{giOmYCj_b|OY)ICpV)qs zct6)fmHLm7sNqp;2RI-|-1zY1Cm;-_`v18GW+(d8b#Pi+qb34836>;`!HW$@jIEGP?OzX9 zK5>KS4oX1XmPYM5TOYeZ%0;(|+lFfqXA|U-CnGWAS_M+R%+KAYsh}ON9 zjIu!yXZ#_7MwFV%%=DAtnPu)wpjtKf?i1V(`%nWU*Z+`kgu0H(bF7#`c z4*#YWsagt)r4|r<_7=dqJd(~J!7*YPKbF!cl7yf@1t7`oOjG6onfBKDg^u6o46Oe` zv0!<-t@;)VY9&u%5J4Px5sT7^`?~JMvoJ6MDp3B?9B<8Zmo!CfvQ0r}K2V)2iw%fR z+N@G=>En4SNnjrY4lH@AG{Xk>SGekr2PylEY%koVsx`(cR!kms!f#5Re)4%yyHKwN zNEDoCV(Z_4N1e1Ft*80-?rBPX>>c1>k_kV}gBUB1PfX-TC(0A2d+3k`Jr#@L3-DY! zyr8G9EEt)?5cP^5z!8%o5D@xJrGQufPYbSp*IfjoXNUV6Q3Sl~=i~GoQ~_#6D(IG6 z(BFdqzoU=GFv0L6+m?c4J3}8Qh}qW@7|X|8;F-aj-XUf*$WCr?6%+c0AVlpRZbbH` zpHgyl>x9pGpF9IaD2Kq+=$;p#ilf=`37>C5QO81yfUWqSBYCG@_i&HC$yOu*Hq~(Z zXbkw+@{xP>pMGmqMc1^=GwuVxeRHCt0=Rpn7uZqI;*!}0#eOP-s_pdX5kSUuu>O6* zU=6We(Y}@hGmz78g2$9Inf{U+S5acen_({mxJQ%ZG|Zn7UFn9rj%0z^($knER$M;U z%B7JMx~131AZkSG6iRr5WK@|0&QVX2 z`zH9v`9C%YBkO;^U#Kn5mxLUyzi$lS9`HBD1+UF@y~726l8MV@3Ci;Q)}s0`qW+wM zk;6>*pN{%}ZTKUCvbndgBD}AT3iq!;=|Sssnx&(qT;~%AhkAOqu!-gZ*!)-hmr@5g8 zpOeEa07HdaKE^^?f;Am}qqrT7RvpHRTH?%LQ%3YC%+xj>qcsU+fUWbx-7Y;SI|QkF zhtxGrP|5PIyiW`^a8G? zVKi6#ew$A9w$4JwJh4V=<7D|Zey)@eu2DExXc32TAP-xOyff+fHkf@&lFbfm$@>Dq z<;`Ce;UP1@tE)GTpa?!V=x^2*%dGPjI2a_Mpg}@n){nOEH7U8sw2lco2gZAcKmt@0 zFMxHM%c@443dmSi=8wJusuEy+Jvz6$jhF@Qdz*H%QT!Sr&ZNS~p!k8X%x5zJk@zLh@>fd8lw3TMsTp;uAo!%o{06*^XQRkqD$dGRZI* zdFz!NcvW;ckCX5Q|2h^)AZWlh6b70UJ87O({?ZgiE1(#|WOZUn;3LV2a^3}KyJa74P??f0gvng? z0=Ne;;fo;zpBD2a7`M09<-I})=H^X%ivLf8|9m-Sp* z3KC+txSdj!exVtDPZ$`U$r3(%m>oBE?@oJPlw`^~{k)-jf4%Sc&x0h-jR7yt*9({X z37n@hu7r?v^4<6-rS?5+b7={8|Vx*dAcPCd)Dw@H3C&S2XH@l_@&5xmlA4TdjF<`-XXyH{`aWF z@`sJ}2#)nV?wqf@FEHX-u&FrSFx$`B&FmaqZ4zf$3?jU!`dx?eE&Js)WfwgP^q^Q- zd`8$Y$(cmpO#zqn3vbQ!Yq_Y@o8=(Kd;p+H-hrrB=bAH@G}WoVO;+3VOFYZFT1w= zFm_PA_a-U;GI02bIwT8Lo3O6kPT_OylZ26cnu7!o`;&m(#oNlNO*zIOy*3{$+u>(NP*#+b#$a&8hy0LO}iH*K0dQzZ2e5@VfEx9-6)E4^eJO3 z32(h@$NEUd;#>R*|Jg?84MU{K7|#1tu7Q(q#TuD%a=XK|D)i8L0w|IZNy+=bb_WA! zSPeq}W4b+r4?o>@z8;GX7>~rqFlr2Nl>n~?=pcf{wL2iEQ$)DkH3Cl<=pbNu@7Fei zY#cf$9ZnLp1^fNG`PM_~>a?#;=5G@C ze(Sf)GT13lG9#DLzW@{B>FA>~`#|v<&ztxvk0l}`m{z4}Tv;e8TI4SVQR|r}PQj)ydKTSw<|KP(AN1~wMuqIODn_xKy#BAwlD79O@j^6GQ5z=WVz>c2mygIwzydw*p3 zVvS4yjb=_*w7uBOjO>$o+QU8hZpE(-Acg`WtjbxTE62d6hJWVw%_ZQ=P^1yFyqj{k zP2@f-t)ve^CzSnD=WPqT2`SQmf#QTi)A0td&MRLzE-Y=Hak!;T^ZI?!DCUodCi3HS zV=!&;kUweB+Trd7I8iuxrLyXaz)pcX9r(y=w*c?=()w)%*ak5CblZ%jRiuOg9`s!u zyypRkX&?gk4gq$GLk5DD$~qVc7>6bI2|Ig6dUhe_r$o!|K995#Idiul6~8152T}ZBy)|TwmM9mBRsk2k%W=jAmO;tPs_?xY9&^8#c3m-`(T@be6l;8 z-!5p?EeOmh2G<@yN-kbKl%B+fcDEGWrNU)v5@5t-5N;@A|%FwJ%!Zh>&S_ zvlC3uUm>M~Umbc^77ZROW6rq6p-0{m$F6!uBHhaZPAY^N{)gB`4Mjt2nJ+-`!JZEy za;n$S>#ec;=vgjXbeKQCmVIG^T7$mqyw)4pxIzO*vbfspaAzt(;b9cm&#s>1h{D%} z2-NZy{q1ofJ@MIAkneo{)3Y%@WS9BYW-gE41R47l6uJ~5(yM}71hsG3kSZepYu`RY z(YuY8)Ac?PH`Tsrb8pYEoN!P}9F&8K2>JT0H~TcozPy$uE|3IU4EX(k|Ji2-mhi0_}^%}9)1>7@?oe%`1&~mgSIV$*4znWdArNIgZ-J_ zsHlqTb0oB8B64y@eYB zboI`|CV0zt<{#>l2lo7L8I%H!@+FM=a+az-Z`T#P+8)rd9BsQKWf@-IjntWnC-9qz zF{FL1pY?Zrrw!3fp67_<{%T{j_{GsJ#-stBt&%B){7<)zHeY)ScejqYAfqMo3zxGbAdkCF6#r=$4+{Wa(aZ|?=MXOD(XOB}yl z5u45CVs_BU-q_r52t$Nm(zU%?u@gpPjeC76SCQ_|cR%(*^s@%bG*$zU@z=(-oUk@7 zMk91gZi*z=6Su!n#(Wa@l)K)L>WRS}>}KYT{SvZM{jEjuj= z=&!#cUS@5C;fIso%LFy7rSKbP%X~-tWI0v4@*rR9^6B)|?O?@qBvQqGiq;YAPIT>3 zNyW6+P4sm>xtz=f5hjI=;@Z&lscVpNOHbjqka*DTPkGWw^MK2ZKmQauEFTi*IG!li zhInbRr*kN6=fP0Qd?_|_O7Rq_zWS?RZ|qlOIZ+OrM)Oh6uHk-_ZKaip3HKYNy3_R? z)0@5zWsMtWI@wAo1znQ;vD}3>jms3$p@{mhgclOaDcCDcuXys5Uhg;W5v`z}Ti%B^ z9w}3m8xq>Rp?VsvultNuA=zqXxZpK~R-;jb|H_2IHmX>|?Fz4gur&0RS@NL7FumqL zu9R4oLE}TtU}b; z4aT^T_NvYkP{uJI2(q%+*M=y1s4d(r;U{p~e&H(C*Il^W9F^c^(ksb9vv?}Ma#>QG zC4P+JxPo-rcX9Imy6Wa=RwUti9o^mY?7f9DugJUSZ^POh(xKrsj5r{O#_CiW=5f#T zYcJEY7bykEb-6JCv9n3d@f5IT-_JSJ~^4LWoWE6Co)H4!uWm< z7!sDS!}vyogTsl5Fl&ZexAY`huBk5Yzk{z?PZaK(3W zpDe(v@BK%cL3*L(2P5QKL%&$K3altt#fN<|O~8$(Z&;o0&01|t@s#F1gN`iGAjwvF zj_;e4C`40+-tghUq_?O#1)`(#H^9MyuWJu7$9eaw4|*$|WFJg5!OVVd?nKVsN9(I) zS0VQR=En+UL}s&|Nv}sRLtnc5$-9_vox;27{&A(HS)Y++zu0C5hQilQiF(_r+r06~ zOeDm(5FsqESkNaHQ{RsBDL!9Ilb{fFbnxlx2e5_rp(y>SMTSPP^nrdjJR{j_zKOo& zmxB1$Uh6+1@*(c`3nliu`rg%NL&{+Juj=BYK9z!RS~_5%T=^(2ht3Pp;Q7W+OfFDn zwc?0W$*4ze*N$raG>2D+sSg2``N-KRkP$SR>A@}Dsxs+L#f&0 z>B@t2e~k@H_fAUuXHoINtq$ikib+!z=q?l&$D4%gT?w3~UoA4PavfK1JsaA~eNV?{ z#O3_Q+8y5Ke{VwLLB6x`kp7(b?z^Ym^pT4JxiI~<=7YH``{bUN2Aq^hN2po`;wj9X z*o!9y-bke;R=>1=Bj6(%rp#|{lAyJed~~*&pYkIcaPa70$FdF5W{%Lg*)MQ88e~oD z9nkkxd;qJ$H=oYYp!P}l6SmrVsQcp^hsT$w_WDNkANv8Y?sikgQoog7d3n#dor8>d zn0@{nqVS*YpmZnm`;0CY3^sqg4S~u`P8_n2`fGz!$Hk;d*FR6pa)}S;I@3lOxe@Hd zQ{>;2T_f5ZdYql+kXI37O#Gf$|NefxAJd|k`jxn=pTiK>+TK`2cXS}Yh{(Ynml#5A6s+yjG+EHMsW_|Xf~S*IiKVyrWIXpsss@r z8kRstry5AI^Xu1p{CY8mM=+af3|>RbG?o;L3Ozo%Ur6u%7g28=7u6Sa56^&fDlJ2( zbcevuBPfUK{=<^~W_%7($v>w2&kLTogFUHjB3L?D zb{kmc)h?AdzOJ-yf}KmttxSj&eN{Z*Tn?Sx9{49~lE})~JRA6AKp1lI^wP6peTro% z%C5s|xLJ{dhRH>>Jd2faHqBm~QXgIu<~6ZJZP?Et@$x(Jzn;CcjJ{J6x^I@D*W^$i z=fTx|%c;N>Q))<(xU*4{=1x;#(S_exq&tJqZ_Dhm(6bGlQd@DZiY)S&md(9fjtERM zKg+YnkG;Qw{lsCdBda!)%*SD%63;7WeM|VWsIn(ZWaD)KfFv0;`fh97Ah`9lD3E=o z4-H++5qq{y1LCpQLxTZ1uco|q%M1;2GJA#Q_2C~ZuCrPO>^$l)DomKIj$ES`G>p?F zeQCUp&}PmV7~#=63{2UvgGOeCWCCZ&$92`+k0^yiQZL$nAg9WW-(g}=I2LZ7>6j-#>3G77i?vua(sd10Ygw{kGZ)P3uMQle{Yi~%HmbUR^T%DV5F)=#oVQ&V`+u|$#ehXMdS7UIa`9!DJ1+P?^ zFZNZ5NJwIhn|yn*ZSSZM6{Yj^Ya?HYPZXgh>T~F@$z$Sp}$ewU$_ z!Jz~)l!9MaNI+EqGmC+mb$^JEbs3*HLK*JvIYj!pnwMD_wK$4a#s9(3#@2zsm zmeZio#Cxj)&FBzT{|ma-Q={K`soVBzWrD{bemrLID%g^Tl7_}A^8}R7;D?{azAE`= zDW@Q)gZB#h8sSflsp}j95z5^LlESr_hFXhv>F-~&eaj4#rMx-HLSBrBhZNupX-2A& zQXe!tir~p4{txF$vvt)aby`WvxyS9jxj}S0(v{}d=9nUwf)2@)e0N6o~0jT{@l z!#@Qmo|tm#T}c?HMA7|X3g`>?kS>)>v2USEs`j%@Hw8T?Ntb07B;0MO=XT%BujYK5 z0tAW&>joD$qeLR*HcQ^WK2dvC+!GD(^7#wHVyPt>(|1hjNC$@^1!PZjji)9Jq5sYF zK2+k=Nc-~FYdf}yAR53&pPY+r3Dwc|(}4Yl8~iVYGN|jNoGUh^z2-k}NxQ36D21rz ze;zkRUS}w4^t9v+r<{?j498ktw(MML?VEftAf~C?2)FmT+{-ge6O7JIpO}E3T4PH0 z&x5mHZYAUFV`plg9XagToxg1YA>KLRoAWWnV9;~+E>|v=8uTTQl}*kXeswc7tid>P zVT(&(GQ^nM)?k8HyCim(7Z1m(zdj-Ena}1NY{AIRz4Wavh<%k1d*K_rKiv0WcKB(6 zwbCi&^Bk%bP+oqsiezv=#wqm-y zj>+t~W#!{1n5T=$6iMf{t1%@}IbNIJ+s(5A^Mosw!{*q$hE7aSHp3=y)*dXedL7a# zHAVCLGsAw%W6$UM517)`_UnT^g8}G^`cT6eLsOIV9{6#;eoZ* z{9AAWd(z=y@Xf3i`J*KOm*MBPtfij#*H@AO>c&aeS&cGYp?v8-4etK>5Qd4PHEG*> zo8Z?Y>cQgi5SQ)*t=}|o4cff(pFJ0DJ)a$b=Av1GW&}e^hU{TGI~^upYUQT67!x8t zi%8H&*d_iBtXJIdq-W1Q6Hf@--srdQmx~<|93t-{iv?S0+MutA(o2-0v`cvJ^CHdE zPfEt;1;n=!z@{O`TxyWM#)G%N68~Hk!`9RBF?-VDr10fguKADbCytTO{&tJ)obegdAvk*tQxId&2Exz*!^kyXH_yx z@~RZ6@63aYirg4eW9HGBoK{`yjEJ549Nls;3$Gw6l;^sf98W0Y)9aMN(CqNBpB}8l zQ&>~Da|u}=HS8bt2`&$3b6UA1D0NE)+HFkTpk6w`E_vk@1c8 zZ#eKeb)36>dh##pZ*#?_VFs1g*=JBb6 zM?FneFm%U$-9>>aMdCN8rq6oX)+pjRM2s5{(S7`|R_yP2IMhNxcqqMr>w$ISgW`;W z`)*2};x3Vj2A87^%WZzo`VS?vd%ILWxw=j)&KdqNbdnDmzRV7 z^W3J1St#b`)b(=c{CmN7``cm2LdcWF46?3mLk|YRIJl_BHSS~@M`OMfeK*q?avE+k~_&web zyUaxtT7zTKD+m;@z|OUdilueIy8~lpcFKg`zyI)v{??|qZNqEm>sINT*M~vUpi8iY z<#WTvVSMPK@3S$fXf`RFCZ%Q$is^ueU_@Wllfs<8iQ~_owy_XIKU;q@W7$WtopT`i zYj9k7(2yfyc8;|{KFKVTD#rM7l4QkRJkDb7eLarl!d6M*UgOUa|I*X5xKQ42a}#*` z$G@LcZ0F4lj@P!xkJi;w5!A$MYrKxn2$bdm)zS~-i&FVInWoB!o#*M{9%O|sXvuD( zzp}2)jaNHTVFD5+LB;NVHMv!euU_A8?1Nb#eEnA{O11;RGdmCg^-vU>K@lBmuzID?4gQNva{T3zX zw>sAd>cNdlmlzNFzD~d(6!%JhkL&v#$Xy#XmjdVA~kBtGMk75wDPo)+Uh_xbC{WHIoTh$~A0};6$lBj=Np{W%H?FacB^qUoydT@2 z7BKlUR-T;6qjk^uoLsd@-D0V=TPG@Fy5bQ#?)1mDy-$nRJ^!LT>h9k}Ve~fMXN-m4 zt`=zqtYr*7SOu1iLQXGRO*q&(eH59?F`dp+yJUVE)xQN*yme^_U{h)g{%O0PI?nBI6e2z87&0aAwm2Hsvl)r&rRsuLv zo_lgO8?pVVP@*4yc>TKG@<*mPJ~5*gi=f8qAjArK>oXUOt|ws%-cZf+CE<2cy096w zL*oOju6QquCaBagx23kXM?i^N9|3EQ=B)z86kw7lc%?$S8Uy;=lj% ze_DVYIV>$Y-+t`K#A^G3?%Ro&4(CM7_{M2I$Cs(YET#da_JJhP-tVPe$!A+iikpc+ zm0MPexwTsoPsANgRpgSTb)S9Vd$UlXhuHn+T07&72Q$!_(wd8v_}tr|KM(iuUH{cq zh;VnW3O4^yF@NVkIScNM(K09juu$g)wGFMA(LBBQb!61tHeGrBL2<8uVwT%Y*~2qL zg*2n)mC}%*b+h_iQSyFz8D#mitKy5(v$XOR1gU}`VQuEaqP@`LR*H`e^*^K-z+}WmaX~1QvGHamI1?pG zy?6(=Yl-*wSMcZsi2t~69=_)fPbw!tiWWJG^v$dMiLr#&ze~m4P<5krkyE{YaNNYg z^?vN=e0x{_N{Pa-z4&TCR7Iv2tj4hmufFlSY`Gp_>hvdPajOy5UHPz~pGgV2~Q!^!iyTi8$WZ zuU{jz{MUc5<94Ei3&6e`w$byZ<;N=k@gIIMV2Q{7ABfMj;>;+QrJ0J~ zzWLw=v(C@}%x0!I4ctfAk+y)|9uL4(W(G;wovmHnWwz3{|DS6Za#SaJ)iQ-~vDXc~##gl`Hw0J2^>PsL?dPL*3un?y6|>)W&9!mA zth&AlX!dSCd#!u;a`@W}7AS_NGq z{bU>_gdT7NQ7}pUypVpKalFl{c<%Y3)MmkuK^*Dif7yGH>UZCZU&A#sLdQ07NzC^V zmUpDV$YOo0xqObXz-7ztBe08Ov;Q5)XHer5dr5HAe|kXYe@$8Z0z9Qi91bwKiP=;& z6r|bV6%;GbiQO#WP0uYrQT_RgjVPxYiiA`7@#Di({Pq~ z6u5yY2(RpS5282@JL#Jx{f<4mnLO}h5Iu4T-gdO->?29Q&OpE55&JiANEl=4@< z+D?#!ZeUC^9Lpf?n9oBgLQH8sTJc(1Pw4vfOb(q$cJe-&3&sn}^FO+Ek_L1patQUo z6j87AR7pSW$!a?qnW*3KH}n3KTgdqer#Du*)_rS4Am{8`no2WRfy9{J46#S9VeQBm z(zp+l_R|GVMC&h)rrzd_PQCZmQTN^9CJ^sfO|8ty&RB)*6Nhg-&|m~ z-W^_ZXa_ca=kqsG|vBqtxz^h*y`!Az}tZB$D`tvui=0OJ|4mBYoFqksg zujkv8t+op&-sZLa?~kb96^s{f8Z^(+e-0Q^_bI*keED%Ddr!$LIC(l$l?;|4a9YH(sAy<0#$pWbH=6LUIcWo1>MJRf8Uim&oje|AO*a*r4D-g{L%YoFqW zRaII5)%R6@Z6^C>Dt#-@u4P|>t7iS9MYo(RkgShnz1x~?GC(bWs**n7G0I0k!F*Uy znIhpF4_?URbI#|Skwzx&8; ze5i%7bjvMS%%0;(1TD>(M+ce2NfAqa{@TBBlLT->hQLlMF8R$s6Yx|?03MHhS{ky; zXjeV<;Pu4X*Ws0Chv+`zFrj!#d-Xr;CtS&*mr^ws~Y-aAx(j5q;#V`JMC zYJoaAo(oC<_5uClCPDnbnNJ)GJlVxdrOpQ>=AHttLsB)3RQM=jA2_m5O@rUiX8#Ot9Y463Tec=A~6qGM40r$x`z+9!sXT37^p2w?qU;iA*A}_~=rGIK|=6O8h zmGa~{E44|7u<5}4RxSCa&_!itpU3HbJCc>~=h3IdE-=DM(aWiudrZBm9MRwhJXvg6 z;D5gj;IrixVU7EJydqB1aJ!Mr;NU4xq17k-w=p*Jb)6RQ+=~HS4jA*uZD_*8xZ!dx zSX92(_0{FeS|=k=FcXbT?Ek`RlfJi{V3G{{nkM45qUOf74P1#VH%_-IhnGqkc0{h5*K<=MBUVb%+*g2!&qEVwx0Oh{F+hXm zfZ~AtUpgiXHrq|dv#|*#fqKkA7f7FlkDQhu7!~n9agp>tDU&%{%T~&^FKrTkvh7M6 z+ng@#rS7>i%{>=*UOdVuk$_8e$6lVCl_dIa%e67k{a8(Q$fnEH4livQeeYzsbz@aj z@4fdmAGn0VD(uEMvU#0?t}ag5MMPeL&NUBM{C9&5J$}9Z0n}rQ1r71QjIaM-SYFVe z*6GXnPQx(YfAl7)i=atOKMIPgHnSE!&c>}Jpq6cvTrW#S%gD}g+?5|&Q zK(7uF%O1)~#K9qKg?Zce-!GlzSPi*7xQ6Zp84Ruox>=fc$GBvLu>?-o?ik9f552`H z2EXOF!sUF|_jt!~MeZIopSbsdW}`P!R3g!!WN2?pL*8++&oEo)Z&GdKx4imjAR%#! z-sb!#8a5ifOLHb_)kiIABU2r8xHc+c)()&(CWj5n4pM4m5Tb7L!2OiAWO)!LVgk%) ze{t>Xo3oc?rjN!nXh*oYZ}da_hdVFeAdlUocX`ds4I>yH@g>2C7cGEW6mn@7?4jY+ zHr$J#oS47cN|R6rj48VvXTYF-9TH~6_ueDms&kot8%#Dm3EFuj`Z>2;dajR`Wm`0}9&s0-|C2r=&+PE?O z+lyc!gyQ^14OS*wq3uRe-(UzeoHX+?L`SA z`gNhdAPk80$uQvObeBxeu<>*yC0D(hVE0xLu!G?qDD92qOz~-7SnQ%Ri39hNM9F;C zzYuA^Mq$FMl^Z$wwu^3Cf!Avo7;e0TgulGR5rl_J#u{#O?ZR0!G8utNj~^$7 zssSO};GDnU6|kShkCd&>_)7u-w=*GBd#c#v-;yP9ULdcx&jf+hSdadxqn-$>z9Es=|!!?MST^g7tE z@r}A6|CRhSAnX&`$toscJqK^jHz436YUlYNiO+nrGh?3~#j679%%YLMY#CkRrakN5 zvOB@i5AbZw&2U0|-^e@3vXUg?qSxLRer(v-aWiyZUAU|L=z25}=jS{cSGjKg!qG^b zmH=|!!c5iBFjcPz(zF)(KH6)|=LZTpBplcSV|g z;dxC;sx|AqNH(UC>Y*`=3|;K(#-+D$f|P~y*S)jQ_&(?Nx5;`4_jd>kp+$S^+n)ZpmX$mbaV3|g+G(2`qA0no3&%x}T z0#{dQ%M}k$1&XlXj#UvwLAl4<=@;GAQ^dE!qmmE|i^B?`?GrdQ;+7pVZie#{Gv3(G zxLt_+!DjQUv0su$51sj7(#{tT*ly8(YZ`c-YD#>aJ6PhPc7jJjKiQE&ZJH*O)w$9v z4Y!`}QRo^nYo;Uo1VPJI&r!iDH4{Z`&`HiULdWY79)Gv*|7j0+$#^YuiFyfF{|$<& znsnzUI!0(qM>IW$du~_YX55y_y#Yj9s&EdDxbZr8Gm5b#Q#Fpu4E8e)ju~=MBV|J~ zj`Z?cv(hU6YA<)w#v{Q1gU*HK?V729%{Qj+bf!bJu!i65IZIMJ0vMhw@Z_gxl7Kum zE&8JeM@iC=ruVObLKiuVk*a#be*|d`P;@X=3O`OBwdM*#x_fSE$bGCi4llg^BBf;} zVCOrxNcqiop|57i8~^<_*q^Y7PFh*uI(RlC`5?qY!x07_AC+srHS$@A1{LpZOMGqJ zrl?IdOG&Bz==4Upd4RHJEFD-y!52Rsp(-0z>)Oj3_8|8^`gGeZI}?|w!lOlDoZ>C~ zFsiGz)I41{$E$Zjuql=^3dHw*ZL>LF%GgL%^&$^*w>c)*K|pZI&@oe}%N+$i-B&)z z66x5)0h$nf${mGg^02@&j3~sr-8He6`et#~v-I%4zBvt+PLm31KyL9_^TVb;2`-WL z`US7J7tf#)okyOVzXv-_?hqus(#6Xna@cD3;PCvxfJO>BCgKPPkh8J&%9e0r0HXmn z$fU2mlXrUp8i-t*t`-HhRrr<=;vGCJgc@;IlU3l$_zW#NSoZ9h{|?yZoDJn!DO}W? z8X!Kak;JXS+om0N1G?;*uFf{e-2Hwqti~Q;bzS)#Teq#s7k1pbd+I5r9&r(1*CzwP zfwgnj^cz30LK2gL2BV7I?p57bzIHd|vaC5vczhM~y)CT&vjy{@8q_Q)2hUr z4WA`FXZwf$!pJ_?ZAIpB!mVL?tRjMq{2MU8!dJE?c`m66pbFA3^}?G~`-mwb_N|YI zNz*#!7E$xZsO+>zMp#Ddeq`e=csvh(Qt_?- zId`yy@!-N+JxovieCwSZy1kDOT&Md^e7ik@`U|&ZmnHElPT0vZaY~MSH&*Q%(>Z1n z6$V7h^JSt<+Dp)^F>kYbIAp}7_U^Lek(}U)$X3TXFu>op@`uuEB0eP=p@QjOrW$NO z4ttJC{V6HbGJ>Z7`<6I#()5cGE_hsL(D$)wU2Z-A02HoScI zu>L?)&jFHuNc5k_?=MK)*^w`Jq!Dz@>SkKBBO6=(2a*=U@P+$h%!bNW!zbmo<_{A1 z>wY^(bl#)rm_%40{d+-lqEWRx%#Mxl@<-xt5 zv+~%_7rt<9rH5n*J7U*<9vgPa3F|&Dq~vaM$l8bYhs||AeHGcGb&Sb)^+cNBAz`eO zSVw4=LhQ$c<*7LfcAc6NoAd^1P7M%lYfUOW{q6GU?{Qb(S%!IzMp{nBW`whJsD;UY ziQ*pKB$!@1vLS(aNN3XiUD}Cq;XIXJ9l884sfJU`sqe}Gx$*S+6#j)wCLHuQPPasDNF{36yUcE|G2 z5&V)>QPYQ7xz~Y197m}+D@<7=b@hB4whzoCLY8Cl+p2Rc1G8yJ1Zl;0Ry<#BtM*RY zWOW|D-#j)p-(I!1#rpExXV9gm=pIS&AN7}qOoTk#s?(YRt^){+YF$HTZuJ$V`%c7^L; zh$S925gB|&1gp)U;kFU%?wtx)2-3TB7t$s+rupk~Y(&YeD$&)Gr&!rn{6v(bg;(zK zp3>dtb$lJkA*!X5^A)=Xw(FAeFV&kqiI-2`Z>@NK`_$r@EIYMuoASFa(( zJ`WJq_=dKrmhJZ%p^vU>_~7=dgCyjQQS(Q+bRaA9ANAQd7mSk%{ddD}G=!muF@6w| z$qz3W=8udsC>`WWD-7#RB0-8+y{;;nx&0s^dts@(LN8LwFCgnAML;RMvFhQ=*%{aa zJXf2~-;b?73H<6{a~@Lb{^Y15riQ*^IkjT(tqB-r!oEINzL_bUcamGSPBB`=T(186oKSeM!xli7A%58aE{}t4fHPxAGMuQCs3aPdD=NR3QI z*}z1{yc$MK6$(gaUCNQg?G6hHkV&D#)c`Rp{1Zh1Yd!*Xe#E6i=$ ze8cLV_Q_!S9_650iJc#C*7ZE)BZoI{o(=3TOufKilh+Y6yek*O{z$j0?Ar?wAFH_f zyir^;d=!afm)fF!w4Y$#p^s|{q1&~efqBk(NAA5@`JyL&(dkxc?@Yw$^ z0ctV#eg5N-(L6jR=qKB(I6w(Z(vCna^X!Il{$ZQjD0mNwS+wShb8<|63dHZ9U)>+8 zUS@aI@fSJo3~wk4H@S}da!z3UxjyYd&fdF^7~EqMYVPBi)Gh?8)o;wG$nM}t%-bf+ z!czLGK;KFH?H|o={AC4O=-5@8!{h&QT1$+4^gEk9*lT^GDCzlpPyoRp+@U$EWga@d2S^5 zEFxUb(!G)p7ZbO=Sedd*vl;HU;m4eC^2P%lo4g!+@Xr)wu^{$m0>i?eRf>}DPNDZ6 z_g)>*5or!vQsD@5%?$ehibvuYlDy^LF{3Ta&DmF@C{oC7<2KZOo@Gk^G+poNyXEl) zd(!y_UZ3CpBxzDyLI0H+44rM!>0o+p7F4t)&1`@59Ez5oz5U=hM;ETcp9P((uXs{^ zzsX|*|1Bsod2U5~c_wHqGG02z@Ia97<7ah^5S5w_-pbzBd%8YB_L2UwQYkQbDx3dJ zowi&>iN=um3!Y2q*F+5q_+&JJJV(u2+`6gb?mnFcbIbYnwu=`FF1QT_g@uI(T+jA$8^&k)%e5-HC#or~~9p!3h?Bf;{8ZI51`ng)B7pr^SM;+Xo}KdO#1&CMnt z$rp}q6Yz)v(<6sGO4)C()3dhWPU%BA6|>L1-cy-LQ+H# z)?3a>Q1c`-jf=8%c=})fJG3dfW#(1ojjgMJ|uwBEP>cU@HJ z@WTg}*zftuQ+Za1T5VU4t44I&Q+`+_QIxJ8DpuFrpr|3DU!@LL?_O#L2TBS{4xc@= zFZy}cLxuLZkEgn?D@>`3d;79@w8HwSI4*W5e>!#kq@k&tL*45j(Se+D=ATWYC>hN8 zQdaH@;}CN6B5A2xfNt=8eQk53=ky{e=5Y0=4>APwnqXIgyc$nj?8Me}P|d&m?;lf?~uo<(9d*9m+d^V4^QeOb5o`hr^rs(G)|G~4Q=Go{!r~Bpygy!jdh6I8Lc}r7D`~5@8{1^s6LXJ)oi^FKah+l;-XZf4@{`70WKpk)R!7YhgymGM7F{uA5+@s!V$B z*g3ZF!?TcqBPA%}OO5FLL5>DRx5^Y!s=C}$*O$t5k1^p7Ghp2Rcr8Dz1DnKEA~eZT zpJnRIhL_DJI>yixq42hdY_;5QK_yGK&gIGHjx#Gy`ch0Dr<|B5@Nj{RPMkjP2d`YQN-*A}uOuMj$<1EvIzZ5+jUBsO>zsh{jz2}h+&S<|yjR7Uu^?fq^Z0F1|+a=Xg z{^`r}97Ko(IeDvOHD~$Wo74`86Dx|RI3E$XF8y{M2wuug;r^vHygR8RB`6UG2n437 z^7zp!(>`8b6m$(MwUFSmEQ4HljQbNM#`<{H*fjCbE>%Ej1~h-_X=7euT+zIRx&_HD zt_t?AGn@my8*c54VO$P#%|`J8MsLU!Gu0u{Hb`3{0zb&(!;cru@Wraoj)yXB<+9bJ zb@;84MZtdgDS=4VcW%%`lq@P04-#evX_;0`=Fd!QhI$}qP}@6h>fyN4J@t`FC_#d< zOqvMl$+o7dk6k#)qY~=N55`5t%Mu|Upf3>lvv#aDbTYY!~i<~aaC?^P%tLA1K5y9MnOclZ#y0WqAMAB1O1klb?TaDGTo zS4Pjq0?(4kl>rh|kCUM~UM-TnwIbArI%3q*Yx17tt^zn&6);e}J@DLXmp! zl-4Fp>sq1#=`7g)S9y`*I`h?cer5;9#Lh&T7aT(g=06g}2Y1c1L4(PO&4~ogG<)1VT(4v*a z@uoYLM?S*yMOQwnlq=nnOC$^Y{j0l)y_q4*Yq^HrPHwqEkN!f0J#Z1*%Goj4#+f&S zNixLTXxIZ6Bctt@&1lJG7U$a%)Ea{P*&7~P-uCf)bJ2FM2HvneG+bk%QS`TDP8?v^ z<9BS;8pMy`o^;y55%^n4e@~x%86Yx6;3IAcK?UnDskbnDgF^%?x`2RmKiM@~+}Jw? z%91GD2K#XV+=0foD-=R%K8sNjkq7;Ds8$AbcFwgIC@J#NRO)RRwuGAr>kcj?eYF_(Qm`z%A&DB6jaS0IjpH;L@lH#Z4^Fp#=;}gf`eAXXyc3=W z;bm32{NalVg_&s(I0+Ro zS{4;$pk{Qzcw)2n?j2d@_ik9WJUN%$xNat-6F%9>C4{zDGeMReZ~bw5qKoHzZv=gg z)M6mPj@6F@PW!A-p`}TPyD_Jk4CD{@a$4N#LO3s30uEoqrc)dzhq4^}xgmN!-?gEA zmzqmJszrgPyTVU&Kp}*GC^;xJa#KVVtvOjG$cFVk+x+{q<+c`^IES`~%@7-|U)85o zDKW2^? zC^G`8JnDaq>AtJkVbqC-2ZLG??}jb*d}^R>CilMm6_PrCfrF%m>7-g-@Zj!H^*u)y>tiv6)FyY;2iIHyegbs%Glf&Ngx()5Z z<9riCG0^7g^QP~w;(6#V| z!$%|ULnVndpUVjC^}(HnTu4WxFb$xnU=IEPp4}=uVr~+&I5O{!gRDykVSqTp3+sHQ z6=6cx_$B#a=g3&(n_w-|BG8HvUk<6+6l~GTIL<)X>4W$Fq!!Qrj1aP*iK~oYzjwRp zT@0S#i&m1$52wrjnWP%iQttp7ntcF|vJyFXk>VN6Alkj=#AKH0iC}o1mSzDt$_ir^ zF{7rQ4BDCyUi7SFHT(3)j~l{khF9X!2=dUllkjDbrmNB0rIe4%-fr9*igk0SeC_?# zqMM?YHX%b2e*m|k1aO_cKR`w*LPF!L;hhDoTHWSA8c2^MYSL^xdy~3ttwugl#smSClv zPxLl^X?A;)Na%a6D;QfX;wmTx#f!psSct<3sF^4uUeJI(G#)$%Puu*U*Zknr^+ZB@xc(^uF^3F+o7iKYs^7QaVC}J1^Bdl*?!O zWrVODcY?1=6!Ishod=~{f;sJ+xrK&4Mvce0O5V> zY`H&SxNh!ehXKxbqQ#ljD&FzpS_QNev|dz_*s0DWgyGisM+xK4>dCO-VIbn=zdEhP zm}z-Bo2GWD3X7Qpz0Rm65q%F2_j2U3n2w}Y2$G>&k-wB#0xa7-Q5NoMZ&K~3+{nih zpAfl4dOOfcLn_+K$K{FtwL@O80;vFhuyN=jBO5~gcI|JFT7uq7tIey(g7vc=ke=C0RrFpu+1KQ=o(HJ_4F$g<9}bV3b^q<$zW9d zb}dSgyp)90I6ie>QH&^@HOebgb{M0*A}7Rzl{xR{N*a6TJGjmyxyxu?&OR)gV4l2+ z7jXP5|D?09ZFotI1XaQY`(6s*18-$XW>?VanZrbnFK<&n(s(EQqWOgVn;|b z`>c5&Xyn7wspczBC&nR;QY`W!RpWuh81?YC07MFZ$Sukr2wmuKCJQ_s5hW4&JiwvE zElSL@nQo+AlASq0JUe!#h*0fL%Vx5~pRrX-1q9u+o3sGnj~Mw#ZRN{04cDZlKGVEi zm9G6GiF<3uz7h_z)6g0e);42pXDw1QA_yQEg+(LS`4<3{MSMccPJR(zsY>Egzp9XApyj7 z!TKENJabuC`uj%nHw((kw$jwI0>8AEhu!{N7LLt01A(;Y`(Sd6LxH(P?7>Pg_Jxi? z0WsSv)bo!Hla{#5DRgNE$SK~W0|$RgEzTs#J5w@upPljiAHjutBU{{8p)By?0Ro90 zd?^qeqq9Se#wvYYCQ@zpbg8D6yOk5j!-JG)-`!|Cmay!q3T3n@M?*CkuRJ<+VhaW( zrIlC@qZ@}V%0q=&*_rDDaE0R;HQ8}*g%#H^4{xh$kn=q9b0zlz(#|&aBlw#X*QjRE z5RNi3vFjY&03N#iKKBDn31_oPxD(`NmD(RaBJK;B%^$RW3R`OA2@E z5Bb1Gn;(dkk-nKr6)}U*+Glvz9-u;A{(TNaI_Rnq6eYtOmQUBe|Iqesxb!SntJCI@@U8Rc2TI*u~_F@g>;Gd9)JGhEUk|DW#<;Ee z;)DsXF(xSrXA)ilo-Z%|EsujH7x~t^zrO*2;?~2W``(<@j`i(GEc#xlTd=ty4|&yp z7v51Qlm$#wT_fA*SHWx1yu#b+P?%dQZtEj;WA*gKD#_+nZ}u*^Kmm=%IH~ z@c?*2bnwA{w$bj>x)sanp8?H`2!UVbZOV>HxMOswncwkiQtn zqF|Etd>Cc{;e-jaU#1!p=+579br9P<0P?6Loz#rB$K)D0ugj!;# ztW3AD;+2j1^`gt2{imYCKIjJXG^>)zEP8}+N%>|lXQbfvQcMg2h=_tk?yOItV}dO} zBb>R9)E_i-;N*=j$~8&hkgg*SKUUz=p-h@N??N;!!AiCZMW0$xyh8di0dKu80!EWC zyunr2TPOm^@`hoypLBKc@+#&l7Rq-1RAL&32;z|w5EE3QRB&>MQNvwI+zE(Ux^fBx zW*p@vlH$nXxIjsOrN=H$Y=VkQhOiRQ;JPC4(swa(0fJM6kaS#;njBnr`zRaMg=0E^ z15u9AIpQNHB!RN>Y8Tm_wV${)3Jc-!;rPHa8rxS-Y*7h7jzj`sHxUkK3&wox{`NQz z%z%nu)$+vpH`Rn>=R362DBrz>u0d}1y284m)D0y+q?R4-qIyfPN2+#r*b^d7`hBs7 ztAXkp9d>x{*GVodLA(9-EprG7mTJ`*+ZvqP zixTzm_*mFAh`Yvxf^rtkH~TQUIfy}YC7Z}ypzjHlGx>}gCpx8r&bMoGnGj+aj>;F| zBY1L)6x(=e+_3OAB3A_CHh$F>kt5^|3B;5NRpE#!zh#S(_8M->&oyeTmc>tmzl2$$ z`o&ffJt1w7`@{G5+;mjDMMsO z2%P5=B~{P$>adXEBv7cmGi^u9_p`0N2=p3r3W5tIFeoeBpHBO1vkD&)zQ;8bN=Z7) zQx~Bk0JNT?!QazBSb)8V{2k8*N}wk?B1gcfajgxEB(8;*Joq%#pd6{uqMlAhtgXVB ze+#Y)9QrYx)zvPM5s_5NPyq?YNlWx9ziyf7+d(5*);sSkjH?Y+=@UzIO4Ea%q$B?} z9p7CYtsh|qpyzPWLk_Dtg}P@NF+NKxhq`a5W}J&0mKyLl{d&#Sv61Pi@M5BS*L{4TO9s2+I=f1Brd zyR;uCQs@?~G2f5RxR?P(_pgHfE%TH6p7TI_C}z5b-I9jOBZ_hZiLx?C#>4_b0QR;m@< z!hr$B`$S!32;*))%q!6a7f5k3#hc@Gw&7*etRLz1`@H4?Y)~9tJJTPfFrep0D>3%z zKv}@DQ<~QFmIVgQpiCuk+k5_>gc(6+?!x0ciUYhpn`<~Lt?EE#t2VIJ9B@9c>5%%| za0FmJMtDx~@2nb^flXJh;d@GSHYs%`jDmx2-|DP(V!lU6)>!P^6;*xuF3&Ry52E}O z8alpLmmi5+deQVNv>ZY^v)*;TQ*33zClCjtA^R`x;~y)5#U&|Bzlem(54{mh`Mv1@ zfsFCjD(O8LPp3dm+24rhBXdJA5$DA%CevXySpxnF8h*< zbr7C~7s1?{FsgzwAaP#&59hx+-x9Dt5I%&OIwUS`I*@jbTE1h9h+q)4PPBn^K_2cr zpv1L>%7?tz-N@LbH2+K#%Ni1_YrA09OJ8o*flsvo!D4-V-vSc`ko4jy0qyvdp9c}~ zvx-Ydx(wipX>8vw!j<*89QMZ{)vLm;aVpa(5VSq3tB2qzk#vjJb)_{sOxkKM>lQAI!Q*7QM?zKtT}k?D+uvxG4&CcCp&C-4CF)L++w(`vNMVQcgtm@_EuPup z2YAfJ0I|)He8j(x`C8yre-{Xl-S>|)gkFFwnc;$TUd+?*XsXFLxjq9!YetA*4xP|$ zh0uM0Yr-V3V^U77!sX?BI3EtWo`0jPB{qZ*(xUm*Vy0*uQ5MEuq*vAOL!gwfr!d9I zHaG4N4M;eGJ7w3UE+1E!s+NL|$~(`=7^CGb^nU)CD*Mms=uPoCV!(%f~2zoBc z+h1qXsnH=LWV@MDS$CcE+4~FPb>p?R*=53(ocLYoT$5!~ho^ZLSrXm44am=ASVonm z6_SP$00~TY*5QNJ zb>P5$vp4M2CgiVJFWSyLPI3?ozrp)!2_pMtKzD$gOCWG-oRB-1mUQYR) zBhL~WlLTi?gX(sSNSKkXp|d4T=FEag@3;gZ`>G;$II*q**Bw5?o*}bU1@Z##`KGH#d(9{loOgD+V%~ z)ns8*nC#v99V4-vAj&z990sHKSYumnId}Q9q7FDGpbm(9X1&RhYd}HQv@F80{t=CQ ze}SbU6$kPW?alq)k>1wE1T;iGt>;9ird&K5X7np1K4l{zoOW~=|G=|%>8MT0Cp*$K z*bUS#sI2ONfBlH-EcU(JTG^$Vukr`J=?#b1SJ?Dmd zYv`QAkt97xE0RV1I2dnerj3btye_dIG_k^;XmY`OU*2goEti`=%tnkMG=FziZ(7uY zC@%&a%j^*qn&+>I0*)0fVOPBCvVi+4woNZ;w!#pP{)J+~#xdMPX2to0n{!O6+{>1= zc&(H57m%U!mili@v2%T^baMa!1gpHuN^g&1VOsd`2BIXU@;t!i_=pyC`9LmPoHKe1%+Ld;ET+mt5pQ;5`|ikJDevm2v| zCHNED$YKV8c)DGvzoMp*tFtBJrz-=b?~@#hHL}EXJlX+?zMj9TpxMNX=49zpdkL>g z9P##mmnu{f@w9Mg6lG$;8iMpxG&2Izc-oo&gTU~4-0hwX7$2k3tuXC(LyewdPNVxk zrQ9zP98n;|>2aBNrczSRC_iV1L-%7pq;ElGboy%G&R-l(75c}Xxpe?q@y5!>W_r|Mq+jUadHSIGB%*AMhr5(wqx&lS-=5`QEomQ#N= z)I+S20S>;Hn;l==sSFW_=V}E~nSzkCAnN80%r%t2MViWT^CGT$<24`#77>UfR4svW zU5eRYnMRep>u5fm$_tIdsz`xZ`O*8GBAD_a2uzHF(B502C!5T2P#9x10cnl;8?ZVk zw55TVgn&al+8v}R^!R`VUx!;f>zJ%H*w4uD2)kJs`y%^M(C8pg!h|F*BmrZLYM*>k zxPw6ewwdDm`wdD66Y{Qzct;>(VYXmjrr9V988DWgg@uuW-OS05GhnXoKxD+);6Nn8 zwctGtzQ|J!aP{^#CgL$HM%uDHZqVu9rQiqq+82%o8#=I4oXuc_B3tetkDQh`io^O> zuCbC}2Fo|?8IqcmE!~4Ye2F&(|M~~gNXu+rc0R#{#BLDyZ literal 0 HcmV?d00001 diff --git a/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/baseapp_state.png b/copy-of-sdk-versioned_docs/version-0.53/learn/advanced/baseapp_state.png new file mode 100644 index 0000000000000000000000000000000000000000..5cf54fdb4afa95f4d57ffd6479b2aede91d5b10d GIT binary patch literal 338941 zcmYhjNzU_3vmN*s3>bwA*ki-+us*;w@DKLQkd4^)Jvq4`DRyGtH#_h`JgueFKD-Mj z-|reQ9!ZZxkx4Q$GUCLEllt$LA^wMd`Op9IkAM8*KgbgA{No@0?l18CAOH8i2V2(v zM-sum|7&$b_8|Nme9=Rf}4fBa9|C))a}Y`Wqff1%vp@BTuddR(`^Q2s9jNvG+b z-zKe=v|s-@6dTwCzVF9xQ#Qr-?|l#mLH`>B|2Gu!VC*lHfeG+}6aOSBDEWK;v?_*w zYY_h@1RD6SdYU)GHm>zwC<{Kz!&Y?QKiCXjO&7dG;0Z(j3giDu{=eWYGfiC)7Ma?B zYY=dh{3l9)&Hq)EJYD+>;lTT@X$$aAEb?}I58>)%?7gDQ9N#+}moE*|KpAIHP%g z&W3(S>5o-buZmgNY2z0NpFZM%p03!2Hmv!EmjY4aO>!0resKv7yoDCkXgnGW(;a&lV1 zH#f>4L_r@k_`(ox^(Zmioh{!2y(VZ$X}&v=uHI_YSK4IoK>$ziKoa%v;$flhThPJ5 zOerq33C37J&kP-�DEBy3G%(EP#m!cyW~)nTBt}?{jxWD`;@=?yy582=}#wS|={w z4d4kL5!vz9_M<5id?3m9N{;r&lzahBC_E`I&`ur}I9WkTlOMB)Dy%p{>|DdhWH=e7f4)%SznAgn+t9)IQX|TQIkDhtZ@GC0Hu6S(Tp6Xj-y@$K%xB?| zlOYEGxk!9yQpV)NgR_zKwv#e{m>@j}Kl0GU8Wb*-gHvS8~6?|Y@i`}gpRxD=Y$rB6!YoI^yh0PD(wdFm9W?_@KJ{l@tACF;oCxXPphj5fRR>-KQlXlu{KgOO$vOowGk zVm^+aV8p%-z-ey_dzu;O~@$HN9 z7!i%)rP9JEXR#6iee_c$4b7NWh_2ABlMbR_G>jKl<{=7YIomC>d~M#jiq-RNFfa@~ zKqs^K#|M`@?BVyl-KRW5IBvts+x*0A%*_F(drv8Q$OlW9Ah<3_yWCYL+~%N(9PzSj zAI_@X-G_*f(;+2hoj+ng^_TeCb0XUEJ3vf_q~HVxuG{+=uJS$37ZJgzE7soj(K!`^ zG&R7fbvhm_m-V+wJY?_<{?#*4d2(l1_CjS`?^+UJT>kLfzS9#$7 z-PHpwTMLDXrFg`0P;QsMz9X{pj-hs)TP2^->?Z`wa&{xWU7v}8XyMO#={;t&3QET& zYL+wZW;doTbkE1S_e>|bd%4y{0do@yO-d8&7x7PG^5C<;^W+6Z$x*pajVXMEncwN< z9hzSzEp7yA@}`Iu%KWlSNXhWr>Dtfd__i)*8kMJK{0h4dRfBq$4jG0KgHY2F$0P(} zOKwkwB;RTN#GZO_E4!aUOctNlKL#1+JBSnqQ_g~LAh6D(5XHhe6Nw>IxY-k*CU;Ga zkT$n0@cx2YR;pxydCO94b&BDcTnN(a_tvPO^G4Zac51FqDhkmD;Y>>lKO#X!7;c8EnL88SUtHQT-iY<8HGz{1u=f=kv$`9siq!Q{N$^8;{N`fllOV(6Fj~o^MR`PcPwu zFZVsdV}*8<>FGK(sm}$j*UMzB<4=|DCurICy6euK=w}E(BSG#*t}p-|qvWyi969eE zp$k26$VuwS+_Jq!tanFh{o)@jPdhC5glzDwx|mpt!TWjsYc!5j5F2iOe#oS1+Sabj z?v#VWN!4sXT~zs$%WFTVhWH;uHfN(_x7$TDVZ}f9V9T7Q=ymTb>n5Xf;(l1-{^&&r z(m2|b7<2HI^`FvUKs(WScEkt6Zg%is8#rWWckUNW3PT}m;b0b5ChdNaj}#UTbDbng zO9aqyIZI?5oC(LJ79=g7wrhx+ZI?~sa-yIE5$SBAp_XPzAj|7H}WYg zkNM^|wh{P5NO{XDo2_v2u6*kW*;^D76nFc#B^nq9-dfy!Fie%GWG;)8r03IG2Uxff z6_x%d4BCV6yk1)oidg%_MfU0P8Oy40?hFew1HP!gzlSSi)A_a^utkSH-QF8MW|j*d zjZ;4uTr?ih&<)f&lCPHIs7bO;XD#mMYnt#tsUK){Doq%mG+^rc66KCKDiRpw}Wb{u0gm#Jtt=}64E zp5@I!DT?14b0~oJ*^I8K+dTxwt`NCfW=mDnZqp~E>baY5m}bQ* zkZdnXav94OyHBB2wTJ0MDLzfa_jctx|*?Z^Vw|j8Guo_#@Ni!#kc&wM|bsem=9v{ z#_}1Z9jyfdg)7cYJ|6S=?a%jFJzH=D5OD@hI#9mCxXCLHo>J2f5`Qh@ahnDbUES^k zQld(}XNtK+HKqZMnbqLvb(;fX%+c!o)Lb|9gUvZ5%fQXB=r;7MBY5FTZXk*C*q+6R zcD6_8c6qfsb@5w(fbwcmZEUBe#%cDC;*Yt73 zH2ZimC)NEyhJr1-_}#ZD)&0OPVmmT62_OQx4XDr;zU=u_q3^O%a-ZR`-+_2_o}C|D zxCp85C!6%}n{NSTEY{(>qOOJMyma#huoSjXDOGL>Z&vOCwj$S5dXG}JYt5coo>z6; z^rd$j>*;S*fzoA*x+j(Zikwcr4``ie)6V~3s_UM^Xt8EJcNrMSIJ%H1wW7l|H_`}6Ha5PX1uI$V#b-}N3b78x9H?rcL)0vXDBg@ zB^aFlbleHJh>KzPNpXetV97*b9fE*)vr{odbjF1c!^ar?j*@9yKZ{rloSv;TBLo#Q zP16z@n18xH;#_f$W51Wru5}4c&s<`LK4v)WMS??;IHHnsmcEaZXwlQ_t(34Nyl&8C zN=Y{_R#j+KM<9p+$qpMqN6K1M*#<}Tb<(; zJ5;bUeC`$U7@okzo7L;xx(VEG_H2-dDfBXgd1H!O?$m)`Z`L{Rh7d1at@d^yXoqMr zsceX9d6NBDy#rMOzx;Ym8_YcC?OxF~00IEL3|?e9;J(+2v5VSBrHD5Q;_&yrow(X? z7ztL@3eCm;JuDMr4bq6jSVi({Fq zQbE@IdNXsl0kTWGJ`qIfG(@hc{IOrSieVbadf6zyb}7e`M?*+LOyB#rM0ouVo{2MR?vA65Q!5Pbf=b5xY5<6)< zp3L<`;JRnK$v5~Rr1+*mI9MvKFITnw2Zb!*rzXr{_xzNk zRDihH+Wba-B}O)A@CW1W_WeZ_G6+uEAOt*R#Z9Dq`A!}QHtoG*l2jDb26b1XoShHxzR1lIVkD zW;_eUa}H&A!N^7ARHGf-M*HIDI8dzEwCXs|uUc76VD@YgF!p?X-dWj%gmgUX3f^|S z!?&9MR9=>TlL4liC`4XIGnk$Dr3T+o{Aci|Vh7utcT5z{%Y14F^Vio0UKi=@ov$z7 z<9RN?GOWmD-Szndc`NQZHr}D)C}2`5u=FQZ{oM4T1ml_=M!1fKoyGd6d4S}TI2feZ z!kz?v*ieq0Qov90%X`bemf{{s*QtY%Dwab$m!Ek<9Am{iH4;F$$JQb5*VFTC>KR1B zpdE9P+g5Y{lA(8f2!X?FE~2y&a1TPsRU^C;xrh}S`OY@fVL=ir4O;t7SI@V~`Ow8M zu$|AFpDk-LOP-27;B}phVtHOnp~I+=q0a@OjO~cP?dsA$CsSl;ilEx&@8J z8r4V#sTl}V9FsYg5cx2<$0X3leBoR8^dK)AF2nWe4goMt{Z&vbAMBXY6m-v*-PV-D zzr#h!RA0B;6fIUf!$^5J&56#N44al*pe*h?t3Fi_k$NGoz+&Ccfar{dEyA94JK((= zdD{fR7!lj0AumrT0*Ltnx>}%SnU6Y@;eLMCiQ}Yjp+X<`F&z7joe^_L`&52MRm|x1;1&cO%z9Z%Q9v zqu~IOL=5K82>&2%`0J}N@Iyia@p%1G(g+xq@AIJ(clo{auNQ4-P!KWl11bDROp=LX zjn?#8L?zAF5~ZS8Q5wcn0m`Z)rt@)8=1~LeYw7O$z4%@Y z?Mkb~-XJZ}to7$uErVUIP)Y}_AN$@8k{uo;bqq4_PUV1U|MOcoDGb%D%~V z=?TL#g&EsWEl!_FfVD99_bpk#7362)*5{8}**EI`)EJdnqOSQ^O^kXeS|{8vR3u~U zEAFKW*wT3yD8Os_=>U`kwdQr@xbOr%0TU-l;)(bmGDwz% zZ!0YX%MU(@l0|eh1L?G~&}Br_TgD`@%5MSbdw?&W_WYQJ?ZA|s9EbJgoWB0DeB&fv zUyw%-hXiOJg65mSo3}RQ=j$!t7CsRJn|dfwopF&y zqCc176IrVZd^(g!%Hh8*7#4&Uz4TVm9uIV9=CRTrcIvwsH^6#AxhSM;9~l%4@gTKP zT~5T78Ca(uHK(H&lf#|F?4Is;S5|U4C~%8FdtjR&iK2pNw97} zFbFlP{=SV|Y&3-q2%m`c5+=#WS(3OSw?j9$qe_|@eq)^LzM7wOFaX0x@)l7p>y^S_NCm*B!5fq%}a_Ypfuv(D73FGcU` z_BJ6iJYO(zEteVoqt&VOu_jDN=A=J+xaPZfu%J$(%_G%|p9E`CRZi=Gbzgb{CA7yh zp@4z=%xzr9kQQoFHRi2Ug$$GlmG8f37yA$vzsq6W%jJAV*=?P5cfZddcpRQ`2@PxYGk=8UB}_rDH^Eu#3Mwu^y9;QpO3K zXwfaHfKBQLW~?Nl5i|6g)peS(97$mG9hJF!S?hdsoVeUh#qPiov z)Fth8pk36NHt|_gS+;{~9f~{zES7+!3=hZeEs7^%?&%9bHKuGc_;seU<2PYx3sEOE zmplVrj{pp(FweIU+gm`>{0NC(0}?4D7u8_2A%M|@wmIsq2UtoT?Z>8RV1@-qy}A~2 z0Xd+3dR5+46J~xWC_OQN{9g8|wOjyARR)RG6Ql#66^t718}_tCguR*$V!*vv*Nguf z5Sh|?`KW&Ee4mXWa`K@>#?g1`_MfIE!IiU;F#}wLwf?DCAjwryU|E6*om|5fs8pf) zuX&tPT7M+XLJU&1k~xj7`0>x)g27CR&n7!xvO{oE&ZNPr^af z>!`^$DfW!_RmHeq2_OXI21-K!uo`(s09Ph=#Gi{S?akhCR-~;JH=6fQr~j$UsM&Fg zt({EDP430WebmCtLYW`1F$*Ud`XGH;E|^hB6{f0pSJ}nuHHoB<}GC% z8M1pCMqGuq-zw&cb?3NzHkU zqdy4lIj$#PS2N~O_mO`Uw*6*CuRC^MS|Kc^40yCoi(6#&Sx>ks7C(xI`C1OB35b{5 zi(y*Coe!hKG45eb-v>pyuaniC$A;8L3Q%6Xsf~+5i+UWGi?>6RQfNx>IUSqEHL3C^ z71r;v7=^CyY0l8_jdMTJgQnkS{5pfocgU}PEsr;TVH#ijNA#|*VT!O8(X)VR(0q}D z7Bb4?ylE)(BLWqbaTid^@bT#>X-Ya~yimSJm06vLUuX@qBCi+oR@RB2Rg_YS%Mjsz z*f}d-*pR9hq5gCRbx1j+eqY#(qV(jgi{4qiVcFw#Yevu1U(s*NZ}F(8Q38e*kPdZW zT&qnpp|F7wNcrXiTxl9i2vhxrr!@)&<}s_%n$Yp%5_kx@T!#=TH+Lu*_p`RjKu?>l zjjFSJ-XzT9x93;Xr2fQ$$J=y@Wl6kmWTpi^j+S56VOAPMQ^|K-C3>x&M@J``Bi?Lq zEPahx+ESl5#A@oM2m>UuRt^dhY2W0C!|A7gu3W*!^}K&B;+7A-2fW*mGP&vt{0ZC{ z^wMnzt0Jr2o{uu{;ufirSO6p*9#kYeVGCi*13&PyM%^p6e8M|xs67j-jKu?O>fXRYL3D)k|_#7lta5iUk|SATrv5h9c6Vs81rIjzj2yj zRwE%ewl5e#ddI!e246(dh82jbjvRuCQeU%+XG3I|Qv`tSz%If^&6qg_xY@4fthHNb>Qf06^{VtvEDaNSy% z@^pgdjJ6hSWV>5QOkg~Yb&m!uQ@VgOX-rL#ccV9c(XWPth&9mtWb_gCdI1 zuUxCdQkE5he+=zP1v5<&XXt6|a0wsu6s!Rl{0;0;khQcFL6|?vGAlKtcS}i#w@;<3 zGnJwsNG?j~mhkrC-QwFrG#f&Z$8wA0K0%9#{@S_hb{fI;2KigUpxr{ZMSRBM9>!ofsuFD&|rSO zsHUa%IXMRvIl@A6L3}BWUP=fS^!M_jUVyVi~XkN?u?CdTLd$ z3x?q$duy(5IvguG-wxB4Qw(wPD54J?R31#}jq`Qr*~dWGjKx_Ov!Trv=i$morF@ay z#4_mb4NSs_1(YjN%Gn9~I)P$u)hx(&H+6Q#(le)@G0#E3XLDDQ7q!-#Ms~IDkh78n z2n7lsi=H7Dw7#X6(cv@Y0YytHG;V4R{H^W_^D3hqF*u?`xL!!6;wxiGBWwIx{z{#w zv#XyDF<1sKfQQAp^|OB&ofqJYYLa{(l2Ue_J}H?sv9q(oZ=-{$18VQ@Y`BpiaV-s` z7i@V}T=CiwZAk6e_QmJmcWrr@gF&|9cb8nz*%llrSite|h_PtictDvxyns1lQ>oRG_I6Lq z!mpPzYOCNDQV+fc@?7yZuV;A;M}gH`!6!R180aQI4$9{FU82Kq<=&U^;Nf$`ufsg* zT;2Sm`_x)c*B^(<>LP~)Z)($H7GOeWx9uq7sk35bieDoExdl7+T%haB!qtG+? zbgreJ4mVxd_oQ@mIqWmiA*i%UP;?+koxiOMIgo$t4@^qt+lF zpl`@22D)TDS7qp|ZFJKVq*H{Fj<{yh!TcY`LQSKH^e-M*3%Hymcqab^2b=g~I3NV- z-(g#znh;T9X@~>S4QHD~)+Az^&-C%hQGLRj<1N~=Tw!NA`C9;iER>0oabMaL_NC6R zqYT>-1!{`;$xuqCt&jgT3>-N66IOTZH4LNFDg}`0kvVsa&<@U#*H!ddvRe1{mAuw! z4&J!+^FYI;OC^*$AwYLDbWfSgXI(qX*d&;| z18+ez%^YIHOepdfY^wJ{Rs`ww&0Py#G^oY5a$4*?tMYDHoqrE|<7&|W2!POTHCf9< zb(G+zFz2uaYlG^jL`U+EYB>H--!U~9q;E-td{V@8r6R{>$Uw^5y0r`_42|o2MnD zEkGF)LS0`f#sW6|>;wd%UJV(PB%b$+jzv{fh&CE~ihZSkX zo$(b_APIaJE7tlVlI`Lcib^74w&-j?^a46v{4HMnH5Zw4W?%W^+n@LpcN z(7$8{mc#~Dj~5Z(;=WL&Fz>h>CBx&@egab$vb(e1G760F*vowpgwZe}YN6I=#zQP@ z!jD$BhYe(`rUw`gA&~Pq^NiQu9Y8R5!-G)&+7slQySBZafKx zkOAxcd5IOoNqla((r@lv{cSA+F1#{8Hv4@E+)bH5 zS(8l2CNCO-q&@>6p{_tX79~hf3UoXIuc-%Nc z#I_%-;86OUxGM>qPRC#@N`h|OiuT3k?E1z4EmR{Dk%$?Q`z-0o!Rwv6}l#734d1+IY9XlhI zsLhGRuawcxJ2M}JdgE(OY-d|?cgOz@U+C)-)B&yYMR#vPvuaRQuN&JOqRgRm_h#(^ zVmjN4!*+>=`S@l*q5E*WcJtmk4%kkqR?h=ZBW&*IH`jDW$e4Wj78L2g#s_dNkn%PT z9-+xlrDO2Ncmn0<2*mI6M7Akvxgf6x@edka&!bL9(Xr|q)5+JI-+NS?L#EDtTQ)b- ztf8{qPZa32^X?@89k*?_XXKVIKmu-hb3MFTvWvz&!cjM%ed>)OFWzpnVNzZ7=xeh+ z_Zyo>9&1+~e>r=f`;H@L`9XiA>-p(X36h?zFKjrOTW*?U^HoCDpFX7-IRu4~Wcv)C z0#j?*dtE2A$R!r+z(yACDZ6pV!F*!z`9{j5{*_vmrhIIr>>ok02#qLl9#bV`1v(Hg zT*5Cx%&E9)*Vkd$rD!2Gf+x{W^Qr)EWge_j|F7`w+?auWAElS$E0B6gLBIgyol?7JKx=U1zN5T zr0b}4uveiQ&83xYOP`7cQRFbiy3GukxRWT)#?NL=ji^yu#fHug$v2jYfp>5Tnr-0O;caAfP^e_WQlmnD- zsW)37&VXh?oi`Qm>5q!ZzJ8qf5WhvpG#N!7d)IG{^r(ss=Qg&qYqDb0{UkA%9??ht zz&f+9NKQPBI!NbNotf8#PXyWAkRZVGp5d?QDEB9Wel5XvAjLeF?@?3zxVVa#wzMx2 zY=t0br+89hGMy%WCQvt!JIDEfDWdn?v+@jB?(iHyX9q~d7gxkAY9c$`WFm5dkD%cE z&g*6Aul7xPcn#Lpx)<{3n-d>W{pQEk^8+*V@hlb^4Qdd@&>!w9PZjkOH{kZcQ97t| zINXAekm1xo-<@U=Xj`(YN9NM=+Ye607)iKYg~&HE7Z=9))7lC3bbg9w!Tkex_D+cy z0%HM{9ww7~Fp(n@3y>b3W(1=85&}uW&ZOnbj;_kmlvTku;N%~77$1;K-1A7TfHk~y zpocrWj=2p{0t-4iZF{Ug?(ZNJ*}_O53LCzg?4b?u;tr_FiM}cYz+eju%wUb1oaxI1 znZ*M#<5>GJEd<004JyWbE!4meSOw_8=aplkjgE@b2O%D8G%*C!)S4(WYSd$tA&XRR zQI;-(qc(j$xGhGSJ=vHBN?BSr?gkD@(4rs3JD$?g7s4y^EXTeNkB0urJ!f(%uN_S1 zNsLoq)Q?1LT@^VJoJ#8DM4wfcUn*BAqan>ZcL(cVTs;pLS$OOhc`FZE_7aH`sJSQb zaIe$pYFh2rWtW`W2WW$;onY{bN0kZz%z`pSMX9p8xPt7PoD5Hx8R4;B>$PO64B$}s z$S2@ezy&J!ha-aooc3PxR{&a4ofW_H zEMLp>ea1{*m7J(9 zR#zQn1%|r^-sT(VUw}{=v@mrYE)8bfwf+Y108#P!V33;KM&WgIl^ofot0oW~b;0Xm z8`pXcc}XG*uA zH_8TtohvROB<=ims%B36K(R^}Ch0qQtTz>^Db&`#5iCG#$Ipg1uzB$9J{;wJz4SNR zfcF#j0^-pONIH@;<{D}=ep3!MXKtqOK$pWx0_J}M>DR#D=@&vO4AwZ*v^IOsdiZpk zYF%I0G!$$1d8N)g00sFE=nw8aW3)owXHlF-g&)=y?!Xn%O~(so^yDBHe|tZwsfq&R zy2E<$%CdSZRlus*9Omc6^&iVu2XdYl&emBwv}5y2t|C}#Q;_`t_z4q-_;&qmTl9-+ zrEO}V`Z`g&nTF<^+FPy?#t=XAgu#*1Oh`ZP z7|yM%cP4|e--=WKtG?bz8We35fyG~7Ot2L~c0&4@fHKH;z{^C-G~lasDW^Qr67*1b zHt_owJ;F@=(qLiE&@mi_fGq3aKb8avD(^}o!Iq#OngV6LzBLu}Bw0bczSoLt?0c7IWaPrOwyD~wmnn{AAQ64hLOT`Z8N z$AgFuGtd;$LL|^1sB?N?exMo+UcjQgosFe1WIskN6aX7Zd*f*jO#_A+!~QVVLfH~v z{oO=AkR7o+E5(vTIY=1@KpjoS_rn9ZD5kwp#@g*h4LnWDuuo~B+zC|Fk3Lw~r9#BM3#Zw|MjwAvXKtUM-Y z#msXMM8GPk3Id|IAaH1}pLwC^s(4Y^H&&Avuwpg~B#;NfUIbX$tb3THbX4G=fG`DL zO(kHZ?9$rNlXVigCKc6m64Wez7Kkw{$Eo?$TMnnn-=ySA67aBt-pa0UkJO&F%v>Zh z2V|gP26D?hRYe59eb>;yvJ2{?jiACORs0R74$d3+CcgtaWI9*mKv~Wq54bvz|LH%l zpu@JCndA*hc2l&-0J;4W`z22R?!S|hw_n#-SrXHrnB430O1^;8OG1T0xflLlwAtri zUJ1+IO?4&yVc3e(>(a^Ec0v^Cbpm6<0=$DyUo<>@YwWVBWP*iH@D|0(A4?J|F2CqR^?O@zE+JKW4XijPnA?;sY0TMtMpTjOb15M_V z>EiXuNs0m)H#1E10D_!QK%tyMNb-8BFT(>Rio0_}d?9>{SSyr8Rv9gu$c@ zN)7(3k3ZSOfK*EPXm`0}2v{};+RE)%kFEi@T$b^R6qjKO@w+eYjyKfQ-W@%X_W}HK zV5UD32ri19X<$Ztd0vH~O;Y=5d)HZz?*9yHw!_Xxs_5f|$yc>j5lzr zcf|z79rOdt8%91t{Q?3lTMLZL@i4oB3C4=1?yy6PMkhyey<}pZ0c0sv?C)}>Gs-^w zIvTfK5?+jx46w^OxryN4Q?B-ak%JJ)m#)n5u)XOT*JYhaxM z-IFeEfj8d;xK&}N#Q;gkN8=K(s^f|(1IX~PseVzHIXxE;A3yYJo7qKtem_2wJ-B9C zYns0F`e`Go^C1ote>G-gu?6BOJ8WJ*oy;J?V|hoaohN_09Wt}Y5Bq_lJM+Zg)(oe^eKqQ`C>TUxKh4#CIPLr`5uGAHrgL(#LTs(} zMUIdF$;1j49)qg`NA3vezvH2~KTS3Sv3-`zs9?rGr zWg&-b;od+Xa|_2uXhkZ4(j+V`wN&VfC_dkj`8CE=$9<5B@Zo2TBwL^|vF9Cm%Pr@s zN`lMCU~QwI_78p&#|bY4_SEPf(TbU+wa1(ld31mQCyW@E`iJHo4TF22q=7Enc>q>r zfpqny<}$E0)U%j}F=e-$DKV;T%Y^N8$gNgs7d3EtX-e~_CqB|sGz0dc-Ar=k1hS1tbZ|W) zcRNy(QBdwwKqi2tAR^In>;^w~paik(xei-LpWRJ^&Pl+JgoMWU!tzHvn98zu8sY%B z5zulhbLOXY6VT>CV2v`F%x@q0K!^DIX$c=B+6DTH1soC!T?BTQ&#A{0>z>cDh+E8O zpsXm$k0bux?%n_s&mwpW)GAyUG5Ey{!BZSSSqZ^I8F3 zR$GN%rwABC2u#Zef615ZW6Z}SIUoVq)7v?ez$~gHYnk|lfLCXi7w17ytsy1_PLpJO zZuRYJAIJXPAfPqKDC+pL#)!D@EVjU+xDf2vKa5@d&{ai4rX*jS_)*>9+_<{+sBC|F z0^?vOU;{Q`i{m`KTY25HL0vzm!fZisfd5)QT!Q(TeI8U%?*~>`CvD+1giBSebb;{( zH@rJAmVr&bl`N46>>ac>Zn6>!_``W(Emk|(W$l95#S`EcO9GSKLk7&h# zW5Yl7A#ja@aZFY*NpGAfGjPMKxb?w@5}vZg&23e?B;+v3=At)p55LEDM0h_0`5}B9 z2Lx_@<|Ghu*Y{TyQzO|I5gEZ^A5GekHwUT@+S$%QpOyA0zaUesYWbn@?_HqvSf6@} zZint;`i)Ur_RZ`X{JMyeKz=n??_i8UUoKI3;ty&CeRY#4eLT>2p@VrJ#UIIkz#Ih2 zqKi1|3`aUEb)38XJ_)PP^w0ZqIRdH{`HVl~+G@?8!m3a!as&Hvz7$!R+#N^%wfMt1mxW0E-HF8eTVo*B`8TXX6IelPet!1b<9>psClPRRLCW=T$rS zRW`apibg|c)77T(m;=-Qx2 zPr@ozqi|1*9EPQ&A9ok1)f%P5F}q&s;FnFRH39vQ=wmNWG#J-prL0Ead$V6}YtjMbdR`If}&4Um}M`Fv(<0 z=FONKOa{Z(kLWq4cedLBW2h>rq#N$B4`}o|B!91h3FjPEwe`KN?MwLN72*(h-Eu`Jq;fvuoEr#d zPb(HBZk67h>?b^rJKR>k?-JsD_W4r-0w`+W)Wtm=K6T?3uJHYcSn|BX>&HVr_8cyH zO51$>B={eLcPw=!%HXZdPbl;^UM$$E7#EIL*qdX?bWL^~nz0p90X^CqiG%)~1XNJ# zUCEP60|s5Lk?NM01YjSam${%gjdV)q4bq+L$H3S56rJCv_@o?H4ZOEn{cVf;+8DHE z(fbR)%YGMhgm;UR%AYZreC)(OI~dT9Zv<}oUHU0B=m7EWeG$Lr)$l?&M*Sp}-}CB^ z&BsGVU;!OUq|4_BviTou!|-?a=q=Xx%7#YNZR-a`IQ-Vnll9hOji&dj@O&<X}oYqS{_;`1MV*f)Wak;MRUmrl8rG>=`zIx0`H}5RUhFc|=fuho75=1*>NF zRfiw1zVk*l#DDoKOg0l~Rb*s}@NNE-GhN`S2{;?@`D7E1vcUgR=RGU1ecmnTeZ~!E z3g`8{ceIorN>gF6T|dZB;JsP&AOoOCy#w_fxR0}Yd}QW*S_b}_fZzj1qur9M;7s076A)6&7cqwgx3K5Zt)j&L-ch?*1>7u9^Ee$>PNnMg$1>oXimM>FK)GTDMFNa2yuDFs| z$d8aJN%-h5r{f%il##Y{O$QYr6e2zd9MSEgBkmOmYB)T=#7m_wpZTMLCeP8mN%qDk=(;<&9u7wcnlUQ6LUf_#a3cGq>C(!nO)3i`zIDbpE9Wsp>S|1 z&x?^|t9t^-u;z>cMlO(eek?14qd9+c9ezubj00}lu>}Vns`^Jr*o4X4nZAE`VeNfp36bLWSQs`F(xa)5z~K z>UqWL4hSRtXImo@i->?fiKFA^FSsm^;abGX;R`-+EuR`9_p#WW;3Z0`!_&uR3 z7AZm#+2(y&Xp(i8%lw?#J`m$Cx}%a4O{yDtX&0T%PaMk}k#Zdl8bhCH!MI-`^znPXGj0 z*;336n-RF4Z{35)E>{V<`$EGZlYS+nH&Fra{BUMb7Re@DC0GJ*DKcJoP$_Lb}YGU4F2tLZ$Yk(~^E2o1(vCy5^S#S zXZT}ZjpgYmI5ehFScW@|e70GZ1`kd%B?8;h#|9Ye{ssD%+4{IA_jO7rmUV`rmB6R2 zOCf0&{vPcrS1t>`$NP(4aVLzd1=sc22JE*&PyYEzmVq&^7o0v&;DW?h`q`$utE0$s zecqe6*p>vIjRz1$+UW%;O9^N1;m$koWPXR2`i)x|`C7iBD6cd`E1Z~iv)*EO!7rZ* zXAYhV!OcAe?~`1kq?a-HD_`(>t4LjJAM0<#9O@(`R21kG)+{~*5(&JlZmPo!RiJhi}pYjU{DGG`-u(c z^j%2*Rj>q}EB{L6x3m&3g1#IkYnZM;QvSrz2eq#R@sm*H1jSUS=M0yy0PFIt+1XNS zIJAaE=Ux;m*ynD=4!;rmJ|Op1x0`|nOjg{!I{68+Txu!&0kj#0UpM6i6Oacq@4o2( z3vS)5d8x{a(wE(lvALEKq%QT0+s*m)+q`Y9D0Mq6;kb9C{ z+PlD1Sj67S!= zHU81}h-U*2^jTou@%g8L?1+AagVw*QOEaH-&4BQran7)@y&jLsmc37dB*0t_{qdWy zbtd`o z;1^t|8f>ai7`gt9dm*JY>>ivOxr~+dVSgyjdhH(8+R<=Eu|#di6xpv(V1HyW1O=ab z?q3l2fnQSDRqoS?9uXnbB@@hC?b1MBM)T!PO}~wGEY@>N+2YZZm?vOjPnJ71qOxH9 zf;agFdMm$I)e%10i`-u~yc%%RuB_!<-DwnNBCOt3!~jINW`PcfwaUpgBp@a!>tTA_ zd)dr1cCG!^E(5JtKz3Yl7!kk`7CceY@4(%^^g^bO)4Tt$f;*W<{fe6j?{`+1zj#mt z{si{IL`&CtUCY|Cf)xU-B`bL`=cRD;?;3Jmm~{c92He@(riXrC=aU>4cZQ>)n_<6_ zd*RcvNa)|6Bl?(Y|Cd$5Z@g=O-Yfh9Z>Xf%Zatl9)*WdMtYg~(imZ*QLyC&WFV2)&4Nan5c#%iW$ROB7-fIlH$`bbgu^!a@WT$5j_<`2yT9l-%~||YrH6f- zN3+S*qexf-bg(k$7xGR@tDyv~=9xChwjsNuhYlzLq3LUYJ*W=+^QdI+1k5h`1vHC#-zi{T zPoQ6+Ln`4`)!$Zn@^%*Mc@QXMmx{U*VOSG+;ayxpQ;~i`NBu3N4!pvy1U9Ujf*^F^ z?%ye<8JW1(olgK7CfHcYFVUvQSBgLv`*Q-GORx@^F2xVXSBa&BW~d)NlZEDAEKXO| z;wD6_YLUJd%bHV-sy`Q(p~ovaHou;24Gs-tblhJ({lnzCnld?aPd}(t0NsqTGaETJ zT0lOJH>gAU@k}!7_3m~ApfZGA8KocqDa;EX81W7l!M}I;VEoVq5M?^#IR;Pq(+J#1 z`0(5v*U#)?ouYZKtBPLVC4Wh$UKG8HqGBRaaPBZ@)6fm2+(m7gm2I2>Xj+%^sCW#*4rmPK=gt4a zne>Wtyad6@_hMy%{{|))4r?F@RjTOz@@@hDN`~mH3ZF%P?OW+cV!j)mzBA+OVrK!U z9lp4D#igAZj&~l2*=hipgyxNKQ*~gPONW)b>a1AV7{jQvikc$=F{eYEIJ&-IW+E7B zS@h3OyvA><=STg9I7aE%=p*;U{@}CqnoyNxusYqH4J5$i%zA8=bVi4%<4}Hc=`7)f z^A177VNY=-HThv>ii4o7TLHqe<}-3PvLUm#gVs3MK3mc=Mjj7b5SZ5+-E*Cpw0O$F*f*T*7jQ91u_E( zx^=S&JD@4iLg;e(`8Ta6-CqRIO{ERw{OvbRN@B~swy*EKsX{x#VD`$ILScgRvoG-7 zox#l`v_%nPK?7Fxx0Xe5rFk6leW8OsuZ1`cy7ejmu2jUOD1s>mN|(wMk3GKAnE3;- z%-o_iih%DSu`Pl7bv0{Asp=0C_`$H_mbURYE>GgQ2rL>trA}-ajlzu&|L`;3Q%bTF z6eSy$?NWk&UkgEgYe61zVIJ6clYV!B$kI>7sTOHqL~K@lF0CwMUjM$6jh?-*9a17NYs8mg_cV7cJCb(e*uL_$N!$7 z??T9Y2^>B3)Rv~NEgkmnNZvoU09yBl3gN>kz=h+Z$06zW8UZ}QdzcdtVYl9f760?| z9`XgyfD7TNk-WzSlTMQO?GC8RCUJ1ysZsrm0IdHFOMNNc?~4__l!r54d@#2>&K-Wh(^>Onv)z1>g3!5aPW~)tbxpM$E-!{)drNYHKpEU^VahFbd|9Suv>11R?5VhuPb*1$CA(Y$ELQd!y z;WccH z;2$$C*vX0Ag*dhF{g58{_5*duMqFT2^5K0dvx2uWYP_2#h^v0TU0pXH>ElgKSty#}k}p#$B)xwsQ^2u1yc%AY0Gm_+ zSk}WjRBX#9LwWC1^De8$MGNbzI~(47LsdiqO#d{qyRj}H=L26bxd#PEqX;&5Xykv| zv9Pi|Lw|2eEKAgALsVXgPBM$83e!&Y4$}ZT?V#m*K0x%6;XBG3LWh6AG$1L`@!V#5 zImWl~*Vq+Sgc#Bhz{}>>3+AaCxB-pZ%e!VpSjSx7JuRC1^ zaqI7Og3ki{E_JGtQC2c;74r_#>Wn;EU`uyvX_zAXn}*02c!Be$?-kUyhW`Z}gl>X> zlI5VurV*~_lAeQyUu1EpA82CrWxq1h{2Hs!A-e|7E-xzV{&u)RaET~?Nt|coC1IBV zmSTQTWZ{dJADm9TQvd@8&Bi|~C?622MAgH@MN%AM*P}h-XPVUS5&J1`ux)@98k8;z`=(<9jMlCe}Sfi^Glb0;;{u;~>=-CH5QGbnpWFgUP>x~Ttu9plYatD z8XQMD;h*4MxVIF0pDi>L|6tkBtQUhC+9Z}LgK5}nZ)m{0OvO)qP%P^+b|VNeQWf$H ziYRI{@0AG0s4w?k+`qWIauM+njfL|v(#ECf$j(=hPS4vW3v6^Mtj|~HH(qJFj5sW7 z!!dO(;0*14W`ZH@f@$OnyW=Z3KcFYrhY@s3Pfg=IhOH8(Frc#`0XG})?SX}M;^bI= zLgDt4a*+?h9mS`M1Iw?ax*`V9yr8j4`_Rmxt}br=Yhj3<%AL|f0Rl2(czL%EZT z$VKBHKl^GabGky=BU|#@bn^;w!SikI1(?v~da5ig3TKSoDT_>rfj;khY3x%|Xa*gJ z-Gh=^eZ;a9x~7t%NUB{TB-kr_9jO*ENZG{;2T7Gqnjl+}4m@Cl0!lUKt3OT)D7%|K zd8%KI_hK=~)B?hy2WC2Z6+J_piLuyuCQz%9yey!uKNW3|h?rN9UN-UY_xoNilY{4> zFW!OFp0@vC;QcpL1_!hiVhRsf)3I^b%1zKn2Elb@Z047}tzp_?!yaIN6$I*+)2~K$ zkCU?2gM+qQqNECs)axXu^z2x1Y2>gt=<^IAHzblf$R4 zvS^5QC%uNms^nW8?xCA9NFG1*0$V8ZtB*9UfT+X#{>gmMvvhu3U* z!MkiY;2q5_twLy$VD%pE;w5zb=nDT?Yik!eXhaCYEBfuvz^7FVM?n3ry!VJh@k7Dz z1%4xW?pUr4bW>9NtjPS1w9iqRFCV?<%J9*JuTiGrmAPDt=@RQYf>9*1sIIR$Xxp;d zw+@MP*+47g6u*TBLGT{nooG3eT2vY6x@EkM0ay)%V&*pq5ld8BZ-lmfw#nNUM57D3 z&Xc2y#F_S*Z}eFLXeAfcXbZRE6mO|(tKF%&QI>l(@>}6pg8=yk{$2?xspj8jTf#a+ zREu7K#S8LKKpM(xjlLfEmCYi#0Tqi-h7yNa3g@=$x%&8Ke<|2&)ZaDC`+|ihblc(| zLfW*pen6|N%g!%>x0in)SNJN79Zp<()7aR;pC^}&ABM(K(%{?rW7 z@Z6H>;eF^Y?2*u}@Y^=WqB}F7yQ(vQshCbxZrgt=V(R+;3H zeO|#~ux_LnCIsny(<8nel|cn?DBwd(FP(DxI%4$~-(!gH!~%%@uMX3R9^Cot4(P0~ z6s=eY1*bnTzvPfmv#~fEdjv%KH;+JNo9#gw8@#VhP~yJRUr>~7xrB?YAwjg$J?96T zB_?x^O}`|!U)+M9sE0iS7Lq?v0L?)RLqDK}n??(O4puO>h_pKr1F~7Lq?axypt>n8 zP8EP=Cj zHw^C=OT>lDZ&2BFzJm8L*y)Q|_wp``sz87W&b?53nL5PU2Kvw;Y$%N1`UW4q{@X|K zBN-aqBw(`zMucElq=h;JdKE17=1U&&4mLFKezd&+PNj2SEZBqj%>|3c8JWs~N;k-U zCmqNrrH!FidZb~WgyRm zx7^A-Zf#3mh`=-81;4zYam^WzXKJ>a=+X=StgS);_%j-o4D(5bsH9FGiEMXoVOPU{ zxunb`%K*0Zv0roij7T7#PetD>L@lu_ApHV1o2S^>u z)q3e}c;`f_7dI#xl7O%675!~flPaN>;0v4MjD*vdUj7v1b^dhkIpDxX)%cY^ckKjP z#OyQw5dLou@Ab-(-Vs-YHi z0NDj?j}Q#7PKE&$?cv$P%h^$C8}!@rs9prU;@WEKpE81m6>iKNB_U(nB=HOz_Is5L zR8Jq*WaYNB+{oR=Um*GW$r`tRGcgN71MnJlU+-Si1?xP2$J@3zKuZLBK)r(@9*p6q z`33U%P~J5hTq|Ke!zbm`qluKJFx_}-Y@iZP7*DI3J6kbM^ZolUB@hwf(MRpXFTsBf zMYGTHx|dxd$&B-7s*>f+Q~HQrwE}o8=n6YW02G)`dgo%*rP{~qA1QP(tDjiKjQ6FN z`KUsW7tc(8d^<1o1pT!)YpP80dD_FUVAM0~nAf13u&$p$hxz$;pldwP0lCEQnZY8{ z7vct}SVNO>5Sjzc>Y7YCm9&lW_aw`%25MRQynu(c?{u8SzzOVwRNdQOP%Q69|G=_- zOYs!>SV43r@>S`g}sRGUN|RZM67=EE31v5vo<@X*}#C3$cpPS{xk$o?_X!m zcD4J}@WVABBfLpPUj~GRERXjLICJRVK$%G6K9|H`a>HX=(=)V%b<_%JgF?fexR%;0^ICQeGC&^ zHMx2BTn5L@l;B`V<*!Z?Cby1(DNWyJ-lMTYLoxLN`XIPW+D2-Z2QYv^T%Ba@7f8@( z1KojBFSgnRmr-o`K0n}6oABRPEUNVD!Fu;#4e(?Kzmo;N*^6izDC5F|Q-@H{^a_l~ ziNK-2Pf{4iP;ncHXZ9%!sFFtCq{8_Tgo&wRE(ZVj9yL<}xI1eI$mq@`k1NG#K@-52 z@hYvHco$vqGo1o1!`Wp~yMd53h=lgLGLP6aq@M%jHZXBbQ|P)V>MWB_*pY!!_du_p zu3TxxJ*m{>PQ7x2R$6(rkKT9}W&P*?Ksdv*_nkrodz676!@lmnKrCW{YIo7wsiQ=| zBG4)l8WB7h*;mJG?Pqk1HYS_0h+62jA%zM=hzAPCLWa*_;E+v8#=J%S{FXpG%8^;< zS9R|ddEJ{Ti&5&FIyL5J?{MrN>z7z7KwDYn_ z+LxRE4Yqj%DL&N7H2WP@odBBq3%G2<<(6pOKQAOC>Y3V_V*Hfk{sFIU4mF_Hle&~Bl=Pb_RIjrVSn8~g}Mc^%_9h^OEdP6GWooEpZJ}#Pp#JQy2T%*O#|mQ zdq9uXqI|`jUc;izl)udrY$Uv&-AG%L3aAwx0C$PNUBrei|MzWpgp&YkOa=?vtP1Y! zT)>c~5R>XFERcfg)O!)rO8pyrdl1O9TIOz=Xwz28VU*C?GN$V zXpI<*_2vYDFVbYu8Iyv6_%@o1B+`W#iI0Z|LBhmR$9@VKE&LksOMr!;O`8k zml^TS_5&-D5X;F$|!fxHAVC*8|kBl0T^0rRx#hPE^ij(NN^bFJQrq~km|D39)Y zn6I*FKcMO%6ff98uM%^6C&*}t1) zTVQVu=LH{!KHOe=J&6^5FM;fD1sv$rx?V4ru?#>*rvh!`%iS0-zUf`dXec7eIIQcW zakzf<91Sh1%7@N7y77g24AGSgM!0^by;&9NtW8H4dv`DXPX!7B&-c`U5n+hT$qWXm zVD&U&=6s5pRNA z?c z3k)xN|{g(QJtJ@o3b1AV-^nq7k+i+ZjcI&`9 z=miZD_?qbpiyjkSZO^KP4HgJiu#^mJgR5LpaH9@FsAP5B4#q>7&?r_W^B&cTgT(ZI zRSnL0)hDlLbOkzKU{!Fs4bD0st>tAv`abku`948DBu#mD9)PBo9JBia(S`HdNa_Gm ztss?TOH(JyqJMYpIWN#r*v;)NW5(S}r)S#T_eamx-@PMCDjm)Nzgt7>H_D(;8M~1D zIQBl>;eN5r1JG~Z4QpVIzFhFKVsOmQem(j5&;o2cKoY%qI)^b+N-4Hh*aIvPncGq> z{fm2(fhEX@1^NM-U_6$yFy5Y@ATr=>5y<=uB>@+DFa=8@mV3v~GHc!^&YXrVNaFOK*=@$N;u$>G>rotA{R`YCt-WM=qdn3cn>yX4xmh5OUk$RSaTsQ{FtJ^ zC%z*SzVGR)jppVqHQ_9QLmO~6UY~ffx%t@(_|n1M9MC)z8#;eGzVr<_alQDqn55=3*kC`o^uVh^*W=|F>q53W+8SGMoa5bE$2Ad$KZBa^i z2Hq}wG~v!p?ffT!4_~@izyN5#9GvNY$XyON`XzOZ<(!R81awmZDm7zWO+~!}dmP^Q zO~>{~z(|f2%5VWXW5^g#H1~NU*I-`+tf1PxU>|vX;-*_M>)QEyYn|w;gzdAgS|Si%w} zk-V^+C26nKwc8Y&*=i3F*}$Q$1IiU&mH_2Z$yL0fGZno-&!6# z(1+hG<@{_4><<0g)v%nynR#0VW0Ju~Kt&|{{({2+N^tR%cZ2S>pK@p5jh9)WF71yb zX?;H*sS9k_Fbm)^Vyjb$R9_piV#0)j;WXUJpRg zy@E`rgS8f?nmS7nntz^)>J5J&VBw|iV*)Vsd<01@=nOJ@3jjTn{1XG4nbm|Z_+9kT zjhP^J%u`a07m#TnS-*1-KULY{Io&)%etMkB7j}6gm;w_SpcKKtQSa$id-#~r7v_uB zfP&+ANZpcXLyTkD@`4LUKd5A94LMDB&15D^*)nxEjNH~UrZj12NI^^0Y|#e2y$^LrP#8oEL2V7<*Mlh;h4MP zHa|L`kzgpJkT3hOsvSJ0=WE|b+eF(-T+y%PPln5z40EzTKaGqE&CO?Xk2|In^)RR- zhbO}WHl5Jzj14Ffk^Aw^A1q@abB zqg({q)TmIWZ{aI_#iH3M9CN!-&=96uqT@$S-B(BD(klO?rh?zdk-VhX4a z^EQkB^oUfG4w_dNJR(_gJwF40?%kauMV2X06okkxwIEN1%fTHCX6{vy{fIfx> z|8?beOZRUz$B*4u%F}HX5L6yWXuf*z`dF=^X#81v0x~*=-T6r=`rfCmTotZvCb`?4 zD)W~yQT52ypXtxoS^~bDlcpTlda$YGSk2wue36$bXl)FPWjMVs$JBU&w}K`T_gQ&2 zmLy8f@#FF>hO0{i1ZDix_dxl-?A2&33+B0a<^hsck1x$z_28^)T-_gDLC@RAOCR8W zGE&h)gqI0=$+*{{B-NNt$eC9b+K_cZYfW6%C&y-#*_xvPa2rn;f~WWAGiQ|8eK)uQ zj#(f*NZ*ow?$upVP!6=H%Uu~_9lEV2*k7xBb|z5Pkd{HjNaIBi4t6)?rT8&;dbX|} zornjxgwOOL0HTCS?^R@$z|4}HJ`Jc(v89z_ZJe_vD5&Nn8Z5?FG>m0h*g;mA76FS~ z>Xi2m6FOzeq)9pP?eUcWkPjbo_W`NP*&Eo1DR0*lz>_5cS|VuafsI}h2R<}q`6$=I z?!Cmns+1m}57{@0bk{|HD%AqA7HqJ=DZqkW>zI_B=}zmPR$NXl#P<&W0tA~Bqr!Kj zL&KT45~88OjN*4r4=ktxSUYqV+PepMq)@s)B*p9T(3|{aEO2&zEk1s&(v7NP8#1n7 zzj~{D45UCtOomYPX5fJ2EVl>mU?vT3SySf+CRI@5z8>9UTxCi|jOViTv4$M>(C*7+ z1nKg|D=0v#fR3!=@y}9tgEyP*>?nsWK9`Q~G`L1QnEHW1h4W3{M|Xc6)jQ;<0q7Gb z6AK#hU-x(!!<5`>jkLZ>`ghLqRFsIDk`%-pUT>qyv2Gpzsm=SQK-O4F%;A20t$f zFm%gtm#xi7uBrDc&TaQzB;dzPgJE$qJ<5ApY{y1Vf$IUUEM}xkteLs)bf&nc0tkQ5 zF3_-r(D`H(df`}$|62XeyzL83iEyyYzqQ~ybB_h}yLJF*EqEir0lp5eV6u%u>O_2rln7s`Za*0A-Bh1BT^B?w{>@>#rm^6SR~Aj8AQYrOnxly zdlYfptCzp0{7pNM+&xSkuXp1 z_f)*2A0mG>htD(VP!4bT0eZJ1=<`~bA84?De9^kl`*sdzS>Y_+N$WxD0T=^|Jh@Pc zKNT^!5%q)t3W?JTRlf{0w^>l-Uw_fFcvxaO=$ZS3vRIa7(OWcg+;}jUzd|XbC^1Ok zdHvD~P_%oIl933o5b}<>p&ydnX8(r)S@K6pY?{EXguiq^-4Z15rIBUte$cq;f7F)} z0=jZO=$E&`oR%~Z9C_i2LCc2hx)i(`?2mFWPXi@JKM->}{56_vTr6yB_Q{q;vcbV} za(#qJd=G)Oj7cIj1topUCF+K_`Z>n&cx!>IxgCroezi$*zJ?C23(QZcG0W;poR4WS zhtFN8eXR|wL3~#VePex36P(-DA^@`vwuEZ`-Pv!1;xm{PIV7qdB0UVcp>I#xIC&rx<`wGl7A9(kIiel7TtLs&2Ps8rK0tNm9I)&3EkJi*I*M zLAQVT_L-vnf&l-@cJ?|~8qm^&SGHJ^Och^vN|0C3Rsl_-i05s6|DjA;+lxd5037e8 zFO(fo|4D*`#=MKA2T{w8P=|=I=LKC&766n9(dT}$JXIRRX#2T*PYX4so>AgeJgvX( zl*?y7Oew@6jj02UnxV;XoL{eBM4(B1sd#?41tlWNAShU%Fd)dA|IlxQ60HZM&OT#I zKV(8L{RNM}MuCLsT7cDt8XjoMzAjn&td%4gfWv%?g^qg<>$lI)B>W65WSy5q6C~Jy z+|$PrySx`y3}`%)v-}#+s~iDi|HEFR#Q(gkSQtQ3KY>UGiwb~Y?k!sg+s=EFysywV z^QX=~Me_v@DWJn!4)>ZQlMUDpXl=O~vEb_wKMNM}x`Vk8`@ii&Z6tjMSw3{YmN@O? zw^HHNXkIGl+&;eC_V6UEek0q5w32$&Iz+Mdud%y@s7-Mxf|MStCYs02gOgYhPTt#|r11T;f5Gz3D!qalioY2>$tSN>HJ{2d4 z%di8WAYg<2SfIP%3}|LZ{g*cY;Y!QK7q*V8XD_cDQgx^Uf|2Q0ljMp4GnwqYrE(ulaJaY48XWdR38lQNGP^IN)Y-IiQj_lm?(b*z~jk8tK;W1eXwX)qv$HHpqKF~!!Ezj$sN#$bO{@09920hPrlWGK%{CAgl zbsIh`hNuwVJ6cRCJ_3-j%8D;Qw5V%sAxJ%l(nZt5PC&Du*FZp$uZHJSmR>IfEQ7&d z_*wPgiDWz~ljp6$2nr3QjG3QcfoTqZ0$$G}=>2`ppj_jp1(*9@wl7?o2UW)7Ueu>9 zs#Xj{W?y<5VXqrrqe_Wukpl8NvdXsA2?^VK~cG*p(Qz zv4t}?h!P+r6CO++;n1L6Y@r`m{yVf=oyY@eRTm~B&qHdiB<|lf;)i6AwcC;LBgmtP zE>w8+w`eAaL9|XId8ZCNCGcB}y>KwVBpg8Eeh#!Yr{q37>4A?&PWB+!gO8ALiX15J zj&dI)&})Vd!kz$pL=)2;z?#4T6m|m~-Q->wLh03d7xl!)!h>riR}diJ&@n$kGs?dqFE?Os^bP4W!m^9 zBryBRx8k{OQ*}Fuk-#Y4u}|jm^$2qLm&a_wS9%#AkiPLijB>@3dVYYeCt-f~*#|?< zMF;!#gX%veaLvh9l@IBapAxPh&8{J+0sTH z6ie|M)U@NNq+Vk3BpXF#eDWo$!Ar)pr{esAAcD_YMt^QjZ3N>{tLlm-{&)*WNBauS2HM7oy8QEMhry|EwIrNziw>10N~NDvK#TDoh3x3-DW^4p2Oppm3^ z8pj5WbRS{I+eeMiHsq$L4eHPE5Z?l{ANirjfaia`^Mmo(^oW!+8}%!$H|v{9JS(=V z#(BJzrS&fZ9^F5Z&aBHZHj2W32_d))VhSQ6hTI{>AZCeQ-&^%s{q^G~xjo%FgrnKXFIpR6a51V0c;izgNB3#xX747&PT(wujc^NT_1-$uu^nKRnN$D?+ zCCE0DtyA>@{BhqMVDlw&d5N+R8JQ=kFU_CMPggU(>9U(U<)PDikAi8QeeMgZBoJKj zww~>;WwS>L(o>Qw55(nBYwGqfHcSt5+V}JXsa`HUeTnF^_vxY)ziVAC2mrJ6>A>lz zuP{y~t9jb@nD~7AJETA{iwJj7AV0y8=uWtdc`L{brn4J&1UXXsAUNQ$pOZ@;wk;y?W;9@N%F{B&P7C(u(xY1#60)73}v1@Oqe(3?kx{@*WM0v znuF+>{1xawMTYaNfX(s?`(s4=*4OG0pekKD7nU-N)dUU8qkU|LRsRCn92kXv9BzBZ z2a^sm!2j>TcAa@|d~Go<+JXZC=fnkQ^$MS>DBft)=e-f{rH=Vh90RNJL!_FcWV^$W z+q8W*T(MZhI&`CNgz%s{KN*5^#hcok`9Ik~&^$rlUAEzEr@e_C>Tv33UV}eMz9B&6 z5HFKXlYa*(?(CXJ6<4FgoATr7^x3RReX8Wz@k;Q=IO`LFhmxmUixQGxau!nhyjQ>{ znBvF4C8!lz^g8RkrC8W@>z}kCoW{r7MEUF_??174eGR?-dTI6#jF(_OAFCYG-1U(Z z)d(saO@i%Sbv8XtKa?-~5zhRO1VV%r zUJr60f4M&$Z(gz3ZPs1(?(tk|Z7`|8bDr(Dl4+#4fp4LTbfvJ*12lHu12=*)>?y4@ z0FT`Bw3S#V*6cMIqsi1HKv1__`N-7rf_}>NLX{Uhb%#^VfZiY2oh<7 zLj^9z(|&`meeClw^`ZNhovQn;6ctQC)rp9v#=a z*QbjkaU4o@q+*1bYqtgWUtXaxfCBl`62EzTP)F%*&H8FLWO4yz z&c1D!#>WzMmYl!u$QrV5*W`h824|%$=MXhVTz6vq9zfuP+qhRNp!O~GEFt2?!~Om) zOo7u+K0GpT>rP+)Fd8)R<1w}p2%J%GWfN_S_J5jwAnK3wQ%vqy zKVMAr3+1$ZPe)UtGRk7_~$!s!h7=1eqg6`n^3TESSF~BS2eVTM~asiJE>3{q5HC`=X<7!ZU zXAx0sn1G{drE=vl&oroNz^J^uPKrX9xcT;A?loylBfhC!KA*(`;2=A1t={RUzyzxo z2He~(c&Ozbo`31?1=(JIdULk#DyMM-W^VWJ4(|gJMrpXcNv6iqBedgXW7BN)x%iIA z*ZqRri_MtNkM5vsWlBW+k)IMqThr=y-;bl;t-lg5vA<=LPS+%=gFY=PA=KJEE?@jgnjpQW3%O`W7jT_Q6yD4}+NWP{#DA+>5=$=rHFAwRSAQkX>0XZya`UiO2^}Erpi&`{COrf@8(wsn<8?wsP>%gG#P6M`YEj ztm=C{xxXp*iVt$fVou16Lxm3^ zD0(B=ItrDp|K;sqWX+pF@Kdt>xgCyHNu1E@em$kz`oiz;eG6hu=$Upsd4{ojil3rIbsS#ZB;#jez8{{*PR;l%7Ggm@zP%Tq0C1SSS?;w$IA?H-ikggX0LkgG8L z2sAAa zWcLuL=CVS5rz8H*tQo?l6koTwvmKIvPz)mRE2~Oy{=YE%LYN-mIkqWK8#=sI6ZDc+C& z?`-v_n)C(=^7_K+ZrDA^Mn{)PfG=P!W|U5*KW{o4m_GdWj3i_aFb;1awbyHCb8yMm z`fM}83R=!dt2ud=NWKd#&vl;DjZ&DZPBxEf_fg}#5p*Q&jpjo zb1k?z-${H|EaLCg{Jhuk!GBOQ$bBQG)#LSpWyQP=%N8>ewm=2~ zwK{mS5~;CV3Z7)UUiR0*@4HOn8}1=5a?DSktTCM`IBs4wf^XfP!{cyRp3R_bO!t1P zfk>LRPMt`-l-&_@8b&&fxdQC{IDvD5EN87b*h0?)*a*nTrhvm<3!_VSQO-azgmt%< z#M1-huY-^9WLWwYdqTLW1qFwMv3}F0n31P*D|N~sz3Rw+eSAY?Sg@p?2MI-*j62xg z5~gv#i0rKm0h~JrmnB}@iAO*$wQV|c2D1ydQ^I3^?MSiVusUtXnsB#tMvfC=79)2*;Uwxv zABtKT@%08uwMi}Q$IwHQ|7qCKh>D;u)^L8j1||d@j@&D+i*vbMPNhEKY)(>5a44*q zZ16Cd^&b7PTLuK*H@Z1~EGWwF6Z!$>YDwMeDLM@`ejBR#1fR!4R~f$H4#!)#(HNb0WWrj=oA5b2ysvp z_c41COyq0#NYUVD8^YjgwLHlTm^{G~yhHjnV%N&ts|sM&(@jwD9uP*r%T!#GWMW3p zClR{;ENk_q8moM@DCPnuJJh4>W8b~~rPo-5`^9kKc3yX0&B45(*hBW(#Y4m`s%?dp z5_8WJ12WScQ&Kt@XvAL%gWXH25D%Hi+M|HEDdln6KEHjt++s|zY}qbek-y#giR^4h z|MT1+nEKkt+ry2Y9*0lw{xI-)09zw&`xp8GP7qlm=HTJtco|7(% zx@%&wH|Y8bekf7=b@$+ElHD&n675lB{Es9|N5YEC3A3JjZ>K)sY`w*Y&AcQU8Q<^i z(!UQ&WgGh*zUDUMF2X}%KW-pgk4AFH?oMpHKDS5x=+5U4;Eq2)QN7RQt4~_WEk^y8 z7NY*c-I}LPl+?rJJ`gE_NZ0M%%y-Ja_YY(?9Sw5n9lr~k@H(cwlzVej5=b2|Sm){E zO1xqY^9^wt%G|@RDvyNHDgU@bVC@+%jjkz@%lRk33>AH#Zzn1}WT#;XVR&Lgzv zY`^q#%~?rJ&SOx*iJ7!rP!e@u(Q2M)DO8Nf?D6br45#!=c#}&g^%rqf6Wswv+}CGE z-)y`Q+Qqd)Ox8ZiPt}9+LP+Hbk{*a~DAaspOYiNlKFk%A?g{b2wJOuZ<0dQ|8T78} zd+&ZfuX5+B^^`OV%Q1nR)r$w9xU+Y9eSX<<7)l!ut~fgOo4)R3zL~1=K1vb_4Nt2m z7%=gJH+GnNHLa!B{W>u>-%`DNZfA}pMaGSpvvoSq`C&9+|ENSvZdb#vCgAq~@~BzO zQy~^VgqPbB8jz{|-tWxiw*@p3d<0XPJVZ`uwzhCscM+N)h5OZ3I30FihJazgIPXtx zKdPl;cG@Be@NihXyrNy0~rpB|xQ7FsJQWJLla z*`gdEmSmo7tf^8MS$E11%0QA6|O0NnVCP5Y+eNep;-L3uzxd+-_* zZ4wv+3+%2bIfFWUQaj#S+*>VZwtfw+6Tjkwr3}eviD9s^=dK$64+HJl9&^V-uCY}FLBrg zPbyvHf#RcPv)056<>2W>^xUVeU1@wP zwIDylRRZ1%LXaXn<2lR1(1afsksJFie~6HzR!aH(C7xm=kNNwR57noT$KtrQYI~@B zwpImEiFGrJn<1ee>-8N`uM|HMBJ?YxR1 zgZ#wF*5f;vSpMZXKv4Gah8FDPxU460;*8O!#Ur3@UtfngrR=Ul8Ve|OwD{{3zcWv* zl)OP2w)NR{YF2WL6Lt1fkP8qlw$C_aE`EuuNH*IrU49JUbAm-{H`hc(1blsZofqlu z7_c5Ef_+4kDb3fLF+6_xb@)1OnA{WX`QV?AN9-6M61jsb)sT7gteu5bL}tQR^8?FQ zpY0Du&wJCR3eI>Ex8<}hew{PU4z>`4=w1FT5-=AXg)+*<4#gjG+Ly5;mF|g;Ll_Tt zx^-oHkEF3qZky<8>$rD>k9%^urNhl^ue!X4XAzDByF# zwf5z;yF@BpiXefxSeJf#}JS{vO$GP*x{FoZFQ1MbD&Q4;Dx3siSleM*4-qz1= zG-_Euk@yUC&zwCoaB21p_N+2qWQkl*3}pK3D%dvT&k{*=>QLKlK6KFhJ=Sj>WZKV^ zxq7kfeMR{Tb1;K!xX`S9+*?2K&-q?w8%$p0KlHBp_F~46E}p)^!;haM2+mfCD2rsm7#9JTRwwA`^XoYSygaqP+?3z+T; zEO|fQf2l7IX#x2iw1xN=c{w@5RDpYmfaYIj+Z)X zDs_JR655R4T%Y&fA-Co-J_F$&OX!M@&#ZfV9rpe~snZhQt%c5xaF1!~(MZ>P5`3V( zgEA=sgQlK(j73kcuYa7*^XS=PknJbn^d_21@H$hb)wq41Jbu^j?Uzjv+c#fG4Cgad z5u12A-)_1&0B{~OM10Hg`r@J>0ta+&NMbZ~CT_=*CGNYj>QvLRb8Yg&0`($rRPWp8 zCL%b7_syP5J@#Ecz3uRHasv!Iaj9DI84Yo2GEm4ODt)iZ-^GALXDasrFf8|@e2Me- z<^=YT2d}-2ujrQVM=FxeYvb{_*3y_7MDEzH?Q~}M5Bjkv&95Yfm*rq@CC6|6Jea}p z8^h@?%<}K0ljsLrg^)BBg;+=vrFQt8J_o<94afxVT&`g+^doeh3ZFmZXqmUCJ~xp2 z$ct{{a@XH@ASXkr4t}$9KW+6=<@C|pOHHS<)%ezVADV;=K$t$tX_arAwwzB`!B}ss z`OTuLa>6e0hULB{VZx1GLq(grmhG?!k5ZuqE@9tsufx_L-@K8%m7sHd_+uzAlM#S% zoRZ&6_C|!euD_=NA))a6R_wm*4i-79^yAfod@?_7^OrA8{m7CL2);u?IM}>CiXW#D zT!RQX>Y<=9c+{-b#qWyll$dPwCE)MkjMsVofzGloP_c~Gh5N9hODlyMq&N7^!Fj#w9f(?3#0byqd3BXGds9UZJ=i}@#yZF2_F>i$D+)knF1~M z_z5~1MH%bV0Sk~sivhvuUF!3dnaJB)5eZ^TNF_QV^>hoOH)jCtRye^~-H&%p+U~nx zR%oHxoR4s6;WZ|C$sUfu`Tcvostt}>am6h>0C@H(C$hHqBPW1m_I*3S1HOyVDuE%( z;=}nuj*ie=ze$}Xm;!&Zpd2_qZX2aG(l~is{@@=N&*N_DP!)qGKRb^RPw$7=`z-j$ zVs3OIX85d@QOG`G~a)1N$)57^wKb^=Fl`qX!Lh-1uK zPyJpZ*sAsyof@nqu88F3XlJhre(=4u$3h5Q40`eJ)Gj*|RjlArkw>>y5)8^(n8^U% z!a_UJ^%>$)0>6BJKzl=Hwby>(J$R+cr`G17qmtshvj)Z|tn3?EM$)XhT-1G|QT8|K zD))#h*|+G7HK>r&=E-jNGA@1eg#57tc)77E2aa9b=`$xizuYcJ6y)b|f4O$zBkPRAXK~EJecRsK zQN~30j9}^Ek|o2oBg@jZ3QR> zL&C;s^iCb3rp&XU>dzP8&RpSQvgoiG%b%Z{!F7h+v{j?CR_~|5e$mX@`*IEY3jp_f zjY{szA-+95N(P@~1!%X$)Knln0kSV*VzspB>h@QSL*j!uoEJad8i&N=lkTnaMMB^N5Pzf{M;A|v5 z44}ac-RVhBxPl0|n4@yW7ssm$X!=FAn+yozUX(r%<(+=t>hMt_N4M&I#3yL`qd5Cx zmm4O&c|)F-$j6nFea53(dlL=c zHh7G}7QTx?2;{kSU(!1Qf7Ku+gPT{-TEJjmitoJs#9l$m9 zFWHOwyVJj35IK3^(jV~+!~g9|JjsvLRpJ>FU$e3oiaV|WKmLn7zBWe)@DEF8>`$Fw zj_BmSnEL?l+O1gmlf|X%bl#V!*Zw&+^$YTrCsabH%VhbgCi$I5eAV{8$1?y{`;P8; zEKC+W!2C$|(AtPvB0`4(t8f3LCNKcza^JMNiXHqrh@j)C|@BW!J&a6%MIJJV+A2k_{P42jbnh$S%uh*)7fj? z5-lFu+-ht`$(#*7vT`W5)|pa)I6VanfZauCAP9B^a%ny1nrKleVg$OlodcF65)aY(f$ZKNsp zYrWnt&QaJm=zYwuszlSz`+h`R?qr2b*UMXN={5KB=)FIn z&VR9Chv!2%Vk`z$)%;u$2+T2qHD&zasi}l!50Wn>S0P2vn6Pa3W;7a?#LWmrFxG81}q;$yRH0l|EQ=QG4KaWIfyZm3R{*JPCh*- zwxbh2n9wH06Cskv#Q zow%@dXx1mH&dwT*DXPHL;>GLreg~giS=+saIXvcbhj-{lv^64q=Y7}6Gy5^DGU3l( zpkg`cD+{JKQsR=UB;7rOAn&&jlh5bbc1(G?)sgZdhxfro{1z%pIYeKiq22(hrcWM$ z5t>yjWBgvgx?1*`0ByvJ5|dnWzGjTcP$#tTf4ywef{h@0R+xkKJQS`a*jwR-pAhtT zQNc5^O9M|##tbaYaNDF$x>$W5p7HZ@1rWahxO-Qp3hhR@I&6m&pHTbaBv8s zdB>8&6Yq%1C&hj!)RM1Z_iokjX_Qh4cpP;B&}s2r0s&&+r;bv#Mmj@`z~^Zsnuf zzfgIUnt;-f@yPvd8e%&4r+7W!0xAISq29=cqQ$c7GXsBoZe&Jp*5_G|kJ)fi6jj~6 zY(591!iDpR@j1J=pI;a(2-Wx4Y`^S^fhKGFmlPXp1avU6MXpRWkMcvY^3s$luX3#X z>v&Xr+ST&M3L}zcjzaT38m9o!^~~=WB5mxIKMvSc8@~|GEZwhO$?40erFy#7Hf7$( z*v;!>wt@wli)oZ7(@4O$hZ-A2PR$=ih}_Et^PdWpICciAcK^u%EY72~e{eX;^~dU^ zx9>zjR`NMqK{(V4!VsdQ0*=LGzDRmPYATnCpwS98Ot|j0H1S}kSwGxa)S%G&J^L^` zmtPHL_9fcbkC4Ta;=a}?!h(s1Q6dJZd+-r*R!f}=+}e@J-v4@<1bnNFs~W|Bot1ri zuQODqyuINqS1adGS3Qj4bFdT;W_=NlqY|Y8CmRDrn7=gtQQ@>t}^Z8q8M}|T6nmo7~SlH7h!W=q=C-0|S z_DKsA1-K)8kyBN-a>N-OP;%K9$}&z3(zwS-e@548j$y%el=T*0hN{(o`@9c-ihy2q zJ-a{Z9J^td?UAt=&fYT;noZsUNvM|Mbi9A@0AVvENF{)5e+ZlaAR6$kFR&LMQ8W6E z^L!ch!x6#`T9cBm#oO!6es0PKujoM*QkPwLi-D_6=?0@#vLs)pTs51XZDMd#s@0~Yhg9&!{Mtu*c(d7yDHW$fvb&R;J;>gYV`pr8n|d< zyg#Cwk^bU_$5?9E-}aL^EI)x<$S82KeS`3>&2k!*3hI3k!2<;*Ug|e{90Q)xtEdz) zN!CW*K}cH-GyaGT#$w99DXbDf^ zzPuCW@^XQ@{>z`9Hkd5Es#5#?m8-M<_;s#MTyOu>pU;*>YzhGigd*;b*R>Vyz=juHEF| z`Mi-`S37}P+8FD*w;m-@9VK(KZ;#hz{>=2i2~`w=I+v^VTc`aLNFf*O}&DWXA(dwEXAUIi$R5A`6XMdn{j zO1K+yNZ+p^kb;@rPu(Zk%b}%O(zR2xY-adediVIXLmoQAIl))>^LE>c^e5+$GU?@Y zLVNfx8hQ}|@;ipdY1k;m|Dy#D4M@QgY+y|QIA^cr>=k;$j~wd--%$|wG}&`ZFG^%P z1kMKYcPd)ZOL8>SJ(gCM8wg-P&{~|p8OwncTH0@#RyxbM88ZaoCLjWNI2>jAVzdRY zAvE%-&WG0mk}^?zfP!?&BFqW)U9ic6_^LY4ISQ^5@+SvJ0Tk^SKBo~bC&!jnx)|Ye z;EeMs;vEx|kt3!fkk-t-w!2K6-eT-4#>sScqNIF^j2rnxe=0!$5xF?4l-AyfQHW|k z6%WHpZP^bOtS#VXE>e`)(^8qR#-F;?K|sQpeQaZ`p2KyVWiPQ`WUauqLw}L#WY9wM zDt@PH-f~2q)-+J+S{^h$jX84MAm+Ckzzmw?`!(eF7PS0wMM^$>lQtp_a0 zO>7*-q4u_}i|yP_7^ndB54#+~H)4~kTB322^}(-w*CVGw>E4Cy`z91v2~D;<2uQCK zb?^SNuciF4=$q!WIu3Rw6PDBG?HJElI&>r$1RpXw0G>Nvh7WV(A4`IcFWv^SG#G4O ze&V^(Z|k;K9oS(w9xtyZ6JPIv7T{a)gSu$vH}C&isy6QrWHsy`Nm!np%fp9sS^MtW zf*6V9+kKS~EQTN@H95$a50`t3`rh}j7bc7*o?x>```l-m}*i{gHY@Aa9}3qT-dsp<2Ed+g73(%$_btBoikP^8LUFsn+7 z7#_3^fX#g=rQy&5dUv6YQMcs#3l8oMRwtbD59xM3?pNaz-wcfSUUjG6Q=0{(;XZ+2KJ#O*VGi@N|4wDTIGji~eJo}B%So(Arx)FgYex=D=2|BtQOiaNL7*GM za%!IEPq1x{L);-4Y5d}P9rv^KruIm%DE${ToiVtd(8)^o_Wkv_@7c>}TuhU9Vpr*Y z3D)pBXZtv%CBmv3S1^_8qzh7qJee-WM!_@?(z&m*Kgfg;B7-BxKg#sY`=$3Ij@~9| zUOfK`OJw|#O$dZDe?=BAs8o2Y4I2|V>%oP%b?w1Q=9^=)k4d?|qo;8bS|}ba-j$B0 zyUigypiB1KYZt%j=BlUCHaWvFSOS!CFP>bZUMePSW<}g~rz3StkZlslzQj;A9*frC zZR)=LQ#Ou0VLX64V@*}~6dO)&S5v0mp59u0>U5kQ0^OGNULpyNmdD@y~`PW#R&2_w7Goc{G<>iZdfwYMDGCA2|-*zLFJUe(0 zy?v&^)$5TFPDr2Vfjk-MbdB08QhlzZe(#)^S%GfSi`4GV|^X zrBE6-4Y?vG%&|*sy?)vRKgXriTRokY+;mv?gX#77 zVqi~FH=NivY%uqe+NP}gqYDRG?x91^1Alox#x$miD(aHUhkg`C{#H!5<=3r1C@jr) zap8SdpTBW*T)TT!e75~F>H%5T5joQx&H>a1lPC8%$L>Q(lV%w)sO9`;6aYd+ zKoE&c^`#Sdbs!iYpoM0_}d#gJk3{5;=7%x5CpW(iyH9~iR7%=iKed4}8&8iK> zgGLUjMNyJ~agKii*2ge#>!N88P3GP}1L^u=Xv(%`}WCdRhNG!Ntq zh2KtqzB0siN$%;>W*?g}DJ^3@yM++H&)EkxvR7#(@aiED1*}tH8wN zWIGRER!}xy=B~6Tq=XQmdx@~okuZkUqn3Y;)=u&rojdc`H4}_EH2p0hp(KD7N-YOmtKV1>GG_P`tBhG()2ne3 z?khn5xhvoY-qvKR)@6Tt#ZLdVq#Vhs{4x<>Hs6?bfdXPDU1`=9Z^4vj z7>#K1Y50m`bJ8716)YU5@~^NC!=+MveZ>2GS^4F-Rks>c{^0GG@Y!#D zr1DmPMV^_K4p{XG6~Zi>=Rsq>fQ@?QITXK+O}{wX{NRm7gS0SPB=Aa)H{YOc-WP`PCFk7w z$U2}@UbJU2o9ekkMp1JN!xf@+oEx3zw~KcwoN-y0e)iw*1`u_rqdF#ft?*og8xXw| zl`TPxd@c8cZ8K28#jg=taI=g4<4Er{MfoLbWO5w}=)$hWw{jb=oNFV>?$5n-0Frmj zxvVRa^pgT62{Vw<@?&^8$L%03{zU~@X5Mn$ z5k=t9lqbCyOb~?|n(y0}#S}t+o(WhXBLsl0$jqUDAKfQ^7V(U@ z6fkqTI8>%7kR3xcNU&bf84c*tk2ZILGKFHGc8zg&X?X^YqEuV|LSmo#h!mZ1slNZn zL?|%w~$_zV|Q(}?;!13nXepZE4}AP=BS z7L$9sK-w64U@JNiceOpV9zeN%p8OXmJF0I4PeE&&8n;Go-_$kkU?fD?JSzV98+d*D zC8+a2-n%hPSjctu=XWRG(h!jZSM7(g6@gb%@yD~!y*K|ULcR1v%GO{|eud2mMw5mB$<{Y;$q~#W$z#2c%lO# zHpWn515;H3HliSv!g0&sj`h7X9$B{sgM)PgQL0Y{cJ+CZYu0PM!2>>l!=>O;$;yCD zgxeQeL5_CG^Ps&Dd+>{B!z|WMa^dN8tiVjjQfQg@?BHQ7gm`x7WIamua_3O3`^W7a z4n|jHHDkRCGN?XP#T+?=2|>bDNonQF?hQy-{he?SF2fKqgNA-Jq~kF&OhuyhqLxn$ z@!ozBy;EmvY4%$->%6f>J-t8XkXz?bS|}H^*`aoD*^lfKhe#3ITSXF`SlyT-HqRJ{8rHR$~vCVxyw_g%=5#Mv^f!jYkDOD9w`ODrLE`J@R7 zaSzxs+V0zS{zME4mzz8V`_ccvf5{-80;0fYA;Sm1iL(X4K=euIV{!2W?s|Hw0zpF4 z4X48O^?q`XG|jcWroE<4?RIa%3xdil?rF=R?zdV|OyLOFIwVHA-GzT^(pSj&w%7}1 zDLkEJzgRKpI7z=An2YaH_SX5X1~`*XNK-%EACH&zy;j?E^l<2|NIcXb<@aPB05#p6 zq#uW!flwvmxpg%Owkq`jgD-`&iu3UyImwa+%7a#aRaW$h07bvX3jlfuRl$cJZ)k2x zlD&Q02gsb(>qywI)4^gdW5_HI*6dJOU(@?}k-D#qYA=-wv8Mina@e zjE!Ay-QreDQZY89sQSyR%g;ckFC3FFCT-!32{xn<@oRilxeAF7;wm;}9MWu>mKay1 zT2!|g_)?HiY}tmG(NKnlR3VK{XNSzxE@>b_%UMZ){QJs!@zpVArRd@)D(0b@tDM?} z^D!_E#$q4h@1&mU-+n+YhOWJC}2M4Ba1$H(;zlhe^YpaK4Qo zbzz*4WR3+LTOfQtr=`1U6)fm5frHBXqi{kf9NyO{UY>S4&RX6}1!yMma=lykP^|Zn zJT6%pHoKSmec&(Mm(QWJ0;X{}YKru@WU=Vou=varXQ}a9e?)0c!n;{_kGt6D9)zh4 z(;t-YSoiYr3)m7@>-t$Q<2<&nb8s?=pST~lRoCd4?Q32)=#s@E!tV#X%cS1S6)Wy| zfXAbFM)lPy3K7I+>-#(rOKY5)Uv8Rnfvb|u@tInh*K+AudM74zW4)JAIM@$wQw<# zC^R$jnQ4L5(kkJmFJfPMa)db?U}?ev(pUK(aOecvaITT#H@3 zb9(73qLgk(155lFQF7r?=^WPGm!U1zJCqUnv9%Q^=4ASCNuLNvJzkzzQX#Tzn)r!y z`4(f%^XY=#lZmX>>_f}@LAYNE>(~>^VKy|H$K}I26Hnkv2cqAPYZs3Ykln%%NEh@F zJ#ab}SDO9U+6PK&y3)ARrQ&nDJPwq|A^>a}eCaAgIW+NK?aWQ&=Y}+`ddQxZvG3;h z<@M-TQ6E{DW~?tLUhz?*YUEKFKuJmH9}i%1>fSUd`8fDLeJ=HMMgk^}fSQGeg?(btQ@X!KP7e2^b}c;Io}USm z=PLW%vW4?jMtDv4@nXFBO5HEsO0yqV+YS(sWwxyN_Kwd^=3t)adU@GAsWnI#Z%@GZ zBW^44KyP_2OXDLP6}Pj!h{kAnKW6YRh?5nk@B=SfR314LAvjLI0^6Ky#12fJ`zNB% zVsuOwe;8LrF=BkOemPNLO|kpi|5~_*b2|ic)p_39`Q4=j)eAdm`xo}=)`w6rp4I63 z+n?_8Ch_-!Au*xn_N%g);BfCVg(ObjOX72vIc}azd%&$m>`}bk1&9sdC@c@CDikPD z_Fkd-JiYBNlmSV=@jcz8(!6>Px;fM&(YRhFvFCRMcT`S+?hvi zAA1OqJ-{#qP=T#{lJpp4V6TGhO2nmH#NsdW*V}DmI2LYlNPTV!nH{f>C4PZC=2+O= z3vT%u4hMAg5Zy}Y{2;>l=8Dru*)sJSV%mOXRgpe}U|BGde!|ju-1i7|v3D4Rn_ZPg zMjosu9I^N|h1*q--@MUB?uoBl1{U`@-#JHnIGsJA!c17W7HL#4Ofg^YK z%)Z9Xn6~#@ooZ&2fnIUl!ql;473QQ@uC|{u_e;K-;dJY;*N`4ZeC*fV$>fwjKQIe& zZVsMOagh*_c-5sBksQ+-F*Mj6@1QKX&Gg`KOi7gB%ehhSR}00P6f->kC#rV7CX`*4 z7s}Qxcf*BTGk8YK&L4AUeKb)rQtn3#hCZm=FZG$mYP0)Mm z%DqD<=&)34>aZ?kdQ@HvVuGzi$h`Cq5h}?kR3u|;#P>JL`ap9Q1UlbOkYin+CvZ24 zKYGWjc@!`>6=o=5101FDFD?7bp&s*Tp=*Yewkl?Qft?m)3NF-%t*eL|<7*!7B?j{6 zt=wc_nvdPSB&|RlK8QP^nlHxl4XE?kxBCgi7M;n{e&;oGuKWMb7qMk%gIEr8#za{f zA#Oy@82H#2a<68O7)o)|zPc&)-Ym?hHM*WG=4HcCT$AoonPZDa&c;qXTfXSPb^Q>q zh`B$W!#qWRdrR(TbL{>8G z%kd3~!t8>Fi07|SJg^859qg9nDBi>ZAoNS0w$eV)cyMYDc}j_(^V3Gv61orF5AInI z71{Yg54O?T@iD}8qC1oDli!RNu01lL+zt3Pw)^kQ2|otzwc%S*`&CH{@Z*CYPsbfT z_w()m0e_GtnvcmkNYB4cMRRc11Lc+QgD2elAaBb@8xOpH-_Kra!?3PVbtlvP<+Wcp zc3rU$_=#v%DZAPOzV)(*-wWf{bjc?Gq2C#LI264d4%`0uBpK=BSbnj1Om@5}0%u22MH4zJFd9agxEqoxgYCmn+GpWp%S%0^n zh;z&S`~2&+r=dd&Ljm^8k!*q`S02Aui3KPNWOjd(@aM2!7Vu}^EfsIXs5@6GH1?0I z7>UI47lFLqB>m3jrn8Q5GHWk~MmJ3{fPjfk<5b({>Og!7JqfNthhX~Uir%@(mn3{A zh<4hpmh(IEa6uq}3f_Woc{fWhtCz!%q_byz`Qou)Mb6%k%>j`>ZP=&bb?z4^|INSM zT*#BBM{w`oU85Q!Ks1a7MgsHy!#J9x=X`f!Iy=BRe{$`$-bF znD{b4tm5JTPTAj66k3_V;3gfFFY4}EO2%6PkXTBQnES@ZvEf+aPagNS-dR`Cn zF}Z#ts7`Vhpwt_R?NoHpGtgPlo=mNhnd%ka#21dwhTo5|O}bDfS`4drGwrB2eijMm zO>JXIcn3#{V&41CqdiP*j@Abx-8D;-`=X)$zN$)})q`*VTk%?l zg$-&xqx8J`dZG$}2bR9?Crtj0KHNJ~hIBv3Go%?E@nYH(K?E$Ax=tK{eai34A|J4h zP!F&1Z*gO<+!t>*!~?`s`nBEr`L-3~GQ=DpSZZ|GuN5zgI|EktUbLs**m*$5)jhr+ zOJR*BF~)(!?zODl4sr0>u>dkF{^%?>RFZ`Ta9`tJ?Pa-1cirw`K!IO!qu3w5%{M+f z&sWtl_uaoh-uj+qM3^s&+)BBx#mw=A@F9Ad}Q#0~|Fu}sd_Ds4oCi@e#2Jwef=xPLVH5vhh?O7#r(>YC;+Ujc1^(BV$$Q7UC|yp?Po&v@v|#K!_3W zjb&2kz-EMe>`XtvKYS;OUmAx4((N^8yvw4R2xVxB0I1@ocW}3-@*#?e{-T0tdY@G) zb=1f6Z<)0*!9v1trbWy5re6MduL=_+E^E5$i@!`JgaP>-xTz&a8;FxQkOp`2r(lVb z%RhfF;7(ii^^c_U+Ex?@qUbN7Da3|~KoJ8R9F8}uS#(_LLvXCL`^ z7_uI}-Y2lLAY>RJBFySpBR7CIpia_HquEl9V{DjMycPUweMCFSeoH*d7guQaO)TO- zD=n?dnOT(z^r-hYu46@Vytzl4Gek(*nsREj#meO^*k3Dnuy78*3{A(0ai^ncVYBN( zSrqkRP|+9i>%z&!U9s)6-Z0Bwllw1LWj!uLlX+A3?#FCX*iyqWtWxjYesMmJdt+*7 zU5sR;|COF=6CggRkeh`!RMbBq;tWO&bq)%JVS2Di=wBH3c#_npjr#s{t>nY#oZH(j z{@w@DZzw(A`NEmkhGxsT`>(R59cV%4V<3g%rteql*ShX@GLVYN+{@ijZ_5u-;kvQU z<+(wIeJ*TR46U^G@ZYguSOn@HQvUQ=E@CYz&|6VBz!TBUh z$Vb6|+NDlo6)9$Ys<)#icP?i^g0)Qt`ntz5Ma_Xkb0~!j-80?>;v9cVlkH=-jh7Dr%C8)yXBW(-)+*84)z)sZpO0Ry` zA||Le2rU1u3`(lnk@#E{&>KmHHHWbNKJc+Hx8mWlG|QErQ&Z)j{llLYCs7DfW!)X* zyTrA)Cd~@&$nJTf{HeF+N+lnRE${*C8$IfiE|l`zgNX!AH~!Lx#^T$?Ti4IS;Oz_K zvW)8qc(${&T4V<*`6FpSu!si3(z^{eRpTu{*C!z9tqB}%H0)3fbjAm2i ze6Au>zhOa8U~1^XeNIFe^C`|5#fvs1^N9A8;xs9Q^e!HJ|BQdj+0>+`$9bCfWYM2h zoF%vCp6Fhy!}ynMWNZod&)_hc^Gvu`q>!tl)zJ&)KIUr|I4a-d1&^+DwD~+T#*lkU zx3d)~SEG{eU|PkT(K0Og{3(LG!!^Y#CQ9g^0_-gm5Ym_w4sWNvC+E@tH_75byODUQ za{D9LYWqdO-_$}4l;#Oop)(A3Uf+Zs!nr9|sxHZ}f4PyIJc?eA76@6O8 zc9`mO1TR;VRLSTq%6Uikh9jYL^(MTc*!zx^vqq!YM<_NLwvE`d48Ebi_nXE;gZ9Id z_c=h#@{28T3ew&@fAL#CY)Q=yV@qY@-@&*q4YKWzH!`D#mwRA;Fb;*XekG=k+}Em; zZkSxKu!yWI9pMMCyxJ{4K4sOrVWofX*QtmO-)j9rU*3QFjm)&ODqPAJY`*;XaFzgA zun=4DujX(VUh|JGx;wk1=h$i;PK^1(B!W@QF}j|f@u6G+KgUaE+ZkLyCz4aiN4EM_ z>W9B9Mz;sz;R7t>OGws-(d^*%AnOlbtj~b=Kv*_yEmU_ zQWJ|WOu}*T#1mxz!F%s+L9J2984oQO%yZGM5`EBPIJ{-zU=&s#UV2kc@*UzXo{1+0 zpQxDoV4vY}SX8p&lLc4HGMB}l+kTs#s+~tYJ6~Dj-*d{?G!*8<6IMJ8-y1c&(|qMW#;o;D?ge zd`^up=N~3T?dIePFJsvj=kY<-9SV8a$HYuNXO!(|Rh)RJfDnY5?@twpAvlEu2rW@e zt-Ki&C_Szq+?I(J-Y12Q`K&#ydiVtPk}^_BlAVib+xrk^Y^LcCk%az@V%UE!%@h1+ zluy9>Lhubpx@oMmfC^R*LrSEe1jV_1ople~wuFZpq`gtCg0_>O*;EV&|ESBk*ZCL- zDX0vm{uVXDOmW(kv<{3XR9$d`>xE~i*Qdy+XZ656-@<8Mwkj2#iVfGp%gS9|30^3v z@ln`Fo`Q8cD-WAr)>{GICZTGx-)u&IHPU>VDMq(HMekRkL<@JVzoEcxLqSP{*lS|l zJk-a88lM2J#2u&XJ z0|Z-&vwh>!u_B-7CM3r5yJsYT3+h>)^TtYUtW7ORWi>L0MMw5ry{95dwp+``O4|R6LdbLM0>D()GX7W>LJRkAt z`OdqBCWm|Qe5fzFgZ?9S=MFXN?@C$$bQ{;YTUva|j@HaHERU+lmyeMy1^0&XP2W9Qi}x(X zi!MmLL;K`VBe`6-#dptU1ZOy2*2swUU-qr^$J}gIbVg^~``4=~0XmH9{Dig|K>^{> zQ{x$9`My+W9{Hi+BuUaEEN=m4qC%bZj?XhJ;)Ag932mygoF5&jX5NP-c4VYbMg4X; z^Y{S1^sSDTb~;IWoT61&2t;HE73~WUg8W9_cV?jB75B@@YGQao9~>s506T#*x~mYl zUoKE~(lT=M52cao`fgq*IJi4KeF;@suPh2qsPKmJ)eaXxgnP~nJ$d+U7IqUH(GSIx z0~_}#jg_nV(x)wgg?wAGfB*b7BJZ|yVuoILPDnlOVA2hzsOuFBqy9488@(Vm;@SLd z6p?*Mp)Zl5Nr9c2!Ebzd=!_qx0dw^Cn=eAw_)-5>+w4&9b`5gqncJuNHSELDFKn;RjQcZ$+vRNgWLKU^!Rf0pgoM9<2-;}Qw=K(( zH@bUTJ~}?+u%MzHV+kJ$qT4TTo%8$Ke?!uha5JUVBoyzauG&YGw}+R-$e5H5(aFlj z=+R)#7OPd&q3^TA-Hj2H_4+1Rn%iA~z=t;1%r)}u^qy9ye@fiXz9YOPiIbQ6MBbFC z(_-1#{M*M}F4rd&q}C!Q@^$%Woja{pxFg$}AHd=CXtW=P?;eoB1ig!`w}@hXmz4FZ zIa*g*2EGSLp=)2LO+QRPnK-OF;x(My*n>g3ZeVP7ux4WnuGE(tyb&qEyF~g)gF*GD zGF|SigJj=d*28kzLx85^y<_FuY$Db(alMOYn4X6DTswx)V&)LRU?T~1aYIWY)621j ze_T0VS(gv?7d^T4xA_*VeMz5tti-};dgMQou&*mlkhjYuK4FG^*(fE@V33)Py#;G1 zj4Euj#Col?4;q<1MGDh8$q!%EaT(_yQ4#XRC`lv>@kFA{+nqc≀SQF zJG*nQ@9VgKaEZb6Hw4lNQ6}?PJGXrb%;T1k@u04+X$&+t51&%I^<@6|B=%uVOQ^Nt z@e`h|HfS8Q?@UVr3{=Qvcqr0Pkf7IE(au9=@C?H<(H%AUUV6xb8-)P1|CJE_7!8>d zRUT4%G!`b?xRUt~@QM1Yf0ttVSbMxN>z5q8=^q`vx#Hb(Gb$*a4u4UeSD8Rp-#3}J zFJx^wxj}J$R!T)(qE;JJMDu{Gc@CoLgT@rJ&P6u?lB?pkFqYi5OpAM4Gz^j!H9$uX z8&e!oiFC7KzvrtW2+GXi+9Q0d_w@XF69tM>*yIsrx8&KNMKBr;FVa2JM|KYK-~PF4 zu*c|&`&?gG0Fuojk_I+k(ZWPe+tu@SW4+p|}z zlJF$=sulal)!TDK^i^!ReetCp3)p-4(|_6XEsTC_*-`J`#(fPy+Vz7fu>{kH=W@ss zRF~KZq3AV@UH^HsEW!y~>$XQiWbu4E2;UXtrJy0w#XZA>QmgYJMVU!+Gu$7b_gUe< zYS&2^6}Hgrzo4dJ`?01A+79&!W=qYlF5xt5tR6B2=t#GjJ5s6HXTlbg+ye(ID8dc8 za2I}d1q&tm*j}j~p)=6aK0+$Y1w((biXhi>Q*T+0pq)>8=2V!ZYB@#3(#K zw(WR%T}6^2#|tZM53vKx*S=*}?Sz}=ug>i^A^GGntp--vW-(fa%pXNK`Y^GykQ!tH)oUpQ3c665APYjzBbOvzC={SA&y+OAKKTd7} zEoZ8&myP^W5(h?H!4KZil1c&P-5H)MrLfNg9qN%7o4S&B#Z zh%}@|j=P`@`PSjW$G+DaK+2>ko2MZ!qFjF%~K=|vdcKx`J63rK3}_*-S4mH9GT+j@IErp3)Xc8U-ia#;LuNr^DCo02Q0c5 zX&sY40!?%uR&tx&F@y#}bB~9yBZl9&YCa~Br0X`(QwF`k;jqu=_tUR%ZDq=S zVbOSdK#S+b(5l41T8t^06@kZDAyYl62f&2!_zgHQF0b z71%5ndw)Tslz0GzqUIIw9}8j+pR<`=UfBag1QE(7J?v~PyL^BdI9e%AP)`x8&~?H3n2MlTI+Oa1$SmI zD8hr{a=2gdsa7QmP<9|sf$l2YzVM$MH*#F(iIrg*oDH;Kw!UbQEyLQftq7b3`CQpk z82sHOci~B)Kz7I0oBEND@4nzbAiuPYrHj}+f(k>QIOg$NGah+$_H+XoHHBd(1}LBl zcs>33IsmdHZ_ieINUzgLPp+sc!J^R%tmJe-tgGY~Doj~2ydK6#NA-wpOhcJ$8@>do z+K`)HwKr){9*4997o%VN=MW}rK9}LVx(TI!$ZzMKw7d>P_i0AjEL7=}o?3-Gmp`Fw z)|@dP>^sAT095d8H19}jp%Hgq&kr!MdR#}(AE18o>>~nWMNcuz!~!gh2buBx|;eM^$a z3vGHpiw2?-klfZi6RlA02_M4YBgeD(E892e|Bg|k!zO#+nWYD!TJ^J#DycTU>aWDC z36^h96OJ$&(NMlVM-I~lepV{5=Ol>}L$z5xopW)%;n~J~Ck7Q+KQqeG1!bLYBtIJ; zY?F;@dn|wBmSnBxx=&+x?lg`E--|YxnO;BWm6OxlvqWbv{r5pgDL8WF_UU`f0qt9C z)o%@lOL9>6EUQ3Y`12pupH`2H@>Lf%lmo6jk89qV1GFXPN9`WLWbtMVf7eMds7LdP zDe9IBhTt5aOnKZ<6nBoL^FWuoH0*&RzZcNaoB+u|OVNb|7&Mk5v@<%lLK61R&{Dps zww{tF1cMhC)+=5CT;TFMV3`)@on5FHeqOtkSKUEKT!h`u2%#oSc(u)&wYSVuY`^Vqdf}8{XkeHl$tya)|KE4 zG#)3<{;Z0>M;6TtG=ArLb-eKg6Nr+uoErLK#qod{h-r(k2a3qzs|y8zuupx@X~OP zeE^_UF7Mc;9}zN;uFQ8YSfmzMdy{DzE{mx}d-fBnD17b31FEVngXNB|9JWkTxxqe3 ztbKc$TGoiTd@&!63+;&>mHXB!2u1XRI@7G459jG15u=+Lr{#qHv(P7R5?anR?Ot6I z<^4ApxDF{T#WC=wDeIlST!W|BL&vMc(6rxKZN|e`Z(Gfpql#~(8`%8KI&+{ z&}>bz`;CYCoB{jX?IkyEWxvoJ*2gap_055tJf)NC3651pdK?^^lW7{>kHQ&NKuP-q z{|f5B<1R~3@^<@r%}?~z7QTM2(dm3h1$0%{Y0#qR!6y$< zNGD+dR*sQ%pV5PN`UxCz6TJCGtI)Jq0e!f^HFjT_pFQ<$Yw>fBXYu;Z3RE1rVPjA9 z%0G#S8rYJd7-7Cd=d_iJpLTKN>71X6#5=!IT7ZsuoUW(0%n}+q-4Gk2Ps?hSf!dg? zx?|HwT6ap3+2b+@5+z(O(98}$dF1cKop?{*RR5ZBW}s9h8=nQ{Bh%inr<>Bx|8Wed-#(THMU(s3ZqUF8$7NwWV_36ZdJ3x+ zDa^s;0R`5ok7IQL+Mf^3Z9lceBX01z;NqT@>+_YbA@DeP;L`tY50p)k6D=FoSptv# zK^=}7ELrj%=N6RYzN@K2e6|Zkey`1Lz=2{me1=B}u0C&1_`;3Bm&^NcX#)Q24-d3D z1bEW%$No_RBw*@!^h3KZ;5^JVv(9P{?#LQ5)bNopQ;2-G`m^;p3Wvd~g`0I`5x8Qs4~@&&e!Eu2?Q^=`M#GEd@EtEblI`;APj$=9 zgKVXf>_@0AY51HJZ))Gs6WO}8m@(sMOmr2JuXEEbEyXxA4!YlZtO5F&hk#G@2$tHm zkY?!qAjo6jiY(er-P{Y%H*1d6vN+h$6b9 zt)G0b;mfY51cCI;efC}qt(|U0a0-gmgh50^tFR3w(E$d8)*X13Q|Ybhe7o>1by94h z9Wwej8A~2ipcllznjHM*yoYYNaUIL@XogRigRQV!d}*QhIWW9%MFVc2LicfB-OY)= zqT2oO!-`{C-0E>(NN+WHV4h6}Lz_mqcb_J;>?p98qoi5Am+oi)1-RjGbEcIF2zOs! zz;F9@2V!5EMNF@I`-Lb|T~!cnsRO*UUL}1Ni@r1X4_OBS|18$SB;)u-CPSfyZ}!=Smfg<( ze0+Fj;-^JGGJd=+EE??B?eX}^qxS#}2E8EM6~Uoyh9IF4zpz=D$Kk}ET5O4!bX*g= z?w+rEkjd@qr|NLeFsAWsz%aF#o#=dS+?#wo^~XkdO?aL3vz!5W*(&{TCSONGg1P1C z3No^?)P(kt-{b9Jw^#0>XmCZJig%J@cdFc>?2MIjxOT?hN&RMz3i&t^M#eLHrL>}PIa9*(5 zFD=p;oekQjJ6WYnNI0JKg`Bd(^VSpSDHP%rlJRV#eE9kO+mm^ThNBLf;tv)Bq`nz%`GqIAPYA<=ao!`-s zk)>OVj6Is)9#`i*t`mK*efEbIaZ8FSW}?DYA~6ge>J^FG(}Vt9ZUOR^NzzS{`-Wo? z{Hm$AhKB;pko)z5-NkW}06D4g!$lC|@!^axI>dDp@4xIQxi9cX*W&$xo|cpc|19ru zoBHt|198PbRfKaspB_0O%7Yo4!;`x0A=ns^=m9|BHNrH(f`!V7R#1!C7AzS`Fz$w< z3Rk%=7bsnNhBusaQ9@=IsK~gq{wEMNrMENFdbt-KM z`ykkU2DQJ|m!vzykp~GX2=1~&Qrgy@fq3G!LH=Q>Ll8&b9L9bdLASrxWIuXA;`))> z=-B+lBl4$r1%gE@;Y3RZuWca1eSm{k2?Wi!HA(@25l9^Dw5706DMo9hzg$~B&CRri z$K!P(Lv%cnVEuVn^m@O*-(`;PKh_^it@M@W#bd{_#B7}Gbz^O+Fy@uVd8jmitHa;6 zlZYV-`*3<~KdvB#P@KOcM6^UQnFU0%Z)jDOlP7mw*9k5-5iupQ|cxntn(~YH-0tTfpS?|nOvJ7~9 zxHX@P#wg5WB%vHH>+|{%zotzE+emyhxWuPEcZA)}xsSaBIvY6%u4k>GnKe6ym#8LT zm$#jM$GCb*c7~=9!&g%fgYcTcyC@24s4gM0Y@W3y`_(gF4=h3Z6=nCmY53ld1AvTo zzR56$#|`b@(-!-$_Khv^R7iJz97j4!E~?YDszQ{^*DOBK+(|n8jhyri%`1>!bE@3d`OEM{Z|oF?fKsy? z=HA=)#KV8JT5rxFxP<$jUW7CNC1l1zsKeZ-x$sfCsbkq+4Tw$-psLdzz$j3gpEu>U zHqJrD;Gd0-CeN!*pe*y(W&@S75$f&sP}?IxR8=aQzrZ){`^r%2x-;K$#f_@N6i={- ziI05Dhwk=9+vOE~haC{=mCihqGbqTJd3{;|`m5g~VI;MCLvwH)f49n`$v$o$zR`U7 zpME_U+V8eelcWWSY1Hra$Bp~NZ%@f}_}SNprOQv)ZdN^`*X3}st1A;ag12Xhi9O#C z{hHi*^GCxux?ZF4fCEEjFuLiDV1u6j^>WO>2f#m-+#k zn*1K$$n3J#EPwa}GmyniL-p4HMhmtVg~z+gMkj_lE4-J=+SobW^Xth2Hg zCjn;XC$MhF08wr!E>Svou^bZHR&y4djB4WoWSMN6-f^x9I_)rzV`u$bTchne9XV3w z=6Bh8n?}<(=ViJ2C$wl_q|qRQ<}_W4GEB5kKD$2?vPDu?;&qRPh3`#hns2_o#zUy7 zRmwFjTy9@mkIj*20P0$kh5gl-IeCK;Nw?cwF}P!ZGPXej$}1V?V`9VjqRsf=N$`Jg zxi>#hHExNMHBT@u@_*%Pj8^nGQ3SO<0AxKdKh|up8G@9sY(IZF@_bO(_Ot}8H(tMO z*6+rP5uAmpu+&o$eT_`og6TenPk1&j2Bi3A*r&utzS;rWx zoI~o64=rZ-6y%m4?T6{B-e*C)FdPJq8&hdb)iDXd$!J;q{{Z`^Cs8rFMSoa7#|fe1 z*`6c+eGkg-ieK+SFhzNqmT>%JRY(?lA_-9%TUF1ZTTJ|PAvZ=ow)~-d`R_2{Q^xwF z-S?#5hWaWsndR$e_)BF&pk@P@+KvRMyL!5&Dcs(Kr;wty4$c#mlWYa&xa@cZo_&1m zOGT0$4p-%@$i^A_GtXi#&n2$C8`8xK$oKj05mHiO65rLZYmo8X%c9!fm&E}l|5%hu zu#cQlfoGIZ=kZm20djYC7syJG`+quzj`io!lw|cA^`+62vqLr$aX(+~`}{o5ZMDDs zD;!P#j^l1V6uw?Um*#v1DqSjR?^@4zjODZ!#$%SY3CXrKu{Tr`*XX_#q2Y0>c^UUB zPQjx!U}Ns1K#NZ?D}6AIl6(k7&KOlNF=Eoc!Z+l!3D8552kpsO@N8?SWZ(PWbWRRA zQ%b|BMY;As(tdqCfqw9^AK%BgUiihz;x;hnADWWHvj_B-VT(?U*6sKCvL}0VNxtkF zE#Y z{o+X5qmTN18SRKW9zzodA3e2E#EYy*{Ijygjg-@@a^P>!0Q6OgzY+gsA-cNFRauTm9_<9>k+K%}265 zQVZE!SBr7L6sznqJ&#L>J^_X?RR;VGt03YrsFqvuIe(ySz2y9fI|*6t+chI_kmOXTe|*M~=)EU0+DiC%Oigo*6A)Q2oNx(#@VrH{ zmi4n^RZtxq!y&sSBe8b`%}jWQXjafFptF ze`}r(y)D-Ywx)jtdG8J|80vKS39GjKjS=xEE)#wwl{77ahzPUGs}DIdyyL#q24c5R0M`aX+R*|8(a7T7mt1*L}~EP4BY%-ou4M8X!@rA|P^?S`ATGM!V6QO2qBZ6e|2vW8 z`6D=h_cJhk<5VHOkc4sLqT~9ah+C(2FZeFvq8@1|Lyw?Lw5rb~=4mp*g}wq`6WU9e zr3^Aj*GH+J!xag4h4#+XI`kN$U>=ftlyj+4_1PunvwAV&ehs;zfUh%w8XRaCOC?|o#%6$)6+IwxihMK z&khJ}a_HMm4;mOnXY^Z>T^^GSdXKA1y#!d`6~>6p=%VwV*LwY${K*On=XB6-?iZ40 zsNl`Ugxjo}PCzK%OSgTRI3pu=FUR6csld%FsQ z#zM}P2yc|6ABm28(?qYpZg3zh{Au)g&M9pEyt}{+JjyVNj4h3Nr9Tf-xDniXQ?jey z^T|_S$@=m|n>z>lWfu+-y4*djDABzfmAOaC-l`cQCGC52i`$)mk4|ZN;;Z8-pM$@G zaaeo?zBU_Fi~c=06T>h^{p33jD9th@YrdCz3#LBK;ExruM*G|zeCLUZ{Z|cD1zK^` zg+)+ar@uULjgOSd>J<>Fm3VmKgCl||*^?ZyH4~ip8P()VJ|OPkjzng{Sm5ndZsm85 zINP;u@b4o(pjr4^9=0A<1GjSaIK7h9U&_W7kJk=$19U&HsR6v+$FjcPVIcN&T4Xix&nW2IMZ|W+F?uTbxy8Q=Avo~`$h94VcEzm!40~^_L zfuJ?v%RQ*Xs1-kO9FSCLEs>do?&`1o6C%T&KIRL$hmlaXBJqm*F$bXV_LarSR|6^HlU#O3TW<40gPTpy*k7#10!({`V-$>d+v zYY}BT&q$VaO{tBDMsFX<`EyYc^H){p@ya~k4T-)|;^_x3$Nez+XCcL@_~RQrKc98; zaav!)n4pwrAU_V*OJ-oLSvAZE%D#h92u22kqWvuBkO3~)*S>l9K{u%?GjBjp*d4~Bd`z^=IMcqEKYDpTIl`gRDRSF zJ%N{n`^sKt3Olu}A<8(gzteo~lh@lp9*^9u!W7Ku+G7k^zkXe0dtb>?WBXjf<>zgm za{*wnrS?&0U+yoqD)#`Sfq`-n>1Q2-Ui^~AEvt~)x>r-)c>@I)>aSs`{Qd)1Aj95( zAYxl#5=_MaZjSDJ*(c>a5u%Km1n?GW#n2L{;2Gci{1tCNtRzo5{p2LQU#5|W@c*kS z5;Pt7mX758d|bnzG=hkzE^fWg9R<=K`$t$O*s62Cpx=H@X(QIX9`;ND{&7WlJTR|{ z)OmQUsm)iir;k^NpZR6l!Wv_{Ika{2eCGKU6&-C$uLDpXvD?L^FZHZ?G!|XNo@4n9}kDJ!O7x6cHN|*+s z&4w3{WkB{i{GlEaOMmYlz_pYI+kFiC?)a{}BbyXsR6;=B?t(b9MhN&Md!H1pB{~f6 zlZO6%)&1Ed^OD#QkE`=|;NB9S z$|PF_9nNMaNSPZ-_rQviBEI1+_tHfgXEupRloaXOnd$VY9<*Cf zN%iyiD=fEr7{GQWEkVJD^OmMt4U9%JAtY2Dh1Y0d-xm0OQibip4f-xr(4SgCFoAVx zf3SXr%ZL5-!V3~a?s-5j6s(2uvi5M9>c=bb!MaS!9EB&W+p&{kTq;2`+{%520T}N4 zQ2MP|4UeCN9Ha;V8>rC?qT?}VaF^nuI!BK>1W4ki^$Qih3HL-7E>$mlOVtuI8wrr5 z-B?KcVkAFjvo@*REe$1Y?4C@fvXlyuc1ej;)T z7Uu`^P+9g!^xVM>AOi5H7;aGxr7bZsM}KDi zK4;rsNZ5sB&V!ZY z`DnlaF2!JD?@Mq@BC~dw!3Dd7#_-35pqAumCG+SuFMj83ZYV5g|c+$}yIBK&;wc#5^+LQeY za3r)g3{d~5)tAg&1j(62NSVzc8lWVtovtkZav|2uA z=0axeWpH8&h=zuJHT@~1eBxW(zJ&Q@e=lxxt8~S>$9s1#yEJ={{Y(xufOKso=3FHH-i~QA;0lu@lb8! z_4|Kh7|nj>*0TfO6CBU$2RoPV;@<9}lZ+lf-qlhu(taf}{-_Q21!wlxxYk z=dAvom%ug*OH-OJff0nH~_xYQX0L;$JjwNg>**OxOTi}A#dm> z(l|cG4_;;Y8@B%MHe1K#c!M)|=TieYKmN*{dhlf->w@~=OVp<<<6ZZX<$k0O?kD=> zYzi6f?dyVdzRywL{1`q*bbOEddb3}#VCh{KU-vofs%8fJ=!|*(g-Xi6Cn7}x`2F%| zTc?wrRPr!Ccln5BUA>SOQ<{h_C%)E}^k@wx?}2+nN?vb$@T23ZZyxi)P}fQ+_%~g= zzqehnh2hj(PWmA@l<`4wUFWFbm)?)j?yvCue^M~P-G)bWRWNfgBRf1SuHHHQzM{?Q#x;BRPgE3tVIrPMb2@C(W#Vt*Uy2(j@9DsLWFroT$#Ia1Y-(mQ{ayC~q#DF$mfht@sB9Xps9mBlzYoO&!VPS6DPmZ~NzjCMx{j?yK=O;=h^$qL=4j z|A-&%$oz$#PwmSHDYOPojFg6Xs2u>STe`E)4kglPBC&K4plBm2IeafrjJowhaCJC zfcbe+5P7PG2M52OWGpWCa=$2NinHB)Ys+D_ReTyBkjS#9W_~;gOzUuc?Sv;!cMion z`|^Q~iPE5q;>Z*3seON3RwegqSmd+HU6T2dA&Sa(bT@vfa;L~Hp^A~iaSu=6n}@qu zK31QakkK{H?UByLJ+iOl@T^HyUrN^nX=^D^Lo&DyZp5CPX!kdsuknxGkLmZnkf$Wa zzDZoZB3YtUD1b2sK`2d5lzwRGE(mA82{K5w^A0{Z7-gHRi5RaeCpBkR+25--6p>T> z(bqDT6a|3_!#%LT9~L<-7TT{i0Kn~iD12%G9p-w6Ol;B<`*q%@Nvz_r5dO_bh*H_FfHXLI*Qqr9-Vn|?R3vNav4l1 z@vTYjXL8(;APVJtl6l{)RKfYpmtGxGr=m}dCTzpoBFPEh%hu(WZ67Ky)l-*U$_5Sz zm&;e>efj~xAr2B&L392qAwHn9GxG{v}Ee7}7`u2qc$IIT4c_v0qx7=1JzP zlj5@`k)p*J1Y)cnLF%?ll3vsHNx~)=IAXDw@v%WLC(^}heZa=M7od9=9lJLcOurs* zod<4IaZHNR$fEF8%ERHFRK3Dl(aTTKtFd|b2swQ&p5+imGA~K$i01U*Zku5eOsGWn zeP}s?L8@j1lT^dGyK;W>g#@@#;SHSQ@4Z&iju976e*6N-e-E~xnF9iqadBSX*DHhX z&3ucOjY-wWB0UdKMng`+HWs(_zZd17~!q9FCB%mEK>4`yxHc#%}YM)463OG5oAo0E_pj-HuG}%$HIR zo8&kUhw4}-5b`HyN7z4Yv=0Q~76QR`MfPG@65RmjJ-7bWctBcg;tOq^#RQ}Js#_g) zafUdRRpk(K1Z?1489x_3aCyemEJYlRp!xY z?B+=%2N%udLpOqNwan^+OHkdhsPNs@RYjDyWutF?eP@2?Acash7)_Dm`QU~X`g0t+ z0dWjR@mM{8m4o$@--G1j_U}!dY{8@p0%H3MSaG}bx>^6`wW5KZ0OX+m+0$c5Y_Dw19M|;82U=TPfM@Mr1Z7FY_0K* z!uSjbW7Vin%{myTYSy;(jz0$L$oG8iF8WfA<$*wB>pmfU;3f4<8!vz7NF1qP<`xGc zkbmhO_<)OcY2NWma%T%`A5s{KVx`f2&od1u?cb7%!3u`MtWW#Cz_6vmGrFecQhqtA zY9gT+mF<(Es9dKMuwbzlKKRMLKv@ATIj>?DPwT8MG^yXe z#?&)SC~1EC3SzPoTF%S6AHsT}6{g|#!H^sH=roPEP?!R5{C*P|hwk{=Ocwqj7?GKu zedLfIt)V%x+m}UN<5k8>lElj;@_~jt!5{U?t`j*~@N0D;is!;HKQ^!(#=!uXfiD!k zk@{86es- zYJ0+DHv*G6h+Dbkd}zXG>;9-5J6avC`Xe$SURuijUeNfc*y2xIQDohA0FDeviK1ll z%ln$_5l?XX`0_hWq~gVO^XFMHsqYb3l$my{Pw%C8l@Js zkgoa{d-V$IB~(HD-8?zgK8@4YItYRA0wkw^j}7f$6D2y=7Or~pDa;CAns3s%w_xN# ze1Ua`9YR7~pD%KMOa3*{;@BQ^BO^-7{ZY*X2rPptw z&#e^-b&x_57WP+t!iKN&WeJHl>M(eY^W{=B<5)N6wy7k|X3i1k(~#KJ6L!UfRC+*8 z`7<2rgVh$;#BR6mA*p*?QqB^83fw!Foa)T+@mFc_D6AXu&N!|)B?Bcpdjuq0n&tbx zjuVIhXvKMAVyek7|4sX)3#MCcqrQ_49I}`CVsPFoKLRw6=IBYU(}u71wL6~JA!2b| zB=4SHAI|&6+Ca6N$IuU_3r-o;j!;>KJgQR@36JnXSM1>qfRK>!$K-w6EjyToT|&jV zUPmkxzu%86Vmv+;!&ATkvPYlQA&^gax#e&n1z>siU}0mvT+coq9LxB7;Qhb?2+$@) z;|n*e_5R{mrUdnROLJ|_wJm|Snez%Xn77q8<%-9Xg^m*c@LgY0KYm9Q_5}|6?sLCg z>$^mu$RFfhg^vYpW-Stz@eR)JWp`9HF8CH9_!0{PmL>ZvUL=FpjfC&1in(=7l&#q( z{1?(Srt7+~IP6hZM1C*25csbQe~OB6>4DQz_$iujliQSM3G4kDbqpV(YJQe}ydJ{D zmb%W?4oPKP&dz)W|M`YCCr| zJZly`#8hZZ!}lz>uBWtEvHKZ?B*ZS_`i+M7ZSZ`fR3C>z_)sv~v$UsFE#Z~a(T~m{ zDB35jx*W-d`0IW^!WLVg9h+IP7Sn=)|2Q2@TShCk?zfZU1ZV;I{OpG-?6bcp9}#9P z^W}DbAK9YgjZL!opvGj4!^rvobrdPlMBxZ?tHP4TLHa6~z%4&Ql z#&jBEs@JPKb`~F_cxm9IX}B4FXNTV3Ho762yYAuE6k|*g1^-Bk6EiZQx~|xocvR`$;?tNa*8NOV z_K&3N+EP^8qQ4|b;8CJTkc{#s3QCe7`RjX9eMjBXRR%=ZVTBoFK+4+N)c5+mk-K$x zEZ%XS);dg(E436a$J4%6?Rt)AefBd~#g`se6P=3Jcj^u&+ITtf@-^S{hY_cP=zwbQ zrA#}v#&;{12LragWw6ho5ApnYyl&r7%f4i%LnOGNxGv;dgy7t5V*tGk&@b3O-5ylJ z-aJS%C;3`UD6Aq8 z|32-wY+c~W6e4-%L`ito7UlfzN5MsRkYHuIF=D7+YY&FvP=@cjV`E0B+ zFZhpCIscUJQTwXpVv|N3BHASXEW%1q-uBr-6pySo#vk@l@SQp+CzQ`gy&zE%;FOL& z{s@68vug-ezm>;~JMKs#kz_um?ajPPy9`O8rOY;#}D|s2T=um)hY4Q_(1%VU+XLH~PQi>c1P6aHAAIsweE|=Jt9~fdr?|S%9w9b7!U*q5RV3TUA?9Mz z0iUuFaW{;UE8Svn4~T~S(_zVsG?TomGF(~bM#}b|Nx^2*a(oiT>xVgY?$0)UQ%oD^ zNv^$&4tTOaf^aH9cT+)P!d2T$(2WEbd)}=i2u(DAKl{S#?K=%Ux^wF=1Y4X#dlCx& zX1O1qmWSrxwbab}pYi;eS>XZ$O!`Gb^_o!|rpeIG;*3N)$}Hh=A>z<@-!DoI$NlR_ zq940L84`cO1HpZMd5+_aI3pDDdjCmHvhpZ9AL&;()R6!*m~`*u=}J)cmkv=dW~A+! zLIyoMp2At+kLW%8PDH5(&fq{{DgB=B_ZF5IZ}ULz!)ZNHWywT>NNrMvAvWfY3-0Z9 zfZflxy0hW*QTXyDJed5Hbp_CpQh+E#*&_7^eM|~?p%%8MRt9kFX!p%cyx4%6)e^r7 z^Q488HXg@)AnqyG=QO7NvCSLmV;P?^enE*89)FR^1lDnYz|X@mmH_}GXu!3a;w#Dn zqO22YMyRpY=T~vamdA1R-0^!I2(caI8=t>)b~);R`%TzCFL%cq<5{=|CWQezRJK11k^}{!wLX}{ZjT>F`4Y|tQ>D$ z-Nh%(iEWU+E2o3m0UG#Zr|lhT+r#j8!4S*OV&AXpw!<2f!%ejsLP@NcmGw;}MX@|@ zi^*pL*E;R-y~q!upWncNFpazx4NDZ{!agoE2hj_>{|5*)T4nrg^S>7V(Xm-A1fK-Q z`Qyv|wDrm0d`e|SCecnEhzP2Hw+T)NLen@dWBic5{Zb!8G9`*dv`Ntjk6vre0n#_2 zOR@y?QFAKlh|G@2cpmT@BA68JoH9|>&D zz%J4y!S)T7JY1{&a&@<#ia19AGm}jqeG+NLx3z7ziL3djXHNck8hSAu6zQ^(y4pY2 z*m!za%LLOe;cEG&LNFbpaL2g_>4knX&V^4hbMtVyi;)^mE_3Ya#)Sz=t<0D5_Pg#Q zu(dh>D7K3of4JWGybjz3*w~*GZ%mLx>@Jh5RBM7_U4Jy>Jrr{XCKG@63t_>boTHEL zJyihU+G&Yaa<;376-BtG#(A~kaTXkEa0E&ZEpniI(1&|bJeIeM5bVnyO}_ks`DAD0 zOlPlMxtzN}t)i^88+lWQ{tK&?{UeROi1%%@PF|O*Sg$5?GhuK?d7rD-(c18fi9JHc z)-hfTdJ}bZK*}8i`l!}9r}j2~cQJb8kNj$)9JW2)+qtZxo}eT(JT3%;Kw|4VDG9mj zItVaxQ`up!JR`fm(~ifYf+~E1ACb{C-+I3%F*ab6U8gEgGOMJY_vfG6o3cke5T4fQ z{29;q{g9WAkp4CUbz|Z|zp8+Tne7Qk3S50Sh8ZaGV{udnVd@|Bv>H>kB(@1IdSBZD zKhF*X;J^C#Ng{-O)LB(})7u#{imhhU?Cavk`hFKG*q4xA4wu0FHLqxUbC5W@08pBA zaw2Y<_W_=z`!;iQX{&L7JaTc{n#*(^niA0kF8eE*{> z%W^{|=AZMGM%(R3K0#CmO=R|M-K`wDfE z#y7OXsaSA-R{R>D4Eb&PVo1@yqiu_bnAA2u$?wPkv3Vl`|Mw#R8xvoUlme51FWP39 ztAwJe8EU}HaKBFb{DG||VER8KaY`M&$@6RUIS%=>Vo@|i_(Xpy4iT!d`ct}c#A9XP zWdS*A3{pixXd?vQ{Brk9>Q+`j%|!_whe6T{)wHE?Uwb8C-xKzKgC}hgH7tZKA0dyW zsJ>Tr^4>nrkvY385}9M0!RdqDMIUJ|ONP{alw@8Mp>QXkq%m~o8igwnR8@RP_)E|6 z-T+0VR~XR0)8Rf?Ou=Rg1j!{%ttRywnQ^bWVINEBZ|arcCT7j{Z-qcl zaaYvuY+A5d*$kEMz(5_*V-vBf_BFs8@A&T&_~s25e_~w7p?+vkXAu_R2=!Ksn7A$uhzk_MF9d+)8Go+Bn8GBlCC%JhPPDBNC0i%6c~z8SxG zR_^DXvc60{xt`*|% zJtaO)xQ#cDGWJf5p%6D?3HA}@EXFYF{c0=Q3zew1u%{L)|8t5z9OM;w_!cEy6YWYcf zZ!qy@IQ6_2uG!^Hu$l7w_>`2tRW4rx)7g`*-~2AgDyHbN^zIikz_cYt{&JtVe7B>l zrtvqoIEiigQrG<>k7QPT+7T=~f}r~NP3^I)#}}tfYxhgiAgvsH%t7u{~WYt^R!9 zq56pzmWoNzAOf*;v1qne4mr&83f(zRwh$DBpKI&4=KY4;Z}ZVT*i{|Ia_ydY@2e}T zMSSQ{zK`syY_yYxj@*^Q3qP5xbCpEzq0#WR?s$kuHE+KMo*?>}zQxC$Gu3H7y=!rU zRz|$<2ZxY4k5m|ww+mk@PEYu(pgJPuof}^;zK2W`WOc~j+aig@U$L3HC0{6=7!bH(AJJ75{3*qjOmic2JMoa8qM`n;xOol z;LMege3~b%-(BbS?|E$Lj!uSa8X>0H&uhH4lzLA1FZ9RuzhQI{{gBo}?_2h|ic!U| zgBNHHy|%ypBxht*6#->J|K@`yvDU-2dFg!(hkO1IntjX|S7&tWn4jSI0sRTw3xSM= z_6-x%%d?n_a8GxsV{(MlkFkB(u>-tSGNI`wzxI%8++QFBLrBP;w<|q_%M1&FNpRn= zb>3szEq_SzZ~bBI5e#P&sxP~}9N-P7*RVhDXV23of?=WWBrFdlM)Fk34K!_RID?$c zEx0HgM-K0}5kgdSUw@{O2u+lqbEdey{*LK|x*rs5hj~HE`7jsn_Wg2t9D5|cS1i)P z#2hyzaF&CL8pXC!H{&Q;tUQTu-P&rpJ;hK_KD8?xtUs%S%P&Bnk)ad;-Hc-)tgKL% zox=5z3v*of+}_1#jfhu6UZc3Iwse}h$Y-K`*dCyJ=)d3R@O$)J8k;6aK48awDe5^D zw}@F*9DSa?`&{xyAa9Ffa&Pm;?I1_5(Q3@^?QuL%C2{;n^9o#!wAT^u_mE`N`r1Ry z(O|^uX|bTHW?$qv-w(w4ozo52{J}+GZ_o%jy?hPUFn9nAx(E6ey1K=3;xs!QSRnT) zr$Gk8yau3QPN+rS?u?yMN2HF*ovge&4BGS7^{5^@VWCJd@<$Cl@b2do0-b@vD0tpkvX1kcf}@u z;jQ`l?ZMdlqqpRK-|BOqrX*iH3}WUl3@yAF=^oUy>Rg%JG%ei~_ZaJl9{rGx`zhup z#>GtRLdrZ(1N_lB*F3xKZ;Zki1{e*Ym$v`l1F|>F=UrPQ0gV^D@6S7-5kKwgyzkLB z?Kp;K^L2lZ+O%vZ7ADo8Gl+N&4hDVRK(TGOb5#MQdlXH6;R8}*eRZ7Q-qnYCpI)wH zPD8b?a$^~xRm1OVN2lF@$x|=s?GCQ&OpDwk?nCx)t#3T~w>Ma{toG}S!U@PtI1T)m zmPjryxy)}_ghVZORc$Ul`YxlPn9!z>oSIOeraO-zffyn&q*M!Ia zPd|;F2H-J0R__po2~YoZ)twq-N*FIEM5A78Kz8c^Dl2QoT9OZ=pWq_eKeqj`8<*Wh ziV!C^XSz=@H^D_$UF5_uYpSh&3T)jqeeU%%)P0jmCo~To`J^ePpUv;XeiGB?A|b*N zh!>i@jw{N7QkjN#nmYncAOQ;M3In^I0RK92zIN81*4Fqs;5`&4g&@_&MU>C3`fKSi zohV|F;E!x!_;;tAErF;t@zOPt+~@6}N2eq7dl>-OvQq6=!BeM7xDf;UdH_;MxXb%_JWGkZ)aY7_<64A6_qaS?F0UB#L1eoU2JI|~ zMAsS4y*jg(OU_XF4bgoDbZm%Ixx)e>=zgh^Yy7-?d~%=4kyI5j6r#f{s7E)KN;s4)^vQ|a;cgJL>a=#TCYR+R<7r7&?_oX`}c%G%0Ia|)}PvsAOPKz5o%^{^4I&oNZ?;w_~P0bn(6?OZM8let8P-=!kSMA&=S z`y@QPif(=tnS6cShT!Uvt=6U$1#3^0J_G)qe$Y`&E{Q&Z3MzmFhf;iyF3)mJRISHL71==K3;TL zhao)PbN`q;oj$2nH%5+5=2XolQ|vxlkARs&{n@9eqra#{U2Y6KJ8^r(1xojxrf%Em zP(Fs~A=O`-!nDTWE*HCU@u~QgO2V)1bjORPHi!05QlIbHH>i{wn5Qt521_R+m`y4$ zvF!Twuk>drhki;g+cvc z$e;7$KXfGSGy_3@)U3ou{hx7h45`5FMEWfh*qD55V!vn-XRd!12LZxVwP6PVPHY8T zxuh}2!0T>h+`5nRMlK6~ZeeI-BSKvD>_Uuk5k33!rA%mGnK?8@VLTHuUweV=j>zEh zL6XN6C-X4P?WO+<2BINsq_LRc)iY56~iQ znr6Sfv#}jg{clIG=&Nt`*SZ3Fk^iXZu&8FYAz>-I$ zJZM+7Cr);FVhpf=y{}yPGFSPH4IOV)xD@GEe?uxy!<37KB4x@5|GS~AtpzuB1NubK zy&h7&I2q}T1~h{ZzkThKU??+1fg^|b0k;VwM%beWbP*<*(2TKEu1`H`8+Mu_^YoB3;=Q?R3O_e1c$zlsJIuMiHd@o+ z@G1+%V?-X7-YWF#(6fy}iia6%%M$m>%X_^20%U|IDO=U!5!uH(4J~@c)d5-OH!SH+ z3cCR*Z0ZNC-DHWA*3)njd*=dp;oRU0g|F8KUHqLH*{d6_SYol6Bk>t zsZ-V_%6k+4a?SDY93=PpNuxSBQRfq%r9;UikV-ml zJT?wvP@Qj;4*9mP|Jbg$=RJReU$*aLtJ%ji|f#j9?^_GNw9$rzJt%&deJ=RoTO9(GgVG4||lG*PvT1c;o z*EjtWC$=94FfXredcQ3<`JS?W83++-$7|u6wf6|VMjbs@oT_?gPh}JJvGrF{ zX!_R$aQ(54hU}f^x$&}r%a{;jqWE=^2TGpfCg%TKSm17&jrwr6j#MwbZ$Vhk06QI+ z;rip819T@o6NDeI-srMlESznu1iwgtjE#W0**}z|AK*QD`^1pgS z@Lr|ERV@J*(aHfd<&~W5lzYGF8Z$s`nUw7dM8kP@>N&mC)PR7gVMP= zLTdiH-;RcXw)~b}4;hp-2L`W(JW;>)SGq5LXK-8NeQ)wD$QI#WgerpZ8Q&hqj)}1; z&oOI`cr4NEpFqudF_*)dFSm358Oi{pCk#KM z6flXz;gUOn+SyZSbud#^4o0nL^$PQ!enn^sU`86;S#1!?r$p4b{GJjLu0ur&SxA}P zZ@cJ1qVzH|OOFQ0hW^LnJN#&4nDandKDJ4*4!W(^mrC!&12Bg0-{St`9^FaU%PGb= zh=OOrNAc;#zFqSZx9Z@JALg;0c@bqeVUyD&Uhcwu`{d}yJwPrk6&g0m6u<8aDY>A0 z*8d)U^H7EGb-YAn-B2rJ7LW6Ny2YO4d9Ti0HyQq1gt~{J_&FuLj-Y`&hgN#eX3guQ z=5XZ(Uy$gwK6g^B-r461mH7I&pEI}i7ne7N$mkadb@e=QgR}oCvthqMwxYpmmyMZ| ze-|K#VS>(B;~HAf2WF4(z$4@6$RXGB-eD*nFSPh*k%|fqVOUpPd13(o1l%eR5)z*` zv(Z;Cy*yewek|AM9-hB~tQU_`q*(wr(_#8TS7O*#`Y9^!t_AnFDs?4?yWjT+^vn|q zhp&zg=vM7r>0_%MvQN&YXuQdEC0Px)yQ39>UV_+Q+XiY!i6ry=KqD^Xd*GAYuj|8Vt{DN;dr%ar~)( za6nJyu0AZSw{)H$AzJR+!=vuo&wZ6BIsLK`K*|!- z9Luk2YEmvhX2Gr|cVB5@%057v=VK+`>ivXhuxIO8zmGf^jb3gCi2i&adV81>;<4Xj zwK^!TU$$mjl*Ld}38U=Mt5TSBM66q@Or(_IGE(hvp;n{e?!8}t%iezAo=}yyxzKT2pp=xjPv$w%Bn+?zh?W}yD$Gci_0Ltw282xS#_&qp z{8_vpJ`&2_jrXh3oO%L6!R4j=fDe5`nP)NQw6oy5Dgvjl22cry=p%Eh22)Vi&kFtg zuUGzFcEjZ^EK$Rnv3uE(+d@LG!s4B#s+X?d{n{j zxw1H5A>mZ~v^=dRp@bg3)pMfVY;WTIGl3oq9=Fa5!1tMPriA%Az0nY4)B=CP=IhVD zT6+O`+Yw85P3Z(=knUc013+X@ilA5dq-?s8-W&-{{dRXM6pV|>ky_VX6Vk2sd|0&d z?~I*70JJvrlUpxLbOUnT8C^_#>g3U|0sm2~P`>EW;nk`sp(x_Ab)>(|qKsZ2sL-l* zH8@qE8j2gX`f-4kJcT9U89dI*aFLoVy1!rxbxGDb1;NI{YYD-#B-#H zx;WZIQzE`nLN=%Ok}A#D{3)AX+U@(8i37RdpuO?8eo=?Bte-EpE2q9T(I(V`S_u6q zB)HZns>=(;3MO3aa@2wH8SNrL&YlLDC5@;xoFRHJlTsj_JaL&E*aQx;cnSbH5d49s zq-bj=@2#BQ??HJ}(|)TRy8ZF$?Qlj~0_SyK+J~Sh(iNmJH!}|$+Wa+&jA{n7t)e6F19#|+O54LYr^|)LF4Cs2F5jy^qmmr5{l4vSHr$-O8%=a7 zcxORP&G+T-turoh&(bwvJILRTg$~KS$H>9sDYsajVc@erYZ5?Felc1U`>N6Do`U`9Eg03%rDJpKqdloOnGQ*3^U_HGSH@9Y3ccDu2K5m@ z1z=xuN!uKq`si|pct2?->Ej$2L?-m&Th#w)^&N&bN93gttJuJmOndvH(9STugGSl= z63%{+*E@+{!1aNH9v2aD_dNPKy87R>?k}ke2X;J_3zcWM0}sVQPmolvfHJhO92MvB zSoPced;QK)%TM#j;?mmn%1Y!C)m+`bgTbVk7Yvo$rdzc2^f129 zhBS6Y&kHQ1{LNqUp{BWdLRJ0U#LtkpubSQ+F{0tQuFuC8;S zeEr%u5gbz%WUigbORdG9f6imn&U&ZBTsMCz3$*Zdy5CEaTqTi^40gX?d)ysY-*;Ag z1>%sVG=K;uR4Oc9S=ftr_wl^mp@ZA$(z*hC#``~ps<DT2~uuq@TsT9m4C7aherN{8tXAc;}T1T zfD$dZcrBxg9CW&+bkOsF7V=gaDedtDB}FWZ5SxHNPI1e}MFyg4K#hDP|LFrNSRT88 zdW3Hj1vGTgEuAHv1Zq`}MbP6R=jPyWIWX@%0ErJ%_H(?ly{^X>rNBFA$s)M-K_D>6 z>K6raOS7)WL2c!Id(_D>{!;;#r9Ee`o?ie2j;7b?YvdCP^Bjvbg7fiDc%EMRYOVQ@ zS)T)6ba%BcbKbR3u*qMS>cm8EJiQlFTSJ z`_5$^GAKBKFI4OGA{Zs-I)3UhQSHd#@LI9lU5lx|V&UOeH~%blb> z=DqL3HZOOHpXKxVmI&pYSaTE0UCn?m+wmskwVq;7M#LUKB*4(Dzo!xYR^879{Tgy( zWpR={R3^j($d$^|7q$|CE_Dw&G_`(@04QYP5f|NgA>_BiVx62g%f}CKq&;Xs$4=~; zcK_KM(c&q(|Ax|j-OmuA0@m|{-Q*3`P}__j-r)-+kWEKF1aX<*M`kR7@W$-p(e3vA zB|Z-~vOdN%WR_gQg0t-xZY-U05D}idRef|CkI+OIq`lb7pGO-2GVQJjA!Tw zkG@!;8kZh6(IXySznlRL{4AZZT{{RvpKUIlUh9qJzU_9k(V@=G3=my!seN~9GD3dt zgAk%0=|`UUe?D=>#x|Y24ofxMHJ6H@4t2fozXr}{D9MP{MzH}@tno2UG6BSv zM5js@wC?ggXW0kU97VUHUX1nC!1afk#a?d{9Q6yAi}VJ+qdN9rf&`e(@u2E2?xmRb znY5?dsnA(KcR~ViY#4*5`@8XT#Hhu0-#-w}6L!1fJcX08C$TM@BF_b?^2#xz=ctSM zm)z}Ze1Fz{`*v+5vfRyIM_1Fw%#_5lVK1lpuuUg|?%@Yx&9E2m6}+gkZ+H4CFF|%& zp^$jJp}4umj-U~@x`ee}?Ao-aL`Lxk51*b+^84A<^H8Ca*P`P-&Q9)orS!_>=RqbH z`@6vxdNkXyrZnzhdHyb`grd0sO8canUNpZ__Upo##+zU_f%rT*kQvoh!9L-skF*o~8GNOrREc(%U{DwO66r{b$y~ z47I;gFw?P`>DH!Pec!B+Y^YnlU~e|dJdwl?kt^%-NbPZbG0lz z5G9OY3Z=fhCau@mH1?`u)bF-9!GF<=Yf>0Pc?IG*rve}ty43Z2e9AlL`+ z(!^%t@W~7QiAP#M(bvB9_aQ!LS=3pF3&e)lW9>yfaM3am@l^TH#)CG2F9dxokSL2` zPH!hGE0!Z5ZjvDI*C1zK{izS$kKQ^bhF={hHXbQ{BGj`JNqaX1TR zx(4E&QR~mL1tLB*S4|UNktI=V_|CMBrM{0CdW++evU|-qhmdT6Ww$8T^+A>(WIk-r|`%QOi|TPstrp$ z|K9uQv2*eTwZTS$i>n|Av@aAWNTrG0M>tZPFYY%H-VM$B+#3|>A=A3wF9v&u1OV;K zAja+Jt?lm8-aQBDyrbt&e+cg-bo+@=k+s7ewwO2=xA92mS!T)rYA)5mSRn z6@EFH+^YMy>~(M3Ym}RQ19yaZK9e|rroqE$e&hG0w_LGj>27?D*Rx&!?gbq;gS*Uc zsB!3f>N}xKLJ?UBy=a$L`Sus6&OYhSO9Js(nLImccKmJ7J0BGHw8E7+66@$z{iGnh z)Y+1g1k0Njh{o&8gE@{?8_Ld>yncGm==8pSm_S31ZK(W8&OnU#a~dsg6ZmHmFA)Xu zFB0ijR0= zM{ufs+x(r6X79LpSTT@YG|OkzdQCSit|zYYQGBR<=dYc)KG_thxb`lsK0YYW0w0T; zPvSgl@&@s(EXFKXcn%+@)P`ohMZVH^)8hc2A5F?8B zi^E!0&Qn7pXg5Z`4?s>td!BsV_cBn3A9GF>nMRH7lRvsi_|wmiFo@6G?vkKPqIo{; z$J(m#sI(yB6m05l-wN%r_XOBvJ`!t_#pmkMbM6ZD=@ZoK4ubvgV_Xl7T? zGkFRCXaD8kpak>>{|v{i$7Ve0i>LP4=|%W~nnXAIeA0GASABT^|K|S?XW=`1{GYi7 zpTjWyG)Qy1(}xQ;%7Q_laLZA5g=}k2u$H!0(iRG!M;##);EJWMD&K?%ycC*}X$X7! zQ+|Cm2!Dx?!YhU!`lz70GRJtoX?ncW>F1u`05egOer+^)Z}COq4gWPhu3_a`Azmmk zT%%?@8?=#+`U2CBeHK}(V=w8tNBotBaMM=b^CG*JGw&f_T0O)V4YSt?8G8V%)t?Xa6ROJJ=tE%UAJH-i;q=Q0PiF7z_}0%h$svuQXN84Ck81`e`p<(Zu)exD z^8`k@YW_|@76;<5y6!`0enoT)RKok1^9u52^Deu+?HB4gTMuz%wY5Ka?l<_Iw~$)H zBlEl8t@~@tJ^+WL>6wQ?@(`q^5bxLT76Q7cL6ydZ_R=aC^5F*BQF(O6^Q!ETF9Efx z&>RqZ8F|}{aJ*xERJ*QhGCvNPF}b_oix9*vnHcw%iF^(Xo5QaQN_6UBlJovNca2Wr z4g~&H_u=TgsJxQHt;fiZru92Lran#~zP&u$&bBWT8c3&;k;gg3gB(`oKp4x4@ms&Y z;?7vo&L@R9h%Y`e>L!vJyita{JPrmD!cdAkl82o1F=52b$kXY)5&eq(DQ2jm$%aSd ze8f~0pQb?ow^oeb2f2a6ab;o7^;v81qTjMXpil<~@u8;MeqSDjcH9fztkaVInc94$uSENp^Cvc~I z{5_Lyk~1n4NA=2C{lODtx#3&W0ar(@`4JF@+tlIvUbR}Zs`t8KoY3b^KU@(*Xty8z z*@AY3B}jq!La<{G+nbRRz&P~C4ToLzo-H2-_zh~M#}#5!s?Pr zB`U>stsP|gS5q*3GClvQHT-zGKUUzt&9U3Rj>bdmt2^>Z0hX4cU1^jkC$fSz>=?d; zYeLP8*QVqnCR!gB0#BJT^+m=k?~WN{u!Tx~D@PU7%=^ay2D~7@gb2CTytsqOOG&|S z|3KO3lRqoiEKG>>g*kbb>$PBXMJXNQ)scthn0@#~aN+Ebu~EavRx==dewq*SQRy~RHVLSEs>!jh<8Y&&Hn7@*YfuXh_|XQ371laezUl6kP^IpAi#hfKCo~({lw(*6pC$dTQVuDEvh)BYM8@X`%)?!=JY4HSLwg2Z@glXDj}%5zJIQPa~3cd%ox!9 z(xlV|&1Qu|#0^`q+`1v{pKW=kcNZe3FI582qWpuG4%@%y9=iiU!rWLXZHJ8J$*VIo@#}bAdWN_ z`@TOKo|w!Ar#-jQg8yBlw`0-ZAK^53x2P0}4_BOG+JRd8`Ukx6P z3tmESJEB6d=Oh&O8_*y~4o!PIm&IjT02Kpj9S^(Rx3=fgDb&K-NXsVFI*U{Llp!v; zB8=g`5z@Hs#NYiYsIUhtfL87`St#ucPk4{x5Qq^oF9c=bC*8^J{Si(e-z=6+((hQ; z_}ndFvc5!u4H>7HOJBF$)Uch52ieU6>P}yXAw}o0$ZjGZ@Wt-~^4Zjct!{Jge{^cI> zxprJu=!?Q{bS*v#xCbVDs+$7^+le56aa{Z9RNP9|moH@Y@KBq@%9Jpg~7Lc zclXF6hTW`Bu1*|@FB^`7#N+Y#Smon5+H-K{Vb9f*-^wfG-dJxT31A!9UW@bjVR5|9 zW=4^Rmu+=PSS3&=+is-SthicwK@shI%2b$>lvt^hePXF@aFy9lr3O~jDvDG0*kPJV zdk2Mr9`HbJ;|(ALlAFMjVO;f!^6y}s4uSlBk%vdKv&B&M(otB5Gy4M-4-<8+%jeL4 z;dS#oj=-B)N023H=Kb^M_JiWBblA0m1c=yqbZ;8Fy)6I0;AEjX{R;1&CjQe-%Q+(S zPhw1=S|n~iC&FHv&>Xk8=~oDtT_r;4Sc_f5-&gI;IMIT|eF85U|LKoI3HMsXnTa1xL~Wf{+tB`+uI{H8{Cjw4GJOW7<2mXbO%`BEG})&W zuX%tdHIagc`7%kcY$NJ*1kYLjp~5Iw$RFtd`oxn{X$VW7hmcXb+;^|1z?sDcQ{hg$ zyQmK+EMZ6s?~A;?3cq&}U|68EsCjO&K+YR22Yb8R+)VvKb>_$3*mPQFM%&;CwZiVb$47wRp(sz6G#ysFOI080Q#gc zFLc-ywXrnahfW>|XYovW3-9oEF5t}a5c`q-W-U*q%C$+u#@aHN0#=6)(Bfk1u8MRe zFG*t^)8{q0umSVF^$&E0zn}Z*Xut;Z@#Mq9WjUL$=#lDE@l(2g&C5iBjty;` z7oV*Al1WL}bp&I1B#%pjzGH0Yag0Yi%^ANZ_F^Sgxm%kE*SYe_sY_O`DYzMeV~5&+ z#j8VS1>s&I7KTMhlv)C_4#GqL0mH!Tc@K>)bI%$@y9y_}VR~PH;>qJZpXqC)gvL6* zk9_zhvVsA%EQ8!{-+n>TD+95Cb+~qHg<(U(){m2(9gH(7B1g0e;IM3E z9zPkQmmJS7-lJZewk|~0yBdOVqba5hK@Vx2|9UlU^HT85p-1_*-~9@Xx|BJW%@9LN z)$bRhMrrqH0ElKE0ftDJy#ntCJ_>)IV3logz@%lo2l(=!V*2}j4ddphb;jj2v**XB z8y4>c{a+$V>1HAf*chSHg%g`pPnT%_Y1F4A4?cn7n=X({C~GNml{fP5@dpCTX*Ym; z9qGaIY;%j(r_J#afuT3HDiWx-@Efmf5l5oe{z&g<1qKS=@PR1c{s*?Gl%SH^t~(@R zy@z#yD|KgZCZW%}A4Ww*ij;XQZfbVcjnbUJ23sy_GR&{rgzZ z06c7G%pbvJypIm~vtG1~#ijX0(b?xj;2HVWCz(w!ROVEyc7H?r>M~b;|B%H8{q)q< z5}N6m<@zt|x1v|Gpa06F;raVgf0a?KKmJt(Up3bz^@pYRLM$<2XyIR+6a1bxKN`gs zw0%=v86~@UA?!#_L;ehw$DWjvNlNW$%Fz_VJ5Boa+@F$0K(hCZ2b4Y5b`N z#V^wvS;@?c1_~ecDOQw}d(Dl=&t0H1={OQ48d&dV4Ki`ieU0PyZY)gZ9wpfB9BzJ& znW9iNWX^Fj*=i4OzJ&gC>~=LCeAPX+eaTd{!JB6vA}Yj&!Y;$HtB2GF&%|6n&edTf zwi1S7{spA|w$o0Nbg4chTRPm6hB@!KtQZ802`p0gb`y9aCUplISTBJI$xh0Zgxk@@ zmXq96lbe5Ofa+ibLABTizz@J-K-<4Mz6z*f;xngv9}T}Y!>=?J=ZqO?sok${=j_Sm z-U0<$?e{oZGod>D?PyfvTDI?01RP<2BgB4j_2S?>qG~h_@!YYj_DP;+ipg856@-vo ziN>p(-YJ?NEVy=UOhs-K;r;lykvUU(~|U?1v~)>e3*+CN<={(hO$K+$) z5ii>(#G5DhY2Eub(0h-w6#9~q^EZCTQ3*QwvwHjy6mQ7d_i&;}S#**ks&&zFyfK=! zASFIs9(Bsbj`x=JvAc0Dksb9RlxU)awzCdZC491H?@g(F5xy?R#u%MN4L@LM!6tA| zkhEBI3IR4W+j+L`Thm_det#mzo08BMyNBvhH6P@AlMPSUEH~lVO#+JK9@F)v?BO_^ zn!7BA(=9&a+1vnOAK8))1m+Y6f>Hj+Pn#gH^$Edk&J8SaH2wud-??T4fPN5fI_cnl zu4fX$)F%pJG(t(vj&oRN9DFEmG`yc6-@)Urr^>F4{(=EUrO^jf+~WX`UgTU+hkF9` z>Kj5uDmgPLT+alnH~|C<@XUSgt=9i3C>N|*d`}N_fsw16kT$5plhv8({4NtTbkxtC zh$LS(*3ZKsyGy)OYc`)&hJ4&=rf(nLEAPSEFfJ<*k@j7F3A zJ=`q;aa_-oL00dNd*6-&>#B}@Y1Z%y_n-_$$7)`jmEdyvkxpRTGTq5nZ<(C%c5`jy z`Y_$`bT=B~OUgeTyD`Md!MbjLWK>)%&0y_&tz}z@n?pz4J3Z(OIAS z@56ZQ7wuagI&~m5;}Lw&XWv)q?lvb|rNT^NI3o@f{y1!li1{k$Umku{0b$!2S8E!b zgvn@`kQqU*ALYo9 zW_TOZAaTBxtuz?m4FkNF>Csg(;w|#`yD|M#39W&yF!D=$p_dWcQc2tA_4EJ)Xr9@x zHc$M*yM*z~C!?&mEhY2iW5tgl%Z>VM{C8p~b?TS4YZOE&C-zZtWVMueg_G zdj{R7%kLdu2kSk<{uZCT?osSDzx}F>1<>)GLRSDtEIc?*taiJBGJirneR#cZkRx_& zu^q-CL>u6$H()Q;-0yhxMsMRE*DaWFFu_PT7(uGx-2npOA4_MpwI~t<;a36yflC2d zMfUYh6a*DyM|k=P{+=^^rrQk{imI&4jQG^tqWCZ&hv#zQTtfZ`Z(~{eS7S7Z&Hm10 zU{G>II$Ui2*<+o4Xkj^#@F<+`w8aV82&cBYlTcH6{KB=wGM}D#@JRNFPiS22eHxA^ z=4p^u0hT)7eY&~Kza7wXSMJ_KCD{Xtr3k+S^LUkQI~Ztk`rvXM2Uv$=brzCEA8oH@ zWOz;@Gb4X9?Kx{16)oHwdCM~h2*10vUy-SpWcjDmAC08c96P+;#kNio`BGhE2;blA z9`TC#!7;kxT~`*xSQ%(`#95fnm~5S&E`ftalgo7+#WNg}=J#uIVC}#pQMaDa{em}X z?(xB9{!|Zc!FT(7YK%swXZ#l50Tvx85uZ|M`68Z>$cT$q82J!3@D_#! zP=8&e>2^~~y5&4lp3yETgg=HnCe~_tmgd!zCFmD?a`~|g8SQ!ywFr7_UwqGdxg+#r7d$ZQ$uiHUbju^5QmvH3)+Jq@JYZ#4@0t)9{xR>g$}h z9G}C;7%Y~)eYhi35%Z@I-Kr5fBbq)AC`K z8exz8+k;(hIR6yocUD0deHLb{t8Eh%-ZmQk>7#^hqifRfB}depLdY~;bD)^X+A&Y7 z6sA=jdn>Z%?58=t_rkL&=|TRxOxMq1orb-DIpp3Oo=aFuzPFi3M~HFWYa5mtCXU88 zdY?X4<}h4TT?BBO{sv^NQYWG~RuU8e2D>To?PC?d6>N(AUiTz~u%A7cJ&^72S$`Fp zpbJQXVIWT`&*y95u`Q8t*$A)OOX04-c~JJ4W7myQ24VX1F{VGEdmLJDrSA2L4o>Qi zFXM$-rS6MG1iUevc7u6nbzwyeFX2%-dp`WPB9Zs z8EZ|B4-=8?UbOG`g5E{eM;=fX# ze`5kcE45H>jIv5EDyahWAn+9e@g{Z+6N=~$b^5J-*WlK5&4)VN~fkn#1nfF}Uc{nk0M zmiMqz^v~3{7ADulS&L%nwesQ+z!O2202hNZ8qE^20|(bYW1nBzGl9Ot0gL{@7ybvG z`_VlZ-NwqSeXdS>uYNAM-8mfDQd;ZlxCdaM%ce+0fm_Jj8?jK9nkh2J@s8{YX-5dygeY zw3qhSP3K{I8TfcL==>=H5_paBM-)liQS1&*J$ScZf)Vf)y}njq-EY=gFxLc4;^-NE zyb#)75ucRMLF14_NWVapF>TOY7sBj*I6+2Flo>9F->E8EYCisLHztBm z7dTs-JT2KwdjIme76HR`-Z$lB^i#Plx_5vvcj_X#Me#zkoaQB}ivY}9`ii5LGVA`iDhAsBtI)9}1)%*7KWZB?sjHwX5PC0jX`fK(|_JtgYN-nn! zfco6vD(GF6iN4IQpxw8&`V~qF_h)<+d2gDRHNWYp8snKJl6KrEyV{oo3?11Y3R?5t zr6S~i7Guj1V^TI8Gta?PJl~9R9I)flSl}=BX}aod z%Y80)a;-tfQwp{Bl?X4Qg9B;aPoE(;tob$%Mx4=kxv#U#NWBpf3Ae|0G^auaJsarF zPhlbx6(d^0rZFXn&9;32GO@9Ja&luZVwTUm>C9?<_yn<@)9Y|n&o(k`FksjhETl8! zFigi^oE|?R`T?kv8JvUjl0w2UY+{A0Zgbac_dvrqLP%_EzKY;X4m_kuwv-063yT8O zmdsRDkLX4;DDEp>p|j>j+Zf*;Bnt-irNo+dO^*q16~Vu<7XuM&aZ&dK$=flzZ5u*bG<%~ZF==_Bl^2Dm`?&+b0V4Y8oe z(=9SwU??klfx)CcuczVheGR$ZIN~Jlt(WYNbto$MDPCC~>B$kJhDhsg33ohD3yof- zyCZr@00Vh7@SNVKJkZ$7$Go$1F_#@0S+f5uO$;82VB^g3xt?z)qduK zPxY*5Jy6Ybvp%EdoalZKFqO!~o19Tx`fk(1Kt%&K`ndB(prjhM%)9TtwtE_8*u%)( zyGqOWwNDtE`?Zk|fOBJVm7dg2$`oFQ>x;_%PYQ*TSEzFC+hQ=PDH( zTeCO{;vH%ixWyIRb)jJ~$BB=w%fa)U4$dMir1X|Fr2KbJbj6vL*-@pm7~E?wy#+Kp z2^M}m8X(LR0cDD~gMd>-`P zS@Z4$r-a-XD*i@5zYG2p2+Uz4Y(9(?SDm<iIg<5YH{{mSxw+P4!&8 zSb|~y!KU}=yAiqz)Q^1x0Y!R$g#1_X%u!D6;nz%_qU$&risH9kPIj8Iz!u&iSsU>U z%*vg@n7bo8g&)e0mxO}E+x|wdv*2v|NOaB+oEz2ny81mvS5FP4HlEoYw=0V{V7Z)0 z(DFpCy8vT+c86}`p66KKis^|Y+=*3Ix=N`h@ztd36dd&V@!iZ-$0UWLV0K*VRmqz; z4OMh*Hjnk$m)=Hvpcrs>)hR$I_v7vRx>LbeG;>gYw$-Oo=1f&Ref;j*<&6Nh@bX+{ zk%?wA{r=DpttkjP<3x*!;ku90MWC7Zm-xAT<@u#JJR5iT2~7UDOE3M%2$n_WPK{kd zdMP|iQ`M%yXiBeE@sLBSW5ZAGmX1Xd?=OXf8Y|#G{y9OkKA}`qO5E2`@!e@h~2M3guckjPyVN z2#wSJxzF@gHTFA#jBDEZyDo~4Ch;o2;C@^Gc;4N+-k@g9hOJ&M)Q4#FM=%6EsM;&& zX>T4qsB3UXzrkIaPq(9B9WuB|(zgbnlZae%&1{!zAe$xDEg32V_FmD9TRCT#N?Hs{ zOwITCyoju1+1>or{HQqj`=SciW_f9I@}cFJdxbS%n@2|;V18fww}eRD?DKBwfZtAM z;J)4|lUX)$=Z&<{1|N?-jfhD;Ddfx4$B&vG=>>4o%#=WrAZ0?GWYePhxH zc$|~q^d67I+_tlFUnP8;EoR(zju8b|nz_sq`N(@Os`%C(Q08;rU34I` z_2$47fx@YwyYEZxv!xsBIq})bMq3H4A%SKOZD_Tp6iOng}{Ca$DV!2E&9Z> zfHd}+0Lz8p+plIeXRvOn&uh}BP#JDBwdv@_qZjIpqX3jD_DG+j7{G4n&Eeo6Il4X%b$g-TGxVM^giHP zKOZDp<~~2`Y^}dpIeCTitRH>``L&1UV;`gAXhoFwP^gQ?`v&~%l2pwOe`+TYQ<{8$ z(7d80?_DJxQ9b%3;4r6t;Nj2)0YILxK(7hz4h%XYusN^yB2W?^6o@tzI{T}8V zEIHVgr{BO~q1-KzZgQMB#PgwTs9x)M_j#oY4v1z}IB*ibvA z3&-lW-y`PI^x!@T7`CrQ2kx$>peY(XIk%2lYi`f*IrH zkTHZVh2~8CtmMD|((P*S$(1lZh}WhX8y50X~d&}pN#|y3Uti> z;u9>1&)I?a!-_T2%6UKbf+a_u2KYO;4Y`9`$FIKJEoLFCF-vkva;LnZ)(*0@I>;6JcP&Q^zRpqdcyeTPq(eC8S(fU zem5et^B4*)=ELJ@CnTQkCI$R+FELDI@Juog`@Z?sQh6z1F@Pma`LlnTB}D+7@ouun zdGCNCAJgl6hJu=uZUqmY6Uf)tVeJ@nW2@N1}U?-UpOCObg> z=mSwED(5uhi?gSj^N^oFS|O&VZvfika3G!1?Q3zdAD1N*^hj>;0WaK(W<$sNC$-cCbsqLN@(&KJtGe-?f}to(MR-9VR;{ThC^v~a zC}-k#>0m40{bd)MxO;qTXe^GjseHLT1&v&pf$wJ-&yIgD&~xNhO%M7#l4qxjjTKEe zHfD6a%D>|$rzsDPD|n#DGchv4EBhC!UAW%AK~qicSbk|D+P0M^UG2+J!L;K z!R|{=PnXA)7LT%#dEM@wB2$y~M0+dqLi*~p=|dV|C?ll9*pia-!V}CiufJeeK45xw zVKXctb-9E_ASCC@KI*S~?(g>1NF6tXIPx^Wt`5imNV_qX4AYEBB?phzhguPMzA_|Z zIrsej&Eb!(ve&79ALh*~R%NsafjFwhh;od;#w%Yln-JUx#Cwv&6c>W+AGbY4WS^~t zU-F{A%U%(Ls?Q%%cvQOLAH^!#j5K+;)He{^``*@Ha%FhCdBXS+!E?kNj^c;c?{b7o z(Qr?%PUW<-CWZB*W zy6M2_-cwUQ+s(b~l-8`SU^{MIGhLw!-=Hn6^ab`y9W{!aE*bgc7t8^&{#*3F_##Vb zhySF3X-y!HU7_g4qnuO(cQo+;gSDq^q@p`euJcx>#-m?+uDhpA*uLcYw6ZjR?c>nX z+zySEQ59w7jhYG)W;%E!e8CH1F#bT-wASkCwdBWHT9Lz%jhV52Roa#Mr7r6)$(=r# z6=(Z^d#f5;v~S7R0r${D1MYWR^J!JT*#TJ*H zzGvZK>7d-CFp-0JEnO6AvgZ*x8feF!%;QKpIHvH-V*biZck(bIPO;b=9J#l4x>s+$ zY+fIMeigynqYj_Tg$Z9V>vDm^KSz&6Uqxy!$IT``+2@s@Aa%S-CJ&vVYwOIq9GJWa z8$uYZ4#qg!kHTk{DNY6H?@z7nC7@NnuiIE*w^h9AB>O}e9U(6##K)+`RLnnF_CD#< z4?yeB<3=$jifmk`<-Prb<7n<2oKL5yy%NOAVbCnx{rE-~Q7p?1^$^K?GrKbyvXRx> zpB_pVT3TNI<(h6tDPqVVv$*hbFLdt#-7^LuqTr=a4jhO%5yZc_{XGx2QDkSF1^Ku< z&7GORc0&uD$^vs=sWs%Ry4&UJ6D`7@dPntt7F*$x#N?6whL96Q0#b!KP>(@RAyXLLw%cK<^X5EfNBs;nTF=^Mol7gjTlDQF_2#;VHU91nIAT^k*nGNx)a&(h&Y)WwS3zV|?Es zv*DS8uh>T#BUR>%!HjD8BbWAlC6zCF;QC+O7&@MY6*djY2Yd2{9KsX&X?)M8UZ6hv z`x|4O?F)rA{kTUa{ zA6QJvH(%ZlDUdj_K0o)>vMxWNd<4k+ioPpdD#coM_g&HTTU`9{Io}gle&Tu4eM{&D ztm==BtKgC)7jk9%PdF0w=l6(M6t_w_K1qW0g4Wf5dnT6DNuR1`!Oc)v=>Y` zkh)Xha@EkWtr@4sM1U8J6-Wr*<^~vIRZ>49SiR-7!Njm1ZxzSeu>JIOLcXw$9Q`8M ze6YQ75YJG%_}m_(w|k~w1x3{87Wx*VKv@~#NvW>5M3bK)@?1+J>_(9}ulGSxuaFFI zG1duU91h+@_GY&oawepc+m{EMeQTQ3&_%*E=m(UKhbQeEl|9J`q{ zz5Iv|APZ@4{1S`~`5*8_Ion&fwhHII#Cyty1EMl8Hck=96<1v}Tq}AZUqEqFGd{#4 z>2<1FqPSuSu+a7e?B39(n8Gly+(Q`c;aNQ`qgy|H7{ei_!u>QLvPV(Y!c*V-Y{lfm z1>3aWwJgH!HgsnLcgAquL2dCjiEcSb9Be^pPPl#_#X|YXMV;LVo=!YPKp#i29$tVy zbmm@o0C^R{(@XiI@Aq}=$jsPRpN*qTECX8fsu#;Pw)okooTtgXY*WG~dvv}R!vO+V zTEfyjYuh@Y!f-_iHzdj&@f z+V|&=%WvD!<63J&e1HeWBq5|JjfOxF&vN_ZE|4MJ%y?2f)On%E3Vy4N;q4y{1APE9#{y=E{m*{3ha@zG zdL%m^_P8FLoi4p)UTlN!cVm&=NVw`_rF(~gmuT%i(4O{nAKUBsbrQCLOKMo?&qYHANdPBgrbu}7md;A?J#II{Nv%QGw=#{&M}M6 zr!a=)jQyv*yG_qvXyDbyOQ$Zc*(M@*?qItPd8bX*U4C7_zL z9+J2gvEGE2*}QW|XYC8)=`_IT+lu051J%b*(GfCHi-Utz0OJA@{5uEocshYTBf?Z4 zsLtdL6mG^t*g8;oa4e(YZjFvnYnR$IbILt>A^q8&nRjc@*YH-3r|DRIMBoR`&b@5D z53zk*eow-_>Dm2e7!<9d4V5~)%41Z3hmn8=?nkWRf!lh<*b`D~_}iui5E~1tB#oLG z0N;)h)IQ5)r(<^hM8V^xg@WbIXXO?g>LvS*`_Jq9%YxSGXVl`UP+18S3%7&k1&~V? zLYS^#&0IPRJaU=hX{}u|mi)))(&0sx7BIVEygc|}m!K~;)oZj}yBepe!qe~l9E}^v zu}mR)E#xySUlPEtqgU2`iC~&(=u!%aWk`utPKle@sAOfacfEmQVBF-b`n+ImtkeTO zSJ3n3)kkNQx8_-s4AAvn50c@2&7r}=UxU**NkosTt%@U18SL+1$}}T|LEiDNHz{pC zK)Be|qKJqtf-5poc z@M$)+nJ>NPt60%Yek(K8e#0+o$#9_Q3G(Jxr);yk-TC&L{JHue6v->rxjpKIfawF! zldCY5E6Xd0R-;!OjO8*97v}uoc@I3824_XKx}G+HaM6;-Hes0n=fg4ZO@$s%>nHkr zstO&GD9ZTydWyZ!fs5<@L%g`S;u0+xY)Eb0RAVwCJwNmaOdwFP=2Ik|y7wK#Bkt<- zulPs_^Tp^~H99xieSF~!kWqHLgGQWU5R`Dldp)7u>#2*M-~Pd(#8S-;eRI*)oSy>A z=dca!y7tC%Z%~1&SZG%JhCI>_%2WW?UW0K3crp_Mc$we>0Z2m~d;RG`g&)C(g{?w{ zZM#!!z;KHE4xNuU2VTH#8JDIns+yZ-E%l*chf&&dZx`nx>^0EC5`LjhCcOlca%gj= zFRlB!BxdVKvy|8SZ*gZQi4QMS^svB4mgTV&k1CSq;TB+fz>(K?_0<@Lgs4r-t~boE zi;gB_yz<#~$1W|sWPG;pQM?;kngA$!2$CfUFPc(gq#3Ft3MR@xc>XyQE0;}fA`GfD ziHTI#b1YIZNbe&&Q{Fm*?Kx3D%JjdHJsyQX>mS$cd1DH$G%}!4G-t*p2sSPuA`(D< znDR9^l}XV5ZRkTs{>kDxvlHZORJnIuNIDlTi74<6$CGauVxFbfXHymi|rU! zD`M-E+T#>tu#uS3?r%-yiFIW{ij>5(J8CzZl>x3=U9PC3U!`m_nKXQFkyY4)`zm(` z2I5%rkCs`A+`Ll3cFQ>JVxQ?IBFPNFmE$58<_>(F@`$!uu>(8u*KxYaJwLbB`CB!< zdyIP{0vr(kK#Eb@Q*HM(8slu2P6?O$@o={kdxe#@<;+%vLN}4$Lvo>d4%_Q1=ta|- zep0iKTsIVi<_KQdZR?|>`0~^d!Ahi@=r{igr}}+w=Nt8X>3f=z!;YDE;)_$zP`~9= zdpxKfIV>WTRV#y5Zal}i-LKQa5f532c^{HIX~~bs>$82mCnHYYcvp|^xjG&8`IaJ(>phPGByve=LKH1;(`|qtNr}>#)PKz)5NRH-lrKLVvlm~ zMd0Ut57*y9*g4G^sf%OY#|YWNl8~eetPjsl?mNCDf>!0`{Q7#oG^^L_n9IR8Ejgm5> zfIbHg_*;GjvCtkNE#IG)&N_*j!~UA3cstHw7!1Mz@+3Jb8}b%)ijLLcB;v`^p_Fs^gQNRTse&>rVqFg`bh&Z)%QVGm3|!&!R+-f8J{!4 zyxHid)=UCPEAayXlL}7c(bhX@yPvr3(5jF8E4kmA`^;q-4zm4X)ev?`07bB!67x_} ze@g$JNuk8TCHmxD-?(zf&;Fh4Z_CEDhYpuKXotpsT(#_JyqmlG3)5%bT$OnWU6BVZ z{c{Z9EVRVVn_6UY{=~T+e;|5eh9_G=EO$OncG29SS^st@crttL5@<^keX2%m36VUx zJhymvhDMedv<5ti`9wB~efcjpd1G4;Vc>f(nilscULo;&Q^ZGq?F(S1?7jmie#I@PHU%;jk`enm zw19wr9){-E1kjdn2low;e13D>-@Yf3K@RU_m-xy_P#w`YabGrZzq&VgADBP(EZDu@ zXDZ5|`<*Qi=W5p5zo4Y0M|nTezZ&JP<4P&fnfrRTrG3^XhBwssb7#Be&=r$w-UQ!g zuY!3?59M~lQX$ay7!5wHL%$N37xvq`W3crMx1L+O0oK@0NP-^G+)ao|vS!*ZO8cYp zbAL?DC;{%=Dc07lGT6&*+LoVXKR-H98RU7$=V-1zWp~c~{AP%`M3-2ED-oI^6Gok^%x@n)|MdA(E%6`}fjR%#J>)|KE!B6(fy!m)`z8AkY%K{Q|ZsdZQ zJF$4AD0s3-;f>BQdiV=VJbNq-9~V)kO^lcJLz^hisZPF6N!GJMivuP(p?s27 z@GOx!tQM35NeA!KWAYX}6P^c=n@0&kx)V6To!SBdh)4b=yAWM~`!c$Jh2f#jdQ{AS z_H{!0_VYP1ElJ^x9Gc;njA|TDCINB%vAIYVOQEzIzwi7~A^S}|W3KHJ%E0dQEa-v$ zeR08PiW9#|HtY7a)0gH=^VpwgZ6}2}QaT_#cs0N)_&-OV7;g;XNLHQ*Y~Vf?=PvW) z=yAxO<9(rZ_O`#j7ZL)hUFWqFUgP`LIfp(m8Z?g`A1 zF5vMB&n0#vD?$X1{U$xXCk4Jcp!8;{Jn_ebiJYEOUlr9~nBz5=-WQZ!9j$^qef@c; zAZcOayhS6Oxm>B!w%Jfvc?EBBT+8ptXz(kQ9XOa#JTdHs`XXmRAn}K1h z2sKe&o!SkFy5eIo?DVD1&m+Qr_~BKbJtxL3`}st7mcnAguD(O5sy^jNLxfFU9_QFU z_C%guZZG)h9U|B_ZqB}HH7VR-Pr_~EVZw&nCjS)+mTcqAEczOk1MXun+v2a!Z(j?t zu`IvyufcKm$4JW3mdm~*jLMOm+Knq8N9pSCgZ#B!Z{~R)BCrW>vp+x-ZhR!ZJgUv@ z489!WrOCDBZqKuDf-3_$=jZ{gvW79Ku>xz93i;UOPL`do9{mUTvwm|7DgcfWZ}#!1 zsm}YdC|)JO1#fwVw;7&-%&BE;nA)g48o>HHyC8;5{>Y#Bfe7en!c2J~XFRk9r3))E zvPJ7RrGNF;n+Po8I=tiw@37HX%H5p#^+Nwh1H>4n`}%ggrQMr<nBmAU&?Pyf}r$DuVO35kil^ z=T~hIdJc-tIxqc8VdTipm$COl3b(l6xhTG|efu0f%TL++oq#jG>oAjbuHO&!iwNo< zuKOIsMMZc9%@I~`o(_fSS^Zkq*B-FKz)6eN`N{xhYw8x?^%@FhK~~Ebv|L1tuJvn| zG~>HV5T-vl9L%umX1mjUnC;mc;w}^Z5g*5Yh-8 z)#dVgs@BP4u2r!|)hDtRwes8(-!Q5Qh}eMY1ZliO;p=>uLNjprG{t86&j(3cVq(8| zNBOm4rN&YuL;UbJ|4G_DAMW3E`@xv$%5rPTcf|(X^Xrsdi^Dpq&G@8s{>PYqzJU9y z?_`+6oX?@Q>PO<`O1=jMN#Qik;Wtya5eQ6TKqZwa-^58nlmQ`o1-D6m9}%%N75myK zU(snOEWdkk{)}_?eLzuj*|$@(l&Dcp-4g0~LH(=8JB&hhSsSF*o#5(pFQx7E7nxYX zC;!7UmKT)IZWo>EDOP-2_d00`sWRrf2zapPL|^hTLaYe>O;Lmow4%AuGkb93O@KaG)Bw)lnvQ)RV$~*{LwigYzpx zW|3y5yht0XTL}z)U7HpIJca|+Om-ddcUTUJ#!9~1$zS5*Q1_B;#}%lysS`n!zZ5s= zV(ypF>G9W2b-CP3l)LOREM$yJso&mD!Bo8aM0lQNzOUh?jg6`Cn8Jlm#JY7~4hRWj zESJB_*9f5iQWAmagx-ikBC3R9*u&1=pKd=ywE94;&l_y%_}?12#uwG{I7=)rYG;o> zm?ci=PG6LBYX5=wlBjHD0*PWlGkMtF-dS-Ji7LHd{T1v6oLct+T`GT;N7VzHjSo(J zh==YO{`YK8PwxR+tj*I4m4sp0pwoTX2JH_@*VBh*w!!0%3spx-Rv@K3}~<`#Zk(fBJrC0Y!QE-4Fj(QRs|t!1{sUxGB%af`gA4qy4l9 zCdzj$A+F6%iI@Fw-&gs2&b?0d3%<_5>3Gv748Z0Z3mhI0xyjv6gsAU3hM77X%J&qn z$)?QTh6mdPD-<4n>@>1HX60OWAAGP!@n~aq7TkrKXk;w51XxY@VdClrlexS`wM}(B z+^3Rps=cgWk}eC_Wfz{v2Rbn7hmffTsmk(gxo-thkS~V*+dY?@F(asjEZNfqyaS9y zQb@d?0F2fjLOnKc$u%-9*EY;Og*Y{bRQ{{CzuJ zc{DRV_F%=w^&rT>WvD*KJ0-w38wM6J9klyw)+WwkTO0B)TAu5<5yEO8RKm6j#QufEJ&yA`J+VE0?<*2g zrf2jEp_wSfRV9Okj5~c+gNwea!;1n|5INbv@-^Box@+#kxn4MnWfG?x9jz}zW?ke` z@mPK2Re2vFH~y{K!dd7_8BzPqQH0WX>;o_ z!3hs;icm9MRaXc86FX zY9Yvn+mgMk!}4}E`Nv3;^2?S9iH+B$1dV=r-ZL52c=>cGLK#k41b}`o|2C};`#qz# zhB~1CESI*`Yn0)Ohv1EHK$Bec3&J-@8`)En$L_#x&u@KhZ$_ji;3NIi$FBpc(9Pr9 z;#e)&9ry2)(byIn)%f>=Kht{ysZ}dNM$(-Qg%|bUdwluIgP%E>p*s#QIUIMCwA}30 zIdZ>bOI=(N$2?kV8h=M&F}VG36d;sxtI`Trqaq^>wPQ`U>`dH32&a5_)BsfHqEH&<8coUXOnxatlS*YW3Q3M@s43G1TwEHhY2T< z93KdoDXT!}O_Ck8f4=>rmiw77v8J;2y<(vT2=Fuh6)5(>Z@;F=&3rst0Glu!v)7&5 zed~rW4X~NyMHW0=?xEj!Mq7K2)Lqul?fPPm&uM0(GH%=R)H%MAns899eM*ALZKW%bv3pL*qGs`qW^cleRa$Kw^174LQ^Uxkg%ua|wbpq>h+@IjoWL^$={ zMU@W6{X(wo7a@&gqCz_|YwhJ=rX?(8^>*j}U`3nm`Bb5d&Yi2ELp(H>%<{$x?gF@D~XYzy9e zOjht^fZ$6Qi&!njabJ!c2Hdq$heQ{=uFEVNcFR28;;o96$REyV`qEr8T#_4#Kj-~A zn$2tueSKdCV1+2o!DZh5lw$L5`9x7$L8Y`tm4kuzmJV#Cqn#cYk(-=q2Bd<8_aJZ%w;G2Iy;IDvJ?ktIeCJ z8fG{mKBIpD`QqCuYWk@m+`q5gy8M6%kx|^Y@pX^4TIH+lC!J}Rpnsr8p4iHhb@|?A!RQGv^298L z*+q6^>w&)>L_N*In+Z_to^?)M2(rn>!JrNJ43SiN9Iljp8WZ&_^3An5U*E5{|HC`A zLX{rRVz>6dKz@4!l|7_L$M}=vHYa;yhA74g;r#C4U2a^rR&T;9-uqkYP$}-KsBvI8 zr5LU3m)(a{82P}BVTro;4Y==YU# zW1kiqa$NxM4r_{MttPh{Q9rvtkZ;DNx%NhpHD@vmFGcWLRg{*%e zH*+VJCu1oBWw`LpP3#Fng zIjxC>SZ|dU;jCv2YM3LY8DUc|r4~l6>7V2wV4svXoLn7>ONI~|4&4A5d1}wWr4iDz z%U!0whi9)@s;p6H1ro-uBr=IE6xa$UDve5V)U@@uK9@MCKpXZPK*!1{4 zA3~g?>NLGB7WX@b1>``UE1n59p>GLeJe>>0ol1&G4SPW@rOD;>mb&B`6%})Qxj(A4 zq0koUu8NMqckEq5_}Vtjep0d*-7@8kzA*o>Z7%nQ^%FxoYFFTL0(&S<@uoR;31F*o?hghdt(73HTelXhhq^9uudmt zm^kQA_6dUhc@TI5b#Y-!VxQ_UN(7)xgY13Sb1gCw%e-D$`No!U!@s{y0DTC2Hi%Pc z-VE(?Akk(yd#P#`{-wLI;={VKZ2dgl_VD@Q$5Z}-JpMJajy8 z)RQkfcV#O_@L(eEzu<0~vSO{=ki#L~mwWw#bvOxY(>AGt!y&1jr$~b9GJdLW z66>S<@-)9V)2~pfsqE18NqzJzm=yU1g&ggK-fj3*7*_Ken6v%rWAa|pUER|ij*dSiJDrVGJ=B!*l6lN!j|sgq z&*!62XS4T?*;Kve+bIh(O5Un!Lt%y)coSqZhE$pptuLVv~C~6CaFqU&bzSBND5_ZoZBhJjk8;vA8tKfwc~;p(+C~ zdbbyqrFd#}+l=V;wSIZZYHbniR4@7E%{7IJKm&O-5u~^23$xZKd#h}}M?~&5<||1~ zoIT<-pqkKOLphw<9~5bOkP`L`N!t-Jv{XxI-)HfF5sAV~`~Ik2UL0}iuG4&);A5wPdQwshqJX}?iUbJ z3AH%#j$gdB=E#5UUaDAV(L?*jci9lNoOsPyhEwJE2ey1_NedfSMgNIu(_RFME5=3g z1bY%S?K!@3*z5g*v|)HJfixr#5n{fXzIxYfS&s}nnfTzl(HD_^ZvLxO!|aP@(+XrP zI;pum^1|ogkCq*wO}h|9zWYo~Y57hF6Hu9UukVnLlZW#W_rx!?q1pBpq&}C|cS@;R zDD1TWlC4B8vAgC{9%k*0`679yQhDz7>WPoS+Icd88B6xGe+6pgeP=tSzHS@kpB>tg`MFm{I*8e%q zMXz2Tg{wQ%qx;#SE*avgsC^I8H@(6GO(x6lCre8KJmcG~Yw3mwEQ36Dx5>GGzlz9= zyiAT{%c~Tvzma#Di0}^nEPsBa{5}?z^HyN5KSL!ez2-L-f0@MH-CSSNJF24m-l2pA zu|oWuB~O$h7B}mU`3sfk}F-+S{R0AV7wmDQ%bdUiRJu z;WWO%cOhTypTP`Dai_YF517Y<jSYU}Qv6tyFBlPiX%%rjjSXDi4K}=Os1UE`RwL#{SyQ|B{gur{QbFkqaM_d^> z5_6t#Cp#=Th|Dj>b;?ZmE|{b*UTA?WGqFw1)UCT)9m;9K_BeR)(?Y-oF|Q_fP95Q& z0Zgj->bSysfL`@ExnE)8MlkN94va`k3xksx`>X+WN-_@!J{#GAb#u|bDFN^+_SkKV zw&5$0+~zc@!*f-7`;8s1Umt4s8tX#+o1<>t<5XuWz3y~bDt$fn9UTP-Kzw|sRIf0e zPlW``OnU0Lj9WL*y|_m;~;b1jAaD`lgJo@SwjwV~XLUaVT5R zzEM@#lKCThS~{7TJ$MDMPdBiopm&^}itn*5%m_%@-2CA(sY-w72en$Jgn!!GS31?t zEK-6G1KBb5!(X^SrMd0-K zE0Dy#R*<6aevXN)4|x-sDhNEtoOE z2=Tgj%C)TRW|5rgeI`aZj}`lMcLVn>ikJGbefP!3I?uk*Rj3rH`xSes1%f@^&*j-e z>!y^j$E50$0$j$E_xo_~6l&ASIZG8G-PIQlAI^IhxZ8guUDuYPN)-Jik?12RNkAkh z${SfF=kWEj=~=69(54ZKqUwYlxR48hb77nl&}=?z2_QN4P|CNe$#6iFEvB6$7hqDu zk1`Ri%`)>7ZX$;-4n48>5p~XO!mhVJ_<>u$r`Q?dTeR=7HwxZtQP{}E2Lfhn1tA=A z46Q%-=>q*lyUqQEpt@wfAHqIo^i^iCJ$4HzJ{D@bf%A_4FHkkVz6|FsWYT8=C5gO1 zv?)I8nbBXwx{VSf*VGrpLg_(}`zUV+xewEsh3XaaM6(RtIEcLl3xCW6xNSt^%!)Ou zbyBAuy76#xF3WP4%CO&lc!I29MCZ$D$h7z4@5~e6uiU{MVlTu4yOdz&wAn-fiRrN@ zy+F-R+1*2RCJS1-d4ht($#Bb*3f$v@UUyuyX2isuc5%td*}=^w&q&2PqAn|A4w}52)Ha0 zEmQrJzTEABaBI4Veg?U%bAN=fmh(lmQK}SXR^K0}={DJMAJsguZ;5IpZT)G*J=q&V zXHkO2@oI4qR$=K5=ifK_yiXdq!6)Y1-rpg_6OU%N9Y%g~--!pw;H|3VZ>xl` ztR?}AWp9vDb%poQNRyTtXqGM z(_3>vrI(+_`J-x?EpjanOZ8{ImDZg;ix>BHhkuyIY2=B1{6@&_kbqJ$!R8%@)I=sq z!gnCs$sTi`n`Q^FJD=;sN9ES(Kv>G+4$9#|7`IfRMm#`*y*cnH+n)#cUry(nGODTW zB<}^%HF)!=Hm2mDVI4AXSmliRqV;HcWL2^k>V{ySr4-ON2;znD`TRVhOR#V6js!U! zhH#@jkUGCV@yY<{p6uHd1u0S-U0ZolFIskChXUGoy6Cvz+yA8F)I#PO5)f&?Z^z5w zdZu2T~o?rL zHul9r4$2taP~MT%K(fC>>i|vR=E3jH^YJCUM;24cR!eO!E>7k}IRk;P8K^M+uCOwB zo|@2V;VTnS%pH1~QTyRYlb&s3KNw1aq*MxE(52*=Xv>vQ@n@&e?P*WEF5fW-zhlF{ydI6`BK{xvI;L-`qE(z&J$adwAfRW8GtIi zIXeH|*IGGU8YC5fkdqmx<4f1Qj)OO7Wis8etByYzDEiA@KTw5FKVco3Q;q=L~a_&skcR(gRu%fHfmojRQA zUKQ-BYIlglT;RxKXdbfGk0Y>qs9P3~;MX%&=Kq|=QN42%%=M*0{^03!Kp?hg;^OJ& z#4(OWzw(~<+v?tvI)B|>H~Da~Q4|!EEd;w&$vik`n0MGqiUnHho`1(BjD~9{8I>xu zdgWW?{CL#jLx%o%!SP8M#3$kb|2|#azQ3;iKF#Cg;u3k%_=W+vTiW51n*}T_j=^8Q zvs!<*fmN|MN#39C^y~c$rv^}6_8LQbIfmv>5EF`fe+vWNZ!&U7hFE#pf55~)9uk|ZE!$<;PGLkW0_Wf=?wK`0H_m`nd%EjUfN&n{>#BWKYQ| zCUtM{_e}a!Jk_Y9H|J2B@`+$zMeO?o)qMOVC7_;KbJcyg#@BZOXnudSK`gp#!#Tg4 zbE7cpeI(SUqb+G4?vg$+snRfRr$zPY@{PCd^vyY>??{#7T)#_gmAQiEm%=7Wu12RR@ zRHSzfV^m0w1b3f~($xWDGkq!%pVvPy?%R=;58nKz4mHpr5qvXnp&#U|-eHdlU$Z1} zKNw-)Ekhn|aqOqLp#nj8RHzm zfY4btUVK(3i+yu||C4|wKwbV$X%fl?5@_Dm9}RgrJJ~t$AA=?S&>BqO7Wb+l9j{Ku z^W&8L02|fbV=9^w`)&NFPMze}|BmH5Yh^!(HQJ@6?m6egot5=_G|vcH1#zD{!tX?k z)sfC}en31Ttm%UQJd_hacKaWWpx{2`o32;cao@ow)bk#A57A<}!Ep zO8cmzdmFy=(TN}A25RkQC%2M22~UQCz+&5Ae^5-wG=PciOCu=vQIz#noW0fO{cW64 z3C&tiXOF2i;iS}~Uv5vvS2>{R@2Ub8K=KncD3Dmf;l??2A;Y~{Q@p?j-g{}+So1~R z89PAX9;-?_+{f$o66qz@2-0d+?N_7Pa?@PDz1(VGc#O&W0+U>Buo1}y_Dgu5<74aL z1kfB$nQ_j^LSO@SK^?-O*H}LKuCAM2UOb3%c z+4km35E2E^q^xQn{aCfVCsNg8y%0K4zH4~k0P2eXPI7%>tb=A$BRh%5N~t7@kV1R$ znCV75gE|$fW9^NoWb;Mx$Hc9V>)~C=df!`OdpR9i!$k=%H5T=toQt{K72>2jRmKqd zO0M&+Ng!QhsWvd;ysX;F!5PKIgCU&z1PD@sWJL?n8Wa_!aws3o_rfz8mq9t`*tz((EqLV9BBvVwpf%M~P6M1)b} zMZ|AE{}l!O)p5`OlbePd_0cykyb9axHlKg~6+L@*Il}vD^7b|NQ`B8{i(Da3EH&#Tvi!L5A@4{@U2pG@DwUKGDrKBw|l&9Jb9HW>_x zXzXIHK9u51u|ch1Q=r@G)K)HR1hE4ZxUcBxHKYRdTS!$Y#hdwtz;rs^8)7*7vL9Ot z-Mr2Q!Y*lQ>a2_$g4%Q)G~T?qGlwe`Um(iGtnZ5^9`?OWx-}rgRU_ZL`~V3RVrM7-YDw8!V;7Xj8EAbZW5e0pa6(y?PCw z6FeIduS2o=w?exDNOyhDz7BxI7@WlrzEjXQL9n&oy$Y&L3_}+hl)u^A6AjPbUG!fM ziCh+!Ils%3L3LMxq*J>EVQWLvW~HQRPj==#&YbaqclEKaBm;dTXw{@or(!q+Tdh7n zG`1aL&qKs-0uKWQQ%TJN{l&5Suyf9@Q(_m?jeRgM)g^As?+^QqSBGN`vUgiT!*NF& zko$cHEa|7iq_DUXw*z&OHC?@aYL9nc(~zu`@^XIf#Y$5fgxH!$a^Al54)C+l>Ts7% zA8ja|B<^@m*ehGC5n&wp-{R3jI>vBbA1jTCD#9J84!S6fDNyb}l2YsKmKa52zt?iT07jbo+(&Fvu9NFy}1G}^z`^(l;r zpaXZK%{2G7X(>8)xP2yrq~3W81tYP((t$0yuREx>5r0}c65^io;T(J zqWHnHi3hdT7o-CfESBF0Ydoa&PGu6aTfg9rX5%ALsN9{#!ydpyM`iv_Isbui=RiEr zW#3}<4(!VNjyWit;LlfDVb2C;%BJb@u6J|5F|{Af(c8yX!&hc}UnOL};VzbtJTlsRt&=s?fs zs|^QBIN!u;RqQom?`MGhGLrjZrz~Y;L-XjB#hLA)7Rb<`R#Yt>y7u;XnhG6D?#as7 zBwufmeBnh7B2M7;?3IAUeQQv7DUwl5w#r**i6QoNFIO({S?Su+U%vyO<6wUg?YHtP z3g(2|p$!%(Q~A512}!|rI@9!l9y)K+IVM5(Eu2={i!!ziThmrHhGux;`x$KoY;hEulGg{dL;$`K->c!B(MQ(i6drpaG)Anp$~<&VFH ze9MN_&vGo9K`J* zTR$i$<4RdD)M}S}&l_YCA=cs@)f8c`{sQ$XKq32fc=o>N9=?N4!8C`iV&i==V5hsF z=XwIT66alBhAvSvHo4M=dkeuw{?E@`Lqu9*vIdlV%hdNTD@;g+U)n1Hd^j!9-h)5C z?da_BCs2=9?YXY_Zoku8Bvo4q>8Q)wKAhtlClA&%!Q?AJ{Qxe-w&O65{uO^X`CB~g z8B+4|))|78sp~O^3P1Ne#_9eAQ(dQw{VJ#5#=sDvZ0b|db*XaI;^!}JdCqtq^3T@? zYz2xSc%0-M`>zl{K5>fSdU5zI^IiA`20S%omm^+3j-xCO0^gGdjdd(#W*JaHvJlB0 zN+7!sZvAopa`E}v498!_^2D^jx)Rc1^CPSiXW{kl36^b$q9rUB@D6m9nlPkE94uH^8nd-Wnk?d!!FziAEvQyS*x}LxBgj~AMqs#kppvR z{piI2ZQL)C*2k%Ke@KNEGR=?ZU-|@Z%un~dE2{TCE0>1(K``?KccZM9w)U-T3iUNEFXm%5VbJqG_L6L?F&viqF2h-~^|5I%Sdm3!Zs~@BJ$<_Ywlac zXX*MPo!@cr>DRTY!2&vzDkK$In7<$P5qjev=A;+yYWuE`_~ebwIc_*reGi$TD*bN7 zEoC)m4+r8=gJ_%K&hP6m{IrXD5MlUxUt`vCo!{mc=&!MT8jbak9zp!y7yG^dr|9lT z08SyY6Gm29qPIya^7$t`Wbo7iTMr~chVd)QSs^bh>W#b;f za-_|^trLEMfi?KZrH+9n{ZuQfgEzVeTP6qUC_-?GP^`Y*KuD@fNM`g!xrIA7O~@}V z5CA#(7d%g;DU>Coz@-9u4IPBz6vrL5hcVg9vZUmor`|p@FK}?E11vZIaF>5tNdnB` z4v(yHSK_aE!jqqrXi;xLf#mT%p1uN%B+qt!q`^$tU^0ewZ(1AGdWDY?4-?@Kj?~5b zN{Q?ze&%`(gRwy^zv-GM&KOREq=W4yo-F4Ei;1~8F&FdlR3H=~2WOQ`M4A%!o9_!6 z-_FX1nf*A&b@Dg|Uex{-PKYXHnL9xfoS=9y##m62>lQ3rV^@+e zWVmWym2I)(Loh_DbJ^j}v`My~*BE zy^n4-N>3?|rs(Qh=NK3iX@-HNVc6%dD33<>(2UI9JnQ)p9IF_v7(HPU0y&P>L)jU1 ztMTqA$9c<`tNPSiAxO!!eLmDzMeQ4+-TyURnQgxfFiV!YmaR~#2|mS}wLQZ_tRjKH zjMEm($rIJ#gUwTDIS&59oSiE$UlR&bvc>)gGT2`V^O$pf8Yg|}#S(30^N2;%`OJV9 zgd-FnPgXVyBY$83^-oHJcfBwDSEZ;A|Ja<|8*f6m4sW<1&9e zy*SknljIhDU-bAyXbV+be;Ev*&6QaS!um98aNrLbVC^xv_UA(|eFAD8!t*z{m-*93 zZguhn@S~bl%Dh{VaiO_%k1LWdWkoaTY}9aK=d1SU+RMdi9a1$mS?9P@C^@~?354}c zJsiEQuX?@^LX00WZ%^0aGJSt0e3?4U$12!tjVm(^hKqqnI7ooNm=k? zd{QtS#6Fn zZW(jV+&`dsW_aEn@!a0+hJ3&lW0-E=5ZZRBF9oIm{Oe0}9zHClP<--o^t4#~Su`Fu zp3bn12)18bRNZQF2uzFTx9OiD7dyDXG&G$GI2crCpjO!^5Rr6#pU;}I?2m?={{0KR z?Hv2L^3A0yCnr9!~@vEL#!b;b?&Y}!8iciJ!phBI2&tybmfy_XcuvYez#&>lcA_(`ev zh7k{oy+H^a_;|5h+_GlZMS|nFvKpU7}0rT9Spxe9mZdych8O74(Dr6=8n~0Z8X7D$(QfiQ_T((`UdzTR24zb={a> zHW5$#!fnubz+y*CdS%9?gF|3r=R(GqF+i@qkl#acj-D`vNClJp@zgnXcg+VOwXebp z<(@^7yQED@}PfPTe4e?2&$-{tpRE4s{=b*##laYIbHmOfWD%6nOcPz z-of@B!LfU3=I1d_G(JE|w4A+ZKZUGr5g#2CRd-LhjvfF5sIr9b;j zpQp&>$4gy1ODd(rc;13wh#|Ftn(6fW($%W^KF<61hF=+w z1TxBHHC7Yd(_E;)>So21PO&OH_!LHl$8}#hWgHu=-PihSnm=MFchVjBT{Vv`tl0P) z14~mJM+PTA%`(<)ryzy~XTRMJ%+Ehxi>z7rJNsIA>T@VMlpmynW5Z@$Pqm>YY>NFX zK7c3H*?G@P?Z-MjEf!Pc{4H4SzEYhf*O5N&UQS<(LKS|UgrXh-NGYl#OQbc|mJ!sx z1c!D_Yu=;j{lU5T;0hv=wufXeU!T^i+GQF<%4qIVzrw7}GUyM)VLAEkYJT%-nT>hC z8ABSOJO)PH7_ zGV3y8%dS7eeyUMcz~lF8!a|LI;|H=1FJQEgGjQqWEN8D*eIC!?VTtLUb*9~?vrY@V zOeWa&0e2bDG=27&%UM(=YEAYAiJ4{$&}*i$XVPb(BL5$TyQn8QJj zf%t3ZqgGp9ipO_#m0sr};K^)yWNm$}bBJ-|=Q(oyQklgiFvrZVeg6|cf%-#v zZSq5WaV{r6k;Mz-jFS5`6Fw&JPj}JFzY!!Y@YM}@QCou>B$6IR#P-8or&iprF>m=`-B~u0InOUU-8yc8TJmOEgiU!9=Y_t%o}*)@;Y%?; zHl;_e^)NTuJ*FoOs!ityKaBU-y`IKaZiq7%M02?B|I=xcJ*T4N%$`fRhDfXc#~w8A z%A+DWBcGbZn~t56p8VE$u+!lMpUv-b#!F_906+C>rM>#o!NB$fL$PVI3x4kDofJJf7%KT`mk$ewyR^p&T zF)iymR~>kKpK#3n+~eoe!Bvp6B@pCACa;iPOYUc!!todm>>kN|;@?6h>ill9A4g+B zl(b-t=(iW0aTe^VM}rm$_$IPnyZcN-YXVI~&sLkIgu7VJY($++RF zAGVb!9E>8W=Wp4>J)l5Oq|WfsJjX#JoM9ZgJ*QE(HsRGTx-2>DcZh4S)U8)i;&Y+K z-fz@tN@Htok2R0R~+20j9m>e^n&r!Xne|-$4t@1kOV1(>j;wsXQB7_Y1Ry;Vv23)h6 z%0*zQ^og@d228w{z4IeNt|o3EGV-&!el}}#6(B+TdQN*tQj?dYH!=3`A8XFJ1yjMB zTC44WdIWzp;|BvB;7^T4*ckEmV(cqrgF=A)+wYqKu%2-Lx|N9V4C*pRWS0>e+>RgU zT^*sMcLe4jd$W_VoM2bmyN?geEtnU%#Aps;7da&n`_V3=RUC!XAr5z`dkK-iuZCA=aH#2X4`y7@heP z7Cgv~^LXKr%YTxMXP_MbZ8KbPbv;7`zuBVrW@@a?X#M$7U1X8ZPibwFxW5vRKeht> zO0Mw-TTVr&y{>KOvoEu1A6eE|UV1LUd7Q_0tu^ELck_*ua|{Ts*4a z!la)rwME-Q9h?;sX1J>>to@dz#Gt^3WLFFlk`u&P-3}DV&>jc!1!wUdO6B-_qVj(& z+fXV?{;7~U62rpG%jsl$e-L4H&+MP|=rT|28BbH*9&~ZYT&BTOGN-$e-w^gi zN<{$|-}bNj_e_P?6KXK~ov#e2SX|^hgWEmzoj4uzr~`SYi=tx>dr?u^pS@fEgAUx6 z{W7Q9O(2(NO-+MNHUM(qh+LVQ>+&(y7Z?If5>zxye+QFNxc)v@c}EY-dleEhviGA6 zo#*YF{rhpMS5xtk>RYSl)dQ@a>GFKiyhj6wBzeLN0|?cAb@^%0)I0ym*T{0+I_(Dv zkmOmtbz4lVOqksKGnUL;$fBXqy{pM6pm;?GG#Fwr9kp&*tVRLU7LPM_?E4<_Q0VMz zC^%9J47=kpcKIvwp{5+Oq5Y19Nu>N(b?wyu?#(NH8!-cZ-7f@2{kmm+Kbc{W+plSA z?&J8!M8gIz`~>;>Fo*hXO(oV-N7C1Img=F+bF^mY;*EC)pVGH zTZ_%&gEzxuqf4D`{8>Srk@fxShi9uwsc-M=3!f!161EJsu0@(#&0kbS#e(~PZy;Wf zulM2m0r51d&jAW>vU_5`utX4`>6pQg#N@NYJ3k*2?Y7Z?54!*&MfCGYDfq!ts`eo~$FY-))t8j};tJ5O!1;pc07PXHz|XeG)J5|VoCvo=oFDFunDW45`m7M-VoN|B zw5T8{2gV$zTNC&9aQv!XpMxjU%&%ZC1%zCha$8(Er0J&2#HWLo&Kvi-^E_1N2O&9-+=V)Z4HT#B;5B^79Lz`? zY|PgFesCUPCDGME($Q_zqc*ZFZz?$2(fbVAmyNo*XF%`+^?ZYt%)*{4G8vdE7O9cE z*0Wo!CI{#-cVgdn5bqGhLvfJnbj}0>kCiX`c{hEl9)hI2b(l^B z`6E}TuulB*$ggX`3)1auzpg;VxXQEG&?B?}Zy~i9eqOj}j>GdemHzX+F z=RwQdn#N*Y`r+dmJz2<8G~riRgvJBn=Te+A(h+yxjw?n?b&W&;lG%D4VpmpU)zI}9C@{P?oWFNn0Nmw^B0tlyro9c zM26&DanriL{=iE3L6V|Kpp^xq01#!Q z29g8&T4#m2NzR}mzGG2I7l`x05MUo_7M%UIEd>8Jv*brW7K%5;_yDOi>KC}~on-qd zL)&IQmcEvHjW;NHXsSc?CW~kZ^HcM%_L{VWPKO)%jqi${Is`yseT$n8Fw^}Dq-CdYGP8{K zNN>`RdCG&iKwe}?#FcO<;Ml(Rr^N^3>!>3?rS5tc^Uwrp)BRIu`V?Iu5A#w251P{a zM0d$@S)=;?En@5kg3Yt#WPl+)e8^Y`82z(!Kv8NCHiLI!NN1fOm*eRtwr0jBt}3wKp6mHC{BHE zUm;qOv+>b}m5^BX9b{)z<0XlLq$JNp7LMLi6WROlOgAo{nWp5WVrdWoDn-X9$wUPPR=F&sk4H`=vSI8-T%ze**xdy+Ux< z$K(4H{&hmi)BSOD_kD8uD6Bb0N$@)H97yx^!tJ}lenV3r2PO{=<=-taqzf){-RJvR zk)tPPLqN-bn|qrTVz(4#|HsthnihMB?2SE`xWT5KMX{t|F*!Q( z@%!r7C}nRx`fsO&)XY(OFk?7=$WBY{7Yh$7tw#}kh0&Mcahs^g?)Mk#p{_;4Mgmu2 z(ytBeSwoIq03yeW`GF!M0T65c*!RDpS0$g=la<^l$$M*BzKQmYArLu28ysLg`it$p zh4_N9R)2`m&jQl_HoRdaK#y2~VB#ea6lxM&1m$WA3I(kJ$-C9MGxhJ{T!Ra{*LAn^ zJH&q&#ZS^Rw6|0~Ki8xOlf?Kv11mm=a_XLbO!*$Rr&dMS9R%$Zl{!ve7v_tVV4_|L z?mp3j+&pk^jZvg?-+KcC?>%ml#ZfLOCS_w_tt^#j*tqKI2lARX8%M_Buv7GhwbveS z>g86Fit3N~xcusOrR*p5)bT~^nS}VwCj6(X!MA65e|Wf|gniFf4 zgZnZ(IS45$vG+V6VNcdntI!*A>fyDbz2RzkzCQ0Nte>FQcEU<8cz`PFQ|^J_@wu0s z=r%%s^vTnSqLvM%_+OYxbYbl2bS^#SbiX!9T~~*4{f4=j3urzE3huTU0rdDe_g-L} z=~nnW&l#FNe>!hB7)@^8ZrTP3hsK$8N;*72S+(}-$CYA9HZ2iq!kVW$>0 zSm_-hGoLdq2W{M>o6Bl^m$Y-9A3y!^n$D-WPx~KznJ~}-Ez@ZfS7UdY9spoy_iaDb z;R+QXYc~`M_Obrb_u3_dpfQ9#j?njYo1?T5OQL?mJ9B@H_lJp8}R$CYGY< zQade#NLy%I zS?nnCAH}&zDv0Dnfr<^iYuQZ$~|>WoW@- z&0VkHI?WXZyCYda|K&gkPH>bRoQQf9fd@ zjGEK!d^bhtv|}I0S7NFi`jg%zg(}8FL9oDB5ehXp zPp7#aG%1DR9YKtQ%m)#UAO+fgJ;?jP?<}vwTVNS>Fn`SH12l#oi`qbZrM>!!ZrFGQ zE5p7YbV}bC>cib@m{jFT0h_TOSs#h?h#Gv13e9yF$(B^d$aMTBYnRwYd|J8y`j3TCiVV2u;6jzhnY7Xxnem_M*+J_NzGdgr{Q8Y zviCNhtf7uP6_KP92=9tG@-=tBpW^CHe0_ZZ&>DYc=!$HtkW!V*SXezi{(guU-{{2A zNKGd8=PM&rn6eJnt=>~FW*@PBgMC=-ruWrj+>_+)6<>N^GvBW&LZ7PAN)G%RGGXuO zH`(v>1G$KmzS-GD74im2;HMTn`ZqMnlS2o#w_DGxL|QG?G^YZE71 z8=QuG4IKlF!n7&J+06|Rx&&qLz4+Lw6{Jk z%?n8TPf>&luFV^|_VH6Qcq4I_ZXe57t{?#G8n9g!%iRaXVnzxMRZI9K&o(Mbp#+$|2~mmZ)%B6H$a4xx40$A#}^Uxirevrlrz zotUSNWDBi_dvMTB7n@4YuhM(SUrZn2a%q=}BzE_06bm!C@P(0he9#Bgj%Y7kGBv7H z5Z$lbtpD1_u4OZhA=A?IE|?Wp3SO)EkJ5!-yQf-Lma4nI9UDlW@7yw}AvBqrry?Gn8&c6d5u{ zdI)E%hUq;Z!B}_`SS6%=rzOn0MogCj^No3aK36GCs#UempXR9SqbM90rJHET&mo=N zt9~h{)|WClg};MNCkM|+l&KXQwAiP{NlrVuPIB=N?P&~f z|My_*lWihccK}y!z zDv9h$S52&N5JkKZ#H{ako4m2q`U{~;biYQEakYp7r2w0iZpz(-$C*g!KrU1lF09Hm zL+FiM9A}sq*_n6RyaWo(S-*0X9}pLUyb}?7ct7e-5`W6-6TM!|8+TC3Go|vjeKu3O z9Dxu_jQ!r1r* z`j>n%;ZSPu0B9|*q-eGW%CIca9av5_I|lcYglx-a;`qv6Orkj!+RWM{npk&sORD`$ zVRd-Iz^&O!NaSO(XbSZh`N{1M2H&p)2M7~4uLXuq_#8>~QdxhAHxpiU&hzl@aA8gw z5OC8Y*Vps)IdSlQZ>^u0m_K`;;Xw~1s|;uPHy^hf%XVl?mFP9yQM5S-X19OT+&P5m z<^3c>1P39JVDuO`ewBf>s!!t$6~H5qs{87VAI<`>0=jI^;0W#CzKQ1G2QH`rB|ZH1 zP>WxyPYv_cfY- z{q+4h{9ynOBiWiZ7x$Y8pC;w#+HTs1cr^@f=oExLukCBbC816Kvs|=kzd2CzOpgSJ za;{a6KetmxZj4;eU?bp6zpv78FNX!!_opXH@3{qjmbfN|LmZ=ZZozA^*_;9vvG_%e zG)lr*)AfK?uV>xotKW0HYpBC9$w7!xt}Ar8g?)U4+Bi{P*9UaQH=GB(n&Eo;%+S$- z$57sN*{Z+3CE-_p*c@m}lr`4yOMNB8!<<Z;lCTW%EjUnj;3@gp|Gp{fCz+iK={tJ~3I2%Gw>)J$VC}bf!ZY=ZmGPmYYIZMPZRq9kj_SDUtl*4GUPf@Ujm4MSTtv zAEV(MoW?(F%p4s^Hcy)iOjHa0z~;XfBoS6(2@OXMg(f{d^7in~m5s~P-*WtsW^J-B zUWeZ944sTZfp2&C9bm}qK7VY8?~g40ob4C{0m^rgHr;2QI|E<19iDF;In;B~F!@tj z_Q^93CBLDIah3RqVMl$cSYjzpqdWdmz@MHdgePhC%Se@mOHpojXV!L|DeWxybVkyl z+l*~6m}f2!wv2PAsO!Ep?x68?HbUeAVveNePHs z-OoCx{laGV@142=8!YaNCi^S6XLW-GGvn0K36T~!{}j-k@2NiA(FAMjJxGJcMokY~ z{bNr9fYU1Vb}mzwH!h$r3)}-O_$WTf?p4y%$JQ@I$~@Y1AGnJsS=Y9>TyK!}2b;Ha zr}lW1#i(AKZ%ftQa$@`EXDY2HmAQ!pp&)^hAC|WvMF`8M!Z^gNnncy=x8&H0vGMCm z|6RY65Bf}X+jDoQqm&=L_bvoo_GEwc)XM_v=UFp$*w!0vD#O0eKc1csG==l3rw-AS z@G52At)Rv;iNo=kLbT8&e0E<;`LP>e{fsIXTG2__l-{QY8lo+}C0U{81S#cfo}6_6 zS!*%7vG1G=ftCWW72%q|fh@nMzt-&U-wPc-$337ydTZSNBI?aNNVc3)g_Gs7stnIQYJsFtJ;g=XxL)3x5Lt(}%7JxzS9}|-75uo+qZwuy54z0CXY+)}b z)@c6ZN=1`mbTvNbYP<5Js1LiH40^A+B61^Cyhb)8ryKfymuqt`Srpky)E~a~@9K#- z$%i>WD#B#Q2OE+iV6<4g&CC1ryC>*U zfR_2h^D6hyIdgMPFdIBEBmVL`k+xLgkrsT4eT`Ksw_dPt>SxvI5^m#zdNoTW&IZAk z2Ty1D_Y16w75kVZU8l7RUGWBi;3FnHy(A2rLXMDY{_GffdNhQkoHmA>C{X!My=~gO z6n@6`0oi}$t+l6zok3_lL&%-O?|yDRuK^P$v5c1b9%6%3TYQcf$LCs}xLFVvNCqbY zIn62(Ys4nVJyHYKP*Q%a6dr$wsyQBly+K&Cxp|*pIj7_B?*?y zI0wifO)*V+AQINvfY$Pw^%My=g{k`rVpha<9@hQ$^f|lQqz^~m0qAF%xb=DR2~%A7 zuTM3F6MsVON^^x*Yb6lskK54z#`8&lK{&baw{=RUicaPF9E=m%2KeN+NEHiZxX|Ft zQ5OcToI!mqCCi-Mr4_3&!A}B&0jk@H5@H8+nOd#~+0qlb=BB)$PwdbQ#tOk)z&6_}}pUpG_ocr~F;S99tFX z)w4qI=XxY}E5Fk;%B~V)-~zzDQOaqp+r3zT?CDAJ${1+T&#=#K{d!fj{T|VX#SihK z&lI6iwzlUB2>Vs+?3f{e^F#;{cvHAIG4Op2N*y!q^|KB31!6oO?|nie z-{>beoQ*Sh84!g{2pU6Hx3+RTTkUD*z?kC%m;vkS%HPE;x zlDp{P1cVV4rq0KGsFpM+uT>QuC67c1q1QW*%p#)6O2+O5;LWr@)#qw6dUPsF+4WL3 z>#GZ<_1EykHl%dX4oqD9M6`MU-&1?4cqbuj1>ZL>nDBs(ZlJyq;^SJ=LjMUf7<7&J zgTduzx!p)`H)ojQd+%4*jIR0IDPY36I*x?R+YCXHy)&l5P8B-dtn3(); zpb4H^o}&?DW+mnKX_RM+YCmzRneTQuNb({#4*Yf=cmB%uq$NUXwq9YRC50y+t_c!6 zV6$^PPP|l*aNc;3c~&X@YC)=%l2lkeKln2z#My(va;HO3Jb$;|%I9#%?GVzJ_cH%Z zJ3C(xZ&0%C-r&7tljb0sWh|P&-x@jAXkTUU8PI(FsPjB+=|vO8z166m@LNcurGfKi zY)vdJ0lLr8f^VjK%K$-jWjod1edCr!1NVDLlZWCHN(X=3HOJC8{W0`LsG02royIdK zm;jxF`zIlJZ-95C^PTZPRnh%@(KJuQ7hZR2xNqa-H(VTJ#U{NcSMyf2l~^ro3~lxC zaokrUTCvZo`losuTJLEeOc8yy9zSpbbVyPVk4izA6hNr&5lPTojoEfvV8^WNp0vwJ zLn4K9#KxTQ@YU>2ltWV)Vk?49SD4DI^6GPnr^1;xYD>%^Z> zHKC;*RT*|(9)x5x))J&6(~t5^neOdg`)G1rup>TF69%q|`|6lRuTdGWG+yU8PkDGp zhUwza(K(+hfZB)-**qeC*gRDevlW8MFa1`osWVyw0`hRRCO_q(StV-S^I`rW+^8C`yjOpUefwdRQV{ak*! z&C%Vhk{%oaL*sc<5-!hWlK70aLBi7h+2hEyNkz#Y$=bho=BNe-+T7->lG4{$P zlJL$qS1RA`kZb#y36ko_lB{ExOz!N?tpW1} z!|gC##IG+i9kQdExZ*K~i^kk&W)&d%{d68(CX3VaVZT*r2Rxng@IA&=lMX_CjQk=- z!p`nhyPD!kWqzQ!35w36TIugy9ds{v+9}mS&2KbY49d%6H07} zw>c1@h|{-okWp1vw;n?$zTa<6_?BNOx)2gX*py65qPHG!)U@`XW#=+GO@6?7Is_Te zZtyeM3yDThmAbz3BI16_p&F1y+=lQ)R73xJ?=^KRpMm;U_swe8XG2nZ`NO%?GNKSMQb|RU6=_YkNA~lKz3}#A z?^u1-TzgYqh$g_(x#f*$E=oDw@8ETRT=~Ssm&f(`>#p)$JUo|Y#CJEui4XcU+3W7n z$bYB3-Z`>5Jv_}HogLR*moJ>*NM~;#_x$cR4BJ?hN?kAsU!Ra)=If~qmjV=qi}_L+|yCt1gGW6OX2EQw~uVHE5B-se7ly}r=$Gf z2RAf<1?*y8hy~S}K*EEs>H93Ohz=eyV$H1E5BE&ToBG`M>4o_MVeb>DbiGg1eJE^8 z{Rd$$%s08Dw(2#4jsEQ454jV*7!}ti&fv)B&2LNBT;Q(1^esK2m}O5T4u-@|2MwZ& z$DK`yj`52{)3r;7#>063EPY-cxFa4FZjJWqN_%aIxU7o>)3oR2s(watMs*hs9Q(Lf zD77z=S*(VLyf=@Duh*Q3UZypyt9bf8E187cC2k~nkT@Nk-5A({J?2W7rdv}#H>Y%E zNvmk6zN%~q`oraF0{ZdWM{zHB9&6tj4#zDOlAn{@W6FK5^#_Lu_@rJCj2K$%(n#+IYHegUvYByj(ERkDlLf!=2P{>oBklEzIIz;1}WT0izD!dSgX zyge!vb*ygc5BiIN81&S|_o;nEn;F=0Gx4?@kpQR<7Ykm?*sz2JXvZ^>Dt=pXXWdMF zI^CYVfxIb4{9c$`_1NPuP;U%=MOQrzPxl@Coa?=l`7K~nWp$9sc%2tn$&@1itec|VimY@egw9iXa{{_=@nwGw0arA>+}5HZMb?V#G09`Q=u zQ8<(KhZ7#~#)_X6KPOJZJ>jEJ+>V;z2*#uu{3M6PnuV_HiCI0R+S@?jAaW!2D;jwP zHVmmmR3S`5M8biZKUV`anlNQ(hM+5cjb9KJmOY`bLdKL%Gwzq3%+v21p1~smq7Sk^YA@msgE`REVcO-+3fbaLZ?F)BxW|njC(_SL^a+R}g{r-av_A zsmmd#<1tad+OI;6+WoK6SZ0KNJ;IFv|MvNA#xmO7X?{p^1-R+_SaS3%Cf?2DhAIEj z9hc_Iwi4)62V<_id%=&F&-bKX-r#^=PRk>;mQ$&@*H=4O*8}4@C@1A~^T*VPgS(Lq zH-8X_YMXxJ_B)q@SE%q&wOWEi2t*xvVd^o1L1zlUW9s1lDoi>R*Z5!X+OD3 zCtHn1ybu!iT9coyjO`apGYD9e>m=a-VQgTt_#_67SGAF5B#cwDgF z<4*J>n7EQSlTtNkA_Kb0&+|C4e1rQ@+Se9}`#hhNuz%bTc5NlFSpXAtXZM1WH6L1J zUsU;avA{I2|3L2~$|kAru*w{7RiH|SQSzfu+H>J=(BI%`T=)?YQgZx?qu)vA^RF_m zNIzyHO)uf=!qYL75B zcR?@wv`@+3Ku#SCh)bOs30>)2$H)M>6>!y6TM8mduU?)uE+8lEQlh_;Zy%BOw84D6 zha4}6zC^4uf;7{w`HC@_O053LQs;JFZ|wRdn|ETT_Psbn#FKK#V?*zUR~nj^Hs~ik zIULl{kT_hNXvdO=Yx+mllmE8S z@JLJime<)kQKkm7&wjbn)93X)Q=eX?Zp7W}5eA*w_JazxFrpy?iKJ8JFAO}e=94M2 zS3?f`z{1IZ=f)Lr*=i|Va`y#qhI&Tc*?o*yVrm1DyyI^Bp-jMafetHSb+XdnGP~;dVN!dG~I*{a|!Rs#&zLCGM26iudQsLETTtQ*YwkXqZhYHv)=I_SI;*p)Gr^>;3h`oB} zu|}$~YvE`5@9aD34Shoh1`g-_u0dHX>vdZoqvNzk$c!$cbA#i##@N?o(xx4X*5(WP zCC80SRq4&ur|b!1{h{oGU&W}neUIb^kT2?^@5Oqa9M-S#)(h^aMjtMr)n?EI_C-7! zm2ACxQwMlkxaZfnLly+%TrZ8OVQ{}cL)FRHLRXhJLFl(Js#H<6g+=n>g*@ooslHqtu0fh|*A!MD0@v|!))`3~9LMCo zgDXO!=6w=VZ>j_BsD)MS$A?NMs}1M9*9NCBKi?>XdE_Z(laF%eZ#72R{SI8etbN_9 z&%LO4 z%Ac?y1rWPxth=HsKl$(_@WJljcIkwIO|eja))s5~bm)E8JY4pQbYoFrz);Qa>k0a8 zhuG)1#?zrPH(Nl#2SUemeyAIgU4Qdh+;I;IbZc@+C}t=VG0Au`*W)G<)O~OtheH77 z%8b~{Z66)r#Nbt_<;aFuIi{}516-4io-6Rxu4wSUuz?lp1NQ3v|mvVVxkLTaXk7*}USyEfHoL=q2P&dfnc!Mf~H(rhZZEt>G^NN9KIEZHR-VJiDLuzkne^1+% zeR&N=?X~zaWN>^C4?&+WR0^Nlfm=fVv)>ee{wONKA)PIOc@u4KA^1y`eY0fZgA+gF zZj`K0`Fwp3W)9z66&jY6mAjU89rwv09OFcaR5ANB+*mJ(KfKZlOh>(KZ$AWKJ`W>I zZKrk>`Giqt`A%0)QquVE6XjsZ@R*uOcdrF=_RF4x>%Oq@F$>(&jsIM-pD)tSSyosr z$mrUmyhbquxgvLEF-(HX$)EPq%>FC!GCh@qXXE{(4a-sWy9K zAC-&iFF4)F?BKe!ZG)BrQ}ewq&oip6=3%T)RTG{6-Kz zU^>3Uavr)e2})ZFQOrC#DNah`LzRZ0q1+Ixei4>k%q)3U_bDmE+e_VSn%5q2HIA_4 zUC33nRG%NpQ+{dlESb|-3%YE4IGGA&P~eZ^aa(OUq|^Pr?0>4}Od@;QFWxYK(n4AR z#6_?4f-J(&#QfLW6@c?)2CAp2t90|YkLl7Nohw1*B-}R8q~)l^QdMdVx4x7;Nkfsd zu3GpwGs#LbPuqvq_4MQOoyDU>>LH@8ts%qy3v1J8@O=k=ovM?S zcyP4(y?)kdMjX#`{GvIk{cvQZdp}gGHoSmrX!qXFc13?zOzdO|ab?gJ+jy`M%B%Yl zDkn%iGfr+?q-*?s*<#*@a_T;v5o1)Ufz3D9#TjyXpXF>(NuRaeRQI|mV9%D5G}`Va zZ*W60cF7CPtQ6e9r3fx)vRw-AlpdaGi1q!S+U{1hHQ$c!w zX3}X>xGQg+&4YIR_Hcdw&M;e1!EgKVQ2pZIq-`?xq(A9-l2JN???ikJOTEdRnsgEO zaqE>UYxV*vQYn=`67hU_{Z>21CUX}lmEaHLVN#Ezzn9Q3#ij~7udutpR&=~(@9rZe zCrClvJKb;3>&t;QGdV04I`FWoE*@+O=_MVBlOd^`c0<-(YqUiR74QukLa6$$i??}u zVSvvolnoQm-Kiv!{8|s6zO9Nd04De+wB+K&$kRzK-!SS* zDQfe*UniIW6#~E;iXHwoC_wT2l&I~B$dSLdT5(fo^ zt<~~K70}I54)H+T_=gxUR7g!m#}hNp>vI7p>2GJ#))xDem+8s8+FKHx|p z0rSlvdZQZ`JkZ9whh< zn=jU?Sg9*>(i|SeZvs@>QH_-+w+#+fR@$) zBfwkU;U$+LGF%ZA{+f|c>9AXZxWr~3;as8!ZbU}217`ItHS1QysL#KgCg~nNR8}w6 zK8ns;aC_iO9!-Dsz_fAS^A@j_bArEgzrZ4O^7{Q0jyZ--;U)LPekFa>{d-WRV3n9M zm&Y%otP%py!os(It2I29o;^&4T`-(WD0h+4G13sTnq~V4j91c*Via^iBxhIdwG8{f z`AR~aKHec=E@}y5DyS{*qJe~sJ!&qgKOu(JTC?_f89gqko3p67vKU#sD_Q^et6E*h zk38NA;!P31>2`l`<>Pw?T_j+OII7n=MR@Al=UIG%rx9{;ceVCpwPBaR08F7UvM^-` z%0sfJq!5xhU*0o%rO{0r%x91hw*0oA`!Pe6EaV>XnpzELlW`e=7z60E5OAhDi}zmeMaPgMP+8* zQ`=qIE1i2Oi|iap;}G8XMn`L7bR{kb_=#t_J0=ZefSPQA=XiZ4&Ve?U%Y%3w*_?%5KLZAm!s=qc`6iF(TC!*$4=in6DRaXTdC^79_|qZxHucOY!ohfjDM<$W|8@rq#7 zKK2m`TaxDN*|(6)%=+pTNFY8?kNDX+ocRe8q{X5{(m|E_oIrD85_zsm`Ms^95&Ay))KYzlkO z*=(#}M_Wh5a}UTOd0A%A2$R+_rv%3@pKteY1}_Uif}hY zmzw*N2YAEjM{;a{psgz#9R~{CRy5wk2udmZ3-pD@GbfqL;z^vJx1w5V&W1wx{8i=+ zJLU~V-{c;fL{e41wBn;XJc>tbH^!Xo&a3%yUyy+ibrPJ7PaV;qe0tG^gR!{hYA6FC#pvB~z{=3D5wZIJ`0R zNzp~{(+uF?+Xv0{4DGx`p6}-kq-QygP})d0Hlc)0XbSp{cEt3#t=3|(*&PnV>N(!D z2i0eLuNkX-GVORlpZ5cnYQN8+|60-=zobwFRXc^Ea)aC;W~1d>*+Y6A5VW=w@(DJo zPE*@w)$_O;9v8R;_Yns^=;3jJWxC71_W2MrlDUpY#lTO*99x*c{eHjq3m{wO>0Ve4 zd6GPA;ymoFY>$SxB3LPnz|u+n_f0c9&}9xT`CO`dDgRs&ymTWrpgMG~iR;ug;7bdVo<2e6>v<}2$^ zW>ZAL2FDEy4_gn5&lTY|WevIwjs!yv)~hkRSX_8S5F?1ykG|#Y%F}Un>gh@bsK@|% zk$Zya(&oc1WfEJDF}^8HpYl`xE>g*N7E`%WF5h736M{U@y_e@;%GFwfgaWXfB0*bv zS_qO$>9=I>g~a=1+^fXd(i@FPu$o^#SJ&ShHT?Ycn(g$8B1P{jqyop8$)DqS*uFzE zSCn5N5WILL4Q(5@%4QqHK&EPC8%9woKf=Ee{^g5I0v?~U0T+a^^M^L^*Ys?EVIG{2 z;{Kgo_7k#d6VDK!|8+I>TN9;U<*O@)?3Ab()ds(P$f+c^jf_^iShsFz>vgcj=66HH zrzvA^6A!?jxXkmf2Ldriagq0MZRZUhSiqmF6E(Kh7i(b6BQCsOJBP8xTG~<^bqh(Y z+OHk`DX5EW-Au94x#)Cbrcja8BA>1T5NG8}#j^D@lfSTTjdZ?<%Ovm3#PX=|gg`?8 z&^)`FXozn=>I>zOovGI<9C&a8ksm}E@5%MhllR_3cyk0eW656$M;C7guRO}oZaujB zs+HC3NaBqarf||!!W(hiR9IN4s}FX+5IAVToIs%i79?nC`3376bQ4#i)+k{xjNp0- zr|_pn*-hrBF-;^4xss9WRST@JfsH&spJ~h9RSj>2Y9lMWsf=HQut!V?AyDc0^-bZ? z=(88bvrp5&>j>?RkTKF0b2fi_wPg()&%=WrZtg}9rEm%^711@ASyrlkJle1 zFVt&sFwr1qJYwPlxqWd)iWVYq_nEIX+ zh`2P+S(4dpw|f55rtHB@0@tnw^}Fy8ybso?ulA#qiJ-|T1!AiARo4_i(`cTXBUTqF z4BCj&o$Mcv8g*5ffjPo`j7Q-QZNiN~Bckfv8KGwT@C{Fh%Hf?LkqW#vf@9a!2! zTdfk?t6iSYp+QITFkL0UJ09`>ox!9i&(7aP&0ZU1x>UvoWK!)E68Vk&@+mnx<|5U5 zbr4yfu^c3L#*LzHwHHxF>E!HJz)1fH0TxXaM`R+cy~UEEwUzij zA8g5622aMH9G?ra$Gx6TRJBu7_bhn(8iwm0_&eR7bw8$lBZXmYJm3X?t*88QLeB#~ zQ42P|cUQfz9f3gse2O1uvwG5GKOnhxA2jf1xTjHYI?XJ!iPBS!?7mp`n6EKILbi(jf<+G-{DiPA{0#a(?ZYSH}> zIh7|_mHhYxbL#uK@VC)a<9*S6hY2ZK!ri=df4Z8Q^2x_SwyZdg)GF$Ndz=bpQSG(xMORH6S!6XF4d7 z_B#|lIy>d}+DgTLdyTFfGi$Fq(0v%$v?Sk)23(RT@enP7_bdKbF zKSm^bK>JfGS4~9az6#^zG935o?D0yzm-fuj$jA*7i!d7Qht;dGwO?F)W^hAFJ)zVg zUUD@TO=0foy)`l)gTXzKIl~W%eT}$KhX0kB#}`;||EjQ*kJnxgqk+JAi&(1a_@1=G z7Zg%oqQAiu(|7g*+tb~d3AT!?$WjO>QO*b+Glw@Oi_v4HY6ZS53-C%;Cq)7=54FSI z^UPbFW<>S0=)d0#b#bJjHUI#>;f2EmIM51O8o<_HSOwa1JkLaqds=yYro3Q}t5qv# zeGKl#YOPzhA6L(3cSDcwz{r}CY=lzjv+lq%Bk zg9#LU%Xf@S_@2WUcg>~9hD%bg_sOCU)AiK%`!IYAgQ~n|Nra$s9qKnH<#aOKC27L@ zHQ%!Ev0v7JlJg&h`h=f8Uy~loFbQR`REY><Jrm;%7RP-bc=j<2 zf8xm#0Rw6-*oj=amN(V2cc!f{|GnA$#t9HwXB{@?LGT2RXyn_?t8eS6tdvL}&Gb`s z$!#B<8BV1|`^ZBhTpb35fJ3|cxV`WwfJVLJyRsOty1QQh53WlpQf&9$ut|NW$zkL7nbg4%nXBM-s@*9 zo8NgDiwh+b@Hng-c2oIaNbtfU~huFxlw#j64!Lvc^8 zFZJ=O7c-SV98c!9i2Hi?MD`~S-qz^a9WIF2dPR>Ube(r)*LMGTSjW@Awa-K>EuO_3 zA~*!2_`3-U*{7z7v#OlqmgQE4^=JU3nyozv@9ml#BTo%pl+U^de zb(|yn+ro=taQt>QW_^hJoC5Xs34FhBq~%sbtf^7Q_YW5J_wp?4OGts!G-WYpV`|^I zhXh%)Hv1Tjpthc=?Snf<;M=28Mx=h{WR2gpD`#jUVx~J8K5<@2Ur@r4W|RLcr-6$( zz&?^HVqry3&%b?$$|292#v3pv=-PZ`^Zgg*>oi5n*kQ%kS6^sY-`%8%Z^EmBm)hI_ z2%s@}1xHR!ZDgqp`~*JnBrVY^s!vln+kN&*?Fo4U8=7ekVn}= zyjve%ZA|?-LhW8w@iAdjxD>1PDwh^F5u#CTg>Rvj5Lodom&-nV-J<|ufPJ6@M1i|paGG357%CrRUWCcZ^6=_JVyB?fil3+IvL#p`TMNJ z+c^C7l?-O;0dw5v)I07+kQ-E*S~h@t&D%aat$R5!@pZThY#~Nzu4&o`BvctpSX)nx z&%PcFgsf9O&?FcinHW%HAZBQ!KA#k1=?}X%eXUo~RoQhxTGcC!8-9bDc|7Y1Rd>i; zW1WdGG4Dg~gpBQ!TWwwzx|t@1ql;5$6o2V(8w(MPbPa}5g^YP2&ZKs=A&(cQs-}Jz zbp&u4)c8Szb6=f0y^$NZ=@Rebvt*96QV>`f2b0uBhhT z@`Jt~{StA0>7}rcg1pzYyfK#GH*9Hgsj_5r^I5CY_&BxqmS*h8ZB?xhN!m*&F>(B> zY=aCmjK&!uwg?Ej(s+pjoE*S|vL2Zk@1Sc{Ol%JW>)-R0J>G`Nb2=KBz1Q6fN9mf} z0JDAB_m@y7tql5iiezEL=?O~~d?cMGq5PxXhzdN_KK;Hzwo#C#q)gf#+AcXTs+>;E zF}V}=_2Tgi4296x{-BZpAax&%iLWGuw=eEk>HJED&mV{8$X^xVRSvUwReMV?G#fRQ zFi7bWs8sXd)Qp8KwMLc>0Zu-MR)Zm(ndiE&>Vu(>VQa<5%Y!az0v6cjAItuuxsnJR zMmH8fHShs`n}B+>bRv<-4fI~_R(FQwu}|f35dYvg_(-Ahy;(`dm-cAho6j}TxHi|O zdFJQg*v?0f=Jkt~Bqyok%oAcMlj3G1b5l?e=k((j0+Q9AU$j~zM2`Eb=G%RasFsP^ zPeqIA>^Iz^8^%^dwe5c~6P+b%tz1mP!-^uEryss8?jvUzni&09t(c&}J=Yl~KNH&Auqb~-R(xXqr)Y9M9J)ibmajaQKJ>xG3p&?aBrS$U5ah*5 zU(RsbDo{g0AZy43CIWNd?-wA<^!v{~(U~ZitTn5TD16#KYM;BISR2EoT4e+s0no|H z3A7_)POyrWmydUJqn{TBiB+TE>@)tyR!UjyoQy#5GkL3YqXMMn*&LsEE$74D^0tQ- zOXa=mB@kNy=5M;i^4xf^qF+DAz1k>fp6xGB=NYgUEI=wRr3xXCqBroj&tp^Eq$O)X zAH0U%V^K)V57#R27&A^cay}AS^zFz4?KOQmn7$Gb7cD5x1!z65Fr{>jbe%B|%O6XN;pfS~93p#_H9$?| zDj0Wqo}3X~sWSW77_*cS=|caBw|2dW`+3BUwcZJ)Hxg}^{hoGmdS4NP{x-Vnu*GMY zmfuTaPZPntY)miQr{pwiloG?TFn36oO~TH%wYWamzuK9T-rN#s2@h^DaO7d%OY={xK=R#&vZv-g`m*Zu7q{l-*WSvQLRww0A3X*gDQqcqH*{451M?8-&UP>ZT5@y0rUg(-bp15BDk?vLQ49O*7CfZ$TbPH z;rJ2Ydjo4oKeTuE;F|4#?SXr`ADht`AlH@i>*rYMA3Ji!@UTPx$;hLp>krI>Kgi^{NMl>j>1*s?@t~=$CMly8 z(To--=iO(wssv9q~d~KXB1SKKfWX` z*BRTP9i=Ym{h&T=-1L&9ovUW7Hv#1O+48FqQS;sVLtWtTP!;0}9dKB&CO>Q4h3|kI z_0NMu7C}T9_Qv@|D02r->M5dL;<#R;=)4LhQzo)NGy!&$Or$N{mNZEludX3~Sq&wd z_R%&#KAl&cEtb`Bk@Zw`%W_T`m(tdu zxGT#Sbt~?_hCqv<3aQ0STNBezufD>WR4lBK-TbG zr6^e!syi)D-#Loc3<+iR;N+)y)^B~up!bDc%`14z;=4g0-P)UOxsX_FyVmm>HS%o^ zjHOHa=fe4}|4g@`eV0mmdR@Kj;J^=e zyF^c4@*Y1d7ibYlEIZ`N3=hQFd&NG3p`zhx`jazXx#A!0m%;j7(wI09dsy2dG5r?K z@a#0Z2)kPl#B+UnA1z)P0Woa7*A{=ozUG85vVgp)3xTk3sm@Y0oUbh6;GU zU3LS|_hAOV(( zJuAU@xKfH8l6+NyL6Hzqr!wttpL)H_Rp6#*+r9;Yn+*WJOHDCS(5M@m07)gsW|>Jb zesJE{a5F-5aU$?11Q!%fSAdH_u+3jA?NGIg(er0y9aZO&wHV*_AeRh)V?PZqvU{SEs>JD9xhfLK=%V* zqoohmLkd09O9;fFI?PkZ$m8K>zwcE3M(5`FF3x$I?8+WvUQ(am=lQtj{7Hjemx44L zUuTo~Q`!$w~Cg4Di3HwfQNzU~jpe}KIH5G2SHjtMsM z!A$O6f!dw;IY(fPapNdvrMQ$_>v<4&Q>GIM_q-xLNLod9C$hDTi;}>UfSS`i;bO#F zB0S+U2zz1H5&O}7>=W(H)nay8K83f>9}4sViAA#a{NX1;A_V;S{%GHnA49|nV51}* zxM@=OF1_ye$`~Cx&l>j+t~A;i@KK1RvuecJ-Z_7q4e~BWe1=&5fEcdjxPi^BBBf-$ zit@v=%mREt8}rff-5V>?rQUlcGmztVQkLq68u6#^pB`iXxIsy(mE4u`lc>#ZF%tOu z6Pl#wt8Nj}^%Fjf`qHbzc*)ApVU!E%%(TPOX87Ds(#frB*l;NAr>wv3IfwNtlw3In zZ$Q=ySDcK;s7|Hoeug}IoUC^y-Gy7z&DQO0k=P584_cW`Dw6CdPkRIPgbFDsUWfDP z*(UaHA20gK9iKw{j8<{H2Z?O+Fn^IWjR28B^4j@xQ#JDNN(4q?+6h4<>aLY{IWk>!OP8tP*eR3#7`` z>m=e^rGP(gY%~k)ZAxVK(M#|)Xdlnj5Ce^VIUrJ#O}mboC^I}?!DXOo`;U9M4zuN^ z<3RT?yrw;$4(=xKXF^#@)&psEo)vEs5RJlD;n6%Bx}8jyzgs=xB^TW5ONsRzieQm? z`mU-MUIdylDZP#<>AFLN{gAz9p|JQXEIBl!a{+`-HW~xu&?QvMFlutPHS=6EG?%H9D1%dgq)oO+l+hNePP31MeJbqRR`$PIpEc zk4+givR1FZy=;Ue#hU1*8{FuELOH#qZE(=;vNgHptFu7P&5YiL-n^zb01k0gG|`q> zj0q3l3j{dCzFnT=%1RHdn&&Gd%f{{eLa#~UmY%5f9jGIX7bfruSaL2zoGYXt{AF1+ zpcUzr9<`T{DKGpetr>Nb8lW%q4+}-jg_=;24VilfWeuqfBT{one8|>qp2!x%NBN-n z!GX>KP5B@4qK8n0jSC%&wh_d0&V=XF;EyvgB{j4j`Bb#nmU+Mz#rawx@JKeqr`x+z zs9%JA6l|S4x=F=iAst zKvJ-dI@5G2)BvF$VI%Q;OneTP>++6i%hrbQomG!H`1XSIdx-n&o<1(Y(@?#lRZUpw zG6leZnmTW8KW`c8rN*D`TTC7ise%GkBL)zcapiNuH{2(opVq(_}xx0o#6Kx zji-3=&Wb+A#N$AV2I^aBg{F@^=ZrN-#dE)JJ_-`|j6(;fs25msFMLVu^*uG`BgqbW z^#tnz@hm_k0j8r$~sn0$!0hJUq^(#NKAhF0Qr{XCG>i9Y*%^Ily8 zq7=69@VrDX?nOEAhrb;l1Z(6Pyi%%QYuxZq9HjG6mkOr;%`DCy=ViweeD{Wd2;*%3 z&6VUch}fOK_hOAeOG5w6kaM~dlF@0pZUnk9!{0tOb;Ma#S@U!yS43jt8{Q|@u*%i6 z*8ci)iDR2zTGf9b91D)OWPlM?@7Mt;GsvQ#0E#|Us=yzLyR|<0!-p>u1lngmf)6>{ z2>a&wzI;&@_)Cu$k18|-O_K4ClzLW9&pQ0%eP7nNE6F?b2q%Dp^-jvHJQN7bmRIG?+c!K{cN`{7R3{YA8Tuy{)R#&V1Tv{ z>&Cy_xY`&i1~Hsp9+Y?Ie5#tKpF<`qj@emBR{b*Xt1ILFxg+r#gdDRMI`(in16$og?I1Wp5EAlq ze{R$FxwQ%N5aQ@@ON+Harp7FPY9KgWl&DL$9E(T}^KvdOhf^9;WQm1a5|Ivhc#-{u z{Y)nGF8hLeXj}q-xGet()5WGvmuPJGz{Ga1gGkJW5 zqOi$Rf8tn{p#ZDi&(|&9$No>b`p5Avx)6f5l7JEBRk_9VF?3x=+|(=7+K82MS0Xs$ z^^5M)6@IM5dcMoM3;;y@V<$RsU3L#vkj4bNm=q(J6ygOS``zOVzf`h8bKQU48*J@h zo&y2Rgwbsx_TE7;p9h_Px|*6VJjEka^Lwxm==kI%)*uK@eGnHs?DSB6(*QjxeC#J> zyiW)DorxBHB9jlclU7ACeday4qOjj|otRIUbWXmK;H%@oe(i<&oAF2Os=goGfU_nj zzmFoge)by?x50gD{fR_QB8#0*^SV9bDvnun6ol258hb?=CJKVj47xaF&Gb4P(x|wg z>9QWUi-BDx;r>hfTMdFuNY1xW2WiX>f8NKI>Lb4m*upN6?9g5ZQFn*mF?z&&ck+5~ zR#)Ph=XQxCiB;(&8VliTmIgWLY7B#8ifrqPU-&*-kn6sth6_L_4T=0Ue4^5C)s@Uq zGcdVJ*THM4;VT$>@Rcill<5kF{xWb0+I(-okL>vM5r`>f(gf~UQP`y)+882iZ&JyNbQfA`z@ zbU3aFG=1qL6I`p56t_>Qw*~4}NB-^oP7*Vv5P9>Dwu6g`&C>a2e$2bL1e44uyFE!$G-*Z z{CL~gwj~=bvUYzeywmN3EL6#PtKT0bY2L|spbi1-6z{Y2@q!%^{(@Xj*8QFcL=*$5 z#DVn#o?_b`Pl`%u$6umdrYV7)5;&9ts9PpQhu|k71<>=yhW>*`vwd$v#Minpc_2G3Yq`mqPN~4WC{l21v zqlGD|&V&B+zFgB?-o{yjn2FQ97+)B%FN&Z{AAc&FQwJ6-CV!>&_<2<++dN)g#07qa zIgCf1#@d)0GN(GUI`a71vhu$aqV~Xx&a5YF>7LJz$r%OLoOi`J z@qRhiKw~}=jAh>@n}^q6*HPvB3G>Wa^-Uu8m5v$*J}r(yz0xX&^5?OgK=O6UhC4yF zQS697hb)ncS1y?ue?wPgez{;bhP30QQKwSP$C#Ttd(%i7-tV{iQjTy# zKfP~Q9d9K>pS?g~)k|6?&K+Kc&Ph_l=;8HepS&~n=KjT`WMTw9z#1!ONVgPlbRGcMnG4{m`}|nC z{UG@mN}_R|_pmxXDIUZ*U~TQbv=$Q@b05}`qg|PvR$VG82>W8Wgx}^Gg8z4P5u996 zBX-~4Np(wW-WrX)U1RS`QE~ttgXN8uuT^Q2;VK$UJ%ZDJZ&A%QF1uQo2;H4^)u`f# zy5!BEr8Y3gX9>l}@kGSnq=FMX8qpxwnSsIBzvjy@EchxB<+S6;1OeKx>i^T$Y==Dpl?sXl$L zB<`;wDlnj7!u9I%eVFyaX$#$?o5X9;6BI-(G!hR-e30z>jaUr%E4g&j{TCpi5|1*u zl$w%A4NLeVRx_1s9ckO&sr*9wa&xF=%|9#MeVeIF15~r%L9H6Ub1;(0hMyapD zsXAYB<~X^`&A(O;cl`cLEnuy>&Rqfr9|C2f_w)7iNrk+Ogt?)Li>hl{_aW zDKZPT)MH$~rXz@eqFZPzx9v%)QJ*gH;_0v{f%sRV0|=`7+WW<6cEp!AdS47E==K!Z z({~r1VF&94%7FZ%A~=)J^*R4jem&c|NyDN_{GcUjX}{l}9-!H~a%{Xfb~TCohOMfA zFQQN#M>M)Ac=zD^Tza?spL}&$(~%@de%DSSuBmUgRL1n7m`Gh-0Gdd}zfGY&$)miI zGA&bP)USB?cVXP=nMZ7KyR*-C$CTX5Zy5+>!Ty+rYZfY%{9?|eh|C|_*2*liz>D?o90E;g~P6ScB(qA-Da7f0W_KJ++WZdnjEE!I|q) zQ~Z3DUGH#O%6kP_i-+$@+t1-#=~axxC9O`JID>9ZaQ8dsJdz|gf5W2NvoCf1@XCIC zAAxt)muB12PC*d)HDYFLoYm zE8p9`=2_A6z}~oDo=)SYs$R09QQ3@TbbUBa;p^I9cITshlsFDvc2)UKRaiy<`V zw&&NC4<==J=~E&TW`rqfm`%F1HVRUEVNh$iSAOlT~nebI-aMA^;KDo4;KyVNok3dmKKcv&Xp5uKupy`KvTnoA0HH(O)Q8YzLDY ztlC>t$k@|la1;HHM_9hFJrQZcO9crolp1j4m!LQ#K1aj#ql18u_XVkRMH?<|CV9b@n>EEP9)N<=o?l4@X#&;B^k4!!!G0!3Gw7q@ zFQWKU)zY?sQIXG74{krs^aS)+?}yT3HKMwRhv<8uZlA%B-}dbbXvA0I*>n!+B`u=O zg1!CuI-Honp!0Y21mSO4VvRhX(gx8kwkGvbrUYrMDl8-Qm@3%^;hFDL&u*Dy7Zcd= zu!s!dNB1XEdl#>_uak#}#U8KQ<|TN8{?V|D1I30$Eq{Jw0+xATV#Oj_NwN|7-OZVP z$pWMXOqM2k2o^ym!!72MUexMmwvuZ8atFzfFQ4(`ta1-9DP`Mj7pe9744~2rn?C2; z^Hm;0R~phj>baD;hUkKC`JweGtY$Cua!6$HC>fAUR5K3PU?-EU55TmCUaKT)N%}B= zcvt6H;EMP3LHFn}-nc@iI7pqyW&rRwmogyVDz(2Z!@8HE_od{0IKss{n~UEb(n4NW z*-m!?p3&6SqOA?{RCavOl!Q?ribMnf=lT!#Oor`BDr@5v7IPXrU>GuX=YsyO&J(yY zjBc^0%K)aEcAgxrlvKZHRki%fZI6mR`?j*MJ+CqNB`R;WJ3v+Q* zjr6l33RHrs!N5^RIJk)b;y>(<_tPLsuMK3_wNN5((kSzv)fERBw;!k2&A!xAlXxyj zo|Bp&`9j*NeQ-ae{!tG%2A2Qwq_bTyPs}zwJa0i(E;sA@d?u~(l{Q8WrMC1$_jQ9@ zG~QRs^9GX6b0owsp;XZ~eAY*3G(EKhP-f?HTD03ZUar*(ik+gq$9*t}#tRkpgmEM$ zgcINI&_&pATH^zQ>O4AQ5;#(kL?2m%z^!^27n54vlCHmhlGq;=jzJ6qjw0U1WS(9U zzNz5ru-cv@;)x{|1X%I}x9E}y^M!|}Gz=*Vs2BFi{NWw>?=Th2^Ic60n&#$rRGsV{ z+z;KL*zCTRFYk#v(jTIHqia#C-_;cxmHqLj{mdR@F7rH;`aea!oL5H!KB5OEolCvQ ze6>3V^Y-MUnI~$}%$Mx?C<^hMbUZUEB`~F;0`t8i=HBUU)=8?rW%d`#?h%QOxR|2f zuGdcPi&N~J4$(d+U`%>?82bg^n{xVdOd5AQiNyY#a%(c>C`M+#0riBQz&w!Mop{3} z{ru1(&iQCJ9Oh|n;FOhkPGR|&$Y{&fjQrUPaB4S0TV?t|n)10{zHovrD(YGcu8!J- zdDb192kPvWk{-(VcYywjC%rS&q5V7#8LQs!=NQ$fE#JEmoOWyDrzxM0Hq9~g1l0qg zd3A$*mS>OnZo}Dv#zYtqOQQjx4^8 z{0ai=O`y}fmnL|#Jl9-X0$`jS0fFBmGSMI-Z=MI-Uoq9ebrzOkPn2>UJ$l)LhOcEy zG1Jh`&!aiVU)bK{2>(eso-?XUPugMOLr7?x&!o8$=fHTjeqrr9598swB>E+69X_4tlm3oVL_8~9K2 z+0^W31TgAZZHORy9gQX@HaZMnl>~k8EQHMTIBn=nK<=t(P}|?D#U%Ibn%IAU*30bQ zGO`y>Ilyo0s5j%DzozbHNb`Q*wD?2q(H^Se_=|@xAlt0ssu|5q(tYB?ean6R2*379 zN4!%U*@aKD^~wN3X_)W?<7OTuy1NPwRW}wyKhXG5AD3TijnwU?=8oN`#!en#%NMem zufdH!C}ye=OsoJVyB|d;p<6I1xVZXh9InnQ8rfAoE<-f4JcxUNILcJe7ku`6*Umx(y~JUUN-h`@zf6KM22`7H)Vv=l%PwORft;0mYGsg} zc3_baSvRO(4S}L7oAstfKY&;wuTkwWrt>eN)upNfy!y?-A^N>HB6_a#>y5nh5vZiU zuMs@~iK*i*5?n>Z6>eT`Gx5JUZJIr*SM7=2?-#obFZpuY`xW;TF3m_Y=hshF6n)V? zw+YKg{x-emmhMrfz3n7ck=_3bD|n>`df4yfGVY-9<##HSR>1Bo)-x3hqazggkJd7h zg%mO#%~b^a{)EvlqF0ko=-RR-^J0%z@;!dAHi-2#Qi;sAWeFdS8ST0f05+&W{L#PfXl$lY=0%xI}BwXM)|T&731kDvC9DM ztUFO;j2Z)}nxR;Zey&;6lGadD9na%uzx2b_k`afvC6T@`Zsx(He^ejaF3IljGpaTG za=1+D44HyIJ4cwyu45$h(K#n8QPGR`VdW@2&%vkn53a6NX@8#$VeMa_t`6h-*#=@6_Q_p(H|X4y5b88>Db~8YtUPefko(6z4+jnP38XET8Z4gr9Ck^wCOVs&k{+MiTl~SWgd-Sj z$BRu#KHcfp)LaL(P@&#*+?SKQymw9V`QtWm6kqIvigWB0x{mhi{yg=YFejsH9w`>Y ztKiHHCS~%cEKdN%WN@do!=c4^j_vv+@J+27IZ-fD9M05HYp`#krV^Sgj4uhV6@ z&)szurddLFC`z^cD#c8@fAVK?@)BYF#882(bNJ>F4Fr2$F~SwCcdb3R`y-?tp;VJ~ zwaoM!TxU!#z7cqejD~Op9mp3LRODsrN@U$$k47EM>8XHEI1%q<9`yu=I!V`zE+T9=7`_Z z#>xlJAs^tgdX7me6N~%Km9j&62qPak2EDfeY$_Z9UjcN;kM5|?!`zy`tSn8Kru4v9-b~> za_2ljujSK*=v4s+@%%2qu#=P-WcNH;k8=))=|=OVi4iI~_xFq9 z;N3;K9bTPUI!V{Mp#J{Z4<|@a0W72}GI3*HZsU!zo;ZTC0GMp65na{1vDJNa%$s9iPe2ods zfA?7G)-FQVYIw5%SoY}iW8mbA$MIu8%kaRy9@&^eb+m}&$iDfYqV*tn@Od9L@!FDT z-;xxPBM)-JU%g*?c~Ad19ZGIhKLH@Dm2Hp4zbGaHwEs|zt5 zTr!R;3?`A*2UI@C`iWZ8bUp9~Es}rUd@hq<_Um^_Tn%8SG8ctRlg6oJAZ4}5Z~V1V-AZon`!`Bd&Iu>jn;eJBT|l(Udipupz#R71^I+#FI14`$mBLyQP6i2{BTn_WT=-KbzgzfX zogU0Pv8?rlEp*PB=`t6VM$oV9(uK{bnmmh}OczwtK~*Y{lO2mZmJ zL;SjYxfrX=P(0@Q>M_s(Kqoy(tQZnT19w5uFf~KMRdW%WG0Rhw5_BRO$goxbXn-v>KF z7RGeoPkp#IXLtS^ZwtD-X&Zih;zG7AdZ(@WmFPWY(r<8v3~@pcPpv8EDX+}>Hl;z5 z4_UXg@($+e%NQCF(w8A*Gk5EgcBHS~$X7DU>`ZjE$99kLHHRV%y*RhJf&72hqXR;2 zF(Cb3<|N(NLl84N|HuJIzuW~{>a5-AH>tU=gEGM4PLAB1#KUpt&=pL4(7 zJv9WaDTyPsXs2?7px=`b2bj>$s7^2Z?dS$8FmNt3fkwNKCq zg&rdW!1}h<77MEHSd!J8dS1CIft(gyQF2pvyk9U)y&hWX;Plv@#nVgL*YniD|L|vf z?x&)Yh%!j`m6&*E=i@bRWNi8BlPo%*@%{H-A=Hi=uo`STBBY=IQy=S&svk8XcyQ~! zFmfgEhs5c8S@6d_`@6|-s=Up{JWJ!`f-i%D?}5%TjX(aqp@=HZz~3BKX)chN60VB6}B~a6R7GR@aKdk6xnZzRzQQIRrDS z8CU!Pg|Pk+hHsOq7%G(SG1M8%C}|ln#Tj4slkI(i*su=$DS@p$NGy1`OwkI_srI}t zNG*y(6S_eMy=Kb5H`^1<%)&Vd%nvIZX~DSSdW0%e1cmaBLfcLH8V$9w`Tmv8CW)&F zdcCh_L31-@7wc7SLf-OMy^SwX*2{PxO+CxvF7M3H6QCUY5n=)Tmk;<02WIG?sb8%mJcYt+qXu|7=Zu|j8;&JUk% z4C%M{i(z}NVYW-%81i#Qzsp2OiHn)e>((Xd95L%Wt|W)3A>ZJb#9ygLdMF z6HKDAT9t0+^LeIDFP7$$Yz(iT-!6|OY7m4;T>Ef!m#umeH#>LCU6T6!Y6C@jDmbJm zUY*9JM1COY4}hzIpzkYQ6|21a*v$J$rRI-Hu}?rOk2WiO?Sy*mnpk2o? zq}8G%F2z0=I<0sb@H*4v2GVa#y4lOnAyQPyMxfg6Jf8^n1+Soe-t-Ime8%7UQ9UkU z-=$&7->+QoI}tvNgQ6#i7Qd`M)Z1^=UIOtamDGI(CnXcy5p{g;(abk+o}|Kr%V}SV z4xFkJT6>z_yzbt+B|gfWaA~qTylkq3bDRo{(u8=+d$h=~XD)6PMVRyvhG_6uE?zLv zfabe$?$C@}vXIm_B%$sato;NW6EHSYG>VbXq!ks(>I+3t)mZT{HfSGCz{LM}o4+6Q zEwfMK69D(iXG3d3Yh#0#b@jvpVfZ>z=G`r@B;ty64HN8U<$*ln|0 z@V@nmL>hdxIpXjg;h2RG@VdWbgJ;BNj&L!9Jz8dt%DZh2y~3~cu7V&QJ*Jh5+x{iD z^R+DY$^qX4*8nt0>DWf=sQe74(HSF zJ6%_haM+?R;7A1HX}_<|YX5O`>TW-6jY7(*ig7~VAFEJ*SNLY)bIaGE`Rjr`We{A# zeUL?uFXe9>PYzf4cTKjZNw2rO+2{E8c%&mi(uZQ7Pk22ryWGc9gzL)-rkD!jVJ{z zug;smZ~KfejTBif&C9ocbY71G_moKG3)%?}DTk{c_jTR zieq6o`#)Z|z-H(M^pkTnKRBn01VSWgkiozRi? zjsB6+-VGs062Y$cT(!o$0 zC-YGg&J7K?Sp%?VO+*B;UvTsMxkeyc(EB2pTJ4(>?Z2W}HsS$xp9$pcE>l`hqVYT3 z@u)a6>WcMA4dfEiio)R+s_3W@B!4^o`h6;S+~vE{Gi_%fOUTHtRyjE2G@=fKFtnLo zyN7ut=Hv1el|N#u3B5qEFrf(`Lq3~)^Ryq-R1o))-V(<^X}uQ9&GOFE1(IYq16O|& z4Pv_t%@r0+2dytm=!Yi30Kx^|2#3rh&ElE;)q!pD?7lnPGowDwx zBjJQ0j{e)}p)8AE`;44I`w>s(zTdT9w;-A~hf(@NJF(^f1}j6ZRvkj9bwCBTnjeGtc2lE=#11nzIAtoxi^*7XPfv@YtO zA=OIyxk8Unhli0UH!H{$*6Y?`&jb)pyp7#mzLB3W#Yiqc8pIH;yLSM}w0+KeYC{zte?BIfP(XL#le%)X~}P>hCKKoZ{6u@3-*X<;rka$e;GI z*!}k09C*k_BKyE3RQb^L(djMOq0C~im`Qd#p$!LtdyH7IPp~+A!Hj3-hH08O9lc%q zMZ&ce^>J^rPAB6+QO&SSW;?xgN3HhUZUh2X&A+9QR#6tx(N%I9m?CDIz^a&PmJ#j{ zX|cSi;tj$e&GGekmg-g<-BJJZdxPDu_%YP)9%|6{o@jaa0z@vs$Haljn_Ig6fZ4-a zWMUxX1*t2SPX=-znurH@)U_E8E*f#|A;1D?vT$eWbZ=ZjJ)3rYpPb({cPWZ9mCe@o zYQA2~BER$%mde69zI6ZbI)T}Gz5Hek)af00ijAz8>Tr8tEQy2rxE1=LxN#M9Td4Q_ zG=AP@aWItpW8PsPj89G6ZaDJk)9AC{7l9sUJi2`$jJOYOhJ^>UU}}=^|v3pb_pzj4bDy;Cvb1rQ9D=Zauf=}gG&4nh$VTVS*g{sZj)Oh`+hf0 zCt>GDO(!80$O~*%;+nnJkaxDnmnIK;E-@30I`qj5K+=AL(A@bf2_9dr&i%cfBtbSB zsWO87Ls_BU*(r6NAq8cP=JeRtKl{BGUe)n;cSfz~dg5!KB%0e0BULo&Jqq&?#H z@x0%d@2ejnx%9a-v?G;vL!emt4qNDqYC=k`kA369VYAmE2La^U zLQfn00~U80oes3D#POM_qs1pgFYn?CQkyU#H;QREv6riOSom zbW(vTBaYkRrumzcBU|z=9!Mbv_=F~)aXXATUFYJWC8)^94@2DqgibbJLSxP1_7|U` z!~4OP$nSYT!#?DLO=cR4|MU1IBKxxMo0cD}Z#UhSWobN9DrwFpGs5hSj9{xmR!YV9 zfN4$2`L8AM0f8QH=$Yk`lL_x#A1H|P9`NwDNy^{YbKz&8vyG|f?ZUqcXS2&XKRjur z&7R8$9#;A*npgQ}j*8N)1-d>I04zot?`zw$Ed>J{%pH;ck{fN9zdV4S`75EQkR{E5 zB~Fl*E6(-h3|>g1#S7o0p!ROZ6&3LSt6Bx7d17@(dI(l^xsQYQ1?IVb90$yf{zJd^ zC?;WjWzQ$>%KdmwL$Yb_#1phaJoRgGoTrRdxC|%;EX{lMb@$h;LM-^1*NGcO%sRCz zrg)8qgK3mo7FrbbKGq92B4Xc1X|$-SbCGrpx%+XTZiF4&d@;$f10aO0qmaIEDoQ%S zi90QuLj=qZJyh$B&01C5K0o2ki2K5Xf1>aeiaWwZjkESE9X)d`3cyaO8HJ`Z>6za=a_yEbWgYXu%{9zjMm z6geSK4x_b<#xW)jFXzOzktRQ~x-&cnDGotOJg4yF_tV`Y*q4RM_XBy|peZ5?rC3!#YYPX$m&C(P`pBWYh}-)6u!_l`%;u+ z++bwapH}c$CR_2jd756qVH~IqJ`nupR$YhX4U*M=#RKEbLA9^OyeVLj`CD*)K`&YH z8KwaQ`CyE*en@(`>4&gCBoGR~2B7Ync=L-+8xN)5!!Q5^k3xncyitdtc^q&)TiOy) zHA-lm`4i;#W3=xu<(180Q@i~wSbI&YENeU{b6fkj_Cvbfgd;>nE|3<+39i6(&gs6* z(7cd9f?zglW}Ln(`Am46v>qYM{FEWA2C}wY7h}^tR;;%QI~p_2%G1 zyx^O#gy1ePfQaosCZBR|UyEE)fcjT*D@FEa1)JF2WH&j!v8nzf!b|o+P4r*ZJGp!t zpu)=YfSHzW4UJIcr@!JQT%2Cw^;Ze!$R8QL_Hayg)kIuoz(fQehH=6V%Ae#rsag%H zkVE&0Im){4*aY}Wf5lBu<)i|xQL@H2@N?t(-pG(ao2Ho7+atP&gSQ7Bn!HyePRbE| zfoUxlIzP_e-+{Os6P{a%zKVo>Q`xXs?h~4>=jQgj!v*1m-TrD%2C=`M1UsS;pa8)f zR)%g3+;mY6dAZx1eSiw>R5v%!$)fVNvB~$a_<|j3*q?_%FP|{4fmcZfpX=V;o>wZY zx2v~F++EkQO$3jINskXz@lOE3`*#x6;Sjjmgv?b#vnU zn6?bMf0|Zhf17T~n51&Dt1q=ukDJATELK8Y52_kNKDTvyM=qwebY3-)`_=>PVGi7U z&)~#y6~7!EEgID2&a15Lt3+}wJe4id$JM*&4h`)gVf<3g61tF*^i~tGp9oamnm?e; zT3a$Lu&u>FTPZLvX;GZiFsb7`g<4d&GjzmwcaG7#IHs#ak9F&0i|K}gH8<}1gf`5V zZT&l|Qcwr()jJt`2nIw6yn)C020+N%FUu`NJ^5TTw_i(Ct`4tQ>3Q0Esi)NfpudUk z@e=hW&5D~Oq0l641Z^=8a?GXUunV1`ItKlpA(7Q?NFJcC3kwPWhgqg-otRL8glgdT zNMeqGR^KFbAriG5-rev4pp3Yi#NY&2gKEBh@y}pU9SAumf=IO*eWw@{=yUSL?tDk_ zdGT)RNKFJ^yX0c1y?wT1C4xzm#8-)?7JcO7W~^{IjxYWBb8NGkjx$-LJjtFruqs^6<@E`^guC~q#pvReDLgqW zH#akj1*?E_hmWj@42t(wvrpSX-qRJjUi?fX%RQCG&mfqeUMFMG6%LJjbYJ>KzuQx+ za-UmsI~xZtys3smOno7w)isg&jtLSeR}9?c@2yCOgExx>wpLY{Uw5-CZ_47XGc_{i z*8(I<-xIXbQbfyA9`Ic{tiMq@Jd&87SF}bTbB*T_oyO$83^@>V-@h9Q8MpQvSKVy` zdTwjjL3<&bz>a<(qHd3w^t|SsU+}Pm7WdfFywZlMJpf8|i}QnP)Z{8N@pwM}rBe?W zilA)QmoF|{)+fBJ5m|ud6Mp+LsveaBE}wU#%N|9b!(mF2R1KhUexDCOVK01L5f}6K zA>C_hO|R{^Ez>V-_Z9Nt$R}+9z$cel=@c&t_q|1CLv`WA%Xzs<=n02>@_S6~Ac3x1T^`bXUPv)JBoE_et!{fK|kh{L1RB7Ch$;)BDx4 z2sC4s)AOP_CKA|?qwF=wwG`r?))ullOpNYtu6eSPh+Yx}0PyV{-1LH=LKsv&YV*|+ zX@YtZz?7szu3^lBl;GToS>h#XFM~e!BFW7*&ZjPm{nC^V&FMTtmXU{82?5Ufi>Sh5 zQ9j)Cs$&PRn<{gU`^^lX#tfLGT}%1xcSX7Ivj?di^Lu~1bYMSMa`xKa7(mE-g%8Qa zW}YsN5YKo0V}!mMubvbhs83PC?dq@MneR2H3UvxPtJnRnY5 z=@KV7_|HoUOU`32<8F%Z89k`3`FXs*`-K_akauqGHy``1dS^7frM}M-L<@%IJj;?# zlF-Ai72fHA3(c0RYrY*|UhqbNY-nU>An9X53BHGU`Sa9N$Mh5T72%r$;NYoG_&=|A zVCUgZyf0(y#FVZTYp(+HQ|#}_>Gz1MZxg?c^V9OP9wLq-{up5EY>V%pyr}aGwCnS8 z|1(yGuu=PaP0kzD>yTx&>&zT{fto?YJ&TmjAJ?FL-=+kmg@aF&(+nc@Z7Xg5aICYV zWQ4uauP^l|aFu%Ya;okizclw`sg?;j&)Hr-Xk|(R81j-F9we6EMUhiCJ zWxNaFgDut@2!f!1B*=DaZ!KS7_Ql#0Dx0VZzsQV;5?=n!1tFQ;-F#Y7=cRVC&Uf4~ zQGIku7(aq#Qg&SyvE4tU>hD#8dlxyRF5X8?2%O)onI>n6<}iM*t-W?>g`iCfN#BN1 z&2OCqL4|%nBvb5;wt-KfV;A@H_Is2seVbq6@6SPuOa)YXKLeD^wDM8D7yop0f9Jd_ zI5qQ??7O_~;9y;}wj2S~yQ7qR&Iseg((t%@-p~6W!v~}m+aj@^(Qq6m-{P^aZtx|c z@eJo)DosB5W`^AjNG!|~aiUqx^pS3l5a*BT*zo&KT0S?AkJzP`2 zwlC=8=8|BZKEkh>@5zAJ;I-nt*Wh|69JD99ecGj%PHO%<7jPcJZ+|$Rmom;M=zX00 z;vKQsrX+BM@Gl_uWB0{?Ju1FrBV_;F%ZUiQ(we}%(`c#$$23yTY+ zx4od<`AX!pPF{IhoUccyFj?)xs6Oouom2Y@h%#hGKcU(w4to;%iz0=((?5FlA7P+E zQXR6{?t4ACS?N-VuS%CdEcN3j){UUh0AzgOCeX*Tb=a4xo>t4X^- zml7Abk&&gk+#+m+U8{fUKh)(1*mZaMD}=w-@Mj3X+qVfA5dH=l>Vs{TA-P<59J`s);bdcaht!UnRj^s zj(RYTGadFMdPMEkYmnEbDdzlu5j&JMK&1r20KY z$qIa|yzCb#1xW-E*$J+>Rn58X$d z4}JX-G^K(JO#l8FNVxwDcsa0-enEKjA3}i&+0`}=ZIE;wYngBw7>0{A4n+P)5Yoyp zV-S{yCoj&2lYL%!-g;|edv5jRmz7yj?sL2eDyHzb)@KN#wR(B>!ZViDKAj*wef4DR zB=mw(9k%CJ{2tPrF798sI;zZ_+&Dnbc#2P8J!ixOS#dN#Cd1D$<(Y1dH4sQ07xiDm|$@D2z|+te~DoC$C+0Yek# z6fn26tjeW~CK>LwQez8D`9+ai_(j#_6i{!**xrO^2ZT#s?j7-})r7l3g=xQanf-=% zCG|vEax$Nsd)T7;@-gFbbAOXL8Ar2!KmpS{wvkXK5pz~0bjTG?W0LMlEZMIEMP@YT z%FiI{19iGc1M8qK7uoqhDCT(t;sYGhT2wh?GV-dh&(*N)AGd9EEGt!F zKWAI_Sz!za4^qk5dH818m>n>6`xtTZlCE$s#SSex2U30u!}|!uvfJ~iTcml9jK+f} zSHlcW7j@=bf5vaAvl*-%1%`I;Rew!94BtBy`e9s2`5YJkqq7lbjI!yc>G++(R!I?? zY|a}3+mEZhMme1r68oZw$O@>h90C0yaMX$m`i zpcK)&KrpF}`%*Yfa`C(zo>2T|;){8d>CgFbp<#H5&sDq?nCKjChsw(O>fv$n;leFY zfyqP|h{kOdQbzSIm(_`5Fe0sR;?AFQeNNy-`}m23|6KMZLhgSsrSz-NhDZ(hu9)z} zi}7&PehG(a&VB(%IE*`bmTaLVv?=i7w@`eABU8$-zML!}Gn|dEQ*9!8pAIS4f3T?X9z-I6q5(Q0K%C}pIFX3P6x&3D-maY8uak_< zSsM~Y2S2N)M-%U~F3%I)xb`3mFSxp#LS{}9$@dTUc(0f1&1H(T9;$DXdS0I>^n@d8 ze&3Ax#+>FldXhow>upE{E#`%WAb@7C4SZ>@2NEBkd? z7Rq|jxxajSBHPPjlmqG;GMy{4-zKQEBCEidqH^#O0}$bMd-yIfzk&O1axM$w#exd-p}HiYrn^q5+K)fx{1HPx@HGD z&lf7`Jy$C6&Y+WQ7h(K?(wrm^u=DfeXjMJG>pM zBlH}?LxE;agEoPk$`WN;Sy51jb$~9vs*tYwD8+qcl~I)|?BfBycKN-2ebS0CgLt0g z_|=9_Cv@m=N#8GZq5(yz$?7v5{z@oh8Z4>p`tOjfwhZ%>E1@(KnJYV8x zzCK$L`(%n{kNjmnnf5plo~g$;Y*g!hkM|Cy`V}r^&LrR9?!3;YT9$uuQvysA$ftc? zhekzl0XU9w#wFa>iq}CZ>F-u?W%{}s%wF%1SoiM1H-1XA;pT>xa~giiJfg+a#2Pap z1U@S5>T?uAtDZ{iOaAD`Aoexd)>J(`W{;5n>%Q&laLxuP7TTptYa|5#vJ#9(8~o9LB?2I$c& z1fUHG2c85fE^}JNNAHH2O7>nVo{rm#c$hR0ji`sIApCx=ldWkb1Fm!kc0pWa@0ZsS zX07rTGj7r!sEaEmA~2hau@DPwNDMch>c;%^`7%!fAvlQS!SZZjH$W0 zK0hcRK6^d_GW8c&5OX>@LB1vZg%1{i^C8v`d(cWX@N`R^ifOdq}{SlrO=d;)R|F$s|_`%2DAhxrt5=k zy@E4f{%!OG`mMVGO9DTKyYV^L6Dgk3%XKM3in1UV6Yo`pT_c2 zoxAr&U#~s+I->8p&>ve*sos6Xva?0A2TkEHe|y~l)sk8nV1iWrbU*yakNFmQOP`SH zlwj%OuY1|se1Wa<&D(BNJ$d$*_ci-y#A#~55##o_A-HLN?{#_Ni;?L%% zULZJyNV+~y)gIc70~ZV@JL;Or!001r8;WSod+gwIfj6qwxe4ZS+n0!Mos6ZPG{{(O zJ3ORtT!bZ_Q`gBOtH^$oD%#jTCPz4|S9YNL#1&|SA~=`PrwufOssJZk;KyNQ=*S%M zy1ridw|hyLvnf4~i+fh{Q-oSg+2eFgb33Re$|BrD2%T@Cyy7p|wrO?O6R5RXk(Mz6 z+O`C=0Q|8n-?@PD*m5Dv8>7&0&-?AU+R7MKs?77!oS-u*i^5=$cwF4&FTn`+BOD|0 z>9TJ#=cNSRuRQaxu^9j=z(XxeJWq<&f)=D}!}(hsK+gsG%h;9T+P@ZRa_q&&ymM<`nvh+-O~getj*8?q%W z!BCUb>w51}PIT+`xHhF=%mki=S>*8p@v5iPplPz!`h_uyxccmy`Lo}@Rm!194vPdp zLKG`FMKX+lMdx^nzt>S~!oyJ*6;waG%lk?kfQd!C0?a5PV{b#Ye%)MfVeKE~I6D2h z34h$Kzwyx5I>*M1l68D-+$~( zdCZxPuWxRb>rsCb^WF%;ygrO2!KD``&3&e)sYT74?9k+Q2$P&17s5y!2>s#!>-q?z zapA0ejeK73jDmz=lq8RKiW0lZ2P=Sr)?~rlP?GB5ADU(Grmjx7`ImE8!;8fk z3%nH#&pZ<>zlZ#f*M<++dh*%0!UN6pIj2-!R-b#*p4fS9+`&}N?{w^gJ(R;M>)z^ez%c~3mvmyG?arv+-kE~r(%5FG7^ zz8Vax5Mck$Y-T1{jMPtK?!Y-wMr~%eO=1?XFrIbMiDs(DhOw*Ol{s(qD?c*q=r&QZ zdp`aMDANe_9f+6xn{)XLi1a5JGjlCO8~NKxID4f>SmJ>DhGEEew3m$~qW-C97}q^A4R&&Y-#9j)to zlh=p2P^iW{c?hhN{B|)9J;nCzi-)GOIKxQrrk_FQBKX`!CXSDkzO^#aiYx*!gwMyw zzb$dNXM5Wx`*W$+)NH>sW*k2fSILJAYQ+BbvSG3FIekAn(g%jx*({Ii{Z%HV5RG5Z zZl&Hk{UrE!Gik~einuI8t8Z?3G1k~iZp+2p4v*pdFd>7$bU?}(Ctk>*)}my7`g|yU z3w-{{9trLOUauowvuFYssYp;-rd=)_B`{t845yF#xA4?@Z}RSS%G+Jl+x{ft%3zFJLN^9Fk;B=bC)8XV<46nVpKpRXDb|HymqsHo1jT{xCR zj8Or5M-;KdIK7B%dhdN~ncjOJ1jPy(JH`f@AjT4F>|(`&73^X|tXM$oh*-|O{pCIH zTIW0GkMFN1K5%*Eje10=qRCNc{pVUdg!;W{y7h0#V9QP?3DnV^a*&?FXFL*p?C;Gp1TB({wt zU;;xLm|&%l5yz?{h8RzccQe7Zfp~n7>9=7VrZ5E)wTOA3b&JJBL}FRc%Q3KMVVjI5 z&_kh35wUBPQaR8W!dTE;E^@!5W)X%6T_K*32HC$6RS8gXqe$rtp;-d0G+YuE2MBsd z!86GwkslyZIup<;(3B_u|8U_vB0M^Zba(?hB4m^X}8KaOct^TJpt4Z~-kHy6mG8PMV^NJH<;K!MKN`6OP``#P&MdWuqkOxNPB+F8HV`QgC>tUi zUqH(DgJ3w7L*ZfJVE8fH=wW+QC-MNX6LLP0${ayPPl`E_fx;g^ezJ*J6Waz&-SA3? z5{eM0G!+4_52`g1u7!zJ8>1vO1%pF^IkQCUQ3qX!bq56`Jw_7efUYzn48Ax;%LQ3j zn>px_ar|UD8(A*`BOb|w%McztrU-Edz)S&%*o+0)Cmn{Op+pf;J8192o7~XdMIwda zQ+DW1gBOA0E9k=b!{R8JXJ=ty;fcd;Cm+hc@TMoCB}*}?kU6AvF_~sSX_yf+?S?;E zhs{brYzm7Irim>k50MtcimehqIb@aD`5Y$?mLrn!7cnt19oi8Rc*qv9;~N2*JII&# zp_kj|F`Lx0=#1?Erq8-DbBR+tu+hGhs-JJYW=BK`GL zg2#>X>y$(cz=3ISU#Y~f!fqu|I2s~Z?+9akBsxy5QNv_rdX09nQb91XQ8eVC*$qK7 ziUThIWU^Y8#La2}#E2okU! z97Ft#>JgSB$wFr{N%RPd!P6PNK~w;R#p=Z&1qYJhP*DjgqZ)wlnZrN?LKOl{tb)N2 znSe;2qN~H204**jise=r%I}f|`CicF zwtx>o<$Aq3wZ#n$K0#pHM_Jra1CuLZa-vcYb+LhRD=_|{r4Cro7`@CRbm>qcmJei) zBT_6s#8LXx@C^(Hi6IO6ptz$ZQDTT=<=~(L#;}Se!ApRIK>-LRzD7th#r#n}hN}Yc zADCTCE0M|tGF7)W?6do^K6u5WR>TB2lr>-ou$6cM!AuwEfz?At4@cr=7MMtwPfUPU z_;@&%MjHvU*uE$*lLGL@EYw;>cBR7Zx9F){yb2UXJbbkxq+$f9K9DxDk~KEIgT+9B zaY8dJ5+8^G8Mw%bcc9JgI7AiH7)s}N#8vD7Htsg?@OlmK9_x+LfCL>DLcS4)*J>RE z3=qens2IDN9HwMj2988W|!Z@6^k)&6=Yz&c93K-8de5mSBP81 z)as~sxsB=KQn}oCm}g{i0B~YwsNg-Ipkwj0b|-YUs-X8M>f-uXL^ogLMU0@tEwdqJ zMG@tIAd`d!;@N->vUghFwjvfN`bz z1n~%%a-p9G?5Psq33i3!at05o{C>0q-q%2F4M0h9znshyI*Ax4Z@^c_*eb6CBLxO} z8&5~T25D{@9p?>5*&3j(gZB+u9Y{YheQ24>Wu?Ue1Qb`NglxAUrVp@VYAKtDmIZ(< zh@sYbflO0^%zLSnPP5AZQf{E?1qLjN0pKkeC+gNJf&x>-z}B!tQ6xO1x)>a)%Ye1g zolrmnLVATe=%+AsQ3sh}r?~Yx9|Z-x79LQdwW6`Ch#nZEsS*%wB0&b3+KwmT7i^*rHA& z_fm*Hk(us|d6`f!^Gmr@kyMBrpzyd}6!UhN})Lf+!jzE-?onNMaM6pf~I? zQ8WS)!x+W$6h?fU$!D-pPO4CakI2~~wp1jdqrEXXnF`cVc;Hp%(qwM4ixRYI>{v6@ zj07y7h;2io<+vzVWv0_5pFOP9DU1?t1Qmr8O;mx!V7ML(ijK##=wWEqMnO0iibI*F6c1)hhfNP}!uI=3@Qu|PKs z)oqE3wJxA9gjeBsr-shus+|UE*l%D1v$dCj3(KI5h($!6qA{pPtQdz6R1ac_(Q8Du zMG4s!l9*i@8J*#Z`y_Ipf?^PD8aF@UrEmantdj{G6gUn*5DF381gh7j;5(xjf>s8t zh3Y6(=ZWBH7$sCttPnK0VXLNsa!(L=e&rUX!iN^neL)P6J^KR`p1hGnvIYKm|6;NITyqbg?R5?(=u$bnDt~;_6^oTU3Z(h2RM>VRoN_32c z5A)%}V!X_c{0m>l2UJ|e42n5|kh?9yZ;4IXTz@hR-0st5%T3I{=Fu;4% zFzJ}o7>;hk5EW_^ObKdGi?$<<0ZjyncrBX&3~dDH>Bn2tHg{AF8VDfd1@o8+0xn#+ zC}P0Lqijx$kBaE{6mZ?Byof+SWQIsY3zgJ8)UW`{(-|UBSa(!t*QXFEbOST$L$;Ba6*N9rY6h$=sx{`s#&qAR`EE04 zjR75ML>4CE$l!PSfpJM~MaN<$4{)l>)7vmxp*UgUE`6y7jjVbxMK*()n ziA)RP>T zVLgEaBF!;@furRFbaFLG=^{}bdQp_952H;Owoqxnaiq{ss}?b$5s)MIxa4SK6rwz! znGaLxHpD;%y>y0K7pMk7jv`a{ey4_4g*v6zetspf*gNhhN zAEH^97#y;LTf|s2PD~@Sbb=scg?&KPFQqvkQ;c;=*^rj-LfQ#sP$I=NDn!jBu>wj* zP`hC9z{Mf+BrYN#{7GVOScu|M91Mz2ZPW${Dz4Bam3nzLx<%?W@y#T-!Z9F6 zA&CNRk{BY zgR6uyQA92|MFCP*UWv zNO6l)|4AiA`8>1I3={-5@QPJhhuGu<;$4#29yhB%vw$tY&_KZkANHyd=ZzG`fmF0N z44t7sGG#W2k*`ttF`(c|cQMooH^mdhx~M*AY9wL^Y7nWxk%0RNzEo}!20=antPay= z=c+*0UaD0Hv~i)|E>gr*Rt+c)Tg-m7-NXWbJdYcs$|y0Nlt$&tIP#Fu=!0+K>CiR> zpt%5_X%u1NL5{=7v)G}FpN2S9Wd`Lip!;hqC%znBj91r@mHiuIi0@(l_pe8sdq8X&NtuhYi z5YSlEfKq@MT&s;H!ST@!K*W%u9G{)z@PgbgNf$8U{2CTsD;G1!c2gLr%n;d1yMu10 zVnMRWAL6-;DBz01c>(L=7lR}foGj>pdH|XbQxlmA8OWT5oDn`A*~D3PI?-*QgveT_ z9?QXtHA;pLr7?yhG9t=JLTd$Ron6FW1eqXk?gQ}&g9hjH;-rvF$4Q`0A@QthQMskkM8J zl_mjC!t^ z0okS10XA5!mxfegpBin)2Y5j7jA4hZY7(9kvkJ6ohb#&*&{jVHIiRj4py`zc1EgkL zAth59gNX^UK4fSN3p zT?Rr9nQkFa-E`oRjwt!+xC*$+X&e?<|EQ6{hW$`Y2VG9Yzaw&^K0k~`iqT_CJkV{7 zqx}vg^yy3W0b|Te!huo%Fv3QIJPOSvj?>)?9fQv%%G7AH6fX#(Og5kn;o0H_chnP& z3yctQgrpFnhbShahHfV#lNc0axlV_KjDhAS=t%VOLO!j-$(8wW7%kC*QRrO6kV9?3 z37iH(+@Mo|{%{PwIIa@FY*%UkU;*#9J^6n2YHPHYQ39Pk1Wowj^ zSJjvFE|(O4^% z=TSL?3J5Lq20fc^lZTm7v^8KxlhG&#$bExcIfY8p057hCq>e*FT|}qgiZ~RKQA~qI zEF2SYV&KHl2$oAA@@OHu+sFZ-X{$zw383*NyVME?fYGOFBv=bpj&jE2SQ^#kc6$xb zw~r=>1v)E=PqBn!2D#4&@KcFJt@JCc!C=6_4eC`gI!H|bx?gDmQ9=)o7*R(eDiVcZ zV5od{o=7I*Ye;w@TB_6-HHt{w&tr($DzMaOuP^4}1oc5a83Z$teb6tXQp5lnG;!>D ziyUgAIFJBDF5kwGn8*7R`9MI>2)9vp=c zAp5t~Dj^^lT((N8;ge!k5)OkigLV?y0}c7;7#+gD!vzWjjhb_Q&^8Y4Q z@BnR7;C~-0$hCN)jlv;FhBDAY1M#7HIRbA-Vg)>s`Gi;jGM{L%%Z%m79UOxiEnxEu zWKcj9azidm9AHQkKi6u*Gt_vB-i;s16TJ;ny~0|u)jhy(CGB&fa4sM*YmqLemAgaZOg zQLMwQLShko*Es!3VC7L8EG9z$Z>G@<3T=c()8RB?yw?)ZkhBgv%MnA;9_Fap64Tr9 z>TmtFfiP(6P#~l1v(a4+6^?5+vh*IC-DEWIwR!;}pu;q%072$d0-?7{MhJrpJWC7R z4@?SFAx%c1fU1ePBQC9hf|Ny~TDeF>(RyS+M#2GoaIIKp#G=Uxb4aFC5Jf&Ugcr6b z5GYwiRJjc56-*@N6oUzeZfFu{pPQo)lnE3niO$5gGSxgK2x1`x7bXpA(ik*XCIJ~3 zISH)>rZp9n9OC=c7Be=krBV$@r~M4V9!Fko*`YSrklbWJn@TU$^JfHb`xW#_0} z;E_?K7`UfmkbTwYRnYLnaDSV25sq8S(fXB98i=d&{bWN7j|G$?kS3#4QoC3kGZ8^X z&8;wV1rj{lqe!amZGX<>@5>aBqpsZf- z$v6@rKTKhJLJ9{mEI0)bdhd~kNGD2AC?+Kc!s~1e*W$9r{BEXC4{|VVBcJ<(dOHuUvx?s^fZrnXZb892}|0uJKEG zR)bF(lZm}7oKI@UXo4~Z^g&t3fdAoR-Bdo`FX!oDlIn>8x{87UAyT?N7;^<^DgniY z#G8r;N2j64l{P9K>Y(y(&_qec87_i z6d~>cf#K$Z@K@C2Vnk^U08xwC7!ni7MMJweBmguPxmm-)d;>~w2r(BODwZk|sH$QZ zz_G)$@IB}-F9g_Vk0VTF>kzd?_^5}W4nkufbPKD|USRHXS*7sM10HJ(IOL?dFj^xM zp?xu{D}*=;v=Gr3b=lZ-@Mg?FYNGN&x0Qfk^HTLn6o4ueSYONzayuNS&4x^C8wPPS z5#9hQpKahpU1(51S963Iyn|qs^GE?N-^r80yH27s0Pa3?g)k^;r!0W%`hEaYqYW6A z5*@aqurUQSER+DhBU%PpKA^G9q{$3GZf6FYsslDJqgx*gXr&CGymExd9-Bq%7GYT^ ztvn3M3BfQ=$B8R(Y7oW)-A1^(WV%McjKs;_2$FllI)K(A430E`LL?%^JQNVD64*gB zTS4JKo0e4pbY(uFmW`D=BMKbPh8RMH7~D`9ktp>=;dFRSz{|$t0C^Rb()?a|*bQME zFo!AxL600wW}EP+xQhs-9=t+@ReL-fLDT@YN>7ua@CLYQ7fTK2R8i$>I*|g|9fbnS zgu@WJnb)d`Tl~&| zMyQc0G)lQL7=rVOJT$b+0h;tq0*B95VQ>N>@Km4~I;YEH#6tU$R>mgBZR$A5L)Mv8 zOr=Sul8Urk0RzCFOraT25izWWFJ?JFGo9=YYjKD;wpy-m2T&}a@-dqc(@wI3SO@`H zKr~U3kgZTNl-#&gDo`1P49J|plXuuHK>>pp7f1aLeB4cjD-(-20xHoN@iWZ;>ml&C zhM*nmQfa(myfYTneM8F##1yiaC)V)2RH(S~R2q)P3e+-Tyu-+L@sxDDTV&@M2uwGe z&kQ{yZb(35<8mvCV`U1!0_*KEwTz|@>s4d{Mh!(_Q`oC_fDAocGYheP|J#~1yzYvc zZB8ggGl(m{Px|h=lZ4qWbchg4p;E$6J)gOHRDYEXM=y}1e@+!yX&zYn9^eNnN zJwB`c&6ccHcbi7kmwZA0HGbv0zfzm0ru_ReBcW%8bNaH}DG9k_lnI|&NG=t#wr;}x z#iWmE`JbQrlwV6XX9_uefX#z<-1vOjmxuZ+2rf8VAKNRcFC#ESIhsp9_4@{$FK zNr}zA{p8F|VCP$_#-^y*>EN{`WuG~8vbEYRQ7|6-(i~s50w-S&; zm*Esk6LOFI1)q1$UNEZ5zvmm#KSi==7W4W7M#?O>3V*^x!5p}5+4=OVm}g59 z`XeX6)NPdH{rgr*^W?Ogmru<}i8=b@1p@~SK#l+9-@!MI8B^51&!$c2*<*qUA3CRH z%$t-k{Gd_<1NRH7XI(r0PgSd|_NHF@y7LD%8(p!L&Y{lTs>>TgZ{3lXKjO{?8hzHE zZulPK;xV%*qLqEt4X7Q}m-}{PM}p$&QcufIqYfvhH4?D62}!4h!iaCbRy|Km@zzekZWaOR{_y^y1}tInn-j{VP31ONYh)G*1}`a_=<-MPH>4YNU6 zW$JS4@V(J>n;e6!6Tbzub!B< z=+cfHd*^0JmCIlroim@vI5zXPK&4BGO@fswfJr6h-5a+=)2|5Y4h#+y5SSuO}%bj zI6126x4At&PW`;in^QNwA;ppT)TAsq`sa;qzpmPIzoBu-z|(K?itf!B^Ly)o(nY3f z%E~wN*6o@J533G+eck5y?VWi|uXZQ(+kCC>EYfz&+p3bf9jE(L&Y#m|?B@78*WsCM zH=D|YyBj-?-Rl?~ZyMSo`|Ed2FXmLZ*4eLaD!<24FJ63e-<6+!{Cj1^o!G4NlfGt+ zJ@_nA!{1qd`-Hu>_s9>lKV2Wk6q}z$-rTWVA4NFzB{pu()aM^3`WJ52ZZFL(I#=-F zkYIAd_*-k^AxEaBW~zMH=<6*_>zk%^c=`NFOONeX_x{|{0sDPfvb))5KZZx#%9^4c zGew-(;p+RUvfeLzn?Jw0<#`cly7spxYgG^Zx~o-XpU>&1H*~w(H*#>)wf(){3~LIP z_iP~F9oyy3rHanyS6V7=ho3X&X5JmYcJ!G~?xXc@hDa9OeM4Wmk~+m)%-;bjJ?!*yZPmd$J3M-<;){7rMT!=Ha>%bM71#?SCkJ z?j0{`sy%l4+KxM%@5{e0JsudiYE|QgIsS1si+xA4HjF>~`KqM6@1N&ZXO!*7eO=lV zsW>XS@qqX?T>9{(GQCpKex%g9a%t(pc1Jf4o9mrgR)KGp^z3~iGMlJY`?SIT-iG<_ zUYNGF%`R=1acFI5U()?9CT z5m`7tvn05?^{~Sa3ntUQvvobzs;a)IN7lri?j?g&;SHS~*EeksFAeR!A^WTHk5LB; zFLWb)898L)hD9BQJI(3Msr{#y4p0^i9oO*oH_iJ?En3vg$b9j!-m<#f*B}{j^yo9k z{PZ7gP2GCPzwc@8+Bl22t4cKb`STUamjAr)&b#MVrjLx~E!vjn9(VV+q+eY*@0YR|A$(h7xs{Z@Gd!o))A#w4GBS4`Y(C}cx_j7vC4u80L=Jz3cat03C z(b(C&ecGizGyzr3KQr3YKG*CR*FO#4eB8%1=PNq@XEPy>#@Uljb%JeT+`?hHk_|-< zrykm~S9|SC@TMkUknnAyebX+9f-TOSxoA~tC8EONhy71t&x2^V0Xu zR)1Qr_?nnmclzjynqZN!ZpE%^pFbGx)U@iIef)=BV~!-c6obb9Yom8fvx8Sqx!{|P zrvEiEjm{L_0G`nm9m+HA3ZKSjjK8ygZHLrNqppqqIC1y=n$^x{d-t@VpZ<9G>+bnw zhYedtzcc3i@yeUnt(#vpxvAobM3~=m+2iQl=RdTCDKctjZ`aqtg{i_a!LS2QMm4l# z?P=DcZvEu1MAvWYf86(|>cGJvG?_SPJ6zx10tsnn9aMEUDoX+yh-EpR*)^6!7zLix~ z|422LeeS-e=7wtZB>gSD95-B2dgk#% zv|-cN6J7Q{%a|~ETHUyV``=~Mk88j-(FVH@AG~wr9zT850e0)DQ+Bp48r%v$>eAZr zFWYr2>b)-f{Kbp3wrwP@AMRZKOWSFRi;aPr{rQ`iL&xqDY&EQk-5h^*fO_ku505OW z_NEK0%bQ-8XLQL;7C!Df{-?fIo31P#U$`pziq4Vz?@eYxJLyjLbEjWAcI?N`kr$Rr zztneqw_@!2l!J3-OutrGzGvu}-*=_EpBXZ*Y;m#nWZXD8s)0|Dhffs@yWLPWV^*KX zshir)Ctnjjy>@44)O+d&R|<8&!BID}CKiOwhh9{-S#l}uo1qvqK4X0t{JXZ`1s-=Y zopw>{V=?0;p<2wkB(kv*>P3 zbv*oP;n%EYsSUN`vf9@y5LdoDvv75=a*}Q4~yNwilE>e|MycbKEnRn`v9{461UXXtmV~RoG|kCy>1gI zQ{HyPRSva&`lq&4$?o%cLgUM(W}br&E{!?ZVfTu{_==`g)i++edw4l~>hOvixwHE0 zT<3oJeB<+Y{dap3Umv-u8m_zFN%-hN$jBt(owkXKmoZ(XjtI zkZUepG~sAY3`-NTkA&89Pz=^fHkw=GAUN+^(aD+l32c4axp;V`RglJ$J5!Z@Y+wY5P^|&*K`OZ+($bnsI7s zE_a4&&yLMQd)M`{c^HcXw?Z_4FPqpv^gSF(QY4OsQz!<`1TUb+6+S=N6(F{z+e z_ZB*l2=YmiH+T3-%7r<_~*xg?_Rlxh@x(%R+8`%YGYch+PjC->&=SlgvJWZIkZLV=OL z@bbKG9(pmIgDQ$=PkY5XbLZPd7puoTNX&^sK%6(LF!eGIE*i}cX52?Edh!2v7mabQ zGvC=CB6zAs3{h<I^6;JTEmO%;{hpfZ8wQ0>tlUc} z>fiO^w$*n_4>mT|tad%Uv{t!Uiyt!a(4@SKvnAFqAD<7qHR;WH-Z&P){pm|ny{oKO zWamGov*tDXF5LV!%csvA*9ija4=E{<`z;pz(m1)fj*QP;nEm;qroQT6o55Q(JN_E^ z<{b9gddZqisr8rF&ChD8+w=b6V$sdqq<*zWTD0Fevf=jS-kG)NlIp2#eyi~8y*G2} zsL!v;`s{vpZS2??KX!7SnBA#c)0wV&D)ntvW<<8sZ7=Kn{&t|^#)fsPo^82nUg@em zJM8ezgYR#it;%k4l{}c2QM-9hm49`w><{|5k3Utr-3F=e_d@Yoy;oKX~LY z@KrGIWg|0p7ly8B2(Ftur_TT7@F#!CoAQi1Sn=&r?8WT{*0HCi;X4!jJ zw!Y?Qt3J4s0`jZl9qM-9a_`XYvb($!eIHkycYHxwszM0$%49vxz13TwzD_GIP zbKv48i4a4hEUeR|} z&->5D{E@=-{;sy2ymvJ3{@p9}cUb)g4L*U`%*koosYz|0Hwx-b%pd*b$*Ls!X}G7) z9%IWt`O11(#+QV5t#t3-P+8b+Fn7YFSB!?AGH29$Tr3*3J*P#hn`@U&Sh0O{{o${N zb~$fc8cO)BJO0eO)t0YICuVPl2XXsLW5wkCmOZ`)CkgJ`q>R_6`nj%c(u6<1yMC+v z=ug!r3*!^Fw_3Hf$2VVEgUMZy)GWyhi}PH8;r0%TsOjDHiFNrhp|4%)?!Lr`F3}lwff7LcTX-J+w9%(Z9+^6Yo}LHQcFD(k$f# zPe0QCte}q`AX-&RZ;{%3-Hb!BC+UXTs)HqC)0p|=CcQdA(3Q4Sl|A2j*uAbWykg|n zPj9xIKiE)pt14F0E92vnHFrMK_3Du6m+ix!-$W{cct6^tjZi`G<|&g zRCopNth}%)>%Hds#Gb`NwjQ`dmX-C++*Hyzrvvj9ggh6O_Fnrsr=jM)X`ptk@aR@n z!J-x(d2^tc$(WG!PSH^N@}~|I%C_paZ^p;Z0L%LuDltM zNnN#mz?(*x`#Z1|BQEDPmmbWWS9|#DmtV4e(ouB_r&)fp%s-WWci0HW)&s9+^SZ5V zcWB~-%sPC-xHor>zPY?fgC!0~O{Z&~e1+9oo4RpQt8LcmwOW6ly1wV6^#RSE98+v-_#OE9X zz9jbM@r(A!)JOlE{UtC&*HD$Y^+Dd4qngLzz^={@_<`w81Vm2Wz<=;MqjQ^>+L&8K!8SP)ebIs0B`_9}0t ze+_qh&yI>wx5!^eDGAbo$(J@++b2=RUYUDr{=lO;%Fo`RGgfo@{yBQpz{VFP^#!Ou zggsLWx=mNi?T&Ze&1wiWZ^LR;lY3QFaU=HTJh9D-V>fPi4u8HqiP3X@uZ(NEaxTw! zS$!z${f)9M`=1T&a$46e^5XW5o4Xt}(+Phcu0Pl?Vc?rfuq?TTK}#NL^Itm48Z-O; zRF3=v(fR%^iA< zm^^9g%LA{-cYEX}cODeo{o&BMku7tV9y-y`xuV4W<;Zp*gS{SG79*vf~B)sX+CbCO!BPc&6b{vxa1bT3#v=Eb3=7v+t= zo>)10@21LoAGS{|>r;jS2e+jD(DO_4)EgS8jik$pjq>f|!#C0vVu$^-?uV*k=c`$h zVX1J>wqDnx)x&A+M|oH8NX~0PT}52jHfm_|V<;un%gjyLwqn2eeD^&?bq&Mmr!R{} zAC!FT{P)sadBG30^QTQ6^Qhrm`@=>3@mXzV<#y~sZ%tiBrr)BIaxX~shn_!v{mQrO zz}umt92bjbbm&4F+pz%kaVqH;`StYPegD=Q7E?tO`0sH zbH*L+QX0)}bL-(U!#rQbfb!^HQxlKg`zx!nH+NuSQvbO-*4Ixg>N;Y`h)8aq$D`(q z86m1l{VqvWboHEX)vP~hv-W@AqVq8JJ$+8XpTe)7W-lszI(9}we#&3grB6;x{l3lZ zH|*&*;-|GHXIB+{16zFc_K>IH1tcdIv+PM)sz4LDvt zyRhb`2!`|RY6^hYg9 zI_zVobGPih|KlE38eY1HlYb=VV0smYk$^84Iz6$x$Nlpi(q5M49qs%2$JHHL_dS2% z?2H=h;~_%nz0$7jNYzu0$Vy?V@BNe7iB8Ecc1P#k`qyeLT0yd1>c8}LzE=H5U;F8) z&6>&*Q|K#iOs3{fwdAiaUR^)Y)2CHMkBW?`qjp7S38O{RgJ}AQyKQ#P+FR2I7nSS( zXF-1VL4&yYDfu79j_EkP^bMQdIj6Mwu~~hx)!VwvI6Mrj(8=GrJ-Bp>^xd(h-e>>U zDLh8f^7W{!Iim-BYDW82JPOS7)FoT5T%PD1#Xj+>!1(2Zul+h)((ank(|`K=$)*d7 zg$s@+&y>-M^Q_JEzJMCKTlAmg3K9I>6t&3*9{iT3<1{V7G{XaE+8tdL?s^0Jv+|=9R zmJCk8zjHNzq+(Kir+Je~^Y(?o!6>O&F{4M(8B&#V1S@}m@<~k-QIWr3@QI=+5r3bG z7OsBhMoLQG&{p)Lo*H{<%#n4olZS0QmAxtc?pb5!G&-=Eg>lUlBptO~o#z?H5pAh?0+-gA;b#U|M(}P_{m$xd% zG_>o6IZn=fC|Hac(~I*n_>}EOzFjbuVhSzX*-qN^gF!U7v%Wp+``?{EmMu>?Kd%#~ zsDH7ou~U!it&q2#*EUmLX)J#{Ub-eR?byt=fp(qVOwAui_$#w$y5d*q+QhXa_LZZR zQby}RvWJ`d{p6hhYyEihOiS*OZTHXp__MzGfZ|p6evUQtot-%Fb5lcP>b%d`+_cws zI00U#w5kamr9UO5-k$d6iECrq;l$7XF8_|HX}&KL62NEL)nU4-+kT+?;mJn>@ z`z*8ADHlbLd%sy)&rB`4JxliD+igwR+gMdyl9SN7Vn{vtenw@7v|@5Rsgtx{qx%)T zb;W?YSAYKDLYMbRsi+@W+{zE-*`2fJ?`=pmjyqc!9o0DRemApZdVQMb?(dO47gzA_ z8tBtx436Z%k4@y)NC-MzFyS3I=j{BBlqrhLo+E~J%57Wv>F9&`)qfSVzvQTlp6mU? zu&tFDcsuyyBG?+wZa69d*0v#QC+Oz?5W7kGLT@G<{W(~3yEq@7P?jL%<2)_Ih`#nSThw9dnWcwzI5Wl$kZ7fwk>P%w%5g@gEyyh zE89<-HeE*lG9szHa^Aru+KSV!Na9xWI#7SRe`i+Uc&1#vWM=D?Pxp0cmD@Ob0Vm7z z=s1Lt(xyrZzvt)h$b;JJYdaqOG_SQLU^RuiGO<)*uKlm|yT(a5SRh1PB zzlDv?*BeDpUM)Ia*0b7mv-tSSR_pi9_}tq2#YxK(Nv+AyRwQVIozPA-; zE+$W|_8sCZK6~v}Vcv+8G0WO#x4Hkjwf%#E&q&tPK~GP%ZuK}(zXsM)5B$n_pYk@% zbH{-TKK{OZnDkg8WkS0HchQ|1PrRBxx$>D!c5MAdbqL&nj_Y}Br<_A)Hsno7O1<#? zVaNfDUox;YQ(oagWpno3`j%hmILFa5HL*RIf>+yQ#`vIh12BJ`vaygTEh2>|O)~QE z(GO{l+~52N>CanyxnoAaj6Qx$xbW%Pf)%HhrLOCR__%jCd5eCfzx(vVgQfW;-{LCH z_Pr$7v#$QYQ_Ef{{g79%9yh%sGo2zen{5Dbg;ytod`k%PpeOAKpX>ida zYCA5U02lq+ApgxI%Be10@h|B?ymHApUp34m;okUW)!u7a2c)eD}q1ZAo7LKbBmhuh>;N?RCi|ZSCyP zG?*hscq)*Od6t{-@OwzQ96$x4)8NL=-PNK*ia~#1T+#d66RYL#Y;F*{Hq`i4;;lM$z(pT#zBIzXrL6HELnDREb6$a;n z!#gfjubMbavZ$s*_2gqq2VNYJnDY=4SDZt0@zkW;B6Bye^d{_^qc3pmf*XYuNsR<)2y*m+}zrKCbQ;uXCF(g~X&wk1sdGHE5o zG<%ol?x9noJ{?vESmhfR4Lsc~j{mv2rXM^2{1rR9CH=^`{@mHiez-m%bMxl0d&*xNcvIeX z%L&r-Oa0qAaj(OzWna0+x0&PfYc-b+vGeou3tn`{`G6$W z=5M|tOJXFkz0O0D3GPFU=3Alb%-;OppRaEI!@WSvf1T8RWzsJ{P{hKiqz{PgnJ?z@oF^WI_g z$$FS=7GB#j{#Ks)anhTV){LV5t(8~0(*Ll6p;*xuyvZB=6M2%UJLVs2XsSPa3nsqn z&ExX{Vd~UolF|vyda|T}-FL!cYbMR>hCRs`0-S99NS?E7AsQl>LGnUm^X3>aO(*yc0KdXQ3G+6F!zWzT!*u77}WvHXV z;ZOS`DWW^U%K}2y$6&wje}=F!Y4L{1xf|B!7w0Z29kIMi!X3D%yRFC9zK29rC49MK zgH3ZTZTgVr9ZLFf6MrGz_8$A;I(l8=8OXQobKZ zgC+Jto;w|dgwAt&j_|C>Soj-~`gBRt$D1K^DJRo$9e*j#!P~E#`k`(2oflU%yR^sK ze^7dXck0}pf~Wq==2=fppII_weD}n1k4{2u znJ)X9yPLkYzasxg7YRGw=lee?&#qQw)*sBNtlqh6)yT}7kO+D(ec+7sT%Ba*bK>Dhw9;aA_4bx5m~rEp8@+Yf(|vNZYqr#BUz{@mQx#%Fz8 z3}hIe-d+~{(ww^SPBCY3!Kv!IU;uCbP*gm2kDCyCZQRrTdtdDJ>GYD|fl>$@53QLu zd}GQ-<{jSeKX3o|?m6p3e$L0flH`Qd?#?;tMDa)E&*zGTv&ZNYj!W~maSGZ#rK3;1 zv#ebq?=kO*U}Q2$k)L?<*FY1J%9x(eBqm*3+P0#&cAKx8j>he}u(fhuQm?9~V^!mP zGhpGIV^}IP{Ya#6dCv-*?S9L4Sx3?D-ft+#e6eqfTY6}{83@&7OsF3C493XWbEJaiW~cm zT8^z6nIKLzZMfbSlUJ~?IeYr_rn5_i)I1g@&!%&dH?2qKPDxE$(E?V|#lEnTnjeBB z;yH4>BmIZ;UP#j2#(>f^yVd;}JBR()_=S{9A4fXVW&4!Hc`Z1{r$0$}Iu7Ma60<6pYTb%s;gDMqhBX1kJa1PP@@^?d~tUl&3}X@caMi7x@s7 zrsesD`qaeHh)cXfBh36+vPkx6p>14If6QNE7X6Pa;N0YQ*D8L7GtHbr&-;t99bW0! zMx`J2`#{bnphZj?2u^R&X|NXXRZw6kE}XKvKR5Z;(D0waYB2NxOVc6|$W`3L41YL_(bKi_Etxnt&m>-4blJNtx|uMtmc zRksmOyx@H&^G|+GPCLDA4YO}^24W~afuT4x0K6jSCE=K{a7ieA0&T&-*3F7GCg$WK z6~etaS4JkWyTT#UyY1XLtDi)AbNU0xVZ>uEo-lh%B8-Fbdh>c2dEbv-?03Eca~i04ay5gHeVo8MeCkTWHT z)^#eKlaQ#Gkw7ni@g8qm{335mDLkS6=l)nbvL|?b1A5N?m-|xKN_wBXUUgw{)&slq|_Yc=Q!_4#C&mGtAir>he zK9LNFrtK%BQI`idyfALeLmwgl#wj}GlJ$G0=oDsVL2|QHfnEaJOI!p}VA`bE5I*;% z=@AE`;Cp*B_YJ7DG(}ksv{HHBB%FzW)2k|iN2UVCBNIHS3JsaljvA@FtynG!AOga$ z#mX>l=uYQ|4Gu6!E10#2CO8xAGM$@!2l}^<52nWxWY+C(y?fN}YoS?5NQ-)^At~>v zmDeXs4o0K-v+V%_%lueu^lou5$Jy}NmGb?yai-Bn z0I4pyv}yt@ajn$Y%DHLpk&s#a$bjt56&sFQXL&Bil@U_QzK4`S?xpWd!nvf}t_>Is zFzPy3#UjX1Y}8n63d7_gLK+b$08nD-CMdt`S1cyIp=wE|k~!rc*pm9eUlK%i5pR)0CDZ)K;-3oXFXuI@s5Ccrjp zBZj(F0IFQ%VTU=tGH;R)6h1a*3T1IKkHBaQXy;OaD*-c0(6i$%aBU+a6jw35g*icY z!BJOEM9zq|+kTemRKX&C8~6y7XWpKB^%_#k66E%c8-UtV>h|UBVsr|mXg!v6b^x|sqqJ$Oixs;4TcvhDhk|rqlUkQNEfz?!Dz)iO*xwmc7zfDn>v9H= zQJW6uV!b}yu)9%tyMGlt=kjXD@v+U>H)|iSTU0fy*T37_fJkhbhu}PM@GyJkim_Vc zQ%$v0317Ho;&@A>aWfQ>Vz3?*%%ZLGCxv?1yrCA8ZsL$)Xj;1sj@3da{tGgq~st%SzrAUg$;*BYB*^BgH?PDm1X1d%UN*V zcrZAmf)@easPSAL=>@WiJfs}VV|oWHNV|&Rsg=Wte7l&LU0!!M9*ho07Qe7)Mg0M&i;k8 zsqnu4Iiy|uuaNfg!UzOuKZ8dzJ*x0O2DRq^d_}-of$r`Q#qL$MG+bx`Dkq!(i$YLi zta1R5A|u~mE`|oOqmzLg>9%A7xGrfbg`X}=UywILa=G4y1Pc^%;I1rBI8^rIvJes& zOPAZxQ&*qswY@0w{`TG~Y*%P3L)0oX%VS96H3-8ePMsx*?Z^0f7~C~i`=0VAPuudX(E^~in877uUbyrmPE0%IE4-vAp=V^V zwA{kzyn?Bj05_34GMJkZM%04l^h0j;IYwT(xkw3wfJ5%d<{N7AzYw-5>Uj?YVN)aa z$zxOU$N0xmR#L9&6I|~=F5RaOCoZ~<`2twq!qUCf(cv{+ejoR6m6k9Po&RhV}EArSsP-5q&u zWmu?F1@IgLmUbUZ-Pr>Yc8??((zqs}2*Ba44PSeyWuV#%`8K$b1$gbp7ki^APU2qx zf*0(m4%-X8PMl=<+hF7Iy5kd}N_r7QWw7Y((M1k5V>ASqjiTY0 z$H7B2+>RWcIxt!_3PTM@7dDI&q*Wx>2gAc|Hdu zEx40px{h6Yayi}<6HixzV0n1f$c;o$56?V!+iU0;Ar1;fq1pt)DYPeLvIdv6+C^uu zUK2xE2oJ!yE2?aSBuIv!m@i#X7@CB&F|=9{QDM$=QW3S?eZSNW z>&~L65w@Xfb<|D*@&4EX-gv*X>}GS&vERXOsM^MieN+~j?ZG;1z4gJCRHprZ4F^*Wr_EOjBlq4DM;f#|fR5fd7K&!SUO^oHdCwn9N5(ZJ2u z4}3)SndbLpD9wx1802?=H&UE!;`LzpfGX$J{Df7q0O<+Kg7Y5w`Ml&wAH(4bP=+Ic zGIvoGIS7{CLPlE{6|m?CwAoGo!i_@aE+fXq@qH2@e6;JSMG)?lwu`YES)B1K`* zDF|dS84VTe5n7a(r~zZWfPM;5&s}Ah z+ZAvh-Nbr3+(~xe=C=E0l%fDrnreArJxxF(lKm1HjX(^94x|28(IJQ_@j9%YNdWIZ z1@W+yE;UZz8nM#g8lRh}AJc`{(f~*c*rLFS%dbArXM#$t^YWt}R(e5=f*Y3vXz;<{ z`}o5DSHJK7V`vl;WLHmB3tqSQ*SCZummHKwHK%zt{S-iYBE07m^i{UYKmpH-dmALgpiqENxlOfbmXU{+h-7WKRiv(`b<>$`n6 z^Bx7~sw3c+_QBq69Lp$#+lhmt0kB*JV5=G&ki+J_Ul>aC@?I%>BhT9LND(BI$1vmS~e$`;!~h_!soO2Rs$Vgz zBO`VCV}tibsNex$D#nyZ*cZYzrkexJrirOJ901j=^{xbv&a7rpHaeUTfMpVEy#XlN zesP_Z0*of3u&F)7iPQP?)ku3T*V@zVFpgK<8SWa*^nD~$?Rq4fED-&mYUDbN01KFg zDXzn2(5}gYh!IfoKq6h{5H#osV3DhH&xgE@{Fs-G+nNV5IHz#nDYsY)hf^JjwEVON z2Ut0{)c&Uip5NZLLHKtZ!gWa*pjdH#eWQQMsbS6ZV(`8WdKNal=L`{Ln@JU6r<9my z!f8X0XSU`O6{PtezJ6Zvvi_}EC8*L&KEE`Z)I0*pg9F4DLxr1;M*-`GDwCP5|5{a= zyNf>nz@UPt0!-Xs^U?CTOiAbLDyPXY(j*AYRQ&+(PDWoJT5%Ex%!FD4Jfb~01)`52 z`B-KjZ?lHwNho`K>7H~6&+P<-6CW91O){Hi6fws=Vp0~_t51|a>N$?%F>mm4T)~$= zna?>JK&D#)YODP(NF-1WoFN*2u0ZqQS%~tlm-^J?@7+yz8YfhZ@(*`+Ps3<9)s`6j zLm*r;0Rx*CO$&yODB|H)$j3)|3PW0Q07QZWlMwlZBo$m3L~r2%v*-9V%Uj~wPmMz5 z)Kc>%5b_aP$)^L8v*8%5eMnp3H+2~U%+QJ&%>g1#I`~U_VeP!}-(8 zX)j4H6+Cblt+?eitSvdZyEGh+)hQMTd6%mcwhACkwfB^7_s7XbUw0<6_97i^_V!Vo z?v>y8S{g%30fFo5oce6}Qdry-lwf|r<{`vtmzX!zPXaE^=_U6~d{lVP0OL41kX<9S zqxa@=2|N{IVR~zqgrQoU2Cki27LB9leY?>6!0aYN!o_p%(KF~>2-zg~&Ta$AgrPt` zSwfYosu<8*I`m0z!%tbgsrkBEnX(4t;XS%QrPP^@%C@Y~Z%QM22o#(hM)U=;X0A;E z59GR?^OK(=MTS{)IZln(bNQ-Z|Gd$Lh_-(XDmQ8Gbq7EJR}^OZy^Rlf4x5VL-ht&h;ZtfRB?NOAaH_LDRs7 zp1C|1G`F1tzD%!@&v15bQPbEmuFhUMRM4_o(x%07cFNTqCPoyTXupSoQ+~qiG8s#u z3D;}&B~3|l%yqDro2C+!EAc)zc&aHJ8s5rvw*7vABe1dE(uo7RCY7*eD4y$K>~k`H zho^uVFT&>#kc-@kmCpiC9AX=4n?yhr_f1#Y9AJAON?(B;H>NA!o5`bK;7FTjjXHWfHG0o`supYQ42Z}0PT@MTN2m*daq;I3p! z^h2a{`00WA>7%+9bbiOZs1wAR0!8-T3(#_UDR zUkn{Y~r1pf$c*O^T^qAi^DwO_978lH0_ z=eW-oDC#3FImq&9lNHkNkLwmevOaC7)z(Mq;JjMQS8Gqy;wjSw%ZM+Dy(l!1(7xbyjU(xBv zxyFN3#CJ4M)F8@55PP8t2#b!j{73B^%tLJm7Hqahqf71VhFNzu{qpAi^Q2FgZLzPb z1L#n3Ok&!vV}0LQQLIMHwT3yA#}9u_h8z}8n`6KO29$7I<~q200hW;W7*ZX!WOCd} zKJI3H@1mzf%!8qYwFj-=?S2u{5a<+IKg}7gY1{^gW-MPdc7oWKjeBeq9Lr{pug<2t zJV}`q`^+~NnnvrV_JvzB=8Q<82ba9Dt8SnbkB#D0(c2P-{zRuScNuM-P)=njy@qk6 z-b7QeNQ}JU$hs+W%c88y zD~L@=az#~3N2hc=zD7tFLIAM(V<3$|(qD{#)hk$`13OTcQR_1Pya-;l?lXI|T|Q6b zyRIBR5Qr}M(!N%M(WsR*%7kN*!6r!mB40jQ(Ty~mTQenAjprOd^%(cxANl`Q8SuXo zERO*M{-{_LZ{n?bW*nmlcy!3U0i% zo!2k;v+?}306`Pgs6a z~C*)rviTGpr%6oe@}^6isIsLrOuJ(tGCaC0+vV))nHe*Y_%$H4@D; z!^@4DRL-wEd#I(d`7R`Xs=9Yw^3iX$T6$T)|L0cs3&3w>+9s`$Pu>3&cyF}g>8v7; z-Wf?Jhxx8}cboM8#;i-e1O#AxkJAxUr@*{)<-ZpQSu{`R$n9PA2l*Cpw-S?@mwU?} z?>z_|-0&RDR(tv(8`Oh(Mp@hlAuxg;Dx&;&2sHQ+#;G&(H2_~gvb_JdyePI;5StBB zH@5)$Tmww7oo6H*>>PKqOJx3qS|`nt$|&Cu>H!f`GcfK zBo+Hzz}TkWI{=jRYv4@j+*?Y~5_a9Ai_fJ7mg8DFVwFe=*AEYw%zfGbgjVoBoQ-k> zd4Vd(_5+})U83wZ_Qj3Lt^xEsMR%@gog2%KOF-sr0D=l7%@C+r8x|km!<_=Bqv$sP zn~#C!4LlCxb@GE*GM}Mbj?7AFCGe=+hHOQ(J#YW=`<`BkK2Yr=oUeSJ%pxkcZu{-I zNl$=>OId9|Oh|m-$DeZMTgN2e`oB0B7wTla-d~z-X~|6M`_L9fA`^s9``-7{Qr=ZN zM?O%ZUU;}syFKk68CmfIwAxgDuQp_vz>PA?5QsIG8b;eeggk^z_W`&Y1(-8yz6LxA zywP>DTfp>G0ZP5;7vCzS13^k+9L$Ghob$EfI^y5SA=d;69f^bk$SKmH2AJ3^n;_ux zktx@Es>$#*b-uuRV`_3h{)fW~5QWF4EnGVpA_eXMY4{$=RxmSqHk=N(qtj&KP#$3f zh;OMSCNq!ZkFPAIrAp-dcFTbOU2Di?_*pefLW?{cnVpNy;&Uwd&E6wj5OAnrk`)unWG5eOMtjRHy&5CQQv zO=JVZJjXj35UQ|~Sl5X&Y4jT{h^a&-_j2r<{3h@+3Ix{BzmEi&B0V zA^eDT48s>tFPA~(`x?n}P)yJ%qL0xT_kV6h#i|$lkW08fD~B3UvxV8Qi-ij0O^-<4 z?qi0M67ECa)Rk8CK0qM3i*ZrSn(&w_7L4sK;sKIeU}W-`=EG{>NL)30j2KbAbJYyl~s_vBtibj zp7o;r`^&yRu+bvTht`DF==qUo7455Gp*HHvAE2UR>tL6}E``CF%(|P7tzZtRiN_@9 zDF-03l;A!QKWKE(s~BZGr>c};8* z@-7+EehI>{mtVi#SbUV<$N{P7zrVWVu-ebgZ3Br4I}*}~_j~=h^$py->J4FY%8E-S zuH~smf&{%t#AAUBP}D;{kAd$muNI|f5pmxV@O;Xt<_lOKr$IuZuW5$ySaj00&LH>@ zP5>|w6|wR&=t`E!*xWMBCfi=x&y2tLwC@ZRXbcE0Ov9r+TJ8guiVS10oJ~6zmn~q0 z!r7k|yn=ChPTn>f9}6cdSuO~k%{5RLQ|T$|#Zm6S(|{{zB(RHvC7<(k&Pxk8dA>Rn zd(47L=HOWvD7P@W)e~-7{1c7aYcB^p5~+~AKh7U~ zrpnDT`V7D04`a+lKCd6@0$D5H=ZXQ-iAJ z&!bL~ySi$d0+B!>ez`)}9=8&`@ZMtRJ%R<}1_khTUfMWQ6y4rv{^8V?jXct2$K2Z1 zNcC~A+zhauLh`12gVQIEt{AQ~MBL<$=jm+JYNBdObDFBKJNrM->y+tG;1G7#Iny38 zZwTy=cWW-_o=r<@R((ASib!uNna^Cp_<0v_?$(c>aCWb#xcR0o`)~`O-_u{)q9MZQ z8$acca7fpBGX`MFWDr7P*zPE>ez-=~&?lKTpQB((&*i<;>A2<;;)o}SD!RYqTrn*) zoET}ecANlJ!U^Cm4c=R@nH;6Rv?zUEIm%J4*w%(B4oSCaiS15|{|?b-{<_iEEp^72 z5-udCfOr_*)pD9@$$gbS4^cI{E5yxbx?%a z{#nHqLA0ymU}Gb@&qYKf7ACs)a)hL zgP%m=1&U`B=NEP^)VH78cHroe($VHr?ki)-ZlcA>N2n|?1P$uftfDl8GJ-5jE5(G5 zFc%|_Md(3hMK+m4Bq9bBW}(5ztaz~`gT=y@f>1|b1zk_K8X7&M4$-eovc_Z+E^wMaq)ulpr(8bZ5Qs&6v9Qpg&rT^+JW3af6e+30k6RY&=z6~`4mgpnjxXaPxMHVO6Qw$l8c8+GedMr zK&8*omgaxM#fp~tv`^cfi#!GHp@LnO?mVLC6tuBMAbp4>zzv~W!;?^L0g$|bthw*~ zDvZXI?r9Rpz4E`a;RtAD!sW6pz#TNm-})<3_z;qKLcUV>tu$bkAApk_)3 zUlv1pCGDSPfbyWm>m@mNFAj3G0t8RPV=;Wr!=1zg!wK}pCf`l^`-xy~ zaJ#IQ(R9|EGeMuEs6qPE1|$=Jc=5FG$KRX(bIFP@0${fxjniWQw4O%!1sJ@?gTHGY#A+|gyQ`BeI|>mtQ5=5u<$l1odfv3&`0rjEN;8wVKhqZW0^Go-Vxx0u1bM&rKn<=< zpgoKM6Sre;3hEQ+M3Of5rBFTfFt6a=--nNc5ft3j2ITzB*Y;Kos})-COTY#J`R(~a zfU!u*RarVMCsjB)#ePh`2~fk}6?NtikTM?w9Wb1L>~gpL^0V3B<9V9^A|m|fA+Cs* z50ppTf7`qY+#-NV_7^}H1M1ziw?ajJzrTSa1XRp7zi)qe0h%wc$bcrPat%dle`YEv zw_}hl-hS#y=7E@{x~1To;K)OSz-fIz(q|&M4N5~1 zHvyhEw|oTk`|3ju>1u%`5{f>J2%2n3KD`X><=i0=E*V@-`7{(YDZ zm|!Lz;8Purre*l^36!L=pn1(TV7rh3njx9IUIC^O^Y_Uq^SOYyG)NCj?pk*w)fG#F ztFc8Kf@%6Y=kv-!0mRYLuRi&6z+lgWP|F{-f|fK<+=}4)nF52&i98Id&Mtd9H)jp@_#28TosQ zG=P_alvcgRk~K&yGcoi_?ePt9?IFub z9jFf+0Mk(pRTXBH)}3TfKb}>b`#?Eps55Z94y=DQkV`S!Z&?uHsn&qksv11ds42;@ zy5s$EM-X&^`VB>x{{nAye$}-9c(&CgRlo-7bU`-ueW@^Kb^6yyjT~?eRs+rlcK6rg zdoNu{=r@HUa=!pppbWT+A1()2a)>TMEm%wr)+fgS?I|*C_VonJy)mev&5!I_^B!41 z{*=fa?+!zv=|lX$dHDeFAQHqy2xYfZ&t3_vw7Y?vU0C zV6O05c~K+n8Z7<`bS+}Oe>kcKb@+jKjSW*$*d@-(<@n4+8_=PE;p-CHYx%&VTG?GK z;kts{b7el@F;1XCF04dx708z4B_RF;#mqvMXBRtTnZ|(?;g0`mx!O$q1*2eQ;K`HA zdX5GHIeX4r0Tu1X67bz!H4bSvyWRD~c6LFR6LFoOn-#Vi(Q9!6N-!vF=hPf{v{YCP zg!^%jKcqQ&u4$bE@stQYkkC^6c1+r!%;;u()gD-MK{pPU-`zOCHhMyfG;jgWGEMVh zzNnE1SvzYA*#1`8wxO-B(RXK}#kF{eI+Tcn<14U}>zva02@-SPrY;U@E(7HV=cCkt zh;D^QYDcq?uRzce!-?Wfo+QeTLCytW25Bdr1kDz}9@-U2!D0>d$^lJ;#++(riEA!s zW=J?bo&?Q=UIs4n)dT>Z)Fme#B(pgDzHxaAk&r-kNgW4>z<%0YKBiq@4C?t zAoEvWw+Q?Q5_5KdloN-Mog3KQfI7Rx3fDh3Hhrd>vuJ6_FmJGnt+0l5K+}B!hFnUF1|Jok(CcT^i{2&vP~yUolwPNw*@1?l zHYkp-2aimgTy4&qGK)*tnscRM4G^>2GOx-UpSf0^YCY_ZXZ`Bn1NEl@b{fc9y8rD- zV!Z&dqakQ%w8Cux^k2KyN^u>rL9!MbQ>d^tdSyO2TI%vES`!-beMq$~7xg;AHwXGl zwutw$Oud8F>KLF^Cnt0QPsrSL?Q(#P88r8sn8z^eaLD*5fEltuOx>{rD5#A^mbmhB zJMxANahYF_zztO&PG4L!ZBoXr%s2scT^QU1wBNHKZcV6lJ?3%@O+BvGb~4vTg32S%zByC zn^mAydMV7OzoGq_xSI~5XVM>(EnK#jL=t3d3SOZ<@BRRxIhXlcad3*|_8VXQ*s371 zJ^m@s#s^5hD2DPRpxdGNW}^u)KWilV7&2*A7qq}RFduPJ?xr$9bu+bdhfv;6$Fks_ z$fc%8KbCW=zd+8u_E=+=j)Yze>(aq>YjrpNVv|Sy0ysW(-i7#vSgNGc>T}gc1~T(_ zX$xhnM!rb*23{3!&%PXmX;+@3q{qz*d#72&ED*VveV1CAM?s4WpBXMW864pgPjN1a z+srpH?IupQMV7bI>9?A0bEB}Nt5=rK5X^!d#>2}GtqNU`c9c}7oBw_=)Kx~LugA!pZr3Q7Wfv^A zIZ=2o?Hlv_v%u9i;=KU^6NN)3+$x7$IM8SS1yVF+MlF9%*b{_h6??MYnYu4a0&^}& z!XVx%&cx7KZpXl=#vYZE3J>bOgtjj|nY*ZO?AguLrlhG&_yZ8~lf_ax6W|%G z?5q$;IB|Y|Ci&}rAJ;}h9+c{6yqx5!nRT{1XSK?zW#vfI`JdVL{lH1HVt~UUO}!^Q zbsAeg4mK)xFkW)vW=F5kvpHXzV4*HKfqw%g<0fQEBr+T@*z5HxR>9x&{_z3`+kFMr zWvQ(LKu5~7bx)n=jvrCV8Q$a6PprLlIyhCRLxJXDG#&qKoVaY%)Xyg^<_jt6>DOm; z8kSbWYWK&ibVQ??a%fO}B3-RNbpttk2ZpO+)4A&xp33?;GD#kbe5;XZydm0Z9+L`t zTJ+;@l|FMH=Hej?x|Wr0S>DQePEc};wne`OTV<6=JnGg85CqQS-Q9p*F$Oq(C)T5FZgiZkXqo?6Ai zxUDl}PvQ%cQ(7u@R}6l}FJAz?ZGKU}^L!k&8gpUtMgGC>mzigc4QnHfoY8Zs<<<#w z(Zef_rw+m?j@y@Z-gJT z6`>70F*MyCYwdiV6Idq$`bu`e5b;%?6OfhKFI1uY^CJbkS*HdrQu$Yto$CdBCN2?V zMBhr)?1q`%$Eg{l37ErL-FM{*;a_b*H@TP7rA`m#ATg*u^(>p5!oU;nBgXHm*$=cc z3xsLREOn!6Tqj~dXPrnwOvCElA%Ig8gTVb$Xwu)kv`JI%u_9fO^GlHHJ9b_G*e zePzEZ&-P_q6>|_N_=ImX5xb~;?M9#;I?2M#hu$J=N|z0t>(xoEMc7I9SITHNUOXQr zrjqfeF#vLb7tb1&ZW>Gj^>7RsjvaRsX@$)-pK$83*RrNI>y!HdC$H`wzf;wAA&#C) z@`}_`a+vj)wXL`x%;3=#%acfWd5n=ehMt$rexDk+us|rLq4~i!=7@gJKq1g3Vw9Rm zHx-fhcEtQ{F((ZQ!|FKaK}(7}Qjuf39bDPpMu>h1XU6q=6gnp}rX>)zGnn{ON$OvM zMKXDAap4tFn5r{M)F0(G_e&>&_2!0DYG5`C&!Y>NWbY9MOY$}&%1U1%q7J? zrGx`rPqlzmK=y;E2VEK_^h5P7JxzwSjUVSmE>hv7*m#Gs(Q@#@tk5?R=~ll8+JlXD zMs|gQqIe!0$XNqh?4z>E!a!-Ms zBr)?kQ)sL|xwFTCK`q%hC6}pjYJtB3S+%7O*Yn2mr0NK`3Jgrh##v46B6qYTV*D&9plM zi1MD@pHJl_RY#-jlhW=+qcJex_j9(mvg{v5R_Odxo}}-bkDkxesEW!}aaIz~f`l8u z#wl4C1Q7^OeH#pONWZZOz$r38MJJrQ1fH&_RX+Pg(};Zjt=AFi zy|&{c^6#k*+Ifux+C>e2(U|v*mwmmWzi&lFBeyI5ET37t8*A(uE@gwvSEm>AREV`; zC2G)avJnsSwmZQ@9m5dEGgYekrpc zjAm)}o6FFC#W5q)xBo@S(VuE}I~&l-Ko>aOLwnjF5wG&4$zk~3qumSU&w7H=J@n(w zdx|jjCp}hMKC@)L%0G`^7YyuIIoARQZN&L3J*s;vU8 zw%!?5{W&AB!T#OhIR~lq^3nVP(&iV`#$vpAUFwexaR>L3p3zA1H=!HRO4#}6Cc`I| zZ67Mw4j%WnFX=XRq|kMu@AOsbE@##@%?C@VMh|zRGvaD;+?ScVnF|;9-3x@e$KB3f z@G5ZHShyfDyECMgkkVhBwd4=rESY(iF&hn3JV*QmQ4@PR< z{&-PX@YywmVPj{u*8G)A4D&|)?1Gez(wlv@rgvh4IO4Ai8wa@cu4t2@!iihU)YV_` z_6Zw%WZjp=z0)Ownn^UJKeZn~0aI{}R)iiL!iqpX2QD{x?(g%w13v_v(R!5{tz_fc z8&q8opj+o{S`=WXJU80ler~$Vfx#cc zOE|?LW*r{;*mih;ZL%-YedCz5b2j!t{QJ45k@(_T)Sl2fn_-;jyueonh7EQx+)Y(0 zS*Wi>eu`9&SO=b@yaRM*c#J={o5hnQRo$@pBlyBz&XZtywZUOE2B6$pMY-P&_*8B65=v>UaazpHk92Z&$ zZ5+_mASQq=nU>%>Y$moa=5DL3=MeD}%&ivdWkgfHTZ9Li1 zp`J2oC#MkKx`l(EHl~XY77>wKh;Vz|dslX2TVTMmae`_#dRVnhUX9H)+<%ayWU_IW zR;j%~9bv|%y3&Mr@X^zmC_4>iKysc&0KQooH7* zlKC&Fl*SDLu88;y!V%R4VyBFl0|G6FPMqalBWPkQ{1ofDDNj9RobW)W_(QGhJTOH} z@wemAM~{4=`qr)nYI}6hAu3|eSsvE&_M$}@xyb7Uvx{)44R(<}3-f$+E0v$XY_ft; zUgmR}x{-3H+5NmQ4b$Rjn|XG{C7kmjYJYF)ZGyn?00 zaTQ-qG~X$o8FPL}c;_kTX1snZfZWq4q z(qkVcXy z(GjME3af(wmZg~KM)`vI=;!TxjT5wAA6?}h6vlnSV4~{Ynfd{C1R_&)c&!v*y!m*o zY3utGzitQdDEcmOTGs=@kmc(;KpKDm#^$2qewocW@+J)xeCn!NwjGs{#Yn){8{yr6 zG0yU_bz+pyC@vG2&1jX63$uGD#=XkII!D;>p3js9F8WgcNu;xWdu5w!xTFK{jjucC z&dMobDV?*$yrU7;3gM_QsaO#`=`dhU{QqaKnza?_j{Y9|Kb2QQw^^din0OaM2iybh36FwS`5^+@VuTRs`rzg=0d{4gAqMfQ;}!zy$cGiWL!q8SLeinJro!4RuL0C+{l** zL0KXl%h9LdY?Ufhr)MoCF;QktSa`vi_BXToWe@VAQ0Tu}&WuPQD+(BPZ$ zcrIC~z^B?C^B@+%Z;Yt$$h(j|JE@W+TS`lIE(1kf@>VP8_`sDCtF3Aj`y=YpGQ(N zVy-`GMcZ%FW7+^aco+0xFM3R#Czd3)8KyVHnX%5bML+Pa>^5^rPFCAK91%0_JNEic z$ij6=3t26eyfxEK?iNdON>|_0?xFEJERFKYTvmX($UU<1XvM`C^G{+CgPR=4 zw`EcsvB2!YRcf|M{oRhTVrol=>tf1EL^Iq!Mh=DN7$n2b5-HRFkeM@=K6-VhDNNFu zd3^IE_}qr__Jr1XP1y|+R?1Qfc@+V_9!6fyklvOD#&*ksR;#A7?{I*`{T__s&e}K? z&So9w89CV++JObF7gU~qy~i1ni0*g>N9jtiyb_u6#N1()N%8f80XQEU{8r>47a4Ls=yZtx<4sz{_4Ehx zp@Cc824jSvzVjgo$jSu_;9YZJ*%mjV|HMN+&e9@aLU&hCbIfw`*Gq z6MZ;l)~xI_l2_;L0^-EYrc!+RpswY~eJSk+#H@l2wW0%8fSZ+1peO->`28$G&O<9q zv0}7;*I`6h6aVoR({QxdLMpp1mc3yL0aJc1&@4`#G4DVYPDG%sPSo(wM;3jt|7*B? z*%Q(mp1K<6HSv^Pu}ah7nSI%EGU1_h0wLilex|9L=LIw%8O;a92K1@iI`1wk`g| zoDCpF#rE1?sZYu09rr_6)+BOzkPwDPa1I=ZpKG2lro)W}_slPCo89Z6tyZUX?6?PP zy^qSoIf|ASSsyqqYCWg*QrbmCUi95wKv-X&RKsR*Wknr&fdMy7lzTao7TcU=9^Sr;8ni+kX^isn1a)TrR&&!95!se!?G-wD10#wwK%zVH>HONL(BWqY-nvHLq3xu4S)6UbL+u#!BQA?o6Zy)3+ThW|Ax7c|z zT2p)oxmr2Tx)I}tWoi!>y)+P2#zU1H`E9$fhO)QauvJ)LA$-zJoiR_Lk3E^-v~~`UFfhXzo@VkdMhFx+*L@qWgtlqp1+C`?$Xy;Rg3(mzSNp}#m3uI-n zu!e?J#bmLNuh1C8G?}WGPqFZ{lhXG2*~R(vu#pc)a`hQcBTT7G+y^469^Y*$;~+hl zE2UW*%8pw9?%5DW-2k-(iT+&kY%e=rz>0m&=#<^!z@=7mp92J?aLTdusj`>|ab-FY zI#z~K6*A)?uhpWNEMK4`h4IsuclviVV3|)pIrI;n=0V_PTgAz;OSv3qr_U^!OJT^E zgb|D}-6VsI^Dv94AH0#x>)*|luv|ejiXS5yG*WH1Td>Q29wRu^P7{n`X-_H-LZeQF zVxz)TW)W}^VPYips=TtEAVNo7prcbo4awHArn1iEORubsOheq4IL#86w)x{f1dP^dsGrvA!@1b8HsYs>RX(epOHNKZzh%m`Pwq)B7UWoo0I;~_t zYP3CwkBDMM?W8IylLqc=rr|w;650lD2Gh;j1s%Id2ar04lztDny|`G%BiljLF!Q~) zn!_gan-%AQu@xN?%7?F&L>WHI8%ORh&e$WX%rziH7xnINqFf3_^I_iWa+0f{Qt{rx ztgLG-Ta8#bl>p8t_deFa)5|NrKLCNj>Kp_eMiAo3#a4)D2h)wkg*D+?`9h6wdRZ@= zxV7Um6A>R}W>%QOfFXg`geXb2t1<4tV%X2Fv6+gE|C8_bS;tSO+eypcomrH_u7$6q z7y470Qhbn~q7x}n{wf=ALB9I}_-TqVM%jxGzHU)$aqt+-ZJeH>oMIhNmCD{FALu=Z z^5nR0cle!G_Ifyrb=1Pc!L1)OuUL<)-NV1qH$M#fb#)~CpM7x*nN%dORn5invpYvt z@m<|%uwy0V)RxJRX+*y6fMJ>4)laoN(H^wdX-a2P?14vX82J!ykOdBLz|ykJJE&*H z0|x9?8x0W5t4@Wqr~n<-@KB|NW0s)7!*r4syYqc%u0QY@GN0c*W3|(+E^<1NHDPbQ zRAn|kX!B#FI{r{<>)KukKSHr8k@MrDvLe*x)SsL@ zS-zFap%_nne35q5*sq6!zy$=qwaLAU_c&e+o8kpI9S^-vN$6T4`JD;^Sg4(y51z*1*mO+4%p0llW2 z3-uom3}Q7pf=B=OYUw4#Fo1JO;FY&A65iRVw8FK#wGA5mBtnb>p1n4*Ghu(8cPaxx z6$5Ib7Bi5DR`JaXnUywkTGr&Kf91rM?ce6S_4amON3na8kneT0dOzjW@WYOpBimtf z$7Q$uVBDFHS)Ma9muf=3KWwa8in1%tWZEx029Z~(mBq@oSkbdDQ&Ie?@+w;w+Nva0 zgovZ|l#RJQGgSuFetEky$g5OJ#pCp2?(Ax<%ae~lIA;2!T7PN4vtuIkOEj7#(W2(v z7g{W@aMaB5#-W2&y=}yT$n2*JQ%YplFS_q!O>=i|)UK^awtUxqdnv{7_%Y+nZHfBF z%b&lvN2k>17TWz87Daf0Vs3SQ_&Mp`v)O$O`sztsDQuTtEn`6W?xkJ4EiY9C#kCgLU`4aYn?$D6{VK;esAR$eH{ypEIP9+$F9@kx}( zGIdvV!fEl0pIj))A$?hO!@0Lg&EP!{_anx$eWK6@Bd;u4o<UbtM>5C>`uq;#IFcG)lHxWY^9jd5@4 z3pGx@lqE~Bpo-LmV`3-hP1m$^lGwfQTnkaTx`TnCpKtGe`(VYCK3z_}Ci6N;2uqhS z%5~+nYK1KP+7&$7rSDMj+#^u>k8ioq_-XNF=9LI0LV$|)GK>)mdYV$lof;xc^; zuPwXLzWo9+ANt5IXe#N=?#*Z#dNtQE#F?IhbF3<_KU|Y|uO5=d7#v-%P+*U)=CE+UkQI#lww^Pm}74*VX*>dYj*TneP~ z^+1p!3^@qhw3Lm@SqOyFHd4ls6OamqwtkRk30oaV7vo9dg3HZ?uMQ=d_sGG-mQ=aV z6StkJQ^hM5BNzMHzG@q@SQ9%uXpb&Ga+1prjoay%x1sZD%20sOv{PRGnJuN9%Pf;8 z&1>xuqHIq;KLvg?tlhZRiJeI|soNO-k-!-%BN4o-r1#@sgA+!7cye;kBAK1%3`2B? zJv=5g3vGOmNI3p~vG<-~O|?<9Af3=d6OfkBdzB_VL*sN(X@;2m}Izj(~zv zMJyEQ0s_*TO0iHvuY%G8QWTK;M*Z&GxzGHVdFJQLFM~Nb=e&LIwfA1DGA8-_>dR+o zR%xnaaw(923aX*1GnNV9oQ{Rg2lvFb5$W`FHztlTpHvBbs{lkH6r#c=ybV=$m4cD% z^9GXw=gD|S;X^m8XQ1W9>yec`*%1R)q!7Mlt}=hfdAr_*VFCSZF8KL3Dv5!4z?-am zK7MX)`lVjRN46}+GncG+-bXtKra;_#m_^R-AJcD91^nbzT;_JrfM_dnsQq*aux|t@ z05ph-#$S+oJ-v@zJX=8i6r4(Y7Zhr?p8lTaCid=PQgo7!Q0U9Y@!aojiW}eswVN5U z4A~yldar(mr-~G_dfe6hZ%?>O22AuTe6XmzS<-3>$2M_dtB7xi7?|j~=`6@jL!0Zg zs3oYVJ`fmK9GZC>LRqZ`&mfH?o`>N%RNv;^=XRn|S-O3#55h49pTv^simQ$%Qt@F^ z=dNF+?m_{I40O(dEn3Uha$;q{Q&|pb-6yg{zD19W@lCHFAt8t7D*HN(&}#-j$spWV z<*v~o$~p2#sGvFnCY*7Zyxr9UYQIcu=fF9X9j?>BZf4WQ4PPw8;2kNke5zfE>D+F* zii?i*9EJNJn}TeMdJoE)dL9y%Gm>rVsw)+3d$YV)unN}DnA^rw{hnU25YtkXyO>xCns~^OLJM_Wm}h^t~Q-c7L&^O6L?y z*gDnxcYgs1F}>wdW=swwE7mj~tL@jXVb+1BHS*|6eNsQE-+p&Rw^4OtT9!7@08au7REuh2{<8FlN%##E zrKSLo*bs;w8q}nQfa+Ru@5ET{?jlBSdNM5Oc81G(3j;L+u^p4f0YaDBKYE*qer3gZ zVf!V@6rTgHNkw=tF{?Mrgk6i+73>$af-(&|m*>c8vA~43*-hAm{rLoX)HRCN$=*<8 zT1L!Ut>UVjA;J0+vv|BhlpBVtR|WAhoh79|<>&b)FOq@&Z?az6V57n7yewX_2MF%v z#4$2eoo|dxTOU6rxW^a`v7#uLR>dav*X+Fh}@a27DII8r5MqzEbhzf2Zg93y*dOi0vz|Orw@1Ta?S0HX)baN{EKRP130J zOa2=c7!6@qQq6SfU1eeLD-abWBGK+9A`^!o<_QSA<4;l zJELJVsT2npfC<$kXoti~SS^a%%!_>?c0X63nsne0a>3D+6-{gs?Is`CEZxH2&;Et` zPHz($+AgmnLfa8-ERVqAh*RSD!h<^U1X8~vsRYi3sv%=!;k2+5jZB+3raq||9xR7y z7gp{U3A0y3M@Sn7Cz~LSoPh#oqO6q0VvVw`v^LmRi9!xo;Wqfnd3Aj@`WSXHPNYPhL04sZ=qO2H zw(Q)eL>l*+#$Qx7Tm@MQjAr-#^9U4Rsc|BXN@w6&$}~&)#teZ`aIUVbU0#hP;uJ`1Ej$@xtYry9 zXJErTokL#d4;w3CcjAZOHK6dVTC=c=oZDi!QAXEpBk^9y-s%ki`rmt?)xAsZ z1tD*CM^%1HuMzCe#M^=bY)3i=*N%pTJtXd7MSfOalZf`Ys)smRVNBBQB`gFhl^6SX zl+#@{R|MYwQHMC#0+R3i)~R%f&JThZ^nwo-U(z;~W9xcF6J*a>X6v!Oq6M+;$|!pmco@z8j{-rW1GX^oLl1s z{ru=mT$;gsQ}zFbmxB)s?-Nns_2b-1wm^1xLQd0MDA7_%M=*u16kk+sP#;lOa>tc( z0*SLa%H#9T4?U4NN@%3^$78Pebi-A+7>;}yrnHn`>k;V2sLkaQBcfF+3ZcQW73CcI z2TqA%?m><6#mf4ER^Z90_Q+WKS0B85b5tX(*akFPx)9(qdCqJ3x zqxc@();({n$2FD1vrPWUAkDsuLbV$gJA^ImjY3$ z;18A67-WBt)aC5yx`zJ>Xl~?EsR0<~qC8(d`nQKR_=gdti%F8f;m2H=W4#GIZ(yS= zc9|}H{9BZ*L7&>2U#^syr>u3<~RJ`zCr4F=$+X9XU5PIklT-}ODU&^aEf;Z12zvntgI^wX*yfv z%)%`fB7@KiaL4b@J9krQTb6SW}x-R(d%d1c%+3rm_rHm@@#JtcrD zcB-D;La_S6=^J$K?ll&_$M_A)*BhB@R(c|r zk`oN5;mR0xU-_$2zgBL-5f2(l&P{f-+skF_hE}7RY_{}&Q?92sM=DMJzFo3apZD{1 zufj;hz{nMja>rNJ-PiRLhZWC#ak`Wh28t(TF?#=3 z@@vhC`=#Z)V8?h>aQ8odN)8Fj6+ur`e;6>-UQ&ukgr3sN!n}#b0@6g)^djIr5ayjs zmPVg@BK1+e+&-Q(953N=@5HZvd40+5%#N2&?ro`GMw#=f=|59j+bd+Q%-mhtNOMT# z;)S|+DZF<@L;M1KcS^=>_TN3|E*^!ioy*)U;_bTKxaMg#5GT7$8>g*~c9UAk8>(wa z%d(MN%Ezx2zPXr17pvUM;GP!>TY@gUcPtNFj*-w+9lIG~+xqzt=WxS>s;K_A58lJO zLknAJhw2~h%y`K7Xp>kZzOWX4RQI4v*u>O&=||3gAmBO3FiXolw zudK_{fXfZ^T1r_Xj>*Fcb)rQjZO!*`z8!*?u`n zLH+v_F>KyvoQ2eAq=|pZz`nX%yp(t!$7q`DBm68SsItF*rya(pM;D(&h1KG znnS0iM^R4hUP+A-7CooaB@1xe=-WpGKh zEL$-zHEH7(B6 zXRbqa;DG+b*wP+#bo;K7`U_h3=%0XjRO0KwRZy$(d7`56^qheH5Brk;hM9}sI95@>n&<3uf2=j3U5J^! z(&d z4GMP1BGkTt??RIgk?T9OdW!IuSdLK@&ju}cEfoVlJHNpdm9H78!CXW1MZDH<7fbu& z&X`A{p}vKMGkZCyYP}AGS12?hqNZik|<3^CJ1!sc$0_m7j|;_U~aXL zixyf5k&@|f*FSA$>nEMu4#R^1MQ|{hvDt_ERx-Bg_y`{1G0&QtLNmATwLNwUZQd%o z!N&SK5ASNYwVWYph6pLk1w38RzR#`;gV4UAyJlM9bMgNzgW%;W5RxnhD9=@^ez-K$ zQCGu`6-y(40XEZ|CMwVk{sM1Bv16=d3Wu(r*QtYlNL>W!>oLF#+M!~0>}7L`@finX zsHN2{i^NY11Iu#Rt4Q^AsWx<|IXZ!-=nZ&wAQxkGwJG3fzE7k8v5k&>KTRZ!l~eDG z^YRHt;IZB|1#wj0$m?)6!PH}fdN}mT;Utx3u!b>_(6AeX-gK36VBv5YWBzri-Tn6RFyns_%ah6?0 z%55wtXm7)X@I)|LcIo{hX*E3*7vx!|b%Zb$S*Z7;QBK6=H(W@7Omy;X{@6AZhSSxa(VxdJi$o*tU`xS`dFCDJ? z_Av_Cp|fgb2?InvK0^{~luuS>1yKga>Q844W(+-+*D4yf#K|1Rj`lXEtqYN-7pVW7 zz7bFn76K@L982J=u?Rk!W1yp$s~ZYbD$oKoo%(3VJTZ1i?j!w@8z|AcY@k9vhGzhk zAFLBX$S$he$Izyl)TgBM%CO@J9pmlf%FeaLZC8jzWJIsy6)An#c&fDKddjzmIl-DC z{)f0v(K#!Hr^=z?^uA90>qQ}MMq)PYlT|4zT{SaOc}&7}JkDTvkdrmH zj{t|(n-`=ES!@^s2^ps&#`364jAHZLYptx$3`NrnhDR&kM;(QBUFtcB=NAur1Q5w- zgu;KKe=rbhFf)L=Idab)u5UV?;`>5;Cxc}*Tx9Q`Th1D#<#|Cb zt>_uEU@EGQdF3MPc8)DpPmC<~FdRccUie{C+Kx(>-BAP-bkzVFXz}B0V|obJ;(ljm zj(vefks|B6n4(X=!STVV#*k`6AH8Vk5TqfcA+2_Poua1n1XL+ve4*E34zVI3N~5%}SqW+84Sckyyvo`}Y??tYO;z+q#*1I!!JDFJ0|Z&S zc%72!{QAQe)x3qtuZgO@8ZbW5fSPsjKMBogYFmssfhOScjq@8)Ji6HGD4Yj*Q4djJ znS*AL#&~%XDSaE<+#AQTGEucilqkggjtQcVBTuLG!Qfjt^^kqq`M4?&5mw*n<98fD zvt=3Nsi_PnkgGe--P3R3$7#mhlh8-?Ld{T&khlIrmrOHY0&bIIX(0;GuFdGUXui6+ z+0dSlfu<-!M%^+78T}aK8xifkxs9?b8HXV~jUSe#6I-8tzGwet&hSR-s#FtzB(qNW z6ioj5Utp%cVG-mSzA?szc>jnA32|kGt*?9eU5u1T$|~Yhd`bBPejGh*fj~lDpfeC> zAYbQIu*y74x&lj?t}wAwaV)FvK`{{Sh(U#QWGZ_ja5Sn*YMHdwzB?pT7_J=&By^`& zd(pg*to?$Ax^WYI-=9BIJ3k}EQ~X#> z@X1zEHiDC7sT4Dsf6v5bK!R!h1FCrL2wO7x6=kL*DM-1zNpr?sOM+ zy|uy2!qbYQUcH?QUYz~0=6HRoKicPO?v=c_`8OWOxK>w;%gr4xzW%neO)|^oDClzL zU>HwY)@qYwVUh8vPBHJl?&l=KE?$Xg?n?iF1i3Ic?j!~y;jNR{Ik+P3#{Tr(K@1Gp zT)Akd+7%z-*vno`e*gI#D{P9okV2OKOg@SBjm$^0jMs?gzxqg$R}*u@2vjAkcA&#+ z%o0-PVUozm$zl7>O7shX@*#zGXy;*@;+~34avK_>{c>%hbrE8G*aL;6tPJB-aul)-CE`;sSR9OeDjfdZEp`Mq zW+YHUmI~Uw{voRp+yBeb@^cE7TbQA9?R=7zyeQ&xt49e7>?zT*6%1pmnlz3 zEd_PXG??r-)P&2cr|JDv!=vOaR<&6C)m{(k2pU9B_?DwBHr#7g|DkyyW{XqPY++Uq zViG=7=_$1Je73DSn>7KI zVANFp2O;-h#gi`@CyT|7$v>ikNK7*6EqeMH{QEDwb7}t3Yv_XO=q!-?uKM7lQdYB; zbY^`peg$yp!bRB2^xYXBMB=9)oU{lp2vWJAZFJ9?6GT1Dyr|P zly%Q@vY_<)o_09id9Y6KNO|Pd;eXvrM8R!WZV}v#;TQpW~>c|i> ze2hWe^E!a5HX`+G8Ao@!V~AYIpi?2M1hA#=bgN4&WJy26CqUv2 zZNppPGyL?GNWE_9*NMd2v`b5keYIU2Gx+O8VoP7=-hW+98@Vwt3yP^(%ku<Xv**60gcqyn z>Fdvhh}ee;+C29GMro|hO6`X&=-Jc|vJOyWYb~fxaFRYUZ1|130N!!<3ktg&z>c7p zcmpI3C<3LVk6t@v)MG~rxlb6R^KRts3IN+Oke#204|#?UGx@F0Ix-Ur^6AS_Jecy= zZlCxPb9aDZ2f1uCd#RL_(_m6DMFI&xn+j#3DE@5+(OLkbf{IvNnaj@MC&+ZUliuK_QB70{80!ugsk zIK5LpkMdC_jU1zp?!NB+inWnj(Zdo_#aAYFM$jehlEAjksCP$A9w3L9`>Gvk47I^N z2h=NKs4EMK$5RG?+A=eXGWIwY#QnN5R7j)Pgda`6mAeL}mFfR!T7d?{%LUm9uYuH* z0{CZWP)9Os7zAiYNGsYveLu4r84E;pMY1ty%L@q1hQju-Q2NAhkdZeEswenW?*ep9 z88BbW&7I7J#xehTjHH@j8EoPT#5vY|y2u$_1v}TLpZ6mJDs-{oVaU0cO(^^VlqUv? z(1MjKUy96xY$b)nsdcI%sD|{^7$&~X9k-!Lqi~M^8wsP>^5VNv;t|v*LW0p9p-&Ni zl8+EDdoXL3XvW{W2hB7GYtw4=9|1;NAh+zi4K)|mS8meQ9R+fCXY&LFs7-tp;)G)q zp$d@nmU~Arq#HTp@QgT}B@_$nWK%Tm)R6tmivD(@4^Omdx(K|P2H!OVlswNg^P-GR zb47!{KCnpKmc~%>aMLgOA95Q}-t*^VTflI>fx-#A8rvN|Hm6lFF0z^(pBso^JW3>A z?N5JMppv1rpqPR$$FqI6bHHw{(~4{Q+f|M&ASQ7GXH~=UXA38;$@wZ;Ol81*r-JIq z&S8#>SfA#zODQ~PB)>i|GvYOf;WsLL~Xv?mh7U>OCz`>-c*r}AV-^a-fBv0rK6`8 z{SgJUs5&L>>|PGNVL?*+KT83uC=?7-yPANJrgT-#JME#+O1l-uL?~cK)|uWLv)6FYoQv z6}5aLg6{$aHQCmNC?8F%T@ndzQ1TOwf|n?CZq%xrG3b%35brUQx*){*R+q0 z%`F-@5+h%l6#wtrJh0o9(=$&nTOjHOJ>R44uO>ClGMGBo4f_$V21gkxe_7xY%&s%H zfD8lcIIWTI<;uUjG#7A$igK9UD&XL23ub8M48V_l$0B7Wd!TFU`d|K$S2PidXa`)lSb(S!Gzax8xM=T+W- zrwe4dl}P?G^=^Y7#!sl7C7`UV1l105PJ6RI5Wo3Z!uEXAcfbOe9H!dfJ7`K6x-_FZBX$35HCAx(g&XvA7YP>|M*|_MGyk#$ z&1u0`tj@O$frWu)(gBa|qJ2L9?>#pN@2MVm_iyJK5#BSdeB#Vs!>JHaz=C`SC?&iI zJlO=Am^#4WLUGIk2ymMKMN#LFzW6Jaupm$%6w_J(Fspq)2s=SIPRuRGRvZY*p#;Ik zliAagd`ZBKr5LbkZta>Iu%l4~_^f&eQau}!^+OF61P-L@^(uG$0vlnnH6h*YTxkh!(PpppqQ<6k1=1V9wC!78kUimzde>gM)C}%zdVrbN{|a8 z5OLRieP}%al+Qb_J|fV{o@{uB*8rLMG1xSOE$pQxP<%R?-U_o|QWWWe!OejNU$SRq zI|apkHNb@v*=K$8(T$ynlh)IdEv>B6?O08hDTb~e1yS_XAhAk%(RCq=aQxKn=byV} z3RN2b6_qbH2xMk;fINHxP{ckkIkB;b@6D#q1W9pXWv5cMjsI7z0+LFykaRkwsgHi@ zLk7K)CTXIkCBkHX=8s^CmME462XU`rBLHEFD z&W?ifwPXk<7*u!wxNjx^zszlU*Fjom9AHeMBT)!F-2NB{*yTH~hz$`$Nk>7`GEO8c zD`Ajgf-pUh{d5lh^(8;@$DF3I@Wb8g1ayNOh2KhP}7Pf9L* zP;2KTg@@NC=dRcj6q5h}tuoFL)UdVFq*3#R1rg4nVN*Qy4_hR<(*Tj(&p$mD#wBV1gFWErgZ*!& zQDkp2cV`VD0fv1I2>WI+Wdf~u%6^*|D$3fwfoy$W?&wXXh_BpkVZk_Y-OkO&PQI!KMueZP{5mg(h-LE%;Uv zYu&5&26+Zw1~U(;K|!#h*HnYn_P9%1x?Ynn{^tVY*AoYNl$d1&0nE;Ft}d$n08)=y zk*|Sxnh=1ry&bjyXB`DCs?{DG^xIMgYhy!zByJ>@bEFq@P1|^{RHu& zM%!h*ajo33p7XOdCm{T{f)ONS>i`{60J`7=WCSu`*i8RO7z04P! zl{wufigVdawbz{nnq6nGOpA8`qkWPO4~DX9=tvt1(}J=>uT3DK0UHwvP$}dH&}-w? zeL=$_gYUSawxQkAjt71yeOEr7kHmC7N;xWY2&77)G%DdsDPgEH+C)@IZ_hZ;52|j| zn!)0*HJ~|)bLedXOPbE?bW>2pSxy)E%@r_3b=|{3^cm7dx9~yDN*bh~E(Hrs3G0lB4q309q!uqrWnyc-2(=sKb9orXs8k%El3Cfso~c|* zHw1O(0I>{?%Rn8#16S#&7ef4;90wi!P5_se(GDpqo9@!L zGL_5H_kV`9jpArh;E`nBaK~WmxzRnLY!9XuQp=P%Y#*7w2l+z{qn@E0OUlsj&q7-Q z8%iEHnHRHwGgc+qEa~5AFUxN%R!D}3w~PoyC_{;%cLSfojX>GYxn^2uxn-MH4^V%2 zqm>8COO=IC@sLq3g@PQ$_9kK~Ckr0aj!kg^9wstvz=MAQNB2TYcO1TKrN)nD{IA`!rGwFqG8x&B|>0asSU6z@^fXf!F(f8#gmjXN5?d z6xC=hWYpbCxAoLL2AeQPpURM2kY>#ibC5}7MEha z%L_<(d2yY;+Hw|u_&JHchubgTi(6oYro5lZW^v)9K?JyhW|7b?#T;^k!1iXy{K5Bi zrV4Q~=6hA+ZCT?U4rb_mtKQlVcS$sn9J@peUFzBN9xPpJAIL?wc%8^4@D#E<%~dR; z(ku0=rULq_k$HLlET1$)fjKg6Ynb^uSyfB{L2v;`iwtW?LCK)E5RR~GSa!`r8ojUn z&HQQ%ph$Jz78(d)BqQS^hHFE$&cnAbx4OyaJ6xgeSji#yIVd%j1RGQm2HU@~yjUse z&1n)zNi6qWa3oodkA#E_?*Z6GA#skGXQfGYwT3Hcw&oo{F`13Z_%9%o93`T6Ca}7F zgr<7ej}6Sj9-6NzdC60PBakFJsvKY;ezFwWNVexoDgy+!&&&d#>pVi-(>) zBuDv2Z=4EY%y11N#35>isW+&%h*5%6;an}`kGd7@Lg`>k@aDvX^H{wuS!aV-8h2c0 zN6AqKwp;7?;P4S@6QYP!jK<@`<`m+{r@+C%i%7BDMg4dgyMnFM!jL#=<|%nT=H^|Rn|YgQz)op# zIJg~@=jv>N;B85^ib|BX+8(Zc{uVZxt>}6E#VG?A60&@re@31uVMwU5syPRwgj5?^ zoEeA(HMpFjWgI9qg!Het!11>7Si_a!bg)3XiG3mGRQtIKW7~Y5 zllvt@+szQC>#4hH9sE}{Q(NyWz1Incd1HQ5@-w`f7Z!DZrT!rHrKIT-6u{!EoQLv9 z;+S;dP2EswtfsT@IZ6rWbqB84t8am=6bL*p^JtRpJf=Z(Q75H!|6>JlOe4^7KrhqM zEYQqHv55s2OveEYYTcrcippmp`juCkX}Ay42Y*+IwC{Fosw^ZaLa4^o(}pry>*!D527d}4^&9L_Z<=?!*>^D`0#C?vtfwSN($YRBq>~pq z;H2XbVR+n+nf1v`67fCaJN!JLB>K`%P=EW!vzp7FNn?|$q-Plc@aYcibI|S+nx(;C zM1uUjU6*_FzK-fuvTaR@AVJgzmKPoZ53MM_P*_wBSq=W@R&bE%>t$4~(Z@L{<>b0i zBS{t-LA9wx_njB~&$?o268h;C=C4AT5Dy@%k;X;Lf>1+*JfzpLm&b3gCdU=s1yW}z zFk!GOp%#i)HL*!|3cKPokYp(gj;@Ju+?EK-g$1QF?d|ceU#DoY4%yRGKUBTINf52F`5S`r!tA7_+-?hfL z+|>+!o%-v}p|aJb46VD2e0EUo^=tlp8d71TY)A%12yvGe%Q9eHpP67e=)8i;c_CD% zX{VrO0=bARnarqrL`otem6P7K)=uXJ4JIQZk4(~ySzq*BuwinK@aJx!XH5L=gAZgR z4bvuBd1jhhfv)o~BKdLw+ToFdW3{i1Eb8J-#xyT!$rZJ%{^875N zzsrfEJ@RVf&z_+#c3?|N7+W;ZlM59e3DG$n85i7t{xgW2=OSVl$`PiZxK*9N)Lez4 z`&l0@?BmtF61U-;gTGcyv2*|6QlU$61^fi@*SmesiZ*2ud{axT`W;KBS(>UhnbTe1 z!Ypi;9R^`W8~ns=$1m}*2;}iEV0mQD0}UksD05)NROADWlcRoHS-9bTcOMP{rh8+G{4 zMYU-a0U=k%xZc~>mBRSX@H9MTy4cfDl+B+>H5cb(GhVi3Ap6u#Em>ewVL&N6Ozu_o zpwuIce7(0zYCydh?OX0Wy@S`yaB<=o`4@z!)+zw}ZC30R5$Rg&RXU0FQKfhBPCf%N zE4FEN2_*ETB8@wpUu~ET-K^@UL{;27Ii8rSD91ZRo<+VTfFs@?OaI^)0K7N{9Qf#q z&3BIYF{^}BC`U<5-hGCr;POL z7QY~Zs+l5cdoI-t%0T^ww=YinH!IVzZ$w^E(vl@yUY&|xbP1@zL)(}{q$S3fsf z2v1MPING0JB2wwRq8VL#g%;triJ_N7}?L#!3KTd z?N_^w-@S4c=oZiBGs_?rgvKtpr;wiq$};iw!M5t|EX91x^H%#q!I_jRn+2 z0{o98vT9~zgxY;n|JLAm_*#qGDmg^^e?RL9e>joMkdi{%=!{4Y_syk?=U((BoPR_`Jh){l0 z*jLva--~_cj0&|n-oWN;Bn`NmnNgIm4FOkykn_={f$#$eNi!>isJgVb5R+OdKcps) zEdXAic!+cV3- zz1%^Vy2bt45;0}~`@OGix+zJRy)Sjis0H==t_@tN)&I#KfrF9JRB89PBl`f-0&QmC z3Uxi0y+8^Qi8zmWWQnbWDXF6alhyZeFbH5-elLim>Tuk8dq5ws-QVzWF7-sJX`QK= zB{b%x@>~QdA_U8@1yTjLuqkW7lh}9^t&3joWrV8T6*YVpOn<@ECIdD3mlw2!R?d89WT|_}5qezAb{9*p| z0%Eq!yyv<2M6vb~o`pb|dbLo1RrC_1LD#YwnFi+;DD+LVy_RzZFBsf zm5rbz{nY8YNf)OsX!hKo3i!oR*hi~KD$0e$yS^_iCG?f+J2>vcbz&^PJU5KG6eT0o z(VjMcqrX+i#1D}2lW#HZ7TPw;I8=iO2Kg}nO9SKBTpVg{4p2J+T0Q}NYLYkS|80rC zkOjttgzyrY3lsx9(RfkXLK8u>A_N(8%4GYTH)uvg+-nwrYWLTMoQWO8-vzp@%9tCB zV$qiE%<(0p*SP;^Us8PSIewnf?z@|SE- zZR3D>Uy}LX-Wfue6|lUn??;a!swwLtg&}blv2%uV#;UGjPDWIx`|^UAD{v90Ak?p` z_Yl8GdKZ8uVGZ9)0O|33CHg@(Ln_L( zwbi$CH>IdOOCZFTA`%z?OE-@i8X)#;fA<07eZo_;xW@PR>!aeKeXJx{5;gb|<9wZj z8X;e)7BFHel18w9o+_!v$&9oJSuT%h$rP?|A6xuC|CxLkpLI;>~k4V zA!7YIfVxRUD^GfoI4uIM=@%l!FZ{DLc+iOWGy)MAh~`{-z*Vu{K0@~AO z`r~>=YU~0C2-O3n#!U6P#|4Cw0A@|5`~FS$8EZ>GtPiwZ$&L2@1zhehiqwh_7XwLz zkNdOX;qCyd`%d!W{-1cZU!qoyjI7u7yfiM-SIhredBvymNa>%`2@7plD{t~3 zMB<-VzvDB~W8~1+`L|?`VaE1_m~lc4v_Qio*kE_%RbGn`c1#gsG9Z19Pfc+dQa>Y?qPg(|=`eFe) zl4_g4#+4%vlrc|DW7WiQYL6QUrVf^<-UIB=&Z94kcqah>>z?xjsh0#TjwCc1gjdc3 z2_yZs`_^v&_#Fu3318E(%fK+_Uj7+!5UgV2Pv%nj+;XySO^}_CYdK?ESY&f8f)KtU za5vmy6afxKltB9emXW_h@*F`$9SpbqnLnmgh6KsfIc1=95&~2abY5Od;Zd)CoB(up zeTu99J)e)HTST9$7eu}}NTN?a5>j9%QHx2Q(X7`huU@lyw)%oab}Wk!yfPvKF#V0= zW3V|WhW`!?AqZUp!iFk3MI6kdn!wTj`f1`N!xi4ltb>u8h zaJu~yob0a*AD=7Em>abu+}ex`0Q8;!7kCULO^1QP!%c40z*-P{0P?HT9RaNYqD+DT z+D1eF!bN&8W9q^pfrw$)pJ^LR(6BOUE3x{wUGe~PAinp^**HQIVT6#>|FS~>9pATc z3fkaOeJ*hHGAR|r{4*RC2r^^x7fb&1>`OurYL)rk-k)0tCB7ujbarzx|U+ z2VQNw;8`Q#Pjm<2@u>chr+){Ag&o|JgtUC~&oEmN;%tHrB~pJ!{aGxy>-TX3et@17 zR1>0g5+Uw&e{K^`i0bhTltYm5MI-wAC7iSN3L6-B1!X)P*cjgQ;f&FAfB&;^i4)6LIy(GqjzLfGSN-x8_=)1yqTCmjKK}D`Ig9YM6nAmih>R>5r-6E{AiTy9%b_qV{ zZ`o@MV8UfRLdHErgGu>-5Ly?sw)Y<*1J5xqHsuCyuuAyPT(~(YxH3ZqOj1D)HM+Mj za8nktn*jt97#TN8*o*(4|2o2T6!Bj!!2i2D{r$Dx&sS(YGmZLp_Mui`%wG~QT6B=I z>8hw#U*4EqQwD@uySbkYP&jaSwer?1*b`K{;D3AUpJ<&VyNt*ph+65O^FQ}G~2x3lfsSvnRW4VgW06oV=-FMVRG~5hVCmG zG#_H_ldCYU@F$(1ete(MS^Z!b=yaaIVF`@ZCqn=K5PE+%f=SRy=Q-tjBGA!tGKJ5L zGYB2}%<7y7+&Bz;%*Zzs)PFzp{ISUZ_-i=v{%r_)f^Z+s;U9^hv#r35(iB`SoPxpm zl&wqJ{}(B^YDi5ipDyxA4(u=mf5&J!G7!kz8aIqs-6#BBAm*dYdqT2BwS2LV09ic2 z0b8iOYztaw%J$=jM=@dlE_wK+A%Pow<5Zv8BTV+5FdgJ%UCz;gO2wMuo96PM;}o2W z&LRpF32*n8K|yO2e0HI;`lR`%jh~5jBf!h?Xk7)l60Z8S6kyJRq;&wIAR2v6GU7#k z{@5+v@3xr5$x*pAmXCB_f9>|rzioN&=$&2gqV1$hRQc$g2M_#b!fZK1!*_)DKepz- zruZP`t|@KfcJIi;QN79AeC%fDu5<6(o7|JHs}!!SWu@=OS22Ruu8r?8r-$^JnbKby z=E7)E5n4`i@x31w1V1-<@C|et`^_0OoV#t3`;#;3)j7d?BeN%S{FB@DM>raW*_&?_ zw;tB*bVSo^Bqmfa6gp(Kyj@d^!B@O>uAkNXTz(;!EGEa{3)}n$UN%zvbKK*Lsb(7~!n|ItJpK+NIa?uzRFgq{+w#$RkHPvZu#{v zHyFRS-y!Zjv7GJUP=EYWV$$PjfM-vT{Kii9W-Xj@^M>vD*Yzv*Va~;OIVPmGsBKx%E==|iJrvaHL#gSt~?$5m{dHBq}o+c&Szy1;o9>lDU&?Aq|E zX8CsDuM1=3pDwh{1>;0@I@uY|S#RD=eY-ca1gnGw>Quau#MUy{hst1!R+m@miYH6@ zPron;{_M3>2W)Y`8^0Aaa2>)zuzDkP@($=PU&zo}hIi&s9Pk8PvhYh0m%X03U7b#`M47Bq#C*5KOzlh)?{z^8 zdn^q`v_kFnqJ6kh|KiWs-(GL)ab4R!+uj{rP)YuLcK6u)z^Z$4zZtD%8Iu+9okmf{ zk7a(9&kYoptEv4`;oLnI58U`@rt`X@^^xO-;<#vkYy$DMS-<*-FHep(cr;e}2Onil zIaFx+W_s4F+^?H&be~XHvU35{=`veEpLh8^e$~%fsJ33=o>;y&uv|zAEQ^AdikP;~ zU>kS4O7Ib(U`wJV@z+)r6*P%_38Q@zXw?Wo@R+(XsJq`4x-wFszwEFuyvF`NVAXe8Db`p4!RaY zLk@?Jm^%8mF+RG@Cnc{sgELMO!>12VF7uyCPr-WBgj!`fuHD*Mdu506(KuNU581B! zu+iR|PnRE}e7%|7#!^jb!TYMCC4Qx!gCT`CHGg~b2!3ZRmqDZ2dXtN%girsW_f+5A zjlh?Ncf%T9dwwY?p;|`h<%z~s9lE?9zP*xJ%GtJa!t@tGw=V`QH!u0B;0-q>=r2># zqKF&CSxpvP^%u5ZvGYI_95302@4n*p{|Gy}^*a(~cg=IUW1`l>>u9|tiaTue!euN| z-f7sfL{s=u`u>pP(~h6??{Spgba3lU(eIx;PiprRx9Y-Rcq#psUGaPX zLXwzTN>hHE?b*8bu&z^4-7{(AJZ_6#RUMn=eKXXXGXIXY{(L%%)g7jUG$YMZF;w8^ zfeM`_MRLp60b7W|qD}S^a(F7RCz)Q+04t9=5}eiA4pMHy&xG{TD5ts0%v~N2ZJyN- zgCvGodvgpLcIBn5{15itGOo(5dlywiK#&j-q(QnBrBj-PQc8DAOG`_)z@nsEM7p~{ z8U&Hf<7!`0` z72Ur0x{%r)`f+Y<5VR_Fm>10EniWJ;86qrECNK$7tx$JfQiKMz9eVPdoy!OCv-w&y z94re^GBe|Ay2;W{Nqg4zXuDs_ZoS;!r?Gl06Aa&6joT$!@@Cz9$P2C;+@S_{P%5A^ zsrYFd&~2eou){*_+82xnvVBA|?{+e`TN!n0Um@VK#xZJFhH2TpG&ue!N6R97+9L*Y zTyHB|?7?#5Ex9b(N!3Na@##>G&N$W;sri`Zr{I(EPYsNVUrZ>q8X7LoFin^%r|o?{ zeoq=U&fKy5_1VL*|9;N+Hu>84tYq>NelBZ4=Wv0`ks}$f(SEb`F2`@bfG&mD z@##wg7#WF^O^Y6auc)qhR4Y%W`mM!$OO9{bY2cSpmP9{|+Q}+Q(x1&d5%*-dg-En> zwCd?T#o*9Y>9{u{xSdjV*w1}Gen*treZlaiZCvEWrY}FgR~i)#z58{YDK4{)0`u)Z z28;M_vp&8X_pPG!cQiq8cV6Buw150f;K$^1ySI5%U>X%;xg`)@Oog(i;Lt{(Z&{#y z&u4z4vW5500GnLztF?Yu^fJkCIp)prk!B+2R>=N^$($^@r^n?Es?5mQT#lJxMeG*y z!4@k^oxkVRo{Cm>CQH-wZQ%gxbl=E3Mi3jyS)t`D8kkq^d)1^RgXL^D3LgJGl1tiD zN!kUm5lQ4%R^^&ca^?Q$IGo^cV-hiI#PIpvz3pS!(qQ$+uaO_#?P> zltsp6MuVZ9pjNi#JI(y*`3HjVFoV`6&#xy2`#(Qc3nePXT^RkAYup4C$51OPGI1ws z?<^-5#P)Q04R0a?>Xw!&8-{tDJ9zEro+`QIpoW{MPA81WjL=g5@TD_gKRqmi8%O`$ zD+*ah)oIeZesg_^nb`DkRxzwfy~h1qYfFjOUnsF)4aYj4izs>+ni|9}nCj1%Zw`D^IhI$GcT z9kGn8w2ygZ&mi<@*Z+Kb3VXYMP)8jW_)4oJhC?g8fjm+ ze$Q!$q~T0ftZcgbpo-H7f#|=CssaJ4!q6?5Lk(P9niZ3G{ojp2cbfgASGzaZ)n+}d zC)9Vv=~k|vNn5F&cVba7N{r`+Bh5vH++*^4uA=+*Y_VSmzOUI^l@F$M*0yQQLgWab=OA?~nu%s)Rd1&c;h}(sZGR-=+fZ<|8t!6zQR)$p@;V|~{lens z)#+^9lEtp~gx>m8{>$b{ZIdy@L9#yHO zpgghG;5$BWh%P9deJIRW!uZdjc`iE8){%!)0TZd8&OFS=(;|0K~o-?)}3Q&bYt=lip5leG6EL;9-ElUa^_-KY2nA52l2KJQ>e^Fdd_SE zohGT<`RE!Wu^TBS;D(XBb5afR^>|7^mgTi9dvgrnz&;ACANYpm1+2v5tPSXPUtg(Y zv>VG++?_G6GS`y%eyn<*YJc6gXgiK}2V4axM@dP3HJp-q{N2H-BIQKY{fhrYk-xw3 zu>0}pMQG5dNwSvZlmiOhU^DC^HR$&buQ1i1{r&i0xDmmdN3RRAy(l$8h#cVbxilUw z`Rve5j-up%2A7bA+mo%z!^3`y&M>SlYZLKbm+Mt~<>a0Trdt(zR<4$gVvj<<+XsN$ zxwi6mm!GgS@Nl@NopkgvxxtD2C1l5A{&MwBsbRODLOE2wrDJZ}*n9Bht&Mtu!|Sde zTf3ZXahsFbGKO;b2LV�g% zGk>fq4%JY{?v@cIG0EQhs$9oI%}}GTrp&>j#LQGDvq(?##R4N>hTX%K$l16Z7)fF3#Qh z7!K7+Jr6!M;jIt?w(_wYev?#LPp;$9!U>|&KYigeFx$^SR2xh9{bPWfjX)?`|If&WFig2}Oo;R`uV#tDF=V)Hq-uxl)e@B+^ZM8N52^zHcc z{W4LuM8}B%5B2@b2B8z9AUMf9s{;HU&L44pV1_Ap%Rl z^0a<$CmWl*Y(mJLfY+*0-&~^z5lcfO`)%O5Yxc_4txHnGv{ob!CwA1(ZxsqT;6Oon z7Wjdjl>qjj(p;diY7zlI!b@D}-J$=?+p_2nW(6--3xu}`n3D)RDtZoC^55k-6uj## ztW?Zglu6+=X|cGvp2D{12@O*6{-MzJ#KPx`fGBqY0l4Z@K=;4y`v7`xw_tb`t*4$` z!*yeSd{y&grDjLvPUDw?8RtLV6FxTtEb11Cg;UN!f^#?fGKnvaB)5hOvkPX^m1aAs z6yQ#Qe_j**Z7|h0pru&*;b4$+V{2^3r-;_K$+g9GIK5+Xw9?eXyiz~$8ml;A)MNnh zv+-u(<<(&ww&m*dh7t!cb6rxwRAXI1!{)c2b4%dNJRfA|STYsVU^)PcYMGmZ>SVj$ zqN9e{D+O{@725{{a}P4B7mg9zUmL0_fRg$I;aGTaqei}Y-SN%bt}<&_#h{vJSx~BM z+1M^`C($ca&R2->BkQR`x>;Rw`wvD-d)&S192z`vTHh=H1@#_Io)0@%v{E-o00xLp zgGU4dWrIyu&5hTmqKOAfBiSe;`q`DE_8p_6`q`Y7J;5wKD%pBI5PFKqjGZ- z`89KsPIiqY^bVGbHSo;pidv1@M=?JdEgZ+p$ink zN3&%J>ee$t6c;0~<+_jeOf(XAyjP2+=^5RE>^;Ub+PK_Mq zr5To`xAJ^0MV3BN-I6>vhn^ETI_~D!+Je-9xCGRQD+|LjEtl$oa*-uB`?~juHTd9M zgNKo1l6xVk=dZh!y_HkUf9AdubWW6p5lnuztQ&Ljph`{F<#hdlxjx%CYPtTJ@<01S zG43;O#H6Pgk&HI`!YwzQ$S1kV8jCxcm|+tewwOdyu&~6*o?fns7-BBWXMW`T1ekG_ zA25lT39Qc4%hydbsz2$Sw-Ec>Sui=hCbt-n6Bs0S94pPgI*^lsr>qll3%6J^TcmmmWC&nUR|)z!oGIB(}LwsO+@ns@OB>FTuFI z`Ko0%_`9Wz{rLNgMVI!JYUT>jB*E{-D)U|U$xF+ULeir(*Bvh*a?`|usR^_W-o4cT z%f3AF@mWOeRM6E)1?Jc$&ZL9F;eL$d6qUhTxmV7#h0mo!6(1Y-c&zockcww5r$obk zWf;j-td_$tg@)dRj?=x)rlX*lkGC%!5vErtdNI=774+$Yh3-z})+Phxl?56TIs^Rf z4{U(x2PwVJ8UGvi#7m#h$b_!O=~%4RZ*aPw#&P9P}$He zNVG?r1%?uze+lw0^g=Txng93>BbgU;nQ65z-k_JQsU86ofMo)s+yZgiJ2&f+4HB(? zb;t_oqHdMUnvIscwKE?teqDS&T>~xjcOj{jrTVLqD>i}F%IS{|Q-^82+gsM2#Z4&! zaHSbW)<+Meib zsc&^g|IpHGnbRJhXOQC$4Z{l@np?6fa=!hMm)lq59>w_m32J$({Xg1+07XF4A^48fhAC>J~0O#5^;E}3= z?xFFoEkdVxDtDvWEXFi$)GS@SmRY~TmFU9*U>%s`r5e_J9&>Z*RSvup;98yK?>QZd z&YdF-J_}uP*K0o~i@3*yRpDf{U8C#cy!@xj=VulH28Ec<3~Kx_Es_OpKTs73{&bu% zTiSPC5bvd5HU^NaUGus*tRJ1NHR&hxp~I7SA666>$5iD)Sc3kpL9nSF%mUz-5Gg-Y@NVjcGbz|^2K<5Kn!%3v2U3<*wL}r}- zfr&bWhQaLlq({Pu=(ljg_j?O;sg=2NZts+;hHQH$GCD#4iY%#Cq)jXnZRnf9_yhwa zJ{J|f!1@kY)<(hB(L`-RBF^`FNPsdUM$2U*8yvt$4b?CmD@=AroD^|=rI4ru;^NSy zHOnxL(PB4W>xSzAy3^HVHg8nq!#$(JXw#Od7EDcFqmGQ_zAedd*HpJBt$DFpr(=nw zg4frHIHgZQ;6ZJy#jAPwhC=en&4z20Z6C9-L0LGbo|1z2p!UY^~CE zzp|V$s$XyqX7I zyc9r)qz1YyIPZg9DG^4*LMh>f20YhENO0C)(=q%lkw&c{J11weWk#`D z-(aEVX+TPwJ)Du?0W@eF|C>RZ2!`LihvGY1*l;>IPbeJ=;^o;#d(DcPu=8GpO0!<2 z?WuU7$?U4zDY8#yBHUvovzt4ul!q)_ssg?$i2bGd`6rb1!AHc??Hu!2#FjoBQ>cUO zojS7E3mUAjubqFKgpBBP5T6BH`b$Rb+WxdTv`K2Zsl?DNe-)ZDNR_+tcrfTsZgD2M z=j)_2hJwIRcig}4ue`#p6g`_|`Xm9*9v1Jet`e%m2d1!< zUuhUfl~T)=Gg#hV>xf198PC_a4W(E8>_k}uT@r3Rka$~WS@JsWWA9X}c!=mz-EY~A zQ31xh1NyljZtBSVZ^skRD>$M}z*G(?0Z;ah=fGTBftohONmZ(6#Ll#9+kRfJ)ooR> zLz|D|P{hnmlBm;zHCadg)5#x~0$l2CWR13g6&IeT1IW`oxgkp-zjT$Q6@S7W(4;@~ zJE!-f@BfCvF5@2|&u%Cc3ocyreFB#8GLeWuBQx9CpC5ZDgwwNNKT%5sDA5LlmDnJZT-vT$98QQ zU+Tz>za*y&&=e-or@>yC?bJ?L7!W(zbknEg>Qp`K|FahsouynV0aFaIW*xK2qK?Zp zH+YGRD@>uSh?|%DJ`#6wCGE;7&m$IGLKLZFRO(TC<86fS4^uSjWx>FziZXm8UN91? zfrhU4Risn`t2T-&tNOvCkRLv6m#!7-4QjJ7&)t`ZsA%*eVb{EK;=km2E+)o$SDGuU zs!`NQ?Bu;pwr9edZ1C$guuq~5uyPfC-R;8I^`pDUJo)!5K-6xNn5@}*lb0&Z87@S$ z&h&*oGuE!^jXDj=U71U%4KNbF?fe!g=|$T_z`8L4uIesIynm`Vyw)Q)T>Flgr+BuB zSTdJ>>sFJkK+b~739ISd>8ul*=~#YpUusoaTJGVKp57U3%xIJ_qUyofgu__P@e;}O zLK64uA={(oM#Ws)C}^IG0dLH z3gL*Br~HJG1+N%gPTwD18TAykIolZ(vDzN)t9dRVLx%3$7m(`Ob@v#s z4D>v1OO3E5V2$mR6r#<&h#gyWT`t)(dA=WV4P#rlqca zq#G2iPK^eLR3qz)~w>1dTR4c zl-op|XZbc!Qe2HqG~M|em*Oc+R=sxD*>qBd9dWX8IQ@9Ad&z)|?c8Hk<7M`o17c-m zgRNUxLww-YFpK)&0{n1(s{YnrSoWE27WGxTSr)ZBdx#k9Ti=a{x)uUlZR1A!nOC-2 z^L&tc<^5P;Zd*~r645pr(Mg#6NWkbUla=CP6qe_*$DzC+ogqh|mjS9aebgMHzH2%C z>V59Il=RlOla+6UIn_tcOW*i>nW{-3NzLMz7&Sd z1P6p=L-us#O4d&Ij^QtZGwGNgO3T5lDpGl;1QRt--+vwJxgy+s z@s%Q6F#f*ugPtqrD*g@4loaw`N{-`|q0_h1iR>FQgUgvFRuMkt@1I~^X%-oCthM@W zjlO$q%rmTb>ba1+R1&@ZAp}MSGkjhUwQei-Hc83w@E7lua^$_qV+SBowc?p8cCq- z`g$^H{9CiTOaZMRgIfK^5__|Wn$OXiLnp9YcX>;d!Ja+kp71=+=p&aTrZ^qXni}gT zo(aB-af{O>a1owmc+_s5KJuYx~ z)}sAw#RIrU@OQavPQ>dn-UMKNc%r4Ix7+vQ4UXCI7*}d0vyBpYLIffk(8UBUY9wT5} z@~yi9Z`HOYHG|su9}%9lV>?oY_>)oQwZ@b2^-gqfpiw=6!;CdE=SwUC`#a$yZtzSK zL4}Y=__CfU2O$!V-{(m9_T!vL_;EM06pVs+>>(Kyxqw~f`%_$JZN5*Tp-I;%eXi+6 z9}5j8dN>p-E-DmVQ+sx&QKb11{B$^hG)x}0g~}z-i09p+lr#yF0qYu>b6+(K59Oz; z++?K7?;$)6e;uc%B*lVo^(8ZfVWQf`;4a}pGhkiarqCOVwy#-s%XQE#5J@H!a;dN1 z9|<{J#|ZEG`IdNPujwY1O%NfnNv5t+IqAYw^TU-b_ubhYLN2qUX^v~wiK^Ac;Vo}% z+x>J@nJK%;9-YJ+T+QZKHZ9f)?0nLrHxFXtf(+YEk`7;Y-B_$UYl9d|TN{Dmw3#sz8}$08#VSyF|U<=(LfTN z+_Zh=yqVJb!(U;EH;iJi4?@cSqf4lUs=mo4GXm0M2h?dwD)rU~ToEL4+fVM2&pEBe z*R5EzzLoPa*`98!b-gPJjYz04?_pwVe0I;eQA6AHR*B(VW$4HKdYQz+QtL2xqdwxy znT4aZR5xuh^3&?jr02upcd0T)*~~p7>-^^!ayWPj}Np`PCW*RNlJ&$_e4?B)Xe8!{G23e*4R$`@>mRGXuOw-DU2En^!s#Z^?cbZpC}7)!99dR_zx3 z9pGZC&JL#6FUt(MN_onZ?6}wrLCd!HUwqQE+OQu0G?^9+0v6?o>qo+>OI z0lzO3+oRGOyN35=gY3M%+OH-f@Rb z&I-Ik=RHuON5mjqAPmMCe@?S-MoOAhX6&ai8ue!oJdm4vqcp;zmxI#mEWU#EE0a7G zO>PHQoH>^wymz>wgb?Wg1@N)E`-jWQR5Z@d)=7xJMZ!nWM?eJ+`d2^&mrLy}E&PR% z&_E;Z)brQ;k&;e9c-GEH(~>OK|C1QXv@4P}HP2uE3Xvq|6i)v^p*t}hhJda!uBf-s*Q zJ^I>oO^~Zl_O1MbVv}kzsgUKD>k1Dh)6w<7>Rocr*K|CHFdmzks4xPy8=J<^ug>Ay zs)gRK1k&6&u_y}#;+a)CM*Mf*vyy{5J)sj1@)teHsb^aevZUVd|HAd zg~AZuw9cotzvEPrP`ZcdmGw;CplBw0b+(QmPnL?NM6b@l&B;k&385kFw{sTgE*h&{ zaye$ij_7?+c*d1-s2ls`nO&`A7PXzBp1=!ac4$RUNb@Ch`wehs39LR|BQ!iO;B(`@ zMYXCc87snG75si(Ib(b^&Sf<5q{;eR>6;s;A}6AvMY9S{%|}HejWqn@1+pzBD5r*Y zXgR!7O8W3c1<^}#@WO)O@%2@kVM|YV_B1D-R2xyhQBLWTwwbT@RS?&mjPW(P-uYAe zAtT@Ii*&08qvW@^AY`=Oy;%F{a0oQV z3=iaVYKYBLctp&0JXEU_U!MP9Yjl-cWl3Fesa|9Kll|6*OwoADmT-D$dm{lXK_X*L zMsTEQ_JEeCGMxOMJ09Kqp?^tjV{9(1rLAXv=y-``R zgRkwIuybdhAv`01CH|r17 zt~%v*jRz7&#&>XXmD80aQn?nUyWoFxy1bv*%}hM%`C{Z0`EDzP$~Cr#Pzc9SG7^NR zk_Y-|PmvxydakJd7~FD^fay~j&aFKIe+08Bb#)(KETL=GCc$+Iy|Y;L>+B!HRlUj6q!Znf`y8SmRR13IJn* z4h@O!S&-C5K@Y5dW)n8^12Zf%OB44Q=+Zl-9C~PmRNyhC3T7KSWnj6tXjx!{0$zYK zp$2xxF$qqFrhQ<7y>Ue7=(m#gDo0pWGHU$_$_T{p747wZyJfUPeyc9%ac-1*wc}Yd z#_(vuv#Rz>gsL<-C}TLFqQVf(@Cj5tOp|6<4YG|o4)siGFl|I-M-jUF zM7tpnxVbe>n_A552JNF5qQZtZ87rkaD`vy_Lyv4)Ufg)g+FladE!K9j;Iot`y zn6^giy$stzPaBG8i!5Fw35*@qh_h?=DOI^3+N~m09?T~MhEcYx*8m(11(+EjRdDD| zmp6^fN}kcJQ+U_-7xm7EUer|b?%|AzAV)>F8rRRFW>$36YJ^sbIyBZxoXGlMZfpM* zNU00#qFb~XxL0v`g6(5aTn&Q?aSUa|bI>Qa{=XQXBR{+=nsx`g!AbbgD+4m2m+d&u zk)MIG+G+j&4-05!rr|_==oJC_^}&N^En~E0Vo?6!+eJ=o5QwB`kibfXrdHXB6;z9w zAnSv{b7VzmlE(XNrbL9~FFXs?+*;iF9(E9TH9~m8$X~dT61+A?ZMDRK{Lt$?^nsXl z^_d#zYnl-mVJ$dPcfm6h@BC0Q1&wqL0k79TX~5*C2Cs@B8O0GIUHA(#N=Y~BeSnI% zE7~mC%w9X?_8d6_j9|NQ0BD<-7{x?ZyDsP7w?V7HrznWP_bsfRBKbqn^Pd0bzg+-+ z$!CDpF({lD*oactJ$f!9z1s8B#TY#L??;xQui3uM;3N~JkcP|)H$pk=->>STwTpo< zcoVpdBuXI!`WT*STctq!&o`eU(LfOZE<7{&3b_;-2{j7pt&D%a8$kt1>wffl^7%tA zL&)?d0@dCBTPqwWhH`R26^H!YLjOPY0l$Q6p;Z@aRspFfMKAQH5mMPM=mWtCctPPtQW%c7qB7L-5cm5HzbKNbkQ-+zR2xz0 z_|S_Pve?)MeYNKQzHRsd)TdPS)2M?eMGVxvz?!Q5?IK;YbEvQj$k_i0f^GkO;xLp+ z+EZHYJVjCiLkeep{MBLX-?zK;L46EM_Vc%ZsX*fbvoEj$7W<#p?nCZy)B^tfpYHIt z1G6wdJ2yloCto0!K7^V~`+TeL-wH)^Kx3xApf-m2U(5aPn9W1>x9S5vEe6aY=CBmzvYR74l*RD-mgYjKNwfv@Bfk&0Mju z&Hv$P&|J?+{(lYk|I~2%aK|rCwv0B0vr9i6=$|E~+OG6;d*8=k&&wPo1|vfM2pJI6 zQ34)~s2@ssunMz3)7YMI0P7UHGzcR?I)EamcKf!AD1{sp3<$k%mcoS$m%Adth3{0U z7)B*@4{-Au`>g88-{HmcTIr4J1>oTHpwpZ?-L)s+sD$OnCT9U486}!BVh9@V4+pAi z553@!yLRgpu`~gKS$4A#`i;?o#BIQyPBTZj#kQ6Bdp9LO3<{~w~yTxn@M2ALC z=6I8YpfbqSrlc^vszIG_2{fe}&H*_kT(8Z)8?Zz$Sx!~HHJee62W5c8$RPhw=se0~ zrX==+ehACqV`O3n3CMIaI}DOvBEztNLDBdK2rj5-Im9G6%{nXAIqtwWd@IaAT;K_6 z2IPmd;X*gnfaYF6vC?89i6j$~(G_y3hSIVWVk8D}&&?#s zanK!I#K?d%1V$+6R;~8tP-1c71;{2RDCxGcDI**q*CMqglC&?%97yb#wY4>MeRtpw|2`X#s9Le&NO_rGzbJj@0nEMb-r$_uQP}%@)fa_4kCiKLsu$y<^tQt7lZEKc zfGn%G%vSjD}W*7 zao_`w)dPIIW+1LM#n4>k?wjW!S|D$v|J)9nKCRvH$hj7Vw;6_*!+t zX=E4HLgjevI-q?Tv?&)rsN4mPd(2N?%EwY-0^X3QEexo4Is82l5Z$VeSNY?GoHUN0nEelHGtK488G!SPzaRlhpoAKYHlccAb4tS zZ?5WghrO*-!1rb1op{BR?bw&r)&qo$$nE%(Z30yN6iTY#^ZX{9G7>h^j~=uxMP03d4qF*OuGQXC~G z#@++Mo2GjxCe33SMY|fYO(uia7wxwD?T_WUN;=85qV4t%FqT)qpLWzeDqkmFdjjiD zIt*sVumbGY-?xO2y*w#2pd+kyC4%0Sb+Zy@d7*_@{iVD4TwZ2cO^RO8;<#uh2{03U<-9!^fu1 z2)j{FwM&Mc3LuaW@h$$2>M)SRvm38gW*kOUUVa3aHwjuD0dY{w#_t@y3&oLVXP`vB zt+(~#wB;WIyVi#?LG2iA0W~d+dd!S98nrJ7Qoi$LiI`r~P*8O-3{fm!OL65jVvQ`d z-xwAd4Pt9NZ)G?(EBJKO&*fLfL@z)eMjy1Dktvq0DF~>fc3(!n!P^5qs8ZN;<8nrd z&f3Gw_e0YMkko{TBi|1tHNj_C`R7rQp5Pqd=ugwuiq0v>jS1 zBcCW`a5N2jNt%tY4?F4=yfYl$HSINW00O1-B28@5We+^3%l!NI1rqA#T=xV5IG&0= z1k~9Bfwo~{ux1qVM^9f`qdt5(A85(E?Z%{3zJ^C29LP8L&|r-W&mHYs_zu|hU0mfD zd;Rr-n1J`PjUb7IG-#M9V~faI~hRp%1VWOq@1u+ZyA)JEYr*-PI*+$W+(QhA>XlzW zIoa0FHlP%%yKU23oOJOr;NPFBj5vs>j7Q=O%Bz)4}U0CvZ%43URC|3NLIi;kYqW zYtqGd-q@p0x)hkV!Ny4!-GbR3>g0K`&d zQ!U~)h9>wc5y_t%3=}&E%`vl(nb3ln>*{Xq>TR}ngzPCGSENaaQ_*aH`pwz%id9*a zZ6uk2+gRx#C7VY}&u7IzzS!ER0|CA*dfSMvQtm6lFN2>g<@_>XenGN%5~C9BzB#;A zZdvRDROTtHHi>c^UeI=tQtNg_P!?h>e=ZGi2;hv~|BPK7(14}rtr)`p(P6ljA`<6K zz8DU3Mev8z$QKt@#S#m(+34JJ@8$q&`Z}xlYe~Xyw>ZRx--Ee!O?8PZ>qA8gxL`2v z(sp>3Z|q)#WrRg;66F9;g`G4;EpU(HkKxKP9L-ld{4FQ+M71)bn?nlrvGX25)5l_R z?|YPt=ylJtkSBCIyqOhMMJMj)-mD`cTr_L1FMbTNvfmH+RPxq-XWnC#*yMXY$hV;+ z2QD@@$%)JkrK=l{ud4c zH!kjJ8ly#pWQ1Q~h@synz(BLoR7HA5YHvbE^vtW`j-pq#aHiz_&itWvtLg<5lSi++ zH5%P&%5ZUNV`rSAT^!F!M(3@(MS>F5vl>OxTIq|Dh`qjEz_{I)JRRq4TD*%t(u!z> zjwpH`_TROO=G_;=di|_rw;B%rROlmij*Qw7d&D;q@Z`R2=LPcQJ9zfdXVR+&k7>Ct zK9klh%%d_)0d*Jjv`!afe>2iH5$``pTax7m8SnEJ`$zy^X3|&GF7)2c-MT&PE>b2b z*!sO#VrEWVH0jedzf&&yy+t_g>SOnx=I6 zRe#h=)}Iw2dO+K3mt*y%3#-QF3$ltB`trjnJ~YlbaAY*Y9QDlSE_<;)S~LX3z;NBo zrvTmV-&GNJE;Wru7Ny&o4WR--E+F};Bh`qeMMDelP@q>zm!K3s_<0h1?>7!{G!qbb zwDqC6ZxqZcpCv1VIQ~9VWgkE!9+T{@>BQ~Y!t+=l3v+T4=D+AKgBQ%jH&u@LNN

    *+C=tzxRK^$2yy)hl?2*N_Yidruu#RT( z0}_eup0REt;X@^{45Tot-WOC~fBUg(m%tL(;Oyja0{4a;wR4p&N1-4*sKg(ESdu52 zm0B(9Hn}yj?|0*L5_W#nbP`g5yufB9uGxDHd1rfkY4Wh=5;M`LL!Zn5B<(i{&7IGZ z;PK_^+~4a-5@e&1DkIoGlok4&ol@r+Qc%`tPLF;4v)_B+RULnKXVi+WC%y(sa_$=v zV29m2B%@0}+9Pfs&-;z}zWNc8OP@%*Kwr%8&$QXqT8*iW>u-VI?;9CGOW9c4|Kv&x z%1M6Y!JRZoB;#dt9c(u^A*jR$_a}-WTvtBKaXD`vM>9-Y5BqWcGG=Xmc}!slICnO zBh2o|2(~I@rBr+mnAW76|5_3s5a?wAneg8Afr2>i0S|whr2LIN7k&mh+n9>p zF8sT2HoL6z!;@Cp?758KVWq#Kd6j?Ws3_f9pzA{cz+$BFzP3HvQZT^5+!6UNxzUFC z%LDkCzY>ZHS<)O>;sj~A;#^5+>hrpB%Ah5JV7hOQ@=Y*+@2IW8y`q(zgC9m~rSSq$mE_D-$ghJwW+3p@C;ooq$NeJD?Hn^KiHRTf*YA zYm=6@R^ZX*5oAKixfoeOah{ zKakfAnu7E9ZRZ3=3Qp4{`81+P=11SV%2AJ?@V=_}>MZK$p7v!}e6)~&tUeS9#VfS8 zR`xtf;R|iEFGV@V4MukTX$7BUvK613r|A_O#)0bK1Hpf8)pc0jAX)uaJTTrIRQqbo zn*tV@zXj(P^pX{yVH!Y?55_p_hoqOAehB+R0-*qG0P4PpH^1n#@lg6b38K;0j#lobKBU%?k-62xhZp#_7vK?$e(0GKR2%LjSLyIX^LsRJ)(;^ zczfWX$$LfOq#V%~nAUQk^W*&e9f->@;klLQt4P>4l?{vKKB4J)Zf?&zTo7K^?XUJ^ z5c}&%up=4)3J}a;W$4zxO&8^mm%Gi`2dL0ab#nuqEGmB+n|u$8FW8}m{dpMl@(J@A zc$IYUx$fQVd8NX7yLy|%-E}S7MDS>s^!QK}{}gcWQi^GU5sOMU3GPTaRtJfh{#UMf zD}Aipm`n{)Hz&@IY0IGdr)gF8x9O&gNh&A1`cf+mU7R5;olRDm0s6~Z4Lr08v=NQe4W4cQ8Shr5L zm~J>&bK|a0Xv2Kj*1xkV1$E$Fy_2zrU_g|>8+e>=0EEo_vfM({lg~wS`?W;n>hOw{ zo~NysdRi?2`kUw;FHvvOthh-M3Qf{R&=vzB$6PuNyU-b`W6=K@5?Sqr}~^dn4e4@qF3*Y4> zvLQg8?ICqp>{)^H#L?57d>v)Sh z^`*(*AI{agIk$i_(HMGWuDO`%M$9K{Q3cwyI0a`8=r??T-=C_2`|4jG)w5{wYPy7k zhnmsu!c4~xGr!@Otb2GD8unIVL_{f^bpm=XJ`?M|OJzb&e#m_{t+*4`%41)RTbut!R z;n2uO_oZL-yFJA!_qjE`jI#lT(u-imZMc(YhwYgLu` zbvMiMrY!C{QzK)3EkLsLJwYoiMYJsC0pF#=`WvOgBZ>KWMQa2y*LWV$X-w|RkOM*Y z{kx%%acj?U)!jCr=eC9&v=_n&?C1v~>h_pf{=W60%7@Rj8>_3iri6BTNYwh50E<3W zO7*QhfT~s@^;5LdHMwq&vjl;fvo#x}y~L3~&uiZK1rJMTagQy{D{ZLS1E5s5I6t^X zO|CK%kLUAWI`x2|2+DSS`QpN5eZt!skp*Zz;kPfN>QO1+@_9$P>`??d9Ht~m)c_jj z_xS)6_QKZ{aWQ`%(!I9U^xBTwGX27KUm+ike9{&Gd~&IkPVu5}-&uh zO)m&4ghAz_HeW4~Ca5O?Oi4QA8pb?G3C^vUC0?TTGU#(JlH6?LeCo2;FHQN-oX#_3 z8F`465a6u8h$=i5<-<*{I(7iNsWSJt-^>7N%z#PSwUpm}SCk7sdyv{OzxT&W2ljI% zXRrN@0ff9)_>f#|=IP=H@qE`mM(C^Y>Pg{&`V=MHuKp^X`CfCXP^X~w3k%7ImaWVI zmJpOq2U&2FJ%h=EFlSl9!|tF?J}A$%*X&tV85$4!ExNk;Q4!=`&L`5(%>v=G1X&nB z!%|M}+b4Whn|>~xE^(5B|GcEIiaxFv|wn?vn=@}2|fH;;hi41&}_N7=Gy`01#c9{hDLSugVj{&yM zw)hUpi#pFhyFNenKVxMG8@0dJss&)mksOmPOn8 zGJ!lX@3E+dfI-_0EM>#=8(c*kZkbAP5Rbf^4_;*75~rU#vZ$vWcqji_C~9;pOjK5R%#5 z&8H=GUTP=ne8(LV)kmj<@grC!W!Gg9+x*pX>yim4&(RQ z+H03q2->ue^lcc`{MJbjROlB(GR5v_8~7ADc5y#%zeoAfxA`Uh{v5=}R6w=&GeF5q zD<9>1@lQwhch0+lQ!`)5zRT+l4%S6$%Mnn$J4(stj4)0t4UfC${k#t{d_ZckEfVV) z4aafvEgt*o244~y&v5Rg(&UqGX4oY)rl*x=^`Ae;Zc{%+W8ns@SkSxrSzDtgr}*db zds?R+;9!i^!!`A5`+`1hE(zx8BmAoQo(zZ$UMt>v4X%g6L3^^>r(KHaq~_0a0p}t7 z_J`wnDdUWS-p9!=-VvK^N&;61{{nJ9c3%wGBlCKlVPWNO^PUJl;0k|&A17wzWgp%9 zS2%o#7b&x`u(&{a+Y8#AuS8DkeKGfIkmrlC_`rS6RMr!uqUCv zC{n09{iA395e6zG)ghbhzSm7PoW1)53wP!6(e zturAIxA|+Dd6yU9s0ZUX(_v4dN7Qb;26=6oV$Kg3u|rt{R7xN$;F_5Im@j{FH*3x* zm>3>QdYLZouCy(dtiZ?0%YKnkkVFuXo#2{l^_u;0b<6_Q=c$`5f6YNviQk(+!2y5+ zsfO0_>GbFJ(0$bT(AO_PQ!2>7^zWa6g!|8cmjnCg7lcRuArz>PU2XHw21(bkmI8wfQcsj6C-cdU zyFH(}MVj}>XgqjwHO%02QD@HeXZ)5ro59*qU}y(l_1DD1@V!%^AI6oG&w&9jIva7u zD4Twoj^8P4l@zhb=DZ=W{kZCDl+%eJu`im4tbqE;5zrq3N3FQ9ule;5`b!W=%H9!?>eo$rf5dn*uL>3&mGBGNlab%lTsYRLrl* zxQNSGj&P*98x+WS)fj&=!`TQs)h43%>5y{$2a782K_n6=8W3*%fYSsF#A*J96NzX{ zu}w7S?aJBxI?3pqwIN}2@Uwb)H1SUB@;uRvYY(#Uf~(6ZWacE1eE)Ed_j(7y3i=2)*6SnvR|iVp{y63`^&c{vb{V;IiS8lj?^({DXM9=91SSs2T$5c@&fNxAMnPG?B^A_%k^dJyh9{p6wNu8 zd+^>408lepT;eEk3JJ?GeQ=`AzhF*Ub~?vm7z4x||=e_Iqq8 z0dh^JoA~>yYj&XXe4&!wbEOjR3_8hn5yl@V%}D|Qt6#}oZ_sai{3QPJQSv5Sw-()` z2>wyZwBeht&|8xUp1xN7J~(J||2XIkh+crD#X4;kv)tUlA>uY^LT!IIjp{|?z|%P>#55=t|X zxw7M#)b6{UQ1}9;Fp=7dXcHoBWAe0KCG-zRR=xwK>vAx?No70UFJbk^FG#8DW#5en zt8FGz%N%a~WRS<^>$4@XPo`-0$Y1u8X^#`(nR<-FMz!wuc<*4UU*S^bO!5ux&g*=t zW%(yJCBQU+eA?%AXjBvzfa54Z!!O1S^0NRjn;7Oq3GN)C1^lq4`WbdWo>A1a!he-p`h02v;&$SS|=3HaL~TwuY#trwLta}Bu&^v_{J2n}X%f}!8L*rR$j+H1Vcj3NN`_$lz*cg^v?>P_l zSML;%WhM&Dn3}8W^MeB7v*#lqQ-6U4F{h&wwt@-$qZM-?|&HB=B>%8=r$ck>V-6T$eJWsEhH9<;dNbxH=Pu z`mt@c_$k~=o&rI;fdS@=9*Lrrh$1PhlvGtaL=JGj6si$N=@}>kJH_y}ihYm<4p!CM z(S}?H2D_2>X)Hh0xqEN)_1crKBl^Az{jv3w>fKi?J6kk+&=d~yx7Qs|Evc0OCP>v! z_rs6;m~WxC^a-g>36?(ox|hAp7uYJ_yzORqE0l<1OO|%m_I=9L#jk@e-|9&hZa=-` zNO(X&U0_Ie8ClUTmO2>D&GoBImfw~41L}2!VL_UYqF||nTzNcw_pQz!LihY>j1`*H ztvCng-&LV2{%n5g1%gwEr0WA!?V;T`aKUi0qpq0@j6Q<4p@`+6+&yO)GHo6_^RxMwv#MX1%3JxPPF$xX$yx*Ryt&Cx%$~-U42|A;)C=3>f z$HiU#5{z&^!Z9MBF8elfUP|Eo$}Fd?_BLee z*UbeN*8WkBqtmaO@W<^+ek{*NO$p)SkQ@YI#ZDcQPt$&Uh|e%Pr~OXBFF@w90tn;| zsv2G0jKKNead$g;%T>8tI6X{YHI50x69;_jh@W6>EJU}K7mo(LO}*Sb*Ug;l@QF5? z{h;w`;*mgl!So!?G34#}R3WDQ(PEvoS@k#U!7E7L>Y9M`OQSq2Qah&Us%3 z@$(r?Q0@8i{m0If$DHZ-`sQ}I9`!dd?~NeL>%&+QTzYZR+-G{4TGY(R4o!ZCFv;n0 zA&kU<&@T?Ku8%Mp7tY$($mjLWC`cGaN%Cl?D6y-2umUJ(O%}`zC8-|%p;-oR>gt4> ze>sOWj9FoPi8tb~xOc&|yvVL3&+XbZsCSGL3s|Z+HL5`Wr#_K zX_?8I04jSJe*aTQo*MdNrXMo$DegV`&%BGIsG@#wTSdxab$UYvyn4`__r&9U$=J_& zTA&u}f?D+p!O@=RtHH1e0rvmQW@duLNc}YC4xAHZ)Mkd;BxV5%<5?G-Xr_8>7`y6S zne$e^@*~5JZWATD=i`rnGL2B*fq2=!IhW6XNPm(sGuJ}2k-x2kvsZeAB@T$UzYhjV z+m2s39uko2+rk+kOHiGN_Y*ifQ*7V9cxXC{GmHdp`WbXCg3oPa;`m7E zTPq{2$RYqk_F z;)NV)ElTF6&xhi-z~`^*k>D=i^*Z7;iza}PiUg%)+U3$w0@L-+aQe7^3s0^0ChuNH z9^&((K~Sv%Lpi*mwqATc3OnQ?6I5{pn#3Y&XgnqX92C5a z#I}(HOkhX@6RZ?6;#hUW5aX%wZYJ0^5RVTs{Wgrl6sBOJ7BLUBZn2n%NGuC_IR+Lj zY?ILhdMLChB6h7(DhE14xE3^*i_DkQEW!|>E5sAhAp19>DgjDv6e*n{G)thBhD*ZY z06`BacqZ8-@&iOlX98LUni2)zA1;g|!lR=|hc~c8!rnoRyB#Fpy|&Wapkv4g$AEmy zOy*PRYLA#oqIx-E0!hF%=>29VEvf=Y1YmhWVJw#Apd+T#Efsl!I1@z`4%>Nhzn_YR z0)y9$=of%%p+HlBdBbS+esNvnWgq{ly4W(>Bcz11|kIl zWkZDH3rP8X5DcesC_F5D8UC1U^sqgu6M2Bx2^mkMGDncBC&iq|g~DGzezJ*J6Waz& z-SAF`5{eM0G!+4_52`g1u7!zJ8>1vO1%pF^IkQCUQ3qX!bq56`Jw_7efUYzn48Ax; z%LQ3jn>px_ar|UD8+l#?Mm&-UmmxfQOcCM^fSCdiu^9`pPdW@mLy01ycF^93H@Ts^ zi$n^;Z`q+c4c-Kfub>O#4~wH@o}Gn-2TvS!JNZ!lg%3RuEm?|Dh0GzXi^((tO2dqp zX*c}UI&4+~VpCXzFimVRd5E+iR&15{$sw!E&gVFJ@HiqFe-RTS)1e(9fro4nJN_X+ za|ihnKlF0@JZ3XnZ#2gd%4lFN;)2r}l0(Mm6aNk3`3*HELMQOs~;SRw@WaHj0Ma zG`k^)MiBua3?Es@ShAc(bt|z-x*uxrT=`YaDAgvCbU8t4_laDj%F>$8jaRwvu1L6j<)R2N+x)&yvAIZ-UP%20ln zEXenQF1H1I2rAd>)u}CRXz&RF+dj(TjvAO;36m3*f~boPlv{!E4=r`T1C7zkJVKWa zC1UwN_BbNN@FPKFyi5>6(JQPK=pyNk(I2m z@f|D%3XBt)VUhSi49LJmo_Gh^?2bcJL5-nwen(uz4q)SM0}rp)0PnHhC=E!^VIkxj zad@rPLBIfUtjia)!o*VT{y6*#d3~E1gN)>g5{MucjKD#~GQUTKvy&7$u{uCyvjH?< zVynNMQtVSdXl0x)?7aP|YsCi7OUk;4H|%dhH;|Vl=D_ z$gU8#imBC6@p2o}#ieq&@i5QGi06(PA5NTaXFp1NX#Ad#R4Xv z;N^mVI4}^#!wOLQBhjFfN`MG>N{Iw$D=d_N=cAy2*TMrzv{p2h710BOG*tq^O(aNy*r+sy zl;!YYP=0QZuGOJUao~J2xx_pN%@Rg|2)ta#ASnn2hR7DT)1!PA10pk!W~QRTYKs%u zjtE?j9tYJ_wh6~zh{GXBOt>fxjTu^aktke3F@qqXPZrkb2@aDJuOSFRXl@7r+A_^f z5L?t~hLiXe){h)c`?2$I-D zC+H2kOcafP#4twjJcSV-XYv_rl#?n{;UjXkh%FU~=xA?DPNo8N6drihxip#E?4ks% z8avhuHTeMGQ1K!Y79#=6Ct};sXgMwlR+(vZ5QvJnj~I$!EPSGjsu58@<>(&*0~ML3 zwP8h3C1M#to6jCr>J&zaH-d^niYBVSVlZ3}21Uo?S@bY8Ya>^pjR-;723|-+E(yjE za>XbTK*|y9z%|cu;3#pUK;<=a=w`qyQM@sJ)XqjMqycQ6QRmkH>8x0!RK`qp8&4}h zHcy=@8jQ#_Xbn+rVG;c}hQLMiB96AbAjg}D$*cZmCo&q zQY_F-Lv>r?Vyz443*lY(zEeZza@9@)HS9OAf!W&2z=dVdM#Lf_chMNsBUX&V2dW3L z#OO65+oFVQ3rWl_jf~E4#eEVvP(d+>HjSGf@lrSdIM&Go4hnn^KoANMOaj$wQ}CTp z3_&Y{)j4|C{_rX+^|(sLAfUgJil@aQ{h7k=)NEZ$e#THicqdo0I+~y z#&b*%jC)l^xdxdA2~W<_Yc&MGLINtzZ$@G^R-7G=T11XOFo2Y1pOej;S zGLxggnX9Hdh@iC+*Fk59Qe%z@-53u8i{^6BQnQ7w>@eO;RJPbawH7Qk}{LZ;D8x1*$7O%5gQRoktbIVOy~%EV?e0Tp~(V2;MYxn8;i;T z2^t9dNT971cA4mr5De;689@q0M9^WO@7k|)z*{f^S`*U9jV`_12}Bkl7gHN06ErL` z$s>y!)LOI#S)i&QA&6CS%n_myt$^|(;MFADpvr*?hQ%~Lbls7qphu)J{o|!8c~qlX zt3=0G_%I)SS&WzYk^kXve4rI1up@~3f&76h{eSXf{!cFjgdM#)`0Ix@k$?^?9OA_M z*UeGs#UQf8mS}`1zT9kJxuX=gQ~!E1QN01QOqgOEARUow;M>!l8C;$OGHR=`v00;!#M2M4$C*Um9kienxM*;vCCt6uN z1u(#S)UfE7)EJI#!w?l}6f6m9P>Z%BjsZ;siFhrW0Ss*f=;_B>)HZii4H^g_d=d#M12@-!mx!(1CAqwep0~A0nL1vO1B{fGU&AvcwqG7TpN+YWRN5DpjdA-k@yVc`9-^gq^R4?RD^9zn$rqW zBQ&UpVe}!Ig^9r-JGe!RMdQRYGD{~2LRQ!ZRQ*z#12V-}r<4t82`{9bPzEJZOrt{7 zOcE=gbOf~v77tt;GEd?n0>Ymp_J)NhF2%v1_|!&ikf7oUT~eu+XQNxBUK8I;q6@@M zv?3e>aukv%;3kRjVyjby@(1YzNHtM(%s>!M7mguTDsfSe(q#w#iG5WNAo86KztN#( zgn2HL1Q5k4sKFcX1SdS=Qn}scCjp-=N)9MGARq+YQ#m}kDzApa(9ty-;NIha`INHw zekqe?cMut3t!blX6OHNUM)RkA_a@pumOJ!IEVO0QbpMr%P8gbr8 zVH`+Bd&AHf3M5lzlNdRS%8vmBSGtR#R=6piDAq;wK~p0ULr{ZA4UPodPjFDVNf-qA z1h6_xo1LoyU3;lkA<)K!e!EB!S6MZnIBYTd)pipL0P;L;kSe3ZbW$3XFXPBVMxzgo z#M7Z|3P5uKKGP_|#Dg4%k!P_(7e5Vgs?36*%*+YIv})*f^2;qmCz}(J$|6!38k%!S zILJ6ys5k>TYQW(mbWzY}3~1CM;Q5e%28SO>)0q8qPdFa*X>AUtHUzQ(JU~rwP((9G zZChm=&>^6)r~#z_F}PM6O@ia29e{`-ML9k@$KeIJUy?3h#Q8NWyjCt|knN^0P?;gJ zm39Z+PQ`*`lRw0B8BxF$h4TW|$1es+Di|#2fqDR%5K|MG3K__phMW;T9@)fMb~@2* zpoGX;ryk3}i#1Ay52Z1NBQhe&NkVG{Xq{ceU<8>UaP9-~34;db^x~wDOvg!}P9gEK zP<}qB35h_l4X5_2WJE$#%?AbRxQiqXMFY|Zhc6Zcg6MzZHiHsq(s+@G*n|=T?K0WU zibQoW3oGX10!sq$nH&8vKUFW+gQ&$nYNWEW7*I7k3(7UJ=2meQ%l%PAf^ z2?dsi8TAnQYh#;~x%=un4bJ|`KSDbvU^)KMtcMdN2x| zix_gKEjWSGK!_W3D$pN}!GYr{p-+pX0wpZG8(8uKL8BlHy*Wl~fC29LTTD^Wwm#BHNd7-o$a$Q`j%kA|p3I}yK$?#G1UMm5famZ6MP4uLK5_yNlr z<6EgDu1ZBBpxyeYHLO#TxnYxmMHLx^?1(Bxb}~qKgOg3MLoY7L4J_~e5K|KkFpdBt4)L5i85}DIKPm0S#)yah+F=!+{<+*%-or4+eCkkd6xm z(L#Y-t%vvQ(9R%%@qlMXh!MtuVkknej0{kJAOq<*kwhT5d@3S8N|W0NW&xL}4M-7} z#cWrGBLLAb@w73fSgr$e=s^?MXsaCUr-O?Jtax6M5BL&HL`BpKKl|}Sol~t0iger% ziHXKqu{@8;AyhzUp*QH+e49MXl%lNxGn$M>IY90k~13mgr=<;B_@Ezo9t36d;yF;RU^S#uyT|$CdbmK zF1OojfWCb+K`hW&QGALe95cv$Mu4A6ENZ1+X$=Mg4sKAdlF>nG0?_?R6NnOec*KZ0 z5>b&T3uv-3nU5nn^X3(-=g#;8$5;(i`O%vOP=MtglR7bmC>^2s2WiR^=Z8I>Xi z(4dK9*IVRJ6UBi9AaeRPhQvgs6Byu``fH2|LTBJM_1qv3cp$i1eAV=f}e z3iRM8i~!lctyT#E$>6e8QVpLJvyyNaoEfx}&>m>WN5{Z}1CpbN&5zdl=on3aCo_97 z<}efEL;>#6Z$$aSQM5?nS2N==&>RNwX8{2Zu8kI>M=5*+o!3K<({)-8OKr6Ybb7zr zM{p?}K_1Z8!og+G_D-?62vj{$4&Vatxiut5mq>gB-R1 z-^u@%Siu9dO@aS?tRUCoi8cy{AQ{3y4++GF=;a8!9f=k2Nahn_1;~7&#V#|JBX@8N zYP5jOGmt?6QOFIsFmZq(QT$x14bM>HDS9`W0DZKO8Nia5B88s}WF-iI5?L@T4VnRd zJcMQ#je#N8aQwKC2xz3iN28)W0<~C)Vn^6=t(uHO;B)~3S0ePp z5L5$xLQRxLVRBo&nH@57d|{cK zK!)}#=;$UA?4Ywngz-dSZ$zvQgQ$&P%-5?3T6&BP=m!i|M-T_#b4XBool&!y7ey&; zjtBH!E0Wn-B{JzHNR{|@K+F&sm0(dixW>9D&Jem%t5#zm$@24o~0&rr-&+65jNRf>T*6@%=nMz4Z~Cx-iD?O+Y?eakjsK0h|qhF+(bH2fTyhD5k&#ygbll#HY(Q~zf{4F&jf-BDrX2H-`j(#v(UsSeSo+5*$LzMTd%| ziUg{v7zS|cFfDu!I?M|JHrnF|Q`tI1Z4rLe!%zpIF%Y_i)o3p;_qnW6xak3pH3l4V zQe7CWk%`d0nAH_RoCR8l=!?2+Y&v)|W*{|Dd7;}%K(KkKdL;@#6$-2`W(T<)j?-pC zmbDFoIGPA=0F}=+@S-j>D4?r3LJZzPu*!L)fS2#&N#Ro`Q5pbuAG$&q6tza)+fmqHq11y{sIY2}ha-p@z*gyLG8EnbXYFFCVN4ZOuBHImfE3^5Cczgrk|Dof^rZyD`CvMds?BtR7H(`m3kGZC}XL9kaS4H>AM z7_>$@lo~0Q2o9yjZ=`aAA(@31)VTE_9hD)CBKt@bEsyYHL_iO+k#Zqb&$Iz`BXU_v zs!@cp@LhtKhGJ(pRoWmOPnP-I*Z|oc(FMIyfq*Epat&ld7~%7x#t2a60wHII&H`uz zgU!!!sDx}t>Y`#GIV@&E{V+lc7~Dd%(9R=jY{2RmkO3wxj68g1g$u>OAjT{P^?E$u zW;j~7MBsc6S_MwP0rJgk7T<{0kOTp+qETl+L;%Wguig^(7`-N<%WIc-0Z<$85`eDI z#PTwgHauHFLNLQr7X-P;$U1}3;&aF;0TkT;8qPY3Oay5!_yqVeT||yp3xzP7p2`Qr ztD6*Kv5>HtXBUa1@IOibN`(}@-EN8l84yLOWI4|`@>osB95(=E8GDT3#fd|X2i6U z>>w6GfEExBD*zS%6VPQP>pr>K!0M59iE6tl$5( zW)1JVqGp>DiqVWt6657Mb$Zp|&?)lhxKHasW8`U_W)$rncl`MAkB{TuJ}CC5HK#Ke z`^62M6b9pbodz8`)crnw_mJ1`C!rmUG&DV z(r0fM_8c|o=VY8@bo*J#DZ%>n8Hw=n=9YSUN4UO`RyXh0bXL91lWRLv)1IgO-h6e| zg)MbXSJj)qD{i9h(;;D=dddy#{n5`0XSEx!X)b(`*|c%G7tMBK&#H^PL>{aHHzhCm_{4sT>c>0Pq{*?j;>H_a(E#~_d9UTN8 zXRlfjyEwC6y`u6>$L0-$kAEmfKTj)~b2ZA`HaS06vW+(t?@wruH-Gq)ws`}3HMMSq zcbS;WlsB31;;4Dto9;c~EH2LcfY}Zoze|H7O-vqIoVX0eWG)-pNTN267{;l-QPu~m`u0lmt)_sqPy68YEzNBWj^WS&LdbY++HjGD?0y<2_m z&ADx4Zy+bvvKLLRpp-uTQTwZF+a&(h6+i#VsGS$_jO$BV?(~i9aec_w^VqFd|L%9= z;+(y82khN{{pm+bZ}y5u`*3Zl7wk=DU+9oPuR9U0I!koOG30b?&xv(@kCZ0a}e|1%szkO8EfxeE={Z{6VcE3kOFDAVjqOGS1ysa^HTit`T z?$g-g-H10fFk9tv$^xNtEB2vCu^ZCDjE6f!)-+64a|wC=yhr{4p{?!OZ?IflI=!~{$}g;f)uulmU2XEMFeK@b@$okKtEV!hhF?n zn?q=5m|hy$wD;Ej^pOpE9G&x3b3p(7?(ByLqC;o=7((CQRB@y&f6)=kH)(b0h-t@F zDet@Gb=q)jn%s7WadX-870*x9T$;^Z`^UfqrO)OJtRFu!1l9Pp{q7V)vE5o|X`P9; zmtS>I?-V~f)nxkEZ%fJwV^ep3x-*mfoEIfc+kdRGxF#}YWa7N3+phE({^_9fVsI5E zdDM=sT|%y98~XQna$-iU?9I==O4l#g>G@TZe5XU%$+B~Tt(*;#{ts$P^Q-REL{LXU zBd$G*bmT1Eag)>Sakx)eR@PKMvSvF^gT;1XQNP*f8|~Q_6fZoTQGeDMGiJ=@(MLAr zL(vm%$@H{N1)I4ilis22m?b;-(;pPjP!A>!7}}uc%S_AL-dh%*irS7G_Dr37v8AuW zqfn(kxL4BjSJIEun?sGZEtkI-`?6%g%$!G4c5vo^c=-}3KC)xuT7TGZ=5 zZ}htgi+Ant`iB*Bx9p$aeNVR;1By4UnfmiQ@5SA`vFi84#KZ&UnZ;WZt9NS!+4oD+ za+f4mb#UCHt=RNg{U){d72k)Kg$JxHZ*+gOP>1bQ5zQ<+IZ@MV+{lSj7tO5lzIooG z{a{VQ1?#bz2aDHf|J+zGJX%${>8|h92}N1(!-Wm9c^AX3)5nh9DSKBb_&aM{*L4jS z>hl*4NiQNrn%3=c_UHybe(=rfq2bbPyn=Ej@ppqJ?Os0nmb^06+<4sZiPuC#C4Wuh z4T4d7>xO=nwA7wizGX%4h2+TJMQysT*~Gkaf2ZT#z#Ee;>hJ8&k2voxF)->%^3{l~ zxPOiFWSAuX!Glh;nJv#(l@^s>?3s~&`Erx&>}+mhVuR{QH9z_}2er?CZmW27p$+O; zheJaOw`f!onjgp+J?F0N&qrq$_YQp9Gf*9W(<6IB>U7E2!HL7LZ?7f1-TwQ)eCoQf zQ=R=AtZh&kdi)S&U7A$9+q~y@ zv)-%gcvFqZiG&iX+U1F!UC2yaPs%ZMPf92;HfyBFiwqt=Ib+Qs%A+nF2PpHJ9(Z%( z>e2LIO~Zw<{Y{tBvqC)uh}nKwENG+jV~_V_Q$d6#$`#Eo-Kp ze`e4`4t)PRQ`$Xnq51i_{aY;~_8<0r+wINmrg(;&TPj0to3%aMw$*aZM&Gv4Gnyxs zeYltWd8F^+%I>=wv@4pIqj@p<} zv3ljf-@`F)uU(&;)Z|2bez|_1^r3L)fz%w=#KEL+cN^BcAk0rl-+QFGGiPZ(%k%Z0 z{+#>zZBM;(VYvCdi6gd`A3d%da>1U_^WprmKi`dwl{cxm(nOw{vSH!Z^TM_w(LsqYfQe&A&HJk$U-T+Jn)D7oW*c)Tx_% zny7eC_^oT(7o<@6^(UdW_0#T~7v);-jnr1>wN9T*S<$8L*9umvo0gyQe(5{7YsT&B z`}Ea-jcZ5l=-({kfoBeJ@3=qD=Wvcpd_O#C&y$V`dF}q-{^cChqq53F^Oam{GQ;!b zwd`B^vrWA8r?*7~DXIix>7Rx^+nFYrf&&)ZKS8=V#uOA5}aQcIWt*}CqK&b zi&Kex*RB}M;67{_xOgl!sn;ciYfi$7IRz)~mzZj-kDkDq+MRyHpq&%_+Y$47)9(Ro-RHU(B-Z zAMV|2O}#~$A=$z_ef_$ixcK#G@Y7m@Q}VhCYGA_7IJ?91hdJ{Su`gd=U6DSgw=%Ej za^`f*8$W%xQu)YJ#qSTOQ9gN2MasBx zPo+IMxWj&O?0jkSBG%z-RbkQNN3t#X#1ZEo?$_5XoZ5U-V%qBo;9v}1lb_pr%!szr z2K+f3e8sM!>_4O}+Rqx2zVz*chx>FV-bwGdH$VJ!uJ!PuoYWb+Lxvg2Us$s9%R7#{ zU61)?>YYC4wvUa!{Iuz$H}~L~9M|a+WqT(+8ve5steyVjlGsYTzfR4Cs}C|~J}6lK zWoTbxe_#3dE~ecSMfJFsBU;Wpyk~k^{-Es9HAhK(e7B9>FKcHncwJG^NAzXm(oX9> zp>mea)}QY8YeVK|`TQN{*XBGwz(2J5-RsZSn{~CR7VQr!)B94yg0!-Gxu4G*pLTQ1 zfmc_~hPzI0c->iY>)E4zXJDi4`YyGVdtKUQ_9L!+L=pNlaYzrvyOsScJxq+B=RUh0 z9`(0L&+T@m=H`RWuEH*}+x9olnty#N??C3w7I&*nY2uwh@}70YbFa^R)2HlRhk2!s zdO!Z2Tavmcl$%Ie^6UGnv>ja=9UE!w)HU=gYt`#^33;5<_y@||lop$sq<5uu{G%Zf zSvX*w{$m05Ha*udZ@wwFUFMG-&knS-VT>;mmM>WPGn(<4w&uZ~{!_nu+-bMy(C4Qc z@I4$S*3CX#``4qzuU0j$&8$hk(?|UH{-X5rqSB{Ras!d!6TK>1zg>?vCdL=8n>wmp ze_av2q>Msra#^c0eNfV?Gqg?-Wq=QJgZlF)#HB6S9iJeOT6dn z)Si#+i`@D?XREGP?0E6&eNWve&-4Yg6K-s_lweMH@toVQoL76FA|7HAp2qekQ$7`{ zQu=fyh9Z=j;>F{OmTPN{vJCm@~4FOo7cak;l{fSsTXeQg^yk4GgnGZ z9G`!zR$kRpHKu-Wtfb$%j_F;f?WzfX4Q4loIHdIhB&0cX=Ju&^9blPuy)&}Nm{R?v zU$;jU9cOKP|5ns9w!bgM^J>N8n^PJ03NBd$%~0=4mM>oTOR@RVm9xb&XO_y>%vMFI3F6p#86ZgK_l6i60 z+=cqEwVIg1RXB^PQac%q-FLO>vUE>s`>v1N>}m9jB<9Pl9K(nP*OR}V4;TxU_RL7) zY##nwRk35N*LrR6(J#zPjn?hS9(6Cj{e+DL4`WNJrV{^3`q$;B*Om0j1{Z6AWBRs? zlY?5PRWBGwqU~FEuKkvuKOZy|L>x>|8?Apt5aZ|%BbMtdgZ>832 zlR%$Bl8=6#+VcFe>~DJ^`m4ngzqZ+h$?%s}b}m|NdslHYl-`J##q2kic|x#t6At#E z%YU8g4MC-E7sRJyGLt8M91A-)190y}rq^_p|E7r7(jc>Q&Sa3A`9J?CJoRsXC3* zuPS=M@1NQ-IlroOXVTlwdtgQyuIbW*-yTJVDH9CchUqOCodPrZkzr1xk4IkcY>BM@ z>~yW+Mi;?|H4*vJKyxL`;WWYg21!j=Jkam z)+_S2fJ8=qDTJ86QZp};8}5dia(X+nUb_Uo5XM=`+r?+Mzd0Aa8DFevcxwf`_#xF^ zfTabW9&HHg^LeCwb^ZK>MP$j1HVMIP`3rjyCIPWbIS1MU!l)j}fbrg-ZT z620z0@#t|Wo{qNVoH_N(S#X}39iwXddzzP>%zuWdoxY?oy)IU~v0@$`7U4Ad)%Gxu z3I@8CGP!zv9wb{Vqc3zyXwHJeoV`4q-UlwL0v2y)M@gRy)&vcB$_0x!DE z`eWv-dgjf@A^*^BAJ}x|QFzxpsqVR|uL*g@sr4~=1O6l-51nx6A8nD{BNfIf7N)(| z)Q1=N)|{5Nv{T9oHk5z9?l4|jBKVl6|1kO4!!AEwCf+t(X?tfAv!=pRl-EahhQ5E! z?{5cNZ@v1{A!v|i=(nreV3-Uhk{()|bVGiI(5bq%ZI2n?es78|RkD{1PMmSrH92|5 z)Md77i}0y~wV~0wpWR@u9(?rl))gBM31;tU^Kzj4Sho+F5c6bsU5g~)z0u0+WoN)Q zfAQ({!cL+dx))m|4^Qbj^jtDxJms$KPMfUwu=3y2B2MbF&HWbPBYER*FzyuZTnZ6( z@rCbq-n}3+nUuYtx^2gX{R=eqnpQPmo49!9vwKGDSd30<`8q`HKVW3R^8TkDS18^V z9yBMaEB(}8;jw>TEIJl!`D@Luxs3jv-l1d7hh5ejzfFFzU*GjhhvZ$p3|XVXE!>ma zcglBcdK`dBTP|za9#(Q+$e$jCNAcfF8=}=Qtw~-UbO;-$DxOe=imk)1TFN<_- ze5(7!#Ro_0rp;Egxin~$X!wy>i(fmg>8gKKe;#sd;o4c}I7?nuf6iKo+1UR{y=mfX zW_J=Hd&c334L51GbUd|o=JtyxGukyh{-NKC+=>ROM>|>t@>i63^V*0XOiKT~;A;PA zl6`W`Uo$5v$Mt^?EF_bJMCXUqAJP-^CJfu0cgWSgdR+8n((SDUJC~;aYMDOjWJaTD zX%EhRnrK;!i_NhXgMH@2x3+^th4LZ`bU0;uk8$Z|BL|F^%SsA~%{!y&3>`XD(rZlj zbXmV(@lVZ>Q2F4@yN; zsFv>L)FsA&Uhf_It3m1pm4+R?Shdt>)sGGxV+$x{H?Ch=pIc|J_7H3AZeew8$(jql zlAlii9{~b+%th8d>)0gXuoiyWtuMyaO^V^h4Uf&bo$+9F z!L9Whuhc@qr2PHa2~Uou_fQqA9sNDyyxP*4O#S8C~Q$GSh$JUhT+- zhwSJxBPY_QRUWn)MzzlPS>9+t$>XUImX*)vJ^FCymaS|+!*PnvCGuUZyA(b=eML7* z`gX|Nw|z3orKCfiPRbvGHxIk@zn(w-p1qHCJFzk=t;qp}e2=2l*crzRt4jYGaIs|E z$@X3A{Ve-_w$abRGfkB(r#+mp-*l^+SUBVQm}|wm&Qw*JrbNGgZ9?tw?Ch#(6U6(B ziKO_ASKk+Yx?8XQ#5bppXS8|^sGDblqQgSP1p}FaH@lnsHv^=}{eQ^-dH$OL^8J$m zn!2b_RT<_L+F=-Vqfy^s1ls)VS>K1v%Wjgs<_9tFnh0zl8*JRsmM;}ks%Ln{k00N> z`>^&!r!p)X1AhP1-Me?UJ+oz6Y3|DdvyfEsetb!uSK^+Y zJ+%1GTifdoZe}q)cRzYsS1_zK>>G!sk z*m&bh{?XzepI(f}u9m(YA-FKFOVx&V1?QX-J0J9RpR;`TynO{d+nku#PWAV%aJRFC zs=cT^V`+y2>Tu~r)U(`4Cfvb8tZzxn)#!x~d_uB=CJ!=hgX5a7;UZA1vOJ-obc%-HN^6S-GA+ z`40#?pI+(GBK7f<;g|b5S8pkZj^D~(*Rfqq_)XWuW1A!+77Xt9_4j9YyT!Xlx2bM< znDr~XF7f|0Rn?{7$;3HtcOMaQe~s;4a`n}V0_@vM+is;d$qRHCdZj|1vqIF>v{kU-O;w|Cj`aq3oln(Z1qSxdi}V$_q&f?z6AEXvhT%>zIw*B3si1ky;*zo zk&yc5ZO6P$(^$sB*_m(GT-eTyT&&x7(O?sIM)9PjX78cZnWsPe_*MC>+1bd=Wvzd% zA~l(?_V_PZz2uaUrw<+MzX%c)m2H-`ID6FA;z-J~{BS2hP0DZ2*oL%w%adqHxKjH< z<;k_a@8=|t6G~p1vZ_}#WPA8cA79?FsOp&LBzNV6vOX%st`Dh$y!hYq27N1B-f*)b zrT@IcuKADz`_iHj{s3OQ?e9U`mv%cgpm>tExJz39w*7?HI=npfk$8TMDrKMk@gGm} zf<4+P-E->{y~=%d)Zcr7yJ!~Vue=a4(e4>DD>EN+cK#6luk2T3y7t?x?4m`DFU~Ky z)zXGF>gTq`XI_zoCcVjC+WFxD!nEP9=dZTEUh^DMQ*|4TwQs%mKeA!5bvFfT>s@&t z5WL|nTH8y~$0#e`cPgXn9EU}SO22cgeq4(xz1c7C#`}in^4yGTt@38H^3b-d%b0J@ zx>dOO#BJ=PnlG`u<&E(5yQ;EUCX)^*UJl`pN{(dvz=fK;r#k^!RBx2OQ-jNbXP0JWM+p4sVh=Y z1DNiUPftp+Bv%KN33_~Bb}y;+*3%|Lm%N_xeC434l$gTocWVS>Nb!1Ueut-aO{xI zyPa@!!;rL5$Br#{`#ZU#GrqTIX7}WdU-Yuf&$7O~{+Q6>>00MFQlmS$zjNy>8(uD7 z<+{DA(e@T4b4NIq?;qJQEA_zBev~r})a0j2lV2H4o4%WFEKaQlLHEUlkQl$y#BSU~ zKJ37%p1kMOJ-?}GQLy;H!>j8$@dx>Dow?DwX?j(*tnR|nC-WAWhpor`H?2nKY+wAM z=6rFZbQxp*AGQcO6-Z@0NlH#|1*P@v#lxl=@@a}Lh02riJkM_ zUto^SxEOIO`Iic!Z32a5-vFGyJ1$~}&;z1z`6y(nh}ly!epku~f4sOs9I8yEkCM{h)iaa6q#%wABS z8#z{DTYt0$HzQ&_GwExkaHvzWzc#s3p``sX&-tmB$A8;^(==^JQxxQ89$x%n&G5Uy zc9?UX-aVPh8I$H``c0FvYf$2C<0R;3NA6*JjZkcG`m*cW(glq-&M43KR`1h zxpD++!X_nexAjGh;*#O@&wulDvweB1^Q*RhuLV>L@xqX&*UBX$FBOd48Pp73NgDL{ zd#AnC#0iHUjLA4H>a$bpQEh2|wrX+K$9t8z;mW(P&P7ead(<1#F>Sl2pQ`-n*>81D zT3B5CPB3F&VTNIE0%YeRbqd- z^2M~DXN~=PIc62VO8k_tgAo@T|9b8bZNdw;WxB0!>d`Jw@|-8y zTyVgOR)^0%k?hE7@saT8bVuHeC#E$}-8ud+iMmX)qH=!Bvcxk!PyhA`qwJ}_aVc&5 zLD%$N>ju?Aw)*c@g_-9i+qHtPe$82H#ecB?Rd1%xH=as#Sk4o<4esS6jGy>%=!w+E zuLtq6hdcXAuT4Agv1HxYKHYN9P3YFrrD>KsSuv(}|DN%eTQ66?uM?}7`*+sX`xV{W zr7zva^sO6^)4!l<_R~WB+Pz6-g8SW$E$({C*=*Ehb?U`VYdT$LJinFPx#%D*r@~Vh z={0P5L8~=W`bu`pZ&7pq{e>yn8IKFbjLmSEztg99ZhwYiqjTV#?8G%C^yh_t)Hc8T z2fgk|$e(0IE}KRxkZms`lH0Bx>%g={WBaWDCZgdbLKG-;>fp)8LYua(v#R?$guHH<*>vdPzt9xRJ5HH!XJ# zS^ahIzWF<|(l<1}urhnpug7rAblmZCsrSWO5;kn@?ZUH(Hn4kdzTfeF`MPl5hTNCK%8LRW zM>tmKMonC@^)h~S>0W35ITQ12Q&8WtcisBNBen>hyxFdGsNz)cB`W3lHs)M%>9~`Z zL^NwvkI=7OpGRd^uiNo){h;?b&t=ckYC9q@j{m?ah>Kzn{y7d75Jyb<{iWa9+;W*~ z!>Ea`#wPE4oK@B}d6KZ%k3JdOZG$#{T+wUA=sAP(a=JEF@H)&b+&Ny`oO^$2P9hfD zx!uM)r?xmw%}Kk{xx>YiO=ELJJ)iY59;S6E|T&eB+3y18&G|x62FIyz@RB;q9p5^CIz0hF!NTEnED4!^oXeQlsD9 zy?f86q0R5p@reuHbolX-eBkZng`<}KF?-{oW8d$zYkQl-%RX`C`yiqG!3O)_IU{ab zJ`KN298<4owUN63N%qJfk676LAYh;7c&Zn028}&w?7!VNsp@Uh>dG<4-$st#EQ~d+ z-kz{@`;(okg(-_|hEe%{?@0W3^w!e)$Lbykcgw6Cvwz(=?S1uz(M7h~u=kIikdUL< z05$)UwYR5r1mDlmyGP2q6Bj1TNw`SOH{{+wtY)T}Tpc zV@Xfk#H+e_&4woAeVe%KQgr*y$%l&+^@_Gf6`gOb1;ESzP20=?tuHpU)-)Qj;OyMn zC-ZajI;<$C*F7u#cg(Ywwmf3?E^{5;wPN<%dXn}xD_gD3>(}95?9PBcJHu~|?N{dN z9K#h3XpncE@D1aGbWm!K?7DF2)81jWUPe-Z{(<^e5kEt*HzM#=96MHEnVhdkM?c>_DttRYEzv^Vv-Iac^ z6c35mQ$Mc0+m2ke?bR)(<$s+k{NhYU{@>5nJp0k5@_pY^cexwpSANN;tsW`eQ7{Vu zq~LKUr;xx8I`pA$wrCQB+NTn$BSkm56;{7+B# z>}q*w^ZzCew@lt%mKB|tJGB0el+P$6s9O%anry|JjlsI3J{@b_u0&*ctT)#6~)I@yx}>8+$gm-kBw(g}Hn84PM&@8(u#eVuk$~zXr)Yx92R}5k=5E z&e)gYCod*K^w`PLs^s;C4$0#avf|_|04b<$+hhCi6u=yHx!B{*6x__(>kb4nb2a_K ze{xDX{tnyM3Mg*sOIN>sM}FLnaYcFeUAIu9Ch3lT8`gF!YI?3=9)5~R@Ro+!d$ktV zUA3ScJX&|a4SrErd5Nyl_f;4M>3B|RO3 z|74w6wP`Pse%Mo4b$ZF2$oJA6FHaO5Ef;rsl9@QJ@xYk zbp=Yd`C(`P3vhHp>mdm!Wx};KdAnZzcym4wOnkH8S;yD=%c@&6B-!POKLm&q~?;PnjXL;6NjB%fz zu!s+QJH@*v<@i)N*48f$Y~`ME)La-d4t+weu0V5WL>R$Fb^64_czMr+O0go#a&y6ZN;U$dB_%W+vc;eA7 zf-(Vm?C|icn$BcThvDmv=>R7LnL*~>$FEW0%S?cUtSi`&8N9h?p!H8zvlL6}>zJWq z*2UuwQqX~Ob)FoHc7!mBnfsy#l1y`tAGuI5Y5jmP+v_z>A2=>l@dH2sd#=8^Q2jb> z5df@uEOj5S<6QHPDc1$R;LCrO(;g~PzW*Q0y=7RHU%U28cZqb1C`bxOw+JYRbax3z zcTKvKRB1^;Ksu$FbSoj9lWv%kZg>aJ|5^K4YaQ>gkNt6fQ3SmE9^)G4^*hfwkor&& zgZO+xGWWYZ>H{*muxE6mV{|uLN6aJ~neIwF2|^WGE{A;xRi@s3PnBCw%0S^S5{mIFEV!OWbdQ{lGLE=XnG-s2_Xzv>S zrHftdLh)O&rq>0}nVhxT_X~%llYSWc^l-hi$&0PAhZ@xUmRB7;XAVmh5H@H?=y#xZ zYP;_v1JJDNGwmifP}(+tNt1Fou7n2M$F2zLhbC*!(I~6lTNYu=v$)a=1(uMI2NOE2 z2{zOPmxe43b-syrnXP$&q~I%h{$ASPaVwq4D2;FT6{E#=b@Eg#?{3dKDIh&&>z#bH zo%}bv#K_UZ{b@(Y2bZXT{Q@}q6p3X+bv-*A@E_Ori+mt$cfcs6@ z{aU$Wt^G|7;`Bt}_(tMt_)fytld$p2!+3<^bK%0sCqP1sQuWu8yW;VB?sE35rfo`3 zy){*f%Xp;WvAkAEATenXt1ry_N+s<~3pCW#%7_oio&`>vqB^d(+7IU5E$~8CUI1Y% zBgf**FDsSG?TAr9?aW`nY^{q~SzBj4iZTL-{mzgEtJTNMt+8pasZ$O_NuX)49D$^# zCk5o`TP>d#VzMGmmxA(1*SIDoCg(*TxM^TM7&<(bp+k6F?E3ulRgm>;(|UQ&gF~Ub ziz`N}8+n>JcM`2qgBU(YQH)%GL#g88tUfQ-5!w9;)g{=W@Y^N9ZkL};kRTlY>f#f8 zXXBB6+fxM`4Fg&+%SRsHv+JC6X+1 zg?k|kX@x85^G{P5bVPS|G&|>l$?Jo>t&XTlvsJ0@#S;!G7Cw|Uee}rXxi2@OHSMOu z1*(r;Y+Ln+TNe(0t@Zr#Ya@9_oPDNFqxrY`$kXJ^`kfy$xMx5{#=8r>D+~Y<8ZUsl z8i$S6o&#|0iF%l59VUuZ5j2<*+QY7oiK2~8p(=BE95_ER=!5N1eO3y8kN@Fbv;(*H;DdCjfIA^Tcd|1`mcqU*FL5x5)~x!AZ5b?fdr4rI#PK zZldXt-SSi&)vdMdr^I<$Pm>Ke=nCVjtA)a!u#qoW_dXQ$bfw26fXfvS=Prr)v8v|2 z4JB~5<90iID~P`px%f~{x!BR^_laJ>2RAm;!>MOhMavvH{lD_zXw~-Cp-EguS+GTM ztI0yK30v(@pz*bvjhV-D9+1mz2w1XC*y~4^!JzHgvb1%0RG$FD@~j8f>y*T0edy&< zkW9JlxT(1Rt|MXm&5os8TYM_#($#d8<>ud9+@PSK&!S$3M*UAS9MqtN=JweEek9KY z&htY3iYyh|LNsP8fXwo!NqNh;SF4x=l>>QW)z83bP5t@RmsGc3mRI4d>Z32kDnBY) z#3PAIPwe&rHi_gsLky%#20pI6oTw43_YiqnHjQ5x!zKwjF%@*-$D&l|YNAHP@Xh2cB>j9VR8PZ=Xd_EY@!7Op2waWy;)=5T*;ZBYx zMq#F;g)B=~of#!lf-w5gT1+-KN&u2bRIq4Q;&r>)j1m;RgfgKPqnQ^3%TLhVAl#b+f6DFg+J|t8EJrdt$yk5KHeIf0z`Dde-x>MndV0 z)0$0_*;G5`s~Vc_U^znL(PrBBR~QVIG5S_x4V<$oW7E>T?tj|`aqzcaywX#!`EBq# zmHbC>atoDKnUU0$y&bp7vH6cT>1566jU63!#2>EJ)PxptdI%FXW~+CCp7~|$G8_GJ zOvk9=-IsPnh5=5$^BbQ{x#QBy-MRXQ-@ku<9rrZ4wbsdqiny7@7=e>a4T%MMD7r$T z#qd){nz;r7Ew&!6*&yPC!h8DFRx7Jy3v_X!gmS`L9eTJ$>wV;OE(jJXu<4pb+I?=s z!%po6P@IgVl}XN@_KN&l!yx{&?9V`r6rDfV9r3NnQqJjTz33xt%%GWvK1iwD z=scL8MX;_`{B@T?%v{i3> z*!r6XhF+{rJvZAhHO#@sD|h4xujo{fVOsANULKnFRlpbNrU*Ab4fHrHuJ2KM9`Tb{ z$R~A-<||P^ZSM3i#TsYi0^tM9_KY%zBvT$%T)S6ii${vhTPRTQ0N`0#S~mIJ=q}EV zaZ#jXvKUL=-}N~E%c(&QikrLk&qJ+-`k_xhT2D9AcNl<{GnlNg=wU6Ef~l1UNQR-J zZDWsoA9x<)@c%jM8BB;=Y+NIPXGyt-zWVf#S6{^_Vr7tCs5QeB#iy{e>>ujOnZ6nk zYl~mRDJBExo{C4t7YAY*7yY~!3r5sh!If(>R5soZwEPtk(5 z^vDM*Ytv#{oNiwP=bAQ3dx)@wozvOJIRb+~9r&DKUOk`cJrN?>fekr8v8&8hilKBj zGF~4sA5*QAkU_D(fyyvI9T^s0Tf9<-RoIs;jjI6IdW!@7;!F|RYKE_5hNr-1Fl(>A zl)6|2sJrAE4hkLTb(NWSP~V&W#%aLYN_G&;pXV(dx6RvTIvF(u?!AgQa$aQ%AXqzW zb59o8uKr~rabu3DcY0+c;>(BvVQX3*SxX=@C9qbL2--+BzP{J7OuW4BIQ8sFE|hOr z8K{XhZX>m>sjDq=86B!6F4jX`l>4$D!Ig77XUdnC%?uf?8Wk7yP}cw?w!$2{C^Q&8 zlqTdLJeVPYpZUper2XuSUP3w7T?p;BHddtnjx2?p&ai3NhtR#%<2KxDm&2Ia8tWLJ zq>M#wv9P0))^GSyuMhmW)MGiDvs(qGHAyxyg?&&GX}=v@(c?J{ zbXj5Fa9DfpNgPca3Pwn#m=Bpnf4qtamz`mybmYFnlK zDVaYTxSxuD&6oc}x4Ff6GbNj21^St$Y`F7iET?oEo}-qpE_6?(gkSO#qbTSi-bC9! z?ZuIHrylo(k^+64;OX|d(kXo*Mx0nMJBhkQ&F)gKqY}5z@pdaee*ffW{*x(!SB~!l zFsfO=%NCKY*UR`)^UU(;aZx_#dMZrP&M&eYe)s;O#@@xI zzLf5wek3cPSbcWU8=%pINGO$=EtCOZV+r))g{Tk@M8fx!B(B@@V4AzlBQGjNrBePu zwT(se7wKD{l-6cU50#uYm|*1*+WuT4tw~!hDX zeuP6kV|IZkFvN7XC;l>W-4-Ke6+Jpa_H)Wp>28?rt9;J=%}S}7ZW{)(teKpOqV~opx z-KY7jSMfx2=KEULXwU9h>{ge^_PUIKN5S8`ja26C)Ee}(iX*0$&dr@9$EZCM{Mvvl zqro+;8KTxWk2@`{M}J@G6+mpVRBe|;q%WgbG;*=rOJO}(O;#5ucpmf-lnYfVMPcX} zVuXRC%9!T;pRrx?&}FATD3e0%_Ut~h$=OFa(S}DRab?+&E4Wr|5nSyPJg{X(fwjCd zhqT{2+wecFL#=Lsn37H$$C`LuRN%lD@Hxa z#o*4_dwMFrZc4Lfv*`2e9kP6(65+nl9&x7Jctw6sk*dfCSTxG-ZH&Q)VH=CId0mF89i<6 zX9q+cy5G?${@)+B4wHB@hKRO~tERKs?G5e|dOEt8&l^f#czrni)DI8G6@DnDl3_n& zirP|-yQ}9U(`S7Z!8ZFz9jbWC6OT>x@t-4mfdwU`6-Eovlm1Y>qUOp0EE}))pW_~; zzkfabRXa)r*{-DsD4EGZ`Tt0xPd(mHOoq5(!zxnh|I71p!*Z{r-n_bi zv2>e?d`C~dI)hunYe`6s|G$Z#z)xR}XD@wj9PoS}~FYy?tERx@Awu-Q2 zD$_L)PNT{k2VVzizR<8NFUqRZrt*D2>M8U?nte;1dS|No z+K&^bv-qEj#BIYa*ZCb~9R)Tym<9k&m`X9k!f$}Od0+F_$WGYKKUCa`@*ZqQ_W;MF zYx+3CBvO-hxUkkGL}2R15Z)jWX=o|hwt#^f3tJrAlEK#_8|ny7)w;Ml{$TBm?lg!J zdT>30sxRRYVH9^$l(*$HhPhS?EI5w1cqqW73V43yrf!{iiUA1o;&g}4b^q2PZ7OiS zU;}W3urRYoM9U2t&R^DcY;u#`)NBVCI=vSQL5F+t(;^@f5JlDDfAou;{O_dhldC^&c^6HF&DkO#^T8UM z1V9A0&UE+w%;IlLp~D+P!}E5GE$Ku;Up=pGX`EQD1SKc=m^TuJ@-3j~vln(t`>2d1ePZV@1r2p4R3+LEOy# z?fcZAEU9)r;mWR9OEgw3;f83QfnfsklI&D|tkv)WncXhtA#VI8zAo_CQ7R9NmrDvv z9@M!mV?i)Zmmkd@Q+|A!?#%;H(ymWuTN>NshPtK9-3vN016thx1|;EBLk5~@0DQee z5Ng9l_Kq$Zh$x3e@z~1+C^xr?ETBLM0JV8=;YOlZx^j)T9pr{M1~^_<5Q%P}WrVML zx)~1Kum{@eI`e}5WcCK4k*p`*vU+~@z0TlCm>I%`vW*pnPc&b#S)>A0{my52OcKxD zfE-`MwPOb8Zp$rbuomC0-w#mh{Db=JJH$LQfPmK17A*zPPjoC|7gBbVd+*z0|3?t8 zFqNums<5+Wfcjkoefu+;wG!~wTju{w1GG6Nd2QyZ~Z3($M$6}&2V4o1!GBz8s?=I= zVN&J7Ly0+hsf_~P#^-jkD*8f{#l>JX?1S6P(O;E_cKn1@!))paOh7C!YwBL9jePyz zlv)AtNYNe!kME|Ng2t~xR41jlUy01xALTZjYOMv z>7E$x@DK#EbDW3$t_*(+BPz+@LkElE70;Yh|JtP$9ixW9S&{n1fh0%vv= zzivj>YVXjf7@?7wAn2HlsS znKuLm@tR?n0;P`>FQWv(!=|OULEF%&fdH&u>pzTDccxrT`p>7&6~o?IEsWEFUX;sP zVwS~3#%OOMvxM|w=wfg(Nwu0z{T`5O^XzcLq=Q*08qFWeYZMT87q@iUuv1OD%GLVI zw@wex^XX|H2%*8Aspd*W?h}+384`=lJ-v5C4>Q&QjPA3bb)}UA=nj|<37p6!*a!VJ z2bCSSuu@5A; zF}O$r3bpC<7v?j^b*z~!{O zHrhi&u90T*%a**&{iUwHs5{pG#g(}v806;W1@$>0?)i>LmBWOwaf-hDyZTJK=#6h< zxh4(}X*7SO|MV;EgODN&Zea}%p!A%Xq7mMj=?I6Tnq9fffBRPX85_QA@^wd+J#stB z-(hyU#FKBS0iL=!|52c#1MD5g1VM1`CI3X_0X!EA2!<)Ia5{MZ%EGR zHbr9hh{t#=hCYRSx?S}z@=n~ki@TaWH1q2+73vC7EHoTdlwAB$^g45`1w9Se2-|Bu zjIcP}H=t%;P5enGILuNjQZ5qzS(yT4-(Q&kQV~cm{57^ID}_9Pc8vy8uNczF!m8oI z?d-m|O@@kT3yG&IDWL!hKvY)Bf^E)sz)g{b{ykC*1wZ+{SuWG9RnQ;207jXm7%7rgr`6J;W_=w1e+m10<5c%+=DnCBM;ZVOUZNE=r zA0Q6AH17fCh65R*6VtZK;Gz}joJ7CqE076u;M&-if8OGKNfB0EFysPM5xx`$upDNz zU_0P@SbySvww}rj?f~^qzlS%1v17fauMQ@yW_0cRkH;jJnzf?NKsUqh>-RcC#vZAE z89skP5C2W7QEB`pE;a%DjNR15h>R-=tU+1j^4tzR>H*YxBNB)=E+?m;nTw$3!=k++ z>;c%Q)B2))lwL#1$vI#@_YGQtUgi!sp9njz>5U(iuo|16KP5z@50FpAy^W^ZII~eF zjZ~VK?K!+yYBrGoErdvuM5O4#HZhxoCG_;%qT7Lu&su48NBMxjg~P%a&1z`sye|b4 zFQer0Y=uUAS39jFm>uk0GaO`^?%K|VLbH=%=mQ%K^m0oASc@k7*V=zx6zOD2#y-$L z`60VtQ@D5q7aI`Z9jD^oC=~luqOe|Z=N)jCX0`GGz8jSBtG|+VB~zB;U~^EhltM1d zq3|X1<&l!$+vL)CZRAd1GYzy?C&A_H!&M?RxD++2P@Sq_C&J`MlL>UtEid34TIJ5q zEGmLr5!7f6O7J7*OJPLO>(mb+NhKE#|*HcZqBct;_5sj0ILrwsX@ zP*m>20d9(3F3uji*bei)kUh`q-vnsa^I=Om)gSWs|DwAhXfANLKSmkVgtE=pY@C}O zW!GbgdWY^YJR*cUt?5+Ee#%2A;_m5}P@9=c5=ChJY{%t-!|K`{#cJe4YMO@I2XjRD zO+KAz{}ytj>nNsj=9~8`CNvcD=})j=3vXl5E@VGjtJ)%R5R)U-(xrIwoO*ua@p|b; zQphO2T)6XvvB+;)x0#tm;8slr9`z@d`^&u(C$=J#l;t>2*ls$YCY9Tt#j9x-Z%>Mz z4+|hsR$265rLLbh`tdG&XKJYHO%faa8&q^#@HZD#Bd1T`9U0lT*z9F_TuNZmFpea; z=xFh~3F5mI7j>xg(HHikPzyg^qX0_dMrbTlk6_7n)23!x$a1g;O8G+ zj?Nz+YJ`VspCaa4rdxhG%%h)_*d>r2bo0;ieRFt=P!xw0ih59P#{i$Lv)|la@l^Y( zTZr2cjOckV`5nPGvX5L#OB4&=pK)dH@h)iD`TsCk?H909dM%(ELH!)~!*0D37nk1v z|B@%MVQdEuWJkr8lC==!03QZlXqGNimtYGR`L*dTg6(?{*)m+7% zNQ}v$qm|O$45pwXoh^yGT-De$AcdMiPE~wcrp`e{Xt#q)VXp+#=-oI!TB~8x9{1qeQhvh_ zUjd|O-%OD~Q3;hrGa|BZ&~3(5opUDVypQ!|4MCxPoOrbv#(bUf+}P%NXltfv6enk; zQq4Kr$Czbx9N#+AhfZoUxzS&%Ho9HhQTHU( zQ}5-Wk6I3^D2FUli+7hUetZuI5Ky(tAWdYbq#8ka=PjQ-wUH{i-x37hh}}ODhaJa< z>jR_NPU4FAO66V~Q<(SN>BR(^5V+ zNNBL5(?~qZdJl&b_VFXp1io6~Or65_b+-7wNAa z()eB?2y~8CBN6YVD*c9sdgWgl%|ys%O4R$LJ`y}!<_~%~^DC%np-^#tqar%V-OTIY znA@j<)WPdVDrN)scX^&YVvyWGcm0JSu+j#_!dqC3u!GWpa#%T34eN%P=P$5keUz(Py#TdGz_2|B4M67J;yLsi6(5vMt zmg$R9>FsTL>R!K5(qM#R0W!^u>gXsxwn>4Y5hsc-1dz0Yw}2|!v~8&g@96qyLc_F)Ac0y@!;uRamC{gXcOfI(l2 zYnpqLY4e#NI)shv@wT;gGvU#t4i-jrap=};?7{8UUq4pIwJ~n?rH2&UPV?Ac| znE5(9M$I9byX^~Dq_@6>R70`0EY&Occ9{jhG-Jb_Ph-^%NVil+=Q{~LaP&hJQbW%< z7k$Qle&nL~^akinNOLXzMqU(Bg1_FS3qN8})L<{KjVi#ssK1YDy0;n9eq=GAxOdFT zX0}r>1L7;^m9wNih)AMM+Lni92RPj$X8IRjtyX03pQn-W&)%fx{6B1yP1v1)G-E<=!Cb>5^}~dS6sO>FN3ecHqQVJ!$5Eu<>}lRkGt-)~m-j$#p1)VG0kG z%HMLy-Y=@zyOGzB{zXFPt{y66=LQIi8%$m>oEsWD6s)l1iro8M-~AJ+rdNvZq9r-$ z-}Bo*Njj~iwKh@bixDvg`q;r%!(e!8ZOlWa`A;Y<%D`aFNvMJ}d;;Sh8AAY{$pjDc ze>M&N=@j$>YtFT}RR#}{H^yvNk2$lGWe8_5F+zJRC zd7UXPChmI~0^Fd7cWSxv7S9jl8D{R8@7%D4Ffon}?yFI^bV9&+w)}X7BzB*5_OETJ z8iSw>#ObN5r)M2cY3HYhIsSLI2n6E!PwgiZd-s-lRcV8cjKrnnn}5!G+DMf#fbRYW zIa56GQqLsE;cruT9krQNw}VdA!#qJaPxaM38Vtvbf31r)*z8eH41FOIr)?3|}>9A4f(nOgsOGEJfodw}7&hXb=bU9V)H zNRD=a0HZg%+Vx1x?hYNtdp#h@>cOwc-)j%$xbyU=*(L6XKyDv5$p*W!_KrYzhqKr#9P(2mi!MecIH~gQ-xk6gF!KO`gOb)@OtZ7)$L*VUbPjC-% zu<0@RIXfY1cL#@s1T9v-o{lJ<)Ia-tlzErl0x+C{+AEW9RB!wp`zXtI=OzGd0RXQzZdLk&h1NPls~~kJ=QAz6cv&xYCK@ zkaAEtW&l(w0w3A${CWxX*3JZ-EnG@_U*rMX&C|z#{&7rufeHu#v-22zeA>ANPA!uw z@3$QQEyGI$Al@URim#iZ<}b9mG?sjTGX)Ez|B!_eI>54uc06O2ZljB`A`UmvZ645_ z3eEWaH;NKCegnVrl6}|ObN;tTGk9~KiI}CMHrzTxW;p16@0mtjN|xC(5x-My{)LCn?do*wA`+^OGi-FV=?*dGh-QET=1vu?)?=)AGonl8X{ zofDr@miV0Ad!*~Umhd$HAYN)EIZ;@T(kRi-$pGt4-AkoR!qocYD;$uZ=)0pCR5<_d zG`jOZdi{$Se283dv{OK>l6waQ;Kk{qDc%w0w9z(Q>&Uu2x|^O7_B5n?8X}QxbZ8@tH>k=LVDUaRds+ zkJc+fddH1ZS{e~2Vo>AC0dQv+R**T!NCL(X`TvX|a*z%I7I6(=igoXq@(Y{fhq)_U?225)$CK;&iqm1*&D(!MpvDN>jv@rk6}LF<@P~mUKh3 z_C~^MkyZg>*dF{^tfilC^Y&W_1QeD(1teP6$6+<+0!S|_k_CRaL3=h*#0dnWh z$x>ceNZL#-?r06|niFYHLYWRZSfR>_5PqX>Bhm-P9Xn>=XT{Vg5I`FY(K9B}+9q`;`D+!T=yFU6kBl!EH8q6|meY%bI(%mA z@BrM%k3aD`7b4zUQzrN7HybSf6duK&sYxI`-1sikYU6Gh;JM>0p-#Eg z3UFoeLW*|Ee%&C&L>3+Z$=C5$s{J=%Elxa;1Ly!$DBor9fF|1uj7k&OMi}p~1)Qi(n zgTVv@=xH5T{%M@)aG%m{^1pf-lpYe$2>IiE-M?lgB47sONW324@=>QdySz~QwUPvK z6ZhmdqMk#u4@&|ZWJqs8P#J_>qu5B?w>ZRB1Wqk=;9fRsgO0h%j*#R z@qU4enYjFGIES0kKFlPOukCD#Zf|T|ZT_0j7Oy?5l@c)zNj}L*8>ACUUeYu0e?itY z?(i2+yZS@fHT2%+iE%k-mgx)O4|KRGfQ^@uv&M7b?zr2X2>gs{GKO zdhU@pQFTB6zx-cs$o#*7Mqnz61n&B2VX5(9;P{m770}@A%Phf$U`DyL%}$mnSGc3T zb>1XiYuMV`j|Q1sKpz4I0$bh--Z!dY`}fHG`50}QM5R%VpB2N5TL?SVo47kjwPH;Y z=(L!AIuis&c4-hW%Gi3A*ySRX;9a==6~p}QBOdHWY=ajGhgJ%oj?>Z?=ij}E5^pm} z26>Ie+A_mVAd!C30Zj@4;s{!4-6^40xUiN($Q^6u_PWG;F1^-efvM6Su(nc+6%usR zHrytr)nDDE2ATEhEK0OU%)jER+WVtKzFhSH67KC5Jw#+GcKTB#XK{U*9WKz~!enueRst z31o-DM={;oER7vN>f?ZhS7kU$F(dbh^i5oe*_RE91({dB9uPgOoA@yO4jZ;)k~v(Z zsY7&pH~RAl-F$uD5tstcN{uu{V!F_I+oK)Jtu+cfHd#{n23CmoBHLu_!QeSOseetqY;ytGr#IyUB%=02{v2ySv+!&rb_S zpS@b&vXb2DjeivSndH0IXX4y=o>i7l@ddA5yk?~Os7mmN%JtRbl&`8^mF1qLJ-*vH zI@X)r-ZStiJ1ISzhug#9E(QjB3pY_P%f0!H`pKI)4^97YEGRG69fDbQN-0%9uaUnI zdeDEpNhO7|dy5lAaT1@vsnIX2Kg+q+g#}ehw3q8}?J)ekMRKvOau%#r*7OpGbvg{5 z3vb>*8gQ`|yvZI&%M^GZ_tCVyO94kk63Ju{yNKt(b8iB#{?j>|GJ|D^i*@Cj{C)S~ zCAs>Vs(eNFQVv6FKNouPgJ1;2clL#QDf>CZLAz0yc~F2TDz?JofX7y1fkL|_{1p1g z@@;mN{#0=~b<*FRh|9t8_hV^m{JW>6`_3%r<>@DfXhnXyv^%GZaY82nN3rC;6&na< z=0|pk$-OIX$3-SmlGdmtKFsMiMJ7m;-c2+ZLc&~*>h?>egfh(zTHu#tr9(IUx8v`` zuORsYsA}(ZY88h1`37qx#*BykZchS&clS>f<4Wlj_!3X+c@5oHCWYZIQ}4Qq2%y22 zk6m-f{pV)=IinXqq`A*lWc2=-4u9mL$kF!7&U|4PpJuMSJJ;lUzg%!}&1C~~6_Tda zlwu>-t~kzP>IGCxxYiv%WQ3!roSN;;{L;*SM{6@zS26FsQ}X7K=q%!oGdB78{I_w< zibE4kTiCJ?j-$}mRjy9hQ{8a-w2y%X+3H)v-&e~0hzA<=Ls3mF0;2vB9zYLZoQByy zT&7>M>zg0*7%l4=IN$Nu-<(H1{EkYLcfNxjJ%k)=^#qj}nsGQpb8<9@-K*GE|yfPvcN|F?MfuFOh9q= zt|PKHVoj&UsQyrAQU;NJ!SPe$>TN2wo%}lHUo6!uA~xl_Yz4d9Ia-GdwP!(ab@iiP zpK!oF)s93-J~q(b-JZ4JBf%QniuRh%7WSX7g*&!+EP1U?lwAJh_ibs55vkW)(oz4N z0BQ8jy+P~=UtK->Wp)~$u^t3J-b~ixN(q7A-N5~8dgy%WBv@6mp0hEW4<7EzhBmV+ z)eaL5`4L^R$y4%u0IA8%!ui-l@2p3%Llx)BYNEHsSmZql+0cJTM&N+=iG=fIl_0|R z=#Kz(3s+o1<9@?{q3?-?&3wZz11Fj7iVi}dRifES3xz=68XH&E0|UyXy^!8oOEkN!ri41*%UxjKbQx-1dilph7Y6 zsmxEd$E%F|Z^n`MTYWB%w=|11-!JHLZ=~>A>aO)Cq*I%w9hUju3}pCSTKlZ0fKN58 zGVdcUQvM!v^-x`qCW{v-V{5tX46I4_e&)FA_YW1NIdxOo#~upPgp?#rdZI5~1;N?j zL5m^-)I=`l=Jw12^R8-x=x^&mmZA2aTuC%^G}wbq`HBxT=ck09a!(N*gdP*7WyW1% zOCb+;N0lVp`~wc4zE?9DKKs@%-?MaZzys^QQ&x(9G<`4D{k6?m)OvU`WfnUvLvFAN zm1{JM6`OdfXjjS1{a-A=w^e;KP|Dg8il1lwNfj7+CwlN|=WlLgy7zWLjrHi$MmY2e zZ@^``(!yXl=kjEyQ9Q%$^p)*GU#PLXZy{Cy-vE`>TJ!dxzr;ZqgA}f4o`TXw>4jZ-;)>>sNUT@Yrc@knLNck@U(DZs~0aJumI@oH-|0ceY(vGqi83hGcWfpBk(;4&8G78mq9 z8&&QSt&ZOR+R0}rlzcAm$!mr6zJ?*84VrvjOxjBnQK8mydb`;gH=7M!0v;Mwq|=?! z#zFDhb2H5Kx^yO8sE$_UiQ}TA(S$7Q4Ce3u*U#z6;UsDlvIBw1T>Y{lPN{GYt%p9# z{NXqMzOPS8Ts8*nhlcs@FL}Pwf4}70&K}r&$x6;v6wf}pfwv_E7WB5`Ovf^Ptu+Sa zw`pJ}6%LUpGDazOFgBhkck}sjq(`8`oCJa3A`&Ko-uL*+%^H`#({r3_q#ix%=C zj^U5FXE7rC<>r{;G>gp+!lBbI7h zw^S!35YeGm-P8`QZjB!B{q@iUiu3NSAF|O@_F}F4k~)p2F#`iO6U9zhQG6Mf)B^U^ zMt&C-X3Sz!VOU>GTV~cvw}RW0?k|c-KtMX0r|9C+{x|wg z&~3qMgLZ=-4RMqhRNlzdeEc=lpXYqgPR!5aYnETdqR+{c%V`K|sE0(BSx*eXXXN$g z4QqV$MD{h`kn3 ztg+>9fw>eO5uH4qh(!Z&C07yT*1(@RvEnoJbx|}ze|200Y^RLF>AZis^dLc-uv zHN-L3XKEeb>}#z>Eyko>GXoot%!>pTm3E!_z=cU8|M|8Ti0CJjl6goQ+V#jHi&v3c zP)ANq5(Z*i2?yooAifOgK+KEdP>We3;-yqnGOX(MnWR7Bgv zb-?Bp-h7tf^WJ%sEhWap9|av|lF+X#*5(lw!oe`#zxN}+HY87li3Cg-eyP0puv^?D zItXf7l96A%?_nRakoXY97tw|(g8Q?Dsa*ip!H10dbe~<4d&2G#BLi8Y^#M5<`#KT} znNu+wi6U`q^qmMt&mS}x;$&x14-Ct+ohw6oEk9$aF;0+u7gPO2ci6=jX)w;|5PP+& zy!LS0DF|FQbPP%eG!thw zvq<;`!C5|7WR)(8pk|Y0aiYV}t$1G~yetasJAAD}g6B~yl|d~p z$Q;;5yCO(kh@yN@y=Z5C*(C9z>p!Za=|xxQ?)VcjkWuG~lvHPr6x%A`i(FRMzIeNA zM0h(^$7fvMO-u+u-C600g;_V7EK&!ozhu<>02vCd?rdfnIZVfc>WFBXuwVTCBINX1 zikX0}Z|7JCZ3uE3LDTYwBi1Y&`xshCQ;#+{-2u<12#~O+#^A7xsUDdHh05skRt_mOOI5}nwgt*pjaXliv#pF$~E)|{U(7*&{drFkuN z2X&=h@JP(51Q_CwpM5k98o)(FpOCUxyv>3g;hzb2;KaJIdp!UOs8(8HK}lt#+gIm#{+x~|%`{BOA};OQzf(~NXr-K> z!4uLF$Kf*Rr+t@Qe|n5!v3Ru%y>e6OLxb@-Wp-31+b0OHFmz%7T0I4>p)%ovKtEb3dQ}R|Kb|V zM`ZY2( zfsQg{H+)7>mBe`+2vK23MWl1#zFlFUgRE>XbJ0OuJ~M<>%a5pm+HOsZ{J!dY(FD#2 z{CbF{B!X6#bt9uqMvCk5<0NsWvp$of&or1fJ3M}V3zY=}Ut+E5eYH4@xZgbTGa_B^ zJ*xtB6&y6y`>MF(5%>ec%JUh+{dK}Bk@Ra7fHoOko(@06)p5Ey-RsU&zwBvA!S!v_ zYokv^co!54rP@SSX%!4or?Z@ASXP1sYJvSnC_3!XD^=2eHp4=Mvx*6MSP`NQ4wolB{)Lwovu#cA^psQ10RH zKDKQxk7GbviBl5aYL|IR22!k@CL*QiYLvFu_=h^NxKu8qRki-FH##e;Rp2|urv<0G zn=?7x{6&$k`lUQ7QXdb$QfP8lhc4>AaxKV^C}VoAKx6uu==>xBdDVA00f#)9Iu zJ^g_FuN%RbEoqNXeA*3Wf?f-{AD;`;>n8L?nS=-uZHtow)WQj9^=WKx3H70n`pAyx zCvoP_LN*?k@}E=$JcNBy-(}Ky6wLH&P{eI}wR>}+xzTOwZ;#Ea$br(9NP=H6NL{$jUp6AXDCzf|OLFs*oamS*{hJ>6=6x9^GWX~sDs-n?Or z?5k=boc*qyim%eAcV=t z=18>056++BntiB+fl^>$os4U+}JbC>6qO4$dr*DB6X4mCeI^LBlV;uV~WrI zaAba@kUfi?rDTM}R`55_frl9-B$`^lUDIgJq#WsNYqY10n)AWVM2X7|HkChOv2CBB zH4sS|Z6;8H0iJ9YtzzG%w7xq~!Wb|45;vSG;IGK@ENV>riJtFRe|p*bDEhjYAOF;fWzQft z^!y%~IoROjyYyUI-(LI($Gf~1e6UWF+s?$F1;~-&8QybpVze*D*f%K>SN*)5pk0?G zwJ(W!Ox({sEeMfFp`#JM-Z_v{8!ewKD^?2`lh#)_$h~YA57}NP%;TPxjfC4>!^K8En?rw@y9RKS4y|{iJ z(;v~{*IxVe8*}H{>lJl8^z1F>k)4%qXFLdSS{;VZK_%x_u(=h?{#lYLQFBO(au{8{ zPjri`ejK$fP;VlFlne{)MWF0@$M;|qM5#_ycdm(?CA2$x05V%`y@K@Ds5kG8`|E&4 z_q`d;aZwlacQ^LTQY&U0XWLGWORa57q0+cX;zC(Se|Gb=-Vdf(n=@E&8lo_4o9S5k zw$_pproa7endTIB5Ed#xS)AgA7A?&`XzpF!B4z)gRiMGkZ=Gf$z~=O`B{7E=!Eo3H zNr|J`n>^}px;BqXf6Uxmxi$}7b9Lr_M%K@SI3V?{m57{R=r9^R*>#g-POu!}@`-RK z7c)~oyORfdb1^7jjY5GX(Mn&|5%*1qgT7SxOJ=e;jP3CvOYm7rZe&h4MyL*-5I6m7 zWrCi~OJUS=O-L5S``V@zO(;>4eA4?x{z}u7nmQq2h9*bB0$WOi4T18oY1Y$}$I+s35W4g4<$0X3hyd{b; zqT%5VS>z0g?7R7QF8aPJ+f(wZza(O-_I;8W}|hF*8ug)3Z-fv$z-xH`1)f|KHP#AtIVO z6w?cd8L`?XP`2lkn}rnIN-}{6!>1N*F}Th^rq@>qaL6K7;6uX0Lj9mE`f!Pw-h}<9 zTK+pX-xb54T*}P%*9jNFZplGx=));kFo^r=7rBOp^TdZA2yhRY#-|HlV z)j6O=4?XH2gk{Xi4rPeVL-_4x%y%ZsJpBIL5~~xQ;mo}NyIprhU9G@C4bmR<;th~^ zfj)nc#{TWridhN~eR{Q96t8X2cV^z1XZGx8@8`99tfB~adXljC`(v1}BcxYB z^l_yEpm<_d78+kX*lp#-(;Q#n7e5C>C;iZDd`LvtSCtOVeWOOo*Fd;fd|$%DHRbYxfdX2 z`bXCO>V*~EAy8Bh1;b?1=2^1h+U^9QAug?F`sYd$p_w`vx@1~oU)2MB@a@Fx*A=Wb zTcyZg`r3x>GcXH-g@M-uE+SGK*$xcW4$MlrR7#YSCf!kSD7^`v3LCmzH(SVU_&?;zA~cOi-8D(|)NP>cNqnOPd* z5CP}&iarf48`>Oq>f0*Dk$0ktYrQm0M8@0v@g?OZ{G7s<&qqtcnvS4aLt9>z3?uRX+jOoh#i zC|W7H_Kq*%!J`%JW=}|6%Rcfm9W+lt!sJe+pfA~I-VU54L9?BC+j9200pYE7d)a$LD)|D6S)=>Fs7%18;8h9BV<3l%3F$S)MRhW=PDu%<#*F=t4vheIK{USg;j^bMmxUuCL)-L5QqlI zm<}?OvXv+V>r{$4zj<2>l4{K+9LF~pc)ZtF0V0LW(}$$!hDTt<*3O~6-9S9`v!b^< zYk!w=;1MpZjj&v=;)OF=vtK{>GvQFeltH0e)L&=vW+E^7-@Q;E={xrvqH{=PGS{FI zenMw6)W++t;*Q8w5Ah+od?^_xQB2Rs#jf1?rE{;bB@2>CTHc`IoisY0xyjIB`Uv4} zEYQBf$`~VDHNd7vjQqATbfJ zc909`s^|L;IQ#|IW92oe^p^4CCD`m`zXI9~fgnBA_|(g4=>4BsxHO}OWZ~TZ>o@G4 z5X}$7ca;eETT1u;5&nJ>Z1*wE{y|LG$Iyhkx5M^)&()SL8nA_rOE#@IJ&1nAQEL#> zT~f=~?m&Xpoz^5=K&e&bZ-96Odv^iOa5fvPFyYuNZSpJk^HhD`)|C?Ty%9Py@m^<| zhx}5plyAeW9ES3%d|ffi*oiKh2d?0X{7t~A(7*bO0qZwNct_dgI3SFA1 z>bmM>HY#y$9t@)p7D-@qGiUx8%Sz(A6i5o*`(j+Trq0Huin<%YH-lAfK8|4*8FqQK z+3gz2%u#){3>6yP!`2WUS?RqFD&J1pJv6Puo8ul8+KQ=qp68&5y;x z=75#*ou`h93~mIXBduy{-GsLxJhD7gzv&OvGlar;HZT4F?4^)d(cUdwwDnt-QJyiP zN`JeB>t4Io33nFv7c<;K-+c->m$tqBG*8t*U{wHq&oo=B=y@$bzH;;vq8xKV04u&o z;<>^f?-(->rT_N&_EHNxaQNIo^A&Rt+;ykb|MLdY!+{EX{DsDLxfve=1q!)V-o@rO z$2nE!V#RvHy;P;y5YWM7Q+^Vv7lv@(lCg?kcs&L)D zl=XTrPX^z<6U4a4bM_K9k8yVsk%u2U3+d4VonO2eGw7gsR#9Um8h8l-S*7PIa;2P1 z`<{9i=+~BaO)8gjiK+f>1PsR_-n(gMSWjksW$3fnDZWE-4L=v@W-DWd+|QF^g9Gkp z1EWOgHmv;S0S(X1Rmx+`x$<{lw%C38-?N3ta-aa3cN1119{;ki!Ti7Tt*^ zts%5E9$O3Zs(S%c!uCvu04z?#X&Wx1QUhKnyfPrL$x9X`qMC$LloVk~{m)g>XgwyD z5XS(SpUu^7kL0w2lF>NF8%)YW)}p!Z*ImAZNW+*C(HVIz=h7H=w%`HnG2SK8WDPPV zZt)AjRLrtcw2JVpV~`md2So*@)Pr~kN8b7~`;$(6gvpf+3b^-@u}jg88%OW9?g2oh zf1T-J#mgSH%n*M&r8q^9B)HbMbFm?CdQHuXdR7_Xwh=E%gR6Ucy$aclyW(7D+Y-n)%g@=*< zP%c%P%a(uDpQ(f=P2OxHMLw2Y=2@(v9-5o=pC1df6TTxRGAU>Oq}g(#S!$;YF*h6_ z*A2+&^-Br(8CGrDqlU%awAF=;+BAEU?V+cSUE*ya8MmRxNkpH$3?rv&2|JVh3FbX9 zh9NmhQb{J{tRmbCIomlLTq2ht-tm!SHUQh-p!g?L4xJ+if&N4c@G$wx=^H}4 zXCoKm-1#@^KCY-otx|yt%KhgBHSsi8qXZxN(}Aq)?YAE~1p~0EUkZ@_Y(r__-NDa! z2ZCR~i;9M=|M+$4(;8&NdHI%yCq~kB{nVOI01uXriqG(^jxU-RODQ?^h~)Zm{S-?( z+x01@5U|BBmWR{{Tp1Vax30hBdU1u;)#5TiO|@@}(GsbQm)R(V4C=bmJv~z+E^NAg zr=o}F3r)R$6M#)5{!;t*PX9_FZp~mZQM8%1ULUXgUUN+%it)1Q{}gPzpa6mmH5~g> zS&4r}7OrKyvruS3|%t$313RT$wRnu3|> zLg;I-XHI_^w{O}o4)>+A%vJ~Oy=lK)^r`t^u5K`n^RnF!;{;z!)t#JIk&lxASA5bl zat~Zn>A$Y24MAfs@MpZzmT0_$?ilvdFm`)}sofMA4WMOe|Gl$24CD{{B;-gl%1;ab zplB>*lxVI+$wZOkd|=U|)%bTlF<7}wA~$B3y~KG5&+ww>J5|&Td$tJ_61HdI9naMN z`vnUH{HVSUeJ&Y?F%MNdm#`W&3E||U>l?Ryg$eiwK{fvFijzD&hDmxKSPf@32bUQ< zIu2ql~k9!pM?&Nm>?MX+MdRr^(vxH z2|=65N(ibuji>PqI*yt%z_Ds_TJ8&!&WhJeKiEvw{p^*Ub1u-TdZ+p2S?4=ubPY~O z<4QC!Ovk@SuVxI?X|&#q$(3B48q;cUcc`y6NXelS24bq{KcUjYUjt+>?Bqz$o7+!U zhZtEvf*RTg*-48yyIK$r1cug{0H8gGXbgprn|9%gvbQP@UZ;8Z;N4V@MuT$d!!=f)P z8_ov3(x4GBRDZ%6>>*g}4eKBh3_dQ(7QhXB(6(;L>6Elr@~us{6RTF0tArHrlY7`V zU85V@#j4w?BH}tni8T8zf`8A?b&y+s1fGDtyixvb8>FCXe*SHXJIrSi@#BJot>xa- zVBdR%gHJeW&8LJ6k2VIVs%rFX8(aAvv)R4q`T%0&6llQ>*kF-S-CfapRHAEEvyE)cd+hxH$L_{V z;YXd5 zGVQ2@b zXQj-Kn;W)ML`?!7rAq(sIX!l(U-?q723+FT%avhq4F_RT6D??2awKz~#{?;QXgd95 zZ_)n}WKcWR-cSByA!K(1N>i@;lyCGrwXoYxV;}7&IKpPXkI!rEeTwyNC9~6k>}I#q zdb<~ARrxu=@d{e%QqB=yvox|Z6j$97_k%aOwKt>F(+bGccPC1kbSh$LD}FdBmWj=u#&7LUx4j!H(l&VIYkk^UN8>pu$l>^D)lIpC z)%tK3ZG-tb@-zS|x)pYiQyy+#rG{%5pn596_)1Pgow z0br3C&yBEi?a};vU7Ho$`SKi;_*}XZ=^X<^cr8&tqdW0J9{Q2glzG$fZi@WDQnoGK z$p$F7Uu4vzV6VP@f8(&3R^IMxog3B`9KctF={QKxMnVR!7~W7qt``}&E zii|40Ga(Q2*gbB!tcopNyJA@WVdwRaep{bcIr9DM&-EmItJyu*&_#XUC?r2w>Fw>; zXv0VYTLLRP1~I#WTiWI;())XzLl3coRWeDru`@$9=Hlc+BBCNiqC8zJ3ii zS1_KyDN;reNmHI(Fj87$|I%kwUA^`E|jzZ_R#+l$~wU$w5IQu7xT9%lN_KS)jp~+3Qs;MU5T3l>6=8ZJp5V9ES?eT6~Z32p3n(+IRQxhvjQ{%-5WQfa+ zk~f;4UFy=%mAQ>_E-~J?T~v!60;OCdo0B7BgQHje{@+W8%^NK*QWe^MZQ9Ry`b&@|X`0LdlZD^mFWJR< znLc0dWcks?z(+^!jouB$(`vXhYoCPb#_2kP=N;*(RbNlEmg(F=%U={_uh$_1ZB8BM z+2L~~?~M+sGir1Ozr;D7^xV)AHhO8mnrfT90JokONZjC)MJh%!pFa*Z85DiZI6+pizsm(4HeXT;BGNbfU)6u+$>t-ACL`sMR zISh^V-Kv_BwohDrF@OtMtGG*5I01dUK!HZYo>>_fPTx1qjT>)L?G>uF9kVWx-}{g@ zl9SZ&x=jX`dAIhNM>)9uz z9MFMN>86{#=4elch6rE0p~Y*Tjp#$ycdoO|ZmZMBg{@=!bz#Z*M(#;P2K&L#U*_>x z^Q{737uH2e@s}qS)pnum%xX<1vkX^!`+ZN@TrI1r;t3S(U?5;W{+!D|~v;M4R zK}{+BQ?(Gf}q8;LL(b7askc(SaQ?PUl=bd{prVf5cqB_}b}PZw8^CIzD5<2`?jT;0n6>{9aQV8+Yje>z9?w{z%g9c;j$ zv^%B-g@oe$$j%Xhd9-C^?41nk9mKII@L0I?}3zN~&istRV;xG=6iP#4?d z=@Fo*SoA(^0-vluld?bcdudS8Yuvp4v|VxPRx*0Bp>^jSFWLH zt|qrzP1TYVY;&%{E%K&hk8}Z!<2+0Q04O_50RO%?>AA9hKqffSKdR>wozi^4lOi<|3;%53#8);2HY#{JfG2zh877cj=UQhq0c&94gS8 z+gm!HV54VnJ>Kyg4S6c7H_?hnq)&GnN4|X`qVSknt6<}90JhXL(_U*uGe2&xl;#H@aZx8Nrnp3s^aM6oSQZJPx@*<;~dh0JPr(DDmbftf$#O98-_EK@J`av1dBU1FXG6xy-gNOgY*3N^#J3$9NJ|=w308arz z`O}KV-SI1R?!gUhzNd#q+|Gp$4;V))U&pRD`8w`(e#$0CW((#WoPVMej}8Bp?3f>b z{gCTK4MYFfVF1k&5(1`?MvzC7blcFsqE(p4y0q1&SOXqeH}*xdz)@_1FQplXByBi- z@L2|cXZ*pRIKu=UELcNO67uWn49yG|8(4uOL>W*N5{w2fK`YSfrL8n!&`!6RzP;GH; zQei)>3y|d+ZBabgj7&rJY^g5IP>D43PkUkIt;Wi8y$_c2qZgI>-vH6_5c24EmwwiT zB_u$V;iVmGw`IYdVi)`pISLksnM&d?4LGm-Vg%g=YF&eh%eY39R?>taoo5 zzQk*-RZtYw^H3_Z(odk~+`t@%i}%`(Gk(2I>a`7Ydt*=Tv!Am}|J>qc>qQNxy>R^- zA^T6j0dgdnBiqY^Qx}EfW{tGfy)u(;a8fY|iI$5wL0CkM{p3M5x_t(C74Evu$7$!0 zv~j>objn)3f7llv)0@?ou9SS$&-L4cPwEi~`tyxzma(odvFK>AG=*QUjqHiAfQ7LO z1ULQfJ)?v}ANAeX3MVK(d+Soj(Mr$INN@K3RF8!uNuXbDb(#5BlRlaO;`H~M(pnur zAKlUmq|mGArlz>7dXo0PX>Z{CpdE&dp0(HHT-RO!#dA}d^T31M?ZL+r;QZ%^QBZ9H zQu%UuJSMPr{QHegUC52t3ctQ2?k$4ka0)C5TSI08=jbZisd3%+L>(!%b)Cslb{qOy zrLJZ&Frl&qjm5%>-tpJ+;bSF6ip-P-0`Z*~LOe;ZJ&iU7S<2lFFUjCa7SpWyIZx=2>?VSj6p zFjHQ-O}UH+d#y7Q;qy42YakCd}ZktM%DDGMV8^ta-7A~UP`o&R*p;e#(t1!%#Cwq9% z`kNY#twH;!aSu0(V`|snAP=C%yx;%?&|_d;(jlrIeWP#1cL7J+!Rb0ys5_I|=ZB?bXYS#>SW4 zp}3yW?ONb*0WyG0NkUTY;(1Y+@z@A(AjqJ|-pgQ&%g8olavV_E@=@Opbea2J_H%4{ zJ1?MGE(SoULs)miuK}T40u+6-50X@-OWWTge$D(F9oaO&x&vg#54&e_6AT?U?svCc zX*&8H#)<`YlroSDl4CB)^veTy2t z;WyO{E(@Z;ap^U5Y?IQsC+b&^ohaRo zhK7wvSu`ZxtUcU8Hj~QkE~vkP*}at1r+7G7Y#?WGys&<^AL-N&pAF>?hw2&n;L73m zPrdV*G&1{v;Z-KN_pK;b7cu@_ zunpS$44=A+257L!YA!LFjs6|8$i@PSHA2>91yMr`R5XIUtbwA06eZAZ-=}dXr1g6w z#3sCyAVq=5Qa_3ZRtYd{5Cy_Fnhy->U2QCiUW&+PU^6ZJJl9}k*L*kO$i_aPU|SYC z3~i%D*RIR06FEa}lw891s$BFoqGY@YaK@&j0oaoi346bWzui$uC|$rg1_bGf{Z*m> zk4Cjkhy%zj^*(9=5}14lsW2I1VY1FXgsCv*Cd|l|3m+jhZGST7C+h@B_1i2xCPwMV zmkB*B)tU_;hHo9=$f$T>ZuBU6Drw*c`5^HW0CU@m4Mezh5%Y51+>$ZzH)mD@ zX%$9m;~`!6^ryHCEO1b1)Wn*5eK><$CR22x5m!Qx5mxEe+@-50lXz37Omhyzd6WHx zMMB}6jR@MlC9pJW2ea2g?9xXvy*Xu_LGt;a6pP&+aGnpvWBumy>o)&q$^@}T3)v0g&7jW8C zg44qUC;~La@mnT=%E7>dmdNq?>?M92C@TJSbXg}(=FT+*ExY#lsOIMI#=ETPtnl?Q z22}jzi($+nu68$ohKuU5c!;?Iy0%%$jzRjmNzp3er$J6;FYr{PGtPm*vMa`n>oIfib}7+oZhAY}Xs{x@-~&a2}Y z((?>&cRmIVf&3;r*DgrXD)q!POEJ?Vm7Esc5~K1^m+zBrQ+&KDkhB0K^V2QC%9Kp- zX-Y^hUJ?53RqOOMevF($$?-UU*cP=jbdRkXcl^?>k@%C-Slp)lAtb(*EzC~ZPQ>q- zv#EhjY~U_=ms`0sTBkx+&H<@QE6TZj2AArY;N55uXu)#o;+twW>6durxqGzcr^q*m z8z!6W8S+aO!PSTkd-87u-`06Vg15c@$;u(Xp1njL5{xaChZ^ZClPDj>KZa1MTr9n} z51eT1$__F;DzgD{R0=4aw@<0rQwq`MPGprVQkyaSSqsvtKpLq(RcwSN_z z(mZ|s!;{OUa<6E@x0nKgZXhCz*E{54+R-2NNziva_NrV7y;K6vcEz!Kb5qj8?`JeV zXFLa!=CO}H+a+!*jE`X6xr7&9dF(g*N4Iks0x)#89dL!#y(A!-05CcMrBum*grsTa zTS5a)AmAHTc_83(UFO0Ilhl=OVv` zB_$c2zcvzjCT8PSCG!c-8xGYyX^)+bU?bsV$D|5T#%4E@(Yr-A2|X=MAzTOPzYjwP zvGJT?J*hh({=nc6#JKtO$@}NZWYZNEj|%_`m;NZU_?9EfKmdcOi1oz}>?TMn!iHv>YB%>WO?&_&m%E&;OD-{#Sgb zG)|z*63R1C1e>ivOx&m7Ft?m|epgp@A|V0*Wv)mW9qOEYyC^B#soQWS?a4yIL%CT^ zCpwd2ueGxKA7(C%?DUBMqr*743D?sxPQG(6qz4VT0gFY$or`s@>nqbdbPTDun8K9A ziJ;0~xO**Jmp=b;L4daWzLzr!Sh|n)mVEzc!-4sP-Jt6z2n#SHIyasyNZA>R!zl84bdH1}? zNlXgXY@YWC-Np5dhAp*(_H@+*h+H4D6Zh?lTd7iZ=~Vt5`fBn!&l2!tVOJ?E?Hy3> z*6l*(Kh#F6rCs0TDcaQdEUx|0!#Ig7h+wdYq4YSODJM!KTfR-tXCqXSMY=~jkWGMR;kdayFjXdL)dzQe z1E~f#^ADrwj4Hh@E;)8<%t;8XB%ymTA0VqqOXUv$@N*|9cX-jbGqFTkN1H3<3a{qV zxFnhNBum8Z-VV1-7f%<_s1kRhXNYbHk>WADXz~~s6eeZ+<77-Cuyp*x4q9`lRtFa=u6MTjpzgZ>Bl_RX*j2((a4Sob#3*WNTaxmP3~9vEz#gJjft zY{`LC0H8@@{7=lyb0Pt_lELh03_`2((_E8P1ZYcR)hVttHf2%_FA&a--p%uY;Cx{O z9n5*npG6aLX7~XyJ5~m@9<=$XbtdHcc9rGNav7%uMCBTrvW|-Faa4C`RRwKfNExu3 zuI;`llm4WxjJfTqvP-PA*pHfd7sx!1gRoCR{A?(-^n`vWd4O)Rui;iWsV=LpG|LP>6iU@; z^smSSKyYvAM=O(%4yN!cC^1kNsB7#sT&ODtpmqWQMkd@ZixRUdoYGM%vlcNzPS%Fw zr)0qw%m`=4)fuJcHpRlZP%X2<8J)tAGv{X^gJ{lioo@~YR>F;L#=d!iNN5y4 z3hjglMXibeA7Dc(RlFtS9Q6&BJkEn6gZk>|1NJ5lOkCelE>Jyb0Uw>4`bT@^EZnf) zhgFComr9l}ll=-`i`1OS@=IDj6B;2l%xFf#!A$Kf3rg87IBvmT3d&eHi|b&eX_BKr zFJ^wd8MM7KwB@|LvKbDlPRxk?&mrT&tIdf=W#Fh)Jv*P2=9zYWwOqN$Y)p|j!>2^# z=@5bXat24#2eeF+uXnaXa$|_2piZA#q#zMH3>cCd%VAxSp~wk@5TsKdlfzNE+AM`4 z6@5xSLA0oJ1x6*d)i$su5{g^LVxw-;JorMZdlPt>xglzk*6vP96TmJ!0ZRX*`ies~ zL^?4ktz;Wa2)lkJ7T9x8KijJ%E2L`95xQ2ve)-1@< zUaJ(-DFKLq)7vloC!-^G@a>eG*A<>GYM+HKCJbD-|99gA{2rY2Hv_Uv-?TFaLl4OT zbKojj9ZrCBl%Snlfr$ChGugmHLKFSZF=m)T5~&<>SUTRlOCc&guk=*?a&3bUTBoqA z6j~7;HbFucvKs0JTuza|_%^0%{wJFTB0wQY4d3k4GTp=UmbKetfsY|MgTc$hrly@P`F#Ho-19=;AV|6s?f7 zI%Y0kSE%Vs{M$cm&COoo3feh`wnHvxm_+Sd6T$Nxv0Yq5ym}icqV*b% z^4Aq6CEitu7jiKBp`9f5VsaGE0F8#!qBVNv)l1lI9JEm}XGn#FKy@)Edev6V( zR+`ZCEAO>S!0Ps2#ciyfF z7PbWnJH93}^Am*CkV44!$S#FI=9I1(tL0EYD7ac~Jpxeku3vwqN`j76t6{|{TugJo>B$-+K?_eVKO{z#IA=;E=P@1!FPDO{p9wo6h^!u(XoxDvw3;FF} zDwvk8FA;K+)a05oR_1+0_Dciu;?gi?t7n?Hu|Xiy9x+=QeA=+bmYFZb;nE*| z%|3Q>n{qI6@o{7qCFZ?XR87rMF{HiLP05*o2CDyN{wmpN9*3Dp+~PV}g2?gClH8cA zI}~MT|CvE?=YI`Zv)kn)*DoK8aO>3H@7^wq_R}g4Xgep(H!Lo?)b}>Do(PqQ_t@4X zt3fHU^tS{UHn?x5z6Z-&$jJackEw%dgD5KOHzslPy zqRP2;5eM(S)JD96Z{nW{8DX#|+xz4HN)y}=b{89G4gGNxVGQJ2PYJ59oY>k?JL z>3Lp8zLWLot(6ky7e~)V67}T3U4EvS@y}g;0O)z1TK)N>H`pcdXH;Mtj{%3KVW*3K zL6okx60UKT$^HS&9<1-NRM{IKd5A3HyPnZL;$QGHv4BpG%_KAnd*Ts`={4=1)@j^ zsS>&;27drQLA7HCV_fHHIyd63!6gr_HJF|43C!$&gnLmX;EgR!TcC3s$OD_Xjm8)5 zzXK9Qyq^!=IISF3*5LYA85;BN&mL2TUyyGnP@n{b#$#?v7VxWqEYzS`hwf*M+_lqV zz;F8IWZ&NTw~0!W=7#hsm6fn z!(W9km^2&wVN4=rhVpfKwT>^SR>i7>1xobXn~gWZf7_$dPVc>q9yJ zwscM14}oUjYkXxhQCaEKSIn&o8VL@K-SAZ#RvF81iP|GEtHHW?HF0`4vmf;UBlsAc z9F-`)KEWKrI7b<{?~M%?>8%%vtJPR)7U%#B`|CaZ{byBi#Ag{%jphKLSG#v=r0i^1 zUje>wo^=|JVNo zZ28Z^|Mh=@KmXI}i0ohg&;R#-{QrObyZ`O)?GtVNRW@Dm*S}EipHKfnpn6=lf1&)p z5G0+ZzrRgdEos00Jro<*1orpiw<(+A`_C~5grNTgg8vH&c`)%WltHNX4f-2F;pCs= z)2bN$twH>62sH4Y^fYgVZCvYrp)B|=4_ncJzhEelK&ZeWTvSr z!Xi@}a1R2Gl7FKF*!-VV$|xo7 zkod5z^3x)>@lGB)OLSAy=Lml4y8H`aCGfx53X9@*&_5LKIN~SPnX)jwC&%2XO(^~$ z{i%GrkHAk6-Sefa$g&)vuh$tzscrW#e?c>#&)9;JD5TAA^Z|z>qyR-}8KF1WvrGqh zEIB!?V9yO~g(&EQ20IM#R*w?H-P!Uj&})L0l;(R7>FTXUeWgtXUj*2Nk|(ZsiV;O zGZPw|#CoTRjdDKhymt)y2K^WxoJoIm^{KyI=aAsBg@(3b>*%@HR`cm*WPmT5Nza){J1hodG{lq z9L#6ok&__?f4N9}Xi~=H!-KPt^|q5Tf0!UW2tV@B#TpbYm4j6;WQ*~~JA%$doyktt zGx#ia7wdEzI23$gTZ`ST99Ar5u*2pD@ZR#CLbI?*TptaUua8RGqFQ4l zI1F?#>)Um!M9>}FA^|vx=p64`@>_cnyzw~!FHe6-W0Y;nM_;q`@ZM3!L;=xF> z38up`B{3hzPq5<>+%o{4#-KWOb}cbq+RZ+6K-?R zM2>h_whw33?(RcG$mx(0v(6tep!!RE?Ku%``5hppLsD>o1J~{S3|ILc=ZlD7)D>%Q z`{vaYu z{Hr|h_wMQem#u|D#Zo+CIViWwU*8egdB;$@&aINqX!a8VW;weN->%QZK(z2@z4RV4 zS_P$J6E({jce5K)7rN(T-Fv2!+`U}uqJX&xg(js5_KWx@F?sM=;Cb?bqU5ODr^Xb% z!p!gV@(#@}lNL7uHF;A+3uS&;CZuF|?sVDO ziDMFiu_d=BLz3?_e_~I)xRu>cAtsB@>mP%R^BqKrgDGc0I1pIpQHWw;or%N{D%|Xe zPm{YQM@XAn7I=R_Eh|;Bz`SKCwmQY|OfCdz_Iqr)Pr#d0CS5ti?$a_Uo!pNt)M!B0DD|-x*w!+z=plzgI)?MVvJ%TJD!FMp>gr z?gx;0RjLLlY3^AN&cyM+q2JG3xK(K);)-z}%o4ur2czUZ#Q{k23ZZXvIksGIpE8@XE;d|+;q zZx`LMOLbH4^Z|EjQpoX@7IqKvzG5KWLOaAFlMI<9I)#x@DV?NoMwiXc{+(Eny}4Jn z*h)cq)9ckz4dzwL)z9Rc+^crhL#e<=@{U;1J%z#${15nAHe>5K*zv{4=K#fH7umYz z*h(_Ae~jD_zg6K|JH-|}a2f_2k8|T=4CM!Q&h@P5ld10z(v3%FmOv+RHE3AXKF>F% z`lpw0!I%3U;juzH%Jg)dn$+h4_v>Y{*72uG_Y<`2d);+sPxLbcpphW=BUcy{lu+{6 zc#fQRkI;plIOHVtWNz7BBi6ekwSMuBmZu#Sd_p$(R$WZ2#o+xs|1}y%Du@j?KR;wr zHEnBGW_QZL;iPIdpf0L>%H_2mR73m^BAc_(vD@t;ny})Zd$46rQ}nubmUWZSIdMNM zaewq81Zf;?N{l)9%KA@fFrc02JUilpVK+N?uninCv^zHh(4;UF!WIr@ab?o(7x_qG z;V{=pqO?Q+9hb92#=)6zTxvnm@@cz5uG%hC!IuMc0CK_sKmIT5aaH7?V4jj4~ zItd(B^3Fs4iXPF^+1!xle8EJbA?_Bwr4}_>8^s3A@3+jllDE z=6NHZ!t$7Jeq$SfPlS}Wtg_h(C-2I)o{+soF+p*+e_Nt~ap0}R-3P-|iAv_ONJ)A= zt#yEf8&Of|kHVlm2+!-a6`_c=UtDCLE}yZi3g^zSKr>)R{rx>$A)C&({eUex^y&8A z@G-Mo_-LH^!Qi6th=y*U){&%r2bHo(LuoQnZg6C!Gbw^Ze0+xGqL!2WzbZCbSD%Nl^DqbW)Wt2KS3mX<0~O=NJ+KT#M6`*WBYqhJaLbK?Ep+CZ1qXsMy~3D+Tw zc-&{<(Cq%$@caP|9{?Q~H0>~5D#6w>$vUX)z`|JdvONjXcmjmh&)fEHI#xUZf4&%p@V9XJMOi>)?oi~ z!@ztHi#L|fDD7x15GY)6Zu0S%&u@Re&+6HNBY=oAaMFSD6~;|oaqyIyevtTU8IRjE zkm%}mCy)|V@;y_`EvhjMaLlX*N3Yu)5Mz#3@2BRvsUK|4DOm;{hDEobXC1){S90s* z!ee_DBii+DLLB*W+UwdkaF}0HUGGy!cU&MA~Y!W~ObQ@5iFMQeasY2gnrQ|-tW4{CO z>O4C?xNs3t-%mE_;Wys`%vh|$cST(b(|PIU4PYs3p;D^c65g!b1#CsGsq`MDY}cAS zwLGutxamvpHrCVMssg3U7IjZ70Tel%ejm^}(WagM!Bp2@`TTtPNzU3j8TJ^2AlhL# zZK;T_5a@?}lIPcZ;dlraKdzFy&I^7*iT}!;=@U+4sb;*aaAL-p#dZq zB)o3WWlBjmFIH7(RYxF*0m%*U~kqr@P-gCUaj_a zA!vtaGO28cYI&0VSiJ*P0>AuvP8-ZT=j~q6HUI(uy$s%DI^e$7im{8@NTrB33gYnh zzMZ(*aOLb;%-nMp`3srU$2G|XryLy?X_1p2OjxVZ=vupifG2pu!n=1|1^`Fks*4E> zGUG4Lp116taixhgTyum7*NvP|zp)uVDumK5Q`My1ED7NTOsnn5#3vv7ODRUap`r*Z z@{41ct5QMM{CYEUxB;?DyFL*_>NG^Isr<2DxQbyK$a>i*zji6dlSe~HLQLQ1x8y+% z3}l?#1OD~~7Y<^pB4EeO)j#!CKQAhTFK{uCb_n8ifB@~_AN~y(g4o-2;^2&B!ShVo zAc>u{9#7_aB5>Wa-Q*km5K?^mCF^lgkH1*bL&*BjtWG43=|vpGT6aJx(;5KagheUx z+Zasx%1~%AWuD>oE^aIreWS%;J}!pLkh(Q&7c^7lHyQS2@T^Wl9r77Xu7;oUO6U&r%z2vK=EFIx!e!qs@Hp?$@6L#uT+O8ZG8ZGwKcH=IPcs zrgg!StL40weMOKtmNY9E;Nu?$ATONhkoQ{DbNnp={aX&ViqV0#!Ne9f%5^z-C zEl+HW zc1iTXF*BZp;yH&hykO)aa;nh|Zlitia~vpEY+7}k=U1()CNO)p2pD_5KJTn-LP9#8 zbp;3}Q?Y|>&O0Uw=Vd;%gZb<01Fwtp z_RiOr@9{hrU>R2AvhMnPg1i-X9UJdZaTG8q6y@( zNgNDPY++9VKWr$+PAT9g`Q?4&UrTY1r0dkdNEOQ=p3Bd?A&#+Po*D@t++*vI_v`6- zHuVf5VbG2_$!#k-0Ljq1K7_zwHWyJ^33vvfaZY*l?JVSr>o~% z<$UO37}(C|&CixK{iTONjBZ#WIs?JVZ%`udCZ@hCBkn^wQ24xN<2#o!zz{npaLRFf zPThjWVvTB~gVYQJDvrqWNE>ITtomHPIh)BJVS75R3XFzmD!xmxB zx*hP|jl6AwV2p_E(vX)Y6amD10bMOnv&=^w%5Xow>%?(VIP$Dblw|AyPhcU>#}wDo zo`FKK%aY7~9+8Zzc@x|c$1^B$@cv?~G# z^)*6lPLJjJlwxha=IKhmahbiA@eZ{KGjThmeATrc<7VAqoW)L&z$gpCv?4RK<+EwB z55JSgws%bw@T+9Dy54*$_2{Wpi|wDzQ%^O?Rmv4#TJNq0#wYnV>nTS@mfiMxGnAF( zuU|0pWOE(R6v}Jl3a2k=mkA@b1^@`)xee6SSn~*`qzs#G$@D|`GFMv zBPPkju|{k9ETWR;Yl%`(tSAj*ssLrx5!3m&DD$WR_OUAkhxY~t#8hMbjL_EH4Cw2I zJ}4_lK;MMgm{k54;Fi zb!FdVyYz(NnZk^1s1~QsB*0pj`}>wG;12RLaqII(t?V0he`<`%EK%2dtR_ai6s;3( z7%Gx6_7(Ti1?+1r0E&&J66;V;s)4p5sEW3aA{5{?{d54zf?D&sa$I-MdiESmn2X^gY0rPkVk$!**cGPL9L+a!y}= zS-x?SuP?|Wh(iLj4?*+I;LTf`^7Hi;`7!ADO;W5KB<~u!en7N~nCG?2TnnFwflWP> zsLr@ZBhjBr@rkU}1wI{0B<1j57YqwRi(Y!GXpaZFGxJ#K4?FeUj2mD*p55}hB-gaaEpaWB*P}8Y0C;I(^|m4(h{$-$ zFXZLm_;^p0ax5H`7VD`#qKrBUMXR_pa)T6g|UXOJK6{{_B1r6e^3=u1L~i~yOh^;KU72C^7;vQc!EjAndSQ82`Yjw9{*#2 z;3QZ#AQ*(2Re#?`E;gD%2ZT?=dI^(cCk=vmg+)*V>4ZktYbzjX-Iv9ZABY7dc z)@FSGD36&Q36P^O>?VE(5WQq~$*E~Olk%8XLfq+rvJC&r&(blXH8{jypIDE{ zM=9e3PPFKjRKOla+3}mO zw1udXnoFJmuSWoeQ<&%5i0v()X?}#nuK|e^l8b6E+7Q5KLfag5*8?mikM?8JG%&*g zq+VT%xquwdKD{dMstGec6qKGAKz=WK)mkoqrYeKP>Iu>T&y?j(ZcD~QX5IOl!BID>gb^A|KliUGrQn-qJ-`>tYKumlhSas#Cy09cK@BY-QDJL1npmiA`vI4jcDiW|*)s?+~e zX4LGs#nw(HrvByyZ{*>JL6s2l60$XIgytd|kL zL2O1Fcwji8zp_upS#jA|^nsYG@4@9jxFb*dHn-TL<4INY#JA+@LLCSzfC^LL)M0cy zSh% zrljV)#?c=H_Z-)gud5mJsQbvj3fq1&qt_j~FRc(3QwBU*r^PKY`>ZEi6^kFm!+b3V z)C9!K?Zq%H;?9TB;TZQYr|*Lz-Pg(L&SOLBBLyh0-qglLp+!9o%*ERwN+~oY_?(VS zx<~!t9zm~@vzc7t2{v&$V*Dys`i|AQE zHE6!bK?@n>ao#i(`VoPO%D4+CW%&5?lr$wBGhQg)qspvK#4of4T9Ma_c`NHg&?-tP z#bt=_KkS^9FKkHFi%@?$gF2)fQok>3Mp1h5)aXax<+pfL)F=T% z3rL5$Fs{|6nNZlk2&8=T0j@L+CWNVe!_yiC1M`?wX-(+(aS1#GU9Lljl$$%0jQd$z zWuT``*GAP@K5r7{@!Rt&YEpko6+~qN(J&t`fc0&!eLg z%@J=lIF`P~EN!Vz9AY(fQ-lGMSt|zxiL`HW#NqVQKUc0`<9gmd7jer6-vi!lNSR#q z1^xu?40`D{gjJE%ZqG*61tS<~t15YW;o7?MM zDZBySK<))-*Y5{y)H>RK$`^2&p~69vwm!T;evaZz?PwR2$$Kw9U=1*#(x2pjxme$@ zFI=}4raYbCIisyb8`N+*;90j?&VkZ z^q`0$^efjYv6N+n;2%S~Qo&4<#2I>8J6ysCJq2q327d#46l5(eMG)qXvdl^i>D^Ki z;_XxE>P)35h>{P2Y$=TzQOt;XqwSya(~L)!S9-n=wn9*ZohODt~??uB()SY2ol2^|zISK|CyjTXTfRY#3 zfSy_v?1Evq$ljXkn-0fH&bPz#g?*LLkyO|3*cd~ZvE_EM&|`Mqnae&hoqF9r%y^|P3-LK@Z0EM>VVq&I~#5! zNL)(;=>=P!6<54=L>p3jwtewA_+49G=3tPm_&p?7bhZU&3KnpDJfdx?>}d{;H8fif zAj)D>dbrhoITS!8%Qt!*&P%ochbZ)7R(sw3rTS7+<}RdX#Irw~5FSvb4=-TO*i>q@ zq`ln}v+(QXjM^%=h17$ufjn3I&FfiS!%<*0SMbS>3;I#)OU=svX;)b+=qvbxA&!JFFjm<5>7*=;+@cL~O~KAmgnC%M4iUkoZmMk_oU3FSU(crHS8O#IdGgr)u1&T^J2-!@=-_!8eJM{>!A z`=~X@2k0Aeih(X!&s7;ZYa87(1?d!_q$94GbTI$Nu~5?}BK?a8)&g#437*M+!NDf} z7!C-5`ghnCs3t^|SQ_F$bi>&uku{0f<}-bKa#Wx2=6H+tELYf>PW~1^APZ%pWZaiF zg?*{>>nOu^M1h(jelnEOY3t*E4Fd;`{)E*Xdkw=VwMqe`dSuQWBea8a88nu9lP{XEcc=~780mxK--iR#PaMv7f;ZuPQD8%T>~P{7({O9iSbz{@H4C`xij zo^Aesf>T(H96m1;Z_(qXVVs}cXw3ZvQl`y(XKor^!=x=*7Y%Cht(+En&#JszR_EWt-nd#c00JPi zTTRw7Q5_}tDa<*n!P=lYD$$YrqZ*Ds)OSn`25BB@C-9v{^wz$Q7F(%9a(GRv{HptVw%e#s=A&%QZFt>$Y zLwrZT;n1i_>fn-ZOp8}a`Q=su;v+z2!YClifvp(OVah;-K_DucDH^~LL3Dlqv&bs; zKtQnp`u96(Fkm?Y&hh$iDkDvw8`WJnQzO^#JC~R_nm2rA?K`>dqW|(ZxP7@f$i6ep z)aGdkX$w%sgizO)im`xAKRW?Is8>SVy50gA-35wkJ3#!?I-Y1iYk(%?Y; zyTlAIY5|Seo3+rk)1rhJi~=J@?Tu7|7wyDypV|+3n_n*vyLEwF&!o*M zksD9KAtXZdbKTB_NMC~{C`{+}X%xRSYAFqU-8nsnu^R$6rp2j2qA+?#3KNgffMztd z31-lp9vXh!R0{0Ykd-E5F7Z>J&8P8mE2832NM2$EaT1?fuJoIGSASc}fD5k-kj;Ky z0(VnpP}U?9vdN2vAgRv)NT{n(&6Q*WjvHU18j~qOB3wTC%G%lt^x|r+#RtYF%-0L> zBpx@;5V7qCD|nQ`d-BAK*du&d`T6$9LB{?fe+lma&Eb~DB}Pq`fQ*MtHx!5f#W+fS zm)Bn~LE#&bfQ)CdA5~tToqpk7;cL^1^UCLzq@|bjEpw;!18|uDu+_=(7v z-Mv}6fSAtq;;>z!VLrZDQ0P7!uid=2jsvz+s@3zr(+Hb8`pq@n5i%xUz6C`(u<-$$ z3#7b_gI8!WROuM}F`hsck;mGV$6wCg=f2~}S$@zT>3V*8RDz^u>kAuB=9Zf#*?g6d^`}p1Mh-z? zB-uX0r@+)&_FmTsEpmwkJFt<3d&+JcaxkA*e7=z~seh%Gr70gr|EJ7nnoX1oN zS%D4&443eW5OXT7+VyqYK!JYMON}Fn4axnau5SR5;Hra*?KK)Eoncu%d6$vc2(_vm zo&fk{Sga6l8#S5YEWw}&lU_t1vzy>V3@$`FLg`ip8#-zU+Dx^f1R!zL%f&>Ks|Lgh z>v^$Q=9n}7e)5Es^9+>IpqX1-Kg+N4&tpMZz^#KEz}UO_%`qw1_~6{K1TW$`;Ldlq zUV)bD1L-Smv2HU%ChjE4v+=W8QzL5BRxu+yBCoB6sEGr` zK466^-HKrXh$$9wDP`4-=?&;8$C4L2z_bRhXJvne38imb|M`L{Gdj?C{V8JN{xz^c zuvFpuU@5yi^8#q9TX^SzB4QJFjZW1|5a3eBlR5yJP;8viZfIL|=qVsI=$+$?B0bE& z8RY;aTJ}i<-zzH<^gs z;43INzw>%o`m24D9$tgBweE#H`sT!kRKNML_58pLeLRbWMuQqeG4zMK%2P%C#0|K8 zaF!1091gc2BxE=>(08X<1lpGD>XEth{Pu&BF-8(@S0VDv%*BOq{Hn9mWSF6Zbrl zD_{*T9q8c>uVZdQl)!?HPTL;qkNZ0aMYb>!h{A^NCVOZ@yto6Za-y$F0WjDC12b6T zCTIFGL1yuQ%sAFQObY?ALW7DiUkf!b1Xclh@OkB!XrrUz^g)OR8%+!WHMJ(nj2iVA zWym7cTa=}X;HXWX4{nQ*W=}Szfl`*%jk|$^613QBkVwF0LT^CMUxaW=43d*Lp3P zDg!taKJp3p6>tMjF79@W>Sqk07ml8-RG`;If3p~_!7we%<=ayt=;6p90jIt9{1t$f zRAcdZ$s{mBs-ILWAP*=I)H_b4c%L!T zS0yK^i`7+!S%Km1fw%bv`WGOS1}#iohf9MQcdfqxJU~>uJ{Y8Cw^4W8c4t zM_ur`*v7S<1D<*?enQ#U2lxZFMmY7l6=GM22gU@xb~Y0oH%k?8A_L+nKS&e?`B{(^ z&2+9Zu;<#R#w@xMYA^t`KN#`>@rOphg;$KLHx_d|8t~q%G@lC-YT|e*UPAkHkUs9< zJ}zsP+wdlSGi0U)!tgf*w~+M(JWW*uK@CSbScet_zeQc!6C5{6-IsDbGuuhVM<9%y z5m*C|{Ee~!VdsiV2uVA?ovNABK2WUEg-QBO9_vkoY6`XWZv+bv+wrp@4s0HLyAMZs zUoZX5HsJk)y?}T$1Coy9jJbvyjo*}m&6%4iJkaH^l7RW&K>9WCclw2p3WGHcHLcCw zvmQR(rdrn*HVwtveO{?E4?scw1Nwt|&ls)H_gNI@QQ?QRg*$LZbkp&|89h13#oykK zYO10Dx$dxDyt1s`N)@nbHi!9nas9{g)q$Mng|l_m4(-_dlB)>T+7x6z0Di*6A--LI z+ZO$zT4|eFsJ>3rZl<9*r}mbsgfYa=JfSe@6HeFA;Y9yIL1w_S2z&D9?6)Enz^bozk_JT^MPTt47!z!Tke!fzCZG)R9q=;IG7b1@UCJqs zv;;jAo(()$=y!yf`lZ3boS|bl3;|iz!GA0X6ja`oMuIItKQsl(ddG!})7=YX+aZ|m zp6{D7nd1u@!HWYGqT7i$8Ax~}Fo)Qna|68kDLA>h{p|jt4xf0dU{)Bfm^a%P2_>qz z{JK~mPmc!?A7-E_q=iVJKTzlN!2Ccp8oYr;dpjFTVaR@rS||WElJ>^a9-0OWHHQ6R ztc9{A!1}w1ejqzyc~*)giE@xK5P&+GjPHjBa#2isql~rNjT(5GmSLaLLb(&Ds2_c> zuun4+V_6+teEE|zRG==)Hk{0L-fxvK$-{#yVaPXcw%o=Y3zM4wFO4+5gqbKVma!o3#=_IIG{wxqoxwQHpd6W z7#3M`4U`)ESs#D0i2c$q=w?4z!iqu^wFmaJekw7bz~o7UFkb-W_kKsl7XT zB<}_bZ z0pv60{f#ytXUy0Y(c+N?QY;(5!1uI+ETNe$zwPLPZ*{>BFMxKttbog6SC;~j&mW+4 zaKKp_a{7HU$&5EytCEUy+!PM1?(_i+R5*--u-`r^fGg*1r!@xX)5km=^P%Mu$}+g6 zS%%OfgViR@y6hS%a8fYQ8umTI`vaFZSQCLrVHAcmC}U-{>wh%8NR;KaGir-bC62TF zjiDa}Gke;(zWuC1I^Bn`j)KBS<#0dhz4_oZH^5`iu%Omp-Hr?ck%cd88i|fYAwTEf z;Z*;enRJc>Afn!&Ia{@9Oxl^k*m_i2HG!=y_aj0p?RKn^Du>n;-l z9Ty`=yt(pYb-jbPpgOco@~mdfrcoXc475-w)hc3t1+G5&d2)M*;0UVGvq&Uixzv9i z2-m`22o+ zCVOzrwAM6z>Gjh_ROdq+DE?~9$YKk`Q+C+Aema>!g2(cXR69@pb~|WJ0f^qpu9E}H z9N{@5_QyWMN|I_jMOV>$?O+SuDFf=!TL46(?gloApwn24c`*rG@hilZfirpzK&2d9M}R;HeLu@A1fM}k zn|g4W!t6lQ`R`eLtq1l7L>@Hej#sb-Be8y~ja1*A*}=+1W=xfnMxvtDzXJmIKxt^G z&y!38SU*tv^HCg?Cgth`#UAzpMR(?j!J`>Yhx=;OWl=DQ!hV{o{czg(TOv9|fK2D) zWQEvT?TZ{C0g{OoEIbBx2hQ9P(tpQ8bAOs_2x9vznNh)v^Q7?Bi_@Cn+!CXN$c2<)lRKcW>gOKXogEAr?715Ow*F7*%1JsJl0KuH5# zxbpz4$^z-?OU-3qZK!844`b4d9&3KDfBd)XnE^D3%%?G2{5f`f+I<xHn3Qbq zwdCtw1r%<0tOlWz6>QL6eiZM-TN_;dad|>xezas;4ZLoA{2s5IU(rD#x|5vWJy<>W zu~o;>j|`x~w8px9+hoP2ulBi#SrvH<)d`?sS6>F#iYdX?;U37TaQKr`5l{(XWX?5u zVrK@(nZXnbF`Jz_v(n(y_ETb1+m;F2>5yBk(k^P?^wN~(PfvWLr)UQ3MZ1~g%n4*0 zk?7!hMDBK^CZnL-senuXOF=}U<=72=?m!7**>fGXjy}7a2Az|D9|;MK@rC7&crcY^ z?=-{#a3i4QSmw-6>n5PhgTNYPGMV2#@_`QV_tO$SNVE&|7YjHf7P<)RE}v76Db_uo zWf8ZS&p=sGlpja@z1_V5CZ0v`7N}LgzzFZuZ({I^8G@%cfU**Thsv$Gei4RI^OjrvVM^aRGiPQV6i!WPGQdbjerXM?(aPKDWm-~j)%ez*klGy6QKqTUazuuj^-YY3OB zTImAg4Q_aMU@QZnKuC?-GeYSix$}eLkkw%YUomU*5B9Zvn=d0E&XBb;S+yF9fjBa2 z{U6ba1ILDc>O#;ud7Tpfr$MhScw(OhPHTZQAC4u~Eu-?HKgT7p%^28t13i|3MQTlkG??MOjK8in* z|A09NmPHqF))|g;R_Zu+`+X8tq3NIZ=W+y8E%F(E#+|%UEnE&N|Rae zYYr5DGNI{$fB_u{1%AIGWmrG@!XSvU61LTl)MUB3fMI5Re&p_Y`xeBW$xXFF-*0i! zdv5}W-JmuyLKX-?F)Fq+ul_QkRxOJvc5xB9gF<>7EAt@p+c^=^c$k6YR%(d;^UlT%tS47G8VLTF_CQmwL#qO; z=FY2j@T+R*VSC*8+d_-!ShQ*9Aw(VZXyGBoUY@g0JhRk?Z~PeRaNb4uD7EVO)d(gu z3*^7ANgX~aM;y^JT4E47sHncT0w%C9q{n%H%8;Q)5WeEybv$TT?e&5DfE#7$3M{;- zr_r@Rk)DKAtVZFU7�}Nk8r`P^&dciDP!X)WI*CRBHnIA<@h3TiT-Knu~&M8-9^gP;c>?6cYk`s+Z1S zvtjW-$>@vVmm5fI04a{Ztf{Cn`L1M-XOVhEE4-O2DOkw+A^sal*R|y+5<`E993H_W zlQEe$V{$MV3|~K@=bYZzZU>B^s-%)`DB;xZu@7kUJLK(${JB;VUEQ4=Lvkin`Jvi? z7)yS@v*M`lyFdoVq<5=nLcRYQSWiPgc_e?Yf(hpwR<-rLt?f(re z;+z`@XHP2@C2p18o$Mz(k2~B}zwZ*_efIfN0|F>&;MB!E9X@sA7OwF9h*`T{UrDwgLf=-CCcEf%}*%wH(o5*su&lJSJ<0l$#hM29GbBeQUN{M8;OJd zodi@+>s`r{O9KX7u951NmjqxRpqIIzIE{2l=MB=G?8m^@`4pYsr}(5CR}H+kTK#Q{ z``Q?^X3_f#z{`FYbcA<{lgghlnSAWTKRX!Ek8cES`d#`dH0S{F?|l)!=GE{*IY#{? zmEZH~kIlzJMqmLQN~Fu@2(tMfY{T$(_vkIw_{xSx)NShrML7J{&y)4mVvVNvtMGg- zt+ijWso%ECtfNxPBM%;mV0!H1y`y~IYaIR{hQoXSYXtD>{DChWUco0@O1?!UxhjBM zd1zI84DpKuwSiCgLa|5j;dNqR%zdIOhH`*Bf*g!Od%KeXuNx(yuPJi%6X6~nB)if} z{4G?+E7cMeKkAuNpQ74cZ20v}vw{)|kKopRPo|*Rnd})hfVZ1$lMs&gczHxne}|u& zhXt!<_f>}4P9$gFfnCt#(02ToYInAID5ro$O{ciCWd@e6VWXoFB{B;L!UUUz!sG@z(nv4 z$S59$6+Oj!Qye;uWDg9z!!3RHhHpM!?_Rg{px1x>| zxeDxgfZ~9ASk2Dcz!Y79R@e5uV+GtSQ1dt)S5Bqs^~W;cn~JL-xInpL21NplbyUv{ zwXV35Sjdl%DoOb0FQ?-igp`rCbWH~pArvA$2prMvqa*GW32Hbzz{E?XFQ56Nf+p1+ z`6=yQX4zlme(6UL9F{kvMUmXYY|XT~{CEr&Did=;F~wG5Jfw>(jG0}`X!|D?L7y_I z5TS5zDbI_MWvhDv$gt*&0!A*7cz!G^gQGcrbRB+6lZ*py+pz@)9;*6BNZ5qQ+?l?T z;^jo*0jX_Zth&j{m@aeK6>cV$Hb%g_2JwNWWlJ2fyT^Bya8C%Cg?&H#e14 zsv$tf9Ma7=2k7j3e~GeW%xw25hCsl0Dgc6F8+ya35uXtWx4)On@l*Uxe5Il3N1SxS zg=cV+?@f`R7T40)0qH3hH5bw>MZyCT1fH4g0Wuef-KslZur7dP1c7gWUP6W6Ir)8k z+0)4HGVBPyuk_;~ZLeUvzZ7e~$i}{_ozgydE<94!P|8e5_LGO+aq|3!Gfv5b0;zpR zxoFR}AI{#W4=LXNYMZNI`osVIvqS;+j)tf1D5l&~4`{rgMD-l=bo_r$?yZ2eLBh;u zs};i^@Wa?P_J!5VLhP5q+2)-$z)!>z=I`DG{ATfQ)(%bNt(@s1k#_1Hma zX@xH-?fCsn2wy^C|Ay1J4mrrZ!QZe8J3h!E=2;!?IB{Pu@>chg)~`a|)1d%eo(i3# zNccUWD;6n26WQi{S!j}Vm&^Q|***~CY{Nr;N6$5&df%rtFamR5`RAV|9&nA|cR0D` zu&6dXzR!3t>?!onY-lQw=7I+xm3WM?809a$6vI1x^FR=b+fmVVh-Zr& zhL28iV7z}hA0V*ZbmgD_`xL{A+UCuhiMAToLM5h{7xD_oxM)sim7@p}=Hwk7;yH{ahR z_fG%>SJ_g`4Vw|To^RcQ$Szk2y8A-IA(MV3q&HCk@BDCPQREXz1+X|?9?ey6iD>x& zWFnHzZXurxYxo}U^^R|0_Kg_mcvXQ_H2|0%0Y9Lf@X80&tZHK3V+cOV*=v9;H7los zLgcQ)(?-j{zZvt1Wm(zQnn7xl7A#60{)ihF^;Qa_IJC^dt`#_`;(eaq^C$I6J%#+k z%NL`D!t}kieI*ge9N;cJrRBan4@%EFC?&I>!d91Z)~A>#;c*y1JQh;|w19GZ{yYmC zGD{ePaDzeqrM~X07Mdny9OvE$f;ysR@!R6%%8j>>V7~-l!CXr@L92IneVk`DM8SA& z!5X4zMg!(4L-m-CXqSy70VnCvNN_EM4ml;|`!4u~ENVAfp1-%AjO}N@=&Wnpv==OU z-XeZ>p7#YW%N9uHxU3#z(HFFBc3}Bq6|jR7IcaCL!#e>NM-~nwu_w(?RPIHNido~I zv=VHt?q~R8UybGIC^$5xQCNmMjeNFQmIe<_GbIAs(#HlE?EVG%m)ZKbC--$qD3*1G zqLsj>u1g_l7ycgYDpxKGzsLKFUvVdltOeKg*#_*lLQnqrN|u2!uNRy?P~d{ZSo+zf zysM+gbA8^MxY(8io{a|(M%w8GDN6}w@8Qln@MM06m->xc8TneiqA0I4L@S(_cC+4M zc)>593TF}AvMk4 zEz+1G?9A^{Ms0N0qc@o$%F1i;^CIfn>dS)+0FM?0gr4PYs3O2^FAR=U%^0@%Y8n`T z4NIZC#xVf#*U=L`0oJHahYluxzL7b?VBMnm&V$FjJ9z>6os)^G6~XETBa8Mx6<|;b z0Q-pz==5Dk|5dOAo-6-K<+rpFFM_@tCTp0kKvMq1(Fe7!1o4wl5{vs`K^`~kEXhF>@31rv}5 zH1EFY01Iy2t$C|Jo|)if1(RqxU;O&-sQq5ckkU1C?krG!by`Bv)|cJkPHG=y(xMAQ zXbJY1lEl4A(0%BVezVQydqzz7x{t=x$)fIQDo5cl^g~~kV$5Eh9qaC6lC%^?et_z2HnoY}^=jFTH}`Xbu{*Kd6*)3G^tA`TOu+Oc%@UmE(+_cq;Z8kcaOxwcNM-jq-c3_1TxWFXdbm z5(98xfvQ186(kkr(9~T4W>&imMGE2>+uOYJ3JM3{SW-E!;w=o5kV?fR0-~>Vtxo42 zTz)>$7}~qQROFQ4@zLj51<-iWF>erm`yL&r*TUt2-3S~@McSekKFA*4`?Cb8?Wu3% zJERnN!wP`Ub$q$k#+Sn~-BXAmv{HDfgxO2{oL{EQ5+AA`!vzKIs%CfnV?2-X#)aNX zq!1>LXiwN!zcaS-H`M!mQ7z3yXZ~}QRqVg6Y-;u*;sh6icQDA2QAQ;|<8+|VR(VkP zYPfe6@`PvcyeKN!exmn1f*%=_T8S=6*{9IN6QJv)4?4L9lro<%(|96o=!8NdJ{q^5 z5fbm;y*2*P_lRc$5A<1J-tqaTf$WHWg@e|=s!KDUe$9aJpmENyvArIT%9g!PgCxLQ z4*l_)u;Z?bCL9FXp*_zf(EHs4N_>Jw0o|{CMruBkKrYXOR~SD1u{J}so?r5D3mHpz zcym^y7I8k#wG6PchL^49k}ib~q8ax4+q2`rA4QWBtd^NraIeesQ33%{7_l*?SLBqOD6XafrxS^Lhy5BA_2{2-#Vj$*86v# zjddpZ@!%I+s2XglP#C%Xje8-bHS8Xo8@Y^?^(i*;Ve-i5?Ll)Fl(lT9xMqP4h_%YeH6$P= zDeGZ++X1pWl}!bD5gdR@!fvVs)?ttBgYG3TXl^zRySUYKtK<%gi%d~kqC#sQk5QA|H;@p7`NE4$ zyqy{#wBUE3W@ph*lXupAp9?O$@Mv;iEFVLXK)>i-+6d+(pv7D`$vv03y8fxH|JRLS z0#Ae8j^uNI%~#&!oy;Df(>cQ4G7%N?c-g>=!$)3NQ;L6<{y1s{jM&=Jq~!y=6Ba7Y z)cJl1HtHry=42p|*v*1Qnh^Q6Yh~+GW*B9E+&4vOKZL_J`tZXJmyYkn6T83YIL%r7 zQ>BM}oJX_C)uTvQ19Y%5=oj)%N~@s+t>&3F$>W!d&=wwl_z4oJP*kJ11rF2a->YJK zw&iK#c|wMBsb*bhYKc@!d0`;c!dg^%Sw;6t$FwH^ z5rD<&sl!l)*Wva3YSsDzkMg|lGtc(`F18`Nq=ybD0-@<^fIX-V{PU<}?*z;)`vo+M zdfzEvUQeK3p+hR+R@L8Ddh&J_>v<3;WS5G%6Jb~rdEs4LLQ|1`LPz~Aqz=5ot^_u$ zn}Q&8;qKolrWu*I*PTxQ8Yb9S$}iET$5)C#7yEMpo=dO}nJ&c-$XAJ_gl4E8K9hy! zUo1{n)#4^ZtZI?I7t5McjjBHvm!ZciIyS$aZ4C|$WOUqLJ^jPvx|%XMb5B30RRG-Fw-1fVj6T^Xey04dB1AQn(l*WCH*r?SlkySQR0z;<5`=Hh=<1az?DVVAch=h{KS1<> z_j0jReVO!%bG!t>%J*Vrf&T_37!GS73011-{_<`C|4N4FtO}n+f9+f8NMgPlp1w2V z>|$pDs2#qzc*Uii8jg1!h}miYnS|zza8q?)noEb3yy~o2*%-s9w2GP|0x_pUoH)9^ zU}hp1YFYHpPrSx&tLI1khB!v)*ytno#Qxy3^_ozXWw1Kkoedi!ZQ_dQG?ZI(cG=4Vx94Ujc>%$_zy`Yij_ z00TKeL0M+0$mC9mmw+kkG9MjzS|8ahC?^gx{gK2&+P!Q9woP;N7PRG z>IE_b3A%N&2|J)E(L(5Q`uR7lC*5BJ&`qTckV?hH}^|zKqaiw`2^L?R%KCgv14!ZR!0IpQTr6__a2TGU96puZ= z)0p`KvCQ0}HHv`mA+ari`*k&INvY}&6ZpZfBzvrj`{Lj}=Jy^x9&-=S zPj+?b5sSR25vEHd&W&2;&3z7SM|N@deSo^sy_9`h5Ll!q3(A2b^t4kl)r@WD)7^Nr zX!>Ft%qHei&&XpsrV;r7FSw7+Un@K^^I`(r@jz#9FZ(5;oNccOnW%!se7_^hn^>rb z=9X#L3ozHM4kt{Qmylv)c9~^i!mq%uuv&tGrBj+wv*0!?Y<(9o))8b9grlYtZuV79 znAa{IXcEhHJfSw1-B97PJPYg2;wWSraDj0FSfZtZY6EZHX^mB3mWK>cn*g0SvgWIj zzK1K|kwLqS!J%Q)QmL8hvViX8h-o^FA{=z^9?uDvy3IMBjjWE2I73@-{oc_GFD;bK zD|~y4peotkIqSExo)^U7Q=*v%3X;h1m_?C*(a6@LMR zNyq=5pzlJ+d~}c32Mt`DCcl}eLp21CZk23!L7K(;Z2?uEt|KT$BJ zixJNpRo4%FQ7vi&>D=eNsMA^VWwYIUl7i5=Y)<|xXmw4s9WFv9eqtyF-rpqHKXYi| z+Hd5%G(31K_nP94f{b<{%b>}h&e00LZHERM>VlP|7mm~f7oY0)|E36gy6kCNTQR^t%sT~A4lzd5dg#0Ljw~D zqshIacmk#6PCF@(0pB*yL8ZdQJD)WO>~WV)djEO=6zODSL=d&+Y;~pd`yrIu z(Lzq>7~;2G5pNS52oEoje{bVzeA?9q43v-Zn5sW9Spzzft?soChOBlAuaI(KG*sG4 z7V3)npx_@fF4)P5-Gw-{@cob;`St^K$VOaXRPy0{Dzk#OGHSe=Cy1+lzg=B7AL-*) zpGbg@-ZP0xd`<~*P$I`K zSI1tUL~ZI1dQ2_a-T=1x@Q6cok-Mzy*vT2(^^k`Pg3LnRhTdE9?2HKAs|T%n3U($E z%Yq>WV|rKcB1)heTg?xe6wnF4o0AW=erl^ceSLJPh+!kI>SKJ&5?RnhN=_AW4_oDc zGNVHOfbYq`T_Tr=-NSo!v?hwE+9i%f51SR``XK#&e(PlSV3IFWDfR zmjIho0a(_NTUcg zcxdE*+Oe>*JwtzQODs#&XhT$9iB2+$rV7(e^$ybjJMEz5dplTlVOZWZ$m(&~&nT3}0eYiXDw{F{cz7kGj5r|%Wiw}$@( z9fWRzfRg2)$)*vm=#rj;hhJoIs2^xz^<}>@)BGB%&>_19&Mq%1?EZGRLU4&Fe@UEY zy;A@K2hGMmD<~fjszlYp#6?mZV%MWR<7b-G?-BbcZ?J8E z735CQtP-$Rc3^|lDj$q`te40*oVJcK&{ST0m7S`|Q5M|4?g5k!}F9q%^#3zrk<6CkD7I=_qWbRvvuE+@rUN8VN>iqT&)6|j|E zN)IKZGrvAb13(*;CB;}G4mb)_a`8h0uJN5!4U$P4s1LRQ&zdG>h|wP41r`gOsi1Y> z4blRd*R+v?0vS-Q2c{sL$h8CYG{*Kstl%Kuf3rG^D-4b^+B<$&)AJ1 z#7I@hGbo~{(Y#k89HYM6dvX8b^2$ZTM>H1B%SaoSrXxFFMLIoin=G)=sjxm@o!@w+ z=`!N5tPRK1xqvgY``=%Ej=}j^BA^DoWg+4h6LPfz_$k$ z+KH26{RxHJPs&9;2zL~pE)FcemgnTJBG)Dr+5YvcB@`cV%V z>*}GFi~PxSF&Wn(Q1OJ`J(@}uxbDD7-|06XlxQe|(N`&ZQP*K0R5G4K5)*AbuS!}e zehlSKG9nj^fBfvLrOfFHWshvhZ_~{y$OX^0xfftUm+PsrxG0=4dZ#QhB?kJu@1?O% zO`#cd9Ci;%YV{GzQs|mWiXy3YiI8Bg@O7kG#2{rCFB~LQI%$GzNjmU=5eg{PoUi^k zEuidf{^Y5CIo^xKAX5tniyoNi>{av(btcAQ=b1pQM)I?;^e`~J5MKJ5>qrbU9C#UwfdTvLl~J;^hy{ zskl+m7v6ya;_K`A7i5iJ)F4p=?#jLV2=|hAha&JZ;+FdhGugEB;d27vEFVCz!YDz# z7ETVIzRIE@+MV0C&j*}X%%Zx! z=AdoMYTr5}(q#j!kW>5?9t6RAfOn$hOlnbOpzD_LItE}h6pESOBt$GxX}uBJ`q?IL zUl5Hh=sHi1E)r+jYrfHE380l+Sfef6ic`F$uB~>b=0;iW)yQv!V+{i28~A%AsHB>I zpKS^23{fq50TwUFLjh?huQmF5;8!+_c%6~5xvTS*Oc3UB z^;>0EAp8m2I{MX>9PmIzfs1PJcmBw&fBowuS`J zPWPN2Y?heJJvRN4+Pw#j@eSYvN-CK{AFpV_?pi4t&0p^&jB$5?W*YK=ja4^7L)N zH2?W<1`>#~y%q6`)nG|Bb)T17ZhsL2V}erL0j{oc9EK_{n8~#KErd*UHQ-?vmYpix zT7Ca!;N-nU%9qhz|IlVZgat3<=gh6=)V!7bcc0*;o){21xSrUBvV{@Hv zpR)wc+TAd`Un~(9GQUA(*ZB(G$6%)~X5GuXFscFpDmeE-?Pcl^Ya8f8hp?eAe(M{2 z`1)@j#gAlYbd!M178ntNWsw%@5a?B~)SEAP#5>r~!28km0yvesZdRllLtrc1P{d2=J(;_=12d4J%@? zyqAGI7v6F!_qeq!c_9MNfEWDog2pvxJf5l9ZlX&s{Ij+S1>nzUSTf8f8KROpeI&Bo zy@g#3|K*Z0mn;Xcm_7++g1MlKOkO+z;xj*oudas&QU=)L@LOQ>4Eg1u(#1=4_I*a7 zxE&yMELZELyWyP^sb1WmXh;ISwpaAGO--tVT7oZZjx!QYUwZjdkk|Rsz2|@f8&%_1 z{@k?_Xc4o|{6qM^J-pW|OL|9Om86)bei3X#ob~`Bd>d<;kpxy<3pCNd8M5Nds5mv^ zH*oe}!}tq9hHu{`%vI?RBE|qF4S>mz!U5|99xN>=7jE(FXsR(G*8%+M-~_$~mTus% zME;ugv5mEOuQQ~*Kw@M3)gUKuqx(*82|O}hmp6$O>j%1SHon_s#D)i50ZaG1q2iis z$%A2^&vI?B8P$eap47XDL%r!96ot_OST&8c-}X9Yy*|(Uq@g+7Ytk{WJ2o1n%*nPcwO&6^5{2g!G;s7lX>;d%- zhIlZBpXL|H=RZI_aH@RhMcXuYaV_#jJi} z6*JzKUgo0;L0&vF{qgO*)D!gA-mIxI$>(Vg!-7%ItYcn-a>BZP1|8<--+`|2KnLU! zzh?%EOkao_pkfV8#zANfG^=Ye=~U7-%HNYLyBerv>GJ{}+P>3q76T`+4^nk+e?hUl zAN>Q%`Ypv%-7spN~q{UjG{$3{eBopxVxMF1OD)nt9nZMzp5Z#A&C z{0uCHsvOx)rTTuEI!08doT(F(Z-&`?Vo#iX+UpN(bfD|Xc`buJzVoEA1p9%qo(OQW zJM}S4aMk4I-E$cnH&cRxC6&KAO_HGYEOKrk`U$LmtuLtYhgEhdD9sEuf_+~GnX`qY?4^ACI zLDMTRA}0ce0zXM%97DxzB%ax)FrZ2reUl33M-V2aj=328<9pOh3E=LmAt0kWmprZ% zrv*&_U&gDna^hWd#m{sKxD02PMePPc)*uqv@5(%4(~y1+l-t0>HBF)GqNuY>K4C`& zO5Fp!g1U008TX`8lRNdw4O(gC)joRTU6l2s0|4O+&)#NqD0gFJZNN7axWMp3*v$dbmG1{1H$|7o^+lCY>5Fs8Y919sfhk-*jB^mP;_48W- z@hC@Tp5v2G~E7R*BYl`txlKTg|x;fN% zPOofLrx)EutlNb0s*UJNDcCau7>E6J0~P8P%r=i8s4mUeL(1gy>V4vO&OWtT!|N7* zlr{~V-|PWBR*Ui#cX|zrHdFpKPq2~jes&{mO)8*PcmUib0(TJ`y8Pd_;So*(tT7oZ zY_lr3w{rnQnnFyfudqN0s#EVpOe^(o@a;h$({iQ5t(9zh=^zr1!)TT~w$~%WEO*~Z zknWw!dW?f7^(QOi#Lb>ORCA!b3qn_)bjA7XC=22gH$>?N3HBxc1?^l6Q8>V!Gvb*j zi9fUswBSNlEZ$!s7qQN{?{Sc#u?b>^WMWyh?z`!fA?I7R`Y%`-0Q}0*j^a)7muX(3 zxdJ&K;Kua#Mau&ce4Zb1DS_?yxig^Y5$YLj8rgQ`FYBp;zCmV!{_p2-MRkX@?I3#( z+Tq#p+2G~(*yx%t;2SWmJU&l+NtzNgq``PJc^R}ENa+VQiqi!g0WiTs4N%GWWbb#L zg_rhzo$K#29qP&uy~OL5{?mT7+phi(hTX!-ze;>q*nT!fxjiw{JJbn(cB)%eR%$3D zc(*^qYoj${FxHzB1inaRZR^XU2 z&3LzR2wXCMgvf(<*_*hCq91^x96dOsoh zNHwj~8htfL4p)7IC!_^^b~PGZ?{!uHW;B82Zrf1in?wQ4(~NO~^Bxeso`>>alZ!fG z_IQ3rpXPl^cg}Q@sRups31xGtx0oDV6V!n z)56snmL1yNjzu`oaOe5TTW%SkkgW2~280a_d`Y-Yb&(YW=tzV3Y9d`)WhS`00wSYf zu|_UU;^hJ-Jbo7BCh8uj3XMYZ^BV`sa$|R8VHD+Z_JntkjYP( z0cHPgl5K&#HJlfG9Qts3?e!#9_`L+OzZGzxSL=GcT*fj09i0lajW2g&!1$(jEu*1` zDC4lMlg8ot)pInos45>i@94%C>M=xDG8p0do%Uu`sIxX5VeH+#_&*gW2t40Y2S$V; zGAA<_q=MB89Ww7^+TJ$cSqQNGIF6y!IWw$#Re3?07(g=+Q-Y!H1LV_R2%xm~HGL_= z7)HDaaBR8a7xUSiw>Em=II>9Oev+#1Cd&p%x*JVwd9S5nvZftWIvMJCw z1ICxG&ASbnI+hH+vGC&RNkqR|j1HD}9>?$m!6lm7h{E{B&(&u8Heh-m}Ia^5yI7Qq8e<1 zoVG@jJGJwl1U`J}VgUo70dsJs{~>od;OLjsHI{QWHWAQG38>VJbu|_B z4(xGw<2N1KBLO2hRw%;-=!_v_K+)Xija-9$5wL=4_kw-o^@*Eq#jI=R@2z#VJ3694 z0->KNJ9pxrOxZn3{dT2^q%$cd`v3(?v%VORYegVhVhg`&FC8?hxTa*8pMsixOX~P8 zS>Xag-#A9dKKGXx@h^Nhf$LG1WNn;9t6@J%+ zhX^e6&P4LUa+ajsO5<6J(|7O6*hf>`O;JNa`45;Hx{rn z4awVM2|kITnEl!Mz?@fxBFIb|jMkwOw&-nimh;23z!=v}iyAr@?&hDXGhGJ1^zE3+ z0444`HA#>^(gABg%SVsFqujRMBe6^(`T%)J7(b^AaK`LlRvfcbrayP^W4sX!A_J~$ ztbJ>F@IW7ax0LgeS_#lYlz?L{|f) z+j%_zMfVCap$^tsoNDSUMQHwcE~+>Dfq;dVx{nFK)bkM}xu7%1>@5KFO!7|*Y-Uyy zzTkJ!M>l4I*fCE@HC{lbfn@#8LHtx@i|2In4EgDCDqq;;jbI8)WPnlx14q55TkYXv zN?({SS_2A>;~{lRq75;QWy=dLApM|{oi*e%-8GY$ER9P_EjE$jrVA-rt6L1*p{=JEfVJEJzI`!yFdj&ljt3m+J|oD*rIcdJuCh=yjhCyY z8-!!-irf6?fJTC$j6%Nb$EtSln4YhFA8iwDFL6b`mOmLTZ!*lu0{t{HDl|8r%{}gz zR@B3wjv(IgUwk4H_&`ZdCwacZ@iojLJh6O(u|JT%QqVhY7&he+k3k%*O*RbNaD@~# zHIafAR*rHJXj89dL{AWarC1h#sKe2M@YD=&-6e5PLvj3sfX2H^UqOFQQBRiCp1I$C z1&Jx3KFr%J{?j8;O*&{^UGRux$@TmU0J?W~jucs@Kv57Pztn;}87>ERFqpN&g|cH6 z83Xzl8vNIl-!0w0)f_)|V<}I!RX|XAAffr{!RuqSilXsn=?Tc_7iM3Em2t zNZe=T-B^++ImeI7w-~N25fGH|Q{MyS|FT!3wJezD;+Y3XT0OorZ`Fgdu5opLcm+Lg zA1{4?|H(*24-sA_=q2M`hmurdJ|SmbS!hGn39U78S)Ux6QD$q72Ec7RVF;eypU<38 zV)xzP3OHtg^dNmp{<&9oNkKW#qAqu3h;`_;o?w5i^4Xa{SwmU|5hINkK{(jml$YYi z;OW`AdUPTl;1WL5hX9BYD!o^cSpqXlZu&H!KE;++inVdhnxLSXlW4FQU(qm@X<-Lh zWm*I*a;a0^J51=5DU&AU#J9&+0zf`|%-sj1E@y9GBc{AvQvgqv2xy6*r3W^8O&s{p zl;xvb3%mCc|Ef}YfIej3DAHXQ{i#$7$Xc+$2B!cEdaYwpa;7`2e_C-lxe(tw{0k6l zQj7}Ukq!-K;!22y1~ZD^IX$qT3SjNfU1;wf;E_V<{*V-}$3t)Om$AUv{k8b`wMsXt zj%~=eg8k~P@-dJC88I0`)ti9>lC#_%yn~rEyk$+DADC1@jr)3Zk8zbL88M#A*2fxh z*h9N7ml34P8?T@MtpYl-j>kVs;SJtwy0fDky7*i=zSH0u@nGr)1{KaXeIMQZbyV+= zqXwW)piC@i$ba4AWeihtuQk&8D(T-j%TrMzZc0)RcX+vF+L8|Nt%Jfx@MBTTH8vEK zOBnpTD8SGy$6dBIC%LBHuQ<2edy#-2GYy8t&GabmX|Wv}Jq4}@yt0^)GO=dny3?8B zo(drRLAyZ17DDHfQRszZE&gluKl8RPG$q2pGXK_s@60_G)bH8>ptazQ1PAy!yn@k+ zk#Wpx$}ba7oGYue`iYjPg&24<4E#G5;{iVFk1{K2_B6kBs^HURrhr&ZSgBc zw7?-A^Ps2`ihT$yjdNIEryn%)Sdpejf+$UPO z=`e53fM4%uN*=?b>1cHXB}>cvI6}Y8HE93dH;d#9{`U=h#bJ!Tyy%fq?)6n!$v6@b z9DrvWG|*)?4fB|5vTWS+WSz=!!VOS1Kprs_J|>Vj)ak}CCCUoRC-?^B;(VVOjw&$< zN3$C6`7G8HD&-(emZ?_aVX*OAcf3d=(*?;FVLRD7fbmZn3Y|}r2IUa=lMDvxvmGhe zrbWU$z28&uj(&*z)f_(0q(eEp&{_#cYLhsu-oMnZxcqgp~tp{KX zEb`<+DgIQ%;6~IF1}G#>FI4?9(A;K0m4E$3&*EW;>7Zxs6Ut&)mPK#T%yHwvVEziF zkfOvOh3EB4D?riiMM_2@z(UA7=7xSqcANbl24u+}DY0n+yAuA=0d-4|z?Vjrz57Aq zs{c`6N(ku6`Ji9k3UgZ0L~!JVD+Vnavg=atYOp`b#XJp^82v!Z?eN!VvT?Dnt=T7A z8p#F+%gOZ-Chlumize)z?9ILwBmT6oE5G6_RS~lOY zgD<|_IR)MR<=bb9_6q|1E8E%YTxmc{6JFV3NitP@;VD60L0bhhi6Wl2_5Fu3X>BhO z5dd(!o4!zXMExfT5*qU^mL5bcJ3<{I#-0~+HCX^qCPbh6$?{Zb5Totq@;xoon0iKu zSMjv|x>GKn{V=5vhcu=RIBJF_!*PDSei4Bt^`+wZ;TDvLD1)G2fx>_wZ~jBS5lXZk zkUIN}G5wGUz4RA60viPqrfUIK8)|r~2XapzOYHJqTrr^WOwRIaK(BHHjQtOLjS~O!vSMKXN&N&O9V{vUhPk(FA#6ME zP4d1%-^`yn{}jy^JfwgQZ#mp+l1w&WKcKbcYQ%!CNBk^U$m9c1~? z0bAmEzo|;q zG%I*0sy~H2J9%tygJ6u+;r!1>Z>|lSQZeO3vvC#axecVakU*>enF~+LHFH8=m$If9 zD)>~KBrd}afP#Px_G5wWhBKgo4b;!qlZ{$SJ7256*PzY|boUqmaVlA;I|L4d$38Snt1HgB=U2rTah^{j@x1|ujmlrm<1f(52I{0VqHkD&MWIfHVIpB7y1f7!lpX&zJ= zk9$#{x~N()5Se}HX@tFQc#SG0u0;yS@5n0KRwpEE@0F{JPn0o%{QoPt&QLc_zQ6wr zc41dy*v1yl+#pJTluURqd4xlQcCm$iVEOORZgnCLq*Yy*j64sixstel+lU{MLDp_Z z#*ZM6Cc04J)!(9-AO_JojpUs=^pwDFG4{g20F!V4iTgRw+MJU6@T3Pm9y!^AU=Kb* z#wl{3xI4;ykU*~)J_vgP@DWW+cK~Yw2T<4zaCDP z)o_#jouu(ge=&p#vixOQgcJhE8)E=3R1m%HCv+F%Yg1!ysJP!rZQ{c@j1 z6Hs$cg(Me+QuxIoY_lco3%)`sCsUWkAD)4OAWff~`fLn(*n{9}eOGBH@Wh1!7a-RB zR%S~Zc~C6HYf#gUr;>V!$&+jpmGQ}!tOhS33mHKEQS#4p1aLG~nPnq2E{i*MfC`Xg zd`u9ChvR8Ec-Z@hiT8Q@`GKNFY<~#i>pzp&{e5tN{USj$5NheJ3EtW!O3QC2 z{(?r5-f0{gG}3*99d92sLfep=qBf{M!$W)v(0=5H9s{2L_0A8*XVW86(rnbPxZbR9 zD)Fq?t{Ug@R+iSk40v?^NIJ7F$Ji(e|0RUrGKeXNh!}E*7=xH4etmD%YxUP(byX@O zuk)U>_p{%u0ylm)6qwSE>*a{&I6rKLy@jKyiHLAnhg7uVcW~8S4d-RVEEe$Q^U?QN zpC_fiIF=yWOtwzd2k^&zcYw{8%;hD@LS$r~q`owNIzL^__@>Kl?v#g4?>!2pdG@(4 ztdc-*#oKzezn0A&DM(LAvOEx%N3E&b$Jj7E%xT}#6Qp{%^z#q6) z*|d1%_}J`gw)_|>ek;trZhv~zhNAMshz$UE?aCLCNq+(W*|zfz9k13?~14NbGNV7_$A3BZ#fqcRl?q`wGi{%<1&0DUKFjf;ZERXiF9ajAdWOHB? z{&BeN9Un|O$N>Mp2itY#z45ihxM&Lw1e_BWpw%mUuA+FOQJ?olyq7xWOK}XW$`6rh zj*{&TM{d*h-EhTX5$n*6z7fKM?)+p3&J}NJbLRhK2SM`$fp^)4x1IJTcBsRtpLq@b zDEWo}l|#HtI!*o^q`0$d9#ve85^u_nr_*P%D)p(7YsV|WALFb~2p&qFaxF?og2`D( z>GNIzpJ0j~1DBvyXwmDe_m*N|+pT}nhHx4mZxiLSlf3`L;`KH3`s=0HKQLZ``FyN$ zOmo*qQk1g~c8~1rJJTWOQd1nFA{bnQ`h2!QNu4lSlS*?KS<(pKmETw|P99 z{?mDhD1kNkR}JVV2)B;|5msRjAFUKWC$visSL{hY1jXLDcQ*;Pd)3+WIQ>w*>_<5B zLlOuPR(L(gf&AtEbi8@RVz*g$*}KPcskOnR0?&E2-%6&D;s(BjD$6rkB1rQrAWpqaw?Eg)gd(H^n{xrX7t zv?EBQ4GtB!7*G2J2C+=Yl=E@^2xAmF!ib=s<5dzfS(l!j0rp?je#j80;*}7Z(WkWi zyr4QKoSNV3T$CG}&*{;^)WD1__TF&P^jnkLozdtpnCQRe@>7yY3MHY;eQ#no(?)gq z8F+MD?_QrSj>K^&)sc!3X0F{9+<$q6#sCWBPfPsf@j)G>yEW^p-H^!zl#Rza6#Hj6 zUp(nWj^EIss-g-x1Rw41x1gTl)@5IhzsmnxbC>C9(g1}n4scnx!L*r1azlSx6AMaT z&~>Q0`#bx#VHzJx)LC-=z9VbMzFm_C(ixnUwwy!M9C6)=^?Lw;6K>;Pt$^CM)U$+$ z8xQyUyD$Y#Kl$*;z^yxd{ljR`#E-|=N+57Xy_HS0E#mW)?81t=l$s$z`KdP?>Vl|0 z(oZqDWBq(F(Jz$K_B|ar*)mO!~e$2`-ZssW?&@;WIBVdCc7gSpqFF^%}9cKLi33xI>{ytR6# zp8^xCUKnt5yWpXgdwBk(yBB18{prowzN?(Z5tzB%!#lhWNEoHz_9mGcOOMcwmyJ!c z)#u_nB476laxXSxK0msHvXvV1^|)>>?cS8Sios zyWiWlg%3wY%oq2;k|)rg*Qp}Y8w-lB-=7z}`!e4jtDmP#zwC&*0yj!>F-S!O%kOVW zlGCXgNaV}oU#$5m^~U-hob&6@8>2&}`!S%~dfge~P&D(_G5Ho~4Z@-oW^xiZ22)Nu z)0l3V9(%5~#JDY{a@~s;L^p0o*X*X?`5^h4@}OV~1*3aHIlerkdxBKJ>y>MTv-(MA zs#}Wpo4C`*eX%$5jG&g!W1*l8-M?|z#U&yiJhc>B;_ruVn+T2-kEdSWpxes9M-M8w z(j1XhueM4L4Hn#tvG?*3MYTJuouUpMeX7+k z13gAdt7`=JBIVjhmg8owp6Wh&_ovR&+wq-?g$e56|I0VfW{Kb%8C7bci(`Vu? zRPgLBb=wePtiS4YKOfgx+>=MHw&tkK?Z(DexZPbSkwansSFX%46e*c9h z9HcTQA>8CzdXLuUrOKg@v`1r!TJBf@C#vjgy-1a7(79; zcy>9@he-`>jzhNng#BKS)u&7-XBxlkDFqTBeKbL8vD&3i!CFn&3Gi23H zZz}h!x-Td=2?E#bV|HM{8>_(qFxrN0gSYZL)naf@66Uz3h>!F~vj!-*sjDN>TchiI zEv0xr{=c);pK8(@D9GyztGi+MBpV%FCIP;HxtLKpnf|=#Y+(BE+cT1oJ-|4;h16cJ zq0PZ1U+c5Y2rFngC#~k>St9u^w2Wi-ECURjiZ2Vj`L8d>CaQ3Fp|wTN!U^hmh!f}F zI6fClCeO9t=6omdU9pJ2SM&2;#|QsG%^>%Um{yP150(}4HjuASibU+*+>%9xq$W zOxOY$2-ND}%}S)kaw&L{?Rwc?3%~C&jc>SzyvQ*>eX_=Ms^GYJ)d;?Idk&AoVR<%# zwlUrNtp*}#+B$V2^-^|6&}kUyIOYnl_u~Z439_8E=3omw6JR4CBbx#ado7GE-9E+|Ml?=kzv7-dLASc zX)^9$drO$c{UWlrHUx0)99))oaVH)Dz0|hp%o)rs+)fFP{k0>-hQt1h_$9`PFy$Lz z>)!nmGSPf6>WFm~vo%i?<4rgJphkR5ZRP@xWr4)miU*=42_ZWt|I|h^b` z{e+XKBYh}pWyIGTDAgvlv>!tcP5!50MJxk(4_#&WhC3W@ z;ZCCv=pz(%{GwZynQ&@oh}Ty6*)8+PN%JAD66cnMx)=T&vK}uhTKQS6Al=q?KW%du zs>;No8hg&?UEU4?5|XVSU4JSuEb`p^-org0U4BQG+knk(B3saal{dVYQ&BG|xR28S zuL-rh$WI*+hO?fbi9GUmPZm%Yb=DtzD_*i_F8bqi(7>ZN@*t7UK13vs@CCfs8KP4J z@FB!OQQXJuNidPG-6KVVpKS<(uhsG-Ghp%rPw)=u+lXB&bFV6ZSx+}X!Fxa$0WVW= zO_GTjL7znE{nF0aA^p#DgJ9}wBX18ketH}}z5Bz!=K*Yuxb0(pK~2jt>`^g3zvsr4&0Nr)u-4e` z`gl&dEb6X_#onOnEBK*A@z>pht4Vgh@JO^rk?}v0FdYdiGAGP>^1Yqi9w@d#%ER}8Sd-$5$kh=&EiT${Na6KByA-g-V@%r2z^`kqVKY%;_07dmam#;o) zDYqE)TUvp6>rFZ-;Y{Ki9_EPT6QAr?m zz+j!Hk1O$tIm|c2X()3Kzp6YEN~iqeo`GrT15+P`W3?3)iYl6OWs) zaAeTCuJ673{k+PZuhvu2EG)+aa#k-Mfa1>H>Gk<#&tWKSK)B-Q*l+r}llf+<#``Eq zC^S5+qF}(p58l{e?$xxGUia(7+K<9_ig#DuuF}Yn0znXyG z1IVLhHBW_D{19GlPiR1<_ItlGm){o9NbnI%Y4Q*`rP?Lwx&5e?j@fC8D8R#s;T}JJWp}m=z)n{iL^0}P@7J%~#YpIPeu>m`;QPKw`pZv{ zUR}LxWAu1Et`+F!`Y{QV2vM=M1m>k!`O@>4AUgnH=;XJS^Qy-uk|YTqF@Ac4mRV@6 zq>vQ}jAV;)fLM}wwy~y4VPxGYLns5CCfJP^Hux;=4xTE82lRN%hSl{G;S1r;r9*NJ z$!4X(I;=_-`XdV#<8;!^!=3+2b-Yl%HzoRW7V=}bb*1NK6$5bNFE;I)iYGDP2+SDyJNt5oCx+2QKmFsZ^rQW<=5fsykT-rwC96=J|3}Sd`RRDu2e(j(X)0IRuP#A zW6cjNUwyVe7(MSzn<_ZtN!*sxy7+a@I6K%v5TbYaw@AQTbd2wsJx7E4v-o3rRcov2 zL65nFX!WtIDXsnPDpPi2PVEsA$f|-K=a4G$fS5%%c@TV!N>>qZbKTl4`}J0^PRQ@>!`n>y@8qP?wRr7D3%&pS zeUUDc__+z*-FUBW+sr6GeqwvL_T^-f@iN0kScX^au-PnJ&T(_3;J8#@$#$Z223l2p1U zJ`Q0#-09Yp?LCslI=OA4tF7bS5kBt46#zBV0kHn{`#KQCkPXe05z`MxgjIG3&YD^G zw4s2{3D??}*X|OjcqxJe=3;fq0jWn6M)S1rbR6f-7xQCk&_cyajW|1rHQv(FLQU4z zYI$2fztN~=0Y&07)ID?d%)q7DH`uevc#$P?K{1f&v#Vg+j6X{x(WygixB1XP^Y>W4 zb&zR4Q|9W$w)Yj~FU-LVvf)Cr_Hl3h#6RbIooz6Ak^j)U>f4JML%MkS3J*VijvzQ& zC89Jg`U>l$&5K{x1=K`?~Fo zQ$StC5B-a5tna5`nxsN2?dwfBfCuo|bvej_52mG54u|;fLOo?sIRo3Ym-tWW6Ps_y ztUW9Jf=0l@C zBf`ZX2*Av5p+4T*^bQFE@|2dW-q*dSapC9S2C0qewV9ePmvhv{+tG5z&Tvk{dd0CT zk1SxiFRNBV@k?kkesg`^e}~+f%lHh0e=MOZIzF@R@pahy2c=F+e76=lJHkDtsYfGS z^GWc5`VPvZ2n?Ef>M<5Qy}tf&I?tnLi$S)ZfYY03F2U3qBC<^aHX&=B!0%j=7af(RVYy&;Lw)S0*)PnNjv%BoXM%g(jQ4-3?b zz)`(#pPPu_7~VH~F7?=V{q(lO)5#4m?8K#N#b-3csmVYgi>UOyE`JvT5}m2s2f(o0 zkMbqX-%tw#2c3TnuG~AdJPqA?pn6PCOk@o8n}dg$Gr|)gM9Nw_Ev(<_2G}9 zz)VH}#&Jr1Guayv?z;Y-284vd^INg|wmVqltkREH5AwI7Z)t7+3i!)y5`3E}7zCgt?S{Lrajy7@Kk_6w9 zF-f?_NAc1Z8#Z)m>$WQ!!70J_m76KcwmgAn1FkiO`y*kd+}@i*B@*?>6dAe!N*|eA zf(bnNGa{v>_@~Qw|G;OcvZQSH#SD(qjiqPPcah%UI|t|Wu6H16VG$!dv-2T9^BZ?_ zaC!qA!GV0p{qqgFW)tbC#|2guH@8&pClKpH0(@vSR_Nh&sLo)tP8XqmOw3hL!7s>u zOPz1WTpr>~=WfX+vHL1F`3wHeATXLUc` zIcdA^f?1)3YI8oqrG?j+!U8UCJB5zG@^iqKPRszs^li`yMDNn$-vX1G*XjUFU4g z4-a;}e4G4ZW|zhW&`%5JQ~h)zQ&he*TM5PMi+EL= zbFR~i?LGB-iD0YRUvz4)mbfC4o1>k*F8IOs)*cHXbTR0~zf-&HP*kykOGO^tT1hY{ zYhfk>cnb^dNY`hGO9}k){Q>O_oz-6Zh4T*%{ zjYiquq^sN`u4Lb$GuEI&PMasY-OIT2(G&8=65!>=svJ0Wai`Cm^!#$WAW@K?$Bn;J zpJ(!*KGiS4XL$610aM-Cv|{Qq7-{%b*kMifW+^6D2lFE?Zirq!um9!RiI1!^4xhy_ z3-@h%Z$}vu;WL7zhf9_W+m0+t+bS>>VKudTh6x#I-<5wOpkl!f$JBE4^F1Dp+TVwK zdPWRntBC7lL1a|=V$$JYJwB}fZC{jp+s{VsXL2pv2TzhlnMDF(ATuLuJC!X?;Hd(4 z>krty{~#dy^zOx_uERn6hQLXb^yhd4pvGLHBDbs8QBoNGUH%T0)beK|SHECH>%TYm zv5xmwpFh8c^h;lB1^)fsBnc#&U&72k`~oLkid$oT_%$d<#I3?EP&gRW***J=dKAHl zeH*KO?7CnZB9BjB!Tol?#eV(LG)`@K+uxbQ+E4DQ`Pw$TOVb9sPOS~jLsD+sK-ZA> zwk8~PWh1h=J-5?BgXOa!DC}AAVyKbzzRA2c2B-VL^;g(|e81qh8)9pJ@NV^?=>p9FNgT{^e6!xyi#UCskwg0gHZK?xCk*7FyYW($db57Q*a^V>D7N0yIwWI zVTSt0E;I2w)>)2yfz1D13hWlTiEzUDfcy3wZLdd9Vilm>I%A=gb5f)-T63eU?XWxN z)*JOVDrFJA^Fo?6{{bl+w?n4vrv5G;;URkZzF>20*|QW$5iL%on?cqrXcCQctU)Er zc!RT%_%MJ5H*}{bJ>d!>8DAW)E}-cb*={l*hexpm<(=SL2ChneJQ^4`Wxq-(A)Xne?-cz1X$@g z1$F?})W2je>hDhfdO_smflGhHHw^!`FYzQlQdfy*OnlACUMTLk2K@Lh_W0TyA;3Q@ zov}Z4f;pm-|6=X~ylb~&5${y zkoV77cHP%+F&Aj)TE23fqy91&<@~+Ig8!82Wbe3VcG*Px8#xBz6OFL7X~GFnEbUC2 zr60h{oHFb-;uMxqAxRLG?=D3-r&QoF?GHlQpI1ZIv*-F&kSSo&&f^>V4mOSfI%gGP zH%@1-bxX8(XmhKv9VK%%_{hqk+*)T!1>*D+FaUNJp@AUS6^y$ZXf|1Ac$7FT3QoMe zJ=c<$@%b=dEE&y{86K`JMp&xiA=;_i&#rb$&8o>-i)x-qgZ$k4&>|m1!P+6Wv&A9R znzWIo+^_X|zc@!>-=Oy~zp4^VKkxeyagD>1p^=aGk@a3TopS}@O1xyWe_xDxc>0!3 z3aG$v%YFBw31t;|`^hww)R2zC8)B{L56La)hZMvE1lkwWZhG z&!hMLfI9!hh8>;{<%qEuSXJ|LMIbQ84AzwKho`0znmtIqlw5@rL1V(Q-J8*9T$1~X z%S$h(`{$(0BXL)yg#M=4-~~D185&X*5Ea&nIHUwl%ol9IjwCx!6Uc7SrFua((TWI< z-(QUS5f*1TTxG&z&X4`fxwgwshODn%u9oUO4j8a}5bd_|&;6sKdc?pVFy$b|NGfbu zUO4&mpxBO1{9r~~ACF0<`WYj97~wvRZ4fQ18V_fn?yP;)_KSg&vfrCT=RLb`aMV_O zg{S7GiFV?`)}dLSs5(1qG^VHmSBn>~*ZUoOa%FAz8s_kr&mG>OAJNu`^qu!zBhT!| zu*!r#e}RhSq^~TP-bjf{u99^341&DhLQFoNXWKF5=~hR|iyYnu8}VDHEaeb=k%oE$ zsG2@`1V(69v5fJ10qbhnX9BblFG@^u&H0)!CPSUj!vFQMO$#=H=viS7+VfDjmSAs% z8-7C2<3$C}$Sw^$F&Q(kG{bF^KIvlheR$$$-~?8uG`)|i>>k#ie|bJ%{lgD=A3y6L zpuxc*h~^zj4o|!zDxVblp-@Y{hTXeaGk_v?(4H`FAeEDeVI~E2fW-Yf_{&0ti8)b) z7S9d#L1%1KLYL!N`%1Mc%a z{3!x@)%EQDsB`RwVYWxcW;lD#NN6^B3nZahiqrA_#RG)RkRX)+vi%`&0)S}1x4yt$ zd_>LYJI?cE*bhetJ7`Txz7}t~Rcu zO0S|)#3Wf8c?ThFHO%-UHW-urv7AO*wxK@c!dKnqshu>w&HEQgJ>Ab2Rpggtn0>zi z{%EAPR={6{H(r6j0KUVQr;=^g(LK1lyF!s>#b|DC2mCmpsdaUGxogTh)ib$czOCxcUG~$Q<)H%pU}fzBJgizD_IXhOoB_FuDa>8DD9} z*6_#&?>qybrNS;(ILre_*`#EKivZPp`F(IfLD(!uyv7Fn0cXpdiOi%ad4-?3qKdVS zJh^t0gXi-`c3tfRYH4Gv@7{WpNOhFV&AvT`AKfAwj+654PI#r!U{GwR?}zpN`spu> zi|4zEKVkI?(*_2YcV|okCr_u1Vel$0vZiJ}w=X+i<`?Oa@~tKYZ=UR6VC9TF)870%prZhhCm8tc0YBWWG{!7YDw2l(XyH0bLrjV*A98;4Ce%2;m_M`E7G5w zN6Ms^*9q<6zi8-12*~dk9;acW6#tJFJTxE$Pq2YC0pOgyma|vr4L@?M7ko!S;L~K! zF})~}?GQK{%-^YKMK8(GQ1@6`S#BVJ0YPhV0%t4-R%mIzX5I`8z=qJsr#c^A3rNaD@c|0bDT^>C*muDu58|upK<6m9PRO4e90gFcXZV~(xSSkY zTIphh&w(?}tB7|@P)3fJjzC&7_uB3*FSTVqT(Gu)o4H6)W=~6H!Ww_-RtEtIXZEp;wR#TMahAQrev!2T+YbFj zs*^zr&6huE*Ts9=s}-*xGtBT^pxa#E!*A{7lKMQ~mq)Zk-nN&;#Hsk5u6fIG?X;Ke zwfjU)3G)eMHBhNLk&^*gr3tWuaI;zTEC>6Mgg=g~PC;1x-PbJJ7J&#&_C>Q2;YcJu4;+KP1Xm$_Fa#h3Z;7&w(pxzU?nu! z@*p6+Qq;Zs%f6QK$D(hV)9N_bnM_ztpSNQ?XX((9U=V!B=m2=`d>KB>k$)@+I=*-t z$kJf2eff#!O24h!UUguH;ds2fnoNAX2U>t{#SiMDo!`9wYpL42Kakb1eJAo)HTlm>zLruD@}=hP-^H zYxbHGv*^#|;M)=26Xp~n5CxA8}6|`*GYT#gRC~9h(M7l zd%>(KEn;}kIsi8JrIdz43+Ua2I!4`+?=LvGJ6N4?%0Hyr`M6(=Pkb{l;(OJdeot){ zkcJDrx)E4U=uPMFHT%quy@ol=&;C1=`QmUQ-Sn}P?Jp;>BAs4zH?AEyFqvzekVGvT zB?N(P49lr`ovi1E)|=WR!J_nE)O5z+enKZJ-P`xq=e}nzqj51! z-ickM`z2Vz>zwW5l$HpqZd}1ss*^5A9r9$l7#juCKuG7l&i)`1Mu-fK9RDcOH}99; zk2rdpq@PIDaZ?9eas++5xO55ZN$6yIi%Ds4Uje4n=w3!ug+ntWoF+sLTB>NIW z*?25kgSV;s_D|V3_Jr{O?u<26;ZtllyG~d7XdmDWnu~QrE=#rSvgmR}*EO>=oY|S`lqR z<2j<(zRX7YD(*x8KPaBrzU0`N*c@W0oL*N#T0N1yPPhQcG<&3u`Rc|r>D?aC#kFM| z`EXyczi7tKC1)Hy;{x~VI4k%pTdLD>dI)q|)_aL0G+G{i_m8Is^5%yS%yNUvKRa_` zc@l)G%lhbY2p6WkX!o8XbGy+R<IKpw;>+Y@i+$UT zRPyZLLG<>S23M~~MmQmTq6hM1q|-HOuaGOBCH3NIOQb+1_D>2O{Gu5;62 z-4CYM|{lPimX8?vE}UXt{?DJrDfl{TS1jDypbUE+6_)9Qj)@;g(;w z0->-p-^GRZS$+P-(Q)nWRq@&O&!`7vT}SYY3HN7Ws_8VIu#IB&Yxr=lb8uO?fXIJ3 zm%i!hc`lxl|By)c#4UKLC?$vTtnc>|3y+OV`zvZ*S*VU6?|9|q_`c~eh&lK-lsT`D z4srf(afInPw1MECwDn@Xrb4pMqLn=5Zn=B|rH|pTbvp-8A55Oy=N!8aB~6-T#Gsb* zpHTn^6#+pcGS!z(;MGC@YN|GY7jS~L`0cIkgfKMmd||xwaDRsTn$`&21!BO+yYz|s z`ZTLH6b~9Xs1`*@0>(N130NP)z_BMBHU|Sc$|ksL5fI@_OuD$jX56ewV@rbv|C<=w zBGWvOGZcP10s6`i+aTB3 zw5KTZXpPH2m|w#_fRMT#w^{u)t$bl`5T z`g(=`RmfoAjqyP7;;V#{xnDybs_iYDAk|DT=Fs%FgoKg+S}3&~aIJo0NywPtQ>-#( zaZRtrNw}{7{pYTLA9!1nty-7;?G-!y*OGE1uky=8fZ2Rw+64-Tjg6L1v6Qb<@pPqG zTf7BRo?$ei$*18fj?GDTAXTt%oXWq#It-Ue_4N_&^JV3i<5t~jQ2B$mUyk2H0Fsb$ zLBnUi^^wY30Ty{?S~_6WCsYWtaGnQ^`2sfTndeaaIyU{{Z1aOR8V%CIY>`j=F);I5 zwO+m)-U&m_e~H3I?2{B_1mn{1s_v?~=ePJ>GnSx_Mt1 z#+RIP>m%!cQhCvy$!x0U4jDzwF$`CT)^Tohp5HFssc^<+VfxvBzZ*c*rH<;D=(WOg z5pF>AQdG7CG4i$C6SmDj1sA_YY{AVg`i~>M*A(TKtdYreD4+|w7T?NkymGFMD7!!R z)&WS~HRrOfNYYOVq{YIl1SxzyrtQi5-^csLU(drZ_&M^&B_zy1M$3=klqF<8%EGIuED z-sxR+3kqP-{tRxR+hHW^n9fO$&?no9$?K90nX9^umTk6a+9yC_oO>(_Ds`O;`4%!} zLk)a5s0eptj2{YpL7N&6#gXhF!-4s|5x;xP-yfsUzC21A)jKp(w@#_l?;SPgh|79U zp0zCPzA@DH$9=*5)Q&n#!S{yM3P};82NhnZb?XXDL}aFp)2K--*%DBgT#G^dpM@{IaJ{&D;WA5jKrx2Dpb7Hcwd#$qr0C4&nw zSEk-eN9sw+9QUI0YC$rGji3M*ovSc_u+v!g64?%JKSW347BrkcHJu@}0|o@nqLqT4 zR%pA-^T+4`AQo>F$5X6ygreu+J=s+l7nkzW3zSzRoBKL)u0NaYO4FvduhIJUlvmc{dp!}g^UmYwjwi!0)BL# z{8_{^;!?oO>EckCra*QK)gZxoMQ1diOF!D&3Ca|Tf!a03-KFIjIEqqj{R@eG>LXHg z#-;lHBNL&_bdtpgSAK=*B#+v7y#?{eGJf_)i{iqRAT zeQ??WGw+29RY=D#$Fy8>XO<1gs11S>Q8VOid%|^9=Y*_g?U$g=19|VpG+`mv*`ME?cuPY>5?r+(%2otkO~oJ2LigVMrwH}Z6DeDRLH(JC zXmtFW{kPoTvVFV=baPBcn@*(7^GRIaJCH*@B;>&zB}7EMhWq0J(VgZaHHwRo|CYUf zh~tS4gxDBEi49Cu3D}5&R0_u}gFDvu(s*Ru9t;lF4MeFv8Q9h5Nv>J1^#%|41P+&i zPbDh@HW6-LYy~;mCC`KQLhQjWq7AcHKgors)3E|GAxoiU;$mi1~>3WDT&M-petvVD8xNr%V@iA+xZhQC|qvx6zoU;1OFw1cnXLDpM?w`{3gy81Ow40p^wGI6S(W? ztqKGQO*fnh*Vp^WJ<>GS_L}yZImLv$&@%hq~WtMKOgVVC#?=>2??Xtw~=Y z=i6d0n5FP^mi=PIq~j$0dSEWTOW9lJyBgq3J|Rv0bbmZv+V@&*&(Xu7yCU&Whm_xw zc>vUOcanY_b_PO~jOW(XB-pCd2MoRx(kjl!hvXzn8YmB1{Z(1fD*_b#8ZQ9oAyfq) ze!QW%DM|MBaUURaTCXEvzfK2>y^JBVJXo_sWqnQW=SAwiHnQz;eBhSrDAk|iBY!(+ z;waiK7&10?y>*LQElI`LkfQ1@uP#3WoxX5P!kDy$HzwGSLd37}RplxqK8UN>lyOM2 zX%~{cn3bZ7qo|mN zYOZo>7tY7PI2en4h`*D1s+YU`z%eS26(XV`i*JA0I4^0d2_GDoz7^Qn1pOjfXRoau zmXY^XJlBPBLXtTabZmj}{hXHWs#UO{!vqd0?~lR>p>TL#r+9hV?Ko?BFBPDf#LM+= z-9xe7NAkF2Y1r&u?)QPebYDJ)(h8Wy<)|srt|3mXV7;=k zSD9dX%%Q&ib@zQ2fYs5zASL#pl+v+Om6St2&?H>_MxP54U9|$2E}62HgZSbPV0|Eq zE!D!sNTSf#sCW5k>UXrBXPYMpa#qzEQ$_tD#R$8E=DD^7t?FHP5FDdQT>@TC)!=?+4+2DXe2pEQi_9Xdagj?@T;_FCB<}KdxOoLO^y4 zLm*wyL-fGuSX^oLV{0EMt?5eRQkRO)?eaKKB8vd9Y4D}15arOsf3-6=k)IpVwCW*y zTE@Pc-u-O$%bUdC4~E2qp4+d=W`e`L&lHk4eJ_d6UFNuXGVKAk8nH+5b{8Nvgrl%L zpsG-yMA>_V>hturzfi8rzfVe}mD~j1ce5Y6s?o?{v5VT}bFG!%`Q#^x8f|_5?#NHG z!zE;JsCXEH(UQ^tfc{z6xXr%ynggnC1!H#4Ps{f`#0F$od@jGH(@(pFZ^Smw=#bo| zv3~>{sAW4R^XHPV5++A4ZN$b*H@;7E>4wTlHm6gpPi=Trn?B`Fk3L6Rcfkx(N)~A^ z7jkDFxqa**MD_r~7(fNK@=4NTkb%7lwkr{rauJKa%wKP}k>Oal$szT*DP(rMK9=|e z@|a^`b1%5%Yd9Rx)kAbErSpRb=bI}|BW26fYlvz4l~qOh41#6BNcss&=W*X7)WzOm z5N>u=8X0-8o^ZtC+Z1kBL4NZ_AGs&Kav50M=X~cJ?TrhTQ9j&ZAkPr9W!n{nr`5nR zmIjX8-81_dJ7e13Z*{7fO$K_!bqiC+mQ|ROUb)(S&fG8gYKGIT!(Kyr9PzPVcPEom z{`|l!$hkRqO2tJ&MB-JKUPN+CZ^Y1Gcf5nL)4Rg3eDHRZHkT zbU(OfK~!Yt2R+zEYsbeB*NN^-!cTrPUbyzigmO3F+t}{EGbj8QxYvenN$po9F~E-x zemos__}tIC0|fj*nrJ>I>mWVLf|K&S*7f15BS#0B7QH7U(+R@0EB*L=;2WGb~tSN=aXclk7N18;*FEP z*Y%N7cb;92F@EQQ6I1>{BY2U-3pOzV_hGJFlrSr`?$<;tpyk0%_O`|tCw+n$CFEer+NGe@!smRx!KVkH)!ERfm#O~RkUep$eueYaG+5u@&0 zsnFOzvSK6>%U=ZYdXw}!o14x$#>uR`92(s;#Q*{(I*n6ppQ{7$DfA?`3LS#!mn(Yb zDqoWDogmt2yIRig$ioGJ1S)t7#^v2Cy{ujiKa$R#_2rAlf)zP?LpBFQ0<~eEhS#}Y zp!_%gc5@+5mU|lT9{U;))3&WD3vM+#1?(SxVk6ZD8d!+3;-(YxJ?IBZ)laeX4#OGow%v5-XL!W;UIt<}-H+_( zobD${++yO(0I`aT12|=WPf=)P27{Y)RKBRYYbhCT2|!{gMPlw7AIFAci9_L$(EHbY z$A{pA?uVaA#Dq~W2c6AK*ha@kxxC&Te9NuSkFyhQKaQxL!^Z?E2<*a)iXihV?Zi1c znfe7Mw|bA+wt5^jbKzb3HMBrtekr91Qe@^`D591viDT;aTJCF7-wK-ZJkaX89P40_^{`;ybeO3>` z0c^!<9TqmI`Ha%@>g$Or1RhxWzMnApH~MhzOc~PsAkUCybi|8kQv?yPVCp(?1okPv zFN=J@Izm0X#=pgly>ef?-4G8DQ|Z@s@8{cAjLQ&nfMBW7VZT^xsp%iMSW0(t9unh{~XEOJLd^6AeF{zAgrMjg9SY~AfxRa={Q%cUK8gpk}B zqC>}%7=_`hqusQ@(~b;f)Q>{8y=(hc!{?emX@$U>Me>o&e+LWng2l2wd*+F}{^8g2 zs_0yVq;}zUgA-!?_%hAC?Wrt%o&E)QsscoB?of$7cNAZ}bObUPzpV%|g9Qkuv2bD6 zz2Yq0_wT^}DG@sqFvc=DU#qkc6)y5-EA|9Mlj8o--oay?{Gy+1Edk&TCsyAc&&BgpwaYvPcjm_(nzrR5E=19PX?&Yi`hsh)s8O zRh@n0<6+2p{Cc0j&VrC(gorS!XN}wd-hetuKaFNfIgYVmV)0h+uk{h_B>OG#EMHuq z-8Zp_1Ff{QE@x&{D$t|e-?)wy$?@hMZO#xOX=}=<)fOw4w_ty*;K9N<05dclC&rzQ zriIO}3uRH%i$O(S$gc}07k9;8mk^WbDu1$dWq(W{M-cV8hgora3HPksM6o%=+DxrU2+~Y}7qc-aM)3uTh zqjPR=yZCz_NWY=iUK^S%=kCACns%TCosWSOikrS)tzYZ9+sQyGCUY-$N4+gS zNQLXhK9}bP8TPrbVUc^DU)S}Tu?5m-JW|E=S57c%pSz{Z?J@y+WXsltX2K)Dxcz&j zEClD1EFm8S18SE#ja8(W^{L*Dn%udZ1qs$RWsv+pW}ih*NdBF9K?VCA6AA+fQ~uMG zeeB)rbVCEHQfU4eg2<_xE)QrZC}XgHj>gJzxIP}26&p5))t8_Omyfh9^m9)Ip8`8k z=PSMXU5l8Y-XO62yD})LYDeO8RX}ef8P*)a`uo7g!rY37%hD`Yeojr5gZ2-9TAV~7 zOqF$akna-L;+ixoxFfsgiSno3o-37nFt)%4uy6FJPr6Xba}OpGINkV59~z5q8*g1d z4}-TakjpZzC*ax6?kWv5tIKdQX@QJ*o>qf+tAA$GH+X&RcvHZHu8c<^Y!bupz)#pI zgxvM+T@A7>2mOgvPcSb(KEkXl!#!v)j0_7P%Gdx%d<4Py`S?@4EI@EP!FXnm7H7Kn zV*UO^a4`#vNms@Fz1(HEx8K7QXf|-t#!vK6p$nf6r~|(iK7SJ5`JRNz?}_dZ5ef8V zhB2B=mGilZO#OxhL4m2E3->t@Va%sEXB02mkjx|6Q;O515YoGN@clFXEoW1co*w6E z-jhXtR&kcxo_nHutq$W~vXQYR+&_cEXwEa?UXensj#fu6nERNoUErvElNUU?($VJg z$QVQJE#1ymq+E?kzJqBMb4JUs>w+7%u+kw7jgbMP1hc7iylFjN#U3FEohlOXVRj zjaT$(729E|&k?*_QBozNwhr?}nBByL#S>4I0R->8y9KpIA!j_aU@*@`yGryykKyo^iGxvCeR%0jJ;`^7 zyLcv^7<{5)?t^`X$6-;)icc0?Ez4XMe{TD2dX}#&(?ixD?)N&LxFjF;guYyLTU8j+ zd$TqUxgS#3RrdG8#gbp|!!y=WtrNQ~Ab}CUByR(MjIH-VJ75YO9Aa6jL5AML>9^tj7<`$Vc z-Gd)WUh_FM!kmAY6t$a^E4++lTb#!SS$8PpVILDS`J7RYQ8^JB!=J= z5+JlhF}3n$P@wd8w0#epzn?c$~P{nbeGX{H$6{uI4mg%T~?wf=?zyA1^; z4Pvi}b@Nak6KZ?{xDtQhS#6Qb_4k7%y^ohLv@xr5t31#u*V%(u9HZwp2&s(BElu5P z`L4Uww+#?%DbDtdPsfUUqMMKy&+nd*04}soE=pG0>D@A~0Wi2{oYCFt2$OLY9s{$- z^<}0G)EGrN!KmA}{BQ}`+>TLqD=eP6dm2q1YV&KcgN7bKB|g;I5$n|+&7^a$%$dng zq49jgr{_EG8k!vL!SkWM=nndi*quAntiLO11<-9=>uzcBDLYy-)37|MB40j6x)j_e z=8VD?j%j}%7j!UJA-yIcd3UD@7Tl1(2A}@Ua$&=Qoy!gxV2Rm7Z@`JmTVYV(?>Bw- zXf58e7%#dY^$zWmLyhEe;TGRLn-QGhcv&MO)_>Wz(jRlPSokFdN2oQVo`);m7Wu!s-B#wWC?&T@Wqq?&mjme`Sz zLKXGf<;>#)_|msJTH5I(?Qx1$VIdHaAyl+4KnU_1dEc3VhF9D#C##9!34L&wi~{Tg z&giZ};C{J4*-6XD%|DbzuIsybq2S=|^zPw%t2o~~f$^QNG*ND8^&WRa%;W;7oxPwVIoT9E*FpT=kbZ_*6 z+=yrMw^2m)A%(s~iY5hiW(L3U<)Jfvm2^qIa{n&RfoRM5_dO7P}b|4WNB`90RkV|Tr=0mx6^xCo&G6tKl_gGmLyJI z?h|=arcR4xXY+3#cez}jRFGPWoXFSZqjm1IUg3^xZ+-xW)1%RT9KL%%1{3ryw%#I& z`CU@hujXi7X&Lw)B!#Yhp*H<60cGN_?ugfLa$^q$>AHcj*}YnllX)g_GP1#K!ZVM zI`$Tm)yXRmWwVe?&#d7o#MREW{Iu77N3d_O{!VwS*3; ziDNg#Nrelrz-1bAR!ll61wE28qp^NyVV`KiUkyC`Fn&zy}qyG{=p>%)87zCCq$XdW9{7bDKL*)M#h7>zNRtI;5>Xv?beg|hF?a^46Y~xDiKfovIv;JL*>0|Bj#;jj*^rnAw^yZ3p&&{Zycsl$=d0u4# zU47qV-oB8v<>Us%`B^Cyb%|PSP!Y`ovgSF6st+1d&^j001W2xm-@;gO+cGWgZP74D zTGRj?J#0*INF~zEiv6CiiXbR6hii}UvEI}3>rE6WPGOTrnB9_RgBHPPIJ`*rOdr`f z$bb9iuE8FoFYa@FVF5@si%1&W2$`?ZhKVcW*!b|2*v@BjZ zAD+u0Pf%TACxoKcGcxBr5ghV93iE@(T{E0`@czq*9etg(8?6rdyBX6{I(W}gXLP;w6( zte^-t=)zt2*%d65=wo}OdW6nEPx}bnJ@RnAOCx{X<3(Fv0WP9Su4YH)C#Aar7z)pT zFB7Bi0NJ+V<#iQFiX1Pjv^~TQFkkzYU9}T#n!h@?--P6o$Fv$)Wt+ul9Wsy57I80s zf42&3#w#p#?3gFb7KvRXz0QneG;roAvUjsHEs(Tg6&l`V#bsbwC{Sg~>R12|LN$@j ziIFcS<8!@5)au1h2tIxUXsb)I?y;GUiA}*YB67mYV%gDIc0Vy}QqUQ|EvMu3-S-CF zBK$bH3ACK4wq7>!Pe~jYaRonkM@uRNly_%%uAE-dX^(*)3`zg-T*(Eb;Q+R=y(GnR z2W2T9-6PVF8aV=c1M;GmdRjU?TYL`dzrcGx{n4^&gBO&CcFt-RyYOQFZycFb9SKe z4M3S!CL{Ay?28Y8wpWjcv z!nKtt`-Mg0?Ex*G8$+uS18Xs+XjTLsXN64lq#ghh#^X2O#Ec&o2gk%eqnNQ=mOE<0 zE}{ENS5#oLTer&%BkmQC19l51#4+NPJbujuk{Nz{G$5<4iz#r+Ge_f%3Lnzt zv9D}^iFendnSV}nY#pdOarI<}vQIx9ldR|fWIpwO&glibuYf!>_-|b4k1l}Ze`&4L zr4`(ny`TsWip$}C#iv@8EI`?TJO#R|aQni4a@@#qohMd?X>c~sg4z0_MYarU%eEqL z8su|jPhs$Pm)wOXg#y_fTW{(|KEC^c1A+X~HkK}8^9U*oed3tMZ_Rk*)!EYxWYiRf zofx2iF5va_=j#B-lDs`z@gcoVCq22MssxKhFR+r+1+lJ@U#Ku;$?$p@BOTQvwlNK5 zvTgVhq-sNMe%0QjL3td~5?qXa@t;GOu=!ku^Xev){vp4ed(!ec5Z$L4X|qtJPkL$< z@?8FevRQM+e6a5f8v;#bI%f;z4YG)A*JBRmD{K9 zF$c77u~ok{94^U0-LtF$ec{i4SbthQF3MM3+)xg<@;t72YYxzsm>;!!1e3*^HT+#C z#h@O|E2gMhE*OGyfHLKAM^W54md*oR?$WRaj{IIgM{@!s2Q5Vx7GTg=iqOvJ+zLt9 zKSN9TrrLT+o)8RPU|6qs1#p4O?|@}moOgDiV)%LOR$g@nA#o9QJCk>Z<&GMF8KKb) z_#oVn3M=kMWNnR(mx8HU=lIRw^6*5XLlj?cPd~mcg^1E(qKEngt^j+mtdDs*Aanrn z^1OXhTtfI0p$E=gH@GuPZgmeRPK4W&Af(fEFJUP{L_PNbM!ga`9*p)V9QOlZl~8K( zI9OMLGthXPJo~dM{vKI0Gtl^*>(%kb8%!Wd(sF9(Uk)*W$e*ZcPhy8kg zp2ADRJ@x^BR=K=mn|?&dK)N#Dy7Z0eax(t>(zH-T?F{bGMh=xRw1vcUT|4K-4z}a`Kc;t|vHF8R>CwY)+Ca}S6le{xkjh+Ar;V7U8g~dq7P##Oyw8XykB@yJ@V)r#2>`n-y|)K zKMZ}5@lHe9y<)OIFE($z_x!lUXNLD{pI!Apdd_$A;ntF1!FZb{8oc_$W=nJ%Az<`AaXNC47g5>T zU!-R;J0YEf1z0&o)_q0~-svZB$W8F(8?8dqVg>Z!2G`hqWq$V5x2?s`J)XtuJ1bCe z=!T6w(JTKXB5GhuhGK;I5}nglE`Hj@k*9NhDiZJfN@)Q)=5e~7-ZD#Q>~uqHj6N-^ zSq5rjvg(daBWc|!MP`r7AV`#Oy+AWN{N$0p7kA=4eN+8w#+ix6HPlLBK$m>>I9ueA zzZ)&6d1q_i5Cps{ye)E8%ZJwTBI-smj@JBt3Hm^321*lIJf=O7LT~W>w=4WR<6%izJ|c#d&C2461k$E6AQ zvp+o0>JZ>b#~=Gg4UmAT=g|-CzJT*E*UUPrJ-8!l%uvHe#!Mmd-RjTQ=O`QouNH!R z+I?yo@SjllwHS7zLsL|W@Y}-8EV3g()6QoN~sM^9wy)?&ttqcPD{NWRWZyR;PJ&^YLR>#+vtXC4AR z)gxGH+d`V5`;%`44Vs!4Sm?2ntvp0}zDmz$Mc0DAmEz@(K_e6A@N1RovRWJ<;=!)+ z2Z&(*u%%^#>!=c%JSbY1XcJDK(V99o+Mj|J`VBaT1zq4qW?gLmF{Srz3OAkxPwop4 zYdS$9X=ErZKuz;2Y3?(!Q50!p?ZPJ(yoOws ze0krd?jc4u%=o#kW+|^~rBe^<9NAyiR3l-zySXhm(eWOrhH-V)ayp?Ue4wk+qW=tF z4yRtfDjqK9p|vEE64L z_njro8b85!>H@-oHlZ<{(m1NzNd9mvfLpvv7j^+AX_K9(H6657qp6;6^vq}5hh}J~ zwA{wm6wStMUJm0%C;aPkPaoLcG3R~s3TEBN8Nn$iRucvh5v{^Dm_!E{5L$QOSx%+5s`Kr_ zx710og?7m3<76y(P=Q_$18Z{doAVyJ<;Ha^%cB`SVGg#!a`B~w;^)Bd!W9j;fePKn zeRVe{{)%e%#}6xxX>qH^eIdQoi2H50i}J8<`A+8ot?Q z8(MZd|MT(TnTekk0m=CBy0B=lU$@8OE05j-G#K=Pa90F}x*39mM*PBNVIGGQe`>KM zV$yL? z4GHF!rz^5=_is<;B^r)8Y>Gcv z1Pv9f<19hTjs+9=KPPqXIiwATHo6xvH^coZS*bMS)jNY21P29DmN$Pl__A}3x_`VV zUdx*1@I}$92OBQO2MH0lGoOrA(#CtCcF(ZKt*^L9&hxZYkneGJ`0MY=oy^2ahN`{f z?RI`gM@E)zF*5dOetTS<_qa~l7TEs0Ws+friTZzOlc&Jw-Zch*Tcew?~TP8_2 zN$wktMewVp;u;p>m&MGVGnpo+o??YnKkThi{=Iuqra zwAHD!CG3M>`x(^!T3?dx5Jw&)s35q@4oPWSdj{f(+XnfEr4B(HeRCN5Z3Nx^UX%Uk z1&QlNZlh!K7mvuF-W3QIt%MUT9lW-I4EF&JUL_DTEdAI#X2}ypaQT+2+wD zKB%)!-7J`rHwAJLf+366kE?Ah@2jhGy36 z9A2WDgk9ct`W@ryDcKpCLJVI`K@7rc2JfOMtf9Ju$g+9Xn(SB4d_AxP?N^lD_om@{ zLk<8k-uWiO93D5ce@|QNzuGsp#8V;N`EeZSEV-yo*QyFpGGDX!M058clu7rDCs+R< z$;qbs!1!P<{4%-)JNx!Lev?Q$>&t812xvH(mM=o>CI}P#MUOW#ToN#{ROBzi7rn7l z7y?SoZkT&--xCl2)oQ&thu{+KdwLPl0F;m!3!x5kqvpa#>86fle>EUFIe@B8djO+A zZGPUA+uAq>8H0Z|I+{GMI)SpxUz-h7%0{TS+e2-S1W{F~Z2kh@xbG`Nsq4;s%M~}O z4pThAA|^iaF(10y8*P_Y^c{9Us8>4kOwOPnXXf>31?aDSkA#ub?hVbsb^P5bk0$%L zefUQ6<$wD1U}(SFMop3yB&Jcn*B>|T7r#9v*WqVhBbF{dVY^xNj9!<+$*!(U=m_4P zB_{TKL-cEM>&+h>W3PD72M+2-JZ9mu6yIcy{u$0~muf%=`#aOIZHm$+0f`?T1sZY7c}q*G-1(KM|Y zR$b}`Xln9%d?T~VTC@D&6U;ysHx1Qa0~jsXUKAehE*qT~?yT@$Dr;lsbk~RB-y!Ym z-uE{#y;e%m*kBLW&(bGreQ>bSK|hZV8M^gkoH4HgJY0K!QtaoETgDHuz5CPA*U?<^ zwzJO4UYrD&ou9zEAp=CYrMN`t;Kg!CY+KD)a5Acm3y@{9ZFunlMYvb}fssao44Tt)Ey^&_Liz0eOvn~VU5VE{8Wz4cp=rMP z`Wg?RrdBD}v~an7Z9O(eq5-IDO&0c7W9H-yN+jKGcg5h20m|404JfZa*a@xpKrIBra(HC4wX1Sg|q_5TCxpPod;=obB9 z{TwHRj%Rz0{P#U5zbk&d3&9lSX~qX>3(Ji*7OT(}mm^`PlM@^5wt7 zgijgklXl;eejDnm)MS>gpW!c+4S|{sU}`%OpziAFnx=4j6P`kf+B!H-R8F!Loa3_N z6?pdXu`d-#b~s#>vmzU3?9V)ly*!t=_HIZQFCgFNzeh+(iAj7{!>&QbcQ1=-e_s{{ znEYc=F2O!>N(G)#LY>D~^##b?*U_OEa>{X34k`B3$IiuQ&yd)_{$F z(a&s8iJk^O}P6Ca!;$r!(;&e-fhd?<0K#=5O`43wRKZ z;xr%0_DC&cb6qXQ0aL89%k(@hA^HRu##9;bH>`q)$Dmqn$>;omw)K+pC+fszl73o$ zD;EHqKI&eKPOlZP;{AMFg0hR1Uv1Znz(JBzq5kn1N22$h$Y?9!<1sbOHBLZe!EnMQ z_`&lQ&05yaj#WW*aEz~?D8!?`m*6wsxy3jKkfcL}1-%6x1<7ZLqNXm47T8gAXpO+E7+R;7394;z+kA;x=0HI^Ii8nPd2^F?t2dx4rzcu@eCaD zO`Vv-@n)6_(BrKjf;-!iz05F+P&brh>Lopp$t8OGSR9&mzbx?2p9Sa zd`)OCWtK9?BwZh+ehyb8+!fk8SL@JYjDmSc?orOAO4VnV_)oe4KrVQHjNwV&`VX}A zulNxspl;&t1}dFsmR`Om1@aO5(ppYO=xIjA2RK)2&;35VV9^rK+MD1g`gWeraZXR$ zaOKXZ@;y5sw8^1wJ3VM%6rIs;O?G)qHt0RBF7*;%fmawKI-`rue_reLYw{;6ES%Fp zzqwyXo}q#-pN&ZC#uFCU={`sEJ#j<}C2=1AIsiit=EL#LD`u3paX35!|DRIFK~0q; zgyfz&#qnI^m$N_rE)t@elfH*L*`p(w3u@P3^-%V{z+8DcEc(NrvJZ}X6nte*;YYhH z0J9F?^S&0~??$+cAMvggGpc>Iqc??2xPT507`6J@H2d!rVYrChp8q0weV++g?2Ti7 zd2_+(yuF6#{^}nv(Rg~^%>a3tJa6eB0Kw{C%Dxo-(u-7n&8mOHgvNCqn zb^upM^CQ=fKZ3AXv*;JbpXrUHOyNdw z>rKh7e$OXQfhFt97j5nw?3Z0QNa%9+w4y}!a#ZFXDSNACh?KPN%`I+s0zNvW>4~q7 zt9%ar3dUja8Ti_4P%ZlR;7km|9QBj$JfJkol&tw)?k$-5IDBy1~DX{D5ZRZ+X~ySPk6D+2iy|R(~lQTRdJn)D6)6yru^5dLPUBevgf8 z!?PLFGH`<3d=u?BH_RDg>Q!HSRWLHec7sBWv=2_#zpiwD-1m`$ctO*SE!}~?Wzg=P zN`eIS%j-}zTTkd*^CnfEz2=}P7&ox;*k^_c4!o(WD7qh>b?NpWD9zr?-57psl(j(r z#0_j@%LRhggfI7?5~Ei9z;QrQrL{z661uCu_D_fmd-|+@Xz|uP4#JqRLb(r{z{4bB zx!&XVJ1h5a@KH6BPftd2nU7L}@zY(sXT{mS=~W!wdlQ$l&x{{|;c$JF-eOo}gihOi z$|jS4Rj);q?K~q{)-|OzA{xDYBc^xS$N3BGoZQi55>_iD11Hb74+HTkT{~D;%lN@3QV0#N?2`b zBA+91E+C$oGc4b`UCP`-?1(2N+r2wP^*+PU(csAgeud^t?Tx@fRG6m+GO{?qA!(ua zqf_}&OY{U@7Vay1ohj_pwuUI)MYU^H2dFKrjV5q-_rSkg^ zT!9RG1A>Tcg-I|K1GqW5^JSlu_e6*?Y7)R(s1-v?pn_+7^Yd4{0kM)i>GYG6^nRH} zBEtW#sz}gu;9EM9_w#WLgVG2hqPn>CK6eyIf9xM&onWiZ{eph`Ii-zQ_j=ef1^CAm zQZ72Z51ciuD4%VK?vUyh&CHuK$Zd7>+pwqNG$!me*o7~9&Gn9?7QQ;@{Vj$j8O>zdAkeZ&>A7&lk9y` zxR&TJyiXeX_f_|2lgwwnnG^kHB@Fd_YF7n=yVRdg+jiupZQV;3X`I<4CQ(wPYiFj@ zr+UzCK_%7C?8nWvU;q#0Tp#DRUH_ux`grigBp~&2TIC z9R^^y??dUgW;Hy17IKgx1Z<#2Gl-7IoWWg+i|QOb>JT7_pVlu_{3hHJUAR=e@GVtK z&}<|?mUd$y@r#lCoQ+FMerx*sM?s)fiquXJfKVnoUlY8*z(4j8jm`TOUS5PW1V8_V zi@9Gk3GZ42BX2FMO-FhWpKe8?5sthjW{y&t=b{iCpS5mVAt zi};DiDOj8z%tK|_BhhmQH-HGhqhh#4Ih3}<$dD76l~D5l>A!jIVPR$Q({nDLf`3Uf zk@9G9w-v7PdkHNzD>S=s`tdE1!>K9tQ!ZQbq2e%9%HcYf>(lBSMz}2VtH%jXJz7ha zKgM)kfVNxEKj_1s^%J(Z^6I!)9WJK}KD=jpfBhgN`$qbH>$e!`V%@C%F8e`cr{KIj zM3tV}^%!XctKMuwJD}KO!x`K;yi&yke?NOd%tkW_w+}Oa53RuA6Ob|cG9D>R_@($H zX&(KV`TLx0e<}H-QruHr7L=y*EHq3@e>CGw!lh#+`>H;imwd8 zRmiDk!exkJb{v=GlcHx_GhKstCtI}+t1si4LC#$jNTH;AZf8eOi9@U0# z7->)TFTjz|+K{Uny{Sl&Sc!s?tYz|qzO?Gp>h|;5_O1%LJ38J~?_eDvD^0H5?#+rh zRMBeroS6%mwU@z(DIgje_SN*Kkn)Ldb^8+Lm;JrC&8^ZE>mKjjz3kHLLH08_)Bw`8 z@qn&aJ>@tfrpR<7ll=}XIAE@|`=!S;LF7T7p|8Ayv1@T^t_>{M^4lRx1-1bd$%RLG zm5DCx$d73s6tW0dpX+7TZA9Pv=UL1@5eDK59{T>6`0*}$QQm`T?5KVh{5Ih4`iMRn zE#4z)=9sPBiA55)sWfk&=?^w4@rpN$^qJc~7yJoP+;_Jc1qV3(Cc1lE_IZYqPCwBS z&^?|44EOj7fk=U1NQper@L}!&NmhQoBuyF9c%vJ{!;QWo>n6J$H0TCs-`;9U7y@a)48bcY7YuF5e7h7=`@C zm&HT1jo0r-J}CEyf&VzebUG&c8UV^oyMMhVW;)IHd4D{tvP}}#*&ccemJ5z)9WiH8g8d!p8N2@i7;7aB-T>NH6b zNwM1JVvjmfLHjHy*c_#1BLpRrcD#$6r@+#z{cxOmn~pM{#8Bra#su-)KH~=4t8Cz! z_}e7hQI~yZ`a1Dr^g5nD#&$lc{ycr^!lD}{JvXeWU_3}FaMKxHfzD; zx}x9QW2F8o$vsh|!3e&7K3R!eF0A|GQ1)fCbhUE|vE zo`t-jpGf2Q7(aNG5{M_XunsxO;UQB5sx}5l0ThgO7n7jw>5h;1S^}&yhtG;>63qxHi zrQqLm@&4X+#TJHBb2;gU;84Z~$#tEhhF^L=M!Ubl_y0-31a})A(N)3B#fNo?1(M_X1Ri%I%)kOj;LyjK+KZ@204Blnep-e;jj)VO5-X4|;%n`F$T zB#xgPN|Z*~Dy?T4tWD{>jZwj;PqP*|xD`3a8Ahj4@?Ad%5<6Cly9*KK9dTvu%8{>O zy@3470X&8SjaL>f+5zlQi>K#^|2FQ`%-w^t zQjf>)^|;WF_tbYaJIDK0#p~X+X3FOl9`I)*$EVU-W(Up_MjDfOdcDqZ{5zRjto(Iq z<@+sd{K&Y>ImBMLag}RRwLr38ipQBwtXC0ir}!qzJ&(q1kH9`nY@IVmV^lvaFnPp_ z9Ph>9@G3c$_ot&-z*tuO?V-H6aK<2LU$o*M7?7Kmm~;A&y_9dA?@C7%0s-aq!_T^+ zqimrhbJ@^@-8OFsVzZ)`3hZuh7%P@G(W`3AY#BGF`-VZ!NP1qLLByi{R60~&Z0FP% zbJuIq9omEY2qe%T-f4i^7+lc>a z4v1c!gZ(3ZxFhoydOo!;Bc#w8I5AQh=8ZFcfqeQ_#qDS*^uRLvU*aD>Tc{z2mhS#0n7Rxj{`q`svDTEM3_EC zbsci>TL9+gNkQbP8Xg?{ev+}c+{^uIZ^tdrMn=U{U*pD+0Hxo;9!((vL<4@vYgbMU1fi- z-cUqN@kd|FSW*-ODh&6)0)JTKxL9bv+5iBz_o48q1$3C}9Wt>=PwdxukH&0irQh-8 zHX3LE<7SgAGrG#p-IKr3D z@88*Ff1`9T@&eZiw>MFG6W%C4r=QK;ACX7qpk)B7N%O>M(ez@pKZ3!8K*6)$4$^}U zcwmr~@I9j;(32)>pC8z%=(wLi0HJp%@>&aStB^q|mv)PX@tItjnve3r;%@rg+%qNF zw2xBoUkV0XEOFxHS{IP*jMeru33>sg*OlCuPANz_Fw-RpRNV zlgVW;rNp-;xu3~#M}jDn^GW7?w^9Y?H(z>nNS%s4HJY#uZ;K=+fG=B@U$%Xyz*J9N zb}1V;BwQ|EmG|if1cx|CSOv}buY~xZCM(}>U1Kg!w)vMRJzz*96(EpYI^{%6a>RaV zZJH;UvrdZ7nna2gXAp?7dIYK4GD&((+b0Q|VBmNjpYdJo)hpB>z3wf@Tf~RK~@5 zeP6E(zBltNUN$CGBbU4JmKGaO@PU*xGM8rd7HV%A+!IR9GXc?5I;Vo zPbmYO#%K81eJ$?z`__H+maZ!7qOxrH$o3`T3Bp)q?WP6i)&MerBLsBJy=WeUiy)YUry(imBjF~UI8rLr*=Cs zy)$1*J#3QWKpd)Loj}N+oE>5Rw9!5ggj)y%+ZEZ1Wl3}cocG-NTjK#~v57CVbruth z>Z@*b*u@#*R92Nk%n`7GcWqRH)?%g)i%O8<(CQ?hI{^go#PweT+FdzzntIR=&xF*U zp_y>B=oFzQC#94UT5J zCRdq9r?HzSksMq!mk-?tzST0T4=zD<$D+b_S63BL-j;}X!9K~bx09FpxPks-QliR;Hb+QGME{t<#0D6V_N(>2Ayk_sUqn_^h`QmI- z{@q(lXMrwYTBeIV@E7$NC)Yu-P46=VezT!d8(*TYlR;FsM-0r3xnbxl{XQ+dE|b#N z{<5{kI|}17AdFR`J~iuLoT^#d);ssT|BL` zy3nM4{~A-zG@+#V?JJ1MPG~tV?|umDg;tn`+Xq8#;G@$t;zD5xyz%=@WE{HVYcpB+ zhhRize)f?=ezb<>$ZlU2d5u>YFG&(Fm&gYi@&td>E4xnQWWlf1g(#j2$Nbp9b{Gc( zUtD}Sw)CTsn=GXcGbIg1B+5e$AhdTIiIh5_gN=f_ z@qEp}qIFX7M*Ug`2#iYJ>%*CF2A?8#Rwf-IR^FB1O#V%B62=LqQ z#%h#W)Iz%IU+mQ@td~#)@ptp&So<_iU+W+Q!V8d`0zNjhgH4p^TwA#6&8ILcd}+Q( z=iY*m3-JZk9d-x_b$!0b{WW#=9CPS?CcSc zaA}tB`#Me_2A~z^iHWHu!~8exmoAuYxsCcxI&jEd>Wjg7ulxwmK$@c`y-pjx+Sl%Q zVuy&ub&a4=XxEnQ2c&BvWW5cSPV}A2gn|MR);`7;pLXYg%p70-GhaV`Eot`d~ht|?}7IN z3m`z76pb(3u-5yFW0?}v>n+W-HP^NT-e%4#&|uzH-;^sJPZl~#{KI#BN&Wa8RoE9e z?7PqXcCGIcg(82DdlfzwxS6#`T*fyzzn9%n)wtkWgy2go3|N-zvv`pVUN;iHrz+;w zHBq)^pYUHu*O;#B#^SI?T@m@c=tAJXGW;nj#-#^NPvNI%!cA^do+YgJYt%7(h^qNn z`tf=Q6I<#!TRS9`aXCBl8H_s;Xa4R>P|qtN!S_LDp~>JT=HZw7M3>_9$rff&=I+O0 zeX8x;)$puY^bk{_F%93d;JTjDV#V%f6p|3Ti0d~R-nYT?jZ%Fa3gJV+XwTA~QniFv zQb#{JhoESmwCZvs8{)6~0SQ}dfp%{e5JMjyE>R=7So$Em(PrZKR1mOnadD(t{>)SIr3pLw$uH_=xvQ0pRZp zhhU^k9@0McR>-?>)cw8~t@ruXzmOmaZ>Uyil(|0v^swvpC_lDeJyg#09@q2J{oM|) z5lweiSnUzzo4n_3M=#1QvJ%BoDwXh)y3${&EpHs=`W|Qw0_~t_;`?uCKR0s_JzRDq zIe9&R3%t>{=X8MKo#&Yo)LIx==tLomjgSsq_UTWAWJRb>QWC0}Na&fMz1UQ0_uljo zpANh6IFBSxc#8F5PQFiZCx>8N^?CkQv}ICBO9Nvq(9-osU-vYf$^V50rDR-Gh>DNr z_zD!=SJ)CtK5CbS2Fpp+VdP5qzDAvaoW~!XuUlUkDA1p}y_sGC3y_#4;?+Dq0@~QP zGb*d`p%~L?jHzC)?$}v;jN+w%lcwQj_?;bkf7|GWXzsd)TT_fNMHKuaEl$kHgz5@i zuhzbO`76r^rWFchAY+O}zmOX1kfEsqJ6BO~J?EqEXEb@OC?1J@t+3yXsNzwjdy7wF zs#y0kP1!$^u4_wCZHxYrB!NeXB0)0BnTupQ;Uf-!ZoM_|a#LL%w&mTsd z4x$69!Iv`a*c#uhTpkSA`j){yhd#vf=kdCIM=kr3oeq)UhT^)AZxMoXw~YbxHbB2% z|8#p$348M(&79ljRW-`dte=1{8eQPx!No^~3PE%R(k3Vj)aZ{~dM(N@c(EtKA*%fQFXK z0hrzyIEG?@R3Bb#M-|X%&~D-rvN?%&FfQs`4|+-FA4YfGn)fTSzmcE9$mtAxsa+9S zVU!xy1?p2en^~)$qklN-%Fu}q`4L)*xb16&X#5q7LZcqW{X(CvHh(j(=E^6`&ct3r z?l-%Yt$Sh|_J^-bPp{<6eQxKly7P&GRO>IIvwu-c>OzR|`m4Qt0GsD3h_Ka2=ciMg z{IduvL3!I}3sF3>-WY$_OTl;Qpqx-XC-s6v zNq|#2`uHORs?4q-Sp8NWGw!$}u>`)(v+wVIdrr{*fgzrgNWWU&roG~-K|TF+3R?S* z*6T}B^9-q3fHk@)B>b3e5_R}!tA0c|H+PEyI}WH4=Z^v`QV38Xc|M303N_YA_u&xv zJKn+vS;GpkTNLXmwqTZ6Xg={b`DtAD4IV$>J9m=&Fv{;o7U2M}^vWMHL#OQRhgx|Y zhKFGGD=q|dUZ}dy3SuK-W&CO?%@99~Jc zpHrY-l#41BcOKF}=Wg2Wd#F#@8511*#eDF|TlEDz6t4QAP@m%JLVJYR@CYNkD^-zf zBZruaNe6t&M#SAPPOfx|!95@v_D_c;Gtx}*uF7y_of|3Je&qi3wM2GeI{JVC;Ffk{~qE0RHR?uea|s^ytp5!w_t7 z4(&-O{F~)|d|DowgV$0s?|;VgXJ&;93^3^z4b^K#ZI~uQJBu?C?I^Q^$AySP<9)v< zIUM(|BZ+?O3S~(A2@eGK`QQrdVN_kp;lT%XgJ`o}hJsE=iQ%J>B(Qh5ADCKFi40Rle{$5;jcjGzJ6 zYKpHY4~Vi(s2QQgTAyFVAzL2D)pN)1bs)rcly8Kx3N&?HL~lY?iO*OlCeb_5!!n{6 zDqB4c5~SBWv%SQEd{W;-Ra@D2OO%wmT$0|kR{vWL;`%BBGZ0WC6%H!^6!uHmXT@Z) zzq4|@b#)h?G$*z}`mUS~W(R2ClaW{OI#3GJw&1m|$F>?7KV~ND#rVv?$t7Z$oJts!A=i%Wdv-~QRW@%raFu-r)rc0H8VQlDF)gK%cgEsBI6!-vvV~KZ||8uGTcB@cthl)M%CQx6S`r{71)T zwGey~9OsWO_tVxVgYzks6`4dkbs!?B0^TM#AqY+5xQy{b`u0nG49S!z7SSd}BRqPo zIR{AJgf7Vv&_~Uws3S5vBI9|$Z-`)0xO3((eezOr)E>|z9g=Ib{bFvqOfVgd?cuu+ z)O{qdH3Pdymjv54Sn_bK_RH1Xek$S|0nAJ`f%HkF8Q<2n-6pQ)qnX{kHFUI0HD||cKqRbluu428K%*}+s9p!zlUPo)g zFDCW~9b3nEG3ZUy)d4AY5a^>?=bYNx{N2Uqkw5aQiE`NXcyH&jj(UQU)bO|v5CVy< z@1!K;uInJc%uQv7z4DCg{!Tj{iwdgn34TOI(|qgwp2XOIO?I8CK*_9#6*^<~M zxafUt3;aAg5P<*c<0pv__EBe5=}m8E%qX^+QM0d$AM5*Fs9;}0dO2JI_t(6l?ae{r z>;gb((#eUqZQciXmhRik(WR}%0rJSjZEG&qeaF^USD;>VwVlI=3HH=qD6C(H#eRqw zt?>Pit}M$9nV5ghR~l`%Bl!eT9W;^IgO)|9Qq}hX5?C#y2b-}TG1Xl4J&%-QvzCvm z)a@(ONgChK4yR(l{aNvAd@|&>>5Cyn|BkjTB4Se8{3O342gK%$2>joV0BlTrK~f4# z2EJ&UVXhL2s%EGGGsFEl?ehn=ntl7Q$9n@5m0n>$|4xVdU@--oEtFFv)ZJIDB@dgUIa}$>0@6F&vLaEeB}*fj1>a}c zw1Tx_3Q5qM|87U%Z%z0nzIr*ndZ#9p{ELFRhMmF2?ZSGFW_fV6Dbs_1uvV$E?> zxAz_;miy3QC@X}%;1jn3ot$LES+@kjsDoL9 z5EjtVczkUz5o0z~x$oEeNOix9yxop|3xjA_e;aXgzOAmJ(BFQuH>zpBj|b=G$GPXe z<9>{HwX&RXRPs~c*>G`xIXJhU#Ds@#-?sOHfFhr(6jJ^WGFZ{Of5G>*oyK?b=+Ch8 zeDa%=P={TXcAuL&7pOoArfkewR4?uR;H7;A?n8yI%R?^7MN;11wPjqi6cO?{-GVo_ zdiCJF#-C?%P(QqH-f5qs8wb{gC?<-$wYcy?9Up_9obG5<_m{G>xyb{IGsH8G6&#+! zYrm#kGbDMRFL!C#?@7&HLk|)(AK?X0DRPn(9jl4p%cR<9XdtG0mLhr4-R!Yx?t7wg z|0XBn%D}Ny&m~x)y6UFx`wr<7KNP62gu^vquW|?r=3KD&`Qa<*5c)$~a z{60fEzY0^OC?P?$jOJ+UU-!=&?FY-?s|)iL_+CoSKlv;Uyf@OFfrPANKfkG0f}5B% z+rJe8J;hy7zq4t5w}XVQdyrO`YO{42BL6#9W5ex zhWlpx;#tWSQ+QkP)^|^3xDla?($jy1PW*<#tdQO*YM37`xG5c+xjWER&fuqFq1(|J z(7RTMzxR~*IN>(lJj&QRHHJdmj3wAdn6nuB6exu7V8c%Z#pTby_|e~#Q72&gUIYN= z99>UWjuQfce+IkFg95(MQaL=zT+c>AZw5!bhY^ju=pk2Zqay@;h;5E>8HmTz(Z4Sw zA?91hWpKI)R>Z1+so*#_X*gwOa%RD|tNJ5DI@t}4m;EAPvo_y^1ZtqKXfFwJJ_+UbtqLH^FAg^W#%e{#Lns4NPZGx_lj8ai@U4ln#O4|mOx`YhtvEg5vx4e~ly`1?!T26BO_0?ge{YK<7JtQN?v{L^ zbYeg#PotsJ>37BK=#s+gq?^(rv5z%=2c4Y(;(vrBzKLGvo3UI#k^SdTzJ1_%1DKi7{3*Fjr5nn)Nj=rE>B9vievc4{=& zPl>~zBZ4zmM)GN%w0?J;+rQ_rr8_zqu4#mrWncVS!wz1cIrQ58`jecIRaFF(3H_T7p2S)Y*XE`7H5~5wLumFfV_colv15LM;|KI7 za4!Th8rnBZP%qD7GQvIGrH;uFQa{G_WycQiR>_2>pZwZGu5o{X5DXz9d)}_}5H2$; z1SY|K!`69^X}A0#$-ni7wMQ_VO{l)?_HuwXoL2d6l z{9dt03lnqPl)zaIDrywlO5Kd3XtDAn!gXt_>Gl*uMfudOaIpTY5-z_0fkuW>1avcw zg|MLQ)~vAGd=Xy+*4szqiNnK$XPtBh4#tInrK7yx&8T zQR{0DHAjOHucyU=s+xU~=X^g9>vv8!VDkqTg}p%|==Ab6Si|4}Fz6oWTj=T*%ZbzM zbYOwprfaq=y!;HPmcFuwvW(1i>9O`(t~B0s#uw_W}tPyJ8_TSk)qL-z;l3U{3Qc#Ilao z^iSO|ao%rKmQ$)4{r zU$(DiNQzjajl33?0YKFLd^!^D0qX=ToV+-F`^=6Y)%)oFLrTKap7$pXWY_a%;fPDj zvmsXquBD+EkV18~v+jTa8FS3m5b!3(<8OHZdDF50?q)~hh|8!{2f9DmaDolp>G4_U z%UP8bvrnn#SAwNvRXw_I*SuA*2eF$AYh$eTHNfZ2fAGbWH&;gZTW@A6-^WhBp-1L; zzTFj@{DrsX>$eAE?~mS+`+cj=ftr$h@i2&)zc94$W~6&i)2ef2a?`YQSKMQ)BYN~h zI_{^KpBNW2u?s2lJPq(i=Unsby1y|BV;EpGgkIYIgAd5wFrRmAkpwhe@V-Cqghu?d zuk*e~-?ZZxp3T?&J!;dkomiMugU%r0IXD>fc>~3^;m%bBlV0~-k~t04zRHbdgjNl|uN|Fs113+sq_;b`vNJ7mleiDr!?nKg=-=L8(X!gFGYTgl zH{mq!V_G7)yyP;!Wf2m!+*P%?_~^TghGIgSIvNrS_N1p==A7@<4_+mUZ^NzMRRtpR zvtJV)|3CdSb{c@k^jN(^7$!XZ*Hw3FkSSrjoDhwAu>skw2dJ#98EZ*CjDCWPX#d#u z$8KD97b!xV+??q?#oPoJU3HNY$E>Ng`YEt=*Yvs9(@^(KDxJ_gbmWt!n0_|D5Bo_> zpNoVDM<8Bk_ByU83rb}g-f8X#IDrHxs4EQYdIJ3G$obk?e_C7P>wx!AoD_mo8y8VN zyXvo{$8@5IMS?%Fh2h_wa<&Ab*2GKKNOGUIgC3oZ(C=a3)|`+@_NpM0N0-cex=$=* zEWgGVj%Ag43yul&y3fyxOJW>F2d>VGr*|UHZ*QP(sNrod=%}DAZ@<62uIPXs)BV2ML*3LH zQO;zxm;4v&XQW)jo1*yRlrje8G5P~A+Cu_Y9;aj<$zd^64 zK#|iQ*AG5k(bWdQQiFf;Ld|>+}x&txf#_F@xnJe9)ip&oPn?Qcv69Xm~e}K#QM|O;iyta#Hb1r zhE*5^)f)oRftIjBa=j-j9E=)f$lWpY50J1WPq&Asr`FaqH;;+xcYH6nR~er^MMvAH zH^*Jm&9$QY>?><4GtDWiYR*#4$^zMG7S+Q>ygtWJ*^9T7Is|~#ytQ++luzao9e$UJ zBokrpVegah@G83bRb=w@bsK`KN48pdmvShCHpZQbjP?_5N&(h#`qrjpHSWx*z4#) z6%D_Xs zl(5e)&?0}%kN?n-xYG;-{ZX?LAN7C6#WAD;w-f2NP+(*7v5EbnNu0UF}b55hXnyCs(zN z?mj?^v}v0C_Rhw3NcF!R!J@Ce*nDxsepKm`gwRoX|^K52lQA|eJvrpNQEgdzDj1l z%V;6JDqi38Pn_6(9KgK1y6OG4+~j-8{$(IUs2#6`Z`R%;_!@QeTydrXmwapW=?+kT z^f|A7r11-77ct-CDG^qn&P%4#yEMx6g`tGwu^Btb+;PL1Y5dZ-QOg3T(`T87AU~B& z)W_CeNulXq7r^z$IvTQfp6ABP1}bOb76tIX*TM^-8xde^u7gQ zJp=4?V210Da}Lm*_)HLfzSp`Mu`B=@yq?t$w6U-4EdmW& zgUJ8t5y5+v4p+4VTtq7e(3DrII-V-1+T_r=5Jfa4pS$S4BIx51km{X4@ySIkX%>wY^L2HNsldOc)N)*KkT8uCQ_+F$9u_?^LRjrYCDw;)@De-Ww(#%Fwc z96Kh)raZ^2IpVQIvws3L=fzwOYrfph{bw|@a8oN1mY8Jc0CQNVpCa zEo32OcE9bS3yIRp%q%?`Bpdo4kMHoKjbY9MY5CYD#X9J=USBG`7Z1P~!hehVk9%|{ zVK1i`=O7B62_MC$8~b+6Pu!}5KYp0UcIHKt;e<_2lX$rc_wAFTANK&cv{Y!=C{z5t zFQnvx@>&0T_{~EV!q@Q)c#01$Ai zKuAb@-poc{z4Y>E?f9`=qkDM%3bI~2N|9y(+)Rh*3tfp}U+Jf)yt@|M*{zKA>B*cag(876K5{%D=qxu?hRT+{an!V1x_9?EnL7NsOSaj4n_h?eFr} zA5%~#Px-uG#gv!L8Mp9OUki!Pjo*`w{iLmbe!p+#$D;^EKqjg_6Wi`b1R%e?sLp43 z!(8COz*we*OtshU>ys6{B#!e>W!`Q-aaQt+YMrO98~6PNV!$VpJDzYs6)v`lcP~q* z@#mp5$@s%IaFg0ec8b!)qVEzOYT;o%fnO56`PRjDUz4d}uH{vnkp1 zW5n^N0>S}3nU7zJFV#y=EfR5hzo2VyR;uAB&$#-qwBFKrf`n+fZx4^UZ$I}{qU7|; zMgS>GP;)H5s;No20GS25n%sS*i7ER4X`YXje5>~pqQRc6XZ=3%U^IHU9U%Jif#~gF zN{GjPkJaj+ynfl5ZBZ6OO(l%7N3Tj@(h;$4tum2PhRaB`2Vx3mT9BD;#^G{kuKP(P zH^T3XG4MNVzL$ZgHJVa1sv%l=`99hxPKH{IhP(HE0WN#{fqOz#-sVEbZGlo!;y#(@ zM3XSUlla;5$_mOQYPlNvq1ltx*Fii$XSi&&sk}XfOUB5Vbt77C2&gb4UDiKWB^wYj zy&J0 zT|X=I^S@sCd)W<_yRbwJYsT(nM{WxVy$XwWnyOy9g7<5;_&W6!zvB`B+wmOEXCF-W z7A}oxkmbtafQ5up@ze6Oo`e#5_*Tz}cC)>S_s;}+FnHWLF96?X#+ef4>-0uLkWmZ# z37fA!|7z_8<&(1MMtXB3H1*rvsZcO3CP!*rcTGsQ z-t%G6%D*#q3IWjC&`)l?FwqUjb!T)j@u`zX!v_3Eu|oNxONUphri7x1%hr+pHj6TP zeV{_C+STAxfodpj*y_gtTJjW@glF(LFT+J@w&?zXEz~7h>l6eV@1opaF>@xt;JbU5 z^(%h@Gt361ZyK&Y?sxWy{syv4{6=Zgr%-+j6m=U|rlKu74NVtoIA!K}`X*%yLG~kU zl@ia9ChFp76HSTuN(tGV-b<=9U-PGIerdPwV*(r#*Sf!?E*#kLR4!DW;SM|$3q3(ny#mV6 z!g5rc$79uR_wV&PM=d|iBa2IG*DEWXb4OeB_(ScdR!h{%dT;M%A|3dKgYa0+9^a_u z`Cu;SX~~)oZ}W+xmGu?A{R<$Ph7T^!bH2Xd+EoT3*k zkBEHZy~fS{9`&mWjqO+RS#S+rI5!_$UCIa`$SPGVgoZ`8uT&Icw3tXbqO<*b6LvtrGS7W> z*Egc0%zUI5gF<2{JVy_WZao^xek7CXrSz%`Z1dWb#HlYv`0Rx6M6*^4)na9kLkSpE zak;wAf%5fh<3w;=J=727(64vSE-KRXdFH*xtc|CGP;TWPrM5w!>aM!_*zB7SJ?~(8 z%N&U;>P=HFj$0N^xKjM_>%95v7XbNRz&Puj5_8@BsVvaK+v$EUO>&h)LNeI>e(iC0 zTz%hJ@fCom_&Kw|*_LkEU)*Fk z)smO~7amIn!bsZFw7G$Gp(bTm3WaO^Yb!ZFd{L9zmY1T%X!!`zrNOxRk)%C1${Q{h zyAnokWq0!wP3I6&Tk0yKdV7n2Ze!qo`C!;Da^dG1jweXDsllh78dv_w9vm9^6Kbr- z5RFSL83IbQ;NrE6E^^T6meN7b16s&iX{5Br6O~JuEX;E((g@DSKjC?L z>8rKoLuP#re9_(2zRY>oLcu0~U5>{yNrmY!Ow{mwbU+0Qu`@p52r#%82^P|o>u03( zy-6~o*z7x(dB~vP1inzM*Nb43oa^|h%S5$Pk3>lrir4XyAE-ZvjpAsH=TN#uwR`b| zUoUr(_L%p+58J%lC4QFA>sum}cVf*=EO#{nzHG;vkk@*OK^YNy0FeMgv;Lk&_*->9 z7xZh$jg`eo_E4D+6ChVAPhZ$d1iI8c=+M;qJp!PRg-2X;=Y^2p4vTei;w&FO#F6%( z1syxFYuf#1Z$yiy=>8i@`*lAccHX*@y`VUYG>FMl%K3mQnT zIWwN2BRu+Ig=$=S*hG(bc>Qt)H1M-@#&+!>41Kn_czUfjmixBb)kcRpH#0zVy`}cu zsmTcWxer2!exx6@*4(@B_;R-uxZCTo6QBG8rLrlr+Y@V4_y6w8csM;<3`sp9ZslH* z#|Kzamw67nIo`h^GJum1C-4hS%K^H#3EIDkT1r1S&mfN`PGm~PQ~Bc`a3k8+dQJMi zn5I@U?J4--#Y+dquymTC>h}C#26aqE400uqkw_jj3m$~o_lO&HRV+ZVwqJXB%m;Td zi_;(c;Q3d(5K;K9(ak*6ME&{185`Sl@;WTlaMxTaf;!ao!v7jLpP?ipS{ua%P_f3x zILQPMTN0frUC_GA`opNTrScZ{Eq6_g9#E~I>&>m zzqprT-e=ODZl^+L0o@4+z_DQrp6>6)&k>^*-+li;I8WH^j`I{w%AUlwaEd$^sLCtH zjGm(|=3jERukrm^`|aDcmB?~8e;r*-A2U-D&xXC6>ccjj2)c(Kj5WhvyjSp|&c5C0 ztGoo+ZG}SO^@if+8askU-0Bk6QoSucB@h};)SoOO{qcKNyJo>V3B;J-sD1s%8M0DE zmsf=h5-tT=QAfLT(_wT;!e=G((jJmy9pJHVkOE&ODgG&_%7fn;+#1)}wvJ`14 zkBgW1Xo}5AL9lQ5u zVeti?JL?>f-9Iwvi0Aix0=nf0xS)(7VmS-Ko zA9Pr7DyOg|p0CwL!>*e{R(Gz{26>;WPkNT#7c!O7#ImpV;1oB)I@|(_FrZhluP1xP z-vv>g?(iywEF;4m5%JB%!L}|(z>hYIPu=SF$2GA8Mdlv$Vtxu@*{>uc$nkft{f_H1 z3h(EaS`cU0@+q44>EEx){d&Aaz-65#%e^3gQI1jw1V^p`IBM`AX%l+LK8BwRS{*%{ zOD-%hd&z5}1I25PSZ28A-3Q)hMf+>{x@|v_>XOnwe47trc9^|(#3?E+0zKTwv$>dPs`(}>iUisU5+b?d< zr|JoKLFn6_`or+RFv6qO=O{qP?$YuE{RtgKj$fVfG5z+Z!$ef6h4ct3jUoEUy}pxAh%_=!-@CSlsYvkp#%4a4@^ z=fvSGnCTjbdq%B4%NB_E)Lb=9d_|T-vEe(@I+prAV(2Z7Ps;8!;~YY=1(w~ST-OI# zf{gEXA9T9kqhtnb+|*OzCSKX^&x32`CR6t0thpPG!el$nwJJj+S*s%^E1be3J1|96 zL#Z|__56G9r^n987t{tD2`;XJAke;0pdghdb|2wLalW|UM0hte?{jZZq=!uFe!m#( z9TEVvGlLknqqnxZOMCYmr1OrRKm8%Rm(cAeLPgdNci3X$VCW7VyKnqLK@R>~A7KXn zteh?}rMf3(J&do{nNs8oqCw<%Q`94G8aEEejkzFELid z84B<^%7Q1f2{>k@`n{{iX`<(sOEU{?YbnFAF*Wy^KT++v=H9KS*FibaEgkp+1XmxX z_C!n#CRO<5WOA$S=J`zG0Gb95r}>TFm)>&4o~66-HD1ql{ks=* z+zjqAzoEvV@2T&EG6_XwCG?_QUgg_gpgQ}cKQ9TyXJzv2sM+ziLGOG}+|vqI=18og zTlJHI^ipR_P7*9{ULYE;GY{rCT5TvhTk`tpJ)_h6{$T(x(;?HTcyiMSr zNxVc9$iGOWUs=U|sIP4f=K!)(SZohjN=URuIj^+7NevG3k>X1Wzn89Ast?K;t`@$F zA-eP&tY8N43Lx3?V&XU3K2Fv-XdDm2!-%XoXxscoyyN#T!D_uHBu~Cj=!pA@BEf{8 zw-_4BC?CP8`fc-fKAOGb=3&J^cF`=KRqHj~w78zQ%17~`_MN|W=K5q)q~hAUwEFm< zKnr{Mb>GWCA%4s`Rb(19x=;S-CgD#%Kf)kBbGu7| zGKuE-v>$7$#-q}Lh*PksyL~IP%ia@Ulle%jO%|W4OV>RIz2gM7zSyid@3M!E5l_toX_ zJE56fLC@qV0G$1ogM$*#AN(^Mw;r4Es4t${XQvn82Wk@C?DI+65nc7=0sNc)L!5>0 z@bQ1<8hj4J^wS{C?M@#q+$akMfx<0E-4(K}J;7SqUP)UhfF5;(P=G6zzN&l^BJfgZ zN~R&~?N9mj*&zHSLJF@Ke(0lu?#dkF{if;hQm3DLegn)zP5QObmKn}8p2Imeb0;RTF$(OfNAv*V>HZOCuHma zuvUL|5KZ;6Y6bA<7YsJM64O{=PA~PLwLg2iby$0#$58VK)_ec=VuP=)heE_CM9?hx zu*~VtG-|YkdnYSe=1iz6f1?k9nSVsfB!ts1BRrYCv*TMo+a!lHhMpA`5;5m<*NBR0a+Y~zv{XVq4^cjF;EHbW6mqco6WoI_O@TB>uf#5mDSe%>}BL_H^T9b^-=A*vdR27WX9y~f-gc4yJTYAUncT7G;9vPE-2Bdhe^)+ z^V~H$g*y=VSKWuB^P=)f4!0g7KbqF>^qBfMh4}XJa68++OlTmTPDUQ*6c2J(nFC=g zE5>jA{)#(eNjsku;vl~G$f%o0YVbxG^71$sNC-nI?noYT(#M1mHzQA{_eS(9`lpzo ziY6N#k@FE#ReYKT0o+eiMW0?H^)m?bU}fEwIY++wEq5NZnn zZ=!)j>>fO4VN#34dM3CoQy$G=*l&%$5G$UNg}FY~dx}a=bJz6zzCzN8(%3;d-d~YA zxt_qC_VM>jx=GHcP#o1OXY~h9kmZJNO$S^ZwdO}a9BxyG?|ap1(W>6-hH*llJN7s~IW# z(+jIhDwU`d+qHI(>0eF3^vU%6tJd)2>Hb)O12@NR|2i5Ev9IpPCk0qqigu+@qMXPI z+OT8z60Qj~GhUmLkC{z{1PJMTJz!# zCNCug!~Fwgqfh>|OyobRf64&u8@8A8*_JT{F62)#o`K&~q{Z zPDGuza_S7rkWi8OlC?yJiXh%0kv99YqhHJ4Cm`Ocz9d{q8T!rQ!a+*#`hfrgcKE=; z<@6f^dXIT>RG8dv*VfH0LH!D@*%01>@#OSD;a{uCE9wr1BR~&zH?io@2y5 zbbPEzOLpji;Zz@DVp`#d7P0w12kco!(uDoW5`&UZ=oe3e<4ybi4eba8nPx z-CgtY#)!lpW+;W;l5-ySi?pvFkG&pgFVIUnuJ-qvc6aDv;JI5Kav9+#!CPO7FR+Zq z{YoExZSD{s1q$oOc>XdoFLgy{xO>G|df)HbzHlY2MP4luv8hto_S<=$+-Tn(_bxi%O|`ELQ@T}CLstF7SA&i{P$RLB zptyF!O12Zz6tLy)4~TG<-xEMsXXLm-TDOMbW!3F+Iyl=c5YK9AF*BQ9)whQg1fd|D ze{K$yWmE>y?roe1dw1JWLQ%lC6%Igy`g|k7yNl4$Z}Ej7%=I~aHnW%^`IxsRO>xBA zF$G}k1!te;XU+^BcNvBYxSp`Jv!4(P5_S`n^ZFY{;Nr(yAqQ1phaHTlY1rGu^74GF zB!4w{I4*bz!R?3&#h#N;+;2dGAUQPc?OYa@X#rFWsC7K-cHi2bPp41|ZzC<6Q0pvC z?Nf%hvcolVRl=_SlBPz7rw8oA6j?$D_~@h*$;)R>)1JFCtF?$`oIESkw8U!o6W&xXK*Pm4sny}4BR=4O^ z$HD-@k^PB;x}|9qYExg3nmwWwQqOD;d4qkEkHW6^trz);w1G_P_?L-`gtkL?vd7yW zv=;{7^4;Adj~I5dKDjz^B))7o4ib;Y=VO(R<7m&porgVFPkt+}kb7gjg(QG&WP2^n z=ZD4dI-40q9$vQ9C1I67oou_2UbEtA=>TE6Trvbvgv{`$Zle&CV7>*-J-ZAhvqTf13DD zJ1ysk&_9VWg=&$w{hSDUZ9;S0;-+6AV0M)VrDH924S!#?H{(PL7WWCfX#A%?4lx|O zAp2wA+Ok=W&UI$PrhSFsX+-cWV941%s`1JPjo0&^daoU79Omu3BDH>`nWXcxHfAP%I1#mVUTs7BYr49hV({_an2zVDcQjdm zDbZw~R=nl`qSQnR9_Gs=!Lp60*AYBt{f7#pU?G2`1LzY^PNg9%eI7za?Q-9}o&skU z8%%{e@$RBNps<7?Exa%C`YQb1Nq}L2(xT?M#R55Rv>fd1a&t5F3)Pt)dt=jSof&aY zPMo_o;vd~R&YRMuXIc@aFZ9MP?RPI8J|u8C9Kg;ZGn%e7rcK zh63o5#=OvBSJcMRbRRl-B%H-F=`Fm&-?@M@%R}r(`kS>pnJU*N4I69AUmVb>9i<&iut4f>9;p~o>E@ib@rp4f|(SmkbQB3$RnE2l15y{6!1 z2#y_U0~W6iofU+8iC7pGB~fY#%sL1Y0R#*Kv*$fDy39Rm6zwXU?1t%m0g5M&_k54>dUi0*sE8cV zDuBbXm3jPRj9zj)yLgX!aoV~NS?_8H#*LQ9 zp!M%#K?CrxoiTp|m+?M2>i8<4iiyvh?tL`;+6=$aSe!Fvq@{Mh zzMZotn|lisXtm$tXw8J`^tYo?jceJyQxR~40ge#+#np?0^N6a^IK*?uvf3wko+&18 zsa6m|b|o6Ga(bs|ez4%$wJ{aBQH1*kP{Cl?1G!JLU0glTR;>J{yumO64+>fTGg(rC z=1QwkoKenmB65kXvD*!eyUvVeZCUhBcexqq)!XBqU#@59=Xl|*l!ASzQ(9}Ch|LjR z`p*6SohUEe!i5^V(T=(&_}mY`oAJ&}!)Ot}hTxLRfQ&);1JKiPe#0)iUuFkQY^3v4 z#~qW8c}Ki#pAc`J;HP!(-$3s@&Qj=0O3vT-Ax9RF&|_p1n7v_C@%*92;YF7B&2U zr3IV7Jwei9(J2Jj&}`?~x^GQ;x%>Tz9B)cOU+f;LOVxak?@cy5VYA$XXEzBbl6y?o zo3e-FaBA+d98S0RkY{rPgneX7IuMvs90*4FBR_3|z}6=Ow>dYk#L@T{5Pj#G5diu@ zyy>Ka|GAz?2veUZh|vfoIXli_opJD?ywUJ}f_w*$zn&_)Hu?(&7?nmJRB?|3JbICH zMIG)5)T?g@6{+ORq;NeGtl|U^Fu*hSxwl&Xr=VQ0X7N2e&;>@Wazfgm4o_BRs`I-{ z(9lsocOsH}-B>>lhwLu#Qmxs1S{d?jtC_xie6Q3epvl`VbdM5A9y872N;*NG-}OXS zqB0sy;`ea31jKPYQwCYRKkj`y4y>y>_N7_FFWiGN7#*v5aaMxM=|?(&am#ckU%h2= z!rRTYk?X^B$JaRn3d(18-^q8GK?}O);zN7#r?rIK-K$e2 z@qUyeLz>}jOoPPvR<_b$fHw^AUZzJ^$%wbe-|xosQzf(py28jW@r7PSY)d6=pV!j^ z5TJQxzuG+U3-1!fGoOsI;yR!4EtMr_PR&0*ZlUYHWom~cM4qrAhGb^Jh9sC2Fm;i_4MKO zzCn)IwZ(QAhY)RmtKNXUSaZMQ)f>Hye_Xd<#=!(5;a~)*hIa=DgnulZ+18>+5QJX| z1OzSxWEI)hJ5dl+kR9RaC-{5L^qFoqTqvrtGBe^+bBp4`gdCpBiE|10BfO1e?O%=2 zBsTjylYv3W5$SNT`Dc%H`k{s8M8czRzS9;bWFwr~?oL8Y8ci|D^M*;3ameHDm>2ufU^3L!;85Y}zh_!*IC)o%{w9AXz2-YA7_LF*&mJ`c>eon(* zQmC(U-g0~nBV({w`u5?DP(|E3y98MYhKh+Lv4${Jty9nWINd^gCH#?~hE(hTxw+$O z`G{URuPaOI@bKIjk#do+#jLa%IR)jm{+-`jJq^OMTU4FT?J(!Avsmz-L{ zy+XN>Fbz!It)iBU)D)#LFQ2B!_S1AA0z}9U6>e{z6M@OLiSgU7F6+kTNnZVwZ)5Qic!++U5#_}Qe?#OTPGIq5VVjXnt2^yO(uh0HUE#zmI}a2* z`3DmEw>^IG0`$=`5awKk$35j=W_Iqr%+J^Q8K@%W@`mH~X|X6*$nyw0+lm%{xkNxX zXidw9S!#qm@^24zx#9d%l;2qeVf0y;v97jFRCwEH_@|E&x{a<$$Cn&Ya|$8Tc+G)g zCTqt$tx}j)b?mLkp0l6k_}&Z8rlbe??=oFKi**|I0_Ko=Z+I?YE&1MNA{`;dd9Q6) zYM3}0-{^h%See6cQFRf(ZTcIKwMw0c;#f&g1Q_h5#J7)C09UXn_Iurv5W;@;VD><^ z!)N_fXo4;v35J0@sXU*rg~zr;#$_YCZZCzq0_Q>5V~$-nMj3?Z&&Qblgzj-@!Iiq# zD>^u-Kfa6?W|g`x77_5qaFTCcICq%Q9yQooc z4vGIteg2IJ1g+FUy)nuvy{M!L(1$R)N4^bAGPIYb76S%H*KcdMrt~QeSMDn$(Vq>a z+E%D+t91^SYVC?touQ=M@mi)D|7n+mc=cDoPNZXP7DFI4l1t*NIZ)$@jYG!Q;{u)l zO!r&o$XedRPSHP8-&&Yl7iTSsrPs=fLjX?%T>@MT&S*4C$POG_1C4!tY0m`u4hJmy z2VeLfbnZv@V00TRv-Y_fh=9 zG+-7fsRuUg{Ga>ugwq%MhE&niTQ!#;x%0x@*+x{E*un3S1$QLL&)I`P7d0*kY~ntY zYC=_Xe+So@7_m0X{w{|!Ps>)EGDZ94Xzi3O0Zj$XFVbM3 z_+U(>Df%ZAeoWE;3@cHQ1cKE_WMw(3>wUnQuHH9 zvF$yU9MN9dV>g|L?PcKO)u8jI2uR>H${$fAaYwN`IQ8J&f(b^zSM>T?g>}DKZ^2v> zG>M~U`0+w$e?@#!LI;gQ5+VIES)WG=3%8DI;iska1*LmNRlhIG*w&>mg#@wlk=oZBb(Q=xXs4fC9Z|OI7 zUtkI8l16k_7H|dAGpgSc_kwAksu;G|hwJ>2-dFG2*OO&~voWSZ_&Vj>-RZB{E7=!v zBr3VwIsoc(gR7u-RVMl}zk+t(+Ui#*Dcqm&Rph;CUe^4kr)rF6nn>DlqwH#55-@aR ze<*0pdzXrk|5=PJM~q3?aLhahQ}KK=%6YifbhGbq#)W^`=ztj8!+6|{BobOidSFMz zYaHE17Sl7lp4IPxu`XP}kw$1LZ2C4K?Pe9`6czjDR!Kj;y9cC5bO8I*9;q*6)M0_Y z+^6ZPw=MU%+{v{D9ZxCL-d7^Lhz<^}I-_e{3 z8T4$RH$R1mOjL|$37f{0BsSaj0m#J0_Q}bO!H8Kt^QJSa_2Co5dQPvySv}jxw84O3 zU$BtQki#$?e{p*Jgy;vLQf6=t&Pxgj$FPYNuDZ=#v)uy?;|L+KvH2>3Gdb{(CfQON z&@LH~*q0J(-ZecYz*PkQ%3cgau*F5)6C`iz zthf$}bsGiTO%LmDa_@JOUxx$626eh!dd|7-;RwIf=o~qZ!3ua5f6*2`C&D~n?$n*I z_iy7*&%?CZ>KU9sQ%1?==SG1SspkW2oDp|>%&cojT*4mPzBN;(ps`n;Zo$M-eldgF+bytiJmKh~kB;HP+Hd88*tj2a@Xza`x9 zKrJ+SmF|w{B>@cN)xdLlpYlL&lh4Oz9RX|#2*@wQyCZD=zyPN|Jg6E1dW|9FQhVIZ zPbWiC$%7)B?q^AmshRNJ0p}!XG+aX;O&>?;2w{Z41P;W0j|DiKki3>mfE;jPV=fS4 zs#W`$4?fkiqV+&E)6M#fnscK2LBLcZ7jJS#ap}8F4+9kq*y!WV8-bE)*fQ_F``Yel zm|+hicke1K*$yIt%J1J9m9g^3LYCiAjZ;9XEywDn>n}T-RT>nL1 z`0`slvomZuGl&za_F1Z6v}~3W%-}^$(}S%?Ijvx9h0WJ~4GLWDp?3t?ID5fHr{_gz zUtmQ!3F@MMOyWgG2lsb*x@~cE*te8AHjN4i!IAFgl2UHIObx#(edEJq2VV<+w!Vz~ z%blxKaBR)uD2R8cUEmg1aMy)~#T+L-x-JLLb2>PSw2;zU(vb4sJ<%0sT4qO;(qeG0 zz4R8)@F1Wg%)IJ-wG=jg#v0Dp#bka%Wp^64mT~~Q=1?eS>@uJ)A5d;+J{SoqC$umbexrbjfd5W&%WGIT?dO6u?$^u(> zhh%NUH!v%A3S;h$>=b?|LtYXJ5^wt(!OnuS?IY1SLvU_XTh-X_2r{l|>+iZKKAOa<{DS*!{o{Fe?|OrpH5;~ixlkXX(I3GO z^q^|5pr^fg^q{W69sLG(X+GVKf_2E?DoNiOfKDQE%{8-Ku7PZpShr-T5ZHS~Gj8Ra zVJc}cEHO3T=kp@6l4W=ESM#Id@QX(| zkc~%lb75cJ3rjZGMHd!!V+SU*yhL@p;atWD;UB3E*9|5y!#+y%S*I7$7oNjWFbE{` zyY`JqBj9mPg437$D2xg8U9Yq2z1(L1TUOHBXXpc1@YG1bV|IeLvRhd3%as*FT- z80LMJ?NVd5=Ep@!Oa8brH88X9Yq2zUvf!9;W7t0vQOFWtyh)7&`g^V`8W#flDI9zD zA-Cug&jQleYXU46hHt-`*_^@pVPEOjrL}xOF_RPa?;U(vRKT!0RI`MoXkkC1d#+T7!oM1p2+v9Dn9Z8A1_*K3B~O-^9p^DciDu4-Ki zhSB?gYyEtXY?=G~th2TLX657+&a-~_8RXXqj-wS(-b0}-9`76QvrAGnJN&7g zL`-S&0YdYNmb`bBctrK+lYqmV`hkZ-8w3D(!UDY}xQ`2aq$9pa45O0A*dMfoX?vz| zw)K0MbFk!KTb_OchlO&tM7qgw;teD*{L&f_ZxVLD6n3ey z^)QShoh%%y-+qsnOVfk5>>${ut0Qj{d^(rA{RK363A~bM0Z+3AENSl3-1rA2;2*v75Y9pc0y?_rT)6zKuc(N(fR!{`b&d-@~t=y1i3e z@SE%a`J)d+nW&u8kT1@jZq7q~0%?Vqp1uKSkHdjHAXsWQ0Elel&xQY3v2E zj%Z)l_hXN7Vd)2T(d{2w+y-qj20;DP;cKMi2+i%eeqHlUukR(ja2uMKcp^O9h%K|b zJt!v*zabeLw{WHd`V$iuRw~ObN)qf#pj6EbZ?RB{pMT{ij|+-+{AZag)hGYapC38^ zX|3Go+DG{sOfS=hvw2+S_V(ASMamx^ zFvt@s4Qmvv?!?yLpZ?9tj|*p6db2x3)SlE*7u0#!-^f2Ww65yLdkTi4FcskifmpSs zqM+O)?x38B-=%}CeD{}KY~t?mv7xaz(x&p|_7pU7Wd^>VWjs6ny+F^AUo}1G_eh?d zE;d#);nQ;!0tyS9{eFbEOWqmb9IO<~$;~fI z(e#x4$OOADIXzt-S6V#EM&@<9dx}g=))Vcm%nRwO*QO6?fT4_#4r5D7&I?a4)4cwI zVfldR*@expgw*8{8iA0UFZ-y!?zz9)S0i=Y5aP(w0J}OM10e0jSTamACY2mKS|4gf z;Q7jsjOE<(`!|O_y2@Us{(YD?uUM7QCIsTB8Y9Xv0voS<&1^z&BM|RN5>s3Vwtw9A z6p?+l7JkW#{w{k(5UM_ZNa0cGihmTVXfx8};Zol~aPNCtf60~M?dA#NM+DCicQ}e4 zUcbu`E=9vVy+YY7$1j2TV-lCo5{>!;^@MO?A&aw{GXYtkJLe94x$OSVdOVq9_nP5h zIsdGJ6BCBi>Qy`VG7<(-` z`jBON59p=?r+ZIL{cJb)vQt{Kx`OSvb(k28 z{I!omPjfpoRz_8nl{acCNSNv1mGA{Gh{5;+UDH~ttJjhrXK6(aM>b~0`c-LH>X*8# zza)41WLBK*1MaPAaM8XcUkBVn4-L5Aam}Yy{gRiZ=0LhR9*$PFz-A#Rmy1=Y=p?n* z4{+3Q4ThGJy!(R^sL7}E-LqXIx)n?WZ+e*5b8OKf)sc_8+o93f2TkwKj(Up`o5`9tjV57=xCrFdoqtB>EM{cGmH5vGu_FvCZ7B5Vj@v^p5$Y(EO0U8Xn{q`yD4x|e`f0l#izh22*1s*~&!WpsqRoDd(Q7E>|* zWZC%e~OO2XxOEgouKdLOF0C=0p(x=JxkI+(wa| zaTes`@<1n?Ay-MM9@0#Gr*!*OA?bu`Ws%( zkN{RHSwK}N=%f~^eHV{MPv?V%GWae3>huWp@(zS#}~i} zBB@-))Cd$+tB>ndSGQQ-L-k+?H6bgt*mY7X+W{#A^x!V<4~D#O%3&JikSnP{Q|04 z7&AQx!Xx3l@|==|Ug$=A)g zI|ud}Hc7JX)C)=7N$q=MTjJVgBF>3mF21@vO!{8nYleg}=z;5habxIs8dlgeBp>X_8*&Iw=%?{L zpL&7%?C)=kb+#`Q+VtZdnUE{qatfnQb|+2-wVv}TL7Z~rT0I}`n1m#BheXyv+RqP5 z>4onRs;pkZEIe;ea%eH2&oE20A&#TsZVo6hzW4{Y3BN3PILWXm*emhZ@4a%02aE0( zR_~$Rf_-2yDc^i~Kcqn7$ol-;SIfHmgz^y}^DFwUbg2|;+1+@f%HrJvz> zlA}#vp@!y8RK^zeFxa;q<_-8o0!(6>x>$nQWhRPLFxjQ>($q4VCE@Lz^6r2HcF38KPHtZwZ1$~bQbQLB*O0rF9^c~=Hq2=4oJC7=#Xz;X{^w1;Q)w2W^3^kEE#oC^2TfXE(2Sqo2n z@3R$?4;O6He%G=HyW7y64cr;Sc?Y${-z2)_Byq3>r8(jHeH07jCl_^gCwMyX6ajr4 z!FqTB{?M6w;Q{1T2v0BNkG|j6u_H5MUwt-?GO-M3(W_o8+t}h~qjH`m_p(h1pX|~3 zUJM5aU}*_U_pEK}fC|IeLDSt1gckNlNzh&L%?DbsvViqT$MB8*S|9AFY`*STOF#v} z7wy71jqwTR7b8p)hEs=&eJwo-6CV#1P+9e`I7zky558_`-Uio2>CTr}5B6}z0DVW_ zqwf_QF=*ePKQ6y*M~`c*4e?hReLP96DabdnA zLL(UU&V=r(=^En5DaeR#$~J-vd*;>huxQ*gN4|y3Ab<2O;lf(}PI8vp(!P8K!FdgS zz~sB9u^qlX^L&|YZahcwH># zm7@ijUSG|#RXnl*ROmZu!Et`Cr5Cv_gS(%TR(|9!@DPel4qY@xqqoDL+3=5tv(CUP z;5o-EKA*xEmNWLB_U<-4gQ0;}A1|G{yp|&vsyv}$Ivh>raN@Zh{v0u-GU*%~rqgjf zuRsoC)Nbv6*$m8h* z`iuxueV{s%J5ab84`J&-<-xIxhPyR7My*|H)66ON=!NuWduHCPL0`jLIi99t^$~#| zI6L>U`98$^iU)4%8DmdKt>JH*8bE9; ztdcZpW&nIUN>KYOmz|E;`4a_?n-&U|JD-(XaHyB;JMKTP?=K5ltDjMer$S{VP%PXI zo)j)8HLx9anP zwXsqU_*_BHn^zy5RoMCU!ks-*WfM5-KuLt_w_9NsFiEfvHz@s z(5FADUBai?)Mmc)p08p>Gx@E|RQnCTtR=&NrYFdoW1X_i?sn(fZ}R8rhfpN1Sm*Yr z7XqdaKu@m1RIV(qAX<%HaWIz4JY1Obhvz-;U>cki+3I@Q1j0p29@~Uv0-O)Wz&90o zK&_wX^QkIyOrj{`>+31@LI*Cc`w#Kr;)+YOWUwK%byJPWi1hr>BQSwL#hOo%c)CCnG2bJghFX!r4jH$X<&@eUesia}7q5%2YccCV){et!E0ixNvUJM_&( zTXTL2ET6+RwCma%&%Hqfu418C?Hlq)KPXcHTzd`172wHC4B%yg4+J0$b?o)03l)9@ z9~QO>8Mf_Cu>r#=@;h`s;v9GZyJcLOzNl($nzhu2h8;#}&%Iroi?G)~4@>xkI+^qm zOv<6nnZC5{>yntQBh6A?@4v;Jog_ZIP|?EzBUzTmQaq|io`+k2?Eyz#-_=)R7!sm3 zF}vO{!!A0SknzfA*B!gG^pf$}!bkCLXlVkV>>)^&B)n)!jge-kk|>xc1L67SP^?@w zxrs2S(j+EQUC*&d#UQKvI{R`dFdj;u`-~_@sw3G-etF3$c(H!LL$ig<=3~5wcXIh0 zE#7H(mG)K?I^7`~b zEiblXT&;+$Q)-V>kikY`O1r-`l_%Df2`N$%)9$Fy+u}G z6Yi_rAsC2b%|BXZDRT2l1=}s-w2OVFn}{Sc1XqrWT$nrXb;={!Zp9Al$Y00lD);={ zTIX-o`0g?8jRN#w$ zub>xAYx+seK62eq5Sk-+Ww))5j^fKxM+7U8a-!e-E1c^0y`68=_oeS?N)9__-ia?x zK|}qPQ|qZ1u`H0E7CM{!R*v7Fa)ZkF$?7C<5SaGziBCp>3}$UsjD z$icY4moMJ0S;nP>Y(gjiss!s3R^vT#fz@8U))rt#VG_3aX=Nl86)=v|!GJBt9 zfQUWHy%&L>`#oHL3t{IpXQVEUc^@NW3rj+hF0ej4JGt-pk_cLroAc}I{nFTV@z{ zc1p}cN&PAPdnSbv3zz7VcYWi^AwTa^3VvJhJ-^p!gNHoZ1w~ zR7ghb@6ZAQ{&^UhUlTxE!X4ZYK%A>tZ~ualmLBE(NdIb-yN)ZRL}%{n-In%QpBUaycZHKPQ$bEjBax5{8IyJ=f~mi_$bKxL5UA)lkU`jp){_w$<}t`a|GtbAXB zAh}|*m(gVLYWJ(YUX_C@r3Ccwa|0yNv8S<}lzIQQJabc+4kR7CPmjr4@Jx6fL~b4>2o~#zYp@)cD@9csYHu)oe;s+w2rwKFVg`Dxw z8k8=q$jBD0-<1BM0-s;CLFhRsI_tdjFNKjKJ731$4=LQ@g6E?6#`f)V_$)tV?{@;u_^!iD*13K^ z)Gs2agShT<5Em8U88k;&!Ff6qrf2nQU0-{^3IiuCTIVYRn60T>eAjCzm<3raU(j+9 zF}l{TUDAy2EbJKYw@Bko+jAz^crEf^+csB+ZVEu88?ms`m^dSpKq;aca37 zF6iu@REgk8g5XA$%x*?UM=}(+@pEk9v6dG;QHPn*SwBBS@dFFP*?AP(#t@80HJ$hiDVAf=VcsI{%@@`H%q_Tl zzo>gc4OW-S@2OfRkGWRG9#x;nTGYyOPkh6uDj;G5suQH~4u!AtVG7N_<CEpbrbkDC-b}bI;s5ax1*7+Y} z{`ms#ufCIE4s$+-+NvLkmn-=m7$k+$IEUX%-9{iVi2;>VrhF484N(S!>=oQ5{e48l z)>Q0kqkKiDp|Je!#rZSN-S+`S&1K(C%~GO9J#|Z{=LPkz9`7&;*=22zT6co0)4i0o z*I#5}37`BA&sbhiKD%9Xs;5}-ZQbjnDWuAn?;_yAo)dk^#}E}HJVOl?TO|P^`E~>- z{V&^SU3YzgY*7!Ge6`R;-YFKz!|VBFeeLnLUtcfd9qTPNhUKC0L797^uc=yw3Yn{K z@Pge=*w0Av3VQ(;Mce7Uk0v-r;s4nnv0ctY=ZCBm_i}s`_QQc{xX zG!M?N44FlmnerlStZpSR_;qbs4Dc8ZR5RIi#NS~#C>ksIZYO_H&IG4#$yT>J`wBI zeK{Z`jImt)E?*;r0!T>&q7!-}3W=x^ieV2sdw;t95Yg%bwLWjKrQ?5V^FH{nSWrI%lWgE0VC|yqg7{52q+iG2|S}{z*@>D@dD< z_eD1n_G^#01;@0m<~lyKtMyoLj?9~b_AMO!r4N5Sm-y!(!YTtkF6cKjPHgTUf7^IH zybaszv_t&|IBnRs8Sg)4$YQmq16Yy%$VKc1_XQN?;dej$TScKW!U5|Cg5#z<9}5mX zW{mdJBA6)OwS>4fJ0)KB!+l@n?>YB6*)RAy2dCprn=k;IYbt@L*;#NGZlaN~*b-nh;fIN<8%*Z% z8r3${^>Cj`#;NwQf=Rk8V3%EZA|L3$s2@V68l)=Ax8=SSNI||B`fvAKa>k6H7P4ed z7w`@+7D*xTegZIBe+c#1z$M!tQ0Yk4f&91N4(N^9N0sEAPoOIv8Fmv5M}n)vm-Ua` z;_&zFbmh^^_}GILAJ>B*2bZDx9Pg9>-)tCI#B|W^vss%si*0Sl*WgAmBO-T&Q>A(d zC6(^cI=9dL%pQ5Rc^x@JkWC|C!-AdQTI-37N$)#^Xb8q{om*CfE;xD*+H!WJzjedB z7qMtB)bqKr1FtGGvN5wz@~2iXeze8IXg{8Q3u<|;=SB#teNYM8DiHe@68AXH@ASm> z_`R=4NSU6|FN9{I6jzlD7BcSiSq(1wt`08>SV81u1IyQFzv!;H59fN}ES5=}a&)x5 z44HM2OT}aLkyqt?gxvVIY71wfE0t&2kQsl!;+@dpby3Pp&SmWi>r3hs>X%PVWz5Ls> zKJ535-WuwF{Yo`8?^Qy;$$ ztU@=BZ;NBKWOv-ZQ$}N3Y*gdl5B^N=4Ww4B2pLItIuu^igYWU>D-V9=WQOiIyyS4) zQPOg=Tj$9Ak}Y-RT*0V*-0H=)PbZz{4}cASOEkaRZzV{wxaDF(l$lB^f35eiK!APh z1TYNDnJUzz(iSe9p5&*8S*Fv$gW)g9b=Wkcs*lG#Je*DLwX$+^M322j8pk_^xe&;_ zt{f(uL~?u}WTvbFp*Kl()c*PQk6P|$!o-@&+V_fu8X&;W_*bCV2fzKACO7l(YyoV- zpwNNijaA6JQP6}Pm9QvuI72nTnDVDv5dyth+Jh`_jE&X3n+FNoMlglwrzJ}La#cI0 z70zCFZuhMl!Zg5Uk{4OxTxrL3I zl)m-OuZkVo3XRbs-#q1aISbMlBlxSfY5$&DnDg57+0Phm%`Bw4r5_a3u+MSwvE2e# zyW?L{%-r^~ai#0V_m$OO>wW5#m#N;jq2J+0G9QmuR93v(p?noKI=^1_)q;8|oWcij zniApEdlywY9QO;&x+|#8AF270D`7{`4%au{&eN*xki@VYLuY}hUHc#F3xRw92mqv=a?&2UL> zDE^%H>u5H!IrQ~?9e@?0I0u(``%{X|zvUA}Z3UIm8kMh|HX`qf5B_SX*g1dHZQ}PI z)Z{9SQm&bCxZV!S<@@r!=x4;!PF~OkTt+GPM`b48W<8%H=7(DAt2No}%$*9Bf#um4 z9d8Ox0mF=@vJ0Pn6kQxZqu0|VKEn3dKN0Jh58wUS5u%rTJC4^q{=GHr3K^iUiK#3` zoUJx*qH37oi1>{D1?*d<#@~xxHu4x{7tU!jdryn(_So`z{D7vWzy;XzQ2Y8=2PAWG zKO6mYfvZyu)vD>IhH(GBcI)y3CPYSY-^SNH-fESvwx4vSU4s6B9(iIbPuAson+2mM zz{nG`7-kpQjjad%dJy$A3vVVsv3u4zc_GLq8wZ0n;4?&0>2bJH`e{tmv&c8s=6rp> z-u@5o)CyI4Jd54h0|WW(5mfe&A|2yTlG~i@jTxdCD}?jAgLk=c-CDf~uXyiotwW`_ zucF3*;gn*uvR`%|GOgx|=U837<`#N+e++l;FrhlU7&W_|ffjz79uApo{!kkj)TCqNS`gYv2vb`xbc`j=hJg+E;+Rwbe z%N4Tzh1|@YSe}ff2$bQ%JC{$G7tck7m|ZSo2`ET^hO1Shw);pekL%Jueo|3ITx<{2 zdvUw?5ImCmJ`h&YyKEu@upEKsa%I->9eWH;hFGnjmY<bV- zrZ1F=vgEWT7Gk|sT7(%r7#5HNd9HXS*o3|%jPZ0X6n82qA~oyeugBgM~B=P zPO|ykv#i%k_(pP_a;lHkUQQiXesfC8>;-vk*_G#mzJrHAB6xa{d+v<|jMU^O_#BQ! zG{8EYm|^0eL)j+?_UA$14b;VjEs1@q$0!kiG7Yl#Vb8V5NG$VuW#t=N#tr}eIsx<{ z@Yx_vrFk>7&w)gn7ES}TqyWN4zY{QUcMLchE1={vS*)#w2yr+3|CLya%NH*n& zrN+L#+V@bcp(H$?pd`Ce1AnbeD&UAASm6cJycMP7`Iqn1*LOGbGPZSc7MZr!X_Y7G zqsW~h&hO}HvWiH8AzRpo$*EO#9j08F>1c)1rOK?T(9X#T4X8Y`TfNBw?M&E;+0g72G$%i0z`x?9$A<@TP~ z6Cn}W6i`pT@Z6QH9KnN$y#Io`Y08SVazhS>cwg@I57yx%tWDdb4i1N;dY&Q)uFLqT zzLnPyut=<vs-qf4!Mn{m2ZY! z{+&SwNqs)IC2^^sU98G){IYV4@D8-5vLa~_%f1YT0d;wEhflNI+Bm)65o28U_wU{r zOH1`2=Mi*43n|OWx;(exF`RWS{!YAlh&qz^uoey-5Oz=8hvU*vFBGSmWP4#Sf zbu?O*_Uy?p7_(d4!xnP16MDDdS7BJqZ(z>$tB=WhO?P!qcQ`u!l;uyml1~ zUm>5ge#;`m@A449`C2ll&=T`Y8HcjZnZvKs`U6+BqET?q)-1!65>AKfmPKRTJO|H8 zd{OhqFJl3vlLsgDb#L{)CnPW#?aQqah~FH+O|E_A`u@|FVW~PyFel!7UC!(YI_%jJ zvE=c+X}}bCCQ8a2+~peHI(;UywhH0=16BjoSTYPg_DR@Tx7ZxXSorV@(4!ij}YVaU;>c`^JCkY)onAP+t>Q#DXXmy z*O;#)IdS%g*MMq5hYjU$YJX6q?LkV|GbC+C$k0+Pp?#ml14bkYGwu7MdU;ZJ&-$?hm{5s@)fF_4{J5TEIT~FN(EK!SF0US6JUPBtPYFnI6v8 zin(7vNF~(b$UA=V)|w;#xqGQ%p+yhv8{cI^)N#0!X$Jxy0_8OL>^JH|C4vnM&ok+p8x&zN2Kf_zLbM*|eA`6T(B!1){)^zv5o;^Fq(Kq>P1el&E|K_$E*2GV z0bBp)I2XNoeH5=3si@IcptD^QjNZ<4d4>Xx9zn?5E1@Me-x2~ldCa?_h*xe@Q z{{1Q9XcSf3dV!Sds?*VQS(;a*RlOUX z+4uA{*6m|+?v<@8=K0)*-loIw^kplmKh$6)Y}EHooob|k*6=miV_H>gP0#eV9f`Yb zD*WoTHjxyxO4O-4J!{Yo5BO z*Lc}`6NJO9voVv(CSXvfIa9apZgnW93ESh~#ZLj8Sz=j48ci5tPVk2)|SEiDXAX6&;D*eS_8Aoy%#2iDC+|E2`M zuh?U^G1`W&L~@(cs1DCn>FqamyncPC-D|81^>2>4d5=?_t@OInWvTS_*mrakAOP|4 zol?ERcs>;pFf;wV-ZwtCme92B-79hc-2fyDPY#jCEMXG3XA%r+RqC5Ey26A0`iv=t zkH(>FLHkBkWlQFd>}ly_X7=C}z&_o;mV(}KdMduhx-cUkX>;?3%cLs(p&!(0nG*hK zZ(r$DKeI>)J`7~X*bjf<0+s3-tlX}#uyJ2We99Wim51{~bc1vj4qJCmtyP43j=RNY zDv!Q_hrQ%+VFdc}O5Gz}QPlGjR%-zjH&n#W-{ShMoU3jBT!L~$gu=Z~{2ZqAYJ2We zwv~hTKCVC#`&vPYzWX^Qwm#%dXp)=S9FogapuNCk+;(=s4~SzdWwJc<(1aqvmEp#6 z#r6PwrIMA~kKF!5n(^M3*_RxckL{`7rx0Dd z+_YfE1S7=j;wjg%wwpzAs`r@~KiYig`mqenE zpdL3zBu&6;z!guw+Xx6{@@30{hnfHh;Pxp$KEJ-vqfPe7as_i zu@!`H$T773;HL}p7wtCp8-nVR`F;pPb?RPQ_+=7o$$$oY=U4TeY~s08?WBCoi9uOg zeWH_tc8+~CbLKZVaGOK5VTKjL6S_Y}-RVS5#z&~>JVT0j{`t3S?WHKFWM9lPzPrL_ z<4G{h`7NA}v*`OgLvZ^u>Z0b>sLna1Hlz}>#G6E+i)hC|!Q?aiEyVKUU^ejln$P9u zVg+NIB_R(Qp9y4RqtI8G!S>iKr1)5=+xXBMhg%oEKrbmJiQ8Z7)V6X3QH zjWa9Otky}Ldg#W(&ABYgT`I$V`{4<)h7p}Ft0B|gkH0fdfWLAFcZj_Z5A0HcnbT$y z1tg}&qVxhaKV^3h)tM}4?dAyz5+}ngQz~?0`{aB2RT|9g2~C&zu=hoT@BkQnOs3J> zbC_!OVN`KZ4$Er7*aAmu^%aCDwkY=*kr&zU0#>fo{6j>G6)a(XeP@ljA0VuzjEqkZ zya{*ir+bVldr_fXtn6I9^3EZ@ih8?9>26CSbz8r$o3iCUY~~}1+OnO_TD}aka(vDw zbA}L#*7$bgc9~ET4`SFKR3G9$N7jzm^tr&}9uE^?KwLizrY|@AjQfhuF5m8QbK`a| zY>Cig*TSJ}n0I!}U?ZxO_*)$Afv&!-5@(lkfiHS82~%lr;{MmM{5k}3 z!+^P@_lo-P%XS^1$mPh-78L%GdLOlom>Hk&4~NICVMk#3_@~ee`VqDekn%`j z*|=JK@l$E2C%a&80liFs8*0G81E}elV!^|%Rqv8_Hob-dKkuP4%-EW1(LTkZ`Ftd; za3J8aOteh(Q~GkZ2g0rCBKjHRw$A+###+u7)kdjOm|1;)pr+eo$9+`u#J(k}m9+Jz z758Ls2$e5Q8J|T78po@}MOcNUJDh*t=<_~l;0B+VZ+m}-5Klas;dU7L$$cjtB!joA zmcOkM!m^qKES9}NO4U7s>X#78I|-k*;xvW)^%N2whaH#smsdO~pR#D*3POVbtwsSq zM6quDIZkiQ1(jZY9_Np$Wwyw*JS^3p`BqwY`Yc}D+a3O49;cBf`tchfw?hI-$po8s z98wdRC<)(zY$toneQuf^!0vpm6CagZrvqUri#sTX3t`++g&Oey3HIi|r)+;7;D0%t zZ_22qx|6&YNY~)aquQ8~gNAj;z+sg$>WkK+>5)~*UZ@*_eU?%{-ynz=#^>|%h%Ujt zy*m=*bQr>o_CV_V{=_Q-q|v$Ob%nH}Cj`)jO~^%+{ra(=#s<=6Q`w7^5jcxPsl2~Z0SpfIXF*jQPN^h zQDy+D^ycXNdtYnibZL-O076b?ppGwH_c{*Vpq0sV%dR^9WT5CTd;LHaKK+o*TOCGp zT*}k_1RUh*Y{S$HM~y23PFnoQPR)fpg@HK3muw`pIpaZSmXHcYui*E*tyt*=?kxXG z^L6TQs(V$itE$~05_5qgkD+T3+c4UU}|k(3o&)0>sBJg>2`k-0CIfHFF~F2ed>_=EjZyH*zQc|)&4CEc)!WW zAtBzG#t72W@5#1M4i%)~==udErSpr$<2!1Dy5xULfI?v+`}F(ty2z?ek}UQUGc7n7n3>SfB5>h(8m&OL$IV zZvzTb%oW7X)dHT;gqI2-(y{`uzjg;0H-J zG-@;kiQH?}xbDvT*M0O|lNbGd_>|XZhU?yKksy*)RAe>2P=Vv4>jEd_E>O=4@#-GR z3#$0z*X&{#cvsV8@izSx1xB_+;{!7Q^*Hqtb$gzJN7!4RKhEn!$@)LCy#k`ZZ#L4aA{5OL9r*G0B zACf&KtC-Zi!QV6KQ}I-zj^3O@ZOSKtffcdu6IAo@mz02dYRy&m;Tm7x384A?)dsQX zvJL0_a?XvytoM;npN_WhbzEGI-fD#3puk=A=}xEYGD1nqxAyeKedgu9=bY!l;Jo_FqFuSLN3iQEuVnw| zXulDlThv2+aN0-E2T=0Id&sH}{b$b}>B0aUAhL4Z`mdNR+) zYY)g2NmG&DIgC*uJrdk~I!adujLr0^M0{TVz_@QmT0VI5pE}e)heYtrz=eL0vwDX; zDtyh7#Qk7|fwv5KxW%!b=7tI=H3R5dO$|hndo=kxBSV}|io^?_dn25!?1c5G!-n{n zFXPV_eAeT$dGwa&5rld-j&|&51;L15Q!UgjNP(G>qWc8Pc8%v4+sa#?u)0E6PY-!Z zMb~9L`mqI@L~(qML3mdvgs_59-6gp#v>fen*_~YEdJCZ29i?2E1q)$kKWeCk8xO$i zreutB1Oq~6-FWd?ohFi|Z#D5Hy_(N+jfm__G zhIG6-9nX(b_5*BGdylDTO6<4sqdIkxU;jIn@2r*mAl7J?mb&Mh6L(hD@6kLXXcfeL z?g+mVF;+)9%lQHEh_I#)0`O2y0FCpW>#`?XXX{pN;*klT3?#7JRED?3g?HlKe-n$b zFPY2S-7D>*j_z&v(nlwLkQ=DAo1NTB?j$@J3IdC5gZ)7CMjTaHW{rp!H^jF70159oja@0rPyznY)x7&RF`B(Jp-Q@`HtI6Bf+)rUT@CCZv zoUD?qdb1}DUoCQlJh9Zc?^P28&yTe}aICWi@&>o|Ej+}DdVex~4|`GkV)>lPTQ$SN z653=iD59~8x%yCwFU1D6f=z*Lt5aLKuo1)#RN%g%r`M1Q)NdhGr4(=G8v@hmcyEZ| z?8|;^DRlEX8wk6ksj0IvatLbEb_jBuo<*gy-8w%(VN6pO9`XHYdmiM8C3hvndd_Nr=OjyCVS@+fQevYBe zbu$^?mb@MoMZPA$u_{LC@clk}9-GoVJh#nm-ziu%pkk2WzHYFT5~EGQ%G0UAwg-fd z^Y!XAd`|FeNW2ck>fZ|O3LxF}J^MNU5@T={L-MxzX?1H7)&KK3-lMq?!(SGzfOr=P&f9$z*LvGF~2|TJ6;`*Imq5^ z2@S^`Z9wk#9k8UI4wJ&-PTUUEN!E1r`l&tMeN98MQp(Huy%#G@Z4hE>BFTCC(mTM< zMytbJI(@XEbdtE^Jz=kGu||Y(n>sXy$Kp1WMkh;pKyAC9p$=rYuM3E z4tU;}2Z-Va&n6z!T3?V3RIpfnBdqa|);pC+%x?XHJDQD;NTG6f8V`E_6CIWLJLUWb z#+?K4K$m@s**mZ+?>pw8aDqQyX@xx-m?@j4$Gi4jA*8uz(hv&7cjceH3pRYC?Ea7|;uT`O<7p~% zEV(BuW0QQnN%DmkIfyuc+p|{!7Wb_|;iX7MHQ6d}p(Tdc*S%c1#Al^zOMm?ifR2Ox zMYP|_uPB%ka)&lpq)g@SiY6ol+v!Zx2YTqdP3M>d-M4UBZ7<5$Hf&8>*%+GPiI;ob z58Hc|eL@0?;hvCK*=O;tGUZoXa!IZk`+0t|bM6ym@T|fsYAV6iNaCC2ozG3y?O%8D z{SAOYD!al1(PvB^Q1LG*eVgx4MEi!~UihJE02cK0o1U?z-!)nJ@L8@c97^5emP`?$jpF07mb`UJV6* z#c8hv{w@8YbV_AA-ZyvRq8;HM)Yvm#!0h^jW_4UK^VQf07|qoCK!_ov)_K+U+Skz<8t!fDJuzZ5LUA>)96Ex}Fh$pN2aA?YDj)f{IM@*R=73-TU z+{pGH^ZJ1RfQ^9SBkpmO|2_Jea2$)5;2BQYQWvI%+$%?jh~fqE(@lA`$eSjA(Sf)> z*pxs18uBe0RzKsx(bnoaDsic#w9uctcG9e~zVCmvBafwe`!sYRBceRrMs%YwOCubIt9}lx{8hW z#ekjef}ZOM;7Xi#c^SGy&Di8hAMPy#ANfB&a}5z`jma8N@-0)}zpOAJ8GdQ61n}Xs zM0*eZ{I;XB$DcqwUbW}C;=BD$Z;@1ODWsz=Z~JhLZ=5_>(*%>R1oZ>B6x)u&Jo;Ds z;pA`ev}Z`k&s%2*R;I4U94h?W^BAZ57ff}XGWM&Sej5WrgtDnmMc1XuRg0g$xaB$H zdB{IsAFvfDg5YtIbL_uD0QtlzhU>-Qx6F6p8yN7^lwFQ^{Wy-YJP3SG9yHdml$m8f z1<67rdnkeILb&zE{maGYYcm{w8OsyX0_#dhhs}?$PMn3;zb9C>A(Ddu2?>67r>HPv zzhi6J>CFr*q^vi`6K+U zMZ!r5l!vO^3cu(lKVl*>gxl?YdpaxSC>%*%B5(!D@ieWl>m|?GMj*zG4yv9l)g=C-m}C zVaEWkqK0baN30Ls+?FuJ-giVZAg+*aK+XeX=aqrAdknj9BYc>~zGbc265RS{Wq!n$ zBt#C(q4lE|1GI6!NLnAK+WjFFTF5j%qJQZVyfHuB_pYek`>b3V<_E#d6WoomTHcaG z{KM}ii^mtQ%k6;k^IU~Cl~!xxeV<;aeXno#wJ6lrxV)H;*@QvQ|JX~it;TRz>bneQ z&DO{60bSlKil6`pW6h*+mpA;IFZ=D4kpk`e*zakuEw6rz<|kMC!%tQ!qy5pEw1iWf zID3R!l%1vPi*$a+!KYu>ss;<_P^yqrWMTe(*hlD%f0&bAxU22ELgJG*I_J3IRP{Y% zhN|?t6}ObtpgkOjM-8HFhC9En!|>BC>Oq9z?|qF~%XNO6U!cFn_GvWMLwW@9e_!nT z0-U0|BLO&t$W9npWr^Mj_ z;9YsXP*5j&OI5P(3qQR+jwuv8ZwAp-o>o->#9NN1D&Ba4&~9&*{0SzW+=rz>A7=LBIQK!kIXU+ZK7|8u$jJ%U^LbJGS2!W6lx6M&O>lzZ#Ta8jNv>P4 zaE)C_!jR#rePJr}15U;3Hgf0dfRPr!sV4XoZ`Sq< z53z~_0y9oqFegt`hYvPSq2)OE3v+g^zQe`DvW=r58)ImCYj- zQRg!QUJ#B@fI#87ntp1p4iHl8dRw?stMaG5Z(mk$7zLXWsq_a`OiJh<7qiZi0t93}#*kqj}$E4;l zoRaR+Of#4)A1`;l(7=u+n}AFs-ood zUMCRNH}!Dzwvw0mHZHJqfhocFV!ut!HY)|**-YE9>X9RE3U-T0E0-5pQ8op&`PSTa014eM4y5rM?uH0`RXd(Rui=m_qT%%hA(f z@n_L^+;}>}HX_)5aZz=v$ssT;p5LZ_hFt960@KiRD&SyHoq<|qqd-K``F%cX%CbKi za{Bi#^tN;C=gK#iu8>=JI_OIr5GF}*C(oWZ;L1(r6A&`!&TH8zg3~jH&9Pi{XatCDD9n?b)k2>xWa!)^w|SJ^6d+j;uTpQuy{EjUmb#b9Z!Le%xn)^Y1Rc zeGY#yRU(J*VF@C3A0BC`34}Juc$*xfZB zgw(zYFO);?-?i%t7}9=Ri(c>xgUf^dZEeYJH6o~@g0=>vt*;L3Y#C$uyybN969W2* z=4EOXW|UuC#$OnT4D;gpEM7;MZNc-ym3W`&bUzR9)hX=lLH{n;>7>arrEi`*OtysS z>r2`fLj1@!e-OrEq+1Y2PeT7mgWzJ)R0Mpm^C;#0i3nr0>2xkH-eOhw?e#AVs7W7! ztvK;X+fc@a6?JTL3661Lbf+2>~3Tmd)?@ybg!=-_J)rV!rG1ug9yuoWul)$bJ62DUUC7v`BvdjYeEZMMN=+{g7cq1;J#;CIzL zy0Bv7ZwxF=aU2<(05!{4x1E9*8l3%hJ1{^0d@ZtO;qUBg;i=D|=um!;4vr0*bv@OF zny@MMv-kj>RA=WsFSQ@*^t4z^k@L4;x%*0WmRv{ryn8u)F$z`qbrOnt2q2}Xjx3SZ zTw6v^`w|@5HLZD%ruPTu;)5%QNZKBf!F+vMuWFZR5GkX%OZ^J7I?JFx5QpXDyQ}%l zt7SIk0cQ+pgz^|bf5)N9ru&#_KC)8j8`AE*yQn5O;#(c9X&Z@lKgzfac*T8|DBmZb z+fx6TQOc~#h%LMR4Ew1@SpkpVuL%n^{*52VI=q0hn6PHdP_3ahx+%(Q<>iaa9^SH-BP4l(!XDId$G6c z1xB2{OdBvi+Sf1<6@M0nRCRdLvrljg)m3_(i-_BrK&gA^HK`Fk+#0&cl3_3#FuwaJke*s`zs9`fgLP-wNaj4h>~!n61!~EgX%RN%O`I3{{(6p% zorW*P{MeKpz1G9rX!n?&G^jS6AN(-hWA}O*Te%_5ToBFSzW-0BP4=9Mk~4cQLsPI~fN`&@xYSr*F7ib20qjGa!v{-8A zpZ;v#^;F)1*FLGbhml5(>IV0%RaNlt@gC*m5FYt+ARs%4C*Ag*009=oJuCC0sYdcW z&{>It4#l*r?_71@@qNNE`*V+==PjO-P(j#zv!~$u-_rB!BV$g zNr}&e8hgJ{rzwrCxjpK@(tl%D5%(a&gX(|wjqC<8zA+D#^IWa-pC>N&JqvofrxY+b zoI;BHtb(TT{w>^Ghp1n%mt=oe=wNcpcs@t$FGYAP3jrP3$PDj6{GUiQw92)UZLfyl_u>iXHN(N%y1?dv)1AxTYMlHSDF!+)$f z=N3!_Z)&Z!2kH_0)r=nubbvoK8ewC^-;1%Ylnn|2_HVy$3cz~8{p(gD!ZWDL9Fbi{ zY;Ze%pm%kIlHL)RgY3;t#&UvPZSOulG>=O>UM=t+KHlBfY0JP0;#ntr;75rw4;+v_lI-~XHM|F`!K0l?kP2&Da zK>pYY^eef>A8a`lq4v7Aq0hd|s(oZxW0kMZ*K6&4;VwSX5y>CqkJZ}{#dUUHW*#*5D(a$j1*MJZGeA=9p831mVH+eOdg6Md`o@xGAH z;MGLkTxH{@)IRz8B2;=oXFWt`C!LOc@a4@Xx$5MZ@J{21^9s>Loz+iQ5VK${sbB+d za&Ymef(w&=y3`hJ4|Q->NSNWSuCVr7ni7KoACg@$NJvf)XLUPJBtv@~$QPW&dnlFT z?}^I)wQNJFEcvHG>PQR=GcTu;?UfgByZk|f)jhL+)}zZjv1dF@d3(^sA#<4qPsyC_ zN`6Dw7bz75TzuQV?%y*NUQejO?03F0pki^6^9*kH)OX@^(4!9Ioi2)wJ?uqAX@B-^ z{SP{DU-rwKZa0Bko;5WMI@tiofg^HdZm!G6SYKcWG)Yj=F#R1&O5ytZT;&}-Fz;1J z%*fu4Hgul1Z}#uUsa{RRN2+hFo>vdBdZx?sN%I~JAd=(>GYlY9`_<*AMN{wmD_ z$U~vCv!UQfEimkk%h=_w%!itC%!c+m7ABGMW7V}&|GPJ@_-(`t_;tS!81?Ix_5Eaq zL2kdMskx8i9}^85yzmp`>%$!CyNyfdcYkw9>{NX)@(RMn^WsiWJh>$a`4$TNj=Bg8 zcRp-m8JSSsN?d+h4%$1ULe>>2_5_0a(Ph_!K@dqWn-RMluHu&^D4ypc=E!8m`4n!12YO4?B+;#_dxaS;ecWIMI^%1R6n+FyK-7expKB*J{@h)d?3|A z6;E2dL7%r@<@?;u*s`%P3e5c>uyX?s5wD{UmzTV+qmWumT>C|JUCuzWhs0az8FFO; z`70wTFb?UwoF2zcGFD$w?u#oxzXInAq5}|>NdQ0FB2yR5M{pwC4sm|CH)6^IkLj~Q zkc%w=b(28~ogakcKynxA7&cIxvV+&~ zC37$%ZLl$0`}@Ipgq1{B2T4b_Rgc=pw!Ep}Xh-ieXkRw!>Yf3?57hGwS~3fJuE=Cy zs#v5(@>ckH2^>yazp1JAtZq*B?9l=U zLnyRge*4A>=u+GbKgF;#L;vxem;F(O_NIk0-Y}4@C%$>uv$yBmzH?g&C@^pP|+@&pG()_{BJ#q~_VYm8*dfvOK zvnQ@CPO`OiSq}C+zA=9fD{TD+8Y`aot&)&Wn0EnL4eqa#{RkS#2~P0fO`D&K& z-Al<-`*gc+jBL7Cn1xhs`{()yFSlpAg@ylO_BCh%)qiadQgYNEks3%2>}#DB>LxjZiujI2C0!uS2Sb2;s9A9K+qMw=-^`L90a+;C6ypP=(x_kH zx_6T8rwnbI{aE^1>N(ElD{VamURHnk6`afG^9=_tJcZKo?GOSBE7vRv1cu>xt(4__ z(e>Z*vud_X?kGuV)!Bd~7_+bIX}<~cn>Ul36_fQ{)Gw#6DDczX_NDr1a2Z;TR2~yl ze%aR?GC%FN;O~CVGQ0_%GRka1qJne26=H6N$qRiJ2z7y0PlzAhch%7twZTmHFOZg< z!pY1s+9SP5L*^+D<^p+@^Ap`A%Vmw~`?rX(9|$(jmXiU7`0ycPAz<{^zV+E}gpm7C|L75dbRht>CNpuN zhmnNNig~uwmVP~7g3iNYZ;!Y6!vpL}CoE7&FzCBexc9&ypAc=>TN_ zh@m+3y?upfNzTSc8&*PM-FJ|kQH_@*3X+mM7g;!ZPfchu%sij<0pug+YJxxFkFeA{ zgf!S{3*z&Mo~M(PU@)CUzIi&9EkX3g^Ol)?Zl57Y8avrGNjzsg4egiagl_-_EB*}t zkoF3}VIPn0Q~1{jDNpyu(cSmS>7%gb93{c)#B(6c*9*7r3i}OBfgG4TIFx_4#E>qy z%ypmdXGM;loDBgj18(kZR*2nFnEfA9k85TuccoK|8{GjwZT$)5{d|}Puus{W7`7Ad zu^^sWv0$2T;_k4Ee4ZX@&}abV4Db*GjjMVaY9rB+ozcl;K+RO8iYWvlFL2>vHA|0H z7Co0#jw^6=>~T^<=q&FydF6Fe8&di6B8d1lJSpCYNst**>tQU`$gnr|VB!Xwb{55w zhQ;LQ%*XGmW22P4`RKo$7E&`u>A{TQ_#rzjxnC?ith63Q^c6;5hR1E9CcEEXtcSW5 z4I2quiAldUv}X-DdI5+WFXjh|j08Ze`D5Szie8m`Voz3brzG#KY56AFH-j|r1%io}L{O+na1oTNEhrSU1|;uR>(11_i*pSw z>|WR1&hHTaVH7_}&(Pjd`TSgy9!wJB_YAD~Aj+wG`Z48u*q&MyVRsO;Q&j3WeO;I@ zR)UFoCAj-U4|4Osy){OW&VBC<47~TaO%_MFpqP}6fwi(!qG98zs~^Z~-fSEhhr>?M zAJ$%bz^Rv8Nh+#8=Hv3K-<7hT)KkY7v1bzEH=FREt_I(p<^AE|h7$IPi)P*2eYfy2 zE7pC-@(=FI@Z=z*ti;~)fP_6+Q>{X8$f<|diuQ)9<@x%&tFV58UfT&Pz2E_=tWUWI zg2(4xcB0z|{m~~+CyH7&l;VG3D$#|pr_;IgnA82*Bz0XK%Jm!OW-g%l94NTkW(3gV z=iGaNai&}0^E_v0`uyp<-C#7idAn&FBpe!N)+y=m1ZCCQuOC;6CE2t@s109|nR+D( zg}0%<#EEc9a)nPls@YC0685E*4}~Wy$HNXpVs@yA#Q)TI7~HHZpmg~I{hTRt-9F;@ z@`s&T*kGl1gv@--xE!=`lWs1n@mpPOW%iE(+K-82dze%3Lo7*wxqTF6S0?=H`g7@6|5U+qYNCa@177DoX^PilIU-?ks>4zIQ5B9PZV0lDum{lM?=|9lEq zc9~d;rc3R#5Gn-`t>$5#DUGPf&LpMxLRHdK!)V2oA};N361gJ6&YhI0;VnjGA<`lkxGRQj!i{c&VFwQGkczRP-bH_IhXN z%RHF)&1SKuykLFH;W0BB@d-?MtUM=Y4)Y zy&;9=kyfP~5*y)U9Dg=?D9d4qU(bC*FenZ)m-gIG1w97qq@V5E%Ie96&JliXhR}uZ z%KfRQJTPibxAW}?Nu7OVe2=Ou=x|j$ToiehFd*#jGt!QIAYX~8cIZ!fmlUcP4+X&j zV?`*`;5?n?deEd4igyGt5;7k|ID!;t|Mej62fwqt4sU^F*unfUrw`B=ek^JO@s;-K zE4pFh6|4;Ve$Xj>W2g^zuVGS^D+O%Eeq?c;t%ZJRJq>E+sW@ zHJpZv*~s48e6of*@>E2UP9VH1;>g$B0e_0CJMs1P1wd>3nV~DPu|i5!GGk%&`1t!F zVtk_$M_iPd zQ>{&$Y;ABF@-=h}FbdPA9A`H-MCcNf!S~{0t5%R!QFk$F<10qt(G8ROy^Q;6KELTi zVT+M7lJATw6cqRQY3cDcF}Fxq(vEI6`4`48u$%egw=Q6m-d~avQ=dxoQtNk0bG;;= z1)4n52xlc;hZOr@Oi%)lbY(ami6GqeC5^`T1O>G^tkAK7X2{vX7#0V3cm6 zAwP$7cCY%Spjuzb3Dpot)zUDTj&$t*Hj`xLiIlRdMh#FmBTxMc_z!nC zK9(wo=x|^B&r7|=c&LON4>K|JqP7J_e&87U{>E>ylEk!m&`_pUaL{6(8YemJ=sL;8 zKeVSY!2REYu}{Kb87aAV&~*fHVxi`6d=+1v^_R3%PP0yV) z0~0w3g6m)M$%I3x!2_VRypp2X9w@`IM0a30+3XnHPZF{%pNZoue=&*XSZFhAlW1by z*)6H|GlkXR2?MugFCmeS$)YLLW8^2dKNx(!5*#2*+`JYTI^lC9)k|glCEiSU)j7|@ zyTgS!X+XeDk6d5R*XP8+`@OY(Vq*U6eTD};kgPJC<==eVZYw6M!y}92jkGS-DiiAjnmC-#5R_yDvha&q5C!k3 z@!i*G{`J%M>+pvGJd9*(+FaakB7B;ZqiefqAL7+8yrEMN`nvXHC}wUcH`mpRaz;@vfl`$0P?KO1ZAk%jUJ6%+d2}vZW zkXxp!djG;k^m-V2;7xz(Q&3b<6y?u(*@CC!XaD=Ate<3dE~M}5C5*>+%%zF^{@{J| zcgDQ4=NDY^>)vM+l52EfpfoP=85GdHuoCyDvg($<@>oE25$|f!4CBy81wmk({3o=m z0(EYuIxYp=WB;tB(5|?CnROjvN7TisWbA6i}8b+N5(I6Yekzil*eDn5CkaSMcQvXb zNyFq%Y1t>wJe2%~F2+^jCx#vMsbYzxJdN)7O96j+q7a^>*)Jni8ZJe--JMz6b*8kl z;L{mNhi)^r!C;=bK-e3y3+Ao|Eqp7)qz8vzB)@A?Km6*LX6Z z)zItgMP!yem>voVKFGqgNu^Vr9lL}K@A<8I{%n7Zi^lvj6;Lu3p}*{|k%#rYs1_DE z6k#OZ$aX*Lp!N%!-M@G03T&{rFPiMH;GWeD7R-!OOD9BH;QUiSd%maoa7PoYt@j`e z9vd}1aP^Np4FFE7)Z4jCUEa8WzASJLwBV!oB)eBhQy*Ku5GnI$(|zDBqGVm$;&Qz~ z+8=D*(w*AlQ5K_malS28d&`OKpP#9;o>b;07KDNXN`6@0h7=(zp9r)l)AEtedPqOtK;AzXjn7O@I< z7hV{O=6-IsBHV0$h9Ub~e>=srrM5K!fcNzpRYy3ycFpzvei?lFx${<_5gp5zd)lM5 zzncVy%hQUWWavXQ1KeskeqJl`(3Why<|~jD^Y*= z+P|wO;v^sD0IiH@LQ22OGKtJR1sLQ63VR#U-@(_1DTL%#(VjH^4l^prc5_`4g zubERtAb)g_je@(cKuhS@N_P5Q?~!iI!z5dV!S2CJV|QL0j;*U6njUOOih$8#@is5- z)9;?3O95Ku6VI#ML+8xRIl*l3#EkgM??l>CiAP%SDfTs1t=xLS!l|ECr%Skv59-w{ zl{gy&UmiT2<=-!`Dpu@cl60NcE_B5k1cHy4@br=}a0)p>uKBZL=;_fAmU7w{a-u-x zJN33{^HTU3+XrO-mABTO9(D$y^$a0*4!`@k`Md^9oWwF(>U)R{Qf=`$VjQ1qdE#b4 zTp$^o2;?-YNURZ?Aon;=Ywq}<#0GfhkO7brmz12E&VzJiDy)7@$;)l%jQL((N5QNH z?ifB}I~!7vS>R-fG79)OxOLUU4V~~#Ay{L@TK=#c<-q*_>D$`zhEUpR9i9+Q7k_e5 zP?jWEGUFT|hcv}B>48XCYXe%#Yt~aF+!UtnD~MSU+j&^`-_z&pYLh-3eFvbQY2w!B z$tO&4;lDoB6i)mJwJXgPUagfts6TE;0~pUI0S4jZ!r#^@nJPM!>vJ$pXdB>@-y&5k zl;J{yGe=z*xN-``PV-X9nXZHt{2Pv|*|@EA8ZAF~87Kawj847}gVZ4s5U8@f^TzZz zwR8+1yx8_dQ~drsDwwvHK5oXsT;+N=fXMgS=UJN@dZu1|;4&}(tjMgB@O=_5`HTLm z*}tCEK9fv2BoNpO_hvm-eKDZFhocQ_4#G<_5B%G9*Y+IJ6SVJndF(9n^SS5#9-|7A zOHqfqk&c5uBHI$=F$>rvv5i51fxYy4%*cXWL ze7yGwjeMh@;BYq1;AKD*HX&$aRYv2*TD#M67K#P_)MH|NRWG0$ibCr2eY&4)Pl|&; zV%0$7o=EPZhZ7J+RG2y+_n}(SpuAR9c$7R6A%tGl z7jzoWoL~ZU4(^|XyyGu%VCP?sPyfeyg!Ln!EJCf;o!m)RrYcjO!@5 zPp=byLe+$pdQ@fDd3g|$(O656j!ZwwH)XoFd+npidBKkONKF{HD(cz9T}#JLr3R)t^jHyI%M;R_+j%@P0UsZD!=qw6}uuu$m)K#hVWd0zuCi~1ZsC9 z%h}qU;g1NU^td6aDYKi~llRW~ZHTej))*=)Mc?n9#*9H!dg*ufHe_`9H8M5Uy4RW` z=J#{?={84qw@P|&2n>zqO-Z;smr3F?+6DM~^gjBFhqyam zUuN&o%?DnreIQYKhIw2?7rXl7P3)hSr|f)?Ta)iDQvvBSlSPWnVV`$~i;q<7o@x;` zw#C>hn@GYt-(0DDyF;$+XC_FhBTKT5VKTY1JGTbN^Oq_&H1bIRDhhWEce)-EBnspr z^dN7-_zt(jbP>P4%yh_(YT}B=94;DjqnTBJ==alkbeSwp&xie1r5*5e&cpW@S4}zy z^)d2`7zsPOSM6$wmxZmwqEl9yOV&LG78bIxK!S#;CRXx2=)(A*gW~wVl8Wf%Yr|=H=>z3i3ogA@9XyC8SMo=m;Mb*@XCK~1`Ofaz5P@=El(;3N z(W-T(uCF&7N=&IVyC*~fAQg6jJgv!oPTl09+$r*gGl5QswXcbUw%T{QN@I$$`MND{ zr*J1D>Y8rz)ZmHzswD*;$%Qm)zlRjLl4Jrr`Oncr?^7!}BJ3VG|IVss-e)E5#HPWU ztW7AfCEn&hgd$Gg&Ot_1UEO*No%nvgHQ`%+rRYLP5Mfg?Es5TGz){oMgO;7k>@@iS z>*)|=K)b=uU@s&ZK~?Jd&WniqEthAAlFkE!>(X38_lBgQ_3IsB2{+oaiGZ*DihG|! z+xX!h>#coM=d<~fgZ$XqLi#QV)6x7bMq<;O@U=x-^^D!=LB(nvjcm^)*BApx3lsmw+TJF$wP|3wMX; z@ymz`NSv|he+xZH`YC(~S46;_JMZ;14~r2w#uB09g)IPr&ds}x>s|Wu-`BQ(MN+o@K|BN|}j(3PLeB$s#%;CNCWKzbt)rC_6 zU+;k{DDK*r=g*=XdghB3!-41Xb092xA;haQ_xdORJ-y}ZezEbbZn?(E@=-pn;6jkb z3)vvvevnRD_m|eaDKblw6SM9cuR#CIHWQp<=!#7HF-Nmisa-5%M` zGxoyUlf7g0S##}8c_EqrPv@35qPZyLbiaew{c+_J7hfLN>#w`Yck%FCo)O>O5GOw9 z*JQ7|Mh$n5e{^^JC2#6;-=`Pm3xvH-pwjg| zQTL&+E%hISy)fV8lG>`*2sZk&e?R0-_+nICpE!dfpEtiPU2}oE{?fPfh+>vKl{gp@ zI~_ELE*^I_B|6407ERYK9U2eg{j>CWdEkzCRJb+TuPg1fCE~I!7EIHgo2&X6$r;sM zIB@LaVxiQ&NM^AbBJ$omCca*CCVH9Hu&(0i`>bRVa+kP~As|o1GZy&|I;CZZlXE+?UR7ieKa*rwZxz-;XCXh31zB0o( z($#&bQ#bcyq?BrwZv$m!^&4A`>iPx19+ANP=T*rrS_gWY@%t-Fokcku0X^f!?lBI zTYAJRbw}Y$+8<7Mz#A)mR{Wee4flkPLUB84h9el0YVeaB7Hbx|vL|NslxlASfrH46 z*so~h71%JO5>bUP4G{?kYW`de)M&z#p&5d%_%(h(SXlOiz6u#rI?cFWdNNPHZ+QNG zpN=mAVbM&pmcA6wj04eMA$>FR{aBhjdowHX{2iBT!#@Ba2?9~Ghfv_uuWe#HhMlO4 zY~KeRDQTAw z+Is^fhNUitppM5x0c*bsIcoR6N@JN3`t=Am2K?LSyBW)9cc=Lw%@yFL^JB@;vzT}{ zlN+Y|OLttFFWX9>Qyq-C_U;8gUOwNGetClfemO0V)LKrZ=3ZazU|kQ4=b)UF)6E}K zBM$CHI^6t0AgXQpjoa^B4qlp zsm58f^#l3U_pGdsDxcVi#mi>yTGas0DbE6JQ2KQrSqx^~b&)FC3V|=JS zLE~}3dXGENlVIXX;!H}_pot9VDnHNT$np*DM`>SMDDLxoQo{amL)f*Iz-9qV)ScZ6 zPS$*Ak$q9++rW3o(d)LKrP8adDiAK5%dquk>kk^l~TW0P; zBlm3}|DsN507UaMbtk_GCR86OSr0MVKl-#ELcjhhV*K*i?~*w=j4HVGxR0N3y=+&g z8E_Lz*xWq~I4x4vlGzG@1OEBpwC;K0vEAs=^K!{pm%=a%S?C)W`eV(mlV*4l!PsAB znp5u2$J_!q&Ir;>zve5(WGb=xCrh2%dA+ggmu%jNo!a-}5D`zxC65igA6{u_ zUfQ6a^yF|*C-+)(_c>m_Ylc9?GZs1%SXCwHfq1A~4uYFHQ$}*cA3)-8aiSed9PBObOchy-(U1&&c%&e5Fm{&&ez_i&(ibw8Sqs*0yJ_t z$gfts-)9cjGd6kE1uO#mi*QXY7G*XvgK5IAb9D00iujnp{dkID+G5v!j>ql$Jo+~5 zx6|SACWmM6)Q|~6f9`q?{L@?kJo4Q%J^Ai$_f^W3OH%@d%iRBC)vD6zw-#Jv(q13~ zwl)_7(^f)xJ#QIjPyo#6?}-hLEvuKcjqR1V6o%XBtmfUj>Gp%sA*p83#+JBK$|~NU zF9(Ug1pBPQ&pAL%3by96f=cIt1I9&m;arUG?Q;c%HQS<0!yPJMznH%pCyPgRqMj-T z=OOm$oyQuf#;%2*>A$n@s5kTtAs9HE_qzsVwXD}|fsBsR9w9Tjh|Ud;=Ne;Qmr0v; zC|a8@=$9NfGF7EFSD&&cjP-}I4}KM+;`Tj~A3(mSkG>b{d2(34##=AAqZ)mP?#y!de z?ob}6p7`Kx;yxdrUTWDw(+?snn=pYHGeHG1OWrvUzLwWbDD!eTH2x18FY~uW;^-3* zAL_J*}>ADhV}L1=Z`IDW8lNSuI8LM%!LLp2T=DEK{(xCu$~pV#j8Bp7k|P> zs6A5%8#W`%?cult;R{_|-UOlF#;8(7)fN`Xix={sbEo=pb+`s;%3V`ffe2j3%UNe6 zZEzfu`wp%MiJJFGOueZNw4)YQwI3fUovb#T_g)*E!u))r5ayAmm`y&)oxjx>Y4 zwLkZw;wgW^h7>^TsaQL^ z^2_7Fna+N>u+;ZB$-y>Gvq@T(0I=4Aq919BrSlpXJOW$uhe8Zb$M5uB$)S~RkE~(d zk67A}saH$~1Pr~Kv*v$tanV^YhLxpVq_5!jy!o3B=O8$@)S{g(Fw(;IHUIX&Bk3YG zFM)S{**BOXMo7-q)^*$`hj5G&DN@Dk({N+GB>wP9FEAbTw!Qrj zg!w#-Ftwf9Rpb*!o#i`SJxNL9zfY8dCBtKCCf&Uj%-Jt{60ZBg#>XshPdEN^$$q{_ zKWABCwIHLTcb5q2<)l?E>g@qLaWD8ZPSsMHZYCi?09j^X?+ES>=EO%6v?_pp8w}8q zFF$)V-Xw1y-OI;o$fh2ZqR`;53;sCgB>ET`@)^ZZDI(`P9>x>FIn){3K^~H4Lp%*# zxC5(ol3wHqke%9*pGT2X%HPiz){y-OKfAE#`oK#_n0Y3MF7QKynTBf zkx`(n=;)hMNJmdNta~w#ZT3xOZfo1{(z7!^ou_|4``d)Xz&zaoa-VSar^Wky_xkHa zouu0AjeS%uuD{@PC$od=*0v2=4ouDWzKl0petMTHxT;c-?_(Lck7?5nLxyl^Wk|9K zYPH{wzrh}1c*ps3hLZelI@FiOBS$=L#i_>skTwLzkN7~qLNlCp>$p^*ReHKhFLLb) z)$$ub{DA5B63cn$$|NXlEkrT%=%hF)jSp2Cf`)QKu=+(30k3~w)WvuR#? z#ML;$l6N6j)lz+aC{OvN&9h`qV=d^i@!@1Dm_dO*ipOoW<&aMI`?CM3nlp*)X}@^G z07?sK1rQg#(hIT(Llg5~Z&v`$ml>#@rmoV><36TKgLJM0m6LGWK$DiE7E4vBHQf4A z_9P8O&bn&hi7Ctrx|fP&+&`qsP@B=mG1pet=jMcvZ393Kid`kT`{qfDa4gQTWsUO zMkufDOQ@V6^~^ZAagna^`(=xHAIhowbViI(sRlORTo-4^>3x>7MJ0XKdQ;u&rhq+L zPSR+*o4mmd$=D??G`C7;8S<;CWnb0;5XAuKC|}p^0gDCHz`}#MZxtl9AaVa%+qqb7 zgV3?VcYSu_4;zyaNY}h=8aTY|kvh7GN>FrnMns8xh$?Vr;ajC#wSs<#dlx9M)_^$y zGff5Q0h&ptP2sM*bv6&$_1nYs{X4^KMFqd@$3yjtgOj$&*pvRG=SfEC489ZbH7xZe zcWTl_+{dj~uB_P$s7R$${z%00<@H)g;apNCiz)&GI868i|Jg?6MprpT@O^AhSSgp7)X)v%SBT)Xil#zX8MsuL(4JdHKE>`TG`@{ebnMn+vMAQRP5hFsKUh z=6I0cJ8ZsKt74_D%t>>26u${jVFxWu;itl`Vq0GCLCd?;K@@aM=07zFu&P7(;cU-a zegj%s2aEu3d54!=hRAS5RQPK~LZ!oQ3E~o)eS~v~BDfJ5%?_B=x74g#5u-l;a+;)j z_)uBBSoFL^Zm)dSPUea~CGR?Z3j()|L9)XD4jQ#j@rI)#_q6Z@6)QTOjb znSxbf%3L15jIv4yKnn}s{;k&VSbFv_8Fs;NE}`5-O2lERsZ=YxJ4W35G$=%i3lhuY@1_LmK z!pOpuAt(>Yo{~aH=71qsP-R$impo2t|7O<;ZfynKkp}BR(QnvgA83n;ZyAq<$k0&g zY`++C3-uQ^C-mRvCJ&)~^69>+-S!s$=|rtk_ui6a#S6j|jaM_9LwdZRn|w=johE++ z32N3`@F-bXl{3d+{G2{n%pb;^@ry*<_Dsk;*`oF3V-HEhgPR+^;;aA{lc-=ImG&8t z2Nso?c~5P3X|Htdr7W^@B#lFO;~O2VjnS33AmAsS>F$^`kO6A437+HinK%d9TrLmd zb!3MrJm2?eR!5D2t&d6|ZQX&eVIMx>ag_Jb zY{V;qQTy0OC~QfZvuEEzGBfL|S0I7-Kt1AT=WymHOq4quvaCsC^;|z*hu;sW?jSEN zNvXWg9UyskzPg|k52tD$q4@_N(4L3T^SuDEDw>h!tN**+t(S_qxcx3C1gd_gUeOwUhSA@C0N zz3;1!SzT)GPafb6ryt3&0fM%!Y;+tbbX(DQ6C)_4@GsC89?zU)E{i8|e%^{|sW}@8 z;qzCSH|&@<6n&F>Y!XRT{nCn$?(ircvE3MRvOBNl%Y8uxLeyQBmWcn}4}0fw>&yVUu+6Mx_sq=4R_=)X2!+QFEYO^WSNC(m>b{KdsFqB*jwC<> zc;fKJ&?iL~!A~=QgKr-+*E6*95_!I#H;|s?JVI$B-PnW@I-x1(JK7P`=eAml#b$Rn z5Ub~S(;ifx?Y(BK_Q|y41%2KRSgQR#hyH6xcl?q<6;$mMipmXggP4t$Z)FeZbwJSC zQphLRs5(t;pH#)(@vr_(`x=pDd< zf}5|bLzztx1sfbUFg$EMEIwC++mtovHaHRtIasg8@M3Y{5kZU~RzLcdw<}M_*{P>1 z8K5Eq=tb@crc0X-yOc?6J;wN^G=0iX{kupd-&suMO1XT4rB4X*K=)prgDF>Q4H62# za*70P>1iQIE~Vd+y%!SimvOHWXG?E1BEf2Y{ajstbJXzj+iSMdD~c4ouaF8HXC{A+ z=VAK}&0JA_g+TD)l{B<%+$x)G5CfU2m2DVBsr(54M);R6G6{Hm&IVi%#?Bww#9!01 z{e^jOLW=u$cG*wJs!cpYfd1Fj)Nf6cewDAT9I{iQW>g#e_93T|+%_^=?PA@!rLEV& z7MtG<5uc`vy-hp-f8sLFza9w09K}W6!?m3^cwhm4u1?h0T3@VzHIKOPe(fB_8f$4w zanvm&wQ9e1^rxUMwskYbO6Q`}jhRA4Qj2`L3P7BdFBQwy(@g%tx;4`IA}*7>HxtXF z#uEY!0YLNYZlWQ+{irXLM|P%Ot8n1K4MctrWxOZXLr>m&58=%b;EW}IB^+J69lY`= zL%a3h?yFW-vm=Q&TA0E~QweXxaZ_PorLI2M{X*cN1#<$04p@+&rR5i_Z_rI#iCUwC z!7zgBDV)Ne8f7<`pT;ziFyu-`vR5sz!Ui_-0DYz{dsj8Q6{?M_@TM|;5yBoZA%sAs z=hrudN2AYPsFzVIan$YPY(RTZBvsKGr3GmD^WDD_U04(BCz;knLUzcrXUfZu5P_)t z=s#Y6l)O-{#lb{_@BtxgKw0`6xW0Q)!;48HaOTb{pa+!@@ZkPSVN>^SLG z-;O3Ft>XYt3TC~w4TBPTsWSdL$JZiXHAoYRJ$95A*POJD-;rV*k*%%EZ;I~M43OED z<74W3QXt~eKxav2x83UbPn)s_Hwj$39@Ou`L-0OWr@q>cQYL~Xrxb{(-d9~y08OKL zZjM-8q%deBN_VnBQOBK!O<~&Y1a=_(|XE@5v1u_pmwYdd;k3Q1f4YbqH=bbC;DT zIdouY4{fzdY_E2CK8FS!$-{J&0PlFj|91wHqC7i)7d3lrkm*txACO74Q%K}D_RFW_ z?3jyG@6|zMea3Q-;2AfHzSUkt8Ksl6UjZZiBLrA9RUDCtwDuNDir$*IVa4{@sDHJ^ z1~`bFdEs#{f`)z06}=Owcsm$S?keDTMbIu6d_QPoZ81OZZ&Se1W}5k3UmwNwgp?xM zc7VI3m-4j{S!(Xp+x~>UkiZ0OQtbCEMSq8luW;EBD|vZeEN|D*$8fZlX7b}+t~kE% z=&I`-|9`M0Zy7upe{y^-$R784I#Jb5QQfoP?Q0mWd*JVMf7bn&`i&HZwef%#{I#C) z%LzRX{6sC-{N7#l!gd4(1@I|;oXzSe=fdAcQ;qjU_aWkOFr+icGi9b{2T$7zwey?K^ay*U^W<-h zRF`E;cki-AZu+WSmHiEbBDSI0DV@V!b(7;dghtz0z`mHR4;m&hj_`=Tr`Ebr}x&#d<+KnMCJ@XDE2ktLK*&7W*%Q)!TqbkQa)aLJ&Xnd=PhEX zs^fdo4qs46eTn`CQ%v944{T3&XC~MxvLZ_%phP(%c+4E$m@Gz*m8uo^vMj(WU7ZvO z#5~jvd(Sg(b(#^?)1v==Gt|YAhS~rC{Dv0}7vMlEXlVdje_<79&+$AHIqqrY^_lX5 zJ+4-*p!G>S_v@=2%x_8VH!T4)X8QC$ocigy;{N0#14AWHwGJ(B#HVyOou0~f@>2E@ zz)-44#}6h@^ex{pGU0m;W85{DA{#DA!QLl}K1|nB-|xflF$}8mo+S~2%5|vUoRrha zaF?VB@7H|G!pDAD14_<+6zUUx`g~1#EW;#}#Zo0AjFIC4>9iNg*p<&f*`Z-{03{&o zF8eU@?@vK!dp`mjlwWtT4&g@||FRs;u|Q)$73QIMz}Aa(h$QDS2qsNYIcl7cBEq7P zn2Gm7<;hjWEaH?RkPOT%N0H};{?-)1u^!Gg1hvCQCqP`lgY5UK{HzGy>-J2HH&`6^ zec;*0F#L%pPXr98xnL)9=~~`Y&)%7~!uV!umApWc_?g4QVw) zyx+OMq5KKgH{0UhaNL%ub}o>miv_|#=p++HFZ=*LuZn#Kp0!r|8QC(<{$QS$P@&gP zg}Y>dc9ME|McBNpZlT7R0lrX|yCpq9OBKwVh6pD{BG zl6kM6v21?lVJt3`P{8A`a@bAfgCW5SH*v~5_6cg!7**_g=%WA5kK;eGEW1LVOct*S zfDFYwxxUoLuU^bl{%|~*+am7k-4ofLJa}89Yj?OHV(S$>lF)VDm0jEY=V2XB1J^zi zv9x#=bBN#&jN~9M%iox;Q*_ibq?sE#%+b8h-!jYC+5wWI59p67#)ZfdqurDD6PScdd zppB`0=N=Md(c0`|G=kcCrnV369D#3-N*R&*os%_w+pe6Ujfk1j<@bS;fbMP2p0k)~j4v+(d{*wH3aFT0&sOw_Gm!^mU8&Us<8H z(%h?^1Oi3^=`t1aR9|2j9KHezOu~!t2!jSh>OEY0X;yip&b|dpgYp>VmjucHN9$yC z3*_&!7H{M5*HR3?lo`w@U-sb#KhO(F0h3drMaeQBal#K zFkx*yH9q@#G!U{*`9PCkd}Lxkk%5?@k@|d6kflHD-t@IzMOS6l1!+~UG;a6}YUc5* zD^%Sfca3!>!o<7}y%RFFQ*O0+S?Fe(7>+JZp;7#$!)+`?Fw!*`N)hwl#;HF>vr)as|kUn(dy!Xcf9~&}}cei@nVZmt7RPEp< z$6Gf&aCs^-U$r4hhO#CJwbnMk(T@87`(2Sg6mYzi8JlYLzx{6XUiVc$i*W2PpXjH- z1Gu7^d&>{{e)LPk`K6b_LJIO;*Yd_#g5R*E$)(DY(amSAPUGX$-dmcnBezwxLL_M~ zp~S@Tud)p?&@dWjgxDe=>`LP$4sdb+56XIEX1s&0RWY$W46J|8SN3=tCeP_;VD?^j zFC3+7as$lvW#3;yowPFO-zk!X5vM0CS@4l`o`mv`dLt_ERQvS%3fV?MnvybUduY4l zz^HOMHOJ&m*w>54GcXiFWBY?j27uIkFebi|6yCnLW2N&e89sj;nj?QzgjYGt;#KV} z!O(2fRKg&oPoPrGgHtmWw$vI~Is`cRAX*KEbY`CG!m1C3LWZpsA1@EOs0mnLn}00( zkLF4ua2VZK0M)<;_-z8}(b9=TCO6P~xm(>Cmd8Go$3gsq=inoS%J*g^8DH9?d2c?~ zMC00Ao93CHhhsY*J(|}qT9TZkjx$e)rA&&Ok<3j&MV!-*UkFH6e}2(wkq|lVubOZ7 zIigx7YCjb%rnBF0i*6WO5!JT;#Y}XTthI762@flZbe?|rwz!X+WoTmbW3^&}2KO*~ z@ZP*26cD_75@`y3Yp_#%c>hdjbHk$i5n1tx`JbZ6`EckC)mpytT>8)l7cb~sbCI+d z8bOd3D}6b`ZL2^H34yF36PO6hfxlmXFw^fp`$T7=V6xV%KBDkx|EPWLhGK0Dmui&} zbOb;rD<{y7j5)z7T3$Zh(T#py7$jDWg0s)~A6qG9v2!v4!O!Ha(v1p`nrCx-;90KmS|@nw)+gb$raucfUlp=V;c}GSXic4c?JR_I+b1-I#O7M8x;S zKi0gN8eR`GQ$Jb?+oIKB9%7Fe3v3qc)eZlX-nS=kH26GQKYmP-c$|SHJT)ew))mcO10PY>0tUwL|n9>I2WMxyuy^yHPUs)JS=}KEry>b19OP% zRn`DCk*i?b>3MQSbfwDdXJgD#Mx+b+>vW)-ZJ)+Y&hOg*a;=fq>Ch;W@g|Y?+#s65ieK;~6{hd7<5*qk zs?3cRqd8zI=)>J9=AAB--=45L@w-Ot$9%OumQu|zc)jcEb-%{^bF)(CBkTodaONLq zA+f1Ey&Pyq-Te1ly@l{8Wks8E5e07 z6q@(RBTgZ3KK8}@{*lm4zXv};-#lpYF@9Th-nH2;+6T}N(0eD9G>G8FUI{7bLt4x8 zaw69x(1znjfbR{gA^p(a-Gghk1GWe5>3(cRXMkK+&aaEo_`x``g-eP>_lXew|TJ zW&Ze*xLjv!hjx^@r1yjRv~kl*l6J0|vEBrb>u1ZaMnuhb?+!$Vb!D|EnN#hU!A zbr-$^a@0Q$5?KThVb~kz7op4@JgKLMdWqwDjiU1^m`s_-0?`E6Q8JOXbX(FSZM?dM z{AD$iY}!ZL0Qq!Yb&fM%~aC4=4oRCk`lApgCrpMIWBkFCH?Zz)aLMfP1P?df&( zvV#LZ-0c!QeaUFP0XYUpJ42Ft^tLab9eC3LNxL*eAcS&R7KIK#8k>>})LK@iXN?R~U(B{_1{MX%f|6~NP#o<_;iW0QXm#Lww?JvbgFYR>n% z<#BYM{FJZ^|Cve&6QO~a43~Z8kVRR)^{NrX8`$O~s4RmxCG~<#%r6%Du*Khk`~5jE zz%#5HHz4kVP4BMhfVd-L86ceRJgj=3VJ3(8{8F!17s-JovTgK{2HXZ{Bj*#pWe#BB zE1DS>rc7@t|6UekxYM)aK5o9#=jktx+7a*f#04mX&K-ZNqy{w6i9!RPy~;&K!Et*u zHtY;^%bqYVk}w=0Y}XIu2?7UGucq+&i2&P2RJVVRy{AcqO!mpGrPMEh-`(`|g#!3? z5=25==P{O<{PY7)vr2)qk~Fh(`)3(d_mQ9%`$ip1r=l z`e z9Ghh(#rVN_W5dk|(Zz|tpAcM7JY4}U2EjIev9v?gE=JFvk#$s^OV(n1+k;#(0FM1M zywD~bg7oMz3@xExM8aS6)Qx{2bk`7P_RXI>f8Jm7>-7jeGBjcg%T43V$F)RC?s~Xb zbpYKDe2tbqTn{PqOfMl2hw3m-AtR56pZ&g5`5T>^=es!PZL%wSjCo0YexK*#p7SRS zdR+?AaD1Ij=1*^y7SKe*CpXTV1xmd>gXYkTMXaW=@i9Pt@q`2%9Omg5FC zw~CaK`6|i}&oT?}1#Qen%Xe?ANSAu=nan_r-$_}jA8N#(zJGd*{o@8DsaA4V%1@#; zyTwT0?@wrwp0Bz^NY_vJFzQRM4&x;&Lx)i=s58?JOPk?yKS?LIu3^KWw4bv6y5}6$ zuTXO39J~QpFI;gl9-}&ys{0x8>~XT*nRFL!O*dP&w?$$vNIqy~HmOLmqde^m)DtSC zq<9_9r)QhkzkR&uD|dVf@iSV*@g5|y&BOdf(li1@2FYvZ&rQ|H!iLNZ+Xpys zPRKspkShO08^&Pb8&xEJ_e(2a+913;IPUUD0#T-Y+WgH0EARa?o}P{^#himjxk<~b zzJ$^B9B(fSvLlqe@s`k_H%FmRYb(PQ)`^lRmGyid(UWR&KRlS!Rj>)aKCO!?y0c2W zu`iG+SFe+ZZgl_xUU(5`%B1ub@zo0dlj*R*;gH)Pm_-qTDZ|u z6RRh{us$|r*vMMF{`RsFk`!yAn{IHU3kv1*mbSq`yUW((ny=0RIX5$U8+!Aa;s7|r zRnbISW-%r_d@m5-5c_s{k}E4cv}&HOkSrUw^9#KuiCcQ2)_0(eG+vm%D`3gF5OJ=M zg7BAR)qqx{S9;W5LZ-a%qqJt!O=^I?&_65`H5Y0^MK)ya9h5bsHjGHkA@Lzww|OF4 z3?Jo#<_8Bl3pC|_$cr9A6*ew(Fxo~C&p8vGPlG?s#FW&~dgN2lVq4|`UliwSg}@`( z5T9=EPN9Ag_ED^P{*-qgJ$V`DMYv;A$9j*qi>xZ~t)cP0JPouN;7P8KA5kQa(V;$tWMk4;PiXk7#Bne`FI8T)&0)f_FO4p zQlD>Q7XeAZI_gZ*sZaxieuRz0^D*%`T&~MIrY&0=!gp3Z=HS~4((fVevwQlu1W!Zt zidHpYrOOlm18VBLx&63hmH8Ay`zCqw>jRa)m1|tHx#sh`jqeFKTLV4KYm~Xd{1Qfn zeBH%NIz|K5MBwwafOx_B&3y)A+DserZhT@vzK^!Oz*b-X{7&eSTIm5SLy z7@ZxxL*l25^7u{O;d^#B_j*;b^~}_V*Fc0h8!MJe-9IKy?cGV{qPmt3t#!^p-QagS z!E}P(Yc!tX#XBqd921WNEgGnAr4^b!_M9`;AQjL3zWFFf+%paxoT6S}&Asp?wb%F5 zoR1_s=+zUf3&gVkm5^6Di^=nRK~w|l?_3Xw7^N7EK7^Hh+x|Svs`(Vy+xPS@ALXw* zKu_-*l*a~%1t19XLr2v0?_@Xo)_TrOId6o&_YByFhNUtX2xDyR-JHi`pP0Z4H}g&3 zY=XK?54Zy5uE%UG?Gx)3+50x_CI1|-m1u0+&tvi--WvYZN=hG_&KX*X*Y)#2Rww%G z_sx5C4Tw_M!o%|ty|@?U#2@~4fDo*aYw${`f~|4GLvfJKM_nqI{x`EYdz_aYPw?Fv z1|p2J{Wn*V&mdxV{@#l<0xb#sH$%?pPDnADf<#teV^*whhcS!K=Bm0S^tjc<6L zSi>q;(^~uM&n1p+erZ+zfp9E1-jV@ESiNHhq|6|Tf&wV|RH*`gDDKw!=no&hOb}?F z{RlqfY$NQO=lk+SS>P`{UOcMM5Hv}~KT_&hIX&y}llOgD(3VQiVTFVK;>rSbd6*Me$WXA;h!Y=%1i*z*qx72lPez3i!hB_1Ae85})s%dsSwa zax`hh-hTzE~7bAd=^z-5ZaVI*!swLre*A z3+z+RX*!F>_Kf{=NQhH7?^UY7h(=?b3-@>6CBahb_ZR;qXb_etA&do%5+`o_-FQtT<+8C0X^$ysxf|`{$0tZxC|KUg+4v z=?rjbzdSOxXP-9-@;6WTd7J#o;%I?>W5Jrli*%0IPrJBM&^bebay6-aj`@5J`$};i zX18OX1jQHt{PdQGlo?^a&C2n5exZg3T%{xJGuYf)K;X;$wFt?iNz%LvmrGf=9;y$_ zMnXu))BU+k-{;mQ%tMHy$1N?^3Yi+S{HcN9bWx%%-Eu4|#=kU{Z(|fb4gVGyGD?2F-Q< zb#Jh>gLw`FG!sU*iP(Dw#e5!g{^@FJzVH-}P|febLZIW5mso=!IQ2nX@UYWE`Aq}# zsPM6$l<__tTkv$wX6Dm za0AYop!`0H;QHBbMBE1Vt@S4oIf*QGKF#a)jH@_i(NPdqTWahTX_zPoJ~Qazlr_`q za7d%#f~L!Q;4TJsnS}c<@ozNr}sU=4P1T&>F^AUR@XMoA7Ch?zq^9< z?oq`r4H!uFx|Jep`TocYH&{Z%Vm1WdFlRV8Prgmq9zNUg=JKbff15w|V&x9`!SMWm zP{&`c;~00o%;BiuaWW{&aw?JvqCVE9#g!xIy~84~M(ptm35sB+sstFtxxdkEd1k$2 zsGNgJh$Fq7-Vu+rxu4BpPR*NsiyMmk8o@}QrBmSeA1gb~kJ?vMtIlk-!(WiFurO(M zjShhxYLKr=A=@6u5>3j0%yMUB2{8@ffuG%ZQ~Pa61KNF>=fHJ^Q(7(V+I?P*y^j;C zQt)G`GJ6GKDM&Z(e%D8eT&TUyXsg%0vQ1ZjF0RkTk?pgJCkdYR8t#uY8DZ=vKlDhs z#{AuH=hNZ1CeZYylT2`}Qc~PLrQQ~(TOIkg_d7|oOB=0D)&~bWE~HAXlGdc*Aemt-UgAa%EH3Q z{~iAptn=e-W80Q&xX9Z5sqjv>6S7bx=dFH!l%#nl=Ycu|uv5Ix(#H#SNcanKJz4jA zA`npwq!I_#4|s}gdps#Br5%5XcA2IGc1qw-4xnzC6di(}h!jB29~=4;?#Uzw$n|Z> zGBE1z2Nhx6Rd+CcaAd|>q>j_c-QRMI#Lmm64z8|0R%&D4m!HJwIGwB5GMi$A$2q_|UiMcl)-pMK(;gDY%VlMs9`@A7 zMU+Tq@;xMST|RI#pN=K;zmHx!*fYTqs@$jgUE#6a5oM1ie<%AO8IC6_&B?ti==4P| zN9wa$uX4(utX(N=sqdyL2E`<=@!IK@&@UstCG>Yq)vbh!lYH~*rni+dP$ z1sZ%v9R99d5KnIB@m7B!z7E)>@Xn8T4^r~&F5ilt@M+w4_z^ zKJ$5B9U+{-$Ss}O-tS@9gbD7ABOt)W0hJi|SR=dFE8hm=Mad_nE{+z$;0%uz#!84ERtI0d54d+e8hv0eVf zYXuz)M`3UKtQi5t-J$w|JP9Lk@^b^^)Q zDI4wt*+#J=0v)nME?&80X8a9ZmHFj@-5Bzo_7R@t0HIWH0Y;rlH6LSc?(9t?X?VZi z>PtDo4gK`KVRgKf5PkLng;g(UnK*ZN89FCP5u=CKpOpvX1=P27J>C+v@Kg59|AI?l znF`~4e>0W2M(tmF)Lsp%1Gp%|TE14LO@^yzH1!Bh|Gh;u+qmp%VIp*Q z)>Wg5BkGbjgO=LBAfF`^AIB3BgOdu9h-k&`x!{jNdT#n8clYp7ZywoQ(*PJ5eA)6J z2O_&}$GeqPXJg$8$b!Xdcq%L0x&Ze)ZV^i_IS+ZJPIT z*QNUOy^^@Uim1SVh6&fJ%lBc{3#Tn~lWr2PMNd!=wa`dB9PvT2?>AyG2p8Gqr%V>N-vD~&NsYZRe#EYlHrUc?&i4GvB?rZNCr`Zu--spWX zprG4RWKZ8+c!nLU7bpYrkBZ<-KG)~`Pxn070D)EDssHOdWe|mss@5-_9;@H(B z@*B3Q0=|esbsW*?rr_O!^K!o575_Gc z`XrC?O3JiMnNh#u<==&Ir)M6q#qG{M-yKtOFTZ6Vlm+`^8m?KWRPu{ClOi&IXj?0@ z%#tU`LXfJWE<(U#t5u=ab)39!MvwKMvf;+%mC1Si8r{9YY!mzQ%lkow5WWV5ff`vJ zU|fgT^8OHAxInYGJ`%>fdg#(>^%TyX3Ai({mxp7%#9|Ge!-d@T7yeO(BlpxoD(#_k zH3Vm_OHJ|fRd&6@X({g&WGx=PD{ViAbEQ`?5|^|(apDZRIl+b4@b0!s{M2WaOAHM~o*udlt6p4Kq61A!@YLr(UwqVD4j&+Www zQVH(Ha5^tf4%iGr`X+NQzoxlwz4eJ@4*u{ESs!WujcZ}8IdHU)AGeNLI1R`kbnRVB zoxIq2u&sP=` zSI#ZbN4>UgX`Dt;?*Y)59X3CUXG(vc&I7cxJYvptHML;r7+jFii*Sp8)73@TdDRo6?t5Rzj-@4kq20W+r8)$XnZg?|&{TYb6AWsKr$n!d z(7*B#{8_O7&P-Op<;^|oVu%1lWN-dru z&49#E{W&x;99)9pkoX)8*N+YYLf#jo(iLsExS8YyTW;1Aw|D>wPJ4bO8KenVuORJ- zN|G_2Eu)~Is)xFS9Wfqz#_W{pa%3HgAII$#f%?Sg`J2y|-i&JnGRz$uHLHOAq^(wd zq0FOwFIxGG1VeU|+Y81?uP9It1hSS#5M=x$Rb3Nwhwj2J$LM#fZ!J|7qkja$fvr8% z5uhbYC`fMAYMGDpEx(c$zlIM?7??E9`XhR1Z@NC(g|^=sabI|DUFIeXLZwD(EqvoVNzhRI=Zn2PPkK?SpV>;P`O6(7L%w{*le5Y_z@(IIw_T*x>ob5# zFKqgpZ_ihG3|(nR`>5wq<{F|4zU7D3r?8s6)XO1}#iL|EGEvPqV1u1ZwmtyU9(t{k ztR?Bg0ODPpXMro;(+Az7$9Urko#G&MBAWrg<6O#se5=&{x(w@Hir$x!_u&W^?`$r9 zdq@j;U1dAn33x_RTZ^_f%v0I%K~oY&fhZCY1f1(X+%p-rE2*rFS6Iwx@PJ{+*qsad zyE;$c$}qacqAmlNZrXWrxKdL6qE*%MFSk7^`s~}v!uGtz;FqYp+3o;Yi3r*u{=}hD zoiUmB`!>?giYQPCss;l`9pT_60*L>xKi*G+D7`k2Vb?;5z)7Rbe^yrz6WpRpCd?Nep3*R+ETCT4EAxkU!T>dbJFq5sFc8ziVDp4j+lF=yICix{+8KaEW1Y} zI^trAe!E^fxi3z!b2>!(pnx&y>0#^_d~eF>&oOD-@gx%abIPsBl%p7#{RY$%dIIx6 zc6Z_pll1dLi#X?_-Ef$vy@69!;yH!oV1&OIApAPzn^1NqqcnSN^sh(ji07`KH43GhlGCgUBg%2U2aXypgN}L1Z+4_aG?@096dLU)= zA1-`?2H&5%p>kJ*M#bh5C*Y>^*AJROelV=U>DU65FWxRncxjMRin)AQXSE@M>~%DnoY?3vd{q+k!LtxD)8n+EHvze;ra^6guNITsw`*em z0a`D!f6K^TJmmntt)t$Id;Xfbn<35nebeF(wMToXisLUHzJP4AimPTcH%a%25BDwi z`6K+=D;@Dpaby=h&DJXe2&G}d6O5aAl<4j%JXGCS5dA>oM}1s=tu<1&o0>azpBg)P zge_mlYQ6?H{-BttMli7gnCyNOp@eS1q~PM}r*XJCuV`df`M3=IoSlC1{h0IS>r(L4 zF>Fghik3&f#q%KU1>z`EL0|CM?_E0!74#B^Ju10iNc=Jh${0{>!cp^nq%6CPO$2gQ z@~M?UcG`hOMr7Tfel-M&u58wu8vOubiM&R&$C%E)h*p=X4)E$X2Z!kQ-iYYA&aXG} z(np|@{=P=^1SF=8yGU>q5m&f*xy{7?=Co<{s9v=vcE4ZjHoWA^ZSPmyQ@AuE&75C9 zRZ;Xs``jihBl+9(o?E&{o%XhqSVeaKFRb8|9_V4em&>?=#+TozP+9@IvslkmFpQ2+ zM)H+jjvlNY{PJ@9oSUk*vFFfWqtg!&bIk8OnHR0al$fe z=h+!^@s=8m`%L&Ey1-z{DywF{6=|xW9V7gxX}=;{DZop&L46pNeEU1KCcHHRVe0{_GrKF1wDA&`0N-tVBgG+J}{+^gIWj-aoh!vp(LNhgaxggc`Y$ zg`e~V=>c>P<_vv~y-pZ{jTwJ!Q^>V@a3iicA-q$EPlb{QxjB%o`)-iJT}p7&6?mGZW~kBT`( z=ka-ryB;q#CHZuxUsH1()Ix=N({W!;^77s_$>)#T#8G^)4=T>FSLiz0ulw`VZ^E36 zu6d+b5U+wWH<*;kpRzmw6qCWp){F7y?zl%H6)EFms@Kf}wh6y%nfBC9*<~9BZn-r) zES18R5bCIdl-~mtR1GTG{W{wsxzIBBQm8k##?f%K1$;nHE^%Fw{vd-a~M>G)ZdBq4u* zdW2F<*3~l8b8ww8z4%7pDKZ+u6?7n9U{H~ltt*jrdy!}TdVm@vb%hf_e$_Etpn+zZbGnP`8+h0gWW`6uZiEQJgH{~o_cC9Of*&fY|%(38rXpR3#2%EQ~_xM^t zj+rBVPa7*AJcoRk@7_m8;GQI02(xs@By^pPp1CtgZuG!Vw}Bv7T_T+o@yiPDh#ux7 zj`wH?vM%G<AM=wz84sA>BUp4&;jB|SODR`@uwb3O3z`;K3)sr~_?y5AS59`5trc?ce3czd{Z zd+ggGZU{t1^AUQ42k^aW>izWJ;7JU77Ch3F0QKqq0e5&X=Z4!p|F{<;{piCB5Cg@? zsC#(2fXSWn1ih9|8=_YQ9K`dx1jA0!jcGBE6>ENy8T{?=mXO`^Xg$t3Af_A5mnKH2 z=-l5gii39->2`Q^YU#XwTVzm&4ywtoADl$yIo7*RtHA?Cw^LiCAaaevpKC);r$a9I ztC)OetpdUqUAC%Y=tmAzg1vHr#q8`|l^@oy;nV(gW*F&`%6C7XBO=MOlo%HJ^(kbc z;`Y^WFz)JcVu5=M$XkrmMjbO0zi%B!UyKTHyP>6j$hv0cr-Z$0(A}#1UJ=7;?iKbh zIm@+`Ob0fsfSlrfKL@|^$slWy=kfl%>(G{u5mD#fcwN+I|4E3bMw2)Sjp2^6o%r;! z&*$(1t}cB)vl6!OoK=I8^=(>eJ4Ph^i#v1d{)BB?W4pcY-qkd@3u?lic)3c0<{{7< zlxDeOL}vES`|xLDp65o)ahK8A8NuKqPq)p+2N^Ly^@6N_CokJdjeDeFpi zhx$|4R;#`<>1cgVl5;;lzw?6k)T?eTCSa6MSxrjklDr{CJfDWc@O$&OpD^NMtNr=3 zuL}JfpBuW|7t`C7yZSK)XSQ#)US8bd5;VX(U+?qFVvyJGkOsyJJ!L+(GN+t$p(k_r z(DOAWH2>XWsav}UU8~{E0$|yr&yRtVFCNE_0WHG=`+8(!3f0jfk|X=(gNoK4E*?Ws zi)8HZr>FlQZX5+opW?qIfrQer55nht z*u-l~qJ2wJNRB+n4S)51>EWrz9p%RXT4*;`di9&P9{=p?+kIITHGV$u_)V-_KsWN? zROC-U)$VV~&>EH;zG`uz$S%zGAmhT9T~0E46fhje=YS{@d&$)C8rZrCSKH@#qsgS! zW=TbeZzC-IQ_MLTtP0bed1uOmORQ^i%mmFDE!70;H381eCs&;+THvC#Mr*^*R|Oc#b&L<8t9o zo&0X$i*c01XwQ{Q5!huKhc3x->$yf3g&twHG)1VYw2>YiVpr~Jm>SX|$8 ztsnRYgAVcQ^5tTzGDGp0@2kf^2LPS)B(Y*h7!BM7MZ?q#)ldB<{RkKUfGx^Z7b+5f zYMebW>pf%uKsp{~8MwLIzRbQS7iGm~xDR6WcwIUw7GQuZXerO z4*QNWFK|-NnW3%3t%hrCQfd~mIGWKYU5zm-gr*I6qMET^j2+NagF4}adrBt zQ+^-p2w51@fj{-(-kja}Z@ew&@}_P0^@$7Fy6By@>Q|!om`T6E88XBPMLe~poTt1p z>)VtDNj_xV(#kuSt1n|{L`YwTkj>n!Puh{bdLv)SEVDDw)gIeD#@8H*H1y)!>IU-v zU5^e3xy69=dzq7TV-G>h?EE7KApLR|XsNSyr{ARJz7EO&i<3*1EM`3UUr^WxUxb?5 zz!n+$s`t}z!p+NFH-}7%WdW`Bv*LU3C^oI{bt{Wcmse(sarWBg9|0Qj06Yojn`XPl^76EZj&o)@$gtwK$?SO8;IJnyS8<;nR5%Lx1eoPOSo=1$%KAk;LMKhm zBGo=YClq>&5CH4jT3alrzGF#NbLx5JsswUcbVbQc-SK|GH1&FDse{vFdlpYGXRH%8}lrUlMB8K3cd$A%QONhus^de2+S3;_lALj zs~?QKQ=PksE0;6W4{ts<1}qsz#V@>6@)bEXhk2p0h$XIxaHCf}5w;lAs1BgCJI*OT zjxcX`uFYSc`GeW2KG=KlImf-L`q<2Tl8WGC%NUC4?TPGNe8Tm3V_RJ-4nKN{p8GzJ z_2m%EtY%#C2Nc5kM;N|Ms$!^6zQ<5!Fr%bp#1v1#C9%I5o5 zI-4Y}Cg}CPo(0X#lwGV>xe0m8U-dT93}qLSC=w~y_m01sddWM%;dRv3Q1-gd{vpAh zJBqOoTdw=Y18aq5rg(K4mlFAbq(1qqstgngHWDSy9m!S6))Fb;~IBwGBk`cQAbQF{r*pHx!!8Jv_%a7Wbfy+;M;M~P zW4U<2L<5@d%DF=`a>+tc-;jj5Yq0hca7@71OwlMtLX%chB&#nJMO90!6cZo&K3D-vn&)#ix9cZ6dWLcr_(k`0~_pE<(C4EAW5IV$hAIrIv@*1HOVc=VW7 zE^hmm+|Jjs*eeHo4_pgS-)~OSLOZl6`b8Eu=q>3+5kT@w4$r_qwbxj})GR6b&#i7= zNTvuG$NE84Z<1emh4K8%8x!w5RWRMH^Wa;vk3kCtBo3@w09Ec?B7q`w7z+R=b)fGs z1v#8gzwdNiLBe5+zJMbUjHms+I;;K1(W$%rv^5GTt189`fq$$*{axXkiO(%xhvu&f z_LMsf@b%c{PXQ>KJ z0@DQjOMmWwf(AK{v1u2S931z&Iy`$zRn)wcgqxiQd124tNK2Le%B@4L_IE(`w|jdl z);FRQw7fcR0>AAu!ZcE3xil}|{?U0o4%|~Bl`{}%c@K;b{9(Hn^l)&FH?4nbU9XI+ zQ4~yd@sO=_9Q*17r$M{4NS&_hX}$bP}i^XD3YY(ejfWNNiNg)AW>zgp$skkg1d z5W>)AdhH(Om6(sqS5*FpttRvW#lnOpfDHL;^3BtJP*XwNOL|Kj1Euv^EH}$LPZvm% z;S5~;O*Dw@GBjUE0V@?DJ(JLVICUWwTlERWRD94Pt|^)%$Sj~__5eXoJOyh+@`=7_ z^AnLhi7lclpAyyM#_gXRy`uzJw`IpCiQ46tL4PD8C~TkiR0l~i<39T(e>@(v%M3{1 zw%f3;o5%pfj@LV{vg|=x@(ZtIj+CQVte^erv>N1qaPgKWM>)LRpx);mUb52Y*&YiK05+eD zQ{@0@nB(LPx35uWS=Gv)6Zq#OP2a+m=upkz))hs*jEwdf@A9OtS>pLY-+)Jc)^iwq zh>HTLX?z=1f7~!9MD;4>RLLK`9}n`%K8Eq!_4RlhpaZSVHxQesvbH2i?U7bgN?jE8 zfp*Hen~sDNhB*3fr-!mEe(f`I3hhTcnfrd%e%*p-vMf6K^a}vej%ALvlJ7~aQMG_e zk;w((5ub&S;zLDNa8D~;XG~kMNHPAznL-*z?w0^RiuFMpUr8P-Zxgt`owDw8dRf;W z{L{Lqe}+^m>E{YPLLDAPqTH+?S6HuGhdmQOJn=Smclkzs!W1L9{AdtExbEHoDAV>i z^Nl+S8&H~paeZT?xk~-}*QC9`riwQRgEYt2<5{X(adb!h&+iR(!{WzKzk8@b-+Q9v;R_JC1RoOzCU0)( z`U7SUZ;^?CkQbz`Ts|4dfoLKg;8E9RJh*7YwTA!;pvl6Wsnfl23H5B+^?h=F*W9Hj z&QvyA->dn0F^l}tS6C_w>-f_B$Lj=U>-F-RHBhH_p-;EdI~qmx%1kzHeH7u)f`NUzVluOsS+fo6HEaJ2HZ; z3Rx)?-vg#KDd)eI#0La=z@cZBOHL-dcYUBB&U?Va-zF)4W6y=3fzCFjqPGkGE}YFS z>-_Mfl{R}WBY0TpuV`N7pE)W@w-)I7PynzPX}qs(&$bi{a4>g7{!4DOVgB*}e&(-) zqC%E52bMTNTCO|6 z7%}VAu9)IA9uB5aZdqti)caU3+=z&MAEnWvs?J5)HRSHcfw~cPaP!3^#}0rHwvIyj z!l@|f2q*5eYz`4HKlD(oH#Tckar^v)J0tE36aI<9S19fX7d6h>uaG|<5Nenpv~V_( z4cVA@5vsJU{|aUtdJ5@@fA-2mOGOV*zD;Q0nN%krQt%FFg!??)t^by=`0U!G<*gNX zw0Q&>)llSwKsk)oG8)I2JiMF}+eVuF$m-7U9Hck|De;`bliyEwk6>RGD&G&}b%Unh z{C(RwfsumKbV)vqD3bZn_pWl(BPhJDD!w|4I=ZKQ85SQcBp|B~g+lQP?X8tPk5c$T z+w4nGj&XyLU4L4^XPIop=jLg81&48>fy-;dG0!<1JxhfVGFw_xoxt+K4~pv-OU-`Wr9dJ~Qi6}doK7$>*_ z*Ey&AHbe750ttfIteJ88vXJ|<=lr;&w|IZw%8$7tj?~uv_0rpxGc3=v zanzfG5AlL;!V-eJzyKn)|CoHry?rfmNdf9#$*mOGpA~Fkcaz=Z_{OIClL#-_2Q|@u zS?}cXZGZ|Z&jV&!zBM#Lm7o5KmvC`Fw6lTCUJLN%Qg`_8YVqHRK-699K4ibnqb7D(oKRpQjXO@Vy6FBP1mHlnHDPxk#$*#WCNwR4EfyF?H#$8+R}N|MDAM; zw1+ux^F4zT$5s4tbhKztmpiYrwyzS&weVE7NFP`4qB}IShlKGl4~AU$*t{tV%&0xL5CF>>(HsCGZ9w=NkYabH6ON5cTA9(cFG5QMo$2Vx{M4>!qGn z3xNJ6y2ne@n=~tKl7vE&v=Ow$K*%wdj>9f=hUysfe}+U>yCHdizAh{%032qSs&!&Q z1rn-(-y?}R23mcS)P+dYa(H*c2Y@o-ZW4nNU=6DI`o%wkMRg$LoCqS-YV@6AP@vDr z7rXNv#plJlts^xNeC?8pq4xIKl9dQ1Q4(Jznp*UckDIZ=a?*X>W{gfpA%(hmIyliNcQSb2Lqv8IqN5h?=s^Gr**GKg%n!K7WA>pBBw7W3V z@x#n-I3~H*I+`WPxFsJbZaB<3UgngyPfX(b#WD1rC+^2N_S#q+Bs@m%q0n9S+_s7T8)9GDr>F`KmeqPZUfy_0YM|2vK`!eJ}(0%`IC}iB) zb6j<|4d}V8VF&GnZ~{B}frz?2W|qHieW>!`bM40JYOX1v-5wIP{w2VokCjq=YY(8R zRY?65?Q~79+v6-jpyq7N25B#GB+&DkcYeXc5?b72OY=$_s`daV)h*5su2GY#%*5mQ z{FhEWU?_sJU0=Sqa9N-5wnk(Dnos!c%cy!(3b=gUkuG}_fewc$Nm4a{#`%3d0ENBq zbwymv--mRstu?*2Rm$=_7WOP&bD1dsyjFpd^S5 zF0DN>+U6mCQI6FIHmKqrsU`rxHC6ng72kdWjnQ2NTTvTD+TJIzHv?7?L-H%Dw_5O= zJ529a&mz!_Sx(Q3>X=AiLyof7B-c`ie_C6}>M$|7zq#hgP9l0q6ac`tcW~1Sf(l_! z`KZlTOQZ?vNdQxl4!MRg4^o12D`tt8sJ#sO+>0bP+c=-PEcQ!NJ~XHE3|U4VVkHDP z>o1}Tk45=#)2oghz;3F{J?=L%fEqJkl6EcSx8D`z!p|P0cFgbn@zR0)T*=vMe`5e4 z?-f2I7n^yyI6^$%^^XzyYP@<ko-hrKmJMq4Zu@h6eR;;}W%ulhuC#T;duD(tDI?hka&w7YBj`(AMt+Oq@gYu%z zGtjQj&;8F>8Nx>G?=?AZRIfvp)vhyh@C9lH5%(-oK7U+;_I;ZYlok#?QBE_6)VHm) z`NOf!j*=1fO259;qrg?_*~_WAgZ$FmlcicFNu8J4 z$vWS0$3*qfDPjBwmPy%lS;Th#kgC5|3GQ9wkh*vuH6d_*w`Q80C7Q$dy|(t+r4@oU zEhK##Mm4{65(E|c1(8g#JK6?5g^pd^&)e@&zVvN=iN8MwF)|fU?fnc;GSkXO`Ck0f z(fytCuHe+nSF-Q&x`Tst(b{qZRPT;b@;M`n6HCM6?s-4&gA5;#T5OBNdPc)>oP3MN zzPiDegvK+Rd#N<}WWi?DlDwVmhh$^IX7r2*3T|cwWjl zqoDV3@{4!GW}A}06~e!O+>hNC1NO+gUT0WX`P;lF!VkE@pWw%dS$Ww<_x=?QAL2#I zY%DA;klyx!cIPXR(>i(OX>qQ4XY z*?)wA3Q2XyX1nk8*axTU83*7eh0`F~4J)zq_9)BNAs)q6V0zW5h5TM=FQ(bN>%zI% zg03d*23<;AT-*)6?U!ussB)yA7Izr>5mhByJ}uG=)ePtzmq5{adh)8%J*8x z-s9y6b1Xr|UEKE#M-D57CZ~7DuYB`b>!b-)pMF4brBM2(QfPr@(ms@fEL-bL2*hpv znr7bR1vu)#IL>s~ljsq(TdzT0o2Hoa14isn)&P|f2n)C-W9bd;6SROwR}4L zxjl3rbw2d#9-h27A5Qjp<$3F^jqSPBmtR(9MY+%MCa9Rg<655~jMnPq*$dBDR{L~< z`1IA2wUf{bN_E(tU-5fLbGo>Hcf>ud>Wr@s?RwO3 z;l!RvR;USUK&c2N&>fK2a4$-9x$D``vJG_h>7`vm9i!fl+9#SBe8M{*ENxTEsBk90 z!2}FVoKwKu(y}U-GMZ$#+e(csFy$9TZs8YIms3E!8Do1Bo*fV_eYtnUt5y^43KgdP z)@Ak^;+51BWy#5Wa_(V^?#suF%gy~w=42er{s9F{^Vmj0nMBN4mCzwqJdH`ZE3st1 z4iuTuoGU+rtPj*RYxt^sAOYa@77eU}zFcJI1EHAb5r_|POlwi)kjcoa!ai5Swtw8V z(Xp&liT#{y-Dia{AUsGVXXoLYWn*^0)a_%$$xFJzy%amN=p0D-Ee!7?6w7YUr*4tv zJu(^(o?HzxI9=44bNv~=rOsxsb`%)e!B_n?@i2VvROp9sCFOHq0F2H?oH5F#pQht? z3R@*bY_d6T2y8#D`WoeQVo2#K*y z$%hNKKm{ffVIUf}RY)1tyIfW$j=_ku!ihV7&h}9mk7E4!IaXkLK`AA zrtM%6kxr1d0ZPTR-450RwTGzu`n88dGc&4SKtB zcE3(CI%jQ27#;kqo*qrS)4DuQbmQ8CEWF_AatfI_NhIGt+~d7ot~Zw{(t4=AP3n1l zqRKk*K>*z@at*^Hs6||Ta8iD|tv4_HLq6C{PfHz|UDlrnAj z<}38pWP+!!Rlg4o+T1@5dIO>tU}>>Vn+3VSsyHB_NNqHyD_+;jZ|`Y4G*Yb%=Ux(- z&%KKai4c>lTkmfLvo%X7gxHIuueV;JJ35$v#fEQY8SV5UpX~2)fszHdtiMew`v)!@ z2k-E9td7ug2oD9CIStwbb}CDhZDmD49o7N5{Hj8_>Z26*l~qPnuCR{>{MzOB`t?aG z#thU!CCW5Q~i$<#83 zTR$1(vHALJN$is;nmzKD{bbtXM0lni#2jBQ9(T1BFTFzi5$X}Ocs_4!iNn`<*=iYbkfcWhB2*}i5U_s33=mhze^cOx@1kQ(8KkQM1^i7&jrMzn=^ETW&KVaF5 z@3cRBCLoos6Wv{@;0Xomx8BD(abaVL9TQ0O(i~NAhu=v+^p&~H^WEz_TfZMcb@-;( zTGY)HDC1VP;RgHgU>&~nZ8@@Oq`juTU8Mysk<&*lsgrigK9xdKN>XP=0j@UGpc>E; zoS3c;w)G0mfcdx46X>_@1}q8u9PY;FU{9oYN-x)?3@Pejd}BFsHzuym#G!s{n=O6{ z_mZbT&~9LW`JzXnXeFXZ3M(a5)eeyZ+%JV{#8G+%%D_%Byscs%q=AD~^>(x&*MY%q zR%^oy`!~E@a2UJUHWq=7%_0#?EBR}R_ z=q-Ihs#AickH79^Z}SDV$~SMj8Quyd;@Fa<-L-w6a&__R;LEpq(uLbkFF6t(P*4{b z(p^SYw2P$kE|m5QL1QT|Ck)%uwL1L?h{v_5sKhkMxQp&5UK*4aDg9( zm7ybZ$m{xg<=^flVa}%XJTC58%})_(HD!;}HO=jynkb8K4daK$fwJ`&77AKc)#+@!^UO+r~nVOF!4MoS_@i`t_|mJbpSmV=r3ch-ax#!)SrJf ze#PHaO+dlxB|M{6hYWt3ShmE>B)c;16}kgm(RkPN(2?<{A2^7fp0o#fX3$RnDeuMP z5Oz!BW2IhQ3LnUfNHS9nzYGngS0*0sZ~9PGilxi`@xyzktCR8^b048>Wgv=akP@oo z9&X5%v;;#X1r+4^;J!G*Pd zl;i01>n8khyOJNv^HEbm_&6j7L0GX<$K=zrA0Of~%+6`QQ}7FrxvT&Jxr3@kS2rVY zK6u>SPTq1=E*DM@6IhL7!tlfa-#X$aSQ`t`t>wj|L2pwpch7Y*Cp&zi&1OGnyqb6< zkX|r7hjR>hdp=c&X@9g>XKhyf4$tixfOIj*C!qzUuG7)jFIOn|=B;zymqGk|MiW$f z{(S$jGvzU7I=;TSU9Ly{P0V{E2=n?dmIRkxoHX~Do~9NxbFxE|-yuwLdRz!2aUk@I z1FY*KjK+nt_BHZ(y)z0DhEb9{+9^uxDj%!>3R;r|b3;k0hkt06!JE1|;pSh?VGUze z7+>OzI4tg6a4j#gE6H=ab`2`uV!yPpmKF5jcp;$iz6ix9Mqg)-O{T#IK!^P_LKo&d z1h4xGS}gEZG(7W6u>2nKKVBO?VC%_e;|dQn)90L0d0Bn#O?zVJwQ&biIlq@sji(5> zLG9njPJ;w29FJDNBnG&qv$zY;IKAvUTT+2gyEJgHB~wtI!>e{1dU6?J(qUR=vL=Aa z9){ol6q2Wg{+Q{9jC_iFkNz|7A}OkreTkO8kAH0M3>cwaL1vz`{H1-qbD z{X%fGC;DnItU`eOKeL&cU@=lZjkyEoL>aZ2;Wmj`z`}UeMJJl69vjB4dROMW)vx@> zu%p{V$?p01BcMzp)OR3W_HWMRGa%BRWX#O95N+gdE8*;w9$|?C;_dH)fzr0)SB{4S ztor~ae8<{vhQu@})NGq}k zzz{wkBmcI<;hybnpX|@2UQ@IE)|hepNL(c!GN=*z+slT<&gb;~>_{INYG<=NuJ>1& zltMIqLA#ZD@AQ-4w>%Gal*O7<#{AdtV ztH4kWZ>X&o-%t68P@oi>^G2ewd_rFR3Fa|;jVBUnkcZnoUco1JTR9kYGGH4HGw)ZnuHT!BcZOt3(p^(h;Xlihj_fX^ww|%~9MEv9Kt>dCv z+jntu+kuHKBDTQvj6L1mV@`MXh+>P12rAg!E!d)%Aa;v|g^7wSw!eG%zI%V)b3X4m zpY!)`e?~S;JhRrbo^?NWT=#W(Y!oD?N`W^TB(!G z75IrfB~@q=h(kgtG0btGNpgdgBqXzfP7+=jlcR`ClA6k8;K4z`Nr@~gkFMh4oRc3g=>gZ3FT60K;cR+l?VII${=aLF*QS4hu!nfQPMTQbSfLm9K+Bn>=jO zC?qnVGlX+NaX83)NlZdC0lGrmK{c{}BdQXhFadkb-BBj6xqk zq_jq$RiG+T0sO;(afCQj1nKYwc1YMeC^46v2)x%8sta@s>7gi)kC{k33Qgq}QHT@| zTZAX_IeMMX1N~@Z3ZQ-sTbxN^3q^P~0gYyeA#5NLAW+ta*L2@vRr%;u6 zoGzeJi#cWnMrDW)Rb(_43Fb^*1dMUvC2|wYX<1s_jkR&8UnA#aWl>zCmr{LW#tWT>T zpaBj{g?XhALUNmhNM@@EB%M8k@e*lRm0AUhnc*?mND4XLz)Gbe7tN**pi&8d5Qdk` zBn(MLrMMIr1~LnE)|rH%!{2}Z0Zxq}3GtWE z3gAwn5Pi5%#K@OGj7SZbVS3>fOm%5tDg1el)nyInfpZ=%02;<2C;}h>>&DVWf2bbe zb|jiXA6x$q|bB{ zgBVOWriNY-GzVyCIbNHPXK}E+YDB4$L2=SlA+?_xlMzHRi!{~elm>Vn(B(FR4?*F0 zJX)361r0s{VB1eMyCQl9N6cVHBp~Wy1?5&?{6k6Xa6_YYQn$dVO%*b|AbT8^V0b~c z!mEOBpxcRbX}}A`9TkxrMI0+T8|62IlvFWJ3?vM4Krr#t0;)0Ui}=tSC5ZpP>S9<3 z6b_K7x-=oL&4=;AGj5eU%EzW!{CYo2fy3iXG`3s z;SiJMjQ}$#0B=kJjYViv$ZbBej>5qyL1DzrQ^|u$x}V|&X(J0sZROdS^i(iTD7snf z1u-B!2f5?zD3dD&Q3WNMs`c4pN|qlJbLqJ_of>$Lbq0xFj0y=L--yL&G%0A@jmCAXR1o*9lDvjPX2^9c32Ejbug8DAux+F!8B$fy1DW z0y&)BZ9(o(j$Q&Ih(bDKUDHH3A)aD#`ivZr2n|O;0@iCgQ5vOUq(F9sxK#{|mV%R6 z8BPv`!-<8s1_m1dCpNkgUIPj`CRbx~KxeBGdXFMbj+aSr@q`}42#Q@&D`HmU5jF@i ziK!r-4ag9gR!yP**}^12CsT%p>Z{K~XE_|afZ6GAV8c;Yz#H`&fr6I<0^-0x7z@ck z?T<)>PAWbk;3*;Cp{)pSRvBUvot=pC5P?wxzAxf+Kz}Cu0^cd+6Z8%MtCE-+g-~SG zq!Mgg720Btq(WPlUnK+Da++PM@aVaCojhVSyRjhIE7XYW1YpCksfcDUt`sjn76wx; z@Nt1XRSZ1A&QMH7=R%d=hZ4inS?E9+OH3@RpPvacSfMzA>z4shPqE5*|{VbT-AQ$5?0%D4+o$ zz1$V>kr~>EokX{hT{^9ooC>@aZcw7NpfJp^4j7~qWCqgAl+=*Q>_E07JjboWLN%3T z#M0@aP!JLmPO@EXf)-vR3Kx@2AV}zyhSWN|-RQun@%$i)6GVWv43h)I7PV@bhfMGa zO*Bu`!+?UBPr{)HB?9CPa<@~-m6=SyUPi*HIjVp>kV>V;#3nxkNi2c`^oE^AvYJn% z8zMNa+<=QQcyv~(gCbDk!ZMbSB@qf~C{I*Iq5yRi4tUi$RH@74BnK>N8^#1Rc|YJ# zaY7>oEe6XcWLZ%t88!k|nPITw3G$ei5R9VDJc5*>7Lq~b=nsK`l0?;5F~W!fv5cV2 zXA3E`a)a0tPK`i{CL+h6(Hu8Am4?GHX(4FVM$SYN7J#%3{2~@Q#b|xd86}GWDTlWK z*F4jXCC3bWrN_jknEpO=T9+e2HbXZJ#bu6( zG)|x|glFOX4mFL#Q91OKkWbG7W@`@}8fW{L0J>xfjK!c>`!5d-nOs0-070zyiDp$2LMR?ok?K zYGfM3Tp3fRQR4v%38*-q35nU5F;*;M7TWy*KT?{JaXoIe9UyWrp$vu6M2Y}su8L+S zfYwS(3!NbfwJ9oaq1|*0io-@pOlF#bi}Q$yB!h})KwGuYQ;HZxu3Bld31wWn1Juz; z;SexON{vdr9cIL6#WQpUOjsa6?pz%(p(E^#et}$zBJq8IUpE47EFuFWs6XT-g0@!3 zX{3dNFsMUm04W$DUWy9J=JtDR7kC(3CQVc4M0u^QALOl4e z2q*O+|A(*R0j(gO6-L|-x%k$U-1Xb@-9EMvMkp1t6P2A@f4wNNh?d z3+v4aqF)#EfdG(&of-@UK;o26h+#o0k^(yu2nNt;qzIpZCvseLOi<6}MqQAUwMKAQ zv`I)bS)yST2_Ny%e0m`_jE`6)0*SzghkkyNSq_937@te4W^=Vt8UqvuJTf6xj|Igq zaTLtGoEJ97B7O^Om;fQfN*q39bx9~rMDUNn5^(7J7$+?d7Q<{Y zup|mr7B|%)ft)xa zY>Wl9RF#nd1u?RNO{7Icbi{cD78DS<#|hP(uQ}MK~f1855=t)YoQMq+T@VpKAjwea=n}bfM=60 z7zN%JD$xdqC+7(qD78mxw)j|1EQ%Z^`GwG^5`_VnG=WEN2Yzci5AvNr5zh>GfsB?y zqzl=IvmbSe>~6IH3*}80n6sFbg*Kw`B&?Dj1CS*lViQrQJ`lo^4{xe`aQlQozq_;vufCqNT` z0$#_62*AVxPccn+BaLeSCUI9PI2O?MMTDTkWN=}je_16qprGPwHJW&KIZvX}m|b+x zi^D-(FT~NS30jAo9*d}DRv%Vkjbdd$CBZT5!QfR*lz7;s^M2FyuTcNaw0;WTIPuM5IvzU^W#NYXG|L6ns(;U|uBO zAJJZ^-iFY6P|RW_+~EvlOimDx#JD&Ivi;~NQa+N;kU{4@g9@@d91RZ&Q5b0LhG$(Yo5;w*1B)r} zUoz1|xq%mEYI!`a!z$!J6CsI_8u4?y-mos>#rf@QqQOpQq`JsHhQJ)Q=$RU*g^+YK z0bU@0E>;rCiMA4Oc!x|0(G9Ts0u-B%xR_?QJ*ap4>=8n$#;=LdQl)H-p6l_(z`Tno zp0Jx16Vk9DA{j@)P|+fQ4mmMFxm(I0Ndhzs9$at0X95&d?cpeOA$8CimT0X2YKxIV zDmR@*WP z;K!1Aeu>9OiUk#^kem%L9V#L{h~k=1N-;|52W*W6c!47HMG zH>-s)8;l+{4<4`h|b4wYx!Y02!KgQ zI=wn10zXGhVMo!P5R=EJGN`x!TSbwo)i|j2>SQ6Qo#-;gXb^+{k#2?T5OlAbtxma# z5wQT9fl1Cc0RX~i@h}BEh7KAtsA?em6WgRxBj}9dc~GF`aDq`I)y&k3AxUd>Q%zJ% zh#PikobnJu!V-hLEQ(=Pc=f;*V7K~+6ik$rDrVD2o=`L(ka^5190;8IBw>jNF%LpN z!=j{fEa9kEz#)S0G*K)A;Al9YRr&E?Dxk(kg7S7yg78Q(w0e$+jR9O&j7z2Xyb&@J zr*?u7i3H#z337Z4n!a30+8>7qx|ROWo68(rlg3DN7(mz8Lw9%#B9$OD6)y~>N>Fx& zGL;)}fbNJ%FQU4gV8@a4j8@LpYk3Bu4M_HI1P>8{0=iAcvl+qD)c=uSppir%fWb#h zon0sK%aII@&EX=V)nYM|MHcvke6`l*^PolcpoYv!HESax6HbIT$*B?|h#PvSv7ieb z4aP8rpavRVxjvpEXi;;>mOudfON4!!5`!*q_?5smD&>Dx6g%t}`ZYc-5F&Am9wG}i zK?>yQ&03~C2xO-+mQMw+03VeM4Mz&A8nFn#swM*J09ZOwMI=H{)A2&QBILs1Jzj|% z)EEOE8&LXc@CsuT3e|qELghm{K;hPo;l<=UiUEbQNJ(au6G#KOIBQr*;YE#F6ZD7^ z4C<&(sKe{cscb&7?}n@{MkFjH(_Q8W6-AS?F$%ScCG@CuQfRLuv0&UNE0hZ2)zP3O z{6~|=?r@t3px34#@sL{x%Zvfhr-LO`85kC|-boXXfU;F7H8SNMkUk>_0I00SBA$mz zjnSc_HZ@;JqzM^evkk!17NE$K`M4T`Tdlxjpo3H@huzF>0Tv0BH&tqiNvHtmqXiry zWY(lo_-PM{&?2!YB9jEsDkZ2fMrZ^I-Gf0a1TQrJ5i)KVxLm-X1A7^o!%|WiDm(!S>nOdCLh?wMXs**` z2r58j6YpmNg%bu3;sF6Q*{+gtNhqIR58}5(lU*SoMN|MqlG=n}FJDe30|6(+po<{m z`?NkvNDO4BL>@otGXn?~mH~rCV3E|I=Wdqag_01&Hx!?MVO42JE(;=aLopF`1Pcum z)P+zt0U;b(YRE{$dGSuKT&2a>#6k+0ug3#8T+HGF3=HI5Y_L(gy=s(R&Lv_3It&%I zABvi4QmZg(pM}g2(%521vH=vut_N}xuU1X<64c^I0Px!$A^^AW7Oz0AjPNxijwuMz zIS!Oo!=?bYsV-vI8OeB#GQ?3LeMJm2-6{z9OwcnKfbYN%Sdk#Ks^Mr1CJDN*IW&ua zL&k(9$ZINtoefx9Ce9X0rE^(g5jrU4NlZ>T^bNu5Km)I^+b9GN8U%NVOu1iRSLl5K zu|DSTaAh<>3>0h7Xdw3y=>jf;gz1Yiq*@hZ$dLPupcO|=&M-+0BBHRAJYJVW!{$RE zp{1zUF~o%dX<)BRDMk7fC#vg`P3bf;K~5uahL^;o-QG=z&nlkBX}b4@#C>LpI=A9hPja-S&Nek+)?li zfy@?w-9&IQBv?E~mdZDH#5l5)9$d5aaMVwVf^#cz{@gO7{y4 z5j?PoYeH^-V~VUXgUSb2oe>ez-ChnB^jD2Qc%W7AAt+*6!KVfMJeEsFJn^vI5}-x} zexLw?bhpB2cY#WR&}BpG&?uEtD{^5CCYjxY5t&^YrBQ_@g<)6XQq?4&1Oe83l9VV1 z3IZ4i9t@ku$KXKDQyW3du0R-|V2LIO(5*qDGYaaHBFGo3m8lefk^3niRxV}oxH>V- zZIq$;ZX2E>1?xdk14ATy8g#Zn6`N=gseAxY2ztmQ90xppAa2LHV`ecO6%LzXG=?SM zj&Ya*fjtrg!Y7Ft&58ywY813in}8?))R=GzGE1Nix;bW=)nc=14Fo7)TLWPel8Lk! zQ39#Jq}AX}Y_C*lAp?U1GgV2G7z0?kI?9THbP>k_Z={%HLMLAhav%Y3V}@4%fnI)XbBkE zK!eDEJ_jl|xD0P9L!pCaG#l^|nPNJVjzR)RDaLO=!;VSuGf}A~&?qy6EKtkxN-e2M zl+8_yn3-n32n6YnXa!|)%lrnT1_Y@zLc|iYQI>!X@Gnvzs8^A#2D`->fFtoafFK(c zBr9U6d=YS1Aw8-L;Ohi$54=yXYv77Qdc+9=1b#7xM{+T^I;91+ zb_!2p1Eo(60L|Dyh@|5{Qb;OPib-q?T?$5(ftQ<26gkt43qtcek)sh9H8P=yKmf@` zZI}x3CuXeyOsiRnve3zdm{UTNlBq_&Sj5(H@p>$jb8L2zO3foiB{JBvJSe}!NEF2& z6X&rhtrnp;DA31ZR?nYCWeW~ZB#OjJPXur^C^Oqe!G%Bw0@*!6f2gz3(9!3lghDJ( zm?nZGTR;pHzf8U$0##s%ng(n%VV_xx=6Xb7iPNG3r~;mXB7kzM&jyG(oeJagxa|s$ z%qQgO%`|DMGelC_U4AXx(mpFl1HczW0Ss=5VtHm2L8V7|^~yhj;eNN+i8C-%zzm_a z`#^72#!zpgjOixX_>o=p6)=-;^3rJ6#}s1eG#^6VhZV98h;D^j?xv=d0`lS*pk= zMqC`kwe#>*F{_P0QlQ9GIvYf2f!x<#0g20{Z;1qFy`Ku8r6FhDAax{zwZn{1Et>| z22>_Zt_y*#utg4JBr3X8i*w?*9E?~C8n1q;&k0u2T_F0 zWT0rROyB~ugIB@{3L;V#3GyZil_&;c>AtWQuA3R3>QzDWEnVw^UTj#8dyYOIwMez#o2M0i<-p7{48^fJ0Te$J;o{jr0}@6s+*GV7 zECNhOp|=8#Dga7(z&2x)fSRV)r64M>S_RO= zfR;s!Cqnxi7EpC^$aPLBjRVbcphn6eiTKD-QDYJh&+i98H?)?AMp*$V#~=tSe>y8% zu~dSM92jaVqS}yrR7FAsvtSw^81Wv16S(@_S$eDro==@ zGBT7h7-Zsq&j7%GV0Z`x&fK8Y+86$>t4m>t9BRT zM28~4Fo68mtg1?Kw|v&X;&RTabwA4rzq*S~XR}Sy*d_ONwb_z=ckE*l;p(998~+7m z?wQZugeun28FliuzIu7`#w~1v>>B^^n6R(qmxj8#+sw7y&yKzuIOFKbUzjPnSKYrj z^6IcA{KsQh15xJJuEg9L#Wy#7xkdbsA&}vU7hasO3*ND8aBatm|M(O#LY#g`Z9&p7 zRH)B*yr5S1VgKj!!-y&QLaXVd?=s3Mr!A@%>gDhoTzxvkBc z|Bh{~{&^^;PSKR3m228Q{+e-cw50Bvr2m=xbePw)uK!+=AwpBs@~c~ymREmZwD{7Z z)}Ef**2bqd7uD2(#+S4Qyn@DgVk3fW9y{9SM<>?$lK~~ zXaRvk)t!AiPJI1XRetATa9Ut$tBUL%7e4clJ8#fGcP()-EW^t*^$LES5hF8?e5>sH z;_8Mue0{@Lx@({Ar~f8x9b%T#P@y)_y^WBwtoP57%tCG$toVkxWzBGNJ#%J1+MS$F zx9Z%P*jAd^ss23qE#3s31B1Tz&mG#l4svL5|IcTDEUo{`i3W?m{QQ2T`|!_Qegsp4 zl^-QV4ta0o_QhO&`NPET>%8+e|N1tcAS7=RAD;N-%VW=`qScr#L&wiQH-v5cbY|Jy z?rh(J7hQ^P8rL6RpC!t49)D8MHf0G`@@s!ceLHJuWx=?{8}+U9`xYmM{x)8BCr#ke zGk<@3x$MW%3TC^3CCV%7Pj~(OCN8EE8%ZB{rP@Y zqZ_k}##Rf~UyScL_Oolj{k*T-`H z(WK(Y-Zz}n*$K1e{;s~Co)lhw?aF3jTlR_}v(7CfjanD|St2iRoNhx3SIy6CKX{ny z-oa#2!LyvEonqYirD9{%A?y2RE8I^Wt-Jr^+@h9q`#wv#azHwCM*O?s2Rsj#p8L40 zYfnLEIMl1`@&V_&OG~!;-aUGwD064Lo1rH>dAZ}rjiOOSK5`#$b7ZtTMew|tOJscc2f39J^ZA$y`WzLt!eftFueq2zN zvix-R(>>kC=12;x$9SF0hh4Rcd#1;c#*NwcYUI8V$EVKeHMVR=_LTd-d!7F)Gw;i3 z$(IW6laF3C+Pgn(MUOR(k!Yr5?b+_@D)IB8iQi5iUQ)K!@VZ2jAFX$|UfH*%RSDr8 zqjP!DhOD1ele*Txcm;mSMj6Wfyn!fh6}?*?LT+!5mz+3d-{mN?(@d(U0{DEU{88Hl=ZXo#cdlJD>Rl&X?kM%W&)-ypG74%{>@gd}i4|g7NXj zUwyvxmi*{GvT)yANm5_V)c4odu`W9%&3_ki9z1)DI@WM`wYp$znfk!E@6+aQ5e?g{ z+>vsmO>)vzQ)X`2j?t&LF6t}$ad~>1{sT@=tX;T!TjKQXXSUrb1N&jSvgK6suT_Pm zS5`@-FD{SEetce

    !kU*Fa3_Exo-%jYIq;`x&AV&jt7poI}Pw&O2{_)9g zEDD^Vp>Ov=9zU%y5c`qvlxLl}Tzc>-+abEs-dQen)32%%&D(iJ^+2klB9hG2dC|kl zfkSJ3%)t$*!z$R{2t4F{foB0x!Cr(J#G?Fp6Yt_zW(~Q-A%tuA{jxL52ehv z4@P4bK^GiR9SQgtjv=kf5v+JL3vkq`2zMUe!d^!)Ge#v{hp5ANGfkWR3 zt+3@v6MqyMz?7@u^a4^B^EG(vs!Nj%F>g*0#9VttWsc3a-g4SJUBW$gbvBlBh4aO` zR{E{beYR`O&3nR2l4o>Plje1wFqf}~1-`XN(;#@UpaA|jh=E)6HE9+om<04AUEM+t-JgRPFz^k}Nzn+O;sQ(1?qlO#)~{|s78dgNyMEX$ zP965_-#}7rs8xT4jVuTlNmTYMU#kglmA}MHd;Zh_?kxX>LicFA%7#LW+Of?l4-(WU zf?cT+n>3Z{wHWBe`=-V)hUT!Cvbn|QWYk8Rg50X&<~ZfaeSOkMJe}8XX&=`S`6K;# zb)Dimlc8iT*LHA1b6w*`kMqF-2>tYf-Bm*;SnngU`0|;TMIfz1aMg1?-p2pN@WJAO z%ec0`{!HQT*=XpA<{ntKKHkMgXJ2~6<*nC#i8F)^JV!ks~$39aB{m92p@#WRce?lO}jn0E1$6sxk{#p*xj!-TPF?sL5?omYRs@e%qr;`>n9wO9gk_ zR{KZ=NJ2cS;LW9#mwer1Oc6Xdw7w`9dmtP|+2eh1ZKF+18CI|`o_D@d z^)<)m*5tspK$WM0dwxov8&1Xi;;rF&xM3St$78?7} zrY11>LvPoyiOegm72+d9OSp7Y*Q(|zP{Nyxkq7=At1+^iIY zF1KHOj;MOnIZi;gOavl-DKB)2=$23ZM!7I3NLIqLi{q}s;}(fP-*Z~;V!JzR>3j%V zm_M*xqCDHp7EK3B_5*yz&2EYz9sweq$dCmw<`AKds0(ZT%xz6}ObH6O{MLIy0GSXU zaHl2Y>$4AKy$`@xvEu#ap@gxSh}R7d!e3HS0f333HA@qxIB7)AQOMBPhLke>P~^l? z%;3L>NlHE4r(ezKR_&ZA8Z|S~Q1zI#{)w8|H_P$TXum}z(EZe9nVuk!Tj94g^kyV( zW3R%+#O98v%-g2kC++pKOAqFlp>4oUFlr>`a$t2zXXk`u&n_!&eNLy01?yUstL`iM zR^nDoJN#-dSRx3Sb)(i@m{>DYG7~u@cAduxBD1DeZ|KpT0D$ay+XB~22rSmu0$H@k zV0931GGvR1jdI}t3QuX?0UHHt+_uFN&VJmwx zse%S1(LGA#j<$!>ar8rNCj18_xhb!|B&1Wby~SH<%R)opC`WHfs{;0tl*_o*v13Sv zL%UP`A{yh8D}(KLSamJvls=;ZbR7pEa#x{l$FwUy<`0i}kGFyFlYlTXfeNLsVon|JfvCuxkXnGh{sQ;XE* z$k&IWPNxfL*JN(T?oWK+B0d>$wvv5H^Uc9PFi@0&@;?w0V_?#>w_qz^h)Mzn2kkfc z*a{#VD)m?BK;k||S;hvGgezn?60+IxT7;A&F~PwekZ-jlzFszI%gmF*1m<)#hwI{%zG52{mHDFKAY$qmt&uBXS!X_!i56#~)*$Z1dWyDiruf!ip-3$Kp#f#|Re^C?JZkmhs%D2_f1|S`^ zV<>+t|DM-@s%;bJT*!9#0Y%v=;1wl$1O{JhT_hqWi9rOCTk59Ae?&kIv^PKPVIJ;G z-w$c3mDYWjspJUd#byFHfw>qR-Et7P=Q_oG2=W%P#Y})k=yC@L5!R1|IqE?1ZW@05 z7V!IVcgA8o^6791gh}Kr$DSa#pjYd|E!mE3aIcd>1sXe8J%?A1pI{K~p+J*phDk!G zRo?>>z@zWhe}G^wm0EDvLo|FqXMVSu!VdrM6PW($cwL2_(<8+LuCnLN7J1Km1odUb z-CuQ2TWc0aMg(_(m*C}%y%9%2J2L$f+Oi$e;9sOlVZ|6l%InVN0smqKtV*L;mycp}dbkno}Gw+5JTC)ZbnH2(f3b?IE&$1tv!N^tChr+C8ji zzK)%bOg+y60^@Epe9ufJB_-#l_HU5OZ<_}DF$Ql;4*~-1P%@eZT^vN69jbVRSrEeh zUty6ol7d9$IFF@hBW^9tTstQT6x(r1F)%dqpOHM;64$UuQ$%Ut z0(Gn-2#@df6v5Nq1gvx7CVpg|7Pd9{Q+z^y5GD+W#ZNjvGVrZf-I3>Om7rW*M$`!(ej^A1U3Goi4(C%kAAq`*{RI(z3~Ldh15GfIk55V z0HUbVYoa7EXD_JJ`^iQC0<7qYd;0_q7d{ETmV`mc^8gjOE{P1TN0Er%U6OXxd*%TR zI#e-%gB6~<4w*{ZPndVx)nLdgp~GMI--&cb>AWyW06U;q$yD>PY5_P`NVQpVWz>=w zp?1O-!Avd%%b+uAnvMlfQk)D71IgMFspIG447>1lkx`@gK{`oRa|3FfA}lAVDMCyZx6_XEdM{r*3`@(@n%(ezjen zOtuHvo_y_M8sagXYa1z;kZI!W=p&;}+dbH#&3u$vsW5!WwR7Q9V{kvTQ<3Bql_U8F z>$&O6rs_AMM)=SoFF{94_W@rO`1tujQtX&pL{h*}O8fH(Fs%$_FfF63O;yw!MFGSJ zk`KEdE&W{|g%gO#Y<2}P8Y(4vTj(j0fc0XNGewlC{;6bV3h%JDC zHx2rC0LRtosr^NEqJgp!Q<=Z)}L|Z)^xa zUUl>zWXcX70{Wxbp?{r5Hz=%AuL3xF$`PIWSkO9&ZWbuoT4@B*R5|h6g)c+vISws49RPf@ z(EdJJ74_&KKL=#gBt7$AJn`H`bfaUnOP{PX_#*1^H)SbBvdbL(-pLKcpy48|oY8Qzq;+y@+~`WJZLb^yBV@IkB`RyP&w zXm@PwW00kQNr8Z{Fr%8ow%myX8Xm8Nx++Kp{hN?Wxc3;)J=2E018OH+#KDJy_l3m@ zk*;Zb8*3Pt&ummJPfYh?3^yGvcuo!w-83{bx(?f{&HJpa73koA5sCg0pt@xiFqP-= zIzS+R4=DXP;-c=M4U`-aY~KZmUv<8lBzJt_n|CWens{-#VCV+xlVfpB5q=d&D7ci; z@&@8pH?O+-~w;>3Ap5l3$RN>urnB@AzLPcBRpYmK%C1%Zyd*q}zDQWs{E4vOGqI}*UKvhuS#rvIN;N|Iw5 zHGATM?&Y!oAps4CLZcsY(kaAJG`OzZby{q(y`~^1PYWaTC7yzdm1#B;M|!UNFHzcfVn^bVSCjNxaSS6+)g3VzXAU)1aWj*A2}u2hnq$A6!; zoPrT}_L5V#Qa_qf#Pi4Dd!C4>s6WbhX`eA0(j;HJpuzq%5~o?9lRDRh{EKL;Qg5PVY7xST!(=Ds_Cdy1m)I~M0-(Zu1P5BU{Vp8(}O@O$;hXjeSLb~Hy3cbE{fhY`5#38v$Uo}zh_$?f>tWA!;~UV!>;~d zeajb941Oo-eoS$BG{vBj&fTAoV}oK@e4rKl2-?CxwBzrrb)&jEJHKt$4!;Hxc3BEt zt7t?v>^_;c(D4gA-p`oc@4&DV4*BZ-eG&0;*3VZV;bvbhg-RY=93_0{H+*%AwYPlM zvm;fb(tf0hgeVsx+c5-4(CKc)4-`G3NK!s{@+WA%ofp{J^qLL`GBotB&;8-;9LAcH z)98)QFzJ?^z@B*#PyM?*bbFkyd~wOmzjXvQTvT+z{<)|3S}=Ch9AVxQzN=3|{st`M zvKs2PvG02StSa3Lg%9)NB>Nk^Uu)q8>TfXhLT{yLO;s3D8}gUeKb6In0b?-+W80xC zcl~#4G*qv~RMs4;TNVS1y3Lo}I$$U;sztTzdBNMQ}Bu{p#m zOqvLh{WT;+XsJN;xeeTURYpfF@Tp;H^uo0@7gC6Iutfr=lxB$J*+iZKAF>+3{qIq z#ge%zlR0@nW2t&FJ52NXkbag)#C{NP#V&6wOTit>g|>@`wScas-0##<%Iln$pT8#X zOXb)ZGg1PxfCDae*1~+YE>ZsA$T>ubU7;8_<~<;xC==XQ>e>o~?~+p09rh_UP1vCKs zSbS&(v)VebVa1W_2)I+#5fE;b5}D`CHi*zUg*mu4K;YZEg(wleJa@%tX$UKAeES&a zNg8wR@$vMq+rPdGFCsjc(AuTXVH074RsPLW0~Op(!&$d)?+PgI&b}2B6@8PJY=YPJ z>Wq5w3b%fHVGE*iP%2wp4?rvM{KE2`ay}(B3#B@MJ z^;N3uspxdkZ@p9pYpdos$Z60E)%09312@+sa&55c=tNgevY@c28<6{zMz{-sOS$Wn z9m*gy%@!)dd4-ww??C_AT<}z0Ogrk7u~KpSQ{HLFG2ahUX$^m3z~_KCBD=pf3CpR~ z2G)d~sdr!o$j+Sr>WYCNWc_n?csM)4}~Lmi#o2_$;6P$Qky5GOHQ46 z8foIN81%l_vFB(5f2(OKK4I1v3|^&KCJ0LW-rDA*1ZVbfHrHn(zkaT(X$o7Ma#XZ~ znu{Xt7J+KCYkeh;#V^2{>uyeGq&x<;j4Z0GGzacnO0sL@dhgGLUI$m1x9;*FPee=0 zx`+~ps#m?gX26^2DTMIT46e3+xIR>UB|mZVe5_+T<Qwq>r} ze$u*jm-KS90P^6-JAX#=hRMp1{P9$g!y8{84BTP&tCsF$8x~cAAhZo~{r#C0AiN24OC zftbO4Bz}NeU+hyc-vv2((b^M%_bVji^Rr~$G8qoC{fY8bI zZlDxLcI;&IWc@$r{*@*H2XWi%Q0w-GO6-RLytIp(YjboHv5@u4!0_CE$q)yk8vsG7 z%i~XN8Pnt))lLLjYd;zRgf`2I_6NhXsCCZnYzxd9b{zpDYj5MXNhr zp^TKfpWRs>_$9_sjiodM#aJj(o1rE=&xY21P=76tkKIWy&jCiAl+) zXgDkj%t}Owk=v<7H&eSM7Jiao1O!eDc>A&Q)bS40b*L!2r}3!~x7 z5%AJ;PeG-Ms(JUh1rJ9dU1@C@E{sdMgQ?sTIB>Pxk#_+>BV z;Zn}!cl&jG$j`1{Y9YsLeDp0%ucuiJ)Pqwm^!L`Hz8bRZIGJAauC zRHMGBO_H>mNf?)NvhV}SqSoUNdwt>Bl!NnTlj9wvOb_POraM)tocn0de;+7E?T=!s-j*-VyIiOm*gY zYUHnt+;LtudZE_ogIG9c(z%DzvO1~dmr#at0<^T6@5FM+*Gc-1HMA&>cq1rNP2|4Npw(L&+-^a?}d0dPUWS<6j>1hYM~EP(Qia-lymD zsw0}98lZ4U7c+6iwW_Cz-zvwMPExU zt2yH{@)3A-(^6G1PXZpbq@=;&8j?^t29W0?zy!>TjIaur(aep&AX`gmL2S(j$~aioyj+F70KH8#Y2nMsYE zAa>V<7f8$=3Sl0HXkb0D|7^k%?A@~@F1#Mc$Cr@~T>xF= zZvZr3sAwPeKhZNEGmqQ{>zhJOoZmpp36mVpzif0C)hG6JkdD(LBn|=qj38avQY>~@&(~O-L z&lB?U@|refjnAmD_q>nZaS>EMfK2Q2`U)e;-~{!eKWP3(H$Wn`B%NF;KkA$Dp~U4! z;2TD=e8A<>76*laR{*><)%vv8bB(LRB_)OnI_z@m$|3-2op7mNOvH}<$XQPEQr8)z zQv47pksLY(jF8Cr8aV5nMLKH{gimRF~rJHPJTDjdKU`I|tZd_SVZHdpZV z&1s)}l6?FzpZ9G$^d}#y*vRo&24Izl7?y8)Qtuic(f}UQ)cM#jajuZaYmDBWcndVm z`P_!gNp9HOIKVgDE1I!owu>u=1ap+iF*Ejv#jfGFjLIFiGQf7xBh$USwMpPC8y~q_ z$>4yV3mfHzo>o4z~ic$G-$Lhc|@CPeqWMdKts=tlr0`}_j>@`t4>6QPWt|De<;z^U@52)|$@lQ6!9@)fn6#92G zO;6H&^jZtzQO>aH+N4n{0gox7uP)PMJe_Mxpb6DnC_;H|5Z%xLuqFV3jeUTsa!aOt zIQ;D7=YZ3^$y&}VVqzKUhKn*iM3KfCF{-bBI&SAt_;lXOZ>$BcCzDS!q|$+E_^}nt zxG|uP_Y@miz3$1IXlk&I-p!(kiHW62^QHsLteu67_|Xl=js2j)hVMK|-gyf}a4hrq z1==X=s^-nqSSx){W)w@HKJ;H4FEHYE0a;lj*y<0TY6KX$}X`z zYW$of*cVm*-I>^|^vNjp2riF|UD2a{n@WDurqluagI+@ggq-rz2A-IIvhCe?41=;K z=Ma=5T5`JRG+KTg*r`rM8OY;}AnZ|TUBu1&NKrVQTn=_h-=4^sAsQ#YFU^U;9k~O^ zQ2Gk!wGMT=U*b}Qd$wM{XDD_u*n1+%KE%YUn6UJtuj@hzY<>G5e`?Ct23`+eJj}qY zb=cZT3G4!nDG-zrJ+U=PNFatnpgE_O19pC-A}jqJ!{V7WfyPSX`3?X&?*1&DXbCU% z6n@m}p$q@Zvv;;bqrnPA;7=RQF?*CHItBjV_v}USxeBhY=)on)3I$mS3HLF){dch6 z$rR-stk~av^K18^3XwD}Di9V_>{lK%3|Aj1mbD|$rg$YaGg`=s1OzEap)Dft&s$~h5>j*8w;FZfZ)8KC1KJ6q2yF-S4Fg6+i_`;J zF_iD#gBWlrv{z~NJ~QhD4}v0(Qt{50tr2b=Ec+Vv3RTKANT zN4V^x)YF$cE?(U2CHZikIo@mJr-ndyj%(!xNlO(xc4rkdIRC-M8HiCCFma5W8(msP zo1VSkDg1bWa%{c}YNj<2CzgdQ$a>Po)Q5a?S4w}^#=I5IJy#q#e=cEmu1u?x{qQ#AIi)#!I0FOl4~MnznGFBodb+(Hc?d zY{9wV5Q#SN=iVX5kqmMH;#KH8032RN>f4mT}mJBRjq9GZN+h z2z1pVrMTAKdYil9$PO_hq>E&KXP-*&@W^CU$7aqm!B)3O3|7&WtEO8Z8z$7Y;T|-N zFJy^8pd5W?1JixsmzTc?96iRquOxtbG!X|9ILKpMJcg9Z?p z)3!$}jK>o!1N}>_M!RUq=}VfrOwFZjDt!|BTW><>L_u7a@zT&dvuJFUu!+STElGGMXwWZ%>$8sU)**K7QC+%W9=^&A77`Y|v=vJTT=0bY^gT~Ln)zYZJ@7j@!0Wkz*)u!41AkKPR-W zcnhr`G3Cd3+ER=SzxPpnqpv|@cEmT%OUiRfElJ%C0Rc@QtT3kyMh*@<@ll%+K-VbzIkJ&|3oUL ztMH`wvWx&4@70-or(xrDthb%=%D~j`F*pD?Q?~HdV2JY%m82K2BA`QcpzpOI{+$~m ztkk}*?f&23J|KR1RCw-7t9-~vMX&GqdS@AXe1vvyM(PfIz|p2O)m;8>B&0;C(YTe` zS4>a(t0r)jC1Yl8PP=LP3oeMWIH;+)M|ghnbP-DFeBCAcY1m@Vq-oDSfiS^M5e=&h V%Q37BX&ZQ)H9u!o^0!;e{{f1NA8Y^s literal 0 HcmV?d00001 diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/baseapp_state-processproposal.png b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/baseapp_state-processproposal.png new file mode 100644 index 0000000000000000000000000000000000000000..fb6012378dd580b0ced3ed6809288d9d312a2e96 GIT binary patch literal 248588 zcmYhjN6!4pvn6(00tBIf?ga>%{(%;RcR_E4G)3<{Ie8#i^tR~99cU4nXaU-WX4;2# zq2%vA0m4^b85Wr&Gb1BToH$wkn`Maq%af6e{Y{?8?LhHi@*Mba{s*h7XsDOy8R2~ z|AipwJpcV|(rQVE_3yFRz$WnhFnyb{DZc;ggFp!SZxH-%DCEJ|zfcAy!4pRPjUagP z&;DsujQ`Of{x<{~_-}feH{&*~^}kRSe3r+p=)o)444zFFJVoFihW;JK|DF6_z*}aX z`ywndwE@>4;3)YwN`TG(O_e-d`xnB2_kGh9;6*I*Zh8;l>SY?h76FFnzoGXJY;@By zU7G)26Yu>LTUz~dFD=?iD?JIw?njCFZ%Qe0>gjIn^889F|R4K_-2mmgMH022}L;wm*V4c~^}|J@a>puxer!w!`o z+}9H7oVa{9fPe6a$ey>hmZnVbfh6B6Il7i9`2w6!cv4=VojfdXvV!bR!G|QIjgZt) z=xoh|1_!a;X=0O{k2~)jjK9q%bL3!B9C(NOvNsI)Dr zHAaHnKo_$PPBV}RdMk3iLi`l*tJX8cx&uF$QQ4x(T*j2BntAqr(VyDhVP?YDCk ztLNKjU>JIUPG<3s4=#D!!|!{$PkDxL+=Z97`H9(>n*&bwo>KOZ50)@Na9xmgxvNgN z%|R16;$_)Bo>jNI4-p}!LrTp0`-lNGT;glbiD=9305Lt1f)gCLZtrKf%J=lUhzLeq zvG%r)&Z!ursR2%{i+APYfg@}J32KXhlk z&cKA*$^)-=UyrzKEfgx2;t|V1xn2JHj>yhChT8XTm3$_1m=Q3`*^T)2Lna2Ig+J@1 z517#@C>@)qS^jW0yD@d42R_!lXFkc@%e6iVn43^&Qkr4Eh+B!tgU>&% zO5rQa{9Z5b(EKuKaU)QZH$}8i=9gtcN``;EuC+eLcXj!rQF(r*udw@2HL7>%kYN}x z2sJNpOhPcWZ0_!{qQ7o)8lNdsU zn?3Vsa@XVpX}^vI-d|A5N|h`yZ&`}1PBA=_3qhLwo|^s>@FtZ>R}QiJbxs({<>(bo zT<-nek;Er%vP5_)i$QnJN9Gm#bycV&{nmmadnY5`8C;Xx7$EnsS7Y%-oHZ&su1y!C ztkEO)1IWB8RfCi?_bdo!;&|lH@8?&zRcRvPig6#z629yQr7~1|oh0_oe#-HYIE}eO zvg&>bH=)SCYciNvw)62b-7aC0E*ZFMYLaAjRX%*0*MppQJsVI3ZdQ4yYqi2K+ooqh zeaVV6<18?4u>x<_Onifn1-Ed@4Vj7z40qu3qKvf9}vDh5`HI-1Hb@`GK8tJuCWT>N|vV z^Np$g=_Oq7<-SLFtk8}!16`*k^|`?HdYP>C{HfBz3@!U!_x(8#!w&+`NRWq#D+~%s zD0yl;N6!04=tEB&bCP;8x9qM78{COnzxYSX(;f>xAsc+FJ|@;;^jgn7H}WYgkNM^|wh{P5NO{XDo2_v2u6*kW*;^D76nBTWB^nq9-dWszFie%GWG;)8 zr04Tm2Uxff6_vIW2JJz3UazePMXa@Pk$w97hhkSJu1HP!g?ZXwa>3q8n*rG$9 zejf}UGs}gKrg<0*E}D*L>_=*yNZNN$DVsHvCL`qrdsaG=BB(Zs-h9ez`B@A*D%fG| z7U){Zd{vpp<9WLbXEmr=9fHGkF)}+?YaKu-5bz-tX^htyed$U5oz{%-DsyxLJ54c~ z%TzR;bR_27!1Cs(6h-^S915U)Hlu6mb`Qa^D@5*>pQS2lzv(kl4cyH)%mp(62)$G+ zvV7iRp^s3phLch8A`vnRvW}{r>kgC-5|u3NatMBaD|=CqfS)8oYL~QD*-!_chrYoH z#~2JVJK3-`=G%J9hhl)wt!bF6TYQu&UnIDOy9kUVtFjKn1=A=}Sq0p?R8_ut;K1t$ zlpOF2>Fe=H5uLowgZUUO>#Aj4)3kA<)voa^x|9%WY`-{{y>}jd`v(^ctFaZGG;^Ye zr+OLRUelY^(-SyOfBCM~^pRRxsz^1F!8!j#VIb_!VQP$mDICm+_j_q0U0Rc+hSn!s z$28(`pM^uS|6{|y4{-PZ=)j<9hv^%q8%==^3-O}Cj6bf9gHxjQNRWoSI3n8kFwYXl zJ|8kS&?I9gW)J3XmrktXc8^zID{Jn>8IY4%EJ7plJdxH=3huc1`MwDqREOO0par%D z`u4{rNttXA6!1BF@N32g+9%H+#jwQ)>D_;;&^q zZqq=btJ}RmN>s@YO!4bbjcI^mW;Hl^-R6iGzi9PZHP=o3U~^8%GH^32x{U+t2wu37 zTQ3(LJFpnht#=dR$d}Vz*S>+>{F>?qzjDKMle@qneKXpb!gAm5J-G!_C-e@@k~-?P zJi3Q;O`j%AvyUfpQr#bADA=-#-+h}>-4FaCwj*Pc03x8OcVz6@?-J;SXkP`YeU|HKkNk@M*f0j(2V+WQ|&b^Vpk&u5tBtgDl8k3k5c z9fs4EiuekFe%L2@e!Ulthj7tymE8AU&7aY}-uL50h9f~nR0MlM!OT;caNjNrt zy1i$s_v(`GSi#QtxmU4pa&J^6NQmF!P+Zdqvv-2mtglc#`RW`(7)?E@~r{BHk#7 z!{7UM;%dW{Ki6V@180$K$fQ25NiI0#=&?wPob+JAT9qc(+7$%c!4nqVz2h4rJv^|;mAgIy;M&R7=w z`;j(CVrOl@lV3d(xbE3*@(o&q6yJWy2AtI6FP01tvOYAc6NzJb5eKo>9Z<@=1^_r= zQHr!1gGpZ*3N5D0Gu+jZy_S3niz$VF}P|Or)Jrc4$)VY1U7F82z)T zXxpgZ7(Z}ky@p>XGl{WL%DMI|wecp~F~XrUpyq6}`Q5ww^=E-GMXih`i@DN_dPBK+ zx^<3eeK8W83J@1to8QQ<#K;B>wlMB)-!`g{QE<`*A>cVHZX)H&ck)QEY41HN=V54O zKKxm>nT~0!?DQ1G7dKjDMOlUPtO%7)jc>{&4G$3|1M`w%+mfZ16B zj_TXzr*GEDc5b&YyXzAFnJuQUd`ZuD7qk_Z0Gyjv$Pbg-(t)sFvDwv4Y1&>BTs2+a zP{?&lqK}T5@hlYoawx+KMlK?!n(W{%A zb&=lQ`TFubp63EA!-`ziU!PBqcjB&N(;X^~0w$#bOMhZj>!uea7}w8XgzIS7pIEn= z2S`4NgF%Wd>`CB<4dvJ=1^gtxytmwT6!%EFP92O?u^i&L{Es)pDOSu=BLReaY#s92 zf&TqWJ%dOXv}4Y4*NF~5GW4#GA#j+@MU++o?m;NIYJztn7qLPk-`R#bEJ$LdQS096 z>iJgrJ9IG&Z0GalXUm$l>0uC)8z&bcc@L6iQ6gVtF8?g_tPE5S?m-EjItn1D>6e{ zKAR@{@H=^Id*4I>ze;AO>&>T9kAYgX*lu;6da7BjQm**YdVf7IKFjS-PdPHO>~7GT zv8*hA{eqb%o9l?CP+lWfIDbjIOc=2<06+luZJ@5knn(B?T*!sfG-!_gJ5b;$xE&?G zx*NF;dQsuchBcaEWniv3~@)O%kU{ z6{>O$z4%@Y?Mkb~-XJZ}thIHlj=?ThD5ZnekA3gP$Y>fQB1?RpqOD1^@#8iImHBwz z$FxT7U56)K=s~@{*Un#%sf#FPQn$T__XY>VTw}uzp{-vt zqOTkJyx6wSU4`R6W^73!xsqrIa7FH1 zJDP?~Oy8RM=V9X)f@X@!*#OKMI0hXN<$7WMJ$9a+_Kmu&8ly5x)HNTgiBT^_ z=Y$)Eie!v^#l3U^`&tWtVq>YqI@FVDpsfh1q8p+J1$a$A9e}c+&b+Q17oNZ;VB#c6 zJP{v62FbGU?WBcZ`Ozm)vWSjmB%Mwc`izJM%a|orX%~>b2l(>o&W~x>4oum}aado@ z8R{>~H%{{P1$hE-NPzY+XucV|d23UCzTP4~1|7diinW8}T|?Ioh;|Y4ympyu;S({i zsfQBP8y9IL`g18hk#)Mjr(=nv9NzZ9xFEFXrMHR>c%VB!9xMHEr@otU1FR>Mi$cow zkwMWIk5U)a=R3Dyk=2BBuv_S?wCMpNjB@QGM2VUkRoC5bC?J9L9Ps-&smH^#aCtNBR}12B9f zFQk`zipgWgzFhciuyG?!SM38TOVUeOi0twS^(wU~IoOIf|Jw+12`>B*_~)DlAF-1( z>rK7-QuMxVZxb@Z^92*va+%>RtSG7Epz9bgm# z#)Y0|kcY35O!~gO>>6p+O?BcIa ztjFY|lyL$lT69Y)V3UTCnJS5B#0>prb)6*Op}JC8B}>!O_*s>PJmfh1Q+fn^CM zbaD+_pi+hEZSy#%w6-M8LJU%Mk~vSE`0>xdg27CR&n7!xvO{oE&ZNPr^af>!`^$DfW!_S;e?u2_OXI21-K!uo`(s09Ph=#Gi{S?akhCR-~;JH=6fQ zXJ}Ps((Jgy)?Oy%Cii0GK5F5|LYW`1F$*Ud`XEDEE|^hBOfclRG15= z4x{72!oA}kfMtu0T4UVpYEf(l zI1B4BCH2c|9Bm`xf($|=!E%k{*tmb}>FhDYE<)|Q$_DzmBoLl{K{vWd*XMljfCLXzF-9D9rsEbd=W_-Rv@lAaUe>q+BY0O7e0*j@R7;-!tgZkl)}8Z zz223=8}SX~UVwJ}e$Ym(qrFwWfYS^W4w|*~;SKV06mM!ryP!-yc=-WqfC-iUBnQmJ z`i6bsy0tLn=>*RiZ5`UkcE6ICz<3<%9t~QibOCA7w3-kynbCHJQu!7-*g?*oqF;0` zzp`flMHFFJxlW0tEGq>67`v4Uel$s(p{I4@C4A6Ruts3;H?T)R*3wc0Vg4w~tkjUf zEhQn|K9#Qis1yZJ@B#a*&-d}Rgtr&(4&NT4*$|2>Z@*;E zmTR3Q`$JdlQMS!a1RNpvp~mi~|Ac%2*aZ|hX1HN`Y#HVS*O21=;za2q^I= z2H^vM%hEx$L4SlVo)Zk9r)4bEcwf5LdLM^#O~?h?o()1YJuU=ERxNK8xw(-p&2mVS zdQxC%T$Dkf8)PRY#`XeQZ7WB9l>ykE^6Mzx1&;#`n`9>|0;J7v09-0Z!2p97%ZL?F z@&X&sQ>%hqFbo&jTXTKW;aJJ}Zk)fIVu-Ux5ku&p@@PtLoUcRAK1RZ3EY7-^4Q;kK z4_8Ji<%{fRmO4L+Z|MC_V?jYscQ7Yo-6+5^(?R9D6pC<_+&>01KkA3LD@XNOLQEs-1{;f zJbsS&b(lw;tDArHpIQs*`r}YpUF5Lf&0Tu@1enm-Z9B?%?yXpvFT|X+O5JoTbXQ4cH#P#5c;3 zT(aRI>J0J$`i7ihpi9QXB)HI4n|KfqQfXi8eXZBxk zu!$|h0U^-v4%-6NgoqMLLmY^1INL0;CK20wrcY0f>NDOPZ_%FR3Om!ub^!#kP$o*o zeQ8tJmpZ?WGVCT4s43znLn)oMKK|D*aNy`qSlzMLFpN^G6hNv+=C5ajZgh^kuA59%cG=sbv0(3`150uG# z*0r~cO@hfg@D@bV%rQpHgd*EuQ@t0mBFLa`?ppAoK`p+O)8gP+m3PbPuYK4XSBnNf z0EBj{*;;0*rvyKRIfpe^8&pRnI+9ze;rK&+$JAhu=Am{1-)The?EC1z85HV7m)iF? zN~^|OwS}*gzq&es$ztk?Ufa|o$-IS9=l4IAbwaXUUCtN%U`u9$Jk7hjtB4cgxGe;8 zJNPxkcLW>`jhdtmF8Ri^c%_s!w-OK^0WuSSz;rpV6$3g<8K^J_L`5@212`gx&JSP~ zS;Za+C^kU0@B!LfO#oADWlD%gkm3-D2V1#`-TR>xgBC%}5Y|O2(6oW|G5BN`M za3KF(Vg?wsfX3|2T4>j6($>_Nt_dq%_|S2A53s%^;+1 zS?#S_@^=QcFT9W}8LmeDtmKF;$UKV8p1siAwOIn_2Et`yp@h>*Zm$E|BY) zbU7t*(@8jlM2LQ_+nEsQYtRIR>D)ez;+IA(rJ=7or{^$sL*T-+I5kKVM(;>r;wc)@ zjK(&>4EobU!;hOvf!!Ih(qzmfe(JONG=6SHR6GgEOROMH;&aQDesk{{ZfhBF;gtch zS^Fh$H)Td;O)?>yy=V-Q`V4@Cx|-BnNjBiP@g=G;nGz(z<&&?ht<6X;uI5^NU~Izg zdI6rq@V_{@Bz>qZfRU%)bt6+c-VA9fe28H zqolpO;erVY--rZcJhT0%^7`!b3-=0Nn^&AyKDQ(-gRF0vJFg#r%LIU}PL{tY7yroe z(xogr^+qgFn-hy)DWjivW{8TnL0%8yA2hz6N1czNXVo{Rldn0y_oz6B zOr68FY;LAmV`aOaD9~%?-Ae#EZrkq8$Sq%h1l;uIdU&;D7ma&_qi#U^G#Eu*yxnNS zq`KKI5mr)LQml*9k3hi3K~bk%fE8ej0NypIH2NBV|&zrIw{BA6qH=N02N+6H1)N zTnSl$jsy&s@QV<0Dz3Wqb=yFJe$`8jBZ>{l!>q1v0FmIThl}ks8Ycb0vV8I`Be4-` zRXaQb@X4@PA>KA>GR0YfK@(=Zh(KmH!-*JNh<1e1t&BEw)DpCrYC{P?;;5I4i6&PK zh!xiJVzJCIXKGt{#>(FhD5XI&x43?mw)f9tL0Q19gB-xv``?>mQn2yCxn&7n#C5>E z?{0$vE!PLqb<{f8tI&<+(n`0ZPep?$a-3t`X2wk1Nt9>fXS3!;)TpguCU`<#TMbbY z2a0{b3RSul!vqjhEaXzksvFZA&{0k$FZO_G4PMX6wuT9%Z(MJEL6sRDXuSRuF>(JI z*&tY|@V&8=U7p_pXsTOy=Yb+(Gj~l+HAoQPQm2zT0Gd#2oYHP+TXpCuAT=1AB|I}#RD?qSo<&?1jGsrD#m;*)W8r}1?a(lE5}3|9Tle!LOj@LVhE_IHBn~N zsK+Q{7OCE%EPVt=UHW`*TZ}Y&wlNKqvb28M4IGr9ML&vnJf)>CgjeQSPQwr$4gHk| z&g4{HJDA>+7^lFfmPBk_6*&@|N*d%u|EVs&RIXA+W19Ew4%WZ8dLAya@YpZ%Rvxq* zBoZf3b5G#$Ugy)*wA!!BJ~_7!&<0gI!QdB1=%+_8=mlEgvWZV z*OI9+fJ5OUpMYNh7x3ibZpWy8#t?ep=-EjHdR_E4i{Tm!)52W7Jtu-5P7D%o+I!7k z0cc5eR{Z{cQg+B;QDlf?9_dUDowANIsF4T@bV!#(6e(OX35<~HClw3G0}2H7j#DY# zf0*g3k`vX%>Z;>Uf#Lpvx8Du)FF+^_TA2GDmqs)0JAVUsfT(zVG)T?vqVPKUN{(#P zRTGGg`rvi3jcYvzJP%;}gtD;@@B+3*IQ6;}VpoU<#st20HWQsTOBHY;1L7$^NE8NX zEy#*~bgnY6=h~;nEV>hFFaWhJ4EccgLnGkAE5_9ui#Z+*cyCtvoeL9c;&durLi==( zKJMr~E^C(C_$Gco$V?4{;cp7=AnOZwnyLtb8jf_Z4lM}UMP0iS>^DjMmvTKb+eyYp zAdLMXum&Lc8)XB+&J~vslJ56*s%FmnNU=&ECh0qQtTz>^Db&`#5iCG#&;JZ@Wb@$L ze>lqfdTIN!0q-a51;nEnkaQ$x%r(?xv~vzNXKtqOK$pWx0_J}Mscqoz+=h?}gEbB{ zt^K@bJ$$-LwSFjU8j7|1yi(^k0tI;s^auBzFgz<^W*VAvYHztpm_q!_6AF_);e3rfP7EIuWClEoV15hMO&I`n zMrj&b=<=clCPY%+DV1+^hMzt-QpUJgWwG)po~1YAk0THZ1vGdagn&12Ol=Tgux;-8 zU|Rt6tfVxV=oq&bM3cYyQvwZECw^7nYgodhHA1Vm7ezkV?~1G#C`Q&(29dG-d>HH_ z$8s{9nUH?oG5mG1-kS`@ek)P|tonK{*$JsN0cDWyfR~AudBj)i zQciiICFr5>Y~=SZdW4z!rNP3Sv1d380a@0;e=G?URNj?Ff-ONUngV6L?78!GQ|V?L?dmBs>zBLu}By0baEVPOk3obK9uLXWlB96~-&(%{C@N ziE1vtE*8ks<59%NAJ7!iLL|^1sCNcnexMo+p1`8LosFe1WIskN6aX7Zd*f*jO#_A+ z!~QVVLfH{u{oPDIkR7o+E5(vTIY=1@KpjoS_rn9ZD5kwp#@g*h4LnWDuuo~B+zC|F zk3L%1r}+_6Ssi_R`Li=tpf1ZcoXquJyGoek;lY(K~tXu=1Fo6*JF45CN;CDhP<;g217@;l~R_U&V{czOkCbfEBY@Ab~s(_9DR2X8pq~ zrK17|1%xU1YAOLMWtY}Xo~)C|HLIwmlb~kVS|G--9H-{fpSAZ}K~^W2SRO4wU5_ z@_?%Y`Jdi`1s%5C{7BxQWH&{N43OKcI4pSraQ~g0y#2by%95A{#pFT%t>g8SY*vLP-^gh`qauM2BcETN4v`#gUqYpIl%6CKd1^IYqTL6Uu1}*|TSdzH;8pw4rs_z4k<43$M zfy}=E@)`5~MjMbbX6%Y+@k9eDmJMLwd)Psi(2p*^-QfOh+=fXiZ6mjaQ` z7En4k;4BR}{l1xG#+$5FNyRyB3I|qq`Tzzh9L7OdyH5(>%6Z%Aj1l?_F;B;QXt{*4 zjBaU`A@s;#wMnxsyM_v!6wI`Seb4azz~v3rL?BWag&_^fSXu4*A5AY3Wx4H)+G13R z<1Bw;=tsfKfp)I%@KYh39zs}0L1CnFxR!b^K6uRy@E9~Ks5Mx(Bf~&s;R~BaqEk`G z&pCQHH9Th~of82_Y2Z!SN!B?Wup`p|rJB5PW`SfT1iYMZ*O0CN;~hEgSHGmYV8)b; zRzPOFb?zhq84engey%v_<{0^~58f?d!g6;&t2OX-mV1FY1DTE7tJND!1(YY0VDK1$ zSk>c>j5lzrcf|z79SkGP8%91s!vX>=TMLZL@i4oB3C4=1?yzHrMkhyegJfc!0c0sv z?C)}>Gs-@M$We&oOILpJxV`ysesw0J@+&27dyO2@ z26hB<#Quz-G}jiJys5R0?+@XvQ_Yvt@Aamj$Q?wo3`Ozx>41X6q)Qu&2@CbNIS zT_yxNE+&w8bLGeC2M6y!b!eOApPDtBMtMLm&_ShCtBCy-xcV4=vpYZpM^KHPMIs5y zrQUiVTm$PA=z(-`3%vO*z^w{9Ee1$RJ{p&RRUKDU89;`Q&Gn1A%=x*1`1qk$+srQF z)3$sjdvMKk);xdd_0vUE??W6Y{%Xv`VhhAmcG$drI{ASFkL4YycAot0cF>#x5WSUM zCkK`}!oQ5zANvd|NviD>T}AV?gDrTc45&wM0T7M48`va*PGd3V#UyaWuQVT3AYrLd zu#V6c;RZ|tiZ|k925ZCKl$d%v9Ia2L1BFFYN*K+TmUfU(5PoqO#r(43w|pqrG;H>% zShIN)QxOUL2e-cx2i9nSHJ-ObE{S72A+KQ+i-r$0zp4KMXY?-sm2z+%0RkoT{VcN( zyay$1>cM3Svjb7*zi08a9@rZZdDNIYUcnlS#A;U?slGe2gO!WSlqx5UL`AKCM+6># z($G+!Cz(gEexUY$M{!h|l&doodsqvK?#vT|TQi&<_tmJ+qF@w-{WMqm;k2_|B05EY zOy}feh1fdniyR>Vl8F^8JO)<>j@%K_f5$^}TTM0uv3r)xs9?ryJaj66^<-Wex zdZu)_?;>GrWg&-b;od+Xa|_2u=tL@k(j+V`wN&VfC_dkbX&Ym%;~_{z`0%qvk}Xh~ z*z=ye<&JYzCBbE6w6;l5hX=ojRHUgm^7ounm_0t|1EoF08Jvl(-<%QoO(X(zYNWRWl7*j z@VM<%+@lnyukDS#Ov5N%4xj2IC(L7GUj$dM8J6G|4F0;{ng&2wuvv+TmBMb}9E=Z` zl)r+PzhmV z&NX^sX9mcb!4wNIo1J^J(%{tgQ({uPjtRT@kUOo?E^6fT(v*Imf%r&I(Tv!Ob~DNO zC6H}IqJ!%Zx!aMNOoDQ!0x|kG@10{%M&vn>3`s{8R^iBePBqTJZ7nVQb z!Bm#L(+~&1jewR@nKP}{&p?|8fi=ox@_YNp2Rg*I)e=5PvyUG5Ey{!BZSSSqZ^IsH5U`cMpayE? zV=;s_%8aVmueJ)mP7yGO5SW$`{*o`*$M_wy7RPydxAMAYgSuL$!fZisfd5)QT!Q(TeI8U%?*~>`CvD+1 zgiBSe^nvjPH@rVEmVrewHk_n zI5O+}mgvNhW5Yl7A#jbOam-dROK+ShGjPMKxDCOF5}vZg&23ftB;+v3=At)pkL_bS zBD^1h{185l0|GZca}o%->-(#Usgdl9h)iIyk0$NNn*-Gc?QG|$|CH`2zaUesYWbn@ z?_HqvRG)f>Zint;`i)Ur_RZ`X{JMyeKz=n^?_f;9P%cq<;ty&CLv@oVeLT>2p@ZK( zi7m;0z#Ih2qKi1|4M#dFb^7)DeG*oo>7V!Kas*T@@*n<8Yo|4T3adh`kYiuEz*7p9 zCbQtz94P)|Lem8S13C~2{C-8suzvJ~K@epnY^x!u$#Qi8!_4~p#NGAwEr>mnn`(u= z-{PeA!2}SyL2YD$ED(ZXRP1P8Z8M@)EsH94aS{51LIxZw^C0uPUm~RO_ydw#sUe1w zBhg&qNj5EiX$-0%S4Pr2_>Gg9TdQwMj;P@bd7%72`XkIindY#b(F(IYjydi(sQ{W^ z20vVo2!kh=V0GW;(o;<7A}9=aquh)ZwFY#1R9dB?h5`it2kQU;+zcdYlKS3>kU^;Vb@Kr-O#oK_AHvxKNg^ zz`~n)o?IIg=}B0{Y7`!biNmmz^yB^lwOXT;IA+&N9sIIMwI-k+620udr9DYocy|pB zUuLcYl@J7I5caEd?tu45jug3ugb*wqo)Lou|FYT`u@9lb7I|E{;TK5-^%k#5F(bgI zdg%{rHY^?}8GRA_as!EtAjJ`wH5FAR-<9m~EK;v%g*S8M|0U_Vwj4!b=r57OBba0| zCi7-Y4km-)>qqpQ(>vSkfH72+RMHJ^Ao7Y-38!|CeL$n%A#XqA&$W{1>h9zik~68w z57h?5Sn>m&6-RyF1u{4$y<1Ha>iyTidK&u4Bl&w3OgQJTs;%#BZC}DCuMmg8>y|4* zA(itH=iERzds?w5ajW$1WIy3~+~KzReU}jLv(KLz5I|7_r!Ma4@TnWOaE0$j#FFP7 zUOyi4vFC8nQ`+Y1C&B+1ykn^=Q3h{qenO$Y@nXSN#kg?1!rmN9rfag}(2T8+3h2?^ zNF4OTg@z*T$eVi{4)VUiQ17BfMLjRQ`;~0+H z*_B@6Z=pI~sg|htQO}(E6xH@(!>@0e6_ikT1h@8kG6l`fWY4exyxnA*gmApa%OisN zJN(={ELb(WuR8pA^_@4eA^yu>VX~P>t0E&)gm3ewoaq8rO~BcJ&nKIBlm-5mI`3J5 z?elIy?=x;VQ#h~py`!c4P?`#h?fOB60`JYD2N?iG>K&->zBUvHMe9UNt?E4SU(QlLgZuX=g+ACqs?zbIDnFgWjNUY z*MeX8JEu+%PGbI=a%dd<9?|TZ=M%#na_o1I=#e)Q58~nlv0utZBAI!0;2BN|$M)5* zY4a3ai*Q^nT;eDT5G9R9jWtGv1*nGtRJHC{{8y!b0FtH=HcL?a`fxKSFiaKmZ0cb8 zyzOFLGrn_(QlJ5KC}Jz#I{Wh*nvbO_3vBav)c@4DYAPxJ1kkc59}z6wym6EOwy3lL zCW3cBM)5GL=qcWt;?QveDnEw_qwew59%2%0e-QnX*{U$b-xxA#v(_& z6?LS@RbbBp6bIbHYIfcRrsxW^y0-5fE8u2QwsYdWY1p%C#w;D~M?9dWNnP{ZK?CSEFi`OF^` zG^y^$Piglu%l<0&OFx3(u)HBHisT+hAzfr)%+oBeWE^nYjx9LwP}M&|!X`}S z&h(WOFDDWYXl>r9VMesP-&k;V{0IK)gF$~3Yt9uYlzc)#`UR^x_$3!5d29bxmh~>b zxv8vD4FNjlkZ#5~Kxg0kOOz#JX1h-@1OmoW0T2}1&>K#T_>4%n{k>$4pW=7oD-BIQ z;-nicJcFBjZ;A}HxR%BaNKd(_xsYZl5+0Bs@XTxvkhw_gR^9o6bpa$J2z&$d5-R-8 z$?xmSo<@F`VMq9Vr5_Jzdj;G5rC9q#HuhcZl=i`M;gPb2Qf5N3pFH%AljlF2aY`l> zNbNhyMSHgWaP~%hNb&wx+gt_HAO7#3B?`EAG(2@jG3B0mK;s1^s^^%e2d~}in-4_}Tne;0my@?8V=Z7t^p&@?IIIQK>n)Dbm{-xe=dZoGvA`y~Ji=32@LTD`mL<2ggpyKE#0I7yF2f@>*s$SEn`cfmJgQM=jl{Jr&LY(E1=XIq+W%VG7zMyTh1Ir()fE}F3Njs|@-U+xkvTz`YJ!yubaxZdJ z%o_ism0)vqKf@pUYAjDj!J#pY!ZO@xFmZiaTLsEx4}FHekOMdh*X#vJ8xQz2NkL0v9C4 z($6;KT^&W9>+{~k#kM5yY&?K4(oQc(SxPv24|m>yC-XbJ)NkC%$k*}}MR}zmTH(aB zoAnmM3x4@jICJn^2yX5%c%S4NCB2NnU-^R9TSe+(`&fS?=1?aop`t*iux9Zgkm&gj zscHUhk;W8ZXMUG5YNNXzy~zwwR$hyr7g5(%Umj!tc(f=W^elHn6#;I0VQ{2s#<0y- z)4%|1SPJDejsb|jj-K!duts${bTIkzjm!}S>lV#-9z5>d$qUf$oJ>@$2v#>3S+obL z0E1Eh*iURgr|&}guYx7;T=`cjzonIU5%lFSS;KS%lJX~xKB#>qh@XTiCn%;uJ!iOt z1z4AF&CZru!=W`SI`^Vj!9I5@cKD6h_W`-Dy4@5sV6x)&)yYqodG}2RSa9oZ&07WX%mgnhm_*b0;@5vi?e|)Sl&+a`XMyUg(-MldzU&TnQu`p2 z7F{4hOR&e3B<@v$?n9UKn{77VGh)KmeKe*{7IjZkISP-VANsNsWA^IoU>As;AYZA3 z_w~M0MWm>f6#DTq%9I)|nIv_r@4F!G1!p>9p#C+onK zu$IUI5S1~c9U7$*f}a9$Cv9B1^zQ?bv0Jba(2<-X-_l;4Z3&%VTc zDd(b)7=Qx{R1GSsAgM5irtS(bv)XMaQV`GB-sYWGP&fd`lFE4%Z(*2(R4OhJ5Phv{ zbvpOp^7Dzt(B1{6BBun8k3P>TfX0iCd4u@d_vk>q7A_C$M&MW~(iXMwLH6+8pCw3b zPkkfbA*H|@Rseji{4!;h_)z^AE+}wUHM{E{<9UoX zF7#d^g)n(Ud&0*0ow1d_q2BL{YH2Py^Pj7%V*hnzQ?nNlC%72AgF%jrGAaQYrvrty z%7emJ!@aYRCp?SiMN!H26TR;d{K%lxN_0ueK7}Tp09_}2(8)ERl=+02#uITvClnI# z(YXDLka+*@t?`e(M?4#Npw9yHj?X_0WJmNX9JKybU7GpyYX*b|jdO;L?e%z6w(NZx zBmw4f=#Sro9d~6k;ULfs?RhSN-tQ(*;uACq=zi@pQuCn%a(O1a!tm*jwHd1Q{F0Ab z$XLR|o3kRdi1Tr-Wq_SEylg#}bSZQY&9L9!o*fVVD4LvLwamnli;dO~qtlo5q!s!i zGAQF>R5rVeBXC>&au4nh0LBhSy}zI0hsv672iyQyGP#EcM3g%bf}bN331~L^))^JF z-oN{7tTV}v2fyG#)nHSF!pQY++zTnKVfWzN$Yrdo5Bo!L)@%2$){cfViY018rpSJU z0{bJ2At?CdbN_Q19D6JhnPA_gGBH4Ah=tW{2~ zAptQ-Sr60W-pgjDv1{$Ob{S~J0Q~%M zc)zp4{KbPJ@F%brCR)1I>sr>96|4|wEm_HnIWL8yf7g)n!mJA*HQ>(PHa+zFI-lgY zxHB9T-3v+hW9U>(~Q zP-JaXB^L?v-T&dzJbxd8Y;n!jDBjK`6xY`%fTaprC3jd{WQx)f6^-pd6 zzitc@cpB_>B%cFpzVasTWcC1^&Jp&OiKv*z%LZl~KJvnvQv9>@$5AU_#MYK3Eg#^W zuuyTP&i6~OQ8!UCCj*JZZWc7sgvhsDD_fs3!zlaXz9~xkAsn{RhaYyhbbK$K*!@Mv zY0l!GDn0DuJep0e9!0_$po5h`zmRuQS`8&=HP5t39=~LSw($7FPmoB3q8i05aF{;- zUKQK3El(TI6Ed7jHS0oCOQf=zT+khv)9+c_{yxnN5tFBLkV>M=3j?VZ)}qqOD!N}f zrab|O04!Ed9fmTz4zKT5tJW8Il;?e)dA_K(lpGPHoCt!Bj zFQ8e}`%VG#dIJ3l9a0Ims{Xdplee>2&x1fAyHwPj2*aAl3-96*nu_!jI_hsBb>J0t zC9q-L6a=9QcmGZ?&B(;P?tB8!Fu}%Beu*|czET9b*q;;dT!MATbSZv7zDg`5G(-LH znJhH_VsW~v7B?YcRg3h!Sk|0sRQ$yg?n(k7truuXnd20F@!^$|wZ^NMT+8!H9Rb2>!jx2jhn}fGE=; z&oOw?pGM$D!iVSXxPE3A>lDp*MzDpgVpKoY#;$9XVzo0q%%59 z9f$IpOJ@l;oOcKs4tt6#smTv3Qyc_s-3kz%HJ_2Ykqw!>9kj;5_Sur2G4goeg224q z=%&-4ZV&k`j-6VfB_iMeVtL;7;>g~WU~nvl&T-+WmA`&BE<#h~Jzcbef{=I6C{!~{ zpep)D6NwFwIxeoOuQFgP$$V@f`YJ|`D*SY9Te7}IJqKd7mjy?aO+j5>HP@`830LzyfB`yf^F&c$Mq4lk51aF7Nmwd zqIS|(FOV5X(5;(I*a1z67DAWP&%bFs>HZ>sZYpgc=WoApQW9J4wS9f>O%>V^2D4Yz z6bcihpM8Pv?hI}op)HCS3mUMhzqKriE6wAW?+YFDc`d|o(5+ViaHS$HMG;InP`Xs6 zc^jxW#$&GQ3QMsiERnoud7*0N>zWDzz>EUx3rDNad{HYMPSkJDRpAYXcTUI z_=lhIo>G#fpeWg}Y?l)J`&tO{TMP1#3-iFnoAkR2B(LYbI&U&jfLNbn*y~L~(BMf_ z(?MAg<>hL>_q*2tRSo!m=J&0vnLZ87?i*dpi@ECiKq@(brA6o_*<)SY7YFw-zxVL* zn0tVJva3svSmZ^GFkK>XZqzbw?sI56vWvU#1Jsr7rR>{+z#=_aP!1fSr=60iW^6m3 z?#8P{(--4lHZhlaMjq2KjmQUh!F_c8TH%qI7Zc!)2ReIu*)I|0Y$`}tjv$jD95tPA zv#)Z(yms+GlUT0f3AMTGh6hJYbA)ZL+B6ZlkM@uYzGjrxe@3Hu93?N`}q z8l?0RC?d-P33UyggIq3Pzr)!*XyD>B`OQQfsv&rEt7O9q(mYo0DbRaz2jvrIIwSy} z=%4yMAAGR;aR>q#5|TgLJl@_MD6MnaKIWeL1OEGc1EEX>vo}o}de3CgRw}-h7K-zo z-}mj&jShCFvvv8lj<1EyfJt6Rr71wp2lqw(L^hZ!eFEqaR ziGn#@jCkg#x_;=3YEdId=RWU6oz9vso9*V46ok%YbMj|Ft81$5a1k=`6GJiZ{wBfx znL`WLek13l;lW$E*A#aYWV8!e22K8Sj#l_>J2co(7px?`aHJ-t+9 z6Cfa@o|>`CCMzh=)g`EcG|by5`w*#n1$D5uuAGS=1n>1h5}kZ*J=A>pIBM^U02rXpnR0aRQ-v`8qkq!b+3IeWVKs(g_H}U zq0(NmP*>Ck1^<|F!A?%>F2t#Y?}zlrw;!lOHsS)Kk`M1wnH9X1QRCe_L0t9w?drPu zNFTrYL;`#)f4hr(oe-NdnA#879!V9W3>$e>ALC<|$bu$Pa;lJf z*eVB<85Q~md`|}M61ha|9^SK~HBm&>E^#b+*sLhm2kH0oTPM2*lYE(4A?f{7nF5a8 z;nncE1lXhsz_K3Jp<-J;8OnR7ns-?}E?QV$-P!Qw8>%7_VEU(--HmktIUo3f$vr4Q z8bz?dLnHswj)j%&8Txx$Vp*a_8=~?`bdp&#RhV|FcbEp)X$LLe^8uol4Bt`S5IXz= zrU6Njj^{Sh%Q3!f6C2a`#9N$#{Ko*P({9NhC&8AD^y{qw zXoSF#eBJ3Xh+BWJ6MPoncd1jIjIxq(tC)9?R%hhV0$aLUOT!f5-!w$Nzzdu|eXpRt zHT*B=AaoN1lq?5LHjQvam-HMw{344({Xi3|FZ-35=GRz-4%szuc6m`@_qW3pf=fjC zOX55uFA2L0uoUxyA`4%%{NQxzodOs*Xg2;?LHU4CC8{1KE|TI9yB_TsKhvaskJwLn zgKYz>Aa{ypm4LOf0~@4P`C!yzy+p?0v~`q$rt;#e>{LyTvf%!GN8tw&?^M%d*MzXj zq8*t$ad0pwWF~_ryJs%Zd zK%$?^4q8+iMH%+SgJ>6U+UBM6P)dyl8-yHSdvPKvRPysbzSqrYY< zU@NTDi>6;dnTi9`3Wc$!A2F4X+Gu3`oF2i3myD%y3AA~UpF63shE1<1>fQ?Zok7`4 zB6nK#?2`)bA%?wW_m1;HR&;L7gu#J5)J-jJ(>7@?%Nm5FO2@dik3yhkEQg-Uy+OUa z2>_n$nR;hoss_iAPWUId7w#>^-e(I9#Xnd!H0#BnhBk?%%3vDy+8Y`$FH`YT9~8^_ zjNJ%Aj8ug@gCdF=&3h%nG3v{`7xynNuUtfYL}TH+jI?oSImm!tVGA&JXAb_F)9w(o@qok729CDGcarNWjeo ze0yM_oj5txpHR5{q+H~Ka7Xd!;=uB2scy&;76B;+=t9x#!w;mFc__q6Jps_MHf|rQ zAN7#2t{!T+$e&CXlW`pa6;J5hqp4(p>kgdsoqhvCiH0H=eU-8obsYvmCF4mXG11oZ zs-%_T$58GhBXZIB$Irf6%ABrH_Q;m}Hr>2}T=0CGdjTeNxt=PEi^3VBcgiADVxZ6a zUK;z<6q-TDVfUbrX`+BqHV&q?b)R z{QbVy%jDpB=!2s<@BqO-Q%RJ_26JHo@yqPd!6cBIZz7mx8@351hbw#I$VoQm-BS_wFeq1JMxJn zUjE>miW?Pu;TGw^8@!x2#b zEAKtxQ2bCZe1YFco;#MS1KpGqKPxi7BkgmP=F3O#xiWlo;cJwscx5ivV!Fh-j$jnY zEUN2k4%)V?_N_xAT{h4PImK_`K@hwLcqdxUq!v{Mx^5Y-V*pk|p_utiLc|i4)*GR% zpKbE?1<~k&uJh#RB5|g@<{N#M09wg~HQK_hIK^A)+G=-dZj|L-jr>+P)*wK>fxlOR zN~-zy*_N=*5Y?g=VDW-H6p)7UTBENAer2;rZa~E%l%d37mcqF$d#*md*$3Ap;O*rf$Q8Z{V+U04j%~2W@WiO`NNAY8SKI-sd3~@S zwNbiaj6XF)G(5MYdUzlD3wtEAEBv<2vFOeW=&tGvU@E2-(0DQCjy&!Yj!KG>55Ty{ zr>1Cl1#;r>Nrv6BoMVM*S6&_diYY%>uYMEDEeI$9gL3gjS%mM}_PwKUI|eSPu)*m( z(~)>^#eQe%^S%CSvJR!WY6(Yl)-rR={t>J@poV*BL3ByE<>l z1Ys^$zf~rAWS>`X7_1v9h6zD>-}H!YM`cg}918dl(@Uq^zK&S^#rGKEJFx&_|Et4v zq6c?Ay8}8aEJZ68Lc!@z%r7}4)NCxy#vTEY{>>v$*=Bo?#s=@J6O_2`^cNImTQ1>Z zYe*37bkF(0W{Jt%W799m?H9M;C+cAjfraEx6hLzj!_W_C;il07po0~REh6oX#DHuT zEa|1o38-$03shfVHQTa4{a7iSnyJQ&fI!#P4s;#+05lAmJ2>@H&oVZtr$3vCBe5p zHrM&~IZNQI-3`P0#S(EL^BYulov+}140ifr*1fz7qbd-ff^#p_UZxJQwt+r$2pbCH zx4yxLumAQ@{78mIHwoBmfe|5C7HOdlfnEhmz4?+yyn_u5ydP~ZfK%z*7Yp`aesjU% zaYm+cpwbPp-$@5D%4sI;DZKOn2_n$BiPZU48~K5fimrbz^{ac@Zj0cBAs2RvJR;6X zxn=|4W#vfYn~=LF%JHB{u6uyqy?VgLFi-hF+He57j^!*ndEatkchnAz0FP>lF9^8O zup$=Adl|@c;Vrjvk6YW47b5Tsc)>3(Xk2r~62h4mUww}Wq>^nzXdkWkY64uUA$Ch z-)9tx+W}I?actI;h9ux?dqscS)TBzNCHTVTI3wZorI$Yid7VGqdk#3T zQ8j+$&s{r#7BTzGKZO6=!+X85q;~{XNs4*u7r{2fX%8U6x3Q)fNnq8rKobp|AuHaD zic=$g184s=jK2_M`1W1GT$TPHVhmu?0GJFZ9I#H{!P0_q;TF%1rWzA+9l);+PT*@` z=>`r<zd6QVNexU1SQ5Y?NRnu7eZLee2>+{S{8k)nsCjBDte;~+s z$TKLUDB#b=!@i&2+*7We!iBGgIAX|&ptHs>yvM8Hl$Jxe5NJAnfm<;s<7Et}EhF%z z=b+n<<@!B-K0tOs+am-6tdn6tMSFNQ@p5*Q+6MjhJgOH#uei3_`lpPbVTBtrM@h&S zH%UChhW%b;1J%>VHCeeWEjMzv@fS$`ezL~x-%QMc&;Y!K-PgO~ z%<3mrG2?ydWj?A9sd&|!Z59q1Yl zbU-fgduFi6^o6(qD%Q|s9E9dTv$`geP9<%l{5{FCtASdUJ}=;*?K>T3F>nI=AXWGF z7Zl6;(Lb=P-%>n9K2{LjiF{RhuwwBa`{;-dASKXwaqM(Lnip46SjSjOV?5T$7fv=J zR%$SsC`tGIw{%i4#r@kVRF8XVtgcL_MPVcP1fh!wtJ!R zRs(Cx&%k1+%8~6U)Qhcl!DSSizRwT1)F%A*6^knUda&L-SOYxS!S7^&Z}uXZ2Fkeb z;M5@$G`#{Naw2dj@RJnAF;v_};+cI41FEFaH>q%b1Yu(8n2W(bzDLcJ0PfBj0y4UD z$>U0KTF?aWWxPr&C*DO@{7k2S%W!sC)NUYT4I-iauFNAg4e94VxeZKQ(-gWciaN{W z6Lw^v)IHEEs4G{RaZf5Wxl^y)pp{l$?V~r|MOi;O01(db?0u(D!5(Gc$FQ&aFA$5E zpxRyZcIqe*un4q@ghm8UM)uV)Tl*Ouqm9X?ETR^=ZAhU45#oWuv5?_&7&v58k}+>l zKffgqk8)%d`c>U~MPB!&%3_o{=Xm!$`U)Yuh`o=|R~^=NCSg116`V+5|1O zhVO(tDeb&$lJ@21e}iovL5dHxGR=NRRVRSv{sJ!BaJeN~_se7roq)a}q-Y0(N>{F{X zyl(MFY16>@%^uKWwJ2Y4r`ND(Gv#md1RDwOXE)N;qylP%2f$q-a2K(m%l~~F9^oXw z8k51oHmibrI~OpdDa54u3Jav5I`v+}v{L^D-yQ@qEmu0+TFJJT4kGb5jAqGWdp$DD za`&wS>E5}l$2fRWf3h-8-0aCiH3!POAawOfSDep|vLH@zLzI4yU~d9Y(9XpWg#+w4 zBc6$p_(SVJ3odlU;{6qJ5$l}$9tSBJn;>RLCYDv}zMD=Na=vA&|AM6fz^^RrDBdK0 zndUW`E0FU6ZcKk)v^*fe=lKzr64;KPI|G^?p`OvEk!@H0vYtBV8)PQv|9%cvRCie0 z4zl;49iAPZ4PJhajjjm;z5(OPXrL!Izvr@Ccj zrG`R+cl$%UHd-SFW4$>+;EOa_bjGA$Aij+zBZ+h&M&je)L69)9)Uls}lMX@L5nPsN z1&%4xjCU)Cz$NoXh&+gwy@`t``T;n~(St+U$#S1l01~z4WkCnx0s~-=2qzaPmk%-b zDC)V`68JlV>7@ohq7WnkU;FtMfGrExr{LKHojbMst`ty!&vZ6J@i}5`L2pPu+!MF# zo~Jc~RMR@G(N}}yaMee6LR!#gSEJGOUS|bhMiW@>whd*zNfgjL%@`**?*ZZKc_fvnslb6QzcRff9q*0kQ4l~&O>)jpCR-S56Pc^3X;^{nl#r0 z_Nu%(EnKZ(*`eL-ScC%&cb>1j<(2^o$tv$`K-kd0mxSw77g<4ojx>m`Ceo!SljjkaWrOtem$_4nNfq=OA#*Enj znf#O)Q1V4AI&0Gr#@^kF|5Jg2!1FzI zU_=-qb25WLDpZkLIR|yOss8#~}|M_}`=6(o~y`7whby~`58$O3~dt`xPFz+{?Ky#tzjQkMw-0RRMZz`FP6dB3Ip;Oh1U*j!4i6Mf(n z*fty&q1`(04tha@1ioha!lK8-SKG6yVS@#N6)YtK+u$mf6x^tT5Gq++w}bIeCNzqb z$-GCk;vg~oUsZ#1UiHZ<8eM@77+4jYZiBN9NNaf+kiHN7SH4e>4@pzrod=-lCCBXk zKy=~!Hj+AkR4Yg&+0xX>vgqHPd(I1V6n1la%b0QZ(&?FY_x;hc^>^>cl1hhj!0*-& z`;9UvRK_kOKaRamcer0{^8obQcf%T(qc0b{tQZ{gvtLhsKC}QE50FG}p3Y&+lv0YV z74`s2MCP`XOaJ2DWMBz0Vu60ZCK!+9ER473Cx{GqTLdycLrK7e9!$ZKh~?h#v&@?J zi8H5R3(`1&y#aGn{ObUn5m2%XfD#V4Bu(Q$hsXsJ=SkQeFS-gq5#EE%m;)%&*OKz> zJ=R=E3qPhP@QLrpgztO$YNNTiOHDXS;Lrx#jn^lhZ0>%shg`;UUDm|eagYk^#x|EB zn*xn9V0`J?yxX9uW69tf3oovoMD(l0=wNy0aSTr|teNI{&k{reK?4fP7g7T_7btWx zaBKHqEq>j0oIO0jL;3&}E53AaHwQEi#fHw`jxT*fPFyd(Ehecs4K~eqO@2-$AUltokduHO;&Zqv?jF;-|wvRW#faj3qFNd~(VAzTe7 zs=+46XxGI69L_nfJ)6+ zS5r~%z#fM;e$%l%5-^fug)&@#&KNQV6wQ6!$Tip(0V}9>FW5(3pSbB(%(`~|-dbn7 zqazw55c-+2b0_}El-;A$Z&#W~I+J3u4^Xf)>x%)oRs^CYw(zU=(m|t&Yf6^+DX8hU zq>k^B6)qt3jbnriq#nkCM1b_%yy;%1<1Na?KdW|bpx2hZ^4GI72myGV7{qRU{F#q$ z1m@G}{Pu}%bwN{aBVqfjtCk4F7dap`5>)*#@bt#W0;S3~Ak9-zg^37t-wnK;i#t_+ zvA+Za#9rg@9=-Q5IVs2xk*pym=#J3egqFz>c_KL|SQ5$WLp>0Vc-jnje4cBYG^PMp z;dfnlh`>VcOe8NXXGz+vG@i9MeFxvb5(wrd7XN5=e!r4$oOl6b13wRfYfHVg=wVNZ z|12u{ROJdJZxJ)ia7DHz%#XHtk=XI|8f0)Cn@%`i+v&+=Cc$e_Vbdp=FFj>12Vb0g zV*xwUki0#X;FB1N*`KWs%z0%fg3PqRXdOCXi{3_OIX_GbjB(wxsG)=5ZvMGC(`E2W z-;SvaP~y&0lLYxA9k2$peDoMR%5CdC63Zl_50ICH@pHNWXUq;}#W71|`f~?A#v9Qf zGT_R_+P9Vm5A@-8OF2KA0=q;1b~P;LaAw|?!I)(55l|5czrWycfD&9h<=vpW?Wf!s zc;jVOs7w1JNm}2}N9qC_Hq1h}F>)m$27PHTEPL^@IgS8;0B)7-wsoAUPFRg zbTv@Ao!0|Ubgv*2>R_$Ksiw|Sgyx^;qI$z02v~Tj`%*~ zW@a_v3w{@UbYmun9rKh_;{{|INY?Kh#7|YWcuqIZke?o>@`YXA2&TY91}H@^aMXLc z)gC^k^o9ANHK5=)9#Xd?+7RPdw!Gj1(hn-xSwl|KT{D@<(zvA5ViPHDDzQ*G|6C(KgZc5?AzV`IF)DCc~U8&`%?yLUZ%k z+~baEMLi7a2;v?8#V0a>50vzDlIJ@dU&9>26U#Rk`vdta1-;{jVN)*g7{t-qWW&G> zS4dG)6Deq6+6vs~pXuP}h74-KM^<+uy znfvWmkeCAM!@SMnKRqJVq=V+w1&>IUT+hz{pnG@cNRed<6a^vjOD)Kg;c{>XgIPOV zC_7e>F`$p3!GB%(-O~MA&GBP5mhyC41q77`5}L0bygpW|C>np3o`8&wVRwE~ioW-$ zD_4c9n@R3=r^@_gOjJFx^=JAsww8b|=cFkIwjOM1IaYJGH(%tX3R)WjV;N2_%rP~d z;H{vE#C=xYjU|babNsk`i{a`L0YMo*^*vDjFMBmw%Yu0>o_TT*|xSch)w3HH}2pPdPmHKb(_G17PugoE8p zc`1Gjo}R6%MCkW{u7qf4Fr)aL(*p~t0M-uOh4$_N9x0UW4@vQQJoF}i84H}J>z-r&uqJ3Gpui_fLwI}NT852k)#P~m*j_tD*7 zNA(UlY5@8K%EW?({MS8R#xN!KS|hEmlK!2uJQXG4rX&S%hnHKXE$IN?Iw*VuKNiJY zV?#l?gu%~?0u0@9++}NXl56VyigVk&7YX<=(_mQKOpo%O7TdAWQ{Z~QD~lN^6KiI! zJDn-+sQ|(sv(W0yP}c_{xxXQ*a9s2z{xL4!h@w-bzi5_ z7QbRd3moDx4~ohFl9M{k@0Nx+IjnyruW9L%rhW||X~^v{*oag_@on9mX|et+4;Bft zV+IlN1d|`j`yNFc_v+>EDSs2w(~@-hd?bp#SF#XoDq(eO7|znJ7xVkU8)zu7r-KQ@ zeWI0{4)f*=`1OvaQGh<_8+=A78XC^uC?LSyniUchY*$ zdH}}2B2O-q;!i~kZbUs{fI{N*Le(z=&21J``PX0cEFPAa4tnN3p)8hVS@ago95)^e z=C4o+DM}1dcwWD>0u=3Dq+}!lEQGvcZs><(x7q(;K$iTG5}PKlE8#C4P`3mLd}(Ca zyB{>J`XBYBgn+J`5BlY;FsCI=1V>)DV$iZ7yDkN<2K%F2%+o-L(GSGj4u6d%8y5@P zntigRk!*0VoLnDa65m5$En|{MO+iWDa*4Vju6~YjJljLvr zYRt0w66a%D%;9qvYF}#uYY^X+Lf=^5(*)zaYTBvYoxol?Jpl;gv0xBvZu~o)Y90v{gWpDB^ir-+w5R z*7hP10RYFl=?i5?)PIs7p)v1b=|R-8Bh(>c?0G>~lLY`}LiD+xEKijNG1`7E-_t^k zsb`dU6;JE0JLU4(4^s+pNMq`Nqh@F_9Ou{T7ZGSuUn-s-Zb6BNG6)J5C=3Yl=0Efs zp+xHesk6@*(+`=@OMk&5uu&jkx)xxyp@s*Vvad_lK5HdO2H-H?Vxi;S!}{$rGzmXL z3t8u7(F6&0AoujK#4hi}6$2X2 z!nX6?B=0Nq&HSnJPtknALkj5dmczX!$z%ie16o_IMlASx#Lt3-yzXEw#QtylP#a0# zL6#34uq94A`K?rVHJX>-wtKZ1>A+4ldwGL6N{cG%Q;W#}Lfdb=6REcHy zo2pbzvx0}B`cv4mlg9=(2*y|)&i{P$=Gw3+6;n<$8&{E@+dzs73B(GJx$v}HGbi+Q zDQk+Mf=|Us;xg<2Ceen zhVt0^+@eJdO@o`HwAiJxTE5Y2aVyvlcWmYG9x7Cb&4bWToD+dU?SrZfrvB}MRwy1= z2)HO_4WTm%){VJVDj)PEnlmT}fI7`g6b`tVTn?xt4y6I;4>mn*fJVCYJHaJH9l2?* z(2a?IEqzc-!hiZd3Mnie5{y6IV2){m_5SNM*s-u$x({^GPs{VVXi~Y@w*NIFltIt) z-J}`;CI8(eUfqTdiy~80n1=87=BiLcp@2(%H(-#FoHruDP!g*SYVpNpMcl%2zq~?Gbq>iX~E_Gm+cFe z=0TP5xEJ-Qi>eg^k=d7?M%e3y*QiqBTBLydj;yk6bwa}SUb)KnL>Uvv|G$#!40Yq= z`}@ye7j`9vZEWGp4Wa}{$%F@!M>sTS7hC8Dmj4dzRwwd6TGfTg$n%hzD~bEJjrbuM zWbJlj{0Q=Bq6-yX{VkdaVi2v9%_+GLPkP|vk&`_L z_TVFAoFWH`yQAC(3G|xbgRmz6AJN2g2e2k^0EOKEM>n}w29bdk+n9*?H)tEg%2Q39 z^DkZJsAw6W0kYb`D!jUh*5DQphZ7Ew^yr=Qok4>@9-VBCq1|^{+xTrM70Q4L8}}NgBWO7elBZ%U`BNNFji{F$VBL1<~t%LU%E~wxzVjzNlVAxq`O6CeWMSOrovei@pI zC+AZ>>ZhkX7RYz`?hA5246sJ_K603N2JqvGOdcqhTXpwDMq+zGK@a5j`QtA2foK*= zlIpmDMwvE#2?@-;@~wET+f?07Vk9t%ckGk7d_96({^c>-@ReT12c&O25Tji2q@Ew3 z>q(g3efGi7bJ4-R{h<0!30!lsRi#CN22cEmo*#Z|pn(gzU!9%oz%~UNhPc%aJuY1# zOC!)Q0X6qjNODmqgWwx}D2gOpn1~u(?Dyf&4Jjq5;8J~Q~YVZ=WkOAZ$CI3uE07qk$SvFGRvbbXh zr~paE#{_|RIG&b+hrN%Oc%R3gA1G?X_J<(8{xgZ)Pv~yqDVR`FoJKv;=GK?qx_Aco zk)D;Ie}Oq4+p_vY;)gPVzeZOyDRVa9iQ&i7rG zq5m{aTy=ao*$e4#X?B+v*+~cy-vJAxS%5xLR>=ejsuL18n!-i!kPdd51X86TX@%B+8v<VSJjAyE?MHs-G2r=M@BCnVHa#LG%|`u- z>&^P663>e5s&O7~{Uhnjx*TJpDEyZYg3BPLAR=PO9b!y~nfUd+Rj<`wf7Ml~jJ(c! z&fd>{#pU{fkM7MXaO1aqfhp~Nc~rWKV+pd&WXo860e{?g2iSbcTwbCqL`LRG>Pqvc^W)WwZ@TQ}PI+kc&ZA(O zXP^7RDhUKvysc;RYuN0Og7lOm^8;~t)RMYgj1AMn9QQpvL8_NaM_(fP?0ws4!S7m^ z3j)9_eLQeF>MM+s$!Z$+JtjWi?hYwX%p$^F6v%IIB-#@$W8MOCgX!$X9YK!NE(i{| z?y66aO^Zj4kIlYj^N*q8x5Dh}_P0ZAC@N2k*Z_dnu8aczwR`z2km%8eMx=Qj{@kto zU4BIonN;vvZ_DCU;o)_TB)!MOGT6$Z%O0kuD&5z6#?|(Us!jw&x6jx2YI1Ku*_&H4 zZ}i#~nc&AEnUG{P0a0po4cWtZS3ISkyRBO7mn4t8 z)V}5Z?%LadPIC}FlfMG}r^s-g6|h;Zus=q$Z>?5`09EPIy0DaCtR`q!9_?e(FZv2( zb6^zyvA^vdA51#P0RO)S+jZi-;kCuMXbTPmoFf;Y)hm3jqIjcGpLa&QmpbN4aSW`= z50R>mlI`|KZqxSNaK&N~YtfCq5yFFR{iF}h6>n-&=Ko{|LGuKGciD!wo%Tky|Ab>V z@f!S5@(lqhhj<=!n*2LRac9>&s<;nIyfHtXPT$R{)Tc@=Ew2QBjI%BwcqnCoT!LDlMgL@-Hy1P8Y~7PKgwybNn<$^1d4R@l zJ#Ygk!=BPeJ@CjKPg{v~V$DvIF`7(G0t8i?((QdwfM$1)g5TSNW(w!GfP^(id&m;x z8ixPUjv$fNI8@+bJna`4#4;gM&d2#93{mI^1A=~zS4qrdU3#_#*nd^?B}1T!7ec59 zpVId8f@+;`tbea_QEqTPr$-A@12eYRd(BDXZ%J-zl!P+3-o$XC zjq36<@aVYSy}oT6i9=ti0~I68T)WM<|MCir0TjsJhWJgxgE~rgYtk3HCX)*&8;_+g z_Rn&J5jw zAnK3wTa51TdA^wF7s_e#9*?F(Y4p?_j9&DGaUW2BClOI>n1G{drE=vlO*E)#z^J^uR*FKHxcTN_?loylBfhDbzu(yc;2=A1 zjo#{~zyzxo2He~(c&Ozbo_}fY1=(DGdVRLNd%9M!sBR?jLwxreXz8^=w#}5fIB^Ed^!x9{J5f1o_ zcR7gN@6Fr7ha)5Ai~C~96X@^jRFUb81;y9z&NJS9neUF(&r`-S=44d<(Q1VbKaRItd(u zDW{!jOt(yrJy%;|+-6g`?!^nD8#knDwqx*oko<@8pkNCHqkTd-K0l;;f>glkm1~5v z`b{UQos0LIxYNgdu{ZOKpyuymrl1Yozj4^bB_ba@wG>+7^~*PP1jmZUQ?E5>x3c%q zgG#P6M`YEjsnP?vUN9CwpNl0ax1ykq`?iH*z83MM(Db&_m}+~1UY#Rs`# zF(+ikp~8m{6upsb8H7sL|MGS)vgXYo_$gWU+zv;pBu?mczn;=z6G%)^hCR! zJi*vK#!uAsj(_7f2>mwx0Cp@_`0crdVeqPw!;dL3h%K$&f}1h+UOu9zc89f7d_qSb zKWdnP9;2nzHG+GQa&08baTE6$KV9_hPOYb(S#Nx7^MdA(F(PZR59%%Wiy^;CHshVg z@5o)K;Mrb2O-+cg{`xHY`M7+HMCfwCIW?`cLu#9~Xmd0f2Yb?hb zrLiNzBJMKz)ljj`*Up_{5p490CN}xPQ%9!5roLU|wlc5%<+>GyTP1Z#PE)f;g9Un4 zLw0BX(!8|-C)qs&s=2I?-|2`yG;8{>F2&bvYHf!kAQXd0{K~2loc}KjzYwNJc#iE2 z!4o8lXPfhkh*vIO)`f_~ywbv7@%(Z{ak<(b$%gH{(05a>ykB3SME*|e3HYJ~gIQc3 zYw*IKKL(c2Dz)nw0gXLu&kK3o_vK;Bx3jG-l_Ba zc-dlR!WPItp!NygtVC)omx3qRESLSY@cS;)Si?Q!MUMILo7JXM1;@>+2Jo$$b9n3z z^Rw=?jcMO+H4sVD)~OSzm$Ey6PQysYAy_O~xH;Zwb@5Uqp7+h5*i;gUb>x?!+UYm)bU+IfL1S+bQ9(ySAiQbJ(8|zr;8Z zrhFr8-Me2xCYlb$Ct{u1Y|InIc;n4Ks1YAin>oW{Ss-!tA|>Hoi4V<x&=;+?vj2Y3f;ll(pLE0~mm%mKJmpRefJ%-`#j=`kDN~CqgEHvr5xQrUlQ(?PRMaW z%wpv3C!9nb=|k~R27JANQf*Rm^ELF)Htv(=v;ubv4(ha>mO>*8E)ms6>a zIGdAH6C4U_CL26VX1Pay?3NzE_qA>gUki%z`-pykxmZ&BdWud>4QowR-{AXr=qkh4 z+~If&cN&F2AEB`0XWg>Qgi}L9yf(_uZkR_-nh$Z2IJYd+z3}Id^>|s(%FjLu(rtbB z+ti1?s!S}ZvFCi>Oo4-v^Dd;u?Z zhUgRldLkV%f4? zydr`*a2*K_U4W-e$? zSZnO}=Xg%qENZWb#onOnEBL-d@z>sit4X%M@JKXAk@3HhFdhjjGDpmM^1Yqi9H*@zs%$05Id-xBxA$JiT68muj;d(HVLw0v!njPhin%o@psmjLGEj>}d$c^h|i8ODLZe zaaAMT0!Q3^&W^s>cq6onYloPueU+c82jzv3$^|4n5aCd$`N)>u+hJXpD=6I);)QEf zrisT*m^m`&T-W#B-F{x>&Z>2kGzs%Dft=Ngd!V?pcY1xU>^Tgj4G32p9s5mRcQW5h z)p#Ez35ABIRTK=E_`w@H%)Oe{((8VmnCi7uFW=jlBT12QW9Dp~4s?DPOxQmv5tG}+ z@T(E{J%Btutmdf@iyy+v?FkLY*sS+EbNOunjRYUTltvGcQ<|;K9M)ZgW=P?FwG~c> z9hf0tSTIccliQDK>6o3ihypyE=D7MbZHOMP$F&08Tt6m(5+N$~BY}A-R=)H+Cddu|7&`ea<+SMWi6lwFM~t5y zp=B0Y3n^qp0wdY193Ylto=vQ&QW#lx$`HyxrwMlBg$+K7yMw2S;Q>7yvwm^?L|7r* zxwJ^GA=#`{Scg@~LVskzY@ANIdARd`sg4)Q_r^qjPC|YRx3=`$tYQFe{KckyQ}HBv zyu6@1AfP>X^@=tM41xuA*OZ*Z&-}{3Yxd;si(lye_OZ_54Y}JV@Y3bC3=YZbpWPmPqkK^nI8$#p)g0*7{KQQi`H(g ziHZpL`t&-@(%ms&Jx&Dsh$vH<|7=G8_~qArb>1+!C))GDKOc|SF}@^n2N$X)^XU0; zW>yiI5o66SEMHx=KNvmjO`9q><4N4+(=z*?oN;!rg&;)l@^6uVx#$?*HG7JB_h<3P z^s0WWsslad5~9_|vZlZ?Sk4ER)F+0i%p>w+!Jwi!A9u5`AD|(j6lNZc5E9#sH7U>P zE2?yC{S6S!w7M(YJNrX6H=_?Z$ED*RhT9$-G#S_^xw%zr9a}e z9W3CO;nJ0(NyhU88(|q9UZqR; zRihv?bpS3t4?F{8CjAKRpl}Jb_mi?-xrE?VT#v|qU?e3eh~+&L75}U9hFpL6jk`cb zbaV_q3sa&k5Jsm)G_Zsdy=Z1m9eh1+l;?+B+;ouZMW&r zLi6`n)=!XWKU3yDvu*Dy%3qj+8D#y1X6@tN`iXzedYx=Ad6ECnx$4`C8AG~w`T`F> zevTkGTP312F1iZqq|gQ1TXBREQEETZHB;2EiNsWjx}S3Q=&&4Kz>2gvw6R6C5dJR_ zfBU-a4P!uE#V`GfY^?96ejKGjEA8t|Ie-W7-E}$0f)B>IR1Syu??OFhQ8@wIw3ql# z>KmJH$gDjpT|pz@Ve%`r2}wm%TJ;($X(7y*-RmmFixPELa%p@-Yu~Q5<6UnNdxrsv z_ux^3+5?8tg__wf>41jc-L8$*af+9GIoC0`$F1WHKG_$T7jOt4DMaBpYChep4}kC5 zlnj6^p%LL?5CmZ6w@@GMO?rm}0eMPu_Sx6Hr*Yw@;0CFU>NS~~&zE!5#M{wwht_aT z{c^>zD-SGSx-YQg{e1tWt~{g#oP*w8z0&sW*lEWo8< z1Mk0CQY+Wqk7HEo{IC+*gx_4A_unD6rZPSQ;U7!riVn}LeXI_9|Dx1sh;?hAvm@MN zntC+SHJ=0@sPCXmiol?$rygU`(?8cgPUm^>Y%$386L5SJ^(Aw5cT zW5jm#3W?!#rYd3+Pv_fBH+uligPMqMS^l}WD2TuT-5Zh^O`VC`@nnhnuBk3?rG z_W>|0_oIA{^Y`WicAp2Yy^XKvmhVR@lFmQI<8l2+LuwGYW52f3ncY9=$E?)9lI&lW zgT0j;zxi`-2FEpq(_NV4-%BUa54Z{;Y0L^SlO{^-a2>w~|MM{*6TEY|hP}{_(0M9+ z{*a?(-k$nYL+&Hbx{b?ScjJMa45?4>o1FV;`^;5NAHBWQbXr@DZ>{&GNyq?%@vEE` z`L=2E`GggW^@b0>SyWYy*d^Yu+lm>sIsJN_Qed2(~YGk(|3{H;5!HB_5SQY)WRYLcxI=_QI89(DsFD6-cKObhXnZ0YOK)x?NFV;XdN%Y=P@!@ zMFqbg`^}$xJLYm9XF7LFHi_L=xzV5TcLu2;VB$ANRQC5s<`H9N2bZx4^lTy??OikB zgW~;IlsPn0pyeLEK}(}3W1UaH0wmF3KyZ4O`gCPR^7d9lg4hyLiH=A;-Gb=N89=)g zPHBV1Z|jY(dzhhuPl|DLaEgQHela0?Fro_)%RtS$b?31FG6 zZzp)bcQIHcFl1SLIA6%Y5$fxje6j>n;57@%p7Z0TRz5}=Cy&b?`~%~8+|4Ic#o)sx3|9Am`D%YJbtG!CK;iNN$dH_PXE)-&=DmgwVyH7ynM}vPDtF3N96S zbYmq!uPlX`^x!Sbv?E=gAuc8G%XbH~H*{8e?HAsISE_t!Z5}!*Db72qXMDoS*2prF zdeP+NvBlc5$cAob>#1yC6}J zpN5UUQ{QLupuW{Fz-M^$fdNz9$+TkX(i>^GDr~XBdxi-aY2TH9BcNiz4~Nup^z%LL zkJ{gde0oL+y_sRMwvwdVjwdkY+98q zPT;8mckB1qz5gH}`*!ZdrLO%!Ttna_O8R>|0#IYlQIXr#>nJG<|1N)rN^1DCk*g~h z(faSreXZmD)#cCikgoLgqrku4nIwT^^GlfdhhN~Nb8)N9FTVr@iMUnR1qug)I=f?^ zQHLTpv2R1w4Q(52edO`!E4bedxY#c%P2<#-xBZ<-to`J^ny+ocyEJaF>wL7{c}U8Q z>*){Vy^RS+U0I84ZcoiP(_r~*2nu@^yclZaXWwLAYlG8$;QA}H#NZ)e<1~1u7Ex2?*--W83vg$ya4}hQ*o@`R&&}Xk!>*gE)>*6b(_p`7 zX3c%RhTR2#`@Kdb_vH}Z9v>y3gICHdC^gp)c@U~z5Emh)0wx?93|SHvX$&reJifZ` zY=0JwaG3t{W9Nx@9zR)*eSysXT?*_5x`}Ya`hffP9Br>hPhu6I-8x~Rm2*<0GFo$^ ztZA`3=aw7wH!5WjzVkwwHU9-E9JfQJ?56%MU*REo`o3UuP1&&&Nf8ZBrJF&1SkNSD z=lB7YFyjr*M&d&c8eHF=p7e+-h>(jpDrbCgyt;s9lhTvPv&y{NxC{p$shqX#bi5#KQU-@e3?{6JkLo-y$?D|?~1;~Mbezu4nz zeS`r2Ft^73)CuN@PX3Fz_wcUWiiJN}T*{8;eTjPQpJV-bLEiF&N(gnCEML_mzw?N% z+TQng0>EnD(LIkvO1YnvJo@oVdB_G-7N zP;sA%YmddZ1OI0~eIT1)v2_QVNOoKu-|$(0o()9Ys;iJ7BriEhN0vUhr8r}a7$MBJ zK+_?IyCLtNv+TOB-)zp%&^3JJI!FCwFv@wo#)AKpKFQv3&+M{}_BV0}#3veIOI?Q} zqF9=VHcLN%mpNtFZNMokqe7A(D&Jj-a!#qhW!hhav_G$gu4m8Xtsqmtq@Bka`wlja z0Xk4iic>Yc0aqCEj6n;Yb>gMDmC(R?|p-O5Cv<8 z+)NgSRBO^knsT>%mixsy3i}4Vi}^*BX!?2IkBDm=o(zqAypOE+y6K!N2v_1Iqy770 z)Wg%abW%VChFk8tA5AE$$lFh*v84KR5Z(}LjekgPK|iD*9w2dB^()NIe7MSl$DAMgnR9LCpA1>wXTDmh_c&m{@^02cF`ZkyLqDSVAkuf* zca1!=AHymW{`?s#mXp4)V0t4ZF1bq5-7^UCehV@Ae4cH`l*ijAQeI^LKG=xgLS-q3 z=!?|U8$i|c$s;gAvx<3$-!oWO^F9-xjd)gKlB>_xj4>JNgckmZ(g?MJ^e)URD zE2Ea`>H4uL^G3#Q{yAm~Sg^U6Mu{>G1dMyAu~FoF_`?8^ds$=tQ=t;a&Op`fKRJNK zd9d~m4oA8ESiJPMjud1i-@_GzL%kpjAxbLXSWIR`(i2isxl{y=R*1A)pRXak#)T%|aj(wf&m8Y>z)`LJ zv#Y6t*XC%~{yakd_&Bf_>U-1B8-6u#TfNZ}HoB$vi z@U1Vf7avhG`i}E_8TP{w!WLSSlK+Ue*PH#`lrLVM1q z%%-_My+_d15)nW~1Bhpf9APgHlHZ-#FG?C8EEueX)u8u>Re7*Cl#q8-{I~?JHiCiw z>i(&H4oK0!MH}P&0o{!B7uP(-QvLq6pUiFJ&hfs^eUg!jiR$3dx}-WL%(P+;Pv zuG!-l@RVLfrHDzgHt-HY+CDJj57=Og_SbT1ZQlCNAs1G4o5p6;_$KdOB=vN^E2_wq zWte@x0sd&DH&(!3g*RS-zyQ9(m#30#mcc!^yt_b=X2oc3ZwLH1p{ZqYJGrgPJJm6{ zW4^8R#4ynup2U55C(QZf0(bqFKRs?RS$b8acKa(=C;jnjU7fhvMRO%E71B#&ayQ1; zNqmq^yTr`t9K^Enjaxh7H`&|ApgXHr;HgZA%x~!CZ%|YEylIU~LU6wDW|;f&nizCc z;2a`0WP5Lld1Q)#KPkkPd1qM}pVf*Y1a}&ojq_emLYKb>fzLH|t*_Gpx*_cC0*r3K zR>oJFu{AvM!8=a?XsNKv6%O;jQ8p@>;UYjapMPImP!KlD5wD>Jf56#tXCyOeOkUx4 zs;FZ5M4tR{lY{5;Ms{871Zrtx_}snaD3R(QnVWrk^gp^mHXJAA?Va#SqsE}vP~Q*h zz53}djEm>Hj=y2`3)30~mv?K7JtvQ+jbZRAF0!U(KDRGBEAxx=NLj0q!J8*L7#MqL zY7WnK*lTCXQ1)x!MGkIGJR0iwrf=p|^UnJbC%m*b>`nSTDFcEU=3^cXE zD334oAjVndUrb848*@nCuRf51iQP}#C)vrNrCQRpRkUnk_*{B-__aeGI{i7pSNQXG zn~L;D=aDk$<#j@P_%9lI76Nh|!sFO)l;Z!kIslxr({lC-z2R4m^@49H z2z=`7IiwdQvK<0vgZVoZjp!vg8tNWPEAtHmFd%3xPT-9BzzPlR*L5SE<=l)Jf^ZWM zfjk_JGJP?c0@x55`Bdk_YX(V~D84{JI%N^&1p6-7e4s?!!>xBHx!BGH3dxFnt zfXm6TrG+jA_#8Onyoh+m1ZCie@d%_fbN|?FCXR10_7&q~Iy+HPK1Ifje4;;mqYkQY;sjY)NZmo_@!$*6N1H-Cy>#l)n~z)0{@f!OmpDeEPl}<2gx(mIQ;~OGXF4bEixHWsdw~ zPSEki+d!5EgYC;tJXiW{+4iafI}FF;<;7&;>pjo{d@FuX7w!D!{a-_U%=-gb4f{tD zmS^Yk@F88+)_q$LBawW&FA{>q5Tv9g2l?{la&K1O`yTc}h0Z0B%jJw%_`vjt6Lb9y z`!(d{Gi|-soR~#_F9+X_@SZ?d3rd}G+roEI+)wfSbLR8{5Qs^tyS(Ne`*R(&ch}2m zEs6*fsj?T$s?scm2dxEQb6-knIJAJ?ovCBg&iVd=gS&&(38(x+x}A^v)%e8MJtMvs z-Rbt!W&vrq(5oAP^@QGZ3SX1Y{Mc)l!~E>OQ<*OgC(=zHbJ_fI5-ZZ_MYqG!l0B2T z)(J_}vQa`1=*F;|n&;^oY@6c{cL+vmzqnq9{cOFd9TF@`|3!^w4DLsCveLbMe|_$I z_A(k~)8w7lRoY*IHT;vaU7XSqVSQ>>FqP`03sQ?bnKs5o!88!kxv#T7$b=ChgCoa3 z%Jj|qrS~I_-a4sYJpT(zWc-qK2!u0#MHVlpRCufn8xuL}z=gQA&B02hn`5(&QMtdP zr*RV+C>}1}m5#@|%^^IXP4?Ss7r$z!s-w~-Im0nn0+ezuo?NY7DkiNbMcj6$BXvxW zZ4$}8#85UKi`L+6YS->58^?|?9>ATkrYd}k4X3xODPw1kZ?K)>(UXA7R^BQ5ZLoo( zPu!#rpnC@-kkN(PW3zj`dX#Sg=-{`{6l7HXw?D7*&pm~dLXPT^Sih7$hU{XZtdqTB zy`dG+Bs88QitWo}q_5&m1n`66ne9uCt%>y^hRW%6C8Wg@+3Sc4kW8~j>XyQynNZ;szJQ?Y9jhZXu%4bQvcp5pk5$FpTiCp@>7#I51 za#tIGoQ9<`^X~MeP#QN4xgsabu}f^de%c5>$EDO8Jss!d*t`vHw-Vl8Ct=wu7I{3J z=YVV7v|sjv>GfDKuqUY-PV5^tnEOd>Q`Y^_hCMBJ(4psnKffPC8dF6TwaMj6KZ+xN zD@NRMbt@1GOY>b^c%Rj$HI9x;d#{S`wtq$)AnQ7UXH2+16H`sc;e>4zvtPse`zHsN zl?#acr*r9>uAb-OIr1hppQ>fcjwaQ#Pfym(!>23?rT~tv=@j0 zBk$5B?(17GT3?oVyu0=qE6EW)I0-JHYD77v1 z9{g`&Y>Q0&K+aIOwgU8(A+}3$N1rzPSeHp@8PnMb!(k4}mCP z)+*XUXlYvoCN3x2dHAw|vR;|H(x8wMLWJ%m!bV5J5LSs*(>b)5LG?xJjg^tZ&%ZK1~37QUEt2 z&L~Jgu>q*-xj+cIm#G$*WPN|{2FLQ@V}XuyIAu1>gnpa~K%LMQb#3Zjc#9NUO#LOI z0O`QpT=nG&|ErL}z#HR%;@MXTCv#Ur?yK!BoFLUqFy_$ow}ga}09q)u>~XDrV@b%E z{#z_EW^r|=#!0xZ0NwYlfFF2UlC4_i{p}T7{nwCkBro#IM1a|JW11NXh>eZrZ!wpz zQ}J}ANt?YHQ=Wb>qS2?}D~`=kcOX@;aGc7&!aDSqO7-;t@AGBh=i^r0KA`dkZ@(PY zLjaPHazVpqzx9#I8vz!1W}I7K)kjnalW?ATjadO3^~`f9u8vK=INSWJMqdARZt--NBX7R>6Riw8Ucty}uw0?OhUhrN^6Z zP&aRdVSLUx_j6<&P%1ClGnq{F+#;i>K8E1}(K^nJ*7KX$I~C3_&rCP@?{^J|y3|rF z6TKFAF2W6nUW&@*AV$8Hd&0IEsNmvPiw(HhMfY{2_mZOgk~K29_62ld*J7>Q+AF7z z5oP!1-Z}uu`@^}cE0Xk+0%@@@D?tihk8ykQ{`z>|`0Kgvdp}41xP*im$Y}W?yqx2v zmuCN>f-Ey_x$cM}@My}D-VzbH!?;Qc1_Sq5vL^d>bC^~I!!-l2RQ)rB@0d=T2kD(Z zlfs_H)eDmHfaIM}A%t(>yAN-?uUM;PFF3gS#a??~K^MQEO7iq%~2LZ56aMz2jaWUlHqTDIAyY2N^eaqh7!sMK{X zSzRo8|-)u0NaK2*EXduhIJUuIJX{b?d#g^UmYwjeWy z0)BL#{8_{^;!?oO>EckCra-m~RU^TAL1#3eOF!D&5y}*bf!a03-KFIjIEqqj{0oVF z>LXHg#-+OMD-)s2w35XLSx|@iv4CpL#B-W~OuwgL=3U_gt^fvay!|5X1`nY_bj!X= zzD!BFK8X1(2{G>5uUp2tR3LrX`}%ei_wwjq4i}A3&!>e=p!>GW?Qx>=ce!n9!M==I z#b^qFKDakddm`Rj^5^?Ag0Z5@_R({XY2>C_AdF1y4b1n;N!SZ{E~3Zeb)u z*gPu!cn!R+SqbXgllOK=6Bcrv{rTOAx70@@!BzXAY(?PJRQ&NQwC~M-icl{-k+Rhr z)SronM#sP2f6M*N+t-UgH^+3eZbjNWpTy<813BbFLLS^fLPXT7zdtSz-Dy5jqqrFP zZ`u2YIG*T0h_%s|*uYekfQ=|frEuIbxMO`UjR)54z~ErrK$Jcw1H1Y>$u;Y>+~5Hp z!QoQysbpoqCchDhl9~p*@v;-1sPP|s$z~D!h|5)jOqgr{P4WzYUZf~pY6;0FF+oZSjUugFH< zUIrlyf4>fn8BI>{dn?L)(>rm5(p}@(ZY67PXSTjvykC~-^9s+U?BP?^s%^j z0(U*VRe>O(>4sC``g%XPN1Eo^UejJv=i|0-!V7}REbeK;q3*XDQB2_o*jgk;y6uI3 zYtky@d{gWNvlO1rvR^EibeyDL2h7Dfmz{OKs{zjB6VlXA_s8R-F_bNwT+(`v95KdL0S-bvjt=WeA!1!I~{9>uY*H&r-YE$hODvfm<$v^!Xki z`P)GgN6~h{kg>7Lt)1O!PAbNR6jgtDpYq$&=?ljsj7eK~V}cDSMEnw8RjxwfgSd!w z8HY5RrX|KzsTO^j416g_D7I`v%xEY>L#mKQtFwJ(YL_$+q2;V3K>mGYx%lc3vr=?% z6czJO%~ej#%=s7?2Sc$B@pn>B^>XJQI7S7sLPRuV@$GLD=Ot~`;e!Lyw*otxpkGAe z?6uXyGV;!fr%z#=kYtVp9a|uLKc}U;Y85Q#FoA>0`>Sw5C>-9`F`l1xGfZ0ENd;&o z@qE2o_fY)oBY9l1G;DS+_j}J@+Lh0tv;wAaK5B~exMZ>D-LUvf6lbaNTYp4pPQttS zX&-m7);$PQYo+tF1;|kak_tEvUUdDNBU#H+?5?S0<`V0H8_NQr$YrF1M+CFRf$GznL~(dWWMSFOOMOQx*(Ainqm zSRcq@OSNz|k|;Db>Ro>8&pTSqlg*O^IjQOgQ$_tD#R$8E=J{g_TGiqn<{P$|U@E;* z=RAlftkx6OaKw@p34S1iYPk;oD`*Pi1r0Z~Ym_V{M z|9Dl?I$Vlfy>oi$3!;>6NCQj!2~l$4QE464-It*))?1Vj`mwPUC+1}Oa7mvCNIhPj zSW+Rftn2uRbomBj&GYGk-jj)}*6d5m`$4#03O}(Ymi=UCG>^-NcP5^|m-a-rAJ;A( zAt2kCA&@TUA$s6+EUq;BwY4vl)^w$DsY}J@W_}zfkwpO5*!$8|h;nG+SMAJ=cQ_6W@OzTtwjSWL^ zng@=vUKf5DE*Tl)*$K3cq=%;*gmnkH1S}%#uU8cBxGR*_V>hturS18xz-!~=FO0I+TUGK-PYSeOA?4ox0{L#vFI{AsBMqAgt zTk>1)a0wY4DjtSlw4^iupnujiZnD*0azNFsV94(IXK9``-M zr`S6T!p*KqBO?#i6OLGXo5JlX$Zy{0BX`6qmx0B7&v(wz-nd{H<-_fJ@(eLswp~$p zS~VtPeD2L7?;f z1Uc6Ac>;H%_=9)6nnwYHQ(=MvGj(aveNABhT(HrVf=r6=!@Td3(}-oY_0@0+QK ze`#=+^!@QRv^l;ZQJ7uu5b^vqihC9TqP^X)9L1Yh0EBMt(ni`R8V^qGAWta~bbi{X zkA&_+`-6KHL`8Ob(7kOmc6#YD0c(CjqUzBbHa~-d#ztfYQHLp z0e*b&9ao1esrH zC(h9sPS5LMIwsdOg6br90ZP50*iJ)qBh~)#Iok$CMNwduEo*vhsvw31=|PtLIBg&XF-p<oWswh9NBH!w;cszcuiT2a8{z?CEd7t&`T4dL!`#OlAXsX2*sm2Yi#r2W_nx(< zU)y;=$JIT)A4_40Mlr^L#O}4M-Slzr+OYsKEB@##H&l{^25?{FU(IE{Nq61uU_gOi za--NEzRlM@J55*BGWXrTK;F8JW<;1Ti`-F=eEM^PzmV{zR)@9}8+SWa)z&25d}#(A zAtZN(XwmT`2BBYdw3{|~+L57*`ccTX_s70{;B(ENv_jy`BKgSX*WLoXV7Bbu7^WBCxp zM1N61G``O&l{)I<`M1p4m|!7cIMbqey{VT!-mAg{iOZVq^5QR}31L8f2X1Q4(FWoq z4y3`|{3%%C=Z&^X ztQl~pEt|>5!;tm(^*(`}1tG%-5n)!(8o2?y0dm%Ap_FLjv zzPLiWZ(A2VU>FC z_KWj*+#6Fv>tZA${jc;~n*i}ih1@K>p`!i?5oa)JsB=AX;ELjS_J$CIQ+ZPfRt zYb75>=iJ_Q@%KKEenaW`&KJ(SHZ)t#-G7xe?LZ4U9|I{AH+{cazt(lPlYvxB=3efO zdRu;w3fGN&F3$}z>~mqmBKJJMuIn{p3#8F_q>AgWoM6^IcT1VuWdiibmaPlTghzmJ z`}ay&2+k*2LOu!x)Gl=zt4J~HQ@tHExpO%S60B{?Ao+pJK8v1^{5$i43idlD6b2He z{HH1V*t^;3h6Yxp(EKw5kyAHa9?(!w#$f*(jg{qaeLOBJHf#{9FF_S9A8A|Y=bj2a z1$Ls&S9PAxfZj+ltT}}B_koXvxfKtWrCF~0oSG^J?H~TM zIEg}-D(mhb-zBcaHEC9GM|RH>Erho}u8IMBPB!=OE zpRiL1x$E7#8f0A#`V*_3U|xQFgjrdJd(dDQ85Tg4u>p|y2!iwT@uzxOfZ%w7@ys4A z&UEp``u&OEVip*au8RA6xyx{GzlSN%Y~ZAgpXi}N7d{_Q2YxMl{v^KhJqeZH6Wt*q z66nheV>Fv8=W`XA`V9+$0#id5?sFo-m``!eC|Q~#d0AtNx~>B*)I2j8!>!R?Xb{_% z%0plpujtb%w!>7PBY3%@q)J9_QO-NMHyjD2t2f~l#ol+UoHZKFK0>k4ux-SqW$+FC zz27t*8nhptyw3q@mS1d%Q;_!N`HSEBVM}Uu7+WeE{|?4|X^?Gyypb6_yxar(gK;R7 z^(!%TI20@S1;g(cRf4J;zq-aAM3KCJ~Hcj?wk>j1T1s_&HuO+s@zu zI+2`8KC;!fQa}7XRM`KCzMC&onGG0TXFnd0D7{Q^$X~@58ld?ajW`JW-41pO;t!<^D^3t%r+ z596mOTN5Rf@49d9euw)*{fthy9U~g;RH8C=XAQ$~Pyx9r^oJHe-heb8+=0VA!fQ>< zEi!ew2S1d&=5uO;kHb)@IEPY%xCRs)x#&Smz0r8lI&be+unyTV>3;Eh$QrH z6vO^=X`bLmqkID17lLm<(oJKf1yrzl7*ZkyB`D7A>#Td=wk15=AnlE66||iM&8A{N z_(xsNz0Su#NI_*d^|z=IW{T6Uq;+6Cq3VJgTrWIBy*@=oJ*x-q`4&$5vQ??@RBX5& zURLh%O7KESjgP`c@)WGoS$Wv}vfc{tHVIXm{bn=ztC8l@OfkCsDSE#OC0e*^{S5_n z8wyGq#9kBY=Ak|&)c6E&CH}y(+9H|j?*~hIA1`5OV^-%@d7xFUvj?#_M$c^!QW=?B zn!4BWU3aT*8z9(Hob4N*jurVtHz6^e-#sG%Txg$Ml&rSXyJcPjU~tbkqr24+CgUnR z24;`z%S;`pF^Y78QMYgT;S#dB9i#46SUh$2G@3lr=GS5e4LyQNe5kV{)~h|5N#|af zGn1b}y zDY#F}8HFtz)BZj#=wPlwdQC#|?oJgfxFLTHKK-5L!iEJqmmM;|60?WifD@Ou!l1z4 zZ~E@hTD)g5UUWg~9oi>{8p-9tExvm;BRIqHvPMR%|FUnTKjvn$qBA<<-oIW|3D99& z=O?t)2nq;~o*K^>%lD;1^T-bkCrOeXVR;KU6BX*LcYK~<5g&w&PiRw}<^1SKHS<0! zu_GgeD(bh(na2n4rEhh#w9`r2;}osJLLeeTsAyk+5ac)VzB2<2uee`MRujV$`rt4b z1=tCk(OreW{c?e_la`U2e<+Py*LU+m!NJ|>=}V~6dSy{?LWMV!uXeZqBHVLs=*h!( zv#^`sh<+%h9N4%|X{=n;mp*L~Eacmg{rl&y5qYzv=;{u`36gqta?CZTvYb=5wiygj@u zM#iLkh)z~EMvn$_wpgvI4t<{`?rw~rtk*Zm(%kL>1U|I6X0DNMr}wlv{Zrz8_8s9Z zNu0dgC-SCDofgZ^=HEW)dI*!X4S(`~VK8N2C2XeD{D1Cg@#k zy+suByQHjN&C$BjGVnb}3SIj`ZTevX%EV#a5wGFo#vTmPbpvCwgEbptaHYQF;EhNL z-X+pc8VssGmFaSC9VGkyvL2Sx9s)ES?;R`OW)rcViR)cF!}K)F=h`uZ7Bhzk1{+DB ziyK-JnO=@H{Nu{`%DQ~8zv#)Wzs@8SBVN_wGCDv=DebC7CDN>l$Nq+dMj>|azh>DOeMoA)Bh$j*)7KShFZMQ3H z2^~}u$8L(1e6$+m_Rv2}#~Ssy?T1{2OM$Ox^ZC3&7x72O#{63&rwG55GNrA7@w^Bm z(*&dcJZ)6c+1Z_YeP74@gG&sizafxLh%%YS+PUphU>>)Oj0bgnO=F!4V4y-S!$XmVf&{(Rigq3{gJ&3?nLfGEA8C$$J{@9V z8?33Q(|enZ?u<}*g3>a@uy=EK)f2T97{ux9`x|2;kBT>}oFEwboo>|xA}s8;6p)uO zrj=TR=j)f01rqZ%^v!anCcR1eq+^wL8f+$aR7 z{jY@Z$7sl$sPd57qp>jA#+A%}fKSwC{ks&?$J*nKS-<4yP5uJnJ`=W} z!nf5IIbK+4dx#xizVc-~ zY9gHzBVSI&=X#5%)r+AJeEbN|R+nVmV>2BSn}TUX&4k~lEp3V!g8mQ)HT@6PaCIlZLQ9s@rZlK$hlk_$+~0c>M? zNs8wV%2GVKN2DP&as>7UAx4rEhPM05_{PWfru71@FIGIQ5;9}T9Q%MW5qcoVj)a0<3x^wpl{ z>_FwoeL8;*RQNz+8=6`1yyl7)x(=+%+eev>gAWD7f%?5U!8(4f(^kspLg3$DEfPlZ zWxPy@BX`G|9~bH4U91ZxmtDrm&gX22^ZDAf?0$bm=g1UKhxd_*Ua+n+_^LO?1BZS} zoL?F3IbhMfNb8vV5on_Ou#(&Cjv+J2V%~vV1hf4Br*a zv8)V0*VIw>JBb%S>tY+!uSK^<+$$aj>=sUlW5g?Y{F)0SGyM2yKvrEBQ{a|oj>a1m zKBUWIU)cZ?@2*EP|D5R9I#74w>d6jepME+fS#1d z(pslWE4VXzK@lDlm&5&vPqivpfU*O53UpWD_J#lCxRK*JPpk~n;B24;v-L%bY#G*; zZAIWT$mhzQ!r<>NxeHGU1+qJ~-qeqLeD?(h0{NwFEM3Ir5mXrZ#4(TGn(@f1v!@%# zs3{CPF+c%b!0YMH*8z|vd3(0vLwcP~dU8co2^NiBU?ryuVqGP_P+`iF;q@>^I;ux( zV;ah2+wdhw)rQ>ss=Y~r@;Ia=xETH7KZh`3^SKP?)lDe%bv*wKXVBZ-w1fYU%qj^VK3yrw@dVYY3)#EyP{s8rxXCDz5D|(7yCLS1j zE3)lcu$MYCMNc+*%1{_>q>SAij?+MCn9-@6YINv5`A2gu^vX$Ik+EaHar4K65VoTe zaaFx#>|2sVUTD(;S~L)yfaJFBnP`P_PxufHA32`QU)jD%|96ZU9X8nm&n!I<)vBL` zR7th*RevRBO|X1>ns9{Kh=%g@IdYgb@Uv2ZJts+=7^=70x64bL{_J29xp`k7Id zE-34KBl+3*V4G}I+hh3~wAw#`O2LsU zw@=?=4rt$EtA1-ZT#|#jXITaM!k_=J{9H1>RKWg^~CW|*~ z_`6PuK|PvROi{O7Fa+lSWy<4@qPTM`od>$yrC|>o`MrRS<^)I%T8b_#z@V`dp`FpW z6_T)jhL-Y8we^%dAsD>CuwL;B-~yN50n4;F@9aXw@blWOyy^}@;v(#JChrc*9W?+m zLZch-LAW6mR@{%s+8P}%1yi-o@teWr;fY3vD8AmFetcaD5v9dM5A_RN0rp^7AM>K;&>2)8FeNT=&w!cv5YdhP>^dL?u`80}Fw?gzpu zq15DYu&xAWpz%0)_GeZ6J+f$Kpz%A`tK*F~m_U@I<9Avs}ZXcfRrBv_D3$5w; zmxgJUQawal;e3_iRdh#@Cq>YI(6aK}Yl$3K6x}CEs20W01#&dx>j$0Qd$e)<{&f}( z`}O`jg_nkV>;nL;a(Tx#{fLl(bY;GK!6LQ5+M7(%a9K<(+OwZnMd52N9#B@ zfL6{#@li+ng=TA#-ETb9=M32AZZElUEBl4+us(i)sBaGBLM5EysVWy2B@IURm*#XMjK?T>bt)_eQe^4Eo97@! zhLcg}E_@-|VDFK~Xnvxvw(#|HjZWu7Dxj;nPJ(x*7uS7d{OqZ3TZ^B2Jd4+N zR-oe04I6u+SN=&v)WDVu#R&5yI;X8%{IrWBPv`tpB;NUz(gJkM<8(c}WtPy`>4w-C zeOgwt4AjPC)g7Bg(z;WM%pR9PkSO7Lfo692$s>O+?!k54ZmXYn+qc(#YK3K0&s;e;9`gJbX{naD0%-yK)y5 zpCVjpwgZgIg*Vq1(B;K&8^gh7*!V0kADQ-sJ>8Uk{*Plw{r0guD4N{Ic7p~+I4%q0 z8N-_O(o~GZlBZjHX2?uhwpgl zk!+V=f2vz<9%L(>WIsY}NyF!)cvJh1p2*g%#f%w8W1_2&e4U$iX(`5`anSwNV-3*H zJOq5IN3hhkg)~F=C*KMhG&L`<&|@cCd5H9Um7dRvt_6Q9#mgUqMkdbT*DBRzwKzb; zgI(nh5W)UoOUnk=Q6)5aP_!=5CY(N_HFa#XKLsuH8*mN_y1O7GniZafX1 z+!r9$bb>_E$WU5PQ89rJY3F0xp*-3=GKM$aVEsT9U-Jg650sIiJteP?q50>;g>ECOc7UI%um#Q$644na{Ql z&CpP3xs9(WnvL7M9L9}K_}Ay2KCr!G&im*U%;f3rZI1{{?)xN(y9hsQ%Rrc)LBr6F7 z&9e;tKorp(ZT;kf4PSOeB?zQ%?z8t|Xzg?}f>TheCJZ7XT7_*ei4HIzwC=#OoJwz1 z=i7yEsgq(0?U2#O$yoBB0=*yx*5u$f=RI`Gjq6yJM>BlF9BhT<;!6v~&w=5ED;jVE z6}pf6>TXW_71i#KA66XG;#QCQLVByo1M_S;7}_+-z56t&Wk-R%93{=_y>v$dD8LPe zn=`FcK)Cz*0)E@KI}o#TK|g}yY>bblmWjYKL;3PYCU-jtymg<4hUm=1d0-%2AYCZ*cpOC8{)^(yJJSoEF2f5Fz5y0t_TiwGXx2Z_=U~FJPs%R z)M87-q~n^{b@zPTgG_E;KUIf&hB1wA1BR)^>_q2tRc?Xy3$h+9%rF%uQG5{Y5(P_Ibbo*wk?atn~R zOpH9Qn(hTN|g>@JR*1jtE^A1;Czj}K>r(IKv*c>iTb$$f!8x)$#j z^t7Zr_-A>K+tiQ$7>Fwdsv?~8`Si#MQ69|T9G=u|55dNWL=ON0uMwsR7A#aww1Qg9 zwqVInf^jz-Rk+H1xj^aCGrZxXixM)!Kt;w)e%!^^gF5bu7>wOO6@?SpciV!uq}{J| zCdxNyt5a!9*ayM(GpPNwz9iitjyyO)9JRYwT8KUEn1nbYsqSyNc{w{NT|FQmHYNf9{FCIIdC1&GfuN!Mqg)y%@ z&O@aETpj+lokR>#*vCU**y3W2^tP-g$vw3Utyy4Q-Mljj0C}~TOt=1{ab$VFe?||(hRLs|z#8YDsnr##TG)7@2BMIerS)bRB_%&@R*hb>3!6iQRxg+d$&VB49(AmgAa6M}c z&8*ouyhJq#yS(l6JI2*hvNJS=7`~c<7=+gh-bGPZLv;y}W%H~x*{`1YdSD6KuPD3k zO~dzw8~|jz^G$|1JZ@Rr$V~(<2ce;a#5YGRTZLSzGm@>=I%o%lkOQ$ zuKq!ilTG)5@xfmBWpoR6_U(E6CXsg5m)E)x&~P*@UxeCC5GMMI9&cv2Bw%Ez$X|vp zdSjy09Bp# z07ik@{Jbf*wQ&wI2LEhyGb z5xhN1OzioF=-1@dn?E|nUh$w09Mq3^%))0WzTrUj;uaZkSOUzT@}#NeU{%pDIA8me z-ycknZ-4fc(}=8{89+(&e!JdO-_Q{jtUnJHEx+da7GPNDA<2~H-g$UAw*Y8f+ijQN zF7k_K_Wjv{8$$NO+t}0*udH6wi(dtgRsJ{v^*f*8$}OEQaj9PRX|Y+|N+erIr^xc7 zX<9R^y3`NQ)a3X0MrN0_X8FS>n1L*A8mhkrFj}y^C_LU>HaaofS>e4@*2d21t`Eb% zL)zE9?{8vyt(2m%!5*%krBBxS;9#YLejXn(bnD4DV_pS#xc2^}*v})kj2~iq_ot(; zqq*d5XPuS3I0-O2KY?{a28eP?af#Bwi{+5mwwklxWKBx~XH^0l)+ccWSIWNoAKcPhfBaH?bG^goWlwqQU^4a~FkS&tB60dtSEPQW5 z(|q&wH6B7utx~RO;d1-hdTfqF15nqREbOnw%*h*+NV?tbioqQNl(7vOP+rM69}^qK z7j4D|PlEr0%f0!5s&Px4ta*ZQk^d`SW3-~ji6W@=0U+yv`LSk$%@Cx7W&8Qdk>`WL zwx=a%z47{Ovwk;TjNmL(g{7X7=xb!s7EJdse8RJNF(Ab^!#*WG^3@K|CI=tg8WDmB zRJhMksO1Qi;~Y|ld}uMtry#fdXg^F}^*#&Yh2bD@+?Yyhs*XtrPDab>{|DGVJ&B6Z zE&9XyIZg;2&-NVo?|V>wSNwVxf+@<=w1nd)t3tBa6G@2D*s6LK-D2XW3%N1!vE>it z%YTOnpEA}b?Y<}dHq=+C$t+(#!(S>J0yP`J)OI95-PO}IP2u(?JcSgsb#R`joMbCF z$7RPW@a*GbUn-L9aJVXGMK;dZpLrI0c`kA7-Hza3Ou8PI*+gF3y{0ByFgZg-2c-#bgVy*rX;K1s4tDCoE@^6i2M0+ z-{l5Fi4l|j6}};-O@JPfJZMkOf@fPp zCHvn0rgL)0nNk`~Ey}eAlJ@KC3G{=P{rEn{^};V!7Po;p|Im~qo;{$y3|n++v~Iu8 zmp$2|OY&vcXer0FCojagdXU-!y?f8TFwKrm-+Dp36Mc{zbx-xW&+9K<^SJC^k1D9l zgT4=@S9nlM>K8}a9(~mB%VmUjXW~KrBt+%kNBRiN-|BA{ z@E{(=X+Dzeky^;+x>}3_rdVZ{>3Lj2^a(JGsWRYiSOpP}LABhH&-nvw>m}z;)QQa` z{j~m8E&w=v)V&y;UMpb5`}w#8Wfv>I+O8RagCwUy{o^x^MDIP3(N@C8V``dfoPfxJ z;e<=@gXb-pwXB~VtAgs_7+*h8h(~`f!Dqg6i*XJhNrwsxdJ8-XlFt%FOWF$a{By!BD5mPgu3>Z;XgXahdQdsibKUL`0ZfUVX@! z;T;zyaW9?_q#$S37t;&KW3{Q0WL|DLa(2ahnH}N(^+EO=M>#>0`+NxpgfHgc!Y{eg zb97NSP&M4rnBX7v`LrRM%(9<09WtTy!gkohn0CCa%2784G z7OgR-_}_^v&mX}7yq|&T8>b5Kg(Qp{7ai9ZMcg{Id%<@R7xhR(8F~a|qE&q^F;9~b zF7y@nn$TX#EM<^Mx;{$%9Ii;XE3|j6)}hB31@n;Hqnt~Xs?RR*pL7F&T=4!F!;`-C zA86}e@gq(^-NfGwR65Zty?jp!LtJeuP{b*Mi-s`yw>a2M$vt(7jc^%1;$16dRQqg4Zwi@k0UaDLYW1^e_TMYQa1pyb|3&ipJ`=Lo z8^`?e=7Q6CdkxY3)jwdO@$|f#0rE6?-qJw;g4Ms2eK{6qN(Fx2cbw;8uVE53P&+?l zW$dc$0IrbcN3I`#1Yxsg(JzccxqyJ$l9^nl1xa^S`9z-L;&r7Uy2Bc!WwsBPx04i_ z`x}3ZUhkbfGZu2TM0lel{YZ4&nL=fMKxvjKS@XTzTQK!;27j!OHQML);5$!L z?7wQLD$t6fE-ZrbI{oE|YkZ_sRdPG#PIqrwiKMN^N z#UJ13`T4AykJI`Z#ssB21Nm{dUNQq~&8lHWQ1%^+LNGEQ6zyk0hYWDZzV^+-54uTJ znRx>;>q2AGL2MrxphLE3IZEHM@Q{mVKy&9Gilbpr_3Cdv}QHeTJcpS<1<@_6KK6{cWL*B)cY`t|D~+xtqE z8r$a*EMrCJ$<}F{LC-Y7S;$m?c9A$2MCX)Ty%OLIBQr@KHCz>UmRKK z5u5{{i*K!dz_(9X>M73yfzZSm~+SZ%aHo7-p}rfA@V>dEB%H zzKFlsQ^GV5Z8p4sECaIF;ScqYSo(Ya0IsDx*zRN4cgJ_-9oeK9qY?u0b{E8s$%a~3l)KzlN09e zd0d^x1NWBrR3_Of=x{bWLCV}vx(8OA6!8s@kz3h1FnGnc?Z{2rx|c4}II~GiqNGUI z&P=CI^`PB?N~)j7Utzi3!vMB3X$cBGoVPUHYG5>)2_d2KD7;1s`?kRMlPYW%ZqRq3 zg8tMBf(fik`-Al}Tt4it7haGca?b;LpR6kyc57uQ;<|sU2-Hx3U<5CHl z;a2WD48U;ThthA&YIyuCgS!+L)j4|9AwUv8tzW44O}HnzaH)FX zTdJ0z*+_sa?Z!gl7bE#O8<&>+*7Wy}fY7fAieK!ph>O=UhGo z|B_}R<@~Q_Jhh! z!FhX#Dm}I9G13TDz1fC#K(WV$Gq`hjrHTpue)fczjb;*VA7=g@T7knSAY=ArJW`nO zOYuq4Jo+>9_c`1CQu0ZqxTm@-C|5<=jn@Lq(4tDlHI?f7LR^tSX)`ARo(X{yvTYZ( zQy4jYGOB4qQbv`yzw!ge%g<1L{A;_I)}*`?Wo>}PVQ z0i(*W%P%8(6UAw?mc+Yy&Ei z3y<k{nGq-;(_!FYI?`|~;4siTUboaRI^9&`O zexfCydprdg?(r1@kpjVx5_zKG!`uUsto(dQnp!^W$}$=>4gne1V6EEA_GXZ7Zp|e) zZD|F>(T8>47v_j9pTg|-s-M1ndahB-Y;i)zbqrs z9N@H%S$;(JFAp6MS$)ydE`k>K#{JV{i@d=Uvi1);cj$fON;P-Dizv{ZebDrTg#x?l zR67{)he9bv%EJ?T)(QJ|$Z43deX>ewTt*$uIrGx+cNV zW)-1+&7xU21v?`3d)%O>{_R_as6Xu=RsBU35MPDza?0fB^*!JCeYecWWZ9ly{wMKl z)`H1(MZdYnNd1LM7sv06v0$qMak9&P+@#lH1KfmDK^*}6zya{BmeS}&KE@8JDWo&H z#~(6x7j)_#~Yl%JD(cJ`SDlo)PpYzSr^m?U!p!`8SlE6 zEcYXQa6i!}XH&>u`=Ev|kqT_qq*PH!{1xxR`_`1(&S2Z)(M`z6QFH}+n zJ`pJr!0(qw+d7@}q>_jExywg1>*|HPn9@XaIq|i&q(^Hoc@NwpQu2E1gC8ANee;+X zhPqZt!N2L^{k`pqEexmTa?%gMp^Oib>pDjbzw~~Lc7KKM|C53V?lwH4tAd$}8QI}s zarMsWCztwgSdEmE*sg1jwyZ=Jll18z3z!jjuPD~vZqwyQ?kfeo&q9l+amoJ8wsGM% z$(Tz?96vdfD2=jJTF*3Co6>n3qk>PLW-W4XD{_uAj83KGyM7KNcB~e67b46%;>z5W zBVWUM0r{89$69|9^tK*dogS6T8>jq6^t9scnk*`uPj`&1K6V$PtOtmZQQGw zy9Z~b9*^JaaiJgYsqbobj`yvK*S%}al+P_Z;Lk{oPo=fY4xA^9G$!-(dY$9=cQUtF z`Rmlm_gmWdk#U)Gh`n&*D%YlJfn>iFk29TEuOiq^@lBR{9*x@`fqk0TI%kl^sD4^t z@`x8X-iyQGRdOuvPe-$Wv8?*rLwR%Ij6u-8XvIG;AU7>B=ky_aDc?HZm5wR|0?O-$ zpLIn?*+NO?vY`pPZQc;XW<@U**xleTRxE9zSJjx=GHy=y4TGMM^t?QSh(-IUbf~`A z&Z#lxuGgeHvDff8p=}3VsT@m#89G>u6&EjrED(LTyMUN6Q zFe!(Nq3m{qrvg)msDw8Nu36?Iox_fwGN&y_bpNrVDAMSOWMCK(g=HDT*UntPG>b3$ zMoC!oJHs>2!4b>4#r4-v@v~NsIeNQ6~$ec45G`pFH8N@+pg?I>!p6@SrV% zoJsnWo}jy52_){yE_Tmi0Xz2Y&oiH!xp` zFnx^bI^^KD0L;&mg2+=fJUICMBx7;8m-|IIQ=IMYTU!pZt>V-8fJBx(HS^<1U|NUk zYbQK;x^pPr*_RJ=Oq2#?6i1$LPwo5TvMRY>!y=zm?vl)x3{h0Rqr34-l{-at2~~_7 zj(d0l-#pyS^0E5Vgp96nZjW>}?vZ^Zhi6Ty`ck?sNLx#R8j`_va3l8QM7zK7e2stf zeoVjrg*+uW_D$mQ70D8*joH#l zzvIhoG|&LX%_do9bd{gKFB2y$I{todISw%~l~r~?8Ry=PBVS&1cM2If@i-S zqz51Hz#uE(dqzW`Cr#EqKd@8LaX*0oLhn%IwHDk~A%j#d?G_K?Gr2T1ALWI`-SoS; zXG*eZAEn^G6g(#JEaa!pWbCVI=u48ZuiAsh35&DB5&)ss&+<`ID`$95%7Q(BV@YAE z#M4hFlgnUAiEmAEKa=B*1W_pGlg#^Wr3%h(zVzylIu(6tG+`Uw7D-M3U$!p4Z2M4w zsh+y*QZ{f%xLm#}@6!(m4snpM3Yzm@3GqQqR=(f5#$29k^Dj|)z>r2NKp?qv%88id zi2c&qG*2>TofMxni4-l)AP{5q2vWCYlJuIkPZBo4z!8hZjE@b1Igu`2>jO64y#U?2 z=-9onVEXld>pXCyieplgMizy)QXUTXr0Nycie7$-UX9JeN66`O@hpchl6gr|M>MAg zciRk;U_vFj??cNG3{o{Cn4}uc-Iep3FC@T~3UA;XfA6)Dc8s`q^5Yjs{(GCzPDYKQaVi9!*cu>HXXx zetbxuQU*AU&+xPRTHNvXt^4XNT~*jcW!dtP?MuWHgt5xnO$*Mg0b~M42%RuHyK?L_^`IY~ z38_CrGvR2-wIK(7;^TcAXVqrSt4@mvVFxi!CP^SV%9q?*k$|j%Am9fm6R5 z9L;u3t}>5KV>eGCIk;#pAG#5It7TRnT!QM3MTPIKt}3FuEgOCF>pSy92PuTA!Dxyc z&j&ZG(4XVj4TxhnipS~!tQ@SL{2nAHw|{TyWD6!;80X9Y^a}Hp7!s;@&E9KAJ>B#3 z#o4C(ySJFm0$sqgOc#6LFX}T+u7hHm-e(B>W<#eozC>RqgQ#wg7?>M#!_ZgyeOh{5 zCZ(_aWowOh6vk&j7^_BoYSzIxRkOCOcl+Iaap zN8(5YGq*Spf&5GNzz1BkOY@Fjk~>>i`;fv=6f2GHd!A`PY5$g73|254W_{ZC1%@ph zp3yZmm-5R|RTFvj+($gNn<pN2h7Tg~Akg?4Q#XbsJg-M%dH8m}^5k|bU(kq8cAdz{f?ul(Q9Kup`LTiR zFb)R541A&RjnuDl_Ookk4%Pg@zGTeTzn-mZ=|>|sSxOydN*atvl!qKZXzw->DRn{z z8wGdc2ceqI==WSPz50C-N5!r`vdp$h*XxA%Y1Y4F=U$Kk#5==w*sE7qFQE$J@8-#|_Gz5H)<|*_`h1c5YwGG@wI5Xdw7VYSvbShN-3e*4hBM)-dGD`3X?mOq za$_+ID7}6YeQvE#sDl)eu&}@C6E=LEFH1q|yU&%Aes_AFQ^(CU(1h4@uqIl5&>#Q{djY6 zuif#)4iSs%B6;`p`f%Pi)&{EGJcfQaU2w{%c7)0@=G)@^*Umq`2Bul5##Z(7@h(SkUjdW4uO2a%PofsDFDm62MZhX<$Ct{;8@1r z1MdeGK!7$W8eh0!t@jtlG9{?jTbgTYu5Agt&74=D!Mv@$DOWt6EOeCkhwu85`tdue zurF}fcc1(1THhrKMgAc7Dts((Gi#B!jBjv$FT10valy9;!IxMVuq@eU@gf<#ZX|q9 zRm`nxqHN7R;lGfsF6OIYvMsAKpL zRr9m-xMG?}N@llfg~Q!!P%VF2(7SEzF|K z-H*lkRNJ|$;aRijA*MoO8op=2bv>oUirvpBBq4SY*KahuZ-eI>rTRD&!iR#G)#XSw#9#LV61La^?bytUwU`zZ{Kx5N+A>5d`^Xj@Z)}py2Q_wEu<{n$NE3gU_CWKc2TkOzniC3!`U*kt5$~4* zz~31T!AO}rq%B@_GOlc%yI6=>Wq!&od{ewJ@;Ii9#3~AsxEx)1L^*icp=TBvdnz&@(}Mv8mMV zz3C%99d_e!9!Z|?6zjvBe4pY@4#B$W^Zc!7%cPQ)2F6;TrR$Hr?rA!c{|gOD$+)Nx z6(7&>6)3u|uqBjy)GiGTmXoT($d&MYjXDE4k3TwJx4tq^pg(ncGra;9ATdkCt9gC| zw6Sq#R953dF{aZPQ@vi@v9tIX#Y+PxO~cLbJ3I9Lw$TmI+;tDPrWj+2DELQOoS2ab z)fKv4t$q9QSC$b>D-_B=#uSTwAvM+^LsJKKuA<<2&PU(RX!2T7JQDj_VZR$u#iL61 z7N5pc{UhnRwiMO2=r2hUc$6p-B%{2Ef|4Xi{`#I&-%rfUSYZa%X{PBV15(!B zroPwjjohunWATprwANvQT&bmaIiB{lYS(i_>$9J^D!%l%n&?!#zEgKN(ZGq%!_U1vFImy>*A}_Cl1b9!MZlwIsnw9HYKBVvY-NQh; zf~{t7Kw%Y$`1f%q%OfQ8yB2s1DEP3S@Mjn6hv9LTg-l4qLYSuhJM0RS%6{ipyF1!Cg+5(v{$^gyl~0(R ziM@v0Z+0tN_ry5t4_}#{UdfsJ+|FTj=Mx2~)?Y+t|Du@Gg%IQQS9|*aHqTWMVXKkO zPp3G^&u3$udBK0A%K4{!kJ?u)7n?NV5YZ<2XAxF{^0vII3C0H<{H@ka<$nO#G$`mH=>+;K-@34EPr-{1ZAoS^>$Lp&#uezm?$d&O0Qdiv=U zwDupZ*O#Q`8B((VYjjgc_%Yoi>hRH4{fKgI?iK}h98e|B9|c&X5THWxd=M)XYOIs) z!y)o_yoC?4h81GBDArYM!7Q=ReBy8N)41*%Jbu7;?j-qPl;4jm!U16El|N*LPTAWJ zwemO&55eqLTnOmAP<5Zjy9cHFJ89_a}mmhVsf=2k3yM(mjEkJfk(9Y=c-!SSyVcEPhu~-Wg_yjxe zAigG#6Z@mfiO2w}U(6S@@p4d}>eHf`-Ug>j-O_MO)Q9kI--%T=hetKE>6A_6V`z5k`1d zsv_A&4lx)~Ofh`V8&T}@{Mi>?Z{KO?(Vbg| zA=u&^+LKWDH_QF_v^+Eiucc<*|BUC)%nBD6VA3xds@II#FinPb7H1^dQDzB`3lWFL z`+iY!IPPCZ68+c}%8>XI9tiI9%X1uW#2KNG*ZWUul9fl<`AEOQp^gNg!K8aHPgjDn zzjTO#F(Yl)6f)@9@f6Mie?;%$cOptXa0UkoOX>G~zqhc&c$)`uA5QCuDoZ93L~4^V z46!kHTySr<1MGgj)twEekHVKP;lbpmtSf+)lmbK{$`+|V=wnjA3$?I4wK9NXN4sxs z;>8Bktd{sym?tfywDCCZ194BeKBqDDk8R#iAItcZ@e4|%@c4^NCa{hJ1b!Zlu?zqh zK?APU6kkyu5M`ZEGeV8EKEH}Xwmgoj=Z@d&K#1)q-w0(DXzIF%-h`|YpRrI(qIaT) zWkfMlwt5^SNUwQjdx-`4q`rr$wzBV*C@FWjB)w~`{&^;HIDAfQGn9994*?3c37 zipgYuXXSY7>MlNMPHcnpT{#`h4$#0SBd_3fpcJNU!E0ZSZ8f$=IBxZOPw8=}l1@O( z{K8f{(*{gh`^-S>gU?kh3?+M1jQ2y`t7QU_@56n9ogV&>HXB|4o{*jwKDFFu-~Wu8 z!~X)hxefLp9p~FAS4F6&S(L7QCBYuc2-v2h%sbXibr@gB$wC}|)C-`|qpD2x6h8J3 zI2lVNRBUMF>7}vPr!JlWKy%b3Z`nJ6K5g$%+a89$3x-&J7W;l(w;k4?9B!)B5K3aj ztgLS;DT?KJTTDJ1xYlWp??rwP{rm##0=Tj;xGKqHTKtxalyiIUI5Sqqu8RLia?U(u(k||LvqD_iM zc=TFx4v@YHU6LiBkD60aM`U(H#`A#R5W%Ey=geXH>61t^zO8M$OUgbS|*r&30KQE6@uv)g*(ngNH6r8aV~t4nVW~pU5wOla+zaSH!e(2 zYGuBZx8HRifvwd6K(Sry_`~(a=XKyVz{dWhcw>SjVt1KbrCJjd>-wW1@1dAGFq!zf zUkD2h6d^j}!D>>p|LMZ9mLb@IAg#dOzaUlwvO>)(3_~M15)lF&_}h-IkmU>yNl5yf8^fC}l36AFyg&ck z-jqG+f$+3W=g)Y??}xl}g!H!=s2dXx`c(xy%xq6UQsC;tG0Z@bAB&?x2vh%{r`4FU zC9zF#(fisK_<4390RPp;PZA;Qqt2?*o8HctQEWA%W?vUS*7v(m!M=p_a<~NUuX#n= zn}fvJ1%T3|lM`{-Q@(H3kXd<%*EsIj6s_z3Nuv$nDHe)?vs=4ZW9x2CW zEgx5@+gGTQG`^u7PQ`-zv*OqIWXNyR7ek8v9c^1g#H6iBszEO`cz)&vD476^o)F!YBGuafncr z)t}OpBOWUQFAK;~V~{EmLK`9Y=9jx?Qn#`KYA#CfI1G|rsHQEA``RlB`<}4>8$4-~ zs9_;=`3QL|MfJV1llS&{j?CF*k;oj|3{D^HF8WA&Su&*Vqa^d92!%WOB#ogv*CTdmPE9KL7X@_$N^_o2g3RtSB`F&Bju-Vx;hnvlQ`7fL6KpETE>(P>V6k_yB+-&2GOwoHsa=dTU|w=zx`%!RMUPR56;bx zbI*Op{TT0RWjW)hcM-BKhNf%et6%!(>_Nx4y+APOcZ%*ap8qJJ_bEG-O;M^9nvR$C{SSuhik%KK2J~wjx{hvVz-y1eC+%1 zfF}g`eTH;?6{bp2LV{`;&C%Gu?w>c>50=4K7v?MQy_BAR@>v{sZ=^c|30cX0ep9am zH!*9re=7ufio2qIXVZe!%4Vp12L|eh9-D|=wXXr*c*lRIz&CHe_!Hwo4)sHWI*YIf zN3eI?uY4LuDGT8W8*67U{r|GR3~$PD;g$XZD{k#Tp|o9%+n$KM=b(QrST+^t(-YG- z7b3bGrQ7*b2A%UFZk24MwgNDJwV||S+ue(Ou$0B!U1jyW+rhIF4|%EZq^xxWaG`21 z#>91TKy)~$lrtt3e<1)Y&-im4#zcOj^jO<=`rVP60u*iW1c464m7$6BRi+mVMB(;2 zT14^;_s#glvyv^Q@V4Tu@1DwVBSIIYr~e9__zi_wA-z-7Fh5*yQ#v?vcc81B!B53P zx1%$lcdZbA?Q-JaLq1ng3XlY$ET$Ht#bJqn9iPb{pNQ`Rxw4FrFXxW0j4cE z@|XL><+~kaHI2Wy#Yt?_m%8pBc_g#y(~e-_5d_u8Z)%TaJ-#??TDxD825IHsV}9o< z7Ja4v5S27F1;6B$bTz`j$m)a>ItdYT@{n6o&BCl{v=JX7IJX#Y*(3kIA8aST^VcPt zjP2=KY4zv(4%JV*uvAQv1`&v*i$$}&a>!wxSLn`pvW1{1{9IeVHSag%ew&Z(!LI5s zmTULKdtY5yE#gCu@_l4qWuu)mbmXoaUiismovS2z4~>Smb;m0OH(v@+s-KRATcd8ERayj}QOaeBgM1=SHL@7(x;@jYakAge?E-WEwL{))}q zE%`#}#DGwqMnk95?~2*cC56{XH>E{lA8*iebz4qGjni9sroA;{yOG&PlVL?V$~uFT z$Mx&iiASUwa8syem->W)=2b?$4t55x9)W-i4)kAtt{)GsgSK`wkuYS?VN91iHfWdZ z)M&1s5{E%Y1ZS>{<7!)cv4fJIo7O&WE{px9^wJ z(*A&?J0(e@~K_nVEtJoTz&xpjSQs- z=w=)XVP%E7>=dq#T$tm+=k_i}Yec*n@*2fuwWZV4MLrYl!}b8(L;w9ghu@>;(%3XX z@&P;cOHt3MxJAse;^_1A-RF`w0(n~;lY5&#ZU;GfjaFlRZ;#`FDv9Gqnpfa*q`i)K zzlS8F*4G|tjs_!MPm2XrHTxpZ`FE&y%hQR}1&^^$%(A6!L z6Q|kfzyi5XISn!x<~0Bfb3!fpc4zFAIwEyc?qucNVF(xM_#=keQbqkP(7*vxp?LyJ zXWWnAeRau54=rG8sM&^K#kTzkf;(#V$My;Z0u-+A1rjWF#X@GVszu(uS=Ma8oaSAK zWgV^QpSoex09f14N^n}~9eno<898wQ*dh2v z(rXgFY+ucg6tPAdc`YmhfT;cXbR^sZ)(KcRd2#yonH@o@_tE`_l!T`}?@t`auIJ6d z5to=}L#_~9OG7arh3af)-2nqK=9sM^;7yFj-|_bbqqp1RJ{3 z#O7Z z_O3qE`}A@pa~i6Bl^e?ltr~t`J38$KOrCm4Z+CEIXIkVYaUZgWYklLt z6iz^H!fD{gv_x`w$z^`aA|z_Lt7>!c(RUdQ#e_C>G$a=6Nl&@VIp3=vyh;||hFia@ z3Pk2-za~8XfBI?cGysq3v3iFvOnCaQtM1ewQ^I&TAsY2!1F~BWP+3_s){=Y}{R9`$ z{;}LMqOSyOHGQ()_^>2t5Aq3)YhI-z;!$R|xP{cL_8 z_LG=C7YPxLK)lfGbzD&vl*%-`)7%ko0trx1R~Xp!1o+pH^R=`7w6@0A0q>zWDFmrD zE~0#P)n7}G=|mBW1b<`;!@oP_YzaiIiI=XC3a<5^1NrAF6c9M>Woy2s`Da(Ts= z4Dy#BY z71)t^W!L)`924kupPv_(#5jr$T%8wB??j&8-ay?@!`oiaQ9)bYet&yi(E&ZC`+c>C zx~Vs!oXKo2`7hSbNV$kNMe)ZeWemz=^ao(Z`^h-Zu%_etmP^$QH~1esMh17Gd&qyqmi;THdh^{2DLQKgQE zQ57Z(t1t?xHw2^uEn$V^dQVn37&Xk0yJP4dAYn_MZVyjSt*vQp9uw8?_+D_YGCqBZ zjGVmpx-oKeGN)=bnPT_ZdIZcI>d!t!9sNZu>T+Y?*@@dL zE>ODnGi>+3V@L&VC(>`Bz{ccb6Z=JzICK58I0z7? zstr2`aAGUy$|a3C23~h7VG?eMPGfhzt$Ddi*#nqTb@SC!5jCfd~JRgeK_s9p@(YI zZZ`d{1(rN2j> zZ7sO58_*|;?)8xJ#mPu#G@u!T`0Z<-1VfoA3LH7a54cSjF~S~2po=icoJP^28o`UJ zB^|ZmZ_$f+z8&aqG6(a6;(ypPhd7UfuRG1l={a)usNia$_<0|^2{d){Uz+YA8gL+9hPiLgH{`Ui(@gNil$UV>dxD=ODS)Pa4(9i8`P7 zEFDTFfmG6YKViz3M8-8ueT)h^YDt&Y(<0*=&`2yT0(e{3R7Tw zmCSyZ(L#DvyuRt5II;aWfO&a!)BA0?$@i4~%Rq=wJ6;Rlti4C@HR|ZO;!FiD`PS;w z9iaZ`b6)*O;}^;yBCJ52mrSR3X_V^=LkY)YGj@`>OA?|YMPLAD70B2*EK z&-nH@c1(;-d5&3g#AAtO{{(8zi@6-ue7T+b&uC`hrdA{@G0DyW=F(h_PJ3mzt03N= zpkaI%J7M@4rGQB!4wu{s)XttttAm-UaxiK|t5=x+^eaMB05j6y&T4~DJ|&{g<@c13 za2+aI$U@5Oe%nPC5~Y`!S$Z@`HuOIp-{D6a!<+}w^07^dba_K8jB__U)RVxK#&#{4kI0%!??)37ecI@p2dL+b2gq?g4UXsnD=d zrucndNXZ4|v;Oz+n};fduj3^u>xNn(vv{2E(=GNS&wF+5y2E+Sd@ngA0_wf7`WW9KlBFzH0nGVwzx)Q^_(oa!&cP+TbRjDgE z-2J{spl6;?IDB<{K(}h|B8PV@1R$oBe|hI)6ZUtxkF(Ul2p5Li0S4BR7(rVZU7$eP z-{r4Arl3xq@_E0CDKDEdZsD!I780Kuzb760Nn8K?e&5WGM-hsEOjLa)w%v~iKz@5s zozL=yxxj;gu}lk@YOmebCo6bK9Os|Pyxo4{tmGHfI!|3U?)weIfKMiOJmG>WTx=EZ zUY1bFC0E~At-{bruRWdd91}N|U-TEh(~qY9`FtNE9`!#atUmxcks?TR$bxKq$CuK` z%8};A4_`~z*Hse6cIG@h$>Y|Q)wPHN_7Ika*FJuIVVl4^?=^cKo>zAm0TDC!&|r9G zQ?lvDh~rNMgadjqAHNh|s+XQxB;xdbLD%4{RKro8arI$oy`}R63DI)j9v*eye(tM8 z$?2Dk08*Bq=2(7JQugLr_>aM@~8d3y?%jFB_zMzq`zP+>;8tbeXb zHXvkrH-=Z*=Fj2<@sUvWZoFTO=F}4q3NA0@2Yl!o$~=oXr=11gRS`IaHGoPuL?4-3 zHJF0Bepcw`f4%bevKuaUVTl^njNQwQ+!hjg6&CL_RlRft@7Heeb?PgA$0Y!^<2jtq zKA7$;TpH6L%az3e3kj#5YaU zqZarRHeY}K)!GZl+m2YeYf2{|gLL=08vr7MQUtxqCuP%(^yWxt>bJX7pwbG+ck&@9Y!(4P=@4jnbq~q5K#q>Nc=UMO$_nnl9FG%FOfhP0AL6 z>_^%vC7vTq)Wy*zniBDq60$kHmsDxK=13W&M1)T{-o& zi8i4g)I#V_A;GmqQC(gzRxsgWm!l4p&uAA3a`rUHENMio;SAA(nUn(Y`Z-+C|5;(8>(mn)5k**+(xtV$3(B`jE zWK=VtZJn-DNI!YJ@}>)idq+p^S?3NU9=JnqRN5ZKIbAL^c9AxHb@^WX8I|Oa?e}eu zv*G6K-Dsjy!8;3TYQ8UrZ=G?8dzP*V+d=+zEObcrJw^^5Pr1eN3)JK;)#QRAzNgwCHATpsB-=h9ctM4$hIU+BGSj7geWZK&o zg?5JN9W=_`mvHuryxvLt0}+II!cXT&O(59e5}fdV-{S z1(czM<)}E1$Ex4%-|KgdT7H^G7MIqpS5`Xbj<)FWhuTlAmZ+8W-rmndI`9n#;jx@O zzEREd!CcVOk~JUR<`YLN>nnWw7eF-0ubjWfD6sRCJ18E6MSsum{ziejIIPzWF>Q@&U+ppxa;2OMiW)V&yXDqknu~EgaGn+xrc{bf9Fro zEeq9GWtpBI$>%t{(-OkmsZ$w9#`A9DYg~U>LjvgA_dNh>%NG8=w=~Wll=Cvt_Q(uhm*$Lr^W~~;g#mXRu z5-_OZa&?^p)Ky0H_7(x%#=!sb!LVQC!p}7vPmpp`gHJs*uKbfdI5hGn z)L4%p8kbly1e9pO#cLT|Zs{!XBv7k*EP@^nIX4G~%Yk|C0Z4q9vY+FX?R7oAC^7UkU_x-e4$#e7r`hw*YQ)AiE5`FiIOlBuj3^@P=5{^#nBqip>&IC z_u>h^UhX9AG4FjJwt2Zr{4Af>w?ruK#G0E}?rH{n*^W0Muk{pzG9vZ>A_0bG{XLEF zx9WZ_=+}@ND~prtp)w&RK(17tzOa=Dbg6sLp{ezI1VAARkGSa03n9N97VG51Sw4P< zBke&8I(A~$wENHAh!#)L{Wp~M>wbm^6|kNs>?UuhhT3NQ@D5)nfowYZA&AQaKQdzx zgg0g%k8Zc`FY$S}k@YdAA+zKX7MyLraAWC|gNX3tt?HxGc!VaxAnnCo{$#q#+1eKt zG>~3%W;{bjc=W{z)wuMqi5~Ir`sEC0;AiQK?b<;Y`fPLY^jdE$_ieYUjSh8gW`O8= zOYOT;lM(WBAA}J7NIz<=xp(35 zn)H1!O|53yQ}Dx!mkx|!=`=&t?fJnB>X?ieHby%w5uDMhMb*Srw|21$vLrF%oHi`|P zVvUb+k_jNTBsx{Ppmmq`ImzgwI=Y%ZW~L;b4SPA&hiy6$bPqomYlgjeui!C?U=Y;T!yeB;K6~Nr-+kHtSPXa=b$hcu#mYFAY~YIqmnsl0nx@8yD?-y` zDbi9N9|wr_>?;=SKo=M9ZQwuv+tSk&X4j@YB{GUXc=+^mlHbp+o`(vZycQkzadvXw zE2UR1KMyjw*xwDl(4*OoHKlP6%ky_hB^1pCP}(Qm^rHEdvR@a@G~NWe3B>2=sk%!k z%#NoMkC%qNa%1P4wJ%6n727?>m&M@;S?dfwNUERXxYxP`g)1+=uRiwF&-JG~IfL3e zcJI%^;vXcS3T3X4>e+Ie3!CiyY|rmcSwL43$JJi0a*3ao(VGYQHs**~V!K9*Q_@A_ z*%OHrZ%Oam7{jFtbqF^rBF?7A8oSDnP=JcfsIXLtPR8&!UY*SW#6(Nc9Tvv3Mn76D z&pLuX=&;~aPGL(tU#pFVT{nlU?p&!2@;+Ce^enwEWGbbJWnb^XDQ<*yxCItrK(At7 zPxg$z3!*&T;Z+J*Mus~g;+uzh9O6^>~SZ%Q{V#dqDuB9HkHlj$8w9)ZjzXCiIYf3_lsP zI(j&lTv%ZClGj8Biq{^o%y7@U54;PpF5(cJBE!DBeicGmWJBHZ1$(nu=7}VJh+J8pM{1Aj8z1EiDT`Yw z7p~s3NQd_xgeYMIQz-T2HEF%hCil1)a+`ZR$Zua5KD?HF6`ewp$)Upc%^b_U^0)W4 zU)-Kg)f4c7(6>GHhv9)?gh#EQ8;}e)QHkG5qR4vGGXp6QQ0>!nA*99h?js zhV8e{iNjei(=`zHj9Pz|EfDdkxoVpDiY$p@!*`~2EcJcF&|4gzl-+B_IfP^jEW1Uy zt`D*V8QcE<-}r@s9Q?OF z!VLadIbC8(bx+KC7+L&&1rOuX|Bv{_OKr~)w9?WsH+E8}3$#g`U-FI}@#ACxm( zEqoV4bm=)*!3^LPK(gh<#Ba8JoUC)uI39+F5m|H4w)u^C$M0W))p}1zo_wLu5%(2E zf(buwF*KG@K7v#A+ve|lG<(O*!-|3IqFFwx)@!GqFwH#Q#<^K#`tB zNP5BIEri53T^!c3a-JF*LAx>feE@PI+VkY=zL$YQ{Frm9$TVtnpZw8H!k>PAgh71f zc9#TY63z2zKh{=_N2LW3r(jce`&MX|y(hpX^O0DaEIwD4u6qv3(MBJ-X{yWl2cUWv z_ppgiHQI=3S>vyOgad@}g;1K{T>}|Pb^8RYqK}ZVp&_@N`l{v=yP1ED0PCxhj2AGMO^lPKZdy6j;Z}_kA zaSbci3h_dT;TkpL*`SSl)EAh3?6b&P9eYXFJ>su4gqybdo)_7*oOurc)9N9{XqdfD z$k+p5t^VvFn(AfM3gFQ%7;JbYrm@1DUg|?@fA)6ku=YTYq2>{+_x|t2247tdg@{pz zpjq-^nbV(X)MyL$PFA$cnNU^!Mjrw*|A>}J2&Z30crtru$G3jANe*cYJu56EdR#L& z(SIIPf%VnJnI|yHRr7ZOvN#Zb)pZ|2^DClbpc3B4oL7)Hn|ImmZNE_0*?Nd8tF8UX zbHBmwyoJ;n9+}_$ZrxvF_5nB~P0u_Gl7}EQg?PVyw-C@p4XQLQw3k-FkPkP|j>@Am zo>yg$dvUxXlb$;7z7OyqND*c^UcP@+>0 zlbrYGxodO^cOdYux(`R^Mdg(oZaqeRG_Bw1G4*i@@$Kc|cD8+)&_Ft!j6BXM9^|kx z2f|oZjNkhG6?evxc0MV@L45I%Q8$s);Egim<#8~O5Qb9Rkv!z2j|n4gMxIXZjp$eO zPccIkO*T9t=Od=7_%sayxV2*ZKFAFmjw=guuFne8tt~qQlu@2AOI#!XHMpy|#Z2)b z)D{BXL<5P~J$TN-q!x+wOmJPMJet9<-x_}*Ry-vObA7D$6qTOluIc%Gg`^Xuv4eEH zzan*VJ%KyzJOeE%MIU}4!AmM&5wXM+@=oS_o~&RRlU~@REI|s)7lIvo*xrnk0LG~=s1^2xkU4+i(u4Dp4u6YwaM@znX&Slj-?at>MSh{jmZEZjRmlbu=DgU)_;U3b3>k?MkCW zIgu5#VaM<#ToY<$yf!5tG12<45O~UzsV_2Sd3VepgDq6@TREzrX5K#zFyICGB}B-z z=EWUMUP=mv`v=NKpZr z$B2E%5kR)5&aQKiq)=>w+mcCHZBfN3Rl^+C+Luz7P5}Z zLEH7%6{&4Pz&-F=ni*FcPd|I%BW~D=<<<>p|7^=Uy}J-Oec?j9PJzP|sNvY@cKJo& zrXG5`yXNJM5s5#{Pzt>z=REEgXT45l|KC1+#x;+6xNUN{AFfd>Wa>A_lmLfzTdTd;YwPIyjmn;Q>C))xAQ!?(Y`(I zUx@W>TfO(@`ue6~_b!7^n+0d1IRh|w=SDJ%Mi@zNj;UXG*j+fC_!4C^J+t4(>gm(z z@Kh_b1aYLf*!TU>@Wf;`IPJNW7W|jnIDU3#h_3U9ID+V#YF`_sbgQO@ton(s1|55# zMq(jBaqWhcY$v8EV9VVf5aBGpCxEcd$Z>_VZVkiBs@vssaJE|@p4HT1W;VU5Zx1U7 zLP0qH+#D*)s0^ar+c**S?zW?ZqJVEJ9DoM(`9^|w7onx!;tN5T>vQ^SW-&wZF>g(p z;)u6n3c%P4&OXi0oEbdsG7J}RJz;BSKOq(*>?SJb^*4^d#gDf_4ywQoI~Y;Zu(yfj z<@s1i{%Y`WT<{Wt+YuFtJtv{K-+%@|a%kGyxhyWz0;m{J>v-7hzO_A{PN5dwMp`zZ z)>)j|rwnn)6=4kjjgZE5C;skNL4`eF0km?j$wFyoc*1)ehd_*&c_AnZKj}_(?~iZ- z`DU?nl77d!#^-Jcll3JMY{)ppT>850riSfgJjiYqPU@kk6(j zEDzyUNW!JR{D@&*L}B?fqg+1A9_<9;2RfG+>82XdhnVE5W4v^^xB--8!s}KXgzP@W zm$cTdH~8`(0es%SD+if*>D+%YjRe{R`XYeW>xRC=?6!=tuwS?@d|z2VwC?g(z{nu8 z9}bs-@h|s~&$Z*SLSGbqqigX|z&$YGQ{5aW*iHlijN{r*r{Y$!zI-9Ghldj79B(J* zAX>U+9A1m68O7rO8j>xOS1dT!w^RBDpm(HW_BwiT4p&Ju2v&H_0yfRAKdUG-VVjSv zZqcufg#m;k`x6OuOVcXUroJFGdqgXwp4lGq2Ky!-g)qnX2sRg3yNsxQ>Mb4q{K?4>=R3MgR9JbDmAdG zR#BX~#}3m}+B+x|^neF)8*cz1klX~G4CAU-lz#{7bO_}4i#$A?#pT$6D+f{=RB&#)%dz?h|;?_)mWv zVmNp~_Q$@pWwRWe>&%8t`wGL;h~Qbkkh6VM#sVF^Q8cwgl8RrtM=0K)>MMa^@I1#;eKIoR9f=4R>_sxv?K#-`Ic zGvc0{ICpKtKe~6EH>FF@v?5Gj=#5?4?_NB7Orm%@R#5LXT9Ril5T` zYhET2bZltjy!d3@mrP2+t|J)BBY9jJ^c`bEk7GRIY0mgPu@@_`%H7&TxXzVVPF=Ek zO~K6&96QtoEM6TtD+u=zu`n!3qSO+Ybr2>32p9%t&wFTenS0hK+EqB&4b%Gq6i*)S z`AlCUB{bIgedNP8p=DT56}qrVP#?59VHxCp`}PZxUKxlDti!cqD-0VNwtk%S>|mTx z5jmn&0EcBO^Z3aaz2tay@gDW!v~?k}-qjF{8%;572zp5C{MV~-o0o!b4n4}h{q9$A z)TPY1Y=#(Gs(!y1HA=fr13)zU2rxv#>=k%F@KN~t1gmU|112rwJ;0X-71Q7MYZy02 zturpKnLR%~-LQBs=>HN?N;eZ>z{UujE}Yn;db&jWPoq91dGHAo-*kawLRm|htGtna zk3SG#PP+l*>qrltXPaBRK5dSd2n@ZkRgplwh2MB>i#QU!_D6a@D=<*_h7Uvm_dl>j zr397ScHJQn>piRsT&X*QGYNg({V-B;AosLtxE&W%;HAI2yA5~*I3q=c3+sMi@Jfj0 z@2!kM>)*$M2H;^kWBv#(<9&3lc8uDkbJocoVOj2r>>s71_SkF~vwvS&7;#{xbI3Bt4 zF!8*TOXE*HD1MpV$Vz5jG*I}kPqCt;+-q(`e(nODNym{W(ZG5?YmkY9?rR*scVl5P z_b9=3=Wz3L%oK&HA#;wK$yR%K^Ck4BW4EjE;H&Pj?MtSr4c=v6V0s^DiLvx1DyHq)YW7+0x;jG|YL=WyK(1Okk0^x0}EdF{wMyzO^iI+IV8OL(V=8i^2=@=5g2A!}a-U|qxO$+iSouwPgJA?76tezj zvZMsfl~$uTqnzhNDax5qudT+h(Y@xogv1^ZB^wAMNi zn6Vj(FKVA>KT}PwU>lf!=$ZrO=m@oWJoyj!MwcpVi}!pm;;pzK0V<%A%7T zQLT%X;U)ZAq`oNny= z>xr&JWi*<^@8NC?pyTmD>~PeWL#G5tlkIx!0&-%1QuO& z?wz0UiO%}me;>wczi8k3(5VBd8IRzDKKs5>cegp&DivlD!x?d?@W)|WM9fz~|MKvw z3JBZIxLVWbBuqxjjBKudRcT=vB!aNhFIx6E2|tJpexeh~N@xvqg^^$43%!ikmP*<_ zucrqfK=aIgwRz$f-X)A@J{e`jZ7G>AA1i*`iOh*UUe_254qIB$4lNe$ygE|OYS}L# za%BH-NgB-DIi|sHDA=&^}y#af%=6=VkH+mcYxNgCWg9%2${bT9OwiZQ#ApA-oAaE%l ztH{3IiGrYl>2R_6XODIIp@ro{!lQ7$(-tRWBb?gqPC`xP@e9`y%Y1s~!6Vrx zKA~~7_h~qyn5RKr1z75Q_vz*`|8_vnUAcP`m1GYnmLmKT%;QzI?O>qE>4VF49AF)e z)mcaueYCxrk>NRs%#8fawCAj4RJ3q!9R(bL{YX7uz~X zn%}Rf!SsWBRzp7C3J2Uv8ZM0`r2<%@ViA~$X^vzc-6Y_Ic}BaW5dIkQm{_anS(;Zql~WVGu+)FSAy zff?YmA!)fs0q#PU(VBwkbJytd&hS7P7Tbr2wSlK6*$7Cq%Zu9x)*uM>lX{Yt6U%^p zPQzbPsIPP0a(oUWW3X8I_Ti3DMcg~P1X&4&iist$hA>sFQ_uN0-9mgN{E?uBRO|q` zx#Mg3h+aCcD@*I}@Z1@Za*?pbth5?A1?9H>o!@s%erT`XteFn;lgi5t0q$$kyyX^` zoLa)YLb;JJ4NTpwqLz%*6s0jQpQgz6({vyLM92>nZf~CzT&E6uUj3ABWAPGrh<=_C<;4hpL*yV%VDV&On~_bcJMBZ#h&#_+;lwOE z4-`E42NL?XJ$~^5^wBa9=3IrxJ>_3!cJ98+&)51Hs3PX_hU4~Wu_#x_^9VcJiWYyl zL_j!bP0NQ_YJ@%VZx434;rvsS-&qA=^jVm(uC`57c-v_Br;if4jjl<@mmE=Z3L(>Y z&4FSjYsWmTQkYhC?5)V2v!CYp-V4vBqzC!$GF?B5bsF{p=8$`DcrIZr`QBzC9U;bf zuWeXrm^d2W=zaQFnZs~VbrHaA`Wuk7N}Y(}SV>R>80@CRw~ti-SFkDed)<=|!hZH( z_CU77XZ=-Zf-WElhJie(JfE+H$F@YqWh1<9FNM1T=Rw(Hj$JoK8HDN2$C&GsUa!EL7Ws{cOQWLmG+^bx#2 zdvEpkIK@mjWvn$hK1@Wmd(pn%3wjsb2cc$9iX~4?>U`dZQI|DV)I1*tcj-cg^}Tji zL^;b2iT_G{{*4I)t<*xjG0G~vsH6(ehcLTGz70$=w3nt90|rOeZ)>=w^eGNk?kgnG zpADtjR;X;Nbq<$m?TS>Lp`_gLTBaKRX_tg}^;f}8q+@LsLm)MhOX90JP~(b?L&n$R z0-gX&_gm-4THeD>(LYn)T9{lHXDy1Q*UF1S08a#60$dEvXf#X64jfzqjeUM;&jk7o z2Q2yrU-%z%?nn1vbQ>$P_PILkz52Q2cJGWcWcCOQ>kZ~G0;NIs&x=xL?$ZzZnc?w- z-v|A6`)%tf3%~Jte=?XxMo=jx*oVe+?&j+E+{j-H2f>4H&o3kJuZPrJ@A+2)nH;z3 z-|7A|U=}H<2R7~epZoNL(--@ORMFI1HJ2c{^TOQOMpT*D!S9g;cO=Qr*@HnBH7*Hk z;y#pWLREBs2iKVxu{O*8E{8Nv%T}B+Mf>IChSJu>1nadORy2CvlH8|g?UXG6O$E&_ z(qN$YU`(S%VgP6W{qv(z6?W*q5gSW+Mq|?H*-X74nUTWaDfnYh^AHdA`%tP38qAYY z^dm{J?LC$p(O%kPH=T#=W#Hr0p!25)NZ>WfA5kQ6N3lCN_2Aut2}ZzI^!i$bb-!6} z!CVtGiKA!u@j_^SMSN012aQ7#A^kF0pGOJ{w~lM!skeDiy>s^|N~>v4-#9Fl!+W36 z)?k+HI8Y2;wCf-85uB2dvcaj5TA^F>bP;E4h9d7w2$G7mUkJ1N;RG2yQD(Rxey6Hv zsrmS~-IxeMUEpkS^0Z_#>HW*=S_BN&dEbJ=-vUw+^LJ`7R3wEa+;T@E&?!b z={I&?U->@4SMS@`lVyXmF{VQJI_2Em>95%< z*%xvoD!JS`0P1sttDtvPCi*hJf_C59>Q^W!+@JAP}p>U zFmz;pC}_=lmx_@8S&S`5j7iyW%sdBE@q9DNdAQbev+r@ng@4)TfEe4uc-)O75?V%j zU`NGk9Nk71(=)uD)$f6^E?mKpMrbN*`Zgi$W)$;pkuh*>`KrZcPc;S!!R9xaeDlO=m(%uW^fM9O9~0cu!$9}y3Jj)-2)Bd2qCet`6_}lIq;As z*-{$NE-VUATQXBsJ)#@Ypt!Gih0dBAZDV|YkSrM3mlA8Pq)Z$fuXGI1qPG)yq<=~_ci2tRr{F_KGn0L^*}Y#&H9X*bE5k}z*Hg^Z*oR)>AOu20~HO}=;O{Cfs$(2GVi|o z+U{wXVGkpB?0M3ocReDl8DN}eIlGlxDKJV#oiQnJ6&>Ewgf_B?n z|3zQ;@>@N#Gi*9Dh!d*zS*l>PY?c$u;6+W-gRMt7tzc}0&DVYn3S91?cLdoud%;Gh z=S65=U`06z>Y{&4;zdRW_jh@^ZE zzKs0KovT!EY|Y{*h(G_P}W=ECM zVsNj$^cK+YAfO}6yy|_m6gGdx8qV0oWPU?scN({rasa#LP$*~YGO_du9|`UmM*H-& zqtt&3^LfyFXU)44oDyICt9Tn+1IyT|G6F+IVJr z+^#I*faP)~LCX`l?gEVQ*&Vu#d!A!`E2bxsa3@w-=_;k3#8;E9Q*hAd$9FSV9g`G} zg4uDcS0!)aG*r>K**w-~UwRwyfnvbjRi^-<+>f{K>rMq@(ab^p*;b!UnKM=O^zplI zmp203!pn1+MJAff^!r0Yw5A~Fj1w&?hU-2~7lCHtU*hNXmFJh@@NC@SCouWrF1_?4 zBUl!hJ2iF<>80>6O;wu)qba>w#X}CQjtxJ#TRIlexbK=n>h?YkHvu-tO-nfAAvv0^ zGI*!wS=7O1k$beZF?stOTMHtK*xe@at3y9CqPg&>5RYPZF?HP@=}(&tCcG3?#lv_2 zDwJ#GFwz47AT&<<=RVV0)!6R{GOlUs@46^Hn#8O8g8Oa#<9T=QdV`uZ8@776P#>bv zAHfjxplYw6r@eXfpsv9k{RVewKHZLjb;#f?iJR6Z5|zYfcbsx-x4Bq zv(LM!1AaT5f%|%=OlH~0oj1}(8+<(WG$JPXq>wLDA3th(ps&xjaZ;U{@I-}!8Uj}E zi$^(-jYo8IVPD=0OE%a=7Z!G72PU+IYty~1=9TRkGu{2uIJE^=&O#j}X61-h8)yUU5dW|oKI4U}- zj6`-A=6#m!Qe(E}$3;p@{hd#)=Q7Xte! z9DDX5x9Ahk0@B!P0xTDXZ@-$^oWc5GU+LGSwR}J^lN0vu9ei3;z_2=0vxK}VF4vwrv)ttuhBbSsfRlSl#W~X!gY2Lu zPa_DpkUhMX(fRH&2i}q6y0=TQd4!)&T)oN4b?XO&qK}*Ob)VaaMHAFknEA*0q!Et> zel`*;D9|zgi%+m5K4%Bw4=dJ8E9d>#3zi&t8t@bPGUGoC^k?+=I)4yLd>IvhU zKi#&nX2j!b_}z%m&SNOJm=BMqosf9Cn-uWRy~Hq;!86G~?EB_hOXa16#Q>Hx<^&b zy;EH9o9qDjqYp%xsGQS~FV3EB&O?3zX@!`cz5!^D!+~^4x39&;eq5GN&?C9U2fT1E znhBlYi@BZfiAFCm$B?f1fblgzOnbr%mgpO4+3xjTJ!W8K>6cXL`%?X6gg*y;gI=Yoz1|&F#5R#Ma-R{>{pd3ujq+vpYo8p43to)Opz7$Uiu=uIk2n3WlOE72ySe zShc32pxh+xpqz={rGu?}_m^F4;_mUWp|Lp9rt;W8HdZv@*qG7vD*uk3oTfZDuI%w}{UO7}q%f!tGuR^n3JaY5euTG6-WlN>tQ5@2 z%`Z#Q^pyR`1iLReJzXAGT0F`|=5@P!icC$`6YZ_c3+b!ZrVnX=p^T6YV@pcT3r{f9 zy#9h=`GD!!h0U;p)a4QyfsmXp`>4O}xxd?2BX!&m;>gngyE-5PAnnFjGE6fjl^i@; zA8JM5`O1)t<=pf8H-|sE%3i1beV8||Se4Nx1mdU~Bg!!X8?SuLY(j7&5bsG6Q(OqP zf86#Ik$tune#wjeE_+1~sy=^6;Zf;|e-x`|Gt%VYQr|#u?|WN+$(7;l<_Y6R1kVw7 zIEo)$zsnIWMZ-P4LfI|HFM;`E5|_^sjrs%igm7UYi?f?E0a>6s=MH_j?EcPrJegzn zn&DyO57)@&0S`$|)7W#5;kv`NKy$mLw@>@2(&c*hR&>U#P^K8Eb3Ilft85WdAeFHg zdo4QpkY#%h=%xdwdrwXMY&Z9^Q(CjSg6+6<&2)t_e1o>M(ihk-b<`+wx@6>&UoZ#A z`ft(y;)^V$9sZLBrZs^)c7>uFk8)BG+|k4X4A!2uk&5m>xz1ai8jpVQx$d4eVf&Kn z)5_BPwU0wjb2~IvMpcxRH)<+KnCak^@C7f3!T1AR(^{*m*ODJ+X+;i4HfF~9RcTl1 zm%6OKBzO8`R-Ekv?yYKY(Y_^L2i!vs4Y=QN&8JoUl9#3CK)N{|j#jq7W+5n-i&d%U zB(>KMaMW-OhL)4O`-2jw$*1$(vt1*)6-)$gdYIR9Y|$dsk&nCEq0!j~P4CZ+dW#X8 z$**VG$?}VH&+?vO?qC)lD~c>UvtOdieINJBO5Rk4V9ome7U2x@oxDCnB%mP~ z*t66J7F%3)`ksY{rGs*l!bA?@wRBOe$(~2(XrLW?GLIwa;F!WQi}@=v-O0m0Z70vUz<3`c(vPk2-uV7bbkgtjh%s{~SFQeHE#_95`pg4FRUnLKoc zuB|ica$xczYzSerIvC?@KMJ2+rZ^R(zdyCQmw;9QziwlN-B$6clk5{^bcDQ|5Feu! zQ!)Q!+54nZKLD*ij~m6DD6(;#miP7#j-$DAa6X-)_DT>dhe5M&_v0H~M6oP4)I%im z&Fs!-$VOIge|jigXlZ%*mutEqrHCPe%;Lh!z0kb}bk7)sh=P|wIdCB6L=gYx_V+y8 zMvj*TOiRY%zM`8WrBt z_I$MHqAln{+8$~KS1QQiqYXFDGq)cbD+6RL!HGz;BMlQ#CgG^%e)}Ou;tMkKP)*JE ze7RVyyN*sfiD2(6q`|{1rF#zL+YK#rDhtegrPh$M>TZ{>PqYYs>K)bpS!{(%5|c;z z8(z+k09GnlKvgK{q!y}u7mr6z=Yxha_$~kH^a%^3e9j+QO8TLkj+Z)wl|G%JhjY}& z7r+T3sa(d?2ozPTkLy)ew^-jp^vd3xY)H`r~1(tZnIOK(XT?{;>GtP?>Q}4fSn`nFE~t z0;*XUIw|U;)}v(hP1ffqjh>1vEOrp0H?9iIlue7d-$c6mO*G9Q7iiYEv-#}k{NN7B z*Uh>+2lg5^NwV(L3rXEc?R#Te;@V~+&WT_yzPdb2`d;8`hJ-TYbK@e{cRi!vTj+T* z)hUQ%%*%s$5pp%oT`XWjhELOe&l9FV5L($nN9h4~g{SBa5v0HV(VwB%BmrN6OGEgJ zmCe2=jq!bl%!X$UzG5F~j8vI31~aPVk6haKl~lgyf$M*9W9WDqR@gKoAMD8+atKf8 zr|~_XdV%`v?{AECwl5Ug^y40xkSpGD3ZqYUCr$>np7Sa}oO0w^Js<9vgd}u_MAkvt z&ksxKh3^rntX{$_Ja15PXfdGAFiW%{j-%pk4k$6c_y@QNzbtt;$*?HcEAiLwy>f~N zi|!Xz@1fm-ePA&u-+XyLq(I`x`uyBi%ewr8@)02OEBdZ5QQRu!_#_F|3tCqL?ydN#$!BJ7=`}U| z%h~z~Vm`*u=2~ld&y)F9pV==;@}c@>PczCGc-N5b;4}uSU-wrGlQ(zBnx`P_F$e3V zpW%6uqfKC;hUQLG#uoN4*tZ_$4fsU@Ok$e4Sc2JQCW=%r*`@H~%LenU4k8P$M|;#F zd-Y%BX}E<-*39@;ctTOI_)GZ75R89H0;?w_;q9IB?tnZip@OczUSr`L6WFnQr9kE3 z?#GzG(_S#)K0-J$a5`?up33@ zyxs>%y+Sg;#aJhZaX5Gr*_+*V$eEB%ZeJd3_N{4BLl+6xkh_&0-{TWD%xLYLMN4wz zOLeI?aO`H*^ztJQXS6p?`aINTt zd;!Hx&G-uzN$BVhY2+at~p&hiCP)jBfq(VGM_y3is21$R0&m z3r~ITvlWvM7i`mh*Rlw^+t8g2+!@1p2erlDB)a7!aj*rYIpO+!6bt1i7jY@d@V_BTN&9Q-_OvEjRD&X-sZ_Hf1k zeMjG;?-d*|Xy2bdF28L@k87#Vut7#_LQA%?UaqMJx)hZ{>_V;UM%I_I}$!q#$@DLYi@9U9>KOfkJ zBu5N;86g9FDC*#{tl*Yj0OGO6%jQhu|0}(5_ue_KF!?QCh?yoYb9%U@S4*m{@oC>1 zlb?^+bbk!H>G<}~&;E(sFt-nY(F^PZ;DI|xI}CdQAFiQ=FV%vFqV0XGbx*yDO|cDnSId9e+?-;G6fBjKu#mF^t|UZS=8KzrKPeQdAi*Gbq0 zE~#OaqXn5>U(K^sJhA~)=sRk`ael9*7r8EjyPuO*e&jFk5Q>@Q;VH z&cG|+ImawMpTZcHGxneM?lwJxp@CN)FP*x)mLnLdJfUJb98KnM;<+CF95JOb=^PxU z({VlIm4Ir}dPw40#Cj86X7kP=owYBFr_%tVZ!3zM4OAaLMMua)Ee;M=0gMYs@b4VR z&C4yhprNu~HBCTtUy9S09~K-kN7kGCw6@DEB_MEC`Ww&3eup{|$L;4R7Bs%t~{^(_3Tm21?o z|Ez-0r$4G)!l&8PX1?^EuVO_r`K`=U`whRWCBuQHC&-&)owCjDcIVq~^5^P@P$aKd z=k}-<0;Uf@Pp-mLt}L%0T8&U!D)!bM9S+k|BToDavq zHx+t7t)J-gsVa0#qA26*>nZj^2QIGr5AovSic7R)upzZ|Q;o@p^!(5xFo8hDnop5< z>fUz{kGQMTzv3e$%on3`)#%)4_wj`{Kt|c|4jOTaK~TaG@AZUsuct14e)|WD5=%8Z z^vy+EbAAdepTjn^>)IR7y+H-8Vxd{>8}dj$C{qDkdkw}F;K@u3;AMgj1RxD{?DeM$ z6@COC7Pbl*w(U-_0mCWsJ9Iwc9C!h{Wn7xRsA_JSwbX}(9Y$%-yyjnOGZef4aR}j1yzM3t# z0wTjLFScV`t%$8tYL8Qp!A4?AyT3J+C)Sk-DN+*C?x@{tRtC6gb-ALBewDJ#WYX}x zMOI-G?yKA(7>HxdKU!ufa`Q?B+b!d?i+!e>h$J%vSB{HZm^<)w$|Krt#SZMqU&rYx z_x#*i=Wo^c?lJC-2yj6B11UyrPqp3GXpFO6Iwf50$HU!H>=jnpmNQ!w3f)A056Ok< zIc%@5pchSR`bo_`a@|l6nj?5+x2=zk;>%M<1S^qpqTl>0oa*(Lx$zw5cE3&wM?7R9=6y)=q$NKhug~`No{Tto<6S+v z=jwFW=WFtm=l7yp@`H0k22Wh06CHds=3PEVaZf$5oY!-1mhY?35W>PVe0G$=E!=o)>u4iVI#etoHNg8xxw=PZO^) zd!J^2h&{@^7lEJqJzReaVdpewq%MwmA0uQ7OG1(^us%FHx$pRr2wIh!^Xu#V(%5z7 z79xAI=+x|TLS*#J#)pwV0Bn+aca8+GP9=hzf?T$dlx#Y{*;GDLPh% zlaSllR`|=FO!v;(=?hF*EH7Uj`jyh(&|gNh)AN{Papg3km_Fb}=qC-tRNn_#Rr+;A z1hdz_WPHvD^Jb%;S~CeGt;7!mOe#2$M_cct?SA6AL#saWujGDf?lYHVILP*kRYTY% z0TjV@O3Xt^{VDx>CWR6Um*|ssedEd@Kl^vGzbzZr9y(m|pdA|jan-V?@ow(!FHE0# zb5-UkbVVMt^v^MXv(OSdZ)%ar`4i`Q{DJ6=8J=tfvE2DQ*+p}QX8qft;K}T{OQ0=H z^r;%LB}DS%^4#Lx85&t;&>HY4<`dZ{_T|6a zLsv|$c@un}y$a?nJ(SxGONBt+V>I}*4*g1CUf6H%j=|P5+923TW1Aqjd!b2lL> z$(m`uDD98V&;2nqqXf8fr&wFJ%3v?MXP0r?H)sdH=RO&4>p4>ZW~;7l}7uEBj#| zG#*q=u7kg4{f46r#ksQC0Wl3 zEe@FEgz`yR!Lvl_uv$_T(_?#t-@ z6^4g8>rpWS+Sdu~+t267v?PT$a%hHQGOBSrnFPf3$L1ngEQQi;{J!%`h3q%=jJdW? zCWYuWu+x`1KaU9i;fGg!_M8~E?B^5RSqh5{yZR2Ls``{8 z4G}hZd7NYa*b{krxxL`0cZgu$xHGF4!DoS zY>U4>zkMyp#XIUZz8aW>+q5%yu(IkDR*<`*9-k44G?3P?(5s}mUeIck;}`d zvkd&&$Qd^KC%NAfk=c2Z`h7(ufOxK`$Ck+Lwr683Bx3_E_Fv-fD^ZzPfb_WD^5PU0 zs|e2DMhHCupI@~>=s74l>%8=!Bm|h<1<{@GxR%F#XG-o)9N=b@!HFr;fzJ zGaMh_vG!qaluOE>6%Sm zd3}P9`D`7_Sl_W?!CW#3NCQldsZbxWw{1@*5U?=TA4Wo?jJcY>?a zy_B}sUu0qlpZpKcSYA**yIpjur&#fA-Rq<&q{^7@BH+QE6Mf0Y5EUdmLk$&MB>^J& zb_6K>FWYEccYT6vQ4g4Wwa`W0DHh4Y>-lAU?eVu?UoYbw>n%2h<)QIGnR}wIsal2# znX7N`g56Ho&q(qLdjS_k+v&ZJCOAjo|Jfk1UCu=3hpZI$a(oo_!+~n#R!5oKQBMl{ zWv9Y456-U)nMInJ@*-`lZY41Ib!}P<@E8tMGud^--(fi@8Y}s3Cx3~LL)}ZZ9ao^* zrcMM^{!-kei@9Gyr^jDA)#Y+CQSP$Ou#hn>rG9%q1yk|v6XAK9`M!pmHa4clV+t2O z5$o1{IUppAv0VNxUn7J9NJ#{u6M7>GiKr5aVGlcdf4cn;(dq-WK5ww4<9}=98ede) z<1DejsGU9jV3s(cJAF~ksr?7yOQN!s2_%XI&E#QwduPQ_B&zg+^;fVPaBAHPbgBGV z9#s!)Ha$=nr`+W5d?eF;B0|LB-Tn|^4cqLrL;VLhZP>RN?>}b9VzsCPSdsq7MeGLm1r+7scR&1FMWHjo0qX~X<xqm>?>mHO2*z)nTULZFIC>A-a(1M@ zb;GA5c?Mr_c+e) z^u+e~y{||}nV!)vgl3`?SCtGFGVb(Q4KDhw4lfE=LF8lu%hzbX=&rdB=X&8RmPwp) zbhN$czHCC!OaHfDM03G{4(#B}lTkNHx9f{NKBt+D%D8RMQ|I_fYQjOa z_9YM9}O_>BGq>|3VB--}*0@)%_o&S^7yPmApK*z$V(fTpIv1=#aY`}$Z1 zBy({;8~t>Ft5Xfts_CbOaR0t`>+%C8L`HGn#@9XGYL&0HpLC{Og8qRXd15P1*5!Mf z1*0dx$P=>|W*6Cwtq1;k5cM<*Zze#od)7I5A;=~h2ZJ`?GelD9akx_YX-w3!$T!#K ze0{&({txfe3RQYMi{07-1NrR{RQ8Y}9pg`u+nnr;8KM{~g!8+Dce!!hTD=Lcc<*nm zL#4Q{qQ-&Ylw!29Uv?idt>%m8SY5v67J7Mq40rD^p*p-6HM^dIKEW-GkkeGHZ^ETL zHqyt?jt?}^WZ6k5XY{o#r9N#=c4Hl0P84QgPK6=&PtAHhzeh@b`+e-e^L^ZBKuz=S zn-0^rq2E`|jeS~d$aNK{8ZZNaJ*)Gsplm?GoKojnu|9nIcHFbFy(u<%E^8P(uPBMy z&%D6P6|(+?+{~R=o{Xgkl;OfVmrs}%&qalpT`pq@C`f;Xt5u`6`$#R1>(W1dQc*=* zY!B3Xal7~sJd*o95LVK=Y$5}&9D(O@W!CW>dkjv7SgoLzpP^z)9;^PS%AP_1_-m_+ zsl2MDFO-V1lv)_Mrhk%$fPGTlaB_7hE*U~>ICKMK zE_a#!k~_z)Gd~o3CJObkhL5N3n+~UkoqDEM9>P*UzlVU)F|>Sp3~~P-GR((!;ob~Ja2LZ+V(}+Gyn9wr+IWHA*)VE zHsy$=#=gGV_fV~&Bs`y>B)d`rf2~a_;D{ku;RVyY6{Y0)m+#cqcQ^AgwsmqAnYPzy zl_%+=$ekh1@91f=ib#SXTiA!msa19zrd*lnXob_I%B-r;(IVY_NMzD) z$5?iLKxTT56n5BebRWzWo~YdqUZOi_{;LieE1aB1{eDu->#Th?;r z_MX@iAraaXP*1+_+?A~y!Gnps|AM<|%8IpeLk@>{U+(n}*5M?qP1~dn4u_6lBd?I56@{%^brQ2!@)v zD+^IYj1`u@JF6YUt2kn+v2%Dse4jCFCPZ;li8>95lOp_Pki&01l=D(m9!{RBWJ7+( z{Oi`Qb`K(cf2n2|5OUHX%M5o~ap+ktepyzYH95cU%iq<9-55HK&&qeRTXv%kxs9fk zZ-!m|ok0gleLlA(ajBqPtjcfvvT}^@4z#ASB54uJz6^!|b$N4#PqWI)3QC+JwuNKtv64|I-9@H$?ydRd4f(#W?> z^=x@{G+LJS?8z_~vs>K57IL%`dbi~uC#^-xpJ zOXe|`Jtp+dJfDw7oz31mW>fW=Z>Lmnh`l&16Q@8QE<=JEW?x%PKWE3MPuDO z2hU1;QS-+yV*#a;2PgG)Z}q+>BrqB6%dHZK-yFeBu6^bD{?nFWsX9zBC*FHq&g=;~ z?Aa2r~PeI~QE3gP?%Rs+>oG7LWUN!VGp*c{1N`0xwUBxqKH zA(8U*69CVyWX%ysS8?HB)Az`tYE%1+-hCwRjn_|-|4FvXHNF{i1%v8_xCed z9uc|Mn6D%`arTJUfNDaA4drlZe^8|DK}y&&ByC5?&{8d-eV@exMkER|?fav8d2z(4 zyKXyhSDsH^9m16E{7?*SpN>!N54-iM-4}25`(m(Kz&`pfinUL{@GL)9Sl=`xKjmsdjFB+eFpSYb(5@K@t8<*3A1Zk@$x$ z78P&-TmR=c7rlCY6t3=2kM3uSx@3r}qV_#V-}DL(G?^^FpDZl}@QiP_uB96$unh9p z-6rS${VF0e@-jJ+Ew56v{zl$qBEmcPv;6sy^7~j=&Rc=K{tT6@^qSvT{ACh%cXNG7 z@2HCMdxsJh#0v3qmON34Slp~X?pqpf-+6$lEl{B>$1rU-Q4NgT*yd14(NXTg!`XWA z{>o@D65F?@>*tV|+%h7PAhiq}Rvi4bZ{%gFKobuTsLm{C6jj@Lft2g2)6sNUnpdP% zy&Ij`_w+T^?PGK9m8~o0`P_%zro-^`Wh<&b)L%nD+MwUv5OwWq zp1P>lc-easgwyy2--Ud+e+Dxs#hvOxK42abj&F1FkweXA$!%Z{vz+$42p$;icRta^ z-o^v5EG$DWBOO)#0qo)PUmKD>F?w;E=_kau*ydfm+jsfAV}T{M&@M>Eylw71Co9%( zQaZo)Q_a~BuiCe?SDw>Prf2qyj?l-mF_X$BU{&?F1u<1k5!@&N)drbQ?yfE)69VtK z&cTLz9C2mjNX&V{o$RpWATqxg*C{jMyI_*Oc%cQh%)~Z1Q@8GJbttC^+vDKHPYVGX z#Jrl^Idz181~94StK$mm0eaQv)0a+}kr4$oET?KgJ3etoFjYpe_PZ;rZok5iqk^t#h!sr2>OcXSjW z0P*piQoX`>J{1x$GyT2ZH$JzP(6sK|D{=tc03-`f4w1(!VG_7!5)5lq>YFmU!h`<$ zj46hX#-VIM`$kn|OXiR4Y3XEU_TUx3KHb2Ug5Gg@D!#|MFe4yobMuGGq$>TPAJl4@ z68>p#U+Gjovq%X(3}naH4}akTmFgO-+^(^(abHP%${Na*hx0>pgLD=STX#>bRfKzv zyTxZJkG_G2z2tFW1p4wy-6LI5)bkToYXKEERK(BU;`*(et8M>Wf^tNJ!o5%Y9H#VY zd+t-Vm4o*_u0Rs|T0x4w`#C1IKIBbklAGEblFL+}y})GLc6PxJh+`~evOM(Agd)L} z;l^^s_5gjQl9k(!-2OzG@!pr&mmHYmwcfD<-#rZkTnYu$3FAC-*~3nFij-cD?Wy0V z5M8|7v|z>rBgE_CDc7>Ln?-V}_n8>wJXY-2-3{EkC|>Hz_T3jB>pc5LSD{j*?pN%k z76|ruKbL0@t(#K99+Rq13UC=u-tWV`Q>aZR=PXr(bXQ;eeT+Z_&QT-Y9spMPVZs z9|)MS6@+leF|_{RrwjBK?Kbxtg6fj_eh5Q#>Rwy;WfE-3fChZ$SM{B2;<;4qqh84mSx<5wU=|oP(N2uvMLyCC*`L}EBr6{OmU(7SU zyTWJVNifa%Eu4?D==(fFaQidrqUP49&N-zvq!P2ln?#|DXvaapo!V|TvJ~V3#A7^?xVaR{5c6 z(`FL|B&Nrr^a3?MWp@wNnJj4S<_QWCC&MjMDs*G}T6RB=%b%WA^d0!M506@)0ZDEAqW7uoOvR<70jLqv-eEMb0qXN|faAgrd0 zj871}33u+NdyFc3QK4O|>|DL_&LO{wdb>#JZc8I|TfeWHvgJQ)<|B&QvYpOaz6`T+ ze9k9xh7gL@_;%xVnNSiBV%Q&4AL2hp){fZpxxnKd4-;WPTt5t^FE{**`-;yl-|ljA z<907>dX#cW4%H{ zz#TL)LY)|dBM*H81ic!7RE5T9>|!usrEc$fAGM8`8K3YEhsUj9M_~E*r_c=g5w;MJ z@my@mom@1Zly*qUq6KE zd?c-KAmFl0v`qC=`f|4i!ma5d`WfW5&ixU_TFw{MMyXPmS$%(?rrTu4eN^+rz9p)a zwDqSI_hfGfl`l;hpG658$E(FfScRoKoPXcw^FC?d2A`O3dw+)zPdu98b{P4|eJ36y zgSV=dzpWC&vYG@emc2nr)jfmimk`Q337@v&G==>26cQeX9hdo+S3D`7vS{B5LW2OU zMgc!Wv2Oi2PH)Wxm0o@x=Z~sow#cVcb%M8u0)L_U6E+Y=0i$ ze>t6R%BZHgle`y5*Wk^g+L)4qhIPomVU;uLi`Jv*kyXiFs2hTPmQq09Acz;n=kxQ3 zF2TONI}+q{7{ZPAK7wI;Z~v2yQwy1E zNI;|kza1}!>zR6WmcxMfoyM8AUvo`by28Zvb~%qIRip(|pr&SQ>b`f)o1v`VzNhT( z0cO}n%ayP1+1M8gIVfXvLwQG51IhjltphZLn+Lx)&&QYa9$8E&TP?M{xHy>?g|wq51ki>}$VHX?`mvwJ2GV9z*`YuB z)~VK#;wM(=+`+dsum|$5X`}1;&yC@qj{AMWLQ^{_Syaz{-17EQ2oC9-}m$z z%b{Ysj)k*Wu0I#KpXcQxPVpZ8|NRJivT(4ieW&0w`|~*RI8SU* z(qd0hW&o=6=IH!;Uu)%bX^>O^LQZC&jxSyJIu72TmC1C=t~&l?py)4q{Xi8y{gBOD z9Y%Cq%G3S?9OUY3!_*8%jVl9ATKvgQ&4oOLfjGmLY$UZg<3VVakP1ex;PA0`f?v;Ang4SdNA=E8FxQs~`Gcp^ z0fE?}iHoP76UR6j{mOgZZ>xJx>il(k-Q>f`Mo~~uwh-)ACG+5%VcuacDHdq0d;T4l zFdD9*WK^oq>XmPm^W#yA4;lL71;;045TA$#{QGou`~JH6`!tV}i%aB5;~NIxZfS>4 zZWge#I0k?H&T9SL23E!5Bzb?j)35h4oEkuN*=r2#9omUYHeT(F?FNsRwBjec7GB8a(v7$L7nq`>X7>_IN=}I?o8;_{w)l6 zzsblUA>NtB2-4H<$+l1q6{O+l`UNGW^NYpf-D$q=ez1hW8svkIJ!)1C9Q)dH!!3Oq z=(0=~ecXDcDD>EpPd9L^0{6TqpkRT{pvQ<3p9_#}Wyza67%6CIrNq zx((dv9P%Vx?=xFvN05=^KdYMg9cq`mcK=>MWEtdNX1Q0cJTc*&;?Tf9*q3slJPMAE zjUo0>YCA$osm}axwu~$JOQiltN|Jz_C0E<%3?)DcS_T{Hm#C0j;%#LJ+0;e){R7zG z2T3)vgVAd*#7WHr7}f#aj=0w?4yP|pkT z>K@7qs`%sA>|z*rSJPziHvJU^Mz%!b12X{iIQ0{Cd!BgN*tH-h}9 zZ_*(jl07A>nAE+&-!th`@l>OZ-kd{i$|r(>6|wIVRP*tdlz@6_%~ki|8eiWDp!xmP z2C?X}4d?uF&W*yX_mNPaj<)c1TwIRcYJ}gQz+Ls}PN(cLLP^WF_VmSl=H>Mr&Ge~6d|v;+xNk>VK6vw=I@CaiMDWePg?^B; zdWStKe9e-?{a}QFw+wl>#j&5}h6*S(1L#{#4MdWAH2FLuL!3{F#0#H$Bb=@5g!QPy zhWMB-c!H8f}Ez~VYftiw``vl8&jprEK%3GhXx3t?wJYN&=A z55ViDWQ=nJ143urc=1`CEcVR-{!ap$0Co90rAa6oNT7LJe>CLj>}2P}e+-uRLu)XB zTimOLbi6tp&yQ2~18h`#kEv)%?6>iwI(3p?|2vlNtd;#B)@YZOy62n|cUIQ#(L5t) z6~uk+2)`3CR!2I^`2q2Wu%-_J@K8sD>zkqMs+B(U66hPTCqcjDfE z6N|AgnakYWEA69>?rr$eM<;%e8>qFLo!m<9Bs>`k0*h^f{XsDy(*P#6FO8twM^V;S zarRc9_qTCIB{XY6ojs=7gp*Q_ez`pvU*&+NzpDyZ0Lf3(pg>{?ha2bAg$(y*P4NOB zc<-fMW6c+NXY2rld#oz$a38PROQe@rBS@=RwO@^D%T06r_HwI%;V~xf3rupk!A2w- z*e~IIj*qQ}6F_r3WyU!t3xN&T1$79AUSs*_ySi?AdGR35mAhwHj~!(p@R8R&Tept7 zlG|gNXnwt|g#UiO5j_T-^?*rE{d90I4**Pp_NB>E56`}s&whmqg&)7HNHT0GQ>RZq z)QIof(A_ufAL8wRyD?d5c64HqT6)L7JmaxUg_ zSBR7DR2f6)E4j|QCV_O3rP{!V^Rj9y2WJ!;4~B5=mshxxcX1pj_M6-VmZIdo)`aHx zQp2kzZ=K7)d_{Tpo;m$Oc#*r3yNKc7<7ZJbx{8tq8SI0pEOl}%-)JNaE@G5M#+kF1{SM==Na!dr|yi`JBpI zHN(OZ+GH>&qOps)`cR55#Rj#4O@VH!Q(L*P5yTEu;J%`#*N_U-Zy{Bs6mRAm0@LYu zZ;0XS%YJMrbn`kJ2)m@Isk1V22x`-H(0KFa&K#~(e1Rwzv%W8yc-Z$g>DHX2rQvyw z;8KC9?ScTs=UkTebL)lWts&&CJpIAfFeO_o0Rg?%4l)KOG!QSi!hi_to-# zj-k$VGa28OydD-sz9zu2Dn{w>{XTmho6 z2ZWFF_3AZzPVj6yn`#Jy;V{jHj_)bCJ1i{vR_bRA1F$`U3Q2u6b zPc%G#chP@6Byw3?=KL;C2Gv~&l1}Xwgslxto0XEPJ=vM}ICI7a-qpvxk__~XpjDGT zor>WQY_`^juD)F14vfuE@Aq;2^t_|W8X`kaC(6q<+^uk z*wIZ6c;1)?h~fv&CLYvUUyu$|uvmU0tnrZ6JC#YyZvBEgnvIW0p>lT`4|@O;9hLbz z<@^W6odfYemwk)bJFqM7JLaHpf?U$XMqjPPJ!4(~Mv}j*|US`Vi`*=*>@uM*%Z)kKB9o|GPF6rSd{<5@X zQ0BZ9paVUhuQnVk;d~RXRk7EMy`KU0%Si5vowAgX4b7uh7H77HS|CG%T2Zxl=-S)k zX)1IqxhE@QlYG5N@`V>Uh&X}UvsVHZ_pL$UrAS6K*(z_LC5G77yZDw{Ti*FUr_9Y)xC)7@FaU zmwVk0+k2LMLIR56o{(7CXYsBwTTo9|FW`-b9P_@Qb57WDL+qgy3;3sZdyL5#$Fv2`cV zE_E-6N0z1i25MM=huSZIrp_UC&H?)^50P%evWL4`&iw{bRtFPDDC*zgdx$o3!e`hfs|jez1K?s1g=J^Gq(9E+FW8BW&qCDM3bfYm# zB>D{2vmG~2I4L_d-XJ_G6^GZp7NobT(^#iyR+m6FL z`d9qn&4->%y;1%81U4TU5z%M;TA>qGcvnplJVTvpK&|aj>py?@3(o^%h!arW^jN&UvVtn zOOr)M9cC~H+-nuj4*@9d2Ti~8aA-haLHe_ZL6<@Y?NK}IY;?th?!Gj)WYosD|w@l&)Nz@;1~ z^zu?+#{jRQhHB+UtPkDXmN3NLcSJKFu8?m)&I4rUm4UT;47+e6e3-_*Wv$v0-1=u_ ze#Dm~L=McM^`jR9v~j;kS|6v{{UH@v$TUBqf9VsvF+bh+uBhJotXvxA2f@q}+>NqY z-jYQ8!|x`G#}}{5?SS+1T!l83R%_#ZpI)eauW$FYDAd=uyqJ&Kgh9{$*h{jl#&B5b zy9{T|*2nGvUEVB;pa2MC&7^RbH~gC~`|XvH0`2?Q?`g0tuYQc?Cs+H!PgW|U{n47V zgj1Y2dxTq*ou%uGbbiOdr(f5q1`Fs=s*qG@4&LY@Y?&OWqX@w%Lb3XK10ks{A(_z^ z!!Z%aW3Vo_hPtyuiVs4zS<= zz+L`nB?&N#J3O++U5UTu2~U1fqD8$01(L`6c=`%3l04h_kp?qmgUJ}$y=iS!>lHpq zJWPZ`I8qnyDRd^;;2X7=Ma_d&clIrk1eg#&TO$qCo6}4}OcK_FOWw!k`z${tnTDC%|CioO@ z*7gh!v5Eu&GfrDDCr?y|4>nJs7fZC2 z%_A03=Q9Id5ROoQK;gNXerm4{5K}F^3wD;57yq=*>crX)`Hjz?Vfk=RHZL%jdykfg zqsp(3qHaZIu{C2RB}L61Wk#+pxv-L_lA)&lik(X0XCTbW)of^a-eW z2+!Z(Ugl3Dxz))Rz>jKHDf4bc#)an6J+4T;loidSvr)r|ov+%XYcCh8bx76NWSt|& zq~FmIl9%~5F0gcgDZ%$*zfIXa+?h7g5nNIoS2~83{%K`Gv|EJKDbDU4 zlJ$jZ@9i0Hjnf^Vp#SdnIIXx{4tY8*>mp>qi$@dLJ~+J|!yp+euEf&-gGi2_qXp{F zO1Yk=k&EObMQ`%HUro@mmI)YatgnGp&f{t0l6_N~!)fNq1>6bEf4!D{uqLxA(-)Pd zW_qBTCuPBp@kzmSjN@Wzn*qG_&8KHwYqQdSg^>#o(K38_A=A$lDyMvGSo{kz7Jo_r z=f~u8ucxZRx@F8cbN_(mnc;bR#B+PM8}b2LjA6QcLulKjz7&`O@UJh?dHArHLh;GV z(bHn_XVG}vcsj#2BG`U$QFW`yAuuhT-==?tTbRr@)GGTF~k3jGW-iHPmE1ACm~9*%hnFrFKF-eZJ*A@k$$3YR>_8}U+0 z&a3xKy7<|^dHaaEp1_mv=OzDAyk(L%j(mifeJdW<@TOTd4!z2#*eQ#7kFUkP*r}qV zzBBm1og_$3mJgUE(R^s_*{eD0hf~bfbgOzj`FrS&tUM7?`1T=_1ACl#oQmkI&r$9{{{)EPJ6vuXS6-)X}b7|v*6w_25__g+#s%W{$~ zL3;qf;3uWt8%8`V_68wz;NS7SFNm(MA&TXHw%z*Sz!1BXVnpYWbuj$?bQph)-aR*R zJDjgQkza69@`jO;P}xmCDNh3G(}VoGuYr5l)B{`zvquQ|1|XfUs6>y?CyvMDPoDt? zZQ&F>)OBNi*+e|`3%5b%0gD|m>6ICm4i15hoeLRb#sIncLVgd)IeNkvA{9*X$5ZFn z-8CPC)V>NYltb^|wd)HQ(tccvUhoTp%Y*)HZOLvmBB-K*wg#lFuMX^N8Dsgp<#h2A z0{V*PWoi{>lwVxNUl@rD^Wyp}UPqa2!SlnFc%SKXKM(NLDeUb*|1Q|+q{%X+Z=O6% zwuI^HOWGGg{Kz(c5XNGpTM$Q2LjOsF;9}BL1bndbDCPZ$2xGPBbS^L6VpaI<^)C#l zNgsl(IPpo_P{xMixYPKG6k!wFSF-�Q$m+%cbW>>CE4LMI{h!Miwojp=q}grfdo zJf2$ZJp~{$KrQ%&-r+{%y?x;JDk1uqzNPhs0MqEfm zL@^n4FOd1UlT#jq{;_yg1Lh;_7$X7~GuVD7=_*G~rAR?{5N|a^61jJoi|lTBujfJw z`Z(|38-8U#638f*)mTk*PjjIHtD6;5I>oB+;8PeG9@l;4lyPjdc32| zERoh+TSid(5**q!t$B~8_Xp?VgDZ$g+8&a@e0^H4YL{scDWkbd{R*=>%b-6HhvnqE ztNG2VWj5vkXAEhC@)$sW$Dzum`94*0gvCW2@5s;jUUK5ynxX{&cLOgvz)zN^?5vlhb5+a z)|qyn&N?mdGMQl82i#>q)AZSAGP_HMmL|-4OET7n`uE6Fnco6%U!nBfQlwhazh8BG zvA635Mx4G(8!$iG*Dw(ke-?&Rb$HUVPjC$6vOJPY8@J-`9^U{AFaKdn&2 zM5JfJU=9a82I8-sk6LYcDIVX|ReGI^h})V#se9-*lC|}@&LPH;pXbQ+OJx?9z#KEb z_We%)1?mswwaE|h#krjPL>4cQGfM8)O!%0Bgkw%W{2KTL1Rq*if9_8c^9{F=1AUlXB-S(aU0T#tQEAykN zM)Ez-S&4%V#k8#NTy@~_eZn#ObB~`>2UkJPmOzjfnY==FExDg@3ddtOuzMu;iGK^3 zsPntYejJSjQPP4nqTgP0#%ToRmb&Nf!S13j{Y`0@nZmX~_aMWA>VNi)>;^KvF%OmVT&?q;CocCr3wpb! z6filQLW=yXf~N8QE!pATqNljjo-o)6$ zf2=v@7EA?iYOS^h>Jj|aj2{eifIl@FVPnMKi?Oei4GIDFZ@+H}z{>sBJdGpNfP zkzGb?a65jWcXfo4-VvCC?9EQba)MoL?>;^>k4ri}JQ~0)#djL{$lrYuoO3bw>4$wL z<7dch44_cIe|CGd#~VjOyx&AOe*JRZsh$dwKD#ufFgOTk3VSRL0r!#`c`sJkhgf$~ z9k@k*Vsz$HSnwb_&f|qgF8@h3o`H4%w9RnE)%6S&{AP>do2junqxI)Ub&*9rKc%%z z;{HlN{@4oiE4juWY&jL7_PVyA&%Vs6ePmfg1X5PUDF43eiQK)lXLtvtTW$ zU;}S*aPg>u3zL4j)D~?Ib#PWlnBlIju=ZP;5`zLCl3g)KNKO!EbvsZbLwg*^7o5d= zD3#;yiOT=AY(uFm`KLnaNDK=zFQ=33l^1Zk{6U1(J+pt-qsu(8XFN@Ld(g!pbD0KD z$(-&=enZ$7DHR1=eA~b7-!m0nPpHA{cfK;9VsVl43~u+-cj9!=qYmVqE{cvl>_tUs zfA((u4?1vP_RE}ZH-TK9H8l-7*#O9aBXVVKuFJ<*UtkC{Nl?)+{T)n7;rjbr_93?Nkd)#ax}Q}6sM zUn9$P>$D#zK$2(m)@?DdGGTJ_&sZ{ZA&Z7a_pT)+B>8|))guC1cLj~W!H~JUw%<6vi;KEg*|W^pND~>&>CFR z(z%X}zY-C!TY}p02PM7T=uFQx`1C#wss58K)iE3nL=;A9s}JSeb_aL3=NxNyZ=(oP zu+7QmRMTM&ZY?&858e!ujV^V%@n;2fM%MSQAD*o$rM|tdFMO87NZ2yix)y0}HGfeR z6$|eFy@7Z^zTSuL2gK8;J_jhk$?l2$!V*D%reg*}5|hso@BDmBwA)4lKI{hgz`o6J zM}Q66xPR+U*$BZ|UEdK@4v&e)K0(U=YS$}>`WXMb`x$32vhg?as{+f#_Gwd3osFZWWo*pKi5y-a{~_%ucHr_m%Oi|kXlS!`$ctK&Ooz=#9Qha za%BSfD-2HR$o%?iz`6C0_O{&0}z!-06*IzQy0xga3b6eaelZrV#))L z>9azRi!A|l(4vB*92j$;ZcW_Z!||(neGZ;XGrxkp6cBQ0%58Dc8I9rYjh=m35I|K> zPf!GCp0Asfi+Z-l0EJ(=jF(MTM3oUtk*1q66Q2%VI&a+T&ht>6AB5yUau@0tHc*_h zgV*pSb1)-qurXWv`@wmHl|)wuNk_L;kJ`w#ys6-5NAELeUpDIMo&muR)bkBmG7EdI z$YfxuSfobsTF-8^njE0V+=+ePLA*nZTb`a5z)SaV`LSoWIUiOD98O!msj2p?Zcg^> z(E(Y}3=>Z%i&<&&E5AW6mJXXH!=iT(J zdI*y8)?qpkC&G`v*YK(lf+0 zA9~7uj)rxF^U;OdC;3{DY^H^X0i@BiTdi#TNlm5(ujTqfAsst(M&DvBlva`p#xKZn zp>XcLyHwl$VBKR#J*yUM)9~8Nox`=sRI+S0v9)dTbbW2yr7d96{K3vWat%FUxB7;9 z-n*%@C$23{vbA+t4)#61F@Fy$Z2blrE1vkRl8{fBcL7-q?yr;m2pY)=PVnGOo1y%C zrPrfK-;khyp9d{-YZ{Ar>4%SN^kgAV(S%=N5ia}V$6Lurs(Nw#Zq3^}>fd7hn#)~z z0nbg{OUYFGbh~eiY`R#Og;Z|)=lTdQw`aSBh5usqHE06We{By^a^%(Gxj*e8VBYJ9COLzO_>M&-T_DZ}Lx6p#S#b8-wh;W^%#t4gSt#BV;{&A9 zs9)f^carU=3~ihJSo&J(InL%QZ9N5ER)6^woXh9)4F@kgh0^lv5CRJ;*DMMIhT(aw zl;wQU_22TdYPL-7C`oD6*?=S%v#;xEzX|i3H04@YCM*rTS@b8Cs51 z9uri4+1DI0Kkc{R?|#oRya}E%%4|ZSf^)tVVs3`X3w;&{b%9n-h#%f})zKKW!A$or zkd~do$;>j^BfUvO<|z;60(p@o5m&;cfMfgKpB5jCucMCql)CF(%tI5XP4`cs=~Hxt zJj_c8JZMVu6Wt}tWsU0lw}`PH2sY1_lL3bK@F8O%VD#6%_1SNPko!>o=n;Z+Apo@| zGjXAZk%Z2QdA8J+em!4;&ckAFkGJ{51MEsD2d837m*|^;2Mf;_Gu4$Nw-#;Bk{AK$ z0A&D(p*Z!ueT8UA&c;U@RzhOkcaWV?jh7?}l9D_ZSvY!6O=vUBJfHOe z{tW<-_6osaACK=-_}2+3Pxr^s-S^4qqp;>2CBf^&b0E#v3%BnI`wdNj9GE;flz+Fx zkS@5)b)WBNMUI}F4FN3!ZtiVXh}}|{{U1}0Yi2BWrBjR>-2p&t{R!p$e3%BXPuZIo zwiEBMAf8&WV485^?y!q|o*rq?XaMC5@DKxyt9l!1Bhita(aB^$%~Yj|DFh-faN%M# zOOI9-J(pCDD{yt}aZ*F*EbljY<#kgVQu*^Di1;=` z7R8c=#pLMB$M36Sqm;e*=)av7QZq;C!HnVfAv-O(Uo1SVv>rwD6-Hl%$8Dk}yWd}| zhq@LG8wp&ANxwF~=QcM!BwRO&c= zU6?Ocf{A)1xcfv8a`V8wHAa!neeVqny!W_G7Du_Dn3RoywX#&AVdJW+AINLoY#bSf z!%op3)?RzSsh3+xDyl!`+rd#3jJZEV7{OP>iU^KaTyJ;IF92#fVDe3S8W!2iRA6JSc*|bEc4PTO( zdL;^lx1qnpiEv7Cg-<=I*-kAI_NA5&g(oY=!wy7ZcBqKN|I~OG+^j61bom4QoGEkN zKH~WDhn-s3V5N72%zVzc9JFzhZZ50wUDD2Ze*E;uYdW9iKJ9<>Wx_xUv`nW_T#emn zdH{f--M9TzhbvTotldy3*vI-y--lb%2>UPxtwx&)AKgB;C*6AHGl{REq3||##y;BP z+J67$38kf?++IEcu|Ulb0yk&oRNjN$oB?M*&4oYI>C4wjb&aueIhPkk>x}x$iLj!0+(? zdEL+W~||S*gv~HZI?&F^fFy)u&V%lGfnsl_2@$sWlk`7*YshfOJfQRE$^dtH9 zdS~d%Jec^+X0fNdV13KtxAU{4_way&u(z(ok4f=?8Mv)7r!&u`JYQC|s|fvd(L+JH zza90kmZ1fUHH%d-OQh_(ysJI6lTs5tT`6nA@9%PlFXgI`B?2|cvvvsu`Q6i8nJoJx zT(hQePY=$qgUk4t-#2#rz8GVE6NMMNk>Ms6IM&Qq3%VCLM&wWEMC=N51_S{beJqGKfpY7Yq>dA)A5q@ok z(1q~I{i&xsFltV>^X&*poqc6|kE$%_a8*296nT~~Anflm(vE!~Ux}%9=udi=6si~x z1;GMiMJUwZJe}rx(4-WKcLXsKG9N@Zf)r@~^&syDzq7m!Z-Hgl!Td3&56~EXENTPs zmGlWL5cFrgvBsVM+Wh@6E=Wj`aP$tO1$W^oHuTn$-LAz=Fq-A7JZe4`UbBQ=@WpRbHiVahsOw|Y;#n0>_h4fbKRo8DKCaZi%FSA6Mx&3wPA2z{zb zD>?9Q$b`M8-(XE!%Q=n|B{_u^x#R*+UvcQIG3u(w@6shj&3&j7sfEKoB89nE?|`2Uy>73pGx#n>vu|X zy(FInnmp48XC+>T6#HOIPyWjG#*Al&vPjU%})q5L_i2(MX`WEsGQz3}f?=kTE? zwBC-8KsrVaQ%kiq%QwjI)~{q8KFRY*Uz0sy<^9SO$wWHM^S%JnOMb9##Ih8y)IML( z6HDvf(w;tp+KuLpHBS;aH}I_i%EBT{dA7I@OKKXauTkwi$-;l zR0hsc)?hlEHZLIUKSdELxHfO-+Q(1L;Elvxx_vBTxq<+!Yru9{EO#Fiiy0|6R53NQ zDdFc7%nHN=acu5^X`f)?3rd&_$?MbQrN;sSM<*e0aJM*^UwVK7iOh*xIfT|}9~Zux zeHCJ<&pyc=cVeD8k}b3z?!iGjU2G~nze?{Re=&W8%cWf^lGxq1Q7p{l!WTy3@j)L{ zJEFaG$<(M)L3F=zv;J!zkJ~!mUErG8;p2zp$;;!m{#v!;Uk>tHXR=i-|L9au*Qc(k z)#pxIB=$jm0=XV4JS{5azOwI25(12BT!T9-;-noLAsnY^zx=Koo;3C&uwiY$Dv2WE z9PM+qd|%(6gwC;9y6GWdw};$nm$`MDQEwnJ4kK~^cgwcJWPWHoPQv9*-v$zlj0PVn z%uu=&QDn#*=^>o48m9Mv1Y_Y%V3m;eot7}~8ZliC%s1xw`CO$msaDlKf10DRkD_p3 zly0ISKZkU7ull8+T3^cK6#fo6oivmQ)euP4(lD8hbnO2&lVs+Jl(MTv4Nx~DPyGw{ z4|g{{mMVzoa9{k-OTET;sDvC3Gcoj{wgpCh;28V<#&5Bb#I$+PP^MOJ&|;q&Cpqot zI?2U9w5Kt^{ojMJPr_jtDYaH`cq|0c&H z%$;UPR;lJXnJ@blq&6f=v2g#n{@tms{wIk4y^-{Hh0}ODld0~j+2c;qH7f698{D!J zsPF5$2Ps)=t0b~3T{W@7K@{;u5VOADZSuxa>o0^Z(ft}t#?>MUlmcv4x+!-T9%mw@ z1G!LLxUeeM452r2ahzddWM|%K^AadDXZ^}men4CZ@=iqT;r*yTN&G3RPxN{pB_SsDBas)y!G4^|3p4xf%zKyEpnCE_6iuyr;6-ee-YdNJaZc8g(%kuOzRLZ(Z zzC%I86ZI93v;iL4om?fvAcE*s0IsvlKA+0s_UnTEMpABehryS}MNI{6Y5K8ST!J)B z&z&>_6FCWj>tFK8ghQ#p1E96MlA_rjD8sTucVIc$>=@in60$9yiQ_AOF^T3_Xftb* zXky*jEvfc1h1KB+1Gi=`A(4;CqAAp46tTLSC-+bI|EZdg3)8(_*Dkhsy>Z3Q~-}as_v^demD!j3h1&ugCn$m`zD%$ zAGn|jl=Sf1LoI%-LhUv8Wsz##W1GMyj$Xsy#jT0C76T!WluqSy z1(Op>;4hG~YJ`xGxhH0w09mao>d(oQ0g~*)Ba7sXv@X^v6YB(;IGoQAlw<_5@QYdy z1@EZw-PdUT_0#w3@P`3BjAU!tT-l=;4snduxdpGu zW^)Qy#Nrn<(kKaMP1gfny`FWSuYS+*uAvUcBnKf%xvtRV7WVNGYU4zGT_4aH-*6uE zYKH6WGebuU9z%K8Wvl-BmV{sZVRN7@QPx<)FZGoW4|8U{9G3pv5668uISuDug#T{f zDi@1Skk1EAmeb?T*BWWf6S3MS^Q9MBgM$*%v%-odT>os_8y+~xyRt?^9P4~LT~v<= zNhGO|Tc)de|H4M}dKh}(O@HcBP*hPA<XyIqSU`3W?`qNvp^ps@c7GwV{{CJF4TZ zvw|}cGGQQ0Sa6(M-B*+!T3y?9v8`@6JzEIBZ8UK!C6XArs-{IsGiT>Jc>8q9q|=u? z!^=AG7xg(ze2j*3a2o%xF>`bv**tA7Fi|b|1DpR|kVIICB{Up46q@w-$lJp^S2iwF zf6MVlnzhNkcpZAXGjuWv1-{+kcYqCM+##Q1ch8^{(Vu__ZjqdnM0e^a;5T2yjFC$eNE=9TBomty; zrnIx*(-}#JZZo#QV4k@^*fP$cqOSYaxP!*m*$9yfh&hs;lkX82N~fr^mUlKG=b^CI zcru{X(Ch3)WR^Xc9tsIQ$ilTrrBj_9yMzqy`K@~XY=4c5#{4rCP%;*wzwEA&hxNUv z78W@aVITHN{dfINKIk*mZO`4Ij#7T~-n$TV*^~X%Q!fjwpJ&b3VOwvwsSNu<|9E;n z&=k(Ao;pNR!mE^dw}KkaBo4=C3eiHB@Y#JW<;QM>^)sqmXhkPwQ+l5sXo$A>mSlyV z6Qq={d2-ePWUa;Q#=dhh1X>EfR)lK;2eSO4{#vuYe=l_W9QS|*>8)}5i>PNyHY1hS zY2m!>vk+B7Rus`1yc&zWoG%1OvC=X`w^vg#6~3f=FbvGG?STz}pc zu?lw=UKonzer~rS+-!e_A^Tf@JH@o6wlxBP_w^c8M>xE8&Gr6%8GQP=^H!h{9m|+| z+M~6$SflxqD-}(O(bf2ztL@5@qCV_)GU&bPipY&n@fz8XoNnm*U9Qc&WKm=* zQGfW_zpE$WBp>Dgt&C_wO25l8iOf9(7~}*BdmGZ z>eVcjI2#0C9z31p-!HH#R_tSvbe+~Nbj2G4f{&Q+^pY@e3OPcq`Lko_>Cq6Da@rVj zqCn+4^|opAQurC$2W0=1x7MB>b_SvK3?X+8zx%oQyar61#4=jydx#BEZSgr`9G`1> z;$}fyAQ_wp#)>9v`{M&Zd_8ig^wC{O&>@4&1x##{K zqY9HtQHQ#b&X4AOtGqO6e;K7FRvM5|QGeZcqy_ISi4 zHh5G2k~^2_!w;olRLoW2dB%}sjf$ujh3m`5KGp-eQgXUJQ~1?YeNhlpwLX5u1||T@ z=%-eLvWAYP-y}JF`hc3f9A#&9F2>%=2|Feli z?UcWZm}9FVy?Ry%{#=jbZsm8HM%h(j3|s)%H%d9Jb-Nb}kUc#~UKs-|`Wg1wtzWN- zw%;QfvG^fg^qC?w%GUOL0b#$2ogFhIaGnSu0&fZzCkDQ+p&VsOE;kpASgB*iy?(aA zzCeuUF9S1rr|7(GAo$LVR3n zTIfGv27|5%&esRK8^BhQSB#AHS^sL2T5M!#)03?xVIYB z6MhS6v@~$ujID{KB|!H%TJX(uZy6w{u573JyKmgmXyAS?Y4T8fLh0a-yXIILr$2_? z2sN|4pwoEf1QVchaQ`GE?+x&dbiOkls4BX@FPi3w_`>T>4fk!l{DzBTtk|UY|rT~fj`L4qgaol$-ZmObO%kxbVUj=l3-lc8OIR|Yqs zprCkodY$+aswTA5qbkGB%Y%@N##(}OWcpFQDbu~(YadO{3wFduYQn%(abF$N=rt+> zmd5KG=P3{G$S_?TIy&cb1yCE&A)80U51XfIVzxq1`K8~g*cB;4R`e?%aq#|=?Uncdu;ym!uTLyXn7#!y))`hNE`W(=azOTW9fA*0K$k*TrP zz1AEtzn{xbw>i4IRnmh)U}!vVO2Xy2OcI~bHb_|7KYN@zXra!h*gx0r$?X55_t9TG z#NGM&GJB71KJa4g1Bucz%;PG$*wr6zV*k86W#@z3ntXSe3P_)sEK+O^`@Az;e57Lc zREw~&EyiBiL=xWl=1S$;9dd0yGeJ@vS(0@OlgXXkxivtZzf`%Qkxv3pQMhZk)Ag7j zQ6Lwg2YD05ceov|rrbBjA6IVRuaM73>&8z}Mzn{*d%VcqSKJ2$D?SQ9q9=^x8 zYSKZdkC9)*NZ8rEYFAUdENmqfowCwgvhFdku#k-f5;ROTv6AmW7sdx26vt1G3R;@F2eZApOVoIgiJs}bRsjv&=X-)QX>LwTEPLVg933NiNeN7~^)xO(R8dH?b z*KK(_g*zEh*L0hw22bo)Eh+FwE~HueJ*3E$BopAte~u=4pIXroVfVoKcUC>~J}Yr2 zHVxinZ9<7H@iqq{6mj}?4l=6h>egfE#P|EH3E%Q7MHfPX2%C~=N%YnOj+)jUwCr4F zr^ydkPlq4_+6{gNdm+&Xs#4c?UPRn)xjaLZbRHmFm*x_>HzW9=`CmXi;Zt}%Qa4xkMeN^ z7lJfi$OiHDgLKlmzqIa6ky)CYn04QH1^Q>ck&OSA`)o*RFMl|fT1FHiMk=XDvLdbN z_Q-you@~N+>>aDmnrm;$3(*94I=8$L%|$7v`yIUQk1Lg6r-!HcqqF0>>+*#&9O>*0h_UMcI8)X zk#E;B`*f5a{NRQruz+363$dVD6G(XQHGQ827SX{&My#22`{AA`c~hVJKD{tsAnbht zm9F=Rx(|hIssAACh506z)K7YS$@wl@o(J_9pXu5Xk(0CZ{pQX>s19!xu!mZJMU1_f^5tntbV4C*aT-DD= z&ZzFffny&R3#Il&GK`zY=O&tvU7!{NB4Lh^HxdrY~{wf^8Rft+FU zl^M>FuI@{ny16GKrBt(g8z?iY-`H|g*DnC}hy?CGuS#~&I?&sU-(OkkOwzc?0@w|) zSL?_AL>Q|ViML0kqK?%~{Xu^*5QCn&_&&9dXfp#_ZYJKABN71h;bOsS85@?c0PT22 zQpIme?yQ@sPp8|nH;^~wh~Ep7s~&qC2I`H$ujs1B;px7EpL4x;GQS0ks;mxD8L#sq ztK4e}y8tQJPlxFAv^H5DqiS+p_+6AHEbnJ>ob7Y;y8~2p(qBFitX5(SzqCnl1tJC+ zt{qg{(j#7}I|^sg{&2zr-dORo;^)L^xF>uRirY~$9Ko1WgP-KEShLWTJu$1NRC^l; z97Jx!enlg%z=k1}h$@6>h)6h4^XF=yMiZtC%@B0Oukj1Q!m=myRmhmqX~zB1lX?1m z!}It1bbJvAi)Na&^re7i9Eko3>6@AF$I|54n^}qH@3>qW{s9O{5Qv&RgaW62Z4=`$ z>_lZ``#$JMNxS^0>)~LnFLn7aInw{I=JKl1j|%bB=R1!?3U2vqjT+z^Nt45m_-b9g z>ATQM>R`;ZcQ5$y^7)?h%Nrc<%V~L})^aK}_xfrF>v~{32j!%k zZvL1Wad0=%;pPtlQEk(2+13{HLWveYNl9_( z;<1%aHO``~AIPu1XJvg<`NU2vUN&>rss?yYc@}7c(yyC&iP5yAOoVM3>Vrk@?PzggElhh8w*s!ZYD+;x>D9~A#s%c0T}t$K z^6ew?o;H}T_mJZS(U*vIMv!LuHD56%Q;F3-S?b)*>y2H%Wb;n!)V>#ohf$F3@4c zv1SQu$5;z`CHMJt#b75ca{RBakxw{-PgqE^gd{0BL-2zVcqmzGD#K#Qo$5RZ`7Q6OyJZ|6T z(YIm0oeqyTIXr`>hD;FpbJug=pXLhSk?*GI$#;LduTrjDni4Qv=Kde6R+Ub_wcsL? z_5vBOwYeCWwi3$gdCNG10$@gePi$~(S-q@nY_G(nFx*aOHSgX{w;zlSNi~Z$w#1!M zR`LFPIY|5^*k=`f&H-vtur;3*R5}+NFfOtS=VE+spDQS=*%oCQ?oa{y#r)kkSv;~6 z^;9`H53yJ8Jl04xb}jr&|DAnDy`gUi!NB3X-!&+!WxZ|-WOSVN2$|7EbZ&4w*BJY{ zOxm`jkCktUr`}@T(XVx9^es0P;nB^u1Wmlf(Ko-g?0u)#$?| zwAu{1z`lrQqmr$6Z|VSV3-|mQcgTWZoa?1AH4N_eXQ(^KPOB6+yTJe})wTQ?w z?olRihw?!6#0PH^_xbqrQp*;aeh^{VgbB=;2`Z3T^3H+qwY+XZnU~9<@qgHOnZGR( zN1urJP=^rLwjlC*SwQpF)9B;Sw!XHZvHPk}q}!-rp5hwEHx>dyZH=%E;N8SfV!s$!s-5k^{mh>Uggog z_!B-t?U_Q@uo+=)562}4U+C)cCJ6mDMwKe6wy;QEypRW-JJpw~!!<}#?wZ01MBqAJ z&N?G$gX5UocW^~W)Vxn(>P>Z^9ksBk{rFJnWVPYE_uAkT=I0xQFpoUNZ1Pd={H?}F zyWfH9m$k2Zm7M!Of>v&Rf^DRwdhp-B^SK1%{WaOcnE;cayt$ctx?LgWt(|*_Jd2UeLX?H?GXDM*LXTq=4J~h_(15G&JT4%vg>bNi#zT?fo@GM3B?R$A|@G6=6c*j zg1Qgx<8TPTT$vGjx$UC^oEW?+wH(4G`_5BnLfF_> zfAs*8Umg$6boR@IrM|~W4z_WcP13RifVCDB{YXQfey8_J4y}B9 zWDWCv#L|XLy<$2bVCdbPHUE=~i_U^EtSs#!eFeYg&EIr52f?|e7VUI_kruYE`L_oi zNf)ts3B2>m_Q^|($O{}pp!RP%(Y+?lI_f~5TlNnTSxC*a5aa5sXxFA%jY#6b%b7VS zDOi_Xirn=c(jNv3ky88d!yl3@;Fe@HLUOhqUzaj;w#fDb;MxAL zU!JJ^)m(1~xjwU(a!93VaE$qSe;9elXX}Nm`CSh!ooVlmcxg`pIbgya$kfj(Qjzyl zK{J-j5n~>m1oKg|(nK~P*C9QxU+a^8meD@ptu?Wt(|yeLvhB_9YhE!h4F}O|-n&80 zbx7?k?eA&ZvM;Z}sJ#|nh767m;vwi0hDzacJ8(uxbIHa>BFmIymEd+n5 zvTv45d~o7t+>MeIDxa_K!OY>Ct3t!FvU1n5uH!yAgkzjYkt$}Nh8yc8@rPG>f$6BX z?d^vk%;#Z*sqNIRBA+noEZ^zsNlF_3eWDyJ86HzJ>F%{)&VJdGaNQR+K4yV?y78Y& z_VY#hIm-&G1sNT^yF^egC#`Z(Zx7gsd%>r1s+Q7pGYJU-$TACiM{s{ICq9~>RRQ$d zV1SN%`Pr-SCVBhlUOrw!Hub0!g$9RR@W(kP(Z|S;&nS*c5jo%SFrEm`q0ZP2@{l|m z;%Vr@9aycC^dk503Rh5c-AIr#nOq+ffGK5Pj zLy}EUtNnib4fY7bJI`Zt#0LTvn&Grt$E6Cb($igf zk!x3|mfr~C2TaG8Sk6ONCP8UyA&QwtC&fu=e5le8G?W{H)i1)biOLi9czdav zP4n6#uEr6TybHOimg@6EdCD(so+Wb{YeAQd4<}Q>3<~^FJZ`HkhjhB%m;F!GoJnL) z`^6guP+CYUfVk+DUXVo?nwbB3y8>{&%s}-tb(L-&_c2`>q;n;xoP^s3nzS6XSgJ~` z;ntV3Cut~h)>R81XC`^ek!Nu3$(WEOE*8Y+_i6jkx}JV~zO#6gNIgW}A+8MC zVjB-OLV0yxLgfUhXU55mi*$|OFI&v}P)^;aGh&QNHL&^Sx;R5l@3WjOD(SP$4kw*qDq!y5?=uz~OC=)X_~;f}*=KB1+^#RDnAS-zw#*74$>gyFh`p z2FwYVX(~t$&`dgQ3U}qLvw6_2-yW{--x+2rD)?b@4WDFAVT`h4OvMq}!fxDQM+B#1fHDetqSVr8|{Gl3(lL)3;R-2EYXWgqB>q z7||ObvPiSIk3-d!P91HHZH?wS-*q#pSrU)4>!B z(hGKwXQy@tnFU(&yqDaV?ftc+ZZ5m|4InmnO`zG!%lFO5-?y;r2dod>Tu{Z0DhKj{ zK~<19$AbjlVe`dW6)SaRPMX7`_)UNcJ7{SNKNWTr+wyu3THd7&qM&0k|EWoURUOI? zXM5iA8_?1^U<7!}JG|sFM20J(!e28IDjjx95SQ5OBb-YV!HvjhcEGH@rDolV81?y= z(V(QH+8v zh~(_by_R7gIA2Mq)5kj`%tb9>Oa-;&T{Mueu}94%^(Vy8T5HxmFQdmLb#oRqR~93S zcO~l|e^smN_>sq3LA)vAH{I?Ju6%s&po;`-5l8h}rwC7d`#g(p@H9eB?ylCJtTya2 z7=S4hMi!rwzv3CCu)_t_m(UxUJ#~eyqeh@(&Gi)9{xIH*UnJtTXF}%57OgKIdq^T4+}!XLX9c*JL zw9kk=)xXgggQ6!0DrX-aT95u`LNF z9zBKq1*o1+c3-Hwr7p$eBmy-Z#vLAFfVzVJDJ4(&Z|zjx%9n>1)0R&tqkkc|1$km5 zY$R%CvoHmMzuJ3eS0w?e@!?MAcjcX!Fd?wleHDtUPf%ucSW*}^FU<8R+);r^p4%Gx z4R~e%x3lys%$gS?eRwH+2?*#QD(|G$2XwrJ34U)*l2W9uyy=b!-PEJ=`V$~X!IZlU z)J5)S?KgMLH3fJ7PCnKpkV9~LF;P$Xe7Fv|Q&IMGF>Z&XTz=l;el(+Q>kfns`|t^m zqr8u1BVG}V+Q&XZVN24SJ^L1tnOR@G0tv(i>JdLXhciE6qTJz-Wlb8Z=lbzF{C-Gv z2YGQxO67g-0Li=a)di(^I92-y%|G~n_B@21?*)ie(TqG_{onO&y;RJ_?RPmLQ1v?< zFXW0qh)rP+I-89Z>}cz#cQZxm@&Io*{YZ`t5VUn=qvJrK+lt1U7(pq8e}TU6c;+N?Sv-mJ^Hx+# z&Dl^0pTEkyVaL3o=$qVQlSr!SmsWgqhez>49m09U=RMEv)D*gKb7X9m!PZDuXIXJ$UOa!2e(C_H{(f#x*4x}OtP_hp1fwPeb5 zBmo-06Nfj3J}J5gewqOseEXoeo}rzW$n*WYf%Gir5lS2B#wL`|2~9!Y(T|GR|G4i5m!c&4cASy~%S;+G^nIZi~%%vPj}IPTaydoeuIt z?*JAQ+8o58HQW=8Ezw1cDc@q@iu&R@rQW7|2wuY{Mu@aM^uMmAeruxit9*6kkew1WquSuN4>^_Owvo|l7wgt7 zZM_b**!*sY_%vngZQ=p=6PJ1Z^*|uzC@%6IuI;?R0}J?bb)v@B`eF^NdBlbHYv(Z5 zSW8=qqi!LoRr|H0KLvHMt(z%UIv1U8%oHk;TIADJ0OG8CsaUq2X7U%-t&z?bahc@3 znOGh*o)BmV0Gela6Akh0M}46@vNQEsg#!<6Ao7DK<2|_^dh*_T2yc!6XDs;z=8xVEx%xWgKpwV z)EXrWh7nv(;S~PVD7(r0G^UA!Ay+bzy=s9KHn5Qg=re8EyQ<->P;F#|H1KNWksfyMpEkMhk@BW?W!kS<|$+RXCvO}IdQ(k_A z2t?&a|MB{xFMn=Nlk`xI z9mWwJk8-e_B@d5h5>ZV|C(gbG63iHJ#>}6@Px@YePj2A2hs{yfYi1pTn*Z{vLvYKP zyR1CPp#w{MXscCXd$r5+IW*`<9;T}Vc*i6DzcZK=<=OeWsM%|SOqa^|fJ~~LLL$Gh zUp^&g$6Ta(uMQ&XGnRt{&$vf_Ay!`#~FPi}`tfn*x?L)6DPs`Y5g^ zq!iJ%1KcgWl&_7*Qgg4~_9yg(1SV*cV!vl8`a5iVh0Bgu$;YfE}U&C#Z=^7+jR(Bo zul1B)PUv~yCu+gw_wK3}wj(eofKTz`Y*tU2><1+G?t=#Y4EHn&PN$iLHc@)Y@x5f; zi0atK)^-F-leM0dM%HY=xlOL*F{p(U4|~;jcsx&U$|;B|`TO$UD6T7D{+MF{RthDH z6EzIcy;p(*2ds0yvc&enNC?MkdwAXxV_sXd;$V1o=JJPCkcH`0YVk|eOIxkvK2aJ8 zwz#XWMJ>8NBB$~stCAnTU`~BM7ydSyYP>JH4-t=pA)P^~A0xu?^Ku=^XZ|n;b7K2)<^Z3-#cmK>|7+~;Z>bt=-+ij6Qi4mMJx8xCaCj)$}+djLQP%qty>$snynC`z{URv~F zy#|ElZC{@=Am}jd!Bi#(~PK|7X9~|p)QUz)CK_HH@tAT00&w@O9R;Y3#&kTj^~-kaZf9+ z&y*MJakXj%txw{)UtjHDeoJz{X$hb))2IL8)KAwH_a`427%G9Pb!d4bKBc?q^i;l+ zm$HulhEhd3elUTeZ~2aq3Ey)VFh;_C8tkVY;6BejkR9VNjL#EQt_Qu0#Fi zq?}HMyCh9`zvf#OKK9ERP;&mGP@nMA=WEhq8784DmMRfpj2st8r@ctVu6zc{4h^FN zC;?%2*@uyTe+oj|`w`fn{JM*E2tV5Rm*sGd1sVgYFb~B8wqC45BsrHsFlma)QR9RZ z5f+WaOuQE=Pp&Fv5vLS^WMFPNiabB`x26b=^>DT!s2x5!0pbE4WWQhKXGQp4w`XF! z!Q!~@1J6E&;ZHnyB49wx1v`;T*Yc)%_Rh2w=D#<)-#7t6>#W1ZJP4lP5siGidG&2Q zm6a0dqnUoHF1hWaGsCI0XdiiKgsa1#ko+BZcznND4)dEKp?Y}ZdpAfFP26ijkSg!z zcM|yda#N^c*rf) zNUIs*{m%UjfED#PtCz&vM;Ro<}RqQ+PthM6L$d+;T2lKpy z3cY?R+$9UNlhn&2SG~K13l9y0uNL1-wP%V1w^hmcZ0f zjG1AO%zOQeW%D}^V{xH`0v?Bz!)_`c3<+MiiBsmWPf(l2sAAVc7yWmB9RHDJ*%kU^ zvUpVhWGL>*^`$<3^!P^>LyTb($Td(Mmgs$_h?Aq=>59@du zxb~TdrNy(DLj;Fl6n{5iA^X%caaNUc+_K!tupSM7RI{}w;k{jxgCu<$qQUhg@GzXP zi_4G`)0Q90y!(|7~s1YMi2Y`*`(e4VCf89S^P`|1k~>${sY z@lAMD@KT!_00A^6ui(hZsf{ePfuF!9o&+81Nr^d9sc5&|o}<#O4luUoYL z$_llW=3eb25HJ!*m#L7a`U1<~@D*5K5?+i)7&IVK@8Q}@v&tiN_AOW%l*cH)Bv1x8 zS|_7hAb+2=cpHbmzLLRAJz$ReoO;Lo2y%l;Q_BW$uX)>tr*$tUCcX}Lfi1)+%{5IM zfrKi932W=A@!8j-fsl2|2bu)qBNGFP48#nL)aR3eEd62krmyuXx+=RaNUM6Kal>y= zGmmFoq3RB~YpgR7Cgy$UoshAea;weDLO0XIaCC7Bjp8pIZet;Wk*>i|s*o`+#F^Bt zHstZ*RMpfEqmBShgBm|*aPF&9r#Er~H~r#2Ma%7m^r0K)y+0QC*pP|5yVc_k3r2&c zY6mwt-n!|5%Tt;8str*xlr>4HwYC9{cH9Tp?~44Pfa9&q*i@_k?RTU1y07|Kgky*K zL_ZB4z!lZpTYk{@qhBJ)I{Za!;u8Xu?j-qMU6xvi=d zB1wA*B_@u4m2HrLhS4}9#1;WzR~j#IfRh7wP}Uf{�B$R*D8&QF$+Na-F$TkYnl$1%^ zL)#?>MwQd4IVN|)zFs_@fuRr@+aFXi0Hp4NG4Yk8@b<+WE1h4-@cHA=9Qmsvyvkt~ zuWD}zhGwIt5(X)K0+nhWoSLz)rPj#OA;8H8(P}WHGxJ;*R(&uOGHk8*czMu8O~3-% z{A1aFG*=RV!|28Ws0Kd3Zxc|DmQExxxq;rx-RjP;Joc$P4&om?2OlX^zBen$_|hKD zd-J&_8rSC9G|&7z9NYQm(Y$`qlH??HoOwblWm4RXWNr#7;+%f`LO`AL#o&APebi>$+sJ8ttW}>rXt(A*Ocvw-S^Yp{F#eL)~LldJPs}&P8 zxQE$;_vQtmfZ*MeNK@!rgPr2T`)5L%8y4k{$cj(Q{}fHmheLO$*7B9-(uY2{ctPiy zi=@TS2!gy=>B|{zTLo%J2xJYJz(imU{QUxinSTG-Cpr@aleK2`5rt3tN9}Vr6l-I+ zRI7}jBLF&CIe~U$%n4S}^78SHZuIlQAhBu`oPEas*h(pjos$s=ekN~~Zd8EOJe%Va zujPE$Ti*82VyV1$y#!(_!2C_OSe_dXR`lx!xmOzn&9nXG={y7Wf(1zBrBopVQuGG? z_IYfIo3vyt=!4hLdn^ix`Qcgx9%IJoM$Shfi@qIsfZS;>8H%WrHTT8uH+*eeU^6xz z#Br3**i|c-3Os?YvB1)LobIk$oxl1%rGN#B+FZ&p!|TU)k4$Uew6@dyZcfEDj2YfN zc=@-vjK3IS5&{GNG`?g0`R6*&>{u+|bRe;M}}evnmyPL#`;?q!jZ$J*7UmA=vPszawiee1`&T>jx5q3fkYDTU z8uq%9I{s|8F^}wm)x|}rM|5(7#r2C!+H+wT=~o?(|^26C)rvu$=`!sfPe%}U=YmK~4henZ%H;KIG2GJB&{DLQ`Fnxy| z$LdN~Wp1<>%>h$EAMQ>u?{uO3_JrMu-!*DK=BxFwlxmK_>s?>3`!(jDo0U2rVJ|p? zGygyfiB09{4G|4e?2RBL;c~oekMwv5h^#Y-&g!H*N@!P8NuFZbYK7f9J-aDzJK?FDUN=Qi` z(psLE6S*dVHXJ_!d~aY4>4*029$d2>usv{3_hU0U1LV4Le*GLP{bNVY7#@}gAQ_o< z*vFY%SZdRj&1MRHd1a z>x_ab^T(IOA|y&u%4jhkMQv~$&r^(KH^KU;n^B5J;Sf2a!_9;#wop#u&p z*5qfcyYL;5qyBl2$Rdac!`?W*2xaczNj*i>OB~m06rESWWXePqh$g^}l8LmX+ma?} z~e;$fxtFbDTLV$CtHrW9F0!7A zZduML<5Jo>6nAC$qHe|g*AQqiR3WukFGk9T&1sG#y%#;lN6_r23XC-E5DO-HcLUpI*={ra9njxXA9-RC%&-$$|8T7uet9b=)S$sDLq+5H_Ef*4t zZP$8Uqei~Xfw6RH|6DlV^&hGOjWHx)QP#ZU5Wl6B;07s1CJfHsU$n0k|5ci(Nzct! zKB@1GNBJiGjz{i&UHs1!z@jN2T;%f(TlLO@DIcD_8u({W4g;OBxdg zVh?LuB&OfO8J?YH7h!h`f_ScP@1w;l$&srrdgWfJ0G_V&G)k5poBVqqeon{h!SOIr zbH3LtkE8qKr-Wtr&s0j72o1z!xa>2BEXw+=SB)Uvz&0mAWf{aNsTX8oezDMpE&dkV z@6Uk&o?+d%0dXH}dUs6+#2p#S0O5S+Vb%K#GdaZPmwLUrNDeHKZKIDg;5I-TIiL6~ za{vop(ag9oWqMQj_p%_vot_={ar2!%Pk(vTj(EQ(E-%)+i>kqO-kHzNWJJq8g2>v3q2$CAtPhzDU`**@-YY> zJMEd}*H8iPx65t-`aaCymmKQZ6&BkU21ILQiT4Iy!osBPqo@*MN0{w$;u>X~TQtuv?NhIpxeDAAZQHj%aI*p6cd02x3L14| z6CkPN*eo+C#t+UL8*WC3E=~mggy4eW=?ZW$2)6l)r5&nvF?#-ttfT5&vKHgp9^{e% zaO|hyg*M?3q(_%wXbA-)68@s6Zu|qGyM{QkZ~o-@^ZuG&uSf8ap%G(PZW?Dkt|d}( z*TcoC1L%I>Yqa#?dPt#XdI^CzREK#A8F@VX?Dw6@-{{;t-^Dp^lU>r#-0V~itQ41$YdsI*Zpw5b;htB-2T7~Q?nJh>aZwVO z5>RuxCtQqpON1wU24OGEI$}S%kA0%OxmwIF%ct=6`9py|AhAgHo6S5ba=mRW!=Xk$KFzI$Uuy3~8mWCn8lPRdgKP$T~I{nKOYA2%pTwUWD1 zeiF6WEk*)=e?pV=eAO*Nx_-ikQD1s>7%y2FI*f8botbu6+6{C5*1;cza=x9ii-vw}b}0ISPeZTN$pfPLxEctmpfPo>Y_j;lZS?f=&4KX2JPdy8e*W)F9$?wvT4^*6J>_yE4U0) zZU1pE*I~BYbR6g&hS#*`)4|;Y{!A!K$$B8I&a>ie0-{m)DmshLE$9V4HETyDx0mtB4)UzUlydntZ&_ z!i}DqSUmxT^|2|#M%L=}x0j8Oq*xQ(bb}jRP$;Ljv<(j0UA89Ie03JcxtY=1(3{s3 z2f!h&iYD4Ji!tHhdw~Fl*tg4*Tv_R%Rr7p>WZAf#U+6VS+|m=Zz5{in@xlaN0ZYz> zh;xM$gug7S2DBo*(xdhgGUbIIr8T2&QUmmb{$Zi0xlj`-vLSQtpsXRaVMJ;Ui4WPj z%@f&T_$VJVKRD1?peg@DUi1*EuyLV-(Kdp3&YAFh8vJo4rlf|}BcF;E+cFRMqBvhG z1RlwT_;h=B3iXSyk7CX9r@Z^<$;&t|!X2AB)_c5NWL1eT2TLAm2pS!jtMEheE)(_L z36X|tt1I?Kk%GBhFM|#RpzYRInqiys!F-*R(;Ludb=tlLr{CkoxFAx<$1BjU?swj{ z=Sm5a`g|L^2uKRnQD>S?g&H9ABWxs|kBQIWa$VjrZQ0rozO(8v2j5RIH_4k{AE^ATT;rO}HJ{&Yd{4mH8t7?Wqs$fN zmoPHq>n>)}F&eNY0-vu1#0%DM?lTzEW-^(UoRO1PzsA(-l91=3$1jno$8Yiu-?O{9*Q=7PXQn>91|rPaSg~B{{xNZC?@lro)wO(Rt#c0Q z2EW@0rW5>Lqwy3k-dWM-n0Op$(LjAGt>A*}4%_UB<%&8NWLzNdfr zD1Y4ndV1fWJT^!y06~}^I-;(BC%f6V)^l#kc_aM2XTUx*ES14P7-MVi<~$zz!~|Zr znQ!`L6Vz>bz!fNWJ!WfZpIEoZ-nVHl`R9PGL}S~29+MC8*6^=ZQu^3*&d^G{uAc|8 zI?-ppZ{DkGK$OB39-f!z#l0ve{_wX0gkX(agI7uwY>gWpii31M>QceK!{EWd>Ok6hP6ZN)`A+akth-fB5ia zfQj6yim&0w}@jAaifH%Gl%IkdYJ<=+=MPchk}pI z3nOXClz#>Nm6oY8RI`ipvgD6SSNKejpE65`%S?8%QpF1x=dFiIlj$Ly-q&yS_G4{r z)8A021PsvjVcqzb8&?}+#UO_B%Y*XnoKIEr^mE8$#W6c8$*N!GeRXBrKX)X4gOFqP zLdPCXXMjul<&n8P`@Bhzzj?yX+vHakM+@{D3)UoFq;tf6+QpTE&KVMvt4Zy1%;$61 zSBm>EyB+%^D8>Nbr?)($%n18!R*u*63pG68DjjK`!RFoq0$=X0MMx%1lIC5wT*|`r zP<>!F5<)_r?$2%dKDRbu9zq;FZfUVr$kdqSPYnd8ixPF|mSYjgVP4L~<#0-4iY&2k zOCr)C4==L6u%F3<-eq5K4~Q5ZYG8ACd`}w-X``G^}SN}NvMHfQwRuVA6yehYtK8CLAh?{za zS{t!a?n(q_ynfMry26i@SkHHPmjQr?f9ymjuFLMh3euQh7n5QHlR~@zWWRfy;g?D_ zXs-LOdxNbV%yS^1nJ~Id#NIn7=JTNQPghg(g{OFgYJLwE0v(^c#2N&_sSo0Uhn*hE zZyKOSg^&HDjQ8mvzcbOoPh|4JcG9Xyrq8_RRuuM|t`qYKlg`Ok5`1+$*sr}%e>485 zUDfx48*tVH<@Zqp*Ux?<;x@Q%tv`{-No29}XT3Ca03>L88T;m`ZnQhnsN0bAH5k{#OXAnNY$ zJ4TO~?@nIt&FV^A^V}|xB(W-;L}MX*&C(zzU5#OIOp$GU@eAK)3v%7p)Nla^r6G~O zhEG)bt-6vqY6d2E={k5VHGBnQ4?Yt>U3^xoRX0CZ^tnAR91HW}b4E(=mj>jGms#bI zs15ra%R2UNQ@Y#+xmp?uI+x)o~D|g5b zhUW)_I{tDU$GG!l4o3x#lR;UQQ;}2<^|3ZBt{g${9TtH#Vvk=)Py{=!j(Dui{cH|%YToo)+)(7#2u1=eodU=ISlMxY)V`uxb!Mv_{(^*s zg-Nq(bO`iNgM3vA+4eY=Xi^4bmOCR$h-nB9{Orz~+HXr5(C*Vb2d*oe(rR(n?(=f& zeVka8f*(tj*((T3LArVOyFOCnLhW@%TfO#`ZMp(d3#n-$`Po6e4f_(ROfAu~|C*%#Zna z+3FJ0GSPv+gRJHzU~j*vI-Hi&Fh z78Xwa@A$W1ogZ%-+qPuGMb_?5g?GB0kcBEaZ}t15B+WZH57Z%mo#K6#K3=dx!e5Z< z$-3VYfrw%tl{m0|z*B77<4I8|?f6Ty%QPjhQv!!_0Cmfx=n(uwqyT#U*wCMFPbNV? zu5U}0fl+@ys0iz>x`Xk9BQw?_b(~J_{+44Tc3w7p07*vgAtpfyr|&O=84sZT2$+Ln z{cXEP3p-ZN_)sohzudF3QXBie{3J%l>0HH@*%Tu@&H>)>vcGDvmdW9p_K-kcE-U-= zu%|vQqC`5A?;(-v@`0QAbS$C&ee~MFo(Yan~?aGO_#6$yB*9jHgV?0LR?_74lDVCD@x;i~j|7^0Q%O!Zf`4?qf z+{3Ud(BMPj@OSNkcyc?BxB3h5b-*r#cYefskdkkA`BwBKcc=|N*)O*}Emk_DCt6(k zYRxWlI0*_;X5Y^Y!qjKIzh00L%aP-zs8F%20Pt>#f2WV5`=;WU7`W6@MI2!|N)V0& zcJ1`>na}&`2;mGyZt2YSeh1! zIeV>Aig$R1d%zVCLF0K$yRWr)-rA>hNNIGz7u2rL{m^j095r;9u~37EQy}WR$9@SI z+vQ)pR?xw46!x~ynh{Xk9jY(L1L31x^yp!2;Kk8z8Mea!NXX;cdTfAGNqu;o3Tdx? zgwkl^PQR}x;b>uss`H>fy)V~vm$z}&AZFrpFUA)}?295O)5o96=G1`&i^*T9J$_zQ z$~KRe7jc1~VGiSwr?ECB*@tHkGD6I2)uC`Hgv_Z9t&TjtwygXwg{VF7qBH9WTe|1- zV{%5pHRoM%PP|{vHPD#P1Y_B^$>!lT*mYF-e!@JnR(+GmeWjzuflrI0P_MMgq5OGl zCy;!dvf)mUZ4^5q&>>6Y;+0Eg#^2CYnO`p0jUn%8AK_UJ5K09XVAQEp^D*Y;&fYYV zhWGoezLX=}&`<9hR>xZj(PuAESoM;YiF1dSp>vWHF?x9YS$RNSKz&=+<1JAOKV{$i zFSrzzsW8s>H&dBw)c&OMb~Za+vqhLUKU=RK^BPl^X|4p>{eFRjId#@vT>r&X7V3c|ivF5$Pi zhT#7lT?8jr)QH{pcT(Nbnzu${Z`atnQj{Ek$6$G*iWVnh(Q;*>E-&<6(jmxeU zCPH^-T{WsWqAqzeXsHbh@>xRhaXb+*IH@3sh*s>L3;rmi=cZ3`cMl)+=8@es4S>}LaN0sQ=_c`7^aKS_3ys9X5g#P`ej^q`{z@+0 zbpHiNsKld8E~TaJNs7#ZE%g}JujvRPpy(DF%WZp-YSgDoym&fnN+AA~=m3K1zV?1`njP`w zjoudn3c5W-_VnF_XV}4dfifWfs0hyFbA8VLlwZ%bZql%*5QGEtN5SC?-;u7l0;G z@o!V8Px2_Qq)f|{8TBh({#_V%dgc*Z-0tl2-7zKi@>>Q%S+GB*;hKd?CBK+6DI)WS zwzV?LEP0YF1gR?OA_P3PS`}(t$I1I<^jQBX8*W@)nVi?J(cK%&HnBgyydPu;;cHMB zsFCFX#&w7-?+?+13p9)CBVo*|hc2yFPvP8|fIAa=c{t`vEY{#TT*z&I;U8rOS7^ z++NHemEdj+r}OgUfXyJJZ!!n-YnuDkTc23w;13Ux^`QpPxE9u$14j$_aqFms(|`;@ z*WR_%$%~x_+sgO0uX$GVJg_(Jm#5RXsj8Q(XjC?18C@UFQ~0_znBDoPA0>{1mt9r9 zQx%qy#(JgEmF@X;<%3BXUiy^Cgc)Iq8fKGjt&M`zUKrF`?v8{`G@iW?d#Vb-w3GDUtjjHgSS3NQ6zW0UfSX%NI+RaN_szV@|DZBv#O~p4j!Jwvi zO7yx2{VN~Ap9TBx%w!c@-rTb;h6q4J_U3PwOIXxO$sUJK>FhBsw5z}Ccm68P)#iJt zV)PeE7Tdw(2CMcK6*BfT8Qetw;}MoGY)?em@KQm73#CR}N-Led9C$9)9S#e;)5B?-}CHUI8aU>tE@bZ@e>L~aDJ;TXxlP= zXmi`v3`h*spF<x~)iptP=q~(njDENJ)>2h5`bRJv z*xExK0a~(zg5*}Mmib8E@+)caYxux~fl1@6Kca{Brt70!X#1@Z_l4)yWp2VCWXeB3 z>|)WOVP)uE@i0A4Z1S}(XSfwq#uefNlwKmktVJbh+ECVYzpOsy9-gMEf*$k9d8?oe zaCg=rT(6SWh1piFyje?AKtoQStVW70P zMLw9A8GXB5;_!^H(St{CvvG-ZZvAI{Fs@_r8wNS_hN*zlFNc-_b@wjo8Z>^o06mxh zPq3fK(G2>i_=_n1RJF8iU{vHY)q~rQGd%%4*88FKSdFMI;vxE8sM}{S*n$lqo?Ps|w3VJ*GjNN0@orky8;D<#!0T2(Foa@(V#&%UiJY|m>9eu>JP?GBKYh@c(f zPaG=M8IyUxZzKJzhysJ$Tx1{UupCtB2g<}xI zfTM`FF`1{Agl{VNI;^(mhUVX;MrD8eX+N_Enaey6rT$NmFXz?K zfRE^bN#{~8GGFb^!Mr{BXy%EUH1j39K8iv-Cmqj>N(oG#vb_okfw9FxW!Pa?5Dr`(!MIf{|lZ$Lev zCom6WcPHL3Nk2cdh;u&L4TpK!8#rYpo>N#pCNkQxH6wra0-V~-&{mm#kfwa@moJ>4 zi;B7ygR7%9VV-rz=7Bo9rKE>4{vDwI;z{oeb!b12L&mE2`#DB6YRmVo1gG8F_-V@L zqfK)RJwf$=XkOi5pXJ#jzT0rN;P`THo?q+QU45w6CiqeinwjWCB5$tnlN1|j_D1S{ zSgQiwk0Xn(Bfo;cdK2h0@1+UeEYCI9mH-%MM?m2Bh)gud$eZT@_g74HaGix^*b}8( zM~`0ipy6xTQp_~;^YduV@fWr?Il_OEj^~Uj)01{s_z)5r=QC-p#5pjYtzTICjzo{G z2U14=;ld|q@cp?PDtAR_RBSGB0&Yrw{h%4-2g53yjxA96;_ae@mj*edn9GMad_BHn z*FuXT;|BiId^R=v83BxXRvRM7UPq(JiH#1!S0zCoJPRQ+Jx&{X6Og-V8r1gpYB9-u zyC(J@p!G8Qw~Xw?Qx5RkI_k~1=dY=|8PdGpH!c29d$fnDIR4_{3&=LBxN1golXRc> zaNlyDKf^aY>&-nFw(K`(LGqmm1T#4nSei~-dq95wGp%CgJY zL?CA+pIRAYryW>iMAi-JS3{ua%4WT((GMV&$ZJ%4jOqM~XmzRT0Iz;?aEN~IjfkG> z{CXoVeFQ4$?`uR)Kw|2+iv(8@afO?g+f4j#PMcQ#GU_xr_e!%M#0_I|}Zg-bKi z%=z_G6-8gP&uzjolD|#wxutv5X>U7;Rb==7!U|sLfgbjIxr{q#eEFRUr4_I{i}g$e z!{`V_{-d>wWFdu&M{^YczdvF0i|Ezl6S}sn$-LO(m3)sMtPNs)ja1@viVyaDhEpVM z9s)_a!p8v575VA z|BiE1!vS&G%VZzt1-mWoc7z$J4%3L#__~$CHVntwflW1zeJojD*2h2VY@0vBlt)+_ zCoIEuo}DolZ>iC^&x9|c3k;^LvTF8Qk)|5jF~X0U_A9cL0=#q^)Q3^Yx4%6_|Uq?0L0sk+mE%$x`58p-nWdL9edHH%OhnXUQGvG2XGuvMY^$tVXhf%)l zQ^k0?O6)Q~JL^sq8KcHPs%9vbqn~RQwWKxFRLAr9*)RRDwPeI0Zb_ssjGK8d=^xd{ zwo9@*{ETW1zZ@=;Izy)5&(0C%vg;TLeRR&rN>ucseONh4&vWqU{evqp>*Kw7c!e%T zsF5pK_(@-o9zgeC&d}%B>x3cLnDN&(gMrNa8CglFH&%;4OeFACAr3QtclL%rliN`_7;CIEaAvgDR2Ax zsF+i99-qg!>+xb!l23Q~H8s~kEmWvC9rxuVFYjHGeEzsi9K{#=pyC{Rg|4Ihx<60- zCd|p`nn#KS@hUiTgGrhEDa#W;F&Ug}y%>M)j(a3hkupA}dfhx=oAAq)X;1BxUAAH1 zmRrNaQYmZ+p^iF8`8`lU)u58yud^*u&f(A0yd(tAub?^U0%&~xp*Qgs4tS?#%CpLH zWbt-V;p9EQqbz3JJ35x3`*oL_3oU~$g?e*4zFnF%=Iq@cTK0D|ySLgL0RT+#`99Bm z=KL;T%IkDl?sIotg=v=19g0$Ize+LF?w|aboV-L>KQUAw>m0s$L<7N|SB!8)>s@OP z?*0g=M<~@~T`e;`2iFoT5QzCcw#Fi`BYl`Fk~nUohdBF(un7{6AM-;FoKh?f3+f&M$KmZ{3X zm)mJ-W2fqiPL|n$nzj$&xt-)&(vxFsg^wdU*8>l~@A&na>K`Dg`+b4x;Xd!3hu|@W zw})%D$G#onhCpOAAE8Hh0N<;o-cSDxp2VN0o815+B ziBB*4d=5Y0>eBZ!D`5-ISv4qG-=?LuV?@%wxHHG@PuR9Kw%hyeT}_j_peF2zm#Z{r z9s<2VX_h-iWM==o4}Uf`ZokvtHhg&#P6AP;@wL=H9oE$Y3?A9z{>@)c@6bRBYV|%} zU4oyvvQOsYe9;){9h*w^Blj_box><`LXG&rvEk_6FIO|c%hTBjYmuz6jJ212amNp# ztQ1OQNYC>JcpiAQaE6xd1sj+P-f#*Rq1GzkV<=bS>R%I8jR!6{zvu2gvDjtvX#LZY zvaWP@s6T~mwdy;Qj@I`iIrsDPJ1=-oz3S#-0!9gy)uePT$s1zC^JzE?zc+vT2_rtX z+MiGRs?g8zxuMH_F}+>6s~>Z4X8UIA<;5*7K?BV5^*+BW26_DsX<)q2Q|5CkbIM5< zdNPL(Jzrx&^WQy|y0weYwHn?m0G2)a{1`a-;&J>K&@w!*uSYhfP#rBIIkIm)sA&D+ z;xQDpNX8C-dioFI#!=ApDgMi~`SLZ-C~yerFmBhUa>BBqQbuZ@75di;S35ZnNGKiq zAbj43O}w@w+P5Ty5Mg9a-?f#|=tzpUGs}?7U?80mhGA?}C^i)7ow-kV}GXxatFB4pkCNDP!@(6&P5nT z=BIx@cV3#b3Fj0wy$PBlUT@g{)tu`D?EG?JOZJARpZ6s{GK08})I$tvnGPlp)qv7@ zDS4}_AZcH^VvC;7P-t}`;gVfA8+D5 zA`6Y@ZZPm+ocyRrr}>o41h*bXKb1f9a)L7=Kst#>KZ`PAqGEq05gq7qgP$B{)*zW~s+o9t7LjgH5}-3;ZY_kzlZPl?swp z6tb=D+kfEWW%zf<>hb&r!$4dpj^XR8g|SSSW87jp7Z)jBh!YM|?gVs44A^t`R=?TG z5~8(pRhZzHTLAvzh$z2qx0CHU^(}^am<>g@V7P_K`vMEq8kBB9AY`qh?)mk3%5VIQ z#q~Yc`hkBi=n%gyUoOTfGZc^czIqIF0MJQK5-Wy;(ZF3$G)&D<{nT&LkAMLH*rHr@ zp&|jO#@Q3I-a`feq~l?hft$PS%j|n{QC570`yf`2*QJvq+BmBdtPy@t-t6B_n@jia z_OYGiu9q0Jbu3;^by*Il$$iHV$U(jpr0hL0LUdZ`I}%*GNtr zSEsK!<@dpkkcBZF_){P5&Dov*#@m7}Z`y`mpSX~%i{5FgekFR3ne-c+Aw!%{#8Yd^ zdCDuZzD;S6!1v}a_dOsZ}+`Qa%bI7z<7SL)xE4~MhV$=Fwx3c(jd1ba3XRmGk5un0{H6ke> zWraIjI?fPJG%4T;#OzbzLu5*%K9z^RHVR{Q#%X$vH58us7mOS1CM|SY>CX9PJjD$1 zK_9r;zj(RgxB5|@!uThWw`;(PISN!WA%mmgc|lvzD%6yV1u$mC^S%mGo}6#6jKD9z z>DLY?+UMM_cTWvLYf9osE!wFZA?WvH!~rJsGpf@Ie>=Lt3i+%vMC?w5wQp0atY6e4 zbkgK3QtcCTLZQb90kFQUwZ($!JC;xP{K88mUy)ODm=`LGSmK%pH+t0*VT(bH>Htc+ z{sR%x{jG?IBp2*(CCtQy=w$-)b@S~UL zx$pB>Uk<^{YQ`0RKq0JugyGwyDuxQ>dkl33GfG-UOmW87{bYNeAU3Q+e@b9$4-yL= zE>pBZbgDh?3sQ^X(1dQ#L9dxI@Xhu_GqZ3`0`tQPM_MqhxE`Sj6+xlAqtJGfzD7f> zY`%Y`vq|D=f?n_IShhbe$~5fb z1J9o!>7bqX;RKVYtX8Gl`Fx(K(~G6~Bpbu)=eNsai5di964yRl-DRuZ#LdnfbC;xk zzuG{No(c|WidUy`DUlyY`UBulWz7hbchsHvJt4ZJI^P=eZebepEv!& zKA-WoepHW3*mr4|^7ktj{7!@qH?O<*Zi$aFCtRBB4lkQ3;T)#|qckDj@*XWR?3s&OMG+=_ zgdrL{mWvlmG@$veoI5llmnu971ibDq+29%RnIl}xV2_rWqw;Q>L$B~_y{jOI zM~`Xc;h_!z_kGN{pK_+v_qSsUu1EE-jZ$<0VKcV@C*!8dyOSb&61-3 z-0J3qWQve+tRGbMCi#_D7|+kVG4ak*1=HO+556_~7_?wO;=sBEQ03kw5-384u>f#V z2l@_Eki+@(`%c#tBpkNr3pf(Nc-rr)v)X?gox0mkTceP&s$!fF_{S>L-xa=@_}ub! zX#TojPZuJ7 zma5PsFip_E^ydyJXpr+5n|49T!Ew*4!?U+kMa@e|xY>D-7xo;Ev{dP@+&biHe+OiL zySKMueIrUi%d7Jy@Y_BkOd~~>OY`#WAD!3Zz&#~WIRk-~_rM6jAGUiz4+rOX)B3m8 z^~%T^MZr`T57|n`v9C^W8njD`)akmO_6sm$lBsMj_&?<&(fGXzA-xFm$sZjZ@Mju- z*#iy9Paa9XisD!p&i;=VF0dK80sZ7$&CgGq!wS9g!&Jb;My!Mxi=o;Sa3djdF$uvp z8`e_^=nQ_Q=HA@SD+jC=p7Yi93Y7Du!~vt+q1Ub0|Vxr-(T}^9O{}hSl9#o z(t+RawRAAl#>srtgmXg!Zq@+oSrZX~>=)cTf36Y87WBSIrdIo=MEkEOmW_CT-Dd)M zyUUc;lW6=-cRVW2jJjfdQUke!w4!kMg(^B~1j*k{zkZ)e9(Vb!^i11X$PzO0t5psT zIgO|TAq;J%*Y06niTSvEMdgp!YC7yGYQ>?Qx{^fRi98y#Ro0onxaX9%mPYg4-oXkQ?N!P zpXi%5KM~oJ*dn^}DN#Lc-2TbYJ4%3cTXuYss9k;;^hYv+!uEMjb&w=8?z3O=$Kye} z%zy-LyAAugi3~vOc%3w8caK$a6!6{6iUu=%O0d9zwk=tNI8nd`q{5et3eJ37jJoTl*8K%>V59vB`b}d?XeI6 zVDrg1RSuAbIZobi`xHTJC7vJj4S3{d zJ%_=ExG0dC#>+T(Z zGHstT-?*c&0i`Jz*EdF*tJJ@LP1>95$M1CEQ4S#(){v?mHg$A%yZZZz1E+X3&igHV zceyeg7V@XPEOx&=HwPZ_k;pzU2~|FHeRO(Db||wLEM}4&PiVtI;2tAZ>=P^wUohjD zxnY_nPDgLoevxo(MSa}ctkcQ3P*gK4li5yh-BGJOw;O@LRr7CYq*auKbaa)R2BwJF zCa@}|nq`DLL|QCws(6DiNOOEWo~61KM|af!{N7+UEPf32yN4R|y(d~8z5tO+@G)^< z^5&MVKVbIo7MU0bc|q#R<&%LNh$i9z9(8TTgNsI7dkC-qnk?LzI^7$WP|v1a-zVpH z&0UJ(Ol7n6y_&BVv&b)fg{88vjxXJRyiQ=YUN65{19f^wo?;^_raIgn7)#>dK5m76 zC~jN@-4^P7KaHQaSsV-{|Co0e2;)-|w;PUp`ZW41_(h<{8INvX2qW%;n_=NW?RYg> zi_V+3mlpWZZ;IZ5&D>1lwpzf$O;5by(Vkookn{sRV9TQ9EPde7e4Dj;Pz|oQ?SJxj zN1hMomR|VtU(_3F9d`nyuZ&E6X-C(u_n<^HCsG+-JoBQPi?T-+*RH8K`NBGy$qz^* zx_idDjf4-C#4?b=ta@Kief{mnu3Z94V1u)h#|hjUcGS*Qx*Uaq@SqZZ1Y${^XjW>q ztlQ+)$iCl=(@EI*QPW9C1@Z!$mAGc_HRPS`@ukVbo=eO`qYiyC1CX@eAT)PAOM=Ij zt8;&^CrOZvMyiZp|4>%wcXmphXGlR=qd7hH_0N9qg;#a_-JMY@x}NwND9O2RNPr!7 z^N@@#0cnr8eLU|s=KJbLNG^RY4edy!-4H02zQYzeqnePC>to-zaM8uptYJ#;E;!)QhH)sy+J-a$F{nsft zH`StEVWRT3DxFlI%828(xM}_-<;a%2iw9E30Y0G#Xxt8CPS?4(XbCFv@xxFz0il!4 zm(W)TEDWmy`}luDYj$&4_& zBO}V2Kl?<%)BCIfEC{Xz{`~DX6{MaYaQuz^Yb(X`Wc!ksg9oUGC%HeSvxI zAIAZ+qyNyaJ&H+KU)l4CyK+CC(~xZ1JMjdq5KsM@9Oo&c6)ppc0Za2>;b0o&mW38Yy^r<6jfmLyQ5r3(>RhB;MR1 z>nNlzoQjf;aNI-dfr7 zD1|Sy&At@n7&jQ%^`{klmdRFpZl0!Ba2N-wgAWA%xmDL;d4pv2U-7_rb5QN8F>eZ3 zWd0VMU(icde1>TNK|UDctRIqIZu%kY4+(?nhZ?A^{Fpo9NNw$3FTHI! z!}3fUN4+`t5HI*9EFriH3?O3rkIARp+t(tO6rlc<+)9!CS-~cDH`z^&Z)~bRiSUwr zP!s)^^-eC|2B@&|JYc5fTSFsM`RT8C2^XiAc>PtvIr2w_uRR=-T{RJx888vShhd!X zgYqZ&PO4UeD&)|8Vve%zJ2nBn(qC~CR5_`DYm}_<4gB1=zBe*t(55M-_4bG^;^6Ip zhbHe8iIZ|fUtn6xh0c%j_je#J$AsrrqOT%h-&8g%mivUJ>$$l-?{GnQVYk29lR@mS zC&7+r1Smi-hn1mQ12+R}o5_i|NY!ktwVbbG6Rs2)H!AmKo2}Ud`-6Xgpb=B@Ox zc4IO%NZp(`Kc+2%?w_Vr+25v{GA5~^l|krx?Z=1x8@IMv(}bO3v6pK&{hh}OIj2sHB9PwPoWkS?hG9<-koDKFOKOd(PP~@*&F$9`m8-)mR(hVc zUg~MJ0O)U`d%Q%wNweZ6NhmZ)8$nwPgdB6}IP5}asE$GZXGmnV8%xKpz+slD zS|=t{AfX!gJ(8GXpw%}?U5G?2hj%x804O8wCNVex)}WfNU;HyzR0l%Ni6By~M&Bt0 z1^S$Pu{+;Ud|tfUI#LtC*DkpjYHyz{S&3j0CGl0FsYM_8xEU*4j^j&z{v6w^rsGT& zDNnNJ4lIisquSe2+T^Ew-Tq`wIJ4OMm8x6VWP>A_FD=w8GAP5V(6`b@XQ>REdeiMCw;;rK??$nni ze}6bv@8;YB&O~GAnYrd-sv9w%utgPU*WwhMIiTP00e*j~3ht|aeN@k)$*buS5*}(s zy9+ZNKg|4wW0HHVqgj%STk?V8hQqAmWlnkf#3a6797FGU;(ojq?BeQbb9sG&FX8UJ zX)(IEWeQIY%gxQqV!r9P|`LzJa()R?dv=q^@lm~p54(o4}4v!?}=M}9H$Xw%jM5i&iFGCIl-S_W? zLdLB<$5nURfS%hLcF9R)==x~^lBvk`woZsgI zP}mD!SH#8qeMtA(TGMMgZp-uw+kJ(6IPytb0PxABRyxIt!hLU%*-+g(9cj8#mQuG7 z+eil7w?*~5BbNa$%%<@$1*Zb`Cs*Qnk(gY~{_G+%%`f>qoXQWFK4M1+bz>;Mhm{@$ zN`lzn(%K`VZ64wm|v6-ifBgFGv{}`dK#;YfV2kKLlaJ%}ec;IZ>PJP8dpVy-KQ{}6&k|%|01Zny zxo@BFS#A2cbh^Yz4*v6!!jkjY%eb2&d`1tdYknT@?|xy1H{_k0`_0F`tKJz+Z>jI| z1kr+_InT1>lO*);YlU}u;6k(I>Y8r{m>0ZJAR8Ll8A$q=P=fDaUj95a)iM3VeMR`@ z062K+6aLTZ9oTue6Yt9yJ29ne#oDXD{1p3pa{4{u>f6Mxh(89{I@{tq zC@<dd|^y^DK3S6b0y_~8$$S=)3S*m41&U3cc4_X;hLse_N;93@K>&pc4 z#JtC*;@Ku^$hW7#2I1qYukO-VJwOCgiA7P3)WLdQMKgvutW!Y?u-qJ)>fb3sUEcQ>Dw z)Oo3$tn(drOjIA862^~UnUr0ZMQryEsrq}B;NC?Jsf+hf69VUVYo^IrqB)G;YiqAv zS|MoDLejTkRP$RWK~SMz5Xls~qix_*=-9>my!{^KOW)>~`1^AZBU1s@-p>FfGp&4- z@5MhI-QPLy3Qo;@CHpR~J2+Sutu04D_3kJopEJTZu{1pHp7--U$nXKF#kNSSXEYqg z$+vjys~dbtXgtHYmr9dQzL{Z{)R>-Dn$>^)AiGWd6pe)&uwp^)>St|@o}A*J$M0#K zdVqs5Ru9+Iuk8!^xVa>lr;qTf=6f1{7)cfJxit&>-t7U$~`Doj@UFse_xL+8}~0-_9=(NCy$io>3S{-Q{s z?(~nI{YMz6kW`0kw)eQ>&-aR7c&I1QrRuo6pekFsnX;!$h`rdOR>$nTZ*Vw%mn zE}V-k=xWk#(51vhZe(PsF1H9ctL9~c4m_avJBhLqM>p@H ze6NM zwNEFAPhUM*I|;p@REO>P6~Bixr;Gbnu8t~mCpTXlH8O1la-Cwk7LI(vpP!DPBV!MvVyRkA^S+!hxL@r4zwQUS%*VcVN8Hn@&iMM! zu15_QPVAXvg_^Jil!{OS-2sUW_o76XyPgd#+dyZZUfMO(G3x!OeWIDcC%gl~(l)h> z3TFZwOu*2@IR(ruEvs@Vqe+Ilt<=~8Q+`q87JgB6IR(_4F}641*#Y6wmwQLNYBk}m zP+{6{U1q-_UP(PsmYmEd=N`7`zI@EM+}z(}PR7yfA5g$Fk8LEBNyMC02_169)0m{Y z5=-{$K#>{Ex$-l}`aoT?hOf#85&&Lr(ZD+B%SCoR5Q=#of%pK&v=&tknT)(D>~l42 z`^Rk?9m`6U*w5M4eO4F)!h=+Db{@W2Hf9G*-9AQ~yre7KOR+K19TCvUM}eUoeAQnQ55xCPg?<=UQa%R;!02qm8KZ3a zX*zzVuvJpTCY$qy!1m*+uTf4XhQz*TBC-PND@QNG*Hhd7$`;bE)Yzrr0OoVfGnT%Qwo(LR16;XjvsiIDprOey^; zv>{SMzAGkt@nSq&wO_)anzLU35)R{zo+Vpo32h3z_$?G);mDLStS{$_!Z+>TXaV=T&3;$qZ*B>{OeG-ls##^&c#%ya$m;plCq2^#e{5Fc7Et8%`vmF~v5~ zptmb$_v<91bJm80(ZSE^>CwbHt;_R7H?BR%!V9i0r;wSGMDqQ^J>Ki(dUKf~t%vH{ zq@LF&3O(V-n%_60zA>k{j-F)D`g$8uL5q2zAqb!udnoKCO0dZ#I6(WxSD~|$@QMsL z;#+GR;>v!VmW8rjbnY+Tp2+s{80CQa202p4oTaFy-EuUbkRLp0E0GV>s2)&%n;wnD z{4PXr_N`Hf)`;sOt0x`%g+nsZOaS1TYbPAJF=fw=q}fnt@93%kWn<}T<*bp zJCs+UGoKf%TU-5+l0CqbEBIBtlePG)Mzu#2!{j&7_gyznpwDu|wCZwx#M zDbt2;zCv$JCV2W<_50wU&Hdw`Hz0ZemKN)@S&$p7iUSgg)JAi<;&r|J_MWywBh}h) z?j@1=+`G7t2r+qk{=pZ1`rD(M~V&$^I@EC|Q8Z`rEX! zf8fG#@D6Xs>IglD@KB(c)1XaYr?N!ZR#p_$VI82$uPUUgK1y+4S!Gn^3j27#uU&qx zU!SyM%pjg8IexX_(+M3qT+;VTooGN&YO?xFhrbdEnFdR0yZ$?5t1ZJk;W99j7en6Asg^d^<`**1oCO0*P&5STmX)voN)>Fwc>S`wd!ht7&ip!i<@zJ|srjosvil^iDA|56UL?h~9DhR)y>tt(M$$%>z zf?W_-+56?SgjuV+#f+Qu2kPRAi3rRl?BFpE4;(C*$RS+GWMR1=eAwVr4%;e{`wT;f7dDpIF@Z!c%~1t+_?-kqUzy81-@VSW_4^T2 zhi{6lMcqt+GHzuXZm>hv;ck2m_C$)O^m1LwkfJWeHu4gvFvQo>_JmF%->#jK((Y+2ACjKKiv;M z@?*Y*-qI(eIwe^8`0HNwHeX}EUAX=9k|W^( z1$BWT-DPA&yIAUAI5*d?Hd%gG-VdnP6@~?AK8k{+5_0A7^xd~Qe+b?4r!iJ&Qn%t9 zoPSq^uK2V0sTT-NA(E~SRJDh8y;hoK5+#ap$N`p^l1YPp(?-$ z7x-~l89FkDysocT{_S28=4?vOBpw%c z`Aaau{Rqd1e7fx0%y}t+_bbmlY-|RA3h+=16VH>PwV(y*+Hn3>2hekY{xbIJ4a9p( z{rOkpSNvVo1Qfhp!ZT`h$l$k$WlPLVvMb|Wp*zqOjdx8C9T|W6frIGjNqdlI2K@w( z@?K01VYf6sR_fKI@PW*TBs1mk%g|tYW#aMvrVmx6Si0;VKfHIkIw{XF_Yulg2BMe- zDWOX4;f8EUOEAloQ>$J+4hD7&C!qVHSD(K)mWHHE5cwwSHlYBCbCBX8!E= zZHf@gY9L?40&H1-}59%L*WnJE&@O zbu$9zgU8+N!B3{M>Jts{PdwXqQ0T3$RF^fvW!_gpt~vco6ZZ1#i3 ztBFSf=>^ksILDB;=Tn84_D73#)@If3@Z7EeNEefQ5?WB|IvtJua)p9#-a6-f8N|wWEy+`bl6WL zbYadz@VdXC#R6|d!!yqW%kLrouG^n zunTI{F9b(>qOS(SDg@a7Gn<(S79;i3m^*Mzlu?@*Zj+b=ER1JebfTH+v0?10cV*67 z{mPFFJGxDj?4FN50?IT(eFx%Y|K?mi10wxN#>`v`(MJBZ63$-f5tcY0-u^xqC~Z4_ z<#A&Z53^kptQVz(BMHmT|U z^fR&{NJs1X-sJURE)=RUPaXp6B)?tELr<}N`{JSLEY2_zyy<7qxd=YDk%{9YrEjf_ zv?7ZD4B_)J@^4EV?%Ce<$^KmGH8tCBjTy&}#8vVkgBr2Fy=++Qd`{obj`V?{b~el7 zdViHkDMaHJv|Fk7PCp4g-b|XZg(5D?(CV98UW_&NlG}1|x5HyNKTOCVFddL`#)%hl zsI@4WpFSUo-vXb%vPXiufYVKf~$c{w+MU-kZF89eIe) zj|M@t3Jm4&hT3}Z{gj^w1xm3wZzL+qC*;+iU>?KQcp{+&dARLEKJx4HK2$yrH(F30 z1sbx`n3FMy2k})ywIzosgZ5x%dp~1Uv#(au*1W+U3duZ=rUplO4@KT^|JZxWsH)a* zZFn0P*d1VR8+COkh^xDMnX9{d8Q8H^(5+jsz%DEdLOHW-=Fv2JBEtPT5~?@nfG(YbzfK99%Sk;K840ZgaBLxy~V14C2sxA2%|NdU3zGk z@&uF$l}_g3@Pq*pUqus{g_5vHMv8Eq7_!1>Ba0~Pkc&)E#T950i>#sXm;`W8@G=tH zMiMZAAq`BhQpkv7)e%FCr^dUPVB0`EKFIXjFb-3gf{9whJkYwuVj?23Ea>GJShTQB zMic0v(58skwMwZR=nUam&|EGuUQ)9NLxipnPe_BT--xOND7jIjbcWC@fmRwW35x>+ zJ*427WRu7b5GkDrXccHm6o7xYa2*jI9Ys34fgKXo4r<)(AOY{SmF5N=Lq<3ThwD5`MS&XfE7R5TPA zylzCl09*?NngYxlMynskw5oYwER=@f9O%sj@@NLM_=!|@oLdRxTqL83K&N}6PE7>itp7ZF>aMuyRv#X`P}%D`F7QK63pkHnN()p(1|N98CX zZ>6P}tujAGNDvc*z`GB-sSZ2N7G$}xbkL7Rh5+i{a;P?ulb zOZ?Ew?emz;Y`xJOM<}C#xrhr+Ye)_q2gv=w?4<(pC;SV4^n6yB7M6x(2va-LuQnq6 z^;Ck#jq~f2L=3=zX)vx-Vpw6fk|-Pvk*s%wu|5(Vr`D)pGBdqKJ6Wk97}+Qq@}=1g zK{Sd82w~V|A!EsM8r7}DD(QZ#5v1t@XaLY_V^*N8#hcY+;Af)?ke7)TFp2>yjx>rh zS$>QdEktgQAhuGxE-6tiLFO88N=B?E9!SGWD1eZIEhK7REUZRMV288#b*{cx2K@eC zzkpL??2GtI7$tBgQAvJ$IBF6|Ax5MHEikg5d%UE!Srk@vTm_PlG5`GN~@QI;;uM;&P%`Zk3_@E?JQ8 z1zm0n_z+aC*Q--o+|b|?1h##Y#T_*;xe_KPDg{v&8z{E|;~!e;fEOC0mwALP9ZJOV zf$VWaisgqmN}n1&f#D!AWI-Pkchn?G3~{U+9CW}KR?#GQ36L--0Kvr92x+F6KkCPD zRUrNYvx{jZQn^5;>ehyRc0bk!TRdt-On^gK1BL)wi6;=ubb%gNJ#_SNByMJbiG=yY z1bBsyhjVGPkuZzxivlw#0B_7ftyN@KD(rrXp323mKw-qgS1Up)Mu6%AX(KCHW8*tm z3=|kAG{YkCff$g1i@fm;wAmepsDc_p>HLnkiXFhl-3A_BuL0g;y-^yFpu=@u_A9M*C2%}h{JkhUem>R5rJxU`AuB07z1}f2G(l_Nfx7FWk7a? zxK&K8j*6Gtm@Y1r%Z-P5MkWUUCw7Jk_5lSQi>I|ap|e#5y+=_O*T*8d`64f31SM{n z4KXW&{jmSsEu){-a$fpNx-N9pBMExp+6J;1D`1q5DiWM ztCCq-rATbkqKI~$8e?@tQP9>EP|Ja~obJ#my#^jZuZY?#9vn#ainL+}5!f*7YLW$v zE7d26N5GT|{XAe#l>kq$D;$?Icu?i{qb0Ck1GO~(CCUAAGEe9vVxYVMA01<>yb_EQ z80c+09RVApxoLEqHy~wefVvL$8?-u*eq#F2GMCFrivJb zYo$A(fChy03U|;?Vd|m|GQ&=B>vcW~3V1C%phRm$V_6YBFi2A+AlyWPB#4blV@O#J z9|q;;2I*QI+7t)QHed6o|mfg$$B{U|@)BaXUTAXE7i$18HU|Dy+6Rk>!ZM z_2_X>O=X*K42C!yg2aT2;?S6(g%^p!B@{CV68dCejh^5zIq@2TAcW?I5TGs7>;$nz zoks4Z5Pc#u-5c{VpL<45gm#6lXt<{5Q<4Uo=?MM`DNWVi9O0%Y;j zsiMJ%T!YpS;mWV9&7W|in9PC6HO9-<-*vQ+8Z&M3tK z-859UB`(&wfW8p6!tqWGoy%1_4b-sTzy@Y(F9R2rK^qZ^hK?L@)?cuT8;sMll4f z3|b4-QL4@p!P78GsGwLOXmZ0+O$FtiAn^RkElh- zK``!B8RZ&e7$iJ7ORv=s01FAIIKLT**;sLQJZcd+0>J=MnvwIo9*qMaaxkDwrOHf> z0%xw8?jVBJN?Zq>Axe!oCUj#w3@n<`{D5CK0d6cR2P9}9 z>?47;R@h~tM?!E>r^*OYFd~8u3w_sqr2{s>70{ZHMs9TJR4^>2`JwBMECoFxjp?_SuH;dTYON9- zW8uSmI9ZIB`H`RSaeSZ^B(Nih`+@v{C;k8OWB%Jq0bxh44*vR~O(dWL3x_x{|K;YW z^kNWMVoNka6kl#Ou-s7!d{h77%|!JE&@y3)ae#D0o|Q`xa13f^0EufP7@$=EvKcfo zE@Yln>eqWIZY~u-?_{zpL=6bp%wW``jS?JYhE2w>h=CCrhtmKXM}VaFakN1JD8LI* zI3^^=EmRZT8fOPxOeBLwWSO)^6rDm0hg?)CH%>7HAv~fIo( z70KcPxrkxF$AvU5q%RR3E6DN~gaMt`Bs4;!7Lx}n4-@5)0hZH_aze|HGK>@3ku};5 zBAJSqUPKO<%*bg0okbrP#$0ZNCSq1Ou@<9+8lrikT(edJX;eDT1|b_>M#Mw^9-I#H zTruGJ#(HdSJdO-C1>h9oVuR=yO$B)#t3>VwZzp5~Uy?}P5|2nIZl4^P>@g}ZV@o6s z?(cXAn72?7k02&8aFm4P+j5Q{^iJ1b~I5XH7AqzHpP5!(lB{nFpeu2x~#=MzA$jEsYXg&rIa3u03g zJ19BXxC+pC0CYLckLO8LaV#qiB7tHEx+#7XgDNA-4_AE&g%aB`rIU>lieb1)8QA(mCgL8*W{is}e?$TE*j zpoWflCL0ow5(`l$rgMByruF#vXbKc+1RT|G)tHdg5HYcJDj(E)nOrE|+VP$s!OPi9JM~4wN?8W)t-BaaDMaz=S62=@xwq@Ah)gAT&nQA~^|oQK5|K)=|B$LIqAM#y531(Bdv zPoPpPMr%|`rP@6)J}-u`G8o>N8j3((chn+PvcN_KaPZP-h*DET2;2$KL&zY*sZ5_S z2I5_A3Y$d_1pzT@QVQZ8r6?MeyX**Tjp<|If%zuj6Z_E+Ajc#zJ5_IUMf_334Z--S zM7DtzGQ#4bX5gWrfaOyd42bdZ5mCwrS{sOJ?IH>*sMLbUk`vUJH3X+N0!C2-G+6-Z z1Fkne5z@F37r_pKTzsn@ZqjK}VWNmXE{^L|6iAV}LrRs8h^!?l0iHn-X^9F!fDQ-_ zvsoDi-Z>xD0SW{>F&P)+X#}C5N`Z;U;Ap&7poG_j8K>idZe}Q;GI2o?3o)%;(0xPN zE+Ngyq*xeEU=<)nwHBF&t@X-q7;yH~0s^p@p^Rc37KKLMJ1*VfK!wo;9m5RLLLrpc zhI9IiHsCU$p_q&amlM{TIZ`_{2*-ktFOx^TW&(6uv8)^~23Rbq(wKk+>o`TOk&(43 z22m(O1gHo&i_7N?$h|T*!7OkH^;Q!JK91_)aV-*aP-v9<>?$vCIY5FIH2J^_0HhmQ z!SDeIS%?n!2?I@L<`8s1!vQqQ2EM|9r72lKG>!zh4K<&HCB*S=8gfO%$qKW8ILA&P zcns8#DjJfh$$AyY2}MOgvY*98ThPcdPUh>ZNY%zFB_hAZ`7DJK&k2b5Jix?qgmPFE z0G%BGD4*4735FsLT0AVWdaOcNih?qe1XRXsf*4;dR?1W;$mh!l8gf7{faYwol;lR6 z@B}9mvmhk53ph~|HRxh6fLYBdkVffLg;6QO!}XnV4uxV9`WdifQn^tHSBXaZ2mvt^ z8niq;+!eqYJvNcR6#`BL22_GAze~y}JdYs7#dUZ$kHP{4SiYOV6L8sjlNv2H;srvK z$)+Lzfn?m|rUL9FpoD)w_#EaoRixF@<59#0MSKK@4aGGPHBJdz6-GlFs34|tdYL%A zfDE1cMzsM;6Gsg!S;)xsLGsW5jo})mmdHX0pc_c8m9u#=Psm7eP(m&q0V7fQ&=_1G zPSAw~P7{SE(&N=~hnF9Ht=Tm6|v)1L&Vy z0S@OwjCCA@qD*2gW!n(VudGw_OopuuSile2yUH#-~bT_9a^K;>$x<&3hl69bY!0?0N6^D+D8kK zn2@s%Q$S7-_+(>Hj<8|GBDqnaR6(1FKtPCD=~1+eiWcg00k4e@#8L3<8ZX3^K9og5 z$J%&U8wZ19fa;qGA>Dz!I4c9V8Q_k9lt&{BswH$S1JV*~o`7Hy2UIK?PX)xrM3NW0 zUM2^q!i2&&-R#jQL<%v1VB?d`E``wTf}Kmm{EeB!a*r`A~=;z)?htU1lst z?tu6KEnxEuWY9$vazidm9KcBwKi6u*Gt_vB-i;4Yxi};TT}u_aT|uD%sG{K}H4=%+t7oaCWOm5R z@r7k_0vVdNpwF8~u!H&*5w0f+dn00f7^H6eV!mEQ(9&aUz(ioMI)XR=`yp-Zbw zq(P+`gXYR4APyrZq1C{@rlOKVe81Xa#>TZ&ssZs}flY^qGl~Hm>|`> z8Ksii#p;-e2;ypPg_$dm&;b_>7s7`mOa`RO{i?7@YWMSe8Vp}5)`S=#m)_>r8(cC| z&?+GjB{mGo>J^8g9Ep%0rm#IBg#&pkxC9Y8@{uo*PL!ZfOiB>s*x4Gc#buBA-Atbz zM1Gh`chC|+99xssjugSDd@VbQgP#!l;EZ}46PZL&fIeZvE~kykH3x8BxdtUv$Mpg; zT@@8MI8u>aW42FYX~Yywn1+rW#u(4dR1<_Ix(2f-@mkpf=6lP86}PNFmb?9I?C!l0;~ zvH-I9_yJ;#Hegsvbl8r<#uU`BPy(!vXc;K{fbuqzCNlu#of&MZ4miGyZhbJIl`?<` z%Ml`bY!|(N17v$d7xYR60;0^yHINNqgyoAGBS7&B zc~VuThjxP@q;ok!Hzfa@_J1EgFSdHKu=7m9;H zj9Cn-_;?8EI9hl_V1f@?1x`Q*^37}(--yeY!wD4AOd>@nxS*LJVq=u zHECsRa@?kllRRXdNySu}bSkMx%M~yH63P^s!8?y(HGDD40ZQs*e^`q{B(v3Wg*$*^ z0l|;ijF@(k9VA2u&={hLl7wu9nxW)E;!B`1LiR9fgKyqpw*&G2R)A>V9Kr1Y!zV%oA()UMke#c`6M@V+F#QFy3Kg zyLd`E-Yv583^XC6L!Gw$BNackQT zXdfB)#yx9qRCk5(*HV46lsCe4)^&yZ3)>HL&+5%+*8cO`*qmSYhaC}wmjD3P@6p?8n}LH;|}Tq|DMJZm+xZKlZ52cJ{tr1^;z%I3t>AY7v#!n`X#5H*C%P|NPMZ+}@c3 z+xuLYeXIBXdpq?Xk(c2sBygi?gN_A<{;%8r?*kwM{(s^d_))On-lXe4=Re^}Mm0|O ze*S6sI)zR8ds2={E!~@#x*aAK>q+GB$C+tQEApu1)w_muU`(4kV9(dfT~a&W$MhDk z$Nrv&PMDP`^G|L_Y?3@tK4r^@{>hhKs?R_FDwVXKJGcIY{=3_gGUrZ}s^Hou=QBP z2OnL{-BiDR>E70Yl~acWVdasH!ICyzutZLs0wId@U^glUEi7Z=>>n;4x_fA;jM28}d{WTe>-P)Pw7VXx!RANF0LK-BeBkRyWeW^$Hwk^ zg|kOQ+yljL$|If47h0b9E4O3ir@iPQT!6N-inU7bGT(dqLQ zt1{CT_Y=hL9n0wSFe~wRWuI@0@s5_k*Y`Tz-uF~K`NE1333=ry4N49QU!SpFyCb3; zK2ZLg+%Ngkn&P%!K6H?OdRRPh&ZEBm_4{(uKU5ECa$-Qqm!~cA_Ds6n@728n3GMo2 zo_al+D0#L||Loet0e|-w&HK`9bJgvATSyb%v=^?f>o&gq;CT;6QcTAem;`ldl^eV?bW zR}Ag5Yy9vz0~^FEuKsIauNgR4`?<%oBCoO~2z@llDBl zrA_Zq*{5c^tmQvl51!fHrQMato!-gcTq82y-k&v6)^R&Q)Z@;a#Sd{O?@hKSj+lql zFE!^<^2fJF71W_{G;i6E;T3ld z4DO5#Z=HT6MYDH<=-9=r<8}_cQ&3AgJ%}M*AMGOFJ+9NoY5`+CorCfo|7^XwWB8*p z3+F7mFrwmk$^GpY9){PP`e*R+%bP|!7W5#tBYMV_US3y>cD-o(iDrBKscgl*futOu zEr&UP!C)&`twZ5vGTh&L0Z@$$0 zR8{FO{ly)*s7dtnl=1oE693nl6{wmK893*y#L!C|1KC^2)}-?_OxHVfDMRp_hg&0NsAGit&g!-I7hyEojftb6kDshSu`ym@iO^r_^* zt^1f$f+;F?Y{tW)_&jo-Mib86>{B=3Doa^eck1YP^jc0Rg*>H&CG%D3B4y|bpDLT1t&S%>C z$J;J%b@Vv!4BskhJsbJnPPd?I{n9hpjq|DP-zgKCH!WSJxBUAzEjF1qMI$V^|EOC2nnx2N80*MD*rZBDK3XVH!A=Wl2fRI~5PS5B`{RZCjVx@8L%IhEnC*4&Qn={`$Gcya9_hs1FRbU$>Gb8GD>t zx@)6*=w?ByQ?~>C|Cuwo;@11D{4`zbjPLIoe|Y?F6+XwXJ^1;}*p1wOxU-t&qsGi! zbZ?8ON5aK{UxyHWyuY&UygWkjJyCUZ3`5KcgQ!^sFxJYLp)B@J@#kJDsdp7TQyD>QjZl-{QkY zW~r{~{nsbF9c!>%roH^UwczHZ+|1`QCJrS1+%>jA-Vgqr{o`S5vRRi_Zjx-{tZJ?6 zfyeY6b?LZfz_!&UsIDt*-CvMB_JbW?6^kTxlw3FQ^zFU!L z12lV!4m0mwEz@J)M@=*W!aEH0w1{3Vp zw{A(jdSyLh-`C-HdnRWkqnjS`S1SaY+3(To>0kEbt@gfpTAn;HoGbbD_QsJ7iLPh2 z4Qsz1D_G}wzy4F=i>B|>4!07&T~k*T!8v~ZlbEF08yu?Kb*rP(KVNx3yo=uf-pdo) z$1d*8Q2OrFpwcJT%4fMY^1tNkDhquZHj_f(<>yB#`|_5ZdQd#EO46lBO-6;aG#2;68cY6(RA&utJ5RRp#E$!0u16LP$$B|$XHx6y2j@?(YH4crs5-Y3jh|3lIOJRN(=RlX?7g47 zb3YS?te6oBY?&s`>+mbyL9$=kqJz23h;ftlH|xCV!SIY%sG~c_DogTrPU+aKczp%Q z`mx@|i#3(A*Yr%azTrL|Hg0%fmaxM})~99N#78NC<&z(z-dJ=zf6LP4QyBFgijOby zI=cj%7H&*`HUUo^iX81PJ zLn8;z{yL@jAEoH$ z{p&;EKFZUz`O0tY zGG9NKcYaG|URV>}`K68F$U&LcnU`Bb_Wx*=*=l>8sbhRS{_Vlq;!``4?w{c|t5;_J zv7#M`@Um>){qP$}Bh^76rd$n`jxk)?Z zSG;?3e`4P5^6%TH(Y%wY%Q*XOqdP6>cY*bD(yZ%eig?Q}<~cjvBNggS4%(qUnjl$E zS3G!qy~mc*Yo}hR+iP?OU*7ETDy#NtgC8$XJHC5dDhrI@<+^Ll&+Qvi zFiw_yx41!i-GPQ_$1`$%(&~kdJ?AYNdbfY)YX=s_bCEB{ZP@aoab|;+<@AE@xe2Ao z$D%)*e+q0mQT9;S+qV5zM%Slx{ZDkpFZiQ$V(pugcS0|Huj+iMlj_cPJ~6ig#D^7& z>NjnBigmOoCMni-Xg^r{XW=gJ+%saCu2?4R>2p){yxk)RC9|6Kpmxf(MD-QP2fnzU zoI7m~tgiifxx}y-ZRqH{Q`EBf$FZgzkMEXw_Pal|c=Pbs9HwAmP)wWr_3O5%zMw}Mlh5y*o^;6nMCP6J z?((=X#c>UOai57p`At^O*vMI8xV<-aZvKVg&6jj;|E|H&?UIL^i+7JJrk__HP!yq? z6~DL_B(43$PM!2F>oGa}%+TPIHLa*Br(27>CcD!b3$8!$pGkUnETe}aPkH+CI@{r>*?(4aTvyB|G0J9Z;!Wo>d@Zfa@SaLFNC zQv15StFJzOek=>M*C6vQ>E7&P&ubs~P3{*3yHEcbYC5I(d@EUdqeqQuaIMkgya_9F z?8g=_5f`}I9r!$L-1Fk3^6kTComV!Zk(!hieB~@noi)Ac-_b2As}}U|V}`Zrx^VDQ zVddSXf$P6k;5P)GtXEHdKTUhhJS=B+Rhx&urW#5`Yt0K^43NK*{mET=_SN5i{a8O$ zH0a%>^j{U1D<9_DFK8d1U)6YWJR>iNYM(p;i%tD9Z`JL(Cgj)$d9R~&T?V~>{IB6p z&fh8YYnO7$=Q!CS{Ye;5>=U3 zx|2r6KK$u_dU0pbj`xpFH`_OH;+?>z9~TR59LvZ6Z?{|S-IkGwg1mo4~~S|4ZONhl~kK@e$C5_UiO-2 z>};HI&7QCMJ4B#N;HMzVpkn3sadRdf)AK2jYC1sr)mf=;DI0_j{+^T#$Eh>EK~+9)3+C zrw@MdVrc5koGlfFk=&nWbB7HZv~<|Z{Cr+1yrpY%>#rhsPG2#UCS-nEqSh9$Ab~JZ zj(LCw?{ihV@q5q8ykpk+@%$XpIQ@djw)}t9lezWI^o-QJ9OQi^+vh%B0{7yTzCv*- zZna$exb6M+@7gDK8mg_IRKEL)Ys}R>kjsmXoA#H&4vCm4T_@eGKg|%hc)o%`I3jQRBf!ecKv)y`SoQI7(_u z+%|DN7@5{h+y42EUVe4U8pw0p9k_JN=G^+`sRmV!wX~pY(YYZ-T{@9kih9Myiy(tH zHg9OFmiF>p-7c;fF{ckJb8GU`+$moNnlG-lsaVTC?H+q%Hhg|Jy#4wg<9}7J@*H0< z^38x|orX4S<<@`wxB9}bUw^XefBdV%U~!&ui0MpekBkKySXqspx*~I2Gat=vk@V>L zHd)=v-N&5aFF!s%%=_G+L4(C98ccF(wDk(CB|L9l`mgU;e|6cs=3Ov_8`C^4dd02L zmYeh{%<$w^-BWKpu{Ubiu&_uFArA1qa-ZIm&O`3{NcSf0PQ%90OQt8F<2BXEIw`i_ej{;7KSBNCl7^#qqWCi=UsyAuQ}e8? zqYnLrEB>*-O8D50Y9t#uaz18MN;q_&VEOHvN>^ zVkxoNCf@QhdvqtSH{w6|<8s~+{}b+~jN#-#${p4~GOX!M-~76{b2PV8yc*IB^Lu1` zZ<9oDjuML(z1Sk(Cf#1Vbf9eed&r@Uu6H!eTV%b``-!bzaG%I-5R^+cFt;W3=>G21 zlwo5E*Pc0*zppGC-QZGA8V#%%^;!DFTIZ*(Pyhb3RdvvP|MGsDtb8c7!GV5W=h}bY zDP#>ZFOWaZtlFLU1hwV8{=oAN>dDWVcVFOsUh9j#oSix(<ydsx+%KH{<6#Luux~Ce;sRTZD>?CR1k)qxMSMyfBHV{NsGI;(()E z|MKR}#JQ}@Es`u%6qj`txV52I=ymQgT~vJjJQ3l zq+rUAuZbt}g5jr8`kumbH-&p>if61$8J!BxA$38 zuC`nI^RuUxX7w=q`1&dFI!uRcUmp~>R$ZMF+PdO^uja*#!G*tIA`i&!F>+GjbjJyD ztIV&pcRiA|qv|DmBKseUUD8(Ztp38))=tS;U9ij>ea;5PHQ9ahm5$wXyyx=TdfJ2T zoo7zU#AIg22jbM&hlYKa3!1D;KPj^&ed;}7xAp+H-lS-E@4*bx*jww4=QlgObn|K% zlmN*0Q^z_US8vE6P`-ZlK{`3(-N?iHq9c;8?c@BRzlW+U+uM3l(+S^4xbEz?zimkQ z`vE(r`S#N(b6V#0Odfx1O1FIdY3V3_7AkE`!#l9FH9XlRZSBn0lfTstB=sq>Js86q z(V0+^-u(Uq&7KL06O)5-u*uKixoNY8_!MBL7WRp31Ia`vRRyR!}by4TWcM<&00 zkanYXUc3J9&JR0AN+^YQr4)>cyz_z~V{KU`b%KtRLb_S=RMv3zx*eK*%p3hj1%8h0 z@}~0Qr9EkrnOKLhB6}_G zNSDne-mLK%KNQml#b?(wJIQ{A?%$+cV$*Bgh6lw-om>n1)NCHXBW;c>KkQ4MDVRMR zT&*)UQa^9IMVb?P`=^jLvsQ;~IR-&Si%fj+t;Q$0Tft@=8dLWiBb31kw4zz=0Wg-9 zE#n#uP0SY78$a7H1UGHmb;$ERp@+G`*&j#CUwdD(j*6cb^)hf6YS4r@AJw| zjM{pmBKooV!n=6x7F|vJnn+Y0a{a{nko1anCtinrG7rW*SBxzS`aW-OwCe zdct?5<(-R3?T)f86&^=Jk>}x$Ok&yDgv=J$4*I#Un9tlWb@y?!VdjB_+GT&Y-q-{R z(aOfuou(Xs98X9YR<)>0ma|!A(;W@*BXcb4BH;%`F?*k}>MxTIX%_v#n{eX=`gJm` zPm@yTl097xw@!K9!bC`%?y+7%Q~r5({$2eu9ro=J%+@R&AfZl6k*#g>SabC2i@}=~ z@APeiXmw`O1?cK(>KUf2&+J*K2idd6dC!c-UTaAFg08-cxrBb*^WI11^i{owG~1W4 zIz40Defgf5rdGtC`B~&Z_11+`%L+;shKl~J5Hui??A{$uR0U7SH)}qe8P;N&!LwSi zWFdGl#&-Rx|3c~v2T$bpk(~>UFWY>a^{zk|pZKx5MfN&M1J3Bz0a*{qqS)l;^Pco0 zO-w8<-rq~R-+Hc@(~~w)w58AftMmCi50r7r$~r9QTmAChgsmMcXG(^b)lhb$WP5yu zo~4Gtjs3@_{Agb{dj83lJ2mRs%d!he%g-+ElULTO=Ih7Vr^dB-y`smy@qN6`+AcNq zza?ZAPiSjuvVLmT04TQhY3JIbyE^gwp2X^$j&pBh_@OLRu8ucBd^b&R@aiUX1P9^* zMyB5~prQ!o;zdV){Me1KtgEw*1V?_rOswqHQ%bKV8q{;n)Tngw^U>|!je|3aL81Yq z!;a?<)-Buf`dn=){)&Inek4J%ZEA9lAuo~Ya1GQ})x%7i#vXxUZNcb4w6O!c&aKbi zkqt!&nTLD}lQz^usZRp)sf}LUNW8r5R9V;5tut4QDvY6vP6*be6cEUFwh!|r=j{D( z^bPoKFNfw2?FK)3=i%&I>OZJo${%>9{WyLHvnW5TU7_3!Y0W`zcbRnY{m2@1-EJPD zO(a~HvbkGTn}5e13Ab2`KGCG=n(*bm{j;85&7QHMvA6TichxC7_QzHh->Dq3tTxb{ zM5rz{SGVk5c_DpWvwe$Zj^vK$*>jXBsj{+v?e(g4gZVQ`zh6x$n|@-_#ni%?x$6e2 zcB%hawyidsxbpdz>?L;}^!7S;OZ{uy$nEyqxvNF9>eNwYL;^wavWaC~=7 zS?a-^+5^)5d(hV(fsgj=%7!`92aUUS&@=v@YsXLr(0EMkO=DONWl_dUAFP*&ij}kJVJ{9CJweBe(X-VD_r#JHJ(Br7!)Q z)mYqmdUO)5RnFR-;F!qzKfSU^Jdla8Z#m&&7MVM&|4Sh%-#VzCFm^=hkhz?FnE~fPC zsy{Y+4PV|Ic`IH=P59*Ljum9R25;=TY!2clewuK8=uKUEDt+dtvT(GDezwI+9O%Ti z$fP|qzQ5ezVp{GL?^y4o)J1)Z+IG!6xxMt$`Ou{UIt}SzYT-uh0ei`?!0VyvJ)^oc zGH9aL&VKr*zbNM&U-q_H^4-2m#%$bD-#oht>VbK~hCRT4WMyUz`|@mdI;r3&GULp?=vmC+8h481$Idsa7dszVR+D0}4O;X}tBo(W0Zyj4AC+ut$g z5xb{$5FM$v&)n(dm7(=9t=yI0-;c;4j>_#|@<%!*?tNa_JEe`eF1qqT z`U!OLtjS+%Bz^krf0rLxGd$Ej*uB^6cZ|8^ ze=N?*Z+bVm)9y__Zhq}W-wOZocZh<62%B;n|PAlRloA|L|?* zao@A7zU!8wF5-Dpp9tEQFEsT!HD~0-5xC^L+e<^dZ-uo((oPi|?d~i=f2$hv(Tw&z zI#oI4SYq;=!HdVNJqWLdAznY)ynp24-giS+j<9`scJ7t8Y?vml?0o)o4{5wXbkep) zF!b>Z%*G#keh>YKX=3`NLA3UDb*p-{1WTP3FHkpGKC$+dM6|Jqa~%<5OZwo9Wj2+s ze42@(&)w8GJI644^yR89hxZ(-dtWtUDmTi{9a;Q=Tj08@ENNG{dYrc7^iJ#kT2xX{ z`}%IDd&!kq-E9{d#NXT_f9gJMarbi>Kfkc1tvE0RAQu~p)-Rh?!CPxSGIRJ%gD!h^ zqsQ8^l(d3W<%)`tt~h!tW1^&l*0}4qokeK^`l& zklTKb^%F$o+h7u+8jkE(zhBy!qC=HkuU60O(xomV{l;g2Qk`mDhvr?@t-15IvBya|s4ershN5YIcE&b8wf9{=O0zas z#vM#3Ejm+j2Fe)`edn{q6@yXttEcgH-|r3O8Qe0bkB!+IhfG%VYbn7J@= z>pR6zxjFHU&_gaxwl&^;yeRWP>d`5a{{3T0N&5eaP#NEK%G~^wO*3I=EFF4}it27P zsF#_eZjsqEab~lQvm3R}ZbE^~jd)$_hABU{V#h5bR_GwVT$lH~ zRBsqAd0)EYhxcCd*o4jr%}R1a6(63Qx8SSQqnocIF7?r}Vd_`@c@I5w#Vlg;>$7%~ zw>PW2e1{b6L%o!5D$9RzqD70+q7@an5J_)6-+4U$$2MYR_T{sm);{NrD$4kE^y;#g zb7u)x4m(;$z26Z1_{7SwHANq)ryi5c48=cunR#47YS}GNwrco;x_6EGq>!rbJb632 zpkLw0XVJ=Q3*PDf`Eq+*4)qej1YAO35EWs&3KbbL02b*K!IC(+s&kZ0L)} zo0g{U>Z(tku|wVV=DKdItnP~OEo-`el=M92Ju%39$HUc9IM@8+er!D$Uq)hjgO=&t|X5ZOK@6aQ9{0j6*D!#km-@g2|+pYf(b8i_| zW!H9%3J3zy9Scwq>F!2J36U=8l5UU&Nd*=nNSAasNVhEM?v`%phHozK=l%|`G)_3 zKC^m~D;_i-N!*rXpxv4x&{yQsk{es~)y?tXIE0NWn0&x`tGEB_JJyp#CyFwWG%U8h zpHXF>hwS_AYAHW-Nc_s)NU|EMVDkzr-@8dM+2s;vBSGw_?hMB_95=QW@lQ;`LR)J5 zv~<7@d&$bj8>DS!SdI*PC*HVR$(s$p3KjicRuB!d!z?80=*gq-eB zQY0Bx5N)D<=$j7Obg}NE?fXMKnpZJ-6Zo^D?k6}lpEq6& z#fr-$3(>r|a(i{P%db={`RH2UtfH{*A?)PpsGPs)6Vr{qxe#-cCWijAWD7m^cJ>vY zE#`G~;uw&&8BZSVB(! zLni@>U4P?X+dpO>0l0s{#gVBkG$-+_pxi4NZQr>>YU$4OS&dmXTxBpfYA{n-+~W;;qUi*Gn!dN%E#vc5l9y>Od=2F*wI z4}OXosPmCky!=B)zI)TA!*iVBFmo-Ej8>~HU01cIS%BL`Ov+(`y6lqa7U_`gl@cOQ zh65#ylt(oaw($)zd;C3iL84t&lb(s$=Ep>24lXa$A)0fU{+Z%*dqr65&jSl+Zv|h* zj_d*MG_AuBmKfyR`!ZI`q|!2>G&Nh}L7Z#{c&y5Vy%!KD^u`VlON z&G1!rP%Lt1;@+GF{)Am3^-A^`1iNVpI>0LaJ`aDA)Q)bicyN$tQsqNkGBXTRHGUQK zRM*oPnDMQ@(e*%Jdb}J(<)ibH$)0JN;Z881H$cjGdFtRxiv;PI?INMH?|iT?)f}jI zQhi+*q~b;$OcQze`2Krd93zdg>925Cgv>JY4hHK>2L$!x=7_xE%tyQsGN^uw*QWus z&rdz?UgZtfBOE_GcKz|vlNZ6;Drw<~{aRomjE89W7 zhtNHx*CoSh2%H_|obB<*P@2JV7d|~+JF@jX(U8bzlFDolB8cyg_Y{u4dhZaN0)+B$ zt1h1?oA+4aLod4$s2?rqmm=cj%4DZc*{wcz@&1R3LLQTUdtWDlHYto`{{6%F{o&RtwL=jTCW>L`>ZZqBIOfU}K4=G^HP)Z>7ccGU~t#oB7UkR`uN8 zI#Sj#q6D7sGL+gzTpKa)dO%Bcg+lgMM6x>2F=3S3F$XlpD>fyb>k=vB}`M=9bB79A; ztQIWBgveem5rTc3L1Bp<*3337MVZ-J9%T-zu|b4UEyXWmrbv5FEpat^Q?DJ4w=?7% z2tijZM))7X`lMd6vX54M1B@&iq-KrNEqB|0h(J_A^!*~eA8n0u=&>tH2^HHM4n%IF zMD_Jl>GUTipT`{nl;?YEPQQ-B$&>@wE#qyFu$7mlTBGrUEf8U?!9kqmX6w%}w92Gx z`gZhg0snh>1LA;*y+WucjnIn$psaoj|5jE|dyDoKnn4+*ydd z>cK*nT{2Sj0#Z}sd+xG~X@M)<#`d=(?rX)Sb)Lrp9+S+G*FS6-BH5cdw<_1F&|q+a z5(cq08ijh>F2PNQ{pVUV{HK3rvG_bsa9-S15EteswtjQU{j(RyUvM?8X3k^4#je|y^e?JhC0P&)YdNFt6U0Kj9hKjHcY55Po+Q^ITLma@TB zJhwU%O*9cw;9d6ful}U90Z2X0N-krD;hk;=SC%9l zvt+{WO#!}{c&YjyH2^Oo_{yv;TM%60U+mJ<1Wr2<1Z}t;c-Jcfm$R4yRMUk>Gm-dj z^Dx0z4KGc$;EaARaR8Ps#+#F7!wb|u;O|tpg+l;b&OQ_T$Cf~+9uIz!7%lt~coT7n z%xVP$vaw8`{QMqp@514|q4byAi#IxY#1vkp!Z=WVb$!xOuLbXwYlUm9^Xx@#(n33U zD`$@nz7B`|=%e9~rPfRL^CD`5L%B~0zHl=?ZYPFIUVdu19ma3b6AgY0ll-q5OX9cYR!_3q(fn#o! z@Rk$3tB1dh1GqTmgOeOz>STHBAqIY!*DL?^XpL7(Q(h{}_SVh(oXJ1&)D3ItaRY?1 zz#9k&#Lm?5H(u%g#Hs~0fPrZuKAw$6(jH3$L~(@>l9iXptCdSH4{e;m$&LJnG-2@a zJ(*Wri&@MdZwtp5yviui$6oC#+eX0=wTQ5iR2PduT+o3OO1*rOfGA+jB5(C6 zP%YkdyVIVS(ZGan!jY}P@>k#5&E2i126wKGAizFeGh)tu2Q8v_M*0WO-x%r5=lJJf zysfLYZrbn4#&aKOGHXNv0)eR9f>Aa2*BmU`$;U6$;ngh!LN*Sz`WYULAGwpx=#ZW4 zqAIIM&?{$oCXH4=b;L`XQz_HVAkS-RRQ3j)gp@?rCaG|C)IxSi!T#px(rK>glK3}` z?8gsi_&YQS7PH=02hjE50#>SaDhTrX<HGcfe-&lBjywt|u__pdaA-4aB zdW#eP8PaJyqSPJJl<{nepxaP}l9X%0vpSLHDfZa+%}wV3V1LmXDLLI$FUk@v`_&eXqXaX4Ij<%N(eS!oT2nh zdrr`|V(F&YCo}uL1Un{ApfK9k=auBmTbJ2x$uwmekDe=hBa5g%Q@M{M9*w%AbJBolRPdVyF`M46Q($235N-{6oFdXYz%U`}|?=zFp3`#Ipw06rz zltKVMH;CR_1FETpK%)^a>MK%XJ^e8Ro9da*%|(viN<6#qZ@_^BIP{~dv%PC7nKLfP zy~{F_8ODClBe#R}RgF{o%M-M!Z9$CJ%0A(bVUY%Bp?9?om(N6)l~9VWL7YPy$zEoG zIalwBEXk-Y{mpD|xKxQye!&ry%DfLxh}PO|^f&+e8O8^I?h5;yZ(Qzh2x)Y`C8Mz# zlZ>WBYU4i`O~+&4vi`(f`SH)y+T*dUA&RwaUhx*-x_8uSn>CnG%4L6|ES=0D9A>q zl2vvrZ&NK7!oY1Cp~m?lAk)3UROFF!WpdID|+ z_jE|sCJ`|kE~piw@ZQI>G6%EHr(2tm4rK|*supH;ZFfJj-+g_Wasc?)?t57|VBrZx zd`iH^_}{#H`A0B+fB!${=P*FQAi!|ln;`@QfXBfmiX9Gd3_rino9lV0*Knx6!S1Zf z48Z}x>+eoQzxANX49m(hI_>;mkAvxGU-tI{vPDUP$W|NjN>33VZvI@6hSRorL~WAd z20C_^Z-;hgA7u5$;v3gjzf72kAk3Qp%;9_v6R8G2rKw6o!kU}f2aInPySf8B+43Zr zPZBC{kY!`V)2_bZ0B-P@o;XbTioV1|dog&#f~UiG` z%p6%X27oB!;W(mhn^@} zj{Dwpz7FVMpqy*U{_SGEE8uUEKgxj3-gdk5)HvomF}<%0Irc07maf`=RYs)lu(td9 zx%}BZ`_RdzD~SM6&2G}+4jMA-;Q>cAc@T*{sOm0e=?3VGx9NjycE)nyB(udvW60Va zsoby)V~yGT{b$;+)^gf$w`Mzk)>2a-ja%@<4TAoBhq~ zps1m9+=S+bRmDz)FKibc!TQ$P9K@zOJTGVQ>V|E0oe5ZUw3-wLS;aXwU(-Mo=kElS zb9(a@3Zv)|y6ziwf?VE%XkG?}6EqZLpi{2INcgDF6(n7R7{?P!Q|g+?{&R`mjDw5U zX_Sw?2&mN9FUJ!n^E*DcJ7q|J*Oar#Wt34MjaP#>8$8+s-8oC~3D2N+HJBYlrS}g8?DST)FFAjGr4@zV)eDnA?}eQ3 zbPIjHw<9r$6S)>?f6n%&CcHSaQ>OUIFfO*1L&ejuL=&URqG-yff4 z^sL;Fo@9K)5`c&NiXOg^3fCmyLP?$AT90b_L5}2Cy?V>t@hdH*dR>#*qLM(Lq0}hL z+;?wShN#hgIG;30_ytS90zvD@>$4gsV!2P7eBZPi3LFVQYZA=&1so_zcNf-M2MmxG z1N|K+H2ikMu+Y^AQet}($KDgTm+D^`_1u&Jzz^kRg6Jz(sgw9}95zqn0Se*J1s6u36nViUTJNi2 zaqxd#de`p>zLcSBp=Y!{Lf%Dqt7u^wX=4^>oM~QYp!skmxHMTfh_zr$weEB79^YpI z3(h5kv?7tev0}l2*Wy1sg}*9v)bD=654P#Mcgy!y zyQ6=l2=Y=2djx(s6fwapQ`@x|q%h`oOf^QN5Pu-Tsv)`d+~>mqi?(kRet31Zbo|<| z==s==ybck!$B98VNm^e3bA0zp#z?B0fJf*1Pu#bi@4G4boGpHo>Z_68lPFr-0S1`K zIz}wAg-@1T3;ys|tTX!oiC}<3*;a)&B4BQx zkd+M9^nTc<EDwc^NG3bs#Kd0Nr5W(D}v5L3w1(6@VApVVPEtMW@ z{>ugU8|9K6J%>2SyOrDr1y8br6Fs~u5X{6Xybso89n3POeP51g&9Z>$o?i0TTEZe z&_@*#NQ$BnrBI~)9_yTl2QumZXIO3&1%ixtRRn4zY8!H{_g{KrOm(FAA3iU7i3Vw~ z?#X^i3mW43iVH~8N$a>meWS3yahx0jrT{z(M=~Pa zR0in-U=t}sm7!M-Bv0*GB8OwZN+=7pW`Me+SKd801)jiYz$wW|-;0Qzu#Gu~vQw&x zi9DtxSd^L!GzJCa%GZ;+j+5f|LqvI7?Or`5~%_B>bIx8T?rE@b7lsR|@WV zxiPdt4JK@)qCbfN4oG}3IdF}F|AtSv;AB3;->=pF9?b-Y2TtK(RfgXs_{?(;=|P33 z&`;ngw8^thjK7CH0}tZxurs;<+zBiLXz*p=A=H%Sud#uF5BS_K8bV3s|G*!XD~7=q zig={O_Ddp^6m-rLbO|va6GsiDRr{&)!b*&w3@&q@2>9EWbq(+&H%^;}xFDSVzo zlmt|E@xR$RDxeub5Dv2n{vHkYLinetZt%=q_n1Bt7i5^&41gYn{h3wwubsluGte5{ z=UJ@0)P{u3Lf0Iwhmc;fzjhM;X7$d!?*UUL;O_R?c=cD*=18`j{Z&D0tJuZ$^-9A* zvv?$>@SIVY^D}f{$Z!ZDx8Ug{`r8ZtA#-}wPXMk+6rY2U#3wvtkh!$qUY|$NDLoSc zbY#GvRJxBO=PgmRdLD4D0NUd1v|u_0A0@h=OFbvO>TS3{;k*q{T@K-TG?7fnu;Bgq z2IJ09T-!=<0X*bzcp4mKCT#DW?NA zGSINoqF|B*!Z8T09Ol(~tyP!dwr@NBRyF`zUO2)1S{{m+1JC@cRLn6twuEhmGmzH@ zQW(p-y5jN5+a=NYqFZ!?U@UlxkCLLQR|2A0#CeLq{dsa;7!L9Wr*N_N&7lJ$g^@WV zoE;m6Cw|mn9a_lAb)-%;togKHxEcaT1A+oKQ;?g8q+3!(PE^!G1G7%nGOr5^cWw%! z@V{f`4IJ;W-yLg@k{y5#nq=G5ytQyz#ic2HP8#peVA#_wX@ed{21NIatZFv+92i7& zKygmVH>Q*fH{AkB#UG&UIL-CSwuEc?%Q2jX63Hj;+F=$W0-ACx=Pt-tySL+$G()C0 zh%f*fFfmz-)q_V_*CHM8E8%qM%M9IM23%bmHXJ~;Ba?qhN-c#E!=!@n=mqq+(I2;L zDf1)p;oYBQ)T$?H-U|NhKJx&m8!UPZ0R*qgiY&E4Fm95}4Z#dyU*84>0&QaQd=q~0 zZ;QUQOUi*+YFyum&Ie$n_L3$;AwSEhl0sSP;s(=J_WN6KSe5WP<>L7=`rQ@0(F)lHRRva%U2~xB z1fOcNF`~*I8oeq5SIm%bs7JE%Ge#@4_qg(|$!IP2QDL>;U9*>$DF!8#{~+e2k-e^8II!uuiOCZAKhh6yI=!-8sDVKe!V+0ggiA%Ym0 z9|8MteC!9ax!7caz!kLpxL7CWU1r>rqqr{6KD;wZCtd!~mm#?+3VsC7bvuv+ll)b$ zI&Q5A+6}EjyBmc-x^(mlmSJhK!#7}XohE^$-GAkt?$7?74zRw^Xu8{&7G=v)(|uU7 zh`)T+Q=#lDIdZwf4Gz$>P+zvuOzRED@ z(81yz!+U<(OPsec`PkHwSJ_6F&*x#K^a(7Ym-x`)6UX~`JHFp9 zM4fRD@oAJw2Pyb*&hMK2DOb$=#DwattW1FJUh9}h0$>$v?!8aFlG)|#$$fSC!W6{8C#SwE~tn!Eo_5k$aOMu#QE z_O&JBA`Nlc6Ok0Kl}LLMk{$k@R)NR(ix}7v$sf@Ec;~KfUd;0W?Hxp$crfTyHeZ4pxoc_w9 z^Co<2LTXwLXJXfym<`>Nr>H%airC=i)-0d9JvK^p9^4)xL#*3zQ>6vZ2o@Hpy;r|< zv7mclvCRi0wuIOR^W~P4pt$pKhnPu?QYj<2JZzQR`4f;O7X7vx1*hY!)FEH!UW=dbb*jQ z{fNe&vcIQSe23Zewc+B`MUaM#bJ7}3?5p%R6}~)}yWRN0X5lzq%00-gPy2->O-M?2 z)aMULOo5iZd)1HIDiW2N8IiS5D?R#+;YXI0)>=GNaxcPF?G*%DbgHoGL|LI5ifQRD zQ^$G+El&WE)poHJRgv(m+YrS+K(ClzcV%k--^*B~AWGXD5|@z-lQ^~*vW zB93H3z@?umx1=}ff@UsU7er9uy-)}qul#t2lrt0Dm_O?)-Q!HECiAMl=o94pD8#grP>uAjvh?5+}_|zxmiR6N#9A#Jwyvg@;+N-2Lku73YVmG zn@@9_Jgx%ham7V|_u*zRN(R*Xu*4LvQmLGWJp<3_MX`cc077gWqaSuZHD|a9e&lux zePWk`3?d2{m7UhFFnPT@SEq7k^Ok~7RM2(TesgwQM;NAE&kcSEwZuYf_k9m{NT>6X z5hy))Y+y@JRepsdUBhd)jN)vbnKYSr3}3IM!T+th~7Z5O8*GdTia07~ic zJaSl|N=A3ZTN39?w#Qj8r2SazqPWFjXxDnn{x5_fN?Y+gc zDf&glM!cd4lYcx;5rTt+a!H-F<120xKqGid;wfad{OViEE2D^0ZJLEifJgW^G1yzb z1&#CMa4pe8x$l1b=l3P&h1v~7rG}!d=-{d##yY&W$$6Xaio59JHnU)cUT*4p+)4Zo zWbiV`i|xjL!KnQzTNIkFxpgw_wA}t_kv+>rmr&~EkUp>5XT+QTpc90mx>>JWfE7vm z3kdBsA12wFV#p`*bLy90v)*g7Mb89k7E5}pnUIG(ANr68HHh=*%B6t$O|<@z># zHjqL7i&YSdI^W?WwvJS7h*f`QWolsB5lph1CZrPgH`d78Oyx;N&^6z#HRqb}99Ax| zkml8~&2v)2GI9$aRN{M6yBa9i_fNmlSTie+=U@vZS%<6p5a0M@3{MHAKBCdh|)Qb_0B2VCK*HH2XPb{5wMi=P@bFzcWKaZfL-JB0lOlvaT&~95R|xT3#h1u z)3I67Pon-jA<|iY0?m7XTg~izUt-JpYy}^F?tcFD-MnC<=RM2CiJG}5y!iNydU4q6 zZs06e8ekj3sxCH3@Qk5ES7}5$9^5C%+`pEw2ux$CC+jG@P0A%fk17F)9R}3O1TnnU zQ#ioyLkfseZQf{p*sF8OL5AKJp3Rd_+TUH^5)|I3#jBKi-pa~vkCMtMzQcBy{{xCd zAPBD7=AENasdG5Ac4@aNeeI;gXodHms@Lzgv!!~CV&`NuxNPRgvEfwE!Cs9Hb5lnC zv0z*lP&9653bYAmEpIJ9)W|2+0_vdDZfBIc-C|=>(LRA#`pFYzI;Po)QvJvRwZaUb zVYxUNRb;nc661P5^Z;l-IB6h}TD3TPmgBGHG|P)-23InhZUYB9!rufwLTp@ipcTMg!JOZ89Qt3NYW=;R00jX- zR{h4JcrZpAC?_hQ!PvtHRVe>ZDkP@c^~Q#h3qBW0z=X1<2tWy=VM}A*z2VC~oQal3 z!0-`XRXi83#o)W$w`@l_$r3;w24W_nj zmneG#rPveIxqD?m^0VT#sKMmS8dz4z;6`$aRQKe&{GbXEtNUNXL&DF)AROT8izDiY zvlZ)7Jj!$72bNYbdFqcq-EnlsI8&|x4NGj;}11i=``ei=*ZoCV{#D_Ue*QjEXT@k~B zh+q3rU=%$>68r7?>0SZr=w^|-bDzQHwA{I%OER^~=%v@pz`$z}K;ut+sFW4S_TP0s z)Q6-0Qx`;mR}3p@?~OV~^i@4G8>*x#^`1Hzz^ex!1=27igr1dF%SAe8mUtgtoig@O zam!5S2dUveS2`69MoZRSW|rIUy8Y762(KrVNfn@&`KKO7K73ES&-qV9j>0>KY3%>p z7tKWv5P)_m7yUC@oVF|4tMVo=Vn+rk6)#%u?+RZr0zGDsu;*F&`{4{gbR` z4uRo)0CweRmS-GMvT9eM0Xx2NmLDieai75Tv0 zip`+)!5V)J?QRF9VpT&`S#0sM*9jc82gs?$wnA3=45IbW)X%I8lbsQwtQm6OjN0rW zQ-#!K2mHlZHOR2AF077W;4?Y(`*gb=c=G&PX*;vgCVm0Yu$`I6zq{R0lPK@uehbLg zGbuSC)fN4jx6Yej39VjPg z?+OOsd;0!NC#q)i>PD&lZZ{q-R;16S()8mzj@z)^0RS{9+rE3d-BWcQq|GUOk4p8M zUfp+%1H$7nj=k6Ux=WI4ak7BOLx|Oq9jTMNW)5%DO4*^=1uDucSp09c@c4M{AfJNZ zfFA-fs;~Ag+x>)c32taz-GDU>Q+$6cGxW*?=)54{QDK{H( zzp`HCCR6Ee2+#D(ztXAXmMiexflR}>SRGQn@)H(Q9K!DTL6k797f;kd`2-_5NJvul zNuv;q`5Mcq;Qo=Dt+CiBS*`0~(RQUlK6)sTuz<&#c#3C(<;)H7HG5at$D2H6i3NiY zn2S@+1M!z5rv2ab$k!%cneHt~iE|QyGR9ym*vU3zm3moX=VFXS`(CP>GpBX^)fF!2x+_^pmGXo#8=~topyldx_D# zIvDI0o0Z;@0`pau=}h1K<>jUZI7jQd|!2hMzVw$o%{giOmYCj_b|OY)ICpV)qs zct6)fmHLm7sNqp;2RI-|-1zY1Cm;-_`v18GW+(d8b#Pi+qb34836>;`!HW$@jIEGP?OzX9 zK5>KS4oX1XmPYM5TOYeZ%0;(|+lFfqXA|U-CnGWAS_M+R%+KAYsh}ON9 zjIu!yXZ#_7MwFV%%=DAtnPu)wpjtKf?i1V(`%nWU*Z+`kgu0H(bF7#`c z4*#YWsagt)r4|r<_7=dqJd(~J!7*YPKbF!cl7yf@1t7`oOjG6onfBKDg^u6o46Oe` zv0!<-t@;)VY9&u%5J4Px5sT7^`?~JMvoJ6MDp3B?9B<8Zmo!CfvQ0r}K2V)2iw%fR z+N@G=>En4SNnjrY4lH@AG{Xk>SGekr2PylEY%koVsx`(cR!kms!f#5Re)4%yyHKwN zNEDoCV(Z_4N1e1Ft*80-?rBPX>>c1>k_kV}gBUB1PfX-TC(0A2d+3k`Jr#@L3-DY! zyr8G9EEt)?5cP^5z!8%o5D@xJrGQufPYbSp*IfjoXNUV6Q3Sl~=i~GoQ~_#6D(IG6 z(BFdqzoU=GFv0L6+m?c4J3}8Qh}qW@7|X|8;F-aj-XUf*$WCr?6%+c0AVlpRZbbH` zpHgyl>x9pGpF9IaD2Kq+=$;p#ilf=`37>C5QO81yfUWqSBYCG@_i&HC$yOu*Hq~(Z zXbkw+@{xP>pMGmqMc1^=GwuVxeRHCt0=Rpn7uZqI;*!}0#eOP-s_pdX5kSUuu>O6* zU=6We(Y}@hGmz78g2$9Inf{U+S5acen_({mxJQ%ZG|Zn7UFn9rj%0z^($knER$M;U z%B7JMx~131AZkSG6iRr5WK@|0&QVX2 z`zH9v`9C%YBkO;^U#Kn5mxLUyzi$lS9`HBD1+UF@y~726l8MV@3Ci;Q)}s0`qW+wM zk;6>*pN{%}ZTKUCvbndgBD}AT3iq!;=|Sssnx&(qT;~%AhkAOqu!-gZ*!)-hmr@5g8 zpOeEa07HdaKE^^?f;Am}qqrT7RvpHRTH?%LQ%3YC%+xj>qcsU+fUWbx-7Y;SI|QkF zhtxGrP|5PIyiW`^a8G? zVKi6#ew$A9w$4JwJh4V=<7D|Zey)@eu2DExXc32TAP-xOyff+fHkf@&lFbfm$@>Dq z<;`Ce;UP1@tE)GTpa?!V=x^2*%dGPjI2a_Mpg}@n){nOEH7U8sw2lco2gZAcKmt@0 zFMxHM%c@443dmSi=8wJusuEy+Jvz6$jhF@Qdz*H%QT!Sr&ZNS~p!k8X%x5zJk@zLh@>fd8lw3TMsTp;uAo!%o{06*^XQRkqD$dGRZI* zdFz!NcvW;ckCX5Q|2h^)AZWlh6b70UJ87O({?ZgiE1(#|WOZUn;3LV2a^3}KyJa74P??f0gvng? z0=Ne;;fo;zpBD2a7`M09<-I})=H^X%ivLf8|9m-Sp* z3KC+txSdj!exVtDPZ$`U$r3(%m>oBE?@oJPlw`^~{k)-jf4%Sc&x0h-jR7yt*9({X z37n@hu7r?v^4<6-rS?5+b7={8|Vx*dAcPCd)Dw@H3C&S2XH@l_@&5xmlA4TdjF<`-XXyH{`aWF z@`sJ}2#)nV?wqf@FEHX-u&FrSFx$`B&FmaqZ4zf$3?jU!`dx?eE&Js)WfwgP^q^Q- zd`8$Y$(cmpO#zqn3vbQ!Yq_Y@o8=(Kd;p+H-hrrB=bAH@G}WoVO;+3VOFYZFT1w= zFm_PA_a-U;GI02bIwT8Lo3O6kPT_OylZ26cnu7!o`;&m(#oNlNO*zIOy*3{$+u>(NP*#+b#$a&8hy0LO}iH*K0dQzZ2e5@VfEx9-6)E4^eJO3 z32(h@$NEUd;#>R*|Jg?84MU{K7|#1tu7Q(q#TuD%a=XK|D)i8L0w|IZNy+=bb_WA! zSPeq}W4b+r4?o>@z8;GX7>~rqFlr2Nl>n~?=pcf{wL2iEQ$)DkH3Cl<=pbNu@7Fei zY#cf$9ZnLp1^fNG`PM_~>a?#;=5G@C ze(Sf)GT13lG9#DLzW@{B>FA>~`#|v<&ztxvk0l}`m{z4}Tv;e8TI4SVQR|r}PQj)ydKTSw<|KP(AN1~wMuqIODn_xKy#BAwlD79O@j^6GQ5z=WVz>c2mygIwzydw*p3 zVvS4yjb=_*w7uBOjO>$o+QU8hZpE(-Acg`WtjbxTE62d6hJWVw%_ZQ=P^1yFyqj{k zP2@f-t)ve^CzSnD=WPqT2`SQmf#QTi)A0td&MRLzE-Y=Hak!;T^ZI?!DCUodCi3HS zV=!&;kUweB+Trd7I8iuxrLyXaz)pcX9r(y=w*c?=()w)%*ak5CblZ%jRiuOg9`s!u zyypRkX&?gk4gq$GLk5DD$~qVc7>6bI2|Ig6dUhe_r$o!|K995#Idiul6~8152T}ZBy)|TwmM9mBRsk2k%W=jAmO;tPs_?xY9&^8#c3m-`(T@be6l;8 z-!5p?EeOmh2G<@yN-kbKl%B+fcDEGWrNU)v5@5t-5N;@A|%FwJ%!Zh>&S_ zvlC3uUm>M~Umbc^77ZROW6rq6p-0{m$F6!uBHhaZPAY^N{)gB`4Mjt2nJ+-`!JZEy za;n$S>#ec;=vgjXbeKQCmVIG^T7$mqyw)4pxIzO*vbfspaAzt(;b9cm&#s>1h{D%} z2-NZy{q1ofJ@MIAkneo{)3Y%@WS9BYW-gE41R47l6uJ~5(yM}71hsG3kSZepYu`RY z(YuY8)Ac?PH`Tsrb8pYEoN!P}9F&8K2>JT0H~TcozPy$uE|3IU4EX(k|Ji2-mhi0_}^%}9)1>7@?oe%`1&~mgSIV$*4znWdArNIgZ-J_ zsHlqTb0oB8B64y@eYB zboI`|CV0zt<{#>l2lo7L8I%H!@+FM=a+az-Z`T#P+8)rd9BsQKWf@-IjntWnC-9qz zF{FL1pY?Zrrw!3fp67_<{%T{j_{GsJ#-stBt&%B){7<)zHeY)ScejqYAfqMo3zxGbAdkCF6#r=$4+{Wa(aZ|?=MXOD(XOB}yl z5u45CVs_BU-q_r52t$Nm(zU%?u@gpPjeC76SCQ_|cR%(*^s@%bG*$zU@z=(-oUk@7 zMk91gZi*z=6Su!n#(Wa@l)K)L>WRS}>}KYT{SvZM{jEjuj= z=&!#cUS@5C;fIso%LFy7rSKbP%X~-tWI0v4@*rR9^6B)|?O?@qBvQqGiq;YAPIT>3 zNyW6+P4sm>xtz=f5hjI=;@Z&lscVpNOHbjqka*DTPkGWw^MK2ZKmQauEFTi*IG!li zhInbRr*kN6=fP0Qd?_|_O7Rq_zWS?RZ|qlOIZ+OrM)Oh6uHk-_ZKaip3HKYNy3_R? z)0@5zWsMtWI@wAo1znQ;vD}3>jms3$p@{mhgclOaDcCDcuXys5Uhg;W5v`z}Ti%B^ z9w}3m8xq>Rp?VsvultNuA=zqXxZpK~R-;jb|H_2IHmX>|?Fz4gur&0RS@NL7FumqL zu9R4oLE}TtU}b; z4aT^T_NvYkP{uJI2(q%+*M=y1s4d(r;U{p~e&H(C*Il^W9F^c^(ksb9vv?}Ma#>QG zC4P+JxPo-rcX9Imy6Wa=RwUti9o^mY?7f9DugJUSZ^POh(xKrsj5r{O#_CiW=5f#T zYcJEY7bykEb-6JCv9n3d@f5IT-_JSJ~^4LWoWE6Co)H4!uWm< z7!sDS!}vyogTsl5Fl&ZexAY`huBk5Yzk{z?PZaK(3W zpDe(v@BK%cL3*L(2P5QKL%&$K3altt#fN<|O~8$(Z&;o0&01|t@s#F1gN`iGAjwvF zj_;e4C`40+-tghUq_?O#1)`(#H^9MyuWJu7$9eaw4|*$|WFJg5!OVVd?nKVsN9(I) zS0VQR=En+UL}s&|Nv}sRLtnc5$-9_vox;27{&A(HS)Y++zu0C5hQilQiF(_r+r06~ zOeDm(5FsqESkNaHQ{RsBDL!9Ilb{fFbnxlx2e5_rp(y>SMTSPP^nrdjJR{j_zKOo& zmxB1$Uh6+1@*(c`3nliu`rg%NL&{+Juj=BYK9z!RS~_5%T=^(2ht3Pp;Q7W+OfFDn zwc?0W$*4ze*N$raG>2D+sSg2``N-KRkP$SR>A@}Dsxs+L#f&0 z>B@t2e~k@H_fAUuXHoINtq$ikib+!z=q?l&$D4%gT?w3~UoA4PavfK1JsaA~eNV?{ z#O3_Q+8y5Ke{VwLLB6x`kp7(b?z^Ym^pT4JxiI~<=7YH``{bUN2Aq^hN2po`;wj9X z*o!9y-bke;R=>1=Bj6(%rp#|{lAyJed~~*&pYkIcaPa70$FdF5W{%Lg*)MQ88e~oD z9nkkxd;qJ$H=oYYp!P}l6SmrVsQcp^hsT$w_WDNkANv8Y?sikgQoog7d3n#dor8>d zn0@{nqVS*YpmZnm`;0CY3^sqg4S~u`P8_n2`fGz!$Hk;d*FR6pa)}S;I@3lOxe@Hd zQ{>;2T_f5ZdYql+kXI37O#Gf$|NefxAJd|k`jxn=pTiK>+TK`2cXS}Yh{(Ynml#5A6s+yjG+EHMsW_|Xf~S*IiKVyrWIXpsss@r z8kRstry5AI^Xu1p{CY8mM=+af3|>RbG?o;L3Ozo%Ur6u%7g28=7u6Sa56^&fDlJ2( zbcevuBPfUK{=<^~W_%7($v>w2&kLTogFUHjB3L?D zb{kmc)h?AdzOJ-yf}KmttxSj&eN{Z*Tn?Sx9{49~lE})~JRA6AKp1lI^wP6peTro% z%C5s|xLJ{dhRH>>Jd2faHqBm~QXgIu<~6ZJZP?Et@$x(Jzn;CcjJ{J6x^I@D*W^$i z=fTx|%c;N>Q))<(xU*4{=1x;#(S_exq&tJqZ_Dhm(6bGlQd@DZiY)S&md(9fjtERM zKg+YnkG;Qw{lsCdBda!)%*SD%63;7WeM|VWsIn(ZWaD)KfFv0;`fh97Ah`9lD3E=o z4-H++5qq{y1LCpQLxTZ1uco|q%M1;2GJA#Q_2C~ZuCrPO>^$l)DomKIj$ES`G>p?F zeQCUp&}PmV7~#=63{2UvgGOeCWCCZ&$92`+k0^yiQZL$nAg9WW-(g}=I2LZ7>6j-#>3G77i?vua(sd10Ygw{kGZ)P3uMQle{Yi~%HmbUR^T%DV5F)=#oVQ&V`+u|$#ehXMdS7UIa`9!DJ1+P?^ zFZNZ5NJwIhn|yn*ZSSZM6{Yj^Ya?HYPZXgh>T~F@$z$Sp}$ewU$_ z!Jz~)l!9MaNI+EqGmC+mb$^JEbs3*HLK*JvIYj!pnwMD_wK$4a#s9(3#@2zsm zmeZio#Cxj)&FBzT{|ma-Q={K`soVBzWrD{bemrLID%g^Tl7_}A^8}R7;D?{azAE`= zDW@Q)gZB#h8sSflsp}j95z5^LlESr_hFXhv>F-~&eaj4#rMx-HLSBrBhZNupX-2A& zQXe!tir~p4{txF$vvt)aby`WvxyS9jxj}S0(v{}d=9nUwf)2@)e0N6o~0jT{@l z!#@Qmo|tm#T}c?HMA7|X3g`>?kS>)>v2USEs`j%@Hw8T?Ntb07B;0MO=XT%BujYK5 z0tAW&>joD$qeLR*HcQ^WK2dvC+!GD(^7#wHVyPt>(|1hjNC$@^1!PZjji)9Jq5sYF zK2+k=Nc-~FYdf}yAR53&pPY+r3Dwc|(}4Yl8~iVYGN|jNoGUh^z2-k}NxQ36D21rz ze;zkRUS}w4^t9v+r<{?j498ktw(MML?VEftAf~C?2)FmT+{-ge6O7JIpO}E3T4PH0 z&x5mHZYAUFV`plg9XagToxg1YA>KLRoAWWnV9;~+E>|v=8uTTQl}*kXeswc7tid>P zVT(&(GQ^nM)?k8HyCim(7Z1m(zdj-Ena}1NY{AIRz4Wavh<%k1d*K_rKiv0WcKB(6 zwbCi&^Bk%bP+oqsiezv=#wqm-y zj>+t~W#!{1n5T=$6iMf{t1%@}IbNIJ+s(5A^Mosw!{*q$hE7aSHp3=y)*dXedL7a# zHAVCLGsAw%W6$UM517)`_UnT^g8}G^`cT6eLsOIV9{6#;eoZ* z{9AAWd(z=y@Xf3i`J*KOm*MBPtfij#*H@AO>c&aeS&cGYp?v8-4etK>5Qd4PHEG*> zo8Z?Y>cQgi5SQ)*t=}|o4cff(pFJ0DJ)a$b=Av1GW&}e^hU{TGI~^upYUQT67!x8t zi%8H&*d_iBtXJIdq-W1Q6Hf@--srdQmx~<|93t-{iv?S0+MutA(o2-0v`cvJ^CHdE zPfEt;1;n=!z@{O`TxyWM#)G%N68~Hk!`9RBF?-VDr10fguKADbCytTO{&tJ)obegdAvk*tQxId&2Exz*!^kyXH_yx z@~RZ6@63aYirg4eW9HGBoK{`yjEJ549Nls;3$Gw6l;^sf98W0Y)9aMN(CqNBpB}8l zQ&>~Da|u}=HS8bt2`&$3b6UA1D0NE)+HFkTpk6w`E_vk@1c8 zZ#eKeb)36>dh##pZ*#?_VFs1g*=JBb6 zM?FneFm%U$-9>>aMdCN8rq6oX)+pjRM2s5{(S7`|R_yP2IMhNxcqqMr>w$ISgW`;W z`)*2};x3Vj2A87^%WZzo`VS?vd%ILWxw=j)&KdqNbdnDmzRV7 z^W3J1St#b`)b(=c{CmN7``cm2LdcWF46?3mLk|YRIJl_BHSS~@M`OMfeK*q?avE+k~_&web zyUaxtT7zTKD+m;@z|OUdilueIy8~lpcFKg`zyI)v{??|qZNqEm>sINT*M~vUpi8iY z<#WTvVSMPK@3S$fXf`RFCZ%Q$is^ueU_@Wllfs<8iQ~_owy_XIKU;q@W7$WtopT`i zYj9k7(2yfyc8;|{KFKVTD#rM7l4QkRJkDb7eLarl!d6M*UgOUa|I*X5xKQ42a}#*` z$G@LcZ0F4lj@P!xkJi;w5!A$MYrKxn2$bdm)zS~-i&FVInWoB!o#*M{9%O|sXvuD( zzp}2)jaNHTVFD5+LB;NVHMv!euU_A8?1Nb#eEnA{O11;RGdmCg^-vU>K@lBmuzID?4gQNva{T3zX zw>sAd>cNdlmlzNFzD~d(6!%JhkL&v#$Xy#XmjdVA~kBtGMk75wDPo)+Uh_xbC{WHIoTh$~A0};6$lBj=Np{W%H?FacB^qUoydT@2 z7BKlUR-T;6qjk^uoLsd@-D0V=TPG@Fy5bQ#?)1mDy-$nRJ^!LT>h9k}Ve~fMXN-m4 zt`=zqtYr*7SOu1iLQXGRO*q&(eH59?F`dp+yJUVE)xQN*yme^_U{h)g{%O0PI?nBI6e2z87&0aAwm2Hsvl)r&rRsuLv zo_lgO8?pVVP@*4yc>TKG@<*mPJ~5*gi=f8qAjArK>oXUOt|ws%-cZf+CE<2cy096w zL*oOju6QquCaBagx23kXM?i^N9|3EQ=B)z86kw7lc%?$S8Uy;=lj% ze_DVYIV>$Y-+t`K#A^G3?%Ro&4(CM7_{M2I$Cs(YET#da_JJhP-tVPe$!A+iikpc+ zm0MPexwTsoPsANgRpgSTb)S9Vd$UlXhuHn+T07&72Q$!_(wd8v_}tr|KM(iuUH{cq zh;VnW3O4^yF@NVkIScNM(K09juu$g)wGFMA(LBBQb!61tHeGrBL2<8uVwT%Y*~2qL zg*2n)mC}%*b+h_iQSyFz8D#mitKy5(v$XOR1gU}`VQuEaqP@`LR*H`e^*^K-z+}WmaX~1QvGHamI1?pG zy?6(=Yl-*wSMcZsi2t~69=_)fPbw!tiWWJG^v$dMiLr#&ze~m4P<5krkyE{YaNNYg z^?vN=e0x{_N{Pa-z4&TCR7Iv2tj4hmufFlSY`Gp_>hvdPajOy5UHPz~pGgV2~Q!^!iyTi8$WZ zuU{jz{MUc5<94Ei3&6e`w$byZ<;N=k@gIIMV2Q{7ABfMj;>;+QrJ0J~ zzWLw=v(C@}%x0!I4ctfAk+y)|9uL4(W(G;wovmHnWwz3{|DS6Za#SaJ)iQ-~vDXc~##gl`Hw0J2^>PsL?dPL*3un?y6|>)W&9!mA zth&AlX!dSCd#!u;a`@W}7AS_NGq z{bU>_gdT7NQ7}pUypVpKalFl{c<%Y3)MmkuK^*Dif7yGH>UZCZU&A#sLdQ07NzC^V zmUpDV$YOo0xqObXz-7ztBe08Ov;Q5)XHer5dr5HAe|kXYe@$8Z0z9Qi91bwKiP=;& z6r|bV6%;GbiQO#WP0uYrQT_RgjVPxYiiA`7@#Di({Pq~ z6u5yY2(RpS5282@JL#Jx{f<4mnLO}h5Iu4T-gdO->?29Q&OpE55&JiANEl=4@< z+D?#!ZeUC^9Lpf?n9oBgLQH8sTJc(1Pw4vfOb(q$cJe-&3&sn}^FO+Ek_L1patQUo z6j87AR7pSW$!a?qnW*3KH}n3KTgdqer#Du*)_rS4Am{8`no2WRfy9{J46#S9VeQBm z(zp+l_R|GVMC&h)rrzd_PQCZmQTN^9CJ^sfO|8ty&RB)*6Nhg-&|m~ z-W^_ZXa_ca=kqsG|vBqtxz^h*y`!Az}tZB$D`tvui=0OJ|4mBYoFqksg zujkv8t+op&-sZLa?~kb96^s{f8Z^(+e-0Q^_bI*keED%Ddr!$LIC(l$l?;|4a9YH(sAy<0#$pWbH=6LUIcWo1>MJRf8Uim&oje|AO*a*r4D-g{L%YoFqW zRaII5)%R6@Z6^C>Dt#-@u4P|>t7iS9MYo(RkgShnz1x~?GC(bWs**n7G0I0k!F*Uy znIhpF4_?URbI#|Skwzx&8; ze5i%7bjvMS%%0;(1TD>(M+ce2NfAqa{@TBBlLT->hQLlMF8R$s6Yx|?03MHhS{ky; zXjeV<;Pu4X*Ws0Chv+`zFrj!#d-Xr;CtS&*mr^ws~Y-aAx(j5q;#V`JMC zYJoaAo(oC<_5uClCPDnbnNJ)GJlVxdrOpQ>=AHttLsB)3RQM=jA2_m5O@rUiX8#Ot9Y463Tec=A~6qGM40r$x`z+9!sXT37^p2w?qU;iA*A}_~=rGIK|=6O8h zmGa~{E44|7u<5}4RxSCa&_!itpU3HbJCc>~=h3IdE-=DM(aWiudrZBm9MRwhJXvg6 z;D5gj;IrixVU7EJydqB1aJ!Mr;NU4xq17k-w=p*Jb)6RQ+=~HS4jA*uZD_*8xZ!dx zSX92(_0{FeS|=k=FcXbT?Ek`RlfJi{V3G{{nkM45qUOf74P1#VH%_-IhnGqkc0{h5*K<=MBUVb%+*g2!&qEVwx0Oh{F+hXm zfZ~AtUpgiXHrq|dv#|*#fqKkA7f7FlkDQhu7!~n9agp>tDU&%{%T~&^FKrTkvh7M6 z+ng@#rS7>i%{>=*UOdVuk$_8e$6lVCl_dIa%e67k{a8(Q$fnEH4livQeeYzsbz@aj z@4fdmAGn0VD(uEMvU#0?t}ag5MMPeL&NUBM{C9&5J$}9Z0n}rQ1r71QjIaM-SYFVe z*6GXnPQx(YfAl7)i=atOKMIPgHnSE!&c>}Jpq6cvTrW#S%gD}g+?5|&Q zK(7uF%O1)~#K9qKg?Zce-!GlzSPi*7xQ6Zp84Ruox>=fc$GBvLu>?-o?ik9f552`H z2EXOF!sUF|_jt!~MeZIopSbsdW}`P!R3g!!WN2?pL*8++&oEo)Z&GdKx4imjAR%#! z-sb!#8a5ifOLHb_)kiIABU2r8xHc+c)()&(CWj5n4pM4m5Tb7L!2OiAWO)!LVgk%) ze{t>Xo3oc?rjN!nXh*oYZ}da_hdVFeAdlUocX`ds4I>yH@g>2C7cGEW6mn@7?4jY+ zHr$J#oS47cN|R6rj48VvXTYF-9TH~6_ueDms&kot8%#Dm3EFuj`Z>2;dajR`Wm`0}9&s0-|C2r=&+PE?O z+lyc!gyQ^14OS*wq3uRe-(UzeoHX+?L`SA z`gNhdAPk80$uQvObeBxeu<>*yC0D(hVE0xLu!G?qDD92qOz~-7SnQ%Ri39hNM9F;C zzYuA^Mq$FMl^Z$wwu^3Cf!Avo7;e0TgulGR5rl_J#u{#O?ZR0!G8utNj~^$7 zssSO};GDnU6|kShkCd&>_)7u-w=*GBd#c#v-;yP9ULdcx&jf+hSdadxqn-$>z9Es=|!!?MST^g7tE z@r}A6|CRhSAnX&`$toscJqK^jHz436YUlYNiO+nrGh?3~#j679%%YLMY#CkRrakN5 zvOB@i5AbZw&2U0|-^e@3vXUg?qSxLRer(v-aWiyZUAU|L=z25}=jS{cSGjKg!qG^b zmH=|!!c5iBFjcPz(zF)(KH6)|=LZTpBplcSV|g z;dxC;sx|AqNH(UC>Y*`=3|;K(#-+D$f|P~y*S)jQ_&(?Nx5;`4_jd>kp+$S^+n)ZpmX$mbaV3|g+G(2`qA0no3&%x}T z0#{dQ%M}k$1&XlXj#UvwLAl4<=@;GAQ^dE!qmmE|i^B?`?GrdQ;+7pVZie#{Gv3(G zxLt_+!DjQUv0su$51sj7(#{tT*ly8(YZ`c-YD#>aJ6PhPc7jJjKiQE&ZJH*O)w$9v z4Y!`}QRo^nYo;Uo1VPJI&r!iDH4{Z`&`HiULdWY79)Gv*|7j0+$#^YuiFyfF{|$<& znsnzUI!0(qM>IW$du~_YX55y_y#Yj9s&EdDxbZr8Gm5b#Q#Fpu4E8e)ju~=MBV|J~ zj`Z?cv(hU6YA<)w#v{Q1gU*HK?V729%{Qj+bf!bJu!i65IZIMJ0vMhw@Z_gxl7Kum zE&8JeM@iC=ruVObLKiuVk*a#be*|d`P;@X=3O`OBwdM*#x_fSE$bGCi4llg^BBf;} zVCOrxNcqiop|57i8~^<_*q^Y7PFh*uI(RlC`5?qY!x07_AC+srHS$@A1{LpZOMGqJ zrl?IdOG&Bz==4Upd4RHJEFD-y!52Rsp(-0z>)Oj3_8|8^`gGeZI}?|w!lOlDoZ>C~ zFsiGz)I41{$E$Zjuql=^3dHw*ZL>LF%GgL%^&$^*w>c)*K|pZI&@oe}%N+$i-B&)z z66x5)0h$nf${mGg^02@&j3~sr-8He6`et#~v-I%4zBvt+PLm31KyL9_^TVb;2`-WL z`US7J7tf#)okyOVzXv-_?hqus(#6Xna@cD3;PCvxfJO>BCgKPPkh8J&%9e0r0HXmn z$fU2mlXrUp8i-t*t`-HhRrr<=;vGCJgc@;IlU3l$_zW#NSoZ9h{|?yZoDJn!DO}W? z8X!Kak;JXS+om0N1G?;*uFf{e-2Hwqti~Q;bzS)#Teq#s7k1pbd+I5r9&r(1*CzwP zfwgnj^cz30LK2gL2BV7I?p57bzIHd|vaC5vczhM~y)CT&vjy{@8q_Q)2hUr z4WA`FXZwf$!pJ_?ZAIpB!mVL?tRjMq{2MU8!dJE?c`m66pbFA3^}?G~`-mwb_N|YI zNz*#!7E$xZsO+>zMp#Ddeq`e=csvh(Qt_?- zId`yy@!-N+JxovieCwSZy1kDOT&Md^e7ik@`U|&ZmnHElPT0vZaY~MSH&*Q%(>Z1n z6$V7h^JSt<+Dp)^F>kYbIAp}7_U^Lek(}U)$X3TXFu>op@`uuEB0eP=p@QjOrW$NO z4ttJC{V6HbGJ>Z7`<6I#()5cGE_hsL(D$)wU2Z-A02HoScI zu>L?)&jFHuNc5k_?=MK)*^w`Jq!Dz@>SkKBBO6=(2a*=U@P+$h%!bNW!zbmo<_{A1 z>wY^(bl#)rm_%40{d+-lqEWRx%#Mxl@<-xt5 zv+~%_7rt<9rH5n*J7U*<9vgPa3F|&Dq~vaM$l8bYhs||AeHGcGb&Sb)^+cNBAz`eO zSVw4=LhQ$c<*7LfcAc6NoAd^1P7M%lYfUOW{q6GU?{Qb(S%!IzMp{nBW`whJsD;UY ziQ*pKB$!@1vLS(aNN3XiUD}Cq;XIXJ9l884sfJU`sqe}Gx$*S+6#j)wCLHuQPPasDNF{36yUcE|G2 z5&V)>QPYQ7xz~Y197m}+D@<7=b@hB4whzoCLY8Cl+p2Rc1G8yJ1Zl;0Ry<#BtM*RY zWOW|D-#j)p-(I!1#rpExXV9gm=pIS&AN7}qOoTk#s?(YRt^){+YF$HTZuJ$V`%c7^L; zh$S925gB|&1gp)U;kFU%?wtx)2-3TB7t$s+rupk~Y(&YeD$&)Gr&!rn{6v(bg;(zK zp3>dtb$lJkA*!X5^A)=Xw(FAeFV&kqiI-2`Z>@NK`_$r@EIYMuoASFa(( zJ`WJq_=dKrmhJZ%p^vU>_~7=dgCyjQQS(Q+bRaA9ANAQd7mSk%{ddD}G=!muF@6w| z$qz3W=8udsC>`WWD-7#RB0-8+y{;;nx&0s^dts@(LN8LwFCgnAML;RMvFhQ=*%{aa zJXf2~-;b?73H<6{a~@Lb{^Y15riQ*^IkjT(tqB-r!oEINzL_bUcamGSPBB`=T(186oKSeM!xli7A%58aE{}t4fHPxAGMuQCs3aPdD=NR3QI z*}z1{yc$MK6$(gaUCNQg?G6hHkV&D#)c`Rp{1Zh1Yd!*Xe#E6i=$ ze8cLV_Q_!S9_650iJc#C*7ZE)BZoI{o(=3TOufKilh+Y6yek*O{z$j0?Ar?wAFH_f zyir^;d=!afm)fF!w4Y$#p^s|{q1&~efqBk(NAA5@`JyL&(dkxc?@Yw$^ z0ctV#eg5N-(L6jR=qKB(I6w(Z(vCna^X!Il{$ZQjD0mNwS+wShb8<|63dHZ9U)>+8 zUS@aI@fSJo3~wk4H@S}da!z3UxjyYd&fdF^7~EqMYVPBi)Gh?8)o;wG$nM}t%-bf+ z!czLGK;KFH?H|o={AC4O=-5@8!{h&QT1$+4^gEk9*lT^GDCzlpPyoRp+@U$EWga@d2S^5 zEFxUb(!G)p7ZbO=Sedd*vl;HU;m4eC^2P%lo4g!+@Xr)wu^{$m0>i?eRf>}DPNDZ6 z_g)>*5or!vQsD@5%?$ehibvuYlDy^LF{3Ta&DmF@C{oC7<2KZOo@Gk^G+poNyXEl) zd(!y_UZ3CpBxzDyLI0H+44rM!>0o+p7F4t)&1`@59Ez5oz5U=hM;ETcp9P((uXs{^ zzsX|*|1Bsod2U5~c_wHqGG02z@Ia97<7ah^5S5w_-pbzBd%8YB_L2UwQYkQbDx3dJ zowi&>iN=um3!Y2q*F+5q_+&JJJV(u2+`6gb?mnFcbIbYnwu=`FF1QT_g@uI(T+jA$8^&k)%e5-HC#or~~9p!3h?Bf;{8ZI51`ng)B7pr^SM;+Xo}KdO#1&CMnt z$rp}q6Yz)v(<6sGO4)C()3dhWPU%BA6|>L1-cy-LQ+H# z)?3a>Q1c`-jf=8%c=})fJG3dfW#(1ojjgMJ|uwBEP>cU@HJ z@WTg}*zftuQ+Za1T5VU4t44I&Q+`+_QIxJ8DpuFrpr|3DU!@LL?_O#L2TBS{4xc@= zFZy}cLxuLZkEgn?D@>`3d;79@w8HwSI4*W5e>!#kq@k&tL*45j(Se+D=ATWYC>hN8 zQdaH@;}CN6B5A2xfNt=8eQk53=ky{e=5Y0=4>APwnqXIgyc$nj?8Me}P|d&m?;lf?~uo<(9d*9m+d^V4^QeOb5o`hr^rs(G)|G~4Q=Go{!r~Bpygy!jdh6I8Lc}r7D`~5@8{1^s6LXJ)oi^FKah+l;-XZf4@{`70WKpk)R!7YhgymGM7F{uA5+@s!V$B z*g3ZF!?TcqBPA%}OO5FLL5>DRx5^Y!s=C}$*O$t5k1^p7Ghp2Rcr8Dz1DnKEA~eZT zpJnRIhL_DJI>yixq42hdY_;5QK_yGK&gIGHjx#Gy`ch0Dr<|B5@Nj{RPMkjP2d`YQN-*A}uOuMj$<1EvIzZ5+jUBsO>zsh{jz2}h+&S<|yjR7Uu^?fq^Z0F1|+a=Xg z{^`r}97Ko(IeDvOHD~$Wo74`86Dx|RI3E$XF8y{M2wuug;r^vHygR8RB`6UG2n437 z^7zp!(>`8b6m$(MwUFSmEQ4HljQbNM#`<{H*fjCbE>%Ej1~h-_X=7euT+zIRx&_HD zt_t?AGn@my8*c54VO$P#%|`J8MsLU!Gu0u{Hb`3{0zb&(!;cru@Wraoj)yXB<+9bJ zb@;84MZtdgDS=4VcW%%`lq@P04-#evX_;0`=Fd!QhI$}qP}@6h>fyN4J@t`FC_#d< zOqvMl$+o7dk6k#)qY~=N55`5t%Mu|Upf3>lvv#aDbTYY!~i<~aaC?^P%tLA1K5y9MnOclZ#y0WqAMAB1O1klb?TaDGTo zS4Pjq0?(4kl>rh|kCUM~UM-TnwIbArI%3q*Yx17tt^zn&6);e}J@DLXmp! zl-4Fp>sq1#=`7g)S9y`*I`h?cer5;9#Lh&T7aT(g=06g}2Y1c1L4(PO&4~ogG<)1VT(4v*a z@uoYLM?S*yMOQwnlq=nnOC$^Y{j0l)y_q4*Yq^HrPHwqEkN!f0J#Z1*%Goj4#+f&S zNixLTXxIZ6Bctt@&1lJG7U$a%)Ea{P*&7~P-uCf)bJ2FM2HvneG+bk%QS`TDP8?v^ z<9BS;8pMy`o^;y55%^n4e@~x%86Yx6;3IAcK?UnDskbnDgF^%?x`2RmKiM@~+}Jw? z%91GD2K#XV+=0foD-=R%K8sNjkq7;Ds8$AbcFwgIC@J#NRO)RRwuGAr>kcj?eYF_(Qm`z%A&DB6jaS0IjpH;L@lH#Z4^Fp#=;}gf`eAXXyc3=W z;bm32{NalVg_&s(I0+Ro zS{4;$pk{Qzcw)2n?j2d@_ik9WJUN%$xNat-6F%9>C4{zDGeMReZ~bw5qKoHzZv=gg z)M6mPj@6F@PW!A-p`}TPyD_Jk4CD{@a$4N#LO3s30uEoqrc)dzhq4^}xgmN!-?gEA zmzqmJszrgPyTVU&Kp}*GC^;xJa#KVVtvOjG$cFVk+x+{q<+c`^IES`~%@7-|U)85o zDKW2^? zC^G`8JnDaq>AtJkVbqC-2ZLG??}jb*d}^R>CilMm6_PrCfrF%m>7-g-@Zj!H^*u)y>tiv6)FyY;2iIHyegbs%Glf&Ngx()5Z z<9riCG0^7g^QP~w;(6#V| z!$%|ULnVndpUVjC^}(HnTu4WxFb$xnU=IEPp4}=uVr~+&I5O{!gRDykVSqTp3+sHQ z6=6cx_$B#a=g3&(n_w-|BG8HvUk<6+6l~GTIL<)X>4W$Fq!!Qrj1aP*iK~oYzjwRp zT@0S#i&m1$52wrjnWP%iQttp7ntcF|vJyFXk>VN6Alkj=#AKH0iC}o1mSzDt$_ir^ zF{7rQ4BDCyUi7SFHT(3)j~l{khF9X!2=dUllkjDbrmNB0rIe4%-fr9*igk0SeC_?# zqMM?YHX%b2e*m|k1aO_cKR`w*LPF!L;hhDoTHWSA8c2^MYSL^xdy~3ttwugl#smSClv zPxLl^X?A;)Na%a6D;QfX;wmTx#f!psSct<3sF^4uUeJI(G#)$%Puu*U*Zknr^+ZB@xc(^uF^3F+o7iKYs^7QaVC}J1^Bdl*?!O zWrVODcY?1=6!Ishod=~{f;sJ+xrK&4Mvce0O5V> zY`H&SxNh!ehXKxbqQ#ljD&FzpS_QNev|dz_*s0DWgyGisM+xK4>dCO-VIbn=zdEhP zm}z-Bo2GWD3X7Qpz0Rm65q%F2_j2U3n2w}Y2$G>&k-wB#0xa7-Q5NoMZ&K~3+{nih zpAfl4dOOfcLn_+K$K{FtwL@O80;vFhuyN=jBO5~gcI|JFT7uq7tIey(g7vc=ke=C0RrFpu+1KQ=o(HJ_4F$g<9}bV3b^q<$zW9d zb}dSgyp)90I6ie>QH&^@HOebgb{M0*A}7Rzl{xR{N*a6TJGjmyxyxu?&OR)gV4l2+ z7jXP5|D?09ZFotI1XaQY`(6s*18-$XW>?VanZrbnFK<&n(s(EQqWOgVn;|b z`>c5&Xyn7wspczBC&nR;QY`W!RpWuh81?YC07MFZ$Sukr2wmuKCJQ_s5hW4&JiwvE zElSL@nQo+AlASq0JUe!#h*0fL%Vx5~pRrX-1q9u+o3sGnj~Mw#ZRN{04cDZlKGVEi zm9G6GiF<3uz7h_z)6g0e);42pXDw1QA_yQEg+(LS`4<3{MSMccPJR(zsY>Egzp9XApyj7 z!TKENJabuC`uj%nHw((kw$jwI0>8AEhu!{N7LLt01A(;Y`(Sd6LxH(P?7>Pg_Jxi? z0WsSv)bo!Hla{#5DRgNE$SK~W0|$RgEzTs#J5w@upPljiAHjutBU{{8p)By?0Ro90 zd?^qeqq9Se#wvYYCQ@zpbg8D6yOk5j!-JG)-`!|Cmay!q3T3n@M?*CkuRJ<+VhaW( zrIlC@qZ@}V%0q=&*_rDDaE0R;HQ8}*g%#H^4{xh$kn=q9b0zlz(#|&aBlw#X*QjRE z5RNi3vFjY&03N#iKKBDn31_oPxD(`NmD(RaBJK;B%^$RW3R`OA2@E z5Bb1Gn;(dkk-nKr6)}U*+Glvz9-u;A{(TNaI_Rnq6eYtOmQUBe|Iqesxb!SntJCI@@U8Rc2TI*u~_F@g>;Gd9)JGhEUk|DW#<;Ee z;)DsXF(xSrXA)ilo-Z%|EsujH7x~t^zrO*2;?~2W``(<@j`i(GEc#xlTd=ty4|&yp z7v51Qlm$#wT_fA*SHWx1yu#b+P?%dQZtEj;WA*gKD#_+nZ}u*^Kmm=%IH~ z@c?*2bnwA{w$bj>x)sanp8?H`2!UVbZOV>HxMOswncwkiQtn zqF|Etd>Cc{;e-jaU#1!p=+579br9P<0P?6Loz#rB$K)D0ugj!;# ztW3AD;+2j1^`gt2{imYCKIjJXG^>)zEP8}+N%>|lXQbfvQcMg2h=_tk?yOItV}dO} zBb>R9)E_i-;N*=j$~8&hkgg*SKUUz=p-h@N??N;!!AiCZMW0$xyh8di0dKu80!EWC zyunr2TPOm^@`hoypLBKc@+#&l7Rq-1RAL&32;z|w5EE3QRB&>MQNvwI+zE(Ux^fBx zW*p@vlH$nXxIjsOrN=H$Y=VkQhOiRQ;JPC4(swa(0fJM6kaS#;njBnr`zRaMg=0E^ z15u9AIpQNHB!RN>Y8Tm_wV${)3Jc-!;rPHa8rxS-Y*7h7jzj`sHxUkK3&wox{`NQz z%z%nu)$+vpH`Rn>=R362DBrz>u0d}1y284m)D0y+q?R4-qIyfPN2+#r*b^d7`hBs7 ztAXkp9d>x{*GVodLA(9-EprG7mTJ`*+ZvqP zixTzm_*mFAh`Yvxf^rtkH~TQUIfy}YC7Z}ypzjHlGx>}gCpx8r&bMoGnGj+aj>;F| zBY1L)6x(=e+_3OAB3A_CHh$F>kt5^|3B;5NRpE#!zh#S(_8M->&oyeTmc>tmzl2$$ z`o&ffJt1w7`@{G5+;mjDMMsO z2%P5=B~{P$>adXEBv7cmGi^u9_p`0N2=p3r3W5tIFeoeBpHBO1vkD&)zQ;8bN=Z7) zQx~Bk0JNT?!QazBSb)8V{2k8*N}wk?B1gcfajgxEB(8;*Joq%#pd6{uqMlAhtgXVB ze+#Y)9QrYx)zvPM5s_5NPyq?YNlWx9ziyf7+d(5*);sSkjH?Y+=@UzIO4Ea%q$B?} z9p7CYtsh|qpyzPWLk_Dtg}P@NF+NKxhq`a5W}J&0mKyLl{d&#Sv61Pi@M5BS*L{4TO9s2+I=f1Brd zyR;uCQs@?~G2f5RxR?P(_pgHfE%TH6p7TI_C}z5b-I9jOBZ_hZiLx?C#>4_b0QR;m@< z!hr$B`$S!32;*))%q!6a7f5k3#hc@Gw&7*etRLz1`@H4?Y)~9tJJTPfFrep0D>3%z zKv}@DQ<~QFmIVgQpiCuk+k5_>gc(6+?!x0ciUYhpn`<~Lt?EE#t2VIJ9B@9c>5%%| za0FmJMtDx~@2nb^flXJh;d@GSHYs%`jDmx2-|DP(V!lU6)>!P^6;*xuF3&Ry52E}O z8alpLmmi5+deQVNv>ZY^v)*;TQ*33zClCjtA^R`x;~y)5#U&|Bzlem(54{mh`Mv1@ zfsFCjD(O8LPp3dm+24rhBXdJA5$DA%CevXySpxnF8h*< zbr7C~7s1?{FsgzwAaP#&59hx+-x9Dt5I%&OIwUS`I*@jbTE1h9h+q)4PPBn^K_2cr zpv1L>%7?tz-N@LbH2+K#%Ni1_YrA09OJ8o*flsvo!D4-V-vSc`ko4jy0qyvdp9c}~ zvx-Ydx(wipX>8vw!j<*89QMZ{)vLm;aVpa(5VSq3tB2qzk#vjJb)_{sOxkKM>lQAI!Q*7QM?zKtT}k?D+uvxG4&CcCp&C-4CF)L++w(`vNMVQcgtm@_EuPup z2YAfJ0I|)He8j(x`C8yre-{Xl-S>|)gkFFwnc;$TUd+?*XsXFLxjq9!YetA*4xP|$ zh0uM0Yr-V3V^U77!sX?BI3EtWo`0jPB{qZ*(xUm*Vy0*uQ5MEuq*vAOL!gwfr!d9I zHaG4N4M;eGJ7w3UE+1E!s+NL|$~(`=7^CGb^nU)CD*Mms=uPoCV!(%f~2zoBc z+h1qXsnH=LWV@MDS$CcE+4~FPb>p?R*=53(ocLYoT$5!~ho^ZLSrXm44am=ASVonm z6_SP$00~TY*5QNJ zb>P5$vp4M2CgiVJFWSyLPI3?ozrp)!2_pMtKzD$gOCWG-oRB-1mUQYR) zBhL~WlLTi?gX(sSNSKkXp|d4T=FEag@3;gZ`>G;$II*q**Bw5?o*}bU1@Z##`KGH#d(9{loOgD+V%~ z)ns8*nC#v99V4-vAj&z990sHKSYumnId}Q9q7FDGpbm(9X1&RhYd}HQv@F80{t=CQ ze}SbU6$kPW?alq)k>1wE1T;iGt>;9ird&K5X7np1K4l{zoOW~=|G=|%>8MT0Cp*$K z*bUS#sI2ONfBlH-EcU(JTG^$Vukr`J=?#b1SJ?Dmd zYv`QAkt97xE0RV1I2dnerj3btye_dIG_k^;XmY`OU*2goEti`=%tnkMG=FziZ(7uY zC@%&a%j^*qn&+>I0*)0fVOPBCvVi+4woNZ;w!#pP{)J+~#xdMPX2to0n{!O6+{>1= zc&(H57m%U!mili@v2%T^baMa!1gpHuN^g&1VOsd`2BIXU@;t!i_=pyC`9LmPoHKe1%+Ld;ET+mt5pQ;5`|ikJDevm2v| zCHNED$YKV8c)DGvzoMp*tFtBJrz-=b?~@#hHL}EXJlX+?zMj9TpxMNX=49zpdkL>g z9P##mmnu{f@w9Mg6lG$;8iMpxG&2Izc-oo&gTU~4-0hwX7$2k3tuXC(LyewdPNVxk zrQ9zP98n;|>2aBNrczSRC_iV1L-%7pq;ElGboy%G&R-l(75c}Xxpe?q@y5!>W_r|Mq+jUadHSIGB%*AMhr5(wqx&lS-=5`QEomQ#N= z)I+S20S>;Hn;l==sSFW_=V}E~nSzkCAnN80%r%t2MViWT^CGT$<24`#77>UfR4svW zU5eRYnMRep>u5fm$_tIdsz`xZ`O*8GBAD_a2uzHF(B502C!5T2P#9x10cnl;8?ZVk zw55TVgn&al+8v}R^!R`VUx!;f>zJ%H*w4uD2)kJs`y%^M(C8pg!h|F*BmrZLYM*>k zxPw6ewwdDm`wdD66Y{Qzct;>(VYXmjrr9V988DWgg@uuW-OS05GhnXoKxD+);6Nn8 zwctGtzQ|J!aP{^#CgL$HM%uDHZqVu9rQiqq+82%o8#=I4oXuc_B3tetkDQh`io^O> zuCbC}2Fo|?8IqcmE!~4Ye2F&(|M~~gNXu+rc0R#{#BLDyZ literal 0 HcmV?d00001 diff --git a/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/baseapp_state.png b/copy-of-sdk-versioned_docs/version-0.50/learn/advanced/baseapp_state.png new file mode 100644 index 0000000000000000000000000000000000000000..5cf54fdb4afa95f4d57ffd6479b2aede91d5b10d GIT binary patch literal 338941 zcmYhjNzU_3vmN*s3>bwA*ki-+us*;w@DKLQkd4^)Jvq4`DRyGtH#_h`JgueFKD-Mj z-|reQ9!ZZxkx4Q$GUCLEllt$LA^wMd`Op9IkAM8*KgbgA{No@0?l18CAOH8i2V2(v zM-sum|7&$b_8|Nme9=Rf}4fBa9|C))a}Y`Wqff1%vp@BTuddR(`^Q2s9jNvG+b z-zKe=v|s-@6dTwCzVF9xQ#Qr-?|l#mLH`>B|2Gu!VC*lHfeG+}6aOSBDEWK;v?_*w zYY_h@1RD6SdYU)GHm>zwC<{Kz!&Y?QKiCXjO&7dG;0Z(j3giDu{=eWYGfiC)7Ma?B zYY=dh{3l9)&Hq)EJYD+>;lTT@X$$aAEb?}I58>)%?7gDQ9N#+}moE*|KpAIHP%g z&W3(S>5o-buZmgNY2z0NpFZM%p03!2Hmv!EmjY4aO>!0resKv7yoDCkXgnGW(;a&lV1 zH#f>4L_r@k_`(ox^(Zmioh{!2y(VZ$X}&v=uHI_YSK4IoK>$ziKoa%v;$flhThPJ5 zOerq33C37J&kP-�DEBy3G%(EP#m!cyW~)nTBt}?{jxWD`;@=?yy582=}#wS|={w z4d4kL5!vz9_M<5id?3m9N{;r&lzahBC_E`I&`ur}I9WkTlOMB)Dy%p{>|DdhWH=e7f4)%SznAgn+t9)IQX|TQIkDhtZ@GC0Hu6S(Tp6Xj-y@$K%xB?| zlOYEGxk!9yQpV)NgR_zKwv#e{m>@j}Kl0GU8Wb*-gHvS8~6?|Y@i`}gpRxD=Y$rB6!YoI^yh0PD(wdFm9W?_@KJ{l@tACF;oCxXPphj5fRR>-KQlXlu{KgOO$vOowGk zVm^+aV8p%-z-ey_dzu;O~@$HN9 z7!i%)rP9JEXR#6iee_c$4b7NWh_2ABlMbR_G>jKl<{=7YIomC>d~M#jiq-RNFfa@~ zKqs^K#|M`@?BVyl-KRW5IBvts+x*0A%*_F(drv8Q$OlW9Ah<3_yWCYL+~%N(9PzSj zAI_@X-G_*f(;+2hoj+ng^_TeCb0XUEJ3vf_q~HVxuG{+=uJS$37ZJgzE7soj(K!`^ zG&R7fbvhm_m-V+wJY?_<{?#*4d2(l1_CjS`?^+UJT>kLfzS9#$7 z-PHpwTMLDXrFg`0P;QsMz9X{pj-hs)TP2^->?Z`wa&{xWU7v}8XyMO#={;t&3QET& zYL+wZW;doTbkE1S_e>|bd%4y{0do@yO-d8&7x7PG^5C<;^W+6Z$x*pajVXMEncwN< z9hzSzEp7yA@}`Iu%KWlSNXhWr>Dtfd__i)*8kMJK{0h4dRfBq$4jG0KgHY2F$0P(} zOKwkwB;RTN#GZO_E4!aUOctNlKL#1+JBSnqQ_g~LAh6D(5XHhe6Nw>IxY-k*CU;Ga zkT$n0@cx2YR;pxydCO94b&BDcTnN(a_tvPO^G4Zac51FqDhkmD;Y>>lKO#X!7;c8EnL88SUtHQT-iY<8HGz{1u=f=kv$`9siq!Q{N$^8;{N`fllOV(6Fj~o^MR`PcPwu zFZVsdV}*8<>FGK(sm}$j*UMzB<4=|DCurICy6euK=w}E(BSG#*t}p-|qvWyi969eE zp$k26$VuwS+_Jq!tanFh{o)@jPdhC5glzDwx|mpt!TWjsYc!5j5F2iOe#oS1+Sabj z?v#VWN!4sXT~zs$%WFTVhWH;uHfN(_x7$TDVZ}f9V9T7Q=ymTb>n5Xf;(l1-{^&&r z(m2|b7<2HI^`FvUKs(WScEkt6Zg%is8#rWWckUNW3PT}m;b0b5ChdNaj}#UTbDbng zO9aqyIZI?5oC(LJ79=g7wrhx+ZI?~sa-yIE5$SBAp_XPzAj|7H}WYg zkNM^|wh{P5NO{XDo2_v2u6*kW*;^D76nFc#B^nq9-dfy!Fie%GWG;)8r03IG2Uxff z6_x%d4BCV6yk1)oidg%_MfU0P8Oy40?hFew1HP!gzlSSi)A_a^utkSH-QF8MW|j*d zjZ;4uTr?ih&<)f&lCPHIs7bO;XD#mMYnt#tsUK){Doq%mG+^rc66KCKDiRpw}Wb{u0gm#Jtt=}64E zp5@I!DT?14b0~oJ*^I8K+dTxwt`NCfW=mDnZqp~E>baY5m}bQ* zkZdnXav94OyHBB2wTJ0MDLzfa_jctx|*?Z^Vw|j8Guo_#@Ni!#kc&wM|bsem=9v{ z#_}1Z9jyfdg)7cYJ|6S=?a%jFJzH=D5OD@hI#9mCxXCLHo>J2f5`Qh@ahnDbUES^k zQld(}XNtK+HKqZMnbqLvb(;fX%+c!o)Lb|9gUvZ5%fQXB=r;7MBY5FTZXk*C*q+6R zcD6_8c6qfsb@5w(fbwcmZEUBe#%cDC;*Yt73 zH2ZimC)NEyhJr1-_}#ZD)&0OPVmmT62_OQx4XDr;zU=u_q3^O%a-ZR`-+_2_o}C|D zxCp85C!6%}n{NSTEY{(>qOOJMyma#huoSjXDOGL>Z&vOCwj$S5dXG}JYt5coo>z6; z^rd$j>*;S*fzoA*x+j(Zikwcr4``ie)6V~3s_UM^Xt8EJcNrMSIJ%H1wW7l|H_`}6Ha5PX1uI$V#b-}N3b78x9H?rcL)0vXDBg@ zB^aFlbleHJh>KzPNpXetV97*b9fE*)vr{odbjF1c!^ar?j*@9yKZ{rloSv;TBLo#Q zP16z@n18xH;#_f$W51Wru5}4c&s<`LK4v)WMS??;IHHnsmcEaZXwlQ_t(34Nyl&8C zN=Y{_R#j+KM<9p+$qpMqN6K1M*#<}Tb<(; zJ5;bUeC`$U7@okzo7L;xx(VEG_H2-dDfBXgd1H!O?$m)`Z`L{Rh7d1at@d^yXoqMr zsceX9d6NBDy#rMOzx;Ym8_YcC?OxF~00IEL3|?e9;J(+2v5VSBrHD5Q;_&yrow(X? z7ztL@3eCm;JuDMr4bq6jSVi({Fq zQbE@IdNXsl0kTWGJ`qIfG(@hc{IOrSieVbadf6zyb}7e`M?*+LOyB#rM0ouVo{2MR?vA65Q!5Pbf=b5xY5<6)< zp3L<`;JRnK$v5~Rr1+*mI9MvKFITnw2Zb!*rzXr{_xzNk zRDihH+Wba-B}O)A@CW1W_WeZ_G6+uEAOt*R#Z9Dq`A!}QHtoG*l2jDb26b1XoShHxzR1lIVkD zW;_eUa}H&A!N^7ARHGf-M*HIDI8dzEwCXs|uUc76VD@YgF!p?X-dWj%gmgUX3f^|S z!?&9MR9=>TlL4liC`4XIGnk$Dr3T+o{Aci|Vh7utcT5z{%Y14F^Vio0UKi=@ov$z7 z<9RN?GOWmD-Szndc`NQZHr}D)C}2`5u=FQZ{oM4T1ml_=M!1fKoyGd6d4S}TI2feZ z!kz?v*ieq0Qov90%X`bemf{{s*QtY%Dwab$m!Ek<9Am{iH4;F$$JQb5*VFTC>KR1B zpdE9P+g5Y{lA(8f2!X?FE~2y&a1TPsRU^C;xrh}S`OY@fVL=ir4O;t7SI@V~`Ow8M zu$|AFpDk-LOP-27;B}phVtHOnp~I+=q0a@OjO~cP?dsA$CsSl;ilEx&@8J z8r4V#sTl}V9FsYg5cx2<$0X3leBoR8^dK)AF2nWe4goMt{Z&vbAMBXY6m-v*-PV-D zzr#h!RA0B;6fIUf!$^5J&56#N44al*pe*h?t3Fi_k$NGoz+&Ccfar{dEyA94JK((= zdD{fR7!lj0AumrT0*Ltnx>}%SnU6Y@;eLMCiQ}Yjp+X<`F&z7joe^_L`&52MRm|x1;1&cO%z9Z%Q9v zqu~IOL=5K82>&2%`0J}N@Iyia@p%1G(g+xq@AIJ(clo{auNQ4-P!KWl11bDROp=LX zjn?#8L?zAF5~ZS8Q5wcn0m`Z)rt@)8=1~LeYw7O$z4%@Y z?Mkb~-XJZ}to7$uErVUIP)Y}_AN$@8k{uo;bqq4_PUV1U|MOcoDGb%D%~V z=?TL#g&EsWEl!_FfVD99_bpk#7362)*5{8}**EI`)EJdnqOSQ^O^kXeS|{8vR3u~U zEAFKW*wT3yD8Os_=>U`kwdQr@xbOr%0TU-l;)(bmGDwz% zZ!0YX%MU(@l0|eh1L?G~&}Br_TgD`@%5MSbdw?&W_WYQJ?ZA|s9EbJgoWB0DeB&fv zUyw%-hXiOJg65mSo3}RQ=j$!t7CsRJn|dfwopF&y zqCc176IrVZd^(g!%Hh8*7#4&Uz4TVm9uIV9=CRTrcIvwsH^6#AxhSM;9~l%4@gTKP zT~5T78Ca(uHK(H&lf#|F?4Is;S5|U4C~%8FdtjR&iK2pNw97} zFbFlP{=SV|Y&3-q2%m`c5+=#WS(3OSw?j9$qe_|@eq)^LzM7wOFaX0x@)l7p>y^S_NCm*B!5fq%}a_Ypfuv(D73FGcU` z_BJ6iJYO(zEteVoqt&VOu_jDN=A=J+xaPZfu%J$(%_G%|p9E`CRZi=Gbzgb{CA7yh zp@4z=%xzr9kQQoFHRi2Ug$$GlmG8f37yA$vzsq6W%jJAV*=?P5cfZddcpRQ`2@PxYGk=8UB}_rDH^Eu#3Mwu^y9;QpO3K zXwfaHfKBQLW~?Nl5i|6g)peS(97$mG9hJF!S?hdsoVeUh#qPiov z)Fth8pk36NHt|_gS+;{~9f~{zES7+!3=hZeEs7^%?&%9bHKuGc_;seU<2PYx3sEOE zmplVrj{pp(FweIU+gm`>{0NC(0}?4D7u8_2A%M|@wmIsq2UtoT?Z>8RV1@-qy}A~2 z0Xd+3dR5+46J~xWC_OQN{9g8|wOjyARR)RG6Ql#66^t718}_tCguR*$V!*vv*Nguf z5Sh|?`KW&Ee4mXWa`K@>#?g1`_MfIE!IiU;F#}wLwf?DCAjwryU|E6*om|5fs8pf) zuX&tPT7M+XLJU&1k~xj7`0>x)g27CR&n7!xvO{oE&ZNPr^af z>!`^$DfW!_RmHeq2_OXI21-K!uo`(s09Ph=#Gi{S?akhCR-~;JH=6fQr~j$UsM&Fg zt({EDP430WebmCtLYW`1F$*Ud`XGH;E|^hB6{f0pSJ}nuHHoB<}GC% z8M1pCMqGuq-zw&cb?3NzHkU zqdy4lIj$#PS2N~O_mO`Uw*6*CuRC^MS|Kc^40yCoi(6#&Sx>ks7C(xI`C1OB35b{5 zi(y*Coe!hKG45eb-v>pyuaniC$A;8L3Q%6Xsf~+5i+UWGi?>6RQfNx>IUSqEHL3C^ z71r;v7=^CyY0l8_jdMTJgQnkS{5pfocgU}PEsr;TVH#ijNA#|*VT!O8(X)VR(0q}D z7Bb4?ylE)(BLWqbaTid^@bT#>X-Ya~yimSJm06vLUuX@qBCi+oR@RB2Rg_YS%Mjsz z*f}d-*pR9hq5gCRbx1j+eqY#(qV(jgi{4qiVcFw#Yevu1U(s*NZ}F(8Q38e*kPdZW zT&qnpp|F7wNcrXiTxl9i2vhxrr!@)&<}s_%n$Yp%5_kx@T!#=TH+Lu*_p`RjKu?>l zjjFSJ-XzT9x93;Xr2fQ$$J=y@Wl6kmWTpi^j+S56VOAPMQ^|K-C3>x&M@J``Bi?Lq zEPahx+ESl5#A@oM2m>UuRt^dhY2W0C!|A7gu3W*!^}K&B;+7A-2fW*mGP&vt{0ZC{ z^wMnzt0Jr2o{uu{;ufirSO6p*9#kYeVGCi*13&PyM%^p6e8M|xs67j-jKu?O>fXRYL3D)k|_#7lta5iUk|SATrv5h9c6Vs81rIjzj2yj zRwE%ewl5e#ddI!e246(dh82jbjvRuCQeU%+XG3I|Qv`tSz%If^&6qg_xY@4fthHNb>Qf06^{VtvEDaNSy% z@^pgdjJ6hSWV>5QOkg~Yb&m!uQ@VgOX-rL#ccV9c(XWPth&9mtWb_gCdI1 zuUxCdQkE5he+=zP1v5<&XXt6|a0wsu6s!Rl{0;0;khQcFL6|?vGAlKtcS}i#w@;<3 zGnJwsNG?j~mhkrC-QwFrG#f&Z$8wA0K0%9#{@S_hb{fI;2KigUpxr{ZMSRBM9>!ofsuFD&|rSO zsHUa%IXMRvIl@A6L3}BWUP=fS^!M_jUVyVi~XkN?u?CdTLd$ z3x?q$duy(5IvguG-wxB4Qw(wPD54J?R31#}jq`Qr*~dWGjKx_Ov!Trv=i$morF@ay z#4_mb4NSs_1(YjN%Gn9~I)P$u)hx(&H+6Q#(le)@G0#E3XLDDQ7q!-#Ms~IDkh78n z2n7lsi=H7Dw7#X6(cv@Y0YytHG;V4R{H^W_^D3hqF*u?`xL!!6;wxiGBWwIx{z{#w zv#XyDF<1sKfQQAp^|OB&ofqJYYLa{(l2Ue_J}H?sv9q(oZ=-{$18VQ@Y`BpiaV-s` z7i@V}T=CiwZAk6e_QmJmcWrr@gF&|9cb8nz*%llrSite|h_PtictDvxyns1lQ>oRG_I6Lq z!mpPzYOCNDQV+fc@?7yZuV;A;M}gH`!6!R180aQI4$9{FU82Kq<=&U^;Nf$`ufsg* zT;2Sm`_x)c*B^(<>LP~)Z)($H7GOeWx9uq7sk35bieDoExdl7+T%haB!qtG+? zbgreJ4mVxd_oQ@mIqWmiA*i%UP;?+koxiOMIgo$t4@^qt+lF zpl`@22D)TDS7qp|ZFJKVq*H{Fj<{yh!TcY`LQSKH^e-M*3%Hymcqab^2b=g~I3NV- z-(g#znh;T9X@~>S4QHD~)+Az^&-C%hQGLRj<1N~=Tw!NA`C9;iER>0oabMaL_NC6R zqYT>-1!{`;$xuqCt&jgT3>-N66IOTZH4LNFDg}`0kvVsa&<@U#*H!ddvRe1{mAuw! z4&J!+^FYI;OC^*$AwYLDbWfSgXI(qX*d&;| z18+ez%^YIHOepdfY^wJ{Rs`ww&0Py#G^oY5a$4*?tMYDHoqrE|<7&|W2!POTHCf9< zb(G+zFz2uaYlG^jL`U+EYB>H--!U~9q;E-td{V@8r6R{>$Uw^5y0r`_42|o2MnD zEkGF)LS0`f#sW6|>;wd%UJV(PB%b$+jzv{fh&CE~ihZSkX zo$(b_APIaJE7tlVlI`Lcib^74w&-j?^a46v{4HMnH5Zw4W?%W^+n@LpcN z(7$8{mc#~Dj~5Z(;=WL&Fz>h>CBx&@egab$vb(e1G760F*vowpgwZe}YN6I=#zQP@ z!jD$BhYe(`rUw`gA&~Pq^NiQu9Y8R5!-G)&+7slQySBZafKx zkOAxcd5IOoNqla((r@lv{cSA+F1#{8Hv4@E+)bH5 zS(8l2CNCO-q&@>6p{_tX79~hf3UoXIuc-%Nc z#I_%-;86OUxGM>qPRC#@N`h|OiuT3k?E1z4EmR{Dk%$?Q`z-0o!Rwv6}l#734d1+IY9XlhI zsLhGRuawcxJ2M}JdgE(OY-d|?cgOz@U+C)-)B&yYMR#vPvuaRQuN&JOqRgRm_h#(^ zVmjN4!*+>=`S@l*q5E*WcJtmk4%kkqR?h=ZBW&*IH`jDW$e4Wj78L2g#s_dNkn%PT z9-+xlrDO2Ncmn0<2*mI6M7Akvxgf6x@edka&!bL9(Xr|q)5+JI-+NS?L#EDtTQ)b- ztf8{qPZa32^X?@89k*?_XXKVIKmu-hb3MFTvWvz&!cjM%ed>)OFWzpnVNzZ7=xeh+ z_Zyo>9&1+~e>r=f`;H@L`9XiA>-p(X36h?zFKjrOTW*?U^HoCDpFX7-IRu4~Wcv)C z0#j?*dtE2A$R!r+z(yACDZ6pV!F*!z`9{j5{*_vmrhIIr>>ok02#qLl9#bV`1v(Hg zT*5Cx%&E9)*Vkd$rD!2Gf+x{W^Qr)EWge_j|F7`w+?auWAElS$E0B6gLBIgyol?7JKx=U1zN5T zr0b}4uveiQ&83xYOP`7cQRFbiy3GukxRWT)#?NL=ji^yu#fHug$v2jYfp>5Tnr-0O;caAfP^e_WQlmnD- zsW)37&VXh?oi`Qm>5q!ZzJ8qf5WhvpG#N!7d)IG{^r(ss=Qg&qYqDb0{UkA%9??ht zz&f+9NKQPBI!NbNotf8#PXyWAkRZVGp5d?QDEB9Wel5XvAjLeF?@?3zxVVa#wzMx2 zY=t0br+89hGMy%WCQvt!JIDEfDWdn?v+@jB?(iHyX9q~d7gxkAY9c$`WFm5dkD%cE z&g*6Aul7xPcn#Lpx)<{3n-d>W{pQEk^8+*V@hlb^4Qdd@&>!w9PZjkOH{kZcQ97t| zINXAekm1xo-<@U=Xj`(YN9NM=+Ye607)iKYg~&HE7Z=9))7lC3bbg9w!Tkex_D+cy z0%HM{9ww7~Fp(n@3y>b3W(1=85&}uW&ZOnbj;_kmlvTku;N%~77$1;K-1A7TfHk~y zpocrWj=2p{0t-4iZF{Ug?(ZNJ*}_O53LCzg?4b?u;tr_FiM}cYz+eju%wUb1oaxI1 znZ*M#<5>GJEd<004JyWbE!4meSOw_8=aplkjgE@b2O%D8G%*C!)S4(WYSd$tA&XRR zQI;-(qc(j$xGhGSJ=vHBN?BSr?gkD@(4rs3JD$?g7s4y^EXTeNkB0urJ!f(%uN_S1 zNsLoq)Q?1LT@^VJoJ#8DM4wfcUn*BAqan>ZcL(cVTs;pLS$OOhc`FZE_7aH`sJSQb zaIe$pYFh2rWtW`W2WW$;onY{bN0kZz%z`pSMX9p8xPt7PoD5Hx8R4;B>$PO64B$}s z$S2@ezy&J!ha-aooc3PxR{&a4ofW_H zEMLp>ea1{*m7J(9 zR#zQn1%|r^-sT(VUw}{=v@mrYE)8bfwf+Y108#P!V33;KM&WgIl^ofot0oW~b;0Xm z8`pXcc}XG*uA zH_8TtohvROB<=ims%B36K(R^}Ch0qQtTz>^Db&`#5iCG#$Ipg1uzB$9J{;wJz4SNR zfcF#j0^-pONIH@;<{D}=ep3!MXKtqOK$pWx0_J}M>DR#D=@&vO4AwZ*v^IOsdiZpk zYF%I0G!$$1d8N)g00sFE=nw8aW3)owXHlF-g&)=y?!Xn%O~(so^yDBHe|tZwsfq&R zy2E<$%CdSZRlus*9Omc6^&iVu2XdYl&emBwv}5y2t|C}#Q;_`t_z4q-_;&qmTl9-+ zrEO}V`Z`g&nTF<^+FPy?#t=XAgu#*1Oh`ZP z7|yM%cP4|e--=WKtG?bz8We35fyG~7Ot2L~c0&4@fHKH;z{^C-G~lasDW^Qr67*1b zHt_owJ;F@=(qLiE&@mi_fGq3aKb8avD(^}o!Iq#OngV6LzBLu}Bw0bczSoLt?0c7IWaPrOwyD~wmnn{AAQ64hLOT`Z8N z$AgFuGtd;$LL|^1sB?N?exMo+UcjQgosFe1WIskN6aX7Zd*f*jO#_A+!~QVVLfH~v z{oO=AkR7o+E5(vTIY=1@KpjoS_rn9ZD5kwp#@g*h4LnWDuuo~B+zC|Fk3Lw~r9#BM3#Zw|MjwAvXKtUM-Y z#msXMM8GPk3Id|IAaH1}pLwC^s(4Y^H&&Avuwpg~B#;NfUIbX$tb3THbX4G=fG`DL zO(kHZ?9$rNlXVigCKc6m64Wez7Kkw{$Eo?$TMnnn-=ySA67aBt-pa0UkJO&F%v>Zh z2V|gP26D?hRYe59eb>;yvJ2{?jiACORs0R74$d3+CcgtaWI9*mKv~Wq54bvz|LH%l zpu@JCndA*hc2l&-0J;4W`z22R?!S|hw_n#-SrXHrnB430O1^;8OG1T0xflLlwAtri zUJ1+IO?4&yVc3e(>(a^Ec0v^Cbpm6<0=$DyUo<>@YwWVBWP*iH@D|0(A4?J|F2CqR^?O@zE+JKW4XijPnA?;sY0TMtMpTjOb15M_V z>EiXuNs0m)H#1E10D_!QK%tyMNb-8BFT(>Rio0_}d?9>{SSyr8Rv9gu$c@ zN)7(3k3ZSOfK*EPXm`0}2v{};+RE)%kFEi@T$b^R6qjKO@w+eYjyKfQ-W@%X_W}HK zV5UD32ri19X<$Ztd0vH~O;Y=5d)HZz?*9yHw!_Xxs_5f|$yc>j5lzr zcf|z79rOdt8%91t{Q?3lTMLZL@i4oB3C4=1?yy6PMkhyey<}pZ0c0sv?C)}>Gs-^w zIvTfK5?+jx46w^OxryN4Q?B-ak%JJ)m#)n5u)XOT*JYhaxM z-IFeEfj8d;xK&}N#Q;gkN8=K(s^f|(1IX~PseVzHIXxE;A3yYJo7qKtem_2wJ-B9C zYns0F`e`Go^C1ote>G-gu?6BOJ8WJ*oy;J?V|hoaohN_09Wt}Y5Bq_lJM+Zg)(oe^eKqQ`C>TUxKh4#CIPLr`5uGAHrgL(#LTs(} zMUIdF$;1j49)qg`NA3vezvH2~KTS3Sv3-`zs9?rGr zWg&-b;od+Xa|_2uXhkZ4(j+V`wN&VfC_dkj`8CE=$9<5B@Zo2TBwL^|vF9Cm%Pr@s zN`lMCU~QwI_78p&#|bY4_SEPf(TbU+wa1(ld31mQCyW@E`iJHo4TF22q=7Enc>q>r zfpqny<}$E0)U%j}F=e-$DKV;T%Y^N8$gNgs7d3EtX-e~_CqB|sGz0dc-Ar=k1hS1tbZ|W) zcRNy(QBdwwKqi2tAR^In>;^w~paik(xei-LpWRJ^&Pl+JgoMWU!tzHvn98zu8sY%B z5zulhbLOXY6VT>CV2v`F%x@q0K!^DIX$c=B+6DTH1soC!T?BTQ&#A{0>z>cDh+E8O zpsXm$k0bux?%n_s&mwpW)GAyUG5Ey{!BZSSSqZ^I8F3 zR$GN%rwABC2u#Zef615ZW6Z}SIUoVq)7v?ez$~gHYnk|lfLCXi7w17ytsy1_PLpJO zZuRYJAIJXPAfPqKDC+pL#)!D@EVjU+xDf2vKa5@d&{ai4rX*jS_)*>9+_<{+sBC|F z0^?vOU;{Q`i{m`KTY25HL0vzm!fZisfd5)QT!Q(TeI8U%?*~>`CvD+1giBSebb;{( zH@rJAmVr&bl`N46>>ac>Zn6>!_``W(Emk|(W$l95#S`EcO9GSKLk7&h# zW5Yl7A#ja@aZFY*NpGAfGjPMKxb?w@5}vZg&23e?B;+v3=At)p55LEDM0h_0`5}B9 z2Lx_@<|Ghu*Y{TyQzO|I5gEZ^A5GekHwUT@+S$%QpOyA0zaUesYWbn@?_HqvSf6@} zZint;`i)Ur_RZ`X{JMyeKz=n??_i8UUoKI3;ty&CeRY#4eLT>2p@VrJ#UIIkz#Ih2 zqKi1|3`aUEb)38XJ_)PP^w0ZqIRdH{`HVl~+G@?8!m3a!as&Hvz7$!R+#N^%wfMt1mxW0E-HF8eTVo*B`8TXX6IelPet!1b<9>psClPRRLCW=T$rS zRW`apibg|c)77T(m;=-Qx2 zPr@ozqi|1*9EPQ&A9ok1)f%P5F}q&s;FnFRH39vQ=wmNWG#J-prL0Ead$V6}YtjMbdR`If}&4Um}M`Fv(<0 z=FONKOa{Z(kLWq4cedLBW2h>rq#N$B4`}o|B!91h3FjPEwe`KN?MwLN72*(h-Eu`Jq;fvuoEr#d zPb(HBZk67h>?b^rJKR>k?-JsD_W4r-0w`+W)Wtm=K6T?3uJHYcSn|BX>&HVr_8cyH zO51$>B={eLcPw=!%HXZdPbl;^UM$$E7#EIL*qdX?bWL^~nz0p90X^CqiG%)~1XNJ# zUCEP60|s5Lk?NM01YjSam${%gjdV)q4bq+L$H3S56rJCv_@o?H4ZOEn{cVf;+8DHE z(fbR)%YGMhgm;UR%AYZreC)(OI~dT9Zv<}oUHU0B=m7EWeG$Lr)$l?&M*Sp}-}CB^ z&BsGVU;!OUq|4_BviTou!|-?a=q=Xx%7#YNZR-a`IQ-Vnll9hOji&dj@O&<X}oYqS{_;`1MV*f)Wak;MRUmrl8rG>=`zIx0`H}5RUhFc|=fuho75=1*>NF zRfiw1zVk*l#DDoKOg0l~Rb*s}@NNE-GhN`S2{;?@`D7E1vcUgR=RGU1ecmnTeZ~!E z3g`8{ceIorN>gF6T|dZB;JsP&AOoOCy#w_fxR0}Yd}QW*S_b}_fZzj1qur9M;7s076A)6&7cqwgx3K5Zt)j&L-ch?*1>7u9^Ee$>PNnMg$1>oXimM>FK)GTDMFNa2yuDFs| z$d8aJN%-h5r{f%il##Y{O$QYr6e2zd9MSEgBkmOmYB)T=#7m_wpZTMLCeP8mN%qDk=(;<&9u7wcnlUQ6LUf_#a3cGq>C(!nO)3i`zIDbpE9Wsp>S|1 z&x?^|t9t^-u;z>cMlO(eek?14qd9+c9ezubj00}lu>}Vns`^Jr*o4X4nZAE`VeNfp36bLWSQs`F(xa)5z~K z>UqWL4hSRtXImo@i->?fiKFA^FSsm^;abGX;R`-+EuR`9_p#WW;3Z0`!_&uR3 z7AZm#+2(y&Xp(i8%lw?#J`m$Cx}%a4O{yDtX&0T%PaMk}k#Zdl8bhCH!MI-`^znPXGj0 z*;336n-RF4Z{35)E>{V<`$EGZlYS+nH&Fra{BUMb7Re@DC0GJ*DKcJoP$_Lb}YGU4F2tLZ$Yk(~^E2o1(vCy5^S#S zXZT}ZjpgYmI5ehFScW@|e70GZ1`kd%B?8;h#|9Ye{ssD%+4{IA_jO7rmUV`rmB6R2 zOCf0&{vPcrS1t>`$NP(4aVLzd1=sc22JE*&PyYEzmVq&^7o0v&;DW?h`q`$utE0$s zecqe6*p>vIjRz1$+UW%;O9^N1;m$koWPXR2`i)x|`C7iBD6cd`E1Z~iv)*EO!7rZ* zXAYhV!OcAe?~`1kq?a-HD_`(>t4LjJAM0<#9O@(`R21kG)+{~*5(&JlZmPo!RiJhi}pYjU{DGG`-u(c z^j%2*Rj>q}EB{L6x3m&3g1#IkYnZM;QvSrz2eq#R@sm*H1jSUS=M0yy0PFIt+1XNS zIJAaE=Ux;m*ynD=4!;rmJ|Op1x0`|nOjg{!I{68+Txu!&0kj#0UpM6i6Oacq@4o2( z3vS)5d8x{a(wE(lvALEKq%QT0+s*m)+q`Y9D0Mq6;kb9C{ z+PlD1Sj67S!= zHU81}h-U*2^jTou@%g8L?1+AagVw*QOEaH-&4BQran7)@y&jLsmc37dB*0t_{qdWy zbtd`o z;1^t|8f>ai7`gt9dm*JY>>ivOxr~+dVSgyjdhH(8+R<=Eu|#di6xpv(V1HyW1O=ab z?q3l2fnQSDRqoS?9uXnbB@@hC?b1MBM)T!PO}~wGEY@>N+2YZZm?vOjPnJ71qOxH9 zf;agFdMm$I)e%10i`-u~yc%%RuB_!<-DwnNBCOt3!~jINW`PcfwaUpgBp@a!>tTA_ zd)dr1cCG!^E(5JtKz3Yl7!kk`7CceY@4(%^^g^bO)4Tt$f;*W<{fe6j?{`+1zj#mt z{si{IL`&CtUCY|Cf)xU-B`bL`=cRD;?;3Jmm~{c92He@(riXrC=aU>4cZQ>)n_<6_ zd*RcvNa)|6Bl?(Y|Cd$5Z@g=O-Yfh9Z>Xf%Zatl9)*WdMtYg~(imZ*QLyC&WFV2)&4Nan5c#%iW$ROB7-fIlH$`bbgu^!a@WT$5j_<`2yT9l-%~||YrH6f- zN3+S*qexf-bg(k$7xGR@tDyv~=9xChwjsNuhYlzLq3LUYJ*W=+^QdI+1k5h`1vHC#-zi{T zPoQ6+Ln`4`)!$Zn@^%*Mc@QXMmx{U*VOSG+;ayxpQ;~i`NBu3N4!pvy1U9Ujf*^F^ z?%ye<8JW1(olgK7CfHcYFVUvQSBgLv`*Q-GORx@^F2xVXSBa&BW~d)NlZEDAEKXO| z;wD6_YLUJd%bHV-sy`Q(p~ovaHou;24Gs-tblhJ({lnzCnld?aPd}(t0NsqTGaETJ zT0lOJH>gAU@k}!7_3m~ApfZGA8KocqDa;EX81W7l!M}I;VEoVq5M?^#IR;Pq(+J#1 z`0(5v*U#)?ouYZKtBPLVC4Wh$UKG8HqGBRaaPBZ@)6fm2+(m7gm2I2>Xj+%^sCW#*4rmPK=gt4a zne>Wtyad6@_hMy%{{|))4r?F@RjTOz@@@hDN`~mH3ZF%P?OW+cV!j)mzBA+OVrK!U z9lp4D#igAZj&~l2*=hipgyxNKQ*~gPONW)b>a1AV7{jQvikc$=F{eYEIJ&-IW+E7B zS@h3OyvA><=STg9I7aE%=p*;U{@}CqnoyNxusYqH4J5$i%zA8=bVi4%<4}Hc=`7)f z^A177VNY=-HThv>ii4o7TLHqe<}-3PvLUm#gVs3MK3mc=Mjj7b5SZ5+-E*Cpw0O$F*f*T*7jQ91u_E( zx^=S&JD@4iLg;e(`8Ta6-CqRIO{ERw{OvbRN@B~swy*EKsX{x#VD`$ILScgRvoG-7 zox#l`v_%nPK?7Fxx0Xe5rFk6leW8OsuZ1`cy7ejmu2jUOD1s>mN|(wMk3GKAnE3;- z%-o_iih%DSu`Pl7bv0{Asp=0C_`$H_mbURYE>GgQ2rL>trA}-ajlzu&|L`;3Q%bTF z6eSy$?NWk&UkgEgYe61zVIJ6clYV!B$kI>7sTOHqL~K@lF0CwMUjM$6jh?-*9a17NYs8mg_cV7cJCb(e*uL_$N!$7 z??T9Y2^>B3)Rv~NEgkmnNZvoU09yBl3gN>kz=h+Z$06zW8UZ}QdzcdtVYl9f760?| z9`XgyfD7TNk-WzSlTMQO?GC8RCUJ1ysZsrm0IdHFOMNNc?~4__l!r54d@#2>&K-Wh(^>Onv)z1>g3!5aPW~)tbxpM$E-!{)drNYHKpEU^VahFbd|9Suv>11R?5VhuPb*1$CA(Y$ELQd!y z;WccH z;2$$C*vX0Ag*dhF{g58{_5*duMqFT2^5K0dvx2uWYP_2#h^v0TU0pXH>ElgKSty#}k}p#$B)xwsQ^2u1yc%AY0Gm_+ zSk}WjRBX#9LwWC1^De8$MGNbzI~(47LsdiqO#d{qyRj}H=L26bxd#PEqX;&5Xykv| zv9Pi|Lw|2eEKAgALsVXgPBM$83e!&Y4$}ZT?V#m*K0x%6;XBG3LWh6AG$1L`@!V#5 zImWl~*Vq+Sgc#Bhz{}>>3+AaCxB-pZ%e!VpSjSx7JuRC1^ zaqI7Og3ki{E_JGtQC2c;74r_#>Wn;EU`uyvX_zAXn}*02c!Be$?-kUyhW`Z}gl>X> zlI5VurV*~_lAeQyUu1EpA82CrWxq1h{2Hs!A-e|7E-xzV{&u)RaET~?Nt|coC1IBV zmSTQTWZ{dJADm9TQvd@8&Bi|~C?622MAgH@MN%AM*P}h-XPVUS5&J1`ux)@98k8;z`=(<9jMlCe}Sfi^Glb0;;{u;~>=-CH5QGbnpWFgUP>x~Ttu9plYatD z8XQMD;h*4MxVIF0pDi>L|6tkBtQUhC+9Z}LgK5}nZ)m{0OvO)qP%P^+b|VNeQWf$H ziYRI{@0AG0s4w?k+`qWIauM+njfL|v(#ECf$j(=hPS4vW3v6^Mtj|~HH(qJFj5sW7 z!!dO(;0*14W`ZH@f@$OnyW=Z3KcFYrhY@s3Pfg=IhOH8(Frc#`0XG})?SX}M;^bI= zLgDt4a*+?h9mS`M1Iw?ax*`V9yr8j4`_Rmxt}br=Yhj3<%AL|f0Rl2(czL%EZT z$VKBHKl^GabGky=BU|#@bn^;w!SikI1(?v~da5ig3TKSoDT_>rfj;khY3x%|Xa*gJ z-Gh=^eZ;a9x~7t%NUB{TB-kr_9jO*ENZG{;2T7Gqnjl+}4m@Cl0!lUKt3OT)D7%|K zd8%KI_hK=~)B?hy2WC2Z6+J_piLuyuCQz%9yey!uKNW3|h?rN9UN-UY_xoNilY{4> zFW!OFp0@vC;QcpL1_!hiVhRsf)3I^b%1zKn2Elb@Z047}tzp_?!yaIN6$I*+)2~K$ zkCU?2gM+qQqNECs)axXu^z2x1Y2>gt=<^IAHzblf$R4 zvS^5QC%uNms^nW8?xCA9NFG1*0$V8ZtB*9UfT+X#{>gmMvvhu3U* z!MkiY;2q5_twLy$VD%pE;w5zb=nDT?Yik!eXhaCYEBfuvz^7FVM?n3ry!VJh@k7Dz z1%4xW?pUr4bW>9NtjPS1w9iqRFCV?<%J9*JuTiGrmAPDt=@RQYf>9*1sIIR$Xxp;d zw+@MP*+47g6u*TBLGT{nooG3eT2vY6x@EkM0ay)%V&*pq5ld8BZ-lmfw#nNUM57D3 z&Xc2y#F_S*Z}eFLXeAfcXbZRE6mO|(tKF%&QI>l(@>}6pg8=yk{$2?xspj8jTf#a+ zREu7K#S8LKKpM(xjlLfEmCYi#0Tqi-h7yNa3g@=$x%&8Ke<|2&)ZaDC`+|ihblc(| zLfW*pen6|N%g!%>x0in)SNJN79Zp<()7aR;pC^}&ABM(K(%{?rW7 z@Z6H>;eF^Y?2*u}@Y^=WqB}F7yQ(vQshCbxZrgt=V(R+;3H zeO|#~ux_LnCIsny(<8nel|cn?DBwd(FP(DxI%4$~-(!gH!~%%@uMX3R9^Cot4(P0~ z6s=eY1*bnTzvPfmv#~fEdjv%KH;+JNo9#gw8@#VhP~yJRUr>~7xrB?YAwjg$J?96T zB_?x^O}`|!U)+M9sE0iS7Lq?v0L?)RLqDK}n??(O4puO>h_pKr1F~7Lq?axypt>n8 zP8EP=Cj zHw^C=OT>lDZ&2BFzJm8L*y)Q|_wp``sz87W&b?53nL5PU2Kvw;Y$%N1`UW4q{@X|K zBN-aqBw(`zMucElq=h;JdKE17=1U&&4mLFKezd&+PNj2SEZBqj%>|3c8JWs~N;k-U zCmqNrrH!FidZb~WgyRm zx7^A-Zf#3mh`=-81;4zYam^WzXKJ>a=+X=StgS);_%j-o4D(5bsH9FGiEMXoVOPU{ zxunb`%K*0Zv0roij7T7#PetD>L@lu_ApHV1o2S^>u z)q3e}c;`f_7dI#xl7O%675!~flPaN>;0v4MjD*vdUj7v1b^dhkIpDxX)%cY^ckKjP z#OyQw5dLou@Ab-(-Vs-YHi z0NDj?j}Q#7PKE&$?cv$P%h^$C8}!@rs9prU;@WEKpE81m6>iKNB_U(nB=HOz_Is5L zR8Jq*WaYNB+{oR=Um*GW$r`tRGcgN71MnJlU+-Si1?xP2$J@3zKuZLBK)r(@9*p6q z`33U%P~J5hTq|Ke!zbm`qluKJFx_}-Y@iZP7*DI3J6kbM^ZolUB@hwf(MRpXFTsBf zMYGTHx|dxd$&B-7s*>f+Q~HQrwE}o8=n6YW02G)`dgo%*rP{~qA1QP(tDjiKjQ6FN z`KUsW7tc(8d^<1o1pT!)YpP80dD_FUVAM0~nAf13u&$p$hxz$;pldwP0lCEQnZY8{ z7vct}SVNO>5Sjzc>Y7YCm9&lW_aw`%25MRQynu(c?{u8SzzOVwRNdQOP%Q69|G=_- zOYs!>SV43r@>S`g}sRGUN|RZM67=EE31v5vo<@X*}#C3$cpPS{xk$o?_X!m zcD4J}@WVABBfLpPUj~GRERXjLICJRVK$%G6K9|H`a>HX=(=)V%b<_%JgF?fexR%;0^ICQeGC&^ zHMx2BTn5L@l;B`V<*!Z?Cby1(DNWyJ-lMTYLoxLN`XIPW+D2-Z2QYv^T%Ba@7f8@( z1KojBFSgnRmr-o`K0n}6oABRPEUNVD!Fu;#4e(?Kzmo;N*^6izDC5F|Q-@H{^a_l~ ziNK-2Pf{4iP;ncHXZ9%!sFFtCq{8_Tgo&wRE(ZVj9yL<}xI1eI$mq@`k1NG#K@-52 z@hYvHco$vqGo1o1!`Wp~yMd53h=lgLGLP6aq@M%jHZXBbQ|P)V>MWB_*pY!!_du_p zu3TxxJ*m{>PQ7x2R$6(rkKT9}W&P*?Ksdv*_nkrodz676!@lmnKrCW{YIo7wsiQ=| zBG4)l8WB7h*;mJG?Pqk1HYS_0h+62jA%zM=hzAPCLWa*_;E+v8#=J%S{FXpG%8^;< zS9R|ddEJ{Ti&5&FIyL5J?{MrN>z7z7KwDYn_ z+LxRE4Yqj%DL&N7H2WP@odBBq3%G2<<(6pOKQAOC>Y3V_V*Hfk{sFIU4mF_Hle&~Bl=Pb_RIjrVSn8~g}Mc^%_9h^OEdP6GWooEpZJ}#Pp#JQy2T%*O#|mQ zdq9uXqI|`jUc;izl)udrY$Uv&-AG%L3aAwx0C$PNUBrei|MzWpgp&YkOa=?vtP1Y! zT)>c~5R>XFERcfg)O!)rO8pyrdl1O9TIOz=Xwz28VU*C?GN$V zXpI<*_2vYDFVbYu8Iyv6_%@o1B+`W#iI0Z|LBhmR$9@VKE&LksOMr!;O`8k zml^TS_5&-D5X;F$|!fxHAVC*8|kBl0T^0rRx#hPE^ij(NN^bFJQrq~km|D39)Y zn6I*FKcMO%6ff98uM%^6C&*}t1) zTVQVu=LH{!KHOe=J&6^5FM;fD1sv$rx?V4ru?#>*rvh!`%iS0-zUf`dXec7eIIQcW zakzf<91Sh1%7@N7y77g24AGSgM!0^by;&9NtW8H4dv`DXPX!7B&-c`U5n+hT$qWXm zVD&U&=6s5pRNA z?c z3k)xN|{g(QJtJ@o3b1AV-^nq7k+i+ZjcI&`9 z=miZD_?qbpiyjkSZO^KP4HgJiu#^mJgR5LpaH9@FsAP5B4#q>7&?r_W^B&cTgT(ZI zRSnL0)hDlLbOkzKU{!Fs4bD0st>tAv`abku`948DBu#mD9)PBo9JBia(S`HdNa_Gm ztss?TOH(JyqJMYpIWN#r*v;)NW5(S}r)S#T_eamx-@PMCDjm)Nzgt7>H_D(;8M~1D zIQBl>;eN5r1JG~Z4QpVIzFhFKVsOmQem(j5&;o2cKoY%qI)^b+N-4Hh*aIvPncGq> z{fm2(fhEX@1^NM-U_6$yFy5Y@ATr=>5y<=uB>@+DFa=8@mV3v~GHc!^&YXrVNaFOK*=@$N;u$>G>rotA{R`YCt-WM=qdn3cn>yX4xmh5OUk$RSaTsQ{FtJ^ zC%z*SzVGR)jppVqHQ_9QLmO~6UY~ffx%t@(_|n1M9MC)z8#;eGzVr<_alQDqn55=3*kC`o^uVh^*W=|F>q53W+8SGMoa5bE$2Ad$KZBa^i z2Hq}wG~v!p?ffT!4_~@izyN5#9GvNY$XyON`XzOZ<(!R81awmZDm7zWO+~!}dmP^Q zO~>{~z(|f2%5VWXW5^g#H1~NU*I-`+tf1PxU>|vX;-*_M>)QEyYn|w;gzdAgS|Si%w} zk-V^+C26nKwc8Y&*=i3F*}$Q$1IiU&mH_2Z$yL0fGZno-&!6# z(1+hG<@{_4><<0g)v%nynR#0VW0Ju~Kt&|{{({2+N^tR%cZ2S>pK@p5jh9)WF71yb zX?;H*sS9k_Fbm)^Vyjb$R9_piV#0)j;WXUJpRg zy@E`rgS8f?nmS7nntz^)>J5J&VBw|iV*)Vsd<01@=nOJ@3jjTn{1XG4nbm|Z_+9kT zjhP^J%u`a07m#TnS-*1-KULY{Io&)%etMkB7j}6gm;w_SpcKKtQSa$id-#~r7v_uB zfP&+ANZpcXLyTkD@`4LUKd5A94LMDB&15D^*)nxEjNH~UrZj12NI^^0Y|#e2y$^LrP#8oEL2V7<*Mlh;h4MP zHa|L`kzgpJkT3hOsvSJ0=WE|b+eF(-T+y%PPln5z40EzTKaGqE&CO?Xk2|In^)RR- zhbO}WHl5Jzj14Ffk^Aw^A1q@abB zqg({q)TmIWZ{aI_#iH3M9CN!-&=96uqT@$S-B(BD(klO?rh?zdk-VhX4a z^EQkB^oUfG4w_dNJR(_gJwF40?%kauMV2X06okkxwIEN1%fTHCX6{vy{fIfx> z|8?beOZRUz$B*4u%F}HX5L6yWXuf*z`dF=^X#81v0x~*=-T6r=`rfCmTotZvCb`?4 zD)W~yQT52ypXtxoS^~bDlcpTlda$YGSk2wue36$bXl)FPWjMVs$JBU&w}K`T_gQ&2 zmLy8f@#FF>hO0{i1ZDix_dxl-?A2&33+B0a<^hsck1x$z_28^)T-_gDLC@RAOCR8W zGE&h)gqI0=$+*{{B-NNt$eC9b+K_cZYfW6%C&y-#*_xvPa2rn;f~WWAGiQ|8eK)uQ zj#(f*NZ*ow?$upVP!6=H%Uu~_9lEV2*k7xBb|z5Pkd{HjNaIBi4t6)?rT8&;dbX|} zornjxgwOOL0HTCS?^R@$z|4}HJ`Jc(v89z_ZJe_vD5&Nn8Z5?FG>m0h*g;mA76FS~ z>Xi2m6FOzeq)9pP?eUcWkPjbo_W`NP*&Eo1DR0*lz>_5cS|VuafsI}h2R<}q`6$=I z?!Cmns+1m}57{@0bk{|HD%AqA7HqJ=DZqkW>zI_B=}zmPR$NXl#P<&W0tA~Bqr!Kj zL&KT45~88OjN*4r4=ktxSUYqV+PepMq)@s)B*p9T(3|{aEO2&zEk1s&(v7NP8#1n7 zzj~{D45UCtOomYPX5fJ2EVl>mU?vT3SySf+CRI@5z8>9UTxCi|jOViTv4$M>(C*7+ z1nKg|D=0v#fR3!=@y}9tgEyP*>?nsWK9`Q~G`L1QnEHW1h4W3{M|Xc6)jQ;<0q7Gb z6AK#hU-x(!!<5`>jkLZ>`ghLqRFsIDk`%-pUT>qyv2Gpzsm=SQK-O4F%;A20t$f zFm%gtm#xi7uBrDc&TaQzB;dzPgJE$qJ<5ApY{y1Vf$IUUEM}xkteLs)bf&nc0tkQ5 zF3_-r(D`H(df`}$|62XeyzL83iEyyYzqQ~ybB_h}yLJF*EqEir0lp5eV6u%u>O_2rln7s`Za*0A-Bh1BT^B?w{>@>#rm^6SR~Aj8AQYrOnxly zdlYfptCzp0{7pNM+&xSkuXp1 z_f)*2A0mG>htD(VP!4bT0eZJ1=<`~bA84?De9^kl`*sdzS>Y_+N$WxD0T=^|Jh@Pc zKNT^!5%q)t3W?JTRlf{0w^>l-Uw_fFcvxaO=$ZS3vRIa7(OWcg+;}jUzd|XbC^1Ok zdHvD~P_%oIl933o5b}<>p&ydnX8(r)S@K6pY?{EXguiq^-4Z15rIBUte$cq;f7F)} z0=jZO=$E&`oR%~Z9C_i2LCc2hx)i(`?2mFWPXi@JKM->}{56_vTr6yB_Q{q;vcbV} za(#qJd=G)Oj7cIj1topUCF+K_`Z>n&cx!>IxgCroezi$*zJ?C23(QZcG0W;poR4WS zhtFN8eXR|wL3~#VePex36P(-DA^@`vwuEZ`-Pv!1;xm{PIV7qdB0UVcp>I#xIC&rx<`wGl7A9(kIiel7TtLs&2Ps8rK0tNm9I)&3EkJi*I*M zLAQVT_L-vnf&l-@cJ?|~8qm^&SGHJ^Och^vN|0C3Rsl_-i05s6|DjA;+lxd5037e8 zFO(fo|4D*`#=MKA2T{w8P=|=I=LKC&766n9(dT}$JXIRRX#2T*PYX4so>AgeJgvX( zl*?y7Oew@6jj02UnxV;XoL{eBM4(B1sd#?41tlWNAShU%Fd)dA|IlxQ60HZM&OT#I zKV(8L{RNM}MuCLsT7cDt8XjoMzAjn&td%4gfWv%?g^qg<>$lI)B>W65WSy5q6C~Jy z+|$PrySx`y3}`%)v-}#+s~iDi|HEFR#Q(gkSQtQ3KY>UGiwb~Y?k!sg+s=EFysywV z^QX=~Me_v@DWJn!4)>ZQlMUDpXl=O~vEb_wKMNM}x`Vk8`@ii&Z6tjMSw3{YmN@O? zw^HHNXkIGl+&;eC_V6UEek0q5w32$&Iz+Mdud%y@s7-Mxf|MStCYs02gOgYhPTt#|r11T;f5Gz3D!qalioY2>$tSN>HJ{2d4 z%di8WAYg<2SfIP%3}|LZ{g*cY;Y!QK7q*V8XD_cDQgx^Uf|2Q0ljMp4GnwqYrE(ulaJaY48XWdR38lQNGP^IN)Y-IiQj_lm?(b*z~jk8tK;W1eXwX)qv$HHpqKF~!!Ezj$sN#$bO{@09920hPrlWGK%{CAgl zbsIh`hNuwVJ6cRCJ_3-j%8D;Qw5V%sAxJ%l(nZt5PC&Du*FZp$uZHJSmR>IfEQ7&d z_*wPgiDWz~ljp6$2nr3QjG3QcfoTqZ0$$G}=>2`ppj_jp1(*9@wl7?o2UW)7Ueu>9 zs#Xj{W?y<5VXqrrqe_Wukpl8NvdXsA2?^VK~cG*p(Qz zv4t}?h!P+r6CO++;n1L6Y@r`m{yVf=oyY@eRTm~B&qHdiB<|lf;)i6AwcC;LBgmtP zE>w8+w`eAaL9|XId8ZCNCGcB}y>KwVBpg8Eeh#!Yr{q37>4A?&PWB+!gO8ALiX15J zj&dI)&})Vd!kz$pL=)2;z?#4T6m|m~-Q->wLh03d7xl!)!h>riR}diJ&@n$kGs?dqFE?Os^bP4W!m^9 zBryBRx8k{OQ*}Fuk-#Y4u}|jm^$2qLm&a_wS9%#AkiPLijB>@3dVYYeCt-f~*#|?< zMF;!#gX%veaLvh9l@IBapAxPh&8{J+0sTH z6ie|M)U@NNq+Vk3BpXF#eDWo$!Ar)pr{esAAcD_YMt^QjZ3N>{tLlm-{&)*WNBauS2HM7oy8QEMhry|EwIrNziw>10N~NDvK#TDoh3x3-DW^4p2Oppm3^ z8pj5WbRS{I+eeMiHsq$L4eHPE5Z?l{ANirjfaia`^Mmo(^oW!+8}%!$H|v{9JS(=V z#(BJzrS&fZ9^F5Z&aBHZHj2W32_d))VhSQ6hTI{>AZCeQ-&^%s{q^G~xjo%FgrnKXFIpR6a51V0c;izgNB3#xX747&PT(wujc^NT_1-$uu^nKRnN$D?+ zCCE0DtyA>@{BhqMVDlw&d5N+R8JQ=kFU_CMPggU(>9U(U<)PDikAi8QeeMgZBoJKj zww~>;WwS>L(o>Qw55(nBYwGqfHcSt5+V}JXsa`HUeTnF^_vxY)ziVAC2mrJ6>A>lz zuP{y~t9jb@nD~7AJETA{iwJj7AV0y8=uWtdc`L{brn4J&1UXXsAUNQ$pOZ@;wk;y?W;9@N%F{B&P7C(u(xY1#60)73}v1@Oqe(3?kx{@*WM0v znuF+>{1xawMTYaNfX(s?`(s4=*4OG0pekKD7nU-N)dUU8qkU|LRsRCn92kXv9BzBZ z2a^sm!2j>TcAa@|d~Go<+JXZC=fnkQ^$MS>DBft)=e-f{rH=Vh90RNJL!_FcWV^$W z+q8W*T(MZhI&`CNgz%s{KN*5^#hcok`9Ik~&^$rlUAEzEr@e_C>Tv33UV}eMz9B&6 z5HFKXlYa*(?(CXJ6<4FgoATr7^x3RReX8Wz@k;Q=IO`LFhmxmUixQGxau!nhyjQ>{ znBvF4C8!lz^g8RkrC8W@>z}kCoW{r7MEUF_??174eGR?-dTI6#jF(_OAFCYG-1U(Z z)d(saO@i%Sbv8XtKa?-~5zhRO1VV%r zUJr60f4M&$Z(gz3ZPs1(?(tk|Z7`|8bDr(Dl4+#4fp4LTbfvJ*12lHu12=*)>?y4@ z0FT`Bw3S#V*6cMIqsi1HKv1__`N-7rf_}>NLX{Uhb%#^VfZiY2oh<7 zLj^9z(|&`meeClw^`ZNhovQn;6ctQC)rp9v#=a z*QbjkaU4o@q+*1bYqtgWUtXaxfCBl`62EzTP)F%*&H8FLWO4yz z&c1D!#>WzMmYl!u$QrV5*W`h824|%$=MXhVTz6vq9zfuP+qhRNp!O~GEFt2?!~Om) zOo7u+K0GpT>rP+)Fd8)R<1w}p2%J%GWfN_S_J5jwAnK3wQ%vqy zKVMAr3+1$ZPe)UtGRk7_~$!s!h7=1eqg6`n^3TESSF~BS2eVTM~asiJE>3{q5HC`=X<7!ZU zXAx0sn1G{drE=vl&oroNz^J^uPKrX9xcT;A?loylBfhC!KA*(`;2=A1t={RUzyzxo z2He~(c&Ozbo`31?1=(JIdULk#DyMM-W^VWJ4(|gJMrpXcNv6iqBedgXW7BN)x%iIA z*ZqRri_MtNkM5vsWlBW+k)IMqThr=y-;bl;t-lg5vA<=LPS+%=gFY=PA=KJEE?@jgnjpQW3%O`W7jT_Q6yD4}+NWP{#DA+>5=$=rHFAwRSAQkX>0XZya`UiO2^}Erpi&`{COrf@8(wsn<8?wsP>%gG#P6M`YEj ztm=C{xxXp*iVt$fVou16Lxm3^ zD0(B=ItrDp|K;sqWX+pF@Kdt>xgCyHNu1E@em$kz`oiz;eG6hu=$Upsd4{ojil3rIbsS#ZB;#jez8{{*PR;l%7Ggm@zP%Tq0C1SSS?;w$IA?H-ikggX0LkgG8L z2sAAa zWcLuL=CVS5rz8H*tQo?l6koTwvmKIvPz)mRE2~Oy{=YE%LYN-mIkqWK8#=sI6ZDc+C& z?`-v_n)C(=^7_K+ZrDA^Mn{)PfG=P!W|U5*KW{o4m_GdWj3i_aFb;1awbyHCb8yMm z`fM}83R=!dt2ud=NWKd#&vl;DjZ&DZPBxEf_fg}#5p*Q&jpjo zb1k?z-${H|EaLCg{Jhuk!GBOQ$bBQG)#LSpWyQP=%N8>ewm=2~ zwK{mS5~;CV3Z7)UUiR0*@4HOn8}1=5a?DSktTCM`IBs4wf^XfP!{cyRp3R_bO!t1P zfk>LRPMt`-l-&_@8b&&fxdQC{IDvD5EN87b*h0?)*a*nTrhvm<3!_VSQO-azgmt%< z#M1-huY-^9WLWwYdqTLW1qFwMv3}F0n31P*D|N~sz3Rw+eSAY?Sg@p?2MI-*j62xg z5~gv#i0rKm0h~JrmnB}@iAO*$wQV|c2D1ydQ^I3^?MSiVusUtXnsB#tMvfC=79)2*;Uwxv zABtKT@%08uwMi}Q$IwHQ|7qCKh>D;u)^L8j1||d@j@&D+i*vbMPNhEKY)(>5a44*q zZ16Cd^&b7PTLuK*H@Z1~EGWwF6Z!$>YDwMeDLM@`ejBR#1fR!4R~f$H4#!)#(HNb0WWrj=oA5b2ysvp z_c41COyq0#NYUVD8^YjgwLHlTm^{G~yhHjnV%N&ts|sM&(@jwD9uP*r%T!#GWMW3p zClR{;ENk_q8moM@DCPnuJJh4>W8b~~rPo-5`^9kKc3yX0&B45(*hBW(#Y4m`s%?dp z5_8WJ12WScQ&Kt@XvAL%gWXH25D%Hi+M|HEDdln6KEHjt++s|zY}qbek-y#giR^4h z|MT1+nEKkt+ry2Y9*0lw{xI-)09zw&`xp8GP7qlm=HTJtco|7(% zx@%&wH|Y8bekf7=b@$+ElHD&n675lB{Es9|N5YEC3A3JjZ>K)sY`w*Y&AcQU8Q<^i z(!UQ&WgGh*zUDUMF2X}%KW-pgk4AFH?oMpHKDS5x=+5U4;Eq2)QN7RQt4~_WEk^y8 z7NY*c-I}LPl+?rJJ`gE_NZ0M%%y-Ja_YY(?9Sw5n9lr~k@H(cwlzVej5=b2|Sm){E zO1xqY^9^wt%G|@RDvyNHDgU@bVC@+%jjkz@%lRk33>AH#Zzn1}WT#;XVR&Lgzv zY`^q#%~?rJ&SOx*iJ7!rP!e@u(Q2M)DO8Nf?D6br45#!=c#}&g^%rqf6Wswv+}CGE z-)y`Q+Qqd)Ox8ZiPt}9+LP+Hbk{*a~DAaspOYiNlKFk%A?g{b2wJOuZ<0dQ|8T78} zd+&ZfuX5+B^^`OV%Q1nR)r$w9xU+Y9eSX<<7)l!ut~fgOo4)R3zL~1=K1vb_4Nt2m z7%=gJH+GnNHLa!B{W>u>-%`DNZfA}pMaGSpvvoSq`C&9+|ENSvZdb#vCgAq~@~BzO zQy~^VgqPbB8jz{|-tWxiw*@p3d<0XPJVZ`uwzhCscM+N)h5OZ3I30FihJazgIPXtx zKdPl;cG@Be@NihXyrNy0~rpB|xQ7FsJQWJLla z*`gdEmSmo7tf^8MS$E11%0QA6|O0NnVCP5Y+eNep;-L3uzxd+-_* zZ4wv+3+%2bIfFWUQaj#S+*>VZwtfw+6Tjkwr3}eviD9s^=dK$64+HJl9&^V-uCY}FLBrg zPbyvHf#RcPv)056<>2W>^xUVeU1@wP zwIDylRRZ1%LXaXn<2lR1(1afsksJFie~6HzR!aH(C7xm=kNNwR57noT$KtrQYI~@B zwpImEiFGrJn<1ee>-8N`uM|HMBJ?YxR1 zgZ#wF*5f;vSpMZXKv4Gah8FDPxU460;*8O!#Ur3@UtfngrR=Ul8Ve|OwD{{3zcWv* zl)OP2w)NR{YF2WL6Lt1fkP8qlw$C_aE`EuuNH*IrU49JUbAm-{H`hc(1blsZofqlu z7_c5Ef_+4kDb3fLF+6_xb@)1OnA{WX`QV?AN9-6M61jsb)sT7gteu5bL}tQR^8?FQ zpY0Du&wJCR3eI>Ex8<}hew{PU4z>`4=w1FT5-=AXg)+*<4#gjG+Ly5;mF|g;Ll_Tt zx^-oHkEF3qZky<8>$rD>k9%^urNhl^ue!X4XAzDByF# zwf5z;yF@BpiXefxSeJf#}JS{vO$GP*x{FoZFQ1MbD&Q4;Dx3siSleM*4-qz1= zG-_Euk@yUC&zwCoaB21p_N+2qWQkl*3}pK3D%dvT&k{*=>QLKlK6KFhJ=Sj>WZKV^ zxq7kfeMR{Tb1;K!xX`S9+*?2K&-q?w8%$p0KlHBp_F~46E}p)^!;haM2+mfCD2rsm7#9JTRwwA`^XoYSygaqP+?3z+T; zEO|fQf2l7IX#x2iw1xN=c{w@5RDpYmfaYIj+Z)X zDs_JR655R4T%Y&fA-Co-J_F$&OX!M@&#ZfV9rpe~snZhQt%c5xaF1!~(MZ>P5`3V( zgEA=sgQlK(j73kcuYa7*^XS=PknJbn^d_21@H$hb)wq41Jbu^j?Uzjv+c#fG4Cgad z5u12A-)_1&0B{~OM10Hg`r@J>0ta+&NMbZ~CT_=*CGNYj>QvLRb8Yg&0`($rRPWp8 zCL%b7_syP5J@#Ecz3uRHasv!Iaj9DI84Yo2GEm4ODt)iZ-^GALXDasrFf8|@e2Me- z<^=YT2d}-2ujrQVM=FxeYvb{_*3y_7MDEzH?Q~}M5Bjkv&95Yfm*rq@CC6|6Jea}p z8^h@?%<}K0ljsLrg^)BBg;+=vrFQt8J_o<94afxVT&`g+^doeh3ZFmZXqmUCJ~xp2 z$ct{{a@XH@ASXkr4t}$9KW+6=<@C|pOHHS<)%ezVADV;=K$t$tX_arAwwzB`!B}ss z`OTuLa>6e0hULB{VZx1GLq(grmhG?!k5ZuqE@9tsufx_L-@K8%m7sHd_+uzAlM#S% zoRZ&6_C|!euD_=NA))a6R_wm*4i-79^yAfod@?_7^OrA8{m7CL2);u?IM}>CiXW#D zT!RQX>Y<=9c+{-b#qWyll$dPwCE)MkjMsVofzGloP_c~Gh5N9hODlyMq&N7^!Fj#w9f(?3#0byqd3BXGds9UZJ=i}@#yZF2_F>i$D+)knF1~M z_z5~1MH%bV0Sk~sivhvuUF!3dnaJB)5eZ^TNF_QV^>hoOH)jCtRye^~-H&%p+U~nx zR%oHxoR4s6;WZ|C$sUfu`Tcvostt}>am6h>0C@H(C$hHqBPW1m_I*3S1HOyVDuE%( z;=}nuj*ie=ze$}Xm;!&Zpd2_qZX2aG(l~is{@@=N&*N_DP!)qGKRb^RPw$7=`z-j$ zVs3OIX85d@QOG`G~a)1N$)57^wKb^=Fl`qX!Lh-1uK zPyJpZ*sAsyof@nqu88F3XlJhre(=4u$3h5Q40`eJ)Gj*|RjlArkw>>y5)8^(n8^U% z!a_UJ^%>$)0>6BJKzl=Hwby>(J$R+cr`G17qmtshvj)Z|tn3?EM$)XhT-1G|QT8|K zD))#h*|+G7HK>r&=E-jNGA@1eg#57tc)77E2aa9b=`$xizuYcJ6y)b|f4O$zBkPRAXK~EJecRsK zQN~30j9}^Ek|o2oBg@jZ3QR> zL&C;s^iCb3rp&XU>dzP8&RpSQvgoiG%b%Z{!F7h+v{j?CR_~|5e$mX@`*IEY3jp_f zjY{szA-+95N(P@~1!%X$)Knln0kSV*VzspB>h@QSL*j!uoEJad8i&N=lkTnaMMB^N5Pzf{M;A|v5 z44}ac-RVhBxPl0|n4@yW7ssm$X!=FAn+yozUX(r%<(+=t>hMt_N4M&I#3yL`qd5Cx zmm4O&c|)F-$j6nFea53(dlL=c zHh7G}7QTx?2;{kSU(!1Qf7Ku+gPT{-TEJjmitoJs#9l$m9 zFWHOwyVJj35IK3^(jV~+!~g9|JjsvLRpJ>FU$e3oiaV|WKmLn7zBWe)@DEF8>`$Fw zj_BmSnEL?l+O1gmlf|X%bl#V!*Zw&+^$YTrCsabH%VhbgCi$I5eAV{8$1?y{`;P8; zEKC+W!2C$|(AtPvB0`4(t8f3LCNKcza^JMNiXHqrh@j)C|@BW!J&a6%MIJJV+A2k_{P42jbnh$S%uh*)7fj? z5-lFu+-ht`$(#*7vT`W5)|pa)I6VanfZauCAP9B^a%ny1nrKleVg$OlodcF65)aY(f$ZKNsp zYrWnt&QaJm=zYwuszlSz`+h`R?qr2b*UMXN={5KB=)FIn z&VR9Chv!2%Vk`z$)%;u$2+T2qHD&zasi}l!50Wn>S0P2vn6Pa3W;7a?#LWmrFxG81}q;$yRH0l|EQ=QG4KaWIfyZm3R{*JPCh*- zwxbh2n9wH06Cskv#Q zow%@dXx1mH&dwT*DXPHL;>GLreg~giS=+saIXvcbhj-{lv^64q=Y7}6Gy5^DGU3l( zpkg`cD+{JKQsR=UB;7rOAn&&jlh5bbc1(G?)sgZdhxfro{1z%pIYeKiq22(hrcWM$ z5t>yjWBgvgx?1*`0ByvJ5|dnWzGjTcP$#tTf4ywef{h@0R+xkKJQS`a*jwR-pAhtT zQNc5^O9M|##tbaYaNDF$x>$W5p7HZ@1rWahxO-Qp3hhR@I&6m&pHTbaBv8s zdB>8&6Yq%1C&hj!)RM1Z_iokjX_Qh4cpP;B&}s2r0s&&+r;bv#Mmj@`z~^Zsnuf zzfgIUnt;-f@yPvd8e%&4r+7W!0xAISq29=cqQ$c7GXsBoZe&Jp*5_G|kJ)fi6jj~6 zY(591!iDpR@j1J=pI;a(2-Wx4Y`^S^fhKGFmlPXp1avU6MXpRWkMcvY^3s$luX3#X z>v&Xr+ST&M3L}zcjzaT38m9o!^~~=WB5mxIKMvSc8@~|GEZwhO$?40erFy#7Hf7$( z*v;!>wt@wli)oZ7(@4O$hZ-A2PR$=ih}_Et^PdWpICciAcK^u%EY72~e{eX;^~dU^ zx9>zjR`NMqK{(V4!VsdQ0*=LGzDRmPYATnCpwS98Ot|j0H1S}kSwGxa)S%G&J^L^` zmtPHL_9fcbkC4Ta;=a}?!h(s1Q6dJZd+-r*R!f}=+}e@J-v4@<1bnNFs~W|Bot1ri zuQODqyuINqS1adGS3Qj4bFdT;W_=NlqY|Y8CmRDrn7=gtQQ@>t}^Z8q8M}|T6nmo7~SlH7h!W=q=C-0|S z_DKsA1-K)8kyBN-a>N-OP;%K9$}&z3(zwS-e@548j$y%el=T*0hN{(o`@9c-ihy2q zJ-a{Z9J^td?UAt=&fYT;noZsUNvM|Mbi9A@0AVvENF{)5e+ZlaAR6$kFR&LMQ8W6E z^L!ch!x6#`T9cBm#oO!6es0PKujoM*QkPwLi-D_6=?0@#vLs)pTs51XZDMd#s@0~Yhg9&!{Mtu*c(d7yDHW$fvb&R;J;>gYV`pr8n|d< zyg#Cwk^bU_$5?9E-}aL^EI)x<$S82KeS`3>&2k!*3hI3k!2<;*Ug|e{90Q)xtEdz) zN!CW*K}cH-GyaGT#$w99DXbDf^ zzPuCW@^XQ@{>z`9Hkd5Es#5#?m8-M<_;s#MTyOu>pU;*>YzhGigd*;b*R>Vyz=juHEF| z`Mi-`S37}P+8FD*w;m-@9VK(KZ;#hz{>=2i2~`w=I+v^VTc`aLNFf*O}&DWXA(dwEXAUIi$R5A`6XMdn{j zO1K+yNZ+p^kb;@rPu(Zk%b}%O(zR2xY-adediVIXLmoQAIl))>^LE>c^e5+$GU?@Y zLVNfx8hQ}|@;ipdY1k;m|Dy#D4M@QgY+y|QIA^cr>=k;$j~wd--%$|wG}&`ZFG^%P z1kMKYcPd)ZOL8>SJ(gCM8wg-P&{~|p8OwncTH0@#RyxbM88ZaoCLjWNI2>jAVzdRY zAvE%-&WG0mk}^?zfP!?&BFqW)U9ic6_^LY4ISQ^5@+SvJ0Tk^SKBo~bC&!jnx)|Ye z;EeMs;vEx|kt3!fkk-t-w!2K6-eT-4#>sScqNIF^j2rnxe=0!$5xF?4l-AyfQHW|k z6%WHpZP^bOtS#VXE>e`)(^8qR#-F;?K|sQpeQaZ`p2KyVWiPQ`WUauqLw}L#WY9wM zDt@PH-f~2q)-+J+S{^h$jX84MAm+Ckzzmw?`!(eF7PS0wMM^$>lQtp_a0 zO>7*-q4u_}i|yP_7^ndB54#+~H)4~kTB322^}(-w*CVGw>E4Cy`z91v2~D;<2uQCK zb?^SNuciF4=$q!WIu3Rw6PDBG?HJElI&>r$1RpXw0G>Nvh7WV(A4`IcFWv^SG#G4O ze&V^(Z|k;K9oS(w9xtyZ6JPIv7T{a)gSu$vH}C&isy6QrWHsy`Nm!np%fp9sS^MtW zf*6V9+kKS~EQTN@H95$a50`t3`rh}j7bc7*o?x>```l-m}*i{gHY@Aa9}3qT-dsp<2Ed+g73(%$_btBoikP^8LUFsn+7 z7#_3^fX#g=rQy&5dUv6YQMcs#3l8oMRwtbD59xM3?pNaz-wcfSUUjG6Q=0{(;XZ+2KJ#O*VGi@N|4wDTIGji~eJo}B%So(Arx)FgYex=D=2|BtQOiaNL7*GM za%!IEPq1x{L);-4Y5d}P9rv^KruIm%DE${ToiVtd(8)^o_Wkv_@7c>}TuhU9Vpr*Y z3D)pBXZtv%CBmv3S1^_8qzh7qJee-WM!_@?(z&m*Kgfg;B7-BxKg#sY`=$3Ij@~9| zUOfK`OJw|#O$dZDe?=BAs8o2Y4I2|V>%oP%b?w1Q=9^=)k4d?|qo;8bS|}ba-j$B0 zyUigypiB1KYZt%j=BlUCHaWvFSOS!CFP>bZUMePSW<}g~rz3StkZlslzQj;A9*frC zZR)=LQ#Ou0VLX64V@*}~6dO)&S5v0mp59u0>U5kQ0^OGNULpyNmdD@y~`PW#R&2_w7Goc{G<>iZdfwYMDGCA2|-*zLFJUe(0 zy?v&^)$5TFPDr2Vfjk-MbdB08QhlzZe(#)^S%GfSi`4GV|^X zrBE6-4Y?vG%&|*sy?)vRKgXriTRokY+;mv?gX#77 zVqi~FH=NivY%uqe+NP}gqYDRG?x91^1Alox#x$miD(aHUhkg`C{#H!5<=3r1C@jr) zap8SdpTBW*T)TT!e75~F>H%5T5joQx&H>a1lPC8%$L>Q(lV%w)sO9`;6aYd+ zKoE&c^`#Sdbs!iYpoM0_}d#gJk3{5;=7%x5CpW(iyH9~iR7%=iKed4}8&8iK> zgGLUjMNyJ~agKii*2ge#>!N88P3GP}1L^u=Xv(%`}WCdRhNG!Ntq zh2KtqzB0siN$%;>W*?g}DJ^3@yM++H&)EkxvR7#(@aiED1*}tH8wN zWIGRER!}xy=B~6Tq=XQmdx@~okuZkUqn3Y;)=u&rojdc`H4}_EH2p0hp(KD7N-YOmtKV1>GG_P`tBhG()2ne3 z?khn5xhvoY-qvKR)@6Tt#ZLdVq#Vhs{4x<>Hs6?bfdXPDU1`=9Z^4vj z7>#K1Y50m`bJ8716)YU5@~^NC!=+MveZ>2GS^4F-Rks>c{^0GG@Y!#D zr1DmPMV^_K4p{XG6~Zi>=Rsq>fQ@?QITXK+O}{wX{NRm7gS0SPB=Aa)H{YOc-WP`PCFk7w z$U2}@UbJU2o9ekkMp1JN!xf@+oEx3zw~KcwoN-y0e)iw*1`u_rqdF#ft?*og8xXw| zl`TPxd@c8cZ8K28#jg=taI=g4<4Er{MfoLbWO5w}=)$hWw{jb=oNFV>?$5n-0Frmj zxvVRa^pgT62{Vw<@?&^8$L%03{zU~@X5Mn$ z5k=t9lqbCyOb~?|n(y0}#S}t+o(WhXBLsl0$jqUDAKfQ^7V(U@ z6fkqTI8>%7kR3xcNU&bf84c*tk2ZILGKFHGc8zg&X?X^YqEuV|LSmo#h!mZ1slNZn zL?|%w~$_zV|Q(}?;!13nXepZE4}AP=BS z7L$9sK-w64U@JNiceOpV9zeN%p8OXmJF0I4PeE&&8n;Go-_$kkU?fD?JSzV98+d*D zC8+a2-n%hPSjctu=XWRG(h!jZSM7(g6@gb%@yD~!y*K|ULcR1v%GO{|eud2mMw5mB$<{Y;$q~#W$z#2c%lO# zHpWn515;H3HliSv!g0&sj`h7X9$B{sgM)PgQL0Y{cJ+CZYu0PM!2>>l!=>O;$;yCD zgxeQeL5_CG^Ps&Dd+>{B!z|WMa^dN8tiVjjQfQg@?BHQ7gm`x7WIamua_3O3`^W7a z4n|jHHDkRCGN?XP#T+?=2|>bDNonQF?hQy-{he?SF2fKqgNA-Jq~kF&OhuyhqLxn$ z@!ozBy;EmvY4%$->%6f>J-t8XkXz?bS|}H^*`aoD*^lfKhe#3ITSXF`SlyT-HqRJ{8rHR$~vCVxyw_g%=5#Mv^f!jYkDOD9w`ODrLE`J@R7 zaSzxs+V0zS{zME4mzz8V`_ccvf5{-80;0fYA;Sm1iL(X4K=euIV{!2W?s|Hw0zpF4 z4X48O^?q`XG|jcWroE<4?RIa%3xdil?rF=R?zdV|OyLOFIwVHA-GzT^(pSj&w%7}1 zDLkEJzgRKpI7z=An2YaH_SX5X1~`*XNK-%EACH&zy;j?E^l<2|NIcXb<@aPB05#p6 zq#uW!flwvmxpg%Owkq`jgD-`&iu3UyImwa+%7a#aRaW$h07bvX3jlfuRl$cJZ)k2x zlD&Q02gsb(>qywI)4^gdW5_HI*6dJOU(@?}k-D#qYA=-wv8Mina@e zjE!Ay-QreDQZY89sQSyR%g;ckFC3FFCT-!32{xn<@oRilxeAF7;wm;}9MWu>mKay1 zT2!|g_)?HiY}tmG(NKnlR3VK{XNSzxE@>b_%UMZ){QJs!@zpVArRd@)D(0b@tDM?} z^D!_E#$q4h@1&mU-+n+YhOWJC}2M4Ba1$H(;zlhe^YpaK4Qo zbzz*4WR3+LTOfQtr=`1U6)fm5frHBXqi{kf9NyO{UY>S4&RX6}1!yMma=lykP^|Zn zJT6%pHoKSmec&(Mm(QWJ0;X{}YKru@WU=Vou=varXQ}a9e?)0c!n;{_kGt6D9)zh4 z(;t-YSoiYr3)m7@>-t$Q<2<&nb8s?=pST~lRoCd4?Q32)=#s@E!tV#X%cS1S6)Wy| zfXAbFM)lPy3K7I+>-#(rOKY5)Uv8Rnfvb|u@tInh*K+AudM74zW4)JAIM@$wQw<# zC^R$jnQ4L5(kkJmFJfPMa)db?U}?ev(pUK(aOecvaITT#H@3 zb9(73qLgk(155lFQF7r?=^WPGm!U1zJCqUnv9%Q^=4ASCNuLNvJzkzzQX#Tzn)r!y z`4(f%^XY=#lZmX>>_f}@LAYNE>(~>^VKy|H$K}I26Hnkv2cqAPYZs3Ykln%%NEh@F zJ#ab}SDO9U+6PK&y3)ARrQ&nDJPwq|A^>a}eCaAgIW+NK?aWQ&=Y}+`ddQxZvG3;h z<@M-TQ6E{DW~?tLUhz?*YUEKFKuJmH9}i%1>fSUd`8fDLeJ=HMMgk^}fSQGeg?(btQ@X!KP7e2^b}c;Io}USm z=PLW%vW4?jMtDv4@nXFBO5HEsO0yqV+YS(sWwxyN_Kwd^=3t)adU@GAsWnI#Z%@GZ zBW^44KyP_2OXDLP6}Pj!h{kAnKW6YRh?5nk@B=SfR314LAvjLI0^6Ky#12fJ`zNB% zVsuOwe;8LrF=BkOemPNLO|kpi|5~_*b2|ic)p_39`Q4=j)eAdm`xo}=)`w6rp4I63 z+n?_8Ch_-!Au*xn_N%g);BfCVg(ObjOX72vIc}azd%&$m>`}bk1&9sdC@c@CDikPD z_Fkd-JiYBNlmSV=@jcz8(!6>Px;fM&(YRhFvFCRMcT`S+?hvi zAA1OqJ-{#qP=T#{lJpp4V6TGhO2nmH#NsdW*V}DmI2LYlNPTV!nH{f>C4PZC=2+O= z3vT%u4hMAg5Zy}Y{2;>l=8Dru*)sJSV%mOXRgpe}U|BGde!|ju-1i7|v3D4Rn_ZPg zMjosu9I^N|h1*q--@MUB?uoBl1{U`@-#JHnIGsJA!c17W7HL#4Ofg^YK z%)Z9Xn6~#@ooZ&2fnIUl!ql;473QQ@uC|{u_e;K-;dJY;*N`4ZeC*fV$>fwjKQIe& zZVsMOagh*_c-5sBksQ+-F*Mj6@1QKX&Gg`KOi7gB%ehhSR}00P6f->kC#rV7CX`*4 z7s}Qxcf*BTGk8YK&L4AUeKb)rQtn3#hCZm=FZG$mYP0)Mm z%DqD<=&)34>aZ?kdQ@HvVuGzi$h`Cq5h}?kR3u|;#P>JL`ap9Q1UlbOkYin+CvZ24 zKYGWjc@!`>6=o=5101FDFD?7bp&s*Tp=*Yewkl?Qft?m)3NF-%t*eL|<7*!7B?j{6 zt=wc_nvdPSB&|RlK8QP^nlHxl4XE?kxBCgi7M;n{e&;oGuKWMb7qMk%gIEr8#za{f zA#Oy@82H#2a<68O7)o)|zPc&)-Ym?hHM*WG=4HcCT$AoonPZDa&c;qXTfXSPb^Q>q zh`B$W!#qWRdrR(TbL{>8G z%kd3~!t8>Fi07|SJg^859qg9nDBi>ZAoNS0w$eV)cyMYDc}j_(^V3Gv61orF5AInI z71{Yg54O?T@iD}8qC1oDli!RNu01lL+zt3Pw)^kQ2|otzwc%S*`&CH{@Z*CYPsbfT z_w()m0e_GtnvcmkNYB4cMRRc11Lc+QgD2elAaBb@8xOpH-_Kra!?3PVbtlvP<+Wcp zc3rU$_=#v%DZAPOzV)(*-wWf{bjc?Gq2C#LI264d4%`0uBpK=BSbnj1Om@5}0%u22MH4zJFd9agxEqoxgYCmn+GpWp%S%0^n zh;z&S`~2&+r=dd&Ljm^8k!*q`S02Aui3KPNWOjd(@aM2!7Vu}^EfsIXs5@6GH1?0I z7>UI47lFLqB>m3jrn8Q5GHWk~MmJ3{fPjfk<5b({>Og!7JqfNthhX~Uir%@(mn3{A zh<4hpmh(IEa6uq}3f_Woc{fWhtCz!%q_byz`Qou)Mb6%k%>j`>ZP=&bb?z4^|INSM zT*#BBM{w`oU85Q!Ks1a7MgsHy!#J9x=X`f!Iy=BRe{$`$-bF znD{b4tm5JTPTAj66k3_V;3gfFFY4}EO2%6PkXTBQnES@ZvEf+aPagNS-dR`Cn zF}Z#ts7`Vhpwt_R?NoHpGtgPlo=mNhnd%ka#21dwhTo5|O}bDfS`4drGwrB2eijMm zO>JXIcn3#{V&41CqdiP*j@Abx-8D;-`=X)$zN$)})q`*VTk%?l zg$-&xqx8J`dZG$}2bR9?Crtj0KHNJ~hIBv3Go%?E@nYH(K?E$Ax=tK{eai34A|J4h zP!F&1Z*gO<+!t>*!~?`s`nBEr`L-3~GQ=DpSZZ|GuN5zgI|EktUbLs**m*$5)jhr+ zOJR*BF~)(!?zODl4sr0>u>dkF{^%?>RFZ`Ta9`tJ?Pa-1cirw`K!IO!qu3w5%{M+f z&sWtl_uaoh-uj+qM3^s&+)BBx#mw=A@F9Ad}Q#0~|Fu}sd_Ds4oCi@e#2Jwef=xPLVH5vhh?O7#r(>YC;+Ujc1^(BV$$Q7UC|yp?Po&v@v|#K!_3W zjb&2kz-EMe>`XtvKYS;OUmAx4((N^8yvw4R2xVxB0I1@ocW}3-@*#?e{-T0tdY@G) zb=1f6Z<)0*!9v1trbWy5re6MduL=_+E^E5$i@!`JgaP>-xTz&a8;FxQkOp`2r(lVb z%RhfF;7(ii^^c_U+Ex?@qUbN7Da3|~KoJ8R9F8}uS#(_LLvXCL`^ z7_uI}-Y2lLAY>RJBFySpBR7CIpia_HquEl9V{DjMycPUweMCFSeoH*d7guQaO)TO- zD=n?dnOT(z^r-hYu46@Vytzl4Gek(*nsREj#meO^*k3Dnuy78*3{A(0ai^ncVYBN( zSrqkRP|+9i>%z&!U9s)6-Z0Bwllw1LWj!uLlX+A3?#FCX*iyqWtWxjYesMmJdt+*7 zU5sR;|COF=6CggRkeh`!RMbBq;tWO&bq)%JVS2Di=wBH3c#_npjr#s{t>nY#oZH(j z{@w@DZzw(A`NEmkhGxsT`>(R59cV%4V<3g%rteql*ShX@GLVYN+{@ijZ_5u-;kvQU z<+(wIeJ*TR46U^G@ZYguSOn@HQvUQ=E@CYz&|6VBz!TBUh z$Vb6|+NDlo6)9$Ys<)#icP?i^g0)Qt`ntz5Ma_Xkb0~!j-80?>;v9cVlkH=-jh7Dr%C8)yXBW(-)+*84)z)sZpO0Ry` zA||Le2rU1u3`(lnk@#E{&>KmHHHWbNKJc+Hx8mWlG|QErQ&Z)j{llLYCs7DfW!)X* zyTrA)Cd~@&$nJTf{HeF+N+lnRE${*C8$IfiE|l`zgNX!AH~!Lx#^T$?Ti4IS;Oz_K zvW)8qc(${&T4V<*`6FpSu!si3(z^{eRpTu{*C!z9tqB}%H0)3fbjAm2i ze6Au>zhOa8U~1^XeNIFe^C`|5#fvs1^N9A8;xs9Q^e!HJ|BQdj+0>+`$9bCfWYM2h zoF%vCp6Fhy!}ynMWNZod&)_hc^Gvu`q>!tl)zJ&)KIUr|I4a-d1&^+DwD~+T#*lkU zx3d)~SEG{eU|PkT(K0Og{3(LG!!^Y#CQ9g^0_-gm5Ym_w4sWNvC+E@tH_75byODUQ za{D9LYWqdO-_$}4l;#Oop)(A3Uf+Zs!nr9|sxHZ}f4PyIJc?eA76@6O8 zc9`mO1TR;VRLSTq%6Uikh9jYL^(MTc*!zx^vqq!YM<_NLwvE`d48Ebi_nXE;gZ9Id z_c=h#@{28T3ew&@fAL#CY)Q=yV@qY@-@&*q4YKWzH!`D#mwRA;Fb;*XekG=k+}Em; zZkSxKu!yWI9pMMCyxJ{4K4sOrVWofX*QtmO-)j9rU*3QFjm)&ODqPAJY`*;XaFzgA zun=4DujX(VUh|JGx;wk1=h$i;PK^1(B!W@QF}j|f@u6G+KgUaE+ZkLyCz4aiN4EM_ z>W9B9Mz;sz;R7t>OGws-(d^*%AnOlbtj~b=Kv*_yEmU_ zQWJ|WOu}*T#1mxz!F%s+L9J2984oQO%yZGM5`EBPIJ{-zU=&s#UV2kc@*UzXo{1+0 zpQxDoV4vY}SX8p&lLc4HGMB}l+kTs#s+~tYJ6~Dj-*d{?G!*8<6IMJ8-y1c&(|qMW#;o;D?ge zd`^up=N~3T?dIePFJsvj=kY<-9SV8a$HYuNXO!(|Rh)RJfDnY5?@twpAvlEu2rW@e zt-Ki&C_Szq+?I(J-Y12Q`K&#ydiVtPk}^_BlAVib+xrk^Y^LcCk%az@V%UE!%@h1+ zluy9>Lhubpx@oMmfC^R*LrSEe1jV_1ople~wuFZpq`gtCg0_>O*;EV&|ESBk*ZCL- zDX0vm{uVXDOmW(kv<{3XR9$d`>xE~i*Qdy+XZ656-@<8Mwkj2#iVfGp%gS9|30^3v z@ln`Fo`Q8cD-WAr)>{GICZTGx-)u&IHPU>VDMq(HMekRkL<@JVzoEcxLqSP{*lS|l zJk-a88lM2J#2u&XJ z0|Z-&vwh>!u_B-7CM3r5yJsYT3+h>)^TtYUtW7ORWi>L0MMw5ry{95dwp+``O4|R6LdbLM0>D()GX7W>LJRkAt z`OdqBCWm|Qe5fzFgZ?9S=MFXN?@C$$bQ{;YTUva|j@HaHERU+lmyeMy1^0&XP2W9Qi}x(X zi!MmLL;K`VBe`6-#dptU1ZOy2*2swUU-qr^$J}gIbVg^~``4=~0XmH9{Dig|K>^{> zQ{x$9`My+W9{Hi+BuUaEEN=m4qC%bZj?XhJ;)Ag932mygoF5&jX5NP-c4VYbMg4X; z^Y{S1^sSDTb~;IWoT61&2t;HE73~WUg8W9_cV?jB75B@@YGQao9~>s506T#*x~mYl zUoKE~(lT=M52cao`fgq*IJi4KeF;@suPh2qsPKmJ)eaXxgnP~nJ$d+U7IqUH(GSIx z0~_}#jg_nV(x)wgg?wAGfB*b7BJZ|yVuoILPDnlOVA2hzsOuFBqy9488@(Vm;@SLd z6p?*Mp)Zl5Nr9c2!Ebzd=!_qx0dw^Cn=eAw_)-5>+w4&9b`5gqncJuNHSELDFKn;RjQcZ$+vRNgWLKU^!Rf0pgoM9<2-;}Qw=K(( zH@bUTJ~}?+u%MzHV+kJ$qT4TTo%8$Ke?!uha5JUVBoyzauG&YGw}+R-$e5H5(aFlj z=+R)#7OPd&q3^TA-Hj2H_4+1Rn%iA~z=t;1%r)}u^qy9ye@fiXz9YOPiIbQ6MBbFC z(_-1#{M*M}F4rd&q}C!Q@^$%Woja{pxFg$}AHd=CXtW=P?;eoB1ig!`w}@hXmz4FZ zIa*g*2EGSLp=)2LO+QRPnK-OF;x(My*n>g3ZeVP7ux4WnuGE(tyb&qEyF~g)gF*GD zGF|SigJj=d*28kzLx85^y<_FuY$Db(alMOYn4X6DTswx)V&)LRU?T~1aYIWY)621j ze_T0VS(gv?7d^T4xA_*VeMz5tti-};dgMQou&*mlkhjYuK4FG^*(fE@V33)Py#;G1 zj4Euj#Col?4;q<1MGDh8$q!%EaT(_yQ4#XRC`lv>@kFA{+nqc≀SQF zJG*nQ@9VgKaEZb6Hw4lNQ6}?PJGXrb%;T1k@u04+X$&+t51&%I^<@6|B=%uVOQ^Nt z@e`h|HfS8Q?@UVr3{=Qvcqr0Pkf7IE(au9=@C?H<(H%AUUV6xb8-)P1|CJE_7!8>d zRUT4%G!`b?xRUt~@QM1Yf0ttVSbMxN>z5q8=^q`vx#Hb(Gb$*a4u4UeSD8Rp-#3}J zFJx^wxj}J$R!T)(qE;JJMDu{Gc@CoLgT@rJ&P6u?lB?pkFqYi5OpAM4Gz^j!H9$uX z8&e!oiFC7KzvrtW2+GXi+9Q0d_w@XF69tM>*yIsrx8&KNMKBr;FVa2JM|KYK-~PF4 zu*c|&`&?gG0Fuojk_I+k(ZWPe+tu@SW4+p|}z zlJF$=sulal)!TDK^i^!ReetCp3)p-4(|_6XEsTC_*-`J`#(fPy+Vz7fu>{kH=W@ss zRF~KZq3AV@UH^HsEW!y~>$XQiWbu4E2;UXtrJy0w#XZA>QmgYJMVU!+Gu$7b_gUe< zYS&2^6}Hgrzo4dJ`?01A+79&!W=qYlF5xt5tR6B2=t#GjJ5s6HXTlbg+ye(ID8dc8 za2I}d1q&tm*j}j~p)=6aK0+$Y1w((biXhi>Q*T+0pq)>8=2V!ZYB@#3(#K zw(WR%T}6^2#|tZM53vKx*S=*}?Sz}=ug>i^A^GGntp--vW-(fa%pXNK`Y^GykQ!tH)oUpQ3c665APYjzBbOvzC={SA&y+OAKKTd7} zEoZ8&myP^W5(h?H!4KZil1c&P-5H)MrLfNg9qN%7o4S&B#Z zh%}@|j=P`@`PSjW$G+DaK+2>ko2MZ!qFjF%~K=|vdcKx`J63rK3}_*-S4mH9GT+j@IErp3)Xc8U-ia#;LuNr^DCo02Q0c5 zX&sY40!?%uR&tx&F@y#}bB~9yBZl9&YCa~Br0X`(QwF`k;jqu=_tUR%ZDq=S zVbOSdK#S+b(5l41T8t^06@kZDAyYl62f&2!_zgHQF0b z71%5ndw)Tslz0GzqUIIw9}8j+pR<`=UfBag1QE(7J?v~PyL^BdI9e%AP)`x8&~?H3n2MlTI+Oa1$SmI zD8hr{a=2gdsa7QmP<9|sf$l2YzVM$MH*#F(iIrg*oDH;Kw!UbQEyLQftq7b3`CQpk z82sHOci~B)Kz7I0oBEND@4nzbAiuPYrHj}+f(k>QIOg$NGah+$_H+XoHHBd(1}LBl zcs>33IsmdHZ_ieINUzgLPp+sc!J^R%tmJe-tgGY~Doj~2ydK6#NA-wpOhcJ$8@>do z+K`)HwKr){9*4997o%VN=MW}rK9}LVx(TI!$ZzMKw7d>P_i0AjEL7=}o?3-Gmp`Fw z)|@dP>^sAT095d8H19}jp%Hgq&kr!MdR#}(AE18o>>~nWMNcuz!~!gh2buBx|;eM^$a z3vGHpiw2?-klfZi6RlA02_M4YBgeD(E892e|Bg|k!zO#+nWYD!TJ^J#DycTU>aWDC z36^h96OJ$&(NMlVM-I~lepV{5=Ol>}L$z5xopW)%;n~J~Ck7Q+KQqeG1!bLYBtIJ; zY?F;@dn|wBmSnBxx=&+x?lg`E--|YxnO;BWm6OxlvqWbv{r5pgDL8WF_UU`f0qt9C z)o%@lOL9>6EUQ3Y`12pupH`2H@>Lf%lmo6jk89qV1GFXPN9`WLWbtMVf7eMds7LdP zDe9IBhTt5aOnKZ<6nBoL^FWuoH0*&RzZcNaoB+u|OVNb|7&Mk5v@<%lLK61R&{Dps zww{tF1cMhC)+=5CT;TFMV3`)@on5FHeqOtkSKUEKT!h`u2%#oSc(u)&wYSVuY`^Vqdf}8{XkeHl$tya)|KE4 zG#)3<{;Z0>M;6TtG=ArLb-eKg6Nr+uoErLK#qod{h-r(k2a3qzs|y8zuupx@X~OP zeE^_UF7Mc;9}zN;uFQ8YSfmzMdy{DzE{mx}d-fBnD17b31FEVngXNB|9JWkTxxqe3 ztbKc$TGoiTd@&!63+;&>mHXB!2u1XRI@7G459jG15u=+Lr{#qHv(P7R5?anR?Ot6I z<^4ApxDF{T#WC=wDeIlST!W|BL&vMc(6rxKZN|e`Z(Gfpql#~(8`%8KI&+{ z&}>bz`;CYCoB{jX?IkyEWxvoJ*2gap_055tJf)NC3651pdK?^^lW7{>kHQ&NKuP-q z{|f5B<1R~3@^<@r%}?~z7QTM2(dm3h1$0%{Y0#qR!6y$< zNGD+dR*sQ%pV5PN`UxCz6TJCGtI)Jq0e!f^HFjT_pFQ<$Yw>fBXYu;Z3RE1rVPjA9 z%0G#S8rYJd7-7Cd=d_iJpLTKN>71X6#5=!IT7ZsuoUW(0%n}+q-4Gk2Ps?hSf!dg? zx?|HwT6ap3+2b+@5+z(O(98}$dF1cKop?{*RR5ZBW}s9h8=nQ{Bh%inr<>Bx|8Wed-#(THMU(s3ZqUF8$7NwWV_36ZdJ3x+ zDa^s;0R`5ok7IQL+Mf^3Z9lceBX01z;NqT@>+_YbA@DeP;L`tY50p)k6D=FoSptv# zK^=}7ELrj%=N6RYzN@K2e6|Zkey`1Lz=2{me1=B}u0C&1_`;3Bm&^NcX#)Q24-d3D z1bEW%$No_RBw*@!^h3KZ;5^JVv(9P{?#LQ5)bNopQ;2-G`m^;p3Wvd~g`0I`5x8Qs4~@&&e!Eu2?Q^=`M#GEd@EtEblI`;APj$=9 zgKVXf>_@0AY51HJZ))Gs6WO}8m@(sMOmr2JuXEEbEyXxA4!YlZtO5F&hk#G@2$tHm zkY?!qAjo6jiY(er-P{Y%H*1d6vN+h$6b9 zt)G0b;mfY51cCI;efC}qt(|U0a0-gmgh50^tFR3w(E$d8)*X13Q|Ybhe7o>1by94h z9Wwej8A~2ipcllznjHM*yoYYNaUIL@XogRigRQV!d}*QhIWW9%MFVc2LicfB-OY)= zqT2oO!-`{C-0E>(NN+WHV4h6}Lz_mqcb_J;>?p98qoi5Am+oi)1-RjGbEcIF2zOs! zz;F9@2V!5EMNF@I`-Lb|T~!cnsRO*UUL}1Ni@r1X4_OBS|18$SB;)u-CPSfyZ}!=Smfg<( ze0+Fj;-^JGGJd=+EE??B?eX}^qxS#}2E8EM6~Uoyh9IF4zpz=D$Kk}ET5O4!bX*g= z?w+rEkjd@qr|NLeFsAWsz%aF#o#=dS+?#wo^~XkdO?aL3vz!5W*(&{TCSONGg1P1C z3No^?)P(kt-{b9Jw^#0>XmCZJig%J@cdFc>?2MIjxOT?hN&RMz3i&t^M#eLHrL>}PIa9*(5 zFD=p;oekQjJ6WYnNI0JKg`Bd(^VSpSDHP%rlJRV#eE9kO+mm^ThNBLf;tv)Bq`nz%`GqIAPYA<=ao!`-s zk)>OVj6Is)9#`i*t`mK*efEbIaZ8FSW}?DYA~6ge>J^FG(}Vt9ZUOR^NzzS{`-Wo? z{Hm$AhKB;pko)z5-NkW}06D4g!$lC|@!^axI>dDp@4xIQxi9cX*W&$xo|cpc|19ru zoBHt|198PbRfKaspB_0O%7Yo4!;`x0A=ns^=m9|BHNrH(f`!V7R#1!C7AzS`Fz$w< z3Rk%=7bsnNhBusaQ9@=IsK~gq{wEMNrMENFdbt-KM z`ykkU2DQJ|m!vzykp~GX2=1~&Qrgy@fq3G!LH=Q>Ll8&b9L9bdLASrxWIuXA;`))> z=-B+lBl4$r1%gE@;Y3RZuWca1eSm{k2?Wi!HA(@25l9^Dw5706DMo9hzg$~B&CRri z$K!P(Lv%cnVEuVn^m@O*-(`;PKh_^it@M@W#bd{_#B7}Gbz^O+Fy@uVd8jmitHa;6 zlZYV-`*3<~KdvB#P@KOcM6^UQnFU0%Z)jDOlP7mw*9k5-5iupQ|cxntn(~YH-0tTfpS?|nOvJ7~9 zxHX@P#wg5WB%vHH>+|{%zotzE+emyhxWuPEcZA)}xsSaBIvY6%u4k>GnKe6ym#8LT zm$#jM$GCb*c7~=9!&g%fgYcTcyC@24s4gM0Y@W3y`_(gF4=h3Z6=nCmY53ld1AvTo zzR56$#|`b@(-!-$_Khv^R7iJz97j4!E~?YDszQ{^*DOBK+(|n8jhyri%`1>!bE@3d`OEM{Z|oF?fKsy? z=HA=)#KV8JT5rxFxP<$jUW7CNC1l1zsKeZ-x$sfCsbkq+4Tw$-psLdzz$j3gpEu>U zHqJrD;Gd0-CeN!*pe*y(W&@S75$f&sP}?IxR8=aQzrZ){`^r%2x-;K$#f_@N6i={- ziI05Dhwk=9+vOE~haC{=mCihqGbqTJd3{;|`m5g~VI;MCLvwH)f49n`$v$o$zR`U7 zpME_U+V8eelcWWSY1Hra$Bp~NZ%@f}_}SNprOQv)ZdN^`*X3}st1A;ag12Xhi9O#C z{hHi*^GCxux?ZF4fCEEjFuLiDV1u6j^>WO>2f#m-+#k zn*1K$$n3J#EPwa}GmyniL-p4HMhmtVg~z+gMkj_lE4-J=+SobW^Xth2Hg zCjn;XC$MhF08wr!E>Svou^bZHR&y4djB4WoWSMN6-f^x9I_)rzV`u$bTchne9XV3w z=6Bh8n?}<(=ViJ2C$wl_q|qRQ<}_W4GEB5kKD$2?vPDu?;&qRPh3`#hns2_o#zUy7 zRmwFjTy9@mkIj*20P0$kh5gl-IeCK;Nw?cwF}P!ZGPXej$}1V?V`9VjqRsf=N$`Jg zxi>#hHExNMHBT@u@_*%Pj8^nGQ3SO<0AxKdKh|up8G@9sY(IZF@_bO(_Ot}8H(tMO z*6+rP5uAmpu+&o$eT_`og6TenPk1&j2Bi3A*r&utzS;rWx zoI~o64=rZ-6y%m4?T6{B-e*C)FdPJq8&hdb)iDXd$!J;q{{Z`^Cs8rFMSoa7#|fe1 z*`6c+eGkg-ieK+SFhzNqmT>%JRY(?lA_-9%TUF1ZTTJ|PAvZ=ow)~-d`R_2{Q^xwF z-S?#5hWaWsndR$e_)BF&pk@P@+KvRMyL!5&Dcs(Kr;wty4$c#mlWYa&xa@cZo_&1m zOGT0$4p-%@$i^A_GtXi#&n2$C8`8xK$oKj05mHiO65rLZYmo8X%c9!fm&E}l|5%hu zu#cQlfoGIZ=kZm20djYC7syJG`+quzj`io!lw|cA^`+62vqLr$aX(+~`}{o5ZMDDs zD;!P#j^l1V6uw?Um*#v1DqSjR?^@4zjODZ!#$%SY3CXrKu{Tr`*XX_#q2Y0>c^UUB zPQjx!U}Ns1K#NZ?D}6AIl6(k7&KOlNF=Eoc!Z+l!3D8552kpsO@N8?SWZ(PWbWRRA zQ%b|BMY;As(tdqCfqw9^AK%BgUiihz;x;hnADWWHvj_B-VT(?U*6sKCvL}0VNxtkF zE#Y z{o+X5qmTN18SRKW9zzodA3e2E#EYy*{Ijygjg-@@a^P>!0Q6OgzY+gsA-cNFRauTm9_<9>k+K%}265 zQVZE!SBr7L6sznqJ&#L>J^_X?RR;VGt03YrsFqvuIe(ySz2y9fI|*6t+chI_kmOXTe|*M~=)EU0+DiC%Oigo*6A)Q2oNx(#@VrH{ zmi4n^RZtxq!y&sSBe8b`%}jWQXjafFptF ze`}r(y)D-Ywx)jtdG8J|80vKS39GjKjS=xEE)#wwl{77ahzPUGs}DIdyyL#q24c5R0M`aX+R*|8(a7T7mt1*L}~EP4BY%-ou4M8X!@rA|P^?S`ATGM!V6QO2qBZ6e|2vW8 z`6D=h_cJhk<5VHOkc4sLqT~9ah+C(2FZeFvq8@1|Lyw?Lw5rb~=4mp*g}wq`6WU9e zr3^Aj*GH+J!xag4h4#+XI`kN$U>=ftlyj+4_1PunvwAV&ehs;zfUh%w8XRaCOC?|o#%6$)6+IwxihMK z&khJ}a_HMm4;mOnXY^Z>T^^GSdXKA1y#!d`6~>6p=%VwV*LwY${K*On=XB6-?iZ40 zsNl`Ugxjo}PCzK%OSgTRI3pu=FUR6csld%FsQ z#zM}P2yc|6ABm28(?qYpZg3zh{Au)g&M9pEyt}{+JjyVNj4h3Nr9Tf-xDniXQ?jey z^T|_S$@=m|n>z>lWfu+-y4*djDABzfmAOaC-l`cQCGC52i`$)mk4|ZN;;Z8-pM$@G zaaeo?zBU_Fi~c=06T>h^{p33jD9th@YrdCz3#LBK;ExruM*G|zeCLUZ{Z|cD1zK^` zg+)+ar@uULjgOSd>J<>Fm3VmKgCl||*^?ZyH4~ip8P()VJ|OPkjzng{Sm5ndZsm85 zINP;u@b4o(pjr4^9=0A<1GjSaIK7h9U&_W7kJk=$19U&HsR6v+$FjcPVIcN&T4Xix&nW2IMZ|W+F?uTbxy8Q=Avo~`$h94VcEzm!40~^_L zfuJ?v%RQ*Xs1-kO9FSCLEs>do?&`1o6C%T&KIRL$hmlaXBJqm*F$bXV_LarSR|6^HlU#O3TW<40gPTpy*k7#10!({`V-$>d+v zYY}BT&q$VaO{tBDMsFX<`EyYc^H){p@ya~k4T-)|;^_x3$Nez+XCcL@_~RQrKc98; zaav!)n4pwrAU_V*OJ-oLSvAZE%D#h92u22kqWvuBkO3~)*S>l9K{u%?GjBjp*d4~Bd`z^=IMcqEKYDpTIl`gRDRSF zJ%N{n`^sKt3Olu}A<8(gzteo~lh@lp9*^9u!W7Ku+G7k^zkXe0dtb>?WBXjf<>zgm za{*wnrS?&0U+yoqD)#`Sfq`-n>1Q2-Ui^~AEvt~)x>r-)c>@I)>aSs`{Qd)1Aj95( zAYxl#5=_MaZjSDJ*(c>a5u%Km1n?GW#n2L{;2Gci{1tCNtRzo5{p2LQU#5|W@c*kS z5;Pt7mX758d|bnzG=hkzE^fWg9R<=K`$t$O*s62Cpx=H@X(QIX9`;ND{&7WlJTR|{ z)OmQUsm)iir;k^NpZR6l!Wv_{Ika{2eCGKU6&-C$uLDpXvD?L^FZHZ?G!|XNo@4n9}kDJ!O7x6cHN|*+s z&4w3{WkB{i{GlEaOMmYlz_pYI+kFiC?)a{}BbyXsR6;=B?t(b9MhN&Md!H1pB{~f6 zlZO6%)&1Ed^OD#QkE`=|;NB9S z$|PF_9nNMaNSPZ-_rQviBEI1+_tHfgXEupRloaXOnd$VY9<*Cf zN%iyiD=fEr7{GQWEkVJD^OmMt4U9%JAtY2Dh1Y0d-xm0OQibip4f-xr(4SgCFoAVx zf3SXr%ZL5-!V3~a?s-5j6s(2uvi5M9>c=bb!MaS!9EB&W+p&{kTq;2`+{%520T}N4 zQ2MP|4UeCN9Ha;V8>rC?qT?}VaF^nuI!BK>1W4ki^$Qih3HL-7E>$mlOVtuI8wrr5 z-B?KcVkAFjvo@*REe$1Y?4C@fvXlyuc1ej;)T z7Uu`^P+9g!^xVM>AOi5H7;aGxr7bZsM}KDi zK4;rsNZ5sB&V!ZY z`DnlaF2!JD?@Mq@BC~dw!3Dd7#_-35pqAumCG+SuFMj83ZYV5g|c+$}yIBK&;wc#5^+LQeY za3r)g3{d~5)tAg&1j(62NSVzc8lWVtovtkZav|2uA z=0axeWpH8&h=zuJHT@~1eBxW(zJ&Q@e=lxxt8~S>$9s1#yEJ={{Y(xufOKso=3FHH-i~QA;0lu@lb8! z_4|Kh7|nj>*0TfO6CBU$2RoPV;@<9}lZ+lf-qlhu(taf}{-_Q21!wlxxYk z=dAvom%ug*OH-OJff0nH~_xYQX0L;$JjwNg>**OxOTi}A#dm> z(l|cG4_;;Y8@B%MHe1K#c!M)|=TieYKmN*{dhlf->w@~=OVp<<<6ZZX<$k0O?kD=> zYzi6f?dyVdzRywL{1`q*bbOEddb3}#VCh{KU-vofs%8fJ=!|*(g-Xi6Cn7}x`2F%| zTc?wrRPr!Ccln5BUA>SOQ<{h_C%)E}^k@wx?}2+nN?vb$@T23ZZyxi)P}fQ+_%~g= zzqehnh2hj(PWmA@l<`4wUFWFbm)?)j?yvCue^M~P-G)bWRWNfgBRf1SuHHHQzM{?Q#x;BRPgE3tVIrPMb2@C(W#Vt*Uy2(j@9DsLWFroT$#Ia1Y-(mQ{ayC~q#DF$mfht@sB9Xps9mBlzYoO&!VPS6DPmZ~NzjCMx{j?yK=O;=h^$qL=4j z|A-&%$oz$#PwmSHDYOPojFg6Xs2u>STe`E)4kglPBC&K4plBm2IeafrjJowhaCJC zfcbe+5P7PG2M52OWGpWCa=$2NinHB)Ys+D_ReTyBkjS#9W_~;gOzUuc?Sv;!cMion z`|^Q~iPE5q;>Z*3seON3RwegqSmd+HU6T2dA&Sa(bT@vfa;L~Hp^A~iaSu=6n}@qu zK31QakkK{H?UByLJ+iOl@T^HyUrN^nX=^D^Lo&DyZp5CPX!kdsuknxGkLmZnkf$Wa zzDZoZB3YtUD1b2sK`2d5lzwRGE(mA82{K5w^A0{Z7-gHRi5RaeCpBkR+25--6p>T> z(bqDT6a|3_!#%LT9~L<-7TT{i0Kn~iD12%G9p-w6Ol;B<`*q%@Nvz_r5dO_bh*H_FfHXLI*Qqr9-Vn|?R3vNav4l1 z@vTYjXL8(;APVJtl6l{)RKfYpmtGxGr=m}dCTzpoBFPEh%hu(WZ67Ky)l-*U$_5Sz zm&;e>efj~xAr2B&L392qAwHn9GxG{v}Ee7}7`u2qc$IIT4c_v0qx7=1JzP zlj5@`k)p*J1Y)cnLF%?ll3vsHNx~)=IAXDw@v%WLC(^}heZa=M7od9=9lJLcOurs* zod<4IaZHNR$fEF8%ERHFRK3Dl(aTTKtFd|b2swQ&p5+imGA~K$i01U*Zku5eOsGWn zeP}s?L8@j1lT^dGyK;W>g#@@#;SHSQ@4Z&iju976e*6N-e-E~xnF9iqadBSX*DHhX z&3ucOjY-wWB0UdKMng`+HWs(_zZd17~!q9FCB%mEK>4`yxHc#%}YM)463OG5oAo0E_pj-HuG}%$HIR zo8&kUhw4}-5b`HyN7z4Yv=0Q~76QR`MfPG@65RmjJ-7bWctBcg;tOq^#RQ}Js#_g) zafUdRRpk(K1Z?1489x_3aCyemEJYlRp!xY z?B+=%2N%udLpOqNwan^+OHkdhsPNs@RYjDyWutF?eP@2?Acash7)_Dm`QU~X`g0t+ z0dWjR@mM{8m4o$@--G1j_U}!dY{8@p0%H3MSaG}bx>^6`wW5KZ0OX+m+0$c5Y_Dw19M|;82U=TPfM@Mr1Z7FY_0K* z!uSjbW7Vin%{myTYSy;(jz0$L$oG8iF8WfA<$*wB>pmfU;3f4<8!vz7NF1qP<`xGc zkbmhO_<)OcY2NWma%T%`A5s{KVx`f2&od1u?cb7%!3u`MtWW#Cz_6vmGrFecQhqtA zY9gT+mF<(Es9dKMuwbzlKKRMLKv@ATIj>?DPwT8MG^yXe z#?&)SC~1EC3SzPoTF%S6AHsT}6{g|#!H^sH=roPEP?!R5{C*P|hwk{=Ocwqj7?GKu zedLfIt)V%x+m}UN<5k8>lElj;@_~jt!5{U?t`j*~@N0D;is!;HKQ^!(#=!uXfiD!k zk@{86es- zYJ0+DHv*G6h+Dbkd}zXG>;9-5J6avC`Xe$SURuijUeNfc*y2xIQDohA0FDeviK1ll z%ln$_5l?XX`0_hWq~gVO^XFMHsqYb3l$my{Pw%C8l@Js zkgoa{d-V$IB~(HD-8?zgK8@4YItYRA0wkw^j}7f$6D2y=7Or~pDa;CAns3s%w_xN# ze1Ua`9YR7~pD%KMOa3*{;@BQ^BO^-7{ZY*X2rPptw z&#e^-b&x_57WP+t!iKN&WeJHl>M(eY^W{=B<5)N6wy7k|X3i1k(~#KJ6L!UfRC+*8 z`7<2rgVh$;#BR6mA*p*?QqB^83fw!Foa)T+@mFc_D6AXu&N!|)B?Bcpdjuq0n&tbx zjuVIhXvKMAVyek7|4sX)3#MCcqrQ_49I}`CVsPFoKLRw6=IBYU(}u71wL6~JA!2b| zB=4SHAI|&6+Ca6N$IuU_3r-o;j!;>KJgQR@36JnXSM1>qfRK>!$K-w6EjyToT|&jV zUPmkxzu%86Vmv+;!&ATkvPYlQA&^gax#e&n1z>siU}0mvT+coq9LxB7;Qhb?2+$@) z;|n*e_5R{mrUdnROLJ|_wJm|Snez%Xn77q8<%-9Xg^m*c@LgY0KYm9Q_5}|6?sLCg z>$^mu$RFfhg^vYpW-Stz@eR)JWp`9HF8CH9_!0{PmL>ZvUL=FpjfC&1in(=7l&#q( z{1?(Srt7+~IP6hZM1C*25csbQe~OB6>4DQz_$iujliQSM3G4kDbqpV(YJQe}ydJ{D zmb%W?4oPKP&dz)W|M`YCCr| zJZly`#8hZZ!}lz>uBWtEvHKZ?B*ZS_`i+M7ZSZ`fR3C>z_)sv~v$UsFE#Z~a(T~m{ zDB35jx*W-d`0IW^!WLVg9h+IP7Sn=)|2Q2@TShCk?zfZU1ZV;I{OpG-?6bcp9}#9P z^W}DbAK9YgjZL!opvGj4!^rvobrdPlMBxZ?tHP4TLHa6~z%4&Ql z#&jBEs@JPKb`~F_cxm9IX}B4FXNTV3Ho762yYAuE6k|*g1^-Bk6EiZQx~|xocvR`$;?tNa*8NOV z_K&3N+EP^8qQ4|b;8CJTkc{#s3QCe7`RjX9eMjBXRR%=ZVTBoFK+4+N)c5+mk-K$x zEZ%XS);dg(E436a$J4%6?Rt)AefBd~#g`se6P=3Jcj^u&+ITtf@-^S{hY_cP=zwbQ zrA#}v#&;{12LragWw6ho5ApnYyl&r7%f4i%LnOGNxGv;dgy7t5V*tGk&@b3O-5ylJ z-aJS%C;3`UD6Aq8 z|32-wY+c~W6e4-%L`ito7UlfzN5MsRkYHuIF=D7+YY&FvP=@cjV`E0B+ zFZhpCIscUJQTwXpVv|N3BHASXEW%1q-uBr-6pySo#vk@l@SQp+CzQ`gy&zE%;FOL& z{s@68vug-ezm>;~JMKs#kz_um?ajPPy9`O8rOY;#}D|s2T=um)hY4Q_(1%VU+XLH~PQi>c1P6aHAAIsweE|=Jt9~fdr?|S%9w9b7!U*q5RV3TUA?9Mz z0iUuFaW{;UE8Svn4~T~S(_zVsG?TomGF(~bM#}b|Nx^2*a(oiT>xVgY?$0)UQ%oD^ zNv^$&4tTOaf^aH9cT+)P!d2T$(2WEbd)}=i2u(DAKl{S#?K=%Ux^wF=1Y4X#dlCx& zX1O1qmWSrxwbab}pYi;eS>XZ$O!`Gb^_o!|rpeIG;*3N)$}Hh=A>z<@-!DoI$NlR_ zq940L84`cO1HpZMd5+_aI3pDDdjCmHvhpZ9AL&;()R6!*m~`*u=}J)cmkv=dW~A+! zLIyoMp2At+kLW%8PDH5(&fq{{DgB=B_ZF5IZ}ULz!)ZNHWywT>NNrMvAvWfY3-0Z9 zfZflxy0hW*QTXyDJed5Hbp_CpQh+E#*&_7^eM|~?p%%8MRt9kFX!p%cyx4%6)e^r7 z^Q488HXg@)AnqyG=QO7NvCSLmV;P?^enE*89)FR^1lDnYz|X@mmH_}GXu!3a;w#Dn zqO22YMyRpY=T~vamdA1R-0^!I2(caI8=t>)b~);R`%TzCFL%cq<5{=|CWQezRJK11k^}{!wLX}{ZjT>F`4Y|tQ>D$ z-Nh%(iEWU+E2o3m0UG#Zr|lhT+r#j8!4S*OV&AXpw!<2f!%ejsLP@NcmGw;}MX@|@ zi^*pL*E;R-y~q!upWncNFpazx4NDZ{!agoE2hj_>{|5*)T4nrg^S>7V(Xm-A1fK-Q z`Qyv|wDrm0d`e|SCecnEhzP2Hw+T)NLen@dWBic5{Zb!8G9`*dv`Ntjk6vre0n#_2 zOR@y?QFAKlh|G@2cpmT@BA68JoH9|>&D zz%J4y!S)T7JY1{&a&@<#ia19AGm}jqeG+NLx3z7ziL3djXHNck8hSAu6zQ^(y4pY2 z*m!za%LLOe;cEG&LNFbpaL2g_>4knX&V^4hbMtVyi;)^mE_3Ya#)Sz=t<0D5_Pg#Q zu(dh>D7K3of4JWGybjz3*w~*GZ%mLx>@Jh5RBM7_U4Jy>Jrr{XCKG@63t_>boTHEL zJyihU+G&Yaa<;376-BtG#(A~kaTXkEa0E&ZEpniI(1&|bJeIeM5bVnyO}_ks`DAD0 zOlPlMxtzN}t)i^88+lWQ{tK&?{UeROi1%%@PF|O*Sg$5?GhuK?d7rD-(c18fi9JHc z)-hfTdJ}bZK*}8i`l!}9r}j2~cQJb8kNj$)9JW2)+qtZxo}eT(JT3%;Kw|4VDG9mj zItVaxQ`up!JR`fm(~ifYf+~E1ACb{C-+I3%F*ab6U8gEgGOMJY_vfG6o3cke5T4fQ z{29;q{g9WAkp4CUbz|Z|zp8+Tne7Qk3S50Sh8ZaGV{udnVd@|Bv>H>kB(@1IdSBZD zKhF*X;J^C#Ng{-O)LB(})7u#{imhhU?Cavk`hFKG*q4xA4wu0FHLqxUbC5W@08pBA zaw2Y<_W_=z`!;iQX{&L7JaTc{n#*(^niA0kF8eE*{> z%W^{|=AZMGM%(R3K0#CmO=R|M-K`wDfE z#y7OXsaSA-R{R>D4Eb&PVo1@yqiu_bnAA2u$?wPkv3Vl`|Mw#R8xvoUlme51FWP39 ztAwJe8EU}HaKBFb{DG||VER8KaY`M&$@6RUIS%=>Vo@|i_(Xpy4iT!d`ct}c#A9XP zWdS*A3{pixXd?vQ{Brk9>Q+`j%|!_whe6T{)wHE?Uwb8C-xKzKgC}hgH7tZKA0dyW zsJ>Tr^4>nrkvY385}9M0!RdqDMIUJ|ONP{alw@8Mp>QXkq%m~o8igwnR8@RP_)E|6 z-T+0VR~XR0)8Rf?Ou=Rg1j!{%ttRywnQ^bWVINEBZ|arcCT7j{Z-qcl zaaYvuY+A5d*$kEMz(5_*V-vBf_BFs8@A&T&_~s25e_~w7p?+vkXAu_R2=!Ksn7A$uhzk_MF9d+)8Go+Bn8GBlCC%JhPPDBNC0i%6c~z8SxG zR_^DXvc60{xt`*|% zJtaO)xQ#cDGWJf5p%6D?3HA}@EXFYF{c0=Q3zew1u%{L)|8t5z9OM;w_!cEy6YWYcf zZ!qy@IQ6_2uG!^Hu$l7w_>`2tRW4rx)7g`*-~2AgDyHbN^zIikz_cYt{&JtVe7B>l zrtvqoIEiigQrG<>k7QPT+7T=~f}r~NP3^I)#}}tfYxhgiAgvsH%t7u{~WYt^R!9 zq56pzmWoNzAOf*;v1qne4mr&83f(zRwh$DBpKI&4=KY4;Z}ZVT*i{|Ia_ydY@2e}T zMSSQ{zK`syY_yYxj@*^Q3qP5xbCpEzq0#WR?s$kuHE+KMo*?>}zQxC$Gu3H7y=!rU zRz|$<2ZxY4k5m|ww+mk@PEYu(pgJPuof}^;zK2W`WOc~j+aig@U$L3HC0{6=7!bH(AJJ75{3*qjOmic2JMoa8qM`n;xOol z;LMege3~b%-(BbS?|E$Lj!uSa8X>0H&uhH4lzLA1FZ9RuzhQI{{gBo}?_2h|ic!U| zgBNHHy|%ypBxht*6#->J|K@`yvDU-2dFg!(hkO1IntjX|S7&tWn4jSI0sRTw3xSM= z_6-x%%d?n_a8GxsV{(MlkFkB(u>-tSGNI`wzxI%8++QFBLrBP;w<|q_%M1&FNpRn= zb>3szEq_SzZ~bBI5e#P&sxP~}9N-P7*RVhDXV23of?=WWBrFdlM)Fk34K!_RID?$c zEx0HgM-K0}5kgdSUw@{O2u+lqbEdey{*LK|x*rs5hj~HE`7jsn_Wg2t9D5|cS1i)P z#2hyzaF&CL8pXC!H{&Q;tUQTu-P&rpJ;hK_KD8?xtUs%S%P&Bnk)ad;-Hc-)tgKL% zox=5z3v*of+}_1#jfhu6UZc3Iwse}h$Y-K`*dCyJ=)d3R@O$)J8k;6aK48awDe5^D zw}@F*9DSa?`&{xyAa9Ffa&Pm;?I1_5(Q3@^?QuL%C2{;n^9o#!wAT^u_mE`N`r1Ry z(O|^uX|bTHW?$qv-w(w4ozo52{J}+GZ_o%jy?hPUFn9nAx(E6ey1K=3;xs!QSRnT) zr$Gk8yau3QPN+rS?u?yMN2HF*ovge&4BGS7^{5^@VWCJd@<$Cl@b2do0-b@vD0tpkvX1kcf}@u z;jQ`l?ZMdlqqpRK-|BOqrX*iH3}WUl3@yAF=^oUy>Rg%JG%ei~_ZaJl9{rGx`zhup z#>GtRLdrZ(1N_lB*F3xKZ;Zki1{e*Ym$v`l1F|>F=UrPQ0gV^D@6S7-5kKwgyzkLB z?Kp;K^L2lZ+O%vZ7ADo8Gl+N&4hDVRK(TGOb5#MQdlXH6;R8}*eRZ7Q-qnYCpI)wH zPD8b?a$^~xRm1OVN2lF@$x|=s?GCQ&OpDwk?nCx)t#3T~w>Ma{toG}S!U@PtI1T)m zmPjryxy)}_ghVZORc$Ul`YxlPn9!z>oSIOeraO-zffyn&q*M!Ia zPd|;F2H-J0R__po2~YoZ)twq-N*FIEM5A78Kz8c^Dl2QoT9OZ=pWq_eKeqj`8<*Wh ziV!C^XSz=@H^D_$UF5_uYpSh&3T)jqeeU%%)P0jmCo~To`J^ePpUv;XeiGB?A|b*N zh!>i@jw{N7QkjN#nmYncAOQ;M3In^I0RK92zIN81*4Fqs;5`&4g&@_&MU>C3`fKSi zohV|F;E!x!_;;tAErF;t@zOPt+~@6}N2eq7dl>-OvQq6=!BeM7xDf;UdH_;MxXb%_JWGkZ)aY7_<64A6_qaS?F0UB#L1eoU2JI|~ zMAsS4y*jg(OU_XF4bgoDbZm%Ixx)e>=zgh^Yy7-?d~%=4kyI5j6r#f{s7E)KN;s4)^vQ|a;cgJL>a=#TCYR+R<7r7&?_oX`}c%G%0Ia|)}PvsAOPKz5o%^{^4I&oNZ?;w_~P0bn(6?OZM8let8P-=!kSMA&=S z`y@QPif(=tnS6cShT!Uvt=6U$1#3^0J_G)qe$Y`&E{Q&Z3MzmFhf;iyF3)mJRISHL71==K3;TL zhao)PbN`q;oj$2nH%5+5=2XolQ|vxlkARs&{n@9eqra#{U2Y6KJ8^r(1xojxrf%Em zP(Fs~A=O`-!nDTWE*HCU@u~QgO2V)1bjORPHi!05QlIbHH>i{wn5Qt521_R+m`y4$ zvF!Twuk>drhki;g+cvc z$e;7$KXfGSGy_3@)U3ou{hx7h45`5FMEWfh*qD55V!vn-XRd!12LZxVwP6PVPHY8T zxuh}2!0T>h+`5nRMlK6~ZeeI-BSKvD>_Uuk5k33!rA%mGnK?8@VLTHuUweV=j>zEh zL6XN6C-X4P?WO+<2BINsq_LRc)iY56~iQ znr6Sfv#}jg{clIG=&Nt`*SZ3Fk^iXZu&8FYAz>-I$ zJZM+7Cr);FVhpf=y{}yPGFSPH4IOV)xD@GEe?uxy!<37KB4x@5|GS~AtpzuB1NubK zy&h7&I2q}T1~h{ZzkThKU??+1fg^|b0k;VwM%beWbP*<*(2TKEu1`H`8+Mu_^YoB3;=Q?R3O_e1c$zlsJIuMiHd@o+ z@G1+%V?-X7-YWF#(6fy}iia6%%M$m>%X_^20%U|IDO=U!5!uH(4J~@c)d5-OH!SH+ z3cCR*Z0ZNC-DHWA*3)njd*=dp;oRU0g|F8KUHqLH*{d6_SYol6Bk>t zsZ-V_%6k+4a?SDY93=PpNuxSBQRfq%r9;UikV-ml zJT?wvP@Qj;4*9mP|Jbg$=RJReU$*aLtJ%ji|f#j9?^_GNw9$rzJt%&deJ=RoTO9(GgVG4||lG*PvT1c;o z*EjtWC$=94FfXredcQ3<`JS?W83++-$7|u6wf6|VMjbs@oT_?gPh}JJvGrF{ zX!_R$aQ(54hU}f^x$&}r%a{;jqWE=^2TGpfCg%TKSm17&jrwr6j#MwbZ$Vhk06QI+ z;rip819T@o6NDeI-srMlESznu1iwgtjE#W0**}z|AK*QD`^1pgS z@Lr|ERV@J*(aHfd<&~W5lzYGF8Z$s`nUw7dM8kP@>N&mC)PR7gVMP= zLTdiH-;RcXw)~b}4;hp-2L`W(JW;>)SGq5LXK-8NeQ)wD$QI#WgerpZ8Q&hqj)}1; z&oOI`cr4NEpFqudF_*)dFSm358Oi{pCk#KM z6flXz;gUOn+SyZSbud#^4o0nL^$PQ!enn^sU`86;S#1!?r$p4b{GJjLu0ur&SxA}P zZ@cJ1qVzH|OOFQ0hW^LnJN#&4nDandKDJ4*4!W(^mrC!&12Bg0-{St`9^FaU%PGb= zh=OOrNAc;#zFqSZx9Z@JALg;0c@bqeVUyD&Uhcwu`{d}yJwPrk6&g0m6u<8aDY>A0 z*8d)U^H7EGb-YAn-B2rJ7LW6Ny2YO4d9Ti0HyQq1gt~{J_&FuLj-Y`&hgN#eX3guQ z=5XZ(Uy$gwK6g^B-r461mH7I&pEI}i7ne7N$mkadb@e=QgR}oCvthqMwxYpmmyMZ| ze-|K#VS>(B;~HAf2WF4(z$4@6$RXGB-eD*nFSPh*k%|fqVOUpPd13(o1l%eR5)z*` zv(Z;Cy*yewek|AM9-hB~tQU_`q*(wr(_#8TS7O*#`Y9^!t_AnFDs?4?yWjT+^vn|q zhp&zg=vM7r>0_%MvQN&YXuQdEC0Px)yQ39>UV_+Q+XiY!i6ry=KqD^Xd*GAYuj|8Vt{DN;dr%ar~)( za6nJyu0AZSw{)H$AzJR+!=vuo&wZ6BIsLK`K*|!- z9Luk2YEmvhX2Gr|cVB5@%057v=VK+`>ivXhuxIO8zmGf^jb3gCi2i&adV81>;<4Xj zwK^!TU$$mjl*Ld}38U=Mt5TSBM66q@Or(_IGE(hvp;n{e?!8}t%iezAo=}yyxzKT2pp=xjPv$w%Bn+?zh?W}yD$Gci_0Ltw282xS#_&qp z{8_vpJ`&2_jrXh3oO%L6!R4j=fDe5`nP)NQw6oy5Dgvjl22cry=p%Eh22)Vi&kFtg zuUGzFcEjZ^EK$Rnv3uE(+d@LG!s4B#s+X?d{n{j zxw1H5A>mZ~v^=dRp@bg3)pMfVY;WTIGl3oq9=Fa5!1tMPriA%Az0nY4)B=CP=IhVD zT6+O`+Yw85P3Z(=knUc013+X@ilA5dq-?s8-W&-{{dRXM6pV|>ky_VX6Vk2sd|0&d z?~I*70JJvrlUpxLbOUnT8C^_#>g3U|0sm2~P`>EW;nk`sp(x_Ab)>(|qKsZ2sL-l* zH8@qE8j2gX`f-4kJcT9U89dI*aFLoVy1!rxbxGDb1;NI{YYD-#B-#H zx;WZIQzE`nLN=%Ok}A#D{3)AX+U@(8i37RdpuO?8eo=?Bte-EpE2q9T(I(V`S_u6q zB)HZns>=(;3MO3aa@2wH8SNrL&YlLDC5@;xoFRHJlTsj_JaL&E*aQx;cnSbH5d49s zq-bj=@2#BQ??HJ}(|)TRy8ZF$?Qlj~0_SyK+J~Sh(iNmJH!}|$+Wa+&jA{n7t)e6F19#|+O54LYr^|)LF4Cs2F5jy^qmmr5{l4vSHr$-O8%=a7 zcxORP&G+T-turoh&(bwvJILRTg$~KS$H>9sDYsajVc@erYZ5?Felc1U`>N6Do`U`9Eg03%rDJpKqdloOnGQ*3^U_HGSH@9Y3ccDu2K5m@ z1z=xuN!uKq`si|pct2?->Ej$2L?-m&Th#w)^&N&bN93gttJuJmOndvH(9STugGSl= z63%{+*E@+{!1aNH9v2aD_dNPKy87R>?k}ke2X;J_3zcWM0}sVQPmolvfHJhO92MvB zSoPced;QK)%TM#j;?mmn%1Y!C)m+`bgTbVk7Yvo$rdzc2^f129 zhBS6Y&kHQ1{LNqUp{BWdLRJ0U#LtkpubSQ+F{0tQuFuC8;S zeEr%u5gbz%WUigbORdG9f6imn&U&ZBTsMCz3$*Zdy5CEaTqTi^40gX?d)ysY-*;Ag z1>%sVG=K;uR4Oc9S=ftr_wl^mp@ZA$(z*hC#``~ps<DT2~uuq@TsT9m4C7aherN{8tXAc;}T1T zfD$dZcrBxg9CW&+bkOsF7V=gaDedtDB}FWZ5SxHNPI1e}MFyg4K#hDP|LFrNSRT88 zdW3Hj1vGTgEuAHv1Zq`}MbP6R=jPyWIWX@%0ErJ%_H(?ly{^X>rNBFA$s)M-K_D>6 z>K6raOS7)WL2c!Id(_D>{!;;#r9Ee`o?ie2j;7b?YvdCP^Bjvbg7fiDc%EMRYOVQ@ zS)T)6ba%BcbKbR3u*qMS>cm8EJiQlFTSJ z`_5$^GAKBKFI4OGA{Zs-I)3UhQSHd#@LI9lU5lx|V&UOeH~%blb> z=DqL3HZOOHpXKxVmI&pYSaTE0UCn?m+wmskwVq;7M#LUKB*4(Dzo!xYR^879{Tgy( zWpR={R3^j($d$^|7q$|CE_Dw&G_`(@04QYP5f|NgA>_BiVx62g%f}CKq&;Xs$4=~; zcK_KM(c&q(|Ax|j-OmuA0@m|{-Q*3`P}__j-r)-+kWEKF1aX<*M`kR7@W$-p(e3vA zB|Z-~vOdN%WR_gQg0t-xZY-U05D}idRef|CkI+OIq`lb7pGO-2GVQJjA!Tw zkG@!;8kZh6(IXySznlRL{4AZZT{{RvpKUIlUh9qJzU_9k(V@=G3=my!seN~9GD3dt zgAk%0=|`UUe?D=>#x|Y24ofxMHJ6H@4t2fozXr}{D9MP{MzH}@tno2UG6BSv zM5js@wC?ggXW0kU97VUHUX1nC!1afk#a?d{9Q6yAi}VJ+qdN9rf&`e(@u2E2?xmRb znY5?dsnA(KcR~ViY#4*5`@8XT#Hhu0-#-w}6L!1fJcX08C$TM@BF_b?^2#xz=ctSM zm)z}Ze1Fz{`*v+5vfRyIM_1Fw%#_5lVK1lpuuUg|?%@Yx&9E2m6}+gkZ+H4CFF|%& zp^$jJp}4umj-U~@x`ee}?Ao-aL`Lxk51*b+^84A<^H8Ca*P`P-&Q9)orS!_>=RqbH z`@6vxdNkXyrZnzhdHyb`grd0sO8canUNpZ__Upo##+zU_f%rT*kQvoh!9L-skF*o~8GNOrREc(%U{DwO66r{b$y~ z47I;gFw?P`>DH!Pec!B+Y^YnlU~e|dJdwl?kt^%-NbPZbG0lz z5G9OY3Z=fhCau@mH1?`u)bF-9!GF<=Yf>0Pc?IG*rve}ty43Z2e9AlL`+ z(!^%t@W~7QiAP#M(bvB9_aQ!LS=3pF3&e)lW9>yfaM3am@l^TH#)CG2F9dxokSL2` zPH!hGE0!Z5ZjvDI*C1zK{izS$kKQ^bhF={hHXbQ{BGj`JNqaX1TR zx(4E&QR~mL1tLB*S4|UNktI=V_|CMBrM{0CdW++evU|-qhmdT6Ww$8T^+A>(WIk-r|`%QOi|TPstrp$ z|K9uQv2*eTwZTS$i>n|Av@aAWNTrG0M>tZPFYY%H-VM$B+#3|>A=A3wF9v&u1OV;K zAja+Jt?lm8-aQBDyrbt&e+cg-bo+@=k+s7ewwO2=xA92mS!T)rYA)5mSRn z6@EFH+^YMy>~(M3Ym}RQ19yaZK9e|rroqE$e&hG0w_LGj>27?D*Rx&!?gbq;gS*Uc zsB!3f>N}xKLJ?UBy=a$L`Sus6&OYhSO9Js(nLImccKmJ7J0BGHw8E7+66@$z{iGnh z)Y+1g1k0Njh{o&8gE@{?8_Ld>yncGm==8pSm_S31ZK(W8&OnU#a~dsg6ZmHmFA)Xu zFB0ijR0= zM{ufs+x(r6X79LpSTT@YG|OkzdQCSit|zYYQGBR<=dYc)KG_thxb`lsK0YYW0w0T; zPvSgl@&@s(EXFKXcn%+@)P`ohMZVH^)8hc2A5F?8B zi^E!0&Qn7pXg5Z`4?s>td!BsV_cBn3A9GF>nMRH7lRvsi_|wmiFo@6G?vkKPqIo{; z$J(m#sI(yB6m05l-wN%r_XOBvJ`!t_#pmkMbM6ZD=@ZoK4ubvgV_Xl7T? zGkFRCXaD8kpak>>{|v{i$7Ve0i>LP4=|%W~nnXAIeA0GASABT^|K|S?XW=`1{GYi7 zpTjWyG)Qy1(}xQ;%7Q_laLZA5g=}k2u$H!0(iRG!M;##);EJWMD&K?%ycC*}X$X7! zQ+|Cm2!Dx?!YhU!`lz70GRJtoX?ncW>F1u`05egOer+^)Z}COq4gWPhu3_a`Azmmk zT%%?@8?=#+`U2CBeHK}(V=w8tNBotBaMM=b^CG*JGw&f_T0O)V4YSt?8G8V%)t?Xa6ROJJ=tE%UAJH-i;q=Q0PiF7z_}0%h$svuQXN84Ck81`e`p<(Zu)exD z^8`k@YW_|@76;<5y6!`0enoT)RKok1^9u52^Deu+?HB4gTMuz%wY5Ka?l<_Iw~$)H zBlEl8t@~@tJ^+WL>6wQ?@(`q^5bxLT76Q7cL6ydZ_R=aC^5F*BQF(O6^Q!ETF9Efx z&>RqZ8F|}{aJ*xERJ*QhGCvNPF}b_oix9*vnHcw%iF^(Xo5QaQN_6UBlJovNca2Wr z4g~&H_u=TgsJxQHt;fiZru92Lran#~zP&u$&bBWT8c3&;k;gg3gB(`oKp4x4@ms&Y z;?7vo&L@R9h%Y`e>L!vJyita{JPrmD!cdAkl82o1F=52b$kXY)5&eq(DQ2jm$%aSd ze8f~0pQb?ow^oeb2f2a6ab;o7^;v81qTjMXpil<~@u8;MeqSDjcH9fztkaVInc94$uSENp^Cvc~I z{5_Lyk~1n4NA=2C{lODtx#3&W0ar(@`4JF@+tlIvUbR}Zs`t8KoY3b^KU@(*Xty8z z*@AY3B}jq!La<{G+nbRRz&P~C4ToLzo-H2-_zh~M#}#5!s?Pr zB`U>stsP|gS5q*3GClvQHT-zGKUUzt&9U3Rj>bdmt2^>Z0hX4cU1^jkC$fSz>=?d; zYeLP8*QVqnCR!gB0#BJT^+m=k?~WN{u!Tx~D@PU7%=^ay2D~7@gb2CTytsqOOG&|S z|3KO3lRqoiEKG>>g*kbb>$PBXMJXNQ)scthn0@#~aN+Ebu~EavRx==dewq*SQRy~RHVLSEs>!jh<8Y&&Hn7@*YfuXh_|XQ371laezUl6kP^IpAi#hfKCo~({lw(*6pC$dTQVuDEvh)BYM8@X`%)?!=JY4HSLwg2Z@glXDj}%5zJIQPa~3cd%ox!9 z(xlV|&1Qu|#0^`q+`1v{pKW=kcNZe3FI582qWpuG4%@%y9=iiU!rWLXZHJ8J$*VIo@#}bAdWN_ z`@TOKo|w!Ar#-jQg8yBlw`0-ZAK^53x2P0}4_BOG+JRd8`Ukx6P z3tmESJEB6d=Oh&O8_*y~4o!PIm&IjT02Kpj9S^(Rx3=fgDb&K-NXsVFI*U{Llp!v; zB8=g`5z@Hs#NYiYsIUhtfL87`St#ucPk4{x5Qq^oF9c=bC*8^J{Si(e-z=6+((hQ; z_}ndFvc5!u4H>7HOJBF$)Uch52ieU6>P}yXAw}o0$ZjGZ@Wt-~^4Zjct!{Jge{^cI> zxprJu=!?Q{bS*v#xCbVDs+$7^+le56aa{Z9RNP9|moH@Y@KBq@%9Jpg~7Lc zclXF6hTW`Bu1*|@FB^`7#N+Y#Smon5+H-K{Vb9f*-^wfG-dJxT31A!9UW@bjVR5|9 zW=4^Rmu+=PSS3&=+is-SthicwK@shI%2b$>lvt^hePXF@aFy9lr3O~jDvDG0*kPJV zdk2Mr9`HbJ;|(ALlAFMjVO;f!^6y}s4uSlBk%vdKv&B&M(otB5Gy4M-4-<8+%jeL4 z;dS#oj=-B)N023H=Kb^M_JiWBblA0m1c=yqbZ;8Fy)6I0;AEjX{R;1&CjQe-%Q+(S zPhw1=S|n~iC&FHv&>Xk8=~oDtT_r;4Sc_f5-&gI;IMIT|eF85U|LKoI3HMsXnTa1xL~Wf{+tB`+uI{H8{Cjw4GJOW7<2mXbO%`BEG})&W zuX%tdHIagc`7%kcY$NJ*1kYLjp~5Iw$RFtd`oxn{X$VW7hmcXb+;^|1z?sDcQ{hg$ zyQmK+EMZ6s?~A;?3cq&}U|68EsCjO&K+YR22Yb8R+)VvKb>_$3*mPQFM%&;CwZiVb$47wRp(sz6G#ysFOI080Q#gc zFLc-ywXrnahfW>|XYovW3-9oEF5t}a5c`q-W-U*q%C$+u#@aHN0#=6)(Bfk1u8MRe zFG*t^)8{q0umSVF^$&E0zn}Z*Xut;Z@#Mq9WjUL$=#lDE@l(2g&C5iBjty;` z7oV*Al1WL}bp&I1B#%pjzGH0Yag0Yi%^ANZ_F^Sgxm%kE*SYe_sY_O`DYzMeV~5&+ z#j8VS1>s&I7KTMhlv)C_4#GqL0mH!Tc@K>)bI%$@y9y_}VR~PH;>qJZpXqC)gvL6* zk9_zhvVsA%EQ8!{-+n>TD+95Cb+~qHg<(U(){m2(9gH(7B1g0e;IM3E z9zPkQmmJS7-lJZewk|~0yBdOVqba5hK@Vx2|9UlU^HT85p-1_*-~9@Xx|BJW%@9LN z)$bRhMrrqH0ElKE0ftDJy#ntCJ_>)IV3logz@%lo2l(=!V*2}j4ddphb;jj2v**XB z8y4>c{a+$V>1HAf*chSHg%g`pPnT%_Y1F4A4?cn7n=X({C~GNml{fP5@dpCTX*Ym; z9qGaIY;%j(r_J#afuT3HDiWx-@Efmf5l5oe{z&g<1qKS=@PR1c{s*?Gl%SH^t~(@R zy@z#yD|KgZCZW%}A4Ww*ij;XQZfbVcjnbUJ23sy_GR&{rgzZ z06c7G%pbvJypIm~vtG1~#ijX0(b?xj;2HVWCz(w!ROVEyc7H?r>M~b;|B%H8{q)q< z5}N6m<@zt|x1v|Gpa06F;raVgf0a?KKmJt(Up3bz^@pYRLM$<2XyIR+6a1bxKN`gs zw0%=v86~@UA?!#_L;ehw$DWjvNlNW$%Fz_VJ5Boa+@F$0K(hCZ2b4Y5b`N z#V^wvS;@?c1_~ecDOQw}d(Dl=&t0H1={OQ48d&dV4Ki`ieU0PyZY)gZ9wpfB9BzJ& znW9iNWX^Fj*=i4OzJ&gC>~=LCeAPX+eaTd{!JB6vA}Yj&!Y;$HtB2GF&%|6n&edTf zwi1S7{spA|w$o0Nbg4chTRPm6hB@!KtQZ802`p0gb`y9aCUplISTBJI$xh0Zgxk@@ zmXq96lbe5Ofa+ibLABTizz@J-K-<4Mz6z*f;xngv9}T}Y!>=?J=ZqO?sok${=j_Sm z-U0<$?e{oZGod>D?PyfvTDI?01RP<2BgB4j_2S?>qG~h_@!YYj_DP;+ipg856@-vo ziN>p(-YJ?NEVy=UOhs-K;r;lykvUU(~|U?1v~)>e3*+CN<={(hO$K+$) z5ii>(#G5DhY2Eub(0h-w6#9~q^EZCTQ3*QwvwHjy6mQ7d_i&;}S#**ks&&zFyfK=! zASFIs9(Bsbj`x=JvAc0Dksb9RlxU)awzCdZC491H?@g(F5xy?R#u%MN4L@LM!6tA| zkhEBI3IR4W+j+L`Thm_det#mzo08BMyNBvhH6P@AlMPSUEH~lVO#+JK9@F)v?BO_^ zn!7BA(=9&a+1vnOAK8))1m+Y6f>Hj+Pn#gH^$Edk&J8SaH2wud-??T4fPN5fI_cnl zu4fX$)F%pJG(t(vj&oRN9DFEmG`yc6-@)Urr^>F4{(=EUrO^jf+~WX`UgTU+hkF9` z>Kj5uDmgPLT+alnH~|C<@XUSgt=9i3C>N|*d`}N_fsw16kT$5plhv8({4NtTbkxtC zh$LS(*3ZKsyGy)OYc`)&hJ4&=rf(nLEAPSEFfJ<*k@j7F3A zJ=`q;aa_-oL00dNd*6-&>#B}@Y1Z%y_n-_$$7)`jmEdyvkxpRTGTq5nZ<(C%c5`jy z`Y_$`bT=B~OUgeTyD`Md!MbjLWK>)%&0y_&tz}z@n?pz4J3Z(OIAS z@56ZQ7wuagI&~m5;}Lw&XWv)q?lvb|rNT^NI3o@f{y1!li1{k$Umku{0b$!2S8E!b zgvn@`kQqU*ALYo9 zW_TOZAaTBxtuz?m4FkNF>Csg(;w|#`yD|M#39W&yF!D=$p_dWcQc2tA_4EJ)Xr9@x zHc$M*yM*z~C!?&mEhY2iW5tgl%Z>VM{C8p~b?TS4YZOE&C-zZtWVMueg_G zdj{R7%kLdu2kSk<{uZCT?osSDzx}F>1<>)GLRSDtEIc?*taiJBGJirneR#cZkRx_& zu^q-CL>u6$H()Q;-0yhxMsMRE*DaWFFu_PT7(uGx-2npOA4_MpwI~t<;a36yflC2d zMfUYh6a*DyM|k=P{+=^^rrQk{imI&4jQG^tqWCZ&hv#zQTtfZ`Z(~{eS7S7Z&Hm10 zU{G>II$Ui2*<+o4Xkj^#@F<+`w8aV82&cBYlTcH6{KB=wGM}D#@JRNFPiS22eHxA^ z=4p^u0hT)7eY&~Kza7wXSMJ_KCD{Xtr3k+S^LUkQI~Ztk`rvXM2Uv$=brzCEA8oH@ zWOz;@Gb4X9?Kx{16)oHwdCM~h2*10vUy-SpWcjDmAC08c96P+;#kNio`BGhE2;blA z9`TC#!7;kxT~`*xSQ%(`#95fnm~5S&E`ftalgo7+#WNg}=J#uIVC}#pQMaDa{em}X z?(xB9{!|Zc!FT(7YK%swXZ#l50Tvx85uZ|M`68Z>$cT$q82J!3@D_#! zP=8&e>2^~~y5&4lp3yETgg=HnCe~_tmgd!zCFmD?a`~|g8SQ!ywFr7_UwqGdxg+#r7d$ZQ$uiHUbju^5QmvH3)+Jq@JYZ#4@0t)9{xR>g$}h z9G}C;7%Y~)eYhi35%Z@I-Kr5fBbq)AC`K z8exz8+k;(hIR6yocUD0deHLb{t8Eh%-ZmQk>7#^hqifRfB}depLdY~;bD)^X+A&Y7 z6sA=jdn>Z%?58=t_rkL&=|TRxOxMq1orb-DIpp3Oo=aFuzPFi3M~HFWYa5mtCXU88 zdY?X4<}h4TT?BBO{sv^NQYWG~RuU8e2D>To?PC?d6>N(AUiTz~u%A7cJ&^72S$`Fp zpbJQXVIWT`&*y95u`Q8t*$A)OOX04-c~JJ4W7myQ24VX1F{VGEdmLJDrSA2L4o>Qi zFXM$-rS6MG1iUevc7u6nbzwyeFX2%-dp`WPB9Zs z8EZ|B4-=8?UbOG`g5E{eM;=fX# ze`5kcE45H>jIv5EDyahWAn+9e@g{Z+6N=~$b^5J-*WlK5&4)VN~fkn#1nfF}Uc{nk0M zmiMqz^v~3{7ADulS&L%nwesQ+z!O2202hNZ8qE^20|(bYW1nBzGl9Ot0gL{@7ybvG z`_VlZ-NwqSeXdS>uYNAM-8mfDQd;ZlxCdaM%ce+0fm_Jj8?jK9nkh2J@s8{YX-5dygeY zw3qhSP3K{I8TfcL==>=H5_paBM-)liQS1&*J$ScZf)Vf)y}njq-EY=gFxLc4;^-NE zyb#)75ucRMLF14_NWVapF>TOY7sBj*I6+2Flo>9F->E8EYCisLHztBm z7dTs-JT2KwdjIme76HR`-Z$lB^i#Plx_5vvcj_X#Me#zkoaQB}ivY}9`ii5LGVA`iDhAsBtI)9}1)%*7KWZB?sjHwX5PC0jX`fK(|_JtgYN-nn! zfco6vD(GF6iN4IQpxw8&`V~qF_h)<+d2gDRHNWYp8snKJl6KrEyV{oo3?11Y3R?5t zr6S~i7Guj1V^TI8Gta?PJl~9R9I)flSl}=BX}aod z%Y80)a;-tfQwp{Bl?X4Qg9B;aPoE(;tob$%Mx4=kxv#U#NWBpf3Ae|0G^auaJsarF zPhlbx6(d^0rZFXn&9;32GO@9Ja&luZVwTUm>C9?<_yn<@)9Y|n&o(k`FksjhETl8! zFigi^oE|?R`T?kv8JvUjl0w2UY+{A0Zgbac_dvrqLP%_EzKY;X4m_kuwv-063yT8O zmdsRDkLX4;DDEp>p|j>j+Zf*;Bnt-irNo+dO^*q16~Vu<7XuM&aZ&dK$=flzZ5u*bG<%~ZF==_Bl^2Dm`?&+b0V4Y8oe z(=9SwU??klfx)CcuczVheGR$ZIN~Jlt(WYNbto$MDPCC~>B$kJhDhsg33ohD3yof- zyCZr@00Vh7@SNVKJkZ$7$Go$1F_#@0S+f5uO$;82VB^g3xt?z)qduK zPxY*5Jy6Ybvp%EdoalZKFqO!~o19Tx`fk(1Kt%&K`ndB(prjhM%)9TtwtE_8*u%)( zyGqOWwNDtE`?Zk|fOBJVm7dg2$`oFQ>x;_%PYQ*TSEzFC+hQ=PDH( zTeCO{;vH%ixWyIRb)jJ~$BB=w%fa)U4$dMir1X|Fr2KbJbj6vL*-@pm7~E?wy#+Kp z2^M}m8X(LR0cDD~gMd>-`P zS@Z4$r-a-XD*i@5zYG2p2+Uz4Y(9(?SDm<iIg<5YH{{mSxw+P4!&8 zSb|~y!KU}=yAiqz)Q^1x0Y!R$g#1_X%u!D6;nz%_qU$&risH9kPIj8Iz!u&iSsU>U z%*vg@n7bo8g&)e0mxO}E+x|wdv*2v|NOaB+oEz2ny81mvS5FP4HlEoYw=0V{V7Z)0 z(DFpCy8vT+c86}`p66KKis^|Y+=*3Ix=N`h@ztd36dd&V@!iZ-$0UWLV0K*VRmqz; z4OMh*Hjnk$m)=Hvpcrs>)hR$I_v7vRx>LbeG;>gYw$-Oo=1f&Ref;j*<&6Nh@bX+{ zk%?wA{r=DpttkjP<3x*!;ku90MWC7Zm-xAT<@u#JJR5iT2~7UDOE3M%2$n_WPK{kd zdMP|iQ`M%yXiBeE@sLBSW5ZAGmX1Xd?=OXf8Y|#G{y9OkKA}`qO5E2`@!e@h~2M3guckjPyVN z2#wSJxzF@gHTFA#jBDEZyDo~4Ch;o2;C@^Gc;4N+-k@g9hOJ&M)Q4#FM=%6EsM;&& zX>T4qsB3UXzrkIaPq(9B9WuB|(zgbnlZae%&1{!zAe$xDEg32V_FmD9TRCT#N?Hs{ zOwITCyoju1+1>or{HQqj`=SciW_f9I@}cFJdxbS%n@2|;V18fww}eRD?DKBwfZtAM z;J)4|lUX)$=Z&<{1|N?-jfhD;Ddfx4$B&vG=>>4o%#=WrAZ0?GWYePhxH zc$|~q^d67I+_tlFUnP8;EoR(zju8b|nz_sq`N(@Os`%C(Q08;rU34I` z_2$47fx@YwyYEZxv!xsBIq})bMq3H4A%SKOZD_Tp6iOng}{Ca$DV!2E&9Z> zfHd}+0Lz8p+plIeXRvOn&uh}BP#JDBwdv@_qZjIpqX3jD_DG+j7{G4n&Eeo6Il4X%b$g-TGxVM^giHP zKOZDp<~~2`Y^}dpIeCTitRH>``L&1UV;`gAXhoFwP^gQ?`v&~%l2pwOe`+TYQ<{8$ z(7d80?_DJxQ9b%3;4r6t;Nj2)0YILxK(7hz4h%XYusN^yB2W?^6o@tzI{T}8V zEIHVgr{BO~q1-KzZgQMB#PgwTs9x)M_j#oY4v1z}IB*ibvA z3&-lW-y`PI^x!@T7`CrQ2kx$>peY(XIk%2lYi`f*IrH zkTHZVh2~8CtmMD|((P*S$(1lZh}WhX8y50X~d&}pN#|y3Uti> z;u9>1&)I?a!-_T2%6UKbf+a_u2KYO;4Y`9`$FIKJEoLFCF-vkva;LnZ)(*0@I>;6JcP&Q^zRpqdcyeTPq(eC8S(fU zem5et^B4*)=ELJ@CnTQkCI$R+FELDI@Juog`@Z?sQh6z1F@Pma`LlnTB}D+7@ouun zdGCNCAJgl6hJu=uZUqmY6Uf)tVeJ@nW2@N1}U?-UpOCObg> z=mSwED(5uhi?gSj^N^oFS|O&VZvfika3G!1?Q3zdAD1N*^hj>;0WaK(W<$sNC$-cCbsqLN@(&KJtGe-?f}to(MR-9VR;{ThC^v~a zC}-k#>0m40{bd)MxO;qTXe^GjseHLT1&v&pf$wJ-&yIgD&~xNhO%M7#l4qxjjTKEe zHfD6a%D>|$rzsDPD|n#DGchv4EBhC!UAW%AK~qicSbk|D+P0M^UG2+J!L;K z!R|{=PnXA)7LT%#dEM@wB2$y~M0+dqLi*~p=|dV|C?ll9*pia-!V}CiufJeeK45xw zVKXctb-9E_ASCC@KI*S~?(g>1NF6tXIPx^Wt`5imNV_qX4AYEBB?phzhguPMzA_|Z zIrsej&Eb!(ve&79ALh*~R%NsafjFwhh;od;#w%Yln-JUx#Cwv&6c>W+AGbY4WS^~t zU-F{A%U%(Ls?Q%%cvQOLAH^!#j5K+;)He{^``*@Ha%FhCdBXS+!E?kNj^c;c?{b7o z(Qr?%PUW<-CWZB*W zy6M2_-cwUQ+s(b~l-8`SU^{MIGhLw!-=Hn6^ab`y9W{!aE*bgc7t8^&{#*3F_##Vb zhySF3X-y!HU7_g4qnuO(cQo+;gSDq^q@p`euJcx>#-m?+uDhpA*uLcYw6ZjR?c>nX z+zySEQ59w7jhYG)W;%E!e8CH1F#bT-wASkCwdBWHT9Lz%jhV52Roa#Mr7r6)$(=r# z6=(Z^d#f5;v~S7R0r${D1MYWR^J!JT*#TJ*H zzGvZK>7d-CFp-0JEnO6AvgZ*x8feF!%;QKpIHvH-V*biZck(bIPO;b=9J#l4x>s+$ zY+fIMeigynqYj_Tg$Z9V>vDm^KSz&6Uqxy!$IT``+2@s@Aa%S-CJ&vVYwOIq9GJWa z8$uYZ4#qg!kHTk{DNY6H?@z7nC7@NnuiIE*w^h9AB>O}e9U(6##K)+`RLnnF_CD#< z4?yeB<3=$jifmk`<-Prb<7n<2oKL5yy%NOAVbCnx{rE-~Q7p?1^$^K?GrKbyvXRx> zpB_pVT3TNI<(h6tDPqVVv$*hbFLdt#-7^LuqTr=a4jhO%5yZc_{XGx2QDkSF1^Ku< z&7GORc0&uD$^vs=sWs%Ry4&UJ6D`7@dPntt7F*$x#N?6whL96Q0#b!KP>(@RAyXLLw%cK<^X5EfNBs;nTF=^Mol7gjTlDQF_2#;VHU91nIAT^k*nGNx)a&(h&Y)WwS3zV|?Es zv*DS8uh>T#BUR>%!HjD8BbWAlC6zCF;QC+O7&@MY6*djY2Yd2{9KsX&X?)M8UZ6hv z`x|4O?F)rA{kTUa{ zA6QJvH(%ZlDUdj_K0o)>vMxWNd<4k+ioPpdD#coM_g&HTTU`9{Io}gle&Tu4eM{&D ztm==BtKgC)7jk9%PdF0w=l6(M6t_w_K1qW0g4Wf5dnT6DNuR1`!Oc)v=>Y` zkh)Xha@EkWtr@4sM1U8J6-Wr*<^~vIRZ>49SiR-7!Njm1ZxzSeu>JIOLcXw$9Q`8M ze6YQ75YJG%_}m_(w|k~w1x3{87Wx*VKv@~#NvW>5M3bK)@?1+J>_(9}ulGSxuaFFI zG1duU91h+@_GY&oawepc+m{EMeQTQ3&_%*E=m(UKhbQeEl|9J`q{ zz5Iv|APZ@4{1S`~`5*8_Ion&fwhHII#Cyty1EMl8Hck=96<1v}Tq}AZUqEqFGd{#4 z>2<1FqPSuSu+a7e?B39(n8Gly+(Q`c;aNQ`qgy|H7{ei_!u>QLvPV(Y!c*V-Y{lfm z1>3aWwJgH!HgsnLcgAquL2dCjiEcSb9Be^pPPl#_#X|YXMV;LVo=!YPKp#i29$tVy zbmm@o0C^R{(@XiI@Aq}=$jsPRpN*qTECX8fsu#;Pw)okooTtgXY*WG~dvv}R!vO+V zTEfyjYuh@Y!f-_iHzdj&@f z+V|&=%WvD!<63J&e1HeWBq5|JjfOxF&vN_ZE|4MJ%y?2f)On%E3Vy4N;q4y{1APE9#{y=E{m*{3ha@zG zdL%m^_P8FLoi4p)UTlN!cVm&=NVw`_rF(~gmuT%i(4O{nAKUBsbrQCLOKMo?&qYHANdPBgrbu}7md;A?J#II{Nv%QGw=#{&M}M6 zr!a=)jQyv*yG_qvXyDbyOQ$Zc*(M@*?qItPd8bX*U4C7_zL z9+J2gvEGE2*}QW|XYC8)=`_IT+lu051J%b*(GfCHi-Utz0OJA@{5uEocshYTBf?Z4 zsLtdL6mG^t*g8;oa4e(YZjFvnYnR$IbILt>A^q8&nRjc@*YH-3r|DRIMBoR`&b@5D z53zk*eow-_>Dm2e7!<9d4V5~)%41Z3hmn8=?nkWRf!lh<*b`D~_}iui5E~1tB#oLG z0N;)h)IQ5)r(<^hM8V^xg@WbIXXO?g>LvS*`_Jq9%YxSGXVl`UP+18S3%7&k1&~V? zLYS^#&0IPRJaU=hX{}u|mi)))(&0sx7BIVEygc|}m!K~;)oZj}yBepe!qe~l9E}^v zu}mR)E#xySUlPEtqgU2`iC~&(=u!%aWk`utPKle@sAOfacfEmQVBF-b`n+ImtkeTO zSJ3n3)kkNQx8_-s4AAvn50c@2&7r}=UxU**NkosTt%@U18SL+1$}}T|LEiDNHz{pC zK)Be|qKJqtf-5poc z@M$)+nJ>NPt60%Yek(K8e#0+o$#9_Q3G(Jxr);yk-TC&L{JHue6v->rxjpKIfawF! zldCY5E6Xd0R-;!OjO8*97v}uoc@I3824_XKx}G+HaM6;-Hes0n=fg4ZO@$s%>nHkr zstO&GD9ZTydWyZ!fs5<@L%g`S;u0+xY)Eb0RAVwCJwNmaOdwFP=2Ik|y7wK#Bkt<- zulPs_^Tp^~H99xieSF~!kWqHLgGQWU5R`Dldp)7u>#2*M-~Pd(#8S-;eRI*)oSy>A z=dca!y7tC%Z%~1&SZG%JhCI>_%2WW?UW0K3crp_Mc$we>0Z2m~d;RG`g&)C(g{?w{ zZM#!!z;KHE4xNuU2VTH#8JDIns+yZ-E%l*chf&&dZx`nx>^0EC5`LjhCcOlca%gj= zFRlB!BxdVKvy|8SZ*gZQi4QMS^svB4mgTV&k1CSq;TB+fz>(K?_0<@Lgs4r-t~boE zi;gB_yz<#~$1W|sWPG;pQM?;kngA$!2$CfUFPc(gq#3Ft3MR@xc>XyQE0;}fA`GfD ziHTI#b1YIZNbe&&Q{Fm*?Kx3D%JjdHJsyQX>mS$cd1DH$G%}!4G-t*p2sSPuA`(D< znDR9^l}XV5ZRkTs{>kDxvlHZORJnIuNIDlTi74<6$CGauVxFbfXHymi|rU! zD`M-E+T#>tu#uS3?r%-yiFIW{ij>5(J8CzZl>x3=U9PC3U!`m_nKXQFkyY4)`zm(` z2I5%rkCs`A+`Ll3cFQ>JVxQ?IBFPNFmE$58<_>(F@`$!uu>(8u*KxYaJwLbB`CB!< zdyIP{0vr(kK#Eb@Q*HM(8slu2P6?O$@o={kdxe#@<;+%vLN}4$Lvo>d4%_Q1=ta|- zep0iKTsIVi<_KQdZR?|>`0~^d!Ahi@=r{igr}}+w=Nt8X>3f=z!;YDE;)_$zP`~9= zdpxKfIV>WTRV#y5Zal}i-LKQa5f532c^{HIX~~bs>$82mCnHYYcvp|^xjG&8`IaJ(>phPGByve=LKH1;(`|qtNr}>#)PKz)5NRH-lrKLVvlm~ zMd0Ut57*y9*g4G^sf%OY#|YWNl8~eetPjsl?mNCDf>!0`{Q7#oG^^L_n9IR8Ejgm5> zfIbHg_*;GjvCtkNE#IG)&N_*j!~UA3cstHw7!1Mz@+3Jb8}b%)ijLLcB;v`^p_Fs^gQNRTse&>rVqFg`bh&Z)%QVGm3|!&!R+-f8J{!4 zyxHid)=UCPEAayXlL}7c(bhX@yPvr3(5jF8E4kmA`^;q-4zm4X)ev?`07bB!67x_} ze@g$JNuk8TCHmxD-?(zf&;Fh4Z_CEDhYpuKXotpsT(#_JyqmlG3)5%bT$OnWU6BVZ z{c{Z9EVRVVn_6UY{=~T+e;|5eh9_G=EO$OncG29SS^st@crttL5@<^keX2%m36VUx zJhymvhDMedv<5ti`9wB~efcjpd1G4;Vc>f(nilscULo;&Q^ZGq?F(S1?7jmie#I@PHU%;jk`enm zw19wr9){-E1kjdn2low;e13D>-@Yf3K@RU_m-xy_P#w`YabGrZzq&VgADBP(EZDu@ zXDZ5|`<*Qi=W5p5zo4Y0M|nTezZ&JP<4P&fnfrRTrG3^XhBwssb7#Be&=r$w-UQ!g zuY!3?59M~lQX$ay7!5wHL%$N37xvq`W3crMx1L+O0oK@0NP-^G+)ao|vS!*ZO8cYp zbAL?DC;{%=Dc07lGT6&*+LoVXKR-H98RU7$=V-1zWp~c~{AP%`M3-2ED-oI^6Gok^%x@n)|MdA(E%6`}fjR%#J>)|KE!B6(fy!m)`z8AkY%K{Q|ZsdZQ zJF$4AD0s3-;f>BQdiV=VJbNq-9~V)kO^lcJLz^hisZPF6N!GJMivuP(p?s27 z@GOx!tQM35NeA!KWAYX}6P^c=n@0&kx)V6To!SBdh)4b=yAWM~`!c$Jh2f#jdQ{AS z_H{!0_VYP1ElJ^x9Gc;njA|TDCINB%vAIYVOQEzIzwi7~A^S}|W3KHJ%E0dQEa-v$ zeR08PiW9#|HtY7a)0gH=^VpwgZ6}2}QaT_#cs0N)_&-OV7;g;XNLHQ*Y~Vf?=PvW) z=yAxO<9(rZ_O`#j7ZL)hUFWqFUgP`LIfp(m8Z?g`A1 zF5vMB&n0#vD?$X1{U$xXCk4Jcp!8;{Jn_ebiJYEOUlr9~nBz5=-WQZ!9j$^qef@c; zAZcOayhS6Oxm>B!w%Jfvc?EBBT+8ptXz(kQ9XOa#JTdHs`XXmRAn}K1h z2sKe&o!SkFy5eIo?DVD1&m+Qr_~BKbJtxL3`}st7mcnAguD(O5sy^jNLxfFU9_QFU z_C%guZZG)h9U|B_ZqB}HH7VR-Pr_~EVZw&nCjS)+mTcqAEczOk1MXun+v2a!Z(j?t zu`IvyufcKm$4JW3mdm~*jLMOm+Knq8N9pSCgZ#B!Z{~R)BCrW>vp+x-ZhR!ZJgUv@ z489!WrOCDBZqKuDf-3_$=jZ{gvW79Ku>xz93i;UOPL`do9{mUTvwm|7DgcfWZ}#!1 zsm}YdC|)JO1#fwVw;7&-%&BE;nA)g48o>HHyC8;5{>Y#Bfe7en!c2J~XFRk9r3))E zvPJ7RrGNF;n+Po8I=tiw@37HX%H5p#^+Nwh1H>4n`}%ggrQMr<nBmAU&?Pyf}r$DuVO35kil^ z=T~hIdJc-tIxqc8VdTipm$COl3b(l6xhTG|efu0f%TL++oq#jG>oAjbuHO&!iwNo< zuKOIsMMZc9%@I~`o(_fSS^Zkq*B-FKz)6eN`N{xhYw8x?^%@FhK~~Ebv|L1tuJvn| zG~>HV5T-vl9L%umX1mjUnC;mc;w}^Z5g*5Yh-8 z)#dVgs@BP4u2r!|)hDtRwes8(-!Q5Qh}eMY1ZliO;p=>uLNjprG{t86&j(3cVq(8| zNBOm4rN&YuL;UbJ|4G_DAMW3E`@xv$%5rPTcf|(X^Xrsdi^Dpq&G@8s{>PYqzJU9y z?_`+6oX?@Q>PO<`O1=jMN#Qik;Wtya5eQ6TKqZwa-^58nlmQ`o1-D6m9}%%N75myK zU(snOEWdkk{)}_?eLzuj*|$@(l&Dcp-4g0~LH(=8JB&hhSsSF*o#5(pFQx7E7nxYX zC;!7UmKT)IZWo>EDOP-2_d00`sWRrf2zapPL|^hTLaYe>O;Lmow4%AuGkb93O@KaG)Bw)lnvQ)RV$~*{LwigYzpx zW|3y5yht0XTL}z)U7HpIJca|+Om-ddcUTUJ#!9~1$zS5*Q1_B;#}%lysS`n!zZ5s= zV(ypF>G9W2b-CP3l)LOREM$yJso&mD!Bo8aM0lQNzOUh?jg6`Cn8Jlm#JY7~4hRWj zESJB_*9f5iQWAmagx-ikBC3R9*u&1=pKd=ywE94;&l_y%_}?12#uwG{I7=)rYG;o> zm?ci=PG6LBYX5=wlBjHD0*PWlGkMtF-dS-Ji7LHd{T1v6oLct+T`GT;N7VzHjSo(J zh==YO{`YK8PwxR+tj*I4m4sp0pwoTX2JH_@*VBh*w!!0%3spx-Rv@K3}~<`#Zk(fBJrC0Y!QE-4Fj(QRs|t!1{sUxGB%af`gA4qy4l9 zCdzj$A+F6%iI@Fw-&gs2&b?0d3%<_5>3Gv748Z0Z3mhI0xyjv6gsAU3hM77X%J&qn z$)?QTh6mdPD-<4n>@>1HX60OWAAGP!@n~aq7TkrKXk;w51XxY@VdClrlexS`wM}(B z+^3Rps=cgWk}eC_Wfz{v2Rbn7hmffTsmk(gxo-thkS~V*+dY?@F(asjEZNfqyaS9y zQb@d?0F2fjLOnKc$u%-9*EY;Og*Y{bRQ{{CzuJ zc{DRV_F%=w^&rT>WvD*KJ0-w38wM6J9klyw)+WwkTO0B)TAu5<5yEO8RKm6j#QufEJ&yA`J+VE0?<*2g zrf2jEp_wSfRV9Okj5~c+gNwea!;1n|5INbv@-^Box@+#kxn4MnWfG?x9jz}zW?ke` z@mPK2Re2vFH~y{K!dd7_8BzPqQH0WX>;o_ z!3hs;icm9MRaXc86FX zY9Yvn+mgMk!}4}E`Nv3;^2?S9iH+B$1dV=r-ZL52c=>cGLK#k41b}`o|2C};`#qz# zhB~1CESI*`Yn0)Ohv1EHK$Bec3&J-@8`)En$L_#x&u@KhZ$_ji;3NIi$FBpc(9Pr9 z;#e)&9ry2)(byIn)%f>=Kht{ysZ}dNM$(-Qg%|bUdwluIgP%E>p*s#QIUIMCwA}30 zIdZ>bOI=(N$2?kV8h=M&F}VG36d;sxtI`Trqaq^>wPQ`U>`dH32&a5_)BsfHqEH&<8coUXOnxatlS*YW3Q3M@s43G1TwEHhY2T< z93KdoDXT!}O_Ck8f4=>rmiw77v8J;2y<(vT2=Fuh6)5(>Z@;F=&3rst0Glu!v)7&5 zed~rW4X~NyMHW0=?xEj!Mq7K2)Lqul?fPPm&uM0(GH%=R)H%MAns899eM*ALZKW%bv3pL*qGs`qW^cleRa$Kw^174LQ^Uxkg%ua|wbpq>h+@IjoWL^$={ zMU@W6{X(wo7a@&gqCz_|YwhJ=rX?(8^>*j}U`3nm`Bb5d&Yi2ELp(H>%<{$x?gF@D~XYzy9e zOjht^fZ$6Qi&!njabJ!c2Hdq$heQ{=uFEVNcFR28;;o96$REyV`qEr8T#_4#Kj-~A zn$2tueSKdCV1+2o!DZh5lw$L5`9x7$L8Y`tm4kuzmJV#Cqn#cYk(-=q2Bd<8_aJZ%w;G2Iy;IDvJ?ktIeCJ z8fG{mKBIpD`QqCuYWk@m+`q5gy8M6%kx|^Y@pX^4TIH+lC!J}Rpnsr8p4iHhb@|?A!RQGv^298L z*+q6^>w&)>L_N*In+Z_to^?)M2(rn>!JrNJ43SiN9Iljp8WZ&_^3An5U*E5{|HC`A zLX{rRVz>6dKz@4!l|7_L$M}=vHYa;yhA74g;r#C4U2a^rR&T;9-uqkYP$}-KsBvI8 zr5LU3m)(a{82P}BVTro;4Y==YU# zW1kiqa$NxM4r_{MttPh{Q9rvtkZ;DNx%NhpHD@vmFGcWLRg{*%e zH*+VJCu1oBWw`LpP3#Fng zIjxC>SZ|dU;jCv2YM3LY8DUc|r4~l6>7V2wV4svXoLn7>ONI~|4&4A5d1}wWr4iDz z%U!0whi9)@s;p6H1ro-uBr=IE6xa$UDve5V)U@@uK9@MCKpXZPK*!1{4 zA3~g?>NLGB7WX@b1>``UE1n59p>GLeJe>>0ol1&G4SPW@rOD;>mb&B`6%})Qxj(A4 zq0koUu8NMqckEq5_}Vtjep0d*-7@8kzA*o>Z7%nQ^%FxoYFFTL0(&S<@uoR;31F*o?hghdt(73HTelXhhq^9uudmt zm^kQA_6dUhc@TI5b#Y-!VxQ_UN(7)xgY13Sb1gCw%e-D$`No!U!@s{y0DTC2Hi%Pc z-VE(?Akk(yd#P#`{-wLI;={VKZ2dgl_VD@Q$5Z}-JpMJajy8 z)RQkfcV#O_@L(eEzu<0~vSO{=ki#L~mwWw#bvOxY(>AGt!y&1jr$~b9GJdLW z66>S<@-)9V)2~pfsqE18NqzJzm=yU1g&ggK-fj3*7*_Ken6v%rWAa|pUER|ij*dSiJDrVGJ=B!*l6lN!j|sgq z&*!62XS4T?*;Kve+bIh(O5Un!Lt%y)coSqZhE$pptuLVv~C~6CaFqU&bzSBND5_ZoZBhJjk8;vA8tKfwc~;p(+C~ zdbbyqrFd#}+l=V;wSIZZYHbniR4@7E%{7IJKm&O-5u~^23$xZKd#h}}M?~&5<||1~ zoIT<-pqkKOLphw<9~5bOkP`L`N!t-Jv{XxI-)HfF5sAV~`~Ik2UL0}iuG4&);A5wPdQwshqJX}?iUbJ z3AH%#j$gdB=E#5UUaDAV(L?*jci9lNoOsPyhEwJE2ey1_NedfSMgNIu(_RFME5=3g z1bY%S?K!@3*z5g*v|)HJfixr#5n{fXzIxYfS&s}nnfTzl(HD_^ZvLxO!|aP@(+XrP zI;pum^1|ogkCq*wO}h|9zWYo~Y57hF6Hu9UukVnLlZW#W_rx!?q1pBpq&}C|cS@;R zDD1TWlC4B8vAgC{9%k*0`679yQhDz7>WPoS+Icd88B6xGe+6pgeP=tSzHS@kpB>tg`MFm{I*8e%q zMXz2Tg{wQ%qx;#SE*avgsC^I8H@(6GO(x6lCre8KJmcG~Yw3mwEQ36Dx5>GGzlz9= zyiAT{%c~Tvzma#Di0}^nEPsBa{5}?z^HyN5KSL!ez2-L-f0@MH-CSSNJF24m-l2pA zu|oWuB~O$h7B}mU`3sfk}F-+S{R0AV7wmDQ%bdUiRJu z;WWO%cOhTypTP`Dai_YF517Y<jSYU}Qv6tyFBlPiX%%rjjSXDi4K}=Os1UE`RwL#{SyQ|B{gur{QbFkqaM_d^> z5_6t#Cp#=Th|Dj>b;?ZmE|{b*UTA?WGqFw1)UCT)9m;9K_BeR)(?Y-oF|Q_fP95Q& z0Zgj->bSysfL`@ExnE)8MlkN94va`k3xksx`>X+WN-_@!J{#GAb#u|bDFN^+_SkKV zw&5$0+~zc@!*f-7`;8s1Umt4s8tX#+o1<>t<5XuWz3y~bDt$fn9UTP-Kzw|sRIf0e zPlW``OnU0Lj9WL*y|_m;~;b1jAaD`lgJo@SwjwV~XLUaVT5R zzEM@#lKCThS~{7TJ$MDMPdBiopm&^}itn*5%m_%@-2CA(sY-w72en$Jgn!!GS31?t zEK-6G1KBb5!(X^SrMd0-K zE0Dy#R*<6aevXN)4|x-sDhNEtoOE z2=Tgj%C)TRW|5rgeI`aZj}`lMcLVn>ikJGbefP!3I?uk*Rj3rH`xSes1%f@^&*j-e z>!y^j$E50$0$j$E_xo_~6l&ASIZG8G-PIQlAI^IhxZ8guUDuYPN)-Jik?12RNkAkh z${SfF=kWEj=~=69(54ZKqUwYlxR48hb77nl&}=?z2_QN4P|CNe$#6iFEvB6$7hqDu zk1`Ri%`)>7ZX$;-4n48>5p~XO!mhVJ_<>u$r`Q?dTeR=7HwxZtQP{}E2Lfhn1tA=A z46Q%-=>q*lyUqQEpt@wfAHqIo^i^iCJ$4HzJ{D@bf%A_4FHkkVz6|FsWYT8=C5gO1 zv?)I8nbBXwx{VSf*VGrpLg_(}`zUV+xewEsh3XaaM6(RtIEcLl3xCW6xNSt^%!)Ou zbyBAuy76#xF3WP4%CO&lc!I29MCZ$D$h7z4@5~e6uiU{MVlTu4yOdz&wAn-fiRrN@ zy+F-R+1*2RCJS1-d4ht($#Bb*3f$v@UUyuyX2isuc5%td*}=^w&q&2PqAn|A4w}52)Ha0 zEmQrJzTEABaBI4Veg?U%bAN=fmh(lmQK}SXR^K0}={DJMAJsguZ;5IpZT)G*J=q&V zXHkO2@oI4qR$=K5=ifK_yiXdq!6)Y1-rpg_6OU%N9Y%g~--!pw;H|3VZ>xl` ztR?}AWp9vDb%poQNRyTtXqGM z(_3>vrI(+_`J-x?EpjanOZ8{ImDZg;ix>BHhkuyIY2=B1{6@&_kbqJ$!R8%@)I=sq z!gnCs$sTi`n`Q^FJD=;sN9ES(Kv>G+4$9#|7`IfRMm#`*y*cnH+n)#cUry(nGODTW zB<}^%HF)!=Hm2mDVI4AXSmliRqV;HcWL2^k>V{ySr4-ON2;znD`TRVhOR#V6js!U! zhH#@jkUGCV@yY<{p6uHd1u0S-U0ZolFIskChXUGoy6Cvz+yA8F)I#PO5)f&?Z^z5w zdZu2T~o?rL zHul9r4$2taP~MT%K(fC>>i|vR=E3jH^YJCUM;24cR!eO!E>7k}IRk;P8K^M+uCOwB zo|@2V;VTnS%pH1~QTyRYlb&s3KNw1aq*MxE(52*=Xv>vQ@n@&e?P*WEF5fW-zhlF{ydI6`BK{xvI;L-`qE(z&J$adwAfRW8GtIi zIXeH|*IGGU8YC5fkdqmx<4f1Qj)OO7Wis8etByYzDEiA@KTw5FKVco3Q;q=L~a_&skcR(gRu%fHfmojRQA zUKQ-BYIlglT;RxKXdbfGk0Y>qs9P3~;MX%&=Kq|=QN42%%=M*0{^03!Kp?hg;^OJ& z#4(OWzw(~<+v?tvI)B|>H~Da~Q4|!EEd;w&$vik`n0MGqiUnHho`1(BjD~9{8I>xu zdgWW?{CL#jLx%o%!SP8M#3$kb|2|#azQ3;iKF#Cg;u3k%_=W+vTiW51n*}T_j=^8Q zvs!<*fmN|MN#39C^y~c$rv^}6_8LQbIfmv>5EF`fe+vWNZ!&U7hFE#pf55~)9uk|ZE!$<;PGLkW0_Wf=?wK`0H_m`nd%EjUfN&n{>#BWKYQ| zCUtM{_e}a!Jk_Y9H|J2B@`+$zMeO?o)qMOVC7_;KbJcyg#@BZOXnudSK`gp#!#Tg4 zbE7cpeI(SUqb+G4?vg$+snRfRr$zPY@{PCd^vyY>??{#7T)#_gmAQiEm%=7Wu12RR@ zRHSzfV^m0w1b3f~($xWDGkq!%pVvPy?%R=;58nKz4mHpr5qvXnp&#U|-eHdlU$Z1} zKNw-)Ekhn|aqOqLp#nj8RHzm zfY4btUVK(3i+yu||C4|wKwbV$X%fl?5@_Dm9}RgrJJ~t$AA=?S&>BqO7Wb+l9j{Ku z^W&8L02|fbV=9^w`)&NFPMze}|BmH5Yh^!(HQJ@6?m6egot5=_G|vcH1#zD{!tX?k z)sfC}en31Ttm%UQJd_hacKaWWpx{2`o32;cao@ow)bk#A57A<}!Ep zO8cmzdmFy=(TN}A25RkQC%2M22~UQCz+&5Ae^5-wG=PciOCu=vQIz#noW0fO{cW64 z3C&tiXOF2i;iS}~Uv5vvS2>{R@2Ub8K=KncD3Dmf;l??2A;Y~{Q@p?j-g{}+So1~R z89PAX9;-?_+{f$o66qz@2-0d+?N_7Pa?@PDz1(VGc#O&W0+U>Buo1}y_Dgu5<74aL z1kfB$nQ_j^LSO@SK^?-O*H}LKuCAM2UOb3%c z+4km35E2E^q^xQn{aCfVCsNg8y%0K4zH4~k0P2eXPI7%>tb=A$BRh%5N~t7@kV1R$ znCV75gE|$fW9^NoWb;Mx$Hc9V>)~C=df!`OdpR9i!$k=%H5T=toQt{K72>2jRmKqd zO0M&+Ng!QhsWvd;ysX;F!5PKIgCU&z1PD@sWJL?n8Wa_!aws3o_rfz8mq9t`*tz((EqLV9BBvVwpf%M~P6M1)b} zMZ|AE{}l!O)p5`OlbePd_0cykyb9axHlKg~6+L@*Il}vD^7b|NQ`B8{i(Da3EH&#Tvi!L5A@4{@U2pG@DwUKGDrKBw|l&9Jb9HW>_x zXzXIHK9u51u|ch1Q=r@G)K)HR1hE4ZxUcBxHKYRdTS!$Y#hdwtz;rs^8)7*7vL9Ot z-Mr2Q!Y*lQ>a2_$g4%Q)G~T?qGlwe`Um(iGtnZ5^9`?OWx-}rgRU_ZL`~V3RVrM7-YDw8!V;7Xj8EAbZW5e0pa6(y?PCw z6FeIduS2o=w?exDNOyhDz7BxI7@WlrzEjXQL9n&oy$Y&L3_}+hl)u^A6AjPbUG!fM ziCh+!Ils%3L3LMxq*J>EVQWLvW~HQRPj==#&YbaqclEKaBm;dTXw{@or(!q+Tdh7n zG`1aL&qKs-0uKWQQ%TJN{l&5Suyf9@Q(_m?jeRgM)g^As?+^QqSBGN`vUgiT!*NF& zko$cHEa|7iq_DUXw*z&OHC?@aYL9nc(~zu`@^XIf#Y$5fgxH!$a^Al54)C+l>Ts7% zA8ja|B<^@m*ehGC5n&wp-{R3jI>vBbA1jTCD#9J84!S6fDNyb}l2YsKmKa52zt?iT07jbo+(&Fvu9NFy}1G}^z`^(l;r zpaXZK%{2G7X(>8)xP2yrq~3W81tYP((t$0yuREx>5r0}c65^io;T(J zqWHnHi3hdT7o-CfESBF0Ydoa&PGu6aTfg9rX5%ALsN9{#!ydpyM`iv_Isbui=RiEr zW#3}<4(!VNjyWit;LlfDVb2C;%BJb@u6J|5F|{Af(c8yX!&hc}UnOL};VzbtJTlsRt&=s?fs zs|^QBIN!u;RqQom?`MGhGLrjZrz~Y;L-XjB#hLA)7Rb<`R#Yt>y7u;XnhG6D?#as7 zBwufmeBnh7B2M7;?3IAUeQQv7DUwl5w#r**i6QoNFIO({S?Su+U%vyO<6wUg?YHtP z3g(2|p$!%(Q~A512}!|rI@9!l9y)K+IVM5(Eu2={i!!ziThmrHhGux;`x$KoY;hEulGg{dL;$`K->c!B(MQ(i6drpaG)Anp$~<&VFH ze9MN_&vGo9K`J* zTR$i$<4RdD)M}S}&l_YCA=cs@)f8c`{sQ$XKq32fc=o>N9=?N4!8C`iV&i==V5hsF z=XwIT66alBhAvSvHo4M=dkeuw{?E@`Lqu9*vIdlV%hdNTD@;g+U)n1Hd^j!9-h)5C z?da_BCs2=9?YXY_Zoku8Bvo4q>8Q)wKAhtlClA&%!Q?AJ{Qxe-w&O65{uO^X`CB~g z8B+4|))|78sp~O^3P1Ne#_9eAQ(dQw{VJ#5#=sDvZ0b|db*XaI;^!}JdCqtq^3T@? zYz2xSc%0-M`>zl{K5>fSdU5zI^IiA`20S%omm^+3j-xCO0^gGdjdd(#W*JaHvJlB0 zN+7!sZvAopa`E}v498!_^2D^jx)Rc1^CPSiXW{kl36^b$q9rUB@D6m9nlPkE94uH^8nd-Wnk?d!!FziAEvQyS*x}LxBgj~AMqs#kppvR z{piI2ZQL)C*2k%Ke@KNEGR=?ZU-|@Z%un~dE2{TCE0>1(K``?KccZM9w)U-T3iUNEFXm%5VbJqG_L6L?F&viqF2h-~^|5I%Sdm3!Zs~@BJ$<_Ywlac zXX*MPo!@cr>DRTY!2&vzDkK$In7<$P5qjev=A;+yYWuE`_~ebwIc_*reGi$TD*bN7 zEoC)m4+r8=gJ_%K&hP6m{IrXD5MlUxUt`vCo!{mc=&!MT8jbak9zp!y7yG^dr|9lT z08SyY6Gm29qPIya^7$t`Wbo7iTMr~chVd)QSs^bh>W#b;f za-_|^trLEMfi?KZrH+9n{ZuQfgEzVeTP6qUC_-?GP^`Y*KuD@fNM`g!xrIA7O~@}V z5CA#(7d%g;DU>Coz@-9u4IPBz6vrL5hcVg9vZUmor`|p@FK}?E11vZIaF>5tNdnB` z4v(yHSK_aE!jqqrXi;xLf#mT%p1uN%B+qt!q`^$tU^0ewZ(1AGdWDY?4-?@Kj?~5b zN{Q?ze&%`(gRwy^zv-GM&KOREq=W4yo-F4Ei;1~8F&FdlR3H=~2WOQ`M4A%!o9_!6 z-_FX1nf*A&b@Dg|Uex{-PKYXHnL9xfoS=9y##m62>lQ3rV^@+e zWVmWym2I)(Loh_DbJ^j}v`My~*BE zy^n4-N>3?|rs(Qh=NK3iX@-HNVc6%dD33<>(2UI9JnQ)p9IF_v7(HPU0y&P>L)jU1 ztMTqA$9c<`tNPSiAxO!!eLmDzMeQ4+-TyURnQgxfFiV!YmaR~#2|mS}wLQZ_tRjKH zjMEm($rIJ#gUwTDIS&59oSiE$UlR&bvc>)gGT2`V^O$pf8Yg|}#S(30^N2;%`OJV9 zgd-FnPgXVyBY$83^-oHJcfBwDSEZ;A|Ja<|8*f6m4sW<1&9e zy*SknljIhDU-bAyXbV+be;Ev*&6QaS!um98aNrLbVC^xv_UA(|eFAD8!t*z{m-*93 zZguhn@S~bl%Dh{VaiO_%k1LWdWkoaTY}9aK=d1SU+RMdi9a1$mS?9P@C^@~?354}c zJsiEQuX?@^LX00WZ%^0aGJSt0e3?4U$12!tjVm(^hKqqnI7ooNm=k? zd{QtS#6Fn zZW(jV+&`dsW_aEn@!a0+hJ3&lW0-E=5ZZRBF9oIm{Oe0}9zHClP<--o^t4#~Su`Fu zp3bn12)18bRNZQF2uzFTx9OiD7dyDXG&G$GI2crCpjO!^5Rr6#pU;}I?2m?={{0KR z?Hv2L^3A0yCnr9!~@vEL#!b;b?&Y}!8iciJ!phBI2&tybmfy_XcuvYez#&>lcA_(`ev zh7k{oy+H^a_;|5h+_GlZMS|nFvKpU7}0rT9Spxe9mZdych8O74(Dr6=8n~0Z8X7D$(QfiQ_T((`UdzTR24zb={a> zHW5$#!fnubz+y*CdS%9?gF|3r=R(GqF+i@qkl#acj-D`vNClJp@zgnXcg+VOwXebp z<(@^7yQED@}PfPTe4e?2&$-{tpRE4s{=b*##laYIbHmOfWD%6nOcPz z-of@B!LfU3=I1d_G(JE|w4A+ZKZUGr5g#2CRd-LhjvfF5sIr9b;j zpQp&>$4gy1ODd(rc;13wh#|Ftn(6fW($%W^KF<61hF=+w z1TxBHHC7Yd(_E;)>So21PO&OH_!LHl$8}#hWgHu=-PihSnm=MFchVjBT{Vv`tl0P) z14~mJM+PTA%`(<)ryzy~XTRMJ%+Ehxi>z7rJNsIA>T@VMlpmynW5Z@$Pqm>YY>NFX zK7c3H*?G@P?Z-MjEf!Pc{4H4SzEYhf*O5N&UQS<(LKS|UgrXh-NGYl#OQbc|mJ!sx z1c!D_Yu=;j{lU5T;0hv=wufXeU!T^i+GQF<%4qIVzrw7}GUyM)VLAEkYJT%-nT>hC z8ABSOJO)PH7_ zGV3y8%dS7eeyUMcz~lF8!a|LI;|H=1FJQEgGjQqWEN8D*eIC!?VTtLUb*9~?vrY@V zOeWa&0e2bDG=27&%UM(=YEAYAiJ4{$&}*i$XVPb(BL5$TyQn8QJj zf%t3ZqgGp9ipO_#m0sr};K^)yWNm$}bBJ-|=Q(oyQklgiFvrZVeg6|cf%-#v zZSq5WaV{r6k;Mz-jFS5`6Fw&JPj}JFzY!!Y@YM}@QCou>B$6IR#P-8or&iprF>m=`-B~u0InOUU-8yc8TJmOEgiU!9=Y_t%o}*)@;Y%?; zHl;_e^)NTuJ*FoOs!ityKaBU-y`IKaZiq7%M02?B|I=xcJ*T4N%$`fRhDfXc#~w8A z%A+DWBcGbZn~t56p8VE$u+!lMpUv-b#!F_906+C>rM>#o!NB$fL$PVI3x4kDofJJf7%KT`mk$ewyR^p&T zF)iymR~>kKpK#3n+~eoe!Bvp6B@pCACa;iPOYUc!!todm>>kN|;@?6h>ill9A4g+B zl(b-t=(iW0aTe^VM}rm$_$IPnyZcN-YXVI~&sLkIgu7VJY($++RF zAGVb!9E>8W=Wp4>J)l5Oq|WfsJjX#JoM9ZgJ*QE(HsRGTx-2>DcZh4S)U8)i;&Y+K z-fz@tN@Htok2R0R~+20j9m>e^n&r!Xne|-$4t@1kOV1(>j;wsXQB7_Y1Ry;Vv23)h6 z%0*zQ^og@d228w{z4IeNt|o3EGV-&!el}}#6(B+TdQN*tQj?dYH!=3`A8XFJ1yjMB zTC44WdIWzp;|BvB;7^T4*ckEmV(cqrgF=A)+wYqKu%2-Lx|N9V4C*pRWS0>e+>RgU zT^*sMcLe4jd$W_VoM2bmyN?geEtnU%#Aps;7da&n`_V3=RUC!XAr5z`dkK-iuZCA=aH#2X4`y7@heP z7Cgv~^LXKr%YTxMXP_MbZ8KbPbv;7`zuBVrW@@a?X#M$7U1X8ZPibwFxW5vRKeht> zO0Mw-TTVr&y{>KOvoEu1A6eE|UV1LUd7Q_0tu^ELck_*ua|{Ts*4a z!la)rwME-Q9h?;sX1J>>to@dz#Gt^3WLFFlk`u&P-3}DV&>jc!1!wUdO6B-_qVj(& z+fXV?{;7~U62rpG%jsl$e-L4H&+MP|=rT|28BbH*9&~ZYT&BTOGN-$e-w^gi zN<{$|-}bNj_e_P?6KXK~ov#e2SX|^hgWEmzoj4uzr~`SYi=tx>dr?u^pS@fEgAUx6 z{W7Q9O(2(NO-+MNHUM(qh+LVQ>+&(y7Z?If5>zxye+QFNxc)v@c}EY-dleEhviGA6 zo#*YF{rhpMS5xtk>RYSl)dQ@a>GFKiyhj6wBzeLN0|?cAb@^%0)I0ym*T{0+I_(Dv zkmOmtbz4lVOqksKGnUL;$fBXqy{pM6pm;?GG#Fwr9kp&*tVRLU7LPM_?E4<_Q0VMz zC^%9J47=kpcKIvwp{5+Oq5Y19Nu>N(b?wyu?#(NH8!-cZ-7f@2{kmm+Kbc{W+plSA z?&J8!M8gIz`~>;>Fo*hXO(oV-N7C1Img=F+bF^mY;*EC)pVGH zTZ_%&gEzxuqf4D`{8>Srk@fxShi9uwsc-M=3!f!161EJsu0@(#&0kbS#e(~PZy;Wf zulM2m0r51d&jAW>vU_5`utX4`>6pQg#N@NYJ3k*2?Y7Z?54!*&MfCGYDfq!ts`eo~$FY-))t8j};tJ5O!1;pc07PXHz|XeG)J5|VoCvo=oFDFunDW45`m7M-VoN|B zw5T8{2gV$zTNC&9aQv!XpMxjU%&%ZC1%zCha$8(Er0J&2#HWLo&Kvi-^E_1N2O&9-+=V)Z4HT#B;5B^79Lz`? zY|PgFesCUPCDGME($Q_zqc*ZFZz?$2(fbVAmyNo*XF%`+^?ZYt%)*{4G8vdE7O9cE z*0Wo!CI{#-cVgdn5bqGhLvfJnbj}0>kCiX`c{hEl9)hI2b(l^B z`6E}TuulB*$ggX`3)1auzpg;VxXQEG&?B?}Zy~i9eqOj}j>GdemHzX+F z=RwQdn#N*Y`r+dmJz2<8G~riRgvJBn=Te+A(h+yxjw?n?b&W&;lG%D4VpmpU)zI}9C@{P?oWFNn0Nmw^B0tlyro9c zM26&DanriL{=iE3L6V|Kpp^xq01#!Q z29g8&T4#m2NzR}mzGG2I7l`x05MUo_7M%UIEd>8Jv*brW7K%5;_yDOi>KC}~on-qd zL)&IQmcEvHjW;NHXsSc?CW~kZ^HcM%_L{VWPKO)%jqi${Is`yseT$n8Fw^}Dq-CdYGP8{K zNN>`RdCG&iKwe}?#FcO<;Ml(Rr^N^3>!>3?rS5tc^Uwrp)BRIu`V?Iu5A#w251P{a zM0d$@S)=;?En@5kg3Yt#WPl+)e8^Y`82z(!Kv8NCHiLI!NN1fOm*eRtwr0jBt}3wKp6mHC{BHE zUm;qOv+>b}m5^BX9b{)z<0XlLq$JNp7LMLi6WROlOgAo{nWp5WVrdWoDn-X9$wUPPR=F&sk4H`=vSI8-T%ze**xdy+Ux< z$K(4H{&hmi)BSOD_kD8uD6Bb0N$@)H97yx^!tJ}lenV3r2PO{=<=-taqzf){-RJvR zk)tPPLqN-bn|qrTVz(4#|HsthnihMB?2SE`xWT5KMX{t|F*!Q( z@%!r7C}nRx`fsO&)XY(OFk?7=$WBY{7Yh$7tw#}kh0&Mcahs^g?)Mk#p{_;4Mgmu2 z(ytBeSwoIq03yeW`GF!M0T65c*!RDpS0$g=la<^l$$M*BzKQmYArLu28ysLg`it$p zh4_N9R)2`m&jQl_HoRdaK#y2~VB#ea6lxM&1m$WA3I(kJ$-C9MGxhJ{T!Ra{*LAn^ zJH&q&#ZS^Rw6|0~Ki8xOlf?Kv11mm=a_XLbO!*$Rr&dMS9R%$Zl{!ve7v_tVV4_|L z?mp3j+&pk^jZvg?-+KcC?>%ml#ZfLOCS_w_tt^#j*tqKI2lARX8%M_Buv7GhwbveS z>g86Fit3N~xcusOrR*p5)bT~^nS}VwCj6(X!MA65e|Wf|gniFf4 zgZnZ(IS45$vG+V6VNcdntI!*A>fyDbz2RzkzCQ0Nte>FQcEU<8cz`PFQ|^J_@wu0s z=r%%s^vTnSqLvM%_+OYxbYbl2bS^#SbiX!9T~~*4{f4=j3urzE3huTU0rdDe_g-L} z=~nnW&l#FNe>!hB7)@^8ZrTP3hsK$8N;*72S+(}-$CYA9HZ2iq!kVW$>0 zSm_-hGoLdq2W{M>o6Bl^m$Y-9A3y!^n$D-WPx~KznJ~}-Ez@ZfS7UdY9spoy_iaDb z;R+QXYc~`M_Obrb_u3_dpfQ9#j?njYo1?T5OQL?mJ9B@H_lJp8}R$CYGY< zQade#NLy%I zS?nnCAH}&zDv0Dnfr<^iYuQZ$~|>WoW@- z&0VkHI?WXZyCYda|K&gkPH>bRoQQf9fd@ zjGEK!d^bhtv|}I0S7NFi`jg%zg(}8FL9oDB5ehXp zPp7#aG%1DR9YKtQ%m)#UAO+fgJ;?jP?<}vwTVNS>Fn`SH12l#oi`qbZrM>!!ZrFGQ zE5p7YbV}bC>cib@m{jFT0h_TOSs#h?h#Gv13e9yF$(B^d$aMTBYnRwYd|J8y`j3TCiVV2u;6jzhnY7Xxnem_M*+J_NzGdgr{Q8Y zviCNhtf7uP6_KP92=9tG@-=tBpW^CHe0_ZZ&>DYc=!$HtkW!V*SXezi{(guU-{{2A zNKGd8=PM&rn6eJnt=>~FW*@PBgMC=-ruWrj+>_+)6<>N^GvBW&LZ7PAN)G%RGGXuO zH`(v>1G$KmzS-GD74im2;HMTn`ZqMnlS2o#w_DGxL|QG?G^YZE71 z8=QuG4IKlF!n7&J+06|Rx&&qLz4+Lw6{Jk z%?n8TPf>&luFV^|_VH6Qcq4I_ZXe57t{?#G8n9g!%iRaXVnzxMRZI9K&o(Mbp#+$|2~mmZ)%B6H$a4xx40$A#}^Uxirevrlrz zotUSNWDBi_dvMTB7n@4YuhM(SUrZn2a%q=}BzE_06bm!C@P(0he9#Bgj%Y7kGBv7H z5Z$lbtpD1_u4OZhA=A?IE|?Wp3SO)EkJ5!-yQf-Lma4nI9UDlW@7yw}AvBqrry?Gn8&c6d5u{ zdI)E%hUq;Z!B}_`SS6%=rzOn0MogCj^No3aK36GCs#UempXR9SqbM90rJHET&mo=N zt9~h{)|WClg};MNCkM|+l&KXQwAiP{NlrVuPIB=N?P&~f z|My_*lWihccK}y!z zDv9h$S52&N5JkKZ#H{ako4m2q`U{~;biYQEakYp7r2w0iZpz(-$C*g!KrU1lF09Hm zL+FiM9A}sq*_n6RyaWo(S-*0X9}pLUyb}?7ct7e-5`W6-6TM!|8+TC3Go|vjeKu3O z9Dxu_jQ!r1r* z`j>n%;ZSPu0B9|*q-eGW%CIca9av5_I|lcYglx-a;`qv6Orkj!+RWM{npk&sORD`$ zVRd-Iz^&O!NaSO(XbSZh`N{1M2H&p)2M7~4uLXuq_#8>~QdxhAHxpiU&hzl@aA8gw z5OC8Y*Vps)IdSlQZ>^u0m_K`;;Xw~1s|;uPHy^hf%XVl?mFP9yQM5S-X19OT+&P5m z<^3c>1P39JVDuO`ewBf>s!!t$6~H5qs{87VAI<`>0=jI^;0W#CzKQ1G2QH`rB|ZH1 zP>WxyPYv_cfY- z{q+4h{9ynOBiWiZ7x$Y8pC;w#+HTs1cr^@f=oExLukCBbC816Kvs|=kzd2CzOpgSJ za;{a6KetmxZj4;eU?bp6zpv78FNX!!_opXH@3{qjmbfN|LmZ=ZZozA^*_;9vvG_%e zG)lr*)AfK?uV>xotKW0HYpBC9$w7!xt}Ar8g?)U4+Bi{P*9UaQH=GB(n&Eo;%+S$- z$57sN*{Z+3CE-_p*c@m}lr`4yOMNB8!<<Z;lCTW%EjUnj;3@gp|Gp{fCz+iK={tJ~3I2%Gw>)J$VC}bf!ZY=ZmGPmYYIZMPZRq9kj_SDUtl*4GUPf@Ujm4MSTtv zAEV(MoW?(F%p4s^Hcy)iOjHa0z~;XfBoS6(2@OXMg(f{d^7in~m5s~P-*WtsW^J-B zUWeZ944sTZfp2&C9bm}qK7VY8?~g40ob4C{0m^rgHr;2QI|E<19iDF;In;B~F!@tj z_Q^93CBLDIah3RqVMl$cSYjzpqdWdmz@MHdgePhC%Se@mOHpojXV!L|DeWxybVkyl z+l*~6m}f2!wv2PAsO!Ep?x68?HbUeAVveNePHs z-OoCx{laGV@142=8!YaNCi^S6XLW-GGvn0K36T~!{}j-k@2NiA(FAMjJxGJcMokY~ z{bNr9fYU1Vb}mzwH!h$r3)}-O_$WTf?p4y%$JQ@I$~@Y1AGnJsS=Y9>TyK!}2b;Ha zr}lW1#i(AKZ%ftQa$@`EXDY2HmAQ!pp&)^hAC|WvMF`8M!Z^gNnncy=x8&H0vGMCm z|6RY65Bf}X+jDoQqm&=L_bvoo_GEwc)XM_v=UFp$*w!0vD#O0eKc1csG==l3rw-AS z@G52At)Rv;iNo=kLbT8&e0E<;`LP>e{fsIXTG2__l-{QY8lo+}C0U{81S#cfo}6_6 zS!*%7vG1G=ftCWW72%q|fh@nMzt-&U-wPc-$337ydTZSNBI?aNNVc3)g_Gs7stnIQYJsFtJ;g=XxL)3x5Lt(}%7JxzS9}|-75uo+qZwuy54z0CXY+)}b z)@c6ZN=1`mbTvNbYP<5Js1LiH40^A+B61^Cyhb)8ryKfymuqt`Srpky)E~a~@9K#- z$%i>WD#B#Q2OE+iV6<4g&CC1ryC>*U zfR_2h^D6hyIdgMPFdIBEBmVL`k+xLgkrsT4eT`Ksw_dPt>SxvI5^m#zdNoTW&IZAk z2Ty1D_Y16w75kVZU8l7RUGWBi;3FnHy(A2rLXMDY{_GffdNhQkoHmA>C{X!My=~gO z6n@6`0oi}$t+l6zok3_lL&%-O?|yDRuK^P$v5c1b9%6%3TYQcf$LCs}xLFVvNCqbY zIn62(Ys4nVJyHYKP*Q%a6dr$wsyQBly+K&Cxp|*pIj7_B?*?y zI0wifO)*V+AQINvfY$Pw^%My=g{k`rVpha<9@hQ$^f|lQqz^~m0qAF%xb=DR2~%A7 zuTM3F6MsVON^^x*Yb6lskK54z#`8&lK{&baw{=RUicaPF9E=m%2KeN+NEHiZxX|Ft zQ5OcToI!mqCCi-Mr4_3&!A}B&0jk@H5@H8+nOd#~+0qlb=BB)$PwdbQ#tOk)z&6_}}pUpG_ocr~F;S99tFX z)w4qI=XxY}E5Fk;%B~V)-~zzDQOaqp+r3zT?CDAJ${1+T&#=#K{d!fj{T|VX#SihK z&lI6iwzlUB2>Vs+?3f{e^F#;{cvHAIG4Op2N*y!q^|KB31!6oO?|nie z-{>beoQ*Sh84!g{2pU6Hx3+RTTkUD*z?kC%m;vkS%HPE;x zlDp{P1cVV4rq0KGsFpM+uT>QuC67c1q1QW*%p#)6O2+O5;LWr@)#qw6dUPsF+4WL3 z>#GZ<_1EykHl%dX4oqD9M6`MU-&1?4cqbuj1>ZL>nDBs(ZlJyq;^SJ=LjMUf7<7&J zgTduzx!p)`H)ojQd+%4*jIR0IDPY36I*x?R+YCXHy)&l5P8B-dtn3(); zpb4H^o}&?DW+mnKX_RM+YCmzRneTQuNb({#4*Yf=cmB%uq$NUXwq9YRC50y+t_c!6 zV6$^PPP|l*aNc;3c~&X@YC)=%l2lkeKln2z#My(va;HO3Jb$;|%I9#%?GVzJ_cH%Z zJ3C(xZ&0%C-r&7tljb0sWh|P&-x@jAXkTUU8PI(FsPjB+=|vO8z166m@LNcurGfKi zY)vdJ0lLr8f^VjK%K$-jWjod1edCr!1NVDLlZWCHN(X=3HOJC8{W0`LsG02royIdK zm;jxF`zIlJZ-95C^PTZPRnh%@(KJuQ7hZR2xNqa-H(VTJ#U{NcSMyf2l~^ro3~lxC zaokrUTCvZo`losuTJLEeOc8yy9zSpbbVyPVk4izA6hNr&5lPTojoEfvV8^WNp0vwJ zLn4K9#KxTQ@YU>2ltWV)Vk?49SD4DI^6GPnr^1;xYD>%^Z> zHKC;*RT*|(9)x5x))J&6(~t5^neOdg`)G1rup>TF69%q|`|6lRuTdGWG+yU8PkDGp zhUwza(K(+hfZB)-**qeC*gRDevlW8MFa1`osWVyw0`hRRCO_q(StV-S^I`rW+^8C`yjOpUefwdRQV{ak*! z&C%Vhk{%oaL*sc<5-!hWlK70aLBi7h+2hEyNkz#Y$=bho=BNe-+T7->lG4{$P zlJL$qS1RA`kZb#y36ko_lB{ExOz!N?tpW1} z!|gC##IG+i9kQdExZ*K~i^kk&W)&d%{d68(CX3VaVZT*r2Rxng@IA&=lMX_CjQk=- z!p`nhyPD!kWqzQ!35w36TIugy9ds{v+9}mS&2KbY49d%6H07} zw>c1@h|{-okWp1vw;n?$zTa<6_?BNOx)2gX*py65qPHG!)U@`XW#=+GO@6?7Is_Te zZtyeM3yDThmAbz3BI16_p&F1y+=lQ)R73xJ?=^KRpMm;U_swe8XG2nZ`NO%?GNKSMQb|RU6=_YkNA~lKz3}#A z?^u1-TzgYqh$g_(x#f*$E=oDw@8ETRT=~Ssm&f(`>#p)$JUo|Y#CJEui4XcU+3W7n z$bYB3-Z`>5Jv_}HogLR*moJ>*NM~;#_x$cR4BJ?hN?kAsU!Ra)=If~qmjV=qi}_L+|yCt1gGW6OX2EQw~uVHE5B-se7ly}r=$Gf z2RAf<1?*y8hy~S}K*EEs>H93Ohz=eyV$H1E5BE&ToBG`M>4o_MVeb>DbiGg1eJE^8 z{Rd$$%s08Dw(2#4jsEQ454jV*7!}ti&fv)B&2LNBT;Q(1^esK2m}O5T4u-@|2MwZ& z$DK`yj`52{)3r;7#>063EPY-cxFa4FZjJWqN_%aIxU7o>)3oR2s(watMs*hs9Q(Lf zD77z=S*(VLyf=@Duh*Q3UZypyt9bf8E187cC2k~nkT@Nk-5A({J?2W7rdv}#H>Y%E zNvmk6zN%~q`oraF0{ZdWM{zHB9&6tj4#zDOlAn{@W6FK5^#_Lu_@rJCj2K$%(n#+IYHegUvYByj(ERkDlLf!=2P{>oBklEzIIz;1}WT0izD!dSgX zyge!vb*ygc5BiIN81&S|_o;nEn;F=0Gx4?@kpQR<7Ykm?*sz2JXvZ^>Dt=pXXWdMF zI^CYVfxIb4{9c$`_1NPuP;U%=MOQrzPxl@Coa?=l`7K~nWp$9sc%2tn$&@1itec|VimY@egw9iXa{{_=@nwGw0arA>+}5HZMb?V#G09`Q=u zQ8<(KhZ7#~#)_X6KPOJZJ>jEJ+>V;z2*#uu{3M6PnuV_HiCI0R+S@?jAaW!2D;jwP zHVmmmR3S`5M8biZKUV`anlNQ(hM+5cjb9KJmOY`bLdKL%Gwzq3%+v21p1~smq7Sk^YA@msgE`REVcO-+3fbaLZ?F)BxW|njC(_SL^a+R}g{r-av_A zsmmd#<1tad+OI;6+WoK6SZ0KNJ;IFv|MvNA#xmO7X?{p^1-R+_SaS3%Cf?2DhAIEj z9hc_Iwi4)62V<_id%=&F&-bKX-r#^=PRk>;mQ$&@*H=4O*8}4@C@1A~^T*VPgS(Lq zH-8X_YMXxJ_B)q@SE%q&wOWEi2t*xvVd^o1L1zlUW9s1lDoi>R*Z5!X+OD3 zCtHn1ybu!iT9coyjO`apGYD9e>m=a-VQgTt_#_67SGAF5B#cwDgF z<4*J>n7EQSlTtNkA_Kb0&+|C4e1rQ@+Se9}`#hhNuz%bTc5NlFSpXAtXZM1WH6L1J zUsU;avA{I2|3L2~$|kAru*w{7RiH|SQSzfu+H>J=(BI%`T=)?YQgZx?qu)vA^RF_m zNIzyHO)uf=!qYL75B zcR?@wv`@+3Ku#SCh)bOs30>)2$H)M>6>!y6TM8mduU?)uE+8lEQlh_;Zy%BOw84D6 zha4}6zC^4uf;7{w`HC@_O053LQs;JFZ|wRdn|ETT_Psbn#FKK#V?*zUR~nj^Hs~ik zIULl{kT_hNXvdO=Yx+mllmE8S z@JLJime<)kQKkm7&wjbn)93X)Q=eX?Zp7W}5eA*w_JazxFrpy?iKJ8JFAO}e=94M2 zS3?f`z{1IZ=f)Lr*=i|Va`y#qhI&Tc*?o*yVrm1DyyI^Bp-jMafetHSb+XdnGP~;dVN!dG~I*{a|!Rs#&zLCGM26iudQsLETTtQ*YwkXqZhYHv)=I_SI;*p)Gr^>;3h`oB} zu|}$~YvE`5@9aD34Shoh1`g-_u0dHX>vdZoqvNzk$c!$cbA#i##@N?o(xx4X*5(WP zCC80SRq4&ur|b!1{h{oGU&W}neUIb^kT2?^@5Oqa9M-S#)(h^aMjtMr)n?EI_C-7! zm2ACxQwMlkxaZfnLly+%TrZ8OVQ{}cL)FRHLRXhJLFl(Js#H<6g+=n>g*@ooslHqtu0fh|*A!MD0@v|!))`3~9LMCo zgDXO!=6w=VZ>j_BsD)MS$A?NMs}1M9*9NCBKi?>XdE_Z(laF%eZ#72R{SI8etbN_9 z&%LO4 z%Ac?y1rWPxth=HsKl$(_@WJljcIkwIO|eja))s5~bm)E8JY4pQbYoFrz);Qa>k0a8 zhuG)1#?zrPH(Nl#2SUemeyAIgU4Qdh+;I;IbZc@+C}t=VG0Au`*W)G<)O~OtheH77 z%8b~{Z66)r#Nbt_<;aFuIi{}516-4io-6Rxu4wSUuz?lp1NQ3v|mvVVxkLTaXk7*}USyEfHoL=q2P&dfnc!Mf~H(rhZZEt>G^NN9KIEZHR-VJiDLuzkne^1+% zeR&N=?X~zaWN>^C4?&+WR0^Nlfm=fVv)>ee{wONKA)PIOc@u4KA^1y`eY0fZgA+gF zZj`K0`Fwp3W)9z66&jY6mAjU89rwv09OFcaR5ANB+*mJ(KfKZlOh>(KZ$AWKJ`W>I zZKrk>`Giqt`A%0)QquVE6XjsZ@R*uOcdrF=_RF4x>%Oq@F$>(&jsIM-pD)tSSyosr z$mrUmyhbquxgvLEF-(HX$)EPq%>FC!GCh@qXXE{(4a-sWy9K zAC-&iFF4)F?BKe!ZG)BrQ}ewq&oip6=3%T)RTG{6-Kz zU^>3Uavr)e2})ZFQOrC#DNah`LzRZ0q1+Ixei4>k%q)3U_bDmE+e_VSn%5q2HIA_4 zUC33nRG%NpQ+{dlESb|-3%YE4IGGA&P~eZ^aa(OUq|^Pr?0>4}Od@;QFWxYK(n4AR z#6_?4f-J(&#QfLW6@c?)2CAp2t90|YkLl7Nohw1*B-}R8q~)l^QdMdVx4x7;Nkfsd zu3GpwGs#LbPuqvq_4MQOoyDU>>LH@8ts%qy3v1J8@O=k=ovM?S zcyP4(y?)kdMjX#`{GvIk{cvQZdp}gGHoSmrX!qXFc13?zOzdO|ab?gJ+jy`M%B%Yl zDkn%iGfr+?q-*?s*<#*@a_T;v5o1)Ufz3D9#TjyXpXF>(NuRaeRQI|mV9%D5G}`Va zZ*W60cF7CPtQ6e9r3fx)vRw-AlpdaGi1q!S+U{1hHQ$c!w zX3}X>xGQg+&4YIR_Hcdw&M;e1!EgKVQ2pZIq-`?xq(A9-l2JN???ikJOTEdRnsgEO zaqE>UYxV*vQYn=`67hU_{Z>21CUX}lmEaHLVN#Ezzn9Q3#ij~7udutpR&=~(@9rZe zCrClvJKb;3>&t;QGdV04I`FWoE*@+O=_MVBlOd^`c0<-(YqUiR74QukLa6$$i??}u zVSvvolnoQm-Kiv!{8|s6zO9Nd04De+wB+K&$kRzK-!SS* zDQfe*UniIW6#~E;iXHwoC_wT2l&I~B$dSLdT5(fo^ zt<~~K70}I54)H+T_=gxUR7g!m#}hNp>vI7p>2GJ#))xDem+8s8+FKHx|p z0rSlvdZQZ`JkZ9whh< zn=jU?Sg9*>(i|SeZvs@>QH_-+w+#+fR@$) zBfwkU;U$+LGF%ZA{+f|c>9AXZxWr~3;as8!ZbU}217`ItHS1QysL#KgCg~nNR8}w6 zK8ns;aC_iO9!-Dsz_fAS^A@j_bArEgzrZ4O^7{Q0jyZ--;U)LPekFa>{d-WRV3n9M zm&Y%otP%py!os(It2I29o;^&4T`-(WD0h+4G13sTnq~V4j91c*Via^iBxhIdwG8{f z`AR~aKHec=E@}y5DyS{*qJe~sJ!&qgKOu(JTC?_f89gqko3p67vKU#sD_Q^et6E*h zk38NA;!P31>2`l`<>Pw?T_j+OII7n=MR@Al=UIG%rx9{;ceVCpwPBaR08F7UvM^-` z%0sfJq!5xhU*0o%rO{0r%x91hw*0oA`!Pe6EaV>XnpzELlW`e=7z60E5OAhDi}zmeMaPgMP+8* zQ`=qIE1i2Oi|iap;}G8XMn`L7bR{kb_=#t_J0=ZefSPQA=XiZ4&Ve?U%Y%3w*_?%5KLZAm!s=qc`6iF(TC!*$4=in6DRaXTdC^79_|qZxHucOY!ohfjDM<$W|8@rq#7 zKK2m`TaxDN*|(6)%=+pTNFY8?kNDX+ocRe8q{X5{(m|E_oIrD85_zsm`Ms^95&Ay))KYzlkO z*=(#}M_Wh5a}UTOd0A%A2$R+_rv%3@pKteY1}_Uif}hY zmzw*N2YAEjM{;a{psgz#9R~{CRy5wk2udmZ3-pD@GbfqL;z^vJx1w5V&W1wx{8i=+ zJLU~V-{c;fL{e41wBn;XJc>tbH^!Xo&a3%yUyy+ibrPJ7PaV;qe0tG^gR!{hYA6FC#pvB~z{=3D5wZIJ`0R zNzp~{(+uF?+Xv0{4DGx`p6}-kq-QygP})d0Hlc)0XbSp{cEt3#t=3|(*&PnV>N(!D z2i0eLuNkX-GVORlpZ5cnYQN8+|60-=zobwFRXc^Ea)aC;W~1d>*+Y6A5VW=w@(DJo zPE*@w)$_O;9v8R;_Yns^=;3jJWxC71_W2MrlDUpY#lTO*99x*c{eHjq3m{wO>0Ve4 zd6GPA;ymoFY>$SxB3LPnz|u+n_f0c9&}9xT`CO`dDgRs&ymTWrpgMG~iR;ug;7bdVo<2e6>v<}2$^ zW>ZAL2FDEy4_gn5&lTY|WevIwjs!yv)~hkRSX_8S5F?1ykG|#Y%F}Un>gh@bsK@|% zk$Zya(&oc1WfEJDF}^8HpYl`xE>g*N7E`%WF5h736M{U@y_e@;%GFwfgaWXfB0*bv zS_qO$>9=I>g~a=1+^fXd(i@FPu$o^#SJ&ShHT?Ycn(g$8B1P{jqyop8$)DqS*uFzE zSCn5N5WILL4Q(5@%4QqHK&EPC8%9woKf=Ee{^g5I0v?~U0T+a^^M^L^*Ys?EVIG{2 z;{Kgo_7k#d6VDK!|8+I>TN9;U<*O@)?3Ab()ds(P$f+c^jf_^iShsFz>vgcj=66HH zrzvA^6A!?jxXkmf2Ldriagq0MZRZUhSiqmF6E(Kh7i(b6BQCsOJBP8xTG~<^bqh(Y z+OHk`DX5EW-Au94x#)Cbrcja8BA>1T5NG8}#j^D@lfSTTjdZ?<%Ovm3#PX=|gg`?8 z&^)`FXozn=>I>zOovGI<9C&a8ksm}E@5%MhllR_3cyk0eW656$M;C7guRO}oZaujB zs+HC3NaBqarf||!!W(hiR9IN4s}FX+5IAVToIs%i79?nC`3376bQ4#i)+k{xjNp0- zr|_pn*-hrBF-;^4xss9WRST@JfsH&spJ~h9RSj>2Y9lMWsf=HQut!V?AyDc0^-bZ? z=(88bvrp5&>j>?RkTKF0b2fi_wPg()&%=WrZtg}9rEm%^711@ASyrlkJle1 zFVt&sFwr1qJYwPlxqWd)iWVYq_nEIX+ zh`2P+S(4dpw|f55rtHB@0@tnw^}Fy8ybso?ulA#qiJ-|T1!AiARo4_i(`cTXBUTqF z4BCj&o$Mcv8g*5ffjPo`j7Q-QZNiN~Bckfv8KGwT@C{Fh%Hf?LkqW#vf@9a!2! zTdfk?t6iSYp+QITFkL0UJ09`>ox!9i&(7aP&0ZU1x>UvoWK!)E68Vk&@+mnx<|5U5 zbr4yfu^c3L#*LzHwHHxF>E!HJz)1fH0TxXaM`R+cy~UEEwUzij zA8g5622aMH9G?ra$Gx6TRJBu7_bhn(8iwm0_&eR7bw8$lBZXmYJm3X?t*88QLeB#~ zQ42P|cUQfz9f3gse2O1uvwG5GKOnhxA2jf1xTjHYI?XJ!iPBS!?7mp`n6EKILbi(jf<+G-{DiPA{0#a(?ZYSH}> zIh7|_mHhYxbL#uK@VC)a<9*S6hY2ZK!ri=df4Z8Q^2x_SwyZdg)GF$Ndz=bpQSG(xMORH6S!6XF4d7 z_B#|lIy>d}+DgTLdyTFfGi$Fq(0v%$v?Sk)23(RT@enP7_bdKbF zKSm^bK>JfGS4~9az6#^zG935o?D0yzm-fuj$jA*7i!d7Qht;dGwO?F)W^hAFJ)zVg zUUD@TO=0foy)`l)gTXzKIl~W%eT}$KhX0kB#}`;||EjQ*kJnxgqk+JAi&(1a_@1=G z7Zg%oqQAiu(|7g*+tb~d3AT!?$WjO>QO*b+Glw@Oi_v4HY6ZS53-C%;Cq)7=54FSI z^UPbFW<>S0=)d0#b#bJjHUI#>;f2EmIM51O8o<_HSOwa1JkLaqds=yYro3Q}t5qv# zeGKl#YOPzhA6L(3cSDcwz{r}CY=lzjv+lq%Bk zg9#LU%Xf@S_@2WUcg>~9hD%bg_sOCU)AiK%`!IYAgQ~n|Nra$s9qKnH<#aOKC27L@ zHQ%!Ev0v7JlJg&h`h=f8Uy~loFbQR`REY><Jrm;%7RP-bc=j<2 zf8xm#0Rw6-*oj=amN(V2cc!f{|GnA$#t9HwXB{@?LGT2RXyn_?t8eS6tdvL}&Gb`s z$!#B<8BV1|`^ZBhTpb35fJ3|cxV`WwfJVLJyRsOty1QQh53WlpQf&9$ut|NW$zkL7nbg4%nXBM-s@*9 zo8NgDiwh+b@Hng-c2oIaNbtfU~huFxlw#j64!Lvc^8 zFZJ=O7c-SV98c!9i2Hi?MD`~S-qz^a9WIF2dPR>Ube(r)*LMGTSjW@Awa-K>EuO_3 zA~*!2_`3-U*{7z7v#OlqmgQE4^=JU3nyozv@9ml#BTo%pl+U^de zb(|yn+ro=taQt>QW_^hJoC5Xs34FhBq~%sbtf^7Q_YW5J_wp?4OGts!G-WYpV`|^I zhXh%)Hv1Tjpthc=?Snf<;M=28Mx=h{WR2gpD`#jUVx~J8K5<@2Ur@r4W|RLcr-6$( zz&?^HVqry3&%b?$$|292#v3pv=-PZ`^Zgg*>oi5n*kQ%kS6^sY-`%8%Z^EmBm)hI_ z2%s@}1xHR!ZDgqp`~*JnBrVY^s!vln+kN&*?Fo4U8=7ekVn}= zyjve%ZA|?-LhW8w@iAdjxD>1PDwh^F5u#CTg>Rvj5Lodom&-nV-J<|ufPJ6@M1i|paGG357%CrRUWCcZ^6=_JVyB?fil3+IvL#p`TMNJ z+c^C7l?-O;0dw5v)I07+kQ-E*S~h@t&D%aat$R5!@pZThY#~Nzu4&o`BvctpSX)nx z&%PcFgsf9O&?FcinHW%HAZBQ!KA#k1=?}X%eXUo~RoQhxTGcC!8-9bDc|7Y1Rd>i; zW1WdGG4Dg~gpBQ!TWwwzx|t@1ql;5$6o2V(8w(MPbPa}5g^YP2&ZKs=A&(cQs-}Jz zbp&u4)c8Szb6=f0y^$NZ=@Rebvt*96QV>`f2b0uBhhT z@`Jt~{StA0>7}rcg1pzYyfK#GH*9Hgsj_5r^I5CY_&BxqmS*h8ZB?xhN!m*&F>(B> zY=aCmjK&!uwg?Ej(s+pjoE*S|vL2Zk@1Sc{Ol%JW>)-R0J>G`Nb2=KBz1Q6fN9mf} z0JDAB_m@y7tql5iiezEL=?O~~d?cMGq5PxXhzdN_KK;Hzwo#C#q)gf#+AcXTs+>;E zF}V}=_2Tgi4296x{-BZpAax&%iLWGuw=eEk>HJED&mV{8$X^xVRSvUwReMV?G#fRQ zFi7bWs8sXd)Qp8KwMLc>0Zu-MR)Zm(ndiE&>Vu(>VQa<5%Y!az0v6cjAItuuxsnJR zMmH8fHShs`n}B+>bRv<-4fI~_R(FQwu}|f35dYvg_(-Ahy;(`dm-cAho6j}TxHi|O zdFJQg*v?0f=Jkt~Bqyok%oAcMlj3G1b5l?e=k((j0+Q9AU$j~zM2`Eb=G%RasFsP^ zPeqIA>^Iz^8^%^dwe5c~6P+b%tz1mP!-^uEryss8?jvUzni&09t(c&}J=Yl~KNH&Auqb~-R(xXqr)Y9M9J)ibmajaQKJ>xG3p&?aBrS$U5ah*5 zU(RsbDo{g0AZy43CIWNd?-wA<^!v{~(U~ZitTn5TD16#KYM;BISR2EoT4e+s0no|H z3A7_)POyrWmydUJqn{TBiB+TE>@)tyR!UjyoQy#5GkL3YqXMMn*&LsEE$74D^0tQ- zOXa=mB@kNy=5M;i^4xf^qF+DAz1k>fp6xGB=NYgUEI=wRr3xXCqBroj&tp^Eq$O)X zAH0U%V^K)V57#R27&A^cay}AS^zFz4?KOQmn7$Gb7cD5x1!z65Fr{>jbe%B|%O6XN;pfS~93p#_H9$?| zDj0Wqo}3X~sWSW77_*cS=|caBw|2dW`+3BUwcZJ)Hxg}^{hoGmdS4NP{x-Vnu*GMY zmfuTaPZPntY)miQr{pwiloG?TFn36oO~TH%wYWamzuK9T-rN#s2@h^DaO7d%OY={xK=R#&vZv-g`m*Zu7q{l-*WSvQLRww0A3X*gDQqcqH*{451M?8-&UP>ZT5@y0rUg(-bp15BDk?vLQ49O*7CfZ$TbPH z;rJ2Ydjo4oKeTuE;F|4#?SXr`ADht`AlH@i>*rYMA3Ji!@UTPx$;hLp>krI>Kgi^{NMl>j>1*s?@t~=$CMly8 z(To--=iO(wssv9q~d~KXB1SKKfWX` z*BRTP9i=Ym{h&T=-1L&9ovUW7Hv#1O+48FqQS;sVLtWtTP!;0}9dKB&CO>Q4h3|kI z_0NMu7C}T9_Qv@|D02r->M5dL;<#R;=)4LhQzo)NGy!&$Or$N{mNZEludX3~Sq&wd z_R%&#KAl&cEtb`Bk@Zw`%W_T`m(tdu zxGT#Sbt~?_hCqv<3aQ0STNBezufD>WR4lBK-TbG zr6^e!syi)D-#Loc3<+iR;N+)y)^B~up!bDc%`14z;=4g0-P)UOxsX_FyVmm>HS%o^ zjHOHa=fe4}|4g@`eV0mmdR@Kj;J^=e zyF^c4@*Y1d7ibYlEIZ`N3=hQFd&NG3p`zhx`jazXx#A!0m%;j7(wI09dsy2dG5r?K z@a#0Z2)kPl#B+UnA1z)P0Woa7*A{=ozUG85vVgp)3xTk3sm@Y0oUbh6;GU zU3LS|_hAOV(( zJuAU@xKfH8l6+NyL6Hzqr!wttpL)H_Rp6#*+r9;Yn+*WJOHDCS(5M@m07)gsW|>Jb zesJE{a5F-5aU$?11Q!%fSAdH_u+3jA?NGIg(er0y9aZO&wHV*_AeRh)V?PZqvU{SEs>JD9xhfLK=%V* zqoohmLkd09O9;fFI?PkZ$m8K>zwcE3M(5`FF3x$I?8+WvUQ(am=lQtj{7Hjemx44L zUuTo~Q`!$w~Cg4Di3HwfQNzU~jpe}KIH5G2SHjtMsM z!A$O6f!dw;IY(fPapNdvrMQ$_>v<4&Q>GIM_q-xLNLod9C$hDTi;}>UfSS`i;bO#F zB0S+U2zz1H5&O}7>=W(H)nay8K83f>9}4sViAA#a{NX1;A_V;S{%GHnA49|nV51}* zxM@=OF1_ye$`~Cx&l>j+t~A;i@KK1RvuecJ-Z_7q4e~BWe1=&5fEcdjxPi^BBBf-$ zit@v=%mREt8}rff-5V>?rQUlcGmztVQkLq68u6#^pB`iXxIsy(mE4u`lc>#ZF%tOu z6Pl#wt8Nj}^%Fjf`qHbzc*)ApVU!E%%(TPOX87Ds(#frB*l;NAr>wv3IfwNtlw3In zZ$Q=ySDcK;s7|Hoeug}IoUC^y-Gy7z&DQO0k=P584_cW`Dw6CdPkRIPgbFDsUWfDP z*(UaHA20gK9iKw{j8<{H2Z?O+Fn^IWjR28B^4j@xQ#JDNN(4q?+6h4<>aLY{IWk>!OP8tP*eR3#7`` z>m=e^rGP(gY%~k)ZAxVK(M#|)Xdlnj5Ce^VIUrJ#O}mboC^I}?!DXOo`;U9M4zuN^ z<3RT?yrw;$4(=xKXF^#@)&psEo)vEs5RJlD;n6%Bx}8jyzgs=xB^TW5ONsRzieQm? z`mU-MUIdylDZP#<>AFLN{gAz9p|JQXEIBl!a{+`-HW~xu&?QvMFlutPHS=6EG?%H9D1%dgq)oO+l+hNePP31MeJbqRR`$PIpEc zk4+givR1FZy=;Ue#hU1*8{FuELOH#qZE(=;vNgHptFu7P&5YiL-n^zb01k0gG|`q> zj0q3l3j{dCzFnT=%1RHdn&&Gd%f{{eLa#~UmY%5f9jGIX7bfruSaL2zoGYXt{AF1+ zpcUzr9<`T{DKGpetr>Nb8lW%q4+}-jg_=;24VilfWeuqfBT{one8|>qp2!x%NBN-n z!GX>KP5B@4qK8n0jSC%&wh_d0&V=XF;EyvgB{j4j`Bb#nmU+Mz#rawx@JKeqr`x+z zs9%JA6l|S4x=F=iAst zKvJ-dI@5G2)BvF$VI%Q;OneTP>++6i%hrbQomG!H`1XSIdx-n&o<1(Y(@?#lRZUpw zG6leZnmTW8KW`c8rN*D`TTC7ise%GkBL)zcapiNuH{2(opVq(_}xx0o#6Kx zji-3=&Wb+A#N$AV2I^aBg{F@^=ZrN-#dE)JJ_-`|j6(;fs25msFMLVu^*uG`BgqbW z^#tnz@hm_k0j8r$~sn0$!0hJUq^(#NKAhF0Qr{XCG>i9Y*%^Ily8 zq7=69@VrDX?nOEAhrb;l1Z(6Pyi%%QYuxZq9HjG6mkOr;%`DCy=ViweeD{Wd2;*%3 z&6VUch}fOK_hOAeOG5w6kaM~dlF@0pZUnk9!{0tOb;Ma#S@U!yS43jt8{Q|@u*%i6 z*8ci)iDR2zTGf9b91D)OWPlM?@7Mt;GsvQ#0E#|Us=yzLyR|<0!-p>u1lngmf)6>{ z2>a&wzI;&@_)Cu$k18|-O_K4ClzLW9&pQ0%eP7nNE6F?b2q%Dp^-jvHJQN7bmRIG?+c!K{cN`{7R3{YA8Tuy{)R#&V1Tv{ z>&Cy_xY`&i1~Hsp9+Y?Ie5#tKpF<`qj@emBR{b*Xt1ILFxg+r#gdDRMI`(in16$og?I1Wp5EAlq ze{R$FxwQ%N5aQ@@ON+Harp7FPY9KgWl&DL$9E(T}^KvdOhf^9;WQm1a5|Ivhc#-{u z{Y)nGF8hLeXj}q-xGet()5WGvmuPJGz{Ga1gGkJW5 zqOi$Rf8tn{p#ZDi&(|&9$No>b`p5Avx)6f5l7JEBRk_9VF?3x=+|(=7+K82MS0Xs$ z^^5M)6@IM5dcMoM3;;y@V<$RsU3L#vkj4bNm=q(J6ygOS``zOVzf`h8bKQU48*J@h zo&y2Rgwbsx_TE7;p9h_Px|*6VJjEka^Lwxm==kI%)*uK@eGnHs?DSB6(*QjxeC#J> zyiW)DorxBHB9jlclU7ACeday4qOjj|otRIUbWXmK;H%@oe(i<&oAF2Os=goGfU_nj zzmFoge)by?x50gD{fR_QB8#0*^SV9bDvnun6ol258hb?=CJKVj47xaF&Gb4P(x|wg z>9QWUi-BDx;r>hfTMdFuNY1xW2WiX>f8NKI>Lb4m*upN6?9g5ZQFn*mF?z&&ck+5~ zR#)Ph=XQxCiB;(&8VliTmIgWLY7B#8ifrqPU-&*-kn6sth6_L_4T=0Ue4^5C)s@Uq zGcdVJ*THM4;VT$>@Rcill<5kF{xWb0+I(-okL>vM5r`>f(gf~UQP`y)+882iZ&JyNbQfA`z@ zbU3aFG=1qL6I`p56t_>Qw*~4}NB-^oP7*Vv5P9>Dwu6g`&C>a2e$2bL1e44uyFE!$G-*Z z{CL~gwj~=bvUYzeywmN3EL6#PtKT0bY2L|spbi1-6z{Y2@q!%^{(@Xj*8QFcL=*$5 z#DVn#o?_b`Pl`%u$6umdrYV7)5;&9ts9PpQhu|k71<>=yhW>*`vwd$v#Minpc_2G3Yq`mqPN~4WC{l21v zqlGD|&V&B+zFgB?-o{yjn2FQ97+)B%FN&Z{AAc&FQwJ6-CV!>&_<2<++dN)g#07qa zIgCf1#@d)0GN(GUI`a71vhu$aqV~Xx&a5YF>7LJz$r%OLoOi`J z@qRhiKw~}=jAh>@n}^q6*HPvB3G>Wa^-Uu8m5v$*J}r(yz0xX&^5?OgK=O6UhC4yF zQS697hb)ncS1y?ue?wPgez{;bhP30QQKwSP$C#Ttd(%i7-tV{iQjTy# zKfP~Q9d9K>pS?g~)k|6?&K+Kc&Ph_l=;8HepS&~n=KjT`WMTw9z#1!ONVgPlbRGcMnG4{m`}|nC z{UG@mN}_R|_pmxXDIUZ*U~TQbv=$Q@b05}`qg|PvR$VG82>W8Wgx}^Gg8z4P5u996 zBX-~4Np(wW-WrX)U1RS`QE~ttgXN8uuT^Q2;VK$UJ%ZDJZ&A%QF1uQo2;H4^)u`f# zy5!BEr8Y3gX9>l}@kGSnq=FMX8qpxwnSsIBzvjy@EchxB<+S6;1OeKx>i^T$Y==Dpl?sXl$L zB<`;wDlnj7!u9I%eVFyaX$#$?o5X9;6BI-(G!hR-e30z>jaUr%E4g&j{TCpi5|1*u zl$w%A4NLeVRx_1s9ckO&sr*9wa&xF=%|9#MeVeIF15~r%L9H6Ub1;(0hMyapD zsXAYB<~X^`&A(O;cl`cLEnuy>&Rqfr9|C2f_w)7iNrk+Ogt?)Li>hl{_aW zDKZPT)MH$~rXz@eqFZPzx9v%)QJ*gH;_0v{f%sRV0|=`7+WW<6cEp!AdS47E==K!Z z({~r1VF&94%7FZ%A~=)J^*R4jem&c|NyDN_{GcUjX}{l}9-!H~a%{Xfb~TCohOMfA zFQQN#M>M)Ac=zD^Tza?spL}&$(~%@de%DSSuBmUgRL1n7m`Gh-0Gdd}zfGY&$)miI zGA&bP)USB?cVXP=nMZ7KyR*-C$CTX5Zy5+>!Ty+rYZfY%{9?|eh|C|_*2*liz>D?o90E;g~P6ScB(qA-Da7f0W_KJ++WZdnjEE!I|q) zQ~Z3DUGH#O%6kP_i-+$@+t1-#=~axxC9O`JID>9ZaQ8dsJdz|gf5W2NvoCf1@XCIC zAAxt)muB12PC*d)HDYFLoYm zE8p9`=2_A6z}~oDo=)SYs$R09QQ3@TbbUBa;p^I9cITshlsFDvc2)UKRaiy<`V zw&&NC4<==J=~E&TW`rqfm`%F1HVRUEVNh$iSAOlT~nebI-aMA^;KDo4;KyVNok3dmKKcv&Xp5uKupy`KvTnoA0HH(O)Q8YzLDY ztlC>t$k@|la1;HHM_9hFJrQZcO9crolp1j4m!LQ#K1aj#ql18u_XVkRMH?<|CV9b@n>EEP9)N<=o?l4@X#&;B^k4!!!G0!3Gw7q@ zFQWKU)zY?sQIXG74{krs^aS)+?}yT3HKMwRhv<8uZlA%B-}dbbXvA0I*>n!+B`u=O zg1!CuI-Honp!0Y21mSO4VvRhX(gx8kwkGvbrUYrMDl8-Qm@3%^;hFDL&u*Dy7Zcd= zu!s!dNB1XEdl#>_uak#}#U8KQ<|TN8{?V|D1I30$Eq{Jw0+xATV#Oj_NwN|7-OZVP z$pWMXOqM2k2o^ym!!72MUexMmwvuZ8atFzfFQ4(`ta1-9DP`Mj7pe9744~2rn?C2; z^Hm;0R~phj>baD;hUkKC`JweGtY$Cua!6$HC>fAUR5K3PU?-EU55TmCUaKT)N%}B= zcvt6H;EMP3LHFn}-nc@iI7pqyW&rRwmogyVDz(2Z!@8HE_od{0IKss{n~UEb(n4NW z*-m!?p3&6SqOA?{RCavOl!Q?ribMnf=lT!#Oor`BDr@5v7IPXrU>GuX=YsyO&J(yY zjBc^0%K)aEcAgxrlvKZHRki%fZI6mR`?j*MJ+CqNB`R;WJ3v+Q* zjr6l33RHrs!N5^RIJk)b;y>(<_tPLsuMK3_wNN5((kSzv)fERBw;!k2&A!xAlXxyj zo|Bp&`9j*NeQ-ae{!tG%2A2Qwq_bTyPs}zwJa0i(E;sA@d?u~(l{Q8WrMC1$_jQ9@ zG~QRs^9GX6b0owsp;XZ~eAY*3G(EKhP-f?HTD03ZUar*(ik+gq$9*t}#tRkpgmEM$ zgcINI&_&pATH^zQ>O4AQ5;#(kL?2m%z^!^27n54vlCHmhlGq;=jzJ6qjw0U1WS(9U zzNz5ru-cv@;)x{|1X%I}x9E}y^M!|}Gz=*Vs2BFi{NWw>?=Th2^Ic60n&#$rRGsV{ z+z;KL*zCTRFYk#v(jTIHqia#C-_;cxmHqLj{mdR@F7rH;`aea!oL5H!KB5OEolCvQ ze6>3V^Y-MUnI~$}%$Mx?C<^hMbUZUEB`~F;0`t8i=HBUU)=8?rW%d`#?h%QOxR|2f zuGdcPi&N~J4$(d+U`%>?82bg^n{xVdOd5AQiNyY#a%(c>C`M+#0riBQz&w!Mop{3} z{ru1(&iQCJ9Oh|n;FOhkPGR|&$Y{&fjQrUPaB4S0TV?t|n)10{zHovrD(YGcu8!J- zdDb192kPvWk{-(VcYywjC%rS&q5V7#8LQs!=NQ$fE#JEmoOWyDrzxM0Hq9~g1l0qg zd3A$*mS>OnZo}Dv#zYtqOQQjx4^8 z{0ai=O`y}fmnL|#Jl9-X0$`jS0fFBmGSMI-Z=MI-Uoq9ebrzOkPn2>UJ$l)LhOcEy zG1Jh`&!aiVU)bK{2>(eso-?XUPugMOLr7?x&!o8$=fHTjeqrr9598swB>E+69X_4tlm3oVL_8~9K2 z+0^W31TgAZZHORy9gQX@HaZMnl>~k8EQHMTIBn=nK<=t(P}|?D#U%Ibn%IAU*30bQ zGO`y>Ilyo0s5j%DzozbHNb`Q*wD?2q(H^Se_=|@xAlt0ssu|5q(tYB?ean6R2*379 zN4!%U*@aKD^~wN3X_)W?<7OTuy1NPwRW}wyKhXG5AD3TijnwU?=8oN`#!en#%NMem zufdH!C}ye=OsoJVyB|d;p<6I1xVZXh9InnQ8rfAoE<-f4JcxUNILcJe7ku`6*Umx(y~JUUN-h`@zf6KM22`7H)Vv=l%PwORft;0mYGsg} zc3_baSvRO(4S}L7oAstfKY&;wuTkwWrt>eN)upNfy!y?-A^N>HB6_a#>y5nh5vZiU zuMs@~iK*i*5?n>Z6>eT`Gx5JUZJIr*SM7=2?-#obFZpuY`xW;TF3m_Y=hshF6n)V? zw+YKg{x-emmhMrfz3n7ck=_3bD|n>`df4yfGVY-9<##HSR>1Bo)-x3hqazggkJd7h zg%mO#%~b^a{)EvlqF0ko=-RR-^J0%z@;!dAHi-2#Qi;sAWeFdS8ST0f05+&W{L#PfXl$lY=0%xI}BwXM)|T&731kDvC9DM ztUFO;j2Z)}nxR;Zey&;6lGadD9na%uzx2b_k`afvC6T@`Zsx(He^ejaF3IljGpaTG za=1+D44HyIJ4cwyu45$h(K#n8QPGR`VdW@2&%vkn53a6NX@8#$VeMa_t`6h-*#=@6_Q_p(H|X4y5b88>Db~8YtUPefko(6z4+jnP38XET8Z4gr9Ck^wCOVs&k{+MiTl~SWgd-Sj z$BRu#KHcfp)LaL(P@&#*+?SKQymw9V`QtWm6kqIvigWB0x{mhi{yg=YFejsH9w`>Y ztKiHHCS~%cEKdN%WN@do!=c4^j_vv+@J+27IZ-fD9M05HYp`#krV^Sgj4uhV6@ z&)szurddLFC`z^cD#c8@fAVK?@)BYF#882(bNJ>F4Fr2$F~SwCcdb3R`y-?tp;VJ~ zwaoM!TxU!#z7cqejD~Op9mp3LRODsrN@U$$k47EM>8XHEI1%q<9`yu=I!V`zE+T9=7`_Z z#>xlJAs^tgdX7me6N~%Km9j&62qPak2EDfeY$_Z9UjcN;kM5|?!`zy`tSn8Kru4v9-b~> za_2ljujSK*=v4s+@%%2qu#=P-WcNH;k8=))=|=OVi4iI~_xFq9 z;N3;K9bTPUI!V{Mp#J{Z4<|@a0W72}GI3*HZsU!zo;ZTC0GMp65na{1vDJNa%$s9iPe2ods zfA?7G)-FQVYIw5%SoY}iW8mbA$MIu8%kaRy9@&^eb+m}&$iDfYqV*tn@Od9L@!FDT z-;xxPBM)-JU%g*?c~Ad19ZGIhKLH@Dm2Hp4zbGaHwEs|zt5 zTr!R;3?`A*2UI@C`iWZ8bUp9~Es}rUd@hq<_Um^_Tn%8SG8ctRlg6oJAZ4}5Z~V1V-AZon`!`Bd&Iu>jn;eJBT|l(Udipupz#R71^I+#FI14`$mBLyQP6i2{BTn_WT=-KbzgzfX zogU0Pv8?rlEp*PB=`t6VM$oV9(uK{bnmmh}OczwtK~*Y{lO2mZmJ zL;SjYxfrX=P(0@Q>M_s(Kqoy(tQZnT19w5uFf~KMRdW%WG0Rhw5_BRO$goxbXn-v>KF z7RGeoPkp#IXLtS^ZwtD-X&Zih;zG7AdZ(@WmFPWY(r<8v3~@pcPpv8EDX+}>Hl;z5 z4_UXg@($+e%NQCF(w8A*Gk5EgcBHS~$X7DU>`ZjE$99kLHHRV%y*RhJf&72hqXR;2 zF(Cb3<|N(NLl84N|HuJIzuW~{>a5-AH>tU=gEGM4PLAB1#KUpt&=pL4(7 zJv9WaDTyPsXs2?7px=`b2bj>$s7^2Z?dS$8FmNt3fkwNKCq zg&rdW!1}h<77MEHSd!J8dS1CIft(gyQF2pvyk9U)y&hWX;Plv@#nVgL*YniD|L|vf z?x&)Yh%!j`m6&*E=i@bRWNi8BlPo%*@%{H-A=Hi=uo`STBBY=IQy=S&svk8XcyQ~! zFmfgEhs5c8S@6d_`@6|-s=Up{JWJ!`f-i%D?}5%TjX(aqp@=HZz~3BKX)chN60VB6}B~a6R7GR@aKdk6xnZzRzQQIRrDS z8CU!Pg|Pk+hHsOq7%G(SG1M8%C}|ln#Tj4slkI(i*su=$DS@p$NGy1`OwkI_srI}t zNG*y(6S_eMy=Kb5H`^1<%)&Vd%nvIZX~DSSdW0%e1cmaBLfcLH8V$9w`Tmv8CW)&F zdcCh_L31-@7wc7SLf-OMy^SwX*2{PxO+CxvF7M3H6QCUY5n=)Tmk;<02WIG?sb8%mJcYt+qXu|7=Zu|j8;&JUk% z4C%M{i(z}NVYW-%81i#Qzsp2OiHn)e>((Xd95L%Wt|W)3A>ZJb#9ygLdMF z6HKDAT9t0+^LeIDFP7$$Yz(iT-!6|OY7m4;T>Ef!m#umeH#>LCU6T6!Y6C@jDmbJm zUY*9JM1COY4}hzIpzkYQ6|21a*v$J$rRI-Hu}?rOk2WiO?Sy*mnpk2o? zq}8G%F2z0=I<0sb@H*4v2GVa#y4lOnAyQPyMxfg6Jf8^n1+Soe-t-Ime8%7UQ9UkU z-=$&7->+QoI}tvNgQ6#i7Qd`M)Z1^=UIOtamDGI(CnXcy5p{g;(abk+o}|Kr%V}SV z4xFkJT6>z_yzbt+B|gfWaA~qTylkq3bDRo{(u8=+d$h=~XD)6PMVRyvhG_6uE?zLv zfabe$?$C@}vXIm_B%$sato;NW6EHSYG>VbXq!ks(>I+3t)mZT{HfSGCz{LM}o4+6Q zEwfMK69D(iXG3d3Yh#0#b@jvpVfZ>z=G`r@B;ty64HN8U<$*ln|0 z@V@nmL>hdxIpXjg;h2RG@VdWbgJ;BNj&L!9Jz8dt%DZh2y~3~cu7V&QJ*Jh5+x{iD z^R+DY$^qX4*8nt0>DWf=sQe74(HSF zJ6%_haM+?R;7A1HX}_<|YX5O`>TW-6jY7(*ig7~VAFEJ*SNLY)bIaGE`Rjr`We{A# zeUL?uFXe9>PYzf4cTKjZNw2rO+2{E8c%&mi(uZQ7Pk22ryWGc9gzL)-rkD!jVJ{z zug;smZ~KfejTBif&C9ocbY71G_moKG3)%?}DTk{c_jTR zieq6o`#)Z|z-H(M^pkTnKRBn01VSWgkiozRi? zjsB6+-VGs062Y$cT(!o$0 zC-YGg&J7K?Sp%?VO+*B;UvTsMxkeyc(EB2pTJ4(>?Z2W}HsS$xp9$pcE>l`hqVYT3 z@u)a6>WcMA4dfEiio)R+s_3W@B!4^o`h6;S+~vE{Gi_%fOUTHtRyjE2G@=fKFtnLo zyN7ut=Hv1el|N#u3B5qEFrf(`Lq3~)^Ryq-R1o))-V(<^X}uQ9&GOFE1(IYq16O|& z4Pv_t%@r0+2dytm=!Yi30Kx^|2#3rh&ElE;)q!pD?7lnPGowDwx zBjJQ0j{e)}p)8AE`;44I`w>s(zTdT9w;-A~hf(@NJF(^f1}j6ZRvkj9bwCBTnjeGtc2lE=#11nzIAtoxi^*7XPfv@YtO zA=OIyxk8Unhli0UH!H{$*6Y?`&jb)pyp7#mzLB3W#Yiqc8pIH;yLSM}w0+KeYC{zte?BIfP(XL#le%)X~}P>hCKKoZ{6u@3-*X<;rka$e;GI z*!}k09C*k_BKyE3RQb^L(djMOq0C~im`Qd#p$!LtdyH7IPp~+A!Hj3-hH08O9lc%q zMZ&ce^>J^rPAB6+QO&SSW;?xgN3HhUZUh2X&A+9QR#6tx(N%I9m?CDIz^a&PmJ#j{ zX|cSi;tj$e&GGekmg-g<-BJJZdxPDu_%YP)9%|6{o@jaa0z@vs$Haljn_Ig6fZ4-a zWMUxX1*t2SPX=-znurH@)U_E8E*f#|A;1D?vT$eWbZ=ZjJ)3rYpPb({cPWZ9mCe@o zYQA2~BER$%mde69zI6ZbI)T}Gz5Hek)af00ijAz8>Tr8tEQy2rxE1=LxN#M9Td4Q_ zG=AP@aWItpW8PsPj89G6ZaDJk)9AC{7l9sUJi2`$jJOYOhJ^>UU}}=^|v3pb_pzj4bDy;Cvb1rQ9D=Zauf=}gG&4nh$VTVS*g{sZj)Oh`+hf0 zCt>GDO(!80$O~*%;+nnJkaxDnmnIK;E-@30I`qj5K+=AL(A@bf2_9dr&i%cfBtbSB zsWO87Ls_BU*(r6NAq8cP=JeRtKl{BGUe)n;cSfz~dg5!KB%0e0BULo&Jqq&?#H z@x0%d@2ejnx%9a-v?G;vL!emt4qNDqYC=k`kA369VYAmE2La^U zLQfn00~U80oes3D#POM_qs1pgFYn?CQkyU#H;QREv6riOSom zbW(vTBaYkRrumzcBU|z=9!Mbv_=F~)aXXATUFYJWC8)^94@2DqgibbJLSxP1_7|U` z!~4OP$nSYT!#?DLO=cR4|MU1IBKxxMo0cD}Z#UhSWobN9DrwFpGs5hSj9{xmR!YV9 zfN4$2`L8AM0f8QH=$Yk`lL_x#A1H|P9`NwDNy^{YbKz&8vyG|f?ZUqcXS2&XKRjur z&7R8$9#;A*npgQ}j*8N)1-d>I04zot?`zw$Ed>J{%pH;ck{fN9zdV4S`75EQkR{E5 zB~Fl*E6(-h3|>g1#S7o0p!ROZ6&3LSt6Bx7d17@(dI(l^xsQYQ1?IVb90$yf{zJd^ zC?;WjWzQ$>%KdmwL$Yb_#1phaJoRgGoTrRdxC|%;EX{lMb@$h;LM-^1*NGcO%sRCz zrg)8qgK3mo7FrbbKGq92B4Xc1X|$-SbCGrpx%+XTZiF4&d@;$f10aO0qmaIEDoQ%S zi90QuLj=qZJyh$B&01C5K0o2ki2K5Xf1>aeiaWwZjkESE9X)d`3cyaO8HJ`Z>6za=a_yEbWgYXu%{9zjMm z6geSK4x_b<#xW)jFXzOzktRQ~x-&cnDGotOJg4yF_tV`Y*q4RM_XBy|peZ5?rC3!#YYPX$m&C(P`pBWYh}-)6u!_l`%;u+ z++bwapH}c$CR_2jd756qVH~IqJ`nupR$YhX4U*M=#RKEbLA9^OyeVLj`CD*)K`&YH z8KwaQ`CyE*en@(`>4&gCBoGR~2B7Ync=L-+8xN)5!!Q5^k3xncyitdtc^q&)TiOy) zHA-lm`4i;#W3=xu<(180Q@i~wSbI&YENeU{b6fkj_Cvbfgd;>nE|3<+39i6(&gs6* z(7cd9f?zglW}Ln(`Am46v>qYM{FEWA2C}wY7h}^tR;;%QI~p_2%G1 zyx^O#gy1ePfQaosCZBR|UyEE)fcjT*D@FEa1)JF2WH&j!v8nzf!b|o+P4r*ZJGp!t zpu)=YfSHzW4UJIcr@!JQT%2Cw^;Ze!$R8QL_Hayg)kIuoz(fQehH=6V%Ae#rsag%H zkVE&0Im){4*aY}Wf5lBu<)i|xQL@H2@N?t(-pG(ao2Ho7+atP&gSQ7Bn!HyePRbE| zfoUxlIzP_e-+{Os6P{a%zKVo>Q`xXs?h~4>=jQgj!v*1m-TrD%2C=`M1UsS;pa8)f zR)%g3+;mY6dAZx1eSiw>R5v%!$)fVNvB~$a_<|j3*q?_%FP|{4fmcZfpX=V;o>wZY zx2v~F++EkQO$3jINskXz@lOE3`*#x6;Sjjmgv?b#vnU zn6?bMf0|Zhf17T~n51&Dt1q=ukDJATELK8Y52_kNKDTvyM=qwebY3-)`_=>PVGi7U z&)~#y6~7!EEgID2&a15Lt3+}wJe4id$JM*&4h`)gVf<3g61tF*^i~tGp9oamnm?e; zT3a$Lu&u>FTPZLvX;GZiFsb7`g<4d&GjzmwcaG7#IHs#ak9F&0i|K}gH8<}1gf`5V zZT&l|Qcwr()jJt`2nIw6yn)C020+N%FUu`NJ^5TTw_i(Ct`4tQ>3Q0Esi)NfpudUk z@e=hW&5D~Oq0l641Z^=8a?GXUunV1`ItKlpA(7Q?NFJcC3kwPWhgqg-otRL8glgdT zNMeqGR^KFbAriG5-rev4pp3Yi#NY&2gKEBh@y}pU9SAumf=IO*eWw@{=yUSL?tDk_ zdGT)RNKFJ^yX0c1y?wT1C4xzm#8-)?7JcO7W~^{IjxYWBb8NGkjx$-LJjtFruqs^6<@E`^guC~q#pvReDLgqW zH#akj1*?E_hmWj@42t(wvrpSX-qRJjUi?fX%RQCG&mfqeUMFMG6%LJjbYJ>KzuQx+ za-UmsI~xZtys3smOno7w)isg&jtLSeR}9?c@2yCOgExx>wpLY{Uw5-CZ_47XGc_{i z*8(I<-xIXbQbfyA9`Ic{tiMq@Jd&87SF}bTbB*T_oyO$83^@>V-@h9Q8MpQvSKVy` zdTwjjL3<&bz>a<(qHd3w^t|SsU+}Pm7WdfFywZlMJpf8|i}QnP)Z{8N@pwM}rBe?W zilA)QmoF|{)+fBJ5m|ud6Mp+LsveaBE}wU#%N|9b!(mF2R1KhUexDCOVK01L5f}6K zA>C_hO|R{^Ez>V-_Z9Nt$R}+9z$cel=@c&t_q|1CLv`WA%Xzs<=n02>@_S6~Ac3x1T^`bXUPv)JBoE_et!{fK|kh{L1RB7Ch$;)BDx4 z2sC4s)AOP_CKA|?qwF=wwG`r?))ullOpNYtu6eSPh+Yx}0PyV{-1LH=LKsv&YV*|+ zX@YtZz?7szu3^lBl;GToS>h#XFM~e!BFW7*&ZjPm{nC^V&FMTtmXU{82?5Ufi>Sh5 zQ9j)Cs$&PRn<{gU`^^lX#tfLGT}%1xcSX7Ivj?di^Lu~1bYMSMa`xKa7(mE-g%8Qa zW}YsN5YKo0V}!mMubvbhs83PC?dq@MneR2H3UvxPtJnRnY5 z=@KV7_|HoUOU`32<8F%Z89k`3`FXs*`-K_akauqGHy``1dS^7frM}M-L<@%IJj;?# zlF-Ai72fHA3(c0RYrY*|UhqbNY-nU>An9X53BHGU`Sa9N$Mh5T72%r$;NYoG_&=|A zVCUgZyf0(y#FVZTYp(+HQ|#}_>Gz1MZxg?c^V9OP9wLq-{up5EY>V%pyr}aGwCnS8 z|1(yGuu=PaP0kzD>yTx&>&zT{fto?YJ&TmjAJ?FL-=+kmg@aF&(+nc@Z7Xg5aICYV zWQ4uauP^l|aFu%Ya;okizclw`sg?;j&)Hr-Xk|(R81j-F9we6EMUhiCJ zWxNaFgDut@2!f!1B*=DaZ!KS7_Ql#0Dx0VZzsQV;5?=n!1tFQ;-F#Y7=cRVC&Uf4~ zQGIku7(aq#Qg&SyvE4tU>hD#8dlxyRF5X8?2%O)onI>n6<}iM*t-W?>g`iCfN#BN1 z&2OCqL4|%nBvb5;wt-KfV;A@H_Is2seVbq6@6SPuOa)YXKLeD^wDM8D7yop0f9Jd_ zI5qQ??7O_~;9y;}wj2S~yQ7qR&Iseg((t%@-p~6W!v~}m+aj@^(Qq6m-{P^aZtx|c z@eJo)DosB5W`^AjNG!|~aiUqx^pS3l5a*BT*zo&KT0S?AkJzP`2 zwlC=8=8|BZKEkh>@5zAJ;I-nt*Wh|69JD99ecGj%PHO%<7jPcJZ+|$Rmom;M=zX00 z;vKQsrX+BM@Gl_uWB0{?Ju1FrBV_;F%ZUiQ(we}%(`c#$$23yTY+ zx4od<`AX!pPF{IhoUccyFj?)xs6Oouom2Y@h%#hGKcU(w4to;%iz0=((?5FlA7P+E zQXR6{?t4ACS?N-VuS%CdEcN3j){UUh0AzgOCeX*Tb=a4xo>t4X^- zml7Abk&&gk+#+m+U8{fUKh)(1*mZaMD}=w-@Mj3X+qVfA5dH=l>Vs{TA-P<59J`s);bdcaht!UnRj^s zj(RYTGadFMdPMEkYmnEbDdzlu5j&JMK&1r20KY z$qIa|yzCb#1xW-E*$J+>Rn58X$d z4}JX-G^K(JO#l8FNVxwDcsa0-enEKjA3}i&+0`}=ZIE;wYngBw7>0{A4n+P)5Yoyp zV-S{yCoj&2lYL%!-g;|edv5jRmz7yj?sL2eDyHzb)@KN#wR(B>!ZViDKAj*wef4DR zB=mw(9k%CJ{2tPrF798sI;zZ_+&Dnbc#2P8J!ixOS#dN#Cd1D$<(Y1dH4sQ07xiDm|$@D2z|+te~DoC$C+0Yek# z6fn26tjeW~CK>LwQez8D`9+ai_(j#_6i{!**xrO^2ZT#s?j7-})r7l3g=xQanf-=% zCG|vEax$Nsd)T7;@-gFbbAOXL8Ar2!KmpS{wvkXK5pz~0bjTG?W0LMlEZMIEMP@YT z%FiI{19iGc1M8qK7uoqhDCT(t;sYGhT2wh?GV-dh&(*N)AGd9EEGt!F zKWAI_Sz!za4^qk5dH818m>n>6`xtTZlCE$s#SSex2U30u!}|!uvfJ~iTcml9jK+f} zSHlcW7j@=bf5vaAvl*-%1%`I;Rew!94BtBy`e9s2`5YJkqq7lbjI!yc>G++(R!I?? zY|a}3+mEZhMme1r68oZw$O@>h90C0yaMX$m`i zpcK)&KrpF}`%*Yfa`C(zo>2T|;){8d>CgFbp<#H5&sDq?nCKjChsw(O>fv$n;leFY zfyqP|h{kOdQbzSIm(_`5Fe0sR;?AFQeNNy-`}m23|6KMZLhgSsrSz-NhDZ(hu9)z} zi}7&PehG(a&VB(%IE*`bmTaLVv?=i7w@`eABU8$-zML!}Gn|dEQ*9!8pAIS4f3T?X9z-I6q5(Q0K%C}pIFX3P6x&3D-maY8uak_< zSsM~Y2S2N)M-%U~F3%I)xb`3mFSxp#LS{}9$@dTUc(0f1&1H(T9;$DXdS0I>^n@d8 ze&3Ax#+>FldXhow>upE{E#`%WAb@7C4SZ>@2NEBkd? z7Rq|jxxajSBHPPjlmqG;GMy{4-zKQEBCEidqH^#O0}$bMd-yIfzk&O1axM$w#exd-p}HiYrn^q5+K)fx{1HPx@HGD z&lf7`Jy$C6&Y+WQ7h(K?(wrm^u=DfeXjMJG>pM zBlH}?LxE;agEoPk$`WN;Sy51jb$~9vs*tYwD8+qcl~I)|?BfBycKN-2ebS0CgLt0g z_|=9_Cv@m=N#8GZq5(yz$?7v5{z@oh8Z4>p`tOjfwhZ%>E1@(KnJYV8x zzCK$L`(%n{kNjmnnf5plo~g$;Y*g!hkM|Cy`V}r^&LrR9?!3;YT9$uuQvysA$ftc? zhekzl0XU9w#wFa>iq}CZ>F-u?W%{}s%wF%1SoiM1H-1XA;pT>xa~giiJfg+a#2Pap z1U@S5>T?uAtDZ{iOaAD`Aoexd)>J(`W{;5n>%Q&laLxuP7TTptYa|5#vJ#9(8~o9LB?2I$c& z1fUHG2c85fE^}JNNAHH2O7>nVo{rm#c$hR0ji`sIApCx=ldWkb1Fm!kc0pWa@0ZsS zX07rTGj7r!sEaEmA~2hau@DPwNDMch>c;%^`7%!fAvlQS!SZZjH$W0 zK0hcRK6^d_GW8c&5OX>@LB1vZg%1{i^C8v`d(cWX@N`R^ifOdq}{SlrO=d;)R|F$s|_`%2DAhxrt5=k zy@E4f{%!OG`mMVGO9DTKyYV^L6Dgk3%XKM3in1UV6Yo`pT_c2 zoxAr&U#~s+I->8p&>ve*sos6Xva?0A2TkEHe|y~l)sk8nV1iWrbU*yakNFmQOP`SH zlwj%OuY1|se1Wa<&D(BNJ$d$*_ci-y#A#~55##o_A-HLN?{#_Ni;?L%% zULZJyNV+~y)gIc70~ZV@JL;Or!001r8;WSod+gwIfj6qwxe4ZS+n0!Mos6ZPG{{(O zJ3ORtT!bZ_Q`gBOtH^$oD%#jTCPz4|S9YNL#1&|SA~=`PrwufOssJZk;KyNQ=*S%M zy1ridw|hyLvnf4~i+fh{Q-oSg+2eFgb33Re$|BrD2%T@Cyy7p|wrO?O6R5RXk(Mz6 z+O`C=0Q|8n-?@PD*m5Dv8>7&0&-?AU+R7MKs?77!oS-u*i^5=$cwF4&FTn`+BOD|0 z>9TJ#=cNSRuRQaxu^9j=z(XxeJWq<&f)=D}!}(hsK+gsG%h;9T+P@ZRa_q&&ymM<`nvh+-O~getj*8?q%W z!BCUb>w51}PIT+`xHhF=%mki=S>*8p@v5iPplPz!`h_uyxccmy`Lo}@Rm!194vPdp zLKG`FMKX+lMdx^nzt>S~!oyJ*6;waG%lk?kfQd!C0?a5PV{b#Ye%)MfVeKE~I6D2h z34h$Kzwyx5I>*M1l68D-+$~( zdCZxPuWxRb>rsCb^WF%;ygrO2!KD``&3&e)sYT74?9k+Q2$P&17s5y!2>s#!>-q?z zapA0ejeK73jDmz=lq8RKiW0lZ2P=Sr)?~rlP?GB5ADU(Grmjx7`ImE8!;8fk z3%nH#&pZ<>zlZ#f*M<++dh*%0!UN6pIj2-!R-b#*p4fS9+`&}N?{w^gJ(R;M>)z^ez%c~3mvmyG?arv+-kE~r(%5FG7^ zz8Vax5Mck$Y-T1{jMPtK?!Y-wMr~%eO=1?XFrIbMiDs(DhOw*Ol{s(qD?c*q=r&QZ zdp`aMDANe_9f+6xn{)XLi1a5JGjlCO8~NKxID4f>SmJ>DhGEEew3m$~qW-C97}q^A4R&&Y-#9j)to zlh=p2P^iW{c?hhN{B|)9J;nCzi-)GOIKxQrrk_FQBKX`!CXSDkzO^#aiYx*!gwMyw zzb$dNXM5Wx`*W$+)NH>sW*k2fSILJAYQ+BbvSG3FIekAn(g%jx*({Ii{Z%HV5RG5Z zZl&Hk{UrE!Gik~einuI8t8Z?3G1k~iZp+2p4v*pdFd>7$bU?}(Ctk>*)}my7`g|yU z3w-{{9trLOUauowvuFYssYp;-rd=)_B`{t845yF#xA4?@Z}RSS%G+Jl+x{ft%3zFJLN^9Fk;B=bC)8XV<46nVpKpRXDb|HymqsHo1jT{xCR zj8Or5M-;KdIK7B%dhdN~ncjOJ1jPy(JH`f@AjT4F>|(`&73^X|tXM$oh*-|O{pCIH zTIW0GkMFN1K5%*Eje10=qRCNc{pVUdg!;W{y7h0#V9QP?3DnV^a*&?FXFL*p?C;Gp1TB({wt zU;;xLm|&%l5yz?{h8RzccQe7Zfp~n7>9=7VrZ5E)wTOA3b&JJBL}FRc%Q3KMVVjI5 z&_kh35wUBPQaR8W!dTE;E^@!5W)X%6T_K*32HC$6RS8gXqe$rtp;-d0G+YuE2MBsd z!86GwkslyZIup<;(3B_u|8U_vB0M^Zba(?hB4m^X}8KaOct^TJpt4Z~-kHy6mG8PMV^NJH<;K!MKN`6OP``#P&MdWuqkOxNPB+F8HV`QgC>tUi zUqH(DgJ3w7L*ZfJVE8fH=wW+QC-MNX6LLP0${ayPPl`E_fx;g^ezJ*J6Waz&-SA3? z5{eM0G!+4_52`g1u7!zJ8>1vO1%pF^IkQCUQ3qX!bq56`Jw_7efUYzn48Ax;%LQ3j zn>px_ar|UD8(A*`BOb|w%McztrU-Edz)S&%*o+0)Cmn{Op+pf;J8192o7~XdMIwda zQ+DW1gBOA0E9k=b!{R8JXJ=ty;fcd;Cm+hc@TMoCB}*}?kU6AvF_~sSX_yf+?S?;E zhs{brYzm7Irim>k50MtcimehqIb@aD`5Y$?mLrn!7cnt19oi8Rc*qv9;~N2*JII&# zp_kj|F`Lx0=#1?Erq8-DbBR+tu+hGhs-JJYW=BK`GL zg2#>X>y$(cz=3ISU#Y~f!fqu|I2s~Z?+9akBsxy5QNv_rdX09nQb91XQ8eVC*$qK7 ziUThIWU^Y8#La2}#E2okU! z97Ft#>JgSB$wFr{N%RPd!P6PNK~w;R#p=Z&1qYJhP*DjgqZ)wlnZrN?LKOl{tb)N2 znSe;2qN~H204**jise=r%I}f|`CicF zwtx>o<$Aq3wZ#n$K0#pHM_Jra1CuLZa-vcYb+LhRD=_|{r4Cro7`@CRbm>qcmJei) zBT_6s#8LXx@C^(Hi6IO6ptz$ZQDTT=<=~(L#;}Se!ApRIK>-LRzD7th#r#n}hN}Yc zADCTCE0M|tGF7)W?6do^K6u5WR>TB2lr>-ou$6cM!AuwEfz?At4@cr=7MMtwPfUPU z_;@&%MjHvU*uE$*lLGL@EYw;>cBR7Zx9F){yb2UXJbbkxq+$f9K9DxDk~KEIgT+9B zaY8dJ5+8^G8Mw%bcc9JgI7AiH7)s}N#8vD7Htsg?@OlmK9_x+LfCL>DLcS4)*J>RE z3=qens2IDN9HwMj2988W|!Z@6^k)&6=Yz&c93K-8de5mSBP81 z)as~sxsB=KQn}oCm}g{i0B~YwsNg-Ipkwj0b|-YUs-X8M>f-uXL^ogLMU0@tEwdqJ zMG@tIAd`d!;@N->vUghFwjvfN`bz z1n~%%a-p9G?5Psq33i3!at05o{C>0q-q%2F4M0h9znshyI*Ax4Z@^c_*eb6CBLxO} z8&5~T25D{@9p?>5*&3j(gZB+u9Y{YheQ24>Wu?Ue1Qb`NglxAUrVp@VYAKtDmIZ(< zh@sYbflO0^%zLSnPP5AZQf{E?1qLjN0pKkeC+gNJf&x>-z}B!tQ6xO1x)>a)%Ye1g zolrmnLVATe=%+AsQ3sh}r?~Yx9|Z-x79LQdwW6`Ch#nZEsS*%wB0&b3+KwmT7i^*rHA& z_fm*Hk(us|d6`f!^Gmr@kyMBrpzyd}6!UhN})Lf+!jzE-?onNMaM6pf~I? zQ8WS)!x+W$6h?fU$!D-pPO4CakI2~~wp1jdqrEXXnF`cVc;Hp%(qwM4ixRYI>{v6@ zj07y7h;2io<+vzVWv0_5pFOP9DU1?t1Qmr8O;mx!V7ML(ijK##=wWEqMnO0iibI*F6c1)hhfNP}!uI=3@Qu|PKs z)oqE3wJxA9gjeBsr-shus+|UE*l%D1v$dCj3(KI5h($!6qA{pPtQdz6R1ac_(Q8Du zMG4s!l9*i@8J*#Z`y_Ipf?^PD8aF@UrEmantdj{G6gUn*5DF381gh7j;5(xjf>s8t zh3Y6(=ZWBH7$sCttPnK0VXLNsa!(L=e&rUX!iN^neL)P6J^KR`p1hGnvIYKm|6;NITyqbg?R5?(=u$bnDt~;_6^oTU3Z(h2RM>VRoN_32c z5A)%}V!X_c{0m>l2UJ|e42n5|kh?9yZ;4IXTz@hR-0st5%T3I{=Fu;4% zFzJ}o7>;hk5EW_^ObKdGi?$<<0ZjyncrBX&3~dDH>Bn2tHg{AF8VDfd1@o8+0xn#+ zC}P0Lqijx$kBaE{6mZ?Byof+SWQIsY3zgJ8)UW`{(-|UBSa(!t*QXFEbOST$L$;Ba6*N9rY6h$=sx{`s#&qAR`EE04 zjR75ML>4CE$l!PSfpJM~MaN<$4{)l>)7vmxp*UgUE`6y7jjVbxMK*()n ziA)RP>T zVLgEaBF!;@furRFbaFLG=^{}bdQp_952H;Owoqxnaiq{ss}?b$5s)MIxa4SK6rwz! znGaLxHpD;%y>y0K7pMk7jv`a{ey4_4g*v6zetspf*gNhhN zAEH^97#y;LTf|s2PD~@Sbb=scg?&KPFQqvkQ;c;=*^rj-LfQ#sP$I=NDn!jBu>wj* zP`hC9z{Mf+BrYN#{7GVOScu|M91Mz2ZPW${Dz4Bam3nzLx<%?W@y#T-!Z9F6 zA&CNRk{BY zgR6uyQA92|MFCP*UWv zNO6l)|4AiA`8>1I3={-5@QPJhhuGu<;$4#29yhB%vw$tY&_KZkANHyd=ZzG`fmF0N z44t7sGG#W2k*`ttF`(c|cQMooH^mdhx~M*AY9wL^Y7nWxk%0RNzEo}!20=antPay= z=c+*0UaD0Hv~i)|E>gr*Rt+c)Tg-m7-NXWbJdYcs$|y0Nlt$&tIP#Fu=!0+K>CiR> zpt%5_X%u1NL5{=7v)G}FpN2S9Wd`Lip!;hqC%znBj91r@mHiuIi0@(l_pe8sdq8X&NtuhYi z5YSlEfKq@MT&s;H!ST@!K*W%u9G{)z@PgbgNf$8U{2CTsD;G1!c2gLr%n;d1yMu10 zVnMRWAL6-;DBz01c>(L=7lR}foGj>pdH|XbQxlmA8OWT5oDn`A*~D3PI?-*QgveT_ z9?QXtHA;pLr7?yhG9t=JLTd$Ron6FW1eqXk?gQ}&g9hjH;-rvF$4Q`0A@QthQMskkM8J zl_mjC!t^ z0okS10XA5!mxfegpBin)2Y5j7jA4hZY7(9kvkJ6ohb#&*&{jVHIiRj4py`zc1EgkL zAth59gNX^UK4fSN3p zT?Rr9nQkFa-E`oRjwt!+xC*$+X&e?<|EQ6{hW$`Y2VG9Yzaw&^K0k~`iqT_CJkV{7 zqx}vg^yy3W0b|Te!huo%Fv3QIJPOSvj?>)?9fQv%%G7AH6fX#(Og5kn;o0H_chnP& z3yctQgrpFnhbShahHfV#lNc0axlV_KjDhAS=t%VOLO!j-$(8wW7%kC*QRrO6kV9?3 z37iH(+@Mo|{%{PwIIa@FY*%UkU;*#9J^6n2YHPHYQ39Pk1Wowj^ zSJjvFE|(O4^% z=TSL?3J5Lq20fc^lZTm7v^8KxlhG&#$bExcIfY8p057hCq>e*FT|}qgiZ~RKQA~qI zEF2SYV&KHl2$oAA@@OHu+sFZ-X{$zw383*NyVME?fYGOFBv=bpj&jE2SQ^#kc6$xb zw~r=>1v)E=PqBn!2D#4&@KcFJt@JCc!C=6_4eC`gI!H|bx?gDmQ9=)o7*R(eDiVcZ zV5od{o=7I*Ye;w@TB_6-HHt{w&tr($DzMaOuP^4}1oc5a83Z$teb6tXQp5lnG;!>D ziyUgAIFJBDF5kwGn8*7R`9MI>2)9vp=c zAp5t~Dj^^lT((N8;ge!k5)OkigLV?y0}c7;7#+gD!vzWjjhb_Q&^8Y4Q z@BnR7;C~-0$hCN)jlv;FhBDAY1M#7HIRbA-Vg)>s`Gi;jGM{L%%Z%m79UOxiEnxEu zWKcj9azidm9AHQkKi6u*Gt_vB-i;s16TJ;ny~0|u)jhy(CGB&fa4sM*YmqLemAgaZOg zQLMwQLShko*Es!3VC7L8EG9z$Z>G@<3T=c()8RB?yw?)ZkhBgv%MnA;9_Fap64Tr9 z>TmtFfiP(6P#~l1v(a4+6^?5+vh*IC-DEWIwR!;}pu;q%072$d0-?7{MhJrpJWC7R z4@?SFAx%c1fU1ePBQC9hf|Ny~TDeF>(RyS+M#2GoaIIKp#G=Uxb4aFC5Jf&Ugcr6b z5GYwiRJjc56-*@N6oUzeZfFu{pPQo)lnE3niO$5gGSxgK2x1`x7bXpA(ik*XCIJ~3 zISH)>rZp9n9OC=c7Be=krBV$@r~M4V9!Fko*`YSrklbWJn@TU$^JfHb`xW#_0} z;E_?K7`UfmkbTwYRnYLnaDSV25sq8S(fXB98i=d&{bWN7j|G$?kS3#4QoC3kGZ8^X z&8;wV1rj{lqe!amZGX<>@5>aBqpsZf- z$v6@rKTKhJLJ9{mEI0)bdhd~kNGD2AC?+Kc!s~1e*W$9r{BEXC4{|VVBcJ<(dOHuUvx?s^fZrnXZb892}|0uJKEG zR)bF(lZm}7oKI@UXo4~Z^g&t3fdAoR-Bdo`FX!oDlIn>8x{87UAyT?N7;^<^DgniY z#G8r;N2j64l{P9K>Y(y(&_qec87_i z6d~>cf#K$Z@K@C2Vnk^U08xwC7!ni7MMJweBmguPxmm-)d;>~w2r(BODwZk|sH$QZ zz_G)$@IB}-F9g_Vk0VTF>kzd?_^5}W4nkufbPKD|USRHXS*7sM10HJ(IOL?dFj^xM zp?xu{D}*=;v=Gr3b=lZ-@Mg?FYNGN&x0Qfk^HTLn6o4ueSYONzayuNS&4x^C8wPPS z5#9hQpKahpU1(51S963Iyn|qs^GE?N-^r80yH27s0Pa3?g)k^;r!0W%`hEaYqYW6A z5*@aqurUQSER+DhBU%PpKA^G9q{$3GZf6FYsslDJqgx*gXr&CGymExd9-Bq%7GYT^ ztvn3M3BfQ=$B8R(Y7oW)-A1^(WV%McjKs;_2$FllI)K(A430E`LL?%^JQNVD64*gB zTS4JKo0e4pbY(uFmW`D=BMKbPh8RMH7~D`9ktp>=;dFRSz{|$t0C^Rb()?a|*bQME zFo!AxL600wW}EP+xQhs-9=t+@ReL-fLDT@YN>7ua@CLYQ7fTK2R8i$>I*|g|9fbnS zgu@WJnb)d`Tl~&| zMyQc0G)lQL7=rVOJT$b+0h;tq0*B95VQ>N>@Km4~I;YEH#6tU$R>mgBZR$A5L)Mv8 zOr=Sul8Urk0RzCFOraT25izWWFJ?JFGo9=YYjKD;wpy-m2T&}a@-dqc(@wI3SO@`H zKr~U3kgZTNl-#&gDo`1P49J|plXuuHK>>pp7f1aLeB4cjD-(-20xHoN@iWZ;>ml&C zhM*nmQfa(myfYTneM8F##1yiaC)V)2RH(S~R2q)P3e+-Tyu-+L@sxDDTV&@M2uwGe z&kQ{yZb(35<8mvCV`U1!0_*KEwTz|@>s4d{Mh!(_Q`oC_fDAocGYheP|J#~1yzYvc zZB8ggGl(m{Px|h=lZ4qWbchg4p;E$6J)gOHRDYEXM=y}1e@+!yX&zYn9^eNnN zJwB`c&6ccHcbi7kmwZA0HGbv0zfzm0ru_ReBcW%8bNaH}DG9k_lnI|&NG=t#wr;}x z#iWmE`JbQrlwV6XX9_uefX#z<-1vOjmxuZ+2rf8VAKNRcFC#ESIhsp9_4@{$FK zNr}zA{p8F|VCP$_#-^y*>EN{`WuG~8vbEYRQ7|6-(i~s50w-S&; zm*Esk6LOFI1)q1$UNEZ5zvmm#KSi==7W4W7M#?O>3V*^x!5p}5+4=OVm}g59 z`XeX6)NPdH{rgr*^W?Ogmru<}i8=b@1p@~SK#l+9-@!MI8B^51&!$c2*<*qUA3CRH z%$t-k{Gd_<1NRH7XI(r0PgSd|_NHF@y7LD%8(p!L&Y{lTs>>TgZ{3lXKjO{?8hzHE zZulPK;xV%*qLqEt4X7Q}m-}{PM}p$&QcufIqYfvhH4?D62}!4h!iaCbRy|Km@zzekZWaOR{_y^y1}tInn-j{VP31ONYh)G*1}`a_=<-MPH>4YNU6 zW$JS4@V(J>n;e6!6Tbzub!B< z=+cfHd*^0JmCIlroim@vI5zXPK&4BGO@fswfJr6h-5a+=)2|5Y4h#+y5SSuO}%bj zI6126x4At&PW`;in^QNwA;ppT)TAsq`sa;qzpmPIzoBu-z|(K?itf!B^Ly)o(nY3f z%E~wN*6o@J533G+eck5y?VWi|uXZQ(+kCC>EYfz&+p3bf9jE(L&Y#m|?B@78*WsCM zH=D|YyBj-?-Rl?~ZyMSo`|Ed2FXmLZ*4eLaD!<24FJ63e-<6+!{Cj1^o!G4NlfGt+ zJ@_nA!{1qd`-Hu>_s9>lKV2Wk6q}z$-rTWVA4NFzB{pu()aM^3`WJ52ZZFL(I#=-F zkYIAd_*-k^AxEaBW~zMH=<6*_>zk%^c=`NFOONeX_x{|{0sDPfvb))5KZZx#%9^4c zGew-(;p+RUvfeLzn?Jw0<#`cly7spxYgG^Zx~o-XpU>&1H*~w(H*#>)wf(){3~LIP z_iP~F9oyy3rHanyS6V7=ho3X&X5JmYcJ!G~?xXc@hDa9OeM4Wmk~+m)%-;bjJ?!*yZPmd$J3M-<;){7rMT!=Ha>%bM71#?SCkJ z?j0{`sy%l4+KxM%@5{e0JsudiYE|QgIsS1si+xA4HjF>~`KqM6@1N&ZXO!*7eO=lV zsW>XS@qqX?T>9{(GQCpKex%g9a%t(pc1Jf4o9mrgR)KGp^z3~iGMlJY`?SIT-iG<_ zUYNGF%`R=1acFI5U()?9CT z5m`7tvn05?^{~Sa3ntUQvvobzs;a)IN7lri?j?g&;SHS~*EeksFAeR!A^WTHk5LB; zFLWb)898L)hD9BQJI(3Msr{#y4p0^i9oO*oH_iJ?En3vg$b9j!-m<#f*B}{j^yo9k z{PZ7gP2GCPzwc@8+Bl22t4cKb`STUamjAr)&b#MVrjLx~E!vjn9(VV+q+eY*@0YR|A$(h7xs{Z@Gd!o))A#w4GBS4`Y(C}cx_j7vC4u80L=Jz3cat03C z(b(C&ecGizGyzr3KQr3YKG*CR*FO#4eB8%1=PNq@XEPy>#@Uljb%JeT+`?hHk_|-< zrykm~S9|SC@TMkUknnAyebX+9f-TOSxoA~tC8EONhy71t&x2^V0Xu zR)1Qr_?nnmclzjynqZN!ZpE%^pFbGx)U@iIef)=BV~!-c6obb9Yom8fvx8Sqx!{|P zrvEiEjm{L_0G`nm9m+HA3ZKSjjK8ygZHLrNqppqqIC1y=n$^x{d-t@VpZ<9G>+bnw zhYedtzcc3i@yeUnt(#vpxvAobM3~=m+2iQl=RdTCDKctjZ`aqtg{i_a!LS2QMm4l# z?P=DcZvEu1MAvWYf86(|>cGJvG?_SPJ6zx10tsnn9aMEUDoX+yh-EpR*)^6!7zLix~ z|422LeeS-e=7wtZB>gSD95-B2dgk#% zv|-cN6J7Q{%a|~ETHUyV``=~Mk88j-(FVH@AG~wr9zT850e0)DQ+Bp48r%v$>eAZr zFWYr2>b)-f{Kbp3wrwP@AMRZKOWSFRi;aPr{rQ`iL&xqDY&EQk-5h^*fO_ku505OW z_NEK0%bQ-8XLQL;7C!Df{-?fIo31P#U$`pziq4Vz?@eYxJLyjLbEjWAcI?N`kr$Rr zztneqw_@!2l!J3-OutrGzGvu}-*=_EpBXZ*Y;m#nWZXD8s)0|Dhffs@yWLPWV^*KX zshir)Ctnjjy>@44)O+d&R|<8&!BID}CKiOwhh9{-S#l}uo1qvqK4X0t{JXZ`1s-=Y zopw>{V=?0;p<2wkB(kv*>P3 zbv*oP;n%EYsSUN`vf9@y5LdoDvv75=a*}Q4~yNwilE>e|MycbKEnRn`v9{461UXXtmV~RoG|kCy>1gI zQ{HyPRSva&`lq&4$?o%cLgUM(W}br&E{!?ZVfTu{_==`g)i++edw4l~>hOvixwHE0 zT<3oJeB<+Y{dap3Umv-u8m_zFN%-hN$jBt(owkXKmoZ(XjtI zkZUepG~sAY3`-NTkA&89Pz=^fHkw=GAUN+^(aD+l32c4axp;V`RglJ$J5!Z@Y+wY5P^|&*K`OZ+($bnsI7s zE_a4&&yLMQd)M`{c^HcXw?Z_4FPqpv^gSF(QY4OsQz!<`1TUb+6+S=N6(F{z+e z_ZB*l2=YmiH+T3-%7r<_~*xg?_Rlxh@x(%R+8`%YGYch+PjC->&=SlgvJWZIkZLV=OL z@bbKG9(pmIgDQ$=PkY5XbLZPd7puoTNX&^sK%6(LF!eGIE*i}cX52?Edh!2v7mabQ zGvC=CB6zAs3{h<I^6;JTEmO%;{hpfZ8wQ0>tlUc} z>fiO^w$*n_4>mT|tad%Uv{t!Uiyt!a(4@SKvnAFqAD<7qHR;WH-Z&P){pm|ny{oKO zWamGov*tDXF5LV!%csvA*9ija4=E{<`z;pz(m1)fj*QP;nEm;qroQT6o55Q(JN_E^ z<{b9gddZqisr8rF&ChD8+w=b6V$sdqq<*zWTD0Fevf=jS-kG)NlIp2#eyi~8y*G2} zsL!v;`s{vpZS2??KX!7SnBA#c)0wV&D)ntvW<<8sZ7=Kn{&t|^#)fsPo^82nUg@em zJM8ezgYR#it;%k4l{}c2QM-9hm49`w><{|5k3Utr-3F=e_d@Yoy;oKX~LY z@KrGIWg|0p7ly8B2(Ftur_TT7@F#!CoAQi1Sn=&r?8WT{*0HCi;X4!jJ zw!Y?Qt3J4s0`jZl9qM-9a_`XYvb($!eIHkycYHxwszM0$%49vxz13TwzD_GIP zbKv48i4a4hEUeR|} z&->5D{E@=-{;sy2ymvJ3{@p9}cUb)g4L*U`%*koosYz|0Hwx-b%pd*b$*Ls!X}G7) z9%IWt`O11(#+QV5t#t3-P+8b+Fn7YFSB!?AGH29$Tr3*3J*P#hn`@U&Sh0O{{o${N zb~$fc8cO)BJO0eO)t0YICuVPl2XXsLW5wkCmOZ`)CkgJ`q>R_6`nj%c(u6<1yMC+v z=ug!r3*!^Fw_3Hf$2VVEgUMZy)GWyhi}PH8;r0%TsOjDHiFNrhp|4%)?!Lr`F3}lwff7LcTX-J+w9%(Z9+^6Yo}LHQcFD(k$f# zPe0QCte}q`AX-&RZ;{%3-Hb!BC+UXTs)HqC)0p|=CcQdA(3Q4Sl|A2j*uAbWykg|n zPj9xIKiE)pt14F0E92vnHFrMK_3Du6m+ix!-$W{cct6^tjZi`G<|&g zRCopNth}%)>%Hds#Gb`NwjQ`dmX-C++*Hyzrvvj9ggh6O_Fnrsr=jM)X`ptk@aR@n z!J-x(d2^tc$(WG!PSH^N@}~|I%C_paZ^p;Z0L%LuDltM zNnN#mz?(*x`#Z1|BQEDPmmbWWS9|#DmtV4e(ouB_r&)fp%s-WWci0HW)&s9+^SZ5V zcWB~-%sPC-xHor>zPY?fgC!0~O{Z&~e1+9oo4RpQt8LcmwOW6ly1wV6^#RSE98+v-_#OE9X zz9jbM@r(A!)JOlE{UtC&*HD$Y^+Dd4qngLzz^={@_<`w81Vm2Wz<=;MqjQ^>+L&8K!8SP)ebIs0B`_9}0t ze+_qh&yI>wx5!^eDGAbo$(J@++b2=RUYUDr{=lO;%Fo`RGgfo@{yBQpz{VFP^#!Ou zggsLWx=mNi?T&Ze&1wiWZ^LR;lY3QFaU=HTJh9D-V>fPi4u8HqiP3X@uZ(NEaxTw! zS$!z${f)9M`=1T&a$46e^5XW5o4Xt}(+Phcu0Pl?Vc?rfuq?TTK}#NL^Itm48Z-O; zRF3=v(fR%^iA< zm^^9g%LA{-cYEX}cODeo{o&BMku7tV9y-y`xuV4W<;Zp*gS{SG79*vf~B)sX+CbCO!BPc&6b{vxa1bT3#v=Eb3=7v+t= zo>)10@21LoAGS{|>r;jS2e+jD(DO_4)EgS8jik$pjq>f|!#C0vVu$^-?uV*k=c`$h zVX1J>wqDnx)x&A+M|oH8NX~0PT}52jHfm_|V<;un%gjyLwqn2eeD^&?bq&Mmr!R{} zAC!FT{P)sadBG30^QTQ6^Qhrm`@=>3@mXzV<#y~sZ%tiBrr)BIaxX~shn_!v{mQrO zz}umt92bjbbm&4F+pz%kaVqH;`StYPegD=Q7E?tO`0sH zbH*L+QX0)}bL-(U!#rQbfb!^HQxlKg`zx!nH+NuSQvbO-*4Ixg>N;Y`h)8aq$D`(q z86m1l{VqvWboHEX)vP~hv-W@AqVq8JJ$+8XpTe)7W-lszI(9}we#&3grB6;x{l3lZ zH|*&*;-|GHXIB+{16zFc_K>IH1tcdIv+PM)sz4LDvt zyRhb`2!`|RY6^hYg9 zI_zVobGPih|KlE38eY1HlYb=VV0smYk$^84Iz6$x$Nlpi(q5M49qs%2$JHHL_dS2% z?2H=h;~_%nz0$7jNYzu0$Vy?V@BNe7iB8Ecc1P#k`qyeLT0yd1>c8}LzE=H5U;F8) z&6>&*Q|K#iOs3{fwdAiaUR^)Y)2CHMkBW?`qjp7S38O{RgJ}AQyKQ#P+FR2I7nSS( zXF-1VL4&yYDfu79j_EkP^bMQdIj6Mwu~~hx)!VwvI6Mrj(8=GrJ-Bp>^xd(h-e>>U zDLh8f^7W{!Iim-BYDW82JPOS7)FoT5T%PD1#Xj+>!1(2Zul+h)((ank(|`K=$)*d7 zg$s@+&y>-M^Q_JEzJMCKTlAmg3K9I>6t&3*9{iT3<1{V7G{XaE+8tdL?s^0Jv+|=9R zmJCk8zjHNzq+(Kir+Je~^Y(?o!6>O&F{4M(8B&#V1S@}m@<~k-QIWr3@QI=+5r3bG z7OsBhMoLQG&{p)Lo*H{<%#n4olZS0QmAxtc?pb5!G&-=Eg>lUlBptO~o#z?H5pAh?0+-gA;b#U|M(}P_{m$xd% zG_>o6IZn=fC|Hac(~I*n_>}EOzFjbuVhSzX*-qN^gF!U7v%Wp+``?{EmMu>?Kd%#~ zsDH7ou~U!it&q2#*EUmLX)J#{Ub-eR?byt=fp(qVOwAui_$#w$y5d*q+QhXa_LZZR zQby}RvWJ`d{p6hhYyEihOiS*OZTHXp__MzGfZ|p6evUQtot-%Fb5lcP>b%d`+_cws zI00U#w5kamr9UO5-k$d6iECrq;l$7XF8_|HX}&KL62NEL)nU4-+kT+?;mJn>@ z`z*8ADHlbLd%sy)&rB`4JxliD+igwR+gMdyl9SN7Vn{vtenw@7v|@5Rsgtx{qx%)T zb;W?YSAYKDLYMbRsi+@W+{zE-*`2fJ?`=pmjyqc!9o0DRemApZdVQMb?(dO47gzA_ z8tBtx436Z%k4@y)NC-MzFyS3I=j{BBlqrhLo+E~J%57Wv>F9&`)qfSVzvQTlp6mU? zu&tFDcsuyyBG?+wZa69d*0v#QC+Oz?5W7kGLT@G<{W(~3yEq@7P?jL%<2)_Ih`#nSThw9dnWcwzI5Wl$kZ7fwk>P%w%5g@gEyyh zE89<-HeE*lG9szHa^Aru+KSV!Na9xWI#7SRe`i+Uc&1#vWM=D?Pxp0cmD@Ob0Vm7z z=s1Lt(xyrZzvt)h$b;JJYdaqOG_SQLU^RuiGO<)*uKlm|yT(a5SRh1PB zzlDv?*BeDpUM)Ia*0b7mv-tSSR_pi9_}tq2#YxK(Nv+AyRwQVIozPA-; zE+$W|_8sCZK6~v}Vcv+8G0WO#x4Hkjwf%#E&q&tPK~GP%ZuK}(zXsM)5B$n_pYk@% zbH{-TKK{OZnDkg8WkS0HchQ|1PrRBxx$>D!c5MAdbqL&nj_Y}Br<_A)Hsno7O1<#? zVaNfDUox;YQ(oagWpno3`j%hmILFa5HL*RIf>+yQ#`vIh12BJ`vaygTEh2>|O)~QE z(GO{l+~52N>CanyxnoAaj6Qx$xbW%Pf)%HhrLOCR__%jCd5eCfzx(vVgQfW;-{LCH z_Pr$7v#$QYQ_Ef{{g79%9yh%sGo2zen{5Dbg;ytod`k%PpeOAKpX>ida zYCA5U02lq+ApgxI%Be10@h|B?ymHApUp34m;okUW)!u7a2c)eD}q1ZAo7LKbBmhuh>;N?RCi|ZSCyP zG?*hscq)*Od6t{-@OwzQ96$x4)8NL=-PNK*ia~#1T+#d66RYL#Y;F*{Hq`i4;;lM$z(pT#zBIzXrL6HELnDREb6$a;n z!#gfjubMbavZ$s*_2gqq2VNYJnDY=4SDZt0@zkW;B6Bye^d{_^qc3pmf*XYuNsR<)2y*m+}zrKCbQ;uXCF(g~X&wk1sdGHE5o zG<%ol?x9noJ{?vESmhfR4Lsc~j{mv2rXM^2{1rR9CH=^`{@mHiez-m%bMxl0d&*xNcvIeX z%L&r-Oa0qAaj(OzWna0+x0&PfYc-b+vGeou3tn`{`G6$W z=5M|tOJXFkz0O0D3GPFU=3Alb%-;OppRaEI!@WSvf1T8RWzsJ{P{hKiqz{PgnJ?z@oF^WI_g z$$FS=7GB#j{#Ks)anhTV){LV5t(8~0(*Ll6p;*xuyvZB=6M2%UJLVs2XsSPa3nsqn z&ExX{Vd~UolF|vyda|T}-FL!cYbMR>hCRs`0-S99NS?E7AsQl>LGnUm^X3>aO(*yc0KdXQ3G+6F!zWzT!*u77}WvHXV z;ZOS`DWW^U%K}2y$6&wje}=F!Y4L{1xf|B!7w0Z29kIMi!X3D%yRFC9zK29rC49MK zgH3ZTZTgVr9ZLFf6MrGz_8$A;I(l8=8OXQobKZ zgC+Jto;w|dgwAt&j_|C>Soj-~`gBRt$D1K^DJRo$9e*j#!P~E#`k`(2oflU%yR^sK ze^7dXck0}pf~Wq==2=fppII_weD}n1k4{2u znJ)X9yPLkYzasxg7YRGw=lee?&#qQw)*sBNtlqh6)yT}7kO+D(ec+7sT%Ba*bK>Dhw9;aA_4bx5m~rEp8@+Yf(|vNZYqr#BUz{@mQx#%Fz8 z3}hIe-d+~{(ww^SPBCY3!Kv!IU;uCbP*gm2kDCyCZQRrTdtdDJ>GYD|fl>$@53QLu zd}GQ-<{jSeKX3o|?m6p3e$L0flH`Qd?#?;tMDa)E&*zGTv&ZNYj!W~maSGZ#rK3;1 zv#ebq?=kO*U}Q2$k)L?<*FY1J%9x(eBqm*3+P0#&cAKx8j>he}u(fhuQm?9~V^!mP zGhpGIV^}IP{Ya#6dCv-*?S9L4Sx3?D-ft+#e6eqfTY6}{83@&7OsF3C493XWbEJaiW~cm zT8^z6nIKLzZMfbSlUJ~?IeYr_rn5_i)I1g@&!%&dH?2qKPDxE$(E?V|#lEnTnjeBB z;yH4>BmIZ;UP#j2#(>f^yVd;}JBR()_=S{9A4fXVW&4!Hc`Z1{r$0$}Iu7Ma60<6pYTb%s;gDMqhBX1kJa1PP@@^?d~tUl&3}X@caMi7x@s7 zrsesD`qaeHh)cXfBh36+vPkx6p>14If6QNE7X6Pa;N0YQ*D8L7GtHbr&-;t99bW0! zMx`J2`#{bnphZj?2u^R&X|NXXRZw6kE}XKvKR5Z;(D0waYB2NxOVc6|$W`3L41YL_(bKi_Etxnt&m>-4blJNtx|uMtmc zRksmOyx@H&^G|+GPCLDA4YO}^24W~afuT4x0K6jSCE=K{a7ieA0&T&-*3F7GCg$WK z6~etaS4JkWyTT#UyY1XLtDi)AbNU0xVZ>uEo-lh%B8-Fbdh>c2dEbv-?03Eca~i04ay5gHeVo8MeCkTWHT z)^#eKlaQ#Gkw7ni@g8qm{335mDLkS6=l)nbvL|?b1A5N?m-|xKN_wBXUUgw{)&slq|_Yc=Q!_4#C&mGtAir>he zK9LNFrtK%BQI`idyfALeLmwgl#wj}GlJ$G0=oDsVL2|QHfnEaJOI!p}VA`bE5I*;% z=@AE`;Cp*B_YJ7DG(}ksv{HHBB%FzW)2k|iN2UVCBNIHS3JsaljvA@FtynG!AOga$ z#mX>l=uYQ|4Gu6!E10#2CO8xAGM$@!2l}^<52nWxWY+C(y?fN}YoS?5NQ-)^At~>v zmDeXs4o0K-v+V%_%lueu^lou5$Jy}NmGb?yai-Bn z0I4pyv}yt@ajn$Y%DHLpk&s#a$bjt56&sFQXL&Bil@U_QzK4`S?xpWd!nvf}t_>Is zFzPy3#UjX1Y}8n63d7_gLK+b$08nD-CMdt`S1cyIp=wE|k~!rc*pm9eUlK%i5pR)0CDZ)K;-3oXFXuI@s5Ccrjp zBZj(F0IFQ%VTU=tGH;R)6h1a*3T1IKkHBaQXy;OaD*-c0(6i$%aBU+a6jw35g*icY z!BJOEM9zq|+kTemRKX&C8~6y7XWpKB^%_#k66E%c8-UtV>h|UBVsr|mXg!v6b^x|sqqJ$Oixs;4TcvhDhk|rqlUkQNEfz?!Dz)iO*xwmc7zfDn>v9H= zQJW6uV!b}yu)9%tyMGlt=kjXD@v+U>H)|iSTU0fy*T37_fJkhbhu}PM@GyJkim_Vc zQ%$v0317Ho;&@A>aWfQ>Vz3?*%%ZLGCxv?1yrCA8ZsL$)Xj;1sj@3da{tGgq~st%SzrAUg$;*BYB*^BgH?PDm1X1d%UN*V zcrZAmf)@easPSAL=>@WiJfs}VV|oWHNV|&Rsg=Wte7l&LU0!!M9*ho07Qe7)Mg0M&i;k8 zsqnu4Iiy|uuaNfg!UzOuKZ8dzJ*x0O2DRq^d_}-of$r`Q#qL$MG+bx`Dkq!(i$YLi zta1R5A|u~mE`|oOqmzLg>9%A7xGrfbg`X}=UywILa=G4y1Pc^%;I1rBI8^rIvJes& zOPAZxQ&*qswY@0w{`TG~Y*%P3L)0oX%VS96H3-8ePMsx*?Z^0f7~C~i`=0VAPuudX(E^~in877uUbyrmPE0%IE4-vAp=V^V zwA{kzyn?Bj05_34GMJkZM%04l^h0j;IYwT(xkw3wfJ5%d<{N7AzYw-5>Uj?YVN)aa z$zxOU$N0xmR#L9&6I|~=F5RaOCoZ~<`2twq!qUCf(cv{+ejoR6m6k9Po&RhV}EArSsP-5q&u zWmu?F1@IgLmUbUZ-Pr>Yc8??((zqs}2*Ba44PSeyWuV#%`8K$b1$gbp7ki^APU2qx zf*0(m4%-X8PMl=<+hF7Iy5kd}N_r7QWw7Y((M1k5V>ASqjiTY0 z$H7B2+>RWcIxt!_3PTM@7dDI&q*Wx>2gAc|Hdu zEx40px{h6Yayi}<6HixzV0n1f$c;o$56?V!+iU0;Ar1;fq1pt)DYPeLvIdv6+C^uu zUK2xE2oJ!yE2?aSBuIv!m@i#X7@CB&F|=9{QDM$=QW3S?eZSNW z>&~L65w@Xfb<|D*@&4EX-gv*X>}GS&vERXOsM^MieN+~j?ZG;1z4gJCRHprZ4F^*Wr_EOjBlq4DM;f#|fR5fd7K&!SUO^oHdCwn9N5(ZJ2u z4}3)SndbLpD9wx1802?=H&UE!;`LzpfGX$J{Df7q0O<+Kg7Y5w`Ml&wAH(4bP=+Ic zGIvoGIS7{CLPlE{6|m?CwAoGo!i_@aE+fXq@qH2@e6;JSMG)?lwu`YES)B1K`* zDF|dS84VTe5n7a(r~zZWfPM;5&s}Ah z+ZAvh-Nbr3+(~xe=C=E0l%fDrnreArJxxF(lKm1HjX(^94x|28(IJQ_@j9%YNdWIZ z1@W+yE;UZz8nM#g8lRh}AJc`{(f~*c*rLFS%dbArXM#$t^YWt}R(e5=f*Y3vXz;<{ z`}o5DSHJK7V`vl;WLHmB3tqSQ*SCZummHKwHK%zt{S-iYBE07m^i{UYKmpH-dmALgpiqENxlOfbmXU{+h-7WKRiv(`b<>$`n6 z^Bx7~sw3c+_QBq69Lp$#+lhmt0kB*JV5=G&ki+J_Ul>aC@?I%>BhT9LND(BI$1vmS~e$`;!~h_!soO2Rs$Vgz zBO`VCV}tibsNex$D#nyZ*cZYzrkexJrirOJ901j=^{xbv&a7rpHaeUTfMpVEy#XlN zesP_Z0*of3u&F)7iPQP?)ku3T*V@zVFpgK<8SWa*^nD~$?Rq4fED-&mYUDbN01KFg zDXzn2(5}gYh!IfoKq6h{5H#osV3DhH&xgE@{Fs-G+nNV5IHz#nDYsY)hf^JjwEVON z2Ut0{)c&Uip5NZLLHKtZ!gWa*pjdH#eWQQMsbS6ZV(`8WdKNal=L`{Ln@JU6r<9my z!f8X0XSU`O6{PtezJ6Zvvi_}EC8*L&KEE`Z)I0*pg9F4DLxr1;M*-`GDwCP5|5{a= zyNf>nz@UPt0!-Xs^U?CTOiAbLDyPXY(j*AYRQ&+(PDWoJT5%Ex%!FD4Jfb~01)`52 z`B-KjZ?lHwNho`K>7H~6&+P<-6CW91O){Hi6fws=Vp0~_t51|a>N$?%F>mm4T)~$= zna?>JK&D#)YODP(NF-1WoFN*2u0ZqQS%~tlm-^J?@7+yz8YfhZ@(*`+Ps3<9)s`6j zLm*r;0Rx*CO$&yODB|H)$j3)|3PW0Q07QZWlMwlZBo$m3L~r2%v*-9V%Uj~wPmMz5 z)Kc>%5b_aP$)^L8v*8%5eMnp3H+2~U%+QJ&%>g1#I`~U_VeP!}-(8 zX)j4H6+Cblt+?eitSvdZyEGh+)hQMTd6%mcwhACkwfB^7_s7XbUw0<6_97i^_V!Vo z?v>y8S{g%30fFo5oce6}Qdry-lwf|r<{`vtmzX!zPXaE^=_U6~d{lVP0OL41kX<9S zqxa@=2|N{IVR~zqgrQoU2Cki27LB9leY?>6!0aYN!o_p%(KF~>2-zg~&Ta$AgrPt` zSwfYosu<8*I`m0z!%tbgsrkBEnX(4t;XS%QrPP^@%C@Y~Z%QM22o#(hM)U=;X0A;E z59GR?^OK(=MTS{)IZln(bNQ-Z|Gd$Lh_-(XDmQ8Gbq7EJR}^OZy^Rlf4x5VL-ht&h;ZtfRB?NOAaH_LDRs7 zp1C|1G`F1tzD%!@&v15bQPbEmuFhUMRM4_o(x%07cFNTqCPoyTXupSoQ+~qiG8s#u z3D;}&B~3|l%yqDro2C+!EAc)zc&aHJ8s5rvw*7vABe1dE(uo7RCY7*eD4y$K>~k`H zho^uVFT&>#kc-@kmCpiC9AX=4n?yhr_f1#Y9AJAON?(B;H>NA!o5`bK;7FTjjXHWfHG0o`supYQ42Z}0PT@MTN2m*daq;I3p! z^h2a{`00WA>7%+9bbiOZs1wAR0!8-T3(#_UDR zUkn{Y~r1pf$c*O^T^qAi^DwO_978lH0_ z=eW-oDC#3FImq&9lNHkNkLwmevOaC7)z(Mq;JjMQS8Gqy;wjSw%ZM+Dy(l!1(7xbyjU(xBv zxyFN3#CJ4M)F8@55PP8t2#b!j{73B^%tLJm7Hqahqf71VhFNzu{qpAi^Q2FgZLzPb z1L#n3Ok&!vV}0LQQLIMHwT3yA#}9u_h8z}8n`6KO29$7I<~q200hW;W7*ZX!WOCd} zKJI3H@1mzf%!8qYwFj-=?S2u{5a<+IKg}7gY1{^gW-MPdc7oWKjeBeq9Lr{pug<2t zJV}`q`^+~NnnvrV_JvzB=8Q<82ba9Dt8SnbkB#D0(c2P-{zRuScNuM-P)=njy@qk6 z-b7QeNQ}JU$hs+W%c88y zD~L@=az#~3N2hc=zD7tFLIAM(V<3$|(qD{#)hk$`13OTcQR_1Pya-;l?lXI|T|Q6b zyRIBR5Qr}M(!N%M(WsR*%7kN*!6r!mB40jQ(Ty~mTQenAjprOd^%(cxANl`Q8SuXo zERO*M{-{_LZ{n?bW*nmlcy!3U0i% zo!2k;v+?}306`Pgs6a z~C*)rviTGpr%6oe@}^6isIsLrOuJ(tGCaC0+vV))nHe*Y_%$H4@D; z!^@4DRL-wEd#I(d`7R`Xs=9Yw^3iX$T6$T)|L0cs3&3w>+9s`$Pu>3&cyF}g>8v7; z-Wf?Jhxx8}cboM8#;i-e1O#AxkJAxUr@*{)<-ZpQSu{`R$n9PA2l*Cpw-S?@mwU?} z?>z_|-0&RDR(tv(8`Oh(Mp@hlAuxg;Dx&;&2sHQ+#;G&(H2_~gvb_JdyePI;5StBB zH@5)$Tmww7oo6H*>>PKqOJx3qS|`nt$|&Cu>H!f`GcfK zBo+Hzz}TkWI{=jRYv4@j+*?Y~5_a9Ai_fJ7mg8DFVwFe=*AEYw%zfGbgjVoBoQ-k> zd4Vd(_5+})U83wZ_Qj3Lt^xEsMR%@gog2%KOF-sr0D=l7%@C+r8x|km!<_=Bqv$sP zn~#C!4LlCxb@GE*GM}Mbj?7AFCGe=+hHOQ(J#YW=`<`BkK2Yr=oUeSJ%pxkcZu{-I zNl$=>OId9|Oh|m-$DeZMTgN2e`oB0B7wTla-d~z-X~|6M`_L9fA`^s9``-7{Qr=ZN zM?O%ZUU;}syFKk68CmfIwAxgDuQp_vz>PA?5QsIG8b;eeggk^z_W`&Y1(-8yz6LxA zywP>DTfp>G0ZP5;7vCzS13^k+9L$Ghob$EfI^y5SA=d;69f^bk$SKmH2AJ3^n;_ux zktx@Es>$#*b-uuRV`_3h{)fW~5QWF4EnGVpA_eXMY4{$=RxmSqHk=N(qtj&KP#$3f zh;OMSCNq!ZkFPAIrAp-dcFTbOU2Di?_*pefLW?{cnVpNy;&Uwd&E6wj5OAnrk`)unWG5eOMtjRHy&5CQQv zO=JVZJjXj35UQ|~Sl5X&Y4jT{h^a&-_j2r<{3h@+3Ix{BzmEi&B0V zA^eDT48s>tFPA~(`x?n}P)yJ%qL0xT_kV6h#i|$lkW08fD~B3UvxV8Qi-ij0O^-<4 z?qi0M67ECa)Rk8CK0qM3i*ZrSn(&w_7L4sK;sKIeU}W-`=EG{>NL)30j2KbAbJYyl~s_vBtibj zp7o;r`^&yRu+bvTht`DF==qUo7455Gp*HHvAE2UR>tL6}E``CF%(|P7tzZtRiN_@9 zDF-03l;A!QKWKE(s~BZGr>c};8* z@-7+EehI>{mtVi#SbUV<$N{P7zrVWVu-ebgZ3Br4I}*}~_j~=h^$py->J4FY%8E-S zuH~smf&{%t#AAUBP}D;{kAd$muNI|f5pmxV@O;Xt<_lOKr$IuZuW5$ySaj00&LH>@ zP5>|w6|wR&=t`E!*xWMBCfi=x&y2tLwC@ZRXbcE0Ov9r+TJ8guiVS10oJ~6zmn~q0 z!r7k|yn=ChPTn>f9}6cdSuO~k%{5RLQ|T$|#Zm6S(|{{zB(RHvC7<(k&Pxk8dA>Rn zd(47L=HOWvD7P@W)e~-7{1c7aYcB^p5~+~AKh7U~ zrpnDT`V7D04`a+lKCd6@0$D5H=ZXQ-iAJ z&!bL~ySi$d0+B!>ez`)}9=8&`@ZMtRJ%R<}1_khTUfMWQ6y4rv{^8V?jXct2$K2Z1 zNcC~A+zhauLh`12gVQIEt{AQ~MBL<$=jm+JYNBdObDFBKJNrM->y+tG;1G7#Iny38 zZwTy=cWW-_o=r<@R((ASib!uNna^Cp_<0v_?$(c>aCWb#xcR0o`)~`O-_u{)q9MZQ z8$acca7fpBGX`MFWDr7P*zPE>ez-=~&?lKTpQB((&*i<;>A2<;;)o}SD!RYqTrn*) zoET}ecANlJ!U^Cm4c=R@nH;6Rv?zUEIm%J4*w%(B4oSCaiS15|{|?b-{<_iEEp^72 z5-udCfOr_*)pD9@$$gbS4^cI{E5yxbx?%a z{#nHqLA0ymU}Gb@&qYKf7ACs)a)hL zgP%m=1&U`B=NEP^)VH78cHroe($VHr?ki)-ZlcA>N2n|?1P$uftfDl8GJ-5jE5(G5 zFc%|_Md(3hMK+m4Bq9bBW}(5ztaz~`gT=y@f>1|b1zk_K8X7&M4$-eovc_Z+E^wMaq)ulpr(8bZ5Qs&6v9Qpg&rT^+JW3af6e+30k6RY&=z6~`4mgpnjxXaPxMHVO6Qw$l8c8+GedMr zK&8*omgaxM#fp~tv`^cfi#!GHp@LnO?mVLC6tuBMAbp4>zzv~W!;?^L0g$|bthw*~ zDvZXI?r9Rpz4E`a;RtAD!sW6pz#TNm-})<3_z;qKLcUV>tu$bkAApk_)3 zUlv1pCGDSPfbyWm>m@mNFAj3G0t8RPV=;Wr!=1zg!wK}pCf`l^`-xy~ zaJ#IQ(R9|EGeMuEs6qPE1|$=Jc=5FG$KRX(bIFP@0${fxjniWQw4O%!1sJ@?gTHGY#A+|gyQ`BeI|>mtQ5=5u<$l1odfv3&`0rjEN;8wVKhqZW0^Go-Vxx0u1bM&rKn<=< zpgoKM6Sre;3hEQ+M3Of5rBFTfFt6a=--nNc5ft3j2ITzB*Y;Kos})-COTY#J`R(~a zfU!u*RarVMCsjB)#ePh`2~fk}6?NtikTM?w9Wb1L>~gpL^0V3B<9V9^A|m|fA+Cs* z50ppTf7`qY+#-NV_7^}H1M1ziw?ajJzrTSa1XRp7zi)qe0h%wc$bcrPat%dle`YEv zw_}hl-hS#y=7E@{x~1To;K)OSz-fIz(q|&M4N5~1 zHvyhEw|oTk`|3ju>1u%`5{f>J2%2n3KD`X><=i0=E*V@-`7{(YDZ zm|!Lz;8Purre*l^36!L=pn1(TV7rh3njx9IUIC^O^Y_Uq^SOYyG)NCj?pk*w)fG#F ztFc8Kf@%6Y=kv-!0mRYLuRi&6z+lgWP|F{-f|fK<+=}4)nF52&i98Id&Mtd9H)jp@_#28TosQ zG=P_alvcgRk~K&yGcoi_?ePt9?IFub z9jFf+0Mk(pRTXBH)}3TfKb}>b`#?Eps55Z94y=DQkV`S!Z&?uHsn&qksv11ds42;@ zy5s$EM-X&^`VB>x{{nAye$}-9c(&CgRlo-7bU`-ueW@^Kb^6yyjT~?eRs+rlcK6rg zdoNu{=r@HUa=!pppbWT+A1()2a)>TMEm%wr)+fgS?I|*C_VonJy)mev&5!I_^B!41 z{*=fa?+!zv=|lX$dHDeFAQHqy2xYfZ&t3_vw7Y?vU0C zV6O05c~K+n8Z7<`bS+}Oe>kcKb@+jKjSW*$*d@-(<@n4+8_=PE;p-CHYx%&VTG?GK z;kts{b7el@F;1XCF04dx708z4B_RF;#mqvMXBRtTnZ|(?;g0`mx!O$q1*2eQ;K`HA zdX5GHIeX4r0Tu1X67bz!H4bSvyWRD~c6LFR6LFoOn-#Vi(Q9!6N-!vF=hPf{v{YCP zg!^%jKcqQ&u4$bE@stQYkkC^6c1+r!%;;u()gD-MK{pPU-`zOCHhMyfG;jgWGEMVh zzNnE1SvzYA*#1`8wxO-B(RXK}#kF{eI+Tcn<14U}>zva02@-SPrY;U@E(7HV=cCkt zh;D^QYDcq?uRzce!-?Wfo+QeTLCytW25Bdr1kDz}9@-U2!D0>d$^lJ;#++(riEA!s zW=J?bo&?Q=UIs4n)dT>Z)Fme#B(pgDzHxaAk&r-kNgW4>z<%0YKBiq@4C?t zAoEvWw+Q?Q5_5KdloN-Mog3KQfI7Rx3fDh3Hhrd>vuJ6_FmJGnt+0l5K+}B!hFnUF1|Jok(CcT^i{2&vP~yUolwPNw*@1?l zHYkp-2aimgTy4&qGK)*tnscRM4G^>2GOx-UpSf0^YCY_ZXZ`Bn1NEl@b{fc9y8rD- zV!Z&dqakQ%w8Cux^k2KyN^u>rL9!MbQ>d^tdSyO2TI%vES`!-beMq$~7xg;AHwXGl zwutw$Oud8F>KLF^Cnt0QPsrSL?Q(#P88r8sn8z^eaLD*5fEltuOx>{rD5#A^mbmhB zJMxANahYF_zztO&PG4L!ZBoXr%s2scT^QU1wBNHKZcV6lJ?3%@O+BvGb~4vTg32S%zByC zn^mAydMV7OzoGq_xSI~5XVM>(EnK#jL=t3d3SOZ<@BRRxIhXlcad3*|_8VXQ*s371 zJ^m@s#s^5hD2DPRpxdGNW}^u)KWilV7&2*A7qq}RFduPJ?xr$9bu+bdhfv;6$Fks_ z$fc%8KbCW=zd+8u_E=+=j)Yze>(aq>YjrpNVv|Sy0ysW(-i7#vSgNGc>T}gc1~T(_ zX$xhnM!rb*23{3!&%PXmX;+@3q{qz*d#72&ED*VveV1CAM?s4WpBXMW864pgPjN1a z+srpH?IupQMV7bI>9?A0bEB}Nt5=rK5X^!d#>2}GtqNU`c9c}7oBw_=)Kx~LugA!pZr3Q7Wfv^A zIZ=2o?Hlv_v%u9i;=KU^6NN)3+$x7$IM8SS1yVF+MlF9%*b{_h6??MYnYu4a0&^}& z!XVx%&cx7KZpXl=#vYZE3J>bOgtjj|nY*ZO?AguLrlhG&_yZ8~lf_ax6W|%G z?5q$;IB|Y|Ci&}rAJ;}h9+c{6yqx5!nRT{1XSK?zW#vfI`JdVL{lH1HVt~UUO}!^Q zbsAeg4mK)xFkW)vW=F5kvpHXzV4*HKfqw%g<0fQEBr+T@*z5HxR>9x&{_z3`+kFMr zWvQ(LKu5~7bx)n=jvrCV8Q$a6PprLlIyhCRLxJXDG#&qKoVaY%)Xyg^<_jt6>DOm; z8kSbWYWK&ibVQ??a%fO}B3-RNbpttk2ZpO+)4A&xp33?;GD#kbe5;XZydm0Z9+L`t zTJ+;@l|FMH=Hej?x|Wr0S>DQePEc};wne`OTV<6=JnGg85CqQS-Q9p*F$Oq(C)T5FZgiZkXqo?6Ai zxUDl}PvQ%cQ(7u@R}6l}FJAz?ZGKU}^L!k&8gpUtMgGC>mzigc4QnHfoY8Zs<<<#w z(Zef_rw+m?j@y@Z-gJT z6`>70F*MyCYwdiV6Idq$`bu`e5b;%?6OfhKFI1uY^CJbkS*HdrQu$Yto$CdBCN2?V zMBhr)?1q`%$Eg{l37ErL-FM{*;a_b*H@TP7rA`m#ATg*u^(>p5!oU;nBgXHm*$=cc z3xsLREOn!6Tqj~dXPrnwOvCElA%Ig8gTVb$Xwu)kv`JI%u_9fO^GlHHJ9b_G*e zePzEZ&-P_q6>|_N_=ImX5xb~;?M9#;I?2M#hu$J=N|z0t>(xoEMc7I9SITHNUOXQr zrjqfeF#vLb7tb1&ZW>Gj^>7RsjvaRsX@$)-pK$83*RrNI>y!HdC$H`wzf;wAA&#C) z@`}_`a+vj)wXL`x%;3=#%acfWd5n=ehMt$rexDk+us|rLq4~i!=7@gJKq1g3Vw9Rm zHx-fhcEtQ{F((ZQ!|FKaK}(7}Qjuf39bDPpMu>h1XU6q=6gnp}rX>)zGnn{ON$OvM zMKXDAap4tFn5r{M)F0(G_e&>&_2!0DYG5`C&!Y>NWbY9MOY$}&%1U1%q7J? zrGx`rPqlzmK=y;E2VEK_^h5P7JxzwSjUVSmE>hv7*m#Gs(Q@#@tk5?R=~ll8+JlXD zMs|gQqIe!0$XNqh?4z>E!a!-Ms zBr)?kQ)sL|xwFTCK`q%hC6}pjYJtB3S+%7O*Yn2mr0NK`3Jgrh##v46B6qYTV*D&9plM zi1MD@pHJl_RY#-jlhW=+qcJex_j9(mvg{v5R_Odxo}}-bkDkxesEW!}aaIz~f`l8u z#wl4C1Q7^OeH#pONWZZOz$r38MJJrQ1fH&_RX+Pg(};Zjt=AFi zy|&{c^6#k*+Ifux+C>e2(U|v*mwmmWzi&lFBeyI5ET37t8*A(uE@gwvSEm>AREV`; zC2G)avJnsSwmZQ@9m5dEGgYekrpc zjAm)}o6FFC#W5q)xBo@S(VuE}I~&l-Ko>aOLwnjF5wG&4$zk~3qumSU&w7H=J@n(w zdx|jjCp}hMKC@)L%0G`^7YyuIIoARQZN&L3J*s;vU8 zw%!?5{W&AB!T#OhIR~lq^3nVP(&iV`#$vpAUFwexaR>L3p3zA1H=!HRO4#}6Cc`I| zZ67Mw4j%WnFX=XRq|kMu@AOsbE@##@%?C@VMh|zRGvaD;+?ScVnF|;9-3x@e$KB3f z@G5ZHShyfDyECMgkkVhBwd4=rESY(iF&hn3JV*QmQ4@PR< z{&-PX@YywmVPj{u*8G)A4D&|)?1Gez(wlv@rgvh4IO4Ai8wa@cu4t2@!iihU)YV_` z_6Zw%WZjp=z0)Ownn^UJKeZn~0aI{}R)iiL!iqpX2QD{x?(g%w13v_v(R!5{tz_fc z8&q8opj+o{S`=WXJU80ler~$Vfx#cc zOE|?LW*r{;*mih;ZL%-YedCz5b2j!t{QJ45k@(_T)Sl2fn_-;jyueonh7EQx+)Y(0 zS*Wi>eu`9&SO=b@yaRM*c#J={o5hnQRo$@pBlyBz&XZtywZUOE2B6$pMY-P&_*8B65=v>UaazpHk92Z&$ zZ5+_mASQq=nU>%>Y$moa=5DL3=MeD}%&ivdWkgfHTZ9Li1 zp`J2oC#MkKx`l(EHl~XY77>wKh;Vz|dslX2TVTMmae`_#dRVnhUX9H)+<%ayWU_IW zR;j%~9bv|%y3&Mr@X^zmC_4>iKysc&0KQooH7* zlKC&Fl*SDLu88;y!V%R4VyBFl0|G6FPMqalBWPkQ{1ofDDNj9RobW)W_(QGhJTOH} z@wemAM~{4=`qr)nYI}6hAu3|eSsvE&_M$}@xyb7Uvx{)44R(<}3-f$+E0v$XY_ft; zUgmR}x{-3H+5NmQ4b$Rjn|XG{C7kmjYJYF)ZGyn?00 zaTQ-qG~X$o8FPL}c;_kTX1snZfZWq4q z(qkVcXy z(GjME3af(wmZg~KM)`vI=;!TxjT5wAA6?}h6vlnSV4~{Ynfd{C1R_&)c&!v*y!m*o zY3utGzitQdDEcmOTGs=@kmc(;KpKDm#^$2qewocW@+J)xeCn!NwjGs{#Yn){8{yr6 zG0yU_bz+pyC@vG2&1jX63$uGD#=XkII!D;>p3js9F8WgcNu;xWdu5w!xTFK{jjucC z&dMobDV?*$yrU7;3gM_QsaO#`=`dhU{QqaKnza?_j{Y9|Kb2QQw^^din0OaM2iybh36FwS`5^+@VuTRs`rzg=0d{4gAqMfQ;}!zy$cGiWL!q8SLeinJro!4RuL0C+{l** zL0KXl%h9LdY?Ufhr)MoCF;QktSa`vi_BXToWe@VAQ0Tu}&WuPQD+(BPZ$ zcrIC~z^B?C^B@+%Z;Yt$$h(j|JE@W+TS`lIE(1kf@>VP8_`sDCtF3Aj`y=YpGQ(N zVy-`GMcZ%FW7+^aco+0xFM3R#Czd3)8KyVHnX%5bML+Pa>^5^rPFCAK91%0_JNEic z$ij6=3t26eyfxEK?iNdON>|_0?xFEJERFKYTvmX($UU<1XvM`C^G{+CgPR=4 zw`EcsvB2!YRcf|M{oRhTVrol=>tf1EL^Iq!Mh=DN7$n2b5-HRFkeM@=K6-VhDNNFu zd3^IE_}qr__Jr1XP1y|+R?1Qfc@+V_9!6fyklvOD#&*ksR;#A7?{I*`{T__s&e}K? z&So9w89CV++JObF7gU~qy~i1ni0*g>N9jtiyb_u6#N1()N%8f80XQEU{8r>47a4Ls=yZtx<4sz{_4Ehx zp@Cc824jSvzVjgo$jSu_;9YZJ*%mjV|HMN+&e9@aLU&hCbIfw`*Gq z6MZ;l)~xI_l2_;L0^-EYrc!+RpswY~eJSk+#H@l2wW0%8fSZ+1peO->`28$G&O<9q zv0}7;*I`6h6aVoR({QxdLMpp1mc3yL0aJc1&@4`#G4DVYPDG%sPSo(wM;3jt|7*B? z*%Q(mp1K<6HSv^Pu}ah7nSI%EGU1_h0wLilex|9L=LIw%8O;a92K1@iI`1wk`g| zoDCpF#rE1?sZYu09rr_6)+BOzkPwDPa1I=ZpKG2lro)W}_slPCo89Z6tyZUX?6?PP zy^qSoIf|ASSsyqqYCWg*QrbmCUi95wKv-X&RKsR*Wknr&fdMy7lzTao7TcU=9^Sr;8ni+kX^isn1a)TrR&&!95!se!?G-wD10#wwK%zVH>HONL(BWqY-nvHLq3xu4S)6UbL+u#!BQA?o6Zy)3+ThW|Ax7c|z zT2p)oxmr2Tx)I}tWoi!>y)+P2#zU1H`E9$fhO)QauvJ)LA$-zJoiR_Lk3E^-v~~`UFfhXzo@VkdMhFx+*L@qWgtlqp1+C`?$Xy;Rg3(mzSNp}#m3uI-n zu!e?J#bmLNuh1C8G?}WGPqFZ{lhXG2*~R(vu#pc)a`hQcBTT7G+y^469^Y*$;~+hl zE2UW*%8pw9?%5DW-2k-(iT+&kY%e=rz>0m&=#<^!z@=7mp92J?aLTdusj`>|ab-FY zI#z~K6*A)?uhpWNEMK4`h4IsuclviVV3|)pIrI;n=0V_PTgAz;OSv3qr_U^!OJT^E zgb|D}-6VsI^Dv94AH0#x>)*|luv|ejiXS5yG*WH1Td>Q29wRu^P7{n`X-_H-LZeQF zVxz)TW)W}^VPYips=TtEAVNo7prcbo4awHArn1iEORubsOheq4IL#86w)x{f1dP^dsGrvA!@1b8HsYs>RX(epOHNKZzh%m`Pwq)B7UWoo0I;~_t zYP3CwkBDMM?W8IylLqc=rr|w;650lD2Gh;j1s%Id2ar04lztDny|`G%BiljLF!Q~) zn!_gan-%AQu@xN?%7?F&L>WHI8%ORh&e$WX%rziH7xnINqFf3_^I_iWa+0f{Qt{rx ztgLG-Ta8#bl>p8t_deFa)5|NrKLCNj>Kp_eMiAo3#a4)D2h)wkg*D+?`9h6wdRZ@= zxV7Um6A>R}W>%QOfFXg`geXb2t1<4tV%X2Fv6+gE|C8_bS;tSO+eypcomrH_u7$6q z7y470Qhbn~q7x}n{wf=ALB9I}_-TqVM%jxGzHU)$aqt+-ZJeH>oMIhNmCD{FALu=Z z^5nR0cle!G_Ifyrb=1Pc!L1)OuUL<)-NV1qH$M#fb#)~CpM7x*nN%dORn5invpYvt z@m<|%uwy0V)RxJRX+*y6fMJ>4)laoN(H^wdX-a2P?14vX82J!ykOdBLz|ykJJE&*H z0|x9?8x0W5t4@Wqr~n<-@KB|NW0s)7!*r4syYqc%u0QY@GN0c*W3|(+E^<1NHDPbQ zRAn|kX!B#FI{r{<>)KukKSHr8k@MrDvLe*x)SsL@ zS-zFap%_nne35q5*sq6!zy$=qwaLAU_c&e+o8kpI9S^-vN$6T4`JD;^Sg4(y51z*1*mO+4%p0llW2 z3-uom3}Q7pf=B=OYUw4#Fo1JO;FY&A65iRVw8FK#wGA5mBtnb>p1n4*Ghu(8cPaxx z6$5Ib7Bi5DR`JaXnUywkTGr&Kf91rM?ce6S_4amON3na8kneT0dOzjW@WYOpBimtf z$7Q$uVBDFHS)Ma9muf=3KWwa8in1%tWZEx029Z~(mBq@oSkbdDQ&Ie?@+w;w+Nva0 zgovZ|l#RJQGgSuFetEky$g5OJ#pCp2?(Ax<%ae~lIA;2!T7PN4vtuIkOEj7#(W2(v z7g{W@aMaB5#-W2&y=}yT$n2*JQ%YplFS_q!O>=i|)UK^awtUxqdnv{7_%Y+nZHfBF z%b&lvN2k>17TWz87Daf0Vs3SQ_&Mp`v)O$O`sztsDQuTtEn`6W?xkJ4EiY9C#kCgLU`4aYn?$D6{VK;esAR$eH{ypEIP9+$F9@kx}( zGIdvV!fEl0pIj))A$?hO!@0Lg&EP!{_anx$eWK6@Bd;u4o<UbtM>5C>`uq;#IFcG)lHxWY^9jd5@4 z3pGx@lqE~Bpo-LmV`3-hP1m$^lGwfQTnkaTx`TnCpKtGe`(VYCK3z_}Ci6N;2uqhS z%5~+nYK1KP+7&$7rSDMj+#^u>k8ioq_-XNF=9LI0LV$|)GK>)mdYV$lof;xc^; zuPwXLzWo9+ANt5IXe#N=?#*Z#dNtQE#F?IhbF3<_KU|Y|uO5=d7#v-%P+*U)=CE+UkQI#lww^Pm}74*VX*>dYj*TneP~ z^+1p!3^@qhw3Lm@SqOyFHd4ls6OamqwtkRk30oaV7vo9dg3HZ?uMQ=d_sGG-mQ=aV z6StkJQ^hM5BNzMHzG@q@SQ9%uXpb&Ga+1prjoay%x1sZD%20sOv{PRGnJuN9%Pf;8 z&1>xuqHIq;KLvg?tlhZRiJeI|soNO-k-!-%BN4o-r1#@sgA+!7cye;kBAK1%3`2B? zJv=5g3vGOmNI3p~vG<-~O|?<9Af3=d6OfkBdzB_VL*sN(X@;2m}Izj(~zv zMJyEQ0s_*TO0iHvuY%G8QWTK;M*Z&GxzGHVdFJQLFM~Nb=e&LIwfA1DGA8-_>dR+o zR%xnaaw(923aX*1GnNV9oQ{Rg2lvFb5$W`FHztlTpHvBbs{lkH6r#c=ybV=$m4cD% z^9GXw=gD|S;X^m8XQ1W9>yec`*%1R)q!7Mlt}=hfdAr_*VFCSZF8KL3Dv5!4z?-am zK7MX)`lVjRN46}+GncG+-bXtKra;_#m_^R-AJcD91^nbzT;_JrfM_dnsQq*aux|t@ z05ph-#$S+oJ-v@zJX=8i6r4(Y7Zhr?p8lTaCid=PQgo7!Q0U9Y@!aojiW}eswVN5U z4A~yldar(mr-~G_dfe6hZ%?>O22AuTe6XmzS<-3>$2M_dtB7xi7?|j~=`6@jL!0Zg zs3oYVJ`fmK9GZC>LRqZ`&mfH?o`>N%RNv;^=XRn|S-O3#55h49pTv^simQ$%Qt@F^ z=dNF+?m_{I40O(dEn3Uha$;q{Q&|pb-6yg{zD19W@lCHFAt8t7D*HN(&}#-j$spWV z<*v~o$~p2#sGvFnCY*7Zyxr9UYQIcu=fF9X9j?>BZf4WQ4PPw8;2kNke5zfE>D+F* zii?i*9EJNJn}TeMdJoE)dL9y%Gm>rVsw)+3d$YV)unN}DnA^rw{hnU25YtkXyO>xCns~^OLJM_Wm}h^t~Q-c7L&^O6L?y z*gDnxcYgs1F}>wdW=swwE7mj~tL@jXVb+1BHS*|6eNsQE-+p&Rw^4OtT9!7@08au7REuh2{<8FlN%##E zrKSLo*bs;w8q}nQfa+Ru@5ET{?jlBSdNM5Oc81G(3j;L+u^p4f0YaDBKYE*qer3gZ zVf!V@6rTgHNkw=tF{?Mrgk6i+73>$af-(&|m*>c8vA~43*-hAm{rLoX)HRCN$=*<8 zT1L!Ut>UVjA;J0+vv|BhlpBVtR|WAhoh79|<>&b)FOq@&Z?az6V57n7yewX_2MF%v z#4$2eoo|dxTOU6rxW^a`v7#uLR>dav*X+Fh}@a27DII8r5MqzEbhzf2Zg93y*dOi0vz|Orw@1Ta?S0HX)baN{EKRP130J zOa2=c7!6@qQq6SfU1eeLD-abWBGK+9A`^!o<_QSA<4;l zJELJVsT2npfC<$kXoti~SS^a%%!_>?c0X63nsne0a>3D+6-{gs?Is`CEZxH2&;Et` zPHz($+AgmnLfa8-ERVqAh*RSD!h<^U1X8~vsRYi3sv%=!;k2+5jZB+3raq||9xR7y z7gp{U3A0y3M@Sn7Cz~LSoPh#oqO6q0VvVw`v^LmRi9!xo;Wqfnd3Aj@`WSXHPNYPhL04sZ=qO2H zw(Q)eL>l*+#$Qx7Tm@MQjAr-#^9U4Rsc|BXN@w6&$}~&)#teZ`aIUVbU0#hP;uJ`1Ej$@xtYry9 zXJErTokL#d4;w3CcjAZOHK6dVTC=c=oZDi!QAXEpBk^9y-s%ki`rmt?)xAsZ z1tD*CM^%1HuMzCe#M^=bY)3i=*N%pTJtXd7MSfOalZf`Ys)smRVNBBQB`gFhl^6SX zl+#@{R|MYwQHMC#0+R3i)~R%f&JThZ^nwo-U(z;~W9xcF6J*a>X6v!Oq6M+;$|!pmco@z8j{-rW1GX^oLl1s z{ru=mT$;gsQ}zFbmxB)s?-Nns_2b-1wm^1xLQd0MDA7_%M=*u16kk+sP#;lOa>tc( z0*SLa%H#9T4?U4NN@%3^$78Pebi-A+7>;}yrnHn`>k;V2sLkaQBcfF+3ZcQW73CcI z2TqA%?m><6#mf4ER^Z90_Q+WKS0B85b5tX(*akFPx)9(qdCqJ3x zqxc@();({n$2FD1vrPWUAkDsuLbV$gJA^ImjY3$ z;18A67-WBt)aC5yx`zJ>Xl~?EsR0<~qC8(d`nQKR_=gdti%F8f;m2H=W4#GIZ(yS= zc9|}H{9BZ*L7&>2U#^syr>u3<~RJ`zCr4F=$+X9XU5PIklT-}ODU&^aEf;Z12zvntgI^wX*yfv z%)%`fB7@KiaL4b@J9krQTb6SW}x-R(d%d1c%+3rm_rHm@@#JtcrD zcB-D;La_S6=^J$K?ll&_$M_A)*BhB@R(c|r zk`oN5;mR0xU-_$2zgBL-5f2(l&P{f-+skF_hE}7RY_{}&Q?92sM=DMJzFo3apZD{1 zufj;hz{nMja>rNJ-PiRLhZWC#ak`Wh28t(TF?#=3 z@@vhC`=#Z)V8?h>aQ8odN)8Fj6+ur`e;6>-UQ&ukgr3sN!n}#b0@6g)^djIr5ayjs zmPVg@BK1+e+&-Q(953N=@5HZvd40+5%#N2&?ro`GMw#=f=|59j+bd+Q%-mhtNOMT# z;)S|+DZF<@L;M1KcS^=>_TN3|E*^!ioy*)U;_bTKxaMg#5GT7$8>g*~c9UAk8>(wa z%d(MN%Ezx2zPXr17pvUM;GP!>TY@gUcPtNFj*-w+9lIG~+xqzt=WxS>s;K_A58lJO zLknAJhw2~h%y`K7Xp>kZzOWX4RQI4v*u>O&=||3gAmBO3FiXolw zudK_{fXfZ^T1r_Xj>*Fcb)rQjZO!*`z8!*?u`n zLH+v_F>KyvoQ2eAq=|pZz`nX%yp(t!$7q`DBm68SsItF*rya(pM;D(&h1KG znnS0iM^R4hUP+A-7CooaB@1xe=-WpGKh zEL$-zHEH7(B6 zXRbqa;DG+b*wP+#bo;K7`U_h3=%0XjRO0KwRZy$(d7`56^qheH5Brk;hM9}sI95@>n&<3uf2=j3U5J^! z(&d z4GMP1BGkTt??RIgk?T9OdW!IuSdLK@&ju}cEfoVlJHNpdm9H78!CXW1MZDH<7fbu& z&X`A{p}vKMGkZCyYP}AGS12?hqNZik|<3^CJ1!sc$0_m7j|;_U~aXL zixyf5k&@|f*FSA$>nEMu4#R^1MQ|{hvDt_ERx-Bg_y`{1G0&QtLNmATwLNwUZQd%o z!N&SK5ASNYwVWYph6pLk1w38RzR#`;gV4UAyJlM9bMgNzgW%;W5RxnhD9=@^ez-K$ zQCGu`6-y(40XEZ|CMwVk{sM1Bv16=d3Wu(r*QtYlNL>W!>oLF#+M!~0>}7L`@finX zsHN2{i^NY11Iu#Rt4Q^AsWx<|IXZ!-=nZ&wAQxkGwJG3fzE7k8v5k&>KTRZ!l~eDG z^YRHt;IZB|1#wj0$m?)6!PH}fdN}mT;Utx3u!b>_(6AeX-gK36VBv5YWBzri-Tn6RFyns_%ah6?0 z%55wtXm7)X@I)|LcIo{hX*E3*7vx!|b%Zb$S*Z7;QBK6=H(W@7Omy;X{@6AZhSSxa(VxdJi$o*tU`xS`dFCDJ? z_Av_Cp|fgb2?InvK0^{~luuS>1yKga>Q844W(+-+*D4yf#K|1Rj`lXEtqYN-7pVW7 zz7bFn76K@L982J=u?Rk!W1yp$s~ZYbD$oKoo%(3VJTZ1i?j!w@8z|AcY@k9vhGzhk zAFLBX$S$he$Izyl)TgBM%CO@J9pmlf%FeaLZC8jzWJIsy6)An#c&fDKddjzmIl-DC z{)f0v(K#!Hr^=z?^uA90>qQ}MMq)PYlT|4zT{SaOc}&7}JkDTvkdrmH zj{t|(n-`=ES!@^s2^ps&#`364jAHZLYptx$3`NrnhDR&kM;(QBUFtcB=NAur1Q5w- zgu;KKe=rbhFf)L=Idab)u5UV?;`>5;Cxc}*Tx9Q`Th1D#<#|Cb zt>_uEU@EGQdF3MPc8)DpPmC<~FdRccUie{C+Kx(>-BAP-bkzVFXz}B0V|obJ;(ljm zj(vefks|B6n4(X=!STVV#*k`6AH8Vk5TqfcA+2_Poua1n1XL+ve4*E34zVI3N~5%}SqW+84Sckyyvo`}Y??tYO;z+q#*1I!!JDFJ0|Z&S zc%72!{QAQe)x3qtuZgO@8ZbW5fSPsjKMBogYFmssfhOScjq@8)Ji6HGD4Yj*Q4djJ znS*AL#&~%XDSaE<+#AQTGEucilqkggjtQcVBTuLG!Qfjt^^kqq`M4?&5mw*n<98fD zvt=3Nsi_PnkgGe--P3R3$7#mhlh8-?Ld{T&khlIrmrOHY0&bIIX(0;GuFdGUXui6+ z+0dSlfu<-!M%^+78T}aK8xifkxs9?b8HXV~jUSe#6I-8tzGwet&hSR-s#FtzB(qNW z6ioj5Utp%cVG-mSzA?szc>jnA32|kGt*?9eU5u1T$|~Yhd`bBPejGh*fj~lDpfeC> zAYbQIu*y74x&lj?t}wAwaV)FvK`{{Sh(U#QWGZ_ja5Sn*YMHdwzB?pT7_J=&By^`& zd(pg*to?$Ax^WYI-=9BIJ3k}EQ~X#> z@X1zEHiDC7sT4Dsf6v5bK!R!h1FCrL2wO7x6=kL*DM-1zNpr?sOM+ zy|uy2!qbYQUcH?QUYz~0=6HRoKicPO?v=c_`8OWOxK>w;%gr4xzW%neO)|^oDClzL zU>HwY)@qYwVUh8vPBHJl?&l=KE?$Xg?n?iF1i3Ic?j!~y;jNR{Ik+P3#{Tr(K@1Gp zT)Akd+7%z-*vno`e*gI#D{P9okV2OKOg@SBjm$^0jMs?gzxqg$R}*u@2vjAkcA&#+ z%o0-PVUozm$zl7>O7shX@*#zGXy;*@;+~34avK_>{c>%hbrE8G*aL;6tPJB-aul)-CE`;sSR9OeDjfdZEp`Mq zW+YHUmI~Uw{voRp+yBeb@^cE7TbQA9?R=7zyeQ&xt49e7>?zT*6%1pmnlz3 zEd_PXG??r-)P&2cr|JDv!=vOaR<&6C)m{(k2pU9B_?DwBHr#7g|DkyyW{XqPY++Uq zViG=7=_$1Je73DSn>7KI zVANFp2O;-h#gi`@CyT|7$v>ikNK7*6EqeMH{QEDwb7}t3Yv_XO=q!-?uKM7lQdYB; zbY^`peg$yp!bRB2^xYXBMB=9)oU{lp2vWJAZFJ9?6GT1Dyr|P zly%Q@vY_<)o_09id9Y6KNO|Pd;eXvrM8R!WZV}v#;TQpW~>c|i> ze2hWe^E!a5HX`+G8Ao@!V~AYIpi?2M1hA#=bgN4&WJy26CqUv2 zZNppPGyL?GNWE_9*NMd2v`b5keYIU2Gx+O8VoP7=-hW+98@Vwt3yP^(%ku<Xv**60gcqyn z>Fdvhh}ee;+C29GMro|hO6`X&=-Jc|vJOyWYb~fxaFRYUZ1|130N!!<3ktg&z>c7p zcmpI3C<3LVk6t@v)MG~rxlb6R^KRts3IN+Oke#204|#?UGx@F0Ix-Ur^6AS_Jecy= zZlCxPb9aDZ2f1uCd#RL_(_m6DMFI&xn+j#3DE@5+(OLkbf{IvNnaj@MC&+ZUliuK_QB70{80!ugsk zIK5LpkMdC_jU1zp?!NB+inWnj(Zdo_#aAYFM$jehlEAjksCP$A9w3L9`>Gvk47I^N z2h=NKs4EMK$5RG?+A=eXGWIwY#QnN5R7j)Pgda`6mAeL}mFfR!T7d?{%LUm9uYuH* z0{CZWP)9Os7zAiYNGsYveLu4r84E;pMY1ty%L@q1hQju-Q2NAhkdZeEswenW?*ep9 z88BbW&7I7J#xehTjHH@j8EoPT#5vY|y2u$_1v}TLpZ6mJDs-{oVaU0cO(^^VlqUv? z(1MjKUy96xY$b)nsdcI%sD|{^7$&~X9k-!Lqi~M^8wsP>^5VNv;t|v*LW0p9p-&Ni zl8+EDdoXL3XvW{W2hB7GYtw4=9|1;NAh+zi4K)|mS8meQ9R+fCXY&LFs7-tp;)G)q zp$d@nmU~Arq#HTp@QgT}B@_$nWK%Tm)R6tmivD(@4^Omdx(K|P2H!OVlswNg^P-GR zb47!{KCnpKmc~%>aMLgOA95Q}-t*^VTflI>fx-#A8rvN|Hm6lFF0z^(pBso^JW3>A z?N5JMppv1rpqPR$$FqI6bHHw{(~4{Q+f|M&ASQ7GXH~=UXA38;$@wZ;Ol81*r-JIq z&S8#>SfA#zODQ~PB)>i|GvYOf;WsLL~Xv?mh7U>OCz`>-c*r}AV-^a-fBv0rK6`8 z{SgJUs5&L>>|PGNVL?*+KT83uC=?7-yPANJrgT-#JME#+O1l-uL?~cK)|uWLv)6FYoQv z6}5aLg6{$aHQCmNC?8F%T@ndzQ1TOwf|n?CZq%xrG3b%35brUQx*){*R+q0 z%`F-@5+h%l6#wtrJh0o9(=$&nTOjHOJ>R44uO>ClGMGBo4f_$V21gkxe_7xY%&s%H zfD8lcIIWTI<;uUjG#7A$igK9UD&XL23ub8M48V_l$0B7Wd!TFU`d|K$S2PidXa`)lSb(S!Gzax8xM=T+W- zrwe4dl}P?G^=^Y7#!sl7C7`UV1l105PJ6RI5Wo3Z!uEXAcfbOe9H!dfJ7`K6x-_FZBX$35HCAx(g&XvA7YP>|M*|_MGyk#$ z&1u0`tj@O$frWu)(gBa|qJ2L9?>#pN@2MVm_iyJK5#BSdeB#Vs!>JHaz=C`SC?&iI zJlO=Am^#4WLUGIk2ymMKMN#LFzW6Jaupm$%6w_J(Fspq)2s=SIPRuRGRvZY*p#;Ik zliAagd`ZBKr5LbkZta>Iu%l4~_^f&eQau}!^+OF61P-L@^(uG$0vlnnH6h*YTxkh!(PpppqQ<6k1=1V9wC!78kUimzde>gM)C}%zdVrbN{|a8 z5OLRieP}%al+Qb_J|fV{o@{uB*8rLMG1xSOE$pQxP<%R?-U_o|QWWWe!OejNU$SRq zI|apkHNb@v*=K$8(T$ynlh)IdEv>B6?O08hDTb~e1yS_XAhAk%(RCq=aQxKn=byV} z3RN2b6_qbH2xMk;fINHxP{ckkIkB;b@6D#q1W9pXWv5cMjsI7z0+LFykaRkwsgHi@ zLk7K)CTXIkCBkHX=8s^CmME462XU`rBLHEFD z&W?ifwPXk<7*u!wxNjx^zszlU*Fjom9AHeMBT)!F-2NB{*yTH~hz$`$Nk>7`GEO8c zD`Ajgf-pUh{d5lh^(8;@$DF3I@Wb8g1ayNOh2KhP}7Pf9L* zP;2KTg@@NC=dRcj6q5h}tuoFL)UdVFq*3#R1rg4nVN*Qy4_hR<(*Tj(&p$mD#wBV1gFWErgZ*!& zQDkp2cV`VD0fv1I2>WI+Wdf~u%6^*|D$3fwfoy$W?&wXXh_BpkVZk_Y-OkO&PQI!KMueZP{5mg(h-LE%;Uv zYu&5&26+Zw1~U(;K|!#h*HnYn_P9%1x?Ynn{^tVY*AoYNl$d1&0nE;Ft}d$n08)=y zk*|Sxnh=1ry&bjyXB`DCs?{DG^xIMgYhy!zByJ>@bEFq@P1|^{RHu& zM%!h*ajo33p7XOdCm{T{f)ONS>i`{60J`7=WCSu`*i8RO7z04P! zl{wufigVdawbz{nnq6nGOpA8`qkWPO4~DX9=tvt1(}J=>uT3DK0UHwvP$}dH&}-w? zeL=$_gYUSawxQkAjt71yeOEr7kHmC7N;xWY2&77)G%DdsDPgEH+C)@IZ_hZ;52|j| zn!)0*HJ~|)bLedXOPbE?bW>2pSxy)E%@r_3b=|{3^cm7dx9~yDN*bh~E(Hrs3G0lB4q309q!uqrWnyc-2(=sKb9orXs8k%El3Cfso~c|* zHw1O(0I>{?%Rn8#16S#&7ef4;90wi!P5_se(GDpqo9@!L zGL_5H_kV`9jpArh;E`nBaK~WmxzRnLY!9XuQp=P%Y#*7w2l+z{qn@E0OUlsj&q7-Q z8%iEHnHRHwGgc+qEa~5AFUxN%R!D}3w~PoyC_{;%cLSfojX>GYxn^2uxn-MH4^V%2 zqm>8COO=IC@sLq3g@PQ$_9kK~Ckr0aj!kg^9wstvz=MAQNB2TYcO1TKrN)nD{IA`!rGwFqG8x&B|>0asSU6z@^fXf!F(f8#gmjXN5?d z6xC=hWYpbCxAoLL2AeQPpURM2kY>#ibC5}7MEha z%L_<(d2yY;+Hw|u_&JHchubgTi(6oYro5lZW^v)9K?JyhW|7b?#T;^k!1iXy{K5Bi zrV4Q~=6hA+ZCT?U4rb_mtKQlVcS$sn9J@peUFzBN9xPpJAIL?wc%8^4@D#E<%~dR; z(ku0=rULq_k$HLlET1$)fjKg6Ynb^uSyfB{L2v;`iwtW?LCK)E5RR~GSa!`r8ojUn z&HQQ%ph$Jz78(d)BqQS^hHFE$&cnAbx4OyaJ6xgeSji#yIVd%j1RGQm2HU@~yjUse z&1n)zNi6qWa3oodkA#E_?*Z6GA#skGXQfGYwT3Hcw&oo{F`13Z_%9%o93`T6Ca}7F zgr<7ej}6Sj9-6NzdC60PBakFJsvKY;ezFwWNVexoDgy+!&&&d#>pVi-(>) zBuDv2Z=4EY%y11N#35>isW+&%h*5%6;an}`kGd7@Lg`>k@aDvX^H{wuS!aV-8h2c0 zN6AqKwp;7?;P4S@6QYP!jK<@`<`m+{r@+C%i%7BDMg4dgyMnFM!jL#=<|%nT=H^|Rn|YgQz)op# zIJg~@=jv>N;B85^ib|BX+8(Zc{uVZxt>}6E#VG?A60&@re@31uVMwU5syPRwgj5?^ zoEeA(HMpFjWgI9qg!Het!11>7Si_a!bg)3XiG3mGRQtIKW7~Y5 zllvt@+szQC>#4hH9sE}{Q(NyWz1Incd1HQ5@-w`f7Z!DZrT!rHrKIT-6u{!EoQLv9 z;+S;dP2EswtfsT@IZ6rWbqB84t8am=6bL*p^JtRpJf=Z(Q75H!|6>JlOe4^7KrhqM zEYQqHv55s2OveEYYTcrcippmp`juCkX}Ay42Y*+IwC{Fosw^ZaLa4^o(}pry>*!D527d}4^&9L_Z<=?!*>^D`0#C?vtfwSN($YRBq>~pq z;H2XbVR+n+nf1v`67fCaJN!JLB>K`%P=EW!vzp7FNn?|$q-Plc@aYcibI|S+nx(;C zM1uUjU6*_FzK-fuvTaR@AVJgzmKPoZ53MM_P*_wBSq=W@R&bE%>t$4~(Z@L{<>b0i zBS{t-LA9wx_njB~&$?o268h;C=C4AT5Dy@%k;X;Lf>1+*JfzpLm&b3gCdU=s1yW}z zFk!GOp%#i)HL*!|3cKPokYp(gj;@Ju+?EK-g$1QF?d|ceU#DoY4%yRGKUBTINf52F`5S`r!tA7_+-?hfL z+|>+!o%-v}p|aJb46VD2e0EUo^=tlp8d71TY)A%12yvGe%Q9eHpP67e=)8i;c_CD% zX{VrO0=bARnarqrL`otem6P7K)=uXJ4JIQZk4(~ySzq*BuwinK@aJx!XH5L=gAZgR z4bvuBd1jhhfv)o~BKdLw+ToFdW3{i1Eb8J-#xyT!$rZJ%{^875N zzsrfEJ@RVf&z_+#c3?|N7+W;ZlM59e3DG$n85i7t{xgW2=OSVl$`PiZxK*9N)Lez4 z`&l0@?BmtF61U-;gTGcyv2*|6QlU$61^fi@*SmesiZ*2ud{axT`W;KBS(>UhnbTe1 z!Ypi;9R^`W8~ns=$1m}*2;}iEV0mQD0}UksD05)NROADWlcRoHS-9bTcOMP{rh8+G{4 zMYU-a0U=k%xZc~>mBRSX@H9MTy4cfDl+B+>H5cb(GhVi3Ap6u#Em>ewVL&N6Ozu_o zpwuIce7(0zYCydh?OX0Wy@S`yaB<=o`4@z!)+zw}ZC30R5$Rg&RXU0FQKfhBPCf%N zE4FEN2_*ETB8@wpUu~ET-K^@UL{;27Ii8rSD91ZRo<+VTfFs@?OaI^)0K7N{9Qf#q z&3BIYF{^}BC`U<5-hGCr;POL z7QY~Zs+l5cdoI-t%0T^ww=YinH!IVzZ$w^E(vl@yUY&|xbP1@zL)(}{q$S3fsf z2v1MPING0JB2wwRq8VL#g%;triJ_N7}?L#!3KTd z?N_^w-@S4c=oZiBGs_?rgvKtpr;wiq$};iw!M5t|EX91x^H%#q!I_jRn+2 z0{o98vT9~zgxY;n|JLAm_*#qGDmg^^e?RL9e>joMkdi{%=!{4Y_syk?=U((BoPR_`Jh){l0 z*jLva--~_cj0&|n-oWN;Bn`NmnNgIm4FOkykn_={f$#$eNi!>isJgVb5R+OdKcps) zEdXAic!+cV3- zz1%^Vy2bt45;0}~`@OGix+zJRy)Sjis0H==t_@tN)&I#KfrF9JRB89PBl`f-0&QmC z3Uxi0y+8^Qi8zmWWQnbWDXF6alhyZeFbH5-elLim>Tuk8dq5ws-QVzWF7-sJX`QK= zB{b%x@>~QdA_U8@1yTjLuqkW7lh}9^t&3joWrV8T6*YVpOn<@ECIdD3mlw2!R?d89WT|_}5qezAb{9*p| z0%Eq!yyv<2M6vb~o`pb|dbLo1RrC_1LD#YwnFi+;DD+LVy_RzZFBsf zm5rbz{nY8YNf)OsX!hKo3i!oR*hi~KD$0e$yS^_iCG?f+J2>vcbz&^PJU5KG6eT0o z(VjMcqrX+i#1D}2lW#HZ7TPw;I8=iO2Kg}nO9SKBTpVg{4p2J+T0Q}NYLYkS|80rC zkOjttgzyrY3lsx9(RfkXLK8u>A_N(8%4GYTH)uvg+-nwrYWLTMoQWO8-vzp@%9tCB zV$qiE%<(0p*SP;^Us8PSIewnf?z@|SE- zZR3D>Uy}LX-Wfue6|lUn??;a!swwLtg&}blv2%uV#;UGjPDWIx`|^UAD{v90Ak?p` z_Yl8GdKZ8uVGZ9)0O|33CHg@(Ln_L( zwbi$CH>IdOOCZFTA`%z?OE-@i8X)#;fA<07eZo_;xW@PR>!aeKeXJx{5;gb|<9wZj z8X;e)7BFHel18w9o+_!v$&9oJSuT%h$rP?|A6xuC|CxLkpLI;>~k4V zA!7YIfVxRUD^GfoI4uIM=@%l!FZ{DLc+iOWGy)MAh~`{-z*Vu{K0@~AO z`r~>=YU~0C2-O3n#!U6P#|4Cw0A@|5`~FS$8EZ>GtPiwZ$&L2@1zhehiqwh_7XwLz zkNdOX;qCyd`%d!W{-1cZU!qoyjI7u7yfiM-SIhredBvymNa>%`2@7plD{t~3 zMB<-VzvDB~W8~1+`L|?`VaE1_m~lc4v_Qio*kE_%RbGn`c1#gsG9Z19Pfc+dQa>Y?qPg(|=`eFe) zl4_g4#+4%vlrc|DW7WiQYL6QUrVf^<-UIB=&Z94kcqah>>z?xjsh0#TjwCc1gjdc3 z2_yZs`_^v&_#Fu3318E(%fK+_Uj7+!5UgV2Pv%nj+;XySO^}_CYdK?ESY&f8f)KtU za5vmy6afxKltB9emXW_h@*F`$9SpbqnLnmgh6KsfIc1=95&~2abY5Od;Zd)CoB(up zeTu99J)e)HTST9$7eu}}NTN?a5>j9%QHx2Q(X7`huU@lyw)%oab}Wk!yfPvKF#V0= zW3V|WhW`!?AqZUp!iFk3MI6kdn!wTj`f1`N!xi4ltb>u8h zaJu~yob0a*AD=7Em>abu+}ex`0Q8;!7kCULO^1QP!%c40z*-P{0P?HT9RaNYqD+DT z+D1eF!bN&8W9q^pfrw$)pJ^LR(6BOUE3x{wUGe~PAinp^**HQIVT6#>|FS~>9pATc z3fkaOeJ*hHGAR|r{4*RC2r^^x7fb&1>`OurYL)rk-k)0tCB7ujbarzx|U+ z2VQNw;8`Q#Pjm<2@u>chr+){Ag&o|JgtUC~&oEmN;%tHrB~pJ!{aGxy>-TX3et@17 zR1>0g5+Uw&e{K^`i0bhTltYm5MI-wAC7iSN3L6-B1!X)P*cjgQ;f&FAfB&;^i4)6LIy(GqjzLfGSN-x8_=)1yqTCmjKK}D`Ig9YM6nAmih>R>5r-6E{AiTy9%b_qV{ zZ`o@MV8UfRLdHErgGu>-5Ly?sw)Y<*1J5xqHsuCyuuAyPT(~(YxH3ZqOj1D)HM+Mj za8nktn*jt97#TN8*o*(4|2o2T6!Bj!!2i2D{r$Dx&sS(YGmZLp_Mui`%wG~QT6B=I z>8hw#U*4EqQwD@uySbkYP&jaSwer?1*b`K{;D3AUpJ<&VyNt*ph+65O^FQ}G~2x3lfsSvnRW4VgW06oV=-FMVRG~5hVCmG zG#_H_ldCYU@F$(1ete(MS^Z!b=yaaIVF`@ZCqn=K5PE+%f=SRy=Q-tjBGA!tGKJ5L zGYB2}%<7y7+&Bz;%*Zzs)PFzp{ISUZ_-i=v{%r_)f^Z+s;U9^hv#r35(iB`SoPxpm zl&wqJ{}(B^YDi5ipDyxA4(u=mf5&J!G7!kz8aIqs-6#BBAm*dYdqT2BwS2LV09ic2 z0b8iOYztaw%J$=jM=@dlE_wK+A%Pow<5Zv8BTV+5FdgJ%UCz;gO2wMuo96PM;}o2W z&LRpF32*n8K|yO2e0HI;`lR`%jh~5jBf!h?Xk7)l60Z8S6kyJRq;&wIAR2v6GU7#k z{@5+v@3xr5$x*pAmXCB_f9>|rzioN&=$&2gqV1$hRQc$g2M_#b!fZK1!*_)DKepz- zruZP`t|@KfcJIi;QN79AeC%fDu5<6(o7|JHs}!!SWu@=OS22Ruu8r?8r-$^JnbKby z=E7)E5n4`i@x31w1V1-<@C|et`^_0OoV#t3`;#;3)j7d?BeN%S{FB@DM>raW*_&?_ zw;tB*bVSo^Bqmfa6gp(Kyj@d^!B@O>uAkNXTz(;!EGEa{3)}n$UN%zvbKK*Lsb(7~!n|ItJpK+NIa?uzRFgq{+w#$RkHPvZu#{v zHyFRS-y!Zjv7GJUP=EYWV$$PjfM-vT{Kii9W-Xj@^M>vD*Yzv*Va~;OIVPmGsBKx%E==|iJrvaHL#gSt~?$5m{dHBq}o+c&Szy1;o9>lDU&?Aq|E zX8CsDuM1=3pDwh{1>;0@I@uY|S#RD=eY-ca1gnGw>Quau#MUy{hst1!R+m@miYH6@ zPron;{_M3>2W)Y`8^0Aaa2>)zuzDkP@($=PU&zo}hIi&s9Pk8PvhYh0m%X03U7b#`M47Bq#C*5KOzlh)?{z^8 zdn^q`v_kFnqJ6kh|KiWs-(GL)ab4R!+uj{rP)YuLcK6u)z^Z$4zZtD%8Iu+9okmf{ zk7a(9&kYoptEv4`;oLnI58U`@rt`X@^^xO-;<#vkYy$DMS-<*-FHep(cr;e}2Onil zIaFx+W_s4F+^?H&be~XHvU35{=`veEpLh8^e$~%fsJ33=o>;y&uv|zAEQ^AdikP;~ zU>kS4O7Ib(U`wJV@z+)r6*P%_38Q@zXw?Wo@R+(XsJq`4x-wFszwEFuyvF`NVAXe8Db`p4!RaY zLk@?Jm^%8mF+RG@Cnc{sgELMO!>12VF7uyCPr-WBgj!`fuHD*Mdu506(KuNU581B! zu+iR|PnRE}e7%|7#!^jb!TYMCC4Qx!gCT`CHGg~b2!3ZRmqDZ2dXtN%girsW_f+5A zjlh?Ncf%T9dwwY?p;|`h<%z~s9lE?9zP*xJ%GtJa!t@tGw=V`QH!u0B;0-q>=r2># zqKF&CSxpvP^%u5ZvGYI_95302@4n*p{|Gy}^*a(~cg=IUW1`l>>u9|tiaTue!euN| z-f7sfL{s=u`u>pP(~h6??{Spgba3lU(eIx;PiprRx9Y-Rcq#psUGaPX zLXwzTN>hHE?b*8bu&z^4-7{(AJZ_6#RUMn=eKXXXGXIXY{(L%%)g7jUG$YMZF;w8^ zfeM`_MRLp60b7W|qD}S^a(F7RCz)Q+04t9=5}eiA4pMHy&xG{TD5ts0%v~N2ZJyN- zgCvGodvgpLcIBn5{15itGOo(5dlywiK#&j-q(QnBrBj-PQc8DAOG`_)z@nsEM7p~{ z8U&Hf<7!`0` z72Ur0x{%r)`f+Y<5VR_Fm>10EniWJ;86qrECNK$7tx$JfQiKMz9eVPdoy!OCv-w&y z94re^GBe|Ay2;W{Nqg4zXuDs_ZoS;!r?Gl06Aa&6joT$!@@Cz9$P2C;+@S_{P%5A^ zsrYFd&~2eou){*_+82xnvVBA|?{+e`TN!n0Um@VK#xZJFhH2TpG&ue!N6R97+9L*Y zTyHB|?7?#5Ex9b(N!3Na@##>G&N$W;sri`Zr{I(EPYsNVUrZ>q8X7LoFin^%r|o?{ zeoq=U&fKy5_1VL*|9;N+Hu>84tYq>NelBZ4=Wv0`ks}$f(SEb`F2`@bfG&mD z@##wg7#WF^O^Y6auc)qhR4Y%W`mM!$OO9{bY2cSpmP9{|+Q}+Q(x1&d5%*-dg-En> zwCd?T#o*9Y>9{u{xSdjV*w1}Gen*treZlaiZCvEWrY}FgR~i)#z58{YDK4{)0`u)Z z28;M_vp&8X_pPG!cQiq8cV6Buw150f;K$^1ySI5%U>X%;xg`)@Oog(i;Lt{(Z&{#y z&u4z4vW5500GnLztF?Yu^fJkCIp)prk!B+2R>=N^$($^@r^n?Es?5mQT#lJxMeG*y z!4@k^oxkVRo{Cm>CQH-wZQ%gxbl=E3Mi3jyS)t`D8kkq^d)1^RgXL^D3LgJGl1tiD zN!kUm5lQ4%R^^&ca^?Q$IGo^cV-hiI#PIpvz3pS!(qQ$+uaO_#?P> zltsp6MuVZ9pjNi#JI(y*`3HjVFoV`6&#xy2`#(Qc3nePXT^RkAYup4C$51OPGI1ws z?<^-5#P)Q04R0a?>Xw!&8-{tDJ9zEro+`QIpoW{MPA81WjL=g5@TD_gKRqmi8%O`$ zD+*ah)oIeZesg_^nb`DkRxzwfy~h1qYfFjOUnsF)4aYj4izs>+ni|9}nCj1%Zw`D^IhI$GcT z9kGn8w2ygZ&mi<@*Z+Kb3VXYMP)8jW_)4oJhC?g8fjm+ ze$Q!$q~T0ftZcgbpo-H7f#|=CssaJ4!q6?5Lk(P9niZ3G{ojp2cbfgASGzaZ)n+}d zC)9Vv=~k|vNn5F&cVba7N{r`+Bh5vH++*^4uA=+*Y_VSmzOUI^l@F$M*0yQQLgWab=OA?~nu%s)Rd1&c;h}(sZGR-=+fZ<|8t!6zQR)$p@;V|~{lens z)#+^9lEtp~gx>m8{>$b{ZIdy@L9#yHO zpgghG;5$BWh%P9deJIRW!uZdjc`iE8){%!)0TZd8&OFS=(;|0K~o-?)}3Q&bYt=lip5leG6EL;9-ElUa^_-KY2nA52l2KJQ>e^Fdd_SE zohGT<`RE!Wu^TBS;D(XBb5afR^>|7^mgTi9dvgrnz&;ACANYpm1+2v5tPSXPUtg(Y zv>VG++?_G6GS`y%eyn<*YJc6gXgiK}2V4axM@dP3HJp-q{N2H-BIQKY{fhrYk-xw3 zu>0}pMQG5dNwSvZlmiOhU^DC^HR$&buQ1i1{r&i0xDmmdN3RRAy(l$8h#cVbxilUw z`Rve5j-up%2A7bA+mo%z!^3`y&M>SlYZLKbm+Mt~<>a0Trdt(zR<4$gVvj<<+XsN$ zxwi6mm!GgS@Nl@NopkgvxxtD2C1l5A{&MwBsbRODLOE2wrDJZ}*n9Bht&Mtu!|Sde zTf3ZXahsFbGKO;b2LV�g% zGk>fq4%JY{?v@cIG0EQhs$9oI%}}GTrp&>j#LQGDvq(?##R4N>hTX%K$l16Z7)fF3#Qh z7!K7+Jr6!M;jIt?w(_wYev?#LPp;$9!U>|&KYigeFx$^SR2xh9{bPWfjX)?`|If&WFig2}Oo;R`uV#tDF=V)Hq-uxl)e@B+^ZM8N52^zHcc z{W4LuM8}B%5B2@b2B8z9AUMf9s{;HU&L44pV1_Ap%Rl z^0a<$CmWl*Y(mJLfY+*0-&~^z5lcfO`)%O5Yxc_4txHnGv{ob!CwA1(ZxsqT;6Oon z7Wjdjl>qjj(p;diY7zlI!b@D}-J$=?+p_2nW(6--3xu}`n3D)RDtZoC^55k-6uj## ztW?Zglu6+=X|cGvp2D{12@O*6{-MzJ#KPx`fGBqY0l4Z@K=;4y`v7`xw_tb`t*4$` z!*yeSd{y&grDjLvPUDw?8RtLV6FxTtEb11Cg;UN!f^#?fGKnvaB)5hOvkPX^m1aAs z6yQ#Qe_j**Z7|h0pru&*;b4$+V{2^3r-;_K$+g9GIK5+Xw9?eXyiz~$8ml;A)MNnh zv+-u(<<(&ww&m*dh7t!cb6rxwRAXI1!{)c2b4%dNJRfA|STYsVU^)PcYMGmZ>SVj$ zqN9e{D+O{@725{{a}P4B7mg9zUmL0_fRg$I;aGTaqei}Y-SN%bt}<&_#h{vJSx~BM z+1M^`C($ca&R2->BkQR`x>;Rw`wvD-d)&S192z`vTHh=H1@#_Io)0@%v{E-o00xLp zgGU4dWrIyu&5hTmqKOAfBiSe;`q`DE_8p_6`q`Y7J;5wKD%pBI5PFKqjGZ- z`89KsPIiqY^bVGbHSo;pidv1@M=?JdEgZ+p$ink zN3&%J>ee$t6c;0~<+_jeOf(XAyjP2+=^5RE>^;Ub+PK_Mq zr5To`xAJ^0MV3BN-I6>vhn^ETI_~D!+Je-9xCGRQD+|LjEtl$oa*-uB`?~juHTd9M zgNKo1l6xVk=dZh!y_HkUf9AdubWW6p5lnuztQ&Ljph`{F<#hdlxjx%CYPtTJ@<01S zG43;O#H6Pgk&HI`!YwzQ$S1kV8jCxcm|+tewwOdyu&~6*o?fns7-BBWXMW`T1ekG_ zA25lT39Qc4%hydbsz2$Sw-Ec>Sui=hCbt-n6Bs0S94pPgI*^lsr>qll3%6J^TcmmmWC&nUR|)z!oGIB(}LwsO+@ns@OB>FTuFI z`Ko0%_`9Wz{rLNgMVI!JYUT>jB*E{-D)U|U$xF+ULeir(*Bvh*a?`|usR^_W-o4cT z%f3AF@mWOeRM6E)1?Jc$&ZL9F;eL$d6qUhTxmV7#h0mo!6(1Y-c&zockcww5r$obk zWf;j-td_$tg@)dRj?=x)rlX*lkGC%!5vErtdNI=774+$Yh3-z})+Phxl?56TIs^Rf z4{U(x2PwVJ8UGvi#7m#h$b_!O=~%4RZ*aPw#&P9P}$He zNVG?r1%?uze+lw0^g=Txng93>BbgU;nQ65z-k_JQsU86ofMo)s+yZgiJ2&f+4HB(? zb;t_oqHdMUnvIscwKE?teqDS&T>~xjcOj{jrTVLqD>i}F%IS{|Q-^82+gsM2#Z4&! zaHSbW)<+Meib zsc&^g|IpHGnbRJhXOQC$4Z{l@np?6fa=!hMm)lq59>w_m32J$({Xg1+07XF4A^48fhAC>J~0O#5^;E}3= z?xFFoEkdVxDtDvWEXFi$)GS@SmRY~TmFU9*U>%s`r5e_J9&>Z*RSvup;98yK?>QZd z&YdF-J_}uP*K0o~i@3*yRpDf{U8C#cy!@xj=VulH28Ec<3~Kx_Es_OpKTs73{&bu% zTiSPC5bvd5HU^NaUGus*tRJ1NHR&hxp~I7SA666>$5iD)Sc3kpL9nSF%mUz-5Gg-Y@NVjcGbz|^2K<5Kn!%3v2U3<*wL}r}- zfr&bWhQaLlq({Pu=(ljg_j?O;sg=2NZts+;hHQH$GCD#4iY%#Cq)jXnZRnf9_yhwa zJ{J|f!1@kY)<(hB(L`-RBF^`FNPsdUM$2U*8yvt$4b?CmD@=AroD^|=rI4ru;^NSy zHOnxL(PB4W>xSzAy3^HVHg8nq!#$(JXw#Od7EDcFqmGQ_zAedd*HpJBt$DFpr(=nw zg4frHIHgZQ;6ZJy#jAPwhC=en&4z20Z6C9-L0LGbo|1z2p!UY^~CE zzp|V$s$XyqX7I zyc9r)qz1YyIPZg9DG^4*LMh>f20YhENO0C)(=q%lkw&c{J11weWk#`D z-(aEVX+TPwJ)Du?0W@eF|C>RZ2!`LihvGY1*l;>IPbeJ=;^o;#d(DcPu=8GpO0!<2 z?WuU7$?U4zDY8#yBHUvovzt4ul!q)_ssg?$i2bGd`6rb1!AHc??Hu!2#FjoBQ>cUO zojS7E3mUAjubqFKgpBBP5T6BH`b$Rb+WxdTv`K2Zsl?DNe-)ZDNR_+tcrfTsZgD2M z=j)_2hJwIRcig}4ue`#p6g`_|`Xm9*9v1Jet`e%m2d1!< zUuhUfl~T)=Gg#hV>xf198PC_a4W(E8>_k}uT@r3Rka$~WS@JsWWA9X}c!=mz-EY~A zQ31xh1NyljZtBSVZ^skRD>$M}z*G(?0Z;ah=fGTBftohONmZ(6#Ll#9+kRfJ)ooR> zLz|D|P{hnmlBm;zHCadg)5#x~0$l2CWR13g6&IeT1IW`oxgkp-zjT$Q6@S7W(4;@~ zJE!-f@BfCvF5@2|&u%Cc3ocyreFB#8GLeWuBQx9CpC5ZDgwwNNKT%5sDA5LlmDnJZT-vT$98QQ zU+Tz>za*y&&=e-or@>yC?bJ?L7!W(zbknEg>Qp`K|FahsouynV0aFaIW*xK2qK?Zp zH+YGRD@>uSh?|%DJ`#6wCGE;7&m$IGLKLZFRO(TC<86fS4^uSjWx>FziZXm8UN91? zfrhU4Risn`t2T-&tNOvCkRLv6m#!7-4QjJ7&)t`ZsA%*eVb{EK;=km2E+)o$SDGuU zs!`NQ?Bu;pwr9edZ1C$guuq~5uyPfC-R;8I^`pDUJo)!5K-6xNn5@}*lb0&Z87@S$ z&h&*oGuE!^jXDj=U71U%4KNbF?fe!g=|$T_z`8L4uIesIynm`Vyw)Q)T>Flgr+BuB zSTdJ>>sFJkK+b~739ISd>8ul*=~#YpUusoaTJGVKp57U3%xIJ_qUyofgu__P@e;}O zLK64uA={(oM#Ws)C}^IG0dLH z3gL*Br~HJG1+N%gPTwD18TAykIolZ(vDzN)t9dRVLx%3$7m(`Ob@v#s z4D>v1OO3E5V2$mR6r#<&h#gyWT`t)(dA=WV4P#rlqca zq#G2iPK^eLR3qz)~w>1dTR4c zl-op|XZbc!Qe2HqG~M|em*Oc+R=sxD*>qBd9dWX8IQ@9Ad&z)|?c8Hk<7M`o17c-m zgRNUxLww-YFpK)&0{n1(s{YnrSoWE27WGxTSr)ZBdx#k9Ti=a{x)uUlZR1A!nOC-2 z^L&tc<^5P;Zd*~r645pr(Mg#6NWkbUla=CP6qe_*$DzC+ogqh|mjS9aebgMHzH2%C z>V59Il=RlOla+6UIn_tcOW*i>nW{-3NzLMz7&Sd z1P6p=L-us#O4d&Ij^QtZGwGNgO3T5lDpGl;1QRt--+vwJxgy+s z@s%Q6F#f*ugPtqrD*g@4loaw`N{-`|q0_h1iR>FQgUgvFRuMkt@1I~^X%-oCthM@W zjlO$q%rmTb>ba1+R1&@ZAp}MSGkjhUwQei-Hc83w@E7lua^$_qV+SBowc?p8cCq- z`g$^H{9CiTOaZMRgIfK^5__|Wn$OXiLnp9YcX>;d!Ja+kp71=+=p&aTrZ^qXni}gT zo(aB-af{O>a1owmc+_s5KJuYx~ z)}sAw#RIrU@OQavPQ>dn-UMKNc%r4Ix7+vQ4UXCI7*}d0vyBpYLIffk(8UBUY9wT5} z@~yi9Z`HOYHG|su9}%9lV>?oY_>)oQwZ@b2^-gqfpiw=6!;CdE=SwUC`#a$yZtzSK zL4}Y=__CfU2O$!V-{(m9_T!vL_;EM06pVs+>>(Kyxqw~f`%_$JZN5*Tp-I;%eXi+6 z9}5j8dN>p-E-DmVQ+sx&QKb11{B$^hG)x}0g~}z-i09p+lr#yF0qYu>b6+(K59Oz; z++?K7?;$)6e;uc%B*lVo^(8ZfVWQf`;4a}pGhkiarqCOVwy#-s%XQE#5J@H!a;dN1 z9|<{J#|ZEG`IdNPujwY1O%NfnNv5t+IqAYw^TU-b_ubhYLN2qUX^v~wiK^Ac;Vo}% z+x>J@nJK%;9-YJ+T+QZKHZ9f)?0nLrHxFXtf(+YEk`7;Y-B_$UYl9d|TN{Dmw3#sz8}$08#VSyF|U<=(LfTN z+_Zh=yqVJb!(U;EH;iJi4?@cSqf4lUs=mo4GXm0M2h?dwD)rU~ToEL4+fVM2&pEBe z*R5EzzLoPa*`98!b-gPJjYz04?_pwVe0I;eQA6AHR*B(VW$4HKdYQz+QtL2xqdwxy znT4aZR5xuh^3&?jr02upcd0T)*~~p7>-^^!ayWPj}Np`PCW*RNlJ&$_e4?B)Xe8!{G23e*4R$`@>mRGXuOw-DU2En^!s#Z^?cbZpC}7)!99dR_zx3 z9pGZC&JL#6FUt(MN_onZ?6}wrLCd!HUwqQE+OQu0G?^9+0v6?o>qo+>OI z0lzO3+oRGOyN35=gY3M%+OH-f@Rb z&I-Ik=RHuON5mjqAPmMCe@?S-MoOAhX6&ai8ue!oJdm4vqcp;zmxI#mEWU#EE0a7G zO>PHQoH>^wymz>wgb?Wg1@N)E`-jWQR5Z@d)=7xJMZ!nWM?eJ+`d2^&mrLy}E&PR% z&_E;Z)brQ;k&;e9c-GEH(~>OK|C1QXv@4P}HP2uE3Xvq|6i)v^p*t}hhJda!uBf-s*Q zJ^I>oO^~Zl_O1MbVv}kzsgUKD>k1Dh)6w<7>Rocr*K|CHFdmzks4xPy8=J<^ug>Ay zs)gRK1k&6&u_y}#;+a)CM*Mf*vyy{5J)sj1@)teHsb^aevZUVd|HAd zg~AZuw9cotzvEPrP`ZcdmGw;CplBw0b+(QmPnL?NM6b@l&B;k&385kFw{sTgE*h&{ zaye$ij_7?+c*d1-s2ls`nO&`A7PXzBp1=!ac4$RUNb@Ch`wehs39LR|BQ!iO;B(`@ zMYXCc87snG75si(Ib(b^&Sf<5q{;eR>6;s;A}6AvMY9S{%|}HejWqn@1+pzBD5r*Y zXgR!7O8W3c1<^}#@WO)O@%2@kVM|YV_B1D-R2xyhQBLWTwwbT@RS?&mjPW(P-uYAe zAtT@Ii*&08qvW@^AY`=Oy;%F{a0oQV z3=iaVYKYBLctp&0JXEU_U!MP9Yjl-cWl3Fesa|9Kll|6*OwoADmT-D$dm{lXK_X*L zMsTEQ_JEeCGMxOMJ09Kqp?^tjV{9(1rLAXv=y-``R zgRkwIuybdhAv`01CH|r17 zt~%v*jRz7&#&>XXmD80aQn?nUyWoFxy1bv*%}hM%`C{Z0`EDzP$~Cr#Pzc9SG7^NR zk_Y-|PmvxydakJd7~FD^fay~j&aFKIe+08Bb#)(KETL=GCc$+Iy|Y;L>+B!HRlUj6q!Znf`y8SmRR13IJn* z4h@O!S&-C5K@Y5dW)n8^12Zf%OB44Q=+Zl-9C~PmRNyhC3T7KSWnj6tXjx!{0$zYK zp$2xxF$qqFrhQ<7y>Ue7=(m#gDo0pWGHU$_$_T{p747wZyJfUPeyc9%ac-1*wc}Yd z#_(vuv#Rz>gsL<-C}TLFqQVf(@Cj5tOp|6<4YG|o4)siGFl|I-M-jUF zM7tpnxVbe>n_A552JNF5qQZtZ87rkaD`vy_Lyv4)Ufg)g+FladE!K9j;Iot`y zn6^giy$stzPaBG8i!5Fw35*@qh_h?=DOI^3+N~m09?T~MhEcYx*8m(11(+EjRdDD| zmp6^fN}kcJQ+U_-7xm7EUer|b?%|AzAV)>F8rRRFW>$36YJ^sbIyBZxoXGlMZfpM* zNU00#qFb~XxL0v`g6(5aTn&Q?aSUa|bI>Qa{=XQXBR{+=nsx`g!AbbgD+4m2m+d&u zk)MIG+G+j&4-05!rr|_==oJC_^}&N^En~E0Vo?6!+eJ=o5QwB`kibfXrdHXB6;z9w zAnSv{b7VzmlE(XNrbL9~FFXs?+*;iF9(E9TH9~m8$X~dT61+A?ZMDRK{Lt$?^nsXl z^_d#zYnl-mVJ$dPcfm6h@BC0Q1&wqL0k79TX~5*C2Cs@B8O0GIUHA(#N=Y~BeSnI% zE7~mC%w9X?_8d6_j9|NQ0BD<-7{x?ZyDsP7w?V7HrznWP_bsfRBKbqn^Pd0bzg+-+ z$!CDpF({lD*oactJ$f!9z1s8B#TY#L??;xQui3uM;3N~JkcP|)H$pk=->>STwTpo< zcoVpdBuXI!`WT*STctq!&o`eU(LfOZE<7{&3b_;-2{j7pt&D%a8$kt1>wffl^7%tA zL&)?d0@dCBTPqwWhH`R26^H!YLjOPY0l$Q6p;Z@aRspFfMKAQH5mMPM=mWtCctPPtQW%c7qB7L-5cm5HzbKNbkQ-+zR2xz0 z_|S_Pve?)MeYNKQzHRsd)TdPS)2M?eMGVxvz?!Q5?IK;YbEvQj$k_i0f^GkO;xLp+ z+EZHYJVjCiLkeep{MBLX-?zK;L46EM_Vc%ZsX*fbvoEj$7W<#p?nCZy)B^tfpYHIt z1G6wdJ2yloCto0!K7^V~`+TeL-wH)^Kx3xApf-m2U(5aPn9W1>x9S5vEe6aY=CBmzvYR74l*RD-mgYjKNwfv@Bfk&0Mju z&Hv$P&|J?+{(lYk|I~2%aK|rCwv0B0vr9i6=$|E~+OG6;d*8=k&&wPo1|vfM2pJI6 zQ34)~s2@ssunMz3)7YMI0P7UHGzcR?I)EamcKf!AD1{sp3<$k%mcoS$m%Adth3{0U z7)B*@4{-Au`>g88-{HmcTIr4J1>oTHpwpZ?-L)s+sD$OnCT9U486}!BVh9@V4+pAi z553@!yLRgpu`~gKS$4A#`i;?o#BIQyPBTZj#kQ6Bdp9LO3<{~w~yTxn@M2ALC z=6I8YpfbqSrlc^vszIG_2{fe}&H*_kT(8Z)8?Zz$Sx!~HHJee62W5c8$RPhw=se0~ zrX==+ehACqV`O3n3CMIaI}DOvBEztNLDBdK2rj5-Im9G6%{nXAIqtwWd@IaAT;K_6 z2IPmd;X*gnfaYF6vC?89i6j$~(G_y3hSIVWVk8D}&&?#s zanK!I#K?d%1V$+6R;~8tP-1c71;{2RDCxGcDI**q*CMqglC&?%97yb#wY4>MeRtpw|2`X#s9Le&NO_rGzbJj@0nEMb-r$_uQP}%@)fa_4kCiKLsu$y<^tQt7lZEKc zfGn%G%vSjD}W*7 zao_`w)dPIIW+1LM#n4>k?wjW!S|D$v|J)9nKCRvH$hj7Vw;6_*!+t zX=E4HLgjevI-q?Tv?&)rsN4mPd(2N?%EwY-0^X3QEexo4Is82l5Z$VeSNY?GoHUN0nEelHGtK488G!SPzaRlhpoAKYHlccAb4tS zZ?5WghrO*-!1rb1op{BR?bw&r)&qo$$nE%(Z30yN6iTY#^ZX{9G7>h^j~=uxMP03d4qF*OuGQXC~G z#@++Mo2GjxCe33SMY|fYO(uia7wxwD?T_WUN;=85qV4t%FqT)qpLWzeDqkmFdjjiD zIt*sVumbGY-?xO2y*w#2pd+kyC4%0Sb+Zy@d7*_@{iVD4TwZ2cO^RO8;<#uh2{03U<-9!^fu1 z2)j{FwM&Mc3LuaW@h$$2>M)SRvm38gW*kOUUVa3aHwjuD0dY{w#_t@y3&oLVXP`vB zt+(~#wB;WIyVi#?LG2iA0W~d+dd!S98nrJ7Qoi$LiI`r~P*8O-3{fm!OL65jVvQ`d z-xwAd4Pt9NZ)G?(EBJKO&*fLfL@z)eMjy1Dktvq0DF~>fc3(!n!P^5qs8ZN;<8nrd z&f3Gw_e0YMkko{TBi|1tHNj_C`R7rQp5Pqd=ugwuiq0v>jS1 zBcCW`a5N2jNt%tY4?F4=yfYl$HSINW00O1-B28@5We+^3%l!NI1rqA#T=xV5IG&0= z1k~9Bfwo~{ux1qVM^9f`qdt5(A85(E?Z%{3zJ^C29LP8L&|r-W&mHYs_zu|hU0mfD zd;Rr-n1J`PjUb7IG-#M9V~faI~hRp%1VWOq@1u+ZyA)JEYr*-PI*+$W+(QhA>XlzW zIoa0FHlP%%yKU23oOJOr;NPFBj5vs>j7Q=O%Bz)4}U0CvZ%43URC|3NLIi;kYqW zYtqGd-q@p0x)hkV!Ny4!-GbR3>g0K`&d zQ!U~)h9>wc5y_t%3=}&E%`vl(nb3ln>*{Xq>TR}ngzPCGSENaaQ_*aH`pwz%id9*a zZ6uk2+gRx#C7VY}&u7IzzS!ER0|CA*dfSMvQtm6lFN2>g<@_>XenGN%5~C9BzB#;A zZdvRDROTtHHi>c^UeI=tQtNg_P!?h>e=ZGi2;hv~|BPK7(14}rtr)`p(P6ljA`<6K zz8DU3Mev8z$QKt@#S#m(+34JJ@8$q&`Z}xlYe~Xyw>ZRx--Ee!O?8PZ>qA8gxL`2v z(sp>3Z|q)#WrRg;66F9;g`G4;EpU(HkKxKP9L-ld{4FQ+M71)bn?nlrvGX25)5l_R z?|YPt=ylJtkSBCIyqOhMMJMj)-mD`cTr_L1FMbTNvfmH+RPxq-XWnC#*yMXY$hV;+ z2QD@@$%)JkrK=l{ud4c zH!kjJ8ly#pWQ1Q~h@synz(BLoR7HA5YHvbE^vtW`j-pq#aHiz_&itWvtLg<5lSi++ zH5%P&%5ZUNV`rSAT^!F!M(3@(MS>F5vl>OxTIq|Dh`qjEz_{I)JRRq4TD*%t(u!z> zjwpH`_TROO=G_;=di|_rw;B%rROlmij*Qw7d&D;q@Z`R2=LPcQJ9zfdXVR+&k7>Ct zK9klh%%d_)0d*Jjv`!afe>2iH5$``pTax7m8SnEJ`$zy^X3|&GF7)2c-MT&PE>b2b z*!sO#VrEWVH0jedzf&&yy+t_g>SOnx=I6 zRe#h=)}Iw2dO+K3mt*y%3#-QF3$ltB`trjnJ~YlbaAY*Y9QDlSE_<;)S~LX3z;NBo zrvTmV-&GNJE;Wru7Ny&o4WR--E+F};Bh`qeMMDelP@q>zm!K3s_<0h1?>7!{G!qbb zwDqC6ZxqZcpCv1VIQ~9VWgkE!9+T{@>BQ~Y!t+=l3v+T4=D+AKgBQ%jH&u@LNN

    *+C=tzxRK^$2yy)hl?2*N_Yidruu#RT( z0}_eup0REt;X@^{45Tot-WOC~fBUg(m%tL(;Oyja0{4a;wR4p&N1-4*sKg(ESdu52 zm0B(9Hn}yj?|0*L5_W#nbP`g5yufB9uGxDHd1rfkY4Wh=5;M`LL!Zn5B<(i{&7IGZ z;PK_^+~4a-5@e&1DkIoGlok4&ol@r+Qc%`tPLF;4v)_B+RULnKXVi+WC%y(sa_$=v zV29m2B%@0}+9Pfs&-;z}zWNc8OP@%*Kwr%8&$QXqT8*iW>u-VI?;9CGOW9c4|Kv&x z%1M6Y!JRZoB;#dt9c(u^A*jR$_a}-WTvtBKaXD`vM>9-Y5BqWcGG=Xmc}!slICnO zBh2o|2(~I@rBr+mnAW76|5_3s5a?wAneg8Afr2>i0S|whr2LIN7k&mh+n9>p zF8sT2HoL6z!;@Cp?758KVWq#Kd6j?Ws3_f9pzA{cz+$BFzP3HvQZT^5+!6UNxzUFC z%LDkCzY>ZHS<)O>;sj~A;#^5+>hrpB%Ah5JV7hOQ@=Y*+@2IW8y`q(zgC9m~rSSq$mE_D-$ghJwW+3p@C;ooq$NeJD?Hn^KiHRTf*YA zYm=6@R^ZX*5oAKixfoeOah{ zKakfAnu7E9ZRZ3=3Qp4{`81+P=11SV%2AJ?@V=_}>MZK$p7v!}e6)~&tUeS9#VfS8 zR`xtf;R|iEFGV@V4MukTX$7BUvK613r|A_O#)0bK1Hpf8)pc0jAX)uaJTTrIRQqbo zn*tV@zXj(P^pX{yVH!Y?55_p_hoqOAehB+R0-*qG0P4PpH^1n#@lg6b38K;0j#lobKBU%?k-62xhZp#_7vK?$e(0GKR2%LjSLyIX^LsRJ)(;^ zczfWX$$LfOq#V%~nAUQk^W*&e9f->@;klLQt4P>4l?{vKKB4J)Zf?&zTo7K^?XUJ^ z5c}&%up=4)3J}a;W$4zxO&8^mm%Gi`2dL0ab#nuqEGmB+n|u$8FW8}m{dpMl@(J@A zc$IYUx$fQVd8NX7yLy|%-E}S7MDS>s^!QK}{}gcWQi^GU5sOMU3GPTaRtJfh{#UMf zD}Aipm`n{)Hz&@IY0IGdr)gF8x9O&gNh&A1`cf+mU7R5;olRDm0s6~Z4Lr08v=NQe4W4cQ8Shr5L zm~J>&bK|a0Xv2Kj*1xkV1$E$Fy_2zrU_g|>8+e>=0EEo_vfM({lg~wS`?W;n>hOw{ zo~NysdRi?2`kUw;FHvvOthh-M3Qf{R&=vzB$6PuNyU-b`W6=K@5?Sqr}~^dn4e4@qF3*Y4> zvLQg8?ICqp>{)^H#L?57d>v)Sh z^`*(*AI{agIk$i_(HMGWuDO`%M$9K{Q3cwyI0a`8=r??T-=C_2`|4jG)w5{wYPy7k zhnmsu!c4~xGr!@Otb2GD8unIVL_{f^bpm=XJ`?M|OJzb&e#m_{t+*4`%41)RTbut!R z;n2uO_oZL-yFJA!_qjE`jI#lT(u-imZMc(YhwYgLu` zbvMiMrY!C{QzK)3EkLsLJwYoiMYJsC0pF#=`WvOgBZ>KWMQa2y*LWV$X-w|RkOM*Y z{kx%%acj?U)!jCr=eC9&v=_n&?C1v~>h_pf{=W60%7@Rj8>_3iri6BTNYwh50E<3W zO7*QhfT~s@^;5LdHMwq&vjl;fvo#x}y~L3~&uiZK1rJMTagQy{D{ZLS1E5s5I6t^X zO|CK%kLUAWI`x2|2+DSS`QpN5eZt!skp*Zz;kPfN>QO1+@_9$P>`??d9Ht~m)c_jj z_xS)6_QKZ{aWQ`%(!I9U^xBTwGX27KUm+ike9{&Gd~&IkPVu5}-&uh zO)m&4ghAz_HeW4~Ca5O?Oi4QA8pb?G3C^vUC0?TTGU#(JlH6?LeCo2;FHQN-oX#_3 z8F`465a6u8h$=i5<-<*{I(7iNsWSJt-^>7N%z#PSwUpm}SCk7sdyv{OzxT&W2ljI% zXRrN@0ff9)_>f#|=IP=H@qE`mM(C^Y>Pg{&`V=MHuKp^X`CfCXP^X~w3k%7ImaWVI zmJpOq2U&2FJ%h=EFlSl9!|tF?J}A$%*X&tV85$4!ExNk;Q4!=`&L`5(%>v=G1X&nB z!%|M}+b4Whn|>~xE^(5B|GcEIiaxFv|wn?vn=@}2|fH;;hi41&}_N7=Gy`01#c9{hDLSugVj{&yM zw)hUpi#pFhyFNenKVxMG8@0dJss&)mksOmPOn8 zGJ!lX@3E+dfI-_0EM>#=8(c*kZkbAP5Rbf^4_;*75~rU#vZ$vWcqji_C~9;pOjK5R%#5 z&8H=GUTP=ne8(LV)kmj<@grC!W!Gg9+x*pX>yim4&(RQ z+H03q2->ue^lcc`{MJbjROlB(GR5v_8~7ADc5y#%zeoAfxA`Uh{v5=}R6w=&GeF5q zD<9>1@lQwhch0+lQ!`)5zRT+l4%S6$%Mnn$J4(stj4)0t4UfC${k#t{d_ZckEfVV) z4aafvEgt*o244~y&v5Rg(&UqGX4oY)rl*x=^`Ae;Zc{%+W8ns@SkSxrSzDtgr}*db zds?R+;9!i^!!`A5`+`1hE(zx8BmAoQo(zZ$UMt>v4X%g6L3^^>r(KHaq~_0a0p}t7 z_J`wnDdUWS-p9!=-VvK^N&;61{{nJ9c3%wGBlCKlVPWNO^PUJl;0k|&A17wzWgp%9 zS2%o#7b&x`u(&{a+Y8#AuS8DkeKGfIkmrlC_`rS6RMr!uqUCv zC{n09{iA395e6zG)ghbhzSm7PoW1)53wP!6(e zturAIxA|+Dd6yU9s0ZUX(_v4dN7Qb;26=6oV$Kg3u|rt{R7xN$;F_5Im@j{FH*3x* zm>3>QdYLZouCy(dtiZ?0%YKnkkVFuXo#2{l^_u;0b<6_Q=c$`5f6YNviQk(+!2y5+ zsfO0_>GbFJ(0$bT(AO_PQ!2>7^zWa6g!|8cmjnCg7lcRuArz>PU2XHw21(bkmI8wfQcsj6C-cdU zyFH(}MVj}>XgqjwHO%02QD@HeXZ)5ro59*qU}y(l_1DD1@V!%^AI6oG&w&9jIva7u zD4Twoj^8P4l@zhb=DZ=W{kZCDl+%eJu`im4tbqE;5zrq3N3FQ9ule;5`b!W=%H9!?>eo$rf5dn*uL>3&mGBGNlab%lTsYRLrl* zxQNSGj&P*98x+WS)fj&=!`TQs)h43%>5y{$2a782K_n6=8W3*%fYSsF#A*J96NzX{ zu}w7S?aJBxI?3pqwIN}2@Uwb)H1SUB@;uRvYY(#Uf~(6ZWacE1eE)Ed_j(7y3i=2)*6SnvR|iVp{y63`^&c{vb{V;IiS8lj?^({DXM9=91SSs2T$5c@&fNxAMnPG?B^A_%k^dJyh9{p6wNu8 zd+^>408lepT;eEk3JJ?GeQ=`AzhF*Ub~?vm7z4x||=e_Iqq8 z0dh^JoA~>yYj&XXe4&!wbEOjR3_8hn5yl@V%}D|Qt6#}oZ_sai{3QPJQSv5Sw-()` z2>wyZwBeht&|8xUp1xN7J~(J||2XIkh+crD#X4;kv)tUlA>uY^LT!IIjp{|?z|%P>#55=t|X zxw7M#)b6{UQ1}9;Fp=7dXcHoBWAe0KCG-zRR=xwK>vAx?No70UFJbk^FG#8DW#5en zt8FGz%N%a~WRS<^>$4@XPo`-0$Y1u8X^#`(nR<-FMz!wuc<*4UU*S^bO!5ux&g*=t zW%(yJCBQU+eA?%AXjBvzfa54Z!!O1S^0NRjn;7Oq3GN)C1^lq4`WbdWo>A1a!he-p`h02v;&$SS|=3HaL~TwuY#trwLta}Bu&^v_{J2n}X%f}!8L*rR$j+H1Vcj3NN`_$lz*cg^v?>P_l zSML;%WhM&Dn3}8W^MeB7v*#lqQ-6U4F{h&wwt@-$qZM-?|&HB=B>%8=r$ck>V-6T$eJWsEhH9<;dNbxH=Pu z`mt@c_$k~=o&rI;fdS@=9*Lrrh$1PhlvGtaL=JGj6si$N=@}>kJH_y}ihYm<4p!CM z(S}?H2D_2>X)Hh0xqEN)_1crKBl^Az{jv3w>fKi?J6kk+&=d~yx7Qs|Evc0OCP>v! z_rs6;m~WxC^a-g>36?(ox|hAp7uYJ_yzORqE0l<1OO|%m_I=9L#jk@e-|9&hZa=-` zNO(X&U0_Ie8ClUTmO2>D&GoBImfw~41L}2!VL_UYqF||nTzNcw_pQz!LihY>j1`*H ztvCng-&LV2{%n5g1%gwEr0WA!?V;T`aKUi0qpq0@j6Q<4p@`+6+&yO)GHo6_^RxMwv#MX1%3JxPPF$xX$yx*Ryt&Cx%$~-U42|A;)C=3>f z$HiU#5{z&^!Z9MBF8elfUP|Eo$}Fd?_BLee z*UbeN*8WkBqtmaO@W<^+ek{*NO$p)SkQ@YI#ZDcQPt$&Uh|e%Pr~OXBFF@w90tn;| zsv2G0jKKNead$g;%T>8tI6X{YHI50x69;_jh@W6>EJU}K7mo(LO}*Sb*Ug;l@QF5? z{h;w`;*mgl!So!?G34#}R3WDQ(PEvoS@k#U!7E7L>Y9M`OQSq2Qah&Us%3 z@$(r?Q0@8i{m0If$DHZ-`sQ}I9`!dd?~NeL>%&+QTzYZR+-G{4TGY(R4o!ZCFv;n0 zA&kU<&@T?Ku8%Mp7tY$($mjLWC`cGaN%Cl?D6y-2umUJ(O%}`zC8-|%p;-oR>gt4> ze>sOWj9FoPi8tb~xOc&|yvVL3&+XbZsCSGL3s|Z+HL5`Wr#_K zX_?8I04jSJe*aTQo*MdNrXMo$DegV`&%BGIsG@#wTSdxab$UYvyn4`__r&9U$=J_& zTA&u}f?D+p!O@=RtHH1e0rvmQW@duLNc}YC4xAHZ)Mkd;BxV5%<5?G-Xr_8>7`y6S zne$e^@*~5JZWATD=i`rnGL2B*fq2=!IhW6XNPm(sGuJ}2k-x2kvsZeAB@T$UzYhjV z+m2s39uko2+rk+kOHiGN_Y*ifQ*7V9cxXC{GmHdp`WbXCg3oPa;`m7E zTPq{2$RYqk_F z;)NV)ElTF6&xhi-z~`^*k>D=i^*Z7;iza}PiUg%)+U3$w0@L-+aQe7^3s0^0ChuNH z9^&((K~Sv%Lpi*mwqATc3OnQ?6I5{pn#3Y&XgnqX92C5a z#I}(HOkhX@6RZ?6;#hUW5aX%wZYJ0^5RVTs{Wgrl6sBOJ7BLUBZn2n%NGuC_IR+Lj zY?ILhdMLChB6h7(DhE14xE3^*i_DkQEW!|>E5sAhAp19>DgjDv6e*n{G)thBhD*ZY z06`BacqZ8-@&iOlX98LUni2)zA1;g|!lR=|hc~c8!rnoRyB#Fpy|&Wapkv4g$AEmy zOy*PRYLA#oqIx-E0!hF%=>29VEvf=Y1YmhWVJw#Apd+T#Efsl!I1@z`4%>Nhzn_YR z0)y9$=of%%p+HlBdBbS+esNvnWgq{ly4W(>Bcz11|kIl zWkZDH3rP8X5DcesC_F5D8UC1U^sqgu6M2Bx2^mkMGDncBC&iq|g~DGzezJ*J6Waz& z-SAF`5{eM0G!+4_52`g1u7!zJ8>1vO1%pF^IkQCUQ3qX!bq56`Jw_7efUYzn48Ax; z%LQ3jn>px_ar|UD8+l#?Mm&-UmmxfQOcCM^fSCdiu^9`pPdW@mLy01ycF^93H@Ts^ zi$n^;Z`q+c4c-Kfub>O#4~wH@o}Gn-2TvS!JNZ!lg%3RuEm?|Dh0GzXi^((tO2dqp zX*c}UI&4+~VpCXzFimVRd5E+iR&15{$sw!E&gVFJ@HiqFe-RTS)1e(9fro4nJN_X+ za|ihnKlF0@JZ3XnZ#2gd%4lFN;)2r}l0(Mm6aNk3`3*HELMQOs~;SRw@WaHj0Ma zG`k^)MiBua3?Es@ShAc(bt|z-x*uxrT=`YaDAgvCbU8t4_laDj%F>$8jaRwvu1L6j<)R2N+x)&yvAIZ-UP%20ln zEXenQF1H1I2rAd>)u}CRXz&RF+dj(TjvAO;36m3*f~boPlv{!E4=r`T1C7zkJVKWa zC1UwN_BbNN@FPKFyi5>6(JQPK=pyNk(I2m z@f|D%3XBt)VUhSi49LJmo_Gh^?2bcJL5-nwen(uz4q)SM0}rp)0PnHhC=E!^VIkxj zad@rPLBIfUtjia)!o*VT{y6*#d3~E1gN)>g5{MucjKD#~GQUTKvy&7$u{uCyvjH?< zVynNMQtVSdXl0x)?7aP|YsCi7OUk;4H|%dhH;|Vl=D_ z$gU8#imBC6@p2o}#ieq&@i5QGi06(PA5NTaXFp1NX#Ad#R4Xv z;N^mVI4}^#!wOLQBhjFfN`MG>N{Iw$D=d_N=cAy2*TMrzv{p2h710BOG*tq^O(aNy*r+sy zl;!YYP=0QZuGOJUao~J2xx_pN%@Rg|2)ta#ASnn2hR7DT)1!PA10pk!W~QRTYKs%u zjtE?j9tYJ_wh6~zh{GXBOt>fxjTu^aktke3F@qqXPZrkb2@aDJuOSFRXl@7r+A_^f z5L?t~hLiXe){h)c`?2$I-D zC+H2kOcafP#4twjJcSV-XYv_rl#?n{;UjXkh%FU~=xA?DPNo8N6drihxip#E?4ks% z8avhuHTeMGQ1K!Y79#=6Ct};sXgMwlR+(vZ5QvJnj~I$!EPSGjsu58@<>(&*0~ML3 zwP8h3C1M#to6jCr>J&zaH-d^niYBVSVlZ3}21Uo?S@bY8Ya>^pjR-;723|-+E(yjE za>XbTK*|y9z%|cu;3#pUK;<=a=w`qyQM@sJ)XqjMqycQ6QRmkH>8x0!RK`qp8&4}h zHcy=@8jQ#_Xbn+rVG;c}hQLMiB96AbAjg}D$*cZmCo&q zQY_F-Lv>r?Vyz443*lY(zEeZza@9@)HS9OAf!W&2z=dVdM#Lf_chMNsBUX&V2dW3L z#OO65+oFVQ3rWl_jf~E4#eEVvP(d+>HjSGf@lrSdIM&Go4hnn^KoANMOaj$wQ}CTp z3_&Y{)j4|C{_rX+^|(sLAfUgJil@aQ{h7k=)NEZ$e#THicqdo0I+~y z#&b*%jC)l^xdxdA2~W<_Yc&MGLINtzZ$@G^R-7G=T11XOFo2Y1pOej;S zGLxggnX9Hdh@iC+*Fk59Qe%z@-53u8i{^6BQnQ7w>@eO;RJPbawH7Qk}{LZ;D8x1*$7O%5gQRoktbIVOy~%EV?e0Tp~(V2;MYxn8;i;T z2^t9dNT971cA4mr5De;689@q0M9^WO@7k|)z*{f^S`*U9jV`_12}Bkl7gHN06ErL` z$s>y!)LOI#S)i&QA&6CS%n_myt$^|(;MFADpvr*?hQ%~Lbls7qphu)J{o|!8c~qlX zt3=0G_%I)SS&WzYk^kXve4rI1up@~3f&76h{eSXf{!cFjgdM#)`0Ix@k$?^?9OA_M z*UeGs#UQf8mS}`1zT9kJxuX=gQ~!E1QN01QOqgOEARUow;M>!l8C;$OGHR=`v00;!#M2M4$C*Um9kienxM*;vCCt6uN z1u(#S)UfE7)EJI#!w?l}6f6m9P>Z%BjsZ;siFhrW0Ss*f=;_B>)HZii4H^g_d=d#M12@-!mx!(1CAqwep0~A0nL1vO1B{fGU&AvcwqG7TpN+YWRN5DpjdA-k@yVc`9-^gq^R4?RD^9zn$rqW zBQ&UpVe}!Ig^9r-JGe!RMdQRYGD{~2LRQ!ZRQ*z#12V-}r<4t82`{9bPzEJZOrt{7 zOcE=gbOf~v77tt;GEd?n0>Ymp_J)NhF2%v1_|!&ikf7oUT~eu+XQNxBUK8I;q6@@M zv?3e>aukv%;3kRjVyjby@(1YzNHtM(%s>!M7mguTDsfSe(q#w#iG5WNAo86KztN#( zgn2HL1Q5k4sKFcX1SdS=Qn}scCjp-=N)9MGARq+YQ#m}kDzApa(9ty-;NIha`INHw zekqe?cMut3t!blX6OHNUM)RkA_a@pumOJ!IEVO0QbpMr%P8gbr8 zVH`+Bd&AHf3M5lzlNdRS%8vmBSGtR#R=6piDAq;wK~p0ULr{ZA4UPodPjFDVNf-qA z1h6_xo1LoyU3;lkA<)K!e!EB!S6MZnIBYTd)pipL0P;L;kSe3ZbW$3XFXPBVMxzgo z#M7Z|3P5uKKGP_|#Dg4%k!P_(7e5Vgs?36*%*+YIv})*f^2;qmCz}(J$|6!38k%!S zILJ6ys5k>TYQW(mbWzY}3~1CM;Q5e%28SO>)0q8qPdFa*X>AUtHUzQ(JU~rwP((9G zZChm=&>^6)r~#z_F}PM6O@ia29e{`-ML9k@$KeIJUy?3h#Q8NWyjCt|knN^0P?;gJ zm39Z+PQ`*`lRw0B8BxF$h4TW|$1es+Di|#2fqDR%5K|MG3K__phMW;T9@)fMb~@2* zpoGX;ryk3}i#1Ay52Z1NBQhe&NkVG{Xq{ceU<8>UaP9-~34;db^x~wDOvg!}P9gEK zP<}qB35h_l4X5_2WJE$#%?AbRxQiqXMFY|Zhc6Zcg6MzZHiHsq(s+@G*n|=T?K0WU zibQoW3oGX10!sq$nH&8vKUFW+gQ&$nYNWEW7*I7k3(7UJ=2meQ%l%PAf^ z2?dsi8TAnQYh#;~x%=un4bJ|`KSDbvU^)KMtcMdN2x| zix_gKEjWSGK!_W3D$pN}!GYr{p-+pX0wpZG8(8uKL8BlHy*Wl~fC29LTTD^Wwm#BHNd7-o$a$Q`j%kA|p3I}yK$?#G1UMm5famZ6MP4uLK5_yNlr z<6EgDu1ZBBpxyeYHLO#TxnYxmMHLx^?1(Bxb}~qKgOg3MLoY7L4J_~e5K|KkFpdBt4)L5i85}DIKPm0S#)yah+F=!+{<+*%-or4+eCkkd6xm z(L#Y-t%vvQ(9R%%@qlMXh!MtuVkknej0{kJAOq<*kwhT5d@3S8N|W0NW&xL}4M-7} z#cWrGBLLAb@w73fSgr$e=s^?MXsaCUr-O?Jtax6M5BL&HL`BpKKl|}Sol~t0iger% ziHXKqu{@8;AyhzUp*QH+e49MXl%lNxGn$M>IY90k~13mgr=<;B_@Ezo9t36d;yF;RU^S#uyT|$CdbmK zF1OojfWCb+K`hW&QGALe95cv$Mu4A6ENZ1+X$=Mg4sKAdlF>nG0?_?R6NnOec*KZ0 z5>b&T3uv-3nU5nn^X3(-=g#;8$5;(i`O%vOP=MtglR7bmC>^2s2WiR^=Z8I>Xi z(4dK9*IVRJ6UBi9AaeRPhQvgs6Byu``fH2|LTBJM_1qv3cp$i1eAV=f}e z3iRM8i~!lctyT#E$>6e8QVpLJvyyNaoEfx}&>m>WN5{Z}1CpbN&5zdl=on3aCo_97 z<}efEL;>#6Z$$aSQM5?nS2N==&>RNwX8{2Zu8kI>M=5*+o!3K<({)-8OKr6Ybb7zr zM{p?}K_1Z8!og+G_D-?62vj{$4&Vatxiut5mq>gB-R1 z-^u@%Siu9dO@aS?tRUCoi8cy{AQ{3y4++GF=;a8!9f=k2Nahn_1;~7&#V#|JBX@8N zYP5jOGmt?6QOFIsFmZq(QT$x14bM>HDS9`W0DZKO8Nia5B88s}WF-iI5?L@T4VnRd zJcMQ#je#N8aQwKC2xz3iN28)W0<~C)Vn^6=t(uHO;B)~3S0ePp z5L5$xLQRxLVRBo&nH@57d|{cK zK!)}#=;$UA?4Ywngz-dSZ$zvQgQ$&P%-5?3T6&BP=m!i|M-T_#b4XBool&!y7ey&; zjtBH!E0Wn-B{JzHNR{|@K+F&sm0(dixW>9D&Jem%t5#zm$@24o~0&rr-&+65jNRf>T*6@%=nMz4Z~Cx-iD?O+Y?eakjsK0h|qhF+(bH2fTyhD5k&#ygbll#HY(Q~zf{4F&jf-BDrX2H-`j(#v(UsSeSo+5*$LzMTd%| ziUg{v7zS|cFfDu!I?M|JHrnF|Q`tI1Z4rLe!%zpIF%Y_i)o3p;_qnW6xak3pH3l4V zQe7CWk%`d0nAH_RoCR8l=!?2+Y&v)|W*{|Dd7;}%K(KkKdL;@#6$-2`W(T<)j?-pC zmbDFoIGPA=0F}=+@S-j>D4?r3LJZzPu*!L)fS2#&N#Ro`Q5pbuAG$&q6tza)+fmqHq11y{sIY2}ha-p@z*gyLG8EnbXYFFCVN4ZOuBHImfE3^5Cczgrk|Dof^rZyD`CvMds?BtR7H(`m3kGZC}XL9kaS4H>AM z7_>$@lo~0Q2o9yjZ=`aAA(@31)VTE_9hD)CBKt@bEsyYHL_iO+k#Zqb&$Iz`BXU_v zs!@cp@LhtKhGJ(pRoWmOPnP-I*Z|oc(FMIyfq*Epat&ld7~%7x#t2a60wHII&H`uz zgU!!!sDx}t>Y`#GIV@&E{V+lc7~Dd%(9R=jY{2RmkO3wxj68g1g$u>OAjT{P^?E$u zW;j~7MBsc6S_MwP0rJgk7T<{0kOTp+qETl+L;%Wguig^(7`-N<%WIc-0Z<$85`eDI z#PTwgHauHFLNLQr7X-P;$U1}3;&aF;0TkT;8qPY3Oay5!_yqVeT||yp3xzP7p2`Qr ztD6*Kv5>HtXBUa1@IOibN`(}@-EN8l84yLOWI4|`@>osB95(=E8GDT3#fd|X2i6U z>>w6GfEExBD*zS%6VPQP>pr>K!0M59iE6tl$5( zW)1JVqGp>DiqVWt6657Mb$Zp|&?)lhxKHasW8`U_W)$rncl`MAkB{TuJ}CC5HK#Ke z`^62M6b9pbodz8`)crnw_mJ1`C!rmUG&DV z(r0fM_8c|o=VY8@bo*J#DZ%>n8Hw=n=9YSUN4UO`RyXh0bXL91lWRLv)1IgO-h6e| zg)MbXSJj)qD{i9h(;;D=dddy#{n5`0XSEx!X)b(`*|c%G7tMBK&#H^PL>{aHHzhCm_{4sT>c>0Pq{*?j;>H_a(E#~_d9UTN8 zXRlfjyEwC6y`u6>$L0-$kAEmfKTj)~b2ZA`HaS06vW+(t?@wruH-Gq)ws`}3HMMSq zcbS;WlsB31;;4Dto9;c~EH2LcfY}Zoze|H7O-vqIoVX0eWG)-pNTN267{;l-QPu~m`u0lmt)_sqPy68YEzNBWj^WS&LdbY++HjGD?0y<2_m z&ADx4Zy+bvvKLLRpp-uTQTwZF+a&(h6+i#VsGS$_jO$BV?(~i9aec_w^VqFd|L%9= z;+(y82khN{{pm+bZ}y5u`*3Zl7wk=DU+9oPuR9U0I!koOG30b?&xv(@kCZ0a}e|1%szkO8EfxeE={Z{6VcE3kOFDAVjqOGS1ysa^HTit`T z?$g-g-H10fFk9tv$^xNtEB2vCu^ZCDjE6f!)-+64a|wC=yhr{4p{?!OZ?IflI=!~{$}g;f)uulmU2XEMFeK@b@$okKtEV!hhF?n zn?q=5m|hy$wD;Ej^pOpE9G&x3b3p(7?(ByLqC;o=7((CQRB@y&f6)=kH)(b0h-t@F zDet@Gb=q)jn%s7WadX-870*x9T$;^Z`^UfqrO)OJtRFu!1l9Pp{q7V)vE5o|X`P9; zmtS>I?-V~f)nxkEZ%fJwV^ep3x-*mfoEIfc+kdRGxF#}YWa7N3+phE({^_9fVsI5E zdDM=sT|%y98~XQna$-iU?9I==O4l#g>G@TZe5XU%$+B~Tt(*;#{ts$P^Q-REL{LXU zBd$G*bmT1Eag)>Sakx)eR@PKMvSvF^gT;1XQNP*f8|~Q_6fZoTQGeDMGiJ=@(MLAr zL(vm%$@H{N1)I4ilis22m?b;-(;pPjP!A>!7}}uc%S_AL-dh%*irS7G_Dr37v8AuW zqfn(kxL4BjSJIEun?sGZEtkI-`?6%g%$!G4c5vo^c=-}3KC)xuT7TGZ=5 zZ}htgi+Ant`iB*Bx9p$aeNVR;1By4UnfmiQ@5SA`vFi84#KZ&UnZ;WZt9NS!+4oD+ za+f4mb#UCHt=RNg{U){d72k)Kg$JxHZ*+gOP>1bQ5zQ<+IZ@MV+{lSj7tO5lzIooG z{a{VQ1?#bz2aDHf|J+zGJX%${>8|h92}N1(!-Wm9c^AX3)5nh9DSKBb_&aM{*L4jS z>hl*4NiQNrn%3=c_UHybe(=rfq2bbPyn=Ej@ppqJ?Os0nmb^06+<4sZiPuC#C4Wuh z4T4d7>xO=nwA7wizGX%4h2+TJMQysT*~Gkaf2ZT#z#Ee;>hJ8&k2voxF)->%^3{l~ zxPOiFWSAuX!Glh;nJv#(l@^s>?3s~&`Erx&>}+mhVuR{QH9z_}2er?CZmW27p$+O; zheJaOw`f!onjgp+J?F0N&qrq$_YQp9Gf*9W(<6IB>U7E2!HL7LZ?7f1-TwQ)eCoQf zQ=R=AtZh&kdi)S&U7A$9+q~y@ zv)-%gcvFqZiG&iX+U1F!UC2yaPs%ZMPf92;HfyBFiwqt=Ib+Qs%A+nF2PpHJ9(Z%( z>e2LIO~Zw<{Y{tBvqC)uh}nKwENG+jV~_V_Q$d6#$`#Eo-Kp ze`e4`4t)PRQ`$Xnq51i_{aY;~_8<0r+wINmrg(;&TPj0to3%aMw$*aZM&Gv4Gnyxs zeYltWd8F^+%I>=wv@4pIqj@p<} zv3ljf-@`F)uU(&;)Z|2bez|_1^r3L)fz%w=#KEL+cN^BcAk0rl-+QFGGiPZ(%k%Z0 z{+#>zZBM;(VYvCdi6gd`A3d%da>1U_^WprmKi`dwl{cxm(nOw{vSH!Z^TM_w(LsqYfQe&A&HJk$U-T+Jn)D7oW*c)Tx_% zny7eC_^oT(7o<@6^(UdW_0#T~7v);-jnr1>wN9T*S<$8L*9umvo0gyQe(5{7YsT&B z`}Ea-jcZ5l=-({kfoBeJ@3=qD=Wvcpd_O#C&y$V`dF}q-{^cChqq53F^Oam{GQ;!b zwd`B^vrWA8r?*7~DXIix>7Rx^+nFYrf&&)ZKS8=V#uOA5}aQcIWt*}CqK&b zi&Kex*RB}M;67{_xOgl!sn;ciYfi$7IRz)~mzZj-kDkDq+MRyHpq&%_+Y$47)9(Ro-RHU(B-Z zAMV|2O}#~$A=$z_ef_$ixcK#G@Y7m@Q}VhCYGA_7IJ?91hdJ{Su`gd=U6DSgw=%Ej za^`f*8$W%xQu)YJ#qSTOQ9gN2MasBx zPo+IMxWj&O?0jkSBG%z-RbkQNN3t#X#1ZEo?$_5XoZ5U-V%qBo;9v}1lb_pr%!szr z2K+f3e8sM!>_4O}+Rqx2zVz*chx>FV-bwGdH$VJ!uJ!PuoYWb+Lxvg2Us$s9%R7#{ zU61)?>YYC4wvUa!{Iuz$H}~L~9M|a+WqT(+8ve5steyVjlGsYTzfR4Cs}C|~J}6lK zWoTbxe_#3dE~ecSMfJFsBU;Wpyk~k^{-Es9HAhK(e7B9>FKcHncwJG^NAzXm(oX9> zp>mea)}QY8YeVK|`TQN{*XBGwz(2J5-RsZSn{~CR7VQr!)B94yg0!-Gxu4G*pLTQ1 zfmc_~hPzI0c->iY>)E4zXJDi4`YyGVdtKUQ_9L!+L=pNlaYzrvyOsScJxq+B=RUh0 z9`(0L&+T@m=H`RWuEH*}+x9olnty#N??C3w7I&*nY2uwh@}70YbFa^R)2HlRhk2!s zdO!Z2Tavmcl$%Ie^6UGnv>ja=9UE!w)HU=gYt`#^33;5<_y@||lop$sq<5uu{G%Zf zSvX*w{$m05Ha*udZ@wwFUFMG-&knS-VT>;mmM>WPGn(<4w&uZ~{!_nu+-bMy(C4Qc z@I4$S*3CX#``4qzuU0j$&8$hk(?|UH{-X5rqSB{Ras!d!6TK>1zg>?vCdL=8n>wmp ze_av2q>Msra#^c0eNfV?Gqg?-Wq=QJgZlF)#HB6S9iJeOT6dn z)Si#+i`@D?XREGP?0E6&eNWve&-4Yg6K-s_lweMH@toVQoL76FA|7HAp2qekQ$7`{ zQu=fyh9Z=j;>F{OmTPN{vJCm@~4FOo7cak;l{fSsTXeQg^yk4GgnGZ z9G`!zR$kRpHKu-Wtfb$%j_F;f?WzfX4Q4loIHdIhB&0cX=Ju&^9blPuy)&}Nm{R?v zU$;jU9cOKP|5ns9w!bgM^J>N8n^PJ03NBd$%~0=4mM>oTOR@RVm9xb&XO_y>%vMFI3F6p#86ZgK_l6i60 z+=cqEwVIg1RXB^PQac%q-FLO>vUE>s`>v1N>}m9jB<9Pl9K(nP*OR}V4;TxU_RL7) zY##nwRk35N*LrR6(J#zPjn?hS9(6Cj{e+DL4`WNJrV{^3`q$;B*Om0j1{Z6AWBRs? zlY?5PRWBGwqU~FEuKkvuKOZy|L>x>|8?Apt5aZ|%BbMtdgZ>832 zlR%$Bl8=6#+VcFe>~DJ^`m4ngzqZ+h$?%s}b}m|NdslHYl-`J##q2kic|x#t6At#E z%YU8g4MC-E7sRJyGLt8M91A-)190y}rq^_p|E7r7(jc>Q&Sa3A`9J?CJoRsXC3* zuPS=M@1NQ-IlroOXVTlwdtgQyuIbW*-yTJVDH9CchUqOCodPrZkzr1xk4IkcY>BM@ z>~yW+Mi;?|H4*vJKyxL`;WWYg21!j=Jkam z)+_S2fJ8=qDTJ86QZp};8}5dia(X+nUb_Uo5XM=`+r?+Mzd0Aa8DFevcxwf`_#xF^ zfTabW9&HHg^LeCwb^ZK>MP$j1HVMIP`3rjyCIPWbIS1MU!l)j}fbrg-ZT z620z0@#t|Wo{qNVoH_N(S#X}39iwXddzzP>%zuWdoxY?oy)IU~v0@$`7U4Ad)%Gxu z3I@8CGP!zv9wb{Vqc3zyXwHJeoV`4q-UlwL0v2y)M@gRy)&vcB$_0x!DE z`eWv-dgjf@A^*^BAJ}x|QFzxpsqVR|uL*g@sr4~=1O6l-51nx6A8nD{BNfIf7N)(| z)Q1=N)|{5Nv{T9oHk5z9?l4|jBKVl6|1kO4!!AEwCf+t(X?tfAv!=pRl-EahhQ5E! z?{5cNZ@v1{A!v|i=(nreV3-Uhk{()|bVGiI(5bq%ZI2n?es78|RkD{1PMmSrH92|5 z)Md77i}0y~wV~0wpWR@u9(?rl))gBM31;tU^Kzj4Sho+F5c6bsU5g~)z0u0+WoN)Q zfAQ({!cL+dx))m|4^Qbj^jtDxJms$KPMfUwu=3y2B2MbF&HWbPBYER*FzyuZTnZ6( z@rCbq-n}3+nUuYtx^2gX{R=eqnpQPmo49!9vwKGDSd30<`8q`HKVW3R^8TkDS18^V z9yBMaEB(}8;jw>TEIJl!`D@Luxs3jv-l1d7hh5ejzfFFzU*GjhhvZ$p3|XVXE!>ma zcglBcdK`dBTP|za9#(Q+$e$jCNAcfF8=}=Qtw~-UbO;-$DxOe=imk)1TFN<_- ze5(7!#Ro_0rp;Egxin~$X!wy>i(fmg>8gKKe;#sd;o4c}I7?nuf6iKo+1UR{y=mfX zW_J=Hd&c334L51GbUd|o=JtyxGukyh{-NKC+=>ROM>|>t@>i63^V*0XOiKT~;A;PA zl6`W`Uo$5v$Mt^?EF_bJMCXUqAJP-^CJfu0cgWSgdR+8n((SDUJC~;aYMDOjWJaTD zX%EhRnrK;!i_NhXgMH@2x3+^th4LZ`bU0;uk8$Z|BL|F^%SsA~%{!y&3>`XD(rZlj zbXmV(@lVZ>Q2F4@yN; zsFv>L)FsA&Uhf_It3m1pm4+R?Shdt>)sGGxV+$x{H?Ch=pIc|J_7H3AZeew8$(jql zlAlii9{~b+%th8d>)0gXuoiyWtuMyaO^V^h4Uf&bo$+9F z!L9Whuhc@qr2PHa2~Uou_fQqA9sNDyyxP*4O#S8C~Q$GSh$JUhT+- zhwSJxBPY_QRUWn)MzzlPS>9+t$>XUImX*)vJ^FCymaS|+!*PnvCGuUZyA(b=eML7* z`gX|Nw|z3orKCfiPRbvGHxIk@zn(w-p1qHCJFzk=t;qp}e2=2l*crzRt4jYGaIs|E z$@X3A{Ve-_w$abRGfkB(r#+mp-*l^+SUBVQm}|wm&Qw*JrbNGgZ9?tw?Ch#(6U6(B ziKO_ASKk+Yx?8XQ#5bppXS8|^sGDblqQgSP1p}FaH@lnsHv^=}{eQ^-dH$OL^8J$m zn!2b_RT<_L+F=-Vqfy^s1ls)VS>K1v%Wjgs<_9tFnh0zl8*JRsmM;}ks%Ln{k00N> z`>^&!r!p)X1AhP1-Me?UJ+oz6Y3|DdvyfEsetb!uSK^+Y zJ+%1GTifdoZe}q)cRzYsS1_zK>>G!sk z*m&bh{?XzepI(f}u9m(YA-FKFOVx&V1?QX-J0J9RpR;`TynO{d+nku#PWAV%aJRFC zs=cT^V`+y2>Tu~r)U(`4Cfvb8tZzxn)#!x~d_uB=CJ!=hgX5a7;UZA1vOJ-obc%-HN^6S-GA+ z`40#?pI+(GBK7f<;g|b5S8pkZj^D~(*Rfqq_)XWuW1A!+77Xt9_4j9YyT!Xlx2bM< znDr~XF7f|0Rn?{7$;3HtcOMaQe~s;4a`n}V0_@vM+is;d$qRHCdZj|1vqIF>v{kU-O;w|Cj`aq3oln(Z1qSxdi}V$_q&f?z6AEXvhT%>zIw*B3si1ky;*zo zk&yc5ZO6P$(^$sB*_m(GT-eTyT&&x7(O?sIM)9PjX78cZnWsPe_*MC>+1bd=Wvzd% zA~l(?_V_PZz2uaUrw<+MzX%c)m2H-`ID6FA;z-J~{BS2hP0DZ2*oL%w%adqHxKjH< z<;k_a@8=|t6G~p1vZ_}#WPA8cA79?FsOp&LBzNV6vOX%st`Dh$y!hYq27N1B-f*)b zrT@IcuKADz`_iHj{s3OQ?e9U`mv%cgpm>tExJz39w*7?HI=npfk$8TMDrKMk@gGm} zf<4+P-E->{y~=%d)Zcr7yJ!~Vue=a4(e4>DD>EN+cK#6luk2T3y7t?x?4m`DFU~Ky z)zXGF>gTq`XI_zoCcVjC+WFxD!nEP9=dZTEUh^DMQ*|4TwQs%mKeA!5bvFfT>s@&t z5WL|nTH8y~$0#e`cPgXn9EU}SO22cgeq4(xz1c7C#`}in^4yGTt@38H^3b-d%b0J@ zx>dOO#BJ=PnlG`u<&E(5yQ;EUCX)^*UJl`pN{(dvz=fK;r#k^!RBx2OQ-jNbXP0JWM+p4sVh=Y z1DNiUPftp+Bv%KN33_~Bb}y;+*3%|Lm%N_xeC434l$gTocWVS>Nb!1Ueut-aO{xI zyPa@!!;rL5$Br#{`#ZU#GrqTIX7}WdU-Yuf&$7O~{+Q6>>00MFQlmS$zjNy>8(uD7 z<+{DA(e@T4b4NIq?;qJQEA_zBev~r})a0j2lV2H4o4%WFEKaQlLHEUlkQl$y#BSU~ zKJ37%p1kMOJ-?}GQLy;H!>j8$@dx>Dow?DwX?j(*tnR|nC-WAWhpor`H?2nKY+wAM z=6rFZbQxp*AGQcO6-Z@0NlH#|1*P@v#lxl=@@a}Lh02riJkM_ zUto^SxEOIO`Iic!Z32a5-vFGyJ1$~}&;z1z`6y(nh}ly!epku~f4sOs9I8yEkCM{h)iaa6q#%wABS z8#z{DTYt0$HzQ&_GwExkaHvzWzc#s3p``sX&-tmB$A8;^(==^JQxxQ89$x%n&G5Uy zc9?UX-aVPh8I$H``c0FvYf$2C<0R;3NA6*JjZkcG`m*cW(glq-&M43KR`1h zxpD++!X_nexAjGh;*#O@&wulDvweB1^Q*RhuLV>L@xqX&*UBX$FBOd48Pp73NgDL{ zd#AnC#0iHUjLA4H>a$bpQEh2|wrX+K$9t8z;mW(P&P7ead(<1#F>Sl2pQ`-n*>81D zT3B5CPB3F&VTNIE0%YeRbqd- z^2M~DXN~=PIc62VO8k_tgAo@T|9b8bZNdw;WxB0!>d`Jw@|-8y zTyVgOR)^0%k?hE7@saT8bVuHeC#E$}-8ud+iMmX)qH=!Bvcxk!PyhA`qwJ}_aVc&5 zLD%$N>ju?Aw)*c@g_-9i+qHtPe$82H#ecB?Rd1%xH=as#Sk4o<4esS6jGy>%=!w+E zuLtq6hdcXAuT4Agv1HxYKHYN9P3YFrrD>KsSuv(}|DN%eTQ66?uM?}7`*+sX`xV{W zr7zva^sO6^)4!l<_R~WB+Pz6-g8SW$E$({C*=*Ehb?U`VYdT$LJinFPx#%D*r@~Vh z={0P5L8~=W`bu`pZ&7pq{e>yn8IKFbjLmSEztg99ZhwYiqjTV#?8G%C^yh_t)Hc8T z2fgk|$e(0IE}KRxkZms`lH0Bx>%g={WBaWDCZgdbLKG-;>fp)8LYua(v#R?$guHH<*>vdPzt9xRJ5HH!XJ# zS^ahIzWF<|(l<1}urhnpug7rAblmZCsrSWO5;kn@?ZUH(Hn4kdzTfeF`MPl5hTNCK%8LRW zM>tmKMonC@^)h~S>0W35ITQ12Q&8WtcisBNBen>hyxFdGsNz)cB`W3lHs)M%>9~`Z zL^NwvkI=7OpGRd^uiNo){h;?b&t=ckYC9q@j{m?ah>Kzn{y7d75Jyb<{iWa9+;W*~ z!>Ea`#wPE4oK@B}d6KZ%k3JdOZG$#{T+wUA=sAP(a=JEF@H)&b+&Ny`oO^$2P9hfD zx!uM)r?xmw%}Kk{xx>YiO=ELJJ)iY59;S6E|T&eB+3y18&G|x62FIyz@RB;q9p5^CIz0hF!NTEnED4!^oXeQlsD9 zy?f86q0R5p@reuHbolX-eBkZng`<}KF?-{oW8d$zYkQl-%RX`C`yiqG!3O)_IU{ab zJ`KN298<4owUN63N%qJfk676LAYh;7c&Zn028}&w?7!VNsp@Uh>dG<4-$st#EQ~d+ z-kz{@`;(okg(-_|hEe%{?@0W3^w!e)$Lbykcgw6Cvwz(=?S1uz(M7h~u=kIikdUL< z05$)UwYR5r1mDlmyGP2q6Bj1TNw`SOH{{+wtY)T}Tpc zV@Xfk#H+e_&4woAeVe%KQgr*y$%l&+^@_Gf6`gOb1;ESzP20=?tuHpU)-)Qj;OyMn zC-ZajI;<$C*F7u#cg(Ywwmf3?E^{5;wPN<%dXn}xD_gD3>(}95?9PBcJHu~|?N{dN z9K#h3XpncE@D1aGbWm!K?7DF2)81jWUPe-Z{(<^e5kEt*HzM#=96MHEnVhdkM?c>_DttRYEzv^Vv-Iac^ z6c35mQ$Mc0+m2ke?bR)(<$s+k{NhYU{@>5nJp0k5@_pY^cexwpSANN;tsW`eQ7{Vu zq~LKUr;xx8I`pA$wrCQB+NTn$BSkm56;{7+B# z>}q*w^ZzCew@lt%mKB|tJGB0el+P$6s9O%anry|JjlsI3J{@b_u0&*ctT)#6~)I@yx}>8+$gm-kBw(g}Hn84PM&@8(u#eVuk$~zXr)Yx92R}5k=5E z&e)gYCod*K^w`PLs^s;C4$0#avf|_|04b<$+hhCi6u=yHx!B{*6x__(>kb4nb2a_K ze{xDX{tnyM3Mg*sOIN>sM}FLnaYcFeUAIu9Ch3lT8`gF!YI?3=9)5~R@Ro+!d$ktV zUA3ScJX&|a4SrErd5Nyl_f;4M>3B|RO3 z|74w6wP`Pse%Mo4b$ZF2$oJA6FHaO5Ef;rsl9@QJ@xYk zbp=Yd`C(`P3vhHp>mdm!Wx};KdAnZzcym4wOnkH8S;yD=%c@&6B-!POKLm&q~?;PnjXL;6NjB%fz zu!s+QJH@*v<@i)N*48f$Y~`ME)La-d4t+weu0V5WL>R$Fb^64_czMr+O0go#a&y6ZN;U$dB_%W+vc;eA7 zf-(Vm?C|icn$BcThvDmv=>R7LnL*~>$FEW0%S?cUtSi`&8N9h?p!H8zvlL6}>zJWq z*2UuwQqX~Ob)FoHc7!mBnfsy#l1y`tAGuI5Y5jmP+v_z>A2=>l@dH2sd#=8^Q2jb> z5df@uEOj5S<6QHPDc1$R;LCrO(;g~PzW*Q0y=7RHU%U28cZqb1C`bxOw+JYRbax3z zcTKvKRB1^;Ksu$FbSoj9lWv%kZg>aJ|5^K4YaQ>gkNt6fQ3SmE9^)G4^*hfwkor&& zgZO+xGWWYZ>H{*muxE6mV{|uLN6aJ~neIwF2|^WGE{A;xRi@s3PnBCw%0S^S5{mIFEV!OWbdQ{lGLE=XnG-s2_Xzv>S zrHftdLh)O&rq>0}nVhxT_X~%llYSWc^l-hi$&0PAhZ@xUmRB7;XAVmh5H@H?=y#xZ zYP;_v1JJDNGwmifP}(+tNt1Fou7n2M$F2zLhbC*!(I~6lTNYu=v$)a=1(uMI2NOE2 z2{zOPmxe43b-syrnXP$&q~I%h{$ASPaVwq4D2;FT6{E#=b@Eg#?{3dKDIh&&>z#bH zo%}bv#K_UZ{b@(Y2bZXT{Q@}q6p3X+bv-*A@E_Ori+mt$cfcs6@ z{aU$Wt^G|7;`Bt}_(tMt_)fytld$p2!+3<^bK%0sCqP1sQuWu8yW;VB?sE35rfo`3 zy){*f%Xp;WvAkAEATenXt1ry_N+s<~3pCW#%7_oio&`>vqB^d(+7IU5E$~8CUI1Y% zBgf**FDsSG?TAr9?aW`nY^{q~SzBj4iZTL-{mzgEtJTNMt+8pasZ$O_NuX)49D$^# zCk5o`TP>d#VzMGmmxA(1*SIDoCg(*TxM^TM7&<(bp+k6F?E3ulRgm>;(|UQ&gF~Ub ziz`N}8+n>JcM`2qgBU(YQH)%GL#g88tUfQ-5!w9;)g{=W@Y^N9ZkL};kRTlY>f#f8 zXXBB6+fxM`4Fg&+%SRsHv+JC6X+1 zg?k|kX@x85^G{P5bVPS|G&|>l$?Jo>t&XTlvsJ0@#S;!G7Cw|Uee}rXxi2@OHSMOu z1*(r;Y+Ln+TNe(0t@Zr#Ya@9_oPDNFqxrY`$kXJ^`kfy$xMx5{#=8r>D+~Y<8ZUsl z8i$S6o&#|0iF%l59VUuZ5j2<*+QY7oiK2~8p(=BE95_ER=!5N1eO3y8kN@Fbv;(*H;DdCjfIA^Tcd|1`mcqU*FL5x5)~x!AZ5b?fdr4rI#PK zZldXt-SSi&)vdMdr^I<$Pm>Ke=nCVjtA)a!u#qoW_dXQ$bfw26fXfvS=Prr)v8v|2 z4JB~5<90iID~P`px%f~{x!BR^_laJ>2RAm;!>MOhMavvH{lD_zXw~-Cp-EguS+GTM ztI0yK30v(@pz*bvjhV-D9+1mz2w1XC*y~4^!JzHgvb1%0RG$FD@~j8f>y*T0edy&< zkW9JlxT(1Rt|MXm&5os8TYM_#($#d8<>ud9+@PSK&!S$3M*UAS9MqtN=JweEek9KY z&htY3iYyh|LNsP8fXwo!NqNh;SF4x=l>>QW)z83bP5t@RmsGc3mRI4d>Z32kDnBY) z#3PAIPwe&rHi_gsLky%#20pI6oTw43_YiqnHjQ5x!zKwjF%@*-$D&l|YNAHP@Xh2cB>j9VR8PZ=Xd_EY@!7Op2waWy;)=5T*;ZBYx zMq#F;g)B=~of#!lf-w5gT1+-KN&u2bRIq4Q;&r>)j1m;RgfgKPqnQ^3%TLhVAl#b+f6DFg+J|t8EJrdt$yk5KHeIf0z`Dde-x>MndV0 z)0$0_*;G5`s~Vc_U^znL(PrBBR~QVIG5S_x4V<$oW7E>T?tj|`aqzcaywX#!`EBq# zmHbC>atoDKnUU0$y&bp7vH6cT>1566jU63!#2>EJ)PxptdI%FXW~+CCp7~|$G8_GJ zOvk9=-IsPnh5=5$^BbQ{x#QBy-MRXQ-@ku<9rrZ4wbsdqiny7@7=e>a4T%MMD7r$T z#qd){nz;r7Ew&!6*&yPC!h8DFRx7Jy3v_X!gmS`L9eTJ$>wV;OE(jJXu<4pb+I?=s z!%po6P@IgVl}XN@_KN&l!yx{&?9V`r6rDfV9r3NnQqJjTz33xt%%GWvK1iwD z=scL8MX;_`{B@T?%v{i3> z*!r6XhF+{rJvZAhHO#@sD|h4xujo{fVOsANULKnFRlpbNrU*Ab4fHrHuJ2KM9`Tb{ z$R~A-<||P^ZSM3i#TsYi0^tM9_KY%zBvT$%T)S6ii${vhTPRTQ0N`0#S~mIJ=q}EV zaZ#jXvKUL=-}N~E%c(&QikrLk&qJ+-`k_xhT2D9AcNl<{GnlNg=wU6Ef~l1UNQR-J zZDWsoA9x<)@c%jM8BB;=Y+NIPXGyt-zWVf#S6{^_Vr7tCs5QeB#iy{e>>ujOnZ6nk zYl~mRDJBExo{C4t7YAY*7yY~!3r5sh!If(>R5soZwEPtk(5 z^vDM*Ytv#{oNiwP=bAQ3dx)@wozvOJIRb+~9r&DKUOk`cJrN?>fekr8v8&8hilKBj zGF~4sA5*QAkU_D(fyyvI9T^s0Tf9<-RoIs;jjI6IdW!@7;!F|RYKE_5hNr-1Fl(>A zl)6|2sJrAE4hkLTb(NWSP~V&W#%aLYN_G&;pXV(dx6RvTIvF(u?!AgQa$aQ%AXqzW zb59o8uKr~rabu3DcY0+c;>(BvVQX3*SxX=@C9qbL2--+BzP{J7OuW4BIQ8sFE|hOr z8K{XhZX>m>sjDq=86B!6F4jX`l>4$D!Ig77XUdnC%?uf?8Wk7yP}cw?w!$2{C^Q&8 zlqTdLJeVPYpZUper2XuSUP3w7T?p;BHddtnjx2?p&ai3NhtR#%<2KxDm&2Ia8tWLJ zq>M#wv9P0))^GSyuMhmW)MGiDvs(qGHAyxyg?&&GX}=v@(c?J{ zbXj5Fa9DfpNgPca3Pwn#m=Bpnf4qtamz`mybmYFnlK zDVaYTxSxuD&6oc}x4Ff6GbNj21^St$Y`F7iET?oEo}-qpE_6?(gkSO#qbTSi-bC9! z?ZuIHrylo(k^+64;OX|d(kXo*Mx0nMJBhkQ&F)gKqY}5z@pdaee*ffW{*x(!SB~!l zFsfO=%NCKY*UR`)^UU(;aZx_#dMZrP&M&eYe)s;O#@@xI zzLf5wek3cPSbcWU8=%pINGO$=EtCOZV+r))g{Tk@M8fx!B(B@@V4AzlBQGjNrBePu zwT(se7wKD{l-6cU50#uYm|*1*+WuT4tw~!hDX zeuP6kV|IZkFvN7XC;l>W-4-Ke6+Jpa_H)Wp>28?rt9;J=%}S}7ZW{)(teKpOqV~opx z-KY7jSMfx2=KEULXwU9h>{ge^_PUIKN5S8`ja26C)Ee}(iX*0$&dr@9$EZCM{Mvvl zqro+;8KTxWk2@`{M}J@G6+mpVRBe|;q%WgbG;*=rOJO}(O;#5ucpmf-lnYfVMPcX} zVuXRC%9!T;pRrx?&}FATD3e0%_Ut~h$=OFa(S}DRab?+&E4Wr|5nSyPJg{X(fwjCd zhqT{2+wecFL#=Lsn37H$$C`LuRN%lD@Hxa z#o*4_dwMFrZc4Lfv*`2e9kP6(65+nl9&x7Jctw6sk*dfCSTxG-ZH&Q)VH=CId0mF89i<6 zX9q+cy5G?${@)+B4wHB@hKRO~tERKs?G5e|dOEt8&l^f#czrni)DI8G6@DnDl3_n& zirP|-yQ}9U(`S7Z!8ZFz9jbWC6OT>x@t-4mfdwU`6-Eovlm1Y>qUOp0EE}))pW_~; zzkfabRXa)r*{-DsD4EGZ`Tt0xPd(mHOoq5(!zxnh|I71p!*Z{r-n_bi zv2>e?d`C~dI)hunYe`6s|G$Z#z)xR}XD@wj9PoS}~FYy?tERx@Awu-Q2 zD$_L)PNT{k2VVzizR<8NFUqRZrt*D2>M8U?nte;1dS|No z+K&^bv-qEj#BIYa*ZCb~9R)Tym<9k&m`X9k!f$}Od0+F_$WGYKKUCa`@*ZqQ_W;MF zYx+3CBvO-hxUkkGL}2R15Z)jWX=o|hwt#^f3tJrAlEK#_8|ny7)w;Ml{$TBm?lg!J zdT>30sxRRYVH9^$l(*$HhPhS?EI5w1cqqW73V43yrf!{iiUA1o;&g}4b^q2PZ7OiS zU;}W3urRYoM9U2t&R^DcY;u#`)NBVCI=vSQL5F+t(;^@f5JlDDfAou;{O_dhldC^&c^6HF&DkO#^T8UM z1V9A0&UE+w%;IlLp~D+P!}E5GE$Ku;Up=pGX`EQD1SKc=m^TuJ@-3j~vln(t`>2d1ePZV@1r2p4R3+LEOy# z?fcZAEU9)r;mWR9OEgw3;f83QfnfsklI&D|tkv)WncXhtA#VI8zAo_CQ7R9NmrDvv z9@M!mV?i)Zmmkd@Q+|A!?#%;H(ymWuTN>NshPtK9-3vN016thx1|;EBLk5~@0DQee z5Ng9l_Kq$Zh$x3e@z~1+C^xr?ETBLM0JV8=;YOlZx^j)T9pr{M1~^_<5Q%P}WrVML zx)~1Kum{@eI`e}5WcCK4k*p`*vU+~@z0TlCm>I%`vW*pnPc&b#S)>A0{my52OcKxD zfE-`MwPOb8Zp$rbuomC0-w#mh{Db=JJH$LQfPmK17A*zPPjoC|7gBbVd+*z0|3?t8 zFqNums<5+Wfcjkoefu+;wG!~wTju{w1GG6Nd2QyZ~Z3($M$6}&2V4o1!GBz8s?=I= zVN&J7Ly0+hsf_~P#^-jkD*8f{#l>JX?1S6P(O;E_cKn1@!))paOh7C!YwBL9jePyz zlv)AtNYNe!kME|Ng2t~xR41jlUy01xALTZjYOMv z>7E$x@DK#EbDW3$t_*(+BPz+@LkElE70;Yh|JtP$9ixW9S&{n1fh0%vv= zzivj>YVXjf7@?7wAn2HlsS znKuLm@tR?n0;P`>FQWv(!=|OULEF%&fdH&u>pzTDccxrT`p>7&6~o?IEsWEFUX;sP zVwS~3#%OOMvxM|w=wfg(Nwu0z{T`5O^XzcLq=Q*08qFWeYZMT87q@iUuv1OD%GLVI zw@wex^XX|H2%*8Aspd*W?h}+384`=lJ-v5C4>Q&QjPA3bb)}UA=nj|<37p6!*a!VJ z2bCSSuu@5A; zF}O$r3bpC<7v?j^b*z~!{O zHrhi&u90T*%a**&{iUwHs5{pG#g(}v806;W1@$>0?)i>LmBWOwaf-hDyZTJK=#6h< zxh4(}X*7SO|MV;EgODN&Zea}%p!A%Xq7mMj=?I6Tnq9fffBRPX85_QA@^wd+J#stB z-(hyU#FKBS0iL=!|52c#1MD5g1VM1`CI3X_0X!EA2!<)Ia5{MZ%EGR zHbr9hh{t#=hCYRSx?S}z@=n~ki@TaWH1q2+73vC7EHoTdlwAB$^g45`1w9Se2-|Bu zjIcP}H=t%;P5enGILuNjQZ5qzS(yT4-(Q&kQV~cm{57^ID}_9Pc8vy8uNczF!m8oI z?d-m|O@@kT3yG&IDWL!hKvY)Bf^E)sz)g{b{ykC*1wZ+{SuWG9RnQ;207jXm7%7rgr`6J;W_=w1e+m10<5c%+=DnCBM;ZVOUZNE=r zA0Q6AH17fCh65R*6VtZK;Gz}joJ7CqE076u;M&-if8OGKNfB0EFysPM5xx`$upDNz zU_0P@SbySvww}rj?f~^qzlS%1v17fauMQ@yW_0cRkH;jJnzf?NKsUqh>-RcC#vZAE z89skP5C2W7QEB`pE;a%DjNR15h>R-=tU+1j^4tzR>H*YxBNB)=E+?m;nTw$3!=k++ z>;c%Q)B2))lwL#1$vI#@_YGQtUgi!sp9njz>5U(iuo|16KP5z@50FpAy^W^ZII~eF zjZ~VK?K!+yYBrGoErdvuM5O4#HZhxoCG_;%qT7Lu&su48NBMxjg~P%a&1z`sye|b4 zFQer0Y=uUAS39jFm>uk0GaO`^?%K|VLbH=%=mQ%K^m0oASc@k7*V=zx6zOD2#y-$L z`60VtQ@D5q7aI`Z9jD^oC=~luqOe|Z=N)jCX0`GGz8jSBtG|+VB~zB;U~^EhltM1d zq3|X1<&l!$+vL)CZRAd1GYzy?C&A_H!&M?RxD++2P@Sq_C&J`MlL>UtEid34TIJ5q zEGmLr5!7f6O7J7*OJPLO>(mb+NhKE#|*HcZqBct;_5sj0ILrwsX@ zP*m>20d9(3F3uji*bei)kUh`q-vnsa^I=Om)gSWs|DwAhXfANLKSmkVgtE=pY@C}O zW!GbgdWY^YJR*cUt?5+Ee#%2A;_m5}P@9=c5=ChJY{%t-!|K`{#cJe4YMO@I2XjRD zO+KAz{}ytj>nNsj=9~8`CNvcD=})j=3vXl5E@VGjtJ)%R5R)U-(xrIwoO*ua@p|b; zQphO2T)6XvvB+;)x0#tm;8slr9`z@d`^&u(C$=J#l;t>2*ls$YCY9Tt#j9x-Z%>Mz z4+|hsR$265rLLbh`tdG&XKJYHO%faa8&q^#@HZD#Bd1T`9U0lT*z9F_TuNZmFpea; z=xFh~3F5mI7j>xg(HHikPzyg^qX0_dMrbTlk6_7n)23!x$a1g;O8G+ zj?Nz+YJ`VspCaa4rdxhG%%h)_*d>r2bo0;ieRFt=P!xw0ih59P#{i$Lv)|la@l^Y( zTZr2cjOckV`5nPGvX5L#OB4&=pK)dH@h)iD`TsCk?H909dM%(ELH!)~!*0D37nk1v z|B@%MVQdEuWJkr8lC==!03QZlXqGNimtYGR`L*dTg6(?{*)m+7% zNQ}v$qm|O$45pwXoh^yGT-De$AcdMiPE~wcrp`e{Xt#q)VXp+#=-oI!TB~8x9{1qeQhvh_ zUjd|O-%OD~Q3;hrGa|BZ&~3(5opUDVypQ!|4MCxPoOrbv#(bUf+}P%NXltfv6enk; zQq4Kr$Czbx9N#+AhfZoUxzS&%Ho9HhQTHU( zQ}5-Wk6I3^D2FUli+7hUetZuI5Ky(tAWdYbq#8ka=PjQ-wUH{i-x37hh}}ODhaJa< z>jR_NPU4FAO66V~Q<(SN>BR(^5V+ zNNBL5(?~qZdJl&b_VFXp1io6~Or65_b+-7wNAa z()eB?2y~8CBN6YVD*c9sdgWgl%|ys%O4R$LJ`y}!<_~%~^DC%np-^#tqar%V-OTIY znA@j<)WPdVDrN)scX^&YVvyWGcm0JSu+j#_!dqC3u!GWpa#%T34eN%P=P$5keUz(Py#TdGz_2|B4M67J;yLsi6(5vMt zmg$R9>FsTL>R!K5(qM#R0W!^u>gXsxwn>4Y5hsc-1dz0Yw}2|!v~8&g@96qyLc_F)Ac0y@!;uRamC{gXcOfI(l2 zYnpqLY4e#NI)shv@wT;gGvU#t4i-jrap=};?7{8UUq4pIwJ~n?rH2&UPV?Ac| znE5(9M$I9byX^~Dq_@6>R70`0EY&Occ9{jhG-Jb_Ph-^%NVil+=Q{~LaP&hJQbW%< z7k$Qle&nL~^akinNOLXzMqU(Bg1_FS3qN8})L<{KjVi#ssK1YDy0;n9eq=GAxOdFT zX0}r>1L7;^m9wNih)AMM+Lni92RPj$X8IRjtyX03pQn-W&)%fx{6B1yP1v1)G-E<=!Cb>5^}~dS6sO>FN3ecHqQVJ!$5Eu<>}lRkGt-)~m-j$#p1)VG0kG z%HMLy-Y=@zyOGzB{zXFPt{y66=LQIi8%$m>oEsWD6s)l1iro8M-~AJ+rdNvZq9r-$ z-}Bo*Njj~iwKh@bixDvg`q;r%!(e!8ZOlWa`A;Y<%D`aFNvMJ}d;;Sh8AAY{$pjDc ze>M&N=@j$>YtFT}RR#}{H^yvNk2$lGWe8_5F+zJRC zd7UXPChmI~0^Fd7cWSxv7S9jl8D{R8@7%D4Ffon}?yFI^bV9&+w)}X7BzB*5_OETJ z8iSw>#ObN5r)M2cY3HYhIsSLI2n6E!PwgiZd-s-lRcV8cjKrnnn}5!G+DMf#fbRYW zIa56GQqLsE;cruT9krQNw}VdA!#qJaPxaM38Vtvbf31r)*z8eH41FOIr)?3|}>9A4f(nOgsOGEJfodw}7&hXb=bU9V)H zNRD=a0HZg%+Vx1x?hYNtdp#h@>cOwc-)j%$xbyU=*(L6XKyDv5$p*W!_KrYzhqKr#9P(2mi!MecIH~gQ-xk6gF!KO`gOb)@OtZ7)$L*VUbPjC-% zu<0@RIXfY1cL#@s1T9v-o{lJ<)Ia-tlzErl0x+C{+AEW9RB!wp`zXtI=OzGd0RXQzZdLk&h1NPls~~kJ=QAz6cv&xYCK@ zkaAEtW&l(w0w3A${CWxX*3JZ-EnG@_U*rMX&C|z#{&7rufeHu#v-22zeA>ANPA!uw z@3$QQEyGI$Al@URim#iZ<}b9mG?sjTGX)Ez|B!_eI>54uc06O2ZljB`A`UmvZ645_ z3eEWaH;NKCegnVrl6}|ObN;tTGk9~KiI}CMHrzTxW;p16@0mtjN|xC(5x-My{)LCn?do*wA`+^OGi-FV=?*dGh-QET=1vu?)?=)AGonl8X{ zofDr@miV0Ad!*~Umhd$HAYN)EIZ;@T(kRi-$pGt4-AkoR!qocYD;$uZ=)0pCR5<_d zG`jOZdi{$Se283dv{OK>l6waQ;Kk{qDc%w0w9z(Q>&Uu2x|^O7_B5n?8X}QxbZ8@tH>k=LVDUaRds+ zkJc+fddH1ZS{e~2Vo>AC0dQv+R**T!NCL(X`TvX|a*z%I7I6(=igoXq@(Y{fhq)_U?225)$CK;&iqm1*&D(!MpvDN>jv@rk6}LF<@P~mUKh3 z_C~^MkyZg>*dF{^tfilC^Y&W_1QeD(1teP6$6+<+0!S|_k_CRaL3=h*#0dnWh z$x>ceNZL#-?r06|niFYHLYWRZSfR>_5PqX>Bhm-P9Xn>=XT{Vg5I`FY(K9B}+9q`;`D+!T=yFU6kBl!EH8q6|meY%bI(%mA z@BrM%k3aD`7b4zUQzrN7HybSf6duK&sYxI`-1sikYU6Gh;JM>0p-#Eg z3UFoeLW*|Ee%&C&L>3+Z$=C5$s{J=%Elxa;1Ly!$DBor9fF|1uj7k&OMi}p~1)Qi(n zgTVv@=xH5T{%M@)aG%m{^1pf-lpYe$2>IiE-M?lgB47sONW324@=>QdySz~QwUPvK z6ZhmdqMk#u4@&|ZWJqs8P#J_>qu5B?w>ZRB1Wqk=;9fRsgO0h%j*#R z@qU4enYjFGIES0kKFlPOukCD#Zf|T|ZT_0j7Oy?5l@c)zNj}L*8>ACUUeYu0e?itY z?(i2+yZS@fHT2%+iE%k-mgx)O4|KRGfQ^@uv&M7b?zr2X2>gs{GKO zdhU@pQFTB6zx-cs$o#*7Mqnz61n&B2VX5(9;P{m770}@A%Phf$U`DyL%}$mnSGc3T zb>1XiYuMV`j|Q1sKpz4I0$bh--Z!dY`}fHG`50}QM5R%VpB2N5TL?SVo47kjwPH;Y z=(L!AIuis&c4-hW%Gi3A*ySRX;9a==6~p}QBOdHWY=ajGhgJ%oj?>Z?=ij}E5^pm} z26>Ie+A_mVAd!C30Zj@4;s{!4-6^40xUiN($Q^6u_PWG;F1^-efvM6Su(nc+6%usR zHrytr)nDDE2ATEhEK0OU%)jER+WVtKzFhSH67KC5Jw#+GcKTB#XK{U*9WKz~!enueRst z31o-DM={;oER7vN>f?ZhS7kU$F(dbh^i5oe*_RE91({dB9uPgOoA@yO4jZ;)k~v(Z zsY7&pH~RAl-F$uD5tstcN{uu{V!F_I+oK)Jtu+cfHd#{n23CmoBHLu_!QeSOseetqY;ytGr#IyUB%=02{v2ySv+!&rb_S zpS@b&vXb2DjeivSndH0IXX4y=o>i7l@ddA5yk?~Os7mmN%JtRbl&`8^mF1qLJ-*vH zI@X)r-ZStiJ1ISzhug#9E(QjB3pY_P%f0!H`pKI)4^97YEGRG69fDbQN-0%9uaUnI zdeDEpNhO7|dy5lAaT1@vsnIX2Kg+q+g#}ehw3q8}?J)ekMRKvOau%#r*7OpGbvg{5 z3vb>*8gQ`|yvZI&%M^GZ_tCVyO94kk63Ju{yNKt(b8iB#{?j>|GJ|D^i*@Cj{C)S~ zCAs>Vs(eNFQVv6FKNouPgJ1;2clL#QDf>CZLAz0yc~F2TDz?JofX7y1fkL|_{1p1g z@@;mN{#0=~b<*FRh|9t8_hV^m{JW>6`_3%r<>@DfXhnXyv^%GZaY82nN3rC;6&na< z=0|pk$-OIX$3-SmlGdmtKFsMiMJ7m;-c2+ZLc&~*>h?>egfh(zTHu#tr9(IUx8v`` zuORsYsA}(ZY88h1`37qx#*BykZchS&clS>f<4Wlj_!3X+c@5oHCWYZIQ}4Qq2%y22 zk6m-f{pV)=IinXqq`A*lWc2=-4u9mL$kF!7&U|4PpJuMSJJ;lUzg%!}&1C~~6_Tda zlwu>-t~kzP>IGCxxYiv%WQ3!roSN;;{L;*SM{6@zS26FsQ}X7K=q%!oGdB78{I_w< zibE4kTiCJ?j-$}mRjy9hQ{8a-w2y%X+3H)v-&e~0hzA<=Ls3mF0;2vB9zYLZoQByy zT&7>M>zg0*7%l4=IN$Nu-<(H1{EkYLcfNxjJ%k)=^#qj}nsGQpb8<9@-K*GE|yfPvcN|F?MfuFOh9q= zt|PKHVoj&UsQyrAQU;NJ!SPe$>TN2wo%}lHUo6!uA~xl_Yz4d9Ia-GdwP!(ab@iiP zpK!oF)s93-J~q(b-JZ4JBf%QniuRh%7WSX7g*&!+EP1U?lwAJh_ibs55vkW)(oz4N z0BQ8jy+P~=UtK->Wp)~$u^t3J-b~ixN(q7A-N5~8dgy%WBv@6mp0hEW4<7EzhBmV+ z)eaL5`4L^R$y4%u0IA8%!ui-l@2p3%Llx)BYNEHsSmZql+0cJTM&N+=iG=fIl_0|R z=#Kz(3s+o1<9@?{q3?-?&3wZz11Fj7iVi}dRifES3xz=68XH&E0|UyXy^!8oOEkN!ri41*%UxjKbQx-1dilph7Y6 zsmxEd$E%F|Z^n`MTYWB%w=|11-!JHLZ=~>A>aO)Cq*I%w9hUju3}pCSTKlZ0fKN58 zGVdcUQvM!v^-x`qCW{v-V{5tX46I4_e&)FA_YW1NIdxOo#~upPgp?#rdZI5~1;N?j zL5m^-)I=`l=Jw12^R8-x=x^&mmZA2aTuC%^G}wbq`HBxT=ck09a!(N*gdP*7WyW1% zOCb+;N0lVp`~wc4zE?9DKKs@%-?MaZzys^QQ&x(9G<`4D{k6?m)OvU`WfnUvLvFAN zm1{JM6`OdfXjjS1{a-A=w^e;KP|Dg8il1lwNfj7+CwlN|=WlLgy7zWLjrHi$MmY2e zZ@^``(!yXl=kjEyQ9Q%$^p)*GU#PLXZy{Cy-vE`>TJ!dxzr;ZqgA}f4o`TXw>4jZ-;)>>sNUT@Yrc@knLNck@U(DZs~0aJumI@oH-|0ceY(vGqi83hGcWfpBk(;4&8G78mq9 z8&&QSt&ZOR+R0}rlzcAm$!mr6zJ?*84VrvjOxjBnQK8mydb`;gH=7M!0v;Mwq|=?! z#zFDhb2H5Kx^yO8sE$_UiQ}TA(S$7Q4Ce3u*U#z6;UsDlvIBw1T>Y{lPN{GYt%p9# z{NXqMzOPS8Ts8*nhlcs@FL}Pwf4}70&K}r&$x6;v6wf}pfwv_E7WB5`Ovf^Ptu+Sa zw`pJ}6%LUpGDazOFgBhkck}sjq(`8`oCJa3A`&Ko-uL*+%^H`#({r3_q#ix%=C zj^U5FXE7rC<>r{;G>gp+!lBbI7h zw^S!35YeGm-P8`QZjB!B{q@iUiu3NSAF|O@_F}F4k~)p2F#`iO6U9zhQG6Mf)B^U^ zMt&C-X3Sz!VOU>GTV~cvw}RW0?k|c-KtMX0r|9C+{x|wg z&~3qMgLZ=-4RMqhRNlzdeEc=lpXYqgPR!5aYnETdqR+{c%V`K|sE0(BSx*eXXXN$g z4QqV$MD{h`kn3 ztg+>9fw>eO5uH4qh(!Z&C07yT*1(@RvEnoJbx|}ze|200Y^RLF>AZis^dLc-uv zHN-L3XKEeb>}#z>Eyko>GXoot%!>pTm3E!_z=cU8|M|8Ti0CJjl6goQ+V#jHi&v3c zP)ANq5(Z*i2?yooAifOgK+KEdP>We3;-yqnGOX(MnWR7Bgv zb-?Bp-h7tf^WJ%sEhWap9|av|lF+X#*5(lw!oe`#zxN}+HY87li3Cg-eyP0puv^?D zItXf7l96A%?_nRakoXY97tw|(g8Q?Dsa*ip!H10dbe~<4d&2G#BLi8Y^#M5<`#KT} znNu+wi6U`q^qmMt&mS}x;$&x14-Ct+ohw6oEk9$aF;0+u7gPO2ci6=jX)w;|5PP+& zy!LS0DF|FQbPP%eG!thw zvq<;`!C5|7WR)(8pk|Y0aiYV}t$1G~yetasJAAD}g6B~yl|d~p z$Q;;5yCO(kh@yN@y=Z5C*(C9z>p!Za=|xxQ?)VcjkWuG~lvHPr6x%A`i(FRMzIeNA zM0h(^$7fvMO-u+u-C600g;_V7EK&!ozhu<>02vCd?rdfnIZVfc>WFBXuwVTCBINX1 zikX0}Z|7JCZ3uE3LDTYwBi1Y&`xshCQ;#+{-2u<12#~O+#^A7xsUDdHh05skRt_mOOI5}nwgt*pjaXliv#pF$~E)|{U(7*&{drFkuN z2X&=h@JP(51Q_CwpM5k98o)(FpOCUxyv>3g;hzb2;KaJIdp!UOs8(8HK}lt#+gIm#{+x~|%`{BOA};OQzf(~NXr-K> z!4uLF$Kf*Rr+t@Qe|n5!v3Ru%y>e6OLxb@-Wp-31+b0OHFmz%7T0I4>p)%ovKtEb3dQ}R|Kb|V zM`ZY2( zfsQg{H+)7>mBe`+2vK23MWl1#zFlFUgRE>XbJ0OuJ~M<>%a5pm+HOsZ{J!dY(FD#2 z{CbF{B!X6#bt9uqMvCk5<0NsWvp$of&or1fJ3M}V3zY=}Ut+E5eYH4@xZgbTGa_B^ zJ*xtB6&y6y`>MF(5%>ec%JUh+{dK}Bk@Ra7fHoOko(@06)p5Ey-RsU&zwBvA!S!v_ zYokv^co!54rP@SSX%!4or?Z@ASXP1sYJvSnC_3!XD^=2eHp4=Mvx*6MSP`NQ4wolB{)Lwovu#cA^psQ10RH zKDKQxk7GbviBl5aYL|IR22!k@CL*QiYLvFu_=h^NxKu8qRki-FH##e;Rp2|urv<0G zn=?7x{6&$k`lUQ7QXdb$QfP8lhc4>AaxKV^C}VoAKx6uu==>xBdDVA00f#)9Iu zJ^g_FuN%RbEoqNXeA*3Wf?f-{AD;`;>n8L?nS=-uZHtow)WQj9^=WKx3H70n`pAyx zCvoP_LN*?k@}E=$JcNBy-(}Ky6wLH&P{eI}wR>}+xzTOwZ;#Ea$br(9NP=H6NL{$jUp6AXDCzf|OLFs*oamS*{hJ>6=6x9^GWX~sDs-n?Or z?5k=boc*qyim%eAcV=t z=18>056++BntiB+fl^>$os4U+}JbC>6qO4$dr*DB6X4mCeI^LBlV;uV~WrI zaAba@kUfi?rDTM}R`55_frl9-B$`^lUDIgJq#WsNYqY10n)AWVM2X7|HkChOv2CBB zH4sS|Z6;8H0iJ9YtzzG%w7xq~!Wb|45;vSG;IGK@ENV>riJtFRe|p*bDEhjYAOF;fWzQft z^!y%~IoROjyYyUI-(LI($Gf~1e6UWF+s?$F1;~-&8QybpVze*D*f%K>SN*)5pk0?G zwJ(W!Ox({sEeMfFp`#JM-Z_v{8!ewKD^?2`lh#)_$h~YA57}NP%;TPxjfC4>!^K8En?rw@y9RKS4y|{iJ z(;v~{*IxVe8*}H{>lJl8^z1F>k)4%qXFLdSS{;VZK_%x_u(=h?{#lYLQFBO(au{8{ zPjri`ejK$fP;VlFlne{)MWF0@$M;|qM5#_ycdm(?CA2$x05V%`y@K@Ds5kG8`|E&4 z_q`d;aZwlacQ^LTQY&U0XWLGWORa57q0+cX;zC(Se|Gb=-Vdf(n=@E&8lo_4o9S5k zw$_pproa7endTIB5Ed#xS)AgA7A?&`XzpF!B4z)gRiMGkZ=Gf$z~=O`B{7E=!Eo3H zNr|J`n>^}px;BqXf6Uxmxi$}7b9Lr_M%K@SI3V?{m57{R=r9^R*>#g-POu!}@`-RK z7c)~oyORfdb1^7jjY5GX(Mn&|5%*1qgT7SxOJ=e;jP3CvOYm7rZe&h4MyL*-5I6m7 zWrCi~OJUS=O-L5S``V@zO(;>4eA4?x{z}u7nmQq2h9*bB0$WOi4T18oY1Y$}$I+s35W4g4<$0X3hyd{b; zqT%5VS>z0g?7R7QF8aPJ+f(wZza(O-_I;8W}|hF*8ug)3Z-fv$z-xH`1)f|KHP#AtIVO z6w?cd8L`?XP`2lkn}rnIN-}{6!>1N*F}Th^rq@>qaL6K7;6uX0Lj9mE`f!Pw-h}<9 zTK+pX-xb54T*}P%*9jNFZplGx=));kFo^r=7rBOp^TdZA2yhRY#-|HlV z)j6O=4?XH2gk{Xi4rPeVL-_4x%y%ZsJpBIL5~~xQ;mo}NyIprhU9G@C4bmR<;th~^ zfj)nc#{TWridhN~eR{Q96t8X2cV^z1XZGx8@8`99tfB~adXljC`(v1}BcxYB z^l_yEpm<_d78+kX*lp#-(;Q#n7e5C>C;iZDd`LvtSCtOVeWOOo*Fd;fd|$%DHRbYxfdX2 z`bXCO>V*~EAy8Bh1;b?1=2^1h+U^9QAug?F`sYd$p_w`vx@1~oU)2MB@a@Fx*A=Wb zTcyZg`r3x>GcXH-g@M-uE+SGK*$xcW4$MlrR7#YSCf!kSD7^`v3LCmzH(SVU_&?;zA~cOi-8D(|)NP>cNqnOPd* z5CP}&iarf48`>Oq>f0*Dk$0ktYrQm0M8@0v@g?OZ{G7s<&qqtcnvS4aLt9>z3?uRX+jOoh#i zC|W7H_Kq*%!J`%JW=}|6%Rcfm9W+lt!sJe+pfA~I-VU54L9?BC+j9200pYE7d)a$LD)|D6S)=>Fs7%18;8h9BV<3l%3F$S)MRhW=PDu%<#*F=t4vheIK{USg;j^bMmxUuCL)-L5QqlI zm<}?OvXv+V>r{$4zj<2>l4{K+9LF~pc)ZtF0V0LW(}$$!hDTt<*3O~6-9S9`v!b^< zYk!w=;1MpZjj&v=;)OF=vtK{>GvQFeltH0e)L&=vW+E^7-@Q;E={xrvqH{=PGS{FI zenMw6)W++t;*Q8w5Ah+od?^_xQB2Rs#jf1?rE{;bB@2>CTHc`IoisY0xyjIB`Uv4} zEYQBf$`~VDHNd7vjQqATbfJ zc909`s^|L;IQ#|IW92oe^p^4CCD`m`zXI9~fgnBA_|(g4=>4BsxHO}OWZ~TZ>o@G4 z5X}$7ca;eETT1u;5&nJ>Z1*wE{y|LG$Iyhkx5M^)&()SL8nA_rOE#@IJ&1nAQEL#> zT~f=~?m&Xpoz^5=K&e&bZ-96Odv^iOa5fvPFyYuNZSpJk^HhD`)|C?Ty%9Py@m^<| zhx}5plyAeW9ES3%d|ffi*oiKh2d?0X{7t~A(7*bO0qZwNct_dgI3SFA1 z>bmM>HY#y$9t@)p7D-@qGiUx8%Sz(A6i5o*`(j+Trq0Huin<%YH-lAfK8|4*8FqQK z+3gz2%u#){3>6yP!`2WUS?RqFD&J1pJv6Puo8ul8+KQ=qp68&5y;x z=75#*ou`h93~mIXBduy{-GsLxJhD7gzv&OvGlar;HZT4F?4^)d(cUdwwDnt-QJyiP zN`JeB>t4Io33nFv7c<;K-+c->m$tqBG*8t*U{wHq&oo=B=y@$bzH;;vq8xKV04u&o z;<>^f?-(->rT_N&_EHNxaQNIo^A&Rt+;ykb|MLdY!+{EX{DsDLxfve=1q!)V-o@rO z$2nE!V#RvHy;P;y5YWM7Q+^Vv7lv@(lCg?kcs&L)D zl=XTrPX^z<6U4a4bM_K9k8yVsk%u2U3+d4VonO2eGw7gsR#9Um8h8l-S*7PIa;2P1 z`<{9i=+~BaO)8gjiK+f>1PsR_-n(gMSWjksW$3fnDZWE-4L=v@W-DWd+|QF^g9Gkp z1EWOgHmv;S0S(X1Rmx+`x$<{lw%C38-?N3ta-aa3cN1119{;ki!Ti7Tt*^ zts%5E9$O3Zs(S%c!uCvu04z?#X&Wx1QUhKnyfPrL$x9X`qMC$LloVk~{m)g>XgwyD z5XS(SpUu^7kL0w2lF>NF8%)YW)}p!Z*ImAZNW+*C(HVIz=h7H=w%`HnG2SK8WDPPV zZt)AjRLrtcw2JVpV~`md2So*@)Pr~kN8b7~`;$(6gvpf+3b^-@u}jg88%OW9?g2oh zf1T-J#mgSH%n*M&r8q^9B)HbMbFm?CdQHuXdR7_Xwh=E%gR6Ucy$aclyW(7D+Y-n)%g@=*< zP%c%P%a(uDpQ(f=P2OxHMLw2Y=2@(v9-5o=pC1df6TTxRGAU>Oq}g(#S!$;YF*h6_ z*A2+&^-Br(8CGrDqlU%awAF=;+BAEU?V+cSUE*ya8MmRxNkpH$3?rv&2|JVh3FbX9 zh9NmhQb{J{tRmbCIomlLTq2ht-tm!SHUQh-p!g?L4xJ+if&N4c@G$wx=^H}4 zXCoKm-1#@^KCY-otx|yt%KhgBHSsi8qXZxN(}Aq)?YAE~1p~0EUkZ@_Y(r__-NDa! z2ZCR~i;9M=|M+$4(;8&NdHI%yCq~kB{nVOI01uXriqG(^jxU-RODQ?^h~)Zm{S-?( z+x01@5U|BBmWR{{Tp1Vax30hBdU1u;)#5TiO|@@}(GsbQm)R(V4C=bmJv~z+E^NAg zr=o}F3r)R$6M#)5{!;t*PX9_FZp~mZQM8%1ULUXgUUN+%it)1Q{}gPzpa6mmH5~g> zS&4r}7OrKyvruS3|%t$313RT$wRnu3|> zLg;I-XHI_^w{O}o4)>+A%vJ~Oy=lK)^r`t^u5K`n^RnF!;{;z!)t#JIk&lxASA5bl zat~Zn>A$Y24MAfs@MpZzmT0_$?ilvdFm`)}sofMA4WMOe|Gl$24CD{{B;-gl%1;ab zplB>*lxVI+$wZOkd|=U|)%bTlF<7}wA~$B3y~KG5&+ww>J5|&Td$tJ_61HdI9naMN z`vnUH{HVSUeJ&Y?F%MNdm#`W&3E||U>l?Ryg$eiwK{fvFijzD&hDmxKSPf@32bUQ< zIu2ql~k9!pM?&Nm>?MX+MdRr^(vxH z2|=65N(ibuji>PqI*yt%z_Ds_TJ8&!&WhJeKiEvw{p^*Ub1u-TdZ+p2S?4=ubPY~O z<4QC!Ovk@SuVxI?X|&#q$(3B48q;cUcc`y6NXelS24bq{KcUjYUjt+>?Bqz$o7+!U zhZtEvf*RTg*-48yyIK$r1cug{0H8gGXbgprn|9%gvbQP@UZ;8Z;N4V@MuT$d!!=f)P z8_ov3(x4GBRDZ%6>>*g}4eKBh3_dQ(7QhXB(6(;L>6Elr@~us{6RTF0tArHrlY7`V zU85V@#j4w?BH}tni8T8zf`8A?b&y+s1fGDtyixvb8>FCXe*SHXJIrSi@#BJot>xa- zVBdR%gHJeW&8LJ6k2VIVs%rFX8(aAvv)R4q`T%0&6llQ>*kF-S-CfapRHAEEvyE)cd+hxH$L_{V z;YXd5 zGVQ2@b zXQj-Kn;W)ML`?!7rAq(sIX!l(U-?q723+FT%avhq4F_RT6D??2awKz~#{?;QXgd95 zZ_)n}WKcWR-cSByA!K(1N>i@;lyCGrwXoYxV;}7&IKpPXkI!rEeTwyNC9~6k>}I#q zdb<~ARrxu=@d{e%QqB=yvox|Z6j$97_k%aOwKt>F(+bGccPC1kbSh$LD}FdBmWj=u#&7LUx4j!H(l&VIYkk^UN8>pu$l>^D)lIpC z)%tK3ZG-tb@-zS|x)pYiQyy+#rG{%5pn596_)1Pgow z0br3C&yBEi?a};vU7Ho$`SKi;_*}XZ=^X<^cr8&tqdW0J9{Q2glzG$fZi@WDQnoGK z$p$F7Uu4vzV6VP@f8(&3R^IMxog3B`9KctF={QKxMnVR!7~W7qt``}&E zii|40Ga(Q2*gbB!tcopNyJA@WVdwRaep{bcIr9DM&-EmItJyu*&_#XUC?r2w>Fw>; zXv0VYTLLRP1~I#WTiWI;())XzLl3coRWeDru`@$9=Hlc+BBCNiqC8zJ3ii zS1_KyDN;reNmHI(Fj87$|I%kwUA^`E|jzZ_R#+l$~wU$w5IQu7xT9%lN_KS)jp~+3Qs;MU5T3l>6=8ZJp5V9ES?eT6~Z32p3n(+IRQxhvjQ{%-5WQfa+ zk~f;4UFy=%mAQ>_E-~J?T~v!60;OCdo0B7BgQHje{@+W8%^NK*QWe^MZQ9Ry`b&@|X`0LdlZD^mFWJR< znLc0dWcks?z(+^!jouB$(`vXhYoCPb#_2kP=N;*(RbNlEmg(F=%U={_uh$_1ZB8BM z+2L~~?~M+sGir1Ozr;D7^xV)AHhO8mnrfT90JokONZjC)MJh%!pFa*Z85DiZI6+pizsm(4HeXT;BGNbfU)6u+$>t-ACL`sMR zISh^V-Kv_BwohDrF@OtMtGG*5I01dUK!HZYo>>_fPTx1qjT>)L?G>uF9kVWx-}{g@ zl9SZ&x=jX`dAIhNM>)9uz z9MFMN>86{#=4elch6rE0p~Y*Tjp#$ycdoO|ZmZMBg{@=!bz#Z*M(#;P2K&L#U*_>x z^Q{737uH2e@s}qS)pnum%xX<1vkX^!`+ZN@TrI1r;t3S(U?5;W{+!D|~v;M4R zK}{+BQ?(Gf}q8;LL(b7askc(SaQ?PUl=bd{prVf5cqB_}b}PZw8^CIzD5<2`?jT;0n6>{9aQV8+Yje>z9?w{z%g9c;j$ zv^%B-g@oe$$j%Xhd9-C^?41nk9mKII@L0I?}3zN~&istRV;xG=6iP#4?d z=@Fo*SoA(^0-vluld?bcdudS8Yuvp4v|VxPRx*0Bp>^jSFWLH zt|qrzP1TYVY;&%{E%K&hk8}Z!<2+0Q04O_50RO%?>AA9hKqffSKdR>wozi^4lOi<|3;%53#8);2HY#{JfG2zh877cj=UQhq0c&94gS8 z+gm!HV54VnJ>Kyg4S6c7H_?hnq)&GnN4|X`qVSknt6<}90JhXL(_U*uGe2&xl;#H@aZx8Nrnp3s^aM6oSQZJPx@*<;~dh0JPr(DDmbftf$#O98-_EK@J`av1dBU1FXG6xy-gNOgY*3N^#J3$9NJ|=w308arz z`O}KV-SI1R?!gUhzNd#q+|Gp$4;V))U&pRD`8w`(e#$0CW((#WoPVMej}8Bp?3f>b z{gCTK4MYFfVF1k&5(1`?MvzC7blcFsqE(p4y0q1&SOXqeH}*xdz)@_1FQplXByBi- z@L2|cXZ*pRIKu=UELcNO67uWn49yG|8(4uOL>W*N5{w2fK`YSfrL8n!&`!6RzP;GH; zQei)>3y|d+ZBabgj7&rJY^g5IP>D43PkUkIt;Wi8y$_c2qZgI>-vH6_5c24EmwwiT zB_u$V;iVmGw`IYdVi)`pISLksnM&d?4LGm-Vg%g=YF&eh%eY39R?>taoo5 zzQk*-RZtYw^H3_Z(odk~+`t@%i}%`(Gk(2I>a`7Ydt*=Tv!Am}|J>qc>qQNxy>R^- zA^T6j0dgdnBiqY^Qx}EfW{tGfy)u(;a8fY|iI$5wL0CkM{p3M5x_t(C74Evu$7$!0 zv~j>objn)3f7llv)0@?ou9SS$&-L4cPwEi~`tyxzma(odvFK>AG=*QUjqHiAfQ7LO z1ULQfJ)?v}ANAeX3MVK(d+Soj(Mr$INN@K3RF8!uNuXbDb(#5BlRlaO;`H~M(pnur zAKlUmq|mGArlz>7dXo0PX>Z{CpdE&dp0(HHT-RO!#dA}d^T31M?ZL+r;QZ%^QBZ9H zQu%UuJSMPr{QHegUC52t3ctQ2?k$4ka0)C5TSI08=jbZisd3%+L>(!%b)Cslb{qOy zrLJZ&Frl&qjm5%>-tpJ+;bSF6ip-P-0`Z*~LOe;ZJ&iU7S<2lFFUjCa7SpWyIZx=2>?VSj6p zFjHQ-O}UH+d#y7Q;qy42YakCd}ZktM%DDGMV8^ta-7A~UP`o&R*p;e#(t1!%#Cwq9% z`kNY#twH;!aSu0(V`|snAP=C%yx;%?&|_d;(jlrIeWP#1cL7J+!Rb0ys5_I|=ZB?bXYS#>SW4 zp}3yW?ONb*0WyG0NkUTY;(1Y+@z@A(AjqJ|-pgQ&%g8olavV_E@=@Opbea2J_H%4{ zJ1?MGE(SoULs)miuK}T40u+6-50X@-OWWTge$D(F9oaO&x&vg#54&e_6AT?U?svCc zX*&8H#)<`YlroSDl4CB)^veTy2t z;WyO{E(@Z;ap^U5Y?IQsC+b&^ohaRo zhK7wvSu`ZxtUcU8Hj~QkE~vkP*}at1r+7G7Y#?WGys&<^AL-N&pAF>?hw2&n;L73m zPrdV*G&1{v;Z-KN_pK;b7cu@_ zunpS$44=A+257L!YA!LFjs6|8$i@PSHA2>91yMr`R5XIUtbwA06eZAZ-=}dXr1g6w z#3sCyAVq=5Qa_3ZRtYd{5Cy_Fnhy->U2QCiUW&+PU^6ZJJl9}k*L*kO$i_aPU|SYC z3~i%D*RIR06FEa}lw891s$BFoqGY@YaK@&j0oaoi346bWzui$uC|$rg1_bGf{Z*m> zk4Cjkhy%zj^*(9=5}14lsW2I1VY1FXgsCv*Cd|l|3m+jhZGST7C+h@B_1i2xCPwMV zmkB*B)tU_;hHo9=$f$T>ZuBU6Drw*c`5^HW0CU@m4Mezh5%Y51+>$ZzH)mD@ zX%$9m;~`!6^ryHCEO1b1)Wn*5eK><$CR22x5m!Qx5mxEe+@-50lXz37Omhyzd6WHx zMMB}6jR@MlC9pJW2ea2g?9xXvy*Xu_LGt;a6pP&+aGnpvWBumy>o)&q$^@}T3)v0g&7jW8C zg44qUC;~La@mnT=%E7>dmdNq?>?M92C@TJSbXg}(=FT+*ExY#lsOIMI#=ETPtnl?Q z22}jzi($+nu68$ohKuU5c!;?Iy0%%$jzRjmNzp3er$J6;FYr{PGtPm*vMa`n>oIfib}7+oZhAY}Xs{x@-~&a2}Y z((?>&cRmIVf&3;r*DgrXD)q!POEJ?Vm7Esc5~K1^m+zBrQ+&KDkhB0K^V2QC%9Kp- zX-Y^hUJ?53RqOOMevF($$?-UU*cP=jbdRkXcl^?>k@%C-Slp)lAtb(*EzC~ZPQ>q- zv#EhjY~U_=ms`0sTBkx+&H<@QE6TZj2AArY;N55uXu)#o;+twW>6durxqGzcr^q*m z8z!6W8S+aO!PSTkd-87u-`06Vg15c@$;u(Xp1njL5{xaChZ^ZClPDj>KZa1MTr9n} z51eT1$__F;DzgD{R0=4aw@<0rQwq`MPGprVQkyaSSqsvtKpLq(RcwSN_z z(mZ|s!;{OUa<6E@x0nKgZXhCz*E{54+R-2NNziva_NrV7y;K6vcEz!Kb5qj8?`JeV zXFLa!=CO}H+a+!*jE`X6xr7&9dF(g*N4Iks0x)#89dL!#y(A!-05CcMrBum*grsTa zTS5a)AmAHTc_83(UFO0Ilhl=OVv` zB_$c2zcvzjCT8PSCG!c-8xGYyX^)+bU?bsV$D|5T#%4E@(Yr-A2|X=MAzTOPzYjwP zvGJT?J*hh({=nc6#JKtO$@}NZWYZNEj|%_`m;NZU_?9EfKmdcOi1oz}>?TMn!iHv>YB%>WO?&_&m%E&;OD-{#Sgb zG)|z*63R1C1e>ivOx&m7Ft?m|epgp@A|V0*Wv)mW9qOEYyC^B#soQWS?a4yIL%CT^ zCpwd2ueGxKA7(C%?DUBMqr*743D?sxPQG(6qz4VT0gFY$or`s@>nqbdbPTDun8K9A ziJ;0~xO**Jmp=b;L4daWzLzr!Sh|n)mVEzc!-4sP-Jt6z2n#SHIyasyNZA>R!zl84bdH1}? zNlXgXY@YWC-Np5dhAp*(_H@+*h+H4D6Zh?lTd7iZ=~Vt5`fBn!&l2!tVOJ?E?Hy3> z*6l*(Kh#F6rCs0TDcaQdEUx|0!#Ig7h+wdYq4YSODJM!KTfR-tXCqXSMY=~jkWGMR;kdayFjXdL)dzQe z1E~f#^ADrwj4Hh@E;)8<%t;8XB%ymTA0VqqOXUv$@N*|9cX-jbGqFTkN1H3<3a{qV zxFnhNBum8Z-VV1-7f%<_s1kRhXNYbHk>WADXz~~s6eeZ+<77-Cuyp*x4q9`lRtFa=u6MTjpzgZ>Bl_RX*j2((a4Sob#3*WNTaxmP3~9vEz#gJjft zY{`LC0H8@@{7=lyb0Pt_lELh03_`2((_E8P1ZYcR)hVttHf2%_FA&a--p%uY;Cx{O z9n5*npG6aLX7~XyJ5~m@9<=$XbtdHcc9rGNav7%uMCBTrvW|-Faa4C`RRwKfNExu3 zuI;`llm4WxjJfTqvP-PA*pHfd7sx!1gRoCR{A?(-^n`vWd4O)Rui;iWsV=LpG|LP>6iU@; z^smSSKyYvAM=O(%4yN!cC^1kNsB7#sT&ODtpmqWQMkd@ZixRUdoYGM%vlcNzPS%Fw zr)0qw%m`=4)fuJcHpRlZP%X2<8J)tAGv{X^gJ{lioo@~YR>F;L#=d!iNN5y4 z3hjglMXibeA7Dc(RlFtS9Q6&BJkEn6gZk>|1NJ5lOkCelE>Jyb0Uw>4`bT@^EZnf) zhgFComr9l}ll=-`i`1OS@=IDj6B;2l%xFf#!A$Kf3rg87IBvmT3d&eHi|b&eX_BKr zFJ^wd8MM7KwB@|LvKbDlPRxk?&mrT&tIdf=W#Fh)Jv*P2=9zYWwOqN$Y)p|j!>2^# z=@5bXat24#2eeF+uXnaXa$|_2piZA#q#zMH3>cCd%VAxSp~wk@5TsKdlfzNE+AM`4 z6@5xSLA0oJ1x6*d)i$su5{g^LVxw-;JorMZdlPt>xglzk*6vP96TmJ!0ZRX*`ies~ zL^?4ktz;Wa2)lkJ7T9x8KijJ%E2L`95xQ2ve)-1@< zUaJ(-DFKLq)7vloC!-^G@a>eG*A<>GYM+HKCJbD-|99gA{2rY2Hv_Uv-?TFaLl4OT zbKojj9ZrCBl%Snlfr$ChGugmHLKFSZF=m)T5~&<>SUTRlOCc&guk=*?a&3bUTBoqA z6j~7;HbFucvKs0JTuza|_%^0%{wJFTB0wQY4d3k4GTp=UmbKetfsY|MgTc$hrly@P`F#Ho-19=;AV|6s?f7 zI%Y0kSE%Vs{M$cm&COoo3feh`wnHvxm_+Sd6T$Nxv0Yq5ym}icqV*b% z^4Aq6CEitu7jiKBp`9f5VsaGE0F8#!qBVNv)l1lI9JEm}XGn#FKy@)Edev6V( zR+`ZCEAO>S!0Ps2#ciyfF z7PbWnJH93}^Am*CkV44!$S#FI=9I1(tL0EYD7ac~Jpxeku3vwqN`j76t6{|{TugJo>B$-+K?_eVKO{z#IA=;E=P@1!FPDO{p9wo6h^!u(XoxDvw3;FF} zDwvk8FA;K+)a05oR_1+0_Dciu;?gi?t7n?Hu|Xiy9x+=QeA=+bmYFZb;nE*| z%|3Q>n{qI6@o{7qCFZ?XR87rMF{HiLP05*o2CDyN{wmpN9*3Dp+~PV}g2?gClH8cA zI}~MT|CvE?=YI`Zv)kn)*DoK8aO>3H@7^wq_R}g4Xgep(H!Lo?)b}>Do(PqQ_t@4X zt3fHU^tS{UHn?x5z6Z-&$jJackEw%dgD5KOHzslPy zqRP2;5eM(S)JD96Z{nW{8DX#|+xz4HN)y}=b{89G4gGNxVGQJ2PYJ59oY>k?JL z>3Lp8zLWLot(6ky7e~)V67}T3U4EvS@y}g;0O)z1TK)N>H`pcdXH;Mtj{%3KVW*3K zL6okx60UKT$^HS&9<1-NRM{IKd5A3HyPnZL;$QGHv4BpG%_KAnd*Ts`={4=1)@j^ zsS>&;27drQLA7HCV_fHHIyd63!6gr_HJF|43C!$&gnLmX;EgR!TcC3s$OD_Xjm8)5 zzXK9Qyq^!=IISF3*5LYA85;BN&mL2TUyyGnP@n{b#$#?v7VxWqEYzS`hwf*M+_lqV zz;F8IWZ&NTw~0!W=7#hsm6fn z!(W9km^2&wVN4=rhVpfKwT>^SR>i7>1xobXn~gWZf7_$dPVc>q9yJ zwscM14}oUjYkXxhQCaEKSIn&o8VL@K-SAZ#RvF81iP|GEtHHW?HF0`4vmf;UBlsAc z9F-`)KEWKrI7b<{?~M%?>8%%vtJPR)7U%#B`|CaZ{byBi#Ag{%jphKLSG#v=r0i^1 zUje>wo^=|JVNo zZ28Z^|Mh=@KmXI}i0ohg&;R#-{QrObyZ`O)?GtVNRW@Dm*S}EipHKfnpn6=lf1&)p z5G0+ZzrRgdEos00Jro<*1orpiw<(+A`_C~5grNTgg8vH&c`)%WltHNX4f-2F;pCs= z)2bN$twH>62sH4Y^fYgVZCvYrp)B|=4_ncJzhEelK&ZeWTvSr z!Xi@}a1R2Gl7FKF*!-VV$|xo7 zkod5z^3x)>@lGB)OLSAy=Lml4y8H`aCGfx53X9@*&_5LKIN~SPnX)jwC&%2XO(^~$ z{i%GrkHAk6-Sefa$g&)vuh$tzscrW#e?c>#&)9;JD5TAA^Z|z>qyR-}8KF1WvrGqh zEIB!?V9yO~g(&EQ20IM#R*w?H-P!Uj&})L0l;(R7>FTXUeWgtXUj*2Nk|(ZsiV;O zGZPw|#CoTRjdDKhymt)y2K^WxoJoIm^{KyI=aAsBg@(3b>*%@HR`cm*WPmT5Nza){J1hodG{lq z9L#6ok&__?f4N9}Xi~=H!-KPt^|q5Tf0!UW2tV@B#TpbYm4j6;WQ*~~JA%$doyktt zGx#ia7wdEzI23$gTZ`ST99Ar5u*2pD@ZR#CLbI?*TptaUua8RGqFQ4l zI1F?#>)Um!M9>}FA^|vx=p64`@>_cnyzw~!FHe6-W0Y;nM_;q`@ZM3!L;=xF> z38up`B{3hzPq5<>+%o{4#-KWOb}cbq+RZ+6K-?R zM2>h_whw33?(RcG$mx(0v(6tep!!RE?Ku%``5hppLsD>o1J~{S3|ILc=ZlD7)D>%Q z`{vaYu z{Hr|h_wMQem#u|D#Zo+CIViWwU*8egdB;$@&aINqX!a8VW;weN->%QZK(z2@z4RV4 zS_P$J6E({jce5K)7rN(T-Fv2!+`U}uqJX&xg(js5_KWx@F?sM=;Cb?bqU5ODr^Xb% z!p!gV@(#@}lNL7uHF;A+3uS&;CZuF|?sVDO ziDMFiu_d=BLz3?_e_~I)xRu>cAtsB@>mP%R^BqKrgDGc0I1pIpQHWw;or%N{D%|Xe zPm{YQM@XAn7I=R_Eh|;Bz`SKCwmQY|OfCdz_Iqr)Pr#d0CS5ti?$a_Uo!pNt)M!B0DD|-x*w!+z=plzgI)?MVvJ%TJD!FMp>gr z?gx;0RjLLlY3^AN&cyM+q2JG3xK(K);)-z}%o4ur2czUZ#Q{k23ZZXvIksGIpE8@XE;d|+;q zZx`LMOLbH4^Z|EjQpoX@7IqKvzG5KWLOaAFlMI<9I)#x@DV?NoMwiXc{+(Eny}4Jn z*h)cq)9ckz4dzwL)z9Rc+^crhL#e<=@{U;1J%z#${15nAHe>5K*zv{4=K#fH7umYz z*h(_Ae~jD_zg6K|JH-|}a2f_2k8|T=4CM!Q&h@P5ld10z(v3%FmOv+RHE3AXKF>F% z`lpw0!I%3U;juzH%Jg)dn$+h4_v>Y{*72uG_Y<`2d);+sPxLbcpphW=BUcy{lu+{6 zc#fQRkI;plIOHVtWNz7BBi6ekwSMuBmZu#Sd_p$(R$WZ2#o+xs|1}y%Du@j?KR;wr zHEnBGW_QZL;iPIdpf0L>%H_2mR73m^BAc_(vD@t;ny})Zd$46rQ}nubmUWZSIdMNM zaewq81Zf;?N{l)9%KA@fFrc02JUilpVK+N?uninCv^zHh(4;UF!WIr@ab?o(7x_qG z;V{=pqO?Q+9hb92#=)6zTxvnm@@cz5uG%hC!IuMc0CK_sKmIT5aaH7?V4jj4~ zItd(B^3Fs4iXPF^+1!xle8EJbA?_Bwr4}_>8^s3A@3+jllDE z=6NHZ!t$7Jeq$SfPlS}Wtg_h(C-2I)o{+soF+p*+e_Nt~ap0}R-3P-|iAv_ONJ)A= zt#yEf8&Of|kHVlm2+!-a6`_c=UtDCLE}yZi3g^zSKr>)R{rx>$A)C&({eUex^y&8A z@G-Mo_-LH^!Qi6th=y*U){&%r2bHo(LuoQnZg6C!Gbw^Ze0+xGqL!2WzbZCbSD%Nl^DqbW)Wt2KS3mX<0~O=NJ+KT#M6`*WBYqhJaLbK?Ep+CZ1qXsMy~3D+Tw zc-&{<(Cq%$@caP|9{?Q~H0>~5D#6w>$vUX)z`|JdvONjXcmjmh&)fEHI#xUZf4&%p@V9XJMOi>)?oi~ z!@ztHi#L|fDD7x15GY)6Zu0S%&u@Re&+6HNBY=oAaMFSD6~;|oaqyIyevtTU8IRjE zkm%}mCy)|V@;y_`EvhjMaLlX*N3Yu)5Mz#3@2BRvsUK|4DOm;{hDEobXC1){S90s* z!ee_DBii+DLLB*W+UwdkaF}0HUGGy!cU&MA~Y!W~ObQ@5iFMQeasY2gnrQ|-tW4{CO z>O4C?xNs3t-%mE_;Wys`%vh|$cST(b(|PIU4PYs3p;D^c65g!b1#CsGsq`MDY}cAS zwLGutxamvpHrCVMssg3U7IjZ70Tel%ejm^}(WagM!Bp2@`TTtPNzU3j8TJ^2AlhL# zZK;T_5a@?}lIPcZ;dlraKdzFy&I^7*iT}!;=@U+4sb;*aaAL-p#dZq zB)o3WWlBjmFIH7(RYxF*0m%*U~kqr@P-gCUaj_a zA!vtaGO28cYI&0VSiJ*P0>AuvP8-ZT=j~q6HUI(uy$s%DI^e$7im{8@NTrB33gYnh zzMZ(*aOLb;%-nMp`3srU$2G|XryLy?X_1p2OjxVZ=vupifG2pu!n=1|1^`Fks*4E> zGUG4Lp116taixhgTyum7*NvP|zp)uVDumK5Q`My1ED7NTOsnn5#3vv7ODRUap`r*Z z@{41ct5QMM{CYEUxB;?DyFL*_>NG^Isr<2DxQbyK$a>i*zji6dlSe~HLQLQ1x8y+% z3}l?#1OD~~7Y<^pB4EeO)j#!CKQAhTFK{uCb_n8ifB@~_AN~y(g4o-2;^2&B!ShVo zAc>u{9#7_aB5>Wa-Q*km5K?^mCF^lgkH1*bL&*BjtWG43=|vpGT6aJx(;5KagheUx z+Zasx%1~%AWuD>oE^aIreWS%;J}!pLkh(Q&7c^7lHyQS2@T^Wl9r77Xu7;oUO6U&r%z2vK=EFIx!e!qs@Hp?$@6L#uT+O8ZG8ZGwKcH=IPcs zrgg!StL40weMOKtmNY9E;Nu?$ATONhkoQ{DbNnp={aX&ViqV0#!Ne9f%5^z-C zEl+HW zc1iTXF*BZp;yH&hykO)aa;nh|Zlitia~vpEY+7}k=U1()CNO)p2pD_5KJTn-LP9#8 zbp;3}Q?Y|>&O0Uw=Vd;%gZb<01Fwtp z_RiOr@9{hrU>R2AvhMnPg1i-X9UJdZaTG8q6y@( zNgNDPY++9VKWr$+PAT9g`Q?4&UrTY1r0dkdNEOQ=p3Bd?A&#+Po*D@t++*vI_v`6- zHuVf5VbG2_$!#k-0Ljq1K7_zwHWyJ^33vvfaZY*l?JVSr>o~% z<$UO37}(C|&CixK{iTONjBZ#WIs?JVZ%`udCZ@hCBkn^wQ24xN<2#o!zz{npaLRFf zPThjWVvTB~gVYQJDvrqWNE>ITtomHPIh)BJVS75R3XFzmD!xmxB zx*hP|jl6AwV2p_E(vX)Y6amD10bMOnv&=^w%5Xow>%?(VIP$Dblw|AyPhcU>#}wDo zo`FKK%aY7~9+8Zzc@x|c$1^B$@cv?~G# z^)*6lPLJjJlwxha=IKhmahbiA@eZ{KGjThmeATrc<7VAqoW)L&z$gpCv?4RK<+EwB z55JSgws%bw@T+9Dy54*$_2{Wpi|wDzQ%^O?Rmv4#TJNq0#wYnV>nTS@mfiMxGnAF( zuU|0pWOE(R6v}Jl3a2k=mkA@b1^@`)xee6SSn~*`qzs#G$@D|`GFMv zBPPkju|{k9ETWR;Yl%`(tSAj*ssLrx5!3m&DD$WR_OUAkhxY~t#8hMbjL_EH4Cw2I zJ}4_lK;MMgm{k54;Fi zb!FdVyYz(NnZk^1s1~QsB*0pj`}>wG;12RLaqII(t?V0he`<`%EK%2dtR_ai6s;3( z7%Gx6_7(Ti1?+1r0E&&J66;V;s)4p5sEW3aA{5{?{d54zf?D&sa$I-MdiESmn2X^gY0rPkVk$!**cGPL9L+a!y}= zS-x?SuP?|Wh(iLj4?*+I;LTf`^7Hi;`7!ADO;W5KB<~u!en7N~nCG?2TnnFwflWP> zsLr@ZBhjBr@rkU}1wI{0B<1j57YqwRi(Y!GXpaZFGxJ#K4?FeUj2mD*p55}hB-gaaEpaWB*P}8Y0C;I(^|m4(h{$-$ zFXZLm_;^p0ax5H`7VD`#qKrBUMXR_pa)T6g|UXOJK6{{_B1r6e^3=u1L~i~yOh^;KU72C^7;vQc!EjAndSQ82`Yjw9{*#2 z;3QZ#AQ*(2Re#?`E;gD%2ZT?=dI^(cCk=vmg+)*V>4ZktYbzjX-Iv9ZABY7dc z)@FSGD36&Q36P^O>?VE(5WQq~$*E~Olk%8XLfq+rvJC&r&(blXH8{jypIDE{ zM=9e3PPFKjRKOla+3}mO zw1udXnoFJmuSWoeQ<&%5i0v()X?}#nuK|e^l8b6E+7Q5KLfag5*8?mikM?8JG%&*g zq+VT%xquwdKD{dMstGec6qKGAKz=WK)mkoqrYeKP>Iu>T&y?j(ZcD~QX5IOl!BID>gb^A|KliUGrQn-qJ-`>tYKumlhSas#Cy09cK@BY-QDJL1npmiA`vI4jcDiW|*)s?+~e zX4LGs#nw(HrvByyZ{*>JL6s2l60$XIgytd|kL zL2O1Fcwji8zp_upS#jA|^nsYG@4@9jxFb*dHn-TL<4INY#JA+@LLCSzfC^LL)M0cy zSh% zrljV)#?c=H_Z-)gud5mJsQbvj3fq1&qt_j~FRc(3QwBU*r^PKY`>ZEi6^kFm!+b3V z)C9!K?Zq%H;?9TB;TZQYr|*Lz-Pg(L&SOLBBLyh0-qglLp+!9o%*ERwN+~oY_?(VS zx<~!t9zm~@vzc7t2{v&$V*Dys`i|AQE zHE6!bK?@n>ao#i(`VoPO%D4+CW%&5?lr$wBGhQg)qspvK#4of4T9Ma_c`NHg&?-tP z#bt=_KkS^9FKkHFi%@?$gF2)fQok>3Mp1h5)aXax<+pfL)F=T% z3rL5$Fs{|6nNZlk2&8=T0j@L+CWNVe!_yiC1M`?wX-(+(aS1#GU9Lljl$$%0jQd$z zWuT``*GAP@K5r7{@!Rt&YEpko6+~qN(J&t`fc0&!eLg z%@J=lIF`P~EN!Vz9AY(fQ-lGMSt|zxiL`HW#NqVQKUc0`<9gmd7jer6-vi!lNSR#q z1^xu?40`D{gjJE%ZqG*61tS<~t15YW;o7?MM zDZBySK<))-*Y5{y)H>RK$`^2&p~69vwm!T;evaZz?PwR2$$Kw9U=1*#(x2pjxme$@ zFI=}4raYbCIisyb8`N+*;90j?&VkZ z^q`0$^efjYv6N+n;2%S~Qo&4<#2I>8J6ysCJq2q327d#46l5(eMG)qXvdl^i>D^Ki z;_XxE>P)35h>{P2Y$=TzQOt;XqwSya(~L)!S9-n=wn9*ZohODt~??uB()SY2ol2^|zISK|CyjTXTfRY#3 zfSy_v?1Evq$ljXkn-0fH&bPz#g?*LLkyO|3*cd~ZvE_EM&|`Mqnae&hoqF9r%y^|P3-LK@Z0EM>VVq&I~#5! zNL)(;=>=P!6<54=L>p3jwtewA_+49G=3tPm_&p?7bhZU&3KnpDJfdx?>}d{;H8fif zAj)D>dbrhoITS!8%Qt!*&P%ochbZ)7R(sw3rTS7+<}RdX#Irw~5FSvb4=-TO*i>q@ zq`ln}v+(QXjM^%=h17$ufjn3I&FfiS!%<*0SMbS>3;I#)OU=svX;)b+=qvbxA&!JFFjm<5>7*=;+@cL~O~KAmgnC%M4iUkoZmMk_oU3FSU(crHS8O#IdGgr)u1&T^J2-!@=-_!8eJM{>!A z`=~X@2k0Aeih(X!&s7;ZYa87(1?d!_q$94GbTI$Nu~5?}BK?a8)&g#437*M+!NDf} z7!C-5`ghnCs3t^|SQ_F$bi>&uku{0f<}-bKa#Wx2=6H+tELYf>PW~1^APZ%pWZaiF zg?*{>>nOu^M1h(jelnEOY3t*E4Fd;`{)E*Xdkw=VwMqe`dSuQWBea8a88nu9lP{XEcc=~780mxK--iR#PaMv7f;ZuPQD8%T>~P{7({O9iSbz{@H4C`xij zo^Aesf>T(H96m1;Z_(qXVVs}cXw3ZvQl`y(XKor^!=x=*7Y%Cht(+En&#JszR_EWt-nd#c00JPi zTTRw7Q5_}tDa<*n!P=lYD$$YrqZ*Ds)OSn`25BB@C-9v{^wz$Q7F(%9a(GRv{HptVw%e#s=A&%QZFt>$Y zLwrZT;n1i_>fn-ZOp8}a`Q=su;v+z2!YClifvp(OVah;-K_DucDH^~LL3Dlqv&bs; zKtQnp`u96(Fkm?Y&hh$iDkDvw8`WJnQzO^#JC~R_nm2rA?K`>dqW|(ZxP7@f$i6ep z)aGdkX$w%sgizO)im`xAKRW?Is8>SVy50gA-35wkJ3#!?I-Y1iYk(%?Y; zyTlAIY5|Seo3+rk)1rhJi~=J@?Tu7|7wyDypV|+3n_n*vyLEwF&!o*M zksD9KAtXZdbKTB_NMC~{C`{+}X%xRSYAFqU-8nsnu^R$6rp2j2qA+?#3KNgffMztd z31-lp9vXh!R0{0Ykd-E5F7Z>J&8P8mE2832NM2$EaT1?fuJoIGSASc}fD5k-kj;Ky z0(VnpP}U?9vdN2vAgRv)NT{n(&6Q*WjvHU18j~qOB3wTC%G%lt^x|r+#RtYF%-0L> zBpx@;5V7qCD|nQ`d-BAK*du&d`T6$9LB{?fe+lma&Eb~DB}Pq`fQ*MtHx!5f#W+fS zm)Bn~LE#&bfQ)CdA5~tToqpk7;cL^1^UCLzq@|bjEpw;!18|uDu+_=(7v z-Mv}6fSAtq;;>z!VLrZDQ0P7!uid=2jsvz+s@3zr(+Hb8`pq@n5i%xUz6C`(u<-$$ z3#7b_gI8!WROuM}F`hsck;mGV$6wCg=f2~}S$@zT>3V*8RDz^u>kAuB=9Zf#*?g6d^`}p1Mh-z? zB-uX0r@+)&_FmTsEpmwkJFt<3d&+JcaxkA*e7=z~seh%Gr70gr|EJ7nnoX1oN zS%D4&443eW5OXT7+VyqYK!JYMON}Fn4axnau5SR5;Hra*?KK)Eoncu%d6$vc2(_vm zo&fk{Sga6l8#S5YEWw}&lU_t1vzy>V3@$`FLg`ip8#-zU+Dx^f1R!zL%f&>Ks|Lgh z>v^$Q=9n}7e)5Es^9+>IpqX1-Kg+N4&tpMZz^#KEz}UO_%`qw1_~6{K1TW$`;Ldlq zUV)bD1L-Smv2HU%ChjE4v+=W8QzL5BRxu+yBCoB6sEGr` zK466^-HKrXh$$9wDP`4-=?&;8$C4L2z_bRhXJvne38imb|M`L{Gdj?C{V8JN{xz^c zuvFpuU@5yi^8#q9TX^SzB4QJFjZW1|5a3eBlR5yJP;8viZfIL|=qVsI=$+$?B0bE& z8RY;aTJ}i<-zzH<^gs z;43INzw>%o`m24D9$tgBweE#H`sT!kRKNML_58pLeLRbWMuQqeG4zMK%2P%C#0|K8 zaF!1091gc2BxE=>(08X<1lpGD>XEth{Pu&BF-8(@S0VDv%*BOq{Hn9mWSF6Zbrl zD_{*T9q8c>uVZdQl)!?HPTL;qkNZ0aMYb>!h{A^NCVOZ@yto6Za-y$F0WjDC12b6T zCTIFGL1yuQ%sAFQObY?ALW7DiUkf!b1Xclh@OkB!XrrUz^g)OR8%+!WHMJ(nj2iVA zWym7cTa=}X;HXWX4{nQ*W=}Szfl`*%jk|$^613QBkVwF0LT^CMUxaW=43d*Lp3P zDg!taKJp3p6>tMjF79@W>Sqk07ml8-RG`;If3p~_!7we%<=ayt=;6p90jIt9{1t$f zRAcdZ$s{mBs-ILWAP*=I)H_b4c%L!T zS0yK^i`7+!S%Km1fw%bv`WGOS1}#iohf9MQcdfqxJU~>uJ{Y8Cw^4W8c4t zM_ur`*v7S<1D<*?enQ#U2lxZFMmY7l6=GM22gU@xb~Y0oH%k?8A_L+nKS&e?`B{(^ z&2+9Zu;<#R#w@xMYA^t`KN#`>@rOphg;$KLHx_d|8t~q%G@lC-YT|e*UPAkHkUs9< zJ}zsP+wdlSGi0U)!tgf*w~+M(JWW*uK@CSbScet_zeQc!6C5{6-IsDbGuuhVM<9%y z5m*C|{Ee~!VdsiV2uVA?ovNABK2WUEg-QBO9_vkoY6`XWZv+bv+wrp@4s0HLyAMZs zUoZX5HsJk)y?}T$1Coy9jJbvyjo*}m&6%4iJkaH^l7RW&K>9WCclw2p3WGHcHLcCw zvmQR(rdrn*HVwtveO{?E4?scw1Nwt|&ls)H_gNI@QQ?QRg*$LZbkp&|89h13#oykK zYO10Dx$dxDyt1s`N)@nbHi!9nas9{g)q$Mng|l_m4(-_dlB)>T+7x6z0Di*6A--LI z+ZO$zT4|eFsJ>3rZl<9*r}mbsgfYa=JfSe@6HeFA;Y9yIL1w_S2z&D9?6)Enz^bozk_JT^MPTt47!z!Tke!fzCZG)R9q=;IG7b1@UCJqs zv;;jAo(()$=y!yf`lZ3boS|bl3;|iz!GA0X6ja`oMuIItKQsl(ddG!})7=YX+aZ|m zp6{D7nd1u@!HWYGqT7i$8Ax~}Fo)Qna|68kDLA>h{p|jt4xf0dU{)Bfm^a%P2_>qz z{JK~mPmc!?A7-E_q=iVJKTzlN!2Ccp8oYr;dpjFTVaR@rS||WElJ>^a9-0OWHHQ6R ztc9{A!1}w1ejqzyc~*)giE@xK5P&+GjPHjBa#2isql~rNjT(5GmSLaLLb(&Ds2_c> zuun4+V_6+teEE|zRG==)Hk{0L-fxvK$-{#yVaPXcw%o=Y3zM4wFO4+5gqbKVma!o3#=_IIG{wxqoxwQHpd6W z7#3M`4U`)ESs#D0i2c$q=w?4z!iqu^wFmaJekw7bz~o7UFkb-W_kKsl7XT zB<}_bZ z0pv60{f#ytXUy0Y(c+N?QY;(5!1uI+ETNe$zwPLPZ*{>BFMxKttbog6SC;~j&mW+4 zaKKp_a{7HU$&5EytCEUy+!PM1?(_i+R5*--u-`r^fGg*1r!@xX)5km=^P%Mu$}+g6 zS%%OfgViR@y6hS%a8fYQ8umTI`vaFZSQCLrVHAcmC}U-{>wh%8NR;KaGir-bC62TF zjiDa}Gke;(zWuC1I^Bn`j)KBS<#0dhz4_oZH^5`iu%Omp-Hr?ck%cd88i|fYAwTEf z;Z*;enRJc>Afn!&Ia{@9Oxl^k*m_i2HG!=y_aj0p?RKn^Du>n;-l z9Ty`=yt(pYb-jbPpgOco@~mdfrcoXc475-w)hc3t1+G5&d2)M*;0UVGvq&Uixzv9i z2-m`22o+ zCVOzrwAM6z>Gjh_ROdq+DE?~9$YKk`Q+C+Aema>!g2(cXR69@pb~|WJ0f^qpu9E}H z9N{@5_QyWMN|I_jMOV>$?O+SuDFf=!TL46(?gloApwn24c`*rG@hilZfirpzK&2d9M}R;HeLu@A1fM}k zn|g4W!t6lQ`R`eLtq1l7L>@Hej#sb-Be8y~ja1*A*}=+1W=xfnMxvtDzXJmIKxt^G z&y!38SU*tv^HCg?Cgth`#UAzpMR(?j!J`>Yhx=;OWl=DQ!hV{o{czg(TOv9|fK2D) zWQEvT?TZ{C0g{OoEIbBx2hQ9P(tpQ8bAOs_2x9vznNh)v^Q7?Bi_@Cn+!CXN$c2<)lRKcW>gOKXogEAr?715Ow*F7*%1JsJl0KuH5# zxbpz4$^z-?OU-3qZK!844`b4d9&3KDfBd)XnE^D3%%?G2{5f`f+I<xHn3Qbq zwdCtw1r%<0tOlWz6>QL6eiZM-TN_;dad|>xezas;4ZLoA{2s5IU(rD#x|5vWJy<>W zu~o;>j|`x~w8px9+hoP2ulBi#SrvH<)d`?sS6>F#iYdX?;U37TaQKr`5l{(XWX?5u zVrK@(nZXnbF`Jz_v(n(y_ETb1+m;F2>5yBk(k^P?^wN~(PfvWLr)UQ3MZ1~g%n4*0 zk?7!hMDBK^CZnL-senuXOF=}U<=72=?m!7**>fGXjy}7a2Az|D9|;MK@rC7&crcY^ z?=-{#a3i4QSmw-6>n5PhgTNYPGMV2#@_`QV_tO$SNVE&|7YjHf7P<)RE}v76Db_uo zWf8ZS&p=sGlpja@z1_V5CZ0v`7N}LgzzFZuZ({I^8G@%cfU**Thsv$Gei4RI^OjrvVM^aRGiPQV6i!WPGQdbjerXM?(aPKDWm-~j)%ez*klGy6QKqTUazuuj^-YY3OB zTImAg4Q_aMU@QZnKuC?-GeYSix$}eLkkw%YUomU*5B9Zvn=d0E&XBb;S+yF9fjBa2 z{U6ba1ILDc>O#;ud7Tpfr$MhScw(OhPHTZQAC4u~Eu-?HKgT7p%^28t13i|3MQTlkG??MOjK8in* z|A09NmPHqF))|g;R_Zu+`+X8tq3NIZ=W+y8E%F(E#+|%UEnE&N|Rae zYYr5DGNI{$fB_u{1%AIGWmrG@!XSvU61LTl)MUB3fMI5Re&p_Y`xeBW$xXFF-*0i! zdv5}W-JmuyLKX-?F)Fq+ul_QkRxOJvc5xB9gF<>7EAt@p+c^=^c$k6YR%(d;^UlT%tS47G8VLTF_CQmwL#qO; z=FY2j@T+R*VSC*8+d_-!ShQ*9Aw(VZXyGBoUY@g0JhRk?Z~PeRaNb4uD7EVO)d(gu z3*^7ANgX~aM;y^JT4E47sHncT0w%C9q{n%H%8;Q)5WeEybv$TT?e&5DfE#7$3M{;- zr_r@Rk)DKAtVZFU7�}Nk8r`P^&dciDP!X)WI*CRBHnIA<@h3TiT-Knu~&M8-9^gP;c>?6cYk`s+Z1S zvtjW-$>@vVmm5fI04a{Ztf{Cn`L1M-XOVhEE4-O2DOkw+A^sal*R|y+5<`E993H_W zlQEe$V{$MV3|~K@=bYZzZU>B^s-%)`DB;xZu@7kUJLK(${JB;VUEQ4=Lvkin`Jvi? z7)yS@v*M`lyFdoVq<5=nLcRYQSWiPgc_e?Yf(hpwR<-rLt?f(re z;+z`@XHP2@C2p18o$Mz(k2~B}zwZ*_efIfN0|F>&;MB!E9X@sA7OwF9h*`T{UrDwgLf=-CCcEf%}*%wH(o5*su&lJSJ<0l$#hM29GbBeQUN{M8;OJd zodi@+>s`r{O9KX7u951NmjqxRpqIIzIE{2l=MB=G?8m^@`4pYsr}(5CR}H+kTK#Q{ z``Q?^X3_f#z{`FYbcA<{lgghlnSAWTKRX!Ek8cES`d#`dH0S{F?|l)!=GE{*IY#{? zmEZH~kIlzJMqmLQN~Fu@2(tMfY{T$(_vkIw_{xSx)NShrML7J{&y)4mVvVNvtMGg- zt+ijWso%ECtfNxPBM%;mV0!H1y`y~IYaIR{hQoXSYXtD>{DChWUco0@O1?!UxhjBM zd1zI84DpKuwSiCgLa|5j;dNqR%zdIOhH`*Bf*g!Od%KeXuNx(yuPJi%6X6~nB)if} z{4G?+E7cMeKkAuNpQ74cZ20v}vw{)|kKopRPo|*Rnd})hfVZ1$lMs&gczHxne}|u& zhXt!<_f>}4P9$gFfnCt#(02ToYInAID5ro$O{ciCWd@e6VWXoFB{B;L!UUUz!sG@z(nv4 z$S59$6+Oj!Qye;uWDg9z!!3RHhHpM!?_Rg{px1x>| zxeDxgfZ~9ASk2Dcz!Y79R@e5uV+GtSQ1dt)S5Bqs^~W;cn~JL-xInpL21NplbyUv{ zwXV35Sjdl%DoOb0FQ?-igp`rCbWH~pArvA$2prMvqa*GW32Hbzz{E?XFQ56Nf+p1+ z`6=yQX4zlme(6UL9F{kvMUmXYY|XT~{CEr&Did=;F~wG5Jfw>(jG0}`X!|D?L7y_I z5TS5zDbI_MWvhDv$gt*&0!A*7cz!G^gQGcrbRB+6lZ*py+pz@)9;*6BNZ5qQ+?l?T z;^jo*0jX_Zth&j{m@aeK6>cV$Hb%g_2JwNWWlJ2fyT^Bya8C%Cg?&H#e14 zsv$tf9Ma7=2k7j3e~GeW%xw25hCsl0Dgc6F8+ya35uXtWx4)On@l*Uxe5Il3N1SxS zg=cV+?@f`R7T40)0qH3hH5bw>MZyCT1fH4g0Wuef-KslZur7dP1c7gWUP6W6Ir)8k z+0)4HGVBPyuk_;~ZLeUvzZ7e~$i}{_ozgydE<94!P|8e5_LGO+aq|3!Gfv5b0;zpR zxoFR}AI{#W4=LXNYMZNI`osVIvqS;+j)tf1D5l&~4`{rgMD-l=bo_r$?yZ2eLBh;u zs};i^@Wa?P_J!5VLhP5q+2)-$z)!>z=I`DG{ATfQ)(%bNt(@s1k#_1Hma zX@xH-?fCsn2wy^C|Ay1J4mrrZ!QZe8J3h!E=2;!?IB{Pu@>chg)~`a|)1d%eo(i3# zNccUWD;6n26WQi{S!j}Vm&^Q|***~CY{Nr;N6$5&df%rtFamR5`RAV|9&nA|cR0D` zu&6dXzR!3t>?!onY-lQw=7I+xm3WM?809a$6vI1x^FR=b+fmVVh-Zr& zhL28iV7z}hA0V*ZbmgD_`xL{A+UCuhiMAToLM5h{7xD_oxM)sim7@p}=Hwk7;yH{ahR z_fG%>SJ_g`4Vw|To^RcQ$Szk2y8A-IA(MV3q&HCk@BDCPQREXz1+X|?9?ey6iD>x& zWFnHzZXurxYxo}U^^R|0_Kg_mcvXQ_H2|0%0Y9Lf@X80&tZHK3V+cOV*=v9;H7los zLgcQ)(?-j{zZvt1Wm(zQnn7xl7A#60{)ihF^;Qa_IJC^dt`#_`;(eaq^C$I6J%#+k z%NL`D!t}kieI*ge9N;cJrRBan4@%EFC?&I>!d91Z)~A>#;c*y1JQh;|w19GZ{yYmC zGD{ePaDzeqrM~X07Mdny9OvE$f;ysR@!R6%%8j>>V7~-l!CXr@L92IneVk`DM8SA& z!5X4zMg!(4L-m-CXqSy70VnCvNN_EM4ml;|`!4u~ENVAfp1-%AjO}N@=&Wnpv==OU z-XeZ>p7#YW%N9uHxU3#z(HFFBc3}Bq6|jR7IcaCL!#e>NM-~nwu_w(?RPIHNido~I zv=VHt?q~R8UybGIC^$5xQCNmMjeNFQmIe<_GbIAs(#HlE?EVG%m)ZKbC--$qD3*1G zqLsj>u1g_l7ycgYDpxKGzsLKFUvVdltOeKg*#_*lLQnqrN|u2!uNRy?P~d{ZSo+zf zysM+gbA8^MxY(8io{a|(M%w8GDN6}w@8Qln@MM06m->xc8TneiqA0I4L@S(_cC+4M zc)>593TF}AvMk4 zEz+1G?9A^{Ms0N0qc@o$%F1i;^CIfn>dS)+0FM?0gr4PYs3O2^FAR=U%^0@%Y8n`T z4NIZC#xVf#*U=L`0oJHahYluxzL7b?VBMnm&V$FjJ9z>6os)^G6~XETBa8Mx6<|;b z0Q-pz==5Dk|5dOAo-6-K<+rpFFM_@tCTp0kKvMq1(Fe7!1o4wl5{vs`K^`~kEXhF>@31rv}5 zH1EFY01Iy2t$C|Jo|)if1(RqxU;O&-sQq5ckkU1C?krG!by`Bv)|cJkPHG=y(xMAQ zXbJY1lEl4A(0%BVezVQydqzz7x{t=x$)fIQDo5cl^g~~kV$5Eh9qaC6lC%^?et_z2HnoY}^=jFTH}`Xbu{*Kd6*)3G^tA`TOu+Oc%@UmE(+_cq;Z8kcaOxwcNM-jq-c3_1TxWFXdbm z5(98xfvQ186(kkr(9~T4W>&imMGE2>+uOYJ3JM3{SW-E!;w=o5kV?fR0-~>Vtxo42 zTz)>$7}~qQROFQ4@zLj51<-iWF>erm`yL&r*TUt2-3S~@McSekKFA*4`?Cb8?Wu3% zJERnN!wP`Ub$q$k#+Sn~-BXAmv{HDfgxO2{oL{EQ5+AA`!vzKIs%CfnV?2-X#)aNX zq!1>LXiwN!zcaS-H`M!mQ7z3yXZ~}QRqVg6Y-;u*;sh6icQDA2QAQ;|<8+|VR(VkP zYPfe6@`PvcyeKN!exmn1f*%=_T8S=6*{9IN6QJv)4?4L9lro<%(|96o=!8NdJ{q^5 z5fbm;y*2*P_lRc$5A<1J-tqaTf$WHWg@e|=s!KDUe$9aJpmENyvArIT%9g!PgCxLQ z4*l_)u;Z?bCL9FXp*_zf(EHs4N_>Jw0o|{CMruBkKrYXOR~SD1u{J}so?r5D3mHpz zcym^y7I8k#wG6PchL^49k}ib~q8ax4+q2`rA4QWBtd^NraIeesQ33%{7_l*?SLBqOD6XafrxS^Lhy5BA_2{2-#Vj$*86v# zjddpZ@!%I+s2XglP#C%Xje8-bHS8Xo8@Y^?^(i*;Ve-i5?Ll)Fl(lT9xMqP4h_%YeH6$P= zDeGZ++X1pWl}!bD5gdR@!fvVs)?ttBgYG3TXl^zRySUYKtK<%gi%d~kqC#sQk5QA|H;@p7`NE4$ zyqy{#wBUE3W@ph*lXupAp9?O$@Mv;iEFVLXK)>i-+6d+(pv7D`$vv03y8fxH|JRLS z0#Ae8j^uNI%~#&!oy;Df(>cQ4G7%N?c-g>=!$)3NQ;L6<{y1s{jM&=Jq~!y=6Ba7Y z)cJl1HtHry=42p|*v*1Qnh^Q6Yh~+GW*B9E+&4vOKZL_J`tZXJmyYkn6T83YIL%r7 zQ>BM}oJX_C)uTvQ19Y%5=oj)%N~@s+t>&3F$>W!d&=wwl_z4oJP*kJ11rF2a->YJK zw&iK#c|wMBsb*bhYKc@!d0`;c!dg^%Sw;6t$FwH^ z5rD<&sl!l)*Wva3YSsDzkMg|lGtc(`F18`Nq=ybD0-@<^fIX-V{PU<}?*z;)`vo+M zdfzEvUQeK3p+hR+R@L8Ddh&J_>v<3;WS5G%6Jb~rdEs4LLQ|1`LPz~Aqz=5ot^_u$ zn}Q&8;qKolrWu*I*PTxQ8Yb9S$}iET$5)C#7yEMpo=dO}nJ&c-$XAJ_gl4E8K9hy! zUo1{n)#4^ZtZI?I7t5McjjBHvm!ZciIyS$aZ4C|$WOUqLJ^jPvx|%XMb5B30RRG-Fw-1fVj6T^Xey04dB1AQn(l*WCH*r?SlkySQR0z;<5`=Hh=<1az?DVVAch=h{KS1<> z_j0jReVO!%bG!t>%J*Vrf&T_37!GS73011-{_<`C|4N4FtO}n+f9+f8NMgPlp1w2V z>|$pDs2#qzc*Uii8jg1!h}miYnS|zza8q?)noEb3yy~o2*%-s9w2GP|0x_pUoH)9^ zU}hp1YFYHpPrSx&tLI1khB!v)*ytno#Qxy3^_ozXWw1Kkoedi!ZQ_dQG?ZI(cG=4Vx94Ujc>%$_zy`Yij_ z00TKeL0M+0$mC9mmw+kkG9MjzS|8ahC?^gx{gK2&+P!Q9woP;N7PRG z>IE_b3A%N&2|J)E(L(5Q`uR7lC*5BJ&`qTckV?hH}^|zKqaiw`2^L?R%KCgv14!ZR!0IpQTr6__a2TGU96puZ= z)0p`KvCQ0}HHv`mA+ari`*k&INvY}&6ZpZfBzvrj`{Lj}=Jy^x9&-=S zPj+?b5sSR25vEHd&W&2;&3z7SM|N@deSo^sy_9`h5Ll!q3(A2b^t4kl)r@WD)7^Nr zX!>Ft%qHei&&XpsrV;r7FSw7+Un@K^^I`(r@jz#9FZ(5;oNccOnW%!se7_^hn^>rb z=9X#L3ozHM4kt{Qmylv)c9~^i!mq%uuv&tGrBj+wv*0!?Y<(9o))8b9grlYtZuV79 znAa{IXcEhHJfSw1-B97PJPYg2;wWSraDj0FSfZtZY6EZHX^mB3mWK>cn*g0SvgWIj zzK1K|kwLqS!J%Q)QmL8hvViX8h-o^FA{=z^9?uDvy3IMBjjWE2I73@-{oc_GFD;bK zD|~y4peotkIqSExo)^U7Q=*v%3X;h1m_?C*(a6@LMR zNyq=5pzlJ+d~}c32Mt`DCcl}eLp21CZk23!L7K(;Z2?uEt|KT$BJ zixJNpRo4%FQ7vi&>D=eNsMA^VWwYIUl7i5=Y)<|xXmw4s9WFv9eqtyF-rpqHKXYi| z+Hd5%G(31K_nP94f{b<{%b>}h&e00LZHERM>VlP|7mm~f7oY0)|E36gy6kCNTQR^t%sT~A4lzd5dg#0Ljw~D zqshIacmk#6PCF@(0pB*yL8ZdQJD)WO>~WV)djEO=6zODSL=d&+Y;~pd`yrIu z(Lzq>7~;2G5pNS52oEoje{bVzeA?9q43v-Zn5sW9Spzzft?soChOBlAuaI(KG*sG4 z7V3)npx_@fF4)P5-Gw-{@cob;`St^K$VOaXRPy0{Dzk#OGHSe=Cy1+lzg=B7AL-*) zpGbg@-ZP0xd`<~*P$I`K zSI1tUL~ZI1dQ2_a-T=1x@Q6cok-Mzy*vT2(^^k`Pg3LnRhTdE9?2HKAs|T%n3U($E z%Yq>WV|rKcB1)heTg?xe6wnF4o0AW=erl^ceSLJPh+!kI>SKJ&5?RnhN=_AW4_oDc zGNVHOfbYq`T_Tr=-NSo!v?hwE+9i%f51SR``XK#&e(PlSV3IFWDfR zmjIho0a(_NTUcg zcxdE*+Oe>*JwtzQODs#&XhT$9iB2+$rV7(e^$ybjJMEz5dplTlVOZWZ$m(&~&nT3}0eYiXDw{F{cz7kGj5r|%Wiw}$@( z9fWRzfRg2)$)*vm=#rj;hhJoIs2^xz^<}>@)BGB%&>_19&Mq%1?EZGRLU4&Fe@UEY zy;A@K2hGMmD<~fjszlYp#6?mZV%MWR<7b-G?-BbcZ?J8E z735CQtP-$Rc3^|lDj$q`te40*oVJcK&{ST0m7S`|Q5M|4?g5k!}F9q%^#3zrk<6CkD7I=_qWbRvvuE+@rUN8VN>iqT&)6|j|E zN)IKZGrvAb13(*;CB;}G4mb)_a`8h0uJN5!4U$P4s1LRQ&zdG>h|wP41r`gOsi1Y> z4blRd*R+v?0vS-Q2c{sL$h8CYG{*Kstl%Kuf3rG^D-4b^+B<$&)AJ1 z#7I@hGbo~{(Y#k89HYM6dvX8b^2$ZTM>H1B%SaoSrXxFFMLIoin=G)=sjxm@o!@w+ z=`!N5tPRK1xqvgY``=%Ej=}j^BA^DoWg+4h6LPfz_$k$ z+KH26{RxHJPs&9;2zL~pE)FcemgnTJBG)Dr+5YvcB@`cV%V z>*}GFi~PxSF&Wn(Q1OJ`J(@}uxbDD7-|06XlxQe|(N`&ZQP*K0R5G4K5)*AbuS!}e zehlSKG9nj^fBfvLrOfFHWshvhZ_~{y$OX^0xfftUm+PsrxG0=4dZ#QhB?kJu@1?O% zO`#cd9Ci;%YV{GzQs|mWiXy3YiI8Bg@O7kG#2{rCFB~LQI%$GzNjmU=5eg{PoUi^k zEuidf{^Y5CIo^xKAX5tniyoNi>{av(btcAQ=b1pQM)I?;^e`~J5MKJ5>qrbU9C#UwfdTvLl~J;^hy{ zskl+m7v6ya;_K`A7i5iJ)F4p=?#jLV2=|hAha&JZ;+FdhGugEB;d27vEFVCz!YDz# z7ETVIzRIE@+MV0C&j*}X%%Zx! z=AdoMYTr5}(q#j!kW>5?9t6RAfOn$hOlnbOpzD_LItE}h6pESOBt$GxX}uBJ`q?IL zUl5Hh=sHi1E)r+jYrfHE380l+Sfef6ic`F$uB~>b=0;iW)yQv!V+{i28~A%AsHB>I zpKS^23{fq50TwUFLjh?huQmF5;8!+_c%6~5xvTS*Oc3UB z^;>0EAp8m2I{MX>9PmIzfs1PJcmBw&fBowuS`J zPWPN2Y?heJJvRN4+Pw#j@eSYvN-CK{AFpV_?pi4t&0p^&jB$5?W*YK=ja4^7L)N zH2?W<1`>#~y%q6`)nG|Bb)T17ZhsL2V}erL0j{oc9EK_{n8~#KErd*UHQ-?vmYpix zT7Ca!;N-nU%9qhz|IlVZgat3<=gh6=)V!7bcc0*;o){21xSrUBvV{@Hv zpR)wc+TAd`Un~(9GQUA(*ZB(G$6%)~X5GuXFscFpDmeE-?Pcl^Ya8f8hp?eAe(M{2 z`1)@j#gAlYbd!M178ntNWsw%@5a?B~)SEAP#5>r~!28km0yvesZdRllLtrc1P{d2=J(;_=12d4J%@? zyqAGI7v6F!_qeq!c_9MNfEWDog2pvxJf5l9ZlX&s{Ij+S1>nzUSTf8f8KROpeI&Bo zy@g#3|K*Z0mn;Xcm_7++g1MlKOkO+z;xj*oudas&QU=)L@LOQ>4Eg1u(#1=4_I*a7 zxE&yMELZELyWyP^sb1WmXh;ISwpaAGO--tVT7oZZjx!QYUwZjdkk|Rsz2|@f8&%_1 z{@k?_Xc4o|{6qM^J-pW|OL|9Om86)bei3X#ob~`Bd>d<;kpxy<3pCNd8M5Nds5mv^ zH*oe}!}tq9hHu{`%vI?RBE|qF4S>mz!U5|99xN>=7jE(FXsR(G*8%+M-~_$~mTus% zME;ugv5mEOuQQ~*Kw@M3)gUKuqx(*82|O}hmp6$O>j%1SHon_s#D)i50ZaG1q2iis z$%A2^&vI?B8P$eap47XDL%r!96ot_OST&8c-}X9Yy*|(Uq@g+7Ytk{WJ2o1n%*nPcwO&6^5{2g!G;s7lX>;d%- zhIlZBpXL|H=RZI_aH@RhMcXuYaV_#jJi} z6*JzKUgo0;L0&vF{qgO*)D!gA-mIxI$>(Vg!-7%ItYcn-a>BZP1|8<--+`|2KnLU! zzh?%EOkao_pkfV8#zANfG^=Ye=~U7-%HNYLyBerv>GJ{}+P>3q76T`+4^nk+e?hUl zAN>Q%`Ypv%-7spN~q{UjG{$3{eBopxVxMF1OD)nt9nZMzp5Z#A&C z{0uCHsvOx)rTTuEI!08doT(F(Z-&`?Vo#iX+UpN(bfD|Xc`buJzVoEA1p9%qo(OQW zJM}S4aMk4I-E$cnH&cRxC6&KAO_HGYEOKrk`U$LmtuLtYhgEhdD9sEuf_+~GnX`qY?4^ACI zLDMTRA}0ce0zXM%97DxzB%ax)FrZ2reUl33M-V2aj=328<9pOh3E=LmAt0kWmprZ% zrv*&_U&gDna^hWd#m{sKxD02PMePPc)*uqv@5(%4(~y1+l-t0>HBF)GqNuY>K4C`& zO5Fp!g1U008TX`8lRNdw4O(gC)joRTU6l2s0|4O+&)#NqD0gFJZNN7axWMp3*v$dbmG1{1H$|7o^+lCY>5Fs8Y919sfhk-*jB^mP;_48W- z@hC@Tp5v2G~E7R*BYl`txlKTg|x;fN% zPOofLrx)EutlNb0s*UJNDcCau7>E6J0~P8P%r=i8s4mUeL(1gy>V4vO&OWtT!|N7* zlr{~V-|PWBR*Ui#cX|zrHdFpKPq2~jes&{mO)8*PcmUib0(TJ`y8Pd_;So*(tT7oZ zY_lr3w{rnQnnFyfudqN0s#EVpOe^(o@a;h$({iQ5t(9zh=^zr1!)TT~w$~%WEO*~Z zknWw!dW?f7^(QOi#Lb>ORCA!b3qn_)bjA7XC=22gH$>?N3HBxc1?^l6Q8>V!Gvb*j zi9fUswBSNlEZ$!s7qQN{?{Sc#u?b>^WMWyh?z`!fA?I7R`Y%`-0Q}0*j^a)7muX(3 zxdJ&K;Kua#Mau&ce4Zb1DS_?yxig^Y5$YLj8rgQ`FYBp;zCmV!{_p2-MRkX@?I3#( z+Tq#p+2G~(*yx%t;2SWmJU&l+NtzNgq``PJc^R}ENa+VQiqi!g0WiTs4N%GWWbb#L zg_rhzo$K#29qP&uy~OL5{?mT7+phi(hTX!-ze;>q*nT!fxjiw{JJbn(cB)%eR%$3D zc(*^qYoj${FxHzB1inaRZR^XU2 z&3LzR2wXCMgvf(<*_*hCq91^x96dOsoh zNHwj~8htfL4p)7IC!_^^b~PGZ?{!uHW;B82Zrf1in?wQ4(~NO~^Bxeso`>>alZ!fG z_IQ3rpXPl^cg}Q@sRups31xGtx0oDV6V!n z)56snmL1yNjzu`oaOe5TTW%SkkgW2~280a_d`Y-Yb&(YW=tzV3Y9d`)WhS`00wSYf zu|_UU;^hJ-Jbo7BCh8uj3XMYZ^BV`sa$|R8VHD+Z_JntkjYP( z0cHPgl5K&#HJlfG9Qts3?e!#9_`L+OzZGzxSL=GcT*fj09i0lajW2g&!1$(jEu*1` zDC4lMlg8ot)pInos45>i@94%C>M=xDG8p0do%Uu`sIxX5VeH+#_&*gW2t40Y2S$V; zGAA<_q=MB89Ww7^+TJ$cSqQNGIF6y!IWw$#Re3?07(g=+Q-Y!H1LV_R2%xm~HGL_= z7)HDaaBR8a7xUSiw>Em=II>9Oev+#1Cd&p%x*JVwd9S5nvZftWIvMJCw z1ICxG&ASbnI+hH+vGC&RNkqR|j1HD}9>?$m!6lm7h{E{B&(&u8Heh-m}Ia^5yI7Qq8e<1 zoVG@jJGJwl1U`J}VgUo70dsJs{~>od;OLjsHI{QWHWAQG38>VJbu|_B z4(xGw<2N1KBLO2hRw%;-=!_v_K+)Xija-9$5wL=4_kw-o^@*Eq#jI=R@2z#VJ3694 z0->KNJ9pxrOxZn3{dT2^q%$cd`v3(?v%VORYegVhVhg`&FC8?hxTa*8pMsixOX~P8 zS>Xag-#A9dKKGXx@h^Nhf$LG1WNn;9t6@J%+ zhX^e6&P4LUa+ajsO5<6J(|7O6*hf>`O;JNa`45;Hx{rn z4awVM2|kITnEl!Mz?@fxBFIb|jMkwOw&-nimh;23z!=v}iyAr@?&hDXGhGJ1^zE3+ z0444`HA#>^(gABg%SVsFqujRMBe6^(`T%)J7(b^AaK`LlRvfcbrayP^W4sX!A_J~$ ztbJ>F@IW7ax0LgeS_#lYlz?L{|f) z+j%_zMfVCap$^tsoNDSUMQHwcE~+>Dfq;dVx{nFK)bkM}xu7%1>@5KFO!7|*Y-Uyy zzTkJ!M>l4I*fCE@HC{lbfn@#8LHtx@i|2In4EgDCDqq;;jbI8)WPnlx14q55TkYXv zN?({SS_2A>;~{lRq75;QWy=dLApM|{oi*e%-8GY$ER9P_EjE$jrVA-rt6L1*p{=JEfVJEJzI`!yFdj&ljt3m+J|oD*rIcdJuCh=yjhCyY z8-!!-irf6?fJTC$j6%Nb$EtSln4YhFA8iwDFL6b`mOmLTZ!*lu0{t{HDl|8r%{}gz zR@B3wjv(IgUwk4H_&`ZdCwacZ@iojLJh6O(u|JT%QqVhY7&he+k3k%*O*RbNaD@~# zHIafAR*rHJXj89dL{AWarC1h#sKe2M@YD=&-6e5PLvj3sfX2H^UqOFQQBRiCp1I$C z1&Jx3KFr%J{?j8;O*&{^UGRux$@TmU0J?W~jucs@Kv57Pztn;}87>ERFqpN&g|cH6 z83Xzl8vNIl-!0w0)f_)|V<}I!RX|XAAffr{!RuqSilXsn=?Tc_7iM3Em2t zNZe=T-B^++ImeI7w-~N25fGH|Q{MyS|FT!3wJezD;+Y3XT0OorZ`Fgdu5opLcm+Lg zA1{4?|H(*24-sA_=q2M`hmurdJ|SmbS!hGn39U78S)Ux6QD$q72Ec7RVF;eypU<38 zV)xzP3OHtg^dNmp{<&9oNkKW#qAqu3h;`_;o?w5i^4Xa{SwmU|5hINkK{(jml$YYi z;OW`AdUPTl;1WL5hX9BYD!o^cSpqXlZu&H!KE;++inVdhnxLSXlW4FQU(qm@X<-Lh zWm*I*a;a0^J51=5DU&AU#J9&+0zf`|%-sj1E@y9GBc{AvQvgqv2xy6*r3W^8O&s{p zl;xvb3%mCc|Ef}YfIej3DAHXQ{i#$7$Xc+$2B!cEdaYwpa;7`2e_C-lxe(tw{0k6l zQj7}Ukq!-K;!22y1~ZD^IX$qT3SjNfU1;wf;E_V<{*V-}$3t)Om$AUv{k8b`wMsXt zj%~=eg8k~P@-dJC88I0`)ti9>lC#_%yn~rEyk$+DADC1@jr)3Zk8zbL88M#A*2fxh z*h9N7ml34P8?T@MtpYl-j>kVs;SJtwy0fDky7*i=zSH0u@nGr)1{KaXeIMQZbyV+= zqXwW)piC@i$ba4AWeihtuQk&8D(T-j%TrMzZc0)RcX+vF+L8|Nt%Jfx@MBTTH8vEK zOBnpTD8SGy$6dBIC%LBHuQ<2edy#-2GYy8t&GabmX|Wv}Jq4}@yt0^)GO=dny3?8B zo(drRLAyZ17DDHfQRszZE&gluKl8RPG$q2pGXK_s@60_G)bH8>ptazQ1PAy!yn@k+ zk#Wpx$}ba7oGYue`iYjPg&24<4E#G5;{iVFk1{K2_B6kBs^HURrhr&ZSgBc zw7?-A^Ps2`ihT$yjdNIEryn%)Sdpejf+$UPO z=`e53fM4%uN*=?b>1cHXB}>cvI6}Y8HE93dH;d#9{`U=h#bJ!Tyy%fq?)6n!$v6@b z9DrvWG|*)?4fB|5vTWS+WSz=!!VOS1Kprs_J|>Vj)ak}CCCUoRC-?^B;(VVOjw&$< zN3$C6`7G8HD&-(emZ?_aVX*OAcf3d=(*?;FVLRD7fbmZn3Y|}r2IUa=lMDvxvmGhe zrbWU$z28&uj(&*z)f_(0q(eEp&{_#cYLhsu-oMnZxcqgp~tp{KX zEb`<+DgIQ%;6~IF1}G#>FI4?9(A;K0m4E$3&*EW;>7Zxs6Ut&)mPK#T%yHwvVEziF zkfOvOh3EB4D?riiMM_2@z(UA7=7xSqcANbl24u+}DY0n+yAuA=0d-4|z?Vjrz57Aq zs{c`6N(ku6`Ji9k3UgZ0L~!JVD+Vnavg=atYOp`b#XJp^82v!Z?eN!VvT?Dnt=T7A z8p#F+%gOZ-Chlumize)z?9ILwBmT6oE5G6_RS~lOY zgD<|_IR)MR<=bb9_6q|1E8E%YTxmc{6JFV3NitP@;VD60L0bhhi6Wl2_5Fu3X>BhO z5dd(!o4!zXMExfT5*qU^mL5bcJ3<{I#-0~+HCX^qCPbh6$?{Zb5Totq@;xoon0iKu zSMjv|x>GKn{V=5vhcu=RIBJF_!*PDSei4Bt^`+wZ;TDvLD1)G2fx>_wZ~jBS5lXZk zkUIN}G5wGUz4RA60viPqrfUIK8)|r~2XapzOYHJqTrr^WOwRIaK(BHHjQtOLjS~O!vSMKXN&N&O9V{vUhPk(FA#6ME zP4d1%-^`yn{}jy^JfwgQZ#mp+l1w&WKcKbcYQ%!CNBk^U$m9c1~? z0bAmEzo|;q zG%I*0sy~H2J9%tygJ6u+;r!1>Z>|lSQZeO3vvC#axecVakU*>enF~+LHFH8=m$If9 zD)>~KBrd}afP#Px_G5wWhBKgo4b;!qlZ{$SJ7256*PzY|boUqmaVlA;I|L4d$38Snt1HgB=U2rTah^{j@x1|ujmlrm<1f(52I{0VqHkD&MWIfHVIpB7y1f7!lpX&zJ= zk9$#{x~N()5Se}HX@tFQc#SG0u0;yS@5n0KRwpEE@0F{JPn0o%{QoPt&QLc_zQ6wr zc41dy*v1yl+#pJTluURqd4xlQcCm$iVEOORZgnCLq*Yy*j64sixstel+lU{MLDp_Z z#*ZM6Cc04J)!(9-AO_JojpUs=^pwDFG4{g20F!V4iTgRw+MJU6@T3Pm9y!^AU=Kb* z#wl{3xI4;ykU*~)J_vgP@DWW+cK~Yw2T<4zaCDP z)o_#jouu(ge=&p#vixOQgcJhE8)E=3R1m%HCv+F%Yg1!ysJP!rZQ{c@j1 z6Hs$cg(Me+QuxIoY_lco3%)`sCsUWkAD)4OAWff~`fLn(*n{9}eOGBH@Wh1!7a-RB zR%S~Zc~C6HYf#gUr;>V!$&+jpmGQ}!tOhS33mHKEQS#4p1aLG~nPnq2E{i*MfC`Xg zd`u9ChvR8Ec-Z@hiT8Q@`GKNFY<~#i>pzp&{e5tN{USj$5NheJ3EtW!O3QC2 z{(?r5-f0{gG}3*99d92sLfep=qBf{M!$W)v(0=5H9s{2L_0A8*XVW86(rnbPxZbR9 zD)Fq?t{Ug@R+iSk40v?^NIJ7F$Ji(e|0RUrGKeXNh!}E*7=xH4etmD%YxUP(byX@O zuk)U>_p{%u0ylm)6qwSE>*a{&I6rKLy@jKyiHLAnhg7uVcW~8S4d-RVEEe$Q^U?QN zpC_fiIF=yWOtwzd2k^&zcYw{8%;hD@LS$r~q`owNIzL^__@>Kl?v#g4?>!2pdG@(4 ztdc-*#oKzezn0A&DM(LAvOEx%N3E&b$Jj7E%xT}#6Qp{%^z#q6) z*|d1%_}J`gw)_|>ek;trZhv~zhNAMshz$UE?aCLCNq+(W*|zfz9k13?~14NbGNV7_$A3BZ#fqcRl?q`wGi{%<1&0DUKFjf;ZERXiF9ajAdWOHB? z{&BeN9Un|O$N>Mp2itY#z45ihxM&Lw1e_BWpw%mUuA+FOQJ?olyq7xWOK}XW$`6rh zj*{&TM{d*h-EhTX5$n*6z7fKM?)+p3&J}NJbLRhK2SM`$fp^)4x1IJTcBsRtpLq@b zDEWo}l|#HtI!*o^q`0$d9#ve85^u_nr_*P%D)p(7YsV|WALFb~2p&qFaxF?og2`D( z>GNIzpJ0j~1DBvyXwmDe_m*N|+pT}nhHx4mZxiLSlf3`L;`KH3`s=0HKQLZ``FyN$ zOmo*qQk1g~c8~1rJJTWOQd1nFA{bnQ`h2!QNu4lSlS*?KS<(pKmETw|P99 z{?mDhD1kNkR}JVV2)B;|5msRjAFUKWC$visSL{hY1jXLDcQ*;Pd)3+WIQ>w*>_<5B zLlOuPR(L(gf&AtEbi8@RVz*g$*}KPcskOnR0?&E2-%6&D;s(BjD$6rkB1rQrAWpqaw?Eg)gd(H^n{xrX7t zv?EBQ4GtB!7*G2J2C+=Yl=E@^2xAmF!ib=s<5dzfS(l!j0rp?je#j80;*}7Z(WkWi zyr4QKoSNV3T$CG}&*{;^)WD1__TF&P^jnkLozdtpnCQRe@>7yY3MHY;eQ#no(?)gq z8F+MD?_QrSj>K^&)sc!3X0F{9+<$q6#sCWBPfPsf@j)G>yEW^p-H^!zl#Rza6#Hj6 zUp(nWj^EIss-g-x1Rw41x1gTl)@5IhzsmnxbC>C9(g1}n4scnx!L*r1azlSx6AMaT z&~>Q0`#bx#VHzJx)LC-=z9VbMzFm_C(ixnUwwy!M9C6)=^?Lw;6K>;Pt$^CM)U$+$ z8xQyUyD$Y#Kl$*;z^yxd{ljR`#E-|=N+57Xy_HS0E#mW)?81t=l$s$z`KdP?>Vl|0 z(oZqDWBq(F(Jz$K_B|ar*)mO!~e$2`-ZssW?&@;WIBVdCc7gSpqFF^%}9cKLi33xI>{ytR6# zp8^xCUKnt5yWpXgdwBk(yBB18{prowzN?(Z5tzB%!#lhWNEoHz_9mGcOOMcwmyJ!c z)#u_nB476laxXSxK0msHvXvV1^|)>>?cS8Sios zyWiWlg%3wY%oq2;k|)rg*Qp}Y8w-lB-=7z}`!e4jtDmP#zwC&*0yj!>F-S!O%kOVW zlGCXgNaV}oU#$5m^~U-hob&6@8>2&}`!S%~dfge~P&D(_G5Ho~4Z@-oW^xiZ22)Nu z)0l3V9(%5~#JDY{a@~s;L^p0o*X*X?`5^h4@}OV~1*3aHIlerkdxBKJ>y>MTv-(MA zs#}Wpo4C`*eX%$5jG&g!W1*l8-M?|z#U&yiJhc>B;_ruVn+T2-kEdSWpxes9M-M8w z(j1XhueM4L4Hn#tvG?*3MYTJuouUpMeX7+k z13gAdt7`=JBIVjhmg8owp6Wh&_ovR&+wq-?g$e56|I0VfW{Kb%8C7bci(`Vu? zRPgLBb=wePtiS4YKOfgx+>=MHw&tkK?Z(DexZPbSkwansSFX%46e*c9h z9HcTQA>8CzdXLuUrOKg@v`1r!TJBf@C#vjgy-1a7(79; zcy>9@he-`>jzhNng#BKS)u&7-XBxlkDFqTBeKbL8vD&3i!CFn&3Gi23H zZz}h!x-Td=2?E#bV|HM{8>_(qFxrN0gSYZL)naf@66Uz3h>!F~vj!-*sjDN>TchiI zEv0xr{=c);pK8(@D9GyztGi+MBpV%FCIP;HxtLKpnf|=#Y+(BE+cT1oJ-|4;h16cJ zq0PZ1U+c5Y2rFngC#~k>St9u^w2Wi-ECURjiZ2Vj`L8d>CaQ3Fp|wTN!U^hmh!f}F zI6fClCeO9t=6omdU9pJ2SM&2;#|QsG%^>%Um{yP150(}4HjuASibU+*+>%9xq$W zOxOY$2-ND}%}S)kaw&L{?Rwc?3%~C&jc>SzyvQ*>eX_=Ms^GYJ)d;?Idk&AoVR<%# zwlUrNtp*}#+B$V2^-^|6&}kUyIOYnl_u~Z439_8E=3omw6JR4CBbx#ado7GE-9E+|Ml?=kzv7-dLASc zX)^9$drO$c{UWlrHUx0)99))oaVH)Dz0|hp%o)rs+)fFP{k0>-hQt1h_$9`PFy$Lz z>)!nmGSPf6>WFm~vo%i?<4rgJphkR5ZRP@xWr4)miU*=42_ZWt|I|h^b` z{e+XKBYh}pWyIGTDAgvlv>!tcP5!50MJxk(4_#&WhC3W@ z;ZCCv=pz(%{GwZynQ&@oh}Ty6*)8+PN%JAD66cnMx)=T&vK}uhTKQS6Al=q?KW%du zs>;No8hg&?UEU4?5|XVSU4JSuEb`p^-org0U4BQG+knk(B3saal{dVYQ&BG|xR28S zuL-rh$WI*+hO?fbi9GUmPZm%Yb=DtzD_*i_F8bqi(7>ZN@*t7UK13vs@CCfs8KP4J z@FB!OQQXJuNidPG-6KVVpKS<(uhsG-Ghp%rPw)=u+lXB&bFV6ZSx+}X!Fxa$0WVW= zO_GTjL7znE{nF0aA^p#DgJ9}wBX18ketH}}z5Bz!=K*Yuxb0(pK~2jt>`^g3zvsr4&0Nr)u-4e` z`gl&dEb6X_#onOnEBK*A@z>pht4Vgh@JO^rk?}v0FdYdiGAGP>^1Yqi9w@d#%ER}8Sd-$5$kh=&EiT${Na6KByA-g-V@%r2z^`kqVKY%;_07dmam#;o) zDYqE)TUvp6>rFZ-;Y{Ki9_EPT6QAr?m zz+j!Hk1O$tIm|c2X()3Kzp6YEN~iqeo`GrT15+P`W3?3)iYl6OWs) zaAeTCuJ673{k+PZuhvu2EG)+aa#k-Mfa1>H>Gk<#&tWKSK)B-Q*l+r}llf+<#``Eq zC^S5+qF}(p58l{e?$xxGUia(7+K<9_ig#DuuF}Yn0znXyG z1IVLhHBW_D{19GlPiR1<_ItlGm){o9NbnI%Y4Q*`rP?Lwx&5e?j@fC8D8R#s;T}JJWp}m=z)n{iL^0}P@7J%~#YpIPeu>m`;QPKw`pZv{ zUR}LxWAu1Et`+F!`Y{QV2vM=M1m>k!`O@>4AUgnH=;XJS^Qy-uk|YTqF@Ac4mRV@6 zq>vQ}jAV;)fLM}wwy~y4VPxGYLns5CCfJP^Hux;=4xTE82lRN%hSl{G;S1r;r9*NJ z$!4X(I;=_-`XdV#<8;!^!=3+2b-Yl%HzoRW7V=}bb*1NK6$5bNFE;I)iYGDP2+SDyJNt5oCx+2QKmFsZ^rQW<=5fsykT-rwC96=J|3}Sd`RRDu2e(j(X)0IRuP#A zW6cjNUwyVe7(MSzn<_ZtN!*sxy7+a@I6K%v5TbYaw@AQTbd2wsJx7E4v-o3rRcov2 zL65nFX!WtIDXsnPDpPi2PVEsA$f|-K=a4G$fS5%%c@TV!N>>qZbKTl4`}J0^PRQ@>!`n>y@8qP?wRr7D3%&pS zeUUDc__+z*-FUBW+sr6GeqwvL_T^-f@iN0kScX^au-PnJ&T(_3;J8#@$#$Z223l2p1U zJ`Q0#-09Yp?LCslI=OA4tF7bS5kBt46#zBV0kHn{`#KQCkPXe05z`MxgjIG3&YD^G zw4s2{3D??}*X|OjcqxJe=3;fq0jWn6M)S1rbR6f-7xQCk&_cyajW|1rHQv(FLQU4z zYI$2fztN~=0Y&07)ID?d%)q7DH`uevc#$P?K{1f&v#Vg+j6X{x(WygixB1XP^Y>W4 zb&zR4Q|9W$w)Yj~FU-LVvf)Cr_Hl3h#6RbIooz6Ak^j)U>f4JML%MkS3J*VijvzQ& zC89Jg`U>l$&5K{x1=K`?~Fo zQ$StC5B-a5tna5`nxsN2?dwfBfCuo|bvej_52mG54u|;fLOo?sIRo3Ym-tWW6Ps_y ztUW9Jf=0l@C zBf`ZX2*Av5p+4T*^bQFE@|2dW-q*dSapC9S2C0qewV9ePmvhv{+tG5z&Tvk{dd0CT zk1SxiFRNBV@k?kkesg`^e}~+f%lHh0e=MOZIzF@R@pahy2c=F+e76=lJHkDtsYfGS z^GWc5`VPvZ2n?Ef>M<5Qy}tf&I?tnLi$S)ZfYY03F2U3qBC<^aHX&=B!0%j=7af(RVYy&;Lw)S0*)PnNjv%BoXM%g(jQ4-3?b zz)`(#pPPu_7~VH~F7?=V{q(lO)5#4m?8K#N#b-3csmVYgi>UOyE`JvT5}m2s2f(o0 zkMbqX-%tw#2c3TnuG~AdJPqA?pn6PCOk@o8n}dg$Gr|)gM9Nw_Ev(<_2G}9 zz)VH}#&Jr1Guayv?z;Y-284vd^INg|wmVqltkREH5AwI7Z)t7+3i!)y5`3E}7zCgt?S{Lrajy7@Kk_6w9 zF-f?_NAc1Z8#Z)m>$WQ!!70J_m76KcwmgAn1FkiO`y*kd+}@i*B@*?>6dAe!N*|eA zf(bnNGa{v>_@~Qw|G;OcvZQSH#SD(qjiqPPcah%UI|t|Wu6H16VG$!dv-2T9^BZ?_ zaC!qA!GV0p{qqgFW)tbC#|2guH@8&pClKpH0(@vSR_Nh&sLo)tP8XqmOw3hL!7s>u zOPz1WTpr>~=WfX+vHL1F`3wHeATXLUc` zIcdA^f?1)3YI8oqrG?j+!U8UCJB5zG@^iqKPRszs^li`yMDNn$-vX1G*XjUFU4g z4-a;}e4G4ZW|zhW&`%5JQ~h)zQ&he*TM5PMi+EL= zbFR~i?LGB-iD0YRUvz4)mbfC4o1>k*F8IOs)*cHXbTR0~zf-&HP*kykOGO^tT1hY{ zYhfk>cnb^dNY`hGO9}k){Q>O_oz-6Zh4T*%{ zjYiquq^sN`u4Lb$GuEI&PMasY-OIT2(G&8=65!>=svJ0Wai`Cm^!#$WAW@K?$Bn;J zpJ(!*KGiS4XL$610aM-Cv|{Qq7-{%b*kMifW+^6D2lFE?Zirq!um9!RiI1!^4xhy_ z3-@h%Z$}vu;WL7zhf9_W+m0+t+bS>>VKudTh6x#I-<5wOpkl!f$JBE4^F1Dp+TVwK zdPWRntBC7lL1a|=V$$JYJwB}fZC{jp+s{VsXL2pv2TzhlnMDF(ATuLuJC!X?;Hd(4 z>krty{~#dy^zOx_uERn6hQLXb^yhd4pvGLHBDbs8QBoNGUH%T0)beK|SHECH>%TYm zv5xmwpFh8c^h;lB1^)fsBnc#&U&72k`~oLkid$oT_%$d<#I3?EP&gRW***J=dKAHl zeH*KO?7CnZB9BjB!Tol?#eV(LG)`@K+uxbQ+E4DQ`Pw$TOVb9sPOS~jLsD+sK-ZA> zwk8~PWh1h=J-5?BgXOa!DC}AAVyKbzzRA2c2B-VL^;g(|e81qh8)9pJ@NV^?=>p9FNgT{^e6!xyi#UCskwg0gHZK?xCk*7FyYW($db57Q*a^V>D7N0yIwWI zVTSt0E;I2w)>)2yfz1D13hWlTiEzUDfcy3wZLdd9Vilm>I%A=gb5f)-T63eU?XWxN z)*JOVDrFJA^Fo?6{{bl+w?n4vrv5G;;URkZzF>20*|QW$5iL%on?cqrXcCQctU)Er zc!RT%_%MJ5H*}{bJ>d!>8DAW)E}-cb*={l*hexpm<(=SL2ChneJQ^4`Wxq-(A)Xne?-cz1X$@g z1$F?})W2je>hDhfdO_smflGhHHw^!`FYzQlQdfy*OnlACUMTLk2K@Lh_W0TyA;3Q@ zov}Z4f;pm-|6=X~ylb~&5${y zkoV77cHP%+F&Aj)TE23fqy91&<@~+Ig8!82Wbe3VcG*Px8#xBz6OFL7X~GFnEbUC2 zr60h{oHFb-;uMxqAxRLG?=D3-r&QoF?GHlQpI1ZIv*-F&kSSo&&f^>V4mOSfI%gGP zH%@1-bxX8(XmhKv9VK%%_{hqk+*)T!1>*D+FaUNJp@AUS6^y$ZXf|1Ac$7FT3QoMe zJ=c<$@%b=dEE&y{86K`JMp&xiA=;_i&#rb$&8o>-i)x-qgZ$k4&>|m1!P+6Wv&A9R znzWIo+^_X|zc@!>-=Oy~zp4^VKkxeyagD>1p^=aGk@a3TopS}@O1xyWe_xDxc>0!3 z3aG$v%YFBw31t;|`^hww)R2zC8)B{L56La)hZMvE1lkwWZhG z&!hMLfI9!hh8>;{<%qEuSXJ|LMIbQ84AzwKho`0znmtIqlw5@rL1V(Q-J8*9T$1~X z%S$h(`{$(0BXL)yg#M=4-~~D185&X*5Ea&nIHUwl%ol9IjwCx!6Uc7SrFua((TWI< z-(QUS5f*1TTxG&z&X4`fxwgwshODn%u9oUO4j8a}5bd_|&;6sKdc?pVFy$b|NGfbu zUO4&mpxBO1{9r~~ACF0<`WYj97~wvRZ4fQ18V_fn?yP;)_KSg&vfrCT=RLb`aMV_O zg{S7GiFV?`)}dLSs5(1qG^VHmSBn>~*ZUoOa%FAz8s_kr&mG>OAJNu`^qu!zBhT!| zu*!r#e}RhSq^~TP-bjf{u99^341&DhLQFoNXWKF5=~hR|iyYnu8}VDHEaeb=k%oE$ zsG2@`1V(69v5fJ10qbhnX9BblFG@^u&H0)!CPSUj!vFQMO$#=H=viS7+VfDjmSAs% z8-7C2<3$C}$Sw^$F&Q(kG{bF^KIvlheR$$$-~?8uG`)|i>>k#ie|bJ%{lgD=A3y6L zpuxc*h~^zj4o|!zDxVblp-@Y{hTXeaGk_v?(4H`FAeEDeVI~E2fW-Yf_{&0ti8)b) z7S9d#L1%1KLYL!N`%1Mc%a z{3!x@)%EQDsB`RwVYWxcW;lD#NN6^B3nZahiqrA_#RG)RkRX)+vi%`&0)S}1x4yt$ zd_>LYJI?cE*bhetJ7`Txz7}t~Rcu zO0S|)#3Wf8c?ThFHO%-UHW-urv7AO*wxK@c!dKnqshu>w&HEQgJ>Ab2Rpggtn0>zi z{%EAPR={6{H(r6j0KUVQr;=^g(LK1lyF!s>#b|DC2mCmpsdaUGxogTh)ib$czOCxcUG~$Q<)H%pU}fzBJgizD_IXhOoB_FuDa>8DD9} z*6_#&?>qybrNS;(ILre_*`#EKivZPp`F(IfLD(!uyv7Fn0cXpdiOi%ad4-?3qKdVS zJh^t0gXi-`c3tfRYH4Gv@7{WpNOhFV&AvT`AKfAwj+654PI#r!U{GwR?}zpN`spu> zi|4zEKVkI?(*_2YcV|okCr_u1Vel$0vZiJ}w=X+i<`?Oa@~tKYZ=UR6VC9TF)870%prZhhCm8tc0YBWWG{!7YDw2l(XyH0bLrjV*A98;4Ce%2;m_M`E7G5w zN6Ms^*9q<6zi8-12*~dk9;acW6#tJFJTxE$Pq2YC0pOgyma|vr4L@?M7ko!S;L~K! zF})~}?GQK{%-^YKMK8(GQ1@6`S#BVJ0YPhV0%t4-R%mIzX5I`8z=qJsr#c^A3rNaD@c|0bDT^>C*muDu58|upK<6m9PRO4e90gFcXZV~(xSSkY zTIphh&w(?}tB7|@P)3fJjzC&7_uB3*FSTVqT(Gu)o4H6)W=~6H!Ww_-RtEtIXZEp;wR#TMahAQrev!2T+YbFj zs*^zr&6huE*Ts9=s}-*xGtBT^pxa#E!*A{7lKMQ~mq)Zk-nN&;#Hsk5u6fIG?X;Ke zwfjU)3G)eMHBhNLk&^*gr3tWuaI;zTEC>6Mgg=g~PC;1x-PbJJ7J&#&_C>Q2;YcJu4;+KP1Xm$_Fa#h3Z;7&w(pxzU?nu! z@*p6+Qq;Zs%f6QK$D(hV)9N_bnM_ztpSNQ?XX((9U=V!B=m2=`d>KB>k$)@+I=*-t z$kJf2eff#!O24h!UUguH;ds2fnoNAX2U>t{#SiMDo!`9wYpL42Kakb1eJAo)HTlm>zLruD@}=hP-^H zYxbHGv*^#|;M)=26Xp~n5CxA8}6|`*GYT#gRC~9h(M7l zd%>(KEn;}kIsi8JrIdz43+Ua2I!4`+?=LvGJ6N4?%0Hyr`M6(=Pkb{l;(OJdeot){ zkcJDrx)E4U=uPMFHT%quy@ol=&;C1=`QmUQ-Sn}P?Jp;>BAs4zH?AEyFqvzekVGvT zB?N(P49lr`ovi1E)|=WR!J_nE)O5z+enKZJ-P`xq=e}nzqj51! z-ickM`z2Vz>zwW5l$HpqZd}1ss*^5A9r9$l7#juCKuG7l&i)`1Mu-fK9RDcOH}99; zk2rdpq@PIDaZ?9eas++5xO55ZN$6yIi%Ds4Uje4n=w3!ug+ntWoF+sLTB>NIW z*?25kgSV;s_D|V3_Jr{O?u<26;ZtllyG~d7XdmDWnu~QrE=#rSvgmR}*EO>=oY|S`lqR z<2j<(zRX7YD(*x8KPaBrzU0`N*c@W0oL*N#T0N1yPPhQcG<&3u`Rc|r>D?aC#kFM| z`EXyczi7tKC1)Hy;{x~VI4k%pTdLD>dI)q|)_aL0G+G{i_m8Is^5%yS%yNUvKRa_` zc@l)G%lhbY2p6WkX!o8XbGy+R<IKpw;>+Y@i+$UT zRPyZLLG<>S23M~~MmQmTq6hM1q|-HOuaGOBCH3NIOQb+1_D>2O{Gu5;62 z-4CYM|{lPimX8?vE}UXt{?DJrDfl{TS1jDypbUE+6_)9Qj)@;g(;w z0->-p-^GRZS$+P-(Q)nWRq@&O&!`7vT}SYY3HN7Ws_8VIu#IB&Yxr=lb8uO?fXIJ3 zm%i!hc`lxl|By)c#4UKLC?$vTtnc>|3y+OV`zvZ*S*VU6?|9|q_`c~eh&lK-lsT`D z4srf(afInPw1MECwDn@Xrb4pMqLn=5Zn=B|rH|pTbvp-8A55Oy=N!8aB~6-T#Gsb* zpHTn^6#+pcGS!z(;MGC@YN|GY7jS~L`0cIkgfKMmd||xwaDRsTn$`&21!BO+yYz|s z`ZTLH6b~9Xs1`*@0>(N130NP)z_BMBHU|Sc$|ksL5fI@_OuD$jX56ewV@rbv|C<=w zBGWvOGZcP10s6`i+aTB3 zw5KTZXpPH2m|w#_fRMT#w^{u)t$bl`5T z`g(=`RmfoAjqyP7;;V#{xnDybs_iYDAk|DT=Fs%FgoKg+S}3&~aIJo0NywPtQ>-#( zaZRtrNw}{7{pYTLA9!1nty-7;?G-!y*OGE1uky=8fZ2Rw+64-Tjg6L1v6Qb<@pPqG zTf7BRo?$ei$*18fj?GDTAXTt%oXWq#It-Ue_4N_&^JV3i<5t~jQ2B$mUyk2H0Fsb$ zLBnUi^^wY30Ty{?S~_6WCsYWtaGnQ^`2sfTndeaaIyU{{Z1aOR8V%CIY>`j=F);I5 zwO+m)-U&m_e~H3I?2{B_1mn{1s_v?~=ePJ>GnSx_Mt1 z#+RIP>m%!cQhCvy$!x0U4jDzwF$`CT)^Tohp5HFssc^<+VfxvBzZ*c*rH<;D=(WOg z5pF>AQdG7CG4i$C6SmDj1sA_YY{AVg`i~>M*A(TKtdYreD4+|w7T?NkymGFMD7!!R z)&WS~HRrOfNYYOVq{YIl1SxzyrtQi5-^csLU(drZ_&M^&B_zy1M$3=klqF<8%EGIuED z-sxR+3kqP-{tRxR+hHW^n9fO$&?no9$?K90nX9^umTk6a+9yC_oO>(_Ds`O;`4%!} zLk)a5s0eptj2{YpL7N&6#gXhF!-4s|5x;xP-yfsUzC21A)jKp(w@#_l?;SPgh|79U zp0zCPzA@DH$9=*5)Q&n#!S{yM3P};82NhnZb?XXDL}aFp)2K--*%DBgT#G^dpM@{IaJ{&D;WA5jKrx2Dpb7Hcwd#$qr0C4&nw zSEk-eN9sw+9QUI0YC$rGji3M*ovSc_u+v!g64?%JKSW347BrkcHJu@}0|o@nqLqT4 zR%pA-^T+4`AQo>F$5X6ygreu+J=s+l7nkzW3zSzRoBKL)u0NaYO4FvduhIJUlvmc{dp!}g^UmYwjwi!0)BL# z{8_{^;!?oO>EckCra*QK)gZxoMQ1diOF!D&3Ca|Tf!a03-KFIjIEqqj{R@eG>LXHg z#-;lHBNL&_bdtpgSAK=*B#+v7y#?{eGJf_)i{iqRAT zeQ??WGw+29RY=D#$Fy8>XO<1gs11S>Q8VOid%|^9=Y*_g?U$g=19|VpG+`mv*`ME?cuPY>5?r+(%2otkO~oJ2LigVMrwH}Z6DeDRLH(JC zXmtFW{kPoTvVFV=baPBcn@*(7^GRIaJCH*@B;>&zB}7EMhWq0J(VgZaHHwRo|CYUf zh~tS4gxDBEi49Cu3D}5&R0_u}gFDvu(s*Ru9t;lF4MeFv8Q9h5Nv>J1^#%|41P+&i zPbDh@HW6-LYy~;mCC`KQLhQjWq7AcHKgors)3E|GAxoiU;$mi1~>3WDT&M-petvVD8xNr%V@iA+xZhQC|qvx6zoU;1OFw1cnXLDpM?w`{3gy81Ow40p^wGI6S(W? ztqKGQO*fnh*Vp^WJ<>GS_L}yZImLv$&@%hq~WtMKOgVVC#?=>2??Xtw~=Y z=i6d0n5FP^mi=PIq~j$0dSEWTOW9lJyBgq3J|Rv0bbmZv+V@&*&(Xu7yCU&Whm_xw zc>vUOcanY_b_PO~jOW(XB-pCd2MoRx(kjl!hvXzn8YmB1{Z(1fD*_b#8ZQ9oAyfq) ze!QW%DM|MBaUURaTCXEvzfK2>y^JBVJXo_sWqnQW=SAwiHnQz;eBhSrDAk|iBY!(+ z;waiK7&10?y>*LQElI`LkfQ1@uP#3WoxX5P!kDy$HzwGSLd37}RplxqK8UN>lyOM2 zX%~{cn3bZ7qo|mN zYOZo>7tY7PI2en4h`*D1s+YU`z%eS26(XV`i*JA0I4^0d2_GDoz7^Qn1pOjfXRoau zmXY^XJlBPBLXtTabZmj}{hXHWs#UO{!vqd0?~lR>p>TL#r+9hV?Ko?BFBPDf#LM+= z-9xe7NAkF2Y1r&u?)QPebYDJ)(h8Wy<)|srt|3mXV7;=k zSD9dX%%Q&ib@zQ2fYs5zASL#pl+v+Om6St2&?H>_MxP54U9|$2E}62HgZSbPV0|Eq zE!D!sNTSf#sCW5k>UXrBXPYMpa#qzEQ$_tD#R$8E=DD^7t?FHP5FDdQT>@TC)!=?+4+2DXe2pEQi_9Xdagj?@T;_FCB<}KdxOoLO^y4 zLm*wyL-fGuSX^oLV{0EMt?5eRQkRO)?eaKKB8vd9Y4D}15arOsf3-6=k)IpVwCW*y zTE@Pc-u-O$%bUdC4~E2qp4+d=W`e`L&lHk4eJ_d6UFNuXGVKAk8nH+5b{8Nvgrl%L zpsG-yMA>_V>hturzfi8rzfVe}mD~j1ce5Y6s?o?{v5VT}bFG!%`Q#^x8f|_5?#NHG z!zE;JsCXEH(UQ^tfc{z6xXr%ynggnC1!H#4Ps{f`#0F$od@jGH(@(pFZ^Smw=#bo| zv3~>{sAW4R^XHPV5++A4ZN$b*H@;7E>4wTlHm6gpPi=Trn?B`Fk3L6Rcfkx(N)~A^ z7jkDFxqa**MD_r~7(fNK@=4NTkb%7lwkr{rauJKa%wKP}k>Oal$szT*DP(rMK9=|e z@|a^`b1%5%Yd9Rx)kAbErSpRb=bI}|BW26fYlvz4l~qOh41#6BNcss&=W*X7)WzOm z5N>u=8X0-8o^ZtC+Z1kBL4NZ_AGs&Kav50M=X~cJ?TrhTQ9j&ZAkPr9W!n{nr`5nR zmIjX8-81_dJ7e13Z*{7fO$K_!bqiC+mQ|ROUb)(S&fG8gYKGIT!(Kyr9PzPVcPEom z{`|l!$hkRqO2tJ&MB-JKUPN+CZ^Y1Gcf5nL)4Rg3eDHRZHkT zbU(OfK~!Yt2R+zEYsbeB*NN^-!cTrPUbyzigmO3F+t}{EGbj8QxYvenN$po9F~E-x zemos__}tIC0|fj*nrJ>I>mWVLf|K&S*7f15BS#0B7QH7U(+R@0EB*L=;2WGb~tSN=aXclk7N18;*FEP z*Y%N7cb;92F@EQQ6I1>{BY2U-3pOzV_hGJFlrSr`?$<;tpyk0%_O`|tCw+n$CFEer+NGe@!smRx!KVkH)!ERfm#O~RkUep$eueYaG+5u@&0 zsnFOzvSK6>%U=ZYdXw}!o14x$#>uR`92(s;#Q*{(I*n6ppQ{7$DfA?`3LS#!mn(Yb zDqoWDogmt2yIRig$ioGJ1S)t7#^v2Cy{ujiKa$R#_2rAlf)zP?LpBFQ0<~eEhS#}Y zp!_%gc5@+5mU|lT9{U;))3&WD3vM+#1?(SxVk6ZD8d!+3;-(YxJ?IBZ)laeX4#OGow%v5-XL!W;UIt<}-H+_( zobD${++yO(0I`aT12|=WPf=)P27{Y)RKBRYYbhCT2|!{gMPlw7AIFAci9_L$(EHbY z$A{pA?uVaA#Dq~W2c6AK*ha@kxxC&Te9NuSkFyhQKaQxL!^Z?E2<*a)iXihV?Zi1c znfe7Mw|bA+wt5^jbKzb3HMBrtekr91Qe@^`D591viDT;aTJCF7-wK-ZJkaX89P40_^{`;ybeO3>` z0c^!<9TqmI`Ha%@>g$Or1RhxWzMnApH~MhzOc~PsAkUCybi|8kQv?yPVCp(?1okPv zFN=J@Izm0X#=pgly>ef?-4G8DQ|Z@s@8{cAjLQ&nfMBW7VZT^xsp%iMSW0(t9unh{~XEOJLd^6AeF{zAgrMjg9SY~AfxRa={Q%cUK8gpk}B zqC>}%7=_`hqusQ@(~b;f)Q>{8y=(hc!{?emX@$U>Me>o&e+LWng2l2wd*+F}{^8g2 zs_0yVq;}zUgA-!?_%hAC?Wrt%o&E)QsscoB?of$7cNAZ}bObUPzpV%|g9Qkuv2bD6 zz2Yq0_wT^}DG@sqFvc=DU#qkc6)y5-EA|9Mlj8o--oay?{Gy+1Edk&TCsyAc&&BgpwaYvPcjm_(nzrR5E=19PX?&Yi`hsh)s8O zRh@n0<6+2p{Cc0j&VrC(gorS!XN}wd-hetuKaFNfIgYVmV)0h+uk{h_B>OG#EMHuq z-8Zp_1Ff{QE@x&{D$t|e-?)wy$?@hMZO#xOX=}=<)fOw4w_ty*;K9N<05dclC&rzQ zriIO}3uRH%i$O(S$gc}07k9;8mk^WbDu1$dWq(W{M-cV8hgora3HPksM6o%=+DxrU2+~Y}7qc-aM)3uTh zqjPR=yZCz_NWY=iUK^S%=kCACns%TCosWSOikrS)tzYZ9+sQyGCUY-$N4+gS zNQLXhK9}bP8TPrbVUc^DU)S}Tu?5m-JW|E=S57c%pSz{Z?J@y+WXsltX2K)Dxcz&j zEClD1EFm8S18SE#ja8(W^{L*Dn%udZ1qs$RWsv+pW}ih*NdBF9K?VCA6AA+fQ~uMG zeeB)rbVCEHQfU4eg2<_xE)QrZC}XgHj>gJzxIP}26&p5))t8_Omyfh9^m9)Ip8`8k z=PSMXU5l8Y-XO62yD})LYDeO8RX}ef8P*)a`uo7g!rY37%hD`Yeojr5gZ2-9TAV~7 zOqF$akna-L;+ixoxFfsgiSno3o-37nFt)%4uy6FJPr6Xba}OpGINkV59~z5q8*g1d z4}-TakjpZzC*ax6?kWv5tIKdQX@QJ*o>qf+tAA$GH+X&RcvHZHu8c<^Y!bupz)#pI zgxvM+T@A7>2mOgvPcSb(KEkXl!#!v)j0_7P%Gdx%d<4Py`S?@4EI@EP!FXnm7H7Kn zV*UO^a4`#vNms@Fz1(HEx8K7QXf|-t#!vK6p$nf6r~|(iK7SJ5`JRNz?}_dZ5ef8V zhB2B=mGilZO#OxhL4m2E3->t@Va%sEXB02mkjx|6Q;O515YoGN@clFXEoW1co*w6E z-jhXtR&kcxo_nHutq$W~vXQYR+&_cEXwEa?UXensj#fu6nERNoUErvElNUU?($VJg z$QVQJE#1ymq+E?kzJqBMb4JUs>w+7%u+kw7jgbMP1hc7iylFjN#U3FEohlOXVRj zjaT$(729E|&k?*_QBozNwhr?}nBByL#S>4I0R->8y9KpIA!j_aU@*@`yGryykKyo^iGxvCeR%0jJ;`^7 zyLcv^7<{5)?t^`X$6-;)icc0?Ez4XMe{TD2dX}#&(?ixD?)N&LxFjF;guYyLTU8j+ zd$TqUxgS#3RrdG8#gbp|!!y=WtrNQ~Ab}CUByR(MjIH-VJ75YO9Aa6jL5AML>9^tj7<`$Vc z-Gd)WUh_FM!kmAY6t$a^E4++lTb#!SS$8PpVILDS`J7RYQ8^JB!=J= z5+JlhF}3n$P@wd8w0#epzn?c$~P{nbeGX{H$6{uI4mg%T~?wf=?zyA1^; z4Pvi}b@Nak6KZ?{xDtQhS#6Qb_4k7%y^ohLv@xr5t31#u*V%(u9HZwp2&s(BElu5P z`L4Uww+#?%DbDtdPsfUUqMMKy&+nd*04}soE=pG0>D@A~0Wi2{oYCFt2$OLY9s{$- z^<}0G)EGrN!KmA}{BQ}`+>TLqD=eP6dm2q1YV&KcgN7bKB|g;I5$n|+&7^a$%$dng zq49jgr{_EG8k!vL!SkWM=nndi*quAntiLO11<-9=>uzcBDLYy-)37|MB40j6x)j_e z=8VD?j%j}%7j!UJA-yIcd3UD@7Tl1(2A}@Ua$&=Qoy!gxV2Rm7Z@`JmTVYV(?>Bw- zXf58e7%#dY^$zWmLyhEe;TGRLn-QGhcv&MO)_>Wz(jRlPSokFdN2oQVo`);m7Wu!s-B#wWC?&T@Wqq?&mjme`Sz zLKXGf<;>#)_|msJTH5I(?Qx1$VIdHaAyl+4KnU_1dEc3VhF9D#C##9!34L&wi~{Tg z&giZ};C{J4*-6XD%|DbzuIsybq2S=|^zPw%t2o~~f$^QNG*ND8^&WRa%;W;7oxPwVIoT9E*FpT=kbZ_*6 z+=yrMw^2m)A%(s~iY5hiW(L3U<)Jfvm2^qIa{n&RfoRM5_dO7P}b|4WNB`90RkV|Tr=0mx6^xCo&G6tKl_gGmLyJI z?h|=arcR4xXY+3#cez}jRFGPWoXFSZqjm1IUg3^xZ+-xW)1%RT9KL%%1{3ryw%#I& z`CU@hujXi7X&Lw)B!#Yhp*H<60cGN_?ugfLa$^q$>AHcj*}YnllX)g_GP1#K!ZVM zI`$Tm)yXRmWwVe?&#d7o#MREW{Iu77N3d_O{!VwS*3; ziDNg#Nrelrz-1bAR!ll61wE28qp^NyVV`KiUkyC`Fn&zy}qyG{=p>%)87zCCq$XdW9{7bDKL*)M#h7>zNRtI;5>Xv?beg|hF?a^46Y~xDiKfovIv;JL*>0|Bj#;jj*^rnAw^yZ3p&&{Zycsl$=d0u4# zU47qV-oB8v<>Us%`B^Cyb%|PSP!Y`ovgSF6st+1d&^j001W2xm-@;gO+cGWgZP74D zTGRj?J#0*INF~zEiv6CiiXbR6hii}UvEI}3>rE6WPGOTrnB9_RgBHPPIJ`*rOdr`f z$bb9iuE8FoFYa@FVF5@si%1&W2$`?ZhKVcW*!b|2*v@BjZ zAD+u0Pf%TACxoKcGcxBr5ghV93iE@(T{E0`@czq*9etg(8?6rdyBX6{I(W}gXLP;w6( zte^-t=)zt2*%d65=wo}OdW6nEPx}bnJ@RnAOCx{X<3(Fv0WP9Su4YH)C#Aar7z)pT zFB7Bi0NJ+V<#iQFiX1Pjv^~TQFkkzYU9}T#n!h@?--P6o$Fv$)Wt+ul9Wsy57I80s zf42&3#w#p#?3gFb7KvRXz0QneG;roAvUjsHEs(Tg6&l`V#bsbwC{Sg~>R12|LN$@j ziIFcS<8!@5)au1h2tIxUXsb)I?y;GUiA}*YB67mYV%gDIc0Vy}QqUQ|EvMu3-S-CF zBK$bH3ACK4wq7>!Pe~jYaRonkM@uRNly_%%uAE-dX^(*)3`zg-T*(Eb;Q+R=y(GnR z2W2T9-6PVF8aV=c1M;GmdRjU?TYL`dzrcGx{n4^&gBO&CcFt-RyYOQFZycFb9SKe z4M3S!CL{Ay?28Y8wpWjcv z!nKtt`-Mg0?Ex*G8$+uS18Xs+XjTLsXN64lq#ghh#^X2O#Ec&o2gk%eqnNQ=mOE<0 zE}{ENS5#oLTer&%BkmQC19l51#4+NPJbujuk{Nz{G$5<4iz#r+Ge_f%3Lnzt zv9D}^iFendnSV}nY#pdOarI<}vQIx9ldR|fWIpwO&glibuYf!>_-|b4k1l}Ze`&4L zr4`(ny`TsWip$}C#iv@8EI`?TJO#R|aQni4a@@#qohMd?X>c~sg4z0_MYarU%eEqL z8su|jPhs$Pm)wOXg#y_fTW{(|KEC^c1A+X~HkK}8^9U*oed3tMZ_Rk*)!EYxWYiRf zofx2iF5va_=j#B-lDs`z@gcoVCq22MssxKhFR+r+1+lJ@U#Ku;$?$p@BOTQvwlNK5 zvTgVhq-sNMe%0QjL3td~5?qXa@t;GOu=!ku^Xev){vp4ed(!ec5Z$L4X|qtJPkL$< z@?8FevRQM+e6a5f8v;#bI%f;z4YG)A*JBRmD{K9 zF$c77u~ok{94^U0-LtF$ec{i4SbthQF3MM3+)xg<@;t72YYxzsm>;!!1e3*^HT+#C z#h@O|E2gMhE*OGyfHLKAM^W54md*oR?$WRaj{IIgM{@!s2Q5Vx7GTg=iqOvJ+zLt9 zKSN9TrrLT+o)8RPU|6qs1#p4O?|@}moOgDiV)%LOR$g@nA#o9QJCk>Z<&GMF8KKb) z_#oVn3M=kMWNnR(mx8HU=lIRw^6*5XLlj?cPd~mcg^1E(qKEngt^j+mtdDs*Aanrn z^1OXhTtfI0p$E=gH@GuPZgmeRPK4W&Af(fEFJUP{L_PNbM!ga`9*p)V9QOlZl~8K( zI9OMLGthXPJo~dM{vKI0Gtl^*>(%kb8%!Wd(sF9(Uk)*W$e*ZcPhy8kg zp2ADRJ@x^BR=K=mn|?&dK)N#Dy7Z0eax(t>(zH-T?F{bGMh=xRw1vcUT|4K-4z}a`Kc;t|vHF8R>CwY)+Ca}S6le{xkjh+Ar;V7U8g~dq7P##Oyw8XykB@yJ@V)r#2>`n-y|)K zKMZ}5@lHe9y<)OIFE($z_x!lUXNLD{pI!Apdd_$A;ntF1!FZb{8oc_$W=nJ%Az<`AaXNC47g5>T zU!-R;J0YEf1z0&o)_q0~-svZB$W8F(8?8dqVg>Z!2G`hqWq$V5x2?s`J)XtuJ1bCe z=!T6w(JTKXB5GhuhGK;I5}nglE`Hj@k*9NhDiZJfN@)Q)=5e~7-ZD#Q>~uqHj6N-^ zSq5rjvg(daBWc|!MP`r7AV`#Oy+AWN{N$0p7kA=4eN+8w#+ix6HPlLBK$m>>I9ueA zzZ)&6d1q_i5Cps{ye)E8%ZJwTBI-smj@JBt3Hm^321*lIJf=O7LT~W>w=4WR<6%izJ|c#d&C2461k$E6AQ zvp+o0>JZ>b#~=Gg4UmAT=g|-CzJT*E*UUPrJ-8!l%uvHe#!Mmd-RjTQ=O`QouNH!R z+I?yo@SjllwHS7zLsL|W@Y}-8EV3g()6QoN~sM^9wy)?&ttqcPD{NWRWZyR;PJ&^YLR>#+vtXC4AR z)gxGH+d`V5`;%`44Vs!4Sm?2ntvp0}zDmz$Mc0DAmEz@(K_e6A@N1RovRWJ<;=!)+ z2Z&(*u%%^#>!=c%JSbY1XcJDK(V99o+Mj|J`VBaT1zq4qW?gLmF{Srz3OAkxPwop4 zYdS$9X=ErZKuz;2Y3?(!Q50!p?ZPJ(yoOws ze0krd?jc4u%=o#kW+|^~rBe^<9NAyiR3l-zySXhm(eWOrhH-V)ayp?Ue4wk+qW=tF z4yRtfDjqK9p|vEE64L z_njro8b85!>H@-oHlZ<{(m1NzNd9mvfLpvv7j^+AX_K9(H6657qp6;6^vq}5hh}J~ zwA{wm6wStMUJm0%C;aPkPaoLcG3R~s3TEBN8Nn$iRucvh5v{^Dm_!E{5L$QOSx%+5s`Kr_ zx710og?7m3<76y(P=Q_$18Z{doAVyJ<;Ha^%cB`SVGg#!a`B~w;^)Bd!W9j;fePKn zeRVe{{)%e%#}6xxX>qH^eIdQoi2H50i}J8<`A+8ot?Q z8(MZd|MT(TnTekk0m=CBy0B=lU$@8OE05j-G#K=Pa90F}x*39mM*PBNVIGGQe`>KM zV$yL? z4GHF!rz^5=_is<;B^r)8Y>Gcv z1Pv9f<19hTjs+9=KPPqXIiwATHo6xvH^coZS*bMS)jNY21P29DmN$Pl__A}3x_`VV zUdx*1@I}$92OBQO2MH0lGoOrA(#CtCcF(ZKt*^L9&hxZYkneGJ`0MY=oy^2ahN`{f z?RI`gM@E)zF*5dOetTS<_qa~l7TEs0Ws+friTZzOlc&Jw-Zch*Tcew?~TP8_2 zN$wktMewVp;u;p>m&MGVGnpo+o??YnKkThi{=Iuqra zwAHD!CG3M>`x(^!T3?dx5Jw&)s35q@4oPWSdj{f(+XnfEr4B(HeRCN5Z3Nx^UX%Uk z1&QlNZlh!K7mvuF-W3QIt%MUT9lW-I4EF&JUL_DTEdAI#X2}ypaQT+2+wD zKB%)!-7J`rHwAJLf+366kE?Ah@2jhGy36 z9A2WDgk9ct`W@ryDcKpCLJVI`K@7rc2JfOMtf9Ju$g+9Xn(SB4d_AxP?N^lD_om@{ zLk<8k-uWiO93D5ce@|QNzuGsp#8V;N`EeZSEV-yo*QyFpGGDX!M058clu7rDCs+R< z$;qbs!1!P<{4%-)JNx!Lev?Q$>&t812xvH(mM=o>CI}P#MUOW#ToN#{ROBzi7rn7l z7y?SoZkT&--xCl2)oQ&thu{+KdwLPl0F;m!3!x5kqvpa#>86fle>EUFIe@B8djO+A zZGPUA+uAq>8H0Z|I+{GMI)SpxUz-h7%0{TS+e2-S1W{F~Z2kh@xbG`Nsq4;s%M~}O z4pThAA|^iaF(10y8*P_Y^c{9Us8>4kOwOPnXXf>31?aDSkA#ub?hVbsb^P5bk0$%L zefUQ6<$wD1U}(SFMop3yB&Jcn*B>|T7r#9v*WqVhBbF{dVY^xNj9!<+$*!(U=m_4P zB_{TKL-cEM>&+h>W3PD72M+2-JZ9mu6yIcy{u$0~muf%=`#aOIZHm$+0f`?T1sZY7c}q*G-1(KM|Y zR$b}`Xln9%d?T~VTC@D&6U;ysHx1Qa0~jsXUKAehE*qT~?yT@$Dr;lsbk~RB-y!Ym z-uE{#y;e%m*kBLW&(bGreQ>bSK|hZV8M^gkoH4HgJY0K!QtaoETgDHuz5CPA*U?<^ zwzJO4UYrD&ou9zEAp=CYrMN`t;Kg!CY+KD)a5Acm3y@{9ZFunlMYvb}fssao44Tt)Ey^&_Liz0eOvn~VU5VE{8Wz4cp=rMP z`Wg?RrdBD}v~an7Z9O(eq5-IDO&0c7W9H-yN+jKGcg5h20m|404JfZa*a@xpKrIBra(HC4wX1Sg|q_5TCxpPod;=obB9 z{TwHRj%Rz0{P#U5zbk&d3&9lSX~qX>3(Ji*7OT(}mm^`PlM@^5wt7 zgijgklXl;eejDnm)MS>gpW!c+4S|{sU}`%OpziAFnx=4j6P`kf+B!H-R8F!Loa3_N z6?pdXu`d-#b~s#>vmzU3?9V)ly*!t=_HIZQFCgFNzeh+(iAj7{!>&QbcQ1=-e_s{{ znEYc=F2O!>N(G)#LY>D~^##b?*U_OEa>{X34k`B3$IiuQ&yd)_{$F z(a&s8iJk^O}P6Ca!;$r!(;&e-fhd?<0K#=5O`43wRKZ z;xr%0_DC&cb6qXQ0aL89%k(@hA^HRu##9;bH>`q)$Dmqn$>;omw)K+pC+fszl73o$ zD;EHqKI&eKPOlZP;{AMFg0hR1Uv1Znz(JBzq5kn1N22$h$Y?9!<1sbOHBLZe!EnMQ z_`&lQ&05yaj#WW*aEz~?D8!?`m*6wsxy3jKkfcL}1-%6x1<7ZLqNXm47T8gAXpO+E7+R;7394;z+kA;x=0HI^Ii8nPd2^F?t2dx4rzcu@eCaD zO`Vv-@n)6_(BrKjf;-!iz05F+P&brh>Lopp$t8OGSR9&mzbx?2p9Sa zd`)OCWtK9?BwZh+ehyb8+!fk8SL@JYjDmSc?orOAO4VnV_)oe4KrVQHjNwV&`VX}A zulNxspl;&t1}dFsmR`Om1@aO5(ppYO=xIjA2RK)2&;35VV9^rK+MD1g`gWeraZXR$ zaOKXZ@;y5sw8^1wJ3VM%6rIs;O?G)qHt0RBF7*;%fmawKI-`rue_reLYw{;6ES%Fp zzqwyXo}q#-pN&ZC#uFCU={`sEJ#j<}C2=1AIsiit=EL#LD`u3paX35!|DRIFK~0q; zgyfz&#qnI^m$N_rE)t@elfH*L*`p(w3u@P3^-%V{z+8DcEc(NrvJZ}X6nte*;YYhH z0J9F?^S&0~??$+cAMvggGpc>Iqc??2xPT507`6J@H2d!rVYrChp8q0weV++g?2Ti7 zd2_+(yuF6#{^}nv(Rg~^%>a3tJa6eB0Kw{C%Dxo-(u-7n&8mOHgvNCqn zb^upM^CQ=fKZ3AXv*;JbpXrUHOyNdw z>rKh7e$OXQfhFt97j5nw?3Z0QNa%9+w4y}!a#ZFXDSNACh?KPN%`I+s0zNvW>4~q7 zt9%ar3dUja8Ti_4P%ZlR;7km|9QBj$JfJkol&tw)?k$-5IDBy1~DX{D5ZRZ+X~ySPk6D+2iy|R(~lQTRdJn)D6)6yru^5dLPUBevgf8 z!?PLFGH`<3d=u?BH_RDg>Q!HSRWLHec7sBWv=2_#zpiwD-1m`$ctO*SE!}~?Wzg=P zN`eIS%j-}zTTkd*^CnfEz2=}P7&ox;*k^_c4!o(WD7qh>b?NpWD9zr?-57psl(j(r z#0_j@%LRhggfI7?5~Ei9z;QrQrL{z661uCu_D_fmd-|+@Xz|uP4#JqRLb(r{z{4bB zx!&XVJ1h5a@KH6BPftd2nU7L}@zY(sXT{mS=~W!wdlQ$l&x{{|;c$JF-eOo}gihOi z$|jS4Rj);q?K~q{)-|OzA{xDYBc^xS$N3BGoZQi55>_iD11Hb74+HTkT{~D;%lN@3QV0#N?2`b zBA+91E+C$oGc4b`UCP`-?1(2N+r2wP^*+PU(csAgeud^t?Tx@fRG6m+GO{?qA!(ua zqf_}&OY{U@7Vay1ohj_pwuUI)MYU^H2dFKrjV5q-_rSkg^ zT!9RG1A>Tcg-I|K1GqW5^JSlu_e6*?Y7)R(s1-v?pn_+7^Yd4{0kM)i>GYG6^nRH} zBEtW#sz}gu;9EM9_w#WLgVG2hqPn>CK6eyIf9xM&onWiZ{eph`Ii-zQ_j=ef1^CAm zQZ72Z51ciuD4%VK?vUyh&CHuK$Zd7>+pwqNG$!me*o7~9&Gn9?7QQ;@{Vj$j8O>zdAkeZ&>A7&lk9y` zxR&TJyiXeX_f_|2lgwwnnG^kHB@Fd_YF7n=yVRdg+jiupZQV;3X`I<4CQ(wPYiFj@ zr+UzCK_%7C?8nWvU;q#0Tp#DRUH_ux`grigBp~&2TIC z9R^^y??dUgW;Hy17IKgx1Z<#2Gl-7IoWWg+i|QOb>JT7_pVlu_{3hHJUAR=e@GVtK z&}<|?mUd$y@r#lCoQ+FMerx*sM?s)fiquXJfKVnoUlY8*z(4j8jm`TOUS5PW1V8_V zi@9Gk3GZ42BX2FMO-FhWpKe8?5sthjW{y&t=b{iCpS5mVAt zi};DiDOj8z%tK|_BhhmQH-HGhqhh#4Ih3}<$dD76l~D5l>A!jIVPR$Q({nDLf`3Uf zk@9G9w-v7PdkHNzD>S=s`tdE1!>K9tQ!ZQbq2e%9%HcYf>(lBSMz}2VtH%jXJz7ha zKgM)kfVNxEKj_1s^%J(Z^6I!)9WJK}KD=jpfBhgN`$qbH>$e!`V%@C%F8e`cr{KIj zM3tV}^%!XctKMuwJD}KO!x`K;yi&yke?NOd%tkW_w+}Oa53RuA6Ob|cG9D>R_@($H zX&(KV`TLx0e<}H-QruHr7L=y*EHq3@e>CGw!lh#+`>H;imwd8 zRmiDk!exkJb{v=GlcHx_GhKstCtI}+t1si4LC#$jNTH;AZf8eOi9@U0# z7->)TFTjz|+K{Uny{Sl&Sc!s?tYz|qzO?Gp>h|;5_O1%LJ38J~?_eDvD^0H5?#+rh zRMBeroS6%mwU@z(DIgje_SN*Kkn)Ldb^8+Lm;JrC&8^ZE>mKjjz3kHLLH08_)Bw`8 z@qn&aJ>@tfrpR<7ll=}XIAE@|`=!S;LF7T7p|8Ayv1@T^t_>{M^4lRx1-1bd$%RLG zm5DCx$d73s6tW0dpX+7TZA9Pv=UL1@5eDK59{T>6`0*}$QQm`T?5KVh{5Ih4`iMRn zE#4z)=9sPBiA55)sWfk&=?^w4@rpN$^qJc~7yJoP+;_Jc1qV3(Cc1lE_IZYqPCwBS z&^?|44EOj7fk=U1NQper@L}!&NmhQoBuyF9c%vJ{!;QWo>n6J$H0TCs-`;9U7y@a)48bcY7YuF5e7h7=`@C zm&HT1jo0r-J}CEyf&VzebUG&c8UV^oyMMhVW;)IHd4D{tvP}}#*&ccemJ5z)9WiH8g8d!p8N2@i7;7aB-T>NH6b zNwM1JVvjmfLHjHy*c_#1BLpRrcD#$6r@+#z{cxOmn~pM{#8Bra#su-)KH~=4t8Cz! z_}e7hQI~yZ`a1Dr^g5nD#&$lc{ycr^!lD}{JvXeWU_3}FaMKxHfzD; zx}x9QW2F8o$vsh|!3e&7K3R!eF0A|GQ1)fCbhUE|vE zo`t-jpGf2Q7(aNG5{M_XunsxO;UQB5sx}5l0ThgO7n7jw>5h;1S^}&yhtG;>63qxHi zrQqLm@&4X+#TJHBb2;gU;84Z~$#tEhhF^L=M!Ubl_y0-31a})A(N)3B#fNo?1(M_X1Ri%I%)kOj;LyjK+KZ@204Blnep-e;jj)VO5-X4|;%n`F$T zB#xgPN|Z*~Dy?T4tWD{>jZwj;PqP*|xD`3a8Ahj4@?Ad%5<6Cly9*KK9dTvu%8{>O zy@3470X&8SjaL>f+5zlQi>K#^|2FQ`%-w^t zQjf>)^|;WF_tbYaJIDK0#p~X+X3FOl9`I)*$EVU-W(Up_MjDfOdcDqZ{5zRjto(Iq z<@+sd{K&Y>ImBMLag}RRwLr38ipQBwtXC0ir}!qzJ&(q1kH9`nY@IVmV^lvaFnPp_ z9Ph>9@G3c$_ot&-z*tuO?V-H6aK<2LU$o*M7?7Kmm~;A&y_9dA?@C7%0s-aq!_T^+ zqimrhbJ@^@-8OFsVzZ)`3hZuh7%P@G(W`3AY#BGF`-VZ!NP1qLLByi{R60~&Z0FP% zbJuIq9omEY2qe%T-f4i^7+lc>a z4v1c!gZ(3ZxFhoydOo!;Bc#w8I5AQh=8ZFcfqeQ_#qDS*^uRLvU*aD>Tc{z2mhS#0n7Rxj{`q`svDTEM3_EC zbsci>TL9+gNkQbP8Xg?{ev+}c+{^uIZ^tdrMn=U{U*pD+0Hxo;9!((vL<4@vYgbMU1fi- z-cUqN@kd|FSW*-ODh&6)0)JTKxL9bv+5iBz_o48q1$3C}9Wt>=PwdxukH&0irQh-8 zHX3LE<7SgAGrG#p-IKr3D z@88*Ff1`9T@&eZiw>MFG6W%C4r=QK;ACX7qpk)B7N%O>M(ez@pKZ3!8K*6)$4$^}U zcwmr~@I9j;(32)>pC8z%=(wLi0HJp%@>&aStB^q|mv)PX@tItjnve3r;%@rg+%qNF zw2xBoUkV0XEOFxHS{IP*jMeru33>sg*OlCuPANz_Fw-RpRNV zlgVW;rNp-;xu3~#M}jDn^GW7?w^9Y?H(z>nNS%s4HJY#uZ;K=+fG=B@U$%Xyz*J9N zb}1V;BwQ|EmG|if1cx|CSOv}buY~xZCM(}>U1Kg!w)vMRJzz*96(EpYI^{%6a>RaV zZJH;UvrdZ7nna2gXAp?7dIYK4GD&((+b0Q|VBmNjpYdJo)hpB>z3wf@Tf~RK~@5 zeP6E(zBltNUN$CGBbU4JmKGaO@PU*xGM8rd7HV%A+!IR9GXc?5I;Vo zPbmYO#%K81eJ$?z`__H+maZ!7qOxrH$o3`T3Bp)q?WP6i)&MerBLsBJy=WeUiy)YUry(imBjF~UI8rLr*=Cs zy)$1*J#3QWKpd)Loj}N+oE>5Rw9!5ggj)y%+ZEZ1Wl3}cocG-NTjK#~v57CVbruth z>Z@*b*u@#*R92Nk%n`7GcWqRH)?%g)i%O8<(CQ?hI{^go#PweT+FdzzntIR=&xF*U zp_y>B=oFzQC#94UT5J zCRdq9r?HzSksMq!mk-?tzST0T4=zD<$D+b_S63BL-j;}X!9K~bx09FpxPks-QliR;Hb+QGME{t<#0D6V_N(>2Ayk_sUqn_^h`QmI- z{@q(lXMrwYTBeIV@E7$NC)Yu-P46=VezT!d8(*TYlR;FsM-0r3xnbxl{XQ+dE|b#N z{<5{kI|}17AdFR`J~iuLoT^#d);ssT|BL` zy3nM4{~A-zG@+#V?JJ1MPG~tV?|umDg;tn`+Xq8#;G@$t;zD5xyz%=@WE{HVYcpB+ zhhRize)f?=ezb<>$ZlU2d5u>YFG&(Fm&gYi@&td>E4xnQWWlf1g(#j2$Nbp9b{Gc( zUtD}Sw)CTsn=GXcGbIg1B+5e$AhdTIiIh5_gN=f_ z@qEp}qIFX7M*Ug`2#iYJ>%*CF2A?8#Rwf-IR^FB1O#V%B62=LqQ z#%h#W)Iz%IU+mQ@td~#)@ptp&So<_iU+W+Q!V8d`0zNjhgH4p^TwA#6&8ILcd}+Q( z=iY*m3-JZk9d-x_b$!0b{WW#=9CPS?CcSc zaA}tB`#Me_2A~z^iHWHu!~8exmoAuYxsCcxI&jEd>Wjg7ulxwmK$@c`y-pjx+Sl%Q zVuy&ub&a4=XxEnQ2c&BvWW5cSPV}A2gn|MR);`7;pLXYg%p70-GhaV`Eot`d~ht|?}7IN z3m`z76pb(3u-5yFW0?}v>n+W-HP^NT-e%4#&|uzH-;^sJPZl~#{KI#BN&Wa8RoE9e z?7PqXcCGIcg(82DdlfzwxS6#`T*fyzzn9%n)wtkWgy2go3|N-zvv`pVUN;iHrz+;w zHBq)^pYUHu*O;#B#^SI?T@m@c=tAJXGW;nj#-#^NPvNI%!cA^do+YgJYt%7(h^qNn z`tf=Q6I<#!TRS9`aXCBl8H_s;Xa4R>P|qtN!S_LDp~>JT=HZw7M3>_9$rff&=I+O0 zeX8x;)$puY^bk{_F%93d;JTjDV#V%f6p|3Ti0d~R-nYT?jZ%Fa3gJV+XwTA~QniFv zQb#{JhoESmwCZvs8{)6~0SQ}dfp%{e5JMjyE>R=7So$Em(PrZKR1mOnadD(t{>)SIr3pLw$uH_=xvQ0pRZp zhhU^k9@0McR>-?>)cw8~t@ruXzmOmaZ>Uyil(|0v^swvpC_lDeJyg#09@q2J{oM|) z5lweiSnUzzo4n_3M=#1QvJ%BoDwXh)y3${&EpHs=`W|Qw0_~t_;`?uCKR0s_JzRDq zIe9&R3%t>{=X8MKo#&Yo)LIx==tLomjgSsq_UTWAWJRb>QWC0}Na&fMz1UQ0_uljo zpANh6IFBSxc#8F5PQFiZCx>8N^?CkQv}ICBO9Nvq(9-osU-vYf$^V50rDR-Gh>DNr z_zD!=SJ)CtK5CbS2Fpp+VdP5qzDAvaoW~!XuUlUkDA1p}y_sGC3y_#4;?+Dq0@~QP zGb*d`p%~L?jHzC)?$}v;jN+w%lcwQj_?;bkf7|GWXzsd)TT_fNMHKuaEl$kHgz5@i zuhzbO`76r^rWFchAY+O}zmOX1kfEsqJ6BO~J?EqEXEb@OC?1J@t+3yXsNzwjdy7wF zs#y0kP1!$^u4_wCZHxYrB!NeXB0)0BnTupQ;Uf-!ZoM_|a#LL%w&mTsd z4x$69!Iv`a*c#uhTpkSA`j){yhd#vf=kdCIM=kr3oeq)UhT^)AZxMoXw~YbxHbB2% z|8#p$348M(&79ljRW-`dte=1{8eQPx!No^~3PE%R(k3Vj)aZ{~dM(N@c(EtKA*%fQFXK z0hrzyIEG?@R3Bb#M-|X%&~D-rvN?%&FfQs`4|+-FA4YfGn)fTSzmcE9$mtAxsa+9S zVU!xy1?p2en^~)$qklN-%Fu}q`4L)*xb16&X#5q7LZcqW{X(CvHh(j(=E^6`&ct3r z?l-%Yt$Sh|_J^-bPp{<6eQxKly7P&GRO>IIvwu-c>OzR|`m4Qt0GsD3h_Ka2=ciMg z{IduvL3!I}3sF3>-WY$_OTl;Qpqx-XC-s6v zNq|#2`uHORs?4q-Sp8NWGw!$}u>`)(v+wVIdrr{*fgzrgNWWU&roG~-K|TF+3R?S* z*6T}B^9-q3fHk@)B>b3e5_R}!tA0c|H+PEyI}WH4=Z^v`QV38Xc|M303N_YA_u&xv zJKn+vS;GpkTNLXmwqTZ6Xg={b`DtAD4IV$>J9m=&Fv{;o7U2M}^vWMHL#OQRhgx|Y zhKFGGD=q|dUZ}dy3SuK-W&CO?%@99~Jc zpHrY-l#41BcOKF}=Wg2Wd#F#@8511*#eDF|TlEDz6t4QAP@m%JLVJYR@CYNkD^-zf zBZruaNe6t&M#SAPPOfx|!95@v_D_c;Gtx}*uF7y_of|3Je&qi3wM2GeI{JVC;Ffk{~qE0RHR?uea|s^ytp5!w_t7 z4(&-O{F~)|d|DowgV$0s?|;VgXJ&;93^3^z4b^K#ZI~uQJBu?C?I^Q^$AySP<9)v< zIUM(|BZ+?O3S~(A2@eGK`QQrdVN_kp;lT%XgJ`o}hJsE=iQ%J>B(Qh5ADCKFi40Rle{$5;jcjGzJ6 zYKpHY4~Vi(s2QQgTAyFVAzL2D)pN)1bs)rcly8Kx3N&?HL~lY?iO*OlCeb_5!!n{6 zDqB4c5~SBWv%SQEd{W;-Ra@D2OO%wmT$0|kR{vWL;`%BBGZ0WC6%H!^6!uHmXT@Z) zzq4|@b#)h?G$*z}`mUS~W(R2ClaW{OI#3GJw&1m|$F>?7KV~ND#rVv?$t7Z$oJts!A=i%Wdv-~QRW@%raFu-r)rc0H8VQlDF)gK%cgEsBI6!-vvV~KZ||8uGTcB@cthl)M%CQx6S`r{71)T zwGey~9OsWO_tVxVgYzks6`4dkbs!?B0^TM#AqY+5xQy{b`u0nG49S!z7SSd}BRqPo zIR{AJgf7Vv&_~Uws3S5vBI9|$Z-`)0xO3((eezOr)E>|z9g=Ib{bFvqOfVgd?cuu+ z)O{qdH3Pdymjv54Sn_bK_RH1Xek$S|0nAJ`f%HkF8Q<2n-6pQ)qnX{kHFUI0HD||cKqRbluu428K%*}+s9p!zlUPo)g zFDCW~9b3nEG3ZUy)d4AY5a^>?=bYNx{N2Uqkw5aQiE`NXcyH&jj(UQU)bO|v5CVy< z@1!K;uInJc%uQv7z4DCg{!Tj{iwdgn34TOI(|qgwp2XOIO?I8CK*_9#6*^<~M zxafUt3;aAg5P<*c<0pv__EBe5=}m8E%qX^+QM0d$AM5*Fs9;}0dO2JI_t(6l?ae{r z>;gb((#eUqZQciXmhRik(WR}%0rJSjZEG&qeaF^USD;>VwVlI=3HH=qD6C(H#eRqw zt?>Pit}M$9nV5ghR~l`%Bl!eT9W;^IgO)|9Qq}hX5?C#y2b-}TG1Xl4J&%-QvzCvm z)a@(ONgChK4yR(l{aNvAd@|&>>5Cyn|BkjTB4Se8{3O342gK%$2>joV0BlTrK~f4# z2EJ&UVXhL2s%EGGGsFEl?ehn=ntl7Q$9n@5m0n>$|4xVdU@--oEtFFv)ZJIDB@dgUIa}$>0@6F&vLaEeB}*fj1>a}c zw1Tx_3Q5qM|87U%Z%z0nzIr*ndZ#9p{ELFRhMmF2?ZSGFW_fV6Dbs_1uvV$E?> zxAz_;miy3QC@X}%;1jn3ot$LES+@kjsDoL9 z5EjtVczkUz5o0z~x$oEeNOix9yxop|3xjA_e;aXgzOAmJ(BFQuH>zpBj|b=G$GPXe z<9>{HwX&RXRPs~c*>G`xIXJhU#Ds@#-?sOHfFhr(6jJ^WGFZ{Of5G>*oyK?b=+Ch8 zeDa%=P={TXcAuL&7pOoArfkewR4?uR;H7;A?n8yI%R?^7MN;11wPjqi6cO?{-GVo_ zdiCJF#-C?%P(QqH-f5qs8wb{gC?<-$wYcy?9Up_9obG5<_m{G>xyb{IGsH8G6&#+! zYrm#kGbDMRFL!C#?@7&HLk|)(AK?X0DRPn(9jl4p%cR<9XdtG0mLhr4-R!Yx?t7wg z|0XBn%D}Ny&m~x)y6UFx`wr<7KNP62gu^vquW|?r=3KD&`Qa<*5c)$~a z{60fEzY0^OC?P?$jOJ+UU-!=&?FY-?s|)iL_+CoSKlv;Uyf@OFfrPANKfkG0f}5B% z+rJe8J;hy7zq4t5w}XVQdyrO`YO{42BL6#9W5ex zhWlpx;#tWSQ+QkP)^|^3xDla?($jy1PW*<#tdQO*YM37`xG5c+xjWER&fuqFq1(|J z(7RTMzxR~*IN>(lJj&QRHHJdmj3wAdn6nuB6exu7V8c%Z#pTby_|e~#Q72&gUIYN= z99>UWjuQfce+IkFg95(MQaL=zT+c>AZw5!bhY^ju=pk2Zqay@;h;5E>8HmTz(Z4Sw zA?91hWpKI)R>Z1+so*#_X*gwOa%RD|tNJ5DI@t}4m;EAPvo_y^1ZtqKXfFwJJ_+UbtqLH^FAg^W#%e{#Lns4NPZGx_lj8ai@U4ln#O4|mOx`YhtvEg5vx4e~ly`1?!T26BO_0?ge{YK<7JtQN?v{L^ zbYeg#PotsJ>37BK=#s+gq?^(rv5z%=2c4Y(;(vrBzKLGvo3UI#k^SdTzJ1_%1DKi7{3*Fjr5nn)Nj=rE>B9vievc4{=& zPl>~zBZ4zmM)GN%w0?J;+rQ_rr8_zqu4#mrWncVS!wz1cIrQ58`jecIRaFF(3H_T7p2S)Y*XE`7H5~5wLumFfV_colv15LM;|KI7 za4!Th8rnBZP%qD7GQvIGrH;uFQa{G_WycQiR>_2>pZwZGu5o{X5DXz9d)}_}5H2$; z1SY|K!`69^X}A0#$-ni7wMQ_VO{l)?_HuwXoL2d6l z{9dt03lnqPl)zaIDrywlO5Kd3XtDAn!gXt_>Gl*uMfudOaIpTY5-z_0fkuW>1avcw zg|MLQ)~vAGd=Xy+*4szqiNnK$XPtBh4#tInrK7yx&8T zQR{0DHAjOHucyU=s+xU~=X^g9>vv8!VDkqTg}p%|==Ab6Si|4}Fz6oWTj=T*%ZbzM zbYOwprfaq=y!;HPmcFuwvW(1i>9O`(t~B0s#uw_W}tPyJ8_TSk)qL-z;l3U{3Qc#Ilao z^iSO|ao%rKmQ$)4{r zU$(DiNQzjajl33?0YKFLd^!^D0qX=ToV+-F`^=6Y)%)oFLrTKap7$pXWY_a%;fPDj zvmsXquBD+EkV18~v+jTa8FS3m5b!3(<8OHZdDF50?q)~hh|8!{2f9DmaDolp>G4_U z%UP8bvrnn#SAwNvRXw_I*SuA*2eF$AYh$eTHNfZ2fAGbWH&;gZTW@A6-^WhBp-1L; zzTFj@{DrsX>$eAE?~mS+`+cj=ftr$h@i2&)zc94$W~6&i)2ef2a?`YQSKMQ)BYN~h zI_{^KpBNW2u?s2lJPq(i=Unsby1y|BV;EpGgkIYIgAd5wFrRmAkpwhe@V-Cqghu?d zuk*e~-?ZZxp3T?&J!;dkomiMugU%r0IXD>fc>~3^;m%bBlV0~-k~t04zRHbdgjNl|uN|Fs113+sq_;b`vNJ7mleiDr!?nKg=-=L8(X!gFGYTgl zH{mq!V_G7)yyP;!Wf2m!+*P%?_~^TghGIgSIvNrS_N1p==A7@<4_+mUZ^NzMRRtpR zvtJV)|3CdSb{c@k^jN(^7$!XZ*Hw3FkSSrjoDhwAu>skw2dJ#98EZ*CjDCWPX#d#u z$8KD97b!xV+??q?#oPoJU3HNY$E>Ng`YEt=*Yvs9(@^(KDxJ_gbmWt!n0_|D5Bo_> zpNoVDM<8Bk_ByU83rb}g-f8X#IDrHxs4EQYdIJ3G$obk?e_C7P>wx!AoD_mo8y8VN zyXvo{$8@5IMS?%Fh2h_wa<&Ab*2GKKNOGUIgC3oZ(C=a3)|`+@_NpM0N0-cex=$=* zEWgGVj%Ag43yul&y3fyxOJW>F2d>VGr*|UHZ*QP(sNrod=%}DAZ@<62uIPXs)BV2ML*3LH zQO;zxm;4v&XQW)jo1*yRlrje8G5P~A+Cu_Y9;aj<$zd^64 zK#|iQ*AG5k(bWdQQiFf;Ld|>+}x&txf#_F@xnJe9)ip&oPn?Qcv69Xm~e}K#QM|O;iyta#Hb1r zhE*5^)f)oRftIjBa=j-j9E=)f$lWpY50J1WPq&Asr`FaqH;;+xcYH6nR~er^MMvAH zH^*Jm&9$QY>?><4GtDWiYR*#4$^zMG7S+Q>ygtWJ*^9T7Is|~#ytQ++luzao9e$UJ zBokrpVegah@G83bRb=w@bsK`KN48pdmvShCHpZQbjP?_5N&(h#`qrjpHSWx*z4#) z6%D_Xs zl(5e)&?0}%kN?n-xYG;-{ZX?LAN7C6#WAD;w-f2NP+(*7v5EbnNu0UF}b55hXnyCs(zN z?mj?^v}v0C_Rhw3NcF!R!J@Ce*nDxsepKm`gwRoX|^K52lQA|eJvrpNQEgdzDj1l z%V;6JDqi38Pn_6(9KgK1y6OG4+~j-8{$(IUs2#6`Z`R%;_!@QeTydrXmwapW=?+kT z^f|A7r11-77ct-CDG^qn&P%4#yEMx6g`tGwu^Btb+;PL1Y5dZ-QOg3T(`T87AU~B& z)W_CeNulXq7r^z$IvTQfp6ABP1}bOb76tIX*TM^-8xde^u7gQ zJp=4?V210Da}Lm*_)HLfzSp`Mu`B=@yq?t$w6U-4EdmW& zgUJ8t5y5+v4p+4VTtq7e(3DrII-V-1+T_r=5Jfa4pS$S4BIx51km{X4@ySIkX%>wY^L2HNsldOc)N)*KkT8uCQ_+F$9u_?^LRjrYCDw;)@De-Ww(#%Fwc z96Kh)raZ^2IpVQIvws3L=fzwOYrfph{bw|@a8oN1mY8Jc0CQNVpCa zEo32OcE9bS3yIRp%q%?`Bpdo4kMHoKjbY9MY5CYD#X9J=USBG`7Z1P~!hehVk9%|{ zVK1i`=O7B62_MC$8~b+6Pu!}5KYp0UcIHKt;e<_2lX$rc_wAFTANK&cv{Y!=C{z5t zFQnvx@>&0T_{~EV!q@Q)c#01$Ai zKuAb@-poc{z4Y>E?f9`=qkDM%3bI~2N|9y(+)Rh*3tfp}U+Jf)yt@|M*{zKA>B*cag(876K5{%D=qxu?hRT+{an!V1x_9?EnL7NsOSaj4n_h?eFr} zA5%~#Px-uG#gv!L8Mp9OUki!Pjo*`w{iLmbe!p+#$D;^EKqjg_6Wi`b1R%e?sLp43 z!(8COz*we*OtshU>ys6{B#!e>W!`Q-aaQt+YMrO98~6PNV!$VpJDzYs6)v`lcP~q* z@#mp5$@s%IaFg0ec8b!)qVEzOYT;o%fnO56`PRjDUz4d}uH{vnkp1 zW5n^N0>S}3nU7zJFV#y=EfR5hzo2VyR;uAB&$#-qwBFKrf`n+fZx4^UZ$I}{qU7|; zMgS>GP;)H5s;No20GS25n%sS*i7ER4X`YXje5>~pqQRc6XZ=3%U^IHU9U%Jif#~gF zN{GjPkJaj+ynfl5ZBZ6OO(l%7N3Tj@(h;$4tum2PhRaB`2Vx3mT9BD;#^G{kuKP(P zH^T3XG4MNVzL$ZgHJVa1sv%l=`99hxPKH{IhP(HE0WN#{fqOz#-sVEbZGlo!;y#(@ zM3XSUlla;5$_mOQYPlNvq1ltx*Fii$XSi&&sk}XfOUB5Vbt77C2&gb4UDiKWB^wYj zy&J0 zT|X=I^S@sCd)W<_yRbwJYsT(nM{WxVy$XwWnyOy9g7<5;_&W6!zvB`B+wmOEXCF-W z7A}oxkmbtafQ5up@ze6Oo`e#5_*Tz}cC)>S_s;}+FnHWLF96?X#+ef4>-0uLkWmZ# z37fA!|7z_8<&(1MMtXB3H1*rvsZcO3CP!*rcTGsQ z-t%G6%D*#q3IWjC&`)l?FwqUjb!T)j@u`zX!v_3Eu|oNxONUphri7x1%hr+pHj6TP zeV{_C+STAxfodpj*y_gtTJjW@glF(LFT+J@w&?zXEz~7h>l6eV@1opaF>@xt;JbU5 z^(%h@Gt361ZyK&Y?sxWy{syv4{6=Zgr%-+j6m=U|rlKu74NVtoIA!K}`X*%yLG~kU zl@ia9ChFp76HSTuN(tGV-b<=9U-PGIerdPwV*(r#*Sf!?E*#kLR4!DW;SM|$3q3(ny#mV6 z!g5rc$79uR_wV&PM=d|iBa2IG*DEWXb4OeB_(ScdR!h{%dT;M%A|3dKgYa0+9^a_u z`Cu;SX~~)oZ}W+xmGu?A{R<$Ph7T^!bH2Xd+EoT3*k zkBEHZy~fS{9`&mWjqO+RS#S+rI5!_$UCIa`$SPGVgoZ`8uT&Icw3tXbqO<*b6LvtrGS7W> z*Egc0%zUI5gF<2{JVy_WZao^xek7CXrSz%`Z1dWb#HlYv`0Rx6M6*^4)na9kLkSpE zak;wAf%5fh<3w;=J=727(64vSE-KRXdFH*xtc|CGP;TWPrM5w!>aM!_*zB7SJ?~(8 z%N&U;>P=HFj$0N^xKjM_>%95v7XbNRz&Puj5_8@BsVvaK+v$EUO>&h)LNeI>e(iC0 zTz%hJ@fCom_&Kw|*_LkEU)*Fk z)smO~7amIn!bsZFw7G$Gp(bTm3WaO^Yb!ZFd{L9zmY1T%X!!`zrNOxRk)%C1${Q{h zyAnokWq0!wP3I6&Tk0yKdV7n2Ze!qo`C!;Da^dG1jweXDsllh78dv_w9vm9^6Kbr- z5RFSL83IbQ;NrE6E^^T6meN7b16s&iX{5Br6O~JuEX;E((g@DSKjC?L z>8rKoLuP#re9_(2zRY>oLcu0~U5>{yNrmY!Ow{mwbU+0Qu`@p52r#%82^P|o>u03( zy-6~o*z7x(dB~vP1inzM*Nb43oa^|h%S5$Pk3>lrir4XyAE-ZvjpAsH=TN#uwR`b| zUoUr(_L%p+58J%lC4QFA>sum}cVf*=EO#{nzHG;vkk@*OK^YNy0FeMgv;Lk&_*->9 z7xZh$jg`eo_E4D+6ChVAPhZ$d1iI8c=+M;qJp!PRg-2X;=Y^2p4vTei;w&FO#F6%( z1syxFYuf#1Z$yiy=>8i@`*lAccHX*@y`VUYG>FMl%K3mQnT zIWwN2BRu+Ig=$=S*hG(bc>Qt)H1M-@#&+!>41Kn_czUfjmixBb)kcRpH#0zVy`}cu zsmTcWxer2!exx6@*4(@B_;R-uxZCTo6QBG8rLrlr+Y@V4_y6w8csM;<3`sp9ZslH* z#|Kzamw67nIo`h^GJum1C-4hS%K^H#3EIDkT1r1S&mfN`PGm~PQ~Bc`a3k8+dQJMi zn5I@U?J4--#Y+dquymTC>h}C#26aqE400uqkw_jj3m$~o_lO&HRV+ZVwqJXB%m;Td zi_;(c;Q3d(5K;K9(ak*6ME&{185`Sl@;WTlaMxTaf;!ao!v7jLpP?ipS{ua%P_f3x zILQPMTN0frUC_GA`opNTrScZ{Eq6_g9#E~I>&>m zzqprT-e=ODZl^+L0o@4+z_DQrp6>6)&k>^*-+li;I8WH^j`I{w%AUlwaEd$^sLCtH zjGm(|=3jERukrm^`|aDcmB?~8e;r*-A2U-D&xXC6>ccjj2)c(Kj5WhvyjSp|&c5C0 ztGoo+ZG}SO^@if+8askU-0Bk6QoSucB@h};)SoOO{qcKNyJo>V3B;J-sD1s%8M0DE zmsf=h5-tT=QAfLT(_wT;!e=G((jJmy9pJHVkOE&ODgG&_%7fn;+#1)}wvJ`14 zkBgW1Xo}5AL9lQ5u zVeti?JL?>f-9Iwvi0Aix0=nf0xS)(7VmS-Ko zA9Pr7DyOg|p0CwL!>*e{R(Gz{26>;WPkNT#7c!O7#ImpV;1oB)I@|(_FrZhluP1xP z-vv>g?(iywEF;4m5%JB%!L}|(z>hYIPu=SF$2GA8Mdlv$Vtxu@*{>uc$nkft{f_H1 z3h(EaS`cU0@+q44>EEx){d&Aaz-65#%e^3gQI1jw1V^p`IBM`AX%l+LK8BwRS{*%{ zOD-%hd&z5}1I25PSZ28A-3Q)hMf+>{x@|v_>XOnwe47trc9^|(#3?E+0zKTwv$>dPs`(}>iUisU5+b?d< zr|JoKLFn6_`or+RFv6qO=O{qP?$YuE{RtgKj$fVfG5z+Z!$ef6h4ct3jUoEUy}pxAh%_=!-@CSlsYvkp#%4a4@^ z=fvSGnCTjbdq%B4%NB_E)Lb=9d_|T-vEe(@I+prAV(2Z7Ps;8!;~YY=1(w~ST-OI# zf{gEXA9T9kqhtnb+|*OzCSKX^&x32`CR6t0thpPG!el$nwJJj+S*s%^E1be3J1|96 zL#Z|__56G9r^n987t{tD2`;XJAke;0pdghdb|2wLalW|UM0hte?{jZZq=!uFe!m#( z9TEVvGlLknqqnxZOMCYmr1OrRKm8%Rm(cAeLPgdNci3X$VCW7VyKnqLK@R>~A7KXn zteh?}rMf3(J&do{nNs8oqCw<%Q`94G8aEEejkzFELid z84B<^%7Q1f2{>k@`n{{iX`<(sOEU{?YbnFAF*Wy^KT++v=H9KS*FibaEgkp+1XmxX z_C!n#CRO<5WOA$S=J`zG0Gb95r}>TFm)>&4o~66-HD1ql{ks=* z+zjqAzoEvV@2T&EG6_XwCG?_QUgg_gpgQ}cKQ9TyXJzv2sM+ziLGOG}+|vqI=18og zTlJHI^ipR_P7*9{ULYE;GY{rCT5TvhTk`tpJ)_h6{$T(x(;?HTcyiMSr zNxVc9$iGOWUs=U|sIP4f=K!)(SZohjN=URuIj^+7NevG3k>X1Wzn89Ast?K;t`@$F zA-eP&tY8N43Lx3?V&XU3K2Fv-XdDm2!-%XoXxscoyyN#T!D_uHBu~Cj=!pA@BEf{8 zw-_4BC?CP8`fc-fKAOGb=3&J^cF`=KRqHj~w78zQ%17~`_MN|W=K5q)q~hAUwEFm< zKnr{Mb>GWCA%4s`Rb(19x=;S-CgD#%Kf)kBbGu7| zGKuE-v>$7$#-q}Lh*PksyL~IP%ia@Ulle%jO%|W4OV>RIz2gM7zSyid@3M!E5l_toX_ zJE56fLC@qV0G$1ogM$*#AN(^Mw;r4Es4t${XQvn82Wk@C?DI+65nc7=0sNc)L!5>0 z@bQ1<8hj4J^wS{C?M@#q+$akMfx<0E-4(K}J;7SqUP)UhfF5;(P=G6zzN&l^BJfgZ zN~R&~?N9mj*&zHSLJF@Ke(0lu?#dkF{if;hQm3DLegn)zP5QObmKn}8p2Imeb0;RTF$(OfNAv*V>HZOCuHma zuvUL|5KZ;6Y6bA<7YsJM64O{=PA~PLwLg2iby$0#$58VK)_ec=VuP=)heE_CM9?hx zu*~VtG-|YkdnYSe=1iz6f1?k9nSVsfB!ts1BRrYCv*TMo+a!lHhMpA`5;5m<*NBR0a+Y~zv{XVq4^cjF;EHbW6mqco6WoI_O@TB>uf#5mDSe%>}BL_H^T9b^-=A*vdR27WX9y~f-gc4yJTYAUncT7G;9vPE-2Bdhe^)+ z^V~H$g*y=VSKWuB^P=)f4!0g7KbqF>^qBfMh4}XJa68++OlTmTPDUQ*6c2J(nFC=g zE5>jA{)#(eNjsku;vl~G$f%o0YVbxG^71$sNC-nI?noYT(#M1mHzQA{_eS(9`lpzo ziY6N#k@FE#ReYKT0o+eiMW0?H^)m?bU}fEwIY++wEq5NZnn zZ=!)j>>fO4VN#34dM3CoQy$G=*l&%$5G$UNg}FY~dx}a=bJz6zzCzN8(%3;d-d~YA zxt_qC_VM>jx=GHcP#o1OXY~h9kmZJNO$S^ZwdO}a9BxyG?|ap1(W>6-hH*llJN7s~IW# z(+jIhDwU`d+qHI(>0eF3^vU%6tJd)2>Hb)O12@NR|2i5Ev9IpPCk0qqigu+@qMXPI z+OT8z60Qj~GhUmLkC{z{1PJMTJz!# zCNCug!~Fwgqfh>|OyobRf64&u8@8A8*_JT{F62)#o`K&~q{Z zPDGuza_S7rkWi8OlC?yJiXh%0kv99YqhHJ4Cm`Ocz9d{q8T!rQ!a+*#`hfrgcKE=; z<@6f^dXIT>RG8dv*VfH0LH!D@*%01>@#OSD;a{uCE9wr1BR~&zH?io@2y5 zbbPEzOLpji;Zz@DVp`#d7P0w12kco!(uDoW5`&UZ=oe3e<4ybi4eba8nPx z-CgtY#)!lpW+;W;l5-ySi?pvFkG&pgFVIUnuJ-qvc6aDv;JI5Kav9+#!CPO7FR+Zq z{YoExZSD{s1q$oOc>XdoFLgy{xO>G|df)HbzHlY2MP4luv8hto_S<=$+-Tn(_bxi%O|`ELQ@T}CLstF7SA&i{P$RLB zptyF!O12Zz6tLy)4~TG<-xEMsXXLm-TDOMbW!3F+Iyl=c5YK9AF*BQ9)whQg1fd|D ze{K$yWmE>y?roe1dw1JWLQ%lC6%Igy`g|k7yNl4$Z}Ej7%=I~aHnW%^`IxsRO>xBA zF$G}k1!te;XU+^BcNvBYxSp`Jv!4(P5_S`n^ZFY{;Nr(yAqQ1phaHTlY1rGu^74GF zB!4w{I4*bz!R?3&#h#N;+;2dGAUQPc?OYa@X#rFWsC7K-cHi2bPp41|ZzC<6Q0pvC z?Nf%hvcolVRl=_SlBPz7rw8oA6j?$D_~@h*$;)R>)1JFCtF?$`oIESkw8U!o6W&xXK*Pm4sny}4BR=4O^ z$HD-@k^PB;x}|9qYExg3nmwWwQqOD;d4qkEkHW6^trz);w1G_P_?L-`gtkL?vd7yW zv=;{7^4;Adj~I5dKDjz^B))7o4ib;Y=VO(R<7m&porgVFPkt+}kb7gjg(QG&WP2^n z=ZD4dI-40q9$vQ9C1I67oou_2UbEtA=>TE6Trvbvgv{`$Zle&CV7>*-J-ZAhvqTf13DD zJ1ysk&_9VWg=&$w{hSDUZ9;S0;-+6AV0M)VrDH924S!#?H{(PL7WWCfX#A%?4lx|O zAp2wA+Ok=W&UI$PrhSFsX+-cWV941%s`1JPjo0&^daoU79Omu3BDH>`nWXcxHfAP%I1#mVUTs7BYr49hV({_an2zVDcQjdm zDbZw~R=nl`qSQnR9_Gs=!Lp60*AYBt{f7#pU?G2`1LzY^PNg9%eI7za?Q-9}o&skU z8%%{e@$RBNps<7?Exa%C`YQb1Nq}L2(xT?M#R55Rv>fd1a&t5F3)Pt)dt=jSof&aY zPMo_o;vd~R&YRMuXIc@aFZ9MP?RPI8J|u8C9Kg;ZGn%e7rcK zh63o5#=OvBSJcMRbRRl-B%H-F=`Fm&-?@M@%R}r(`kS>pnJU*N4I69AUmVb>9i<&iut4f>9;p~o>E@ib@rp4f|(SmkbQB3$RnE2l15y{6!1 z2#y_U0~W6iofU+8iC7pGB~fY#%sL1Y0R#*Kv*$fDy39Rm6zwXU?1t%m0g5M&_k54>dUi0*sE8cV zDuBbXm3jPRj9zj)yLgX!aoV~NS?_8H#*LQ9 zp!M%#K?CrxoiTp|m+?M2>i8<4iiyvh?tL`;+6=$aSe!Fvq@{Mh zzMZotn|lisXtm$tXw8J`^tYo?jceJyQxR~40ge#+#np?0^N6a^IK*?uvf3wko+&18 zsa6m|b|o6Ga(bs|ez4%$wJ{aBQH1*kP{Cl?1G!JLU0glTR;>J{yumO64+>fTGg(rC z=1QwkoKenmB65kXvD*!eyUvVeZCUhBcexqq)!XBqU#@59=Xl|*l!ASzQ(9}Ch|LjR z`p*6SohUEe!i5^V(T=(&_}mY`oAJ&}!)Ot}hTxLRfQ&);1JKiPe#0)iUuFkQY^3v4 z#~qW8c}Ki#pAc`J;HP!(-$3s@&Qj=0O3vT-Ax9RF&|_p1n7v_C@%*92;YF7B&2U zr3IV7Jwei9(J2Jj&}`?~x^GQ;x%>Tz9B)cOU+f;LOVxak?@cy5VYA$XXEzBbl6y?o zo3e-FaBA+d98S0RkY{rPgneX7IuMvs90*4FBR_3|z}6=Ow>dYk#L@T{5Pj#G5diu@ zyy>Ka|GAz?2veUZh|vfoIXli_opJD?ywUJ}f_w*$zn&_)Hu?(&7?nmJRB?|3JbICH zMIG)5)T?g@6{+ORq;NeGtl|U^Fu*hSxwl&Xr=VQ0X7N2e&;>@Wazfgm4o_BRs`I-{ z(9lsocOsH}-B>>lhwLu#Qmxs1S{d?jtC_xie6Q3epvl`VbdM5A9y872N;*NG-}OXS zqB0sy;`ea31jKPYQwCYRKkj`y4y>y>_N7_FFWiGN7#*v5aaMxM=|?(&am#ckU%h2= z!rRTYk?X^B$JaRn3d(18-^q8GK?}O);zN7#r?rIK-K$e2 z@qUyeLz>}jOoPPvR<_b$fHw^AUZzJ^$%wbe-|xosQzf(py28jW@r7PSY)d6=pV!j^ z5TJQxzuG+U3-1!fGoOsI;yR!4EtMr_PR&0*ZlUYHWom~cM4qrAhGb^Jh9sC2Fm;i_4MKO zzCn)IwZ(QAhY)RmtKNXUSaZMQ)f>Hye_Xd<#=!(5;a~)*hIa=DgnulZ+18>+5QJX| z1OzSxWEI)hJ5dl+kR9RaC-{5L^qFoqTqvrtGBe^+bBp4`gdCpBiE|10BfO1e?O%=2 zBsTjylYv3W5$SNT`Dc%H`k{s8M8czRzS9;bWFwr~?oL8Y8ci|D^M*;3ameHDm>2ufU^3L!;85Y}zh_!*IC)o%{w9AXz2-YA7_LF*&mJ`c>eon(* zQmC(U-g0~nBV({w`u5?DP(|E3y98MYhKh+Lv4${Jty9nWINd^gCH#?~hE(hTxw+$O z`G{URuPaOI@bKIjk#do+#jLa%IR)jm{+-`jJq^OMTU4FT?J(!Avsmz-L{ zy+XN>Fbz!It)iBU)D)#LFQ2B!_S1AA0z}9U6>e{z6M@OLiSgU7F6+kTNnZVwZ)5Qic!++U5#_}Qe?#OTPGIq5VVjXnt2^yO(uh0HUE#zmI}a2* z`3DmEw>^IG0`$=`5awKk$35j=W_Iqr%+J^Q8K@%W@`mH~X|X6*$nyw0+lm%{xkNxX zXidw9S!#qm@^24zx#9d%l;2qeVf0y;v97jFRCwEH_@|E&x{a<$$Cn&Ya|$8Tc+G)g zCTqt$tx}j)b?mLkp0l6k_}&Z8rlbe??=oFKi**|I0_Ko=Z+I?YE&1MNA{`;dd9Q6) zYM3}0-{^h%See6cQFRf(ZTcIKwMw0c;#f&g1Q_h5#J7)C09UXn_Iurv5W;@;VD><^ z!)N_fXo4;v35J0@sXU*rg~zr;#$_YCZZCzq0_Q>5V~$-nMj3?Z&&Qblgzj-@!Iiq# zD>^u-Kfa6?W|g`x77_5qaFTCcICq%Q9yQooc z4vGIteg2IJ1g+FUy)nuvy{M!L(1$R)N4^bAGPIYb76S%H*KcdMrt~QeSMDn$(Vq>a z+E%D+t91^SYVC?touQ=M@mi)D|7n+mc=cDoPNZXP7DFI4l1t*NIZ)$@jYG!Q;{u)l zO!r&o$XedRPSHP8-&&Yl7iTSsrPs=fLjX?%T>@MT&S*4C$POG_1C4!tY0m`u4hJmy z2VeLfbnZv@V00TRv-Y_fh=9 zG+-7fsRuUg{Ga>ugwq%MhE&niTQ!#;x%0x@*+x{E*un3S1$QLL&)I`P7d0*kY~ntY zYC=_Xe+So@7_m0X{w{|!Ps>)EGDZ94Xzi3O0Zj$XFVbM3 z_+U(>Df%ZAeoWE;3@cHQ1cKE_WMw(3>wUnQuHH9 zvF$yU9MN9dV>g|L?PcKO)u8jI2uR>H${$fAaYwN`IQ8J&f(b^zSM>T?g>}DKZ^2v> zG>M~U`0+w$e?@#!LI;gQ5+VIES)WG=3%8DI;iska1*LmNRlhIG*w&>mg#@wlk=oZBb(Q=xXs4fC9Z|OI7 zUtkI8l16k_7H|dAGpgSc_kwAksu;G|hwJ>2-dFG2*OO&~voWSZ_&Vj>-RZB{E7=!v zBr3VwIsoc(gR7u-RVMl}zk+t(+Ui#*Dcqm&Rph;CUe^4kr)rF6nn>DlqwH#55-@aR ze<*0pdzXrk|5=PJM~q3?aLhahQ}KK=%6YifbhGbq#)W^`=ztj8!+6|{BobOidSFMz zYaHE17Sl7lp4IPxu`XP}kw$1LZ2C4K?Pe9`6czjDR!Kj;y9cC5bO8I*9;q*6)M0_Y z+^6ZPw=MU%+{v{D9ZxCL-d7^Lhz<^}I-_e{3 z8T4$RH$R1mOjL|$37f{0BsSaj0m#J0_Q}bO!H8Kt^QJSa_2Co5dQPvySv}jxw84O3 zU$BtQki#$?e{p*Jgy;vLQf6=t&Pxgj$FPYNuDZ=#v)uy?;|L+KvH2>3Gdb{(CfQON z&@LH~*q0J(-ZecYz*PkQ%3cgau*F5)6C`iz zthf$}bsGiTO%LmDa_@JOUxx$626eh!dd|7-;RwIf=o~qZ!3ua5f6*2`C&D~n?$n*I z_iy7*&%?CZ>KU9sQ%1?==SG1SspkW2oDp|>%&cojT*4mPzBN;(ps`n;Zo$M-eldgF+bytiJmKh~kB;HP+Hd88*tj2a@Xza`x9 zKrJ+SmF|w{B>@cN)xdLlpYlL&lh4Oz9RX|#2*@wQyCZD=zyPN|Jg6E1dW|9FQhVIZ zPbWiC$%7)B?q^AmshRNJ0p}!XG+aX;O&>?;2w{Z41P;W0j|DiKki3>mfE;jPV=fS4 zs#W`$4?fkiqV+&E)6M#fnscK2LBLcZ7jJS#ap}8F4+9kq*y!WV8-bE)*fQ_F``Yel zm|+hicke1K*$yIt%J1J9m9g^3LYCiAjZ;9XEywDn>n}T-RT>nL1 z`0`slvomZuGl&za_F1Z6v}~3W%-}^$(}S%?Ijvx9h0WJ~4GLWDp?3t?ID5fHr{_gz zUtmQ!3F@MMOyWgG2lsb*x@~cE*te8AHjN4i!IAFgl2UHIObx#(edEJq2VV<+w!Vz~ z%blxKaBR)uD2R8cUEmg1aMy)~#T+L-x-JLLb2>PSw2;zU(vb4sJ<%0sT4qO;(qeG0 zz4R8)@F1Wg%)IJ-wG=jg#v0Dp#bka%Wp^64mT~~Q=1?eS>@uJ)A5d;+J{SoqC$umbexrbjfd5W&%WGIT?dO6u?$^u(> zhh%NUH!v%A3S;h$>=b?|LtYXJ5^wt(!OnuS?IY1SLvU_XTh-X_2r{l|>+iZKKAOa<{DS*!{o{Fe?|OrpH5;~ixlkXX(I3GO z^q^|5pr^fg^q{W69sLG(X+GVKf_2E?DoNiOfKDQE%{8-Ku7PZpShr-T5ZHS~Gj8Ra zVJc}cEHO3T=kp@6l4W=ESM#Id@QX(| zkc~%lb75cJ3rjZGMHd!!V+SU*yhL@p;atWD;UB3E*9|5y!#+y%S*I7$7oNjWFbE{` zyY`JqBj9mPg437$D2xg8U9Yq2z1(L1TUOHBXXpc1@YG1bV|IeLvRhd3%as*FT- z80LMJ?NVd5=Ep@!Oa8brH88X9Yq2zUvf!9;W7t0vQOFWtyh)7&`g^V`8W#flDI9zD zA-Cug&jQleYXU46hHt-`*_^@pVPEOjrL}xOF_RPa?;U(vRKT!0RI`MoXkkC1d#+T7!oM1p2+v9Dn9Z8A1_*K3B~O-^9p^DciDu4-Ki zhSB?gYyEtXY?=G~th2TLX657+&a-~_8RXXqj-wS(-b0}-9`76QvrAGnJN&7g zL`-S&0YdYNmb`bBctrK+lYqmV`hkZ-8w3D(!UDY}xQ`2aq$9pa45O0A*dMfoX?vz| zw)K0MbFk!KTb_OchlO&tM7qgw;teD*{L&f_ZxVLD6n3ey z^)QShoh%%y-+qsnOVfk5>>${ut0Qj{d^(rA{RK363A~bM0Z+3AENSl3-1rA2;2*v75Y9pc0y?_rT)6zKuc(N(fR!{`b&d-@~t=y1i3e z@SE%a`J)d+nW&u8kT1@jZq7q~0%?Vqp1uKSkHdjHAXsWQ0Elel&xQY3v2E zj%Z)l_hXN7Vd)2T(d{2w+y-qj20;DP;cKMi2+i%eeqHlUukR(ja2uMKcp^O9h%K|b zJt!v*zabeLw{WHd`V$iuRw~ObN)qf#pj6EbZ?RB{pMT{ij|+-+{AZag)hGYapC38^ zX|3Go+DG{sOfS=hvw2+S_V(ASMamx^ zFvt@s4Qmvv?!?yLpZ?9tj|*p6db2x3)SlE*7u0#!-^f2Ww65yLdkTi4FcskifmpSs zqM+O)?x38B-=%}CeD{}KY~t?mv7xaz(x&p|_7pU7Wd^>VWjs6ny+F^AUo}1G_eh?d zE;d#);nQ;!0tyS9{eFbEOWqmb9IO<~$;~fI z(e#x4$OOADIXzt-S6V#EM&@<9dx}g=))Vcm%nRwO*QO6?fT4_#4r5D7&I?a4)4cwI zVfldR*@expgw*8{8iA0UFZ-y!?zz9)S0i=Y5aP(w0J}OM10e0jSTamACY2mKS|4gf z;Q7jsjOE<(`!|O_y2@Us{(YD?uUM7QCIsTB8Y9Xv0voS<&1^z&BM|RN5>s3Vwtw9A z6p?+l7JkW#{w{k(5UM_ZNa0cGihmTVXfx8};Zol~aPNCtf60~M?dA#NM+DCicQ}e4 zUcbu`E=9vVy+YY7$1j2TV-lCo5{>!;^@MO?A&aw{GXYtkJLe94x$OSVdOVq9_nP5h zIsdGJ6BCBi>Qy`VG7<(-` z`jBON59p=?r+ZIL{cJb)vQt{Kx`OSvb(k28 z{I!omPjfpoRz_8nl{acCNSNv1mGA{Gh{5;+UDH~ttJjhrXK6(aM>b~0`c-LH>X*8# zza)41WLBK*1MaPAaM8XcUkBVn4-L5Aam}Yy{gRiZ=0LhR9*$PFz-A#Rmy1=Y=p?n* z4{+3Q4ThGJy!(R^sL7}E-LqXIx)n?WZ+e*5b8OKf)sc_8+o93f2TkwKj(Up`o5`9tjV57=xCrFdoqtB>EM{cGmH5vGu_FvCZ7B5Vj@v^p5$Y(EO0U8Xn{q`yD4x|e`f0l#izh22*1s*~&!WpsqRoDd(Q7E>|* zWZC%e~OO2XxOEgouKdLOF0C=0p(x=JxkI+(wa| zaTes`@<1n?Ay-MM9@0#Gr*!*OA?bu`Ws%( zkN{RHSwK}N=%f~^eHV{MPv?V%GWae3>huWp@(zS#}~i} zBB@-))Cd$+tB>ndSGQQ-L-k+?H6bgt*mY7X+W{#A^x!V<4~D#O%3&JikSnP{Q|04 z7&AQx!Xx3l@|==|Ug$=A)g zI|ud}Hc7JX)C)=7N$q=MTjJVgBF>3mF21@vO!{8nYleg}=z;5habxIs8dlgeBp>X_8*&Iw=%?{L zpL&7%?C)=kb+#`Q+VtZdnUE{qatfnQb|+2-wVv}TL7Z~rT0I}`n1m#BheXyv+RqP5 z>4onRs;pkZEIe;ea%eH2&oE20A&#TsZVo6hzW4{Y3BN3PILWXm*emhZ@4a%02aE0( zR_~$Rf_-2yDc^i~Kcqn7$ol-;SIfHmgz^y}^DFwUbg2|;+1+@f%HrJvz> zlA}#vp@!y8RK^zeFxa;q<_-8o0!(6>x>$nQWhRPLFxjQ>($q4VCE@Lz^6r2HcF38KPHtZwZ1$~bQbQLB*O0rF9^c~=Hq2=4oJC7=#Xz;X{^w1;Q)w2W^3^kEE#oC^2TfXE(2Sqo2n z@3R$?4;O6He%G=HyW7y64cr;Sc?Y${-z2)_Byq3>r8(jHeH07jCl_^gCwMyX6ajr4 z!FqTB{?M6w;Q{1T2v0BNkG|j6u_H5MUwt-?GO-M3(W_o8+t}h~qjH`m_p(h1pX|~3 zUJM5aU}*_U_pEK}fC|IeLDSt1gckNlNzh&L%?DbsvViqT$MB8*S|9AFY`*STOF#v} z7wy71jqwTR7b8p)hEs=&eJwo-6CV#1P+9e`I7zky558_`-Uio2>CTr}5B6}z0DVW_ zqwf_QF=*ePKQ6y*M~`c*4e?hReLP96DabdnA zLL(UU&V=r(=^En5DaeR#$~J-vd*;>huxQ*gN4|y3Ab<2O;lf(}PI8vp(!P8K!FdgS zz~sB9u^qlX^L&|YZahcwH># zm7@ijUSG|#RXnl*ROmZu!Et`Cr5Cv_gS(%TR(|9!@DPel4qY@xqqoDL+3=5tv(CUP z;5o-EKA*xEmNWLB_U<-4gQ0;}A1|G{yp|&vsyv}$Ivh>raN@Zh{v0u-GU*%~rqgjf zuRsoC)Nbv6*$m8h* z`iuxueV{s%J5ab84`J&-<-xIxhPyR7My*|H)66ON=!NuWduHCPL0`jLIi99t^$~#| zI6L>U`98$^iU)4%8DmdKt>JH*8bE9; ztdcZpW&nIUN>KYOmz|E;`4a_?n-&U|JD-(XaHyB;JMKTP?=K5ltDjMer$S{VP%PXI zo)j)8HLx9anP zwXsqU_*_BHn^zy5RoMCU!ks-*WfM5-KuLt_w_9NsFiEfvHz@s z(5FADUBai?)Mmc)p08p>Gx@E|RQnCTtR=&NrYFdoW1X_i?sn(fZ}R8rhfpN1Sm*Yr z7XqdaKu@m1RIV(qAX<%HaWIz4JY1Obhvz-;U>cki+3I@Q1j0p29@~Uv0-O)Wz&90o zK&_wX^QkIyOrj{`>+31@LI*Cc`w#Kr;)+YOWUwK%byJPWi1hr>BQSwL#hOo%c)CCnG2bJghFX!r4jH$X<&@eUesia}7q5%2YccCV){et!E0ixNvUJM_&( zTXTL2ET6+RwCma%&%Hqfu418C?Hlq)KPXcHTzd`172wHC4B%yg4+J0$b?o)03l)9@ z9~QO>8Mf_Cu>r#=@;h`s;v9GZyJcLOzNl($nzhu2h8;#}&%Iroi?G)~4@>xkI+^qm zOv<6nnZC5{>yntQBh6A?@4v;Jog_ZIP|?EzBUzTmQaq|io`+k2?Eyz#-_=)R7!sm3 zF}vO{!!A0SknzfA*B!gG^pf$}!bkCLXlVkV>>)^&B)n)!jge-kk|>xc1L67SP^?@w zxrs2S(j+EQUC*&d#UQKvI{R`dFdj;u`-~_@sw3G-etF3$c(H!LL$ig<=3~5wcXIh0 zE#7H(mG)K?I^7`~b zEiblXT&;+$Q)-V>kikY`O1r-`l_%Df2`N$%)9$Fy+u}G z6Yi_rAsC2b%|BXZDRT2l1=}s-w2OVFn}{Sc1XqrWT$nrXb;={!Zp9Al$Y00lD);={ zTIX-o`0g?8jRN#w$ zub>xAYx+seK62eq5Sk-+Ww))5j^fKxM+7U8a-!e-E1c^0y`68=_oeS?N)9__-ia?x zK|}qPQ|qZ1u`H0E7CM{!R*v7Fa)ZkF$?7C<5SaGziBCp>3}$UsjD z$icY4moMJ0S;nP>Y(gjiss!s3R^vT#fz@8U))rt#VG_3aX=Nl86)=v|!GJBt9 zfQUWHy%&L>`#oHL3t{IpXQVEUc^@NW3rj+hF0ej4JGt-pk_cLroAc}I{nFTV@z{ zc1p}cN&PAPdnSbv3zz7VcYWi^AwTa^3VvJhJ-^p!gNHoZ1w~ zR7ghb@6ZAQ{&^UhUlTxE!X4ZYK%A>tZ~ualmLBE(NdIb-yN)ZRL}%{n-In%QpBUaycZHKPQ$bEjBax5{8IyJ=f~mi_$bKxL5UA)lkU`jp){_w$<}t`a|GtbAXB zAh}|*m(gVLYWJ(YUX_C@r3Ccwa|0yNv8S<}lzIQQJabc+4kR7CPmjr4@Jx6fL~b4>2o~#zYp@)cD@9csYHu)oe;s+w2rwKFVg`Dxw z8k8=q$jBD0-<1BM0-s;CLFhRsI_tdjFNKjKJ731$4=LQ@g6E?6#`f)V_$)tV?{@;u_^!iD*13K^ z)Gs2agShT<5Em8U88k;&!Ff6qrf2nQU0-{^3IiuCTIVYRn60T>eAjCzm<3raU(j+9 zF}l{TUDAy2EbJKYw@Bko+jAz^crEf^+csB+ZVEu88?ms`m^dSpKq;aca37 zF6iu@REgk8g5XA$%x*?UM=}(+@pEk9v6dG;QHPn*SwBBS@dFFP*?AP(#t@80HJ$hiDVAf=VcsI{%@@`H%q_Tl zzo>gc4OW-S@2OfRkGWRG9#x;nTGYyOPkh6uDj;G5suQH~4u!AtVG7N_<CEpbrbkDC-b}bI;s5ax1*7+Y} z{`ms#ufCIE4s$+-+NvLkmn-=m7$k+$IEUX%-9{iVi2;>VrhF484N(S!>=oQ5{e48l z)>Q0kqkKiDp|Je!#rZSN-S+`S&1K(C%~GO9J#|Z{=LPkz9`7&;*=22zT6co0)4i0o z*I#5}37`BA&sbhiKD%9Xs;5}-ZQbjnDWuAn?;_yAo)dk^#}E}HJVOl?TO|P^`E~>- z{V&^SU3YzgY*7!Ge6`R;-YFKz!|VBFeeLnLUtcfd9qTPNhUKC0L797^uc=yw3Yn{K z@Pge=*w0Av3VQ(;Mce7Uk0v-r;s4nnv0ctY=ZCBm_i}s`_QQc{xX zG!M?N44FlmnerlStZpSR_;qbs4Dc8ZR5RIi#NS~#C>ksIZYO_H&IG4#$yT>J`wBI zeK{Z`jImt)E?*;r0!T>&q7!-}3W=x^ieV2sdw;t95Yg%bwLWjKrQ?5V^FH{nSWrI%lWgE0VC|yqg7{52q+iG2|S}{z*@>D@dD< z_eD1n_G^#01;@0m<~lyKtMyoLj?9~b_AMO!r4N5Sm-y!(!YTtkF6cKjPHgTUf7^IH zybaszv_t&|IBnRs8Sg)4$YQmq16Yy%$VKc1_XQN?;dej$TScKW!U5|Cg5#z<9}5mX zW{mdJBA6)OwS>4fJ0)KB!+l@n?>YB6*)RAy2dCprn=k;IYbt@L*;#NGZlaN~*b-nh;fIN<8%*Z% z8r3${^>Cj`#;NwQf=Rk8V3%EZA|L3$s2@V68l)=Ax8=SSNI||B`fvAKa>k6H7P4ed z7w`@+7D*xTegZIBe+c#1z$M!tQ0Yk4f&91N4(N^9N0sEAPoOIv8Fmv5M}n)vm-Ua` z;_&zFbmh^^_}GILAJ>B*2bZDx9Pg9>-)tCI#B|W^vss%si*0Sl*WgAmBO-T&Q>A(d zC6(^cI=9dL%pQ5Rc^x@JkWC|C!-AdQTI-37N$)#^Xb8q{om*CfE;xD*+H!WJzjedB z7qMtB)bqKr1FtGGvN5wz@~2iXeze8IXg{8Q3u<|;=SB#teNYM8DiHe@68AXH@ASm> z_`R=4NSU6|FN9{I6jzlD7BcSiSq(1wt`08>SV81u1IyQFzv!;H59fN}ES5=}a&)x5 z44HM2OT}aLkyqt?gxvVIY71wfE0t&2kQsl!;+@dpby3Pp&SmWi>r3hs>X%PVWz5Ls> zKJ535-WuwF{Yo`8?^Qy;$$ ztU@=BZ;NBKWOv-ZQ$}N3Y*gdl5B^N=4Ww4B2pLItIuu^igYWU>D-V9=WQOiIyyS4) zQPOg=Tj$9Ak}Y-RT*0V*-0H=)PbZz{4}cASOEkaRZzV{wxaDF(l$lB^f35eiK!APh z1TYNDnJUzz(iSe9p5&*8S*Fv$gW)g9b=Wkcs*lG#Je*DLwX$+^M322j8pk_^xe&;_ zt{f(uL~?u}WTvbFp*Kl()c*PQk6P|$!o-@&+V_fu8X&;W_*bCV2fzKACO7l(YyoV- zpwNNijaA6JQP6}Pm9QvuI72nTnDVDv5dyth+Jh`_jE&X3n+FNoMlglwrzJ}La#cI0 z70zCFZuhMl!Zg5Uk{4OxTxrL3I zl)m-OuZkVo3XRbs-#q1aISbMlBlxSfY5$&DnDg57+0Phm%`Bw4r5_a3u+MSwvE2e# zyW?L{%-r^~ai#0V_m$OO>wW5#m#N;jq2J+0G9QmuR93v(p?noKI=^1_)q;8|oWcij zniApEdlywY9QO;&x+|#8AF270D`7{`4%au{&eN*xki@VYLuY}hUHc#F3xRw92mqv=a?&2UL> zDE^%H>u5H!IrQ~?9e@?0I0u(``%{X|zvUA}Z3UIm8kMh|HX`qf5B_SX*g1dHZQ}PI z)Z{9SQm&bCxZV!S<@@r!=x4;!PF~OkTt+GPM`b48W<8%H=7(DAt2No}%$*9Bf#um4 z9d8Ox0mF=@vJ0Pn6kQxZqu0|VKEn3dKN0Jh58wUS5u%rTJC4^q{=GHr3K^iUiK#3` zoUJx*qH37oi1>{D1?*d<#@~xxHu4x{7tU!jdryn(_So`z{D7vWzy;XzQ2Y8=2PAWG zKO6mYfvZyu)vD>IhH(GBcI)y3CPYSY-^SNH-fESvwx4vSU4s6B9(iIbPuAson+2mM zz{nG`7-kpQjjad%dJy$A3vVVsv3u4zc_GLq8wZ0n;4?&0>2bJH`e{tmv&c8s=6rp> z-u@5o)CyI4Jd54h0|WW(5mfe&A|2yTlG~i@jTxdCD}?jAgLk=c-CDf~uXyiotwW`_ zucF3*;gn*uvR`%|GOgx|=U837<`#N+e++l;FrhlU7&W_|ffjz79uApo{!kkj)TCqNS`gYv2vb`xbc`j=hJg+E;+Rwbe z%N4Tzh1|@YSe}ff2$bQ%JC{$G7tck7m|ZSo2`ET^hO1Shw);pekL%Jueo|3ITx<{2 zdvUw?5ImCmJ`h&YyKEu@upEKsa%I->9eWH;hFGnjmY<bV- zrZ1F=vgEWT7Gk|sT7(%r7#5HNd9HXS*o3|%jPZ0X6n82qA~oyeugBgM~B=P zPO|ykv#i%k_(pP_a;lHkUQQiXesfC8>;-vk*_G#mzJrHAB6xa{d+v<|jMU^O_#BQ! zG{8EYm|^0eL)j+?_UA$14b;VjEs1@q$0!kiG7Yl#Vb8V5NG$VuW#t=N#tr}eIsx<{ z@Yx_vrFk>7&w)gn7ES}TqyWN4zY{QUcMLchE1={vS*)#w2yr+3|CLya%NH*n& zrN+L#+V@bcp(H$?pd`Ce1AnbeD&UAASm6cJycMP7`Iqn1*LOGbGPZSc7MZr!X_Y7G zqsW~h&hO}HvWiH8AzRpo$*EO#9j08F>1c)1rOK?T(9X#T4X8Y`TfNBw?M&E;+0g72G$%i0z`x?9$A<@TP~ z6Cn}W6i`pT@Z6QH9KnN$y#Io`Y08SVazhS>cwg@I57yx%tWDdb4i1N;dY&Q)uFLqT zzLnPyut=<vs-qf4!Mn{m2ZY! z{+&SwNqs)IC2^^sU98G){IYV4@D8-5vLa~_%f1YT0d;wEhflNI+Bm)65o28U_wU{r zOH1`2=Mi*43n|OWx;(exF`RWS{!YAlh&qz^uoey-5Oz=8hvU*vFBGSmWP4#Sf zbu?O*_Uy?p7_(d4!xnP16MDDdS7BJqZ(z>$tB=WhO?P!qcQ`u!l;uyml1~ zUm>5ge#;`m@A449`C2ll&=T`Y8HcjZnZvKs`U6+BqET?q)-1!65>AKfmPKRTJO|H8 zd{OhqFJl3vlLsgDb#L{)CnPW#?aQqah~FH+O|E_A`u@|FVW~PyFel!7UC!(YI_%jJ zvE=c+X}}bCCQ8a2+~peHI(;UywhH0=16BjoSTYPg_DR@Tx7ZxXSorV@(4!ij}YVaU;>c`^JCkY)onAP+t>Q#DXXmy z*O;#)IdS%g*MMq5hYjU$YJX6q?LkV|GbC+C$k0+Pp?#ml14bkYGwu7MdU;ZJ&-$?hm{5s@)fF_4{J5TEIT~FN(EK!SF0US6JUPBtPYFnI6v8 zin(7vNF~(b$UA=V)|w;#xqGQ%p+yhv8{cI^)N#0!X$Jxy0_8OL>^JH|C4vnM&ok+p8x&zN2Kf_zLbM*|eA`6T(B!1){)^zv5o;^Fq(Kq>P1el&E|K_$E*2GV z0bBp)I2XNoeH5=3si@IcptD^QjNZ<4d4>Xx9zn?5E1@Me-x2~ldCa?_h*xe@Q z{{1Q9XcSf3dV!Sds?*VQS(;a*RlOUX z+4uA{*6m|+?v<@8=K0)*-loIw^kplmKh$6)Y}EHooob|k*6=miV_H>gP0#eV9f`Yb zD*WoTHjxyxO4O-4J!{Yo5BO z*Lc}`6NJO9voVv(CSXvfIa9apZgnW93ESh~#ZLj8Sz=j48ci5tPVk2)|SEiDXAX6&;D*eS_8Aoy%#2iDC+|E2`M zuh?U^G1`W&L~@(cs1DCn>FqamyncPC-D|81^>2>4d5=?_t@OInWvTS_*mrakAOP|4 zol?ERcs>;pFf;wV-ZwtCme92B-79hc-2fyDPY#jCEMXG3XA%r+RqC5Ey26A0`iv=t zkH(>FLHkBkWlQFd>}ly_X7=C}z&_o;mV(}KdMduhx-cUkX>;?3%cLs(p&!(0nG*hK zZ(r$DKeI>)J`7~X*bjf<0+s3-tlX}#uyJ2We99Wim51{~bc1vj4qJCmtyP43j=RNY zDv!Q_hrQ%+VFdc}O5Gz}QPlGjR%-zjH&n#W-{ShMoU3jBT!L~$gu=Z~{2ZqAYJ2We zwv~hTKCVC#`&vPYzWX^Qwm#%dXp)=S9FogapuNCk+;(=s4~SzdWwJc<(1aqvmEp#6 z#r6PwrIMA~kKF!5n(^M3*_RxckL{`7rx0Dd z+_YfE1S7=j;wjg%wwpzAs`r@~KiYig`mqenE zpdL3zBu&6;z!guw+Xx6{@@30{hnfHh;Pxp$KEJ-vqfPe7as_i zu@!`H$T773;HL}p7wtCp8-nVR`F;pPb?RPQ_+=7o$$$oY=U4TeY~s08?WBCoi9uOg zeWH_tc8+~CbLKZVaGOK5VTKjL6S_Y}-RVS5#z&~>JVT0j{`t3S?WHKFWM9lPzPrL_ z<4G{h`7NA}v*`OgLvZ^u>Z0b>sLna1Hlz}>#G6E+i)hC|!Q?aiEyVKUU^ejln$P9u zVg+NIB_R(Qp9y4RqtI8G!S>iKr1)5=+xXBMhg%oEKrbmJiQ8Z7)V6X3QH zjWa9Otky}Ldg#W(&ABYgT`I$V`{4<)h7p}Ft0B|gkH0fdfWLAFcZj_Z5A0HcnbT$y z1tg}&qVxhaKV^3h)tM}4?dAyz5+}ngQz~?0`{aB2RT|9g2~C&zu=hoT@BkQnOs3J> zbC_!OVN`KZ4$Er7*aAmu^%aCDwkY=*kr&zU0#>fo{6j>G6)a(XeP@ljA0VuzjEqkZ zya{*ir+bVldr_fXtn6I9^3EZ@ih8?9>26CSbz8r$o3iCUY~~}1+OnO_TD}aka(vDw zbA}L#*7$bgc9~ET4`SFKR3G9$N7jzm^tr&}9uE^?KwLizrY|@AjQfhuF5m8QbK`a| zY>Cig*TSJ}n0I!}U?ZxO_*)$Afv&!-5@(lkfiHS82~%lr;{MmM{5k}3 z!+^P@_lo-P%XS^1$mPh-78L%GdLOlom>Hk&4~NICVMk#3_@~ee`VqDekn%`j z*|=JK@l$E2C%a&80liFs8*0G81E}elV!^|%Rqv8_Hob-dKkuP4%-EW1(LTkZ`Ftd; za3J8aOteh(Q~GkZ2g0rCBKjHRw$A+###+u7)kdjOm|1;)pr+eo$9+`u#J(k}m9+Jz z758Ls2$e5Q8J|T78po@}MOcNUJDh*t=<_~l;0B+VZ+m}-5Klas;dU7L$$cjtB!joA zmcOkM!m^qKES9}NO4U7s>X#78I|-k*;xvW)^%N2whaH#smsdO~pR#D*3POVbtwsSq zM6quDIZkiQ1(jZY9_Np$Wwyw*JS^3p`BqwY`Yc}D+a3O49;cBf`tchfw?hI-$po8s z98wdRC<)(zY$toneQuf^!0vpm6CagZrvqUri#sTX3t`++g&Oey3HIi|r)+;7;D0%t zZ_22qx|6&YNY~)aquQ8~gNAj;z+sg$>WkK+>5)~*UZ@*_eU?%{-ynz=#^>|%h%Ujt zy*m=*bQr>o_CV_V{=_Q-q|v$Ob%nH}Cj`)jO~^%+{ra(=#s<=6Q`w7^5jcxPsl2~Z0SpfIXF*jQPN^h zQDy+D^ycXNdtYnibZL-O076b?ppGwH_c{*Vpq0sV%dR^9WT5CTd;LHaKK+o*TOCGp zT*}k_1RUh*Y{S$HM~y23PFnoQPR)fpg@HK3muw`pIpaZSmXHcYui*E*tyt*=?kxXG z^L6TQs(V$itE$~05_5qgkD+T3+c4UU}|k(3o&)0>sBJg>2`k-0CIfHFF~F2ed>_=EjZyH*zQc|)&4CEc)!WW zAtBzG#t72W@5#1M4i%)~==udErSpr$<2!1Dy5xULfI?v+`}F(ty2z?ek}UQUGc7n7n3>SfB5>h(8m&OL$IV zZvzTb%oW7X)dHT;gqI2-(y{`uzjg;0H-J zG-@;kiQH?}xbDvT*M0O|lNbGd_>|XZhU?yKksy*)RAe>2P=Vv4>jEd_E>O=4@#-GR z3#$0z*X&{#cvsV8@izSx1xB_+;{!7Q^*Hqtb$gzJN7!4RKhEn!$@)LCy#k`ZZ#L4aA{5OL9r*G0B zACf&KtC-Zi!QV6KQ}I-zj^3O@ZOSKtffcdu6IAo@mz02dYRy&m;Tm7x384A?)dsQX zvJL0_a?XvytoM;npN_WhbzEGI-fD#3puk=A=}xEYGD1nqxAyeKedgu9=bY!l;Jo_FqFuSLN3iQEuVnw| zXulDlThv2+aN0-E2T=0Id&sH}{b$b}>B0aUAhL4Z`mdNR+) zYY)g2NmG&DIgC*uJrdk~I!adujLr0^M0{TVz_@QmT0VI5pE}e)heYtrz=eL0vwDX; zDtyh7#Qk7|fwv5KxW%!b=7tI=H3R5dO$|hndo=kxBSV}|io^?_dn25!?1c5G!-n{n zFXPV_eAeT$dGwa&5rld-j&|&51;L15Q!UgjNP(G>qWc8Pc8%v4+sa#?u)0E6PY-!Z zMb~9L`mqI@L~(qML3mdvgs_59-6gp#v>fen*_~YEdJCZ29i?2E1q)$kKWeCk8xO$i zreutB1Oq~6-FWd?ohFi|Z#D5Hy_(N+jfm__G zhIG6-9nX(b_5*BGdylDTO6<4sqdIkxU;jIn@2r*mAl7J?mb&Mh6L(hD@6kLXXcfeL z?g+mVF;+)9%lQHEh_I#)0`O2y0FCpW>#`?XXX{pN;*klT3?#7JRED?3g?HlKe-n$b zFPY2S-7D>*j_z&v(nlwLkQ=DAo1NTB?j$@J3IdC5gZ)7CMjTaHW{rp!H^jF70159oja@0rPyznY)x7&RF`B(Jp-Q@`HtI6Bf+)rUT@CCZv zoUD?qdb1}DUoCQlJh9Zc?^P28&yTe}aICWi@&>o|Ej+}DdVex~4|`GkV)>lPTQ$SN z653=iD59~8x%yCwFU1D6f=z*Lt5aLKuo1)#RN%g%r`M1Q)NdhGr4(=G8v@hmcyEZ| z?8|;^DRlEX8wk6ksj0IvatLbEb_jBuo<*gy-8w%(VN6pO9`XHYdmiM8C3hvndd_Nr=OjyCVS@+fQevYBe zbu$^?mb@MoMZPA$u_{LC@clk}9-GoVJh#nm-ziu%pkk2WzHYFT5~EGQ%G0UAwg-fd z^Y!XAd`|FeNW2ck>fZ|O3LxF}J^MNU5@T={L-MxzX?1H7)&KK3-lMq?!(SGzfOr=P&f9$z*LvGF~2|TJ6;`*Imq5^ z2@S^`Z9wk#9k8UI4wJ&-PTUUEN!E1r`l&tMeN98MQp(Huy%#G@Z4hE>BFTCC(mTM< zMytbJI(@XEbdtE^Jz=kGu||Y(n>sXy$Kp1WMkh;pKyAC9p$=rYuM3E z4tU;}2Z-Va&n6z!T3?V3RIpfnBdqa|);pC+%x?XHJDQD;NTG6f8V`E_6CIWLJLUWb z#+?K4K$m@s**mZ+?>pw8aDqQyX@xx-m?@j4$Gi4jA*8uz(hv&7cjceH3pRYC?Ea7|;uT`O<7p~% zEV(BuW0QQnN%DmkIfyuc+p|{!7Wb_|;iX7MHQ6d}p(Tdc*S%c1#Al^zOMm?ifR2Ox zMYP|_uPB%ka)&lpq)g@SiY6ol+v!Zx2YTqdP3M>d-M4UBZ7<5$Hf&8>*%+GPiI;ob z58Hc|eL@0?;hvCK*=O;tGUZoXa!IZk`+0t|bM6ym@T|fsYAV6iNaCC2ozG3y?O%8D z{SAOYD!al1(PvB^Q1LG*eVgx4MEi!~UihJE02cK0o1U?z-!)nJ@L8@c97^5emP`?$jpF07mb`UJV6* z#c8hv{w@8YbV_AA-ZyvRq8;HM)Yvm#!0h^jW_4UK^VQf07|qoCK!_ov)_K+U+Skz<8t!fDJuzZ5LUA>)96Ex}Fh$pN2aA?YDj)f{IM@*R=73-TU z+{pGH^ZJ1RfQ^9SBkpmO|2_Jea2$)5;2BQYQWvI%+$%?jh~fqE(@lA`$eSjA(Sf)> z*pxs18uBe0RzKsx(bnoaDsic#w9uctcG9e~zVCmvBafwe`!sYRBceRrMs%YwOCubIt9}lx{8hW z#ekjef}ZOM;7Xi#c^SGy&Di8hAMPy#ANfB&a}5z`jma8N@-0)}zpOAJ8GdQ61n}Xs zM0*eZ{I;XB$DcqwUbW}C;=BD$Z;@1ODWsz=Z~JhLZ=5_>(*%>R1oZ>B6x)u&Jo;Ds z;pA`ev}Z`k&s%2*R;I4U94h?W^BAZ57ff}XGWM&Sej5WrgtDnmMc1XuRg0g$xaB$H zdB{IsAFvfDg5YtIbL_uD0QtlzhU>-Qx6F6p8yN7^lwFQ^{Wy-YJP3SG9yHdml$m8f z1<67rdnkeILb&zE{maGYYcm{w8OsyX0_#dhhs}?$PMn3;zb9C>A(Ddu2?>67r>HPv zzhi6J>CFr*q^vi`6K+U zMZ!r5l!vO^3cu(lKVl*>gxl?YdpaxSC>%*%B5(!D@ieWl>m|?GMj*zG4yv9l)g=C-m}C zVaEWkqK0baN30Ls+?FuJ-giVZAg+*aK+XeX=aqrAdknj9BYc>~zGbc265RS{Wq!n$ zBt#C(q4lE|1GI6!NLnAK+WjFFTF5j%qJQZVyfHuB_pYek`>b3V<_E#d6WoomTHcaG z{KM}ii^mtQ%k6;k^IU~Cl~!xxeV<;aeXno#wJ6lrxV)H;*@QvQ|JX~it;TRz>bneQ z&DO{60bSlKil6`pW6h*+mpA;IFZ=D4kpk`e*zakuEw6rz<|kMC!%tQ!qy5pEw1iWf zID3R!l%1vPi*$a+!KYu>ss;<_P^yqrWMTe(*hlD%f0&bAxU22ELgJG*I_J3IRP{Y% zhN|?t6}ObtpgkOjM-8HFhC9En!|>BC>Oq9z?|qF~%XNO6U!cFn_GvWMLwW@9e_!nT z0-U0|BLO&t$W9npWr^Mj_ z;9YsXP*5j&OI5P(3qQR+jwuv8ZwAp-o>o->#9NN1D&Ba4&~9&*{0SzW+=rz>A7=LBIQK!kIXU+ZK7|8u$jJ%U^LbJGS2!W6lx6M&O>lzZ#Ta8jNv>P4 zaE)C_!jR#rePJr}15U;3Hgf0dfRPr!sV4XoZ`Sq< z53z~_0y9oqFegt`hYvPSq2)OE3v+g^zQe`DvW=r58)ImCYj- zQRg!QUJ#B@fI#87ntp1p4iHl8dRw?stMaG5Z(mk$7zLXWsq_a`OiJh<7qiZi0t93}#*kqj}$E4;l zoRaR+Of#4)A1`;l(7=u+n}AFs-ood zUMCRNH}!Dzwvw0mHZHJqfhocFV!ut!HY)|**-YE9>X9RE3U-T0E0-5pQ8op&`PSTa014eM4y5rM?uH0`RXd(Rui=m_qT%%hA(f z@n_L^+;}>}HX_)5aZz=v$ssT;p5LZ_hFt960@KiRD&SyHoq<|qqd-K``F%cX%CbKi za{Bi#^tN;C=gK#iu8>=JI_OIr5GF}*C(oWZ;L1(r6A&`!&TH8zg3~jH&9Pi{XatCDD9n?b)k2>xWa!)^w|SJ^6d+j;uTpQuy{EjUmb#b9Z!Le%xn)^Y1Rc zeGY#yRU(J*VF@C3A0BC`34}Juc$*xfZB zgw(zYFO);?-?i%t7}9=Ri(c>xgUf^dZEeYJH6o~@g0=>vt*;L3Y#C$uyybN969W2* z=4EOXW|UuC#$OnT4D;gpEM7;MZNc-ym3W`&bUzR9)hX=lLH{n;>7>arrEi`*OtysS z>r2`fLj1@!e-OrEq+1Y2PeT7mgWzJ)R0Mpm^C;#0i3nr0>2xkH-eOhw?e#AVs7W7! ztvK;X+fc@a6?JTL3661Lbf+2>~3Tmd)?@ybg!=-_J)rV!rG1ug9yuoWul)$bJ62DUUC7v`BvdjYeEZMMN=+{g7cq1;J#;CIzL zy0Bv7ZwxF=aU2<(05!{4x1E9*8l3%hJ1{^0d@ZtO;qUBg;i=D|=um!;4vr0*bv@OF zny@MMv-kj>RA=WsFSQ@*^t4z^k@L4;x%*0WmRv{ryn8u)F$z`qbrOnt2q2}Xjx3SZ zTw6v^`w|@5HLZD%ruPTu;)5%QNZKBf!F+vMuWFZR5GkX%OZ^J7I?JFx5QpXDyQ}%l zt7SIk0cQ+pgz^|bf5)N9ru&#_KC)8j8`AE*yQn5O;#(c9X&Z@lKgzfac*T8|DBmZb z+fx6TQOc~#h%LMR4Ew1@SpkpVuL%n^{*52VI=q0hn6PHdP_3ahx+%(Q<>iaa9^SH-BP4l(!XDId$G6c z1xB2{OdBvi+Sf1<6@M0nRCRdLvrljg)m3_(i-_BrK&gA^HK`Fk+#0&cl3_3#FuwaJke*s`zs9`fgLP-wNaj4h>~!n61!~EgX%RN%O`I3{{(6p% zorW*P{MeKpz1G9rX!n?&G^jS6AN(-hWA}O*Te%_5ToBFSzW-0BP4=9Mk~4cQLsPI~fN`&@xYSr*F7ib20qjGa!v{-8A zpZ;v#^;F)1*FLGbhml5(>IV0%RaNlt@gC*m5FYt+ARs%4C*Ag*009=oJuCC0sYdcW z&{>It4#l*r?_71@@qNNE`*V+==PjO-P(j#zv!~$u-_rB!BV$g zNr}&e8hgJ{rzwrCxjpK@(tl%D5%(a&gX(|wjqC<8zA+D#^IWa-pC>N&JqvofrxY+b zoI;BHtb(TT{w>^Ghp1n%mt=oe=wNcpcs@t$FGYAP3jrP3$PDj6{GUiQw92)UZLfyl_u>iXHN(N%y1?dv)1AxTYMlHSDF!+)$f z=N3!_Z)&Z!2kH_0)r=nubbvoK8ewC^-;1%Ylnn|2_HVy$3cz~8{p(gD!ZWDL9Fbi{ zY;Ze%pm%kIlHL)RgY3;t#&UvPZSOulG>=O>UM=t+KHlBfY0JP0;#ntr;75rw4;+v_lI-~XHM|F`!K0l?kP2&Da zK>pYY^eef>A8a`lq4v7Aq0hd|s(oZxW0kMZ*K6&4;VwSX5y>CqkJZ}{#dUUHW*#*5D(a$j1*MJZGeA=9p831mVH+eOdg6Md`o@xGAH z;MGLkTxH{@)IRz8B2;=oXFWt`C!LOc@a4@Xx$5MZ@J{21^9s>Loz+iQ5VK${sbB+d za&Ymef(w&=y3`hJ4|Q->NSNWSuCVr7ni7KoACg@$NJvf)XLUPJBtv@~$QPW&dnlFT z?}^I)wQNJFEcvHG>PQR=GcTu;?UfgByZk|f)jhL+)}zZjv1dF@d3(^sA#<4qPsyC_ zN`6Dw7bz75TzuQV?%y*NUQejO?03F0pki^6^9*kH)OX@^(4!9Ioi2)wJ?uqAX@B-^ z{SP{DU-rwKZa0Bko;5WMI@tiofg^HdZm!G6SYKcWG)Yj=F#R1&O5ytZT;&}-Fz;1J z%*fu4Hgul1Z}#uUsa{RRN2+hFo>vdBdZx?sN%I~JAd=(>GYlY9`_<*AMN{wmD_ z$U~vCv!UQfEimkk%h=_w%!itC%!c+m7ABGMW7V}&|GPJ@_-(`t_;tS!81?Ix_5Eaq zL2kdMskx8i9}^85yzmp`>%$!CyNyfdcYkw9>{NX)@(RMn^WsiWJh>$a`4$TNj=Bg8 zcRp-m8JSSsN?d+h4%$1ULe>>2_5_0a(Ph_!K@dqWn-RMluHu&^D4ypc=E!8m`4n!12YO4?B+;#_dxaS;ecWIMI^%1R6n+FyK-7expKB*J{@h)d?3|A z6;E2dL7%r@<@?;u*s`%P3e5c>uyX?s5wD{UmzTV+qmWumT>C|JUCuzWhs0az8FFO; z`70wTFb?UwoF2zcGFD$w?u#oxzXInAq5}|>NdQ0FB2yR5M{pwC4sm|CH)6^IkLj~Q zkc%w=b(28~ogakcKynxA7&cIxvV+&~ zC37$%ZLl$0`}@Ipgq1{B2T4b_Rgc=pw!Ep}Xh-ieXkRw!>Yf3?57hGwS~3fJuE=Cy zs#v5(@>ckH2^>yazp1JAtZq*B?9l=U zLnyRge*4A>=u+GbKgF;#L;vxem;F(O_NIk0-Y}4@C%$>uv$yBmzH?g&C@^pP|+@&pG()_{BJ#q~_VYm8*dfvOK zvnQ@CPO`OiSq}C+zA=9fD{TD+8Y`aot&)&Wn0EnL4eqa#{RkS#2~P0fO`D&K& z-Al<-`*gc+jBL7Cn1xhs`{()yFSlpAg@ylO_BCh%)qiadQgYNEks3%2>}#DB>LxjZiujI2C0!uS2Sb2;s9A9K+qMw=-^`L90a+;C6ypP=(x_kH zx_6T8rwnbI{aE^1>N(ElD{VamURHnk6`afG^9=_tJcZKo?GOSBE7vRv1cu>xt(4__ z(e>Z*vud_X?kGuV)!Bd~7_+bIX}<~cn>Ul36_fQ{)Gw#6DDczX_NDr1a2Z;TR2~yl ze%aR?GC%FN;O~CVGQ0_%GRka1qJne26=H6N$qRiJ2z7y0PlzAhch%7twZTmHFOZg< z!pY1s+9SP5L*^+D<^p+@^Ap`A%Vmw~`?rX(9|$(jmXiU7`0ycPAz<{^zV+E}gpm7C|L75dbRht>CNpuN zhmnNNig~uwmVP~7g3iNYZ;!Y6!vpL}CoE7&FzCBexc9&ypAc=>TN_ zh@m+3y?upfNzTSc8&*PM-FJ|kQH_@*3X+mM7g;!ZPfchu%sij<0pug+YJxxFkFeA{ zgf!S{3*z&Mo~M(PU@)CUzIi&9EkX3g^Ol)?Zl57Y8avrGNjzsg4egiagl_-_EB*}t zkoF3}VIPn0Q~1{jDNpyu(cSmS>7%gb93{c)#B(6c*9*7r3i}OBfgG4TIFx_4#E>qy z%ypmdXGM;loDBgj18(kZR*2nFnEfA9k85TuccoK|8{GjwZT$)5{d|}Puus{W7`7Ad zu^^sWv0$2T;_k4Ee4ZX@&}abV4Db*GjjMVaY9rB+ozcl;K+RO8iYWvlFL2>vHA|0H z7Co0#jw^6=>~T^<=q&FydF6Fe8&di6B8d1lJSpCYNst**>tQU`$gnr|VB!Xwb{55w zhQ;LQ%*XGmW22P4`RKo$7E&`u>A{TQ_#rzjxnC?ith63Q^c6;5hR1E9CcEEXtcSW5 z4I2quiAldUv}X-DdI5+WFXjh|j08Ze`D5Szie8m`Voz3brzG#KY56AFH-j|r1%io}L{O+na1oTNEhrSU1|;uR>(11_i*pSw z>|WR1&hHTaVH7_}&(Pjd`TSgy9!wJB_YAD~Aj+wG`Z48u*q&MyVRsO;Q&j3WeO;I@ zR)UFoCAj-U4|4Osy){OW&VBC<47~TaO%_MFpqP}6fwi(!qG98zs~^Z~-fSEhhr>?M zAJ$%bz^Rv8Nh+#8=Hv3K-<7hT)KkY7v1bzEH=FREt_I(p<^AE|h7$IPi)P*2eYfy2 zE7pC-@(=FI@Z=z*ti;~)fP_6+Q>{X8$f<|diuQ)9<@x%&tFV58UfT&Pz2E_=tWUWI zg2(4xcB0z|{m~~+CyH7&l;VG3D$#|pr_;IgnA82*Bz0XK%Jm!OW-g%l94NTkW(3gV z=iGaNai&}0^E_v0`uyp<-C#7idAn&FBpe!N)+y=m1ZCCQuOC;6CE2t@s109|nR+D( zg}0%<#EEc9a)nPls@YC0685E*4}~Wy$HNXpVs@yA#Q)TI7~HHZpmg~I{hTRt-9F;@ z@`s&T*kGl1gv@--xE!=`lWs1n@mpPOW%iE(+K-82dze%3Lo7*wxqTF6S0?=H`g7@6|5U+qYNCa@177DoX^PilIU-?ks>4zIQ5B9PZV0lDum{lM?=|9lEq zc9~d;rc3R#5Gn-`t>$5#DUGPf&LpMxLRHdK!)V2oA};N361gJ6&YhI0;VnjGA<`lkxGRQj!i{c&VFwQGkczRP-bH_IhXN z%RHF)&1SKuykLFH;W0BB@d-?MtUM=Y4)Y zy&;9=kyfP~5*y)U9Dg=?D9d4qU(bC*FenZ)m-gIG1w97qq@V5E%Ie96&JliXhR}uZ z%KfRQJTPibxAW}?Nu7OVe2=Ou=x|j$ToiehFd*#jGt!QIAYX~8cIZ!fmlUcP4+X&j zV?`*`;5?n?deEd4igyGt5;7k|ID!;t|Mej62fwqt4sU^F*unfUrw`B=ek^JO@s;-K zE4pFh6|4;Ve$Xj>W2g^zuVGS^D+O%Eeq?c;t%ZJRJq>E+sW@ zHJpZv*~s48e6of*@>E2UP9VH1;>g$B0e_0CJMs1P1wd>3nV~DPu|i5!GGk%&`1t!F zVtk_$M_iPd zQ>{&$Y;ABF@-=h}FbdPA9A`H-MCcNf!S~{0t5%R!QFk$F<10qt(G8ROy^Q;6KELTi zVT+M7lJATw6cqRQY3cDcF}Fxq(vEI6`4`48u$%egw=Q6m-d~avQ=dxoQtNk0bG;;= z1)4n52xlc;hZOr@Oi%)lbY(ami6GqeC5^`T1O>G^tkAK7X2{vX7#0V3cm6 zAwP$7cCY%Spjuzb3Dpot)zUDTj&$t*Hj`xLiIlRdMh#FmBTxMc_z!nC zK9(wo=x|^B&r7|=c&LON4>K|JqP7J_e&87U{>E>ylEk!m&`_pUaL{6(8YemJ=sL;8 zKeVSY!2REYu}{Kb87aAV&~*fHVxi`6d=+1v^_R3%PP0yV) z0~0w3g6m)M$%I3x!2_VRypp2X9w@`IM0a30+3XnHPZF{%pNZoue=&*XSZFhAlW1by z*)6H|GlkXR2?MugFCmeS$)YLLW8^2dKNx(!5*#2*+`JYTI^lC9)k|glCEiSU)j7|@ zyTgS!X+XeDk6d5R*XP8+`@OY(Vq*U6eTD};kgPJC<==eVZYw6M!y}92jkGS-DiiAjnmC-#5R_yDvha&q5C!k3 z@!i*G{`J%M>+pvGJd9*(+FaakB7B;ZqiefqAL7+8yrEMN`nvXHC}wUcH`mpRaz;@vfl`$0P?KO1ZAk%jUJ6%+d2}vZW zkXxp!djG;k^m-V2;7xz(Q&3b<6y?u(*@CC!XaD=Ate<3dE~M}5C5*>+%%zF^{@{J| zcgDQ4=NDY^>)vM+l52EfpfoP=85GdHuoCyDvg($<@>oE25$|f!4CBy81wmk({3o=m z0(EYuIxYp=WB;tB(5|?CnROjvN7TisWbA6i}8b+N5(I6Yekzil*eDn5CkaSMcQvXb zNyFq%Y1t>wJe2%~F2+^jCx#vMsbYzxJdN)7O96j+q7a^>*)Jni8ZJe--JMz6b*8kl z;L{mNhi)^r!C;=bK-e3y3+Ao|Eqp7)qz8vzB)@A?Km6*LX6Z z)zItgMP!yem>voVKFGqgNu^Vr9lL}K@A<8I{%n7Zi^lvj6;Lu3p}*{|k%#rYs1_DE z6k#OZ$aX*Lp!N%!-M@G03T&{rFPiMH;GWeD7R-!OOD9BH;QUiSd%maoa7PoYt@j`e z9vd}1aP^Np4FFE7)Z4jCUEa8WzASJLwBV!oB)eBhQy*Ku5GnI$(|zDBqGVm$;&Qz~ z+8=D*(w*AlQ5K_malS28d&`OKpP#9;o>b;07KDNXN`6@0h7=(zp9r)l)AEtedPqOtK;AzXjn7O@I< z7hV{O=6-IsBHV0$h9Ub~e>=srrM5K!fcNzpRYy3ycFpzvei?lFx${<_5gp5zd)lM5 zzncVy%hQUWWavXQ1KeskeqJl`(3Why<|~jD^Y*= z+P|wO;v^sD0IiH@LQ22OGKtJR1sLQ63VR#U-@(_1DTL%#(VjH^4l^prc5_`4g zubERtAb)g_je@(cKuhS@N_P5Q?~!iI!z5dV!S2CJV|QL0j;*U6njUOOih$8#@is5- z)9;?3O95Ku6VI#ML+8xRIl*l3#EkgM??l>CiAP%SDfTs1t=xLS!l|ECr%Skv59-w{ zl{gy&UmiT2<=-!`Dpu@cl60NcE_B5k1cHy4@br=}a0)p>uKBZL=;_fAmU7w{a-u-x zJN33{^HTU3+XrO-mABTO9(D$y^$a0*4!`@k`Md^9oWwF(>U)R{Qf=`$VjQ1qdE#b4 zTp$^o2;?-YNURZ?Aon;=Ywq}<#0GfhkO7brmz12E&VzJiDy)7@$;)l%jQL((N5QNH z?ifB}I~!7vS>R-fG79)OxOLUU4V~~#Ay{L@TK=#c<-q*_>D$`zhEUpR9i9+Q7k_e5 zP?jWEGUFT|hcv}B>48XCYXe%#Yt~aF+!UtnD~MSU+j&^`-_z&pYLh-3eFvbQY2w!B z$tO&4;lDoB6i)mJwJXgPUagfts6TE;0~pUI0S4jZ!r#^@nJPM!>vJ$pXdB>@-y&5k zl;J{yGe=z*xN-``PV-X9nXZHt{2Pv|*|@EA8ZAF~87Kawj847}gVZ4s5U8@f^TzZz zwR8+1yx8_dQ~drsDwwvHK5oXsT;+N=fXMgS=UJN@dZu1|;4&}(tjMgB@O=_5`HTLm z*}tCEK9fv2BoNpO_hvm-eKDZFhocQ_4#G<_5B%G9*Y+IJ6SVJndF(9n^SS5#9-|7A zOHqfqk&c5uBHI$=F$>rvv5i51fxYy4%*cXWL ze7yGwjeMh@;BYq1;AKD*HX&$aRYv2*TD#M67K#P_)MH|NRWG0$ibCr2eY&4)Pl|&; zV%0$7o=EPZhZ7J+RG2y+_n}(SpuAR9c$7R6A%tGl z7jzoWoL~ZU4(^|XyyGu%VCP?sPyfeyg!Ln!EJCf;o!m)RrYcjO!@5 zPp=byLe+$pdQ@fDd3g|$(O656j!ZwwH)XoFd+npidBKkONKF{HD(cz9T}#JLr3R)t^jHyI%M;R_+j%@P0UsZD!=qw6}uuu$m)K#hVWd0zuCi~1ZsC9 z%h}qU;g1NU^td6aDYKi~llRW~ZHTej))*=)Mc?n9#*9H!dg*ufHe_`9H8M5Uy4RW` z=J#{?={84qw@P|&2n>zqO-Z;smr3F?+6DM~^gjBFhqyam zUuN&o%?DnreIQYKhIw2?7rXl7P3)hSr|f)?Ta)iDQvvBSlSPWnVV`$~i;q<7o@x;` zw#C>hn@GYt-(0DDyF;$+XC_FhBTKT5VKTY1JGTbN^Oq_&H1bIRDhhWEce)-EBnspr z^dN7-_zt(jbP>P4%yh_(YT}B=94;DjqnTBJ==alkbeSwp&xie1r5*5e&cpW@S4}zy z^)d2`7zsPOSM6$wmxZmwqEl9yOV&LG78bIxK!S#;CRXx2=)(A*gW~wVl8Wf%Yr|=H=>z3i3ogA@9XyC8SMo=m;Mb*@XCK~1`Ofaz5P@=El(;3N z(W-T(uCF&7N=&IVyC*~fAQg6jJgv!oPTl09+$r*gGl5QswXcbUw%T{QN@I$$`MND{ zr*J1D>Y8rz)ZmHzswD*;$%Qm)zlRjLl4Jrr`Oncr?^7!}BJ3VG|IVss-e)E5#HPWU ztW7AfCEn&hgd$Gg&Ot_1UEO*No%nvgHQ`%+rRYLP5Mfg?Es5TGz){oMgO;7k>@@iS z>*)|=K)b=uU@s&ZK~?Jd&WniqEthAAlFkE!>(X38_lBgQ_3IsB2{+oaiGZ*DihG|! z+xX!h>#coM=d<~fgZ$XqLi#QV)6x7bMq<;O@U=x-^^D!=LB(nvjcm^)*BApx3lsmw+TJF$wP|3wMX; z@ymz`NSv|he+xZH`YC(~S46;_JMZ;14~r2w#uB09g)IPr&ds}x>s|Wu-`BQ(MN+o@K|BN|}j(3PLeB$s#%;CNCWKzbt)rC_6 zU+;k{DDK*r=g*=XdghB3!-41Xb092xA;haQ_xdORJ-y}ZezEbbZn?(E@=-pn;6jkb z3)vvvevnRD_m|eaDKblw6SM9cuR#CIHWQp<=!#7HF-Nmisa-5%M` zGxoyUlf7g0S##}8c_EqrPv@35qPZyLbiaew{c+_J7hfLN>#w`Yck%FCo)O>O5GOw9 z*JQ7|Mh$n5e{^^JC2#6;-=`Pm3xvH-pwjg| zQTL&+E%hISy)fV8lG>`*2sZk&e?R0-_+nICpE!dfpEtiPU2}oE{?fPfh+>vKl{gp@ zI~_ELE*^I_B|6407ERYK9U2eg{j>CWdEkzCRJb+TuPg1fCE~I!7EIHgo2&X6$r;sM zIB@LaVxiQ&NM^AbBJ$omCca*CCVH9Hu&(0i`>bRVa+kP~As|o1GZy&|I;CZZlXE+?UR7ieKa*rwZxz-;XCXh31zB0o( z($#&bQ#bcyq?BrwZv$m!^&4A`>iPx19+ANP=T*rrS_gWY@%t-Fokcku0X^f!?lBI zTYAJRbw}Y$+8<7Mz#A)mR{Wee4flkPLUB84h9el0YVeaB7Hbx|vL|NslxlASfrH46 z*so~h71%JO5>bUP4G{?kYW`de)M&z#p&5d%_%(h(SXlOiz6u#rI?cFWdNNPHZ+QNG zpN=mAVbM&pmcA6wj04eMA$>FR{aBhjdowHX{2iBT!#@Ba2?9~Ghfv_uuWe#HhMlO4 zY~KeRDQTAw z+Is^fhNUitppM5x0c*bsIcoR6N@JN3`t=Am2K?LSyBW)9cc=Lw%@yFL^JB@;vzT}{ zlN+Y|OLttFFWX9>Qyq-C_U;8gUOwNGetClfemO0V)LKrZ=3ZazU|kQ4=b)UF)6E}K zBM$CHI^6t0AgXQpjoa^B4qlp zsm58f^#l3U_pGdsDxcVi#mi>yTGas0DbE6JQ2KQrSqx^~b&)FC3V|=JS zLE~}3dXGENlVIXX;!H}_pot9VDnHNT$np*DM`>SMDDLxoQo{amL)f*Iz-9qV)ScZ6 zPS$*Ak$q9++rW3o(d)LKrP8adDiAK5%dquk>kk^l~TW0P; zBlm3}|DsN507UaMbtk_GCR86OSr0MVKl-#ELcjhhV*K*i?~*w=j4HVGxR0N3y=+&g z8E_Lz*xWq~I4x4vlGzG@1OEBpwC;K0vEAs=^K!{pm%=a%S?C)W`eV(mlV*4l!PsAB znp5u2$J_!q&Ir;>zve5(WGb=xCrh2%dA+ggmu%jNo!a-}5D`zxC65igA6{u_ zUfQ6a^yF|*C-+)(_c>m_Ylc9?GZs1%SXCwHfq1A~4uYFHQ$}*cA3)-8aiSed9PBObOchy-(U1&&c%&e5Fm{&&ez_i&(ibw8Sqs*0yJ_t z$gfts-)9cjGd6kE1uO#mi*QXY7G*XvgK5IAb9D00iujnp{dkID+G5v!j>ql$Jo+~5 zx6|SACWmM6)Q|~6f9`q?{L@?kJo4Q%J^Ai$_f^W3OH%@d%iRBC)vD6zw-#Jv(q13~ zwl)_7(^f)xJ#QIjPyo#6?}-hLEvuKcjqR1V6o%XBtmfUj>Gp%sA*p83#+JBK$|~NU zF9(Ug1pBPQ&pAL%3by96f=cIt1I9&m;arUG?Q;c%HQS<0!yPJMznH%pCyPgRqMj-T z=OOm$oyQuf#;%2*>A$n@s5kTtAs9HE_qzsVwXD}|fsBsR9w9Tjh|Ud;=Ne;Qmr0v; zC|a8@=$9NfGF7EFSD&&cjP-}I4}KM+;`Tj~A3(mSkG>b{d2(34##=AAqZ)mP?#y!de z?ob}6p7`Kx;yxdrUTWDw(+?snn=pYHGeHG1OWrvUzLwWbDD!eTH2x18FY~uW;^-3* zAL_J*}>ADhV}L1=Z`IDW8lNSuI8LM%!LLp2T=DEK{(xCu$~pV#j8Bp7k|P> zs6A5%8#W`%?cult;R{_|-UOlF#;8(7)fN`Xix={sbEo=pb+`s;%3V`ffe2j3%UNe6 zZEzfu`wp%MiJJFGOueZNw4)YQwI3fUovb#T_g)*E!u))r5ayAmm`y&)oxjx>Y4 zwLkZw;wgW^h7>^TsaQL^ z^2_7Fna+N>u+;ZB$-y>Gvq@T(0I=4Aq919BrSlpXJOW$uhe8Zb$M5uB$)S~RkE~(d zk67A}saH$~1Pr~Kv*v$tanV^YhLxpVq_5!jy!o3B=O8$@)S{g(Fw(;IHUIX&Bk3YG zFM)S{**BOXMo7-q)^*$`hj5G&DN@Dk({N+GB>wP9FEAbTw!Qrj zg!w#-Ftwf9Rpb*!o#i`SJxNL9zfY8dCBtKCCf&Uj%-Jt{60ZBg#>XshPdEN^$$q{_ zKWABCwIHLTcb5q2<)l?E>g@qLaWD8ZPSsMHZYCi?09j^X?+ES>=EO%6v?_pp8w}8q zFF$)V-Xw1y-OI;o$fh2ZqR`;53;sCgB>ET`@)^ZZDI(`P9>x>FIn){3K^~H4Lp%*# zxC5(ol3wHqke%9*pGT2X%HPiz){y-OKfAE#`oK#_n0Y3MF7QKynTBf zkx`(n=;)hMNJmdNta~w#ZT3xOZfo1{(z7!^ou_|4``d)Xz&zaoa-VSar^Wky_xkHa zouu0AjeS%uuD{@PC$od=*0v2=4ouDWzKl0petMTHxT;c-?_(Lck7?5nLxyl^Wk|9K zYPH{wzrh}1c*ps3hLZelI@FiOBS$=L#i_>skTwLzkN7~qLNlCp>$p^*ReHKhFLLb) z)$$ub{DA5B63cn$$|NXlEkrT%=%hF)jSp2Cf`)QKu=+(30k3~w)WvuR#? z#ML;$l6N6j)lz+aC{OvN&9h`qV=d^i@!@1Dm_dO*ipOoW<&aMI`?CM3nlp*)X}@^G z07?sK1rQg#(hIT(Llg5~Z&v`$ml>#@rmoV><36TKgLJM0m6LGWK$DiE7E4vBHQf4A z_9P8O&bn&hi7Ctrx|fP&+&`qsP@B=mG1pet=jMcvZ393Kid`kT`{qfDa4gQTWsUO zMkufDOQ@V6^~^ZAagna^`(=xHAIhowbViI(sRlORTo-4^>3x>7MJ0XKdQ;u&rhq+L zPSR+*o4mmd$=D??G`C7;8S<;CWnb0;5XAuKC|}p^0gDCHz`}#MZxtl9AaVa%+qqb7 zgV3?VcYSu_4;zyaNY}h=8aTY|kvh7GN>FrnMns8xh$?Vr;ajC#wSs<#dlx9M)_^$y zGff5Q0h&ptP2sM*bv6&$_1nYs{X4^KMFqd@$3yjtgOj$&*pvRG=SfEC489ZbH7xZe zcWTl_+{dj~uB_P$s7R$${z%00<@H)g;apNCiz)&GI868i|Jg?6MprpT@O^AhSSgp7)X)v%SBT)Xil#zX8MsuL(4JdHKE>`TG`@{ebnMn+vMAQRP5hFsKUh z=6I0cJ8ZsKt74_D%t>>26u${jVFxWu;itl`Vq0GCLCd?;K@@aM=07zFu&P7(;cU-a zegj%s2aEu3d54!=hRAS5RQPK~LZ!oQ3E~o)eS~v~BDfJ5%?_B=x74g#5u-l;a+;)j z_)uBBSoFL^Zm)dSPUea~CGR?Z3j()|L9)XD4jQ#j@rI)#_q6Z@6)QTOjb znSxbf%3L15jIv4yKnn}s{;k&VSbFv_8Fs;NE}`5-O2lERsZ=YxJ4W35G$=%i3lhuY@1_LmK z!pOpuAt(>Yo{~aH=71qsP-R$impo2t|7O<;ZfynKkp}BR(QnvgA83n;ZyAq<$k0&g zY`++C3-uQ^C-mRvCJ&)~^69>+-S!s$=|rtk_ui6a#S6j|jaM_9LwdZRn|w=johE++ z32N3`@F-bXl{3d+{G2{n%pb;^@ry*<_Dsk;*`oF3V-HEhgPR+^;;aA{lc-=ImG&8t z2Nso?c~5P3X|Htdr7W^@B#lFO;~O2VjnS33AmAsS>F$^`kO6A437+HinK%d9TrLmd zb!3MrJm2?eR!5D2t&d6|ZQX&eVIMx>ag_Jb zY{V;qQTy0OC~QfZvuEEzGBfL|S0I7-Kt1AT=WymHOq4quvaCsC^;|z*hu;sW?jSEN zNvXWg9UyskzPg|k52tD$q4@_N(4L3T^SuDEDw>h!tN**+t(S_qxcx3C1gd_gUeOwUhSA@C0N zz3;1!SzT)GPafb6ryt3&0fM%!Y;+tbbX(DQ6C)_4@GsC89?zU)E{i8|e%^{|sW}@8 z;qzCSH|&@<6n&F>Y!XRT{nCn$?(ircvE3MRvOBNl%Y8uxLeyQBmWcn}4}0fw>&yVUu+6Mx_sq=4R_=)X2!+QFEYO^WSNC(m>b{KdsFqB*jwC<> zc;fKJ&?iL~!A~=QgKr-+*E6*95_!I#H;|s?JVI$B-PnW@I-x1(JK7P`=eAml#b$Rn z5Ub~S(;ifx?Y(BK_Q|y41%2KRSgQR#hyH6xcl?q<6;$mMipmXggP4t$Z)FeZbwJSC zQphLRs5(t;pH#)(@vr_(`x=pDd< zf}5|bLzztx1sfbUFg$EMEIwC++mtovHaHRtIasg8@M3Y{5kZU~RzLcdw<}M_*{P>1 z8K5Eq=tb@crc0X-yOc?6J;wN^G=0iX{kupd-&suMO1XT4rB4X*K=)prgDF>Q4H62# za*70P>1iQIE~Vd+y%!SimvOHWXG?E1BEf2Y{ajstbJXzj+iSMdD~c4ouaF8HXC{A+ z=VAK}&0JA_g+TD)l{B<%+$x)G5CfU2m2DVBsr(54M);R6G6{Hm&IVi%#?Bww#9!01 z{e^jOLW=u$cG*wJs!cpYfd1Fj)Nf6cewDAT9I{iQW>g#e_93T|+%_^=?PA@!rLEV& z7MtG<5uc`vy-hp-f8sLFza9w09K}W6!?m3^cwhm4u1?h0T3@VzHIKOPe(fB_8f$4w zanvm&wQ9e1^rxUMwskYbO6Q`}jhRA4Qj2`L3P7BdFBQwy(@g%tx;4`IA}*7>HxtXF z#uEY!0YLNYZlWQ+{irXLM|P%Ot8n1K4MctrWxOZXLr>m&58=%b;EW}IB^+J69lY`= zL%a3h?yFW-vm=Q&TA0E~QweXxaZ_PorLI2M{X*cN1#<$04p@+&rR5i_Z_rI#iCUwC z!7zgBDV)Ne8f7<`pT;ziFyu-`vR5sz!Ui_-0DYz{dsj8Q6{?M_@TM|;5yBoZA%sAs z=hrudN2AYPsFzVIan$YPY(RTZBvsKGr3GmD^WDD_U04(BCz;knLUzcrXUfZu5P_)t z=s#Y6l)O-{#lb{_@BtxgKw0`6xW0Q)!;48HaOTb{pa+!@@ZkPSVN>^SLG z-;O3Ft>XYt3TC~w4TBPTsWSdL$JZiXHAoYRJ$95A*POJD-;rV*k*%%EZ;I~M43OED z<74W3QXt~eKxav2x83UbPn)s_Hwj$39@Ou`L-0OWr@q>cQYL~Xrxb{(-d9~y08OKL zZjM-8q%deBN_VnBQOBK!O<~&Y1a=_(|XE@5v1u_pmwYdd;k3Q1f4YbqH=bbC;DT zIdouY4{fzdY_E2CK8FS!$-{J&0PlFj|91wHqC7i)7d3lrkm*txACO74Q%K}D_RFW_ z?3jyG@6|zMea3Q-;2AfHzSUkt8Ksl6UjZZiBLrA9RUDCtwDuNDir$*IVa4{@sDHJ^ z1~`bFdEs#{f`)z06}=Owcsm$S?keDTMbIu6d_QPoZ81OZZ&Se1W}5k3UmwNwgp?xM zc7VI3m-4j{S!(Xp+x~>UkiZ0OQtbCEMSq8luW;EBD|vZeEN|D*$8fZlX7b}+t~kE% z=&I`-|9`M0Zy7upe{y^-$R784I#Jb5QQfoP?Q0mWd*JVMf7bn&`i&HZwef%#{I#C) z%LzRX{6sC-{N7#l!gd4(1@I|;oXzSe=fdAcQ;qjU_aWkOFr+icGi9b{2T$7zwey?K^ay*U^W<-h zRF`E;cki-AZu+WSmHiEbBDSI0DV@V!b(7;dghtz0z`mHR4;m&hj_`=Tr`Ebr}x&#d<+KnMCJ@XDE2ktLK*&7W*%Q)!TqbkQa)aLJ&Xnd=PhEX zs^fdo4qs46eTn`CQ%v944{T3&XC~MxvLZ_%phP(%c+4E$m@Gz*m8uo^vMj(WU7ZvO z#5~jvd(Sg(b(#^?)1v==Gt|YAhS~rC{Dv0}7vMlEXlVdje_<79&+$AHIqqrY^_lX5 zJ+4-*p!G>S_v@=2%x_8VH!T4)X8QC$ocigy;{N0#14AWHwGJ(B#HVyOou0~f@>2E@ zz)-44#}6h@^ex{pGU0m;W85{DA{#DA!QLl}K1|nB-|xflF$}8mo+S~2%5|vUoRrha zaF?VB@7H|G!pDAD14_<+6zUUx`g~1#EW;#}#Zo0AjFIC4>9iNg*p<&f*`Z-{03{&o zF8eU@?@vK!dp`mjlwWtT4&g@||FRs;u|Q)$73QIMz}Aa(h$QDS2qsNYIcl7cBEq7P zn2Gm7<;hjWEaH?RkPOT%N0H};{?-)1u^!Gg1hvCQCqP`lgY5UK{HzGy>-J2HH&`6^ zec;*0F#L%pPXr98xnL)9=~~`Y&)%7~!uV!umApWc_?g4QVw) zyx+OMq5KKgH{0UhaNL%ub}o>miv_|#=p++HFZ=*LuZn#Kp0!r|8QC(<{$QS$P@&gP zg}Y>dc9ME|McBNpZlT7R0lrX|yCpq9OBKwVh6pD{BG zl6kM6v21?lVJt3`P{8A`a@bAfgCW5SH*v~5_6cg!7**_g=%WA5kK;eGEW1LVOct*S zfDFYwxxUoLuU^bl{%|~*+am7k-4ofLJa}89Yj?OHV(S$>lF)VDm0jEY=V2XB1J^zi zv9x#=bBN#&jN~9M%iox;Q*_ibq?sE#%+b8h-!jYC+5wWI59p67#)ZfdqurDD6PScdd zppB`0=N=Md(c0`|G=kcCrnV369D#3-N*R&*os%_w+pe6Ujfk1j<@bS;fbMP2p0k)~j4v+(d{*wH3aFT0&sOw_Gm!^mU8&Us<8H z(%h?^1Oi3^=`t1aR9|2j9KHezOu~!t2!jSh>OEY0X;yip&b|dpgYp>VmjucHN9$yC z3*_&!7H{M5*HR3?lo`w@U-sb#KhO(F0h3drMaeQBal#K zFkx*yH9q@#G!U{*`9PCkd}Lxkk%5?@k@|d6kflHD-t@IzMOS6l1!+~UG;a6}YUc5* zD^%Sfca3!>!o<7}y%RFFQ*O0+S?Fe(7>+JZp;7#$!)+`?Fw!*`N)hwl#;HF>vr)as|kUn(dy!Xcf9~&}}cei@nVZmt7RPEp< z$6Gf&aCs^-U$r4hhO#CJwbnMk(T@87`(2Sg6mYzi8JlYLzx{6XUiVc$i*W2PpXjH- z1Gu7^d&>{{e)LPk`K6b_LJIO;*Yd_#g5R*E$)(DY(amSAPUGX$-dmcnBezwxLL_M~ zp~S@Tud)p?&@dWjgxDe=>`LP$4sdb+56XIEX1s&0RWY$W46J|8SN3=tCeP_;VD?^j zFC3+7as$lvW#3;yowPFO-zk!X5vM0CS@4l`o`mv`dLt_ERQvS%3fV?MnvybUduY4l zz^HOMHOJ&m*w>54GcXiFWBY?j27uIkFebi|6yCnLW2N&e89sj;nj?QzgjYGt;#KV} z!O(2fRKg&oPoPrGgHtmWw$vI~Is`cRAX*KEbY`CG!m1C3LWZpsA1@EOs0mnLn}00( zkLF4ua2VZK0M)<;_-z8}(b9=TCO6P~xm(>Cmd8Go$3gsq=inoS%J*g^8DH9?d2c?~ zMC00Ao93CHhhsY*J(|}qT9TZkjx$e)rA&&Ok<3j&MV!-*UkFH6e}2(wkq|lVubOZ7 zIigx7YCjb%rnBF0i*6WO5!JT;#Y}XTthI762@flZbe?|rwz!X+WoTmbW3^&}2KO*~ z@ZP*26cD_75@`y3Yp_#%c>hdjbHk$i5n1tx`JbZ6`EckC)mpytT>8)l7cb~sbCI+d z8bOd3D}6b`ZL2^H34yF36PO6hfxlmXFw^fp`$T7=V6xV%KBDkx|EPWLhGK0Dmui&} zbOb;rD<{y7j5)z7T3$Zh(T#py7$jDWg0s)~A6qG9v2!v4!O!Ha(v1p`nrCx-;90KmS|@nw)+gb$raucfUlp=V;c}GSXic4c?JR_I+b1-I#O7M8x;S zKi0gN8eR`GQ$Jb?+oIKB9%7Fe3v3qc)eZlX-nS=kH26GQKYmP-c$|SHJT)ew))mcO10PY>0tUwL|n9>I2WMxyuy^yHPUs)JS=}KEry>b19OP% zRn`DCk*i?b>3MQSbfwDdXJgD#Mx+b+>vW)-ZJ)+Y&hOg*a;=fq>Ch;W@g|Y?+#s65ieK;~6{hd7<5*qk zs?3cRqd8zI=)>J9=AAB--=45L@w-Ot$9%OumQu|zc)jcEb-%{^bF)(CBkTodaONLq zA+f1Ey&Pyq-Te1ly@l{8Wks8E5e07 z6q@(RBTgZ3KK8}@{*lm4zXv};-#lpYF@9Th-nH2;+6T}N(0eD9G>G8FUI{7bLt4x8 zaw69x(1znjfbR{gA^p(a-Gghk1GWe5>3(cRXMkK+&aaEo_`x``g-eP>_lXew|TJ zW&Ze*xLjv!hjx^@r1yjRv~kl*l6J0|vEBrb>u1ZaMnuhb?+!$Vb!D|EnN#hU!A zbr-$^a@0Q$5?KThVb~kz7op4@JgKLMdWqwDjiU1^m`s_-0?`E6Q8JOXbX(FSZM?dM z{AD$iY}!ZL0Qq!Yb&fM%~aC4=4oRCk`lApgCrpMIWBkFCH?Zz)aLMfP1P?df&( zvV#LZ-0c!QeaUFP0XYUpJ42Ft^tLab9eC3LNxL*eAcS&R7KIK#8k>>})LK@iXN?R~U(B{_1{MX%f|6~NP#o<_;iW0QXm#Lww?JvbgFYR>n% z<#BYM{FJZ^|Cve&6QO~a43~Z8kVRR)^{NrX8`$O~s4RmxCG~<#%r6%Du*Khk`~5jE zz%#5HHz4kVP4BMhfVd-L86ceRJgj=3VJ3(8{8F!17s-JovTgK{2HXZ{Bj*#pWe#BB zE1DS>rc7@t|6UekxYM)aK5o9#=jktx+7a*f#04mX&K-ZNqy{w6i9!RPy~;&K!Et*u zHtY;^%bqYVk}w=0Y}XIu2?7UGucq+&i2&P2RJVVRy{AcqO!mpGrPMEh-`(`|g#!3? z5=25==P{O<{PY7)vr2)qk~Fh(`)3(d_mQ9%`$ip1r=l z`e z9Ghh(#rVN_W5dk|(Zz|tpAcM7JY4}U2EjIev9v?gE=JFvk#$s^OV(n1+k;#(0FM1M zywD~bg7oMz3@xExM8aS6)Qx{2bk`7P_RXI>f8Jm7>-7jeGBjcg%T43V$F)RC?s~Xb zbpYKDe2tbqTn{PqOfMl2hw3m-AtR56pZ&g5`5T>^=es!PZL%wSjCo0YexK*#p7SRS zdR+?AaD1Ij=1*^y7SKe*CpXTV1xmd>gXYkTMXaW=@i9Pt@q`2%9Omg5FC zw~CaK`6|i}&oT?}1#Qen%Xe?ANSAu=nan_r-$_}jA8N#(zJGd*{o@8DsaA4V%1@#; zyTwT0?@wrwp0Bz^NY_vJFzQRM4&x;&Lx)i=s58?JOPk?yKS?LIu3^KWw4bv6y5}6$ zuTXO39J~QpFI;gl9-}&ys{0x8>~XT*nRFL!O*dP&w?$$vNIqy~HmOLmqde^m)DtSC zq<9_9r)QhkzkR&uD|dVf@iSV*@g5|y&BOdf(li1@2FYvZ&rQ|H!iLNZ+Xpys zPRKspkShO08^&Pb8&xEJ_e(2a+913;IPUUD0#T-Y+WgH0EARa?o}P{^#himjxk<~b zzJ$^B9B(fSvLlqe@s`k_H%FmRYb(PQ)`^lRmGyid(UWR&KRlS!Rj>)aKCO!?y0c2W zu`iG+SFe+ZZgl_xUU(5`%B1ub@zo0dlj*R*;gH)Pm_-qTDZ|u z6RRh{us$|r*vMMF{`RsFk`!yAn{IHU3kv1*mbSq`yUW((ny=0RIX5$U8+!Aa;s7|r zRnbISW-%r_d@m5-5c_s{k}E4cv}&HOkSrUw^9#KuiCcQ2)_0(eG+vm%D`3gF5OJ=M zg7BAR)qqx{S9;W5LZ-a%qqJt!O=^I?&_65`H5Y0^MK)ya9h5bsHjGHkA@Lzww|OF4 z3?Jo#<_8Bl3pC|_$cr9A6*ew(Fxo~C&p8vGPlG?s#FW&~dgN2lVq4|`UliwSg}@`( z5T9=EPN9Ag_ED^P{*-qgJ$V`DMYv;A$9j*qi>xZ~t)cP0JPouN;7P8KA5kQa(V;$tWMk4;PiXk7#Bne`FI8T)&0)f_FO4p zQlD>Q7XeAZI_gZ*sZaxieuRz0^D*%`T&~MIrY&0=!gp3Z=HS~4((fVevwQlu1W!Zt zidHpYrOOlm18VBLx&63hmH8Ay`zCqw>jRa)m1|tHx#sh`jqeFKTLV4KYm~Xd{1Qfn zeBH%NIz|K5MBwwafOx_B&3y)A+DserZhT@vzK^!Oz*b-X{7&eSTIm5SLy z7@ZxxL*l25^7u{O;d^#B_j*;b^~}_V*Fc0h8!MJe-9IKy?cGV{qPmt3t#!^p-QagS z!E}P(Yc!tX#XBqd921WNEgGnAr4^b!_M9`;AQjL3zWFFf+%paxoT6S}&Asp?wb%F5 zoR1_s=+zUf3&gVkm5^6Di^=nRK~w|l?_3Xw7^N7EK7^Hh+x|Svs`(Vy+xPS@ALXw* zKu_-*l*a~%1t19XLr2v0?_@Xo)_TrOId6o&_YByFhNUtX2xDyR-JHi`pP0Z4H}g&3 zY=XK?54Zy5uE%UG?Gx)3+50x_CI1|-m1u0+&tvi--WvYZN=hG_&KX*X*Y)#2Rww%G z_sx5C4Tw_M!o%|ty|@?U#2@~4fDo*aYw${`f~|4GLvfJKM_nqI{x`EYdz_aYPw?Fv z1|p2J{Wn*V&mdxV{@#l<0xb#sH$%?pPDnADf<#teV^*whhcS!K=Bm0S^tjc<6L zSi>q;(^~uM&n1p+erZ+zfp9E1-jV@ESiNHhq|6|Tf&wV|RH*`gDDKw!=no&hOb}?F z{RlqfY$NQO=lk+SS>P`{UOcMM5Hv}~KT_&hIX&y}llOgD(3VQiVTFVK;>rSbd6*Me$WXA;h!Y=%1i*z*qx72lPez3i!hB_1Ae85})s%dsSwa zax`hh-hTzE~7bAd=^z-5ZaVI*!swLre*A z3+z+RX*!F>_Kf{=NQhH7?^UY7h(=?b3-@>6CBahb_ZR;qXb_etA&do%5+`o_-FQtT<+8C0X^$ysxf|`{$0tZxC|KUg+4v z=?rjbzdSOxXP-9-@;6WTd7J#o;%I?>W5Jrli*%0IPrJBM&^bebay6-aj`@5J`$};i zX18OX1jQHt{PdQGlo?^a&C2n5exZg3T%{xJGuYf)K;X;$wFt?iNz%LvmrGf=9;y$_ zMnXu))BU+k-{;mQ%tMHy$1N?^3Yi+S{HcN9bWx%%-Eu4|#=kU{Z(|fb4gVGyGD?2F-Q< zb#Jh>gLw`FG!sU*iP(Dw#e5!g{^@FJzVH-}P|febLZIW5mso=!IQ2nX@UYWE`Aq}# zsPM6$l<__tTkv$wX6Dm za0AYop!`0H;QHBbMBE1Vt@S4oIf*QGKF#a)jH@_i(NPdqTWahTX_zPoJ~Qazlr_`q za7d%#f~L!Q;4TJsnS}c<@ozNr}sU=4P1T&>F^AUR@XMoA7Ch?zq^9< z?oq`r4H!uFx|Jep`TocYH&{Z%Vm1WdFlRV8Prgmq9zNUg=JKbff15w|V&x9`!SMWm zP{&`c;~00o%;BiuaWW{&aw?JvqCVE9#g!xIy~84~M(ptm35sB+sstFtxxdkEd1k$2 zsGNgJh$Fq7-Vu+rxu4BpPR*NsiyMmk8o@}QrBmSeA1gb~kJ?vMtIlk-!(WiFurO(M zjShhxYLKr=A=@6u5>3j0%yMUB2{8@ffuG%ZQ~Pa61KNF>=fHJ^Q(7(V+I?P*y^j;C zQt)G`GJ6GKDM&Z(e%D8eT&TUyXsg%0vQ1ZjF0RkTk?pgJCkdYR8t#uY8DZ=vKlDhs z#{AuH=hNZ1CeZYylT2`}Qc~PLrQQ~(TOIkg_d7|oOB=0D)&~bWE~HAXlGdc*Aemt-UgAa%EH3Q z{~iAptn=e-W80Q&xX9Z5sqjv>6S7bx=dFH!l%#nl=Ycu|uv5Ix(#H#SNcanKJz4jA zA`npwq!I_#4|s}gdps#Br5%5XcA2IGc1qw-4xnzC6di(}h!jB29~=4;?#Uzw$n|Z> zGBE1z2Nhx6Rd+CcaAd|>q>j_c-QRMI#Lmm64z8|0R%&D4m!HJwIGwB5GMi$A$2q_|UiMcl)-pMK(;gDY%VlMs9`@A7 zMU+Tq@;xMST|RI#pN=K;zmHx!*fYTqs@$jgUE#6a5oM1ie<%AO8IC6_&B?ti==4P| zN9wa$uX4(utX(N=sqdyL2E`<=@!IK@&@UstCG>Yq)vbh!lYH~*rni+dP$ z1sZ%v9R99d5KnIB@m7B!z7E)>@Xn8T4^r~&F5ilt@M+w4_z^ zKJ$5B9U+{-$Ss}O-tS@9gbD7ABOt)W0hJi|SR=dFE8hm=Mad_nE{+z$;0%uz#!84ERtI0d54d+e8hv0eVf zYXuz)M`3UKtQi5t-J$w|JP9Lk@^b^^)Q zDI4wt*+#J=0v)nME?&80X8a9ZmHFj@-5Bzo_7R@t0HIWH0Y;rlH6LSc?(9t?X?VZi z>PtDo4gK`KVRgKf5PkLng;g(UnK*ZN89FCP5u=CKpOpvX1=P27J>C+v@Kg59|AI?l znF`~4e>0W2M(tmF)Lsp%1Gp%|TE14LO@^yzH1!Bh|Gh;u+qmp%VIp*Q z)>Wg5BkGbjgO=LBAfF`^AIB3BgOdu9h-k&`x!{jNdT#n8clYp7ZywoQ(*PJ5eA)6J z2O_&}$GeqPXJg$8$b!Xdcq%L0x&Ze)ZV^i_IS+ZJPIT z*QNUOy^^@Uim1SVh6&fJ%lBc{3#Tn~lWr2PMNd!=wa`dB9PvT2?>AyG2p8Gqr%V>N-vD~&NsYZRe#EYlHrUc?&i4GvB?rZNCr`Zu--spWX zprG4RWKZ8+c!nLU7bpYrkBZ<-KG)~`Pxn070D)EDssHOdWe|mss@5-_9;@H(B z@*B3Q0=|esbsW*?rr_O!^K!o575_Gc z`XrC?O3JiMnNh#u<==&Ir)M6q#qG{M-yKtOFTZ6Vlm+`^8m?KWRPu{ClOi&IXj?0@ z%#tU`LXfJWE<(U#t5u=ab)39!MvwKMvf;+%mC1Si8r{9YY!mzQ%lkow5WWV5ff`vJ zU|fgT^8OHAxInYGJ`%>fdg#(>^%TyX3Ai({mxp7%#9|Ge!-d@T7yeO(BlpxoD(#_k zH3Vm_OHJ|fRd&6@X({g&WGx=PD{ViAbEQ`?5|^|(apDZRIl+b4@b0!s{M2WaOAHM~o*udlt6p4Kq61A!@YLr(UwqVD4j&+Www zQVH(Ha5^tf4%iGr`X+NQzoxlwz4eJ@4*u{ESs!WujcZ}8IdHU)AGeNLI1R`kbnRVB zoxIq2u&sP=` zSI#ZbN4>UgX`Dt;?*Y)59X3CUXG(vc&I7cxJYvptHML;r7+jFii*Sp8)73@TdDRo6?t5Rzj-@4kq20W+r8)$XnZg?|&{TYb6AWsKr$n!d z(7*B#{8_O7&P-Op<;^|oVu%1lWN-dru z&49#E{W&x;99)9pkoX)8*N+YYLf#jo(iLsExS8YyTW;1Aw|D>wPJ4bO8KenVuORJ- zN|G_2Eu)~Is)xFS9Wfqz#_W{pa%3HgAII$#f%?Sg`J2y|-i&JnGRz$uHLHOAq^(wd zq0FOwFIxGG1VeU|+Y81?uP9It1hSS#5M=x$Rb3Nwhwj2J$LM#fZ!J|7qkja$fvr8% z5uhbYC`fMAYMGDpEx(c$zlIM?7??E9`XhR1Z@NC(g|^=sabI|DUFIeXLZwD(EqvoVNzhRI=Zn2PPkK?SpV>;P`O6(7L%w{*le5Y_z@(IIw_T*x>ob5# zFKqgpZ_ihG3|(nR`>5wq<{F|4zU7D3r?8s6)XO1}#iL|EGEvPqV1u1ZwmtyU9(t{k ztR?Bg0ODPpXMro;(+Az7$9Urko#G&MBAWrg<6O#se5=&{x(w@Hir$x!_u&W^?`$r9 zdq@j;U1dAn33x_RTZ^_f%v0I%K~oY&fhZCY1f1(X+%p-rE2*rFS6Iwx@PJ{+*qsad zyE;$c$}qacqAmlNZrXWrxKdL6qE*%MFSk7^`s~}v!uGtz;FqYp+3o;Yi3r*u{=}hD zoiUmB`!>?giYQPCss;l`9pT_60*L>xKi*G+D7`k2Vb?;5z)7Rbe^yrz6WpRpCd?Nep3*R+ETCT4EAxkU!T>dbJFq5sFc8ziVDp4j+lF=yICix{+8KaEW1Y} zI^trAe!E^fxi3z!b2>!(pnx&y>0#^_d~eF>&oOD-@gx%abIPsBl%p7#{RY$%dIIx6 zc6Z_pll1dLi#X?_-Ef$vy@69!;yH!oV1&OIApAPzn^1NqqcnSN^sh(ji07`KH43GhlGCgUBg%2U2aXypgN}L1Z+4_aG?@096dLU)= zA1-`?2H&5%p>kJ*M#bh5C*Y>^*AJROelV=U>DU65FWxRncxjMRin)AQXSE@M>~%DnoY?3vd{q+k!LtxD)8n+EHvze;ra^6guNITsw`*em z0a`D!f6K^TJmmntt)t$Id;Xfbn<35nebeF(wMToXisLUHzJP4AimPTcH%a%25BDwi z`6K+=D;@Dpaby=h&DJXe2&G}d6O5aAl<4j%JXGCS5dA>oM}1s=tu<1&o0>azpBg)P zge_mlYQ6?H{-BttMli7gnCyNOp@eS1q~PM}r*XJCuV`df`M3=IoSlC1{h0IS>r(L4 zF>Fghik3&f#q%KU1>z`EL0|CM?_E0!74#B^Ju10iNc=Jh${0{>!cp^nq%6CPO$2gQ z@~M?UcG`hOMr7Tfel-M&u58wu8vOubiM&R&$C%E)h*p=X4)E$X2Z!kQ-iYYA&aXG} z(np|@{=P=^1SF=8yGU>q5m&f*xy{7?=Co<{s9v=vcE4ZjHoWA^ZSPmyQ@AuE&75C9 zRZ;Xs``jihBl+9(o?E&{o%XhqSVeaKFRb8|9_V4em&>?=#+TozP+9@IvslkmFpQ2+ zM)H+jjvlNY{PJ@9oSUk*vFFfWqtg!&bIk8OnHR0al$fe z=h+!^@s=8m`%L&Ey1-z{DywF{6=|xW9V7gxX}=;{DZop&L46pNeEU1KCcHHRVe0{_GrKF1wDA&`0N-tVBgG+J}{+^gIWj-aoh!vp(LNhgaxggc`Y$ zg`e~V=>c>P<_vv~y-pZ{jTwJ!Q^>V@a3iicA-q$EPlb{QxjB%o`)-iJT}p7&6?mGZW~kBT`( z=ka-ryB;q#CHZuxUsH1()Ix=N({W!;^77s_$>)#T#8G^)4=T>FSLiz0ulw`VZ^E36 zu6d+b5U+wWH<*;kpRzmw6qCWp){F7y?zl%H6)EFms@Kf}wh6y%nfBC9*<~9BZn-r) zES18R5bCIdl-~mtR1GTG{W{wsxzIBBQm8k##?f%K1$;nHE^%Fw{vd-a~M>G)ZdBq4u* zdW2F<*3~l8b8ww8z4%7pDKZ+u6?7n9U{H~ltt*jrdy!}TdVm@vb%hf_e$_Etpn+zZbGnP`8+h0gWW`6uZiEQJgH{~o_cC9Of*&fY|%(38rXpR3#2%EQ~_xM^t zj+rBVPa7*AJcoRk@7_m8;GQI02(xs@By^pPp1CtgZuG!Vw}Bv7T_T+o@yiPDh#ux7 zj`wH?vM%G<AM=wz84sA>BUp4&;jB|SODR`@uwb3O3z`;K3)sr~_?y5AS59`5trc?ce3czd{Z zd+ggGZU{t1^AUQ42k^aW>izWJ;7JU77Ch3F0QKqq0e5&X=Z4!p|F{<;{piCB5Cg@? zsC#(2fXSWn1ih9|8=_YQ9K`dx1jA0!jcGBE6>ENy8T{?=mXO`^Xg$t3Af_A5mnKH2 z=-l5gii39->2`Q^YU#XwTVzm&4ywtoADl$yIo7*RtHA?Cw^LiCAaaevpKC);r$a9I ztC)OetpdUqUAC%Y=tmAzg1vHr#q8`|l^@oy;nV(gW*F&`%6C7XBO=MOlo%HJ^(kbc z;`Y^WFz)JcVu5=M$XkrmMjbO0zi%B!UyKTHyP>6j$hv0cr-Z$0(A}#1UJ=7;?iKbh zIm@+`Ob0fsfSlrfKL@|^$slWy=kfl%>(G{u5mD#fcwN+I|4E3bMw2)Sjp2^6o%r;! z&*$(1t}cB)vl6!OoK=I8^=(>eJ4Ph^i#v1d{)BB?W4pcY-qkd@3u?lic)3c0<{{7< zlxDeOL}vES`|xLDp65o)ahK8A8NuKqPq)p+2N^Ly^@6N_CokJdjeDeFpi zhx$|4R;#`<>1cgVl5;;lzw?6k)T?eTCSa6MSxrjklDr{CJfDWc@O$&OpD^NMtNr=3 zuL}JfpBuW|7t`C7yZSK)XSQ#)US8bd5;VX(U+?qFVvyJGkOsyJJ!L+(GN+t$p(k_r z(DOAWH2>XWsav}UU8~{E0$|yr&yRtVFCNE_0WHG=`+8(!3f0jfk|X=(gNoK4E*?Ws zi)8HZr>FlQZX5+opW?qIfrQer55nht z*u-l~qJ2wJNRB+n4S)51>EWrz9p%RXT4*;`di9&P9{=p?+kIITHGV$u_)V-_KsWN? zROC-U)$VV~&>EH;zG`uz$S%zGAmhT9T~0E46fhje=YS{@d&$)C8rZrCSKH@#qsgS! zW=TbeZzC-IQ_MLTtP0bed1uOmORQ^i%mmFDE!70;H381eCs&;+THvC#Mr*^*R|Oc#b&L<8t9o zo&0X$i*c01XwQ{Q5!huKhc3x->$yf3g&twHG)1VYw2>YiVpr~Jm>SX|$8 ztsnRYgAVcQ^5tTzGDGp0@2kf^2LPS)B(Y*h7!BM7MZ?q#)ldB<{RkKUfGx^Z7b+5f zYMebW>pf%uKsp{~8MwLIzRbQS7iGm~xDR6WcwIUw7GQuZXerO z4*QNWFK|-NnW3%3t%hrCQfd~mIGWKYU5zm-gr*I6qMET^j2+NagF4}adrBt zQ+^-p2w51@fj{-(-kja}Z@ew&@}_P0^@$7Fy6By@>Q|!om`T6E88XBPMLe~poTt1p z>)VtDNj_xV(#kuSt1n|{L`YwTkj>n!Puh{bdLv)SEVDDw)gIeD#@8H*H1y)!>IU-v zU5^e3xy69=dzq7TV-G>h?EE7KApLR|XsNSyr{ARJz7EO&i<3*1EM`3UUr^WxUxb?5 zz!n+$s`t}z!p+NFH-}7%WdW`Bv*LU3C^oI{bt{Wcmse(sarWBg9|0Qj06Yojn`XPl^76EZj&o)@$gtwK$?SO8;IJnyS8<;nR5%Lx1eoPOSo=1$%KAk;LMKhm zBGo=YClq>&5CH4jT3alrzGF#NbLx5JsswUcbVbQc-SK|GH1&FDse{vFdlpYGXRH%8}lrUlMB8K3cd$A%QONhus^de2+S3;_lALj zs~?QKQ=PksE0;6W4{ts<1}qsz#V@>6@)bEXhk2p0h$XIxaHCf}5w;lAs1BgCJI*OT zjxcX`uFYSc`GeW2KG=KlImf-L`q<2Tl8WGC%NUC4?TPGNe8Tm3V_RJ-4nKN{p8GzJ z_2m%EtY%#C2Nc5kM;N|Ms$!^6zQ<5!Fr%bp#1v1#C9%I5o5 zI-4Y}Cg}CPo(0X#lwGV>xe0m8U-dT93}qLSC=w~y_m01sddWM%;dRv3Q1-gd{vpAh zJBqOoTdw=Y18aq5rg(K4mlFAbq(1qqstgngHWDSy9m!S6))Fb;~IBwGBk`cQAbQF{r*pHx!!8Jv_%a7Wbfy+;M;M~P zW4U<2L<5@d%DF=`a>+tc-;jj5Yq0hca7@71OwlMtLX%chB&#nJMO90!6cZo&K3D-vn&)#ix9cZ6dWLcr_(k`0~_pE<(C4EAW5IV$hAIrIv@*1HOVc=VW7 zE^hmm+|Jjs*eeHo4_pgS-)~OSLOZl6`b8Eu=q>3+5kT@w4$r_qwbxj})GR6b&#i7= zNTvuG$NE84Z<1emh4K8%8x!w5RWRMH^Wa;vk3kCtBo3@w09Ec?B7q`w7z+R=b)fGs z1v#8gzwdNiLBe5+zJMbUjHms+I;;K1(W$%rv^5GTt189`fq$$*{axXkiO(%xhvu&f z_LMsf@b%c{PXQ>KJ z0@DQjOMmWwf(AK{v1u2S931z&Iy`$zRn)wcgqxiQd124tNK2Le%B@4L_IE(`w|jdl z);FRQw7fcR0>AAu!ZcE3xil}|{?U0o4%|~Bl`{}%c@K;b{9(Hn^l)&FH?4nbU9XI+ zQ4~yd@sO=_9Q*17r$M{4NS&_hX}$bP}i^XD3YY(ejfWNNiNg)AW>zgp$skkg1d z5W>)AdhH(Om6(sqS5*FpttRvW#lnOpfDHL;^3BtJP*XwNOL|Kj1Euv^EH}$LPZvm% z;S5~;O*Dw@GBjUE0V@?DJ(JLVICUWwTlERWRD94Pt|^)%$Sj~__5eXoJOyh+@`=7_ z^AnLhi7lclpAyyM#_gXRy`uzJw`IpCiQ46tL4PD8C~TkiR0l~i<39T(e>@(v%M3{1 zw%f3;o5%pfj@LV{vg|=x@(ZtIj+CQVte^erv>N1qaPgKWM>)LRpx);mUb52Y*&YiK05+eD zQ{@0@nB(LPx35uWS=Gv)6Zq#OP2a+m=upkz))hs*jEwdf@A9OtS>pLY-+)Jc)^iwq zh>HTLX?z=1f7~!9MD;4>RLLK`9}n`%K8Eq!_4RlhpaZSVHxQesvbH2i?U7bgN?jE8 zfp*Hen~sDNhB*3fr-!mEe(f`I3hhTcnfrd%e%*p-vMf6K^a}vej%ALvlJ7~aQMG_e zk;w((5ub&S;zLDNa8D~;XG~kMNHPAznL-*z?w0^RiuFMpUr8P-Zxgt`owDw8dRf;W z{L{Lqe}+^m>E{YPLLDAPqTH+?S6HuGhdmQOJn=Smclkzs!W1L9{AdtExbEHoDAV>i z^Nl+S8&H~paeZT?xk~-}*QC9`riwQRgEYt2<5{X(adb!h&+iR(!{WzKzk8@b-+Q9v;R_JC1RoOzCU0)( z`U7SUZ;^?CkQbz`Ts|4dfoLKg;8E9RJh*7YwTA!;pvl6Wsnfl23H5B+^?h=F*W9Hj z&QvyA->dn0F^l}tS6C_w>-f_B$Lj=U>-F-RHBhH_p-;EdI~qmx%1kzHeH7u)f`NUzVluOsS+fo6HEaJ2HZ; z3Rx)?-vg#KDd)eI#0La=z@cZBOHL-dcYUBB&U?Va-zF)4W6y=3fzCFjqPGkGE}YFS z>-_Mfl{R}WBY0TpuV`N7pE)W@w-)I7PynzPX}qs(&$bi{a4>g7{!4DOVgB*}e&(-) zqC%E52bMTNTCO|6 z7%}VAu9)IA9uB5aZdqti)caU3+=z&MAEnWvs?J5)HRSHcfw~cPaP!3^#}0rHwvIyj z!l@|f2q*5eYz`4HKlD(oH#Tckar^v)J0tE36aI<9S19fX7d6h>uaG|<5Nenpv~V_( z4cVA@5vsJU{|aUtdJ5@@fA-2mOGOV*zD;Q0nN%krQt%FFg!??)t^by=`0U!G<*gNX zw0Q&>)llSwKsk)oG8)I2JiMF}+eVuF$m-7U9Hck|De;`bliyEwk6>RGD&G&}b%Unh z{C(RwfsumKbV)vqD3bZn_pWl(BPhJDD!w|4I=ZKQ85SQcBp|B~g+lQP?X8tPk5c$T z+w4nGj&XyLU4L4^XPIop=jLg81&48>fy-;dG0!<1JxhfVGFw_xoxt+K4~pv-OU-`Wr9dJ~Qi6}doK7$>*_ z*Ey&AHbe750ttfIteJ88vXJ|<=lr;&w|IZw%8$7tj?~uv_0rpxGc3=v zanzfG5AlL;!V-eJzyKn)|CoHry?rfmNdf9#$*mOGpA~Fkcaz=Z_{OIClL#-_2Q|@u zS?}cXZGZ|Z&jV&!zBM#Lm7o5KmvC`Fw6lTCUJLN%Qg`_8YVqHRK-699K4ibnqb7D(oKRpQjXO@Vy6FBP1mHlnHDPxk#$*#WCNwR4EfyF?H#$8+R}N|MDAM; zw1+ux^F4zT$5s4tbhKztmpiYrwyzS&weVE7NFP`4qB}IShlKGl4~AU$*t{tV%&0xL5CF>>(HsCGZ9w=NkYabH6ON5cTA9(cFG5QMo$2Vx{M4>!qGn z3xNJ6y2ne@n=~tKl7vE&v=Ow$K*%wdj>9f=hUysfe}+U>yCHdizAh{%032qSs&!&Q z1rn-(-y?}R23mcS)P+dYa(H*c2Y@o-ZW4nNU=6DI`o%wkMRg$LoCqS-YV@6AP@vDr z7rXNv#plJlts^xNeC?8pq4xIKl9dQ1Q4(Jznp*UckDIZ=a?*X>W{gfpA%(hmIyliNcQSb2Lqv8IqN5h?=s^Gr**GKg%n!K7WA>pBBw7W3V z@x#n-I3~H*I+`WPxFsJbZaB<3UgngyPfX(b#WD1rC+^2N_S#q+Bs@m%q0n9S+_s7T8)9GDr>F`KmeqPZUfy_0YM|2vK`!eJ}(0%`IC}iB) zb6j<|4d}V8VF&GnZ~{B}frz?2W|qHieW>!`bM40JYOX1v-5wIP{w2VokCjq=YY(8R zRY?65?Q~79+v6-jpyq7N25B#GB+&DkcYeXc5?b72OY=$_s`daV)h*5su2GY#%*5mQ z{FhEWU?_sJU0=Sqa9N-5wnk(Dnos!c%cy!(3b=gUkuG}_fewc$Nm4a{#`%3d0ENBq zbwymv--mRstu?*2Rm$=_7WOP&bD1dsyjFpd^S5 zF0DN>+U6mCQI6FIHmKqrsU`rxHC6ng72kdWjnQ2NTTvTD+TJIzHv?7?L-H%Dw_5O= zJ529a&mz!_Sx(Q3>X=AiLyof7B-c`ie_C6}>M$|7zq#hgP9l0q6ac`tcW~1Sf(l_! z`KZlTOQZ?vNdQxl4!MRg4^o12D`tt8sJ#sO+>0bP+c=-PEcQ!NJ~XHE3|U4VVkHDP z>o1}Tk45=#)2oghz;3F{J?=L%fEqJkl6EcSx8D`z!p|P0cFgbn@zR0)T*=vMe`5e4 z?-f2I7n^yyI6^$%^^XzyYP@<ko-hrKmJMq4Zu@h6eR;;}W%ulhuC#T;duD(tDI?hka&w7YBj`(AMt+Oq@gYu%z zGtjQj&;8F>8Nx>G?=?AZRIfvp)vhyh@C9lH5%(-oK7U+;_I;ZYlok#?QBE_6)VHm) z`NOf!j*=1fO259;qrg?_*~_WAgZ$FmlcicFNu8J4 z$vWS0$3*qfDPjBwmPy%lS;Th#kgC5|3GQ9wkh*vuH6d_*w`Q80C7Q$dy|(t+r4@oU zEhK##Mm4{65(E|c1(8g#JK6?5g^pd^&)e@&zVvN=iN8MwF)|fU?fnc;GSkXO`Ck0f z(fytCuHe+nSF-Q&x`Tst(b{qZRPT;b@;M`n6HCM6?s-4&gA5;#T5OBNdPc)>oP3MN zzPiDegvK+Rd#N<}WWi?DlDwVmhh$^IX7r2*3T|cwWjl zqoDV3@{4!GW}A}06~e!O+>hNC1NO+gUT0WX`P;lF!VkE@pWw%dS$Ww<_x=?QAL2#I zY%DA;klyx!cIPXR(>i(OX>qQ4XY z*?)wA3Q2XyX1nk8*axTU83*7eh0`F~4J)zq_9)BNAs)q6V0zW5h5TM=FQ(bN>%zI% zg03d*23<;AT-*)6?U!ussB)yA7Izr>5mhByJ}uG=)ePtzmq5{adh)8%J*8x z-s9y6b1Xr|UEKE#M-D57CZ~7DuYB`b>!b-)pMF4brBM2(QfPr@(ms@fEL-bL2*hpv znr7bR1vu)#IL>s~ljsq(TdzT0o2Hoa14isn)&P|f2n)C-W9bd;6SROwR}4L zxjl3rbw2d#9-h27A5Qjp<$3F^jqSPBmtR(9MY+%MCa9Rg<655~jMnPq*$dBDR{L~< z`1IA2wUf{bN_E(tU-5fLbGo>Hcf>ud>Wr@s?RwO3 z;l!RvR;USUK&c2N&>fK2a4$-9x$D``vJG_h>7`vm9i!fl+9#SBe8M{*ENxTEsBk90 z!2}FVoKwKu(y}U-GMZ$#+e(csFy$9TZs8YIms3E!8Do1Bo*fV_eYtnUt5y^43KgdP z)@Ak^;+51BWy#5Wa_(V^?#suF%gy~w=42er{s9F{^Vmj0nMBN4mCzwqJdH`ZE3st1 z4iuTuoGU+rtPj*RYxt^sAOYa@77eU}zFcJI1EHAb5r_|POlwi)kjcoa!ai5Swtw8V z(Xp&liT#{y-Dia{AUsGVXXoLYWn*^0)a_%$$xFJzy%amN=p0D-Ee!7?6w7YUr*4tv zJu(^(o?HzxI9=44bNv~=rOsxsb`%)e!B_n?@i2VvROp9sCFOHq0F2H?oH5F#pQht? z3R@*bY_d6T2y8#D`WoeQVo2#K*y z$%hNKKm{ffVIUf}RY)1tyIfW$j=_ku!ihV7&h}9mk7E4!IaXkLK`AA zrtM%6kxr1d0ZPTR-450RwTGzu`n88dGc&4SKtB zcE3(CI%jQ27#;kqo*qrS)4DuQbmQ8CEWF_AatfI_NhIGt+~d7ot~Zw{(t4=AP3n1l zqRKk*K>*z@at*^Hs6||Ta8iD|tv4_HLq6C{PfHz|UDlrnAj z<}38pWP+!!Rlg4o+T1@5dIO>tU}>>Vn+3VSsyHB_NNqHyD_+;jZ|`Y4G*Yb%=Ux(- z&%KKai4c>lTkmfLvo%X7gxHIuueV;JJ35$v#fEQY8SV5UpX~2)fszHdtiMew`v)!@ z2k-E9td7ug2oD9CIStwbb}CDhZDmD49o7N5{Hj8_>Z26*l~qPnuCR{>{MzOB`t?aG z#thU!CCW5Q~i$<#83 zTR$1(vHALJN$is;nmzKD{bbtXM0lni#2jBQ9(T1BFTFzi5$X}Ocs_4!iNn`<*=iYbkfcWhB2*}i5U_s33=mhze^cOx@1kQ(8KkQM1^i7&jrMzn=^ETW&KVaF5 z@3cRBCLoos6Wv{@;0Xomx8BD(abaVL9TQ0O(i~NAhu=v+^p&~H^WEz_TfZMcb@-;( zTGY)HDC1VP;RgHgU>&~nZ8@@Oq`juTU8Mysk<&*lsgrigK9xdKN>XP=0j@UGpc>E; zoS3c;w)G0mfcdx46X>_@1}q8u9PY;FU{9oYN-x)?3@Pejd}BFsHzuym#G!s{n=O6{ z_mZbT&~9LW`JzXnXeFXZ3M(a5)eeyZ+%JV{#8G+%%D_%Byscs%q=AD~^>(x&*MY%q zR%^oy`!~E@a2UJUHWq=7%_0#?EBR}R_ z=q-Ihs#AickH79^Z}SDV$~SMj8Quyd;@Fa<-L-w6a&__R;LEpq(uLbkFF6t(P*4{b z(p^SYw2P$kE|m5QL1QT|Ck)%uwL1L?h{v_5sKhkMxQp&5UK*4aDg9( zm7ybZ$m{xg<=^flVa}%XJTC58%})_(HD!;}HO=jynkb8K4daK$fwJ`&77AKc)#+@!^UO+r~nVOF!4MoS_@i`t_|mJbpSmV=r3ch-ax#!)SrJf ze#PHaO+dlxB|M{6hYWt3ShmE>B)c;16}kgm(RkPN(2?<{A2^7fp0o#fX3$RnDeuMP z5Oz!BW2IhQ3LnUfNHS9nzYGngS0*0sZ~9PGilxi`@xyzktCR8^b048>Wgv=akP@oo z9&X5%v;;#X1r+4^;J!G*Pd zl;i01>n8khyOJNv^HEbm_&6j7L0GX<$K=zrA0Of~%+6`QQ}7FrxvT&Jxr3@kS2rVY zK6u>SPTq1=E*DM@6IhL7!tlfa-#X$aSQ`t`t>wj|L2pwpch7Y*Cp&zi&1OGnyqb6< zkX|r7hjR>hdp=c&X@9g>XKhyf4$tixfOIj*C!qzUuG7)jFIOn|=B;zymqGk|MiW$f z{(S$jGvzU7I=;TSU9Ly{P0V{E2=n?dmIRkxoHX~Do~9NxbFxE|-yuwLdRz!2aUk@I z1FY*KjK+nt_BHZ(y)z0DhEb9{+9^uxDj%!>3R;r|b3;k0hkt06!JE1|;pSh?VGUze z7+>OzI4tg6a4j#gE6H=ab`2`uV!yPpmKF5jcp;$iz6ix9Mqg)-O{T#IK!^P_LKo&d z1h4xGS}gEZG(7W6u>2nKKVBO?VC%_e;|dQn)90L0d0Bn#O?zVJwQ&biIlq@sji(5> zLG9njPJ;w29FJDNBnG&qv$zY;IKAvUTT+2gyEJgHB~wtI!>e{1dU6?J(qUR=vL=Aa z9){ol6q2Wg{+Q{9jC_iFkNz|7A}OkreTkO8kAH0M3>cwaL1vz`{H1-qbD z{X%fGC;DnItU`eOKeL&cU@=lZjkyEoL>aZ2;Wmj`z`}UeMJJl69vjB4dROMW)vx@> zu%p{V$?p01BcMzp)OR3W_HWMRGa%BRWX#O95N+gdE8*;w9$|?C;_dH)fzr0)SB{4S ztor~ae8<{vhQu@})NGq}k zzz{wkBmcI<;hybnpX|@2UQ@IE)|hepNL(c!GN=*z+slT<&gb;~>_{INYG<=NuJ>1& zltMIqLA#ZD@AQ-4w>%Gal*O7<#{AdtV ztH4kWZ>X&o-%t68P@oi>^G2ewd_rFR3Fa|;jVBUnkcZnoUco1JTR9kYGGH4HGw)ZnuHT!BcZOt3(p^(h;Xlihj_fX^ww|%~9MEv9Kt>dCv z+jntu+kuHKBDTQvj6L1mV@`MXh+>P12rAg!E!d)%Aa;v|g^7wSw!eG%zI%V)b3X4m zpY!)`e?~S;JhRrbo^?NWT=#W(Y!oD?N`W^TB(!G z75IrfB~@q=h(kgtG0btGNpgdgBqXzfP7+=jlcR`ClA6k8;K4z`Nr@~gkFMh4oRc3g=>gZ3FT60K;cR+l?VII${=aLF*QS4hu!nfQPMTQbSfLm9K+Bn>=jO zC?qnVGlX+NaX83)NlZdC0lGrmK{c{}BdQXhFadkb-BBj6xqk zq_jq$RiG+T0sO;(afCQj1nKYwc1YMeC^46v2)x%8sta@s>7gi)kC{k33Qgq}QHT@| zTZAX_IeMMX1N~@Z3ZQ-sTbxN^3q^P~0gYyeA#5NLAW+ta*L2@vRr%;u6 zoGzeJi#cWnMrDW)Rb(_43Fb^*1dMUvC2|wYX<1s_jkR&8UnA#aWl>zCmr{LW#tWT>T zpaBj{g?XhALUNmhNM@@EB%M8k@e*lRm0AUhnc*?mND4XLz)Gbe7tN**pi&8d5Qdk` zBn(MLrMMIr1~LnE)|rH%!{2}Z0Zxq}3GtWE z3gAwn5Pi5%#K@OGj7SZbVS3>fOm%5tDg1el)nyInfpZ=%02;<2C;}h>>&DVWf2bbe zb|jiXA6x$q|bB{ zgBVOWriNY-GzVyCIbNHPXK}E+YDB4$L2=SlA+?_xlMzHRi!{~elm>Vn(B(FR4?*F0 zJX)361r0s{VB1eMyCQl9N6cVHBp~Wy1?5&?{6k6Xa6_YYQn$dVO%*b|AbT8^V0b~c z!mEOBpxcRbX}}A`9TkxrMI0+T8|62IlvFWJ3?vM4Krr#t0;)0Ui}=tSC5ZpP>S9<3 z6b_K7x-=oL&4=;AGj5eU%EzW!{CYo2fy3iXG`3s z;SiJMjQ}$#0B=kJjYViv$ZbBej>5qyL1DzrQ^|u$x}V|&X(J0sZROdS^i(iTD7snf z1u-B!2f5?zD3dD&Q3WNMs`c4pN|qlJbLqJ_of>$Lbq0xFj0y=L--yL&G%0A@jmCAXR1o*9lDvjPX2^9c32Ejbug8DAux+F!8B$fy1DW z0y&)BZ9(o(j$Q&Ih(bDKUDHH3A)aD#`ivZr2n|O;0@iCgQ5vOUq(F9sxK#{|mV%R6 z8BPv`!-<8s1_m1dCpNkgUIPj`CRbx~KxeBGdXFMbj+aSr@q`}42#Q@&D`HmU5jF@i ziK!r-4ag9gR!yP**}^12CsT%p>Z{K~XE_|afZ6GAV8c;Yz#H`&fr6I<0^-0x7z@ck z?T<)>PAWbk;3*;Cp{)pSRvBUvot=pC5P?wxzAxf+Kz}Cu0^cd+6Z8%MtCE-+g-~SG zq!Mgg720Btq(WPlUnK+Da++PM@aVaCojhVSyRjhIE7XYW1YpCksfcDUt`sjn76wx; z@Nt1XRSZ1A&QMH7=R%d=hZ4inS?E9+OH3@RpPvacSfMzA>z4shPqE5*|{VbT-AQ$5?0%D4+o$ zz1$V>kr~>EokX{hT{^9ooC>@aZcw7NpfJp^4j7~qWCqgAl+=*Q>_E07JjboWLN%3T z#M0@aP!JLmPO@EXf)-vR3Kx@2AV}zyhSWN|-RQun@%$i)6GVWv43h)I7PV@bhfMGa zO*Bu`!+?UBPr{)HB?9CPa<@~-m6=SyUPi*HIjVp>kV>V;#3nxkNi2c`^oE^AvYJn% z8zMNa+<=QQcyv~(gCbDk!ZMbSB@qf~C{I*Iq5yRi4tUi$RH@74BnK>N8^#1Rc|YJ# zaY7>oEe6XcWLZ%t88!k|nPITw3G$ei5R9VDJc5*>7Lq~b=nsK`l0?;5F~W!fv5cV2 zXA3E`a)a0tPK`i{CL+h6(Hu8Am4?GHX(4FVM$SYN7J#%3{2~@Q#b|xd86}GWDTlWK z*F4jXCC3bWrN_jknEpO=T9+e2HbXZJ#bu6( zG)|x|glFOX4mFL#Q91OKkWbG7W@`@}8fW{L0J>xfjK!c>`!5d-nOs0-070zyiDp$2LMR?ok?K zYGfM3Tp3fRQR4v%38*-q35nU5F;*;M7TWy*KT?{JaXoIe9UyWrp$vu6M2Y}su8L+S zfYwS(3!NbfwJ9oaq1|*0io-@pOlF#bi}Q$yB!h})KwGuYQ;HZxu3Bld31wWn1Juz; z;SexON{vdr9cIL6#WQpUOjsa6?pz%(p(E^#et}$zBJq8IUpE47EFuFWs6XT-g0@!3 zX{3dNFsMUm04W$DUWy9J=JtDR7kC(3CQVc4M0u^QALOl4e z2q*O+|A(*R0j(gO6-L|-x%k$U-1Xb@-9EMvMkp1t6P2A@f4wNNh?d z3+v4aqF)#EfdG(&of-@UK;o26h+#o0k^(yu2nNt;qzIpZCvseLOi<6}MqQAUwMKAQ zv`I)bS)yST2_Ny%e0m`_jE`6)0*SzghkkyNSq_937@te4W^=Vt8UqvuJTf6xj|Igq zaTLtGoEJ97B7O^Om;fQfN*q39bx9~rMDUNn5^(7J7$+?d7Q<{Y zup|mr7B|%)ft)xa zY>Wl9RF#nd1u?RNO{7Icbi{cD78DS<#|hP(uQ}MK~f1855=t)YoQMq+T@VpKAjwea=n}bfM=60 z7zN%JD$xdqC+7(qD78mxw)j|1EQ%Z^`GwG^5`_VnG=WEN2Yzci5AvNr5zh>GfsB?y zqzl=IvmbSe>~6IH3*}80n6sFbg*Kw`B&?Dj1CS*lViQrQJ`lo^4{xe`aQlQozq_;vufCqNT` z0$#_62*AVxPccn+BaLeSCUI9PI2O?MMTDTkWN=}je_16qprGPwHJW&KIZvX}m|b+x zi^D-(FT~NS30jAo9*d}DRv%Vkjbdd$CBZT5!QfR*lz7;s^M2FyuTcNaw0;WTIPuM5IvzU^W#NYXG|L6ns(;U|uBO zAJJZ^-iFY6P|RW_+~EvlOimDx#JD&Ivi;~NQa+N;kU{4@g9@@d91RZ&Q5b0LhG$(Yo5;w*1B)r} zUoz1|xq%mEYI!`a!z$!J6CsI_8u4?y-mos>#rf@QqQOpQq`JsHhQJ)Q=$RU*g^+YK z0bU@0E>;rCiMA4Oc!x|0(G9Ts0u-B%xR_?QJ*ap4>=8n$#;=LdQl)H-p6l_(z`Tno zp0Jx16Vk9DA{j@)P|+fQ4mmMFxm(I0Ndhzs9$at0X95&d?cpeOA$8CimT0X2YKxIV zDmR@*WP z;K!1Aeu>9OiUk#^kem%L9V#L{h~k=1N-;|52W*W6c!47HMG zH>-s)8;l+{4<4`h|b4wYx!Y02!KgQ zI=wn10zXGhVMo!P5R=EJGN`x!TSbwo)i|j2>SQ6Qo#-;gXb^+{k#2?T5OlAbtxma# z5wQT9fl1Cc0RX~i@h}BEh7KAtsA?em6WgRxBj}9dc~GF`aDq`I)y&k3AxUd>Q%zJ% zh#PikobnJu!V-hLEQ(=Pc=f;*V7K~+6ik$rDrVD2o=`L(ka^5190;8IBw>jNF%LpN z!=j{fEa9kEz#)S0G*K)A;Al9YRr&E?Dxk(kg7S7yg78Q(w0e$+jR9O&j7z2Xyb&@J zr*?u7i3H#z337Z4n!a30+8>7qx|ROWo68(rlg3DN7(mz8Lw9%#B9$OD6)y~>N>Fx& zGL;)}fbNJ%FQU4gV8@a4j8@LpYk3Bu4M_HI1P>8{0=iAcvl+qD)c=uSppir%fWb#h zon0sK%aII@&EX=V)nYM|MHcvke6`l*^PolcpoYv!HESax6HbIT$*B?|h#PvSv7ieb z4aP8rpavRVxjvpEXi;;>mOudfON4!!5`!*q_?5smD&>Dx6g%t}`ZYc-5F&Am9wG}i zK?>yQ&03~C2xO-+mQMw+03VeM4Mz&A8nFn#swM*J09ZOwMI=H{)A2&QBILs1Jzj|% z)EEOE8&LXc@CsuT3e|qELghm{K;hPo;l<=UiUEbQNJ(au6G#KOIBQr*;YE#F6ZD7^ z4C<&(sKe{cscb&7?}n@{MkFjH(_Q8W6-AS?F$%ScCG@CuQfRLuv0&UNE0hZ2)zP3O z{6~|=?r@t3px34#@sL{x%Zvfhr-LO`85kC|-boXXfU;F7H8SNMkUk>_0I00SBA$mz zjnSc_HZ@;JqzM^evkk!17NE$K`M4T`Tdlxjpo3H@huzF>0Tv0BH&tqiNvHtmqXiry zWY(lo_-PM{&?2!YB9jEsDkZ2fMrZ^I-Gf0a1TQrJ5i)KVxLm-X1A7^o!%|WiDm(!S>nOdCLh?wMXs**` z2r58j6YpmNg%bu3;sF6Q*{+gtNhqIR58}5(lU*SoMN|MqlG=n}FJDe30|6(+po<{m z`?NkvNDO4BL>@otGXn?~mH~rCV3E|I=Wdqag_01&Hx!?MVO42JE(;=aLopF`1Pcum z)P+zt0U;b(YRE{$dGSuKT&2a>#6k+0ug3#8T+HGF3=HI5Y_L(gy=s(R&Lv_3It&%I zABvi4QmZg(pM}g2(%521vH=vut_N}xuU1X<64c^I0Px!$A^^AW7Oz0AjPNxijwuMz zIS!Oo!=?bYsV-vI8OeB#GQ?3LeMJm2-6{z9OwcnKfbYN%Sdk#Ks^Mr1CJDN*IW&ua zL&k(9$ZINtoefx9Ce9X0rE^(g5jrU4NlZ>T^bNu5Km)I^+b9GN8U%NVOu1iRSLl5K zu|DSTaAh<>3>0h7Xdw3y=>jf;gz1Yiq*@hZ$dLPupcO|=&M-+0BBHRAJYJVW!{$RE zp{1zUF~o%dX<)BRDMk7fC#vg`P3bf;K~5uahL^;o-QG=z&nlkBX}b4@#C>LpI=A9hPja-S&Nek+)?li zfy@?w-9&IQBv?E~mdZDH#5l5)9$d5aaMVwVf^#cz{@gO7{y4 z5j?PoYeH^-V~VUXgUSb2oe>ez-ChnB^jD2Qc%W7AAt+*6!KVfMJeEsFJn^vI5}-x} zexLw?bhpB2cY#WR&}BpG&?uEtD{^5CCYjxY5t&^YrBQ_@g<)6XQq?4&1Oe83l9VV1 z3IZ4i9t@ku$KXKDQyW3du0R-|V2LIO(5*qDGYaaHBFGo3m8lefk^3niRxV}oxH>V- zZIq$;ZX2E>1?xdk14ATy8g#Zn6`N=gseAxY2ztmQ90xppAa2LHV`ecO6%LzXG=?SM zj&Ya*fjtrg!Y7Ft&58ywY813in}8?))R=GzGE1Nix;bW=)nc=14Fo7)TLWPel8Lk! zQ39#Jq}AX}Y_C*lAp?U1GgV2G7z0?kI?9THbP>k_Z={%HLMLAhav%Y3V}@4%fnI)XbBkE zK!eDEJ_jl|xD0P9L!pCaG#l^|nPNJVjzR)RDaLO=!;VSuGf}A~&?qy6EKtkxN-e2M zl+8_yn3-n32n6YnXa!|)%lrnT1_Y@zLc|iYQI>!X@Gnvzs8^A#2D`->fFtoafFK(c zBr9U6d=YS1Aw8-L;Ohi$54=yXYv77Qdc+9=1b#7xM{+T^I;91+ zb_!2p1Eo(60L|Dyh@|5{Qb;OPib-q?T?$5(ftQ<26gkt43qtcek)sh9H8P=yKmf@` zZI}x3CuXeyOsiRnve3zdm{UTNlBq_&Sj5(H@p>$jb8L2zO3foiB{JBvJSe}!NEF2& z6X&rhtrnp;DA31ZR?nYCWeW~ZB#OjJPXur^C^Oqe!G%Bw0@*!6f2gz3(9!3lghDJ( zm?nZGTR;pHzf8U$0##s%ng(n%VV_xx=6Xb7iPNG3r~;mXB7kzM&jyG(oeJagxa|s$ z%qQgO%`|DMGelC_U4AXx(mpFl1HczW0Ss=5VtHm2L8V7|^~yhj;eNN+i8C-%zzm_a z`#^72#!zpgjOixX_>o=p6)=-;^3rJ6#}s1eG#^6VhZV98h;D^j?xv=d0`lS*pk= zMqC`kwe#>*F{_P0QlQ9GIvYf2f!x<#0g20{Z;1qFy`Ku8r6FhDAax{zwZn{1Et>| z22>_Zt_y*#utg4JBr3X8i*w?*9E?~C8n1q;&k0u2T_F0 zWT0rROyB~ugIB@{3L;V#3GyZil_&;c>AtWQuA3R3>QzDWEnVw^UTj#8dyYOIwMez#o2M0i<-p7{48^fJ0Te$J;o{jr0}@6s+*GV7 zECNhOp|=8#Dga7(z&2x)fSRV)r64M>S_RO= zfR;s!Cqnxi7EpC^$aPLBjRVbcphn6eiTKD-QDYJh&+i98H?)?AMp*$V#~=tSe>y8% zu~dSM92jaVqS}yrR7FAsvtSw^81Wv16S(@_S$eDro==@ zGBT7h7-Zsq&j7%GV0Z`x&fK8Y+86$>t4m>t9BRT zM28~4Fo68mtg1?Kw|v&X;&RTabwA4rzq*S~XR}Sy*d_ONwb_z=ckE*l;p(998~+7m z?wQZugeun28FliuzIu7`#w~1v>>B^^n6R(qmxj8#+sw7y&yKzuIOFKbUzjPnSKYrj z^6IcA{KsQh15xJJuEg9L#Wy#7xkdbsA&}vU7hasO3*ND8aBatm|M(O#LY#g`Z9&p7 zRH)B*yr5S1VgKj!!-y&QLaXVd?=s3Mr!A@%>gDhoTzxvkBc z|Bh{~{&^^;PSKR3m228Q{+e-cw50Bvr2m=xbePw)uK!+=AwpBs@~c~ymREmZwD{7Z z)}Ef**2bqd7uD2(#+S4Qyn@DgVk3fW9y{9SM<>?$lK~~ zXaRvk)t!AiPJI1XRetATa9Ut$tBUL%7e4clJ8#fGcP()-EW^t*^$LES5hF8?e5>sH z;_8Mue0{@Lx@({Ar~f8x9b%T#P@y)_y^WBwtoP57%tCG$toVkxWzBGNJ#%J1+MS$F zx9Z%P*jAd^ss23qE#3s31B1Tz&mG#l4svL5|IcTDEUo{`i3W?m{QQ2T`|!_Qegsp4 zl^-QV4ta0o_QhO&`NPET>%8+e|N1tcAS7=RAD;N-%VW=`qScr#L&wiQH-v5cbY|Jy z?rh(J7hQ^P8rL6RpC!t49)D8MHf0G`@@s!ceLHJuWx=?{8}+U9`xYmM{x)8BCr#ke zGk<@3x$MW%3TC^3CCV%7Pj~(OCN8EE8%ZB{rP@Y zqZ_k}##Rf~UyScL_Oolj{k*T-`H z(WK(Y-Zz}n*$K1e{;s~Co)lhw?aF3jTlR_}v(7CfjanD|St2iRoNhx3SIy6CKX{ny z-oa#2!LyvEonqYirD9{%A?y2RE8I^Wt-Jr^+@h9q`#wv#azHwCM*O?s2Rsj#p8L40 zYfnLEIMl1`@&V_&OG~!;-aUGwD064Lo1rH>dAZ}rjiOOSK5`#$b7ZtTMew|tOJscc2f39J^ZA$y`WzLt!eftFueq2zN zvix-R(>>kC=12;x$9SF0hh4Rcd#1;c#*NwcYUI8V$EVKeHMVR=_LTd-d!7F)Gw;i3 z$(IW6laF3C+Pgn(MUOR(k!Yr5?b+_@D)IB8iQi5iUQ)K!@VZ2jAFX$|UfH*%RSDr8 zqjP!DhOD1ele*Txcm;mSMj6Wfyn!fh6}?*?LT+!5mz+3d-{mN?(@d(U0{DEU{88Hl=ZXo#cdlJD>Rl&X?kM%W&)-ypG74%{>@gd}i4|g7NXj zUwyvxmi*{GvT)yANm5_V)c4odu`W9%&3_ki9z1)DI@WM`wYp$znfk!E@6+aQ5e?g{ z+>vsmO>)vzQ)X`2j?t&LF6t}$ad~>1{sT@=tX;T!TjKQXXSUrb1N&jSvgK6suT_Pm zS5`@-FD{SEetce

    !kU*Fa3_Exo-%jYIq;`x&AV&jt7poI}Pw&O2{_)9g zEDD^Vp>Ov=9zU%y5c`qvlxLl}Tzc>-+abEs-dQen)32%%&D(iJ^+2klB9hG2dC|kl zfkSJ3%)t$*!z$R{2t4F{foB0x!Cr(J#G?Fp6Yt_zW(~Q-A%tuA{jxL52ehv z4@P4bK^GiR9SQgtjv=kf5v+JL3vkq`2zMUe!d^!)Ge#v{hp5ANGfkWR3 zt+3@v6MqyMz?7@u^a4^B^EG(vs!Nj%F>g*0#9VttWsc3a-g4SJUBW$gbvBlBh4aO` zR{E{beYR`O&3nR2l4o>Plje1wFqf}~1-`XN(;#@UpaA|jh=E)6HE9+om<04AUEM+t-JgRPFz^k}Nzn+O;sQ(1?qlO#)~{|s78dgNyMEX$ zP965_-#}7rs8xT4jVuTlNmTYMU#kglmA}MHd;Zh_?kxX>LicFA%7#LW+Of?l4-(WU zf?cT+n>3Z{wHWBe`=-V)hUT!Cvbn|QWYk8Rg50X&<~ZfaeSOkMJe}8XX&=`S`6K;# zb)Dimlc8iT*LHA1b6w*`kMqF-2>tYf-Bm*;SnngU`0|;TMIfz1aMg1?-p2pN@WJAO z%ec0`{!HQT*=XpA<{ntKKHkMgXJ2~6<*nC#i8F)^JV!ks~$39aB{m92p@#WRce?lO}jn0E1$6sxk{#p*xj!-TPF?sL5?omYRs@e%qr;`>n9wO9gk_ zR{KZ=NJ2cS;LW9#mwer1Oc6Xdw7w`9dmtP|+2eh1ZKF+18CI|`o_D@d z^)<)m*5tspK$WM0dwxov8&1Xi;;rF&xM3St$78?7} zrY11>LvPoyiOegm72+d9OSp7Y*Q(|zP{Nyxkq7=At1+^iIY zF1KHOj;MOnIZi;gOavl-DKB)2=$23ZM!7I3NLIqLi{q}s;}(fP-*Z~;V!JzR>3j%V zm_M*xqCDHp7EK3B_5*yz&2EYz9sweq$dCmw<`AKds0(ZT%xz6}ObH6O{MLIy0GSXU zaHl2Y>$4AKy$`@xvEu#ap@gxSh}R7d!e3HS0f333HA@qxIB7)AQOMBPhLke>P~^l? z%;3L>NlHE4r(ezKR_&ZA8Z|S~Q1zI#{)w8|H_P$TXum}z(EZe9nVuk!Tj94g^kyV( zW3R%+#O98v%-g2kC++pKOAqFlp>4oUFlr>`a$t2zXXk`u&n_!&eNLy01?yUstL`iM zR^nDoJN#-dSRx3Sb)(i@m{>DYG7~u@cAduxBD1DeZ|KpT0D$ay+XB~22rSmu0$H@k zV0931GGvR1jdI}t3QuX?0UHHt+_uFN&VJmwx zse%S1(LGA#j<$!>ar8rNCj18_xhb!|B&1Wby~SH<%R)opC`WHfs{;0tl*_o*v13Sv zL%UP`A{yh8D}(KLSamJvls=;ZbR7pEa#x{l$FwUy<`0i}kGFyFlYlTXfeNLsVon|JfvCuxkXnGh{sQ;XE* z$k&IWPNxfL*JN(T?oWK+B0d>$wvv5H^Uc9PFi@0&@;?w0V_?#>w_qz^h)Mzn2kkfc z*a{#VD)m?BK;k||S;hvGgezn?60+IxT7;A&F~PwekZ-jlzFszI%gmF*1m<)#hwI{%zG52{mHDFKAY$qmt&uBXS!X_!i56#~)*$Z1dWyDiruf!ip-3$Kp#f#|Re^C?JZkmhs%D2_f1|S`^ zV<>+t|DM-@s%;bJT*!9#0Y%v=;1wl$1O{JhT_hqWi9rOCTk59Ae?&kIv^PKPVIJ;G z-w$c3mDYWjspJUd#byFHfw>qR-Et7P=Q_oG2=W%P#Y})k=yC@L5!R1|IqE?1ZW@05 z7V!IVcgA8o^6791gh}Kr$DSa#pjYd|E!mE3aIcd>1sXe8J%?A1pI{K~p+J*phDk!G zRo?>>z@zWhe}G^wm0EDvLo|FqXMVSu!VdrM6PW($cwL2_(<8+LuCnLN7J1Km1odUb z-CuQ2TWc0aMg(_(m*C}%y%9%2J2L$f+Oi$e;9sOlVZ|6l%InVN0smqKtV*L;mycp}dbkno}Gw+5JTC)ZbnH2(f3b?IE&$1tv!N^tChr+C8ji zzK)%bOg+y60^@Epe9ufJB_-#l_HU5OZ<_}DF$Ql;4*~-1P%@eZT^vN69jbVRSrEeh zUty6ol7d9$IFF@hBW^9tTstQT6x(r1F)%dqpOHM;64$UuQ$%Ut z0(Gn-2#@df6v5Nq1gvx7CVpg|7Pd9{Q+z^y5GD+W#ZNjvGVrZf-I3>Om7rW*M$`!(ej^A1U3Goi4(C%kAAq`*{RI(z3~Ldh15GfIk55V z0HUbVYoa7EXD_JJ`^iQC0<7qYd;0_q7d{ETmV`mc^8gjOE{P1TN0Er%U6OXxd*%TR zI#e-%gB6~<4w*{ZPndVx)nLdgp~GMI--&cb>AWyW06U;q$yD>PY5_P`NVQpVWz>=w zp?1O-!Avd%%b+uAnvMlfQk)D71IgMFspIG447>1lkx`@gK{`oRa|3FfA}lAVDMCyZx6_XEdM{r*3`@(@n%(ezjen zOtuHvo_y_M8sagXYa1z;kZI!W=p&;}+dbH#&3u$vsW5!WwR7Q9V{kvTQ<3Bql_U8F z>$&O6rs_AMM)=SoFF{94_W@rO`1tujQtX&pL{h*}O8fH(Fs%$_FfF63O;yw!MFGSJ zk`KEdE&W{|g%gO#Y<2}P8Y(4vTj(j0fc0XNGewlC{;6bV3h%JDC zHx2rC0LRtosr^NEqJgp!Q<=Z)}L|Z)^xa zUUl>zWXcX70{Wxbp?{r5Hz=%AuL3xF$`PIWSkO9&ZWbuoT4@B*R5|h6g)c+vISws49RPf@ z(EdJJ74_&KKL=#gBt7$AJn`H`bfaUnOP{PX_#*1^H)SbBvdbL(-pLKcpy48|oY8Qzq;+y@+~`WJZLb^yBV@IkB`RyP&w zXm@PwW00kQNr8Z{Fr%8ow%myX8Xm8Nx++Kp{hN?Wxc3;)J=2E018OH+#KDJy_l3m@ zk*;Zb8*3Pt&ummJPfYh?3^yGvcuo!w-83{bx(?f{&HJpa73koA5sCg0pt@xiFqP-= zIzS+R4=DXP;-c=M4U`-aY~KZmUv<8lBzJt_n|CWens{-#VCV+xlVfpB5q=d&D7ci; z@&@8pH?O+-~w;>3Ap5l3$RN>urnB@AzLPcBRpYmK%C1%Zyd*q}zDQWs{E4vOGqI}*UKvhuS#rvIN;N|Iw5 zHGATM?&Y!oAps4CLZcsY(kaAJG`OzZby{q(y`~^1PYWaTC7yzdm1#B;M|!UNFHzcfVn^bVSCjNxaSS6+)g3VzXAU)1aWj*A2}u2hnq$A6!; zoPrT}_L5V#Qa_qf#Pi4Dd!C4>s6WbhX`eA0(j;HJpuzq%5~o?9lRDRh{EKL;Qg5PVY7xST!(=Ds_Cdy1m)I~M0-(Zu1P5BU{Vp8(}O@O$;hXjeSLb~Hy3cbE{fhY`5#38v$Uo}zh_$?f>tWA!;~UV!>;~d zeajb941Oo-eoS$BG{vBj&fTAoV}oK@e4rKl2-?CxwBzrrb)&jEJHKt$4!;Hxc3BEt zt7t?v>^_;c(D4gA-p`oc@4&DV4*BZ-eG&0;*3VZV;bvbhg-RY=93_0{H+*%AwYPlM zvm;fb(tf0hgeVsx+c5-4(CKc)4-`G3NK!s{@+WA%ofp{J^qLL`GBotB&;8-;9LAcH z)98)QFzJ?^z@B*#PyM?*bbFkyd~wOmzjXvQTvT+z{<)|3S}=Ch9AVxQzN=3|{st`M zvKs2PvG02StSa3Lg%9)NB>Nk^Uu)q8>TfXhLT{yLO;s3D8}gUeKb6In0b?-+W80xC zcl~#4G*qv~RMs4;TNVS1y3Lo}I$$U;sztTzdBNMQ}Bu{p#m zOqvLh{WT;+XsJN;xeeTURYpfF@Tp;H^uo0@7gC6Iutfr=lxB$J*+iZKAF>+3{qIq z#ge%zlR0@nW2t&FJ52NXkbag)#C{NP#V&6wOTit>g|>@`wScas-0##<%Iln$pT8#X zOXb)ZGg1PxfCDae*1~+YE>ZsA$T>ubU7;8_<~<;xC==XQ>e>o~?~+p09rh_UP1vCKs zSbS&(v)VebVa1W_2)I+#5fE;b5}D`CHi*zUg*mu4K;YZEg(wleJa@%tX$UKAeES&a zNg8wR@$vMq+rPdGFCsjc(AuTXVH074RsPLW0~Op(!&$d)?+PgI&b}2B6@8PJY=YPJ z>Wq5w3b%fHVGE*iP%2wp4?rvM{KE2`ay}(B3#B@MJ z^;N3uspxdkZ@p9pYpdos$Z60E)%09312@+sa&55c=tNgevY@c28<6{zMz{-sOS$Wn z9m*gy%@!)dd4-ww??C_AT<}z0Ogrk7u~KpSQ{HLFG2ahUX$^m3z~_KCBD=pf3CpR~ z2G)d~sdr!o$j+Sr>WYCNWc_n?csM)4}~Lmi#o2_$;6P$Qky5GOHQ46 z8foIN81%l_vFB(5f2(OKK4I1v3|^&KCJ0LW-rDA*1ZVbfHrHn(zkaT(X$o7Ma#XZ~ znu{Xt7J+KCYkeh;#V^2{>uyeGq&x<;j4Z0GGzacnO0sL@dhgGLUI$m1x9;*FPee=0 zx`+~ps#m?gX26^2DTMIT46e3+xIR>UB|mZVe5_+T<Qwq>r} ze$u*jm-KS90P^6-JAX#=hRMp1{P9$g!y8{84BTP&tCsF$8x~cAAhZo~{r#C0AiN24OC zftbO4Bz}NeU+hyc-vv2((b^M%_bVji^Rr~$G8qoC{fY8bI zZlDxLcI;&IWc@$r{*@*H2XWi%Q0w-GO6-RLytIp(YjboHv5@u4!0_CE$q)yk8vsG7 z%i~XN8Pnt))lLLjYd;zRgf`2I_6NhXsCCZnYzxd9b{zpDYj5MXNhr zp^TKfpWRs>_$9_sjiodM#aJj(o1rE=&xY21P=76tkKIWy&jCiAl+) zXgDkj%t}Owk=v<7H&eSM7Jiao1O!eDc>A&Q)bS40b*L!2r}3!~x7 z5%AJ;PeG-Ms(JUh1rJ9dU1@C@E{sdMgQ?sTIB>Pxk#_+>BV z;Zn}!cl&jG$j`1{Y9YsLeDp0%ucuiJ)Pqwm^!L`Hz8bRZIGJAauC zRHMGBO_H>mNf?)NvhV}SqSoUNdwt>Bl!NnTlj9wvOb_POraM)tocn0de;+7E?T=!s-j*-VyIiOm*gY zYUHnt+;LtudZE_ogIG9c(z%DzvO1~dmr#at0<^T6@5FM+*Gc-1HMA&>cq1rNP2|4Npw(L&+-^a?}d0dPUWS<6j>1hYM~EP(Qia-lymD zsw0}98lZ4U7c+6iwW_Cz-zvwMPExU zt2yH{@)3A-(^6G1PXZpbq@=;&8j?^t29W0?zy!>TjIaur(aep&AX`gmL2S(j$~aioyj+F70KH8#Y2nMsYE zAa>V<7f8$=3Sl0HXkb0D|7^k%?A@~@F1#Mc$Cr@~T>xF= zZvZr3sAwPeKhZNEGmqQ{>zhJOoZmpp36mVpzif0C)hG6JkdD(LBn|=qj38avQY>~@&(~O-L z&lB?U@|refjnAmD_q>nZaS>EMfK2Q2`U)e;-~{!eKWP3(H$Wn`B%NF;KkA$Dp~U4! z;2TD=e8A<>76*laR{*><)%vv8bB(LRB_)OnI_z@m$|3-2op7mNOvH}<$XQPEQr8)z zQv47pksLY(jF8Cr8aV5nMLKH{gimRF~rJHPJTDjdKU`I|tZd_SVZHdpZV z&1s)}l6?FzpZ9G$^d}#y*vRo&24Izl7?y8)Qtuic(f}UQ)cM#jajuZaYmDBWcndVm z`P_!gNp9HOIKVgDE1I!owu>u=1ap+iF*Ejv#jfGFjLIFiGQf7xBh$USwMpPC8y~q_ z$>4yV3mfHzo>o4z~ic$G-$Lhc|@CPeqWMdKts=tlr0`}_j>@`t4>6QPWt|De<;z^U@52)|$@lQ6!9@)fn6#92G zO;6H&^jZtzQO>aH+N4n{0gox7uP)PMJe_Mxpb6DnC_;H|5Z%xLuqFV3jeUTsa!aOt zIQ;D7=YZ3^$y&}VVqzKUhKn*iM3KfCF{-bBI&SAt_;lXOZ>$BcCzDS!q|$+E_^}nt zxG|uP_Y@miz3$1IXlk&I-p!(kiHW62^QHsLteu67_|Xl=js2j)hVMK|-gyf}a4hrq z1==X=s^-nqSSx){W)w@HKJ;H4FEHYE0a;lj*y<0TY6KX$}X`z zYW$of*cVm*-I>^|^vNjp2riF|UD2a{n@WDurqluagI+@ggq-rz2A-IIvhCe?41=;K z=Ma=5T5`JRG+KTg*r`rM8OY;}AnZ|TUBu1&NKrVQTn=_h-=4^sAsQ#YFU^U;9k~O^ zQ2Gk!wGMT=U*b}Qd$wM{XDD_u*n1+%KE%YUn6UJtuj@hzY<>G5e`?Ct23`+eJj}qY zb=cZT3G4!nDG-zrJ+U=PNFatnpgE_O19pC-A}jqJ!{V7WfyPSX`3?X&?*1&DXbCU% z6n@m}p$q@Zvv;;bqrnPA;7=RQF?*CHItBjV_v}USxeBhY=)on)3I$mS3HLF){dch6 z$rR-stk~av^K18^3XwD}Di9V_>{lK%3|Aj1mbD|$rg$YaGg`=s1OzEap)Dft&s$~h5>j*8w;FZfZ)8KC1KJ6q2yF-S4Fg6+i_`;J zF_iD#gBWlrv{z~NJ~QhD4}v0(Qt{50tr2b=Ec+Vv3RTKANT zN4V^x)YF$cE?(U2CHZikIo@mJr-ndyj%(!xNlO(xc4rkdIRC-M8HiCCFma5W8(msP zo1VSkDg1bWa%{c}YNj<2CzgdQ$a>Po)Q5a?S4w}^#=I5IJy#q#e=cEmu1u?x{qQ#AIi)#!I0FOl4~MnznGFBodb+(Hc?d zY{9wV5Q#SN=iVX5kqmMH;#KH8032RN>f4mT}mJBRjq9GZN+h z2z1pVrMTAKdYil9$PO_hq>E&KXP-*&@W^CU$7aqm!B)3O3|7&WtEO8Z8z$7Y;T|-N zFJy^8pd5W?1JixsmzTc?96iRquOxtbG!X|9ILKpMJcg9Z?p z)3!$}jK>o!1N}>_M!RUq=}VfrOwFZjDt!|BTW><>L_u7a@zT&dvuJFUu!+STElGGMXwWZ%>$8sU)**K7QC+%W9=^&A77`Y|v=vJTT=0bY^gT~Ln)zYZJ@7j@!0Wkz*)u!41AkKPR-W zcnhr`G3Cd3+ER=SzxPpnqpv|@cEmT%OUiRfElJ%C0Rc@QtT3kyMh*@<@ll%+K-VbzIkJ&|3oUL ztMH`wvWx&4@70-or(xrDthb%=%D~j`F*pD?Q?~HdV2JY%m82K2BA`QcpzpOI{+$~m ztkk}*?f&23J|KR1RCw-7t9-~vMX&GqdS@AXe1vvyM(PfIz|p2O)m;8>B&0;C(YTe` zS4>a(t0r)jC1Yl8PP=LP3oeMWIH;+)M|ghnbP-DFeBCAcY1m@Vq-oDSfiS^M5e=&h V%Q37BX&ZQ)H9u!o^0!;e{{f1NA8Y^s literal 0 HcmV?d00001 diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/baseapp_state-processproposal.png b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/baseapp_state-processproposal.png new file mode 100644 index 0000000000000000000000000000000000000000..fb6012378dd580b0ced3ed6809288d9d312a2e96 GIT binary patch literal 248588 zcmYhjN6!4pvn6(00tBIf?ga>%{(%;RcR_E4G)3<{Ie8#i^tR~99cU4nXaU-WX4;2# zq2%vA0m4^b85Wr&Gb1BToH$wkn`Maq%af6e{Y{?8?LhHi@*Mba{s*h7XsDOy8R2~ z|AipwJpcV|(rQVE_3yFRz$WnhFnyb{DZc;ggFp!SZxH-%DCEJ|zfcAy!4pRPjUagP z&;DsujQ`Of{x<{~_-}feH{&*~^}kRSe3r+p=)o)444zFFJVoFihW;JK|DF6_z*}aX z`ywndwE@>4;3)YwN`TG(O_e-d`xnB2_kGh9;6*I*Zh8;l>SY?h76FFnzoGXJY;@By zU7G)26Yu>LTUz~dFD=?iD?JIw?njCFZ%Qe0>gjIn^889F|R4K_-2mmgMH022}L;wm*V4c~^}|J@a>puxer!w!`o z+}9H7oVa{9fPe6a$ey>hmZnVbfh6B6Il7i9`2w6!cv4=VojfdXvV!bR!G|QIjgZt) z=xoh|1_!a;X=0O{k2~)jjK9q%bL3!B9C(NOvNsI)Dr zHAaHnKo_$PPBV}RdMk3iLi`l*tJX8cx&uF$QQ4x(T*j2BntAqr(VyDhVP?YDCk ztLNKjU>JIUPG<3s4=#D!!|!{$PkDxL+=Z97`H9(>n*&bwo>KOZ50)@Na9xmgxvNgN z%|R16;$_)Bo>jNI4-p}!LrTp0`-lNGT;glbiD=9305Lt1f)gCLZtrKf%J=lUhzLeq zvG%r)&Z!ursR2%{i+APYfg@}J32KXhlk z&cKA*$^)-=UyrzKEfgx2;t|V1xn2JHj>yhChT8XTm3$_1m=Q3`*^T)2Lna2Ig+J@1 z517#@C>@)qS^jW0yD@d42R_!lXFkc@%e6iVn43^&Qkr4Eh+B!tgU>&% zO5rQa{9Z5b(EKuKaU)QZH$}8i=9gtcN``;EuC+eLcXj!rQF(r*udw@2HL7>%kYN}x z2sJNpOhPcWZ0_!{qQ7o)8lNdsU zn?3Vsa@XVpX}^vI-d|A5N|h`yZ&`}1PBA=_3qhLwo|^s>@FtZ>R}QiJbxs({<>(bo zT<-nek;Er%vP5_)i$QnJN9Gm#bycV&{nmmadnY5`8C;Xx7$EnsS7Y%-oHZ&su1y!C ztkEO)1IWB8RfCi?_bdo!;&|lH@8?&zRcRvPig6#z629yQr7~1|oh0_oe#-HYIE}eO zvg&>bH=)SCYciNvw)62b-7aC0E*ZFMYLaAjRX%*0*MppQJsVI3ZdQ4yYqi2K+ooqh zeaVV6<18?4u>x<_Onifn1-Ed@4Vj7z40qu3qKvf9}vDh5`HI-1Hb@`GK8tJuCWT>N|vV z^Np$g=_Oq7<-SLFtk8}!16`*k^|`?HdYP>C{HfBz3@!U!_x(8#!w&+`NRWq#D+~%s zD0yl;N6!04=tEB&bCP;8x9qM78{COnzxYSX(;f>xAsc+FJ|@;;^jgn7H}WYgkNM^|wh{P5NO{XDo2_v2u6*kW*;^D76nBTWB^nq9-dWszFie%GWG;)8 zr04Tm2Uxff6_vIW2JJz3UazePMXa@Pk$w97hhkSJu1HP!g?ZXwa>3q8n*rG$9 zejf}UGs}gKrg<0*E}D*L>_=*yNZNN$DVsHvCL`qrdsaG=BB(Zs-h9ez`B@A*D%fG| z7U){Zd{vpp<9WLbXEmr=9fHGkF)}+?YaKu-5bz-tX^htyed$U5oz{%-DsyxLJ54c~ z%TzR;bR_27!1Cs(6h-^S915U)Hlu6mb`Qa^D@5*>pQS2lzv(kl4cyH)%mp(62)$G+ zvV7iRp^s3phLch8A`vnRvW}{r>kgC-5|u3NatMBaD|=CqfS)8oYL~QD*-!_chrYoH z#~2JVJK3-`=G%J9hhl)wt!bF6TYQu&UnIDOy9kUVtFjKn1=A=}Sq0p?R8_ut;K1t$ zlpOF2>Fe=H5uLowgZUUO>#Aj4)3kA<)voa^x|9%WY`-{{y>}jd`v(^ctFaZGG;^Ye zr+OLRUelY^(-SyOfBCM~^pRRxsz^1F!8!j#VIb_!VQP$mDICm+_j_q0U0Rc+hSn!s z$28(`pM^uS|6{|y4{-PZ=)j<9hv^%q8%==^3-O}Cj6bf9gHxjQNRWoSI3n8kFwYXl zJ|8kS&?I9gW)J3XmrktXc8^zID{Jn>8IY4%EJ7plJdxH=3huc1`MwDqREOO0par%D z`u4{rNttXA6!1BF@N32g+9%H+#jwQ)>D_;;&^q zZqq=btJ}RmN>s@YO!4bbjcI^mW;Hl^-R6iGzi9PZHP=o3U~^8%GH^32x{U+t2wu37 zTQ3(LJFpnht#=dR$d}Vz*S>+>{F>?qzjDKMle@qneKXpb!gAm5J-G!_C-e@@k~-?P zJi3Q;O`j%AvyUfpQr#bADA=-#-+h}>-4FaCwj*Pc03x8OcVz6@?-J;SXkP`YeU|HKkNk@M*f0j(2V+WQ|&b^Vpk&u5tBtgDl8k3k5c z9fs4EiuekFe%L2@e!Ulthj7tymE8AU&7aY}-uL50h9f~nR0MlM!OT;caNjNrt zy1i$s_v(`GSi#QtxmU4pa&J^6NQmF!P+Zdqvv-2mtglc#`RW`(7)?E@~r{BHk#7 z!{7UM;%dW{Ki6V@180$K$fQ25NiI0#=&?wPob+JAT9qc(+7$%c!4nqVz2h4rJv^|;mAgIy;M&R7=w z`;j(CVrOl@lV3d(xbE3*@(o&q6yJWy2AtI6FP01tvOYAc6NzJb5eKo>9Z<@=1^_r= zQHr!1gGpZ*3N5D0Gu+jZy_S3niz$VF}P|Or)Jrc4$)VY1U7F82z)T zXxpgZ7(Z}ky@p>XGl{WL%DMI|wecp~F~XrUpyq6}`Q5ww^=E-GMXih`i@DN_dPBK+ zx^<3eeK8W83J@1to8QQ<#K;B>wlMB)-!`g{QE<`*A>cVHZX)H&ck)QEY41HN=V54O zKKxm>nT~0!?DQ1G7dKjDMOlUPtO%7)jc>{&4G$3|1M`w%+mfZ16B zj_TXzr*GEDc5b&YyXzAFnJuQUd`ZuD7qk_Z0Gyjv$Pbg-(t)sFvDwv4Y1&>BTs2+a zP{?&lqK}T5@hlYoawx+KMlK?!n(W{%A zb&=lQ`TFubp63EA!-`ziU!PBqcjB&N(;X^~0w$#bOMhZj>!uea7}w8XgzIS7pIEn= z2S`4NgF%Wd>`CB<4dvJ=1^gtxytmwT6!%EFP92O?u^i&L{Es)pDOSu=BLReaY#s92 zf&TqWJ%dOXv}4Y4*NF~5GW4#GA#j+@MU++o?m;NIYJztn7qLPk-`R#bEJ$LdQS096 z>iJgrJ9IG&Z0GalXUm$l>0uC)8z&bcc@L6iQ6gVtF8?g_tPE5S?m-EjItn1D>6e{ zKAR@{@H=^Id*4I>ze;AO>&>T9kAYgX*lu;6da7BjQm**YdVf7IKFjS-PdPHO>~7GT zv8*hA{eqb%o9l?CP+lWfIDbjIOc=2<06+luZJ@5knn(B?T*!sfG-!_gJ5b;$xE&?G zx*NF;dQsuchBcaEWniv3~@)O%kU{ z6{>O$z4%@Y?Mkb~-XJZ}thIHlj=?ThD5ZnekA3gP$Y>fQB1?RpqOD1^@#8iImHBwz z$FxT7U56)K=s~@{*Un#%sf#FPQn$T__XY>VTw}uzp{-vt zqOTkJyx6wSU4`R6W^73!xsqrIa7FH1 zJDP?~Oy8RM=V9X)f@X@!*#OKMI0hXN<$7WMJ$9a+_Kmu&8ly5x)HNTgiBT^_ z=Y$)Eie!v^#l3U^`&tWtVq>YqI@FVDpsfh1q8p+J1$a$A9e}c+&b+Q17oNZ;VB#c6 zJP{v62FbGU?WBcZ`Ozm)vWSjmB%Mwc`izJM%a|orX%~>b2l(>o&W~x>4oum}aado@ z8R{>~H%{{P1$hE-NPzY+XucV|d23UCzTP4~1|7diinW8}T|?Ioh;|Y4ympyu;S({i zsfQBP8y9IL`g18hk#)Mjr(=nv9NzZ9xFEFXrMHR>c%VB!9xMHEr@otU1FR>Mi$cow zkwMWIk5U)a=R3Dyk=2BBuv_S?wCMpNjB@QGM2VUkRoC5bC?J9L9Ps-&smH^#aCtNBR}12B9f zFQk`zipgWgzFhciuyG?!SM38TOVUeOi0twS^(wU~IoOIf|Jw+12`>B*_~)DlAF-1( z>rK7-QuMxVZxb@Z^92*va+%>RtSG7Epz9bgm# z#)Y0|kcY35O!~gO>>6p+O?BcIa ztjFY|lyL$lT69Y)V3UTCnJS5B#0>prb)6*Op}JC8B}>!O_*s>PJmfh1Q+fn^CM zbaD+_pi+hEZSy#%w6-M8LJU%Mk~vSE`0>xdg27CR&n7!xvO{oE&ZNPr^af>!`^$DfW!_S;e?u2_OXI21-K!uo`(s09Ph=#Gi{S?akhCR-~;JH=6fQ zXJ}Ps((Jgy)?Oy%Cii0GK5F5|LYW`1F$*Ud`XEDEE|^hBOfclRG15= z4x{72!oA}kfMtu0T4UVpYEf(l zI1B4BCH2c|9Bm`xf($|=!E%k{*tmb}>FhDYE<)|Q$_DzmBoLl{K{vWd*XMljfCLXzF-9D9rsEbd=W_-Rv@lAaUe>q+BY0O7e0*j@R7;-!tgZkl)}8Z zz223=8}SX~UVwJ}e$Ym(qrFwWfYS^W4w|*~;SKV06mM!ryP!-yc=-WqfC-iUBnQmJ z`i6bsy0tLn=>*RiZ5`UkcE6ICz<3<%9t~QibOCA7w3-kynbCHJQu!7-*g?*oqF;0` zzp`flMHFFJxlW0tEGq>67`v4Uel$s(p{I4@C4A6Ruts3;H?T)R*3wc0Vg4w~tkjUf zEhQn|K9#Qis1yZJ@B#a*&-d}Rgtr&(4&NT4*$|2>Z@*;E zmTR3Q`$JdlQMS!a1RNpvp~mi~|Ac%2*aZ|hX1HN`Y#HVS*O21=;za2q^I= z2H^vM%hEx$L4SlVo)Zk9r)4bEcwf5LdLM^#O~?h?o()1YJuU=ERxNK8xw(-p&2mVS zdQxC%T$Dkf8)PRY#`XeQZ7WB9l>ykE^6Mzx1&;#`n`9>|0;J7v09-0Z!2p97%ZL?F z@&X&sQ>%hqFbo&jTXTKW;aJJ}Zk)fIVu-Ux5ku&p@@PtLoUcRAK1RZ3EY7-^4Q;kK z4_8Ji<%{fRmO4L+Z|MC_V?jYscQ7Yo-6+5^(?R9D6pC<_+&>01KkA3LD@XNOLQEs-1{;f zJbsS&b(lw;tDArHpIQs*`r}YpUF5Lf&0Tu@1enm-Z9B?%?yXpvFT|X+O5JoTbXQ4cH#P#5c;3 zT(aRI>J0J$`i7ihpi9QXB)HI4n|KfqQfXi8eXZBxk zu!$|h0U^-v4%-6NgoqMLLmY^1INL0;CK20wrcY0f>NDOPZ_%FR3Om!ub^!#kP$o*o zeQ8tJmpZ?WGVCT4s43znLn)oMKK|D*aNy`qSlzMLFpN^G6hNv+=C5ajZgh^kuA59%cG=sbv0(3`150uG# z*0r~cO@hfg@D@bV%rQpHgd*EuQ@t0mBFLa`?ppAoK`p+O)8gP+m3PbPuYK4XSBnNf z0EBj{*;;0*rvyKRIfpe^8&pRnI+9ze;rK&+$JAhu=Am{1-)The?EC1z85HV7m)iF? zN~^|OwS}*gzq&es$ztk?Ufa|o$-IS9=l4IAbwaXUUCtN%U`u9$Jk7hjtB4cgxGe;8 zJNPxkcLW>`jhdtmF8Ri^c%_s!w-OK^0WuSSz;rpV6$3g<8K^J_L`5@212`gx&JSP~ zS;Za+C^kU0@B!LfO#oADWlD%gkm3-D2V1#`-TR>xgBC%}5Y|O2(6oW|G5BN`M za3KF(Vg?wsfX3|2T4>j6($>_Nt_dq%_|S2A53s%^;+1 zS?#S_@^=QcFT9W}8LmeDtmKF;$UKV8p1siAwOIn_2Et`yp@h>*Zm$E|BY) zbU7t*(@8jlM2LQ_+nEsQYtRIR>D)ez;+IA(rJ=7or{^$sL*T-+I5kKVM(;>r;wc)@ zjK(&>4EobU!;hOvf!!Ih(qzmfe(JONG=6SHR6GgEOROMH;&aQDesk{{ZfhBF;gtch zS^Fh$H)Td;O)?>yy=V-Q`V4@Cx|-BnNjBiP@g=G;nGz(z<&&?ht<6X;uI5^NU~Izg zdI6rq@V_{@Bz>qZfRU%)bt6+c-VA9fe28H zqolpO;erVY--rZcJhT0%^7`!b3-=0Nn^&AyKDQ(-gRF0vJFg#r%LIU}PL{tY7yroe z(xogr^+qgFn-hy)DWjivW{8TnL0%8yA2hz6N1czNXVo{Rldn0y_oz6B zOr68FY;LAmV`aOaD9~%?-Ae#EZrkq8$Sq%h1l;uIdU&;D7ma&_qi#U^G#Eu*yxnNS zq`KKI5mr)LQml*9k3hi3K~bk%fE8ej0NypIH2NBV|&zrIw{BA6qH=N02N+6H1)N zTnSl$jsy&s@QV<0Dz3Wqb=yFJe$`8jBZ>{l!>q1v0FmIThl}ks8Ycb0vV8I`Be4-` zRXaQb@X4@PA>KA>GR0YfK@(=Zh(KmH!-*JNh<1e1t&BEw)DpCrYC{P?;;5I4i6&PK zh!xiJVzJCIXKGt{#>(FhD5XI&x43?mw)f9tL0Q19gB-xv``?>mQn2yCxn&7n#C5>E z?{0$vE!PLqb<{f8tI&<+(n`0ZPep?$a-3t`X2wk1Nt9>fXS3!;)TpguCU`<#TMbbY z2a0{b3RSul!vqjhEaXzksvFZA&{0k$FZO_G4PMX6wuT9%Z(MJEL6sRDXuSRuF>(JI z*&tY|@V&8=U7p_pXsTOy=Yb+(Gj~l+HAoQPQm2zT0Gd#2oYHP+TXpCuAT=1AB|I}#RD?qSo<&?1jGsrD#m;*)W8r}1?a(lE5}3|9Tle!LOj@LVhE_IHBn~N zsK+Q{7OCE%EPVt=UHW`*TZ}Y&wlNKqvb28M4IGr9ML&vnJf)>CgjeQSPQwr$4gHk| z&g4{HJDA>+7^lFfmPBk_6*&@|N*d%u|EVs&RIXA+W19Ew4%WZ8dLAya@YpZ%Rvxq* zBoZf3b5G#$Ugy)*wA!!BJ~_7!&<0gI!QdB1=%+_8=mlEgvWZV z*OI9+fJ5OUpMYNh7x3ibZpWy8#t?ep=-EjHdR_E4i{Tm!)52W7Jtu-5P7D%o+I!7k z0cc5eR{Z{cQg+B;QDlf?9_dUDowANIsF4T@bV!#(6e(OX35<~HClw3G0}2H7j#DY# zf0*g3k`vX%>Z;>Uf#Lpvx8Du)FF+^_TA2GDmqs)0JAVUsfT(zVG)T?vqVPKUN{(#P zRTGGg`rvi3jcYvzJP%;}gtD;@@B+3*IQ6;}VpoU<#st20HWQsTOBHY;1L7$^NE8NX zEy#*~bgnY6=h~;nEV>hFFaWhJ4EccgLnGkAE5_9ui#Z+*cyCtvoeL9c;&durLi==( zKJMr~E^C(C_$Gco$V?4{;cp7=AnOZwnyLtb8jf_Z4lM}UMP0iS>^DjMmvTKb+eyYp zAdLMXum&Lc8)XB+&J~vslJ56*s%FmnNU=&ECh0qQtTz>^Db&`#5iCG#&;JZ@Wb@$L ze>lqfdTIN!0q-a51;nEnkaQ$x%r(?xv~vzNXKtqOK$pWx0_J}Mscqoz+=h?}gEbB{ zt^K@bJ$$-LwSFjU8j7|1yi(^k0tI;s^auBzFgz<^W*VAvYHztpm_q!_6AF_);e3rfP7EIuWClEoV15hMO&I`n zMrj&b=<=clCPY%+DV1+^hMzt-QpUJgWwG)po~1YAk0THZ1vGdagn&12Ol=Tgux;-8 zU|Rt6tfVxV=oq&bM3cYyQvwZECw^7nYgodhHA1Vm7ezkV?~1G#C`Q&(29dG-d>HH_ z$8s{9nUH?oG5mG1-kS`@ek)P|tonK{*$JsN0cDWyfR~AudBj)i zQciiICFr5>Y~=SZdW4z!rNP3Sv1d380a@0;e=G?URNj?Ff-ONUngV6L?78!GQ|V?L?dmBs>zBLu}By0baEVPOk3obK9uLXWlB96~-&(%{C@N ziE1vtE*8ks<59%NAJ7!iLL|^1sCNcnexMo+p1`8LosFe1WIskN6aX7Zd*f*jO#_A+ z!~QVVLfH{u{oPDIkR7o+E5(vTIY=1@KpjoS_rn9ZD5kwp#@g*h4LnWDuuo~B+zC|F zk3L%1r}+_6Ssi_R`Li=tpf1ZcoXquJyGoek;lY(K~tXu=1Fo6*JF45CN;CDhP<;g217@;l~R_U&V{czOkCbfEBY@Ab~s(_9DR2X8pq~ zrK17|1%xU1YAOLMWtY}Xo~)C|HLIwmlb~kVS|G--9H-{fpSAZ}K~^W2SRO4wU5_ z@_?%Y`Jdi`1s%5C{7BxQWH&{N43OKcI4pSraQ~g0y#2by%95A{#pFT%t>g8SY*vLP-^gh`qauM2BcETN4v`#gUqYpIl%6CKd1^IYqTL6Uu1}*|TSdzH;8pw4rs_z4k<43$M zfy}=E@)`5~MjMbbX6%Y+@k9eDmJMLwd)Psi(2p*^-QfOh+=fXiZ6mjaQ` z7En4k;4BR}{l1xG#+$5FNyRyB3I|qq`Tzzh9L7OdyH5(>%6Z%Aj1l?_F;B;QXt{*4 zjBaU`A@s;#wMnxsyM_v!6wI`Seb4azz~v3rL?BWag&_^fSXu4*A5AY3Wx4H)+G13R z<1Bw;=tsfKfp)I%@KYh39zs}0L1CnFxR!b^K6uRy@E9~Ks5Mx(Bf~&s;R~BaqEk`G z&pCQHH9Th~of82_Y2Z!SN!B?Wup`p|rJB5PW`SfT1iYMZ*O0CN;~hEgSHGmYV8)b; zRzPOFb?zhq84engey%v_<{0^~58f?d!g6;&t2OX-mV1FY1DTE7tJND!1(YY0VDK1$ zSk>c>j5lzrcf|z79SkGP8%91s!vX>=TMLZL@i4oB3C4=1?yzHrMkhyegJfc!0c0sv z?C)}>Gs-@M$We&oOILpJxV`ysesw0J@+&27dyO2@ z26hB<#Quz-G}jiJys5R0?+@XvQ_Yvt@Aamj$Q?wo3`Ozx>41X6q)Qu&2@CbNIS zT_yxNE+&w8bLGeC2M6y!b!eOApPDtBMtMLm&_ShCtBCy-xcV4=vpYZpM^KHPMIs5y zrQUiVTm$PA=z(-`3%vO*z^w{9Ee1$RJ{p&RRUKDU89;`Q&Gn1A%=x*1`1qk$+srQF z)3$sjdvMKk);xdd_0vUE??W6Y{%Xv`VhhAmcG$drI{ASFkL4YycAot0cF>#x5WSUM zCkK`}!oQ5zANvd|NviD>T}AV?gDrTc45&wM0T7M48`va*PGd3V#UyaWuQVT3AYrLd zu#V6c;RZ|tiZ|k925ZCKl$d%v9Ia2L1BFFYN*K+TmUfU(5PoqO#r(43w|pqrG;H>% zShIN)QxOUL2e-cx2i9nSHJ-ObE{S72A+KQ+i-r$0zp4KMXY?-sm2z+%0RkoT{VcN( zyay$1>cM3Svjb7*zi08a9@rZZdDNIYUcnlS#A;U?slGe2gO!WSlqx5UL`AKCM+6># z($G+!Cz(gEexUY$M{!h|l&doodsqvK?#vT|TQi&<_tmJ+qF@w-{WMqm;k2_|B05EY zOy}feh1fdniyR>Vl8F^8JO)<>j@%K_f5$^}TTM0uv3r)xs9?ryJaj66^<-Wex zdZu)_?;>GrWg&-b;od+Xa|_2u=tL@k(j+V`wN&VfC_dkbX&Ym%;~_{z`0%qvk}Xh~ z*z=ye<&JYzCBbE6w6;l5hX=ojRHUgm^7ounm_0t|1EoF08Jvl(-<%QoO(X(zYNWRWl7*j z@VM<%+@lnyukDS#Ov5N%4xj2IC(L7GUj$dM8J6G|4F0;{ng&2wuvv+TmBMb}9E=Z` zl)r+PzhmV z&NX^sX9mcb!4wNIo1J^J(%{tgQ({uPjtRT@kUOo?E^6fT(v*Imf%r&I(Tv!Ob~DNO zC6H}IqJ!%Zx!aMNOoDQ!0x|kG@10{%M&vn>3`s{8R^iBePBqTJZ7nVQb z!Bm#L(+~&1jewR@nKP}{&p?|8fi=ox@_YNp2Rg*I)e=5PvyUG5Ey{!BZSSSqZ^IsH5U`cMpayE? zV=;s_%8aVmueJ)mP7yGO5SW$`{*o`*$M_wy7RPydxAMAYgSuL$!fZisfd5)QT!Q(TeI8U%?*~>`CvD+1 zgiBSe^nvjPH@rVEmVrewHk_n zI5O+}mgvNhW5Yl7A#jbOam-dROK+ShGjPMKxDCOF5}vZg&23ftB;+v3=At)pkL_bS zBD^1h{185l0|GZca}o%->-(#Usgdl9h)iIyk0$NNn*-Gc?QG|$|CH`2zaUesYWbn@ z?_HqvRG)f>Zint;`i)Ur_RZ`X{JMyeKz=n^?_f;9P%cq<;ty&CLv@oVeLT>2p@ZK( zi7m;0z#Ih2qKi1|4M#dFb^7)DeG*oo>7V!Kas*T@@*n<8Yo|4T3adh`kYiuEz*7p9 zCbQtz94P)|Lem8S13C~2{C-8suzvJ~K@epnY^x!u$#Qi8!_4~p#NGAwEr>mnn`(u= z-{PeA!2}SyL2YD$ED(ZXRP1P8Z8M@)EsH94aS{51LIxZw^C0uPUm~RO_ydw#sUe1w zBhg&qNj5EiX$-0%S4Pr2_>Gg9TdQwMj;P@bd7%72`XkIindY#b(F(IYjydi(sQ{W^ z20vVo2!kh=V0GW;(o;<7A}9=aquh)ZwFY#1R9dB?h5`it2kQU;+zcdYlKS3>kU^;Vb@Kr-O#oK_AHvxKNg^ zz`~n)o?IIg=}B0{Y7`!biNmmz^yB^lwOXT;IA+&N9sIIMwI-k+620udr9DYocy|pB zUuLcYl@J7I5caEd?tu45jug3ugb*wqo)Lou|FYT`u@9lb7I|E{;TK5-^%k#5F(bgI zdg%{rHY^?}8GRA_as!EtAjJ`wH5FAR-<9m~EK;v%g*S8M|0U_Vwj4!b=r57OBba0| zCi7-Y4km-)>qqpQ(>vSkfH72+RMHJ^Ao7Y-38!|CeL$n%A#XqA&$W{1>h9zik~68w z57h?5Sn>m&6-RyF1u{4$y<1Ha>iyTidK&u4Bl&w3OgQJTs;%#BZC}DCuMmg8>y|4* zA(itH=iERzds?w5ajW$1WIy3~+~KzReU}jLv(KLz5I|7_r!Ma4@TnWOaE0$j#FFP7 zUOyi4vFC8nQ`+Y1C&B+1ykn^=Q3h{qenO$Y@nXSN#kg?1!rmN9rfag}(2T8+3h2?^ zNF4OTg@z*T$eVi{4)VUiQ17BfMLjRQ`;~0+H z*_B@6Z=pI~sg|htQO}(E6xH@(!>@0e6_ikT1h@8kG6l`fWY4exyxnA*gmApa%OisN zJN(={ELb(WuR8pA^_@4eA^yu>VX~P>t0E&)gm3ewoaq8rO~BcJ&nKIBlm-5mI`3J5 z?elIy?=x;VQ#h~py`!c4P?`#h?fOB60`JYD2N?iG>K&->zBUvHMe9UNt?E4SU(QlLgZuX=g+ACqs?zbIDnFgWjNUY z*MeX8JEu+%PGbI=a%dd<9?|TZ=M%#na_o1I=#e)Q58~nlv0utZBAI!0;2BN|$M)5* zY4a3ai*Q^nT;eDT5G9R9jWtGv1*nGtRJHC{{8y!b0FtH=HcL?a`fxKSFiaKmZ0cb8 zyzOFLGrn_(QlJ5KC}Jz#I{Wh*nvbO_3vBav)c@4DYAPxJ1kkc59}z6wym6EOwy3lL zCW3cBM)5GL=qcWt;?QveDnEw_qwew59%2%0e-QnX*{U$b-xxA#v(_& z6?LS@RbbBp6bIbHYIfcRrsxW^y0-5fE8u2QwsYdWY1p%C#w;D~M?9dWNnP{ZK?CSEFi`OF^` zG^y^$Piglu%l<0&OFx3(u)HBHisT+hAzfr)%+oBeWE^nYjx9LwP}M&|!X`}S z&h(WOFDDWYXl>r9VMesP-&k;V{0IK)gF$~3Yt9uYlzc)#`UR^x_$3!5d29bxmh~>b zxv8vD4FNjlkZ#5~Kxg0kOOz#JX1h-@1OmoW0T2}1&>K#T_>4%n{k>$4pW=7oD-BIQ z;-nicJcFBjZ;A}HxR%BaNKd(_xsYZl5+0Bs@XTxvkhw_gR^9o6bpa$J2z&$d5-R-8 z$?xmSo<@F`VMq9Vr5_Jzdj;G5rC9q#HuhcZl=i`M;gPb2Qf5N3pFH%AljlF2aY`l> zNbNhyMSHgWaP~%hNb&wx+gt_HAO7#3B?`EAG(2@jG3B0mK;s1^s^^%e2d~}in-4_}Tne;0my@?8V=Z7t^p&@?IIIQK>n)Dbm{-xe=dZoGvA`y~Ji=32@LTD`mL<2ggpyKE#0I7yF2f@>*s$SEn`cfmJgQM=jl{Jr&LY(E1=XIq+W%VG7zMyTh1Ir()fE}F3Njs|@-U+xkvTz`YJ!yubaxZdJ z%o_ism0)vqKf@pUYAjDj!J#pY!ZO@xFmZiaTLsEx4}FHekOMdh*X#vJ8xQz2NkL0v9C4 z($6;KT^&W9>+{~k#kM5yY&?K4(oQc(SxPv24|m>yC-XbJ)NkC%$k*}}MR}zmTH(aB zoAnmM3x4@jICJn^2yX5%c%S4NCB2NnU-^R9TSe+(`&fS?=1?aop`t*iux9Zgkm&gj zscHUhk;W8ZXMUG5YNNXzy~zwwR$hyr7g5(%Umj!tc(f=W^elHn6#;I0VQ{2s#<0y- z)4%|1SPJDejsb|jj-K!duts${bTIkzjm!}S>lV#-9z5>d$qUf$oJ>@$2v#>3S+obL z0E1Eh*iURgr|&}guYx7;T=`cjzonIU5%lFSS;KS%lJX~xKB#>qh@XTiCn%;uJ!iOt z1z4AF&CZru!=W`SI`^Vj!9I5@cKD6h_W`-Dy4@5sV6x)&)yYqodG}2RSa9oZ&07WX%mgnhm_*b0;@5vi?e|)Sl&+a`XMyUg(-MldzU&TnQu`p2 z7F{4hOR&e3B<@v$?n9UKn{77VGh)KmeKe*{7IjZkISP-VANsNsWA^IoU>As;AYZA3 z_w~M0MWm>f6#DTq%9I)|nIv_r@4F!G1!p>9p#C+onK zu$IUI5S1~c9U7$*f}a9$Cv9B1^zQ?bv0Jba(2<-X-_l;4Z3&%VTc zDd(b)7=Qx{R1GSsAgM5irtS(bv)XMaQV`GB-sYWGP&fd`lFE4%Z(*2(R4OhJ5Phv{ zbvpOp^7Dzt(B1{6BBun8k3P>TfX0iCd4u@d_vk>q7A_C$M&MW~(iXMwLH6+8pCw3b zPkkfbA*H|@Rseji{4!;h_)z^AE+}wUHM{E{<9UoX zF7#d^g)n(Ud&0*0ow1d_q2BL{YH2Py^Pj7%V*hnzQ?nNlC%72AgF%jrGAaQYrvrty z%7emJ!@aYRCp?SiMN!H26TR;d{K%lxN_0ueK7}Tp09_}2(8)ERl=+02#uITvClnI# z(YXDLka+*@t?`e(M?4#Npw9yHj?X_0WJmNX9JKybU7GpyYX*b|jdO;L?e%z6w(NZx zBmw4f=#Sro9d~6k;ULfs?RhSN-tQ(*;uACq=zi@pQuCn%a(O1a!tm*jwHd1Q{F0Ab z$XLR|o3kRdi1Tr-Wq_SEylg#}bSZQY&9L9!o*fVVD4LvLwamnli;dO~qtlo5q!s!i zGAQF>R5rVeBXC>&au4nh0LBhSy}zI0hsv672iyQyGP#EcM3g%bf}bN331~L^))^JF z-oN{7tTV}v2fyG#)nHSF!pQY++zTnKVfWzN$Yrdo5Bo!L)@%2$){cfViY018rpSJU z0{bJ2At?CdbN_Q19D6JhnPA_gGBH4Ah=tW{2~ zAptQ-Sr60W-pgjDv1{$Ob{S~J0Q~%M zc)zp4{KbPJ@F%brCR)1I>sr>96|4|wEm_HnIWL8yf7g)n!mJA*HQ>(PHa+zFI-lgY zxHB9T-3v+hW9U>(~Q zP-JaXB^L?v-T&dzJbxd8Y;n!jDBjK`6xY`%fTaprC3jd{WQx)f6^-pd6 zzitc@cpB_>B%cFpzVasTWcC1^&Jp&OiKv*z%LZl~KJvnvQv9>@$5AU_#MYK3Eg#^W zuuyTP&i6~OQ8!UCCj*JZZWc7sgvhsDD_fs3!zlaXz9~xkAsn{RhaYyhbbK$K*!@Mv zY0l!GDn0DuJep0e9!0_$po5h`zmRuQS`8&=HP5t39=~LSw($7FPmoB3q8i05aF{;- zUKQK3El(TI6Ed7jHS0oCOQf=zT+khv)9+c_{yxnN5tFBLkV>M=3j?VZ)}qqOD!N}f zrab|O04!Ed9fmTz4zKT5tJW8Il;?e)dA_K(lpGPHoCt!Bj zFQ8e}`%VG#dIJ3l9a0Ims{Xdplee>2&x1fAyHwPj2*aAl3-96*nu_!jI_hsBb>J0t zC9q-L6a=9QcmGZ?&B(;P?tB8!Fu}%Beu*|czET9b*q;;dT!MATbSZv7zDg`5G(-LH znJhH_VsW~v7B?YcRg3h!Sk|0sRQ$yg?n(k7truuXnd20F@!^$|wZ^NMT+8!H9Rb2>!jx2jhn}fGE=; z&oOw?pGM$D!iVSXxPE3A>lDp*MzDpgVpKoY#;$9XVzo0q%%59 z9f$IpOJ@l;oOcKs4tt6#smTv3Qyc_s-3kz%HJ_2Ykqw!>9kj;5_Sur2G4goeg224q z=%&-4ZV&k`j-6VfB_iMeVtL;7;>g~WU~nvl&T-+WmA`&BE<#h~Jzcbef{=I6C{!~{ zpep)D6NwFwIxeoOuQFgP$$V@f`YJ|`D*SY9Te7}IJqKd7mjy?aO+j5>HP@`830LzyfB`yf^F&c$Mq4lk51aF7Nmwd zqIS|(FOV5X(5;(I*a1z67DAWP&%bFs>HZ>sZYpgc=WoApQW9J4wS9f>O%>V^2D4Yz z6bcihpM8Pv?hI}op)HCS3mUMhzqKriE6wAW?+YFDc`d|o(5+ViaHS$HMG;InP`Xs6 zc^jxW#$&GQ3QMsiERnoud7*0N>zWDzz>EUx3rDNad{HYMPSkJDRpAYXcTUI z_=lhIo>G#fpeWg}Y?l)J`&tO{TMP1#3-iFnoAkR2B(LYbI&U&jfLNbn*y~L~(BMf_ z(?MAg<>hL>_q*2tRSo!m=J&0vnLZ87?i*dpi@ECiKq@(brA6o_*<)SY7YFw-zxVL* zn0tVJva3svSmZ^GFkK>XZqzbw?sI56vWvU#1Jsr7rR>{+z#=_aP!1fSr=60iW^6m3 z?#8P{(--4lHZhlaMjq2KjmQUh!F_c8TH%qI7Zc!)2ReIu*)I|0Y$`}tjv$jD95tPA zv#)Z(yms+GlUT0f3AMTGh6hJYbA)ZL+B6ZlkM@uYzGjrxe@3Hu93?N`}q z8l?0RC?d-P33UyggIq3Pzr)!*XyD>B`OQQfsv&rEt7O9q(mYo0DbRaz2jvrIIwSy} z=%4yMAAGR;aR>q#5|TgLJl@_MD6MnaKIWeL1OEGc1EEX>vo}o}de3CgRw}-h7K-zo z-}mj&jShCFvvv8lj<1EyfJt6Rr71wp2lqw(L^hZ!eFEqaR ziGn#@jCkg#x_;=3YEdId=RWU6oz9vso9*V46ok%YbMj|Ft81$5a1k=`6GJiZ{wBfx znL`WLek13l;lW$E*A#aYWV8!e22K8Sj#l_>J2co(7px?`aHJ-t+9 z6Cfa@o|>`CCMzh=)g`EcG|by5`w*#n1$D5uuAGS=1n>1h5}kZ*J=A>pIBM^U02rXpnR0aRQ-v`8qkq!b+3IeWVKs(g_H}U zq0(NmP*>Ck1^<|F!A?%>F2t#Y?}zlrw;!lOHsS)Kk`M1wnH9X1QRCe_L0t9w?drPu zNFTrYL;`#)f4hr(oe-NdnA#879!V9W3>$e>ALC<|$bu$Pa;lJf z*eVB<85Q~md`|}M61ha|9^SK~HBm&>E^#b+*sLhm2kH0oTPM2*lYE(4A?f{7nF5a8 z;nncE1lXhsz_K3Jp<-J;8OnR7ns-?}E?QV$-P!Qw8>%7_VEU(--HmktIUo3f$vr4Q z8bz?dLnHswj)j%&8Txx$Vp*a_8=~?`bdp&#RhV|FcbEp)X$LLe^8uol4Bt`S5IXz= zrU6Njj^{Sh%Q3!f6C2a`#9N$#{Ko*P({9NhC&8AD^y{qw zXoSF#eBJ3Xh+BWJ6MPoncd1jIjIxq(tC)9?R%hhV0$aLUOT!f5-!w$Nzzdu|eXpRt zHT*B=AaoN1lq?5LHjQvam-HMw{344({Xi3|FZ-35=GRz-4%szuc6m`@_qW3pf=fjC zOX55uFA2L0uoUxyA`4%%{NQxzodOs*Xg2;?LHU4CC8{1KE|TI9yB_TsKhvaskJwLn zgKYz>Aa{ypm4LOf0~@4P`C!yzy+p?0v~`q$rt;#e>{LyTvf%!GN8tw&?^M%d*MzXj zq8*t$ad0pwWF~_ryJs%Zd zK%$?^4q8+iMH%+SgJ>6U+UBM6P)dyl8-yHSdvPKvRPysbzSqrYY< zU@NTDi>6;dnTi9`3Wc$!A2F4X+Gu3`oF2i3myD%y3AA~UpF63shE1<1>fQ?Zok7`4 zB6nK#?2`)bA%?wW_m1;HR&;L7gu#J5)J-jJ(>7@?%Nm5FO2@dik3yhkEQg-Uy+OUa z2>_n$nR;hoss_iAPWUId7w#>^-e(I9#Xnd!H0#BnhBk?%%3vDy+8Y`$FH`YT9~8^_ zjNJ%Aj8ug@gCdF=&3h%nG3v{`7xynNuUtfYL}TH+jI?oSImm!tVGA&JXAb_F)9w(o@qok729CDGcarNWjeo ze0yM_oj5txpHR5{q+H~Ka7Xd!;=uB2scy&;76B;+=t9x#!w;mFc__q6Jps_MHf|rQ zAN7#2t{!T+$e&CXlW`pa6;J5hqp4(p>kgdsoqhvCiH0H=eU-8obsYvmCF4mXG11oZ zs-%_T$58GhBXZIB$Irf6%ABrH_Q;m}Hr>2}T=0CGdjTeNxt=PEi^3VBcgiADVxZ6a zUK;z<6q-TDVfUbrX`+BqHV&q?b)R z{QbVy%jDpB=!2s<@BqO-Q%RJ_26JHo@yqPd!6cBIZz7mx8@351hbw#I$VoQm-BS_wFeq1JMxJn zUjE>miW?Pu;TGw^8@!x2#b zEAKtxQ2bCZe1YFco;#MS1KpGqKPxi7BkgmP=F3O#xiWlo;cJwscx5ivV!Fh-j$jnY zEUN2k4%)V?_N_xAT{h4PImK_`K@hwLcqdxUq!v{Mx^5Y-V*pk|p_utiLc|i4)*GR% zpKbE?1<~k&uJh#RB5|g@<{N#M09wg~HQK_hIK^A)+G=-dZj|L-jr>+P)*wK>fxlOR zN~-zy*_N=*5Y?g=VDW-H6p)7UTBENAer2;rZa~E%l%d37mcqF$d#*md*$3Ap;O*rf$Q8Z{V+U04j%~2W@WiO`NNAY8SKI-sd3~@S zwNbiaj6XF)G(5MYdUzlD3wtEAEBv<2vFOeW=&tGvU@E2-(0DQCjy&!Yj!KG>55Ty{ zr>1Cl1#;r>Nrv6BoMVM*S6&_diYY%>uYMEDEeI$9gL3gjS%mM}_PwKUI|eSPu)*m( z(~)>^#eQe%^S%CSvJR!WY6(Yl)-rR={t>J@poV*BL3ByE<>l z1Ys^$zf~rAWS>`X7_1v9h6zD>-}H!YM`cg}918dl(@Uq^zK&S^#rGKEJFx&_|Et4v zq6c?Ay8}8aEJZ68Lc!@z%r7}4)NCxy#vTEY{>>v$*=Bo?#s=@J6O_2`^cNImTQ1>Z zYe*37bkF(0W{Jt%W799m?H9M;C+cAjfraEx6hLzj!_W_C;il07po0~REh6oX#DHuT zEa|1o38-$03shfVHQTa4{a7iSnyJQ&fI!#P4s;#+05lAmJ2>@H&oVZtr$3vCBe5p zHrM&~IZNQI-3`P0#S(EL^BYulov+}140ifr*1fz7qbd-ff^#p_UZxJQwt+r$2pbCH zx4yxLumAQ@{78mIHwoBmfe|5C7HOdlfnEhmz4?+yyn_u5ydP~ZfK%z*7Yp`aesjU% zaYm+cpwbPp-$@5D%4sI;DZKOn2_n$BiPZU48~K5fimrbz^{ac@Zj0cBAs2RvJR;6X zxn=|4W#vfYn~=LF%JHB{u6uyqy?VgLFi-hF+He57j^!*ndEatkchnAz0FP>lF9^8O zup$=Adl|@c;Vrjvk6YW47b5Tsc)>3(Xk2r~62h4mUww}Wq>^nzXdkWkY64uUA$Ch z-)9tx+W}I?actI;h9ux?dqscS)TBzNCHTVTI3wZorI$Yid7VGqdk#3T zQ8j+$&s{r#7BTzGKZO6=!+X85q;~{XNs4*u7r{2fX%8U6x3Q)fNnq8rKobp|AuHaD zic=$g184s=jK2_M`1W1GT$TPHVhmu?0GJFZ9I#H{!P0_q;TF%1rWzA+9l);+PT*@` z=>`r<zd6QVNexU1SQ5Y?NRnu7eZLee2>+{S{8k)nsCjBDte;~+s z$TKLUDB#b=!@i&2+*7We!iBGgIAX|&ptHs>yvM8Hl$Jxe5NJAnfm<;s<7Et}EhF%z z=b+n<<@!B-K0tOs+am-6tdn6tMSFNQ@p5*Q+6MjhJgOH#uei3_`lpPbVTBtrM@h&S zH%UChhW%b;1J%>VHCeeWEjMzv@fS$`ezL~x-%QMc&;Y!K-PgO~ z%<3mrG2?ydWj?A9sd&|!Z59q1Yl zbU-fgduFi6^o6(qD%Q|s9E9dTv$`geP9<%l{5{FCtASdUJ}=;*?K>T3F>nI=AXWGF z7Zl6;(Lb=P-%>n9K2{LjiF{RhuwwBa`{;-dASKXwaqM(Lnip46SjSjOV?5T$7fv=J zR%$SsC`tGIw{%i4#r@kVRF8XVtgcL_MPVcP1fh!wtJ!R zRs(Cx&%k1+%8~6U)Qhcl!DSSizRwT1)F%A*6^knUda&L-SOYxS!S7^&Z}uXZ2Fkeb z;M5@$G`#{Naw2dj@RJnAF;v_};+cI41FEFaH>q%b1Yu(8n2W(bzDLcJ0PfBj0y4UD z$>U0KTF?aWWxPr&C*DO@{7k2S%W!sC)NUYT4I-iauFNAg4e94VxeZKQ(-gWciaN{W z6Lw^v)IHEEs4G{RaZf5Wxl^y)pp{l$?V~r|MOi;O01(db?0u(D!5(Gc$FQ&aFA$5E zpxRyZcIqe*un4q@ghm8UM)uV)Tl*Ouqm9X?ETR^=ZAhU45#oWuv5?_&7&v58k}+>l zKffgqk8)%d`c>U~MPB!&%3_o{=Xm!$`U)Yuh`o=|R~^=NCSg116`V+5|1O zhVO(tDeb&$lJ@21e}iovL5dHxGR=NRRVRSv{sJ!BaJeN~_se7roq)a}q-Y0(N>{F{X zyl(MFY16>@%^uKWwJ2Y4r`ND(Gv#md1RDwOXE)N;qylP%2f$q-a2K(m%l~~F9^oXw z8k51oHmibrI~OpdDa54u3Jav5I`v+}v{L^D-yQ@qEmu0+TFJJT4kGb5jAqGWdp$DD za`&wS>E5}l$2fRWf3h-8-0aCiH3!POAawOfSDep|vLH@zLzI4yU~d9Y(9XpWg#+w4 zBc6$p_(SVJ3odlU;{6qJ5$l}$9tSBJn;>RLCYDv}zMD=Na=vA&|AM6fz^^RrDBdK0 zndUW`E0FU6ZcKk)v^*fe=lKzr64;KPI|G^?p`OvEk!@H0vYtBV8)PQv|9%cvRCie0 z4zl;49iAPZ4PJhajjjm;z5(OPXrL!Izvr@Ccj zrG`R+cl$%UHd-SFW4$>+;EOa_bjGA$Aij+zBZ+h&M&je)L69)9)Uls}lMX@L5nPsN z1&%4xjCU)Cz$NoXh&+gwy@`t``T;n~(St+U$#S1l01~z4WkCnx0s~-=2qzaPmk%-b zDC)V`68JlV>7@ohq7WnkU;FtMfGrExr{LKHojbMst`ty!&vZ6J@i}5`L2pPu+!MF# zo~Jc~RMR@G(N}}yaMee6LR!#gSEJGOUS|bhMiW@>whd*zNfgjL%@`**?*ZZKc_fvnslb6QzcRff9q*0kQ4l~&O>)jpCR-S56Pc^3X;^{nl#r0 z_Nu%(EnKZ(*`eL-ScC%&cb>1j<(2^o$tv$`K-kd0mxSw77g<4ojx>m`Ceo!SljjkaWrOtem$_4nNfq=OA#*Enj znf#O)Q1V4AI&0Gr#@^kF|5Jg2!1FzI zU_=-qb25WLDpZkLIR|yOss8#~}|M_}`=6(o~y`7whby~`58$O3~dt`xPFz+{?Ky#tzjQkMw-0RRMZz`FP6dB3Ip;Oh1U*j!4i6Mf(n z*fty&q1`(04tha@1ioha!lK8-SKG6yVS@#N6)YtK+u$mf6x^tT5Gq++w}bIeCNzqb z$-GCk;vg~oUsZ#1UiHZ<8eM@77+4jYZiBN9NNaf+kiHN7SH4e>4@pzrod=-lCCBXk zKy=~!Hj+AkR4Yg&+0xX>vgqHPd(I1V6n1la%b0QZ(&?FY_x;hc^>^>cl1hhj!0*-& z`;9UvRK_kOKaRamcer0{^8obQcf%T(qc0b{tQZ{gvtLhsKC}QE50FG}p3Y&+lv0YV z74`s2MCP`XOaJ2DWMBz0Vu60ZCK!+9ER473Cx{GqTLdycLrK7e9!$ZKh~?h#v&@?J zi8H5R3(`1&y#aGn{ObUn5m2%XfD#V4Bu(Q$hsXsJ=SkQeFS-gq5#EE%m;)%&*OKz> zJ=R=E3qPhP@QLrpgztO$YNNTiOHDXS;Lrx#jn^lhZ0>%shg`;UUDm|eagYk^#x|EB zn*xn9V0`J?yxX9uW69tf3oovoMD(l0=wNy0aSTr|teNI{&k{reK?4fP7g7T_7btWx zaBKHqEq>j0oIO0jL;3&}E53AaHwQEi#fHw`jxT*fPFyd(Ehecs4K~eqO@2-$AUltokduHO;&Zqv?jF;-|wvRW#faj3qFNd~(VAzTe7 zs=+46XxGI69L_nfJ)6+ zS5r~%z#fM;e$%l%5-^fug)&@#&KNQV6wQ6!$Tip(0V}9>FW5(3pSbB(%(`~|-dbn7 zqazw55c-+2b0_}El-;A$Z&#W~I+J3u4^Xf)>x%)oRs^CYw(zU=(m|t&Yf6^+DX8hU zq>k^B6)qt3jbnriq#nkCM1b_%yy;%1<1Na?KdW|bpx2hZ^4GI72myGV7{qRU{F#q$ z1m@G}{Pu}%bwN{aBVqfjtCk4F7dap`5>)*#@bt#W0;S3~Ak9-zg^37t-wnK;i#t_+ zvA+Za#9rg@9=-Q5IVs2xk*pym=#J3egqFz>c_KL|SQ5$WLp>0Vc-jnje4cBYG^PMp z;dfnlh`>VcOe8NXXGz+vG@i9MeFxvb5(wrd7XN5=e!r4$oOl6b13wRfYfHVg=wVNZ z|12u{ROJdJZxJ)ia7DHz%#XHtk=XI|8f0)Cn@%`i+v&+=Cc$e_Vbdp=FFj>12Vb0g zV*xwUki0#X;FB1N*`KWs%z0%fg3PqRXdOCXi{3_OIX_GbjB(wxsG)=5ZvMGC(`E2W z-;SvaP~y&0lLYxA9k2$peDoMR%5CdC63Zl_50ICH@pHNWXUq;}#W71|`f~?A#v9Qf zGT_R_+P9Vm5A@-8OF2KA0=q;1b~P;LaAw|?!I)(55l|5czrWycfD&9h<=vpW?Wf!s zc;jVOs7w1JNm}2}N9qC_Hq1h}F>)m$27PHTEPL^@IgS8;0B)7-wsoAUPFRg zbTv@Ao!0|Ubgv*2>R_$Ksiw|Sgyx^;qI$z02v~Tj`%*~ zW@a_v3w{@UbYmun9rKh_;{{|INY?Kh#7|YWcuqIZke?o>@`YXA2&TY91}H@^aMXLc z)gC^k^o9ANHK5=)9#Xd?+7RPdw!Gj1(hn-xSwl|KT{D@<(zvA5ViPHDDzQ*G|6C(KgZc5?AzV`IF)DCc~U8&`%?yLUZ%k z+~baEMLi7a2;v?8#V0a>50vzDlIJ@dU&9>26U#Rk`vdta1-;{jVN)*g7{t-qWW&G> zS4dG)6Deq6+6vs~pXuP}h74-KM^<+uy znfvWmkeCAM!@SMnKRqJVq=V+w1&>IUT+hz{pnG@cNRed<6a^vjOD)Kg;c{>XgIPOV zC_7e>F`$p3!GB%(-O~MA&GBP5mhyC41q77`5}L0bygpW|C>np3o`8&wVRwE~ioW-$ zD_4c9n@R3=r^@_gOjJFx^=JAsww8b|=cFkIwjOM1IaYJGH(%tX3R)WjV;N2_%rP~d z;H{vE#C=xYjU|babNsk`i{a`L0YMo*^*vDjFMBmw%Yu0>o_TT*|xSch)w3HH}2pPdPmHKb(_G17PugoE8p zc`1Gjo}R6%MCkW{u7qf4Fr)aL(*p~t0M-uOh4$_N9x0UW4@vQQJoF}i84H}J>z-r&uqJ3Gpui_fLwI}NT852k)#P~m*j_tD*7 zNA(UlY5@8K%EW?({MS8R#xN!KS|hEmlK!2uJQXG4rX&S%hnHKXE$IN?Iw*VuKNiJY zV?#l?gu%~?0u0@9++}NXl56VyigVk&7YX<=(_mQKOpo%O7TdAWQ{Z~QD~lN^6KiI! zJDn-+sQ|(sv(W0yP}c_{xxXQ*a9s2z{xL4!h@w-bzi5_ z7QbRd3moDx4~ohFl9M{k@0Nx+IjnyruW9L%rhW||X~^v{*oag_@on9mX|et+4;Bft zV+IlN1d|`j`yNFc_v+>EDSs2w(~@-hd?bp#SF#XoDq(eO7|znJ7xVkU8)zu7r-KQ@ zeWI0{4)f*=`1OvaQGh<_8+=A78XC^uC?LSyniUchY*$ zdH}}2B2O-q;!i~kZbUs{fI{N*Le(z=&21J``PX0cEFPAa4tnN3p)8hVS@ago95)^e z=C4o+DM}1dcwWD>0u=3Dq+}!lEQGvcZs><(x7q(;K$iTG5}PKlE8#C4P`3mLd}(Ca zyB{>J`XBYBgn+J`5BlY;FsCI=1V>)DV$iZ7yDkN<2K%F2%+o-L(GSGj4u6d%8y5@P zntigRk!*0VoLnDa65m5$En|{MO+iWDa*4Vju6~YjJljLvr zYRt0w66a%D%;9qvYF}#uYY^X+Lf=^5(*)zaYTBvYoxol?Jpl;gv0xBvZu~o)Y90v{gWpDB^ir-+w5R z*7hP10RYFl=?i5?)PIs7p)v1b=|R-8Bh(>c?0G>~lLY`}LiD+xEKijNG1`7E-_t^k zsb`dU6;JE0JLU4(4^s+pNMq`Nqh@F_9Ou{T7ZGSuUn-s-Zb6BNG6)J5C=3Yl=0Efs zp+xHesk6@*(+`=@OMk&5uu&jkx)xxyp@s*Vvad_lK5HdO2H-H?Vxi;S!}{$rGzmXL z3t8u7(F6&0AoujK#4hi}6$2X2 z!nX6?B=0Nq&HSnJPtknALkj5dmczX!$z%ie16o_IMlASx#Lt3-yzXEw#QtylP#a0# zL6#34uq94A`K?rVHJX>-wtKZ1>A+4ldwGL6N{cG%Q;W#}Lfdb=6REcHy zo2pbzvx0}B`cv4mlg9=(2*y|)&i{P$=Gw3+6;n<$8&{E@+dzs73B(GJx$v}HGbi+Q zDQk+Mf=|Us;xg<2Ceen zhVt0^+@eJdO@o`HwAiJxTE5Y2aVyvlcWmYG9x7Cb&4bWToD+dU?SrZfrvB}MRwy1= z2)HO_4WTm%){VJVDj)PEnlmT}fI7`g6b`tVTn?xt4y6I;4>mn*fJVCYJHaJH9l2?* z(2a?IEqzc-!hiZd3Mnie5{y6IV2){m_5SNM*s-u$x({^GPs{VVXi~Y@w*NIFltIt) z-J}`;CI8(eUfqTdiy~80n1=87=BiLcp@2(%H(-#FoHruDP!g*SYVpNpMcl%2zq~?Gbq>iX~E_Gm+cFe z=0TP5xEJ-Qi>eg^k=d7?M%e3y*QiqBTBLydj;yk6bwa}SUb)KnL>Uvv|G$#!40Yq= z`}@ye7j`9vZEWGp4Wa}{$%F@!M>sTS7hC8Dmj4dzRwwd6TGfTg$n%hzD~bEJjrbuM zWbJlj{0Q=Bq6-yX{VkdaVi2v9%_+GLPkP|vk&`_L z_TVFAoFWH`yQAC(3G|xbgRmz6AJN2g2e2k^0EOKEM>n}w29bdk+n9*?H)tEg%2Q39 z^DkZJsAw6W0kYb`D!jUh*5DQphZ7Ew^yr=Qok4>@9-VBCq1|^{+xTrM70Q4L8}}NgBWO7elBZ%U`BNNFji{F$VBL1<~t%LU%E~wxzVjzNlVAxq`O6CeWMSOrovei@pI zC+AZ>>ZhkX7RYz`?hA5246sJ_K603N2JqvGOdcqhTXpwDMq+zGK@a5j`QtA2foK*= zlIpmDMwvE#2?@-;@~wET+f?07Vk9t%ckGk7d_96({^c>-@ReT12c&O25Tji2q@Ew3 z>q(g3efGi7bJ4-R{h<0!30!lsRi#CN22cEmo*#Z|pn(gzU!9%oz%~UNhPc%aJuY1# zOC!)Q0X6qjNODmqgWwx}D2gOpn1~u(?Dyf&4Jjq5;8J~Q~YVZ=WkOAZ$CI3uE07qk$SvFGRvbbXh zr~paE#{_|RIG&b+hrN%Oc%R3gA1G?X_J<(8{xgZ)Pv~yqDVR`FoJKv;=GK?qx_Aco zk)D;Ie}Oq4+p_vY;)gPVzeZOyDRVa9iQ&i7rG zq5m{aTy=ao*$e4#X?B+v*+~cy-vJAxS%5xLR>=ejsuL18n!-i!kPdd51X86TX@%B+8v<VSJjAyE?MHs-G2r=M@BCnVHa#LG%|`u- z>&^P663>e5s&O7~{Uhnjx*TJpDEyZYg3BPLAR=PO9b!y~nfUd+Rj<`wf7Ml~jJ(c! z&fd>{#pU{fkM7MXaO1aqfhp~Nc~rWKV+pd&WXo860e{?g2iSbcTwbCqL`LRG>Pqvc^W)WwZ@TQ}PI+kc&ZA(O zXP^7RDhUKvysc;RYuN0Og7lOm^8;~t)RMYgj1AMn9QQpvL8_NaM_(fP?0ws4!S7m^ z3j)9_eLQeF>MM+s$!Z$+JtjWi?hYwX%p$^F6v%IIB-#@$W8MOCgX!$X9YK!NE(i{| z?y66aO^Zj4kIlYj^N*q8x5Dh}_P0ZAC@N2k*Z_dnu8aczwR`z2km%8eMx=Qj{@kto zU4BIonN;vvZ_DCU;o)_TB)!MOGT6$Z%O0kuD&5z6#?|(Us!jw&x6jx2YI1Ku*_&H4 zZ}i#~nc&AEnUG{P0a0po4cWtZS3ISkyRBO7mn4t8 z)V}5Z?%LadPIC}FlfMG}r^s-g6|h;Zus=q$Z>?5`09EPIy0DaCtR`q!9_?e(FZv2( zb6^zyvA^vdA51#P0RO)S+jZi-;kCuMXbTPmoFf;Y)hm3jqIjcGpLa&QmpbN4aSW`= z50R>mlI`|KZqxSNaK&N~YtfCq5yFFR{iF}h6>n-&=Ko{|LGuKGciD!wo%Tky|Ab>V z@f!S5@(lqhhj<=!n*2LRac9>&s<;nIyfHtXPT$R{)Tc@=Ew2QBjI%BwcqnCoT!LDlMgL@-Hy1P8Y~7PKgwybNn<$^1d4R@l zJ#Ygk!=BPeJ@CjKPg{v~V$DvIF`7(G0t8i?((QdwfM$1)g5TSNW(w!GfP^(id&m;x z8ixPUjv$fNI8@+bJna`4#4;gM&d2#93{mI^1A=~zS4qrdU3#_#*nd^?B}1T!7ec59 zpVId8f@+;`tbea_QEqTPr$-A@12eYRd(BDXZ%J-zl!P+3-o$XC zjq36<@aVYSy}oT6i9=ti0~I68T)WM<|MCir0TjsJhWJgxgE~rgYtk3HCX)*&8;_+g z_Rn&J5jw zAnK3wTa51TdA^wF7s_e#9*?F(Y4p?_j9&DGaUW2BClOI>n1G{drE=vlO*E)#z^J^uR*FKHxcTN_?loylBfhDbzu(yc;2=A1 zjo#{~zyzxo2He~(c&Ozbo_}fY1=(DGdVRLNd%9M!sBR?jLwxreXz8^=w#}5fIB^Ed^!x9{J5f1o_ zcR7gN@6Fr7ha)5Ai~C~96X@^jRFUb81;y9z&NJS9neUF(&r`-S=44d<(Q1VbKaRItd(u zDW{!jOt(yrJy%;|+-6g`?!^nD8#knDwqx*oko<@8pkNCHqkTd-K0l;;f>glkm1~5v z`b{UQos0LIxYNgdu{ZOKpyuymrl1Yozj4^bB_ba@wG>+7^~*PP1jmZUQ?E5>x3c%q zgG#P6M`YEjsnP?vUN9CwpNl0ax1ykq`?iH*z83MM(Db&_m}+~1UY#Rs`# zF(+ikp~8m{6upsb8H7sL|MGS)vgXYo_$gWU+zv;pBu?mczn;=z6G%)^hCR! zJi*vK#!uAsj(_7f2>mwx0Cp@_`0crdVeqPw!;dL3h%K$&f}1h+UOu9zc89f7d_qSb zKWdnP9;2nzHG+GQa&08baTE6$KV9_hPOYb(S#Nx7^MdA(F(PZR59%%Wiy^;CHshVg z@5o)K;Mrb2O-+cg{`xHY`M7+HMCfwCIW?`cLu#9~Xmd0f2Yb?hb zrLiNzBJMKz)ljj`*Up_{5p490CN}xPQ%9!5roLU|wlc5%<+>GyTP1Z#PE)f;g9Un4 zLw0BX(!8|-C)qs&s=2I?-|2`yG;8{>F2&bvYHf!kAQXd0{K~2loc}KjzYwNJc#iE2 z!4o8lXPfhkh*vIO)`f_~ywbv7@%(Z{ak<(b$%gH{(05a>ykB3SME*|e3HYJ~gIQc3 zYw*IKKL(c2Dz)nw0gXLu&kK3o_vK;Bx3jG-l_Ba zc-dlR!WPItp!NygtVC)omx3qRESLSY@cS;)Si?Q!MUMILo7JXM1;@>+2Jo$$b9n3z z^Rw=?jcMO+H4sVD)~OSzm$Ey6PQysYAy_O~xH;Zwb@5Uqp7+h5*i;gUb>x?!+UYm)bU+IfL1S+bQ9(ySAiQbJ(8|zr;8Z zrhFr8-Me2xCYlb$Ct{u1Y|InIc;n4Ks1YAin>oW{Ss-!tA|>Hoi4V<x&=;+?vj2Y3f;ll(pLE0~mm%mKJmpRefJ%-`#j=`kDN~CqgEHvr5xQrUlQ(?PRMaW z%wpv3C!9nb=|k~R27JANQf*Rm^ELF)Htv(=v;ubv4(ha>mO>*8E)ms6>a zIGdAH6C4U_CL26VX1Pay?3NzE_qA>gUki%z`-pykxmZ&BdWud>4QowR-{AXr=qkh4 z+~If&cN&F2AEB`0XWg>Qgi}L9yf(_uZkR_-nh$Z2IJYd+z3}Id^>|s(%FjLu(rtbB z+ti1?s!S}ZvFCi>Oo4-v^Dd;u?Z zhUgRldLkV%f4? zydr`*a2*K_U4W-e$? zSZnO}=Xg%qENZWb#onOnEBL-d@z>sit4X%M@JKXAk@3HhFdhjjGDpmM^1Yqi9H*@zs%$05Id-xBxA$JiT68muj;d(HVLw0v!njPhin%o@psmjLGEj>}d$c^h|i8ODLZe zaaAMT0!Q3^&W^s>cq6onYloPueU+c82jzv3$^|4n5aCd$`N)>u+hJXpD=6I);)QEf zrisT*m^m`&T-W#B-F{x>&Z>2kGzs%Dft=Ngd!V?pcY1xU>^Tgj4G32p9s5mRcQW5h z)p#Ez35ABIRTK=E_`w@H%)Oe{((8VmnCi7uFW=jlBT12QW9Dp~4s?DPOxQmv5tG}+ z@T(E{J%Btutmdf@iyy+v?FkLY*sS+EbNOunjRYUTltvGcQ<|;K9M)ZgW=P?FwG~c> z9hf0tSTIccliQDK>6o3ihypyE=D7MbZHOMP$F&08Tt6m(5+N$~BY}A-R=)H+Cddu|7&`ea<+SMWi6lwFM~t5y zp=B0Y3n^qp0wdY193Ylto=vQ&QW#lx$`HyxrwMlBg$+K7yMw2S;Q>7yvwm^?L|7r* zxwJ^GA=#`{Scg@~LVskzY@ANIdARd`sg4)Q_r^qjPC|YRx3=`$tYQFe{KckyQ}HBv zyu6@1AfP>X^@=tM41xuA*OZ*Z&-}{3Yxd;si(lye_OZ_54Y}JV@Y3bC3=YZbpWPmPqkK^nI8$#p)g0*7{KQQi`H(g ziHZpL`t&-@(%ms&Jx&Dsh$vH<|7=G8_~qArb>1+!C))GDKOc|SF}@^n2N$X)^XU0; zW>yiI5o66SEMHx=KNvmjO`9q><4N4+(=z*?oN;!rg&;)l@^6uVx#$?*HG7JB_h<3P z^s0WWsslad5~9_|vZlZ?Sk4ER)F+0i%p>w+!Jwi!A9u5`AD|(j6lNZc5E9#sH7U>P zE2?yC{S6S!w7M(YJNrX6H=_?Z$ED*RhT9$-G#S_^xw%zr9a}e z9W3CO;nJ0(NyhU88(|q9UZqR; zRihv?bpS3t4?F{8CjAKRpl}Jb_mi?-xrE?VT#v|qU?e3eh~+&L75}U9hFpL6jk`cb zbaV_q3sa&k5Jsm)G_Zsdy=Z1m9eh1+l;?+B+;ouZMW&r zLi6`n)=!XWKU3yDvu*Dy%3qj+8D#y1X6@tN`iXzedYx=Ad6ECnx$4`C8AG~w`T`F> zevTkGTP312F1iZqq|gQ1TXBREQEETZHB;2EiNsWjx}S3Q=&&4Kz>2gvw6R6C5dJR_ zfBU-a4P!uE#V`GfY^?96ejKGjEA8t|Ie-W7-E}$0f)B>IR1Syu??OFhQ8@wIw3ql# z>KmJH$gDjpT|pz@Ve%`r2}wm%TJ;($X(7y*-RmmFixPELa%p@-Yu~Q5<6UnNdxrsv z_ux^3+5?8tg__wf>41jc-L8$*af+9GIoC0`$F1WHKG_$T7jOt4DMaBpYChep4}kC5 zlnj6^p%LL?5CmZ6w@@GMO?rm}0eMPu_Sx6Hr*Yw@;0CFU>NS~~&zE!5#M{wwht_aT z{c^>zD-SGSx-YQg{e1tWt~{g#oP*w8z0&sW*lEWo8< z1Mk0CQY+Wqk7HEo{IC+*gx_4A_unD6rZPSQ;U7!riVn}LeXI_9|Dx1sh;?hAvm@MN zntC+SHJ=0@sPCXmiol?$rygU`(?8cgPUm^>Y%$386L5SJ^(Aw5cT zW5jm#3W?!#rYd3+Pv_fBH+uligPMqMS^l}WD2TuT-5Zh^O`VC`@nnhnuBk3?rG z_W>|0_oIA{^Y`WicAp2Yy^XKvmhVR@lFmQI<8l2+LuwGYW52f3ncY9=$E?)9lI&lW zgT0j;zxi`-2FEpq(_NV4-%BUa54Z{;Y0L^SlO{^-a2>w~|MM{*6TEY|hP}{_(0M9+ z{*a?(-k$nYL+&Hbx{b?ScjJMa45?4>o1FV;`^;5NAHBWQbXr@DZ>{&GNyq?%@vEE` z`L=2E`GggW^@b0>SyWYy*d^Yu+lm>sIsJN_Qed2(~YGk(|3{H;5!HB_5SQY)WRYLcxI=_QI89(DsFD6-cKObhXnZ0YOK)x?NFV;XdN%Y=P@!@ zMFqbg`^}$xJLYm9XF7LFHi_L=xzV5TcLu2;VB$ANRQC5s<`H9N2bZx4^lTy??OikB zgW~;IlsPn0pyeLEK}(}3W1UaH0wmF3KyZ4O`gCPR^7d9lg4hyLiH=A;-Gb=N89=)g zPHBV1Z|jY(dzhhuPl|DLaEgQHela0?Fro_)%RtS$b?31FG6 zZzp)bcQIHcFl1SLIA6%Y5$fxje6j>n;57@%p7Z0TRz5}=Cy&b?`~%~8+|4Ic#o)sx3|9Am`D%YJbtG!CK;iNN$dH_PXE)-&=DmgwVyH7ynM}vPDtF3N96S zbYmq!uPlX`^x!Sbv?E=gAuc8G%XbH~H*{8e?HAsISE_t!Z5}!*Db72qXMDoS*2prF zdeP+NvBlc5$cAob>#1yC6}J zpN5UUQ{QLupuW{Fz-M^$fdNz9$+TkX(i>^GDr~XBdxi-aY2TH9BcNiz4~Nup^z%LL zkJ{gde0oL+y_sRMwvwdVjwdkY+98q zPT;8mckB1qz5gH}`*!ZdrLO%!Ttna_O8R>|0#IYlQIXr#>nJG<|1N)rN^1DCk*g~h z(faSreXZmD)#cCikgoLgqrku4nIwT^^GlfdhhN~Nb8)N9FTVr@iMUnR1qug)I=f?^ zQHLTpv2R1w4Q(52edO`!E4bedxY#c%P2<#-xBZ<-to`J^ny+ocyEJaF>wL7{c}U8Q z>*){Vy^RS+U0I84ZcoiP(_r~*2nu@^yclZaXWwLAYlG8$;QA}H#NZ)e<1~1u7Ex2?*--W83vg$ya4}hQ*o@`R&&}Xk!>*gE)>*6b(_p`7 zX3c%RhTR2#`@Kdb_vH}Z9v>y3gICHdC^gp)c@U~z5Emh)0wx?93|SHvX$&reJifZ` zY=0JwaG3t{W9Nx@9zR)*eSysXT?*_5x`}Ya`hffP9Br>hPhu6I-8x~Rm2*<0GFo$^ ztZA`3=aw7wH!5WjzVkwwHU9-E9JfQJ?56%MU*REo`o3UuP1&&&Nf8ZBrJF&1SkNSD z=lB7YFyjr*M&d&c8eHF=p7e+-h>(jpDrbCgyt;s9lhTvPv&y{NxC{p$shqX#bi5#KQU-@e3?{6JkLo-y$?D|?~1;~Mbezu4nz zeS`r2Ft^73)CuN@PX3Fz_wcUWiiJN}T*{8;eTjPQpJV-bLEiF&N(gnCEML_mzw?N% z+TQng0>EnD(LIkvO1YnvJo@oVdB_G-7N zP;sA%YmddZ1OI0~eIT1)v2_QVNOoKu-|$(0o()9Ys;iJ7BriEhN0vUhr8r}a7$MBJ zK+_?IyCLtNv+TOB-)zp%&^3JJI!FCwFv@wo#)AKpKFQv3&+M{}_BV0}#3veIOI?Q} zqF9=VHcLN%mpNtFZNMokqe7A(D&Jj-a!#qhW!hhav_G$gu4m8Xtsqmtq@Bka`wlja z0Xk4iic>Yc0aqCEj6n;Yb>gMDmC(R?|p-O5Cv<8 z+)NgSRBO^knsT>%mixsy3i}4Vi}^*BX!?2IkBDm=o(zqAypOE+y6K!N2v_1Iqy770 z)Wg%abW%VChFk8tA5AE$$lFh*v84KR5Z(}LjekgPK|iD*9w2dB^()NIe7MSl$DAMgnR9LCpA1>wXTDmh_c&m{@^02cF`ZkyLqDSVAkuf* zca1!=AHymW{`?s#mXp4)V0t4ZF1bq5-7^UCehV@Ae4cH`l*ijAQeI^LKG=xgLS-q3 z=!?|U8$i|c$s;gAvx<3$-!oWO^F9-xjd)gKlB>_xj4>JNgckmZ(g?MJ^e)URD zE2Ea`>H4uL^G3#Q{yAm~Sg^U6Mu{>G1dMyAu~FoF_`?8^ds$=tQ=t;a&Op`fKRJNK zd9d~m4oA8ESiJPMjud1i-@_GzL%kpjAxbLXSWIR`(i2isxl{y=R*1A)pRXak#)T%|aj(wf&m8Y>z)`LJ zv#Y6t*XC%~{yakd_&Bf_>U-1B8-6u#TfNZ}HoB$vi z@U1Vf7avhG`i}E_8TP{w!WLSSlK+Ue*PH#`lrLVM1q z%%-_My+_d15)nW~1Bhpf9APgHlHZ-#FG?C8EEueX)u8u>Re7*Cl#q8-{I~?JHiCiw z>i(&H4oK0!MH}P&0o{!B7uP(-QvLq6pUiFJ&hfs^eUg!jiR$3dx}-WL%(P+;Pv zuG!-l@RVLfrHDzgHt-HY+CDJj57=Og_SbT1ZQlCNAs1G4o5p6;_$KdOB=vN^E2_wq zWte@x0sd&DH&(!3g*RS-zyQ9(m#30#mcc!^yt_b=X2oc3ZwLH1p{ZqYJGrgPJJm6{ zW4^8R#4ynup2U55C(QZf0(bqFKRs?RS$b8acKa(=C;jnjU7fhvMRO%E71B#&ayQ1; zNqmq^yTr`t9K^Enjaxh7H`&|ApgXHr;HgZA%x~!CZ%|YEylIU~LU6wDW|;f&nizCc z;2a`0WP5Lld1Q)#KPkkPd1qM}pVf*Y1a}&ojq_emLYKb>fzLH|t*_Gpx*_cC0*r3K zR>oJFu{AvM!8=a?XsNKv6%O;jQ8p@>;UYjapMPImP!KlD5wD>Jf56#tXCyOeOkUx4 zs;FZ5M4tR{lY{5;Ms{871Zrtx_}snaD3R(QnVWrk^gp^mHXJAA?Va#SqsE}vP~Q*h zz53}djEm>Hj=y2`3)30~mv?K7JtvQ+jbZRAF0!U(KDRGBEAxx=NLj0q!J8*L7#MqL zY7WnK*lTCXQ1)x!MGkIGJR0iwrf=p|^UnJbC%m*b>`nSTDFcEU=3^cXE zD334oAjVndUrb848*@nCuRf51iQP}#C)vrNrCQRpRkUnk_*{B-__aeGI{i7pSNQXG zn~L;D=aDk$<#j@P_%9lI76Nh|!sFO)l;Z!kIslxr({lC-z2R4m^@49H z2z=`7IiwdQvK<0vgZVoZjp!vg8tNWPEAtHmFd%3xPT-9BzzPlR*L5SE<=l)Jf^ZWM zfjk_JGJP?c0@x55`Bdk_YX(V~D84{JI%N^&1p6-7e4s?!!>xBHx!BGH3dxFnt zfXm6TrG+jA_#8Onyoh+m1ZCie@d%_fbN|?FCXR10_7&q~Iy+HPK1Ifje4;;mqYkQY;sjY)NZmo_@!$*6N1H-Cy>#l)n~z)0{@f!OmpDeEPl}<2gx(mIQ;~OGXF4bEixHWsdw~ zPSEki+d!5EgYC;tJXiW{+4iafI}FF;<;7&;>pjo{d@FuX7w!D!{a-_U%=-gb4f{tD zmS^Yk@F88+)_q$LBawW&FA{>q5Tv9g2l?{la&K1O`yTc}h0Z0B%jJw%_`vjt6Lb9y z`!(d{Gi|-soR~#_F9+X_@SZ?d3rd}G+roEI+)wfSbLR8{5Qs^tyS(Ne`*R(&ch}2m zEs6*fsj?T$s?scm2dxEQb6-knIJAJ?ovCBg&iVd=gS&&(38(x+x}A^v)%e8MJtMvs z-Rbt!W&vrq(5oAP^@QGZ3SX1Y{Mc)l!~E>OQ<*OgC(=zHbJ_fI5-ZZ_MYqG!l0B2T z)(J_}vQa`1=*F;|n&;^oY@6c{cL+vmzqnq9{cOFd9TF@`|3!^w4DLsCveLbMe|_$I z_A(k~)8w7lRoY*IHT;vaU7XSqVSQ>>FqP`03sQ?bnKs5o!88!kxv#T7$b=ChgCoa3 z%Jj|qrS~I_-a4sYJpT(zWc-qK2!u0#MHVlpRCufn8xuL}z=gQA&B02hn`5(&QMtdP zr*RV+C>}1}m5#@|%^^IXP4?Ss7r$z!s-w~-Im0nn0+ezuo?NY7DkiNbMcj6$BXvxW zZ4$}8#85UKi`L+6YS->58^?|?9>ATkrYd}k4X3xODPw1kZ?K)>(UXA7R^BQ5ZLoo( zPu!#rpnC@-kkN(PW3zj`dX#Sg=-{`{6l7HXw?D7*&pm~dLXPT^Sih7$hU{XZtdqTB zy`dG+Bs88QitWo}q_5&m1n`66ne9uCt%>y^hRW%6C8Wg@+3Sc4kW8~j>XyQynNZ;szJQ?Y9jhZXu%4bQvcp5pk5$FpTiCp@>7#I51 za#tIGoQ9<`^X~MeP#QN4xgsabu}f^de%c5>$EDO8Jss!d*t`vHw-Vl8Ct=wu7I{3J z=YVV7v|sjv>GfDKuqUY-PV5^tnEOd>Q`Y^_hCMBJ(4psnKffPC8dF6TwaMj6KZ+xN zD@NRMbt@1GOY>b^c%Rj$HI9x;d#{S`wtq$)AnQ7UXH2+16H`sc;e>4zvtPse`zHsN zl?#acr*r9>uAb-OIr1hppQ>fcjwaQ#Pfym(!>23?rT~tv=@j0 zBk$5B?(17GT3?oVyu0=qE6EW)I0-JHYD77v1 z9{g`&Y>Q0&K+aIOwgU8(A+}3$N1rzPSeHp@8PnMb!(k4}mCP z)+*XUXlYvoCN3x2dHAw|vR;|H(x8wMLWJ%m!bV5J5LSs*(>b)5LG?xJjg^tZ&%ZK1~37QUEt2 z&L~Jgu>q*-xj+cIm#G$*WPN|{2FLQ@V}XuyIAu1>gnpa~K%LMQb#3Zjc#9NUO#LOI z0O`QpT=nG&|ErL}z#HR%;@MXTCv#Ur?yK!BoFLUqFy_$ow}ga}09q)u>~XDrV@b%E z{#z_EW^r|=#!0xZ0NwYlfFF2UlC4_i{p}T7{nwCkBro#IM1a|JW11NXh>eZrZ!wpz zQ}J}ANt?YHQ=Wb>qS2?}D~`=kcOX@;aGc7&!aDSqO7-;t@AGBh=i^r0KA`dkZ@(PY zLjaPHazVpqzx9#I8vz!1W}I7K)kjnalW?ATjadO3^~`f9u8vK=INSWJMqdARZt--NBX7R>6Riw8Ucty}uw0?OhUhrN^6Z zP&aRdVSLUx_j6<&P%1ClGnq{F+#;i>K8E1}(K^nJ*7KX$I~C3_&rCP@?{^J|y3|rF z6TKFAF2W6nUW&@*AV$8Hd&0IEsNmvPiw(HhMfY{2_mZOgk~K29_62ld*J7>Q+AF7z z5oP!1-Z}uu`@^}cE0Xk+0%@@@D?tihk8ykQ{`z>|`0Kgvdp}41xP*im$Y}W?yqx2v zmuCN>f-Ey_x$cM}@My}D-VzbH!?;Qc1_Sq5vL^d>bC^~I!!-l2RQ)rB@0d=T2kD(Z zlfs_H)eDmHfaIM}A%t(>yAN-?uUM;PFF3gS#a??~K^MQEO7iq%~2LZ56aMz2jaWUlHqTDIAyY2N^eaqh7!sMK{X zSzRo8|-)u0NaK2*EXduhIJUuIJX{b?d#g^UmYwjeWy z0)BL#{8_{^;!?oO>EckCra-m~RU^TAL1#3eOF!D&5y}*bf!a03-KFIjIEqqj{0oVF z>LXHg#-+OMD-)s2w35XLSx|@iv4CpL#B-W~OuwgL=3U_gt^fvay!|5X1`nY_bj!X= zzD!BFK8X1(2{G>5uUp2tR3LrX`}%ei_wwjq4i}A3&!>e=p!>GW?Qx>=ce!n9!M==I z#b^qFKDakddm`Rj^5^?Ag0Z5@_R({XY2>C_AdF1y4b1n;N!SZ{E~3Zeb)u z*gPu!cn!R+SqbXgllOK=6Bcrv{rTOAx70@@!BzXAY(?PJRQ&NQwC~M-icl{-k+Rhr z)SronM#sP2f6M*N+t-UgH^+3eZbjNWpTy<813BbFLLS^fLPXT7zdtSz-Dy5jqqrFP zZ`u2YIG*T0h_%s|*uYekfQ=|frEuIbxMO`UjR)54z~ErrK$Jcw1H1Y>$u;Y>+~5Hp z!QoQysbpoqCchDhl9~p*@v;-1sPP|s$z~D!h|5)jOqgr{P4WzYUZf~pY6;0FF+oZSjUugFH< zUIrlyf4>fn8BI>{dn?L)(>rm5(p}@(ZY67PXSTjvykC~-^9s+U?BP?^s%^j z0(U*VRe>O(>4sC``g%XPN1Eo^UejJv=i|0-!V7}REbeK;q3*XDQB2_o*jgk;y6uI3 zYtky@d{gWNvlO1rvR^EibeyDL2h7Dfmz{OKs{zjB6VlXA_s8R-F_bNwT+(`v95KdL0S-bvjt=WeA!1!I~{9>uY*H&r-YE$hODvfm<$v^!Xki z`P)GgN6~h{kg>7Lt)1O!PAbNR6jgtDpYq$&=?ljsj7eK~V}cDSMEnw8RjxwfgSd!w z8HY5RrX|KzsTO^j416g_D7I`v%xEY>L#mKQtFwJ(YL_$+q2;V3K>mGYx%lc3vr=?% z6czJO%~ej#%=s7?2Sc$B@pn>B^>XJQI7S7sLPRuV@$GLD=Ot~`;e!Lyw*otxpkGAe z?6uXyGV;!fr%z#=kYtVp9a|uLKc}U;Y85Q#FoA>0`>Sw5C>-9`F`l1xGfZ0ENd;&o z@qE2o_fY)oBY9l1G;DS+_j}J@+Lh0tv;wAaK5B~exMZ>D-LUvf6lbaNTYp4pPQttS zX&-m7);$PQYo+tF1;|kak_tEvUUdDNBU#H+?5?S0<`V0H8_NQr$YrF1M+CFRf$GznL~(dWWMSFOOMOQx*(Ainqm zSRcq@OSNz|k|;Db>Ro>8&pTSqlg*O^IjQOgQ$_tD#R$8E=J{g_TGiqn<{P$|U@E;* z=RAlftkx6OaKw@p34S1iYPk;oD`*Pi1r0Z~Ym_V{M z|9Dl?I$Vlfy>oi$3!;>6NCQj!2~l$4QE464-It*))?1Vj`mwPUC+1}Oa7mvCNIhPj zSW+Rftn2uRbomBj&GYGk-jj)}*6d5m`$4#03O}(Ymi=UCG>^-NcP5^|m-a-rAJ;A( zAt2kCA&@TUA$s6+EUq;BwY4vl)^w$DsY}J@W_}zfkwpO5*!$8|h;nG+SMAJ=cQ_6W@OzTtwjSWL^ zng@=vUKf5DE*Tl)*$K3cq=%;*gmnkH1S}%#uU8cBxGR*_V>hturS18xz-!~=FO0I+TUGK-PYSeOA?4ox0{L#vFI{AsBMqAgt zTk>1)a0wY4DjtSlw4^iupnujiZnD*0azNFsV94(IXK9``-M zr`S6T!p*KqBO?#i6OLGXo5JlX$Zy{0BX`6qmx0B7&v(wz-nd{H<-_fJ@(eLswp~$p zS~VtPeD2L7?;f z1Uc6Ac>;H%_=9)6nnwYHQ(=MvGj(aveNABhT(HrVf=r6=!@Td3(}-oY_0@0+QK ze`#=+^!@QRv^l;ZQJ7uu5b^vqihC9TqP^X)9L1Yh0EBMt(ni`R8V^qGAWta~bbi{X zkA&_+`-6KHL`8Ob(7kOmc6#YD0c(CjqUzBbHa~-d#ztfYQHLp z0e*b&9ao1esrH zC(h9sPS5LMIwsdOg6br90ZP50*iJ)qBh~)#Iok$CMNwduEo*vhsvw31=|PtLIBg&XF-p<oWswh9NBH!w;cszcuiT2a8{z?CEd7t&`T4dL!`#OlAXsX2*sm2Yi#r2W_nx(< zU)y;=$JIT)A4_40Mlr^L#O}4M-Slzr+OYsKEB@##H&l{^25?{FU(IE{Nq61uU_gOi za--NEzRlM@J55*BGWXrTK;F8JW<;1Ti`-F=eEM^PzmV{zR)@9}8+SWa)z&25d}#(A zAtZN(XwmT`2BBYdw3{|~+L57*`ccTX_s70{;B(ENv_jy`BKgSX*WLoXV7Bbu7^WBCxp zM1N61G``O&l{)I<`M1p4m|!7cIMbqey{VT!-mAg{iOZVq^5QR}31L8f2X1Q4(FWoq z4y3`|{3%%C=Z&^X ztQl~pEt|>5!;tm(^*(`}1tG%-5n)!(8o2?y0dm%Ap_FLjv zzPLiWZ(A2VU>FC z_KWj*+#6Fv>tZA${jc;~n*i}ih1@K>p`!i?5oa)JsB=AX;ELjS_J$CIQ+ZPfRt zYb75>=iJ_Q@%KKEenaW`&KJ(SHZ)t#-G7xe?LZ4U9|I{AH+{cazt(lPlYvxB=3efO zdRu;w3fGN&F3$}z>~mqmBKJJMuIn{p3#8F_q>AgWoM6^IcT1VuWdiibmaPlTghzmJ z`}ay&2+k*2LOu!x)Gl=zt4J~HQ@tHExpO%S60B{?Ao+pJK8v1^{5$i43idlD6b2He z{HH1V*t^;3h6Yxp(EKw5kyAHa9?(!w#$f*(jg{qaeLOBJHf#{9FF_S9A8A|Y=bj2a z1$Ls&S9PAxfZj+ltT}}B_koXvxfKtWrCF~0oSG^J?H~TM zIEg}-D(mhb-zBcaHEC9GM|RH>Erho}u8IMBPB!=OE zpRiL1x$E7#8f0A#`V*_3U|xQFgjrdJd(dDQ85Tg4u>p|y2!iwT@uzxOfZ%w7@ys4A z&UEp``u&OEVip*au8RA6xyx{GzlSN%Y~ZAgpXi}N7d{_Q2YxMl{v^KhJqeZH6Wt*q z66nheV>Fv8=W`XA`V9+$0#id5?sFo-m``!eC|Q~#d0AtNx~>B*)I2j8!>!R?Xb{_% z%0plpujtb%w!>7PBY3%@q)J9_QO-NMHyjD2t2f~l#ol+UoHZKFK0>k4ux-SqW$+FC zz27t*8nhptyw3q@mS1d%Q;_!N`HSEBVM}Uu7+WeE{|?4|X^?Gyypb6_yxar(gK;R7 z^(!%TI20@S1;g(cRf4J;zq-aAM3KCJ~Hcj?wk>j1T1s_&HuO+s@zu zI+2`8KC;!fQa}7XRM`KCzMC&onGG0TXFnd0D7{Q^$X~@58ld?ajW`JW-41pO;t!<^D^3t%r+ z596mOTN5Rf@49d9euw)*{fthy9U~g;RH8C=XAQ$~Pyx9r^oJHe-heb8+=0VA!fQ>< zEi!ew2S1d&=5uO;kHb)@IEPY%xCRs)x#&Smz0r8lI&be+unyTV>3;Eh$QrH z6vO^=X`bLmqkID17lLm<(oJKf1yrzl7*ZkyB`D7A>#Td=wk15=AnlE66||iM&8A{N z_(xsNz0Su#NI_*d^|z=IW{T6Uq;+6Cq3VJgTrWIBy*@=oJ*x-q`4&$5vQ??@RBX5& zURLh%O7KESjgP`c@)WGoS$Wv}vfc{tHVIXm{bn=ztC8l@OfkCsDSE#OC0e*^{S5_n z8wyGq#9kBY=Ak|&)c6E&CH}y(+9H|j?*~hIA1`5OV^-%@d7xFUvj?#_M$c^!QW=?B zn!4BWU3aT*8z9(Hob4N*jurVtHz6^e-#sG%Txg$Ml&rSXyJcPjU~tbkqr24+CgUnR z24;`z%S;`pF^Y78QMYgT;S#dB9i#46SUh$2G@3lr=GS5e4LyQNe5kV{)~h|5N#|af zGn1b}y zDY#F}8HFtz)BZj#=wPlwdQC#|?oJgfxFLTHKK-5L!iEJqmmM;|60?WifD@Ou!l1z4 zZ~E@hTD)g5UUWg~9oi>{8p-9tExvm;BRIqHvPMR%|FUnTKjvn$qBA<<-oIW|3D99& z=O?t)2nq;~o*K^>%lD;1^T-bkCrOeXVR;KU6BX*LcYK~<5g&w&PiRw}<^1SKHS<0! zu_GgeD(bh(na2n4rEhh#w9`r2;}osJLLeeTsAyk+5ac)VzB2<2uee`MRujV$`rt4b z1=tCk(OreW{c?e_la`U2e<+Py*LU+m!NJ|>=}V~6dSy{?LWMV!uXeZqBHVLs=*h!( zv#^`sh<+%h9N4%|X{=n;mp*L~Eacmg{rl&y5qYzv=;{u`36gqta?CZTvYb=5wiygj@u zM#iLkh)z~EMvn$_wpgvI4t<{`?rw~rtk*Zm(%kL>1U|I6X0DNMr}wlv{Zrz8_8s9Z zNu0dgC-SCDofgZ^=HEW)dI*!X4S(`~VK8N2C2XeD{D1Cg@#k zy+suByQHjN&C$BjGVnb}3SIj`ZTevX%EV#a5wGFo#vTmPbpvCwgEbptaHYQF;EhNL z-X+pc8VssGmFaSC9VGkyvL2Sx9s)ES?;R`OW)rcViR)cF!}K)F=h`uZ7Bhzk1{+DB ziyK-JnO=@H{Nu{`%DQ~8zv#)Wzs@8SBVN_wGCDv=DebC7CDN>l$Nq+dMj>|azh>DOeMoA)Bh$j*)7KShFZMQ3H z2^~}u$8L(1e6$+m_Rv2}#~Ssy?T1{2OM$Ox^ZC3&7x72O#{63&rwG55GNrA7@w^Bm z(*&dcJZ)6c+1Z_YeP74@gG&sizafxLh%%YS+PUphU>>)Oj0bgnO=F!4V4y-S!$XmVf&{(Rigq3{gJ&3?nLfGEA8C$$J{@9V z8?33Q(|enZ?u<}*g3>a@uy=EK)f2T97{ux9`x|2;kBT>}oFEwboo>|xA}s8;6p)uO zrj=TR=j)f01rqZ%^v!anCcR1eq+^wL8f+$aR7 z{jY@Z$7sl$sPd57qp>jA#+A%}fKSwC{ks&?$J*nKS-<4yP5uJnJ`=W} z!nf5IIbK+4dx#xizVc-~ zY9gHzBVSI&=X#5%)r+AJeEbN|R+nVmV>2BSn}TUX&4k~lEp3V!g8mQ)HT@6PaCIlZLQ9s@rZlK$hlk_$+~0c>M? zNs8wV%2GVKN2DP&as>7UAx4rEhPM05_{PWfru71@FIGIQ5;9}T9Q%MW5qcoVj)a0<3x^wpl{ z>_FwoeL8;*RQNz+8=6`1yyl7)x(=+%+eev>gAWD7f%?5U!8(4f(^kspLg3$DEfPlZ zWxPy@BX`G|9~bH4U91ZxmtDrm&gX22^ZDAf?0$bm=g1UKhxd_*Ua+n+_^LO?1BZS} zoL?F3IbhMfNb8vV5on_Ou#(&Cjv+J2V%~vV1hf4Br*a zv8)V0*VIw>JBb%S>tY+!uSK^<+$$aj>=sUlW5g?Y{F)0SGyM2yKvrEBQ{a|oj>a1m zKBUWIU)cZ?@2*EP|D5R9I#74w>d6jepME+fS#1d z(pslWE4VXzK@lDlm&5&vPqivpfU*O53UpWD_J#lCxRK*JPpk~n;B24;v-L%bY#G*; zZAIWT$mhzQ!r<>NxeHGU1+qJ~-qeqLeD?(h0{NwFEM3Ir5mXrZ#4(TGn(@f1v!@%# zs3{CPF+c%b!0YMH*8z|vd3(0vLwcP~dU8co2^NiBU?ryuVqGP_P+`iF;q@>^I;ux( zV;ah2+wdhw)rQ>ss=Y~r@;Ia=xETH7KZh`3^SKP?)lDe%bv*wKXVBZ-w1fYU%qj^VK3yrw@dVYY3)#EyP{s8rxXCDz5D|(7yCLS1j zE3)lcu$MYCMNc+*%1{_>q>SAij?+MCn9-@6YINv5`A2gu^vX$Ik+EaHar4K65VoTe zaaFx#>|2sVUTD(;S~L)yfaJFBnP`P_PxufHA32`QU)jD%|96ZU9X8nm&n!I<)vBL` zR7th*RevRBO|X1>ns9{Kh=%g@IdYgb@Uv2ZJts+=7^=70x64bL{_J29xp`k7Id zE-34KBl+3*V4G}I+hh3~wAw#`O2LsU zw@=?=4rt$EtA1-ZT#|#jXITaM!k_=J{9H1>RKWg^~CW|*~ z_`6PuK|PvROi{O7Fa+lSWy<4@qPTM`od>$yrC|>o`MrRS<^)I%T8b_#z@V`dp`FpW z6_T)jhL-Y8we^%dAsD>CuwL;B-~yN50n4;F@9aXw@blWOyy^}@;v(#JChrc*9W?+m zLZch-LAW6mR@{%s+8P}%1yi-o@teWr;fY3vD8AmFetcaD5v9dM5A_RN0rp^7AM>K;&>2)8FeNT=&w!cv5YdhP>^dL?u`80}Fw?gzpu zq15DYu&xAWpz%0)_GeZ6J+f$Kpz%A`tK*F~m_U@I<9Avs}ZXcfRrBv_D3$5w; zmxgJUQawal;e3_iRdh#@Cq>YI(6aK}Yl$3K6x}CEs20W01#&dx>j$0Qd$e)<{&f}( z`}O`jg_nkV>;nL;a(Tx#{fLl(bY;GK!6LQ5+M7(%a9K<(+OwZnMd52N9#B@ zfL6{#@li+ng=TA#-ETb9=M32AZZElUEBl4+us(i)sBaGBLM5EysVWy2B@IURm*#XMjK?T>bt)_eQe^4Eo97@! zhLcg}E_@-|VDFK~Xnvxvw(#|HjZWu7Dxj;nPJ(x*7uS7d{OqZ3TZ^B2Jd4+N zR-oe04I6u+SN=&v)WDVu#R&5yI;X8%{IrWBPv`tpB;NUz(gJkM<8(c}WtPy`>4w-C zeOgwt4AjPC)g7Bg(z;WM%pR9PkSO7Lfo692$s>O+?!k54ZmXYn+qc(#YK3K0&s;e;9`gJbX{naD0%-yK)y5 zpCVjpwgZgIg*Vq1(B;K&8^gh7*!V0kADQ-sJ>8Uk{*Plw{r0guD4N{Ic7p~+I4%q0 z8N-_O(o~GZlBZjHX2?uhwpgl zk!+V=f2vz<9%L(>WIsY}NyF!)cvJh1p2*g%#f%w8W1_2&e4U$iX(`5`anSwNV-3*H zJOq5IN3hhkg)~F=C*KMhG&L`<&|@cCd5H9Um7dRvt_6Q9#mgUqMkdbT*DBRzwKzb; zgI(nh5W)UoOUnk=Q6)5aP_!=5CY(N_HFa#XKLsuH8*mN_y1O7GniZafX1 z+!r9$bb>_E$WU5PQ89rJY3F0xp*-3=GKM$aVEsT9U-Jg650sIiJteP?q50>;g>ECOc7UI%um#Q$644na{Ql z&CpP3xs9(WnvL7M9L9}K_}Ay2KCr!G&im*U%;f3rZI1{{?)xN(y9hsQ%Rrc)LBr6F7 z&9e;tKorp(ZT;kf4PSOeB?zQ%?z8t|Xzg?}f>TheCJZ7XT7_*ei4HIzwC=#OoJwz1 z=i7yEsgq(0?U2#O$yoBB0=*yx*5u$f=RI`Gjq6yJM>BlF9BhT<;!6v~&w=5ED;jVE z6}pf6>TXW_71i#KA66XG;#QCQLVByo1M_S;7}_+-z56t&Wk-R%93{=_y>v$dD8LPe zn=`FcK)Cz*0)E@KI}o#TK|g}yY>bblmWjYKL;3PYCU-jtymg<4hUm=1d0-%2AYCZ*cpOC8{)^(yJJSoEF2f5Fz5y0t_TiwGXx2Z_=U~FJPs%R z)M87-q~n^{b@zPTgG_E;KUIf&hB1wA1BR)^>_q2tRc?Xy3$h+9%rF%uQG5{Y5(P_Ibbo*wk?atn~R zOpH9Qn(hTN|g>@JR*1jtE^A1;Czj}K>r(IKv*c>iTb$$f!8x)$#j z^t7Zr_-A>K+tiQ$7>Fwdsv?~8`Si#MQ69|T9G=u|55dNWL=ON0uMwsR7A#aww1Qg9 zwqVInf^jz-Rk+H1xj^aCGrZxXixM)!Kt;w)e%!^^gF5bu7>wOO6@?SpciV!uq}{J| zCdxNyt5a!9*ayM(GpPNwz9iitjyyO)9JRYwT8KUEn1nbYsqSyNc{w{NT|FQmHYNf9{FCIIdC1&GfuN!Mqg)y%@ z&O@aETpj+lokR>#*vCU**y3W2^tP-g$vw3Utyy4Q-Mljj0C}~TOt=1{ab$VFe?||(hRLs|z#8YDsnr##TG)7@2BMIerS)bRB_%&@R*hb>3!6iQRxg+d$&VB49(AmgAa6M}c z&8*ouyhJq#yS(l6JI2*hvNJS=7`~c<7=+gh-bGPZLv;y}W%H~x*{`1YdSD6KuPD3k zO~dzw8~|jz^G$|1JZ@Rr$V~(<2ce;a#5YGRTZLSzGm@>=I%o%lkOQ$ zuKq!ilTG)5@xfmBWpoR6_U(E6CXsg5m)E)x&~P*@UxeCC5GMMI9&cv2Bw%Ez$X|vp zdSjy09Bp# z07ik@{Jbf*wQ&wI2LEhyGb z5xhN1OzioF=-1@dn?E|nUh$w09Mq3^%))0WzTrUj;uaZkSOUzT@}#NeU{%pDIA8me z-ycknZ-4fc(}=8{89+(&e!JdO-_Q{jtUnJHEx+da7GPNDA<2~H-g$UAw*Y8f+ijQN zF7k_K_Wjv{8$$NO+t}0*udH6wi(dtgRsJ{v^*f*8$}OEQaj9PRX|Y+|N+erIr^xc7 zX<9R^y3`NQ)a3X0MrN0_X8FS>n1L*A8mhkrFj}y^C_LU>HaaofS>e4@*2d21t`Eb% zL)zE9?{8vyt(2m%!5*%krBBxS;9#YLejXn(bnD4DV_pS#xc2^}*v})kj2~iq_ot(; zqq*d5XPuS3I0-O2KY?{a28eP?af#Bwi{+5mwwklxWKBx~XH^0l)+ccWSIWNoAKcPhfBaH?bG^goWlwqQU^4a~FkS&tB60dtSEPQW5 z(|q&wH6B7utx~RO;d1-hdTfqF15nqREbOnw%*h*+NV?tbioqQNl(7vOP+rM69}^qK z7j4D|PlEr0%f0!5s&Px4ta*ZQk^d`SW3-~ji6W@=0U+yv`LSk$%@Cx7W&8Qdk>`WL zwx=a%z47{Ovwk;TjNmL(g{7X7=xb!s7EJdse8RJNF(Ab^!#*WG^3@K|CI=tg8WDmB zRJhMksO1Qi;~Y|ld}uMtry#fdXg^F}^*#&Yh2bD@+?Yyhs*XtrPDab>{|DGVJ&B6Z zE&9XyIZg;2&-NVo?|V>wSNwVxf+@<=w1nd)t3tBa6G@2D*s6LK-D2XW3%N1!vE>it z%YTOnpEA}b?Y<}dHq=+C$t+(#!(S>J0yP`J)OI95-PO}IP2u(?JcSgsb#R`joMbCF z$7RPW@a*GbUn-L9aJVXGMK;dZpLrI0c`kA7-Hza3Ou8PI*+gF3y{0ByFgZg-2c-#bgVy*rX;K1s4tDCoE@^6i2M0+ z-{l5Fi4l|j6}};-O@JPfJZMkOf@fPp zCHvn0rgL)0nNk`~Ey}eAlJ@KC3G{=P{rEn{^};V!7Po;p|Im~qo;{$y3|n++v~Iu8 zmp$2|OY&vcXer0FCojagdXU-!y?f8TFwKrm-+Dp36Mc{zbx-xW&+9K<^SJC^k1D9l zgT4=@S9nlM>K8}a9(~mB%VmUjXW~KrBt+%kNBRiN-|BA{ z@E{(=X+Dzeky^;+x>}3_rdVZ{>3Lj2^a(JGsWRYiSOpP}LABhH&-nvw>m}z;)QQa` z{j~m8E&w=v)V&y;UMpb5`}w#8Wfv>I+O8RagCwUy{o^x^MDIP3(N@C8V``dfoPfxJ z;e<=@gXb-pwXB~VtAgs_7+*h8h(~`f!Dqg6i*XJhNrwsxdJ8-XlFt%FOWF$a{By!BD5mPgu3>Z;XgXahdQdsibKUL`0ZfUVX@! z;T;zyaW9?_q#$S37t;&KW3{Q0WL|DLa(2ahnH}N(^+EO=M>#>0`+NxpgfHgc!Y{eg zb97NSP&M4rnBX7v`LrRM%(9<09WtTy!gkohn0CCa%2784G z7OgR-_}_^v&mX}7yq|&T8>b5Kg(Qp{7ai9ZMcg{Id%<@R7xhR(8F~a|qE&q^F;9~b zF7y@nn$TX#EM<^Mx;{$%9Ii;XE3|j6)}hB31@n;Hqnt~Xs?RR*pL7F&T=4!F!;`-C zA86}e@gq(^-NfGwR65Zty?jp!LtJeuP{b*Mi-s`yw>a2M$vt(7jc^%1;$16dRQqg4Zwi@k0UaDLYW1^e_TMYQa1pyb|3&ipJ`=Lo z8^`?e=7Q6CdkxY3)jwdO@$|f#0rE6?-qJw;g4Ms2eK{6qN(Fx2cbw;8uVE53P&+?l zW$dc$0IrbcN3I`#1Yxsg(JzccxqyJ$l9^nl1xa^S`9z-L;&r7Uy2Bc!WwsBPx04i_ z`x}3ZUhkbfGZu2TM0lel{YZ4&nL=fMKxvjKS@XTzTQK!;27j!OHQML);5$!L z?7wQLD$t6fE-ZrbI{oE|YkZ_sRdPG#PIqrwiKMN^N z#UJ13`T4AykJI`Z#ssB21Nm{dUNQq~&8lHWQ1%^+LNGEQ6zyk0hYWDZzV^+-54uTJ znRx>;>q2AGL2MrxphLE3IZEHM@Q{mVKy&9Gilbpr_3Cdv}QHeTJcpS<1<@_6KK6{cWL*B)cY`t|D~+xtqE z8r$a*EMrCJ$<}F{LC-Y7S;$m?c9A$2MCX)Ty%OLIBQr@KHCz>UmRKK z5u5{{i*K!dz_(9X>M73yfzZSm~+SZ%aHo7-p}rfA@V>dEB%H zzKFlsQ^GV5Z8p4sECaIF;ScqYSo(Ya0IsDx*zRN4cgJ_-9oeK9qY?u0b{E8s$%a~3l)KzlN09e zd0d^x1NWBrR3_Of=x{bWLCV}vx(8OA6!8s@kz3h1FnGnc?Z{2rx|c4}II~GiqNGUI z&P=CI^`PB?N~)j7Utzi3!vMB3X$cBGoVPUHYG5>)2_d2KD7;1s`?kRMlPYW%ZqRq3 zg8tMBf(fik`-Al}Tt4it7haGca?b;LpR6kyc57uQ;<|sU2-Hx3U<5CHl z;a2WD48U;ThthA&YIyuCgS!+L)j4|9AwUv8tzW44O}HnzaH)FX zTdJ0z*+_sa?Z!gl7bE#O8<&>+*7Wy}fY7fAieK!ph>O=UhGo z|B_}R<@~Q_Jhh! z!FhX#Dm}I9G13TDz1fC#K(WV$Gq`hjrHTpue)fczjb;*VA7=g@T7knSAY=ArJW`nO zOYuq4Jo+>9_c`1CQu0ZqxTm@-C|5<=jn@Lq(4tDlHI?f7LR^tSX)`ARo(X{yvTYZ( zQy4jYGOB4qQbv`yzw!ge%g<1L{A;_I)}*`?Wo>}PVQ z0i(*W%P%8(6UAw?mc+Yy&Ei z3y<k{nGq-;(_!FYI?`|~;4siTUboaRI^9&`O zexfCydprdg?(r1@kpjVx5_zKG!`uUsto(dQnp!^W$}$=>4gne1V6EEA_GXZ7Zp|e) zZD|F>(T8>47v_j9pTg|-s-M1ndahB-Y;i)zbqrs z9N@H%S$;(JFAp6MS$)ydE`k>K#{JV{i@d=Uvi1);cj$fON;P-Dizv{ZebDrTg#x?l zR67{)he9bv%EJ?T)(QJ|$Z43deX>ewTt*$uIrGx+cNV zW)-1+&7xU21v?`3d)%O>{_R_as6Xu=RsBU35MPDza?0fB^*!JCeYecWWZ9ly{wMKl z)`H1(MZdYnNd1LM7sv06v0$qMak9&P+@#lH1KfmDK^*}6zya{BmeS}&KE@8JDWo&H z#~(6x7j)_#~Yl%JD(cJ`SDlo)PpYzSr^m?U!p!`8SlE6 zEcYXQa6i!}XH&>u`=Ev|kqT_qq*PH!{1xxR`_`1(&S2Z)(M`z6QFH}+n zJ`pJr!0(qw+d7@}q>_jExywg1>*|HPn9@XaIq|i&q(^Hoc@NwpQu2E1gC8ANee;+X zhPqZt!N2L^{k`pqEexmTa?%gMp^Oib>pDjbzw~~Lc7KKM|C53V?lwH4tAd$}8QI}s zarMsWCztwgSdEmE*sg1jwyZ=Jll18z3z!jjuPD~vZqwyQ?kfeo&q9l+amoJ8wsGM% z$(Tz?96vdfD2=jJTF*3Co6>n3qk>PLW-W4XD{_uAj83KGyM7KNcB~e67b46%;>z5W zBVWUM0r{89$69|9^tK*dogS6T8>jq6^t9scnk*`uPj`&1K6V$PtOtmZQQGw zy9Z~b9*^JaaiJgYsqbobj`yvK*S%}al+P_Z;Lk{oPo=fY4xA^9G$!-(dY$9=cQUtF z`Rmlm_gmWdk#U)Gh`n&*D%YlJfn>iFk29TEuOiq^@lBR{9*x@`fqk0TI%kl^sD4^t z@`x8X-iyQGRdOuvPe-$Wv8?*rLwR%Ij6u-8XvIG;AU7>B=ky_aDc?HZm5wR|0?O-$ zpLIn?*+NO?vY`pPZQc;XW<@U**xleTRxE9zSJjx=GHy=y4TGMM^t?QSh(-IUbf~`A z&Z#lxuGgeHvDff8p=}3VsT@m#89G>u6&EjrED(LTyMUN6Q zFe!(Nq3m{qrvg)msDw8Nu36?Iox_fwGN&y_bpNrVDAMSOWMCK(g=HDT*UntPG>b3$ zMoC!oJHs>2!4b>4#r4-v@v~NsIeNQ6~$ec45G`pFH8N@+pg?I>!p6@SrV% zoJsnWo}jy52_){yE_Tmi0Xz2Y&oiH!xp` zFnx^bI^^KD0L;&mg2+=fJUICMBx7;8m-|IIQ=IMYTU!pZt>V-8fJBx(HS^<1U|NUk zYbQK;x^pPr*_RJ=Oq2#?6i1$LPwo5TvMRY>!y=zm?vl)x3{h0Rqr34-l{-at2~~_7 zj(d0l-#pyS^0E5Vgp96nZjW>}?vZ^Zhi6Ty`ck?sNLx#R8j`_va3l8QM7zK7e2stf zeoVjrg*+uW_D$mQ70D8*joH#l zzvIhoG|&LX%_do9bd{gKFB2y$I{todISw%~l~r~?8Ry=PBVS&1cM2If@i-S zqz51Hz#uE(dqzW`Cr#EqKd@8LaX*0oLhn%IwHDk~A%j#d?G_K?Gr2T1ALWI`-SoS; zXG*eZAEn^G6g(#JEaa!pWbCVI=u48ZuiAsh35&DB5&)ss&+<`ID`$95%7Q(BV@YAE z#M4hFlgnUAiEmAEKa=B*1W_pGlg#^Wr3%h(zVzylIu(6tG+`Uw7D-M3U$!p4Z2M4w zsh+y*QZ{f%xLm#}@6!(m4snpM3Yzm@3GqQqR=(f5#$29k^Dj|)z>r2NKp?qv%88id zi2c&qG*2>TofMxni4-l)AP{5q2vWCYlJuIkPZBo4z!8hZjE@b1Igu`2>jO64y#U?2 z=-9onVEXld>pXCyieplgMizy)QXUTXr0Nycie7$-UX9JeN66`O@hpchl6gr|M>MAg zciRk;U_vFj??cNG3{o{Cn4}uc-Iep3FC@T~3UA;XfA6)Dc8s`q^5Yjs{(GCzPDYKQaVi9!*cu>HXXx zetbxuQU*AU&+xPRTHNvXt^4XNT~*jcW!dtP?MuWHgt5xnO$*Mg0b~M42%RuHyK?L_^`IY~ z38_CrGvR2-wIK(7;^TcAXVqrSt4@mvVFxi!CP^SV%9q?*k$|j%Am9fm6R5 z9L;u3t}>5KV>eGCIk;#pAG#5It7TRnT!QM3MTPIKt}3FuEgOCF>pSy92PuTA!Dxyc z&j&ZG(4XVj4TxhnipS~!tQ@SL{2nAHw|{TyWD6!;80X9Y^a}Hp7!s;@&E9KAJ>B#3 z#o4C(ySJFm0$sqgOc#6LFX}T+u7hHm-e(B>W<#eozC>RqgQ#wg7?>M#!_ZgyeOh{5 zCZ(_aWowOh6vk&j7^_BoYSzIxRkOCOcl+Iaap zN8(5YGq*Spf&5GNzz1BkOY@Fjk~>>i`;fv=6f2GHd!A`PY5$g73|254W_{ZC1%@ph zp3yZmm-5R|RTFvj+($gNn<pN2h7Tg~Akg?4Q#XbsJg-M%dH8m}^5k|bU(kq8cAdz{f?ul(Q9Kup`LTiR zFb)R541A&RjnuDl_Ookk4%Pg@zGTeTzn-mZ=|>|sSxOydN*atvl!qKZXzw->DRn{z z8wGdc2ceqI==WSPz50C-N5!r`vdp$h*XxA%Y1Y4F=U$Kk#5==w*sE7qFQE$J@8-#|_Gz5H)<|*_`h1c5YwGG@wI5Xdw7VYSvbShN-3e*4hBM)-dGD`3X?mOq za$_+ID7}6YeQvE#sDl)eu&}@C6E=LEFH1q|yU&%Aes_AFQ^(CU(1h4@uqIl5&>#Q{djY6 zuif#)4iSs%B6;`p`f%Pi)&{EGJcfQaU2w{%c7)0@=G)@^*Umq`2Bul5##Z(7@h(SkUjdW4uO2a%PofsDFDm62MZhX<$Ct{;8@1r z1MdeGK!7$W8eh0!t@jtlG9{?jTbgTYu5Agt&74=D!Mv@$DOWt6EOeCkhwu85`tdue zurF}fcc1(1THhrKMgAc7Dts((Gi#B!jBjv$FT10valy9;!IxMVuq@eU@gf<#ZX|q9 zRm`nxqHN7R;lGfsF6OIYvMsAKpL zRr9m-xMG?}N@llfg~Q!!P%VF2(7SEzF|K z-H*lkRNJ|$;aRijA*MoO8op=2bv>oUirvpBBq4SY*KahuZ-eI>rTRD&!iR#G)#XSw#9#LV61La^?bytUwU`zZ{Kx5N+A>5d`^Xj@Z)}py2Q_wEu<{n$NE3gU_CWKc2TkOzniC3!`U*kt5$~4* zz~31T!AO}rq%B@_GOlc%yI6=>Wq!&od{ewJ@;Ii9#3~AsxEx)1L^*icp=TBvdnz&@(}Mv8mMV zz3C%99d_e!9!Z|?6zjvBe4pY@4#B$W^Zc!7%cPQ)2F6;TrR$Hr?rA!c{|gOD$+)Nx z6(7&>6)3u|uqBjy)GiGTmXoT($d&MYjXDE4k3TwJx4tq^pg(ncGra;9ATdkCt9gC| zw6Sq#R953dF{aZPQ@vi@v9tIX#Y+PxO~cLbJ3I9Lw$TmI+;tDPrWj+2DELQOoS2ab z)fKv4t$q9QSC$b>D-_B=#uSTwAvM+^LsJKKuA<<2&PU(RX!2T7JQDj_VZR$u#iL61 z7N5pc{UhnRwiMO2=r2hUc$6p-B%{2Ef|4Xi{`#I&-%rfUSYZa%X{PBV15(!B zroPwjjohunWATprwANvQT&bmaIiB{lYS(i_>$9J^D!%l%n&?!#zEgKN(ZGq%!_U1vFImy>*A}_Cl1b9!MZlwIsnw9HYKBVvY-NQh; zf~{t7Kw%Y$`1f%q%OfQ8yB2s1DEP3S@Mjn6hv9LTg-l4qLYSuhJM0RS%6{ipyF1!Cg+5(v{$^gyl~0(R ziM@v0Z+0tN_ry5t4_}#{UdfsJ+|FTj=Mx2~)?Y+t|Du@Gg%IQQS9|*aHqTWMVXKkO zPp3G^&u3$udBK0A%K4{!kJ?u)7n?NV5YZ<2XAxF{^0vII3C0H<{H@ka<$nO#G$`mH=>+;K-@34EPr-{1ZAoS^>$Lp&#uezm?$d&O0Qdiv=U zwDupZ*O#Q`8B((VYjjgc_%Yoi>hRH4{fKgI?iK}h98e|B9|c&X5THWxd=M)XYOIs) z!y)o_yoC?4h81GBDArYM!7Q=ReBy8N)41*%Jbu7;?j-qPl;4jm!U16El|N*LPTAWJ zwemO&55eqLTnOmAP<5Zjy9cHFJ89_a}mmhVsf=2k3yM(mjEkJfk(9Y=c-!SSyVcEPhu~-Wg_yjxe zAigG#6Z@mfiO2w}U(6S@@p4d}>eHf`-Ug>j-O_MO)Q9kI--%T=hetKE>6A_6V`z5k`1d zsv_A&4lx)~Ofh`V8&T}@{Mi>?Z{KO?(Vbg| zA=u&^+LKWDH_QF_v^+Eiucc<*|BUC)%nBD6VA3xds@II#FinPb7H1^dQDzB`3lWFL z`+iY!IPPCZ68+c}%8>XI9tiI9%X1uW#2KNG*ZWUul9fl<`AEOQp^gNg!K8aHPgjDn zzjTO#F(Yl)6f)@9@f6Mie?;%$cOptXa0UkoOX>G~zqhc&c$)`uA5QCuDoZ93L~4^V z46!kHTySr<1MGgj)twEekHVKP;lbpmtSf+)lmbK{$`+|V=wnjA3$?I4wK9NXN4sxs z;>8Bktd{sym?tfywDCCZ194BeKBqDDk8R#iAItcZ@e4|%@c4^NCa{hJ1b!Zlu?zqh zK?APU6kkyu5M`ZEGeV8EKEH}Xwmgoj=Z@d&K#1)q-w0(DXzIF%-h`|YpRrI(qIaT) zWkfMlwt5^SNUwQjdx-`4q`rr$wzBV*C@FWjB)w~`{&^;HIDAfQGn9994*?3c37 zipgYuXXSY7>MlNMPHcnpT{#`h4$#0SBd_3fpcJNU!E0ZSZ8f$=IBxZOPw8=}l1@O( z{K8f{(*{gh`^-S>gU?kh3?+M1jQ2y`t7QU_@56n9ogV&>HXB|4o{*jwKDFFu-~Wu8 z!~X)hxefLp9p~FAS4F6&S(L7QCBYuc2-v2h%sbXibr@gB$wC}|)C-`|qpD2x6h8J3 zI2lVNRBUMF>7}vPr!JlWKy%b3Z`nJ6K5g$%+a89$3x-&J7W;l(w;k4?9B!)B5K3aj ztgLS;DT?KJTTDJ1xYlWp??rwP{rm##0=Tj;xGKqHTKtxalyiIUI5Sqqu8RLia?U(u(k||LvqD_iM zc=TFx4v@YHU6LiBkD60aM`U(H#`A#R5W%Ey=geXH>61t^zO8M$OUgbS|*r&30KQE6@uv)g*(ngNH6r8aV~t4nVW~pU5wOla+zaSH!e(2 zYGuBZx8HRifvwd6K(Sry_`~(a=XKyVz{dWhcw>SjVt1KbrCJjd>-wW1@1dAGFq!zf zUkD2h6d^j}!D>>p|LMZ9mLb@IAg#dOzaUlwvO>)(3_~M15)lF&_}h-IkmU>yNl5yf8^fC}l36AFyg&ck z-jqG+f$+3W=g)Y??}xl}g!H!=s2dXx`c(xy%xq6UQsC;tG0Z@bAB&?x2vh%{r`4FU zC9zF#(fisK_<4390RPp;PZA;Qqt2?*o8HctQEWA%W?vUS*7v(m!M=p_a<~NUuX#n= zn}fvJ1%T3|lM`{-Q@(H3kXd<%*EsIj6s_z3Nuv$nDHe)?vs=4ZW9x2CW zEgx5@+gGTQG`^u7PQ`-zv*OqIWXNyR7ek8v9c^1g#H6iBszEO`cz)&vD476^o)F!YBGuafncr z)t}OpBOWUQFAK;~V~{EmLK`9Y=9jx?Qn#`KYA#CfI1G|rsHQEA``RlB`<}4>8$4-~ zs9_;=`3QL|MfJV1llS&{j?CF*k;oj|3{D^HF8WA&Su&*Vqa^d92!%WOB#ogv*CTdmPE9KL7X@_$N^_o2g3RtSB`F&Bju-Vx;hnvlQ`7fL6KpETE>(P>V6k_yB+-&2GOwoHsa=dTU|w=zx`%!RMUPR56;bx zbI*Op{TT0RWjW)hcM-BKhNf%et6%!(>_Nx4y+APOcZ%*ap8qJJ_bEG-O;M^9nvR$C{SSuhik%KK2J~wjx{hvVz-y1eC+%1 zfF}g`eTH;?6{bp2LV{`;&C%Gu?w>c>50=4K7v?MQy_BAR@>v{sZ=^c|30cX0ep9am zH!*9re=7ufio2qIXVZe!%4Vp12L|eh9-D|=wXXr*c*lRIz&CHe_!Hwo4)sHWI*YIf zN3eI?uY4LuDGT8W8*67U{r|GR3~$PD;g$XZD{k#Tp|o9%+n$KM=b(QrST+^t(-YG- z7b3bGrQ7*b2A%UFZk24MwgNDJwV||S+ue(Ou$0B!U1jyW+rhIF4|%EZq^xxWaG`21 z#>91TKy)~$lrtt3e<1)Y&-im4#zcOj^jO<=`rVP60u*iW1c464m7$6BRi+mVMB(;2 zT14^;_s#glvyv^Q@V4Tu@1DwVBSIIYr~e9__zi_wA-z-7Fh5*yQ#v?vcc81B!B53P zx1%$lcdZbA?Q-JaLq1ng3XlY$ET$Ht#bJqn9iPb{pNQ`Rxw4FrFXxW0j4cE z@|XL><+~kaHI2Wy#Yt?_m%8pBc_g#y(~e-_5d_u8Z)%TaJ-#??TDxD825IHsV}9o< z7Ja4v5S27F1;6B$bTz`j$m)a>ItdYT@{n6o&BCl{v=JX7IJX#Y*(3kIA8aST^VcPt zjP2=KY4zv(4%JV*uvAQv1`&v*i$$}&a>!wxSLn`pvW1{1{9IeVHSag%ew&Z(!LI5s zmTULKdtY5yE#gCu@_l4qWuu)mbmXoaUiismovS2z4~>Smb;m0OH(v@+s-KRATcd8ERayj}QOaeBgM1=SHL@7(x;@jYakAge?E-WEwL{))}q zE%`#}#DGwqMnk95?~2*cC56{XH>E{lA8*iebz4qGjni9sroA;{yOG&PlVL?V$~uFT z$Mx&iiASUwa8syem->W)=2b?$4t55x9)W-i4)kAtt{)GsgSK`wkuYS?VN91iHfWdZ z)M&1s5{E%Y1ZS>{<7!)cv4fJIo7O&WE{px9^wJ z(*A&?J0(e@~K_nVEtJoTz&xpjSQs- z=w=)XVP%E7>=dq#T$tm+=k_i}Yec*n@*2fuwWZV4MLrYl!}b8(L;w9ghu@>;(%3XX z@&P;cOHt3MxJAse;^_1A-RF`w0(n~;lY5&#ZU;GfjaFlRZ;#`FDv9Gqnpfa*q`i)K zzlS8F*4G|tjs_!MPm2XrHTxpZ`FE&y%hQR}1&^^$%(A6!L z6Q|kfzyi5XISn!x<~0Bfb3!fpc4zFAIwEyc?qucNVF(xM_#=keQbqkP(7*vxp?LyJ zXWWnAeRau54=rG8sM&^K#kTzkf;(#V$My;Z0u-+A1rjWF#X@GVszu(uS=Ma8oaSAK zWgV^QpSoex09f14N^n}~9eno<898wQ*dh2v z(rXgFY+ucg6tPAdc`YmhfT;cXbR^sZ)(KcRd2#yonH@o@_tE`_l!T`}?@t`auIJ6d z5to=}L#_~9OG7arh3af)-2nqK=9sM^;7yFj-|_bbqqp1RJ{3 z#O7Z z_O3qE`}A@pa~i6Bl^e?ltr~t`J38$KOrCm4Z+CEIXIkVYaUZgWYklLt z6iz^H!fD{gv_x`w$z^`aA|z_Lt7>!c(RUdQ#e_C>G$a=6Nl&@VIp3=vyh;||hFia@ z3Pk2-za~8XfBI?cGysq3v3iFvOnCaQtM1ewQ^I&TAsY2!1F~BWP+3_s){=Y}{R9`$ z{;}LMqOSyOHGQ()_^>2t5Aq3)YhI-z;!$R|xP{cL_8 z_LG=C7YPxLK)lfGbzD&vl*%-`)7%ko0trx1R~Xp!1o+pH^R=`7w6@0A0q>zWDFmrD zE~0#P)n7}G=|mBW1b<`;!@oP_YzaiIiI=XC3a<5^1NrAF6c9M>Woy2s`Da(Ts= z4Dy#BY z71)t^W!L)`924kupPv_(#5jr$T%8wB??j&8-ay?@!`oiaQ9)bYet&yi(E&ZC`+c>C zx~Vs!oXKo2`7hSbNV$kNMe)ZeWemz=^ao(Z`^h-Zu%_etmP^$QH~1esMh17Gd&qyqmi;THdh^{2DLQKgQE zQ57Z(t1t?xHw2^uEn$V^dQVn37&Xk0yJP4dAYn_MZVyjSt*vQp9uw8?_+D_YGCqBZ zjGVmpx-oKeGN)=bnPT_ZdIZcI>d!t!9sNZu>T+Y?*@@dL zE>ODnGi>+3V@L&VC(>`Bz{ccb6Z=JzICK58I0z7? zstr2`aAGUy$|a3C23~h7VG?eMPGfhzt$Ddi*#nqTb@SC!5jCfd~JRgeK_s9p@(YI zZZ`d{1(rN2j> zZ7sO58_*|;?)8xJ#mPu#G@u!T`0Z<-1VfoA3LH7a54cSjF~S~2po=icoJP^28o`UJ zB^|ZmZ_$f+z8&aqG6(a6;(ypPhd7UfuRG1l={a)usNia$_<0|^2{d){Uz+YA8gL+9hPiLgH{`Ui(@gNil$UV>dxD=ODS)Pa4(9i8`P7 zEFDTFfmG6YKViz3M8-8ueT)h^YDt&Y(<0*=&`2yT0(e{3R7Tw zmCSyZ(L#DvyuRt5II;aWfO&a!)BA0?$@i4~%Rq=wJ6;Rlti4C@HR|ZO;!FiD`PS;w z9iaZ`b6)*O;}^;yBCJ52mrSR3X_V^=LkY)YGj@`>OA?|YMPLAD70B2*EK z&-nH@c1(;-d5&3g#AAtO{{(8zi@6-ue7T+b&uC`hrdA{@G0DyW=F(h_PJ3mzt03N= zpkaI%J7M@4rGQB!4wu{s)XttttAm-UaxiK|t5=x+^eaMB05j6y&T4~DJ|&{g<@c13 za2+aI$U@5Oe%nPC5~Y`!S$Z@`HuOIp-{D6a!<+}w^07^dba_K8jB__U)RVxK#&#{4kI0%!??)37ecI@p2dL+b2gq?g4UXsnD=d zrucndNXZ4|v;Oz+n};fduj3^u>xNn(vv{2E(=GNS&wF+5y2E+Sd@ngA0_wf7`WW9KlBFzH0nGVwzx)Q^_(oa!&cP+TbRjDgE z-2J{spl6;?IDB<{K(}h|B8PV@1R$oBe|hI)6ZUtxkF(Ul2p5Li0S4BR7(rVZU7$eP z-{r4Arl3xq@_E0CDKDEdZsD!I780Kuzb760Nn8K?e&5WGM-hsEOjLa)w%v~iKz@5s zozL=yxxj;gu}lk@YOmebCo6bK9Os|Pyxo4{tmGHfI!|3U?)weIfKMiOJmG>WTx=EZ zUY1bFC0E~At-{bruRWdd91}N|U-TEh(~qY9`FtNE9`!#atUmxcks?TR$bxKq$CuK` z%8};A4_`~z*Hse6cIG@h$>Y|Q)wPHN_7Ika*FJuIVVl4^?=^cKo>zAm0TDC!&|r9G zQ?lvDh~rNMgadjqAHNh|s+XQxB;xdbLD%4{RKro8arI$oy`}R63DI)j9v*eye(tM8 z$?2Dk08*Bq=2(7JQugLr_>aM@~8d3y?%jFB_zMzq`zP+>;8tbeXb zHXvkrH-=Z*=Fj2<@sUvWZoFTO=F}4q3NA0@2Yl!o$~=oXr=11gRS`IaHGoPuL?4-3 zHJF0Bepcw`f4%bevKuaUVTl^njNQwQ+!hjg6&CL_RlRft@7Heeb?PgA$0Y!^<2jtq zKA7$;TpH6L%az3e3kj#5YaU zqZarRHeY}K)!GZl+m2YeYf2{|gLL=08vr7MQUtxqCuP%(^yWxt>bJX7pwbG+ck&@9Y!(4P=@4jnbq~q5K#q>Nc=UMO$_nnl9FG%FOfhP0AL6 z>_^%vC7vTq)Wy*zniBDq60$kHmsDxK=13W&M1)T{-o& zi8i4g)I#V_A;GmqQC(gzRxsgWm!l4p&uAA3a`rUHENMio;SAA(nUn(Y`Z-+C|5;(8>(mn)5k**+(xtV$3(B`jE zWK=VtZJn-DNI!YJ@}>)idq+p^S?3NU9=JnqRN5ZKIbAL^c9AxHb@^WX8I|Oa?e}eu zv*G6K-Dsjy!8;3TYQ8UrZ=G?8dzP*V+d=+zEObcrJw^^5Pr1eN3)JK;)#QRAzNgwCHATpsB-=h9ctM4$hIU+BGSj7geWZK&o zg?5JN9W=_`mvHuryxvLt0}+II!cXT&O(59e5}fdV-{S z1(czM<)}E1$Ex4%-|KgdT7H^G7MIqpS5`Xbj<)FWhuTlAmZ+8W-rmndI`9n#;jx@O zzEREd!CcVOk~JUR<`YLN>nnWw7eF-0ubjWfD6sRCJ18E6MSsum{ziejIIPzWF>Q@&U+ppxa;2OMiW)V&yXDqknu~EgaGn+xrc{bf9Fro zEeq9GWtpBI$>%t{(-OkmsZ$w9#`A9DYg~U>LjvgA_dNh>%NG8=w=~Wll=Cvt_Q(uhm*$Lr^W~~;g#mXRu z5-_OZa&?^p)Ky0H_7(x%#=!sb!LVQC!p}7vPmpp`gHJs*uKbfdI5hGn z)L4%p8kbly1e9pO#cLT|Zs{!XBv7k*EP@^nIX4G~%Yk|C0Z4q9vY+FX?R7oAC^7UkU_x-e4$#e7r`hw*YQ)AiE5`FiIOlBuj3^@P=5{^#nBqip>&IC z_u>h^UhX9AG4FjJwt2Zr{4Af>w?ruK#G0E}?rH{n*^W0Muk{pzG9vZ>A_0bG{XLEF zx9WZ_=+}@ND~prtp)w&RK(17tzOa=Dbg6sLp{ezI1VAARkGSa03n9N97VG51Sw4P< zBke&8I(A~$wENHAh!#)L{Wp~M>wbm^6|kNs>?UuhhT3NQ@D5)nfowYZA&AQaKQdzx zgg0g%k8Zc`FY$S}k@YdAA+zKX7MyLraAWC|gNX3tt?HxGc!VaxAnnCo{$#q#+1eKt zG>~3%W;{bjc=W{z)wuMqi5~Ir`sEC0;AiQK?b<;Y`fPLY^jdE$_ieYUjSh8gW`O8= zOYOT;lM(WBAA}J7NIz<=xp(35 zn)H1!O|53yQ}Dx!mkx|!=`=&t?fJnB>X?ieHby%w5uDMhMb*Srw|21$vLrF%oHi`|P zVvUb+k_jNTBsx{Ppmmq`ImzgwI=Y%ZW~L;b4SPA&hiy6$bPqomYlgjeui!C?U=Y;T!yeB;K6~Nr-+kHtSPXa=b$hcu#mYFAY~YIqmnsl0nx@8yD?-y` zDbi9N9|wr_>?;=SKo=M9ZQwuv+tSk&X4j@YB{GUXc=+^mlHbp+o`(vZycQkzadvXw zE2UR1KMyjw*xwDl(4*OoHKlP6%ky_hB^1pCP}(Qm^rHEdvR@a@G~NWe3B>2=sk%!k z%#NoMkC%qNa%1P4wJ%6n727?>m&M@;S?dfwNUERXxYxP`g)1+=uRiwF&-JG~IfL3e zcJI%^;vXcS3T3X4>e+Ie3!CiyY|rmcSwL43$JJi0a*3ao(VGYQHs**~V!K9*Q_@A_ z*%OHrZ%Oam7{jFtbqF^rBF?7A8oSDnP=JcfsIXLtPR8&!UY*SW#6(Nc9Tvv3Mn76D z&pLuX=&;~aPGL(tU#pFVT{nlU?p&!2@;+Ce^enwEWGbbJWnb^XDQ<*yxCItrK(At7 zPxg$z3!*&T;Z+J*Mus~g;+uzh9O6^>~SZ%Q{V#dqDuB9HkHlj$8w9)ZjzXCiIYf3_lsP zI(j&lTv%ZClGj8Biq{^o%y7@U54;PpF5(cJBE!DBeicGmWJBHZ1$(nu=7}VJh+J8pM{1Aj8z1EiDT`Yw z7p~s3NQd_xgeYMIQz-T2HEF%hCil1)a+`ZR$Zua5KD?HF6`ewp$)Upc%^b_U^0)W4 zU)-Kg)f4c7(6>GHhv9)?gh#EQ8;}e)QHkG5qR4vGGXp6QQ0>!nA*99h?js zhV8e{iNjei(=`zHj9Pz|EfDdkxoVpDiY$p@!*`~2EcJcF&|4gzl-+B_IfP^jEW1Uy zt`D*V8QcE<-}r@s9Q?OF z!VLadIbC8(bx+KC7+L&&1rOuX|Bv{_OKr~)w9?WsH+E8}3$#g`U-FI}@#ACxm( zEqoV4bm=)*!3^LPK(gh<#Ba8JoUC)uI39+F5m|H4w)u^C$M0W))p}1zo_wLu5%(2E zf(buwF*KG@K7v#A+ve|lG<(O*!-|3IqFFwx)@!GqFwH#Q#<^K#`tB zNP5BIEri53T^!c3a-JF*LAx>feE@PI+VkY=zL$YQ{Frm9$TVtnpZw8H!k>PAgh71f zc9#TY63z2zKh{=_N2LW3r(jce`&MX|y(hpX^O0DaEIwD4u6qv3(MBJ-X{yWl2cUWv z_ppgiHQI=3S>vyOgad@}g;1K{T>}|Pb^8RYqK}ZVp&_@N`l{v=yP1ED0PCxhj2AGMO^lPKZdy6j;Z}_kA zaSbci3h_dT;TkpL*`SSl)EAh3?6b&P9eYXFJ>su4gqybdo)_7*oOurc)9N9{XqdfD z$k+p5t^VvFn(AfM3gFQ%7;JbYrm@1DUg|?@fA)6ku=YTYq2>{+_x|t2247tdg@{pz zpjq-^nbV(X)MyL$PFA$cnNU^!Mjrw*|A>}J2&Z30crtru$G3jANe*cYJu56EdR#L& z(SIIPf%VnJnI|yHRr7ZOvN#Zb)pZ|2^DClbpc3B4oL7)Hn|ImmZNE_0*?Nd8tF8UX zbHBmwyoJ;n9+}_$ZrxvF_5nB~P0u_Gl7}EQg?PVyw-C@p4XQLQw3k-FkPkP|j>@Am zo>yg$dvUxXlb$;7z7OyqND*c^UcP@+>0 zlbrYGxodO^cOdYux(`R^Mdg(oZaqeRG_Bw1G4*i@@$Kc|cD8+)&_Ft!j6BXM9^|kx z2f|oZjNkhG6?evxc0MV@L45I%Q8$s);Egim<#8~O5Qb9Rkv!z2j|n4gMxIXZjp$eO zPccIkO*T9t=Od=7_%sayxV2*ZKFAFmjw=guuFne8tt~qQlu@2AOI#!XHMpy|#Z2)b z)D{BXL<5P~J$TN-q!x+wOmJPMJet9<-x_}*Ry-vObA7D$6qTOluIc%Gg`^Xuv4eEH zzan*VJ%KyzJOeE%MIU}4!AmM&5wXM+@=oS_o~&RRlU~@REI|s)7lIvo*xrnk0LG~=s1^2xkU4+i(u4Dp4u6YwaM@znX&Slj-?at>MSh{jmZEZjRmlbu=DgU)_;U3b3>k?MkCW zIgu5#VaM<#ToY<$yf!5tG12<45O~UzsV_2Sd3VepgDq6@TREzrX5K#zFyICGB}B-z z=EWUMUP=mv`v=NKpZr z$B2E%5kR)5&aQKiq)=>w+mcCHZBfN3Rl^+C+Luz7P5}Z zLEH7%6{&4Pz&-F=ni*FcPd|I%BW~D=<<<>p|7^=Uy}J-Oec?j9PJzP|sNvY@cKJo& zrXG5`yXNJM5s5#{Pzt>z=REEgXT45l|KC1+#x;+6xNUN{AFfd>Wa>A_lmLfzTdTd;YwPIyjmn;Q>C))xAQ!?(Y`(I zUx@W>TfO(@`ue6~_b!7^n+0d1IRh|w=SDJ%Mi@zNj;UXG*j+fC_!4C^J+t4(>gm(z z@Kh_b1aYLf*!TU>@Wf;`IPJNW7W|jnIDU3#h_3U9ID+V#YF`_sbgQO@ton(s1|55# zMq(jBaqWhcY$v8EV9VVf5aBGpCxEcd$Z>_VZVkiBs@vssaJE|@p4HT1W;VU5Zx1U7 zLP0qH+#D*)s0^ar+c**S?zW?ZqJVEJ9DoM(`9^|w7onx!;tN5T>vQ^SW-&wZF>g(p z;)u6n3c%P4&OXi0oEbdsG7J}RJz;BSKOq(*>?SJb^*4^d#gDf_4ywQoI~Y;Zu(yfj z<@s1i{%Y`WT<{Wt+YuFtJtv{K-+%@|a%kGyxhyWz0;m{J>v-7hzO_A{PN5dwMp`zZ z)>)j|rwnn)6=4kjjgZE5C;skNL4`eF0km?j$wFyoc*1)ehd_*&c_AnZKj}_(?~iZ- z`DU?nl77d!#^-Jcll3JMY{)ppT>850riSfgJjiYqPU@kk6(j zEDzyUNW!JR{D@&*L}B?fqg+1A9_<9;2RfG+>82XdhnVE5W4v^^xB--8!s}KXgzP@W zm$cTdH~8`(0es%SD+if*>D+%YjRe{R`XYeW>xRC=?6!=tuwS?@d|z2VwC?g(z{nu8 z9}bs-@h|s~&$Z*SLSGbqqigX|z&$YGQ{5aW*iHlijN{r*r{Y$!zI-9Ghldj79B(J* zAX>U+9A1m68O7rO8j>xOS1dT!w^RBDpm(HW_BwiT4p&Ju2v&H_0yfRAKdUG-VVjSv zZqcufg#m;k`x6OuOVcXUroJFGdqgXwp4lGq2Ky!-g)qnX2sRg3yNsxQ>Mb4q{K?4>=R3MgR9JbDmAdG zR#BX~#}3m}+B+x|^neF)8*cz1klX~G4CAU-lz#{7bO_}4i#$A?#pT$6D+f{=RB&#)%dz?h|;?_)mWv zVmNp~_Q$@pWwRWe>&%8t`wGL;h~Qbkkh6VM#sVF^Q8cwgl8RrtM=0K)>MMa^@I1#;eKIoR9f=4R>_sxv?K#-`Ic zGvc0{ICpKtKe~6EH>FF@v?5Gj=#5?4?_NB7Orm%@R#5LXT9Ril5T` zYhET2bZltjy!d3@mrP2+t|J)BBY9jJ^c`bEk7GRIY0mgPu@@_`%H7&TxXzVVPF=Ek zO~K6&96QtoEM6TtD+u=zu`n!3qSO+Ybr2>32p9%t&wFTenS0hK+EqB&4b%Gq6i*)S z`AlCUB{bIgedNP8p=DT56}qrVP#?59VHxCp`}PZxUKxlDti!cqD-0VNwtk%S>|mTx z5jmn&0EcBO^Z3aaz2tay@gDW!v~?k}-qjF{8%;572zp5C{MV~-o0o!b4n4}h{q9$A z)TPY1Y=#(Gs(!y1HA=fr13)zU2rxv#>=k%F@KN~t1gmU|112rwJ;0X-71Q7MYZy02 zturpKnLR%~-LQBs=>HN?N;eZ>z{UujE}Yn;db&jWPoq91dGHAo-*kawLRm|htGtna zk3SG#PP+l*>qrltXPaBRK5dSd2n@ZkRgplwh2MB>i#QU!_D6a@D=<*_h7Uvm_dl>j zr397ScHJQn>piRsT&X*QGYNg({V-B;AosLtxE&W%;HAI2yA5~*I3q=c3+sMi@Jfj0 z@2!kM>)*$M2H;^kWBv#(<9&3lc8uDkbJocoVOj2r>>s71_SkF~vwvS&7;#{xbI3Bt4 zF!8*TOXE*HD1MpV$Vz5jG*I}kPqCt;+-q(`e(nODNym{W(ZG5?YmkY9?rR*scVl5P z_b9=3=Wz3L%oK&HA#;wK$yR%K^Ck4BW4EjE;H&Pj?MtSr4c=v6V0s^DiLvx1DyHq)YW7+0x;jG|YL=WyK(1Okk0^x0}EdF{wMyzO^iI+IV8OL(V=8i^2=@=5g2A!}a-U|qxO$+iSouwPgJA?76tezj zvZMsfl~$uTqnzhNDax5qudT+h(Y@xogv1^ZB^wAMNi zn6Vj(FKVA>KT}PwU>lf!=$ZrO=m@oWJoyj!MwcpVi}!pm;;pzK0V<%A%7T zQLT%X;U)ZAq`oNny= z>xr&JWi*<^@8NC?pyTmD>~PeWL#G5tlkIx!0&-%1QuO& z?wz0UiO%}me;>wczi8k3(5VBd8IRzDKKs5>cegp&DivlD!x?d?@W)|WM9fz~|MKvw z3JBZIxLVWbBuqxjjBKudRcT=vB!aNhFIx6E2|tJpexeh~N@xvqg^^$43%!ikmP*<_ zucrqfK=aIgwRz$f-X)A@J{e`jZ7G>AA1i*`iOh*UUe_254qIB$4lNe$ygE|OYS}L# za%BH-NgB-DIi|sHDA=&^}y#af%=6=VkH+mcYxNgCWg9%2${bT9OwiZQ#ApA-oAaE%l ztH{3IiGrYl>2R_6XODIIp@ro{!lQ7$(-tRWBb?gqPC`xP@e9`y%Y1s~!6Vrx zKA~~7_h~qyn5RKr1z75Q_vz*`|8_vnUAcP`m1GYnmLmKT%;QzI?O>qE>4VF49AF)e z)mcaueYCxrk>NRs%#8fawCAj4RJ3q!9R(bL{YX7uz~X zn%}Rf!SsWBRzp7C3J2Uv8ZM0`r2<%@ViA~$X^vzc-6Y_Ic}BaW5dIkQm{_anS(;Zql~WVGu+)FSAy zff?YmA!)fs0q#PU(VBwkbJytd&hS7P7Tbr2wSlK6*$7Cq%Zu9x)*uM>lX{Yt6U%^p zPQzbPsIPP0a(oUWW3X8I_Ti3DMcg~P1X&4&iist$hA>sFQ_uN0-9mgN{E?uBRO|q` zx#Mg3h+aCcD@*I}@Z1@Za*?pbth5?A1?9H>o!@s%erT`XteFn;lgi5t0q$$kyyX^` zoLa)YLb;JJ4NTpwqLz%*6s0jQpQgz6({vyLM92>nZf~CzT&E6uUj3ABWAPGrh<=_C<;4hpL*yV%VDV&On~_bcJMBZ#h&#_+;lwOE z4-`E42NL?XJ$~^5^wBa9=3IrxJ>_3!cJ98+&)51Hs3PX_hU4~Wu_#x_^9VcJiWYyl zL_j!bP0NQ_YJ@%VZx434;rvsS-&qA=^jVm(uC`57c-v_Br;if4jjl<@mmE=Z3L(>Y z&4FSjYsWmTQkYhC?5)V2v!CYp-V4vBqzC!$GF?B5bsF{p=8$`DcrIZr`QBzC9U;bf zuWeXrm^d2W=zaQFnZs~VbrHaA`Wuk7N}Y(}SV>R>80@CRw~ti-SFkDed)<=|!hZH( z_CU77XZ=-Zf-WElhJie(JfE+H$F@YqWh1<9FNM1T=Rw(Hj$JoK8HDN2$C&GsUa!EL7Ws{cOQWLmG+^bx#2 zdvEpkIK@mjWvn$hK1@Wmd(pn%3wjsb2cc$9iX~4?>U`dZQI|DV)I1*tcj-cg^}Tji zL^;b2iT_G{{*4I)t<*xjG0G~vsH6(ehcLTGz70$=w3nt90|rOeZ)>=w^eGNk?kgnG zpADtjR;X;Nbq<$m?TS>Lp`_gLTBaKRX_tg}^;f}8q+@LsLm)MhOX90JP~(b?L&n$R z0-gX&_gm-4THeD>(LYn)T9{lHXDy1Q*UF1S08a#60$dEvXf#X64jfzqjeUM;&jk7o z2Q2yrU-%z%?nn1vbQ>$P_PILkz52Q2cJGWcWcCOQ>kZ~G0;NIs&x=xL?$ZzZnc?w- z-v|A6`)%tf3%~Jte=?XxMo=jx*oVe+?&j+E+{j-H2f>4H&o3kJuZPrJ@A+2)nH;z3 z-|7A|U=}H<2R7~epZoNL(--@ORMFI1HJ2c{^TOQOMpT*D!S9g;cO=Qr*@HnBH7*Hk z;y#pWLREBs2iKVxu{O*8E{8Nv%T}B+Mf>IChSJu>1nadORy2CvlH8|g?UXG6O$E&_ z(qN$YU`(S%VgP6W{qv(z6?W*q5gSW+Mq|?H*-X74nUTWaDfnYh^AHdA`%tP38qAYY z^dm{J?LC$p(O%kPH=T#=W#Hr0p!25)NZ>WfA5kQ6N3lCN_2Aut2}ZzI^!i$bb-!6} z!CVtGiKA!u@j_^SMSN012aQ7#A^kF0pGOJ{w~lM!skeDiy>s^|N~>v4-#9Fl!+W36 z)?k+HI8Y2;wCf-85uB2dvcaj5TA^F>bP;E4h9d7w2$G7mUkJ1N;RG2yQD(Rxey6Hv zsrmS~-IxeMUEpkS^0Z_#>HW*=S_BN&dEbJ=-vUw+^LJ`7R3wEa+;T@E&?!b z={I&?U->@4SMS@`lVyXmF{VQJI_2Em>95%< z*%xvoD!JS`0P1sttDtvPCi*hJf_C59>Q^W!+@JAP}p>U zFmz;pC}_=lmx_@8S&S`5j7iyW%sdBE@q9DNdAQbev+r@ng@4)TfEe4uc-)O75?V%j zU`NGk9Nk71(=)uD)$f6^E?mKpMrbN*`Zgi$W)$;pkuh*>`KrZcPc;S!!R9xaeDlO=m(%uW^fM9O9~0cu!$9}y3Jj)-2)Bd2qCet`6_}lIq;As z*-{$NE-VUATQXBsJ)#@Ypt!Gih0dBAZDV|YkSrM3mlA8Pq)Z$fuXGI1qPG)yq<=~_ci2tRr{F_KGn0L^*}Y#&H9X*bE5k}z*Hg^Z*oR)>AOu20~HO}=;O{Cfs$(2GVi|o z+U{wXVGkpB?0M3ocReDl8DN}eIlGlxDKJV#oiQnJ6&>Ewgf_B?n z|3zQ;@>@N#Gi*9Dh!d*zS*l>PY?c$u;6+W-gRMt7tzc}0&DVYn3S91?cLdoud%;Gh z=S65=U`06z>Y{&4;zdRW_jh@^ZE zzKs0KovT!EY|Y{*h(G_P}W=ECM zVsNj$^cK+YAfO}6yy|_m6gGdx8qV0oWPU?scN({rasa#LP$*~YGO_du9|`UmM*H-& zqtt&3^LfyFXU)44oDyICt9Tn+1IyT|G6F+IVJr z+^#I*faP)~LCX`l?gEVQ*&Vu#d!A!`E2bxsa3@w-=_;k3#8;E9Q*hAd$9FSV9g`G} zg4uDcS0!)aG*r>K**w-~UwRwyfnvbjRi^-<+>f{K>rMq@(ab^p*;b!UnKM=O^zplI zmp203!pn1+MJAff^!r0Yw5A~Fj1w&?hU-2~7lCHtU*hNXmFJh@@NC@SCouWrF1_?4 zBUl!hJ2iF<>80>6O;wu)qba>w#X}CQjtxJ#TRIlexbK=n>h?YkHvu-tO-nfAAvv0^ zGI*!wS=7O1k$beZF?stOTMHtK*xe@at3y9CqPg&>5RYPZF?HP@=}(&tCcG3?#lv_2 zDwJ#GFwz47AT&<<=RVV0)!6R{GOlUs@46^Hn#8O8g8Oa#<9T=QdV`uZ8@776P#>bv zAHfjxplYw6r@eXfpsv9k{RVewKHZLjb;#f?iJR6Z5|zYfcbsx-x4Bq zv(LM!1AaT5f%|%=OlH~0oj1}(8+<(WG$JPXq>wLDA3th(ps&xjaZ;U{@I-}!8Uj}E zi$^(-jYo8IVPD=0OE%a=7Z!G72PU+IYty~1=9TRkGu{2uIJE^=&O#j}X61-h8)yUU5dW|oKI4U}- zj6`-A=6#m!Qe(E}$3;p@{hd#)=Q7Xte! z9DDX5x9Ahk0@B!P0xTDXZ@-$^oWc5GU+LGSwR}J^lN0vu9ei3;z_2=0vxK}VF4vwrv)ttuhBbSsfRlSl#W~X!gY2Lu zPa_DpkUhMX(fRH&2i}q6y0=TQd4!)&T)oN4b?XO&qK}*Ob)VaaMHAFknEA*0q!Et> zel`*;D9|zgi%+m5K4%Bw4=dJ8E9d>#3zi&t8t@bPGUGoC^k?+=I)4yLd>IvhU zKi#&nX2j!b_}z%m&SNOJm=BMqosf9Cn-uWRy~Hq;!86G~?EB_hOXa16#Q>Hx<^&b zy;EH9o9qDjqYp%xsGQS~FV3EB&O?3zX@!`cz5!^D!+~^4x39&;eq5GN&?C9U2fT1E znhBlYi@BZfiAFCm$B?f1fblgzOnbr%mgpO4+3xjTJ!W8K>6cXL`%?X6gg*y;gI=Yoz1|&F#5R#Ma-R{>{pd3ujq+vpYo8p43to)Opz7$Uiu=uIk2n3WlOE72ySe zShc32pxh+xpqz={rGu?}_m^F4;_mUWp|Lp9rt;W8HdZv@*qG7vD*uk3oTfZDuI%w}{UO7}q%f!tGuR^n3JaY5euTG6-WlN>tQ5@2 z%`Z#Q^pyR`1iLReJzXAGT0F`|=5@P!icC$`6YZ_c3+b!ZrVnX=p^T6YV@pcT3r{f9 zy#9h=`GD!!h0U;p)a4QyfsmXp`>4O}xxd?2BX!&m;>gngyE-5PAnnFjGE6fjl^i@; zA8JM5`O1)t<=pf8H-|sE%3i1beV8||Se4Nx1mdU~Bg!!X8?SuLY(j7&5bsG6Q(OqP zf86#Ik$tune#wjeE_+1~sy=^6;Zf;|e-x`|Gt%VYQr|#u?|WN+$(7;l<_Y6R1kVw7 zIEo)$zsnIWMZ-P4LfI|HFM;`E5|_^sjrs%igm7UYi?f?E0a>6s=MH_j?EcPrJegzn zn&DyO57)@&0S`$|)7W#5;kv`NKy$mLw@>@2(&c*hR&>U#P^K8Eb3Ilft85WdAeFHg zdo4QpkY#%h=%xdwdrwXMY&Z9^Q(CjSg6+6<&2)t_e1o>M(ihk-b<`+wx@6>&UoZ#A z`ft(y;)^V$9sZLBrZs^)c7>uFk8)BG+|k4X4A!2uk&5m>xz1ai8jpVQx$d4eVf&Kn z)5_BPwU0wjb2~IvMpcxRH)<+KnCak^@C7f3!T1AR(^{*m*ODJ+X+;i4HfF~9RcTl1 zm%6OKBzO8`R-Ekv?yYKY(Y_^L2i!vs4Y=QN&8JoUl9#3CK)N{|j#jq7W+5n-i&d%U zB(>KMaMW-OhL)4O`-2jw$*1$(vt1*)6-)$gdYIR9Y|$dsk&nCEq0!j~P4CZ+dW#X8 z$**VG$?}VH&+?vO?qC)lD~c>UvtOdieINJBO5Rk4V9ome7U2x@oxDCnB%mP~ z*t66J7F%3)`ksY{rGs*l!bA?@wRBOe$(~2(XrLW?GLIwa;F!WQi}@=v-O0m0Z70vUz<3`c(vPk2-uV7bbkgtjh%s{~SFQeHE#_95`pg4FRUnLKoc zuB|ica$xczYzSerIvC?@KMJ2+rZ^R(zdyCQmw;9QziwlN-B$6clk5{^bcDQ|5Feu! zQ!)Q!+54nZKLD*ij~m6DD6(;#miP7#j-$DAa6X-)_DT>dhe5M&_v0H~M6oP4)I%im z&Fs!-$VOIge|jigXlZ%*mutEqrHCPe%;Lh!z0kb}bk7)sh=P|wIdCB6L=gYx_V+y8 zMvj*TOiRY%zM`8WrBt z_I$MHqAln{+8$~KS1QQiqYXFDGq)cbD+6RL!HGz;BMlQ#CgG^%e)}Ou;tMkKP)*JE ze7RVyyN*sfiD2(6q`|{1rF#zL+YK#rDhtegrPh$M>TZ{>PqYYs>K)bpS!{(%5|c;z z8(z+k09GnlKvgK{q!y}u7mr6z=Yxha_$~kH^a%^3e9j+QO8TLkj+Z)wl|G%JhjY}& z7r+T3sa(d?2ozPTkLy)ew^-jp^vd3xY)H`r~1(tZnIOK(XT?{;>GtP?>Q}4fSn`nFE~t z0;*XUIw|U;)}v(hP1ffqjh>1vEOrp0H?9iIlue7d-$c6mO*G9Q7iiYEv-#}k{NN7B z*Uh>+2lg5^NwV(L3rXEc?R#Te;@V~+&WT_yzPdb2`d;8`hJ-TYbK@e{cRi!vTj+T* z)hUQ%%*%s$5pp%oT`XWjhELOe&l9FV5L($nN9h4~g{SBa5v0HV(VwB%BmrN6OGEgJ zmCe2=jq!bl%!X$UzG5F~j8vI31~aPVk6haKl~lgyf$M*9W9WDqR@gKoAMD8+atKf8 zr|~_XdV%`v?{AECwl5Ug^y40xkSpGD3ZqYUCr$>np7Sa}oO0w^Js<9vgd}u_MAkvt z&ksxKh3^rntX{$_Ja15PXfdGAFiW%{j-%pk4k$6c_y@QNzbtt;$*?HcEAiLwy>f~N zi|!Xz@1fm-ePA&u-+XyLq(I`x`uyBi%ewr8@)02OEBdZ5QQRu!_#_F|3tCqL?ydN#$!BJ7=`}U| z%h~z~Vm`*u=2~ld&y)F9pV==;@}c@>PczCGc-N5b;4}uSU-wrGlQ(zBnx`P_F$e3V zpW%6uqfKC;hUQLG#uoN4*tZ_$4fsU@Ok$e4Sc2JQCW=%r*`@H~%LenU4k8P$M|;#F zd-Y%BX}E<-*39@;ctTOI_)GZ75R89H0;?w_;q9IB?tnZip@OczUSr`L6WFnQr9kE3 z?#GzG(_S#)K0-J$a5`?up33@ zyxs>%y+Sg;#aJhZaX5Gr*_+*V$eEB%ZeJd3_N{4BLl+6xkh_&0-{TWD%xLYLMN4wz zOLeI?aO`H*^ztJQXS6p?`aINTt zd;!Hx&G-uzN$BVhY2+at~p&hiCP)jBfq(VGM_y3is21$R0&m z3r~ITvlWvM7i`mh*Rlw^+t8g2+!@1p2erlDB)a7!aj*rYIpO+!6bt1i7jY@d@V_BTN&9Q-_OvEjRD&X-sZ_Hf1k zeMjG;?-d*|Xy2bdF28L@k87#Vut7#_LQA%?UaqMJx)hZ{>_V;UM%I_I}$!q#$@DLYi@9U9>KOfkJ zBu5N;86g9FDC*#{tl*Yj0OGO6%jQhu|0}(5_ue_KF!?QCh?yoYb9%U@S4*m{@oC>1 zlb?^+bbk!H>G<}~&;E(sFt-nY(F^PZ;DI|xI}CdQAFiQ=FV%vFqV0XGbx*yDO|cDnSId9e+?-;G6fBjKu#mF^t|UZS=8KzrKPeQdAi*Gbq0 zE~#OaqXn5>U(K^sJhA~)=sRk`ael9*7r8EjyPuO*e&jFk5Q>@Q;VH z&cG|+ImawMpTZcHGxneM?lwJxp@CN)FP*x)mLnLdJfUJb98KnM;<+CF95JOb=^PxU z({VlIm4Ir}dPw40#Cj86X7kP=owYBFr_%tVZ!3zM4OAaLMMua)Ee;M=0gMYs@b4VR z&C4yhprNu~HBCTtUy9S09~K-kN7kGCw6@DEB_MEC`Ww&3eup{|$L;4R7Bs%t~{^(_3Tm21?o z|Ez-0r$4G)!l&8PX1?^EuVO_r`K`=U`whRWCBuQHC&-&)owCjDcIVq~^5^P@P$aKd z=k}-<0;Uf@Pp-mLt}L%0T8&U!D)!bM9S+k|BToDavq zHx+t7t)J-gsVa0#qA26*>nZj^2QIGr5AovSic7R)upzZ|Q;o@p^!(5xFo8hDnop5< z>fUz{kGQMTzv3e$%on3`)#%)4_wj`{Kt|c|4jOTaK~TaG@AZUsuct14e)|WD5=%8Z z^vy+EbAAdepTjn^>)IR7y+H-8Vxd{>8}dj$C{qDkdkw}F;K@u3;AMgj1RxD{?DeM$ z6@COC7Pbl*w(U-_0mCWsJ9Iwc9C!h{Wn7xRsA_JSwbX}(9Y$%-yyjnOGZef4aR}j1yzM3t# z0wTjLFScV`t%$8tYL8Qp!A4?AyT3J+C)Sk-DN+*C?x@{tRtC6gb-ALBewDJ#WYX}x zMOI-G?yKA(7>HxdKU!ufa`Q?B+b!d?i+!e>h$J%vSB{HZm^<)w$|Krt#SZMqU&rYx z_x#*i=Wo^c?lJC-2yj6B11UyrPqp3GXpFO6Iwf50$HU!H>=jnpmNQ!w3f)A056Ok< zIc%@5pchSR`bo_`a@|l6nj?5+x2=zk;>%M<1S^qpqTl>0oa*(Lx$zw5cE3&wM?7R9=6y)=q$NKhug~`No{Tto<6S+v z=jwFW=WFtm=l7yp@`H0k22Wh06CHds=3PEVaZf$5oY!-1mhY?35W>PVe0G$=E!=o)>u4iVI#etoHNg8xxw=PZO^) zd!J^2h&{@^7lEJqJzReaVdpewq%MwmA0uQ7OG1(^us%FHx$pRr2wIh!^Xu#V(%5z7 z79xAI=+x|TLS*#J#)pwV0Bn+aca8+GP9=hzf?T$dlx#Y{*;GDLPh% zlaSllR`|=FO!v;(=?hF*EH7Uj`jyh(&|gNh)AN{Papg3km_Fb}=qC-tRNn_#Rr+;A z1hdz_WPHvD^Jb%;S~CeGt;7!mOe#2$M_cct?SA6AL#saWujGDf?lYHVILP*kRYTY% z0TjV@O3Xt^{VDx>CWR6Um*|ssedEd@Kl^vGzbzZr9y(m|pdA|jan-V?@ow(!FHE0# zb5-UkbVVMt^v^MXv(OSdZ)%ar`4i`Q{DJ6=8J=tfvE2DQ*+p}QX8qft;K}T{OQ0=H z^r;%LB}DS%^4#Lx85&t;&>HY4<`dZ{_T|6a zLsv|$c@un}y$a?nJ(SxGONBt+V>I}*4*g1CUf6H%j=|P5+923TW1Aqjd!b2lL> z$(m`uDD98V&;2nqqXf8fr&wFJ%3v?MXP0r?H)sdH=RO&4>p4>ZW~;7l}7uEBj#| zG#*q=u7kg4{f46r#ksQC0Wl3 zEe@FEgz`yR!Lvl_uv$_T(_?#t-@ z6^4g8>rpWS+Sdu~+t267v?PT$a%hHQGOBSrnFPf3$L1ngEQQi;{J!%`h3q%=jJdW? zCWYuWu+x`1KaU9i;fGg!_M8~E?B^5RSqh5{yZR2Ls``{8 z4G}hZd7NYa*b{krxxL`0cZgu$xHGF4!DoS zY>U4>zkMyp#XIUZz8aW>+q5%yu(IkDR*<`*9-k44G?3P?(5s}mUeIck;}`d zvkd&&$Qd^KC%NAfk=c2Z`h7(ufOxK`$Ck+Lwr683Bx3_E_Fv-fD^ZzPfb_WD^5PU0 zs|e2DMhHCupI@~>=s74l>%8=!Bm|h<1<{@GxR%F#XG-o)9N=b@!HFr;fzJ zGaMh_vG!qaluOE>6%Sm zd3}P9`D`7_Sl_W?!CW#3NCQldsZbxWw{1@*5U?=TA4Wo?jJcY>?a zy_B}sUu0qlpZpKcSYA**yIpjur&#fA-Rq<&q{^7@BH+QE6Mf0Y5EUdmLk$&MB>^J& zb_6K>FWYEccYT6vQ4g4Wwa`W0DHh4Y>-lAU?eVu?UoYbw>n%2h<)QIGnR}wIsal2# znX7N`g56Ho&q(qLdjS_k+v&ZJCOAjo|Jfk1UCu=3hpZI$a(oo_!+~n#R!5oKQBMl{ zWv9Y456-U)nMInJ@*-`lZY41Ib!}P<@E8tMGud^--(fi@8Y}s3Cx3~LL)}ZZ9ao^* zrcMM^{!-kei@9Gyr^jDA)#Y+CQSP$Ou#hn>rG9%q1yk|v6XAK9`M!pmHa4clV+t2O z5$o1{IUppAv0VNxUn7J9NJ#{u6M7>GiKr5aVGlcdf4cn;(dq-WK5ww4<9}=98ede) z<1DejsGU9jV3s(cJAF~ksr?7yOQN!s2_%XI&E#QwduPQ_B&zg+^;fVPaBAHPbgBGV z9#s!)Ha$=nr`+W5d?eF;B0|LB-Tn|^4cqLrL;VLhZP>RN?>}b9VzsCPSdsq7MeGLm1r+7scR&1FMWHjo0qX~X<xqm>?>mHO2*z)nTULZFIC>A-a(1M@ zb;GA5c?Mr_c+e) z^u+e~y{||}nV!)vgl3`?SCtGFGVb(Q4KDhw4lfE=LF8lu%hzbX=&rdB=X&8RmPwp) zbhN$czHCC!OaHfDM03G{4(#B}lTkNHx9f{NKBt+D%D8RMQ|I_fYQjOa z_9YM9}O_>BGq>|3VB--}*0@)%_o&S^7yPmApK*z$V(fTpIv1=#aY`}$Z1 zBy({;8~t>Ft5Xfts_CbOaR0t`>+%C8L`HGn#@9XGYL&0HpLC{Og8qRXd15P1*5!Mf z1*0dx$P=>|W*6Cwtq1;k5cM<*Zze#od)7I5A;=~h2ZJ`?GelD9akx_YX-w3!$T!#K ze0{&({txfe3RQYMi{07-1NrR{RQ8Y}9pg`u+nnr;8KM{~g!8+Dce!!hTD=Lcc<*nm zL#4Q{qQ-&Ylw!29Uv?idt>%m8SY5v67J7Mq40rD^p*p-6HM^dIKEW-GkkeGHZ^ETL zHqyt?jt?}^WZ6k5XY{o#r9N#=c4Hl0P84QgPK6=&PtAHhzeh@b`+e-e^L^ZBKuz=S zn-0^rq2E`|jeS~d$aNK{8ZZNaJ*)Gsplm?GoKojnu|9nIcHFbFy(u<%E^8P(uPBMy z&%D6P6|(+?+{~R=o{Xgkl;OfVmrs}%&qalpT`pq@C`f;Xt5u`6`$#R1>(W1dQc*=* zY!B3Xal7~sJd*o95LVK=Y$5}&9D(O@W!CW>dkjv7SgoLzpP^z)9;^PS%AP_1_-m_+ zsl2MDFO-V1lv)_Mrhk%$fPGTlaB_7hE*U~>ICKMK zE_a#!k~_z)Gd~o3CJObkhL5N3n+~UkoqDEM9>P*UzlVU)F|>Sp3~~P-GR((!;ob~Ja2LZ+V(}+Gyn9wr+IWHA*)VE zHsy$=#=gGV_fV~&Bs`y>B)d`rf2~a_;D{ku;RVyY6{Y0)m+#cqcQ^AgwsmqAnYPzy zl_%+=$ekh1@91f=ib#SXTiA!msa19zrd*lnXob_I%B-r;(IVY_NMzD) z$5?iLKxTT56n5BebRWzWo~YdqUZOi_{;LieE1aB1{eDu->#Th?;r z_MX@iAraaXP*1+_+?A~y!Gnps|AM<|%8IpeLk@>{U+(n}*5M?qP1~dn4u_6lBd?I56@{%^brQ2!@)v zD+^IYj1`u@JF6YUt2kn+v2%Dse4jCFCPZ;li8>95lOp_Pki&01l=D(m9!{RBWJ7+( z{Oi`Qb`K(cf2n2|5OUHX%M5o~ap+ktepyzYH95cU%iq<9-55HK&&qeRTXv%kxs9fk zZ-!m|ok0gleLlA(ajBqPtjcfvvT}^@4z#ASB54uJz6^!|b$N4#PqWI)3QC+JwuNKtv64|I-9@H$?ydRd4f(#W?> z^=x@{G+LJS?8z_~vs>K57IL%`dbi~uC#^-xpJ zOXe|`Jtp+dJfDw7oz31mW>fW=Z>Lmnh`l&16Q@8QE<=JEW?x%PKWE3MPuDO z2hU1;QS-+yV*#a;2PgG)Z}q+>BrqB6%dHZK-yFeBu6^bD{?nFWsX9zBC*FHq&g=;~ z?Aa2r~PeI~QE3gP?%Rs+>oG7LWUN!VGp*c{1N`0xwUBxqKH zA(8U*69CVyWX%ysS8?HB)Az`tYE%1+-hCwRjn_|-|4FvXHNF{i1%v8_xCed z9uc|Mn6D%`arTJUfNDaA4drlZe^8|DK}y&&ByC5?&{8d-eV@exMkER|?fav8d2z(4 zyKXyhSDsH^9m16E{7?*SpN>!N54-iM-4}25`(m(Kz&`pfinUL{@GL)9Sl=`xKjmsdjFB+eFpSYb(5@K@t8<*3A1Zk@$x$ z78P&-TmR=c7rlCY6t3=2kM3uSx@3r}qV_#V-}DL(G?^^FpDZl}@QiP_uB96$unh9p z-6rS${VF0e@-jJ+Ew56v{zl$qBEmcPv;6sy^7~j=&Rc=K{tT6@^qSvT{ACh%cXNG7 z@2HCMdxsJh#0v3qmON34Slp~X?pqpf-+6$lEl{B>$1rU-Q4NgT*yd14(NXTg!`XWA z{>o@D65F?@>*tV|+%h7PAhiq}Rvi4bZ{%gFKobuTsLm{C6jj@Lft2g2)6sNUnpdP% zy&Ij`_w+T^?PGK9m8~o0`P_%zro-^`Wh<&b)L%nD+MwUv5OwWq zp1P>lc-easgwyy2--Ud+e+Dxs#hvOxK42abj&F1FkweXA$!%Z{vz+$42p$;icRta^ z-o^v5EG$DWBOO)#0qo)PUmKD>F?w;E=_kau*ydfm+jsfAV}T{M&@M>Eylw71Co9%( zQaZo)Q_a~BuiCe?SDw>Prf2qyj?l-mF_X$BU{&?F1u<1k5!@&N)drbQ?yfE)69VtK z&cTLz9C2mjNX&V{o$RpWATqxg*C{jMyI_*Oc%cQh%)~Z1Q@8GJbttC^+vDKHPYVGX z#Jrl^Idz181~94StK$mm0eaQv)0a+}kr4$oET?KgJ3etoFjYpe_PZ;rZok5iqk^t#h!sr2>OcXSjW z0P*piQoX`>J{1x$GyT2ZH$JzP(6sK|D{=tc03-`f4w1(!VG_7!5)5lq>YFmU!h`<$ zj46hX#-VIM`$kn|OXiR4Y3XEU_TUx3KHb2Ug5Gg@D!#|MFe4yobMuGGq$>TPAJl4@ z68>p#U+Gjovq%X(3}naH4}akTmFgO-+^(^(abHP%${Na*hx0>pgLD=STX#>bRfKzv zyTxZJkG_G2z2tFW1p4wy-6LI5)bkToYXKEERK(BU;`*(et8M>Wf^tNJ!o5%Y9H#VY zd+t-Vm4o*_u0Rs|T0x4w`#C1IKIBbklAGEblFL+}y})GLc6PxJh+`~evOM(Agd)L} z;l^^s_5gjQl9k(!-2OzG@!pr&mmHYmwcfD<-#rZkTnYu$3FAC-*~3nFij-cD?Wy0V z5M8|7v|z>rBgE_CDc7>Ln?-V}_n8>wJXY-2-3{EkC|>Hz_T3jB>pc5LSD{j*?pN%k z76|ruKbL0@t(#K99+Rq13UC=u-tWV`Q>aZR=PXr(bXQ;eeT+Z_&QT-Y9spMPVZs z9|)MS6@+leF|_{RrwjBK?Kbxtg6fj_eh5Q#>Rwy;WfE-3fChZ$SM{B2;<;4qqh84mSx<5wU=|oP(N2uvMLyCC*`L}EBr6{OmU(7SU zyTWJVNifa%Eu4?D==(fFaQidrqUP49&N-zvq!P2ln?#|DXvaapo!V|TvJ~V3#A7^?xVaR{5c6 z(`FL|B&Nrr^a3?MWp@wNnJj4S<_QWCC&MjMDs*G}T6RB=%b%WA^d0!M506@)0ZDEAqW7uoOvR<70jLqv-eEMb0qXN|faAgrd0 zj871}33u+NdyFc3QK4O|>|DL_&LO{wdb>#JZc8I|TfeWHvgJQ)<|B&QvYpOaz6`T+ ze9k9xh7gL@_;%xVnNSiBV%Q&4AL2hp){fZpxxnKd4-;WPTt5t^FE{**`-;yl-|ljA z<907>dX#cW4%H{ zz#TL)LY)|dBM*H81ic!7RE5T9>|!usrEc$fAGM8`8K3YEhsUj9M_~E*r_c=g5w;MJ z@my@mom@1Zly*qUq6KE zd?c-KAmFl0v`qC=`f|4i!ma5d`WfW5&ixU_TFw{MMyXPmS$%(?rrTu4eN^+rz9p)a zwDqSI_hfGfl`l;hpG658$E(FfScRoKoPXcw^FC?d2A`O3dw+)zPdu98b{P4|eJ36y zgSV=dzpWC&vYG@emc2nr)jfmimk`Q337@v&G==>26cQeX9hdo+S3D`7vS{B5LW2OU zMgc!Wv2Oi2PH)Wxm0o@x=Z~sow#cVcb%M8u0)L_U6E+Y=0i$ ze>t6R%BZHgle`y5*Wk^g+L)4qhIPomVU;uLi`Jv*kyXiFs2hTPmQq09Acz;n=kxQ3 zF2TONI}+q{7{ZPAK7wI;Z~v2yQwy1E zNI;|kza1}!>zR6WmcxMfoyM8AUvo`by28Zvb~%qIRip(|pr&SQ>b`f)o1v`VzNhT( z0cO}n%ayP1+1M8gIVfXvLwQG51IhjltphZLn+Lx)&&QYa9$8E&TP?M{xHy>?g|wq51ki>}$VHX?`mvwJ2GV9z*`YuB z)~VK#;wM(=+`+dsum|$5X`}1;&yC@qj{AMWLQ^{_Syaz{-17EQ2oC9-}m$z z%b{Ysj)k*Wu0I#KpXcQxPVpZ8|NRJivT(4ieW&0w`|~*RI8SU* z(qd0hW&o=6=IH!;Uu)%bX^>O^LQZC&jxSyJIu72TmC1C=t~&l?py)4q{Xi8y{gBOD z9Y%Cq%G3S?9OUY3!_*8%jVl9ATKvgQ&4oOLfjGmLY$UZg<3VVakP1ex;PA0`f?v;Ang4SdNA=E8FxQs~`Gcp^ z0fE?}iHoP76UR6j{mOgZZ>xJx>il(k-Q>f`Mo~~uwh-)ACG+5%VcuacDHdq0d;T4l zFdD9*WK^oq>XmPm^W#yA4;lL71;;045TA$#{QGou`~JH6`!tV}i%aB5;~NIxZfS>4 zZWge#I0k?H&T9SL23E!5Bzb?j)35h4oEkuN*=r2#9omUYHeT(F?FNsRwBjec7GB8a(v7$L7nq`>X7>_IN=}I?o8;_{w)l6 zzsblUA>NtB2-4H<$+l1q6{O+l`UNGW^NYpf-D$q=ez1hW8svkIJ!)1C9Q)dH!!3Oq z=(0=~ecXDcDD>EpPd9L^0{6TqpkRT{pvQ<3p9_#}Wyza67%6CIrNq zx((dv9P%Vx?=xFvN05=^KdYMg9cq`mcK=>MWEtdNX1Q0cJTc*&;?Tf9*q3slJPMAE zjUo0>YCA$osm}axwu~$JOQiltN|Jz_C0E<%3?)DcS_T{Hm#C0j;%#LJ+0;e){R7zG z2T3)vgVAd*#7WHr7}f#aj=0w?4yP|pkT z>K@7qs`%sA>|z*rSJPziHvJU^Mz%!b12X{iIQ0{Cd!BgN*tH-h}9 zZ_*(jl07A>nAE+&-!th`@l>OZ-kd{i$|r(>6|wIVRP*tdlz@6_%~ki|8eiWDp!xmP z2C?X}4d?uF&W*yX_mNPaj<)c1TwIRcYJ}gQz+Ls}PN(cLLP^WF_VmSl=H>Mr&Ge~6d|v;+xNk>VK6vw=I@CaiMDWePg?^B; zdWStKe9e-?{a}QFw+wl>#j&5}h6*S(1L#{#4MdWAH2FLuL!3{F#0#H$Bb=@5g!QPy zhWMB-c!H8f}Ez~VYftiw``vl8&jprEK%3GhXx3t?wJYN&=A z55ViDWQ=nJ143urc=1`CEcVR-{!ap$0Co90rAa6oNT7LJe>CLj>}2P}e+-uRLu)XB zTimOLbi6tp&yQ2~18h`#kEv)%?6>iwI(3p?|2vlNtd;#B)@YZOy62n|cUIQ#(L5t) z6~uk+2)`3CR!2I^`2q2Wu%-_J@K8sD>zkqMs+B(U66hPTCqcjDfE z6N|AgnakYWEA69>?rr$eM<;%e8>qFLo!m<9Bs>`k0*h^f{XsDy(*P#6FO8twM^V;S zarRc9_qTCIB{XY6ojs=7gp*Q_ez`pvU*&+NzpDyZ0Lf3(pg>{?ha2bAg$(y*P4NOB zc<-fMW6c+NXY2rld#oz$a38PROQe@rBS@=RwO@^D%T06r_HwI%;V~xf3rupk!A2w- z*e~IIj*qQ}6F_r3WyU!t3xN&T1$79AUSs*_ySi?AdGR35mAhwHj~!(p@R8R&Tept7 zlG|gNXnwt|g#UiO5j_T-^?*rE{d90I4**Pp_NB>E56`}s&whmqg&)7HNHT0GQ>RZq z)QIof(A_ufAL8wRyD?d5c64HqT6)L7JmaxUg_ zSBR7DR2f6)E4j|QCV_O3rP{!V^Rj9y2WJ!;4~B5=mshxxcX1pj_M6-VmZIdo)`aHx zQp2kzZ=K7)d_{Tpo;m$Oc#*r3yNKc7<7ZJbx{8tq8SI0pEOl}%-)JNaE@G5M#+kF1{SM==Na!dr|yi`JBpI zHN(OZ+GH>&qOps)`cR55#Rj#4O@VH!Q(L*P5yTEu;J%`#*N_U-Zy{Bs6mRAm0@LYu zZ;0XS%YJMrbn`kJ2)m@Isk1V22x`-H(0KFa&K#~(e1Rwzv%W8yc-Z$g>DHX2rQvyw z;8KC9?ScTs=UkTebL)lWts&&CJpIAfFeO_o0Rg?%4l)KOG!QSi!hi_to-# zj-k$VGa28OydD-sz9zu2Dn{w>{XTmho6 z2ZWFF_3AZzPVj6yn`#Jy;V{jHj_)bCJ1i{vR_bRA1F$`U3Q2u6b zPc%G#chP@6Byw3?=KL;C2Gv~&l1}Xwgslxto0XEPJ=vM}ICI7a-qpvxk__~XpjDGT zor>WQY_`^juD)F14vfuE@Aq;2^t_|W8X`kaC(6q<+^uk z*wIZ6c;1)?h~fv&CLYvUUyu$|uvmU0tnrZ6JC#YyZvBEgnvIW0p>lT`4|@O;9hLbz z<@^W6odfYemwk)bJFqM7JLaHpf?U$XMqjPPJ!4(~Mv}j*|US`Vi`*=*>@uM*%Z)kKB9o|GPF6rSd{<5@X zQ0BZ9paVUhuQnVk;d~RXRk7EMy`KU0%Si5vowAgX4b7uh7H77HS|CG%T2Zxl=-S)k zX)1IqxhE@QlYG5N@`V>Uh&X}UvsVHZ_pL$UrAS6K*(z_LC5G77yZDw{Ti*FUr_9Y)xC)7@FaU zmwVk0+k2LMLIR56o{(7CXYsBwTTo9|FW`-b9P_@Qb57WDL+qgy3;3sZdyL5#$Fv2`cV zE_E-6N0z1i25MM=huSZIrp_UC&H?)^50P%evWL4`&iw{bRtFPDDC*zgdx$o3!e`hfs|jez1K?s1g=J^Gq(9E+FW8BW&qCDM3bfYm# zB>D{2vmG~2I4L_d-XJ_G6^GZp7NobT(^#iyR+m6FL z`d9qn&4->%y;1%81U4TU5z%M;TA>qGcvnplJVTvpK&|aj>py?@3(o^%h!arW^jN&UvVtn zOOr)M9cC~H+-nuj4*@9d2Ti~8aA-haLHe_ZL6<@Y?NK}IY;?th?!Gj)WYosD|w@l&)Nz@;1~ z^zu?+#{jRQhHB+UtPkDXmN3NLcSJKFu8?m)&I4rUm4UT;47+e6e3-_*Wv$v0-1=u_ ze#Dm~L=McM^`jR9v~j;kS|6v{{UH@v$TUBqf9VsvF+bh+uBhJotXvxA2f@q}+>NqY z-jYQ8!|x`G#}}{5?SS+1T!l83R%_#ZpI)eauW$FYDAd=uyqJ&Kgh9{$*h{jl#&B5b zy9{T|*2nGvUEVB;pa2MC&7^RbH~gC~`|XvH0`2?Q?`g0tuYQc?Cs+H!PgW|U{n47V zgj1Y2dxTq*ou%uGbbiOdr(f5q1`Fs=s*qG@4&LY@Y?&OWqX@w%Lb3XK10ks{A(_z^ z!!Z%aW3Vo_hPtyuiVs4zS<= zz+L`nB?&N#J3O++U5UTu2~U1fqD8$01(L`6c=`%3l04h_kp?qmgUJ}$y=iS!>lHpq zJWPZ`I8qnyDRd^;;2X7=Ma_d&clIrk1eg#&TO$qCo6}4}OcK_FOWw!k`z${tnTDC%|CioO@ z*7gh!v5Eu&GfrDDCr?y|4>nJs7fZC2 z%_A03=Q9Id5ROoQK;gNXerm4{5K}F^3wD;57yq=*>crX)`Hjz?Vfk=RHZL%jdykfg zqsp(3qHaZIu{C2RB}L61Wk#+pxv-L_lA)&lik(X0XCTbW)of^a-eW z2+!Z(Ugl3Dxz))Rz>jKHDf4bc#)an6J+4T;loidSvr)r|ov+%XYcCh8bx76NWSt|& zq~FmIl9%~5F0gcgDZ%$*zfIXa+?h7g5nNIoS2~83{%K`Gv|EJKDbDU4 zlJ$jZ@9i0Hjnf^Vp#SdnIIXx{4tY8*>mp>qi$@dLJ~+J|!yp+euEf&-gGi2_qXp{F zO1Yk=k&EObMQ`%HUro@mmI)YatgnGp&f{t0l6_N~!)fNq1>6bEf4!D{uqLxA(-)Pd zW_qBTCuPBp@kzmSjN@Wzn*qG_&8KHwYqQdSg^>#o(K38_A=A$lDyMvGSo{kz7Jo_r z=f~u8ucxZRx@F8cbN_(mnc;bR#B+PM8}b2LjA6QcLulKjz7&`O@UJh?dHArHLh;GV z(bHn_XVG}vcsj#2BG`U$QFW`yAuuhT-==?tTbRr@)GGTF~k3jGW-iHPmE1ACm~9*%hnFrFKF-eZJ*A@k$$3YR>_8}U+0 z&a3xKy7<|^dHaaEp1_mv=OzDAyk(L%j(mifeJdW<@TOTd4!z2#*eQ#7kFUkP*r}qV zzBBm1og_$3mJgUE(R^s_*{eD0hf~bfbgOzj`FrS&tUM7?`1T=_1ACl#oQmkI&r$9{{{)EPJ6vuXS6-)X}b7|v*6w_25__g+#s%W{$~ zL3;qf;3uWt8%8`V_68wz;NS7SFNm(MA&TXHw%z*Sz!1BXVnpYWbuj$?bQph)-aR*R zJDjgQkza69@`jO;P}xmCDNh3G(}VoGuYr5l)B{`zvquQ|1|XfUs6>y?CyvMDPoDt? zZQ&F>)OBNi*+e|`3%5b%0gD|m>6ICm4i15hoeLRb#sIncLVgd)IeNkvA{9*X$5ZFn z-8CPC)V>NYltb^|wd)HQ(tccvUhoTp%Y*)HZOLvmBB-K*wg#lFuMX^N8Dsgp<#h2A z0{V*PWoi{>lwVxNUl@rD^Wyp}UPqa2!SlnFc%SKXKM(NLDeUb*|1Q|+q{%X+Z=O6% zwuI^HOWGGg{Kz(c5XNGpTM$Q2LjOsF;9}BL1bndbDCPZ$2xGPBbS^L6VpaI<^)C#l zNgsl(IPpo_P{xMixYPKG6k!wFSF-�Q$m+%cbW>>CE4LMI{h!Miwojp=q}grfdo zJf2$ZJp~{$KrQ%&-r+{%y?x;JDk1uqzNPhs0MqEfm zL@^n4FOd1UlT#jq{;_yg1Lh;_7$X7~GuVD7=_*G~rAR?{5N|a^61jJoi|lTBujfJw z`Z(|38-8U#638f*)mTk*PjjIHtD6;5I>oB+;8PeG9@l;4lyPjdc32| zERoh+TSid(5**q!t$B~8_Xp?VgDZ$g+8&a@e0^H4YL{scDWkbd{R*=>%b-6HhvnqE ztNG2VWj5vkXAEhC@)$sW$Dzum`94*0gvCW2@5s;jUUK5ynxX{&cLOgvz)zN^?5vlhb5+a z)|qyn&N?mdGMQl82i#>q)AZSAGP_HMmL|-4OET7n`uE6Fnco6%U!nBfQlwhazh8BG zvA635Mx4G(8!$iG*Dw(ke-?&Rb$HUVPjC$6vOJPY8@J-`9^U{AFaKdn&2 zM5JfJU=9a82I8-sk6LYcDIVX|ReGI^h})V#se9-*lC|}@&LPH;pXbQ+OJx?9z#KEb z_We%)1?mswwaE|h#krjPL>4cQGfM8)O!%0Bgkw%W{2KTL1Rq*if9_8c^9{F=1AUlXB-S(aU0T#tQEAykN zM)Ez-S&4%V#k8#NTy@~_eZn#ObB~`>2UkJPmOzjfnY==FExDg@3ddtOuzMu;iGK^3 zsPntYejJSjQPP4nqTgP0#%ToRmb&Nf!S13j{Y`0@nZmX~_aMWA>VNi)>;^KvF%OmVT&?q;CocCr3wpb! z6filQLW=yXf~N8QE!pATqNljjo-o)6$ zf2=v@7EA?iYOS^h>Jj|aj2{eifIl@FVPnMKi?Oei4GIDFZ@+H}z{>sBJdGpNfP zkzGb?a65jWcXfo4-VvCC?9EQba)MoL?>;^>k4ri}JQ~0)#djL{$lrYuoO3bw>4$wL z<7dch44_cIe|CGd#~VjOyx&AOe*JRZsh$dwKD#ufFgOTk3VSRL0r!#`c`sJkhgf$~ z9k@k*Vsz$HSnwb_&f|qgF8@h3o`H4%w9RnE)%6S&{AP>do2junqxI)Ub&*9rKc%%z z;{HlN{@4oiE4juWY&jL7_PVyA&%Vs6ePmfg1X5PUDF43eiQK)lXLtvtTW$ zU;}S*aPg>u3zL4j)D~?Ib#PWlnBlIju=ZP;5`zLCl3g)KNKO!EbvsZbLwg*^7o5d= zD3#;yiOT=AY(uFm`KLnaNDK=zFQ=33l^1Zk{6U1(J+pt-qsu(8XFN@Ld(g!pbD0KD z$(-&=enZ$7DHR1=eA~b7-!m0nPpHA{cfK;9VsVl43~u+-cj9!=qYmVqE{cvl>_tUs zfA((u4?1vP_RE}ZH-TK9H8l-7*#O9aBXVVKuFJ<*UtkC{Nl?)+{T)n7;rjbr_93?Nkd)#ax}Q}6sM zUn9$P>$D#zK$2(m)@?DdGGTJ_&sZ{ZA&Z7a_pT)+B>8|))guC1cLj~W!H~JUw%<6vi;KEg*|W^pND~>&>CFR z(z%X}zY-C!TY}p02PM7T=uFQx`1C#wss58K)iE3nL=;A9s}JSeb_aL3=NxNyZ=(oP zu+7QmRMTM&ZY?&858e!ujV^V%@n;2fM%MSQAD*o$rM|tdFMO87NZ2yix)y0}HGfeR z6$|eFy@7Z^zTSuL2gK8;J_jhk$?l2$!V*D%reg*}5|hso@BDmBwA)4lKI{hgz`o6J zM}Q66xPR+U*$BZ|UEdK@4v&e)K0(U=YS$}>`WXMb`x$32vhg?as{+f#_Gwd3osFZWWo*pKi5y-a{~_%ucHr_m%Oi|kXlS!`$ctK&Ooz=#9Qha za%BSfD-2HR$o%?iz`6C0_O{&0}z!-06*IzQy0xga3b6eaelZrV#))L z>9azRi!A|l(4vB*92j$;ZcW_Z!||(neGZ;XGrxkp6cBQ0%58Dc8I9rYjh=m35I|K> zPf!GCp0Asfi+Z-l0EJ(=jF(MTM3oUtk*1q66Q2%VI&a+T&ht>6AB5yUau@0tHc*_h zgV*pSb1)-qurXWv`@wmHl|)wuNk_L;kJ`w#ys6-5NAELeUpDIMo&muR)bkBmG7EdI z$YfxuSfobsTF-8^njE0V+=+ePLA*nZTb`a5z)SaV`LSoWIUiOD98O!msj2p?Zcg^> z(E(Y}3=>Z%i&<&&E5AW6mJXXH!=iT(J zdI*y8)?qpkC&G`v*YK(lf+0 zA9~7uj)rxF^U;OdC;3{DY^H^X0i@BiTdi#TNlm5(ujTqfAsst(M&DvBlva`p#xKZn zp>XcLyHwl$VBKR#J*yUM)9~8Nox`=sRI+S0v9)dTbbW2yr7d96{K3vWat%FUxB7;9 z-n*%@C$23{vbA+t4)#61F@Fy$Z2blrE1vkRl8{fBcL7-q?yr;m2pY)=PVnGOo1y%C zrPrfK-;khyp9d{-YZ{Ar>4%SN^kgAV(S%=N5ia}V$6Lurs(Nw#Zq3^}>fd7hn#)~z z0nbg{OUYFGbh~eiY`R#Og;Z|)=lTdQw`aSBh5usqHE06We{By^a^%(Gxj*e8VBYJ9COLzO_>M&-T_DZ}Lx6p#S#b8-wh;W^%#t4gSt#BV;{&A9 zs9)f^carU=3~ihJSo&J(InL%QZ9N5ER)6^woXh9)4F@kgh0^lv5CRJ;*DMMIhT(aw zl;wQU_22TdYPL-7C`oD6*?=S%v#;xEzX|i3H04@YCM*rTS@b8Cs51 z9uri4+1DI0Kkc{R?|#oRya}E%%4|ZSf^)tVVs3`X3w;&{b%9n-h#%f})zKKW!A$or zkd~do$;>j^BfUvO<|z;60(p@o5m&;cfMfgKpB5jCucMCql)CF(%tI5XP4`cs=~Hxt zJj_c8JZMVu6Wt}tWsU0lw}`PH2sY1_lL3bK@F8O%VD#6%_1SNPko!>o=n;Z+Apo@| zGjXAZk%Z2QdA8J+em!4;&ckAFkGJ{51MEsD2d837m*|^;2Mf;_Gu4$Nw-#;Bk{AK$ z0A&D(p*Z!ueT8UA&c;U@RzhOkcaWV?jh7?}l9D_ZSvY!6O=vUBJfHOe z{tW<-_6osaACK=-_}2+3Pxr^s-S^4qqp;>2CBf^&b0E#v3%BnI`wdNj9GE;flz+Fx zkS@5)b)WBNMUI}F4FN3!ZtiVXh}}|{{U1}0Yi2BWrBjR>-2p&t{R!p$e3%BXPuZIo zwiEBMAf8&WV485^?y!q|o*rq?XaMC5@DKxyt9l!1Bhita(aB^$%~Yj|DFh-faN%M# zOOI9-J(pCDD{yt}aZ*F*EbljY<#kgVQu*^Di1;=` z7R8c=#pLMB$M36Sqm;e*=)av7QZq;C!HnVfAv-O(Uo1SVv>rwD6-Hl%$8Dk}yWd}| zhq@LG8wp&ANxwF~=QcM!BwRO&c= zU6?Ocf{A)1xcfv8a`V8wHAa!neeVqny!W_G7Du_Dn3RoywX#&AVdJW+AINLoY#bSf z!%op3)?RzSsh3+xDyl!`+rd#3jJZEV7{OP>iU^KaTyJ;IF92#fVDe3S8W!2iRA6JSc*|bEc4PTO( zdL;^lx1qnpiEv7Cg-<=I*-kAI_NA5&g(oY=!wy7ZcBqKN|I~OG+^j61bom4QoGEkN zKH~WDhn-s3V5N72%zVzc9JFzhZZ50wUDD2Ze*E;uYdW9iKJ9<>Wx_xUv`nW_T#emn zdH{f--M9TzhbvTotldy3*vI-y--lb%2>UPxtwx&)AKgB;C*6AHGl{REq3||##y;BP z+J67$38kf?++IEcu|Ulb0yk&oRNjN$oB?M*&4oYI>C4wjb&aueIhPkk>x}x$iLj!0+(? zdEL+W~||S*gv~HZI?&F^fFy)u&V%lGfnsl_2@$sWlk`7*YshfOJfQRE$^dtH9 zdS~d%Jec^+X0fNdV13KtxAU{4_way&u(z(ok4f=?8Mv)7r!&u`JYQC|s|fvd(L+JH zza90kmZ1fUHH%d-OQh_(ysJI6lTs5tT`6nA@9%PlFXgI`B?2|cvvvsu`Q6i8nJoJx zT(hQePY=$qgUk4t-#2#rz8GVE6NMMNk>Ms6IM&Qq3%VCLM&wWEMC=N51_S{beJqGKfpY7Yq>dA)A5q@ok z(1q~I{i&xsFltV>^X&*poqc6|kE$%_a8*296nT~~Anflm(vE!~Ux}%9=udi=6si~x z1;GMiMJUwZJe}rx(4-WKcLXsKG9N@Zf)r@~^&syDzq7m!Z-Hgl!Td3&56~EXENTPs zmGlWL5cFrgvBsVM+Wh@6E=Wj`aP$tO1$W^oHuTn$-LAz=Fq-A7JZe4`UbBQ=@WpRbHiVahsOw|Y;#n0>_h4fbKRo8DKCaZi%FSA6Mx&3wPA2z{zb zD>?9Q$b`M8-(XE!%Q=n|B{_u^x#R*+UvcQIG3u(w@6shj&3&j7sfEKoB89nE?|`2Uy>73pGx#n>vu|X zy(FInnmp48XC+>T6#HOIPyWjG#*Al&vPjU%})q5L_i2(MX`WEsGQz3}f?=kTE? zwBC-8KsrVaQ%kiq%QwjI)~{q8KFRY*Uz0sy<^9SO$wWHM^S%JnOMb9##Ih8y)IML( z6HDvf(w;tp+KuLpHBS;aH}I_i%EBT{dA7I@OKKXauTkwi$-;l zR0hsc)?hlEHZLIUKSdELxHfO-+Q(1L;Elvxx_vBTxq<+!Yru9{EO#Fiiy0|6R53NQ zDdFc7%nHN=acu5^X`f)?3rd&_$?MbQrN;sSM<*e0aJM*^UwVK7iOh*xIfT|}9~Zux zeHCJ<&pyc=cVeD8k}b3z?!iGjU2G~nze?{Re=&W8%cWf^lGxq1Q7p{l!WTy3@j)L{ zJEFaG$<(M)L3F=zv;J!zkJ~!mUErG8;p2zp$;;!m{#v!;Uk>tHXR=i-|L9au*Qc(k z)#pxIB=$jm0=XV4JS{5azOwI25(12BT!T9-;-noLAsnY^zx=Koo;3C&uwiY$Dv2WE z9PM+qd|%(6gwC;9y6GWdw};$nm$`MDQEwnJ4kK~^cgwcJWPWHoPQv9*-v$zlj0PVn z%uu=&QDn#*=^>o48m9Mv1Y_Y%V3m;eot7}~8ZliC%s1xw`CO$msaDlKf10DRkD_p3 zly0ISKZkU7ull8+T3^cK6#fo6oivmQ)euP4(lD8hbnO2&lVs+Jl(MTv4Nx~DPyGw{ z4|g{{mMVzoa9{k-OTET;sDvC3Gcoj{wgpCh;28V<#&5Bb#I$+PP^MOJ&|;q&Cpqot zI?2U9w5Kt^{ojMJPr_jtDYaH`cq|0c&H z%$;UPR;lJXnJ@blq&6f=v2g#n{@tms{wIk4y^-{Hh0}ODld0~j+2c;qH7f698{D!J zsPF5$2Ps)=t0b~3T{W@7K@{;u5VOADZSuxa>o0^Z(ft}t#?>MUlmcv4x+!-T9%mw@ z1G!LLxUeeM452r2ahzddWM|%K^AadDXZ^}men4CZ@=iqT;r*yTN&G3RPxN{pB_SsDBas)y!G4^|3p4xf%zKyEpnCE_6iuyr;6-ee-YdNJaZc8g(%kuOzRLZ(Z zzC%I86ZI93v;iL4om?fvAcE*s0IsvlKA+0s_UnTEMpABehryS}MNI{6Y5K8ST!J)B z&z&>_6FCWj>tFK8ghQ#p1E96MlA_rjD8sTucVIc$>=@in60$9yiQ_AOF^T3_Xftb* zXky*jEvfc1h1KB+1Gi=`A(4;CqAAp46tTLSC-+bI|EZdg3)8(_*Dkhsy>Z3Q~-}as_v^demD!j3h1&ugCn$m`zD%$ zAGn|jl=Sf1LoI%-LhUv8Wsz##W1GMyj$Xsy#jT0C76T!WluqSy z1(Op>;4hG~YJ`xGxhH0w09mao>d(oQ0g~*)Ba7sXv@X^v6YB(;IGoQAlw<_5@QYdy z1@EZw-PdUT_0#w3@P`3BjAU!tT-l=;4snduxdpGu zW^)Qy#Nrn<(kKaMP1gfny`FWSuYS+*uAvUcBnKf%xvtRV7WVNGYU4zGT_4aH-*6uE zYKH6WGebuU9z%K8Wvl-BmV{sZVRN7@QPx<)FZGoW4|8U{9G3pv5668uISuDug#T{f zDi@1Skk1EAmeb?T*BWWf6S3MS^Q9MBgM$*%v%-odT>os_8y+~xyRt?^9P4~LT~v<= zNhGO|Tc)de|H4M}dKh}(O@HcBP*hPA<XyIqSU`3W?`qNvp^ps@c7GwV{{CJF4TZ zvw|}cGGQQ0Sa6(M-B*+!T3y?9v8`@6JzEIBZ8UK!C6XArs-{IsGiT>Jc>8q9q|=u? z!^=AG7xg(ze2j*3a2o%xF>`bv**tA7Fi|b|1DpR|kVIICB{Up46q@w-$lJp^S2iwF zf6MVlnzhNkcpZAXGjuWv1-{+kcYqCM+##Q1ch8^{(Vu__ZjqdnM0e^a;5T2yjFC$eNE=9TBomty; zrnIx*(-}#JZZo#QV4k@^*fP$cqOSYaxP!*m*$9yfh&hs;lkX82N~fr^mUlKG=b^CI zcru{X(Ch3)WR^Xc9tsIQ$ilTrrBj_9yMzqy`K@~XY=4c5#{4rCP%;*wzwEA&hxNUv z78W@aVITHN{dfINKIk*mZO`4Ij#7T~-n$TV*^~X%Q!fjwpJ&b3VOwvwsSNu<|9E;n z&=k(Ao;pNR!mE^dw}KkaBo4=C3eiHB@Y#JW<;QM>^)sqmXhkPwQ+l5sXo$A>mSlyV z6Qq={d2-ePWUa;Q#=dhh1X>EfR)lK;2eSO4{#vuYe=l_W9QS|*>8)}5i>PNyHY1hS zY2m!>vk+B7Rus`1yc&zWoG%1OvC=X`w^vg#6~3f=FbvGG?STz}pc zu?lw=UKonzer~rS+-!e_A^Tf@JH@o6wlxBP_w^c8M>xE8&Gr6%8GQP=^H!h{9m|+| z+M~6$SflxqD-}(O(bf2ztL@5@qCV_)GU&bPipY&n@fz8XoNnm*U9Qc&WKm=* zQGfW_zpE$WBp>Dgt&C_wO25l8iOf9(7~}*BdmGZ z>eVcjI2#0C9z31p-!HH#R_tSvbe+~Nbj2G4f{&Q+^pY@e3OPcq`Lko_>Cq6Da@rVj zqCn+4^|opAQurC$2W0=1x7MB>b_SvK3?X+8zx%oQyar61#4=jydx#BEZSgr`9G`1> z;$}fyAQ_wp#)>9v`{M&Zd_8ig^wC{O&>@4&1x##{K zqY9HtQHQ#b&X4AOtGqO6e;K7FRvM5|QGeZcqy_ISi4 zHh5G2k~^2_!w;olRLoW2dB%}sjf$ujh3m`5KGp-eQgXUJQ~1?YeNhlpwLX5u1||T@ z=%-eLvWAYP-y}JF`hc3f9A#&9F2>%=2|Feli z?UcWZm}9FVy?Ry%{#=jbZsm8HM%h(j3|s)%H%d9Jb-Nb}kUc#~UKs-|`Wg1wtzWN- zw%;QfvG^fg^qC?w%GUOL0b#$2ogFhIaGnSu0&fZzCkDQ+p&VsOE;kpASgB*iy?(aA zzCeuUF9S1rr|7(GAo$LVR3n zTIfGv27|5%&esRK8^BhQSB#AHS^sL2T5M!#)03?xVIYB z6MhS6v@~$ujID{KB|!H%TJX(uZy6w{u573JyKmgmXyAS?Y4T8fLh0a-yXIILr$2_? z2sN|4pwoEf1QVchaQ`GE?+x&dbiOkls4BX@FPi3w_`>T>4fk!l{DzBTtk|UY|rT~fj`L4qgaol$-ZmObO%kxbVUj=l3-lc8OIR|Yqs zprCkodY$+aswTA5qbkGB%Y%@N##(}OWcpFQDbu~(YadO{3wFduYQn%(abF$N=rt+> zmd5KG=P3{G$S_?TIy&cb1yCE&A)80U51XfIVzxq1`K8~g*cB;4R`e?%aq#|=?Uncdu;ym!uTLyXn7#!y))`hNE`W(=azOTW9fA*0K$k*TrP zz1AEtzn{xbw>i4IRnmh)U}!vVO2Xy2OcI~bHb_|7KYN@zXra!h*gx0r$?X55_t9TG z#NGM&GJB71KJa4g1Bucz%;PG$*wr6zV*k86W#@z3ntXSe3P_)sEK+O^`@Az;e57Lc zREw~&EyiBiL=xWl=1S$;9dd0yGeJ@vS(0@OlgXXkxivtZzf`%Qkxv3pQMhZk)Ag7j zQ6Lwg2YD05ceov|rrbBjA6IVRuaM73>&8z}Mzn{*d%VcqSKJ2$D?SQ9q9=^x8 zYSKZdkC9)*NZ8rEYFAUdENmqfowCwgvhFdku#k-f5;ROTv6AmW7sdx26vt1G3R;@F2eZApOVoIgiJs}bRsjv&=X-)QX>LwTEPLVg933NiNeN7~^)xO(R8dH?b z*KK(_g*zEh*L0hw22bo)Eh+FwE~HueJ*3E$BopAte~u=4pIXroVfVoKcUC>~J}Yr2 zHVxinZ9<7H@iqq{6mj}?4l=6h>egfE#P|EH3E%Q7MHfPX2%C~=N%YnOj+)jUwCr4F zr^ydkPlq4_+6{gNdm+&Xs#4c?UPRn)xjaLZbRHmFm*x_>HzW9=`CmXi;Zt}%Qa4xkMeN^ z7lJfi$OiHDgLKlmzqIa6ky)CYn04QH1^Q>ck&OSA`)o*RFMl|fT1FHiMk=XDvLdbN z_Q-you@~N+>>aDmnrm;$3(*94I=8$L%|$7v`yIUQk1Lg6r-!HcqqF0>>+*#&9O>*0h_UMcI8)X zk#E;B`*f5a{NRQruz+363$dVD6G(XQHGQ827SX{&My#22`{AA`c~hVJKD{tsAnbht zm9F=Rx(|hIssAACh506z)K7YS$@wl@o(J_9pXu5Xk(0CZ{pQX>s19!xu!mZJMU1_f^5tntbV4C*aT-DD= z&ZzFffny&R3#Il&GK`zY=O&tvU7!{NB4Lh^HxdrY~{wf^8Rft+FU zl^M>FuI@{ny16GKrBt(g8z?iY-`H|g*DnC}hy?CGuS#~&I?&sU-(OkkOwzc?0@w|) zSL?_AL>Q|ViML0kqK?%~{Xu^*5QCn&_&&9dXfp#_ZYJKABN71h;bOsS85@?c0PT22 zQpIme?yQ@sPp8|nH;^~wh~Ep7s~&qC2I`H$ujs1B;px7EpL4x;GQS0ks;mxD8L#sq ztK4e}y8tQJPlxFAv^H5DqiS+p_+6AHEbnJ>ob7Y;y8~2p(qBFitX5(SzqCnl1tJC+ zt{qg{(j#7}I|^sg{&2zr-dORo;^)L^xF>uRirY~$9Ko1WgP-KEShLWTJu$1NRC^l; z97Jx!enlg%z=k1}h$@6>h)6h4^XF=yMiZtC%@B0Oukj1Q!m=myRmhmqX~zB1lX?1m z!}It1bbJvAi)Na&^re7i9Eko3>6@AF$I|54n^}qH@3>qW{s9O{5Qv&RgaW62Z4=`$ z>_lZ``#$JMNxS^0>)~LnFLn7aInw{I=JKl1j|%bB=R1!?3U2vqjT+z^Nt45m_-b9g z>ATQM>R`;ZcQ5$y^7)?h%Nrc<%V~L})^aK}_xfrF>v~{32j!%k zZvL1Wad0=%;pPtlQEk(2+13{HLWveYNl9_( z;<1%aHO``~AIPu1XJvg<`NU2vUN&>rss?yYc@}7c(yyC&iP5yAOoVM3>Vrk@?PzggElhh8w*s!ZYD+;x>D9~A#s%c0T}t$K z^6ew?o;H}T_mJZS(U*vIMv!LuHD56%Q;F3-S?b)*>y2H%Wb;n!)V>#ohf$F3@4c zv1SQu$5;z`CHMJt#b75ca{RBakxw{-PgqE^gd{0BL-2zVcqmzGD#K#Qo$5RZ`7Q6OyJZ|6T z(YIm0oeqyTIXr`>hD;FpbJug=pXLhSk?*GI$#;LduTrjDni4Qv=Kde6R+Ub_wcsL? z_5vBOwYeCWwi3$gdCNG10$@gePi$~(S-q@nY_G(nFx*aOHSgX{w;zlSNi~Z$w#1!M zR`LFPIY|5^*k=`f&H-vtur;3*R5}+NFfOtS=VE+spDQS=*%oCQ?oa{y#r)kkSv;~6 z^;9`H53yJ8Jl04xb}jr&|DAnDy`gUi!NB3X-!&+!WxZ|-WOSVN2$|7EbZ&4w*BJY{ zOxm`jkCktUr`}@T(XVx9^es0P;nB^u1Wmlf(Ko-g?0u)#$?| zwAu{1z`lrQqmr$6Z|VSV3-|mQcgTWZoa?1AH4N_eXQ(^KPOB6+yTJe})wTQ?w z?olRihw?!6#0PH^_xbqrQp*;aeh^{VgbB=;2`Z3T^3H+qwY+XZnU~9<@qgHOnZGR( zN1urJP=^rLwjlC*SwQpF)9B;Sw!XHZvHPk}q}!-rp5hwEHx>dyZH=%E;N8SfV!s$!s-5k^{mh>Uggog z_!B-t?U_Q@uo+=)562}4U+C)cCJ6mDMwKe6wy;QEypRW-JJpw~!!<}#?wZ01MBqAJ z&N?G$gX5UocW^~W)Vxn(>P>Z^9ksBk{rFJnWVPYE_uAkT=I0xQFpoUNZ1Pd={H?}F zyWfH9m$k2Zm7M!Of>v&Rf^DRwdhp-B^SK1%{WaOcnE;cayt$ctx?LgWt(|*_Jd2UeLX?H?GXDM*LXTq=4J~h_(15G&JT4%vg>bNi#zT?fo@GM3B?R$A|@G6=6c*j zg1Qgx<8TPTT$vGjx$UC^oEW?+wH(4G`_5BnLfF_> zfAs*8Umg$6boR@IrM|~W4z_WcP13RifVCDB{YXQfey8_J4y}B9 zWDWCv#L|XLy<$2bVCdbPHUE=~i_U^EtSs#!eFeYg&EIr52f?|e7VUI_kruYE`L_oi zNf)ts3B2>m_Q^|($O{}pp!RP%(Y+?lI_f~5TlNnTSxC*a5aa5sXxFA%jY#6b%b7VS zDOi_Xirn=c(jNv3ky88d!yl3@;Fe@HLUOhqUzaj;w#fDb;MxAL zU!JJ^)m(1~xjwU(a!93VaE$qSe;9elXX}Nm`CSh!ooVlmcxg`pIbgya$kfj(Qjzyl zK{J-j5n~>m1oKg|(nK~P*C9QxU+a^8meD@ptu?Wt(|yeLvhB_9YhE!h4F}O|-n&80 zbx7?k?eA&ZvM;Z}sJ#|nh767m;vwi0hDzacJ8(uxbIHa>BFmIymEd+n5 zvTv45d~o7t+>MeIDxa_K!OY>Ct3t!FvU1n5uH!yAgkzjYkt$}Nh8yc8@rPG>f$6BX z?d^vk%;#Z*sqNIRBA+noEZ^zsNlF_3eWDyJ86HzJ>F%{)&VJdGaNQR+K4yV?y78Y& z_VY#hIm-&G1sNT^yF^egC#`Z(Zx7gsd%>r1s+Q7pGYJU-$TACiM{s{ICq9~>RRQ$d zV1SN%`Pr-SCVBhlUOrw!Hub0!g$9RR@W(kP(Z|S;&nS*c5jo%SFrEm`q0ZP2@{l|m z;%Vr@9aycC^dk503Rh5c-AIr#nOq+ffGK5Pj zLy}EUtNnib4fY7bJI`Zt#0LTvn&Grt$E6Cb($igf zk!x3|mfr~C2TaG8Sk6ONCP8UyA&QwtC&fu=e5le8G?W{H)i1)biOLi9czdav zP4n6#uEr6TybHOimg@6EdCD(so+Wb{YeAQd4<}Q>3<~^FJZ`HkhjhB%m;F!GoJnL) z`^6guP+CYUfVk+DUXVo?nwbB3y8>{&%s}-tb(L-&_c2`>q;n;xoP^s3nzS6XSgJ~` z;ntV3Cut~h)>R81XC`^ek!Nu3$(WEOE*8Y+_i6jkx}JV~zO#6gNIgW}A+8MC zVjB-OLV0yxLgfUhXU55mi*$|OFI&v}P)^;aGh&QNHL&^Sx;R5l@3WjOD(SP$4kw*qDq!y5?=uz~OC=)X_~;f}*=KB1+^#RDnAS-zw#*74$>gyFh`p z2FwYVX(~t$&`dgQ3U}qLvw6_2-yW{--x+2rD)?b@4WDFAVT`h4OvMq}!fxDQM+B#1fHDetqSVr8|{Gl3(lL)3;R-2EYXWgqB>q z7||ObvPiSIk3-d!P91HHZH?wS-*q#pSrU)4>!B z(hGKwXQy@tnFU(&yqDaV?ftc+ZZ5m|4InmnO`zG!%lFO5-?y;r2dod>Tu{Z0DhKj{ zK~<19$AbjlVe`dW6)SaRPMX7`_)UNcJ7{SNKNWTr+wyu3THd7&qM&0k|EWoURUOI? zXM5iA8_?1^U<7!}JG|sFM20J(!e28IDjjx95SQ5OBb-YV!HvjhcEGH@rDolV81?y= z(V(QH+8v zh~(_by_R7gIA2Mq)5kj`%tb9>Oa-;&T{Mueu}94%^(Vy8T5HxmFQdmLb#oRqR~93S zcO~l|e^smN_>sq3LA)vAH{I?Ju6%s&po;`-5l8h}rwC7d`#g(p@H9eB?ylCJtTya2 z7=S4hMi!rwzv3CCu)_t_m(UxUJ#~eyqeh@(&Gi)9{xIH*UnJtTXF}%57OgKIdq^T4+}!XLX9c*JL zw9kk=)xXgggQ6!0DrX-aT95u`LNF z9zBKq1*o1+c3-Hwr7p$eBmy-Z#vLAFfVzVJDJ4(&Z|zjx%9n>1)0R&tqkkc|1$km5 zY$R%CvoHmMzuJ3eS0w?e@!?MAcjcX!Fd?wleHDtUPf%ucSW*}^FU<8R+);r^p4%Gx z4R~e%x3lys%$gS?eRwH+2?*#QD(|G$2XwrJ34U)*l2W9uyy=b!-PEJ=`V$~X!IZlU z)J5)S?KgMLH3fJ7PCnKpkV9~LF;P$Xe7Fv|Q&IMGF>Z&XTz=l;el(+Q>kfns`|t^m zqr8u1BVG}V+Q&XZVN24SJ^L1tnOR@G0tv(i>JdLXhciE6qTJz-Wlb8Z=lbzF{C-Gv z2YGQxO67g-0Li=a)di(^I92-y%|G~n_B@21?*)ie(TqG_{onO&y;RJ_?RPmLQ1v?< zFXW0qh)rP+I-89Z>}cz#cQZxm@&Io*{YZ`t5VUn=qvJrK+lt1U7(pq8e}TU6c;+N?Sv-mJ^Hx+# z&Dl^0pTEkyVaL3o=$qVQlSr!SmsWgqhez>49m09U=RMEv)D*gKb7X9m!PZDuXIXJ$UOa!2e(C_H{(f#x*4x}OtP_hp1fwPeb5 zBmo-06Nfj3J}J5gewqOseEXoeo}rzW$n*WYf%Gir5lS2B#wL`|2~9!Y(T|GR|G4i5m!c&4cASy~%S;+G^nIZi~%%vPj}IPTaydoeuIt z?*JAQ+8o58HQW=8Ezw1cDc@q@iu&R@rQW7|2wuY{Mu@aM^uMmAeruxit9*6kkew1WquSuN4>^_Owvo|l7wgt7 zZM_b**!*sY_%vngZQ=p=6PJ1Z^*|uzC@%6IuI;?R0}J?bb)v@B`eF^NdBlbHYv(Z5 zSW8=qqi!LoRr|H0KLvHMt(z%UIv1U8%oHk;TIADJ0OG8CsaUq2X7U%-t&z?bahc@3 znOGh*o)BmV0Gela6Akh0M}46@vNQEsg#!<6Ao7DK<2|_^dh*_T2yc!6XDs;z=8xVEx%xWgKpwV z)EXrWh7nv(;S~PVD7(r0G^UA!Ay+bzy=s9KHn5Qg=re8EyQ<->P;F#|H1KNWksfyMpEkMhk@BW?W!kS<|$+RXCvO}IdQ(k_A z2t?&a|MB{xFMn=Nlk`xI z9mWwJk8-e_B@d5h5>ZV|C(gbG63iHJ#>}6@Px@YePj2A2hs{yfYi1pTn*Z{vLvYKP zyR1CPp#w{MXscCXd$r5+IW*`<9;T}Vc*i6DzcZK=<=OeWsM%|SOqa^|fJ~~LLL$Gh zUp^&g$6Ta(uMQ&XGnRt{&$vf_Ay!`#~FPi}`tfn*x?L)6DPs`Y5g^ zq!iJ%1KcgWl&_7*Qgg4~_9yg(1SV*cV!vl8`a5iVh0Bgu$;YfE}U&C#Z=^7+jR(Bo zul1B)PUv~yCu+gw_wK3}wj(eofKTz`Y*tU2><1+G?t=#Y4EHn&PN$iLHc@)Y@x5f; zi0atK)^-F-leM0dM%HY=xlOL*F{p(U4|~;jcsx&U$|;B|`TO$UD6T7D{+MF{RthDH z6EzIcy;p(*2ds0yvc&enNC?MkdwAXxV_sXd;$V1o=JJPCkcH`0YVk|eOIxkvK2aJ8 zwz#XWMJ>8NBB$~stCAnTU`~BM7ydSyYP>JH4-t=pA)P^~A0xu?^Ku=^XZ|n;b7K2)<^Z3-#cmK>|7+~;Z>bt=-+ij6Qi4mMJx8xCaCj)$}+djLQP%qty>$snynC`z{URv~F zy#|ElZC{@=Am}jd!Bi#(~PK|7X9~|p)QUz)CK_HH@tAT00&w@O9R;Y3#&kTj^~-kaZf9+ z&y*MJakXj%txw{)UtjHDeoJz{X$hb))2IL8)KAwH_a`427%G9Pb!d4bKBc?q^i;l+ zm$HulhEhd3elUTeZ~2aq3Ey)VFh;_C8tkVY;6BejkR9VNjL#EQt_Qu0#Fi zq?}HMyCh9`zvf#OKK9ERP;&mGP@nMA=WEhq8784DmMRfpj2st8r@ctVu6zc{4h^FN zC;?%2*@uyTe+oj|`w`fn{JM*E2tV5Rm*sGd1sVgYFb~B8wqC45BsrHsFlma)QR9RZ z5f+WaOuQE=Pp&Fv5vLS^WMFPNiabB`x26b=^>DT!s2x5!0pbE4WWQhKXGQp4w`XF! z!Q!~@1J6E&;ZHnyB49wx1v`;T*Yc)%_Rh2w=D#<)-#7t6>#W1ZJP4lP5siGidG&2Q zm6a0dqnUoHF1hWaGsCI0XdiiKgsa1#ko+BZcznND4)dEKp?Y}ZdpAfFP26ijkSg!z zcM|yda#N^c*rf) zNUIs*{m%UjfED#PtCz&vM;Ro<}RqQ+PthM6L$d+;T2lKpy z3cY?R+$9UNlhn&2SG~K13l9y0uNL1-wP%V1w^hmcZ0f zjG1AO%zOQeW%D}^V{xH`0v?Bz!)_`c3<+MiiBsmWPf(l2sAAVc7yWmB9RHDJ*%kU^ zvUpVhWGL>*^`$<3^!P^>LyTb($Td(Mmgs$_h?Aq=>59@du zxb~TdrNy(DLj;Fl6n{5iA^X%caaNUc+_K!tupSM7RI{}w;k{jxgCu<$qQUhg@GzXP zi_4G`)0Q90y!(|7~s1YMi2Y`*`(e4VCf89S^P`|1k~>${sY z@lAMD@KT!_00A^6ui(hZsf{ePfuF!9o&+81Nr^d9sc5&|o}<#O4luUoYL z$_llW=3eb25HJ!*m#L7a`U1<~@D*5K5?+i)7&IVK@8Q}@v&tiN_AOW%l*cH)Bv1x8 zS|_7hAb+2=cpHbmzLLRAJz$ReoO;Lo2y%l;Q_BW$uX)>tr*$tUCcX}Lfi1)+%{5IM zfrKi932W=A@!8j-fsl2|2bu)qBNGFP48#nL)aR3eEd62krmyuXx+=RaNUM6Kal>y= zGmmFoq3RB~YpgR7Cgy$UoshAea;weDLO0XIaCC7Bjp8pIZet;Wk*>i|s*o`+#F^Bt zHstZ*RMpfEqmBShgBm|*aPF&9r#Er~H~r#2Ma%7m^r0K)y+0QC*pP|5yVc_k3r2&c zY6mwt-n!|5%Tt;8str*xlr>4HwYC9{cH9Tp?~44Pfa9&q*i@_k?RTU1y07|Kgky*K zL_ZB4z!lZpTYk{@qhBJ)I{Za!;u8Xu?j-qMU6xvi=d zB1wA*B_@u4m2HrLhS4}9#1;WzR~j#IfRh7wP}Uf{�B$R*D8&QF$+Na-F$TkYnl$1%^ zL)#?>MwQd4IVN|)zFs_@fuRr@+aFXi0Hp4NG4Yk8@b<+WE1h4-@cHA=9Qmsvyvkt~ zuWD}zhGwIt5(X)K0+nhWoSLz)rPj#OA;8H8(P}WHGxJ;*R(&uOGHk8*czMu8O~3-% z{A1aFG*=RV!|28Ws0Kd3Zxc|DmQExxxq;rx-RjP;Joc$P4&om?2OlX^zBen$_|hKD zd-J&_8rSC9G|&7z9NYQm(Y$`qlH??HoOwblWm4RXWNr#7;+%f`LO`AL#o&APebi>$+sJ8ttW}>rXt(A*Ocvw-S^Yp{F#eL)~LldJPs}&P8 zxQE$;_vQtmfZ*MeNK@!rgPr2T`)5L%8y4k{$cj(Q{}fHmheLO$*7B9-(uY2{ctPiy zi=@TS2!gy=>B|{zTLo%J2xJYJz(imU{QUxinSTG-Cpr@aleK2`5rt3tN9}Vr6l-I+ zRI7}jBLF&CIe~U$%n4S}^78SHZuIlQAhBu`oPEas*h(pjos$s=ekN~~Zd8EOJe%Va zujPE$Ti*82VyV1$y#!(_!2C_OSe_dXR`lx!xmOzn&9nXG={y7Wf(1zBrBopVQuGG? z_IYfIo3vyt=!4hLdn^ix`Qcgx9%IJoM$Shfi@qIsfZS;>8H%WrHTT8uH+*eeU^6xz z#Br3**i|c-3Os?YvB1)LobIk$oxl1%rGN#B+FZ&p!|TU)k4$Uew6@dyZcfEDj2YfN zc=@-vjK3IS5&{GNG`?g0`R6*&>{u+|bRe;M}}evnmyPL#`;?q!jZ$J*7UmA=vPszawiee1`&T>jx5q3fkYDTU z8uq%9I{s|8F^}wm)x|}rM|5(7#r2C!+H+wT=~o?(|^26C)rvu$=`!sfPe%}U=YmK~4henZ%H;KIG2GJB&{DLQ`Fnxy| z$LdN~Wp1<>%>h$EAMQ>u?{uO3_JrMu-!*DK=BxFwlxmK_>s?>3`!(jDo0U2rVJ|p? zGygyfiB09{4G|4e?2RBL;c~oekMwv5h^#Y-&g!H*N@!P8NuFZbYK7f9J-aDzJK?FDUN=Qi` z(psLE6S*dVHXJ_!d~aY4>4*029$d2>usv{3_hU0U1LV4Le*GLP{bNVY7#@}gAQ_o< z*vFY%SZdRj&1MRHd1a z>x_ab^T(IOA|y&u%4jhkMQv~$&r^(KH^KU;n^B5J;Sf2a!_9;#wop#u&p z*5qfcyYL;5qyBl2$Rdac!`?W*2xaczNj*i>OB~m06rESWWXePqh$g^}l8LmX+ma?} z~e;$fxtFbDTLV$CtHrW9F0!7A zZduML<5Jo>6nAC$qHe|g*AQqiR3WukFGk9T&1sG#y%#;lN6_r23XC-E5DO-HcLUpI*={ra9njxXA9-RC%&-$$|8T7uet9b=)S$sDLq+5H_Ef*4t zZP$8Uqei~Xfw6RH|6DlV^&hGOjWHx)QP#ZU5Wl6B;07s1CJfHsU$n0k|5ci(Nzct! zKB@1GNBJiGjz{i&UHs1!z@jN2T;%f(TlLO@DIcD_8u({W4g;OBxdg zVh?LuB&OfO8J?YH7h!h`f_ScP@1w;l$&srrdgWfJ0G_V&G)k5poBVqqeon{h!SOIr zbH3LtkE8qKr-Wtr&s0j72o1z!xa>2BEXw+=SB)Uvz&0mAWf{aNsTX8oezDMpE&dkV z@6Uk&o?+d%0dXH}dUs6+#2p#S0O5S+Vb%K#GdaZPmwLUrNDeHKZKIDg;5I-TIiL6~ za{vop(ag9oWqMQj_p%_vot_={ar2!%Pk(vTj(EQ(E-%)+i>kqO-kHzNWJJq8g2>v3q2$CAtPhzDU`**@-YY> zJMEd}*H8iPx65t-`aaCymmKQZ6&BkU21ILQiT4Iy!osBPqo@*MN0{w$;u>X~TQtuv?NhIpxeDAAZQHj%aI*p6cd02x3L14| z6CkPN*eo+C#t+UL8*WC3E=~mggy4eW=?ZW$2)6l)r5&nvF?#-ttfT5&vKHgp9^{e% zaO|hyg*M?3q(_%wXbA-)68@s6Zu|qGyM{QkZ~o-@^ZuG&uSf8ap%G(PZW?Dkt|d}( z*TcoC1L%I>Yqa#?dPt#XdI^CzREK#A8F@VX?Dw6@-{{;t-^Dp^lU>r#-0V~itQ41$YdsI*Zpw5b;htB-2T7~Q?nJh>aZwVO z5>RuxCtQqpON1wU24OGEI$}S%kA0%OxmwIF%ct=6`9py|AhAgHo6S5ba=mRW!=Xk$KFzI$Uuy3~8mWCn8lPRdgKP$T~I{nKOYA2%pTwUWD1 zeiF6WEk*)=e?pV=eAO*Nx_-ikQD1s>7%y2FI*f8botbu6+6{C5*1;cza=x9ii-vw}b}0ISPeZTN$pfPLxEctmpfPo>Y_j;lZS?f=&4KX2JPdy8e*W)F9$?wvT4^*6J>_yE4U0) zZU1pE*I~BYbR6g&hS#*`)4|;Y{!A!K$$B8I&a>ie0-{m)DmshLE$9V4HETyDx0mtB4)UzUlydntZ&_ z!i}DqSUmxT^|2|#M%L=}x0j8Oq*xQ(bb}jRP$;Ljv<(j0UA89Ie03JcxtY=1(3{s3 z2f!h&iYD4Ji!tHhdw~Fl*tg4*Tv_R%Rr7p>WZAf#U+6VS+|m=Zz5{in@xlaN0ZYz> zh;xM$gug7S2DBo*(xdhgGUbIIr8T2&QUmmb{$Zi0xlj`-vLSQtpsXRaVMJ;Ui4WPj z%@f&T_$VJVKRD1?peg@DUi1*EuyLV-(Kdp3&YAFh8vJo4rlf|}BcF;E+cFRMqBvhG z1RlwT_;h=B3iXSyk7CX9r@Z^<$;&t|!X2AB)_c5NWL1eT2TLAm2pS!jtMEheE)(_L z36X|tt1I?Kk%GBhFM|#RpzYRInqiys!F-*R(;Ludb=tlLr{CkoxFAx<$1BjU?swj{ z=Sm5a`g|L^2uKRnQD>S?g&H9ABWxs|kBQIWa$VjrZQ0rozO(8v2j5RIH_4k{AE^ATT;rO}HJ{&Yd{4mH8t7?Wqs$fN zmoPHq>n>)}F&eNY0-vu1#0%DM?lTzEW-^(UoRO1PzsA(-l91=3$1jno$8Yiu-?O{9*Q=7PXQn>91|rPaSg~B{{xNZC?@lro)wO(Rt#c0Q z2EW@0rW5>Lqwy3k-dWM-n0Op$(LjAGt>A*}4%_UB<%&8NWLzNdfr zD1Y4ndV1fWJT^!y06~}^I-;(BC%f6V)^l#kc_aM2XTUx*ES14P7-MVi<~$zz!~|Zr znQ!`L6Vz>bz!fNWJ!WfZpIEoZ-nVHl`R9PGL}S~29+MC8*6^=ZQu^3*&d^G{uAc|8 zI?-ppZ{DkGK$OB39-f!z#l0ve{_wX0gkX(agI7uwY>gWpii31M>QceK!{EWd>Ok6hP6ZN)`A+akth-fB5ia zfQj6yim&0w}@jAaifH%Gl%IkdYJ<=+=MPchk}pI z3nOXClz#>Nm6oY8RI`ipvgD6SSNKejpE65`%S?8%QpF1x=dFiIlj$Ly-q&yS_G4{r z)8A021PsvjVcqzb8&?}+#UO_B%Y*XnoKIEr^mE8$#W6c8$*N!GeRXBrKX)X4gOFqP zLdPCXXMjul<&n8P`@Bhzzj?yX+vHakM+@{D3)UoFq;tf6+QpTE&KVMvt4Zy1%;$61 zSBm>EyB+%^D8>Nbr?)($%n18!R*u*63pG68DjjK`!RFoq0$=X0MMx%1lIC5wT*|`r zP<>!F5<)_r?$2%dKDRbu9zq;FZfUVr$kdqSPYnd8ixPF|mSYjgVP4L~<#0-4iY&2k zOCr)C4==L6u%F3<-eq5K4~Q5ZYG8ACd`}w-X``G^}SN}NvMHfQwRuVA6yehYtK8CLAh?{za zS{t!a?n(q_ynfMry26i@SkHHPmjQr?f9ymjuFLMh3euQh7n5QHlR~@zWWRfy;g?D_ zXs-LOdxNbV%yS^1nJ~Id#NIn7=JTNQPghg(g{OFgYJLwE0v(^c#2N&_sSo0Uhn*hE zZyKOSg^&HDjQ8mvzcbOoPh|4JcG9Xyrq8_RRuuM|t`qYKlg`Ok5`1+$*sr}%e>485 zUDfx48*tVH<@Zqp*Ux?<;x@Q%tv`{-No29}XT3Ca03>L88T;m`ZnQhnsN0bAH5k{#OXAnNY$ zJ4TO~?@nIt&FV^A^V}|xB(W-;L}MX*&C(zzU5#OIOp$GU@eAK)3v%7p)Nla^r6G~O zhEG)bt-6vqY6d2E={k5VHGBnQ4?Yt>U3^xoRX0CZ^tnAR91HW}b4E(=mj>jGms#bI zs15ra%R2UNQ@Y#+xmp?uI+x)o~D|g5b zhUW)_I{tDU$GG!l4o3x#lR;UQQ;}2<^|3ZBt{g${9TtH#Vvk=)Py{=!j(Dui{cH|%YToo)+)(7#2u1=eodU=ISlMxY)V`uxb!Mv_{(^*s zg-Nq(bO`iNgM3vA+4eY=Xi^4bmOCR$h-nB9{Orz~+HXr5(C*Vb2d*oe(rR(n?(=f& zeVka8f*(tj*((T3LArVOyFOCnLhW@%TfO#`ZMp(d3#n-$`Po6e4f_(ROfAu~|C*%#Zna z+3FJ0GSPv+gRJHzU~j*vI-Hi&Fh z78Xwa@A$W1ogZ%-+qPuGMb_?5g?GB0kcBEaZ}t15B+WZH57Z%mo#K6#K3=dx!e5Z< z$-3VYfrw%tl{m0|z*B77<4I8|?f6Ty%QPjhQv!!_0Cmfx=n(uwqyT#U*wCMFPbNV? zu5U}0fl+@ys0iz>x`Xk9BQw?_b(~J_{+44Tc3w7p07*vgAtpfyr|&O=84sZT2$+Ln z{cXEP3p-ZN_)sohzudF3QXBie{3J%l>0HH@*%Tu@&H>)>vcGDvmdW9p_K-kcE-U-= zu%|vQqC`5A?;(-v@`0QAbS$C&ee~MFo(Yan~?aGO_#6$yB*9jHgV?0LR?_74lDVCD@x;i~j|7^0Q%O!Zf`4?qf z+{3Ud(BMPj@OSNkcyc?BxB3h5b-*r#cYefskdkkA`BwBKcc=|N*)O*}Emk_DCt6(k zYRxWlI0*_;X5Y^Y!qjKIzh00L%aP-zs8F%20Pt>#f2WV5`=;WU7`W6@MI2!|N)V0& zcJ1`>na}&`2;mGyZt2YSeh1! zIeV>Aig$R1d%zVCLF0K$yRWr)-rA>hNNIGz7u2rL{m^j095r;9u~37EQy}WR$9@SI z+vQ)pR?xw46!x~ynh{Xk9jY(L1L31x^yp!2;Kk8z8Mea!NXX;cdTfAGNqu;o3Tdx? zgwkl^PQR}x;b>uss`H>fy)V~vm$z}&AZFrpFUA)}?295O)5o96=G1`&i^*T9J$_zQ z$~KRe7jc1~VGiSwr?ECB*@tHkGD6I2)uC`Hgv_Z9t&TjtwygXwg{VF7qBH9WTe|1- zV{%5pHRoM%PP|{vHPD#P1Y_B^$>!lT*mYF-e!@JnR(+GmeWjzuflrI0P_MMgq5OGl zCy;!dvf)mUZ4^5q&>>6Y;+0Eg#^2CYnO`p0jUn%8AK_UJ5K09XVAQEp^D*Y;&fYYV zhWGoezLX=}&`<9hR>xZj(PuAESoM;YiF1dSp>vWHF?x9YS$RNSKz&=+<1JAOKV{$i zFSrzzsW8s>H&dBw)c&OMb~Za+vqhLUKU=RK^BPl^X|4p>{eFRjId#@vT>r&X7V3c|ivF5$Pi zhT#7lT?8jr)QH{pcT(Nbnzu${Z`atnQj{Ek$6$G*iWVnh(Q;*>E-&<6(jmxeU zCPH^-T{WsWqAqzeXsHbh@>xRhaXb+*IH@3sh*s>L3;rmi=cZ3`cMl)+=8@es4S>}LaN0sQ=_c`7^aKS_3ys9X5g#P`ej^q`{z@+0 zbpHiNsKld8E~TaJNs7#ZE%g}JujvRPpy(DF%WZp-YSgDoym&fnN+AA~=m3K1zV?1`njP`w zjoudn3c5W-_VnF_XV}4dfifWfs0hyFbA8VLlwZ%bZql%*5QGEtN5SC?-;u7l0;G z@o!V8Px2_Qq)f|{8TBh({#_V%dgc*Z-0tl2-7zKi@>>Q%S+GB*;hKd?CBK+6DI)WS zwzV?LEP0YF1gR?OA_P3PS`}(t$I1I<^jQBX8*W@)nVi?J(cK%&HnBgyydPu;;cHMB zsFCFX#&w7-?+?+13p9)CBVo*|hc2yFPvP8|fIAa=c{t`vEY{#TT*z&I;U8rOS7^ z++NHemEdj+r}OgUfXyJJZ!!n-YnuDkTc23w;13Ux^`QpPxE9u$14j$_aqFms(|`;@ z*WR_%$%~x_+sgO0uX$GVJg_(Jm#5RXsj8Q(XjC?18C@UFQ~0_znBDoPA0>{1mt9r9 zQx%qy#(JgEmF@X;<%3BXUiy^Cgc)Iq8fKGjt&M`zUKrF`?v8{`G@iW?d#Vb-w3GDUtjjHgSS3NQ6zW0UfSX%NI+RaN_szV@|DZBv#O~p4j!Jwvi zO7yx2{VN~Ap9TBx%w!c@-rTb;h6q4J_U3PwOIXxO$sUJK>FhBsw5z}Ccm68P)#iJt zV)PeE7Tdw(2CMcK6*BfT8Qetw;}MoGY)?em@KQm73#CR}N-Led9C$9)9S#e;)5B?-}CHUI8aU>tE@bZ@e>L~aDJ;TXxlP= zXmi`v3`h*spF<x~)iptP=q~(njDENJ)>2h5`bRJv z*xExK0a~(zg5*}Mmib8E@+)caYxux~fl1@6Kca{Brt70!X#1@Z_l4)yWp2VCWXeB3 z>|)WOVP)uE@i0A4Z1S}(XSfwq#uefNlwKmktVJbh+ECVYzpOsy9-gMEf*$k9d8?oe zaCg=rT(6SWh1piFyje?AKtoQStVW70P zMLw9A8GXB5;_!^H(St{CvvG-ZZvAI{Fs@_r8wNS_hN*zlFNc-_b@wjo8Z>^o06mxh zPq3fK(G2>i_=_n1RJF8iU{vHY)q~rQGd%%4*88FKSdFMI;vxE8sM}{S*n$lqo?Ps|w3VJ*GjNN0@orky8;D<#!0T2(Foa@(V#&%UiJY|m>9eu>JP?GBKYh@c(f zPaG=M8IyUxZzKJzhysJ$Tx1{UupCtB2g<}xI zfTM`FF`1{Agl{VNI;^(mhUVX;MrD8eX+N_Enaey6rT$NmFXz?K zfRE^bN#{~8GGFb^!Mr{BXy%EUH1j39K8iv-Cmqj>N(oG#vb_okfw9FxW!Pa?5Dr`(!MIf{|lZ$Lev zCom6WcPHL3Nk2cdh;u&L4TpK!8#rYpo>N#pCNkQxH6wra0-V~-&{mm#kfwa@moJ>4 zi;B7ygR7%9VV-rz=7Bo9rKE>4{vDwI;z{oeb!b12L&mE2`#DB6YRmVo1gG8F_-V@L zqfK)RJwf$=XkOi5pXJ#jzT0rN;P`THo?q+QU45w6CiqeinwjWCB5$tnlN1|j_D1S{ zSgQiwk0Xn(Bfo;cdK2h0@1+UeEYCI9mH-%MM?m2Bh)gud$eZT@_g74HaGix^*b}8( zM~`0ipy6xTQp_~;^YduV@fWr?Il_OEj^~Uj)01{s_z)5r=QC-p#5pjYtzTICjzo{G z2U14=;ld|q@cp?PDtAR_RBSGB0&Yrw{h%4-2g53yjxA96;_ae@mj*edn9GMad_BHn z*FuXT;|BiId^R=v83BxXRvRM7UPq(JiH#1!S0zCoJPRQ+Jx&{X6Og-V8r1gpYB9-u zyC(J@p!G8Qw~Xw?Qx5RkI_k~1=dY=|8PdGpH!c29d$fnDIR4_{3&=LBxN1golXRc> zaNlyDKf^aY>&-nFw(K`(LGqmm1T#4nSei~-dq95wGp%CgJY zL?CA+pIRAYryW>iMAi-JS3{ua%4WT((GMV&$ZJ%4jOqM~XmzRT0Iz;?aEN~IjfkG> z{CXoVeFQ4$?`uR)Kw|2+iv(8@afO?g+f4j#PMcQ#GU_xr_e!%M#0_I|}Zg-bKi z%=z_G6-8gP&uzjolD|#wxutv5X>U7;Rb==7!U|sLfgbjIxr{q#eEFRUr4_I{i}g$e z!{`V_{-d>wWFdu&M{^YczdvF0i|Ezl6S}sn$-LO(m3)sMtPNs)ja1@viVyaDhEpVM z9s)_a!p8v575VA z|BiE1!vS&G%VZzt1-mWoc7z$J4%3L#__~$CHVntwflW1zeJojD*2h2VY@0vBlt)+_ zCoIEuo}DolZ>iC^&x9|c3k;^LvTF8Qk)|5jF~X0U_A9cL0=#q^)Q3^Yx4%6_|Uq?0L0sk+mE%$x`58p-nWdL9edHH%OhnXUQGvG2XGuvMY^$tVXhf%)l zQ^k0?O6)Q~JL^sq8KcHPs%9vbqn~RQwWKxFRLAr9*)RRDwPeI0Zb_ssjGK8d=^xd{ zwo9@*{ETW1zZ@=;Izy)5&(0C%vg;TLeRR&rN>ucseONh4&vWqU{evqp>*Kw7c!e%T zsF5pK_(@-o9zgeC&d}%B>x3cLnDN&(gMrNa8CglFH&%;4OeFACAr3QtclL%rliN`_7;CIEaAvgDR2Ax zsF+i99-qg!>+xb!l23Q~H8s~kEmWvC9rxuVFYjHGeEzsi9K{#=pyC{Rg|4Ihx<60- zCd|p`nn#KS@hUiTgGrhEDa#W;F&Ug}y%>M)j(a3hkupA}dfhx=oAAq)X;1BxUAAH1 zmRrNaQYmZ+p^iF8`8`lU)u58yud^*u&f(A0yd(tAub?^U0%&~xp*Qgs4tS?#%CpLH zWbt-V;p9EQqbz3JJ35x3`*oL_3oU~$g?e*4zFnF%=Iq@cTK0D|ySLgL0RT+#`99Bm z=KL;T%IkDl?sIotg=v=19g0$Ize+LF?w|aboV-L>KQUAw>m0s$L<7N|SB!8)>s@OP z?*0g=M<~@~T`e;`2iFoT5QzCcw#Fi`BYl`Fk~nUohdBF(un7{6AM-;FoKh?f3+f&M$KmZ{3X zm)mJ-W2fqiPL|n$nzj$&xt-)&(vxFsg^wdU*8>l~@A&na>K`Dg`+b4x;Xd!3hu|@W zw})%D$G#onhCpOAAE8Hh0N<;o-cSDxp2VN0o815+B ziBB*4d=5Y0>eBZ!D`5-ISv4qG-=?LuV?@%wxHHG@PuR9Kw%hyeT}_j_peF2zm#Z{r z9s<2VX_h-iWM==o4}Uf`ZokvtHhg&#P6AP;@wL=H9oE$Y3?A9z{>@)c@6bRBYV|%} zU4oyvvQOsYe9;){9h*w^Blj_box><`LXG&rvEk_6FIO|c%hTBjYmuz6jJ212amNp# ztQ1OQNYC>JcpiAQaE6xd1sj+P-f#*Rq1GzkV<=bS>R%I8jR!6{zvu2gvDjtvX#LZY zvaWP@s6T~mwdy;Qj@I`iIrsDPJ1=-oz3S#-0!9gy)uePT$s1zC^JzE?zc+vT2_rtX z+MiGRs?g8zxuMH_F}+>6s~>Z4X8UIA<;5*7K?BV5^*+BW26_DsX<)q2Q|5CkbIM5< zdNPL(Jzrx&^WQy|y0weYwHn?m0G2)a{1`a-;&J>K&@w!*uSYhfP#rBIIkIm)sA&D+ z;xQDpNX8C-dioFI#!=ApDgMi~`SLZ-C~yerFmBhUa>BBqQbuZ@75di;S35ZnNGKiq zAbj43O}w@w+P5Ty5Mg9a-?f#|=tzpUGs}?7U?80mhGA?}C^i)7ow-kV}GXxatFB4pkCNDP!@(6&P5nT z=BIx@cV3#b3Fj0wy$PBlUT@g{)tu`D?EG?JOZJARpZ6s{GK08})I$tvnGPlp)qv7@ zDS4}_AZcH^VvC;7P-t}`;gVfA8+D5 zA`6Y@ZZPm+ocyRrr}>o41h*bXKb1f9a)L7=Kst#>KZ`PAqGEq05gq7qgP$B{)*zW~s+o9t7LjgH5}-3;ZY_kzlZPl?swp z6tb=D+kfEWW%zf<>hb&r!$4dpj^XR8g|SSSW87jp7Z)jBh!YM|?gVs44A^t`R=?TG z5~8(pRhZzHTLAvzh$z2qx0CHU^(}^am<>g@V7P_K`vMEq8kBB9AY`qh?)mk3%5VIQ z#q~Yc`hkBi=n%gyUoOTfGZc^czIqIF0MJQK5-Wy;(ZF3$G)&D<{nT&LkAMLH*rHr@ zp&|jO#@Q3I-a`feq~l?hft$PS%j|n{QC570`yf`2*QJvq+BmBdtPy@t-t6B_n@jia z_OYGiu9q0Jbu3;^by*Il$$iHV$U(jpr0hL0LUdZ`I}%*GNtr zSEsK!<@dpkkcBZF_){P5&Dov*#@m7}Z`y`mpSX~%i{5FgekFR3ne-c+Aw!%{#8Yd^ zdCDuZzD;S6!1v}a_dOsZ}+`Qa%bI7z<7SL)xE4~MhV$=Fwx3c(jd1ba3XRmGk5un0{H6ke> zWraIjI?fPJG%4T;#OzbzLu5*%K9z^RHVR{Q#%X$vH58us7mOS1CM|SY>CX9PJjD$1 zK_9r;zj(RgxB5|@!uThWw`;(PISN!WA%mmgc|lvzD%6yV1u$mC^S%mGo}6#6jKD9z z>DLY?+UMM_cTWvLYf9osE!wFZA?WvH!~rJsGpf@Ie>=Lt3i+%vMC?w5wQp0atY6e4 zbkgK3QtcCTLZQb90kFQUwZ($!JC;xP{K88mUy)ODm=`LGSmK%pH+t0*VT(bH>Htc+ z{sR%x{jG?IBp2*(CCtQy=w$-)b@S~UL zx$pB>Uk<^{YQ`0RKq0JugyGwyDuxQ>dkl33GfG-UOmW87{bYNeAU3Q+e@b9$4-yL= zE>pBZbgDh?3sQ^X(1dQ#L9dxI@Xhu_GqZ3`0`tQPM_MqhxE`Sj6+xlAqtJGfzD7f> zY`%Y`vq|D=f?n_IShhbe$~5fb z1J9o!>7bqX;RKVYtX8Gl`Fx(K(~G6~Bpbu)=eNsai5di964yRl-DRuZ#LdnfbC;xk zzuG{No(c|WidUy`DUlyY`UBulWz7hbchsHvJt4ZJI^P=eZebepEv!& zKA-WoepHW3*mr4|^7ktj{7!@qH?O<*Zi$aFCtRBB4lkQ3;T)#|qckDj@*XWR?3s&OMG+=_ zgdrL{mWvlmG@$veoI5llmnu971ibDq+29%RnIl}xV2_rWqw;Q>L$B~_y{jOI zM~`Xc;h_!z_kGN{pK_+v_qSsUu1EE-jZ$<0VKcV@C*!8dyOSb&61-3 z-0J3qWQve+tRGbMCi#_D7|+kVG4ak*1=HO+556_~7_?wO;=sBEQ03kw5-384u>f#V z2l@_Eki+@(`%c#tBpkNr3pf(Nc-rr)v)X?gox0mkTceP&s$!fF_{S>L-xa=@_}ub! zX#TojPZuJ7 zma5PsFip_E^ydyJXpr+5n|49T!Ew*4!?U+kMa@e|xY>D-7xo;Ev{dP@+&biHe+OiL zySKMueIrUi%d7Jy@Y_BkOd~~>OY`#WAD!3Zz&#~WIRk-~_rM6jAGUiz4+rOX)B3m8 z^~%T^MZr`T57|n`v9C^W8njD`)akmO_6sm$lBsMj_&?<&(fGXzA-xFm$sZjZ@Mju- z*#iy9Paa9XisD!p&i;=VF0dK80sZ7$&CgGq!wS9g!&Jb;My!Mxi=o;Sa3djdF$uvp z8`e_^=nQ_Q=HA@SD+jC=p7Yi93Y7Du!~vt+q1Ub0|Vxr-(T}^9O{}hSl9#o z(t+RawRAAl#>srtgmXg!Zq@+oSrZX~>=)cTf36Y87WBSIrdIo=MEkEOmW_CT-Dd)M zyUUc;lW6=-cRVW2jJjfdQUke!w4!kMg(^B~1j*k{zkZ)e9(Vb!^i11X$PzO0t5psT zIgO|TAq;J%*Y06niTSvEMdgp!YC7yGYQ>?Qx{^fRi98y#Ro0onxaX9%mPYg4-oXkQ?N!P zpXi%5KM~oJ*dn^}DN#Lc-2TbYJ4%3cTXuYss9k;;^hYv+!uEMjb&w=8?z3O=$Kye} z%zy-LyAAugi3~vOc%3w8caK$a6!6{6iUu=%O0d9zwk=tNI8nd`q{5et3eJ37jJoTl*8K%>V59vB`b}d?XeI6 zVDrg1RSuAbIZobi`xHTJC7vJj4S3{d zJ%_=ExG0dC#>+T(Z zGHstT-?*c&0i`Jz*EdF*tJJ@LP1>95$M1CEQ4S#(){v?mHg$A%yZZZz1E+X3&igHV zceyeg7V@XPEOx&=HwPZ_k;pzU2~|FHeRO(Db||wLEM}4&PiVtI;2tAZ>=P^wUohjD zxnY_nPDgLoevxo(MSa}ctkcQ3P*gK4li5yh-BGJOw;O@LRr7CYq*auKbaa)R2BwJF zCa@}|nq`DLL|QCws(6DiNOOEWo~61KM|af!{N7+UEPf32yN4R|y(d~8z5tO+@G)^< z^5&MVKVbIo7MU0bc|q#R<&%LNh$i9z9(8TTgNsI7dkC-qnk?LzI^7$WP|v1a-zVpH z&0UJ(Ol7n6y_&BVv&b)fg{88vjxXJRyiQ=YUN65{19f^wo?;^_raIgn7)#>dK5m76 zC~jN@-4^P7KaHQaSsV-{|Co0e2;)-|w;PUp`ZW41_(h<{8INvX2qW%;n_=NW?RYg> zi_V+3mlpWZZ;IZ5&D>1lwpzf$O;5by(Vkookn{sRV9TQ9EPde7e4Dj;Pz|oQ?SJxj zN1hMomR|VtU(_3F9d`nyuZ&E6X-C(u_n<^HCsG+-JoBQPi?T-+*RH8K`NBGy$qz^* zx_idDjf4-C#4?b=ta@Kief{mnu3Z94V1u)h#|hjUcGS*Qx*Uaq@SqZZ1Y${^XjW>q ztlQ+)$iCl=(@EI*QPW9C1@Z!$mAGc_HRPS`@ukVbo=eO`qYiyC1CX@eAT)PAOM=Ij zt8;&^CrOZvMyiZp|4>%wcXmphXGlR=qd7hH_0N9qg;#a_-JMY@x}NwND9O2RNPr!7 z^N@@#0cnr8eLU|s=KJbLNG^RY4edy!-4H02zQYzeqnePC>to-zaM8uptYJ#;E;!)QhH)sy+J-a$F{nsft zH`StEVWRT3DxFlI%828(xM}_-<;a%2iw9E30Y0G#Xxt8CPS?4(XbCFv@xxFz0il!4 zm(W)TEDWmy`}luDYj$&4_& zBO}V2Kl?<%)BCIfEC{Xz{`~DX6{MaYaQuz^Yb(X`Wc!ksg9oUGC%HeSvxI zAIAZ+qyNyaJ&H+KU)l4CyK+CC(~xZ1JMjdq5KsM@9Oo&c6)ppc0Za2>;b0o&mW38Yy^r<6jfmLyQ5r3(>RhB;MR1 z>nNlzoQjf;aNI-dfr7 zD1|Sy&At@n7&jQ%^`{klmdRFpZl0!Ba2N-wgAWA%xmDL;d4pv2U-7_rb5QN8F>eZ3 zWd0VMU(icde1>TNK|UDctRIqIZu%kY4+(?nhZ?A^{Fpo9NNw$3FTHI! z!}3fUN4+`t5HI*9EFriH3?O3rkIARp+t(tO6rlc<+)9!CS-~cDH`z^&Z)~bRiSUwr zP!s)^^-eC|2B@&|JYc5fTSFsM`RT8C2^XiAc>PtvIr2w_uRR=-T{RJx888vShhd!X zgYqZ&PO4UeD&)|8Vve%zJ2nBn(qC~CR5_`DYm}_<4gB1=zBe*t(55M-_4bG^;^6Ip zhbHe8iIZ|fUtn6xh0c%j_je#J$AsrrqOT%h-&8g%mivUJ>$$l-?{GnQVYk29lR@mS zC&7+r1Smi-hn1mQ12+R}o5_i|NY!ktwVbbG6Rs2)H!AmKo2}Ud`-6Xgpb=B@Ox zc4IO%NZp(`Kc+2%?w_Vr+25v{GA5~^l|krx?Z=1x8@IMv(}bO3v6pK&{hh}OIj2sHB9PwPoWkS?hG9<-koDKFOKOd(PP~@*&F$9`m8-)mR(hVc zUg~MJ0O)U`d%Q%wNweZ6NhmZ)8$nwPgdB6}IP5}asE$GZXGmnV8%xKpz+slD zS|=t{AfX!gJ(8GXpw%}?U5G?2hj%x804O8wCNVex)}WfNU;HyzR0l%Ni6By~M&Bt0 z1^S$Pu{+;Ud|tfUI#LtC*DkpjYHyz{S&3j0CGl0FsYM_8xEU*4j^j&z{v6w^rsGT& zDNnNJ4lIisquSe2+T^Ew-Tq`wIJ4OMm8x6VWP>A_FD=w8GAP5V(6`b@XQ>REdeiMCw;;rK??$nni ze}6bv@8;YB&O~GAnYrd-sv9w%utgPU*WwhMIiTP00e*j~3ht|aeN@k)$*buS5*}(s zy9+ZNKg|4wW0HHVqgj%STk?V8hQqAmWlnkf#3a6797FGU;(ojq?BeQbb9sG&FX8UJ zX)(IEWeQIY%gxQqV!r9P|`LzJa()R?dv=q^@lm~p54(o4}4v!?}=M}9H$Xw%jM5i&iFGCIl-S_W? zLdLB<$5nURfS%hLcF9R)==x~^lBvk`woZsgI zP}mD!SH#8qeMtA(TGMMgZp-uw+kJ(6IPytb0PxABRyxIt!hLU%*-+g(9cj8#mQuG7 z+eil7w?*~5BbNa$%%<@$1*Zb`Cs*Qnk(gY~{_G+%%`f>qoXQWFK4M1+bz>;Mhm{@$ zN`lzn(%K`VZ64wm|v6-ifBgFGv{}`dK#;YfV2kKLlaJ%}ec;IZ>PJP8dpVy-KQ{}6&k|%|01Zny zxo@BFS#A2cbh^Yz4*v6!!jkjY%eb2&d`1tdYknT@?|xy1H{_k0`_0F`tKJz+Z>jI| z1kr+_InT1>lO*);YlU}u;6k(I>Y8r{m>0ZJAR8Ll8A$q=P=fDaUj95a)iM3VeMR`@ z062K+6aLTZ9oTue6Yt9yJ29ne#oDXD{1p3pa{4{u>f6Mxh(89{I@{tq zC@<dd|^y^DK3S6b0y_~8$$S=)3S*m41&U3cc4_X;hLse_N;93@K>&pc4 z#JtC*;@Ku^$hW7#2I1qYukO-VJwOCgiA7P3)WLdQMKgvutW!Y?u-qJ)>fb3sUEcQ>Dw z)Oo3$tn(drOjIA862^~UnUr0ZMQryEsrq}B;NC?Jsf+hf69VUVYo^IrqB)G;YiqAv zS|MoDLejTkRP$RWK~SMz5Xls~qix_*=-9>my!{^KOW)>~`1^AZBU1s@-p>FfGp&4- z@5MhI-QPLy3Qo;@CHpR~J2+Sutu04D_3kJopEJTZu{1pHp7--U$nXKF#kNSSXEYqg z$+vjys~dbtXgtHYmr9dQzL{Z{)R>-Dn$>^)AiGWd6pe)&uwp^)>St|@o}A*J$M0#K zdVqs5Ru9+Iuk8!^xVa>lr;qTf=6f1{7)cfJxit&>-t7U$~`Doj@UFse_xL+8}~0-_9=(NCy$io>3S{-Q{s z?(~nI{YMz6kW`0kw)eQ>&-aR7c&I1QrRuo6pekFsnX;!$h`rdOR>$nTZ*Vw%mn zE}V-k=xWk#(51vhZe(PsF1H9ctL9~c4m_avJBhLqM>p@H ze6NM zwNEFAPhUM*I|;p@REO>P6~Bixr;Gbnu8t~mCpTXlH8O1la-Cwk7LI(vpP!DPBV!MvVyRkA^S+!hxL@r4zwQUS%*VcVN8Hn@&iMM! zu15_QPVAXvg_^Jil!{OS-2sUW_o76XyPgd#+dyZZUfMO(G3x!OeWIDcC%gl~(l)h> z3TFZwOu*2@IR(ruEvs@Vqe+Ilt<=~8Q+`q87JgB6IR(_4F}641*#Y6wmwQLNYBk}m zP+{6{U1q-_UP(PsmYmEd=N`7`zI@EM+}z(}PR7yfA5g$Fk8LEBNyMC02_169)0m{Y z5=-{$K#>{Ex$-l}`aoT?hOf#85&&Lr(ZD+B%SCoR5Q=#of%pK&v=&tknT)(D>~l42 z`^Rk?9m`6U*w5M4eO4F)!h=+Db{@W2Hf9G*-9AQ~yre7KOR+K19TCvUM}eUoeAQnQ55xCPg?<=UQa%R;!02qm8KZ3a zX*zzVuvJpTCY$qy!1m*+uTf4XhQz*TBC-PND@QNG*Hhd7$`;bE)Yzrr0OoVfGnT%Qwo(LR16;XjvsiIDprOey^; zv>{SMzAGkt@nSq&wO_)anzLU35)R{zo+Vpo32h3z_$?G);mDLStS{$_!Z+>TXaV=T&3;$qZ*B>{OeG-ls##^&c#%ya$m;plCq2^#e{5Fc7Et8%`vmF~v5~ zptmb$_v<91bJm80(ZSE^>CwbHt;_R7H?BR%!V9i0r;wSGMDqQ^J>Ki(dUKf~t%vH{ zq@LF&3O(V-n%_60zA>k{j-F)D`g$8uL5q2zAqb!udnoKCO0dZ#I6(WxSD~|$@QMsL z;#+GR;>v!VmW8rjbnY+Tp2+s{80CQa202p4oTaFy-EuUbkRLp0E0GV>s2)&%n;wnD z{4PXr_N`Hf)`;sOt0x`%g+nsZOaS1TYbPAJF=fw=q}fnt@93%kWn<}T<*bp zJCs+UGoKf%TU-5+l0CqbEBIBtlePG)Mzu#2!{j&7_gyznpwDu|wCZwx#M zDbt2;zCv$JCV2W<_50wU&Hdw`Hz0ZemKN)@S&$p7iUSgg)JAi<;&r|J_MWywBh}h) z?j@1=+`G7t2r+qk{=pZ1`rD(M~V&$^I@EC|Q8Z`rEX! zf8fG#@D6Xs>IglD@KB(c)1XaYr?N!ZR#p_$VI82$uPUUgK1y+4S!Gn^3j27#uU&qx zU!SyM%pjg8IexX_(+M3qT+;VTooGN&YO?xFhrbdEnFdR0yZ$?5t1ZJk;W99j7en6Asg^d^<`**1oCO0*P&5STmX)voN)>Fwc>S`wd!ht7&ip!i<@zJ|srjosvil^iDA|56UL?h~9DhR)y>tt(M$$%>z zf?W_-+56?SgjuV+#f+Qu2kPRAi3rRl?BFpE4;(C*$RS+GWMR1=eAwVr4%;e{`wT;f7dDpIF@Z!c%~1t+_?-kqUzy81-@VSW_4^T2 zhi{6lMcqt+GHzuXZm>hv;ck2m_C$)O^m1LwkfJWeHu4gvFvQo>_JmF%->#jK((Y+2ACjKKiv;M z@?*Y*-qI(eIwe^8`0HNwHeX}EUAX=9k|W^( z1$BWT-DPA&yIAUAI5*d?Hd%gG-VdnP6@~?AK8k{+5_0A7^xd~Qe+b?4r!iJ&Qn%t9 zoPSq^uK2V0sTT-NA(E~SRJDh8y;hoK5+#ap$N`p^l1YPp(?-$ z7x-~l89FkDysocT{_S28=4?vOBpw%c z`Aaau{Rqd1e7fx0%y}t+_bbmlY-|RA3h+=16VH>PwV(y*+Hn3>2hekY{xbIJ4a9p( z{rOkpSNvVo1Qfhp!ZT`h$l$k$WlPLVvMb|Wp*zqOjdx8C9T|W6frIGjNqdlI2K@w( z@?K01VYf6sR_fKI@PW*TBs1mk%g|tYW#aMvrVmx6Si0;VKfHIkIw{XF_Yulg2BMe- zDWOX4;f8EUOEAloQ>$J+4hD7&C!qVHSD(K)mWHHE5cwwSHlYBCbCBX8!E= zZHf@gY9L?40&H1-}59%L*WnJE&@O zbu$9zgU8+N!B3{M>Jts{PdwXqQ0T3$RF^fvW!_gpt~vco6ZZ1#i3 ztBFSf=>^ksILDB;=Tn84_D73#)@If3@Z7EeNEefQ5?WB|IvtJua)p9#-a6-f8N|wWEy+`bl6WL zbYadz@VdXC#R6|d!!yqW%kLrouG^n zunTI{F9b(>qOS(SDg@a7Gn<(S79;i3m^*Mzlu?@*Zj+b=ER1JebfTH+v0?10cV*67 z{mPFFJGxDj?4FN50?IT(eFx%Y|K?mi10wxN#>`v`(MJBZ63$-f5tcY0-u^xqC~Z4_ z<#A&Z53^kptQVz(BMHmT|U z^fR&{NJs1X-sJURE)=RUPaXp6B)?tELr<}N`{JSLEY2_zyy<7qxd=YDk%{9YrEjf_ zv?7ZD4B_)J@^4EV?%Ce<$^KmGH8tCBjTy&}#8vVkgBr2Fy=++Qd`{obj`V?{b~el7 zdViHkDMaHJv|Fk7PCp4g-b|XZg(5D?(CV98UW_&NlG}1|x5HyNKTOCVFddL`#)%hl zsI@4WpFSUo-vXb%vPXiufYVKf~$c{w+MU-kZF89eIe) zj|M@t3Jm4&hT3}Z{gj^w1xm3wZzL+qC*;+iU>?KQcp{+&dARLEKJx4HK2$yrH(F30 z1sbx`n3FMy2k})ywIzosgZ5x%dp~1Uv#(au*1W+U3duZ=rUplO4@KT^|JZxWsH)a* zZFn0P*d1VR8+COkh^xDMnX9{d8Q8H^(5+jsz%DEdLOHW-=Fv2JBEtPT5~?@nfG(YbzfK99%Sk;K840ZgaBLxy~V14C2sxA2%|NdU3zGk z@&uF$l}_g3@Pq*pUqus{g_5vHMv8Eq7_!1>Ba0~Pkc&)E#T950i>#sXm;`W8@G=tH zMiMZAAq`BhQpkv7)e%FCr^dUPVB0`EKFIXjFb-3gf{9whJkYwuVj?23Ea>GJShTQB zMic0v(58skwMwZR=nUam&|EGuUQ)9NLxipnPe_BT--xOND7jIjbcWC@fmRwW35x>+ zJ*427WRu7b5GkDrXccHm6o7xYa2*jI9Ys34fgKXo4r<)(AOY{SmF5N=Lq<3ThwD5`MS&XfE7R5TPA zylzCl09*?NngYxlMynskw5oYwER=@f9O%sj@@NLM_=!|@oLdRxTqL83K&N}6PE7>itp7ZF>aMuyRv#X`P}%D`F7QK63pkHnN()p(1|N98CX zZ>6P}tujAGNDvc*z`GB-sSZ2N7G$}xbkL7Rh5+i{a;P?ulb zOZ?Ew?emz;Y`xJOM<}C#xrhr+Ye)_q2gv=w?4<(pC;SV4^n6yB7M6x(2va-LuQnq6 z^;Ck#jq~f2L=3=zX)vx-Vpw6fk|-Pvk*s%wu|5(Vr`D)pGBdqKJ6Wk97}+Qq@}=1g zK{Sd82w~V|A!EsM8r7}DD(QZ#5v1t@XaLY_V^*N8#hcY+;Af)?ke7)TFp2>yjx>rh zS$>QdEktgQAhuGxE-6tiLFO88N=B?E9!SGWD1eZIEhK7REUZRMV288#b*{cx2K@eC zzkpL??2GtI7$tBgQAvJ$IBF6|Ax5MHEikg5d%UE!Srk@vTm_PlG5`GN~@QI;;uM;&P%`Zk3_@E?JQ8 z1zm0n_z+aC*Q--o+|b|?1h##Y#T_*;xe_KPDg{v&8z{E|;~!e;fEOC0mwALP9ZJOV zf$VWaisgqmN}n1&f#D!AWI-Pkchn?G3~{U+9CW}KR?#GQ36L--0Kvr92x+F6KkCPD zRUrNYvx{jZQn^5;>ehyRc0bk!TRdt-On^gK1BL)wi6;=ubb%gNJ#_SNByMJbiG=yY z1bBsyhjVGPkuZzxivlw#0B_7ftyN@KD(rrXp323mKw-qgS1Up)Mu6%AX(KCHW8*tm z3=|kAG{YkCff$g1i@fm;wAmepsDc_p>HLnkiXFhl-3A_BuL0g;y-^yFpu=@u_A9M*C2%}h{JkhUem>R5rJxU`AuB07z1}f2G(l_Nfx7FWk7a? zxK&K8j*6Gtm@Y1r%Z-P5MkWUUCw7Jk_5lSQi>I|ap|e#5y+=_O*T*8d`64f31SM{n z4KXW&{jmSsEu){-a$fpNx-N9pBMExp+6J;1D`1q5DiWM ztCCq-rATbkqKI~$8e?@tQP9>EP|Ja~obJ#my#^jZuZY?#9vn#ainL+}5!f*7YLW$v zE7d26N5GT|{XAe#l>kq$D;$?Icu?i{qb0Ck1GO~(CCUAAGEe9vVxYVMA01<>yb_EQ z80c+09RVApxoLEqHy~wefVvL$8?-u*eq#F2GMCFrivJb zYo$A(fChy03U|;?Vd|m|GQ&=B>vcW~3V1C%phRm$V_6YBFi2A+AlyWPB#4blV@O#J z9|q;;2I*QI+7t)QHed6o|mfg$$B{U|@)BaXUTAXE7i$18HU|Dy+6Rk>!ZM z_2_X>O=X*K42C!yg2aT2;?S6(g%^p!B@{CV68dCejh^5zIq@2TAcW?I5TGs7>;$nz zoks4Z5Pc#u-5c{VpL<45gm#6lXt<{5Q<4Uo=?MM`DNWVi9O0%Y;j zsiMJ%T!YpS;mWV9&7W|in9PC6HO9-<-*vQ+8Z&M3tK z-859UB`(&wfW8p6!tqWGoy%1_4b-sTzy@Y(F9R2rK^qZ^hK?L@)?cuT8;sMll4f z3|b4-QL4@p!P78GsGwLOXmZ0+O$FtiAn^RkElh- zK``!B8RZ&e7$iJ7ORv=s01FAIIKLT**;sLQJZcd+0>J=MnvwIo9*qMaaxkDwrOHf> z0%xw8?jVBJN?Zq>Axe!oCUj#w3@n<`{D5CK0d6cR2P9}9 z>?47;R@h~tM?!E>r^*OYFd~8u3w_sqr2{s>70{ZHMs9TJR4^>2`JwBMECoFxjp?_SuH;dTYON9- zW8uSmI9ZIB`H`RSaeSZ^B(Nih`+@v{C;k8OWB%Jq0bxh44*vR~O(dWL3x_x{|K;YW z^kNWMVoNka6kl#Ou-s7!d{h77%|!JE&@y3)ae#D0o|Q`xa13f^0EufP7@$=EvKcfo zE@Yln>eqWIZY~u-?_{zpL=6bp%wW``jS?JYhE2w>h=CCrhtmKXM}VaFakN1JD8LI* zI3^^=EmRZT8fOPxOeBLwWSO)^6rDm0hg?)CH%>7HAv~fIo( z70KcPxrkxF$AvU5q%RR3E6DN~gaMt`Bs4;!7Lx}n4-@5)0hZH_aze|HGK>@3ku};5 zBAJSqUPKO<%*bg0okbrP#$0ZNCSq1Ou@<9+8lrikT(edJX;eDT1|b_>M#Mw^9-I#H zTruGJ#(HdSJdO-C1>h9oVuR=yO$B)#t3>VwZzp5~Uy?}P5|2nIZl4^P>@g}ZV@o6s z?(cXAn72?7k02&8aFm4P+j5Q{^iJ1b~I5XH7AqzHpP5!(lB{nFpeu2x~#=MzA$jEsYXg&rIa3u03g zJ19BXxC+pC0CYLckLO8LaV#qiB7tHEx+#7XgDNA-4_AE&g%aB`rIU>lieb1)8QA(mCgL8*W{is}e?$TE*j zpoWflCL0ow5(`l$rgMByruF#vXbKc+1RT|G)tHdg5HYcJDj(E)nOrE|+VP$s!OPi9JM~4wN?8W)t-BaaDMaz=S62=@xwq@Ah)gAT&nQA~^|oQK5|K)=|B$LIqAM#y531(Bdv zPoPpPMr%|`rP@6)J}-u`G8o>N8j3((chn+PvcN_KaPZP-h*DET2;2$KL&zY*sZ5_S z2I5_A3Y$d_1pzT@QVQZ8r6?MeyX**Tjp<|If%zuj6Z_E+Ajc#zJ5_IUMf_334Z--S zM7DtzGQ#4bX5gWrfaOyd42bdZ5mCwrS{sOJ?IH>*sMLbUk`vUJH3X+N0!C2-G+6-Z z1Fkne5z@F37r_pKTzsn@ZqjK}VWNmXE{^L|6iAV}LrRs8h^!?l0iHn-X^9F!fDQ-_ zvsoDi-Z>xD0SW{>F&P)+X#}C5N`Z;U;Ap&7poG_j8K>idZe}Q;GI2o?3o)%;(0xPN zE+Ngyq*xeEU=<)nwHBF&t@X-q7;yH~0s^p@p^Rc37KKLMJ1*VfK!wo;9m5RLLLrpc zhI9IiHsCU$p_q&amlM{TIZ`_{2*-ktFOx^TW&(6uv8)^~23Rbq(wKk+>o`TOk&(43 z22m(O1gHo&i_7N?$h|T*!7OkH^;Q!JK91_)aV-*aP-v9<>?$vCIY5FIH2J^_0HhmQ z!SDeIS%?n!2?I@L<`8s1!vQqQ2EM|9r72lKG>!zh4K<&HCB*S=8gfO%$qKW8ILA&P zcns8#DjJfh$$AyY2}MOgvY*98ThPcdPUh>ZNY%zFB_hAZ`7DJK&k2b5Jix?qgmPFE z0G%BGD4*4735FsLT0AVWdaOcNih?qe1XRXsf*4;dR?1W;$mh!l8gf7{faYwol;lR6 z@B}9mvmhk53ph~|HRxh6fLYBdkVffLg;6QO!}XnV4uxV9`WdifQn^tHSBXaZ2mvt^ z8niq;+!eqYJvNcR6#`BL22_GAze~y}JdYs7#dUZ$kHP{4SiYOV6L8sjlNv2H;srvK z$)+Lzfn?m|rUL9FpoD)w_#EaoRixF@<59#0MSKK@4aGGPHBJdz6-GlFs34|tdYL%A zfDE1cMzsM;6Gsg!S;)xsLGsW5jo})mmdHX0pc_c8m9u#=Psm7eP(m&q0V7fQ&=_1G zPSAw~P7{SE(&N=~hnF9Ht=Tm6|v)1L&Vy z0S@OwjCCA@qD*2gW!n(VudGw_OopuuSile2yUH#-~bT_9a^K;>$x<&3hl69bY!0?0N6^D+D8kK zn2@s%Q$S7-_+(>Hj<8|GBDqnaR6(1FKtPCD=~1+eiWcg00k4e@#8L3<8ZX3^K9og5 z$J%&U8wZ19fa;qGA>Dz!I4c9V8Q_k9lt&{BswH$S1JV*~o`7Hy2UIK?PX)xrM3NW0 zUM2^q!i2&&-R#jQL<%v1VB?d`E``wTf}Kmm{EeB!a*r`A~=;z)?htU1lst z?tu6KEnxEuWY9$vazidm9KcBwKi6u*Gt_vB-i;4Yxi};TT}u_aT|uD%sG{K}H4=%+t7oaCWOm5R z@r7k_0vVdNpwF8~u!H&*5w0f+dn00f7^H6eV!mEQ(9&aUz(ioMI)XR=`yp-Zbw zq(P+`gXYR4APyrZq1C{@rlOKVe81Xa#>TZ&ssZs}flY^qGl~Hm>|`> z8Ksii#p;-e2;ypPg_$dm&;b_>7s7`mOa`RO{i?7@YWMSe8Vp}5)`S=#m)_>r8(cC| z&?+GjB{mGo>J^8g9Ep%0rm#IBg#&pkxC9Y8@{uo*PL!ZfOiB>s*x4Gc#buBA-Atbz zM1Gh`chC|+99xssjugSDd@VbQgP#!l;EZ}46PZL&fIeZvE~kykH3x8BxdtUv$Mpg; zT@@8MI8u>aW42FYX~Yywn1+rW#u(4dR1<_Ix(2f-@mkpf=6lP86}PNFmb?9I?C!l0;~ zvH-I9_yJ;#Hegsvbl8r<#uU`BPy(!vXc;K{fbuqzCNlu#of&MZ4miGyZhbJIl`?<` z%Ml`bY!|(N17v$d7xYR60;0^yHINNqgyoAGBS7&B zc~VuThjxP@q;ok!Hzfa@_J1EgFSdHKu=7m9;H zj9Cn-_;?8EI9hl_V1f@?1x`Q*^37}(--yeY!wD4AOd>@nxS*LJVq=u zHECsRa@?kllRRXdNySu}bSkMx%M~yH63P^s!8?y(HGDD40ZQs*e^`q{B(v3Wg*$*^ z0l|;ijF@(k9VA2u&={hLl7wu9nxW)E;!B`1LiR9fgKyqpw*&G2R)A>V9Kr1Y!zV%oA()UMke#c`6M@V+F#QFy3Kg zyLd`E-Yv583^XC6L!Gw$BNackQT zXdfB)#yx9qRCk5(*HV46lsCe4)^&yZ3)>HL&+5%+*8cO`*qmSYhaC}wmjD3P@6p?8n}LH;|}Tq|DMJZm+xZKlZ52cJ{tr1^;z%I3t>AY7v#!n`X#5H*C%P|NPMZ+}@c3 z+xuLYeXIBXdpq?Xk(c2sBygi?gN_A<{;%8r?*kwM{(s^d_))On-lXe4=Re^}Mm0|O ze*S6sI)zR8ds2={E!~@#x*aAK>q+GB$C+tQEApu1)w_muU`(4kV9(dfT~a&W$MhDk z$Nrv&PMDP`^G|L_Y?3@tK4r^@{>hhKs?R_FDwVXKJGcIY{=3_gGUrZ}s^Hou=QBP z2OnL{-BiDR>E70Yl~acWVdasH!ICyzutZLs0wId@U^glUEi7Z=>>n;4x_fA;jM28}d{WTe>-P)Pw7VXx!RANF0LK-BeBkRyWeW^$Hwk^ zg|kOQ+yljL$|If47h0b9E4O3ir@iPQT!6N-inU7bGT(dqLQ zt1{CT_Y=hL9n0wSFe~wRWuI@0@s5_k*Y`Tz-uF~K`NE1333=ry4N49QU!SpFyCb3; zK2ZLg+%Ngkn&P%!K6H?OdRRPh&ZEBm_4{(uKU5ECa$-Qqm!~cA_Ds6n@728n3GMo2 zo_al+D0#L||Loet0e|-w&HK`9bJgvATSyb%v=^?f>o&gq;CT;6QcTAem;`ldl^eV?bW zR}Ag5Yy9vz0~^FEuKsIauNgR4`?<%oBCoO~2z@llDBl zrA_Zq*{5c^tmQvl51!fHrQMato!-gcTq82y-k&v6)^R&Q)Z@;a#Sd{O?@hKSj+lql zFE!^<^2fJF71W_{G;i6E;T3ld z4DO5#Z=HT6MYDH<=-9=r<8}_cQ&3AgJ%}M*AMGOFJ+9NoY5`+CorCfo|7^XwWB8*p z3+F7mFrwmk$^GpY9){PP`e*R+%bP|!7W5#tBYMV_US3y>cD-o(iDrBKscgl*futOu zEr&UP!C)&`twZ5vGTh&L0Z@$$0 zR8{FO{ly)*s7dtnl=1oE693nl6{wmK893*y#L!C|1KC^2)}-?_OxHVfDMRp_hg&0NsAGit&g!-I7hyEojftb6kDshSu`ym@iO^r_^* zt^1f$f+;F?Y{tW)_&jo-Mib86>{B=3Doa^eck1YP^jc0Rg*>H&CG%D3B4y|bpDLT1t&S%>C z$J;J%b@Vv!4BskhJsbJnPPd?I{n9hpjq|DP-zgKCH!WSJxBUAzEjF1qMI$V^|EOC2nnx2N80*MD*rZBDK3XVH!A=Wl2fRI~5PS5B`{RZCjVx@8L%IhEnC*4&Qn={`$Gcya9_hs1FRbU$>Gb8GD>t zx@)6*=w?ByQ?~>C|Cuwo;@11D{4`zbjPLIoe|Y?F6+XwXJ^1;}*p1wOxU-t&qsGi! zbZ?8ON5aK{UxyHWyuY&UygWkjJyCUZ3`5KcgQ!^sFxJYLp)B@J@#kJDsdp7TQyD>QjZl-{QkY zW~r{~{nsbF9c!>%roH^UwczHZ+|1`QCJrS1+%>jA-Vgqr{o`S5vRRi_Zjx-{tZJ?6 zfyeY6b?LZfz_!&UsIDt*-CvMB_JbW?6^kTxlw3FQ^zFU!L z12lV!4m0mwEz@J)M@=*W!aEH0w1{3Vp zw{A(jdSyLh-`C-HdnRWkqnjS`S1SaY+3(To>0kEbt@gfpTAn;HoGbbD_QsJ7iLPh2 z4Qsz1D_G}wzy4F=i>B|>4!07&T~k*T!8v~ZlbEF08yu?Kb*rP(KVNx3yo=uf-pdo) z$1d*8Q2OrFpwcJT%4fMY^1tNkDhquZHj_f(<>yB#`|_5ZdQd#EO46lBO-6;aG#2;68cY6(RA&utJ5RRp#E$!0u16LP$$B|$XHx6y2j@?(YH4crs5-Y3jh|3lIOJRN(=RlX?7g47 zb3YS?te6oBY?&s`>+mbyL9$=kqJz23h;ftlH|xCV!SIY%sG~c_DogTrPU+aKczp%Q z`mx@|i#3(A*Yr%azTrL|Hg0%fmaxM})~99N#78NC<&z(z-dJ=zf6LP4QyBFgijOby zI=cj%7H&*`HUUo^iX81PJ zLn8;z{yL@jAEoH$ z{p&;EKFZUz`O0tY zGG9NKcYaG|URV>}`K68F$U&LcnU`Bb_Wx*=*=l>8sbhRS{_Vlq;!``4?w{c|t5;_J zv7#M`@Um>){qP$}Bh^76rd$n`jxk)?Z zSG;?3e`4P5^6%TH(Y%wY%Q*XOqdP6>cY*bD(yZ%eig?Q}<~cjvBNggS4%(qUnjl$E zS3G!qy~mc*Yo}hR+iP?OU*7ETDy#NtgC8$XJHC5dDhrI@<+^Ll&+Qvi zFiw_yx41!i-GPQ_$1`$%(&~kdJ?AYNdbfY)YX=s_bCEB{ZP@aoab|;+<@AE@xe2Ao z$D%)*e+q0mQT9;S+qV5zM%Slx{ZDkpFZiQ$V(pugcS0|Huj+iMlj_cPJ~6ig#D^7& z>NjnBigmOoCMni-Xg^r{XW=gJ+%saCu2?4R>2p){yxk)RC9|6Kpmxf(MD-QP2fnzU zoI7m~tgiifxx}y-ZRqH{Q`EBf$FZgzkMEXw_Pal|c=Pbs9HwAmP)wWr_3O5%zMw}Mlh5y*o^;6nMCP6J z?((=X#c>UOai57p`At^O*vMI8xV<-aZvKVg&6jj;|E|H&?UIL^i+7JJrk__HP!yq? z6~DL_B(43$PM!2F>oGa}%+TPIHLa*Br(27>CcD!b3$8!$pGkUnETe}aPkH+CI@{r>*?(4aTvyB|G0J9Z;!Wo>d@Zfa@SaLFNC zQv15StFJzOek=>M*C6vQ>E7&P&ubs~P3{*3yHEcbYC5I(d@EUdqeqQuaIMkgya_9F z?8g=_5f`}I9r!$L-1Fk3^6kTComV!Zk(!hieB~@noi)Ac-_b2As}}U|V}`Zrx^VDQ zVddSXf$P6k;5P)GtXEHdKTUhhJS=B+Rhx&urW#5`Yt0K^43NK*{mET=_SN5i{a8O$ zH0a%>^j{U1D<9_DFK8d1U)6YWJR>iNYM(p;i%tD9Z`JL(Cgj)$d9R~&T?V~>{IB6p z&fh8YYnO7$=Q!CS{Ye;5>=U3 zx|2r6KK$u_dU0pbj`xpFH`_OH;+?>z9~TR59LvZ6Z?{|S-IkGwg1mo4~~S|4ZONhl~kK@e$C5_UiO-2 z>};HI&7QCMJ4B#N;HMzVpkn3sadRdf)AK2jYC1sr)mf=;DI0_j{+^T#$Eh>EK~+9)3+C zrw@MdVrc5koGlfFk=&nWbB7HZv~<|Z{Cr+1yrpY%>#rhsPG2#UCS-nEqSh9$Ab~JZ zj(LCw?{ihV@q5q8ykpk+@%$XpIQ@djw)}t9lezWI^o-QJ9OQi^+vh%B0{7yTzCv*- zZna$exb6M+@7gDK8mg_IRKEL)Ys}R>kjsmXoA#H&4vCm4T_@eGKg|%hc)o%`I3jQRBf!ecKv)y`SoQI7(_u z+%|DN7@5{h+y42EUVe4U8pw0p9k_JN=G^+`sRmV!wX~pY(YYZ-T{@9kih9Myiy(tH zHg9OFmiF>p-7c;fF{ckJb8GU`+$moNnlG-lsaVTC?H+q%Hhg|Jy#4wg<9}7J@*H0< z^38x|orX4S<<@`wxB9}bUw^XefBdV%U~!&ui0MpekBkKySXqspx*~I2Gat=vk@V>L zHd)=v-N&5aFF!s%%=_G+L4(C98ccF(wDk(CB|L9l`mgU;e|6cs=3Ov_8`C^4dd02L zmYeh{%<$w^-BWKpu{Ubiu&_uFArA1qa-ZIm&O`3{NcSf0PQ%90OQt8F<2BXEIw`i_ej{;7KSBNCl7^#qqWCi=UsyAuQ}e8? zqYnLrEB>*-O8D50Y9t#uaz18MN;q_&VEOHvN>^ zVkxoNCf@QhdvqtSH{w6|<8s~+{}b+~jN#-#${p4~GOX!M-~76{b2PV8yc*IB^Lu1` zZ<9oDjuML(z1Sk(Cf#1Vbf9eed&r@Uu6H!eTV%b``-!bzaG%I-5R^+cFt;W3=>G21 zlwo5E*Pc0*zppGC-QZGA8V#%%^;!DFTIZ*(Pyhb3RdvvP|MGsDtb8c7!GV5W=h}bY zDP#>ZFOWaZtlFLU1hwV8{=oAN>dDWVcVFOsUh9j#oSix(<ydsx+%KH{<6#Luux~Ce;sRTZD>?CR1k)qxMSMyfBHV{NsGI;(()E z|MKR}#JQ}@Es`u%6qj`txV52I=ymQgT~vJjJQ3l zq+rUAuZbt}g5jr8`kumbH-&p>if61$8J!BxA$38 zuC`nI^RuUxX7w=q`1&dFI!uRcUmp~>R$ZMF+PdO^uja*#!G*tIA`i&!F>+GjbjJyD ztIV&pcRiA|qv|DmBKseUUD8(Ztp38))=tS;U9ij>ea;5PHQ9ahm5$wXyyx=TdfJ2T zoo7zU#AIg22jbM&hlYKa3!1D;KPj^&ed;}7xAp+H-lS-E@4*bx*jww4=QlgObn|K% zlmN*0Q^z_US8vE6P`-ZlK{`3(-N?iHq9c;8?c@BRzlW+U+uM3l(+S^4xbEz?zimkQ z`vE(r`S#N(b6V#0Odfx1O1FIdY3V3_7AkE`!#l9FH9XlRZSBn0lfTstB=sq>Js86q z(V0+^-u(Uq&7KL06O)5-u*uKixoNY8_!MBL7WRp31Ia`vRRyR!}by4TWcM<&00 zkanYXUc3J9&JR0AN+^YQr4)>cyz_z~V{KU`b%KtRLb_S=RMv3zx*eK*%p3hj1%8h0 z@}~0Qr9EkrnOKLhB6}_G zNSDne-mLK%KNQml#b?(wJIQ{A?%$+cV$*Bgh6lw-om>n1)NCHXBW;c>KkQ4MDVRMR zT&*)UQa^9IMVb?P`=^jLvsQ;~IR-&Si%fj+t;Q$0Tft@=8dLWiBb31kw4zz=0Wg-9 zE#n#uP0SY78$a7H1UGHmb;$ERp@+G`*&j#CUwdD(j*6cb^)hf6YS4r@AJw| zjM{pmBKooV!n=6x7F|vJnn+Y0a{a{nko1anCtinrG7rW*SBxzS`aW-OwCe zdct?5<(-R3?T)f86&^=Jk>}x$Ok&yDgv=J$4*I#Un9tlWb@y?!VdjB_+GT&Y-q-{R z(aOfuou(Xs98X9YR<)>0ma|!A(;W@*BXcb4BH;%`F?*k}>MxTIX%_v#n{eX=`gJm` zPm@yTl097xw@!K9!bC`%?y+7%Q~r5({$2eu9ro=J%+@R&AfZl6k*#g>SabC2i@}=~ z@APeiXmw`O1?cK(>KUf2&+J*K2idd6dC!c-UTaAFg08-cxrBb*^WI11^i{owG~1W4 zIz40Defgf5rdGtC`B~&Z_11+`%L+;shKl~J5Hui??A{$uR0U7SH)}qe8P;N&!LwSi zWFdGl#&-Rx|3c~v2T$bpk(~>UFWY>a^{zk|pZKx5MfN&M1J3Bz0a*{qqS)l;^Pco0 zO-w8<-rq~R-+Hc@(~~w)w58AftMmCi50r7r$~r9QTmAChgsmMcXG(^b)lhb$WP5yu zo~4Gtjs3@_{Agb{dj83lJ2mRs%d!he%g-+ElULTO=Ih7Vr^dB-y`smy@qN6`+AcNq zza?ZAPiSjuvVLmT04TQhY3JIbyE^gwp2X^$j&pBh_@OLRu8ucBd^b&R@aiUX1P9^* zMyB5~prQ!o;zdV){Me1KtgEw*1V?_rOswqHQ%bKV8q{;n)Tngw^U>|!je|3aL81Yq z!;a?<)-Buf`dn=){)&Inek4J%ZEA9lAuo~Ya1GQ})x%7i#vXxUZNcb4w6O!c&aKbi zkqt!&nTLD}lQz^usZRp)sf}LUNW8r5R9V;5tut4QDvY6vP6*be6cEUFwh!|r=j{D( z^bPoKFNfw2?FK)3=i%&I>OZJo${%>9{WyLHvnW5TU7_3!Y0W`zcbRnY{m2@1-EJPD zO(a~HvbkGTn}5e13Ab2`KGCG=n(*bm{j;85&7QHMvA6TichxC7_QzHh->Dq3tTxb{ zM5rz{SGVk5c_DpWvwe$Zj^vK$*>jXBsj{+v?e(g4gZVQ`zh6x$n|@-_#ni%?x$6e2 zcB%hawyidsxbpdz>?L;}^!7S;OZ{uy$nEyqxvNF9>eNwYL;^wavWaC~=7 zS?a-^+5^)5d(hV(fsgj=%7!`92aUUS&@=v@YsXLr(0EMkO=DONWl_dUAFP*&ij}kJVJ{9CJweBe(X-VD_r#JHJ(Br7!)Q z)mYqmdUO)5RnFR-;F!qzKfSU^Jdla8Z#m&&7MVM&|4Sh%-#VzCFm^=hkhz?FnE~fPC zsy{Y+4PV|Ic`IH=P59*Ljum9R25;=TY!2clewuK8=uKUEDt+dtvT(GDezwI+9O%Ti z$fP|qzQ5ezVp{GL?^y4o)J1)Z+IG!6xxMt$`Ou{UIt}SzYT-uh0ei`?!0VyvJ)^oc zGH9aL&VKr*zbNM&U-q_H^4-2m#%$bD-#oht>VbK~hCRT4WMyUz`|@mdI;r3&GULp?=vmC+8h481$Idsa7dszVR+D0}4O;X}tBo(W0Zyj4AC+ut$g z5xb{$5FM$v&)n(dm7(=9t=yI0-;c;4j>_#|@<%!*?tNa_JEe`eF1qqT z`U!OLtjS+%Bz^krf0rLxGd$Ej*uB^6cZ|8^ ze=N?*Z+bVm)9y__Zhq}W-wOZocZh<62%B;n|PAlRloA|L|?* zao@A7zU!8wF5-Dpp9tEQFEsT!HD~0-5xC^L+e<^dZ-uo((oPi|?d~i=f2$hv(Tw&z zI#oI4SYq;=!HdVNJqWLdAznY)ynp24-giS+j<9`scJ7t8Y?vml?0o)o4{5wXbkep) zF!b>Z%*G#keh>YKX=3`NLA3UDb*p-{1WTP3FHkpGKC$+dM6|Jqa~%<5OZwo9Wj2+s ze42@(&)w8GJI644^yR89hxZ(-dtWtUDmTi{9a;Q=Tj08@ENNG{dYrc7^iJ#kT2xX{ z`}%IDd&!kq-E9{d#NXT_f9gJMarbi>Kfkc1tvE0RAQu~p)-Rh?!CPxSGIRJ%gD!h^ zqsQ8^l(d3W<%)`tt~h!tW1^&l*0}4qokeK^`l& zklTKb^%F$o+h7u+8jkE(zhBy!qC=HkuU60O(xomV{l;g2Qk`mDhvr?@t-15IvBya|s4ershN5YIcE&b8wf9{=O0zas z#vM#3Ejm+j2Fe)`edn{q6@yXttEcgH-|r3O8Qe0bkB!+IhfG%VYbn7J@= z>pR6zxjFHU&_gaxwl&^;yeRWP>d`5a{{3T0N&5eaP#NEK%G~^wO*3I=EFF4}it27P zsF#_eZjsqEab~lQvm3R}ZbE^~jd)$_hABU{V#h5bR_GwVT$lH~ zRBsqAd0)EYhxcCd*o4jr%}R1a6(63Qx8SSQqnocIF7?r}Vd_`@c@I5w#Vlg;>$7%~ zw>PW2e1{b6L%o!5D$9RzqD70+q7@an5J_)6-+4U$$2MYR_T{sm);{NrD$4kE^y;#g zb7u)x4m(;$z26Z1_{7SwHANq)ryi5c48=cunR#47YS}GNwrco;x_6EGq>!rbJb632 zpkLw0XVJ=Q3*PDf`Eq+*4)qej1YAO35EWs&3KbbL02b*K!IC(+s&kZ0L)} zo0g{U>Z(tku|wVV=DKdItnP~OEo-`el=M92Ju%39$HUc9IM@8+er!D$Uq)hjgO=&t|X5ZOK@6aQ9{0j6*D!#km-@g2|+pYf(b8i_| zW!H9%3J3zy9Scwq>F!2J36U=8l5UU&Nd*=nNSAasNVhEM?v`%phHozK=l%|`G)_3 zKC^m~D;_i-N!*rXpxv4x&{yQsk{es~)y?tXIE0NWn0&x`tGEB_JJyp#CyFwWG%U8h zpHXF>hwS_AYAHW-Nc_s)NU|EMVDkzr-@8dM+2s;vBSGw_?hMB_95=QW@lQ;`LR)J5 zv~<7@d&$bj8>DS!SdI*PC*HVR$(s$p3KjicRuB!d!z?80=*gq-eB zQY0Bx5N)D<=$j7Obg}NE?fXMKnpZJ-6Zo^D?k6}lpEq6& z#fr-$3(>r|a(i{P%db={`RH2UtfH{*A?)PpsGPs)6Vr{qxe#-cCWijAWD7m^cJ>vY zE#`G~;uw&&8BZSVB(! zLni@>U4P?X+dpO>0l0s{#gVBkG$-+_pxi4NZQr>>YU$4OS&dmXTxBpfYA{n-+~W;;qUi*Gn!dN%E#vc5l9y>Od=2F*wI z4}OXosPmCky!=B)zI)TA!*iVBFmo-Ej8>~HU01cIS%BL`Ov+(`y6lqa7U_`gl@cOQ zh65#ylt(oaw($)zd;C3iL84t&lb(s$=Ep>24lXa$A)0fU{+Z%*dqr65&jSl+Zv|h* zj_d*MG_AuBmKfyR`!ZI`q|!2>G&Nh}L7Z#{c&y5Vy%!KD^u`VlON z&G1!rP%Lt1;@+GF{)Am3^-A^`1iNVpI>0LaJ`aDA)Q)bicyN$tQsqNkGBXTRHGUQK zRM*oPnDMQ@(e*%Jdb}J(<)ibH$)0JN;Z881H$cjGdFtRxiv;PI?INMH?|iT?)f}jI zQhi+*q~b;$OcQze`2Krd93zdg>925Cgv>JY4hHK>2L$!x=7_xE%tyQsGN^uw*QWus z&rdz?UgZtfBOE_GcKz|vlNZ6;Drw<~{aRomjE89W7 zhtNHx*CoSh2%H_|obB<*P@2JV7d|~+JF@jX(U8bzlFDolB8cyg_Y{u4dhZaN0)+B$ zt1h1?oA+4aLod4$s2?rqmm=cj%4DZc*{wcz@&1R3LLQTUdtWDlHYto`{{6%F{o&RtwL=jTCW>L`>ZZqBIOfU}K4=G^HP)Z>7ccGU~t#oB7UkR`uN8 zI#Sj#q6D7sGL+gzTpKa)dO%Bcg+lgMM6x>2F=3S3F$XlpD>fyb>k=vB}`M=9bB79A; ztQIWBgveem5rTc3L1Bp<*3337MVZ-J9%T-zu|b4UEyXWmrbv5FEpat^Q?DJ4w=?7% z2tijZM))7X`lMd6vX54M1B@&iq-KrNEqB|0h(J_A^!*~eA8n0u=&>tH2^HHM4n%IF zMD_Jl>GUTipT`{nl;?YEPQQ-B$&>@wE#qyFu$7mlTBGrUEf8U?!9kqmX6w%}w92Gx z`gZhg0snh>1LA;*y+WucjnIn$psaoj|5jE|dyDoKnn4+*ydd z>cK*nT{2Sj0#Z}sd+xG~X@M)<#`d=(?rX)Sb)Lrp9+S+G*FS6-BH5cdw<_1F&|q+a z5(cq08ijh>F2PNQ{pVUV{HK3rvG_bsa9-S15EteswtjQU{j(RyUvM?8X3k^4#je|y^e?JhC0P&)YdNFt6U0Kj9hKjHcY55Po+Q^ITLma@TB zJhwU%O*9cw;9d6ful}U90Z2X0N-krD;hk;=SC%9l zvt+{WO#!}{c&YjyH2^Oo_{yv;TM%60U+mJ<1Wr2<1Z}t;c-Jcfm$R4yRMUk>Gm-dj z^Dx0z4KGc$;EaARaR8Ps#+#F7!wb|u;O|tpg+l;b&OQ_T$Cf~+9uIz!7%lt~coT7n z%xVP$vaw8`{QMqp@514|q4byAi#IxY#1vkp!Z=WVb$!xOuLbXwYlUm9^Xx@#(n33U zD`$@nz7B`|=%e9~rPfRL^CD`5L%B~0zHl=?ZYPFIUVdu19ma3b6AgY0ll-q5OX9cYR!_3q(fn#o! z@Rk$3tB1dh1GqTmgOeOz>STHBAqIY!*DL?^XpL7(Q(h{}_SVh(oXJ1&)D3ItaRY?1 zz#9k&#Lm?5H(u%g#Hs~0fPrZuKAw$6(jH3$L~(@>l9iXptCdSH4{e;m$&LJnG-2@a zJ(*Wri&@MdZwtp5yviui$6oC#+eX0=wTQ5iR2PduT+o3OO1*rOfGA+jB5(C6 zP%YkdyVIVS(ZGan!jY}P@>k#5&E2i126wKGAizFeGh)tu2Q8v_M*0WO-x%r5=lJJf zysfLYZrbn4#&aKOGHXNv0)eR9f>Aa2*BmU`$;U6$;ngh!LN*Sz`WYULAGwpx=#ZW4 zqAIIM&?{$oCXH4=b;L`XQz_HVAkS-RRQ3j)gp@?rCaG|C)IxSi!T#px(rK>glK3}` z?8gsi_&YQS7PH=02hjE50#>SaDhTrX<HGcfe-&lBjywt|u__pdaA-4aB zdW#eP8PaJyqSPJJl<{nepxaP}l9X%0vpSLHDfZa+%}wV3V1LmXDLLI$FUk@v`_&eXqXaX4Ij<%N(eS!oT2nh zdrr`|V(F&YCo}uL1Un{ApfK9k=auBmTbJ2x$uwmekDe=hBa5g%Q@M{M9*w%AbJBolRPdVyF`M46Q($235N-{6oFdXYz%U`}|?=zFp3`#Ipw06rz zltKVMH;CR_1FETpK%)^a>MK%XJ^e8Ro9da*%|(viN<6#qZ@_^BIP{~dv%PC7nKLfP zy~{F_8ODClBe#R}RgF{o%M-M!Z9$CJ%0A(bVUY%Bp?9?om(N6)l~9VWL7YPy$zEoG zIalwBEXk-Y{mpD|xKxQye!&ry%DfLxh}PO|^f&+e8O8^I?h5;yZ(Qzh2x)Y`C8Mz# zlZ>WBYU4i`O~+&4vi`(f`SH)y+T*dUA&RwaUhx*-x_8uSn>CnG%4L6|ES=0D9A>q zl2vvrZ&NK7!oY1Cp~m?lAk)3UROFF!WpdID|+ z_jE|sCJ`|kE~piw@ZQI>G6%EHr(2tm4rK|*supH;ZFfJj-+g_Wasc?)?t57|VBrZx zd`iH^_}{#H`A0B+fB!${=P*FQAi!|ln;`@QfXBfmiX9Gd3_rino9lV0*Knx6!S1Zf z48Z}x>+eoQzxANX49m(hI_>;mkAvxGU-tI{vPDUP$W|NjN>33VZvI@6hSRorL~WAd z20C_^Z-;hgA7u5$;v3gjzf72kAk3Qp%;9_v6R8G2rKw6o!kU}f2aInPySf8B+43Zr zPZBC{kY!`V)2_bZ0B-P@o;XbTioV1|dog&#f~UiG` z%p6%X27oB!;W(mhn^@} zj{Dwpz7FVMpqy*U{_SGEE8uUEKgxj3-gdk5)HvomF}<%0Irc07maf`=RYs)lu(td9 zx%}BZ`_RdzD~SM6&2G}+4jMA-;Q>cAc@T*{sOm0e=?3VGx9NjycE)nyB(udvW60Va zsoby)V~yGT{b$;+)^gf$w`Mzk)>2a-ja%@<4TAoBhq~ zps1m9+=S+bRmDz)FKibc!TQ$P9K@zOJTGVQ>V|E0oe5ZUw3-wLS;aXwU(-Mo=kElS zb9(a@3Zv)|y6ziwf?VE%XkG?}6EqZLpi{2INcgDF6(n7R7{?P!Q|g+?{&R`mjDw5U zX_Sw?2&mN9FUJ!n^E*DcJ7q|J*Oar#Wt34MjaP#>8$8+s-8oC~3D2N+HJBYlrS}g8?DST)FFAjGr4@zV)eDnA?}eQ3 zbPIjHw<9r$6S)>?f6n%&CcHSaQ>OUIFfO*1L&ejuL=&URqG-yff4 z^sL;Fo@9K)5`c&NiXOg^3fCmyLP?$AT90b_L5}2Cy?V>t@hdH*dR>#*qLM(Lq0}hL z+;?wShN#hgIG;30_ytS90zvD@>$4gsV!2P7eBZPi3LFVQYZA=&1so_zcNf-M2MmxG z1N|K+H2ikMu+Y^AQet}($KDgTm+D^`_1u&Jzz^kRg6Jz(sgw9}95zqn0Se*J1s6u36nViUTJNi2 zaqxd#de`p>zLcSBp=Y!{Lf%Dqt7u^wX=4^>oM~QYp!skmxHMTfh_zr$weEB79^YpI z3(h5kv?7tev0}l2*Wy1sg}*9v)bD=654P#Mcgy!y zyQ6=l2=Y=2djx(s6fwapQ`@x|q%h`oOf^QN5Pu-Tsv)`d+~>mqi?(kRet31Zbo|<| z==s==ybck!$B98VNm^e3bA0zp#z?B0fJf*1Pu#bi@4G4boGpHo>Z_68lPFr-0S1`K zIz}wAg-@1T3;ys|tTX!oiC}<3*;a)&B4BQx zkd+M9^nTc<EDwc^NG3bs#Kd0Nr5W(D}v5L3w1(6@VApVVPEtMW@ z{>ugU8|9K6J%>2SyOrDr1y8br6Fs~u5X{6Xybso89n3POeP51g&9Z>$o?i0TTEZe z&_@*#NQ$BnrBI~)9_yTl2QumZXIO3&1%ixtRRn4zY8!H{_g{KrOm(FAA3iU7i3Vw~ z?#X^i3mW43iVH~8N$a>meWS3yahx0jrT{z(M=~Pa zR0in-U=t}sm7!M-Bv0*GB8OwZN+=7pW`Me+SKd801)jiYz$wW|-;0Qzu#Gu~vQw&x zi9DtxSd^L!GzJCa%GZ;+j+5f|LqvI7?Or`5~%_B>bIx8T?rE@b7lsR|@WV zxiPdt4JK@)qCbfN4oG}3IdF}F|AtSv;AB3;->=pF9?b-Y2TtK(RfgXs_{?(;=|P33 z&`;ngw8^thjK7CH0}tZxurs;<+zBiLXz*p=A=H%Sud#uF5BS_K8bV3s|G*!XD~7=q zig={O_Ddp^6m-rLbO|va6GsiDRr{&)!b*&w3@&q@2>9EWbq(+&H%^;}xFDSVzo zlmt|E@xR$RDxeub5Dv2n{vHkYLinetZt%=q_n1Bt7i5^&41gYn{h3wwubsluGte5{ z=UJ@0)P{u3Lf0Iwhmc;fzjhM;X7$d!?*UUL;O_R?c=cD*=18`j{Z&D0tJuZ$^-9A* zvv?$>@SIVY^D}f{$Z!ZDx8Ug{`r8ZtA#-}wPXMk+6rY2U#3wvtkh!$qUY|$NDLoSc zbY#GvRJxBO=PgmRdLD4D0NUd1v|u_0A0@h=OFbvO>TS3{;k*q{T@K-TG?7fnu;Bgq z2IJ09T-!=<0X*bzcp4mKCT#DW?NA zGSINoqF|B*!Z8T09Ol(~tyP!dwr@NBRyF`zUO2)1S{{m+1JC@cRLn6twuEhmGmzH@ zQW(p-y5jN5+a=NYqFZ!?U@UlxkCLLQR|2A0#CeLq{dsa;7!L9Wr*N_N&7lJ$g^@WV zoE;m6Cw|mn9a_lAb)-%;togKHxEcaT1A+oKQ;?g8q+3!(PE^!G1G7%nGOr5^cWw%! z@V{f`4IJ;W-yLg@k{y5#nq=G5ytQyz#ic2HP8#peVA#_wX@ed{21NIatZFv+92i7& zKygmVH>Q*fH{AkB#UG&UIL-CSwuEc?%Q2jX63Hj;+F=$W0-ACx=Pt-tySL+$G()C0 zh%f*fFfmz-)q_V_*CHM8E8%qM%M9IM23%bmHXJ~;Ba?qhN-c#E!=!@n=mqq+(I2;L zDf1)p;oYBQ)T$?H-U|NhKJx&m8!UPZ0R*qgiY&E4Fm95}4Z#dyU*84>0&QaQd=q~0 zZ;QUQOUi*+YFyum&Ie$n_L3$;AwSEhl0sSP;s(=J_WN6KSe5WP<>L7=`rQ@0(F)lHRRva%U2~xB z1fOcNF`~*I8oeq5SIm%bs7JE%Ge#@4_qg(|$!IP2QDL>;U9*>$DF!8#{~+e2k-e^8II!uuiOCZAKhh6yI=!-8sDVKe!V+0ggiA%Ym0 z9|8MteC!9ax!7caz!kLpxL7CWU1r>rqqr{6KD;wZCtd!~mm#?+3VsC7bvuv+ll)b$ zI&Q5A+6}EjyBmc-x^(mlmSJhK!#7}XohE^$-GAkt?$7?74zRw^Xu8{&7G=v)(|uU7 zh`)T+Q=#lDIdZwf4Gz$>P+zvuOzRED@ z(81yz!+U<(OPsec`PkHwSJ_6F&*x#K^a(7Ym-x`)6UX~`JHFp9 zM4fRD@oAJw2Pyb*&hMK2DOb$=#DwattW1FJUh9}h0$>$v?!8aFlG)|#$$fSC!W6{8C#SwE~tn!Eo_5k$aOMu#QE z_O&JBA`Nlc6Ok0Kl}LLMk{$k@R)NR(ix}7v$sf@Ec;~KfUd;0W?Hxp$crfTyHeZ4pxoc_w9 z^Co<2LTXwLXJXfym<`>Nr>H%airC=i)-0d9JvK^p9^4)xL#*3zQ>6vZ2o@Hpy;r|< zv7mclvCRi0wuIOR^W~P4pt$pKhnPu?QYj<2JZzQR`4f;O7X7vx1*hY!)FEH!UW=dbb*jQ z{fNe&vcIQSe23Zewc+B`MUaM#bJ7}3?5p%R6}~)}yWRN0X5lzq%00-gPy2->O-M?2 z)aMULOo5iZd)1HIDiW2N8IiS5D?R#+;YXI0)>=GNaxcPF?G*%DbgHoGL|LI5ifQRD zQ^$G+El&WE)poHJRgv(m+YrS+K(ClzcV%k--^*B~AWGXD5|@z-lQ^~*vW zB93H3z@?umx1=}ff@UsU7er9uy-)}qul#t2lrt0Dm_O?)-Q!HECiAMl=o94pD8#grP>uAjvh?5+}_|zxmiR6N#9A#Jwyvg@;+N-2Lku73YVmG zn@@9_Jgx%ham7V|_u*zRN(R*Xu*4LvQmLGWJp<3_MX`cc077gWqaSuZHD|a9e&lux zePWk`3?d2{m7UhFFnPT@SEq7k^Ok~7RM2(TesgwQM;NAE&kcSEwZuYf_k9m{NT>6X z5hy))Y+y@JRepsdUBhd)jN)vbnKYSr3}3IM!T+th~7Z5O8*GdTia07~ic zJaSl|N=A3ZTN39?w#Qj8r2SazqPWFjXxDnn{x5_fN?Y+gc zDf&glM!cd4lYcx;5rTt+a!H-F<120xKqGid;wfad{OViEE2D^0ZJLEifJgW^G1yzb z1&#CMa4pe8x$l1b=l3P&h1v~7rG}!d=-{d##yY&W$$6Xaio59JHnU)cUT*4p+)4Zo zWbiV`i|xjL!KnQzTNIkFxpgw_wA}t_kv+>rmr&~EkUp>5XT+QTpc90mx>>JWfE7vm z3kdBsA12wFV#p`*bLy90v)*g7Mb89k7E5}pnUIG(ANr68HHh=*%B6t$O|<@z># zHjqL7i&YSdI^W?WwvJS7h*f`QWolsB5lph1CZrPgH`d78Oyx;N&^6z#HRqb}99Ax| zkml8~&2v)2GI9$aRN{M6yBa9i_fNmlSTie+=U@vZS%<6p5a0M@3{MHAKBCdh|)Qb_0B2VCK*HH2XPb{5wMi=P@bFzcWKaZfL-JB0lOlvaT&~95R|xT3#h1u z)3I67Pon-jA<|iY0?m7XTg~izUt-JpYy}^F?tcFD-MnC<=RM2CiJG}5y!iNydU4q6 zZs06e8ekj3sxCH3@Qk5ES7}5$9^5C%+`pEw2ux$CC+jG@P0A%fk17F)9R}3O1TnnU zQ#ioyLkfseZQf{p*sF8OL5AKJp3Rd_+TUH^5)|I3#jBKi-pa~vkCMtMzQcBy{{xCd zAPBD7=AENasdG5Ac4@aNeeI;gXodHms@Lzgv!!~CV&`NuxNPRgvEfwE!Cs9Hb5lnC zv0z*lP&9653bYAmEpIJ9)W|2+0_vdDZfBIc-C|=>(LRA#`pFYzI;Po)QvJvRwZaUb zVYxUNRb;nc661P5^Z;l-IB6h}TD3TPmgBGHG|P)-23InhZUYB9!rufwLTp@ipcTMg!JOZ89Qt3NYW=;R00jX- zR{h4JcrZpAC?_hQ!PvtHRVe>ZDkP@c^~Q#h3qBW0z=X1<2tWy=VM}A*z2VC~oQal3 z!0-`XRXi83#o)W$w`@l_$r3;w24W_nj zmneG#rPveIxqD?m^0VT#sKMmS8dz4z;6`$aRQKe&{GbXEtNUNXL&DF)AROT8izDiY zvlZ)7Jj!$72bNYbdFqcq-EnlsI8&|x4NGj;}11i=``ei=*ZoCV{#D_Ue*QjEXT@k~B zh+q3rU=%$>68r7?>0SZr=w^|-bDzQHwA{I%OER^~=%v@pz`$z}K;ut+sFW4S_TP0s z)Q6-0Qx`;mR}3p@?~OV~^i@4G8>*x#^`1Hzz^ex!1=27igr1dF%SAe8mUtgtoig@O zam!5S2dUveS2`69MoZRSW|rIUy8Y762(KrVNfn@&`KKO7K73ES&-qV9j>0>KY3%>p z7tKWv5P)_m7yUC@oVF|4tMVo=Vn+rk6)#%u?+RZr0zGDsu;*F&`{4{gbR` z4uRo)0CweRmS-GMvT9eM0Xx2NmLDieai75Tv0 zip`+)!5V)J?QRF9VpT&`S#0sM*9jc82gs?$wnA3=45IbW)X%I8lbsQwtQm6OjN0rW zQ-#!K2mHlZHOR2AF077W;4?Y(`*gb=c=G&PX*;vgCVm0Yu$`I6zq{R0lPK@uehbLg zGbuSC)fN4jx6Yej39VjPg z?+OOsd;0!NC#q)i>PD&lZZ{q-R;16S()8mzj@z)^0RS{9+rE3d-BWcQq|GUOk4p8M zUfp+%1H$7nj=k6Ux=WI4ak7BOLx|Oq9jTMNW)5%DO4*^=1uDucSp09c@c4M{AfJNZ zfFA-fs;~Ag+x>)c32taz-GDU>Q+$6cGxW*?=)54{QDK{H( zzp`HCCR6Ee2+#D(ztXAXmMiexflR}>SRGQn@)H(Q9K!DTL6k797f;kd`2-_5NJvul zNuv;q`5Mcq;Qo=Dt+CiBS*`0~(RQUlK6)sTuz<&#c#3C(<;)H7HG5at$D2H6i3NiY zn2S@+1M!z5rv2ab$k!%cneHt~iE|QyGR9ym*vU3zm3moX=VFXS`(CP>GpBX^)fF!2x+_^pmGXo#8=~topyldx_D# zIvDI0o0Z;@0`pau=}h1K<>jUZI7jQd|!2hMzVw$o%{giOmYCj_b|OY)ICpV)qs zct6)fmHLm7sNqp;2RI-|-1zY1Cm;-_`v18GW+(d8b#Pi+qb34836>;`!HW$@jIEGP?OzX9 zK5>KS4oX1XmPYM5TOYeZ%0;(|+lFfqXA|U-CnGWAS_M+R%+KAYsh}ON9 zjIu!yXZ#_7MwFV%%=DAtnPu)wpjtKf?i1V(`%nWU*Z+`kgu0H(bF7#`c z4*#YWsagt)r4|r<_7=dqJd(~J!7*YPKbF!cl7yf@1t7`oOjG6onfBKDg^u6o46Oe` zv0!<-t@;)VY9&u%5J4Px5sT7^`?~JMvoJ6MDp3B?9B<8Zmo!CfvQ0r}K2V)2iw%fR z+N@G=>En4SNnjrY4lH@AG{Xk>SGekr2PylEY%koVsx`(cR!kms!f#5Re)4%yyHKwN zNEDoCV(Z_4N1e1Ft*80-?rBPX>>c1>k_kV}gBUB1PfX-TC(0A2d+3k`Jr#@L3-DY! zyr8G9EEt)?5cP^5z!8%o5D@xJrGQufPYbSp*IfjoXNUV6Q3Sl~=i~GoQ~_#6D(IG6 z(BFdqzoU=GFv0L6+m?c4J3}8Qh}qW@7|X|8;F-aj-XUf*$WCr?6%+c0AVlpRZbbH` zpHgyl>x9pGpF9IaD2Kq+=$;p#ilf=`37>C5QO81yfUWqSBYCG@_i&HC$yOu*Hq~(Z zXbkw+@{xP>pMGmqMc1^=GwuVxeRHCt0=Rpn7uZqI;*!}0#eOP-s_pdX5kSUuu>O6* zU=6We(Y}@hGmz78g2$9Inf{U+S5acen_({mxJQ%ZG|Zn7UFn9rj%0z^($knER$M;U z%B7JMx~131AZkSG6iRr5WK@|0&QVX2 z`zH9v`9C%YBkO;^U#Kn5mxLUyzi$lS9`HBD1+UF@y~726l8MV@3Ci;Q)}s0`qW+wM zk;6>*pN{%}ZTKUCvbndgBD}AT3iq!;=|Sssnx&(qT;~%AhkAOqu!-gZ*!)-hmr@5g8 zpOeEa07HdaKE^^?f;Am}qqrT7RvpHRTH?%LQ%3YC%+xj>qcsU+fUWbx-7Y;SI|QkF zhtxGrP|5PIyiW`^a8G? zVKi6#ew$A9w$4JwJh4V=<7D|Zey)@eu2DExXc32TAP-xOyff+fHkf@&lFbfm$@>Dq z<;`Ce;UP1@tE)GTpa?!V=x^2*%dGPjI2a_Mpg}@n){nOEH7U8sw2lco2gZAcKmt@0 zFMxHM%c@443dmSi=8wJusuEy+Jvz6$jhF@Qdz*H%QT!Sr&ZNS~p!k8X%x5zJk@zLh@>fd8lw3TMsTp;uAo!%o{06*^XQRkqD$dGRZI* zdFz!NcvW;ckCX5Q|2h^)AZWlh6b70UJ87O({?ZgiE1(#|WOZUn;3LV2a^3}KyJa74P??f0gvng? z0=Ne;;fo;zpBD2a7`M09<-I})=H^X%ivLf8|9m-Sp* z3KC+txSdj!exVtDPZ$`U$r3(%m>oBE?@oJPlw`^~{k)-jf4%Sc&x0h-jR7yt*9({X z37n@hu7r?v^4<6-rS?5+b7={8|Vx*dAcPCd)Dw@H3C&S2XH@l_@&5xmlA4TdjF<`-XXyH{`aWF z@`sJ}2#)nV?wqf@FEHX-u&FrSFx$`B&FmaqZ4zf$3?jU!`dx?eE&Js)WfwgP^q^Q- zd`8$Y$(cmpO#zqn3vbQ!Yq_Y@o8=(Kd;p+H-hrrB=bAH@G}WoVO;+3VOFYZFT1w= zFm_PA_a-U;GI02bIwT8Lo3O6kPT_OylZ26cnu7!o`;&m(#oNlNO*zIOy*3{$+u>(NP*#+b#$a&8hy0LO}iH*K0dQzZ2e5@VfEx9-6)E4^eJO3 z32(h@$NEUd;#>R*|Jg?84MU{K7|#1tu7Q(q#TuD%a=XK|D)i8L0w|IZNy+=bb_WA! zSPeq}W4b+r4?o>@z8;GX7>~rqFlr2Nl>n~?=pcf{wL2iEQ$)DkH3Cl<=pbNu@7Fei zY#cf$9ZnLp1^fNG`PM_~>a?#;=5G@C ze(Sf)GT13lG9#DLzW@{B>FA>~`#|v<&ztxvk0l}`m{z4}Tv;e8TI4SVQR|r}PQj)ydKTSw<|KP(AN1~wMuqIODn_xKy#BAwlD79O@j^6GQ5z=WVz>c2mygIwzydw*p3 zVvS4yjb=_*w7uBOjO>$o+QU8hZpE(-Acg`WtjbxTE62d6hJWVw%_ZQ=P^1yFyqj{k zP2@f-t)ve^CzSnD=WPqT2`SQmf#QTi)A0td&MRLzE-Y=Hak!;T^ZI?!DCUodCi3HS zV=!&;kUweB+Trd7I8iuxrLyXaz)pcX9r(y=w*c?=()w)%*ak5CblZ%jRiuOg9`s!u zyypRkX&?gk4gq$GLk5DD$~qVc7>6bI2|Ig6dUhe_r$o!|K995#Idiul6~8152T}ZBy)|TwmM9mBRsk2k%W=jAmO;tPs_?xY9&^8#c3m-`(T@be6l;8 z-!5p?EeOmh2G<@yN-kbKl%B+fcDEGWrNU)v5@5t-5N;@A|%FwJ%!Zh>&S_ zvlC3uUm>M~Umbc^77ZROW6rq6p-0{m$F6!uBHhaZPAY^N{)gB`4Mjt2nJ+-`!JZEy za;n$S>#ec;=vgjXbeKQCmVIG^T7$mqyw)4pxIzO*vbfspaAzt(;b9cm&#s>1h{D%} z2-NZy{q1ofJ@MIAkneo{)3Y%@WS9BYW-gE41R47l6uJ~5(yM}71hsG3kSZepYu`RY z(YuY8)Ac?PH`Tsrb8pYEoN!P}9F&8K2>JT0H~TcozPy$uE|3IU4EX(k|Ji2-mhi0_}^%}9)1>7@?oe%`1&~mgSIV$*4znWdArNIgZ-J_ zsHlqTb0oB8B64y@eYB zboI`|CV0zt<{#>l2lo7L8I%H!@+FM=a+az-Z`T#P+8)rd9BsQKWf@-IjntWnC-9qz zF{FL1pY?Zrrw!3fp67_<{%T{j_{GsJ#-stBt&%B){7<)zHeY)ScejqYAfqMo3zxGbAdkCF6#r=$4+{Wa(aZ|?=MXOD(XOB}yl z5u45CVs_BU-q_r52t$Nm(zU%?u@gpPjeC76SCQ_|cR%(*^s@%bG*$zU@z=(-oUk@7 zMk91gZi*z=6Su!n#(Wa@l)K)L>WRS}>}KYT{SvZM{jEjuj= z=&!#cUS@5C;fIso%LFy7rSKbP%X~-tWI0v4@*rR9^6B)|?O?@qBvQqGiq;YAPIT>3 zNyW6+P4sm>xtz=f5hjI=;@Z&lscVpNOHbjqka*DTPkGWw^MK2ZKmQauEFTi*IG!li zhInbRr*kN6=fP0Qd?_|_O7Rq_zWS?RZ|qlOIZ+OrM)Oh6uHk-_ZKaip3HKYNy3_R? z)0@5zWsMtWI@wAo1znQ;vD}3>jms3$p@{mhgclOaDcCDcuXys5Uhg;W5v`z}Ti%B^ z9w}3m8xq>Rp?VsvultNuA=zqXxZpK~R-;jb|H_2IHmX>|?Fz4gur&0RS@NL7FumqL zu9R4oLE}TtU}b; z4aT^T_NvYkP{uJI2(q%+*M=y1s4d(r;U{p~e&H(C*Il^W9F^c^(ksb9vv?}Ma#>QG zC4P+JxPo-rcX9Imy6Wa=RwUti9o^mY?7f9DugJUSZ^POh(xKrsj5r{O#_CiW=5f#T zYcJEY7bykEb-6JCv9n3d@f5IT-_JSJ~^4LWoWE6Co)H4!uWm< z7!sDS!}vyogTsl5Fl&ZexAY`huBk5Yzk{z?PZaK(3W zpDe(v@BK%cL3*L(2P5QKL%&$K3altt#fN<|O~8$(Z&;o0&01|t@s#F1gN`iGAjwvF zj_;e4C`40+-tghUq_?O#1)`(#H^9MyuWJu7$9eaw4|*$|WFJg5!OVVd?nKVsN9(I) zS0VQR=En+UL}s&|Nv}sRLtnc5$-9_vox;27{&A(HS)Y++zu0C5hQilQiF(_r+r06~ zOeDm(5FsqESkNaHQ{RsBDL!9Ilb{fFbnxlx2e5_rp(y>SMTSPP^nrdjJR{j_zKOo& zmxB1$Uh6+1@*(c`3nliu`rg%NL&{+Juj=BYK9z!RS~_5%T=^(2ht3Pp;Q7W+OfFDn zwc?0W$*4ze*N$raG>2D+sSg2``N-KRkP$SR>A@}Dsxs+L#f&0 z>B@t2e~k@H_fAUuXHoINtq$ikib+!z=q?l&$D4%gT?w3~UoA4PavfK1JsaA~eNV?{ z#O3_Q+8y5Ke{VwLLB6x`kp7(b?z^Ym^pT4JxiI~<=7YH``{bUN2Aq^hN2po`;wj9X z*o!9y-bke;R=>1=Bj6(%rp#|{lAyJed~~*&pYkIcaPa70$FdF5W{%Lg*)MQ88e~oD z9nkkxd;qJ$H=oYYp!P}l6SmrVsQcp^hsT$w_WDNkANv8Y?sikgQoog7d3n#dor8>d zn0@{nqVS*YpmZnm`;0CY3^sqg4S~u`P8_n2`fGz!$Hk;d*FR6pa)}S;I@3lOxe@Hd zQ{>;2T_f5ZdYql+kXI37O#Gf$|NefxAJd|k`jxn=pTiK>+TK`2cXS}Yh{(Ynml#5A6s+yjG+EHMsW_|Xf~S*IiKVyrWIXpsss@r z8kRstry5AI^Xu1p{CY8mM=+af3|>RbG?o;L3Ozo%Ur6u%7g28=7u6Sa56^&fDlJ2( zbcevuBPfUK{=<^~W_%7($v>w2&kLTogFUHjB3L?D zb{kmc)h?AdzOJ-yf}KmttxSj&eN{Z*Tn?Sx9{49~lE})~JRA6AKp1lI^wP6peTro% z%C5s|xLJ{dhRH>>Jd2faHqBm~QXgIu<~6ZJZP?Et@$x(Jzn;CcjJ{J6x^I@D*W^$i z=fTx|%c;N>Q))<(xU*4{=1x;#(S_exq&tJqZ_Dhm(6bGlQd@DZiY)S&md(9fjtERM zKg+YnkG;Qw{lsCdBda!)%*SD%63;7WeM|VWsIn(ZWaD)KfFv0;`fh97Ah`9lD3E=o z4-H++5qq{y1LCpQLxTZ1uco|q%M1;2GJA#Q_2C~ZuCrPO>^$l)DomKIj$ES`G>p?F zeQCUp&}PmV7~#=63{2UvgGOeCWCCZ&$92`+k0^yiQZL$nAg9WW-(g}=I2LZ7>6j-#>3G77i?vua(sd10Ygw{kGZ)P3uMQle{Yi~%HmbUR^T%DV5F)=#oVQ&V`+u|$#ehXMdS7UIa`9!DJ1+P?^ zFZNZ5NJwIhn|yn*ZSSZM6{Yj^Ya?HYPZXgh>T~F@$z$Sp}$ewU$_ z!Jz~)l!9MaNI+EqGmC+mb$^JEbs3*HLK*JvIYj!pnwMD_wK$4a#s9(3#@2zsm zmeZio#Cxj)&FBzT{|ma-Q={K`soVBzWrD{bemrLID%g^Tl7_}A^8}R7;D?{azAE`= zDW@Q)gZB#h8sSflsp}j95z5^LlESr_hFXhv>F-~&eaj4#rMx-HLSBrBhZNupX-2A& zQXe!tir~p4{txF$vvt)aby`WvxyS9jxj}S0(v{}d=9nUwf)2@)e0N6o~0jT{@l z!#@Qmo|tm#T}c?HMA7|X3g`>?kS>)>v2USEs`j%@Hw8T?Ntb07B;0MO=XT%BujYK5 z0tAW&>joD$qeLR*HcQ^WK2dvC+!GD(^7#wHVyPt>(|1hjNC$@^1!PZjji)9Jq5sYF zK2+k=Nc-~FYdf}yAR53&pPY+r3Dwc|(}4Yl8~iVYGN|jNoGUh^z2-k}NxQ36D21rz ze;zkRUS}w4^t9v+r<{?j498ktw(MML?VEftAf~C?2)FmT+{-ge6O7JIpO}E3T4PH0 z&x5mHZYAUFV`plg9XagToxg1YA>KLRoAWWnV9;~+E>|v=8uTTQl}*kXeswc7tid>P zVT(&(GQ^nM)?k8HyCim(7Z1m(zdj-Ena}1NY{AIRz4Wavh<%k1d*K_rKiv0WcKB(6 zwbCi&^Bk%bP+oqsiezv=#wqm-y zj>+t~W#!{1n5T=$6iMf{t1%@}IbNIJ+s(5A^Mosw!{*q$hE7aSHp3=y)*dXedL7a# zHAVCLGsAw%W6$UM517)`_UnT^g8}G^`cT6eLsOIV9{6#;eoZ* z{9AAWd(z=y@Xf3i`J*KOm*MBPtfij#*H@AO>c&aeS&cGYp?v8-4etK>5Qd4PHEG*> zo8Z?Y>cQgi5SQ)*t=}|o4cff(pFJ0DJ)a$b=Av1GW&}e^hU{TGI~^upYUQT67!x8t zi%8H&*d_iBtXJIdq-W1Q6Hf@--srdQmx~<|93t-{iv?S0+MutA(o2-0v`cvJ^CHdE zPfEt;1;n=!z@{O`TxyWM#)G%N68~Hk!`9RBF?-VDr10fguKADbCytTO{&tJ)obegdAvk*tQxId&2Exz*!^kyXH_yx z@~RZ6@63aYirg4eW9HGBoK{`yjEJ549Nls;3$Gw6l;^sf98W0Y)9aMN(CqNBpB}8l zQ&>~Da|u}=HS8bt2`&$3b6UA1D0NE)+HFkTpk6w`E_vk@1c8 zZ#eKeb)36>dh##pZ*#?_VFs1g*=JBb6 zM?FneFm%U$-9>>aMdCN8rq6oX)+pjRM2s5{(S7`|R_yP2IMhNxcqqMr>w$ISgW`;W z`)*2};x3Vj2A87^%WZzo`VS?vd%ILWxw=j)&KdqNbdnDmzRV7 z^W3J1St#b`)b(=c{CmN7``cm2LdcWF46?3mLk|YRIJl_BHSS~@M`OMfeK*q?avE+k~_&web zyUaxtT7zTKD+m;@z|OUdilueIy8~lpcFKg`zyI)v{??|qZNqEm>sINT*M~vUpi8iY z<#WTvVSMPK@3S$fXf`RFCZ%Q$is^ueU_@Wllfs<8iQ~_owy_XIKU;q@W7$WtopT`i zYj9k7(2yfyc8;|{KFKVTD#rM7l4QkRJkDb7eLarl!d6M*UgOUa|I*X5xKQ42a}#*` z$G@LcZ0F4lj@P!xkJi;w5!A$MYrKxn2$bdm)zS~-i&FVInWoB!o#*M{9%O|sXvuD( zzp}2)jaNHTVFD5+LB;NVHMv!euU_A8?1Nb#eEnA{O11;RGdmCg^-vU>K@lBmuzID?4gQNva{T3zX zw>sAd>cNdlmlzNFzD~d(6!%JhkL&v#$Xy#XmjdVA~kBtGMk75wDPo)+Uh_xbC{WHIoTh$~A0};6$lBj=Np{W%H?FacB^qUoydT@2 z7BKlUR-T;6qjk^uoLsd@-D0V=TPG@Fy5bQ#?)1mDy-$nRJ^!LT>h9k}Ve~fMXN-m4 zt`=zqtYr*7SOu1iLQXGRO*q&(eH59?F`dp+yJUVE)xQN*yme^_U{h)g{%O0PI?nBI6e2z87&0aAwm2Hsvl)r&rRsuLv zo_lgO8?pVVP@*4yc>TKG@<*mPJ~5*gi=f8qAjArK>oXUOt|ws%-cZf+CE<2cy096w zL*oOju6QquCaBagx23kXM?i^N9|3EQ=B)z86kw7lc%?$S8Uy;=lj% ze_DVYIV>$Y-+t`K#A^G3?%Ro&4(CM7_{M2I$Cs(YET#da_JJhP-tVPe$!A+iikpc+ zm0MPexwTsoPsANgRpgSTb)S9Vd$UlXhuHn+T07&72Q$!_(wd8v_}tr|KM(iuUH{cq zh;VnW3O4^yF@NVkIScNM(K09juu$g)wGFMA(LBBQb!61tHeGrBL2<8uVwT%Y*~2qL zg*2n)mC}%*b+h_iQSyFz8D#mitKy5(v$XOR1gU}`VQuEaqP@`LR*H`e^*^K-z+}WmaX~1QvGHamI1?pG zy?6(=Yl-*wSMcZsi2t~69=_)fPbw!tiWWJG^v$dMiLr#&ze~m4P<5krkyE{YaNNYg z^?vN=e0x{_N{Pa-z4&TCR7Iv2tj4hmufFlSY`Gp_>hvdPajOy5UHPz~pGgV2~Q!^!iyTi8$WZ zuU{jz{MUc5<94Ei3&6e`w$byZ<;N=k@gIIMV2Q{7ABfMj;>;+QrJ0J~ zzWLw=v(C@}%x0!I4ctfAk+y)|9uL4(W(G;wovmHnWwz3{|DS6Za#SaJ)iQ-~vDXc~##gl`Hw0J2^>PsL?dPL*3un?y6|>)W&9!mA zth&AlX!dSCd#!u;a`@W}7AS_NGq z{bU>_gdT7NQ7}pUypVpKalFl{c<%Y3)MmkuK^*Dif7yGH>UZCZU&A#sLdQ07NzC^V zmUpDV$YOo0xqObXz-7ztBe08Ov;Q5)XHer5dr5HAe|kXYe@$8Z0z9Qi91bwKiP=;& z6r|bV6%;GbiQO#WP0uYrQT_RgjVPxYiiA`7@#Di({Pq~ z6u5yY2(RpS5282@JL#Jx{f<4mnLO}h5Iu4T-gdO->?29Q&OpE55&JiANEl=4@< z+D?#!ZeUC^9Lpf?n9oBgLQH8sTJc(1Pw4vfOb(q$cJe-&3&sn}^FO+Ek_L1patQUo z6j87AR7pSW$!a?qnW*3KH}n3KTgdqer#Du*)_rS4Am{8`no2WRfy9{J46#S9VeQBm z(zp+l_R|GVMC&h)rrzd_PQCZmQTN^9CJ^sfO|8ty&RB)*6Nhg-&|m~ z-W^_ZXa_ca=kqsG|vBqtxz^h*y`!Az}tZB$D`tvui=0OJ|4mBYoFqksg zujkv8t+op&-sZLa?~kb96^s{f8Z^(+e-0Q^_bI*keED%Ddr!$LIC(l$l?;|4a9YH(sAy<0#$pWbH=6LUIcWo1>MJRf8Uim&oje|AO*a*r4D-g{L%YoFqW zRaII5)%R6@Z6^C>Dt#-@u4P|>t7iS9MYo(RkgShnz1x~?GC(bWs**n7G0I0k!F*Uy znIhpF4_?URbI#|Skwzx&8; ze5i%7bjvMS%%0;(1TD>(M+ce2NfAqa{@TBBlLT->hQLlMF8R$s6Yx|?03MHhS{ky; zXjeV<;Pu4X*Ws0Chv+`zFrj!#d-Xr;CtS&*mr^ws~Y-aAx(j5q;#V`JMC zYJoaAo(oC<_5uClCPDnbnNJ)GJlVxdrOpQ>=AHttLsB)3RQM=jA2_m5O@rUiX8#Ot9Y463Tec=A~6qGM40r$x`z+9!sXT37^p2w?qU;iA*A}_~=rGIK|=6O8h zmGa~{E44|7u<5}4RxSCa&_!itpU3HbJCc>~=h3IdE-=DM(aWiudrZBm9MRwhJXvg6 z;D5gj;IrixVU7EJydqB1aJ!Mr;NU4xq17k-w=p*Jb)6RQ+=~HS4jA*uZD_*8xZ!dx zSX92(_0{FeS|=k=FcXbT?Ek`RlfJi{V3G{{nkM45qUOf74P1#VH%_-IhnGqkc0{h5*K<=MBUVb%+*g2!&qEVwx0Oh{F+hXm zfZ~AtUpgiXHrq|dv#|*#fqKkA7f7FlkDQhu7!~n9agp>tDU&%{%T~&^FKrTkvh7M6 z+ng@#rS7>i%{>=*UOdVuk$_8e$6lVCl_dIa%e67k{a8(Q$fnEH4livQeeYzsbz@aj z@4fdmAGn0VD(uEMvU#0?t}ag5MMPeL&NUBM{C9&5J$}9Z0n}rQ1r71QjIaM-SYFVe z*6GXnPQx(YfAl7)i=atOKMIPgHnSE!&c>}Jpq6cvTrW#S%gD}g+?5|&Q zK(7uF%O1)~#K9qKg?Zce-!GlzSPi*7xQ6Zp84Ruox>=fc$GBvLu>?-o?ik9f552`H z2EXOF!sUF|_jt!~MeZIopSbsdW}`P!R3g!!WN2?pL*8++&oEo)Z&GdKx4imjAR%#! z-sb!#8a5ifOLHb_)kiIABU2r8xHc+c)()&(CWj5n4pM4m5Tb7L!2OiAWO)!LVgk%) ze{t>Xo3oc?rjN!nXh*oYZ}da_hdVFeAdlUocX`ds4I>yH@g>2C7cGEW6mn@7?4jY+ zHr$J#oS47cN|R6rj48VvXTYF-9TH~6_ueDms&kot8%#Dm3EFuj`Z>2;dajR`Wm`0}9&s0-|C2r=&+PE?O z+lyc!gyQ^14OS*wq3uRe-(UzeoHX+?L`SA z`gNhdAPk80$uQvObeBxeu<>*yC0D(hVE0xLu!G?qDD92qOz~-7SnQ%Ri39hNM9F;C zzYuA^Mq$FMl^Z$wwu^3Cf!Avo7;e0TgulGR5rl_J#u{#O?ZR0!G8utNj~^$7 zssSO};GDnU6|kShkCd&>_)7u-w=*GBd#c#v-;yP9ULdcx&jf+hSdadxqn-$>z9Es=|!!?MST^g7tE z@r}A6|CRhSAnX&`$toscJqK^jHz436YUlYNiO+nrGh?3~#j679%%YLMY#CkRrakN5 zvOB@i5AbZw&2U0|-^e@3vXUg?qSxLRer(v-aWiyZUAU|L=z25}=jS{cSGjKg!qG^b zmH=|!!c5iBFjcPz(zF)(KH6)|=LZTpBplcSV|g z;dxC;sx|AqNH(UC>Y*`=3|;K(#-+D$f|P~y*S)jQ_&(?Nx5;`4_jd>kp+$S^+n)ZpmX$mbaV3|g+G(2`qA0no3&%x}T z0#{dQ%M}k$1&XlXj#UvwLAl4<=@;GAQ^dE!qmmE|i^B?`?GrdQ;+7pVZie#{Gv3(G zxLt_+!DjQUv0su$51sj7(#{tT*ly8(YZ`c-YD#>aJ6PhPc7jJjKiQE&ZJH*O)w$9v z4Y!`}QRo^nYo;Uo1VPJI&r!iDH4{Z`&`HiULdWY79)Gv*|7j0+$#^YuiFyfF{|$<& znsnzUI!0(qM>IW$du~_YX55y_y#Yj9s&EdDxbZr8Gm5b#Q#Fpu4E8e)ju~=MBV|J~ zj`Z?cv(hU6YA<)w#v{Q1gU*HK?V729%{Qj+bf!bJu!i65IZIMJ0vMhw@Z_gxl7Kum zE&8JeM@iC=ruVObLKiuVk*a#be*|d`P;@X=3O`OBwdM*#x_fSE$bGCi4llg^BBf;} zVCOrxNcqiop|57i8~^<_*q^Y7PFh*uI(RlC`5?qY!x07_AC+srHS$@A1{LpZOMGqJ zrl?IdOG&Bz==4Upd4RHJEFD-y!52Rsp(-0z>)Oj3_8|8^`gGeZI}?|w!lOlDoZ>C~ zFsiGz)I41{$E$Zjuql=^3dHw*ZL>LF%GgL%^&$^*w>c)*K|pZI&@oe}%N+$i-B&)z z66x5)0h$nf${mGg^02@&j3~sr-8He6`et#~v-I%4zBvt+PLm31KyL9_^TVb;2`-WL z`US7J7tf#)okyOVzXv-_?hqus(#6Xna@cD3;PCvxfJO>BCgKPPkh8J&%9e0r0HXmn z$fU2mlXrUp8i-t*t`-HhRrr<=;vGCJgc@;IlU3l$_zW#NSoZ9h{|?yZoDJn!DO}W? z8X!Kak;JXS+om0N1G?;*uFf{e-2Hwqti~Q;bzS)#Teq#s7k1pbd+I5r9&r(1*CzwP zfwgnj^cz30LK2gL2BV7I?p57bzIHd|vaC5vczhM~y)CT&vjy{@8q_Q)2hUr z4WA`FXZwf$!pJ_?ZAIpB!mVL?tRjMq{2MU8!dJE?c`m66pbFA3^}?G~`-mwb_N|YI zNz*#!7E$xZsO+>zMp#Ddeq`e=csvh(Qt_?- zId`yy@!-N+JxovieCwSZy1kDOT&Md^e7ik@`U|&ZmnHElPT0vZaY~MSH&*Q%(>Z1n z6$V7h^JSt<+Dp)^F>kYbIAp}7_U^Lek(}U)$X3TXFu>op@`uuEB0eP=p@QjOrW$NO z4ttJC{V6HbGJ>Z7`<6I#()5cGE_hsL(D$)wU2Z-A02HoScI zu>L?)&jFHuNc5k_?=MK)*^w`Jq!Dz@>SkKBBO6=(2a*=U@P+$h%!bNW!zbmo<_{A1 z>wY^(bl#)rm_%40{d+-lqEWRx%#Mxl@<-xt5 zv+~%_7rt<9rH5n*J7U*<9vgPa3F|&Dq~vaM$l8bYhs||AeHGcGb&Sb)^+cNBAz`eO zSVw4=LhQ$c<*7LfcAc6NoAd^1P7M%lYfUOW{q6GU?{Qb(S%!IzMp{nBW`whJsD;UY ziQ*pKB$!@1vLS(aNN3XiUD}Cq;XIXJ9l884sfJU`sqe}Gx$*S+6#j)wCLHuQPPasDNF{36yUcE|G2 z5&V)>QPYQ7xz~Y197m}+D@<7=b@hB4whzoCLY8Cl+p2Rc1G8yJ1Zl;0Ry<#BtM*RY zWOW|D-#j)p-(I!1#rpExXV9gm=pIS&AN7}qOoTk#s?(YRt^){+YF$HTZuJ$V`%c7^L; zh$S925gB|&1gp)U;kFU%?wtx)2-3TB7t$s+rupk~Y(&YeD$&)Gr&!rn{6v(bg;(zK zp3>dtb$lJkA*!X5^A)=Xw(FAeFV&kqiI-2`Z>@NK`_$r@EIYMuoASFa(( zJ`WJq_=dKrmhJZ%p^vU>_~7=dgCyjQQS(Q+bRaA9ANAQd7mSk%{ddD}G=!muF@6w| z$qz3W=8udsC>`WWD-7#RB0-8+y{;;nx&0s^dts@(LN8LwFCgnAML;RMvFhQ=*%{aa zJXf2~-;b?73H<6{a~@Lb{^Y15riQ*^IkjT(tqB-r!oEINzL_bUcamGSPBB`=T(186oKSeM!xli7A%58aE{}t4fHPxAGMuQCs3aPdD=NR3QI z*}z1{yc$MK6$(gaUCNQg?G6hHkV&D#)c`Rp{1Zh1Yd!*Xe#E6i=$ ze8cLV_Q_!S9_650iJc#C*7ZE)BZoI{o(=3TOufKilh+Y6yek*O{z$j0?Ar?wAFH_f zyir^;d=!afm)fF!w4Y$#p^s|{q1&~efqBk(NAA5@`JyL&(dkxc?@Yw$^ z0ctV#eg5N-(L6jR=qKB(I6w(Z(vCna^X!Il{$ZQjD0mNwS+wShb8<|63dHZ9U)>+8 zUS@aI@fSJo3~wk4H@S}da!z3UxjyYd&fdF^7~EqMYVPBi)Gh?8)o;wG$nM}t%-bf+ z!czLGK;KFH?H|o={AC4O=-5@8!{h&QT1$+4^gEk9*lT^GDCzlpPyoRp+@U$EWga@d2S^5 zEFxUb(!G)p7ZbO=Sedd*vl;HU;m4eC^2P%lo4g!+@Xr)wu^{$m0>i?eRf>}DPNDZ6 z_g)>*5or!vQsD@5%?$ehibvuYlDy^LF{3Ta&DmF@C{oC7<2KZOo@Gk^G+poNyXEl) zd(!y_UZ3CpBxzDyLI0H+44rM!>0o+p7F4t)&1`@59Ez5oz5U=hM;ETcp9P((uXs{^ zzsX|*|1Bsod2U5~c_wHqGG02z@Ia97<7ah^5S5w_-pbzBd%8YB_L2UwQYkQbDx3dJ zowi&>iN=um3!Y2q*F+5q_+&JJJV(u2+`6gb?mnFcbIbYnwu=`FF1QT_g@uI(T+jA$8^&k)%e5-HC#or~~9p!3h?Bf;{8ZI51`ng)B7pr^SM;+Xo}KdO#1&CMnt z$rp}q6Yz)v(<6sGO4)C()3dhWPU%BA6|>L1-cy-LQ+H# z)?3a>Q1c`-jf=8%c=})fJG3dfW#(1ojjgMJ|uwBEP>cU@HJ z@WTg}*zftuQ+Za1T5VU4t44I&Q+`+_QIxJ8DpuFrpr|3DU!@LL?_O#L2TBS{4xc@= zFZy}cLxuLZkEgn?D@>`3d;79@w8HwSI4*W5e>!#kq@k&tL*45j(Se+D=ATWYC>hN8 zQdaH@;}CN6B5A2xfNt=8eQk53=ky{e=5Y0=4>APwnqXIgyc$nj?8Me}P|d&m?;lf?~uo<(9d*9m+d^V4^QeOb5o`hr^rs(G)|G~4Q=Go{!r~Bpygy!jdh6I8Lc}r7D`~5@8{1^s6LXJ)oi^FKah+l;-XZf4@{`70WKpk)R!7YhgymGM7F{uA5+@s!V$B z*g3ZF!?TcqBPA%}OO5FLL5>DRx5^Y!s=C}$*O$t5k1^p7Ghp2Rcr8Dz1DnKEA~eZT zpJnRIhL_DJI>yixq42hdY_;5QK_yGK&gIGHjx#Gy`ch0Dr<|B5@Nj{RPMkjP2d`YQN-*A}uOuMj$<1EvIzZ5+jUBsO>zsh{jz2}h+&S<|yjR7Uu^?fq^Z0F1|+a=Xg z{^`r}97Ko(IeDvOHD~$Wo74`86Dx|RI3E$XF8y{M2wuug;r^vHygR8RB`6UG2n437 z^7zp!(>`8b6m$(MwUFSmEQ4HljQbNM#`<{H*fjCbE>%Ej1~h-_X=7euT+zIRx&_HD zt_t?AGn@my8*c54VO$P#%|`J8MsLU!Gu0u{Hb`3{0zb&(!;cru@Wraoj)yXB<+9bJ zb@;84MZtdgDS=4VcW%%`lq@P04-#evX_;0`=Fd!QhI$}qP}@6h>fyN4J@t`FC_#d< zOqvMl$+o7dk6k#)qY~=N55`5t%Mu|Upf3>lvv#aDbTYY!~i<~aaC?^P%tLA1K5y9MnOclZ#y0WqAMAB1O1klb?TaDGTo zS4Pjq0?(4kl>rh|kCUM~UM-TnwIbArI%3q*Yx17tt^zn&6);e}J@DLXmp! zl-4Fp>sq1#=`7g)S9y`*I`h?cer5;9#Lh&T7aT(g=06g}2Y1c1L4(PO&4~ogG<)1VT(4v*a z@uoYLM?S*yMOQwnlq=nnOC$^Y{j0l)y_q4*Yq^HrPHwqEkN!f0J#Z1*%Goj4#+f&S zNixLTXxIZ6Bctt@&1lJG7U$a%)Ea{P*&7~P-uCf)bJ2FM2HvneG+bk%QS`TDP8?v^ z<9BS;8pMy`o^;y55%^n4e@~x%86Yx6;3IAcK?UnDskbnDgF^%?x`2RmKiM@~+}Jw? z%91GD2K#XV+=0foD-=R%K8sNjkq7;Ds8$AbcFwgIC@J#NRO)RRwuGAr>kcj?eYF_(Qm`z%A&DB6jaS0IjpH;L@lH#Z4^Fp#=;}gf`eAXXyc3=W z;bm32{NalVg_&s(I0+Ro zS{4;$pk{Qzcw)2n?j2d@_ik9WJUN%$xNat-6F%9>C4{zDGeMReZ~bw5qKoHzZv=gg z)M6mPj@6F@PW!A-p`}TPyD_Jk4CD{@a$4N#LO3s30uEoqrc)dzhq4^}xgmN!-?gEA zmzqmJszrgPyTVU&Kp}*GC^;xJa#KVVtvOjG$cFVk+x+{q<+c`^IES`~%@7-|U)85o zDKW2^? zC^G`8JnDaq>AtJkVbqC-2ZLG??}jb*d}^R>CilMm6_PrCfrF%m>7-g-@Zj!H^*u)y>tiv6)FyY;2iIHyegbs%Glf&Ngx()5Z z<9riCG0^7g^QP~w;(6#V| z!$%|ULnVndpUVjC^}(HnTu4WxFb$xnU=IEPp4}=uVr~+&I5O{!gRDykVSqTp3+sHQ z6=6cx_$B#a=g3&(n_w-|BG8HvUk<6+6l~GTIL<)X>4W$Fq!!Qrj1aP*iK~oYzjwRp zT@0S#i&m1$52wrjnWP%iQttp7ntcF|vJyFXk>VN6Alkj=#AKH0iC}o1mSzDt$_ir^ zF{7rQ4BDCyUi7SFHT(3)j~l{khF9X!2=dUllkjDbrmNB0rIe4%-fr9*igk0SeC_?# zqMM?YHX%b2e*m|k1aO_cKR`w*LPF!L;hhDoTHWSA8c2^MYSL^xdy~3ttwugl#smSClv zPxLl^X?A;)Na%a6D;QfX;wmTx#f!psSct<3sF^4uUeJI(G#)$%Puu*U*Zknr^+ZB@xc(^uF^3F+o7iKYs^7QaVC}J1^Bdl*?!O zWrVODcY?1=6!Ishod=~{f;sJ+xrK&4Mvce0O5V> zY`H&SxNh!ehXKxbqQ#ljD&FzpS_QNev|dz_*s0DWgyGisM+xK4>dCO-VIbn=zdEhP zm}z-Bo2GWD3X7Qpz0Rm65q%F2_j2U3n2w}Y2$G>&k-wB#0xa7-Q5NoMZ&K~3+{nih zpAfl4dOOfcLn_+K$K{FtwL@O80;vFhuyN=jBO5~gcI|JFT7uq7tIey(g7vc=ke=C0RrFpu+1KQ=o(HJ_4F$g<9}bV3b^q<$zW9d zb}dSgyp)90I6ie>QH&^@HOebgb{M0*A}7Rzl{xR{N*a6TJGjmyxyxu?&OR)gV4l2+ z7jXP5|D?09ZFotI1XaQY`(6s*18-$XW>?VanZrbnFK<&n(s(EQqWOgVn;|b z`>c5&Xyn7wspczBC&nR;QY`W!RpWuh81?YC07MFZ$Sukr2wmuKCJQ_s5hW4&JiwvE zElSL@nQo+AlASq0JUe!#h*0fL%Vx5~pRrX-1q9u+o3sGnj~Mw#ZRN{04cDZlKGVEi zm9G6GiF<3uz7h_z)6g0e);42pXDw1QA_yQEg+(LS`4<3{MSMccPJR(zsY>Egzp9XApyj7 z!TKENJabuC`uj%nHw((kw$jwI0>8AEhu!{N7LLt01A(;Y`(Sd6LxH(P?7>Pg_Jxi? z0WsSv)bo!Hla{#5DRgNE$SK~W0|$RgEzTs#J5w@upPljiAHjutBU{{8p)By?0Ro90 zd?^qeqq9Se#wvYYCQ@zpbg8D6yOk5j!-JG)-`!|Cmay!q3T3n@M?*CkuRJ<+VhaW( zrIlC@qZ@}V%0q=&*_rDDaE0R;HQ8}*g%#H^4{xh$kn=q9b0zlz(#|&aBlw#X*QjRE z5RNi3vFjY&03N#iKKBDn31_oPxD(`NmD(RaBJK;B%^$RW3R`OA2@E z5Bb1Gn;(dkk-nKr6)}U*+Glvz9-u;A{(TNaI_Rnq6eYtOmQUBe|Iqesxb!SntJCI@@U8Rc2TI*u~_F@g>;Gd9)JGhEUk|DW#<;Ee z;)DsXF(xSrXA)ilo-Z%|EsujH7x~t^zrO*2;?~2W``(<@j`i(GEc#xlTd=ty4|&yp z7v51Qlm$#wT_fA*SHWx1yu#b+P?%dQZtEj;WA*gKD#_+nZ}u*^Kmm=%IH~ z@c?*2bnwA{w$bj>x)sanp8?H`2!UVbZOV>HxMOswncwkiQtn zqF|Etd>Cc{;e-jaU#1!p=+579br9P<0P?6Loz#rB$K)D0ugj!;# ztW3AD;+2j1^`gt2{imYCKIjJXG^>)zEP8}+N%>|lXQbfvQcMg2h=_tk?yOItV}dO} zBb>R9)E_i-;N*=j$~8&hkgg*SKUUz=p-h@N??N;!!AiCZMW0$xyh8di0dKu80!EWC zyunr2TPOm^@`hoypLBKc@+#&l7Rq-1RAL&32;z|w5EE3QRB&>MQNvwI+zE(Ux^fBx zW*p@vlH$nXxIjsOrN=H$Y=VkQhOiRQ;JPC4(swa(0fJM6kaS#;njBnr`zRaMg=0E^ z15u9AIpQNHB!RN>Y8Tm_wV${)3Jc-!;rPHa8rxS-Y*7h7jzj`sHxUkK3&wox{`NQz z%z%nu)$+vpH`Rn>=R362DBrz>u0d}1y284m)D0y+q?R4-qIyfPN2+#r*b^d7`hBs7 ztAXkp9d>x{*GVodLA(9-EprG7mTJ`*+ZvqP zixTzm_*mFAh`Yvxf^rtkH~TQUIfy}YC7Z}ypzjHlGx>}gCpx8r&bMoGnGj+aj>;F| zBY1L)6x(=e+_3OAB3A_CHh$F>kt5^|3B;5NRpE#!zh#S(_8M->&oyeTmc>tmzl2$$ z`o&ffJt1w7`@{G5+;mjDMMsO z2%P5=B~{P$>adXEBv7cmGi^u9_p`0N2=p3r3W5tIFeoeBpHBO1vkD&)zQ;8bN=Z7) zQx~Bk0JNT?!QazBSb)8V{2k8*N}wk?B1gcfajgxEB(8;*Joq%#pd6{uqMlAhtgXVB ze+#Y)9QrYx)zvPM5s_5NPyq?YNlWx9ziyf7+d(5*);sSkjH?Y+=@UzIO4Ea%q$B?} z9p7CYtsh|qpyzPWLk_Dtg}P@NF+NKxhq`a5W}J&0mKyLl{d&#Sv61Pi@M5BS*L{4TO9s2+I=f1Brd zyR;uCQs@?~G2f5RxR?P(_pgHfE%TH6p7TI_C}z5b-I9jOBZ_hZiLx?C#>4_b0QR;m@< z!hr$B`$S!32;*))%q!6a7f5k3#hc@Gw&7*etRLz1`@H4?Y)~9tJJTPfFrep0D>3%z zKv}@DQ<~QFmIVgQpiCuk+k5_>gc(6+?!x0ciUYhpn`<~Lt?EE#t2VIJ9B@9c>5%%| za0FmJMtDx~@2nb^flXJh;d@GSHYs%`jDmx2-|DP(V!lU6)>!P^6;*xuF3&Ry52E}O z8alpLmmi5+deQVNv>ZY^v)*;TQ*33zClCjtA^R`x;~y)5#U&|Bzlem(54{mh`Mv1@ zfsFCjD(O8LPp3dm+24rhBXdJA5$DA%CevXySpxnF8h*< zbr7C~7s1?{FsgzwAaP#&59hx+-x9Dt5I%&OIwUS`I*@jbTE1h9h+q)4PPBn^K_2cr zpv1L>%7?tz-N@LbH2+K#%Ni1_YrA09OJ8o*flsvo!D4-V-vSc`ko4jy0qyvdp9c}~ zvx-Ydx(wipX>8vw!j<*89QMZ{)vLm;aVpa(5VSq3tB2qzk#vjJb)_{sOxkKM>lQAI!Q*7QM?zKtT}k?D+uvxG4&CcCp&C-4CF)L++w(`vNMVQcgtm@_EuPup z2YAfJ0I|)He8j(x`C8yre-{Xl-S>|)gkFFwnc;$TUd+?*XsXFLxjq9!YetA*4xP|$ zh0uM0Yr-V3V^U77!sX?BI3EtWo`0jPB{qZ*(xUm*Vy0*uQ5MEuq*vAOL!gwfr!d9I zHaG4N4M;eGJ7w3UE+1E!s+NL|$~(`=7^CGb^nU)CD*Mms=uPoCV!(%f~2zoBc z+h1qXsnH=LWV@MDS$CcE+4~FPb>p?R*=53(ocLYoT$5!~ho^ZLSrXm44am=ASVonm z6_SP$00~TY*5QNJ zb>P5$vp4M2CgiVJFWSyLPI3?ozrp)!2_pMtKzD$gOCWG-oRB-1mUQYR) zBhL~WlLTi?gX(sSNSKkXp|d4T=FEag@3;gZ`>G;$II*q**Bw5?o*}bU1@Z##`KGH#d(9{loOgD+V%~ z)ns8*nC#v99V4-vAj&z990sHKSYumnId}Q9q7FDGpbm(9X1&RhYd}HQv@F80{t=CQ ze}SbU6$kPW?alq)k>1wE1T;iGt>;9ird&K5X7np1K4l{zoOW~=|G=|%>8MT0Cp*$K z*bUS#sI2ONfBlH-EcU(JTG^$Vukr`J=?#b1SJ?Dmd zYv`QAkt97xE0RV1I2dnerj3btye_dIG_k^;XmY`OU*2goEti`=%tnkMG=FziZ(7uY zC@%&a%j^*qn&+>I0*)0fVOPBCvVi+4woNZ;w!#pP{)J+~#xdMPX2to0n{!O6+{>1= zc&(H57m%U!mili@v2%T^baMa!1gpHuN^g&1VOsd`2BIXU@;t!i_=pyC`9LmPoHKe1%+Ld;ET+mt5pQ;5`|ikJDevm2v| zCHNED$YKV8c)DGvzoMp*tFtBJrz-=b?~@#hHL}EXJlX+?zMj9TpxMNX=49zpdkL>g z9P##mmnu{f@w9Mg6lG$;8iMpxG&2Izc-oo&gTU~4-0hwX7$2k3tuXC(LyewdPNVxk zrQ9zP98n;|>2aBNrczSRC_iV1L-%7pq;ElGboy%G&R-l(75c}Xxpe?q@y5!>W_r|Mq+jUadHSIGB%*AMhr5(wqx&lS-=5`QEomQ#N= z)I+S20S>;Hn;l==sSFW_=V}E~nSzkCAnN80%r%t2MViWT^CGT$<24`#77>UfR4svW zU5eRYnMRep>u5fm$_tIdsz`xZ`O*8GBAD_a2uzHF(B502C!5T2P#9x10cnl;8?ZVk zw55TVgn&al+8v}R^!R`VUx!;f>zJ%H*w4uD2)kJs`y%^M(C8pg!h|F*BmrZLYM*>k zxPw6ewwdDm`wdD66Y{Qzct;>(VYXmjrr9V988DWgg@uuW-OS05GhnXoKxD+);6Nn8 zwctGtzQ|J!aP{^#CgL$HM%uDHZqVu9rQiqq+82%o8#=I4oXuc_B3tetkDQh`io^O> zuCbC}2Fo|?8IqcmE!~4Ye2F&(|M~~gNXu+rc0R#{#BLDyZ literal 0 HcmV?d00001 diff --git a/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/baseapp_state.png b/copy-of-sdk-versioned_docs/version-0.47/learn/advanced/baseapp_state.png new file mode 100644 index 0000000000000000000000000000000000000000..5cf54fdb4afa95f4d57ffd6479b2aede91d5b10d GIT binary patch literal 338941 zcmYhjNzU_3vmN*s3>bwA*ki-+us*;w@DKLQkd4^)Jvq4`DRyGtH#_h`JgueFKD-Mj z-|reQ9!ZZxkx4Q$GUCLEllt$LA^wMd`Op9IkAM8*KgbgA{No@0?l18CAOH8i2V2(v zM-sum|7&$b_8|Nme9=Rf}4fBa9|C))a}Y`Wqff1%vp@BTuddR(`^Q2s9jNvG+b z-zKe=v|s-@6dTwCzVF9xQ#Qr-?|l#mLH`>B|2Gu!VC*lHfeG+}6aOSBDEWK;v?_*w zYY_h@1RD6SdYU)GHm>zwC<{Kz!&Y?QKiCXjO&7dG;0Z(j3giDu{=eWYGfiC)7Ma?B zYY=dh{3l9)&Hq)EJYD+>;lTT@X$$aAEb?}I58>)%?7gDQ9N#+}moE*|KpAIHP%g z&W3(S>5o-buZmgNY2z0NpFZM%p03!2Hmv!EmjY4aO>!0resKv7yoDCkXgnGW(;a&lV1 zH#f>4L_r@k_`(ox^(Zmioh{!2y(VZ$X}&v=uHI_YSK4IoK>$ziKoa%v;$flhThPJ5 zOerq33C37J&kP-�DEBy3G%(EP#m!cyW~)nTBt}?{jxWD`;@=?yy582=}#wS|={w z4d4kL5!vz9_M<5id?3m9N{;r&lzahBC_E`I&`ur}I9WkTlOMB)Dy%p{>|DdhWH=e7f4)%SznAgn+t9)IQX|TQIkDhtZ@GC0Hu6S(Tp6Xj-y@$K%xB?| zlOYEGxk!9yQpV)NgR_zKwv#e{m>@j}Kl0GU8Wb*-gHvS8~6?|Y@i`}gpRxD=Y$rB6!YoI^yh0PD(wdFm9W?_@KJ{l@tACF;oCxXPphj5fRR>-KQlXlu{KgOO$vOowGk zVm^+aV8p%-z-ey_dzu;O~@$HN9 z7!i%)rP9JEXR#6iee_c$4b7NWh_2ABlMbR_G>jKl<{=7YIomC>d~M#jiq-RNFfa@~ zKqs^K#|M`@?BVyl-KRW5IBvts+x*0A%*_F(drv8Q$OlW9Ah<3_yWCYL+~%N(9PzSj zAI_@X-G_*f(;+2hoj+ng^_TeCb0XUEJ3vf_q~HVxuG{+=uJS$37ZJgzE7soj(K!`^ zG&R7fbvhm_m-V+wJY?_<{?#*4d2(l1_CjS`?^+UJT>kLfzS9#$7 z-PHpwTMLDXrFg`0P;QsMz9X{pj-hs)TP2^->?Z`wa&{xWU7v}8XyMO#={;t&3QET& zYL+wZW;doTbkE1S_e>|bd%4y{0do@yO-d8&7x7PG^5C<;^W+6Z$x*pajVXMEncwN< z9hzSzEp7yA@}`Iu%KWlSNXhWr>Dtfd__i)*8kMJK{0h4dRfBq$4jG0KgHY2F$0P(} zOKwkwB;RTN#GZO_E4!aUOctNlKL#1+JBSnqQ_g~LAh6D(5XHhe6Nw>IxY-k*CU;Ga zkT$n0@cx2YR;pxydCO94b&BDcTnN(a_tvPO^G4Zac51FqDhkmD;Y>>lKO#X!7;c8EnL88SUtHQT-iY<8HGz{1u=f=kv$`9siq!Q{N$^8;{N`fllOV(6Fj~o^MR`PcPwu zFZVsdV}*8<>FGK(sm}$j*UMzB<4=|DCurICy6euK=w}E(BSG#*t}p-|qvWyi969eE zp$k26$VuwS+_Jq!tanFh{o)@jPdhC5glzDwx|mpt!TWjsYc!5j5F2iOe#oS1+Sabj z?v#VWN!4sXT~zs$%WFTVhWH;uHfN(_x7$TDVZ}f9V9T7Q=ymTb>n5Xf;(l1-{^&&r z(m2|b7<2HI^`FvUKs(WScEkt6Zg%is8#rWWckUNW3PT}m;b0b5ChdNaj}#UTbDbng zO9aqyIZI?5oC(LJ79=g7wrhx+ZI?~sa-yIE5$SBAp_XPzAj|7H}WYg zkNM^|wh{P5NO{XDo2_v2u6*kW*;^D76nFc#B^nq9-dfy!Fie%GWG;)8r03IG2Uxff z6_x%d4BCV6yk1)oidg%_MfU0P8Oy40?hFew1HP!gzlSSi)A_a^utkSH-QF8MW|j*d zjZ;4uTr?ih&<)f&lCPHIs7bO;XD#mMYnt#tsUK){Doq%mG+^rc66KCKDiRpw}Wb{u0gm#Jtt=}64E zp5@I!DT?14b0~oJ*^I8K+dTxwt`NCfW=mDnZqp~E>baY5m}bQ* zkZdnXav94OyHBB2wTJ0MDLzfa_jctx|*?Z^Vw|j8Guo_#@Ni!#kc&wM|bsem=9v{ z#_}1Z9jyfdg)7cYJ|6S=?a%jFJzH=D5OD@hI#9mCxXCLHo>J2f5`Qh@ahnDbUES^k zQld(}XNtK+HKqZMnbqLvb(;fX%+c!o)Lb|9gUvZ5%fQXB=r;7MBY5FTZXk*C*q+6R zcD6_8c6qfsb@5w(fbwcmZEUBe#%cDC;*Yt73 zH2ZimC)NEyhJr1-_}#ZD)&0OPVmmT62_OQx4XDr;zU=u_q3^O%a-ZR`-+_2_o}C|D zxCp85C!6%}n{NSTEY{(>qOOJMyma#huoSjXDOGL>Z&vOCwj$S5dXG}JYt5coo>z6; z^rd$j>*;S*fzoA*x+j(Zikwcr4``ie)6V~3s_UM^Xt8EJcNrMSIJ%H1wW7l|H_`}6Ha5PX1uI$V#b-}N3b78x9H?rcL)0vXDBg@ zB^aFlbleHJh>KzPNpXetV97*b9fE*)vr{odbjF1c!^ar?j*@9yKZ{rloSv;TBLo#Q zP16z@n18xH;#_f$W51Wru5}4c&s<`LK4v)WMS??;IHHnsmcEaZXwlQ_t(34Nyl&8C zN=Y{_R#j+KM<9p+$qpMqN6K1M*#<}Tb<(; zJ5;bUeC`$U7@okzo7L;xx(VEG_H2-dDfBXgd1H!O?$m)`Z`L{Rh7d1at@d^yXoqMr zsceX9d6NBDy#rMOzx;Ym8_YcC?OxF~00IEL3|?e9;J(+2v5VSBrHD5Q;_&yrow(X? z7ztL@3eCm;JuDMr4bq6jSVi({Fq zQbE@IdNXsl0kTWGJ`qIfG(@hc{IOrSieVbadf6zyb}7e`M?*+LOyB#rM0ouVo{2MR?vA65Q!5Pbf=b5xY5<6)< zp3L<`;JRnK$v5~Rr1+*mI9MvKFITnw2Zb!*rzXr{_xzNk zRDihH+Wba-B}O)A@CW1W_WeZ_G6+uEAOt*R#Z9Dq`A!}QHtoG*l2jDb26b1XoShHxzR1lIVkD zW;_eUa}H&A!N^7ARHGf-M*HIDI8dzEwCXs|uUc76VD@YgF!p?X-dWj%gmgUX3f^|S z!?&9MR9=>TlL4liC`4XIGnk$Dr3T+o{Aci|Vh7utcT5z{%Y14F^Vio0UKi=@ov$z7 z<9RN?GOWmD-Szndc`NQZHr}D)C}2`5u=FQZ{oM4T1ml_=M!1fKoyGd6d4S}TI2feZ z!kz?v*ieq0Qov90%X`bemf{{s*QtY%Dwab$m!Ek<9Am{iH4;F$$JQb5*VFTC>KR1B zpdE9P+g5Y{lA(8f2!X?FE~2y&a1TPsRU^C;xrh}S`OY@fVL=ir4O;t7SI@V~`Ow8M zu$|AFpDk-LOP-27;B}phVtHOnp~I+=q0a@OjO~cP?dsA$CsSl;ilEx&@8J z8r4V#sTl}V9FsYg5cx2<$0X3leBoR8^dK)AF2nWe4goMt{Z&vbAMBXY6m-v*-PV-D zzr#h!RA0B;6fIUf!$^5J&56#N44al*pe*h?t3Fi_k$NGoz+&Ccfar{dEyA94JK((= zdD{fR7!lj0AumrT0*Ltnx>}%SnU6Y@;eLMCiQ}Yjp+X<`F&z7joe^_L`&52MRm|x1;1&cO%z9Z%Q9v zqu~IOL=5K82>&2%`0J}N@Iyia@p%1G(g+xq@AIJ(clo{auNQ4-P!KWl11bDROp=LX zjn?#8L?zAF5~ZS8Q5wcn0m`Z)rt@)8=1~LeYw7O$z4%@Y z?Mkb~-XJZ}to7$uErVUIP)Y}_AN$@8k{uo;bqq4_PUV1U|MOcoDGb%D%~V z=?TL#g&EsWEl!_FfVD99_bpk#7362)*5{8}**EI`)EJdnqOSQ^O^kXeS|{8vR3u~U zEAFKW*wT3yD8Os_=>U`kwdQr@xbOr%0TU-l;)(bmGDwz% zZ!0YX%MU(@l0|eh1L?G~&}Br_TgD`@%5MSbdw?&W_WYQJ?ZA|s9EbJgoWB0DeB&fv zUyw%-hXiOJg65mSo3}RQ=j$!t7CsRJn|dfwopF&y zqCc176IrVZd^(g!%Hh8*7#4&Uz4TVm9uIV9=CRTrcIvwsH^6#AxhSM;9~l%4@gTKP zT~5T78Ca(uHK(H&lf#|F?4Is;S5|U4C~%8FdtjR&iK2pNw97} zFbFlP{=SV|Y&3-q2%m`c5+=#WS(3OSw?j9$qe_|@eq)^LzM7wOFaX0x@)l7p>y^S_NCm*B!5fq%}a_Ypfuv(D73FGcU` z_BJ6iJYO(zEteVoqt&VOu_jDN=A=J+xaPZfu%J$(%_G%|p9E`CRZi=Gbzgb{CA7yh zp@4z=%xzr9kQQoFHRi2Ug$$GlmG8f37yA$vzsq6W%jJAV*=?P5cfZddcpRQ`2@PxYGk=8UB}_rDH^Eu#3Mwu^y9;QpO3K zXwfaHfKBQLW~?Nl5i|6g)peS(97$mG9hJF!S?hdsoVeUh#qPiov z)Fth8pk36NHt|_gS+;{~9f~{zES7+!3=hZeEs7^%?&%9bHKuGc_;seU<2PYx3sEOE zmplVrj{pp(FweIU+gm`>{0NC(0}?4D7u8_2A%M|@wmIsq2UtoT?Z>8RV1@-qy}A~2 z0Xd+3dR5+46J~xWC_OQN{9g8|wOjyARR)RG6Ql#66^t718}_tCguR*$V!*vv*Nguf z5Sh|?`KW&Ee4mXWa`K@>#?g1`_MfIE!IiU;F#}wLwf?DCAjwryU|E6*om|5fs8pf) zuX&tPT7M+XLJU&1k~xj7`0>x)g27CR&n7!xvO{oE&ZNPr^af z>!`^$DfW!_RmHeq2_OXI21-K!uo`(s09Ph=#Gi{S?akhCR-~;JH=6fQr~j$UsM&Fg zt({EDP430WebmCtLYW`1F$*Ud`XGH;E|^hB6{f0pSJ}nuHHoB<}GC% z8M1pCMqGuq-zw&cb?3NzHkU zqdy4lIj$#PS2N~O_mO`Uw*6*CuRC^MS|Kc^40yCoi(6#&Sx>ks7C(xI`C1OB35b{5 zi(y*Coe!hKG45eb-v>pyuaniC$A;8L3Q%6Xsf~+5i+UWGi?>6RQfNx>IUSqEHL3C^ z71r;v7=^CyY0l8_jdMTJgQnkS{5pfocgU}PEsr;TVH#ijNA#|*VT!O8(X)VR(0q}D z7Bb4?ylE)(BLWqbaTid^@bT#>X-Ya~yimSJm06vLUuX@qBCi+oR@RB2Rg_YS%Mjsz z*f}d-*pR9hq5gCRbx1j+eqY#(qV(jgi{4qiVcFw#Yevu1U(s*NZ}F(8Q38e*kPdZW zT&qnpp|F7wNcrXiTxl9i2vhxrr!@)&<}s_%n$Yp%5_kx@T!#=TH+Lu*_p`RjKu?>l zjjFSJ-XzT9x93;Xr2fQ$$J=y@Wl6kmWTpi^j+S56VOAPMQ^|K-C3>x&M@J``Bi?Lq zEPahx+ESl5#A@oM2m>UuRt^dhY2W0C!|A7gu3W*!^}K&B;+7A-2fW*mGP&vt{0ZC{ z^wMnzt0Jr2o{uu{;ufirSO6p*9#kYeVGCi*13&PyM%^p6e8M|xs67j-jKu?O>fXRYL3D)k|_#7lta5iUk|SATrv5h9c6Vs81rIjzj2yj zRwE%ewl5e#ddI!e246(dh82jbjvRuCQeU%+XG3I|Qv`tSz%If^&6qg_xY@4fthHNb>Qf06^{VtvEDaNSy% z@^pgdjJ6hSWV>5QOkg~Yb&m!uQ@VgOX-rL#ccV9c(XWPth&9mtWb_gCdI1 zuUxCdQkE5he+=zP1v5<&XXt6|a0wsu6s!Rl{0;0;khQcFL6|?vGAlKtcS}i#w@;<3 zGnJwsNG?j~mhkrC-QwFrG#f&Z$8wA0K0%9#{@S_hb{fI;2KigUpxr{ZMSRBM9>!ofsuFD&|rSO zsHUa%IXMRvIl@A6L3}BWUP=fS^!M_jUVyVi~XkN?u?CdTLd$ z3x?q$duy(5IvguG-wxB4Qw(wPD54J?R31#}jq`Qr*~dWGjKx_Ov!Trv=i$morF@ay z#4_mb4NSs_1(YjN%Gn9~I)P$u)hx(&H+6Q#(le)@G0#E3XLDDQ7q!-#Ms~IDkh78n z2n7lsi=H7Dw7#X6(cv@Y0YytHG;V4R{H^W_^D3hqF*u?`xL!!6;wxiGBWwIx{z{#w zv#XyDF<1sKfQQAp^|OB&ofqJYYLa{(l2Ue_J}H?sv9q(oZ=-{$18VQ@Y`BpiaV-s` z7i@V}T=CiwZAk6e_QmJmcWrr@gF&|9cb8nz*%llrSite|h_PtictDvxyns1lQ>oRG_I6Lq z!mpPzYOCNDQV+fc@?7yZuV;A;M}gH`!6!R180aQI4$9{FU82Kq<=&U^;Nf$`ufsg* zT;2Sm`_x)c*B^(<>LP~)Z)($H7GOeWx9uq7sk35bieDoExdl7+T%haB!qtG+? zbgreJ4mVxd_oQ@mIqWmiA*i%UP;?+koxiOMIgo$t4@^qt+lF zpl`@22D)TDS7qp|ZFJKVq*H{Fj<{yh!TcY`LQSKH^e-M*3%Hymcqab^2b=g~I3NV- z-(g#znh;T9X@~>S4QHD~)+Az^&-C%hQGLRj<1N~=Tw!NA`C9;iER>0oabMaL_NC6R zqYT>-1!{`;$xuqCt&jgT3>-N66IOTZH4LNFDg}`0kvVsa&<@U#*H!ddvRe1{mAuw! z4&J!+^FYI;OC^*$AwYLDbWfSgXI(qX*d&;| z18+ez%^YIHOepdfY^wJ{Rs`ww&0Py#G^oY5a$4*?tMYDHoqrE|<7&|W2!POTHCf9< zb(G+zFz2uaYlG^jL`U+EYB>H--!U~9q;E-td{V@8r6R{>$Uw^5y0r`_42|o2MnD zEkGF)LS0`f#sW6|>;wd%UJV(PB%b$+jzv{fh&CE~ihZSkX zo$(b_APIaJE7tlVlI`Lcib^74w&-j?^a46v{4HMnH5Zw4W?%W^+n@LpcN z(7$8{mc#~Dj~5Z(;=WL&Fz>h>CBx&@egab$vb(e1G760F*vowpgwZe}YN6I=#zQP@ z!jD$BhYe(`rUw`gA&~Pq^NiQu9Y8R5!-G)&+7slQySBZafKx zkOAxcd5IOoNqla((r@lv{cSA+F1#{8Hv4@E+)bH5 zS(8l2CNCO-q&@>6p{_tX79~hf3UoXIuc-%Nc z#I_%-;86OUxGM>qPRC#@N`h|OiuT3k?E1z4EmR{Dk%$?Q`z-0o!Rwv6}l#734d1+IY9XlhI zsLhGRuawcxJ2M}JdgE(OY-d|?cgOz@U+C)-)B&yYMR#vPvuaRQuN&JOqRgRm_h#(^ zVmjN4!*+>=`S@l*q5E*WcJtmk4%kkqR?h=ZBW&*IH`jDW$e4Wj78L2g#s_dNkn%PT z9-+xlrDO2Ncmn0<2*mI6M7Akvxgf6x@edka&!bL9(Xr|q)5+JI-+NS?L#EDtTQ)b- ztf8{qPZa32^X?@89k*?_XXKVIKmu-hb3MFTvWvz&!cjM%ed>)OFWzpnVNzZ7=xeh+ z_Zyo>9&1+~e>r=f`;H@L`9XiA>-p(X36h?zFKjrOTW*?U^HoCDpFX7-IRu4~Wcv)C z0#j?*dtE2A$R!r+z(yACDZ6pV!F*!z`9{j5{*_vmrhIIr>>ok02#qLl9#bV`1v(Hg zT*5Cx%&E9)*Vkd$rD!2Gf+x{W^Qr)EWge_j|F7`w+?auWAElS$E0B6gLBIgyol?7JKx=U1zN5T zr0b}4uveiQ&83xYOP`7cQRFbiy3GukxRWT)#?NL=ji^yu#fHug$v2jYfp>5Tnr-0O;caAfP^e_WQlmnD- zsW)37&VXh?oi`Qm>5q!ZzJ8qf5WhvpG#N!7d)IG{^r(ss=Qg&qYqDb0{UkA%9??ht zz&f+9NKQPBI!NbNotf8#PXyWAkRZVGp5d?QDEB9Wel5XvAjLeF?@?3zxVVa#wzMx2 zY=t0br+89hGMy%WCQvt!JIDEfDWdn?v+@jB?(iHyX9q~d7gxkAY9c$`WFm5dkD%cE z&g*6Aul7xPcn#Lpx)<{3n-d>W{pQEk^8+*V@hlb^4Qdd@&>!w9PZjkOH{kZcQ97t| zINXAekm1xo-<@U=Xj`(YN9NM=+Ye607)iKYg~&HE7Z=9))7lC3bbg9w!Tkex_D+cy z0%HM{9ww7~Fp(n@3y>b3W(1=85&}uW&ZOnbj;_kmlvTku;N%~77$1;K-1A7TfHk~y zpocrWj=2p{0t-4iZF{Ug?(ZNJ*}_O53LCzg?4b?u;tr_FiM}cYz+eju%wUb1oaxI1 znZ*M#<5>GJEd<004JyWbE!4meSOw_8=aplkjgE@b2O%D8G%*C!)S4(WYSd$tA&XRR zQI;-(qc(j$xGhGSJ=vHBN?BSr?gkD@(4rs3JD$?g7s4y^EXTeNkB0urJ!f(%uN_S1 zNsLoq)Q?1LT@^VJoJ#8DM4wfcUn*BAqan>ZcL(cVTs;pLS$OOhc`FZE_7aH`sJSQb zaIe$pYFh2rWtW`W2WW$;onY{bN0kZz%z`pSMX9p8xPt7PoD5Hx8R4;B>$PO64B$}s z$S2@ezy&J!ha-aooc3PxR{&a4ofW_H zEMLp>ea1{*m7J(9 zR#zQn1%|r^-sT(VUw}{=v@mrYE)8bfwf+Y108#P!V33;KM&WgIl^ofot0oW~b;0Xm z8`pXcc}XG*uA zH_8TtohvROB<=ims%B36K(R^}Ch0qQtTz>^Db&`#5iCG#$Ipg1uzB$9J{;wJz4SNR zfcF#j0^-pONIH@;<{D}=ep3!MXKtqOK$pWx0_J}M>DR#D=@&vO4AwZ*v^IOsdiZpk zYF%I0G!$$1d8N)g00sFE=nw8aW3)owXHlF-g&)=y?!Xn%O~(so^yDBHe|tZwsfq&R zy2E<$%CdSZRlus*9Omc6^&iVu2XdYl&emBwv}5y2t|C}#Q;_`t_z4q-_;&qmTl9-+ zrEO}V`Z`g&nTF<^+FPy?#t=XAgu#*1Oh`ZP z7|yM%cP4|e--=WKtG?bz8We35fyG~7Ot2L~c0&4@fHKH;z{^C-G~lasDW^Qr67*1b zHt_owJ;F@=(qLiE&@mi_fGq3aKb8avD(^}o!Iq#OngV6LzBLu}Bw0bczSoLt?0c7IWaPrOwyD~wmnn{AAQ64hLOT`Z8N z$AgFuGtd;$LL|^1sB?N?exMo+UcjQgosFe1WIskN6aX7Zd*f*jO#_A+!~QVVLfH~v z{oO=AkR7o+E5(vTIY=1@KpjoS_rn9ZD5kwp#@g*h4LnWDuuo~B+zC|Fk3Lw~r9#BM3#Zw|MjwAvXKtUM-Y z#msXMM8GPk3Id|IAaH1}pLwC^s(4Y^H&&Avuwpg~B#;NfUIbX$tb3THbX4G=fG`DL zO(kHZ?9$rNlXVigCKc6m64Wez7Kkw{$Eo?$TMnnn-=ySA67aBt-pa0UkJO&F%v>Zh z2V|gP26D?hRYe59eb>;yvJ2{?jiACORs0R74$d3+CcgtaWI9*mKv~Wq54bvz|LH%l zpu@JCndA*hc2l&-0J;4W`z22R?!S|hw_n#-SrXHrnB430O1^;8OG1T0xflLlwAtri zUJ1+IO?4&yVc3e(>(a^Ec0v^Cbpm6<0=$DyUo<>@YwWVBWP*iH@D|0(A4?J|F2CqR^?O@zE+JKW4XijPnA?;sY0TMtMpTjOb15M_V z>EiXuNs0m)H#1E10D_!QK%tyMNb-8BFT(>Rio0_}d?9>{SSyr8Rv9gu$c@ zN)7(3k3ZSOfK*EPXm`0}2v{};+RE)%kFEi@T$b^R6qjKO@w+eYjyKfQ-W@%X_W}HK zV5UD32ri19X<$Ztd0vH~O;Y=5d)HZz?*9yHw!_Xxs_5f|$yc>j5lzr zcf|z79rOdt8%91t{Q?3lTMLZL@i4oB3C4=1?yy6PMkhyey<}pZ0c0sv?C)}>Gs-^w zIvTfK5?+jx46w^OxryN4Q?B-ak%JJ)m#)n5u)XOT*JYhaxM z-IFeEfj8d;xK&}N#Q;gkN8=K(s^f|(1IX~PseVzHIXxE;A3yYJo7qKtem_2wJ-B9C zYns0F`e`Go^C1ote>G-gu?6BOJ8WJ*oy;J?V|hoaohN_09Wt}Y5Bq_lJM+Zg)(oe^eKqQ`C>TUxKh4#CIPLr`5uGAHrgL(#LTs(} zMUIdF$;1j49)qg`NA3vezvH2~KTS3Sv3-`zs9?rGr zWg&-b;od+Xa|_2uXhkZ4(j+V`wN&VfC_dkj`8CE=$9<5B@Zo2TBwL^|vF9Cm%Pr@s zN`lMCU~QwI_78p&#|bY4_SEPf(TbU+wa1(ld31mQCyW@E`iJHo4TF22q=7Enc>q>r zfpqny<}$E0)U%j}F=e-$DKV;T%Y^N8$gNgs7d3EtX-e~_CqB|sGz0dc-Ar=k1hS1tbZ|W) zcRNy(QBdwwKqi2tAR^In>;^w~paik(xei-LpWRJ^&Pl+JgoMWU!tzHvn98zu8sY%B z5zulhbLOXY6VT>CV2v`F%x@q0K!^DIX$c=B+6DTH1soC!T?BTQ&#A{0>z>cDh+E8O zpsXm$k0bux?%n_s&mwpW)GAyUG5Ey{!BZSSSqZ^I8F3 zR$GN%rwABC2u#Zef615ZW6Z}SIUoVq)7v?ez$~gHYnk|lfLCXi7w17ytsy1_PLpJO zZuRYJAIJXPAfPqKDC+pL#)!D@EVjU+xDf2vKa5@d&{ai4rX*jS_)*>9+_<{+sBC|F z0^?vOU;{Q`i{m`KTY25HL0vzm!fZisfd5)QT!Q(TeI8U%?*~>`CvD+1giBSebb;{( zH@rJAmVr&bl`N46>>ac>Zn6>!_``W(Emk|(W$l95#S`EcO9GSKLk7&h# zW5Yl7A#ja@aZFY*NpGAfGjPMKxb?w@5}vZg&23e?B;+v3=At)p55LEDM0h_0`5}B9 z2Lx_@<|Ghu*Y{TyQzO|I5gEZ^A5GekHwUT@+S$%QpOyA0zaUesYWbn@?_HqvSf6@} zZint;`i)Ur_RZ`X{JMyeKz=n??_i8UUoKI3;ty&CeRY#4eLT>2p@VrJ#UIIkz#Ih2 zqKi1|3`aUEb)38XJ_)PP^w0ZqIRdH{`HVl~+G@?8!m3a!as&Hvz7$!R+#N^%wfMt1mxW0E-HF8eTVo*B`8TXX6IelPet!1b<9>psClPRRLCW=T$rS zRW`apibg|c)77T(m;=-Qx2 zPr@ozqi|1*9EPQ&A9ok1)f%P5F}q&s;FnFRH39vQ=wmNWG#J-prL0Ead$V6}YtjMbdR`If}&4Um}M`Fv(<0 z=FONKOa{Z(kLWq4cedLBW2h>rq#N$B4`}o|B!91h3FjPEwe`KN?MwLN72*(h-Eu`Jq;fvuoEr#d zPb(HBZk67h>?b^rJKR>k?-JsD_W4r-0w`+W)Wtm=K6T?3uJHYcSn|BX>&HVr_8cyH zO51$>B={eLcPw=!%HXZdPbl;^UM$$E7#EIL*qdX?bWL^~nz0p90X^CqiG%)~1XNJ# zUCEP60|s5Lk?NM01YjSam${%gjdV)q4bq+L$H3S56rJCv_@o?H4ZOEn{cVf;+8DHE z(fbR)%YGMhgm;UR%AYZreC)(OI~dT9Zv<}oUHU0B=m7EWeG$Lr)$l?&M*Sp}-}CB^ z&BsGVU;!OUq|4_BviTou!|-?a=q=Xx%7#YNZR-a`IQ-Vnll9hOji&dj@O&<X}oYqS{_;`1MV*f)Wak;MRUmrl8rG>=`zIx0`H}5RUhFc|=fuho75=1*>NF zRfiw1zVk*l#DDoKOg0l~Rb*s}@NNE-GhN`S2{;?@`D7E1vcUgR=RGU1ecmnTeZ~!E z3g`8{ceIorN>gF6T|dZB;JsP&AOoOCy#w_fxR0}Yd}QW*S_b}_fZzj1qur9M;7s076A)6&7cqwgx3K5Zt)j&L-ch?*1>7u9^Ee$>PNnMg$1>oXimM>FK)GTDMFNa2yuDFs| z$d8aJN%-h5r{f%il##Y{O$QYr6e2zd9MSEgBkmOmYB)T=#7m_wpZTMLCeP8mN%qDk=(;<&9u7wcnlUQ6LUf_#a3cGq>C(!nO)3i`zIDbpE9Wsp>S|1 z&x?^|t9t^-u;z>cMlO(eek?14qd9+c9ezubj00}lu>}Vns`^Jr*o4X4nZAE`VeNfp36bLWSQs`F(xa)5z~K z>UqWL4hSRtXImo@i->?fiKFA^FSsm^;abGX;R`-+EuR`9_p#WW;3Z0`!_&uR3 z7AZm#+2(y&Xp(i8%lw?#J`m$Cx}%a4O{yDtX&0T%PaMk}k#Zdl8bhCH!MI-`^znPXGj0 z*;336n-RF4Z{35)E>{V<`$EGZlYS+nH&Fra{BUMb7Re@DC0GJ*DKcJoP$_Lb}YGU4F2tLZ$Yk(~^E2o1(vCy5^S#S zXZT}ZjpgYmI5ehFScW@|e70GZ1`kd%B?8;h#|9Ye{ssD%+4{IA_jO7rmUV`rmB6R2 zOCf0&{vPcrS1t>`$NP(4aVLzd1=sc22JE*&PyYEzmVq&^7o0v&;DW?h`q`$utE0$s zecqe6*p>vIjRz1$+UW%;O9^N1;m$koWPXR2`i)x|`C7iBD6cd`E1Z~iv)*EO!7rZ* zXAYhV!OcAe?~`1kq?a-HD_`(>t4LjJAM0<#9O@(`R21kG)+{~*5(&JlZmPo!RiJhi}pYjU{DGG`-u(c z^j%2*Rj>q}EB{L6x3m&3g1#IkYnZM;QvSrz2eq#R@sm*H1jSUS=M0yy0PFIt+1XNS zIJAaE=Ux;m*ynD=4!;rmJ|Op1x0`|nOjg{!I{68+Txu!&0kj#0UpM6i6Oacq@4o2( z3vS)5d8x{a(wE(lvALEKq%QT0+s*m)+q`Y9D0Mq6;kb9C{ z+PlD1Sj67S!= zHU81}h-U*2^jTou@%g8L?1+AagVw*QOEaH-&4BQran7)@y&jLsmc37dB*0t_{qdWy zbtd`o z;1^t|8f>ai7`gt9dm*JY>>ivOxr~+dVSgyjdhH(8+R<=Eu|#di6xpv(V1HyW1O=ab z?q3l2fnQSDRqoS?9uXnbB@@hC?b1MBM)T!PO}~wGEY@>N+2YZZm?vOjPnJ71qOxH9 zf;agFdMm$I)e%10i`-u~yc%%RuB_!<-DwnNBCOt3!~jINW`PcfwaUpgBp@a!>tTA_ zd)dr1cCG!^E(5JtKz3Yl7!kk`7CceY@4(%^^g^bO)4Tt$f;*W<{fe6j?{`+1zj#mt z{si{IL`&CtUCY|Cf)xU-B`bL`=cRD;?;3Jmm~{c92He@(riXrC=aU>4cZQ>)n_<6_ zd*RcvNa)|6Bl?(Y|Cd$5Z@g=O-Yfh9Z>Xf%Zatl9)*WdMtYg~(imZ*QLyC&WFV2)&4Nan5c#%iW$ROB7-fIlH$`bbgu^!a@WT$5j_<`2yT9l-%~||YrH6f- zN3+S*qexf-bg(k$7xGR@tDyv~=9xChwjsNuhYlzLq3LUYJ*W=+^QdI+1k5h`1vHC#-zi{T zPoQ6+Ln`4`)!$Zn@^%*Mc@QXMmx{U*VOSG+;ayxpQ;~i`NBu3N4!pvy1U9Ujf*^F^ z?%ye<8JW1(olgK7CfHcYFVUvQSBgLv`*Q-GORx@^F2xVXSBa&BW~d)NlZEDAEKXO| z;wD6_YLUJd%bHV-sy`Q(p~ovaHou;24Gs-tblhJ({lnzCnld?aPd}(t0NsqTGaETJ zT0lOJH>gAU@k}!7_3m~ApfZGA8KocqDa;EX81W7l!M}I;VEoVq5M?^#IR;Pq(+J#1 z`0(5v*U#)?ouYZKtBPLVC4Wh$UKG8HqGBRaaPBZ@)6fm2+(m7gm2I2>Xj+%^sCW#*4rmPK=gt4a zne>Wtyad6@_hMy%{{|))4r?F@RjTOz@@@hDN`~mH3ZF%P?OW+cV!j)mzBA+OVrK!U z9lp4D#igAZj&~l2*=hipgyxNKQ*~gPONW)b>a1AV7{jQvikc$=F{eYEIJ&-IW+E7B zS@h3OyvA><=STg9I7aE%=p*;U{@}CqnoyNxusYqH4J5$i%zA8=bVi4%<4}Hc=`7)f z^A177VNY=-HThv>ii4o7TLHqe<}-3PvLUm#gVs3MK3mc=Mjj7b5SZ5+-E*Cpw0O$F*f*T*7jQ91u_E( zx^=S&JD@4iLg;e(`8Ta6-CqRIO{ERw{OvbRN@B~swy*EKsX{x#VD`$ILScgRvoG-7 zox#l`v_%nPK?7Fxx0Xe5rFk6leW8OsuZ1`cy7ejmu2jUOD1s>mN|(wMk3GKAnE3;- z%-o_iih%DSu`Pl7bv0{Asp=0C_`$H_mbURYE>GgQ2rL>trA}-ajlzu&|L`;3Q%bTF z6eSy$?NWk&UkgEgYe61zVIJ6clYV!B$kI>7sTOHqL~K@lF0CwMUjM$6jh?-*9a17NYs8mg_cV7cJCb(e*uL_$N!$7 z??T9Y2^>B3)Rv~NEgkmnNZvoU09yBl3gN>kz=h+Z$06zW8UZ}QdzcdtVYl9f760?| z9`XgyfD7TNk-WzSlTMQO?GC8RCUJ1ysZsrm0IdHFOMNNc?~4__l!r54d@#2>&K-Wh(^>Onv)z1>g3!5aPW~)tbxpM$E-!{)drNYHKpEU^VahFbd|9Suv>11R?5VhuPb*1$CA(Y$ELQd!y z;WccH z;2$$C*vX0Ag*dhF{g58{_5*duMqFT2^5K0dvx2uWYP_2#h^v0TU0pXH>ElgKSty#}k}p#$B)xwsQ^2u1yc%AY0Gm_+ zSk}WjRBX#9LwWC1^De8$MGNbzI~(47LsdiqO#d{qyRj}H=L26bxd#PEqX;&5Xykv| zv9Pi|Lw|2eEKAgALsVXgPBM$83e!&Y4$}ZT?V#m*K0x%6;XBG3LWh6AG$1L`@!V#5 zImWl~*Vq+Sgc#Bhz{}>>3+AaCxB-pZ%e!VpSjSx7JuRC1^ zaqI7Og3ki{E_JGtQC2c;74r_#>Wn;EU`uyvX_zAXn}*02c!Be$?-kUyhW`Z}gl>X> zlI5VurV*~_lAeQyUu1EpA82CrWxq1h{2Hs!A-e|7E-xzV{&u)RaET~?Nt|coC1IBV zmSTQTWZ{dJADm9TQvd@8&Bi|~C?622MAgH@MN%AM*P}h-XPVUS5&J1`ux)@98k8;z`=(<9jMlCe}Sfi^Glb0;;{u;~>=-CH5QGbnpWFgUP>x~Ttu9plYatD z8XQMD;h*4MxVIF0pDi>L|6tkBtQUhC+9Z}LgK5}nZ)m{0OvO)qP%P^+b|VNeQWf$H ziYRI{@0AG0s4w?k+`qWIauM+njfL|v(#ECf$j(=hPS4vW3v6^Mtj|~HH(qJFj5sW7 z!!dO(;0*14W`ZH@f@$OnyW=Z3KcFYrhY@s3Pfg=IhOH8(Frc#`0XG})?SX}M;^bI= zLgDt4a*+?h9mS`M1Iw?ax*`V9yr8j4`_Rmxt}br=Yhj3<%AL|f0Rl2(czL%EZT z$VKBHKl^GabGky=BU|#@bn^;w!SikI1(?v~da5ig3TKSoDT_>rfj;khY3x%|Xa*gJ z-Gh=^eZ;a9x~7t%NUB{TB-kr_9jO*ENZG{;2T7Gqnjl+}4m@Cl0!lUKt3OT)D7%|K zd8%KI_hK=~)B?hy2WC2Z6+J_piLuyuCQz%9yey!uKNW3|h?rN9UN-UY_xoNilY{4> zFW!OFp0@vC;QcpL1_!hiVhRsf)3I^b%1zKn2Elb@Z047}tzp_?!yaIN6$I*+)2~K$ zkCU?2gM+qQqNECs)axXu^z2x1Y2>gt=<^IAHzblf$R4 zvS^5QC%uNms^nW8?xCA9NFG1*0$V8ZtB*9UfT+X#{>gmMvvhu3U* z!MkiY;2q5_twLy$VD%pE;w5zb=nDT?Yik!eXhaCYEBfuvz^7FVM?n3ry!VJh@k7Dz z1%4xW?pUr4bW>9NtjPS1w9iqRFCV?<%J9*JuTiGrmAPDt=@RQYf>9*1sIIR$Xxp;d zw+@MP*+47g6u*TBLGT{nooG3eT2vY6x@EkM0ay)%V&*pq5ld8BZ-lmfw#nNUM57D3 z&Xc2y#F_S*Z}eFLXeAfcXbZRE6mO|(tKF%&QI>l(@>}6pg8=yk{$2?xspj8jTf#a+ zREu7K#S8LKKpM(xjlLfEmCYi#0Tqi-h7yNa3g@=$x%&8Ke<|2&)ZaDC`+|ihblc(| zLfW*pen6|N%g!%>x0in)SNJN79Zp<()7aR;pC^}&ABM(K(%{?rW7 z@Z6H>;eF^Y?2*u}@Y^=WqB}F7yQ(vQshCbxZrgt=V(R+;3H zeO|#~ux_LnCIsny(<8nel|cn?DBwd(FP(DxI%4$~-(!gH!~%%@uMX3R9^Cot4(P0~ z6s=eY1*bnTzvPfmv#~fEdjv%KH;+JNo9#gw8@#VhP~yJRUr>~7xrB?YAwjg$J?96T zB_?x^O}`|!U)+M9sE0iS7Lq?v0L?)RLqDK}n??(O4puO>h_pKr1F~7Lq?axypt>n8 zP8EP=Cj zHw^C=OT>lDZ&2BFzJm8L*y)Q|_wp``sz87W&b?53nL5PU2Kvw;Y$%N1`UW4q{@X|K zBN-aqBw(`zMucElq=h;JdKE17=1U&&4mLFKezd&+PNj2SEZBqj%>|3c8JWs~N;k-U zCmqNrrH!FidZb~WgyRm zx7^A-Zf#3mh`=-81;4zYam^WzXKJ>a=+X=StgS);_%j-o4D(5bsH9FGiEMXoVOPU{ zxunb`%K*0Zv0roij7T7#PetD>L@lu_ApHV1o2S^>u z)q3e}c;`f_7dI#xl7O%675!~flPaN>;0v4MjD*vdUj7v1b^dhkIpDxX)%cY^ckKjP z#OyQw5dLou@Ab-(-Vs-YHi z0NDj?j}Q#7PKE&$?cv$P%h^$C8}!@rs9prU;@WEKpE81m6>iKNB_U(nB=HOz_Is5L zR8Jq*WaYNB+{oR=Um*GW$r`tRGcgN71MnJlU+-Si1?xP2$J@3zKuZLBK)r(@9*p6q z`33U%P~J5hTq|Ke!zbm`qluKJFx_}-Y@iZP7*DI3J6kbM^ZolUB@hwf(MRpXFTsBf zMYGTHx|dxd$&B-7s*>f+Q~HQrwE}o8=n6YW02G)`dgo%*rP{~qA1QP(tDjiKjQ6FN z`KUsW7tc(8d^<1o1pT!)YpP80dD_FUVAM0~nAf13u&$p$hxz$;pldwP0lCEQnZY8{ z7vct}SVNO>5Sjzc>Y7YCm9&lW_aw`%25MRQynu(c?{u8SzzOVwRNdQOP%Q69|G=_- zOYs!>SV43r@>S`g}sRGUN|RZM67=EE31v5vo<@X*}#C3$cpPS{xk$o?_X!m zcD4J}@WVABBfLpPUj~GRERXjLICJRVK$%G6K9|H`a>HX=(=)V%b<_%JgF?fexR%;0^ICQeGC&^ zHMx2BTn5L@l;B`V<*!Z?Cby1(DNWyJ-lMTYLoxLN`XIPW+D2-Z2QYv^T%Ba@7f8@( z1KojBFSgnRmr-o`K0n}6oABRPEUNVD!Fu;#4e(?Kzmo;N*^6izDC5F|Q-@H{^a_l~ ziNK-2Pf{4iP;ncHXZ9%!sFFtCq{8_Tgo&wRE(ZVj9yL<}xI1eI$mq@`k1NG#K@-52 z@hYvHco$vqGo1o1!`Wp~yMd53h=lgLGLP6aq@M%jHZXBbQ|P)V>MWB_*pY!!_du_p zu3TxxJ*m{>PQ7x2R$6(rkKT9}W&P*?Ksdv*_nkrodz676!@lmnKrCW{YIo7wsiQ=| zBG4)l8WB7h*;mJG?Pqk1HYS_0h+62jA%zM=hzAPCLWa*_;E+v8#=J%S{FXpG%8^;< zS9R|ddEJ{Ti&5&FIyL5J?{MrN>z7z7KwDYn_ z+LxRE4Yqj%DL&N7H2WP@odBBq3%G2<<(6pOKQAOC>Y3V_V*Hfk{sFIU4mF_Hle&~Bl=Pb_RIjrVSn8~g}Mc^%_9h^OEdP6GWooEpZJ}#Pp#JQy2T%*O#|mQ zdq9uXqI|`jUc;izl)udrY$Uv&-AG%L3aAwx0C$PNUBrei|MzWpgp&YkOa=?vtP1Y! zT)>c~5R>XFERcfg)O!)rO8pyrdl1O9TIOz=Xwz28VU*C?GN$V zXpI<*_2vYDFVbYu8Iyv6_%@o1B+`W#iI0Z|LBhmR$9@VKE&LksOMr!;O`8k zml^TS_5&-D5X;F$|!fxHAVC*8|kBl0T^0rRx#hPE^ij(NN^bFJQrq~km|D39)Y zn6I*FKcMO%6ff98uM%^6C&*}t1) zTVQVu=LH{!KHOe=J&6^5FM;fD1sv$rx?V4ru?#>*rvh!`%iS0-zUf`dXec7eIIQcW zakzf<91Sh1%7@N7y77g24AGSgM!0^by;&9NtW8H4dv`DXPX!7B&-c`U5n+hT$qWXm zVD&U&=6s5pRNA z?c z3k)xN|{g(QJtJ@o3b1AV-^nq7k+i+ZjcI&`9 z=miZD_?qbpiyjkSZO^KP4HgJiu#^mJgR5LpaH9@FsAP5B4#q>7&?r_W^B&cTgT(ZI zRSnL0)hDlLbOkzKU{!Fs4bD0st>tAv`abku`948DBu#mD9)PBo9JBia(S`HdNa_Gm ztss?TOH(JyqJMYpIWN#r*v;)NW5(S}r)S#T_eamx-@PMCDjm)Nzgt7>H_D(;8M~1D zIQBl>;eN5r1JG~Z4QpVIzFhFKVsOmQem(j5&;o2cKoY%qI)^b+N-4Hh*aIvPncGq> z{fm2(fhEX@1^NM-U_6$yFy5Y@ATr=>5y<=uB>@+DFa=8@mV3v~GHc!^&YXrVNaFOK*=@$N;u$>G>rotA{R`YCt-WM=qdn3cn>yX4xmh5OUk$RSaTsQ{FtJ^ zC%z*SzVGR)jppVqHQ_9QLmO~6UY~ffx%t@(_|n1M9MC)z8#;eGzVr<_alQDqn55=3*kC`o^uVh^*W=|F>q53W+8SGMoa5bE$2Ad$KZBa^i z2Hq}wG~v!p?ffT!4_~@izyN5#9GvNY$XyON`XzOZ<(!R81awmZDm7zWO+~!}dmP^Q zO~>{~z(|f2%5VWXW5^g#H1~NU*I-`+tf1PxU>|vX;-*_M>)QEyYn|w;gzdAgS|Si%w} zk-V^+C26nKwc8Y&*=i3F*}$Q$1IiU&mH_2Z$yL0fGZno-&!6# z(1+hG<@{_4><<0g)v%nynR#0VW0Ju~Kt&|{{({2+N^tR%cZ2S>pK@p5jh9)WF71yb zX?;H*sS9k_Fbm)^Vyjb$R9_piV#0)j;WXUJpRg zy@E`rgS8f?nmS7nntz^)>J5J&VBw|iV*)Vsd<01@=nOJ@3jjTn{1XG4nbm|Z_+9kT zjhP^J%u`a07m#TnS-*1-KULY{Io&)%etMkB7j}6gm;w_SpcKKtQSa$id-#~r7v_uB zfP&+ANZpcXLyTkD@`4LUKd5A94LMDB&15D^*)nxEjNH~UrZj12NI^^0Y|#e2y$^LrP#8oEL2V7<*Mlh;h4MP zHa|L`kzgpJkT3hOsvSJ0=WE|b+eF(-T+y%PPln5z40EzTKaGqE&CO?Xk2|In^)RR- zhbO}WHl5Jzj14Ffk^Aw^A1q@abB zqg({q)TmIWZ{aI_#iH3M9CN!-&=96uqT@$S-B(BD(klO?rh?zdk-VhX4a z^EQkB^oUfG4w_dNJR(_gJwF40?%kauMV2X06okkxwIEN1%fTHCX6{vy{fIfx> z|8?beOZRUz$B*4u%F}HX5L6yWXuf*z`dF=^X#81v0x~*=-T6r=`rfCmTotZvCb`?4 zD)W~yQT52ypXtxoS^~bDlcpTlda$YGSk2wue36$bXl)FPWjMVs$JBU&w}K`T_gQ&2 zmLy8f@#FF>hO0{i1ZDix_dxl-?A2&33+B0a<^hsck1x$z_28^)T-_gDLC@RAOCR8W zGE&h)gqI0=$+*{{B-NNt$eC9b+K_cZYfW6%C&y-#*_xvPa2rn;f~WWAGiQ|8eK)uQ zj#(f*NZ*ow?$upVP!6=H%Uu~_9lEV2*k7xBb|z5Pkd{HjNaIBi4t6)?rT8&;dbX|} zornjxgwOOL0HTCS?^R@$z|4}HJ`Jc(v89z_ZJe_vD5&Nn8Z5?FG>m0h*g;mA76FS~ z>Xi2m6FOzeq)9pP?eUcWkPjbo_W`NP*&Eo1DR0*lz>_5cS|VuafsI}h2R<}q`6$=I z?!Cmns+1m}57{@0bk{|HD%AqA7HqJ=DZqkW>zI_B=}zmPR$NXl#P<&W0tA~Bqr!Kj zL&KT45~88OjN*4r4=ktxSUYqV+PepMq)@s)B*p9T(3|{aEO2&zEk1s&(v7NP8#1n7 zzj~{D45UCtOomYPX5fJ2EVl>mU?vT3SySf+CRI@5z8>9UTxCi|jOViTv4$M>(C*7+ z1nKg|D=0v#fR3!=@y}9tgEyP*>?nsWK9`Q~G`L1QnEHW1h4W3{M|Xc6)jQ;<0q7Gb z6AK#hU-x(!!<5`>jkLZ>`ghLqRFsIDk`%-pUT>qyv2Gpzsm=SQK-O4F%;A20t$f zFm%gtm#xi7uBrDc&TaQzB;dzPgJE$qJ<5ApY{y1Vf$IUUEM}xkteLs)bf&nc0tkQ5 zF3_-r(D`H(df`}$|62XeyzL83iEyyYzqQ~ybB_h}yLJF*EqEir0lp5eV6u%u>O_2rln7s`Za*0A-Bh1BT^B?w{>@>#rm^6SR~Aj8AQYrOnxly zdlYfptCzp0{7pNM+&xSkuXp1 z_f)*2A0mG>htD(VP!4bT0eZJ1=<`~bA84?De9^kl`*sdzS>Y_+N$WxD0T=^|Jh@Pc zKNT^!5%q)t3W?JTRlf{0w^>l-Uw_fFcvxaO=$ZS3vRIa7(OWcg+;}jUzd|XbC^1Ok zdHvD~P_%oIl933o5b}<>p&ydnX8(r)S@K6pY?{EXguiq^-4Z15rIBUte$cq;f7F)} z0=jZO=$E&`oR%~Z9C_i2LCc2hx)i(`?2mFWPXi@JKM->}{56_vTr6yB_Q{q;vcbV} za(#qJd=G)Oj7cIj1topUCF+K_`Z>n&cx!>IxgCroezi$*zJ?C23(QZcG0W;poR4WS zhtFN8eXR|wL3~#VePex36P(-DA^@`vwuEZ`-Pv!1;xm{PIV7qdB0UVcp>I#xIC&rx<`wGl7A9(kIiel7TtLs&2Ps8rK0tNm9I)&3EkJi*I*M zLAQVT_L-vnf&l-@cJ?|~8qm^&SGHJ^Och^vN|0C3Rsl_-i05s6|DjA;+lxd5037e8 zFO(fo|4D*`#=MKA2T{w8P=|=I=LKC&766n9(dT}$JXIRRX#2T*PYX4so>AgeJgvX( zl*?y7Oew@6jj02UnxV;XoL{eBM4(B1sd#?41tlWNAShU%Fd)dA|IlxQ60HZM&OT#I zKV(8L{RNM}MuCLsT7cDt8XjoMzAjn&td%4gfWv%?g^qg<>$lI)B>W65WSy5q6C~Jy z+|$PrySx`y3}`%)v-}#+s~iDi|HEFR#Q(gkSQtQ3KY>UGiwb~Y?k!sg+s=EFysywV z^QX=~Me_v@DWJn!4)>ZQlMUDpXl=O~vEb_wKMNM}x`Vk8`@ii&Z6tjMSw3{YmN@O? zw^HHNXkIGl+&;eC_V6UEek0q5w32$&Iz+Mdud%y@s7-Mxf|MStCYs02gOgYhPTt#|r11T;f5Gz3D!qalioY2>$tSN>HJ{2d4 z%di8WAYg<2SfIP%3}|LZ{g*cY;Y!QK7q*V8XD_cDQgx^Uf|2Q0ljMp4GnwqYrE(ulaJaY48XWdR38lQNGP^IN)Y-IiQj_lm?(b*z~jk8tK;W1eXwX)qv$HHpqKF~!!Ezj$sN#$bO{@09920hPrlWGK%{CAgl zbsIh`hNuwVJ6cRCJ_3-j%8D;Qw5V%sAxJ%l(nZt5PC&Du*FZp$uZHJSmR>IfEQ7&d z_*wPgiDWz~ljp6$2nr3QjG3QcfoTqZ0$$G}=>2`ppj_jp1(*9@wl7?o2UW)7Ueu>9 zs#Xj{W?y<5VXqrrqe_Wukpl8NvdXsA2?^VK~cG*p(Qz zv4t}?h!P+r6CO++;n1L6Y@r`m{yVf=oyY@eRTm~B&qHdiB<|lf;)i6AwcC;LBgmtP zE>w8+w`eAaL9|XId8ZCNCGcB}y>KwVBpg8Eeh#!Yr{q37>4A?&PWB+!gO8ALiX15J zj&dI)&})Vd!kz$pL=)2;z?#4T6m|m~-Q->wLh03d7xl!)!h>riR}diJ&@n$kGs?dqFE?Os^bP4W!m^9 zBryBRx8k{OQ*}Fuk-#Y4u}|jm^$2qLm&a_wS9%#AkiPLijB>@3dVYYeCt-f~*#|?< zMF;!#gX%veaLvh9l@IBapAxPh&8{J+0sTH z6ie|M)U@NNq+Vk3BpXF#eDWo$!Ar)pr{esAAcD_YMt^QjZ3N>{tLlm-{&)*WNBauS2HM7oy8QEMhry|EwIrNziw>10N~NDvK#TDoh3x3-DW^4p2Oppm3^ z8pj5WbRS{I+eeMiHsq$L4eHPE5Z?l{ANirjfaia`^Mmo(^oW!+8}%!$H|v{9JS(=V z#(BJzrS&fZ9^F5Z&aBHZHj2W32_d))VhSQ6hTI{>AZCeQ-&^%s{q^G~xjo%FgrnKXFIpR6a51V0c;izgNB3#xX747&PT(wujc^NT_1-$uu^nKRnN$D?+ zCCE0DtyA>@{BhqMVDlw&d5N+R8JQ=kFU_CMPggU(>9U(U<)PDikAi8QeeMgZBoJKj zww~>;WwS>L(o>Qw55(nBYwGqfHcSt5+V}JXsa`HUeTnF^_vxY)ziVAC2mrJ6>A>lz zuP{y~t9jb@nD~7AJETA{iwJj7AV0y8=uWtdc`L{brn4J&1UXXsAUNQ$pOZ@;wk;y?W;9@N%F{B&P7C(u(xY1#60)73}v1@Oqe(3?kx{@*WM0v znuF+>{1xawMTYaNfX(s?`(s4=*4OG0pekKD7nU-N)dUU8qkU|LRsRCn92kXv9BzBZ z2a^sm!2j>TcAa@|d~Go<+JXZC=fnkQ^$MS>DBft)=e-f{rH=Vh90RNJL!_FcWV^$W z+q8W*T(MZhI&`CNgz%s{KN*5^#hcok`9Ik~&^$rlUAEzEr@e_C>Tv33UV}eMz9B&6 z5HFKXlYa*(?(CXJ6<4FgoATr7^x3RReX8Wz@k;Q=IO`LFhmxmUixQGxau!nhyjQ>{ znBvF4C8!lz^g8RkrC8W@>z}kCoW{r7MEUF_??174eGR?-dTI6#jF(_OAFCYG-1U(Z z)d(saO@i%Sbv8XtKa?-~5zhRO1VV%r zUJr60f4M&$Z(gz3ZPs1(?(tk|Z7`|8bDr(Dl4+#4fp4LTbfvJ*12lHu12=*)>?y4@ z0FT`Bw3S#V*6cMIqsi1HKv1__`N-7rf_}>NLX{Uhb%#^VfZiY2oh<7 zLj^9z(|&`meeClw^`ZNhovQn;6ctQC)rp9v#=a z*QbjkaU4o@q+*1bYqtgWUtXaxfCBl`62EzTP)F%*&H8FLWO4yz z&c1D!#>WzMmYl!u$QrV5*W`h824|%$=MXhVTz6vq9zfuP+qhRNp!O~GEFt2?!~Om) zOo7u+K0GpT>rP+)Fd8)R<1w}p2%J%GWfN_S_J5jwAnK3wQ%vqy zKVMAr3+1$ZPe)UtGRk7_~$!s!h7=1eqg6`n^3TESSF~BS2eVTM~asiJE>3{q5HC`=X<7!ZU zXAx0sn1G{drE=vl&oroNz^J^uPKrX9xcT;A?loylBfhC!KA*(`;2=A1t={RUzyzxo z2He~(c&Ozbo`31?1=(JIdULk#DyMM-W^VWJ4(|gJMrpXcNv6iqBedgXW7BN)x%iIA z*ZqRri_MtNkM5vsWlBW+k)IMqThr=y-;bl;t-lg5vA<=LPS+%=gFY=PA=KJEE?@jgnjpQW3%O`W7jT_Q6yD4}+NWP{#DA+>5=$=rHFAwRSAQkX>0XZya`UiO2^}Erpi&`{COrf@8(wsn<8?wsP>%gG#P6M`YEj ztm=C{xxXp*iVt$fVou16Lxm3^ zD0(B=ItrDp|K;sqWX+pF@Kdt>xgCyHNu1E@em$kz`oiz;eG6hu=$Upsd4{ojil3rIbsS#ZB;#jez8{{*PR;l%7Ggm@zP%Tq0C1SSS?;w$IA?H-ikggX0LkgG8L z2sAAa zWcLuL=CVS5rz8H*tQo?l6koTwvmKIvPz)mRE2~Oy{=YE%LYN-mIkqWK8#=sI6ZDc+C& z?`-v_n)C(=^7_K+ZrDA^Mn{)PfG=P!W|U5*KW{o4m_GdWj3i_aFb;1awbyHCb8yMm z`fM}83R=!dt2ud=NWKd#&vl;DjZ&DZPBxEf_fg}#5p*Q&jpjo zb1k?z-${H|EaLCg{Jhuk!GBOQ$bBQG)#LSpWyQP=%N8>ewm=2~ zwK{mS5~;CV3Z7)UUiR0*@4HOn8}1=5a?DSktTCM`IBs4wf^XfP!{cyRp3R_bO!t1P zfk>LRPMt`-l-&_@8b&&fxdQC{IDvD5EN87b*h0?)*a*nTrhvm<3!_VSQO-azgmt%< z#M1-huY-^9WLWwYdqTLW1qFwMv3}F0n31P*D|N~sz3Rw+eSAY?Sg@p?2MI-*j62xg z5~gv#i0rKm0h~JrmnB}@iAO*$wQV|c2D1ydQ^I3^?MSiVusUtXnsB#tMvfC=79)2*;Uwxv zABtKT@%08uwMi}Q$IwHQ|7qCKh>D;u)^L8j1||d@j@&D+i*vbMPNhEKY)(>5a44*q zZ16Cd^&b7PTLuK*H@Z1~EGWwF6Z!$>YDwMeDLM@`ejBR#1fR!4R~f$H4#!)#(HNb0WWrj=oA5b2ysvp z_c41COyq0#NYUVD8^YjgwLHlTm^{G~yhHjnV%N&ts|sM&(@jwD9uP*r%T!#GWMW3p zClR{;ENk_q8moM@DCPnuJJh4>W8b~~rPo-5`^9kKc3yX0&B45(*hBW(#Y4m`s%?dp z5_8WJ12WScQ&Kt@XvAL%gWXH25D%Hi+M|HEDdln6KEHjt++s|zY}qbek-y#giR^4h z|MT1+nEKkt+ry2Y9*0lw{xI-)09zw&`xp8GP7qlm=HTJtco|7(% zx@%&wH|Y8bekf7=b@$+ElHD&n675lB{Es9|N5YEC3A3JjZ>K)sY`w*Y&AcQU8Q<^i z(!UQ&WgGh*zUDUMF2X}%KW-pgk4AFH?oMpHKDS5x=+5U4;Eq2)QN7RQt4~_WEk^y8 z7NY*c-I}LPl+?rJJ`gE_NZ0M%%y-Ja_YY(?9Sw5n9lr~k@H(cwlzVej5=b2|Sm){E zO1xqY^9^wt%G|@RDvyNHDgU@bVC@+%jjkz@%lRk33>AH#Zzn1}WT#;XVR&Lgzv zY`^q#%~?rJ&SOx*iJ7!rP!e@u(Q2M)DO8Nf?D6br45#!=c#}&g^%rqf6Wswv+}CGE z-)y`Q+Qqd)Ox8ZiPt}9+LP+Hbk{*a~DAaspOYiNlKFk%A?g{b2wJOuZ<0dQ|8T78} zd+&ZfuX5+B^^`OV%Q1nR)r$w9xU+Y9eSX<<7)l!ut~fgOo4)R3zL~1=K1vb_4Nt2m z7%=gJH+GnNHLa!B{W>u>-%`DNZfA}pMaGSpvvoSq`C&9+|ENSvZdb#vCgAq~@~BzO zQy~^VgqPbB8jz{|-tWxiw*@p3d<0XPJVZ`uwzhCscM+N)h5OZ3I30FihJazgIPXtx zKdPl;cG@Be@NihXyrNy0~rpB|xQ7FsJQWJLla z*`gdEmSmo7tf^8MS$E11%0QA6|O0NnVCP5Y+eNep;-L3uzxd+-_* zZ4wv+3+%2bIfFWUQaj#S+*>VZwtfw+6Tjkwr3}eviD9s^=dK$64+HJl9&^V-uCY}FLBrg zPbyvHf#RcPv)056<>2W>^xUVeU1@wP zwIDylRRZ1%LXaXn<2lR1(1afsksJFie~6HzR!aH(C7xm=kNNwR57noT$KtrQYI~@B zwpImEiFGrJn<1ee>-8N`uM|HMBJ?YxR1 zgZ#wF*5f;vSpMZXKv4Gah8FDPxU460;*8O!#Ur3@UtfngrR=Ul8Ve|OwD{{3zcWv* zl)OP2w)NR{YF2WL6Lt1fkP8qlw$C_aE`EuuNH*IrU49JUbAm-{H`hc(1blsZofqlu z7_c5Ef_+4kDb3fLF+6_xb@)1OnA{WX`QV?AN9-6M61jsb)sT7gteu5bL}tQR^8?FQ zpY0Du&wJCR3eI>Ex8<}hew{PU4z>`4=w1FT5-=AXg)+*<4#gjG+Ly5;mF|g;Ll_Tt zx^-oHkEF3qZky<8>$rD>k9%^urNhl^ue!X4XAzDByF# zwf5z;yF@BpiXefxSeJf#}JS{vO$GP*x{FoZFQ1MbD&Q4;Dx3siSleM*4-qz1= zG-_Euk@yUC&zwCoaB21p_N+2qWQkl*3}pK3D%dvT&k{*=>QLKlK6KFhJ=Sj>WZKV^ zxq7kfeMR{Tb1;K!xX`S9+*?2K&-q?w8%$p0KlHBp_F~46E}p)^!;haM2+mfCD2rsm7#9JTRwwA`^XoYSygaqP+?3z+T; zEO|fQf2l7IX#x2iw1xN=c{w@5RDpYmfaYIj+Z)X zDs_JR655R4T%Y&fA-Co-J_F$&OX!M@&#ZfV9rpe~snZhQt%c5xaF1!~(MZ>P5`3V( zgEA=sgQlK(j73kcuYa7*^XS=PknJbn^d_21@H$hb)wq41Jbu^j?Uzjv+c#fG4Cgad z5u12A-)_1&0B{~OM10Hg`r@J>0ta+&NMbZ~CT_=*CGNYj>QvLRb8Yg&0`($rRPWp8 zCL%b7_syP5J@#Ecz3uRHasv!Iaj9DI84Yo2GEm4ODt)iZ-^GALXDasrFf8|@e2Me- z<^=YT2d}-2ujrQVM=FxeYvb{_*3y_7MDEzH?Q~}M5Bjkv&95Yfm*rq@CC6|6Jea}p z8^h@?%<}K0ljsLrg^)BBg;+=vrFQt8J_o<94afxVT&`g+^doeh3ZFmZXqmUCJ~xp2 z$ct{{a@XH@ASXkr4t}$9KW+6=<@C|pOHHS<)%ezVADV;=K$t$tX_arAwwzB`!B}ss z`OTuLa>6e0hULB{VZx1GLq(grmhG?!k5ZuqE@9tsufx_L-@K8%m7sHd_+uzAlM#S% zoRZ&6_C|!euD_=NA))a6R_wm*4i-79^yAfod@?_7^OrA8{m7CL2);u?IM}>CiXW#D zT!RQX>Y<=9c+{-b#qWyll$dPwCE)MkjMsVofzGloP_c~Gh5N9hODlyMq&N7^!Fj#w9f(?3#0byqd3BXGds9UZJ=i}@#yZF2_F>i$D+)knF1~M z_z5~1MH%bV0Sk~sivhvuUF!3dnaJB)5eZ^TNF_QV^>hoOH)jCtRye^~-H&%p+U~nx zR%oHxoR4s6;WZ|C$sUfu`Tcvostt}>am6h>0C@H(C$hHqBPW1m_I*3S1HOyVDuE%( z;=}nuj*ie=ze$}Xm;!&Zpd2_qZX2aG(l~is{@@=N&*N_DP!)qGKRb^RPw$7=`z-j$ zVs3OIX85d@QOG`G~a)1N$)57^wKb^=Fl`qX!Lh-1uK zPyJpZ*sAsyof@nqu88F3XlJhre(=4u$3h5Q40`eJ)Gj*|RjlArkw>>y5)8^(n8^U% z!a_UJ^%>$)0>6BJKzl=Hwby>(J$R+cr`G17qmtshvj)Z|tn3?EM$)XhT-1G|QT8|K zD))#h*|+G7HK>r&=E-jNGA@1eg#57tc)77E2aa9b=`$xizuYcJ6y)b|f4O$zBkPRAXK~EJecRsK zQN~30j9}^Ek|o2oBg@jZ3QR> zL&C;s^iCb3rp&XU>dzP8&RpSQvgoiG%b%Z{!F7h+v{j?CR_~|5e$mX@`*IEY3jp_f zjY{szA-+95N(P@~1!%X$)Knln0kSV*VzspB>h@QSL*j!uoEJad8i&N=lkTnaMMB^N5Pzf{M;A|v5 z44}ac-RVhBxPl0|n4@yW7ssm$X!=FAn+yozUX(r%<(+=t>hMt_N4M&I#3yL`qd5Cx zmm4O&c|)F-$j6nFea53(dlL=c zHh7G}7QTx?2;{kSU(!1Qf7Ku+gPT{-TEJjmitoJs#9l$m9 zFWHOwyVJj35IK3^(jV~+!~g9|JjsvLRpJ>FU$e3oiaV|WKmLn7zBWe)@DEF8>`$Fw zj_BmSnEL?l+O1gmlf|X%bl#V!*Zw&+^$YTrCsabH%VhbgCi$I5eAV{8$1?y{`;P8; zEKC+W!2C$|(AtPvB0`4(t8f3LCNKcza^JMNiXHqrh@j)C|@BW!J&a6%MIJJV+A2k_{P42jbnh$S%uh*)7fj? z5-lFu+-ht`$(#*7vT`W5)|pa)I6VanfZauCAP9B^a%ny1nrKleVg$OlodcF65)aY(f$ZKNsp zYrWnt&QaJm=zYwuszlSz`+h`R?qr2b*UMXN={5KB=)FIn z&VR9Chv!2%Vk`z$)%;u$2+T2qHD&zasi}l!50Wn>S0P2vn6Pa3W;7a?#LWmrFxG81}q;$yRH0l|EQ=QG4KaWIfyZm3R{*JPCh*- zwxbh2n9wH06Cskv#Q zow%@dXx1mH&dwT*DXPHL;>GLreg~giS=+saIXvcbhj-{lv^64q=Y7}6Gy5^DGU3l( zpkg`cD+{JKQsR=UB;7rOAn&&jlh5bbc1(G?)sgZdhxfro{1z%pIYeKiq22(hrcWM$ z5t>yjWBgvgx?1*`0ByvJ5|dnWzGjTcP$#tTf4ywef{h@0R+xkKJQS`a*jwR-pAhtT zQNc5^O9M|##tbaYaNDF$x>$W5p7HZ@1rWahxO-Qp3hhR@I&6m&pHTbaBv8s zdB>8&6Yq%1C&hj!)RM1Z_iokjX_Qh4cpP;B&}s2r0s&&+r;bv#Mmj@`z~^Zsnuf zzfgIUnt;-f@yPvd8e%&4r+7W!0xAISq29=cqQ$c7GXsBoZe&Jp*5_G|kJ)fi6jj~6 zY(591!iDpR@j1J=pI;a(2-Wx4Y`^S^fhKGFmlPXp1avU6MXpRWkMcvY^3s$luX3#X z>v&Xr+ST&M3L}zcjzaT38m9o!^~~=WB5mxIKMvSc8@~|GEZwhO$?40erFy#7Hf7$( z*v;!>wt@wli)oZ7(@4O$hZ-A2PR$=ih}_Et^PdWpICciAcK^u%EY72~e{eX;^~dU^ zx9>zjR`NMqK{(V4!VsdQ0*=LGzDRmPYATnCpwS98Ot|j0H1S}kSwGxa)S%G&J^L^` zmtPHL_9fcbkC4Ta;=a}?!h(s1Q6dJZd+-r*R!f}=+}e@J-v4@<1bnNFs~W|Bot1ri zuQODqyuINqS1adGS3Qj4bFdT;W_=NlqY|Y8CmRDrn7=gtQQ@>t}^Z8q8M}|T6nmo7~SlH7h!W=q=C-0|S z_DKsA1-K)8kyBN-a>N-OP;%K9$}&z3(zwS-e@548j$y%el=T*0hN{(o`@9c-ihy2q zJ-a{Z9J^td?UAt=&fYT;noZsUNvM|Mbi9A@0AVvENF{)5e+ZlaAR6$kFR&LMQ8W6E z^L!ch!x6#`T9cBm#oO!6es0PKujoM*QkPwLi-D_6=?0@#vLs)pTs51XZDMd#s@0~Yhg9&!{Mtu*c(d7yDHW$fvb&R;J;>gYV`pr8n|d< zyg#Cwk^bU_$5?9E-}aL^EI)x<$S82KeS`3>&2k!*3hI3k!2<;*Ug|e{90Q)xtEdz) zN!CW*K}cH-GyaGT#$w99DXbDf^ zzPuCW@^XQ@{>z`9Hkd5Es#5#?m8-M<_;s#MTyOu>pU;*>YzhGigd*;b*R>Vyz=juHEF| z`Mi-`S37}P+8FD*w;m-@9VK(KZ;#hz{>=2i2~`w=I+v^VTc`aLNFf*O}&DWXA(dwEXAUIi$R5A`6XMdn{j zO1K+yNZ+p^kb;@rPu(Zk%b}%O(zR2xY-adediVIXLmoQAIl))>^LE>c^e5+$GU?@Y zLVNfx8hQ}|@;ipdY1k;m|Dy#D4M@QgY+y|QIA^cr>=k;$j~wd--%$|wG}&`ZFG^%P z1kMKYcPd)ZOL8>SJ(gCM8wg-P&{~|p8OwncTH0@#RyxbM88ZaoCLjWNI2>jAVzdRY zAvE%-&WG0mk}^?zfP!?&BFqW)U9ic6_^LY4ISQ^5@+SvJ0Tk^SKBo~bC&!jnx)|Ye z;EeMs;vEx|kt3!fkk-t-w!2K6-eT-4#>sScqNIF^j2rnxe=0!$5xF?4l-AyfQHW|k z6%WHpZP^bOtS#VXE>e`)(^8qR#-F;?K|sQpeQaZ`p2KyVWiPQ`WUauqLw}L#WY9wM zDt@PH-f~2q)-+J+S{^h$jX84MAm+Ckzzmw?`!(eF7PS0wMM^$>lQtp_a0 zO>7*-q4u_}i|yP_7^ndB54#+~H)4~kTB322^}(-w*CVGw>E4Cy`z91v2~D;<2uQCK zb?^SNuciF4=$q!WIu3Rw6PDBG?HJElI&>r$1RpXw0G>Nvh7WV(A4`IcFWv^SG#G4O ze&V^(Z|k;K9oS(w9xtyZ6JPIv7T{a)gSu$vH}C&isy6QrWHsy`Nm!np%fp9sS^MtW zf*6V9+kKS~EQTN@H95$a50`t3`rh}j7bc7*o?x>```l-m}*i{gHY@Aa9}3qT-dsp<2Ed+g73(%$_btBoikP^8LUFsn+7 z7#_3^fX#g=rQy&5dUv6YQMcs#3l8oMRwtbD59xM3?pNaz-wcfSUUjG6Q=0{(;XZ+2KJ#O*VGi@N|4wDTIGji~eJo}B%So(Arx)FgYex=D=2|BtQOiaNL7*GM za%!IEPq1x{L);-4Y5d}P9rv^KruIm%DE${ToiVtd(8)^o_Wkv_@7c>}TuhU9Vpr*Y z3D)pBXZtv%CBmv3S1^_8qzh7qJee-WM!_@?(z&m*Kgfg;B7-BxKg#sY`=$3Ij@~9| zUOfK`OJw|#O$dZDe?=BAs8o2Y4I2|V>%oP%b?w1Q=9^=)k4d?|qo;8bS|}ba-j$B0 zyUigypiB1KYZt%j=BlUCHaWvFSOS!CFP>bZUMePSW<}g~rz3StkZlslzQj;A9*frC zZR)=LQ#Ou0VLX64V@*}~6dO)&S5v0mp59u0>U5kQ0^OGNULpyNmdD@y~`PW#R&2_w7Goc{G<>iZdfwYMDGCA2|-*zLFJUe(0 zy?v&^)$5TFPDr2Vfjk-MbdB08QhlzZe(#)^S%GfSi`4GV|^X zrBE6-4Y?vG%&|*sy?)vRKgXriTRokY+;mv?gX#77 zVqi~FH=NivY%uqe+NP}gqYDRG?x91^1Alox#x$miD(aHUhkg`C{#H!5<=3r1C@jr) zap8SdpTBW*T)TT!e75~F>H%5T5joQx&H>a1lPC8%$L>Q(lV%w)sO9`;6aYd+ zKoE&c^`#Sdbs!iYpoM0_}d#gJk3{5;=7%x5CpW(iyH9~iR7%=iKed4}8&8iK> zgGLUjMNyJ~agKii*2ge#>!N88P3GP}1L^u=Xv(%`}WCdRhNG!Ntq zh2KtqzB0siN$%;>W*?g}DJ^3@yM++H&)EkxvR7#(@aiED1*}tH8wN zWIGRER!}xy=B~6Tq=XQmdx@~okuZkUqn3Y;)=u&rojdc`H4}_EH2p0hp(KD7N-YOmtKV1>GG_P`tBhG()2ne3 z?khn5xhvoY-qvKR)@6Tt#ZLdVq#Vhs{4x<>Hs6?bfdXPDU1`=9Z^4vj z7>#K1Y50m`bJ8716)YU5@~^NC!=+MveZ>2GS^4F-Rks>c{^0GG@Y!#D zr1DmPMV^_K4p{XG6~Zi>=Rsq>fQ@?QITXK+O}{wX{NRm7gS0SPB=Aa)H{YOc-WP`PCFk7w z$U2}@UbJU2o9ekkMp1JN!xf@+oEx3zw~KcwoN-y0e)iw*1`u_rqdF#ft?*og8xXw| zl`TPxd@c8cZ8K28#jg=taI=g4<4Er{MfoLbWO5w}=)$hWw{jb=oNFV>?$5n-0Frmj zxvVRa^pgT62{Vw<@?&^8$L%03{zU~@X5Mn$ z5k=t9lqbCyOb~?|n(y0}#S}t+o(WhXBLsl0$jqUDAKfQ^7V(U@ z6fkqTI8>%7kR3xcNU&bf84c*tk2ZILGKFHGc8zg&X?X^YqEuV|LSmo#h!mZ1slNZn zL?|%w~$_zV|Q(}?;!13nXepZE4}AP=BS z7L$9sK-w64U@JNiceOpV9zeN%p8OXmJF0I4PeE&&8n;Go-_$kkU?fD?JSzV98+d*D zC8+a2-n%hPSjctu=XWRG(h!jZSM7(g6@gb%@yD~!y*K|ULcR1v%GO{|eud2mMw5mB$<{Y;$q~#W$z#2c%lO# zHpWn515;H3HliSv!g0&sj`h7X9$B{sgM)PgQL0Y{cJ+CZYu0PM!2>>l!=>O;$;yCD zgxeQeL5_CG^Ps&Dd+>{B!z|WMa^dN8tiVjjQfQg@?BHQ7gm`x7WIamua_3O3`^W7a z4n|jHHDkRCGN?XP#T+?=2|>bDNonQF?hQy-{he?SF2fKqgNA-Jq~kF&OhuyhqLxn$ z@!ozBy;EmvY4%$->%6f>J-t8XkXz?bS|}H^*`aoD*^lfKhe#3ITSXF`SlyT-HqRJ{8rHR$~vCVxyw_g%=5#Mv^f!jYkDOD9w`ODrLE`J@R7 zaSzxs+V0zS{zME4mzz8V`_ccvf5{-80;0fYA;Sm1iL(X4K=euIV{!2W?s|Hw0zpF4 z4X48O^?q`XG|jcWroE<4?RIa%3xdil?rF=R?zdV|OyLOFIwVHA-GzT^(pSj&w%7}1 zDLkEJzgRKpI7z=An2YaH_SX5X1~`*XNK-%EACH&zy;j?E^l<2|NIcXb<@aPB05#p6 zq#uW!flwvmxpg%Owkq`jgD-`&iu3UyImwa+%7a#aRaW$h07bvX3jlfuRl$cJZ)k2x zlD&Q02gsb(>qywI)4^gdW5_HI*6dJOU(@?}k-D#qYA=-wv8Mina@e zjE!Ay-QreDQZY89sQSyR%g;ckFC3FFCT-!32{xn<@oRilxeAF7;wm;}9MWu>mKay1 zT2!|g_)?HiY}tmG(NKnlR3VK{XNSzxE@>b_%UMZ){QJs!@zpVArRd@)D(0b@tDM?} z^D!_E#$q4h@1&mU-+n+YhOWJC}2M4Ba1$H(;zlhe^YpaK4Qo zbzz*4WR3+LTOfQtr=`1U6)fm5frHBXqi{kf9NyO{UY>S4&RX6}1!yMma=lykP^|Zn zJT6%pHoKSmec&(Mm(QWJ0;X{}YKru@WU=Vou=varXQ}a9e?)0c!n;{_kGt6D9)zh4 z(;t-YSoiYr3)m7@>-t$Q<2<&nb8s?=pST~lRoCd4?Q32)=#s@E!tV#X%cS1S6)Wy| zfXAbFM)lPy3K7I+>-#(rOKY5)Uv8Rnfvb|u@tInh*K+AudM74zW4)JAIM@$wQw<# zC^R$jnQ4L5(kkJmFJfPMa)db?U}?ev(pUK(aOecvaITT#H@3 zb9(73qLgk(155lFQF7r?=^WPGm!U1zJCqUnv9%Q^=4ASCNuLNvJzkzzQX#Tzn)r!y z`4(f%^XY=#lZmX>>_f}@LAYNE>(~>^VKy|H$K}I26Hnkv2cqAPYZs3Ykln%%NEh@F zJ#ab}SDO9U+6PK&y3)ARrQ&nDJPwq|A^>a}eCaAgIW+NK?aWQ&=Y}+`ddQxZvG3;h z<@M-TQ6E{DW~?tLUhz?*YUEKFKuJmH9}i%1>fSUd`8fDLeJ=HMMgk^}fSQGeg?(btQ@X!KP7e2^b}c;Io}USm z=PLW%vW4?jMtDv4@nXFBO5HEsO0yqV+YS(sWwxyN_Kwd^=3t)adU@GAsWnI#Z%@GZ zBW^44KyP_2OXDLP6}Pj!h{kAnKW6YRh?5nk@B=SfR314LAvjLI0^6Ky#12fJ`zNB% zVsuOwe;8LrF=BkOemPNLO|kpi|5~_*b2|ic)p_39`Q4=j)eAdm`xo}=)`w6rp4I63 z+n?_8Ch_-!Au*xn_N%g);BfCVg(ObjOX72vIc}azd%&$m>`}bk1&9sdC@c@CDikPD z_Fkd-JiYBNlmSV=@jcz8(!6>Px;fM&(YRhFvFCRMcT`S+?hvi zAA1OqJ-{#qP=T#{lJpp4V6TGhO2nmH#NsdW*V}DmI2LYlNPTV!nH{f>C4PZC=2+O= z3vT%u4hMAg5Zy}Y{2;>l=8Dru*)sJSV%mOXRgpe}U|BGde!|ju-1i7|v3D4Rn_ZPg zMjosu9I^N|h1*q--@MUB?uoBl1{U`@-#JHnIGsJA!c17W7HL#4Ofg^YK z%)Z9Xn6~#@ooZ&2fnIUl!ql;473QQ@uC|{u_e;K-;dJY;*N`4ZeC*fV$>fwjKQIe& zZVsMOagh*_c-5sBksQ+-F*Mj6@1QKX&Gg`KOi7gB%ehhSR}00P6f->kC#rV7CX`*4 z7s}Qxcf*BTGk8YK&L4AUeKb)rQtn3#hCZm=FZG$mYP0)Mm z%DqD<=&)34>aZ?kdQ@HvVuGzi$h`Cq5h}?kR3u|;#P>JL`ap9Q1UlbOkYin+CvZ24 zKYGWjc@!`>6=o=5101FDFD?7bp&s*Tp=*Yewkl?Qft?m)3NF-%t*eL|<7*!7B?j{6 zt=wc_nvdPSB&|RlK8QP^nlHxl4XE?kxBCgi7M;n{e&;oGuKWMb7qMk%gIEr8#za{f zA#Oy@82H#2a<68O7)o)|zPc&)-Ym?hHM*WG=4HcCT$AoonPZDa&c;qXTfXSPb^Q>q zh`B$W!#qWRdrR(TbL{>8G z%kd3~!t8>Fi07|SJg^859qg9nDBi>ZAoNS0w$eV)cyMYDc}j_(^V3Gv61orF5AInI z71{Yg54O?T@iD}8qC1oDli!RNu01lL+zt3Pw)^kQ2|otzwc%S*`&CH{@Z*CYPsbfT z_w()m0e_GtnvcmkNYB4cMRRc11Lc+QgD2elAaBb@8xOpH-_Kra!?3PVbtlvP<+Wcp zc3rU$_=#v%DZAPOzV)(*-wWf{bjc?Gq2C#LI264d4%`0uBpK=BSbnj1Om@5}0%u22MH4zJFd9agxEqoxgYCmn+GpWp%S%0^n zh;z&S`~2&+r=dd&Ljm^8k!*q`S02Aui3KPNWOjd(@aM2!7Vu}^EfsIXs5@6GH1?0I z7>UI47lFLqB>m3jrn8Q5GHWk~MmJ3{fPjfk<5b({>Og!7JqfNthhX~Uir%@(mn3{A zh<4hpmh(IEa6uq}3f_Woc{fWhtCz!%q_byz`Qou)Mb6%k%>j`>ZP=&bb?z4^|INSM zT*#BBM{w`oU85Q!Ks1a7MgsHy!#J9x=X`f!Iy=BRe{$`$-bF znD{b4tm5JTPTAj66k3_V;3gfFFY4}EO2%6PkXTBQnES@ZvEf+aPagNS-dR`Cn zF}Z#ts7`Vhpwt_R?NoHpGtgPlo=mNhnd%ka#21dwhTo5|O}bDfS`4drGwrB2eijMm zO>JXIcn3#{V&41CqdiP*j@Abx-8D;-`=X)$zN$)})q`*VTk%?l zg$-&xqx8J`dZG$}2bR9?Crtj0KHNJ~hIBv3Go%?E@nYH(K?E$Ax=tK{eai34A|J4h zP!F&1Z*gO<+!t>*!~?`s`nBEr`L-3~GQ=DpSZZ|GuN5zgI|EktUbLs**m*$5)jhr+ zOJR*BF~)(!?zODl4sr0>u>dkF{^%?>RFZ`Ta9`tJ?Pa-1cirw`K!IO!qu3w5%{M+f z&sWtl_uaoh-uj+qM3^s&+)BBx#mw=A@F9Ad}Q#0~|Fu}sd_Ds4oCi@e#2Jwef=xPLVH5vhh?O7#r(>YC;+Ujc1^(BV$$Q7UC|yp?Po&v@v|#K!_3W zjb&2kz-EMe>`XtvKYS;OUmAx4((N^8yvw4R2xVxB0I1@ocW}3-@*#?e{-T0tdY@G) zb=1f6Z<)0*!9v1trbWy5re6MduL=_+E^E5$i@!`JgaP>-xTz&a8;FxQkOp`2r(lVb z%RhfF;7(ii^^c_U+Ex?@qUbN7Da3|~KoJ8R9F8}uS#(_LLvXCL`^ z7_uI}-Y2lLAY>RJBFySpBR7CIpia_HquEl9V{DjMycPUweMCFSeoH*d7guQaO)TO- zD=n?dnOT(z^r-hYu46@Vytzl4Gek(*nsREj#meO^*k3Dnuy78*3{A(0ai^ncVYBN( zSrqkRP|+9i>%z&!U9s)6-Z0Bwllw1LWj!uLlX+A3?#FCX*iyqWtWxjYesMmJdt+*7 zU5sR;|COF=6CggRkeh`!RMbBq;tWO&bq)%JVS2Di=wBH3c#_npjr#s{t>nY#oZH(j z{@w@DZzw(A`NEmkhGxsT`>(R59cV%4V<3g%rteql*ShX@GLVYN+{@ijZ_5u-;kvQU z<+(wIeJ*TR46U^G@ZYguSOn@HQvUQ=E@CYz&|6VBz!TBUh z$Vb6|+NDlo6)9$Ys<)#icP?i^g0)Qt`ntz5Ma_Xkb0~!j-80?>;v9cVlkH=-jh7Dr%C8)yXBW(-)+*84)z)sZpO0Ry` zA||Le2rU1u3`(lnk@#E{&>KmHHHWbNKJc+Hx8mWlG|QErQ&Z)j{llLYCs7DfW!)X* zyTrA)Cd~@&$nJTf{HeF+N+lnRE${*C8$IfiE|l`zgNX!AH~!Lx#^T$?Ti4IS;Oz_K zvW)8qc(${&T4V<*`6FpSu!si3(z^{eRpTu{*C!z9tqB}%H0)3fbjAm2i ze6Au>zhOa8U~1^XeNIFe^C`|5#fvs1^N9A8;xs9Q^e!HJ|BQdj+0>+`$9bCfWYM2h zoF%vCp6Fhy!}ynMWNZod&)_hc^Gvu`q>!tl)zJ&)KIUr|I4a-d1&^+DwD~+T#*lkU zx3d)~SEG{eU|PkT(K0Og{3(LG!!^Y#CQ9g^0_-gm5Ym_w4sWNvC+E@tH_75byODUQ za{D9LYWqdO-_$}4l;#Oop)(A3Uf+Zs!nr9|sxHZ}f4PyIJc?eA76@6O8 zc9`mO1TR;VRLSTq%6Uikh9jYL^(MTc*!zx^vqq!YM<_NLwvE`d48Ebi_nXE;gZ9Id z_c=h#@{28T3ew&@fAL#CY)Q=yV@qY@-@&*q4YKWzH!`D#mwRA;Fb;*XekG=k+}Em; zZkSxKu!yWI9pMMCyxJ{4K4sOrVWofX*QtmO-)j9rU*3QFjm)&ODqPAJY`*;XaFzgA zun=4DujX(VUh|JGx;wk1=h$i;PK^1(B!W@QF}j|f@u6G+KgUaE+ZkLyCz4aiN4EM_ z>W9B9Mz;sz;R7t>OGws-(d^*%AnOlbtj~b=Kv*_yEmU_ zQWJ|WOu}*T#1mxz!F%s+L9J2984oQO%yZGM5`EBPIJ{-zU=&s#UV2kc@*UzXo{1+0 zpQxDoV4vY}SX8p&lLc4HGMB}l+kTs#s+~tYJ6~Dj-*d{?G!*8<6IMJ8-y1c&(|qMW#;o;D?ge zd`^up=N~3T?dIePFJsvj=kY<-9SV8a$HYuNXO!(|Rh)RJfDnY5?@twpAvlEu2rW@e zt-Ki&C_Szq+?I(J-Y12Q`K&#ydiVtPk}^_BlAVib+xrk^Y^LcCk%az@V%UE!%@h1+ zluy9>Lhubpx@oMmfC^R*LrSEe1jV_1ople~wuFZpq`gtCg0_>O*;EV&|ESBk*ZCL- zDX0vm{uVXDOmW(kv<{3XR9$d`>xE~i*Qdy+XZ656-@<8Mwkj2#iVfGp%gS9|30^3v z@ln`Fo`Q8cD-WAr)>{GICZTGx-)u&IHPU>VDMq(HMekRkL<@JVzoEcxLqSP{*lS|l zJk-a88lM2J#2u&XJ z0|Z-&vwh>!u_B-7CM3r5yJsYT3+h>)^TtYUtW7ORWi>L0MMw5ry{95dwp+``O4|R6LdbLM0>D()GX7W>LJRkAt z`OdqBCWm|Qe5fzFgZ?9S=MFXN?@C$$bQ{;YTUva|j@HaHERU+lmyeMy1^0&XP2W9Qi}x(X zi!MmLL;K`VBe`6-#dptU1ZOy2*2swUU-qr^$J}gIbVg^~``4=~0XmH9{Dig|K>^{> zQ{x$9`My+W9{Hi+BuUaEEN=m4qC%bZj?XhJ;)Ag932mygoF5&jX5NP-c4VYbMg4X; z^Y{S1^sSDTb~;IWoT61&2t;HE73~WUg8W9_cV?jB75B@@YGQao9~>s506T#*x~mYl zUoKE~(lT=M52cao`fgq*IJi4KeF;@suPh2qsPKmJ)eaXxgnP~nJ$d+U7IqUH(GSIx z0~_}#jg_nV(x)wgg?wAGfB*b7BJZ|yVuoILPDnlOVA2hzsOuFBqy9488@(Vm;@SLd z6p?*Mp)Zl5Nr9c2!Ebzd=!_qx0dw^Cn=eAw_)-5>+w4&9b`5gqncJuNHSELDFKn;RjQcZ$+vRNgWLKU^!Rf0pgoM9<2-;}Qw=K(( zH@bUTJ~}?+u%MzHV+kJ$qT4TTo%8$Ke?!uha5JUVBoyzauG&YGw}+R-$e5H5(aFlj z=+R)#7OPd&q3^TA-Hj2H_4+1Rn%iA~z=t;1%r)}u^qy9ye@fiXz9YOPiIbQ6MBbFC z(_-1#{M*M}F4rd&q}C!Q@^$%Woja{pxFg$}AHd=CXtW=P?;eoB1ig!`w}@hXmz4FZ zIa*g*2EGSLp=)2LO+QRPnK-OF;x(My*n>g3ZeVP7ux4WnuGE(tyb&qEyF~g)gF*GD zGF|SigJj=d*28kzLx85^y<_FuY$Db(alMOYn4X6DTswx)V&)LRU?T~1aYIWY)621j ze_T0VS(gv?7d^T4xA_*VeMz5tti-};dgMQou&*mlkhjYuK4FG^*(fE@V33)Py#;G1 zj4Euj#Col?4;q<1MGDh8$q!%EaT(_yQ4#XRC`lv>@kFA{+nqc≀SQF zJG*nQ@9VgKaEZb6Hw4lNQ6}?PJGXrb%;T1k@u04+X$&+t51&%I^<@6|B=%uVOQ^Nt z@e`h|HfS8Q?@UVr3{=Qvcqr0Pkf7IE(au9=@C?H<(H%AUUV6xb8-)P1|CJE_7!8>d zRUT4%G!`b?xRUt~@QM1Yf0ttVSbMxN>z5q8=^q`vx#Hb(Gb$*a4u4UeSD8Rp-#3}J zFJx^wxj}J$R!T)(qE;JJMDu{Gc@CoLgT@rJ&P6u?lB?pkFqYi5OpAM4Gz^j!H9$uX z8&e!oiFC7KzvrtW2+GXi+9Q0d_w@XF69tM>*yIsrx8&KNMKBr;FVa2JM|KYK-~PF4 zu*c|&`&?gG0Fuojk_I+k(ZWPe+tu@SW4+p|}z zlJF$=sulal)!TDK^i^!ReetCp3)p-4(|_6XEsTC_*-`J`#(fPy+Vz7fu>{kH=W@ss zRF~KZq3AV@UH^HsEW!y~>$XQiWbu4E2;UXtrJy0w#XZA>QmgYJMVU!+Gu$7b_gUe< zYS&2^6}Hgrzo4dJ`?01A+79&!W=qYlF5xt5tR6B2=t#GjJ5s6HXTlbg+ye(ID8dc8 za2I}d1q&tm*j}j~p)=6aK0+$Y1w((biXhi>Q*T+0pq)>8=2V!ZYB@#3(#K zw(WR%T}6^2#|tZM53vKx*S=*}?Sz}=ug>i^A^GGntp--vW-(fa%pXNK`Y^GykQ!tH)oUpQ3c665APYjzBbOvzC={SA&y+OAKKTd7} zEoZ8&myP^W5(h?H!4KZil1c&P-5H)MrLfNg9qN%7o4S&B#Z zh%}@|j=P`@`PSjW$G+DaK+2>ko2MZ!qFjF%~K=|vdcKx`J63rK3}_*-S4mH9GT+j@IErp3)Xc8U-ia#;LuNr^DCo02Q0c5 zX&sY40!?%uR&tx&F@y#}bB~9yBZl9&YCa~Br0X`(QwF`k;jqu=_tUR%ZDq=S zVbOSdK#S+b(5l41T8t^06@kZDAyYl62f&2!_zgHQF0b z71%5ndw)Tslz0GzqUIIw9}8j+pR<`=UfBag1QE(7J?v~PyL^BdI9e%AP)`x8&~?H3n2MlTI+Oa1$SmI zD8hr{a=2gdsa7QmP<9|sf$l2YzVM$MH*#F(iIrg*oDH;Kw!UbQEyLQftq7b3`CQpk z82sHOci~B)Kz7I0oBEND@4nzbAiuPYrHj}+f(k>QIOg$NGah+$_H+XoHHBd(1}LBl zcs>33IsmdHZ_ieINUzgLPp+sc!J^R%tmJe-tgGY~Doj~2ydK6#NA-wpOhcJ$8@>do z+K`)HwKr){9*4997o%VN=MW}rK9}LVx(TI!$ZzMKw7d>P_i0AjEL7=}o?3-Gmp`Fw z)|@dP>^sAT095d8H19}jp%Hgq&kr!MdR#}(AE18o>>~nWMNcuz!~!gh2buBx|;eM^$a z3vGHpiw2?-klfZi6RlA02_M4YBgeD(E892e|Bg|k!zO#+nWYD!TJ^J#DycTU>aWDC z36^h96OJ$&(NMlVM-I~lepV{5=Ol>}L$z5xopW)%;n~J~Ck7Q+KQqeG1!bLYBtIJ; zY?F;@dn|wBmSnBxx=&+x?lg`E--|YxnO;BWm6OxlvqWbv{r5pgDL8WF_UU`f0qt9C z)o%@lOL9>6EUQ3Y`12pupH`2H@>Lf%lmo6jk89qV1GFXPN9`WLWbtMVf7eMds7LdP zDe9IBhTt5aOnKZ<6nBoL^FWuoH0*&RzZcNaoB+u|OVNb|7&Mk5v@<%lLK61R&{Dps zww{tF1cMhC)+=5CT;TFMV3`)@on5FHeqOtkSKUEKT!h`u2%#oSc(u)&wYSVuY`^Vqdf}8{XkeHl$tya)|KE4 zG#)3<{;Z0>M;6TtG=ArLb-eKg6Nr+uoErLK#qod{h-r(k2a3qzs|y8zuupx@X~OP zeE^_UF7Mc;9}zN;uFQ8YSfmzMdy{DzE{mx}d-fBnD17b31FEVngXNB|9JWkTxxqe3 ztbKc$TGoiTd@&!63+;&>mHXB!2u1XRI@7G459jG15u=+Lr{#qHv(P7R5?anR?Ot6I z<^4ApxDF{T#WC=wDeIlST!W|BL&vMc(6rxKZN|e`Z(Gfpql#~(8`%8KI&+{ z&}>bz`;CYCoB{jX?IkyEWxvoJ*2gap_055tJf)NC3651pdK?^^lW7{>kHQ&NKuP-q z{|f5B<1R~3@^<@r%}?~z7QTM2(dm3h1$0%{Y0#qR!6y$< zNGD+dR*sQ%pV5PN`UxCz6TJCGtI)Jq0e!f^HFjT_pFQ<$Yw>fBXYu;Z3RE1rVPjA9 z%0G#S8rYJd7-7Cd=d_iJpLTKN>71X6#5=!IT7ZsuoUW(0%n}+q-4Gk2Ps?hSf!dg? zx?|HwT6ap3+2b+@5+z(O(98}$dF1cKop?{*RR5ZBW}s9h8=nQ{Bh%inr<>Bx|8Wed-#(THMU(s3ZqUF8$7NwWV_36ZdJ3x+ zDa^s;0R`5ok7IQL+Mf^3Z9lceBX01z;NqT@>+_YbA@DeP;L`tY50p)k6D=FoSptv# zK^=}7ELrj%=N6RYzN@K2e6|Zkey`1Lz=2{me1=B}u0C&1_`;3Bm&^NcX#)Q24-d3D z1bEW%$No_RBw*@!^h3KZ;5^JVv(9P{?#LQ5)bNopQ;2-G`m^;p3Wvd~g`0I`5x8Qs4~@&&e!Eu2?Q^=`M#GEd@EtEblI`;APj$=9 zgKVXf>_@0AY51HJZ))Gs6WO}8m@(sMOmr2JuXEEbEyXxA4!YlZtO5F&hk#G@2$tHm zkY?!qAjo6jiY(er-P{Y%H*1d6vN+h$6b9 zt)G0b;mfY51cCI;efC}qt(|U0a0-gmgh50^tFR3w(E$d8)*X13Q|Ybhe7o>1by94h z9Wwej8A~2ipcllznjHM*yoYYNaUIL@XogRigRQV!d}*QhIWW9%MFVc2LicfB-OY)= zqT2oO!-`{C-0E>(NN+WHV4h6}Lz_mqcb_J;>?p98qoi5Am+oi)1-RjGbEcIF2zOs! zz;F9@2V!5EMNF@I`-Lb|T~!cnsRO*UUL}1Ni@r1X4_OBS|18$SB;)u-CPSfyZ}!=Smfg<( ze0+Fj;-^JGGJd=+EE??B?eX}^qxS#}2E8EM6~Uoyh9IF4zpz=D$Kk}ET5O4!bX*g= z?w+rEkjd@qr|NLeFsAWsz%aF#o#=dS+?#wo^~XkdO?aL3vz!5W*(&{TCSONGg1P1C z3No^?)P(kt-{b9Jw^#0>XmCZJig%J@cdFc>?2MIjxOT?hN&RMz3i&t^M#eLHrL>}PIa9*(5 zFD=p;oekQjJ6WYnNI0JKg`Bd(^VSpSDHP%rlJRV#eE9kO+mm^ThNBLf;tv)Bq`nz%`GqIAPYA<=ao!`-s zk)>OVj6Is)9#`i*t`mK*efEbIaZ8FSW}?DYA~6ge>J^FG(}Vt9ZUOR^NzzS{`-Wo? z{Hm$AhKB;pko)z5-NkW}06D4g!$lC|@!^axI>dDp@4xIQxi9cX*W&$xo|cpc|19ru zoBHt|198PbRfKaspB_0O%7Yo4!;`x0A=ns^=m9|BHNrH(f`!V7R#1!C7AzS`Fz$w< z3Rk%=7bsnNhBusaQ9@=IsK~gq{wEMNrMENFdbt-KM z`ykkU2DQJ|m!vzykp~GX2=1~&Qrgy@fq3G!LH=Q>Ll8&b9L9bdLASrxWIuXA;`))> z=-B+lBl4$r1%gE@;Y3RZuWca1eSm{k2?Wi!HA(@25l9^Dw5706DMo9hzg$~B&CRri z$K!P(Lv%cnVEuVn^m@O*-(`;PKh_^it@M@W#bd{_#B7}Gbz^O+Fy@uVd8jmitHa;6 zlZYV-`*3<~KdvB#P@KOcM6^UQnFU0%Z)jDOlP7mw*9k5-5iupQ|cxntn(~YH-0tTfpS?|nOvJ7~9 zxHX@P#wg5WB%vHH>+|{%zotzE+emyhxWuPEcZA)}xsSaBIvY6%u4k>GnKe6ym#8LT zm$#jM$GCb*c7~=9!&g%fgYcTcyC@24s4gM0Y@W3y`_(gF4=h3Z6=nCmY53ld1AvTo zzR56$#|`b@(-!-$_Khv^R7iJz97j4!E~?YDszQ{^*DOBK+(|n8jhyri%`1>!bE@3d`OEM{Z|oF?fKsy? z=HA=)#KV8JT5rxFxP<$jUW7CNC1l1zsKeZ-x$sfCsbkq+4Tw$-psLdzz$j3gpEu>U zHqJrD;Gd0-CeN!*pe*y(W&@S75$f&sP}?IxR8=aQzrZ){`^r%2x-;K$#f_@N6i={- ziI05Dhwk=9+vOE~haC{=mCihqGbqTJd3{;|`m5g~VI;MCLvwH)f49n`$v$o$zR`U7 zpME_U+V8eelcWWSY1Hra$Bp~NZ%@f}_}SNprOQv)ZdN^`*X3}st1A;ag12Xhi9O#C z{hHi*^GCxux?ZF4fCEEjFuLiDV1u6j^>WO>2f#m-+#k zn*1K$$n3J#EPwa}GmyniL-p4HMhmtVg~z+gMkj_lE4-J=+SobW^Xth2Hg zCjn;XC$MhF08wr!E>Svou^bZHR&y4djB4WoWSMN6-f^x9I_)rzV`u$bTchne9XV3w z=6Bh8n?}<(=ViJ2C$wl_q|qRQ<}_W4GEB5kKD$2?vPDu?;&qRPh3`#hns2_o#zUy7 zRmwFjTy9@mkIj*20P0$kh5gl-IeCK;Nw?cwF}P!ZGPXej$}1V?V`9VjqRsf=N$`Jg zxi>#hHExNMHBT@u@_*%Pj8^nGQ3SO<0AxKdKh|up8G@9sY(IZF@_bO(_Ot}8H(tMO z*6+rP5uAmpu+&o$eT_`og6TenPk1&j2Bi3A*r&utzS;rWx zoI~o64=rZ-6y%m4?T6{B-e*C)FdPJq8&hdb)iDXd$!J;q{{Z`^Cs8rFMSoa7#|fe1 z*`6c+eGkg-ieK+SFhzNqmT>%JRY(?lA_-9%TUF1ZTTJ|PAvZ=ow)~-d`R_2{Q^xwF z-S?#5hWaWsndR$e_)BF&pk@P@+KvRMyL!5&Dcs(Kr;wty4$c#mlWYa&xa@cZo_&1m zOGT0$4p-%@$i^A_GtXi#&n2$C8`8xK$oKj05mHiO65rLZYmo8X%c9!fm&E}l|5%hu zu#cQlfoGIZ=kZm20djYC7syJG`+quzj`io!lw|cA^`+62vqLr$aX(+~`}{o5ZMDDs zD;!P#j^l1V6uw?Um*#v1DqSjR?^@4zjODZ!#$%SY3CXrKu{Tr`*XX_#q2Y0>c^UUB zPQjx!U}Ns1K#NZ?D}6AIl6(k7&KOlNF=Eoc!Z+l!3D8552kpsO@N8?SWZ(PWbWRRA zQ%b|BMY;As(tdqCfqw9^AK%BgUiihz;x;hnADWWHvj_B-VT(?U*6sKCvL}0VNxtkF zE#Y z{o+X5qmTN18SRKW9zzodA3e2E#EYy*{Ijygjg-@@a^P>!0Q6OgzY+gsA-cNFRauTm9_<9>k+K%}265 zQVZE!SBr7L6sznqJ&#L>J^_X?RR;VGt03YrsFqvuIe(ySz2y9fI|*6t+chI_kmOXTe|*M~=)EU0+DiC%Oigo*6A)Q2oNx(#@VrH{ zmi4n^RZtxq!y&sSBe8b`%}jWQXjafFptF ze`}r(y)D-Ywx)jtdG8J|80vKS39GjKjS=xEE)#wwl{77ahzPUGs}DIdyyL#q24c5R0M`aX+R*|8(a7T7mt1*L}~EP4BY%-ou4M8X!@rA|P^?S`ATGM!V6QO2qBZ6e|2vW8 z`6D=h_cJhk<5VHOkc4sLqT~9ah+C(2FZeFvq8@1|Lyw?Lw5rb~=4mp*g}wq`6WU9e zr3^Aj*GH+J!xag4h4#+XI`kN$U>=ftlyj+4_1PunvwAV&ehs;zfUh%w8XRaCOC?|o#%6$)6+IwxihMK z&khJ}a_HMm4;mOnXY^Z>T^^GSdXKA1y#!d`6~>6p=%VwV*LwY${K*On=XB6-?iZ40 zsNl`Ugxjo}PCzK%OSgTRI3pu=FUR6csld%FsQ z#zM}P2yc|6ABm28(?qYpZg3zh{Au)g&M9pEyt}{+JjyVNj4h3Nr9Tf-xDniXQ?jey z^T|_S$@=m|n>z>lWfu+-y4*djDABzfmAOaC-l`cQCGC52i`$)mk4|ZN;;Z8-pM$@G zaaeo?zBU_Fi~c=06T>h^{p33jD9th@YrdCz3#LBK;ExruM*G|zeCLUZ{Z|cD1zK^` zg+)+ar@uULjgOSd>J<>Fm3VmKgCl||*^?ZyH4~ip8P()VJ|OPkjzng{Sm5ndZsm85 zINP;u@b4o(pjr4^9=0A<1GjSaIK7h9U&_W7kJk=$19U&HsR6v+$FjcPVIcN&T4Xix&nW2IMZ|W+F?uTbxy8Q=Avo~`$h94VcEzm!40~^_L zfuJ?v%RQ*Xs1-kO9FSCLEs>do?&`1o6C%T&KIRL$hmlaXBJqm*F$bXV_LarSR|6^HlU#O3TW<40gPTpy*k7#10!({`V-$>d+v zYY}BT&q$VaO{tBDMsFX<`EyYc^H){p@ya~k4T-)|;^_x3$Nez+XCcL@_~RQrKc98; zaav!)n4pwrAU_V*OJ-oLSvAZE%D#h92u22kqWvuBkO3~)*S>l9K{u%?GjBjp*d4~Bd`z^=IMcqEKYDpTIl`gRDRSF zJ%N{n`^sKt3Olu}A<8(gzteo~lh@lp9*^9u!W7Ku+G7k^zkXe0dtb>?WBXjf<>zgm za{*wnrS?&0U+yoqD)#`Sfq`-n>1Q2-Ui^~AEvt~)x>r-)c>@I)>aSs`{Qd)1Aj95( zAYxl#5=_MaZjSDJ*(c>a5u%Km1n?GW#n2L{;2Gci{1tCNtRzo5{p2LQU#5|W@c*kS z5;Pt7mX758d|bnzG=hkzE^fWg9R<=K`$t$O*s62Cpx=H@X(QIX9`;ND{&7WlJTR|{ z)OmQUsm)iir;k^NpZR6l!Wv_{Ika{2eCGKU6&-C$uLDpXvD?L^FZHZ?G!|XNo@4n9}kDJ!O7x6cHN|*+s z&4w3{WkB{i{GlEaOMmYlz_pYI+kFiC?)a{}BbyXsR6;=B?t(b9MhN&Md!H1pB{~f6 zlZO6%)&1Ed^OD#QkE`=|;NB9S z$|PF_9nNMaNSPZ-_rQviBEI1+_tHfgXEupRloaXOnd$VY9<*Cf zN%iyiD=fEr7{GQWEkVJD^OmMt4U9%JAtY2Dh1Y0d-xm0OQibip4f-xr(4SgCFoAVx zf3SXr%ZL5-!V3~a?s-5j6s(2uvi5M9>c=bb!MaS!9EB&W+p&{kTq;2`+{%520T}N4 zQ2MP|4UeCN9Ha;V8>rC?qT?}VaF^nuI!BK>1W4ki^$Qih3HL-7E>$mlOVtuI8wrr5 z-B?KcVkAFjvo@*REe$1Y?4C@fvXlyuc1ej;)T z7Uu`^P+9g!^xVM>AOi5H7;aGxr7bZsM}KDi zK4;rsNZ5sB&V!ZY z`DnlaF2!JD?@Mq@BC~dw!3Dd7#_-35pqAumCG+SuFMj83ZYV5g|c+$}yIBK&;wc#5^+LQeY za3r)g3{d~5)tAg&1j(62NSVzc8lWVtovtkZav|2uA z=0axeWpH8&h=zuJHT@~1eBxW(zJ&Q@e=lxxt8~S>$9s1#yEJ={{Y(xufOKso=3FHH-i~QA;0lu@lb8! z_4|Kh7|nj>*0TfO6CBU$2RoPV;@<9}lZ+lf-qlhu(taf}{-_Q21!wlxxYk z=dAvom%ug*OH-OJff0nH~_xYQX0L;$JjwNg>**OxOTi}A#dm> z(l|cG4_;;Y8@B%MHe1K#c!M)|=TieYKmN*{dhlf->w@~=OVp<<<6ZZX<$k0O?kD=> zYzi6f?dyVdzRywL{1`q*bbOEddb3}#VCh{KU-vofs%8fJ=!|*(g-Xi6Cn7}x`2F%| zTc?wrRPr!Ccln5BUA>SOQ<{h_C%)E}^k@wx?}2+nN?vb$@T23ZZyxi)P}fQ+_%~g= zzqehnh2hj(PWmA@l<`4wUFWFbm)?)j?yvCue^M~P-G)bWRWNfgBRf1SuHHHQzM{?Q#x;BRPgE3tVIrPMb2@C(W#Vt*Uy2(j@9DsLWFroT$#Ia1Y-(mQ{ayC~q#DF$mfht@sB9Xps9mBlzYoO&!VPS6DPmZ~NzjCMx{j?yK=O;=h^$qL=4j z|A-&%$oz$#PwmSHDYOPojFg6Xs2u>STe`E)4kglPBC&K4plBm2IeafrjJowhaCJC zfcbe+5P7PG2M52OWGpWCa=$2NinHB)Ys+D_ReTyBkjS#9W_~;gOzUuc?Sv;!cMion z`|^Q~iPE5q;>Z*3seON3RwegqSmd+HU6T2dA&Sa(bT@vfa;L~Hp^A~iaSu=6n}@qu zK31QakkK{H?UByLJ+iOl@T^HyUrN^nX=^D^Lo&DyZp5CPX!kdsuknxGkLmZnkf$Wa zzDZoZB3YtUD1b2sK`2d5lzwRGE(mA82{K5w^A0{Z7-gHRi5RaeCpBkR+25--6p>T> z(bqDT6a|3_!#%LT9~L<-7TT{i0Kn~iD12%G9p-w6Ol;B<`*q%@Nvz_r5dO_bh*H_FfHXLI*Qqr9-Vn|?R3vNav4l1 z@vTYjXL8(;APVJtl6l{)RKfYpmtGxGr=m}dCTzpoBFPEh%hu(WZ67Ky)l-*U$_5Sz zm&;e>efj~xAr2B&L392qAwHn9GxG{v}Ee7}7`u2qc$IIT4c_v0qx7=1JzP zlj5@`k)p*J1Y)cnLF%?ll3vsHNx~)=IAXDw@v%WLC(^}heZa=M7od9=9lJLcOurs* zod<4IaZHNR$fEF8%ERHFRK3Dl(aTTKtFd|b2swQ&p5+imGA~K$i01U*Zku5eOsGWn zeP}s?L8@j1lT^dGyK;W>g#@@#;SHSQ@4Z&iju976e*6N-e-E~xnF9iqadBSX*DHhX z&3ucOjY-wWB0UdKMng`+HWs(_zZd17~!q9FCB%mEK>4`yxHc#%}YM)463OG5oAo0E_pj-HuG}%$HIR zo8&kUhw4}-5b`HyN7z4Yv=0Q~76QR`MfPG@65RmjJ-7bWctBcg;tOq^#RQ}Js#_g) zafUdRRpk(K1Z?1489x_3aCyemEJYlRp!xY z?B+=%2N%udLpOqNwan^+OHkdhsPNs@RYjDyWutF?eP@2?Acash7)_Dm`QU~X`g0t+ z0dWjR@mM{8m4o$@--G1j_U}!dY{8@p0%H3MSaG}bx>^6`wW5KZ0OX+m+0$c5Y_Dw19M|;82U=TPfM@Mr1Z7FY_0K* z!uSjbW7Vin%{myTYSy;(jz0$L$oG8iF8WfA<$*wB>pmfU;3f4<8!vz7NF1qP<`xGc zkbmhO_<)OcY2NWma%T%`A5s{KVx`f2&od1u?cb7%!3u`MtWW#Cz_6vmGrFecQhqtA zY9gT+mF<(Es9dKMuwbzlKKRMLKv@ATIj>?DPwT8MG^yXe z#?&)SC~1EC3SzPoTF%S6AHsT}6{g|#!H^sH=roPEP?!R5{C*P|hwk{=Ocwqj7?GKu zedLfIt)V%x+m}UN<5k8>lElj;@_~jt!5{U?t`j*~@N0D;is!;HKQ^!(#=!uXfiD!k zk@{86es- zYJ0+DHv*G6h+Dbkd}zXG>;9-5J6avC`Xe$SURuijUeNfc*y2xIQDohA0FDeviK1ll z%ln$_5l?XX`0_hWq~gVO^XFMHsqYb3l$my{Pw%C8l@Js zkgoa{d-V$IB~(HD-8?zgK8@4YItYRA0wkw^j}7f$6D2y=7Or~pDa;CAns3s%w_xN# ze1Ua`9YR7~pD%KMOa3*{;@BQ^BO^-7{ZY*X2rPptw z&#e^-b&x_57WP+t!iKN&WeJHl>M(eY^W{=B<5)N6wy7k|X3i1k(~#KJ6L!UfRC+*8 z`7<2rgVh$;#BR6mA*p*?QqB^83fw!Foa)T+@mFc_D6AXu&N!|)B?Bcpdjuq0n&tbx zjuVIhXvKMAVyek7|4sX)3#MCcqrQ_49I}`CVsPFoKLRw6=IBYU(}u71wL6~JA!2b| zB=4SHAI|&6+Ca6N$IuU_3r-o;j!;>KJgQR@36JnXSM1>qfRK>!$K-w6EjyToT|&jV zUPmkxzu%86Vmv+;!&ATkvPYlQA&^gax#e&n1z>siU}0mvT+coq9LxB7;Qhb?2+$@) z;|n*e_5R{mrUdnROLJ|_wJm|Snez%Xn77q8<%-9Xg^m*c@LgY0KYm9Q_5}|6?sLCg z>$^mu$RFfhg^vYpW-Stz@eR)JWp`9HF8CH9_!0{PmL>ZvUL=FpjfC&1in(=7l&#q( z{1?(Srt7+~IP6hZM1C*25csbQe~OB6>4DQz_$iujliQSM3G4kDbqpV(YJQe}ydJ{D zmb%W?4oPKP&dz)W|M`YCCr| zJZly`#8hZZ!}lz>uBWtEvHKZ?B*ZS_`i+M7ZSZ`fR3C>z_)sv~v$UsFE#Z~a(T~m{ zDB35jx*W-d`0IW^!WLVg9h+IP7Sn=)|2Q2@TShCk?zfZU1ZV;I{OpG-?6bcp9}#9P z^W}DbAK9YgjZL!opvGj4!^rvobrdPlMBxZ?tHP4TLHa6~z%4&Ql z#&jBEs@JPKb`~F_cxm9IX}B4FXNTV3Ho762yYAuE6k|*g1^-Bk6EiZQx~|xocvR`$;?tNa*8NOV z_K&3N+EP^8qQ4|b;8CJTkc{#s3QCe7`RjX9eMjBXRR%=ZVTBoFK+4+N)c5+mk-K$x zEZ%XS);dg(E436a$J4%6?Rt)AefBd~#g`se6P=3Jcj^u&+ITtf@-^S{hY_cP=zwbQ zrA#}v#&;{12LragWw6ho5ApnYyl&r7%f4i%LnOGNxGv;dgy7t5V*tGk&@b3O-5ylJ z-aJS%C;3`UD6Aq8 z|32-wY+c~W6e4-%L`ito7UlfzN5MsRkYHuIF=D7+YY&FvP=@cjV`E0B+ zFZhpCIscUJQTwXpVv|N3BHASXEW%1q-uBr-6pySo#vk@l@SQp+CzQ`gy&zE%;FOL& z{s@68vug-ezm>;~JMKs#kz_um?ajPPy9`O8rOY;#}D|s2T=um)hY4Q_(1%VU+XLH~PQi>c1P6aHAAIsweE|=Jt9~fdr?|S%9w9b7!U*q5RV3TUA?9Mz z0iUuFaW{;UE8Svn4~T~S(_zVsG?TomGF(~bM#}b|Nx^2*a(oiT>xVgY?$0)UQ%oD^ zNv^$&4tTOaf^aH9cT+)P!d2T$(2WEbd)}=i2u(DAKl{S#?K=%Ux^wF=1Y4X#dlCx& zX1O1qmWSrxwbab}pYi;eS>XZ$O!`Gb^_o!|rpeIG;*3N)$}Hh=A>z<@-!DoI$NlR_ zq940L84`cO1HpZMd5+_aI3pDDdjCmHvhpZ9AL&;()R6!*m~`*u=}J)cmkv=dW~A+! zLIyoMp2At+kLW%8PDH5(&fq{{DgB=B_ZF5IZ}ULz!)ZNHWywT>NNrMvAvWfY3-0Z9 zfZflxy0hW*QTXyDJed5Hbp_CpQh+E#*&_7^eM|~?p%%8MRt9kFX!p%cyx4%6)e^r7 z^Q488HXg@)AnqyG=QO7NvCSLmV;P?^enE*89)FR^1lDnYz|X@mmH_}GXu!3a;w#Dn zqO22YMyRpY=T~vamdA1R-0^!I2(caI8=t>)b~);R`%TzCFL%cq<5{=|CWQezRJK11k^}{!wLX}{ZjT>F`4Y|tQ>D$ z-Nh%(iEWU+E2o3m0UG#Zr|lhT+r#j8!4S*OV&AXpw!<2f!%ejsLP@NcmGw;}MX@|@ zi^*pL*E;R-y~q!upWncNFpazx4NDZ{!agoE2hj_>{|5*)T4nrg^S>7V(Xm-A1fK-Q z`Qyv|wDrm0d`e|SCecnEhzP2Hw+T)NLen@dWBic5{Zb!8G9`*dv`Ntjk6vre0n#_2 zOR@y?QFAKlh|G@2cpmT@BA68JoH9|>&D zz%J4y!S)T7JY1{&a&@<#ia19AGm}jqeG+NLx3z7ziL3djXHNck8hSAu6zQ^(y4pY2 z*m!za%LLOe;cEG&LNFbpaL2g_>4knX&V^4hbMtVyi;)^mE_3Ya#)Sz=t<0D5_Pg#Q zu(dh>D7K3of4JWGybjz3*w~*GZ%mLx>@Jh5RBM7_U4Jy>Jrr{XCKG@63t_>boTHEL zJyihU+G&Yaa<;376-BtG#(A~kaTXkEa0E&ZEpniI(1&|bJeIeM5bVnyO}_ks`DAD0 zOlPlMxtzN}t)i^88+lWQ{tK&?{UeROi1%%@PF|O*Sg$5?GhuK?d7rD-(c18fi9JHc z)-hfTdJ}bZK*}8i`l!}9r}j2~cQJb8kNj$)9JW2)+qtZxo}eT(JT3%;Kw|4VDG9mj zItVaxQ`up!JR`fm(~ifYf+~E1ACb{C-+I3%F*ab6U8gEgGOMJY_vfG6o3cke5T4fQ z{29;q{g9WAkp4CUbz|Z|zp8+Tne7Qk3S50Sh8ZaGV{udnVd@|Bv>H>kB(@1IdSBZD zKhF*X;J^C#Ng{-O)LB(})7u#{imhhU?Cavk`hFKG*q4xA4wu0FHLqxUbC5W@08pBA zaw2Y<_W_=z`!;iQX{&L7JaTc{n#*(^niA0kF8eE*{> z%W^{|=AZMGM%(R3K0#CmO=R|M-K`wDfE z#y7OXsaSA-R{R>D4Eb&PVo1@yqiu_bnAA2u$?wPkv3Vl`|Mw#R8xvoUlme51FWP39 ztAwJe8EU}HaKBFb{DG||VER8KaY`M&$@6RUIS%=>Vo@|i_(Xpy4iT!d`ct}c#A9XP zWdS*A3{pixXd?vQ{Brk9>Q+`j%|!_whe6T{)wHE?Uwb8C-xKzKgC}hgH7tZKA0dyW zsJ>Tr^4>nrkvY385}9M0!RdqDMIUJ|ONP{alw@8Mp>QXkq%m~o8igwnR8@RP_)E|6 z-T+0VR~XR0)8Rf?Ou=Rg1j!{%ttRywnQ^bWVINEBZ|arcCT7j{Z-qcl zaaYvuY+A5d*$kEMz(5_*V-vBf_BFs8@A&T&_~s25e_~w7p?+vkXAu_R2=!Ksn7A$uhzk_MF9d+)8Go+Bn8GBlCC%JhPPDBNC0i%6c~z8SxG zR_^DXvc60{xt`*|% zJtaO)xQ#cDGWJf5p%6D?3HA}@EXFYF{c0=Q3zew1u%{L)|8t5z9OM;w_!cEy6YWYcf zZ!qy@IQ6_2uG!^Hu$l7w_>`2tRW4rx)7g`*-~2AgDyHbN^zIikz_cYt{&JtVe7B>l zrtvqoIEiigQrG<>k7QPT+7T=~f}r~NP3^I)#}}tfYxhgiAgvsH%t7u{~WYt^R!9 zq56pzmWoNzAOf*;v1qne4mr&83f(zRwh$DBpKI&4=KY4;Z}ZVT*i{|Ia_ydY@2e}T zMSSQ{zK`syY_yYxj@*^Q3qP5xbCpEzq0#WR?s$kuHE+KMo*?>}zQxC$Gu3H7y=!rU zRz|$<2ZxY4k5m|ww+mk@PEYu(pgJPuof}^;zK2W`WOc~j+aig@U$L3HC0{6=7!bH(AJJ75{3*qjOmic2JMoa8qM`n;xOol z;LMege3~b%-(BbS?|E$Lj!uSa8X>0H&uhH4lzLA1FZ9RuzhQI{{gBo}?_2h|ic!U| zgBNHHy|%ypBxht*6#->J|K@`yvDU-2dFg!(hkO1IntjX|S7&tWn4jSI0sRTw3xSM= z_6-x%%d?n_a8GxsV{(MlkFkB(u>-tSGNI`wzxI%8++QFBLrBP;w<|q_%M1&FNpRn= zb>3szEq_SzZ~bBI5e#P&sxP~}9N-P7*RVhDXV23of?=WWBrFdlM)Fk34K!_RID?$c zEx0HgM-K0}5kgdSUw@{O2u+lqbEdey{*LK|x*rs5hj~HE`7jsn_Wg2t9D5|cS1i)P z#2hyzaF&CL8pXC!H{&Q;tUQTu-P&rpJ;hK_KD8?xtUs%S%P&Bnk)ad;-Hc-)tgKL% zox=5z3v*of+}_1#jfhu6UZc3Iwse}h$Y-K`*dCyJ=)d3R@O$)J8k;6aK48awDe5^D zw}@F*9DSa?`&{xyAa9Ffa&Pm;?I1_5(Q3@^?QuL%C2{;n^9o#!wAT^u_mE`N`r1Ry z(O|^uX|bTHW?$qv-w(w4ozo52{J}+GZ_o%jy?hPUFn9nAx(E6ey1K=3;xs!QSRnT) zr$Gk8yau3QPN+rS?u?yMN2HF*ovge&4BGS7^{5^@VWCJd@<$Cl@b2do0-b@vD0tpkvX1kcf}@u z;jQ`l?ZMdlqqpRK-|BOqrX*iH3}WUl3@yAF=^oUy>Rg%JG%ei~_ZaJl9{rGx`zhup z#>GtRLdrZ(1N_lB*F3xKZ;Zki1{e*Ym$v`l1F|>F=UrPQ0gV^D@6S7-5kKwgyzkLB z?Kp;K^L2lZ+O%vZ7ADo8Gl+N&4hDVRK(TGOb5#MQdlXH6;R8}*eRZ7Q-qnYCpI)wH zPD8b?a$^~xRm1OVN2lF@$x|=s?GCQ&OpDwk?nCx)t#3T~w>Ma{toG}S!U@PtI1T)m zmPjryxy)}_ghVZORc$Ul`YxlPn9!z>oSIOeraO-zffyn&q*M!Ia zPd|;F2H-J0R__po2~YoZ)twq-N*FIEM5A78Kz8c^Dl2QoT9OZ=pWq_eKeqj`8<*Wh ziV!C^XSz=@H^D_$UF5_uYpSh&3T)jqeeU%%)P0jmCo~To`J^ePpUv;XeiGB?A|b*N zh!>i@jw{N7QkjN#nmYncAOQ;M3In^I0RK92zIN81*4Fqs;5`&4g&@_&MU>C3`fKSi zohV|F;E!x!_;;tAErF;t@zOPt+~@6}N2eq7dl>-OvQq6=!BeM7xDf;UdH_;MxXb%_JWGkZ)aY7_<64A6_qaS?F0UB#L1eoU2JI|~ zMAsS4y*jg(OU_XF4bgoDbZm%Ixx)e>=zgh^Yy7-?d~%=4kyI5j6r#f{s7E)KN;s4)^vQ|a;cgJL>a=#TCYR+R<7r7&?_oX`}c%G%0Ia|)}PvsAOPKz5o%^{^4I&oNZ?;w_~P0bn(6?OZM8let8P-=!kSMA&=S z`y@QPif(=tnS6cShT!Uvt=6U$1#3^0J_G)qe$Y`&E{Q&Z3MzmFhf;iyF3)mJRISHL71==K3;TL zhao)PbN`q;oj$2nH%5+5=2XolQ|vxlkARs&{n@9eqra#{U2Y6KJ8^r(1xojxrf%Em zP(Fs~A=O`-!nDTWE*HCU@u~QgO2V)1bjORPHi!05QlIbHH>i{wn5Qt521_R+m`y4$ zvF!Twuk>drhki;g+cvc z$e;7$KXfGSGy_3@)U3ou{hx7h45`5FMEWfh*qD55V!vn-XRd!12LZxVwP6PVPHY8T zxuh}2!0T>h+`5nRMlK6~ZeeI-BSKvD>_Uuk5k33!rA%mGnK?8@VLTHuUweV=j>zEh zL6XN6C-X4P?WO+<2BINsq_LRc)iY56~iQ znr6Sfv#}jg{clIG=&Nt`*SZ3Fk^iXZu&8FYAz>-I$ zJZM+7Cr);FVhpf=y{}yPGFSPH4IOV)xD@GEe?uxy!<37KB4x@5|GS~AtpzuB1NubK zy&h7&I2q}T1~h{ZzkThKU??+1fg^|b0k;VwM%beWbP*<*(2TKEu1`H`8+Mu_^YoB3;=Q?R3O_e1c$zlsJIuMiHd@o+ z@G1+%V?-X7-YWF#(6fy}iia6%%M$m>%X_^20%U|IDO=U!5!uH(4J~@c)d5-OH!SH+ z3cCR*Z0ZNC-DHWA*3)njd*=dp;oRU0g|F8KUHqLH*{d6_SYol6Bk>t zsZ-V_%6k+4a?SDY93=PpNuxSBQRfq%r9;UikV-ml zJT?wvP@Qj;4*9mP|Jbg$=RJReU$*aLtJ%ji|f#j9?^_GNw9$rzJt%&deJ=RoTO9(GgVG4||lG*PvT1c;o z*EjtWC$=94FfXredcQ3<`JS?W83++-$7|u6wf6|VMjbs@oT_?gPh}JJvGrF{ zX!_R$aQ(54hU}f^x$&}r%a{;jqWE=^2TGpfCg%TKSm17&jrwr6j#MwbZ$Vhk06QI+ z;rip819T@o6NDeI-srMlESznu1iwgtjE#W0**}z|AK*QD`^1pgS z@Lr|ERV@J*(aHfd<&~W5lzYGF8Z$s`nUw7dM8kP@>N&mC)PR7gVMP= zLTdiH-;RcXw)~b}4;hp-2L`W(JW;>)SGq5LXK-8NeQ)wD$QI#WgerpZ8Q&hqj)}1; z&oOI`cr4NEpFqudF_*)dFSm358Oi{pCk#KM z6flXz;gUOn+SyZSbud#^4o0nL^$PQ!enn^sU`86;S#1!?r$p4b{GJjLu0ur&SxA}P zZ@cJ1qVzH|OOFQ0hW^LnJN#&4nDandKDJ4*4!W(^mrC!&12Bg0-{St`9^FaU%PGb= zh=OOrNAc;#zFqSZx9Z@JALg;0c@bqeVUyD&Uhcwu`{d}yJwPrk6&g0m6u<8aDY>A0 z*8d)U^H7EGb-YAn-B2rJ7LW6Ny2YO4d9Ti0HyQq1gt~{J_&FuLj-Y`&hgN#eX3guQ z=5XZ(Uy$gwK6g^B-r461mH7I&pEI}i7ne7N$mkadb@e=QgR}oCvthqMwxYpmmyMZ| ze-|K#VS>(B;~HAf2WF4(z$4@6$RXGB-eD*nFSPh*k%|fqVOUpPd13(o1l%eR5)z*` zv(Z;Cy*yewek|AM9-hB~tQU_`q*(wr(_#8TS7O*#`Y9^!t_AnFDs?4?yWjT+^vn|q zhp&zg=vM7r>0_%MvQN&YXuQdEC0Px)yQ39>UV_+Q+XiY!i6ry=KqD^Xd*GAYuj|8Vt{DN;dr%ar~)( za6nJyu0AZSw{)H$AzJR+!=vuo&wZ6BIsLK`K*|!- z9Luk2YEmvhX2Gr|cVB5@%057v=VK+`>ivXhuxIO8zmGf^jb3gCi2i&adV81>;<4Xj zwK^!TU$$mjl*Ld}38U=Mt5TSBM66q@Or(_IGE(hvp;n{e?!8}t%iezAo=}yyxzKT2pp=xjPv$w%Bn+?zh?W}yD$Gci_0Ltw282xS#_&qp z{8_vpJ`&2_jrXh3oO%L6!R4j=fDe5`nP)NQw6oy5Dgvjl22cry=p%Eh22)Vi&kFtg zuUGzFcEjZ^EK$Rnv3uE(+d@LG!s4B#s+X?d{n{j zxw1H5A>mZ~v^=dRp@bg3)pMfVY;WTIGl3oq9=Fa5!1tMPriA%Az0nY4)B=CP=IhVD zT6+O`+Yw85P3Z(=knUc013+X@ilA5dq-?s8-W&-{{dRXM6pV|>ky_VX6Vk2sd|0&d z?~I*70JJvrlUpxLbOUnT8C^_#>g3U|0sm2~P`>EW;nk`sp(x_Ab)>(|qKsZ2sL-l* zH8@qE8j2gX`f-4kJcT9U89dI*aFLoVy1!rxbxGDb1;NI{YYD-#B-#H zx;WZIQzE`nLN=%Ok}A#D{3)AX+U@(8i37RdpuO?8eo=?Bte-EpE2q9T(I(V`S_u6q zB)HZns>=(;3MO3aa@2wH8SNrL&YlLDC5@;xoFRHJlTsj_JaL&E*aQx;cnSbH5d49s zq-bj=@2#BQ??HJ}(|)TRy8ZF$?Qlj~0_SyK+J~Sh(iNmJH!}|$+Wa+&jA{n7t)e6F19#|+O54LYr^|)LF4Cs2F5jy^qmmr5{l4vSHr$-O8%=a7 zcxORP&G+T-turoh&(bwvJILRTg$~KS$H>9sDYsajVc@erYZ5?Felc1U`>N6Do`U`9Eg03%rDJpKqdloOnGQ*3^U_HGSH@9Y3ccDu2K5m@ z1z=xuN!uKq`si|pct2?->Ej$2L?-m&Th#w)^&N&bN93gttJuJmOndvH(9STugGSl= z63%{+*E@+{!1aNH9v2aD_dNPKy87R>?k}ke2X;J_3zcWM0}sVQPmolvfHJhO92MvB zSoPced;QK)%TM#j;?mmn%1Y!C)m+`bgTbVk7Yvo$rdzc2^f129 zhBS6Y&kHQ1{LNqUp{BWdLRJ0U#LtkpubSQ+F{0tQuFuC8;S zeEr%u5gbz%WUigbORdG9f6imn&U&ZBTsMCz3$*Zdy5CEaTqTi^40gX?d)ysY-*;Ag z1>%sVG=K;uR4Oc9S=ftr_wl^mp@ZA$(z*hC#``~ps<DT2~uuq@TsT9m4C7aherN{8tXAc;}T1T zfD$dZcrBxg9CW&+bkOsF7V=gaDedtDB}FWZ5SxHNPI1e}MFyg4K#hDP|LFrNSRT88 zdW3Hj1vGTgEuAHv1Zq`}MbP6R=jPyWIWX@%0ErJ%_H(?ly{^X>rNBFA$s)M-K_D>6 z>K6raOS7)WL2c!Id(_D>{!;;#r9Ee`o?ie2j;7b?YvdCP^Bjvbg7fiDc%EMRYOVQ@ zS)T)6ba%BcbKbR3u*qMS>cm8EJiQlFTSJ z`_5$^GAKBKFI4OGA{Zs-I)3UhQSHd#@LI9lU5lx|V&UOeH~%blb> z=DqL3HZOOHpXKxVmI&pYSaTE0UCn?m+wmskwVq;7M#LUKB*4(Dzo!xYR^879{Tgy( zWpR={R3^j($d$^|7q$|CE_Dw&G_`(@04QYP5f|NgA>_BiVx62g%f}CKq&;Xs$4=~; zcK_KM(c&q(|Ax|j-OmuA0@m|{-Q*3`P}__j-r)-+kWEKF1aX<*M`kR7@W$-p(e3vA zB|Z-~vOdN%WR_gQg0t-xZY-U05D}idRef|CkI+OIq`lb7pGO-2GVQJjA!Tw zkG@!;8kZh6(IXySznlRL{4AZZT{{RvpKUIlUh9qJzU_9k(V@=G3=my!seN~9GD3dt zgAk%0=|`UUe?D=>#x|Y24ofxMHJ6H@4t2fozXr}{D9MP{MzH}@tno2UG6BSv zM5js@wC?ggXW0kU97VUHUX1nC!1afk#a?d{9Q6yAi}VJ+qdN9rf&`e(@u2E2?xmRb znY5?dsnA(KcR~ViY#4*5`@8XT#Hhu0-#-w}6L!1fJcX08C$TM@BF_b?^2#xz=ctSM zm)z}Ze1Fz{`*v+5vfRyIM_1Fw%#_5lVK1lpuuUg|?%@Yx&9E2m6}+gkZ+H4CFF|%& zp^$jJp}4umj-U~@x`ee}?Ao-aL`Lxk51*b+^84A<^H8Ca*P`P-&Q9)orS!_>=RqbH z`@6vxdNkXyrZnzhdHyb`grd0sO8canUNpZ__Upo##+zU_f%rT*kQvoh!9L-skF*o~8GNOrREc(%U{DwO66r{b$y~ z47I;gFw?P`>DH!Pec!B+Y^YnlU~e|dJdwl?kt^%-NbPZbG0lz z5G9OY3Z=fhCau@mH1?`u)bF-9!GF<=Yf>0Pc?IG*rve}ty43Z2e9AlL`+ z(!^%t@W~7QiAP#M(bvB9_aQ!LS=3pF3&e)lW9>yfaM3am@l^TH#)CG2F9dxokSL2` zPH!hGE0!Z5ZjvDI*C1zK{izS$kKQ^bhF={hHXbQ{BGj`JNqaX1TR zx(4E&QR~mL1tLB*S4|UNktI=V_|CMBrM{0CdW++evU|-qhmdT6Ww$8T^+A>(WIk-r|`%QOi|TPstrp$ z|K9uQv2*eTwZTS$i>n|Av@aAWNTrG0M>tZPFYY%H-VM$B+#3|>A=A3wF9v&u1OV;K zAja+Jt?lm8-aQBDyrbt&e+cg-bo+@=k+s7ewwO2=xA92mS!T)rYA)5mSRn z6@EFH+^YMy>~(M3Ym}RQ19yaZK9e|rroqE$e&hG0w_LGj>27?D*Rx&!?gbq;gS*Uc zsB!3f>N}xKLJ?UBy=a$L`Sus6&OYhSO9Js(nLImccKmJ7J0BGHw8E7+66@$z{iGnh z)Y+1g1k0Njh{o&8gE@{?8_Ld>yncGm==8pSm_S31ZK(W8&OnU#a~dsg6ZmHmFA)Xu zFB0ijR0= zM{ufs+x(r6X79LpSTT@YG|OkzdQCSit|zYYQGBR<=dYc)KG_thxb`lsK0YYW0w0T; zPvSgl@&@s(EXFKXcn%+@)P`ohMZVH^)8hc2A5F?8B zi^E!0&Qn7pXg5Z`4?s>td!BsV_cBn3A9GF>nMRH7lRvsi_|wmiFo@6G?vkKPqIo{; z$J(m#sI(yB6m05l-wN%r_XOBvJ`!t_#pmkMbM6ZD=@ZoK4ubvgV_Xl7T? zGkFRCXaD8kpak>>{|v{i$7Ve0i>LP4=|%W~nnXAIeA0GASABT^|K|S?XW=`1{GYi7 zpTjWyG)Qy1(}xQ;%7Q_laLZA5g=}k2u$H!0(iRG!M;##);EJWMD&K?%ycC*}X$X7! zQ+|Cm2!Dx?!YhU!`lz70GRJtoX?ncW>F1u`05egOer+^)Z}COq4gWPhu3_a`Azmmk zT%%?@8?=#+`U2CBeHK}(V=w8tNBotBaMM=b^CG*JGw&f_T0O)V4YSt?8G8V%)t?Xa6ROJJ=tE%UAJH-i;q=Q0PiF7z_}0%h$svuQXN84Ck81`e`p<(Zu)exD z^8`k@YW_|@76;<5y6!`0enoT)RKok1^9u52^Deu+?HB4gTMuz%wY5Ka?l<_Iw~$)H zBlEl8t@~@tJ^+WL>6wQ?@(`q^5bxLT76Q7cL6ydZ_R=aC^5F*BQF(O6^Q!ETF9Efx z&>RqZ8F|}{aJ*xERJ*QhGCvNPF}b_oix9*vnHcw%iF^(Xo5QaQN_6UBlJovNca2Wr z4g~&H_u=TgsJxQHt;fiZru92Lran#~zP&u$&bBWT8c3&;k;gg3gB(`oKp4x4@ms&Y z;?7vo&L@R9h%Y`e>L!vJyita{JPrmD!cdAkl82o1F=52b$kXY)5&eq(DQ2jm$%aSd ze8f~0pQb?ow^oeb2f2a6ab;o7^;v81qTjMXpil<~@u8;MeqSDjcH9fztkaVInc94$uSENp^Cvc~I z{5_Lyk~1n4NA=2C{lODtx#3&W0ar(@`4JF@+tlIvUbR}Zs`t8KoY3b^KU@(*Xty8z z*@AY3B}jq!La<{G+nbRRz&P~C4ToLzo-H2-_zh~M#}#5!s?Pr zB`U>stsP|gS5q*3GClvQHT-zGKUUzt&9U3Rj>bdmt2^>Z0hX4cU1^jkC$fSz>=?d; zYeLP8*QVqnCR!gB0#BJT^+m=k?~WN{u!Tx~D@PU7%=^ay2D~7@gb2CTytsqOOG&|S z|3KO3lRqoiEKG>>g*kbb>$PBXMJXNQ)scthn0@#~aN+Ebu~EavRx==dewq*SQRy~RHVLSEs>!jh<8Y&&Hn7@*YfuXh_|XQ371laezUl6kP^IpAi#hfKCo~({lw(*6pC$dTQVuDEvh)BYM8@X`%)?!=JY4HSLwg2Z@glXDj}%5zJIQPa~3cd%ox!9 z(xlV|&1Qu|#0^`q+`1v{pKW=kcNZe3FI582qWpuG4%@%y9=iiU!rWLXZHJ8J$*VIo@#}bAdWN_ z`@TOKo|w!Ar#-jQg8yBlw`0-ZAK^53x2P0}4_BOG+JRd8`Ukx6P z3tmESJEB6d=Oh&O8_*y~4o!PIm&IjT02Kpj9S^(Rx3=fgDb&K-NXsVFI*U{Llp!v; zB8=g`5z@Hs#NYiYsIUhtfL87`St#ucPk4{x5Qq^oF9c=bC*8^J{Si(e-z=6+((hQ; z_}ndFvc5!u4H>7HOJBF$)Uch52ieU6>P}yXAw}o0$ZjGZ@Wt-~^4Zjct!{Jge{^cI> zxprJu=!?Q{bS*v#xCbVDs+$7^+le56aa{Z9RNP9|moH@Y@KBq@%9Jpg~7Lc zclXF6hTW`Bu1*|@FB^`7#N+Y#Smon5+H-K{Vb9f*-^wfG-dJxT31A!9UW@bjVR5|9 zW=4^Rmu+=PSS3&=+is-SthicwK@shI%2b$>lvt^hePXF@aFy9lr3O~jDvDG0*kPJV zdk2Mr9`HbJ;|(ALlAFMjVO;f!^6y}s4uSlBk%vdKv&B&M(otB5Gy4M-4-<8+%jeL4 z;dS#oj=-B)N023H=Kb^M_JiWBblA0m1c=yqbZ;8Fy)6I0;AEjX{R;1&CjQe-%Q+(S zPhw1=S|n~iC&FHv&>Xk8=~oDtT_r;4Sc_f5-&gI;IMIT|eF85U|LKoI3HMsXnTa1xL~Wf{+tB`+uI{H8{Cjw4GJOW7<2mXbO%`BEG})&W zuX%tdHIagc`7%kcY$NJ*1kYLjp~5Iw$RFtd`oxn{X$VW7hmcXb+;^|1z?sDcQ{hg$ zyQmK+EMZ6s?~A;?3cq&}U|68EsCjO&K+YR22Yb8R+)VvKb>_$3*mPQFM%&;CwZiVb$47wRp(sz6G#ysFOI080Q#gc zFLc-ywXrnahfW>|XYovW3-9oEF5t}a5c`q-W-U*q%C$+u#@aHN0#=6)(Bfk1u8MRe zFG*t^)8{q0umSVF^$&E0zn}Z*Xut;Z@#Mq9WjUL$=#lDE@l(2g&C5iBjty;` z7oV*Al1WL}bp&I1B#%pjzGH0Yag0Yi%^ANZ_F^Sgxm%kE*SYe_sY_O`DYzMeV~5&+ z#j8VS1>s&I7KTMhlv)C_4#GqL0mH!Tc@K>)bI%$@y9y_}VR~PH;>qJZpXqC)gvL6* zk9_zhvVsA%EQ8!{-+n>TD+95Cb+~qHg<(U(){m2(9gH(7B1g0e;IM3E z9zPkQmmJS7-lJZewk|~0yBdOVqba5hK@Vx2|9UlU^HT85p-1_*-~9@Xx|BJW%@9LN z)$bRhMrrqH0ElKE0ftDJy#ntCJ_>)IV3logz@%lo2l(=!V*2}j4ddphb;jj2v**XB z8y4>c{a+$V>1HAf*chSHg%g`pPnT%_Y1F4A4?cn7n=X({C~GNml{fP5@dpCTX*Ym; z9qGaIY;%j(r_J#afuT3HDiWx-@Efmf5l5oe{z&g<1qKS=@PR1c{s*?Gl%SH^t~(@R zy@z#yD|KgZCZW%}A4Ww*ij;XQZfbVcjnbUJ23sy_GR&{rgzZ z06c7G%pbvJypIm~vtG1~#ijX0(b?xj;2HVWCz(w!ROVEyc7H?r>M~b;|B%H8{q)q< z5}N6m<@zt|x1v|Gpa06F;raVgf0a?KKmJt(Up3bz^@pYRLM$<2XyIR+6a1bxKN`gs zw0%=v86~@UA?!#_L;ehw$DWjvNlNW$%Fz_VJ5Boa+@F$0K(hCZ2b4Y5b`N z#V^wvS;@?c1_~ecDOQw}d(Dl=&t0H1={OQ48d&dV4Ki`ieU0PyZY)gZ9wpfB9BzJ& znW9iNWX^Fj*=i4OzJ&gC>~=LCeAPX+eaTd{!JB6vA}Yj&!Y;$HtB2GF&%|6n&edTf zwi1S7{spA|w$o0Nbg4chTRPm6hB@!KtQZ802`p0gb`y9aCUplISTBJI$xh0Zgxk@@ zmXq96lbe5Ofa+ibLABTizz@J-K-<4Mz6z*f;xngv9}T}Y!>=?J=ZqO?sok${=j_Sm z-U0<$?e{oZGod>D?PyfvTDI?01RP<2BgB4j_2S?>qG~h_@!YYj_DP;+ipg856@-vo ziN>p(-YJ?NEVy=UOhs-K;r;lykvUU(~|U?1v~)>e3*+CN<={(hO$K+$) z5ii>(#G5DhY2Eub(0h-w6#9~q^EZCTQ3*QwvwHjy6mQ7d_i&;}S#**ks&&zFyfK=! zASFIs9(Bsbj`x=JvAc0Dksb9RlxU)awzCdZC491H?@g(F5xy?R#u%MN4L@LM!6tA| zkhEBI3IR4W+j+L`Thm_det#mzo08BMyNBvhH6P@AlMPSUEH~lVO#+JK9@F)v?BO_^ zn!7BA(=9&a+1vnOAK8))1m+Y6f>Hj+Pn#gH^$Edk&J8SaH2wud-??T4fPN5fI_cnl zu4fX$)F%pJG(t(vj&oRN9DFEmG`yc6-@)Urr^>F4{(=EUrO^jf+~WX`UgTU+hkF9` z>Kj5uDmgPLT+alnH~|C<@XUSgt=9i3C>N|*d`}N_fsw16kT$5plhv8({4NtTbkxtC zh$LS(*3ZKsyGy)OYc`)&hJ4&=rf(nLEAPSEFfJ<*k@j7F3A zJ=`q;aa_-oL00dNd*6-&>#B}@Y1Z%y_n-_$$7)`jmEdyvkxpRTGTq5nZ<(C%c5`jy z`Y_$`bT=B~OUgeTyD`Md!MbjLWK>)%&0y_&tz}z@n?pz4J3Z(OIAS z@56ZQ7wuagI&~m5;}Lw&XWv)q?lvb|rNT^NI3o@f{y1!li1{k$Umku{0b$!2S8E!b zgvn@`kQqU*ALYo9 zW_TOZAaTBxtuz?m4FkNF>Csg(;w|#`yD|M#39W&yF!D=$p_dWcQc2tA_4EJ)Xr9@x zHc$M*yM*z~C!?&mEhY2iW5tgl%Z>VM{C8p~b?TS4YZOE&C-zZtWVMueg_G zdj{R7%kLdu2kSk<{uZCT?osSDzx}F>1<>)GLRSDtEIc?*taiJBGJirneR#cZkRx_& zu^q-CL>u6$H()Q;-0yhxMsMRE*DaWFFu_PT7(uGx-2npOA4_MpwI~t<;a36yflC2d zMfUYh6a*DyM|k=P{+=^^rrQk{imI&4jQG^tqWCZ&hv#zQTtfZ`Z(~{eS7S7Z&Hm10 zU{G>II$Ui2*<+o4Xkj^#@F<+`w8aV82&cBYlTcH6{KB=wGM}D#@JRNFPiS22eHxA^ z=4p^u0hT)7eY&~Kza7wXSMJ_KCD{Xtr3k+S^LUkQI~Ztk`rvXM2Uv$=brzCEA8oH@ zWOz;@Gb4X9?Kx{16)oHwdCM~h2*10vUy-SpWcjDmAC08c96P+;#kNio`BGhE2;blA z9`TC#!7;kxT~`*xSQ%(`#95fnm~5S&E`ftalgo7+#WNg}=J#uIVC}#pQMaDa{em}X z?(xB9{!|Zc!FT(7YK%swXZ#l50Tvx85uZ|M`68Z>$cT$q82J!3@D_#! zP=8&e>2^~~y5&4lp3yETgg=HnCe~_tmgd!zCFmD?a`~|g8SQ!ywFr7_UwqGdxg+#r7d$ZQ$uiHUbju^5QmvH3)+Jq@JYZ#4@0t)9{xR>g$}h z9G}C;7%Y~)eYhi35%Z@I-Kr5fBbq)AC`K z8exz8+k;(hIR6yocUD0deHLb{t8Eh%-ZmQk>7#^hqifRfB}depLdY~;bD)^X+A&Y7 z6sA=jdn>Z%?58=t_rkL&=|TRxOxMq1orb-DIpp3Oo=aFuzPFi3M~HFWYa5mtCXU88 zdY?X4<}h4TT?BBO{sv^NQYWG~RuU8e2D>To?PC?d6>N(AUiTz~u%A7cJ&^72S$`Fp zpbJQXVIWT`&*y95u`Q8t*$A)OOX04-c~JJ4W7myQ24VX1F{VGEdmLJDrSA2L4o>Qi zFXM$-rS6MG1iUevc7u6nbzwyeFX2%-dp`WPB9Zs z8EZ|B4-=8?UbOG`g5E{eM;=fX# ze`5kcE45H>jIv5EDyahWAn+9e@g{Z+6N=~$b^5J-*WlK5&4)VN~fkn#1nfF}Uc{nk0M zmiMqz^v~3{7ADulS&L%nwesQ+z!O2202hNZ8qE^20|(bYW1nBzGl9Ot0gL{@7ybvG z`_VlZ-NwqSeXdS>uYNAM-8mfDQd;ZlxCdaM%ce+0fm_Jj8?jK9nkh2J@s8{YX-5dygeY zw3qhSP3K{I8TfcL==>=H5_paBM-)liQS1&*J$ScZf)Vf)y}njq-EY=gFxLc4;^-NE zyb#)75ucRMLF14_NWVapF>TOY7sBj*I6+2Flo>9F->E8EYCisLHztBm z7dTs-JT2KwdjIme76HR`-Z$lB^i#Plx_5vvcj_X#Me#zkoaQB}ivY}9`ii5LGVA`iDhAsBtI)9}1)%*7KWZB?sjHwX5PC0jX`fK(|_JtgYN-nn! zfco6vD(GF6iN4IQpxw8&`V~qF_h)<+d2gDRHNWYp8snKJl6KrEyV{oo3?11Y3R?5t zr6S~i7Guj1V^TI8Gta?PJl~9R9I)flSl}=BX}aod z%Y80)a;-tfQwp{Bl?X4Qg9B;aPoE(;tob$%Mx4=kxv#U#NWBpf3Ae|0G^auaJsarF zPhlbx6(d^0rZFXn&9;32GO@9Ja&luZVwTUm>C9?<_yn<@)9Y|n&o(k`FksjhETl8! zFigi^oE|?R`T?kv8JvUjl0w2UY+{A0Zgbac_dvrqLP%_EzKY;X4m_kuwv-063yT8O zmdsRDkLX4;DDEp>p|j>j+Zf*;Bnt-irNo+dO^*q16~Vu<7XuM&aZ&dK$=flzZ5u*bG<%~ZF==_Bl^2Dm`?&+b0V4Y8oe z(=9SwU??klfx)CcuczVheGR$ZIN~Jlt(WYNbto$MDPCC~>B$kJhDhsg33ohD3yof- zyCZr@00Vh7@SNVKJkZ$7$Go$1F_#@0S+f5uO$;82VB^g3xt?z)qduK zPxY*5Jy6Ybvp%EdoalZKFqO!~o19Tx`fk(1Kt%&K`ndB(prjhM%)9TtwtE_8*u%)( zyGqOWwNDtE`?Zk|fOBJVm7dg2$`oFQ>x;_%PYQ*TSEzFC+hQ=PDH( zTeCO{;vH%ixWyIRb)jJ~$BB=w%fa)U4$dMir1X|Fr2KbJbj6vL*-@pm7~E?wy#+Kp z2^M}m8X(LR0cDD~gMd>-`P zS@Z4$r-a-XD*i@5zYG2p2+Uz4Y(9(?SDm<iIg<5YH{{mSxw+P4!&8 zSb|~y!KU}=yAiqz)Q^1x0Y!R$g#1_X%u!D6;nz%_qU$&risH9kPIj8Iz!u&iSsU>U z%*vg@n7bo8g&)e0mxO}E+x|wdv*2v|NOaB+oEz2ny81mvS5FP4HlEoYw=0V{V7Z)0 z(DFpCy8vT+c86}`p66KKis^|Y+=*3Ix=N`h@ztd36dd&V@!iZ-$0UWLV0K*VRmqz; z4OMh*Hjnk$m)=Hvpcrs>)hR$I_v7vRx>LbeG;>gYw$-Oo=1f&Ref;j*<&6Nh@bX+{ zk%?wA{r=DpttkjP<3x*!;ku90MWC7Zm-xAT<@u#JJR5iT2~7UDOE3M%2$n_WPK{kd zdMP|iQ`M%yXiBeE@sLBSW5ZAGmX1Xd?=OXf8Y|#G{y9OkKA}`qO5E2`@!e@h~2M3guckjPyVN z2#wSJxzF@gHTFA#jBDEZyDo~4Ch;o2;C@^Gc;4N+-k@g9hOJ&M)Q4#FM=%6EsM;&& zX>T4qsB3UXzrkIaPq(9B9WuB|(zgbnlZae%&1{!zAe$xDEg32V_FmD9TRCT#N?Hs{ zOwITCyoju1+1>or{HQqj`=SciW_f9I@}cFJdxbS%n@2|;V18fww}eRD?DKBwfZtAM z;J)4|lUX)$=Z&<{1|N?-jfhD;Ddfx4$B&vG=>>4o%#=WrAZ0?GWYePhxH zc$|~q^d67I+_tlFUnP8;EoR(zju8b|nz_sq`N(@Os`%C(Q08;rU34I` z_2$47fx@YwyYEZxv!xsBIq})bMq3H4A%SKOZD_Tp6iOng}{Ca$DV!2E&9Z> zfHd}+0Lz8p+plIeXRvOn&uh}BP#JDBwdv@_qZjIpqX3jD_DG+j7{G4n&Eeo6Il4X%b$g-TGxVM^giHP zKOZDp<~~2`Y^}dpIeCTitRH>``L&1UV;`gAXhoFwP^gQ?`v&~%l2pwOe`+TYQ<{8$ z(7d80?_DJxQ9b%3;4r6t;Nj2)0YILxK(7hz4h%XYusN^yB2W?^6o@tzI{T}8V zEIHVgr{BO~q1-KzZgQMB#PgwTs9x)M_j#oY4v1z}IB*ibvA z3&-lW-y`PI^x!@T7`CrQ2kx$>peY(XIk%2lYi`f*IrH zkTHZVh2~8CtmMD|((P*S$(1lZh}WhX8y50X~d&}pN#|y3Uti> z;u9>1&)I?a!-_T2%6UKbf+a_u2KYO;4Y`9`$FIKJEoLFCF-vkva;LnZ)(*0@I>;6JcP&Q^zRpqdcyeTPq(eC8S(fU zem5et^B4*)=ELJ@CnTQkCI$R+FELDI@Juog`@Z?sQh6z1F@Pma`LlnTB}D+7@ouun zdGCNCAJgl6hJu=uZUqmY6Uf)tVeJ@nW2@N1}U?-UpOCObg> z=mSwED(5uhi?gSj^N^oFS|O&VZvfika3G!1?Q3zdAD1N*^hj>;0WaK(W<$sNC$-cCbsqLN@(&KJtGe-?f}to(MR-9VR;{ThC^v~a zC}-k#>0m40{bd)MxO;qTXe^GjseHLT1&v&pf$wJ-&yIgD&~xNhO%M7#l4qxjjTKEe zHfD6a%D>|$rzsDPD|n#DGchv4EBhC!UAW%AK~qicSbk|D+P0M^UG2+J!L;K z!R|{=PnXA)7LT%#dEM@wB2$y~M0+dqLi*~p=|dV|C?ll9*pia-!V}CiufJeeK45xw zVKXctb-9E_ASCC@KI*S~?(g>1NF6tXIPx^Wt`5imNV_qX4AYEBB?phzhguPMzA_|Z zIrsej&Eb!(ve&79ALh*~R%NsafjFwhh;od;#w%Yln-JUx#Cwv&6c>W+AGbY4WS^~t zU-F{A%U%(Ls?Q%%cvQOLAH^!#j5K+;)He{^``*@Ha%FhCdBXS+!E?kNj^c;c?{b7o z(Qr?%PUW<-CWZB*W zy6M2_-cwUQ+s(b~l-8`SU^{MIGhLw!-=Hn6^ab`y9W{!aE*bgc7t8^&{#*3F_##Vb zhySF3X-y!HU7_g4qnuO(cQo+;gSDq^q@p`euJcx>#-m?+uDhpA*uLcYw6ZjR?c>nX z+zySEQ59w7jhYG)W;%E!e8CH1F#bT-wASkCwdBWHT9Lz%jhV52Roa#Mr7r6)$(=r# z6=(Z^d#f5;v~S7R0r${D1MYWR^J!JT*#TJ*H zzGvZK>7d-CFp-0JEnO6AvgZ*x8feF!%;QKpIHvH-V*biZck(bIPO;b=9J#l4x>s+$ zY+fIMeigynqYj_Tg$Z9V>vDm^KSz&6Uqxy!$IT``+2@s@Aa%S-CJ&vVYwOIq9GJWa z8$uYZ4#qg!kHTk{DNY6H?@z7nC7@NnuiIE*w^h9AB>O}e9U(6##K)+`RLnnF_CD#< z4?yeB<3=$jifmk`<-Prb<7n<2oKL5yy%NOAVbCnx{rE-~Q7p?1^$^K?GrKbyvXRx> zpB_pVT3TNI<(h6tDPqVVv$*hbFLdt#-7^LuqTr=a4jhO%5yZc_{XGx2QDkSF1^Ku< z&7GORc0&uD$^vs=sWs%Ry4&UJ6D`7@dPntt7F*$x#N?6whL96Q0#b!KP>(@RAyXLLw%cK<^X5EfNBs;nTF=^Mol7gjTlDQF_2#;VHU91nIAT^k*nGNx)a&(h&Y)WwS3zV|?Es zv*DS8uh>T#BUR>%!HjD8BbWAlC6zCF;QC+O7&@MY6*djY2Yd2{9KsX&X?)M8UZ6hv z`x|4O?F)rA{kTUa{ zA6QJvH(%ZlDUdj_K0o)>vMxWNd<4k+ioPpdD#coM_g&HTTU`9{Io}gle&Tu4eM{&D ztm==BtKgC)7jk9%PdF0w=l6(M6t_w_K1qW0g4Wf5dnT6DNuR1`!Oc)v=>Y` zkh)Xha@EkWtr@4sM1U8J6-Wr*<^~vIRZ>49SiR-7!Njm1ZxzSeu>JIOLcXw$9Q`8M ze6YQ75YJG%_}m_(w|k~w1x3{87Wx*VKv@~#NvW>5M3bK)@?1+J>_(9}ulGSxuaFFI zG1duU91h+@_GY&oawepc+m{EMeQTQ3&_%*E=m(UKhbQeEl|9J`q{ zz5Iv|APZ@4{1S`~`5*8_Ion&fwhHII#Cyty1EMl8Hck=96<1v}Tq}AZUqEqFGd{#4 z>2<1FqPSuSu+a7e?B39(n8Gly+(Q`c;aNQ`qgy|H7{ei_!u>QLvPV(Y!c*V-Y{lfm z1>3aWwJgH!HgsnLcgAquL2dCjiEcSb9Be^pPPl#_#X|YXMV;LVo=!YPKp#i29$tVy zbmm@o0C^R{(@XiI@Aq}=$jsPRpN*qTECX8fsu#;Pw)okooTtgXY*WG~dvv}R!vO+V zTEfyjYuh@Y!f-_iHzdj&@f z+V|&=%WvD!<63J&e1HeWBq5|JjfOxF&vN_ZE|4MJ%y?2f)On%E3Vy4N;q4y{1APE9#{y=E{m*{3ha@zG zdL%m^_P8FLoi4p)UTlN!cVm&=NVw`_rF(~gmuT%i(4O{nAKUBsbrQCLOKMo?&qYHANdPBgrbu}7md;A?J#II{Nv%QGw=#{&M}M6 zr!a=)jQyv*yG_qvXyDbyOQ$Zc*(M@*?qItPd8bX*U4C7_zL z9+J2gvEGE2*}QW|XYC8)=`_IT+lu051J%b*(GfCHi-Utz0OJA@{5uEocshYTBf?Z4 zsLtdL6mG^t*g8;oa4e(YZjFvnYnR$IbILt>A^q8&nRjc@*YH-3r|DRIMBoR`&b@5D z53zk*eow-_>Dm2e7!<9d4V5~)%41Z3hmn8=?nkWRf!lh<*b`D~_}iui5E~1tB#oLG z0N;)h)IQ5)r(<^hM8V^xg@WbIXXO?g>LvS*`_Jq9%YxSGXVl`UP+18S3%7&k1&~V? zLYS^#&0IPRJaU=hX{}u|mi)))(&0sx7BIVEygc|}m!K~;)oZj}yBepe!qe~l9E}^v zu}mR)E#xySUlPEtqgU2`iC~&(=u!%aWk`utPKle@sAOfacfEmQVBF-b`n+ImtkeTO zSJ3n3)kkNQx8_-s4AAvn50c@2&7r}=UxU**NkosTt%@U18SL+1$}}T|LEiDNHz{pC zK)Be|qKJqtf-5poc z@M$)+nJ>NPt60%Yek(K8e#0+o$#9_Q3G(Jxr);yk-TC&L{JHue6v->rxjpKIfawF! zldCY5E6Xd0R-;!OjO8*97v}uoc@I3824_XKx}G+HaM6;-Hes0n=fg4ZO@$s%>nHkr zstO&GD9ZTydWyZ!fs5<@L%g`S;u0+xY)Eb0RAVwCJwNmaOdwFP=2Ik|y7wK#Bkt<- zulPs_^Tp^~H99xieSF~!kWqHLgGQWU5R`Dldp)7u>#2*M-~Pd(#8S-;eRI*)oSy>A z=dca!y7tC%Z%~1&SZG%JhCI>_%2WW?UW0K3crp_Mc$we>0Z2m~d;RG`g&)C(g{?w{ zZM#!!z;KHE4xNuU2VTH#8JDIns+yZ-E%l*chf&&dZx`nx>^0EC5`LjhCcOlca%gj= zFRlB!BxdVKvy|8SZ*gZQi4QMS^svB4mgTV&k1CSq;TB+fz>(K?_0<@Lgs4r-t~boE zi;gB_yz<#~$1W|sWPG;pQM?;kngA$!2$CfUFPc(gq#3Ft3MR@xc>XyQE0;}fA`GfD ziHTI#b1YIZNbe&&Q{Fm*?Kx3D%JjdHJsyQX>mS$cd1DH$G%}!4G-t*p2sSPuA`(D< znDR9^l}XV5ZRkTs{>kDxvlHZORJnIuNIDlTi74<6$CGauVxFbfXHymi|rU! zD`M-E+T#>tu#uS3?r%-yiFIW{ij>5(J8CzZl>x3=U9PC3U!`m_nKXQFkyY4)`zm(` z2I5%rkCs`A+`Ll3cFQ>JVxQ?IBFPNFmE$58<_>(F@`$!uu>(8u*KxYaJwLbB`CB!< zdyIP{0vr(kK#Eb@Q*HM(8slu2P6?O$@o={kdxe#@<;+%vLN}4$Lvo>d4%_Q1=ta|- zep0iKTsIVi<_KQdZR?|>`0~^d!Ahi@=r{igr}}+w=Nt8X>3f=z!;YDE;)_$zP`~9= zdpxKfIV>WTRV#y5Zal}i-LKQa5f532c^{HIX~~bs>$82mCnHYYcvp|^xjG&8`IaJ(>phPGByve=LKH1;(`|qtNr}>#)PKz)5NRH-lrKLVvlm~ zMd0Ut57*y9*g4G^sf%OY#|YWNl8~eetPjsl?mNCDf>!0`{Q7#oG^^L_n9IR8Ejgm5> zfIbHg_*;GjvCtkNE#IG)&N_*j!~UA3cstHw7!1Mz@+3Jb8}b%)ijLLcB;v`^p_Fs^gQNRTse&>rVqFg`bh&Z)%QVGm3|!&!R+-f8J{!4 zyxHid)=UCPEAayXlL}7c(bhX@yPvr3(5jF8E4kmA`^;q-4zm4X)ev?`07bB!67x_} ze@g$JNuk8TCHmxD-?(zf&;Fh4Z_CEDhYpuKXotpsT(#_JyqmlG3)5%bT$OnWU6BVZ z{c{Z9EVRVVn_6UY{=~T+e;|5eh9_G=EO$OncG29SS^st@crttL5@<^keX2%m36VUx zJhymvhDMedv<5ti`9wB~efcjpd1G4;Vc>f(nilscULo;&Q^ZGq?F(S1?7jmie#I@PHU%;jk`enm zw19wr9){-E1kjdn2low;e13D>-@Yf3K@RU_m-xy_P#w`YabGrZzq&VgADBP(EZDu@ zXDZ5|`<*Qi=W5p5zo4Y0M|nTezZ&JP<4P&fnfrRTrG3^XhBwssb7#Be&=r$w-UQ!g zuY!3?59M~lQX$ay7!5wHL%$N37xvq`W3crMx1L+O0oK@0NP-^G+)ao|vS!*ZO8cYp zbAL?DC;{%=Dc07lGT6&*+LoVXKR-H98RU7$=V-1zWp~c~{AP%`M3-2ED-oI^6Gok^%x@n)|MdA(E%6`}fjR%#J>)|KE!B6(fy!m)`z8AkY%K{Q|ZsdZQ zJF$4AD0s3-;f>BQdiV=VJbNq-9~V)kO^lcJLz^hisZPF6N!GJMivuP(p?s27 z@GOx!tQM35NeA!KWAYX}6P^c=n@0&kx)V6To!SBdh)4b=yAWM~`!c$Jh2f#jdQ{AS z_H{!0_VYP1ElJ^x9Gc;njA|TDCINB%vAIYVOQEzIzwi7~A^S}|W3KHJ%E0dQEa-v$ zeR08PiW9#|HtY7a)0gH=^VpwgZ6}2}QaT_#cs0N)_&-OV7;g;XNLHQ*Y~Vf?=PvW) z=yAxO<9(rZ_O`#j7ZL)hUFWqFUgP`LIfp(m8Z?g`A1 zF5vMB&n0#vD?$X1{U$xXCk4Jcp!8;{Jn_ebiJYEOUlr9~nBz5=-WQZ!9j$^qef@c; zAZcOayhS6Oxm>B!w%Jfvc?EBBT+8ptXz(kQ9XOa#JTdHs`XXmRAn}K1h z2sKe&o!SkFy5eIo?DVD1&m+Qr_~BKbJtxL3`}st7mcnAguD(O5sy^jNLxfFU9_QFU z_C%guZZG)h9U|B_ZqB}HH7VR-Pr_~EVZw&nCjS)+mTcqAEczOk1MXun+v2a!Z(j?t zu`IvyufcKm$4JW3mdm~*jLMOm+Knq8N9pSCgZ#B!Z{~R)BCrW>vp+x-ZhR!ZJgUv@ z489!WrOCDBZqKuDf-3_$=jZ{gvW79Ku>xz93i;UOPL`do9{mUTvwm|7DgcfWZ}#!1 zsm}YdC|)JO1#fwVw;7&-%&BE;nA)g48o>HHyC8;5{>Y#Bfe7en!c2J~XFRk9r3))E zvPJ7RrGNF;n+Po8I=tiw@37HX%H5p#^+Nwh1H>4n`}%ggrQMr<nBmAU&?Pyf}r$DuVO35kil^ z=T~hIdJc-tIxqc8VdTipm$COl3b(l6xhTG|efu0f%TL++oq#jG>oAjbuHO&!iwNo< zuKOIsMMZc9%@I~`o(_fSS^Zkq*B-FKz)6eN`N{xhYw8x?^%@FhK~~Ebv|L1tuJvn| zG~>HV5T-vl9L%umX1mjUnC;mc;w}^Z5g*5Yh-8 z)#dVgs@BP4u2r!|)hDtRwes8(-!Q5Qh}eMY1ZliO;p=>uLNjprG{t86&j(3cVq(8| zNBOm4rN&YuL;UbJ|4G_DAMW3E`@xv$%5rPTcf|(X^Xrsdi^Dpq&G@8s{>PYqzJU9y z?_`+6oX?@Q>PO<`O1=jMN#Qik;Wtya5eQ6TKqZwa-^58nlmQ`o1-D6m9}%%N75myK zU(snOEWdkk{)}_?eLzuj*|$@(l&Dcp-4g0~LH(=8JB&hhSsSF*o#5(pFQx7E7nxYX zC;!7UmKT)IZWo>EDOP-2_d00`sWRrf2zapPL|^hTLaYe>O;Lmow4%AuGkb93O@KaG)Bw)lnvQ)RV$~*{LwigYzpx zW|3y5yht0XTL}z)U7HpIJca|+Om-ddcUTUJ#!9~1$zS5*Q1_B;#}%lysS`n!zZ5s= zV(ypF>G9W2b-CP3l)LOREM$yJso&mD!Bo8aM0lQNzOUh?jg6`Cn8Jlm#JY7~4hRWj zESJB_*9f5iQWAmagx-ikBC3R9*u&1=pKd=ywE94;&l_y%_}?12#uwG{I7=)rYG;o> zm?ci=PG6LBYX5=wlBjHD0*PWlGkMtF-dS-Ji7LHd{T1v6oLct+T`GT;N7VzHjSo(J zh==YO{`YK8PwxR+tj*I4m4sp0pwoTX2JH_@*VBh*w!!0%3spx-Rv@K3}~<`#Zk(fBJrC0Y!QE-4Fj(QRs|t!1{sUxGB%af`gA4qy4l9 zCdzj$A+F6%iI@Fw-&gs2&b?0d3%<_5>3Gv748Z0Z3mhI0xyjv6gsAU3hM77X%J&qn z$)?QTh6mdPD-<4n>@>1HX60OWAAGP!@n~aq7TkrKXk;w51XxY@VdClrlexS`wM}(B z+^3Rps=cgWk}eC_Wfz{v2Rbn7hmffTsmk(gxo-thkS~V*+dY?@F(asjEZNfqyaS9y zQb@d?0F2fjLOnKc$u%-9*EY;Og*Y{bRQ{{CzuJ zc{DRV_F%=w^&rT>WvD*KJ0-w38wM6J9klyw)+WwkTO0B)TAu5<5yEO8RKm6j#QufEJ&yA`J+VE0?<*2g zrf2jEp_wSfRV9Okj5~c+gNwea!;1n|5INbv@-^Box@+#kxn4MnWfG?x9jz}zW?ke` z@mPK2Re2vFH~y{K!dd7_8BzPqQH0WX>;o_ z!3hs;icm9MRaXc86FX zY9Yvn+mgMk!}4}E`Nv3;^2?S9iH+B$1dV=r-ZL52c=>cGLK#k41b}`o|2C};`#qz# zhB~1CESI*`Yn0)Ohv1EHK$Bec3&J-@8`)En$L_#x&u@KhZ$_ji;3NIi$FBpc(9Pr9 z;#e)&9ry2)(byIn)%f>=Kht{ysZ}dNM$(-Qg%|bUdwluIgP%E>p*s#QIUIMCwA}30 zIdZ>bOI=(N$2?kV8h=M&F}VG36d;sxtI`Trqaq^>wPQ`U>`dH32&a5_)BsfHqEH&<8coUXOnxatlS*YW3Q3M@s43G1TwEHhY2T< z93KdoDXT!}O_Ck8f4=>rmiw77v8J;2y<(vT2=Fuh6)5(>Z@;F=&3rst0Glu!v)7&5 zed~rW4X~NyMHW0=?xEj!Mq7K2)Lqul?fPPm&uM0(GH%=R)H%MAns899eM*ALZKW%bv3pL*qGs`qW^cleRa$Kw^174LQ^Uxkg%ua|wbpq>h+@IjoWL^$={ zMU@W6{X(wo7a@&gqCz_|YwhJ=rX?(8^>*j}U`3nm`Bb5d&Yi2ELp(H>%<{$x?gF@D~XYzy9e zOjht^fZ$6Qi&!njabJ!c2Hdq$heQ{=uFEVNcFR28;;o96$REyV`qEr8T#_4#Kj-~A zn$2tueSKdCV1+2o!DZh5lw$L5`9x7$L8Y`tm4kuzmJV#Cqn#cYk(-=q2Bd<8_aJZ%w;G2Iy;IDvJ?ktIeCJ z8fG{mKBIpD`QqCuYWk@m+`q5gy8M6%kx|^Y@pX^4TIH+lC!J}Rpnsr8p4iHhb@|?A!RQGv^298L z*+q6^>w&)>L_N*In+Z_to^?)M2(rn>!JrNJ43SiN9Iljp8WZ&_^3An5U*E5{|HC`A zLX{rRVz>6dKz@4!l|7_L$M}=vHYa;yhA74g;r#C4U2a^rR&T;9-uqkYP$}-KsBvI8 zr5LU3m)(a{82P}BVTro;4Y==YU# zW1kiqa$NxM4r_{MttPh{Q9rvtkZ;DNx%NhpHD@vmFGcWLRg{*%e zH*+VJCu1oBWw`LpP3#Fng zIjxC>SZ|dU;jCv2YM3LY8DUc|r4~l6>7V2wV4svXoLn7>ONI~|4&4A5d1}wWr4iDz z%U!0whi9)@s;p6H1ro-uBr=IE6xa$UDve5V)U@@uK9@MCKpXZPK*!1{4 zA3~g?>NLGB7WX@b1>``UE1n59p>GLeJe>>0ol1&G4SPW@rOD;>mb&B`6%})Qxj(A4 zq0koUu8NMqckEq5_}Vtjep0d*-7@8kzA*o>Z7%nQ^%FxoYFFTL0(&S<@uoR;31F*o?hghdt(73HTelXhhq^9uudmt zm^kQA_6dUhc@TI5b#Y-!VxQ_UN(7)xgY13Sb1gCw%e-D$`No!U!@s{y0DTC2Hi%Pc z-VE(?Akk(yd#P#`{-wLI;={VKZ2dgl_VD@Q$5Z}-JpMJajy8 z)RQkfcV#O_@L(eEzu<0~vSO{=ki#L~mwWw#bvOxY(>AGt!y&1jr$~b9GJdLW z66>S<@-)9V)2~pfsqE18NqzJzm=yU1g&ggK-fj3*7*_Ken6v%rWAa|pUER|ij*dSiJDrVGJ=B!*l6lN!j|sgq z&*!62XS4T?*;Kve+bIh(O5Un!Lt%y)coSqZhE$pptuLVv~C~6CaFqU&bzSBND5_ZoZBhJjk8;vA8tKfwc~;p(+C~ zdbbyqrFd#}+l=V;wSIZZYHbniR4@7E%{7IJKm&O-5u~^23$xZKd#h}}M?~&5<||1~ zoIT<-pqkKOLphw<9~5bOkP`L`N!t-Jv{XxI-)HfF5sAV~`~Ik2UL0}iuG4&);A5wPdQwshqJX}?iUbJ z3AH%#j$gdB=E#5UUaDAV(L?*jci9lNoOsPyhEwJE2ey1_NedfSMgNIu(_RFME5=3g z1bY%S?K!@3*z5g*v|)HJfixr#5n{fXzIxYfS&s}nnfTzl(HD_^ZvLxO!|aP@(+XrP zI;pum^1|ogkCq*wO}h|9zWYo~Y57hF6Hu9UukVnLlZW#W_rx!?q1pBpq&}C|cS@;R zDD1TWlC4B8vAgC{9%k*0`679yQhDz7>WPoS+Icd88B6xGe+6pgeP=tSzHS@kpB>tg`MFm{I*8e%q zMXz2Tg{wQ%qx;#SE*avgsC^I8H@(6GO(x6lCre8KJmcG~Yw3mwEQ36Dx5>GGzlz9= zyiAT{%c~Tvzma#Di0}^nEPsBa{5}?z^HyN5KSL!ez2-L-f0@MH-CSSNJF24m-l2pA zu|oWuB~O$h7B}mU`3sfk}F-+S{R0AV7wmDQ%bdUiRJu z;WWO%cOhTypTP`Dai_YF517Y<jSYU}Qv6tyFBlPiX%%rjjSXDi4K}=Os1UE`RwL#{SyQ|B{gur{QbFkqaM_d^> z5_6t#Cp#=Th|Dj>b;?ZmE|{b*UTA?WGqFw1)UCT)9m;9K_BeR)(?Y-oF|Q_fP95Q& z0Zgj->bSysfL`@ExnE)8MlkN94va`k3xksx`>X+WN-_@!J{#GAb#u|bDFN^+_SkKV zw&5$0+~zc@!*f-7`;8s1Umt4s8tX#+o1<>t<5XuWz3y~bDt$fn9UTP-Kzw|sRIf0e zPlW``OnU0Lj9WL*y|_m;~;b1jAaD`lgJo@SwjwV~XLUaVT5R zzEM@#lKCThS~{7TJ$MDMPdBiopm&^}itn*5%m_%@-2CA(sY-w72en$Jgn!!GS31?t zEK-6G1KBb5!(X^SrMd0-K zE0Dy#R*<6aevXN)4|x-sDhNEtoOE z2=Tgj%C)TRW|5rgeI`aZj}`lMcLVn>ikJGbefP!3I?uk*Rj3rH`xSes1%f@^&*j-e z>!y^j$E50$0$j$E_xo_~6l&ASIZG8G-PIQlAI^IhxZ8guUDuYPN)-Jik?12RNkAkh z${SfF=kWEj=~=69(54ZKqUwYlxR48hb77nl&}=?z2_QN4P|CNe$#6iFEvB6$7hqDu zk1`Ri%`)>7ZX$;-4n48>5p~XO!mhVJ_<>u$r`Q?dTeR=7HwxZtQP{}E2Lfhn1tA=A z46Q%-=>q*lyUqQEpt@wfAHqIo^i^iCJ$4HzJ{D@bf%A_4FHkkVz6|FsWYT8=C5gO1 zv?)I8nbBXwx{VSf*VGrpLg_(}`zUV+xewEsh3XaaM6(RtIEcLl3xCW6xNSt^%!)Ou zbyBAuy76#xF3WP4%CO&lc!I29MCZ$D$h7z4@5~e6uiU{MVlTu4yOdz&wAn-fiRrN@ zy+F-R+1*2RCJS1-d4ht($#Bb*3f$v@UUyuyX2isuc5%td*}=^w&q&2PqAn|A4w}52)Ha0 zEmQrJzTEABaBI4Veg?U%bAN=fmh(lmQK}SXR^K0}={DJMAJsguZ;5IpZT)G*J=q&V zXHkO2@oI4qR$=K5=ifK_yiXdq!6)Y1-rpg_6OU%N9Y%g~--!pw;H|3VZ>xl` ztR?}AWp9vDb%poQNRyTtXqGM z(_3>vrI(+_`J-x?EpjanOZ8{ImDZg;ix>BHhkuyIY2=B1{6@&_kbqJ$!R8%@)I=sq z!gnCs$sTi`n`Q^FJD=;sN9ES(Kv>G+4$9#|7`IfRMm#`*y*cnH+n)#cUry(nGODTW zB<}^%HF)!=Hm2mDVI4AXSmliRqV;HcWL2^k>V{ySr4-ON2;znD`TRVhOR#V6js!U! zhH#@jkUGCV@yY<{p6uHd1u0S-U0ZolFIskChXUGoy6Cvz+yA8F)I#PO5)f&?Z^z5w zdZu2T~o?rL zHul9r4$2taP~MT%K(fC>>i|vR=E3jH^YJCUM;24cR!eO!E>7k}IRk;P8K^M+uCOwB zo|@2V;VTnS%pH1~QTyRYlb&s3KNw1aq*MxE(52*=Xv>vQ@n@&e?P*WEF5fW-zhlF{ydI6`BK{xvI;L-`qE(z&J$adwAfRW8GtIi zIXeH|*IGGU8YC5fkdqmx<4f1Qj)OO7Wis8etByYzDEiA@KTw5FKVco3Q;q=L~a_&skcR(gRu%fHfmojRQA zUKQ-BYIlglT;RxKXdbfGk0Y>qs9P3~;MX%&=Kq|=QN42%%=M*0{^03!Kp?hg;^OJ& z#4(OWzw(~<+v?tvI)B|>H~Da~Q4|!EEd;w&$vik`n0MGqiUnHho`1(BjD~9{8I>xu zdgWW?{CL#jLx%o%!SP8M#3$kb|2|#azQ3;iKF#Cg;u3k%_=W+vTiW51n*}T_j=^8Q zvs!<*fmN|MN#39C^y~c$rv^}6_8LQbIfmv>5EF`fe+vWNZ!&U7hFE#pf55~)9uk|ZE!$<;PGLkW0_Wf=?wK`0H_m`nd%EjUfN&n{>#BWKYQ| zCUtM{_e}a!Jk_Y9H|J2B@`+$zMeO?o)qMOVC7_;KbJcyg#@BZOXnudSK`gp#!#Tg4 zbE7cpeI(SUqb+G4?vg$+snRfRr$zPY@{PCd^vyY>??{#7T)#_gmAQiEm%=7Wu12RR@ zRHSzfV^m0w1b3f~($xWDGkq!%pVvPy?%R=;58nKz4mHpr5qvXnp&#U|-eHdlU$Z1} zKNw-)Ekhn|aqOqLp#nj8RHzm zfY4btUVK(3i+yu||C4|wKwbV$X%fl?5@_Dm9}RgrJJ~t$AA=?S&>BqO7Wb+l9j{Ku z^W&8L02|fbV=9^w`)&NFPMze}|BmH5Yh^!(HQJ@6?m6egot5=_G|vcH1#zD{!tX?k z)sfC}en31Ttm%UQJd_hacKaWWpx{2`o32;cao@ow)bk#A57A<}!Ep zO8cmzdmFy=(TN}A25RkQC%2M22~UQCz+&5Ae^5-wG=PciOCu=vQIz#noW0fO{cW64 z3C&tiXOF2i;iS}~Uv5vvS2>{R@2Ub8K=KncD3Dmf;l??2A;Y~{Q@p?j-g{}+So1~R z89PAX9;-?_+{f$o66qz@2-0d+?N_7Pa?@PDz1(VGc#O&W0+U>Buo1}y_Dgu5<74aL z1kfB$nQ_j^LSO@SK^?-O*H}LKuCAM2UOb3%c z+4km35E2E^q^xQn{aCfVCsNg8y%0K4zH4~k0P2eXPI7%>tb=A$BRh%5N~t7@kV1R$ znCV75gE|$fW9^NoWb;Mx$Hc9V>)~C=df!`OdpR9i!$k=%H5T=toQt{K72>2jRmKqd zO0M&+Ng!QhsWvd;ysX;F!5PKIgCU&z1PD@sWJL?n8Wa_!aws3o_rfz8mq9t`*tz((EqLV9BBvVwpf%M~P6M1)b} zMZ|AE{}l!O)p5`OlbePd_0cykyb9axHlKg~6+L@*Il}vD^7b|NQ`B8{i(Da3EH&#Tvi!L5A@4{@U2pG@DwUKGDrKBw|l&9Jb9HW>_x zXzXIHK9u51u|ch1Q=r@G)K)HR1hE4ZxUcBxHKYRdTS!$Y#hdwtz;rs^8)7*7vL9Ot z-Mr2Q!Y*lQ>a2_$g4%Q)G~T?qGlwe`Um(iGtnZ5^9`?OWx-}rgRU_ZL`~V3RVrM7-YDw8!V;7Xj8EAbZW5e0pa6(y?PCw z6FeIduS2o=w?exDNOyhDz7BxI7@WlrzEjXQL9n&oy$Y&L3_}+hl)u^A6AjPbUG!fM ziCh+!Ils%3L3LMxq*J>EVQWLvW~HQRPj==#&YbaqclEKaBm;dTXw{@or(!q+Tdh7n zG`1aL&qKs-0uKWQQ%TJN{l&5Suyf9@Q(_m?jeRgM)g^As?+^QqSBGN`vUgiT!*NF& zko$cHEa|7iq_DUXw*z&OHC?@aYL9nc(~zu`@^XIf#Y$5fgxH!$a^Al54)C+l>Ts7% zA8ja|B<^@m*ehGC5n&wp-{R3jI>vBbA1jTCD#9J84!S6fDNyb}l2YsKmKa52zt?iT07jbo+(&Fvu9NFy}1G}^z`^(l;r zpaXZK%{2G7X(>8)xP2yrq~3W81tYP((t$0yuREx>5r0}c65^io;T(J zqWHnHi3hdT7o-CfESBF0Ydoa&PGu6aTfg9rX5%ALsN9{#!ydpyM`iv_Isbui=RiEr zW#3}<4(!VNjyWit;LlfDVb2C;%BJb@u6J|5F|{Af(c8yX!&hc}UnOL};VzbtJTlsRt&=s?fs zs|^QBIN!u;RqQom?`MGhGLrjZrz~Y;L-XjB#hLA)7Rb<`R#Yt>y7u;XnhG6D?#as7 zBwufmeBnh7B2M7;?3IAUeQQv7DUwl5w#r**i6QoNFIO({S?Su+U%vyO<6wUg?YHtP z3g(2|p$!%(Q~A512}!|rI@9!l9y)K+IVM5(Eu2={i!!ziThmrHhGux;`x$KoY;hEulGg{dL;$`K->c!B(MQ(i6drpaG)Anp$~<&VFH ze9MN_&vGo9K`J* zTR$i$<4RdD)M}S}&l_YCA=cs@)f8c`{sQ$XKq32fc=o>N9=?N4!8C`iV&i==V5hsF z=XwIT66alBhAvSvHo4M=dkeuw{?E@`Lqu9*vIdlV%hdNTD@;g+U)n1Hd^j!9-h)5C z?da_BCs2=9?YXY_Zoku8Bvo4q>8Q)wKAhtlClA&%!Q?AJ{Qxe-w&O65{uO^X`CB~g z8B+4|))|78sp~O^3P1Ne#_9eAQ(dQw{VJ#5#=sDvZ0b|db*XaI;^!}JdCqtq^3T@? zYz2xSc%0-M`>zl{K5>fSdU5zI^IiA`20S%omm^+3j-xCO0^gGdjdd(#W*JaHvJlB0 zN+7!sZvAopa`E}v498!_^2D^jx)Rc1^CPSiXW{kl36^b$q9rUB@D6m9nlPkE94uH^8nd-Wnk?d!!FziAEvQyS*x}LxBgj~AMqs#kppvR z{piI2ZQL)C*2k%Ke@KNEGR=?ZU-|@Z%un~dE2{TCE0>1(K``?KccZM9w)U-T3iUNEFXm%5VbJqG_L6L?F&viqF2h-~^|5I%Sdm3!Zs~@BJ$<_Ywlac zXX*MPo!@cr>DRTY!2&vzDkK$In7<$P5qjev=A;+yYWuE`_~ebwIc_*reGi$TD*bN7 zEoC)m4+r8=gJ_%K&hP6m{IrXD5MlUxUt`vCo!{mc=&!MT8jbak9zp!y7yG^dr|9lT z08SyY6Gm29qPIya^7$t`Wbo7iTMr~chVd)QSs^bh>W#b;f za-_|^trLEMfi?KZrH+9n{ZuQfgEzVeTP6qUC_-?GP^`Y*KuD@fNM`g!xrIA7O~@}V z5CA#(7d%g;DU>Coz@-9u4IPBz6vrL5hcVg9vZUmor`|p@FK}?E11vZIaF>5tNdnB` z4v(yHSK_aE!jqqrXi;xLf#mT%p1uN%B+qt!q`^$tU^0ewZ(1AGdWDY?4-?@Kj?~5b zN{Q?ze&%`(gRwy^zv-GM&KOREq=W4yo-F4Ei;1~8F&FdlR3H=~2WOQ`M4A%!o9_!6 z-_FX1nf*A&b@Dg|Uex{-PKYXHnL9xfoS=9y##m62>lQ3rV^@+e zWVmWym2I)(Loh_DbJ^j}v`My~*BE zy^n4-N>3?|rs(Qh=NK3iX@-HNVc6%dD33<>(2UI9JnQ)p9IF_v7(HPU0y&P>L)jU1 ztMTqA$9c<`tNPSiAxO!!eLmDzMeQ4+-TyURnQgxfFiV!YmaR~#2|mS}wLQZ_tRjKH zjMEm($rIJ#gUwTDIS&59oSiE$UlR&bvc>)gGT2`V^O$pf8Yg|}#S(30^N2;%`OJV9 zgd-FnPgXVyBY$83^-oHJcfBwDSEZ;A|Ja<|8*f6m4sW<1&9e zy*SknljIhDU-bAyXbV+be;Ev*&6QaS!um98aNrLbVC^xv_UA(|eFAD8!t*z{m-*93 zZguhn@S~bl%Dh{VaiO_%k1LWdWkoaTY}9aK=d1SU+RMdi9a1$mS?9P@C^@~?354}c zJsiEQuX?@^LX00WZ%^0aGJSt0e3?4U$12!tjVm(^hKqqnI7ooNm=k? zd{QtS#6Fn zZW(jV+&`dsW_aEn@!a0+hJ3&lW0-E=5ZZRBF9oIm{Oe0}9zHClP<--o^t4#~Su`Fu zp3bn12)18bRNZQF2uzFTx9OiD7dyDXG&G$GI2crCpjO!^5Rr6#pU;}I?2m?={{0KR z?Hv2L^3A0yCnr9!~@vEL#!b;b?&Y}!8iciJ!phBI2&tybmfy_XcuvYez#&>lcA_(`ev zh7k{oy+H^a_;|5h+_GlZMS|nFvKpU7}0rT9Spxe9mZdych8O74(Dr6=8n~0Z8X7D$(QfiQ_T((`UdzTR24zb={a> zHW5$#!fnubz+y*CdS%9?gF|3r=R(GqF+i@qkl#acj-D`vNClJp@zgnXcg+VOwXebp z<(@^7yQED@}PfPTe4e?2&$-{tpRE4s{=b*##laYIbHmOfWD%6nOcPz z-of@B!LfU3=I1d_G(JE|w4A+ZKZUGr5g#2CRd-LhjvfF5sIr9b;j zpQp&>$4gy1ODd(rc;13wh#|Ftn(6fW($%W^KF<61hF=+w z1TxBHHC7Yd(_E;)>So21PO&OH_!LHl$8}#hWgHu=-PihSnm=MFchVjBT{Vv`tl0P) z14~mJM+PTA%`(<)ryzy~XTRMJ%+Ehxi>z7rJNsIA>T@VMlpmynW5Z@$Pqm>YY>NFX zK7c3H*?G@P?Z-MjEf!Pc{4H4SzEYhf*O5N&UQS<(LKS|UgrXh-NGYl#OQbc|mJ!sx z1c!D_Yu=;j{lU5T;0hv=wufXeU!T^i+GQF<%4qIVzrw7}GUyM)VLAEkYJT%-nT>hC z8ABSOJO)PH7_ zGV3y8%dS7eeyUMcz~lF8!a|LI;|H=1FJQEgGjQqWEN8D*eIC!?VTtLUb*9~?vrY@V zOeWa&0e2bDG=27&%UM(=YEAYAiJ4{$&}*i$XVPb(BL5$TyQn8QJj zf%t3ZqgGp9ipO_#m0sr};K^)yWNm$}bBJ-|=Q(oyQklgiFvrZVeg6|cf%-#v zZSq5WaV{r6k;Mz-jFS5`6Fw&JPj}JFzY!!Y@YM}@QCou>B$6IR#P-8or&iprF>m=`-B~u0InOUU-8yc8TJmOEgiU!9=Y_t%o}*)@;Y%?; zHl;_e^)NTuJ*FoOs!ityKaBU-y`IKaZiq7%M02?B|I=xcJ*T4N%$`fRhDfXc#~w8A z%A+DWBcGbZn~t56p8VE$u+!lMpUv-b#!F_906+C>rM>#o!NB$fL$PVI3x4kDofJJf7%KT`mk$ewyR^p&T zF)iymR~>kKpK#3n+~eoe!Bvp6B@pCACa;iPOYUc!!todm>>kN|;@?6h>ill9A4g+B zl(b-t=(iW0aTe^VM}rm$_$IPnyZcN-YXVI~&sLkIgu7VJY($++RF zAGVb!9E>8W=Wp4>J)l5Oq|WfsJjX#JoM9ZgJ*QE(HsRGTx-2>DcZh4S)U8)i;&Y+K z-fz@tN@Htok2R0R~+20j9m>e^n&r!Xne|-$4t@1kOV1(>j;wsXQB7_Y1Ry;Vv23)h6 z%0*zQ^og@d228w{z4IeNt|o3EGV-&!el}}#6(B+TdQN*tQj?dYH!=3`A8XFJ1yjMB zTC44WdIWzp;|BvB;7^T4*ckEmV(cqrgF=A)+wYqKu%2-Lx|N9V4C*pRWS0>e+>RgU zT^*sMcLe4jd$W_VoM2bmyN?geEtnU%#Aps;7da&n`_V3=RUC!XAr5z`dkK-iuZCA=aH#2X4`y7@heP z7Cgv~^LXKr%YTxMXP_MbZ8KbPbv;7`zuBVrW@@a?X#M$7U1X8ZPibwFxW5vRKeht> zO0Mw-TTVr&y{>KOvoEu1A6eE|UV1LUd7Q_0tu^ELck_*ua|{Ts*4a z!la)rwME-Q9h?;sX1J>>to@dz#Gt^3WLFFlk`u&P-3}DV&>jc!1!wUdO6B-_qVj(& z+fXV?{;7~U62rpG%jsl$e-L4H&+MP|=rT|28BbH*9&~ZYT&BTOGN-$e-w^gi zN<{$|-}bNj_e_P?6KXK~ov#e2SX|^hgWEmzoj4uzr~`SYi=tx>dr?u^pS@fEgAUx6 z{W7Q9O(2(NO-+MNHUM(qh+LVQ>+&(y7Z?If5>zxye+QFNxc)v@c}EY-dleEhviGA6 zo#*YF{rhpMS5xtk>RYSl)dQ@a>GFKiyhj6wBzeLN0|?cAb@^%0)I0ym*T{0+I_(Dv zkmOmtbz4lVOqksKGnUL;$fBXqy{pM6pm;?GG#Fwr9kp&*tVRLU7LPM_?E4<_Q0VMz zC^%9J47=kpcKIvwp{5+Oq5Y19Nu>N(b?wyu?#(NH8!-cZ-7f@2{kmm+Kbc{W+plSA z?&J8!M8gIz`~>;>Fo*hXO(oV-N7C1Img=F+bF^mY;*EC)pVGH zTZ_%&gEzxuqf4D`{8>Srk@fxShi9uwsc-M=3!f!161EJsu0@(#&0kbS#e(~PZy;Wf zulM2m0r51d&jAW>vU_5`utX4`>6pQg#N@NYJ3k*2?Y7Z?54!*&MfCGYDfq!ts`eo~$FY-))t8j};tJ5O!1;pc07PXHz|XeG)J5|VoCvo=oFDFunDW45`m7M-VoN|B zw5T8{2gV$zTNC&9aQv!XpMxjU%&%ZC1%zCha$8(Er0J&2#HWLo&Kvi-^E_1N2O&9-+=V)Z4HT#B;5B^79Lz`? zY|PgFesCUPCDGME($Q_zqc*ZFZz?$2(fbVAmyNo*XF%`+^?ZYt%)*{4G8vdE7O9cE z*0Wo!CI{#-cVgdn5bqGhLvfJnbj}0>kCiX`c{hEl9)hI2b(l^B z`6E}TuulB*$ggX`3)1auzpg;VxXQEG&?B?}Zy~i9eqOj}j>GdemHzX+F z=RwQdn#N*Y`r+dmJz2<8G~riRgvJBn=Te+A(h+yxjw?n?b&W&;lG%D4VpmpU)zI}9C@{P?oWFNn0Nmw^B0tlyro9c zM26&DanriL{=iE3L6V|Kpp^xq01#!Q z29g8&T4#m2NzR}mzGG2I7l`x05MUo_7M%UIEd>8Jv*brW7K%5;_yDOi>KC}~on-qd zL)&IQmcEvHjW;NHXsSc?CW~kZ^HcM%_L{VWPKO)%jqi${Is`yseT$n8Fw^}Dq-CdYGP8{K zNN>`RdCG&iKwe}?#FcO<;Ml(Rr^N^3>!>3?rS5tc^Uwrp)BRIu`V?Iu5A#w251P{a zM0d$@S)=;?En@5kg3Yt#WPl+)e8^Y`82z(!Kv8NCHiLI!NN1fOm*eRtwr0jBt}3wKp6mHC{BHE zUm;qOv+>b}m5^BX9b{)z<0XlLq$JNp7LMLi6WROlOgAo{nWp5WVrdWoDn-X9$wUPPR=F&sk4H`=vSI8-T%ze**xdy+Ux< z$K(4H{&hmi)BSOD_kD8uD6Bb0N$@)H97yx^!tJ}lenV3r2PO{=<=-taqzf){-RJvR zk)tPPLqN-bn|qrTVz(4#|HsthnihMB?2SE`xWT5KMX{t|F*!Q( z@%!r7C}nRx`fsO&)XY(OFk?7=$WBY{7Yh$7tw#}kh0&Mcahs^g?)Mk#p{_;4Mgmu2 z(ytBeSwoIq03yeW`GF!M0T65c*!RDpS0$g=la<^l$$M*BzKQmYArLu28ysLg`it$p zh4_N9R)2`m&jQl_HoRdaK#y2~VB#ea6lxM&1m$WA3I(kJ$-C9MGxhJ{T!Ra{*LAn^ zJH&q&#ZS^Rw6|0~Ki8xOlf?Kv11mm=a_XLbO!*$Rr&dMS9R%$Zl{!ve7v_tVV4_|L z?mp3j+&pk^jZvg?-+KcC?>%ml#ZfLOCS_w_tt^#j*tqKI2lARX8%M_Buv7GhwbveS z>g86Fit3N~xcusOrR*p5)bT~^nS}VwCj6(X!MA65e|Wf|gniFf4 zgZnZ(IS45$vG+V6VNcdntI!*A>fyDbz2RzkzCQ0Nte>FQcEU<8cz`PFQ|^J_@wu0s z=r%%s^vTnSqLvM%_+OYxbYbl2bS^#SbiX!9T~~*4{f4=j3urzE3huTU0rdDe_g-L} z=~nnW&l#FNe>!hB7)@^8ZrTP3hsK$8N;*72S+(}-$CYA9HZ2iq!kVW$>0 zSm_-hGoLdq2W{M>o6Bl^m$Y-9A3y!^n$D-WPx~KznJ~}-Ez@ZfS7UdY9spoy_iaDb z;R+QXYc~`M_Obrb_u3_dpfQ9#j?njYo1?T5OQL?mJ9B@H_lJp8}R$CYGY< zQade#NLy%I zS?nnCAH}&zDv0Dnfr<^iYuQZ$~|>WoW@- z&0VkHI?WXZyCYda|K&gkPH>bRoQQf9fd@ zjGEK!d^bhtv|}I0S7NFi`jg%zg(}8FL9oDB5ehXp zPp7#aG%1DR9YKtQ%m)#UAO+fgJ;?jP?<}vwTVNS>Fn`SH12l#oi`qbZrM>!!ZrFGQ zE5p7YbV}bC>cib@m{jFT0h_TOSs#h?h#Gv13e9yF$(B^d$aMTBYnRwYd|J8y`j3TCiVV2u;6jzhnY7Xxnem_M*+J_NzGdgr{Q8Y zviCNhtf7uP6_KP92=9tG@-=tBpW^CHe0_ZZ&>DYc=!$HtkW!V*SXezi{(guU-{{2A zNKGd8=PM&rn6eJnt=>~FW*@PBgMC=-ruWrj+>_+)6<>N^GvBW&LZ7PAN)G%RGGXuO zH`(v>1G$KmzS-GD74im2;HMTn`ZqMnlS2o#w_DGxL|QG?G^YZE71 z8=QuG4IKlF!n7&J+06|Rx&&qLz4+Lw6{Jk z%?n8TPf>&luFV^|_VH6Qcq4I_ZXe57t{?#G8n9g!%iRaXVnzxMRZI9K&o(Mbp#+$|2~mmZ)%B6H$a4xx40$A#}^Uxirevrlrz zotUSNWDBi_dvMTB7n@4YuhM(SUrZn2a%q=}BzE_06bm!C@P(0he9#Bgj%Y7kGBv7H z5Z$lbtpD1_u4OZhA=A?IE|?Wp3SO)EkJ5!-yQf-Lma4nI9UDlW@7yw}AvBqrry?Gn8&c6d5u{ zdI)E%hUq;Z!B}_`SS6%=rzOn0MogCj^No3aK36GCs#UempXR9SqbM90rJHET&mo=N zt9~h{)|WClg};MNCkM|+l&KXQwAiP{NlrVuPIB=N?P&~f z|My_*lWihccK}y!z zDv9h$S52&N5JkKZ#H{ako4m2q`U{~;biYQEakYp7r2w0iZpz(-$C*g!KrU1lF09Hm zL+FiM9A}sq*_n6RyaWo(S-*0X9}pLUyb}?7ct7e-5`W6-6TM!|8+TC3Go|vjeKu3O z9Dxu_jQ!r1r* z`j>n%;ZSPu0B9|*q-eGW%CIca9av5_I|lcYglx-a;`qv6Orkj!+RWM{npk&sORD`$ zVRd-Iz^&O!NaSO(XbSZh`N{1M2H&p)2M7~4uLXuq_#8>~QdxhAHxpiU&hzl@aA8gw z5OC8Y*Vps)IdSlQZ>^u0m_K`;;Xw~1s|;uPHy^hf%XVl?mFP9yQM5S-X19OT+&P5m z<^3c>1P39JVDuO`ewBf>s!!t$6~H5qs{87VAI<`>0=jI^;0W#CzKQ1G2QH`rB|ZH1 zP>WxyPYv_cfY- z{q+4h{9ynOBiWiZ7x$Y8pC;w#+HTs1cr^@f=oExLukCBbC816Kvs|=kzd2CzOpgSJ za;{a6KetmxZj4;eU?bp6zpv78FNX!!_opXH@3{qjmbfN|LmZ=ZZozA^*_;9vvG_%e zG)lr*)AfK?uV>xotKW0HYpBC9$w7!xt}Ar8g?)U4+Bi{P*9UaQH=GB(n&Eo;%+S$- z$57sN*{Z+3CE-_p*c@m}lr`4yOMNB8!<<Z;lCTW%EjUnj;3@gp|Gp{fCz+iK={tJ~3I2%Gw>)J$VC}bf!ZY=ZmGPmYYIZMPZRq9kj_SDUtl*4GUPf@Ujm4MSTtv zAEV(MoW?(F%p4s^Hcy)iOjHa0z~;XfBoS6(2@OXMg(f{d^7in~m5s~P-*WtsW^J-B zUWeZ944sTZfp2&C9bm}qK7VY8?~g40ob4C{0m^rgHr;2QI|E<19iDF;In;B~F!@tj z_Q^93CBLDIah3RqVMl$cSYjzpqdWdmz@MHdgePhC%Se@mOHpojXV!L|DeWxybVkyl z+l*~6m}f2!wv2PAsO!Ep?x68?HbUeAVveNePHs z-OoCx{laGV@142=8!YaNCi^S6XLW-GGvn0K36T~!{}j-k@2NiA(FAMjJxGJcMokY~ z{bNr9fYU1Vb}mzwH!h$r3)}-O_$WTf?p4y%$JQ@I$~@Y1AGnJsS=Y9>TyK!}2b;Ha zr}lW1#i(AKZ%ftQa$@`EXDY2HmAQ!pp&)^hAC|WvMF`8M!Z^gNnncy=x8&H0vGMCm z|6RY65Bf}X+jDoQqm&=L_bvoo_GEwc)XM_v=UFp$*w!0vD#O0eKc1csG==l3rw-AS z@G52At)Rv;iNo=kLbT8&e0E<;`LP>e{fsIXTG2__l-{QY8lo+}C0U{81S#cfo}6_6 zS!*%7vG1G=ftCWW72%q|fh@nMzt-&U-wPc-$337ydTZSNBI?aNNVc3)g_Gs7stnIQYJsFtJ;g=XxL)3x5Lt(}%7JxzS9}|-75uo+qZwuy54z0CXY+)}b z)@c6ZN=1`mbTvNbYP<5Js1LiH40^A+B61^Cyhb)8ryKfymuqt`Srpky)E~a~@9K#- z$%i>WD#B#Q2OE+iV6<4g&CC1ryC>*U zfR_2h^D6hyIdgMPFdIBEBmVL`k+xLgkrsT4eT`Ksw_dPt>SxvI5^m#zdNoTW&IZAk z2Ty1D_Y16w75kVZU8l7RUGWBi;3FnHy(A2rLXMDY{_GffdNhQkoHmA>C{X!My=~gO z6n@6`0oi}$t+l6zok3_lL&%-O?|yDRuK^P$v5c1b9%6%3TYQcf$LCs}xLFVvNCqbY zIn62(Ys4nVJyHYKP*Q%a6dr$wsyQBly+K&Cxp|*pIj7_B?*?y zI0wifO)*V+AQINvfY$Pw^%My=g{k`rVpha<9@hQ$^f|lQqz^~m0qAF%xb=DR2~%A7 zuTM3F6MsVON^^x*Yb6lskK54z#`8&lK{&baw{=RUicaPF9E=m%2KeN+NEHiZxX|Ft zQ5OcToI!mqCCi-Mr4_3&!A}B&0jk@H5@H8+nOd#~+0qlb=BB)$PwdbQ#tOk)z&6_}}pUpG_ocr~F;S99tFX z)w4qI=XxY}E5Fk;%B~V)-~zzDQOaqp+r3zT?CDAJ${1+T&#=#K{d!fj{T|VX#SihK z&lI6iwzlUB2>Vs+?3f{e^F#;{cvHAIG4Op2N*y!q^|KB31!6oO?|nie z-{>beoQ*Sh84!g{2pU6Hx3+RTTkUD*z?kC%m;vkS%HPE;x zlDp{P1cVV4rq0KGsFpM+uT>QuC67c1q1QW*%p#)6O2+O5;LWr@)#qw6dUPsF+4WL3 z>#GZ<_1EykHl%dX4oqD9M6`MU-&1?4cqbuj1>ZL>nDBs(ZlJyq;^SJ=LjMUf7<7&J zgTduzx!p)`H)ojQd+%4*jIR0IDPY36I*x?R+YCXHy)&l5P8B-dtn3(); zpb4H^o}&?DW+mnKX_RM+YCmzRneTQuNb({#4*Yf=cmB%uq$NUXwq9YRC50y+t_c!6 zV6$^PPP|l*aNc;3c~&X@YC)=%l2lkeKln2z#My(va;HO3Jb$;|%I9#%?GVzJ_cH%Z zJ3C(xZ&0%C-r&7tljb0sWh|P&-x@jAXkTUU8PI(FsPjB+=|vO8z166m@LNcurGfKi zY)vdJ0lLr8f^VjK%K$-jWjod1edCr!1NVDLlZWCHN(X=3HOJC8{W0`LsG02royIdK zm;jxF`zIlJZ-95C^PTZPRnh%@(KJuQ7hZR2xNqa-H(VTJ#U{NcSMyf2l~^ro3~lxC zaokrUTCvZo`losuTJLEeOc8yy9zSpbbVyPVk4izA6hNr&5lPTojoEfvV8^WNp0vwJ zLn4K9#KxTQ@YU>2ltWV)Vk?49SD4DI^6GPnr^1;xYD>%^Z> zHKC;*RT*|(9)x5x))J&6(~t5^neOdg`)G1rup>TF69%q|`|6lRuTdGWG+yU8PkDGp zhUwza(K(+hfZB)-**qeC*gRDevlW8MFa1`osWVyw0`hRRCO_q(StV-S^I`rW+^8C`yjOpUefwdRQV{ak*! z&C%Vhk{%oaL*sc<5-!hWlK70aLBi7h+2hEyNkz#Y$=bho=BNe-+T7->lG4{$P zlJL$qS1RA`kZb#y36ko_lB{ExOz!N?tpW1} z!|gC##IG+i9kQdExZ*K~i^kk&W)&d%{d68(CX3VaVZT*r2Rxng@IA&=lMX_CjQk=- z!p`nhyPD!kWqzQ!35w36TIugy9ds{v+9}mS&2KbY49d%6H07} zw>c1@h|{-okWp1vw;n?$zTa<6_?BNOx)2gX*py65qPHG!)U@`XW#=+GO@6?7Is_Te zZtyeM3yDThmAbz3BI16_p&F1y+=lQ)R73xJ?=^KRpMm;U_swe8XG2nZ`NO%?GNKSMQb|RU6=_YkNA~lKz3}#A z?^u1-TzgYqh$g_(x#f*$E=oDw@8ETRT=~Ssm&f(`>#p)$JUo|Y#CJEui4XcU+3W7n z$bYB3-Z`>5Jv_}HogLR*moJ>*NM~;#_x$cR4BJ?hN?kAsU!Ra)=If~qmjV=qi}_L+|yCt1gGW6OX2EQw~uVHE5B-se7ly}r=$Gf z2RAf<1?*y8hy~S}K*EEs>H93Ohz=eyV$H1E5BE&ToBG`M>4o_MVeb>DbiGg1eJE^8 z{Rd$$%s08Dw(2#4jsEQ454jV*7!}ti&fv)B&2LNBT;Q(1^esK2m}O5T4u-@|2MwZ& z$DK`yj`52{)3r;7#>063EPY-cxFa4FZjJWqN_%aIxU7o>)3oR2s(watMs*hs9Q(Lf zD77z=S*(VLyf=@Duh*Q3UZypyt9bf8E187cC2k~nkT@Nk-5A({J?2W7rdv}#H>Y%E zNvmk6zN%~q`oraF0{ZdWM{zHB9&6tj4#zDOlAn{@W6FK5^#_Lu_@rJCj2K$%(n#+IYHegUvYByj(ERkDlLf!=2P{>oBklEzIIz;1}WT0izD!dSgX zyge!vb*ygc5BiIN81&S|_o;nEn;F=0Gx4?@kpQR<7Ykm?*sz2JXvZ^>Dt=pXXWdMF zI^CYVfxIb4{9c$`_1NPuP;U%=MOQrzPxl@Coa?=l`7K~nWp$9sc%2tn$&@1itec|VimY@egw9iXa{{_=@nwGw0arA>+}5HZMb?V#G09`Q=u zQ8<(KhZ7#~#)_X6KPOJZJ>jEJ+>V;z2*#uu{3M6PnuV_HiCI0R+S@?jAaW!2D;jwP zHVmmmR3S`5M8biZKUV`anlNQ(hM+5cjb9KJmOY`bLdKL%Gwzq3%+v21p1~smq7Sk^YA@msgE`REVcO-+3fbaLZ?F)BxW|njC(_SL^a+R}g{r-av_A zsmmd#<1tad+OI;6+WoK6SZ0KNJ;IFv|MvNA#xmO7X?{p^1-R+_SaS3%Cf?2DhAIEj z9hc_Iwi4)62V<_id%=&F&-bKX-r#^=PRk>;mQ$&@*H=4O*8}4@C@1A~^T*VPgS(Lq zH-8X_YMXxJ_B)q@SE%q&wOWEi2t*xvVd^o1L1zlUW9s1lDoi>R*Z5!X+OD3 zCtHn1ybu!iT9coyjO`apGYD9e>m=a-VQgTt_#_67SGAF5B#cwDgF z<4*J>n7EQSlTtNkA_Kb0&+|C4e1rQ@+Se9}`#hhNuz%bTc5NlFSpXAtXZM1WH6L1J zUsU;avA{I2|3L2~$|kAru*w{7RiH|SQSzfu+H>J=(BI%`T=)?YQgZx?qu)vA^RF_m zNIzyHO)uf=!qYL75B zcR?@wv`@+3Ku#SCh)bOs30>)2$H)M>6>!y6TM8mduU?)uE+8lEQlh_;Zy%BOw84D6 zha4}6zC^4uf;7{w`HC@_O053LQs;JFZ|wRdn|ETT_Psbn#FKK#V?*zUR~nj^Hs~ik zIULl{kT_hNXvdO=Yx+mllmE8S z@JLJime<)kQKkm7&wjbn)93X)Q=eX?Zp7W}5eA*w_JazxFrpy?iKJ8JFAO}e=94M2 zS3?f`z{1IZ=f)Lr*=i|Va`y#qhI&Tc*?o*yVrm1DyyI^Bp-jMafetHSb+XdnGP~;dVN!dG~I*{a|!Rs#&zLCGM26iudQsLETTtQ*YwkXqZhYHv)=I_SI;*p)Gr^>;3h`oB} zu|}$~YvE`5@9aD34Shoh1`g-_u0dHX>vdZoqvNzk$c!$cbA#i##@N?o(xx4X*5(WP zCC80SRq4&ur|b!1{h{oGU&W}neUIb^kT2?^@5Oqa9M-S#)(h^aMjtMr)n?EI_C-7! zm2ACxQwMlkxaZfnLly+%TrZ8OVQ{}cL)FRHLRXhJLFl(Js#H<6g+=n>g*@ooslHqtu0fh|*A!MD0@v|!))`3~9LMCo zgDXO!=6w=VZ>j_BsD)MS$A?NMs}1M9*9NCBKi?>XdE_Z(laF%eZ#72R{SI8etbN_9 z&%LO4 z%Ac?y1rWPxth=HsKl$(_@WJljcIkwIO|eja))s5~bm)E8JY4pQbYoFrz);Qa>k0a8 zhuG)1#?zrPH(Nl#2SUemeyAIgU4Qdh+;I;IbZc@+C}t=VG0Au`*W)G<)O~OtheH77 z%8b~{Z66)r#Nbt_<;aFuIi{}516-4io-6Rxu4wSUuz?lp1NQ3v|mvVVxkLTaXk7*}USyEfHoL=q2P&dfnc!Mf~H(rhZZEt>G^NN9KIEZHR-VJiDLuzkne^1+% zeR&N=?X~zaWN>^C4?&+WR0^Nlfm=fVv)>ee{wONKA)PIOc@u4KA^1y`eY0fZgA+gF zZj`K0`Fwp3W)9z66&jY6mAjU89rwv09OFcaR5ANB+*mJ(KfKZlOh>(KZ$AWKJ`W>I zZKrk>`Giqt`A%0)QquVE6XjsZ@R*uOcdrF=_RF4x>%Oq@F$>(&jsIM-pD)tSSyosr z$mrUmyhbquxgvLEF-(HX$)EPq%>FC!GCh@qXXE{(4a-sWy9K zAC-&iFF4)F?BKe!ZG)BrQ}ewq&oip6=3%T)RTG{6-Kz zU^>3Uavr)e2})ZFQOrC#DNah`LzRZ0q1+Ixei4>k%q)3U_bDmE+e_VSn%5q2HIA_4 zUC33nRG%NpQ+{dlESb|-3%YE4IGGA&P~eZ^aa(OUq|^Pr?0>4}Od@;QFWxYK(n4AR z#6_?4f-J(&#QfLW6@c?)2CAp2t90|YkLl7Nohw1*B-}R8q~)l^QdMdVx4x7;Nkfsd zu3GpwGs#LbPuqvq_4MQOoyDU>>LH@8ts%qy3v1J8@O=k=ovM?S zcyP4(y?)kdMjX#`{GvIk{cvQZdp}gGHoSmrX!qXFc13?zOzdO|ab?gJ+jy`M%B%Yl zDkn%iGfr+?q-*?s*<#*@a_T;v5o1)Ufz3D9#TjyXpXF>(NuRaeRQI|mV9%D5G}`Va zZ*W60cF7CPtQ6e9r3fx)vRw-AlpdaGi1q!S+U{1hHQ$c!w zX3}X>xGQg+&4YIR_Hcdw&M;e1!EgKVQ2pZIq-`?xq(A9-l2JN???ikJOTEdRnsgEO zaqE>UYxV*vQYn=`67hU_{Z>21CUX}lmEaHLVN#Ezzn9Q3#ij~7udutpR&=~(@9rZe zCrClvJKb;3>&t;QGdV04I`FWoE*@+O=_MVBlOd^`c0<-(YqUiR74QukLa6$$i??}u zVSvvolnoQm-Kiv!{8|s6zO9Nd04De+wB+K&$kRzK-!SS* zDQfe*UniIW6#~E;iXHwoC_wT2l&I~B$dSLdT5(fo^ zt<~~K70}I54)H+T_=gxUR7g!m#}hNp>vI7p>2GJ#))xDem+8s8+FKHx|p z0rSlvdZQZ`JkZ9whh< zn=jU?Sg9*>(i|SeZvs@>QH_-+w+#+fR@$) zBfwkU;U$+LGF%ZA{+f|c>9AXZxWr~3;as8!ZbU}217`ItHS1QysL#KgCg~nNR8}w6 zK8ns;aC_iO9!-Dsz_fAS^A@j_bArEgzrZ4O^7{Q0jyZ--;U)LPekFa>{d-WRV3n9M zm&Y%otP%py!os(It2I29o;^&4T`-(WD0h+4G13sTnq~V4j91c*Via^iBxhIdwG8{f z`AR~aKHec=E@}y5DyS{*qJe~sJ!&qgKOu(JTC?_f89gqko3p67vKU#sD_Q^et6E*h zk38NA;!P31>2`l`<>Pw?T_j+OII7n=MR@Al=UIG%rx9{;ceVCpwPBaR08F7UvM^-` z%0sfJq!5xhU*0o%rO{0r%x91hw*0oA`!Pe6EaV>XnpzELlW`e=7z60E5OAhDi}zmeMaPgMP+8* zQ`=qIE1i2Oi|iap;}G8XMn`L7bR{kb_=#t_J0=ZefSPQA=XiZ4&Ve?U%Y%3w*_?%5KLZAm!s=qc`6iF(TC!*$4=in6DRaXTdC^79_|qZxHucOY!ohfjDM<$W|8@rq#7 zKK2m`TaxDN*|(6)%=+pTNFY8?kNDX+ocRe8q{X5{(m|E_oIrD85_zsm`Ms^95&Ay))KYzlkO z*=(#}M_Wh5a}UTOd0A%A2$R+_rv%3@pKteY1}_Uif}hY zmzw*N2YAEjM{;a{psgz#9R~{CRy5wk2udmZ3-pD@GbfqL;z^vJx1w5V&W1wx{8i=+ zJLU~V-{c;fL{e41wBn;XJc>tbH^!Xo&a3%yUyy+ibrPJ7PaV;qe0tG^gR!{hYA6FC#pvB~z{=3D5wZIJ`0R zNzp~{(+uF?+Xv0{4DGx`p6}-kq-QygP})d0Hlc)0XbSp{cEt3#t=3|(*&PnV>N(!D z2i0eLuNkX-GVORlpZ5cnYQN8+|60-=zobwFRXc^Ea)aC;W~1d>*+Y6A5VW=w@(DJo zPE*@w)$_O;9v8R;_Yns^=;3jJWxC71_W2MrlDUpY#lTO*99x*c{eHjq3m{wO>0Ve4 zd6GPA;ymoFY>$SxB3LPnz|u+n_f0c9&}9xT`CO`dDgRs&ymTWrpgMG~iR;ug;7bdVo<2e6>v<}2$^ zW>ZAL2FDEy4_gn5&lTY|WevIwjs!yv)~hkRSX_8S5F?1ykG|#Y%F}Un>gh@bsK@|% zk$Zya(&oc1WfEJDF}^8HpYl`xE>g*N7E`%WF5h736M{U@y_e@;%GFwfgaWXfB0*bv zS_qO$>9=I>g~a=1+^fXd(i@FPu$o^#SJ&ShHT?Ycn(g$8B1P{jqyop8$)DqS*uFzE zSCn5N5WILL4Q(5@%4QqHK&EPC8%9woKf=Ee{^g5I0v?~U0T+a^^M^L^*Ys?EVIG{2 z;{Kgo_7k#d6VDK!|8+I>TN9;U<*O@)?3Ab()ds(P$f+c^jf_^iShsFz>vgcj=66HH zrzvA^6A!?jxXkmf2Ldriagq0MZRZUhSiqmF6E(Kh7i(b6BQCsOJBP8xTG~<^bqh(Y z+OHk`DX5EW-Au94x#)Cbrcja8BA>1T5NG8}#j^D@lfSTTjdZ?<%Ovm3#PX=|gg`?8 z&^)`FXozn=>I>zOovGI<9C&a8ksm}E@5%MhllR_3cyk0eW656$M;C7guRO}oZaujB zs+HC3NaBqarf||!!W(hiR9IN4s}FX+5IAVToIs%i79?nC`3376bQ4#i)+k{xjNp0- zr|_pn*-hrBF-;^4xss9WRST@JfsH&spJ~h9RSj>2Y9lMWsf=HQut!V?AyDc0^-bZ? z=(88bvrp5&>j>?RkTKF0b2fi_wPg()&%=WrZtg}9rEm%^711@ASyrlkJle1 zFVt&sFwr1qJYwPlxqWd)iWVYq_nEIX+ zh`2P+S(4dpw|f55rtHB@0@tnw^}Fy8ybso?ulA#qiJ-|T1!AiARo4_i(`cTXBUTqF z4BCj&o$Mcv8g*5ffjPo`j7Q-QZNiN~Bckfv8KGwT@C{Fh%Hf?LkqW#vf@9a!2! zTdfk?t6iSYp+QITFkL0UJ09`>ox!9i&(7aP&0ZU1x>UvoWK!)E68Vk&@+mnx<|5U5 zbr4yfu^c3L#*LzHwHHxF>E!HJz)1fH0TxXaM`R+cy~UEEwUzij zA8g5622aMH9G?ra$Gx6TRJBu7_bhn(8iwm0_&eR7bw8$lBZXmYJm3X?t*88QLeB#~ zQ42P|cUQfz9f3gse2O1uvwG5GKOnhxA2jf1xTjHYI?XJ!iPBS!?7mp`n6EKILbi(jf<+G-{DiPA{0#a(?ZYSH}> zIh7|_mHhYxbL#uK@VC)a<9*S6hY2ZK!ri=df4Z8Q^2x_SwyZdg)GF$Ndz=bpQSG(xMORH6S!6XF4d7 z_B#|lIy>d}+DgTLdyTFfGi$Fq(0v%$v?Sk)23(RT@enP7_bdKbF zKSm^bK>JfGS4~9az6#^zG935o?D0yzm-fuj$jA*7i!d7Qht;dGwO?F)W^hAFJ)zVg zUUD@TO=0foy)`l)gTXzKIl~W%eT}$KhX0kB#}`;||EjQ*kJnxgqk+JAi&(1a_@1=G z7Zg%oqQAiu(|7g*+tb~d3AT!?$WjO>QO*b+Glw@Oi_v4HY6ZS53-C%;Cq)7=54FSI z^UPbFW<>S0=)d0#b#bJjHUI#>;f2EmIM51O8o<_HSOwa1JkLaqds=yYro3Q}t5qv# zeGKl#YOPzhA6L(3cSDcwz{r}CY=lzjv+lq%Bk zg9#LU%Xf@S_@2WUcg>~9hD%bg_sOCU)AiK%`!IYAgQ~n|Nra$s9qKnH<#aOKC27L@ zHQ%!Ev0v7JlJg&h`h=f8Uy~loFbQR`REY><Jrm;%7RP-bc=j<2 zf8xm#0Rw6-*oj=amN(V2cc!f{|GnA$#t9HwXB{@?LGT2RXyn_?t8eS6tdvL}&Gb`s z$!#B<8BV1|`^ZBhTpb35fJ3|cxV`WwfJVLJyRsOty1QQh53WlpQf&9$ut|NW$zkL7nbg4%nXBM-s@*9 zo8NgDiwh+b@Hng-c2oIaNbtfU~huFxlw#j64!Lvc^8 zFZJ=O7c-SV98c!9i2Hi?MD`~S-qz^a9WIF2dPR>Ube(r)*LMGTSjW@Awa-K>EuO_3 zA~*!2_`3-U*{7z7v#OlqmgQE4^=JU3nyozv@9ml#BTo%pl+U^de zb(|yn+ro=taQt>QW_^hJoC5Xs34FhBq~%sbtf^7Q_YW5J_wp?4OGts!G-WYpV`|^I zhXh%)Hv1Tjpthc=?Snf<;M=28Mx=h{WR2gpD`#jUVx~J8K5<@2Ur@r4W|RLcr-6$( zz&?^HVqry3&%b?$$|292#v3pv=-PZ`^Zgg*>oi5n*kQ%kS6^sY-`%8%Z^EmBm)hI_ z2%s@}1xHR!ZDgqp`~*JnBrVY^s!vln+kN&*?Fo4U8=7ekVn}= zyjve%ZA|?-LhW8w@iAdjxD>1PDwh^F5u#CTg>Rvj5Lodom&-nV-J<|ufPJ6@M1i|paGG357%CrRUWCcZ^6=_JVyB?fil3+IvL#p`TMNJ z+c^C7l?-O;0dw5v)I07+kQ-E*S~h@t&D%aat$R5!@pZThY#~Nzu4&o`BvctpSX)nx z&%PcFgsf9O&?FcinHW%HAZBQ!KA#k1=?}X%eXUo~RoQhxTGcC!8-9bDc|7Y1Rd>i; zW1WdGG4Dg~gpBQ!TWwwzx|t@1ql;5$6o2V(8w(MPbPa}5g^YP2&ZKs=A&(cQs-}Jz zbp&u4)c8Szb6=f0y^$NZ=@Rebvt*96QV>`f2b0uBhhT z@`Jt~{StA0>7}rcg1pzYyfK#GH*9Hgsj_5r^I5CY_&BxqmS*h8ZB?xhN!m*&F>(B> zY=aCmjK&!uwg?Ej(s+pjoE*S|vL2Zk@1Sc{Ol%JW>)-R0J>G`Nb2=KBz1Q6fN9mf} z0JDAB_m@y7tql5iiezEL=?O~~d?cMGq5PxXhzdN_KK;Hzwo#C#q)gf#+AcXTs+>;E zF}V}=_2Tgi4296x{-BZpAax&%iLWGuw=eEk>HJED&mV{8$X^xVRSvUwReMV?G#fRQ zFi7bWs8sXd)Qp8KwMLc>0Zu-MR)Zm(ndiE&>Vu(>VQa<5%Y!az0v6cjAItuuxsnJR zMmH8fHShs`n}B+>bRv<-4fI~_R(FQwu}|f35dYvg_(-Ahy;(`dm-cAho6j}TxHi|O zdFJQg*v?0f=Jkt~Bqyok%oAcMlj3G1b5l?e=k((j0+Q9AU$j~zM2`Eb=G%RasFsP^ zPeqIA>^Iz^8^%^dwe5c~6P+b%tz1mP!-^uEryss8?jvUzni&09t(c&}J=Yl~KNH&Auqb~-R(xXqr)Y9M9J)ibmajaQKJ>xG3p&?aBrS$U5ah*5 zU(RsbDo{g0AZy43CIWNd?-wA<^!v{~(U~ZitTn5TD16#KYM;BISR2EoT4e+s0no|H z3A7_)POyrWmydUJqn{TBiB+TE>@)tyR!UjyoQy#5GkL3YqXMMn*&LsEE$74D^0tQ- zOXa=mB@kNy=5M;i^4xf^qF+DAz1k>fp6xGB=NYgUEI=wRr3xXCqBroj&tp^Eq$O)X zAH0U%V^K)V57#R27&A^cay}AS^zFz4?KOQmn7$Gb7cD5x1!z65Fr{>jbe%B|%O6XN;pfS~93p#_H9$?| zDj0Wqo}3X~sWSW77_*cS=|caBw|2dW`+3BUwcZJ)Hxg}^{hoGmdS4NP{x-Vnu*GMY zmfuTaPZPntY)miQr{pwiloG?TFn36oO~TH%wYWamzuK9T-rN#s2@h^DaO7d%OY={xK=R#&vZv-g`m*Zu7q{l-*WSvQLRww0A3X*gDQqcqH*{451M?8-&UP>ZT5@y0rUg(-bp15BDk?vLQ49O*7CfZ$TbPH z;rJ2Ydjo4oKeTuE;F|4#?SXr`ADht`AlH@i>*rYMA3Ji!@UTPx$;hLp>krI>Kgi^{NMl>j>1*s?@t~=$CMly8 z(To--=iO(wssv9q~d~KXB1SKKfWX` z*BRTP9i=Ym{h&T=-1L&9ovUW7Hv#1O+48FqQS;sVLtWtTP!;0}9dKB&CO>Q4h3|kI z_0NMu7C}T9_Qv@|D02r->M5dL;<#R;=)4LhQzo)NGy!&$Or$N{mNZEludX3~Sq&wd z_R%&#KAl&cEtb`Bk@Zw`%W_T`m(tdu zxGT#Sbt~?_hCqv<3aQ0STNBezufD>WR4lBK-TbG zr6^e!syi)D-#Loc3<+iR;N+)y)^B~up!bDc%`14z;=4g0-P)UOxsX_FyVmm>HS%o^ zjHOHa=fe4}|4g@`eV0mmdR@Kj;J^=e zyF^c4@*Y1d7ibYlEIZ`N3=hQFd&NG3p`zhx`jazXx#A!0m%;j7(wI09dsy2dG5r?K z@a#0Z2)kPl#B+UnA1z)P0Woa7*A{=ozUG85vVgp)3xTk3sm@Y0oUbh6;GU zU3LS|_hAOV(( zJuAU@xKfH8l6+NyL6Hzqr!wttpL)H_Rp6#*+r9;Yn+*WJOHDCS(5M@m07)gsW|>Jb zesJE{a5F-5aU$?11Q!%fSAdH_u+3jA?NGIg(er0y9aZO&wHV*_AeRh)V?PZqvU{SEs>JD9xhfLK=%V* zqoohmLkd09O9;fFI?PkZ$m8K>zwcE3M(5`FF3x$I?8+WvUQ(am=lQtj{7Hjemx44L zUuTo~Q`!$w~Cg4Di3HwfQNzU~jpe}KIH5G2SHjtMsM z!A$O6f!dw;IY(fPapNdvrMQ$_>v<4&Q>GIM_q-xLNLod9C$hDTi;}>UfSS`i;bO#F zB0S+U2zz1H5&O}7>=W(H)nay8K83f>9}4sViAA#a{NX1;A_V;S{%GHnA49|nV51}* zxM@=OF1_ye$`~Cx&l>j+t~A;i@KK1RvuecJ-Z_7q4e~BWe1=&5fEcdjxPi^BBBf-$ zit@v=%mREt8}rff-5V>?rQUlcGmztVQkLq68u6#^pB`iXxIsy(mE4u`lc>#ZF%tOu z6Pl#wt8Nj}^%Fjf`qHbzc*)ApVU!E%%(TPOX87Ds(#frB*l;NAr>wv3IfwNtlw3In zZ$Q=ySDcK;s7|Hoeug}IoUC^y-Gy7z&DQO0k=P584_cW`Dw6CdPkRIPgbFDsUWfDP z*(UaHA20gK9iKw{j8<{H2Z?O+Fn^IWjR28B^4j@xQ#JDNN(4q?+6h4<>aLY{IWk>!OP8tP*eR3#7`` z>m=e^rGP(gY%~k)ZAxVK(M#|)Xdlnj5Ce^VIUrJ#O}mboC^I}?!DXOo`;U9M4zuN^ z<3RT?yrw;$4(=xKXF^#@)&psEo)vEs5RJlD;n6%Bx}8jyzgs=xB^TW5ONsRzieQm? z`mU-MUIdylDZP#<>AFLN{gAz9p|JQXEIBl!a{+`-HW~xu&?QvMFlutPHS=6EG?%H9D1%dgq)oO+l+hNePP31MeJbqRR`$PIpEc zk4+givR1FZy=;Ue#hU1*8{FuELOH#qZE(=;vNgHptFu7P&5YiL-n^zb01k0gG|`q> zj0q3l3j{dCzFnT=%1RHdn&&Gd%f{{eLa#~UmY%5f9jGIX7bfruSaL2zoGYXt{AF1+ zpcUzr9<`T{DKGpetr>Nb8lW%q4+}-jg_=;24VilfWeuqfBT{one8|>qp2!x%NBN-n z!GX>KP5B@4qK8n0jSC%&wh_d0&V=XF;EyvgB{j4j`Bb#nmU+Mz#rawx@JKeqr`x+z zs9%JA6l|S4x=F=iAst zKvJ-dI@5G2)BvF$VI%Q;OneTP>++6i%hrbQomG!H`1XSIdx-n&o<1(Y(@?#lRZUpw zG6leZnmTW8KW`c8rN*D`TTC7ise%GkBL)zcapiNuH{2(opVq(_}xx0o#6Kx zji-3=&Wb+A#N$AV2I^aBg{F@^=ZrN-#dE)JJ_-`|j6(;fs25msFMLVu^*uG`BgqbW z^#tnz@hm_k0j8r$~sn0$!0hJUq^(#NKAhF0Qr{XCG>i9Y*%^Ily8 zq7=69@VrDX?nOEAhrb;l1Z(6Pyi%%QYuxZq9HjG6mkOr;%`DCy=ViweeD{Wd2;*%3 z&6VUch}fOK_hOAeOG5w6kaM~dlF@0pZUnk9!{0tOb;Ma#S@U!yS43jt8{Q|@u*%i6 z*8ci)iDR2zTGf9b91D)OWPlM?@7Mt;GsvQ#0E#|Us=yzLyR|<0!-p>u1lngmf)6>{ z2>a&wzI;&@_)Cu$k18|-O_K4ClzLW9&pQ0%eP7nNE6F?b2q%Dp^-jvHJQN7bmRIG?+c!K{cN`{7R3{YA8Tuy{)R#&V1Tv{ z>&Cy_xY`&i1~Hsp9+Y?Ie5#tKpF<`qj@emBR{b*Xt1ILFxg+r#gdDRMI`(in16$og?I1Wp5EAlq ze{R$FxwQ%N5aQ@@ON+Harp7FPY9KgWl&DL$9E(T}^KvdOhf^9;WQm1a5|Ivhc#-{u z{Y)nGF8hLeXj}q-xGet()5WGvmuPJGz{Ga1gGkJW5 zqOi$Rf8tn{p#ZDi&(|&9$No>b`p5Avx)6f5l7JEBRk_9VF?3x=+|(=7+K82MS0Xs$ z^^5M)6@IM5dcMoM3;;y@V<$RsU3L#vkj4bNm=q(J6ygOS``zOVzf`h8bKQU48*J@h zo&y2Rgwbsx_TE7;p9h_Px|*6VJjEka^Lwxm==kI%)*uK@eGnHs?DSB6(*QjxeC#J> zyiW)DorxBHB9jlclU7ACeday4qOjj|otRIUbWXmK;H%@oe(i<&oAF2Os=goGfU_nj zzmFoge)by?x50gD{fR_QB8#0*^SV9bDvnun6ol258hb?=CJKVj47xaF&Gb4P(x|wg z>9QWUi-BDx;r>hfTMdFuNY1xW2WiX>f8NKI>Lb4m*upN6?9g5ZQFn*mF?z&&ck+5~ zR#)Ph=XQxCiB;(&8VliTmIgWLY7B#8ifrqPU-&*-kn6sth6_L_4T=0Ue4^5C)s@Uq zGcdVJ*THM4;VT$>@Rcill<5kF{xWb0+I(-okL>vM5r`>f(gf~UQP`y)+882iZ&JyNbQfA`z@ zbU3aFG=1qL6I`p56t_>Qw*~4}NB-^oP7*Vv5P9>Dwu6g`&C>a2e$2bL1e44uyFE!$G-*Z z{CL~gwj~=bvUYzeywmN3EL6#PtKT0bY2L|spbi1-6z{Y2@q!%^{(@Xj*8QFcL=*$5 z#DVn#o?_b`Pl`%u$6umdrYV7)5;&9ts9PpQhu|k71<>=yhW>*`vwd$v#Minpc_2G3Yq`mqPN~4WC{l21v zqlGD|&V&B+zFgB?-o{yjn2FQ97+)B%FN&Z{AAc&FQwJ6-CV!>&_<2<++dN)g#07qa zIgCf1#@d)0GN(GUI`a71vhu$aqV~Xx&a5YF>7LJz$r%OLoOi`J z@qRhiKw~}=jAh>@n}^q6*HPvB3G>Wa^-Uu8m5v$*J}r(yz0xX&^5?OgK=O6UhC4yF zQS697hb)ncS1y?ue?wPgez{;bhP30QQKwSP$C#Ttd(%i7-tV{iQjTy# zKfP~Q9d9K>pS?g~)k|6?&K+Kc&Ph_l=;8HepS&~n=KjT`WMTw9z#1!ONVgPlbRGcMnG4{m`}|nC z{UG@mN}_R|_pmxXDIUZ*U~TQbv=$Q@b05}`qg|PvR$VG82>W8Wgx}^Gg8z4P5u996 zBX-~4Np(wW-WrX)U1RS`QE~ttgXN8uuT^Q2;VK$UJ%ZDJZ&A%QF1uQo2;H4^)u`f# zy5!BEr8Y3gX9>l}@kGSnq=FMX8qpxwnSsIBzvjy@EchxB<+S6;1OeKx>i^T$Y==Dpl?sXl$L zB<`;wDlnj7!u9I%eVFyaX$#$?o5X9;6BI-(G!hR-e30z>jaUr%E4g&j{TCpi5|1*u zl$w%A4NLeVRx_1s9ckO&sr*9wa&xF=%|9#MeVeIF15~r%L9H6Ub1;(0hMyapD zsXAYB<~X^`&A(O;cl`cLEnuy>&Rqfr9|C2f_w)7iNrk+Ogt?)Li>hl{_aW zDKZPT)MH$~rXz@eqFZPzx9v%)QJ*gH;_0v{f%sRV0|=`7+WW<6cEp!AdS47E==K!Z z({~r1VF&94%7FZ%A~=)J^*R4jem&c|NyDN_{GcUjX}{l}9-!H~a%{Xfb~TCohOMfA zFQQN#M>M)Ac=zD^Tza?spL}&$(~%@de%DSSuBmUgRL1n7m`Gh-0Gdd}zfGY&$)miI zGA&bP)USB?cVXP=nMZ7KyR*-C$CTX5Zy5+>!Ty+rYZfY%{9?|eh|C|_*2*liz>D?o90E;g~P6ScB(qA-Da7f0W_KJ++WZdnjEE!I|q) zQ~Z3DUGH#O%6kP_i-+$@+t1-#=~axxC9O`JID>9ZaQ8dsJdz|gf5W2NvoCf1@XCIC zAAxt)muB12PC*d)HDYFLoYm zE8p9`=2_A6z}~oDo=)SYs$R09QQ3@TbbUBa;p^I9cITshlsFDvc2)UKRaiy<`V zw&&NC4<==J=~E&TW`rqfm`%F1HVRUEVNh$iSAOlT~nebI-aMA^;KDo4;KyVNok3dmKKcv&Xp5uKupy`KvTnoA0HH(O)Q8YzLDY ztlC>t$k@|la1;HHM_9hFJrQZcO9crolp1j4m!LQ#K1aj#ql18u_XVkRMH?<|CV9b@n>EEP9)N<=o?l4@X#&;B^k4!!!G0!3Gw7q@ zFQWKU)zY?sQIXG74{krs^aS)+?}yT3HKMwRhv<8uZlA%B-}dbbXvA0I*>n!+B`u=O zg1!CuI-Honp!0Y21mSO4VvRhX(gx8kwkGvbrUYrMDl8-Qm@3%^;hFDL&u*Dy7Zcd= zu!s!dNB1XEdl#>_uak#}#U8KQ<|TN8{?V|D1I30$Eq{Jw0+xATV#Oj_NwN|7-OZVP z$pWMXOqM2k2o^ym!!72MUexMmwvuZ8atFzfFQ4(`ta1-9DP`Mj7pe9744~2rn?C2; z^Hm;0R~phj>baD;hUkKC`JweGtY$Cua!6$HC>fAUR5K3PU?-EU55TmCUaKT)N%}B= zcvt6H;EMP3LHFn}-nc@iI7pqyW&rRwmogyVDz(2Z!@8HE_od{0IKss{n~UEb(n4NW z*-m!?p3&6SqOA?{RCavOl!Q?ribMnf=lT!#Oor`BDr@5v7IPXrU>GuX=YsyO&J(yY zjBc^0%K)aEcAgxrlvKZHRki%fZI6mR`?j*MJ+CqNB`R;WJ3v+Q* zjr6l33RHrs!N5^RIJk)b;y>(<_tPLsuMK3_wNN5((kSzv)fERBw;!k2&A!xAlXxyj zo|Bp&`9j*NeQ-ae{!tG%2A2Qwq_bTyPs}zwJa0i(E;sA@d?u~(l{Q8WrMC1$_jQ9@ zG~QRs^9GX6b0owsp;XZ~eAY*3G(EKhP-f?HTD03ZUar*(ik+gq$9*t}#tRkpgmEM$ zgcINI&_&pATH^zQ>O4AQ5;#(kL?2m%z^!^27n54vlCHmhlGq;=jzJ6qjw0U1WS(9U zzNz5ru-cv@;)x{|1X%I}x9E}y^M!|}Gz=*Vs2BFi{NWw>?=Th2^Ic60n&#$rRGsV{ z+z;KL*zCTRFYk#v(jTIHqia#C-_;cxmHqLj{mdR@F7rH;`aea!oL5H!KB5OEolCvQ ze6>3V^Y-MUnI~$}%$Mx?C<^hMbUZUEB`~F;0`t8i=HBUU)=8?rW%d`#?h%QOxR|2f zuGdcPi&N~J4$(d+U`%>?82bg^n{xVdOd5AQiNyY#a%(c>C`M+#0riBQz&w!Mop{3} z{ru1(&iQCJ9Oh|n;FOhkPGR|&$Y{&fjQrUPaB4S0TV?t|n)10{zHovrD(YGcu8!J- zdDb192kPvWk{-(VcYywjC%rS&q5V7#8LQs!=NQ$fE#JEmoOWyDrzxM0Hq9~g1l0qg zd3A$*mS>OnZo}Dv#zYtqOQQjx4^8 z{0ai=O`y}fmnL|#Jl9-X0$`jS0fFBmGSMI-Z=MI-Uoq9ebrzOkPn2>UJ$l)LhOcEy zG1Jh`&!aiVU)bK{2>(eso-?XUPugMOLr7?x&!o8$=fHTjeqrr9598swB>E+69X_4tlm3oVL_8~9K2 z+0^W31TgAZZHORy9gQX@HaZMnl>~k8EQHMTIBn=nK<=t(P}|?D#U%Ibn%IAU*30bQ zGO`y>Ilyo0s5j%DzozbHNb`Q*wD?2q(H^Se_=|@xAlt0ssu|5q(tYB?ean6R2*379 zN4!%U*@aKD^~wN3X_)W?<7OTuy1NPwRW}wyKhXG5AD3TijnwU?=8oN`#!en#%NMem zufdH!C}ye=OsoJVyB|d;p<6I1xVZXh9InnQ8rfAoE<-f4JcxUNILcJe7ku`6*Umx(y~JUUN-h`@zf6KM22`7H)Vv=l%PwORft;0mYGsg} zc3_baSvRO(4S}L7oAstfKY&;wuTkwWrt>eN)upNfy!y?-A^N>HB6_a#>y5nh5vZiU zuMs@~iK*i*5?n>Z6>eT`Gx5JUZJIr*SM7=2?-#obFZpuY`xW;TF3m_Y=hshF6n)V? zw+YKg{x-emmhMrfz3n7ck=_3bD|n>`df4yfGVY-9<##HSR>1Bo)-x3hqazggkJd7h zg%mO#%~b^a{)EvlqF0ko=-RR-^J0%z@;!dAHi-2#Qi;sAWeFdS8ST0f05+&W{L#PfXl$lY=0%xI}BwXM)|T&731kDvC9DM ztUFO;j2Z)}nxR;Zey&;6lGadD9na%uzx2b_k`afvC6T@`Zsx(He^ejaF3IljGpaTG za=1+D44HyIJ4cwyu45$h(K#n8QPGR`VdW@2&%vkn53a6NX@8#$VeMa_t`6h-*#=@6_Q_p(H|X4y5b88>Db~8YtUPefko(6z4+jnP38XET8Z4gr9Ck^wCOVs&k{+MiTl~SWgd-Sj z$BRu#KHcfp)LaL(P@&#*+?SKQymw9V`QtWm6kqIvigWB0x{mhi{yg=YFejsH9w`>Y ztKiHHCS~%cEKdN%WN@do!=c4^j_vv+@J+27IZ-fD9M05HYp`#krV^Sgj4uhV6@ z&)szurddLFC`z^cD#c8@fAVK?@)BYF#882(bNJ>F4Fr2$F~SwCcdb3R`y-?tp;VJ~ zwaoM!TxU!#z7cqejD~Op9mp3LRODsrN@U$$k47EM>8XHEI1%q<9`yu=I!V`zE+T9=7`_Z z#>xlJAs^tgdX7me6N~%Km9j&62qPak2EDfeY$_Z9UjcN;kM5|?!`zy`tSn8Kru4v9-b~> za_2ljujSK*=v4s+@%%2qu#=P-WcNH;k8=))=|=OVi4iI~_xFq9 z;N3;K9bTPUI!V{Mp#J{Z4<|@a0W72}GI3*HZsU!zo;ZTC0GMp65na{1vDJNa%$s9iPe2ods zfA?7G)-FQVYIw5%SoY}iW8mbA$MIu8%kaRy9@&^eb+m}&$iDfYqV*tn@Od9L@!FDT z-;xxPBM)-JU%g*?c~Ad19ZGIhKLH@Dm2Hp4zbGaHwEs|zt5 zTr!R;3?`A*2UI@C`iWZ8bUp9~Es}rUd@hq<_Um^_Tn%8SG8ctRlg6oJAZ4}5Z~V1V-AZon`!`Bd&Iu>jn;eJBT|l(Udipupz#R71^I+#FI14`$mBLyQP6i2{BTn_WT=-KbzgzfX zogU0Pv8?rlEp*PB=`t6VM$oV9(uK{bnmmh}OczwtK~*Y{lO2mZmJ zL;SjYxfrX=P(0@Q>M_s(Kqoy(tQZnT19w5uFf~KMRdW%WG0Rhw5_BRO$goxbXn-v>KF z7RGeoPkp#IXLtS^ZwtD-X&Zih;zG7AdZ(@WmFPWY(r<8v3~@pcPpv8EDX+}>Hl;z5 z4_UXg@($+e%NQCF(w8A*Gk5EgcBHS~$X7DU>`ZjE$99kLHHRV%y*RhJf&72hqXR;2 zF(Cb3<|N(NLl84N|HuJIzuW~{>a5-AH>tU=gEGM4PLAB1#KUpt&=pL4(7 zJv9WaDTyPsXs2?7px=`b2bj>$s7^2Z?dS$8FmNt3fkwNKCq zg&rdW!1}h<77MEHSd!J8dS1CIft(gyQF2pvyk9U)y&hWX;Plv@#nVgL*YniD|L|vf z?x&)Yh%!j`m6&*E=i@bRWNi8BlPo%*@%{H-A=Hi=uo`STBBY=IQy=S&svk8XcyQ~! zFmfgEhs5c8S@6d_`@6|-s=Up{JWJ!`f-i%D?}5%TjX(aqp@=HZz~3BKX)chN60VB6}B~a6R7GR@aKdk6xnZzRzQQIRrDS z8CU!Pg|Pk+hHsOq7%G(SG1M8%C}|ln#Tj4slkI(i*su=$DS@p$NGy1`OwkI_srI}t zNG*y(6S_eMy=Kb5H`^1<%)&Vd%nvIZX~DSSdW0%e1cmaBLfcLH8V$9w`Tmv8CW)&F zdcCh_L31-@7wc7SLf-OMy^SwX*2{PxO+CxvF7M3H6QCUY5n=)Tmk;<02WIG?sb8%mJcYt+qXu|7=Zu|j8;&JUk% z4C%M{i(z}NVYW-%81i#Qzsp2OiHn)e>((Xd95L%Wt|W)3A>ZJb#9ygLdMF z6HKDAT9t0+^LeIDFP7$$Yz(iT-!6|OY7m4;T>Ef!m#umeH#>LCU6T6!Y6C@jDmbJm zUY*9JM1COY4}hzIpzkYQ6|21a*v$J$rRI-Hu}?rOk2WiO?Sy*mnpk2o? zq}8G%F2z0=I<0sb@H*4v2GVa#y4lOnAyQPyMxfg6Jf8^n1+Soe-t-Ime8%7UQ9UkU z-=$&7->+QoI}tvNgQ6#i7Qd`M)Z1^=UIOtamDGI(CnXcy5p{g;(abk+o}|Kr%V}SV z4xFkJT6>z_yzbt+B|gfWaA~qTylkq3bDRo{(u8=+d$h=~XD)6PMVRyvhG_6uE?zLv zfabe$?$C@}vXIm_B%$sato;NW6EHSYG>VbXq!ks(>I+3t)mZT{HfSGCz{LM}o4+6Q zEwfMK69D(iXG3d3Yh#0#b@jvpVfZ>z=G`r@B;ty64HN8U<$*ln|0 z@V@nmL>hdxIpXjg;h2RG@VdWbgJ;BNj&L!9Jz8dt%DZh2y~3~cu7V&QJ*Jh5+x{iD z^R+DY$^qX4*8nt0>DWf=sQe74(HSF zJ6%_haM+?R;7A1HX}_<|YX5O`>TW-6jY7(*ig7~VAFEJ*SNLY)bIaGE`Rjr`We{A# zeUL?uFXe9>PYzf4cTKjZNw2rO+2{E8c%&mi(uZQ7Pk22ryWGc9gzL)-rkD!jVJ{z zug;smZ~KfejTBif&C9ocbY71G_moKG3)%?}DTk{c_jTR zieq6o`#)Z|z-H(M^pkTnKRBn01VSWgkiozRi? zjsB6+-VGs062Y$cT(!o$0 zC-YGg&J7K?Sp%?VO+*B;UvTsMxkeyc(EB2pTJ4(>?Z2W}HsS$xp9$pcE>l`hqVYT3 z@u)a6>WcMA4dfEiio)R+s_3W@B!4^o`h6;S+~vE{Gi_%fOUTHtRyjE2G@=fKFtnLo zyN7ut=Hv1el|N#u3B5qEFrf(`Lq3~)^Ryq-R1o))-V(<^X}uQ9&GOFE1(IYq16O|& z4Pv_t%@r0+2dytm=!Yi30Kx^|2#3rh&ElE;)q!pD?7lnPGowDwx zBjJQ0j{e)}p)8AE`;44I`w>s(zTdT9w;-A~hf(@NJF(^f1}j6ZRvkj9bwCBTnjeGtc2lE=#11nzIAtoxi^*7XPfv@YtO zA=OIyxk8Unhli0UH!H{$*6Y?`&jb)pyp7#mzLB3W#Yiqc8pIH;yLSM}w0+KeYC{zte?BIfP(XL#le%)X~}P>hCKKoZ{6u@3-*X<;rka$e;GI z*!}k09C*k_BKyE3RQb^L(djMOq0C~im`Qd#p$!LtdyH7IPp~+A!Hj3-hH08O9lc%q zMZ&ce^>J^rPAB6+QO&SSW;?xgN3HhUZUh2X&A+9QR#6tx(N%I9m?CDIz^a&PmJ#j{ zX|cSi;tj$e&GGekmg-g<-BJJZdxPDu_%YP)9%|6{o@jaa0z@vs$Haljn_Ig6fZ4-a zWMUxX1*t2SPX=-znurH@)U_E8E*f#|A;1D?vT$eWbZ=ZjJ)3rYpPb({cPWZ9mCe@o zYQA2~BER$%mde69zI6ZbI)T}Gz5Hek)af00ijAz8>Tr8tEQy2rxE1=LxN#M9Td4Q_ zG=AP@aWItpW8PsPj89G6ZaDJk)9AC{7l9sUJi2`$jJOYOhJ^>UU}}=^|v3pb_pzj4bDy;Cvb1rQ9D=Zauf=}gG&4nh$VTVS*g{sZj)Oh`+hf0 zCt>GDO(!80$O~*%;+nnJkaxDnmnIK;E-@30I`qj5K+=AL(A@bf2_9dr&i%cfBtbSB zsWO87Ls_BU*(r6NAq8cP=JeRtKl{BGUe)n;cSfz~dg5!KB%0e0BULo&Jqq&?#H z@x0%d@2ejnx%9a-v?G;vL!emt4qNDqYC=k`kA369VYAmE2La^U zLQfn00~U80oes3D#POM_qs1pgFYn?CQkyU#H;QREv6riOSom zbW(vTBaYkRrumzcBU|z=9!Mbv_=F~)aXXATUFYJWC8)^94@2DqgibbJLSxP1_7|U` z!~4OP$nSYT!#?DLO=cR4|MU1IBKxxMo0cD}Z#UhSWobN9DrwFpGs5hSj9{xmR!YV9 zfN4$2`L8AM0f8QH=$Yk`lL_x#A1H|P9`NwDNy^{YbKz&8vyG|f?ZUqcXS2&XKRjur z&7R8$9#;A*npgQ}j*8N)1-d>I04zot?`zw$Ed>J{%pH;ck{fN9zdV4S`75EQkR{E5 zB~Fl*E6(-h3|>g1#S7o0p!ROZ6&3LSt6Bx7d17@(dI(l^xsQYQ1?IVb90$yf{zJd^ zC?;WjWzQ$>%KdmwL$Yb_#1phaJoRgGoTrRdxC|%;EX{lMb@$h;LM-^1*NGcO%sRCz zrg)8qgK3mo7FrbbKGq92B4Xc1X|$-SbCGrpx%+XTZiF4&d@;$f10aO0qmaIEDoQ%S zi90QuLj=qZJyh$B&01C5K0o2ki2K5Xf1>aeiaWwZjkESE9X)d`3cyaO8HJ`Z>6za=a_yEbWgYXu%{9zjMm z6geSK4x_b<#xW)jFXzOzktRQ~x-&cnDGotOJg4yF_tV`Y*q4RM_XBy|peZ5?rC3!#YYPX$m&C(P`pBWYh}-)6u!_l`%;u+ z++bwapH}c$CR_2jd756qVH~IqJ`nupR$YhX4U*M=#RKEbLA9^OyeVLj`CD*)K`&YH z8KwaQ`CyE*en@(`>4&gCBoGR~2B7Ync=L-+8xN)5!!Q5^k3xncyitdtc^q&)TiOy) zHA-lm`4i;#W3=xu<(180Q@i~wSbI&YENeU{b6fkj_Cvbfgd;>nE|3<+39i6(&gs6* z(7cd9f?zglW}Ln(`Am46v>qYM{FEWA2C}wY7h}^tR;;%QI~p_2%G1 zyx^O#gy1ePfQaosCZBR|UyEE)fcjT*D@FEa1)JF2WH&j!v8nzf!b|o+P4r*ZJGp!t zpu)=YfSHzW4UJIcr@!JQT%2Cw^;Ze!$R8QL_Hayg)kIuoz(fQehH=6V%Ae#rsag%H zkVE&0Im){4*aY}Wf5lBu<)i|xQL@H2@N?t(-pG(ao2Ho7+atP&gSQ7Bn!HyePRbE| zfoUxlIzP_e-+{Os6P{a%zKVo>Q`xXs?h~4>=jQgj!v*1m-TrD%2C=`M1UsS;pa8)f zR)%g3+;mY6dAZx1eSiw>R5v%!$)fVNvB~$a_<|j3*q?_%FP|{4fmcZfpX=V;o>wZY zx2v~F++EkQO$3jINskXz@lOE3`*#x6;Sjjmgv?b#vnU zn6?bMf0|Zhf17T~n51&Dt1q=ukDJATELK8Y52_kNKDTvyM=qwebY3-)`_=>PVGi7U z&)~#y6~7!EEgID2&a15Lt3+}wJe4id$JM*&4h`)gVf<3g61tF*^i~tGp9oamnm?e; zT3a$Lu&u>FTPZLvX;GZiFsb7`g<4d&GjzmwcaG7#IHs#ak9F&0i|K}gH8<}1gf`5V zZT&l|Qcwr()jJt`2nIw6yn)C020+N%FUu`NJ^5TTw_i(Ct`4tQ>3Q0Esi)NfpudUk z@e=hW&5D~Oq0l641Z^=8a?GXUunV1`ItKlpA(7Q?NFJcC3kwPWhgqg-otRL8glgdT zNMeqGR^KFbAriG5-rev4pp3Yi#NY&2gKEBh@y}pU9SAumf=IO*eWw@{=yUSL?tDk_ zdGT)RNKFJ^yX0c1y?wT1C4xzm#8-)?7JcO7W~^{IjxYWBb8NGkjx$-LJjtFruqs^6<@E`^guC~q#pvReDLgqW zH#akj1*?E_hmWj@42t(wvrpSX-qRJjUi?fX%RQCG&mfqeUMFMG6%LJjbYJ>KzuQx+ za-UmsI~xZtys3smOno7w)isg&jtLSeR}9?c@2yCOgExx>wpLY{Uw5-CZ_47XGc_{i z*8(I<-xIXbQbfyA9`Ic{tiMq@Jd&87SF}bTbB*T_oyO$83^@>V-@h9Q8MpQvSKVy` zdTwjjL3<&bz>a<(qHd3w^t|SsU+}Pm7WdfFywZlMJpf8|i}QnP)Z{8N@pwM}rBe?W zilA)QmoF|{)+fBJ5m|ud6Mp+LsveaBE}wU#%N|9b!(mF2R1KhUexDCOVK01L5f}6K zA>C_hO|R{^Ez>V-_Z9Nt$R}+9z$cel=@c&t_q|1CLv`WA%Xzs<=n02>@_S6~Ac3x1T^`bXUPv)JBoE_et!{fK|kh{L1RB7Ch$;)BDx4 z2sC4s)AOP_CKA|?qwF=wwG`r?))ullOpNYtu6eSPh+Yx}0PyV{-1LH=LKsv&YV*|+ zX@YtZz?7szu3^lBl;GToS>h#XFM~e!BFW7*&ZjPm{nC^V&FMTtmXU{82?5Ufi>Sh5 zQ9j)Cs$&PRn<{gU`^^lX#tfLGT}%1xcSX7Ivj?di^Lu~1bYMSMa`xKa7(mE-g%8Qa zW}YsN5YKo0V}!mMubvbhs83PC?dq@MneR2H3UvxPtJnRnY5 z=@KV7_|HoUOU`32<8F%Z89k`3`FXs*`-K_akauqGHy``1dS^7frM}M-L<@%IJj;?# zlF-Ai72fHA3(c0RYrY*|UhqbNY-nU>An9X53BHGU`Sa9N$Mh5T72%r$;NYoG_&=|A zVCUgZyf0(y#FVZTYp(+HQ|#}_>Gz1MZxg?c^V9OP9wLq-{up5EY>V%pyr}aGwCnS8 z|1(yGuu=PaP0kzD>yTx&>&zT{fto?YJ&TmjAJ?FL-=+kmg@aF&(+nc@Z7Xg5aICYV zWQ4uauP^l|aFu%Ya;okizclw`sg?;j&)Hr-Xk|(R81j-F9we6EMUhiCJ zWxNaFgDut@2!f!1B*=DaZ!KS7_Ql#0Dx0VZzsQV;5?=n!1tFQ;-F#Y7=cRVC&Uf4~ zQGIku7(aq#Qg&SyvE4tU>hD#8dlxyRF5X8?2%O)onI>n6<}iM*t-W?>g`iCfN#BN1 z&2OCqL4|%nBvb5;wt-KfV;A@H_Is2seVbq6@6SPuOa)YXKLeD^wDM8D7yop0f9Jd_ zI5qQ??7O_~;9y;}wj2S~yQ7qR&Iseg((t%@-p~6W!v~}m+aj@^(Qq6m-{P^aZtx|c z@eJo)DosB5W`^AjNG!|~aiUqx^pS3l5a*BT*zo&KT0S?AkJzP`2 zwlC=8=8|BZKEkh>@5zAJ;I-nt*Wh|69JD99ecGj%PHO%<7jPcJZ+|$Rmom;M=zX00 z;vKQsrX+BM@Gl_uWB0{?Ju1FrBV_;F%ZUiQ(we}%(`c#$$23yTY+ zx4od<`AX!pPF{IhoUccyFj?)xs6Oouom2Y@h%#hGKcU(w4to;%iz0=((?5FlA7P+E zQXR6{?t4ACS?N-VuS%CdEcN3j){UUh0AzgOCeX*Tb=a4xo>t4X^- zml7Abk&&gk+#+m+U8{fUKh)(1*mZaMD}=w-@Mj3X+qVfA5dH=l>Vs{TA-P<59J`s);bdcaht!UnRj^s zj(RYTGadFMdPMEkYmnEbDdzlu5j&JMK&1r20KY z$qIa|yzCb#1xW-E*$J+>Rn58X$d z4}JX-G^K(JO#l8FNVxwDcsa0-enEKjA3}i&+0`}=ZIE;wYngBw7>0{A4n+P)5Yoyp zV-S{yCoj&2lYL%!-g;|edv5jRmz7yj?sL2eDyHzb)@KN#wR(B>!ZViDKAj*wef4DR zB=mw(9k%CJ{2tPrF798sI;zZ_+&Dnbc#2P8J!ixOS#dN#Cd1D$<(Y1dH4sQ07xiDm|$@D2z|+te~DoC$C+0Yek# z6fn26tjeW~CK>LwQez8D`9+ai_(j#_6i{!**xrO^2ZT#s?j7-})r7l3g=xQanf-=% zCG|vEax$Nsd)T7;@-gFbbAOXL8Ar2!KmpS{wvkXK5pz~0bjTG?W0LMlEZMIEMP@YT z%FiI{19iGc1M8qK7uoqhDCT(t;sYGhT2wh?GV-dh&(*N)AGd9EEGt!F zKWAI_Sz!za4^qk5dH818m>n>6`xtTZlCE$s#SSex2U30u!}|!uvfJ~iTcml9jK+f} zSHlcW7j@=bf5vaAvl*-%1%`I;Rew!94BtBy`e9s2`5YJkqq7lbjI!yc>G++(R!I?? zY|a}3+mEZhMme1r68oZw$O@>h90C0yaMX$m`i zpcK)&KrpF}`%*Yfa`C(zo>2T|;){8d>CgFbp<#H5&sDq?nCKjChsw(O>fv$n;leFY zfyqP|h{kOdQbzSIm(_`5Fe0sR;?AFQeNNy-`}m23|6KMZLhgSsrSz-NhDZ(hu9)z} zi}7&PehG(a&VB(%IE*`bmTaLVv?=i7w@`eABU8$-zML!}Gn|dEQ*9!8pAIS4f3T?X9z-I6q5(Q0K%C}pIFX3P6x&3D-maY8uak_< zSsM~Y2S2N)M-%U~F3%I)xb`3mFSxp#LS{}9$@dTUc(0f1&1H(T9;$DXdS0I>^n@d8 ze&3Ax#+>FldXhow>upE{E#`%WAb@7C4SZ>@2NEBkd? z7Rq|jxxajSBHPPjlmqG;GMy{4-zKQEBCEidqH^#O0}$bMd-yIfzk&O1axM$w#exd-p}HiYrn^q5+K)fx{1HPx@HGD z&lf7`Jy$C6&Y+WQ7h(K?(wrm^u=DfeXjMJG>pM zBlH}?LxE;agEoPk$`WN;Sy51jb$~9vs*tYwD8+qcl~I)|?BfBycKN-2ebS0CgLt0g z_|=9_Cv@m=N#8GZq5(yz$?7v5{z@oh8Z4>p`tOjfwhZ%>E1@(KnJYV8x zzCK$L`(%n{kNjmnnf5plo~g$;Y*g!hkM|Cy`V}r^&LrR9?!3;YT9$uuQvysA$ftc? zhekzl0XU9w#wFa>iq}CZ>F-u?W%{}s%wF%1SoiM1H-1XA;pT>xa~giiJfg+a#2Pap z1U@S5>T?uAtDZ{iOaAD`Aoexd)>J(`W{;5n>%Q&laLxuP7TTptYa|5#vJ#9(8~o9LB?2I$c& z1fUHG2c85fE^}JNNAHH2O7>nVo{rm#c$hR0ji`sIApCx=ldWkb1Fm!kc0pWa@0ZsS zX07rTGj7r!sEaEmA~2hau@DPwNDMch>c;%^`7%!fAvlQS!SZZjH$W0 zK0hcRK6^d_GW8c&5OX>@LB1vZg%1{i^C8v`d(cWX@N`R^ifOdq}{SlrO=d;)R|F$s|_`%2DAhxrt5=k zy@E4f{%!OG`mMVGO9DTKyYV^L6Dgk3%XKM3in1UV6Yo`pT_c2 zoxAr&U#~s+I->8p&>ve*sos6Xva?0A2TkEHe|y~l)sk8nV1iWrbU*yakNFmQOP`SH zlwj%OuY1|se1Wa<&D(BNJ$d$*_ci-y#A#~55##o_A-HLN?{#_Ni;?L%% zULZJyNV+~y)gIc70~ZV@JL;Or!001r8;WSod+gwIfj6qwxe4ZS+n0!Mos6ZPG{{(O zJ3ORtT!bZ_Q`gBOtH^$oD%#jTCPz4|S9YNL#1&|SA~=`PrwufOssJZk;KyNQ=*S%M zy1ridw|hyLvnf4~i+fh{Q-oSg+2eFgb33Re$|BrD2%T@Cyy7p|wrO?O6R5RXk(Mz6 z+O`C=0Q|8n-?@PD*m5Dv8>7&0&-?AU+R7MKs?77!oS-u*i^5=$cwF4&FTn`+BOD|0 z>9TJ#=cNSRuRQaxu^9j=z(XxeJWq<&f)=D}!}(hsK+gsG%h;9T+P@ZRa_q&&ymM<`nvh+-O~getj*8?q%W z!BCUb>w51}PIT+`xHhF=%mki=S>*8p@v5iPplPz!`h_uyxccmy`Lo}@Rm!194vPdp zLKG`FMKX+lMdx^nzt>S~!oyJ*6;waG%lk?kfQd!C0?a5PV{b#Ye%)MfVeKE~I6D2h z34h$Kzwyx5I>*M1l68D-+$~( zdCZxPuWxRb>rsCb^WF%;ygrO2!KD``&3&e)sYT74?9k+Q2$P&17s5y!2>s#!>-q?z zapA0ejeK73jDmz=lq8RKiW0lZ2P=Sr)?~rlP?GB5ADU(Grmjx7`ImE8!;8fk z3%nH#&pZ<>zlZ#f*M<++dh*%0!UN6pIj2-!R-b#*p4fS9+`&}N?{w^gJ(R;M>)z^ez%c~3mvmyG?arv+-kE~r(%5FG7^ zz8Vax5Mck$Y-T1{jMPtK?!Y-wMr~%eO=1?XFrIbMiDs(DhOw*Ol{s(qD?c*q=r&QZ zdp`aMDANe_9f+6xn{)XLi1a5JGjlCO8~NKxID4f>SmJ>DhGEEew3m$~qW-C97}q^A4R&&Y-#9j)to zlh=p2P^iW{c?hhN{B|)9J;nCzi-)GOIKxQrrk_FQBKX`!CXSDkzO^#aiYx*!gwMyw zzb$dNXM5Wx`*W$+)NH>sW*k2fSILJAYQ+BbvSG3FIekAn(g%jx*({Ii{Z%HV5RG5Z zZl&Hk{UrE!Gik~einuI8t8Z?3G1k~iZp+2p4v*pdFd>7$bU?}(Ctk>*)}my7`g|yU z3w-{{9trLOUauowvuFYssYp;-rd=)_B`{t845yF#xA4?@Z}RSS%G+Jl+x{ft%3zFJLN^9Fk;B=bC)8XV<46nVpKpRXDb|HymqsHo1jT{xCR zj8Or5M-;KdIK7B%dhdN~ncjOJ1jPy(JH`f@AjT4F>|(`&73^X|tXM$oh*-|O{pCIH zTIW0GkMFN1K5%*Eje10=qRCNc{pVUdg!;W{y7h0#V9QP?3DnV^a*&?FXFL*p?C;Gp1TB({wt zU;;xLm|&%l5yz?{h8RzccQe7Zfp~n7>9=7VrZ5E)wTOA3b&JJBL}FRc%Q3KMVVjI5 z&_kh35wUBPQaR8W!dTE;E^@!5W)X%6T_K*32HC$6RS8gXqe$rtp;-d0G+YuE2MBsd z!86GwkslyZIup<;(3B_u|8U_vB0M^Zba(?hB4m^X}8KaOct^TJpt4Z~-kHy6mG8PMV^NJH<;K!MKN`6OP``#P&MdWuqkOxNPB+F8HV`QgC>tUi zUqH(DgJ3w7L*ZfJVE8fH=wW+QC-MNX6LLP0${ayPPl`E_fx;g^ezJ*J6Waz&-SA3? z5{eM0G!+4_52`g1u7!zJ8>1vO1%pF^IkQCUQ3qX!bq56`Jw_7efUYzn48Ax;%LQ3j zn>px_ar|UD8(A*`BOb|w%McztrU-Edz)S&%*o+0)Cmn{Op+pf;J8192o7~XdMIwda zQ+DW1gBOA0E9k=b!{R8JXJ=ty;fcd;Cm+hc@TMoCB}*}?kU6AvF_~sSX_yf+?S?;E zhs{brYzm7Irim>k50MtcimehqIb@aD`5Y$?mLrn!7cnt19oi8Rc*qv9;~N2*JII&# zp_kj|F`Lx0=#1?Erq8-DbBR+tu+hGhs-JJYW=BK`GL zg2#>X>y$(cz=3ISU#Y~f!fqu|I2s~Z?+9akBsxy5QNv_rdX09nQb91XQ8eVC*$qK7 ziUThIWU^Y8#La2}#E2okU! z97Ft#>JgSB$wFr{N%RPd!P6PNK~w;R#p=Z&1qYJhP*DjgqZ)wlnZrN?LKOl{tb)N2 znSe;2qN~H204**jise=r%I}f|`CicF zwtx>o<$Aq3wZ#n$K0#pHM_Jra1CuLZa-vcYb+LhRD=_|{r4Cro7`@CRbm>qcmJei) zBT_6s#8LXx@C^(Hi6IO6ptz$ZQDTT=<=~(L#;}Se!ApRIK>-LRzD7th#r#n}hN}Yc zADCTCE0M|tGF7)W?6do^K6u5WR>TB2lr>-ou$6cM!AuwEfz?At4@cr=7MMtwPfUPU z_;@&%MjHvU*uE$*lLGL@EYw;>cBR7Zx9F){yb2UXJbbkxq+$f9K9DxDk~KEIgT+9B zaY8dJ5+8^G8Mw%bcc9JgI7AiH7)s}N#8vD7Htsg?@OlmK9_x+LfCL>DLcS4)*J>RE z3=qens2IDN9HwMj2988W|!Z@6^k)&6=Yz&c93K-8de5mSBP81 z)as~sxsB=KQn}oCm}g{i0B~YwsNg-Ipkwj0b|-YUs-X8M>f-uXL^ogLMU0@tEwdqJ zMG@tIAd`d!;@N->vUghFwjvfN`bz z1n~%%a-p9G?5Psq33i3!at05o{C>0q-q%2F4M0h9znshyI*Ax4Z@^c_*eb6CBLxO} z8&5~T25D{@9p?>5*&3j(gZB+u9Y{YheQ24>Wu?Ue1Qb`NglxAUrVp@VYAKtDmIZ(< zh@sYbflO0^%zLSnPP5AZQf{E?1qLjN0pKkeC+gNJf&x>-z}B!tQ6xO1x)>a)%Ye1g zolrmnLVATe=%+AsQ3sh}r?~Yx9|Z-x79LQdwW6`Ch#nZEsS*%wB0&b3+KwmT7i^*rHA& z_fm*Hk(us|d6`f!^Gmr@kyMBrpzyd}6!UhN})Lf+!jzE-?onNMaM6pf~I? zQ8WS)!x+W$6h?fU$!D-pPO4CakI2~~wp1jdqrEXXnF`cVc;Hp%(qwM4ixRYI>{v6@ zj07y7h;2io<+vzVWv0_5pFOP9DU1?t1Qmr8O;mx!V7ML(ijK##=wWEqMnO0iibI*F6c1)hhfNP}!uI=3@Qu|PKs z)oqE3wJxA9gjeBsr-shus+|UE*l%D1v$dCj3(KI5h($!6qA{pPtQdz6R1ac_(Q8Du zMG4s!l9*i@8J*#Z`y_Ipf?^PD8aF@UrEmantdj{G6gUn*5DF381gh7j;5(xjf>s8t zh3Y6(=ZWBH7$sCttPnK0VXLNsa!(L=e&rUX!iN^neL)P6J^KR`p1hGnvIYKm|6;NITyqbg?R5?(=u$bnDt~;_6^oTU3Z(h2RM>VRoN_32c z5A)%}V!X_c{0m>l2UJ|e42n5|kh?9yZ;4IXTz@hR-0st5%T3I{=Fu;4% zFzJ}o7>;hk5EW_^ObKdGi?$<<0ZjyncrBX&3~dDH>Bn2tHg{AF8VDfd1@o8+0xn#+ zC}P0Lqijx$kBaE{6mZ?Byof+SWQIsY3zgJ8)UW`{(-|UBSa(!t*QXFEbOST$L$;Ba6*N9rY6h$=sx{`s#&qAR`EE04 zjR75ML>4CE$l!PSfpJM~MaN<$4{)l>)7vmxp*UgUE`6y7jjVbxMK*()n ziA)RP>T zVLgEaBF!;@furRFbaFLG=^{}bdQp_952H;Owoqxnaiq{ss}?b$5s)MIxa4SK6rwz! znGaLxHpD;%y>y0K7pMk7jv`a{ey4_4g*v6zetspf*gNhhN zAEH^97#y;LTf|s2PD~@Sbb=scg?&KPFQqvkQ;c;=*^rj-LfQ#sP$I=NDn!jBu>wj* zP`hC9z{Mf+BrYN#{7GVOScu|M91Mz2ZPW${Dz4Bam3nzLx<%?W@y#T-!Z9F6 zA&CNRk{BY zgR6uyQA92|MFCP*UWv zNO6l)|4AiA`8>1I3={-5@QPJhhuGu<;$4#29yhB%vw$tY&_KZkANHyd=ZzG`fmF0N z44t7sGG#W2k*`ttF`(c|cQMooH^mdhx~M*AY9wL^Y7nWxk%0RNzEo}!20=antPay= z=c+*0UaD0Hv~i)|E>gr*Rt+c)Tg-m7-NXWbJdYcs$|y0Nlt$&tIP#Fu=!0+K>CiR> zpt%5_X%u1NL5{=7v)G}FpN2S9Wd`Lip!;hqC%znBj91r@mHiuIi0@(l_pe8sdq8X&NtuhYi z5YSlEfKq@MT&s;H!ST@!K*W%u9G{)z@PgbgNf$8U{2CTsD;G1!c2gLr%n;d1yMu10 zVnMRWAL6-;DBz01c>(L=7lR}foGj>pdH|XbQxlmA8OWT5oDn`A*~D3PI?-*QgveT_ z9?QXtHA;pLr7?yhG9t=JLTd$Ron6FW1eqXk?gQ}&g9hjH;-rvF$4Q`0A@QthQMskkM8J zl_mjC!t^ z0okS10XA5!mxfegpBin)2Y5j7jA4hZY7(9kvkJ6ohb#&*&{jVHIiRj4py`zc1EgkL zAth59gNX^UK4fSN3p zT?Rr9nQkFa-E`oRjwt!+xC*$+X&e?<|EQ6{hW$`Y2VG9Yzaw&^K0k~`iqT_CJkV{7 zqx}vg^yy3W0b|Te!huo%Fv3QIJPOSvj?>)?9fQv%%G7AH6fX#(Og5kn;o0H_chnP& z3yctQgrpFnhbShahHfV#lNc0axlV_KjDhAS=t%VOLO!j-$(8wW7%kC*QRrO6kV9?3 z37iH(+@Mo|{%{PwIIa@FY*%UkU;*#9J^6n2YHPHYQ39Pk1Wowj^ zSJjvFE|(O4^% z=TSL?3J5Lq20fc^lZTm7v^8KxlhG&#$bExcIfY8p057hCq>e*FT|}qgiZ~RKQA~qI zEF2SYV&KHl2$oAA@@OHu+sFZ-X{$zw383*NyVME?fYGOFBv=bpj&jE2SQ^#kc6$xb zw~r=>1v)E=PqBn!2D#4&@KcFJt@JCc!C=6_4eC`gI!H|bx?gDmQ9=)o7*R(eDiVcZ zV5od{o=7I*Ye;w@TB_6-HHt{w&tr($DzMaOuP^4}1oc5a83Z$teb6tXQp5lnG;!>D ziyUgAIFJBDF5kwGn8*7R`9MI>2)9vp=c zAp5t~Dj^^lT((N8;ge!k5)OkigLV?y0}c7;7#+gD!vzWjjhb_Q&^8Y4Q z@BnR7;C~-0$hCN)jlv;FhBDAY1M#7HIRbA-Vg)>s`Gi;jGM{L%%Z%m79UOxiEnxEu zWKcj9azidm9AHQkKi6u*Gt_vB-i;s16TJ;ny~0|u)jhy(CGB&fa4sM*YmqLemAgaZOg zQLMwQLShko*Es!3VC7L8EG9z$Z>G@<3T=c()8RB?yw?)ZkhBgv%MnA;9_Fap64Tr9 z>TmtFfiP(6P#~l1v(a4+6^?5+vh*IC-DEWIwR!;}pu;q%072$d0-?7{MhJrpJWC7R z4@?SFAx%c1fU1ePBQC9hf|Ny~TDeF>(RyS+M#2GoaIIKp#G=Uxb4aFC5Jf&Ugcr6b z5GYwiRJjc56-*@N6oUzeZfFu{pPQo)lnE3niO$5gGSxgK2x1`x7bXpA(ik*XCIJ~3 zISH)>rZp9n9OC=c7Be=krBV$@r~M4V9!Fko*`YSrklbWJn@TU$^JfHb`xW#_0} z;E_?K7`UfmkbTwYRnYLnaDSV25sq8S(fXB98i=d&{bWN7j|G$?kS3#4QoC3kGZ8^X z&8;wV1rj{lqe!amZGX<>@5>aBqpsZf- z$v6@rKTKhJLJ9{mEI0)bdhd~kNGD2AC?+Kc!s~1e*W$9r{BEXC4{|VVBcJ<(dOHuUvx?s^fZrnXZb892}|0uJKEG zR)bF(lZm}7oKI@UXo4~Z^g&t3fdAoR-Bdo`FX!oDlIn>8x{87UAyT?N7;^<^DgniY z#G8r;N2j64l{P9K>Y(y(&_qec87_i z6d~>cf#K$Z@K@C2Vnk^U08xwC7!ni7MMJweBmguPxmm-)d;>~w2r(BODwZk|sH$QZ zz_G)$@IB}-F9g_Vk0VTF>kzd?_^5}W4nkufbPKD|USRHXS*7sM10HJ(IOL?dFj^xM zp?xu{D}*=;v=Gr3b=lZ-@Mg?FYNGN&x0Qfk^HTLn6o4ueSYONzayuNS&4x^C8wPPS z5#9hQpKahpU1(51S963Iyn|qs^GE?N-^r80yH27s0Pa3?g)k^;r!0W%`hEaYqYW6A z5*@aqurUQSER+DhBU%PpKA^G9q{$3GZf6FYsslDJqgx*gXr&CGymExd9-Bq%7GYT^ ztvn3M3BfQ=$B8R(Y7oW)-A1^(WV%McjKs;_2$FllI)K(A430E`LL?%^JQNVD64*gB zTS4JKo0e4pbY(uFmW`D=BMKbPh8RMH7~D`9ktp>=;dFRSz{|$t0C^Rb()?a|*bQME zFo!AxL600wW}EP+xQhs-9=t+@ReL-fLDT@YN>7ua@CLYQ7fTK2R8i$>I*|g|9fbnS zgu@WJnb)d`Tl~&| zMyQc0G)lQL7=rVOJT$b+0h;tq0*B95VQ>N>@Km4~I;YEH#6tU$R>mgBZR$A5L)Mv8 zOr=Sul8Urk0RzCFOraT25izWWFJ?JFGo9=YYjKD;wpy-m2T&}a@-dqc(@wI3SO@`H zKr~U3kgZTNl-#&gDo`1P49J|plXuuHK>>pp7f1aLeB4cjD-(-20xHoN@iWZ;>ml&C zhM*nmQfa(myfYTneM8F##1yiaC)V)2RH(S~R2q)P3e+-Tyu-+L@sxDDTV&@M2uwGe z&kQ{yZb(35<8mvCV`U1!0_*KEwTz|@>s4d{Mh!(_Q`oC_fDAocGYheP|J#~1yzYvc zZB8ggGl(m{Px|h=lZ4qWbchg4p;E$6J)gOHRDYEXM=y}1e@+!yX&zYn9^eNnN zJwB`c&6ccHcbi7kmwZA0HGbv0zfzm0ru_ReBcW%8bNaH}DG9k_lnI|&NG=t#wr;}x z#iWmE`JbQrlwV6XX9_uefX#z<-1vOjmxuZ+2rf8VAKNRcFC#ESIhsp9_4@{$FK zNr}zA{p8F|VCP$_#-^y*>EN{`WuG~8vbEYRQ7|6-(i~s50w-S&; zm*Esk6LOFI1)q1$UNEZ5zvmm#KSi==7W4W7M#?O>3V*^x!5p}5+4=OVm}g59 z`XeX6)NPdH{rgr*^W?Ogmru<}i8=b@1p@~SK#l+9-@!MI8B^51&!$c2*<*qUA3CRH z%$t-k{Gd_<1NRH7XI(r0PgSd|_NHF@y7LD%8(p!L&Y{lTs>>TgZ{3lXKjO{?8hzHE zZulPK;xV%*qLqEt4X7Q}m-}{PM}p$&QcufIqYfvhH4?D62}!4h!iaCbRy|Km@zzekZWaOR{_y^y1}tInn-j{VP31ONYh)G*1}`a_=<-MPH>4YNU6 zW$JS4@V(J>n;e6!6Tbzub!B< z=+cfHd*^0JmCIlroim@vI5zXPK&4BGO@fswfJr6h-5a+=)2|5Y4h#+y5SSuO}%bj zI6126x4At&PW`;in^QNwA;ppT)TAsq`sa;qzpmPIzoBu-z|(K?itf!B^Ly)o(nY3f z%E~wN*6o@J533G+eck5y?VWi|uXZQ(+kCC>EYfz&+p3bf9jE(L&Y#m|?B@78*WsCM zH=D|YyBj-?-Rl?~ZyMSo`|Ed2FXmLZ*4eLaD!<24FJ63e-<6+!{Cj1^o!G4NlfGt+ zJ@_nA!{1qd`-Hu>_s9>lKV2Wk6q}z$-rTWVA4NFzB{pu()aM^3`WJ52ZZFL(I#=-F zkYIAd_*-k^AxEaBW~zMH=<6*_>zk%^c=`NFOONeX_x{|{0sDPfvb))5KZZx#%9^4c zGew-(;p+RUvfeLzn?Jw0<#`cly7spxYgG^Zx~o-XpU>&1H*~w(H*#>)wf(){3~LIP z_iP~F9oyy3rHanyS6V7=ho3X&X5JmYcJ!G~?xXc@hDa9OeM4Wmk~+m)%-;bjJ?!*yZPmd$J3M-<;){7rMT!=Ha>%bM71#?SCkJ z?j0{`sy%l4+KxM%@5{e0JsudiYE|QgIsS1si+xA4HjF>~`KqM6@1N&ZXO!*7eO=lV zsW>XS@qqX?T>9{(GQCpKex%g9a%t(pc1Jf4o9mrgR)KGp^z3~iGMlJY`?SIT-iG<_ zUYNGF%`R=1acFI5U()?9CT z5m`7tvn05?^{~Sa3ntUQvvobzs;a)IN7lri?j?g&;SHS~*EeksFAeR!A^WTHk5LB; zFLWb)898L)hD9BQJI(3Msr{#y4p0^i9oO*oH_iJ?En3vg$b9j!-m<#f*B}{j^yo9k z{PZ7gP2GCPzwc@8+Bl22t4cKb`STUamjAr)&b#MVrjLx~E!vjn9(VV+q+eY*@0YR|A$(h7xs{Z@Gd!o))A#w4GBS4`Y(C}cx_j7vC4u80L=Jz3cat03C z(b(C&ecGizGyzr3KQr3YKG*CR*FO#4eB8%1=PNq@XEPy>#@Uljb%JeT+`?hHk_|-< zrykm~S9|SC@TMkUknnAyebX+9f-TOSxoA~tC8EONhy71t&x2^V0Xu zR)1Qr_?nnmclzjynqZN!ZpE%^pFbGx)U@iIef)=BV~!-c6obb9Yom8fvx8Sqx!{|P zrvEiEjm{L_0G`nm9m+HA3ZKSjjK8ygZHLrNqppqqIC1y=n$^x{d-t@VpZ<9G>+bnw zhYedtzcc3i@yeUnt(#vpxvAobM3~=m+2iQl=RdTCDKctjZ`aqtg{i_a!LS2QMm4l# z?P=DcZvEu1MAvWYf86(|>cGJvG?_SPJ6zx10tsnn9aMEUDoX+yh-EpR*)^6!7zLix~ z|422LeeS-e=7wtZB>gSD95-B2dgk#% zv|-cN6J7Q{%a|~ETHUyV``=~Mk88j-(FVH@AG~wr9zT850e0)DQ+Bp48r%v$>eAZr zFWYr2>b)-f{Kbp3wrwP@AMRZKOWSFRi;aPr{rQ`iL&xqDY&EQk-5h^*fO_ku505OW z_NEK0%bQ-8XLQL;7C!Df{-?fIo31P#U$`pziq4Vz?@eYxJLyjLbEjWAcI?N`kr$Rr zztneqw_@!2l!J3-OutrGzGvu}-*=_EpBXZ*Y;m#nWZXD8s)0|Dhffs@yWLPWV^*KX zshir)Ctnjjy>@44)O+d&R|<8&!BID}CKiOwhh9{-S#l}uo1qvqK4X0t{JXZ`1s-=Y zopw>{V=?0;p<2wkB(kv*>P3 zbv*oP;n%EYsSUN`vf9@y5LdoDvv75=a*}Q4~yNwilE>e|MycbKEnRn`v9{461UXXtmV~RoG|kCy>1gI zQ{HyPRSva&`lq&4$?o%cLgUM(W}br&E{!?ZVfTu{_==`g)i++edw4l~>hOvixwHE0 zT<3oJeB<+Y{dap3Umv-u8m_zFN%-hN$jBt(owkXKmoZ(XjtI zkZUepG~sAY3`-NTkA&89Pz=^fHkw=GAUN+^(aD+l32c4axp;V`RglJ$J5!Z@Y+wY5P^|&*K`OZ+($bnsI7s zE_a4&&yLMQd)M`{c^HcXw?Z_4FPqpv^gSF(QY4OsQz!<`1TUb+6+S=N6(F{z+e z_ZB*l2=YmiH+T3-%7r<_~*xg?_Rlxh@x(%R+8`%YGYch+PjC->&=SlgvJWZIkZLV=OL z@bbKG9(pmIgDQ$=PkY5XbLZPd7puoTNX&^sK%6(LF!eGIE*i}cX52?Edh!2v7mabQ zGvC=CB6zAs3{h<I^6;JTEmO%;{hpfZ8wQ0>tlUc} z>fiO^w$*n_4>mT|tad%Uv{t!Uiyt!a(4@SKvnAFqAD<7qHR;WH-Z&P){pm|ny{oKO zWamGov*tDXF5LV!%csvA*9ija4=E{<`z;pz(m1)fj*QP;nEm;qroQT6o55Q(JN_E^ z<{b9gddZqisr8rF&ChD8+w=b6V$sdqq<*zWTD0Fevf=jS-kG)NlIp2#eyi~8y*G2} zsL!v;`s{vpZS2??KX!7SnBA#c)0wV&D)ntvW<<8sZ7=Kn{&t|^#)fsPo^82nUg@em zJM8ezgYR#it;%k4l{}c2QM-9hm49`w><{|5k3Utr-3F=e_d@Yoy;oKX~LY z@KrGIWg|0p7ly8B2(Ftur_TT7@F#!CoAQi1Sn=&r?8WT{*0HCi;X4!jJ zw!Y?Qt3J4s0`jZl9qM-9a_`XYvb($!eIHkycYHxwszM0$%49vxz13TwzD_GIP zbKv48i4a4hEUeR|} z&->5D{E@=-{;sy2ymvJ3{@p9}cUb)g4L*U`%*koosYz|0Hwx-b%pd*b$*Ls!X}G7) z9%IWt`O11(#+QV5t#t3-P+8b+Fn7YFSB!?AGH29$Tr3*3J*P#hn`@U&Sh0O{{o${N zb~$fc8cO)BJO0eO)t0YICuVPl2XXsLW5wkCmOZ`)CkgJ`q>R_6`nj%c(u6<1yMC+v z=ug!r3*!^Fw_3Hf$2VVEgUMZy)GWyhi}PH8;r0%TsOjDHiFNrhp|4%)?!Lr`F3}lwff7LcTX-J+w9%(Z9+^6Yo}LHQcFD(k$f# zPe0QCte}q`AX-&RZ;{%3-Hb!BC+UXTs)HqC)0p|=CcQdA(3Q4Sl|A2j*uAbWykg|n zPj9xIKiE)pt14F0E92vnHFrMK_3Du6m+ix!-$W{cct6^tjZi`G<|&g zRCopNth}%)>%Hds#Gb`NwjQ`dmX-C++*Hyzrvvj9ggh6O_Fnrsr=jM)X`ptk@aR@n z!J-x(d2^tc$(WG!PSH^N@}~|I%C_paZ^p;Z0L%LuDltM zNnN#mz?(*x`#Z1|BQEDPmmbWWS9|#DmtV4e(ouB_r&)fp%s-WWci0HW)&s9+^SZ5V zcWB~-%sPC-xHor>zPY?fgC!0~O{Z&~e1+9oo4RpQt8LcmwOW6ly1wV6^#RSE98+v-_#OE9X zz9jbM@r(A!)JOlE{UtC&*HD$Y^+Dd4qngLzz^={@_<`w81Vm2Wz<=;MqjQ^>+L&8K!8SP)ebIs0B`_9}0t ze+_qh&yI>wx5!^eDGAbo$(J@++b2=RUYUDr{=lO;%Fo`RGgfo@{yBQpz{VFP^#!Ou zggsLWx=mNi?T&Ze&1wiWZ^LR;lY3QFaU=HTJh9D-V>fPi4u8HqiP3X@uZ(NEaxTw! zS$!z${f)9M`=1T&a$46e^5XW5o4Xt}(+Phcu0Pl?Vc?rfuq?TTK}#NL^Itm48Z-O; zRF3=v(fR%^iA< zm^^9g%LA{-cYEX}cODeo{o&BMku7tV9y-y`xuV4W<;Zp*gS{SG79*vf~B)sX+CbCO!BPc&6b{vxa1bT3#v=Eb3=7v+t= zo>)10@21LoAGS{|>r;jS2e+jD(DO_4)EgS8jik$pjq>f|!#C0vVu$^-?uV*k=c`$h zVX1J>wqDnx)x&A+M|oH8NX~0PT}52jHfm_|V<;un%gjyLwqn2eeD^&?bq&Mmr!R{} zAC!FT{P)sadBG30^QTQ6^Qhrm`@=>3@mXzV<#y~sZ%tiBrr)BIaxX~shn_!v{mQrO zz}umt92bjbbm&4F+pz%kaVqH;`StYPegD=Q7E?tO`0sH zbH*L+QX0)}bL-(U!#rQbfb!^HQxlKg`zx!nH+NuSQvbO-*4Ixg>N;Y`h)8aq$D`(q z86m1l{VqvWboHEX)vP~hv-W@AqVq8JJ$+8XpTe)7W-lszI(9}we#&3grB6;x{l3lZ zH|*&*;-|GHXIB+{16zFc_K>IH1tcdIv+PM)sz4LDvt zyRhb`2!`|RY6^hYg9 zI_zVobGPih|KlE38eY1HlYb=VV0smYk$^84Iz6$x$Nlpi(q5M49qs%2$JHHL_dS2% z?2H=h;~_%nz0$7jNYzu0$Vy?V@BNe7iB8Ecc1P#k`qyeLT0yd1>c8}LzE=H5U;F8) z&6>&*Q|K#iOs3{fwdAiaUR^)Y)2CHMkBW?`qjp7S38O{RgJ}AQyKQ#P+FR2I7nSS( zXF-1VL4&yYDfu79j_EkP^bMQdIj6Mwu~~hx)!VwvI6Mrj(8=GrJ-Bp>^xd(h-e>>U zDLh8f^7W{!Iim-BYDW82JPOS7)FoT5T%PD1#Xj+>!1(2Zul+h)((ank(|`K=$)*d7 zg$s@+&y>-M^Q_JEzJMCKTlAmg3K9I>6t&3*9{iT3<1{V7G{XaE+8tdL?s^0Jv+|=9R zmJCk8zjHNzq+(Kir+Je~^Y(?o!6>O&F{4M(8B&#V1S@}m@<~k-QIWr3@QI=+5r3bG z7OsBhMoLQG&{p)Lo*H{<%#n4olZS0QmAxtc?pb5!G&-=Eg>lUlBptO~o#z?H5pAh?0+-gA;b#U|M(}P_{m$xd% zG_>o6IZn=fC|Hac(~I*n_>}EOzFjbuVhSzX*-qN^gF!U7v%Wp+``?{EmMu>?Kd%#~ zsDH7ou~U!it&q2#*EUmLX)J#{Ub-eR?byt=fp(qVOwAui_$#w$y5d*q+QhXa_LZZR zQby}RvWJ`d{p6hhYyEihOiS*OZTHXp__MzGfZ|p6evUQtot-%Fb5lcP>b%d`+_cws zI00U#w5kamr9UO5-k$d6iECrq;l$7XF8_|HX}&KL62NEL)nU4-+kT+?;mJn>@ z`z*8ADHlbLd%sy)&rB`4JxliD+igwR+gMdyl9SN7Vn{vtenw@7v|@5Rsgtx{qx%)T zb;W?YSAYKDLYMbRsi+@W+{zE-*`2fJ?`=pmjyqc!9o0DRemApZdVQMb?(dO47gzA_ z8tBtx436Z%k4@y)NC-MzFyS3I=j{BBlqrhLo+E~J%57Wv>F9&`)qfSVzvQTlp6mU? zu&tFDcsuyyBG?+wZa69d*0v#QC+Oz?5W7kGLT@G<{W(~3yEq@7P?jL%<2)_Ih`#nSThw9dnWcwzI5Wl$kZ7fwk>P%w%5g@gEyyh zE89<-HeE*lG9szHa^Aru+KSV!Na9xWI#7SRe`i+Uc&1#vWM=D?Pxp0cmD@Ob0Vm7z z=s1Lt(xyrZzvt)h$b;JJYdaqOG_SQLU^RuiGO<)*uKlm|yT(a5SRh1PB zzlDv?*BeDpUM)Ia*0b7mv-tSSR_pi9_}tq2#YxK(Nv+AyRwQVIozPA-; zE+$W|_8sCZK6~v}Vcv+8G0WO#x4Hkjwf%#E&q&tPK~GP%ZuK}(zXsM)5B$n_pYk@% zbH{-TKK{OZnDkg8WkS0HchQ|1PrRBxx$>D!c5MAdbqL&nj_Y}Br<_A)Hsno7O1<#? zVaNfDUox;YQ(oagWpno3`j%hmILFa5HL*RIf>+yQ#`vIh12BJ`vaygTEh2>|O)~QE z(GO{l+~52N>CanyxnoAaj6Qx$xbW%Pf)%HhrLOCR__%jCd5eCfzx(vVgQfW;-{LCH z_Pr$7v#$QYQ_Ef{{g79%9yh%sGo2zen{5Dbg;ytod`k%PpeOAKpX>ida zYCA5U02lq+ApgxI%Be10@h|B?ymHApUp34m;okUW)!u7a2c)eD}q1ZAo7LKbBmhuh>;N?RCi|ZSCyP zG?*hscq)*Od6t{-@OwzQ96$x4)8NL=-PNK*ia~#1T+#d66RYL#Y;F*{Hq`i4;;lM$z(pT#zBIzXrL6HELnDREb6$a;n z!#gfjubMbavZ$s*_2gqq2VNYJnDY=4SDZt0@zkW;B6Bye^d{_^qc3pmf*XYuNsR<)2y*m+}zrKCbQ;uXCF(g~X&wk1sdGHE5o zG<%ol?x9noJ{?vESmhfR4Lsc~j{mv2rXM^2{1rR9CH=^`{@mHiez-m%bMxl0d&*xNcvIeX z%L&r-Oa0qAaj(OzWna0+x0&PfYc-b+vGeou3tn`{`G6$W z=5M|tOJXFkz0O0D3GPFU=3Alb%-;OppRaEI!@WSvf1T8RWzsJ{P{hKiqz{PgnJ?z@oF^WI_g z$$FS=7GB#j{#Ks)anhTV){LV5t(8~0(*Ll6p;*xuyvZB=6M2%UJLVs2XsSPa3nsqn z&ExX{Vd~UolF|vyda|T}-FL!cYbMR>hCRs`0-S99NS?E7AsQl>LGnUm^X3>aO(*yc0KdXQ3G+6F!zWzT!*u77}WvHXV z;ZOS`DWW^U%K}2y$6&wje}=F!Y4L{1xf|B!7w0Z29kIMi!X3D%yRFC9zK29rC49MK zgH3ZTZTgVr9ZLFf6MrGz_8$A;I(l8=8OXQobKZ zgC+Jto;w|dgwAt&j_|C>Soj-~`gBRt$D1K^DJRo$9e*j#!P~E#`k`(2oflU%yR^sK ze^7dXck0}pf~Wq==2=fppII_weD}n1k4{2u znJ)X9yPLkYzasxg7YRGw=lee?&#qQw)*sBNtlqh6)yT}7kO+D(ec+7sT%Ba*bK>Dhw9;aA_4bx5m~rEp8@+Yf(|vNZYqr#BUz{@mQx#%Fz8 z3}hIe-d+~{(ww^SPBCY3!Kv!IU;uCbP*gm2kDCyCZQRrTdtdDJ>GYD|fl>$@53QLu zd}GQ-<{jSeKX3o|?m6p3e$L0flH`Qd?#?;tMDa)E&*zGTv&ZNYj!W~maSGZ#rK3;1 zv#ebq?=kO*U}Q2$k)L?<*FY1J%9x(eBqm*3+P0#&cAKx8j>he}u(fhuQm?9~V^!mP zGhpGIV^}IP{Ya#6dCv-*?S9L4Sx3?D-ft+#e6eqfTY6}{83@&7OsF3C493XWbEJaiW~cm zT8^z6nIKLzZMfbSlUJ~?IeYr_rn5_i)I1g@&!%&dH?2qKPDxE$(E?V|#lEnTnjeBB z;yH4>BmIZ;UP#j2#(>f^yVd;}JBR()_=S{9A4fXVW&4!Hc`Z1{r$0$}Iu7Ma60<6pYTb%s;gDMqhBX1kJa1PP@@^?d~tUl&3}X@caMi7x@s7 zrsesD`qaeHh)cXfBh36+vPkx6p>14If6QNE7X6Pa;N0YQ*D8L7GtHbr&-;t99bW0! zMx`J2`#{bnphZj?2u^R&X|NXXRZw6kE}XKvKR5Z;(D0waYB2NxOVc6|$W`3L41YL_(bKi_Etxnt&m>-4blJNtx|uMtmc zRksmOyx@H&^G|+GPCLDA4YO}^24W~afuT4x0K6jSCE=K{a7ieA0&T&-*3F7GCg$WK z6~etaS4JkWyTT#UyY1XLtDi)AbNU0xVZ>uEo-lh%B8-Fbdh>c2dEbv-?03Eca~i04ay5gHeVo8MeCkTWHT z)^#eKlaQ#Gkw7ni@g8qm{335mDLkS6=l)nbvL|?b1A5N?m-|xKN_wBXUUgw{)&slq|_Yc=Q!_4#C&mGtAir>he zK9LNFrtK%BQI`idyfALeLmwgl#wj}GlJ$G0=oDsVL2|QHfnEaJOI!p}VA`bE5I*;% z=@AE`;Cp*B_YJ7DG(}ksv{HHBB%FzW)2k|iN2UVCBNIHS3JsaljvA@FtynG!AOga$ z#mX>l=uYQ|4Gu6!E10#2CO8xAGM$@!2l}^<52nWxWY+C(y?fN}YoS?5NQ-)^At~>v zmDeXs4o0K-v+V%_%lueu^lou5$Jy}NmGb?yai-Bn z0I4pyv}yt@ajn$Y%DHLpk&s#a$bjt56&sFQXL&Bil@U_QzK4`S?xpWd!nvf}t_>Is zFzPy3#UjX1Y}8n63d7_gLK+b$08nD-CMdt`S1cyIp=wE|k~!rc*pm9eUlK%i5pR)0CDZ)K;-3oXFXuI@s5Ccrjp zBZj(F0IFQ%VTU=tGH;R)6h1a*3T1IKkHBaQXy;OaD*-c0(6i$%aBU+a6jw35g*icY z!BJOEM9zq|+kTemRKX&C8~6y7XWpKB^%_#k66E%c8-UtV>h|UBVsr|mXg!v6b^x|sqqJ$Oixs;4TcvhDhk|rqlUkQNEfz?!Dz)iO*xwmc7zfDn>v9H= zQJW6uV!b}yu)9%tyMGlt=kjXD@v+U>H)|iSTU0fy*T37_fJkhbhu}PM@GyJkim_Vc zQ%$v0317Ho;&@A>aWfQ>Vz3?*%%ZLGCxv?1yrCA8ZsL$)Xj;1sj@3da{tGgq~st%SzrAUg$;*BYB*^BgH?PDm1X1d%UN*V zcrZAmf)@easPSAL=>@WiJfs}VV|oWHNV|&Rsg=Wte7l&LU0!!M9*ho07Qe7)Mg0M&i;k8 zsqnu4Iiy|uuaNfg!UzOuKZ8dzJ*x0O2DRq^d_}-of$r`Q#qL$MG+bx`Dkq!(i$YLi zta1R5A|u~mE`|oOqmzLg>9%A7xGrfbg`X}=UywILa=G4y1Pc^%;I1rBI8^rIvJes& zOPAZxQ&*qswY@0w{`TG~Y*%P3L)0oX%VS96H3-8ePMsx*?Z^0f7~C~i`=0VAPuudX(E^~in877uUbyrmPE0%IE4-vAp=V^V zwA{kzyn?Bj05_34GMJkZM%04l^h0j;IYwT(xkw3wfJ5%d<{N7AzYw-5>Uj?YVN)aa z$zxOU$N0xmR#L9&6I|~=F5RaOCoZ~<`2twq!qUCf(cv{+ejoR6m6k9Po&RhV}EArSsP-5q&u zWmu?F1@IgLmUbUZ-Pr>Yc8??((zqs}2*Ba44PSeyWuV#%`8K$b1$gbp7ki^APU2qx zf*0(m4%-X8PMl=<+hF7Iy5kd}N_r7QWw7Y((M1k5V>ASqjiTY0 z$H7B2+>RWcIxt!_3PTM@7dDI&q*Wx>2gAc|Hdu zEx40px{h6Yayi}<6HixzV0n1f$c;o$56?V!+iU0;Ar1;fq1pt)DYPeLvIdv6+C^uu zUK2xE2oJ!yE2?aSBuIv!m@i#X7@CB&F|=9{QDM$=QW3S?eZSNW z>&~L65w@Xfb<|D*@&4EX-gv*X>}GS&vERXOsM^MieN+~j?ZG;1z4gJCRHprZ4F^*Wr_EOjBlq4DM;f#|fR5fd7K&!SUO^oHdCwn9N5(ZJ2u z4}3)SndbLpD9wx1802?=H&UE!;`LzpfGX$J{Df7q0O<+Kg7Y5w`Ml&wAH(4bP=+Ic zGIvoGIS7{CLPlE{6|m?CwAoGo!i_@aE+fXq@qH2@e6;JSMG)?lwu`YES)B1K`* zDF|dS84VTe5n7a(r~zZWfPM;5&s}Ah z+ZAvh-Nbr3+(~xe=C=E0l%fDrnreArJxxF(lKm1HjX(^94x|28(IJQ_@j9%YNdWIZ z1@W+yE;UZz8nM#g8lRh}AJc`{(f~*c*rLFS%dbArXM#$t^YWt}R(e5=f*Y3vXz;<{ z`}o5DSHJK7V`vl;WLHmB3tqSQ*SCZummHKwHK%zt{S-iYBE07m^i{UYKmpH-dmALgpiqENxlOfbmXU{+h-7WKRiv(`b<>$`n6 z^Bx7~sw3c+_QBq69Lp$#+lhmt0kB*JV5=G&ki+J_Ul>aC@?I%>BhT9LND(BI$1vmS~e$`;!~h_!soO2Rs$Vgz zBO`VCV}tibsNex$D#nyZ*cZYzrkexJrirOJ901j=^{xbv&a7rpHaeUTfMpVEy#XlN zesP_Z0*of3u&F)7iPQP?)ku3T*V@zVFpgK<8SWa*^nD~$?Rq4fED-&mYUDbN01KFg zDXzn2(5}gYh!IfoKq6h{5H#osV3DhH&xgE@{Fs-G+nNV5IHz#nDYsY)hf^JjwEVON z2Ut0{)c&Uip5NZLLHKtZ!gWa*pjdH#eWQQMsbS6ZV(`8WdKNal=L`{Ln@JU6r<9my z!f8X0XSU`O6{PtezJ6Zvvi_}EC8*L&KEE`Z)I0*pg9F4DLxr1;M*-`GDwCP5|5{a= zyNf>nz@UPt0!-Xs^U?CTOiAbLDyPXY(j*AYRQ&+(PDWoJT5%Ex%!FD4Jfb~01)`52 z`B-KjZ?lHwNho`K>7H~6&+P<-6CW91O){Hi6fws=Vp0~_t51|a>N$?%F>mm4T)~$= zna?>JK&D#)YODP(NF-1WoFN*2u0ZqQS%~tlm-^J?@7+yz8YfhZ@(*`+Ps3<9)s`6j zLm*r;0Rx*CO$&yODB|H)$j3)|3PW0Q07QZWlMwlZBo$m3L~r2%v*-9V%Uj~wPmMz5 z)Kc>%5b_aP$)^L8v*8%5eMnp3H+2~U%+QJ&%>g1#I`~U_VeP!}-(8 zX)j4H6+Cblt+?eitSvdZyEGh+)hQMTd6%mcwhACkwfB^7_s7XbUw0<6_97i^_V!Vo z?v>y8S{g%30fFo5oce6}Qdry-lwf|r<{`vtmzX!zPXaE^=_U6~d{lVP0OL41kX<9S zqxa@=2|N{IVR~zqgrQoU2Cki27LB9leY?>6!0aYN!o_p%(KF~>2-zg~&Ta$AgrPt` zSwfYosu<8*I`m0z!%tbgsrkBEnX(4t;XS%QrPP^@%C@Y~Z%QM22o#(hM)U=;X0A;E z59GR?^OK(=MTS{)IZln(bNQ-Z|Gd$Lh_-(XDmQ8Gbq7EJR}^OZy^Rlf4x5VL-ht&h;ZtfRB?NOAaH_LDRs7 zp1C|1G`F1tzD%!@&v15bQPbEmuFhUMRM4_o(x%07cFNTqCPoyTXupSoQ+~qiG8s#u z3D;}&B~3|l%yqDro2C+!EAc)zc&aHJ8s5rvw*7vABe1dE(uo7RCY7*eD4y$K>~k`H zho^uVFT&>#kc-@kmCpiC9AX=4n?yhr_f1#Y9AJAON?(B;H>NA!o5`bK;7FTjjXHWfHG0o`supYQ42Z}0PT@MTN2m*daq;I3p! z^h2a{`00WA>7%+9bbiOZs1wAR0!8-T3(#_UDR zUkn{Y~r1pf$c*O^T^qAi^DwO_978lH0_ z=eW-oDC#3FImq&9lNHkNkLwmevOaC7)z(Mq;JjMQS8Gqy;wjSw%ZM+Dy(l!1(7xbyjU(xBv zxyFN3#CJ4M)F8@55PP8t2#b!j{73B^%tLJm7Hqahqf71VhFNzu{qpAi^Q2FgZLzPb z1L#n3Ok&!vV}0LQQLIMHwT3yA#}9u_h8z}8n`6KO29$7I<~q200hW;W7*ZX!WOCd} zKJI3H@1mzf%!8qYwFj-=?S2u{5a<+IKg}7gY1{^gW-MPdc7oWKjeBeq9Lr{pug<2t zJV}`q`^+~NnnvrV_JvzB=8Q<82ba9Dt8SnbkB#D0(c2P-{zRuScNuM-P)=njy@qk6 z-b7QeNQ}JU$hs+W%c88y zD~L@=az#~3N2hc=zD7tFLIAM(V<3$|(qD{#)hk$`13OTcQR_1Pya-;l?lXI|T|Q6b zyRIBR5Qr}M(!N%M(WsR*%7kN*!6r!mB40jQ(Ty~mTQenAjprOd^%(cxANl`Q8SuXo zERO*M{-{_LZ{n?bW*nmlcy!3U0i% zo!2k;v+?}306`Pgs6a z~C*)rviTGpr%6oe@}^6isIsLrOuJ(tGCaC0+vV))nHe*Y_%$H4@D; z!^@4DRL-wEd#I(d`7R`Xs=9Yw^3iX$T6$T)|L0cs3&3w>+9s`$Pu>3&cyF}g>8v7; z-Wf?Jhxx8}cboM8#;i-e1O#AxkJAxUr@*{)<-ZpQSu{`R$n9PA2l*Cpw-S?@mwU?} z?>z_|-0&RDR(tv(8`Oh(Mp@hlAuxg;Dx&;&2sHQ+#;G&(H2_~gvb_JdyePI;5StBB zH@5)$Tmww7oo6H*>>PKqOJx3qS|`nt$|&Cu>H!f`GcfK zBo+Hzz}TkWI{=jRYv4@j+*?Y~5_a9Ai_fJ7mg8DFVwFe=*AEYw%zfGbgjVoBoQ-k> zd4Vd(_5+})U83wZ_Qj3Lt^xEsMR%@gog2%KOF-sr0D=l7%@C+r8x|km!<_=Bqv$sP zn~#C!4LlCxb@GE*GM}Mbj?7AFCGe=+hHOQ(J#YW=`<`BkK2Yr=oUeSJ%pxkcZu{-I zNl$=>OId9|Oh|m-$DeZMTgN2e`oB0B7wTla-d~z-X~|6M`_L9fA`^s9``-7{Qr=ZN zM?O%ZUU;}syFKk68CmfIwAxgDuQp_vz>PA?5QsIG8b;eeggk^z_W`&Y1(-8yz6LxA zywP>DTfp>G0ZP5;7vCzS13^k+9L$Ghob$EfI^y5SA=d;69f^bk$SKmH2AJ3^n;_ux zktx@Es>$#*b-uuRV`_3h{)fW~5QWF4EnGVpA_eXMY4{$=RxmSqHk=N(qtj&KP#$3f zh;OMSCNq!ZkFPAIrAp-dcFTbOU2Di?_*pefLW?{cnVpNy;&Uwd&E6wj5OAnrk`)unWG5eOMtjRHy&5CQQv zO=JVZJjXj35UQ|~Sl5X&Y4jT{h^a&-_j2r<{3h@+3Ix{BzmEi&B0V zA^eDT48s>tFPA~(`x?n}P)yJ%qL0xT_kV6h#i|$lkW08fD~B3UvxV8Qi-ij0O^-<4 z?qi0M67ECa)Rk8CK0qM3i*ZrSn(&w_7L4sK;sKIeU}W-`=EG{>NL)30j2KbAbJYyl~s_vBtibj zp7o;r`^&yRu+bvTht`DF==qUo7455Gp*HHvAE2UR>tL6}E``CF%(|P7tzZtRiN_@9 zDF-03l;A!QKWKE(s~BZGr>c};8* z@-7+EehI>{mtVi#SbUV<$N{P7zrVWVu-ebgZ3Br4I}*}~_j~=h^$py->J4FY%8E-S zuH~smf&{%t#AAUBP}D;{kAd$muNI|f5pmxV@O;Xt<_lOKr$IuZuW5$ySaj00&LH>@ zP5>|w6|wR&=t`E!*xWMBCfi=x&y2tLwC@ZRXbcE0Ov9r+TJ8guiVS10oJ~6zmn~q0 z!r7k|yn=ChPTn>f9}6cdSuO~k%{5RLQ|T$|#Zm6S(|{{zB(RHvC7<(k&Pxk8dA>Rn zd(47L=HOWvD7P@W)e~-7{1c7aYcB^p5~+~AKh7U~ zrpnDT`V7D04`a+lKCd6@0$D5H=ZXQ-iAJ z&!bL~ySi$d0+B!>ez`)}9=8&`@ZMtRJ%R<}1_khTUfMWQ6y4rv{^8V?jXct2$K2Z1 zNcC~A+zhauLh`12gVQIEt{AQ~MBL<$=jm+JYNBdObDFBKJNrM->y+tG;1G7#Iny38 zZwTy=cWW-_o=r<@R((ASib!uNna^Cp_<0v_?$(c>aCWb#xcR0o`)~`O-_u{)q9MZQ z8$acca7fpBGX`MFWDr7P*zPE>ez-=~&?lKTpQB((&*i<;>A2<;;)o}SD!RYqTrn*) zoET}ecANlJ!U^Cm4c=R@nH;6Rv?zUEIm%J4*w%(B4oSCaiS15|{|?b-{<_iEEp^72 z5-udCfOr_*)pD9@$$gbS4^cI{E5yxbx?%a z{#nHqLA0ymU}Gb@&qYKf7ACs)a)hL zgP%m=1&U`B=NEP^)VH78cHroe($VHr?ki)-ZlcA>N2n|?1P$uftfDl8GJ-5jE5(G5 zFc%|_Md(3hMK+m4Bq9bBW}(5ztaz~`gT=y@f>1|b1zk_K8X7&M4$-eovc_Z+E^wMaq)ulpr(8bZ5Qs&6v9Qpg&rT^+JW3af6e+30k6RY&=z6~`4mgpnjxXaPxMHVO6Qw$l8c8+GedMr zK&8*omgaxM#fp~tv`^cfi#!GHp@LnO?mVLC6tuBMAbp4>zzv~W!;?^L0g$|bthw*~ zDvZXI?r9Rpz4E`a;RtAD!sW6pz#TNm-})<3_z;qKLcUV>tu$bkAApk_)3 zUlv1pCGDSPfbyWm>m@mNFAj3G0t8RPV=;Wr!=1zg!wK}pCf`l^`-xy~ zaJ#IQ(R9|EGeMuEs6qPE1|$=Jc=5FG$KRX(bIFP@0${fxjniWQw4O%!1sJ@?gTHGY#A+|gyQ`BeI|>mtQ5=5u<$l1odfv3&`0rjEN;8wVKhqZW0^Go-Vxx0u1bM&rKn<=< zpgoKM6Sre;3hEQ+M3Of5rBFTfFt6a=--nNc5ft3j2ITzB*Y;Kos})-COTY#J`R(~a zfU!u*RarVMCsjB)#ePh`2~fk}6?NtikTM?w9Wb1L>~gpL^0V3B<9V9^A|m|fA+Cs* z50ppTf7`qY+#-NV_7^}H1M1ziw?ajJzrTSa1XRp7zi)qe0h%wc$bcrPat%dle`YEv zw_}hl-hS#y=7E@{x~1To;K)OSz-fIz(q|&M4N5~1 zHvyhEw|oTk`|3ju>1u%`5{f>J2%2n3KD`X><=i0=E*V@-`7{(YDZ zm|!Lz;8Purre*l^36!L=pn1(TV7rh3njx9IUIC^O^Y_Uq^SOYyG)NCj?pk*w)fG#F ztFc8Kf@%6Y=kv-!0mRYLuRi&6z+lgWP|F{-f|fK<+=}4)nF52&i98Id&Mtd9H)jp@_#28TosQ zG=P_alvcgRk~K&yGcoi_?ePt9?IFub z9jFf+0Mk(pRTXBH)}3TfKb}>b`#?Eps55Z94y=DQkV`S!Z&?uHsn&qksv11ds42;@ zy5s$EM-X&^`VB>x{{nAye$}-9c(&CgRlo-7bU`-ueW@^Kb^6yyjT~?eRs+rlcK6rg zdoNu{=r@HUa=!pppbWT+A1()2a)>TMEm%wr)+fgS?I|*C_VonJy)mev&5!I_^B!41 z{*=fa?+!zv=|lX$dHDeFAQHqy2xYfZ&t3_vw7Y?vU0C zV6O05c~K+n8Z7<`bS+}Oe>kcKb@+jKjSW*$*d@-(<@n4+8_=PE;p-CHYx%&VTG?GK z;kts{b7el@F;1XCF04dx708z4B_RF;#mqvMXBRtTnZ|(?;g0`mx!O$q1*2eQ;K`HA zdX5GHIeX4r0Tu1X67bz!H4bSvyWRD~c6LFR6LFoOn-#Vi(Q9!6N-!vF=hPf{v{YCP zg!^%jKcqQ&u4$bE@stQYkkC^6c1+r!%;;u()gD-MK{pPU-`zOCHhMyfG;jgWGEMVh zzNnE1SvzYA*#1`8wxO-B(RXK}#kF{eI+Tcn<14U}>zva02@-SPrY;U@E(7HV=cCkt zh;D^QYDcq?uRzce!-?Wfo+QeTLCytW25Bdr1kDz}9@-U2!D0>d$^lJ;#++(riEA!s zW=J?bo&?Q=UIs4n)dT>Z)Fme#B(pgDzHxaAk&r-kNgW4>z<%0YKBiq@4C?t zAoEvWw+Q?Q5_5KdloN-Mog3KQfI7Rx3fDh3Hhrd>vuJ6_FmJGnt+0l5K+}B!hFnUF1|Jok(CcT^i{2&vP~yUolwPNw*@1?l zHYkp-2aimgTy4&qGK)*tnscRM4G^>2GOx-UpSf0^YCY_ZXZ`Bn1NEl@b{fc9y8rD- zV!Z&dqakQ%w8Cux^k2KyN^u>rL9!MbQ>d^tdSyO2TI%vES`!-beMq$~7xg;AHwXGl zwutw$Oud8F>KLF^Cnt0QPsrSL?Q(#P88r8sn8z^eaLD*5fEltuOx>{rD5#A^mbmhB zJMxANahYF_zztO&PG4L!ZBoXr%s2scT^QU1wBNHKZcV6lJ?3%@O+BvGb~4vTg32S%zByC zn^mAydMV7OzoGq_xSI~5XVM>(EnK#jL=t3d3SOZ<@BRRxIhXlcad3*|_8VXQ*s371 zJ^m@s#s^5hD2DPRpxdGNW}^u)KWilV7&2*A7qq}RFduPJ?xr$9bu+bdhfv;6$Fks_ z$fc%8KbCW=zd+8u_E=+=j)Yze>(aq>YjrpNVv|Sy0ysW(-i7#vSgNGc>T}gc1~T(_ zX$xhnM!rb*23{3!&%PXmX;+@3q{qz*d#72&ED*VveV1CAM?s4WpBXMW864pgPjN1a z+srpH?IupQMV7bI>9?A0bEB}Nt5=rK5X^!d#>2}GtqNU`c9c}7oBw_=)Kx~LugA!pZr3Q7Wfv^A zIZ=2o?Hlv_v%u9i;=KU^6NN)3+$x7$IM8SS1yVF+MlF9%*b{_h6??MYnYu4a0&^}& z!XVx%&cx7KZpXl=#vYZE3J>bOgtjj|nY*ZO?AguLrlhG&_yZ8~lf_ax6W|%G z?5q$;IB|Y|Ci&}rAJ;}h9+c{6yqx5!nRT{1XSK?zW#vfI`JdVL{lH1HVt~UUO}!^Q zbsAeg4mK)xFkW)vW=F5kvpHXzV4*HKfqw%g<0fQEBr+T@*z5HxR>9x&{_z3`+kFMr zWvQ(LKu5~7bx)n=jvrCV8Q$a6PprLlIyhCRLxJXDG#&qKoVaY%)Xyg^<_jt6>DOm; z8kSbWYWK&ibVQ??a%fO}B3-RNbpttk2ZpO+)4A&xp33?;GD#kbe5;XZydm0Z9+L`t zTJ+;@l|FMH=Hej?x|Wr0S>DQePEc};wne`OTV<6=JnGg85CqQS-Q9p*F$Oq(C)T5FZgiZkXqo?6Ai zxUDl}PvQ%cQ(7u@R}6l}FJAz?ZGKU}^L!k&8gpUtMgGC>mzigc4QnHfoY8Zs<<<#w z(Zef_rw+m?j@y@Z-gJT z6`>70F*MyCYwdiV6Idq$`bu`e5b;%?6OfhKFI1uY^CJbkS*HdrQu$Yto$CdBCN2?V zMBhr)?1q`%$Eg{l37ErL-FM{*;a_b*H@TP7rA`m#ATg*u^(>p5!oU;nBgXHm*$=cc z3xsLREOn!6Tqj~dXPrnwOvCElA%Ig8gTVb$Xwu)kv`JI%u_9fO^GlHHJ9b_G*e zePzEZ&-P_q6>|_N_=ImX5xb~;?M9#;I?2M#hu$J=N|z0t>(xoEMc7I9SITHNUOXQr zrjqfeF#vLb7tb1&ZW>Gj^>7RsjvaRsX@$)-pK$83*RrNI>y!HdC$H`wzf;wAA&#C) z@`}_`a+vj)wXL`x%;3=#%acfWd5n=ehMt$rexDk+us|rLq4~i!=7@gJKq1g3Vw9Rm zHx-fhcEtQ{F((ZQ!|FKaK}(7}Qjuf39bDPpMu>h1XU6q=6gnp}rX>)zGnn{ON$OvM zMKXDAap4tFn5r{M)F0(G_e&>&_2!0DYG5`C&!Y>NWbY9MOY$}&%1U1%q7J? zrGx`rPqlzmK=y;E2VEK_^h5P7JxzwSjUVSmE>hv7*m#Gs(Q@#@tk5?R=~ll8+JlXD zMs|gQqIe!0$XNqh?4z>E!a!-Ms zBr)?kQ)sL|xwFTCK`q%hC6}pjYJtB3S+%7O*Yn2mr0NK`3Jgrh##v46B6qYTV*D&9plM zi1MD@pHJl_RY#-jlhW=+qcJex_j9(mvg{v5R_Odxo}}-bkDkxesEW!}aaIz~f`l8u z#wl4C1Q7^OeH#pONWZZOz$r38MJJrQ1fH&_RX+Pg(};Zjt=AFi zy|&{c^6#k*+Ifux+C>e2(U|v*mwmmWzi&lFBeyI5ET37t8*A(uE@gwvSEm>AREV`; zC2G)avJnsSwmZQ@9m5dEGgYekrpc zjAm)}o6FFC#W5q)xBo@S(VuE}I~&l-Ko>aOLwnjF5wG&4$zk~3qumSU&w7H=J@n(w zdx|jjCp}hMKC@)L%0G`^7YyuIIoARQZN&L3J*s;vU8 zw%!?5{W&AB!T#OhIR~lq^3nVP(&iV`#$vpAUFwexaR>L3p3zA1H=!HRO4#}6Cc`I| zZ67Mw4j%WnFX=XRq|kMu@AOsbE@##@%?C@VMh|zRGvaD;+?ScVnF|;9-3x@e$KB3f z@G5ZHShyfDyECMgkkVhBwd4=rESY(iF&hn3JV*QmQ4@PR< z{&-PX@YywmVPj{u*8G)A4D&|)?1Gez(wlv@rgvh4IO4Ai8wa@cu4t2@!iihU)YV_` z_6Zw%WZjp=z0)Ownn^UJKeZn~0aI{}R)iiL!iqpX2QD{x?(g%w13v_v(R!5{tz_fc z8&q8opj+o{S`=WXJU80ler~$Vfx#cc zOE|?LW*r{;*mih;ZL%-YedCz5b2j!t{QJ45k@(_T)Sl2fn_-;jyueonh7EQx+)Y(0 zS*Wi>eu`9&SO=b@yaRM*c#J={o5hnQRo$@pBlyBz&XZtywZUOE2B6$pMY-P&_*8B65=v>UaazpHk92Z&$ zZ5+_mASQq=nU>%>Y$moa=5DL3=MeD}%&ivdWkgfHTZ9Li1 zp`J2oC#MkKx`l(EHl~XY77>wKh;Vz|dslX2TVTMmae`_#dRVnhUX9H)+<%ayWU_IW zR;j%~9bv|%y3&Mr@X^zmC_4>iKysc&0KQooH7* zlKC&Fl*SDLu88;y!V%R4VyBFl0|G6FPMqalBWPkQ{1ofDDNj9RobW)W_(QGhJTOH} z@wemAM~{4=`qr)nYI}6hAu3|eSsvE&_M$}@xyb7Uvx{)44R(<}3-f$+E0v$XY_ft; zUgmR}x{-3H+5NmQ4b$Rjn|XG{C7kmjYJYF)ZGyn?00 zaTQ-qG~X$o8FPL}c;_kTX1snZfZWq4q z(qkVcXy z(GjME3af(wmZg~KM)`vI=;!TxjT5wAA6?}h6vlnSV4~{Ynfd{C1R_&)c&!v*y!m*o zY3utGzitQdDEcmOTGs=@kmc(;KpKDm#^$2qewocW@+J)xeCn!NwjGs{#Yn){8{yr6 zG0yU_bz+pyC@vG2&1jX63$uGD#=XkII!D;>p3js9F8WgcNu;xWdu5w!xTFK{jjucC z&dMobDV?*$yrU7;3gM_QsaO#`=`dhU{QqaKnza?_j{Y9|Kb2QQw^^din0OaM2iybh36FwS`5^+@VuTRs`rzg=0d{4gAqMfQ;}!zy$cGiWL!q8SLeinJro!4RuL0C+{l** zL0KXl%h9LdY?Ufhr)MoCF;QktSa`vi_BXToWe@VAQ0Tu}&WuPQD+(BPZ$ zcrIC~z^B?C^B@+%Z;Yt$$h(j|JE@W+TS`lIE(1kf@>VP8_`sDCtF3Aj`y=YpGQ(N zVy-`GMcZ%FW7+^aco+0xFM3R#Czd3)8KyVHnX%5bML+Pa>^5^rPFCAK91%0_JNEic z$ij6=3t26eyfxEK?iNdON>|_0?xFEJERFKYTvmX($UU<1XvM`C^G{+CgPR=4 zw`EcsvB2!YRcf|M{oRhTVrol=>tf1EL^Iq!Mh=DN7$n2b5-HRFkeM@=K6-VhDNNFu zd3^IE_}qr__Jr1XP1y|+R?1Qfc@+V_9!6fyklvOD#&*ksR;#A7?{I*`{T__s&e}K? z&So9w89CV++JObF7gU~qy~i1ni0*g>N9jtiyb_u6#N1()N%8f80XQEU{8r>47a4Ls=yZtx<4sz{_4Ehx zp@Cc824jSvzVjgo$jSu_;9YZJ*%mjV|HMN+&e9@aLU&hCbIfw`*Gq z6MZ;l)~xI_l2_;L0^-EYrc!+RpswY~eJSk+#H@l2wW0%8fSZ+1peO->`28$G&O<9q zv0}7;*I`6h6aVoR({QxdLMpp1mc3yL0aJc1&@4`#G4DVYPDG%sPSo(wM;3jt|7*B? z*%Q(mp1K<6HSv^Pu}ah7nSI%EGU1_h0wLilex|9L=LIw%8O;a92K1@iI`1wk`g| zoDCpF#rE1?sZYu09rr_6)+BOzkPwDPa1I=ZpKG2lro)W}_slPCo89Z6tyZUX?6?PP zy^qSoIf|ASSsyqqYCWg*QrbmCUi95wKv-X&RKsR*Wknr&fdMy7lzTao7TcU=9^Sr;8ni+kX^isn1a)TrR&&!95!se!?G-wD10#wwK%zVH>HONL(BWqY-nvHLq3xu4S)6UbL+u#!BQA?o6Zy)3+ThW|Ax7c|z zT2p)oxmr2Tx)I}tWoi!>y)+P2#zU1H`E9$fhO)QauvJ)LA$-zJoiR_Lk3E^-v~~`UFfhXzo@VkdMhFx+*L@qWgtlqp1+C`?$Xy;Rg3(mzSNp}#m3uI-n zu!e?J#bmLNuh1C8G?}WGPqFZ{lhXG2*~R(vu#pc)a`hQcBTT7G+y^469^Y*$;~+hl zE2UW*%8pw9?%5DW-2k-(iT+&kY%e=rz>0m&=#<^!z@=7mp92J?aLTdusj`>|ab-FY zI#z~K6*A)?uhpWNEMK4`h4IsuclviVV3|)pIrI;n=0V_PTgAz;OSv3qr_U^!OJT^E zgb|D}-6VsI^Dv94AH0#x>)*|luv|ejiXS5yG*WH1Td>Q29wRu^P7{n`X-_H-LZeQF zVxz)TW)W}^VPYips=TtEAVNo7prcbo4awHArn1iEORubsOheq4IL#86w)x{f1dP^dsGrvA!@1b8HsYs>RX(epOHNKZzh%m`Pwq)B7UWoo0I;~_t zYP3CwkBDMM?W8IylLqc=rr|w;650lD2Gh;j1s%Id2ar04lztDny|`G%BiljLF!Q~) zn!_gan-%AQu@xN?%7?F&L>WHI8%ORh&e$WX%rziH7xnINqFf3_^I_iWa+0f{Qt{rx ztgLG-Ta8#bl>p8t_deFa)5|NrKLCNj>Kp_eMiAo3#a4)D2h)wkg*D+?`9h6wdRZ@= zxV7Um6A>R}W>%QOfFXg`geXb2t1<4tV%X2Fv6+gE|C8_bS;tSO+eypcomrH_u7$6q z7y470Qhbn~q7x}n{wf=ALB9I}_-TqVM%jxGzHU)$aqt+-ZJeH>oMIhNmCD{FALu=Z z^5nR0cle!G_Ifyrb=1Pc!L1)OuUL<)-NV1qH$M#fb#)~CpM7x*nN%dORn5invpYvt z@m<|%uwy0V)RxJRX+*y6fMJ>4)laoN(H^wdX-a2P?14vX82J!ykOdBLz|ykJJE&*H z0|x9?8x0W5t4@Wqr~n<-@KB|NW0s)7!*r4syYqc%u0QY@GN0c*W3|(+E^<1NHDPbQ zRAn|kX!B#FI{r{<>)KukKSHr8k@MrDvLe*x)SsL@ zS-zFap%_nne35q5*sq6!zy$=qwaLAU_c&e+o8kpI9S^-vN$6T4`JD;^Sg4(y51z*1*mO+4%p0llW2 z3-uom3}Q7pf=B=OYUw4#Fo1JO;FY&A65iRVw8FK#wGA5mBtnb>p1n4*Ghu(8cPaxx z6$5Ib7Bi5DR`JaXnUywkTGr&Kf91rM?ce6S_4amON3na8kneT0dOzjW@WYOpBimtf z$7Q$uVBDFHS)Ma9muf=3KWwa8in1%tWZEx029Z~(mBq@oSkbdDQ&Ie?@+w;w+Nva0 zgovZ|l#RJQGgSuFetEky$g5OJ#pCp2?(Ax<%ae~lIA;2!T7PN4vtuIkOEj7#(W2(v z7g{W@aMaB5#-W2&y=}yT$n2*JQ%YplFS_q!O>=i|)UK^awtUxqdnv{7_%Y+nZHfBF z%b&lvN2k>17TWz87Daf0Vs3SQ_&Mp`v)O$O`sztsDQuTtEn`6W?xkJ4EiY9C#kCgLU`4aYn?$D6{VK;esAR$eH{ypEIP9+$F9@kx}( zGIdvV!fEl0pIj))A$?hO!@0Lg&EP!{_anx$eWK6@Bd;u4o<UbtM>5C>`uq;#IFcG)lHxWY^9jd5@4 z3pGx@lqE~Bpo-LmV`3-hP1m$^lGwfQTnkaTx`TnCpKtGe`(VYCK3z_}Ci6N;2uqhS z%5~+nYK1KP+7&$7rSDMj+#^u>k8ioq_-XNF=9LI0LV$|)GK>)mdYV$lof;xc^; zuPwXLzWo9+ANt5IXe#N=?#*Z#dNtQE#F?IhbF3<_KU|Y|uO5=d7#v-%P+*U)=CE+UkQI#lww^Pm}74*VX*>dYj*TneP~ z^+1p!3^@qhw3Lm@SqOyFHd4ls6OamqwtkRk30oaV7vo9dg3HZ?uMQ=d_sGG-mQ=aV z6StkJQ^hM5BNzMHzG@q@SQ9%uXpb&Ga+1prjoay%x1sZD%20sOv{PRGnJuN9%Pf;8 z&1>xuqHIq;KLvg?tlhZRiJeI|soNO-k-!-%BN4o-r1#@sgA+!7cye;kBAK1%3`2B? zJv=5g3vGOmNI3p~vG<-~O|?<9Af3=d6OfkBdzB_VL*sN(X@;2m}Izj(~zv zMJyEQ0s_*TO0iHvuY%G8QWTK;M*Z&GxzGHVdFJQLFM~Nb=e&LIwfA1DGA8-_>dR+o zR%xnaaw(923aX*1GnNV9oQ{Rg2lvFb5$W`FHztlTpHvBbs{lkH6r#c=ybV=$m4cD% z^9GXw=gD|S;X^m8XQ1W9>yec`*%1R)q!7Mlt}=hfdAr_*VFCSZF8KL3Dv5!4z?-am zK7MX)`lVjRN46}+GncG+-bXtKra;_#m_^R-AJcD91^nbzT;_JrfM_dnsQq*aux|t@ z05ph-#$S+oJ-v@zJX=8i6r4(Y7Zhr?p8lTaCid=PQgo7!Q0U9Y@!aojiW}eswVN5U z4A~yldar(mr-~G_dfe6hZ%?>O22AuTe6XmzS<-3>$2M_dtB7xi7?|j~=`6@jL!0Zg zs3oYVJ`fmK9GZC>LRqZ`&mfH?o`>N%RNv;^=XRn|S-O3#55h49pTv^simQ$%Qt@F^ z=dNF+?m_{I40O(dEn3Uha$;q{Q&|pb-6yg{zD19W@lCHFAt8t7D*HN(&}#-j$spWV z<*v~o$~p2#sGvFnCY*7Zyxr9UYQIcu=fF9X9j?>BZf4WQ4PPw8;2kNke5zfE>D+F* zii?i*9EJNJn}TeMdJoE)dL9y%Gm>rVsw)+3d$YV)unN}DnA^rw{hnU25YtkXyO>xCns~^OLJM_Wm}h^t~Q-c7L&^O6L?y z*gDnxcYgs1F}>wdW=swwE7mj~tL@jXVb+1BHS*|6eNsQE-+p&Rw^4OtT9!7@08au7REuh2{<8FlN%##E zrKSLo*bs;w8q}nQfa+Ru@5ET{?jlBSdNM5Oc81G(3j;L+u^p4f0YaDBKYE*qer3gZ zVf!V@6rTgHNkw=tF{?Mrgk6i+73>$af-(&|m*>c8vA~43*-hAm{rLoX)HRCN$=*<8 zT1L!Ut>UVjA;J0+vv|BhlpBVtR|WAhoh79|<>&b)FOq@&Z?az6V57n7yewX_2MF%v z#4$2eoo|dxTOU6rxW^a`v7#uLR>dav*X+Fh}@a27DII8r5MqzEbhzf2Zg93y*dOi0vz|Orw@1Ta?S0HX)baN{EKRP130J zOa2=c7!6@qQq6SfU1eeLD-abWBGK+9A`^!o<_QSA<4;l zJELJVsT2npfC<$kXoti~SS^a%%!_>?c0X63nsne0a>3D+6-{gs?Is`CEZxH2&;Et` zPHz($+AgmnLfa8-ERVqAh*RSD!h<^U1X8~vsRYi3sv%=!;k2+5jZB+3raq||9xR7y z7gp{U3A0y3M@Sn7Cz~LSoPh#oqO6q0VvVw`v^LmRi9!xo;Wqfnd3Aj@`WSXHPNYPhL04sZ=qO2H zw(Q)eL>l*+#$Qx7Tm@MQjAr-#^9U4Rsc|BXN@w6&$}~&)#teZ`aIUVbU0#hP;uJ`1Ej$@xtYry9 zXJErTokL#d4;w3CcjAZOHK6dVTC=c=oZDi!QAXEpBk^9y-s%ki`rmt?)xAsZ z1tD*CM^%1HuMzCe#M^=bY)3i=*N%pTJtXd7MSfOalZf`Ys)smRVNBBQB`gFhl^6SX zl+#@{R|MYwQHMC#0+R3i)~R%f&JThZ^nwo-U(z;~W9xcF6J*a>X6v!Oq6M+;$|!pmco@z8j{-rW1GX^oLl1s z{ru=mT$;gsQ}zFbmxB)s?-Nns_2b-1wm^1xLQd0MDA7_%M=*u16kk+sP#;lOa>tc( z0*SLa%H#9T4?U4NN@%3^$78Pebi-A+7>;}yrnHn`>k;V2sLkaQBcfF+3ZcQW73CcI z2TqA%?m><6#mf4ER^Z90_Q+WKS0B85b5tX(*akFPx)9(qdCqJ3x zqxc@();({n$2FD1vrPWUAkDsuLbV$gJA^ImjY3$ z;18A67-WBt)aC5yx`zJ>Xl~?EsR0<~qC8(d`nQKR_=gdti%F8f;m2H=W4#GIZ(yS= zc9|}H{9BZ*L7&>2U#^syr>u3<~RJ`zCr4F=$+X9XU5PIklT-}ODU&^aEf;Z12zvntgI^wX*yfv z%)%`fB7@KiaL4b@J9krQTb6SW}x-R(d%d1c%+3rm_rHm@@#JtcrD zcB-D;La_S6=^J$K?ll&_$M_A)*BhB@R(c|r zk`oN5;mR0xU-_$2zgBL-5f2(l&P{f-+skF_hE}7RY_{}&Q?92sM=DMJzFo3apZD{1 zufj;hz{nMja>rNJ-PiRLhZWC#ak`Wh28t(TF?#=3 z@@vhC`=#Z)V8?h>aQ8odN)8Fj6+ur`e;6>-UQ&ukgr3sN!n}#b0@6g)^djIr5ayjs zmPVg@BK1+e+&-Q(953N=@5HZvd40+5%#N2&?ro`GMw#=f=|59j+bd+Q%-mhtNOMT# z;)S|+DZF<@L;M1KcS^=>_TN3|E*^!ioy*)U;_bTKxaMg#5GT7$8>g*~c9UAk8>(wa z%d(MN%Ezx2zPXr17pvUM;GP!>TY@gUcPtNFj*-w+9lIG~+xqzt=WxS>s;K_A58lJO zLknAJhw2~h%y`K7Xp>kZzOWX4RQI4v*u>O&=||3gAmBO3FiXolw zudK_{fXfZ^T1r_Xj>*Fcb)rQjZO!*`z8!*?u`n zLH+v_F>KyvoQ2eAq=|pZz`nX%yp(t!$7q`DBm68SsItF*rya(pM;D(&h1KG znnS0iM^R4hUP+A-7CooaB@1xe=-WpGKh zEL$-zHEH7(B6 zXRbqa;DG+b*wP+#bo;K7`U_h3=%0XjRO0KwRZy$(d7`56^qheH5Brk;hM9}sI95@>n&<3uf2=j3U5J^! z(&d z4GMP1BGkTt??RIgk?T9OdW!IuSdLK@&ju}cEfoVlJHNpdm9H78!CXW1MZDH<7fbu& z&X`A{p}vKMGkZCyYP}AGS12?hqNZik|<3^CJ1!sc$0_m7j|;_U~aXL zixyf5k&@|f*FSA$>nEMu4#R^1MQ|{hvDt_ERx-Bg_y`{1G0&QtLNmATwLNwUZQd%o z!N&SK5ASNYwVWYph6pLk1w38RzR#`;gV4UAyJlM9bMgNzgW%;W5RxnhD9=@^ez-K$ zQCGu`6-y(40XEZ|CMwVk{sM1Bv16=d3Wu(r*QtYlNL>W!>oLF#+M!~0>}7L`@finX zsHN2{i^NY11Iu#Rt4Q^AsWx<|IXZ!-=nZ&wAQxkGwJG3fzE7k8v5k&>KTRZ!l~eDG z^YRHt;IZB|1#wj0$m?)6!PH}fdN}mT;Utx3u!b>_(6AeX-gK36VBv5YWBzri-Tn6RFyns_%ah6?0 z%55wtXm7)X@I)|LcIo{hX*E3*7vx!|b%Zb$S*Z7;QBK6=H(W@7Omy;X{@6AZhSSxa(VxdJi$o*tU`xS`dFCDJ? z_Av_Cp|fgb2?InvK0^{~luuS>1yKga>Q844W(+-+*D4yf#K|1Rj`lXEtqYN-7pVW7 zz7bFn76K@L982J=u?Rk!W1yp$s~ZYbD$oKoo%(3VJTZ1i?j!w@8z|AcY@k9vhGzhk zAFLBX$S$he$Izyl)TgBM%CO@J9pmlf%FeaLZC8jzWJIsy6)An#c&fDKddjzmIl-DC z{)f0v(K#!Hr^=z?^uA90>qQ}MMq)PYlT|4zT{SaOc}&7}JkDTvkdrmH zj{t|(n-`=ES!@^s2^ps&#`364jAHZLYptx$3`NrnhDR&kM;(QBUFtcB=NAur1Q5w- zgu;KKe=rbhFf)L=Idab)u5UV?;`>5;Cxc}*Tx9Q`Th1D#<#|Cb zt>_uEU@EGQdF3MPc8)DpPmC<~FdRccUie{C+Kx(>-BAP-bkzVFXz}B0V|obJ;(ljm zj(vefks|B6n4(X=!STVV#*k`6AH8Vk5TqfcA+2_Poua1n1XL+ve4*E34zVI3N~5%}SqW+84Sckyyvo`}Y??tYO;z+q#*1I!!JDFJ0|Z&S zc%72!{QAQe)x3qtuZgO@8ZbW5fSPsjKMBogYFmssfhOScjq@8)Ji6HGD4Yj*Q4djJ znS*AL#&~%XDSaE<+#AQTGEucilqkggjtQcVBTuLG!Qfjt^^kqq`M4?&5mw*n<98fD zvt=3Nsi_PnkgGe--P3R3$7#mhlh8-?Ld{T&khlIrmrOHY0&bIIX(0;GuFdGUXui6+ z+0dSlfu<-!M%^+78T}aK8xifkxs9?b8HXV~jUSe#6I-8tzGwet&hSR-s#FtzB(qNW z6ioj5Utp%cVG-mSzA?szc>jnA32|kGt*?9eU5u1T$|~Yhd`bBPejGh*fj~lDpfeC> zAYbQIu*y74x&lj?t}wAwaV)FvK`{{Sh(U#QWGZ_ja5Sn*YMHdwzB?pT7_J=&By^`& zd(pg*to?$Ax^WYI-=9BIJ3k}EQ~X#> z@X1zEHiDC7sT4Dsf6v5bK!R!h1FCrL2wO7x6=kL*DM-1zNpr?sOM+ zy|uy2!qbYQUcH?QUYz~0=6HRoKicPO?v=c_`8OWOxK>w;%gr4xzW%neO)|^oDClzL zU>HwY)@qYwVUh8vPBHJl?&l=KE?$Xg?n?iF1i3Ic?j!~y;jNR{Ik+P3#{Tr(K@1Gp zT)Akd+7%z-*vno`e*gI#D{P9okV2OKOg@SBjm$^0jMs?gzxqg$R}*u@2vjAkcA&#+ z%o0-PVUozm$zl7>O7shX@*#zGXy;*@;+~34avK_>{c>%hbrE8G*aL;6tPJB-aul)-CE`;sSR9OeDjfdZEp`Mq zW+YHUmI~Uw{voRp+yBeb@^cE7TbQA9?R=7zyeQ&xt49e7>?zT*6%1pmnlz3 zEd_PXG??r-)P&2cr|JDv!=vOaR<&6C)m{(k2pU9B_?DwBHr#7g|DkyyW{XqPY++Uq zViG=7=_$1Je73DSn>7KI zVANFp2O;-h#gi`@CyT|7$v>ikNK7*6EqeMH{QEDwb7}t3Yv_XO=q!-?uKM7lQdYB; zbY^`peg$yp!bRB2^xYXBMB=9)oU{lp2vWJAZFJ9?6GT1Dyr|P zly%Q@vY_<)o_09id9Y6KNO|Pd;eXvrM8R!WZV}v#;TQpW~>c|i> ze2hWe^E!a5HX`+G8Ao@!V~AYIpi?2M1hA#=bgN4&WJy26CqUv2 zZNppPGyL?GNWE_9*NMd2v`b5keYIU2Gx+O8VoP7=-hW+98@Vwt3yP^(%ku<Xv**60gcqyn z>Fdvhh}ee;+C29GMro|hO6`X&=-Jc|vJOyWYb~fxaFRYUZ1|130N!!<3ktg&z>c7p zcmpI3C<3LVk6t@v)MG~rxlb6R^KRts3IN+Oke#204|#?UGx@F0Ix-Ur^6AS_Jecy= zZlCxPb9aDZ2f1uCd#RL_(_m6DMFI&xn+j#3DE@5+(OLkbf{IvNnaj@MC&+ZUliuK_QB70{80!ugsk zIK5LpkMdC_jU1zp?!NB+inWnj(Zdo_#aAYFM$jehlEAjksCP$A9w3L9`>Gvk47I^N z2h=NKs4EMK$5RG?+A=eXGWIwY#QnN5R7j)Pgda`6mAeL}mFfR!T7d?{%LUm9uYuH* z0{CZWP)9Os7zAiYNGsYveLu4r84E;pMY1ty%L@q1hQju-Q2NAhkdZeEswenW?*ep9 z88BbW&7I7J#xehTjHH@j8EoPT#5vY|y2u$_1v}TLpZ6mJDs-{oVaU0cO(^^VlqUv? z(1MjKUy96xY$b)nsdcI%sD|{^7$&~X9k-!Lqi~M^8wsP>^5VNv;t|v*LW0p9p-&Ni zl8+EDdoXL3XvW{W2hB7GYtw4=9|1;NAh+zi4K)|mS8meQ9R+fCXY&LFs7-tp;)G)q zp$d@nmU~Arq#HTp@QgT}B@_$nWK%Tm)R6tmivD(@4^Omdx(K|P2H!OVlswNg^P-GR zb47!{KCnpKmc~%>aMLgOA95Q}-t*^VTflI>fx-#A8rvN|Hm6lFF0z^(pBso^JW3>A z?N5JMppv1rpqPR$$FqI6bHHw{(~4{Q+f|M&ASQ7GXH~=UXA38;$@wZ;Ol81*r-JIq z&S8#>SfA#zODQ~PB)>i|GvYOf;WsLL~Xv?mh7U>OCz`>-c*r}AV-^a-fBv0rK6`8 z{SgJUs5&L>>|PGNVL?*+KT83uC=?7-yPANJrgT-#JME#+O1l-uL?~cK)|uWLv)6FYoQv z6}5aLg6{$aHQCmNC?8F%T@ndzQ1TOwf|n?CZq%xrG3b%35brUQx*){*R+q0 z%`F-@5+h%l6#wtrJh0o9(=$&nTOjHOJ>R44uO>ClGMGBo4f_$V21gkxe_7xY%&s%H zfD8lcIIWTI<;uUjG#7A$igK9UD&XL23ub8M48V_l$0B7Wd!TFU`d|K$S2PidXa`)lSb(S!Gzax8xM=T+W- zrwe4dl}P?G^=^Y7#!sl7C7`UV1l105PJ6RI5Wo3Z!uEXAcfbOe9H!dfJ7`K6x-_FZBX$35HCAx(g&XvA7YP>|M*|_MGyk#$ z&1u0`tj@O$frWu)(gBa|qJ2L9?>#pN@2MVm_iyJK5#BSdeB#Vs!>JHaz=C`SC?&iI zJlO=Am^#4WLUGIk2ymMKMN#LFzW6Jaupm$%6w_J(Fspq)2s=SIPRuRGRvZY*p#;Ik zliAagd`ZBKr5LbkZta>Iu%l4~_^f&eQau}!^+OF61P-L@^(uG$0vlnnH6h*YTxkh!(PpppqQ<6k1=1V9wC!78kUimzde>gM)C}%zdVrbN{|a8 z5OLRieP}%al+Qb_J|fV{o@{uB*8rLMG1xSOE$pQxP<%R?-U_o|QWWWe!OejNU$SRq zI|apkHNb@v*=K$8(T$ynlh)IdEv>B6?O08hDTb~e1yS_XAhAk%(RCq=aQxKn=byV} z3RN2b6_qbH2xMk;fINHxP{ckkIkB;b@6D#q1W9pXWv5cMjsI7z0+LFykaRkwsgHi@ zLk7K)CTXIkCBkHX=8s^CmME462XU`rBLHEFD z&W?ifwPXk<7*u!wxNjx^zszlU*Fjom9AHeMBT)!F-2NB{*yTH~hz$`$Nk>7`GEO8c zD`Ajgf-pUh{d5lh^(8;@$DF3I@Wb8g1ayNOh2KhP}7Pf9L* zP;2KTg@@NC=dRcj6q5h}tuoFL)UdVFq*3#R1rg4nVN*Qy4_hR<(*Tj(&p$mD#wBV1gFWErgZ*!& zQDkp2cV`VD0fv1I2>WI+Wdf~u%6^*|D$3fwfoy$W?&wXXh_BpkVZk_Y-OkO&PQI!KMueZP{5mg(h-LE%;Uv zYu&5&26+Zw1~U(;K|!#h*HnYn_P9%1x?Ynn{^tVY*AoYNl$d1&0nE;Ft}d$n08)=y zk*|Sxnh=1ry&bjyXB`DCs?{DG^xIMgYhy!zByJ>@bEFq@P1|^{RHu& zM%!h*ajo33p7XOdCm{T{f)ONS>i`{60J`7=WCSu`*i8RO7z04P! zl{wufigVdawbz{nnq6nGOpA8`qkWPO4~DX9=tvt1(}J=>uT3DK0UHwvP$}dH&}-w? zeL=$_gYUSawxQkAjt71yeOEr7kHmC7N;xWY2&77)G%DdsDPgEH+C)@IZ_hZ;52|j| zn!)0*HJ~|)bLedXOPbE?bW>2pSxy)E%@r_3b=|{3^cm7dx9~yDN*bh~E(Hrs3G0lB4q309q!uqrWnyc-2(=sKb9orXs8k%El3Cfso~c|* zHw1O(0I>{?%Rn8#16S#&7ef4;90wi!P5_se(GDpqo9@!L zGL_5H_kV`9jpArh;E`nBaK~WmxzRnLY!9XuQp=P%Y#*7w2l+z{qn@E0OUlsj&q7-Q z8%iEHnHRHwGgc+qEa~5AFUxN%R!D}3w~PoyC_{;%cLSfojX>GYxn^2uxn-MH4^V%2 zqm>8COO=IC@sLq3g@PQ$_9kK~Ckr0aj!kg^9wstvz=MAQNB2TYcO1TKrN)nD{IA`!rGwFqG8x&B|>0asSU6z@^fXf!F(f8#gmjXN5?d z6xC=hWYpbCxAoLL2AeQPpURM2kY>#ibC5}7MEha z%L_<(d2yY;+Hw|u_&JHchubgTi(6oYro5lZW^v)9K?JyhW|7b?#T;^k!1iXy{K5Bi zrV4Q~=6hA+ZCT?U4rb_mtKQlVcS$sn9J@peUFzBN9xPpJAIL?wc%8^4@D#E<%~dR; z(ku0=rULq_k$HLlET1$)fjKg6Ynb^uSyfB{L2v;`iwtW?LCK)E5RR~GSa!`r8ojUn z&HQQ%ph$Jz78(d)BqQS^hHFE$&cnAbx4OyaJ6xgeSji#yIVd%j1RGQm2HU@~yjUse z&1n)zNi6qWa3oodkA#E_?*Z6GA#skGXQfGYwT3Hcw&oo{F`13Z_%9%o93`T6Ca}7F zgr<7ej}6Sj9-6NzdC60PBakFJsvKY;ezFwWNVexoDgy+!&&&d#>pVi-(>) zBuDv2Z=4EY%y11N#35>isW+&%h*5%6;an}`kGd7@Lg`>k@aDvX^H{wuS!aV-8h2c0 zN6AqKwp;7?;P4S@6QYP!jK<@`<`m+{r@+C%i%7BDMg4dgyMnFM!jL#=<|%nT=H^|Rn|YgQz)op# zIJg~@=jv>N;B85^ib|BX+8(Zc{uVZxt>}6E#VG?A60&@re@31uVMwU5syPRwgj5?^ zoEeA(HMpFjWgI9qg!Het!11>7Si_a!bg)3XiG3mGRQtIKW7~Y5 zllvt@+szQC>#4hH9sE}{Q(NyWz1Incd1HQ5@-w`f7Z!DZrT!rHrKIT-6u{!EoQLv9 z;+S;dP2EswtfsT@IZ6rWbqB84t8am=6bL*p^JtRpJf=Z(Q75H!|6>JlOe4^7KrhqM zEYQqHv55s2OveEYYTcrcippmp`juCkX}Ay42Y*+IwC{Fosw^ZaLa4^o(}pry>*!D527d}4^&9L_Z<=?!*>^D`0#C?vtfwSN($YRBq>~pq z;H2XbVR+n+nf1v`67fCaJN!JLB>K`%P=EW!vzp7FNn?|$q-Plc@aYcibI|S+nx(;C zM1uUjU6*_FzK-fuvTaR@AVJgzmKPoZ53MM_P*_wBSq=W@R&bE%>t$4~(Z@L{<>b0i zBS{t-LA9wx_njB~&$?o268h;C=C4AT5Dy@%k;X;Lf>1+*JfzpLm&b3gCdU=s1yW}z zFk!GOp%#i)HL*!|3cKPokYp(gj;@Ju+?EK-g$1QF?d|ceU#DoY4%yRGKUBTINf52F`5S`r!tA7_+-?hfL z+|>+!o%-v}p|aJb46VD2e0EUo^=tlp8d71TY)A%12yvGe%Q9eHpP67e=)8i;c_CD% zX{VrO0=bARnarqrL`otem6P7K)=uXJ4JIQZk4(~ySzq*BuwinK@aJx!XH5L=gAZgR z4bvuBd1jhhfv)o~BKdLw+ToFdW3{i1Eb8J-#xyT!$rZJ%{^875N zzsrfEJ@RVf&z_+#c3?|N7+W;ZlM59e3DG$n85i7t{xgW2=OSVl$`PiZxK*9N)Lez4 z`&l0@?BmtF61U-;gTGcyv2*|6QlU$61^fi@*SmesiZ*2ud{axT`W;KBS(>UhnbTe1 z!Ypi;9R^`W8~ns=$1m}*2;}iEV0mQD0}UksD05)NROADWlcRoHS-9bTcOMP{rh8+G{4 zMYU-a0U=k%xZc~>mBRSX@H9MTy4cfDl+B+>H5cb(GhVi3Ap6u#Em>ewVL&N6Ozu_o zpwuIce7(0zYCydh?OX0Wy@S`yaB<=o`4@z!)+zw}ZC30R5$Rg&RXU0FQKfhBPCf%N zE4FEN2_*ETB8@wpUu~ET-K^@UL{;27Ii8rSD91ZRo<+VTfFs@?OaI^)0K7N{9Qf#q z&3BIYF{^}BC`U<5-hGCr;POL z7QY~Zs+l5cdoI-t%0T^ww=YinH!IVzZ$w^E(vl@yUY&|xbP1@zL)(}{q$S3fsf z2v1MPING0JB2wwRq8VL#g%;triJ_N7}?L#!3KTd z?N_^w-@S4c=oZiBGs_?rgvKtpr;wiq$};iw!M5t|EX91x^H%#q!I_jRn+2 z0{o98vT9~zgxY;n|JLAm_*#qGDmg^^e?RL9e>joMkdi{%=!{4Y_syk?=U((BoPR_`Jh){l0 z*jLva--~_cj0&|n-oWN;Bn`NmnNgIm4FOkykn_={f$#$eNi!>isJgVb5R+OdKcps) zEdXAic!+cV3- zz1%^Vy2bt45;0}~`@OGix+zJRy)Sjis0H==t_@tN)&I#KfrF9JRB89PBl`f-0&QmC z3Uxi0y+8^Qi8zmWWQnbWDXF6alhyZeFbH5-elLim>Tuk8dq5ws-QVzWF7-sJX`QK= zB{b%x@>~QdA_U8@1yTjLuqkW7lh}9^t&3joWrV8T6*YVpOn<@ECIdD3mlw2!R?d89WT|_}5qezAb{9*p| z0%Eq!yyv<2M6vb~o`pb|dbLo1RrC_1LD#YwnFi+;DD+LVy_RzZFBsf zm5rbz{nY8YNf)OsX!hKo3i!oR*hi~KD$0e$yS^_iCG?f+J2>vcbz&^PJU5KG6eT0o z(VjMcqrX+i#1D}2lW#HZ7TPw;I8=iO2Kg}nO9SKBTpVg{4p2J+T0Q}NYLYkS|80rC zkOjttgzyrY3lsx9(RfkXLK8u>A_N(8%4GYTH)uvg+-nwrYWLTMoQWO8-vzp@%9tCB zV$qiE%<(0p*SP;^Us8PSIewnf?z@|SE- zZR3D>Uy}LX-Wfue6|lUn??;a!swwLtg&}blv2%uV#;UGjPDWIx`|^UAD{v90Ak?p` z_Yl8GdKZ8uVGZ9)0O|33CHg@(Ln_L( zwbi$CH>IdOOCZFTA`%z?OE-@i8X)#;fA<07eZo_;xW@PR>!aeKeXJx{5;gb|<9wZj z8X;e)7BFHel18w9o+_!v$&9oJSuT%h$rP?|A6xuC|CxLkpLI;>~k4V zA!7YIfVxRUD^GfoI4uIM=@%l!FZ{DLc+iOWGy)MAh~`{-z*Vu{K0@~AO z`r~>=YU~0C2-O3n#!U6P#|4Cw0A@|5`~FS$8EZ>GtPiwZ$&L2@1zhehiqwh_7XwLz zkNdOX;qCyd`%d!W{-1cZU!qoyjI7u7yfiM-SIhredBvymNa>%`2@7plD{t~3 zMB<-VzvDB~W8~1+`L|?`VaE1_m~lc4v_Qio*kE_%RbGn`c1#gsG9Z19Pfc+dQa>Y?qPg(|=`eFe) zl4_g4#+4%vlrc|DW7WiQYL6QUrVf^<-UIB=&Z94kcqah>>z?xjsh0#TjwCc1gjdc3 z2_yZs`_^v&_#Fu3318E(%fK+_Uj7+!5UgV2Pv%nj+;XySO^}_CYdK?ESY&f8f)KtU za5vmy6afxKltB9emXW_h@*F`$9SpbqnLnmgh6KsfIc1=95&~2abY5Od;Zd)CoB(up zeTu99J)e)HTST9$7eu}}NTN?a5>j9%QHx2Q(X7`huU@lyw)%oab}Wk!yfPvKF#V0= zW3V|WhW`!?AqZUp!iFk3MI6kdn!wTj`f1`N!xi4ltb>u8h zaJu~yob0a*AD=7Em>abu+}ex`0Q8;!7kCULO^1QP!%c40z*-P{0P?HT9RaNYqD+DT z+D1eF!bN&8W9q^pfrw$)pJ^LR(6BOUE3x{wUGe~PAinp^**HQIVT6#>|FS~>9pATc z3fkaOeJ*hHGAR|r{4*RC2r^^x7fb&1>`OurYL)rk-k)0tCB7ujbarzx|U+ z2VQNw;8`Q#Pjm<2@u>chr+){Ag&o|JgtUC~&oEmN;%tHrB~pJ!{aGxy>-TX3et@17 zR1>0g5+Uw&e{K^`i0bhTltYm5MI-wAC7iSN3L6-B1!X)P*cjgQ;f&FAfB&;^i4)6LIy(GqjzLfGSN-x8_=)1yqTCmjKK}D`Ig9YM6nAmih>R>5r-6E{AiTy9%b_qV{ zZ`o@MV8UfRLdHErgGu>-5Ly?sw)Y<*1J5xqHsuCyuuAyPT(~(YxH3ZqOj1D)HM+Mj za8nktn*jt97#TN8*o*(4|2o2T6!Bj!!2i2D{r$Dx&sS(YGmZLp_Mui`%wG~QT6B=I z>8hw#U*4EqQwD@uySbkYP&jaSwer?1*b`K{;D3AUpJ<&VyNt*ph+65O^FQ}G~2x3lfsSvnRW4VgW06oV=-FMVRG~5hVCmG zG#_H_ldCYU@F$(1ete(MS^Z!b=yaaIVF`@ZCqn=K5PE+%f=SRy=Q-tjBGA!tGKJ5L zGYB2}%<7y7+&Bz;%*Zzs)PFzp{ISUZ_-i=v{%r_)f^Z+s;U9^hv#r35(iB`SoPxpm zl&wqJ{}(B^YDi5ipDyxA4(u=mf5&J!G7!kz8aIqs-6#BBAm*dYdqT2BwS2LV09ic2 z0b8iOYztaw%J$=jM=@dlE_wK+A%Pow<5Zv8BTV+5FdgJ%UCz;gO2wMuo96PM;}o2W z&LRpF32*n8K|yO2e0HI;`lR`%jh~5jBf!h?Xk7)l60Z8S6kyJRq;&wIAR2v6GU7#k z{@5+v@3xr5$x*pAmXCB_f9>|rzioN&=$&2gqV1$hRQc$g2M_#b!fZK1!*_)DKepz- zruZP`t|@KfcJIi;QN79AeC%fDu5<6(o7|JHs}!!SWu@=OS22Ruu8r?8r-$^JnbKby z=E7)E5n4`i@x31w1V1-<@C|et`^_0OoV#t3`;#;3)j7d?BeN%S{FB@DM>raW*_&?_ zw;tB*bVSo^Bqmfa6gp(Kyj@d^!B@O>uAkNXTz(;!EGEa{3)}n$UN%zvbKK*Lsb(7~!n|ItJpK+NIa?uzRFgq{+w#$RkHPvZu#{v zHyFRS-y!Zjv7GJUP=EYWV$$PjfM-vT{Kii9W-Xj@^M>vD*Yzv*Va~;OIVPmGsBKx%E==|iJrvaHL#gSt~?$5m{dHBq}o+c&Szy1;o9>lDU&?Aq|E zX8CsDuM1=3pDwh{1>;0@I@uY|S#RD=eY-ca1gnGw>Quau#MUy{hst1!R+m@miYH6@ zPron;{_M3>2W)Y`8^0Aaa2>)zuzDkP@($=PU&zo}hIi&s9Pk8PvhYh0m%X03U7b#`M47Bq#C*5KOzlh)?{z^8 zdn^q`v_kFnqJ6kh|KiWs-(GL)ab4R!+uj{rP)YuLcK6u)z^Z$4zZtD%8Iu+9okmf{ zk7a(9&kYoptEv4`;oLnI58U`@rt`X@^^xO-;<#vkYy$DMS-<*-FHep(cr;e}2Onil zIaFx+W_s4F+^?H&be~XHvU35{=`veEpLh8^e$~%fsJ33=o>;y&uv|zAEQ^AdikP;~ zU>kS4O7Ib(U`wJV@z+)r6*P%_38Q@zXw?Wo@R+(XsJq`4x-wFszwEFuyvF`NVAXe8Db`p4!RaY zLk@?Jm^%8mF+RG@Cnc{sgELMO!>12VF7uyCPr-WBgj!`fuHD*Mdu506(KuNU581B! zu+iR|PnRE}e7%|7#!^jb!TYMCC4Qx!gCT`CHGg~b2!3ZRmqDZ2dXtN%girsW_f+5A zjlh?Ncf%T9dwwY?p;|`h<%z~s9lE?9zP*xJ%GtJa!t@tGw=V`QH!u0B;0-q>=r2># zqKF&CSxpvP^%u5ZvGYI_95302@4n*p{|Gy}^*a(~cg=IUW1`l>>u9|tiaTue!euN| z-f7sfL{s=u`u>pP(~h6??{Spgba3lU(eIx;PiprRx9Y-Rcq#psUGaPX zLXwzTN>hHE?b*8bu&z^4-7{(AJZ_6#RUMn=eKXXXGXIXY{(L%%)g7jUG$YMZF;w8^ zfeM`_MRLp60b7W|qD}S^a(F7RCz)Q+04t9=5}eiA4pMHy&xG{TD5ts0%v~N2ZJyN- zgCvGodvgpLcIBn5{15itGOo(5dlywiK#&j-q(QnBrBj-PQc8DAOG`_)z@nsEM7p~{ z8U&Hf<7!`0` z72Ur0x{%r)`f+Y<5VR_Fm>10EniWJ;86qrECNK$7tx$JfQiKMz9eVPdoy!OCv-w&y z94re^GBe|Ay2;W{Nqg4zXuDs_ZoS;!r?Gl06Aa&6joT$!@@Cz9$P2C;+@S_{P%5A^ zsrYFd&~2eou){*_+82xnvVBA|?{+e`TN!n0Um@VK#xZJFhH2TpG&ue!N6R97+9L*Y zTyHB|?7?#5Ex9b(N!3Na@##>G&N$W;sri`Zr{I(EPYsNVUrZ>q8X7LoFin^%r|o?{ zeoq=U&fKy5_1VL*|9;N+Hu>84tYq>NelBZ4=Wv0`ks}$f(SEb`F2`@bfG&mD z@##wg7#WF^O^Y6auc)qhR4Y%W`mM!$OO9{bY2cSpmP9{|+Q}+Q(x1&d5%*-dg-En> zwCd?T#o*9Y>9{u{xSdjV*w1}Gen*treZlaiZCvEWrY}FgR~i)#z58{YDK4{)0`u)Z z28;M_vp&8X_pPG!cQiq8cV6Buw150f;K$^1ySI5%U>X%;xg`)@Oog(i;Lt{(Z&{#y z&u4z4vW5500GnLztF?Yu^fJkCIp)prk!B+2R>=N^$($^@r^n?Es?5mQT#lJxMeG*y z!4@k^oxkVRo{Cm>CQH-wZQ%gxbl=E3Mi3jyS)t`D8kkq^d)1^RgXL^D3LgJGl1tiD zN!kUm5lQ4%R^^&ca^?Q$IGo^cV-hiI#PIpvz3pS!(qQ$+uaO_#?P> zltsp6MuVZ9pjNi#JI(y*`3HjVFoV`6&#xy2`#(Qc3nePXT^RkAYup4C$51OPGI1ws z?<^-5#P)Q04R0a?>Xw!&8-{tDJ9zEro+`QIpoW{MPA81WjL=g5@TD_gKRqmi8%O`$ zD+*ah)oIeZesg_^nb`DkRxzwfy~h1qYfFjOUnsF)4aYj4izs>+ni|9}nCj1%Zw`D^IhI$GcT z9kGn8w2ygZ&mi<@*Z+Kb3VXYMP)8jW_)4oJhC?g8fjm+ ze$Q!$q~T0ftZcgbpo-H7f#|=CssaJ4!q6?5Lk(P9niZ3G{ojp2cbfgASGzaZ)n+}d zC)9Vv=~k|vNn5F&cVba7N{r`+Bh5vH++*^4uA=+*Y_VSmzOUI^l@F$M*0yQQLgWab=OA?~nu%s)Rd1&c;h}(sZGR-=+fZ<|8t!6zQR)$p@;V|~{lens z)#+^9lEtp~gx>m8{>$b{ZIdy@L9#yHO zpgghG;5$BWh%P9deJIRW!uZdjc`iE8){%!)0TZd8&OFS=(;|0K~o-?)}3Q&bYt=lip5leG6EL;9-ElUa^_-KY2nA52l2KJQ>e^Fdd_SE zohGT<`RE!Wu^TBS;D(XBb5afR^>|7^mgTi9dvgrnz&;ACANYpm1+2v5tPSXPUtg(Y zv>VG++?_G6GS`y%eyn<*YJc6gXgiK}2V4axM@dP3HJp-q{N2H-BIQKY{fhrYk-xw3 zu>0}pMQG5dNwSvZlmiOhU^DC^HR$&buQ1i1{r&i0xDmmdN3RRAy(l$8h#cVbxilUw z`Rve5j-up%2A7bA+mo%z!^3`y&M>SlYZLKbm+Mt~<>a0Trdt(zR<4$gVvj<<+XsN$ zxwi6mm!GgS@Nl@NopkgvxxtD2C1l5A{&MwBsbRODLOE2wrDJZ}*n9Bht&Mtu!|Sde zTf3ZXahsFbGKO;b2LV�g% zGk>fq4%JY{?v@cIG0EQhs$9oI%}}GTrp&>j#LQGDvq(?##R4N>hTX%K$l16Z7)fF3#Qh z7!K7+Jr6!M;jIt?w(_wYev?#LPp;$9!U>|&KYigeFx$^SR2xh9{bPWfjX)?`|If&WFig2}Oo;R`uV#tDF=V)Hq-uxl)e@B+^ZM8N52^zHcc z{W4LuM8}B%5B2@b2B8z9AUMf9s{;HU&L44pV1_Ap%Rl z^0a<$CmWl*Y(mJLfY+*0-&~^z5lcfO`)%O5Yxc_4txHnGv{ob!CwA1(ZxsqT;6Oon z7Wjdjl>qjj(p;diY7zlI!b@D}-J$=?+p_2nW(6--3xu}`n3D)RDtZoC^55k-6uj## ztW?Zglu6+=X|cGvp2D{12@O*6{-MzJ#KPx`fGBqY0l4Z@K=;4y`v7`xw_tb`t*4$` z!*yeSd{y&grDjLvPUDw?8RtLV6FxTtEb11Cg;UN!f^#?fGKnvaB)5hOvkPX^m1aAs z6yQ#Qe_j**Z7|h0pru&*;b4$+V{2^3r-;_K$+g9GIK5+Xw9?eXyiz~$8ml;A)MNnh zv+-u(<<(&ww&m*dh7t!cb6rxwRAXI1!{)c2b4%dNJRfA|STYsVU^)PcYMGmZ>SVj$ zqN9e{D+O{@725{{a}P4B7mg9zUmL0_fRg$I;aGTaqei}Y-SN%bt}<&_#h{vJSx~BM z+1M^`C($ca&R2->BkQR`x>;Rw`wvD-d)&S192z`vTHh=H1@#_Io)0@%v{E-o00xLp zgGU4dWrIyu&5hTmqKOAfBiSe;`q`DE_8p_6`q`Y7J;5wKD%pBI5PFKqjGZ- z`89KsPIiqY^bVGbHSo;pidv1@M=?JdEgZ+p$ink zN3&%J>ee$t6c;0~<+_jeOf(XAyjP2+=^5RE>^;Ub+PK_Mq zr5To`xAJ^0MV3BN-I6>vhn^ETI_~D!+Je-9xCGRQD+|LjEtl$oa*-uB`?~juHTd9M zgNKo1l6xVk=dZh!y_HkUf9AdubWW6p5lnuztQ&Ljph`{F<#hdlxjx%CYPtTJ@<01S zG43;O#H6Pgk&HI`!YwzQ$S1kV8jCxcm|+tewwOdyu&~6*o?fns7-BBWXMW`T1ekG_ zA25lT39Qc4%hydbsz2$Sw-Ec>Sui=hCbt-n6Bs0S94pPgI*^lsr>qll3%6J^TcmmmWC&nUR|)z!oGIB(}LwsO+@ns@OB>FTuFI z`Ko0%_`9Wz{rLNgMVI!JYUT>jB*E{-D)U|U$xF+ULeir(*Bvh*a?`|usR^_W-o4cT z%f3AF@mWOeRM6E)1?Jc$&ZL9F;eL$d6qUhTxmV7#h0mo!6(1Y-c&zockcww5r$obk zWf;j-td_$tg@)dRj?=x)rlX*lkGC%!5vErtdNI=774+$Yh3-z})+Phxl?56TIs^Rf z4{U(x2PwVJ8UGvi#7m#h$b_!O=~%4RZ*aPw#&P9P}$He zNVG?r1%?uze+lw0^g=Txng93>BbgU;nQ65z-k_JQsU86ofMo)s+yZgiJ2&f+4HB(? zb;t_oqHdMUnvIscwKE?teqDS&T>~xjcOj{jrTVLqD>i}F%IS{|Q-^82+gsM2#Z4&! zaHSbW)<+Meib zsc&^g|IpHGnbRJhXOQC$4Z{l@np?6fa=!hMm)lq59>w_m32J$({Xg1+07XF4A^48fhAC>J~0O#5^;E}3= z?xFFoEkdVxDtDvWEXFi$)GS@SmRY~TmFU9*U>%s`r5e_J9&>Z*RSvup;98yK?>QZd z&YdF-J_}uP*K0o~i@3*yRpDf{U8C#cy!@xj=VulH28Ec<3~Kx_Es_OpKTs73{&bu% zTiSPC5bvd5HU^NaUGus*tRJ1NHR&hxp~I7SA666>$5iD)Sc3kpL9nSF%mUz-5Gg-Y@NVjcGbz|^2K<5Kn!%3v2U3<*wL}r}- zfr&bWhQaLlq({Pu=(ljg_j?O;sg=2NZts+;hHQH$GCD#4iY%#Cq)jXnZRnf9_yhwa zJ{J|f!1@kY)<(hB(L`-RBF^`FNPsdUM$2U*8yvt$4b?CmD@=AroD^|=rI4ru;^NSy zHOnxL(PB4W>xSzAy3^HVHg8nq!#$(JXw#Od7EDcFqmGQ_zAedd*HpJBt$DFpr(=nw zg4frHIHgZQ;6ZJy#jAPwhC=en&4z20Z6C9-L0LGbo|1z2p!UY^~CE zzp|V$s$XyqX7I zyc9r)qz1YyIPZg9DG^4*LMh>f20YhENO0C)(=q%lkw&c{J11weWk#`D z-(aEVX+TPwJ)Du?0W@eF|C>RZ2!`LihvGY1*l;>IPbeJ=;^o;#d(DcPu=8GpO0!<2 z?WuU7$?U4zDY8#yBHUvovzt4ul!q)_ssg?$i2bGd`6rb1!AHc??Hu!2#FjoBQ>cUO zojS7E3mUAjubqFKgpBBP5T6BH`b$Rb+WxdTv`K2Zsl?DNe-)ZDNR_+tcrfTsZgD2M z=j)_2hJwIRcig}4ue`#p6g`_|`Xm9*9v1Jet`e%m2d1!< zUuhUfl~T)=Gg#hV>xf198PC_a4W(E8>_k}uT@r3Rka$~WS@JsWWA9X}c!=mz-EY~A zQ31xh1NyljZtBSVZ^skRD>$M}z*G(?0Z;ah=fGTBftohONmZ(6#Ll#9+kRfJ)ooR> zLz|D|P{hnmlBm;zHCadg)5#x~0$l2CWR13g6&IeT1IW`oxgkp-zjT$Q6@S7W(4;@~ zJE!-f@BfCvF5@2|&u%Cc3ocyreFB#8GLeWuBQx9CpC5ZDgwwNNKT%5sDA5LlmDnJZT-vT$98QQ zU+Tz>za*y&&=e-or@>yC?bJ?L7!W(zbknEg>Qp`K|FahsouynV0aFaIW*xK2qK?Zp zH+YGRD@>uSh?|%DJ`#6wCGE;7&m$IGLKLZFRO(TC<86fS4^uSjWx>FziZXm8UN91? zfrhU4Risn`t2T-&tNOvCkRLv6m#!7-4QjJ7&)t`ZsA%*eVb{EK;=km2E+)o$SDGuU zs!`NQ?Bu;pwr9edZ1C$guuq~5uyPfC-R;8I^`pDUJo)!5K-6xNn5@}*lb0&Z87@S$ z&h&*oGuE!^jXDj=U71U%4KNbF?fe!g=|$T_z`8L4uIesIynm`Vyw)Q)T>Flgr+BuB zSTdJ>>sFJkK+b~739ISd>8ul*=~#YpUusoaTJGVKp57U3%xIJ_qUyofgu__P@e;}O zLK64uA={(oM#Ws)C}^IG0dLH z3gL*Br~HJG1+N%gPTwD18TAykIolZ(vDzN)t9dRVLx%3$7m(`Ob@v#s z4D>v1OO3E5V2$mR6r#<&h#gyWT`t)(dA=WV4P#rlqca zq#G2iPK^eLR3qz)~w>1dTR4c zl-op|XZbc!Qe2HqG~M|em*Oc+R=sxD*>qBd9dWX8IQ@9Ad&z)|?c8Hk<7M`o17c-m zgRNUxLww-YFpK)&0{n1(s{YnrSoWE27WGxTSr)ZBdx#k9Ti=a{x)uUlZR1A!nOC-2 z^L&tc<^5P;Zd*~r645pr(Mg#6NWkbUla=CP6qe_*$DzC+ogqh|mjS9aebgMHzH2%C z>V59Il=RlOla+6UIn_tcOW*i>nW{-3NzLMz7&Sd z1P6p=L-us#O4d&Ij^QtZGwGNgO3T5lDpGl;1QRt--+vwJxgy+s z@s%Q6F#f*ugPtqrD*g@4loaw`N{-`|q0_h1iR>FQgUgvFRuMkt@1I~^X%-oCthM@W zjlO$q%rmTb>ba1+R1&@ZAp}MSGkjhUwQei-Hc83w@E7lua^$_qV+SBowc?p8cCq- z`g$^H{9CiTOaZMRgIfK^5__|Wn$OXiLnp9YcX>;d!Ja+kp71=+=p&aTrZ^qXni}gT zo(aB-af{O>a1owmc+_s5KJuYx~ z)}sAw#RIrU@OQavPQ>dn-UMKNc%r4Ix7+vQ4UXCI7*}d0vyBpYLIffk(8UBUY9wT5} z@~yi9Z`HOYHG|su9}%9lV>?oY_>)oQwZ@b2^-gqfpiw=6!;CdE=SwUC`#a$yZtzSK zL4}Y=__CfU2O$!V-{(m9_T!vL_;EM06pVs+>>(Kyxqw~f`%_$JZN5*Tp-I;%eXi+6 z9}5j8dN>p-E-DmVQ+sx&QKb11{B$^hG)x}0g~}z-i09p+lr#yF0qYu>b6+(K59Oz; z++?K7?;$)6e;uc%B*lVo^(8ZfVWQf`;4a}pGhkiarqCOVwy#-s%XQE#5J@H!a;dN1 z9|<{J#|ZEG`IdNPujwY1O%NfnNv5t+IqAYw^TU-b_ubhYLN2qUX^v~wiK^Ac;Vo}% z+x>J@nJK%;9-YJ+T+QZKHZ9f)?0nLrHxFXtf(+YEk`7;Y-B_$UYl9d|TN{Dmw3#sz8}$08#VSyF|U<=(LfTN z+_Zh=yqVJb!(U;EH;iJi4?@cSqf4lUs=mo4GXm0M2h?dwD)rU~ToEL4+fVM2&pEBe z*R5EzzLoPa*`98!b-gPJjYz04?_pwVe0I;eQA6AHR*B(VW$4HKdYQz+QtL2xqdwxy znT4aZR5xuh^3&?jr02upcd0T)*~~p7>-^^!ayWPj}Np`PCW*RNlJ&$_e4?B)Xe8!{G23e*4R$`@>mRGXuOw-DU2En^!s#Z^?cbZpC}7)!99dR_zx3 z9pGZC&JL#6FUt(MN_onZ?6}wrLCd!HUwqQE+OQu0G?^9+0v6?o>qo+>OI z0lzO3+oRGOyN35=gY3M%+OH-f@Rb z&I-Ik=RHuON5mjqAPmMCe@?S-MoOAhX6&ai8ue!oJdm4vqcp;zmxI#mEWU#EE0a7G zO>PHQoH>^wymz>wgb?Wg1@N)E`-jWQR5Z@d)=7xJMZ!nWM?eJ+`d2^&mrLy}E&PR% z&_E;Z)brQ;k&;e9c-GEH(~>OK|C1QXv@4P}HP2uE3Xvq|6i)v^p*t}hhJda!uBf-s*Q zJ^I>oO^~Zl_O1MbVv}kzsgUKD>k1Dh)6w<7>Rocr*K|CHFdmzks4xPy8=J<^ug>Ay zs)gRK1k&6&u_y}#;+a)CM*Mf*vyy{5J)sj1@)teHsb^aevZUVd|HAd zg~AZuw9cotzvEPrP`ZcdmGw;CplBw0b+(QmPnL?NM6b@l&B;k&385kFw{sTgE*h&{ zaye$ij_7?+c*d1-s2ls`nO&`A7PXzBp1=!ac4$RUNb@Ch`wehs39LR|BQ!iO;B(`@ zMYXCc87snG75si(Ib(b^&Sf<5q{;eR>6;s;A}6AvMY9S{%|}HejWqn@1+pzBD5r*Y zXgR!7O8W3c1<^}#@WO)O@%2@kVM|YV_B1D-R2xyhQBLWTwwbT@RS?&mjPW(P-uYAe zAtT@Ii*&08qvW@^AY`=Oy;%F{a0oQV z3=iaVYKYBLctp&0JXEU_U!MP9Yjl-cWl3Fesa|9Kll|6*OwoADmT-D$dm{lXK_X*L zMsTEQ_JEeCGMxOMJ09Kqp?^tjV{9(1rLAXv=y-``R zgRkwIuybdhAv`01CH|r17 zt~%v*jRz7&#&>XXmD80aQn?nUyWoFxy1bv*%}hM%`C{Z0`EDzP$~Cr#Pzc9SG7^NR zk_Y-|PmvxydakJd7~FD^fay~j&aFKIe+08Bb#)(KETL=GCc$+Iy|Y;L>+B!HRlUj6q!Znf`y8SmRR13IJn* z4h@O!S&-C5K@Y5dW)n8^12Zf%OB44Q=+Zl-9C~PmRNyhC3T7KSWnj6tXjx!{0$zYK zp$2xxF$qqFrhQ<7y>Ue7=(m#gDo0pWGHU$_$_T{p747wZyJfUPeyc9%ac-1*wc}Yd z#_(vuv#Rz>gsL<-C}TLFqQVf(@Cj5tOp|6<4YG|o4)siGFl|I-M-jUF zM7tpnxVbe>n_A552JNF5qQZtZ87rkaD`vy_Lyv4)Ufg)g+FladE!K9j;Iot`y zn6^giy$stzPaBG8i!5Fw35*@qh_h?=DOI^3+N~m09?T~MhEcYx*8m(11(+EjRdDD| zmp6^fN}kcJQ+U_-7xm7EUer|b?%|AzAV)>F8rRRFW>$36YJ^sbIyBZxoXGlMZfpM* zNU00#qFb~XxL0v`g6(5aTn&Q?aSUa|bI>Qa{=XQXBR{+=nsx`g!AbbgD+4m2m+d&u zk)MIG+G+j&4-05!rr|_==oJC_^}&N^En~E0Vo?6!+eJ=o5QwB`kibfXrdHXB6;z9w zAnSv{b7VzmlE(XNrbL9~FFXs?+*;iF9(E9TH9~m8$X~dT61+A?ZMDRK{Lt$?^nsXl z^_d#zYnl-mVJ$dPcfm6h@BC0Q1&wqL0k79TX~5*C2Cs@B8O0GIUHA(#N=Y~BeSnI% zE7~mC%w9X?_8d6_j9|NQ0BD<-7{x?ZyDsP7w?V7HrznWP_bsfRBKbqn^Pd0bzg+-+ z$!CDpF({lD*oactJ$f!9z1s8B#TY#L??;xQui3uM;3N~JkcP|)H$pk=->>STwTpo< zcoVpdBuXI!`WT*STctq!&o`eU(LfOZE<7{&3b_;-2{j7pt&D%a8$kt1>wffl^7%tA zL&)?d0@dCBTPqwWhH`R26^H!YLjOPY0l$Q6p;Z@aRspFfMKAQH5mMPM=mWtCctPPtQW%c7qB7L-5cm5HzbKNbkQ-+zR2xz0 z_|S_Pve?)MeYNKQzHRsd)TdPS)2M?eMGVxvz?!Q5?IK;YbEvQj$k_i0f^GkO;xLp+ z+EZHYJVjCiLkeep{MBLX-?zK;L46EM_Vc%ZsX*fbvoEj$7W<#p?nCZy)B^tfpYHIt z1G6wdJ2yloCto0!K7^V~`+TeL-wH)^Kx3xApf-m2U(5aPn9W1>x9S5vEe6aY=CBmzvYR74l*RD-mgYjKNwfv@Bfk&0Mju z&Hv$P&|J?+{(lYk|I~2%aK|rCwv0B0vr9i6=$|E~+OG6;d*8=k&&wPo1|vfM2pJI6 zQ34)~s2@ssunMz3)7YMI0P7UHGzcR?I)EamcKf!AD1{sp3<$k%mcoS$m%Adth3{0U z7)B*@4{-Au`>g88-{HmcTIr4J1>oTHpwpZ?-L)s+sD$OnCT9U486}!BVh9@V4+pAi z553@!yLRgpu`~gKS$4A#`i;?o#BIQyPBTZj#kQ6Bdp9LO3<{~w~yTxn@M2ALC z=6I8YpfbqSrlc^vszIG_2{fe}&H*_kT(8Z)8?Zz$Sx!~HHJee62W5c8$RPhw=se0~ zrX==+ehACqV`O3n3CMIaI}DOvBEztNLDBdK2rj5-Im9G6%{nXAIqtwWd@IaAT;K_6 z2IPmd;X*gnfaYF6vC?89i6j$~(G_y3hSIVWVk8D}&&?#s zanK!I#K?d%1V$+6R;~8tP-1c71;{2RDCxGcDI**q*CMqglC&?%97yb#wY4>MeRtpw|2`X#s9Le&NO_rGzbJj@0nEMb-r$_uQP}%@)fa_4kCiKLsu$y<^tQt7lZEKc zfGn%G%vSjD}W*7 zao_`w)dPIIW+1LM#n4>k?wjW!S|D$v|J)9nKCRvH$hj7Vw;6_*!+t zX=E4HLgjevI-q?Tv?&)rsN4mPd(2N?%EwY-0^X3QEexo4Is82l5Z$VeSNY?GoHUN0nEelHGtK488G!SPzaRlhpoAKYHlccAb4tS zZ?5WghrO*-!1rb1op{BR?bw&r)&qo$$nE%(Z30yN6iTY#^ZX{9G7>h^j~=uxMP03d4qF*OuGQXC~G z#@++Mo2GjxCe33SMY|fYO(uia7wxwD?T_WUN;=85qV4t%FqT)qpLWzeDqkmFdjjiD zIt*sVumbGY-?xO2y*w#2pd+kyC4%0Sb+Zy@d7*_@{iVD4TwZ2cO^RO8;<#uh2{03U<-9!^fu1 z2)j{FwM&Mc3LuaW@h$$2>M)SRvm38gW*kOUUVa3aHwjuD0dY{w#_t@y3&oLVXP`vB zt+(~#wB;WIyVi#?LG2iA0W~d+dd!S98nrJ7Qoi$LiI`r~P*8O-3{fm!OL65jVvQ`d z-xwAd4Pt9NZ)G?(EBJKO&*fLfL@z)eMjy1Dktvq0DF~>fc3(!n!P^5qs8ZN;<8nrd z&f3Gw_e0YMkko{TBi|1tHNj_C`R7rQp5Pqd=ugwuiq0v>jS1 zBcCW`a5N2jNt%tY4?F4=yfYl$HSINW00O1-B28@5We+^3%l!NI1rqA#T=xV5IG&0= z1k~9Bfwo~{ux1qVM^9f`qdt5(A85(E?Z%{3zJ^C29LP8L&|r-W&mHYs_zu|hU0mfD zd;Rr-n1J`PjUb7IG-#M9V~faI~hRp%1VWOq@1u+ZyA)JEYr*-PI*+$W+(QhA>XlzW zIoa0FHlP%%yKU23oOJOr;NPFBj5vs>j7Q=O%Bz)4}U0CvZ%43URC|3NLIi;kYqW zYtqGd-q@p0x)hkV!Ny4!-GbR3>g0K`&d zQ!U~)h9>wc5y_t%3=}&E%`vl(nb3ln>*{Xq>TR}ngzPCGSENaaQ_*aH`pwz%id9*a zZ6uk2+gRx#C7VY}&u7IzzS!ER0|CA*dfSMvQtm6lFN2>g<@_>XenGN%5~C9BzB#;A zZdvRDROTtHHi>c^UeI=tQtNg_P!?h>e=ZGi2;hv~|BPK7(14}rtr)`p(P6ljA`<6K zz8DU3Mev8z$QKt@#S#m(+34JJ@8$q&`Z}xlYe~Xyw>ZRx--Ee!O?8PZ>qA8gxL`2v z(sp>3Z|q)#WrRg;66F9;g`G4;EpU(HkKxKP9L-ld{4FQ+M71)bn?nlrvGX25)5l_R z?|YPt=ylJtkSBCIyqOhMMJMj)-mD`cTr_L1FMbTNvfmH+RPxq-XWnC#*yMXY$hV;+ z2QD@@$%)JkrK=l{ud4c zH!kjJ8ly#pWQ1Q~h@synz(BLoR7HA5YHvbE^vtW`j-pq#aHiz_&itWvtLg<5lSi++ zH5%P&%5ZUNV`rSAT^!F!M(3@(MS>F5vl>OxTIq|Dh`qjEz_{I)JRRq4TD*%t(u!z> zjwpH`_TROO=G_;=di|_rw;B%rROlmij*Qw7d&D;q@Z`R2=LPcQJ9zfdXVR+&k7>Ct zK9klh%%d_)0d*Jjv`!afe>2iH5$``pTax7m8SnEJ`$zy^X3|&GF7)2c-MT&PE>b2b z*!sO#VrEWVH0jedzf&&yy+t_g>SOnx=I6 zRe#h=)}Iw2dO+K3mt*y%3#-QF3$ltB`trjnJ~YlbaAY*Y9QDlSE_<;)S~LX3z;NBo zrvTmV-&GNJE;Wru7Ny&o4WR--E+F};Bh`qeMMDelP@q>zm!K3s_<0h1?>7!{G!qbb zwDqC6ZxqZcpCv1VIQ~9VWgkE!9+T{@>BQ~Y!t+=l3v+T4=D+AKgBQ%jH&u@LNN

    *+C=tzxRK^$2yy)hl?2*N_Yidruu#RT( z0}_eup0REt;X@^{45Tot-WOC~fBUg(m%tL(;Oyja0{4a;wR4p&N1-4*sKg(ESdu52 zm0B(9Hn}yj?|0*L5_W#nbP`g5yufB9uGxDHd1rfkY4Wh=5;M`LL!Zn5B<(i{&7IGZ z;PK_^+~4a-5@e&1DkIoGlok4&ol@r+Qc%`tPLF;4v)_B+RULnKXVi+WC%y(sa_$=v zV29m2B%@0}+9Pfs&-;z}zWNc8OP@%*Kwr%8&$QXqT8*iW>u-VI?;9CGOW9c4|Kv&x z%1M6Y!JRZoB;#dt9c(u^A*jR$_a}-WTvtBKaXD`vM>9-Y5BqWcGG=Xmc}!slICnO zBh2o|2(~I@rBr+mnAW76|5_3s5a?wAneg8Afr2>i0S|whr2LIN7k&mh+n9>p zF8sT2HoL6z!;@Cp?758KVWq#Kd6j?Ws3_f9pzA{cz+$BFzP3HvQZT^5+!6UNxzUFC z%LDkCzY>ZHS<)O>;sj~A;#^5+>hrpB%Ah5JV7hOQ@=Y*+@2IW8y`q(zgC9m~rSSq$mE_D-$ghJwW+3p@C;ooq$NeJD?Hn^KiHRTf*YA zYm=6@R^ZX*5oAKixfoeOah{ zKakfAnu7E9ZRZ3=3Qp4{`81+P=11SV%2AJ?@V=_}>MZK$p7v!}e6)~&tUeS9#VfS8 zR`xtf;R|iEFGV@V4MukTX$7BUvK613r|A_O#)0bK1Hpf8)pc0jAX)uaJTTrIRQqbo zn*tV@zXj(P^pX{yVH!Y?55_p_hoqOAehB+R0-*qG0P4PpH^1n#@lg6b38K;0j#lobKBU%?k-62xhZp#_7vK?$e(0GKR2%LjSLyIX^LsRJ)(;^ zczfWX$$LfOq#V%~nAUQk^W*&e9f->@;klLQt4P>4l?{vKKB4J)Zf?&zTo7K^?XUJ^ z5c}&%up=4)3J}a;W$4zxO&8^mm%Gi`2dL0ab#nuqEGmB+n|u$8FW8}m{dpMl@(J@A zc$IYUx$fQVd8NX7yLy|%-E}S7MDS>s^!QK}{}gcWQi^GU5sOMU3GPTaRtJfh{#UMf zD}Aipm`n{)Hz&@IY0IGdr)gF8x9O&gNh&A1`cf+mU7R5;olRDm0s6~Z4Lr08v=NQe4W4cQ8Shr5L zm~J>&bK|a0Xv2Kj*1xkV1$E$Fy_2zrU_g|>8+e>=0EEo_vfM({lg~wS`?W;n>hOw{ zo~NysdRi?2`kUw;FHvvOthh-M3Qf{R&=vzB$6PuNyU-b`W6=K@5?Sqr}~^dn4e4@qF3*Y4> zvLQg8?ICqp>{)^H#L?57d>v)Sh z^`*(*AI{agIk$i_(HMGWuDO`%M$9K{Q3cwyI0a`8=r??T-=C_2`|4jG)w5{wYPy7k zhnmsu!c4~xGr!@Otb2GD8unIVL_{f^bpm=XJ`?M|OJzb&e#m_{t+*4`%41)RTbut!R z;n2uO_oZL-yFJA!_qjE`jI#lT(u-imZMc(YhwYgLu` zbvMiMrY!C{QzK)3EkLsLJwYoiMYJsC0pF#=`WvOgBZ>KWMQa2y*LWV$X-w|RkOM*Y z{kx%%acj?U)!jCr=eC9&v=_n&?C1v~>h_pf{=W60%7@Rj8>_3iri6BTNYwh50E<3W zO7*QhfT~s@^;5LdHMwq&vjl;fvo#x}y~L3~&uiZK1rJMTagQy{D{ZLS1E5s5I6t^X zO|CK%kLUAWI`x2|2+DSS`QpN5eZt!skp*Zz;kPfN>QO1+@_9$P>`??d9Ht~m)c_jj z_xS)6_QKZ{aWQ`%(!I9U^xBTwGX27KUm+ike9{&Gd~&IkPVu5}-&uh zO)m&4ghAz_HeW4~Ca5O?Oi4QA8pb?G3C^vUC0?TTGU#(JlH6?LeCo2;FHQN-oX#_3 z8F`465a6u8h$=i5<-<*{I(7iNsWSJt-^>7N%z#PSwUpm}SCk7sdyv{OzxT&W2ljI% zXRrN@0ff9)_>f#|=IP=H@qE`mM(C^Y>Pg{&`V=MHuKp^X`CfCXP^X~w3k%7ImaWVI zmJpOq2U&2FJ%h=EFlSl9!|tF?J}A$%*X&tV85$4!ExNk;Q4!=`&L`5(%>v=G1X&nB z!%|M}+b4Whn|>~xE^(5B|GcEIiaxFv|wn?vn=@}2|fH;;hi41&}_N7=Gy`01#c9{hDLSugVj{&yM zw)hUpi#pFhyFNenKVxMG8@0dJss&)mksOmPOn8 zGJ!lX@3E+dfI-_0EM>#=8(c*kZkbAP5Rbf^4_;*75~rU#vZ$vWcqji_C~9;pOjK5R%#5 z&8H=GUTP=ne8(LV)kmj<@grC!W!Gg9+x*pX>yim4&(RQ z+H03q2->ue^lcc`{MJbjROlB(GR5v_8~7ADc5y#%zeoAfxA`Uh{v5=}R6w=&GeF5q zD<9>1@lQwhch0+lQ!`)5zRT+l4%S6$%Mnn$J4(stj4)0t4UfC${k#t{d_ZckEfVV) z4aafvEgt*o244~y&v5Rg(&UqGX4oY)rl*x=^`Ae;Zc{%+W8ns@SkSxrSzDtgr}*db zds?R+;9!i^!!`A5`+`1hE(zx8BmAoQo(zZ$UMt>v4X%g6L3^^>r(KHaq~_0a0p}t7 z_J`wnDdUWS-p9!=-VvK^N&;61{{nJ9c3%wGBlCKlVPWNO^PUJl;0k|&A17wzWgp%9 zS2%o#7b&x`u(&{a+Y8#AuS8DkeKGfIkmrlC_`rS6RMr!uqUCv zC{n09{iA395e6zG)ghbhzSm7PoW1)53wP!6(e zturAIxA|+Dd6yU9s0ZUX(_v4dN7Qb;26=6oV$Kg3u|rt{R7xN$;F_5Im@j{FH*3x* zm>3>QdYLZouCy(dtiZ?0%YKnkkVFuXo#2{l^_u;0b<6_Q=c$`5f6YNviQk(+!2y5+ zsfO0_>GbFJ(0$bT(AO_PQ!2>7^zWa6g!|8cmjnCg7lcRuArz>PU2XHw21(bkmI8wfQcsj6C-cdU zyFH(}MVj}>XgqjwHO%02QD@HeXZ)5ro59*qU}y(l_1DD1@V!%^AI6oG&w&9jIva7u zD4Twoj^8P4l@zhb=DZ=W{kZCDl+%eJu`im4tbqE;5zrq3N3FQ9ule;5`b!W=%H9!?>eo$rf5dn*uL>3&mGBGNlab%lTsYRLrl* zxQNSGj&P*98x+WS)fj&=!`TQs)h43%>5y{$2a782K_n6=8W3*%fYSsF#A*J96NzX{ zu}w7S?aJBxI?3pqwIN}2@Uwb)H1SUB@;uRvYY(#Uf~(6ZWacE1eE)Ed_j(7y3i=2)*6SnvR|iVp{y63`^&c{vb{V;IiS8lj?^({DXM9=91SSs2T$5c@&fNxAMnPG?B^A_%k^dJyh9{p6wNu8 zd+^>408lepT;eEk3JJ?GeQ=`AzhF*Ub~?vm7z4x||=e_Iqq8 z0dh^JoA~>yYj&XXe4&!wbEOjR3_8hn5yl@V%}D|Qt6#}oZ_sai{3QPJQSv5Sw-()` z2>wyZwBeht&|8xUp1xN7J~(J||2XIkh+crD#X4;kv)tUlA>uY^LT!IIjp{|?z|%P>#55=t|X zxw7M#)b6{UQ1}9;Fp=7dXcHoBWAe0KCG-zRR=xwK>vAx?No70UFJbk^FG#8DW#5en zt8FGz%N%a~WRS<^>$4@XPo`-0$Y1u8X^#`(nR<-FMz!wuc<*4UU*S^bO!5ux&g*=t zW%(yJCBQU+eA?%AXjBvzfa54Z!!O1S^0NRjn;7Oq3GN)C1^lq4`WbdWo>A1a!he-p`h02v;&$SS|=3HaL~TwuY#trwLta}Bu&^v_{J2n}X%f}!8L*rR$j+H1Vcj3NN`_$lz*cg^v?>P_l zSML;%WhM&Dn3}8W^MeB7v*#lqQ-6U4F{h&wwt@-$qZM-?|&HB=B>%8=r$ck>V-6T$eJWsEhH9<;dNbxH=Pu z`mt@c_$k~=o&rI;fdS@=9*Lrrh$1PhlvGtaL=JGj6si$N=@}>kJH_y}ihYm<4p!CM z(S}?H2D_2>X)Hh0xqEN)_1crKBl^Az{jv3w>fKi?J6kk+&=d~yx7Qs|Evc0OCP>v! z_rs6;m~WxC^a-g>36?(ox|hAp7uYJ_yzORqE0l<1OO|%m_I=9L#jk@e-|9&hZa=-` zNO(X&U0_Ie8ClUTmO2>D&GoBImfw~41L}2!VL_UYqF||nTzNcw_pQz!LihY>j1`*H ztvCng-&LV2{%n5g1%gwEr0WA!?V;T`aKUi0qpq0@j6Q<4p@`+6+&yO)GHo6_^RxMwv#MX1%3JxPPF$xX$yx*Ryt&Cx%$~-U42|A;)C=3>f z$HiU#5{z&^!Z9MBF8elfUP|Eo$}Fd?_BLee z*UbeN*8WkBqtmaO@W<^+ek{*NO$p)SkQ@YI#ZDcQPt$&Uh|e%Pr~OXBFF@w90tn;| zsv2G0jKKNead$g;%T>8tI6X{YHI50x69;_jh@W6>EJU}K7mo(LO}*Sb*Ug;l@QF5? z{h;w`;*mgl!So!?G34#}R3WDQ(PEvoS@k#U!7E7L>Y9M`OQSq2Qah&Us%3 z@$(r?Q0@8i{m0If$DHZ-`sQ}I9`!dd?~NeL>%&+QTzYZR+-G{4TGY(R4o!ZCFv;n0 zA&kU<&@T?Ku8%Mp7tY$($mjLWC`cGaN%Cl?D6y-2umUJ(O%}`zC8-|%p;-oR>gt4> ze>sOWj9FoPi8tb~xOc&|yvVL3&+XbZsCSGL3s|Z+HL5`Wr#_K zX_?8I04jSJe*aTQo*MdNrXMo$DegV`&%BGIsG@#wTSdxab$UYvyn4`__r&9U$=J_& zTA&u}f?D+p!O@=RtHH1e0rvmQW@duLNc}YC4xAHZ)Mkd;BxV5%<5?G-Xr_8>7`y6S zne$e^@*~5JZWATD=i`rnGL2B*fq2=!IhW6XNPm(sGuJ}2k-x2kvsZeAB@T$UzYhjV z+m2s39uko2+rk+kOHiGN_Y*ifQ*7V9cxXC{GmHdp`WbXCg3oPa;`m7E zTPq{2$RYqk_F z;)NV)ElTF6&xhi-z~`^*k>D=i^*Z7;iza}PiUg%)+U3$w0@L-+aQe7^3s0^0ChuNH z9^&((K~Sv%Lpi*mwqATc3OnQ?6I5{pn#3Y&XgnqX92C5a z#I}(HOkhX@6RZ?6;#hUW5aX%wZYJ0^5RVTs{Wgrl6sBOJ7BLUBZn2n%NGuC_IR+Lj zY?ILhdMLChB6h7(DhE14xE3^*i_DkQEW!|>E5sAhAp19>DgjDv6e*n{G)thBhD*ZY z06`BacqZ8-@&iOlX98LUni2)zA1;g|!lR=|hc~c8!rnoRyB#Fpy|&Wapkv4g$AEmy zOy*PRYLA#oqIx-E0!hF%=>29VEvf=Y1YmhWVJw#Apd+T#Efsl!I1@z`4%>Nhzn_YR z0)y9$=of%%p+HlBdBbS+esNvnWgq{ly4W(>Bcz11|kIl zWkZDH3rP8X5DcesC_F5D8UC1U^sqgu6M2Bx2^mkMGDncBC&iq|g~DGzezJ*J6Waz& z-SAF`5{eM0G!+4_52`g1u7!zJ8>1vO1%pF^IkQCUQ3qX!bq56`Jw_7efUYzn48Ax; z%LQ3jn>px_ar|UD8+l#?Mm&-UmmxfQOcCM^fSCdiu^9`pPdW@mLy01ycF^93H@Ts^ zi$n^;Z`q+c4c-Kfub>O#4~wH@o}Gn-2TvS!JNZ!lg%3RuEm?|Dh0GzXi^((tO2dqp zX*c}UI&4+~VpCXzFimVRd5E+iR&15{$sw!E&gVFJ@HiqFe-RTS)1e(9fro4nJN_X+ za|ihnKlF0@JZ3XnZ#2gd%4lFN;)2r}l0(Mm6aNk3`3*HELMQOs~;SRw@WaHj0Ma zG`k^)MiBua3?Es@ShAc(bt|z-x*uxrT=`YaDAgvCbU8t4_laDj%F>$8jaRwvu1L6j<)R2N+x)&yvAIZ-UP%20ln zEXenQF1H1I2rAd>)u}CRXz&RF+dj(TjvAO;36m3*f~boPlv{!E4=r`T1C7zkJVKWa zC1UwN_BbNN@FPKFyi5>6(JQPK=pyNk(I2m z@f|D%3XBt)VUhSi49LJmo_Gh^?2bcJL5-nwen(uz4q)SM0}rp)0PnHhC=E!^VIkxj zad@rPLBIfUtjia)!o*VT{y6*#d3~E1gN)>g5{MucjKD#~GQUTKvy&7$u{uCyvjH?< zVynNMQtVSdXl0x)?7aP|YsCi7OUk;4H|%dhH;|Vl=D_ z$gU8#imBC6@p2o}#ieq&@i5QGi06(PA5NTaXFp1NX#Ad#R4Xv z;N^mVI4}^#!wOLQBhjFfN`MG>N{Iw$D=d_N=cAy2*TMrzv{p2h710BOG*tq^O(aNy*r+sy zl;!YYP=0QZuGOJUao~J2xx_pN%@Rg|2)ta#ASnn2hR7DT)1!PA10pk!W~QRTYKs%u zjtE?j9tYJ_wh6~zh{GXBOt>fxjTu^aktke3F@qqXPZrkb2@aDJuOSFRXl@7r+A_^f z5L?t~hLiXe){h)c`?2$I-D zC+H2kOcafP#4twjJcSV-XYv_rl#?n{;UjXkh%FU~=xA?DPNo8N6drihxip#E?4ks% z8avhuHTeMGQ1K!Y79#=6Ct};sXgMwlR+(vZ5QvJnj~I$!EPSGjsu58@<>(&*0~ML3 zwP8h3C1M#to6jCr>J&zaH-d^niYBVSVlZ3}21Uo?S@bY8Ya>^pjR-;723|-+E(yjE za>XbTK*|y9z%|cu;3#pUK;<=a=w`qyQM@sJ)XqjMqycQ6QRmkH>8x0!RK`qp8&4}h zHcy=@8jQ#_Xbn+rVG;c}hQLMiB96AbAjg}D$*cZmCo&q zQY_F-Lv>r?Vyz443*lY(zEeZza@9@)HS9OAf!W&2z=dVdM#Lf_chMNsBUX&V2dW3L z#OO65+oFVQ3rWl_jf~E4#eEVvP(d+>HjSGf@lrSdIM&Go4hnn^KoANMOaj$wQ}CTp z3_&Y{)j4|C{_rX+^|(sLAfUgJil@aQ{h7k=)NEZ$e#THicqdo0I+~y z#&b*%jC)l^xdxdA2~W<_Yc&MGLINtzZ$@G^R-7G=T11XOFo2Y1pOej;S zGLxggnX9Hdh@iC+*Fk59Qe%z@-53u8i{^6BQnQ7w>@eO;RJPbawH7Qk}{LZ;D8x1*$7O%5gQRoktbIVOy~%EV?e0Tp~(V2;MYxn8;i;T z2^t9dNT971cA4mr5De;689@q0M9^WO@7k|)z*{f^S`*U9jV`_12}Bkl7gHN06ErL` z$s>y!)LOI#S)i&QA&6CS%n_myt$^|(;MFADpvr*?hQ%~Lbls7qphu)J{o|!8c~qlX zt3=0G_%I)SS&WzYk^kXve4rI1up@~3f&76h{eSXf{!cFjgdM#)`0Ix@k$?^?9OA_M z*UeGs#UQf8mS}`1zT9kJxuX=gQ~!E1QN01QOqgOEARUow;M>!l8C;$OGHR=`v00;!#M2M4$C*Um9kienxM*;vCCt6uN z1u(#S)UfE7)EJI#!w?l}6f6m9P>Z%BjsZ;siFhrW0Ss*f=;_B>)HZii4H^g_d=d#M12@-!mx!(1CAqwep0~A0nL1vO1B{fGU&AvcwqG7TpN+YWRN5DpjdA-k@yVc`9-^gq^R4?RD^9zn$rqW zBQ&UpVe}!Ig^9r-JGe!RMdQRYGD{~2LRQ!ZRQ*z#12V-}r<4t82`{9bPzEJZOrt{7 zOcE=gbOf~v77tt;GEd?n0>Ymp_J)NhF2%v1_|!&ikf7oUT~eu+XQNxBUK8I;q6@@M zv?3e>aukv%;3kRjVyjby@(1YzNHtM(%s>!M7mguTDsfSe(q#w#iG5WNAo86KztN#( zgn2HL1Q5k4sKFcX1SdS=Qn}scCjp-=N)9MGARq+YQ#m}kDzApa(9ty-;NIha`INHw zekqe?cMut3t!blX6OHNUM)RkA_a@pumOJ!IEVO0QbpMr%P8gbr8 zVH`+Bd&AHf3M5lzlNdRS%8vmBSGtR#R=6piDAq;wK~p0ULr{ZA4UPodPjFDVNf-qA z1h6_xo1LoyU3;lkA<)K!e!EB!S6MZnIBYTd)pipL0P;L;kSe3ZbW$3XFXPBVMxzgo z#M7Z|3P5uKKGP_|#Dg4%k!P_(7e5Vgs?36*%*+YIv})*f^2;qmCz}(J$|6!38k%!S zILJ6ys5k>TYQW(mbWzY}3~1CM;Q5e%28SO>)0q8qPdFa*X>AUtHUzQ(JU~rwP((9G zZChm=&>^6)r~#z_F}PM6O@ia29e{`-ML9k@$KeIJUy?3h#Q8NWyjCt|knN^0P?;gJ zm39Z+PQ`*`lRw0B8BxF$h4TW|$1es+Di|#2fqDR%5K|MG3K__phMW;T9@)fMb~@2* zpoGX;ryk3}i#1Ay52Z1NBQhe&NkVG{Xq{ceU<8>UaP9-~34;db^x~wDOvg!}P9gEK zP<}qB35h_l4X5_2WJE$#%?AbRxQiqXMFY|Zhc6Zcg6MzZHiHsq(s+@G*n|=T?K0WU zibQoW3oGX10!sq$nH&8vKUFW+gQ&$nYNWEW7*I7k3(7UJ=2meQ%l%PAf^ z2?dsi8TAnQYh#;~x%=un4bJ|`KSDbvU^)KMtcMdN2x| zix_gKEjWSGK!_W3D$pN}!GYr{p-+pX0wpZG8(8uKL8BlHy*Wl~fC29LTTD^Wwm#BHNd7-o$a$Q`j%kA|p3I}yK$?#G1UMm5famZ6MP4uLK5_yNlr z<6EgDu1ZBBpxyeYHLO#TxnYxmMHLx^?1(Bxb}~qKgOg3MLoY7L4J_~e5K|KkFpdBt4)L5i85}DIKPm0S#)yah+F=!+{<+*%-or4+eCkkd6xm z(L#Y-t%vvQ(9R%%@qlMXh!MtuVkknej0{kJAOq<*kwhT5d@3S8N|W0NW&xL}4M-7} z#cWrGBLLAb@w73fSgr$e=s^?MXsaCUr-O?Jtax6M5BL&HL`BpKKl|}Sol~t0iger% ziHXKqu{@8;AyhzUp*QH+e49MXl%lNxGn$M>IY90k~13mgr=<;B_@Ezo9t36d;yF;RU^S#uyT|$CdbmK zF1OojfWCb+K`hW&QGALe95cv$Mu4A6ENZ1+X$=Mg4sKAdlF>nG0?_?R6NnOec*KZ0 z5>b&T3uv-3nU5nn^X3(-=g#;8$5;(i`O%vOP=MtglR7bmC>^2s2WiR^=Z8I>Xi z(4dK9*IVRJ6UBi9AaeRPhQvgs6Byu``fH2|LTBJM_1qv3cp$i1eAV=f}e z3iRM8i~!lctyT#E$>6e8QVpLJvyyNaoEfx}&>m>WN5{Z}1CpbN&5zdl=on3aCo_97 z<}efEL;>#6Z$$aSQM5?nS2N==&>RNwX8{2Zu8kI>M=5*+o!3K<({)-8OKr6Ybb7zr zM{p?}K_1Z8!og+G_D-?62vj{$4&Vatxiut5mq>gB-R1 z-^u@%Siu9dO@aS?tRUCoi8cy{AQ{3y4++GF=;a8!9f=k2Nahn_1;~7&#V#|JBX@8N zYP5jOGmt?6QOFIsFmZq(QT$x14bM>HDS9`W0DZKO8Nia5B88s}WF-iI5?L@T4VnRd zJcMQ#je#N8aQwKC2xz3iN28)W0<~C)Vn^6=t(uHO;B)~3S0ePp z5L5$xLQRxLVRBo&nH@57d|{cK zK!)}#=;$UA?4Ywngz-dSZ$zvQgQ$&P%-5?3T6&BP=m!i|M-T_#b4XBool&!y7ey&; zjtBH!E0Wn-B{JzHNR{|@K+F&sm0(dixW>9D&Jem%t5#zm$@24o~0&rr-&+65jNRf>T*6@%=nMz4Z~Cx-iD?O+Y?eakjsK0h|qhF+(bH2fTyhD5k&#ygbll#HY(Q~zf{4F&jf-BDrX2H-`j(#v(UsSeSo+5*$LzMTd%| ziUg{v7zS|cFfDu!I?M|JHrnF|Q`tI1Z4rLe!%zpIF%Y_i)o3p;_qnW6xak3pH3l4V zQe7CWk%`d0nAH_RoCR8l=!?2+Y&v)|W*{|Dd7;}%K(KkKdL;@#6$-2`W(T<)j?-pC zmbDFoIGPA=0F}=+@S-j>D4?r3LJZzPu*!L)fS2#&N#Ro`Q5pbuAG$&q6tza)+fmqHq11y{sIY2}ha-p@z*gyLG8EnbXYFFCVN4ZOuBHImfE3^5Cczgrk|Dof^rZyD`CvMds?BtR7H(`m3kGZC}XL9kaS4H>AM z7_>$@lo~0Q2o9yjZ=`aAA(@31)VTE_9hD)CBKt@bEsyYHL_iO+k#Zqb&$Iz`BXU_v zs!@cp@LhtKhGJ(pRoWmOPnP-I*Z|oc(FMIyfq*Epat&ld7~%7x#t2a60wHII&H`uz zgU!!!sDx}t>Y`#GIV@&E{V+lc7~Dd%(9R=jY{2RmkO3wxj68g1g$u>OAjT{P^?E$u zW;j~7MBsc6S_MwP0rJgk7T<{0kOTp+qETl+L;%Wguig^(7`-N<%WIc-0Z<$85`eDI z#PTwgHauHFLNLQr7X-P;$U1}3;&aF;0TkT;8qPY3Oay5!_yqVeT||yp3xzP7p2`Qr ztD6*Kv5>HtXBUa1@IOibN`(}@-EN8l84yLOWI4|`@>osB95(=E8GDT3#fd|X2i6U z>>w6GfEExBD*zS%6VPQP>pr>K!0M59iE6tl$5( zW)1JVqGp>DiqVWt6657Mb$Zp|&?)lhxKHasW8`U_W)$rncl`MAkB{TuJ}CC5HK#Ke z`^62M6b9pbodz8`)crnw_mJ1`C!rmUG&DV z(r0fM_8c|o=VY8@bo*J#DZ%>n8Hw=n=9YSUN4UO`RyXh0bXL91lWRLv)1IgO-h6e| zg)MbXSJj)qD{i9h(;;D=dddy#{n5`0XSEx!X)b(`*|c%G7tMBK&#H^PL>{aHHzhCm_{4sT>c>0Pq{*?j;>H_a(E#~_d9UTN8 zXRlfjyEwC6y`u6>$L0-$kAEmfKTj)~b2ZA`HaS06vW+(t?@wruH-Gq)ws`}3HMMSq zcbS;WlsB31;;4Dto9;c~EH2LcfY}Zoze|H7O-vqIoVX0eWG)-pNTN267{;l-QPu~m`u0lmt)_sqPy68YEzNBWj^WS&LdbY++HjGD?0y<2_m z&ADx4Zy+bvvKLLRpp-uTQTwZF+a&(h6+i#VsGS$_jO$BV?(~i9aec_w^VqFd|L%9= z;+(y82khN{{pm+bZ}y5u`*3Zl7wk=DU+9oPuR9U0I!koOG30b?&xv(@kCZ0a}e|1%szkO8EfxeE={Z{6VcE3kOFDAVjqOGS1ysa^HTit`T z?$g-g-H10fFk9tv$^xNtEB2vCu^ZCDjE6f!)-+64a|wC=yhr{4p{?!OZ?IflI=!~{$}g;f)uulmU2XEMFeK@b@$okKtEV!hhF?n zn?q=5m|hy$wD;Ej^pOpE9G&x3b3p(7?(ByLqC;o=7((CQRB@y&f6)=kH)(b0h-t@F zDet@Gb=q)jn%s7WadX-870*x9T$;^Z`^UfqrO)OJtRFu!1l9Pp{q7V)vE5o|X`P9; zmtS>I?-V~f)nxkEZ%fJwV^ep3x-*mfoEIfc+kdRGxF#}YWa7N3+phE({^_9fVsI5E zdDM=sT|%y98~XQna$-iU?9I==O4l#g>G@TZe5XU%$+B~Tt(*;#{ts$P^Q-REL{LXU zBd$G*bmT1Eag)>Sakx)eR@PKMvSvF^gT;1XQNP*f8|~Q_6fZoTQGeDMGiJ=@(MLAr zL(vm%$@H{N1)I4ilis22m?b;-(;pPjP!A>!7}}uc%S_AL-dh%*irS7G_Dr37v8AuW zqfn(kxL4BjSJIEun?sGZEtkI-`?6%g%$!G4c5vo^c=-}3KC)xuT7TGZ=5 zZ}htgi+Ant`iB*Bx9p$aeNVR;1By4UnfmiQ@5SA`vFi84#KZ&UnZ;WZt9NS!+4oD+ za+f4mb#UCHt=RNg{U){d72k)Kg$JxHZ*+gOP>1bQ5zQ<+IZ@MV+{lSj7tO5lzIooG z{a{VQ1?#bz2aDHf|J+zGJX%${>8|h92}N1(!-Wm9c^AX3)5nh9DSKBb_&aM{*L4jS z>hl*4NiQNrn%3=c_UHybe(=rfq2bbPyn=Ej@ppqJ?Os0nmb^06+<4sZiPuC#C4Wuh z4T4d7>xO=nwA7wizGX%4h2+TJMQysT*~Gkaf2ZT#z#Ee;>hJ8&k2voxF)->%^3{l~ zxPOiFWSAuX!Glh;nJv#(l@^s>?3s~&`Erx&>}+mhVuR{QH9z_}2er?CZmW27p$+O; zheJaOw`f!onjgp+J?F0N&qrq$_YQp9Gf*9W(<6IB>U7E2!HL7LZ?7f1-TwQ)eCoQf zQ=R=AtZh&kdi)S&U7A$9+q~y@ zv)-%gcvFqZiG&iX+U1F!UC2yaPs%ZMPf92;HfyBFiwqt=Ib+Qs%A+nF2PpHJ9(Z%( z>e2LIO~Zw<{Y{tBvqC)uh}nKwENG+jV~_V_Q$d6#$`#Eo-Kp ze`e4`4t)PRQ`$Xnq51i_{aY;~_8<0r+wINmrg(;&TPj0to3%aMw$*aZM&Gv4Gnyxs zeYltWd8F^+%I>=wv@4pIqj@p<} zv3ljf-@`F)uU(&;)Z|2bez|_1^r3L)fz%w=#KEL+cN^BcAk0rl-+QFGGiPZ(%k%Z0 z{+#>zZBM;(VYvCdi6gd`A3d%da>1U_^WprmKi`dwl{cxm(nOw{vSH!Z^TM_w(LsqYfQe&A&HJk$U-T+Jn)D7oW*c)Tx_% zny7eC_^oT(7o<@6^(UdW_0#T~7v);-jnr1>wN9T*S<$8L*9umvo0gyQe(5{7YsT&B z`}Ea-jcZ5l=-({kfoBeJ@3=qD=Wvcpd_O#C&y$V`dF}q-{^cChqq53F^Oam{GQ;!b zwd`B^vrWA8r?*7~DXIix>7Rx^+nFYrf&&)ZKS8=V#uOA5}aQcIWt*}CqK&b zi&Kex*RB}M;67{_xOgl!sn;ciYfi$7IRz)~mzZj-kDkDq+MRyHpq&%_+Y$47)9(Ro-RHU(B-Z zAMV|2O}#~$A=$z_ef_$ixcK#G@Y7m@Q}VhCYGA_7IJ?91hdJ{Su`gd=U6DSgw=%Ej za^`f*8$W%xQu)YJ#qSTOQ9gN2MasBx zPo+IMxWj&O?0jkSBG%z-RbkQNN3t#X#1ZEo?$_5XoZ5U-V%qBo;9v}1lb_pr%!szr z2K+f3e8sM!>_4O}+Rqx2zVz*chx>FV-bwGdH$VJ!uJ!PuoYWb+Lxvg2Us$s9%R7#{ zU61)?>YYC4wvUa!{Iuz$H}~L~9M|a+WqT(+8ve5steyVjlGsYTzfR4Cs}C|~J}6lK zWoTbxe_#3dE~ecSMfJFsBU;Wpyk~k^{-Es9HAhK(e7B9>FKcHncwJG^NAzXm(oX9> zp>mea)}QY8YeVK|`TQN{*XBGwz(2J5-RsZSn{~CR7VQr!)B94yg0!-Gxu4G*pLTQ1 zfmc_~hPzI0c->iY>)E4zXJDi4`YyGVdtKUQ_9L!+L=pNlaYzrvyOsScJxq+B=RUh0 z9`(0L&+T@m=H`RWuEH*}+x9olnty#N??C3w7I&*nY2uwh@}70YbFa^R)2HlRhk2!s zdO!Z2Tavmcl$%Ie^6UGnv>ja=9UE!w)HU=gYt`#^33;5<_y@||lop$sq<5uu{G%Zf zSvX*w{$m05Ha*udZ@wwFUFMG-&knS-VT>;mmM>WPGn(<4w&uZ~{!_nu+-bMy(C4Qc z@I4$S*3CX#``4qzuU0j$&8$hk(?|UH{-X5rqSB{Ras!d!6TK>1zg>?vCdL=8n>wmp ze_av2q>Msra#^c0eNfV?Gqg?-Wq=QJgZlF)#HB6S9iJeOT6dn z)Si#+i`@D?XREGP?0E6&eNWve&-4Yg6K-s_lweMH@toVQoL76FA|7HAp2qekQ$7`{ zQu=fyh9Z=j;>F{OmTPN{vJCm@~4FOo7cak;l{fSsTXeQg^yk4GgnGZ z9G`!zR$kRpHKu-Wtfb$%j_F;f?WzfX4Q4loIHdIhB&0cX=Ju&^9blPuy)&}Nm{R?v zU$;jU9cOKP|5ns9w!bgM^J>N8n^PJ03NBd$%~0=4mM>oTOR@RVm9xb&XO_y>%vMFI3F6p#86ZgK_l6i60 z+=cqEwVIg1RXB^PQac%q-FLO>vUE>s`>v1N>}m9jB<9Pl9K(nP*OR}V4;TxU_RL7) zY##nwRk35N*LrR6(J#zPjn?hS9(6Cj{e+DL4`WNJrV{^3`q$;B*Om0j1{Z6AWBRs? zlY?5PRWBGwqU~FEuKkvuKOZy|L>x>|8?Apt5aZ|%BbMtdgZ>832 zlR%$Bl8=6#+VcFe>~DJ^`m4ngzqZ+h$?%s}b}m|NdslHYl-`J##q2kic|x#t6At#E z%YU8g4MC-E7sRJyGLt8M91A-)190y}rq^_p|E7r7(jc>Q&Sa3A`9J?CJoRsXC3* zuPS=M@1NQ-IlroOXVTlwdtgQyuIbW*-yTJVDH9CchUqOCodPrZkzr1xk4IkcY>BM@ z>~yW+Mi;?|H4*vJKyxL`;WWYg21!j=Jkam z)+_S2fJ8=qDTJ86QZp};8}5dia(X+nUb_Uo5XM=`+r?+Mzd0Aa8DFevcxwf`_#xF^ zfTabW9&HHg^LeCwb^ZK>MP$j1HVMIP`3rjyCIPWbIS1MU!l)j}fbrg-ZT z620z0@#t|Wo{qNVoH_N(S#X}39iwXddzzP>%zuWdoxY?oy)IU~v0@$`7U4Ad)%Gxu z3I@8CGP!zv9wb{Vqc3zyXwHJeoV`4q-UlwL0v2y)M@gRy)&vcB$_0x!DE z`eWv-dgjf@A^*^BAJ}x|QFzxpsqVR|uL*g@sr4~=1O6l-51nx6A8nD{BNfIf7N)(| z)Q1=N)|{5Nv{T9oHk5z9?l4|jBKVl6|1kO4!!AEwCf+t(X?tfAv!=pRl-EahhQ5E! z?{5cNZ@v1{A!v|i=(nreV3-Uhk{()|bVGiI(5bq%ZI2n?es78|RkD{1PMmSrH92|5 z)Md77i}0y~wV~0wpWR@u9(?rl))gBM31;tU^Kzj4Sho+F5c6bsU5g~)z0u0+WoN)Q zfAQ({!cL+dx))m|4^Qbj^jtDxJms$KPMfUwu=3y2B2MbF&HWbPBYER*FzyuZTnZ6( z@rCbq-n}3+nUuYtx^2gX{R=eqnpQPmo49!9vwKGDSd30<`8q`HKVW3R^8TkDS18^V z9yBMaEB(}8;jw>TEIJl!`D@Luxs3jv-l1d7hh5ejzfFFzU*GjhhvZ$p3|XVXE!>ma zcglBcdK`dBTP|za9#(Q+$e$jCNAcfF8=}=Qtw~-UbO;-$DxOe=imk)1TFN<_- ze5(7!#Ro_0rp;Egxin~$X!wy>i(fmg>8gKKe;#sd;o4c}I7?nuf6iKo+1UR{y=mfX zW_J=Hd&c334L51GbUd|o=JtyxGukyh{-NKC+=>ROM>|>t@>i63^V*0XOiKT~;A;PA zl6`W`Uo$5v$Mt^?EF_bJMCXUqAJP-^CJfu0cgWSgdR+8n((SDUJC~;aYMDOjWJaTD zX%EhRnrK;!i_NhXgMH@2x3+^th4LZ`bU0;uk8$Z|BL|F^%SsA~%{!y&3>`XD(rZlj zbXmV(@lVZ>Q2F4@yN; zsFv>L)FsA&Uhf_It3m1pm4+R?Shdt>)sGGxV+$x{H?Ch=pIc|J_7H3AZeew8$(jql zlAlii9{~b+%th8d>)0gXuoiyWtuMyaO^V^h4Uf&bo$+9F z!L9Whuhc@qr2PHa2~Uou_fQqA9sNDyyxP*4O#S8C~Q$GSh$JUhT+- zhwSJxBPY_QRUWn)MzzlPS>9+t$>XUImX*)vJ^FCymaS|+!*PnvCGuUZyA(b=eML7* z`gX|Nw|z3orKCfiPRbvGHxIk@zn(w-p1qHCJFzk=t;qp}e2=2l*crzRt4jYGaIs|E z$@X3A{Ve-_w$abRGfkB(r#+mp-*l^+SUBVQm}|wm&Qw*JrbNGgZ9?tw?Ch#(6U6(B ziKO_ASKk+Yx?8XQ#5bppXS8|^sGDblqQgSP1p}FaH@lnsHv^=}{eQ^-dH$OL^8J$m zn!2b_RT<_L+F=-Vqfy^s1ls)VS>K1v%Wjgs<_9tFnh0zl8*JRsmM;}ks%Ln{k00N> z`>^&!r!p)X1AhP1-Me?UJ+oz6Y3|DdvyfEsetb!uSK^+Y zJ+%1GTifdoZe}q)cRzYsS1_zK>>G!sk z*m&bh{?XzepI(f}u9m(YA-FKFOVx&V1?QX-J0J9RpR;`TynO{d+nku#PWAV%aJRFC zs=cT^V`+y2>Tu~r)U(`4Cfvb8tZzxn)#!x~d_uB=CJ!=hgX5a7;UZA1vOJ-obc%-HN^6S-GA+ z`40#?pI+(GBK7f<;g|b5S8pkZj^D~(*Rfqq_)XWuW1A!+77Xt9_4j9YyT!Xlx2bM< znDr~XF7f|0Rn?{7$;3HtcOMaQe~s;4a`n}V0_@vM+is;d$qRHCdZj|1vqIF>v{kU-O;w|Cj`aq3oln(Z1qSxdi}V$_q&f?z6AEXvhT%>zIw*B3si1ky;*zo zk&yc5ZO6P$(^$sB*_m(GT-eTyT&&x7(O?sIM)9PjX78cZnWsPe_*MC>+1bd=Wvzd% zA~l(?_V_PZz2uaUrw<+MzX%c)m2H-`ID6FA;z-J~{BS2hP0DZ2*oL%w%adqHxKjH< z<;k_a@8=|t6G~p1vZ_}#WPA8cA79?FsOp&LBzNV6vOX%st`Dh$y!hYq27N1B-f*)b zrT@IcuKADz`_iHj{s3OQ?e9U`mv%cgpm>tExJz39w*7?HI=npfk$8TMDrKMk@gGm} zf<4+P-E->{y~=%d)Zcr7yJ!~Vue=a4(e4>DD>EN+cK#6luk2T3y7t?x?4m`DFU~Ky z)zXGF>gTq`XI_zoCcVjC+WFxD!nEP9=dZTEUh^DMQ*|4TwQs%mKeA!5bvFfT>s@&t z5WL|nTH8y~$0#e`cPgXn9EU}SO22cgeq4(xz1c7C#`}in^4yGTt@38H^3b-d%b0J@ zx>dOO#BJ=PnlG`u<&E(5yQ;EUCX)^*UJl`pN{(dvz=fK;r#k^!RBx2OQ-jNbXP0JWM+p4sVh=Y z1DNiUPftp+Bv%KN33_~Bb}y;+*3%|Lm%N_xeC434l$gTocWVS>Nb!1Ueut-aO{xI zyPa@!!;rL5$Br#{`#ZU#GrqTIX7}WdU-Yuf&$7O~{+Q6>>00MFQlmS$zjNy>8(uD7 z<+{DA(e@T4b4NIq?;qJQEA_zBev~r})a0j2lV2H4o4%WFEKaQlLHEUlkQl$y#BSU~ zKJ37%p1kMOJ-?}GQLy;H!>j8$@dx>Dow?DwX?j(*tnR|nC-WAWhpor`H?2nKY+wAM z=6rFZbQxp*AGQcO6-Z@0NlH#|1*P@v#lxl=@@a}Lh02riJkM_ zUto^SxEOIO`Iic!Z32a5-vFGyJ1$~}&;z1z`6y(nh}ly!epku~f4sOs9I8yEkCM{h)iaa6q#%wABS z8#z{DTYt0$HzQ&_GwExkaHvzWzc#s3p``sX&-tmB$A8;^(==^JQxxQ89$x%n&G5Uy zc9?UX-aVPh8I$H``c0FvYf$2C<0R;3NA6*JjZkcG`m*cW(glq-&M43KR`1h zxpD++!X_nexAjGh;*#O@&wulDvweB1^Q*RhuLV>L@xqX&*UBX$FBOd48Pp73NgDL{ zd#AnC#0iHUjLA4H>a$bpQEh2|wrX+K$9t8z;mW(P&P7ead(<1#F>Sl2pQ`-n*>81D zT3B5CPB3F&VTNIE0%YeRbqd- z^2M~DXN~=PIc62VO8k_tgAo@T|9b8bZNdw;WxB0!>d`Jw@|-8y zTyVgOR)^0%k?hE7@saT8bVuHeC#E$}-8ud+iMmX)qH=!Bvcxk!PyhA`qwJ}_aVc&5 zLD%$N>ju?Aw)*c@g_-9i+qHtPe$82H#ecB?Rd1%xH=as#Sk4o<4esS6jGy>%=!w+E zuLtq6hdcXAuT4Agv1HxYKHYN9P3YFrrD>KsSuv(}|DN%eTQ66?uM?}7`*+sX`xV{W zr7zva^sO6^)4!l<_R~WB+Pz6-g8SW$E$({C*=*Ehb?U`VYdT$LJinFPx#%D*r@~Vh z={0P5L8~=W`bu`pZ&7pq{e>yn8IKFbjLmSEztg99ZhwYiqjTV#?8G%C^yh_t)Hc8T z2fgk|$e(0IE}KRxkZms`lH0Bx>%g={WBaWDCZgdbLKG-;>fp)8LYua(v#R?$guHH<*>vdPzt9xRJ5HH!XJ# zS^ahIzWF<|(l<1}urhnpug7rAblmZCsrSWO5;kn@?ZUH(Hn4kdzTfeF`MPl5hTNCK%8LRW zM>tmKMonC@^)h~S>0W35ITQ12Q&8WtcisBNBen>hyxFdGsNz)cB`W3lHs)M%>9~`Z zL^NwvkI=7OpGRd^uiNo){h;?b&t=ckYC9q@j{m?ah>Kzn{y7d75Jyb<{iWa9+;W*~ z!>Ea`#wPE4oK@B}d6KZ%k3JdOZG$#{T+wUA=sAP(a=JEF@H)&b+&Ny`oO^$2P9hfD zx!uM)r?xmw%}Kk{xx>YiO=ELJJ)iY59;S6E|T&eB+3y18&G|x62FIyz@RB;q9p5^CIz0hF!NTEnED4!^oXeQlsD9 zy?f86q0R5p@reuHbolX-eBkZng`<}KF?-{oW8d$zYkQl-%RX`C`yiqG!3O)_IU{ab zJ`KN298<4owUN63N%qJfk676LAYh;7c&Zn028}&w?7!VNsp@Uh>dG<4-$st#EQ~d+ z-kz{@`;(okg(-_|hEe%{?@0W3^w!e)$Lbykcgw6Cvwz(=?S1uz(M7h~u=kIikdUL< z05$)UwYR5r1mDlmyGP2q6Bj1TNw`SOH{{+wtY)T}Tpc zV@Xfk#H+e_&4woAeVe%KQgr*y$%l&+^@_Gf6`gOb1;ESzP20=?tuHpU)-)Qj;OyMn zC-ZajI;<$C*F7u#cg(Ywwmf3?E^{5;wPN<%dXn}xD_gD3>(}95?9PBcJHu~|?N{dN z9K#h3XpncE@D1aGbWm!K?7DF2)81jWUPe-Z{(<^e5kEt*HzM#=96MHEnVhdkM?c>_DttRYEzv^Vv-Iac^ z6c35mQ$Mc0+m2ke?bR)(<$s+k{NhYU{@>5nJp0k5@_pY^cexwpSANN;tsW`eQ7{Vu zq~LKUr;xx8I`pA$wrCQB+NTn$BSkm56;{7+B# z>}q*w^ZzCew@lt%mKB|tJGB0el+P$6s9O%anry|JjlsI3J{@b_u0&*ctT)#6~)I@yx}>8+$gm-kBw(g}Hn84PM&@8(u#eVuk$~zXr)Yx92R}5k=5E z&e)gYCod*K^w`PLs^s;C4$0#avf|_|04b<$+hhCi6u=yHx!B{*6x__(>kb4nb2a_K ze{xDX{tnyM3Mg*sOIN>sM}FLnaYcFeUAIu9Ch3lT8`gF!YI?3=9)5~R@Ro+!d$ktV zUA3ScJX&|a4SrErd5Nyl_f;4M>3B|RO3 z|74w6wP`Pse%Mo4b$ZF2$oJA6FHaO5Ef;rsl9@QJ@xYk zbp=Yd`C(`P3vhHp>mdm!Wx};KdAnZzcym4wOnkH8S;yD=%c@&6B-!POKLm&q~?;PnjXL;6NjB%fz zu!s+QJH@*v<@i)N*48f$Y~`ME)La-d4t+weu0V5WL>R$Fb^64_czMr+O0go#a&y6ZN;U$dB_%W+vc;eA7 zf-(Vm?C|icn$BcThvDmv=>R7LnL*~>$FEW0%S?cUtSi`&8N9h?p!H8zvlL6}>zJWq z*2UuwQqX~Ob)FoHc7!mBnfsy#l1y`tAGuI5Y5jmP+v_z>A2=>l@dH2sd#=8^Q2jb> z5df@uEOj5S<6QHPDc1$R;LCrO(;g~PzW*Q0y=7RHU%U28cZqb1C`bxOw+JYRbax3z zcTKvKRB1^;Ksu$FbSoj9lWv%kZg>aJ|5^K4YaQ>gkNt6fQ3SmE9^)G4^*hfwkor&& zgZO+xGWWYZ>H{*muxE6mV{|uLN6aJ~neIwF2|^WGE{A;xRi@s3PnBCw%0S^S5{mIFEV!OWbdQ{lGLE=XnG-s2_Xzv>S zrHftdLh)O&rq>0}nVhxT_X~%llYSWc^l-hi$&0PAhZ@xUmRB7;XAVmh5H@H?=y#xZ zYP;_v1JJDNGwmifP}(+tNt1Fou7n2M$F2zLhbC*!(I~6lTNYu=v$)a=1(uMI2NOE2 z2{zOPmxe43b-syrnXP$&q~I%h{$ASPaVwq4D2;FT6{E#=b@Eg#?{3dKDIh&&>z#bH zo%}bv#K_UZ{b@(Y2bZXT{Q@}q6p3X+bv-*A@E_Ori+mt$cfcs6@ z{aU$Wt^G|7;`Bt}_(tMt_)fytld$p2!+3<^bK%0sCqP1sQuWu8yW;VB?sE35rfo`3 zy){*f%Xp;WvAkAEATenXt1ry_N+s<~3pCW#%7_oio&`>vqB^d(+7IU5E$~8CUI1Y% zBgf**FDsSG?TAr9?aW`nY^{q~SzBj4iZTL-{mzgEtJTNMt+8pasZ$O_NuX)49D$^# zCk5o`TP>d#VzMGmmxA(1*SIDoCg(*TxM^TM7&<(bp+k6F?E3ulRgm>;(|UQ&gF~Ub ziz`N}8+n>JcM`2qgBU(YQH)%GL#g88tUfQ-5!w9;)g{=W@Y^N9ZkL};kRTlY>f#f8 zXXBB6+fxM`4Fg&+%SRsHv+JC6X+1 zg?k|kX@x85^G{P5bVPS|G&|>l$?Jo>t&XTlvsJ0@#S;!G7Cw|Uee}rXxi2@OHSMOu z1*(r;Y+Ln+TNe(0t@Zr#Ya@9_oPDNFqxrY`$kXJ^`kfy$xMx5{#=8r>D+~Y<8ZUsl z8i$S6o&#|0iF%l59VUuZ5j2<*+QY7oiK2~8p(=BE95_ER=!5N1eO3y8kN@Fbv;(*H;DdCjfIA^Tcd|1`mcqU*FL5x5)~x!AZ5b?fdr4rI#PK zZldXt-SSi&)vdMdr^I<$Pm>Ke=nCVjtA)a!u#qoW_dXQ$bfw26fXfvS=Prr)v8v|2 z4JB~5<90iID~P`px%f~{x!BR^_laJ>2RAm;!>MOhMavvH{lD_zXw~-Cp-EguS+GTM ztI0yK30v(@pz*bvjhV-D9+1mz2w1XC*y~4^!JzHgvb1%0RG$FD@~j8f>y*T0edy&< zkW9JlxT(1Rt|MXm&5os8TYM_#($#d8<>ud9+@PSK&!S$3M*UAS9MqtN=JweEek9KY z&htY3iYyh|LNsP8fXwo!NqNh;SF4x=l>>QW)z83bP5t@RmsGc3mRI4d>Z32kDnBY) z#3PAIPwe&rHi_gsLky%#20pI6oTw43_YiqnHjQ5x!zKwjF%@*-$D&l|YNAHP@Xh2cB>j9VR8PZ=Xd_EY@!7Op2waWy;)=5T*;ZBYx zMq#F;g)B=~of#!lf-w5gT1+-KN&u2bRIq4Q;&r>)j1m;RgfgKPqnQ^3%TLhVAl#b+f6DFg+J|t8EJrdt$yk5KHeIf0z`Dde-x>MndV0 z)0$0_*;G5`s~Vc_U^znL(PrBBR~QVIG5S_x4V<$oW7E>T?tj|`aqzcaywX#!`EBq# zmHbC>atoDKnUU0$y&bp7vH6cT>1566jU63!#2>EJ)PxptdI%FXW~+CCp7~|$G8_GJ zOvk9=-IsPnh5=5$^BbQ{x#QBy-MRXQ-@ku<9rrZ4wbsdqiny7@7=e>a4T%MMD7r$T z#qd){nz;r7Ew&!6*&yPC!h8DFRx7Jy3v_X!gmS`L9eTJ$>wV;OE(jJXu<4pb+I?=s z!%po6P@IgVl}XN@_KN&l!yx{&?9V`r6rDfV9r3NnQqJjTz33xt%%GWvK1iwD z=scL8MX;_`{B@T?%v{i3> z*!r6XhF+{rJvZAhHO#@sD|h4xujo{fVOsANULKnFRlpbNrU*Ab4fHrHuJ2KM9`Tb{ z$R~A-<||P^ZSM3i#TsYi0^tM9_KY%zBvT$%T)S6ii${vhTPRTQ0N`0#S~mIJ=q}EV zaZ#jXvKUL=-}N~E%c(&QikrLk&qJ+-`k_xhT2D9AcNl<{GnlNg=wU6Ef~l1UNQR-J zZDWsoA9x<)@c%jM8BB;=Y+NIPXGyt-zWVf#S6{^_Vr7tCs5QeB#iy{e>>ujOnZ6nk zYl~mRDJBExo{C4t7YAY*7yY~!3r5sh!If(>R5soZwEPtk(5 z^vDM*Ytv#{oNiwP=bAQ3dx)@wozvOJIRb+~9r&DKUOk`cJrN?>fekr8v8&8hilKBj zGF~4sA5*QAkU_D(fyyvI9T^s0Tf9<-RoIs;jjI6IdW!@7;!F|RYKE_5hNr-1Fl(>A zl)6|2sJrAE4hkLTb(NWSP~V&W#%aLYN_G&;pXV(dx6RvTIvF(u?!AgQa$aQ%AXqzW zb59o8uKr~rabu3DcY0+c;>(BvVQX3*SxX=@C9qbL2--+BzP{J7OuW4BIQ8sFE|hOr z8K{XhZX>m>sjDq=86B!6F4jX`l>4$D!Ig77XUdnC%?uf?8Wk7yP}cw?w!$2{C^Q&8 zlqTdLJeVPYpZUper2XuSUP3w7T?p;BHddtnjx2?p&ai3NhtR#%<2KxDm&2Ia8tWLJ zq>M#wv9P0))^GSyuMhmW)MGiDvs(qGHAyxyg?&&GX}=v@(c?J{ zbXj5Fa9DfpNgPca3Pwn#m=Bpnf4qtamz`mybmYFnlK zDVaYTxSxuD&6oc}x4Ff6GbNj21^St$Y`F7iET?oEo}-qpE_6?(gkSO#qbTSi-bC9! z?ZuIHrylo(k^+64;OX|d(kXo*Mx0nMJBhkQ&F)gKqY}5z@pdaee*ffW{*x(!SB~!l zFsfO=%NCKY*UR`)^UU(;aZx_#dMZrP&M&eYe)s;O#@@xI zzLf5wek3cPSbcWU8=%pINGO$=EtCOZV+r))g{Tk@M8fx!B(B@@V4AzlBQGjNrBePu zwT(se7wKD{l-6cU50#uYm|*1*+WuT4tw~!hDX zeuP6kV|IZkFvN7XC;l>W-4-Ke6+Jpa_H)Wp>28?rt9;J=%}S}7ZW{)(teKpOqV~opx z-KY7jSMfx2=KEULXwU9h>{ge^_PUIKN5S8`ja26C)Ee}(iX*0$&dr@9$EZCM{Mvvl zqro+;8KTxWk2@`{M}J@G6+mpVRBe|;q%WgbG;*=rOJO}(O;#5ucpmf-lnYfVMPcX} zVuXRC%9!T;pRrx?&}FATD3e0%_Ut~h$=OFa(S}DRab?+&E4Wr|5nSyPJg{X(fwjCd zhqT{2+wecFL#=Lsn37H$$C`LuRN%lD@Hxa z#o*4_dwMFrZc4Lfv*`2e9kP6(65+nl9&x7Jctw6sk*dfCSTxG-ZH&Q)VH=CId0mF89i<6 zX9q+cy5G?${@)+B4wHB@hKRO~tERKs?G5e|dOEt8&l^f#czrni)DI8G6@DnDl3_n& zirP|-yQ}9U(`S7Z!8ZFz9jbWC6OT>x@t-4mfdwU`6-Eovlm1Y>qUOp0EE}))pW_~; zzkfabRXa)r*{-DsD4EGZ`Tt0xPd(mHOoq5(!zxnh|I71p!*Z{r-n_bi zv2>e?d`C~dI)hunYe`6s|G$Z#z)xR}XD@wj9PoS}~FYy?tERx@Awu-Q2 zD$_L)PNT{k2VVzizR<8NFUqRZrt*D2>M8U?nte;1dS|No z+K&^bv-qEj#BIYa*ZCb~9R)Tym<9k&m`X9k!f$}Od0+F_$WGYKKUCa`@*ZqQ_W;MF zYx+3CBvO-hxUkkGL}2R15Z)jWX=o|hwt#^f3tJrAlEK#_8|ny7)w;Ml{$TBm?lg!J zdT>30sxRRYVH9^$l(*$HhPhS?EI5w1cqqW73V43yrf!{iiUA1o;&g}4b^q2PZ7OiS zU;}W3urRYoM9U2t&R^DcY;u#`)NBVCI=vSQL5F+t(;^@f5JlDDfAou;{O_dhldC^&c^6HF&DkO#^T8UM z1V9A0&UE+w%;IlLp~D+P!}E5GE$Ku;Up=pGX`EQD1SKc=m^TuJ@-3j~vln(t`>2d1ePZV@1r2p4R3+LEOy# z?fcZAEU9)r;mWR9OEgw3;f83QfnfsklI&D|tkv)WncXhtA#VI8zAo_CQ7R9NmrDvv z9@M!mV?i)Zmmkd@Q+|A!?#%;H(ymWuTN>NshPtK9-3vN016thx1|;EBLk5~@0DQee z5Ng9l_Kq$Zh$x3e@z~1+C^xr?ETBLM0JV8=;YOlZx^j)T9pr{M1~^_<5Q%P}WrVML zx)~1Kum{@eI`e}5WcCK4k*p`*vU+~@z0TlCm>I%`vW*pnPc&b#S)>A0{my52OcKxD zfE-`MwPOb8Zp$rbuomC0-w#mh{Db=JJH$LQfPmK17A*zPPjoC|7gBbVd+*z0|3?t8 zFqNums<5+Wfcjkoefu+;wG!~wTju{w1GG6Nd2QyZ~Z3($M$6}&2V4o1!GBz8s?=I= zVN&J7Ly0+hsf_~P#^-jkD*8f{#l>JX?1S6P(O;E_cKn1@!))paOh7C!YwBL9jePyz zlv)AtNYNe!kME|Ng2t~xR41jlUy01xALTZjYOMv z>7E$x@DK#EbDW3$t_*(+BPz+@LkElE70;Yh|JtP$9ixW9S&{n1fh0%vv= zzivj>YVXjf7@?7wAn2HlsS znKuLm@tR?n0;P`>FQWv(!=|OULEF%&fdH&u>pzTDccxrT`p>7&6~o?IEsWEFUX;sP zVwS~3#%OOMvxM|w=wfg(Nwu0z{T`5O^XzcLq=Q*08qFWeYZMT87q@iUuv1OD%GLVI zw@wex^XX|H2%*8Aspd*W?h}+384`=lJ-v5C4>Q&QjPA3bb)}UA=nj|<37p6!*a!VJ z2bCSSuu@5A; zF}O$r3bpC<7v?j^b*z~!{O zHrhi&u90T*%a**&{iUwHs5{pG#g(}v806;W1@$>0?)i>LmBWOwaf-hDyZTJK=#6h< zxh4(}X*7SO|MV;EgODN&Zea}%p!A%Xq7mMj=?I6Tnq9fffBRPX85_QA@^wd+J#stB z-(hyU#FKBS0iL=!|52c#1MD5g1VM1`CI3X_0X!EA2!<)Ia5{MZ%EGR zHbr9hh{t#=hCYRSx?S}z@=n~ki@TaWH1q2+73vC7EHoTdlwAB$^g45`1w9Se2-|Bu zjIcP}H=t%;P5enGILuNjQZ5qzS(yT4-(Q&kQV~cm{57^ID}_9Pc8vy8uNczF!m8oI z?d-m|O@@kT3yG&IDWL!hKvY)Bf^E)sz)g{b{ykC*1wZ+{SuWG9RnQ;207jXm7%7rgr`6J;W_=w1e+m10<5c%+=DnCBM;ZVOUZNE=r zA0Q6AH17fCh65R*6VtZK;Gz}joJ7CqE076u;M&-if8OGKNfB0EFysPM5xx`$upDNz zU_0P@SbySvww}rj?f~^qzlS%1v17fauMQ@yW_0cRkH;jJnzf?NKsUqh>-RcC#vZAE z89skP5C2W7QEB`pE;a%DjNR15h>R-=tU+1j^4tzR>H*YxBNB)=E+?m;nTw$3!=k++ z>;c%Q)B2))lwL#1$vI#@_YGQtUgi!sp9njz>5U(iuo|16KP5z@50FpAy^W^ZII~eF zjZ~VK?K!+yYBrGoErdvuM5O4#HZhxoCG_;%qT7Lu&su48NBMxjg~P%a&1z`sye|b4 zFQer0Y=uUAS39jFm>uk0GaO`^?%K|VLbH=%=mQ%K^m0oASc@k7*V=zx6zOD2#y-$L z`60VtQ@D5q7aI`Z9jD^oC=~luqOe|Z=N)jCX0`GGz8jSBtG|+VB~zB;U~^EhltM1d zq3|X1<&l!$+vL)CZRAd1GYzy?C&A_H!&M?RxD++2P@Sq_C&J`MlL>UtEid34TIJ5q zEGmLr5!7f6O7J7*OJPLO>(mb+NhKE#|*HcZqBct;_5sj0ILrwsX@ zP*m>20d9(3F3uji*bei)kUh`q-vnsa^I=Om)gSWs|DwAhXfANLKSmkVgtE=pY@C}O zW!GbgdWY^YJR*cUt?5+Ee#%2A;_m5}P@9=c5=ChJY{%t-!|K`{#cJe4YMO@I2XjRD zO+KAz{}ytj>nNsj=9~8`CNvcD=})j=3vXl5E@VGjtJ)%R5R)U-(xrIwoO*ua@p|b; zQphO2T)6XvvB+;)x0#tm;8slr9`z@d`^&u(C$=J#l;t>2*ls$YCY9Tt#j9x-Z%>Mz z4+|hsR$265rLLbh`tdG&XKJYHO%faa8&q^#@HZD#Bd1T`9U0lT*z9F_TuNZmFpea; z=xFh~3F5mI7j>xg(HHikPzyg^qX0_dMrbTlk6_7n)23!x$a1g;O8G+ zj?Nz+YJ`VspCaa4rdxhG%%h)_*d>r2bo0;ieRFt=P!xw0ih59P#{i$Lv)|la@l^Y( zTZr2cjOckV`5nPGvX5L#OB4&=pK)dH@h)iD`TsCk?H909dM%(ELH!)~!*0D37nk1v z|B@%MVQdEuWJkr8lC==!03QZlXqGNimtYGR`L*dTg6(?{*)m+7% zNQ}v$qm|O$45pwXoh^yGT-De$AcdMiPE~wcrp`e{Xt#q)VXp+#=-oI!TB~8x9{1qeQhvh_ zUjd|O-%OD~Q3;hrGa|BZ&~3(5opUDVypQ!|4MCxPoOrbv#(bUf+}P%NXltfv6enk; zQq4Kr$Czbx9N#+AhfZoUxzS&%Ho9HhQTHU( zQ}5-Wk6I3^D2FUli+7hUetZuI5Ky(tAWdYbq#8ka=PjQ-wUH{i-x37hh}}ODhaJa< z>jR_NPU4FAO66V~Q<(SN>BR(^5V+ zNNBL5(?~qZdJl&b_VFXp1io6~Or65_b+-7wNAa z()eB?2y~8CBN6YVD*c9sdgWgl%|ys%O4R$LJ`y}!<_~%~^DC%np-^#tqar%V-OTIY znA@j<)WPdVDrN)scX^&YVvyWGcm0JSu+j#_!dqC3u!GWpa#%T34eN%P=P$5keUz(Py#TdGz_2|B4M67J;yLsi6(5vMt zmg$R9>FsTL>R!K5(qM#R0W!^u>gXsxwn>4Y5hsc-1dz0Yw}2|!v~8&g@96qyLc_F)Ac0y@!;uRamC{gXcOfI(l2 zYnpqLY4e#NI)shv@wT;gGvU#t4i-jrap=};?7{8UUq4pIwJ~n?rH2&UPV?Ac| znE5(9M$I9byX^~Dq_@6>R70`0EY&Occ9{jhG-Jb_Ph-^%NVil+=Q{~LaP&hJQbW%< z7k$Qle&nL~^akinNOLXzMqU(Bg1_FS3qN8})L<{KjVi#ssK1YDy0;n9eq=GAxOdFT zX0}r>1L7;^m9wNih)AMM+Lni92RPj$X8IRjtyX03pQn-W&)%fx{6B1yP1v1)G-E<=!Cb>5^}~dS6sO>FN3ecHqQVJ!$5Eu<>}lRkGt-)~m-j$#p1)VG0kG z%HMLy-Y=@zyOGzB{zXFPt{y66=LQIi8%$m>oEsWD6s)l1iro8M-~AJ+rdNvZq9r-$ z-}Bo*Njj~iwKh@bixDvg`q;r%!(e!8ZOlWa`A;Y<%D`aFNvMJ}d;;Sh8AAY{$pjDc ze>M&N=@j$>YtFT}RR#}{H^yvNk2$lGWe8_5F+zJRC zd7UXPChmI~0^Fd7cWSxv7S9jl8D{R8@7%D4Ffon}?yFI^bV9&+w)}X7BzB*5_OETJ z8iSw>#ObN5r)M2cY3HYhIsSLI2n6E!PwgiZd-s-lRcV8cjKrnnn}5!G+DMf#fbRYW zIa56GQqLsE;cruT9krQNw}VdA!#qJaPxaM38Vtvbf31r)*z8eH41FOIr)?3|}>9A4f(nOgsOGEJfodw}7&hXb=bU9V)H zNRD=a0HZg%+Vx1x?hYNtdp#h@>cOwc-)j%$xbyU=*(L6XKyDv5$p*W!_KrYzhqKr#9P(2mi!MecIH~gQ-xk6gF!KO`gOb)@OtZ7)$L*VUbPjC-% zu<0@RIXfY1cL#@s1T9v-o{lJ<)Ia-tlzErl0x+C{+AEW9RB!wp`zXtI=OzGd0RXQzZdLk&h1NPls~~kJ=QAz6cv&xYCK@ zkaAEtW&l(w0w3A${CWxX*3JZ-EnG@_U*rMX&C|z#{&7rufeHu#v-22zeA>ANPA!uw z@3$QQEyGI$Al@URim#iZ<}b9mG?sjTGX)Ez|B!_eI>54uc06O2ZljB`A`UmvZ645_ z3eEWaH;NKCegnVrl6}|ObN;tTGk9~KiI}CMHrzTxW;p16@0mtjN|xC(5x-My{)LCn?do*wA`+^OGi-FV=?*dGh-QET=1vu?)?=)AGonl8X{ zofDr@miV0Ad!*~Umhd$HAYN)EIZ;@T(kRi-$pGt4-AkoR!qocYD;$uZ=)0pCR5<_d zG`jOZdi{$Se283dv{OK>l6waQ;Kk{qDc%w0w9z(Q>&Uu2x|^O7_B5n?8X}QxbZ8@tH>k=LVDUaRds+ zkJc+fddH1ZS{e~2Vo>AC0dQv+R**T!NCL(X`TvX|a*z%I7I6(=igoXq@(Y{fhq)_U?225)$CK;&iqm1*&D(!MpvDN>jv@rk6}LF<@P~mUKh3 z_C~^MkyZg>*dF{^tfilC^Y&W_1QeD(1teP6$6+<+0!S|_k_CRaL3=h*#0dnWh z$x>ceNZL#-?r06|niFYHLYWRZSfR>_5PqX>Bhm-P9Xn>=XT{Vg5I`FY(K9B}+9q`;`D+!T=yFU6kBl!EH8q6|meY%bI(%mA z@BrM%k3aD`7b4zUQzrN7HybSf6duK&sYxI`-1sikYU6Gh;JM>0p-#Eg z3UFoeLW*|Ee%&C&L>3+Z$=C5$s{J=%Elxa;1Ly!$DBor9fF|1uj7k&OMi}p~1)Qi(n zgTVv@=xH5T{%M@)aG%m{^1pf-lpYe$2>IiE-M?lgB47sONW324@=>QdySz~QwUPvK z6ZhmdqMk#u4@&|ZWJqs8P#J_>qu5B?w>ZRB1Wqk=;9fRsgO0h%j*#R z@qU4enYjFGIES0kKFlPOukCD#Zf|T|ZT_0j7Oy?5l@c)zNj}L*8>ACUUeYu0e?itY z?(i2+yZS@fHT2%+iE%k-mgx)O4|KRGfQ^@uv&M7b?zr2X2>gs{GKO zdhU@pQFTB6zx-cs$o#*7Mqnz61n&B2VX5(9;P{m770}@A%Phf$U`DyL%}$mnSGc3T zb>1XiYuMV`j|Q1sKpz4I0$bh--Z!dY`}fHG`50}QM5R%VpB2N5TL?SVo47kjwPH;Y z=(L!AIuis&c4-hW%Gi3A*ySRX;9a==6~p}QBOdHWY=ajGhgJ%oj?>Z?=ij}E5^pm} z26>Ie+A_mVAd!C30Zj@4;s{!4-6^40xUiN($Q^6u_PWG;F1^-efvM6Su(nc+6%usR zHrytr)nDDE2ATEhEK0OU%)jER+WVtKzFhSH67KC5Jw#+GcKTB#XK{U*9WKz~!enueRst z31o-DM={;oER7vN>f?ZhS7kU$F(dbh^i5oe*_RE91({dB9uPgOoA@yO4jZ;)k~v(Z zsY7&pH~RAl-F$uD5tstcN{uu{V!F_I+oK)Jtu+cfHd#{n23CmoBHLu_!QeSOseetqY;ytGr#IyUB%=02{v2ySv+!&rb_S zpS@b&vXb2DjeivSndH0IXX4y=o>i7l@ddA5yk?~Os7mmN%JtRbl&`8^mF1qLJ-*vH zI@X)r-ZStiJ1ISzhug#9E(QjB3pY_P%f0!H`pKI)4^97YEGRG69fDbQN-0%9uaUnI zdeDEpNhO7|dy5lAaT1@vsnIX2Kg+q+g#}ehw3q8}?J)ekMRKvOau%#r*7OpGbvg{5 z3vb>*8gQ`|yvZI&%M^GZ_tCVyO94kk63Ju{yNKt(b8iB#{?j>|GJ|D^i*@Cj{C)S~ zCAs>Vs(eNFQVv6FKNouPgJ1;2clL#QDf>CZLAz0yc~F2TDz?JofX7y1fkL|_{1p1g z@@;mN{#0=~b<*FRh|9t8_hV^m{JW>6`_3%r<>@DfXhnXyv^%GZaY82nN3rC;6&na< z=0|pk$-OIX$3-SmlGdmtKFsMiMJ7m;-c2+ZLc&~*>h?>egfh(zTHu#tr9(IUx8v`` zuORsYsA}(ZY88h1`37qx#*BykZchS&clS>f<4Wlj_!3X+c@5oHCWYZIQ}4Qq2%y22 zk6m-f{pV)=IinXqq`A*lWc2=-4u9mL$kF!7&U|4PpJuMSJJ;lUzg%!}&1C~~6_Tda zlwu>-t~kzP>IGCxxYiv%WQ3!roSN;;{L;*SM{6@zS26FsQ}X7K=q%!oGdB78{I_w< zibE4kTiCJ?j-$}mRjy9hQ{8a-w2y%X+3H)v-&e~0hzA<=Ls3mF0;2vB9zYLZoQByy zT&7>M>zg0*7%l4=IN$Nu-<(H1{EkYLcfNxjJ%k)=^#qj}nsGQpb8<9@-K*GE|yfPvcN|F?MfuFOh9q= zt|PKHVoj&UsQyrAQU;NJ!SPe$>TN2wo%}lHUo6!uA~xl_Yz4d9Ia-GdwP!(ab@iiP zpK!oF)s93-J~q(b-JZ4JBf%QniuRh%7WSX7g*&!+EP1U?lwAJh_ibs55vkW)(oz4N z0BQ8jy+P~=UtK->Wp)~$u^t3J-b~ixN(q7A-N5~8dgy%WBv@6mp0hEW4<7EzhBmV+ z)eaL5`4L^R$y4%u0IA8%!ui-l@2p3%Llx)BYNEHsSmZql+0cJTM&N+=iG=fIl_0|R z=#Kz(3s+o1<9@?{q3?-?&3wZz11Fj7iVi}dRifES3xz=68XH&E0|UyXy^!8oOEkN!ri41*%UxjKbQx-1dilph7Y6 zsmxEd$E%F|Z^n`MTYWB%w=|11-!JHLZ=~>A>aO)Cq*I%w9hUju3}pCSTKlZ0fKN58 zGVdcUQvM!v^-x`qCW{v-V{5tX46I4_e&)FA_YW1NIdxOo#~upPgp?#rdZI5~1;N?j zL5m^-)I=`l=Jw12^R8-x=x^&mmZA2aTuC%^G}wbq`HBxT=ck09a!(N*gdP*7WyW1% zOCb+;N0lVp`~wc4zE?9DKKs@%-?MaZzys^QQ&x(9G<`4D{k6?m)OvU`WfnUvLvFAN zm1{JM6`OdfXjjS1{a-A=w^e;KP|Dg8il1lwNfj7+CwlN|=WlLgy7zWLjrHi$MmY2e zZ@^``(!yXl=kjEyQ9Q%$^p)*GU#PLXZy{Cy-vE`>TJ!dxzr;ZqgA}f4o`TXw>4jZ-;)>>sNUT@Yrc@knLNck@U(DZs~0aJumI@oH-|0ceY(vGqi83hGcWfpBk(;4&8G78mq9 z8&&QSt&ZOR+R0}rlzcAm$!mr6zJ?*84VrvjOxjBnQK8mydb`;gH=7M!0v;Mwq|=?! z#zFDhb2H5Kx^yO8sE$_UiQ}TA(S$7Q4Ce3u*U#z6;UsDlvIBw1T>Y{lPN{GYt%p9# z{NXqMzOPS8Ts8*nhlcs@FL}Pwf4}70&K}r&$x6;v6wf}pfwv_E7WB5`Ovf^Ptu+Sa zw`pJ}6%LUpGDazOFgBhkck}sjq(`8`oCJa3A`&Ko-uL*+%^H`#({r3_q#ix%=C zj^U5FXE7rC<>r{;G>gp+!lBbI7h zw^S!35YeGm-P8`QZjB!B{q@iUiu3NSAF|O@_F}F4k~)p2F#`iO6U9zhQG6Mf)B^U^ zMt&C-X3Sz!VOU>GTV~cvw}RW0?k|c-KtMX0r|9C+{x|wg z&~3qMgLZ=-4RMqhRNlzdeEc=lpXYqgPR!5aYnETdqR+{c%V`K|sE0(BSx*eXXXN$g z4QqV$MD{h`kn3 ztg+>9fw>eO5uH4qh(!Z&C07yT*1(@RvEnoJbx|}ze|200Y^RLF>AZis^dLc-uv zHN-L3XKEeb>}#z>Eyko>GXoot%!>pTm3E!_z=cU8|M|8Ti0CJjl6goQ+V#jHi&v3c zP)ANq5(Z*i2?yooAifOgK+KEdP>We3;-yqnGOX(MnWR7Bgv zb-?Bp-h7tf^WJ%sEhWap9|av|lF+X#*5(lw!oe`#zxN}+HY87li3Cg-eyP0puv^?D zItXf7l96A%?_nRakoXY97tw|(g8Q?Dsa*ip!H10dbe~<4d&2G#BLi8Y^#M5<`#KT} znNu+wi6U`q^qmMt&mS}x;$&x14-Ct+ohw6oEk9$aF;0+u7gPO2ci6=jX)w;|5PP+& zy!LS0DF|FQbPP%eG!thw zvq<;`!C5|7WR)(8pk|Y0aiYV}t$1G~yetasJAAD}g6B~yl|d~p z$Q;;5yCO(kh@yN@y=Z5C*(C9z>p!Za=|xxQ?)VcjkWuG~lvHPr6x%A`i(FRMzIeNA zM0h(^$7fvMO-u+u-C600g;_V7EK&!ozhu<>02vCd?rdfnIZVfc>WFBXuwVTCBINX1 zikX0}Z|7JCZ3uE3LDTYwBi1Y&`xshCQ;#+{-2u<12#~O+#^A7xsUDdHh05skRt_mOOI5}nwgt*pjaXliv#pF$~E)|{U(7*&{drFkuN z2X&=h@JP(51Q_CwpM5k98o)(FpOCUxyv>3g;hzb2;KaJIdp!UOs8(8HK}lt#+gIm#{+x~|%`{BOA};OQzf(~NXr-K> z!4uLF$Kf*Rr+t@Qe|n5!v3Ru%y>e6OLxb@-Wp-31+b0OHFmz%7T0I4>p)%ovKtEb3dQ}R|Kb|V zM`ZY2( zfsQg{H+)7>mBe`+2vK23MWl1#zFlFUgRE>XbJ0OuJ~M<>%a5pm+HOsZ{J!dY(FD#2 z{CbF{B!X6#bt9uqMvCk5<0NsWvp$of&or1fJ3M}V3zY=}Ut+E5eYH4@xZgbTGa_B^ zJ*xtB6&y6y`>MF(5%>ec%JUh+{dK}Bk@Ra7fHoOko(@06)p5Ey-RsU&zwBvA!S!v_ zYokv^co!54rP@SSX%!4or?Z@ASXP1sYJvSnC_3!XD^=2eHp4=Mvx*6MSP`NQ4wolB{)Lwovu#cA^psQ10RH zKDKQxk7GbviBl5aYL|IR22!k@CL*QiYLvFu_=h^NxKu8qRki-FH##e;Rp2|urv<0G zn=?7x{6&$k`lUQ7QXdb$QfP8lhc4>AaxKV^C}VoAKx6uu==>xBdDVA00f#)9Iu zJ^g_FuN%RbEoqNXeA*3Wf?f-{AD;`;>n8L?nS=-uZHtow)WQj9^=WKx3H70n`pAyx zCvoP_LN*?k@}E=$JcNBy-(}Ky6wLH&P{eI}wR>}+xzTOwZ;#Ea$br(9NP=H6NL{$jUp6AXDCzf|OLFs*oamS*{hJ>6=6x9^GWX~sDs-n?Or z?5k=boc*qyim%eAcV=t z=18>056++BntiB+fl^>$os4U+}JbC>6qO4$dr*DB6X4mCeI^LBlV;uV~WrI zaAba@kUfi?rDTM}R`55_frl9-B$`^lUDIgJq#WsNYqY10n)AWVM2X7|HkChOv2CBB zH4sS|Z6;8H0iJ9YtzzG%w7xq~!Wb|45;vSG;IGK@ENV>riJtFRe|p*bDEhjYAOF;fWzQft z^!y%~IoROjyYyUI-(LI($Gf~1e6UWF+s?$F1;~-&8QybpVze*D*f%K>SN*)5pk0?G zwJ(W!Ox({sEeMfFp`#JM-Z_v{8!ewKD^?2`lh#)_$h~YA57}NP%;TPxjfC4>!^K8En?rw@y9RKS4y|{iJ z(;v~{*IxVe8*}H{>lJl8^z1F>k)4%qXFLdSS{;VZK_%x_u(=h?{#lYLQFBO(au{8{ zPjri`ejK$fP;VlFlne{)MWF0@$M;|qM5#_ycdm(?CA2$x05V%`y@K@Ds5kG8`|E&4 z_q`d;aZwlacQ^LTQY&U0XWLGWORa57q0+cX;zC(Se|Gb=-Vdf(n=@E&8lo_4o9S5k zw$_pproa7endTIB5Ed#xS)AgA7A?&`XzpF!B4z)gRiMGkZ=Gf$z~=O`B{7E=!Eo3H zNr|J`n>^}px;BqXf6Uxmxi$}7b9Lr_M%K@SI3V?{m57{R=r9^R*>#g-POu!}@`-RK z7c)~oyORfdb1^7jjY5GX(Mn&|5%*1qgT7SxOJ=e;jP3CvOYm7rZe&h4MyL*-5I6m7 zWrCi~OJUS=O-L5S``V@zO(;>4eA4?x{z}u7nmQq2h9*bB0$WOi4T18oY1Y$}$I+s35W4g4<$0X3hyd{b; zqT%5VS>z0g?7R7QF8aPJ+f(wZza(O-_I;8W}|hF*8ug)3Z-fv$z-xH`1)f|KHP#AtIVO z6w?cd8L`?XP`2lkn}rnIN-}{6!>1N*F}Th^rq@>qaL6K7;6uX0Lj9mE`f!Pw-h}<9 zTK+pX-xb54T*}P%*9jNFZplGx=));kFo^r=7rBOp^TdZA2yhRY#-|HlV z)j6O=4?XH2gk{Xi4rPeVL-_4x%y%ZsJpBIL5~~xQ;mo}NyIprhU9G@C4bmR<;th~^ zfj)nc#{TWridhN~eR{Q96t8X2cV^z1XZGx8@8`99tfB~adXljC`(v1}BcxYB z^l_yEpm<_d78+kX*lp#-(;Q#n7e5C>C;iZDd`LvtSCtOVeWOOo*Fd;fd|$%DHRbYxfdX2 z`bXCO>V*~EAy8Bh1;b?1=2^1h+U^9QAug?F`sYd$p_w`vx@1~oU)2MB@a@Fx*A=Wb zTcyZg`r3x>GcXH-g@M-uE+SGK*$xcW4$MlrR7#YSCf!kSD7^`v3LCmzH(SVU_&?;zA~cOi-8D(|)NP>cNqnOPd* z5CP}&iarf48`>Oq>f0*Dk$0ktYrQm0M8@0v@g?OZ{G7s<&qqtcnvS4aLt9>z3?uRX+jOoh#i zC|W7H_Kq*%!J`%JW=}|6%Rcfm9W+lt!sJe+pfA~I-VU54L9?BC+j9200pYE7d)a$LD)|D6S)=>Fs7%18;8h9BV<3l%3F$S)MRhW=PDu%<#*F=t4vheIK{USg;j^bMmxUuCL)-L5QqlI zm<}?OvXv+V>r{$4zj<2>l4{K+9LF~pc)ZtF0V0LW(}$$!hDTt<*3O~6-9S9`v!b^< zYk!w=;1MpZjj&v=;)OF=vtK{>GvQFeltH0e)L&=vW+E^7-@Q;E={xrvqH{=PGS{FI zenMw6)W++t;*Q8w5Ah+od?^_xQB2Rs#jf1?rE{;bB@2>CTHc`IoisY0xyjIB`Uv4} zEYQBf$`~VDHNd7vjQqATbfJ zc909`s^|L;IQ#|IW92oe^p^4CCD`m`zXI9~fgnBA_|(g4=>4BsxHO}OWZ~TZ>o@G4 z5X}$7ca;eETT1u;5&nJ>Z1*wE{y|LG$Iyhkx5M^)&()SL8nA_rOE#@IJ&1nAQEL#> zT~f=~?m&Xpoz^5=K&e&bZ-96Odv^iOa5fvPFyYuNZSpJk^HhD`)|C?Ty%9Py@m^<| zhx}5plyAeW9ES3%d|ffi*oiKh2d?0X{7t~A(7*bO0qZwNct_dgI3SFA1 z>bmM>HY#y$9t@)p7D-@qGiUx8%Sz(A6i5o*`(j+Trq0Huin<%YH-lAfK8|4*8FqQK z+3gz2%u#){3>6yP!`2WUS?RqFD&J1pJv6Puo8ul8+KQ=qp68&5y;x z=75#*ou`h93~mIXBduy{-GsLxJhD7gzv&OvGlar;HZT4F?4^)d(cUdwwDnt-QJyiP zN`JeB>t4Io33nFv7c<;K-+c->m$tqBG*8t*U{wHq&oo=B=y@$bzH;;vq8xKV04u&o z;<>^f?-(->rT_N&_EHNxaQNIo^A&Rt+;ykb|MLdY!+{EX{DsDLxfve=1q!)V-o@rO z$2nE!V#RvHy;P;y5YWM7Q+^Vv7lv@(lCg?kcs&L)D zl=XTrPX^z<6U4a4bM_K9k8yVsk%u2U3+d4VonO2eGw7gsR#9Um8h8l-S*7PIa;2P1 z`<{9i=+~BaO)8gjiK+f>1PsR_-n(gMSWjksW$3fnDZWE-4L=v@W-DWd+|QF^g9Gkp z1EWOgHmv;S0S(X1Rmx+`x$<{lw%C38-?N3ta-aa3cN1119{;ki!Ti7Tt*^ zts%5E9$O3Zs(S%c!uCvu04z?#X&Wx1QUhKnyfPrL$x9X`qMC$LloVk~{m)g>XgwyD z5XS(SpUu^7kL0w2lF>NF8%)YW)}p!Z*ImAZNW+*C(HVIz=h7H=w%`HnG2SK8WDPPV zZt)AjRLrtcw2JVpV~`md2So*@)Pr~kN8b7~`;$(6gvpf+3b^-@u}jg88%OW9?g2oh zf1T-J#mgSH%n*M&r8q^9B)HbMbFm?CdQHuXdR7_Xwh=E%gR6Ucy$aclyW(7D+Y-n)%g@=*< zP%c%P%a(uDpQ(f=P2OxHMLw2Y=2@(v9-5o=pC1df6TTxRGAU>Oq}g(#S!$;YF*h6_ z*A2+&^-Br(8CGrDqlU%awAF=;+BAEU?V+cSUE*ya8MmRxNkpH$3?rv&2|JVh3FbX9 zh9NmhQb{J{tRmbCIomlLTq2ht-tm!SHUQh-p!g?L4xJ+if&N4c@G$wx=^H}4 zXCoKm-1#@^KCY-otx|yt%KhgBHSsi8qXZxN(}Aq)?YAE~1p~0EUkZ@_Y(r__-NDa! z2ZCR~i;9M=|M+$4(;8&NdHI%yCq~kB{nVOI01uXriqG(^jxU-RODQ?^h~)Zm{S-?( z+x01@5U|BBmWR{{Tp1Vax30hBdU1u;)#5TiO|@@}(GsbQm)R(V4C=bmJv~z+E^NAg zr=o}F3r)R$6M#)5{!;t*PX9_FZp~mZQM8%1ULUXgUUN+%it)1Q{}gPzpa6mmH5~g> zS&4r}7OrKyvruS3|%t$313RT$wRnu3|> zLg;I-XHI_^w{O}o4)>+A%vJ~Oy=lK)^r`t^u5K`n^RnF!;{;z!)t#JIk&lxASA5bl zat~Zn>A$Y24MAfs@MpZzmT0_$?ilvdFm`)}sofMA4WMOe|Gl$24CD{{B;-gl%1;ab zplB>*lxVI+$wZOkd|=U|)%bTlF<7}wA~$B3y~KG5&+ww>J5|&Td$tJ_61HdI9naMN z`vnUH{HVSUeJ&Y?F%MNdm#`W&3E||U>l?Ryg$eiwK{fvFijzD&hDmxKSPf@32bUQ< zIu2ql~k9!pM?&Nm>?MX+MdRr^(vxH z2|=65N(ibuji>PqI*yt%z_Ds_TJ8&!&WhJeKiEvw{p^*Ub1u-TdZ+p2S?4=ubPY~O z<4QC!Ovk@SuVxI?X|&#q$(3B48q;cUcc`y6NXelS24bq{KcUjYUjt+>?Bqz$o7+!U zhZtEvf*RTg*-48yyIK$r1cug{0H8gGXbgprn|9%gvbQP@UZ;8Z;N4V@MuT$d!!=f)P z8_ov3(x4GBRDZ%6>>*g}4eKBh3_dQ(7QhXB(6(;L>6Elr@~us{6RTF0tArHrlY7`V zU85V@#j4w?BH}tni8T8zf`8A?b&y+s1fGDtyixvb8>FCXe*SHXJIrSi@#BJot>xa- zVBdR%gHJeW&8LJ6k2VIVs%rFX8(aAvv)R4q`T%0&6llQ>*kF-S-CfapRHAEEvyE)cd+hxH$L_{V z;YXd5 zGVQ2@b zXQj-Kn;W)ML`?!7rAq(sIX!l(U-?q723+FT%avhq4F_RT6D??2awKz~#{?;QXgd95 zZ_)n}WKcWR-cSByA!K(1N>i@;lyCGrwXoYxV;}7&IKpPXkI!rEeTwyNC9~6k>}I#q zdb<~ARrxu=@d{e%QqB=yvox|Z6j$97_k%aOwKt>F(+bGccPC1kbSh$LD}FdBmWj=u#&7LUx4j!H(l&VIYkk^UN8>pu$l>^D)lIpC z)%tK3ZG-tb@-zS|x)pYiQyy+#rG{%5pn596_)1Pgow z0br3C&yBEi?a};vU7Ho$`SKi;_*}XZ=^X<^cr8&tqdW0J9{Q2glzG$fZi@WDQnoGK z$p$F7Uu4vzV6VP@f8(&3R^IMxog3B`9KctF={QKxMnVR!7~W7qt``}&E zii|40Ga(Q2*gbB!tcopNyJA@WVdwRaep{bcIr9DM&-EmItJyu*&_#XUC?r2w>Fw>; zXv0VYTLLRP1~I#WTiWI;())XzLl3coRWeDru`@$9=Hlc+BBCNiqC8zJ3ii zS1_KyDN;reNmHI(Fj87$|I%kwUA^`E|jzZ_R#+l$~wU$w5IQu7xT9%lN_KS)jp~+3Qs;MU5T3l>6=8ZJp5V9ES?eT6~Z32p3n(+IRQxhvjQ{%-5WQfa+ zk~f;4UFy=%mAQ>_E-~J?T~v!60;OCdo0B7BgQHje{@+W8%^NK*QWe^MZQ9Ry`b&@|X`0LdlZD^mFWJR< znLc0dWcks?z(+^!jouB$(`vXhYoCPb#_2kP=N;*(RbNlEmg(F=%U={_uh$_1ZB8BM z+2L~~?~M+sGir1Ozr;D7^xV)AHhO8mnrfT90JokONZjC)MJh%!pFa*Z85DiZI6+pizsm(4HeXT;BGNbfU)6u+$>t-ACL`sMR zISh^V-Kv_BwohDrF@OtMtGG*5I01dUK!HZYo>>_fPTx1qjT>)L?G>uF9kVWx-}{g@ zl9SZ&x=jX`dAIhNM>)9uz z9MFMN>86{#=4elch6rE0p~Y*Tjp#$ycdoO|ZmZMBg{@=!bz#Z*M(#;P2K&L#U*_>x z^Q{737uH2e@s}qS)pnum%xX<1vkX^!`+ZN@TrI1r;t3S(U?5;W{+!D|~v;M4R zK}{+BQ?(Gf}q8;LL(b7askc(SaQ?PUl=bd{prVf5cqB_}b}PZw8^CIzD5<2`?jT;0n6>{9aQV8+Yje>z9?w{z%g9c;j$ zv^%B-g@oe$$j%Xhd9-C^?41nk9mKII@L0I?}3zN~&istRV;xG=6iP#4?d z=@Fo*SoA(^0-vluld?bcdudS8Yuvp4v|VxPRx*0Bp>^jSFWLH zt|qrzP1TYVY;&%{E%K&hk8}Z!<2+0Q04O_50RO%?>AA9hKqffSKdR>wozi^4lOi<|3;%53#8);2HY#{JfG2zh877cj=UQhq0c&94gS8 z+gm!HV54VnJ>Kyg4S6c7H_?hnq)&GnN4|X`qVSknt6<}90JhXL(_U*uGe2&xl;#H@aZx8Nrnp3s^aM6oSQZJPx@*<;~dh0JPr(DDmbftf$#O98-_EK@J`av1dBU1FXG6xy-gNOgY*3N^#J3$9NJ|=w308arz z`O}KV-SI1R?!gUhzNd#q+|Gp$4;V))U&pRD`8w`(e#$0CW((#WoPVMej}8Bp?3f>b z{gCTK4MYFfVF1k&5(1`?MvzC7blcFsqE(p4y0q1&SOXqeH}*xdz)@_1FQplXByBi- z@L2|cXZ*pRIKu=UELcNO67uWn49yG|8(4uOL>W*N5{w2fK`YSfrL8n!&`!6RzP;GH; zQei)>3y|d+ZBabgj7&rJY^g5IP>D43PkUkIt;Wi8y$_c2qZgI>-vH6_5c24EmwwiT zB_u$V;iVmGw`IYdVi)`pISLksnM&d?4LGm-Vg%g=YF&eh%eY39R?>taoo5 zzQk*-RZtYw^H3_Z(odk~+`t@%i}%`(Gk(2I>a`7Ydt*=Tv!Am}|J>qc>qQNxy>R^- zA^T6j0dgdnBiqY^Qx}EfW{tGfy)u(;a8fY|iI$5wL0CkM{p3M5x_t(C74Evu$7$!0 zv~j>objn)3f7llv)0@?ou9SS$&-L4cPwEi~`tyxzma(odvFK>AG=*QUjqHiAfQ7LO z1ULQfJ)?v}ANAeX3MVK(d+Soj(Mr$INN@K3RF8!uNuXbDb(#5BlRlaO;`H~M(pnur zAKlUmq|mGArlz>7dXo0PX>Z{CpdE&dp0(HHT-RO!#dA}d^T31M?ZL+r;QZ%^QBZ9H zQu%UuJSMPr{QHegUC52t3ctQ2?k$4ka0)C5TSI08=jbZisd3%+L>(!%b)Cslb{qOy zrLJZ&Frl&qjm5%>-tpJ+;bSF6ip-P-0`Z*~LOe;ZJ&iU7S<2lFFUjCa7SpWyIZx=2>?VSj6p zFjHQ-O}UH+d#y7Q;qy42YakCd}ZktM%DDGMV8^ta-7A~UP`o&R*p;e#(t1!%#Cwq9% z`kNY#twH;!aSu0(V`|snAP=C%yx;%?&|_d;(jlrIeWP#1cL7J+!Rb0ys5_I|=ZB?bXYS#>SW4 zp}3yW?ONb*0WyG0NkUTY;(1Y+@z@A(AjqJ|-pgQ&%g8olavV_E@=@Opbea2J_H%4{ zJ1?MGE(SoULs)miuK}T40u+6-50X@-OWWTge$D(F9oaO&x&vg#54&e_6AT?U?svCc zX*&8H#)<`YlroSDl4CB)^veTy2t z;WyO{E(@Z;ap^U5Y?IQsC+b&^ohaRo zhK7wvSu`ZxtUcU8Hj~QkE~vkP*}at1r+7G7Y#?WGys&<^AL-N&pAF>?hw2&n;L73m zPrdV*G&1{v;Z-KN_pK;b7cu@_ zunpS$44=A+257L!YA!LFjs6|8$i@PSHA2>91yMr`R5XIUtbwA06eZAZ-=}dXr1g6w z#3sCyAVq=5Qa_3ZRtYd{5Cy_Fnhy->U2QCiUW&+PU^6ZJJl9}k*L*kO$i_aPU|SYC z3~i%D*RIR06FEa}lw891s$BFoqGY@YaK@&j0oaoi346bWzui$uC|$rg1_bGf{Z*m> zk4Cjkhy%zj^*(9=5}14lsW2I1VY1FXgsCv*Cd|l|3m+jhZGST7C+h@B_1i2xCPwMV zmkB*B)tU_;hHo9=$f$T>ZuBU6Drw*c`5^HW0CU@m4Mezh5%Y51+>$ZzH)mD@ zX%$9m;~`!6^ryHCEO1b1)Wn*5eK><$CR22x5m!Qx5mxEe+@-50lXz37Omhyzd6WHx zMMB}6jR@MlC9pJW2ea2g?9xXvy*Xu_LGt;a6pP&+aGnpvWBumy>o)&q$^@}T3)v0g&7jW8C zg44qUC;~La@mnT=%E7>dmdNq?>?M92C@TJSbXg}(=FT+*ExY#lsOIMI#=ETPtnl?Q z22}jzi($+nu68$ohKuU5c!;?Iy0%%$jzRjmNzp3er$J6;FYr{PGtPm*vMa`n>oIfib}7+oZhAY}Xs{x@-~&a2}Y z((?>&cRmIVf&3;r*DgrXD)q!POEJ?Vm7Esc5~K1^m+zBrQ+&KDkhB0K^V2QC%9Kp- zX-Y^hUJ?53RqOOMevF($$?-UU*cP=jbdRkXcl^?>k@%C-Slp)lAtb(*EzC~ZPQ>q- zv#EhjY~U_=ms`0sTBkx+&H<@QE6TZj2AArY;N55uXu)#o;+twW>6durxqGzcr^q*m z8z!6W8S+aO!PSTkd-87u-`06Vg15c@$;u(Xp1njL5{xaChZ^ZClPDj>KZa1MTr9n} z51eT1$__F;DzgD{R0=4aw@<0rQwq`MPGprVQkyaSSqsvtKpLq(RcwSN_z z(mZ|s!;{OUa<6E@x0nKgZXhCz*E{54+R-2NNziva_NrV7y;K6vcEz!Kb5qj8?`JeV zXFLa!=CO}H+a+!*jE`X6xr7&9dF(g*N4Iks0x)#89dL!#y(A!-05CcMrBum*grsTa zTS5a)AmAHTc_83(UFO0Ilhl=OVv` zB_$c2zcvzjCT8PSCG!c-8xGYyX^)+bU?bsV$D|5T#%4E@(Yr-A2|X=MAzTOPzYjwP zvGJT?J*hh({=nc6#JKtO$@}NZWYZNEj|%_`m;NZU_?9EfKmdcOi1oz}>?TMn!iHv>YB%>WO?&_&m%E&;OD-{#Sgb zG)|z*63R1C1e>ivOx&m7Ft?m|epgp@A|V0*Wv)mW9qOEYyC^B#soQWS?a4yIL%CT^ zCpwd2ueGxKA7(C%?DUBMqr*743D?sxPQG(6qz4VT0gFY$or`s@>nqbdbPTDun8K9A ziJ;0~xO**Jmp=b;L4daWzLzr!Sh|n)mVEzc!-4sP-Jt6z2n#SHIyasyNZA>R!zl84bdH1}? zNlXgXY@YWC-Np5dhAp*(_H@+*h+H4D6Zh?lTd7iZ=~Vt5`fBn!&l2!tVOJ?E?Hy3> z*6l*(Kh#F6rCs0TDcaQdEUx|0!#Ig7h+wdYq4YSODJM!KTfR-tXCqXSMY=~jkWGMR;kdayFjXdL)dzQe z1E~f#^ADrwj4Hh@E;)8<%t;8XB%ymTA0VqqOXUv$@N*|9cX-jbGqFTkN1H3<3a{qV zxFnhNBum8Z-VV1-7f%<_s1kRhXNYbHk>WADXz~~s6eeZ+<77-Cuyp*x4q9`lRtFa=u6MTjpzgZ>Bl_RX*j2((a4Sob#3*WNTaxmP3~9vEz#gJjft zY{`LC0H8@@{7=lyb0Pt_lELh03_`2((_E8P1ZYcR)hVttHf2%_FA&a--p%uY;Cx{O z9n5*npG6aLX7~XyJ5~m@9<=$XbtdHcc9rGNav7%uMCBTrvW|-Faa4C`RRwKfNExu3 zuI;`llm4WxjJfTqvP-PA*pHfd7sx!1gRoCR{A?(-^n`vWd4O)Rui;iWsV=LpG|LP>6iU@; z^smSSKyYvAM=O(%4yN!cC^1kNsB7#sT&ODtpmqWQMkd@ZixRUdoYGM%vlcNzPS%Fw zr)0qw%m`=4)fuJcHpRlZP%X2<8J)tAGv{X^gJ{lioo@~YR>F;L#=d!iNN5y4 z3hjglMXibeA7Dc(RlFtS9Q6&BJkEn6gZk>|1NJ5lOkCelE>Jyb0Uw>4`bT@^EZnf) zhgFComr9l}ll=-`i`1OS@=IDj6B;2l%xFf#!A$Kf3rg87IBvmT3d&eHi|b&eX_BKr zFJ^wd8MM7KwB@|LvKbDlPRxk?&mrT&tIdf=W#Fh)Jv*P2=9zYWwOqN$Y)p|j!>2^# z=@5bXat24#2eeF+uXnaXa$|_2piZA#q#zMH3>cCd%VAxSp~wk@5TsKdlfzNE+AM`4 z6@5xSLA0oJ1x6*d)i$su5{g^LVxw-;JorMZdlPt>xglzk*6vP96TmJ!0ZRX*`ies~ zL^?4ktz;Wa2)lkJ7T9x8KijJ%E2L`95xQ2ve)-1@< zUaJ(-DFKLq)7vloC!-^G@a>eG*A<>GYM+HKCJbD-|99gA{2rY2Hv_Uv-?TFaLl4OT zbKojj9ZrCBl%Snlfr$ChGugmHLKFSZF=m)T5~&<>SUTRlOCc&guk=*?a&3bUTBoqA z6j~7;HbFucvKs0JTuza|_%^0%{wJFTB0wQY4d3k4GTp=UmbKetfsY|MgTc$hrly@P`F#Ho-19=;AV|6s?f7 zI%Y0kSE%Vs{M$cm&COoo3feh`wnHvxm_+Sd6T$Nxv0Yq5ym}icqV*b% z^4Aq6CEitu7jiKBp`9f5VsaGE0F8#!qBVNv)l1lI9JEm}XGn#FKy@)Edev6V( zR+`ZCEAO>S!0Ps2#ciyfF z7PbWnJH93}^Am*CkV44!$S#FI=9I1(tL0EYD7ac~Jpxeku3vwqN`j76t6{|{TugJo>B$-+K?_eVKO{z#IA=;E=P@1!FPDO{p9wo6h^!u(XoxDvw3;FF} zDwvk8FA;K+)a05oR_1+0_Dciu;?gi?t7n?Hu|Xiy9x+=QeA=+bmYFZb;nE*| z%|3Q>n{qI6@o{7qCFZ?XR87rMF{HiLP05*o2CDyN{wmpN9*3Dp+~PV}g2?gClH8cA zI}~MT|CvE?=YI`Zv)kn)*DoK8aO>3H@7^wq_R}g4Xgep(H!Lo?)b}>Do(PqQ_t@4X zt3fHU^tS{UHn?x5z6Z-&$jJackEw%dgD5KOHzslPy zqRP2;5eM(S)JD96Z{nW{8DX#|+xz4HN)y}=b{89G4gGNxVGQJ2PYJ59oY>k?JL z>3Lp8zLWLot(6ky7e~)V67}T3U4EvS@y}g;0O)z1TK)N>H`pcdXH;Mtj{%3KVW*3K zL6okx60UKT$^HS&9<1-NRM{IKd5A3HyPnZL;$QGHv4BpG%_KAnd*Ts`={4=1)@j^ zsS>&;27drQLA7HCV_fHHIyd63!6gr_HJF|43C!$&gnLmX;EgR!TcC3s$OD_Xjm8)5 zzXK9Qyq^!=IISF3*5LYA85;BN&mL2TUyyGnP@n{b#$#?v7VxWqEYzS`hwf*M+_lqV zz;F8IWZ&NTw~0!W=7#hsm6fn z!(W9km^2&wVN4=rhVpfKwT>^SR>i7>1xobXn~gWZf7_$dPVc>q9yJ zwscM14}oUjYkXxhQCaEKSIn&o8VL@K-SAZ#RvF81iP|GEtHHW?HF0`4vmf;UBlsAc z9F-`)KEWKrI7b<{?~M%?>8%%vtJPR)7U%#B`|CaZ{byBi#Ag{%jphKLSG#v=r0i^1 zUje>wo^=|JVNo zZ28Z^|Mh=@KmXI}i0ohg&;R#-{QrObyZ`O)?GtVNRW@Dm*S}EipHKfnpn6=lf1&)p z5G0+ZzrRgdEos00Jro<*1orpiw<(+A`_C~5grNTgg8vH&c`)%WltHNX4f-2F;pCs= z)2bN$twH>62sH4Y^fYgVZCvYrp)B|=4_ncJzhEelK&ZeWTvSr z!Xi@}a1R2Gl7FKF*!-VV$|xo7 zkod5z^3x)>@lGB)OLSAy=Lml4y8H`aCGfx53X9@*&_5LKIN~SPnX)jwC&%2XO(^~$ z{i%GrkHAk6-Sefa$g&)vuh$tzscrW#e?c>#&)9;JD5TAA^Z|z>qyR-}8KF1WvrGqh zEIB!?V9yO~g(&EQ20IM#R*w?H-P!Uj&})L0l;(R7>FTXUeWgtXUj*2Nk|(ZsiV;O zGZPw|#CoTRjdDKhymt)y2K^WxoJoIm^{KyI=aAsBg@(3b>*%@HR`cm*WPmT5Nza){J1hodG{lq z9L#6ok&__?f4N9}Xi~=H!-KPt^|q5Tf0!UW2tV@B#TpbYm4j6;WQ*~~JA%$doyktt zGx#ia7wdEzI23$gTZ`ST99Ar5u*2pD@ZR#CLbI?*TptaUua8RGqFQ4l zI1F?#>)Um!M9>}FA^|vx=p64`@>_cnyzw~!FHe6-W0Y;nM_;q`@ZM3!L;=xF> z38up`B{3hzPq5<>+%o{4#-KWOb}cbq+RZ+6K-?R zM2>h_whw33?(RcG$mx(0v(6tep!!RE?Ku%``5hppLsD>o1J~{S3|ILc=ZlD7)D>%Q z`{vaYu z{Hr|h_wMQem#u|D#Zo+CIViWwU*8egdB;$@&aINqX!a8VW;weN->%QZK(z2@z4RV4 zS_P$J6E({jce5K)7rN(T-Fv2!+`U}uqJX&xg(js5_KWx@F?sM=;Cb?bqU5ODr^Xb% z!p!gV@(#@}lNL7uHF;A+3uS&;CZuF|?sVDO ziDMFiu_d=BLz3?_e_~I)xRu>cAtsB@>mP%R^BqKrgDGc0I1pIpQHWw;or%N{D%|Xe zPm{YQM@XAn7I=R_Eh|;Bz`SKCwmQY|OfCdz_Iqr)Pr#d0CS5ti?$a_Uo!pNt)M!B0DD|-x*w!+z=plzgI)?MVvJ%TJD!FMp>gr z?gx;0RjLLlY3^AN&cyM+q2JG3xK(K);)-z}%o4ur2czUZ#Q{k23ZZXvIksGIpE8@XE;d|+;q zZx`LMOLbH4^Z|EjQpoX@7IqKvzG5KWLOaAFlMI<9I)#x@DV?NoMwiXc{+(Eny}4Jn z*h)cq)9ckz4dzwL)z9Rc+^crhL#e<=@{U;1J%z#${15nAHe>5K*zv{4=K#fH7umYz z*h(_Ae~jD_zg6K|JH-|}a2f_2k8|T=4CM!Q&h@P5ld10z(v3%FmOv+RHE3AXKF>F% z`lpw0!I%3U;juzH%Jg)dn$+h4_v>Y{*72uG_Y<`2d);+sPxLbcpphW=BUcy{lu+{6 zc#fQRkI;plIOHVtWNz7BBi6ekwSMuBmZu#Sd_p$(R$WZ2#o+xs|1}y%Du@j?KR;wr zHEnBGW_QZL;iPIdpf0L>%H_2mR73m^BAc_(vD@t;ny})Zd$46rQ}nubmUWZSIdMNM zaewq81Zf;?N{l)9%KA@fFrc02JUilpVK+N?uninCv^zHh(4;UF!WIr@ab?o(7x_qG z;V{=pqO?Q+9hb92#=)6zTxvnm@@cz5uG%hC!IuMc0CK_sKmIT5aaH7?V4jj4~ zItd(B^3Fs4iXPF^+1!xle8EJbA?_Bwr4}_>8^s3A@3+jllDE z=6NHZ!t$7Jeq$SfPlS}Wtg_h(C-2I)o{+soF+p*+e_Nt~ap0}R-3P-|iAv_ONJ)A= zt#yEf8&Of|kHVlm2+!-a6`_c=UtDCLE}yZi3g^zSKr>)R{rx>$A)C&({eUex^y&8A z@G-Mo_-LH^!Qi6th=y*U){&%r2bHo(LuoQnZg6C!Gbw^Ze0+xGqL!2WzbZCbSD%Nl^DqbW)Wt2KS3mX<0~O=NJ+KT#M6`*WBYqhJaLbK?Ep+CZ1qXsMy~3D+Tw zc-&{<(Cq%$@caP|9{?Q~H0>~5D#6w>$vUX)z`|JdvONjXcmjmh&)fEHI#xUZf4&%p@V9XJMOi>)?oi~ z!@ztHi#L|fDD7x15GY)6Zu0S%&u@Re&+6HNBY=oAaMFSD6~;|oaqyIyevtTU8IRjE zkm%}mCy)|V@;y_`EvhjMaLlX*N3Yu)5Mz#3@2BRvsUK|4DOm;{hDEobXC1){S90s* z!ee_DBii+DLLB*W+UwdkaF}0HUGGy!cU&MA~Y!W~ObQ@5iFMQeasY2gnrQ|-tW4{CO z>O4C?xNs3t-%mE_;Wys`%vh|$cST(b(|PIU4PYs3p;D^c65g!b1#CsGsq`MDY}cAS zwLGutxamvpHrCVMssg3U7IjZ70Tel%ejm^}(WagM!Bp2@`TTtPNzU3j8TJ^2AlhL# zZK;T_5a@?}lIPcZ;dlraKdzFy&I^7*iT}!;=@U+4sb;*aaAL-p#dZq zB)o3WWlBjmFIH7(RYxF*0m%*U~kqr@P-gCUaj_a zA!vtaGO28cYI&0VSiJ*P0>AuvP8-ZT=j~q6HUI(uy$s%DI^e$7im{8@NTrB33gYnh zzMZ(*aOLb;%-nMp`3srU$2G|XryLy?X_1p2OjxVZ=vupifG2pu!n=1|1^`Fks*4E> zGUG4Lp116taixhgTyum7*NvP|zp)uVDumK5Q`My1ED7NTOsnn5#3vv7ODRUap`r*Z z@{41ct5QMM{CYEUxB;?DyFL*_>NG^Isr<2DxQbyK$a>i*zji6dlSe~HLQLQ1x8y+% z3}l?#1OD~~7Y<^pB4EeO)j#!CKQAhTFK{uCb_n8ifB@~_AN~y(g4o-2;^2&B!ShVo zAc>u{9#7_aB5>Wa-Q*km5K?^mCF^lgkH1*bL&*BjtWG43=|vpGT6aJx(;5KagheUx z+Zasx%1~%AWuD>oE^aIreWS%;J}!pLkh(Q&7c^7lHyQS2@T^Wl9r77Xu7;oUO6U&r%z2vK=EFIx!e!qs@Hp?$@6L#uT+O8ZG8ZGwKcH=IPcs zrgg!StL40weMOKtmNY9E;Nu?$ATONhkoQ{DbNnp={aX&ViqV0#!Ne9f%5^z-C zEl+HW zc1iTXF*BZp;yH&hykO)aa;nh|Zlitia~vpEY+7}k=U1()CNO)p2pD_5KJTn-LP9#8 zbp;3}Q?Y|>&O0Uw=Vd;%gZb<01Fwtp z_RiOr@9{hrU>R2AvhMnPg1i-X9UJdZaTG8q6y@( zNgNDPY++9VKWr$+PAT9g`Q?4&UrTY1r0dkdNEOQ=p3Bd?A&#+Po*D@t++*vI_v`6- zHuVf5VbG2_$!#k-0Ljq1K7_zwHWyJ^33vvfaZY*l?JVSr>o~% z<$UO37}(C|&CixK{iTONjBZ#WIs?JVZ%`udCZ@hCBkn^wQ24xN<2#o!zz{npaLRFf zPThjWVvTB~gVYQJDvrqWNE>ITtomHPIh)BJVS75R3XFzmD!xmxB zx*hP|jl6AwV2p_E(vX)Y6amD10bMOnv&=^w%5Xow>%?(VIP$Dblw|AyPhcU>#}wDo zo`FKK%aY7~9+8Zzc@x|c$1^B$@cv?~G# z^)*6lPLJjJlwxha=IKhmahbiA@eZ{KGjThmeATrc<7VAqoW)L&z$gpCv?4RK<+EwB z55JSgws%bw@T+9Dy54*$_2{Wpi|wDzQ%^O?Rmv4#TJNq0#wYnV>nTS@mfiMxGnAF( zuU|0pWOE(R6v}Jl3a2k=mkA@b1^@`)xee6SSn~*`qzs#G$@D|`GFMv zBPPkju|{k9ETWR;Yl%`(tSAj*ssLrx5!3m&DD$WR_OUAkhxY~t#8hMbjL_EH4Cw2I zJ}4_lK;MMgm{k54;Fi zb!FdVyYz(NnZk^1s1~QsB*0pj`}>wG;12RLaqII(t?V0he`<`%EK%2dtR_ai6s;3( z7%Gx6_7(Ti1?+1r0E&&J66;V;s)4p5sEW3aA{5{?{d54zf?D&sa$I-MdiESmn2X^gY0rPkVk$!**cGPL9L+a!y}= zS-x?SuP?|Wh(iLj4?*+I;LTf`^7Hi;`7!ADO;W5KB<~u!en7N~nCG?2TnnFwflWP> zsLr@ZBhjBr@rkU}1wI{0B<1j57YqwRi(Y!GXpaZFGxJ#K4?FeUj2mD*p55}hB-gaaEpaWB*P}8Y0C;I(^|m4(h{$-$ zFXZLm_;^p0ax5H`7VD`#qKrBUMXR_pa)T6g|UXOJK6{{_B1r6e^3=u1L~i~yOh^;KU72C^7;vQc!EjAndSQ82`Yjw9{*#2 z;3QZ#AQ*(2Re#?`E;gD%2ZT?=dI^(cCk=vmg+)*V>4ZktYbzjX-Iv9ZABY7dc z)@FSGD36&Q36P^O>?VE(5WQq~$*E~Olk%8XLfq+rvJC&r&(blXH8{jypIDE{ zM=9e3PPFKjRKOla+3}mO zw1udXnoFJmuSWoeQ<&%5i0v()X?}#nuK|e^l8b6E+7Q5KLfag5*8?mikM?8JG%&*g zq+VT%xquwdKD{dMstGec6qKGAKz=WK)mkoqrYeKP>Iu>T&y?j(ZcD~QX5IOl!BID>gb^A|KliUGrQn-qJ-`>tYKumlhSas#Cy09cK@BY-QDJL1npmiA`vI4jcDiW|*)s?+~e zX4LGs#nw(HrvByyZ{*>JL6s2l60$XIgytd|kL zL2O1Fcwji8zp_upS#jA|^nsYG@4@9jxFb*dHn-TL<4INY#JA+@LLCSzfC^LL)M0cy zSh% zrljV)#?c=H_Z-)gud5mJsQbvj3fq1&qt_j~FRc(3QwBU*r^PKY`>ZEi6^kFm!+b3V z)C9!K?Zq%H;?9TB;TZQYr|*Lz-Pg(L&SOLBBLyh0-qglLp+!9o%*ERwN+~oY_?(VS zx<~!t9zm~@vzc7t2{v&$V*Dys`i|AQE zHE6!bK?@n>ao#i(`VoPO%D4+CW%&5?lr$wBGhQg)qspvK#4of4T9Ma_c`NHg&?-tP z#bt=_KkS^9FKkHFi%@?$gF2)fQok>3Mp1h5)aXax<+pfL)F=T% z3rL5$Fs{|6nNZlk2&8=T0j@L+CWNVe!_yiC1M`?wX-(+(aS1#GU9Lljl$$%0jQd$z zWuT``*GAP@K5r7{@!Rt&YEpko6+~qN(J&t`fc0&!eLg z%@J=lIF`P~EN!Vz9AY(fQ-lGMSt|zxiL`HW#NqVQKUc0`<9gmd7jer6-vi!lNSR#q z1^xu?40`D{gjJE%ZqG*61tS<~t15YW;o7?MM zDZBySK<))-*Y5{y)H>RK$`^2&p~69vwm!T;evaZz?PwR2$$Kw9U=1*#(x2pjxme$@ zFI=}4raYbCIisyb8`N+*;90j?&VkZ z^q`0$^efjYv6N+n;2%S~Qo&4<#2I>8J6ysCJq2q327d#46l5(eMG)qXvdl^i>D^Ki z;_XxE>P)35h>{P2Y$=TzQOt;XqwSya(~L)!S9-n=wn9*ZohODt~??uB()SY2ol2^|zISK|CyjTXTfRY#3 zfSy_v?1Evq$ljXkn-0fH&bPz#g?*LLkyO|3*cd~ZvE_EM&|`Mqnae&hoqF9r%y^|P3-LK@Z0EM>VVq&I~#5! zNL)(;=>=P!6<54=L>p3jwtewA_+49G=3tPm_&p?7bhZU&3KnpDJfdx?>}d{;H8fif zAj)D>dbrhoITS!8%Qt!*&P%ochbZ)7R(sw3rTS7+<}RdX#Irw~5FSvb4=-TO*i>q@ zq`ln}v+(QXjM^%=h17$ufjn3I&FfiS!%<*0SMbS>3;I#)OU=svX;)b+=qvbxA&!JFFjm<5>7*=;+@cL~O~KAmgnC%M4iUkoZmMk_oU3FSU(crHS8O#IdGgr)u1&T^J2-!@=-_!8eJM{>!A z`=~X@2k0Aeih(X!&s7;ZYa87(1?d!_q$94GbTI$Nu~5?}BK?a8)&g#437*M+!NDf} z7!C-5`ghnCs3t^|SQ_F$bi>&uku{0f<}-bKa#Wx2=6H+tELYf>PW~1^APZ%pWZaiF zg?*{>>nOu^M1h(jelnEOY3t*E4Fd;`{)E*Xdkw=VwMqe`dSuQWBea8a88nu9lP{XEcc=~780mxK--iR#PaMv7f;ZuPQD8%T>~P{7({O9iSbz{@H4C`xij zo^Aesf>T(H96m1;Z_(qXVVs}cXw3ZvQl`y(XKor^!=x=*7Y%Cht(+En&#JszR_EWt-nd#c00JPi zTTRw7Q5_}tDa<*n!P=lYD$$YrqZ*Ds)OSn`25BB@C-9v{^wz$Q7F(%9a(GRv{HptVw%e#s=A&%QZFt>$Y zLwrZT;n1i_>fn-ZOp8}a`Q=su;v+z2!YClifvp(OVah;-K_DucDH^~LL3Dlqv&bs; zKtQnp`u96(Fkm?Y&hh$iDkDvw8`WJnQzO^#JC~R_nm2rA?K`>dqW|(ZxP7@f$i6ep z)aGdkX$w%sgizO)im`xAKRW?Is8>SVy50gA-35wkJ3#!?I-Y1iYk(%?Y; zyTlAIY5|Seo3+rk)1rhJi~=J@?Tu7|7wyDypV|+3n_n*vyLEwF&!o*M zksD9KAtXZdbKTB_NMC~{C`{+}X%xRSYAFqU-8nsnu^R$6rp2j2qA+?#3KNgffMztd z31-lp9vXh!R0{0Ykd-E5F7Z>J&8P8mE2832NM2$EaT1?fuJoIGSASc}fD5k-kj;Ky z0(VnpP}U?9vdN2vAgRv)NT{n(&6Q*WjvHU18j~qOB3wTC%G%lt^x|r+#RtYF%-0L> zBpx@;5V7qCD|nQ`d-BAK*du&d`T6$9LB{?fe+lma&Eb~DB}Pq`fQ*MtHx!5f#W+fS zm)Bn~LE#&bfQ)CdA5~tToqpk7;cL^1^UCLzq@|bjEpw;!18|uDu+_=(7v z-Mv}6fSAtq;;>z!VLrZDQ0P7!uid=2jsvz+s@3zr(+Hb8`pq@n5i%xUz6C`(u<-$$ z3#7b_gI8!WROuM}F`hsck;mGV$6wCg=f2~}S$@zT>3V*8RDz^u>kAuB=9Zf#*?g6d^`}p1Mh-z? zB-uX0r@+)&_FmTsEpmwkJFt<3d&+JcaxkA*e7=z~seh%Gr70gr|EJ7nnoX1oN zS%D4&443eW5OXT7+VyqYK!JYMON}Fn4axnau5SR5;Hra*?KK)Eoncu%d6$vc2(_vm zo&fk{Sga6l8#S5YEWw}&lU_t1vzy>V3@$`FLg`ip8#-zU+Dx^f1R!zL%f&>Ks|Lgh z>v^$Q=9n}7e)5Es^9+>IpqX1-Kg+N4&tpMZz^#KEz}UO_%`qw1_~6{K1TW$`;Ldlq zUV)bD1L-Smv2HU%ChjE4v+=W8QzL5BRxu+yBCoB6sEGr` zK466^-HKrXh$$9wDP`4-=?&;8$C4L2z_bRhXJvne38imb|M`L{Gdj?C{V8JN{xz^c zuvFpuU@5yi^8#q9TX^SzB4QJFjZW1|5a3eBlR5yJP;8viZfIL|=qVsI=$+$?B0bE& z8RY;aTJ}i<-zzH<^gs z;43INzw>%o`m24D9$tgBweE#H`sT!kRKNML_58pLeLRbWMuQqeG4zMK%2P%C#0|K8 zaF!1091gc2BxE=>(08X<1lpGD>XEth{Pu&BF-8(@S0VDv%*BOq{Hn9mWSF6Zbrl zD_{*T9q8c>uVZdQl)!?HPTL;qkNZ0aMYb>!h{A^NCVOZ@yto6Za-y$F0WjDC12b6T zCTIFGL1yuQ%sAFQObY?ALW7DiUkf!b1Xclh@OkB!XrrUz^g)OR8%+!WHMJ(nj2iVA zWym7cTa=}X;HXWX4{nQ*W=}Szfl`*%jk|$^613QBkVwF0LT^CMUxaW=43d*Lp3P zDg!taKJp3p6>tMjF79@W>Sqk07ml8-RG`;If3p~_!7we%<=ayt=;6p90jIt9{1t$f zRAcdZ$s{mBs-ILWAP*=I)H_b4c%L!T zS0yK^i`7+!S%Km1fw%bv`WGOS1}#iohf9MQcdfqxJU~>uJ{Y8Cw^4W8c4t zM_ur`*v7S<1D<*?enQ#U2lxZFMmY7l6=GM22gU@xb~Y0oH%k?8A_L+nKS&e?`B{(^ z&2+9Zu;<#R#w@xMYA^t`KN#`>@rOphg;$KLHx_d|8t~q%G@lC-YT|e*UPAkHkUs9< zJ}zsP+wdlSGi0U)!tgf*w~+M(JWW*uK@CSbScet_zeQc!6C5{6-IsDbGuuhVM<9%y z5m*C|{Ee~!VdsiV2uVA?ovNABK2WUEg-QBO9_vkoY6`XWZv+bv+wrp@4s0HLyAMZs zUoZX5HsJk)y?}T$1Coy9jJbvyjo*}m&6%4iJkaH^l7RW&K>9WCclw2p3WGHcHLcCw zvmQR(rdrn*HVwtveO{?E4?scw1Nwt|&ls)H_gNI@QQ?QRg*$LZbkp&|89h13#oykK zYO10Dx$dxDyt1s`N)@nbHi!9nas9{g)q$Mng|l_m4(-_dlB)>T+7x6z0Di*6A--LI z+ZO$zT4|eFsJ>3rZl<9*r}mbsgfYa=JfSe@6HeFA;Y9yIL1w_S2z&D9?6)Enz^bozk_JT^MPTt47!z!Tke!fzCZG)R9q=;IG7b1@UCJqs zv;;jAo(()$=y!yf`lZ3boS|bl3;|iz!GA0X6ja`oMuIItKQsl(ddG!})7=YX+aZ|m zp6{D7nd1u@!HWYGqT7i$8Ax~}Fo)Qna|68kDLA>h{p|jt4xf0dU{)Bfm^a%P2_>qz z{JK~mPmc!?A7-E_q=iVJKTzlN!2Ccp8oYr;dpjFTVaR@rS||WElJ>^a9-0OWHHQ6R ztc9{A!1}w1ejqzyc~*)giE@xK5P&+GjPHjBa#2isql~rNjT(5GmSLaLLb(&Ds2_c> zuun4+V_6+teEE|zRG==)Hk{0L-fxvK$-{#yVaPXcw%o=Y3zM4wFO4+5gqbKVma!o3#=_IIG{wxqoxwQHpd6W z7#3M`4U`)ESs#D0i2c$q=w?4z!iqu^wFmaJekw7bz~o7UFkb-W_kKsl7XT zB<}_bZ z0pv60{f#ytXUy0Y(c+N?QY;(5!1uI+ETNe$zwPLPZ*{>BFMxKttbog6SC;~j&mW+4 zaKKp_a{7HU$&5EytCEUy+!PM1?(_i+R5*--u-`r^fGg*1r!@xX)5km=^P%Mu$}+g6 zS%%OfgViR@y6hS%a8fYQ8umTI`vaFZSQCLrVHAcmC}U-{>wh%8NR;KaGir-bC62TF zjiDa}Gke;(zWuC1I^Bn`j)KBS<#0dhz4_oZH^5`iu%Omp-Hr?ck%cd88i|fYAwTEf z;Z*;enRJc>Afn!&Ia{@9Oxl^k*m_i2HG!=y_aj0p?RKn^Du>n;-l z9Ty`=yt(pYb-jbPpgOco@~mdfrcoXc475-w)hc3t1+G5&d2)M*;0UVGvq&Uixzv9i z2-m`22o+ zCVOzrwAM6z>Gjh_ROdq+DE?~9$YKk`Q+C+Aema>!g2(cXR69@pb~|WJ0f^qpu9E}H z9N{@5_QyWMN|I_jMOV>$?O+SuDFf=!TL46(?gloApwn24c`*rG@hilZfirpzK&2d9M}R;HeLu@A1fM}k zn|g4W!t6lQ`R`eLtq1l7L>@Hej#sb-Be8y~ja1*A*}=+1W=xfnMxvtDzXJmIKxt^G z&y!38SU*tv^HCg?Cgth`#UAzpMR(?j!J`>Yhx=;OWl=DQ!hV{o{czg(TOv9|fK2D) zWQEvT?TZ{C0g{OoEIbBx2hQ9P(tpQ8bAOs_2x9vznNh)v^Q7?Bi_@Cn+!CXN$c2<)lRKcW>gOKXogEAr?715Ow*F7*%1JsJl0KuH5# zxbpz4$^z-?OU-3qZK!844`b4d9&3KDfBd)XnE^D3%%?G2{5f`f+I<xHn3Qbq zwdCtw1r%<0tOlWz6>QL6eiZM-TN_;dad|>xezas;4ZLoA{2s5IU(rD#x|5vWJy<>W zu~o;>j|`x~w8px9+hoP2ulBi#SrvH<)d`?sS6>F#iYdX?;U37TaQKr`5l{(XWX?5u zVrK@(nZXnbF`Jz_v(n(y_ETb1+m;F2>5yBk(k^P?^wN~(PfvWLr)UQ3MZ1~g%n4*0 zk?7!hMDBK^CZnL-senuXOF=}U<=72=?m!7**>fGXjy}7a2Az|D9|;MK@rC7&crcY^ z?=-{#a3i4QSmw-6>n5PhgTNYPGMV2#@_`QV_tO$SNVE&|7YjHf7P<)RE}v76Db_uo zWf8ZS&p=sGlpja@z1_V5CZ0v`7N}LgzzFZuZ({I^8G@%cfU**Thsv$Gei4RI^OjrvVM^aRGiPQV6i!WPGQdbjerXM?(aPKDWm-~j)%ez*klGy6QKqTUazuuj^-YY3OB zTImAg4Q_aMU@QZnKuC?-GeYSix$}eLkkw%YUomU*5B9Zvn=d0E&XBb;S+yF9fjBa2 z{U6ba1ILDc>O#;ud7Tpfr$MhScw(OhPHTZQAC4u~Eu-?HKgT7p%^28t13i|3MQTlkG??MOjK8in* z|A09NmPHqF))|g;R_Zu+`+X8tq3NIZ=W+y8E%F(E#+|%UEnE&N|Rae zYYr5DGNI{$fB_u{1%AIGWmrG@!XSvU61LTl)MUB3fMI5Re&p_Y`xeBW$xXFF-*0i! zdv5}W-JmuyLKX-?F)Fq+ul_QkRxOJvc5xB9gF<>7EAt@p+c^=^c$k6YR%(d;^UlT%tS47G8VLTF_CQmwL#qO; z=FY2j@T+R*VSC*8+d_-!ShQ*9Aw(VZXyGBoUY@g0JhRk?Z~PeRaNb4uD7EVO)d(gu z3*^7ANgX~aM;y^JT4E47sHncT0w%C9q{n%H%8;Q)5WeEybv$TT?e&5DfE#7$3M{;- zr_r@Rk)DKAtVZFU7�}Nk8r`P^&dciDP!X)WI*CRBHnIA<@h3TiT-Knu~&M8-9^gP;c>?6cYk`s+Z1S zvtjW-$>@vVmm5fI04a{Ztf{Cn`L1M-XOVhEE4-O2DOkw+A^sal*R|y+5<`E993H_W zlQEe$V{$MV3|~K@=bYZzZU>B^s-%)`DB;xZu@7kUJLK(${JB;VUEQ4=Lvkin`Jvi? z7)yS@v*M`lyFdoVq<5=nLcRYQSWiPgc_e?Yf(hpwR<-rLt?f(re z;+z`@XHP2@C2p18o$Mz(k2~B}zwZ*_efIfN0|F>&;MB!E9X@sA7OwF9h*`T{UrDwgLf=-CCcEf%}*%wH(o5*su&lJSJ<0l$#hM29GbBeQUN{M8;OJd zodi@+>s`r{O9KX7u951NmjqxRpqIIzIE{2l=MB=G?8m^@`4pYsr}(5CR}H+kTK#Q{ z``Q?^X3_f#z{`FYbcA<{lgghlnSAWTKRX!Ek8cES`d#`dH0S{F?|l)!=GE{*IY#{? zmEZH~kIlzJMqmLQN~Fu@2(tMfY{T$(_vkIw_{xSx)NShrML7J{&y)4mVvVNvtMGg- zt+ijWso%ECtfNxPBM%;mV0!H1y`y~IYaIR{hQoXSYXtD>{DChWUco0@O1?!UxhjBM zd1zI84DpKuwSiCgLa|5j;dNqR%zdIOhH`*Bf*g!Od%KeXuNx(yuPJi%6X6~nB)if} z{4G?+E7cMeKkAuNpQ74cZ20v}vw{)|kKopRPo|*Rnd})hfVZ1$lMs&gczHxne}|u& zhXt!<_f>}4P9$gFfnCt#(02ToYInAID5ro$O{ciCWd@e6VWXoFB{B;L!UUUz!sG@z(nv4 z$S59$6+Oj!Qye;uWDg9z!!3RHhHpM!?_Rg{px1x>| zxeDxgfZ~9ASk2Dcz!Y79R@e5uV+GtSQ1dt)S5Bqs^~W;cn~JL-xInpL21NplbyUv{ zwXV35Sjdl%DoOb0FQ?-igp`rCbWH~pArvA$2prMvqa*GW32Hbzz{E?XFQ56Nf+p1+ z`6=yQX4zlme(6UL9F{kvMUmXYY|XT~{CEr&Did=;F~wG5Jfw>(jG0}`X!|D?L7y_I z5TS5zDbI_MWvhDv$gt*&0!A*7cz!G^gQGcrbRB+6lZ*py+pz@)9;*6BNZ5qQ+?l?T z;^jo*0jX_Zth&j{m@aeK6>cV$Hb%g_2JwNWWlJ2fyT^Bya8C%Cg?&H#e14 zsv$tf9Ma7=2k7j3e~GeW%xw25hCsl0Dgc6F8+ya35uXtWx4)On@l*Uxe5Il3N1SxS zg=cV+?@f`R7T40)0qH3hH5bw>MZyCT1fH4g0Wuef-KslZur7dP1c7gWUP6W6Ir)8k z+0)4HGVBPyuk_;~ZLeUvzZ7e~$i}{_ozgydE<94!P|8e5_LGO+aq|3!Gfv5b0;zpR zxoFR}AI{#W4=LXNYMZNI`osVIvqS;+j)tf1D5l&~4`{rgMD-l=bo_r$?yZ2eLBh;u zs};i^@Wa?P_J!5VLhP5q+2)-$z)!>z=I`DG{ATfQ)(%bNt(@s1k#_1Hma zX@xH-?fCsn2wy^C|Ay1J4mrrZ!QZe8J3h!E=2;!?IB{Pu@>chg)~`a|)1d%eo(i3# zNccUWD;6n26WQi{S!j}Vm&^Q|***~CY{Nr;N6$5&df%rtFamR5`RAV|9&nA|cR0D` zu&6dXzR!3t>?!onY-lQw=7I+xm3WM?809a$6vI1x^FR=b+fmVVh-Zr& zhL28iV7z}hA0V*ZbmgD_`xL{A+UCuhiMAToLM5h{7xD_oxM)sim7@p}=Hwk7;yH{ahR z_fG%>SJ_g`4Vw|To^RcQ$Szk2y8A-IA(MV3q&HCk@BDCPQREXz1+X|?9?ey6iD>x& zWFnHzZXurxYxo}U^^R|0_Kg_mcvXQ_H2|0%0Y9Lf@X80&tZHK3V+cOV*=v9;H7los zLgcQ)(?-j{zZvt1Wm(zQnn7xl7A#60{)ihF^;Qa_IJC^dt`#_`;(eaq^C$I6J%#+k z%NL`D!t}kieI*ge9N;cJrRBan4@%EFC?&I>!d91Z)~A>#;c*y1JQh;|w19GZ{yYmC zGD{ePaDzeqrM~X07Mdny9OvE$f;ysR@!R6%%8j>>V7~-l!CXr@L92IneVk`DM8SA& z!5X4zMg!(4L-m-CXqSy70VnCvNN_EM4ml;|`!4u~ENVAfp1-%AjO}N@=&Wnpv==OU z-XeZ>p7#YW%N9uHxU3#z(HFFBc3}Bq6|jR7IcaCL!#e>NM-~nwu_w(?RPIHNido~I zv=VHt?q~R8UybGIC^$5xQCNmMjeNFQmIe<_GbIAs(#HlE?EVG%m)ZKbC--$qD3*1G zqLsj>u1g_l7ycgYDpxKGzsLKFUvVdltOeKg*#_*lLQnqrN|u2!uNRy?P~d{ZSo+zf zysM+gbA8^MxY(8io{a|(M%w8GDN6}w@8Qln@MM06m->xc8TneiqA0I4L@S(_cC+4M zc)>593TF}AvMk4 zEz+1G?9A^{Ms0N0qc@o$%F1i;^CIfn>dS)+0FM?0gr4PYs3O2^FAR=U%^0@%Y8n`T z4NIZC#xVf#*U=L`0oJHahYluxzL7b?VBMnm&V$FjJ9z>6os)^G6~XETBa8Mx6<|;b z0Q-pz==5Dk|5dOAo-6-K<+rpFFM_@tCTp0kKvMq1(Fe7!1o4wl5{vs`K^`~kEXhF>@31rv}5 zH1EFY01Iy2t$C|Jo|)if1(RqxU;O&-sQq5ckkU1C?krG!by`Bv)|cJkPHG=y(xMAQ zXbJY1lEl4A(0%BVezVQydqzz7x{t=x$)fIQDo5cl^g~~kV$5Eh9qaC6lC%^?et_z2HnoY}^=jFTH}`Xbu{*Kd6*)3G^tA`TOu+Oc%@UmE(+_cq;Z8kcaOxwcNM-jq-c3_1TxWFXdbm z5(98xfvQ186(kkr(9~T4W>&imMGE2>+uOYJ3JM3{SW-E!;w=o5kV?fR0-~>Vtxo42 zTz)>$7}~qQROFQ4@zLj51<-iWF>erm`yL&r*TUt2-3S~@McSekKFA*4`?Cb8?Wu3% zJERnN!wP`Ub$q$k#+Sn~-BXAmv{HDfgxO2{oL{EQ5+AA`!vzKIs%CfnV?2-X#)aNX zq!1>LXiwN!zcaS-H`M!mQ7z3yXZ~}QRqVg6Y-;u*;sh6icQDA2QAQ;|<8+|VR(VkP zYPfe6@`PvcyeKN!exmn1f*%=_T8S=6*{9IN6QJv)4?4L9lro<%(|96o=!8NdJ{q^5 z5fbm;y*2*P_lRc$5A<1J-tqaTf$WHWg@e|=s!KDUe$9aJpmENyvArIT%9g!PgCxLQ z4*l_)u;Z?bCL9FXp*_zf(EHs4N_>Jw0o|{CMruBkKrYXOR~SD1u{J}so?r5D3mHpz zcym^y7I8k#wG6PchL^49k}ib~q8ax4+q2`rA4QWBtd^NraIeesQ33%{7_l*?SLBqOD6XafrxS^Lhy5BA_2{2-#Vj$*86v# zjddpZ@!%I+s2XglP#C%Xje8-bHS8Xo8@Y^?^(i*;Ve-i5?Ll)Fl(lT9xMqP4h_%YeH6$P= zDeGZ++X1pWl}!bD5gdR@!fvVs)?ttBgYG3TXl^zRySUYKtK<%gi%d~kqC#sQk5QA|H;@p7`NE4$ zyqy{#wBUE3W@ph*lXupAp9?O$@Mv;iEFVLXK)>i-+6d+(pv7D`$vv03y8fxH|JRLS z0#Ae8j^uNI%~#&!oy;Df(>cQ4G7%N?c-g>=!$)3NQ;L6<{y1s{jM&=Jq~!y=6Ba7Y z)cJl1HtHry=42p|*v*1Qnh^Q6Yh~+GW*B9E+&4vOKZL_J`tZXJmyYkn6T83YIL%r7 zQ>BM}oJX_C)uTvQ19Y%5=oj)%N~@s+t>&3F$>W!d&=wwl_z4oJP*kJ11rF2a->YJK zw&iK#c|wMBsb*bhYKc@!d0`;c!dg^%Sw;6t$FwH^ z5rD<&sl!l)*Wva3YSsDzkMg|lGtc(`F18`Nq=ybD0-@<^fIX-V{PU<}?*z;)`vo+M zdfzEvUQeK3p+hR+R@L8Ddh&J_>v<3;WS5G%6Jb~rdEs4LLQ|1`LPz~Aqz=5ot^_u$ zn}Q&8;qKolrWu*I*PTxQ8Yb9S$}iET$5)C#7yEMpo=dO}nJ&c-$XAJ_gl4E8K9hy! zUo1{n)#4^ZtZI?I7t5McjjBHvm!ZciIyS$aZ4C|$WOUqLJ^jPvx|%XMb5B30RRG-Fw-1fVj6T^Xey04dB1AQn(l*WCH*r?SlkySQR0z;<5`=Hh=<1az?DVVAch=h{KS1<> z_j0jReVO!%bG!t>%J*Vrf&T_37!GS73011-{_<`C|4N4FtO}n+f9+f8NMgPlp1w2V z>|$pDs2#qzc*Uii8jg1!h}miYnS|zza8q?)noEb3yy~o2*%-s9w2GP|0x_pUoH)9^ zU}hp1YFYHpPrSx&tLI1khB!v)*ytno#Qxy3^_ozXWw1Kkoedi!ZQ_dQG?ZI(cG=4Vx94Ujc>%$_zy`Yij_ z00TKeL0M+0$mC9mmw+kkG9MjzS|8ahC?^gx{gK2&+P!Q9woP;N7PRG z>IE_b3A%N&2|J)E(L(5Q`uR7lC*5BJ&`qTckV?hH}^|zKqaiw`2^L?R%KCgv14!ZR!0IpQTr6__a2TGU96puZ= z)0p`KvCQ0}HHv`mA+ari`*k&INvY}&6ZpZfBzvrj`{Lj}=Jy^x9&-=S zPj+?b5sSR25vEHd&W&2;&3z7SM|N@deSo^sy_9`h5Ll!q3(A2b^t4kl)r@WD)7^Nr zX!>Ft%qHei&&XpsrV;r7FSw7+Un@K^^I`(r@jz#9FZ(5;oNccOnW%!se7_^hn^>rb z=9X#L3ozHM4kt{Qmylv)c9~^i!mq%uuv&tGrBj+wv*0!?Y<(9o))8b9grlYtZuV79 znAa{IXcEhHJfSw1-B97PJPYg2;wWSraDj0FSfZtZY6EZHX^mB3mWK>cn*g0SvgWIj zzK1K|kwLqS!J%Q)QmL8hvViX8h-o^FA{=z^9?uDvy3IMBjjWE2I73@-{oc_GFD;bK zD|~y4peotkIqSExo)^U7Q=*v%3X;h1m_?C*(a6@LMR zNyq=5pzlJ+d~}c32Mt`DCcl}eLp21CZk23!L7K(;Z2?uEt|KT$BJ zixJNpRo4%FQ7vi&>D=eNsMA^VWwYIUl7i5=Y)<|xXmw4s9WFv9eqtyF-rpqHKXYi| z+Hd5%G(31K_nP94f{b<{%b>}h&e00LZHERM>VlP|7mm~f7oY0)|E36gy6kCNTQR^t%sT~A4lzd5dg#0Ljw~D zqshIacmk#6PCF@(0pB*yL8ZdQJD)WO>~WV)djEO=6zODSL=d&+Y;~pd`yrIu z(Lzq>7~;2G5pNS52oEoje{bVzeA?9q43v-Zn5sW9Spzzft?soChOBlAuaI(KG*sG4 z7V3)npx_@fF4)P5-Gw-{@cob;`St^K$VOaXRPy0{Dzk#OGHSe=Cy1+lzg=B7AL-*) zpGbg@-ZP0xd`<~*P$I`K zSI1tUL~ZI1dQ2_a-T=1x@Q6cok-Mzy*vT2(^^k`Pg3LnRhTdE9?2HKAs|T%n3U($E z%Yq>WV|rKcB1)heTg?xe6wnF4o0AW=erl^ceSLJPh+!kI>SKJ&5?RnhN=_AW4_oDc zGNVHOfbYq`T_Tr=-NSo!v?hwE+9i%f51SR``XK#&e(PlSV3IFWDfR zmjIho0a(_NTUcg zcxdE*+Oe>*JwtzQODs#&XhT$9iB2+$rV7(e^$ybjJMEz5dplTlVOZWZ$m(&~&nT3}0eYiXDw{F{cz7kGj5r|%Wiw}$@( z9fWRzfRg2)$)*vm=#rj;hhJoIs2^xz^<}>@)BGB%&>_19&Mq%1?EZGRLU4&Fe@UEY zy;A@K2hGMmD<~fjszlYp#6?mZV%MWR<7b-G?-BbcZ?J8E z735CQtP-$Rc3^|lDj$q`te40*oVJcK&{ST0m7S`|Q5M|4?g5k!}F9q%^#3zrk<6CkD7I=_qWbRvvuE+@rUN8VN>iqT&)6|j|E zN)IKZGrvAb13(*;CB;}G4mb)_a`8h0uJN5!4U$P4s1LRQ&zdG>h|wP41r`gOsi1Y> z4blRd*R+v?0vS-Q2c{sL$h8CYG{*Kstl%Kuf3rG^D-4b^+B<$&)AJ1 z#7I@hGbo~{(Y#k89HYM6dvX8b^2$ZTM>H1B%SaoSrXxFFMLIoin=G)=sjxm@o!@w+ z=`!N5tPRK1xqvgY``=%Ej=}j^BA^DoWg+4h6LPfz_$k$ z+KH26{RxHJPs&9;2zL~pE)FcemgnTJBG)Dr+5YvcB@`cV%V z>*}GFi~PxSF&Wn(Q1OJ`J(@}uxbDD7-|06XlxQe|(N`&ZQP*K0R5G4K5)*AbuS!}e zehlSKG9nj^fBfvLrOfFHWshvhZ_~{y$OX^0xfftUm+PsrxG0=4dZ#QhB?kJu@1?O% zO`#cd9Ci;%YV{GzQs|mWiXy3YiI8Bg@O7kG#2{rCFB~LQI%$GzNjmU=5eg{PoUi^k zEuidf{^Y5CIo^xKAX5tniyoNi>{av(btcAQ=b1pQM)I?;^e`~J5MKJ5>qrbU9C#UwfdTvLl~J;^hy{ zskl+m7v6ya;_K`A7i5iJ)F4p=?#jLV2=|hAha&JZ;+FdhGugEB;d27vEFVCz!YDz# z7ETVIzRIE@+MV0C&j*}X%%Zx! z=AdoMYTr5}(q#j!kW>5?9t6RAfOn$hOlnbOpzD_LItE}h6pESOBt$GxX}uBJ`q?IL zUl5Hh=sHi1E)r+jYrfHE380l+Sfef6ic`F$uB~>b=0;iW)yQv!V+{i28~A%AsHB>I zpKS^23{fq50TwUFLjh?huQmF5;8!+_c%6~5xvTS*Oc3UB z^;>0EAp8m2I{MX>9PmIzfs1PJcmBw&fBowuS`J zPWPN2Y?heJJvRN4+Pw#j@eSYvN-CK{AFpV_?pi4t&0p^&jB$5?W*YK=ja4^7L)N zH2?W<1`>#~y%q6`)nG|Bb)T17ZhsL2V}erL0j{oc9EK_{n8~#KErd*UHQ-?vmYpix zT7Ca!;N-nU%9qhz|IlVZgat3<=gh6=)V!7bcc0*;o){21xSrUBvV{@Hv zpR)wc+TAd`Un~(9GQUA(*ZB(G$6%)~X5GuXFscFpDmeE-?Pcl^Ya8f8hp?eAe(M{2 z`1)@j#gAlYbd!M178ntNWsw%@5a?B~)SEAP#5>r~!28km0yvesZdRllLtrc1P{d2=J(;_=12d4J%@? zyqAGI7v6F!_qeq!c_9MNfEWDog2pvxJf5l9ZlX&s{Ij+S1>nzUSTf8f8KROpeI&Bo zy@g#3|K*Z0mn;Xcm_7++g1MlKOkO+z;xj*oudas&QU=)L@LOQ>4Eg1u(#1=4_I*a7 zxE&yMELZELyWyP^sb1WmXh;ISwpaAGO--tVT7oZZjx!QYUwZjdkk|Rsz2|@f8&%_1 z{@k?_Xc4o|{6qM^J-pW|OL|9Om86)bei3X#ob~`Bd>d<;kpxy<3pCNd8M5Nds5mv^ zH*oe}!}tq9hHu{`%vI?RBE|qF4S>mz!U5|99xN>=7jE(FXsR(G*8%+M-~_$~mTus% zME;ugv5mEOuQQ~*Kw@M3)gUKuqx(*82|O}hmp6$O>j%1SHon_s#D)i50ZaG1q2iis z$%A2^&vI?B8P$eap47XDL%r!96ot_OST&8c-}X9Yy*|(Uq@g+7Ytk{WJ2o1n%*nPcwO&6^5{2g!G;s7lX>;d%- zhIlZBpXL|H=RZI_aH@RhMcXuYaV_#jJi} z6*JzKUgo0;L0&vF{qgO*)D!gA-mIxI$>(Vg!-7%ItYcn-a>BZP1|8<--+`|2KnLU! zzh?%EOkao_pkfV8#zANfG^=Ye=~U7-%HNYLyBerv>GJ{}+P>3q76T`+4^nk+e?hUl zAN>Q%`Ypv%-7spN~q{UjG{$3{eBopxVxMF1OD)nt9nZMzp5Z#A&C z{0uCHsvOx)rTTuEI!08doT(F(Z-&`?Vo#iX+UpN(bfD|Xc`buJzVoEA1p9%qo(OQW zJM}S4aMk4I-E$cnH&cRxC6&KAO_HGYEOKrk`U$LmtuLtYhgEhdD9sEuf_+~GnX`qY?4^ACI zLDMTRA}0ce0zXM%97DxzB%ax)FrZ2reUl33M-V2aj=328<9pOh3E=LmAt0kWmprZ% zrv*&_U&gDna^hWd#m{sKxD02PMePPc)*uqv@5(%4(~y1+l-t0>HBF)GqNuY>K4C`& zO5Fp!g1U008TX`8lRNdw4O(gC)joRTU6l2s0|4O+&)#NqD0gFJZNN7axWMp3*v$dbmG1{1H$|7o^+lCY>5Fs8Y919sfhk-*jB^mP;_48W- z@hC@Tp5v2G~E7R*BYl`txlKTg|x;fN% zPOofLrx)EutlNb0s*UJNDcCau7>E6J0~P8P%r=i8s4mUeL(1gy>V4vO&OWtT!|N7* zlr{~V-|PWBR*Ui#cX|zrHdFpKPq2~jes&{mO)8*PcmUib0(TJ`y8Pd_;So*(tT7oZ zY_lr3w{rnQnnFyfudqN0s#EVpOe^(o@a;h$({iQ5t(9zh=^zr1!)TT~w$~%WEO*~Z zknWw!dW?f7^(QOi#Lb>ORCA!b3qn_)bjA7XC=22gH$>?N3HBxc1?^l6Q8>V!Gvb*j zi9fUswBSNlEZ$!s7qQN{?{Sc#u?b>^WMWyh?z`!fA?I7R`Y%`-0Q}0*j^a)7muX(3 zxdJ&K;Kua#Mau&ce4Zb1DS_?yxig^Y5$YLj8rgQ`FYBp;zCmV!{_p2-MRkX@?I3#( z+Tq#p+2G~(*yx%t;2SWmJU&l+NtzNgq``PJc^R}ENa+VQiqi!g0WiTs4N%GWWbb#L zg_rhzo$K#29qP&uy~OL5{?mT7+phi(hTX!-ze;>q*nT!fxjiw{JJbn(cB)%eR%$3D zc(*^qYoj${FxHzB1inaRZR^XU2 z&3LzR2wXCMgvf(<*_*hCq91^x96dOsoh zNHwj~8htfL4p)7IC!_^^b~PGZ?{!uHW;B82Zrf1in?wQ4(~NO~^Bxeso`>>alZ!fG z_IQ3rpXPl^cg}Q@sRups31xGtx0oDV6V!n z)56snmL1yNjzu`oaOe5TTW%SkkgW2~280a_d`Y-Yb&(YW=tzV3Y9d`)WhS`00wSYf zu|_UU;^hJ-Jbo7BCh8uj3XMYZ^BV`sa$|R8VHD+Z_JntkjYP( z0cHPgl5K&#HJlfG9Qts3?e!#9_`L+OzZGzxSL=GcT*fj09i0lajW2g&!1$(jEu*1` zDC4lMlg8ot)pInos45>i@94%C>M=xDG8p0do%Uu`sIxX5VeH+#_&*gW2t40Y2S$V; zGAA<_q=MB89Ww7^+TJ$cSqQNGIF6y!IWw$#Re3?07(g=+Q-Y!H1LV_R2%xm~HGL_= z7)HDaaBR8a7xUSiw>Em=II>9Oev+#1Cd&p%x*JVwd9S5nvZftWIvMJCw z1ICxG&ASbnI+hH+vGC&RNkqR|j1HD}9>?$m!6lm7h{E{B&(&u8Heh-m}Ia^5yI7Qq8e<1 zoVG@jJGJwl1U`J}VgUo70dsJs{~>od;OLjsHI{QWHWAQG38>VJbu|_B z4(xGw<2N1KBLO2hRw%;-=!_v_K+)Xija-9$5wL=4_kw-o^@*Eq#jI=R@2z#VJ3694 z0->KNJ9pxrOxZn3{dT2^q%$cd`v3(?v%VORYegVhVhg`&FC8?hxTa*8pMsixOX~P8 zS>Xag-#A9dKKGXx@h^Nhf$LG1WNn;9t6@J%+ zhX^e6&P4LUa+ajsO5<6J(|7O6*hf>`O;JNa`45;Hx{rn z4awVM2|kITnEl!Mz?@fxBFIb|jMkwOw&-nimh;23z!=v}iyAr@?&hDXGhGJ1^zE3+ z0444`HA#>^(gABg%SVsFqujRMBe6^(`T%)J7(b^AaK`LlRvfcbrayP^W4sX!A_J~$ ztbJ>F@IW7ax0LgeS_#lYlz?L{|f) z+j%_zMfVCap$^tsoNDSUMQHwcE~+>Dfq;dVx{nFK)bkM}xu7%1>@5KFO!7|*Y-Uyy zzTkJ!M>l4I*fCE@HC{lbfn@#8LHtx@i|2In4EgDCDqq;;jbI8)WPnlx14q55TkYXv zN?({SS_2A>;~{lRq75;QWy=dLApM|{oi*e%-8GY$ER9P_EjE$jrVA-rt6L1*p{=JEfVJEJzI`!yFdj&ljt3m+J|oD*rIcdJuCh=yjhCyY z8-!!-irf6?fJTC$j6%Nb$EtSln4YhFA8iwDFL6b`mOmLTZ!*lu0{t{HDl|8r%{}gz zR@B3wjv(IgUwk4H_&`ZdCwacZ@iojLJh6O(u|JT%QqVhY7&he+k3k%*O*RbNaD@~# zHIafAR*rHJXj89dL{AWarC1h#sKe2M@YD=&-6e5PLvj3sfX2H^UqOFQQBRiCp1I$C z1&Jx3KFr%J{?j8;O*&{^UGRux$@TmU0J?W~jucs@Kv57Pztn;}87>ERFqpN&g|cH6 z83Xzl8vNIl-!0w0)f_)|V<}I!RX|XAAffr{!RuqSilXsn=?Tc_7iM3Em2t zNZe=T-B^++ImeI7w-~N25fGH|Q{MyS|FT!3wJezD;+Y3XT0OorZ`Fgdu5opLcm+Lg zA1{4?|H(*24-sA_=q2M`hmurdJ|SmbS!hGn39U78S)Ux6QD$q72Ec7RVF;eypU<38 zV)xzP3OHtg^dNmp{<&9oNkKW#qAqu3h;`_;o?w5i^4Xa{SwmU|5hINkK{(jml$YYi z;OW`AdUPTl;1WL5hX9BYD!o^cSpqXlZu&H!KE;++inVdhnxLSXlW4FQU(qm@X<-Lh zWm*I*a;a0^J51=5DU&AU#J9&+0zf`|%-sj1E@y9GBc{AvQvgqv2xy6*r3W^8O&s{p zl;xvb3%mCc|Ef}YfIej3DAHXQ{i#$7$Xc+$2B!cEdaYwpa;7`2e_C-lxe(tw{0k6l zQj7}Ukq!-K;!22y1~ZD^IX$qT3SjNfU1;wf;E_V<{*V-}$3t)Om$AUv{k8b`wMsXt zj%~=eg8k~P@-dJC88I0`)ti9>lC#_%yn~rEyk$+DADC1@jr)3Zk8zbL88M#A*2fxh z*h9N7ml34P8?T@MtpYl-j>kVs;SJtwy0fDky7*i=zSH0u@nGr)1{KaXeIMQZbyV+= zqXwW)piC@i$ba4AWeihtuQk&8D(T-j%TrMzZc0)RcX+vF+L8|Nt%Jfx@MBTTH8vEK zOBnpTD8SGy$6dBIC%LBHuQ<2edy#-2GYy8t&GabmX|Wv}Jq4}@yt0^)GO=dny3?8B zo(drRLAyZ17DDHfQRszZE&gluKl8RPG$q2pGXK_s@60_G)bH8>ptazQ1PAy!yn@k+ zk#Wpx$}ba7oGYue`iYjPg&24<4E#G5;{iVFk1{K2_B6kBs^HURrhr&ZSgBc zw7?-A^Ps2`ihT$yjdNIEryn%)Sdpejf+$UPO z=`e53fM4%uN*=?b>1cHXB}>cvI6}Y8HE93dH;d#9{`U=h#bJ!Tyy%fq?)6n!$v6@b z9DrvWG|*)?4fB|5vTWS+WSz=!!VOS1Kprs_J|>Vj)ak}CCCUoRC-?^B;(VVOjw&$< zN3$C6`7G8HD&-(emZ?_aVX*OAcf3d=(*?;FVLRD7fbmZn3Y|}r2IUa=lMDvxvmGhe zrbWU$z28&uj(&*z)f_(0q(eEp&{_#cYLhsu-oMnZxcqgp~tp{KX zEb`<+DgIQ%;6~IF1}G#>FI4?9(A;K0m4E$3&*EW;>7Zxs6Ut&)mPK#T%yHwvVEziF zkfOvOh3EB4D?riiMM_2@z(UA7=7xSqcANbl24u+}DY0n+yAuA=0d-4|z?Vjrz57Aq zs{c`6N(ku6`Ji9k3UgZ0L~!JVD+Vnavg=atYOp`b#XJp^82v!Z?eN!VvT?Dnt=T7A z8p#F+%gOZ-Chlumize)z?9ILwBmT6oE5G6_RS~lOY zgD<|_IR)MR<=bb9_6q|1E8E%YTxmc{6JFV3NitP@;VD60L0bhhi6Wl2_5Fu3X>BhO z5dd(!o4!zXMExfT5*qU^mL5bcJ3<{I#-0~+HCX^qCPbh6$?{Zb5Totq@;xoon0iKu zSMjv|x>GKn{V=5vhcu=RIBJF_!*PDSei4Bt^`+wZ;TDvLD1)G2fx>_wZ~jBS5lXZk zkUIN}G5wGUz4RA60viPqrfUIK8)|r~2XapzOYHJqTrr^WOwRIaK(BHHjQtOLjS~O!vSMKXN&N&O9V{vUhPk(FA#6ME zP4d1%-^`yn{}jy^JfwgQZ#mp+l1w&WKcKbcYQ%!CNBk^U$m9c1~? z0bAmEzo|;q zG%I*0sy~H2J9%tygJ6u+;r!1>Z>|lSQZeO3vvC#axecVakU*>enF~+LHFH8=m$If9 zD)>~KBrd}afP#Px_G5wWhBKgo4b;!qlZ{$SJ7256*PzY|boUqmaVlA;I|L4d$38Snt1HgB=U2rTah^{j@x1|ujmlrm<1f(52I{0VqHkD&MWIfHVIpB7y1f7!lpX&zJ= zk9$#{x~N()5Se}HX@tFQc#SG0u0;yS@5n0KRwpEE@0F{JPn0o%{QoPt&QLc_zQ6wr zc41dy*v1yl+#pJTluURqd4xlQcCm$iVEOORZgnCLq*Yy*j64sixstel+lU{MLDp_Z z#*ZM6Cc04J)!(9-AO_JojpUs=^pwDFG4{g20F!V4iTgRw+MJU6@T3Pm9y!^AU=Kb* z#wl{3xI4;ykU*~)J_vgP@DWW+cK~Yw2T<4zaCDP z)o_#jouu(ge=&p#vixOQgcJhE8)E=3R1m%HCv+F%Yg1!ysJP!rZQ{c@j1 z6Hs$cg(Me+QuxIoY_lco3%)`sCsUWkAD)4OAWff~`fLn(*n{9}eOGBH@Wh1!7a-RB zR%S~Zc~C6HYf#gUr;>V!$&+jpmGQ}!tOhS33mHKEQS#4p1aLG~nPnq2E{i*MfC`Xg zd`u9ChvR8Ec-Z@hiT8Q@`GKNFY<~#i>pzp&{e5tN{USj$5NheJ3EtW!O3QC2 z{(?r5-f0{gG}3*99d92sLfep=qBf{M!$W)v(0=5H9s{2L_0A8*XVW86(rnbPxZbR9 zD)Fq?t{Ug@R+iSk40v?^NIJ7F$Ji(e|0RUrGKeXNh!}E*7=xH4etmD%YxUP(byX@O zuk)U>_p{%u0ylm)6qwSE>*a{&I6rKLy@jKyiHLAnhg7uVcW~8S4d-RVEEe$Q^U?QN zpC_fiIF=yWOtwzd2k^&zcYw{8%;hD@LS$r~q`owNIzL^__@>Kl?v#g4?>!2pdG@(4 ztdc-*#oKzezn0A&DM(LAvOEx%N3E&b$Jj7E%xT}#6Qp{%^z#q6) z*|d1%_}J`gw)_|>ek;trZhv~zhNAMshz$UE?aCLCNq+(W*|zfz9k13?~14NbGNV7_$A3BZ#fqcRl?q`wGi{%<1&0DUKFjf;ZERXiF9ajAdWOHB? z{&BeN9Un|O$N>Mp2itY#z45ihxM&Lw1e_BWpw%mUuA+FOQJ?olyq7xWOK}XW$`6rh zj*{&TM{d*h-EhTX5$n*6z7fKM?)+p3&J}NJbLRhK2SM`$fp^)4x1IJTcBsRtpLq@b zDEWo}l|#HtI!*o^q`0$d9#ve85^u_nr_*P%D)p(7YsV|WALFb~2p&qFaxF?og2`D( z>GNIzpJ0j~1DBvyXwmDe_m*N|+pT}nhHx4mZxiLSlf3`L;`KH3`s=0HKQLZ``FyN$ zOmo*qQk1g~c8~1rJJTWOQd1nFA{bnQ`h2!QNu4lSlS*?KS<(pKmETw|P99 z{?mDhD1kNkR}JVV2)B;|5msRjAFUKWC$visSL{hY1jXLDcQ*;Pd)3+WIQ>w*>_<5B zLlOuPR(L(gf&AtEbi8@RVz*g$*}KPcskOnR0?&E2-%6&D;s(BjD$6rkB1rQrAWpqaw?Eg)gd(H^n{xrX7t zv?EBQ4GtB!7*G2J2C+=Yl=E@^2xAmF!ib=s<5dzfS(l!j0rp?je#j80;*}7Z(WkWi zyr4QKoSNV3T$CG}&*{;^)WD1__TF&P^jnkLozdtpnCQRe@>7yY3MHY;eQ#no(?)gq z8F+MD?_QrSj>K^&)sc!3X0F{9+<$q6#sCWBPfPsf@j)G>yEW^p-H^!zl#Rza6#Hj6 zUp(nWj^EIss-g-x1Rw41x1gTl)@5IhzsmnxbC>C9(g1}n4scnx!L*r1azlSx6AMaT z&~>Q0`#bx#VHzJx)LC-=z9VbMzFm_C(ixnUwwy!M9C6)=^?Lw;6K>;Pt$^CM)U$+$ z8xQyUyD$Y#Kl$*;z^yxd{ljR`#E-|=N+57Xy_HS0E#mW)?81t=l$s$z`KdP?>Vl|0 z(oZqDWBq(F(Jz$K_B|ar*)mO!~e$2`-ZssW?&@;WIBVdCc7gSpqFF^%}9cKLi33xI>{ytR6# zp8^xCUKnt5yWpXgdwBk(yBB18{prowzN?(Z5tzB%!#lhWNEoHz_9mGcOOMcwmyJ!c z)#u_nB476laxXSxK0msHvXvV1^|)>>?cS8Sios zyWiWlg%3wY%oq2;k|)rg*Qp}Y8w-lB-=7z}`!e4jtDmP#zwC&*0yj!>F-S!O%kOVW zlGCXgNaV}oU#$5m^~U-hob&6@8>2&}`!S%~dfge~P&D(_G5Ho~4Z@-oW^xiZ22)Nu z)0l3V9(%5~#JDY{a@~s;L^p0o*X*X?`5^h4@}OV~1*3aHIlerkdxBKJ>y>MTv-(MA zs#}Wpo4C`*eX%$5jG&g!W1*l8-M?|z#U&yiJhc>B;_ruVn+T2-kEdSWpxes9M-M8w z(j1XhueM4L4Hn#tvG?*3MYTJuouUpMeX7+k z13gAdt7`=JBIVjhmg8owp6Wh&_ovR&+wq-?g$e56|I0VfW{Kb%8C7bci(`Vu? zRPgLBb=wePtiS4YKOfgx+>=MHw&tkK?Z(DexZPbSkwansSFX%46e*c9h z9HcTQA>8CzdXLuUrOKg@v`1r!TJBf@C#vjgy-1a7(79; zcy>9@he-`>jzhNng#BKS)u&7-XBxlkDFqTBeKbL8vD&3i!CFn&3Gi23H zZz}h!x-Td=2?E#bV|HM{8>_(qFxrN0gSYZL)naf@66Uz3h>!F~vj!-*sjDN>TchiI zEv0xr{=c);pK8(@D9GyztGi+MBpV%FCIP;HxtLKpnf|=#Y+(BE+cT1oJ-|4;h16cJ zq0PZ1U+c5Y2rFngC#~k>St9u^w2Wi-ECURjiZ2Vj`L8d>CaQ3Fp|wTN!U^hmh!f}F zI6fClCeO9t=6omdU9pJ2SM&2;#|QsG%^>%Um{yP150(}4HjuASibU+*+>%9xq$W zOxOY$2-ND}%}S)kaw&L{?Rwc?3%~C&jc>SzyvQ*>eX_=Ms^GYJ)d;?Idk&AoVR<%# zwlUrNtp*}#+B$V2^-^|6&}kUyIOYnl_u~Z439_8E=3omw6JR4CBbx#ado7GE-9E+|Ml?=kzv7-dLASc zX)^9$drO$c{UWlrHUx0)99))oaVH)Dz0|hp%o)rs+)fFP{k0>-hQt1h_$9`PFy$Lz z>)!nmGSPf6>WFm~vo%i?<4rgJphkR5ZRP@xWr4)miU*=42_ZWt|I|h^b` z{e+XKBYh}pWyIGTDAgvlv>!tcP5!50MJxk(4_#&WhC3W@ z;ZCCv=pz(%{GwZynQ&@oh}Ty6*)8+PN%JAD66cnMx)=T&vK}uhTKQS6Al=q?KW%du zs>;No8hg&?UEU4?5|XVSU4JSuEb`p^-org0U4BQG+knk(B3saal{dVYQ&BG|xR28S zuL-rh$WI*+hO?fbi9GUmPZm%Yb=DtzD_*i_F8bqi(7>ZN@*t7UK13vs@CCfs8KP4J z@FB!OQQXJuNidPG-6KVVpKS<(uhsG-Ghp%rPw)=u+lXB&bFV6ZSx+}X!Fxa$0WVW= zO_GTjL7znE{nF0aA^p#DgJ9}wBX18ketH}}z5Bz!=K*Yuxb0(pK~2jt>`^g3zvsr4&0Nr)u-4e` z`gl&dEb6X_#onOnEBK*A@z>pht4Vgh@JO^rk?}v0FdYdiGAGP>^1Yqi9w@d#%ER}8Sd-$5$kh=&EiT${Na6KByA-g-V@%r2z^`kqVKY%;_07dmam#;o) zDYqE)TUvp6>rFZ-;Y{Ki9_EPT6QAr?m zz+j!Hk1O$tIm|c2X()3Kzp6YEN~iqeo`GrT15+P`W3?3)iYl6OWs) zaAeTCuJ673{k+PZuhvu2EG)+aa#k-Mfa1>H>Gk<#&tWKSK)B-Q*l+r}llf+<#``Eq zC^S5+qF}(p58l{e?$xxGUia(7+K<9_ig#DuuF}Yn0znXyG z1IVLhHBW_D{19GlPiR1<_ItlGm){o9NbnI%Y4Q*`rP?Lwx&5e?j@fC8D8R#s;T}JJWp}m=z)n{iL^0}P@7J%~#YpIPeu>m`;QPKw`pZv{ zUR}LxWAu1Et`+F!`Y{QV2vM=M1m>k!`O@>4AUgnH=;XJS^Qy-uk|YTqF@Ac4mRV@6 zq>vQ}jAV;)fLM}wwy~y4VPxGYLns5CCfJP^Hux;=4xTE82lRN%hSl{G;S1r;r9*NJ z$!4X(I;=_-`XdV#<8;!^!=3+2b-Yl%HzoRW7V=}bb*1NK6$5bNFE;I)iYGDP2+SDyJNt5oCx+2QKmFsZ^rQW<=5fsykT-rwC96=J|3}Sd`RRDu2e(j(X)0IRuP#A zW6cjNUwyVe7(MSzn<_ZtN!*sxy7+a@I6K%v5TbYaw@AQTbd2wsJx7E4v-o3rRcov2 zL65nFX!WtIDXsnPDpPi2PVEsA$f|-K=a4G$fS5%%c@TV!N>>qZbKTl4`}J0^PRQ@>!`n>y@8qP?wRr7D3%&pS zeUUDc__+z*-FUBW+sr6GeqwvL_T^-f@iN0kScX^au-PnJ&T(_3;J8#@$#$Z223l2p1U zJ`Q0#-09Yp?LCslI=OA4tF7bS5kBt46#zBV0kHn{`#KQCkPXe05z`MxgjIG3&YD^G zw4s2{3D??}*X|OjcqxJe=3;fq0jWn6M)S1rbR6f-7xQCk&_cyajW|1rHQv(FLQU4z zYI$2fztN~=0Y&07)ID?d%)q7DH`uevc#$P?K{1f&v#Vg+j6X{x(WygixB1XP^Y>W4 zb&zR4Q|9W$w)Yj~FU-LVvf)Cr_Hl3h#6RbIooz6Ak^j)U>f4JML%MkS3J*VijvzQ& zC89Jg`U>l$&5K{x1=K`?~Fo zQ$StC5B-a5tna5`nxsN2?dwfBfCuo|bvej_52mG54u|;fLOo?sIRo3Ym-tWW6Ps_y ztUW9Jf=0l@C zBf`ZX2*Av5p+4T*^bQFE@|2dW-q*dSapC9S2C0qewV9ePmvhv{+tG5z&Tvk{dd0CT zk1SxiFRNBV@k?kkesg`^e}~+f%lHh0e=MOZIzF@R@pahy2c=F+e76=lJHkDtsYfGS z^GWc5`VPvZ2n?Ef>M<5Qy}tf&I?tnLi$S)ZfYY03F2U3qBC<^aHX&=B!0%j=7af(RVYy&;Lw)S0*)PnNjv%BoXM%g(jQ4-3?b zz)`(#pPPu_7~VH~F7?=V{q(lO)5#4m?8K#N#b-3csmVYgi>UOyE`JvT5}m2s2f(o0 zkMbqX-%tw#2c3TnuG~AdJPqA?pn6PCOk@o8n}dg$Gr|)gM9Nw_Ev(<_2G}9 zz)VH}#&Jr1Guayv?z;Y-284vd^INg|wmVqltkREH5AwI7Z)t7+3i!)y5`3E}7zCgt?S{Lrajy7@Kk_6w9 zF-f?_NAc1Z8#Z)m>$WQ!!70J_m76KcwmgAn1FkiO`y*kd+}@i*B@*?>6dAe!N*|eA zf(bnNGa{v>_@~Qw|G;OcvZQSH#SD(qjiqPPcah%UI|t|Wu6H16VG$!dv-2T9^BZ?_ zaC!qA!GV0p{qqgFW)tbC#|2guH@8&pClKpH0(@vSR_Nh&sLo)tP8XqmOw3hL!7s>u zOPz1WTpr>~=WfX+vHL1F`3wHeATXLUc` zIcdA^f?1)3YI8oqrG?j+!U8UCJB5zG@^iqKPRszs^li`yMDNn$-vX1G*XjUFU4g z4-a;}e4G4ZW|zhW&`%5JQ~h)zQ&he*TM5PMi+EL= zbFR~i?LGB-iD0YRUvz4)mbfC4o1>k*F8IOs)*cHXbTR0~zf-&HP*kykOGO^tT1hY{ zYhfk>cnb^dNY`hGO9}k){Q>O_oz-6Zh4T*%{ zjYiquq^sN`u4Lb$GuEI&PMasY-OIT2(G&8=65!>=svJ0Wai`Cm^!#$WAW@K?$Bn;J zpJ(!*KGiS4XL$610aM-Cv|{Qq7-{%b*kMifW+^6D2lFE?Zirq!um9!RiI1!^4xhy_ z3-@h%Z$}vu;WL7zhf9_W+m0+t+bS>>VKudTh6x#I-<5wOpkl!f$JBE4^F1Dp+TVwK zdPWRntBC7lL1a|=V$$JYJwB}fZC{jp+s{VsXL2pv2TzhlnMDF(ATuLuJC!X?;Hd(4 z>krty{~#dy^zOx_uERn6hQLXb^yhd4pvGLHBDbs8QBoNGUH%T0)beK|SHECH>%TYm zv5xmwpFh8c^h;lB1^)fsBnc#&U&72k`~oLkid$oT_%$d<#I3?EP&gRW***J=dKAHl zeH*KO?7CnZB9BjB!Tol?#eV(LG)`@K+uxbQ+E4DQ`Pw$TOVb9sPOS~jLsD+sK-ZA> zwk8~PWh1h=J-5?BgXOa!DC}AAVyKbzzRA2c2B-VL^;g(|e81qh8)9pJ@NV^?=>p9FNgT{^e6!xyi#UCskwg0gHZK?xCk*7FyYW($db57Q*a^V>D7N0yIwWI zVTSt0E;I2w)>)2yfz1D13hWlTiEzUDfcy3wZLdd9Vilm>I%A=gb5f)-T63eU?XWxN z)*JOVDrFJA^Fo?6{{bl+w?n4vrv5G;;URkZzF>20*|QW$5iL%on?cqrXcCQctU)Er zc!RT%_%MJ5H*}{bJ>d!>8DAW)E}-cb*={l*hexpm<(=SL2ChneJQ^4`Wxq-(A)Xne?-cz1X$@g z1$F?})W2je>hDhfdO_smflGhHHw^!`FYzQlQdfy*OnlACUMTLk2K@Lh_W0TyA;3Q@ zov}Z4f;pm-|6=X~ylb~&5${y zkoV77cHP%+F&Aj)TE23fqy91&<@~+Ig8!82Wbe3VcG*Px8#xBz6OFL7X~GFnEbUC2 zr60h{oHFb-;uMxqAxRLG?=D3-r&QoF?GHlQpI1ZIv*-F&kSSo&&f^>V4mOSfI%gGP zH%@1-bxX8(XmhKv9VK%%_{hqk+*)T!1>*D+FaUNJp@AUS6^y$ZXf|1Ac$7FT3QoMe zJ=c<$@%b=dEE&y{86K`JMp&xiA=;_i&#rb$&8o>-i)x-qgZ$k4&>|m1!P+6Wv&A9R znzWIo+^_X|zc@!>-=Oy~zp4^VKkxeyagD>1p^=aGk@a3TopS}@O1xyWe_xDxc>0!3 z3aG$v%YFBw31t;|`^hww)R2zC8)B{L56La)hZMvE1lkwWZhG z&!hMLfI9!hh8>;{<%qEuSXJ|LMIbQ84AzwKho`0znmtIqlw5@rL1V(Q-J8*9T$1~X z%S$h(`{$(0BXL)yg#M=4-~~D185&X*5Ea&nIHUwl%ol9IjwCx!6Uc7SrFua((TWI< z-(QUS5f*1TTxG&z&X4`fxwgwshODn%u9oUO4j8a}5bd_|&;6sKdc?pVFy$b|NGfbu zUO4&mpxBO1{9r~~ACF0<`WYj97~wvRZ4fQ18V_fn?yP;)_KSg&vfrCT=RLb`aMV_O zg{S7GiFV?`)}dLSs5(1qG^VHmSBn>~*ZUoOa%FAz8s_kr&mG>OAJNu`^qu!zBhT!| zu*!r#e}RhSq^~TP-bjf{u99^341&DhLQFoNXWKF5=~hR|iyYnu8}VDHEaeb=k%oE$ zsG2@`1V(69v5fJ10qbhnX9BblFG@^u&H0)!CPSUj!vFQMO$#=H=viS7+VfDjmSAs% z8-7C2<3$C}$Sw^$F&Q(kG{bF^KIvlheR$$$-~?8uG`)|i>>k#ie|bJ%{lgD=A3y6L zpuxc*h~^zj4o|!zDxVblp-@Y{hTXeaGk_v?(4H`FAeEDeVI~E2fW-Yf_{&0ti8)b) z7S9d#L1%1KLYL!N`%1Mc%a z{3!x@)%EQDsB`RwVYWxcW;lD#NN6^B3nZahiqrA_#RG)RkRX)+vi%`&0)S}1x4yt$ zd_>LYJI?cE*bhetJ7`Txz7}t~Rcu zO0S|)#3Wf8c?ThFHO%-UHW-urv7AO*wxK@c!dKnqshu>w&HEQgJ>Ab2Rpggtn0>zi z{%EAPR={6{H(r6j0KUVQr;=^g(LK1lyF!s>#b|DC2mCmpsdaUGxogTh)ib$czOCxcUG~$Q<)H%pU}fzBJgizD_IXhOoB_FuDa>8DD9} z*6_#&?>qybrNS;(ILre_*`#EKivZPp`F(IfLD(!uyv7Fn0cXpdiOi%ad4-?3qKdVS zJh^t0gXi-`c3tfRYH4Gv@7{WpNOhFV&AvT`AKfAwj+654PI#r!U{GwR?}zpN`spu> zi|4zEKVkI?(*_2YcV|okCr_u1Vel$0vZiJ}w=X+i<`?Oa@~tKYZ=UR6VC9TF)870%prZhhCm8tc0YBWWG{!7YDw2l(XyH0bLrjV*A98;4Ce%2;m_M`E7G5w zN6Ms^*9q<6zi8-12*~dk9;acW6#tJFJTxE$Pq2YC0pOgyma|vr4L@?M7ko!S;L~K! zF})~}?GQK{%-^YKMK8(GQ1@6`S#BVJ0YPhV0%t4-R%mIzX5I`8z=qJsr#c^A3rNaD@c|0bDT^>C*muDu58|upK<6m9PRO4e90gFcXZV~(xSSkY zTIphh&w(?}tB7|@P)3fJjzC&7_uB3*FSTVqT(Gu)o4H6)W=~6H!Ww_-RtEtIXZEp;wR#TMahAQrev!2T+YbFj zs*^zr&6huE*Ts9=s}-*xGtBT^pxa#E!*A{7lKMQ~mq)Zk-nN&;#Hsk5u6fIG?X;Ke zwfjU)3G)eMHBhNLk&^*gr3tWuaI;zTEC>6Mgg=g~PC;1x-PbJJ7J&#&_C>Q2;YcJu4;+KP1Xm$_Fa#h3Z;7&w(pxzU?nu! z@*p6+Qq;Zs%f6QK$D(hV)9N_bnM_ztpSNQ?XX((9U=V!B=m2=`d>KB>k$)@+I=*-t z$kJf2eff#!O24h!UUguH;ds2fnoNAX2U>t{#SiMDo!`9wYpL42Kakb1eJAo)HTlm>zLruD@}=hP-^H zYxbHGv*^#|;M)=26Xp~n5CxA8}6|`*GYT#gRC~9h(M7l zd%>(KEn;}kIsi8JrIdz43+Ua2I!4`+?=LvGJ6N4?%0Hyr`M6(=Pkb{l;(OJdeot){ zkcJDrx)E4U=uPMFHT%quy@ol=&;C1=`QmUQ-Sn}P?Jp;>BAs4zH?AEyFqvzekVGvT zB?N(P49lr`ovi1E)|=WR!J_nE)O5z+enKZJ-P`xq=e}nzqj51! z-ickM`z2Vz>zwW5l$HpqZd}1ss*^5A9r9$l7#juCKuG7l&i)`1Mu-fK9RDcOH}99; zk2rdpq@PIDaZ?9eas++5xO55ZN$6yIi%Ds4Uje4n=w3!ug+ntWoF+sLTB>NIW z*?25kgSV;s_D|V3_Jr{O?u<26;ZtllyG~d7XdmDWnu~QrE=#rSvgmR}*EO>=oY|S`lqR z<2j<(zRX7YD(*x8KPaBrzU0`N*c@W0oL*N#T0N1yPPhQcG<&3u`Rc|r>D?aC#kFM| z`EXyczi7tKC1)Hy;{x~VI4k%pTdLD>dI)q|)_aL0G+G{i_m8Is^5%yS%yNUvKRa_` zc@l)G%lhbY2p6WkX!o8XbGy+R<IKpw;>+Y@i+$UT zRPyZLLG<>S23M~~MmQmTq6hM1q|-HOuaGOBCH3NIOQb+1_D>2O{Gu5;62 z-4CYM|{lPimX8?vE}UXt{?DJrDfl{TS1jDypbUE+6_)9Qj)@;g(;w z0->-p-^GRZS$+P-(Q)nWRq@&O&!`7vT}SYY3HN7Ws_8VIu#IB&Yxr=lb8uO?fXIJ3 zm%i!hc`lxl|By)c#4UKLC?$vTtnc>|3y+OV`zvZ*S*VU6?|9|q_`c~eh&lK-lsT`D z4srf(afInPw1MECwDn@Xrb4pMqLn=5Zn=B|rH|pTbvp-8A55Oy=N!8aB~6-T#Gsb* zpHTn^6#+pcGS!z(;MGC@YN|GY7jS~L`0cIkgfKMmd||xwaDRsTn$`&21!BO+yYz|s z`ZTLH6b~9Xs1`*@0>(N130NP)z_BMBHU|Sc$|ksL5fI@_OuD$jX56ewV@rbv|C<=w zBGWvOGZcP10s6`i+aTB3 zw5KTZXpPH2m|w#_fRMT#w^{u)t$bl`5T z`g(=`RmfoAjqyP7;;V#{xnDybs_iYDAk|DT=Fs%FgoKg+S}3&~aIJo0NywPtQ>-#( zaZRtrNw}{7{pYTLA9!1nty-7;?G-!y*OGE1uky=8fZ2Rw+64-Tjg6L1v6Qb<@pPqG zTf7BRo?$ei$*18fj?GDTAXTt%oXWq#It-Ue_4N_&^JV3i<5t~jQ2B$mUyk2H0Fsb$ zLBnUi^^wY30Ty{?S~_6WCsYWtaGnQ^`2sfTndeaaIyU{{Z1aOR8V%CIY>`j=F);I5 zwO+m)-U&m_e~H3I?2{B_1mn{1s_v?~=ePJ>GnSx_Mt1 z#+RIP>m%!cQhCvy$!x0U4jDzwF$`CT)^Tohp5HFssc^<+VfxvBzZ*c*rH<;D=(WOg z5pF>AQdG7CG4i$C6SmDj1sA_YY{AVg`i~>M*A(TKtdYreD4+|w7T?NkymGFMD7!!R z)&WS~HRrOfNYYOVq{YIl1SxzyrtQi5-^csLU(drZ_&M^&B_zy1M$3=klqF<8%EGIuED z-sxR+3kqP-{tRxR+hHW^n9fO$&?no9$?K90nX9^umTk6a+9yC_oO>(_Ds`O;`4%!} zLk)a5s0eptj2{YpL7N&6#gXhF!-4s|5x;xP-yfsUzC21A)jKp(w@#_l?;SPgh|79U zp0zCPzA@DH$9=*5)Q&n#!S{yM3P};82NhnZb?XXDL}aFp)2K--*%DBgT#G^dpM@{IaJ{&D;WA5jKrx2Dpb7Hcwd#$qr0C4&nw zSEk-eN9sw+9QUI0YC$rGji3M*ovSc_u+v!g64?%JKSW347BrkcHJu@}0|o@nqLqT4 zR%pA-^T+4`AQo>F$5X6ygreu+J=s+l7nkzW3zSzRoBKL)u0NaYO4FvduhIJUlvmc{dp!}g^UmYwjwi!0)BL# z{8_{^;!?oO>EckCra*QK)gZxoMQ1diOF!D&3Ca|Tf!a03-KFIjIEqqj{R@eG>LXHg z#-;lHBNL&_bdtpgSAK=*B#+v7y#?{eGJf_)i{iqRAT zeQ??WGw+29RY=D#$Fy8>XO<1gs11S>Q8VOid%|^9=Y*_g?U$g=19|VpG+`mv*`ME?cuPY>5?r+(%2otkO~oJ2LigVMrwH}Z6DeDRLH(JC zXmtFW{kPoTvVFV=baPBcn@*(7^GRIaJCH*@B;>&zB}7EMhWq0J(VgZaHHwRo|CYUf zh~tS4gxDBEi49Cu3D}5&R0_u}gFDvu(s*Ru9t;lF4MeFv8Q9h5Nv>J1^#%|41P+&i zPbDh@HW6-LYy~;mCC`KQLhQjWq7AcHKgors)3E|GAxoiU;$mi1~>3WDT&M-petvVD8xNr%V@iA+xZhQC|qvx6zoU;1OFw1cnXLDpM?w`{3gy81Ow40p^wGI6S(W? ztqKGQO*fnh*Vp^WJ<>GS_L}yZImLv$&@%hq~WtMKOgVVC#?=>2??Xtw~=Y z=i6d0n5FP^mi=PIq~j$0dSEWTOW9lJyBgq3J|Rv0bbmZv+V@&*&(Xu7yCU&Whm_xw zc>vUOcanY_b_PO~jOW(XB-pCd2MoRx(kjl!hvXzn8YmB1{Z(1fD*_b#8ZQ9oAyfq) ze!QW%DM|MBaUURaTCXEvzfK2>y^JBVJXo_sWqnQW=SAwiHnQz;eBhSrDAk|iBY!(+ z;waiK7&10?y>*LQElI`LkfQ1@uP#3WoxX5P!kDy$HzwGSLd37}RplxqK8UN>lyOM2 zX%~{cn3bZ7qo|mN zYOZo>7tY7PI2en4h`*D1s+YU`z%eS26(XV`i*JA0I4^0d2_GDoz7^Qn1pOjfXRoau zmXY^XJlBPBLXtTabZmj}{hXHWs#UO{!vqd0?~lR>p>TL#r+9hV?Ko?BFBPDf#LM+= z-9xe7NAkF2Y1r&u?)QPebYDJ)(h8Wy<)|srt|3mXV7;=k zSD9dX%%Q&ib@zQ2fYs5zASL#pl+v+Om6St2&?H>_MxP54U9|$2E}62HgZSbPV0|Eq zE!D!sNTSf#sCW5k>UXrBXPYMpa#qzEQ$_tD#R$8E=DD^7t?FHP5FDdQT>@TC)!=?+4+2DXe2pEQi_9Xdagj?@T;_FCB<}KdxOoLO^y4 zLm*wyL-fGuSX^oLV{0EMt?5eRQkRO)?eaKKB8vd9Y4D}15arOsf3-6=k)IpVwCW*y zTE@Pc-u-O$%bUdC4~E2qp4+d=W`e`L&lHk4eJ_d6UFNuXGVKAk8nH+5b{8Nvgrl%L zpsG-yMA>_V>hturzfi8rzfVe}mD~j1ce5Y6s?o?{v5VT}bFG!%`Q#^x8f|_5?#NHG z!zE;JsCXEH(UQ^tfc{z6xXr%ynggnC1!H#4Ps{f`#0F$od@jGH(@(pFZ^Smw=#bo| zv3~>{sAW4R^XHPV5++A4ZN$b*H@;7E>4wTlHm6gpPi=Trn?B`Fk3L6Rcfkx(N)~A^ z7jkDFxqa**MD_r~7(fNK@=4NTkb%7lwkr{rauJKa%wKP}k>Oal$szT*DP(rMK9=|e z@|a^`b1%5%Yd9Rx)kAbErSpRb=bI}|BW26fYlvz4l~qOh41#6BNcss&=W*X7)WzOm z5N>u=8X0-8o^ZtC+Z1kBL4NZ_AGs&Kav50M=X~cJ?TrhTQ9j&ZAkPr9W!n{nr`5nR zmIjX8-81_dJ7e13Z*{7fO$K_!bqiC+mQ|ROUb)(S&fG8gYKGIT!(Kyr9PzPVcPEom z{`|l!$hkRqO2tJ&MB-JKUPN+CZ^Y1Gcf5nL)4Rg3eDHRZHkT zbU(OfK~!Yt2R+zEYsbeB*NN^-!cTrPUbyzigmO3F+t}{EGbj8QxYvenN$po9F~E-x zemos__}tIC0|fj*nrJ>I>mWVLf|K&S*7f15BS#0B7QH7U(+R@0EB*L=;2WGb~tSN=aXclk7N18;*FEP z*Y%N7cb;92F@EQQ6I1>{BY2U-3pOzV_hGJFlrSr`?$<;tpyk0%_O`|tCw+n$CFEer+NGe@!smRx!KVkH)!ERfm#O~RkUep$eueYaG+5u@&0 zsnFOzvSK6>%U=ZYdXw}!o14x$#>uR`92(s;#Q*{(I*n6ppQ{7$DfA?`3LS#!mn(Yb zDqoWDogmt2yIRig$ioGJ1S)t7#^v2Cy{ujiKa$R#_2rAlf)zP?LpBFQ0<~eEhS#}Y zp!_%gc5@+5mU|lT9{U;))3&WD3vM+#1?(SxVk6ZD8d!+3;-(YxJ?IBZ)laeX4#OGow%v5-XL!W;UIt<}-H+_( zobD${++yO(0I`aT12|=WPf=)P27{Y)RKBRYYbhCT2|!{gMPlw7AIFAci9_L$(EHbY z$A{pA?uVaA#Dq~W2c6AK*ha@kxxC&Te9NuSkFyhQKaQxL!^Z?E2<*a)iXihV?Zi1c znfe7Mw|bA+wt5^jbKzb3HMBrtekr91Qe@^`D591viDT;aTJCF7-wK-ZJkaX89P40_^{`;ybeO3>` z0c^!<9TqmI`Ha%@>g$Or1RhxWzMnApH~MhzOc~PsAkUCybi|8kQv?yPVCp(?1okPv zFN=J@Izm0X#=pgly>ef?-4G8DQ|Z@s@8{cAjLQ&nfMBW7VZT^xsp%iMSW0(t9unh{~XEOJLd^6AeF{zAgrMjg9SY~AfxRa={Q%cUK8gpk}B zqC>}%7=_`hqusQ@(~b;f)Q>{8y=(hc!{?emX@$U>Me>o&e+LWng2l2wd*+F}{^8g2 zs_0yVq;}zUgA-!?_%hAC?Wrt%o&E)QsscoB?of$7cNAZ}bObUPzpV%|g9Qkuv2bD6 zz2Yq0_wT^}DG@sqFvc=DU#qkc6)y5-EA|9Mlj8o--oay?{Gy+1Edk&TCsyAc&&BgpwaYvPcjm_(nzrR5E=19PX?&Yi`hsh)s8O zRh@n0<6+2p{Cc0j&VrC(gorS!XN}wd-hetuKaFNfIgYVmV)0h+uk{h_B>OG#EMHuq z-8Zp_1Ff{QE@x&{D$t|e-?)wy$?@hMZO#xOX=}=<)fOw4w_ty*;K9N<05dclC&rzQ zriIO}3uRH%i$O(S$gc}07k9;8mk^WbDu1$dWq(W{M-cV8hgora3HPksM6o%=+DxrU2+~Y}7qc-aM)3uTh zqjPR=yZCz_NWY=iUK^S%=kCACns%TCosWSOikrS)tzYZ9+sQyGCUY-$N4+gS zNQLXhK9}bP8TPrbVUc^DU)S}Tu?5m-JW|E=S57c%pSz{Z?J@y+WXsltX2K)Dxcz&j zEClD1EFm8S18SE#ja8(W^{L*Dn%udZ1qs$RWsv+pW}ih*NdBF9K?VCA6AA+fQ~uMG zeeB)rbVCEHQfU4eg2<_xE)QrZC}XgHj>gJzxIP}26&p5))t8_Omyfh9^m9)Ip8`8k z=PSMXU5l8Y-XO62yD})LYDeO8RX}ef8P*)a`uo7g!rY37%hD`Yeojr5gZ2-9TAV~7 zOqF$akna-L;+ixoxFfsgiSno3o-37nFt)%4uy6FJPr6Xba}OpGINkV59~z5q8*g1d z4}-TakjpZzC*ax6?kWv5tIKdQX@QJ*o>qf+tAA$GH+X&RcvHZHu8c<^Y!bupz)#pI zgxvM+T@A7>2mOgvPcSb(KEkXl!#!v)j0_7P%Gdx%d<4Py`S?@4EI@EP!FXnm7H7Kn zV*UO^a4`#vNms@Fz1(HEx8K7QXf|-t#!vK6p$nf6r~|(iK7SJ5`JRNz?}_dZ5ef8V zhB2B=mGilZO#OxhL4m2E3->t@Va%sEXB02mkjx|6Q;O515YoGN@clFXEoW1co*w6E z-jhXtR&kcxo_nHutq$W~vXQYR+&_cEXwEa?UXensj#fu6nERNoUErvElNUU?($VJg z$QVQJE#1ymq+E?kzJqBMb4JUs>w+7%u+kw7jgbMP1hc7iylFjN#U3FEohlOXVRj zjaT$(729E|&k?*_QBozNwhr?}nBByL#S>4I0R->8y9KpIA!j_aU@*@`yGryykKyo^iGxvCeR%0jJ;`^7 zyLcv^7<{5)?t^`X$6-;)icc0?Ez4XMe{TD2dX}#&(?ixD?)N&LxFjF;guYyLTU8j+ zd$TqUxgS#3RrdG8#gbp|!!y=WtrNQ~Ab}CUByR(MjIH-VJ75YO9Aa6jL5AML>9^tj7<`$Vc z-Gd)WUh_FM!kmAY6t$a^E4++lTb#!SS$8PpVILDS`J7RYQ8^JB!=J= z5+JlhF}3n$P@wd8w0#epzn?c$~P{nbeGX{H$6{uI4mg%T~?wf=?zyA1^; z4Pvi}b@Nak6KZ?{xDtQhS#6Qb_4k7%y^ohLv@xr5t31#u*V%(u9HZwp2&s(BElu5P z`L4Uww+#?%DbDtdPsfUUqMMKy&+nd*04}soE=pG0>D@A~0Wi2{oYCFt2$OLY9s{$- z^<}0G)EGrN!KmA}{BQ}`+>TLqD=eP6dm2q1YV&KcgN7bKB|g;I5$n|+&7^a$%$dng zq49jgr{_EG8k!vL!SkWM=nndi*quAntiLO11<-9=>uzcBDLYy-)37|MB40j6x)j_e z=8VD?j%j}%7j!UJA-yIcd3UD@7Tl1(2A}@Ua$&=Qoy!gxV2Rm7Z@`JmTVYV(?>Bw- zXf58e7%#dY^$zWmLyhEe;TGRLn-QGhcv&MO)_>Wz(jRlPSokFdN2oQVo`);m7Wu!s-B#wWC?&T@Wqq?&mjme`Sz zLKXGf<;>#)_|msJTH5I(?Qx1$VIdHaAyl+4KnU_1dEc3VhF9D#C##9!34L&wi~{Tg z&giZ};C{J4*-6XD%|DbzuIsybq2S=|^zPw%t2o~~f$^QNG*ND8^&WRa%;W;7oxPwVIoT9E*FpT=kbZ_*6 z+=yrMw^2m)A%(s~iY5hiW(L3U<)Jfvm2^qIa{n&RfoRM5_dO7P}b|4WNB`90RkV|Tr=0mx6^xCo&G6tKl_gGmLyJI z?h|=arcR4xXY+3#cez}jRFGPWoXFSZqjm1IUg3^xZ+-xW)1%RT9KL%%1{3ryw%#I& z`CU@hujXi7X&Lw)B!#Yhp*H<60cGN_?ugfLa$^q$>AHcj*}YnllX)g_GP1#K!ZVM zI`$Tm)yXRmWwVe?&#d7o#MREW{Iu77N3d_O{!VwS*3; ziDNg#Nrelrz-1bAR!ll61wE28qp^NyVV`KiUkyC`Fn&zy}qyG{=p>%)87zCCq$XdW9{7bDKL*)M#h7>zNRtI;5>Xv?beg|hF?a^46Y~xDiKfovIv;JL*>0|Bj#;jj*^rnAw^yZ3p&&{Zycsl$=d0u4# zU47qV-oB8v<>Us%`B^Cyb%|PSP!Y`ovgSF6st+1d&^j001W2xm-@;gO+cGWgZP74D zTGRj?J#0*INF~zEiv6CiiXbR6hii}UvEI}3>rE6WPGOTrnB9_RgBHPPIJ`*rOdr`f z$bb9iuE8FoFYa@FVF5@si%1&W2$`?ZhKVcW*!b|2*v@BjZ zAD+u0Pf%TACxoKcGcxBr5ghV93iE@(T{E0`@czq*9etg(8?6rdyBX6{I(W}gXLP;w6( zte^-t=)zt2*%d65=wo}OdW6nEPx}bnJ@RnAOCx{X<3(Fv0WP9Su4YH)C#Aar7z)pT zFB7Bi0NJ+V<#iQFiX1Pjv^~TQFkkzYU9}T#n!h@?--P6o$Fv$)Wt+ul9Wsy57I80s zf42&3#w#p#?3gFb7KvRXz0QneG;roAvUjsHEs(Tg6&l`V#bsbwC{Sg~>R12|LN$@j ziIFcS<8!@5)au1h2tIxUXsb)I?y;GUiA}*YB67mYV%gDIc0Vy}QqUQ|EvMu3-S-CF zBK$bH3ACK4wq7>!Pe~jYaRonkM@uRNly_%%uAE-dX^(*)3`zg-T*(Eb;Q+R=y(GnR z2W2T9-6PVF8aV=c1M;GmdRjU?TYL`dzrcGx{n4^&gBO&CcFt-RyYOQFZycFb9SKe z4M3S!CL{Ay?28Y8wpWjcv z!nKtt`-Mg0?Ex*G8$+uS18Xs+XjTLsXN64lq#ghh#^X2O#Ec&o2gk%eqnNQ=mOE<0 zE}{ENS5#oLTer&%BkmQC19l51#4+NPJbujuk{Nz{G$5<4iz#r+Ge_f%3Lnzt zv9D}^iFendnSV}nY#pdOarI<}vQIx9ldR|fWIpwO&glibuYf!>_-|b4k1l}Ze`&4L zr4`(ny`TsWip$}C#iv@8EI`?TJO#R|aQni4a@@#qohMd?X>c~sg4z0_MYarU%eEqL z8su|jPhs$Pm)wOXg#y_fTW{(|KEC^c1A+X~HkK}8^9U*oed3tMZ_Rk*)!EYxWYiRf zofx2iF5va_=j#B-lDs`z@gcoVCq22MssxKhFR+r+1+lJ@U#Ku;$?$p@BOTQvwlNK5 zvTgVhq-sNMe%0QjL3td~5?qXa@t;GOu=!ku^Xev){vp4ed(!ec5Z$L4X|qtJPkL$< z@?8FevRQM+e6a5f8v;#bI%f;z4YG)A*JBRmD{K9 zF$c77u~ok{94^U0-LtF$ec{i4SbthQF3MM3+)xg<@;t72YYxzsm>;!!1e3*^HT+#C z#h@O|E2gMhE*OGyfHLKAM^W54md*oR?$WRaj{IIgM{@!s2Q5Vx7GTg=iqOvJ+zLt9 zKSN9TrrLT+o)8RPU|6qs1#p4O?|@}moOgDiV)%LOR$g@nA#o9QJCk>Z<&GMF8KKb) z_#oVn3M=kMWNnR(mx8HU=lIRw^6*5XLlj?cPd~mcg^1E(qKEngt^j+mtdDs*Aanrn z^1OXhTtfI0p$E=gH@GuPZgmeRPK4W&Af(fEFJUP{L_PNbM!ga`9*p)V9QOlZl~8K( zI9OMLGthXPJo~dM{vKI0Gtl^*>(%kb8%!Wd(sF9(Uk)*W$e*ZcPhy8kg zp2ADRJ@x^BR=K=mn|?&dK)N#Dy7Z0eax(t>(zH-T?F{bGMh=xRw1vcUT|4K-4z}a`Kc;t|vHF8R>CwY)+Ca}S6le{xkjh+Ar;V7U8g~dq7P##Oyw8XykB@yJ@V)r#2>`n-y|)K zKMZ}5@lHe9y<)OIFE($z_x!lUXNLD{pI!Apdd_$A;ntF1!FZb{8oc_$W=nJ%Az<`AaXNC47g5>T zU!-R;J0YEf1z0&o)_q0~-svZB$W8F(8?8dqVg>Z!2G`hqWq$V5x2?s`J)XtuJ1bCe z=!T6w(JTKXB5GhuhGK;I5}nglE`Hj@k*9NhDiZJfN@)Q)=5e~7-ZD#Q>~uqHj6N-^ zSq5rjvg(daBWc|!MP`r7AV`#Oy+AWN{N$0p7kA=4eN+8w#+ix6HPlLBK$m>>I9ueA zzZ)&6d1q_i5Cps{ye)E8%ZJwTBI-smj@JBt3Hm^321*lIJf=O7LT~W>w=4WR<6%izJ|c#d&C2461k$E6AQ zvp+o0>JZ>b#~=Gg4UmAT=g|-CzJT*E*UUPrJ-8!l%uvHe#!Mmd-RjTQ=O`QouNH!R z+I?yo@SjllwHS7zLsL|W@Y}-8EV3g()6QoN~sM^9wy)?&ttqcPD{NWRWZyR;PJ&^YLR>#+vtXC4AR z)gxGH+d`V5`;%`44Vs!4Sm?2ntvp0}zDmz$Mc0DAmEz@(K_e6A@N1RovRWJ<;=!)+ z2Z&(*u%%^#>!=c%JSbY1XcJDK(V99o+Mj|J`VBaT1zq4qW?gLmF{Srz3OAkxPwop4 zYdS$9X=ErZKuz;2Y3?(!Q50!p?ZPJ(yoOws ze0krd?jc4u%=o#kW+|^~rBe^<9NAyiR3l-zySXhm(eWOrhH-V)ayp?Ue4wk+qW=tF z4yRtfDjqK9p|vEE64L z_njro8b85!>H@-oHlZ<{(m1NzNd9mvfLpvv7j^+AX_K9(H6657qp6;6^vq}5hh}J~ zwA{wm6wStMUJm0%C;aPkPaoLcG3R~s3TEBN8Nn$iRucvh5v{^Dm_!E{5L$QOSx%+5s`Kr_ zx710og?7m3<76y(P=Q_$18Z{doAVyJ<;Ha^%cB`SVGg#!a`B~w;^)Bd!W9j;fePKn zeRVe{{)%e%#}6xxX>qH^eIdQoi2H50i}J8<`A+8ot?Q z8(MZd|MT(TnTekk0m=CBy0B=lU$@8OE05j-G#K=Pa90F}x*39mM*PBNVIGGQe`>KM zV$yL? z4GHF!rz^5=_is<;B^r)8Y>Gcv z1Pv9f<19hTjs+9=KPPqXIiwATHo6xvH^coZS*bMS)jNY21P29DmN$Pl__A}3x_`VV zUdx*1@I}$92OBQO2MH0lGoOrA(#CtCcF(ZKt*^L9&hxZYkneGJ`0MY=oy^2ahN`{f z?RI`gM@E)zF*5dOetTS<_qa~l7TEs0Ws+friTZzOlc&Jw-Zch*Tcew?~TP8_2 zN$wktMewVp;u;p>m&MGVGnpo+o??YnKkThi{=Iuqra zwAHD!CG3M>`x(^!T3?dx5Jw&)s35q@4oPWSdj{f(+XnfEr4B(HeRCN5Z3Nx^UX%Uk z1&QlNZlh!K7mvuF-W3QIt%MUT9lW-I4EF&JUL_DTEdAI#X2}ypaQT+2+wD zKB%)!-7J`rHwAJLf+366kE?Ah@2jhGy36 z9A2WDgk9ct`W@ryDcKpCLJVI`K@7rc2JfOMtf9Ju$g+9Xn(SB4d_AxP?N^lD_om@{ zLk<8k-uWiO93D5ce@|QNzuGsp#8V;N`EeZSEV-yo*QyFpGGDX!M058clu7rDCs+R< z$;qbs!1!P<{4%-)JNx!Lev?Q$>&t812xvH(mM=o>CI}P#MUOW#ToN#{ROBzi7rn7l z7y?SoZkT&--xCl2)oQ&thu{+KdwLPl0F;m!3!x5kqvpa#>86fle>EUFIe@B8djO+A zZGPUA+uAq>8H0Z|I+{GMI)SpxUz-h7%0{TS+e2-S1W{F~Z2kh@xbG`Nsq4;s%M~}O z4pThAA|^iaF(10y8*P_Y^c{9Us8>4kOwOPnXXf>31?aDSkA#ub?hVbsb^P5bk0$%L zefUQ6<$wD1U}(SFMop3yB&Jcn*B>|T7r#9v*WqVhBbF{dVY^xNj9!<+$*!(U=m_4P zB_{TKL-cEM>&+h>W3PD72M+2-JZ9mu6yIcy{u$0~muf%=`#aOIZHm$+0f`?T1sZY7c}q*G-1(KM|Y zR$b}`Xln9%d?T~VTC@D&6U;ysHx1Qa0~jsXUKAehE*qT~?yT@$Dr;lsbk~RB-y!Ym z-uE{#y;e%m*kBLW&(bGreQ>bSK|hZV8M^gkoH4HgJY0K!QtaoETgDHuz5CPA*U?<^ zwzJO4UYrD&ou9zEAp=CYrMN`t;Kg!CY+KD)a5Acm3y@{9ZFunlMYvb}fssao44Tt)Ey^&_Liz0eOvn~VU5VE{8Wz4cp=rMP z`Wg?RrdBD}v~an7Z9O(eq5-IDO&0c7W9H-yN+jKGcg5h20m|404JfZa*a@xpKrIBra(HC4wX1Sg|q_5TCxpPod;=obB9 z{TwHRj%Rz0{P#U5zbk&d3&9lSX~qX>3(Ji*7OT(}mm^`PlM@^5wt7 zgijgklXl;eejDnm)MS>gpW!c+4S|{sU}`%OpziAFnx=4j6P`kf+B!H-R8F!Loa3_N z6?pdXu`d-#b~s#>vmzU3?9V)ly*!t=_HIZQFCgFNzeh+(iAj7{!>&QbcQ1=-e_s{{ znEYc=F2O!>N(G)#LY>D~^##b?*U_OEa>{X34k`B3$IiuQ&yd)_{$F z(a&s8iJk^O}P6Ca!;$r!(;&e-fhd?<0K#=5O`43wRKZ z;xr%0_DC&cb6qXQ0aL89%k(@hA^HRu##9;bH>`q)$Dmqn$>;omw)K+pC+fszl73o$ zD;EHqKI&eKPOlZP;{AMFg0hR1Uv1Znz(JBzq5kn1N22$h$Y?9!<1sbOHBLZe!EnMQ z_`&lQ&05yaj#WW*aEz~?D8!?`m*6wsxy3jKkfcL}1-%6x1<7ZLqNXm47T8gAXpO+E7+R;7394;z+kA;x=0HI^Ii8nPd2^F?t2dx4rzcu@eCaD zO`Vv-@n)6_(BrKjf;-!iz05F+P&brh>Lopp$t8OGSR9&mzbx?2p9Sa zd`)OCWtK9?BwZh+ehyb8+!fk8SL@JYjDmSc?orOAO4VnV_)oe4KrVQHjNwV&`VX}A zulNxspl;&t1}dFsmR`Om1@aO5(ppYO=xIjA2RK)2&;35VV9^rK+MD1g`gWeraZXR$ zaOKXZ@;y5sw8^1wJ3VM%6rIs;O?G)qHt0RBF7*;%fmawKI-`rue_reLYw{;6ES%Fp zzqwyXo}q#-pN&ZC#uFCU={`sEJ#j<}C2=1AIsiit=EL#LD`u3paX35!|DRIFK~0q; zgyfz&#qnI^m$N_rE)t@elfH*L*`p(w3u@P3^-%V{z+8DcEc(NrvJZ}X6nte*;YYhH z0J9F?^S&0~??$+cAMvggGpc>Iqc??2xPT507`6J@H2d!rVYrChp8q0weV++g?2Ti7 zd2_+(yuF6#{^}nv(Rg~^%>a3tJa6eB0Kw{C%Dxo-(u-7n&8mOHgvNCqn zb^upM^CQ=fKZ3AXv*;JbpXrUHOyNdw z>rKh7e$OXQfhFt97j5nw?3Z0QNa%9+w4y}!a#ZFXDSNACh?KPN%`I+s0zNvW>4~q7 zt9%ar3dUja8Ti_4P%ZlR;7km|9QBj$JfJkol&tw)?k$-5IDBy1~DX{D5ZRZ+X~ySPk6D+2iy|R(~lQTRdJn)D6)6yru^5dLPUBevgf8 z!?PLFGH`<3d=u?BH_RDg>Q!HSRWLHec7sBWv=2_#zpiwD-1m`$ctO*SE!}~?Wzg=P zN`eIS%j-}zTTkd*^CnfEz2=}P7&ox;*k^_c4!o(WD7qh>b?NpWD9zr?-57psl(j(r z#0_j@%LRhggfI7?5~Ei9z;QrQrL{z661uCu_D_fmd-|+@Xz|uP4#JqRLb(r{z{4bB zx!&XVJ1h5a@KH6BPftd2nU7L}@zY(sXT{mS=~W!wdlQ$l&x{{|;c$JF-eOo}gihOi z$|jS4Rj);q?K~q{)-|OzA{xDYBc^xS$N3BGoZQi55>_iD11Hb74+HTkT{~D;%lN@3QV0#N?2`b zBA+91E+C$oGc4b`UCP`-?1(2N+r2wP^*+PU(csAgeud^t?Tx@fRG6m+GO{?qA!(ua zqf_}&OY{U@7Vay1ohj_pwuUI)MYU^H2dFKrjV5q-_rSkg^ zT!9RG1A>Tcg-I|K1GqW5^JSlu_e6*?Y7)R(s1-v?pn_+7^Yd4{0kM)i>GYG6^nRH} zBEtW#sz}gu;9EM9_w#WLgVG2hqPn>CK6eyIf9xM&onWiZ{eph`Ii-zQ_j=ef1^CAm zQZ72Z51ciuD4%VK?vUyh&CHuK$Zd7>+pwqNG$!me*o7~9&Gn9?7QQ;@{Vj$j8O>zdAkeZ&>A7&lk9y` zxR&TJyiXeX_f_|2lgwwnnG^kHB@Fd_YF7n=yVRdg+jiupZQV;3X`I<4CQ(wPYiFj@ zr+UzCK_%7C?8nWvU;q#0Tp#DRUH_ux`grigBp~&2TIC z9R^^y??dUgW;Hy17IKgx1Z<#2Gl-7IoWWg+i|QOb>JT7_pVlu_{3hHJUAR=e@GVtK z&}<|?mUd$y@r#lCoQ+FMerx*sM?s)fiquXJfKVnoUlY8*z(4j8jm`TOUS5PW1V8_V zi@9Gk3GZ42BX2FMO-FhWpKe8?5sthjW{y&t=b{iCpS5mVAt zi};DiDOj8z%tK|_BhhmQH-HGhqhh#4Ih3}<$dD76l~D5l>A!jIVPR$Q({nDLf`3Uf zk@9G9w-v7PdkHNzD>S=s`tdE1!>K9tQ!ZQbq2e%9%HcYf>(lBSMz}2VtH%jXJz7ha zKgM)kfVNxEKj_1s^%J(Z^6I!)9WJK}KD=jpfBhgN`$qbH>$e!`V%@C%F8e`cr{KIj zM3tV}^%!XctKMuwJD}KO!x`K;yi&yke?NOd%tkW_w+}Oa53RuA6Ob|cG9D>R_@($H zX&(KV`TLx0e<}H-QruHr7L=y*EHq3@e>CGw!lh#+`>H;imwd8 zRmiDk!exkJb{v=GlcHx_GhKstCtI}+t1si4LC#$jNTH;AZf8eOi9@U0# z7->)TFTjz|+K{Uny{Sl&Sc!s?tYz|qzO?Gp>h|;5_O1%LJ38J~?_eDvD^0H5?#+rh zRMBeroS6%mwU@z(DIgje_SN*Kkn)Ldb^8+Lm;JrC&8^ZE>mKjjz3kHLLH08_)Bw`8 z@qn&aJ>@tfrpR<7ll=}XIAE@|`=!S;LF7T7p|8Ayv1@T^t_>{M^4lRx1-1bd$%RLG zm5DCx$d73s6tW0dpX+7TZA9Pv=UL1@5eDK59{T>6`0*}$QQm`T?5KVh{5Ih4`iMRn zE#4z)=9sPBiA55)sWfk&=?^w4@rpN$^qJc~7yJoP+;_Jc1qV3(Cc1lE_IZYqPCwBS z&^?|44EOj7fk=U1NQper@L}!&NmhQoBuyF9c%vJ{!;QWo>n6J$H0TCs-`;9U7y@a)48bcY7YuF5e7h7=`@C zm&HT1jo0r-J}CEyf&VzebUG&c8UV^oyMMhVW;)IHd4D{tvP}}#*&ccemJ5z)9WiH8g8d!p8N2@i7;7aB-T>NH6b zNwM1JVvjmfLHjHy*c_#1BLpRrcD#$6r@+#z{cxOmn~pM{#8Bra#su-)KH~=4t8Cz! z_}e7hQI~yZ`a1Dr^g5nD#&$lc{ycr^!lD}{JvXeWU_3}FaMKxHfzD; zx}x9QW2F8o$vsh|!3e&7K3R!eF0A|GQ1)fCbhUE|vE zo`t-jpGf2Q7(aNG5{M_XunsxO;UQB5sx}5l0ThgO7n7jw>5h;1S^}&yhtG;>63qxHi zrQqLm@&4X+#TJHBb2;gU;84Z~$#tEhhF^L=M!Ubl_y0-31a})A(N)3B#fNo?1(M_X1Ri%I%)kOj;LyjK+KZ@204Blnep-e;jj)VO5-X4|;%n`F$T zB#xgPN|Z*~Dy?T4tWD{>jZwj;PqP*|xD`3a8Ahj4@?Ad%5<6Cly9*KK9dTvu%8{>O zy@3470X&8SjaL>f+5zlQi>K#^|2FQ`%-w^t zQjf>)^|;WF_tbYaJIDK0#p~X+X3FOl9`I)*$EVU-W(Up_MjDfOdcDqZ{5zRjto(Iq z<@+sd{K&Y>ImBMLag}RRwLr38ipQBwtXC0ir}!qzJ&(q1kH9`nY@IVmV^lvaFnPp_ z9Ph>9@G3c$_ot&-z*tuO?V-H6aK<2LU$o*M7?7Kmm~;A&y_9dA?@C7%0s-aq!_T^+ zqimrhbJ@^@-8OFsVzZ)`3hZuh7%P@G(W`3AY#BGF`-VZ!NP1qLLByi{R60~&Z0FP% zbJuIq9omEY2qe%T-f4i^7+lc>a z4v1c!gZ(3ZxFhoydOo!;Bc#w8I5AQh=8ZFcfqeQ_#qDS*^uRLvU*aD>Tc{z2mhS#0n7Rxj{`q`svDTEM3_EC zbsci>TL9+gNkQbP8Xg?{ev+}c+{^uIZ^tdrMn=U{U*pD+0Hxo;9!((vL<4@vYgbMU1fi- z-cUqN@kd|FSW*-ODh&6)0)JTKxL9bv+5iBz_o48q1$3C}9Wt>=PwdxukH&0irQh-8 zHX3LE<7SgAGrG#p-IKr3D z@88*Ff1`9T@&eZiw>MFG6W%C4r=QK;ACX7qpk)B7N%O>M(ez@pKZ3!8K*6)$4$^}U zcwmr~@I9j;(32)>pC8z%=(wLi0HJp%@>&aStB^q|mv)PX@tItjnve3r;%@rg+%qNF zw2xBoUkV0XEOFxHS{IP*jMeru33>sg*OlCuPANz_Fw-RpRNV zlgVW;rNp-;xu3~#M}jDn^GW7?w^9Y?H(z>nNS%s4HJY#uZ;K=+fG=B@U$%Xyz*J9N zb}1V;BwQ|EmG|if1cx|CSOv}buY~xZCM(}>U1Kg!w)vMRJzz*96(EpYI^{%6a>RaV zZJH;UvrdZ7nna2gXAp?7dIYK4GD&((+b0Q|VBmNjpYdJo)hpB>z3wf@Tf~RK~@5 zeP6E(zBltNUN$CGBbU4JmKGaO@PU*xGM8rd7HV%A+!IR9GXc?5I;Vo zPbmYO#%K81eJ$?z`__H+maZ!7qOxrH$o3`T3Bp)q?WP6i)&MerBLsBJy=WeUiy)YUry(imBjF~UI8rLr*=Cs zy)$1*J#3QWKpd)Loj}N+oE>5Rw9!5ggj)y%+ZEZ1Wl3}cocG-NTjK#~v57CVbruth z>Z@*b*u@#*R92Nk%n`7GcWqRH)?%g)i%O8<(CQ?hI{^go#PweT+FdzzntIR=&xF*U zp_y>B=oFzQC#94UT5J zCRdq9r?HzSksMq!mk-?tzST0T4=zD<$D+b_S63BL-j;}X!9K~bx09FpxPks-QliR;Hb+QGME{t<#0D6V_N(>2Ayk_sUqn_^h`QmI- z{@q(lXMrwYTBeIV@E7$NC)Yu-P46=VezT!d8(*TYlR;FsM-0r3xnbxl{XQ+dE|b#N z{<5{kI|}17AdFR`J~iuLoT^#d);ssT|BL` zy3nM4{~A-zG@+#V?JJ1MPG~tV?|umDg;tn`+Xq8#;G@$t;zD5xyz%=@WE{HVYcpB+ zhhRize)f?=ezb<>$ZlU2d5u>YFG&(Fm&gYi@&td>E4xnQWWlf1g(#j2$Nbp9b{Gc( zUtD}Sw)CTsn=GXcGbIg1B+5e$AhdTIiIh5_gN=f_ z@qEp}qIFX7M*Ug`2#iYJ>%*CF2A?8#Rwf-IR^FB1O#V%B62=LqQ z#%h#W)Iz%IU+mQ@td~#)@ptp&So<_iU+W+Q!V8d`0zNjhgH4p^TwA#6&8ILcd}+Q( z=iY*m3-JZk9d-x_b$!0b{WW#=9CPS?CcSc zaA}tB`#Me_2A~z^iHWHu!~8exmoAuYxsCcxI&jEd>Wjg7ulxwmK$@c`y-pjx+Sl%Q zVuy&ub&a4=XxEnQ2c&BvWW5cSPV}A2gn|MR);`7;pLXYg%p70-GhaV`Eot`d~ht|?}7IN z3m`z76pb(3u-5yFW0?}v>n+W-HP^NT-e%4#&|uzH-;^sJPZl~#{KI#BN&Wa8RoE9e z?7PqXcCGIcg(82DdlfzwxS6#`T*fyzzn9%n)wtkWgy2go3|N-zvv`pVUN;iHrz+;w zHBq)^pYUHu*O;#B#^SI?T@m@c=tAJXGW;nj#-#^NPvNI%!cA^do+YgJYt%7(h^qNn z`tf=Q6I<#!TRS9`aXCBl8H_s;Xa4R>P|qtN!S_LDp~>JT=HZw7M3>_9$rff&=I+O0 zeX8x;)$puY^bk{_F%93d;JTjDV#V%f6p|3Ti0d~R-nYT?jZ%Fa3gJV+XwTA~QniFv zQb#{JhoESmwCZvs8{)6~0SQ}dfp%{e5JMjyE>R=7So$Em(PrZKR1mOnadD(t{>)SIr3pLw$uH_=xvQ0pRZp zhhU^k9@0McR>-?>)cw8~t@ruXzmOmaZ>Uyil(|0v^swvpC_lDeJyg#09@q2J{oM|) z5lweiSnUzzo4n_3M=#1QvJ%BoDwXh)y3${&EpHs=`W|Qw0_~t_;`?uCKR0s_JzRDq zIe9&R3%t>{=X8MKo#&Yo)LIx==tLomjgSsq_UTWAWJRb>QWC0}Na&fMz1UQ0_uljo zpANh6IFBSxc#8F5PQFiZCx>8N^?CkQv}ICBO9Nvq(9-osU-vYf$^V50rDR-Gh>DNr z_zD!=SJ)CtK5CbS2Fpp+VdP5qzDAvaoW~!XuUlUkDA1p}y_sGC3y_#4;?+Dq0@~QP zGb*d`p%~L?jHzC)?$}v;jN+w%lcwQj_?;bkf7|GWXzsd)TT_fNMHKuaEl$kHgz5@i zuhzbO`76r^rWFchAY+O}zmOX1kfEsqJ6BO~J?EqEXEb@OC?1J@t+3yXsNzwjdy7wF zs#y0kP1!$^u4_wCZHxYrB!NeXB0)0BnTupQ;Uf-!ZoM_|a#LL%w&mTsd z4x$69!Iv`a*c#uhTpkSA`j){yhd#vf=kdCIM=kr3oeq)UhT^)AZxMoXw~YbxHbB2% z|8#p$348M(&79ljRW-`dte=1{8eQPx!No^~3PE%R(k3Vj)aZ{~dM(N@c(EtKA*%fQFXK z0hrzyIEG?@R3Bb#M-|X%&~D-rvN?%&FfQs`4|+-FA4YfGn)fTSzmcE9$mtAxsa+9S zVU!xy1?p2en^~)$qklN-%Fu}q`4L)*xb16&X#5q7LZcqW{X(CvHh(j(=E^6`&ct3r z?l-%Yt$Sh|_J^-bPp{<6eQxKly7P&GRO>IIvwu-c>OzR|`m4Qt0GsD3h_Ka2=ciMg z{IduvL3!I}3sF3>-WY$_OTl;Qpqx-XC-s6v zNq|#2`uHORs?4q-Sp8NWGw!$}u>`)(v+wVIdrr{*fgzrgNWWU&roG~-K|TF+3R?S* z*6T}B^9-q3fHk@)B>b3e5_R}!tA0c|H+PEyI}WH4=Z^v`QV38Xc|M303N_YA_u&xv zJKn+vS;GpkTNLXmwqTZ6Xg={b`DtAD4IV$>J9m=&Fv{;o7U2M}^vWMHL#OQRhgx|Y zhKFGGD=q|dUZ}dy3SuK-W&CO?%@99~Jc zpHrY-l#41BcOKF}=Wg2Wd#F#@8511*#eDF|TlEDz6t4QAP@m%JLVJYR@CYNkD^-zf zBZruaNe6t&M#SAPPOfx|!95@v_D_c;Gtx}*uF7y_of|3Je&qi3wM2GeI{JVC;Ffk{~qE0RHR?uea|s^ytp5!w_t7 z4(&-O{F~)|d|DowgV$0s?|;VgXJ&;93^3^z4b^K#ZI~uQJBu?C?I^Q^$AySP<9)v< zIUM(|BZ+?O3S~(A2@eGK`QQrdVN_kp;lT%XgJ`o}hJsE=iQ%J>B(Qh5ADCKFi40Rle{$5;jcjGzJ6 zYKpHY4~Vi(s2QQgTAyFVAzL2D)pN)1bs)rcly8Kx3N&?HL~lY?iO*OlCeb_5!!n{6 zDqB4c5~SBWv%SQEd{W;-Ra@D2OO%wmT$0|kR{vWL;`%BBGZ0WC6%H!^6!uHmXT@Z) zzq4|@b#)h?G$*z}`mUS~W(R2ClaW{OI#3GJw&1m|$F>?7KV~ND#rVv?$t7Z$oJts!A=i%Wdv-~QRW@%raFu-r)rc0H8VQlDF)gK%cgEsBI6!-vvV~KZ||8uGTcB@cthl)M%CQx6S`r{71)T zwGey~9OsWO_tVxVgYzks6`4dkbs!?B0^TM#AqY+5xQy{b`u0nG49S!z7SSd}BRqPo zIR{AJgf7Vv&_~Uws3S5vBI9|$Z-`)0xO3((eezOr)E>|z9g=Ib{bFvqOfVgd?cuu+ z)O{qdH3Pdymjv54Sn_bK_RH1Xek$S|0nAJ`f%HkF8Q<2n-6pQ)qnX{kHFUI0HD||cKqRbluu428K%*}+s9p!zlUPo)g zFDCW~9b3nEG3ZUy)d4AY5a^>?=bYNx{N2Uqkw5aQiE`NXcyH&jj(UQU)bO|v5CVy< z@1!K;uInJc%uQv7z4DCg{!Tj{iwdgn34TOI(|qgwp2XOIO?I8CK*_9#6*^<~M zxafUt3;aAg5P<*c<0pv__EBe5=}m8E%qX^+QM0d$AM5*Fs9;}0dO2JI_t(6l?ae{r z>;gb((#eUqZQciXmhRik(WR}%0rJSjZEG&qeaF^USD;>VwVlI=3HH=qD6C(H#eRqw zt?>Pit}M$9nV5ghR~l`%Bl!eT9W;^IgO)|9Qq}hX5?C#y2b-}TG1Xl4J&%-QvzCvm z)a@(ONgChK4yR(l{aNvAd@|&>>5Cyn|BkjTB4Se8{3O342gK%$2>joV0BlTrK~f4# z2EJ&UVXhL2s%EGGGsFEl?ehn=ntl7Q$9n@5m0n>$|4xVdU@--oEtFFv)ZJIDB@dgUIa}$>0@6F&vLaEeB}*fj1>a}c zw1Tx_3Q5qM|87U%Z%z0nzIr*ndZ#9p{ELFRhMmF2?ZSGFW_fV6Dbs_1uvV$E?> zxAz_;miy3QC@X}%;1jn3ot$LES+@kjsDoL9 z5EjtVczkUz5o0z~x$oEeNOix9yxop|3xjA_e;aXgzOAmJ(BFQuH>zpBj|b=G$GPXe z<9>{HwX&RXRPs~c*>G`xIXJhU#Ds@#-?sOHfFhr(6jJ^WGFZ{Of5G>*oyK?b=+Ch8 zeDa%=P={TXcAuL&7pOoArfkewR4?uR;H7;A?n8yI%R?^7MN;11wPjqi6cO?{-GVo_ zdiCJF#-C?%P(QqH-f5qs8wb{gC?<-$wYcy?9Up_9obG5<_m{G>xyb{IGsH8G6&#+! zYrm#kGbDMRFL!C#?@7&HLk|)(AK?X0DRPn(9jl4p%cR<9XdtG0mLhr4-R!Yx?t7wg z|0XBn%D}Ny&m~x)y6UFx`wr<7KNP62gu^vquW|?r=3KD&`Qa<*5c)$~a z{60fEzY0^OC?P?$jOJ+UU-!=&?FY-?s|)iL_+CoSKlv;Uyf@OFfrPANKfkG0f}5B% z+rJe8J;hy7zq4t5w}XVQdyrO`YO{42BL6#9W5ex zhWlpx;#tWSQ+QkP)^|^3xDla?($jy1PW*<#tdQO*YM37`xG5c+xjWER&fuqFq1(|J z(7RTMzxR~*IN>(lJj&QRHHJdmj3wAdn6nuB6exu7V8c%Z#pTby_|e~#Q72&gUIYN= z99>UWjuQfce+IkFg95(MQaL=zT+c>AZw5!bhY^ju=pk2Zqay@;h;5E>8HmTz(Z4Sw zA?91hWpKI)R>Z1+so*#_X*gwOa%RD|tNJ5DI@t}4m;EAPvo_y^1ZtqKXfFwJJ_+UbtqLH^FAg^W#%e{#Lns4NPZGx_lj8ai@U4ln#O4|mOx`YhtvEg5vx4e~ly`1?!T26BO_0?ge{YK<7JtQN?v{L^ zbYeg#PotsJ>37BK=#s+gq?^(rv5z%=2c4Y(;(vrBzKLGvo3UI#k^SdTzJ1_%1DKi7{3*Fjr5nn)Nj=rE>B9vievc4{=& zPl>~zBZ4zmM)GN%w0?J;+rQ_rr8_zqu4#mrWncVS!wz1cIrQ58`jecIRaFF(3H_T7p2S)Y*XE`7H5~5wLumFfV_colv15LM;|KI7 za4!Th8rnBZP%qD7GQvIGrH;uFQa{G_WycQiR>_2>pZwZGu5o{X5DXz9d)}_}5H2$; z1SY|K!`69^X}A0#$-ni7wMQ_VO{l)?_HuwXoL2d6l z{9dt03lnqPl)zaIDrywlO5Kd3XtDAn!gXt_>Gl*uMfudOaIpTY5-z_0fkuW>1avcw zg|MLQ)~vAGd=Xy+*4szqiNnK$XPtBh4#tInrK7yx&8T zQR{0DHAjOHucyU=s+xU~=X^g9>vv8!VDkqTg}p%|==Ab6Si|4}Fz6oWTj=T*%ZbzM zbYOwprfaq=y!;HPmcFuwvW(1i>9O`(t~B0s#uw_W}tPyJ8_TSk)qL-z;l3U{3Qc#Ilao z^iSO|ao%rKmQ$)4{r zU$(DiNQzjajl33?0YKFLd^!^D0qX=ToV+-F`^=6Y)%)oFLrTKap7$pXWY_a%;fPDj zvmsXquBD+EkV18~v+jTa8FS3m5b!3(<8OHZdDF50?q)~hh|8!{2f9DmaDolp>G4_U z%UP8bvrnn#SAwNvRXw_I*SuA*2eF$AYh$eTHNfZ2fAGbWH&;gZTW@A6-^WhBp-1L; zzTFj@{DrsX>$eAE?~mS+`+cj=ftr$h@i2&)zc94$W~6&i)2ef2a?`YQSKMQ)BYN~h zI_{^KpBNW2u?s2lJPq(i=Unsby1y|BV;EpGgkIYIgAd5wFrRmAkpwhe@V-Cqghu?d zuk*e~-?ZZxp3T?&J!;dkomiMugU%r0IXD>fc>~3^;m%bBlV0~-k~t04zRHbdgjNl|uN|Fs113+sq_;b`vNJ7mleiDr!?nKg=-=L8(X!gFGYTgl zH{mq!V_G7)yyP;!Wf2m!+*P%?_~^TghGIgSIvNrS_N1p==A7@<4_+mUZ^NzMRRtpR zvtJV)|3CdSb{c@k^jN(^7$!XZ*Hw3FkSSrjoDhwAu>skw2dJ#98EZ*CjDCWPX#d#u z$8KD97b!xV+??q?#oPoJU3HNY$E>Ng`YEt=*Yvs9(@^(KDxJ_gbmWt!n0_|D5Bo_> zpNoVDM<8Bk_ByU83rb}g-f8X#IDrHxs4EQYdIJ3G$obk?e_C7P>wx!AoD_mo8y8VN zyXvo{$8@5IMS?%Fh2h_wa<&Ab*2GKKNOGUIgC3oZ(C=a3)|`+@_NpM0N0-cex=$=* zEWgGVj%Ag43yul&y3fyxOJW>F2d>VGr*|UHZ*QP(sNrod=%}DAZ@<62uIPXs)BV2ML*3LH zQO;zxm;4v&XQW)jo1*yRlrje8G5P~A+Cu_Y9;aj<$zd^64 zK#|iQ*AG5k(bWdQQiFf;Ld|>+}x&txf#_F@xnJe9)ip&oPn?Qcv69Xm~e}K#QM|O;iyta#Hb1r zhE*5^)f)oRftIjBa=j-j9E=)f$lWpY50J1WPq&Asr`FaqH;;+xcYH6nR~er^MMvAH zH^*Jm&9$QY>?><4GtDWiYR*#4$^zMG7S+Q>ygtWJ*^9T7Is|~#ytQ++luzao9e$UJ zBokrpVegah@G83bRb=w@bsK`KN48pdmvShCHpZQbjP?_5N&(h#`qrjpHSWx*z4#) z6%D_Xs zl(5e)&?0}%kN?n-xYG;-{ZX?LAN7C6#WAD;w-f2NP+(*7v5EbnNu0UF}b55hXnyCs(zN z?mj?^v}v0C_Rhw3NcF!R!J@Ce*nDxsepKm`gwRoX|^K52lQA|eJvrpNQEgdzDj1l z%V;6JDqi38Pn_6(9KgK1y6OG4+~j-8{$(IUs2#6`Z`R%;_!@QeTydrXmwapW=?+kT z^f|A7r11-77ct-CDG^qn&P%4#yEMx6g`tGwu^Btb+;PL1Y5dZ-QOg3T(`T87AU~B& z)W_CeNulXq7r^z$IvTQfp6ABP1}bOb76tIX*TM^-8xde^u7gQ zJp=4?V210Da}Lm*_)HLfzSp`Mu`B=@yq?t$w6U-4EdmW& zgUJ8t5y5+v4p+4VTtq7e(3DrII-V-1+T_r=5Jfa4pS$S4BIx51km{X4@ySIkX%>wY^L2HNsldOc)N)*KkT8uCQ_+F$9u_?^LRjrYCDw;)@De-Ww(#%Fwc z96Kh)raZ^2IpVQIvws3L=fzwOYrfph{bw|@a8oN1mY8Jc0CQNVpCa zEo32OcE9bS3yIRp%q%?`Bpdo4kMHoKjbY9MY5CYD#X9J=USBG`7Z1P~!hehVk9%|{ zVK1i`=O7B62_MC$8~b+6Pu!}5KYp0UcIHKt;e<_2lX$rc_wAFTANK&cv{Y!=C{z5t zFQnvx@>&0T_{~EV!q@Q)c#01$Ai zKuAb@-poc{z4Y>E?f9`=qkDM%3bI~2N|9y(+)Rh*3tfp}U+Jf)yt@|M*{zKA>B*cag(876K5{%D=qxu?hRT+{an!V1x_9?EnL7NsOSaj4n_h?eFr} zA5%~#Px-uG#gv!L8Mp9OUki!Pjo*`w{iLmbe!p+#$D;^EKqjg_6Wi`b1R%e?sLp43 z!(8COz*we*OtshU>ys6{B#!e>W!`Q-aaQt+YMrO98~6PNV!$VpJDzYs6)v`lcP~q* z@#mp5$@s%IaFg0ec8b!)qVEzOYT;o%fnO56`PRjDUz4d}uH{vnkp1 zW5n^N0>S}3nU7zJFV#y=EfR5hzo2VyR;uAB&$#-qwBFKrf`n+fZx4^UZ$I}{qU7|; zMgS>GP;)H5s;No20GS25n%sS*i7ER4X`YXje5>~pqQRc6XZ=3%U^IHU9U%Jif#~gF zN{GjPkJaj+ynfl5ZBZ6OO(l%7N3Tj@(h;$4tum2PhRaB`2Vx3mT9BD;#^G{kuKP(P zH^T3XG4MNVzL$ZgHJVa1sv%l=`99hxPKH{IhP(HE0WN#{fqOz#-sVEbZGlo!;y#(@ zM3XSUlla;5$_mOQYPlNvq1ltx*Fii$XSi&&sk}XfOUB5Vbt77C2&gb4UDiKWB^wYj zy&J0 zT|X=I^S@sCd)W<_yRbwJYsT(nM{WxVy$XwWnyOy9g7<5;_&W6!zvB`B+wmOEXCF-W z7A}oxkmbtafQ5up@ze6Oo`e#5_*Tz}cC)>S_s;}+FnHWLF96?X#+ef4>-0uLkWmZ# z37fA!|7z_8<&(1MMtXB3H1*rvsZcO3CP!*rcTGsQ z-t%G6%D*#q3IWjC&`)l?FwqUjb!T)j@u`zX!v_3Eu|oNxONUphri7x1%hr+pHj6TP zeV{_C+STAxfodpj*y_gtTJjW@glF(LFT+J@w&?zXEz~7h>l6eV@1opaF>@xt;JbU5 z^(%h@Gt361ZyK&Y?sxWy{syv4{6=Zgr%-+j6m=U|rlKu74NVtoIA!K}`X*%yLG~kU zl@ia9ChFp76HSTuN(tGV-b<=9U-PGIerdPwV*(r#*Sf!?E*#kLR4!DW;SM|$3q3(ny#mV6 z!g5rc$79uR_wV&PM=d|iBa2IG*DEWXb4OeB_(ScdR!h{%dT;M%A|3dKgYa0+9^a_u z`Cu;SX~~)oZ}W+xmGu?A{R<$Ph7T^!bH2Xd+EoT3*k zkBEHZy~fS{9`&mWjqO+RS#S+rI5!_$UCIa`$SPGVgoZ`8uT&Icw3tXbqO<*b6LvtrGS7W> z*Egc0%zUI5gF<2{JVy_WZao^xek7CXrSz%`Z1dWb#HlYv`0Rx6M6*^4)na9kLkSpE zak;wAf%5fh<3w;=J=727(64vSE-KRXdFH*xtc|CGP;TWPrM5w!>aM!_*zB7SJ?~(8 z%N&U;>P=HFj$0N^xKjM_>%95v7XbNRz&Puj5_8@BsVvaK+v$EUO>&h)LNeI>e(iC0 zTz%hJ@fCom_&Kw|*_LkEU)*Fk z)smO~7amIn!bsZFw7G$Gp(bTm3WaO^Yb!ZFd{L9zmY1T%X!!`zrNOxRk)%C1${Q{h zyAnokWq0!wP3I6&Tk0yKdV7n2Ze!qo`C!;Da^dG1jweXDsllh78dv_w9vm9^6Kbr- z5RFSL83IbQ;NrE6E^^T6meN7b16s&iX{5Br6O~JuEX;E((g@DSKjC?L z>8rKoLuP#re9_(2zRY>oLcu0~U5>{yNrmY!Ow{mwbU+0Qu`@p52r#%82^P|o>u03( zy-6~o*z7x(dB~vP1inzM*Nb43oa^|h%S5$Pk3>lrir4XyAE-ZvjpAsH=TN#uwR`b| zUoUr(_L%p+58J%lC4QFA>sum}cVf*=EO#{nzHG;vkk@*OK^YNy0FeMgv;Lk&_*->9 z7xZh$jg`eo_E4D+6ChVAPhZ$d1iI8c=+M;qJp!PRg-2X;=Y^2p4vTei;w&FO#F6%( z1syxFYuf#1Z$yiy=>8i@`*lAccHX*@y`VUYG>FMl%K3mQnT zIWwN2BRu+Ig=$=S*hG(bc>Qt)H1M-@#&+!>41Kn_czUfjmixBb)kcRpH#0zVy`}cu zsmTcWxer2!exx6@*4(@B_;R-uxZCTo6QBG8rLrlr+Y@V4_y6w8csM;<3`sp9ZslH* z#|Kzamw67nIo`h^GJum1C-4hS%K^H#3EIDkT1r1S&mfN`PGm~PQ~Bc`a3k8+dQJMi zn5I@U?J4--#Y+dquymTC>h}C#26aqE400uqkw_jj3m$~o_lO&HRV+ZVwqJXB%m;Td zi_;(c;Q3d(5K;K9(ak*6ME&{185`Sl@;WTlaMxTaf;!ao!v7jLpP?ipS{ua%P_f3x zILQPMTN0frUC_GA`opNTrScZ{Eq6_g9#E~I>&>m zzqprT-e=ODZl^+L0o@4+z_DQrp6>6)&k>^*-+li;I8WH^j`I{w%AUlwaEd$^sLCtH zjGm(|=3jERukrm^`|aDcmB?~8e;r*-A2U-D&xXC6>ccjj2)c(Kj5WhvyjSp|&c5C0 ztGoo+ZG}SO^@if+8askU-0Bk6QoSucB@h};)SoOO{qcKNyJo>V3B;J-sD1s%8M0DE zmsf=h5-tT=QAfLT(_wT;!e=G((jJmy9pJHVkOE&ODgG&_%7fn;+#1)}wvJ`14 zkBgW1Xo}5AL9lQ5u zVeti?JL?>f-9Iwvi0Aix0=nf0xS)(7VmS-Ko zA9Pr7DyOg|p0CwL!>*e{R(Gz{26>;WPkNT#7c!O7#ImpV;1oB)I@|(_FrZhluP1xP z-vv>g?(iywEF;4m5%JB%!L}|(z>hYIPu=SF$2GA8Mdlv$Vtxu@*{>uc$nkft{f_H1 z3h(EaS`cU0@+q44>EEx){d&Aaz-65#%e^3gQI1jw1V^p`IBM`AX%l+LK8BwRS{*%{ zOD-%hd&z5}1I25PSZ28A-3Q)hMf+>{x@|v_>XOnwe47trc9^|(#3?E+0zKTwv$>dPs`(}>iUisU5+b?d< zr|JoKLFn6_`or+RFv6qO=O{qP?$YuE{RtgKj$fVfG5z+Z!$ef6h4ct3jUoEUy}pxAh%_=!-@CSlsYvkp#%4a4@^ z=fvSGnCTjbdq%B4%NB_E)Lb=9d_|T-vEe(@I+prAV(2Z7Ps;8!;~YY=1(w~ST-OI# zf{gEXA9T9kqhtnb+|*OzCSKX^&x32`CR6t0thpPG!el$nwJJj+S*s%^E1be3J1|96 zL#Z|__56G9r^n987t{tD2`;XJAke;0pdghdb|2wLalW|UM0hte?{jZZq=!uFe!m#( z9TEVvGlLknqqnxZOMCYmr1OrRKm8%Rm(cAeLPgdNci3X$VCW7VyKnqLK@R>~A7KXn zteh?}rMf3(J&do{nNs8oqCw<%Q`94G8aEEejkzFELid z84B<^%7Q1f2{>k@`n{{iX`<(sOEU{?YbnFAF*Wy^KT++v=H9KS*FibaEgkp+1XmxX z_C!n#CRO<5WOA$S=J`zG0Gb95r}>TFm)>&4o~66-HD1ql{ks=* z+zjqAzoEvV@2T&EG6_XwCG?_QUgg_gpgQ}cKQ9TyXJzv2sM+ziLGOG}+|vqI=18og zTlJHI^ipR_P7*9{ULYE;GY{rCT5TvhTk`tpJ)_h6{$T(x(;?HTcyiMSr zNxVc9$iGOWUs=U|sIP4f=K!)(SZohjN=URuIj^+7NevG3k>X1Wzn89Ast?K;t`@$F zA-eP&tY8N43Lx3?V&XU3K2Fv-XdDm2!-%XoXxscoyyN#T!D_uHBu~Cj=!pA@BEf{8 zw-_4BC?CP8`fc-fKAOGb=3&J^cF`=KRqHj~w78zQ%17~`_MN|W=K5q)q~hAUwEFm< zKnr{Mb>GWCA%4s`Rb(19x=;S-CgD#%Kf)kBbGu7| zGKuE-v>$7$#-q}Lh*PksyL~IP%ia@Ulle%jO%|W4OV>RIz2gM7zSyid@3M!E5l_toX_ zJE56fLC@qV0G$1ogM$*#AN(^Mw;r4Es4t${XQvn82Wk@C?DI+65nc7=0sNc)L!5>0 z@bQ1<8hj4J^wS{C?M@#q+$akMfx<0E-4(K}J;7SqUP)UhfF5;(P=G6zzN&l^BJfgZ zN~R&~?N9mj*&zHSLJF@Ke(0lu?#dkF{if;hQm3DLegn)zP5QObmKn}8p2Imeb0;RTF$(OfNAv*V>HZOCuHma zuvUL|5KZ;6Y6bA<7YsJM64O{=PA~PLwLg2iby$0#$58VK)_ec=VuP=)heE_CM9?hx zu*~VtG-|YkdnYSe=1iz6f1?k9nSVsfB!ts1BRrYCv*TMo+a!lHhMpA`5;5m<*NBR0a+Y~zv{XVq4^cjF;EHbW6mqco6WoI_O@TB>uf#5mDSe%>}BL_H^T9b^-=A*vdR27WX9y~f-gc4yJTYAUncT7G;9vPE-2Bdhe^)+ z^V~H$g*y=VSKWuB^P=)f4!0g7KbqF>^qBfMh4}XJa68++OlTmTPDUQ*6c2J(nFC=g zE5>jA{)#(eNjsku;vl~G$f%o0YVbxG^71$sNC-nI?noYT(#M1mHzQA{_eS(9`lpzo ziY6N#k@FE#ReYKT0o+eiMW0?H^)m?bU}fEwIY++wEq5NZnn zZ=!)j>>fO4VN#34dM3CoQy$G=*l&%$5G$UNg}FY~dx}a=bJz6zzCzN8(%3;d-d~YA zxt_qC_VM>jx=GHcP#o1OXY~h9kmZJNO$S^ZwdO}a9BxyG?|ap1(W>6-hH*llJN7s~IW# z(+jIhDwU`d+qHI(>0eF3^vU%6tJd)2>Hb)O12@NR|2i5Ev9IpPCk0qqigu+@qMXPI z+OT8z60Qj~GhUmLkC{z{1PJMTJz!# zCNCug!~Fwgqfh>|OyobRf64&u8@8A8*_JT{F62)#o`K&~q{Z zPDGuza_S7rkWi8OlC?yJiXh%0kv99YqhHJ4Cm`Ocz9d{q8T!rQ!a+*#`hfrgcKE=; z<@6f^dXIT>RG8dv*VfH0LH!D@*%01>@#OSD;a{uCE9wr1BR~&zH?io@2y5 zbbPEzOLpji;Zz@DVp`#d7P0w12kco!(uDoW5`&UZ=oe3e<4ybi4eba8nPx z-CgtY#)!lpW+;W;l5-ySi?pvFkG&pgFVIUnuJ-qvc6aDv;JI5Kav9+#!CPO7FR+Zq z{YoExZSD{s1q$oOc>XdoFLgy{xO>G|df)HbzHlY2MP4luv8hto_S<=$+-Tn(_bxi%O|`ELQ@T}CLstF7SA&i{P$RLB zptyF!O12Zz6tLy)4~TG<-xEMsXXLm-TDOMbW!3F+Iyl=c5YK9AF*BQ9)whQg1fd|D ze{K$yWmE>y?roe1dw1JWLQ%lC6%Igy`g|k7yNl4$Z}Ej7%=I~aHnW%^`IxsRO>xBA zF$G}k1!te;XU+^BcNvBYxSp`Jv!4(P5_S`n^ZFY{;Nr(yAqQ1phaHTlY1rGu^74GF zB!4w{I4*bz!R?3&#h#N;+;2dGAUQPc?OYa@X#rFWsC7K-cHi2bPp41|ZzC<6Q0pvC z?Nf%hvcolVRl=_SlBPz7rw8oA6j?$D_~@h*$;)R>)1JFCtF?$`oIESkw8U!o6W&xXK*Pm4sny}4BR=4O^ z$HD-@k^PB;x}|9qYExg3nmwWwQqOD;d4qkEkHW6^trz);w1G_P_?L-`gtkL?vd7yW zv=;{7^4;Adj~I5dKDjz^B))7o4ib;Y=VO(R<7m&porgVFPkt+}kb7gjg(QG&WP2^n z=ZD4dI-40q9$vQ9C1I67oou_2UbEtA=>TE6Trvbvgv{`$Zle&CV7>*-J-ZAhvqTf13DD zJ1ysk&_9VWg=&$w{hSDUZ9;S0;-+6AV0M)VrDH924S!#?H{(PL7WWCfX#A%?4lx|O zAp2wA+Ok=W&UI$PrhSFsX+-cWV941%s`1JPjo0&^daoU79Omu3BDH>`nWXcxHfAP%I1#mVUTs7BYr49hV({_an2zVDcQjdm zDbZw~R=nl`qSQnR9_Gs=!Lp60*AYBt{f7#pU?G2`1LzY^PNg9%eI7za?Q-9}o&skU z8%%{e@$RBNps<7?Exa%C`YQb1Nq}L2(xT?M#R55Rv>fd1a&t5F3)Pt)dt=jSof&aY zPMo_o;vd~R&YRMuXIc@aFZ9MP?RPI8J|u8C9Kg;ZGn%e7rcK zh63o5#=OvBSJcMRbRRl-B%H-F=`Fm&-?@M@%R}r(`kS>pnJU*N4I69AUmVb>9i<&iut4f>9;p~o>E@ib@rp4f|(SmkbQB3$RnE2l15y{6!1 z2#y_U0~W6iofU+8iC7pGB~fY#%sL1Y0R#*Kv*$fDy39Rm6zwXU?1t%m0g5M&_k54>dUi0*sE8cV zDuBbXm3jPRj9zj)yLgX!aoV~NS?_8H#*LQ9 zp!M%#K?CrxoiTp|m+?M2>i8<4iiyvh?tL`;+6=$aSe!Fvq@{Mh zzMZotn|lisXtm$tXw8J`^tYo?jceJyQxR~40ge#+#np?0^N6a^IK*?uvf3wko+&18 zsa6m|b|o6Ga(bs|ez4%$wJ{aBQH1*kP{Cl?1G!JLU0glTR;>J{yumO64+>fTGg(rC z=1QwkoKenmB65kXvD*!eyUvVeZCUhBcexqq)!XBqU#@59=Xl|*l!ASzQ(9}Ch|LjR z`p*6SohUEe!i5^V(T=(&_}mY`oAJ&}!)Ot}hTxLRfQ&);1JKiPe#0)iUuFkQY^3v4 z#~qW8c}Ki#pAc`J;HP!(-$3s@&Qj=0O3vT-Ax9RF&|_p1n7v_C@%*92;YF7B&2U zr3IV7Jwei9(J2Jj&}`?~x^GQ;x%>Tz9B)cOU+f;LOVxak?@cy5VYA$XXEzBbl6y?o zo3e-FaBA+d98S0RkY{rPgneX7IuMvs90*4FBR_3|z}6=Ow>dYk#L@T{5Pj#G5diu@ zyy>Ka|GAz?2veUZh|vfoIXli_opJD?ywUJ}f_w*$zn&_)Hu?(&7?nmJRB?|3JbICH zMIG)5)T?g@6{+ORq;NeGtl|U^Fu*hSxwl&Xr=VQ0X7N2e&;>@Wazfgm4o_BRs`I-{ z(9lsocOsH}-B>>lhwLu#Qmxs1S{d?jtC_xie6Q3epvl`VbdM5A9y872N;*NG-}OXS zqB0sy;`ea31jKPYQwCYRKkj`y4y>y>_N7_FFWiGN7#*v5aaMxM=|?(&am#ckU%h2= z!rRTYk?X^B$JaRn3d(18-^q8GK?}O);zN7#r?rIK-K$e2 z@qUyeLz>}jOoPPvR<_b$fHw^AUZzJ^$%wbe-|xosQzf(py28jW@r7PSY)d6=pV!j^ z5TJQxzuG+U3-1!fGoOsI;yR!4EtMr_PR&0*ZlUYHWom~cM4qrAhGb^Jh9sC2Fm;i_4MKO zzCn)IwZ(QAhY)RmtKNXUSaZMQ)f>Hye_Xd<#=!(5;a~)*hIa=DgnulZ+18>+5QJX| z1OzSxWEI)hJ5dl+kR9RaC-{5L^qFoqTqvrtGBe^+bBp4`gdCpBiE|10BfO1e?O%=2 zBsTjylYv3W5$SNT`Dc%H`k{s8M8czRzS9;bWFwr~?oL8Y8ci|D^M*;3ameHDm>2ufU^3L!;85Y}zh_!*IC)o%{w9AXz2-YA7_LF*&mJ`c>eon(* zQmC(U-g0~nBV({w`u5?DP(|E3y98MYhKh+Lv4${Jty9nWINd^gCH#?~hE(hTxw+$O z`G{URuPaOI@bKIjk#do+#jLa%IR)jm{+-`jJq^OMTU4FT?J(!Avsmz-L{ zy+XN>Fbz!It)iBU)D)#LFQ2B!_S1AA0z}9U6>e{z6M@OLiSgU7F6+kTNnZVwZ)5Qic!++U5#_}Qe?#OTPGIq5VVjXnt2^yO(uh0HUE#zmI}a2* z`3DmEw>^IG0`$=`5awKk$35j=W_Iqr%+J^Q8K@%W@`mH~X|X6*$nyw0+lm%{xkNxX zXidw9S!#qm@^24zx#9d%l;2qeVf0y;v97jFRCwEH_@|E&x{a<$$Cn&Ya|$8Tc+G)g zCTqt$tx}j)b?mLkp0l6k_}&Z8rlbe??=oFKi**|I0_Ko=Z+I?YE&1MNA{`;dd9Q6) zYM3}0-{^h%See6cQFRf(ZTcIKwMw0c;#f&g1Q_h5#J7)C09UXn_Iurv5W;@;VD><^ z!)N_fXo4;v35J0@sXU*rg~zr;#$_YCZZCzq0_Q>5V~$-nMj3?Z&&Qblgzj-@!Iiq# zD>^u-Kfa6?W|g`x77_5qaFTCcICq%Q9yQooc z4vGIteg2IJ1g+FUy)nuvy{M!L(1$R)N4^bAGPIYb76S%H*KcdMrt~QeSMDn$(Vq>a z+E%D+t91^SYVC?touQ=M@mi)D|7n+mc=cDoPNZXP7DFI4l1t*NIZ)$@jYG!Q;{u)l zO!r&o$XedRPSHP8-&&Yl7iTSsrPs=fLjX?%T>@MT&S*4C$POG_1C4!tY0m`u4hJmy z2VeLfbnZv@V00TRv-Y_fh=9 zG+-7fsRuUg{Ga>ugwq%MhE&niTQ!#;x%0x@*+x{E*un3S1$QLL&)I`P7d0*kY~ntY zYC=_Xe+So@7_m0X{w{|!Ps>)EGDZ94Xzi3O0Zj$XFVbM3 z_+U(>Df%ZAeoWE;3@cHQ1cKE_WMw(3>wUnQuHH9 zvF$yU9MN9dV>g|L?PcKO)u8jI2uR>H${$fAaYwN`IQ8J&f(b^zSM>T?g>}DKZ^2v> zG>M~U`0+w$e?@#!LI;gQ5+VIES)WG=3%8DI;iska1*LmNRlhIG*w&>mg#@wlk=oZBb(Q=xXs4fC9Z|OI7 zUtkI8l16k_7H|dAGpgSc_kwAksu;G|hwJ>2-dFG2*OO&~voWSZ_&Vj>-RZB{E7=!v zBr3VwIsoc(gR7u-RVMl}zk+t(+Ui#*Dcqm&Rph;CUe^4kr)rF6nn>DlqwH#55-@aR ze<*0pdzXrk|5=PJM~q3?aLhahQ}KK=%6YifbhGbq#)W^`=ztj8!+6|{BobOidSFMz zYaHE17Sl7lp4IPxu`XP}kw$1LZ2C4K?Pe9`6czjDR!Kj;y9cC5bO8I*9;q*6)M0_Y z+^6ZPw=MU%+{v{D9ZxCL-d7^Lhz<^}I-_e{3 z8T4$RH$R1mOjL|$37f{0BsSaj0m#J0_Q}bO!H8Kt^QJSa_2Co5dQPvySv}jxw84O3 zU$BtQki#$?e{p*Jgy;vLQf6=t&Pxgj$FPYNuDZ=#v)uy?;|L+KvH2>3Gdb{(CfQON z&@LH~*q0J(-ZecYz*PkQ%3cgau*F5)6C`iz zthf$}bsGiTO%LmDa_@JOUxx$626eh!dd|7-;RwIf=o~qZ!3ua5f6*2`C&D~n?$n*I z_iy7*&%?CZ>KU9sQ%1?==SG1SspkW2oDp|>%&cojT*4mPzBN;(ps`n;Zo$M-eldgF+bytiJmKh~kB;HP+Hd88*tj2a@Xza`x9 zKrJ+SmF|w{B>@cN)xdLlpYlL&lh4Oz9RX|#2*@wQyCZD=zyPN|Jg6E1dW|9FQhVIZ zPbWiC$%7)B?q^AmshRNJ0p}!XG+aX;O&>?;2w{Z41P;W0j|DiKki3>mfE;jPV=fS4 zs#W`$4?fkiqV+&E)6M#fnscK2LBLcZ7jJS#ap}8F4+9kq*y!WV8-bE)*fQ_F``Yel zm|+hicke1K*$yIt%J1J9m9g^3LYCiAjZ;9XEywDn>n}T-RT>nL1 z`0`slvomZuGl&za_F1Z6v}~3W%-}^$(}S%?Ijvx9h0WJ~4GLWDp?3t?ID5fHr{_gz zUtmQ!3F@MMOyWgG2lsb*x@~cE*te8AHjN4i!IAFgl2UHIObx#(edEJq2VV<+w!Vz~ z%blxKaBR)uD2R8cUEmg1aMy)~#T+L-x-JLLb2>PSw2;zU(vb4sJ<%0sT4qO;(qeG0 zz4R8)@F1Wg%)IJ-wG=jg#v0Dp#bka%Wp^64mT~~Q=1?eS>@uJ)A5d;+J{SoqC$umbexrbjfd5W&%WGIT?dO6u?$^u(> zhh%NUH!v%A3S;h$>=b?|LtYXJ5^wt(!OnuS?IY1SLvU_XTh-X_2r{l|>+iZKKAOa<{DS*!{o{Fe?|OrpH5;~ixlkXX(I3GO z^q^|5pr^fg^q{W69sLG(X+GVKf_2E?DoNiOfKDQE%{8-Ku7PZpShr-T5ZHS~Gj8Ra zVJc}cEHO3T=kp@6l4W=ESM#Id@QX(| zkc~%lb75cJ3rjZGMHd!!V+SU*yhL@p;atWD;UB3E*9|5y!#+y%S*I7$7oNjWFbE{` zyY`JqBj9mPg437$D2xg8U9Yq2z1(L1TUOHBXXpc1@YG1bV|IeLvRhd3%as*FT- z80LMJ?NVd5=Ep@!Oa8brH88X9Yq2zUvf!9;W7t0vQOFWtyh)7&`g^V`8W#flDI9zD zA-Cug&jQleYXU46hHt-`*_^@pVPEOjrL}xOF_RPa?;U(vRKT!0RI`MoXkkC1d#+T7!oM1p2+v9Dn9Z8A1_*K3B~O-^9p^DciDu4-Ki zhSB?gYyEtXY?=G~th2TLX657+&a-~_8RXXqj-wS(-b0}-9`76QvrAGnJN&7g zL`-S&0YdYNmb`bBctrK+lYqmV`hkZ-8w3D(!UDY}xQ`2aq$9pa45O0A*dMfoX?vz| zw)K0MbFk!KTb_OchlO&tM7qgw;teD*{L&f_ZxVLD6n3ey z^)QShoh%%y-+qsnOVfk5>>${ut0Qj{d^(rA{RK363A~bM0Z+3AENSl3-1rA2;2*v75Y9pc0y?_rT)6zKuc(N(fR!{`b&d-@~t=y1i3e z@SE%a`J)d+nW&u8kT1@jZq7q~0%?Vqp1uKSkHdjHAXsWQ0Elel&xQY3v2E zj%Z)l_hXN7Vd)2T(d{2w+y-qj20;DP;cKMi2+i%eeqHlUukR(ja2uMKcp^O9h%K|b zJt!v*zabeLw{WHd`V$iuRw~ObN)qf#pj6EbZ?RB{pMT{ij|+-+{AZag)hGYapC38^ zX|3Go+DG{sOfS=hvw2+S_V(ASMamx^ zFvt@s4Qmvv?!?yLpZ?9tj|*p6db2x3)SlE*7u0#!-^f2Ww65yLdkTi4FcskifmpSs zqM+O)?x38B-=%}CeD{}KY~t?mv7xaz(x&p|_7pU7Wd^>VWjs6ny+F^AUo}1G_eh?d zE;d#);nQ;!0tyS9{eFbEOWqmb9IO<~$;~fI z(e#x4$OOADIXzt-S6V#EM&@<9dx}g=))Vcm%nRwO*QO6?fT4_#4r5D7&I?a4)4cwI zVfldR*@expgw*8{8iA0UFZ-y!?zz9)S0i=Y5aP(w0J}OM10e0jSTamACY2mKS|4gf z;Q7jsjOE<(`!|O_y2@Us{(YD?uUM7QCIsTB8Y9Xv0voS<&1^z&BM|RN5>s3Vwtw9A z6p?+l7JkW#{w{k(5UM_ZNa0cGihmTVXfx8};Zol~aPNCtf60~M?dA#NM+DCicQ}e4 zUcbu`E=9vVy+YY7$1j2TV-lCo5{>!;^@MO?A&aw{GXYtkJLe94x$OSVdOVq9_nP5h zIsdGJ6BCBi>Qy`VG7<(-` z`jBON59p=?r+ZIL{cJb)vQt{Kx`OSvb(k28 z{I!omPjfpoRz_8nl{acCNSNv1mGA{Gh{5;+UDH~ttJjhrXK6(aM>b~0`c-LH>X*8# zza)41WLBK*1MaPAaM8XcUkBVn4-L5Aam}Yy{gRiZ=0LhR9*$PFz-A#Rmy1=Y=p?n* z4{+3Q4ThGJy!(R^sL7}E-LqXIx)n?WZ+e*5b8OKf)sc_8+o93f2TkwKj(Up`o5`9tjV57=xCrFdoqtB>EM{cGmH5vGu_FvCZ7B5Vj@v^p5$Y(EO0U8Xn{q`yD4x|e`f0l#izh22*1s*~&!WpsqRoDd(Q7E>|* zWZC%e~OO2XxOEgouKdLOF0C=0p(x=JxkI+(wa| zaTes`@<1n?Ay-MM9@0#Gr*!*OA?bu`Ws%( zkN{RHSwK}N=%f~^eHV{MPv?V%GWae3>huWp@(zS#}~i} zBB@-))Cd$+tB>ndSGQQ-L-k+?H6bgt*mY7X+W{#A^x!V<4~D#O%3&JikSnP{Q|04 z7&AQx!Xx3l@|==|Ug$=A)g zI|ud}Hc7JX)C)=7N$q=MTjJVgBF>3mF21@vO!{8nYleg}=z;5habxIs8dlgeBp>X_8*&Iw=%?{L zpL&7%?C)=kb+#`Q+VtZdnUE{qatfnQb|+2-wVv}TL7Z~rT0I}`n1m#BheXyv+RqP5 z>4onRs;pkZEIe;ea%eH2&oE20A&#TsZVo6hzW4{Y3BN3PILWXm*emhZ@4a%02aE0( zR_~$Rf_-2yDc^i~Kcqn7$ol-;SIfHmgz^y}^DFwUbg2|;+1+@f%HrJvz> zlA}#vp@!y8RK^zeFxa;q<_-8o0!(6>x>$nQWhRPLFxjQ>($q4VCE@Lz^6r2HcF38KPHtZwZ1$~bQbQLB*O0rF9^c~=Hq2=4oJC7=#Xz;X{^w1;Q)w2W^3^kEE#oC^2TfXE(2Sqo2n z@3R$?4;O6He%G=HyW7y64cr;Sc?Y${-z2)_Byq3>r8(jHeH07jCl_^gCwMyX6ajr4 z!FqTB{?M6w;Q{1T2v0BNkG|j6u_H5MUwt-?GO-M3(W_o8+t}h~qjH`m_p(h1pX|~3 zUJM5aU}*_U_pEK}fC|IeLDSt1gckNlNzh&L%?DbsvViqT$MB8*S|9AFY`*STOF#v} z7wy71jqwTR7b8p)hEs=&eJwo-6CV#1P+9e`I7zky558_`-Uio2>CTr}5B6}z0DVW_ zqwf_QF=*ePKQ6y*M~`c*4e?hReLP96DabdnA zLL(UU&V=r(=^En5DaeR#$~J-vd*;>huxQ*gN4|y3Ab<2O;lf(}PI8vp(!P8K!FdgS zz~sB9u^qlX^L&|YZahcwH># zm7@ijUSG|#RXnl*ROmZu!Et`Cr5Cv_gS(%TR(|9!@DPel4qY@xqqoDL+3=5tv(CUP z;5o-EKA*xEmNWLB_U<-4gQ0;}A1|G{yp|&vsyv}$Ivh>raN@Zh{v0u-GU*%~rqgjf zuRsoC)Nbv6*$m8h* z`iuxueV{s%J5ab84`J&-<-xIxhPyR7My*|H)66ON=!NuWduHCPL0`jLIi99t^$~#| zI6L>U`98$^iU)4%8DmdKt>JH*8bE9; ztdcZpW&nIUN>KYOmz|E;`4a_?n-&U|JD-(XaHyB;JMKTP?=K5ltDjMer$S{VP%PXI zo)j)8HLx9anP zwXsqU_*_BHn^zy5RoMCU!ks-*WfM5-KuLt_w_9NsFiEfvHz@s z(5FADUBai?)Mmc)p08p>Gx@E|RQnCTtR=&NrYFdoW1X_i?sn(fZ}R8rhfpN1Sm*Yr z7XqdaKu@m1RIV(qAX<%HaWIz4JY1Obhvz-;U>cki+3I@Q1j0p29@~Uv0-O)Wz&90o zK&_wX^QkIyOrj{`>+31@LI*Cc`w#Kr;)+YOWUwK%byJPWi1hr>BQSwL#hOo%c)CCnG2bJghFX!r4jH$X<&@eUesia}7q5%2YccCV){et!E0ixNvUJM_&( zTXTL2ET6+RwCma%&%Hqfu418C?Hlq)KPXcHTzd`172wHC4B%yg4+J0$b?o)03l)9@ z9~QO>8Mf_Cu>r#=@;h`s;v9GZyJcLOzNl($nzhu2h8;#}&%Iroi?G)~4@>xkI+^qm zOv<6nnZC5{>yntQBh6A?@4v;Jog_ZIP|?EzBUzTmQaq|io`+k2?Eyz#-_=)R7!sm3 zF}vO{!!A0SknzfA*B!gG^pf$}!bkCLXlVkV>>)^&B)n)!jge-kk|>xc1L67SP^?@w zxrs2S(j+EQUC*&d#UQKvI{R`dFdj;u`-~_@sw3G-etF3$c(H!LL$ig<=3~5wcXIh0 zE#7H(mG)K?I^7`~b zEiblXT&;+$Q)-V>kikY`O1r-`l_%Df2`N$%)9$Fy+u}G z6Yi_rAsC2b%|BXZDRT2l1=}s-w2OVFn}{Sc1XqrWT$nrXb;={!Zp9Al$Y00lD);={ zTIX-o`0g?8jRN#w$ zub>xAYx+seK62eq5Sk-+Ww))5j^fKxM+7U8a-!e-E1c^0y`68=_oeS?N)9__-ia?x zK|}qPQ|qZ1u`H0E7CM{!R*v7Fa)ZkF$?7C<5SaGziBCp>3}$UsjD z$icY4moMJ0S;nP>Y(gjiss!s3R^vT#fz@8U))rt#VG_3aX=Nl86)=v|!GJBt9 zfQUWHy%&L>`#oHL3t{IpXQVEUc^@NW3rj+hF0ej4JGt-pk_cLroAc}I{nFTV@z{ zc1p}cN&PAPdnSbv3zz7VcYWi^AwTa^3VvJhJ-^p!gNHoZ1w~ zR7ghb@6ZAQ{&^UhUlTxE!X4ZYK%A>tZ~ualmLBE(NdIb-yN)ZRL}%{n-In%QpBUaycZHKPQ$bEjBax5{8IyJ=f~mi_$bKxL5UA)lkU`jp){_w$<}t`a|GtbAXB zAh}|*m(gVLYWJ(YUX_C@r3Ccwa|0yNv8S<}lzIQQJabc+4kR7CPmjr4@Jx6fL~b4>2o~#zYp@)cD@9csYHu)oe;s+w2rwKFVg`Dxw z8k8=q$jBD0-<1BM0-s;CLFhRsI_tdjFNKjKJ731$4=LQ@g6E?6#`f)V_$)tV?{@;u_^!iD*13K^ z)Gs2agShT<5Em8U88k;&!Ff6qrf2nQU0-{^3IiuCTIVYRn60T>eAjCzm<3raU(j+9 zF}l{TUDAy2EbJKYw@Bko+jAz^crEf^+csB+ZVEu88?ms`m^dSpKq;aca37 zF6iu@REgk8g5XA$%x*?UM=}(+@pEk9v6dG;QHPn*SwBBS@dFFP*?AP(#t@80HJ$hiDVAf=VcsI{%@@`H%q_Tl zzo>gc4OW-S@2OfRkGWRG9#x;nTGYyOPkh6uDj;G5suQH~4u!AtVG7N_<CEpbrbkDC-b}bI;s5ax1*7+Y} z{`ms#ufCIE4s$+-+NvLkmn-=m7$k+$IEUX%-9{iVi2;>VrhF484N(S!>=oQ5{e48l z)>Q0kqkKiDp|Je!#rZSN-S+`S&1K(C%~GO9J#|Z{=LPkz9`7&;*=22zT6co0)4i0o z*I#5}37`BA&sbhiKD%9Xs;5}-ZQbjnDWuAn?;_yAo)dk^#}E}HJVOl?TO|P^`E~>- z{V&^SU3YzgY*7!Ge6`R;-YFKz!|VBFeeLnLUtcfd9qTPNhUKC0L797^uc=yw3Yn{K z@Pge=*w0Av3VQ(;Mce7Uk0v-r;s4nnv0ctY=ZCBm_i}s`_QQc{xX zG!M?N44FlmnerlStZpSR_;qbs4Dc8ZR5RIi#NS~#C>ksIZYO_H&IG4#$yT>J`wBI zeK{Z`jImt)E?*;r0!T>&q7!-}3W=x^ieV2sdw;t95Yg%bwLWjKrQ?5V^FH{nSWrI%lWgE0VC|yqg7{52q+iG2|S}{z*@>D@dD< z_eD1n_G^#01;@0m<~lyKtMyoLj?9~b_AMO!r4N5Sm-y!(!YTtkF6cKjPHgTUf7^IH zybaszv_t&|IBnRs8Sg)4$YQmq16Yy%$VKc1_XQN?;dej$TScKW!U5|Cg5#z<9}5mX zW{mdJBA6)OwS>4fJ0)KB!+l@n?>YB6*)RAy2dCprn=k;IYbt@L*;#NGZlaN~*b-nh;fIN<8%*Z% z8r3${^>Cj`#;NwQf=Rk8V3%EZA|L3$s2@V68l)=Ax8=SSNI||B`fvAKa>k6H7P4ed z7w`@+7D*xTegZIBe+c#1z$M!tQ0Yk4f&91N4(N^9N0sEAPoOIv8Fmv5M}n)vm-Ua` z;_&zFbmh^^_}GILAJ>B*2bZDx9Pg9>-)tCI#B|W^vss%si*0Sl*WgAmBO-T&Q>A(d zC6(^cI=9dL%pQ5Rc^x@JkWC|C!-AdQTI-37N$)#^Xb8q{om*CfE;xD*+H!WJzjedB z7qMtB)bqKr1FtGGvN5wz@~2iXeze8IXg{8Q3u<|;=SB#teNYM8DiHe@68AXH@ASm> z_`R=4NSU6|FN9{I6jzlD7BcSiSq(1wt`08>SV81u1IyQFzv!;H59fN}ES5=}a&)x5 z44HM2OT}aLkyqt?gxvVIY71wfE0t&2kQsl!;+@dpby3Pp&SmWi>r3hs>X%PVWz5Ls> zKJ535-WuwF{Yo`8?^Qy;$$ ztU@=BZ;NBKWOv-ZQ$}N3Y*gdl5B^N=4Ww4B2pLItIuu^igYWU>D-V9=WQOiIyyS4) zQPOg=Tj$9Ak}Y-RT*0V*-0H=)PbZz{4}cASOEkaRZzV{wxaDF(l$lB^f35eiK!APh z1TYNDnJUzz(iSe9p5&*8S*Fv$gW)g9b=Wkcs*lG#Je*DLwX$+^M322j8pk_^xe&;_ zt{f(uL~?u}WTvbFp*Kl()c*PQk6P|$!o-@&+V_fu8X&;W_*bCV2fzKACO7l(YyoV- zpwNNijaA6JQP6}Pm9QvuI72nTnDVDv5dyth+Jh`_jE&X3n+FNoMlglwrzJ}La#cI0 z70zCFZuhMl!Zg5Uk{4OxTxrL3I zl)m-OuZkVo3XRbs-#q1aISbMlBlxSfY5$&DnDg57+0Phm%`Bw4r5_a3u+MSwvE2e# zyW?L{%-r^~ai#0V_m$OO>wW5#m#N;jq2J+0G9QmuR93v(p?noKI=^1_)q;8|oWcij zniApEdlywY9QO;&x+|#8AF270D`7{`4%au{&eN*xki@VYLuY}hUHc#F3xRw92mqv=a?&2UL> zDE^%H>u5H!IrQ~?9e@?0I0u(``%{X|zvUA}Z3UIm8kMh|HX`qf5B_SX*g1dHZQ}PI z)Z{9SQm&bCxZV!S<@@r!=x4;!PF~OkTt+GPM`b48W<8%H=7(DAt2No}%$*9Bf#um4 z9d8Ox0mF=@vJ0Pn6kQxZqu0|VKEn3dKN0Jh58wUS5u%rTJC4^q{=GHr3K^iUiK#3` zoUJx*qH37oi1>{D1?*d<#@~xxHu4x{7tU!jdryn(_So`z{D7vWzy;XzQ2Y8=2PAWG zKO6mYfvZyu)vD>IhH(GBcI)y3CPYSY-^SNH-fESvwx4vSU4s6B9(iIbPuAson+2mM zz{nG`7-kpQjjad%dJy$A3vVVsv3u4zc_GLq8wZ0n;4?&0>2bJH`e{tmv&c8s=6rp> z-u@5o)CyI4Jd54h0|WW(5mfe&A|2yTlG~i@jTxdCD}?jAgLk=c-CDf~uXyiotwW`_ zucF3*;gn*uvR`%|GOgx|=U837<`#N+e++l;FrhlU7&W_|ffjz79uApo{!kkj)TCqNS`gYv2vb`xbc`j=hJg+E;+Rwbe z%N4Tzh1|@YSe}ff2$bQ%JC{$G7tck7m|ZSo2`ET^hO1Shw);pekL%Jueo|3ITx<{2 zdvUw?5ImCmJ`h&YyKEu@upEKsa%I->9eWH;hFGnjmY<bV- zrZ1F=vgEWT7Gk|sT7(%r7#5HNd9HXS*o3|%jPZ0X6n82qA~oyeugBgM~B=P zPO|ykv#i%k_(pP_a;lHkUQQiXesfC8>;-vk*_G#mzJrHAB6xa{d+v<|jMU^O_#BQ! zG{8EYm|^0eL)j+?_UA$14b;VjEs1@q$0!kiG7Yl#Vb8V5NG$VuW#t=N#tr}eIsx<{ z@Yx_vrFk>7&w)gn7ES}TqyWN4zY{QUcMLchE1={vS*)#w2yr+3|CLya%NH*n& zrN+L#+V@bcp(H$?pd`Ce1AnbeD&UAASm6cJycMP7`Iqn1*LOGbGPZSc7MZr!X_Y7G zqsW~h&hO}HvWiH8AzRpo$*EO#9j08F>1c)1rOK?T(9X#T4X8Y`TfNBw?M&E;+0g72G$%i0z`x?9$A<@TP~ z6Cn}W6i`pT@Z6QH9KnN$y#Io`Y08SVazhS>cwg@I57yx%tWDdb4i1N;dY&Q)uFLqT zzLnPyut=<vs-qf4!Mn{m2ZY! z{+&SwNqs)IC2^^sU98G){IYV4@D8-5vLa~_%f1YT0d;wEhflNI+Bm)65o28U_wU{r zOH1`2=Mi*43n|OWx;(exF`RWS{!YAlh&qz^uoey-5Oz=8hvU*vFBGSmWP4#Sf zbu?O*_Uy?p7_(d4!xnP16MDDdS7BJqZ(z>$tB=WhO?P!qcQ`u!l;uyml1~ zUm>5ge#;`m@A449`C2ll&=T`Y8HcjZnZvKs`U6+BqET?q)-1!65>AKfmPKRTJO|H8 zd{OhqFJl3vlLsgDb#L{)CnPW#?aQqah~FH+O|E_A`u@|FVW~PyFel!7UC!(YI_%jJ zvE=c+X}}bCCQ8a2+~peHI(;UywhH0=16BjoSTYPg_DR@Tx7ZxXSorV@(4!ij}YVaU;>c`^JCkY)onAP+t>Q#DXXmy z*O;#)IdS%g*MMq5hYjU$YJX6q?LkV|GbC+C$k0+Pp?#ml14bkYGwu7MdU;ZJ&-$?hm{5s@)fF_4{J5TEIT~FN(EK!SF0US6JUPBtPYFnI6v8 zin(7vNF~(b$UA=V)|w;#xqGQ%p+yhv8{cI^)N#0!X$Jxy0_8OL>^JH|C4vnM&ok+p8x&zN2Kf_zLbM*|eA`6T(B!1){)^zv5o;^Fq(Kq>P1el&E|K_$E*2GV z0bBp)I2XNoeH5=3si@IcptD^QjNZ<4d4>Xx9zn?5E1@Me-x2~ldCa?_h*xe@Q z{{1Q9XcSf3dV!Sds?*VQS(;a*RlOUX z+4uA{*6m|+?v<@8=K0)*-loIw^kplmKh$6)Y}EHooob|k*6=miV_H>gP0#eV9f`Yb zD*WoTHjxyxO4O-4J!{Yo5BO z*Lc}`6NJO9voVv(CSXvfIa9apZgnW93ESh~#ZLj8Sz=j48ci5tPVk2)|SEiDXAX6&;D*eS_8Aoy%#2iDC+|E2`M zuh?U^G1`W&L~@(cs1DCn>FqamyncPC-D|81^>2>4d5=?_t@OInWvTS_*mrakAOP|4 zol?ERcs>;pFf;wV-ZwtCme92B-79hc-2fyDPY#jCEMXG3XA%r+RqC5Ey26A0`iv=t zkH(>FLHkBkWlQFd>}ly_X7=C}z&_o;mV(}KdMduhx-cUkX>;?3%cLs(p&!(0nG*hK zZ(r$DKeI>)J`7~X*bjf<0+s3-tlX}#uyJ2We99Wim51{~bc1vj4qJCmtyP43j=RNY zDv!Q_hrQ%+VFdc}O5Gz}QPlGjR%-zjH&n#W-{ShMoU3jBT!L~$gu=Z~{2ZqAYJ2We zwv~hTKCVC#`&vPYzWX^Qwm#%dXp)=S9FogapuNCk+;(=s4~SzdWwJc<(1aqvmEp#6 z#r6PwrIMA~kKF!5n(^M3*_RxckL{`7rx0Dd z+_YfE1S7=j;wjg%wwpzAs`r@~KiYig`mqenE zpdL3zBu&6;z!guw+Xx6{@@30{hnfHh;Pxp$KEJ-vqfPe7as_i zu@!`H$T773;HL}p7wtCp8-nVR`F;pPb?RPQ_+=7o$$$oY=U4TeY~s08?WBCoi9uOg zeWH_tc8+~CbLKZVaGOK5VTKjL6S_Y}-RVS5#z&~>JVT0j{`t3S?WHKFWM9lPzPrL_ z<4G{h`7NA}v*`OgLvZ^u>Z0b>sLna1Hlz}>#G6E+i)hC|!Q?aiEyVKUU^ejln$P9u zVg+NIB_R(Qp9y4RqtI8G!S>iKr1)5=+xXBMhg%oEKrbmJiQ8Z7)V6X3QH zjWa9Otky}Ldg#W(&ABYgT`I$V`{4<)h7p}Ft0B|gkH0fdfWLAFcZj_Z5A0HcnbT$y z1tg}&qVxhaKV^3h)tM}4?dAyz5+}ngQz~?0`{aB2RT|9g2~C&zu=hoT@BkQnOs3J> zbC_!OVN`KZ4$Er7*aAmu^%aCDwkY=*kr&zU0#>fo{6j>G6)a(XeP@ljA0VuzjEqkZ zya{*ir+bVldr_fXtn6I9^3EZ@ih8?9>26CSbz8r$o3iCUY~~}1+OnO_TD}aka(vDw zbA}L#*7$bgc9~ET4`SFKR3G9$N7jzm^tr&}9uE^?KwLizrY|@AjQfhuF5m8QbK`a| zY>Cig*TSJ}n0I!}U?ZxO_*)$Afv&!-5@(lkfiHS82~%lr;{MmM{5k}3 z!+^P@_lo-P%XS^1$mPh-78L%GdLOlom>Hk&4~NICVMk#3_@~ee`VqDekn%`j z*|=JK@l$E2C%a&80liFs8*0G81E}elV!^|%Rqv8_Hob-dKkuP4%-EW1(LTkZ`Ftd; za3J8aOteh(Q~GkZ2g0rCBKjHRw$A+###+u7)kdjOm|1;)pr+eo$9+`u#J(k}m9+Jz z758Ls2$e5Q8J|T78po@}MOcNUJDh*t=<_~l;0B+VZ+m}-5Klas;dU7L$$cjtB!joA zmcOkM!m^qKES9}NO4U7s>X#78I|-k*;xvW)^%N2whaH#smsdO~pR#D*3POVbtwsSq zM6quDIZkiQ1(jZY9_Np$Wwyw*JS^3p`BqwY`Yc}D+a3O49;cBf`tchfw?hI-$po8s z98wdRC<)(zY$toneQuf^!0vpm6CagZrvqUri#sTX3t`++g&Oey3HIi|r)+;7;D0%t zZ_22qx|6&YNY~)aquQ8~gNAj;z+sg$>WkK+>5)~*UZ@*_eU?%{-ynz=#^>|%h%Ujt zy*m=*bQr>o_CV_V{=_Q-q|v$Ob%nH}Cj`)jO~^%+{ra(=#s<=6Q`w7^5jcxPsl2~Z0SpfIXF*jQPN^h zQDy+D^ycXNdtYnibZL-O076b?ppGwH_c{*Vpq0sV%dR^9WT5CTd;LHaKK+o*TOCGp zT*}k_1RUh*Y{S$HM~y23PFnoQPR)fpg@HK3muw`pIpaZSmXHcYui*E*tyt*=?kxXG z^L6TQs(V$itE$~05_5qgkD+T3+c4UU}|k(3o&)0>sBJg>2`k-0CIfHFF~F2ed>_=EjZyH*zQc|)&4CEc)!WW zAtBzG#t72W@5#1M4i%)~==udErSpr$<2!1Dy5xULfI?v+`}F(ty2z?ek}UQUGc7n7n3>SfB5>h(8m&OL$IV zZvzTb%oW7X)dHT;gqI2-(y{`uzjg;0H-J zG-@;kiQH?}xbDvT*M0O|lNbGd_>|XZhU?yKksy*)RAe>2P=Vv4>jEd_E>O=4@#-GR z3#$0z*X&{#cvsV8@izSx1xB_+;{!7Q^*Hqtb$gzJN7!4RKhEn!$@)LCy#k`ZZ#L4aA{5OL9r*G0B zACf&KtC-Zi!QV6KQ}I-zj^3O@ZOSKtffcdu6IAo@mz02dYRy&m;Tm7x384A?)dsQX zvJL0_a?XvytoM;npN_WhbzEGI-fD#3puk=A=}xEYGD1nqxAyeKedgu9=bY!l;Jo_FqFuSLN3iQEuVnw| zXulDlThv2+aN0-E2T=0Id&sH}{b$b}>B0aUAhL4Z`mdNR+) zYY)g2NmG&DIgC*uJrdk~I!adujLr0^M0{TVz_@QmT0VI5pE}e)heYtrz=eL0vwDX; zDtyh7#Qk7|fwv5KxW%!b=7tI=H3R5dO$|hndo=kxBSV}|io^?_dn25!?1c5G!-n{n zFXPV_eAeT$dGwa&5rld-j&|&51;L15Q!UgjNP(G>qWc8Pc8%v4+sa#?u)0E6PY-!Z zMb~9L`mqI@L~(qML3mdvgs_59-6gp#v>fen*_~YEdJCZ29i?2E1q)$kKWeCk8xO$i zreutB1Oq~6-FWd?ohFi|Z#D5Hy_(N+jfm__G zhIG6-9nX(b_5*BGdylDTO6<4sqdIkxU;jIn@2r*mAl7J?mb&Mh6L(hD@6kLXXcfeL z?g+mVF;+)9%lQHEh_I#)0`O2y0FCpW>#`?XXX{pN;*klT3?#7JRED?3g?HlKe-n$b zFPY2S-7D>*j_z&v(nlwLkQ=DAo1NTB?j$@J3IdC5gZ)7CMjTaHW{rp!H^jF70159oja@0rPyznY)x7&RF`B(Jp-Q@`HtI6Bf+)rUT@CCZv zoUD?qdb1}DUoCQlJh9Zc?^P28&yTe}aICWi@&>o|Ej+}DdVex~4|`GkV)>lPTQ$SN z653=iD59~8x%yCwFU1D6f=z*Lt5aLKuo1)#RN%g%r`M1Q)NdhGr4(=G8v@hmcyEZ| z?8|;^DRlEX8wk6ksj0IvatLbEb_jBuo<*gy-8w%(VN6pO9`XHYdmiM8C3hvndd_Nr=OjyCVS@+fQevYBe zbu$^?mb@MoMZPA$u_{LC@clk}9-GoVJh#nm-ziu%pkk2WzHYFT5~EGQ%G0UAwg-fd z^Y!XAd`|FeNW2ck>fZ|O3LxF}J^MNU5@T={L-MxzX?1H7)&KK3-lMq?!(SGzfOr=P&f9$z*LvGF~2|TJ6;`*Imq5^ z2@S^`Z9wk#9k8UI4wJ&-PTUUEN!E1r`l&tMeN98MQp(Huy%#G@Z4hE>BFTCC(mTM< zMytbJI(@XEbdtE^Jz=kGu||Y(n>sXy$Kp1WMkh;pKyAC9p$=rYuM3E z4tU;}2Z-Va&n6z!T3?V3RIpfnBdqa|);pC+%x?XHJDQD;NTG6f8V`E_6CIWLJLUWb z#+?K4K$m@s**mZ+?>pw8aDqQyX@xx-m?@j4$Gi4jA*8uz(hv&7cjceH3pRYC?Ea7|;uT`O<7p~% zEV(BuW0QQnN%DmkIfyuc+p|{!7Wb_|;iX7MHQ6d}p(Tdc*S%c1#Al^zOMm?ifR2Ox zMYP|_uPB%ka)&lpq)g@SiY6ol+v!Zx2YTqdP3M>d-M4UBZ7<5$Hf&8>*%+GPiI;ob z58Hc|eL@0?;hvCK*=O;tGUZoXa!IZk`+0t|bM6ym@T|fsYAV6iNaCC2ozG3y?O%8D z{SAOYD!al1(PvB^Q1LG*eVgx4MEi!~UihJE02cK0o1U?z-!)nJ@L8@c97^5emP`?$jpF07mb`UJV6* z#c8hv{w@8YbV_AA-ZyvRq8;HM)Yvm#!0h^jW_4UK^VQf07|qoCK!_ov)_K+U+Skz<8t!fDJuzZ5LUA>)96Ex}Fh$pN2aA?YDj)f{IM@*R=73-TU z+{pGH^ZJ1RfQ^9SBkpmO|2_Jea2$)5;2BQYQWvI%+$%?jh~fqE(@lA`$eSjA(Sf)> z*pxs18uBe0RzKsx(bnoaDsic#w9uctcG9e~zVCmvBafwe`!sYRBceRrMs%YwOCubIt9}lx{8hW z#ekjef}ZOM;7Xi#c^SGy&Di8hAMPy#ANfB&a}5z`jma8N@-0)}zpOAJ8GdQ61n}Xs zM0*eZ{I;XB$DcqwUbW}C;=BD$Z;@1ODWsz=Z~JhLZ=5_>(*%>R1oZ>B6x)u&Jo;Ds z;pA`ev}Z`k&s%2*R;I4U94h?W^BAZ57ff}XGWM&Sej5WrgtDnmMc1XuRg0g$xaB$H zdB{IsAFvfDg5YtIbL_uD0QtlzhU>-Qx6F6p8yN7^lwFQ^{Wy-YJP3SG9yHdml$m8f z1<67rdnkeILb&zE{maGYYcm{w8OsyX0_#dhhs}?$PMn3;zb9C>A(Ddu2?>67r>HPv zzhi6J>CFr*q^vi`6K+U zMZ!r5l!vO^3cu(lKVl*>gxl?YdpaxSC>%*%B5(!D@ieWl>m|?GMj*zG4yv9l)g=C-m}C zVaEWkqK0baN30Ls+?FuJ-giVZAg+*aK+XeX=aqrAdknj9BYc>~zGbc265RS{Wq!n$ zBt#C(q4lE|1GI6!NLnAK+WjFFTF5j%qJQZVyfHuB_pYek`>b3V<_E#d6WoomTHcaG z{KM}ii^mtQ%k6;k^IU~Cl~!xxeV<;aeXno#wJ6lrxV)H;*@QvQ|JX~it;TRz>bneQ z&DO{60bSlKil6`pW6h*+mpA;IFZ=D4kpk`e*zakuEw6rz<|kMC!%tQ!qy5pEw1iWf zID3R!l%1vPi*$a+!KYu>ss;<_P^yqrWMTe(*hlD%f0&bAxU22ELgJG*I_J3IRP{Y% zhN|?t6}ObtpgkOjM-8HFhC9En!|>BC>Oq9z?|qF~%XNO6U!cFn_GvWMLwW@9e_!nT z0-U0|BLO&t$W9npWr^Mj_ z;9YsXP*5j&OI5P(3qQR+jwuv8ZwAp-o>o->#9NN1D&Ba4&~9&*{0SzW+=rz>A7=LBIQK!kIXU+ZK7|8u$jJ%U^LbJGS2!W6lx6M&O>lzZ#Ta8jNv>P4 zaE)C_!jR#rePJr}15U;3Hgf0dfRPr!sV4XoZ`Sq< z53z~_0y9oqFegt`hYvPSq2)OE3v+g^zQe`DvW=r58)ImCYj- zQRg!QUJ#B@fI#87ntp1p4iHl8dRw?stMaG5Z(mk$7zLXWsq_a`OiJh<7qiZi0t93}#*kqj}$E4;l zoRaR+Of#4)A1`;l(7=u+n}AFs-ood zUMCRNH}!Dzwvw0mHZHJqfhocFV!ut!HY)|**-YE9>X9RE3U-T0E0-5pQ8op&`PSTa014eM4y5rM?uH0`RXd(Rui=m_qT%%hA(f z@n_L^+;}>}HX_)5aZz=v$ssT;p5LZ_hFt960@KiRD&SyHoq<|qqd-K``F%cX%CbKi za{Bi#^tN;C=gK#iu8>=JI_OIr5GF}*C(oWZ;L1(r6A&`!&TH8zg3~jH&9Pi{XatCDD9n?b)k2>xWa!)^w|SJ^6d+j;uTpQuy{EjUmb#b9Z!Le%xn)^Y1Rc zeGY#yRU(J*VF@C3A0BC`34}Juc$*xfZB zgw(zYFO);?-?i%t7}9=Ri(c>xgUf^dZEeYJH6o~@g0=>vt*;L3Y#C$uyybN969W2* z=4EOXW|UuC#$OnT4D;gpEM7;MZNc-ym3W`&bUzR9)hX=lLH{n;>7>arrEi`*OtysS z>r2`fLj1@!e-OrEq+1Y2PeT7mgWzJ)R0Mpm^C;#0i3nr0>2xkH-eOhw?e#AVs7W7! ztvK;X+fc@a6?JTL3661Lbf+2>~3Tmd)?@ybg!=-_J)rV!rG1ug9yuoWul)$bJ62DUUC7v`BvdjYeEZMMN=+{g7cq1;J#;CIzL zy0Bv7ZwxF=aU2<(05!{4x1E9*8l3%hJ1{^0d@ZtO;qUBg;i=D|=um!;4vr0*bv@OF zny@MMv-kj>RA=WsFSQ@*^t4z^k@L4;x%*0WmRv{ryn8u)F$z`qbrOnt2q2}Xjx3SZ zTw6v^`w|@5HLZD%ruPTu;)5%QNZKBf!F+vMuWFZR5GkX%OZ^J7I?JFx5QpXDyQ}%l zt7SIk0cQ+pgz^|bf5)N9ru&#_KC)8j8`AE*yQn5O;#(c9X&Z@lKgzfac*T8|DBmZb z+fx6TQOc~#h%LMR4Ew1@SpkpVuL%n^{*52VI=q0hn6PHdP_3ahx+%(Q<>iaa9^SH-BP4l(!XDId$G6c z1xB2{OdBvi+Sf1<6@M0nRCRdLvrljg)m3_(i-_BrK&gA^HK`Fk+#0&cl3_3#FuwaJke*s`zs9`fgLP-wNaj4h>~!n61!~EgX%RN%O`I3{{(6p% zorW*P{MeKpz1G9rX!n?&G^jS6AN(-hWA}O*Te%_5ToBFSzW-0BP4=9Mk~4cQLsPI~fN`&@xYSr*F7ib20qjGa!v{-8A zpZ;v#^;F)1*FLGbhml5(>IV0%RaNlt@gC*m5FYt+ARs%4C*Ag*009=oJuCC0sYdcW z&{>It4#l*r?_71@@qNNE`*V+==PjO-P(j#zv!~$u-_rB!BV$g zNr}&e8hgJ{rzwrCxjpK@(tl%D5%(a&gX(|wjqC<8zA+D#^IWa-pC>N&JqvofrxY+b zoI;BHtb(TT{w>^Ghp1n%mt=oe=wNcpcs@t$FGYAP3jrP3$PDj6{GUiQw92)UZLfyl_u>iXHN(N%y1?dv)1AxTYMlHSDF!+)$f z=N3!_Z)&Z!2kH_0)r=nubbvoK8ewC^-;1%Ylnn|2_HVy$3cz~8{p(gD!ZWDL9Fbi{ zY;Ze%pm%kIlHL)RgY3;t#&UvPZSOulG>=O>UM=t+KHlBfY0JP0;#ntr;75rw4;+v_lI-~XHM|F`!K0l?kP2&Da zK>pYY^eef>A8a`lq4v7Aq0hd|s(oZxW0kMZ*K6&4;VwSX5y>CqkJZ}{#dUUHW*#*5D(a$j1*MJZGeA=9p831mVH+eOdg6Md`o@xGAH z;MGLkTxH{@)IRz8B2;=oXFWt`C!LOc@a4@Xx$5MZ@J{21^9s>Loz+iQ5VK${sbB+d za&Ymef(w&=y3`hJ4|Q->NSNWSuCVr7ni7KoACg@$NJvf)XLUPJBtv@~$QPW&dnlFT z?}^I)wQNJFEcvHG>PQR=GcTu;?UfgByZk|f)jhL+)}zZjv1dF@d3(^sA#<4qPsyC_ zN`6Dw7bz75TzuQV?%y*NUQejO?03F0pki^6^9*kH)OX@^(4!9Ioi2)wJ?uqAX@B-^ z{SP{DU-rwKZa0Bko;5WMI@tiofg^HdZm!G6SYKcWG)Yj=F#R1&O5ytZT;&}-Fz;1J z%*fu4Hgul1Z}#uUsa{RRN2+hFo>vdBdZx?sN%I~JAd=(>GYlY9`_<*AMN{wmD_ z$U~vCv!UQfEimkk%h=_w%!itC%!c+m7ABGMW7V}&|GPJ@_-(`t_;tS!81?Ix_5Eaq zL2kdMskx8i9}^85yzmp`>%$!CyNyfdcYkw9>{NX)@(RMn^WsiWJh>$a`4$TNj=Bg8 zcRp-m8JSSsN?d+h4%$1ULe>>2_5_0a(Ph_!K@dqWn-RMluHu&^D4ypc=E!8m`4n!12YO4?B+;#_dxaS;ecWIMI^%1R6n+FyK-7expKB*J{@h)d?3|A z6;E2dL7%r@<@?;u*s`%P3e5c>uyX?s5wD{UmzTV+qmWumT>C|JUCuzWhs0az8FFO; z`70wTFb?UwoF2zcGFD$w?u#oxzXInAq5}|>NdQ0FB2yR5M{pwC4sm|CH)6^IkLj~Q zkc%w=b(28~ogakcKynxA7&cIxvV+&~ zC37$%ZLl$0`}@Ipgq1{B2T4b_Rgc=pw!Ep}Xh-ieXkRw!>Yf3?57hGwS~3fJuE=Cy zs#v5(@>ckH2^>yazp1JAtZq*B?9l=U zLnyRge*4A>=u+GbKgF;#L;vxem;F(O_NIk0-Y}4@C%$>uv$yBmzH?g&C@^pP|+@&pG()_{BJ#q~_VYm8*dfvOK zvnQ@CPO`OiSq}C+zA=9fD{TD+8Y`aot&)&Wn0EnL4eqa#{RkS#2~P0fO`D&K& z-Al<-`*gc+jBL7Cn1xhs`{()yFSlpAg@ylO_BCh%)qiadQgYNEks3%2>}#DB>LxjZiujI2C0!uS2Sb2;s9A9K+qMw=-^`L90a+;C6ypP=(x_kH zx_6T8rwnbI{aE^1>N(ElD{VamURHnk6`afG^9=_tJcZKo?GOSBE7vRv1cu>xt(4__ z(e>Z*vud_X?kGuV)!Bd~7_+bIX}<~cn>Ul36_fQ{)Gw#6DDczX_NDr1a2Z;TR2~yl ze%aR?GC%FN;O~CVGQ0_%GRka1qJne26=H6N$qRiJ2z7y0PlzAhch%7twZTmHFOZg< z!pY1s+9SP5L*^+D<^p+@^Ap`A%Vmw~`?rX(9|$(jmXiU7`0ycPAz<{^zV+E}gpm7C|L75dbRht>CNpuN zhmnNNig~uwmVP~7g3iNYZ;!Y6!vpL}CoE7&FzCBexc9&ypAc=>TN_ zh@m+3y?upfNzTSc8&*PM-FJ|kQH_@*3X+mM7g;!ZPfchu%sij<0pug+YJxxFkFeA{ zgf!S{3*z&Mo~M(PU@)CUzIi&9EkX3g^Ol)?Zl57Y8avrGNjzsg4egiagl_-_EB*}t zkoF3}VIPn0Q~1{jDNpyu(cSmS>7%gb93{c)#B(6c*9*7r3i}OBfgG4TIFx_4#E>qy z%ypmdXGM;loDBgj18(kZR*2nFnEfA9k85TuccoK|8{GjwZT$)5{d|}Puus{W7`7Ad zu^^sWv0$2T;_k4Ee4ZX@&}abV4Db*GjjMVaY9rB+ozcl;K+RO8iYWvlFL2>vHA|0H z7Co0#jw^6=>~T^<=q&FydF6Fe8&di6B8d1lJSpCYNst**>tQU`$gnr|VB!Xwb{55w zhQ;LQ%*XGmW22P4`RKo$7E&`u>A{TQ_#rzjxnC?ith63Q^c6;5hR1E9CcEEXtcSW5 z4I2quiAldUv}X-DdI5+WFXjh|j08Ze`D5Szie8m`Voz3brzG#KY56AFH-j|r1%io}L{O+na1oTNEhrSU1|;uR>(11_i*pSw z>|WR1&hHTaVH7_}&(Pjd`TSgy9!wJB_YAD~Aj+wG`Z48u*q&MyVRsO;Q&j3WeO;I@ zR)UFoCAj-U4|4Osy){OW&VBC<47~TaO%_MFpqP}6fwi(!qG98zs~^Z~-fSEhhr>?M zAJ$%bz^Rv8Nh+#8=Hv3K-<7hT)KkY7v1bzEH=FREt_I(p<^AE|h7$IPi)P*2eYfy2 zE7pC-@(=FI@Z=z*ti;~)fP_6+Q>{X8$f<|diuQ)9<@x%&tFV58UfT&Pz2E_=tWUWI zg2(4xcB0z|{m~~+CyH7&l;VG3D$#|pr_;IgnA82*Bz0XK%Jm!OW-g%l94NTkW(3gV z=iGaNai&}0^E_v0`uyp<-C#7idAn&FBpe!N)+y=m1ZCCQuOC;6CE2t@s109|nR+D( zg}0%<#EEc9a)nPls@YC0685E*4}~Wy$HNXpVs@yA#Q)TI7~HHZpmg~I{hTRt-9F;@ z@`s&T*kGl1gv@--xE!=`lWs1n@mpPOW%iE(+K-82dze%3Lo7*wxqTF6S0?=H`g7@6|5U+qYNCa@177DoX^PilIU-?ks>4zIQ5B9PZV0lDum{lM?=|9lEq zc9~d;rc3R#5Gn-`t>$5#DUGPf&LpMxLRHdK!)V2oA};N361gJ6&YhI0;VnjGA<`lkxGRQj!i{c&VFwQGkczRP-bH_IhXN z%RHF)&1SKuykLFH;W0BB@d-?MtUM=Y4)Y zy&;9=kyfP~5*y)U9Dg=?D9d4qU(bC*FenZ)m-gIG1w97qq@V5E%Ie96&JliXhR}uZ z%KfRQJTPibxAW}?Nu7OVe2=Ou=x|j$ToiehFd*#jGt!QIAYX~8cIZ!fmlUcP4+X&j zV?`*`;5?n?deEd4igyGt5;7k|ID!;t|Mej62fwqt4sU^F*unfUrw`B=ek^JO@s;-K zE4pFh6|4;Ve$Xj>W2g^zuVGS^D+O%Eeq?c;t%ZJRJq>E+sW@ zHJpZv*~s48e6of*@>E2UP9VH1;>g$B0e_0CJMs1P1wd>3nV~DPu|i5!GGk%&`1t!F zVtk_$M_iPd zQ>{&$Y;ABF@-=h}FbdPA9A`H-MCcNf!S~{0t5%R!QFk$F<10qt(G8ROy^Q;6KELTi zVT+M7lJATw6cqRQY3cDcF}Fxq(vEI6`4`48u$%egw=Q6m-d~avQ=dxoQtNk0bG;;= z1)4n52xlc;hZOr@Oi%)lbY(ami6GqeC5^`T1O>G^tkAK7X2{vX7#0V3cm6 zAwP$7cCY%Spjuzb3Dpot)zUDTj&$t*Hj`xLiIlRdMh#FmBTxMc_z!nC zK9(wo=x|^B&r7|=c&LON4>K|JqP7J_e&87U{>E>ylEk!m&`_pUaL{6(8YemJ=sL;8 zKeVSY!2REYu}{Kb87aAV&~*fHVxi`6d=+1v^_R3%PP0yV) z0~0w3g6m)M$%I3x!2_VRypp2X9w@`IM0a30+3XnHPZF{%pNZoue=&*XSZFhAlW1by z*)6H|GlkXR2?MugFCmeS$)YLLW8^2dKNx(!5*#2*+`JYTI^lC9)k|glCEiSU)j7|@ zyTgS!X+XeDk6d5R*XP8+`@OY(Vq*U6eTD};kgPJC<==eVZYw6M!y}92jkGS-DiiAjnmC-#5R_yDvha&q5C!k3 z@!i*G{`J%M>+pvGJd9*(+FaakB7B;ZqiefqAL7+8yrEMN`nvXHC}wUcH`mpRaz;@vfl`$0P?KO1ZAk%jUJ6%+d2}vZW zkXxp!djG;k^m-V2;7xz(Q&3b<6y?u(*@CC!XaD=Ate<3dE~M}5C5*>+%%zF^{@{J| zcgDQ4=NDY^>)vM+l52EfpfoP=85GdHuoCyDvg($<@>oE25$|f!4CBy81wmk({3o=m z0(EYuIxYp=WB;tB(5|?CnROjvN7TisWbA6i}8b+N5(I6Yekzil*eDn5CkaSMcQvXb zNyFq%Y1t>wJe2%~F2+^jCx#vMsbYzxJdN)7O96j+q7a^>*)Jni8ZJe--JMz6b*8kl z;L{mNhi)^r!C;=bK-e3y3+Ao|Eqp7)qz8vzB)@A?Km6*LX6Z z)zItgMP!yem>voVKFGqgNu^Vr9lL}K@A<8I{%n7Zi^lvj6;Lu3p}*{|k%#rYs1_DE z6k#OZ$aX*Lp!N%!-M@G03T&{rFPiMH;GWeD7R-!OOD9BH;QUiSd%maoa7PoYt@j`e z9vd}1aP^Np4FFE7)Z4jCUEa8WzASJLwBV!oB)eBhQy*Ku5GnI$(|zDBqGVm$;&Qz~ z+8=D*(w*AlQ5K_malS28d&`OKpP#9;o>b;07KDNXN`6@0h7=(zp9r)l)AEtedPqOtK;AzXjn7O@I< z7hV{O=6-IsBHV0$h9Ub~e>=srrM5K!fcNzpRYy3ycFpzvei?lFx${<_5gp5zd)lM5 zzncVy%hQUWWavXQ1KeskeqJl`(3Why<|~jD^Y*= z+P|wO;v^sD0IiH@LQ22OGKtJR1sLQ63VR#U-@(_1DTL%#(VjH^4l^prc5_`4g zubERtAb)g_je@(cKuhS@N_P5Q?~!iI!z5dV!S2CJV|QL0j;*U6njUOOih$8#@is5- z)9;?3O95Ku6VI#ML+8xRIl*l3#EkgM??l>CiAP%SDfTs1t=xLS!l|ECr%Skv59-w{ zl{gy&UmiT2<=-!`Dpu@cl60NcE_B5k1cHy4@br=}a0)p>uKBZL=;_fAmU7w{a-u-x zJN33{^HTU3+XrO-mABTO9(D$y^$a0*4!`@k`Md^9oWwF(>U)R{Qf=`$VjQ1qdE#b4 zTp$^o2;?-YNURZ?Aon;=Ywq}<#0GfhkO7brmz12E&VzJiDy)7@$;)l%jQL((N5QNH z?ifB}I~!7vS>R-fG79)OxOLUU4V~~#Ay{L@TK=#c<-q*_>D$`zhEUpR9i9+Q7k_e5 zP?jWEGUFT|hcv}B>48XCYXe%#Yt~aF+!UtnD~MSU+j&^`-_z&pYLh-3eFvbQY2w!B z$tO&4;lDoB6i)mJwJXgPUagfts6TE;0~pUI0S4jZ!r#^@nJPM!>vJ$pXdB>@-y&5k zl;J{yGe=z*xN-``PV-X9nXZHt{2Pv|*|@EA8ZAF~87Kawj847}gVZ4s5U8@f^TzZz zwR8+1yx8_dQ~drsDwwvHK5oXsT;+N=fXMgS=UJN@dZu1|;4&}(tjMgB@O=_5`HTLm z*}tCEK9fv2BoNpO_hvm-eKDZFhocQ_4#G<_5B%G9*Y+IJ6SVJndF(9n^SS5#9-|7A zOHqfqk&c5uBHI$=F$>rvv5i51fxYy4%*cXWL ze7yGwjeMh@;BYq1;AKD*HX&$aRYv2*TD#M67K#P_)MH|NRWG0$ibCr2eY&4)Pl|&; zV%0$7o=EPZhZ7J+RG2y+_n}(SpuAR9c$7R6A%tGl z7jzoWoL~ZU4(^|XyyGu%VCP?sPyfeyg!Ln!EJCf;o!m)RrYcjO!@5 zPp=byLe+$pdQ@fDd3g|$(O656j!ZwwH)XoFd+npidBKkONKF{HD(cz9T}#JLr3R)t^jHyI%M;R_+j%@P0UsZD!=qw6}uuu$m)K#hVWd0zuCi~1ZsC9 z%h}qU;g1NU^td6aDYKi~llRW~ZHTej))*=)Mc?n9#*9H!dg*ufHe_`9H8M5Uy4RW` z=J#{?={84qw@P|&2n>zqO-Z;smr3F?+6DM~^gjBFhqyam zUuN&o%?DnreIQYKhIw2?7rXl7P3)hSr|f)?Ta)iDQvvBSlSPWnVV`$~i;q<7o@x;` zw#C>hn@GYt-(0DDyF;$+XC_FhBTKT5VKTY1JGTbN^Oq_&H1bIRDhhWEce)-EBnspr z^dN7-_zt(jbP>P4%yh_(YT}B=94;DjqnTBJ==alkbeSwp&xie1r5*5e&cpW@S4}zy z^)d2`7zsPOSM6$wmxZmwqEl9yOV&LG78bIxK!S#;CRXx2=)(A*gW~wVl8Wf%Yr|=H=>z3i3ogA@9XyC8SMo=m;Mb*@XCK~1`Ofaz5P@=El(;3N z(W-T(uCF&7N=&IVyC*~fAQg6jJgv!oPTl09+$r*gGl5QswXcbUw%T{QN@I$$`MND{ zr*J1D>Y8rz)ZmHzswD*;$%Qm)zlRjLl4Jrr`Oncr?^7!}BJ3VG|IVss-e)E5#HPWU ztW7AfCEn&hgd$Gg&Ot_1UEO*No%nvgHQ`%+rRYLP5Mfg?Es5TGz){oMgO;7k>@@iS z>*)|=K)b=uU@s&ZK~?Jd&WniqEthAAlFkE!>(X38_lBgQ_3IsB2{+oaiGZ*DihG|! z+xX!h>#coM=d<~fgZ$XqLi#QV)6x7bMq<;O@U=x-^^D!=LB(nvjcm^)*BApx3lsmw+TJF$wP|3wMX; z@ymz`NSv|he+xZH`YC(~S46;_JMZ;14~r2w#uB09g)IPr&ds}x>s|Wu-`BQ(MN+o@K|BN|}j(3PLeB$s#%;CNCWKzbt)rC_6 zU+;k{DDK*r=g*=XdghB3!-41Xb092xA;haQ_xdORJ-y}ZezEbbZn?(E@=-pn;6jkb z3)vvvevnRD_m|eaDKblw6SM9cuR#CIHWQp<=!#7HF-Nmisa-5%M` zGxoyUlf7g0S##}8c_EqrPv@35qPZyLbiaew{c+_J7hfLN>#w`Yck%FCo)O>O5GOw9 z*JQ7|Mh$n5e{^^JC2#6;-=`Pm3xvH-pwjg| zQTL&+E%hISy)fV8lG>`*2sZk&e?R0-_+nICpE!dfpEtiPU2}oE{?fPfh+>vKl{gp@ zI~_ELE*^I_B|6407ERYK9U2eg{j>CWdEkzCRJb+TuPg1fCE~I!7EIHgo2&X6$r;sM zIB@LaVxiQ&NM^AbBJ$omCca*CCVH9Hu&(0i`>bRVa+kP~As|o1GZy&|I;CZZlXE+?UR7ieKa*rwZxz-;XCXh31zB0o( z($#&bQ#bcyq?BrwZv$m!^&4A`>iPx19+ANP=T*rrS_gWY@%t-Fokcku0X^f!?lBI zTYAJRbw}Y$+8<7Mz#A)mR{Wee4flkPLUB84h9el0YVeaB7Hbx|vL|NslxlASfrH46 z*so~h71%JO5>bUP4G{?kYW`de)M&z#p&5d%_%(h(SXlOiz6u#rI?cFWdNNPHZ+QNG zpN=mAVbM&pmcA6wj04eMA$>FR{aBhjdowHX{2iBT!#@Ba2?9~Ghfv_uuWe#HhMlO4 zY~KeRDQTAw z+Is^fhNUitppM5x0c*bsIcoR6N@JN3`t=Am2K?LSyBW)9cc=Lw%@yFL^JB@;vzT}{ zlN+Y|OLttFFWX9>Qyq-C_U;8gUOwNGetClfemO0V)LKrZ=3ZazU|kQ4=b)UF)6E}K zBM$CHI^6t0AgXQpjoa^B4qlp zsm58f^#l3U_pGdsDxcVi#mi>yTGas0DbE6JQ2KQrSqx^~b&)FC3V|=JS zLE~}3dXGENlVIXX;!H}_pot9VDnHNT$np*DM`>SMDDLxoQo{amL)f*Iz-9qV)ScZ6 zPS$*Ak$q9++rW3o(d)LKrP8adDiAK5%dquk>kk^l~TW0P; zBlm3}|DsN507UaMbtk_GCR86OSr0MVKl-#ELcjhhV*K*i?~*w=j4HVGxR0N3y=+&g z8E_Lz*xWq~I4x4vlGzG@1OEBpwC;K0vEAs=^K!{pm%=a%S?C)W`eV(mlV*4l!PsAB znp5u2$J_!q&Ir;>zve5(WGb=xCrh2%dA+ggmu%jNo!a-}5D`zxC65igA6{u_ zUfQ6a^yF|*C-+)(_c>m_Ylc9?GZs1%SXCwHfq1A~4uYFHQ$}*cA3)-8aiSed9PBObOchy-(U1&&c%&e5Fm{&&ez_i&(ibw8Sqs*0yJ_t z$gfts-)9cjGd6kE1uO#mi*QXY7G*XvgK5IAb9D00iujnp{dkID+G5v!j>ql$Jo+~5 zx6|SACWmM6)Q|~6f9`q?{L@?kJo4Q%J^Ai$_f^W3OH%@d%iRBC)vD6zw-#Jv(q13~ zwl)_7(^f)xJ#QIjPyo#6?}-hLEvuKcjqR1V6o%XBtmfUj>Gp%sA*p83#+JBK$|~NU zF9(Ug1pBPQ&pAL%3by96f=cIt1I9&m;arUG?Q;c%HQS<0!yPJMznH%pCyPgRqMj-T z=OOm$oyQuf#;%2*>A$n@s5kTtAs9HE_qzsVwXD}|fsBsR9w9Tjh|Ud;=Ne;Qmr0v; zC|a8@=$9NfGF7EFSD&&cjP-}I4}KM+;`Tj~A3(mSkG>b{d2(34##=AAqZ)mP?#y!de z?ob}6p7`Kx;yxdrUTWDw(+?snn=pYHGeHG1OWrvUzLwWbDD!eTH2x18FY~uW;^-3* zAL_J*}>ADhV}L1=Z`IDW8lNSuI8LM%!LLp2T=DEK{(xCu$~pV#j8Bp7k|P> zs6A5%8#W`%?cult;R{_|-UOlF#;8(7)fN`Xix={sbEo=pb+`s;%3V`ffe2j3%UNe6 zZEzfu`wp%MiJJFGOueZNw4)YQwI3fUovb#T_g)*E!u))r5ayAmm`y&)oxjx>Y4 zwLkZw;wgW^h7>^TsaQL^ z^2_7Fna+N>u+;ZB$-y>Gvq@T(0I=4Aq919BrSlpXJOW$uhe8Zb$M5uB$)S~RkE~(d zk67A}saH$~1Pr~Kv*v$tanV^YhLxpVq_5!jy!o3B=O8$@)S{g(Fw(;IHUIX&Bk3YG zFM)S{**BOXMo7-q)^*$`hj5G&DN@Dk({N+GB>wP9FEAbTw!Qrj zg!w#-Ftwf9Rpb*!o#i`SJxNL9zfY8dCBtKCCf&Uj%-Jt{60ZBg#>XshPdEN^$$q{_ zKWABCwIHLTcb5q2<)l?E>g@qLaWD8ZPSsMHZYCi?09j^X?+ES>=EO%6v?_pp8w}8q zFF$)V-Xw1y-OI;o$fh2ZqR`;53;sCgB>ET`@)^ZZDI(`P9>x>FIn){3K^~H4Lp%*# zxC5(ol3wHqke%9*pGT2X%HPiz){y-OKfAE#`oK#_n0Y3MF7QKynTBf zkx`(n=;)hMNJmdNta~w#ZT3xOZfo1{(z7!^ou_|4``d)Xz&zaoa-VSar^Wky_xkHa zouu0AjeS%uuD{@PC$od=*0v2=4ouDWzKl0petMTHxT;c-?_(Lck7?5nLxyl^Wk|9K zYPH{wzrh}1c*ps3hLZelI@FiOBS$=L#i_>skTwLzkN7~qLNlCp>$p^*ReHKhFLLb) z)$$ub{DA5B63cn$$|NXlEkrT%=%hF)jSp2Cf`)QKu=+(30k3~w)WvuR#? z#ML;$l6N6j)lz+aC{OvN&9h`qV=d^i@!@1Dm_dO*ipOoW<&aMI`?CM3nlp*)X}@^G z07?sK1rQg#(hIT(Llg5~Z&v`$ml>#@rmoV><36TKgLJM0m6LGWK$DiE7E4vBHQf4A z_9P8O&bn&hi7Ctrx|fP&+&`qsP@B=mG1pet=jMcvZ393Kid`kT`{qfDa4gQTWsUO zMkufDOQ@V6^~^ZAagna^`(=xHAIhowbViI(sRlORTo-4^>3x>7MJ0XKdQ;u&rhq+L zPSR+*o4mmd$=D??G`C7;8S<;CWnb0;5XAuKC|}p^0gDCHz`}#MZxtl9AaVa%+qqb7 zgV3?VcYSu_4;zyaNY}h=8aTY|kvh7GN>FrnMns8xh$?Vr;ajC#wSs<#dlx9M)_^$y zGff5Q0h&ptP2sM*bv6&$_1nYs{X4^KMFqd@$3yjtgOj$&*pvRG=SfEC489ZbH7xZe zcWTl_+{dj~uB_P$s7R$${z%00<@H)g;apNCiz)&GI868i|Jg?6MprpT@O^AhSSgp7)X)v%SBT)Xil#zX8MsuL(4JdHKE>`TG`@{ebnMn+vMAQRP5hFsKUh z=6I0cJ8ZsKt74_D%t>>26u${jVFxWu;itl`Vq0GCLCd?;K@@aM=07zFu&P7(;cU-a zegj%s2aEu3d54!=hRAS5RQPK~LZ!oQ3E~o)eS~v~BDfJ5%?_B=x74g#5u-l;a+;)j z_)uBBSoFL^Zm)dSPUea~CGR?Z3j()|L9)XD4jQ#j@rI)#_q6Z@6)QTOjb znSxbf%3L15jIv4yKnn}s{;k&VSbFv_8Fs;NE}`5-O2lERsZ=YxJ4W35G$=%i3lhuY@1_LmK z!pOpuAt(>Yo{~aH=71qsP-R$impo2t|7O<;ZfynKkp}BR(QnvgA83n;ZyAq<$k0&g zY`++C3-uQ^C-mRvCJ&)~^69>+-S!s$=|rtk_ui6a#S6j|jaM_9LwdZRn|w=johE++ z32N3`@F-bXl{3d+{G2{n%pb;^@ry*<_Dsk;*`oF3V-HEhgPR+^;;aA{lc-=ImG&8t z2Nso?c~5P3X|Htdr7W^@B#lFO;~O2VjnS33AmAsS>F$^`kO6A437+HinK%d9TrLmd zb!3MrJm2?eR!5D2t&d6|ZQX&eVIMx>ag_Jb zY{V;qQTy0OC~QfZvuEEzGBfL|S0I7-Kt1AT=WymHOq4quvaCsC^;|z*hu;sW?jSEN zNvXWg9UyskzPg|k52tD$q4@_N(4L3T^SuDEDw>h!tN**+t(S_qxcx3C1gd_gUeOwUhSA@C0N zz3;1!SzT)GPafb6ryt3&0fM%!Y;+tbbX(DQ6C)_4@GsC89?zU)E{i8|e%^{|sW}@8 z;qzCSH|&@<6n&F>Y!XRT{nCn$?(ircvE3MRvOBNl%Y8uxLeyQBmWcn}4}0fw>&yVUu+6Mx_sq=4R_=)X2!+QFEYO^WSNC(m>b{KdsFqB*jwC<> zc;fKJ&?iL~!A~=QgKr-+*E6*95_!I#H;|s?JVI$B-PnW@I-x1(JK7P`=eAml#b$Rn z5Ub~S(;ifx?Y(BK_Q|y41%2KRSgQR#hyH6xcl?q<6;$mMipmXggP4t$Z)FeZbwJSC zQphLRs5(t;pH#)(@vr_(`x=pDd< zf}5|bLzztx1sfbUFg$EMEIwC++mtovHaHRtIasg8@M3Y{5kZU~RzLcdw<}M_*{P>1 z8K5Eq=tb@crc0X-yOc?6J;wN^G=0iX{kupd-&suMO1XT4rB4X*K=)prgDF>Q4H62# za*70P>1iQIE~Vd+y%!SimvOHWXG?E1BEf2Y{ajstbJXzj+iSMdD~c4ouaF8HXC{A+ z=VAK}&0JA_g+TD)l{B<%+$x)G5CfU2m2DVBsr(54M);R6G6{Hm&IVi%#?Bww#9!01 z{e^jOLW=u$cG*wJs!cpYfd1Fj)Nf6cewDAT9I{iQW>g#e_93T|+%_^=?PA@!rLEV& z7MtG<5uc`vy-hp-f8sLFza9w09K}W6!?m3^cwhm4u1?h0T3@VzHIKOPe(fB_8f$4w zanvm&wQ9e1^rxUMwskYbO6Q`}jhRA4Qj2`L3P7BdFBQwy(@g%tx;4`IA}*7>HxtXF z#uEY!0YLNYZlWQ+{irXLM|P%Ot8n1K4MctrWxOZXLr>m&58=%b;EW}IB^+J69lY`= zL%a3h?yFW-vm=Q&TA0E~QweXxaZ_PorLI2M{X*cN1#<$04p@+&rR5i_Z_rI#iCUwC z!7zgBDV)Ne8f7<`pT;ziFyu-`vR5sz!Ui_-0DYz{dsj8Q6{?M_@TM|;5yBoZA%sAs z=hrudN2AYPsFzVIan$YPY(RTZBvsKGr3GmD^WDD_U04(BCz;knLUzcrXUfZu5P_)t z=s#Y6l)O-{#lb{_@BtxgKw0`6xW0Q)!;48HaOTb{pa+!@@ZkPSVN>^SLG z-;O3Ft>XYt3TC~w4TBPTsWSdL$JZiXHAoYRJ$95A*POJD-;rV*k*%%EZ;I~M43OED z<74W3QXt~eKxav2x83UbPn)s_Hwj$39@Ou`L-0OWr@q>cQYL~Xrxb{(-d9~y08OKL zZjM-8q%deBN_VnBQOBK!O<~&Y1a=_(|XE@5v1u_pmwYdd;k3Q1f4YbqH=bbC;DT zIdouY4{fzdY_E2CK8FS!$-{J&0PlFj|91wHqC7i)7d3lrkm*txACO74Q%K}D_RFW_ z?3jyG@6|zMea3Q-;2AfHzSUkt8Ksl6UjZZiBLrA9RUDCtwDuNDir$*IVa4{@sDHJ^ z1~`bFdEs#{f`)z06}=Owcsm$S?keDTMbIu6d_QPoZ81OZZ&Se1W}5k3UmwNwgp?xM zc7VI3m-4j{S!(Xp+x~>UkiZ0OQtbCEMSq8luW;EBD|vZeEN|D*$8fZlX7b}+t~kE% z=&I`-|9`M0Zy7upe{y^-$R784I#Jb5QQfoP?Q0mWd*JVMf7bn&`i&HZwef%#{I#C) z%LzRX{6sC-{N7#l!gd4(1@I|;oXzSe=fdAcQ;qjU_aWkOFr+icGi9b{2T$7zwey?K^ay*U^W<-h zRF`E;cki-AZu+WSmHiEbBDSI0DV@V!b(7;dghtz0z`mHR4;m&hj_`=Tr`Ebr}x&#d<+KnMCJ@XDE2ktLK*&7W*%Q)!TqbkQa)aLJ&Xnd=PhEX zs^fdo4qs46eTn`CQ%v944{T3&XC~MxvLZ_%phP(%c+4E$m@Gz*m8uo^vMj(WU7ZvO z#5~jvd(Sg(b(#^?)1v==Gt|YAhS~rC{Dv0}7vMlEXlVdje_<79&+$AHIqqrY^_lX5 zJ+4-*p!G>S_v@=2%x_8VH!T4)X8QC$ocigy;{N0#14AWHwGJ(B#HVyOou0~f@>2E@ zz)-44#}6h@^ex{pGU0m;W85{DA{#DA!QLl}K1|nB-|xflF$}8mo+S~2%5|vUoRrha zaF?VB@7H|G!pDAD14_<+6zUUx`g~1#EW;#}#Zo0AjFIC4>9iNg*p<&f*`Z-{03{&o zF8eU@?@vK!dp`mjlwWtT4&g@||FRs;u|Q)$73QIMz}Aa(h$QDS2qsNYIcl7cBEq7P zn2Gm7<;hjWEaH?RkPOT%N0H};{?-)1u^!Gg1hvCQCqP`lgY5UK{HzGy>-J2HH&`6^ zec;*0F#L%pPXr98xnL)9=~~`Y&)%7~!uV!umApWc_?g4QVw) zyx+OMq5KKgH{0UhaNL%ub}o>miv_|#=p++HFZ=*LuZn#Kp0!r|8QC(<{$QS$P@&gP zg}Y>dc9ME|McBNpZlT7R0lrX|yCpq9OBKwVh6pD{BG zl6kM6v21?lVJt3`P{8A`a@bAfgCW5SH*v~5_6cg!7**_g=%WA5kK;eGEW1LVOct*S zfDFYwxxUoLuU^bl{%|~*+am7k-4ofLJa}89Yj?OHV(S$>lF)VDm0jEY=V2XB1J^zi zv9x#=bBN#&jN~9M%iox;Q*_ibq?sE#%+b8h-!jYC+5wWI59p67#)ZfdqurDD6PScdd zppB`0=N=Md(c0`|G=kcCrnV369D#3-N*R&*os%_w+pe6Ujfk1j<@bS;fbMP2p0k)~j4v+(d{*wH3aFT0&sOw_Gm!^mU8&Us<8H z(%h?^1Oi3^=`t1aR9|2j9KHezOu~!t2!jSh>OEY0X;yip&b|dpgYp>VmjucHN9$yC z3*_&!7H{M5*HR3?lo`w@U-sb#KhO(F0h3drMaeQBal#K zFkx*yH9q@#G!U{*`9PCkd}Lxkk%5?@k@|d6kflHD-t@IzMOS6l1!+~UG;a6}YUc5* zD^%Sfca3!>!o<7}y%RFFQ*O0+S?Fe(7>+JZp;7#$!)+`?Fw!*`N)hwl#;HF>vr)as|kUn(dy!Xcf9~&}}cei@nVZmt7RPEp< z$6Gf&aCs^-U$r4hhO#CJwbnMk(T@87`(2Sg6mYzi8JlYLzx{6XUiVc$i*W2PpXjH- z1Gu7^d&>{{e)LPk`K6b_LJIO;*Yd_#g5R*E$)(DY(amSAPUGX$-dmcnBezwxLL_M~ zp~S@Tud)p?&@dWjgxDe=>`LP$4sdb+56XIEX1s&0RWY$W46J|8SN3=tCeP_;VD?^j zFC3+7as$lvW#3;yowPFO-zk!X5vM0CS@4l`o`mv`dLt_ERQvS%3fV?MnvybUduY4l zz^HOMHOJ&m*w>54GcXiFWBY?j27uIkFebi|6yCnLW2N&e89sj;nj?QzgjYGt;#KV} z!O(2fRKg&oPoPrGgHtmWw$vI~Is`cRAX*KEbY`CG!m1C3LWZpsA1@EOs0mnLn}00( zkLF4ua2VZK0M)<;_-z8}(b9=TCO6P~xm(>Cmd8Go$3gsq=inoS%J*g^8DH9?d2c?~ zMC00Ao93CHhhsY*J(|}qT9TZkjx$e)rA&&Ok<3j&MV!-*UkFH6e}2(wkq|lVubOZ7 zIigx7YCjb%rnBF0i*6WO5!JT;#Y}XTthI762@flZbe?|rwz!X+WoTmbW3^&}2KO*~ z@ZP*26cD_75@`y3Yp_#%c>hdjbHk$i5n1tx`JbZ6`EckC)mpytT>8)l7cb~sbCI+d z8bOd3D}6b`ZL2^H34yF36PO6hfxlmXFw^fp`$T7=V6xV%KBDkx|EPWLhGK0Dmui&} zbOb;rD<{y7j5)z7T3$Zh(T#py7$jDWg0s)~A6qG9v2!v4!O!Ha(v1p`nrCx-;90KmS|@nw)+gb$raucfUlp=V;c}GSXic4c?JR_I+b1-I#O7M8x;S zKi0gN8eR`GQ$Jb?+oIKB9%7Fe3v3qc)eZlX-nS=kH26GQKYmP-c$|SHJT)ew))mcO10PY>0tUwL|n9>I2WMxyuy^yHPUs)JS=}KEry>b19OP% zRn`DCk*i?b>3MQSbfwDdXJgD#Mx+b+>vW)-ZJ)+Y&hOg*a;=fq>Ch;W@g|Y?+#s65ieK;~6{hd7<5*qk zs?3cRqd8zI=)>J9=AAB--=45L@w-Ot$9%OumQu|zc)jcEb-%{^bF)(CBkTodaONLq zA+f1Ey&Pyq-Te1ly@l{8Wks8E5e07 z6q@(RBTgZ3KK8}@{*lm4zXv};-#lpYF@9Th-nH2;+6T}N(0eD9G>G8FUI{7bLt4x8 zaw69x(1znjfbR{gA^p(a-Gghk1GWe5>3(cRXMkK+&aaEo_`x``g-eP>_lXew|TJ zW&Ze*xLjv!hjx^@r1yjRv~kl*l6J0|vEBrb>u1ZaMnuhb?+!$Vb!D|EnN#hU!A zbr-$^a@0Q$5?KThVb~kz7op4@JgKLMdWqwDjiU1^m`s_-0?`E6Q8JOXbX(FSZM?dM z{AD$iY}!ZL0Qq!Yb&fM%~aC4=4oRCk`lApgCrpMIWBkFCH?Zz)aLMfP1P?df&( zvV#LZ-0c!QeaUFP0XYUpJ42Ft^tLab9eC3LNxL*eAcS&R7KIK#8k>>})LK@iXN?R~U(B{_1{MX%f|6~NP#o<_;iW0QXm#Lww?JvbgFYR>n% z<#BYM{FJZ^|Cve&6QO~a43~Z8kVRR)^{NrX8`$O~s4RmxCG~<#%r6%Du*Khk`~5jE zz%#5HHz4kVP4BMhfVd-L86ceRJgj=3VJ3(8{8F!17s-JovTgK{2HXZ{Bj*#pWe#BB zE1DS>rc7@t|6UekxYM)aK5o9#=jktx+7a*f#04mX&K-ZNqy{w6i9!RPy~;&K!Et*u zHtY;^%bqYVk}w=0Y}XIu2?7UGucq+&i2&P2RJVVRy{AcqO!mpGrPMEh-`(`|g#!3? z5=25==P{O<{PY7)vr2)qk~Fh(`)3(d_mQ9%`$ip1r=l z`e z9Ghh(#rVN_W5dk|(Zz|tpAcM7JY4}U2EjIev9v?gE=JFvk#$s^OV(n1+k;#(0FM1M zywD~bg7oMz3@xExM8aS6)Qx{2bk`7P_RXI>f8Jm7>-7jeGBjcg%T43V$F)RC?s~Xb zbpYKDe2tbqTn{PqOfMl2hw3m-AtR56pZ&g5`5T>^=es!PZL%wSjCo0YexK*#p7SRS zdR+?AaD1Ij=1*^y7SKe*CpXTV1xmd>gXYkTMXaW=@i9Pt@q`2%9Omg5FC zw~CaK`6|i}&oT?}1#Qen%Xe?ANSAu=nan_r-$_}jA8N#(zJGd*{o@8DsaA4V%1@#; zyTwT0?@wrwp0Bz^NY_vJFzQRM4&x;&Lx)i=s58?JOPk?yKS?LIu3^KWw4bv6y5}6$ zuTXO39J~QpFI;gl9-}&ys{0x8>~XT*nRFL!O*dP&w?$$vNIqy~HmOLmqde^m)DtSC zq<9_9r)QhkzkR&uD|dVf@iSV*@g5|y&BOdf(li1@2FYvZ&rQ|H!iLNZ+Xpys zPRKspkShO08^&Pb8&xEJ_e(2a+913;IPUUD0#T-Y+WgH0EARa?o}P{^#himjxk<~b zzJ$^B9B(fSvLlqe@s`k_H%FmRYb(PQ)`^lRmGyid(UWR&KRlS!Rj>)aKCO!?y0c2W zu`iG+SFe+ZZgl_xUU(5`%B1ub@zo0dlj*R*;gH)Pm_-qTDZ|u z6RRh{us$|r*vMMF{`RsFk`!yAn{IHU3kv1*mbSq`yUW((ny=0RIX5$U8+!Aa;s7|r zRnbISW-%r_d@m5-5c_s{k}E4cv}&HOkSrUw^9#KuiCcQ2)_0(eG+vm%D`3gF5OJ=M zg7BAR)qqx{S9;W5LZ-a%qqJt!O=^I?&_65`H5Y0^MK)ya9h5bsHjGHkA@Lzww|OF4 z3?Jo#<_8Bl3pC|_$cr9A6*ew(Fxo~C&p8vGPlG?s#FW&~dgN2lVq4|`UliwSg}@`( z5T9=EPN9Ag_ED^P{*-qgJ$V`DMYv;A$9j*qi>xZ~t)cP0JPouN;7P8KA5kQa(V;$tWMk4;PiXk7#Bne`FI8T)&0)f_FO4p zQlD>Q7XeAZI_gZ*sZaxieuRz0^D*%`T&~MIrY&0=!gp3Z=HS~4((fVevwQlu1W!Zt zidHpYrOOlm18VBLx&63hmH8Ay`zCqw>jRa)m1|tHx#sh`jqeFKTLV4KYm~Xd{1Qfn zeBH%NIz|K5MBwwafOx_B&3y)A+DserZhT@vzK^!Oz*b-X{7&eSTIm5SLy z7@ZxxL*l25^7u{O;d^#B_j*;b^~}_V*Fc0h8!MJe-9IKy?cGV{qPmt3t#!^p-QagS z!E}P(Yc!tX#XBqd921WNEgGnAr4^b!_M9`;AQjL3zWFFf+%paxoT6S}&Asp?wb%F5 zoR1_s=+zUf3&gVkm5^6Di^=nRK~w|l?_3Xw7^N7EK7^Hh+x|Svs`(Vy+xPS@ALXw* zKu_-*l*a~%1t19XLr2v0?_@Xo)_TrOId6o&_YByFhNUtX2xDyR-JHi`pP0Z4H}g&3 zY=XK?54Zy5uE%UG?Gx)3+50x_CI1|-m1u0+&tvi--WvYZN=hG_&KX*X*Y)#2Rww%G z_sx5C4Tw_M!o%|ty|@?U#2@~4fDo*aYw${`f~|4GLvfJKM_nqI{x`EYdz_aYPw?Fv z1|p2J{Wn*V&mdxV{@#l<0xb#sH$%?pPDnADf<#teV^*whhcS!K=Bm0S^tjc<6L zSi>q;(^~uM&n1p+erZ+zfp9E1-jV@ESiNHhq|6|Tf&wV|RH*`gDDKw!=no&hOb}?F z{RlqfY$NQO=lk+SS>P`{UOcMM5Hv}~KT_&hIX&y}llOgD(3VQiVTFVK;>rSbd6*Me$WXA;h!Y=%1i*z*qx72lPez3i!hB_1Ae85})s%dsSwa zax`hh-hTzE~7bAd=^z-5ZaVI*!swLre*A z3+z+RX*!F>_Kf{=NQhH7?^UY7h(=?b3-@>6CBahb_ZR;qXb_etA&do%5+`o_-FQtT<+8C0X^$ysxf|`{$0tZxC|KUg+4v z=?rjbzdSOxXP-9-@;6WTd7J#o;%I?>W5Jrli*%0IPrJBM&^bebay6-aj`@5J`$};i zX18OX1jQHt{PdQGlo?^a&C2n5exZg3T%{xJGuYf)K;X;$wFt?iNz%LvmrGf=9;y$_ zMnXu))BU+k-{;mQ%tMHy$1N?^3Yi+S{HcN9bWx%%-Eu4|#=kU{Z(|fb4gVGyGD?2F-Q< zb#Jh>gLw`FG!sU*iP(Dw#e5!g{^@FJzVH-}P|febLZIW5mso=!IQ2nX@UYWE`Aq}# zsPM6$l<__tTkv$wX6Dm za0AYop!`0H;QHBbMBE1Vt@S4oIf*QGKF#a)jH@_i(NPdqTWahTX_zPoJ~Qazlr_`q za7d%#f~L!Q;4TJsnS}c<@ozNr}sU=4P1T&>F^AUR@XMoA7Ch?zq^9< z?oq`r4H!uFx|Jep`TocYH&{Z%Vm1WdFlRV8Prgmq9zNUg=JKbff15w|V&x9`!SMWm zP{&`c;~00o%;BiuaWW{&aw?JvqCVE9#g!xIy~84~M(ptm35sB+sstFtxxdkEd1k$2 zsGNgJh$Fq7-Vu+rxu4BpPR*NsiyMmk8o@}QrBmSeA1gb~kJ?vMtIlk-!(WiFurO(M zjShhxYLKr=A=@6u5>3j0%yMUB2{8@ffuG%ZQ~Pa61KNF>=fHJ^Q(7(V+I?P*y^j;C zQt)G`GJ6GKDM&Z(e%D8eT&TUyXsg%0vQ1ZjF0RkTk?pgJCkdYR8t#uY8DZ=vKlDhs z#{AuH=hNZ1CeZYylT2`}Qc~PLrQQ~(TOIkg_d7|oOB=0D)&~bWE~HAXlGdc*Aemt-UgAa%EH3Q z{~iAptn=e-W80Q&xX9Z5sqjv>6S7bx=dFH!l%#nl=Ycu|uv5Ix(#H#SNcanKJz4jA zA`npwq!I_#4|s}gdps#Br5%5XcA2IGc1qw-4xnzC6di(}h!jB29~=4;?#Uzw$n|Z> zGBE1z2Nhx6Rd+CcaAd|>q>j_c-QRMI#Lmm64z8|0R%&D4m!HJwIGwB5GMi$A$2q_|UiMcl)-pMK(;gDY%VlMs9`@A7 zMU+Tq@;xMST|RI#pN=K;zmHx!*fYTqs@$jgUE#6a5oM1ie<%AO8IC6_&B?ti==4P| zN9wa$uX4(utX(N=sqdyL2E`<=@!IK@&@UstCG>Yq)vbh!lYH~*rni+dP$ z1sZ%v9R99d5KnIB@m7B!z7E)>@Xn8T4^r~&F5ilt@M+w4_z^ zKJ$5B9U+{-$Ss}O-tS@9gbD7ABOt)W0hJi|SR=dFE8hm=Mad_nE{+z$;0%uz#!84ERtI0d54d+e8hv0eVf zYXuz)M`3UKtQi5t-J$w|JP9Lk@^b^^)Q zDI4wt*+#J=0v)nME?&80X8a9ZmHFj@-5Bzo_7R@t0HIWH0Y;rlH6LSc?(9t?X?VZi z>PtDo4gK`KVRgKf5PkLng;g(UnK*ZN89FCP5u=CKpOpvX1=P27J>C+v@Kg59|AI?l znF`~4e>0W2M(tmF)Lsp%1Gp%|TE14LO@^yzH1!Bh|Gh;u+qmp%VIp*Q z)>Wg5BkGbjgO=LBAfF`^AIB3BgOdu9h-k&`x!{jNdT#n8clYp7ZywoQ(*PJ5eA)6J z2O_&}$GeqPXJg$8$b!Xdcq%L0x&Ze)ZV^i_IS+ZJPIT z*QNUOy^^@Uim1SVh6&fJ%lBc{3#Tn~lWr2PMNd!=wa`dB9PvT2?>AyG2p8Gqr%V>N-vD~&NsYZRe#EYlHrUc?&i4GvB?rZNCr`Zu--spWX zprG4RWKZ8+c!nLU7bpYrkBZ<-KG)~`Pxn070D)EDssHOdWe|mss@5-_9;@H(B z@*B3Q0=|esbsW*?rr_O!^K!o575_Gc z`XrC?O3JiMnNh#u<==&Ir)M6q#qG{M-yKtOFTZ6Vlm+`^8m?KWRPu{ClOi&IXj?0@ z%#tU`LXfJWE<(U#t5u=ab)39!MvwKMvf;+%mC1Si8r{9YY!mzQ%lkow5WWV5ff`vJ zU|fgT^8OHAxInYGJ`%>fdg#(>^%TyX3Ai({mxp7%#9|Ge!-d@T7yeO(BlpxoD(#_k zH3Vm_OHJ|fRd&6@X({g&WGx=PD{ViAbEQ`?5|^|(apDZRIl+b4@b0!s{M2WaOAHM~o*udlt6p4Kq61A!@YLr(UwqVD4j&+Www zQVH(Ha5^tf4%iGr`X+NQzoxlwz4eJ@4*u{ESs!WujcZ}8IdHU)AGeNLI1R`kbnRVB zoxIq2u&sP=` zSI#ZbN4>UgX`Dt;?*Y)59X3CUXG(vc&I7cxJYvptHML;r7+jFii*Sp8)73@TdDRo6?t5Rzj-@4kq20W+r8)$XnZg?|&{TYb6AWsKr$n!d z(7*B#{8_O7&P-Op<;^|oVu%1lWN-dru z&49#E{W&x;99)9pkoX)8*N+YYLf#jo(iLsExS8YyTW;1Aw|D>wPJ4bO8KenVuORJ- zN|G_2Eu)~Is)xFS9Wfqz#_W{pa%3HgAII$#f%?Sg`J2y|-i&JnGRz$uHLHOAq^(wd zq0FOwFIxGG1VeU|+Y81?uP9It1hSS#5M=x$Rb3Nwhwj2J$LM#fZ!J|7qkja$fvr8% z5uhbYC`fMAYMGDpEx(c$zlIM?7??E9`XhR1Z@NC(g|^=sabI|DUFIeXLZwD(EqvoVNzhRI=Zn2PPkK?SpV>;P`O6(7L%w{*le5Y_z@(IIw_T*x>ob5# zFKqgpZ_ihG3|(nR`>5wq<{F|4zU7D3r?8s6)XO1}#iL|EGEvPqV1u1ZwmtyU9(t{k ztR?Bg0ODPpXMro;(+Az7$9Urko#G&MBAWrg<6O#se5=&{x(w@Hir$x!_u&W^?`$r9 zdq@j;U1dAn33x_RTZ^_f%v0I%K~oY&fhZCY1f1(X+%p-rE2*rFS6Iwx@PJ{+*qsad zyE;$c$}qacqAmlNZrXWrxKdL6qE*%MFSk7^`s~}v!uGtz;FqYp+3o;Yi3r*u{=}hD zoiUmB`!>?giYQPCss;l`9pT_60*L>xKi*G+D7`k2Vb?;5z)7Rbe^yrz6WpRpCd?Nep3*R+ETCT4EAxkU!T>dbJFq5sFc8ziVDp4j+lF=yICix{+8KaEW1Y} zI^trAe!E^fxi3z!b2>!(pnx&y>0#^_d~eF>&oOD-@gx%abIPsBl%p7#{RY$%dIIx6 zc6Z_pll1dLi#X?_-Ef$vy@69!;yH!oV1&OIApAPzn^1NqqcnSN^sh(ji07`KH43GhlGCgUBg%2U2aXypgN}L1Z+4_aG?@096dLU)= zA1-`?2H&5%p>kJ*M#bh5C*Y>^*AJROelV=U>DU65FWxRncxjMRin)AQXSE@M>~%DnoY?3vd{q+k!LtxD)8n+EHvze;ra^6guNITsw`*em z0a`D!f6K^TJmmntt)t$Id;Xfbn<35nebeF(wMToXisLUHzJP4AimPTcH%a%25BDwi z`6K+=D;@Dpaby=h&DJXe2&G}d6O5aAl<4j%JXGCS5dA>oM}1s=tu<1&o0>azpBg)P zge_mlYQ6?H{-BttMli7gnCyNOp@eS1q~PM}r*XJCuV`df`M3=IoSlC1{h0IS>r(L4 zF>Fghik3&f#q%KU1>z`EL0|CM?_E0!74#B^Ju10iNc=Jh${0{>!cp^nq%6CPO$2gQ z@~M?UcG`hOMr7Tfel-M&u58wu8vOubiM&R&$C%E)h*p=X4)E$X2Z!kQ-iYYA&aXG} z(np|@{=P=^1SF=8yGU>q5m&f*xy{7?=Co<{s9v=vcE4ZjHoWA^ZSPmyQ@AuE&75C9 zRZ;Xs``jihBl+9(o?E&{o%XhqSVeaKFRb8|9_V4em&>?=#+TozP+9@IvslkmFpQ2+ zM)H+jjvlNY{PJ@9oSUk*vFFfWqtg!&bIk8OnHR0al$fe z=h+!^@s=8m`%L&Ey1-z{DywF{6=|xW9V7gxX}=;{DZop&L46pNeEU1KCcHHRVe0{_GrKF1wDA&`0N-tVBgG+J}{+^gIWj-aoh!vp(LNhgaxggc`Y$ zg`e~V=>c>P<_vv~y-pZ{jTwJ!Q^>V@a3iicA-q$EPlb{QxjB%o`)-iJT}p7&6?mGZW~kBT`( z=ka-ryB;q#CHZuxUsH1()Ix=N({W!;^77s_$>)#T#8G^)4=T>FSLiz0ulw`VZ^E36 zu6d+b5U+wWH<*;kpRzmw6qCWp){F7y?zl%H6)EFms@Kf}wh6y%nfBC9*<~9BZn-r) zES18R5bCIdl-~mtR1GTG{W{wsxzIBBQm8k##?f%K1$;nHE^%Fw{vd-a~M>G)ZdBq4u* zdW2F<*3~l8b8ww8z4%7pDKZ+u6?7n9U{H~ltt*jrdy!}TdVm@vb%hf_e$_Etpn+zZbGnP`8+h0gWW`6uZiEQJgH{~o_cC9Of*&fY|%(38rXpR3#2%EQ~_xM^t zj+rBVPa7*AJcoRk@7_m8;GQI02(xs@By^pPp1CtgZuG!Vw}Bv7T_T+o@yiPDh#ux7 zj`wH?vM%G<AM=wz84sA>BUp4&;jB|SODR`@uwb3O3z`;K3)sr~_?y5AS59`5trc?ce3czd{Z zd+ggGZU{t1^AUQ42k^aW>izWJ;7JU77Ch3F0QKqq0e5&X=Z4!p|F{<;{piCB5Cg@? zsC#(2fXSWn1ih9|8=_YQ9K`dx1jA0!jcGBE6>ENy8T{?=mXO`^Xg$t3Af_A5mnKH2 z=-l5gii39->2`Q^YU#XwTVzm&4ywtoADl$yIo7*RtHA?Cw^LiCAaaevpKC);r$a9I ztC)OetpdUqUAC%Y=tmAzg1vHr#q8`|l^@oy;nV(gW*F&`%6C7XBO=MOlo%HJ^(kbc z;`Y^WFz)JcVu5=M$XkrmMjbO0zi%B!UyKTHyP>6j$hv0cr-Z$0(A}#1UJ=7;?iKbh zIm@+`Ob0fsfSlrfKL@|^$slWy=kfl%>(G{u5mD#fcwN+I|4E3bMw2)Sjp2^6o%r;! z&*$(1t}cB)vl6!OoK=I8^=(>eJ4Ph^i#v1d{)BB?W4pcY-qkd@3u?lic)3c0<{{7< zlxDeOL}vES`|xLDp65o)ahK8A8NuKqPq)p+2N^Ly^@6N_CokJdjeDeFpi zhx$|4R;#`<>1cgVl5;;lzw?6k)T?eTCSa6MSxrjklDr{CJfDWc@O$&OpD^NMtNr=3 zuL}JfpBuW|7t`C7yZSK)XSQ#)US8bd5;VX(U+?qFVvyJGkOsyJJ!L+(GN+t$p(k_r z(DOAWH2>XWsav}UU8~{E0$|yr&yRtVFCNE_0WHG=`+8(!3f0jfk|X=(gNoK4E*?Ws zi)8HZr>FlQZX5+opW?qIfrQer55nht z*u-l~qJ2wJNRB+n4S)51>EWrz9p%RXT4*;`di9&P9{=p?+kIITHGV$u_)V-_KsWN? zROC-U)$VV~&>EH;zG`uz$S%zGAmhT9T~0E46fhje=YS{@d&$)C8rZrCSKH@#qsgS! zW=TbeZzC-IQ_MLTtP0bed1uOmORQ^i%mmFDE!70;H381eCs&;+THvC#Mr*^*R|Oc#b&L<8t9o zo&0X$i*c01XwQ{Q5!huKhc3x->$yf3g&twHG)1VYw2>YiVpr~Jm>SX|$8 ztsnRYgAVcQ^5tTzGDGp0@2kf^2LPS)B(Y*h7!BM7MZ?q#)ldB<{RkKUfGx^Z7b+5f zYMebW>pf%uKsp{~8MwLIzRbQS7iGm~xDR6WcwIUw7GQuZXerO z4*QNWFK|-NnW3%3t%hrCQfd~mIGWKYU5zm-gr*I6qMET^j2+NagF4}adrBt zQ+^-p2w51@fj{-(-kja}Z@ew&@}_P0^@$7Fy6By@>Q|!om`T6E88XBPMLe~poTt1p z>)VtDNj_xV(#kuSt1n|{L`YwTkj>n!Puh{bdLv)SEVDDw)gIeD#@8H*H1y)!>IU-v zU5^e3xy69=dzq7TV-G>h?EE7KApLR|XsNSyr{ARJz7EO&i<3*1EM`3UUr^WxUxb?5 zz!n+$s`t}z!p+NFH-}7%WdW`Bv*LU3C^oI{bt{Wcmse(sarWBg9|0Qj06Yojn`XPl^76EZj&o)@$gtwK$?SO8;IJnyS8<;nR5%Lx1eoPOSo=1$%KAk;LMKhm zBGo=YClq>&5CH4jT3alrzGF#NbLx5JsswUcbVbQc-SK|GH1&FDse{vFdlpYGXRH%8}lrUlMB8K3cd$A%QONhus^de2+S3;_lALj zs~?QKQ=PksE0;6W4{ts<1}qsz#V@>6@)bEXhk2p0h$XIxaHCf}5w;lAs1BgCJI*OT zjxcX`uFYSc`GeW2KG=KlImf-L`q<2Tl8WGC%NUC4?TPGNe8Tm3V_RJ-4nKN{p8GzJ z_2m%EtY%#C2Nc5kM;N|Ms$!^6zQ<5!Fr%bp#1v1#C9%I5o5 zI-4Y}Cg}CPo(0X#lwGV>xe0m8U-dT93}qLSC=w~y_m01sddWM%;dRv3Q1-gd{vpAh zJBqOoTdw=Y18aq5rg(K4mlFAbq(1qqstgngHWDSy9m!S6))Fb;~IBwGBk`cQAbQF{r*pHx!!8Jv_%a7Wbfy+;M;M~P zW4U<2L<5@d%DF=`a>+tc-;jj5Yq0hca7@71OwlMtLX%chB&#nJMO90!6cZo&K3D-vn&)#ix9cZ6dWLcr_(k`0~_pE<(C4EAW5IV$hAIrIv@*1HOVc=VW7 zE^hmm+|Jjs*eeHo4_pgS-)~OSLOZl6`b8Eu=q>3+5kT@w4$r_qwbxj})GR6b&#i7= zNTvuG$NE84Z<1emh4K8%8x!w5RWRMH^Wa;vk3kCtBo3@w09Ec?B7q`w7z+R=b)fGs z1v#8gzwdNiLBe5+zJMbUjHms+I;;K1(W$%rv^5GTt189`fq$$*{axXkiO(%xhvu&f z_LMsf@b%c{PXQ>KJ z0@DQjOMmWwf(AK{v1u2S931z&Iy`$zRn)wcgqxiQd124tNK2Le%B@4L_IE(`w|jdl z);FRQw7fcR0>AAu!ZcE3xil}|{?U0o4%|~Bl`{}%c@K;b{9(Hn^l)&FH?4nbU9XI+ zQ4~yd@sO=_9Q*17r$M{4NS&_hX}$bP}i^XD3YY(ejfWNNiNg)AW>zgp$skkg1d z5W>)AdhH(Om6(sqS5*FpttRvW#lnOpfDHL;^3BtJP*XwNOL|Kj1Euv^EH}$LPZvm% z;S5~;O*Dw@GBjUE0V@?DJ(JLVICUWwTlERWRD94Pt|^)%$Sj~__5eXoJOyh+@`=7_ z^AnLhi7lclpAyyM#_gXRy`uzJw`IpCiQ46tL4PD8C~TkiR0l~i<39T(e>@(v%M3{1 zw%f3;o5%pfj@LV{vg|=x@(ZtIj+CQVte^erv>N1qaPgKWM>)LRpx);mUb52Y*&YiK05+eD zQ{@0@nB(LPx35uWS=Gv)6Zq#OP2a+m=upkz))hs*jEwdf@A9OtS>pLY-+)Jc)^iwq zh>HTLX?z=1f7~!9MD;4>RLLK`9}n`%K8Eq!_4RlhpaZSVHxQesvbH2i?U7bgN?jE8 zfp*Hen~sDNhB*3fr-!mEe(f`I3hhTcnfrd%e%*p-vMf6K^a}vej%ALvlJ7~aQMG_e zk;w((5ub&S;zLDNa8D~;XG~kMNHPAznL-*z?w0^RiuFMpUr8P-Zxgt`owDw8dRf;W z{L{Lqe}+^m>E{YPLLDAPqTH+?S6HuGhdmQOJn=Smclkzs!W1L9{AdtExbEHoDAV>i z^Nl+S8&H~paeZT?xk~-}*QC9`riwQRgEYt2<5{X(adb!h&+iR(!{WzKzk8@b-+Q9v;R_JC1RoOzCU0)( z`U7SUZ;^?CkQbz`Ts|4dfoLKg;8E9RJh*7YwTA!;pvl6Wsnfl23H5B+^?h=F*W9Hj z&QvyA->dn0F^l}tS6C_w>-f_B$Lj=U>-F-RHBhH_p-;EdI~qmx%1kzHeH7u)f`NUzVluOsS+fo6HEaJ2HZ; z3Rx)?-vg#KDd)eI#0La=z@cZBOHL-dcYUBB&U?Va-zF)4W6y=3fzCFjqPGkGE}YFS z>-_Mfl{R}WBY0TpuV`N7pE)W@w-)I7PynzPX}qs(&$bi{a4>g7{!4DOVgB*}e&(-) zqC%E52bMTNTCO|6 z7%}VAu9)IA9uB5aZdqti)caU3+=z&MAEnWvs?J5)HRSHcfw~cPaP!3^#}0rHwvIyj z!l@|f2q*5eYz`4HKlD(oH#Tckar^v)J0tE36aI<9S19fX7d6h>uaG|<5Nenpv~V_( z4cVA@5vsJU{|aUtdJ5@@fA-2mOGOV*zD;Q0nN%krQt%FFg!??)t^by=`0U!G<*gNX zw0Q&>)llSwKsk)oG8)I2JiMF}+eVuF$m-7U9Hck|De;`bliyEwk6>RGD&G&}b%Unh z{C(RwfsumKbV)vqD3bZn_pWl(BPhJDD!w|4I=ZKQ85SQcBp|B~g+lQP?X8tPk5c$T z+w4nGj&XyLU4L4^XPIop=jLg81&48>fy-;dG0!<1JxhfVGFw_xoxt+K4~pv-OU-`Wr9dJ~Qi6}doK7$>*_ z*Ey&AHbe750ttfIteJ88vXJ|<=lr;&w|IZw%8$7tj?~uv_0rpxGc3=v zanzfG5AlL;!V-eJzyKn)|CoHry?rfmNdf9#$*mOGpA~Fkcaz=Z_{OIClL#-_2Q|@u zS?}cXZGZ|Z&jV&!zBM#Lm7o5KmvC`Fw6lTCUJLN%Qg`_8YVqHRK-699K4ibnqb7D(oKRpQjXO@Vy6FBP1mHlnHDPxk#$*#WCNwR4EfyF?H#$8+R}N|MDAM; zw1+ux^F4zT$5s4tbhKztmpiYrwyzS&weVE7NFP`4qB}IShlKGl4~AU$*t{tV%&0xL5CF>>(HsCGZ9w=NkYabH6ON5cTA9(cFG5QMo$2Vx{M4>!qGn z3xNJ6y2ne@n=~tKl7vE&v=Ow$K*%wdj>9f=hUysfe}+U>yCHdizAh{%032qSs&!&Q z1rn-(-y?}R23mcS)P+dYa(H*c2Y@o-ZW4nNU=6DI`o%wkMRg$LoCqS-YV@6AP@vDr z7rXNv#plJlts^xNeC?8pq4xIKl9dQ1Q4(Jznp*UckDIZ=a?*X>W{gfpA%(hmIyliNcQSb2Lqv8IqN5h?=s^Gr**GKg%n!K7WA>pBBw7W3V z@x#n-I3~H*I+`WPxFsJbZaB<3UgngyPfX(b#WD1rC+^2N_S#q+Bs@m%q0n9S+_s7T8)9GDr>F`KmeqPZUfy_0YM|2vK`!eJ}(0%`IC}iB) zb6j<|4d}V8VF&GnZ~{B}frz?2W|qHieW>!`bM40JYOX1v-5wIP{w2VokCjq=YY(8R zRY?65?Q~79+v6-jpyq7N25B#GB+&DkcYeXc5?b72OY=$_s`daV)h*5su2GY#%*5mQ z{FhEWU?_sJU0=Sqa9N-5wnk(Dnos!c%cy!(3b=gUkuG}_fewc$Nm4a{#`%3d0ENBq zbwymv--mRstu?*2Rm$=_7WOP&bD1dsyjFpd^S5 zF0DN>+U6mCQI6FIHmKqrsU`rxHC6ng72kdWjnQ2NTTvTD+TJIzHv?7?L-H%Dw_5O= zJ529a&mz!_Sx(Q3>X=AiLyof7B-c`ie_C6}>M$|7zq#hgP9l0q6ac`tcW~1Sf(l_! z`KZlTOQZ?vNdQxl4!MRg4^o12D`tt8sJ#sO+>0bP+c=-PEcQ!NJ~XHE3|U4VVkHDP z>o1}Tk45=#)2oghz;3F{J?=L%fEqJkl6EcSx8D`z!p|P0cFgbn@zR0)T*=vMe`5e4 z?-f2I7n^yyI6^$%^^XzyYP@<ko-hrKmJMq4Zu@h6eR;;}W%ulhuC#T;duD(tDI?hka&w7YBj`(AMt+Oq@gYu%z zGtjQj&;8F>8Nx>G?=?AZRIfvp)vhyh@C9lH5%(-oK7U+;_I;ZYlok#?QBE_6)VHm) z`NOf!j*=1fO259;qrg?_*~_WAgZ$FmlcicFNu8J4 z$vWS0$3*qfDPjBwmPy%lS;Th#kgC5|3GQ9wkh*vuH6d_*w`Q80C7Q$dy|(t+r4@oU zEhK##Mm4{65(E|c1(8g#JK6?5g^pd^&)e@&zVvN=iN8MwF)|fU?fnc;GSkXO`Ck0f z(fytCuHe+nSF-Q&x`Tst(b{qZRPT;b@;M`n6HCM6?s-4&gA5;#T5OBNdPc)>oP3MN zzPiDegvK+Rd#N<}WWi?DlDwVmhh$^IX7r2*3T|cwWjl zqoDV3@{4!GW}A}06~e!O+>hNC1NO+gUT0WX`P;lF!VkE@pWw%dS$Ww<_x=?QAL2#I zY%DA;klyx!cIPXR(>i(OX>qQ4XY z*?)wA3Q2XyX1nk8*axTU83*7eh0`F~4J)zq_9)BNAs)q6V0zW5h5TM=FQ(bN>%zI% zg03d*23<;AT-*)6?U!ussB)yA7Izr>5mhByJ}uG=)ePtzmq5{adh)8%J*8x z-s9y6b1Xr|UEKE#M-D57CZ~7DuYB`b>!b-)pMF4brBM2(QfPr@(ms@fEL-bL2*hpv znr7bR1vu)#IL>s~ljsq(TdzT0o2Hoa14isn)&P|f2n)C-W9bd;6SROwR}4L zxjl3rbw2d#9-h27A5Qjp<$3F^jqSPBmtR(9MY+%MCa9Rg<655~jMnPq*$dBDR{L~< z`1IA2wUf{bN_E(tU-5fLbGo>Hcf>ud>Wr@s?RwO3 z;l!RvR;USUK&c2N&>fK2a4$-9x$D``vJG_h>7`vm9i!fl+9#SBe8M{*ENxTEsBk90 z!2}FVoKwKu(y}U-GMZ$#+e(csFy$9TZs8YIms3E!8Do1Bo*fV_eYtnUt5y^43KgdP z)@Ak^;+51BWy#5Wa_(V^?#suF%gy~w=42er{s9F{^Vmj0nMBN4mCzwqJdH`ZE3st1 z4iuTuoGU+rtPj*RYxt^sAOYa@77eU}zFcJI1EHAb5r_|POlwi)kjcoa!ai5Swtw8V z(Xp&liT#{y-Dia{AUsGVXXoLYWn*^0)a_%$$xFJzy%amN=p0D-Ee!7?6w7YUr*4tv zJu(^(o?HzxI9=44bNv~=rOsxsb`%)e!B_n?@i2VvROp9sCFOHq0F2H?oH5F#pQht? z3R@*bY_d6T2y8#D`WoeQVo2#K*y z$%hNKKm{ffVIUf}RY)1tyIfW$j=_ku!ihV7&h}9mk7E4!IaXkLK`AA zrtM%6kxr1d0ZPTR-450RwTGzu`n88dGc&4SKtB zcE3(CI%jQ27#;kqo*qrS)4DuQbmQ8CEWF_AatfI_NhIGt+~d7ot~Zw{(t4=AP3n1l zqRKk*K>*z@at*^Hs6||Ta8iD|tv4_HLq6C{PfHz|UDlrnAj z<}38pWP+!!Rlg4o+T1@5dIO>tU}>>Vn+3VSsyHB_NNqHyD_+;jZ|`Y4G*Yb%=Ux(- z&%KKai4c>lTkmfLvo%X7gxHIuueV;JJ35$v#fEQY8SV5UpX~2)fszHdtiMew`v)!@ z2k-E9td7ug2oD9CIStwbb}CDhZDmD49o7N5{Hj8_>Z26*l~qPnuCR{>{MzOB`t?aG z#thU!CCW5Q~i$<#83 zTR$1(vHALJN$is;nmzKD{bbtXM0lni#2jBQ9(T1BFTFzi5$X}Ocs_4!iNn`<*=iYbkfcWhB2*}i5U_s33=mhze^cOx@1kQ(8KkQM1^i7&jrMzn=^ETW&KVaF5 z@3cRBCLoos6Wv{@;0Xomx8BD(abaVL9TQ0O(i~NAhu=v+^p&~H^WEz_TfZMcb@-;( zTGY)HDC1VP;RgHgU>&~nZ8@@Oq`juTU8Mysk<&*lsgrigK9xdKN>XP=0j@UGpc>E; zoS3c;w)G0mfcdx46X>_@1}q8u9PY;FU{9oYN-x)?3@Pejd}BFsHzuym#G!s{n=O6{ z_mZbT&~9LW`JzXnXeFXZ3M(a5)eeyZ+%JV{#8G+%%D_%Byscs%q=AD~^>(x&*MY%q zR%^oy`!~E@a2UJUHWq=7%_0#?EBR}R_ z=q-Ihs#AickH79^Z}SDV$~SMj8Quyd;@Fa<-L-w6a&__R;LEpq(uLbkFF6t(P*4{b z(p^SYw2P$kE|m5QL1QT|Ck)%uwL1L?h{v_5sKhkMxQp&5UK*4aDg9( zm7ybZ$m{xg<=^flVa}%XJTC58%})_(HD!;}HO=jynkb8K4daK$fwJ`&77AKc)#+@!^UO+r~nVOF!4MoS_@i`t_|mJbpSmV=r3ch-ax#!)SrJf ze#PHaO+dlxB|M{6hYWt3ShmE>B)c;16}kgm(RkPN(2?<{A2^7fp0o#fX3$RnDeuMP z5Oz!BW2IhQ3LnUfNHS9nzYGngS0*0sZ~9PGilxi`@xyzktCR8^b048>Wgv=akP@oo z9&X5%v;;#X1r+4^;J!G*Pd zl;i01>n8khyOJNv^HEbm_&6j7L0GX<$K=zrA0Of~%+6`QQ}7FrxvT&Jxr3@kS2rVY zK6u>SPTq1=E*DM@6IhL7!tlfa-#X$aSQ`t`t>wj|L2pwpch7Y*Cp&zi&1OGnyqb6< zkX|r7hjR>hdp=c&X@9g>XKhyf4$tixfOIj*C!qzUuG7)jFIOn|=B;zymqGk|MiW$f z{(S$jGvzU7I=;TSU9Ly{P0V{E2=n?dmIRkxoHX~Do~9NxbFxE|-yuwLdRz!2aUk@I z1FY*KjK+nt_BHZ(y)z0DhEb9{+9^uxDj%!>3R;r|b3;k0hkt06!JE1|;pSh?VGUze z7+>OzI4tg6a4j#gE6H=ab`2`uV!yPpmKF5jcp;$iz6ix9Mqg)-O{T#IK!^P_LKo&d z1h4xGS}gEZG(7W6u>2nKKVBO?VC%_e;|dQn)90L0d0Bn#O?zVJwQ&biIlq@sji(5> zLG9njPJ;w29FJDNBnG&qv$zY;IKAvUTT+2gyEJgHB~wtI!>e{1dU6?J(qUR=vL=Aa z9){ol6q2Wg{+Q{9jC_iFkNz|7A}OkreTkO8kAH0M3>cwaL1vz`{H1-qbD z{X%fGC;DnItU`eOKeL&cU@=lZjkyEoL>aZ2;Wmj`z`}UeMJJl69vjB4dROMW)vx@> zu%p{V$?p01BcMzp)OR3W_HWMRGa%BRWX#O95N+gdE8*;w9$|?C;_dH)fzr0)SB{4S ztor~ae8<{vhQu@})NGq}k zzz{wkBmcI<;hybnpX|@2UQ@IE)|hepNL(c!GN=*z+slT<&gb;~>_{INYG<=NuJ>1& zltMIqLA#ZD@AQ-4w>%Gal*O7<#{AdtV ztH4kWZ>X&o-%t68P@oi>^G2ewd_rFR3Fa|;jVBUnkcZnoUco1JTR9kYGGH4HGw)ZnuHT!BcZOt3(p^(h;Xlihj_fX^ww|%~9MEv9Kt>dCv z+jntu+kuHKBDTQvj6L1mV@`MXh+>P12rAg!E!d)%Aa;v|g^7wSw!eG%zI%V)b3X4m zpY!)`e?~S;JhRrbo^?NWT=#W(Y!oD?N`W^TB(!G z75IrfB~@q=h(kgtG0btGNpgdgBqXzfP7+=jlcR`ClA6k8;K4z`Nr@~gkFMh4oRc3g=>gZ3FT60K;cR+l?VII${=aLF*QS4hu!nfQPMTQbSfLm9K+Bn>=jO zC?qnVGlX+NaX83)NlZdC0lGrmK{c{}BdQXhFadkb-BBj6xqk zq_jq$RiG+T0sO;(afCQj1nKYwc1YMeC^46v2)x%8sta@s>7gi)kC{k33Qgq}QHT@| zTZAX_IeMMX1N~@Z3ZQ-sTbxN^3q^P~0gYyeA#5NLAW+ta*L2@vRr%;u6 zoGzeJi#cWnMrDW)Rb(_43Fb^*1dMUvC2|wYX<1s_jkR&8UnA#aWl>zCmr{LW#tWT>T zpaBj{g?XhALUNmhNM@@EB%M8k@e*lRm0AUhnc*?mND4XLz)Gbe7tN**pi&8d5Qdk` zBn(MLrMMIr1~LnE)|rH%!{2}Z0Zxq}3GtWE z3gAwn5Pi5%#K@OGj7SZbVS3>fOm%5tDg1el)nyInfpZ=%02;<2C;}h>>&DVWf2bbe zb|jiXA6x$q|bB{ zgBVOWriNY-GzVyCIbNHPXK}E+YDB4$L2=SlA+?_xlMzHRi!{~elm>Vn(B(FR4?*F0 zJX)361r0s{VB1eMyCQl9N6cVHBp~Wy1?5&?{6k6Xa6_YYQn$dVO%*b|AbT8^V0b~c z!mEOBpxcRbX}}A`9TkxrMI0+T8|62IlvFWJ3?vM4Krr#t0;)0Ui}=tSC5ZpP>S9<3 z6b_K7x-=oL&4=;AGj5eU%EzW!{CYo2fy3iXG`3s z;SiJMjQ}$#0B=kJjYViv$ZbBej>5qyL1DzrQ^|u$x}V|&X(J0sZROdS^i(iTD7snf z1u-B!2f5?zD3dD&Q3WNMs`c4pN|qlJbLqJ_of>$Lbq0xFj0y=L--yL&G%0A@jmCAXR1o*9lDvjPX2^9c32Ejbug8DAux+F!8B$fy1DW z0y&)BZ9(o(j$Q&Ih(bDKUDHH3A)aD#`ivZr2n|O;0@iCgQ5vOUq(F9sxK#{|mV%R6 z8BPv`!-<8s1_m1dCpNkgUIPj`CRbx~KxeBGdXFMbj+aSr@q`}42#Q@&D`HmU5jF@i ziK!r-4ag9gR!yP**}^12CsT%p>Z{K~XE_|afZ6GAV8c;Yz#H`&fr6I<0^-0x7z@ck z?T<)>PAWbk;3*;Cp{)pSRvBUvot=pC5P?wxzAxf+Kz}Cu0^cd+6Z8%MtCE-+g-~SG zq!Mgg720Btq(WPlUnK+Da++PM@aVaCojhVSyRjhIE7XYW1YpCksfcDUt`sjn76wx; z@Nt1XRSZ1A&QMH7=R%d=hZ4inS?E9+OH3@RpPvacSfMzA>z4shPqE5*|{VbT-AQ$5?0%D4+o$ zz1$V>kr~>EokX{hT{^9ooC>@aZcw7NpfJp^4j7~qWCqgAl+=*Q>_E07JjboWLN%3T z#M0@aP!JLmPO@EXf)-vR3Kx@2AV}zyhSWN|-RQun@%$i)6GVWv43h)I7PV@bhfMGa zO*Bu`!+?UBPr{)HB?9CPa<@~-m6=SyUPi*HIjVp>kV>V;#3nxkNi2c`^oE^AvYJn% z8zMNa+<=QQcyv~(gCbDk!ZMbSB@qf~C{I*Iq5yRi4tUi$RH@74BnK>N8^#1Rc|YJ# zaY7>oEe6XcWLZ%t88!k|nPITw3G$ei5R9VDJc5*>7Lq~b=nsK`l0?;5F~W!fv5cV2 zXA3E`a)a0tPK`i{CL+h6(Hu8Am4?GHX(4FVM$SYN7J#%3{2~@Q#b|xd86}GWDTlWK z*F4jXCC3bWrN_jknEpO=T9+e2HbXZJ#bu6( zG)|x|glFOX4mFL#Q91OKkWbG7W@`@}8fW{L0J>xfjK!c>`!5d-nOs0-070zyiDp$2LMR?ok?K zYGfM3Tp3fRQR4v%38*-q35nU5F;*;M7TWy*KT?{JaXoIe9UyWrp$vu6M2Y}su8L+S zfYwS(3!NbfwJ9oaq1|*0io-@pOlF#bi}Q$yB!h})KwGuYQ;HZxu3Bld31wWn1Juz; z;SexON{vdr9cIL6#WQpUOjsa6?pz%(p(E^#et}$zBJq8IUpE47EFuFWs6XT-g0@!3 zX{3dNFsMUm04W$DUWy9J=JtDR7kC(3CQVc4M0u^QALOl4e z2q*O+|A(*R0j(gO6-L|-x%k$U-1Xb@-9EMvMkp1t6P2A@f4wNNh?d z3+v4aqF)#EfdG(&of-@UK;o26h+#o0k^(yu2nNt;qzIpZCvseLOi<6}MqQAUwMKAQ zv`I)bS)yST2_Ny%e0m`_jE`6)0*SzghkkyNSq_937@te4W^=Vt8UqvuJTf6xj|Igq zaTLtGoEJ97B7O^Om;fQfN*q39bx9~rMDUNn5^(7J7$+?d7Q<{Y zup|mr7B|%)ft)xa zY>Wl9RF#nd1u?RNO{7Icbi{cD78DS<#|hP(uQ}MK~f1855=t)YoQMq+T@VpKAjwea=n}bfM=60 z7zN%JD$xdqC+7(qD78mxw)j|1EQ%Z^`GwG^5`_VnG=WEN2Yzci5AvNr5zh>GfsB?y zqzl=IvmbSe>~6IH3*}80n6sFbg*Kw`B&?Dj1CS*lViQrQJ`lo^4{xe`aQlQozq_;vufCqNT` z0$#_62*AVxPccn+BaLeSCUI9PI2O?MMTDTkWN=}je_16qprGPwHJW&KIZvX}m|b+x zi^D-(FT~NS30jAo9*d}DRv%Vkjbdd$CBZT5!QfR*lz7;s^M2FyuTcNaw0;WTIPuM5IvzU^W#NYXG|L6ns(;U|uBO zAJJZ^-iFY6P|RW_+~EvlOimDx#JD&Ivi;~NQa+N;kU{4@g9@@d91RZ&Q5b0LhG$(Yo5;w*1B)r} zUoz1|xq%mEYI!`a!z$!J6CsI_8u4?y-mos>#rf@QqQOpQq`JsHhQJ)Q=$RU*g^+YK z0bU@0E>;rCiMA4Oc!x|0(G9Ts0u-B%xR_?QJ*ap4>=8n$#;=LdQl)H-p6l_(z`Tno zp0Jx16Vk9DA{j@)P|+fQ4mmMFxm(I0Ndhzs9$at0X95&d?cpeOA$8CimT0X2YKxIV zDmR@*WP z;K!1Aeu>9OiUk#^kem%L9V#L{h~k=1N-;|52W*W6c!47HMG zH>-s)8;l+{4<4`h|b4wYx!Y02!KgQ zI=wn10zXGhVMo!P5R=EJGN`x!TSbwo)i|j2>SQ6Qo#-;gXb^+{k#2?T5OlAbtxma# z5wQT9fl1Cc0RX~i@h}BEh7KAtsA?em6WgRxBj}9dc~GF`aDq`I)y&k3AxUd>Q%zJ% zh#PikobnJu!V-hLEQ(=Pc=f;*V7K~+6ik$rDrVD2o=`L(ka^5190;8IBw>jNF%LpN z!=j{fEa9kEz#)S0G*K)A;Al9YRr&E?Dxk(kg7S7yg78Q(w0e$+jR9O&j7z2Xyb&@J zr*?u7i3H#z337Z4n!a30+8>7qx|ROWo68(rlg3DN7(mz8Lw9%#B9$OD6)y~>N>Fx& zGL;)}fbNJ%FQU4gV8@a4j8@LpYk3Bu4M_HI1P>8{0=iAcvl+qD)c=uSppir%fWb#h zon0sK%aII@&EX=V)nYM|MHcvke6`l*^PolcpoYv!HESax6HbIT$*B?|h#PvSv7ieb z4aP8rpavRVxjvpEXi;;>mOudfON4!!5`!*q_?5smD&>Dx6g%t}`ZYc-5F&Am9wG}i zK?>yQ&03~C2xO-+mQMw+03VeM4Mz&A8nFn#swM*J09ZOwMI=H{)A2&QBILs1Jzj|% z)EEOE8&LXc@CsuT3e|qELghm{K;hPo;l<=UiUEbQNJ(au6G#KOIBQr*;YE#F6ZD7^ z4C<&(sKe{cscb&7?}n@{MkFjH(_Q8W6-AS?F$%ScCG@CuQfRLuv0&UNE0hZ2)zP3O z{6~|=?r@t3px34#@sL{x%Zvfhr-LO`85kC|-boXXfU;F7H8SNMkUk>_0I00SBA$mz zjnSc_HZ@;JqzM^evkk!17NE$K`M4T`Tdlxjpo3H@huzF>0Tv0BH&tqiNvHtmqXiry zWY(lo_-PM{&?2!YB9jEsDkZ2fMrZ^I-Gf0a1TQrJ5i)KVxLm-X1A7^o!%|WiDm(!S>nOdCLh?wMXs**` z2r58j6YpmNg%bu3;sF6Q*{+gtNhqIR58}5(lU*SoMN|MqlG=n}FJDe30|6(+po<{m z`?NkvNDO4BL>@otGXn?~mH~rCV3E|I=Wdqag_01&Hx!?MVO42JE(;=aLopF`1Pcum z)P+zt0U;b(YRE{$dGSuKT&2a>#6k+0ug3#8T+HGF3=HI5Y_L(gy=s(R&Lv_3It&%I zABvi4QmZg(pM}g2(%521vH=vut_N}xuU1X<64c^I0Px!$A^^AW7Oz0AjPNxijwuMz zIS!Oo!=?bYsV-vI8OeB#GQ?3LeMJm2-6{z9OwcnKfbYN%Sdk#Ks^Mr1CJDN*IW&ua zL&k(9$ZINtoefx9Ce9X0rE^(g5jrU4NlZ>T^bNu5Km)I^+b9GN8U%NVOu1iRSLl5K zu|DSTaAh<>3>0h7Xdw3y=>jf;gz1Yiq*@hZ$dLPupcO|=&M-+0BBHRAJYJVW!{$RE zp{1zUF~o%dX<)BRDMk7fC#vg`P3bf;K~5uahL^;o-QG=z&nlkBX}b4@#C>LpI=A9hPja-S&Nek+)?li zfy@?w-9&IQBv?E~mdZDH#5l5)9$d5aaMVwVf^#cz{@gO7{y4 z5j?PoYeH^-V~VUXgUSb2oe>ez-ChnB^jD2Qc%W7AAt+*6!KVfMJeEsFJn^vI5}-x} zexLw?bhpB2cY#WR&}BpG&?uEtD{^5CCYjxY5t&^YrBQ_@g<)6XQq?4&1Oe83l9VV1 z3IZ4i9t@ku$KXKDQyW3du0R-|V2LIO(5*qDGYaaHBFGo3m8lefk^3niRxV}oxH>V- zZIq$;ZX2E>1?xdk14ATy8g#Zn6`N=gseAxY2ztmQ90xppAa2LHV`ecO6%LzXG=?SM zj&Ya*fjtrg!Y7Ft&58ywY813in}8?))R=GzGE1Nix;bW=)nc=14Fo7)TLWPel8Lk! zQ39#Jq}AX}Y_C*lAp?U1GgV2G7z0?kI?9THbP>k_Z={%HLMLAhav%Y3V}@4%fnI)XbBkE zK!eDEJ_jl|xD0P9L!pCaG#l^|nPNJVjzR)RDaLO=!;VSuGf}A~&?qy6EKtkxN-e2M zl+8_yn3-n32n6YnXa!|)%lrnT1_Y@zLc|iYQI>!X@Gnvzs8^A#2D`->fFtoafFK(c zBr9U6d=YS1Aw8-L;Ohi$54=yXYv77Qdc+9=1b#7xM{+T^I;91+ zb_!2p1Eo(60L|Dyh@|5{Qb;OPib-q?T?$5(ftQ<26gkt43qtcek)sh9H8P=yKmf@` zZI}x3CuXeyOsiRnve3zdm{UTNlBq_&Sj5(H@p>$jb8L2zO3foiB{JBvJSe}!NEF2& z6X&rhtrnp;DA31ZR?nYCWeW~ZB#OjJPXur^C^Oqe!G%Bw0@*!6f2gz3(9!3lghDJ( zm?nZGTR;pHzf8U$0##s%ng(n%VV_xx=6Xb7iPNG3r~;mXB7kzM&jyG(oeJagxa|s$ z%qQgO%`|DMGelC_U4AXx(mpFl1HczW0Ss=5VtHm2L8V7|^~yhj;eNN+i8C-%zzm_a z`#^72#!zpgjOixX_>o=p6)=-;^3rJ6#}s1eG#^6VhZV98h;D^j?xv=d0`lS*pk= zMqC`kwe#>*F{_P0QlQ9GIvYf2f!x<#0g20{Z;1qFy`Ku8r6FhDAax{zwZn{1Et>| z22>_Zt_y*#utg4JBr3X8i*w?*9E?~C8n1q;&k0u2T_F0 zWT0rROyB~ugIB@{3L;V#3GyZil_&;c>AtWQuA3R3>QzDWEnVw^UTj#8dyYOIwMez#o2M0i<-p7{48^fJ0Te$J;o{jr0}@6s+*GV7 zECNhOp|=8#Dga7(z&2x)fSRV)r64M>S_RO= zfR;s!Cqnxi7EpC^$aPLBjRVbcphn6eiTKD-QDYJh&+i98H?)?AMp*$V#~=tSe>y8% zu~dSM92jaVqS}yrR7FAsvtSw^81Wv16S(@_S$eDro==@ zGBT7h7-Zsq&j7%GV0Z`x&fK8Y+86$>t4m>t9BRT zM28~4Fo68mtg1?Kw|v&X;&RTabwA4rzq*S~XR}Sy*d_ONwb_z=ckE*l;p(998~+7m z?wQZugeun28FliuzIu7`#w~1v>>B^^n6R(qmxj8#+sw7y&yKzuIOFKbUzjPnSKYrj z^6IcA{KsQh15xJJuEg9L#Wy#7xkdbsA&}vU7hasO3*ND8aBatm|M(O#LY#g`Z9&p7 zRH)B*yr5S1VgKj!!-y&QLaXVd?=s3Mr!A@%>gDhoTzxvkBc z|Bh{~{&^^;PSKR3m228Q{+e-cw50Bvr2m=xbePw)uK!+=AwpBs@~c~ymREmZwD{7Z z)}Ef**2bqd7uD2(#+S4Qyn@DgVk3fW9y{9SM<>?$lK~~ zXaRvk)t!AiPJI1XRetATa9Ut$tBUL%7e4clJ8#fGcP()-EW^t*^$LES5hF8?e5>sH z;_8Mue0{@Lx@({Ar~f8x9b%T#P@y)_y^WBwtoP57%tCG$toVkxWzBGNJ#%J1+MS$F zx9Z%P*jAd^ss23qE#3s31B1Tz&mG#l4svL5|IcTDEUo{`i3W?m{QQ2T`|!_Qegsp4 zl^-QV4ta0o_QhO&`NPET>%8+e|N1tcAS7=RAD;N-%VW=`qScr#L&wiQH-v5cbY|Jy z?rh(J7hQ^P8rL6RpC!t49)D8MHf0G`@@s!ceLHJuWx=?{8}+U9`xYmM{x)8BCr#ke zGk<@3x$MW%3TC^3CCV%7Pj~(OCN8EE8%ZB{rP@Y zqZ_k}##Rf~UyScL_Oolj{k*T-`H z(WK(Y-Zz}n*$K1e{;s~Co)lhw?aF3jTlR_}v(7CfjanD|St2iRoNhx3SIy6CKX{ny z-oa#2!LyvEonqYirD9{%A?y2RE8I^Wt-Jr^+@h9q`#wv#azHwCM*O?s2Rsj#p8L40 zYfnLEIMl1`@&V_&OG~!;-aUGwD064Lo1rH>dAZ}rjiOOSK5`#$b7ZtTMew|tOJscc2f39J^ZA$y`WzLt!eftFueq2zN zvix-R(>>kC=12;x$9SF0hh4Rcd#1;c#*NwcYUI8V$EVKeHMVR=_LTd-d!7F)Gw;i3 z$(IW6laF3C+Pgn(MUOR(k!Yr5?b+_@D)IB8iQi5iUQ)K!@VZ2jAFX$|UfH*%RSDr8 zqjP!DhOD1ele*Txcm;mSMj6Wfyn!fh6}?*?LT+!5mz+3d-{mN?(@d(U0{DEU{88Hl=ZXo#cdlJD>Rl&X?kM%W&)-ypG74%{>@gd}i4|g7NXj zUwyvxmi*{GvT)yANm5_V)c4odu`W9%&3_ki9z1)DI@WM`wYp$znfk!E@6+aQ5e?g{ z+>vsmO>)vzQ)X`2j?t&LF6t}$ad~>1{sT@=tX;T!TjKQXXSUrb1N&jSvgK6suT_Pm zS5`@-FD{SEetce

    • z;%Q;zBZLSHeU;wQt-7{#IGvu@c`j_w=?!5_Nw$8yizy#Db+@GTBZ_4YDl$2VwBB~1 z*w!9)Zy&KztcUezxUYp(4c4A)HAp>L9B!%YKA-ogS8^_@;x%EYbrmqKwdRG|^r8T& zu^sO0o3g3#pshg1{gt}daUnMNh5@ALrj&kjf#>lBX{Bg<#+m1o%-Ei@{vtL394lXe zgfQe(Cke?UTI!K_jPbjaUWRoj(b`i`6G42qUbtgzay|NX)a=UhvdJm^AB-uE0 zpuZ9xa+n=}#mWdz70>|edp+WIA>QIwP!?*Jh?3gGPHbxyi2sFl0j-C1@wAcMJw=3c zemnHD0V*cno4JntY(@wXM~@OSve)KM3f{F_!D5O_s>fX zpZ#rHtL_#yojZTt^K)v{G{2~{D=6d^P&g7c1?nDd4;N)U96!d?fV?_Jc=4*&Jcqtr zd&s!EPg`4xX&26$0(u~h?cezcM~7IC>(`Y;*5|{#?W37D4B{X>7-K z(K|yVofUyEcM(ZN&}BxSz#fTb@6YK~usZ2pas#lv35MUN91td_Qa(V~&CCo5uUo=v zSjA7YU>X(C1j%$saurtD0ZJdPDw7Xy5m*7kJyAMNCdftj%(0H*^`5m=-Y6T+N(if?>}@@73guoxxE?>+#8AF@+wA8tH+1x>=PH##1{{(+AESG%?JIX5 ztT0GpdVbp>Pcr&eocH7`6Z2*+g8#ry;h}GnOU0IcuH^snt;`r}^*aF{#Y#Vw4dcq1 zP@5KGQSxgJr18^D@=9&w8!6LaR1wC8kKu?3Xy;Q^S=~G4;`>uP(e!YTnJ#_T)@PNB zoT&)0wZEUXINu!ATpF|4)L_K-%=8DF#ZN=(?r9)5qBpW=Wsr&{^7(aTXflbH!hTs> zS%QyI2M<~E6_o*|rXs9?_S-{4>^To1H~iNFL!}W~npXiODx(f~ObX^ljfO+M5tHnE z4feg#s8nwu_{Q2oETjQWo>jh5ryTA`E@1g`eawM^jy2_dR0DQleXEy!_W95@n0zfz z8AtR^Lg-Xo$yYY;VlIxdahF;sXO{#cMSvycuR}8$k^SbE(`gRj6P+V4vpcw2Jm}VV zDsB|?sDy3fMSN1yR{A_iUzUHtmA0YafaV_#PRr=kBi|ws{xYNz!?`f>c!k@xlIWWHG)#o9Sk~qE^^2kjBfF zfQUB}%#+tUV*1A3*9~kF>7mUnuHHf)UXiVBTxOar_ACx~YfWj{MNL<1=Gc#o4xyh^ zfCx*)u^%90Kr?I0(gZhdg!VDEp?J_W9Ga2B889mZUA%%0qL2_;7`jzM^Go*hI zB__{|4z_z4zD8+aX7*n5Wb**Mb|TLqxnifjlDGc(X%m9+tB3Z}wq`b`DYBRFfgvMZ zlsw|*3120GSQnT}3qVwBLYiPbsYx^3tBEY+05rpPFV3N35tFHjs`+?U;(svu8h~9m z{xhBk-j?IVaN%u=- z6^&)l#Ccsiog;A(`8R%K z#F+NvXE}i}k%T5|QZNFm$niUTo=3INUV-VUsXpQpPfh}2a6M*_JQ_vilVbV#>rp2g zjJFEe{z{26HBQ5qE*;K4$dcOngoEOELAbI)>>sWn?_tYczx>T_e-?o-vJVbt9e%Hc z#nGC5vlCF6r6d;?wz=oa@=8sb9xHlgdPC`TDA%y3w_>wKZ)@mTqm$h6{E7GQG*?o^ z1du%ee^4nDMb)l&;dm71JYglqL@3L(OuK7Rhjt9?RmE&v9DVxcKPyx1LUF&}L}^x* zd7Io1-EeluHS_`qyb#V&d2SK>tQE6;jCR0^AA53(&QXc0a|Qeq3Ivh|2ft`xT-yE! zo5g8-+sn)M8J7R)7k!LT{4be#^O)t_g9Guxn^U)$VCTnjT;I$P#m_)GAN3hq14Lrb`PPZdCKnT2?w|-2yv&#AcbjAAb zz*tjA|Bvg>7!RPX76vvaAUt^e7Q44&j6Tf_CM$Mb>?(wP>qw>a7tXSASLrTGK`)!> zn8+H`ol*~z#U^2IDZez;x#n0cWOCQDrB1hRC1KZCl|j_uvqe4@fM;9W6U4O=op10- zK<*i?((`*7PJqMwjge5(>^u|f>FMVQ97kW^3i`gZ(K&#(oBgkGXQ)Pt2j*_@4y{5M z6qK_W07bGyeDmRP&Hpz`h2{HCSOmnY z-g`kIEVM)-f?vPHkmTHO^p1b;41EPLf2jK8Y85k#r;lr41*>94lnnq{%SrVw!2RZ7mI+pel&iV+tb$oBwsig@%jy^^Bmy^L zM_K(kL{MdL&{Fe!!PhIzi5Y~CRZxc+T{QY8XZ%`B)L3O0JcYExihx=KkqklD+ zjGV2TBXQ9ohJxfSn9sxPER~63!tLT)>vjuDT;qqmnCBAP&m$TU3UeR$N8@+U6NnI= z@mEhOKUAd>(tWAtEhH0@LlFWKbpY!H)aSHU63yLY>^P<)`kTwBXw=HjN5eSy?1P*~ z_0(Bb-F`IIs?@Xr&!yb9MG*Dd*Rdaey~%meTgD|w^FtTp^&OjmMaU@)BT))3N6G&J zHwMKlNVpc%3$1h}zt3$qpRkB~Qpuk@9oVSS-nvdnNixo`JHmWMb7tPg*Pd&kz>1GG zl;5s){nLcEv2Wq}&;}+ONzO!OTcwuWx%fRp2W!xQ>pZ|sayH`eqKYH$K6*H*{1fex z6Q}d*3*jc~ILU_C_uJ)mmRz^eRCC1D@=!Q4+pV}<>(djsLnCvr4!v*Cy1o~K7)Tr=y z?Ffy{lKgZ2`w!Jj;V_k!#&7k=@G-o-@5ZDb|1I*uXT$aW9-%Tx1LK3EUbd!hB31aV zKyRyhE5-y)Kr@tMWY5n2OADYdjsDJI3Y?}u8=?pP(_obj-UG*Z<-gpy8BG8->5>OqJE37aPsPG#<#7d&@Nr`g{0vf?S8Fu;Q16&0|N-f`8 zf?3V(%Kj8Cd_Brp~dio_(xht`3S)-ZAN#ap(edgilKN9Hh)fER~|^tltrIm>Hl%_ zkoC>;hBx-qhzv3%{LJBDb@_HV!sYb*&}mNy3zj`Aw3~YS-suED{H*18m_;hPn?27y zJUr^0B%2$i0EYbF(|5sGyW})cgK6(he^07~fr}u_^~8G9Wsu1BliICI%7h|DOosC` zDs}>Rq5ll@)8EevLNZvp(UDOdcYjB)P<7~U$4uS{zwd+!3$Ff}49`gXsvGI=U+pV= zuAxWYQup>6|5gP1;j`?3vC8cavy#1s!Y|BV*nJASXfd=MP4L-^p{-uXy&M-TP#&2z zY;ENSU4_eg9_a@t{NSJZ5;Sr9v)1R&hNiF9#ojQdca*gDoK7YgB4V;HUwn8aeiQeu?>pQ^^IbIf}H7ExZfa~T$ zAm3uMP}7;g@beVki+%<~5n~mOcnNI*t#FW-^?{zAM065X10DIX^e}tk@z{sxW7iDZ z`u>p0s|m$HLk+l03p6&Rr-hZ{H+ziuSs2H=?BMcTf$n7bf~g=A2Si5>f@|NUHVcG4=1oI7-VzD)@i=ph&lM)4tt`T7vqap5e5!MC*a^z z);9`TKOxjR8P23)DQT``t?1e)Wi{%1fG}8gp2ISk2ww8(BQ=SIa)-lsyq zidvd~!Pb<-f7Nje{Eh9PZ)0rt;BZjNA9CuY_ZvUx+%eY^;FDIU9y%Bf^XQgEKLVqj6_SsW)}R^Z-YnH$>{W4L_Rh&QZOYdvu` zPT|N|X*mj6@{nI}#Z~E55eQXQ*{xTl?1mvM>tR;`z=W$|#@0_4 z-vT;QXzHb_QR|nRcSNKOgjD~|nfL5*k6>~5h{Gwk2FoWfF$P>^@xo#=q#=S6oE zk~PLH!!C~;SYnZ7>Au<=rr^)jf9*3##P>U`UJx~8^tfzg_K&izm~3nKYMdGZ@zH#= zSS$-j4P+7w3Se;+kGo?vRimL2~jtE8FnFMw6{p@+YGa(fH&J32oISA%p$o=%w% z-$)pkcve#fBH}J`67Az$ic?#0MgPk9!ax$)0Qa3vSTA;G_k+-f=f2OsBj+(rzxzN! z<4Cyg(VH9DJ^tCWI`YlmCRRseVIs`|M_UDi>h6_>m77~swf(Zr^{TLMfogQe)X-6wJH zg|shF**m>NGf$`52*PGKU)~a1465#e+e{nkVvAl$+^?bo2@d6Bm&bq~E!4*d3;A6)C?ogP7KGQqDrG& z0Xl=w4m2Fc1&ZW_Pe+VOWcNm}j`Y%F4$6+nL0W2BZ zap=X3s#5$d&_#$m00W%@_jdva>{773orE|%ovu2a;pMllusfpYWOV|A)yL-q@WH~FlNh(!kre5%_@DAi-Syga_&f!MdI)xl1;PU-XO~Oe_ z(RK$JWEI^IJOT!jiZL}mr|dwhgEpW;M3)yogFmB3EL5k$$|8&q>h|HeUP+KC4%^#*E)T1VNCo0qE~^*CDM`Hi-C z$q(WGm$QYnQ=W=k@8h8tVlYpe8fyDVYp9^;0Nt`kDT9;C+c@(32P$H|Ts3iXxrivC zu4p4O1jQ2)S%7QVY?Y`=GGSthUGeW9Va+qpT0bXsAl=posh&%fI{G)hQaAl!q=7x@ zGWUtpZ2UW~MS|kkMq>TAvt@pt|M~x${C{gKiHG{5u@GB7{zq4I9}e&e#&^ z`97fXR#h56IRFISgLydZBrF(mY*ck@Ui0b8d#By9hf%A?Q6?B-4<=NNLM0ZTrhYNV z_hM7T-^gZ7(Gnp6khhOb6eOnRU3PT}2^1chBHcK%J_+LFlP`$=tG^={Q4{|?AZVXV z*Ru~4SdAh{H$%`~3;uHJRAW@Gc+BP+^|)={uE+>c-jGxvOvpts3+OgjB0lP~Tui$a z4#Rru9${MnBUGq3Pl<@v;Pl^jJcNCbu3sOPf4RxQxEAv>e`Ah`0kc>f+FcAf#UC4- zM%E||)`RMh{K@co1g<(`oJTWn`^VB9#(iY2$aD6l3O;=?M8yo>o~X9^$!lF%Qe1xV zS-`)B* z&yk2987&MFJFahuC(A5(K7uj>=Leaxq6cp__Z`U-dSB-f8&#-BfXEfCdj7kM-Je)y zDiXi4=9>Lys~LwJR>&3zp8)3nx}vAvbZ`5=yQ2XfPv}U`Y*+B#ZP3;19-k^{E_@75 zWTlr!??Z}kc}%Ge;8C-ZBKWUKU@sKA1^-X&W-LN;Q8U67$cp}ZA<7@S_P6>R)3KBqCCF`g z3>6dcj4ED3CT}1b59rv9+TQvLy6N{FRip8pi?x@>I}58dbUH5Lx4?b{_*)eJI5yYQ zjIPsYn@Xw6Q2r)IjD68TC@L1~9XGTCzlZvSDpK~~YYn$npbME(h@o#KzSYQn9m$iaU`oN}g;w;8I*IdnVJ_EDD!kS2@h+1{ z@GHhGx?67xF=3I{Dvo=~dJ*9qP6{~Xp7u}VdsCLlq5V-EIy%yq2`2%uKjyGf4n1Uk zR@}s}lF#!Z4>vZzj1$hZ)8`l}5LurQ<_4fpb%=HoyaBCHWpG>pmKm(Y;q43;=P@#J z!l9BgQWxi|B=nR(zQt1+j~hno1kv$FD}ei!IhyT#o@HjcTS88|dAmJCF%P|ZBkhN& z3oIDrnQe2xB6ONMRBkwe!=#`Km-?&|_Zylbe#WUvQybTGQh9tnC8H?scTQM5&Q6xH z29Y;DO7+Da(viP-5qIiM>qxOm^es5)Fj+uzhkObk7$E@NUrlb$tL5l9aglw=XFn(* z+L$0Lg%*_Pk;_krTZA;?t&!5)o@$bH0gIk)(pzrJ_1n2#X`IyzDV%^%# zDx8`;KTkmtz|Dy2iQ%@S46#VzEZ_?f1i=sLqu%uzPO4Huf~wg#7w;UJ?axOjNaVO` z6;*8B^BKHt*8@dnL0qb35Nn_bwF@vHd5kBYydiF3=+(bDe$@B;VuUUqbPaN+YBn#o zX^1^gl^C{I1zFb{1)3_KFDuAIlZWTjpN;GvuGTpuz2%wCZC*OIR>M!D7?ucja>DM^ z$r!2oy|7vwJG%-7wAvmFSKuSh{v)403T+_re0-Yz6&R!F4;s70h3&B-^cgo_Y;KT; z)Ci8Wmti0>ehA@+)gw=!*TdIcV6{*~j6YcUc1&qNkST1{i4EJf=k;qVDrxL+q}-no zxsj7sI^qXN%Hq=1j|XKByt1a2)%n2`;|SOTV>M5$%ro`Kn{h; zS?)R2u--fKj6bs*ZPr-GacJsWu`eXj8sr89mCJfG;K?&~3wzO69t<6tB;v%FBy*X@ zs|86o7pbd3{`KRb=P~z*L|8?ggv@OjTXZogzn`M#``0yprsUu?6Vml?D>ZSD?om^E zSyaHe=JF=6iAW#S2NApyI@$G;$QXK+MA^4~O0AD@k!gpJ3+b^f5ze^4jqA zBGkI=(?l8Y>EW3G(yrTSlgDMjD~mE<`1r=5{=DY^=yYg#CBlsnldMp@O?5+iOpCOW zHwt3MJEL)UOQ7*pR#w~G)zzrv4+X2D^;1+8snkoge;t+}ohmEKdnv+A71~&Sh16_l z`8>nd_FbCjPCo*LolnUs0T=K; z@)WAof3&3jmKntFsQ*uPzbH4kcd5XTDBNlGBT3Ka6NB*H=m+9a!9=CDN5XGOpiDXA zB+Uckj0PBN?$x)wzl|hASZ4c588o3EkhqtE3B32EJZ)r^=1;$!^jGdAp zGpp&rCm*7FXR{wn4G|Mp@}5&KU8_OHNIxfDK%5us6^~nG#`!q zh`W(7HX0mRtJUY|M%b|5Xk$K`=`oY09JsvV{mACEb5FF@pq8`Uea_MNusK`joyL#h z%gZh$epszxmerV{@FBJL07_L0nEO2p1RR#l^3|oI8*ntO;n|#?U}gZSe_>?y&A1tj zrC6Qg>f0hGYs-rwLL#KbCNezh_1(3G0q-yYJPr^6?ko&GXpH=WVKQ@V%@Q1&W5`o<_)Sj7=0RhNz4YZu} z&6l;8)P4y@XwN@9WOalJ6v!yJV(B$Hiu%(;cm;5_I`WG+C6A({B|!1q@e&URWkgZT zaR+;CC%})Hw|)Hz0Tj+-fzDj) zF$QMq!RIC+I^L#tI;c`ZQU7raz<=OqXpYhI*_6=lBNq025skCJUJV@GK!wx*l6?e= zbwLYOSDBse3Mvde&1l!lVt70`cz8}>_-g-dVpJy_*QSf84T;e(L+9hw?5-plv;Ss! zx>WiRuLvOH3w5%cbv9{=RZCXhb7!Y zAF#QO#=42Qdl-MbQdVfAQ?=A&dB_VAIKtK)+&GFHGvcVUCy)20ck2kIrvrR&98 zuI=a}o5{wK$inq!vcA-Ue~G5q1CUd956V#48Qp@|zGpY0aU!9{@7&y|9;B2?1&vDL z8Y0M%vy_BkC2@679~`yxu8{u5PXpGdT`zE7zBEEg*CPI z3(31^d=*Z`doT2>XC$vZ|K4uZjR(@3kQ8+vOOF7>8_qS=EjeBe2mR$TV|d!|9cv>) zXyl|Af|K6XGd@)?KwO&{-A)aN`m@+{tZNcqs6ThNY}Jo3-VN+vO8X zs;Zm=Ub7W!JT>owuC^3ETtK3lLewardO<`dFvfi>;6!1 zca!Fr2zKYb{68MTLp`qA!!VRtp$v((-PM^ zPS3z$9zR+~Bu0*GDXASb%2?};sZ*b% zI!OOvxmup&OwgSfqoSEOT1!;W?}5!QS$9(UO;-UizmWVP-6UwjP#7wn9VoItHK6p|rF5Q^1Jf)&=~dDFVtZG^WSW#s=*KFy}J zkp~E(tf_lek_?-q@MSs+=4?IKJ%Cp#fGH@vBRbL_A#!<2Psqu_x1L!y_E5^VkKVkN zUUgdPeukvvxt~H2aDY?5-te8s__1oXJ;0FiqPXhj?L$dWt`qtTyhNp!H}AgM zkAdgLd;2VvUOO|FA+Q3@>U9`wUkV>oe_b^-Uo8xBZzX44%xS3p_AbX~t{GkNd3mZ^ z{s0zSrxn^fa>;v;Cf}7ttLfJKN5Re84n&s^&522@nKi(?aU^8=ig?4ON4^9o&0cP4 z+iSB1tgS{a0QnGbB0?ub?Vv{ntzB_bYkg6Jk69b1IV4zu?$*mj1-%k#r z(K$zBwcm7Mmkb9z||>ISBo%ezEE+e#Wv@w5zhMvqL3+%jOs+rk#`ab78!E8L)T5ny}FF% z8K|Rh4FG`vhuO-a`J%uD)|Wjxe2M(jcjsFi&>+v%#pErj)T4_W8hKfyD$1T&gLiiA zUpY8$cbom3aJ}d?NZpNuGwq!q{IE-&g!hS#!$NE9+0c(>C6jgSwYBYknr|Uor{cmP zzO0lgPjcd2DnTAAKB_DJxB4YKloh(mVNHDQoy(+H5Z{|Zaz{&>`x6n67bRDbwAB%U z=hw_L8c(}uVuB}M1(ZQmk`Y;Bb_5-kozh>hourS%z zV;+dATS*p&Jq&7$isNH6?w&La#vLyxOjbIB?msWUIiMFmmYf$k8zS)GYAB_(2SpP* zV^Z5~gpbD5U+s!G#t^8A+ktC=W!BT?$F~KxzN5Lg3k$Q9Hinh6Cr$m=T1Hh5_>9}& zrFpLP&6w@MvetMI@Su_0ev-VMY^d_t(40Wq_Po1>{A1vnA6Dg$`_+m};lYG*%h{He zWmeBC%JpbQ&EW0hkCVg=^Xb;Q-<6lUcbg&};|1lwC1x28ZpC|8&GjXCqZi-pXsmbTC_lqXKb|J>vMh8$ z`is4CR}HiYd)0L zqUL@6&cZ{#?F(}wdS+8XfGhNfa8`uH$uggwYVj_ZLjATARK=-7;laoRBt!6W#v3Z7 zq-FQzPo?#_b*xQS;4OqSaa2Z?R z@?9JMl6NIw*W7X?eClg8XJj{xzX%+b0jlf`PuvZMt&f=!qE!zi@NL1j*#ak++NM!_ zl2*OZV0j%1|I|NK4-I5_%3b>=)AzY>Uf5|xFC<>^QI8!+ z=R|IoVVNZM)SVuv76Orn$=J1*^yXbo78nm7_0Qro>~s+36@+T+>lvfRDS^|I+1 z!X9D1AlI(WGaU|5{Qie4eCD}=ry?VB;7)X88kcFux%zY?ZBA6;;kllB^%OLJ^<9&o ze-9rwV*OZW{@++@7URk8PET0cNW>|fbUOHqJD&wJ>0+xa6%oybup&hcuH%)weB;8B zF@o2Jcq+u`ND(6SY&#;J>qi5Dip9&V|J)YTm`Iz>_5Zms@~fUZ6WUo3^^V4(1~>`n zW%C7^*auJkuh<&@pL*Qr%00;tNM~@t9*b1ho4=n0v#pSMqsp$CL_Z;~e+k0Cz@>JE z-H8|M3?5Vd!J;*EHoA(m%zJVuVmCujFyZw_WFp9<4t1H4#G+cuYWg_bg1FtGO-}@z zF+XS|opALlQbT&Xk{fw08hIvurr7oH@-&Eg-}B)uKw{rp$vM3WzULdFhN+6(7FUC^ zayY(oU<_tQ2$sTi2#%H<1qGNLX&g&xW|GCqJJ(}jIEhjGD{a$c*9e#-dfs9`gAFWP z&$>Uae9iHDanp!!szfnM*}8uiI;FQ<>)plRZx8$>sgDkMNn1a6A-6Vi8G6O~AhzY& zPb>{<#Z~56(u5cfy~aWCG1}-Ci0$Jz|2z;)_EDq%2TL)P$J(zjwCh6_j&zf*OpgJt z`a{!+t^Ub8%0GDQMN7hW^z+^kY}GIppI@v9T&s}+psvWyPL$yiebi*(qU{>qtsP5Z z4HUt@$b|OtirVv(m5h94qI0()*-$Aq=`}1w~f(t1IZ_0n0S@7Q;Se(2&ha zLbb>93aWeH>Ixc?zGlgE2liMp@1P*DzP#IiZTS-I9j~$!jeI^vATO1Ay#$s7{2m>@ z@P2Q7MJtYN`NNuJYF#w1b#uv*=c4k_^AUgEx8EqiD3KK(q-?<)8nlq8gACYsUG_Od zE;)EplsX!G#K1fv*8GH!+Vm=CTI8$)p0>b?#Sx>zSKmem^vxuuk(g|Lh;WBE;k}I- zaj%2#HkHljTS??PM&p5YZ_mpdJ{cBv_}O_kc-)?FqcsgJ7^P@yYm-DLlb-Zarj17l zS(DXRmD9-5ynEuw-o6RtntJP4nW%3mGT{v9jy)P0fCZuxy+=+r9ai9ZIxFj!H+8cq zPnUIbw;Z<>q+%M7s;9_c%54Ow@=r`VXYh)q{=)okv1L$P79;SOLh9j^LaY{$?u*grkIKX zWug!Ev6Qt2y&(uI{_OC{>$Qhgae#CbPQ|40?2bO6V@0U$31Zx z9!oBDqK_SnKO`KF!Iylqee6xV2{!21iHc?QG4)=zhgMC$+e zi)Abo`wGcZFA@8mTLM`z^30ArN77x@RCo-9Q}w_DA6)X0LSSdbb5Uac&$+wx!_nQK zlkOw92dK%K`^<@&k7DPfJ^WSDk{&I3SoB*IEC%*cei%g})b7yKsHQkAM%x9}09$AC zKhB8G5zlQCJpgZ7_sEBKE`-8EG5XJNY0pVkyQW7o3^(r`o}8v5dOk)|TF&iL0DmjU zq)z+SI#3D0*4Cb+BBbckJE^KdakNkBn?n=s`m$bP+7TXW z0yW2V=9E>x4UhJpkFdi-?`kt3?I+vLXa{2>BP#C-`yV{>$wzof3}}2V%P4UqS|pj> zC>%FH*>x8h}g+o=uvJ6|+yTXOj$MlP{7WX_ZS{KG%&aF|G} z_K?Y@+(uW(S7;j<(q{B)j7DAvRx()S0D%IRs_B_Pqog4#^#=9UQ9-TCN`8+CRej0+Z-=~fPxSLEtkyVD^(MgpQ zk(1U%BG)4FatBPS>g&&y2h1#kjfZwruN+BkB~#ndR~{}U4`q}GKU%!)pmY8hL8$Jg z?V$5Awc`N@SDXVq9`Ok6c0`nOo{?j%7fY{*-ONcn=s6cYq4&~vKY;J=E%w33HO|Y* z0*$rE4x~FlJ(@ekg z*UX)tjXa(Xtjy_WAEW=&cy=4S<*I}$7iFEbgx4C64@S-%9}Lfvl}+uak_6^%EELjK<~c$oti z|MW!;L{89G@pJbI@^QTXmUf1?Z|d&wsC{LJkk78{%apVK)2mIK=Lspu>6wzi=6cXl zVb+CwC#A=&3DSc!y+|{{Gx+At=eJiNxAY_k z|Bxj4O5YEmD9?At)suBsA?uaEO@g*Kz1IRllqc%+*%A}y#*T=ppG)we87MQc^($s< z3;gW*`641*G4w;oHcm5gIXSN6`;?u8_6r8Y329K{Ki9X>JwD>pxa~T${=IFVI(z zh+V#a9Lu{mD}VZT(sUNyIa4yzf+Mzx>3?k#5F)lxQ|TrD6^=DX>4{=A^#6C_|M5&@ z$eMF*BcG8x5xM_)#)R~%H=DK9av@e+MK%tPgLf9E%yHN{S&_5@%b`}%_N|0w-|NX& zKlz)DF)stSV-6rc3?J*npI#J_=;ojm9Q~66c7LWsYaFyZnpovsiXtfSH^O?7-uJ*Y zY4;`X4Hcw9vWOFLv|sadNX>a%F_T5 zq3Qy;S9PQhNfUo6i71EYePXeC*)QAj?j1o9h}N3gPLnKFN=d~FbtTZ@?ftHy+)!g#TS%=kR-FR#@Sap4C1wqtMH`NQMQ zz-aH=F&BLRuI@q2%32Xwy61dX(Tm}=c{W5FqkwXh#??~{6IezgYF34#rudf8oBr~` zuzj;**7(QyT7V+&0HNMpti!iy0lSAL`pZHt;is6|Hn2rUYJ|+!QC~sqi5LP8upq@o zh@``Tq3t_fP3@NvJ@rc^JcW!@jOJ&UTusn_U8SLO$%n7_c@IvfYVwgez0aW~+o3Abb>xA@Xzve(R7>cnlEUlB&9mk3eBS=vL?(U{)`l3lBGMf|r7w zl%apkMTt0H?`>@R%LcmmOEcgcii9ww@#n@&s!c$GusHY7l|FFe_Lw>m8uHr7QRe5! zg%gpYg@l>WD3x_<`zDs|bV#$X>+$x`jJ?=jtiy>;JJ@x9x?ZDDI-rP)*ZymmSBN*c zwdtC8C~*0mAJs(s4B8AcMz+(nF+w!91PqHd03w(}+2^4D6uYOqLjt4baK!8f&X)H_ z#NH4`_Ws_2K&>O=`7i!3S7!>i{jgW}&4}LFABCF9%53p|_UQRp)SHV$rrJRvhy3x^ z_wh~I52Ya21tVT0gm;B$TKh}3z{sx^>KJ{vCjM0*ce85oBgf3xtvT&L`Nxw?E~`_9 zEIl`&tjN_R=Kxem4{gtcy*G^;Ph*(P$_ob-?|z?SzpRbbj(g3}B_wZ~!XYBoN>TU~ z`*1Z^jrOOgRebV&ZLqFK7i6)$A zQsUbqL1 zyN_t(;3&ds#v|~OCKNp4Wym@1klZvsXe1#Ws6Ov{zh51l?eU@I!ZJ_9ZPpZQ zQ&ux7l$3j+Qj##By{dD#=mU%j+nl<W`bEmu%Fkl*zFi*2W6I9Lfj&d09>D3 z&>6PlGw{vIT|h0yX)8~(gcu=KtiV@G=kUoV;l|CKI`HwA>&w{oIw-*fp!BfXp)8Q} zX`lq=D%*o6HkrYbc>8j&BJZB`z-xn~J`*{7f#5kxrAx$u@2hLkbF8HiN7QOS_3$>O z_t=y57;~9+X;dTnZM$hhn!Tpnnx-;3?(f)W4&T#vZ$Ey592xdJV5))s$RhNPz z8g}_}-ego1ZtqVvts&mOJkjhe>I06;C=6MAZiWUaNM!dy@dgJyEzpz^Z*;?C%sKH{ zFjF09arDjtK7O_nLbiX&Kj4f`xBE#LZVrsXA&A8Yjt2AMUGziQ5b&-|pn(F|!+a~t z!_JPdM07L7p^%D*BcqCMWfeM_Uc(Xbt(?d*wX~Wh9k?lbxGMwSb@IlYlY75Ce>r~~ zx-Y$2CE{_=kbMkph-b}D=o4tQr6ywN>yF9HRwQvIq%quSpjY4a)$n~d)b$Z1NHQ0< z;2U=xdj_#IkQVw^OpNazayFixQdJ;lLQ|Hf45F zpSmpD!UTGK>#w@lmR6wZJ7JLmT(ztkiie)OSdU+VTYy&*2GK1kowA=64#9=K57#kq z52OrUQgy}tTieH^bLN(aNGR%wb9}; ztpSs@qkPjin?2CK4KT8=4#Y>`5jSipFueVK)QgImrY+8!JBi42nV}D;``^fW51^*H zcW=}}5h;R*^xgynq$r(;h@c1vA}B2?AV}{Wq9RR7=m-j-3W|XAP6UC_r1uV?x0uip zQuY_#_dWOg?{{YI{mwmi<~wum>=`Cu@9g!gXRp21Q+~f^eIK&9j02N~)6!~7$5gJ0 zkqojLbFL3_zb4p!O<84WSS(Fyuy8i76EdAl%_+dqF}*I1g~-XtRp3Movaa`1r}bi- zdslxhpUt=iuK2;W5jwe@)Ls)ED@#@LoS@0(fv>e7d#@;gcpMBTy#Oqi&&cM3<_}JU zWT2p=oQjW3U8FRkGIW@ zMc}5_oXS2m24|O|S!x31NT2#a>0Oif&mQlxya!$cU20x@TB_9DArN=N^3K<{U9B*mH{pYBF5MYr1W&${lP-#wSvN{+Ai}W=5W}n!EidYDp{W2| zIj_GVPB|dwu-*w6fFD(_{`3u2aOQUAb>7&%581H>g(~>{+Fd`kY}!D8uiJjaQ#*=o z*e>&y;K0alrX+b%8M$C+9@uh09KC)9w5_itu$)PdpV6wuVX<3L0&5>e8xmF zqHkxAs70XW!Mfqv?1KH3{1?EFKF##dLN=&-=5cDPkGJnqfj1ftDW$LJ*6vjf?9Qy; z0`^d(mY|vAAYWYULO>paqYXXF1>7KCM>hDAwrqe)0_qncVq+xY?4PM%mesTq5 z_JQ~?5a%pi7*vKV^I~Z5(}lZC1naXr%8RLo!TnRDCdWw#TfY}71`gPxsoFR+`01Tw zqPU)$AU=!XUTdczx|z1I zS4H&lHG6s;D9|0erFfn>=feuirKwRmm+w~HOBfy*G5S3 z1tH;WEOq=>O7vJRJ4CmR<3_vaKGeh2kz5IhGz+MTJB=X?)*z?H5m4++$U_YgoHLD@ zRKRf}g-TuA$j?_tDL2KV$zL`$K7|(14v$^d)At-4QlK_u%`XPrDLiq zuk>3(dx7h&WqfI>y+=l9ocjAq>Q9dbX|F;@1Yi2qA7`TSZwf1ce;Nsat8i^8A%Q{? z#QO@_ES_E+Hk+i(SegbM_G{M*ZqS@u{+3pkf6;?+|8fn`?@PRot0)^kR{CQX(h3JI ztn*HMdp+bg7j|0cboNR%`b1cmxzhyU*zgGy(?(y{r&iWi?|pJUT>!C>!8% zfKb~qe2HXK|FcBhgCe%_CO7UW8CmuETDoC3w14tyOSh25z=RG=IWN8l(=ia>v(zvc zLf_n^iDWqli5dtVX6^;G0Owb=yc7_{079BERy^C_q>Y#G7IU~yyPE0>9AO&31ltqa zN*BNxL_)4gz=+>}lmTl1K@aC0@by^NrLm+51vD9e@Ne5%KR+&Ld%v5-w-F*Im_xEI^Ye;l*f@6{KK=Fp5u|fI_c?Dth03@5^KcyK2 z_F4B_0)AfVdVhX_+YR4qWjGJyT$;8Xhmmjwc~PHJFpv>$e)yk;iTmvHg)od5%qV0{ z6jHI14SsV%2s}5piw8t`iP-owlu zYWrU8W#Y@1zWSk5JIZ>MF;=`|qos_5;OBL7a z+M8)xTufHoT31eTK=aK}I_?IHUr$HDvJ=X|P&Pm$~BZ#0GXz zP3VTzbrm?lq_YP`tkYJk2iN_Nr!}&>Y5D9j6^~K8a(F@-=1XAoakJ^J0DbRX{V_` zwnTdiL2Dy6c51}vtY;*GwEhD;A@UoXICI=hsU2)j;~Lv(SrdIjH>7E}T!Ccbzapsq zt?BR>0uS2t%+iD-T$&<4gcqy#4g6mEv!O}HV3I8k>DwH=4$BXI<<3oTi9uzn2$fFx z&_44!YXOXA@9IA62=^-RBrWK^5^fzL1tYSIcFJuM`OGB&;jF4ei^*)DY}P$+ zsZsWovp{HDS6KaXc;uWCJ;#sS-?EmOCaCo4R;DDs_Px(k^cE?*WhEu4{uz-g{VlPV z*^!rAcXsxa8vZos2;Mjr$Q^thtFroo*4F5qW_!rVrN%#@TGwoSCY%Jn-k&g<9D6?a zW^DX=xgI#PSUw~81&XQBlS4j!_i>XKyvA}e7a2;Uy38#@W4_b>dhn+|6mSpluOf2g z^+J>~3z0&+K)*Zy?Y3^csP@)8shB-(j>F8vkfTSg75ce~mnY2qZi8Fi44 z^V<;PUue|_%t+OQR^&jiYJyBd)vU~Mg z>qt8R@1cO7JI3X6a3^c>am#U8L2wAy$ZnaRmjACZpkY+2%w1Hhpxc0U4DAj*slz-7 z_&ma_zFqnLR|#oDH?t%COiUSVn^~_Va}VY{VdgFCDlK_V@bKEW2ana80U}Bo3`j0mkp4KkCS7h?K1$mt zSi!s2r+=F?alzec*k4J5Bq+pN{UL>|if+W6U%TeHkLR^MPKgKXrh!X_PUNynUQ3%d zEd7=h?|(0LGSobnl&#K|$E#6+k3mpSQ;b{%@hg@$AJL1Bj8)-YvxjwunMS?h9YSvi zLPy-`Dk7KdEJWbSp*Ze^*T0Cy%X%KeUHB40)wb~P*6@G7Jklz}XaLw#ah!a>wlFfh`!dF^F~H}CHch5A>k12h zPRP~?p?eiR6g}sfhd3YnhNmO{Fa>iTO3KG@1&DS|j7STDQn!{~`L)`NaBkWnwZX&; zOs4|rRto-1;L0VIAQm;MZO#n_@)nd>i*>=Lwa{Z=**7TAe^;7xnSIWVYbvB3AG-5d zR`u;Zd8|)X9DPwpb=(MR0sdS9!2U~6QlvUnbdde?$k45S^g5d{{-V+PxK`&@uoVKHT&qUf)K+#)Dfwv}{~?2XDFoEP$_q=Jv4Q%dn*pK{~JY63A@Jg#=R$M;(+&7QqJ_Zc#!-nNc( zGIT)SN;-Q*RpNC4jm0iHP5aGmj`kbFL~ga9OGJTS)82W>A4Kb@@{}Wp3;f<~eCxZ1 zRy(uR#k2RA*`uQmFbC)Ho`hQViY-Or(+?BJ7y4|@P--o!dpjY(ux|H;3-$ZSFB4RBvNrewyzTNq4uWEqv z^6Z!i0JV@z&8zyP#&tmo)$6w+xY;qr*$z2oRm~%;1}^9_pW9v~ha(}wcRS&UN4(j- z`Lm)>BQt4U01bPjzLm%Gb}{L590+Ox!I`288U^>Hw+r=CBGh(XtPVj*?H;=~FDdPk zAa8i2y^o7gVi8sW+PE2bVWXtJp}^q!@VLdk4N^PNJ>ySjGe#6}^zR(m2wO;0a6r<; zCLL#9zeJ3LUYi(sKdWugE4@Ci2#kwSnr^Nhp+b&fsiNv=n$`O-BE`4n)de-saR#QQ z7T&Cirhz><3fhGa9oarot0fNjLkd>l??2ZB<&g&&;kPa6i>n8!E8D2b6@wMDG`#Z> z!TW*ISKF*=#%w(-rze2~*0tY6R~PHim_8>-@>)nq97L+@Ipcrz=2Dw0TxfgaPU!;Q zTPtY>Bn@=I}^S0iRBGOnHO9ECZWawB;o16~DCRj4-u0d4Bbs{T(bsRP1QV~&j z0E8h34#2DAHp<($WzJ}=;UYq2_NmP%x@H7;Zgj;j03L+jNCR%qB9Mg%Qrhyzs=Dri zQp4Wfz?GN0tj<3#anYTRAERM0f^Wu5r0v!|q$z(Qj9gfCj7$)j?CbNknKNM+kv>@W z*}D>MK_{XB67MNhWLohB->9WGt`6BM;cyh&`%rZx`J{lSG&T58j0}3MjP_o(#dEpF zDn?mad-BNtZ~(aDKUYRD@~57&ZA0PWo0fN1 zX87&fme9~ZCx5EuANVh>*iMYJI+|Ibnb>HRW7EKg23x7? zK!=osTGyju3JQqR7M<|$xpVFs%L^wj*5G%~EQL4e5FzP25K(4!FV;?svxEm>omUJ? zlw%w4AQV#{W;AB9wM$^jL-~uD#aFbZfuo^8DVrLDoO(9|?*iP0mv1kg9f*OffpHfB$Fk%=u@TkNEeons1dr2*8=}A;v6i_hPi%vz4^Xn>o#M zT`Y7#nK_ROk|*zR%_r}U>~&*ngEpC6LkTnP#2AZ}-~koj<5MneVaJd$nu|i8tj?z7 zggxs_+0&rhG~nSChJO+LF47#?SFMs+?`?H=yV%=2(*i_H3e~8QE-x|79#AHI>{`6R zQ^@KEI$`FOJhaqDuOrmaf>k^k(o3Wb=!v~QyYC**s{r^5Sflh5y7LMc7J?NK3#z2S zjW%sY?r(QDP0oYuHjKq2YnUPwEW6i1K?gNM z_QOjU108|-ju>e_$ygyEHrFZ~|x0R&Rg0^r4WNIYkKZRO_#yYiC{ zQO@m4q;5a+{rS#Rv!X821rAOBJf*{TF7kv@kIHhCmh8ySypmIYcgq9SQ* zN3|R+mP)klKI}g_VhNZ-I)RZoj>opo@^alP4zI=m3@w6Ww|m~V`LS$zs1}XEQ)+FS zE3Yxak43L4W)ooY7W8(}tJiV)46!vgQmh*2To7?WO3p%luC8a~wM}cwuru6v)wBBCW_gP;Vvm2$oku<8_Ljkli@6Wk!zPo%;5~G5xf4)q-UtjCc*n(n>*zeXd?Z;xOb60#0a9sL zRB-9~(Y|sz0eInhNQD`-72+J}Hv>?Okf25mY?<*I( zbRW%px9$WdhE*VE_gxWvbhg}jHck87#;}Kv?JqvaFd}+rgi(Hx^&4JF&X+K7?y_TK zV9B;S*WDhT?A$F8degm{DxMr#I*Y<&}eu%#*=i$6kfbo*J-X8a1 zQb0W*2jK7#vGk@3*fMIVX{nh`E+B})gD^lCAfW~v>V1ug;)=j;H1yamj%+7t@~#Kj z_u>>uo80Vk&-o{u>oU0gK+!5e*Hwo{_}|nivT0T)Fo#r@g_v zAj@Ga)>?rx|AvHx0{dha*l99r7j}!ZK(>2K_xyi5Zd5aGuMS3oEn2oDvNF*F1eHRP z??yrG$lcCejJ;S0MOXUu(NNn2DemMKn{PkSduQM1>d3Enfs@fKlDnpP^wT+Z{Pon? z7f-caX|&!A%h}po$#b@cKD3+t#V3piTY00a9lRUoI|?L{2i{lGb5nG51U zNVu?q4eWrzXEs>aJ*JAieWr?~ez6;+mAyjQLbsUpMgH7zso!v1c=(7GOd8W|fAD?f zr?q(v41MYK&-?tn#-#4Moo!7PyiLcM@(CKE7ZYC_y}`tZ&|Slslg4N$#BQs-d;PgC z;76#wh?F)ny<})gq0iBTx&}ph+Te!@BJC9*)N2S=lQt*y76`|MVSa%Q&NsN8zMG@0 ztN63Fh^Yf0%r(H}nTmVU^|=7YDZqJQP1$>Q#-=qF`KHwQ(HmwXk0IVoao9z_;^8Ih zSQ%+HRhYx zF80@Y&VJz9X88PJMW+4*yHz4v#LX|p%6RY*dx=$Xl>;|(0Cf;r6~K&)DdNK zPTFQ*pBFSN@JNYtQuMT91r65ZZ;pO(I?KJ6FTy1t%i{9ARXct-41ImG!+L_%oUqw+ zkn%Rh(J}Mdw9P_h@2e%-g|VsxJ}&!y-tcu()(wTW*N?6ZT$G+_>CCxj`tr)TCv!p~ zeX(vFS9&VjdMV@JL2o}7M$tKJ4Umcc3!k}~wpsMmQxYy|-chVFqCJnnP(<9=q88q_AFivw@L-Ks`|Z`=49_C&8oFA` z6P*l;Qdz8INgNR|a3Re#Uhk+uLx+I)kN>VZK%QX=5Mme7zLPup=U+~wLpUP#lOZSe zVx_Wo8*9$CnqF9C-M*X0{TzRWL~m2<<8(B`;&j*U`weo=7-mb79AWKZIXPGFxE{N@ zkqOe>{4KpS4u;(ShQ3HETvhP&w`RY4z7XiwZ@cC`=SSM{&+d6_wp01itu}tRWq3FhLQk|mqd=HXLQ89j$}$Xj?vax{Fw*Oud-}KX zJt=Q&_PuYI5{^FC9C-d#B1UgI1mVn}Yg&0DJJ=2+ciY-&y`h`>agDT0LeZZGS1Ii- z1D}q0ufY!_-~#9%OcJQ9X|1%;ftwxZ19gk{P$#}QbEBT*8)=0Jj+}?KCZ*}t?nvO_ zNEJsZtrt(UDjjy(WtD>_hG*3auhm&izmeVQxQe|@Z-nzz)8ok5H4OXI=YlJu+C z$JA>>XIEknV1E#mEgO*hMmsYJ6B2Ve#pN{R%6B2jeq2o44JA@m8rpYxQD4yg2!48! zY9t7przGv7qJzb~^LJFAdC#!08|&NyrTjUy(W?~^h0 zYH58p^Nt(k3D}+ zF_o{p7)}PLd0SDp#(w$MdV!{*`>>+Mr)eigTURYC>wXZq978H*F;xDgds=}mQa)h& zOh3yYBxa4p;pT2{;l}V)u*rgc(23EvCvUe-E`0Jjf)%fc;659tI)Pt$wjcosS3gbv z*5SnWSWnnNJ_Z!Wv)0_#$d82Kd`*b1S$my|A9X|` zVRYLAvb-F^Y@e6^i+#H9{gZyGzIdyN;T@;mlTfD1Hc4A=I4e9&$Nae|6f(Y12?}+I zkX354Uixic`GSl56Z(5P@p|9RyL9ziK3Vtve_hGuN(N! z=*Zvt&z{^-3i)hRp~KAXS?Rg@C$sGO>J><4zSf883c|NQf>~+5Tvx3=P9w&GRum%n z>l|&Gp@6{$#xL+&uQe#Qt-oAIC{w2NEH^W;m?G780*aqW7_Oes{Fg?8 z^Yl&sU4qT&?HqC=f3BAeBK6Wti|Wkcc+`wuZ3bOYo}eu~EBC`U$nf8w!DP<3z|3m)1BT>O@{tSlEf8_9}IGhDIayM_&|Dy{z(*OMPfHioy zz4D`f9)DL1U_&8)cjPU{KchpxCd7XY5~v*>?B+zHYqj-+`?%P(p1>4yQso7d+xHt!`_) zzL(7E;P!T_Asr{UEePi6R~0L98CZeuHdp=j6WbY0K-wYi@NqbS$SBjGYhuEKq+JvSr_z(jxc~^61xkV(qYC z0mF6f!SfW{QW(5}T2@bvCjq+&{eq->${!r1N?OByLZVD~AaZ2yQw~_AmCSs*c*4vr zxapR@&g)O&H(gvAeN7;A!}Mb1o`)R>OYPy(W)qmy!^NnU3ps~=wjVyz$$R%a{KC7L zE9VnbbKge!@W)rsui)3oB}md+%^?Q^?(Aoc+QUxxz&Mu!{Dz zF=HR2hTEr?e2LofH-@D04K;3PQnWgMc&o!R^z&|G{5{H6Iwp!*F)9K7yXTpA?{KjE zZ@WQE(>bq+z_Y)P(8Aq)!z}Oxw5f^2AjzkghxC{tjs{IlLG8yEFaLNf%g@hD zx083VF6R0Lw2o6jU^k^-!7Kbtz@bl;l+2nANoxYo)&(Yeb)hH9$J>VS2^b8S zJMnMb0u>qX0|?gIruaCixbRfTXr6x zr6tE@k`ouPT%GJwNG!5TWj45VphQ89SZg5{U3a@QUO+nmy zQZW84^IcCbeelcylW}$1>BKN26@uVC>({V6< znb2niZYm%3kH~!FZS_0Y*pw!P54@&lSKL0D`O=}B(X1V3H+Z|ofa%YW;vC6!=&&He zJCbW4`)p3&?#tQ%-=}W)V=gsuW_Hf%g?VUsY>1Ahgx<;+;sJTD^=Gr=?DB5iwJ^{d zK%UbXK2ua`d~o;on9JasN6o3b;CUourZ%MP<~E~Jmd5#dK;?b+V11P+Y9QB zpZ={S$$b#{fb%d1A=tdW(`Ux*`jLSkYed(BIJ&u-IvSV2IT7c+*S5(MlkYMd?z&gQqS_EuVW zeFvEy0G|LhLmVtYl%_(k_a;T5mtvf*sJv*L*Uu|xnCudsLcnK5R5ncv4$+I^x??zp zB%eyNFAXJJn=zHa^zYllUZ$Z7n-;lx2#wi9*DzFP9noiV=Cdc>bto#vW4C&`_BAUV z>y*qbA3EaDaHW>1HD5py;;qn!0EM+GBQ^7bgtqw=_hK5IW=_waDT5gM`&65AAO25W zl7v(Q(|l-m7V;xs87&kapsc%MY$v0lK!V%%lG>=?>dr00~iYaZ~gM=0G z<%R}HTXP@fey4f}hBbF1O_<3duD$t$TR6R7(LV_xnRuIg!FiWXI5c%buytPqYA*Da z{J5xRV<5beL)!1w^>}J^&iySdgs>YIv-xI`bu;e8;O*#-*)YJmrFaMi+(!}rJ`6MvW{G%esw%L8{FbjY0kIdg6H+pICG zy&@Xj)VVUn-ZG7)1;6&GwObv+Hre zmmM?MIJ1&r?~yr$2jF^(JbA^X;c#k+E}oT*y-ev{x4&rkh|Qe?8+Jk}(Y)`C=pt3} zD{|L#UlEi@61~)$Ku%j>jBc$|3XvMC#{SsQTv|@WX9FkTjx9HG)?n8;yjxO!s9K(t zwuW7xbQE`Z>?6g%YhzmQ%_S2@#tj{TKs1h)MQ10#Y@IDEnSV6CDLAy;Jq@9rW`^pS z+Op4ro-<}u$kD6oNOIh)ZcQSh$d&cv6Wl)>y=cDO7TAAObQW%UK8}vdOeYazdAV1zc_WWF&MB@EMe^;T%%V%`k#%5H8 zinJ&crg9nzFEsv9ZsH*<)Z_mf6rzM75L6518n_@(F1187JQD5t%k&8FjLekRGUJqMqbuaDd=6b&#Ma(H5LpniFz@Mb~i;-he2i>t1p8*Hh1WPsa!IeT&9^asW>y3QqI;i~3t z*I(|<(^(dP&6&->($jJoEWFp^2qu?Ij@uuXRQlw z3Tnn3G_xcXugdtkhL;YPm0URcV|3iixvP>AA+UDzDn#ffPs7JMpnM76g<#+Gyhd3p z=NElt#-upuicy{~wo?PX&z(e%#gwV`S$--@bO#CGZskk)Q#~sA@ZMM=Kj1}1bV8~0 zAxHlEU?MB9}`@g+!3shwtFd1@eoB`d?FEo+yaK@ z$KLZ&d`iJOKeas-cK0ItKi#|`zQ@(f-r&k!VMe9G&qqX#OZsYv`r5{x~ z&zBd?kmljP)vL-!hie*gI!o-IMkxmT)v6=K->n8#jXWCu3pVJgeOPj1P9#@`iF)Jd05DjETx;>0&LpYIbDUk!P0^r&UF!zJ#q0 zrVUynHVPKVv7Le0`{W7u(MypROLc>caHnAf1J|!QqauAa~pyf_ceYYQHzksoBL4Fs{^Khxk^axPV=V7?uS{{ zuLDwhfoF-+sadxAsLt#?Gv71W95%Z_%Pg6`W)gxdm1l#^>GQT#N$v!tAm!l)@fO!v z8mjkg31V!Qq2&BLwm;@s!$*~B8|dU0eeDXajO6#>9<4&> zH800?P8Cv3d3Yp_C~=AbsFIR-M~-fnH45g$oy7vLwheA)$Y6W+RJH)#HQeR0~C7Xo>r9-26Tc7df&A;(z$k>M&Pk*8r}Q|D&5QHb|?9$nYmPMC(Gth1`8`Q zhBpMK_rXt(=qcdp)?F&!ZsCST`zVwY#&S3S6;K~1B8z2M)N1j}gQRud1=dv}e%UN! zySR4!#qtA;fuz|*lD%c;?P{gD6K86wE95h$bR_T*h(oSTNg2xTPl6$(W9c(4-UQ8- zYi5t6E7Z_kn~z7pNLZwZto$Pxi(kZS8Q<$~ORnS17hF{Nx|UiTy|bI#>9dpNE*NJ{ zG-WrbB$az|m>PB0xcqhE%?{nUC+jz*ufcX}70+ros!4!F$}Ce+sZX-T zlEbCyNCUEr!uw$4BJw@sop(bv(frGH7U!S;-70MlIp?E)JDx)fZUQ~#ymhAKZy`^U zi|G(agExFkIU-|7VmSSq-M_d1zn)vsw*76Faz}ji=SgqTdDJH_Qmt+-+n!{y`qk)nsZLqf$hgh1BU^#cYBPm1TfIk0uTE29dkV=k(FA@_}#7?5) zBdG;Im{{jvz`UMlD<6e6Lf`j4+1!~cYpU#1Tm4FoDQ-|MSWsVeG|qUEW(H0dTBV(^WV2QHtv{z2bLmk1ob`5 zPxIwn^tHhjbcUg3pB8xj7Ea%B<3bDiiLr0RZ_U8*Fow(I@;qimH7Q{FV}}N_u{B-{CWPJkG`T{ek@;yoSTYfjjIa1jCIrnjR0P^{hJiL`KLVJ$#ZD1Qk{hfLrIt4 zFLU+A{d@It)-DtJ7rmN$bHndSEy=MhE=n2q z!iePDJAKdASwBPz&ZIS3$dVG>$l!vAeosK~_gFi#cIptPw{hPykOMZ1hMaD&Y(X7)_NO7L0tGAf9ho{6#- zon(ob<`gM47C5K&(&3Pe{6|Gi=L4AMA%MkUqwy}O2V~>AJD-YZ^ocjHJ%ohx={C0oM-gd|dX=B5Rn z7xchk^=PI#$sNceK^9*HfEg^^64L^U5rhrs%f)^Rd|{!XFXa|LY-MSH(s!0&Ckv5#e+$}^^jSe_H}qI#vl z(p`LKKuO)|>d~KQ`0I){p0U;sX${1$59fWk>Y9Vld!}@5#{Qm$a`@m!`>}J2!K|uh z`B6P*s>k#6en5MS@&e9k%-DUaLa;mzJ4v7Ha`;=xJc!_^G`#~jOFeTak7yW4JJZQ$ zB6ju9Qe*E?#AsTe=iF%c0jRS{2SCOtmXDHtTZQ!x#*B5Vhx-$LVW+ipmy^*GIpCx) z0k145B>gWRjXV?)Oq))!iUx52VK15`BKhNuT2l)dgDCf${ zR|sw9g$SLJ6g96sF;GxWX7+l(_Ugt^-a#&^o(s69uS8nMy4qRzlTr|XD$qLg`dT9r zs(x=Gz(7TP40*{kejVaZN?V7FGWBB!u9LWYxv5sO#@y|Ai!%;KpbyN{OKq_r<%G9y zbRReTM<&~UmP$ta&IgFQymi@4qoGpY+piTp39F$~&7bDxn7t}JO5=~wFs}TnJ4-MA zjVqX6G5CdW@sYJd#G8#ip`Usau2s2}A2dujZPfnq&+peJrW`Tti8txM42!mVmdFr> zy|zUanfy=PC&p9No~HHWdc0&x5}h}l_>#C;GnrebP%jok=FJKJH{s1?ywB$Sxs!7Y z{^Qu6YM*;YM3xJ-#1QcPN*Yp|B@Soz$|wHVIQ`R%<+#aa>2m>HOV!OGhFk3kk2UN( zV4WKLS-ls@oW_R#iPQN11?Jy>n!8x2n{N$Gbx1Sg^vyk2pj@bN-o(7}Ky<5wT`TKZ zu%HO~FKSuWk=P^RVZ+r-js?DZWZIO38i{c23@L@%)r>e77@MTeb$wW{(C=BU%1y7F z=x*7sw{hmk9C)dUma?ToAzyK(bYl`dSSw0Gz4W~dZHU*EV6j&PCc?HI6M7au^iFey zWzSM@+G_8VJB@B>luJ!@qra>z;!XyC!)OJ3lzMFjNY~yQn{rA@?W^W^t!k~ z;n--(THe3acJ*_T`d|pTvb4^d8dTrSmzTk0*8Nn!%g^|-HfzUUKO=qrg zD%NeqzvTr;&Er9c1_Cu)^dh;HhMCQ#9VgV7E+~B-TsUl8cs1uHTIL%~S-`T8PP3!t zh3e~1N`p#1ZIegGXLdmOeku+@bd42}N=4OauJ~;6V|X|>#R|v?WV_9Y9|mG!A~Mqz z)d&zz(O`t4h-&Abx@Fc$zA0+DO&n8TIO4f2o}E0?t{_3uNVRr-_V2FmsJ|8<#>s-$ zO#%J+0J z3|bTl@+S>35LatOU3&>E`9hLY?<{{!xV0Mrn-2an6YWOq_=XeqcSD( zZ=Jx*Ldb=dNQZzCR{aJdB*kh^Q2~*};plNpVc_v6@2vf#BpDqx5=Gx)9@-alW4VPt ziPeb4apg|i6ZlsSuO+fap{G+CrrU$s(;B*L1P!t+t#!Xve(R3FOj?~S;pU~A(KY%c zGVIRK#Qq!-8>KMvrBVIPoSn~venz|EL+Qhi$fItK&s^kO4C2N#mC*wR&Z-jD^qI3h zS%>e?FlL#*m}i$Pi;n1+#&x?kcl!?2lhr)Q@9udm3ub zG(W=jfnxN^gEJpSqbqjLdxr64V{*7|bS*NU7Qum`2uNSMKbdS18)@Eqt&eO|Tl{!H zHD>xl&YT_)igf{D zZO85!*VlYGWK5f}6O_*VW0wi^Uh?If~r>zBC|Qu=mN zQ~hBYcYYbV!zsk%qs0IZJ0!9fDs*SA`l6@<;cNYqlQ599-AGG2yha+<>&!0B=?JTh z;|;r85=KDE&XS&zcBku;=3d|j3WC4JOivVz5d@KYoW5~219bfzyEjQjS?b$TTbHA^jZzpBCiWI?Z@Y*nAf^Fu+B z4xg>p0||$CKIFnnN%#6Y`>wlKaWx~m60XHG!5P`f#gLIQ27!Wi4HQc3+T!t6QCiP6Tk8F4VG87YmV9*GU4>aYyt6^rwgcb-xD1!LMmY!0hmz41(R z%#DZpGy-bqSp6$BH$+&eZb%k5279qgs>&+O}6LFN8VKsi{(hFGM*whGPe(F1DH1)rph*Y*7WUtiPoD? z&9`M3rXLQ_PlH$pKtb|FSi{0F!#2(GN)m@9m+A>LZhMREJe4f zXl$YBeLy>;w}HM$S2 zfCtBcUKpc$vf+M(u@biii&)7T#t?iN2e=^p4uq-BvaTZQ`hwh5b}|KMsai9zF+qY2 ztE^f0K&(7gu}N&Ea4re$iW?T4*Xn{ZJ0f~z0{X5jgt;%bn?1{uu1w7HVrWOwOJDbk zyJM`bunf*i(ja2P8j}S?rN>P4f(+xS`Pug@93 z_TXE1$Qpci%T52R;}IZH4B*{q@Qfad+jN=Y9qqT4|9t6vP1uLg&d@9U@ebFY9(!N+ zZ?yn^?-pLrd3f&}Qm-D^$7_cGiN*YRh(Ruh{JD@m`%sBo=Cap618&BG=JEtzAGXISmBl8(D;0M40EyQd~}6JdF?r_#Fy6vG4#?!z{IKD*=Dx6LB~ zgSYn>mF-|wQIEYS%|(S3cZ|a^0|xd#^wttj zfU|0^)MN1W6VKG3_x0DM+l-Z8L`kuGQ?>FabZCix+FpW`2j5NEsn9cfQ3F-G%b)oH zWWa&N?mJ!9+jNhq1#9AwS2|LCsZqtdhr%<}QX$El(#uK8Rcbr2TVD^0p?I!|->A~1 z*{s#5!oAfwi`!FGYs7AEd`C?OC%fa$v);nF3$I}2(W&9T?bgF zt<%1dkU)f<+=X3HB0b+}vOp|QrguG+h{oi)1Q>JBqjtI33O=tiN^Z%lG^DeuT^zy= zAmD-risD&LX=J?FKAG9Hy%v7LEKX*A(Z+ln1V**CRe_%UGSZ_@$iMPh(?v74LD^&u z7#BqNoFIQU5=zxE&bo<}U}g^)H}$1JeNjH?6|H~@<1Zn?Ud3MJ$FVTuC?H;c_%3lj zy|MjqSNF#?D>B!B|Gw|8fH909DInxGmrcqF$k{cv6G@&)oR;ajNuPgldreC33KM(T7;j`4grNAN}EqG(2FOQ*;_K6dy8=&m6CqT zka|4Z-dcQC-J4rw(Uk%6sG+)JdS zU?af`hB&kASDb~H*IqURd&}linW3aBI^dbB4A-RyeUmY5@b{q(h_2kk>L9Gk=S&y! zaYR_{86QHI^meIQvm@RVJ3xM^DMO~M9ihkau=H!N$cKqLXQCenNmuDhProG>@gt&% zb%T8DNy=%*v)x|0nJg8XzfqoIgt=~4$C1hsCE19`oU|;(Leu#!?e&RnlJ~UD#pi0y zg_*25O$ATfVUl&IY2O9D)DpILhK-th#*!b8kXu4>H{K6*Y757QvT15>^xZKvjpshe zK7!Tb@jL3f4%InDO+r^SGofF$b>-g7PscC8B{aGOYcfrG?^mny4I+5yFEU5oijA+FDdcu{yuJ^B#R2c;6WqgsUk?x*94nN(`M0e) zk270V0#-Bx_6_ij{x0r}LLqfJt`eb0xucxqgQ9QlfSxuSea>Y2RFd-?{CqYZda^&{R{oUTgqvA{Z;O!o)JP63`01eKwTWa}f*kTsIPwUGWun31q z9ZSS62KM*vR1e`QOh75+yB#Remkv+{9UJ#6SA;Bz@WevNYwt-Gb4Zwt<)?U&~ zWQ<=oUUL?={LuDh`RH`_am%h?5MUpd%i*QCN?PMa$~oZ*o*K@tV2SEJwnLB9#ptYYLq|)}#eCj6 zULgTU$|K3@EtOPi`{5Mji*k~5C3d07AUtY7eT)gJ9r^!;jX1aUU#fWW@Mxco^MdCjqiTWUa@J#onduf?EZ==K=4_cFnZrs5i_Ik1} z2o}LobF?T;rs>E*jEYKa@5Zdvne>|X#Dr%cCxsr9wFQ!GyYRUpH1gWI)aPjzHDu48 zUNHT^i-UJ?;@~_X^VhGxy2$pI4cq$QvI~DVhurz|`C;L0&l_m;LR9^3`*!0;WYY`r zBbquMiJap#XHN#}$wRDQ$7fpa|3Nl&{y{d`gVis4!K5a*GB}U+@eLDmbS%8!NBjXz zkUV+k%;)#{gYCWB2t{COdZZOwGniZnrttPfu_Uy;vUJI)&}tI?7?kFRUtwkgBA1qISkKO&Vb^zGVs;Y@)A(ayDTh{M8HwM zIDww~dX@p?llp1y+jN7PHMFKcCE)yk!}u@c(q-tkPMt-oMfL^NOz0hxF0`g*n5_TR zkehl4=|9<{ggNR3uoI&fJn_TvN4Y~|&aYx#QpyQwdcBgogH!E4C1krTHf#Q_4y}{A zJTK6^9J}15qvU>3bi1|`;yHI3RtvLYS#;>l(1LI9sX_+u51@HPIR&RD7&-00wyos6wOvZ@papxE> za6AHVCrOg5r9FKmNZ0m;B2YUAW*xdVtX@&Rr1o493nre6%g?(*Od(s~=;ypA#0p)A zi#bPbOxd;^<8ZGh*G6#s9|@BA`(rx)cs&rSoQ{7QNlCDlQ>bfVQTDu3SXFcqa9dTa zac9pX+s^~JEr)*rL;oqe_Wz4{0)ZjdJO36K>Ipt8XT()~i|`?7ZM7~x{%dTSl>bj! zwKp-q*PjI%qVr~F9p2dy?TFoXA6${s6Osx@;fuIU(w?7%-p!7r>qt#C|B&>n64B>O z4?fiZYRMDBmq;0Q8A;+giRNKd(D*Q+2aN43OozkL`A$g!FI>Tb60Tqsfq}Z$ME?9O zeE3JP3oRAd0-fx(=5Y|ZQ>Rrk0S@jkf_i|?s$}2ETGDN_8}0MegHO0r^ix#0nz%707Gcm%Us%B^@{>3Qz7k z*y11GNKV;*Ums&spFL8+3PLbH{DkM==p~zy`RDqS$%e0?EKkpd%;hYAc*@B^ur$hH z`6aYw$8m^QJ&pR0FuhK1#Sn6^?_hHlKheonyFoE*!tKd44Ks)(CH@^M%25JEg3^Ks zvpnlCiOH=NLJyMO%D4ALZF1NdSNDh7!Ui<9bKhJL=TIzP0N4Hw zOFDI>e5W9n$q|?wLVX3xKH~?K!Q~Ag{N#sba!zrhd6Fq5)($9{9 z{Se>!?qb*zOScQ+A-ada$ol9sz!Iu#mIFIJ2=XlP$Bi~RSRM}QEXzMW#v zqmNA;|31vXD;K6h)_UZJpu))a-^iD5%7~(F^{%X=>|!5{y$e226szYJNc;X;upGNa zd2y39Z1YuyBM77n7Zsn){0;bEvmSb~A@;oR=Zz3*qi79X*G-FVg8TjZt#84yf|Ebj zJ)ckWzWY);v!V4T2Y7x1yt^m8la3-jc>?xCW2*1186sCMON;yDEcSwRj=&5AWD6J0%nA04jQnrT z1pJNMT_?c!B=iiannKF#s*l3I9MvSJs!u$hp7)u;=7)FvZ9|UQ;0LT_;sJCz4{-9| zZSlOvIOQb3Zw@nRf)RxQW@c z|Ms`mftL^PQ|Xz#yrFJufv=%-l#!aGVnz;6`q5*ocJ=NCS5}Kcr~q3lRMdQ zy8Xc5bmEa<>05xpC2LH%fX%2nMPq2OE~A_gW`c`EbJw?-iH zxuaoEm!aoRGf=O}oLx3(=IpSFfygglMea}WZ|Tp&1LbT9pRUeZoeGT(k4+=@5||d- zn4c-F`*G@JVIF#pKkpPRUmF^l$_j0XTt0C737NX`2<;HoQp_49)2A>8iG#2k`usdD zKSkwBCQs)cF~>eO<3X5$Ys~Fw;)xM6>|1pK-aTUH#%91iz!s~Wox*3&dJuz3GN4l- zlu8CWKXRPilq;tNG{=9D7I`sQAIYB4`P3MZ2!207sS_ATjvZ z@yL@GirF?~T#mTdpDU6t_lqPJdia)L5U7!Yf|`!Fgt^%`7HNrIPf8DbjPnuo^xqB$ zzl0l{crF}fYu@rI=>0D9*b!~nL+Im74~Q3d@+P{h8d3CsA9wxg`?Ib5FV8HrcqbY^ zKivY!k;>o65yu)15(*>owtCAXv{+al*yPFXvN=ov?q;InKepXD>7SA8oTXUFbSKe7~=fepvaVjX3YM zHmjWb+2T()u*3xyVSO*gs<-MG$a9MOF?iZJ(JfdEIrBwwvFnvCYc29IrlVY2)E`5J zG>DOSS}gw-wfcLbkfS`2m(2spsce#J9>!+raj5|b_c%NkuBzeRoV@d7$mhCuFf8Pi zop27osd&;Q9pDDkh>64Zu6;T}u9Z~UViGRiYo?xr zydCs;dq)|pR5n$j3g^7T9A?Octvk-sJi{n|pA|Z(d>!pIIdBdQ+h59yRQ_~c={QKf zM3-}b>)|k}g+o?X^My`C{!8c#LUL$clhY$h9AQ+)v z;BOm_5A(&}mT?*zu3>CA!lh1(#_Hh6VnyDWj|;qn`D$1Bner&KC{tOMk8uw`Jc#{DTmuLX;u=BbBHA-7Q|>DdTef_w z3fZVzg&Izoo(7OUrZkKaR|j%WUbnD#NO>^=t$9BRZ?ZIrR2Z-5^oP}T^6<8ktZ(kP zwj(E=O`IF-TVyk?)~9(KwXItbM<{(*nin7kDeDbHe5&*RSIO>OeGFGbk%2 z;-bm5a>|nNpJxINO=FHa*WJkpVn4&K*RC|pmhkYfbv3-8fd{da)XvnjiDVVj;Fpwt z7{~$I_j8pEG}L07xQ8Td@LI?HRgFjnIZxVK?y%wZN0^za98xL$r;-Pys`ooS8@WtV zP@Zx#@dp*~ad{4qS$2Yc=QZFYQy}Np&d#ot(XX9xXa?}^2S$Z%wO83xMxWR!i1F0l zMKQ63F#Y%Y4Fp&6#U$1*bmT zu}kQ;y(eORyD^dP+?w;VA};Qul>+McH^JTUTNT4y{r%(Gv=KxGf+z$cLeQ3v*m>D8 zpwy4M18-{oZNmY3hdvtacBNMMzg9LEP`CwafqNK<-h7~g4^6C}(0Uw!wtO*kQ z1{idUcCd&2`bOLSC+xJU^^vD(B)g1Xou~K&V%Rj&+N4`#w(`~7w#Mg2z0wY}lGbM>g7^NRyu9ouC@)vAtk%yEqqt?Wz(p<~ z0ggP_nR#}&O*}_)X$LDg6Bm#~3r&a4;%S$x`k7LNEIN+RF_EHu8q%L1<)SZs+i~`Q zy9^>0_uI`EyaUS~^Dld7PkA-ogTOQf_aH=W7Ys5+;l>zM7kNJ!9~?xt3bjw%=*~i| z6SY6=7CfOs)aOaJ%sYKNdI704wEUT2EmQf-OX>@AOT_qu*QKh1GB!5Khck|Y=h0B1C*k2Ki{dqWp_5;Ju=qq6wiK^DC9=;>^7tjLT zw9Jke))C7GV3#e$df0zX7B@Qv%MzQ-gW+3l9q7WVZRjPAEX^WJ5bpt$^o%pHfOIEHbiiQKEAHZ4~C=T@WR?QQrG-NgYq&=W%e0!vp2^Bl-*T11~hwSnkQX z--8|2@duQ(MKts^muG7l{4ZFUgR0uN-GEOEF&Bl+H1P_MS2=(oSPmsQA%ej*4&B(< za04c|1qUUbq)@85@IV%TxNdEBis}>C8KK?7_Yw9+ySpnU~<8V~7p-h^KqH`|RT?+tScZ zia~gz1L1fEbU`Hyx{}TOkvX*r;S%qf^z-PznRYYtEjRiPYE(uW-#MvyZ!7M^?DF2B zD~~{UaiDA~U*7MiZLBNSug`c|bX)j(^DCV9#^!w*T58avQc7x_HS%Pssy}sRkb+z#owg%?nQTH=XE%YcpLAI(Hkr~87;Ynu36;C|i`nhVme zebcM{edk3ROKUJ>EpB{@Ic@3a-W}B8!)haN_yd0FIAl1B-v|h$`lYMvYr>ka+1_}a zszJ}FRS1ugk$4C5z%T91iB2U`?crYl2v3X&61v_b8svrFuO6y`$KK5yevOlCtnr<6 zQvL=_4s%)ZN`|N62B|OaNBJPt4ysuR#B@DsVP74zrVYj<(2-tzz9a=OGf-~eqKLl! z(NrvdZ`C}jDlB^*q+7A$qeObLy!$pbr-RNn(EK^;uE>K z(1vNz5T@^Ta1Du0+WTKr?R0msoIt&s1CAayNZ^b^3>uEg9mxT}(Z`j);(xf){(YuxgoPTap8o=R2K=q8%Cxp4k2w2|-Xh5wXUjbz_I2!EC>uR~#lm); ztS?lI;%1_KX!0^xrePV1WXglxWaSMH|I1enKqce>+>0E=eM__Z2dDUZi<4C<34D4t zG;gHxOu2T%FqtuJ=K>2wj$Z8L`;WN4plw2vBM==w4C8Klbt;&n#(OX&CQWPm??o$naGM)ZWjpUILw#OH^+OJBx6Vc0vHp` z$bw0^WRYt>Wv=es7_QiKv^%Iqc|CgJcFef@sofl2QuZB~)pd*FJQP zoH@@uXw^KUb=qEFO1=!j{ss-Xt9888zxtzaJ+seklB&_!c=Y!&^)8d9q%!rTx~6{=aQCn$ z6>$GoL;nlL=nJlk8^sXHmRh46U1?Tf2iRZ^~a=;$J4`scXW@e3FGU z{2bc^scP4NwIp-oxD;@-|HTW--OA+rXwioHVhY|nPU=NeNXEnuf>h7U(<=X{(mywF zSf$^!=MUq9ScNwOY1w)mN|#t4&$oHW1&Ks$gcd~u1)fK-7}}X9Z2Fz)kUd*!;Z$-1 zN!vNLudV2lpY5v1x${Ih?tmr(&!o{2T9Mu%i|bi3+WQyIPBU4aTvxi^tQZsDaOE=( zPBhr%?4{>73(envr_OzoyioR}+rK$H=(|uO=={6Og7o@ZlFPzq!CR82!lAykzKY~O z@SmT@|A2|fi>lA^_#>5|J*mS!$0pY4JoaC%=>d+o{OvhoCnPc z03NxUVXp`!L$2^sK>K0*+?G$=?v*w7Tyk7UG|?*$To4)&TAqm#x(rXUa1z{FOv`dp zFtiu1Ny-6B_+JiHxGoqHc~{?A5VSMs(tFdM^-8sQ{-q9*O5x|dcd04N;)w4%Qf7U5x$*I$>*(9n!kK?#DQyFOLO>au>TiTc&z+@iWfF?p0>-y$uM z=HA7oEs|0fe8Y$Agf2s+>BO4FjJ(o81*~(^9|~B~nyF?GX9xT&s2)pYdLigkT3b^7 z7Bn-cR(&UQd>4HleD|c@3B@V`lVBlE)R*$$D?8qVqzabpX`=qz{i6rHUZ=aa8LSjt zTTu@jbA8-j-3|bK@9wBPd%3mKqmd3)`9B3#`B&WOoUu!`N}ATEeK=7&a363ic~*@S zvPzVmo>xNM-SGGEN9kBy3MhF)B)~o9bRAoE#u9?}OA<}AAvo0FW#h-a9(@N4pUXmZ zAK8Arv$gdZhHxvKS(n>@K_GDdOF}W; zAjBF8O0ojT@wlijN7m7|hF@s(AL1y?&XApx15lA=@V=w3P=w=hmVs7~BV;abVRreRl z4FC~!OQ^KX%QRC24Zq_2Kps19j0|PC`--g@AbNc|E0d?N-k7lHGdjbLf9ODem!fBo zWqs$fsGr-h1}UC_I0aX@@>YBcs_Lfb)n)muK`2(oe>-iOXZOnJ9qx?Bqo&V2ZgQ+z z>wDohT5(p6qkWplS2S5@Xx%=bY}PGauzhsm!M&N_;nBjzV< zI_I&%7NKNZHz?UC$eOnw65|<%11}~xSe~PChbw<L}{=~ktLB4H5$WFdR602{agR@`U|vsZgY{09q*Mt`Gn2Kyal9v@9s2Exwf)FCOGydX zovXrRyeVG|Y55(0uLaUM^N-pZuce0opfR z?VxtiyC_vj;No(m)mYxJO%sQiI)1yxU*-;0zO}7yHcSXlS`fF!@5H356i6g-0YgKi zye_+Z5Vd^Bs)L{n-vFe(F3Dy~N)DLzU!7UtTM*D@+<*e!s55X#O5?Ge)MkL1xc5Qo zanCC+%y4JdwX@#CR=mTvdWtY;SkUDl+d-vAsv<#J=Snl*u0n#bxN;~_#|#6d*VPej zxVdraT3xNnwip4>TuRTy>5F4~3^nujn(b{I&)}d-Q$7XJBFzH2in9@3t22OQZOFjt z3}M~J&d432+A!%3-CnI0|MCfvJl*gk47EQ86J2-^-P4*y=;S8)O!{e>&Fz#Y&ka(y z>dB(pns4dfz$qW!+I%+6Gt?lWjl+L`HV6&S|C+{T5wopMDb)1pzNTF-Vdiun%`4D1 zV+9=neDC*lnOIWpMF8{JZl;L+94GldtnQToK(v z$P&Gd%{gOEPsfw)bz^LQfl{@A%WHivICom0C_9akPDCnaPrA!Xp!04d_ z{K;lBJwX&)WC67UFKGjlHSMvvC+4lgaGm(r8V zcTrz$U~8`My|qa=UTRH;T68_&yYkd6>&)vil{0!W)sNBU8M-YWL6Q24^Ok87gqfXd zO$FOfZ#GwS5vE;~^=0ih|Fj1}7Hi~Z6<2l<2Vcqy27}fgeT3|PAIx8?n@M^{OxZoF zy!o9BwQ7a)m;d?hQ(Iq!r7b20h2I|37xhEyc+$86Jyw>lrJ);(ZPy)pg=?>evj^8t zjnHbeyl!RsSoK)GjO4zdSdQJF!EFF}w=A2Yq-rR2HG)z3$-85#Z|^QU$vE7rUDF>- zc&wjaCxVxVn`Zp3pA}n}_ES-7?D=zGUei3*ZVD11?25f(;(K8O& zHk&KHWfG}E77x}pQ@(g8OL@GdzroBT-yBp}N}=eylA%=i%IRCq9!cD;1B%--lqe?G zN3|O=N$wBDp!-AB(i7&jy5aLJ{3Mr$NYLfMe(hklMEAfSsro|U8~hLNMd~pl34%SqxZ4<|Mi9_Xa|!k2viDPy4^dY=As#%J%YR` z&sHv$69_e^mW?T{DX6GYUsk}bj%bTls;axo<#$J>rtEQA=q(m$_Kti zgnM)_p=>Z55nA{$q`7;`EqRPi_@c!4#ZJ$(z2Ojs*`L=t7pf?Nl2{r=r!;xYI?5+X zFWimIyj}Bc&U>=9<5iNWw<$InqD;hN-=1Kw7}^&$$7GT>ciX%XAPb&&23u&0OjzDF z#B4qrf5psv(_xYslVEtG{nMG!H=hNHif*^a__-V>14p*AORg+bxTr`2!v~AKcNM%I zj93p>D6%c`JXD$9H_Lc1pK~gS%J7?+ih9l2oxkif1r+w|3k6K5|9%-1mo7F@x(_#M z$3Ba4y7|kRL?Iw9es14bz#5-8%~e!1Y6y0bo6%t7r<_I{Q8PP&XyPB8m1Cxf{-a^J z1NP8a^iSxnM#p!uXOYiHoPcNB@w1gxw4il^nX^-fCULf{r{Pj_KLeA4{du!zpP$t% z3PlrO`*TY^t+urT*6)27$2u=o6$y|Pr<-jr#3lV_NgvN_l7(%4AHErQrEoOx zF-hMq{^?8h|3=ILSyfn`sd!SY#Gj4 z17=@Fk5El)2tap;Kd6IbgJu)p=gL@VOZm!I8-kcaxEVkt)IMJ) z7#)qNT(Dde>R}XCDQOrDtUwa0i$_NCavd_sS1j>ZfmBr`_FhAY&J+5d`_YUF-oo*% zNzaDQ=lMI8zQg(|(i6%*MkKSa%XkpN z=cwcgBf!DK(~coL2&-G6DrBi@E=pYk$M-pE3`$MaKf=K1++A-D#%9}>qx=fW;Q>^z z*}dN@IXy<1zA2IK`SK-%GIA_lTm6Fgc-=!rfovy({)m0&kI_Vanj(1$L2)8azdA8n ztln$md>IwXstkGRTjS5EG^E#0tA`8uD=c|xM8EMxI10lsVbd`rgD!rgMhx=8?lo^i zle`Jv!)?V%>t~}-AJ2%kbxD|>6>ofqSY2-#aVif`!umDmV-ny*p3>&69@E0_kZv?E zQCgSxi5lm5K-?QFa7Bg-Q?PrT3p#M5m?-R=-Ro4j$q$u?+Ve@K4&(?rcu%&N0u`y> ze1>^?*IRr#hDin~ZFs`30bHoiS6Hu3aGCB@J{YbZvkXYoy)cjfC7Op%Pd4~<^jBZu zM)gS!+;A?dc`)t2PW=dq_d|j?j=}=e$SqI1n+fWnOU*A%6)q$g>Jy2b*t&EmKhnOi zz$&{l*8Nz_5Skq^_*_c$lN&r}|0yj!RIU3#$N#=}fZR(0T2^Ziq~I zRm3o#%UdsEy*~PUBf11nupf4*eOWy_8Z1|OJM#80bxWh>2+v>B^GP!QN zvkrfdH5s^sM!$^)H|{|Iz14C=uvyaXMuiLTULPu-fiHFM-gVJ; zFJi$oge)v7j4w?5~?+zB}lZ<$i*3<(xw_kI5q zMTU8jXRKBBwv_qc=eWC&kfEr6iPiB-14%ohcV+tPQGDOtx{nlg?I+kaKas9mbFbRL zEvs}aV38s2pQ*es3|1M zQ%vbomZIXz4rDX0b1YNZZoG^`N_(_uyBVGcBX-uE(9wV4Hf!=YSzP~c4j9pO}%xbuIY(%(s*F5xc0pr_ZSwU>D_y!|$WRzLdWC&DVtbtRRoj zt|4zjrggbt8~cyw{nd7b9qO@8I*_V3W$1-^uWQAvi9zu3?R>Qn1{Gh3E+Act3m9<6 z`mC1LY8e;mC-C@;I~IPE*$$$Q!H@Mrm*76ZOwW6q(416Vl!K5=|Z@0CdH0=;?uCn`vvPu*$A=6f>K87oDLHBJ8Bi;Q2CcP|NL~O`u>86kDt4WRnW-VrxM__;hE}zWdJwuF zGx5H4`)dfYRsOzxw{nzDT<)H)B3M7MCTqa~e(af_m{b@HjO`3;&MOUVo`HHt@ms@I zsn<(A2;zvlP?ClYd?AISn`8$NUV4eWbzQ)=6Vb=rR*JQ`@s1r_X5P3J1Xz6J?gf)I zTr4ziATcQC)_PxTb5?As4)fy&+*i6#*ty9f0cEcg(+IN)wgjg*(49Q0e!NV$f!%}3)9}C$wZGaBi*4;-GgZSXkMj&AL`^@x$$0I z42V~Hvg@)~vZwvhGna$F^zsdAh+=|uUBu@AFfK1Z82sE%(6Ry!#vG^P6y6Ykc2T~< zg?(WfA2On|70yXMg6+jSl#rF&r52nL^Ik1Bfl_#n!wzfpH@W6%gFm{T6iH{cYqAQfx*XqMpul zJVwRFq`9YZc7o;*@2sc5e<{bm2draFz{-*KQI%aYkO2IK6wiLk12sZDrL??XNyd>C!76`OJ2BFRQc^(8NCj^4*L6d zNM>@nCdi2v3Fl7`{mdH|$7k{<+?teH9!BymZ(p06oS+D$I3AhG;f`2?JMPphmlKN# zL6F@FOuW+Gt5RT?dQc0T2sBP`A4~5G0Ha?b8^?cRR#Ia@;^unhRL(L%dT`lfw z?8`Zo(IOINE6qSFE+SC~tZDkyCN4W%mRU=ww)A+M{7M&QAyV^tA0ikzHUi$N=zm-f zr31o=I0JcN8|}!CaQ1;Ky|e7f4{?D%>jxIBh+CM3!64<*mR)9vgwWcK)o77=j+r=AIeBb^vyE9+z?Hn8=#y&14 zTZnbeT8!drHA-?7U|&mqe^kXYoe#+@qd0`^XO02aZ#H!0!j;)OwjDW=$m{7uf14j* znY(>iPU{!<=zg1ozfGKHTf@PTwCD0Pdj59Wf~qJGgh3vf`EdP>na?mF^&d=6MJ9qi zL^!l#YPXvnUCu*1suJBm8PV|8?03p%-YJ)au|Sw88RhIalCn)`#k{X4#k}mKcPge} zdz;btOKoUEEy{e^FI}a2*OIm4vNO#R2(d7Q8R{e1;8AJo;@<{sE%-rm;VU!j4cl66)L-K-kiK=vQ+dvc)Jr!q`L=A zO!(sfQ~L~cneDNM6WU@MqL6u6ycki6j@dWF^c-6|%>N#@mdH;Cgc)!$x8G_icGOsohRIV*!tEa^L1Ss5|`0n;P}rM1(i zdGpqFf<3gx?}xKiTfezx(HPL+&leaz-DYaf8YL-eyCf(6V2GKi5_Y?Gf*7!@G9=Oz z$WeMQe#;S<`gF#mZd5C*3vuyuY>C1-Ymqm4KMgpH+o+9_YL-V`JBJz!)E!L?oj1PR z??Xmv;lC9}V!jEou~l!Tuvd+mIet{eMZ~?#uZn7T8}mZ<5cvAI#MRvKo;ozw{Zel!0De-^nB2i(2i3_omG7gF- z7C2g{>-SGTqc&1xt&>#4NjuO;CPke48?q|`+6Lj*#V{o;bH13Sun0WyfkH4dZi4Ao zh9mrk^?B~&NERwOE0qCZ15z`j#oRsFSO~G#3QN_r>NXC^;5@MU0+cl#tW=};(w4Ew z!3(`QOn8@PsvYi3%VxkLqPb7`EmGodPAgOFgvKb-@x$k4Tk&Tt^W}5f`zO`dB?^ zLQ^QGRMxn1>BF6D0ynBZEK+l`(A6kaVqpt2%YaZ5kaTMnFV&oQUvpU%KG?XK6ODY3 z=9cP4z|AaJK4=2i^JM6$vestRSG<>>)9T#_5B#z1=iK!H&21Fy@xj$mu=_ddvThPU z=(9&2!;@=UzL$N%x39b~!LP##$s3d^)qZsAp5K=@R=gGOiQBJw0&S)J$C{AS7>4y| z#62`-VumPk*Ozz#H8F$r{zA+QSWi^eaL;;(GXWz4@4n%6on+In>1kQn(s%f%t;kv! zEkh?1&|iluS5Jhy03`2uKW?(MN350e1Zewdp#m~0MGn_@AIQHwy?s3v%};<(bR6e8 z?np%uRnD+8kZKTnc)C+Rt7e!0}`MB^_6 z&hdHhtz{V8TAD=JkwsP^zHhewV(bFXS3QkaQJ6NH+W(EnqdTNJzyvz4pzP7(!>pJf%#P zasq;`ryWt4)|$9>261YO9&15+MGc~rWa{?XYa}MEt#hIRygTM~C*Msa9xNfWM|4C9 zIa02v11&i`xdra&UN3{qqU&Dwc+*#U;LgNczPf&+YjO`fU8{n@Yr^$I&+-`!m5FFr z{s>Co(-K?sz-`*?bOsWKPYQw`liE|t_nJn#)AL3>j&YptE@)Ylj z#WsS8wzzlxP3m|O3i$^;IRJ&NVauE2Kip3`GI2!`W&2$yMI~Cn>2$`^-m4e7g`^Gl zy1nb$v-PkQ4}>*vGyte9QIvmwmLqiFMQ6gillb-}5X=Gj2oGX5NJD<(GmlVdeb4p! zS;7f%E`aOeUDUCnA*PhGw|L6GlI9-!tfr{8*mEpSs^cH44qe5@ysI$8-@foYl{h@kBgx-Op?^Z96kNSY?@){WgAwkJ~~ci{>tFYrqfc zv5~wPd8P)+3dQgHPd{}+dfeq44&;gZv`BJy3rK(Zl?1-sR)s0OZU0UFl>HA~SP0Iv zQJ+n9=-OFF(R|Xf`j+2iI3P=0$_yxDsVg=vC}3z=RyTrBIKL@%P{lbKJ0?pJDS{VA z9FsGA#1U@v?wn~F`QZRgOc&pxbud*kcKx+*-K3GSZacN)JK#-Oqm%qLW@O~q;3y&C zWA$wC2WrX8mLXLh>KnZ+E^;0oYpcV|OfoZGRi8Os7YQ>Cxjy+eabM)rNibJN8eYKz z8UMLTqo?ir=b6q8U1}-5A+odUUg;+t43{a}Q!;+qFrwjUAXj6ueh(Rtnz-sV4EPE( zK3Tpuf);#Wd6-ki%4~`99@BoKTYHYI406TvoDCb6pg%SpxKpOU#|$?i@vHt|H5||g zO8Z~@YDk>&FT@u*%tH4Dd5zq1zr2p>U?ya_^f_xlaL`F!wBlLKp$V#F{U3F7Uf=BD zFl1pYMs&B(A{b1d2W{|Ev>3gYp>@9tR{mqhvW^?HSyTt;cm8nH@wk}DXz6~VTProZOyI$LHx_w$>Wu`oT5C{=p-d;5g`+@eBRkH%{41h~pLIl`k1vWpjsV z^&Fa&y{nDl9p9@cvKcf3abP;MW)TS#e&;~1YA0WnDZ{lZ516t=4}Ug*V=7 zKq`0wC2FL-2{0}W504Mx4jdiqp^lc!P;M!*Jx|eq*RfGb-ZR{5O*5?p%nv)Ei+!&p zDh@6n@Vxy`a=pL8u^Wj8ZT$ggQXMW;m^$V_bQ@D|N9Z}j02u1s& zk6+0Zo=ao-#}uRk?GHX}lqX0iCU=<6Y|*EN-)mk29?#D;sJf`!m$c>Ze(ctYUECTy zJ@e2qc5!nPy+nYZm}iExz85cNtyGVaF5xdS{B5aq!e*6Lop*6Qwm{QbF);+(Hjv^^`92Ppz=8S|s%)9u%!J8 z(@zqu7rL{ed>x!`J-ByWCJsmvzX6&@L$BSA+wU)lcPsrqTUT(2=uCHInIyqb^9aY(YLK5n0a32ds0-%?{f=~gX^EzRZm&g z1#4{HxfC8JSKZ3(&Ls|mjg5)y)qH$qaM`@)xmeoPWNdlg9Ax1 z-kygMiRzO36%o7GE?Nifge*|tTII95vAPt>MW|f|2-hd$9{HgyAz_;f^Hc}KvWjoU z%u?8ln-Ub&fpOLUs&@)?SqQ$2xL(HA-M{L+Swjr}KrWvJeu_Ue^OZFFoh)$q3@@Z+ zOT!W6QmOm#HV~Qn?h14S>TiwMKW505r2~W{^aLa~WOUuLI-C7@z|3`Bz2xhx|36pg zK|r>ath>Fi)RZm>J2T;z@&vNgha8^N-5eQdrZ@X~`rCYQSad5HNKvn3JmjNduCogL zX-JMHMa;c0ZHX#WAO%Xv{mo1<*;$EWZj)EKPGBA-u>PW*#P1g^^jBs)>S}ZVruU&P zXm(@0L?3ZtJ4E}y>Z>>Z;t$B05H_v(;!i?P5!J*5T#B3+cyss$`uSFlTng8df$Vo` z>trzOP;X_412{^Dqa+O~%B@b}1@o;Mvv%4EGLMc*vyQ&y-5hQ+yVweq6tjcPo#x~? z~^+mtn(s)A5U;%)1qQtlXn3~MP`RaES`*M1dH=Wb>` zalIlowSNn+`Y3aad|tPP>>ql;X*sWM`=3EYBWn83AeVuq$nlzH9`t4mgr!Xp$aoak zj1;nVatNFJQP~~h1_tGU-yAj{ny=D2R1i+E^t-{X3_PD5^y&jKQ~sno-(-|1Jo`JQ zQ$AtQq(gymy_*|m(MqtZKMo(T3&<|fzLk|T&_|Hkd6QQCz9HsAqWx<9c1apZj)&~Z zQB<+l|E<* z++>pARheS1aKd9L7ATyZspHv)SFc+Fkc9Jdy`~rZS~i2Kx7PA>5V|(F!@heJ&%=6WpE+)-R5qy(IM?Q)ODlPIefvUTut%Vd;*qc`qDqd#n72 z)1?GuCpnm7YJ`Tbau)SViiQ1qAlFI}wT$n#DGpA=AJtp0UgdbjYD_h>f9<>S?*_?k z!AxE5-Uwe|1Ye5M=HlNA&y@oJ23csq16Is+D5A~ykp7b3t?xb8ycz`RHE*)}Z)3ko ztGO&UYV*)*klAp|@+G3Y3A5-y=Ziux=35OLEyC7B%G9=p)OKF0%cRUFpH~z2QE^uT z9+|D8oe(!#ECFL}%>1O7VEV^4LWxGI#Sq3KczcWxyd6o|a;KlqA<(N~w?++`U30^- z1{sA_*s#P#BQ4u<6Zrl(Xb2Jg8TLq|kQEq0|Be&(9F`j?E3KE{`Nm$-41Cn!MTSk} zb43#cN)XI(1pKHUrq7`J4GfK3ewe6ZIpw@G$frysv#q0RRGLr(TTO)JRxSLjt{Q|6 zT<)EztG(uheltWZC-v!5J7g1(1M8_%zu86O94l{ay8CBSzQ|Wzg{$~%FHz4vu13+^ zo`^XztGD+|nGyX%24xKQhe|N{M68`Hmdx99r*A}sV5=5DXY+25hrhb}vE^z|+9XCt^ped@FyY7{=mx;Xv1BN7;Tg|67!FrWO18*J&1WOzWlHzqdxTZ@y zLTuYR`BU+rmz@V_UN-GsH$6mu`hb3)P7G5sWl5VligL1nIHZ2mw$IR-c{RO`_IjY^ z)I{ZjYnzErr99|)8nBs3z^D!c%u4zMyq8ZEv?%l@=|9V_X*}WC{EUbO4?2@-u9QT8 zNA##FBlGIGN>O89ZQ_Ec%C#<-Z^IsBs?5pEJnE~&(qTKHF!yPTq;z(#xcs!USb zAxtmwV5i+uS0iON zU0F$_<~!ivwRnDft7+e7W~e-~cRZ+frr78C-8WB>v zRHjDmw@FXB`TKu?4mM+OK)fFoErzb~AW?@3WU?tHj{@r3r8(}0@7oPu*Q{P4jp`S+LI&ePpjzGv}(OixeNs^k6WQB~>>}cAfTM_t1X9 zcQ?l@TKuV9<*@wQbf;gK7I6QmfpcrnIOb%+2z=~{Vl8QyzdTLIDZ?HIGG-)SJwUp) z0Vbu4YlEcDRyRh)#8bO{cRP?W`eFBS0VE)`vfe zw#K!7dq6VBGkR{a+^i@WeGvmuWrsQ`*RN0|4b3o#x=b6T&HtEmo!K3knLn*Ya(gPW zs9mY`RiQEU+vdFYO4oi73-K!)#kJSC7kV{-^cfc6<6(03?-KOy4LAbb{x+&yNpO|u7R&?N+g8MV~{@fPB| zRPLUjepnUx3*g3do~Ma+86DejLT+DZd(D|`5>!d18NYd2g1-8`cu*EG4`h+g9MpFY zH_Lu!e?$hk8(xx)b@BbtR~A7H>5*5j#_QW=Pyja1OR|kka{j`Izqla{ta&q7zw-02l?K~_8Cz0HZt@goI+t_&i zU=rOkz)W4+4my#&Y!@?+F-W4XQzlota4lqT`yDQBumd-DGUjR_WaKWS>G`~S?LiyS zN)&!2Hj{KW@pJ(KnTWCY6rsLh=~-JoFulE^MyvD=y|q<&PDEKI=8bj)qVsu0k1tvk zbll5O#sGDO^DvDWCEsC@WRN%y+r6?dIw!z#UxE?cA{sQ)5RdPzQT%La3lRG#TVHXX z`S(_y*``95#1CMOnGp`39;u~E@Su0{LD?Z9e6eA5fZGUGr>WRK>)TDg3BuN~OCJsW zM(zYrDf8)@5?(frx7Fz`*CL>_tV=U0o4TGVLG0A9a2d|0E`9es^;UhSMArl;kZ-kg z9;bWl)otRWh6J9SOpQj5%i6l3>UuhnYdtX=6qZH9jch2(2xxcv6Z0%?UoWXWM=Odg z>d|H`m3f77><^Wq=+o`;=Ng-YgpuH?^M0v^$Y<>_utVh22cRJim4=r9q$g=ZK>F<& zY=<>d>>B@pdUu!b?KIA=OU$QXhS!nTtDSZXljXgJWLJwZfD*>ysT}( zL6La+4OF&vWbsA_bsrKFb zDwRPyQeB0&++6pY{SUqi+{>EL5#h2f+Y!lyL)Us6Lm4-7fkc1F_&v-7Y-G=CCnL{L zCTJ@Qr~qbt0hAdY?`Cnv1AO&Ac$9p0@@cUhG&+9nqZnSKJOM=OiB*@>bls8ZQW_cv zR}wjV?J43jvY8LMN-@@vR!2iFkz6Ayy$SFrQIrT80jAgFl+c;h9NUZELBj2s%7OJoyL_rb?*jpv=nTk=&rF?Lsz zuS-vQC$ZK>Uek>X*suh)JXRatyHJRFuDCtGCwJxjmXJX)@U$t zn;rK3TFio}t67{~lN`LEe{zlP*{ID1qP#y*5nV?zDcxkjIw!2(Q2F|rD_8G3A{r&R zux5mj!D{I_JU-I~_d^k3h%&Rbk^bxrEa`9>IW~8YmZ!0Y<&V*@t-)JWu3QF4jMR~$ z#7cybsu6lC3`raap&Qof!MpoJR>)vq@BuY5 z(kP7Bd+j93)IkThmiql7wpK}25zd%ZMkSQaj}S&r?Rjk-KL#zSxZNxCt>{w`a&X6? z!tbWYbI`@%x`*&Nn#1?D$JSZ1=t2h88-^E+IRjLo`G6i!oq|({_qPF9U68UYcH*Nf zwttT0S{ei}^fYp1I>-GA_Hl-*p42Z*&3~O$D4gJ^vmLzHBb$EJ{Ban+>R=)Hf$gqY zlt-iNmH5!Thm^Xuk3LC}X&qZWI}L^H+uVMG1Tj9?<@t-n6LuKlznZgc|j*nYgbFJ8*o?kd%RGWAkK@hZB{ zkEQSWhaawIXEouMn?wol31IjSyq(1a3$1Lo&2jn6V-DB79^yVg3@UU=sC>f;-;aYh z(XD-hY{ryrG&yaF30CqqJ2{5pSk|s{6aiqO7c+Sgo)!jVO9~a-m$O-gx&SlhRD=Zc z<_-Rn1|?#Csy4b;Z)KLthQl#QUQwqcI`8OnoeOc+UL@lc_Wf#8=`cdvLl{W}BI63P zR}NySjd?$de=n5cYWzDIDq(=hCufU8T$hKOjUt1P<{VWU|Y3Ut0c?U%-H-@-HtcfBq*`tD~5 zSyJ!59{O7?zQ)l3z_mS2r`X(YS_sq(dYh4|ik!phH-9N8xEYfyVfTL8v&e3vLxgL$ zY4CF;DT8^XM)WzU`p)qytQUfIAsO@H)7ygxdI+F1!vlzTzCie{WmI^x&wl)~NbH3v zs)6;%Pr7kxtN_LgMT*+hyrnGpd1E^4ni{Fy0R5^k-#Qu>>ZfEd+YVl&j3lOL0CEJsK0;7AdW4w84z2br)ZEb_RAaXAvim> z^N>%W>AM)_@G7vB0f7Pyreg(yk8cO-s<@hNqT}u%KwXeXY!Afw4p1}z%EF-#nmxf) zL*3Xd!}Hi9pIve+FWxUFZaQpKP7}bYJj@gn>-=ws&;JpiBjNaF$SEl~goStlyFYa< zy$SGuRHcCT(}aG)(`jqgOT;i){Jy#Z<0oS4%e0&t&53}(rZ*^W98z-gge^bXivNZ& z{T~Iaithom1ZrlD*D-JUj7=xty5aV>Z&c(PB!3Z1o;>-R*dl8tt@#fqOvZKP%KvOj z9(AJlFMdn#4JNPYAf5LmpzrLh$1DM=2*QUaM zGmLT^ezyJtqyvx+-u`3e7mNe{G4mg$k%j+&AvL$&;`%o!X{vJb?LU^qC-AP;zt^|I z243`!t6biqE&lfq%;9C?O`EhIe*R+!YH5aV|9zDa(MjWf z3?c35|E3!)2(ySLHVbHpr}Fg=<{fVVO2!9{j&t~LKUEFes<%ECc7`~44{$MCx{uPX@ywaN zR6z`n9u(yy1w*=*W;YX*+s6mRZprH|JH z7A_Kifg{g0lk5D1&>ol%*Uskv1E~iN&A;9@v2MfN}id~w8P@(K{a!!lzcj- z`YFYXaY|mX`>iWYUxs_VQ_8!|`%$#^iV;*i@trqx?rGnGsUp|$@g{%zeI%v4?;Q8s zd&r{v#$6t`93J=W7T%K>?ynNB9CSWYlle^b2qK0CB+7p${L)>CYW55$mW%yfQk1@|e5EGL?g*&H+V!`IRrc!}z_BhuC#)+3K6f?{Ty-z4X$ zro@lyc+pFrTGYn|NRWZQv77p7M{X?lh?ScU%j{^9)uNJdCTnVDFe+ zUc@o;``@|+|0kXUi#~js5m7F~cbZeTqDLY~aB_L&Dvn{nyPO(TU(sJnsut>$Pi~eA z>L86ZA2m>7KO)|AKI!gZS?lp;V{9IJx4yK^{AisdrPB0cBn(X()6A3 z51it7ZWgu(FfC;I9KI=%U69Mi89#>>$6$7>KyWuReK)krrEphup><=P@y7vpLe>V)`&)z2E!= z9r(d)pd3N#SHvI_YLDVJxqImzxrB){>SZr%9{}k>v<-VGPAe)f<&DuDM66Y+L&gL*1QHy-;S zq$Dh1L`+<(gTcR?T}d8E_o|CB`at*&Wzapzi*Jstv8RkxXjb@W!Ry?5$MZLpD5PCp ze_K!2=czuZQ%{w!qtN-C!rfiTLOam6_w>QiPqHFrxhR7^Kdq@)RVNHr z^VfP{UsNqDgSZ2^^^^xHQMTx^zObhlWHc<@&HOXT%8-BboQ9d|7$rSkHtNSf3yD++ ziS8A-KXnu(q~9h=iCDFVBQRS6Px63H;+5g3F0d;c!A0U^6s+cN`a!bBql=%d@iSf$ z^hM}yLrSn!n29b%dWz+id-C`H)y*0aBg-Toh}bu9<5OD@KN+n&9F2ni!W`;I;7|oj zbH4R@&ojC=`OOv(^enXb)Ie(^fvnj+}-QR zVj19qvH#L*&&{wX^f0b7RE6)sjGE|L=Z#G=cc&NMlCURE7h$z&A~gd3r4cuWoTeMp zkS-QS)R4C^gy)BXG%&mcUj9^^V3@IH{a%@t*D3gGHS;C=U7>LZm z0@n!B4u0$p(qNlBq{7tyxWOs0rJ$qQ6Vv_TWvLl%t>6?$gOaHBnX!wyaA~F4szv$p zXd;(qP!4iC)#T9nRYrG~a-}gR^6DRch!HHaaXUnlfh?fwxEoE-*Kw?1Q2&v6;NsXp z5g^N?RS%jeTxrVA$TdAASX$;xeC#$`K=jB{U(E0udo)#d>L50{Q)OhNVL$OWg+re^ zSvCInA=JK6XIi&barbN%|GJH6Ry_HE4lagmq{ zB7YlZi@0}U;K>#4SnJ!kM|sotn3%KpF;uWM>KoN9`?iqj$^si&9c~?mxn7&>g4Y0B zxGeo?yuQvmO5vxIAG3wcx|}b>OHW3!-DU;ss!p`D)>{~&7RC1Lh=8qA`Em4PpDV`I zustm_S6(vsuT|tD3mvvTbhwzfG}@ymHzOt%_>T>x-Pz5ErU-T7J^abaOU!Z{J;0oV z_sWFpNg+ixrzyJ_|NaIY`#R3gpAR04g$>^?r=UxAbB<2XyCT0c`@=X!O+#aB?X>u$ zHeEDXqje0gq*OCIE6X#?I((9lx*|4avB=a8d?8&r5aSit4b8tRMw9l865w(97c&l7xVRl#+x_bFaJI_5BAZ0TT{%O z_p#d1FQtf+^xK}8cz$j7TEh(OTJ-n~l5gh3=GKMn={2lwjvFksG03vSH)4@T4XN_Y zl_K=-wUnaw&wpgB=Mo!CCI*rN^b53KV{Ym z6`u~^rHo?VaeuK?+OU#eWsdXQ=O_m^!}3-07o9}NX)nZ8=|k}0N}tmq;@9u}K|e62 zSG|8p>9d}>#`{dEIR8P4{iT*Gk(Sm$g-jpsarZm&yGxt+POrM#f@<<5lV&sP{HhPX z5JgW+Cqb*@>FV?{TI#$uHKSU^#7i6ExJ=&#-js(@#{PV!@QoVc&88jNY9+(T_al-q zCg|}MDh`}VR8jjGpLL~U`Y2^tDV(r}i@VF(FbsUGbacmqqgrym@g=2Y;+B<=`te;C zW>Plg1)b!*c&KoL-ICp=dhdmv1=(73XT-{6qKdCwG1yi$ksVw;yG3Smwab`NomOs_ zDsG#%R!GEJOvo#yw{T`bFNL7U}%7-W6zQXrwc$ zkx91tdnl}ni8EULmrV~^+`XcpX(zp%L_EuKGx#OJYUqQzzuJ`;b03t5{2GQ&I{?oU zm1pQng7Ws;43-2@GRj=KwwBrXC$MX|fJnL{GjP)6Ch4z0`G0k}G`fC42Qe%UJ>TIE z2$_1G9WxR>o;tN*gD$)7^@7xKgUOY;wSDLNu!4=8?Vk@wDQ)zAspNiq*h0g~y`+4( zql9Nfl-!DLJu91n9%pU4M62nf5s5u36{^Pl0XS^oE+#mdC_pOEwoCqI$d)jt*4CE&OG-+BS~38?eu|UfK8iE7o1Q#s}JlHO=(+?j;d#t(+S{}^rK~XdGz4;eA^GLL?>%5H&>t6SUr0+wE+eB zHrs@wP~;gcEx3W)_>26pr}YW@ZDdw~N~7&Y5$AXihtJrz6+PxWAt>75gMqjaAmJll}U3PA3tH z&yr~t(kJ*uzMx9GxXOWsf@NjsIk9%AV|VeB{#Ot4$4%=fv6PTVZRVFiYeH7{WP0IC zjuPvVl&B0!tXB+-+q`EkkYq>Pok4>@pzuK{&CbD`=XW9sDw7LFD(5=+ppw!~&^j(| zO|VPvxQqjtu=3lFvNnHzbZ8;w9M%Yj#^^VAxrT*1PLt)`EHo35u4tPH#;fr8QW&{^ z;iu4%J zC9FXX5lJ$#>A9hz&vr?TR=ci9M_6|$h9JJC8C4dQnH?voZu#o4`qePuB&5O?B5JZOIOQ|t|$!=`JIgcuF+%Jz`X%qYLYC?^d z1`P`3r}wsx(H-I=tRUK(Tkg;?LMbc! zPo-m9yQHG&<+4@2u;}BK^WP<^w>XlvwHlrhGj93ie$X&@M8r5T2s5Ma;GZry?nHQ_}AB8=**%Z*3nSfh}9U4(L!7|g;zqlS5Gl(x8Js2Z!Pw8b&LZV z+;(sy5`>YJcUyeYuKC>Y-fMlA@#Wprg0#ph&Ah5X4jonHQKIl+O?@gyw+Yob^I0!4 z9P^ZtO5IoHT%{4U4Yqmqf_qJ&H!6Mu&?AnD2NQC$b0V)rY0eB~Z|GP8h_3rn04!>6 z@A`~hd@O$4zW@+Y_=ipxGB>wBqiS7ERAkQ*rvPl1T=jB&XhVbL78_zd;x<$N2LO)5 zqUUJPF=rs;lHj;6cQe+a8bEo)mDKVs@0F(1_tu`V;PwdW*;IY+(faS<{ol+U?RjzC zG4ks0cZv|#JA>B+;?=XO_Y>c~)#dr|{$`)?W97}i)>)hNKNhO#uEh(3*W$k?oswQ_ z7g=4g9(|Hhu^72jPeC@S`39_4zzj1m=OGLE#{-gl=@87t(aOzvidW4hdZQMaR3QFG z3ylH=5<2r_<)w{hIK?NTv2M?b8w{tP89FxtsM?v13e|fK!WPQY&wMorDS9tos|mJ7 zLWy5A2!7%Q^#>|BUa%*OUOHJX@zkDJ`Yhv7^q)t#t7;==n$;7t?S=&eqI=h9*Nl=V z7w4#*?uoHYw#bRoCEb>uw=JtzrnFew7GKh5>vinmcGp#5Ydt)cMyy(lU%q}V!5Qtw zWBkG=UPi!Q4p+50hBid$Q>8zlN1ERR^seSy#%v4tPHR3NEDXE)d;GNr>#l>5z?~pg8^6?of^}4eXNp z;Pi0BuacA8u3vqorkc!_ElVbtW_zLd9ebqIh!6HC`HRM;+rbS_KEo`Xy#Eb4%TBlZWDb z5oFwwmn!kKh27W8rz}r>*NjdxH^Jk}hACwPTq34mD(?&~YMeKXcvX{(FcXzwjXB=i zn{fF2(XZD)8l?&lzPPiYw*7pj_2KBJ#Y*JH;r^SfRW$08-KfVJpf)AW8`~PaXeE9@ zQgxo)-KqFRzc(~&%+dMJs2=8PMtAa;p|Qk72x%E6pNPiQf73bTppL}ZZxP;~xHYo* zL{d|hxHdfLuwX^)S&0u}TyRXUS*F=6cd?04CyfAQ^V^{?5pNz$q?uyfoobZXWhLrY zTF5wdS=+u{ZIbr4&uz2FmZz8%v5rjqavOvLEyPTnczFzcDYRegVY4?|XEX3kJdm9) zaSV;p!<_l<*wgi|Lpn4Ra#&-;$fpw2B@Q257$9}*P$i}PxA#+h(5*(B3!I?-&u2=g zlQM|faT!eJPr4`{8psPBPBIa~;lc7RJpqk9!m4F7mNt%h^2BZT67A&oQQS%EHSMgo zN%&L!B`CZ=kOsu8Hs?%nQI}d^Q+O^K3(J`xbgml*#|1_93NqWlYn(tl)j>52ycCxa zhrIT`KW;aXPqzvSSk@->c-=iXvSi-Iz0J05m&Fi4qABm1?AL9yy}+}tqs{wk@G|-i zV2g@3%vG%p3`x@N55R{QDnjqY!e$kCjY()~SnCP3I3#^^@xrAFJ_a`C<59GFde`PB zK>7tX`S=Ku3Vd3RGHzb5e?s*=7x;M6nB&A9y734m9Gs-g7ca*u{!H3eT3uZJHv+Na zLWV6Kl)^dc+%1dA<%$7jBWHf9 z@lPF*nheeMv~-Yzj$nFxQx<&lz!p%W4xXWLRQ4Nu{0NyLg&e~T9cwR+Oq@aex4FsW zpA1?;L49v`x3@l9kWtbPMUUD?kpD>BB_fsa=KWzL+G?%W|DD@AYunNCPVIX+fu&^A z3)0B74T6!xT#ei;p8{317-TeKhJ8SR$!>f%yV1VR_r5RFG;B5R;^^jBfb$GbP2K|Z zssV|B!_s(RJLKrFf|Ba#Cnkqi7JObh(;n;TyZVlFp>Y{^)fF+TW+K$5t@*NJRk(Zz z_TI_VOt-Rf``w!JnrmwmgR^tvZPu8(Dt0JBMDfj+7*epgbJye(?E|@&3`g0$5h4Bl zSM)3I1NK%WjQz;(miRQSbj7-#>!Q%E9SFqtRcJ6vNBeOe-Yt&dp=%w-sh{z68$AEo z7}{$@APu6cJbd?(Y-aEvMIo|wi9K+9!5Htt1{yUIeDt{!Ni&mI0Dl?>YhDnP ze&4Oo4@)=4F*CbJVdV@oP4>9|o&Q}z(4{cOv_}{}*?b+m7y6vtw@QlSMPdJ^KbJhT zcQCs1Y#~d(AE}3zTJ9o{Kll6+6wDD9tR&h9>wG3@eK_&zv%CB3UyICx)x|6^$T@ZKN&SX~m-LcMAnN<6(bCo9&7J;GPGR}T_(&ENVj9r81e4@n zzdTLk17s=Xhf`;{B#CaNc=3VHGl8%~vkO2Z%FK!LG1@Zr02+(`cjN!3v!PHF(r@$! zvev`uB4|0l{0siU<4N{;l*5%K0oszR4DaY)Gp`-{m?MhjKi1 z3eOSg1nx_x0FOdU;e$3-3G2lr)ZIkB6J@-& zPfxaUDz)WIO=$^2k|b;mEC=+3iD90RGk+OplCH?=d&5s)GpqEX6NaB$E)%$|z0V}` z0rr1AQwePT)+QrniDpyHL5g2`?-1OB)@m?p9YI$L2-$ks|Fyk?F?M>Kin2=bacg0| z-6TCEw}SG_VoItU9G@BTKa~Bi_pOWKA>qM128VLcWU~A{bM(Y_)VdjFQj;O|u}db7 z#yI7)97GWfbmk;-6Z1vzWD6eCdA$-(yoqTAe(E}0>T~XN{#12MdUsudE&IbHjm%X> z!S~kDE6!Y>6Cn?ANVOvgqIAYtZl+j#9y%%`VSkzYawQ9(Y}x#-pya_2lLk(AVaKt1 zh;t#ZZ=VGWeVWiL!ux01cF;KsMI7r^IgUl@g}6x))ZtZQL@TkoFo5L$$s+U%C{Clf z)gydW(J~#UlptfI2?MXDMp+MUT?qOvJX&%$xjIFLRT@LskO%X+l(Ffn{DUmp zP*?$|Ob(U**hv8MnUx=T4|o+mlecFo z6>r3I_bEHP0RSP|Fi4S&& zT1ZhoRPZu1qKxU1V@zm~Bp9%yV5O}2t(a1nzYHq?kg;Kff(#rte!%;4F>w?#*ZJ7% zcCI8YM{_`cUZ&@*+19_lo21XM@SsTa8N63QDo$WM{ZN_)FmZ1d7gb|wG|{9URaoDv z{ssZdJco35(`eJ4{DB)k{yOV<*&CFZyUKl{a9`sS;@ZF^nGWnszPH{&lGDl9yD6{x z2bF=vAHKUblA0KJtm7N@Nc*JGY)%0Qex8>?(64!R^|>hIP-x?i`DVwTgp(U;b+W+ ztyw1jk&tqc5*6?b&5~JZ!MG1Q%;~fOolQAcNUgdI_9#wU zZrcHAlhQAsUA3pvws2kBvabO9{;G1nnNNMtW1a}8w7lMF(7%$7cZ3W!z^>$f3Q?@{qJSN&UQ!(8j;vt}M!LAG=-;M;B|0h#|gt-fWE99$;q*So<0< z7gXi0XooY#GdOyp@z+|P7qMma70eYovxhwnsxg4HS5dk#aXDfSuRaZ`DbSy!ICqr| z#zJE}Wv4%_Wo%wjI3rZ!6Dx_^~Lm2U+zUJ$nXrI6#bqMH{%<`igVv}l1V zZnS~)eFalYjXDdF=#^2=NFKuLuTkVqh@t94T4lXboO$KSHnWPCr14GPcENOPIp)#( zi<&1$kTiz#AVfm43JmR1^8N(i<5_D#0PGv!@emZ*oJFnwUctxJ`*W zmD@(qMD5xB<%^a3(D>LMrMc;|vQzZ7?Ss>71 zRP(<({7=nNxGUOaB7Yx>@$up714u=w)svJwIlw7Wl73IB9zxPMXKJ(Ct^K)$l=So`?q7#= zQI89EFZIsq;^_mY-U)@|=Xh3Ty-IsYP^5-ID`7M*H?l!c-;;i$JkHnoIbjs+xkaUo zx*5*YN_su7Y5075Rp3O1sEW#|aUpXYy!{@IgcwK17oW&L^p9c0_;*-yAvd_#Fgv$) zKCbD0`5+^({^Iz<;&S9t`$bU&NZ(m+{YR3IyF@(TN8|SY>JQ(t^F=?y?vzct7;0_zH z&Knubx7V$dJ{@0z=H%kY1U!zYxBv}%__^#QtFRQ=)p=xbZ%=4)@!wx2M8vIX48zFf z!cQU-qekxdSq1ry&V|1ni#m{veP%n94Fc?AXPWWKNtpf%aK4mXOql^h3%xyvPlXZ( zYAQj&KXvvyZfz849MdF>#yjmOA#J+gRRioI!FIs~ZHVRf!6&w%^k+t729$>`rw9PW2l zLIjjl;|!=hiplWy0)NIS*o-&(n9Hi#+b)z5GM7e@Jj#|A|4rF{fA(FWyM~u7WDJJ2 zUH~bBv>zOUqyYBJxA2UCbvA->(Ng|XfM3e+O2sPXj#U`@^z%p=o?1;wKA!JYM!b;> z@9xGb6m-m}k!U^Hd*o$<1AM?RjRLk8NnXKs_8*sE9UISL#TH{LG)Gj3tpASTYTrxv z>&NQ}j#=?Tl7k5eRKI+;SodNjf!y$yUn1np2on?(dHLzk4?aui?M)ix_>%C&*IM`O5=Pr_ zMysD=v2SbN5+4RS?5dEj7+RO#A!B_r1*|>b%64jP3vDA=&hEcKZ5)~z1zK%`cP%`{ zRBy-JrG2XPnJn;?MFa33ARz#M8ao$nklBea7>AmuHDYTw0Aww|`%m+Aza$;Gq;>f6 zboyhUbLT>-V$Af?@MejFmzQTB{4B1aF6_v_`d~fX+~s+*N8for(btek`9~d-0fj%f zCBA=2tdf*7s2MtEjmYKZkDPoHhXKCTFz&9VOkZ(3z;$%?aTmhcKhg=2;iGp$YHUux zFfP-<PAXi?k!O3kSD$PkS6mxKj6=GE6m~FGZ@ZK(ux|!Y+PUC0)#^hURLG7>_rP zn08T3Axk6kmqsG9pBY~MaJowaIggI?hexF>Hx>Bd_&O36vgky1@#dQY0TX{c;S1QVnArs0=7X4uWajCYqm=1PI`E4VZ&dYs&b|QuJ>pc^grg5nt!?WUT}tBqO4iS?0=l{a6OX-!rOoxah|1$QCX1Q zZP*-;+*3rb^~}UsIJq|{$OzJ(uhryRNo`LZRqTgVhcYu@s-CPt4}20qn>WX_7(Oz* z;*RmolDqw00YBcPkATpnCCezrLO}KbbuI&Q=jm)NN}uvU*vsvHmzvYZY!y0@BJT?; z&sjMrNh6{*vI=tnQ{PhNCWP8CUMl4<#KS5l273kTy>c&A1fv`Bb7Fi~SZ%y$LY5O7 zyaZf`>EC+1-*%LJ-GGr2o?t{uf4F|GcdtTDg2i}s_BpQpzVq+bcV3x=E<1*6mfxv- za1wetwT;&funIi**bH{V3$-07rH6T*N|QBrzMz^1K3DR*HblFzyp@sNz^b!^)N zm2>}kOy;eN@5JTXMhW3@a|+4Jfo!)g;!n=M1eYX#$A3dfDfRi!atZqS>sa&-OUsAo z$kMx}8zauI%SHmi16v+dSX46+oceQCZsiB9m)?V7iUh)Pmaf+Q75 zDj+%2k~1i%AW@Ql=oBs1P*@p{F~bxDu0p7Wa=#H$`jf2rI4H8c4|rcoWq z<;mG=m)kCAW?!A4REJG^vqD{DsS4STl`pXa`Q33?Qhpo(&0H2{ic>)79?zWNqOjh# zkhsbw5c+g4-}+##{>}k2F!J@4{kwULdvCb#`DCnH*g>s+aTs6_D|!8-r{B>LV`GMq zXg)!oe%GRA4JLCct1+j9yzpKHC5R7ZMu&-)d(WTOyXlHW@MmYar~A*!?oc1pj}*LD z-2OoLG74HSCdKx%2!9t7^N z{)lm-zrwa4Ycuc_ePp@;B5QmW_cAAzUF}QD?=eNm8HmcN@m1Pv<&lxqA(>u&SBxzA z>o<$%X*E0H{x@|^uXw%-ioO1*h@qxDv1)Le)}a4`Z&6FJkne}7uIr7QMnk&@Idse2 z2{tk-ko+(x^`pIFEb(VQ+_}P$D_}3^)wuPs&B1RG?ydc7#~mysxJ83q3k8wlFnF~2 zSP|d3tVW$qbuINhH0{3FS%{DD$7c*U8L3Grj#d5|{kr~v`1vA$3)c=Kz6MK{l3rS@ zCi6?nKZ`D6pwAdV_GKKN-0@~qs9nbcsjMTL=4-)|&s)LA>EEKA(_^wv>DLbOxDes0Q7R$-W3C#d1`%cxJNw7 zs?gnGq?z75-&2dV8177UV7kEp&f5iNFtW!=B&R&{_ZiGCih;o-%tAZg!NBPd-$CW} z_krg$A?F(C5_c5MLs=CBAJK&S)3RfAA6r)P!i*uNE6EO$M?1 zh<&Ce^6IOrn;6%N$5rQa;sHs1{M{0jB#Q>RI9*=C0{9kC`qDA`wu*@K_c> zAo+BZ2=Yb?5f97StA=aqAW?0kO^o4$lumDE?6?PgopLip?kkf)8t;JL+|YkzFU2aD zV`Msc_a=9lD|*y}ACnjB$qfX^Git~`|6;}r*hpoTmi8=U#OjlXZQ#>Zp-EkzVA}(s z5F4fEjRdbFG+q!jsukJ1k5%tVoe$Vb_FrX;meT04__&IEbY`4Vzb5gYdR+L{ zuqNQyx@axwhgi#_8e>eO@>zd6{rcs5S!Dt?(zYgyzQH3*qfdfaP39u!lqwMKU3$RQ zp?T-RtKj%uX%(`9w-PySFhZG6Oy@7vao_gY99}`6SnK)Ib@(YcM`hh~h0%@@yWrFw z=;sD}<{)bp6#>!gd8;=lEPniLh*F`jSt}So(E!c7L>0xx$dbD4?NeV?%B1G=vl6+F zD`Oa0kZ5i2V$%4D_9-U1HE&<#BKRQPJ5U;57x_w%YN%s9x|W8p1dE0J_`Rz`FxkJ}^G_9*vr2MH9R(G>&&&{l z#mRM6r;=>7`vh^{u0QFBZi(V|;cHw+Ibk~4KXEUm+S>$SG1zhJMb$^7I%!D6eCUU} zA0}y26q7OC<0M4Jn;Ts;cgf+nFjont1e5%jyLl8Xj8F}8mS=fImPmX?=w01>OYo;>M}z`%`3a`F-*#9JYnIEbDmfZU zxs}@qTZ1P~0B`0|@pwa+R)14xOo9|ervPmZ6%=xiM&!n$RJJInI@oSy_7(`D5nm?x z+&_Y?Vk+Lk4_5HYs!og=XExx+ut5+$l|bKHHr}YBmdkO>$fAy#8GjCbYP`3d*3-Vl zoGKSg#{Z`J+;-Cyn|Iqjw-egS^BSyyHnI7GDv)ctNPWl54USYFX7UKkoEc4JI zYS*6mSq|2r2LwzlW|TFX!*B_+-|Jts`~w@ca0axn-;II_%5EW;$H zhcF&ttSZ+J3cO2y_$eG+b6Kr19^QPtcN!QDG`KHRtfsDGe1UQr8;k^%Te%eiLM9Kd zK?KAr%j_4#56saeA+*%g9_J_l+?*P0`>yGiHqLK{suz}-0nXaO_rM7>ZY*2~(#*#E zO-1GgRoXWr#;=6+Oeycky@;RIRWX@zDo5>(QQE0E%zY+UxY1jz@HsOw${>C{EvbBE z=-c6KX$$kdC!sMf8aQ$1W2hWIdGoxrF;$r`&U!JO&9|AeTU+s@5i3d~sa%qlu9sy{ zgvYQu<<}xX#N12_*Apfg2NTTM1on$=TY9Wcdzo_9h43(6P z(n|EU=))L%wNm_-yrfbfMgCp084PvmV12&JhtOL`Xh`S1c>C$&|H`}ee7!HY`2up~ zjsWjwMJq-*8Vndbi0sn;EX(l0FYVTU=sB*Lppg`-opl)1CBgk*{<5ko5{(>Hn!}t^ zrE3_!g1Ra5iV59!;@G=l39GHQzPk?`-pl!RLQ?$>3nnZbSUy$zCDLg4Oyh!QNAnM`43!!< z$^WfLN3jzrNv=qFYR4?$DE@YOoJHXuioIR`m!7t4CxK1B{wKSlc9?U(YlB5!xbISc z2Sz|6F@!ytcXLZUXg|Os3Zs#ciO)djQXiKg@H}nTB%b~siU#^ZV~p*A-l;#bH^c5Q zy3S}l&PNfW?!m<3H!elWw|G4L;pSxp&grVY_I0ef_U4y`f>PI)koVudD`@wJs_}^h~ed z$2vAkx~V{1KSE|^O=Uc}PLcJ6dBoJG1Efy*YS?Kz4eAZ}5SvC`F7CBVl3Bfp%NfN& zlr{>1eYR`=42!LGgEeW}Ir3&O!4sO%wcw(6KD1+TjAqVlq&ywjawLZo3Ry9cF8QYB z{JMqmc@x^0a4Kv~XN$Mts$_x>6FlNE-X)WN2Ent1XvPs^$>X?4+>#;DL1z!Y#eCh{pD%2wdYef=Jd4RlvF?|$GU{&oRA~txPKzyP35?GQZP&`c?`UlL z;5U*$+KzjwsFjhC}N$rJ~a`6T?W4`8$z==s$JgY~X?!2yd1Xe|Hw)Nt-fI8bmNokDYQd0My9oXS0C zOgm~Fd2>2#SK(JsDaCtS61EV$q@(vBn!?5B{v^@-XKVBPEa}2aJIlT(g9z%Z$3yn& zU_mD#%Hlf>6T-_2n3=hy!Zw5q??>J7@oBmvj25+}w2^x@k(7Ksf6=+MLIc!>+%+`4 zfMEtcgOFwZ>2>G~QUyRk=V#Y;jL7+M-(jvk@CSZ%BSB@`X=g*X=QmUA;7y_QRp#sp z>HqRl3I7wE`hPLeh(}gSzN9&-7-{vb912T$l^l%JunWd+V+ZaQp#Zk366?#nC&=Fl z_4I1Zkv1rS1TeU-QIHEC+TWAd<&JH0vH4v5sH6Nd-{IjJnSJnZ!B2$xbwEgGhp0E% z+S}?&jn^+I0~9bJtr|cJy!Lnt`@qE&0Rusy6Izz@r^pRqR`78&RQ4f#58ukksmY&9cUrCraO7v@IgC=7?RC{KgW{ADbmy6tWf=sEV zeS7urrG_cYHg-2yuM#6&@cy@S!P3R!k3ZJle5(GP=uyz{b7~S%YDgp)WPl-pcOdP} zlOOaI6m$C~{*H=UrcvotEMVt8pRPKp35A&>_YPQoRne=woJBdI>g-#+?2xL8(o$6R zS=Fa`DGrL=lz@)OO1_H0f~8w35FKc{S4vx7`el6c_|!)}_1ef7H;+p2-28h(MUY#D z=*B|!&1AxtqFU;isWk6Qp-|Ug5OLNT4avDWAXY*K-LJK^Ms$X|M+m=UMRir5acku2 z3q$N&kPlPST&CBsB=Lg`NW1geI1F}`Z%_0&fWlz&)wnZ#J`=(}h^{zHj^e*8eyhvS z=rxomH@&jFpa4IpG>-l5sWPpOK3j(hN4~%L^46nDZpX(sIk1HY3!%Tz}{yP0{LLHyOIE0KSQDSKM85cQYz<_?sB#m7 z)954Xz!#AijyGa<86Fz9E!2v+Ah{QT7y{jYjs&o%{BUqr8*@p|WehOz`D*p0V`jFC z(qRVEGO^4b=H2mE2(T8f9jASmL7F2GOqxy3QLWSsMy+z%M=PAB?JzK04$2IXFub0% z8KMmM0e^4k&ssh8rp`kFws|w4wRwFeN;)UjCe1(?c36G>KtB-A%lFbG!~p6&xor7B zM38gdVDeZg>Xvf`*6+x#!pTOiK)jQwKd@rm-o*Y|ZTr=x5o zcY}hq2mXzA&j!}96#w}~3d7wVm42&BZNuDv{J_8N+ur~8ztwd9celF`fGXp9rkAq*hLM?SppBwIQcI=E?YnuA!m`y-g`8ZwvsX2jvz8|=eoouGcdl;o z4p4)+FwCg^?;&3maz)i-k9^@XWe4FuaihN*8+G)*4|u+hIyj#t&9QV_N!kLTS00+6 z2)N~0A!|EhA{9p*%wvg^A=E_l{+@9wxmm0ELCB;>ZjPPDYsa=A{$9e2n07}|t5v!= zgz7Sa?tv8R*J)aRCmw=+j1&bKbG%TU*Mxg8Y}GG|a_nB-8m8qFS{c@IT!=(pkb)Er zAd>=iKGS9ugJag+U^bznz)NSQ5Popd*En9rP!-cMN~xk2tIek*WO)q^<@njorp$51 zdnYqX(0tr}5&Z9qx(*|onUxt;U%6e>ulLY3^MD_Q_4b^rVD9#|)*Z2jdQTO;)a2k@ zG?ZO?L+pCT`h@My6jV3HOkJ( zs%Zo}%p80yiAT2F33}T5OPme&1BGb5VO&@Z*|(|?V}t-&z54Jd`n`*JRLc&kqaYdD7nb{wDm*(~zxE?Prdd>=EzjZY{CD#=j$!R}Bzh&&K)K&DEgO75poPA=I zEe8x(Ou`&c7c6u)R4tqCCyjo@jnrI99Bqb_^ul478fPIITgjN$_ngt5zV2`6vgfVg zA4Zbx)jn_i*X=UH8QIYpWenVB#ZmD8$jtu-j{c3^R-!_A=93rrj2!q^LO90OH3Xl7 z_p%PMOp?rhNa;SLaJs4AC~v)*`^w1kUsb$QAaAKYg5 zt&M`)eQV^BP8!z%pMnAJ6vzg!6~5I7helh}>bkpZp-W`Pb1h+AYXC;}BAb=!WZG`4 zlQjFn{jii%f7aZP;O(*X<2|6J*K0S~8zX&u>Tf$fV_F=WdPD?7gz=rL(FDIqv=UtI z(O(G3cJ7_Q(eu?hzgQucpZT!e|@Th<+ZS%)uUbbNGa+#C^G;mxcjj6m-* zZKw9{VF{NbFnW4um=~ z^~5V)`opI|G^XF59c#d7?GtUJrqC-S$E2QLD9P!dkK^qFMn(Me<*H8uF|s7#*2WvG z@ibc}d)Ev<)@twf(@$ z9|eGeIt=OKIB_ucO6RJN)4AzvEQu&JMH}3b#K{wxkHKM~-ebLY%ibhhWm9tK==qS- zn|%&=2KmF!t*nB{oJ6X$IU;C{#rjNKji0|NsKI3GL`o5fqM5bJd8v?os<|LwizqRv z2S(at2gCTG4Jsz}M9U_2B+e~6ldS@(Fgtm~KrSe-W;hFb0adfqj@=~ zvh$NhHnWvt<|z!6e9~~5Gr7<3=yNTZzj|CQtNY$+Kw>5?Jkozy}Eo#Vp zuvl%Bv!ZWLWQ<|pvy}}^+}Ff^pdgC=nsd4207hnIYs)|M6!I^6>JLQ($fn+Z&n_yF z_=l_ei=M;G-AMf7ApZltNTVMV++Gj`F&a!ta(@*)bdb!^eIVxKBN2zmriXs^S^5_; zOHG)>;I6EG7dYR0EoH~!?=z}3SLrN^i{2Z!v^mBD8B()M zZb}A2s2Gg#pV5*3^Ch_k1DNqsLi1@hYpxOs2FO#Gb8>-q1VGYB=AO{l@<2KHh!~uE z`2??s@0X851b?SX+pq5JbuvB(*xyyuaD!mgUsd0V5jHW$SJ*8#G z60&Z)6-X!SPXbZ=M$iunZvy7GT;W&MUEjp%_W_iOR5k{=@O_mG$i=hBJ!DW+qdNwY zE7r4X8r>m#kWC|%Tt$gt`I-eA+b1Hhn5RVo&P}IdDD8xW<7&rjd-{@0s-{^W47sYi z1#3na4yGTm-#4qiTHne#062?l(0)%C?Cf*`ezpkPp=gw1QqE>M#&&C{J&YvBZc~^= z3|+6#tZ^hTCZ65w@CqQVcH#K_)LV#K(?;xe%XE(ib@%3Wzn+3CBJ->^1%7qn>j{nRZ21o$nm7`+Pi<*qU**e^OB-p+qJ6 zJHIDKm|qljDPo?6DKU$Zw~=03P#D|@pt=p5#JvYw6M*I;w8<`YGqw>m6S z@;0Kv8#gpNRv@Bkki&s{ITHE$zl0zl$(x`+v&}yYoDkc?HtfSIR_#W{Ce+@6Gz_s; zg2`-#GlQ3WqKm2O7EEo&UK0|yYSp*!%(@j>M`Cjyp5eXz-d7=`_!~QW7thc6UhJ5N%!Od!+e9%2xII zN0VwUTfe%Gq|IP4_y7`;yk`B_StYq;DzMTMbSYDSt+exY9+T35b`c|~&tZ@os(9V^ zko=j+bKf<_%<$UFdl})%LfHFXjQ3o}*uO@E-2W#K?)ML!N4^ZbWf%MBy?^J@tlJo1|z9=UH06WR?mv@atP6kYRc#_YUQgZnL}dxW-* z`&ne-HSONlqw5PXGKUM_Cp0Wkm3t1ex!pq6JkG7h)iXobzl7;^&+^vPtU~&aL~Vug zaW{}OdFPPJrh_aZm{GMm{xEn+&QMQ_KHac=!!KOMM@h6KY@>wXl~F#PW#%f)3S?M_ zc8iM@Y*By7N@_C7uwO03kMOa~mU+0!dc~!!Jl?d5S^Y0lO@yGTX0XxM{xJFRnt2P~ z*_z=sbUzF}hzdoDPZYk!KQ@RJ3XT4lOmzG<`mK`EiEfZ!ne{f2d&2K{KHa7YNrLUg zyxe#{6d>9vDEv{0jO6NprZ`(*JoplYL)j+K!~t8nk$uUij9wuzrWx_8 zB)jQiK>*r#cO4`=TfP?U+e(;M%l_Qk#=|4yc({N$uU}=@Lx2neJalZgkKSh&jhU|% zWo`DV7yR=`F+noSl1k026a1b~HZ+>1Cog4QS!;g!Z@?}Jt!*Mypo;F}svHyPPRstV zlZP3Qu{wUN-P)b6m-+dtX(Ua5WO?mL#DzOH$b-z?w-9k4zqAeY+Xl;D1q0`A%6lya}e*PsA+^J4`xp-utU zaAN1WqfAFXTQB_2N*mclhpw$>S9aog00mIXePx$-Cxo72-;8#cF)Z@6Bs8L~H z3Qb3<^ZiEyBC&FUKN_Pk8JB}|Tp^`4P``JMV=`)9)4x2kY*&LkoxTiQ8OLz7SLhrUmltAE>p9i@q)F)H1 z2qg3>h9L(B&ten_bSy#Tt_82J)O8fsaJkUH@sRh}FyvGWg&Y;GHWC7Sw+^63W_%^x zSw}0~xhHE3@xqRm3}eWhA1COGjQG8H;lmPOGzowqdc(&X;726kR}_XtPA9FlpXz~& zPWV1(ABwKgB*|Vl&za1s*hpns>8d@g_QsGw)Gm2A>6WZC&JBRc1?XZ8-92_sAJ=vE zjhxcWY79+e$(01W#_))6u2!*0vU1r?E!tCB@79Q&6@m=r?##P$PC+UN9sl{6c#p-@ zIsY6I$X!3F_VFPR>8IYU7&zMQ4FR6Rn?E^5GCqIcgKR86oLPea<4H`+@eoyUZ+S>K~@DdQ)R@@$nLCMG)nlm_sh>n6Rii7G-t@dlNd|l2a^<>1C$fRSYJm}1D zk$qvWvR{83l5&i4<6SIry5`jetKxQ%kl?xo$pQ9tCaj~`A0 zrbEg*>Ly|5zcRuiy1Pf4;Z8h?wLQgCEl2*X;6IPk`_Cr<|NUopzqBMp87XYL8o3oQ zZM(|4v9}>rdE-CKsovpt*Za0UkdVGA`xZkz22K3`!miD2_bm+sPX;(JCdgN^SFiT& zZW-AE5fkvY?&`NIfx;tR|yc1yH_17 zEaEi*&r*6d5SJ@wF~UG?QFrw<5U8z8l}A{C-rcuX8Gb z`kp?>^dSv>jHo#OOY`N=lCHHyorYUR5`?Xr+ph z+qYYPyZ(HeUF+-r6uSGLM?~9zOC7;dNsH7D;WBvnLVshgHNIB(kqLuBITOv|Z&!%D zRz^gEVLth;uy+~JCxyg93)Imh?_I6n2T4B)Utdw9SNm&}Z`=)8(!pT)$U2?B=Ys9nW z<7-TEeK7y|h)bgorl0bAd8<1eJN#?esia!FNkh-TI(4+mPwHessv?^`D8@;A3zO;+ zptujEjcylIMq$6>V?yuV+qJS8xWNwnZu`u&UetX=`s)jr-GI>;sjzMBklakT?Y{(hpYTFt+AP%;++FDb!49+a^?t=GtK*2=wy0Wjs~=BJ4T%IMfC?b z#baVc)CAe1ENoNO*=wS7$arslrW5Y>e`|; z^3sq+{>yCS_0<-6RwatoQJNtIJ$~(mHr8Dz8J5mXK@^{!K#|hl;>~epR1+zmtp7Mt zMXRjdC0^~WRN#pX1kUWSzBCF3dL!6`*q=v_Cz;pRHTJK8GuPokT{OYM{@_)eO7QEv zlw)t5sSTEH?||Z-4ajwy@79*9u(r35qISlh8j%2?1UaugtpuaruVk9fgF+#}C1vLAXuse(bQYz_eBvv30C}{iN^n-SYP(oQ}FkK!!@X>M)JK3nPLj$_zuf=;RN@m_LtDk8;Dc_^! zM99e>MAxl{f~5M!KV$FXb!1(6aA(* zJ!SuRyf8)r2-?q@K!WG~=$n6vgY1FR#q~IKMQRj%k51mT8UsNZfqRrOWNXaOB%`s2 zlsPOL{Alc?=hw2)*D;#}1K${hoi)e#)N^xd$*zo#wJ6us4fkfp?Op`&It~v!=11-F z@hO8dvDfI&hl7bI#&{vDOb1lqg|$i0>nF$$?k)usK&%i@2SdY8&v{^q%h?GnIUh4D zs(~z_ui5$IIhbUUWay9pX?KvhGXfb8yb^LI(e5)_0s5*-iv5u7cQI86w2{V>1xJ=B zbit4xOB4>!E!~oXfE;TRFX}iKBwf>UEohMp(s6&e(`Lt|?Nw})E(MJYXzV<}T@eG$ zp<5EH;OV?8P}~VjBy6J&63(!^JC5vvK!4!*lHl>RJ-Y&6Ai%_Ba&{qW4I_&q$-kFt z)KeDt5^HxIAc8^E5hJefbob;F)#kI5(e@dn86($q1gdN-hI^!~hfNnxDFM|K(Dsr+)4xrWn3oJ+2^!JQ7tbg9O; zY>3K5*}cX}j|q2jGNB(&o`x$2)+A9DeVCKM5Y)fT2Ap**{=;1Ks45 zTu%F_z;5$eIFVky6y`qZGh)`BmA;xxI26Z*VV%VXPVe$DJff!^Ld_>^6_-G=$;^+D zi;hh^P3LEpiVx`(OAQ{fpAZozv2f>Uy_S}q`d~!yNl#*?yEO(;`BEc9q)Ppw9fndu z&*F|V!I22S=z#ZzdqK0*hsxN>%qF?sp?gfvgN&8c4csa(7O)KsD!D4Yzl`@4Zf~Z3UA^ zSFf5W9k*y`tB!T_sIN_M>0~xm@&Sf{Z~_?7kLJ^x)y8|Oh3_AJ`(=9L*S9nUH?>b+ z2ibRlnxhI81}ex4;l+q^MK??OqClb_5z7F&;0W|%F#Qd9<^#8*Y&^Bqx0+O(z2O8Q zyfA?boY!qiw!PS8FVMj!z{Ko_BR__|2$i z)t48YBU$UsrC&xxv*Jbk9}0-oR1DEQi>DJx1jJvUbhmW)fgpZIADNOyd`!^Q&t!bT z|7=1->51;pHlf+eaFAo#2_6Y(Cy(dPPL#I!5ZQH_zaINlH9 z)9eR<=eTVFQl*H~h78T6&3~@pQPST`E z9U&-6V1GVVvFbj3f902fzk-rNpfg>=Ee;0)j217W1=@SHT$V*SgpFIgX-KTRIYP4=S2Jmi+}*!1bj@=)#YyKjw2j8gkZ2 zdbs@k{UM#`%$+*rHL7&o=$ulFR#0aACo>&>7GaVal5@xjw&^kb_VKGvM-(ZOE!Gj8 z1}`E;Yd_oO)k74fj9>+&RQrMNZ(m1IzS;mvHo#aV3W+yPn!n>w#KXx7mS-Qv9;wJ5 z=SVPJA}gjx3QUB~A54QTN7|PLPFVd2xL-qefN&$XJ9`@3Yhhyyf!Z5FteRH3D~vIp zenPe>{WU!=H4=_M)e5$k#xtB27w@U~MM`X0^(I%RAr2i6t&aF4%xuZKI71nL_VaNK zS-TPE6J~Dzb>^8C?d$zu*AE|BhYdfz#k#r*rvmJN2B?dmd<&0$5750R)}B$ps)nhK zz}cjgH0sHeO~UxY+<_LSZd`J~j}=Eec?Sw_4DN%E&H2o#r%B%E4T$f;C`qxxbdsrk~Q?v3W;_{oDu-J_Up!tX^MsitMRf86wueHnt5>h7TvUKu8X zu%S<79}h4;V?QF^+`OgoXX^47b_JGXK30nucc z8K2#jHA(VRoklAfK(2&0_8!-=4OV?z}loPdujRN+Anz)q<|uCRMwGL z&B$FM_dM^~*KG}-{VS;e9d`uQJ~=4SwU-V=%jYqR|DMAXIW_f>+X%!I zpn7dPR%ZT-zdb0)5=&sWk^_x^G}UFl%aClCIFqmYf64ce!{+Gzl+J! zJ)+r9GpRc@=cAreeOUm9a5CW|%aUeJlCMj`_wh)_G>C09t-(6HwVk@gKBrsEg(E;# z_PNpWoIt^2;SV;c;1zEr!Biule|SSQxC{5)W4AdjEX1BBy<&S73Y(&=A?!10A6aMFo zq@lx4B8?iLRg;X<%aUg4Xr%Ns>_k31Q5pcT0q@#MokhwOZH9W3Lmu_wB*fE}7JY~O z{c_2YakIWikSYy%-68hGmYM2{g)wiadAS&}G96F&QJO+Xep@BDAo`Mu9}{JC zNr~P9cBd=Sy7Q^DP(Q!TJQRJ(bN?E~A{;{=7QC8d-uzf@4tiuozpwDdVgPS$T-|LEDb(sslA=SBKV7LOFmMqtBd$lHOHpYV;5LZBsPMjdK+T1(gJ zG|feu?VII5f87hA!nY|dXS$Q~=c_znEW!=AA(TfiKHg?X(Y}>y&%AuDcCD#{1zgmj z@6{fJrO#yza>I$K-Sl1*`Rn&e6#xec&J>7?W~>D_^P3-s_p+=r(c>bEkw)4ceY1Ov z&9t|BKQq$pUc!Wr9&g$#mkGx6%ewD|2?SPcg+GFb&|5*d~%3xt=4F|as)ezJYBvSsI0`*u8KDWH| z{#_%N(G7kY%_SYr$Ug@~KCgRpVsk6*@t!_X0$@0bB5WjsTs4uYBfcj#sJbnJf%i!#$V&Vy-^-xKG!F{J|36O#G`K zXSS!15Ew788^Rdz&djUK3CsTL^?)}|JsZ%0+(9pwjgp*L4#3!e8S?i}(`S-Rk8W-c zgk8m3TsD#}qbwVN>{xDBQT&jSA~(oBj)YLd%!Y^m4G#47q*5Y3;z zeo238Fy&zWMyzVAnuSky%H&F4txp6cainjQMPfCCX|Tuff|=QDOwY17%g zYHz7jDsOseY@*8P9B10^C%p{fR$!swI_&sb4 zt>Z^Ttj_tv8ybzc$+Pw225mPi%#}RG;Ve>Du(W^%22dydTo|5(ILw*8v#to*h}S9F~HsjQa3MTH7d&t@U}l+!Kj+mJRQOZTS( z30(cbuFD(gVSMPU7Bueog0CrS1KAyAC0-I~?EXTa_c&i@$VV~Pp3XM}X!48!7nBU2 zsoreDd5dfQ#Qhvc_15_~D!0A}u&muyb~2vQ8sj#T_QpeD4y&04?o84i_G6 zj;`HGjYr|)dw3s;bg3IooNFB-EM5!kJt+8f7VjKaUHdAcT~F!@)$=xvF33B&$D!w= z3=_jc&>>UVd{*BfYX?HPesMr$3gfwZa!}F>LOyL5K8p;LR+&_=OO13_KTe)_6k#P6 zChulTFL7^sZq<`mz6kM?W5&oR9hL#`dGYpKcEpn}`;OAHPYh}X_`Je-&)NmGmA`=wp#ZTPM&Uh{*+u!E7exY5!6D4_eB=4$q_%rP_EnZ17Bz`6L8zWKlyNCBP+gk2; zUF6F95$>r6Q%+||x@p&Ddc{CCX)@L(J`+9R5+ZxK&Jx=WjG`Ak!Cyv-o9IFx;O*2KE>h(=K4obJ?qMS|@rdSJNoT*<4!QSF zn5V5UX?;nOon4Y_kxLsNm0I);V;W=8yqE`vH!YQ$TC{bZrRYwVcOG8S5-s1n^fmL? zg>zal{xlu&xmF_L>$s0aOoF;_U%erauL-TTrO6t81P=*DG9eF5vjI$N4( zb);o+p;=+53Tp#D|H(>FI)JHOqI@O>C=lL7tg)lo!+p@N!_5l)EA!jCPiPVW2w=|k zGrv6ZXYgJ7(pvS_ z8693))}Ry*N5+RwYNHg$TbH{*^AHM1AwPOfM$iOVh>8o{X(O%8m4j(qi;Q~{w(+zb zirj7>P@+VtvwI#P!WT}OBgw{j_28r84yp7dGCp-=4{tYzU?_25lJoOSVt!g29wU~3T#z;T$UDTYe6dkvZ=^Ya`?09E;%)J2 zaY=dn=%NhpM#UyzcKB%V7Te?d(>KYje|JoJ=+?kxi++xWF9iI@lGCK$W^v7fg*0r- zc>&CucM@*o1HH$|wR{Gr3wZ4PbnTXSwVC8DW)&Oih*QVhrNixX&&uojy#O=MkSPHa z>;Z)9+k}tvB_6P2L4D`!P<8Rtgb8)V3zY4U#BEu&b*MfHk){=EBL@50pmDg^rBBwZ z_0v^19!6T#*WSR$=ooX%X)H#FX|!VzP%QcNT(=~e#))u0&he!zps+^hH+XbuGQY!WrUY0 zBaS@Q2?p7FS8Z=!MEfyV9Zc19YH;NjV5y4HJLKJ5X$RqrfGiQGr}8Hm;ww7Wa2fx zIsTlpwbYtF@6sxxRUb%Pz^YaL=tteErqgkme=j?_=62&7Yj(5Br7lg7HF60#9Ljdy zy|O@PsHRM$?4=tfv~DR>(wv|QQf=!;u(>F}7+#mNsG7DK>q zdL!n2Xc^BXVW<2U!A2Y!z!w2JOX#^S|dWb2lo1O;b}u2 zJ)a^TRG0`yPG&KEcs(=BUvh)t(B!QFo+!WYIe%z~lW%Bnv;}1|YE39|0!|w6RRMvhkOJCsVDKhTl(yl|lL%iNB z=A}i82M3c=@N0|3=%Ho4s;BT*>9V+sZf#RobSiaF-ZC98iJQm1r7f|7^YM&jQ1}Wv zNh`>ua-{eNeNUzba+EgJ3vYOz<(reX-*_B}#1kHK!aafH8`mH5`|KY?b5nJJ+{>sh zE;eLmfV~>{;fZ*6yGCs*CskwV7Rj@!_YJ$v44O8-2ud-oVrAe7u@p=c;BF#MQK+la zq6V%3DPDXhk66K{Lc))xKiedRZEBs6g7R)xbOi}PM{I~}9^I9DN$l<&>7k1ipKGPV z9-;2JPw5Z0anD-xqsPC#?h5T^70zWq1|)r@0h=*Q%iZ+-IUcDbghiS%i!B$7id1vN zDZnhEz*y7+EM+)5o2Z0W)^~#~$MBm;;Q>8Ipy{Hfi=hw9G#7%Wk9Mmk7es*R@t;;^ z!Dm2BZ>?jewRsB1d#rBQ@_LdO!JM}~gG(Xy1*NmyCH9+*@z0uJ3!?dr?TY0x+#2od zoT-{MPGMH+Q(vgJN06@eNM6Paf8Ky`qw-Y9wE4M${pzXCH_-=ZsgEbE4lmHg-X|89 z`31d~w~0))E~BaIJeMtb=7yK`!hE&rs7G7X)Jkv6P|c7vBah`K=&pr^1c|}~jtnen zr=o42T_Zo;anA_+Z|uEgR9suPExHpdcyI^=2ofN{B{+m&0YdQL5CQ}XuE7d-CrE-6 z?wUY=;O_2PxLctGRMoo0-rs5WYwyo%@4S0kJNKRUcU4VU)7Bhg^xg;g+QAxHb=n;y zlb^8=2!=y|?Ss{dMSJN+oiG}?7$wgr$KSMeRlX$07*5;+{i72=?4IpY@5a!>#IslKrU5DZVhB7G>Umh1e$EvM=s zJ1gB$WL*wmIQ7=$RQS<1rXrjwl3=orQePQ%!;ln`T{olcZ9K&25zd4G4-aKbFmzNi zABlW|htqw6J90Zjq5H2d1!nyvs;2XR994S^C1^dA5=4VX!zh&{bWP9N_MY^EAI4UA z7Gn<>W+D*Ns*w1+qbocy3zaITg6oDp2J~X7Um0WypY6ntv>3f14H3WP=enw_mb1#- zTw)UICw0XwsA=mPCgUuxby_4!2%0r`dQkBUEekR{%NR_^MPNrD|J40qS?#u7)k}^d zJ_;3`81hQX_T<4v7)zUo2Lp)=G{80n0R|z7Vr(WKQowfV<%Ik&2(9LEI2+C|S*58{ zC#A0XXmT!eOR^Dn3@G6&*)rzVpv_B7PS(LXmh>5Xkqug$JRTsea&6Uf8l`4)OQZGc zgS?O}x^-m9^FS9?6;=;SNLBsj5??bSg{76y+zP;-+FNNVVEJmymkU(JB{uRsppJqK0a%DwMJGH28J%!j*9ChB@?T3 z;MYUG!^s<&mO*+BAMR?xhBji$4+J-9i*yT(xRFy1R|2l|g#b#e4Ev8O>N=|$h6J4l zst~ykR7f&05NN4d!W--gRjM7>dpam6aV1_gi1oa|4G*5U=!xG@+p-4jH`;e%AL&idmo;T37bWR!b z_U1p}6mFytJD=K^(A^x@C)3}sXzAlB3uKXj_T2(&SjYYcoV|7Or50AR=<>#_KUVG?;5Vma{{uHQ(*_q_0|8mqH}zpfoV?;RD$TMT)-6WC>MJ^Y7qGI zJ42_!gyN8-3))E~#7c!ZMp23TSe0@I73HDCymwV-aEF@lg#wIb6J6mj+(kVeU=tRm z%L9;S>R?nzCcV)5G&|iuZD-xncW`Za(3d!iN1YT)xpbdwx2Zs{Ya4c zp&Pk0`ni**JZ;dIKplU!W|Fh9qZ#H%Mcprfb| zy!k55M=HVQkmxAZ|JO(>sh}!nX9t%<;z=^rw5xCp=>@f?;8fWW`FU~dW>iz>1^89d zag06D?l^E|qMCd4;5!loLq+PYPPZ#;b+~SiH#x;uzg57-;*{6cOQDi2{QltNlA-B@ z1|%#i8&ksa6mO|@J;cVrdC%+Q^UR>Vj~{{y3p|WOj}gkt20a?f*04xD9S}t{q5&l*czFAk=Yw9IQbON%wCE^#s zSo=2c;f&~N2M@le;9%A);)$LN_Z5zCj1AC-kIe0sa4w0)&=X0m@yj9S>g51I@Si5O(3(4K;4p zfyE^ZYfj|G#ykZ}2P#=;OuZ9&K60|>jDw&I-#Gi}th$HiA^Kd@Ra$lE0T9MQ8?RCz zJpYVCuaj){ay#ec1~4i56suC%`@6nVM}MI-#bIIw@R9^*(JcTp*9PXU&HE+iSg3&~ zAVLU;5Rb|Om)~aL8=aZvoQuXzg9qZK&;SG%(vx9H+hRKol-~aR9lJ#B@$=~(XzT{v ztTE0=hFOl;4r;NsrmHA5c-C{T-4sOrI;hxDSF>}}e&XM3DKhvFW$WA;VBMyrw^=C0 zd0qB#&?30pRd|r=@RxCG_de=SXA8TB(Ki&8TsN6gQccL+={mner2Z^qrP)gwBH<&% z{&}M#7X6VN;h$$lAe`VwBB3lgNOotUZ(ZNJ-xkT=H`Ts>2n-xcVY+Iq54he+P5?{U z%oOm>J4l{_DQq{FiW^?M^YQNKp0mspiB(O7?Bvf_8dz`Z0jo3j#~ZIJ)+r<|UDjQH zZ>J1=TAWOLC+B6Ba7%fW!`dhes61V)#5Gyt!d*?XZwaVuMH2h=jEZrr2;W3kr7S!FeY&HlmccAVf(pEQ2*ERQIxZfuAV_Y zM*8UI(SS}uJ67*aaS_46*k5#%V$f5x*WlqB?_-*|-xF^2-<_0~mKuo;L*qP) z5dbvwBwMZAXP#3+(C_K#xnkh4@8ee;#y%S0V)4z$Ji{>IyNfjYKluneNRTi*?zSk5 z*X&D;0tQ@W(z$B9M+YlOHp5C|1!aWOM1uj{RhwK9eVP?=&OgN0W~(A3qGpMBbrMCi zL){XO-{1Mtc<-9{`{-#FcDwRA0UNn~mni|-J+Z;@ zDv|^zDn5jQ!ANqqMN_UKqecSX=ZC6GU%W+m*Y1k1ildW9pA-NmEy3Wb4iyqdmTF)$ z>MI$9pdBHhNC`r1&Tpo6oXy{*L!azmK9GpoWv8|+KdoL}%C8!+*2g}gC36H)EPCHxDATVL6<%uCvYvvnuE4p$Fz@Khm`iyxEFk0 z_8dbcG*aym_nw4#t!Ljsr8d6igqo_icw^Ml(cO+??x1#;nLUNocAN>JbW+Lm6#Jsl zIP4tkk{2YtCabjrBvo_e7g^2$L0m_FaIPJx5JQhFUFS?-^tlw8OJ6k96`t}Z%su`Y z>zDRzB97%{*HF@#&Zbh;Bdmy0Zf!PH*r&HG3SxyQv{9 z6iX4S;@~(2G#10Z*%c-)~eI^x-sen zZ?vvd(O-N>B^I4{i(m5R*`V5hX3+p`#OrPxjZgAVilwv!&4d-d<7mxG6BX&0C?39L z6e!vcVV7sq$bR9)`jG79yYQ!0d6-(uaa*kBFEq^w?^|W7W{jT7Dxv;Klm9NbP!Dv`uRL8_iVork_?( zBHwE4sJsQID)b>~^kz$QJFDt&{*eHT`rhEul67+ZzICzW@m#Gm#z1Hm)WuL03!7_0;z?}oANINZ{lB!T zIXOQ|^0^V0wYFn6ASJh8SKK$z3Qc1^9c;&mIwQ!tlV;qf3*#2w@&K+D9*h}dkk8UZ zgCJhJiq3d77w0>|9t>;Y4?ghX=MmPR(k+vpajm6IpPDu#{%G?QOtrSo0 zW{upQMfG4ggwifNjPN9HC#NLQ#Ht;od(ip#|4RqRSuPZ;}%N0zjtnuhg7FxjsJewJ+Ug0K#n#sT7_jtE_aABkhM8Zy~W z2LIa^=P1^+(l3)mej{AzdtEWBC1Vm}XdbR;(p|A#KX-^B-7emvd zaC8DL;?HXFZ-;5>Srs=_m^g|iI$o3>3_K$$QDUVldq$aDh@t<1M@77%rI?Op>QL2e zW04f>`%v4^o73)8IZedIc5toc*kZNvSf#fcfR3Hlkmzo2S%P073M3{vPDJgSAF$B5 z=S}JoXhWuq_gU^NyX)o!qQTW4pPGSx6yE!Y6w*D0hzvq#@}Q`+CxX_Vk2EW_DBQa6 zf4;P@%g`6<{aL~5hCL(Tb=B*zM8x4(?dh*CBlmos8^Q7e4(hO4UK?4oGvN_HUKm-N zvqYT1LH!NQe&iX&B^i#n=MUVMu&BS(6TR!kdb9%`ANC0dyW+CKoV}p+^ZAQXq>66I zZ7_NT$;Y)?82)=nJuS*L7*Y6YEZzdV5ges4e8}GcbwGg6UbVzK^0&mdbFgDj7`O@4 zSbO2k%61nukyyn?A%uVNkaLQp(9P)p;2C_=wQnQbdr2wT@;fAXoMkZwoh02iJ}}IO zlXI_*DZ+6NSb4>w0y2+5H@IB`?~(P0ZiE?W2JzGwvxzzP?=(0j-Zi>Ku#lT5HenkBy$i zluniU6Zz{z(GCij8~%JDLQQq3w+~t=jfy|aO9+xKf_BD`V~`_dX~jGx+rsDtt5|~G zXGC-;FuUOSdTtj$|w2H3a2I~EIZ>^cNx_65HLQO@{Xxgs^b zKC#~3iISX8?Af}5EO7AyMK~fj-H_=NBR_j$@dq6GGy~w|94x94)|5mNuP`;#CK$6U zRQvZ$P!Rn@@88#PkI@sdf8PWPMcIF^h%ftNt?Zs7j<{3L}N*_vzz??cM z@MNiSWCV1FHJ)jk_0KC&K{az8Pe~tIg2kgLzPQR>v<4|riYv15KQmY5GVjt5e!`T? z*kc?e85Jx9z%|2e#uQIbw6*K#qT zZ{>RF=s@KJHrOXk2u{!>xaA1U{yInCOCtMOgiovnvNO=C?yVIChn4BdXIL|`(s5j4 zVQBw5$@Cx054FnqM^L`^NiZ)Y*{fx|SH-FiUM)G8!Z(LQs-$kBO?orjwtv#S%fKmg zv&6!6%(ZsJAU84ev#V8% zclvg<97~t0rZ9yAu%15rxb_V1JGSqb<}1}bk1*3}{i z1cyHsr+-bDv(Pju8T#uF_~9g^*LcH*=QtV$IoFz$H4FH~wH!B;ee}XnnV8y()ecF-oK=FlZ3~BMMSt55Z>V^Ax`;LKNu&x}N@uN&5&jTM{C8-TV$dc-h z3%lM>xw>U1zE8x!l*5xq7P$?5p`q@T2ADAld^`mKsc1d};(XayW9_HCfo1oy(!zpa z{f;ETl@8yVz21|xJk!OFGAh128mB$ugWvM)4HU+~ca3on#r9Dc)i2zU{Rbq*U&G7y z5xpFNr^@-BmkriWQDOqVp_3xNL*1dz(rTz*4hauz>nO5(&?IL-lg1AX(Idsx|J4tjtUA zR_uZl)DkGqH+tp%F1bK_@2$Cqen9TQ=>>T#Fdvo-|PUCZvLC;;R2O#ww z3N!;h`1b^gbbn!f=&HpK{0K#EfWHFcf3$2o4vy;9MzCmuo3G~yLu1YuIStPD8M=cE z_`bgT8vlyQ==s;8z0Kr=VwxBLt@Ai2t+EBru{faR$GdB~i~c+`f-iWefOc@ksj`20 z-3s}PL7K#YOhNS*o~sjQ>KBWmaFn}pxFA;SiBjklsLQy+*!>3MbRXte_1ATZ&_&fN zhkk+jLiB|!*_oDEW9-i3ri?p<3)*@@c`#D?KH^2X2;3O^V4R;m7-sOMS1tFnWetvm zL)Kb|>Ie^U376doe|Odr9Bd*VV=d<*3WMi<9#mj4_9}PyygvPUWE^E`bGOW4aiw#HD~@_T-+XZ1=kCqRYFBg^Q)^ z0kg(F*u&HlEws9KgY~w4kz3jwL`P5({kN0VF3?ZA9#bZ;uesO7q}pB{jizf+&YS_Y zGn|80wO)CZ8!CpWqB|t8t2FzMwlssw*InYu_3uf?BuiEI&3`g?aHk8=EV-)A0`D#|Dxi z#VFW5^P}*kG6Kb}*sxi1n)ixFnQ$ zDGoVBFcNYB9?5tw{`CExI(q(Wj*3e-fUO8FKAJdwv!S9sVH^(_o`&HQ2uU^YzX~!f z^+RZg(qJbVgYaW47co6uP97|-7ecDgkrcDWUBDs1)w4XOlA(heqjKDSo{QlTXgt3Sbd$NS8E4xFot_i~nUNEKq zh1-Q&hUu|a2V=GqLH-YG z?QCr=jL}E&uMe?fg9e1ZS(g|F8)=b=G0HrwMz!%`N42Ebjm%R^>-4`-MQSD!Hi-`H zy5tRFkY{?C3Mw8<<(b)98b>cKB1%@No)L$Muf?khqlUk>bgZ-_z#`}^{Z)|sn=Kke zf$54jl_fZtL=66OB(&H`&aBg#jX2FEDDFcT`X^LHnj_ho_Z5}=XDbrIMCjc_&l-oe zU$4J$n%*~xer&Xq)oNn77yAJ(+<&VW=XN86e2c0#G3;%qaFHg?whs@Mq=hE!N~dvX zN{4aENf@=Fc9CklQbS2S{YC|)Ryh{5_*1Q<-H74^+kWZojUOhK=biC}bc`ccOwXubGn)OU7{q?*=saOlfs*+tz2wA>yIhPHz9eqV z{EJJF76Q^b>gupV5C1|c%3E#R+ArlWQEX^Ju~d_`zln4%{A;CCka?E^<{fvUTF=}P zJXXHbP^B`BFwyWf4bg19yP{r!d#%6RSi6Z==_G_x@$4<8V%win3v}OrzYw&ZaC&UE z-(?}HpZd|J<`GU*Z`j|dc;%%}Uy>T<@%40sXEf%v96aiMxjuze!9oLCuYS%D)%dC9 zjZ7X*+Yr^{8a#9P<4iAKs^IakRTY6mRKk;dhKUSGkVH+-@FK<9BGtwB=kOWISYW%} zUFmM)y&q%ju^*x5K#rlFA{NXIIXhNky-D_D#Y4) zMQis`^Z&5JfYj#C4y6%$ccDqFFwP6 zz!G@GWC4nn%E$K15|JqXw((<<`=BPtx&8JFjnw!}^`2AGN=fLg#xBA0zFN+rher31 z>>jwj(DG*{UazoW%1q=j+{^5aaZSKG5f$XB41JD87eS3znaHkq1}~7+zU7tNQZP{8 z#N3#@B^uy;-qP$JnIaKtNulAx=yt1ZShL+f-N0)W^CIU@ea|-pDj7nju&m+7rPT2; zTnMqy6Uf`uVJ1aO@D(0w$0z}`VC)NtiswgzNzDEWT;HGV%F?1sAo!)I?Uqkxd0@6L zqroP}N1*YfHJFO-UEm&F6Ct03CmmgwH~K+&>jM<;=eg!Q9YvLPHBh<_Fb^hoH<|4sw?8NyG1@E&G3?-SzI&YWej2RL#p24Qg8tN?vlTu|! z?O+lIC4fRpg1!N*H)l#PT1g(Q26c09zCxOwI|v`3oe%I8s)W9D;L5m$cwy<)+6|}q zX!nfHD!4hC1V~x=bU{tull~$G6oxRHG{w?#FjU!;-=OC8=pf9@kQ}xUj%IWrDZ&*# zT!uAC1EqDO>eN8pNI=01tf@Af-yRzI-}Ks>F=eyJrd}1vzj>vu$6^y?t&sFxolWia z4@I&4_;fqM}NZlVU>kgu|?3tGgtH_ zz+9;8V!Qn&#Td7iu!u`Sii)mcWx5yuX~D_PKsB*afh2>YFY%b7B_o8B)zBmKa(13? z^unI^CsBY2H6R&yp-Ty7f`4im4U<~cHL!(LO+2~7QD%8*hX|a=SjP`)Nbq7TG97vsT3ysHX zZd(#)n97G;-kS{m^!Tk9PhOe$P0@xgLu2kId*)PL>f6X!HA7{;@K>hTdt@Ag>qhO2 z3>-$iFB{R*E%}n;jK+VmACrkOOsu;$In~5gWTi1=s6{d7xqma)U3%#ulh=LVv9$|w zk-Y#BbD*9Rk`Df?*FFtHRSO;9L5`8}AQLQ2*q`}i=_GeI2gu9lHN|MhKtn6SpeZuA zs5a5M|E+;2Nf+6uRwg}4rMGmf$>xrgt3;>{ZzKUc(Cf7e!nLwrqap4qJ`@onLUaT+ ziv%-}$E}E1<$TE@s%L)npq1B=k?ai589c@c6LhE^0MUxLp6}%jB3w@CZi7zOnXva} zk?It`miwnKQWin>XK4iA)<7)g7% zX*>p!w40+l=Dq#cKf!#uexB5IuaY`@G-S&QEy9a@_=9SU0&l zIzn1juj#$|i~pD|^~6u8xsZ1?1twQMiS&L=Hivd4MugXRJe`h4s(3~2(d?j#k*K_Q zj+!1#!CT2AjsoX&3te&*vEtOXT3B=)gImT_CCRT5vQguwMe@Y1JvdN>BHmzi{=A^V zgw3l&E*}N57S2)?kF^D2-69h8-z{^%E(meX(nB|jC#fs;iRE27hzIzHSKp8j5tRyZ z9bqNK3jXG**M#gkP(dLC)Sv(Be|YP`u)Ko*sQR96`U(D>YF#aM4m;4}nM9k5!J+6$ z)A`4<&Hl04*{@?I%3gDi1R1skIbhi6Bd^#;1XelF&r>D~gHCs@kJCv1xc8iG!5XN1 z`=latV(f(9Vo7#(*|VLBKN>bFk^iJqSppt3G#`y%pZ)l zP`18Zg?((U_C)X!$#u~h2c)ngpSGk5QncJ{i?Zt5am;-hwEft5R&P}s83-DLQS3{0 zpM$=_wd;_r-1}CPORZeqXHaiL0@tB2}|zWcxP9XCRHQ=CN}R z!zk7he+-Z+j>i#aD(3in&mIR{n7cc%BISclMuTC$9Z*Bs!XR@IVaqSJPo(cR2&-09 zNazVQmmVOGxY7>2i6!JsUZec;S3dNdai2)EYquAgYq>#(5Ko7Xly={&3$KEko+ zuQ-UTW$uU_#(_hBdZD;5Xzye?D4%=>tbju2rMi4uPa}>9d2;{tmKJO}eiVQfeh-sv zUk$qvTmic8jFl7617)oGNFn5o9z{fzt)-op?zb1QtMK#Dz`7MrG?8l|+!#xD{x9|8 zJ>IriHid^+{)~|-d>-u!QKE)#EM)W% zN3TPv?0M?+XEFBmZmZuD50B<4q-1J?QgoELONTvlx*{jPPBN{~;raJ(3Q6Cec^_*vRWCoteuKwrz|E`Ktv=IDD(@TRBFl3_=1cvM59nn&I z(pvpg3gXs$j}okcOl0o738PndM>V6lFa#_ZBa!kJRg(8Gg`+!R%5P>?Jptq4J^Q(GF)&5a_Db1w42PdGNTT#;d<EMn~%9<=i+yk2TG#_pqI;0x>G}NZz zLutLmdmo;CXPa_fdn+(u;HovKPjA3|kL!8ehWbvK`F7pN_kY?t8=X_j{n*zg!A(ME z#&5e2blo>+JG*R{lkIsH>w%D_7*Fp6gn+m-Zb_wp51N$TuXvMrhsj{P>sF+v7}7;= zcK)Fv@h5(O+*qviy;VM^*Nq$EHAvwYq!2tlb&9RG#yc9!kBf>hm${>Hnqgk?83%kt zJOK};9=gU3SZA*?PJfXOYLpz2YaE66*mM&2NBRbm1`1t^PX*1B_0ajQYl! zWTCf#!f3Ph9UEXDM24{Ga|5S-+0%hik}QoKyD?-c0ZdK~<7VkmfzW`H%;`>+hwB63 zC3#|oH$vrN&pKEK({Ykysdg|oMFr#(ABdw%VN<_;`crD(0CP|@V9!$W7QD{d1AfPl zX)45r!U(sd*dv6vaOWm1#Z zoYKv265h+zqx(39LiKbuS$pshiJw?HP(|DYp8@TP|pPmg?wqX~#_~*um6TPaa!hZDw`B#r} zGxQyZevqrZm}`#OlR?UljX0-5B5d`2F1nSEgA{`0l~0@Oz@un(37wJ1pPCf9uPKjm zDRKZd^-pkUje|4uNNdut{z{{>F)HeM|5U~-M-(vnZAadsa%ak zbr;8U>xE2^Y_)E3|I@c{>zu;WH{&%H@j4B?;yJe=?L}iQ1&j+6l5^u9V%apK(Vt6b z0$&Ydi+-DMzu?c<8#^2KU1#YgjVL_SW%_XJ7+cix&ky%(0(cUX1)QwDlLlQYIK|Jy zi=_A}Lw)e^2UzLlWc%YeU#0wUiIIq15DsQ^I=Z7{VcSa~InMHTSkfP(ET0xVMvRWA zj>-bLq6sgPa7ocuq+*i(F1R`6kHdqU%ieE@0=uF&y}1DGavu=7CImhUgBBh`d4i*a zfDQ-6yS_UdqBM$0&v*B&b-^^QJ-`g8aAh@A&}xDS74rD}{&2H9S40R;Z0mCc2lOOX zQVc19^dL8Io6qO=g)2EYoPTimv@>bac;rqjx@%A1PV@K)iO9Jr=D7oyul!-1Au6=&>N0}4cJ%QMgz(FWIu zWFqLew~i-dS(p-aA+-^zGLc?7Y@|4Bt`qB9#gI$uDNXc}C|bOKF5j@1ymt5Sy}y;Y2xS0ZgJeeCh!jd~ z8B=*}WoflDWELaEIz+;AHmK!lP7*`hpD^q{3;s~x!Jx#Q#Ac=-_l0sC7za45Y=$0B zJyNqYk6`(UuJQd%vRPLMs=xOU-V9FKeLS^Y3`_+x?9W|MKbaU`p+5#Pmb-_BbNbI|A>ITkFimv3_gThHpY0ZU)zKdfaEZ6&cQ=PdUw#ICl%Sqm% zOzld$cTK4uUug6Ziw)nJksCO6lX1Hp>J))Knl7=RPK`fUzP=cUQG4C`7ce5sbF+}K zQzqQKpPp~+O~z6a-x6G}2Cn>EZQr&wuO=f4lZ_lRz;T?=eNP?ni~j!Lu6J}K--z{= za%T9><%qN*kSffwpSamUHrj`J*|*|vgZSuBXSg42{k%I0hA$-GsM9d#)Q{tDq8e~V za?+aPLnYe0oWK)?Oqo~Cro5lHKYTcZ8P9N}i&ewf+b2BP`@`@zfaumOkG$vw_yDgd z*VHi1&-ALGnO?|C{9lSWsTEAhUc+VdgU|u&0LAf^r3;q#JUR>ERtu${F?3_J-#^ww zDfl3J^|zRwvnLbe@E^JU3SjSj$@1t0iVhB?K(*P*#74=UAu~~~jpOhj zRj&gsWM14VI%YJOt5Iv0SwZlAc3-NaE<=xi`q2a#~L~mp^vaoCmkeZ zq{@)-VWMW=oOl|N0!k3%Epkj>eMgW_{U^P!>nkFzrNFa{Nm?Wx`wvtm=$HcIu|9#> zn0PT^CF&z2*#jPlVdp1#tJ+C#%S<)FHqv@;+(ggPy+eoI9!xT_$SK62f}1M!fHkB- z{9QV~zv*#17F~dzz-f8Zy&=kkf3qh~pqq3D3NH;e7!2&B3(^y?2@>eJqsz1)wgjT? zT2&-6@MjHN@uPh0NT;kE=+h?}L=USe5Z2$3`_8R@U2n+oxA3(4`+u6C7Z9Tq5=Xux zHJpN;$gaGU)+`c1o+lxrm;#XB=nZw-9_ur$-T7OBeY(y^Z<6TFWPn~2{Xf|BB7%)cD+8 zaa*m+AQ`P;r&taufqFTW|8HJ{t>XD7gK-{jn8WWyCqkV7p3LTDW zXFH1G8M9|lvIF1j>Yp7O-StnRmrxV>uD%Y-wc3iMmEhj{n)jIYm@1Tug*xEeegM&l zbIZ*C^p-w|;`vRb`)1>xT%R4BlY?ELl@CeIg~T`NRoPVrKE8k>5A4U*Hb<&P{v3p~ zSMn$u2->0U9$;=?_9Z@-$5U2wk76W{Oss|>D=`V2sNjTOPmTRQPJU!DC1qJ#og|3rzhq80YUY@vY6k0&(z^X{3dC9OJNwqwqF$Hmaw#%;}&| zAEcS?NsDTu8@|VC``Wr3L?IS#gGz571JJ;0mQcnYmWt#Z-c&^(A@BQ>2VNiMRVqe> z%)G&=o(}DVPwRidxC6~8TkSkcs6cQ%z^T+MQIhJF(X$ zLy@P)Wyb+Z;r_s1sKp`Ci3LKj-l-(M3#0W0=aN($iU0LPz_usR+%+2LB&fgwkACm` z^~dw*kHa*+56W&zJB>0l+^~NQK3E%(LW5}!yBFu zMp0|2>1iJ^Z>~#+qj<7Wt!WwRtE#%&cO<50a&dB#JgO-cIbQK^Ze zR>T!TpdF^wEUnsHQ1y5;S>d!vJzR4GVwlrZuG+b!XI8-2KVvt@R6ku+Z{3CBjweH{Q-nL}_B0Iw4<@vVY=Q8mShlH!*b8I`%mWmxLzZ4`hf)tG~U-^??#KAY!k9 zgl?tmci$(*0a9n0a8jS(4g2vNte;rt zmkX7}DVPkn*WzQLgAn+_k@}gPq>dKGE*Lf9`yPkOD3l^8%8w7vnYFhLl^BUPPGTb^&*>Ry2u>W#3u#m;PeW9Q?u8)-WZAGOOH|2f&e(@6 z={pI$|K2<*+tEX0e5R!4lsjPWwb^Y-*SM`<4>>d{9)O7=^It)=ZR0b)O~phWGIPrN zAa19U{r1Ds2cLA<`2SWSHAGall01LsC*kAOd5~xnS|VV*R+u005n^4VAbK@SD8gyJ zjvvC_obcN0*6Qg5N%6}df3+7o=juA)>=FCH5mBel_!5Q`RC&mc00m@gxv?>&NERW@ zM2>)guaCWxNDMBAwmd))(JC=(jNf@oBSX8M3&eS4i5#Izne>C+l>!^;uB^6ct+Y#j=BZRnBzHxTfYrpSkSn0y!=P|HHs~cGF?-Q zLUGdUelH9ImD@g;(wJ9)EOcMvFtJKD(kNw@BeO;x)Ed^@aXJBs@9b`{-#atv@a6Ip zitTEyLyUKEckrM|(A0a`)xx1Grr$!ZeVBB814?nlv8e9xb$7knbjys4e9N{47vt&l zR0x@%)c0t??~C%@RLV1}PjW1%@Vc(*KjTH>xJ8Ti4_+wgJwMp9 zkaCm!KPk023H}DM@D?Mvy*fr?%%pvwRXW>-MJ1kXUHhZ{?RsE>ybP_`>fA?yxZlh? z?{HsCeew}2P-fo6VbnnrI6cDWjQx_Z)=nt>xKQO1X2hs?1wukuQbo3GVJIqNs^GOV z?5NJzB(l6NU!aosP@*^AJ{lpY%j0|4291az;`1j{gtLBg><*L_74 zCX0%TJGa2-PZh>y-VH#dS`s+mT8r}(U~=P`Q4y=9MupcgF_sm(|5i6MQQmiir$Fi- zMsdrfL&@_lQ`p!R-j{?fFZrdu zCYws3!D zcsojNMM7H3kp$0q4B@Az&|XcCfxqP&ga4Lq{M!UUP3br8FGi1ksl>47r!$x$)j-=q zJwH)q$c^AOBo)MFve49qJ@qfWNQJ-kBJVXwJ|SLU4aWtf_ z=)M)yyJnakYoU7Hks(2{wMJ5%9iQiB+#rMU>ftw4ZPY6X~^+K5K z4pQ3U- z=gSr%<%w_pyiw8@Td*M9te5d&We}4Gc9x{FjF-B{W!3%teiHmfX&3Ub=0yMP`*kUa zyg`}usi2N28z&2fD&g7n_l%)rm7sM}P|Pg&9J;boY(v)WY7c&^b{G#jOVT&1wYS<$g*x%X&{^FDM$iYEU66-Vte#;`>(Cim zOWvNMc_8Nt9XmIjs%93<*EYUSn%ve{ag*E_P|QkEPBYm1zfDtJHLJsGp|+m24Lj7T z<2vg8(NM-t5H4_B>++ZWnZ+e=QUj^6)AEj!@_P0yK&j#nErIQF2n7pJfdnE5pGhEG z$cKLLpaEcl6A(9kK?@%hIVUWC4mvxRMPv&4L*OEMZXks0nlxD2?1c>6g8JW<0;ZycqKqA)dN7CmVVD0#-B!gL_D6KPs-xZp=w^tP1kWmyj zq_<9-bbI9HT>+yW#QH$-baNMaD6U7t1Rk4u0<2RCZMeWUNiT_nmq*125no@tG8Bkw z#zBmx0h%P!2#ev?O76;KaSwX2vr}&Gf?7;Tq5X*){#^%e`8}pZca~X-LE@#06e^T# z-%MZ}4JA#^&ZrQQD#Mb_C&7`%ljq1(NqQe0_-7jRRlkq1n+2k?zmf=RKc`*_O2PdT=*^qX#cQ zT5VJ@aalg*$d^U-UIQn;ja&DRVFhTML#8__J>qKb_a@M`M*+;1AJ+|HtFK$j>PG(j zi-+NU+t~}?!Zqg_6Cr+r#^5k8ffp9aVhQYJu!mdae*Qv0OG-x!5<%X=6no=lSZCX+ zOCj}aOAZH*+2iRzrRxCHR1T$brebn;@J*jkZo?vbpj^q`w9Fe0il7dvvziHOl;ROs zjWMZ$Ag9*`zn*_Y3L3Yg1QlWl&u2oM%m+J?VS6VT6&=NeiUSi`San;=Wwba%8 zXqas+heV&pF|!j^Z$J-lWzYH4zRTiLNTrNqWJ~wPOc?LGGy(0 z{AK_idDZWA7)%D^I#6>jk3#u}<=d+RVErilt!~(P1-)bsT;52hnDK8_uFx ze)g(z)*V60qOe&ef$=Sv6rvl&ufLKI^^$*^0qbYg%nF|I#D5}{xE=Zl#efs%`Hg)D z3ic9p5#RHGkzQZb+n{dacSd*hRR&-0D*Wn3A6*76DzoVI-Jah9?hD4JlPY6b+bjI9 zk#Fz7SV?r`NgY@Z1GA-a1FQOXQ&6HUAj6u+nbZOgGuy;*S2}%EKFmmTqam!p1bV84 zDm1nMRd0eLs%G?Hx;*e8QXlK6i`^q|zEZN(@Pcc$ZfU0vFaeb}?5Dx#0Xlwpwe1qA z{Jf3tb@Thh*%ak?g{5ck9Yx)#Rd7H_k--0Yza#I60DT@Rt(s5P|G2#A3+oMj@o{R9$Ff3C|AvkRJ&?!9VA3-fnj3>Y z$ss+D&9K@pN(Gf^Gnq{Z$`HMmzt_k{H)&IoVhJaw;CtoL6vEmKXXHCVrN9bW#KaFm zL4a&fxzwHVM3bs3K~dM@RxVWW(}JAw>{>_2a+uTnUY>X;N$I1L%@=1MkCjAw-wTxbAT z&sAe92viCdu*}GEJj(N~ob6v1%5%+lmrnuU~ zZNmGdUhS*X)4I5j=-B_k-g`$y^)+pxDmg148CoR?ND|4RB`Z;Kl#Jw@5omG_B2fWb zl0*rTgEYAjkRUloYLFz7p&PpUO#6GkZ_Rt}T6fLdd;gi4_5I1&;hf&PYE!$ao~Nk$ zL0PA#u-s$Ilk3A5G>A+*dRfo!-|;>k_k2%m0`^7_o*ro}p5U~@wWRT1y&djQs`tzz zNBxBsAAvnU70QU0)xzCTj)aWCpg2N#%4(As_!Bn>GrDn_rubN%aPb)&&<){3#49p& zFSkh$N@%;Vy`XYu4QXj*ak=J01Hc*N>RQkG8LaCFd{Kkvp2W0EHQ#gk`)h!X>qE^u z9c2z+vc&kr@_2&Vckb4G{E$`jB)#%skNDfSp)F#_z5?2XR3d^3imyB?zo1#+oWqDccDCBHJAI-cGjQ%S~X4(HjFbQRn z4M06}`54xQ?sH*W(TpJ@usm}N;dk9@{`kQ`m`D4T+b`AXPVMkp#i4io@JD0Rhclj< zT?l#|y%Z+V7hyin+rc z+Y`&|aZ7c>A-37QO_rOn4F3;@@=-mRrtt(`m=^uyj|Rgr))KqIZ={R4A5%9s59dEh zSANGH9dffdEG1S|6Go}Nq~NP*e0)WEH}x;b6$MPuyOG{cYWBeEn^yt3@A5nuYkV;;8EYKcKlwNpz! zS(-lam^iAkQV&^*5(~{dJO#pBEiW^qytTXpV)TFAvNoav{FtBgizkUi&deHe>A> zhifuxA*d_pA>;&O)CG)Qt_I$$2&Sm$^lpv2hr%ZPfytqewyhh9d{#RXg~%IC_gQA@ zMH=VbuaVpqt(1Dn=WicDirUMkB)h@*D5KOuZ8aO+gtrv+;uhkBW77M+@4?{*0a#}9 z2@hhtHpArwPB{tAP^-yL=H(r9So;Hl3$CmeS*`Vi0W)aW3EBtggp;CWLrWjckQ=My z*(UC7LC(PFJCXH-inMN;jI!=g6L9YjoOd+t8m;h%X0P z9o+*tFR@inz@rOG-R#ntkWx>-F6x=rV2d zQV@MI>Q~)OEt^NWFt(PAZv8}muqgI)5vYOvQfsZdWDLO?^(Ih+u}6i_ZD?bY4#1~q zbs;0HP7?-P3d}VF1|v8`k7ekwa;wb?%fLUokUpCv;BME|hPni0X|ft{to4GP`u!wSbY?JC%4`7 z=f=Q?DJ9PEQLN&QI^GW9LyE>?NvtqK>G}u?{w?d;k_}P^$qcxoK`EALdWwu<*9fwk zcmrRR!8+rsWpG$RPR@yF*e!8R$@3PE)vo0!senJ#vI1!^*!uoBTp}G8xe{V{yoniYWH zSCOw9Y}yq2$02_tgULLbRfq@(y><&^1*f0wjR z89qDVIrSasI5VDx+^y6*rU);ChENBe$$?DWVKmpr*j@3tE1ASaH5w@@%)Uk7QN;C{ zz4>Nf4*`92-r;Kox?F9xMjX*FvrsEAfHdqWFsDboWyd#$^{9BdLvPkGb?H21-uEhF zDAND)d#YodnYwjI%yb?c;U!H|5S&?Sb~PI$M+_1T&wYCrmcaO#Z=l)fVh^!8>}6^im*TpPVBZnb~R|9Kg4I_fjOYC z(!53(!}@j7i)}DwrSYTNNgq{@uen{wzFR=_-|}Y(kV)YC+)Ik>jdn`fH?o%tpx_Pe z8oTRVl=xMmypYY%Q^(N2*AiDqtsjQV*QbY=@$PdOwgTjh_;TF( z>(k$;`o6(I6e-6kZ&v8fVwCr0iuWc}gMd5~Lc`)kfgJxu|K_(N9KUeyg7Kd|s?{iY z%#kMjqpuHeBoIlV?1xK-7-+y?MQ0636Aqf*f@6MEHFN_HB#24Y6=KS1fc*rQX8imZR1&Hb?Yjej7W z>Nv$g-up3^tIW;(Rn9;jK0;BxreK;F8kVYg{kt3nyashT!sRATJuFHNe$_U525U|d7sJyQsoL9_%;CYtXT~~c_XG2pVqDd3h z|C;Ro#hP(R`3=)LE;d%&o9=##+X#cw%6k>M6_F{4^550Se%+I*vb~#E8CjxMN-D;S z+b{mysGaIm1J_E@x4c=r^W_ZF)s0q^MGaDh^%cC&D)lR^ifvvr{D_o{AKNn?_*8k1 z;76G@XlE4$R$LtCmdfUEgDIc-S*BUTO ztZz8hgX!sct*v2@0eV$Jy)>_T*}DyWmFkMJd-cp8lEz&9KTeiD2F!2zu3O>Ylc zCV3F$D^t~tV5Sr;Oyh$$o5Xw6_-cn!<}UOK6p79TEaNPP*Lxh>w517XucXmCwuQFa z8Ix*Mfm_y?773>Y_!vL#!XT#{%9^Yb;ONso8M0%}$cE!~q*{RpYN0#viJINX(hv`( zT2_5!VNR3P1I=}8T92j&T7sd6>y60cl4PPOF}9y086TMmhZ zEi<&E1hVlqaq{MqG)uhy`r#b=zpLM0SfSe`KJ;7buw6>>IWkv9Qc z{WB4wa~8~lKmDPZ{KsIIUym4qP*3xp1Tu=P7V(5-yGUcrnG6~=i&H$Q9i-0b7=$*Q z9hZIiNMd~+s4|Sh-Vd$!ygrP@Y!HkAtVa}|POm8kW5#yNJ>w(?w@K2R#A@8UfUg1F z_wrw$4m%Ey>i2rj;rX7_=%a%GA#`E{t$RL$%Z<6^WEvmNxpsa4B71a^bVl3qhGvIu)*R7_mLt~G~ z)Tta(D}P#v$H%X%nVF)e;*?-%KvE)A_d|DDX+gq1v$BDj_uqP(ZWtN-`(%67(WL*@ zI~!?`^>33^Nb&t|{pzApk5##eTBwXCTfl*Y<6N`i5M4dm>h4IP&UUkRl{ z<%=Rg3Ps^%^aPhL-YJDL#cQ+eqB9skrW^CUF}*#As5vZs0gym+w}8MkF*;&)d9TcT$j_tJkrT(u^y;q@AR)G2KGtvZhCt2P1_2#MU!_~COj zhkf}mln6Zla{<<{p;q&6)H$=Gf8nKJTO-$io{I6O7#KRs_IW(~lSX7}9Oyw@Y$6_& zByIb}&P!43;o9ap*nc4vbBJt#A^QGAoFy~2Ji%fFWr&vKl3#)*u3qfSA|A=y3Vy+| zkwy)=&sQQbgBS-si@%KX$erjf=ue8=EglsEiG>k9z8CHA+N8-ABLg!#;6)R3rKo(t_4A%tTna~bL#yQh5KSHXmH>vY~4&*&|5aM zR{GCXz^S0$3=0q%u*9|!dP*Uq`wbZT`MO8mE$zi+c>$iF%;h6oMGQgnhZyiD?$}fx zD4r>I%4qLbcL-<+I9Lxm5j@ zhsBC@iJxP}LLiW~cD zEAe$%jh%R$i(K;`tIe2@-2J!S{Kr+i|2CPfpP>T5zx7r}SE~KnWcmeJ|HD`F2-T!p z6VN`*Y!+%qP~?2km@Il0`!3UYfbQ~@{a^|4v%UL%7vt$;$1VCpDDIz}2eQ08elLgX z|29(NFF1~11TVp(F)~7Eh3;uR)NVQ!p-_7SRx7 zQ$|y$?toTymjiMa-|w@$uhV-u1|fNNj)hoN843}=0BtXpfP*H9^hxq0M|6k=yNBT` zjl>&#+G2~9*V^h;CHiXg|9y6>F}5sJilT-olvCTaCWQ*Uh+twoy8&fm@peH)@XKz} z#>gD0eE0+Qw0(C?aY8OHJKQWJ&WlS{nF*J9PcqlmcSmTqki?u1>-av~btdUe<{=3OjT9KDW^!uACnA&6-hJ&;N{J*SzqjAv8_Y&)t z6X&h|zSI6s3$%A*Jfs_Ynpo-j$8|#SS<@u&R{~EB*ra9$#Z7D4cHLcoR+pN{q_N!u z`-)CiGchO1f{x2*0y^^>?j6U346-5dC{Pf;oE6-U=7|ad{xZcwCjS+-W8IA88nHwY zBA~Vb!OT}7<;7SvzAEqaC~9|g_XrFEi4i#`4govy&3%@ameUYoxE7?X7W-{X>TG8m z=qEuAj?^Ou$>InC{I;Lcqc?xxg1CuLwCU|np(pnTOGUfh9Wl)c5v`u}SYmC>(WtU7 z=6qX3C%%6=0Xh1!SQixv2iP_1GM(0L5FINeyvX$W9DR+>6ZPQ&C50>|RIT|v-8p!d z<&}=2S_K5p{>-p`(h6pv3jY#8MUF56%^gb+mTUVCXiKF#EHbTK(XrRG-TVdhxS7o( z9=L&5`WPrF@oxs7-7sIq3JXk8tdcGOYhu-9EhfW@f_^c%_q^x3vFrKk$CLGIs6%l( z{I2tQJREZuIl5#f#`C)Ydz+R!k=AYK87utzIxZC4-Sw3KM9g6)vf`VLqgL_hZU_*|qy_@*h z6MHnop7wM<%1m)Cqr+R;mwrqlZh8#H^o}?3p_?#v7{@02fbo@XN{`?%6p;5|iH1&RJK~#o5$jokh-+Z{X-}UTMX(-pCkg`RLXg$g(MpoE7&pWM_r8= zv2^)nT7uCr&<5K4HH3!dQDBbK>_vEcpnvS3e5 z0@v{XBnk9$i{l&Qq5suF9Z0TwaLD`h_L@WZ#cC*b;C0HJ37h|n#C)}m?S=L+jC|F! z&3kj}7w{n=t?zBCz_X?cXiA1i%THgtnX!HA<>T-(<=$&#TJJcBqT7$Z9JBPNPQ=`I z;lT#H(&oIKkP(F1tG3dr7NTxWltD3x4(l2fccBKBRdil7KZ{9aT=t!3(I_2{Com*XKo-Z*3o z$On8`$;}v`CMqA`^Nt4k3XIu~&tCAW&@L%-u1gi z3iGro>6Tm>IKTL>N&fF^QaRBTdL<9ThN8mG`^UHy9D>>V+)O_ha4{g>Y*jy)snx|f zX=!;fay5mx2y&h!>ciA1DsSkOXxNDL-Zy-GRN}JO{Ui~ zo*~3?FO#}^kQLCevit~wU)}iTtHnzstZ(3P9Xqw>)~Zi){x}$4OHvwpZ{Puu!pQEh ztt_KhciHiX7&?pjJ?SzB@z$-_{ds`brTV7$%5gY8ei{jI9PwN!f?f&iI9{M5=q61F z-uAVNqd^%H|3-ixb*9T7c+}&#_rBc=KE1iWsrFq~L|1E3+lyJ!_x9jc?;4c!=AgZ% z1#z&wIZ@PxH^tzVSu$BDSMnm{sPJHo15NuD3@nEEKd*}fMg*|j=8}kO`#GSmAW6$xLM#zDR$VXY?~iN6 zy#DhQGCmH^*?iLkTQ*Tq(p3i_Z*J=T2)kN&|4vYfS4&-B}ud6{B)_w zE%Z1B2#~>sMtInn%U&?G?(~wOB7CoHr4eOW7i-7iAW`oy8dW~MiTJcM+Mw><+H>|S zcq=mXrkqfduu=z^F1R`UeGR>c!}rKn6m!{EFBX7A9rW)YTl6ak=Bo9LkfD+vh8l~@ zU}HjVGoA%;Ew}1!>>ZVr3$Xfgy0$y9ORDIcZvEb`g+(9at!=CYTI@Q+Oskm+Mckj) zatC9tz6zK~$oUmoV1k9PVUq+5^c&!IHbf4R*crhDV*c-IobUXbH2DhwQ3Zf)M zn&wbth!RCvvbm3~=Y#tT5Jj1>JGLG+T?~-7X_DxtA>FcBp|(09>NZcFthU=bp@}YG z_$uad;Y(8?RoR}qb(43oPO@?07OyE*Z5Hm()wBp*eI~OEjq!47_j0-}z2&QM@G)iS z2@zdI%fn=t`bIBTDt(hyv-3fVty0Lyfq%GMl*%)-m!&IM@KwZJlh60F^}Dx0U+;Uz z=e@CFu>Ez!3_5dqBqbx~&mjj4T1ZmQO?00>pGf-v+%cN88>EZRe~oRCwGs@(ww2ZY zkn{|hn>uPR_~O{n3>m9lIO?}e+gRiWZMzvc6t`iGx3!k0+up51=WbejS6%>kf-urF(08$1Uqc z#}xJ0#Y-UQJMiV=G`^3!=@lT@c|?9D_mvra^s{B6#LKqz&((h6fEd5ksDY6+ABP@N zpWY^V(9V{;W%&!=Gn@5j6l)sr9#Zf3{B)|BP>(u80ivaz^ZdTMqYY(1R~nrZ9o4B>QS2e{WYqe7vYCYI8 zrAbd2`|T}~469B^PVnA!;sP3#al2(LavtAt!jlH)kf*yCP}TBq5_)TJ7mIhB@TK?7 zWEL@r@EcqjC@KMCtWou2Hvs7ZUt465y#dp|i^bOBMIGmyrsTN|z~OhJf9ZS^E{;_I zCzG-E#xlFzDjxiq7~%?WgTiifxUG_Z_xWg>qjw~t2B*&CHVD4l8OBy@jFnw<5B#|9 zZ4nU?AU?wGF7wx)>9TC6h`ZQr`&lf3U5`qI&c3M6&vE5>L?r31J{3UaCLVD2b#AUI zUarRNzhsGNibf)Y^%~5Y+~Pb&CQP|n(`gpxx$e4P3ts%(60z#|`n9dG0eB7*CD_ym9*cE)(bpvjc(m2!x#c|F73W$V9iV1LX8F+(iEuqG1BtB$6gUF~(_a@S7}SH2bo zo&Nd@Z$F6#c$|HfSjLQPTkCQpw9oPb6=U*nB7A@o;S7u|e#jGVv~ZOV_PG|a-&0m? z{y&=fBm}q6rzmdA>@QYa5ejbS>qc+bJhC!{l%I@n#(W(<%`!-AdZqEmK&io8cfLvn zNEI=;*sPZKBz`s2PglHuJn`R+;Wp&!xlg^vTcU-6mw%xtpPWHd*+{gA3^D zRc@$d6{j4Nyfilk(cAy=SMm5rG=3Jqg|QwZzq5(TX{eqWy2oFwK-rZ+{_O8P(~m~J>-yGyC(oSvU}+1^=DVYCNSO34G)C>XU7wp zm_fx}({=w*2tHC1_LL^{<^NrJS+X%_J zZ?EzcGkz^~|E<0PG0B&UiHT9XzJ3`(X)bD$D+5*byR`Tkgd>ZMI7X}uv7>HtNorI? zqLw_^s2uWxsloY0!7a{hvS*B*1h9o3d(W7&B@d=FGKs0pTTW-4H$bN~uYZqF@C^cT z=In*iHCa!0wz4hnxI=|ZJR4PkfS+MxXEKan^%w*9I5L>!JVdCa*x^#ZbMCYFW5*WR zOKZ@owYhr-iZB{3#(HSI-lag;Lk{JMXLdtD%@X*8bOoY8qmi$&)!>eANzvasC z@}ADbQ=iMewj_RywgtP=b-jytJTrd&Lb<6=x|_2HPcD zQ+7<)0-L$-hKs_EZCrdwt1IsNB=u@6pFnj@N<{D|kK;y4UQ4)q-%$#o>l-UiZF2Vk ztdT3&_BJ0pc5B-kO9HD=ud#Jwv*VwX7wEvpXBX1cd64+kwRPvQ_r7% z5^c}?5RlIUb~aca@B#Nd-=^`gQ+P73;aSaQdTCFNqy+ ztT(5YsXYlvF7d``TJby!VAE(UK=Q#TNKQpp5~m0{zd>NE1j$%m0E44#AA6a|4*|PD zCYtq8gQ*N1H?>kn-UKcF;}hnZ$An^o^iR9qf3R}a<5kvs?(6&wyBokSpfJdUz>5tL zmF=1Sq@Vcd?auUD1QY>19Y4Qqn{v!bh;j~&tkA5W)#RM4;Jkz_1Kxm-Y`?K>NSyrt zWip&I8rNt}B|OWpYW=466L;=nrrM-Fb%CijaJ_W}3KiH1M*kjOaDaY?CQBmB(OuXp z<_(h`k#6m7;l-g7R5$q27#t^88kH8=Cob=M5GjeYDxeejbgHO*zf=N~BEej!viXZRE6lMuC?L4Lznde7O_Q+$Bggf$t-eWl zo*fq)@n_L&l@AelolamK>OwkZfoJFzsZCF`Xqak#vXy`m5D z)|}tRXOqpCF-X)Wq~t^A{huvA$$>D^xtF;qoXB|v^l_)_WGfFjV+u^J%tt>SfF0B5 ztFkVVo>K#H9|GCHy9OZ6;M-uL@$czJx3%Ucyja5YiFW2InAv#*w2Q&LtWjR+q7p*+ z_o<#>r^PDcw1W~LQblb|km;iyp&P5u?r?PXX@A8h6Z|5So!5e_0zk)lnznHAICViu zP!;vKZy?|2PNvSwKTEohAs9`^dH8|-xSyo2){7yxhE*)YO zpWD6s@NeL3S?s*_7?cVj!g@+KendMSOI(lHdjx_)-C^$%I-aPlI{_3DarOZX-B znsT2?68%h~e#t51!#CUoQ|b^Ja&iZaAk#rwqYc(KLUKPF~_}9Ny1%yXr613 zmfh%}WB*OjRQZ`mTHEXgzTG4j{qd1MLq3Xc3sAZact0nYtU%~0UDW0{QtD9WvjF*! z`Q0NB29tdaWmeh<=T_Sn9}M*DEsOu_`;BvN?ak&OB1K*0z@akOU;9*)1gNX3D2_?H zkG?kYhe`Ny$~f2X;ri9}R*vOq-`9pQDZJSpl4Ozbj(G0JJH5~6v`nbNrAV4%L5YJj zhsuLR&nvhnYm0mAbre;W-P^FH=J74k0{r1=kL^=$HbtzHq}(VmC!cc)dS4w}6C1#{ zenlg`DxHoQ>-Atx>2Rh!lLTBFop898xb|&}5T5GBy~>G(eUc*~xsq*vNdQAg75BOM z=Z6tLiQiTsFEl-PM%Rf}#D7Ln`Rp!y77Le!U%V+lFjTYeU<;s?@daS5Y|f-nZ(I|h z6wb3Y(qX6e-`3uTC9%DYFu=8p3+<(~l?#GQP6iXMwzd<}-(^4_hl*J;CO~acc3zd~oPRQ;)Vfw}fh6o(3YO>;8-CZ??Wc~eX825_03CeG z)sJ>rs=;HKYmx?OnP4GF9+ZAP-`Emk2BDNu-d?mdwqKCCjmE9UjhL1c7$w+fHYF{a zZ7uEVmWA=_pXcibEh~{p;|By8+_Lcp@NZ4H;ITB9Mg#$!=^IQ2X4&HBdIh%-h=EzgGQ9C39Kj9a|X%x>T2UZxd5c!A`!lXt{np^NFJel@}71|={@6} zd6Sj32_#s~o;sP~@x+NG0=5!syxO|-(f#FbVr!o`_Iib{Y2fFJVNl4aH@4zIO;W)N zcXZ?N_UAdv7`8IsSQ81xK;(K{&u&=(B@PA6v+PY4xQy3^fSC<=dbx9lZ%w-zp9KCztc|2Z7Vl4 zDPJ|aWA|U5_`ljJCTIb_`0|HZNrEqWafrv+7!hEBXciuqeMK*3jZ7ee-MkOO&k+?m zy3fhVE{m_I(ArI^O2w95tm)P}9bx9t&K3-v&2sKv%~pSn>=DCjjnAqys+H5KbGI0iBRm|U+3y35as&3Q zxuVv@N@OWidk|ss7#Hn8AdYqBPHM3qS>43Ib^*bhh3JE6yw)%UL5cE%bzGRd2{JqS z&XcbBR4c?s!B(EKeBeyN7$exV`J+ywn|>qpu*UL0)P45W_Y z3UIWE9V2S%06s{27L^wx9XM*3dtKfyYY@>ti5_g&!UfPox}v5!{QI??e+p9Gme*Xk zyk{OzME@E5_7^VELo?QPkxl7gwcZ#wbmg~tvgG|XOe>g`esyL0M*n)xS7fh`=aVi; zMI6Lp=U>nX23c3ADs?|^E_}g~d_eE?i42{d!Z|9j)7HyKg zPzq~MNv)t<_WbVH`Y}MTapF^{Qu}(%wRO|XtP1p$4i`G!jW1Dif(^nJQ9v7FT-pOh zDck;mcok8$m+A`P$oJoKn!qvZwPG%oKHL9LfaNp~%ele&EjM_#hi&n2XVTMuJChb* zDzYlQs!6CPcK<7#U!8otG>qO6WtEMmpU#8lMmtE6H;f16#V0fP^rPRs@He;5!5~Tt z`f?E3ElHhi=G3zX1^n9}!YD-gKe&MH=s&gv57S^VxzFs-a(|%!+?J5t$8Qh8Cm7W( zV8bP<15W#Q%qql2NP_LuA3#xr&Hft9^L$XON)_f)co~C1(&&Y(DnOkd#8&o7@zCsE z#7LkTX|xpIyfcp_YB@`I*t5PeeEWlnNTYRxU>BNYk*$tCY;l`at|_c#fzC`pB*f|~ zNlioD)q9tXCDM`627q7On6;`XN5 z>PAvXQM`>j)T#Y!!)JlsDBL5`^Xa5vGb@Bz>nTeRxs44P90JIO>Dg@HUG~HUhE!F5 zA+32=kN5k_wFRyeZJrq#xE@;)a-Ap@TJP#u|59kw%Z0ok(w3oJ)b_ZU%q-GADhpb4 zcBvs?7xsr>_NnOrCr~JHhx;79OQkK%i?2rqv9gz+TBA=bys?mel7g1iqE?NlyN2DZ z)$L4Ir9Kg_NpHIiiHsChL_u}iiRgd1r?pGT$oni|(uSf9ZhYql95)<(L{ast9h;{z zLZm++Vp*sTfvg3z_xTy63^GbOlXnLr zaapphJ7NRoOG@bcg@(0m*??Ga%hxHZ(LB-sq|YZvOiOpVLNUYmhOG)^47T;5v{4Lb z?_-Ol7Wf)kH-{xEHsLaC1VWFu99q|2YX{=b-Fhb+D)qbm5IeEIoK(RiM>h<-Yj~wF zMKLD^a2Esa6~X$>rwP?~N;j%rWi6*wZU8oY19q z7oF6Q3)ml*C2+bygn^ZT7Ei5x?^_|#7`~l}bz_OG%#1=DLxbmBK|oyon^!ppr5N9< zhh;pGt=1vBhP0glVuW9kx2QwQqp5O{duA7Dg};urklW}HOqwdGcsB9=#n^=zBV?JG zF(yJl()de|GK2Tm;lz&h`QL-l&iSreq#6YMd|x1J-l5MPg-BxkCBGmUGEUPJ*Eg(# z^sIRAS>SZ%4OZOkh6xT4w4ofPTnElkG#tI^2g{qrzCqGJzggdVXkxn#N|3rW}8d z^GE&~Y-fJbO#laOHM|;&r2+?1fx^KzsStRZ*N6Q?^JjVi%d;;%@X(K@UK(pHg2_M+ zz`|QPfwxv`0)MS)Z z$jKgSdr8-Qx1Ojxx2{`@Bzu1S69p1E@!kno4+?Bt@7!1yb?*{o@tXFMcs_As4`KGW z;pj8{`@kUFOV;dqF*tBvz!CF9U+nI|dl&b1nvp5RoxS6-z=AlaelTh)=c8F#gLQ_c z(-$s|J8`6ZRri4_iwWi$M$!DV47NBbHeteM*Y>7<7AiY;EJO_}i>!U^iAfYVV%56m z+Pd&ch#D+t?;w&7sXUxapz0w}Z5fE4G*KpqI6{jr`|3G{&g;}6R{b*qi{BmTd(0uy z=pOxA73TJj@rSbrZV{U(UROA;=1e*i<=tkgI(PQyBVDva{c3h*}$tF=3QvkP;jzB9eWvGb#X zrn=)#u;*du<;G+Taw_8SzTJ;3x4XA%i9>s;s#E8+i_D1ZX1^KM{3CkTWo+MV+c-ZA z3c{hbitBZm!d%pF2SHP<$d5Ehchb(wo)b&gQh&(#vVB0RvC}$bl3J^$dZ@8Xb40Z^-G`IF z_1ZWtTfADB)SvW~@+Vn0Q#qVn&&Ol61plYIPMw|*-{S+PsS})OZ~pw|lH6?J7KKZ4 zWWj$-pN6yU)kxM8j>jBROu(~c%;yk2Y!!5R2Qy4}rb|N0uMGAl#7#i>tQ#dAY# zZ*Mh+Rx6G$&oU556Er-S`XI&+!kPJ5v~>rztfnh(Oy;h#v3`Fb-;(S?f$9d>WM^)~j#^mz2$dgLUeQkm1xW z#bBL;wNy68)4t%46Sc6-TBF8~qcXfEyTj_`i_U2jjXEn zD_wrTw;N`SIHDtmv8y|TX9LV>f+Co+DQ&ANx}{!WxL-uf{$%egu!Mx2&N2(R z9^F75E_rNh_cQgTcKjyH6LY?GI?2p#u<;K-Wq$isE9olTM;aqn;6c(fyfq|>E6gEW zOAu;V=ws!VJaXQ$3a_`btvfZPH8&Zm;KfRg{JIaU^bsu-NH<2|n4!qW+UlqT27gkg zAs{&r5CnZk=E=H+W23!DSVM&=7Dw}=)ata%fTT^U^2+#ZwT&w(*#w>)?3}b3ya3{9 z?0-tL;?Z~&9@2C`DL*d_GxO%#5d)>ytE2D0IE-dzq=!5|!N?;R%Pau<4g)E18r#!{-w=F`Z4?)nR=D+ z&jvOQ2APW;|E0~@7ikE`r>zEnfqN@ctpsiHXvMu#I5FT~ zr;8+(I?hrA2z=0|l_b3W6nRUaY(Qghr-zr$NhYd`;?|nCsl-HPW~TfNjQ$OAen!TM z*$YDA_qrxo5uf@cC#7z`!T1P0@y3O&D52Z;4R|+fZcdpOc~_D@;gkfP$k6HOZ(`w- zbrTH5@}!OBf>{QPj%wamr@$wTI7i-Jv-t!Wb*HYdhk=#j7XO~Qy#e8S>TRWcrKe+H z%2*YF5AiGj$1S>h-&sqra#;tYq)#|uYS{1He)R4zjF<#!)4lG8T2(LjnlhY1Y|;3H zrM4yiPoTN4W8*fwdOFp!dVN8}?73=SyM~@^=_5HAu~OPhp|vhbEK5ODWUi1Nb)jzh z^f9mv{8{pd{qR#N<|2l$i1z&E5Wt!bI3LWt!c3k5my1{&{GS;c;lc8`Yj97 zYzTW$;xroX9Gw}QcQQ#Q*~DY79<#vXjrKwJDXaU$mcNSE_0W@Bd{8D<>RKTrtvm+H zhe!gA9Sk#UMbqS|3C%;2A`Snv{K5ICwy;LO#ZXsqcM4(S%g=N~RYVJM+vZhGT%?D7 zKDcUvJiy|Br%V?M4j|*3^wV;%L#uh*C0)pG^JeE@e3_6j{fS_-8r$YxNt7MeJ3BHO z5c-8#Ba@*(sxv{OPHVR^9oI*+Po<{)-&A$s-7wo zXh0{nuKANWCIaHCMI?{f$ZPg{mO#arCu^BFQtqP$*_M?+*05L?jvBrbx!%nJA{n1i z!4C9E=j|X|i12Cgpr%ztX%5NuySv*M{yryw1skG0?*AMj2;Pm^zhDGe|rp9zGsFE(0s6wb)SKwdd3S&!?!IQ^9SV z!R+)=aY7J zpO~H7%H3q1&a$6O)sA-hdFy20oH|?F`)uhL96Bg|v?6`j-O~CjSk|1|R@r>IBMfsj z9S&B$M*Ysr2NlTH7azVhc#N>l!&T+B&wfeB7JPKy{F-2H{g|1{p$izfgrKnF0_|M^Lu&_` zPjX)`Ok~BXr9`l2T(5#~>9-zs6HdQqetXBd@2I`neZ+1)OT158DEIZ<8z_4^8IH`H zo$J-j0*vj`GkSIw#J^my3!ZvCtv8j7%kI@BYB;G@{tY+K)7-a&RKNCwzZpxf1?STH zkLTCIVDskz!_(h{f`;vOrYqFD0J1sGuQFR$`Ul}RQ9PG0JudACJTun#nEmc1L`}>q z%{-w)#J7TXc$ys{7=V8n=)As=p0LTItDF8Z(#wg7>sHBgO?8M>c^TrWj;Qq~XMt?5 zxe%WXeGoK^CXN!x2v1tQhR?2JzT`XAXmLF?mKS@Jc6SJm<2a`LsElVO7qk7ZyBHw> z6XmZ^^t+31adrD*Db_(Dd^4VZ^LQ%BEI0E!ViC+lSt_~c%d%fa3|+z# z)`|paV6Nf^U|_;gUzh%=bwT6=@8i;!W4OR1HW!hmVdvQEQ#m4FAo;DH(n8vBUw6;> zxq+5bHAn%UT(?R9v8UtOSPB$6~oU{{f-vvO>=aO)GNK;+Ol@~SI?GC z&%CY7-!vwwWv%+pA2QDu)s`(9`|d$J_9|Gzim7JgJlFbE^s)!xL@Dj_fV?~ zP~?zzDsVmC*`=FFVb+$oO=A~K{49g&(fiaJyMr0bC8P|de35GD56AE5P!pa?=R)vP*&;C2A-Bq<+gzR1qigk)r z?(9fbs{hiCk;;3o^uNMJBQUJ)7WYF)+LZ>3XQhkl2ZvHPB8$0jW{wShNJ->pr2)Es z9vd$gbHP{PMGTl9JNkUx!46Mmb6Ftdp2uPQDrJwaB(a>6JUUz0v^#69t!oS}8vp#e zJ67!=rD7^&cdfgf5DL%awK?*@KJjkI5O0(sT^-}fJR>|*!(sKC*K z$cs_xBteo;LW-!^Ja++jTv>8jgOHcJ)PmiENa6Lf6Nl0x^l2WQ;~MN$&@DVabLQ-l z;BP8f@G{?ZBsmlNkgANO4#p%B7 zBDK(Ny6W0dA7u=^W$-(Ctb5}CoecG^gktEo(?TCfUEFW+y7})PZ@z|ShI_b$w8fVY z5Rky-OPx~n^3!o_vscI|yCj z&u%JK>+_6MsbS2=h>(a{?Q9%AS0GYvt;Yuo5hOkGm zwfpb+-qN!3t*=f@PHWq~i(_A$>jK`1xiMkYf_#i!>jw%~*VZRIMM5Ux@LcnwyL}?d zR4qQdA=+!aC%zjnw{+x&HacmlDVsH4;#NlNy2T|jsY)fTTt(AKv_Oys^+k75t;qpE zp%hz{>&?|gI4&VEE!nHpb?XPw7e-JoFe(Gd60h_);`dAvm9ih9sacZe{b8;}Xnz$j>pj^X4R@ zJWGY^?-qPRr1?W9L~@MQn zQ|;R*c&VWXNJm> zGz-`w(T=sY*G{$tNwn{sa8|z>Bh25c3Y+b71crSF7 z)R#1^qw$Zq_e#Y?(EH6o9h)fn!-21#atalEnR;Q4Rin~C;0Sh;OJtPV6357s?Er)$ zJm`9pby9d1^bhmR?UlYiRFsZ{*5h^;zJr$WmV9 zI%~2Pps|~EUceD8*3Wk}Mj||Hdm^G=07~$|fsNwaVKj&}f0ZCyg-9l>WqI^PYmDI5K<6V0-sDU7P-ziqtTa$G6!r-GMd$5CfKfbj z8O{yz{MExs2N?Gu#2ZR$i(bIS3c7hTrE&7g^w z-&*wXaZ_>vRnMI46#l?f&9O7e5D7BzQ_G%h1~zBC}j{|(S}(myV|8gQxZ)A$}d z^rl58qEB1Y1#7SrMG^VGe$$_q;ZTokf3o&RPg)-`73=`!#l5$8jfHLCZR%W&h&CKC z>EiZWVvh9^126z{(8nj(4i>e+jf2V4cE$dn%Mg2|q)b63Y2i;YP9s4@sV2cPt}ieg zdC}QnwtQ#&U8t;g&P+2QE(c{fH**Oyyy2nSojxyGq?&>>K*FN=QIC?&U=3>?uMMjN zCUS3!v|UE!TV8jr&xr^<^}~Y{v>EEq+!yF_*1ccywxRg zo3OkO9nr452NyO^E1pMZ^57XwQ+8Y(zK-cfr(PiDbuI#RcYgsFeujS$17t>n4Wh+6PoZ1vkNr2tpMuU%&ir@nbi=9`_B1G8xl=TUvyy(;Kt z$#pwcm1xvl^>FcfsHhwXu2tVjSi{M;Xw=ed<*l|f+NTb=vEURI0gYP&Hw&~O>4!+j zA|!;1Y;vh}?I$>k4k4E#Dv*~5;}*$~a5VPY&8ZCE)O+>Ym1#R9b02ne36AxX$X71H zwgmu!vCN-J3FRx+tT$MkJj5K2lWJ+~<_zt)+Gf9#-j3hv+LV2KGCk8%Z=m;v_-WaHWe41qGBn&qzFEN*#v zS88q(liL3+?iA{RS$=mNw#|vhR+HiM(q%QeqWZZ(MMvx7O2zhD&3P*?_;wp@TU)kD ztWJko+kDnh?j){T$k?hV4{1P31pK8Fc<6+BOSFGFpYM{|4W&=&*|^HZJv^B*Hz;ym z+ZK$wA=lW)(BEzwtFo2!$xFQr;8O(a zn_?AHa+8{Q9AoG#`NjtX7Z?2E5~%lrv|CB}3cnm+V36|>k~{C=aG6LewkY2CX+7UN z1!sL43Ep@&U)*|lbdw)T;x>!<&$Nm7bldSQ0$s6Al$v67dK^tW82Aai9)e}}-0`Br zvRz+qIE@qASHHcbRP7pn|Hh9+qqIkqfdN+hv_05>X}h(=G%h9UN|Gvqtj&XUeVs~X zpl``wgi}~Ev=5hdgBh3yj!@lrv7Q8565t?+S?-H%g79rhUQ+$EyT5%gbvioJZdd~@ zZCcF)y>~iKbJ`pfhtM{;ITh=eVvTIx49-HT+^-5@Gr`$MLrRJk7toDGM*9+Sq1WWs zSv~KH*+o;|^Z}HewGY};gen!_Z#&!{K$IEo@yi+6Zc5%6risU==7+*0i99=FwwB$h z^B^}tGZD6d%T2I>cYCNj37*I;Pqgse;|(~if6m&!Hu8)@Gt4^0WKTOCc)dT4`|I@? z%iiyp56)zprsGgB@A=hEYx6D^?tf8xFr7!yUKF3V9LX2n_Nh1Vx!B>|+E+N9f9_UR zbPE6E5t=G$Z7jcL+q)&klR%Vg%{%a^2g^ewjm;oQl90k5+)i23XV;(9u^0p&WQ#-0 z@U11PoBnh3V=+~{Zw1zaXHAGX-DvX+BVRWCsm{)=8Q$ey6uC2MM?oXhn+G z$1+QOnv5zq^v?~!=F4O|3gsNA{=W7+VNx}l3>VmiJUq;7oD$n^XBa*o2t#$P3JBrW5Jz;xQ1 zALg%rEo{CaP8FJG-kYeQE5f|}tZ2C9h&?yw1Saryoj8t~hYr|*;)S>7LP$W8uv{u1 z>y7q4V*$4a6XWVI=Ai$O(~ewtzS+EQF>`6t50FQ&TnA(OXyyb>s!C0in%VNeaJJ0r zD6%s^OO=IOk2Q;^J%XaUH#%Mj8UIMga@xgq#*(Qh#5sA`Hz@|f_F@4=&HpJeK8B`a z?6jK+$dCDU>2(=T9dmJ&<8$H44(2G`1P-!q>~FZ_tnIB{y!R}rwwFGUt9n$!Ib5*G z>oE@|Iwat$wcWqq-6BdOO$B++T9AAFzZP2m6R7L|yHn~*>#%+bQGwd$XHgZyZBZ4} zT94+5IW?XPLl$c{M$&|GVAPfxEp%=;lVduC zp>(qCNm-1DJT2$bY|C_oLa4EG7$t*Q&t6CdqByuMLK~~jff)Q-``6n9NY-F z0~{Fl)`g2B?gk$S8r}%!ZW&aRO3HXB_s+ViyzB+OjP>&>;A%8Juj&r;uWGZx`2;B^ z#E@ST%3;aPSXbSsAh*7jjqSe%zTnFWL;O|rOShmaFp{H)mnI(|qv4P7EvmB(@V$AB zZ=+cyK7rx~XD^~?kZ(qq5`8!7ePTkI{>K-2pVl9=JY&J>V+6fafq#0bOffTXMj$u! zB!rLfB;?uIG-R-;!r70?4a0Znd|EOyeER0zaz1_bs;T*l_;Vrb9&yF7NWbgh&|Tn{ z|E~CNUo~!@oBieiN6#wu8p!VOjMWz(%SMA}qW^Ws?hih#m;St$6#K9}zu&^qLtm*7 zi_d|5KYv-DwOoir&${wbKD~Kx5FSM7gYuk0>L7P3dlY}@>LY({W$l=ewi{M{mJTjT zDP7qePpWPd|Ad3}-!?JDv)-1fpLcY?W!RjM_;!X%!)`=^wtCo64|g2uP|tkKcT-kD zGh%cl*F!U?_b+wSR&s`MBlNM4C*R%d)uGm(XrqAV;2il3#wx1@c`t`uLK(B(6k9`r z5qSo|N#!u~dB_hi(&*@fek{j>`R5swO(=f^y`Y9ol{mOJIgSXVaBKF~vS zj#^3194xC7;n*JtzA_uajbXew5~b0&mEKOWjzjlYEb!#6+L!(ycbIXofAU-&y?zYzHCNwere>vp%JQXG*^D$x0`SGMoBo(q2=gJ*TkFk) zp}F4ReKst7{B-Qyr^dXhCwkad7f=ve`8`{CFBUj`E)vh50ZA3jUKHa=`fa z5vCTW*L!$2S&L`f=uP<`NdMC_(#=Kp>E^xWO|3mEM1VY56ZVj=sQLHDia#4BZC|7?CQhNETKC?~Jrs7FYr^x`nZL9-fyV%iD4TAN%;iwG5<3QXLzat} zhMz6&^?HYEjp5Xqco6d7$p~irXAK@UkR7{-*V@F zAyB&Y^Mm*-v;4)e9%?F2yUm>5T#c2E{XOeWuS%Tv>Z(6FF@Y7f;(dr@gRT}?&Q@Hf zjS776@eR%KjYBZS?yB4?^IOt)HNRw=XzZ-V(n#sE%-*s z(}Nv7?Uv}9qR#^{_>;%ZO+iCQ#fz(aAi*XS^UEB$%eg;|Ug`@CN3C^>0a1w#Q8=X| z72Urs@JgplKVb9#EGP6Uuy=5Hloo{&gU{`Hhett7Tag)H|Gu1LS{~4Aa9Js@?)&1> z|AV@C1D+25BiihM{c$)Nbuc8V9kQA28|j{5SLh_c1dO5Me^j3xy9>Ozo$>_NbK(eo zT9WS41M`Y7G7l84b|jY*3geQezj$;BOxXcES+Z>%#AmJ6siz^5zkEmu$rb#?^Y zUVGQ!t?!uU?g&xcaB3!gXEywocWOt=#{sga2F2<$`qKYjt^dT;;JeDwY2h^7GK5zFEBi?;jf#!9#2gi1uzIO>C`|AU8Ddca8gA3e>H zX9V1TbDN?NM)6tP0?iLyQ2~NAZLwofWra!~yi~1-XZjAE%~pZYsG$`+KjQ(DK_HFEDeOej!S;wbiNReKxXSk# z+?yeTE{z9urW#Z2WgUMyrnh4>IN;k{`~=}r*tCkfwJDrx;DUU4t?_Pw7AKgklZFOaH+-1iF72 zT(i@40Ni72AYQs&R(M=q78Y;bk$im9M?kBiK%lFua3em2ibklV!->Ge|9spgSRSvW zIZT@X%e|3#uWB(c)rU@oZ}0Qsz>M_kmtM^?-(}U*8()$HB|%b*4>L5b_}29AR9d&z zgYr`vxf1{KTBkJF-XFF+RyRxR1^q=accV7qPjVIG2~#hwc*eWP3?BT)tWWHE?M1FU z*Oz;0QvdOCx6MSu6#DSg@A_(TUFnVk&xpC-Go+QqTeuM1$d3tsy7ot#0GE%$IdI@) z-N$xg6rJ_)MTdv-~@C+LVUc4BNXHT&#o&NgcX}T~E-gFk{jIH{r zHX~e!eiUW(j4cKxBGQo;p{7QVxOip8F>83(|G#9Mk~0vnq&6k+*sK6&V04^r7>1IbtZALqi&U`bpk$3>_WXJyj+b+V;Hhqzf6(Pz+klVG;aeqE z?ddgMR{6Tfou2;t;#x(P-}MXfo{gUZBiOT9SM|WLAY5OSVl~^5hP(dq+oGuJL&86h zI+gbc0?llEL5$I^qPO6~<<>5MYQK5Vr!LqQHFOWJT=O--ulBI&C<&QjpF3~t!6>vx zE7Vq-uuSpsezcA3A=&A@8-C9u?;qyg0_eD~0k6FxD%&F}frYbK$T>Me zAj2xKJ*wzN7Pt9s)3r1v^7itWwtVnYQJXf3dhCE3M!{Ly-?oCd}q~NdtqL9ntU)Fa;7+xeQ!B24it#`PjC%t;!!B`v6_+*eSFcb)XElLbZ4702Kt3WqDsUnLHSGU9Y-E4 z4A&YnBSh9#!?bZH7@a)9L8DXN+mD$-De;TrGBO(-w9hc--5rwJX&>bz<$~;*APU~ zN-V%JduQh2b`vXe1ISfwg&z%`aBqMI0Q}G}&n+6;`FdinKfXH6*fJq<=u6by1pw>2 z58vLeW%9=$;Y)qlQ>|tfyAXB3kj3|#GXXMLdy-_A5+1O?C!C_dulTshVa|;q*yVLF z$nbhM1FkwPYAyv1A6+}%yV!w1nEe^XX98`Wc>g%5lrm~Vr6U5amwrHy>^EOHGl(yf zPrGgJ77=2g!lb{=E0*j3yib2Xc=?;t{^0FTntLqVP{H#wdinI*uuY|VQSX5LW;D!J zr!KZ8dG^8X84}U&xnU_MIu@ataKcM7PRZ=d? zz0nD82Y0fN-ms2`ZNMzrdv{{NVt~j`2;?lWkmyEYuUP^pKV)Hup?##Cu(iehwY%vZ ztcjxuL?!M+Xxf(}pb}idJsN6-u<8pt8J(~YT`>C)xsgJF#gCUF8~O^Vq;qX~XWHS# ze#dXL|-^2~-#^mf%ZhAS=-pG@=*26(msxLhw7W09d<4=N?WMf~#Wv~?(tlZdmRwh7UKe=( zPiyaOdJkyr3D+z9%i8;2`65b%TE29QlG3rpGg0;?%U*$eSI!1qRW=-9L(DDRBqW!DaYH)z! z;Tcv9fW8f_o8rT3nJEJ zeSG5e&rV`bHRm3y3-oq{oeYJceb%4P++z)$Y^PBijeQK5vU)#`bs?R?F7|_qH3MdEnk!@#D4|`$!V(3a6ih>yY(|Hb!=@T{4S?&)Mcb7bx@HG5ORJN&O~_Je)NcTDC|ha z43|4I7?IA~1N5a7E(cG?xy^t&3JxoL+4HpcJ3HVWn2r}iKEs4n-Xy=AY!_EAV-o4Z zxLfKHkluj5QkC+e8?PE>2iElZXzR=`&1aGRKEH#$FCX>`bf3WGBNRg*%I)D~xnDI+ z{2$gD@AN#QRMXM>R+<$L8pN=lkT$|h;NEyAbK#NTGkB5oOtgOlDUwD zoaNfb$)lzwAnjl4TO_ne+^?`X>S5QFBzc68Y3Vf{&4VMVHZfr>?qmrZrKrR>&~x?4 zKB>NT_=ZyQfwTDyeeSV$RPX00^Bb^6fCsaDU6GyFQrC9p3=jeJzs4;tLlc;G&jh!3 zH;=`MM)^8dr;a6$j2&=3VSiPFEyTE9pl#!WGr{-0iEBe;_?Pf^K-jKvt8(JL_1PBu z+qzNc!l^@xv(8S1`@JHwJT6uS7RnYf)RL9XqM1+ZMyr-Blbj!BKM;!u+|jiiJJgS* zVws>8Yzne(;HS3?XCxtFMQi}h(^+r+X#q?u$hL=8THTONwd#U<^%cjud+Cn$sVsXS z7l~n0wMaS>g`XKrxB*ReyPi{4^Um?`u|+sVth@*G2o59;9nIbKx1DEw2V-e@WAE2? zkbC*}gm~@#ybia+?z2Uf31O)@kmRVYPy{Dxx;c`?rh*@>lt&Le!Xe zmU|m_cz;n6oF<4jWcA}ZsAgUL4V!unj;+8t=H2o*p;otHJv{-qcbKl3?n_LjjRV5C z@{F%Actr-qTwR}VXKP>KInG&=2HHqJ$c!^~cy~KObdn+5kEatpQVzS=s}pQI8k7Z1 z;~y607>(=N8{uz6Dyvd7W4FzH#{R6iBJL~)3n5b~T{>@Pq2zYmTNF{m8H%>5_&@Sn zA4)90xbx??#tI!#J609&yL)&d@D`}Uo-huZZw;OAh!%YtQK?uRJh8Zo;R}!v^Y!4M zfJDy1HdD=)d`;ZFQ+afG zUc0j~ZfI(De-O{kmMW_$_5tL_q|CNbdplFB#M~~CiSu`sCNgE`dpbNbbYfU%H&e6l zbi~h4VQN*|`pmF}q~7+J$0n0lbI7)HoBOx#$!@bFhT*sC zE1NFKX*e9yG4X!!5(5^;;;5F6`eoRnvUJ*#D2V$*Txofk!Lr>SD>+}t>VNvD&@Jf6Q5TM3C&V$*VbsX6o{Hl}TmN?X@>>DtNJbpOiMs`jp9 z;EHf#3ULi$R&#f=RO3P%Xl@@$-F;RbThnYGXTNk~KsYk&6dw8ResYrWT?5Qq9YSk% zJ=N(-8`qEnZScrQonxZz>h zxU}*^kk-VqcR5--JlBk*J)b#OvLpGUe*Q=<3rMmh0H&OJ7;EOW>+i-o)@dpY7+EH- z4s|tCLjt0m=1u(8+@dnNMR#Q-!q*Obia))fG!1_#KwTR8mkRZ^#x6QYJvODEmgbaq z$VQxpd-98L7t`2Jq?PEi{&Z8c0B_4M5p=8=^QIRiu zZ2n<07{%XU>MFkDt)py4l)*)K4B^%sm^mWMn75|p$=5nB_9Nu50P6Dy-hcPrYl+PJ zkV(WM*d#Y?>y~yPw*D*#@h6>pzwy%9=d4unz@qQN!M(DYgMK(X_;#vs26tbalRvIQ z)$VCLfIyBJ922&Pnd&sS*A+h>3OKuq91?iQgsVis#R^};!2oPNc--p%GA@645R$C~ z`&xmH7+Z|MnK})P*z2w%Sv%<9PFeJiDqTLbKUeJJm5 zP(4hnp8WFnw|iqlOpb;g=%hP0cOm4hCXtPknWR|_CvU)fTtQG;tG96XJ;K_o*wo*l z-^=#lldsO`>aM_Fd2I&6Kb<{$Q*>#ndI0yTN?e+;$xb0bf9heM1tl`3UxC{{UFfdC zMvfUzb7^lHtt}$JBBBSFq(Yb7ccK>b{s*2<F_z&w^uVn_LrCprdo1Q3PFr5o7zkIU=$vJy>PbJ&#GItDzNijAcIkgJ0#Tv^+!z8 zt}oK2dW62CcG`HdTRZh@7()N3u+8)Z4u(4I9EL9V*+&o4pkX7o^!P6GT~W2$3YBXiDP^!f z=SNfZSdDe!%?1mHx1#bXkFhqC4=-USK(h*vnwgRv*uw^C2l-o^tOhe;2&@;w*bTEu=b9hd7^yNY#oaN^ox`vi-%r|QpE*ItZ zRDO>n|H>HFbfF#Rvg6MFYFAtq6!ld**mKIfSqM8Gh~>M?1ay@l3V^+zOS+Y|6oJ5R z|C^IMn^}$T;WB0D^+jq582(i#G5c*mC8n9QcG~ZQPUcn*Mo-{6)7x(@>OBNspqI8- zmc?Tasq*&DqPwTSPf2rSL~&UQK@W~sS)J?-2y;~&sui!;%=`+n`t7b|YD6G+LKXPY zPTK!{`?vS#&C`d)C`=+WQu0q6>`=#_;ZSgm@40he$g5j*Y>R=W1$eAoHPEu|A*IVr zm}rIX6FfuE5TDram)b3H*UjZ!{#EavLQcB4BFCd>eg3zrUEA;u)ug; zoWk5B_!V;uX@(>l8mF67-@?*!0!0SsQ^DV;v7^JN!%&k4lU%LRJqFZQ zL3r&I=ENw$HfK#e*_7Pf&-|0^+s z!J|ZrWCO$X)ts-uC9?Udq%niXGv_k3Jq{um#pGNLSM|3g_UYF^$a2{nw?f_EW`7Vq za6J4`rPLTjzyI~+n}GturTfmZ{#Cf#k*;H>6kFb8^FlZ1ja0H&rKOWDC`NT;J5ax? z%2!_Ot68?kN-oX*67nDRv`qqwF#SBKfYwk)xjym=4pYYL|8QqFosVZ#yVkVqc9S^( z(>nkWd`t+I)LUS2Vivx>P9n9}k(e7$=;YOS+{-C1aXi!vP--&@Xoz)WuDa>I9yxMw zBY+Jo*Drk#st$YEnvTl(dy;|v)38bsfA zSFU1^Tdp$G`KM%N-u1Sh)caw{EDHh01V$DIsM%HBlJd`)#0ih(($9`0GtR4ZKyS8_3IJV!^An& zQw;d*FAS5s@nZSjf-DqMl|BN>r_92N1-9Fq<8`cOU#`SS)e=|BpZOPsZ^Mcn%puOS zt28uYrEdHJ3)gPLt(=N>)<$i_rA#5rSlHgCkOn zI!5?K_B+a10FPJX;|MP4e?bFW~+aje)Mmct-tXlD7ZoCh272mEx4smMT6Aa zD*J!)*+&_!pb2N%G2r`e6VBR96qMQGqSB(QHD4M_7+x;_?#dp^73xW-YZssQ^7de6ZF>zQ+aD8e z3YHH_U;NR+7_askEYZY0&ANDh`Wk&mLGzAz&8*$QZrx%F>5x_sxG6wxY?vL9IKY<< z2)+y;k0GBWrElmOlIm4#i;Th}($r6ry4DEs z2(XloQ!7{_j%e3-%=~EE{3&kr?l1x4Dif#r{5Wyxhc^)O_V)9!pAsRJ ziF?Y3V1&!jo%-{y>YQpm%wn)_dJE5T7s8$`LDg3aiw_*%>9#}M(}={}=I>8`iPi8K z6TH+yJ>oQe|Ku|6+b-+0e}8EOyVz(5;pdxYQ~>E*O(+C8W+bK=8H-Raq>u+UH(8qlX_cN z0IaYVUG*W0X#dBV#MJlRmnKW?A-yxm(GK{XlI|`Qr^M;9Z(AbuzH37IMoUbxg$k;E z?=8YA^c63n4)>#;RxK5UFfMVIHf^HxZp-eN(u3=fRPGi}eQv^9Cr;Xqr0IK999!uh zJ-=uArioyq?U>?McUX714JpgvqrxnlWYl|m#Y?^Kf#-j?r%MM5Hh_XhXO?9>4R_XO z1q+{)(1ch_orSetUfkE+mbI1Ishw&%;MhQ)1o*YpGezW44BS%_bBhKsT>h!gHr3&b z;`Z@`lKO+(Sc*k&3NT+xW((flJ>U1>Tcij&H4ebO-XQ|3oD6pVIT|>lW zlSAVYGaq04!J%N0aVGtZKt9p1qwGt5{^M*3OwM?&u{~8zIw4s^UiZt74}Mtj)zKtL zlE``-z9GYWjp`o5m(;i$o;SIr>ZU?mcrC#v&kvgk>jzev;KNA7VQJ-m)@KYTw^4|+ zF~l1DS-Ls3{Y-S9cM0$LO~~>??J^xj`W6TOmjL?NVI14aK|X41SH@W&HPrL9jXFA_ zb;-vCcm14kMhB{tvG2`Wc(ty@2rpvFM@q&tUyWdz8F0Mg*h=PPned)!O_@VQzty$0 ze7cD901R9J-{TS0c2dE{YrC@Eoey5eh0`9C;`luaE{BaL3wahX3?aT6a!pESNtOOK z)~r`R5^jWYkcZcSG^|~(QrumaJlx}FtR1^GXH6ATfsobvj(Ar)atse-pZaH17+k=2 zlZ|rzAXR%m3EXvg12FDa_{xNB5=?Nz{4~?mX%t{X@CC6zeQmQzzQ*u z&%wP>Tk7d=Z@*|}<3LhtzK-Y`3Ku3o5>YcjzX^^n-XR@}OI}NIMvcRJMB|){* zB+V3KYyI=v9~>&b$@REwLZ7*0$sq@SS%GGnV%K!MWRCkAtAn2jvCj_19{;vi9D?0@ zlDAqYg*}=`U8?3%eWa{Y5aLuZgrigC)kBa9-(Ee}v8gQ!#Un2;eG&@%DI;uJQ*nr9T+G!NNtTSi$hk4l*mMs*g)Q zs)XNLljkHa%M?+`Td*h36`~3;>X*())+?{=n-eP;-HW40p*6o`TJQGCnHb^;shPg@ zG^)2ooPgZg#rr3y$CzC=Tcj}8IusPI+7G$9lR%8^q<<*LvEsk7Eq?l1dHP4IJZdSA&|lu2ZeGq$N|1(svBelS*4d9S z@Nm=e{$PmeUNcl?X|wcg;URbS==Ir^4-D0h9A9KW;#Q4uC6{etz&W>!NBx=zxO#N6 zdW;hzXFHuEKY-b>5?DliDsTxbEYoMv{zTOYpTs^w5tr;`%~i$DiuodVak{5?Ule_~^p-FqNeP2^D5o4UWnl`(`0Z_vL9Z-DDNC zBo01y?od%PQjvB*f@c9s)PK3Xh4qZRUFXew25ZK)#> z`1Uasr92;;4R@pv-}%!mOmCdk<gWhPB9I(2zrl>MVnMiu}7S97^^>a_H%Hl)@IDzsb66+P&8j&AErO z)v2Hzzex}}WJPZ0!(ckOEyJT7M$eA5k%Zl(hrw~9^jlh(x>~@h30mSV&j$2eu~D;7 zt#0-#!2g1KQJgY-iAg|qubyMPE5fL5QJ&Ik+7*JS*1x@3#SCTP_azImvTiNIU!i5| z{?Ye^NFw2aW%=EkQ#O6(`ICNYMzerbtQ`fMIk$-*E$Ui=6 z9nrzIZl1#3$1_1>t^c>`^ba$R2jC><0lv!VYJFC@lV^$aT8+`I{`)RWm=E_+tJ-gD z3gpO=cfYq#s)GB02DT$++1O;_iD9B_f&81UN!G#mAbUOzp`8EiD+B==8uuiaOfD|S zZiay&T9b48M0}+W?eD)}GPny5)AWpoe3JTBpM&MrswWm`K4zEJ`ohrv_-?;IGp?zm zgP22v{L`4%S>x!94?sx3)+Di?44oWF#_$@qaA+H`i>cU$*)Cm$Bey4uyJzww_GRDb z+RK|TRQ1*acgj2iFfS$?&*a+>#cfJblu_bu^}a}>dNGObYA?O#D4RAUm3WtqtBjTV z-Cqg2RBy}z6I13ZCRDFm;ue87Co4OmlfX1-d3z*ZNlSNH8~}!xw349|f@`0-QXT{< ztGfS~4Lk%+KRCC5yYwN>0y~iYrP&*6N8f=9!qc)kM~jQk15^yq6K%4*_akiwby|Tm zlg9Rrua0nQ;m^%wy0H3WJMSnS`K`96Jdg&~^ylCgs1M7L>avzum_hu>=gwfPL^XF*S$>J0`&t(SLT4_X4wzCykrB>MR70rm3r^~#qr z^#u>}R<%O&7@-ssUq(LYJ|Sl9$DA)Ro7!3-vg*1Z#*1uCxLv>eBpn($C!cWmJ#E3H zu6}&Eg>%;*D9pJyEe0<3zeT|&3~WA>K5r+J43%|V-j|tkq;LdF*k#n%jirA|5y@YD zEBRN`wk7@tJ%~K}RUP_R@jSrrFYoZ5BAKx~dT8ZS=Hqus|6SMWG+%jtDA-TEo@5s) z!b|52Y6}nk(HUXv07@~OB}Ldx!9Tf!6yNcs2-owZwUe-~ym&G1+^Kl;i(ecLwGQ`K zb1UJMS1M&#>nQT~meq6w896>$_a9 z&#@&`nr?@R1m3c}M{R;l?+0Q>}njO0bQ7=`Y{(NDR?8M|ZRI#6ZC%#yi zmO+CN7PIlmTZoblz4VW$#DL!lrqsCG1;L(P(>KGH8OaRgg&s$s@-8ul`^E!d!bzk) z3H6aKpYB~)2<&*@y7<_>k~g#ttw9bH#4N{5nOng;c9@p9-x9_#L+qC=M-0$~+Fy3R zT054ddtFBSB04$1NpOaj^9h6@tyDxdKGP%T?>1jQWabPF%Tp4uI`@$JJd%5W*Yu$E zr2r0!uxmrXzKFkaJi+76DE_D1JKNZcRR>$&S>gk2%ua?gj73$7?J*Or+wNxHjnR`Y zzc8<)?@=0b0u!m`Z(edUw?Ftis*1QM
    vtwOn0kPHKUHG^ku1)~b5lbGN=z<1~7 zFbWTuHaJoPx^{%!FKVORU%ve7objtgXHGZ!a4J&v)P-|%dyzhT z$tI~sP}{8vzFb^d%Q){cwyX0)1>}Qec%_|W1_W4U+ty^c+-ziy5Av2qSp$a8C|ou> z=9YLc%tK7&Kl-K+yR~yTUNepqQrGAq=GN;5d8g)c+inc9{&!w;0o6L^!rh3_OsC~E zAzNR7S$^Jg*8^w%9x_GeC2OWT_5tP(Mn|^sESJEr$&PLx*NCH~ zU$V}d3M_8-Iev$`<{o)%eligjplEHjO@Q`0o7h0Ii(ogV(x1GVu!}z1L}V?G97^+y zVdFy}EhhoUF*71F>P32Mn zAEva3KQRoksNZ{V!dQbsNypY7p)~?+mNz@J9R2bAPkXzW?|iW~@Ov9(A3Z)pzPQ7N z&=)m&kLK>wh3tiGJ8IYf3$IVxwIx^vyA>0U_0Mu&PelybJ|ii4zO$QXA!>Skeo8g% zCKQ~Us%Kq?{!DYi_8PcA3dNj>H?ya5hrtTZzhs?41X$+2nmYogvJ;*1`tU@C#(y`>AwtE;*lIX{gTM*H{ohx7mAY&CT1q2RiC z1NLP|@akd6Lo*56e_rEiMwi%y5W~Ls@BcImy@$;V?D})i6B4IT+;_BGw5s*S;LGxw zm~$HSabl7gRm)S=?1KC8fvb9Rw%yHVGh7Hc_W9K~xoew<1>C9b9M{_p9WHDJ_>m31 z^(~!L)jn0Y*G+ItmW}Z^oIC4SGJ$e1&Fr^kbT8@~gR26;#-aJ((D|BPS;YAfuT;=N zlb+G^XQu!&M97!IRY$KCVWHi8depT+x$i7u&H>~fE90jP68l}j09Y0OV!+TsO>bYr|aZTlfrVPk9R32 zs)asgvi%V;Hq^2D60*h@1@sSThtX+%c!Ghx#)?0|fs*U8ggQ@sk(NW=2~Z(+xqLr4 z{AB?>ADEGueL5O7&lRiA=Rd7ma5)>!4!Bhq)WOFq6o;F=DZ(FLAbkHUHU<(+sXMNa zrK3>*3H|MT_X%2*3n8>+sns^SWk&Zj)IA`^ri&KLX08CB*{Km_+O`55#7KsC8T5oKetp~H1G+L~v2FV2` zm8gfwtYOafMrga@SZOhaEfTUjZ=#C4Bj&o|T7m8ixJ>vZg;Nj3j(mnNM<48~<5x7@ zu=kS76Vl7gRRBGZK1>E}(eyoc-Ew387#O0eczN%DEa?W^RsRHCSg*eK@PfV;SYO>g zLSUNX5Srf)ziOerRhNUQAAUmCTQt)iiJIt`XibTk& zOgu~;kw*jV<#71%i6mOP8HQDBhJ6K#?tNOt8H`EyP+X6PF%pWl#$>d~JSd8TJU1MR zH60Fv-egX5|Gfsq3qBj15$F3mK|s!lW^eu)dx@S74sH5qto~KPfFPGr1NO<;QY>2* z$20ioiR1#@Hsax#`5!Fb0{oTpoqRud7~Ma)L@!`sWq{6Q5${a7ziKGNDkJk+@k-rc zZ(lRKgt-?*f21EzVTV|;8ezIds}m5CA%w(sA6SsF6ftKQ@^{}?!yw|godERaXafnw zm!~dw9KW~6R?M-I9q8%HD(uEchD{iD`+PLFhmo`yDIi!=TQ&2X@5}{C^DfoMr?fXG zAP(28e1yKdqFuZ>+cd@-ImXa;UDob*hYM9Q(s9c9p0QTuQX$KYP)loTG}^7B=|Zi)+|R zW>e?ldQt1L{|uEvkur_HD*YVA@PuH|5Y63`Pv}}IB4=KF&O^Lqh5n#+!>l90=)Q%v5L^^9`lASKRp}6PqUUl6 zN5jj_W|E!?dOpbP1~eMRgRbW~D5gtz`uA$r7W7;jB=cZkatz%vpYiNVr=&Wr%33oy zf^%XffoyCd^!aR(mzvgWc#pKZIIvv-C*G5Ad@Htnm; zt?~5RX~?T@vh-|#P7nr}SDaQ@h6PUDiYw{!FmoyMP_v6}hh;`6&ovJdhPa7|w-;i7 zEz2qP+#Kj^9=>xo+Y4uMcsqpSinNq3xgsrnNB$z8&#qk1ChI@GCFPeZ-_k_%4-y*w z2MHBm_=8=x|M4;DqW_4Y=6}S{$j(1l=GQ-1rovx7RR2nqJkR+nXa4v5Gc>a9n>rXG z{RFzCt7C8ZzdGDuyDy*k7BhTyLue(uydTHM@0U;L#Y58dsWc_DqL(AZ(!8>IlxWpC z*k{MqKGYkz1<+8)pkF0mwT}4n^SA%F1NM>gHL#jJF>^N*^d7kPt8+-Tl=MrP7Rj^c zUNl7p4PyMVP26-lqfI1_o2)2V0;O+d51}0E?3oS0o?jL{LjrIVR*=)zt&wv&z}qtq zTB=}cJ^L(XBZa5FbwE7kQ7KBrt0Bf{Ay_-5r=4>kW^`MX(-7RVKqBcdTgN?b5I3sd zgx<3%O}HoK(H_27S~E*JQBs6Gy-=9^={X^t-Kqi8Tj$&``8}TfMPj;E=BDh0t^14P ztHXzBN9PTIdMvbc3VK)&Ug6Gcpu=D^rMM-tzcf~mZK03dbaCkVtNW{Nb3m9_JKlqd zuP+WKwtCAvd07Ww4KZ|W1nQcJ@*}5w%}5T8<)E4;F;LymdvVGGEHb`=$6M|=Dp8Fd z`^rUdD{MRQPlj*L-@JzL&%iiJ8C!Loepr`&*b<_9*8b!6y_MGHrpAMofo9_1nT=yw z)fc`NciJ;!X=1}UI)i}NeX~wUs|BkJ*>-W-hcD<(G+*?jKwiFY z%fVUl@}n5*4@%u_##2hQ8+<2@IpI$8Ql(0YUW;5UKF=C~O?+`Kjc8*~;VQZ0GfZl< z?;A5?_fLrcycvbuk~F0ODS?-RE9B~qj+G7`l#gM6OmT$mFmsg)3zNtA*WtPsWX4Hz zHJL1xhMpKn!5sx(R*vO)*K#t(;NtR^=TcYO+1kOpWuSf)%RwkFdx-iye>?GKMqo@ov-^uM}|vSm`=L0 z_@8_YIT^IRN_NNPhBfx*AX**l0;(P)Ed87M+6yJt?uC2y_kC-VO1B^^!QtlrOT}K* zUuXesOx@m(`oXECAIn>AP9)Dfr*F~kSb+4o$PAMi!IroGf5#*Ga$j zq#!b=*7{<(`ps&`S*MH`dBa2tA?v*HSQy(34PkcYB7&? zNW?>b9@yicK7TAle<@voK6oUpnPzSJWChVdXQmx1iD7cJ?@w3Hd)Pm(A0=nD%8_h_u;$cX1#KG0pepO?6@Xfu(STg?^ysC2v#HsfEsRfP*4F?Z) z2+?KpDg5-XPw@5R15c0Mv3*tzJI8?dL!aF$0Vdz}xO0yiWg&7TUCfO_Lf(_6U*9>%JZr;umMM`5$kQ?AYC~Z(yA+-yO`b_nPb5x{` zZY9XVZ{IA}0IP_;_6bJNrgfm!R6_QaoJ=~fvL9fkZD@heL2dv1p!NZ`hFsGgh^^K4 zypOs&b2KE~V;eLBv>!eB`VvRf!SmW0BTaU6OjTznW6Mfo*^0P)#NkjEd>uuH9O{CQ z$+YWVz*z(!kN7cD{tU|NC`}k(kl{{s?gL|XkbFt=yyfc{! zx_pK#Ajfl~TZ>`j&hefr+Ho|Gz+dFzW|7_4C-}{DX2c!>E=uctqX$^>MHfG%;t*^b zTHZLP8^})`@*3h1P6wb%D7|OZ0pU~}EgR>*9$KIF4Pv}i{lbP(TR-Ph^uxwE z5<23uk^uzi{cCd_1ipvxUsGF4@=?>C%-0W-&opUVWLzY=STza7ZNAOs4Yt5B zFqW=yy3AC==c$<;s+1=`yR)+jCgBtsRs5 z6KsFhx4lKM=Vw_xJ%tbBsZv`<0sUwGTT+09B5{bnOt~o(rFWc!->_YeC)zbLNe#JC zS~1!y_-0pN|DX#9&~r{Fe|`gXJ&LFcg0`#w{fR!&r;bav12!lCMQ|kW2iMGdQ}M66 zaoIJXHHdy67*QV@{Vlp?0G(h{DVRB3Rw;TUJr-`b*k9OxB?Cl9*)criTMPcr8qplWtAU3cx}5Q_9;Amv-J7kQnnjK`&sz>^P2KPL zzHgzs5taV(PUI)3j%f5@ki+R`{v*(rxu&nv85!nfU%fi21uZJ!1<;1JDy5k#D;)2$c zROYGeTRKt9Rb`1d@phQ4tnal{$3~Lv8sK&Xda%Lte&TXy=vYUW9NvS2LPQgorR#*) zzujW=Ammir@D)r6wxJoZjXDYv7$5d#L+s^*w8PLxd(%LFe5?h3W&2SDf#JxdRDTG= z>s7o*;3$EeO-KqBu|H#zNv1)4*prj1AdJLU^|duI4HOgBUi9*?>WRB3M9joDhVKve*dH|9I0eOC=dmk!(kpa}W6H}hVR z^W)E{Ah$4c7-S>kJh0yE_3|BJC_GAn8CLeAl4?fQjCi|Y&tK5>*JFL#fvPO~hUyBE zQ=F+vbbH<~ zP=QO+gcwu5F|VhuZA4(1JgV@)Q6?Q5M?yD-PcG{YatJKO20ns?u02_|EkYQDK3b++ zMI;NhG(FlB{S@yj@8)c^Q{LbP!!ky&d$F{qm|R*7i7hc^j=FEkpT!Ee02c~Xbh#5M z8}H^v9<_zX6L^sR_jgB^%~Hw$Smzcj?3CGb=KSFNciMMP_28cq&v{ah^9babOsz|@ zwUvq0U-mu{+YGnj`91j-uCQ{%@22_Kf(npWk=jRXMGODzNPQG+`a!23?SSDxU=1WL zJRE4@VZH&O*?H+3EgRKVy;D6;!C&`T!0rh%lrLnzqYmwId|Zn!-c$B(l=t#Gtr_jDA4$gOs7lJVZ+1&^Lq$ZcdE_Eb{zwDUDa~{ ze$F;D^I13sH=fPnHK9;MzU0~@P`;m})nBy3j`Te|a?<%mXU}tOUw$NhgHcAv4r&p|wyq0iiPG!p^wtP} zU|>681AZrPN0j2T9YhE+nC5d~n68tAjedmDe;Nlk#Z@n~uR_JSaB9!}cW>B`l*#`< zyVbAI?r0G0WP? zWE`|I^K$Jy`$y~caj52S_6JVAfX6tnd?en#1s;ds-HBLOHsh~1d_qT&1lgpbrQ&0;L4nJuNk4(zY}Ee#jS->TPmje$yt{CByi|)w~b)}Zf=AsN#c?TsHcNkP~ zSKK)JM8*$r?&++bkPg~~^A&c78zf@|>9GNx-dd>dzC9eq@BId;1Jt(h&5Z(DzGz|c z!89;Ue$FP7}=&5^ET%M1qIX{CM^qI0?iiUo5FZl1?_o3JM!F>XZ18WmN z;nJN$cV`OZx>c;^oyLhiqe?BzqGN|)8s{V9lNTrO!Ssgabw;H&0uJ#Y?Ub6gV59gj znRv&!{g2;kolpaXu_UPFeR*VRG}zH9ZBM>!k7aXT%M z@EN4Q1O|SIG+~;C4d~7;7Cdb;9hyB0-h-W!f*INh#;g{X%++g{DESC`=|=~HI{ltM z9q(a20(r*zG8z)=l37;sac27t}sLixaZM2&nf^iMHNBbhMg_k zqE6o6Zt9+EhJc`L9C#)X_+K|Zy&Cewz1LS!=b?EgRJzoOL6KfL|6I;O)w1IxW}7m3 zDsvEq$$9WQ4&HSLy5;ONMU|vNix^FBz}cpzOwjxs-`ZD8+j{B;TS;BDbazn}Vg+*V zT>Q<2XrO$MeTz`g{KMvhpeZXxn%g4t&Wm6}sq-m1^Y!wk9ani`#T$tUkS?7tY7!b# zwjNjn{FOp4bm#UsyeKFiBMv_(G}+@Z>wk9}Ws2_l4Q&R~Xo78D>VWCzqpgQ#L|=7; za{1>#<*GYX1MxAy#)XN?(mwC%(APv6h=yl?>J~ZG?if;FhqV|u&}SiG zjtV0pyTE za!~*M2Cvv$KC$rXHEk3h7BwvQtT}Wcf?CNm^UmTvWmCvbOn|*n131tM;F!$CQn*#zYj25?8*$Ui3(Z_Di6v}G$aJ` zD6sF@{tT@?w<%74(}{NzmUEDpO7F38h8KhKa9G~%Lv~$@qh~2v<25JrAz%xV*I`}^ ztQCO_hT28^`P_YEH&F05VzMAC^}heH?jY#80V8^f5_g(ScSQAQDnT z>ZM3qiaym)cxV$q>3Ve#;C4MT+Yc4}Q90GiC&pAX;la{c4mHZQZ7)C;;0s3F^%rmL z=4TeCX}+3=xt-uM5a08bsjbpJkRN|ZhBjlg#5?WbP2ha7PC_)mcrio0)M}FUN;#0= z6IGOJH*&|o8;`OVEBipOxjg(52WpV zyEej$oCVgObkf}me)|E~N4!Pk1gIXI{Tl(!1w2&JzGK$X_=u;yKWva3OBFq21#03a ze>HIumG-eu7nvT?5ax)eZn;!(%C}_WTT-?g*I6jPy{A6Jj>GCn{!&rQ*ml{=4icXl@U!Q{HyD3OYJZ(7UoVq zzKX}ldam&2{f!`BmI$SM;x6xRYQ;~Y`-h&W7cGRbGI>YcUtFs{Khll{UAI3on1Ql5VYxL4Iz38kbIX z=b$qGJnYeb93)4G}qpHiC^TQ{_C-^ zKL6)WH>N(o!h;}$IS+6|J_v6T3qtt0GnWKLRFQPw6u$+XJx zDtGJx%7MM6{E_pvv~q8eNV9Kkku*W&-vmp<%LS%zO15A;m7DIkNn~^hAXNSl1hGHD z(umVopXLPb-{Q(0ymqvhb7g2BYA)@I_rq^O{BQVO9EVOj!kJ?vE+nkyK9iJu-@W)i znMC*Djzmiknb>+jP+p|yzC<iBzHLzIh;lS8H#3)-=*C4Z@mbn({#f^vH;{(FpbD(*0FS2JZoWrK)kgeVYS1`Yif41c?a4e@rSy{rn4RHm(yQK29Af5Dm3KwX`cE92sCjBoSfnL@}6zawz)32(QuS zBv3xa?uJ#yEGak)81v-$g62Lv^@g6%c!Aq;`aw{7FBu}y*K_ZTUoPnmF+Jm?(pMhg zbjM-tHT;y&-!sjmuXHGIkVRi`uEy^22wc-)x-3-129=H9N$;%CnXRArnQe|~9xA&{ zE|O$}9kjsUedt|^z2X}&TFRp+Jz6EYTg1e;VR(mjqGzY%a^=0A!kf?Zr9UcuSjt>7 zNxPH8#06B)(I|%PrAF}SFO#jqPHnh$&$3}#^bbUz;ix32`dwe`$at`t5-ND|N5~19%EK4PDU?EUbZ=cO)9mGZ|ybcRpIZRwl055owr93CX*tg z@g9fO z$NL^es~^xbCD#SvM%2lFiDdcsp3BGd14{eBK6oOi-z3Ic4O=1ZWVZto&7W!kxtcQ@ z=ORaAnr6!+L8h&facNw55H~@$?RR9tuYZyz%inDubp5QgIqdc9-;2U?#ql`*P7IcU z{r~*3kl+i}wqe3ss*Llyi<6O}6^}=9ltYuLZ96{g4D?2++`RQUY`h1mB-Jsm1!BZ* ziM3}%dE@R}T`8b4Oi2DRm+z`L?f*<6{vVm*b!7^*ug~m$&z1BieY`%pM-~-=8P2Uh zi6QnXvfCEE?arFQgGfVu+23!*{b_qB`F=>TrwvDI|B-My)h56l7DjzofV26uI;8F? zS1hOX=bK)lA~B}tkkYd(snd{?&yP1nz+h(-UfTPPJ1XNKWWB6kK zRyoBT)fc_c7?n-fCqh^!Mo-9*fA+V{q3R~>P9()=U53Pusfru;F7o8tAg9X-&05}k z_|?r*3$E&Fd0uc2Ss0VFBmi}kkiS}LgtcMCa!9*T$3px?xfF|@6$=D3@<&4@gx+_~ z|B2MrgW*~M6UTMRfW$~Q;Bw0dR;ZDVb+Y+0R-lP`)eVgvGln_R3t`o}ZxLSZzPXj= zYK*53Uk!C@ZH=|8voa0vPpzNkp{-*bap1?qA_x<58|s|Ov(ajsRF~3~&O$TV#`v@Z zM{a(gQ7-sSs!&QD!$(a|ox#1Z@06v55(4!}3|jE={`#+CY-zW786D=%2CNvF#h2Fe z$ZzCMgwhJocl~3#<#b@_N+Xq2<~;5+yI=jZuHV8!Ta2OI6qv!N35Gq)1YeCmX|B5` zv7QyQu*9Ff5-lPXP-!+cdIC+;k{xgL2Ez_eItn5HOEY2&#j zXCKYe7CSYJ5G{Q$HLSm6{x;x$zUX5;yL~sSM#!@*P5LmYb9gCDRo}MM{az2-8i0!g zdWnYQBDG@>sQ6B7Vn&(ko7>UDJTVj5IQimz$^A5pvinWjU#vhQn^aWO6yJ<1K$n9+z&X5Z?Q+S2DB z)HLsWaUSHUVUU5w)D7n8k7Dim7x_EpXC;;cX;+?udg@hj&v`kMOSty4kK4CJTx-Fy zloROX;)lLe>k@)$<;1IPCtk1~HdEFwOLM-df(NsL8bEYeLT9uwN)+!dyf*=+08aM0 zgL0L4c0tQt>ZYv6^x~wOpME6Y&M&_6Phj<|;HyP8mA{K+Y~xvw*v@^qf#+2Rs9|EM zj9b1$fwa1xM8dQ;eOp%#+rLS7HrH^_Q@NANwqRzoy!?1rZxtt{!HUxcmOqts^#A}Z z?1Jc6@@Td7N*-R+ILL%y+#A=iz!ECH4;h|Dd;acFi3+neoI$|EABlr#{K)PkTFqB> zu;+7Pi4uIA|<2X&Uc9+Gnqp@Bhd^k_a=_N zVoVXSX$K!j^5>FGGfSjQD8X;@2rsBxmx^ z`Tj27W$P$4U2jkt9Z2mEn48Bao*0k@f@Tfr$8E#{pt=61|KD}psb_k z4d+pCuy|*QN(s6QO_ELT`Zk)*xCH`|i^i&JumefJpqx);E4ee>$Re6c8US1N-N&yP3(V z7&=h4Z;!j(-GuU?~kkg180Ihkx5uC^3WSF`s2CF%4m^@vsiz%!bl z3nf`6!ZU-^6GK~$l~#Z?lm0+p;hx{GlA#4K?EbGFC4tK^@-+z zP?B0&+_Nq*=h*VM@f!A|3C#7pv}o9&QT)QvX+lLirCRfd5(K-^dy(;`wASxp{RpHEd!c=vT(f{_rJx}b6(s4y`ZF6hYfxwXcV7T31EY7Y7JAH7Gof{NgW5vMK1W-A{IeG933T>0pLdx)`_9<(`yoWPVkgcsJ9;ae5HC8AHMr9n(PgtgqB`biq<-bsi^V{X zwH7c1Dpaj(UA-`t!zo#A4&#zcwAmew)l)mbdMzOCiNUL&Xn(`80;8n(BD=a)2{I@BY3bjsUY(`-y}8=%6`>d3<b~p?J);$%FYe&$m`JmyGaek&6TAv+~%4#_S6!3W` za~3srI+P@YO*(5O?s+y_gG_TAwHB#e?QAeDt2@{sRK@Pc@tF%H;479>6?4Vx&6RM0 zVmV!!@EI9>RHjv%`>Ueu$A>0p5&rGGUCAN1vk8o3%|nJpQTqPJ>E^W;Jh}DGFT8&K zG;KT)Zxt_3ksq_K4#1()S5CcE9Mkn#!55=>xnVWw7|Xo)T~oI6d7fNQh7ZN&gh}95 zsXYMjO$$VmDk<&Yue}<6tF#DcY+h62ue-|x-tLCKT6B409=@m@m~wK6+Xg2ODW(3` zK_)6Sni1Z_EBm!8}gmO@YTY`<<7vlPA?L|`u-B=zW~7gjbJ0r*kxY^TgMBXp@O70Tz`3+J+KdNkgn>~~w*f20OK`76 zmevjedCSxhw<86js2&}yk;7IwuQCAn3|}UV4NqdkrfKRF%lyp=((EuxeL7ueD%wQa zmM0&Mo;n@s2ed&H7I}jn5VJ(i!KQRSGX6z%Sp#0Tu&4o=t<9{iql;kJ=N2^ZOnqMMevS+)@xySbwWs687@ZR0m#T$H5D`-!S|XG9`vt{C9>C-3JpdsAHZ` zrlrCDbdUtb=F7cM;TFn2z7k7qiFbNBwHCg+YM&nFAQ9>HNcfd%69y>l%KTMI8cdO^ zcvuMAty|+CpzMiGy5}IFszj&PJV_nbl?mTE7je0}s*B)r`q+aQ%CtoJEypQk$#;=f zxJJq>pw!BjzsAL+LoXjq5Ty;Q5U6eKxDY&z`^w3gA7C*hFqQ?#lQoAyn(%nahOaeU zY^u>84ZhgFP!nig?$O?_!;uxlcP$b9%@behPhA{PH8Fe50S-4Q1*y_up|SD~FJY-P z;)|CwYwUBLhiHzf_-W-*Ibd<>+;$q6KL*y(ev3>fciEHXi%0>|pwPzlfgD;)&6Fk? zpKPAy(A5!+?ZF06c)9QiN1Fw&S6L=FoT z`VDpdNheYo9WzLR8sdNHe=)Y1V2xd3@v#W~=kE`3)Q=hJ-jNtuve|L|8KWjeg>e3> zAxe}Yd|O#SZ?ISQF1%7+f>Y(O`8exZt}es+HD%j~ zxRbcO2|&mi=6iqAd2MzfXIGCEzf^Q&$bI-RorWkPmHb%E&Hy{8K$#$j{cbQ(iPQP= z!m9B^^Uqm+Ax4HtMZT;z0u_pRqZzp8T*VhBbU|LL8FWp|XC(d(n?{{wb*J^Uoox@~ zhO%MlnPV35*o!uXlFy`ky<1!OvQ_l7vXrMChyA}0ezC|fLJMIaO@Kq~LjPE8&+_T- z#JN`e39#`aifKKdbzCLhR5tCM@wJJE2KLcarY#|KX!U7eOjFzJc&og%Pe7JT0Ddg} z1G&iqJ_WsudGs5Zr~;MJnw8M!4(5$3$wuW8xOg{LX|$buUY+0W1g4!4riG>AYrMC@ z#OII5OW-YvADNh-l0M%DfgOfYJkU$VZ>_PPCx~f*A)1g3Q1KH<-!R9dC$R?P9B8^S z6UZ+^*PZv~qZ$rCc{lu~es$YOSgTd0Ke5m5Gy{~eijTMPSXgl0_oyvT1=>6rD;o?% z-NY_$JiJ59FbUm&9U<28Lz_gss|SIK+nNv8PL-TdT>C~t4fxM9WOGcO-1;Qr(u?h{^rG+te?^hj!ziJ<(4v zoQu4*m*S;&9dfNtf|tYlGY-w7%B=|l%S1FnA-XLQp($?iqt1}>*G@X$8U!~85qD|A z0;^aH-nB^QjD?3JDZfO?Uaf$@2E`k~AFi4~D>VU2wm}VD)K~ABhnWjXu()~vl1>W` zBu*zSvJH;X7eBBxE;FcSMr1S6eJz;ebeP8JO2jN)4(s-jpdsJ z6DEE*h?TDjMb}^i#&FCMsJ!9Hjg?l1R5=N!up7$%eA`FUY*YglK^eM{iq2cUsV$oR zS#_xCJZuryh39GK*?gGHvs5MHW*C@{_3d0@!{6w#N+ZKlDWK~J+6*JX-S6Bg58d)M z-@aFbn&j-v#E!UQ|D~*n{n*d#y&O#aa^BBMRN4(haQCt=&3a#^jc1YoF4WHO)(8^Q zYz5j7P}HZSHTI-PO8r&bTsvab_i8~hIR;Xi)L?A1?)zF#-}CFmqIBpFSEP8u0c>5? zd)-wEa;@~Xvk6crztoRGW=hy#iB9{`h|C_XDOvtkQA8#z(BO-4YbfcW1Ryja9isk(l_=q(Q+q3-8A$`FokX z+UZVn@V`C^u;fi#?|CdX9>y&nK=|SB5_ppjHiuaQ^GJ^OzR9&H1`jV268~ImHS@6W zv|GG?{mYjHJq5i-I>vEm*Iwj%>lqi6#hc1=`uL+*`NbtOFKtuqTgKq**@b!bZD_ZS za>N22_f0{3E*8o}NJrL}ilu%1AmVDN!x0PhLUjn`nt!-s0>cnbWP;BT!MU-r4As9` zpkG{d9W%Py7~foETIsIa<9JbF-}8;>p=ZyxUL{D#W2doyB?4StPd zGG(iTC|yIAS1=0HgN@ed+RGLFP-eWUZP;(%_~uwP#9wg}5ep67gEQk0OiniTEV>C*xO=vSi>o6|0SB?cJQY z^>mZSrxsv+5|efQ#%2OHgZV-fa(W#Pf?J3>nn}KZLFQ?_FT$@2`lCG0aiNK)EE=1z ziyn?Ai7|=B3?rqgm&ImQ>9CvIUj_WUBbwow81;@S1!E>jrVKw1d}&N~(7B|zU&SL0 z1QL!2@CVxr_>Dg4_7Vrt#_cowG_Tiq?W&oL8)bN==xEICm14>ntd@GrCE5{Oe6@yH zWnS0j&zYq?e2JzRCY}qG(<3FMZVJ zR)*6>)-XCoEu{w<#Mx-RI2CYq(i7g&=64|^6z%*UptawysCXAuHZ6aFKTK4|KbR;c zSh)NkJn4^^rtlvHsWdR#Ck-Z~`BD2bMZ|x^)FeSnO%gEw!?RHr>;IVbw4mOh?vHrv zGv$I&VRFHA{B_o}{)60xzIo`lzfhPx5T~@?IyGC~NI{l@k;peNNW*OoZO5aYWbnT8 z;KmzNs$oh=UKmO6s$wqA3Z0YO9wJ8K{Rwp#m4-A8spO%4(idYH%w?EcrHbSXo|563 z<3eU^$Y%wJo4!uD#_N5v53VzqevE+3-s5$jHNHvwQA}>sQcHH;1m8RQ3=wd1O4Qmpp zRw8{Lw<*jsI#%FzWyX|El)hiktA)qPX?RAiM+NfQi${33G}=piol(4wU-R zElhiG;b{F5*zPomVLXEi19>d3ZM-qit|9wbCwDT#R4Zz?O_w{{HG55IuqY+bkzRGB zC~G>BJJBOr|KRg}L7e}0{JzUXiF2w#3hmGDlr4zw`G?+9{0FzE-e&~}Y4ma>C?gyH z&Vjvu%mEY|DeNWYAc*)rUuQ6OHV?M3pp8hp(DmHBB7p?Z{8CMee`0fb6)1?kA9R{F zNl}HcF_B|X8vfAq$fJ~P$MbV((fu>{4B!G5bv>)PGRS_v>Af<@E(HX45qI@gG~LeLALhCAVd7aAmd&#zdmM|wKyzK+ClKk zK5OlyMitt2slMw#Pe(|y@fR5Q1;VhX_c^NNb&n?zUZFM8^0*S!{~<5 zoF*NR_u_Kaa6w68NdhjIgRI^9P>?Es#(6KuB8Sgqu%GwOD_3{wI)J7@y$NIX$W1E3`ZujoTsMugU9sSO1r`|Q8Da?B zhget$B5Up0C|#HW3*Z^mli!Y8$)NB9+;0O9KX*UkesyPRosYO)o-N+)UIicjTWQN) zo&Mhp8QX^5zgOCB-2WByz}sJlhAzM#n0>Pd-D@JTnDb)13WlOG&_lJft#10BU_f-| zMC@(bGz*z4!m0p&$hczrh&8OGn1hKZ_1-MuU}F&@Z^c63y4cAOnJl=Wjk`|rR?o!y zIxbX_+?Za7NftHa<21-NYg!|7R?rrU$UzX*q#?$D8mm~51BSwBX~-0$T-&0JbPWCs&ENw$CGITTbFz?^j6Wg z-8nJC;H=7reWwGcVx(>;lE7l72kbjo^TUra{ZZjiue*3p=t7&$ars3X$!p>@sH&6@ zX}TC0D9S*hs?9lxNPTf8 zvcZCw?v|r28VIc0XIO334#Is1$Gd19FV?;Z=WY^mc7)6MW}!Y&h)Z0+a3+$iebzC* z{H4b81q<~|T>0pc+fR-;fvOf?`&h?Y1E0~dnT48{H#MMNvHcmg71q6X6)FZu2X+i> zt4?DtH+krVJ;{kXV0%k1*j$H1#HB^o4bD;DHBIM@s@udyLf1aVs@;v@U^)AC?p6LQ ztSSJTRGNDI_KT{cArfb_i7ffHn!|*g`O9o>vdzHVKi@= z(5_%w=R49zE=iO({GOU8oCA~)-Z>|A@$I7_5IP+k{;bO*tH|9KJ<>)~s+>~vis<#- zrTi!3i{@2ve}p!wc}>i8^TrBziBAM$$#4lyi86_I)RsZd7`X4@ z#t;WyMU^xEtb9ocV|YmKDE!X)=f?x5=OS28Yuvq{ZZ8(}pbfVbPo^8>75TE?xOx6w1E{-I%% zR_TuMdVZ4*?tgfIadMAUTNE)=Yjxa_O247RJbk?rCQhm$aVY3XH*tTVbOGvXNfcu} zO*-{PvNQ*60Y#BZvG~wy?E9NL=N!DmWf9UwxRGHTH~qfyox_f*^s@a@gUotkYn!kb%_T`) zJ&Ox2tHfJAO*?cY&>=K+4br=W?|P7Q1wTiiA(vKSD7t^%k`}zmHAFk} z%EPLIFcd7vk@uv&{(cm_*bS+);p?O_$HSsG^t)g_r~%9o+Nuetlq<}Eb;?CuNMU$F zuBNTcPu>*_kQxg+h$fB@#G6bPsn0qrGI9~dGS;j}d+?j_xk5oDE1lb-94?jofE_uj z5u{S}#;rS-HTyb({BJ?E>m3JP{Ljk1gCS(%RY<|BTM`lY@>F)%DKfLiR3V6_n z87aTq+XJY3M}VdVdol~?#e>ZbVIz(ERHRZ^(8652=#_c@Ba+&6l*m;?O!wT;t2tn} ztgQ!CfLFRAggcL)ZIb>42;FkT&-BA^`9d)-Mh*_fL#&K_sh~abjxf`N$xs0>)hkBA zRDd4fTaq9@ynORH(w|L(K8Eg@pD4ez-!?%lE;ctOZTx}Av+1R^1WuOV7hVavivbwT zTq8mo?MEd68~R-t_eDcMJQ-`~C*}U+@YD0;qPliIW+~d-Q_Unn77x20Uy(4oZcbn2 zipNo~eNFv~*qAWikX&L-aU}J2QWM)D0)syPCj-}D?8)w>bShwjH$IgF9xLVA80xs?$F70X3mjHmX3YZ&v;!FNt7c%^hQ?t8m-Yw zA+6z-)>yFddJSS)Xu`-#67fi2mBwixGNup(5pBbh9B;A#6%q@l>@A_an9iE?xs_A+ z$pw!N$#ijvBec}jxtqd1o264iV)^`8B)~?O7P9qyM%AoUv+!P+TKSKF$fxN{^9E^v z`Q?e>H~6q%sp_=J4ocf|U7}Kb4iGnih1kAy3**>dH0k@~19tQ>l7_yci$_Z$3+xui&v10}DY!)r$Es}K;^)8dJzF?ZoX~JGydx_98JJ+`=bxf@C}gyd+*e$5Xr z5VxDQQ*!7zLv*!Kl)eBP7o2bTN8^}l?0A!EaPDF4!NqY0x4apko>@V54;>8`I0`%u zNml^W8nbod+MuDhx}f8PuT^cOl|XO~`R369@RoLbE>c$VE}1gRI+UKF^R2Gw&giV(!Bgc{XDOodmMl z7AnxE6-SyoFuQep-=c54dMgNlh(pv~G}05DkQ7_{l;30&@qG2qL&gsFG1aIny zVxle`2`pdR&la1qBl4ABqfN4ELM~L%nY@Le=T-JM3N3a}W5OalqSn{!|2OvDIx3Ft z-SF?P@}J^0 z(6ik5XF}~ewXPYJepSi5j#=rCLRP9qvrH}14YnW7`Q`7-Vyb@UGTmHMIjZ8>M%27Y zUj29U)-Z_PI`ZR`Vg923QofXtjq5KuP#Psb31mRiP^x6V_>P~M7Rdi>sjRJBxI=p( zWE9U2%$7S?eZiKxbpGN4tzDXBgCfJ83$G~KcW!AkpPIjcLVe(rx*`{d@j5UN`mx8G zM&Y(Rr{MEK3ZajuXzL8&d_$S2^!!t}`J30=S8n2dDwxbcVYpN{2C<@v8zEI%2m#S4 zlJ8#I7O6objR&}I1!wP*+gB3|8hCKI7k(092PTf5NdjW|C}IMYkSVT^-PR|TFm#VO zZ+c%uPE%P9@?x%*xT0oxs;KUue0F)orSX_|eD3P`rT+?IzHc)W)gAHnsp03#3<)(>j_U|4ufMwasCj}?u4HfG!*i=rudpi`R4A4`eID_4nUvY zb7H}#6ni|Cu9I@>lId;x9W0;zRWYnQ4OBgrxa6hnJ%EF+%_dURA<3-mHl?mx_F~t*+ig&wC*e3?rRrIv`}-vKadNsT*T(2u zhsKU!#~ID$cfb9NX#6x|Rsl3{+4^d?xeDIv_0(u~Wfrfbv;l2yPE?GHc0|WB1dY9e zm#U#vsc|3gY)5W!>;xiu1Pfr^Ox~1rYVLqh^t+k#0ERb9B2Tx1Mx>H2;Q=rz z8y91RZjLycRguy*_ZU|lzB2*!hpqIL4O?vNqRC=MC6Jg$+*b&6L3_wpy&Wn zqJd>}<2dni|0wSI;5gk|m2`1s=Z0h*1r7bse}UrOe*-aC{O1gJ8-(hWdB4VDHAe=oHEi&LWoaK)T+oEtmsP%KRvuyhbFd9a>8<9N$zC4sR^+V8S+;UD z9&`~#@L@*qwjGYHv7U)-s2V3|lwy2HWag6=J{*%>8dTpV6n~Hq_h87M%43EKPwe#d zv}2OuXyEVoK{c3$OoI@n;XI%WL1IwF31=++4*&2{*d5nq^&wJMNVxG_1h+~p!yGqg zmq9P>^9fGl3C_=l4|+#%yb?*BzJ4y$`i(EeVz2veECA09FJF}^ zB0(P`#1{f_o}BShtv--i8|vU)8usYZvEUj0q_? z?Ui!;Wqn-4I*!xXklO0T-TxaPY|$NUSm!##EZ=*9P46%VTJDygBQlaGMQCW|MIV91 zoFS6xzVuSHZylRM&YowVk(l1}!RKvym+6|&AQWehtHsSB)V7|WQ- z%6>lCMdsc*!cXPBRu$NB{JkGom^$rLmN1Z%jl=K!5jIe7+WH8}hA>dg|1GwviVmI8Fa#HG4>t-X7yIr_Bz0+?~|1gVa=W0G7ni^6nUj z2JO$2`P$WGZ~Z?vRpw;6vDh9FfYIj^LBeQ;=;7#J>+u1ZQ z_;P~plKm}g15B9BjEae6kay!R`f~T2AfK{I56;#2N8K*qOn0tgZ@?6MyF&eA8l-4xKOGLKF9P?ZM>qucC=_qc;#v z?}0x$0X2b}oq>ua1U9#STM+sxbMSc>mt_VkDTA0DUqVqIttE#N+whA!G?o&JqRjl< z4SC&lq=JeZKDYa77^%yMI6nWJafgaW+Ed)F_@z#Ii>KRCFJAW~UKgH1w!>(aMp4fF zl{;Q8=t~L38eB|MAl=#+RpOX@i^{VLhW&0ewU?MJy?ZMbgG4{KzMHDfbLYhri|;77XN%}C3k^Ryjz#&o`^D{oJGl{m}F#%)qF4N@MF@ytc{(M8B_9D9-A29=sg$_fu1;@4Z<5W|u_o1%p89g+R?)QP72L0MkRT6p@9SNgzz$zEM zw|!GIPo9~VI?{)Jd$WE$K?S58EHsOfl8K(vf7uS_5a?>wG9lLhg?ky!I0zrI+J2rq zG>$9)ZdDF~GWVk#-tl+8!rWdz<{o;Es^hN7LyV!ZhPc@~b`V3pucwGb|8UTZ?><+L zir8JejG)98QA#rnoDilb<~2`>u$?5VSPdgPbQpW$h|~qp@#lR=Nk!I6U6%b(@TG`i zAtEZXx+$VB%hQ$FT)yuC6IEu*+07n7Me58>F&dwb9b#(8+xITz^1)0rIcH~zPS7Xx z%s917uw#T`?7_UisO?RriJ`AQPvv5sjvhkYBC+7u!oG5qB0w!8^amDBs#S zYxdBI&ZD2r4sDpWp9gzxW)nwtM-}C(Zt1hA9#F-JQ{o43+|$0O2VDk{ZixMd!7k* z3(5%>55yNSCR+*4C_zn_#_80F2Qg!5JeW2{OJbU9mL8z|VXLrl)v0RxKYnG*i$vcTOMJ_s>;NC@Cuf)pX%b|`Z^Kpk6 zI0h8qSJzP^CbfGMdChnkjw{xV5B+}2KOgVCDwxaZZ!~hgKj$=oyM|SJX;Q9mG+{P7 zR?s7l!2XE)Jrk-Q8dr$-CWD{gvmFzDq805`56tWSj%iabR2LEF;KL#YN*A#Q1a`Ah zH(UkBRU>jpAApF-4pKEKgZZK!Fhvx-!FV%{q&Zyvg?stvFrabYpUQoX`pyaWNSiA_ z)a6SgmR`UMR9Lb97nf3N#=q|Us{?4CJB=xB{8YX#>H}h7WR8zfOqE z3+^P{33g4sAK@wq+?X<=Y2(Hks^GIkmNo~lh_W5C#zCM(M`1MPt{q0ht72W^9`ivk z+&0Y3Ilu(~l2>WOd&vUu`K%f@sR!A?TDD#mq~t%ei}S?6@BLYXCLK*3d0gyaZ^C@I zN`qjg4eJYGN0i(AY*~_&Am^Xi6Q6EVMu|34>a$9&%b@#;ifk<#bG0~*44zM@T|uUo zMD?_dLz;*MmS4X$79u#xNjX#ONz3(y4I*PCmB)GozYvCzq$)@?Wt8TDyfRrvB@H0f zw!c?WQBUGWV!f&c@EqZw)XZV#9uYR3ljY$sv{t>{Qk1wkD0jx}nFfa{O4MrAsAaWPX1HY-PH4}K_`|$K zZ&l(?fATz$mOuTx)2gq~bhHf9{7; z5xg4=(@&54rDUQ}NE2m^ghbfnWH_0kKj#Q?s6VBMUd^PmxM6|BZqDa(6Ty4jNBy3V<=JfeHQ(=p*zvLYv;!EuRq*;0Md04Ha^Ib8t6Da zp<_&RmSYcRvq=cCR`7C1*nrdQQON2S!Z!3b1q{{N@#AD7+L}MGd;=%E|DxA@hvGzc z*3o5so|MziQwfM;TH|m1>q!b7*o4z%2_w@!*8|M+{g_?8MN$gp!7a8tyOxE^6#b7> zDg+&k*=$jzCD+tS*?B!R&$$JOhMZ;#nXHMe2hw9?2pPWGya{n@ zYSoy=iVRG;w5|Lrl`%cmnc+OH%=;eSvw;htZKriu3*=z z%7>1?eMh}irAj(3I>aa_ds`k4QQ&#;?^Hq8JdabLkE5of9`X*H`%4|Rae9P!^fYl| zWt5hyr}nGcUGsF-a%=@gGBIw)nY|bHUK%;&??O#$256P>0-?*l2~Q*FxI!gT_1+2l z@*JZMY{hOH-ca2u!?Q;zDXU_dOvfgb?hg9kx5i@yWoVXuQTBlB{FuzwlaHHp2~v?C zpr3UggZ|5f@>wO7FagQ8tSj1HurqE;NH7Qn8%^;=lasH@o#Qrbk7%UT*@$16&&+b8?bbvUa*vk|;tqi`uQ- z>9*ubIs9*C0k-m?vGYnTt<7iLEfKIlz24u@aZK5c(KhAWW;}R|Q+vcE8j5`eVIc*u zCpdbWi*5V@BC^N}q#C+=4O?p*T^X51FfOl^Z?=9-7Yw<+Y*o0O;9UrHaEk5{cuT%& z+493`oQR}-F5CI%%E9e~*TGLhNaHI{ghT77YGtRI0wKfJD1_Uhw| z?BNjevGUdM$K6Mth`z7Vj3I!GQ;0b5k?T)wC$QF+wA4VI+9B>S_i%vYJ4ZCRK%|+H zCw$CnbhUI89d#3$1zojrZ1T;fG%{gl!7?qa=v>kiMhcOyBciTWoQJmwRr^U9_^r3Gkbh_Q%eE0X!l}>!}OT{AjoeW z2!CEa9cdN~5&*GM3XgAL54+BxM>j@#9{HL!8G{{Y7tICSN?+|_``Wa#d~dI4T98T| zHmwR3%_wDu%N>suxKXB-m}9jJ%y2WN^R^|j=sFb&c9)hvx2ZSvCUrdz=oo%$hqV|B zpeYn=!f31>k?k^J1MYDo1+DTg$6CW7FAW^8l1H0RKj;E832U}q`C4d`6IeP8<6bzXBu->(qvzJpg%7g^w_t>mj*juVz zgb|+)4&~lDG$HsX-3}#Ow|o)$L^G%xMvoS?tnR0;yv4RzrdtIOA8do-Bl>(-?26Jv z)K9wi^Wql5I?fjfzb-NO)|@K@+bk8Xib%qCeR8=YaG|*vq#xb^t~k{p^1~9hueL6F zZ`VRdYg^90&YCPs@0?Ij7rdR8O{^U$Rz#ulWwQInViIM^2?{c`AWXpopMy z(3#yh-}9l1Cz5gh2$Q7wtTkyd=XNrflf2w?6S_&_(~g>Y_DY!?b?qGipnUi}oYawP z355a^Gi<32k9nmd@SJC*K4+AXBV$PSwQ!hn-LLk(i&<7uArA{@nWz$=gu5r~3Ak>{ z%SkjR?o{-EVC*`CM}1sfhP9Mcc*tsek>@NM1n4;4{ zEFLZ06Jy4m0bKQMZ?Z(~L)noZsDF055q#fyZ(}T09!#vQ_oN|f{C<{~9(5qb>)8Ar zw>$Bjf0Zw3YeFS`K#%!LHs;7X(YMIrn0ZGw7OFwK>X7mFylIv9nO=_MPg>d^LW| zQ;O!09A%!UO_=|)D2TMF)+Wr?3bA(&3#^@%83%d1;Cp7FL+#=v1o(H1j;A0l3b4b! zC7Q8~UBxFUkdL6hija3QZ5KbY6oL5V>GvO95McW9W*eUS5(|}}THf5Pyr3_DRrDvw zqBxv~9~0U{Ex+V578Fx!PktpwyP~>p{gjPLY%~xhO5$t)DXc?QK?zl&RpMJX%8z!n z{t*#VWkD*+=lI$w^+dT{V|o*rdgleXRt*t(O%3%*TUyra)}fX$GjF$If8M=uG$k!d z*Y1NyxsU9gg8dSj5qrR#S@bsM)~Xa+sRbCAS~T*w-3x_r808y~2q zn`cNaqb|96A`hSu}!Eq5o=Dz;P->N)a8VvU|dRM=062X`nnhzFyA<=bpLcE#C zt+cwmzVs?`t2_5t@TH0s&m~s6R_`UfHiXQWEFju|AIAtaiCuJLhaMI&W!iuhQIC3Xyba|`8<&t&fIlr3|;fv0vbh|Ow9A3&|NzWz^a;+BLrT(sqpA`OY0e-(!L{3wAanh+rwmx(mCS&~ zEaEb>l_;ZW1BGt$5-`BWTSKSf-xt4~d?BwUJh7jk^=(zQaZ z8%eUq8YmPIXe0=E<6IExlz{ z=iOiP-`HY7e#CBE$=%(7Enw~V&Lte;!i$2QcB%yAaL0s#s&o9nctrNO8SRe}K%(wP zyPNiM5Eb936h>!h<+1$X=nG%$f_Omva436^TmZ-JBWQ4M?*;+8H%rA;S($JD*yG!7 z5rO4tn0;RyV%&6b8y{U2pfiGT3-=|XEByWg&UB}>03%Dc*CWAc^rf4-nFJTzGN zlYM6BzHm$v0gbH{O8L6%x2~zxRqN#_PUMThk7~v|lznc}+y-^q(ah`kymz!bY5he!M?|&0KMJ!(y`sfiDq+M?*zYOY>t6 z%X&hht+>tJw28w4!WDDJXEYJ z`is83oXz%7&Za>uq|1Wjs3h8o_Um^RBa@BM6E1LS3fVN0MrYl1D&hiwQKm_l7X%n@Y$Pek4>-|1g~?qjt#+=lE41g^Ius22x*9<;J`hGa z<6a_44wgoP@Rr<&^{7X&NPkG6qoe*I=C69?(c?)QUX{BL$j26*C$7kG%w1T7f%KRv z6I`ws9Fe3oc6yNV=j=!nn6<5?x9xUdFU4jruj6YeTgn?_&Jal{=>Hf9}msD5jp z?5>JX&X?CG#3@6?4NsN#0Pwb6+8u$n$}P#&*~_RSgC{S+VzvuY7yd1^i`_?uagfM8 z=6lUmN7JJTl}j(NT~4>2TFu8d?$YS+)(dc^QyHuRBS~f>bvk{NzfayS~#0tx{XTPU_G$%oBRNY3%N% z6SUO4XK(C}E|stTD;Jnu;N9J`9gMbevi>*oUTZ)oerE z4h7z}{ONH`@{j!Ul6rDMo-Cn+tVWIhB-=ros4Rqw$T>o#@D~f;vQ-DQW>-jI30Xc* z>Jak77pW$mLPPdtHHtgR?p;!n9Lg}(Z@C}A8AnBC828taca&MSi+`Ya?}kza>sDP! z(Y}=UXA*8WwAo_F%dD>f{i|_tkzb;_Lm5`A2ksV*iTq2Y*_q}Fy-#2wp^sFkp}xvV zPMf<U;!zWIq=$D8S zWs`(1k|04tZ_J&^4rR)+8m<MKSGMB8PXB%*j z0#K+wUMTl0Y-E2pd};>fdRQ|GURCa2Q?ywFV(6>lf;1&cOQa)UA?)?`KB}WV z0$2HhWC>1pjYhoQF{g>ESMDUpvnAgfRxN1&@N&T6TAQbqSPSEFGv11FSWXwee2#uY z0BG1#cALWteypSJ<=YqI_>%zkZqo##*RAx%Szeop$AG`MdoaGlB|fzSESwzja!6r59;Ki@1BM4qjOpW`l7t|?vVC!O={JF$+ju-=TEr*J*}#`G z089|}O-14G(CsiuZ^&bsz}sMvy&LvcI-ljGJ;FqMZ}O{{YA0GvE!)dsrOtSXnM#!w z9T&Lyu2hqq52_@Vh1Q_n+^ki6F)}w1+8O#|w7vXL%-Lze_*k&%_sZNmYkZs*eke zWz?jp?tfoOJQhYiF3W(@+AxTE!WiV=6tnGMq@kvM1o_B!$yEEm9Uoclj*ncF8|$y@ zDChOqYT%05srRamM@3km4y{sfCBxp zh@&idVlTiwQP8oSIotM3SsX7@83H;raTaCb17Fsuuqe3Yi9G`jnopj)itMu>_JPem z(oJ1(`1XWU(ovG+A6P8jEC_wd!M_=0IL{Y%@V7fUQQ)8}o<<%Vet&6pnDpEX)ZOu4 z$aJ6|G^1m4G(D<5@WitH_N1Ifs^_(=MEV|V;!?TejC3Eq>uzY2V+h7s-u1**-YV7M z^(S6pa{ey9gi=DU7SGmV`Cub2K1p!>fQ>+AJGe5UBuAPbp6zn;4qR%VD0@pJ*GZAo z_9N1t+mUZRDBByos)n}HhSipZ1Es@2#w9>7#q;E})9mu8rL|RHl=XyG3Q(=p9W!MZ zVguGr*e!)i{HdF;_buODSvmLWTDJ!N89MHw zTPigRaoZtEyX<&qSP{f@&a8yEA9K0%ko4rMat3GpsoJuOsZO{&DPqF1z6C(~_<8bj zw>Z&@2bVmuyl*rJJ>y0X*4*VClN^`fdjc&$zzm{A8& z>N@@3KW-=tpxe&RO!~PUH#0rj7&kL9Pln+4PU}zn3`GOD)Lb*i6%r8zyhQi7}R<)&$1dvi{%DJlrF&mE>r2{NkU=679%lyI~ZPtaaYmee{oAhht?nf_F5>KMDMPfCjOR-owELBKDBE*`jbo% z_fDowIOKSd=IVf(Y6_d)wP{+5tZ;WJI}JcCkzM%&eN!QJTXuda*$E&UuC$M>iymPq zQLhZBbEB~=iPPrU=XXh2GiWNmIj4DPME;_opv3vzX#8r$j5gzIVL*td9#}s@4@(^< zV2Xp&^5l>8-5IbyUQjd~-?^`m?;pyC#rXmW2M``!>&1j&c80G!%@D>&nkAR8_H z`OW9kUkF+R{3&i{I4O`vRM(Ge4)J9SNAAV^u6f1HcT{YN$6ULP@A<{*V?!XG1=oQ5 zhAkH&?hv@+h?EH~`rF{(wC8;da(RfKvXE`{P4n4wlbpH^Is~qc4_#IiEQKbYPq>7c zA_@RLTr_<0@Lko@z%hrGcb3nBLm?H_(i3IbM_RM3p>>b0$Zg6wnFT@*lwFVmzbi&e zk>Q8|B>Tz1R5uOeC!V1GJQZ-(>ZeC4;<1g9DeBQCc1~d-{*Heg^04Mjx#mw9X0F0ALa_^Zd|044 zbSX4=j=V*wyO*m7<@Dz$Ew>x&m&Z}u*<60H*4q{-UCIX>QBmFl1joyckATm66(oQ) z1b7I89zF3Dw5KdT;i2JxuV7V9n<^mIhoLp+fWa|P@e8@@ZHV`wyb)_FMDD0edI;7wld04io=3>|KxNZ`ixWKVa`| zf5YC@|3Qxbf3z_I%Eexle6_NoV5~19mE&rYuV#cSKBio1Cch{~Vds=q{1~GyQzXKk z^PmW?w3Hp~tkLiWKsR(c=n0(Rrylgp{G%HLooj<_lX0A_}@e;ic!SR5Gh37A> zb|S0agQui^dek&}*@jR(MUbkU*F(k^!GbUHdP7b_;~TbC_G9bwIFoE4V;(T7!|aSy zr5WSAfIR8w?}n|$iI9;d)5My+#?9~@?;CBoJyNN)7ssU>Cb@Vlw79% zZq~f&t;xQB{)>l=5{O^B8RzF0MtpPXXW<{|16@lm@-quXLG*a8Iy3e^?k*AN|M^d2McbH@>D_;2jqTyFtj%GMbI!5i zE6k?e!YaSSBwPuSqd|MFtqX#aScsA58Na%a;v4xI(MR9jmg!Z?qc>2>yeEs0Md z1X2AOQtxH*{)D-c zVrU+%tckk8Irsg(zqGDJ;QCU%AanuBPBrRkOjz9Uw*E(CvIDur)6rQ4u7l&3GUvy~ z3);djYvey*{_&fEEPUC#oOqFOqKs@BxW%XU?+95S-8e#DP3VDQJ@ANm-^iw&rcxd$ z@GlZhRoq|sYrPjV?je2P2XHn&Nq&h8!>p7_lHvJq&0m*)&{4VXO>xwL+QKx^9MRbH ztvBEc71vVCl%01ttopAP9;l`kWTo}>Q=t~G?>em?jnn&Hz&+*IjC zmATh`tbr;%AAi9SFN>-eJoYf>O>n}aOJjO5Ws_{fuYA>6Dk}a8QE{H z|3G?Rd?>Z?W}xXDI9VOx{7@dSTk!|)^hKWa#MjXRWf~o0B&vC9P7~`43(RwlHXXD3 ze0va4aqqS33}jIywX0m8d5oUIrEcKJLl7?{o3Wn6HiGN!^@~iFqID{cOcXbN zhvxw<%aE4PI-+ByCpLkcW9xtOkXTPYe~K9Q!Dyr02etSqa;R)9C1wnTV0q%hE5z;$ z(r6H%DY*XzQIA&Muwq(wyCK1IA?DJtIwBSaH#KA#++ObF^_YGlWK=k@b@_?JSG~PF z$2$`HL;7Tw(a&uPs#jM5(%BlMQ@vB#D?9H1%G^6)b6Rv~4JjzPs_dY@cC%rq-4+L$ z@q21S@kCZl7f&XFaHx$ur~5BxJ}OZr^k?Gqn5f`wyh;U-ZA+R_h8AKS2HX@vv2_C% zaABa>LS=jk`RX=qu{V61dnjC2Ib(vDfl8e$p}j7$F1?7iy@{LM6lb;R;+Ku+e{F#U`j>H9%^ z^fPB7B_Rh@yY^49lLGBJW_7HF{i{aQfQ*R})o8K6u+3Df_{BoZ)z4RI5;HfYayY1M zAbUEr%CP_HV)x|0(w8D=p`Yx0aKce0)t$#}CvJ2%#m9IRYK!Hz^Rok!+fVQ%Q_G=g z4?L_VsdY*`*Hg>ZF4~d%9W&MwWHz=^J60m+avMgb+}wkl$V)=rHK|=`7myI699P3K za*9jS{|W3{w`y3hF;9-r7|Hd|#Ufy=;7HGQimV$d8Y?wguWsp^Hiie5Kab+Ge6(9~ zz+!dZvXobUP~qyD@S0Y72>mNv>oWn7>W(KiZ(<=bt+MoY_Yu_zaC58N!eNmqET=K4 zMdOFMeWWFass8G_zS?w&n2~P2j%92_exy~30+vtmrWuHLcH1E9+PU}We*@K}M9U6; z#}$co`Zuq6n9^+N4~Tb$5?RNYaz&D`{LO0yfxKwLM?ETQmp!&7T#+d(|Kda6QF%}B zr9imIJ8T!#f2Tg*wE|ivBY}5FgRwG-)2#*ExE#E>7;Izv0C+Zc_L)KyIDo!(uMYrWN|c$?`B4uZ zvu)|nyQuP)YI`l*>kbDm3}y2OT}t&iQU$@ZMDb)13c);|c4ALE?6|1x7;bEz*)&2s z;jT6&qpxPjExKnfAmW)l2+doGWzw?BgOpoOL}+FCzsq|ghpxjBro+}AuaZ){X;l80 zjNSaDkE!DTl97%GAMeS&GlEg@4its72g{YQG%oks^LX_$;I$U2<{8geq*@qyD{MV0 z1Uu+4&rkHCPTM+_pvl$hpE^bCzk2nF%F_P(`G&1VTW#c8z4%A>B6*3tiSr5_=i~!7 zHM8OpG?c)uVEMuKwq9S(q~h4O6r^I`;g0{n?|SQ>$DCip!J89QZ~ae6pWvC4@*ai% z2b%55o@Lztesw?U7D3H22aZ=3uV92sQ5fr87( z*(0-*Rr(>^1ALteqV(y!fzh{Pjq9L`5uHvUH=WJqywIyq(!NT@|%H{yRv3mX+=%^?n7JY~o!Q)TAH} zGRQ-GN-CAeYR&y^*Vg>yOU=Y;^SeBhFaRNAFZ4TKO=etiGgMJ)2N)gFTK25|ZawJ;lUyzP z5%B%+L=6;ZLS6iY)RxpAaw!C%t>lyBAY@q-sTJJb5r)b~C^8ZJg#0Q{7AVwDGhrw} zs46)4Pj-oP%u<1AH4sLPVaUE~J)p~W=*gS+PUO#&sn4bPA6c3$`MI)cxwjF4s3nz zajZVg*yKO%&?XORn?ga)LGJF)1CaX4VT0co4g z02r)rsP~oEx&Di)y6ir8+>s`RbOsM8T_j4w3fD#m_bl39KFMZ^Ne>>8XY`m0>CW3q zAJD3}bol{!-cg(XZJS`zuH}tAv;~Q*DThxuX1TV<3Gi4S6A7J6D)Fq$X1!&?*!^mJ323Q_ZV(nApM5!!ZQJllcZBHaQJpzCxQ8Y6(6j@3y z5d1iLf05~}SS%GKXC!_McOrzSy!b76y~k$|BLL8w0wVpECNg6T6HXwT(9giWWGI9D zXRhScN`?$6UW$Q4asAo&D53R_^5T9pyQ9Y-1M=u^X5{}N1M+_y5xR~@5?Vtv ziO;cp#BFJFTY$&5*SK!!&okqgnyHZQ!_8zVdfrcz*pRE4u;+E?1R1VYZDDvisH-eM zFfJjrq?VCw9HgwliGLQsC8n>Hly{gEs-NJlK%}*h((1SeLCxWCChRM}4is z^~zG8oGQPR9*flDati9_>wTZj+L?0o`^}K1vB};D9R=;^R_Sk5p~2>%pQWwL z62n8eUEXeHY+hw-p70nd^3?{8I z16tU6%!WpI-;wCCTMA(iN@KXDE7BszqPHd*6JEVkQlkQ-bqe>R) zlGC6PbTC%zC)yxb={Yw%k5h+fiB$(XA0`bon81r2|tWKfR+$Gea$mz zepCr@y!R@p&1B5Z;q5P@q3=S z(kKq2J)S;D1hRNGP#834qDmp7gaY}Y8PE^HL(W9{tV=CI6q_Q^n&))8_@@sG-uGS) zT&tty@;}IaU7S%9x5J|~gH8TWSYS!I6kY%ut4RG_qYc;E!PIryc}PU1||O5X)fG|FVZ3D8pFk*7_w@vnPMcK@eDafglt zw~VvZix%Lo&d}eco?gA@2Qe=FM%oA2!c_X{=s#)XLl^X!#4t>*>G|vP`+`PNhmsAJ zOH5L+G}0);Zvtum!^UG6V(M$iXWj^`0CO706M=^`UwqK)`OI%Ez(13Q;7*(X9Q1$< zoA5cj`DczvwBX_wo&o(n!88Kx$C&S-Iy4LYB~AVr*L9>-G4u~4%onICproFnx%~y} zj~5U!B*naU59hwzD@hH~(vORCEpkd;vvl=a$L#BF*b7S`IwX&)>1quBuws-*l;nQ< z8G_zCAz>NNkW<<;?z#!Zpmu*dI!beT{$(All;+*`UUw7q;L&peXWvyGu!{$-EN?eS zA#llZ0O?`A8B66nZQ|m5e*ArX!00-X@^C zrsU_$)KS7u_t#+TK|74Q%GjOn^xy%sy$f%vH*Bn)4~wG+K1l>Nd*FU>Sk;U}XNBmy zvv6vW&=d^&7eR;{`J3|bE72*5Bs?l91qBM09%bYiVZ?3C&#mWgUw!wcj2$$8bK7-T?~j`5AI=nAD_w^rtizB^lxLr{ZI&lT8XMXxr~K~eJ4j69dpAl| zY})Cfkozxs)b2!?sY1h8E9qUMw6a?z9+wP2S>~F~gyKqcuyuxn{f=R09xNm9kun`N z=yeB84e6ic2_#U1KOp3vG?^pQXl|B^Amh6KX zLd|cF7;Gjw%02L^ucoqkE2owTGYmT)IQCEZ`hmoeEkwi^81> zYw6`JP_~_>*cR5fZ1ua+uoWm^?mJ3??xogfG)edpaPA&tXFzKgT=Vpy^WI)tZRi$C zux=gqjZfd4*X4C9jRR_uxA51+REk&XuZchv^9SYX2mW-Msvf%k&mG}wH z4$Jc$080poj+Bw945+GFe;A*u{~-KZJg=whTm17K?o7{nQOjO`c)1wzcND)6d^xm! zRR5G!!GSL3X^3)AFRGlbH=*@IR$ua0T(A4b(_hoSUY>aBEUA{V@QPd#3x<|}o%rpP zX&giCl0RHO{$svif=qmSf#h1?7mnr#{y-uLTsl$)i|zmAoBqY&qXE??efGn4flk}- z+|6q#;KqC`x9hk@VXCjHr=|YYPYNM1$21O@{W^O603oSPX(ha~X2^{Ax;=QYnWxLZ z;;6&;r(Hrj2}B?FZN&PASfiOjN=6|6eROOoqy#rp3VjT5vtl`tvbb2^MS76JWx!UV zU6wdSX2f|mmszuZ*!fZ1*uVD|M_zN|dNh63{F}(B`T7k_Z^)zH=+()?^Kh_ZwKBYATX;wOHe$MD6!S?&=ruV!UGQJllxa z*+*YQ>H4>o4DPLq5%@1aXOyW1S{8#0uZ39WG(bM&K&6EWjBd;a@Rxc4z6GN7v5~Ix zpQ>lIaLF>@es0JhhyEnT4y&N)?WMO$Y=tcY_?BrP+j1G)>}rDmGFnaa^dxl>RX+m<>POL#%+HkhEm9C9fbFZ+cR6X-t$6g<~CVsTQ>=~ze%5$ zX`*L>^zW_VkUi~wpF#<%PqTo2%=|#Lbk|4m2=+E~pWEG+-P8vCEX=g*h3DtB$AP$s ztJA+?jXMdV3G$%4Nvl1CVyifNjgNX(+H4aj+sIV=pudcUp<n2{z1>$r-J~K4 z=QL*iPfT%Az5(xmA!Pck$28~Lu-+5pENJ%#gPA4K}#cVvFsMyzO9|uV6`H2VmoR}>JVW++Vl^YL($VDeNyRV@DX+ra z_&P>Ds{5Fcz!*s9lD<3OuWpR$Q?(3@N@LtHZ|wSp-?I;o&Lh4PJT7ccM&7S40$%cd z?j6eOJrsTn__w>XpP*~Ly3lzv-P8REg|VN3$Ec`fig2&;@xdQgrop(TUH^@}_YR6G z>h=Xy6jTI61O!Ax6hxv(kk}%ULlaaaHaQ2$nN|^yoO5V$kR;IL&>|Tm=h#S24Kz*Y zh7Pas`|iD8&AeMRZ)U1yUfuf-RrKCxpR?Cq=j^?HYpvgUkGPhijce^OM%FwWSWlJH z$(o^s%0@^QyaUzue+lZU^>r@|njnB8K_95ZZc27&AA)Q;l={C@3nd<(YNmoc>>A$* zW0!oK2`%6R$unk8R`=e^|aac`)1ffPaRLZs)T41gJzAO1<8WW9( zS{#;xP!?N1n4?sMr;NtPlQZ~PF4c`n+AM_(!ALYswywWQTFaZi*;U1w#S&K|{gu%f zJLwq`T%0-g>#uC$0d5A&AN5yIDBxCPzP4ufRo9da zxCEi~#}tc)!yNluoqfW)lEIBHr7SOqw_QE+@viHMlz)&^k?B!xH`n^E!t}JS*wL>^ z|Hrz3j%SsBLRi_|&A^%Yo++lS?JwOce9J4kYAzpSb$y=EyG3r|Q_ir{ny(pkgDb0H z4{T*pM{4iGMOE;}y)+dv`R#qZEULX{C|L&mr~6?2T+iN-~IC=)6}ns@en1SVj?I1C-fc( zaY}?z82!oFi=CmfJM0E3Jz~#6d6-~$&%ImS8CAkSx&Tl2uCN?>OaG#1WB#e%uKh^8 z!o7N)zE2grq*rC$bG+?Y1%+@Xk&;MN6V;BCe#t(TVmrU#uJIS?i^gyLc#)+S|2Qif zXd9dJgQgk$o-nE+Uk8TQ?*fQd5$@l{S*G!taO>6n-tk%Kim38Lnsh$>*dr#I^;%AU zlAv6JN0iOxi%^I-;xhDG_5>Qvhdg@!1heq6oK17Arn?NqnJ%K)VNUw{OiBG-8BH$E z$*oOiM_L{7@(O>XK7_k=S9-3R})JglgBT{AW@rO@K)KTd1rMx5xE`@Km-6(z{vaP*fh z5eRz==H~xK47O`Ti51hdt+3m`L8r(=nHJmnkEVi7sz?*_u zino60%B<^{Di6fTQVUOPogvf%t=Rt#vp|@EfZ5fO6--a>mDpQXKR4aPqK4{@x*k{M zXFrp-XO6V`jvs=6lhceKXY_N29|k-iaJt#3P??smR2hteZEs7>Y4Z@ML`cj-5m zBb~|zQW9khQ4rLhqM59m2Tu0j)X$Oe<9JI&q}#JknxOj>1uY(gqRvUaxW=I7#9!2Ex|W5JDuR*=ZOK z3x8Rd3g@DD(X54Xx;nZrrCG2|CHwaA>8C-k$f7Hk-yV8sR8?d#tJ|YziS?+K**y=3 z-!Nhn@}`yAcAmF%S_r6@?4h`wnY^^ZSEy@EHTnomW!UBJa&;kC=p>{|VODwc{5jJv zx(wDop{szl_mG#Kik+R>D^u916Oq#+7zjv$otYr{bWiRugJv4@12}RZu7}rIcf% zf~#s$fDL6dpLNO}qHNBUZ*a;Yz;4*$703JU^1$OrZTS!}yt7u(2Fn&z>@^(|U>lDq z>OVJk1rQIyHtG8ptYxLxq@~dsw0Pvz?J8>437R!Wv4_ zYr5wyzTIQ9L;HYjILt> zQYnuV+{`z~S}P}hYG7jckMhMUFsf?;cH_u8NzaoXcTH`wq2$o{%%fSn1Z`|>(huAW z4a3T@(S5N&c7bMZDqYlmv1bUXA_T}4!rDI{OVHqoT-NKs2}aIM{1K3zoRyvfmFhVF zz3su7p*f!)y0nu_vTl&vOh*ysU4}*~{4wNW2&Td@`2HCa%Z^lQ@yl5&A4D|={uj@Qjwdh{=8WxR$A!dJT ze&vpL4@qq5+Au9s94^RJAAKJMZbBaYxNHAiefFBJgKA5;4L*OS=Fa$_@tEda&Ukjz z8Uy$YO~c?llh8hMSxC}OLqNXbqssoDH~G7hVN&}kMNe=_q!I}SA&)-LHB57T)ipO? zf1vhb+F+$H%w<5akKU3`m&f2Bg#ANeDq(#1AvaHRtzCY4=eTIQLJh7nG3d?234OJR zDrp0?>JRQ3LiS4Mu7ZUMaI!$_dex7X6WH`9!GTc4@0j4QWd*yS; zw~@aV!Q}B25aaYRcNTAR9tZ!`ea$p(`f9(xIbI|aazZ_5yyAH$w^T)0S;!3=#X}+L zZ+`+~7yN^@-IL)g&pkWM)(*NQa)J}MMx>C_J zcs@{l9ox+(5;2ZE%%Sm)vd30GB z-K4q_5r~k&7m;`TAQ)bidVW38{A2?rh%-8>cY6N;A=Damluo-^zYehIOeJ?_)3paD z#?2Cj%}sV*k$VY+1AJAxv|YAd^QhjOtt8)B?;@Kb|03(9VTQas)!fMYO)k!j%7y*+ zW!g2_nEb9fiM(B#$j~=WM8Y1dt0a>=>kE6NJOEqEUI#G+)W+mw=Nmanw8W1 zv}*js(yIso{9kHmzJdT|_C?$Nb~-G_S8Npk%)=8naW?6U=9HqK5n|Jl{Wc{Yb21Ukb(tY ztA^u|O58bHUo{56eL?2=wE%m@S%th71$eCNwZcte;Y|^^r(}l5pvPtxQ+Z+UkV*kD z0QH-c>##KRPY~0{fidc^5V)#XK@aPRQBDi#THw#q`+V(r_twA5=`PdT6^3$^CUA3iKj zY<}F+a9K%|7JQ-p0t`K>GEGUPZ?<$T#t095R*f4E50$sT7}Ld5B+b1j+zv?485si| zixeN_ZQ6ZZQeJg);Kh)HzQ`2BL~+hHTiK!Ect7gwR6beVQ8;T}JvH;A^N(7?Igq$) z3%6)l4PjsaSFtjoS**C3kg&Ap5XYn-PjiPOad5dqwc-Q*L?D_h@5u>m-{IBKCLzY|W7pctzd4rAQd~{k zg*Mt?Q^8)##PcLVyy6wXXLkfVBBYItEMHO#Z^EBxdmr{HLa#+1Gn8s2?p@V|*el%Y29;>vwHDx_3(_S8_g1olt zH>#9fep1YQCxmqXqghEas+JHEAPmp+V8`H!3d`@fr*I#x=?|+mLo>!z;ywt{{ zsu)0h$1G|66I0b6V(CEA>kigRjN#D_n*_<`qbWQz14RD&k^aAsQlh{UewTF>v5j<> z&F~k4S@JA?@m+S6*IFD9$6IGNriL@>a4Cr&yme+z5aJ_x7$+OQM17D4e)N2s%=ynXB`~VOPLv?o_RMZuwUW1Mp?b;+i%i)BYjtccvsJA=IUkU?Ei>FPGNkUHDWYv`b3aN$K&dy z8ESg=+#~i{Nmb=Z=F6`heFzp*ax|G6gPJW+Uow-|PY(Z&z9B};qfc8x?15vkZt|C+ znVpOU{-f{XFK!C|GLU;mVDG>5y*~NhH~qgOUd41FTRH>3;|bS3&cb1cLt}{WqMeI3 zZf7btn8o{>L(`g^H!)7fYC)v=Gc2u=u0LY)82h#BH95~~nc#u$I4S|8Q5>azMJ$Eb zjW$C+(+DY@&pbvD8istxNtec+<>f7ChOBy!6oYC#mqi^kuVn`!5R3KqCC(U-~jV&$WqP z?5HiY?rmhd)N}90=YQ!t^Nr!%zvyh&Ckngx*koADAG6zU`f`%=d@amV9+GC?PGus-S)twebQis7ewKE>pWE0tglFFN#p^~SX~ z{ABTtO`MuU`wR$ak4?3@KU?rziGc1_^^Z30I4Xqk)o?F3k5Ra8Ai(UH@~-f$p)n$F z_^bUz7e{ZLw_}#9Jg;1P5XF?RQAI>m;q#79Q?IwsB$BF{({Xg^ER(qQal81@Sdol! zqaumy5LIk%L8YgD058(USLILvUP{E@_>N^o3AvK4N5ohR-!FLFxE8Vgw+FJ0caPoc zY#DM2?>>C)old}=hbSKHRu64&wvNXt4=3u`$E+7v6>HBgQS1gr?B znu)!o>c4L7K#n^S1b&b}FOeKMrZjsVD&j?mpW_lxX07M$h`bds;Z4x(@NNtKe#3MQ zbeqw3I2Ah{sG`pe!yZD91o{tX7?g*b1wOO-sfcGnf9&O_UFI^=sWl{^-ho>1YjPU< zfQcP~H_mYiFw1OsxC3sD9PR%u5q_S$n{_`!T#)}bHN1{)wD@6t_SL{STCyh%G9)xk ztQj}IFe$0m8#t-Q68lio|96M~o#nuxmab3;@fTY_cQaYfx{O)1xJ~BU*Dge!kqyWI zap#JSD<`l6EylVLEg(QPS6esmJ;+oQUq@HgaI)j|+SFh7RHyewIcSo+$v@ZTKXj4&txN@o0_dB~Yp@j*j5}Wyb=pMOdGDBl&9RBg}6- zrB~3aZ%nu?9|x?hjG|lV4I>)s$z9X$+9KgQw-y&dJ2=W(eOXBNj_o+nYlpW zA)T~jgFDxL#^YkoPof9O+9;kpoiBg+w3nGN`5XDx+uQT%Uw$D%17hd1KZn#ut6ls5 zSBF%AF^Qn2GEW^vV_W-tdcjkK967l!PVL_49@3?84=3j4u^w;d&^gpYql z6_U-lHdN*V%PvsvRh#2$d<{ID%kL228p5%Sbmxb-*$>7gE5M5{E$WLrD7_`0_|_jV)@VQ;GY$Q6_#V|S=;hsG2JxC@V$nYghxJ$UR$%age1IoH^_=8 zd2dtKj&Ikjh46`8eI=!8TosMacv@FS1x>Q4p*^p|Mqh{VzD5nyeR6+1l%0{~_9x=rTD z0v11(cH&FopNMX7_|p?{=3hH7o`&yAX*=<6ZQz4@#xR{YyFe75b+Xf3dSUrvTr7g^ zxYu35w^DCGB0I~?rA5N&;apZ6Dd!$H5{WmD?6{k$^6Go@y~=a^&rP$v#FRN!?LZ)kRSkwh1{o?dr+1HV-3JM@LeF7{=$ z=jbx0cPym#=g!pXR-yF#@)NpaopX?9b|6|@gnaB5IiE_{M_7DFXs29cUQ8H|99L=m zqXMJg!Cc-v&dzG>Dj*hQ%<{xVZe^N>WQ^wQRq!LoWxNDSkw;Fo(z1;MVW{2l>`QI)N zf3C`XKL@f0*WlL3$7cz;BuWAu8oBiHyPr3PKhuTl{<|-5Gx;`I(B$nGdX`3HnKEPq zB-&+cKxAabGE~-ZtzpPoDx~B4q{7B&vDOu~P zSGk_8R-xS2qw1A;>o!d7`nQOkM5eVDUM8>V@5uD?Tar$3h%9!pi=f=}#`&Dg0IPCR zK#3mr-_bX&7wc^+yX84|RUTGljG3E!It3RvrwnPxvC#OfSY^K2~dFwI~gm;y7S4TvILbG1Mp67_mOPTBC6~n z@sEWRs_zv0TPUX)$u8S)$JoV(+$mFfrU4G+BQ8{_#9<{D6|`f#5e% zidgT4sBdOuKpu6tk+nS*@>sUmPtbL$9l@KGn@>(b#b^TmggWKMox$f`l? zoNtrF8VC&$2!WLPXcgT9fY-7Kafh+i$oxqpSh!|w?C)&znVNj~3wdPLwRH#tL}eLA z-^f~p(ub!f{dC!U6(+A5nXvnPHYbYu7-<2(53x7-EDcmayacVCs-3OUNZ_jG#J z2Q6Z;>hpv-tM`3N?ngn{`SQ``>Wx)R)!J?5z+BE{eVS-5%c0BkBp)rf`o7cTa++|w zeB*`R~F3!4Mq0j6$NEFW8l!Ru?K%I;1)!j9F=J3otzQJTTJrCBn$N0{w?=7EDu; z$+$aNKy3Py)Sp8@Z%aHiq$BnQCFesL7R?HkWNzreYl)CHKgW*i8RJG(wQS|?kzvrf zp7#skvNKkp^$&|ph->d$%&vDF`D^5^Q~8Y^qW*lc#g*-W2NQEjy>oK@LuC+x)wJdl zA^)NT=!?bvKj{W+7cm6s*=&&(sH-UST>S3Z_pvIVxii#zrt=0%9xabhb(te?a|5CU#4$>~@OsAVKb?*3U&b(I)M!^A%#)T6q=ml=3YFRtz@p~_5dM(95woth z87aP>wZm>Gf2i??0qdPz2=S7GOh<$KPbnB*M*&WrvWPtxTPxhCt_KLLa*`y@3%Cit ziY(;z!;&MfxqdOl|B;Ak``|w@h`OoxY`8bDSF2zoz86RgAFSam2KguOk)8`lvG}yv z?XPHKij>)DESx_k9)1nrw%K4j5(&{vlDPbH?g{)^bT7Fits-+3#@WU5+x(|QrfyU+ zFD!8*t$S2(t@kQ{Rs#MZQJ{(t@X`uUw)ORUbheoxQ81$}HK9cmX| z-19=WBQ<@m_e+=dtNQ<;`ZK>=09)1Wr?41|_Og1=%ghvXJ!#FT(&fQg!rN%gq1%h@ z#oe9)pZViO{jfYC#n`@lux)Ezv%~~{EGQq^aYxz7K-lTwIscowl%1F}b0*PRY}`t; zsh%&FC353WvOr3fX5CONZ8yldh`f#_fb#d=j-fm2PcrL3r2#HYDHdrwAOC%^Z`YvV zj<)SuD{Pk0iCLOqiX|HmqF|GI!cz&NYp_g$;XGy^M0EEF&swqB+wOY}`D}L30J(LI?ZHU*KejLe?zjS+ zpXS(@lDRsih&y)lI9%;~>_;(5jP#Hn0uY+j?0P5;H!}Sa3)C{cbBs!RyXZSa(*QnK zUgG(^zdMz7>g{6aFxy|zA7~SI&2A)Z&{>9AwXmj&bv5Pp7pt zKClUUGc&?>Y>u5|wF?ZJ_f1UOW{m6aQ+1=@h0op2oUh+V+p4N`mVx-)6rvotK&Is% zcz@vFvSYCmkVXqjXN&)uv!J=F`C)m+?CSZdoaBy}6RX~kL@}sVzMFldvwW_bGP2^l zP`@{>qcXXQaF*t`EKR*+;%6xW zX*%Sr!x)~H*si^Gn>^93fY~*x46xR)ja)=;fgZdy>_SdKdaNk*y*~6QFj?s*u%-B< zT5Phf%!ct_>bDcMk&7v-=U(0`U})^EKY4WPr+{8$s)iXCZ&-bkb&!KVdCPT@AHNfG zE$+^Q_CMNlNX*BOP9>4KQQ^kp8no+Ldf2WPxyaX=!)a=EEszGs$My)h!snVb&1G` z=!UNdofVxENJp!nvqx3UVh!!Cx0EnPV1z{hUSh9Go=ux#8H)>6olNwpql!9o)z2AY4g}O1^#syG6xW39(_BAbpg2iPY zE$+1ZhEd$Tl-*>E7&Lk%v*+g_{0CuridW|pe1afM!7x0kU+N-*UCc2F?wnRPzM4F&-sqqo>w4Xwcv(uUqmM17Y#$D?F(Ms z#7=q&>!jS?uwd7Exb%1SO~dlby75*;$eP~Hcu(R~Tg1Kn?~k7p7GK94xQ|`pQ4$=- z6K8vtpl=)d<6=Kn9Q!O~_OfWDqTtbL?(^No*_=1+wvO10o_z>Q6B*F#V8}#d&Q8n! z(aIJ0gxYNn?HeNpvvXj))`+{72iuuZm9*-pt2p6J;#G|T5 zfK-QEAG`ck)foj`uY=Xyo&23mXl6eKP*`Ku67w-=T0p8jusVQV2rtpYqP%EV{roIx zsE;e6;G%p3bLlL8`xw}Q=j6DnHMO*;SpnWY9#VdeUyirt;R^p_WjgY8oeZ+M=W&qJ zMPP)-F~$|wM-tqy6)OObKyLyY!%~;eG91 zP+cG04%yKs>l2^4jBd*scGcyFj%9ouNaATvURS    +nPMIgkU#tLPr}#PtyWZpxpOq=5zfx{0%RZYm;>;eO?6 z$Srg0%uSEoOS?wuR*j|R#fYK*>>@*i<9I07w%fGvO4mhPr-d14Lri^=Xa1*x z29s4;zTDsLM0bV%A0J!De~{*Oo;k4=7!B^rkQ9nrY_ERkqo!yHmaqVZg#mtue=To5 zd^YO=@f+n@M@$wsi^(Nk7|xTrwmiB%Wm6;HODd#oOKYE%LASp{555J?s`iE+G%^$L zV5wJn4z1U^lV!O+&b6$k+TIbj%m1bS{`xVxP%zMr%{1D`EXCy;R&?s}^uI~*Wr2yz z4TZ`C<#Lj>jGaqQzWf!}wKbRV@YjlL=VDWz4+q`;V@|}q{;Bmp=Gs8{>K_uMiyzW> zaq~&U?mws6^KWAl4-5a31(K2@aBzKtS=z*xBxw|_jx z>OWRM8gpNW7|7VuI_Q?w?85x%{;iv;Nj2P0A;j~A664HN17*BNIZ5}8q~8Cn~Pl7beki{Hl43RI)I zQGdY|YsZ7~KbJBd_x@WOl59)bX6GM){J(`(hI&_EN~Y-Zdua~OSkBgW8pZIPf}T?R zSd4i0^pZ?2i6w*8thn2~IBwbNvD^N%;V^k-KS6_^EWzE0aPR&y=(#Wj%+Q zgzvVc4eYoR5g1Znss2bQHvjJwpgaDwt1vw79RVLt7m=9uxz3kFP2oh1x$Chq^_MJ4 z_Hh)9og}3Mv*G$7NhRW{eZKMOS6M)~Vq#7$Adf7iY=gLY5CgY;0z4?lHXl3r-l$~< z{+$IgIQl^zQZ^ib2?*(t=>JYjs41PanlBj*7x2+ojvM(Tc;zs7-6!PH8R^+8BzTBnvMSsU3 z+Wf@eW{bMw4Zz^Hd6AoJvP1U=B87&LmQxGvxlE4D(g5M#aGnA^hsG2-Lo@1BVyuDR z{=Cap6&x2ygiV!*&=8+$>XGMct#tE%aDFyv%F+_W&yw3_;FI-2QA*KOBY&QWJMRlj zu}$ZDO1Z*5Wd+Y8Q-CM#>p@j$ywB~Q;Kq;38RJbJD)X#~&$&x9sd7&|d z*>E8s-eCmu|`D~(<36o%w!k8zal78nZ@HRiVOC3Yjf?LoJm!-H(<|3(;ind z7wIT!kqreih`4^J8q$aWp+IvW1lT*QOFr;c>WZqChsE4T?MqP-_6cM~B+&yrbv!1v z$3CDoKHkDn!)zZ$%#PH&aCS`KEphwBg_${N4y_@3uzi2;17h&S?07MB{$~G(O-Z?& zqwflnH8D*=I4#CU{WW57vKD&Nn&8ih1LA8zVIV3Y^TWFtD$)DGpw5bTMj@NGTzI!B zq{s(%mVSuQR$*?GSm=8_dm(RhOz>7M04@hU8-r}_g9$#1x3>rZXVz_h$VXEwGkSs7 z?Nj}}jH=B$b!R{q+~>Zx9#86xh)OtV@*-O7_4@97SHvbQouP^g@v1weO}xP2qmgU$ zhFS0%7()1d$jzn?E2o>!Smj4s4MSHzD7b^Yy|Rk$FCjt=uI1{ABLaN!=;QdQzQ68s zV$My{5#H4Qk&Jhm`;U*TlctHo;uiO6Zjs7-2kz5;*Li>E3&B?fN=gh2|JuW1d$N)L zIE;e1+BH={xgd@wDI)y!J5Hi2=^s!671dRV9wX1;&uyf^7q1A>{XWb}44O0q|IVKR zQAuKN;|`}_Im-T6(?&$?T>TK$G7%#QWeo>oyDzsm^_Ojm!!g1XOv1NX9`%2`^8DVd zE#I7gkW};I<#GVQi-3b-==5wjd488D^EP~)1cCjuWa=UKUCX1G0IK!=HL0`NDPVqv z$E+x1DfzS`E^gBUMqu_^LXOrE#qhFw%R(9fjtv#Vdj>>bzP_c-S(0>uT{-r7dUae~NNQAr zm?Tj}e6sRdI?IMj}#pVP~3 zyJ#xAR9yM{n+;wxt_GLn$6FU!m69^~2f@#&eKEH5g}ZSA-);Z!^xGXhNZ3w~$_Zth z_xOW!N@mY_JIww!fZy3IUGs!@ji(Uc^(}elZI*^<6X?;X^4M!Ox#8bBFSZ&(riu-m zeJ6D+M}!?0yVM?SeXJkO3;HeQI?N2=igwXFH8CGr(-vj+*{xKHu}5qa@{~7jD_!gb zyanU_XUp`kH-#DQsSl=e0VmJJHnXS%x*r)SKg>S}qzAo`_dmK`Cco2!~)3@U=W8kMoIEzyePaCCUuwoBaIe#eRbqu}D@zzdt z(BKO}dnMjWS2@=n(Y5G{H8ZpGcG zA86|RzX?tN#O(#iywg|1o$^Bh3=Gr(@6JIN-eJ%X7%}oF>b4tp%Z+tXDCdzQBHX=l z2d&o)PqM^j;IXc{<`W4G3M{EyJ-*%97x5iHZbx<&L zQ?pB$<@tvTRDp1)PcZgH?f_sm(sMLA7jE|o+zEYVk3v9c=*uO!CL!$nbCY0C<7r!q zhf$%0fJ&%Lalutfq1`)dXK%nxVM!M1f72<0@p0ZkH}{|HhP(ffW9e)CxRuZF7h*tw zH^nOE*=DPv#okI(#+*On&LJ0X zA?{=@ssDI{I@m9sQuK%|yoI!Ezq9<}1_;ozM|E zrUCaj6CplX>|Eyjm?Y1S!;(=~fe5QrmCeXa9WD1wzoD4OyH59P&i$`);W4j#X4l z#4=TVFvFf-1M9uX+>2h*>b|dhj>;penhXc|TD`wXu3^59)^x16_O2d6VX#u6Vm43o z90k0T-pD-nn|1Ez(bDI|5N?BNhiZlFo*P9BA(qx8@fEK4i{w^U0f5jGgyWd1$ckdP z6LgC`4G*g!XnPZEv9p97G{*vSKr7_-Hl{F>uzrRDF%v*fRsgLrBaQQ++S|@hM&&RN z`gxHwJ2CyAA6>Iug7mum6QU~X{LXrYv=D*Q`p*?TZc#v)FVS6bVH#L3S%tj^ zb3WbFj_$odTXh0Z3y(k&TZze2M3jtEE};l|rtErFzf2P0mHk=_SbmjpY{5m5aNb7c zuK+=JaJa_L_%|W8(hk42+nN!gq|U6w2*1efd@$GjH)UAzqWpGOyt&i5``Mqg=C&?) zfJI=!p@82R9&Zuqg{ppuYS>>lBoq$~YUj}B4!kIH9@Doe#mxu5$hUfOqegAi#I_#C zYHt`>cLn<$uJ#@sjR8jN@=#=2Yvp0%FwnVHugq% zJEb_cMvPI9;rea`!f{W6FpfW6?gk@xE>fl(B?+z>-laYVm_iKdw@R1SH36@z*OMp! zhs9n!VVDEb^KEL@xd-=>oX%rgeT28U9{QIEAm?ue|6dc1g_P-*c;yB|q#wIS`EOgy zOnxn;yx_zIqIqGg^(x%y4wR_6XM-Uo%6|_WpZxQ!;KJM>E+GjE_<|omY`ZA8VgF?8 ze6fk%50B#ToQlBh@uZgd>G3nfLFmLEki;~{Zl~vWt;wE_aR2|%@vO6|?sRO+E=fX&|hH?Wq z1?;BzSuDGlg(Lm3xh$xP7R+g8`j;@iv*$1|Ym&Qst05rt6~CP{_;^**UM*LK>$0Mt z>AEYtRk69{6uaWkxYxL|b#dTSjLRHO?}>X*rKJsWqb+-B6F(VZj~h&ZvwE2)bPyQ9 z%BI9q#0f5{jm7ssS}cjJ3_gU%}eq(Ynak6!4sM0N~sD;hOOyneEu#n|_Z1kXi))P=9@T*aSOyoMM5fOaTJ>%zqFdD4QR7Qvz3 z9mOia#U}ve&66rnQ%cXn%%15qDNIPzm=;zUj3L>okZ@vUf#Q!H{bi^C zhx{VU{i)bdRd%W2#3Rbb=e#XP0=mQ$4ongbM%-uM5XbLBKsb6`#A>IkZj#jNH%C;q z3k=LVhRg}^7ejvKJ9ymVGrrGNZrcYfK1$#N2l6(o-pPEMY-aj+4u0C&qPWc<4Cg0W zDOAIbV4vbMIz3m7vlSM{EMg|Nj}Q{e=9b~TU5qu}(~-qug85$g1@y4rtLN!S+;XfV zMP_w0J(U@=mbhHiJ_jG{Ibpf1CTcF>cU;23wZ)x@owi7;`$*SES z#l->4x314U1-Yb^bh9)lR@H(TxS15GYi6=?A3Q(osd^Vt*DQutkg_G%*2Vk{g;@bI zzR9(Utkj4?Pl({R-^isOSH^|dS&7MPp3JHB=+dQ&SJgo8ah29QtPo?Ol3)FNtvXZ4 zpRGUD%wWs9^&+Rfs!nI_$0D5*0-SkSG3+RlXvZr(D!TZpjiZQ^4f!6A4T9e?X}jI) z%{;QK!;}JK?dS|_r44aOQ2?KV5(Oet$*UF0hzi!?DKOs#noDE|=GVnAe@p9p#exUO zdhm@Sgk#xf89f1;MZa$r@!UqNn(KC1XzypG*Gf z;2V~uH+Uoe0I5-ugkV&YWm#}KM_|pa0u-ZX2?k(-xZl!GLN<8b&%+Yycd`%+`T8;w z0Br#nw8gRCAs93vOCYU>v~aJ)BAo1P-4@lHe8IMH zhyPwPO6>?wLOIMKW0v!nm(TKi>}6GUqqMocolL}#eD4rNDz}I53XEQ~=^iLQkSo$tdEE+-|&FSgQ5eSMpY=C_p$#kn+dRHmVy1nd!->HqSS`d4inygC?NIW+peK6a% zzbxDB-HLLP-IF4&mHe`&nopkqp^198j?v0@h$ya>Q3{!Yh6U^|ox+;#-ai2|kN5@; zYz!4=6tnnyvH;cY13s@I0Dy|Gh5)m}fnm6l-2RGs3CI!V`ZT(~f_wC&OS?@hdj!bj z@PpdEexwV!eAtg7YfH-Ql;f2HN*>=e=ojHDlz5R6DRFq+pLqm}Z7dAi`q3UWY`n_HsW~KBWhZ?gpq`=v+%VPwjNHIPojace ziQ$#*I6r&Lm-+BwJw$op-5V0m-(?bRNVtO|0Gob@ueNTMysL%$!hZ^%FKg~eyZWpQE4Pv=zrcdN=>HS5n8_HUzKHK?EdXSrnbGAje zW2EV%_Y8!pZcjMLivw0Hv2UH6IOMyF5YG(1E#T_`pb99Lk|KN+t zvs8iUPtwiuHtPEiQSXNm1Ge6ffPQT*T@q1fD z1G+E{cJ?l{bK;xrkmN}o4Nxq`7Lg0|KaBG=CHUxz+ujGqbjpnq9WWG(Eu%_jt6d9( z`ml8df%pf0N7Vj@D?8TWXI7?}Mh%UVp-8Kf+h4Sj>gYxK<#oUnHa?fYI*f9h7@lc84CbN}`Up@=OiCqT;g z_Kr1MeI7T#cL{QYG?h}D()X%KOv=;uMMhcWQi$Z8B3h#SAu?c|!30F(ocOVu{$bhe zIl3IvNYTVr58jRN65M8t{HQ#o)Q6pf2_|^`HOYgYe&N$8A{mJ~-qv_^%m@^vCcfpN zX1Ik1t#rpwl5I}_@EN{`z1U~PT2T9l8M|8<^c-0Y6Em54xHbpH_HgpK9VFQP0a!fT z%g*|N$yi*?)*B`xA4&W%dV`BuFkYL0)}DizWu1Wa^|IH3vLmYFN>wc%P9XQ!mvqt(*}jbnbxU-#8D4DagL;CZNO2)3rf!kU8d@ek-Ef2Z)1y(NzP zPtUgX|D=VmapGa{KiGQ{c&OgL|39guEJ+KINy^e<&5~^@l|m_sWSK-LTgtwjR7epL zl4U}uEJN08lXWcFW9$=y!C;JS%zFN3d_Ld1?*IS)`~U9W@4kQk-*SH+9>sOeb*^(= z=Q`&)*Y$os->>6)SjWZ5RozZ0u$1Oga&UE>Skq~9L-f<%Wr!3_?lbSKV!R3vb!i6E zG<_DMb@)@g7HC&*JJfHNJs23a?e3>SVMO(XR9x_`*NX`so@QtVkfDg}`&r2s*+L4v ztZmiSP*e%?g`{DMf#Y%v&yrNc@DE%#dcU|w#Ke4;kW44DvTEsLkkd`L;f|(s$}=Hw zCNt5Y>%zUS8C4cP1o>dhPnt*XR=bh~4=l~UHe+xsVW>Jdwzh;j4CrL=n<8}3Vw7IeSC(n}cb;8&g<$I84JQ!ka)m#>nw&;W&K&k>xkR-H*6b}n z2jXjG_>R=B5Rh43kc`GkJRFxvN7MVgh{nQ@2Ts86BuLCHlr?;4abAazjBVXfMi}** zftJrY%S)Kvdqy@tKV4tIy4nugV@xG)<})>xV#FWu*mBz$*H6>$TUqWuFFw#+$3qdl zx6w`htvc%J@6!)oZ*EHqJuNu(& zJbwK*0IGF<@GZWf&V!zo-n1Ds^Ogdbz2f(6*aZ5^mjxTQ>DRJGOi`{K_Nh zr0Mig^_Fvu>$oZY5MZGYlkGTPjLqZ+*6UVM`2(8ph_=<-vhkPF?!u7D=yd3d<$U2Sw9+Xp(#GoeQemi1uh zR$Gmd(U3yQ%&wVVN6YB>lbk=@E;WQ@6naAnA%x)T8~P~U7r74XK4=T6gIu(y{iO~9 znPAHRcP{}K(b?&hK60q;yM-V5>95fqj0@Y;MVbKuRX1?#_^Zm>4~%^`BzLI8EXx9a;Mcf=-c~C3? zNce~8tUmKG=I7di*ZcyEC(`n~wjHzC(Esoit4khJv8yVsK06IRBz;!s7L$(ay}~GJ z)bR8P?HcfDKTVhx6mGbvKBU)be87CkSj0HX;GQ9TzOuF5eHMFFc^}9m2XVsB#4oAJ z+J0LpMQ8M4Z`Ju%juNX#8E}io5wjHw<;PQ`=aQ7f9;F^(*Te46>=ZSw`t) zj%1PnRw1%$uc<||Dg*t+3-wxUcDwp{^lFsXI0jBrh|ple0z4WD}AcQbxb6&|+zXOWG68ZLR zvd&xpdNJXn5da7oS+qyNrC37?Hg+o<$H$hJxx7-&6t$#`%{Wl3jNfM+K?>s+$ z<)2bDkbuvBv?$N^j(g~ea6WI4!vYdN-_|t|QW}_ZTY9N3AYt{A7dTm6>CalhYI*bYZa@^>13m<@;3bzvDitjQJy>z2l@XBX-1Whrw=wI( z`qoO`&$p=;8#}0bZ+->wRC5lJHy4~7t%s!4!8$S2W`O~K8inW3v_3@Fuw9J0p)vC@ zx>B21)Kh)6bnzo+TyE*;%XV#g#VO~(Qz=^p-YwUDdwXS^;aWi5=ROCSGkZ-D2Up?@ z%nj-DXt*UAlH2IavU-86R!bbsXNfrIvc6L|`G;L6-&I1j>V!U%Ib)Vmrk)a6_eTF@ zjrP#x>{mB8HJSW$lK(^Kh7Wu0Pf?r;ZQK43ubFyy()Mqm8}&{x8_EZ6?3GTI>T4-^ zKD<=0?@5zwM~8C$A%o*t?4t0y;E%eFoPU&5Qdi#ahcb^?F7F>2Py>9#eShTjEmHZj zh8j8Mf8?F%8vOo8LG$_lvrc;X2d>GXbFRfC{83G7@FLG0Y1jw1?+u8}MwJEL!dvsU z?sGbP?=u8weLMMcjbOe}JLy-8Z2z+&g^Y*CBK7C1?$)5I>i$FGoKa@QcYc%aW`5spvl0 zYuZWaV2W8XL*boEttSl~bD8SCBETI+GHEy#`J>FRwaAKcM5JbC$wCdFeF-B;XLnx8Vp4$mS~zG96oi%s4`@R#=y537q5z9YsjW!uZB(d6Dp-}9_o|6^}Ifd<+cx^umN6_^4{Zr0$sFXLR z`MD*7U)T}3Js)Z`dx8%B@+}SQNt{jrhSOIsG0a_=O3lVf;GIPOIlmpQHjhs)eM-M% z#cQ|vyd`OS;w7^a`=tO6O~a}1EVs}lvTe-p^tK-F&O>d378RyJjzQblSpw(5q|moJ zVv~ez^?D|5-&aOhRhXWI0~J&12P!bPa-Dcei`_yGK0q;hXdf-w(2`jxK&4FO+xd=T zZSzW{5AJ_}#7a$vV5LxJLn=-zdx>Yr)*He9cNr&a?RpOu{tESk%oTC)Te~u!>&)}L zU&ms?i1Rs({UAfHAc)Y zNlIPpgCj@*W(-wv7IUD=P-O(f!t}htsxucu;U6QH9TRMY+fh@ro(R=$$fuN5o+FE9 zP>OJYbR|7J;)NVxKWj)2g+2RFVV}zv-W9N&oZIlI|V0CM0`haxM5hfuuQL9tJ=CCM+bE%4d;N}8oOF{I${yBy(pjjRzF^}4S;c8*tOrN49%F7o2i4* zXfH3@2D|b+vquKJRvB_q^1a)A zL>cjLY%4^;Oom2+Yo+L(Z#Z~--Z<&rFve%f>&jko27|ul3#;-ND(%)>{(&Fb6Ep`V zGXx&`%*XkA>6BOo((Xa3VJB}Jyw@CC8m(Fz=YIq8pDg}iw1R&H)C=mh?gIcV2ySp^ zkTE@mfh&SI&=3;C4|pOKJpM+apm#4<^cR>i3@Lf)L}&n`=276AVD#rFc)ppf71^_% z8rYy^Ukqjrxdz14kp4$FRw-}Jwh zbkhF{`cCf^efq9`lryQ!`Iui^(*0^}(>K`*mECAnyVmx5&+Tr1?OkVZU7t@Q>U2E=nE@=cE`mNCjBc zQwan1S!Bo8Vv|y`A;gH*UQ^2m6G)pqP|w*VawVEK;Nt zZrv>0oPAvylAww?@Z)v@e!kW4GK2->sf2M{9o!+KWIeux245Ssv(K{~;5%LdY~p<1 zWLh4=fnOt^7wZpEF27Q;azMKcA6j9Q5)()p*Sz8WH< z0qdp%>zhLoUxzmp-@ULf3>)xha$%iM^~1c}dt3?q@@05c_RE{Ak*qGji`s)`O0oPT zSYhEY3=j!oz(6V%q@cesfHnLmn8#eCA_uc>v$W{vx0eUx@!REGa|Ia)#;aBUG-Qz{ zk<3D{OAHmyq6_1_3>vc#)%oZFWZnpUdvCcOyfu>UAl@S%XC@I@Ufy z^)2fan(ieB_SWGnSh)ZJwfD*`s0zvGvG)jQ>&W*|rgR z!VCkvPQ@fP+eh9Z07Y-i94&#AAS1yl&=+J1FwyjmGM0#z9dO()m)@b<1H|E)q6D{# z2MvGre%@tldHr7DmOBeP=WI>fpKr-CMqwjU7EX87U%JRSD!iw7dONo|7{}3e5sSd$ z$}$(Zu40=b?_vGeir?A&i-#unMK;|Tk zgsAfMph~TMj>16^ht&)@kO+EG(R0RvAPvVLwjw|{P{mNGuWCgynsJqk86=A<9=%!$ z_DveHrqHfPi}grZe%2_n6$jD*Tp-HEKVz@U()8}#WtXZb%=O69dySEv;4;9Hn-dfP zXP2N$j;>@Fu3c;gmb_T)lV}zf_-hF^E-17XAF*HhDl!?3p}`P_r{V%VZCoGJmp&Wd z&qcxa1rT5apNMBri!IVd>FvOTv1v~7gpE1aD3(oDi%_MD`3HcCfjU{E6V91NZi+;CY+%!kAfD;T{LVtnu?D#N>bvuu;)GbFxA_-2G{ux zwK6So;HK7cP|dsU9HW;P6vx!@*HeFd@dOH=7`^n!`wlfTCf%f%o>-$N)1L6;uy3hk z5o#{`W6GfENT#8x}kQ(7gcH-lBwjAfa|FZXeQOa;4}6=<_FG7aBkH>xp2 zL=8LwVl*@M*h>aMrED8)2j8Ehs5Tqxx!LWOPV;j7Fwgk!$U;E^P@FV_zZO$`;q0X- zpdei-aErjRh}7Ple9`M=WzyTZ-Jgsp1vc&adz%$t!O{!a&V9-{q+?xNhesvEL{9Cz zI+zUR!3V^jZz;FtL6UVsgq(PCtscHuVG)^Fx}hiZRJsV&*)yWVw~6Rv?-xDHeuh_B zF$d3G`XJJ{C=9oKQPbEtyEXI@30;ZixGP|Rs$yV~FxgthEOck%xe7cjt3CwT zvip>Mpn|YA-`nNA)}tL(IHMzx`jX+F?D(XTgk@{m0W7lj4b;Al?rSAC2c$=UcYK@I z68GM?KtXDQ5j#h5GMM>+(gddK8p;};00WpHbq znfMZBq;dUV?V?^Cf3_~4!ls)Kzdbm7QzK7D$clYXllZm|J7i6-e0+fM*j{&>7oH<_ zx_;A*n#nI=H|ERuti3bFLVG1bg`ONMvrvxyau6%dgF3~?_np|qd2MTawxm%pUj6x4 zYzWLGQuOYoFTXY_U=b=`*}Ygd8?D20X0Juw`%AsAiMv8f4+P%Qdh~+h)6>?Qf}aQ7 z{x`1_(2xEKGi0@}F379#-F|1GeEorx`qlBEjccJU@z*7+vUJ!nYmi`O>C^l13l=8a zlq2i%RYE0co25e;>y)iTVI4~&b3uTROUAJDu4T>Cq-}d)!#-?M|LK@c} zq$^qq-9~ua)%F+S{#)_G-5Ceh z)+L@#ui_D5?kw_D!rsuIMrTgz7t1-T~I?6x;$jJ;HyG0Gk8m{1_n@ zNuXCLh&PsBE4ErI>3YV+KgU&tCK9262NO3mI0}$lz+S?8{9ry3=t~mS&nKdYC={s8 zB%<-{{8N^50QG$1R|B7dyY+A1#SiPbm07%2x+4bu~3Fz)n?z%rqyEx0O(sp z@%U9``h#R_JPuq8o#d0t8@1$@A-j!&l_I`~I65x{DvAUk0r==LX@0(^wQb(JK+DBj zhqK!JB!#nU75bQKtErq^=^FhAo~sHdGUY=bgikvo{loSP98KVBkh{E}02Q%}o`Nf> zK33YE8U6tUK%d5nG_bh96}H`N5i2QT+8M)_mix{_Id8@o5-dDsWbbkE3{lwqftFaxL z95oj+SA+y21O@+*T^)=L%|qu19=c^K?R@^!RfA2%yZGv07&jvAm8LuMUh<}z!#ejR z(%kND{uKOBh^6-09E+GpCCU-EY~LrWC$dr2$-hp~K1(u11U3`%*)lElnp2`euyF3} zhxXN4ujAERgixFcn^oTW{x~h4a(naiUxkS@QfLWMhx(h|ifx?Z@6F}}_|jr3776(N zva3v0NQpyNGaA<4#%aA+FEY{mBG$)Myjyn1q}uBt!rD5nUqq*4E+UoOYl$}&GKB6Z zk{oz0q8e)9*r0ct z_bFwxZB*^=cK&}z`@;7@?9FUd-P4 zhBift@Q=R^>0$EESYM5prV(j{Jo%@#Upvy1$LQla?X3KD`_!qkSfmtZLMzvJ76EKU zFcWwW>_3WZpTVrsvLs_{O z_tl6>PSYs1haM*b`k~c%O8S#g`z3jbPc;T5mAub`e+)gXoJK*~Kl?0x=1rz0HJAU< z;Dd4&B;ink0&%|Jq?F>3`%U=#rjt31Pn6=eE8L0{tv$Cw^Y4r*w2l_P6~SSDLf~$` z*y-oN(+n>b;j)Ob(ureROl-aj>pvHQ7U|aFe=UgeEgcGU?g;OSDmcH}b2?h*){9Y~ z3LIT#(Ic3f=GVn@{fmM@gZ;5Sa1ivARJ(b&Y*-L zX1)`UvWINKj?8sRgy!#pb+P=cUGIczLet{zr4`yEuqJ@Mr%@34XX=UYLOp8tZyAYT zY$pqhfb%wqkxK_4y@-)r++7qjon$`>kkhJM4$bZQS51NDW+)1*WamlG?I$=lE5==_ z<)d6NS=W9%4dw;l^*aDR!AJ&h^2g6~E zfIA4krQT;K8X4q)0jOF;J~V@C{mzvFCT6L|58*~H!bJJsF{|(~+afWhhOvoTv zJo*s|17OxDxgda*Rb2!?^}w$kl8SnAE}Y}x$m_ZfG#cI+1$RLXMm~kp=M6q)b)Y>T z_@@zB0e)mLYVu36hDdjn5{r8R@Q?VJ8?eL1Kh1f#4Rw+WpvJF#E*Z$drvT*?xEOO% z+N+cVN^iZ~bZM_eDPI250^D^77|&ktR-T|9=bFGS4^m0An5RO)o3Zn1&{Bid!=wbP z;JhU`McPYmiyk|gawZzVrLaHehmj0<%S(p(i*I-C#p#7fU7Nt3{jv3U;SD{_pu=ds zyRx?uGK|K#_fS1{J+5gv5xd*)Llf%RyPYO>pWk|Kz7Tk@-XdR7KcikydWm>w>S?Um zf3l+Ww2EPc)%K)(T)&jSLIk3y1iO!_aUj(2e$x@xr?gxY%C1`_vTJgPZIn`e@?Xc=*}as=z5Tqb<{)-}no#Ek>pR ztj~V3*_^>2Jq1UuY1jHd*TbFZ!CYk(9%wpvyZ{L&-S;G4> z+zjuyxxO~p`!aQojw9f-p#fi&R#UCBvWyI5#Sn(C%X|{Nm2~B=98l<;8rUSIX!mBs zp*9xQj1>|KFD(^yzT2sNyo;aCq6Mc zAMn`VMjsUgc@=<-k%-8(hkiEjC-eMMY77U2*6PI4FGu=GUaI&U*|eItiesgOF6FJd z&S}>(xA(5oVemj(%Ggh#k(|&`?`w zGIP?{E7Nt?!tPfF1}}eQxoBB7WX&^i(7rmA?tn}`18QooP-At~qys0in-!y~_(0J+ z^sJnh1;C|Pq`0{=w+e4Nuej6GU^|B-eDGQA_ACA<*DDVtl^-1y=5!x|%3;54bp1{o zc>ZWFY|lk^ux)3DHn>8CULsveX{MJjo7{)6umENk`@dA|eurHxH~p^(ku!;ra=7x@_{ly(FUPiustS;-TS?w)RI&Iz_2r3*I?B|=k+x`^K{LU_qCGU-0XV|;6*H}t{qW%`jxcSnK%F*??oik{@p1K=z|u+JR2DcR-xs57MgNch@c8-Q&b3M(k;x zJLvNmG^@U?SK8U{ID0&0$VGEJ0jVGR9?J#0BdI15D83Fa+alB`)N8%fOUMAJQ~1? z__!!dz>#~6@$=8fI%AYZQ^N#@qN&t_u9E(%1i)o_bkdP-TW?B1zZW<~de_xd=`7s_ zdgJeEf&pto=0J;vc7Q@34D?(iqR=Hc^gCqruW;gXr~;fSZ}Uj5!%fVNdro&KuuO@X z_t#eUda<-P6W_WsFBo~xG523lQB8<_aW9J=X*cmPb$Xkz|6#B9u>`{VKxS_{PAymh zZwVlWS<9-5E0$Hm zAJcn=T9fVga9Y3Fq!BYyWBedA58k%Jjf7r+dt=d%4D`++krANktar?+4h1)$Kpc>K zBq-istoh>uod!Mn0Zavz+OaTv`2rf*RF{P6Egpy1(2z=!z2;j zZj83}6Id!>nlw!Abo>P$tr#v<)o7d_T^9;&xM&X6zE*JI@e81ij^=o;nxZO4&_#w; z-cFSd?>cCLi?GGO8@TV&G!hLwIt%<bJ+NHA6+hC#GkaV2mFC%7 zcj6nZx7&mJyV#Rjb*Pvsjq*TNQ>C2dEr{(j<>rFi~qPl7)s-+aeEyrqw})x z81qeS^C+mKnhY)gBcPL#J7|4eC^v}r(OQ^>!ToOypPw~G4vinbp{BKeo}si?!r98^bSBs6~Nv~^3$v39rb;&bL5{H7$d-O6?z%B8rrT&dF6a8 z_hrBA3trb>ZX2tZw?U>2YUhi8yzlBxJq)ejJhH^ESAnOFUsr5uTihmAx&TL>1HTmm zRDVA|V#nLSbtY`iZ63N6I%HR?dDivoRI>l<5aqABd@Ckj~ko?!{KpQ z*r%mA=fe7d;acR}f#)sjd0-x>*^_=vdya*p1DaRyeRNoS#;4&X{TodT!v2T5^oE$E zDhfb9-xwKZM~#;^DI_`vEcUG@G86;V@QogaXEBF)2GmkIWxP3$;X{>Nssbmh?XZt; z>{hO`yE?t6k|UN}CtM170aKSr4ZoC)cHGOv{NPT0s``OlK;Pre@L1`uJ~rJPLwnXGb8EH~241>CLYo~< zKSZOJ+KU^dnq$b^0iDSL_ZSZwbBS_GomhkwkCjBmH9OxQN&nKo4a*Q*ZW}7vNLoqj zk2dC^n{=?q{m-zMWZou-DM`8S7=6;RJ{CTtk%wj!kiOo|X|Q1w3ZixKcoBw(v>Mmx z`GpZv;rMgnQgf>(XW~3sAwMS(MZpzZNKzOuDF>&~-0Bm@1wFQtF$3(k!u&FT07W(G zWn!EsS0@v3j7D6O&^W1@E(Qd3R?@7*37rDlRMB$*%zMq$Gi%VZv_QZy8T9_N_IFN>0W9J&0tsIA z({*`^H<=~CT{S`1>e~;dx?)rpwO73+N04vF$NKq@>1|0?LMt?-)uAn;)JpVnx4li~bbIckR^yczpwV znG0wW7=3ra0rGd1L3+m;R$FPGcO>1_|A0-7Bb%MFflp7Xelw&XE!LML^l~Q0AAPD`#rY8HjK^w~k+QKYDD} zpxzb!BPZ&M1kMO~avPeaZBEVo@5pjHBV|;xim|p5o!^w7=y5jqcj}gtjm{%k&5I_I z0f#sBx0Qc5_b;hiCrS#$Pwy9#I3A-duxZZD^4jmziG4%;QAs-^qhl{4w{P++l>PKO zweOX))1~%cOjFB8!!4UC%=X{-oqE-vqH=^#Yh!z_TWa%@k(`~!ey1Aliio^by5o1Mp#R_3yyjues&AU>wCaG|pPa}9 zf&Z|}5Z2&o^L%1;vVbWIt;#UCMzyO28*OVTKhE>J{@4o*{J&H8s`mcTS;VyQ(BGZ) zb#%uco#ksXkl-khL!eodb4#edEh&pK2BvuKqzv@nPL-^A%)b zR%!f@ed+a3L}j(Vvuiz5wF8Myl}~;xVzZ|D>D*Pr`d=XjOWE`KoPFh>+wnU+)>-x1 zL0lqpzP3L(w4#GVJcrq^OyTWmCMLI&E~n0^eqr^PNP(u}>=UaUEgtnB*pA}@^%+)O zZaxuCu>u{CG1a9**S?nWEbP5w9j{G?UBf>*-|mAuEo3Cc6CxsscBr zI0(q(g!Wt$u|JF+m`Uq^yIFP;5ZN!PS;CiJRJlFU{8sxOe>E+D*^5OWn^v(siR;m> zPLY_k%i&UnVjfIC+%ywSL^2tLNRUE=F=>Wq7BtsiWp7IC$fvD_da-D)fWzq)A>HEN zi|L<(yHiRB1xv}>&fVgB^5p#1qXwZLUaE?{y|q8iX#1rb*J|CjfAPkj4fC*;3I6Bq z|KBc)Z0VY0V_R;(0ST*^iX8YN@6o>C$z!{sK7DvTv+D-A@!4)-toiFXQyPm8*Z~u|Ehz4-9T^|K7p(vsNrq@?LPxpnRx}MWSghlkh<-G$fNxT=vv^!aa zjEf<|9OpKpv9n{^r?Y}|0vC8*-iFxQs_J`Z3cIM0kKYr{3rg($1G0s%K>*zH{$}F{ z?rQo?iAm2VX>6xQA&-L!d&DC$RVmM1!YgPk;+fA4&RzO-Zk4^6F1m(`N3dQ>rRYY& z5Y@#ns#qy|-Q1DNn!mp0OL32yixz(w!SR^rxwUWE(^a9|nRX#_@Ot^4V;S!@KZWqs)UxXA zdqt5$f8k6d?Pe9Vo+@^I*KXSeb#=V%E`@%f+f~1Ig~3_` zwu%Sw$@@3*3*XIGDDtfl?2^-+|2ON=&AKo3}Qv0J~ zGfW&EO+o*gOXZ7Z(+j>}GoSd8PF|b!4I0$OVfCrbgiSxNb`j#QVG{vTqY|5|Ot+eD z9bJ6)<{wCCoZw#TsRVAr$(OTDR`4Bp%OqjxhOSiz2K7yXR=t?+L-SS#Tu$*Vh&(Nx z??%03yQeT)DV4F~@>w0=U+@6tb`9nc>)W?)#fCQhk^UV+{BXvm>5?Kfzv^xXZwHXz z)IOQS^bRn9X`{jZ#R6ZngI4*I;fUn!aT)`Mh4=lUF~HU&5c*2T>ek%K6NWcR3w%7J zl>UY-`C>MxO(8)!2tq_1f7Y5B+k8_n!!zwaDWUnlKg+6W!t9L)3r@oa9iu3+hK*SY zDVlv8#9fWE1~NUdrdPf^VtU_Zw2pvQK;?-ps+?7oAA7I8-u+6su^gH* z13zm{98)!swgmLAo`MJYfvEw|0st)&C3ZYn^>%oDIrv)4hW@DouEalxxag829-op! zUVuw*jsOJ#<&cv)x$RuL0>`AZf~)$%P+2X#y}TS8)(r6VS({6^LZvNDlLhHPB(h|q zzwp-_n|8lj2$KE@DGU_AHrOUg!Ob&Ct0#*y_CRARSOo^`uQyp-fc(U4q?DCS2$y~x zEz;ULmtJ^>FB1ivykMmrz#PJ&9~b_HO8bGOu<#7@Tib|tyO&S$XQ)|>@>wU{xhkQJ zImre(v6Q$h8Ecw4sCiHxz6FZA+0o2JwBvvvO7?g;a5OY-OY4RQ&*yXt?a(xf_&Lh| zA&$+0j^pRia)`>xVPG+KWI$D`!tyAxkr~HTXC z{rvuPQ#}vX;|@>e>M8;OuC9`NUyDhhs#zo=^bV(Fn_DUFT3Ln}22a=&g^$cb^+UmF zv~(+=NksU%bg{)$M)n&k_rEa2lgPA8h}?YZ8@_=L?*EIAWLv>KuXsf%+>-9L_+KB83_`|ZL?8FA6N+zD4j+(`d~$nx=vX8katB=yD`$PZ`s7Y@ zYLP&fngYkqzfR1yP%ozT;^y1hCL04E-_g{@1+d92I-ZwzcuAoizdyWz`%9lzzOSgpSyY1bK z_JeLoc=oWP#12~s!(2`Gc)9y2Z-&@ozVNKLO}^ryA@JAu5Hf^paBo*p%)q>GNP72= z&3)9!|5gySoOPHVY0PXe)gP;gr!C(2rG%K0KmWw`O2v{n41yS&4!`T!f>$#2tZUk0 z%&Ajzq(r;ves=T)`A~?5G2EtzrIxzeW+esR4dH(ObAzl*JZ;dqO5naQ#plx~apo)m zEorbEbmWTp6)dc~?!6*J7oW^h*8LI7G5;#Noy~RjtcI@0XI=C^x9atn{xeXMnlMs< zT^rA5PCa45AB1=%-jV!(g2O*!;P6^i*z|*sy8;I=V5=ND9R7Wl1erQ(6!c^6up;D- zqgT&fHE-j347$ayCwpD|C1-f%=B6Ez8=E6eJUwl&$i0e=%wSQQJi&PgP9O|%Bxlo+ z89J!tt`qM*Tz1;14imP)j4}xWcOGny`dBf0<&-wxv#i`qBLB?ULG83K8Fdo_6uygeF8-QelAhCfGx^XUWt=bS*5^ zbv~km9G2>)aqcUu!0$QcgKgdq@5`*oaY0W(3;CwjSa0cQxrLW#e z`^O5Q`Twzo0u(IN{&ISmq@e{?`>!r7 z5fShrBHE7)elnJNnRK-P-CAcIh^1vM>#rio_rnvZVd7vAX%r;6gBY0-6q-hBJ(kM; zrPOk$o!KP{O$|HXOYid`&pB(vU+*cePRe(#J$Kgx>1*2#={E#~LXpJfGsObh$1Z{Oyiv>WA}({xh?sL-5x_0mVNT9x!d6M(IJIW8u-| zOakYZBw!(A>BaKyBS)rJPhQ6(zTJb!JK=rlEtg%TBh}>2p4*(4Xn;a}i>gOT(Vd=b zWMr6|RIrFCt+Q$-h?^<#A9ei?CqzVjV8^UbkiBOXUc4mm3I5kgfUhjeRjd5KmTOjPdCv+6Fk2Q>mJV@o8RA7UQossCHUtr+i<3jaY)|*wjczajvg%>L? zJ=)Ig3!1&xUS-<5+AFj~dt+KjQ|SqgXhZ=fzgNTHuI;_?tQB&Lh4?R``& z;N^Rx&#f`J9BLlh8Vkp`1Zh9bPCp+qD!;?C{)zQXM8UB=I=$@mBn4amyZF}*rqMzA+{PM| z%~~lbb~07lm9O&_OP*5wp8o}P3#y#2Di#gR5Wl?;vAjktC~I8ARI;JINqUq5YUihx z)k^}E%(S!#2hOVMee*xUMeIH=BW54%c{6o!2l1phL@7eAszegZ-qI&1UvFRFo`l8_ zu*U_W8`=FwWOV}* z5#i;qTZ0gk=5$~#M=h}pyO|iB-oz8!o&tdZgf1`+9 zOjS95cDyGvtY7SSVI_W$v(uUF;KzjeF@vD*DaOvh7qtwZNsrCYjN`PyRVqI=I)Fu5 zhL-#38W&M-Uvp2FY^?Pkc7U2_xlKn62484{6e_v{EF=sCu779;)+55}W-g+BmL&>` zt_UkWSJ|ZT?4k8%5s5fYXf~Vib~xm5lWEtXn*3y7gCbnDzaQ4;|0#?8nthmgtm^3B zl;IptZSXwPK5T}m`UQW@kbTkI!Gwrq2R?enrOrFn_Pb=~>_-8J5_W@>cS2K=AcLD_ zb-NnWFpGuDuI4wDVucb=uuE}Uo*X56e$@?t+0bGnpUx|iLX^jSEr z-&C)P!3sv)NDerV4&8X9fLl{gual;E@y2yvP*Quha<6JOKAVO z6M2!3Tm-Lup?6@qfH+8QH1wfn-|TVi>=aSK2O6`4f+=}FullQ2tplw#!~?U(7gkGW zb}N3phiM1L&V43!%%)LrPKO`#iKSPMpSIIUwZGW(ntk)-W|eD$9?&zF9YOh+`rz43 zHeZ*FwSvvCh6pgn>O_{`V?V!d#h~uA+#IF~4Vg9@zxkP9$Gw;bcYnLg{iw;Z9}5pH zT3zPPeyt7OOBBDY`j+;R@PxOQF88L^hCOa1E&~*#vP^nb4)2A4h7mv$;`$krdPGh;!y4A_^AB} zu*x>RJQMSJ3qObYn#MCd9?Z7qH+txDIFALE(ppcM2S`5U?H49iXlv)0_~Kg$-LUV< zkt02dk9wGwYGjZjF>{G`cpu>W&Y%r62xS|WE3h&i@XY3RWL!_Nn4RNblb*Vs4M zasd(;7ZlbnT&Y&raqytdOBRnW>U-362P=Qu6?U@GYS7hr;P2= z`*v#%8c#7wolHuwV%VimZXG9`1SW16O!0zxG?UD^*&^oJwc{fon`*6w5yLBSokcZF%l)3lo zrUKvflZAFg?w___ryxe|U%Ekpx9Pp*d8AYsgvn(;v_{*k_TqQ-Dmq@&4}H1I1MEr; zIUf+nB&0$P=U4GK^XtPEnm#MjOHF~lL`*OICgVl`Jz?*g;W{^3bA(SGJa+CUdjS9k z&u2AUq%zv!UHfP(`sv>CEYINgiDMC(5#~sM5VlRS`!43wM>9j|;}@mmt2^Mgp&DV4 zc1OQ#{U$v69lth4g0oS!HEfH9xEi)zYcYLPITd#xj{GL^-J!I=6SYaKe?idj%)PV3GeV)ZLvQ zcVJB~y33(YAWA8>EtKlFgujaESr}#RcH0r0l#eadZSiFLbURv}5T4+#o|gZX>kA&l z1;n}EOM9M_zcFk>tAd$j63l}YK%VWL97CbWnY0lvoaF)zjjSr6lc-@;9dKZUN|>5~ zVsKrNRMk(=r1{qpgSwnk6~qn%Y?saP1DRcPSEu}HR(pr-&nY(0jp{u^LDrQ#Ok>9; z2eL*w&?IkG74^aA0sTrJo=Q@lmnDUM`To^Hn6@sC92x-|e^pSWZS=Wh88AtR%ZL^o zE}2v+w4Yju_{Lr;S!oPyE?+LMAo3@6%&7!aftm{JH`E}j-&No^AHP#N>>d;@ZB|`O zzX$)ym~NhI#!E5Rfs2tq%HF_H7PvIo+FIvYJ$9d3K}s1)bl_hIyxWfjkQN{{V^$8k zmF7c)WoOQ>R+XLPWinh{mQTDsGXj=_0e7)TvvKxcW^P^}Xxk1j9{gYIy$4iO&6fAA zf`CK?C5R+J5Cb`<7EnMCL69so5+q6v5?eu%3&b+ zbLV;Pn)zmZ^L?}Cy)$zcOIhnsr_Qc@>QvR)`&a+NIk)Txf%_kI>ZX~S;n_K4rJG6f zBbI#p$;)x*5=1s9mynX$Xp)GTwBcjk{TCkwH7(tlU$f+fUie!4&l~xV*n3CYP(h>-r3n`Q>shpa54AJ2u}Pbxr-NC`0dIs}H;vJ97pwmN z;(V5Ekm=JW=-Q*D&hVnu<|+#{Y5WWSh>+gD=a_#;1~Ho$*jkgZ_ylt`Z0a~q$$yXT z867u|z~Cy#^(IveeWyqU$4wkmRx*dG(Oo-P()@P#{dthrB?_T&WY-rw_uF{FTeUcD z!mMiWG+Zz92<$}Q^l3vw$jA*q$(pVoAOlv64qw4~@0+(nRve_Twtqt2wMf7cv~%Ka$+L&3}52zd^EE1$%2wME0w3 zj)>1DT3+fa4Ep8@B#qAc$tIksn&t#W$n6I#*a2gD{xrr3 zTlK0hZBqw$_c?Q>CNt!T2&7}4o(sw+j=52a8JSZ8|!T4yc;o> zJuYi&GrTT5JOKo!{s^Z|woiyqq57ZGh;SdFI{Aj-*vOAxLZg?uZ*<&prQF^OZ$)+< zyXWt*&K)sLhlhA<9HK@7j7lz$6tbS2>^L@Kn#xLe=xt3x;7lr8(X`>fzv%@{t{JRZ zC!)Aw4pg6fNL*Sf2E5b38?kbC4$gMQKqts_@3USpX%M!uFuWO)Fh=N72W(I9I$Jqy z;bu4*3wIZ+(|XTf`#K~!bWoZ4`D^C^Jb#C0%OEb$L%+WeQ|0H2`B09lF9@gajWe^| zyZc%UU!xKD0AhVc+>=nMHEVO|0`YcU)L30iOzKziujK`C3Zc&FM5E#{3>kgo9mJgYmY9!L9GGA zE!I7{P3FlV!Aci-Di#5+${BsbNHT^TL&DSdIg_`@ISR~(ZcP9K(GCdH`XR?bu_UqV zJ1znO?C_irbge7%@c$mkP>=PlKRa6Om~E?VLUx|)QK2(Dou<6e+qjpeGux@m63`)> zbmy9VZbpXPIfd$V*50)D=4yl48c=%)6eq=D26gPId!tA^22bBcnV~{M6cXX#5gEg) zEO}qQl%uYGo2L6{-e-=5QF5@^rMfqHOXQ|eDTkN{%%@7f2o8(LK-kg^TH|)Dqd49d zas9%$Fc#mOupzuFCUZ%v5Z9(Lq_9Uhz@r`h{LP~Q8`tP*R;TcD>&Zp#j>+8m_S<%*9bxDqi_k%eAoOUZS#)y~* z&;#^ebh{X3DZj4vIi54gLtC^UFRZ}xx`@j z7i=thj0yCTjqWzv;77W@(r)J=B9nltlxzOHe}(1%c^cr!_;+*@7dCrwo7#mBIYVf; zn~%2l$Gs_*x})X&VVEn_1g%E#siA9d(C@%)q_?!fRppPJ{N6->TBG#OrN>`){)*W( zn+*)CHen<9#})LE0;vGdd3Myg1I1x(nyn5)uutrR1zffFRCm?Yd{+CoJ6bz49X{Xg zlWL{%zNht4{_v!1K@1BBu-?)K!pKE{ssaF zoM&TWP_Hupr|WM?X~wK=0@Ld|+c75eruy><)!X@yiHQ&*G0RF zIEJl7|EXX24=Jihv=Pq@Hn7aGHMW&?C9rTf73wYjZV4x*|VK^9*tXS7U z1c(+QkpXvF5qlP|AdT**4TsaMLx(a7OJFyvI7qgOmB|%J#h^fH?oUE2EmHadgI0vZnEU!bP3K-kR5$q5~0bBs}bnHw8kZ5JX zdZSl9YZ;DV-?4O8>|Xq(t#9J_H!T31n4!Z5EzI~eb)&TXm_<8L2EM-&GrSX!`*D2} zjc^D-u>f11Un)px3zLW_#H`^IUAa(|Y}!(|akVcGuZY6u7ZgXp9ra%#r@Vs$_`HtJ zjyjqPEIfx>=1|^eODh0WB>ib0*hf!ucqPQFMmT;4+?Z0*Eq?~_!hUF)*nfrTxOnK+C(w@oLc+ia4{|}e$p#;(dUW(u-xONHhfi*1s=5ht(x=g)BkY-j`!!B zEu*(1D(^5TVDC;f1SU1J8xKo|TXF8&bxKnG#_@JG_8@y3D=RgJvacx986Zb^jK8_F(o1vbL4eYD)HsFDf6?m@wrel9K^!ftx?_NL{^e1Kq)9SQ!4%qdx z2e2RGpHl3Y&q3z+`N^J<1h3IdVw*61kKj-sRREqN&66bV_qnviP!X_sF)+6{_Y^?# zQf>|*|3KX=w7fTce@hS&=AT`GL(z}@Nxw_98rl4v5Fc_v;Qv8rkmNrkH0bSrcC=E` zd;pJMI->bChwZU+l$zQ)Ii1+tSzXQdiv3Yxej^SGfK%caL!lEwG5iPbs_2xm_dWo! ze;j-J?IchvY)d(IXFHVZ@w9HxxUl{N{eyk>;0G7p8Wbzo$&6*IPJGjcfIQA(I|~60 z4@)-y5}D~!w#|is(t>|eYESecSh?s7?>tT@drbO#{%;zHKz4U3SBgU9v2S1#(tRsq zh5fXbwNM512U9k7NVkVl&h5r4jxLgNYD{Jmde#wmt^x%t040K68z&fU3m2-K{S83_ zwgaA`^ROoOYC0F#yzBGBKCrSPE*)Y{pPays;}7RN5us3TH|)*~)bl8Q&v^Kqw)q&L zJyOMQCFex}`8+=a-I>R2;|)kpBG2wmS(b1E`uf>vQ(8~=s#iULVjxK@`oOQrZQ;~A zCAw2RirYG}?CT8Uc%ExVGA+0`{kxs?HcKAF^4Se}DkM%C#|u;J5uj%>^SBUlFXW*I z-+lSew^QfqS7>x<`LCLv@aJNGaDKm!&O#=x;}+M}&Z7`0|6vbrbR<^mP_AdYLJy2xIX=1DFjL{m)d9^PKB?f~ zh?iGsMhf%3s$?|51I#pE03beTXY3Bf)^G4EeX3Ph&N{3ddxC-@L%cEV`yv+(v`Fx; z8;y>Pn_atA_Uk;)1}uP!uK`jAFz5?{rOK%S zDSY`qTBT60CH~NO80fg*q{G>j%{|{?h(-FPc@hTaPxT@1E^P+hmjE;w)&G?yqh3n@ z1;o*9@4L6iRFu>(W-Zc7W2EM|WlQXdzMRAd=eFdgz2muAsVeA#sl=Ahm~RQwtL78L zX}lH|P$dc8*;c1RxXf)ViF+$ProKV6{gWEdczpa9!NULL8jp2n4Ml*G;X_;F6eFL4X8{o z=_`dt;NrR>@`vp6z&Ul3zvULa2#|l{4WWZcu-*Ly`4^@aElFvGe%@E}Gg{kPS_U=> z0BC@4n|DA;I+3gUR#7P+kf?#v;lfQfu3OX-EcMtF$!inNFPFCyhEh)u8_*^2O8Ar) zX0`?Hj5X$XV%oNMHjCZ&om~&Ia)nCGHoij|p$P)c6l*}COzF+F5I6MQ z*~a=RVc`xA{*H=Zd(7GB?6^C6`AWLeC@C%k7!8w^f145g-LmOr5pla})9FcP-)m>( zc2(qw*V)Y2oY$Eb&Y%o0DKXry9cP$N!G(^l^mdvx4(T$ zH~AAr^jaOTYtQU(-bUr+A*y0aq_GzOSskIZMb12 zcj4OY4qm60_pY0{Au#T%@FRn@_8|8?ADR8&daaQspXw&+%HNR9Bucv)_Kh&mqECdw zxM_Hn2U3#guH8_2)09d!%kh!Es(cjRrsr&KHni&)nGlVFon-C7Dx$cYO#(|_$Z*-3 zml^tY|K%vgz+-jl^n}PTwIaK4m1MHR(EjyV#3X=dyfZ zQC$1!;`Kyi{1P`jJq2=hjezQ7%@Ya32$pb=8@ffLXUUckVp|9Ra$#Wg(X`U9F~tHF zdrD24DAxumW1fcg?(oWsS;<(Tp&4raA4ii_R>&dMTLByjy3330yiR*QvtDIx-c*vh zmJE`*1x;9=oj#GIUwsKx4G!5l+HdcB_w#pu-Em+_yXgs1l>3%{6i`tUI>G+8Ll^Z>QXvtlaRH08q`v&Py=-Lu+HGalSD z0n19^wks;25pf!y@?S=2r9sr5&YS7pi~HTo^t^!~Q%j5%->OE}mvWfX^2 zXGWR>rXM8?pA)kuZ#QhjCuY~~+W1JEh~U1nnwtnQJHA1OK}V|FxV`E7r8_t~AOR)y zOwCl!$sd=yH5;?XkJW+DZqXikFLNFm=aPNxpg-=uQ++K!c;&cv54icAOfWWY19Sf1 z&mT(ooeBgfrvh7(9WdP}4tV-o7$|uyXL57x7m;^aO$uyeB=yZ2*(BPd&7aI{c!r|l z%mU-WfUSd4jTYahU%%}yp_HJzH@Zu!FU`GW;Cx-bQCo`RMB**pTxMBNE!vVa3?xs( zeSC@7G0xT1uuJ5~S3i$(hHD;;iJXJ(pXP=5M`o(YcXyT5vASAr+O{nyyP^AW{jkOh zjRcJ6qEA~$ASkS)69_RD?F9dR5Z(>YCf?(TCG}#cQ_o4oHQLD|5mGO&gwkJAA3M$E zE0oYXJ++T;!MF&zSCxb>IEP!wv$A_mZ+v#{7~`()lI-n+jDo{JpxgI;aa=F)kdUUS z*tbqas0@JI8AmrB!sk*Tj+nPgEvleS_nDmtt%MO2H&eSPV9s5SgY zQARMKnWtTAXc7cvx;5<`+8E-&ij;|_fq@0g9)g=?JPS2ThQ+z>20~~EAq#S7(R$e> z^VNPX=!-qp3CK4_IGme~_Gx!&8OBQR;fX8 zt}-OS@Fh)g1;$A6j%`eQA2dew74q^5(6GX5>Z9rG?W3X?2Q-RP63&!#+uUioWffc( zu~1UK_P8tE`B5=ubhOKbVvm;Z^$1{l`%cdbC!-iVB~eX*$ey zRcpW9p!#*3X!?+I(e%tBsopsZngZF?ViLvfdwy3MfJPA{8aRh-^QoKZA+G>kR8u%9 zB93}MnGxctNebUHTklMFwhD`PRkh zOa-Q=V~0W5U2AJphP}&!#4(N4^nD(Epu6ip+%Umzvg{-`xi!pUXCZCw@cfFHa|@HjJ_6SJ|0~X5xCM50kW%TVJN!n zP%({tz0dxDB~O}8h_)8@2#R7%zL#ZwYh{P0FD&!EzT&8;>Q6>sqvXyAd2l18x(NDu z@0qrY@@3O;!};oLvooE0B5!pdt&8??cxi5rCMxYKvMmZdi^pP$b7?G?ybdU zj(yrMBWNO~`{tGvb>y&Xi*2{&oTcjwB8}Sh%83)f!5(>Me7)g>4;W<8zCRc8* zmezbsA;>X%gCSfmJ2$S@x*X&0YxbSe^4{H60=$|#lAAEK7K`2!dTQ9mJ3n6j(YVp{ z9G{Umr0|2ZD@tGTGf3%4r{fN$Y|r`!@ADn6-mmF0(3shF5cJ@Vewl9fS<8WYkS6w! zPxyfEu;=>mpt#cH_n@nmX?AZs`!D2hAku-!ih^H1mD^lxPvf<3dss%_(jDC7B}=EE zv8#ALf0U}Hr}0LFBpeJHj`(s5B6VN)VHcTIh}-#Srb$3E=oe^K^oldKWsLdF#*+&J zLzeaLU%MI+`D&WXJ$8LjlttsbDK1d^b2+7PY0)YV_cQhULDUQ^k^`^0b?t&Y)$IFt@*=~G;t~4Z^KlHKb z8LCLT%&w{XyW8TO%@T3}B4v`|swhjz%%VQMixZA$l%nis;2AG6uVNN1;$6Md$wZI_ zBR7*nT5hL4oA=uiK040Y;nU*`X`u8KeJOl#>a}_yzpXIoX(ur^wR}@K`Qw~D_wUn0 zQ;#ww?>Cxw_WN?TM|{~}=Y4JS@omPS6ryCJ=cG_0>nF>m>fPcm?0uo7WY;GvzALSQ z5fMw^Ptulb*8z#Tpev57)_8u0MY~bRJh!fsXrqXmSNzmQWR3o;`^jVT8lvJ zP)5x`O+!9@815MVSa+@ZgN%pfyKa;`A_7rz-S>yW-IydsN~%@4aRTCPorOD_Du@Uq zM?141C2>w}K--^ZoQz1AoIT}L2>mFNzs~Z9Ytn8Q*esrm$Sc`*vfQMfmI0eAqm0;& z56PwoFgJDo*b(V^@e2| z30duovta2IxB9gfS zKWd}s$-B|>?M}2KBLs0QD;U+8jy`(kkxNxMHx-y*in+tq&)w5EOp~Z?+jlq*$i{14mY-$dxlV4yGL#x;_iqZ z+Tu&2bJ#ubF^!4A&7m)8MX|G-aIm+@(DbyBH!TbSwL|MDxf&H^248R7jj6BdS@Hbv zf!fXFWvZszt9&niMmp!1Rb6fEhl5YTQQy7x8EBGGl62F7;$Potl`IC+c)E73;SW?^ z2|tv!(w9pf8)e%^LvDxbU+h3hFFSr>J!JPb(a5^HjpxpwHKAT5iuP(FDri@2*s>X@`$R=y>VjE}V% zgPp9)uL7|W-+4LppN1dtC$h!n{kNtyoDB$DLURjRh^~}Bb^b;+QCGOpNbWO)=xJEeBq=50#>#zcHr_R@UI03F(MlQ4Kg`}2;~Aio2~(U4Y>3FM1xF@ z_70X%^@5u{8^&w;?{N}GS)gn#I6`gGYvo**P*&EoMr(#P{5~; zR7_+imu$*e_rJg_zxX{n#$s`BL@&vP=mKSnT=t(uyCQ3OIRC8Yap|@EKZ`oBaXtG> zJ=d)N8(y+vtA6wAkE{*7YU?tlDKdc#1rx!)G&m(BtT_E&JjE#m+FyU?K6HrA4UJ;7 zj#4{Fy}_?%*7HKXi|dIN8QFW0gcO?FXEFirCE*Wl4s2X7SuUaev=e=egzlI9^I z${+vJ9C+TN{vo?bP}^Y`Y3X<2n?n0@#xGc>@qSH;f4OD%#9?Z|=q-N2YG7&E@|`6! zOg?ov#`><|yVu!kA|D9yN4?(~T+9`{Y5l;h8;AmgTe5Vfllk3(i18cd2I^K8loa>h z|5hp2g`ntplInQpzH1Tc=z|lBG2Qm?B}saV-k;!-(|h8&T3@cjHBOfuGI`{g+9drd zDEiqEKBrsfu+oK5mx>!orF)#5BhDito^)FRuMWu>o*X4L^=Zzz1qF7#K10UJJ)Dp! zuTmAv>`){-kTa3Wk4++c{^%EU`F1!~lUQtRQekMw&z|t_tUc*H$Rg=*DnnyA<({24kT&V?fOmMac#yd+&SEk9Ouy||s zYVI_b)2BuSu6+Ll%iYTjamOf$=0KlOUK$flo$5u+k={UQ?v({IBtb+4jmY(Bb+jYQ zl!H8MY@Q@0&nTU=h>O%}LB;|^oOiDl?fo?0l)w(`fKX@Qofh8M{v9mplrS7$XU#4W z4nCnuWfbcSPgkJnwI?WwXue$44MbIrxJA2rmsA)bzs5V6>R4Hy`R39FRxAY)utNeC z?eQ#LUhTUoZI^7s93?NnbB$*B3v&XC&%99kBermJ!`ochFQj>7@mt=0`k=r#^zHF0 zg)ARKev)k8pFafEM#x=mA-#rQ!%1-4?J*veJxeID58Z7d8+Fph`@l68Wp3WU z=YM>48o224HL_=IeggN1-UKq&D)V0LX1$pZNb*0yfDfc6cxUWxppK2KaOzKv4Ype? zminO=aqg`BH{GcpD`*wQjX=Xq4r>4jJw?ga}{8 z-KHhqf8M75iyrv+RO_wI`U=-H+NonXKu+CDftIHq+S? z#_7zurWj-}TDw`MSVN}N^vv|E8!Q^40ZULW43P9Oj|D=s;4?{kRi4*h^JfivadFux z6uQE~I~vU_b=SKua)x`(_3&iw@lMbD(W|}@53Xe=FaKX@5e?>+-$fz?GIwWak9+wC z5)Fz6x61AXYC62|O>z0)lUn%zTqcA46rE5};b_XQudqN9V7naeJ2J!6`^7IDy0WR4 zJ+oL?c3f{^yd5($$-^=3fXP}`W{}L~w{*)kSw+c@&b_?sSEkv^IqrZ4!pSHz>(8mB z>ucR8;4`Po=w!ssvE7xX)i{3~Euo5!55eyop&nGL?* zZHz<4<9?P@R`Ef+wRCsjOatFOciT@m{H`t81G5tEjJQmiw9=CsnyfvZR+QnYf2+!} z3Z2_zKf>Phl_fkdiIZk9mA0|(*Awo&xM<7?(LGD3&#x~L;=+Nwy|?sB&4Z`JeF=Kr z)Mwl-`*N{!E_iYk9gPTosc=79^SM8@^UXpH;l!e#iwkbstBeqboRYT+9Y;(g#wR=u zX!vnF?>b>_$aSdhkM+QRvHABjV)A^K$~XDNb*>F3>rQ@iW;j#NdsxR?D-1&utFeca z_skur@z>h~rDnlW!{f;kj859>^&)vyY6iw6mIc?Ex{XExRoEGjMjf>>BA8SNpI?M=a+JbdjY2;`Wz(BYuyca?>63-k%2qFIAO{ zW@Y5+lGyH#6A}Dq5b5kfq15l~BW!;HB{lEmx#d=y-nvF6#Od{=w&+C;3B-sf;OSh9poBEA~nEIWRz zSM_72r)k1&(|lL5XWK>R-(XIygQTJ)Z1-zTDHWQ69ltd#!RLN;B|Imx(Q+mACD84_ zSDu)-!jvr(nlw2-G_}IensIUN{ccRE#jdpF$d`Pwv=CT0iya-G`8SS`zaH*`tb#US zp;vtg(C=9!OwDe3MobD=TKaPQPF&c0q!pMaBwgSXADQ?4k^4fOUP2V}%X2Aw$6H&8 zhOgE@vslWXvAvypZWQEGN@@9xCZv+r2Ht(rs^I$r|4Bc`Lnx4(a)c*CCW*REV7MOy z*!81;d4@8LPwv*%M+&uMIpw#z%japHf5Q&=ArEFvrbBZw;N)^p&Gcc{`?kE-6-@YQG~I;xIw21q{#UdI&FUd@HNx z9qboV4h>0xIA9j2e${_mWIm6}ei1oOU4?@Z*mV4ZhVxTrg!4uC_K%Z0=Oi$zsLt`_ z2sqdc^OThp2Hi(T=lV!s_c_$}9u%a8IlIi6Sbxg#cf;6krb5OU=zfvvO64Aw2?!iN z;E>v!CDqRXpE9<`VFgoijbhNv%vl@ZTO zqV|uKx+6T7_k?kA_0UdTMtb0vXg4BU3eOD_iyLd&^RBsJ65;8{-U9JX&9%{ic=%il zX*Ylz%q7C0GYoVy>rZGOY$5!`R@|cnT}R4LWIt?DY_`RCGTzB{#LK3s1m$oeZ1eEq znDBHUQN-~Sg~{ZkcV{DTne`D^JLSBbK6GiBOpTxl%N-8pjB;T`JG4ZU!v%z zL%N0wdHi8!?CaM7&j9mS^6gOORPvAUJ_-MUK%8?Bz<=$n1Wbmup$KkQ7Fmjydv+SI z=%yFdQ*`(R16Br;b6OLs80n3u0yMe%>V zSeh!GvC+7Cd7Iz6m+ETvo1VWvBN5UsI|?qOVpcHu@)Y?F`Wnwr-1pH>w|=G3^i`J4 zlAl+uvhn@Mc5j?3{aaPP^Cn{(_(YU+mTHo-w&NGZ2bfiz4G_O`K~}&Q<%38C^BH%9 ztuI)cUHu|f;?{khQmF#S_s9N8FT;=Mg)UU{6TM6wYcv7UMCBOW)Chjd=R0j+7{?*!}bixpC}^TIQ;$5EYGl)1ba8iqAO)5!WKbql!OU*+_p1 z3UD5DUB$ib(*(qm#fc3t|8dSTI^aP2d3OY`;*_T=9p-s|JHNape1k`m&X2@LDhNm) zbw662B#cB+(3Rq6x+tuow3H&337;15eYyovpeT=n&xvAJ_vGb#$;j|%*)$FhUodps z%j!ZAu1i}w{>Cj*Ab0VE1Zlsqy)d<9`uVzukC+A!A7a^5iTVH-dKf!>8|)OIVJX+xhLpWr0?JDQmI_%pvDK0+_AR%1ryfV!F3y%)JzOo<1J{jp$I~YQqsS(FoY`^rBo38}Mqf{vgO~-o+oc5E z+!XVt9^*E|(FP6}*b?|S+W8qd+v(Hnu~0E5(uZ<3?-kt8P-GZ3S@>PA5drK7*bX5N$AS|=Ji|i^VE_I9} zUGkKP$&t|tCG^f~w7MbF7a|=nbr$e+AjF)fL-~xxKVmDB?>mXzF=+ivYF z<|kiVYP}#N*Cm$5LQF97C2A+`(q-lkoo`&$U@IvH=!+G=E!@iZP7y5!%v8S5$(?*6 zaRb)qr>>*9w&5vP#T=Pu%6*kKYnU$D~&liRJ979qR`*D|>k#*_s_`=#Z< zHy?u|zQ&t7B>9Fl3j{VZ>vIn+3lK7RSzPs!t~dDHZ9y(}GR%D9Wo2L#-9%hs!o+ zGA?cw>*O|!gd+Ot>sWI`ROliaYnN#SB2ak(dtg*m$m0jj*EQ307+Bf&0%t_YZkE>e zN9}oW$!zGUWw{l67*8EJf7j>R1clXUGL-ebq~8lm_;}w1E?~|Ky#4Qx^J0Wxun~@K z2%tfzJLg2w-q$y3dB@}IewwMtgyOS>sJH%Uke-JIkZJps{a)^PDB6A7D(oSJ$9U@? zl^d^0RT-_g zDNr~340LT{3vK(ALO`Zn^rrh*ibj9`DFa{^A66k&DNGtKuKx{Pf9WZ$L`9PPvqWqk zlsf)Cxi3LE=F7AFV=8!xCWEv06{9wBqbPPG*XOuD;Kqd)WR=&h+0(keRee%nyCr%4 zmj^Z#(|d~}ej&vNGttlxOBeLOZE&e{IRh=_bmjqRcuRIk+j$I{1JB6w&pFw&)uMe;8%?d-NVYr*{wY5>vy0nVxp&wVQIE zC7Gp&H=Dp-o>Xs28G%DwTr_E?pjc0qKnF!>QA+MWP)$nBdPjS>r1{yyW^C(mg`*?o zjj2qpuwuzp;}rv_UDMVW-=s97lC0d6)()Qkt>7Xd*e)&b$uCC?)0;w5qFAvaXj#bT znbJ;PmsJo9WI<3!HTBNV>cUz-;EDIJD5nnhI%gtZ zC~1G>HnW8r9ZB6HtpV#=T|%cer$H;d{S1o+2J9Qdk@Pj%R+rAb92=86}R*+gJX=cVf-$`sdq zx{*?Zx#hvs>z{?XkCRxtec1@EsQHb=pvEQ_q8bG^ZI9|Cdkh>s9InK-hKYrcG;Wn{ zrLCm7))DF)BNlV0tAEy9be`*~s$&0k8h)2Itc=flHQn-kL7U?DZ=ppJIeJ!?aPWo$ zriG_~RrX^jrGvY;V-v;Ob9dkf!ji=5!W! zcpDm)eU8BIbLFK-y05G|d52_U2CFp3BB)-HvhYWp6V^`{ zR#5V;80i`mA|W3<9lOHb{p~cbg)GTe?tCa*D&}SKONB!AYgB8WNecwl@rLH{t4SApQ&gYmFZXw=E z<)2Pty_j!!?t|hsoDXnI+=(<)o=0U2H_KN+0B_c4Dh@5TcssXiMV}ebElIO z;_*r^G+{8H-aK`$!S-Fsn;xZAP+Xe1m$ci=QW12>Ni^$C@Htkzpp__Q?SRR&k3?`6 zv~+uiA?rJFJRmaBTJ!I<*Pq#CRh7G zyk``#dqMGxM%{O5m|`B1I&>LlO~dD0vi9?tP%p;7$6q?FQ7!RhAg!L`M996MDXX(o zCm(~pdFfW;kR69bSJ3O3t2X_zAAn}9 zJIM7@7vmDW>3Z|WtTcRR4Q|P6i=T>ya&8wt$az_&-+%L=%>I4${il;_%TF1_N*4>1 zI^s=UH1lEAWYkQ`qeeWd+bz}8?Fhm6KMKf#;*nZZluv%Y%^)j?!^2Y`rg62=1JJo9 z43O;Zn0wnCF&p~mskXKz7iuF1DIgav+Grq0NRuSVrh#lGX=xlz<{0mM_LlYK2NUpo zyhsG|3?tPY8t!btqm1Y4f$k;x-THLPOE$m&j}23U5Hh_BZ1k1eaRJgBLmuXu#bV{R z9Q%0rsB3547G8e~CS?t|Z+2}>YdAvF4Fj(*5`kg&(ZHjKF8VH;wZYe2nb_gxfQfuy zVI#tw5P73PP+de1h`nSBBp_^Yx%E|aA-~VFIDEu0D=MNjxM=xZuMn8?0o}=^A7cn{7hC!R!uSI$dnwWd9bVnY$wMELuw60B@ zO((#jjz6dj`+w!yJ#uXB^`S{r-@HNSy>l7*qd~b+=0)z=9svraNYKgg>yon^hpA%B zfRhJOhS0IL0T@=G#-nqr*fAS5EPBz_JB6Ox%z9ik4%WY(kf1$wO}!I*=jYyt@Re6C z@%ya0sSQlwh<==WNV^}D|eEpyR>=8r5iF|Qi{lzerEDUSGgva)LH zt;0ARiQSiiCHM~!*C)f9w*Cf@EZ_z`k@czqE|b5p)#?tt@$QAB2cIFzG@F;D4hEuV zsaSqUEc6{GT~t(AO~=|?i`CqG;(gUpQ%Q5aOb|C!-^F`)Ll=&2&0+jR~+?-oeNdN=001E1f|hcqXBXjOFX5+to2GU@~`41VI) zwqEIc_H!w`(oFm;nxBu|sKx$1fTZk*mHtVBeaZ2!dmH(r+kH(m_*EK82J1@1&~D+jYjZ<+L>t-RS(QYaJ$-qvA&)l-_m1#iB$IbqPIH)g#$PFfvm zG%`1WT2O<7%g4y$g{losr(mo8zV@O2;n5ik5s)YD9QFG1b!Y9 zRQV4=;N_TX+H5(Q%pV642|U7=j+n#aj7E&CQE|$#^0!d;TL;@06*sBD6CB5(B5Wp} zC)s@G8z&qv_V5d>i4KMqBbER~4VAKAw+wRVAVwTJ=80h%SGFNC;j!-Vp2wceUfmi8 zHX-h-4^6+zP1{Hl_?c7&QyE5wW0EtEth!qB)@TQmO&7v8ZU?yhU^-!CO0K;FI-`;# z?m1SdXX8Y`a$GwLpm52}2!|o`6F!4ljBrZ6t7(_bu=)6Gdw5C;b_PAdQF^D~XczzS zWjW-N+lcVQcL}+?N=jB~5Znua860$GXn~h=go}y+8<&7w7Y@W0bi;@OShf4D$nNO9 z<4m)%r7%yt&IR*Ix3^8>gwcCe8}d|lIT?>s7e$-2<(?)&p4yDgEw^QW4eA2rNbYXh z^6@Ws?RENP^_rt_HB;Q^cS|jyMS9bVs=|@T@$m zXEh#e;_&VCVG@!Mux=TA-Fi2_nw=Nb>gkRBQb(_x(f4GDvBzz7PLX%BBqyG zV=wg3c&r%7iAzUGZNFAs2FpR~H(SNKpJ?w4W)KYfi|0U&1*>G%KN4LJ;!5~&XGwj4 z59^wH;&F6kvp47#EGkM#!~U0gh=l&3F4^6WNbc=1D~f@l;qjhK z(mP%AR%FjwzQ?m2%WHUN!!%Dm=%?Llht@{vNQ9JifyY{&4oA|gm8nnCMBcxwwj(hZ zFAhN@&)tiMtoN?`a&54x8*AFppY`ZjUx8vap*>ePpcPwAJE@-W!b)g84=g{XSPxR8 ziDBC7ZRoz-q*169pA{~pD;EG`MCi(}me!$?O{ilOXXhsVEf|`4MBftMAmA+-< zuJLElY>M&Me{r||vy#7n@CO&gi~a=I%Y)Z7{!&!RFyJqp!G*V};LoDNgj=P5!Q#1c zwf<7{ zFdoUlzWI!i&#`7#p$S^=Ey6C*D;eNsxB$xq>NJSU4Dy4TSG+een9a(w%>1c?Mz#3E z1eqhQE?rf5M?By-Ba>tI8~tiNhNbuh2X8 zumVe$4zfSfwhcXLC|*tnAA8+xx^HZQ+Am)qt&g}y9YWkSUwM)j`3SpmM3D@-tN&I) zePI8TiGzh&B~SUK_FLhF9FznU>tOIZ`Bu`;gUizfe3IUfCTCdcq<|3JH2X%pu2+e` zrU2XK9OXfnE(W^SvMM>mqwNq+~gS_ z$O8JM{~K`VhI{Vv1mLdPXWnq*3T$z(@n8-i>Vwk>6q{_S(8{G-f!p7g z1qEYB$on`d-pP!u_|t#o<`zFOT~UYZaqd}J`4F_d`k4sa=ybKilqm#zFgN^aV=8j& zIVM$I=*DU5)HDBND=fbhTpR&Iy4p8Iv>S!;O)?AS+pU&b&g=_g<@{$%7VFYc@&GLDZXCEn5|XT1Uz_`XOm|GaLcY;%E95I<{83lEh z!?1{C;n>*w>6~=XkY8O9{A@|JaYG-}y$y4>i8=>$zk0$igADFHu<@8etI$Y&!OQJg z%6~xkB{}kc(Qe!Q8b9tyi%N;qTs| zDja7^XsB&`jy(g2;JVmP0f+fE#}BKpK!hgzG~-qK+?)!ymeLtD&JIbF_eaoKGtDbuxX!LFktx zNf)Be8mnNreTA=a4+UC+54^ zmI3g{4}rWXkU7m|f+P!X_BNyHyK}ULvT|s57dyn@3_D#B+^c*%C_ecndS7Rqz%Eyd zA5yg(O^#WV-;8gPt--tw5i4D?;gxv(Uak{$jo1{5I70L^Oc!m1fhX<9V9%EKw;|Xt z%w;j;SvL&wc^Z2WbY|QcPr^ISKH;tTu23UTuJHUxT@gc+AmuiL*JV0b2#5Vhd%FGk zg<~e_L|+;MZB_iJLgFyR$g@abe+`8r8*Pi#E+1!kcKa(C|ku=k!(O?B=|m|4(xgjCq97n5MQI`>AP6EL(t9GkO6VN|gwP=*A&`({ ztrMT;-TQsd{_%b1#~$C<`#YQUgE7{cYi6!l?|IMbx^7w`QUbdDiZd=}y~c199L4s) zD+TZrSrSGARD1>&;{4%N%;L_@{mJv4P%CPg2f_HqB^WIv2 zX9g4${ELgNap=tg6WT4j`JaN@;ay*@O|T{MFXs)+fQFN#Liwd0>+*ckVIvwv&P z0`b4_;l_Gbuu$`IHaz_};h#-7cG zNQ4(oFf>#Xg?uY>niKV(MFx2Wjvk%rOMU`^cpUm+H)BJm({CZLG;l2smZ_l}WN|0v zdJ4~vVhpPW8_$?vOpObH<~Zi?RU{Bdzi7!lnzU{;>f~CkwwUN6BiC6;6ifuyMnS2i zhE6~GRC5i)dTXaInkA9|e!db;?|}u}rcYN1x+c(y_2N{1KoN-@%oe)Gy7EFiMr|8% zNf@$DNi;LL#3|x)PkC8PCpNl7%@R3Y0%`#ImY@yEQ029(ZN6$!gX`BsI7%17%H|TV zP^nEm{BxF1R7vn`V9fLA)0NWqlcJvXymCA1vdqCoCiHSVkho9zeH9^$BwDn>V5~o9 z+zT`;357#W3Iu8Hb?+$keBUiCId)xA{5jh4k1o{2)`CcN%xlgI1G8oC6sGf3rrWO9 zZ?k?HbnWCI$Z#0?O?uvlo?vjQke9fqD1PNt-oZod=fo%woD7>zaab9+X#atY_mhtR zZVx=*&pvg>q8l3ct5EN@K{uu%2ao++=F~Cf?KJnvPXhPhb%=%qSmfU&+`FWMtT}#< z-np3GXcH`Mr3~CgR*t+LGr5Ev-R9}!htLBAkkNijn-0|}mcfn3OS3TFHE+AEnUcqD zZtzy~PTsUl)f4_|fFhbyK+fPvG1Z{i3wD$ZTWGT!nL@r38ESs0I>Pz3LMVA=Km@ic z{pOEn_kL9~r7SOx5ORDae5+P0W#)Y`lu2?2e_gSKKS`{~?2?-qC4pSo3i^zI5G!(X zF=DNzBOB|My~0-tj<{H?&b%2A_MLDHBM&D-&3&dLq$~qRxhp^%qmUTiZ>U_CQVtAM zhkQaln+s}jck{FK>%xmjp~A6X1wepxvJlS`J%(#M(q4jm9ljVAiVzP$+^pI>KgOeC z=r6a{>ZU$Z6y&r(un_@F{BXHM8Ibr+$^{%xkjrZZ*KmForX`4iRX)!^rV|?JGJ1nQ zV_l~zaHA0szeN>39k!jwUq!p_@qvZ&Z#+z}bVKUUH^MaTi~~ZB^LV)gp+XT{rxm5o zZ34CAw+y%CzHaUVJU@K3kXn7P1qoYqw;IFC%Pw;iZ4!7nf)uon?Z z7CdtqAc3NIJSTpoTi~wzudH6NtM|b8(dZ!BfwyVsN7>lb;j zH9=59?OHpx+y5{($u!R}b%4!*aOH@1EKW^Oxb{h}(YCktFM5Nk%TEpd z7tYq}e^DdMdG|cYEx75@R@sn)y)4dO%`9wCMh-W%h7aL zdWF?*(0hCNZ_r;SDlzrLb4#z?ev5b+>S}ILV_Wq8w98kGgk#Z3%xGNrxyUxq5Qftt z)}^aTE_;j#&P6i{p{=yeL@_#$xMIk>)l8;@^CQAnc2&asC_)Hi`i0wcCa` zV*@oHHE`*AdE+dX;4%J=U<65%KxnNi?)vdbjHigEc`dM1r3^7Ug(kVRW+b+suIOmBS*?5@tuC#;5Hcf!k2@!!39pnlQd;Q?qpf5A~=B zOAJ$6%^+B9qmAj|0c($Z0tQ?O_XE}p>R!AvXKH{*Lw=nj0qai*X4NG(H2C;Yo|gSq zQ|=wAOV%wmHx`(MEW9^i(--yFhtgM6WH^EFy#$JFv6oDn2lespNF5S zXn_1eMb&}x50TpHzvFbEK7Pt1^&L?-cz7=ZNjPcDcFc{y;_FabapX>LCDE4GP<3g* zqru!ThQ)vMe+xbj*o6g5!FzX--(gHxOF6PhF}Bwe zT^20JQO2)XsPAAdO&s;YTA3sy-iz*zlQBnk*N;75xN+S4YvgRn)N6?_4=xGs{*UCC zWJ1iU01SE%B~yRJ?tdFSLxN=I`l9fv06DLCgp2-xS6|Ed%Fbc=&Ln@TQPehG8XkJH z%jCJ!{r^e!pIRZSpW8yXnehe=v$r)$pDe^4K3WHNcii1xk1M4yex28A$vL6BGhxh^ zXcOYP7MO&*6FMilQkcx;(B$s=2Z~+NHrHvSW%rT76P=KPToV^fdRXRqqPmQ-bVgfE zCVkz+uxWgTnF(QJ`^xudST;l_d^z|A`IeCA)w#a-{bE?GCfAmTiL7AE>^5dz|AtG8 zCvP;yuqS#DV#zxGz`ny^6HmigZB}_y)J#Qwb~2I`1HNwVWjet;oas9WdGZI`#@oK& zQIH=!nZ=8k;oeDZ#%e|MlPIv(9=u=mc4~jU-*k;^+Gd=1{BZ5&AYq~edZ(_prSr%V z$(L@EkVqvGd`~;eEI2FWoY^Mh7mbOpo14}?u2Ojg1jVhuM}AmN!@}|hz#?0j($~!5 z*BkOY9%q37b4x`ae%|!O(S;8CNY+BMhflMGa?(~X9<#b=9B0^*ne{Tl)_6&7l4PYC zXI#4#Pw+*62MNO4={1t&c*=r~f5FQ+k8o@rCu{ZxK@_Fo>jBcAE#bfdoD7aRkBPTj zEHXu@f&BzowjbSZv#{{gDp;ttd5+Lr_|kpUlb%K`G7B7im#~%({Xt!8$0TSVZ>1bu z$8@ZXAobG_&JNuo@q@Uw1q>j>bjXdhWx5MF0TMp~yNh?1X|K19&){9`)ao1pU4O`n z-yKfWs_@Y`DCy63RX!xVG0SY&z`K3f$F{*-t_FHA+ey(YO~0@F;SRAOO}4i+JOHYE z=EK7aq2%N9Su+>@0j(lmV~b^tulxay_UgZwdD5=o_D!Tp(bUuU$h_jc8u#k5m0z!B z4-3FTQ~u@$^?x9=ULQhbH4qw?v-kd?^soS8;#_G_Y>(wR-2U7j2R9BvLGn9nC79OcYr26YZH>bTofW$E@4wagWMzh`_<>7A zDK})}I6-=)7eh@ZSmyNEe7%HjGP7n9FldW)rEj{4`qL{?n3`?gPD+$o{;CI#kpTH~ zdQpM`oRwFC?U!J*PQKr93+iAGIf!3Kf&^pr*|3drq{$Y2L{Ui3*Ceo}ma<07(z*B{ zS)rG&&kqOq10{BejLAe{Wp7izb-6U{^&NUYVzsg{itu(&rzhlNPGSH!XXxm72?2sGJZ)IqIY$&o4&R^EiN-$9>oJBIoES)y7nuvxn+Ojs*)*?d48xT8)##%22^qh z_@}=Oi||j`x|J*NH-E~pb*p7>(4%Zv-d_wU+}|Xyt8Cdkcx;KMWTJA+cW31rzWbt7D6TpVh}8!bkMddw>mMvR5Uh1Qj8bm;v&DUx+<5%r0uz~1OjnL5`krAXxu zP64x&1~A}}^4vyn`>lY6(9<9cO^PJ%4A&MpGsh|3BH>_~oIy^jx%&57uR*;ISg(-i zM6ZGB`fYgMh1XIK7%ABLucFWSH4b)CIK~V(ECTGFZ?rw&7bSH^q)LgYPKZ^R? zwzXQ>Z{U?Nx8DvE&*&FA?3*aEt!!M|w*Pog7nK3dW?ETjutVYcZv?VT(pz?-%&})vC7kRh1rN z?Kz_WhP37;8_jnQ~*UJ4XYAFn=#} za`C`3n(T*2D>y4*P?c>41-gI5Arax*MG!>UAPyF|&bz6UkNU7}twvN1i_cqx3z>QD z42Dp!{PmA9bKl6*F!)>N)~z9&3ETMl-VflosnC;b{7TgOGVzXu8n(}TOxxa zmDyA7#LE6C!b3r@di4ebGvsqaJSy0I|TBL&_P)-jCP@^;Zy zrRrhGorDyON?2}bR}bRMBiYZGPcPOI_u)3{`E8~Gh8P`tm+JU*n5f3iY>4wmzOY_P zDV=aF{?k=#!Mz%|XZ|#{NV8V8RDaspjYVZ(;{KTY#kH%+{eJSW zwkOxe3$O{t zc*7(9t`1KQH1{qXIHh`l<$h-@!~M+5pGTtD!n}Vjm6J9~qfc`2++Y4Cf;P9Ex~Me| z`g{O=bV8G_-4~RuiJq$A4(=bBzj`+1R=$sY8%@DM+HqgZx&Muj`G+u&T6$kj`u@3? zDb9(&!}XjJX|Klx{_us0fy)+mt>0Y#-1vIlsjX`NyFcX0Ge`x1rqv?1sKtTgshi77 zTym?4law_Cqyi@_f2r8VAl0%_AND&IlQKQzjnbI%(CzvQy6OeXg$=_@>~<&bW3>zm zJxK4f;SwH%f$}@VDU2Yl;Fs6csS#ROKUa|={AtO)iTL$1v^MdjRKCqFwg}9D4WNI@ zcxvkwylJozv6eyDyO5?Ct?2JxwcLS>6JgnjdMp)mmbQR{Wt{Wl3E8`dktXE~LTm>6VTbg zqz|ru*~=AuNlI8Q=di8LwZkH+j9T(?Vr|E)8_+lJfeq+umK;q#olZ7HaI#(*`ksG# z2M7ihr;C@x@;Ioi{H}l(%W-qDa0h*StioR;qI5D@81B6>6BY-{;tzp5M$(w_PgoFvCw{4g?Gj{PNPCWIe)ejykIF)bR{pY|%TeolGe<-vZt51fHa<_HM zJg3MHP@4WQdRvA`ePTxhf>tMzkR8`M^|j$?f88H~4T*?MSMNW$XSC|33p&(4?Ink+ zeH&XTt#fB3Eb{l7Yt~&4=7)4~0xfe!{`MC+wr&U`4Y{b`4qU^}YQWq#tBd}@i4BK+ zF~K}gRK17OEey7AoZuEsn3wxoL|z$~Um^p939?Nwb$@CHXsRIq>OHuI=3YI3_K#wvZ zb^#G|_ip-E4`NNHEa4^unyp6X*%~UJ8`I*~NZWdoW5x{Tfqn~|aZ^l?Dy$3|>%H{l zFdp$z%{_2^S>9{+EYG6W8!s$}*<-b!DFH41cO&K3v4v*0P&4CG^l~x=87)kFq#UT& zA&2sKwF;7TC=s28$ID;@O;qoo_sh`p$!9%Ie{Dw0#GCvPP zL@-nd6Fey6?kui5I9d+U6+WbqMw`RQK>P;v2uF^FLmwcAz73(GaYUpDYMd;~RAL{_ zpdi*MrCV87YXS>B=0i*3tevKm^-@g2_(TCXuriFPobQt~2-V7soyY>8YGK z1<s$nrFkxIYhN=&QgyMsP5tFPe(TwxU-}MnhAV#AZ=bG{@>9+w8z~Ih2$L zbQ{t^fHAMCuP=><5YNu2slT=g{O$XW#_l_7Wp;GYXY%NM84(Itzh{2*B1jpN(tKbv zdQw=XND1V(@;gXi$u`{2%oo$4F(G4tSJZ*UCJ)j)mkapyfJ35TAU52t*`^8;LN+vp zS#BYi4;^bRX_mUzLhO-DXFq7zD%2eSB4E;CteK}C^&xl);5iQ83NZ7VG`Fhw%~qQh zbiIVsRG!hf3db)a6Z(B8yF z{ScYqb@0(5w>(Pae$07Y_Nn_{Qru8AkiV{_ z5Gtpok(UgHaCKEFzk@5k>OS1?^^0Ttn5mBd`{du}&-VWz5Dt77K1VAw_NgMu+TrZi zjfE+dt!#5(Lx%vvPzyJKH%M7jMhCHo^@E6Gf- z%@BVBQ)+SMVi>(9yc-u=m?1(_L?Rw4Q|BIb5hT(cN((8IANSna9|nujD9qzGFdiUGvvQLg)_yCt)viD zL3+0vdbD!vOnlfac^yb-XjUOF{|*{TX$M+mdA+VxsU;dVuD zdh`3jvWR^<&9&X&8*vRyVJ)Bzt$kK8m+_7DjD*3vxWUqP;&R^g69s6O{Lrn@V8cp+ z&LZL-vy8!yTz{D0+lE+tY3~fxn6x5A13gZO+pK0rB8Gkw_A{`n6<+$Fe{02!Sw^Ta zfG4Vj;kTY`8*la@sl|3~Fxf9{mq3~y_<~-AVk!%oZ-f2dj=eOD{1uF~=%Td|g4As0 zybIx})InCyRP_=Ad>aO}rsu-wNd!@0mP19m15O62PIZh1O9`I9{DLf-e6J0^yYf?7 zBnCy^5%9|n1JnjZN-g^6)Qow1*!E|F4RkAWNh_`^3ny#3VY}bX!F# zqAP+N&rrYl8&hCxfS%Pz4Xa#HHb5teCM2+R{=GL=@cn*W(PzAl`@+$JO(rqd?kIe? z6|-2Q$-bRw`+w(cGU+D7HoyE}fOWC!GjaQ0yMT<_ZId5K&v%-ft=7AQx(vEs?Y1s; z&7~{zoiS+TB{tbwl*GzCdG!vn?~n-DXn80T@9!!;72dw{DK%yH-X@F52NX|fk5!}O zm*Uy)pjtQU51u;vWmKmBfVooL(`RyqcjvFDD(~g^Mi;whg!Jg9t~$`;o03|r^s=xX@I1r!A~t3v>b3UCME8w6Cxa2*k`HzichSZ%qbT8#s(%$_fl`&*l)g zSkZ}`a9k=4Tz3PzJy!Li$5(nk0iKi5Ie^gkQ@Eu{G5UHucy|l00~2MOqj8Kz+arIM ztTp`dM*Z+R%YSn2=_<&m2&9mkVLMP+p6dC=$3(CSrcn{dhTLH0>hTx|(~dr12o4bB zp(JgEDItt+EBSqnFbs%bJ~EyQdZ7gDB;KqBVKTm1fmmO3SIfP1w%K_#jpB_h8m1*< z0P{{`079Pj@dFE4afViC>NtocAZhua#uWb?j*}47;$%hrOqeIWygyfO+(9um07SqS zCz0^id`|RvV#(QyLs@+`&lSY~Uc8}drle&8@KB(_{miDR3#>az$`)HrlGM67$9?MT zt(Al&ZkO{XyPW64+tvOW9aqdM?%F%>=05pnM}FH|ZKtB0e0#rKvY++U=+Sn8%h%rz z$@B}1-H`k=+Vww0`?c#o)LKp8#j2Mi1NzMfp^zz`2Q_-hpuJ~p#xl_SL)SP8EA#j<7%4?pf6vfAP^3LUay{2(r zeP5eI1ae7gBrP@rxx|yn{S~$e6NPeJSTMfh(EMz1QM9d++^C^~t|FZTikVXwMjhcR z`6nI)grnlml^VDVB89*&%*~z(S=d%7q@?OH2*Ch}32w~KZku!}mo+@HJ7$Qnv@=YH zK3IS7vZVwi0h>U^v);$|L231>i3>B(iMG;U z*7I1c$DwZQu!Gc;6S{cP;#IYQg2;?a1a6cFo1*{ll>rx#byv1Pt~B!gPEZD0PW#E( zzS8r_B#6Ivl`N zGTV?kXX6IycAEMLhp*?lzLbe^O)cws!tE*quFznu$TMH&rS`=)eEo4|<80CAp^pOZ z>+`9`D}_U_0%##8<wEdc zNp1Esc9%9B6v_Wwe)VpXWEE~1JHuWJJpY?*xq9w?gznxWn()*wvlL6qqenSlUPV2+snAc*GO&# zg?EFc_TMHF%l}OaK*NQugJZH6K`8B9OUaXWiTFZTHdrqNy88{Q;>y(K&heOPtjP&O zpcR`XTbIeLZ8rr2WXhvm5brQ+VHS`40IoC<21#EL(NBH|-QtCV-n&vC087BBpDhrp zN^L}xURnsr6SKqRb8c@b6r^BGtf(w#C6mSjE`ITKR9ij9Q-aFhX~NayqUVaRbgLZ5C&`p2*yEH8f+0vjTA|5A4ZZc9%Ep}fU)cnD>XX90ExI0h zQ!jzPc4I&1I%e&CbN1oS#NvU?=jaN;GxrE zdiowGhGG6j_qq_$yu<9&61-){e01>Wv1`OhmoL7}7_#A^-On}W;>B*;>S8M{@2{-M zwP!BMqz@t4&v-h&6>#$w-FeQMdC7n7;HzJgG6Hq`AF*0$M6S*+6FuL&yHX?NR(DzfXF6IG` zSOs`P=+i#=;Qd$6cnsVz^;L-x} zKCus-q`C3v&_l2T@g6BCfjPODQ_{9u7=CSi=l$+3P_ydi270>==|^i6@vm4wZr4oJ zF-K9X(JwY?v~xUG8atWLTe5H4lz<202V3eXPCL$PASaQTK2f)U5Q*J_A~RpeO<61VhL{l29IkDCjyCQ8<=&bh&xNBhKxIr@0;)10J_nvCc+!$M4!FJ z%)!o9I1_0@3|_~XBUaeM0X>sq8R!?Swr>KqQp}uP!;}Wj*=Rht_|6z3fP}X+an6}u z;EA_4JPRNte7%_~a?lGreTa7Qx^JCMHxkZMT9-|Dy%r)kcbNC=7BP?zk%*-SB41S! z311hWi>&RVXUwJ;;zUybm53yg>mUsD-i20RWkN(8+D^UW*U~25ZYi>JwIKWk@8rfh z5m}q6VvszYHiyv=)kc~#_+>*6z(i`kixS2z8z7tyR=FME#hG~f<>vWN7*{zbk zl0Hi$eaFJefbT$Q+1W445Tm=-W4)QVcZ$U)eX_;xG1jg{( z{VeD4Ts2NG>XGe3PAP=%sDm*1oKS{V-$Cm0+RqrwLy7Vq`Lpp#2QJ%sYK7#}^qw#? zMAVl~321;VjwvXTRTinSRZ;n_2r{w19r$z9JNe6VH?_xpa$1lrto}^ZoOmO|2%O?yX2iQS@cKDZ?>M( z@tj%AyBxmqcgPOO$B#+Y_H#xTJ_lrIaTJo>PGUPSW=JFC1EZ&QWmY2s-eQOJ2Sp-x zHS87${f@~C{Js-Vu}nM%zrlf8@k9$e_LXw@fLuOR9`AOU`#V)(ys7>oqqFogrq$`K z>Z7R9_qAlMc4uDBWJw?%ECWb($peq2D>ccVbE#poeZi&gcrLLYerHb$RnTQ@8Tmc8 z#q_ZmW#Z=9Mp3C%5^e1NvLp~cS`;S?>x{rlFuQ8cXAG;h`D2rE- zLpSy@qq$CBjhfv5N<*d4w_18(I4lN3iJp>x@=%|4W(rdm3CE%Xn>-?!LosPFvvQl2 zAcivTW@>;~J6LsqtRoCt#Wd~V=_)^8fXi4Bm1qLpQ5&RAD61S<9oUWQsX4!CN%`I2 z5NUE#a$qZ+ZciFk6$R$lv|QnHP%5=eNBzzgenw%0MFMaV*lYAm=nkF$0cYW4GvO*V za&NSSF!@PU-i__$t6i7{D=>vHJeMREz+iOdVN)`Eu{iD0HJ3NbZqJZ;c0_ur@8{8r zM-&E0IZ@EKs*y;T-(*ELmyf(O;GZyUENhSIWM~P1@lg zr=)C>{U`vh2^W7daf+9> z0Z9v4`#`MyIK!cu))V&22tOkw8wkAv!jqaG<>wis=3o> zCvqdc(>q}JVBATW*1If2L)rTat1^Sz#*<`R>JB&OjI!l>A5#5j%h52XT9tT66rae+ zI0(4Jj|J?Rk;W7~H8lk`?v#-Tqb;FeXz(QX+^-V@FR9zlCrff-ijdywNb6_>xY1X! zs?T{&fTgX-@6^Fdod?~TVL>503#V&2J%GBo>_k~e6}`C=%^n2vcQK-kQ=348I%nIW ztm6tT&k!%jf*7KJS z9<*k^mIpj$73_@bz5DVVV{E}H;}QrQY~{*8kJEM)T<-XyGVPdCXQ3}3I4CGDWv=1S zUH%ybH8J~n;qFOf=Se*YCu!V3sPyuXa}i>~Fx< zIFacYOK#pRnh* zN4Tdh-G_SvI+{yAyTN5nt9#L7tbGWp94 zW%m)QWBDeB@^_p_KN}r-#I{pG@fvy+-HFFl-nc60KA7lU>#(Hg zO-mmD%JcU$^(Ny7#3Y=6j)Kt7u;6Snl|aV8lTy$;@Y{l;tqW; zVGLn5Cezj+Z@ioZOgZ{%ICh=@gLi%t?-$Zwmh>EKEA6?TLCgJ`7}9eXe{6ZdDcEye z(^z9y`2mtn@Drmht&FF!eO|^DC;GGUbxf+HfOupXV4E?p6Y(J3E^`@M{nFLsfxdo6 zbz_H+W+5};p2LVFIMiP9R987Z&O0n#HOPw2pV9Nv2q=iPZ}hk={NbrcO$|u<76i#(l zBSRDCK6xIbKEI{6S84V1EzuUzuu|XR{s>j7ebm_f_MJRSU{oOKco9`D>oaB+DNn#9 zyVk+k&J~Q=dfN!BJ4HP<;nR;JmSRRo^+S2n>47G?Gjeq;iAS8hRRX_D3>6G3Y<+K~ zJ`+m4)1$w7AAHhtrTIQ(+fa<}Ghc7iNh9X5ge%P!ZbQ9Gn)%Gw%7GpHo!}d}JB|03 zIW^Y~0aK{|>x(q-K6paPY*6&(e-4k|~bL z4sn?D;})qOJ1lqQNN6rbvO422`N8cQIgT|?*Wc)+4`AlE9gLXfLoaN{Q1T1sPbB&cN)fbLcn_}_8~BvGLHmsJIBxE_F`hc-#K;*ITR$=J zsK($aKV%H0j(_x+ahmgn(4&PIQYtIg9yAvTeznytP z$@VteDG_RKJEDqQYDqZe@O_bQrK@h};+Ou?$;-YCV)vE{-?_?TS~G4ATgUAgoH(!0 zmHOgf+)myX^JX0W9;w3i=NaAbz6Me2#)*T8*Z)+C5#V=55|kE@)_L%ybmQ&Fzh@JV z6b|cv>Tz^_h`S`C_AfaRP^}qc?8kbK3u1S;qTe3&6kj~xp&gntr0L9vlSvXk!;osc z)>MB-gimBtk(OF{aezrSFk(u9&sj#S49{2IUoA}iO$&Bv&^v}R%dgMd1bZ{9zDGfk zC~76PR1vHe9d6%?fys_wYi0CL%=&O$Q95B`k+RD?kc`WSAj>`4!9Voi-o9Uo zVLBxXjeS6#G7Nm)mxg%vnBr6^&7N!z-sn`ECMdCQGI4;7}uM*-{hk~@ewDN-y@})Po+Rf_NCzD z3%j&Z#$Hj`dup5tFhHv4Mk;oL;!v5vC{dq{duq_lGhP!#hRI52^lK`nIK`g*#%Vzh zrz6vK-s|MfG%KuGkt(Ji11|h6X6(r!-{&sZ?Lm>;LQ31)%wf=I1FX8 z%LK6DRPdc~opmqQ>8|C?;I$+l^!MwqrSI?EMQTvsC8m%Bih?<$!yv#vwY;I*T7}5vZ?b5koN<0 z!-&aiuTFvm1AQrZ%>GL>1$~qmvb^%oFpH;Nft~+&X8x0Z9&pDyN$1uXBcwTL^3a1p z+;>c||BrOMA+t2j4$(CiJ1`eG2x7bUrl?3lJ^`q;r&kE~~ZOgvjTI&h60_x8vV zJMJx~@56SzqZ7{0|HQ@(^J2%w4X(+Z6Z@}T90l5rC-}^7i;7L);vjQ#711pP3S&HB z@TP5fpRhNG-QSV9PW*B^2R}v%Ksm$!r@8OJ;LDuKeGFKe9_LCXZwE9mc`W_#`F%;c zvY$%zbLElEpkzBH%#zYW_zLkSksBW7;4@o@IFgU$K9+WPL3p{w#~1AC(bVO5aNvJh z;=g!5&5B_N30&5)&IV!Wx$zSK*dEv|Gi`S!mgjrDu#@y~q1+b{P0GwGbI)u)ty=3`y_U+O2% zLni#6DsOGttaWo@(lf5oOgN{Snl&u^;M4t_1c~_i% zW6Lk2LjS^Cjf);+;FHZUlrQQN)o`Sg^!Rh&9T?AEAL6+LP$Xma896zSHThz;$%8zn z+X+W56orljoh{mWpYVfo&#Nrbt;IN(*)ch@YT*OBJW}Gk{-sK<;ST&u?MKCaT>od% zkMn{V56i=yuntT9XLq%^Kj{0Hqkc=9 z^}o8F1m9ui_OJ$jetl!hakaVcLaDPi%&pPsY^lL*{I@D{A=!|eMTR736+j{URsPq5 zvp#BFuI11&zj8zbkw1!F_rv|Hox6#vv)G;!m+`;Ss34(h7Qd6q_oc1*Pyk1$Rp~Fm zthvYNCw&W+iw3@Q;h#PtM$P*>O%bP`14Mq%jl^;@1-8qIZ0i5%-&5!&uI;! zOb!_#Yp>2N?>^k8Y$Nz@wPq|{`K;8j0gKfg6F;wQcP@_mZP~*R@Ccy=BYX6 zFwriMsUArCxi(H@hT%-p{Fq6dYZX(j&@0qK@Qn(ghu5qCW`vJX!>UitjXVh3-G|}( zP@{0IVN3^NeL%Bimoc*84zjePL>UO8*OxlSzqzHl{`2eEnDTNQ;;3ki_A2Iv7C;%aPb*DpdO(E*Piu}l99voq zJ?XJw)k1|5!=Lp?YyH%kw~9wn=@>NFQ~iKi5e4;TMvCU2kzHnl`KXm?FEDBCI{klt z|CJw<=)8FbtVUGytLCNM9zJ)kT^?Vc0H%T#N7H$(R%su+{Bv0HlRV}GCu7&j)$<{{ zLe2%x9TB^J(eT>kzgz`S^;bhX{c3Ly??2BiaKZP|?yG)(V$o`IoP2ZHHfADYU)x+b z$Hn;&Zpi~r+s?8xjA`dRe7B2B;L*{B7)_6`<7Z>VPk;KvfA!nhH~-A~3dHuF<^gSv z_Q?|%QGAcb)~YGv9dW5Os{KpCf}I*&rAAJBAx4j9YyZ+s`uRuwmXPZsjdg2UZ%+N> z7;wGo@--7alOK2`Ip?8K#p&<0TaG#ydwI#0ehuqyba`2i_MBN{^BhWpA1?;+53eoc zPh_z&x6+BRCinl7_T|7$>kgSSMExtyeGTGXgaTIaQ}cN1r3WQiaH=uEpMm(dQf` z0ifPj)lB`_F~#VqxrejPC(5ZslECrpKfYIT0WVy-X_5&v6Bfu{1-xi+DBuH z)YJN>8MBs08t#;#IKRjmZ0}|j(rmkiNT-)<__Zz^Svs}um0Q3bqo|L%yriq`7{zuW zL!1o%Wmn9`t>3OSZ!=a5iH}u0=U0m{zBhbsZAEU07nJCKl{s=aBTvu;T#jRU1|PIBf1*dOQ3(pZvU9*{o9-gn#{VEZ*O9y`U} z9Bl3CNd3Yjvxg7w3a2lK_~_h%?&>+RkNe5Bp`V7&Y;;6^X6#LEx@h%lmptaitIYeP z#G5%N7cp7?S7Z4G63-KE2_8Ot{PHX6(}LMQNB?N~jo+)!EM8C`?cw;gBYJGw zVIrBj9TXVuze>A8*Yd`qZ#O4zvQ6cLsQ+?MB=2VfJ=%ukrcA zGs>4tJsAft^iubY5hon>ZNyzvwS_e`K4Tg6TFKsxZJ9Tgc*d~)sVwY3!7L3awnxOV za@-)Ttcto4A(BwZ_Mp$p52(%Rg4RbqW3qFn^nb2FtuF@1+AIR&*#@JllRpg$vrTMd zRi7Rmbm-IZO3|LqsZ&ev)i^tk?E4_z?li|rOmt-wX2jPyzay66lrIE`C$Eq1RRuSX zyiaUPJ%#oSOW^h3Y*~6p4&?S*5;vGQ%R@)^`rb5~#B3dDl|NikBs#K-Q$_Q*Ztbhx z?^{2ISXjLu9nln3QR~rlp54!VkD|9v>GVmYDc4`FEX(PUo6T>|7M{LZc$Qstmld4K zfIr*$Ts&rQpDZ`$V0?V^;cK^l?J`1M*mEZGJH`T;<7@lU!@WmoawOn#&bEh@z2Nfm zqoYkq2X;>cTo!MW*{w2u&p5d4VvFX1>8W64%^!5J6FZtl=9ApsgU(Og#+roGq?dw~ zQ`c*|6$S>+7KghZ-BY>!#2{vcm3VJ}fh%dgXDoVuSE)-DAuMXER=1x7ULh`wu1Qc(GQz*qBe&tR?V}k?ac3{GDs^niMCxcSI_V zKIz+=MtyqCPBMm`{2~f1Oy53B%zaU{*09#sF*I+SY&q+Ckz`ih=2I{v zkKqvOfXQA7vuXTI*k=^CtJ>#hUCFvU=FKe|{L>F3n`=LsV92Y#J+kUVWCl88qbPwl)Xg!G!6L0JOv)=34jC`N46gyoM?jC(1CV*%Dl{rZy)9(Kzn{5OWAN78XKTE`PoYR_B z`o%nEZ>9Q}jH+*UN`CY8J#32|Nr3INornLVDT#$^ZW#Ub8$aEa?68}q2TgAELws079i{|75c0`bKxks|*q%wy zscC5ad5I?XsKxn`*+yLhZi&3(jvaW176^X(PD%okFy-;t$S zdpM@|+c;%wfXnnLXYH=Dsj>3w##GF*+aGt#qjT)XLFZm}{hIG% zHXh~A6buM~L#8*NYa4spBkY_P+F5!%lN6GICoEl*t0zxG&fx98@C5ro0gY0b6M z+L)2+H&zzBJBS(%d!KlS2sDyU%;(andxu$qU?%z1at#x}mxT`e*q&jCP|82GZx2uI5d^HErK^7q4Tx62^D(g|3XhSUX`wA}aVA3u@u-#IgtKHMr4ZiXw%smMQTP|6*kc!cq` zf(>-f@{%2^Wq`PrySa8}0*P3l)D$pM*iwmQz>E8Q9~|^DBT}yZ>$@G$8+AHCnRZHH z(i52i)q1X(5xag)4B4-}9S!wNd=dR@QMM{lcF!*lb5xn=Gr?}l2KCPwHFFBp2X=M3 zz=xtfxhVM_+;#|E|2V#QewTCw)l}8Gd}c!I|96>vsvZg9wh%M4eB1O;@FJ>iS3kkV zt9a#+wS#fc9t`QCc&t$IV<`#jG*WieLm>AiP%&)(g=*7~h~ zi$0;3f(HuTo^9(+3h!@~JiPM0M*5?Lo$v*&ckrQzuSNQ_qwZH3zg{9927d&VIo*uC zmir>GwS%t#h)c;XJmU{3LYo2RtEgzysj_*d9tRG{+Wt_~Ar8CME@Zy{Lh(F|(+-Kx z>4)1-<$7m@v-dGnAhvzIKiyU3fFSp+W^94_*NtJFN_d|y{p4n4Q5-|*LX}|S&@4Bea{NlJCY-Y5qH6(WBfj^1s+F#mSO>e?;+WQ11<31gyKh zQ=2H>szKRHkN5J0DkEw}N}*Q1K(f0;gEte7nvMcWPiu`ZtxKJmAM793Rc_~gzf#$G zeEXOiMS1t_LGSzCsw4oPICA(4@5j=BuUuCt_U*5%G}bnn;1z(#l!E?aZsx4ZQ*Fd| zl<)X|UjN6yya5J*0yf5FUi+f3&UB8#Rh-Ss+Ui#@>!0wHvJN~7`rwbE{mX(QbnS}tYxNPXr*v7Rz%+9} zSw<=)hf!QSaU*uOkkKy5V()AVX(aOP8xSS2`bD5IsW62A?_p-g=(=L9>||L-`y82H!bc_i`_6+0u< z6oR>dA=P1#U-jpbr{nI;PEcfoOc}kR`blXhd+O9z$f`r zm1j~G`SC6S{iCA+Mv%)rKJR+GSQo99$~atfHt(dyU+%F8!to7A-8pAJoYOg8QA^W6 zeSYM?cSKD3+$wK6W9fRisK)MomItK^*(|_%Sa>tFx_2=rr4sCS}N>AEqD4mG&lDEJMwfF!|svr4Lp`0ZBJiMxVwI5r2uAo=FTNZoK}a( zhYNqr5}7{8v^u%JaogSd%0ZsgzK*dF36+W*tLSh2G^wYJ`l=*p`Hq5&ThPxSj_-l@ed)+Yp+_9s0pYl4{gX9)tJYSJFzR#u1p;Hzo{!osu&yM=DBPBI?s2#y3 zom&y&nXmnz_1AQm=7Th@i{B^SPp{o3=g}B!zbqKtmVq^7a3I%vKW!vS#xbbn01gN; z)P~ge%!EZmPaNg_BlD(VU}+BUZySY8x@D*6)v|L*Yb{mu(V9yE)cxGYyd@a$W@G$c z!QwYq64<$fTomS_tq)@Mz;Jtbw%I&+t+D?8e)2*9RbElL7K}wtx z#F!0>fa+>9b~)MSsy!YVZxjk6lh%L{>q7`EkVxPQwU&quDw=5#@h6X0NejUEk987i zQ!6>)QEA<uegr&KX#MCtJzB2|5(96LIT$deJgf;+mvB!+qR<035t-WgYSTmclmlD z$m={WEL_X)Re1aI@?+VT{uHUnLeoDy^5}HwXedKri&5ukZTzI*!XHi>$DLBAAG8Np zai9((TxAs(kGuBzeLSu@G7~&^vlB`tClD^bh;IUZe!ML_AS6LfV$%<|*MH-V91wLvh8PZML18w52M4`hhQuyvSl&FieLGV>Htt z52W&Q|{XS~O`pK6JuYn%=&|Nk?8E2x6pg#?D>D(#KLlHt` z(3sxlBZLgL_JGb6ei`??n<5$+dWhBnIl%Myfs!d9p?tq^`x2Bq4>deli?i;E_lEC{ z;d(J(1^Anm#r4WM-`pSYQHY%6Fb0BctXPALkc0|=X9lW9vD^}Wr(j^ln`qSumnF`M zM~)s9JYhoGC>L`vMe`&W+&-Via>;%KeB@KgHlYpRW;-4<(X_NQX0%V8Hf|;fI^D9s z(6(h-3LGGt7&2CNQTn1B@=%w{ThX$9E6m5cwUMDW$gVhGHbdv9JVmO&gkw!x-(M*h zJs@j~h_~3$%dg~l=K-_nM=Q=!Heh$%)81X5D~&QqAhFuDXphw6N5Uw4JbRyfDKrs* z121!V6SJg3kyOry7kXsaXh#}f-=DjElRV>^K#GWt@4q!ZZlrGb!4Rfg<95KA{+zva z5YXBDJijBWmUihLR;?^7*m@nyRxX(LMCUK}*MCOhj9?<0?t5w4)Gdl(e!f_TSAb&}803oEw- zIq_Y8UHX_~QQjS;6Ya)-f~Y|1XL`d?r2A2&4U&m3zH|@DV}Jo;ASvmPo4eo?D9D*4 zNM&}LP(=ne2SA6{^y;d>IJJ{p&xOxi72OFwYRMChI$ke zcbm5#@02^bmd(u%Y|nSTK(Su_TKT2vO8=XYW9--=BX6QvCqNU8ZoeE@tGNUyw&i>a zHwJY$7oXLQ+W0!jw2rz)WdVXdR&+K4#Y3dAQaRN=1=p5jc97(l9m8U`i z20YdhlcgYwrmDD@(8uGYyAY0M2AwD;qfrji&BOjJB<7>{u6bC@BJ9q>bmMKs*x`j zu=}YJUbiK>srU+-^8m6A>6_s-*xoZ&dsK{nY3Z)~9j0P>;p*Ty1zG?~%O*Yp%O`2@?=>x0Pf< z^2?i7D8qId7UB_yxn&-k*bve1QILb|^t>hM+^N2u9>@Z%ZC2$dsE0?Bj@cOuS{^nO zkX|)LhntjA`dmidl2!D8hGc`n&Lyw2zesknWF3dSReS7!BgeEiGUEgMn2Y? z2nJqxQsyD$@_zUlzL@-hqzoiVVVnw0-<9|YW|-}T#^QVu4tYNqZ$T?wydniTMv#1b zdagl}3I>3Ld?t92`V`0nS2TIpuNoH<;WmNfw)XS##umY^VqIwpV?kyU+nT_OC%}4T zcYDZ4W<_5oy<|S_WP%e%;k^5?Pm;0+xjKPUD+z$7*Bh@+^L8<(A5>P0V#*Ee^(O%# zmJi%c<(Tj>Z=%UE*k}C}r_vh!=FwGo@ws}ge)wE|Udg*U?B>Vmi38AXGKBWYS#ig1 zrKA6zblyJ?yO@%%pKhrKZPku<{IR;-9^em68DWVMq7*-w1ULhE#V|=TB$8Wd}Fm?4kvjF4xnI*)A-9WJNMd>E;z8}NW z(IXyVnTkMy$*m*k<>aXZ;K@jWzGy^$z}(&HB6=>Z7f;|^+`U}lSVMtg_J^Klt$o15Tj#2#8UVf7C)Q9tQl2uw;1P7#`C;Yf{5|v)u}Fq zg+K_wY_yxYnaJ7bmyc(g+@bo~7zslqG7Zt?k231@ImhqPllkLg1#-DJI! zrXoFvlMQ#bfP{y2c0kiME3GqbCh7owGhBuMhA9-ZhB6Bx4)a(+;Yhq_|AU1G7Rx|B z`G6kB(lS$^v>34CV7I~=5S0P_`j~IMN-CEVH)01cxUzl#X2VQg=DJn$xaq%$xc#4I zy7v6g-hXHT{DJcQ$=m&(uFU_g0!L?)0dIqxcr0L3bgRPSdeYfpFMz~X20~S0$HExK`KoEAM2R4V$#CvRQZ76yIQH_;N=`_KJ1Nl&09=jDLKN^ zTTUde{1YAQ&!srnzexiAzdz8$_62S|{5?7x_5+N(`&_$}WJ!8Ci$&D9vJ2lxCjnVO z>7;KfFYd~YN|{xf5MWp^8YG%ZEd^G%E_UGtIc5vE@i5uiov9kywR9`n4t^S8aQgrP zCAEE(<5vMYd&^^#?IC*cUVxotBz&7q8~P%l#V48P1ynzcn8Dn6d~6 z>0LczLMkSj0X208_&!z90tSwsfZr8Pm!HO3A=VD~hT7z0IGt?d4FGs6B5ILOJMb{7 z6Vj&>Jj{CHLVrHQ){9dIE8VBqK`qeyHb zLjv#ZSmrskx%W6fQP$0YG3-a2@t_m((qfwlGzYiaBJD%r z5AIwGUSIX3-^s~T+`*ODbg>a7qxQl*W>_+NT}Yi~E?9fIv39nAsXPF?a;++z$&~;= zt%S!1w*_>%I)D-jAFCpP6Mo)!_rHQ_{SOgeW#^6)ciE~!aDuCvOl7v zfq@fZz%B;hO^i?K)~|;$eQCPacmMk^ejhvgt?91+aBYsowx%n0!rkI6FUzYg2X4?# zR?3{GzJoe(SB^P$0WYVuI75%wqX#IskZ*;^by2s z-W~;)U@#zI_6LS#G`~P90-d0}v}gRF*2(HRqv6^mPruc6$M|) z!Gp>EbZ`(cFKJ~vVDzdR&27&QuML+0cXbdc9n#6czH_89oo@C%`-$Y6*Bm_kH2%#A zr+IgvBaq5uzmkAyw9N+sG%1B}Sr!0YAu zA23aB&0MqeSlPO)e?wa7Ukb{)vu4XG{vbux`}_(0`>z6bsdN#&Q{v6Rw$E?SZ-^>? zkffA?gZW_l^K-8+99c|Mb?!F92)r-%1G3=XY>VeqB-H1oR$o>kPiXt9RYk=18DoPO zZ!Hl_5%KyJVNMeWQxU+p8g<5U0EWvrxF3p;6F&|3BN>x^j%Op{M&#&Qb&`o}hb+Kl zdE--Vo6E252Mlf_7^}|$6FY!d9mFEYp)~8VWw4iK$Ae@Y0i88FRh>uD>b{nYvrL0w z=M}IFx7F{c_POiCs-BoF-q*YqwNC?hTMZ24dE9Bsv&#YdsuXl>!Q;9bmdtJp>4o!v zsEi3UKmpq+df?o)MKj0-JA3D%N*JMf_!_R~G^==+f^Uj1LfEw)zY8jRJK^@dRd-Jj z>V_Z!82UXRDn+i;Fy>|QGoPt^v(K`m64Zb!srnarbsr$Fc0MG01`w`a*p(l5I%Mz} zJ-FaeLoJF%dfZds58BG>AJSIuxQNHaw5~L+i>cwCoc#ll8iX%xc~Cvs(eglY?$R+* zD6-QxmX*4lf&dj3CV`w4UbPVzQt zK~jG&2hi-;Xa(Shc>-9OT7WW_oJ~O&k#mmlP^aGXmIPbjp2=CPoo>w?VXd0Q(zp=f zdxpoHKOwIy2!JQ9tu8p?*jBhEDY%o~XClYf!iWH&SdgETvtgGBc|iSGmo~J_rT8p% z&q6LcLoc@W;1U$#KdZhn13-`dve(8HX|Z%N6kUH``2Y2;=($_-yz$Ntic;#$YbT{{ zQC_)N&$E4WSn`K1nYZH)dODc#DKw+lV`4`rz{`$MTk8fXN`vvLAWXD)zNauSY`ah!J0)Be( zYI&?rdO**W$SW^zB2q`$66Y@%rC!W@JSV8A?W_H1Z@j7>&s$qyP;yjrqyk93UsRqk zKms1V&jAQgOnoGiW0|?ioP}y`%9Tv@IN2vmU*v^k*qw=5|Cq_M`mEGnpcba|*TQ5A z<`Sv=mWu5&rLa(?J#RI)&?Sq8ZUaDgX{M!~xE>pw54`f4dmG1&1nG5*RXMz9X$jIF z0cZnwfEWp|Ui=Lk+@I^I;gD5i`^}kvsmwgBLz{SuvI&;+K>9YB68st7Kl}1V5Q&@l zGq0pcR395hdl8n`ozyhOdj`@M^Zb368JLjqVH` zyZ3kg-hiYtK{N;Hour&w=Y5b*Q(A}$NSU(rgL4FZZX$BF?v_8@8T9nh z54KtR(6IPP#9?uECV;tLmXwSyK!@|09AHC0aDHdLE#g67&3sYDmjvYope_%+xgah; zj0`paM`P*~N!R(3QLg7Wt1pl91M^SqV6~r?(&Z!+6Fk1cU$Ya?bEBDvR2vyT5|))Cj% zI`+-)L&mFUmje}Q=*_0P*s&BFTCz%X5r&WIH0x2lcNBmCPSW(^7v98*MMLLTW9R-< zi~h+03hpQrj5UwEC(BW1&WR?J;0FMRPg73p+1yO^V)t=RgnXo0L%Aw zIWhK$gIoRd>ntdNnc3||yt_Z$OaDVn8|97E&zqYf=W)t zssdLgdJ^&10JSv{z_8XzCyiiygNOwKU>}t$Ak~5akQKPSZ|<3d&`aQEroZT5YldYo z;pW-V)*eez4bg>w!0x32rTxA^A)h70$1lJ7Hg%_oRdGgSX1i&kql@axR>Ewt7%z=Z znEO>g(|2>YBW{|?IXGCr%3fD3nT(?(QvVRUWW)o^bsRj$KeHTY`r?Sr1yy7?kR|r7 zaA1=tYO8!QAq(ScEDAXL08g=leLDxch{O#^*TOy@sq%rtzQvK#R7J$;x-E$R9{KWn z9)v=C&Ki(MMWzmMJNSdd2U(Kq@|y!fApHBjDy#U9<@e?ft}sP*4rD#N3`n^OnguRC z_zb#|?-~2q?1bu5ReJpUs->4t2A`}|WJge@mi)r2SyGHCj?zqs+lT>BUmaxI>_6~- zI83-r*Wd=34oTCSs-FC%yTN7eD5m!6<3HvAZ6G->MlsN*R4KWd&zM!%q{V=QVa?K? zsD%wjv#G&H3P}rq*MJmn&HVU$`q+ioGNE$Yh}n1ZFnn3^ZogjQADVJEge)7y7z${KLf+38nyy6`oy$C|`6aslJ+)|}N;p2@*KSZs)+37=_ zr~0Hl$_o#8*xBB)J29Vm7Nmw)%>+vDbK-yy=i8sl4Ipps`UmeUv(uVFGq>4{k@jQ= z&;(NU2K#X1&LfSmH+&iKa$E>&iV4?ir}eITirnFM+T)(vQi~EAK+)21XMdFW=(F}gZb2SrYS*Pmp|mr zkhKDl9whQn)v?6F!F5a3M}{T3|HX?fI!XtWGx91OGTJ5h`MV1jPC=NiSEoRVMWYth za=&)KPD$o;Jhe^tATI)wyZ{5RRtrG!fITLifgoNAdhh$J%VH|9iP0mOE`6PrmA8xS z4D-Ue*KJ647|4HxKdeoQ9512f{M_wq{gHMyNfOL6Q==Qni09@GF z{&eg3B;WmCjOh;F+k#jS*N=IC1pQXbX%itiE`lrJQMWLnlizUB-+OI`RxhyXE9u+$ zmbK*qU$aKJ$dlK#Y{D(_onc+ZM2i=GuEM4@L~J9O3?v)KR-Ifnr$PYhdzov$xG4aI zNA9B$qRXOh0PU^~(dB+{{4w?cE4^tyJMtjpK8X%;Ujp2AY;Z%zd`a$HCb(=M45bCMG=XD&d|>RKOQf5ll-^Be|EBScte-5qVQKeP<@ zK!EmPG2TjGAdGL(_!l*}2!5*4W{RoP%V5yyDa46`97FPPhJzf6ni{zWX zaJ@Y@A_piq@EU}OudIWM{+RSM3O4Nl-2GgAaaxmL92gZqbBV|qe$hRJWP}tsOf>m^ zNx9s!_AWpzdP7sJ7^L8|S#xp5gVm9TihAB#k?)2pog`y?MZ_+ZLM%(3Qm+Ou;BQZs z=ccCqRcp~&1LF$_EoR9;KHqEl;^p6)_PXV|XHZ+D;m07uqu!8L5*n`+Drpp>%ZzMh zJ5IVyKN!VxQXbJiK%2QPSr@Y!8DAB$tx!8;mf=QTdA^k_FB$BRC|qRua;cdiqGe4K zCP`B?%BA_S>QIH@jS4q24MGF4elp=atN1RU7*Tn(s?LE#}Wz5V&GFXL_^fRyz>3*y2Oy4 z*@`ER+O%_p2sk>xxu6$GWgV$P&rFkG_r1&e5bp=hX8Ts92}?myzJw} zLq!ehzr_rr0R6x@_wL)*5>Mnk(`^4Oi+JGOu=r2NBI3@Ic4DKCE%%EKB*}@nHLfP# z8YJsPKB{S93y4{LHeOtP?@uAZDJGmdY7~DuED9b@Sv=t>$#)5V+l#Q7E$O-l4Tp_F zba)3CU2bOMN$V|?sm3y2gf0Efx8c+FSC`7>Wy&LU=AYG{6`fKvn zF|!M)LaGbx&rZ`$RX0`>;$C_is(PMJ9!*EmmCvVDJU>{Bro zfv<9Ur{HKUc#NgDXmkdPU@|JZm>f?%3MdQcZ@|5Yg{ZA9S(0K^fPJ-$xSN}sp0BTO zzDtu?M_QeGU{WbzZ@=AU87d0|?DG3T-b9S`GPIEhC1EXW)`l^4{cufExdDR9n_x)( z*k)}dehsWiCeB;8;ifhwAHm?yo<3Zt#W)6)T?s;!Y!?$Jj(8ERd!$>wf0c$|5X&Z| z@Of5^8d7wrL(^kt!Wgj<7Ja0KbbC+XqR|H6b0)Cvb=5aKa&otCu9Xol(*wbSn!uVh zq*3C8%vZu?IiL8i4kt&5XGgxifbGt}=ZR;NvNK5j#QS#TP7n6O3%!Y@D1cSC-#eM1 zghX%MxvN`%gk2qR1Nb%wX$2(;w=6OX9+t^C1Wnq$)y^`A*z4H3Z~ZvBE12bcq>`V6 zlz4o^6^TX)c8^5OOGSSl`0w<`_9M7v2X3gZ*DSvYIxZkywm)LjA{f1%Uj}-ptwDRj zaBXq$P*+4XpUR1l@AsVTxtZ_W^P&`=yAWq={P%%>>i+0E2koMWjL4AwEYjIw^7?gG zB*k%=`6r&e6&@z{_&s?j)aYv?-L6TO^?Xv(qj_A<&YEl$8&fPUk-$R9ZCifB>(7Gi zef61>p02l2UPrz;Ou-y_Kl^tL@+`b!cl*O)1IXeZQu7o3bf*7Li@Vqf_i|13Cn@0P*u8b`eU zZ#C_Wg<`@T83Ga0x35Nf=KQ~ILk@n-e~aI!5_9tY!ivZozN-X`Q1^)gzf4ep7~Nx zpS-Q!Flvjh5JM{cMA{9s^^v>XF~${}N|GX39dZWD`ns0PGI+zuHSC0MN8qkf*h&UQ ztA_fXEj7Y6U>KOe*ov;JlYW)0Stm1O4=t_R8@O_0vx(@X>!)M@YVAQ~A^-}ma zWI+Q0OtY9yy|;wGas6~0DnH}K9%FgL_y?bKS>Ow^ez@p*Of(J`KGgftCoUQR)7OWN z_qCFs(EB`_%W?g0Td0MzYYWJUG&Yc7B+Q>+fgqu=`8K3sBo`6)+WPVc96o}C`V$;r ztXQ3J0+KFBs>1iN`tWHqc76tf&4KXnDlq6C{!vxc{jC~OSI)Y*ab!nJi2j1OmN?53 z*J=9)wzt$Q?{Ft5C%!&zkKzwyndkX(lsb|=@zYc8G#U0cY^({UY+Cm5_WU$s&E4PH z>m#Z^DDi||kT~D9bc0r)Lp}Et?Fse^ua788yNh2HyUbI1CBBQhTla9~qontd9?VY9 zLeyxr@2SN1rP1p}KmXUgHDlXUTwVSIVplsFi5vxB%!4&=JmlYyQq{S&0jePd z=HUk7>gw_lyD3JZ;1>Co)_^Gx^GCeJjq#$X2RaLjnU3Ttf=tbJ|=@0vW;mtRCN! zSYL6cZ3Um%s6N#+PO;5=!V7-y>yTXjhc74#!^t_`3kBPyRF;6$8}w$tjp{4nIp;D? zeH2ktd9pcFvIa)GBP4_LR@&p)O;9kCZ>}D>mcS`1ihVy*RreNg0~=F*yz`62LsR;7 zK?*^5^_i~t5p^vCgE)*D|14*lAyT(FGE~`8lhd7f835X?%>8F7DLOKM< zM_PskhkeTLUKI{7Jqg=Ce56soid-s^;DC#yhg!)x+1E0xtUc1NPMuPiku<&Tu|u=4 z_K2z3kCJUOmM70p@T27MdjDxvR6WH}U(JLs1xRF<*#&I%1J9zp%JND=8)X@+}Le)3$wh4|uSh3}?> zWoLBYP5Hc&ntUO^r9 zWu^l%A8%e4!$txP7^rBfoA^upUzyErUNkzBVx&tQ0+g3TpzBhy%iwmkUMB?wqKu-P zxF4XK!SqXM>lZDcMWlPcLG57S#-| zi!smu?Hjy>8o0jg&<_gcncqM1KBlr=S?li) z6Dv=|0^4QIN~*c1N-Spv3L&>fTP@f66;rm?mQq?0J_FP9)araE7z@Mr?i02HYjv=% z=w73B1Nc{IzFNPmkR$8$d4s%5?duB9$a(nDbukY`T3_q+9@6xf%V_cWn8cnZ+%72MHiKkD7N${ z#+@&5neV7ZvXB{ikHI}z;8gw+fV^1g?1DEyreW2kxzCJnqP@!R2tKr9hB)^P_{Ni} zeozaQlZUx20tL z(VF5|=1+Dw)1awP8A)0H=D8ttVblEN(;vFLdj*=(ViYeQ9$e^6n!&Ft(|+^3tih1G z8T*i>My%ZZxaHBdDGY)_cpLe#W%|J-?%s+=^5v5&qDp+ z8fy-%k#A?ik;T^ms&5F&3YeWH#dWc5+3-Jx}&^I?j*on~>6HTEfc3x9CN?RN#C?(7it;;?lLPLy zN}95(xM(=Pcg98ATy-qAkj0n~AehTpGC_0t`3WhKGjU81oKKSvkVE67&PDEJI^_*` z%Sj`qva}<@r}>;ogfn|H;o;#!Ra?;X48<1N7C2-@-!G6SCxc{6nZ9XlkiA4gTqVsr z4KIr;AQOOd)-bSTco_(Zov3}jcq7%HUAmh^IiLVY9#W=w_gXH17U4nYXY7`o&Ufr z<{W|jtV2LupP&+uq>enflW$*psJ~-2^M#tU&V9z0uMByn=GpHp9 zwdv)JZvWxOxQ)N2dIWCF-zYdP%`%=d(2*tD-m$2;6SBK=BJ-ArB7ai%TZsH^3%`S(2aK%gyiO>J&INw%&?()^=xGj<>Sg! z9cM_bts{eC3(8bzp}BJGbJp_4S58N+9NNSeZcAcVr2zjUw@?4OPX^V6N74*CsVp>dAJm6CJ!g406JiG`oxT2!_` zVqj#41B~`E1C?+hv%}A?#vulr$+hIAzB37PZxf&;DukX3s{yN6ke=l$2@%^c?jqWAmfVgJ))w~X zorxp(Vodnrhlo>8w3L+`L)13Q$;HWwTgVSA?lxEey^fIx;LQOR1YV8sI(_@*`_Qg( z8R_6Qd{dpi&#gM?dFHCC$0gg#ge#B3?*#5dvbE4W3HzF&emc7YhTao^!O_Kjz%ZGM z;+(Fe=f_h4y70{n*3uiiQ0O* zJNiwlExjTBEL}+Mc_cm`^5H~p4v?UwqVur6u;fFJmNg|w6{io^3=66mMvtIZhkT)W zT+@)NEst;=GhOcnM(6N4TEV#ajnz%`)augG$m&S(%X_0Lr8jD<=17BE;Q6?t#snlD zjF|BzC~QnMg7~#}A^x)F&r-TY220A|NNiIX996?&*3%rZgda3VfWz}_`{-X4{(5%i zccJ@g8di=$A>BG{p}tP_{C7uWPulJvM73n681Ekrz=qxTMC_Z!>+eqfSOru(#mr+A zAzzgF<5kZGRz4Dwn*!o_fDr)r?qK(6YD;yS)YBm)+~mnmbfDgo;1S^B&OJFbCU9}O z<1AC<<8w!61tz?RLHoD&y7q~f)zy)k^Pu!;&?I!a1&E353rMyuU{Tv3u03z;+R|J2 z>yYPpqU?a(UFzjcEGApxYxtQuLs#g1mvyytpikj)Bpl7_SkFcn$~{fSD83>CONI23 z144Oapfzl98Qhh(00MdC+Y5Bith>D~4(49(se(8!Gra^~328l^m!zxBZ?OJSdFR>1 z7W?bsA+~V(Y*DpUzMF|hPU7w!4?2Hc^mU?c=2y|sm1Bnf-O2V;AA{M|z!6_`-dPrkr zuZ68m_dnOtG5|baGcpxKP7(^bs~aqf)>m!zAIXR7Z@xmlS*MH`ZxP9;gT1H(0^)Fd zkfXc(ihz7`r()Qa`33A;OO5{1$+0x{`=YqTc}-T_AXvJ!eqW;dFxAMl6^4-%@(tcq zJn0TdpbwOPB|S<@Zb)WFoqx?WmQ&s4y{qQws#6BmtIZKlY0k;KIswj3;V;0 zFb=0yyc6b*pBTngiH{Ip?oGbpK#jX#G^Pw%?vmSc+x@+(W;~Z#dg!!)RI5oQLOn`V z3jp54N3a7fm+y6&g9TlO8Aj5`-SH$9LJGqGi*UTN``xdd>EpU}n#nT{7mcYk==Y+B zv)EeoeW0CyyMGIH2c#M+GndXK;j-beTt=Qe$z$E<6cz5U4?}wgHSdQe4eyI#RR@l; zSi_udHPv(Qz75(+7f78q5dxb`$+$}48gfZkyPKJ$Sn1npwe_hiC86`IKi9J#{Y zDqmR>vJ>=XrS9xX)V3CLASQFp-i2DK)ji%O!|*kyd0r7D^<}A%dVX>Q3CFwUm|FVZmZw*ZH}aof;+KP2^s7QkCzaeZd5QOPVGW1B=YuO2P4-&CAseI`k{x@D_ef}&*kYQQ zR5js8*C_2z7iV})4xnmxVf3sZl_dTKP_dsms7$>MCDEMq*PRKofdh%hGatYOfo6_F zi1h@`>8`E;x?_y~mzpQ(Jmp8eP?c*2bQZ&R)HOvuWZvp{-gY=>&LuF7#*TH@Qu`xC zKnXyRxR7>onRJgYirbvi0QQ@Wsrxx0q7~Zqj*f`|Wl#fkUPR1t{g@9%oESZmE!>(1KLaW=ws=RO)1o5&l!}*;S&%2F^kem8 zF%j6@%1G;BZ_?e?3rzfMwta9L%4F(_QE19Xl9TOg{TdQE%BDYVB4si9JZjRc{&RiQ z$%Ix>5D8QVd)Wy5InR?|`Mcc_8~Nf_DCYKOg@f?mxQXyfdNM$$#RvX8EzOJ&6TP^X zfF{kCPAyDK@4U;IGMn!nVVSu0eIV7~xY*^nZwWj$-*KIXhtMaUa*9#d#=u2&hLiuPj$pXDr~WinlAld@NY?lI?&)28`{pBuk4m zw0_#zUVlIW9Y$J1gJ-0D!|%3SV39U&KhL9%58Iv5+&ImSLMjt8c5!t9A)qrX*D=O* zOI4(yyNhbNPVUnUF`32(3$yU&=}s}-Ji}5f&xPopyBRG@KQa140uteKVv5z)!K2!d zMJ%rc*uVhziiEG(g)+^DO%bkD-rZhWuFEfW3B06w@0ntx2JZ&23T+NLL0*@p1U1f$ zFwJ+&=3HwQxj#TcPBaZ|==%nXN+DNy-F6i4Qw~5tLH=^Y=*hDF`!spZ1VYUyICb8S zM`Z2c=xXGvFXgT@c|Xl=(i#?apRG}Jhe3_;xis_5aVsA;-iszb9h<|%A!+(4R(oV* zi&}TLeBS4K7+4YOl$`1up9CU)y2HjufSFJLcz)RwwH{D}3C^pttC-6OHPPO-#S z8!Cvg$Yd)!HfG1#)x*v7;N%xU^%Z(|(?40aRB)$3awo1k2!1(vBy|BxHZzI7ZwGQKw zU6m@3!9+sFu|nd$}zW)bweZXI#~4`<;U8K*Wr=YRTfOoL(EOh*c{w6wSi`05D^F=o3` zH#HHEy4`!7Q%JcatNXiPp%H(5)wdTqXe}2sfXLdZEJQ^asZ+O*z@)QOC01IPTylf8 zVHAiA)R4wi3JEW*lqaN}N!Bt0)chNTf);0m#eY`qZZR2{rRMJg&R{tGS{;VzG^(x~ zA)~dFs4m5&8DhB}XG=2gOFFrxuUsFgAVF)`>yN{HS!rb+^{)&T+=%f9f8=Lo>rSRkzh8Cv5H4mf&qKa z`dDiaZgU5Z+tSxBgJw*-wWc0rAY`0TBu$uIpZaQMWYG~$>X~Qd3gLMiy>&ABVBm&< zyc8DICr1Iok_<08o!PPY%-EU~OE@`kX$07finv7&6dWa5kz*%~cW%2o-fG)0B*TvX zp<+d-xC|$Q0{3OS3$$y0Bv|N?fbdpPknA_aXv4PE12WzD?P}Ssop@s@2h+-xK-#=r z5vRB_GssLU($Ln3<4?}h1OihnB`LCF&uO#VP44_a z$q_b?Io!&(VTc+)0t?oE0FC1NF?+XV2*JDSulMYNYW45Rvx6}U)a{0yq-7B2#1?90 zXLl-XnmF!ua(bF(l~c;{AxW|WNgT=9c%C=i8sO{yqaAK~$)6;DeX2HBA$WOfD?MCyJ&Cd>ok4tS`C+;@Y5 z6x>d8YSa=xx0>rY_;}F-N^_LMhVlTUn06S#E*M;m%z(h(^BMCo5W2r9UM6{ z@P6*c*iG^qQbXbtPJkitZLk+>Iy1q$n7W?fE+w9x*4e+Q&Hq_OmA6{ov|5J$yPpeK z)O!SO)5GBS{A=LAC(?J~tQRUYh^I}_!((a_wp}#^&QWOhBYmIUnZxV}kmiPlfY5c^ zoySZSGNYl#;+a>qo?f7u?IZtAA3m*6*|%$R78d+{;9tByQm-i{P@Z5``1fFA|7VfX z)1X$r-MO7<#XFxl{dny*cwQ}&-4Xz9zFu6gx$crvR<_QWNjT>K_?;HGGa9Nqp_fJ4tjom%$cfqSnml}Qp(mj3> ze<7(K8Fc@yv0+DA*6)J-q5rf^>+Y!6q@B7_{grbgCnjv0J+Q04hwdsjcWo^)l#JaT zCS$k2^eN5iO!N@E{rOJbzN~WC%6ee#IHg2Ih)ab6*)dYpV1SI%$r^=j(SH^6d|`o@ zBZISdzCjmdN)>=0kkA&0Yjfl6jOhB?nOzeDGsK2V_WF$@!tq4>qAE_UBRm{8)Jp<_ zCw}ArinRN5Gjq~FIMW#&166iE@k561LDtLe@O*kx32S!mOw5KPG|tW zyS`67z{j&srg3$3zgfD*`4f?tx&{LT=+@C161M+wI*-F^Z;@DIx!b418i^H_(F%2D zd1SNle)=%+Y_ILDorNiC_H0+d-&Y2_WeyK#MO%rSLD&(S5XJEuj?j)@RPR@}FZ%^k z7kc#iS2aZMX>mK&>mS%rr zTDNOCy2a8}%47vSp~&{#v7&}li_)V(Lv z(CzDfg=0`5*j;V>_TT99zXtF?h!2~|JivJzRm zO_++hv9X(M26N&V%UYWuM%t6K9^N-U@r&0TAmA-5pb9ZtU5p1lIAT@V$+84|J_GMr zWC4)(Hc7;NzYP|>3qEuga%u=}O|ZeQ&%;=Ztf%3AcT z1C6J#gSQDT!(azB)|3ipeR^bUOr6Ar2(&%Bo$O^jI=i0fWjw0lKdrCOK}VB4(&$x}KD$;g zWR}822GzJMRR!NzWdbfxISaT#<*XC{XQnJPaUB#1ja8$U!aHroDAU-+w(y@0gn~5l zR}&X*XNq!NIt8ND|2?kde}#rV8Y~8ZBJEN5Kjdc@m~RC_YSLMog1%j8G#^OvT@cBm zBxHFneD_aS@F-$i-c60=!Fis9AFNH2U(Pt>OaM49Msjd}h`3J`^5^4c5vugMo(lJ*y}~Uf(I);6uZ5>yXcVaXBVFOS1#^PQ$h5zql^I06|Uqqpym@@)-^%*8BbddACbp9n% zLOnZ@Cs%oB^q&TX%RW@-riO=5@+JxP@K}24+o@yq-rp0$Irhq>1~B>P&K~CJMyr}8 zd%M{yebc<~tsHdq;k-+WAfvg%OSM(3tv7ZZlJ)kmb*`&Myb*~EeWlR>$1aAuX2Xhi zx7g>fCr+leW)-B!#ZIun_=K0>7Iz-t9u+CpOVOJ}-S;LOzE-~3eySY-!1&dg%+_S3 z*wF)hUF_IFaf;H&gUEP%%3>uKou|p*&Eu~{m`zl@4n06o06rOkEodDE;aCJh1d)jO z9>h}f5##f$miao)o)X5}6#q>a;D0*}`X5hAJLS#Jrw#4Sb-@g8WPQZ1tvKk1GKxei~6I8v?WQUOuwpK80Ogh zXRuqH{4XH`4uPxL(zKU*4((3Uw<*`iZ0<;E%zu_?#B zUhGliriT0>52g>{R+wl{3)V%O@asrnw?7piu^y}7evqyKE)VG1YF?A=qgeTfL z*wW&F;{oqveeae;ioNoAjM-81Td!$Q|OxU@K06 zH&KS%h7CKxv%ntMr%r1etbAqkKmlj~t8iEdfJy_0f1}qp{<_$6>bqsRJUm9`XLd4p zIh2Iyss9Xy9%C4s|J7{zS4|Ze)0MQN^xxR+Zy5Q$NA4{!)xUrQTcUC(ucT={4ll}4 zetHgihU2Op903{_!EWb21YUmV^w9au`I<8LJp#fY z^$%mb#L-OkstC%H4+K*e)^sP|_W+Q*A+V4?5;seJ#xEy&Q=U{6DdR#o|0-dfgQNns#-_Ob@wABD?;>aF9&b|4v7|kq&{a)NIA?Q) zO{cFwV5vZw6eY9V3(hp|JW9%Do-@K3#jpwiS6=gW%T*~Rl7^dIV)NMv{Mu*h7{R*2 z>>FYOU>mX0JgT*CZ>IfX7W0=g+hY}_fdqY-< zO_eOjrNEK#S{Fryi0(d;PeNLgIkeFmUHN71{~6p!o%2ePqVoVy&hcxM*~2)Yf8_%9 z;-JkIgQvKZq^GEq$6=$_K}=($!OT~{XEJ!$(eCTjK03Rt3pLsEFnL)HJU{?cv@22! zooSAT6zdc$P&nqG$(L!^06XHc+9n@gwp*B85%o(wTiJ?<>D0YIvC(5$w`W!2SQyS_ z@voq~#U|Jw6{D_b|JBlmlGTBEcmX$vXy0hw&)CuJoHsAxrCz*R`xQsn;!?!0GH`H; z2Tw85bmU1~B1|#xOcIMnhfsrP;Z5`0u%DqOuGzm2_Y!kou;&Nln4uKy&>My78wWZc zIpuKCQdA0hHCigpoCBV3={P`;Um|di@a_mleICR75{=}yneL>o98ZWwQ?L8qutep7 z`vHz-T_wlJH$fy)EZh0IhX2YrlRSWG1`Nq{$lZ?pm&%&~!4}sw9b=o5^5hv12L-eJT1jMYxKJtCv1 zwdb`_5KuK>0!{&nm9e@k-y4GZ#FEci_#D^vQ;f#yvd@Z=(SW(GUu>$_yHB{7)9LW` z=J}O-wl^J>H@ON(`tkaHDeQvwf3IizP}mG7o#G`#6~|;f{2C7L8v;r^{)=Id1W0%~}#oQWem|k63xlF@dw5UHgD- zwDmkO+efV>#UCxeM(~a%@r{k+M|>NN08tFzg-pYgC#CK_^)S) z)eDtgh_N9a)mU38c5-TL-LiDk9#ZtM0v5rrvnICLx`RyzL$RatInCJuj9brX2SdOXwtA=|FsQURy6oglh3ma0L5Qb2D>>_@X5(-3 zkH7HAnM3~5@WTIeLI24q=Xx*EH%DV?n;vX%3A!PL-IwkhIHHu^b(JCCk)$%UZrF|D z(j^N|?iVNAi8+cL>8)2s|3F&peRKCJZ>S*_-!KWS;owz3?cJgu+pzM+rJ$ToB0Sqj z(_LYhjztDHpjKk6$l5-3y)C$VX@mZk|Hfk+z52bT1?ADPD}t^{d|PdgJ=il0X9B2~ zN)IE+MrmEZ^xxSL$0ob!%}t>B^(s#c*Hos!y*y*FHrGKccpk(nH4;op$w1bV+vo#X zzSz;=h%Xzq2YH*}xF)O_ouA90%d3~*yZH|-pw8z_6DO?yeQlyPcLANVn;T>msvPl^zYBGkbU@)H_|28vx&f|g~tgez{?#f^96J2xg2N-UX$8L27egz{wh zlW<4j);l1kEz681@F7Teh-tEsZz}PcNH*c(6der=rkTy5QUrt+roGWe$-3aC(nN1i zZQTZ6U5U7MTb_*MLWRDT^yFqZK&kAH&gCF#AySyly+!Yn;P}Ii4iz*ImD5_r z1+2lLBgCfW{oo{9t*bus6*~qdxWblb?BpgBoUC+ZKEV-ZbC0 zMDgW^?MEx?F9W~~ZhC@c8L}$z^hK>q@ zOVa?B8D4`w8y~ok+z$qr=k4b-gC_^`Iwx)Iv0e)cdmyaAy!mksICgY))^c-c1komc zqJ10ug?I^|{BX099b@s??QkxRVW2GObVr|(noI+9b#LBUm*TyA5EF7bOEgOYk0s9f zCZAO@?!2(IH}8ag?_qT3>-ytm8^+gr0Y;o?_S8G~0>|If&E)JEW(Qur%5#u5d~V~T zs9Z+iFLiXh`#3ILNKjo{C*=;D&8?*QiY5Bs@)!ERO6*H5)bQIgz!e_41q$D$q_&Q$ zPISYf4*S>lK#WJ`*m1l1Jy(wg{uw7}3k(c}m0tn(naf(Uj3Ng&ulU`4QH&i1iNG+L zC;Hpq8FAB+EvoK!q&MsX6)7ySrLCiz;ldJeNB~^Hkt1QDj-NL=f&k z!>4!zI`lf2{1&N4b}nMfBvX4vB+(&D9Pk(y9UM?9gP#I4O zu-lk(7MJ&*r6vJynl)^~>iW#n8`d|oDylbUsN2)W{PWNO z5-Qk$X>shN=kV>ZEagH#A?NtyCsuj__C#tE=A*LBK94InBPo_3aoO97ol~m6Jj+m8?3i+h!@WJ3#LmXsX zmkGld>U<~+n*zhfr_0@B$6ncQL#G`st&f!%;%?eFMnafmi>`{-0^2VX*~off*716J z*p1a%A-$N|=`d^-IvYosx+DGGp2&2nOn`4s2N|tQ>K>8zPk6U%FY&i4Z@qv7xvQg3u5CmYFdbhtf0bfgB ziPJ#qPVfiOWK-7`nqRRiB#3utAu&`Jn9 z-tE{dS*BxDK@RRpk9SxSSSBd65OniqPScDAP5M2a=_6^}vY|Oo+E{G{`q6SlnJG}H zNwc}<`B}D}#Ows0)$<{(miAUbMR?^Y$eDEpaz3SnUmE$iajpY~$>%2Z%R9(c-<$NA zswe^sWzeUO8O;-$F5Gh2?1DY^}M+*I54w^I_Df8 zb$?q`{LGmyd4ufl5a*fq!AszmSQL8?XZW9roUPFzBwk?|K>|I7KmIQCi6HNT0^X)o zAc{NRNw5k*pQs!K&u)33REw~l4o^YQpZb@9JNkWh9y~`o52?a7qwyzIC=1{8FKu1a}yZR z7bzXLp@y47ZQDqn)$TJ>t449>e@-B5$ziQrZRAbEsOMFfN@fwmUlmX%Ge zRw5B~m~ynUJ`JS>wtaH-iy|OjDggm|zMt4A#fgJ{`aPeM4GI_%hI(nJCWF&xr=y*I zi~fN2QM~}_$ZcCLVa#>oHT2`an>%xR0{8+qNrNKfm>WLP(kRL$&;VkgqTQ_5)&Dy1 zztbN?$ivQhK%>bO$d=J8wh3V@J~T(i zJrdv>TLCp~jo{MN!@N;oQY|iwo&p~ZJ%M-j5hI5Htz)(V;0H(Vk`owbDc;k3e2a4H%bSY-zv0p%Ll>i!`u)@RE!sPpse~Enl zC2jiu8$nks*Qxp{p8X&FjvPTc-j9W)&JAfQxO~_DYNMS|>Yq|W3wDn;d)_AJc0da- zg?X68Vi~n$$w!XX09S|v_(5#!y2-xPZHSZ-pb?7m$sIuDr~Be7U?fuZXOWpflVy6< zCil-%fEp+k$e%i#N4q~-{cP~))o)W6y)an@d=99Eo@#Re8~0EJ7f0HENFM-MH->m+ zoSFB0RRkUDj5LO&_dZ2@5g8`2%yZ-_@pxB$^XUx$w@agq(5 z(R+Y4B3_~Vng0UF?3<@_GK^pt`*9{Fic$96jx8pqhXIgLdpWwW(5#RfN(*k(=KY)7wD{x!&#(x^l?jM`NC5e(FAey+j zAb%Tx?ub18B#;Rxdfxn(6g@Zo_Z2<=C)^v(G4nr4fc`HOI6<8ObhJGphoxy3w8uV_ znEVvi1tq$KrcaM&Gw`aGO~Gei9f{eSeF~ zN8ChOjQhn0oO%3&FKb`@#j7x-2H{ET((#fa5XKS4gp%`rC3BR0J0A#}w!`y?p~xTFUzyyrrzSI`po{g&M2k#in)0v2n%a z;N2$fQM+-c;$rEoHPc7;ZoH1v4V}%AGxRaTls>#~)VmAr@fwg?9q8jdd8{=qc*ilt zalmocZMCn~b;WB{M9|w>iRfKs)s0G)!5j363H2hfn(MIf59eN5SgO+PTeXx1)p`gz z#r}2LUmfz-6Y_uhUD*2E2fR~X}5cwsfX$p9pFMo$# zCsjv6KLz|;;1-h`27LnH8#`TV%6zS_4Im<;w_%9|wTWT+f;!^9Kbd%5M8CQP&>WMiQkub zknPrWZ0UUdLJ)~iF5|9<)j2EED>>rDZb+{JkXOYu;kji60UrWToU(kxhn5O)>g4?d)cabEmI(*}< z2F=3(uwwXf42c$43mk*TO^VMM#pQ95LuMGOTEn~+O{4{mA~7o34(tPWy<;P)loc3+ zYJa>1QdEmoT|&sZM^s8;2aqD+AOTt{GwNpM+_Jw_3sNLkON5_3GfOC0nv&d>bL>I? za@Ekm`}M3}87d_4E`9hV{e8ufNLq1^WM&{@&-&X<(>swYio5tWP5$3~uMIYDlYGMV zfu+p8n7mATz}!e)gQWE#SChoA7BoT|13v~e32j90?*-uZ!y+7sPYZ})98k-M%>X4v zEGMg{R7d}{XfbUn?p3CqMdqM^2)OM4R1B*;z+;o~)WHGsX&~w?fsJVwl4BK;1ZH2o zA)>}ECWd`#`Uv+WOQ>l0;I06+Z>TIRGM87=Hd4Zggs0TcOzv}f`SJ0sL6+3r3|L|N zH~tFhTD+Uas6OyG1RFghEJ*;>eoB^?YG`JUKEHzK1**qNV*Ef_olE!2Aad@rIkKJK z-YgLW#&iP5SNA~SSZg)AoPYS_Z@oFfelg(qQ3fnj9QbZ|n|F$0SX{e+zWx`Bh^(MS zcDlX`M4wM5mgTGs$~Uq*VWO{iS1;ht6{ShP3{6y{K@P)EK60@{dts%z;QLn}UZ=n=_$~?)IS;zaXm)=I$zc+Z8UufvD83f4 zKw^b!j2oslHwC=mN3vx%Iac?PJzH#Ttz72U#dY_fzyAKKAO5$W0Vl_{iS*1ZwYYR; zr!Oy7@0m5bTgJJR_C2)wCYbNmc8jr8B3lNZ26DAsvsOp`W)Y1`>z|I_sMZo_8uWXD zaw^NF4V)DtrR_pJ*C@v0&i5QvwwCQE$@ih}DvB=k{9|j6x01a5hRP33sy*afv=Ypo0%?mI69&@Rsos9xZRHJa??+g5Uj|*;*e6bT& z)V4e?hP4rg7uQEnY__W<3-1e^kJ$my8N1nPX_^Rp_DkVIe!HBE+cLv=5zFoK;2zSXw&Q@^`uo4m@DzcT*8 zQA1pn*K!rM$ob*(kEinMC>$Ou_V(0PRX)y$NVN?P`Alf$D@0#y2GYlO3RR_ zexh>q`00Uq>oKQ#kwgXW6VKtNhy!0D5mc>g7^vG(Y4twIN`5o-E$v2pL6W*v0j&7( zEiIhMG>h5|co_!WIl2l-`XL8_lbfC!;mH8Hk0B&G3G9gJM~d|2>CuEx?N+$8v(p|t z@Vlos0P^*;`Hm6{*NNJccp}k z>B)}l%u>ut2O*i4eJ{9H5l%exEZHrBb*4P>n1El_z;3wCOlK7 zY(5_AGCed(a|U`YdnTg%F)%LGjW-*Sf^Td|Va_MF*Y!Wd+>M@0-%tK@j&&fe(O z&=hCl_#tU|6~*OAh2p~l{)QdLYIVv{$T15;j1PEo!=~Y?UCY5*0gtoHSXn0*AtW9 zPW0V(W6woV&04M&UhgJpgD8j){$x?1`4xEUsPnef^`c*?g*8mUG6`6FLRhh`(lg&u za6f(L&G^r4)gO1lzSUD8h_94(nNwX$kU{?hqn6)+qK_@)Ft3IULs_VJh~OZ04<_>l zqUY-$kdDP{-1DUNy`A&UExb`l-X};s3Qw^G>*lyi3!dFBb`GBjyRSl)T9Gq{#hKf- zwQK{57?FDz6Q?2BeHHtq0kY#h_W*?kqSk4j!XcIHJ#)v)`VFEO1f@|gZ_`qgK)7u- ziz|9<`6nwGp8~zNXr(FfjqQg*;rZaUd)JwyKFa;L$ja>%pm$UwOwXT6?mYCFFkt@H zC0Q5Vk1fNlYtG@8Un!nbp~spG?X*NFStb*F5YPL_Jp> zJ$@#$siTVK0pv2ZO5W`Zf0JQ$4kH$Sv0wJnWv^8n)?klsBCnglQfOlg5BGGRl$@2H zBoSCS-1N5A3ZlvNXuR}@zR&?%og^AF4_?bLs2mCvxGkX7z13(VUPQmMPzLPbV=@{4t^oY@uiHK@gAr&YRdE( zi9<5o82rE%^Xi#DDS^$S#sUHCD;M7jq>d9h52C;PdWy#TP^d8%<*sFn5#!tJp1+%} zs|*|Q{vJ2l%LRuZ=Q%faH-uo{E|N6i%UbF%^2v?W`tWMs(Lynn4e)U{If;oOZI{*? z2h?hvm2)*ESJuv7fR1VraUM@G9p!mN>GPUhd0#W?Gxb7%opa}brv;4ohSS9lgj|!K z;`Soxl<%5;;N397h&aBa&|)%UlddY>52u>T5xg79yTYRO{=t=V%Uin%_H&yps(GI ztyfn@zmU+8%*6dF06n>w&9iCyQj#+6*>f2hVd@&5buDn*W#wst(RoStzIUG6mg{jv zc^hha{d2vy#yFDJVrCqjzKj>o6vlc^I%#B{5QVs<@_Z&rUAdGk99KmH0-oQ1PpM&4 zv@e>toNAgoX$|#&#VCrh=YF1#rZ!KdiRU`C>?1MkaiqW8G6JqO6eVNx(y*_$UjqB8 z`mlOg#L_!Gl>)L9)y@$gts#&Z~T}p7GjLy zW)Hy(3LN?LKf^3XUNmSbR`$5d__aR}X4@dlFnCtHd zVyShcCAyxWk$CN0D>ctp6S3{SdN@;gV-LnfP}xGz(XfQ*-J|;F&Ov-42a@T^JT|VpJ}TqCD0j2aRPHR=Gb7_0)aCGa2(R%6WJxb8N;Rvj`EWDYU!4r1ET$JA3a#mo&SPr}Bp^ zx&2J@A)|3mQ%q!7Xc;DMxIKh29Hc5uSJZh&r>a2uO&%HkWN&%lvm3+O9i%LDrW>)& z%vCS{XxE}8qf^v~v*HWq=!Cl>t?tjvAV`>%F?uX-Xd}XzGe+aZALqi0-MaSp+L?u} zUe3%4X!}r0G4A`o1L&XQ5x`^ih+i@E!-L#)7JdVp4+meqrCbMY70xZDMxw@=`pm*z z@o56xdyg-40u>eG?Qyn~FWlN9q5GG03v|q97r0L@Kq&$~gs6A`L&e#9=Sp@r={8}U zaN!C{0<}pQUlhk_T5vZU1QqFo%oj8k{lt2v^s}`ThtBO`BtC41{kI|t0CGjn>6Of%O0G63+K_aO#wem0f$Oz=MAI_xCt;q++jky$9(IH z{g#`~+X*51&ml-A#z|vkIzAqDM>hi+CH-;8HO(++caS|wB}4Uv7TEbh<%hR1i^ayQ ztB^QiS-M@6$H7K^Z(i-#uSb=E@pq&jGTv^lkL2;>=%87>6YHw>p?JAz#abeFOw!#= zgdsP>Yt|}JYK>mOd*-Lm8}vClrhOF<#V4c$DU_0RvA&H(H_n3~siqIK`d+X-d-Qxp zR99K#*nHaR9WL&5hI_|at373KWKoD;11n*$bx*S_fj;pJ;14W(^gZoI!~i77k* zQ8RY`kokRq&rN;MYntQ0x`>u(QT7(j9CxE-C=8RtJT>vBcS9|=4jET??jsUA^|?Zn z)=*y=dDztTH|Y%D8Q-hKV}@Hg)tPL(qZ=k_`F@SCB{VCqh3Hb*Bj;w)$=dvl1~MNy zC3Rnlt47hlIc1KTV{Qx=L_X&cu-@uoAHx$dS}n?hixb)0Qzw;Ij8MwMx9J+tRbO?! zGGmrU8xp~s_=0dIBDp?qV3WCK=!Fn9i;QqCSq+PXt9mj_#x6bA;_d?Vi?S(lwW z@nYZa^3TU!f4DH2A^zQeYewB!@4rBUE`S?vPzkKWK3`9!-WB^{b<}(`YwiQ}i2YUFUBBu4~ zEBVj#m0UIM2SUcz(VZ|V#=~ZYWv?5aGVf;z8C>k#)>8?)JHJ1*6s}{JM|tjC>1Ytr-i6#eMX!VRl9FI3s#3nd)G9V3eu46$m^9e8MW_W5_%Y z)5;c}aA!;$%{Ur}Y3dz^=4s}7FdA|mzoc__e=e*TFb zf=y2X{YNx z%9ngOn3}McV2I*)1I!XM=s?>`*4*?IkFr#P@=r&`}h2nh9H zvtEL^p-ygEPR;LMEQw>{c_bi=e3c6H9IsHZs;MJ&dmMdL0>$S>Xn)*D0Xx<6oB!<0 zn;4|5MVCPr=6ng(U2=U_uD_ll^7U#k!ep|SV+yWqz0}K>?YY%Q=lm{@wV-gJ48sYD zBaLUBc)1^i^GuFC7yt=h19pG;geUlLG)>*h8h6z~4-z^jli-7e2AEGG)p1Q~;f&8_ zn%G3EdJ~;ndv)QE>uQ$Xqdp9CL1Au>Bp7XXK`o;A8jABiZ;WseEB!Di&ZFCp^EcYN z-_Is~zRCn$A*Qi}#XP?O4VVkH|Jav26SCVO8o1l>o%@Qz(;wwDUf2hXTr4iN&(jXW z;p9y;;jdK)}Zg3Q65DP~^2p)Q42j-dfkEkTPzZn>Ap!gVNKKrvOmEZNb zUIt&;7jGirdxbgZacYe0vwhq2_}5!Gn_;FN<75bQAw@oRS%z&2y5c z6&5CU1*J1T?T1Oe^p9W`l)EyMMIE?ALHe}K?;aPCNg#8L691KMR@#I>V)GYQ`mV^> zCB9*fQn+`Qf@(O2If2FJyKwvcTj6G}Z}MiS%G{N`&|>}Zy&~{^a<3HAeO~($`AlEK zkCaS%A5;?|f3byx;zIRpf}3t~_>}f6p_hGVZV~~_klPO=U|)DZd;P+HKm*<$Ia?NS z!}@hKT|Aq~Rkw7X>gGf{74y>aumel$=V;l6o*(55 z;)>i5(Fz2jpqD?X@L*aPn|#SJgW`#{fcFacc_B3Rms##Z!iK;+Pd%*~I|DJ>r9CwP zqK(Uogo}*BqW>kk>i_z^`uA#p!LUAIS;fP|PGukKpSKIwFPM2fLBOZSkMaXk09_9yJ0zSlzHP{HLst>hU zSABR^A&E{HEurcx&z-2jZ{)dr<9m-aDahO}N@;AA#K$4;*&%IpYTdt5YeY+GSQJ6% zW-wQ23zu36ots~{Nk(uJWWuPgDcl_Q2RtO$6E!g5ur5u!ewCUY!mFs^r%q?v&tj(z z6II*%?XDLAs`T|Kmz5b7?aaw(^uwlXq-DLwc?7Yd)7{7EPoG_FEiLC}ER53-+#;(2 zA`58}25b8wFLZb>4spT5Da2w6;{;7|G^}yndNGVYzUlCAM-;R6GA@umO7S#5bF7av z8C>sbR6|BW8=-bUyW&*p*7+p|w(exrDQL#L_?*B~SODw(G&Tv*R`XG!7z!QtL_Q}x(_)CnU2-! z=oYUOs)~$@@y@9-bF8Q(>`*Wk^gd{FJD_-x5v{R1lXKx`g8W4ust2#54-4$Lucr-h z0aKgE^09>9oQmWA0-FQNZUA8{y z#P)({j9ikHJ6(W-0@xTlNN54H0Ghaf;vl=HZ?6TGraQwT@*RDcsCNR3?0%oSP$8!s z2Ds#{QK55@_Od-H#CPI8<#&@ES`8`CdPH~Xx@P3L&L)lLnFdP_Pb5m(Na5wW&eGcj zKs2U8?;Wy->!{q{&=nz^37I#2@+)%5ExMB@`s_#_7{W885VfkrSpD?;X(2(ZSCt&o zqZARh8G%a~bIy*<{ivhKt6sO<=9cVxZ$-Gn`td~IXBCyMCoG2F=3sD5OEREu4UZKM z;WH}fyyTX2ZI+hd(zoM07O=}h_YY_;T%dc}WrY|GWJ1fWf#5I`b{yQc~WH*4vQP&_D;{)>ymYKnJkDKRxmZ zE3K0jerpiuqfZyqcI(8xn_y0?f~2D)ZTD-8ubx(vh}+40~KS-$mew-}>AotL67mfhOsN z)+Pb%G7`iGij*=zQfWnNTA|98XyhR3gztyO15$(!i=?hnKb4p&e0CXy3xdw?jvzb^ zF(>g)cpEFW>N<;-e>o~=6JLX`zqv50{yv}Np4QLypxW9>F662P>SG_h_a#wmZXk*z zxSs#zYV8O8&Hl+HngCv7yZXE*l;d4(8s-CiK%f~bRRG0bf6#H+ef`L-mzR^6YAXyc z)z>#5I^-%|LCwR?7(r1Yri{9@l{HC>88b$@AMCv;)>(_L#g=1cNesT-rx&>QW}~IP zy!J@nU zV|WS#mz#D2oZpNy;VqqbBX%e}N*6uxS+X?W^oA7U7nyM0;sD%O3cg{OWkmYDCDdZp z&|TGvT`e)JTG)fsnxxwypL!Puvm8*9J5AF=MG$U6=)x8Ef>9Z3C>*t(*J^kes7%GM z^;m9sF#A!w<5$Y?KIkwjugf#;`U4+&2bK@MFY4_!ac_FU6zYuHa#nV)tiNMhJahr1nSZz=i~K~Zf2CZ)N_vm&{o0{e*STzah2mG(x7vJ;)$ zK*1yM4mJr0!U($9eW|?##zs?COJYw^oL{Dtvu^&m1d?K}2TLRbjwz>Hw1=Oq`CXrn zc04p$<3djfZHS*C#A`KRFeJ{@7w~?52_a zllhi4;<{I_naRM-r7lh!pc4%qNfY|pYjFQN3RpK(j8RBsu4U_=t>%%DHlR&z>% zH?h66DCaL=RRvEUICYc;x&4O036hOHQFmqpew4FO2W`_g($oz~{&j!O`>eLT5rz8@_Esa?;C+sLFp2pV~!Nm=3He0z zeM7StLAxz2#Rc~Z6q|}KlW@)?ye9qjr_UaFUwHgN`z}_S>86FCwD9^~!0z}L1@+SR z;hIK9NqZuVDE&P&ch9Ci@_0Yl*1J9lTMF;>t(s5i;Wz^8W3%r_`{^OjDef$buV}Bu zu6?&2l~ z2Cvg0;CMcLy~Al+@Ntr5FBBs&8!0m{a8NJ$=se0#*6P>xE9SzD-1v}l;;Cs*s6AKx zzKwRzzxdQH=Yw**Gr!Doxwusy6I0=Nk~q(mXj`QF-LgV^LXTDu?g zHIp&BK~?_q8690=sI!PC!!=TT#y{_#@y|5+@bA!OX2Xcr_a+?zQ8ch~zlmj^LmKGv zB_cJ!W!M=O?Rthq<05GPM)-NZesn(5iDhx}WQc)gv>VvNOWljV8kJK3CLJL6_`FC= z=~ViDu}kPOrbFJnUN03Apwsm*l*=!CkVBIrurmq;Un>ZyZRjgD*?Fi(;!WHMU4m1^ zw|Cy*oyUw~gLNZ6lJ~BSKJI+ZmzYbLyI=IrikmT#7Nl`4De4F6{uQLtK zJybLPO{8CPnAz)$T?_~5iK9EN&)>;k)#$Y!CG#7V_x3gR-wh+L@@yysxd*F|4#$hG z?k#40$Ve^;crh-*u-Gh2tlvr5HQ=Qo$AKTs%1z# zSR=dknaa#s+$^@*2?cmBatctxkKHDZe*7x49bi{$y?dvNAtYTqL|vYLYnmX-F_pOO z{nqyBfge7j%7W6NG?Saw)vSJ95=LiN`mql*Y$(PiyP{uakjww>mipwhf-`k~$jwdi zbr}ms46q}gCY(%y6>+{g-z7#&+l~E5t3plO7SA*2xmM= zTL^Ebyq~5KXd$5;Pj4t%-pZ=stIG`!>+9=zOv+{W)_rNzY}{ zcb~ru1aij&^d#zeyjULOj`!SFbH6s(u)mmJ#D#@NV~byT^^Y0n7uxDq%`CVqdy~80 zul>qURT``dh^Ng*Y(sN5u<_p*7Ng^AWc=>C*r+BJ zr>1b=x*dlmlwpny3?1v~Zb#FDZ>>EN!~8nYOu-_1?9`ntA>egkx4F+XHQSU5#dIEP z)Y>64=OPhoaj1uHoz^ARoh|SE2J}xskod)7rORXo(Tc@%&cDz74b+C(V#Ic87JK(P z89E1@xaJ!cbd1MlxRBmg_@4eew*mu?eErfV!_jlE)qc>A#6=i!39lv$i@esR483#x z0wU&Vih+7Ii5gGHuNH=xioN;$YFl2a6pvKzbC;_RwyU{p-8)s6e}sD*A;q;dhk?_rC3b9sHSondj$TD?hTOM`;q8{ zwe3255;~&slYJ)P06KzpjhUhMp7;TH3|a4~81VQSNX32E@C#7!#(qJ!dsrE*k4$Zj z8~yGZ0jwJ)8bAmBwN6U{Pi1_61`7IBry3BJ+TKNa1z;lSTruXZMs}asTDCpn(KIio zFH+PtW__cv06P@jG10Rp`Yg>=XlUyBI1t^Qbt{+zMcgsEa5d)}O@>rqO>Kf(EWkbE zUR83X3-|b(%KfN;JG2O4uxH0SmLv?x?G3zPKrdaq3c(cfh0? z0W0bN#b%p2^)-^GAAmd%Af;^2bVL#ZWP)64h^Z?|>ozA7KeoE!B~z#O-{)^NzRsap zYE&4BaQ9-=+TMM{CQa(z$N0!yO+>#utpu4!B-LBT^y8EZKOP4xjp|n%1S?pt8qOx| zA;}_Fr50KM#)^yR5PNwh~!M&K-mZ%3g;lt?cd-0h|75KDq}I zrsF96gGES8Y<%Gz*efq*B&^u8(i4@=BpW}{jBVJXGtfB7*5Y_lkO+IVH@^R3k>{^ z=uY!UZsg3^yB^ItyP^-aE+2ljL z7nUI0e!STEc#jy03|Jf)NIjC?(wjeFrhB3;2Ufma`2iZ29()D9ws2wIyoF3GISqO< zpWIu3cV{#QoY14<-zr2(2O-I@MRl`xE;UTI^4m-y;yrg39Jl0Wg5g%juf{~z|= z1FEU!Ul+E5h>D_sh!7DGkrDv~krD+J6)A#(q7VTAl`2Rt5fxD>0g)yppcE01-b?5m z0@7=wh7t%ZgtWcyj=ul%zW2N5uJ60&obTN8KkHqt#d2j&W@hi-&dhI~d7fu7!rkSd zl-!9vS8bikqkPgb4UC)j3#{cz)zIuxk`3YRh?bItH{Z}=+Z#y03=Ht~Mf&!+7@u6> z=v{#XJFQt@0Zhh-ocOtWHDVA;T-3-g-O;tYc4UIgx-ixeQU7W#i$C6>` z-|jSK(~jrS{-FqhQi;|TjdPt>FW1!`n2lBhSj6Zjzob8_W0KJ*On|@_U{So>VNku!j%)%EI`B}H0=IjhmSA}_#LF@I1@rSWLXLpDPGis^(4DTD<;9dh zPF78aK3AxEml}7LA1uO_d?&6ndUlHSES~pRk+C3&5v6P!3&GPKj2}C#;*cFmp7%;3 zq#r%JZCldYH+@~l+su8U8}k5gOGSh}a1bl1+gMOiJ+XpyVyK%qIFzghMD{H9>>V;~ z6l`(sXBK)Q zgA;uDdN`7d8vEkMWs2PygNK3z+Qy?(fO zJnTE`i{@)2DDnQ1to@Udf30QCOQS)kEPr$Ll{ZsqjTTCDde&Ipq@d^R6*9Z4srv1n zaPL6sHa7Ugf#9dP?Gx!zcSq`0sK)zrd?fL=5@m4bNo~1nc3j=X2UkGqLGT1xr?hpH zWMV=dGK?4=TXLyG52GN<8YvQj$(&9y*ZE<4@{LJ;+OUqdh#aMYMhqGZ)#5tI4ULj`7Y zn7z;FmjnYyWj`uIEmp3D`Osth%|>6Y7AuU2|0mOqixTAd9${%Z}8`bE9* zy@1S%<4zC@JZ#Ng$#h)i)mAf&$gPLZG=(%`TqerWgnq+OczZ|}KOUGD8DTsn$WIIQ zEqGoP$}as(s!4J0R$3PZ{A}S9zB&ni?=LDt&KmK4cW>eD`^Sy9PE~)s_g%@Sv06(I zJP0noTOASsKB>-@=hpY#kAP<|)CO(x+LM;7g23Kzq`3WNj6wvsS&hoyq5FN)um6LP zW>l$j3?W>hoT)Yagsyrgu$+mYW~I0IBQ`^G`!S?Dg?NBV6hzWju@SG3Zn`CJOq4sQ z$knm#79lRYx+Cq52cjNYn?{zRPBoa&l?#u0=8iq7eSN1t>$Fw8ho$?nx{#hwNxz6_ zN7mdeL%QlX|N8l_U<4D)t=%UMcdys9prfb=1e}go9Gs%RTgSPEdfC-uJN;tXZ9#CO zD7^*Yvk7Y%U2>tUzHL-hqbxQ7;56LlmQdcp7h5{Qc_p=Vbm^JlwB|OuXeJ!?SmYh{ zrL>yhDc46I9mjGlEXIX69f4$Tkuv{p&iZjEXI=;OYJNANrp5l(Q$VWG*ZKs1EhV?Y zi39pRU{~JWJtrch4abPfkl+n6Lx8yF>90-@@T}bx{l;w^OnJV2P2@99a)PKiPB~cK z<^r$x;hXw4$K*B+9W1q|;_^AlCY*lobdplSK3eN$G?;-s^Q~O=FnsLEWDDCT4@f8n zZv>BF{?Kqo-T8fO?Y-97qEA$R_#%jm5Q>_6@NUdWx9kF)uKSn0|`Jx3hynN9=Oj$@3M;w`r|;u84X8u} zs7d{)$oKfed5w=CAC{OrZIR^>Z3Bvn#Xg9Tgo+M%q_1A5je{HOr&3(YS4b_g9=CZS zDnK)mjqk#Jrde?A6Q*w`^0 z25zRUD)?isHXlMQ4BHz^14GHvv^(i7mvElfsjJh-h)TD5IyewEc4xywS>;Ch$=O3R zFR^aIqgs$YlG>s&Cpv0Q2WfZ{qzm|E^mSu(2X>aRn&8h6o+}~(_^646FUk8p(v(Qb zr6D;lAjG9Loy=aMJR|NN9d>8S{>Gx#as@t!i(_FAu^`;iop+y$_jS10+q~p(jMO0aqp`4N}8&t zGk$UHwRa01MR{cK9` zm-e`4JN9}65K+_&f$I!71R_a(hH^tnnB!Izqo-URXZcX79n1mQW#>2A;nKeX6pOMS zqei;koWb_Gv*5LO)ItV{;0GK&!z$EHg{=|)-!z${oxhZfq?hLIqm!jOMNa15;>)B8 zn1GAst50?CiTx@an;(2bKRyD^i5GVK0wHwb&dAvRn5}{*S9j~2GNBx1h7g_ZqxoA> zoP)8Z!O*5}S0C#IX#SGC=~y#Ih?OQ8hCI!p-}Gs*B;tbH_Jq9iww^<%t{9f~A-K-j z3GZ>7Z7mzFGQ~U%*E!Nygrt_tweJTp2&&HX9slwhh31+b`8}y{W@;|E@4nM|^d#J4 z!}qyZ?e0;ZPn=M8V;H{OWcfjJs7ppk^#)Q0ZRG(};^25-rs(`*_ZB&fL9hqm)^yz$ zzQ|`=FJmftp(3zUfni6W$d|_XE^B9Ivk!u6MKN^~jLIV&lSWoUo_zb5|Khdn@m$ z*ws#i`>8~l`vI7td+}U*HmH!YDIr}}F6q$`@VJ%`Zb5)caBd`Myt%%l$nQL!WCqrr zjE+!&-)o!X68(z1l_{zj?W>x|(n=ndxxV+wj2!5!Yz1Ui9eTvt}L(&QnKI$EFT?5AT8`GAM^FRGujCVhg7Rm5f=amOhNUkBX*(MF3_9(dv)5Z zP0qmOt@BT{W+n?~US;RHlJt(pkSXgEX>mO_W9lr6iNL23)AuG=9__@q$97&y*~1aY z`RE2YnXs&bhAn#+XZ^apKHl??S223O)D*(Gd;QfG@MJ>w+m5{QcpbKHLj2maH3eE) zdtKvATl3SnD^84Aaqg+y#@o&4{t-cnewXmva_ zs!~nzjXDQtA{}(^0e+fk*pl2)Ch5NF>Ks}Rmv6i<0C2@pw|dm|mYtYU2WG3MM^MU< z(vM*ehpR~rGVmdLx@s;H^g^CqlV)55*qZ<*O zCr+t2Ieas~A!Jo`gg*F@r|hG;q*E83ARO*@2HL0nJTW;SAFv-g2@U{6W+e>mF zBwD;bgZfvLj8eBz6ef1KS^K_+o%f)^6OTk+RYB%tMID#d2XlF5RT~~hmF6^=5?O_aeFkCs=EJ{f&5+h!R?Yq(rXZjz>_m%ZRsw-6=WK z-(4#LY|h!wys-hRajBgAeDKI1w~6lfyJH@0!)Nsm4(mi7Xz|e*DDomH;ls;UCS%4* zHfL9tzRY#$6^968>ZUP6>r}i2+PLMqRqX9bdL~K&hbK|FK~snf5>=wFQlIyQtXQv^W{Yu=Il=vQAa?DmYlIWRA(-f|iG6l& z@M)`*_%`p=y=`D-CNT5(%u2mTNr zv}UiZrn!@F~lT zWCh814$ZG=|B5KpeLeX`rHcYKDfip=sc(ax(Mhz|2jf26uk0C)zXWIW238io5aU)g zIJ~A7_;kZ$CbJp5RsH+=(;wFAG+F#^T{b`@wfz^iIzTGBofW8b-fjTOSz@$KFG{wB`V=dR*pIi=-Gd_y7XT*Ynrp;FI@ zd{@j>-*eBPM1eeg4>y<<>lUbL)M5{+EV)xwZ+l1{LRh}1Y+J>SG7BXLK2znn)6k{| z0wiI=D|nR+CUB{Oj#O8JAA*O9LMaaA3_o_RRn*jdw50uX+3BZV?ORmF-kLO3Fkcl# zGQs>tl{CgOJ1G2}BJBw?CJx@(z#AI+Kt5OZP~t9QshIL93~TLS*hOc8uN#$f7@HcP z_zM0RakzC7v$|t*`gTxFZ{EttwtjE?+$ol{ks)ek5XLo6FW}dr$&Pvs}L02yrf#^Q=JDSbEquB^! zi^uJ=x=Mb!7;G=asm*J05y+w!!i}}j5f>_! zC*Q6wyoq;Qvv1EOJwp6=4}VxSXAmMKz%|6Qzmw1UR)pGuwrh!#dxH;7675D5X*ul?S+A2tyI!)|h>!-g z5XD(01*IbkV-!jB2))aKzBs2rDXoTGpwu|_gxbF`if=@x(-vx5XP(PkQh4^A@kZ#& z^Ep0gajST*tJIl(?4?k*XhR|3D?%zjC)HKE4P&VNnUmkDQ%Uv&I02vjNQu*{gpikT z^D&RWb+q?dH5!$z>_BH1574%Usq@MDtmI(=d{m7?+&W*u9!OIee9)5r@aWOCWVq*b z_w_OKX?A6@V$up%#z*%dtVYG;DG!KF)2mh|0?s!%cKL(1Xr59PPUcV+Ew+MMuZ4w+ zEs{^)A!GUFR`K43=#%=# zc552^sVV-&V)&~<_zxlVFLyl5zb>SP_P_rRMaT+z%(*Yg#jPQWN4CGjs;uyxv>)udJ9$M&{-qhF0UM!#aWZg2xNlBro zJ@|kRGZkfymH2_+a!2wURm5tt^4_e7QVqqXh#)b1WmI^_%(9My3tqpfk zBE%Td)DFsh}t5~`bfLr$fC;uy|)l@fH`;rg?E^QdbAdHHs0n_-PG1&~tz zV|Ow|ckY86#BM``Z|&Io=8CM{6ANf7gXK)Q>|Q_ngRP}A?spnob_<5m5R$snn6t;E zVNxAsJUNECe#GA7epr<987syoS{u0Bblm)Dd45#ew4cRUZ%EnxfR&;ruE?lf{(8Pn zWibqwuETW?f_@K{V3;=3J> z>htjR!C((De8qCl)1O?GgDi;;==4w2ouA|ScOj9 zG97%E+FBZ$e=Ac#rSntZ(3Z)InPwEI5C|y~aFV_dBBt)y%#*(gN?S ze`mXkivoc|@p{^-ODen=rGfWCe$I=%{ZBJI08gM%I*C(|YxjzM2NTWEKj{pP29k>o zR%pDQgeP;pN7K6-uWRQ_cvoYdJP#GTqw*zb=+k8%FscbUgpDJsr{?if#l>jQAmYpQ z7Ft*-ORUcogkBL=s}~NwWe@qO)&^RgBtTZF`L#G`=wh)5&wARZH6kG+p^rY9_6mDS zw_g?5B75=b=8yp-5I4g9txx|q3FdiJnfGuZ8p9AWxt^O>F7oQ@#H5B~mwLn$yIWyz z0RO1M4fhlKzxPu8eQmIQ5j)|Dhx5gH zU!qPBDz72dk?-znJ(hF+;)*Qx9Hb1=BQzG*4to%LX7Zb#(X$eiMB}NOsqdUuo`^;G zcTZ-9fH3B)#`^46^cf%qnAto11;+4q>`a6wgIwbMS*4ZA-k8(~kd_5X z!abTlJI-3~%QId{M>2Au9V@(q(qg&#Aj737Ox689HO~x0t=FI<6e?%-I_6AP5U@Im z`6e!XxvRkn6`3QXtz4)0d?wT_fI0wd*6}d{7~`J98=CB&cGDQ;Z4z0iwFL-9S(EId zZ9b440ERBQ|8Oj3{vc##04_eqR3ZW#Yxrb0A~^YT4?aRP%NzE}kG%LNGBo%nQq%wc z=RtA8u}oz9)obf#kB7@@9sNTw9$e>lUA((4F}3LI=>9DyUItxDzIo6;e(c9{^(`SH z&rJ1N&OV!+lhRVyvE|)E5xqZ)PF;Ht_3_Vojt{)O{bx}{ZoZR$sb`n`f2k&$t%#Js zTr=u!>Q-kf4~;kFBQZW4mb-a@oLH32jK=QFWLPnk;>IXGt&0jWC}lY3F;;KJg*=~9 z^dO?4#NrE#HhRy5twN>&S!U^6571yln1;j$(sU=Jlc8%~BL5~F~XGE{@SspAN>}Spt zO&7-C3)_YRHxh?IL*{0x#oDl)!IERYQkD~laa*5oyimb+c`UMKk<9UEItR6Jx72B> zemW7gsv)olU_?RLm+}b!?5gXdjO4gy4TH}$8fqy&9{e!U4|*LlSoMcZ!w(OEZGVYV zZMNmDKZE$B>&?Z##QRLfy}!iUC|_9j&!UQZta<-Z53lX6zZBh9`{~M`^(0;SZ`@?) zz*uNk*HFI;xHICqs?KV>3KE5kzwe=LbKXPAA9{4Hv#IJ@sHxeX z9s;|V*;I-(BQyHG@y4hp#k2S-1Q_hm+blGL@(va_2tS0lSWsSaCB5wJfD zjTZTiF5$uB9i=$z?9-ObA^>7tmX*e$`l!=u7^YV=0_EdAWiE7Q!-rvFFYt!lCKYyXkb6k+ z`1h*KeO)2%)fDArA4;UYPDMygx);tO82sKSvw8iZ*GqW~smv`;)LtgI%0eCuojLxeSso2H|66!8{CgwuALUYU@FdgunCAU_ zcjAcwHq4Jt+AsPdj~Vrn2wxcc(`8>uO}gUsu6EA`eo~R&_4&>Wf^l-n@s3kcw5(?z zjF8@UizOf*H{=#Lc`%`GuRA2fXIY1h*smtqlbEOG8PFX1 z$gN++B^1U+eOlvn`a#M5>O5iF7q;rmVlP7d1BCntf#*;AfNe($gq$IWah*{z{QlrhFETzO zW7M0r?oR&#V|FTRm47>qBp-+otFsm$SCnam%^#T@Z)o-zd!t%>&hS`S{#Z`XQ|rvT zla}80A@}>noa8*e?|Ky3j3Opk|1ipwx-yvpqyUznF{LA}ZFDl{qDwR&$0W?{u&!|7 zxjmTzYJ+irXa10z#?_n>iyE;Lv-$1=`iZl-pH>eS_3u_+Tw2 z38=-Ac*HzMDJrTWB9$^hwx{idT@XSi8IPG9$JUtEI9EH#tDe(Ls8l-+K1LAE!fIVY2P}vc*P&x7a&B9RP){q!hy4$9zokYfWml=`JEr` zA><0V2`7Qr{wbujw#K`g-d4|aE{Xa#WnfSfX3VA(y`~3GD~}?q^3068RpRXDS^soUyKW6HJn2_nDOD&- z@yr8HZ|_D`+A;~QL_z*a7!b~Ul7U1=>4vJ56weEG8~An19HJYQq`sf~aqSsKUD+O)fulneQ~RT#-ydH3@D69JNy2585gb38a&82HuSUYE&S zLQ%_ZF)=5wk zD2q%*rN_Dh1S)3Dsslef{;=ZF5@H4#b71*;QFOS9R*_SLwC{TXgPr(LVOIy?@8%`C zG4+CR*Iz2_MP!;-bjsh$G`iO7E3?8o@MN=8w)n_Uv{8ZX6TW%%!(&f2pO9OG*%EGi zH;_u2ukzki`|C@Jbz5#X_kQ!cEm+KD>Xtg5+AHCI_{HfGqk@oc+bP0(NM{-O9@G1` z>xvqt^XfVORDC@j_XcB-b<}Ljx2dPSYTx#a_@627UhbX`SKo6n{K2md(D%P_J>p|j z;rMpz*AMA;IMXgTz-pGYYjx5M_sMLz<5=)i_zwHhf2mIO4i8hXAhQVLv!PFSZ)mg! zmq6%nT%o$kOF?{xZ%*RVN_vEL?ybjMXxWdQIF}rQw(TUyH#VlM*>6t903LU0*=QrG z=BjGbh>wM?u5HlEV1J*DSET&*Mq#k{cWn) z-!`=n)~Ui}nuNO@cg1k*T=FNf%Jy)w+RZan(RFW$tRU21woCjwc>g(X)I)x5_@kem zv+|cOmp*^^uAXmyrT4)xH)P9O@{OsLE4ySC2)HvR!Bwd*J$h;-H*Dr{9}ZBVoPpW+ z=_yn4IgJ#HZ~`hFzyqYFO@$4$Hx=2-d>e#hV1-h75Po^n|9Rtc_hzNTSoalw?5>=L zmB+?WdM!ewKI?P6-_y?F&w#hX?H}T6uhK{qs@0|Qt9)vf%x17C832enC^OhP)5?Ur zK^SHD1%kEme%LLK`wP%}hH7J%`+>EJTK~pApX07CsX#3qoeE_TRHa@$bB^iLIcW&Z zt5fD1$eBy@0D>hAU9jj1>qezQd@DHuX#~~A>`$j4SAzo=GoC0|3+bDM$LbxGo^Co{ z{pqS#@NkvzEweuKhyIUeyu(n1+h_bA&cpSDsSihOeukWqq1$g@z=-_bwiT@w)+oN< z@|t{UxnLH8g#Z%Pd!rj=Uch|jb@dH4Y8;_P=Hq4vNTWix;#L5s-DQcn6x~fFxLO3g z7OPJQ;x->0*o-|DBYpB&G-9Ic0vH>_*b}seHNx8Ku*TOFq!n}6gj&so+T74U&=Tzf z2ZY8h&oJWFT$d1!G&AC=E5=pP#xLvN;hqVcKXIcC0;=VhRx~tu&(UTZSh_+nF5=P| zrWmXHWAYByK1KmbOjlag2GU(vMBxTrI$cMcpRV=x#T>mC);oNIeMiiV3d_rrbvrsa z51jGF(#-pC%1zg6KBJUl+dqae*A^9z{!sj$6C(rsY=?y1$#4BpIQwn?x&naFhgg zpO-@v8XjOxO!dPg@71_wdU!_kCx;*_Jp^;ZFt9#!29d5H1;58Oy{$pquY4-PsbbxI(YD+)bFa&ux+(HNa(aTN!i=- zB1gndzA*az-1Sk>{vf2C2lEeofa7$$#1{ly8uuJ{{aIQGMZP3G93+{W5=XW*oGQFH zGym>u5BujWC35$bo=)?Aj(5v$90>!P!5$>uWJJ;$Q%z*_vX|H>bb}#6Gd*uv8Gq{* z%~xBl1v1xW?rqnAXnc-6Yy{SqG5giVt(!Dm9vA#AH%2 zz~HbBP_I)g1I%Xu^NXGsFK#8Vcx_ZXg?(e+W;&PSpk49knJcz8IZSuI=N+K_`sC4p zwkIzY!Q=c*Bg$Yza2i-}sV@5>uPf`;+lh!I_9xTT$I=GR^&IIe9dRCi^`KDT-VR(M zM+$gFHl$<@bw4gsPjR*8bz+3q(I$(sXqvi5l)i{1ctt+y$hH$t2IH`_W08xN^DMbN zwvMU~@v<&OHA>CA={@XFzgw71AXG%ME(4e18(VVa&BJqS4|3GrR$rak#VJF@FtXG+ z&rS03Y)hB<`JP8@kNk0syR3%_Jysh&BjWzMY&&jeguLGVt2jMt5sUNL$SZ1oySgw(x5{qZLBim1{}onG z7p&Arx&8N4+l@D4EfO5{ALH~d2WRisN9m)SzzTbTC8n_blmqvuVGX*miQ2E2mANkxwgMCzp<{p@7vF zY@iP6Fh{X-h|&fkmY8C5Y>SndHk(n-$xpuq9-Ltr=mpa8C^|6@H<409$^kbJ47&5H zae)DZ&oFTK5HhEU*O&63&JIti>O2aWoD3jp1d5P1{k9T_lQN&V=$B_4qoZoYqR3(( zzMMvvqrV^_=s6Vv=Di?_fd*wLTPYgE4Ci<433bmFe!O(>qC-o|HKrk$cI4Y+Mp0f{ z#KxZ3n_8M@$*iR9R=LXs{u&d+Z4>+P3sEP#=Y_Lqm;2o9;Ia#>TP3bm!@LN`wRdVW}X8Hfo z>)q1~Eb&F&iw@yM6@>LY4f#uvsw{2H|BXtk5Wi?al4xU==KQ{9+{N4r8_=}-f zHW|K*wjbgvJKi(Sy)AiY5uyD~Om`~lQrk|6yyrKReUGE|nn6`3|L0VFgQ-vdNrKi# zRx4V7Yb8Cd2sI72d{BvXZfTsZC;m9k2m85LM~i*aX?CF8S?+0uc4zAb>obtYf{CfC6`3??_%@$1=I;Uu9q4}Nf1AgzXEpwkZ@zbXMf#F@w zl3UZC;kPfpj65d1)kF4QFv%6g~%gGb^Q}o)ks=@aq z-?MogzqDLIeto+Geo1Xxhe4aOUqOh#9ch}{l@o3p+}sX@X5S?;{6@YycJZA)Uac7t z@*S}mErS1U^lb5e|#AZelHljUfADV$+971Ti>?0j|i*H!DM-1ZKBtH3WdCVlRDvP-J zLujhDe;Ggb&6$;+_m=>`3?GE=MQ&_sz!vbG$>su9vw+pbFdbEkUiORGc_oMq=7hlO zJf0uohe-N;yWT19-Nkx#j2loCmI1R1cRwnYKykA4ZZ%wQvrzF47o==7ih3lP-ToD0 zqxv@5rvMdtKk<(*hM_c5z6IyeN*(JlY^(^rWKG0_D1+?=Mfw|^3@@4N{{14@vf4;W3G=Y?WWOgXjlQc_&}d@V zd4}KqfXoB*vnz^%DH9_pYkWF@Y9H8+_L1l>fH(A`vj(x9n-{#}ii+^GApBc0LxPg! zSkYr~u03HBh40KP+}5~`6Mj;d>><|_U^SqotrY^ok~9Fjp;p78rl zo~EwF-+R5fxQM_qu??C2zB;PRv;DFR3=vh?ku^!BpjPm%OlklhmNAILGHXoAH)AlM z^VErXJivp5}68M+u(_4$)_`tEvN zZDu<&HI8F&J{24&yqi|VW~%+1vZYqfYs;NeZyYx8L@3DJs9e~HQr!sX-Ae)?3haXT zo-aD7tH2}cJ^s~Mc8Wt=DpPS?rTgv_2#LQ$df&R`nD2WJX@A7PvgV9t7^+7}U+vf( za=Lo3{28(W*-&9IUA89s1`9yWJCc3c^!k3ryq3ntqqYxeIBO;W`o)-gx;CIE{Ws%> ziktJifNHL(D|@|^f?s>)E?$4VFnJUlMlyoLnda&3a#|bP`}uc^Y5cqrwCQ`!OlZ}A zjuCSUvr?oAWM*TSZK_El+gx5zHe#@*BLr1sCJd48+5*tq;Y7b(NW@9UylfqgF+}~y z1OlwLQnkL(Pm`|oIe zUH06FmQ9qQ;u%EyF`rd9U{SoX#0j%gjt8MgPc8Z*7+u3+czRMi7&S_e9hcp9oMr*P z5R_#PBDswHPX~yT^nx-Iku?s`gGQ|)$o}nL=z(QP8v^3n_AsDxRQEz_Q3%ZB8n#*t zJToGi2Re+&iSD>I5}Et!DYMeD0aa_O*W=REa5}m?#FwLc{&w}@L;)Q3*<#j2^RB9F zMxO@ni;G|P3hfrLWDaeHfvlhV;MrWmYmHm>C@~vRr;ONB2zxk&K7B9tuX#I%?MB_w zz;CP((BNj{%62?#Sm~@+mKPDuy~(zs!M!2py1j!$#}%V*F63r>y}TToj-TYZ#TeOi zqNmvh%DMx*#=&a~83-zPp%0(B(eVK`q;y7=T4z!f;@^MPL#xwd?dl79Aq7LF+?Tpm z)^0cSmRMT^2*mM)pSU9CFrT$CL`1Y!LAQqOlkGhBYqw@ijH^vqV!Cd}9#1M@)q&JJ zdg1zv1NOMzR8SNh-!jyNTGZL^){&84XkT=v*@pN0I?ww-$L7Vk7n~A1z1tKP`mc96 z#&m>crCfSxYPesTIECj9+dJJv=)w2EmTnJ?-5`98OsQsjWqhePI}enU$pgzT1bch} z)(U130O74Fy$#P?-q={ffL^B9$QGUEi{2XH!<7_VLzMt8HawIF#G7o#;s4b4Zj=q`n_jkU3MeR9Q!zg zV6>REtJW{MgEU|T79fjaS$kcY>lidcM79t2p_r!x7r4@|xVkt|IkNw@02@Z0vF z&}!ptH`*bHBn`VMQ%8iBBA)4%?0t|AO8B_-;!Ussl3YGO5M~(BYXsN?gIZE?aUy1P z2}cw?K=(FpbXh^rU$qk{?!bYgiJD&_c4B8D*$Kg7MH$UF#d z^0||}F1?i64AYfSGPyUxdoLM++e3XdZ!E`JG<^>PCllgnd8JWIf4dVdc-?u4c<6~W z$~uU1gz)DstmEgf!wT=6fPu=WHH{9zs*1#~S#ERio^{O4-C4gA`75uk(>I5|d#c|; zuB>C4szgP*QF7wttPKAbFl70#149J}Bq|;2CajJmH@zB2w{ymv4|S8gqWBrkGt8ek zSS7uVp*_I51vHhZS~9OiOk1zwhVEhIb1W>GN4o~ouuZ*8v2<%qXmbvD<^7@eCDb!o zW{e`LP+DN|oF|bt8W0fEnX#m0SzUAr<$q^=DA;%g(D|U}KqIXq8GVznh%QMRr#1?L z7`MjM>8Ul~cLJ+3epZgj?Ks*S7I`h!c!m+4bSQSswF9q+>QaE}l@gWiviI))n(Hm! zI|6FDe8WDPNCANhI1FT|VUY0*pTr}9Yd*Lx&Ny&oEOv_Q@!HB;^T7$>`_-Yx+Q$To zgxeL#8Uyd{;ls{QHN@Qpf7UrNd^OV3W@5LamwTWoXbw?$D+SEvaT|^ToaAxrDdZmL zTJV`LRdVBPx1kiEW5WHRk=8lFQHR&j>uHFTnr?ZrD=%()_tS5Rgcl-hNjgj!p7_Ev zY@VA?l!1P`BKuL(liu^_wB>v)W?cPRRsN@^9g079$<67bZu+I#&XXkL*;9INJ9TW; zh`NrUnV(j+)kj&aD4&51YCPJE0jCb6J*fOR^7-8S=XKc2sNNdn0N1zq+6QL>7%G;J z`vd1nJ760;s*<7W>Sx#+2YwIIag`eZwx=`Sk4V2QAq>Fsz!WfF_U*T2O@r2N{8ECa z_0BR4U5{{|qwC~-5PdaL43+6d{jX&-SY?E!6jZ@>@!UifJePs0OJ0o5jYF`u1Z98nJ1l*Cm1cX6PGT%>ziudcqiJU<_&c-3#bTX+ z4yqCbMi8tK(J$h00?$#9*F8(Hx0p0iWp%~cPlf_>0!=L(><<_mJy3j=K!+`4Q`+uA!;&H@ z#Me5sjjBY*;%Q*@+=zeVejW55aNNJC;6kM%1{dv0Go8 zid(-vzb$dGXZ2!@+RYf~gQ8_e(bM~fSVbi3^7$_wcHx8@e*U}2-_Pamm*M~0kK|MF zSm;)6UO8i%8}WWtkE~k6w!Nsx;5;pgtC7oX{mF@TX_vMpqZ65_bO1J z8I{D|;RXKME6<>BFEfrJfds&M2{C!!N#Zq~nK!0|=Xq%ATsMNkF)6?P6iot35Vd~j znBdDXLAcPz6>4^b!rdFf$GR?Yb_>r=1h9+t`6VCP#x0nCM)0L{rJJsq@!yyKek}j( zUI)G#p1nV$V2b5BKZ+;Qr#jhnop$DOq68*oKW7$91jUdSdAtBSoaig1@Ifc}5aW~J zLXqjlZDEaQ@vEtTGBQ2*7poPh9a}cd-q`EWx(+RIiJLwbs)z68y-$Dkdl}Dk7)~~$ z!ArFs)kr&m=)ml2yNt4oZT=t#w=!2vL&_SReTlNHUEUFJ%vD>-IwI+r6VL`RU~oC^ zg}A0Bse`B0UTVkqtMI&+9_IB>IAzpzfV+(r??mVFubM)58ckh3D8duIJeu(JipI75 z7sw~UFw}4QaMI@#KzTdqq(-hNi^Q7-ZM3pr+Brnm!F-u(8rLC`?k{pNV9wuZbMp^u z!G3**?VcaE4ps^rDwy5Hp_V$v!T?!g(q)~_hGT*jG_=*v(Wz^Nmw&a!0!^6n>-YsF z+1$c{$H_x{ZL{=GM+(wwv3m?|JZsbMo*8emX?Z34lEWlV3w~Yo|^8O&KwoNPQucX{57ThbQ^g86C zLf~INXW{gD;3NP2+_P_F{vVuHh%`mqueNRU%o~hbq%d2IdRgSrx;!=Fu0qf7U!ot;LP!{;M;QNOjU4smC4uQBX1nOg&UbdC@^m5 zXm&v84q{jnuu8}{#8`A7KlYPl`p+HvdfWD^L<+P}UJ(c;Kdv|Jhy_`%Y6sOk^I-?_ z?De9|Tkp$OE<76l9`zfBA^?+pM>F&xZrLB}<$Dqkm$f2#-u0HVQsK&lsXjB?pCc$n z?I>zlkl&GAP)A=y$}gC(I$rXNv-(X=?Vp!b`d^aj`gf=PshP_Em%?Xp4cd#s>)EMa zPSRwLxa+kQa=xgLS3!x^M9P{mPhON{I7E}z?)+%RmZyjpeANBU9Yf1|bXnCB)B`_TrzJO@ z73Z5baP*y>a2jFT_l`Ty=cxN9?iBk~-0;?ag|s^A`1E?V7i&nnhY!wH-IW4fJ$(W; zqQK&f{xL^)z!vxy2tvIozZj++_yJyJS&kV%1fq|AZRqNPc(E*=zWKlWNrwseQ~~NE zsAf)ncU|)2(@`-Aeq_=9t=*J##Qa$4^NZPOJ=RyxYTw*a@%uwdW?OBkH77g&E5FY+ z)BCAkBDOpg-j+f#L_K6=Alk9~j~0HzsNb|-JPb|DxHi zXHH`xY7i!?2l=Z#RohM99y{bb_y+|t^xR^G{herwcWu1~Z>4cv-s)&oc-rINNbr29 zeGtN(A#S9{@sps`_M7{kHWEir|D(M#4~M$l8@MF9ETs~%Z;vE|}iH>2nDJm*~Rd9U}J=bYy~SN?Ea=Dy9` ze)DrL-|y%98NG0B*!j25-*@4ZZr`t{#%BPuL3^Iuk&g6wtc@pb7I2lRGqCgYI;V(a z;0!Eb*9&q|$*`S90A0GJ01`Sj0E|&=^BryfDe=i(on1_nKeCZVnW+b4-6Cik9cZg8 zgBb#&Iv5XFuD~|ULdhN4M1CRDw`yP(4mx!GJDsQtA39b(#8pB|`NWWmiXsx~PF(#l zFOpY##6K0cpU?B^dgJ{RjHjI^Op$n}u9sGJXx-}9z~4gZKu-lN&ESW5k>|Qcr260) zW&0th6WU+G6LG7-a^u6vEU~xeMkJiYeb0LFZ#69fquR>pJs94a9!9$l)`G{(vj_>2 zJcRh=(a#(Ct)FvG?iS!#B}Ed5YB&;s7M`=;YrD?>9P=O}Ans9>f7sM^<|-VCm&F$d zQI4c`Eb87SQjO1Hk`a?s6%K7qA?mVmuo0reod0}W1jFZPe9OCPv)Lo{B z6ko~Js)dx`8n|e@gsrM9u%Fb25)ocO?)9SAmyO^y)+=z|c%8XDt+5s5diw$9m%Ig1 z?ci-ImLff6-FqZU%-XGlwNMs5wS9$I44P>YCz#&)fzWz#)O?PyN-*o7C?V8O_%=v6 z1)c57XtxbJLfIMJ@NyGyKvWLVzu=m}?R)>R+{NtGpoK~}gH|)$Tw*nTJ9iuo&_A!H z&-utdJJ0u@huZ#Rfa8Duf{do}IKnT7i`s;Jv$*p>jlkIHiYC0GCe{0u);m6DoVBgD z*m=HPxY_ath|fJDc}?nI>;}pjMg+>@;IC)<;S+9p>~?GJU))rcdHG|9DXEA>v_^FO z_olrTj*I<(>b-=>G8)xwx92+y8Q`VekrVZ(rzerKbDgNz$nzS!WsFQ3SWPU%20dYa zvpiz)566&(@a@raPaAj_-^0felXTt|RMtXR0M<_G!l|s!70oR>OyMX-qkiL)o3~K& z_~KkT@`#Mw3Bv)QgZtPH0@mqkL?vMoO2mAuSITfY>v(&<(5)@?_V;o@q+@{mouXZH zr;i^k&(jOG6eK3{B(MUQ#yX`gY)>D3mgAE6 zcSNgQJ7q^23Nz`lZ1|a4j%wnJuiVa+lu51@b^Bt!8$!+J);>Qi5M#{O3}cfHr(uA@gQ%Nbrw(61sNT(LmN3qRaglH$!LxjJtHg@RqD3* zkF|Dcl=rJdZNO_2M_%GPh@@=30);lB2mBY963BK@qtuN6*@azC?Sp>_jx?qBX*%Pi zUF)~k*1?9%+|axAJ$32f7uuA&_+bl=jw{kQ4OViSsCJvEwvjYz;qpMiwI=?}kqGif zChY`{$o*>%6emeT3`^|5Mo?swkeYn7e$bww)7?ifG6@4VWexHv#C;psysgkq8gU7b zn-5jv)1WO}OLaaw&oVY#q~!^t*$hV1N4c%^{hC$)K7};2UNPi8`4Dpuje2_Y(2LPR zGtXZ{DreX>9S-vz@>tWSRcHO00Kc=$C5)@o-A5D?qOq75vR$}4EW%S z8H6djikv3#HjzU1v0-vld(8=m(Kj>oE}3k+-y}y&DNf|*9{HZO4Z8q%x%7jT{i4n- z(w1&kmz)#*bqLrbeK+|Hy9r-Ep7K`E0LDemEs)qEDD{08F@C&4^z82V*MDVqGzqI9 zc=u#z7iiwzewrv)9VS!RWI(V9K#>N%8hz-h;)ul4>IWb0 z8VeFz%%X8+*sDUm)OD2o2DQ|aiWV9n^G}yljGE^MVnPj!*Qo{!PS2?THZ*zLPRA>K zYt-~(Nhcv2y)}A-h{6DLW?W?+QQL01=Oe$WX&yd9HibyUe53taj%LyB8&vq#wHc_S zGVk{gP&P;cOXG&K1`|Xn= zepmb2*Kcrxx><=imFGvz;_!lx1fN&6M0cdk4J4HIj>Dh7Q0u%2aDm)~lc1D=-fzwZ z)D`c8Yv7|K&w6(ssjSf}{vOO#6rKYyS$i-06@l9!n zdJeFUkJeb&pB#^TtX33rqNWQQ%9{fs5?$E#F}OYbaviw8-*A1Jj(VL2E3k3M@zFy< z@C@3z)ix$>0`ur46;>cjbo1qaXkos+o^#n(GM981w4u9U!=U#uvGB2;wxF=`!Q*~g#fy@>4(Lo< zzJfi~EKKU!XO;z9Z~Y>ZiCdxb&f%^rQ~F&nACYgp7~W80zQEPb%>W9`+YIU z2zh2Pu#cf;BdezrFfs|N(u!;Wy&ev?I4!txyGfc#jJ>Lvm?>}MB~UOOupFV~q^$`~ z6u$Vg%g^ib^Je(p{gY^#EOn4jMI`@ZUbsnq0zCwZ>Q7B89V_hV@DE>VbbbWern?lf zEc4L1wxM4Evz;r9%y`)Iq2LQ9>s`u6$X@{QCW92c2gXLSJ?Xtl@`sB7>LMWS?1&X3 z9Ne0K_lx?(c&V;yCg5Z|5aNgZGddco*V>^hqCQO-zKYovZ)2yBH*IPsp$|bY!n>A! zIX(3|j;8nbkj!r(oaz1V=dQQScG{EN=1anGyl$PXj)|W^n1$jnZw_XTa`51$^?P+j z$(N{0N=6T5j=*>alq=~+#ALTzwR|{=%icqnOVBe&0z^C|0;P_OfFDz9^SuaJ_=?93 zq*(ztLof4Aj(b(fk6Ao(p??FdvEVfLTuyuf-?a`0==wg}MZ^@YFPv+Z%aMI?o&L74 ztAT&;0OKn7Fucuo+uJUFxY;Y9PyNig+48+e587U?>AdFFz_;~I6;5N@B&zB{WV|Qs zEl!eM@mYS@^0MTCqC!^Sfn25D)`RqFg)~2#e_odVy4ykVYVpX+FFc{^s)s#&;@P%H z9Eub?J~}m8=N`&S^MCSpRlreA$dN_f1A7)vnmK<&k4D17z(qMzsQ`_g_ZjK(#sbVcwI8b6eVNQmrchbqI6o1;CK zCs^HZ=rj=B&Is7qlCO+{y*fzEtaU#fvl4hv&@zP^g?x6HC8t$vWi5|YO`UyetCd<| zLc#t}^;5QK=9)b6?KdFn+gy80o{+^BKfadT+>bIB$ITo|KiEy6ZosrUERvT%_L?A6 zT3eu;3pC$ydaSt8=vx+`l+{99wNcxp8Kr)U7vEb!HLIxYs2hzuapsFK@I=uLZ0zhz zd_RIUR*Q(O(vKALuoi4$?fn=EJy_A8@AKGYccL;ad-0k2-&M60*1T}OFJ>s%slPV{ z=J4G~_AgVl{U5NG|IvE(FXDGLqzBD#SB17e^TA>mYf*h{A(V<26N%n0qVkf?K$O?WMjV>@9yLR0n3#M@dmO-9$iSRL5|=`Ag>6~R%VonS(*X&V2k62 zLCyw#BM(%uJftPV1%BhKAaW|nfQvT2#;FizxYHPO?sy(ZS_1_d7-Jl~TcM6eX|D(~ zXF$o}-9?66E#^F~LBUCD)mLLADmxeo+x&&~DaD2$6&PT$@$U8yZO5_{f1@q~k_#E| zd4h@&?4+;#{ll4Kog1L;L}PNLQ>rZfC=c#-XK%YvGU6$y4 zksp??N4Eqx!`NJQh#27V(uHpcXIIGG%e;Kr@hRYN#6>?q#CRVbwS5io{N9wghZA>= z_6*AjmT;ORdkCvR0lo(DcUT!H?UJ9%Y5!w?qUWm*{`7BA9Mn=79~6Y(=67m{(gYK>5SRhf4}|e zKM#leq-FjYKU#I2>?d?y&W29Hc@F;b`9u-cnq_h!=Y_xetANa|)9g!8~qd#b^ zOe&L%%-p!b;9BTDf5@11e6zAp3%f37FyNwZW+0zveb$mYIqJSSz{3XsMrY1>#IwY}h71hjnhMLx$~-EBE5&dSvY%q1X~S`aY8 z$X?9O|BuE1*79`|y>=ttE1M>BA++-OY;L zmjR38`h7;(@eZBFa?U1*-W-(3mRTdN=ztM;PwGo{W%uAMb3=P=g2`xyY|usrdWR-q z5Y_ksiFV;V?xey?9fp?<1=&yv-6^aUy#;ugg(a>}>NLCb*7)MMH)4hJ(tt2$Ynb!0 zE%%wOx08s096L3)xMYktz;GaAQKc!Y=w&#mMf~+zgOs*0yemENaWKha%RH11Ei%#k zvUEAhVjglKH4rN?N<437x+M1d@tpGyFzWo*|!Z47m zhe#$;?8thcWy+9l=os)KJ#?;r0EXKKN62CgOgpC68U)zBppVGzP~Hpn)dkocRk`l>33!ZXH0=70t%^eJl?@KX&Xv*z#2dw z+=d72AUK3{<$U(ez70^(Jqj7ju9hSr=@3|xhS5$-9T8)iC>~ObJiHuVk8iTGW*fb- zw11;m$az}Wn)0eYM8WiL-n~)Nz2%3CN9@TQLB>eepi_!4Iy9$lxQ+Z0DT>ATnw~4{$)7_d*(=MR3Dk62*dTaX5onie4zN@e!1F+(8QoNo*6wfDRp zgJbNZ`_@u&Hu1`-^^lCQhHr%@;uJOUuO5Fr2?gT(l!@#W?8MEMMGDZ0+76>N(Gf>E nf#)a21`KW&HkvhK+wl~W@~oB6EUek&y20?gk~KMWh=Pq`SKpknZjV5n;)tySw{;eB=B6kF)1+ z_SxM#=AM~*=9+6lRFtGqkqMDuU|>*XWhB&KVBjDyFtBZiuYe~rYj@v)f3S{f(qb^> zzle8XV8~%)B}6scj1Dqhx~b0)^)C~>>7nN`*QwqA`}v=-`Z$DN{O_Yq zDL5vu9sEE8+ds4XGbJA60p;I`|9M1&RGD0lNxanU2Ca`(Nw(?;~3f2BQhI zr>7^bKW}Eg@7Xj@CRT%j3#uq%H(c%YTXU;Kt@!KLZ{NNdmZP=l=OABO56C|32+;R?kGpGdW-Ia+^|M5Wtn!ZN=}j-(P|d<=J|S| z((34Z0}G3B6PBj04`0ToTI%&xzW*nkU?kXSk#qPeO-Wrgs&tWPz%Lf0KjVP1% zuRf5(iT2+ZeJg7CK_VRtg|gorA@0AQg45A*-)eQw#;?xq335;_DZu9x_P|4RttqNU zp_(!I&v610qGGcnjQF&i+owg5ZKzQ@H<)A}W(p_h<%M>Hf|zYD5s(eW7bw%(#~tWd zIr@*p{o%zrKeClc!p58YRrOgw?q9+F zlIo;kD?{8ZINvrdTHDkdoTC|CS0snO@TfR=i5wkdEK#hhLL2S8ZT0RSB?uOW(+aba zl)1k+2x(tha^TT83PqX~5vjP2RVzTAu;lQMZwuh2fp$jQfB4UyD5>9vB`502oMUft zz+0-@o^2Ry9M9}u`qzraysU$ilA_1|qsx9h*p+e$uE!J9mKGu+FAp#G(S+GZ$+20n zSP`woouKN45Z%iKcG-V7033>hR40RKj#ddT!{}J7BNppTAur!y`p7`u$A9KuDS~Ih zgAgaUOj2(+=t^{AWPtI-evFMSKFZ znM%C;U-g#|>!f6BbLk6B5cl$)uTI|D9-KqEi6Gjp@fuAf@QMzrsQ^V~{VN7jj7k}W z8e=FMUYPU;1h`n7{Gp8bxV~BvoiEt`RYYK0W0}Ggojz7RCIKQIWdRU%oz3{FVN@v4v`W z#+a%_>RUX$x)fhr2n76Lilt)(n!>KcH9t#m^wa&E)%3_fI75k>&&6X!E9GAgZ|B@{O%|n33{WXs#qHoHP)2@3oFV5zIFJoyEBmk4&AWmeb>32em&C$ zB3G2^dViPiXe#SDvraZlDwl0=>eLU4vNU~#6dmX1fhe*VI#tS&qbljmJX)n}$@?pv zs?QXp50^<8bNp~{CkJ!vPM>DbdJs^*g1n84mQU9mR#rq?<^-f730`n>b6*@U&XcN# zoO9_Y4Dg=m?4Aq-;b(3UO{d)&{CM9-PH8n0ig%!|ng1occ@TlBqx_wxZ$Ha~-tSLN zk7v$*o5E)XHt+T6x3xRJVG{%eRXaWzQsA)|w}ooj%!uJ*QEE9J6scN5THVu250)#8 z^Q;$}>5_$ox5iQfB^Wf*FXS_#c|I+d5h;=JnT7xCaKFd%!KQit2v$5H5+Xj-tHW9+ z*xL`2*Dim*4OVm^SkA_zlJJD>c>I`jwbmR1jUc==Zuj6!rh+&q3fcN%_El1T9YtPd zg}Xi&3b4>+P|LM6VAA37w^PdZ#oL|^J$nT#V;B11}-KHT6iWb2<~t~ zi*|()Nz_fGg8gC>b{hf;hU(7HdOrcI_vF6A&5kMs==c?aY1hvbN;#7G&BGQ~%jx>J z%tr0unBNe>f-9Lu`h!2)UOmrW9qzDOVxS$(y+E(yLkSzMv!+l?<+!n1uIL4U(_-O!cv%TVA=C3|*8&98`ozx<5~B2PlH zknd^k$?FE|X_U+TNzC1)AKJxm2^5sAUQ-M=j~Cdf+@HcjO#1_LHw(uyS1*O15m$?6 z$rKm^7CNF_pP$0)9k;?YP}DE(M_4)}z!mMt5H87|aWsmd`o0hTzXUx^X0}ELlW3Kb z`O@k?^*stdOJtD>hG)ec-*)u`nJ5^0od#+uQ%h#ii#^<59S&ZOa`$^y7N=E93SV#cIj7m_Ak-|O)SbwmcEK*Z z)KwTD=9VPTpR%dnyxZLG)|P}Twj9b`d!EMA&--bi)a&h(y7flC56`7OoVxrDsiS;2 z%WARPaDBA1o(Z(v1E1{IgHfrYpiIo(pJ#TucFK2Bvptq48iuzsT}9<`xX4&a!Yd#U z&FlD4!0Sduq5$x2{?3frYxfVgeL6#TB5TU0x`oPFq>T8?97evE*ULNnmeG}pDiqI` z!;)dq%yxR~2H%|d!cWe7R!s+bEhJy#_fNQ=Q{L2Au;}<%)mRYaP0GEfFz%2-VqvM$ zRjbmwsW4>hFR%sW%kWDsynPG$b&pE$6}HV&Ja2sE@&1~}`HG3_O)2qH7(UUtT*Dz0 zw^$wAn{EXOSHOF#{|fr^b|8b_=;5Rp{NEmiOHjF9nIqAs^+o$Uu4KMV zyP@OYz#(aC!*tq-4(8b&jYH6PJ-{$=gQRlaTrc~MSDQ+w^SYves?|Zt%e9rr+K5ooc3{Q?Pr#dLAfm#M<4a6yzsGMM80}F{ZR{IKGJS}rFFM!^oKpvrJFNB6X%=JcO%_pbov2dG_b)x(kGFWb zQdFZN_ykXSsnaTSZrRPRu)DD`XYmD27OUl0&DT@PmEI%(tM{+g{E;ov?nP;$REQai z`mMj!bzjR&CX3YY{sQx>aO*Sgk3y^KrM8{v!YIoi_yfT*E`??R58dpfR}6K8ToOYj zeXL&wF&-X9Sl)c7?4%ptM<)|{-!~@w8n4#sbe~B#cLR`|wf^A|^X#KaWi~|M0Z0Li z8TdLwuzD+_>oX{p2@*w0JVqs*^kVaoy`r&%Nq`uFhYGe33nKUGb?Dbf0yeP|qiU0v z{fe1P64a7ovbAay{yLQ!#fZ1byLvN`By6^wFdUzzK(NOad1H$poa&Su2VB9f| zIZOp^$l+WAx}nD<*6T|5Lp_|^RfL##6)t&FVon`yw^$o&O6hc%d(%GxGYwmiPo>ic ztkg|c$_+8m_;TuTJo{5OM?_O3t`J^|X1pbW)>~3M^l8XA#nNTH^ASkpu!J#xL4Nx^ z440XSvUQQ)xjXvlQIxmXabt|-s7wWnl6ZH&ULhT&Qsw22Y1OcGLQp_fUCy1NENT7U@1e!I&z}4|U7nQUGVOwC$#}E|ktx(ED`ZWcF z=y+yTF^Q<5BhkP!_KL+ySPL{VseTlKpY;ycOM-4wr34=#6q~+UTpU}sNBo#|U|TZZ zr%QY}?NYi@oY06~XpsM1UPPj?#c1f><(~J|dm=78HT@0hA zQnGm10-f8lth}wIB}#5C_x_=Bu|m2}h8;%4PhzCUgN>GF8<;anWCFo7cF>jKI-514 z>Sem7va$?qgXxOJ#?z4z?ed>%gSF0+xM2v=1!e2~b$PU`=0EdSoS!<}fWSKwcjiz2 zdiv-72BUr}VAPh1yStRk=l066v|FDpJH4;BqZ~CX(5nk5Ov;@Co9I-`yjGPhq&}MK zAQP90KsH67sBmb5*2REiv0{A6wJ!Ihl$FzAC)p~f1-$8{~m#{ds3&|0XvfWa%O;wbd-JyGK0eDUuLMu;Hbx^A=@#7KFIeu zVN=fu(INY+-Z-#r12Jqek9YHFHW5~T{HN%E&(l9s`X0>?Lc&K1INA8bBNWqPV?v9HG zT^Y8297T~1R={4_i9DvsDc#868ciL~bugtUlC>ojbXPOmRw*Tje|2;*SF?74dv`p1 zxlhR-6xF~Db=jrNZH@mL1rMt8zUqESL0Sy|5}w=K%XqK5y&-)U}iNm7B z^z#k9c@|1=MBJ8~hC%SR2_X^<@$til+cRFTNUKy@$!XZnpY$1@`{gY0qO!e3PX^2V zrGFi0#fG-+HIy%R#|=cOg2m=$_d%q3AK6IIe>cek0ri0tkYm)=u|Gd{!rIQY8%mfa zsFgceaoA1DpOgn%-%&y|6RF)^gG46W zEvwT{)}UMGWPWF~tE1U(cB1^m9~G|NAcpLUF1=teXm&eA@T?uM`wPlhi}f1`vwFGZ z`}|1DHEli^-Ia@2-6WYUa}@OZH!DJOuUQpN3la&2c#IvhgScO>lfT#PgX_`KA(k`& zQR`3mv6+DEEWto$u?zWz(s^Q1UO`r$e&wpO_e(Q@?{^od2cHzt%+xK!r)_m}u6~nC z4&%gJaa)`*+3K{x2CCAh*~U%JYD)^uV) zs+(rT+63yvNrgSlwrESRY;t!v-_YoD%l9jT@7un1`TFiUt=sh#iS>gHHi?H*XaYjB zZdw0e!Zv?+3Lmo;wBvk$q}FEkmHl!n62u4mGexDqg_FY)3X@7q`k{O@mFERNm;JzT zAzJTn@>eYfyG^J#I1B_b3LZI&}$6p@2kOgIC-Eb%B`}Q zJ456udY}qTqW7op>5=&?3VwW3^?R(?ly_1bOCw&he6 z=N;Oi#X=TqpFI{D0%?8PsA=voe7=LDxN8<^J$d!K;IM4)RkeEn{un5^jG&aV-1H91 zS~1HY2>=$hsXI-e?lZs2sR|(!yD)^q31zk`wKfQ7lW#(H^`=V53@Y8KG@m>9e&dvq zhEje<<-Qw#F2h8QANmF_YY@8oWjP5`b$%mjf_3_b@#{^7MCsKv$!I3sck2)LuIF83 z+)tgM#*Z;V;vOYU63*hI@1|7RKA~QaF5tgtzJ6i%6c*tV2~R4OrPNlreIsOcv*(Dc z6xypy#Q(CxZuYBx`?v8@MaR?In^jYX!!yp(xvMb4Ek2hbvT~#5ug?73&;mhyqN<=| z8rU+4OvOHSBvV5CLq_ubxZO8B$1JP|s47oJD!H?*x^vTkoA=2ga1@;;eEv*MP7oA6 zFC8;xUIH9YbzI{Y3bw^|&64*WNZ7=*isHnuw5o~&Txr3mVF7Sd3hC zsvJsE{N_K+O3#hM-rhHe9_Db((@JV_moNEM8*NIM&14qHorYRYG}H54?}g4DSX@sV zz8SZFuAOu&Pre+2;BLLKldS^gJ|d;bjn7xO<@q5gWG%#jr=54M<Vvf4Z-$oU^=Xf(LX|~O|@B~z-n53k`J5ivF4<`RBH0^ljy=p6Q5=5WbqEG0v@oqs1IrHLzR=QVmV0jTwS&-7ML?>vLpF z!!hOZ_3iIUNz=(v?Gd_2t5&Lebc8wCB9)A}k?pRxWkfh^-W$UX#QbhJ``TqM>|W)+ zvs*>!;$fCEi?LEac68f+C7ER^FA|hhQ=AR9(JSNn)Y<#e>*yO2tN$BpK)PR}mG})h ztm1A0zQ`ug>tdP9Cw$euJzE1wYBRT7A4xU{d4Jwp5jDHpW7N+4!BZP(OZsFpQxD*@ zNd4R-i@D!xd{vx3z=qhfDT;Ax?rHp9f_zVbv-@c?@q>Q4Tqi;+1NtYw5rb(so`xNY zr5$+Kb(HkxTM2-tPgvo<{@vs*O_85)CSKJo#shYcH+?vG>^N5CGe!ze6B0E;$q{CJ zR55cOi-a){@Px%VY;)PQPQF4j6tGsXZ*W?|VoDZLzG-LFtO$67y$>uB^16K!ORLO$ zmskJ&lEB2pUB)TyMoTV;<}iAFp7;%$4-OrXOofY}L~lCs==xS&TCR6>n?fqPq(pX0 z!!AR=9C64<7RB{=nZ4@=W7S@c2<0J$iCRT=4x4#OH5)~zv6#0rKwKZd-*6Nx0Qp!d zlPl{n9wrY<;zLTql3_-1s#&aIw69!&>*NA3vf7{4U6y<&Y^VU#?TNjV7MW6OJSm!0IP! z6Mj$j${ii!Yg+4S^LxW&C-)KVQi(3gK#8>Y`(~LC${lVm7$3tLSmB6Na-pmm6H>V( zmTy3k`DR-p4UgSolxa)5UF~If8XK%JNGV)z(>mL_%-X~>j}lyrIvo4Xr#}F3{Hf86 zOR=x^td*XAe@$H^4SVwYGA17=_GdVtFr|nW(hj{GOw&f(U2d=+=r~?p z-`IulxSWBsD)bS~1j}{X4J1ko%c9%NJ1ajldhe>iD;JiGYGOi!zP*yAaZl;v*d>$G z-?p*4E8DpX38{=KJsgDZcxP{p23F;kTrh)}oxkDjnxQJ^B4^-=Y8UqcE;B{5pYd$n zwV8t6-+xduT1>ev?~bs+(N(N>J#htOA>~OtC%U%o!M2&^mapjM)qH*7H3p_?0Q5%T=0Z}3@GEWAk3p5VLh44&1hHY zQC|?x&c7K4H!+&3-Q^u;4vCA(!BI`Sv@lcDaFeWGa6Njz?Nvo!wY!h+Q_>DnA%$Kxw^$KzlWt_ zHE{3Q%h%BinhYgrc}an*K0d#Vo_&RkONbm|i4^*3snB&#!=R4gp=Esr5<=BfL+knq z74uE7%Ue$!+jH>)06eZLpp7~C!;n#uHyfL{a1;Ytg z-QLH)1m8eCS$$FkWhGJ*#FlpZrw9>C21=4DdPlmqmVLuM!=OwR9+1y-+hND-i{GOo zvmLXSc8vPc&fS&9Ci^_>sGf|AOJ`8_L{b)6wO_RKl3MF)XC9lvm5Y+=;U+~Zi3s@a zV(oF-g-%e*=T;{r&E6_$MKNku5WXdwV$|;cs#|k1A4zgTAi(oe{dc)0BMK2KOb(f_ z$#}K-Y@J0^W0ZtT30UzDjBh#_6v;&!bp;?!lD@*Xw_W0o&lkoN*T<&6x&vqNaRMyH zGDA*l?dGsHN8&NPf2DIr*&_Ep4XtO;n@ZUNNqBKj$ga3_)Y`%Ax!A?_NE$vaqXbI( zgqy`%9X}fjA$y@On`=xa&`cW)AF3oyU5qt-1r~$0H+^!rQ8)u^b^1~- zSIk^l!I(pRvhdi{hCTdvI(@9?_IvG{;310#NU7}3av2K{05Tkq z)?!ANLuh)K+gd`xNj2hqTJNtVAgK|37C55?7w*O&*{@8-7NXM?HKC)y$4l+FF38n- z(HY$aIfGocox4KSS<#l-01V&_{mk1qBa$xg1rEoY*5-A_u#5{vwU2=J1J0D3CZ6fe zL`%sagP0?<$vh}H{@&gwV%hbuuhv1mSI~)7zDljH_jGfErBJN?O*7tSFP3JGW3%w; zhF$2dZjcdnuc5G=6(*W-C@1FD#G7S~Vde4bhlO~w^QJF{TaGh9ZRr*xp8u0Y6-cYC%Gf}xn} z5Sb-FAg@)9avtz2g-bCUQX9=$IGRKY_afuks{Zo^lBB|bgh*PhMz7P+L(}V9l*3~@ zZLTQ4!oF$Ks1e8y$sYggv+khVn>w@-5%E4RQfvwQp-@p>wTzn@JFm{ zVXopRrKOBO@3p>j{GFxdFdmrilr=axc1A5BJ8HbYC3b_3b{AT|6%pwYu-g%DDW*_y zAuuoRM12i>{k>R@K+=*5l;Ki@L#SSSR?tUwywGeaaH%@SB$EX(pd0pHQNWnUckXF7 z>@dCB(CvmO1_n6f;YIu|wR1EZj@9*&A|f6@B_iq%QY1Y{6`t;`u;E62jVjqU^dw4u zHwZB-{9qWKDbU}&T$HTs$i=3}uI0l*$53XQ8qOr97-K7a<}={c*Z2~M)fJE=Sir^| zSCbnf_{kW(7rj=H%J;i!4>~RN7-Q~^+fr!gQHb>+*oDe@R%u+A2jtwJ7O}p1tX7+U zt$JSTJ7LmRvPITAJs*1`Y>rIlVK@ZAF5`E`a<9Fx!~uM*=;hH zCzrKGS?KBu1WKDkrootJN9HB=Aap9z?_-5!s<&2q8Y&*G-uy0&5B9+&VO9`Z#A%6a zDt$Ky>IVn+Mg(1IOLkI8vpfb3mJ4yZc7?lwIctwLqgKla-;1xZ-E*UF6$2iA4ePbL?ucs(<(%pv~ zMDQ$J@r>!1S4z8u+@@f_<7m_>^E)JnyJ880{<-;Lm!@?pbSfO0y~B0eyv{Jd5ivv1 z#}T1l<*71F1j*{D5Op${-+Z3fM0y8{PYa~SX8tW#dx1RzQPMWfv-LLk9+$@~4@01E z#jr0C2c(AlE+~!>0y7M%p`olw!|BSPwf&&@k~aYoIl(udNcc^5{9ya*Ws3mVA9J3|_VcMUDJ3VV`FS>Ka5=}^$!+c-0aBj0ez2xN zsFk)35#NIu1RB9pY0;s|8mDqux)uVqOC{od$zYQ4q})-0RK`=140g_4My>YzJr-jp z!x3RZTU)nz`_4Z=gj|n}f;M~5X^}?p^Zn7HWnXQzuKjMSdy$DuL7@QCyz8;ln9n1t z>z&hNv1-o^N{nmsmqTdx-sxh)awq_70-*b!l3HMN*-R-xfA|{;uW8}uGx>nLwuEpZ zs#oYz+b&t`$SR=Sl^CkzcaAjW1}!wU6gZ<`8Az03n#s^YQ+BNnKpwy(qEjrR9zY}R zoYAcgc9B_7=l{b9xZQ3CY9MQA2-=tsFoN7H5E2R@elJR+4YQi}5v1dLx)@S-P?3uT z$=cfV1|H{%>*I~;?QmpTK?+!LhhsuMsz-5p78>4&ZWUAO06?S_B_v;!YHna&UxL@L zDZWHcGkBD-P)RZcv&VOoFr1JZ%~U!V=_-aka29M-H1}CVa}}23@Yi+375KA$+X4ofd>wq1Pjh*?%|fwF_;k_z%(7|l;q4Jfbzejz=uom6oJ9L zRi-(CpJkCI*V%(Lyw6S=nR@|sPyv0K6^}o4{yOVvFE*1E5pL}$1!1oXM6yedyi1B7 zn@jj_g5MR$A$=gyb$`6$9JC}9(j*DleP4#h&uxd*eS17pF`CIIGc$Pqu$g3>dboWy zRg$gvJ>E!}zE(G;+B^Dlp_q^j6o$YD#p!SeQb;M6A!NvhIR{Rkx;@`y*Plrs^~Qqi zLJIgB-=CTY$t`pTnzPwa(3OA0hPA+j4Cg4RJkoEluSu?t<&|9G zd1pt>QT_=N77OyN6~U;{>2wVpZ*he@L4oTrv;rm}uV2<62!E^Y7fr--lpS>Y#zmovUN^dLMr!H$Cv@etTPD^Iw=3+I@7LCRlQX&AE zj*310tOfUr0gSseoCyc*ARnnNG|@(~Kg`Bgv#77;*+1`F{|Hy5_=nh1A{CL4(AEmA zPOcyO!em@0=T`6y4ldd-uSz*@A+!%(M&Z6f*Kzf0oMabM=6fa$5S#ba#;(Y4W2M{S zwgQJivR@k_PfIcl+N!$x1T6DvjoS&0gr^|e0vh&brawHPJNfRvX+l@J0#GlVDy_FM zhu_Xf97FWsK;Y|_ukMZ)+U^~FM4892$k|W_{hb~-LaZW{q{G4)bwoR(M|+|UFtrx8 zK5Htzyri88N{%XC{MJ|7^OgWT7-=>T5K-z<`T6E(i}^r*#3z^C1R~J^Qo-KwRUp$b zCv;Ho>%9nXa?E%lJL2gF1eJ-voZ0sK{AUO|aYm%g4f7INTYgjMV^?~%mP9SnNPBI3 z3<>|y+Q?6cDIBwWrwN-Pe_Y*6MGF&RrcO72MndcBv~nTw-K7A@0SGhG>`+e)6*>b% z+T@(SihmV<$Pi>8@lnMk$9%tUTe0pN`MWz&{E>{+bqeWMYwIgNI*^?Az(dG5InXP9k zGKFFDUy`Ft<*J@|HZ;`vz8o);B4qiCAz?Ty3RgM114h6u3G^N)Z;gHd^p8608$2gH z9^^{@2yKz?Wt-boE8M)$!NBCwTl!p1@L|6b#L5j*aa>O}_QAkVLycTcHl?uCzeH-? z^e+7LQK3^8NrwqM^qe4U+%5);r<;^Ipa_rRV-<-qcj}P6lLnAx=Ks)XLN(G7wONc` zrtRU*FzM3A4N6z4|^i5nk9=trm88l7TKii-WPwP0Ojy&Xb zbref8sx12bT@%9AQlRL$daPaHWnd`5=%t8mqe?l&1U|gIaL`vEfBLf)+-H1yvG8Zf zb<9~Mzeub?Q^;J6C4W!Rkw&C;UYzHW}RVMmrnxvMIPOoj=MM{WN0d+{1e9hG=R{sD|k=yC-HHg&Vms`3t zOmJEuR-1>ZH6EbSpkCaMHdqNC!-5!@=*Im2Oj4>DO9yA;IksS}#A--i#2oy9=|kXRcmm)i}!A_DKt|MPW&C_hCL zJT%`!sm0>THo3Q8?yp=IpS|_cO*7k1B25|pTCwE zDFV=A6~A$B{JH?;yz}i3*BK+(N9=S%iB$IEBKnogt-KKj79;v7@9y5WqwD&hdyYsF z15<##nU_c6VD6^y*NX2kgR44Kn8;p?+mT=+~xIS$H|$7P8GD7Jn^V`6+u+Vrbves-itu7~bhzeN3fq~8+I&(|^K z#DCtOl~iE7i8obKj5;gRElb_`iw-?iq7jndhcuPt)=+Tz$!{gn+1sbCn%8Srltbf4CpBFe0;H5 z;H`k<*~Z8Hxn^dZvRdgXjY=V(I}IXD-{xqHuz=&u679D?EOr+Zp4F-@G8=zLk4c+( zrwDOpZVq>ij*jM;Rhi^^3}I0VJqOZ_AQa%xOASo9HIe;U8Vq)@Fx(b=4eu&I8Sm}D z1eNYSUs!Bz??_cF$d6k=o=~o1>ZYOsot$OGc5k|AI(+QLwYfNiBK7)b7#uqO z*1`93&} zW zfk&J_5z)e&R5irr2R2zZXKSUFz$7>~)qCpK38>#ToC$2&A9ef}rB_1E@5`xt>;^vB z^I*$ebtGoAq_DYhS+brkrY z3C~b~1N^K4mu|r~jW4BEGL;9CwWb(3gV9awhym>)z?7j1a*yvi5gqb`_QHt0wNozB z(uS*4j?IU9v@MZ{2+78#s(fXXjRo7(L18ycvacqsFKuD!4$RMgTXLLVcs$lbM@OqB zM$Rl<=7#byb|>F)(3X=J@<{hFyi-+NvH|Gx=Jvl9j2?i>2+6ZeC)FR8h9uG(r4YeE z!D<5`5NM;4 z`p}9aRj-=qI2shfh4&vz;;2#f=gYgOa^?GCL^Geo_j@mT} z)Nq0EU*?tARP4uuSg5Zmc=MW0&gn@J7t|*vJI+|J9WLw-L6&fUl-c~qdgiGX z78h&eVlN7rMobSeGc-%4%3vN)R-7#@Ew>QRNn0b(TBY)=Zt3;f^(tn3J)fT*=V>mn zf#unFv^}}Y$jH!tOEx+!eoW`fDED$Y)cdly(nVSd*)=&_z8z#D8V|9sh~(4nUaD1c zQ?+}KH%ObOCqGfOKLBM(F;z~J{)diTE&`}}TqiXf$;b6fy|N>?_W(tutyb^Q0Mg`h zz35uJ)aJRJ`ObWJex}^;eoPH*+3Q?!@AvQD-CbQ>(o9vJmK>>()l4ieqm2t8hMITd zmK?%^)m}=8n{O#7C{R&MJOur4fECsktg~6Mv@nefIrEX&^=sHt3B$gL1;%Ab;Qcs~ zc<7lRr^(8};S@*B@&ddb%(PdUpRfLfwI$WO2U-_g>T_dX9ACpTd-Z{(`*a>HZ1-k! ztd0GzZUzw)#G)zd(4G1hzolY9p?DUF=C{%?nslK|BVUdH^+BNNhUh1nW2KrnW`kri zfUQ-37MF>Ct6vYgK3?|4pZi^HKB5I9Qhk4YoCWBxp>W7PW;Ih33KEiT@j{+$Y&^&+ z->9N+&`Awu6C}I$ey0T-s|_@)cqhpfcoa-or$IQYzk%cvZOQ$lV9tEb)Uy&nRv$tE z&%?N;Q>InODKTP0a3=t0o?aZ6(T^!>3h;7=uX26to=02zHUOTk5x>$++z$!}c)-JT z!5SN%W6KRyI0w%MJN3M_q_!?oD{f8JMtQ>e?5D4*z~4!Eg7Nol-O2SwnPB}s#Vjo9 z6++6mFegB61F?gzDv?CQv8Ilf+T<@chT?o-q941Z6E}rms#RO~G9p`l<^s;)S61(d zPll4KcA3_3c0@q!scJ09p_U^71lWt_#CcOo3wIo77vIq|FPsWE$qWT3*z%e)LusZj z8Wq&Z`s#-m>7m$ne7}sGoE$|BhJ;eJVjl#REp@rJ0T{~%-klW;z*eL%A>W%q@eu$E z8?F|(e|o(4m5@#g$ZU#x?tX0x8FX^8J99oo8Aobs5B2*fdPt}YB)~H|(wQ&+G$4_S zVzHWa?YvxR2g#0^>pmI5p3;vDyoJfEy;ZK#if+^>)>sbu{#_^*WQD!?gGL!(5v9~B zX9~=T5pbe(pZC&+4YJF|z8bDJP%MOuKH>O-6$2QZ_!co-U9U$0ufUC2G7mdBzJIw4 zoX7LKx}0%K!r^KKA`02oIKM|OgXY$1zKo+H(V{GB)$%Fpdq5_xNgyjB@A8>_n}rTv zVRHMWR@tRicR;^3>0!3KLO<=J2-_`yls0=3B3fR6Tv#XbjDS2A%fWZlFt zpa&`)HkwDj-qu~%PUwJ1R!td39~fB>XkW@rq#R!z;muIeR>&K#<-SRa`l0ay3YaGg zDy6HiUnp=udo1lYCRs)m9oSe{YU*WL>Y$X|ZZlk~1Ul8+9^i95-NZCN|4P{x^l#NO zmd$mK@UgJoeG@tdcz-uHr>5R=5z?5OfYl#t7*AVra0|B~+D`8}i6;bK(asN(mubnb z&FP>#?xB*!zlc^UgtTP~L%<`zq-&##Ew09Z;LriVrROZI1N|M%`s?W2;hM8zHw2Lx z7PFJmqeR%IK@J9W!zO&?GLFK)g%0BRbEjM-830Sw@TdpLNCo-mv4$G7w6sKVrt9&c-J3r8iQ;4C8$Pd{Ps@lE#{@O<|4G zD??+eWdnMTR6Q?npYoJF+zXTni4=UfLcS~KTGrE}Mo5Wc+Vd4j+A3+3Ou51wOzk=? z0)J_8v9*9d`v_P;Et@J1An_$D=wRcydTRScEGR)Co=)}X1flcI9)r;rOg3Pj-?d5( zD{NK59}`wdnJ7BHLb2o`jf47X*DEliqJaaZ1t>gxS9re`7c;odsBhz|sKP#A8);`K zNq1|8b`x^uPJP`l6dks*d(w-bxskld&JS$&dEbA)hAMP)gg z$Vqxft3=0N$AdxJ=+&x0BVDBoVOV0y| z{C=RYiG|v?k>blzCK>Yp<$EO+$3*l2y}Tl+9)O`W9V$KicQl!W1afh8%>s_$2jE=* zmIs?`%3DkJHPHmQI+-dFuQS5e&(*Nm!jd_t15w%>h{svN=DU`r$iUs9p5GL(>(3fr z{VV#Gs=7`lU#o;)Hg-}xar0;VX-_^S(i({Xc+o?BMx$Y)rJNwE)h&

    !kU*Fa3_Exo-%jYIq;`x&AV&jt7poI}Pw&O2{_)9g zEDD^Vp>Ov=9zU%y5c`qvlxLl}Tzc>-+abEs-dQen)32%%&D(iJ^+2klB9hG2dC|kl zfkSJ3%)t$*!z$R{2t4F{foB0x!Cr(J#G?Fp6Yt_zW(~Q-A%tuA{jxL52ehv z4@P4bK^GiR9SQgtjv=kf5v+JL3vkq`2zMUe!d^!)Ge#v{hp5ANGfkWR3 zt+3@v6MqyMz?7@u^a4^B^EG(vs!Nj%F>g*0#9VttWsc3a-g4SJUBW$gbvBlBh4aO` zR{E{beYR`O&3nR2l4o>Plje1wFqf}~1-`XN(;#@UpaA|jh=E)6HE9+om<04AUEM+t-JgRPFz^k}Nzn+O;sQ(1?qlO#)~{|s78dgNyMEX$ zP965_-#}7rs8xT4jVuTlNmTYMU#kglmA}MHd;Zh_?kxX>LicFA%7#LW+Of?l4-(WU zf?cT+n>3Z{wHWBe`=-V)hUT!Cvbn|QWYk8Rg50X&<~ZfaeSOkMJe}8XX&=`S`6K;# zb)Dimlc8iT*LHA1b6w*`kMqF-2>tYf-Bm*;SnngU`0|;TMIfz1aMg1?-p2pN@WJAO z%ec0`{!HQT*=XpA<{ntKKHkMgXJ2~6<*nC#i8F)^JV!ks~$39aB{m92p@#WRce?lO}jn0E1$6sxk{#p*xj!-TPF?sL5?omYRs@e%qr;`>n9wO9gk_ zR{KZ=NJ2cS;LW9#mwer1Oc6Xdw7w`9dmtP|+2eh1ZKF+18CI|`o_D@d z^)<)m*5tspK$WM0dwxov8&1Xi;;rF&xM3St$78?7} zrY11>LvPoyiOegm72+d9OSp7Y*Q(|zP{Nyxkq7=At1+^iIY zF1KHOj;MOnIZi;gOavl-DKB)2=$23ZM!7I3NLIqLi{q}s;}(fP-*Z~;V!JzR>3j%V zm_M*xqCDHp7EK3B_5*yz&2EYz9sweq$dCmw<`AKds0(ZT%xz6}ObH6O{MLIy0GSXU zaHl2Y>$4AKy$`@xvEu#ap@gxSh}R7d!e3HS0f333HA@qxIB7)AQOMBPhLke>P~^l? z%;3L>NlHE4r(ezKR_&ZA8Z|S~Q1zI#{)w8|H_P$TXum}z(EZe9nVuk!Tj94g^kyV( zW3R%+#O98v%-g2kC++pKOAqFlp>4oUFlr>`a$t2zXXk`u&n_!&eNLy01?yUstL`iM zR^nDoJN#-dSRx3Sb)(i@m{>DYG7~u@cAduxBD1DeZ|KpT0D$ay+XB~22rSmu0$H@k zV0931GGvR1jdI}t3QuX?0UHHt+_uFN&VJmwx zse%S1(LGA#j<$!>ar8rNCj18_xhb!|B&1Wby~SH<%R)opC`WHfs{;0tl*_o*v13Sv zL%UP`A{yh8D}(KLSamJvls=;ZbR7pEa#x{l$FwUy<`0i}kGFyFlYlTXfeNLsVon|JfvCuxkXnGh{sQ;XE* z$k&IWPNxfL*JN(T?oWK+B0d>$wvv5H^Uc9PFi@0&@;?w0V_?#>w_qz^h)Mzn2kkfc z*a{#VD)m?BK;k||S;hvGgezn?60+IxT7;A&F~PwekZ-jlzFszI%gmF*1m<)#hwI{%zG52{mHDFKAY$qmt&uBXS!X_!i56#~)*$Z1dWyDiruf!ip-3$Kp#f#|Re^C?JZkmhs%D2_f1|S`^ zV<>+t|DM-@s%;bJT*!9#0Y%v=;1wl$1O{JhT_hqWi9rOCTk59Ae?&kIv^PKPVIJ;G z-w$c3mDYWjspJUd#byFHfw>qR-Et7P=Q_oG2=W%P#Y})k=yC@L5!R1|IqE?1ZW@05 z7V!IVcgA8o^6791gh}Kr$DSa#pjYd|E!mE3aIcd>1sXe8J%?A1pI{K~p+J*phDk!G zRo?>>z@zWhe}G^wm0EDvLo|FqXMVSu!VdrM6PW($cwL2_(<8+LuCnLN7J1Km1odUb z-CuQ2TWc0aMg(_(m*C}%y%9%2J2L$f+Oi$e;9sOlVZ|6l%InVN0smqKtV*L;mycp}dbkno}Gw+5JTC)ZbnH2(f3b?IE&$1tv!N^tChr+C8ji zzK)%bOg+y60^@Epe9ufJB_-#l_HU5OZ<_}DF$Ql;4*~-1P%@eZT^vN69jbVRSrEeh zUty6ol7d9$IFF@hBW^9tTstQT6x(r1F)%dqpOHM;64$UuQ$%Ut z0(Gn-2#@df6v5Nq1gvx7CVpg|7Pd9{Q+z^y5GD+W#ZNjvGVrZf-I3>Om7rW*M$`!(ej^A1U3Goi4(C%kAAq`*{RI(z3~Ldh15GfIk55V z0HUbVYoa7EXD_JJ`^iQC0<7qYd;0_q7d{ETmV`mc^8gjOE{P1TN0Er%U6OXxd*%TR zI#e-%gB6~<4w*{ZPndVx)nLdgp~GMI--&cb>AWyW06U;q$yD>PY5_P`NVQpVWz>=w zp?1O-!Avd%%b+uAnvMlfQk)D71IgMFspIG447>1lkx`@gK{`oRa|3FfA}lAVDMCyZx6_XEdM{r*3`@(@n%(ezjen zOtuHvo_y_M8sagXYa1z;kZI!W=p&;}+dbH#&3u$vsW5!WwR7Q9V{kvTQ<3Bql_U8F z>$&O6rs_AMM)=SoFF{94_W@rO`1tujQtX&pL{h*}O8fH(Fs%$_FfF63O;yw!MFGSJ zk`KEdE&W{|g%gO#Y<2}P8Y(4vTj(j0fc0XNGewlC{;6bV3h%JDC zHx2rC0LRtosr^NEqJgp!Q<=Z)}L|Z)^xa zUUl>zWXcX70{Wxbp?{r5Hz=%AuL3xF$`PIWSkO9&ZWbuoT4@B*R5|h6g)c+vISws49RPf@ z(EdJJ74_&KKL=#gBt7$AJn`H`bfaUnOP{PX_#*1^H)SbBvdbL(-pLKcpy48|oY8Qzq;+y@+~`WJZLb^yBV@IkB`RyP&w zXm@PwW00kQNr8Z{Fr%8ow%myX8Xm8Nx++Kp{hN?Wxc3;)J=2E018OH+#KDJy_l3m@ zk*;Zb8*3Pt&ummJPfYh?3^yGvcuo!w-83{bx(?f{&HJpa73koA5sCg0pt@xiFqP-= zIzS+R4=DXP;-c=M4U`-aY~KZmUv<8lBzJt_n|CWens{-#VCV+xlVfpB5q=d&D7ci; z@&@8pH?O+-~w;>3Ap5l3$RN>urnB@AzLPcBRpYmK%C1%Zyd*q}zDQWs{E4vOGqI}*UKvhuS#rvIN;N|Iw5 zHGATM?&Y!oAps4CLZcsY(kaAJG`OzZby{q(y`~^1PYWaTC7yzdm1#B;M|!UNFHzcfVn^bVSCjNxaSS6+)g3VzXAU)1aWj*A2}u2hnq$A6!; zoPrT}_L5V#Qa_qf#Pi4Dd!C4>s6WbhX`eA0(j;HJpuzq%5~o?9lRDRh{EKL;Qg5PVY7xST!(=Ds_Cdy1m)I~M0-(Zu1P5BU{Vp8(}O@O$;hXjeSLb~Hy3cbE{fhY`5#38v$Uo}zh_$?f>tWA!;~UV!>;~d zeajb941Oo-eoS$BG{vBj&fTAoV}oK@e4rKl2-?CxwBzrrb)&jEJHKt$4!;Hxc3BEt zt7t?v>^_;c(D4gA-p`oc@4&DV4*BZ-eG&0;*3VZV;bvbhg-RY=93_0{H+*%AwYPlM zvm;fb(tf0hgeVsx+c5-4(CKc)4-`G3NK!s{@+WA%ofp{J^qLL`GBotB&;8-;9LAcH z)98)QFzJ?^z@B*#PyM?*bbFkyd~wOmzjXvQTvT+z{<)|3S}=Ch9AVxQzN=3|{st`M zvKs2PvG02StSa3Lg%9)NB>Nk^Uu)q8>TfXhLT{yLO;s3D8}gUeKb6In0b?-+W80xC zcl~#4G*qv~RMs4;TNVS1y3Lo}I$$U;sztTzdBNMQ}Bu{p#m zOqvLh{WT;+XsJN;xeeTURYpfF@Tp;H^uo0@7gC6Iutfr=lxB$J*+iZKAF>+3{qIq z#ge%zlR0@nW2t&FJ52NXkbag)#C{NP#V&6wOTit>g|>@`wScas-0##<%Iln$pT8#X zOXb)ZGg1PxfCDae*1~+YE>ZsA$T>ubU7;8_<~<;xC==XQ>e>o~?~+p09rh_UP1vCKs zSbS&(v)VebVa1W_2)I+#5fE;b5}D`CHi*zUg*mu4K;YZEg(wleJa@%tX$UKAeES&a zNg8wR@$vMq+rPdGFCsjc(AuTXVH074RsPLW0~Op(!&$d)?+PgI&b}2B6@8PJY=YPJ z>Wq5w3b%fHVGE*iP%2wp4?rvM{KE2`ay}(B3#B@MJ z^;N3uspxdkZ@p9pYpdos$Z60E)%09312@+sa&55c=tNgevY@c28<6{zMz{-sOS$Wn z9m*gy%@!)dd4-ww??C_AT<}z0Ogrk7u~KpSQ{HLFG2ahUX$^m3z~_KCBD=pf3CpR~ z2G)d~sdr!o$j+Sr>WYCNWc_n?csM)4}~Lmi#o2_$;6P$Qky5GOHQ46 z8foIN81%l_vFB(5f2(OKK4I1v3|^&KCJ0LW-rDA*1ZVbfHrHn(zkaT(X$o7Ma#XZ~ znu{Xt7J+KCYkeh;#V^2{>uyeGq&x<;j4Z0GGzacnO0sL@dhgGLUI$m1x9;*FPee=0 zx`+~ps#m?gX26^2DTMIT46e3+xIR>UB|mZVe5_+T<Qwq>r} ze$u*jm-KS90P^6-JAX#=hRMp1{P9$g!y8{84BTP&tCsF$8x~cAAhZo~{r#C0AiN24OC zftbO4Bz}NeU+hyc-vv2((b^M%_bVji^Rr~$G8qoC{fY8bI zZlDxLcI;&IWc@$r{*@*H2XWi%Q0w-GO6-RLytIp(YjboHv5@u4!0_CE$q)yk8vsG7 z%i~XN8Pnt))lLLjYd;zRgf`2I_6NhXsCCZnYzxd9b{zpDYj5MXNhr zp^TKfpWRs>_$9_sjiodM#aJj(o1rE=&xY21P=76tkKIWy&jCiAl+) zXgDkj%t}Owk=v<7H&eSM7Jiao1O!eDc>A&Q)bS40b*L!2r}3!~x7 z5%AJ;PeG-Ms(JUh1rJ9dU1@C@E{sdMgQ?sTIB>Pxk#_+>BV z;Zn}!cl&jG$j`1{Y9YsLeDp0%ucuiJ)Pqwm^!L`Hz8bRZIGJAauC zRHMGBO_H>mNf?)NvhV}SqSoUNdwt>Bl!NnTlj9wvOb_POraM)tocn0de;+7E?T=!s-j*-VyIiOm*gY zYUHnt+;LtudZE_ogIG9c(z%DzvO1~dmr#at0<^T6@5FM+*Gc-1HMA&>cq1rNP2|4Npw(L&+-^a?}d0dPUWS<6j>1hYM~EP(Qia-lymD zsw0}98lZ4U7c+6iwW_Cz-zvwMPExU zt2yH{@)3A-(^6G1PXZpbq@=;&8j?^t29W0?zy!>TjIaur(aep&AX`gmL2S(j$~aioyj+F70KH8#Y2nMsYE zAa>V<7f8$=3Sl0HXkb0D|7^k%?A@~@F1#Mc$Cr@~T>xF= zZvZr3sAwPeKhZNEGmqQ{>zhJOoZmpp36mVpzif0C)hG6JkdD(LBn|=qj38avQY>~@&(~O-L z&lB?U@|refjnAmD_q>nZaS>EMfK2Q2`U)e;-~{!eKWP3(H$Wn`B%NF;KkA$Dp~U4! z;2TD=e8A<>76*laR{*><)%vv8bB(LRB_)OnI_z@m$|3-2op7mNOvH}<$XQPEQr8)z zQv47pksLY(jF8Cr8aV5nMLKH{gimRF~rJHPJTDjdKU`I|tZd_SVZHdpZV z&1s)}l6?FzpZ9G$^d}#y*vRo&24Izl7?y8)Qtuic(f}UQ)cM#jajuZaYmDBWcndVm z`P_!gNp9HOIKVgDE1I!owu>u=1ap+iF*Ejv#jfGFjLIFiGQf7xBh$USwMpPC8y~q_ z$>4yV3mfHzo>o4z~ic$G-$Lhc|@CPeqWMdKts=tlr0`}_j>@`t4>6QPWt|De<;z^U@52)|$@lQ6!9@)fn6#92G zO;6H&^jZtzQO>aH+N4n{0gox7uP)PMJe_Mxpb6DnC_;H|5Z%xLuqFV3jeUTsa!aOt zIQ;D7=YZ3^$y&}VVqzKUhKn*iM3KfCF{-bBI&SAt_;lXOZ>$BcCzDS!q|$+E_^}nt zxG|uP_Y@miz3$1IXlk&I-p!(kiHW62^QHsLteu67_|Xl=js2j)hVMK|-gyf}a4hrq z1==X=s^-nqSSx){W)w@HKJ;H4FEHYE0a;lj*y<0TY6KX$}X`z zYW$of*cVm*-I>^|^vNjp2riF|UD2a{n@WDurqluagI+@ggq-rz2A-IIvhCe?41=;K z=Ma=5T5`JRG+KTg*r`rM8OY;}AnZ|TUBu1&NKrVQTn=_h-=4^sAsQ#YFU^U;9k~O^ zQ2Gk!wGMT=U*b}Qd$wM{XDD_u*n1+%KE%YUn6UJtuj@hzY<>G5e`?Ct23`+eJj}qY zb=cZT3G4!nDG-zrJ+U=PNFatnpgE_O19pC-A}jqJ!{V7WfyPSX`3?X&?*1&DXbCU% z6n@m}p$q@Zvv;;bqrnPA;7=RQF?*CHItBjV_v}USxeBhY=)on)3I$mS3HLF){dch6 z$rR-stk~av^K18^3XwD}Di9V_>{lK%3|Aj1mbD|$rg$YaGg`=s1OzEap)Dft&s$~h5>j*8w;FZfZ)8KC1KJ6q2yF-S4Fg6+i_`;J zF_iD#gBWlrv{z~NJ~QhD4}v0(Qt{50tr2b=Ec+Vv3RTKANT zN4V^x)YF$cE?(U2CHZikIo@mJr-ndyj%(!xNlO(xc4rkdIRC-M8HiCCFma5W8(msP zo1VSkDg1bWa%{c}YNj<2CzgdQ$a>Po)Q5a?S4w}^#=I5IJy#q#e=cEmu1u?x{qQ#AIi)#!I0FOl4~MnznGFBodb+(Hc?d zY{9wV5Q#SN=iVX5kqmMH;#KH8032RN>f4mT}mJBRjq9GZN+h z2z1pVrMTAKdYil9$PO_hq>E&KXP-*&@W^CU$7aqm!B)3O3|7&WtEO8Z8z$7Y;T|-N zFJy^8pd5W?1JixsmzTc?96iRquOxtbG!X|9ILKpMJcg9Z?p z)3!$}jK>o!1N}>_M!RUq=}VfrOwFZjDt!|BTW><>L_u7a@zT&dvuJFUu!+STElGGMXwWZ%>$8sU)**K7QC+%W9=^&A77`Y|v=vJTT=0bY^gT~Ln)zYZJ@7j@!0Wkz*)u!41AkKPR-W zcnhr`G3Cd3+ER=SzxPpnqpv|@cEmT%OUiRfElJ%C0Rc@QtT3kyMh*@<@ll%+K-VbzIkJ&|3oUL ztMH`wvWx&4@70-or(xrDthb%=%D~j`F*pD?Q?~HdV2JY%m82K2BA`QcpzpOI{+$~m ztkk}*?f&23J|KR1RCw-7t9-~vMX&GqdS@AXe1vvyM(PfIz|p2O)m;8>B&0;C(YTe` zS4>a(t0r)jC1Yl8PP=LP3oeMWIH;+)M|ghnbP-DFeBCAcY1m@Vq-oDSfiS^M5e=&h V%Q37BX&ZQ)H9u!o^0!;e{{f1NA8Y^s literal 0 HcmV?d00001 diff --git a/copy-of-sdk-docs/learn/advanced/baseapp_state-processproposal.png b/copy-of-sdk-docs/learn/advanced/baseapp_state-processproposal.png new file mode 100644 index 0000000000000000000000000000000000000000..fb6012378dd580b0ced3ed6809288d9d312a2e96 GIT binary patch literal 248588 zcmYhjN6!4pvn6(00tBIf?ga>%{(%;RcR_E4G)3<{Ie8#i^tR~99cU4nXaU-WX4;2# zq2%vA0m4^b85Wr&Gb1BToH$wkn`Maq%af6e{Y{?8?LhHi@*Mba{s*h7XsDOy8R2~ z|AipwJpcV|(rQVE_3yFRz$WnhFnyb{DZc;ggFp!SZxH-%DCEJ|zfcAy!4pRPjUagP z&;DsujQ`Of{x<{~_-}feH{&*~^}kRSe3r+p=)o)444zFFJVoFihW;JK|DF6_z*}aX z`ywndwE@>4;3)YwN`TG(O_e-d`xnB2_kGh9;6*I*Zh8;l>SY?h76FFnzoGXJY;@By zU7G)26Yu>LTUz~dFD=?iD?JIw?njCFZ%Qe0>gjIn^889F|R4K_-2mmgMH022}L;wm*V4c~^}|J@a>puxer!w!`o z+}9H7oVa{9fPe6a$ey>hmZnVbfh6B6Il7i9`2w6!cv4=VojfdXvV!bR!G|QIjgZt) z=xoh|1_!a;X=0O{k2~)jjK9q%bL3!B9C(NOvNsI)Dr zHAaHnKo_$PPBV}RdMk3iLi`l*tJX8cx&uF$QQ4x(T*j2BntAqr(VyDhVP?YDCk ztLNKjU>JIUPG<3s4=#D!!|!{$PkDxL+=Z97`H9(>n*&bwo>KOZ50)@Na9xmgxvNgN z%|R16;$_)Bo>jNI4-p}!LrTp0`-lNGT;glbiD=9305Lt1f)gCLZtrKf%J=lUhzLeq zvG%r)&Z!ursR2%{i+APYfg@}J32KXhlk z&cKA*$^)-=UyrzKEfgx2;t|V1xn2JHj>yhChT8XTm3$_1m=Q3`*^T)2Lna2Ig+J@1 z517#@C>@)qS^jW0yD@d42R_!lXFkc@%e6iVn43^&Qkr4Eh+B!tgU>&% zO5rQa{9Z5b(EKuKaU)QZH$}8i=9gtcN``;EuC+eLcXj!rQF(r*udw@2HL7>%kYN}x z2sJNpOhPcWZ0_!{qQ7o)8lNdsU zn?3Vsa@XVpX}^vI-d|A5N|h`yZ&`}1PBA=_3qhLwo|^s>@FtZ>R}QiJbxs({<>(bo zT<-nek;Er%vP5_)i$QnJN9Gm#bycV&{nmmadnY5`8C;Xx7$EnsS7Y%-oHZ&su1y!C ztkEO)1IWB8RfCi?_bdo!;&|lH@8?&zRcRvPig6#z629yQr7~1|oh0_oe#-HYIE}eO zvg&>bH=)SCYciNvw)62b-7aC0E*ZFMYLaAjRX%*0*MppQJsVI3ZdQ4yYqi2K+ooqh zeaVV6<18?4u>x<_Onifn1-Ed@4Vj7z40qu3qKvf9}vDh5`HI-1Hb@`GK8tJuCWT>N|vV z^Np$g=_Oq7<-SLFtk8}!16`*k^|`?HdYP>C{HfBz3@!U!_x(8#!w&+`NRWq#D+~%s zD0yl;N6!04=tEB&bCP;8x9qM78{COnzxYSX(;f>xAsc+FJ|@;;^jgn7H}WYgkNM^|wh{P5NO{XDo2_v2u6*kW*;^D76nBTWB^nq9-dWszFie%GWG;)8 zr04Tm2Uxff6_vIW2JJz3UazePMXa@Pk$w97hhkSJu1HP!g?ZXwa>3q8n*rG$9 zejf}UGs}gKrg<0*E}D*L>_=*yNZNN$DVsHvCL`qrdsaG=BB(Zs-h9ez`B@A*D%fG| z7U){Zd{vpp<9WLbXEmr=9fHGkF)}+?YaKu-5bz-tX^htyed$U5oz{%-DsyxLJ54c~ z%TzR;bR_27!1Cs(6h-^S915U)Hlu6mb`Qa^D@5*>pQS2lzv(kl4cyH)%mp(62)$G+ zvV7iRp^s3phLch8A`vnRvW}{r>kgC-5|u3NatMBaD|=CqfS)8oYL~QD*-!_chrYoH z#~2JVJK3-`=G%J9hhl)wt!bF6TYQu&UnIDOy9kUVtFjKn1=A=}Sq0p?R8_ut;K1t$ zlpOF2>Fe=H5uLowgZUUO>#Aj4)3kA<)voa^x|9%WY`-{{y>}jd`v(^ctFaZGG;^Ye zr+OLRUelY^(-SyOfBCM~^pRRxsz^1F!8!j#VIb_!VQP$mDICm+_j_q0U0Rc+hSn!s z$28(`pM^uS|6{|y4{-PZ=)j<9hv^%q8%==^3-O}Cj6bf9gHxjQNRWoSI3n8kFwYXl zJ|8kS&?I9gW)J3XmrktXc8^zID{Jn>8IY4%EJ7plJdxH=3huc1`MwDqREOO0par%D z`u4{rNttXA6!1BF@N32g+9%H+#jwQ)>D_;;&^q zZqq=btJ}RmN>s@YO!4bbjcI^mW;Hl^-R6iGzi9PZHP=o3U~^8%GH^32x{U+t2wu37 zTQ3(LJFpnht#=dR$d}Vz*S>+>{F>?qzjDKMle@qneKXpb!gAm5J-G!_C-e@@k~-?P zJi3Q;O`j%AvyUfpQr#bADA=-#-+h}>-4FaCwj*Pc03x8OcVz6@?-J;SXkP`YeU|HKkNk@M*f0j(2V+WQ|&b^Vpk&u5tBtgDl8k3k5c z9fs4EiuekFe%L2@e!Ulthj7tymE8AU&7aY}-uL50h9f~nR0MlM!OT;caNjNrt zy1i$s_v(`GSi#QtxmU4pa&J^6NQmF!P+Zdqvv-2mtglc#`RW`(7)?E@~r{BHk#7 z!{7UM;%dW{Ki6V@180$K$fQ25NiI0#=&?wPob+JAT9qc(+7$%c!4nqVz2h4rJv^|;mAgIy;M&R7=w z`;j(CVrOl@lV3d(xbE3*@(o&q6yJWy2AtI6FP01tvOYAc6NzJb5eKo>9Z<@=1^_r= zQHr!1gGpZ*3N5D0Gu+jZy_S3niz$VF}P|Or)Jrc4$)VY1U7F82z)T zXxpgZ7(Z}ky@p>XGl{WL%DMI|wecp~F~XrUpyq6}`Q5ww^=E-GMXih`i@DN_dPBK+ zx^<3eeK8W83J@1to8QQ<#K;B>wlMB)-!`g{QE<`*A>cVHZX)H&ck)QEY41HN=V54O zKKxm>nT~0!?DQ1G7dKjDMOlUPtO%7)jc>{&4G$3|1M`w%+mfZ16B zj_TXzr*GEDc5b&YyXzAFnJuQUd`ZuD7qk_Z0Gyjv$Pbg-(t)sFvDwv4Y1&>BTs2+a zP{?&lqK}T5@hlYoawx+KMlK?!n(W{%A zb&=lQ`TFubp63EA!-`ziU!PBqcjB&N(;X^~0w$#bOMhZj>!uea7}w8XgzIS7pIEn= z2S`4NgF%Wd>`CB<4dvJ=1^gtxytmwT6!%EFP92O?u^i&L{Es)pDOSu=BLReaY#s92 zf&TqWJ%dOXv}4Y4*NF~5GW4#GA#j+@MU++o?m;NIYJztn7qLPk-`R#bEJ$LdQS096 z>iJgrJ9IG&Z0GalXUm$l>0uC)8z&bcc@L6iQ6gVtF8?g_tPE5S?m-EjItn1D>6e{ zKAR@{@H=^Id*4I>ze;AO>&>T9kAYgX*lu;6da7BjQm**YdVf7IKFjS-PdPHO>~7GT zv8*hA{eqb%o9l?CP+lWfIDbjIOc=2<06+luZJ@5knn(B?T*!sfG-!_gJ5b;$xE&?G zx*NF;dQsuchBcaEWniv3~@)O%kU{ z6{>O$z4%@Y?Mkb~-XJZ}thIHlj=?ThD5ZnekA3gP$Y>fQB1?RpqOD1^@#8iImHBwz z$FxT7U56)K=s~@{*Un#%sf#FPQn$T__XY>VTw}uzp{-vt zqOTkJyx6wSU4`R6W^73!xsqrIa7FH1 zJDP?~Oy8RM=V9X)f@X@!*#OKMI0hXN<$7WMJ$9a+_Kmu&8ly5x)HNTgiBT^_ z=Y$)Eie!v^#l3U^`&tWtVq>YqI@FVDpsfh1q8p+J1$a$A9e}c+&b+Q17oNZ;VB#c6 zJP{v62FbGU?WBcZ`Ozm)vWSjmB%Mwc`izJM%a|orX%~>b2l(>o&W~x>4oum}aado@ z8R{>~H%{{P1$hE-NPzY+XucV|d23UCzTP4~1|7diinW8}T|?Ioh;|Y4ympyu;S({i zsfQBP8y9IL`g18hk#)Mjr(=nv9NzZ9xFEFXrMHR>c%VB!9xMHEr@otU1FR>Mi$cow zkwMWIk5U)a=R3Dyk=2BBuv_S?wCMpNjB@QGM2VUkRoC5bC?J9L9Ps-&smH^#aCtNBR}12B9f zFQk`zipgWgzFhciuyG?!SM38TOVUeOi0twS^(wU~IoOIf|Jw+12`>B*_~)DlAF-1( z>rK7-QuMxVZxb@Z^92*va+%>RtSG7Epz9bgm# z#)Y0|kcY35O!~gO>>6p+O?BcIa ztjFY|lyL$lT69Y)V3UTCnJS5B#0>prb)6*Op}JC8B}>!O_*s>PJmfh1Q+fn^CM zbaD+_pi+hEZSy#%w6-M8LJU%Mk~vSE`0>xdg27CR&n7!xvO{oE&ZNPr^af>!`^$DfW!_S;e?u2_OXI21-K!uo`(s09Ph=#Gi{S?akhCR-~;JH=6fQ zXJ}Ps((Jgy)?Oy%Cii0GK5F5|LYW`1F$*Ud`XEDEE|^hBOfclRG15= z4x{72!oA}kfMtu0T4UVpYEf(l zI1B4BCH2c|9Bm`xf($|=!E%k{*tmb}>FhDYE<)|Q$_DzmBoLl{K{vWd*XMljfCLXzF-9D9rsEbd=W_-Rv@lAaUe>q+BY0O7e0*j@R7;-!tgZkl)}8Z zz223=8}SX~UVwJ}e$Ym(qrFwWfYS^W4w|*~;SKV06mM!ryP!-yc=-WqfC-iUBnQmJ z`i6bsy0tLn=>*RiZ5`UkcE6ICz<3<%9t~QibOCA7w3-kynbCHJQu!7-*g?*oqF;0` zzp`flMHFFJxlW0tEGq>67`v4Uel$s(p{I4@C4A6Ruts3;H?T)R*3wc0Vg4w~tkjUf zEhQn|K9#Qis1yZJ@B#a*&-d}Rgtr&(4&NT4*$|2>Z@*;E zmTR3Q`$JdlQMS!a1RNpvp~mi~|Ac%2*aZ|hX1HN`Y#HVS*O21=;za2q^I= z2H^vM%hEx$L4SlVo)Zk9r)4bEcwf5LdLM^#O~?h?o()1YJuU=ERxNK8xw(-p&2mVS zdQxC%T$Dkf8)PRY#`XeQZ7WB9l>ykE^6Mzx1&;#`n`9>|0;J7v09-0Z!2p97%ZL?F z@&X&sQ>%hqFbo&jTXTKW;aJJ}Zk)fIVu-Ux5ku&p@@PtLoUcRAK1RZ3EY7-^4Q;kK z4_8Ji<%{fRmO4L+Z|MC_V?jYscQ7Yo-6+5^(?R9D6pC<_+&>01KkA3LD@XNOLQEs-1{;f zJbsS&b(lw;tDArHpIQs*`r}YpUF5Lf&0Tu@1enm-Z9B?%?yXpvFT|X+O5JoTbXQ4cH#P#5c;3 zT(aRI>J0J$`i7ihpi9QXB)HI4n|KfqQfXi8eXZBxk zu!$|h0U^-v4%-6NgoqMLLmY^1INL0;CK20wrcY0f>NDOPZ_%FR3Om!ub^!#kP$o*o zeQ8tJmpZ?WGVCT4s43znLn)oMKK|D*aNy`qSlzMLFpN^G6hNv+=C5ajZgh^kuA59%cG=sbv0(3`150uG# z*0r~cO@hfg@D@bV%rQpHgd*EuQ@t0mBFLa`?ppAoK`p+O)8gP+m3PbPuYK4XSBnNf z0EBj{*;;0*rvyKRIfpe^8&pRnI+9ze;rK&+$JAhu=Am{1-)The?EC1z85HV7m)iF? zN~^|OwS}*gzq&es$ztk?Ufa|o$-IS9=l4IAbwaXUUCtN%U`u9$Jk7hjtB4cgxGe;8 zJNPxkcLW>`jhdtmF8Ri^c%_s!w-OK^0WuSSz;rpV6$3g<8K^J_L`5@212`gx&JSP~ zS;Za+C^kU0@B!LfO#oADWlD%gkm3-D2V1#`-TR>xgBC%}5Y|O2(6oW|G5BN`M za3KF(Vg?wsfX3|2T4>j6($>_Nt_dq%_|S2A53s%^;+1 zS?#S_@^=QcFT9W}8LmeDtmKF;$UKV8p1siAwOIn_2Et`yp@h>*Zm$E|BY) zbU7t*(@8jlM2LQ_+nEsQYtRIR>D)ez;+IA(rJ=7or{^$sL*T-+I5kKVM(;>r;wc)@ zjK(&>4EobU!;hOvf!!Ih(qzmfe(JONG=6SHR6GgEOROMH;&aQDesk{{ZfhBF;gtch zS^Fh$H)Td;O)?>yy=V-Q`V4@Cx|-BnNjBiP@g=G;nGz(z<&&?ht<6X;uI5^NU~Izg zdI6rq@V_{@Bz>qZfRU%)bt6+c-VA9fe28H zqolpO;erVY--rZcJhT0%^7`!b3-=0Nn^&AyKDQ(-gRF0vJFg#r%LIU}PL{tY7yroe z(xogr^+qgFn-hy)DWjivW{8TnL0%8yA2hz6N1czNXVo{Rldn0y_oz6B zOr68FY;LAmV`aOaD9~%?-Ae#EZrkq8$Sq%h1l;uIdU&;D7ma&_qi#U^G#Eu*yxnNS zq`KKI5mr)LQml*9k3hi3K~bk%fE8ej0NypIH2NBV|&zrIw{BA6qH=N02N+6H1)N zTnSl$jsy&s@QV<0Dz3Wqb=yFJe$`8jBZ>{l!>q1v0FmIThl}ks8Ycb0vV8I`Be4-` zRXaQb@X4@PA>KA>GR0YfK@(=Zh(KmH!-*JNh<1e1t&BEw)DpCrYC{P?;;5I4i6&PK zh!xiJVzJCIXKGt{#>(FhD5XI&x43?mw)f9tL0Q19gB-xv``?>mQn2yCxn&7n#C5>E z?{0$vE!PLqb<{f8tI&<+(n`0ZPep?$a-3t`X2wk1Nt9>fXS3!;)TpguCU`<#TMbbY z2a0{b3RSul!vqjhEaXzksvFZA&{0k$FZO_G4PMX6wuT9%Z(MJEL6sRDXuSRuF>(JI z*&tY|@V&8=U7p_pXsTOy=Yb+(Gj~l+HAoQPQm2zT0Gd#2oYHP+TXpCuAT=1AB|I}#RD?qSo<&?1jGsrD#m;*)W8r}1?a(lE5}3|9Tle!LOj@LVhE_IHBn~N zsK+Q{7OCE%EPVt=UHW`*TZ}Y&wlNKqvb28M4IGr9ML&vnJf)>CgjeQSPQwr$4gHk| z&g4{HJDA>+7^lFfmPBk_6*&@|N*d%u|EVs&RIXA+W19Ew4%WZ8dLAya@YpZ%Rvxq* zBoZf3b5G#$Ugy)*wA!!BJ~_7!&<0gI!QdB1=%+_8=mlEgvWZV z*OI9+fJ5OUpMYNh7x3ibZpWy8#t?ep=-EjHdR_E4i{Tm!)52W7Jtu-5P7D%o+I!7k z0cc5eR{Z{cQg+B;QDlf?9_dUDowANIsF4T@bV!#(6e(OX35<~HClw3G0}2H7j#DY# zf0*g3k`vX%>Z;>Uf#Lpvx8Du)FF+^_TA2GDmqs)0JAVUsfT(zVG)T?vqVPKUN{(#P zRTGGg`rvi3jcYvzJP%;}gtD;@@B+3*IQ6;}VpoU<#st20HWQsTOBHY;1L7$^NE8NX zEy#*~bgnY6=h~;nEV>hFFaWhJ4EccgLnGkAE5_9ui#Z+*cyCtvoeL9c;&durLi==( zKJMr~E^C(C_$Gco$V?4{;cp7=AnOZwnyLtb8jf_Z4lM}UMP0iS>^DjMmvTKb+eyYp zAdLMXum&Lc8)XB+&J~vslJ56*s%FmnNU=&ECh0qQtTz>^Db&`#5iCG#&;JZ@Wb@$L ze>lqfdTIN!0q-a51;nEnkaQ$x%r(?xv~vzNXKtqOK$pWx0_J}Mscqoz+=h?}gEbB{ zt^K@bJ$$-LwSFjU8j7|1yi(^k0tI;s^auBzFgz<^W*VAvYHztpm_q!_6AF_);e3rfP7EIuWClEoV15hMO&I`n zMrj&b=<=clCPY%+DV1+^hMzt-QpUJgWwG)po~1YAk0THZ1vGdagn&12Ol=Tgux;-8 zU|Rt6tfVxV=oq&bM3cYyQvwZECw^7nYgodhHA1Vm7ezkV?~1G#C`Q&(29dG-d>HH_ z$8s{9nUH?oG5mG1-kS`@ek)P|tonK{*$JsN0cDWyfR~AudBj)i zQciiICFr5>Y~=SZdW4z!rNP3Sv1d380a@0;e=G?URNj?Ff-ONUngV6L?78!GQ|V?L?dmBs>zBLu}By0baEVPOk3obK9uLXWlB96~-&(%{C@N ziE1vtE*8ks<59%NAJ7!iLL|^1sCNcnexMo+p1`8LosFe1WIskN6aX7Zd*f*jO#_A+ z!~QVVLfH{u{oPDIkR7o+E5(vTIY=1@KpjoS_rn9ZD5kwp#@g*h4LnWDuuo~B+zC|F zk3L%1r}+_6Ssi_R`Li=tpf1ZcoXquJyGoek;lY(K~tXu=1Fo6*JF45CN;CDhP<;g217@;l~R_U&V{czOkCbfEBY@Ab~s(_9DR2X8pq~ zrK17|1%xU1YAOLMWtY}Xo~)C|HLIwmlb~kVS|G--9H-{fpSAZ}K~^W2SRO4wU5_ z@_?%Y`Jdi`1s%5C{7BxQWH&{N43OKcI4pSraQ~g0y#2by%95A{#pFT%t>g8SY*vLP-^gh`qauM2BcETN4v`#gUqYpIl%6CKd1^IYqTL6Uu1}*|TSdzH;8pw4rs_z4k<43$M zfy}=E@)`5~MjMbbX6%Y+@k9eDmJMLwd)Psi(2p*^-QfOh+=fXiZ6mjaQ` z7En4k;4BR}{l1xG#+$5FNyRyB3I|qq`Tzzh9L7OdyH5(>%6Z%Aj1l?_F;B;QXt{*4 zjBaU`A@s;#wMnxsyM_v!6wI`Seb4azz~v3rL?BWag&_^fSXu4*A5AY3Wx4H)+G13R z<1Bw;=tsfKfp)I%@KYh39zs}0L1CnFxR!b^K6uRy@E9~Ks5Mx(Bf~&s;R~BaqEk`G z&pCQHH9Th~of82_Y2Z!SN!B?Wup`p|rJB5PW`SfT1iYMZ*O0CN;~hEgSHGmYV8)b; zRzPOFb?zhq84engey%v_<{0^~58f?d!g6;&t2OX-mV1FY1DTE7tJND!1(YY0VDK1$ zSk>c>j5lzrcf|z79SkGP8%91s!vX>=TMLZL@i4oB3C4=1?yzHrMkhyegJfc!0c0sv z?C)}>Gs-@M$We&oOILpJxV`ysesw0J@+&27dyO2@ z26hB<#Quz-G}jiJys5R0?+@XvQ_Yvt@Aamj$Q?wo3`Ozx>41X6q)Qu&2@CbNIS zT_yxNE+&w8bLGeC2M6y!b!eOApPDtBMtMLm&_ShCtBCy-xcV4=vpYZpM^KHPMIs5y zrQUiVTm$PA=z(-`3%vO*z^w{9Ee1$RJ{p&RRUKDU89;`Q&Gn1A%=x*1`1qk$+srQF z)3$sjdvMKk);xdd_0vUE??W6Y{%Xv`VhhAmcG$drI{ASFkL4YycAot0cF>#x5WSUM zCkK`}!oQ5zANvd|NviD>T}AV?gDrTc45&wM0T7M48`va*PGd3V#UyaWuQVT3AYrLd zu#V6c;RZ|tiZ|k925ZCKl$d%v9Ia2L1BFFYN*K+TmUfU(5PoqO#r(43w|pqrG;H>% zShIN)QxOUL2e-cx2i9nSHJ-ObE{S72A+KQ+i-r$0zp4KMXY?-sm2z+%0RkoT{VcN( zyay$1>cM3Svjb7*zi08a9@rZZdDNIYUcnlS#A;U?slGe2gO!WSlqx5UL`AKCM+6># z($G+!Cz(gEexUY$M{!h|l&doodsqvK?#vT|TQi&<_tmJ+qF@w-{WMqm;k2_|B05EY zOy}feh1fdniyR>Vl8F^8JO)<>j@%K_f5$^}TTM0uv3r)xs9?ryJaj66^<-Wex zdZu)_?;>GrWg&-b;od+Xa|_2u=tL@k(j+V`wN&VfC_dkbX&Ym%;~_{z`0%qvk}Xh~ z*z=ye<&JYzCBbE6w6;l5hX=ojRHUgm^7ounm_0t|1EoF08Jvl(-<%QoO(X(zYNWRWl7*j z@VM<%+@lnyukDS#Ov5N%4xj2IC(L7GUj$dM8J6G|4F0;{ng&2wuvv+TmBMb}9E=Z` zl)r+PzhmV z&NX^sX9mcb!4wNIo1J^J(%{tgQ({uPjtRT@kUOo?E^6fT(v*Imf%r&I(Tv!Ob~DNO zC6H}IqJ!%Zx!aMNOoDQ!0x|kG@10{%M&vn>3`s{8R^iBePBqTJZ7nVQb z!Bm#L(+~&1jewR@nKP}{&p?|8fi=ox@_YNp2Rg*I)e=5PvyUG5Ey{!BZSSSqZ^IsH5U`cMpayE? zV=;s_%8aVmueJ)mP7yGO5SW$`{*o`*$M_wy7RPydxAMAYgSuL$!fZisfd5)QT!Q(TeI8U%?*~>`CvD+1 zgiBSe^nvjPH@rVEmVrewHk_n zI5O+}mgvNhW5Yl7A#jbOam-dROK+ShGjPMKxDCOF5}vZg&23ftB;+v3=At)pkL_bS zBD^1h{185l0|GZca}o%->-(#Usgdl9h)iIyk0$NNn*-Gc?QG|$|CH`2zaUesYWbn@ z?_HqvRG)f>Zint;`i)Ur_RZ`X{JMyeKz=n^?_f;9P%cq<;ty&CLv@oVeLT>2p@ZK( zi7m;0z#Ih2qKi1|4M#dFb^7)DeG*oo>7V!Kas*T@@*n<8Yo|4T3adh`kYiuEz*7p9 zCbQtz94P)|Lem8S13C~2{C-8suzvJ~K@epnY^x!u$#Qi8!_4~p#NGAwEr>mnn`(u= z-{PeA!2}SyL2YD$ED(ZXRP1P8Z8M@)EsH94aS{51LIxZw^C0uPUm~RO_ydw#sUe1w zBhg&qNj5EiX$-0%S4Pr2_>Gg9TdQwMj;P@bd7%72`XkIindY#b(F(IYjydi(sQ{W^ z20vVo2!kh=V0GW;(o;<7A}9=aquh)ZwFY#1R9dB?h5`it2kQU;+zcdYlKS3>kU^;Vb@Kr-O#oK_AHvxKNg^ zz`~n)o?IIg=}B0{Y7`!biNmmz^yB^lwOXT;IA+&N9sIIMwI-k+620udr9DYocy|pB zUuLcYl@J7I5caEd?tu45jug3ugb*wqo)Lou|FYT`u@9lb7I|E{;TK5-^%k#5F(bgI zdg%{rHY^?}8GRA_as!EtAjJ`wH5FAR-<9m~EK;v%g*S8M|0U_Vwj4!b=r57OBba0| zCi7-Y4km-)>qqpQ(>vSkfH72+RMHJ^Ao7Y-38!|CeL$n%A#XqA&$W{1>h9zik~68w z57h?5Sn>m&6-RyF1u{4$y<1Ha>iyTidK&u4Bl&w3OgQJTs;%#BZC}DCuMmg8>y|4* zA(itH=iERzds?w5ajW$1WIy3~+~KzReU}jLv(KLz5I|7_r!Ma4@TnWOaE0$j#FFP7 zUOyi4vFC8nQ`+Y1C&B+1ykn^=Q3h{qenO$Y@nXSN#kg?1!rmN9rfag}(2T8+3h2?^ zNF4OTg@z*T$eVi{4)VUiQ17BfMLjRQ`;~0+H z*_B@6Z=pI~sg|htQO}(E6xH@(!>@0e6_ikT1h@8kG6l`fWY4exyxnA*gmApa%OisN zJN(={ELb(WuR8pA^_@4eA^yu>VX~P>t0E&)gm3ewoaq8rO~BcJ&nKIBlm-5mI`3J5 z?elIy?=x;VQ#h~py`!c4P?`#h?fOB60`JYD2N?iG>K&->zBUvHMe9UNt?E4SU(QlLgZuX=g+ACqs?zbIDnFgWjNUY z*MeX8JEu+%PGbI=a%dd<9?|TZ=M%#na_o1I=#e)Q58~nlv0utZBAI!0;2BN|$M)5* zY4a3ai*Q^nT;eDT5G9R9jWtGv1*nGtRJHC{{8y!b0FtH=HcL?a`fxKSFiaKmZ0cb8 zyzOFLGrn_(QlJ5KC}Jz#I{Wh*nvbO_3vBav)c@4DYAPxJ1kkc59}z6wym6EOwy3lL zCW3cBM)5GL=qcWt;?QveDnEw_qwew59%2%0e-QnX*{U$b-xxA#v(_& z6?LS@RbbBp6bIbHYIfcRrsxW^y0-5fE8u2QwsYdWY1p%C#w;D~M?9dWNnP{ZK?CSEFi`OF^` zG^y^$Piglu%l<0&OFx3(u)HBHisT+hAzfr)%+oBeWE^nYjx9LwP}M&|!X`}S z&h(WOFDDWYXl>r9VMesP-&k;V{0IK)gF$~3Yt9uYlzc)#`UR^x_$3!5d29bxmh~>b zxv8vD4FNjlkZ#5~Kxg0kOOz#JX1h-@1OmoW0T2}1&>K#T_>4%n{k>$4pW=7oD-BIQ z;-nicJcFBjZ;A}HxR%BaNKd(_xsYZl5+0Bs@XTxvkhw_gR^9o6bpa$J2z&$d5-R-8 z$?xmSo<@F`VMq9Vr5_Jzdj;G5rC9q#HuhcZl=i`M;gPb2Qf5N3pFH%AljlF2aY`l> zNbNhyMSHgWaP~%hNb&wx+gt_HAO7#3B?`EAG(2@jG3B0mK;s1^s^^%e2d~}in-4_}Tne;0my@?8V=Z7t^p&@?IIIQK>n)Dbm{-xe=dZoGvA`y~Ji=32@LTD`mL<2ggpyKE#0I7yF2f@>*s$SEn`cfmJgQM=jl{Jr&LY(E1=XIq+W%VG7zMyTh1Ir()fE}F3Njs|@-U+xkvTz`YJ!yubaxZdJ z%o_ism0)vqKf@pUYAjDj!J#pY!ZO@xFmZiaTLsEx4}FHekOMdh*X#vJ8xQz2NkL0v9C4 z($6;KT^&W9>+{~k#kM5yY&?K4(oQc(SxPv24|m>yC-XbJ)NkC%$k*}}MR}zmTH(aB zoAnmM3x4@jICJn^2yX5%c%S4NCB2NnU-^R9TSe+(`&fS?=1?aop`t*iux9Zgkm&gj zscHUhk;W8ZXMUG5YNNXzy~zwwR$hyr7g5(%Umj!tc(f=W^elHn6#;I0VQ{2s#<0y- z)4%|1SPJDejsb|jj-K!duts${bTIkzjm!}S>lV#-9z5>d$qUf$oJ>@$2v#>3S+obL z0E1Eh*iURgr|&}guYx7;T=`cjzonIU5%lFSS;KS%lJX~xKB#>qh@XTiCn%;uJ!iOt z1z4AF&CZru!=W`SI`^Vj!9I5@cKD6h_W`-Dy4@5sV6x)&)yYqodG}2RSa9oZ&07WX%mgnhm_*b0;@5vi?e|)Sl&+a`XMyUg(-MldzU&TnQu`p2 z7F{4hOR&e3B<@v$?n9UKn{77VGh)KmeKe*{7IjZkISP-VANsNsWA^IoU>As;AYZA3 z_w~M0MWm>f6#DTq%9I)|nIv_r@4F!G1!p>9p#C+onK zu$IUI5S1~c9U7$*f}a9$Cv9B1^zQ?bv0Jba(2<-X-_l;4Z3&%VTc zDd(b)7=Qx{R1GSsAgM5irtS(bv)XMaQV`GB-sYWGP&fd`lFE4%Z(*2(R4OhJ5Phv{ zbvpOp^7Dzt(B1{6BBun8k3P>TfX0iCd4u@d_vk>q7A_C$M&MW~(iXMwLH6+8pCw3b zPkkfbA*H|@Rseji{4!;h_)z^AE+}wUHM{E{<9UoX zF7#d^g)n(Ud&0*0ow1d_q2BL{YH2Py^Pj7%V*hnzQ?nNlC%72AgF%jrGAaQYrvrty z%7emJ!@aYRCp?SiMN!H26TR;d{K%lxN_0ueK7}Tp09_}2(8)ERl=+02#uITvClnI# z(YXDLka+*@t?`e(M?4#Npw9yHj?X_0WJmNX9JKybU7GpyYX*b|jdO;L?e%z6w(NZx zBmw4f=#Sro9d~6k;ULfs?RhSN-tQ(*;uACq=zi@pQuCn%a(O1a!tm*jwHd1Q{F0Ab z$XLR|o3kRdi1Tr-Wq_SEylg#}bSZQY&9L9!o*fVVD4LvLwamnli;dO~qtlo5q!s!i zGAQF>R5rVeBXC>&au4nh0LBhSy}zI0hsv672iyQyGP#EcM3g%bf}bN331~L^))^JF z-oN{7tTV}v2fyG#)nHSF!pQY++zTnKVfWzN$Yrdo5Bo!L)@%2$){cfViY018rpSJU z0{bJ2At?CdbN_Q19D6JhnPA_gGBH4Ah=tW{2~ zAptQ-Sr60W-pgjDv1{$Ob{S~J0Q~%M zc)zp4{KbPJ@F%brCR)1I>sr>96|4|wEm_HnIWL8yf7g)n!mJA*HQ>(PHa+zFI-lgY zxHB9T-3v+hW9U>(~Q zP-JaXB^L?v-T&dzJbxd8Y;n!jDBjK`6xY`%fTaprC3jd{WQx)f6^-pd6 zzitc@cpB_>B%cFpzVasTWcC1^&Jp&OiKv*z%LZl~KJvnvQv9>@$5AU_#MYK3Eg#^W zuuyTP&i6~OQ8!UCCj*JZZWc7sgvhsDD_fs3!zlaXz9~xkAsn{RhaYyhbbK$K*!@Mv zY0l!GDn0DuJep0e9!0_$po5h`zmRuQS`8&=HP5t39=~LSw($7FPmoB3q8i05aF{;- zUKQK3El(TI6Ed7jHS0oCOQf=zT+khv)9+c_{yxnN5tFBLkV>M=3j?VZ)}qqOD!N}f zrab|O04!Ed9fmTz4zKT5tJW8Il;?e)dA_K(lpGPHoCt!Bj zFQ8e}`%VG#dIJ3l9a0Ims{Xdplee>2&x1fAyHwPj2*aAl3-96*nu_!jI_hsBb>J0t zC9q-L6a=9QcmGZ?&B(;P?tB8!Fu}%Beu*|czET9b*q;;dT!MATbSZv7zDg`5G(-LH znJhH_VsW~v7B?YcRg3h!Sk|0sRQ$yg?n(k7truuXnd20F@!^$|wZ^NMT+8!H9Rb2>!jx2jhn}fGE=; z&oOw?pGM$D!iVSXxPE3A>lDp*MzDpgVpKoY#;$9XVzo0q%%59 z9f$IpOJ@l;oOcKs4tt6#smTv3Qyc_s-3kz%HJ_2Ykqw!>9kj;5_Sur2G4goeg224q z=%&-4ZV&k`j-6VfB_iMeVtL;7;>g~WU~nvl&T-+WmA`&BE<#h~Jzcbef{=I6C{!~{ zpep)D6NwFwIxeoOuQFgP$$V@f`YJ|`D*SY9Te7}IJqKd7mjy?aO+j5>HP@`830LzyfB`yf^F&c$Mq4lk51aF7Nmwd zqIS|(FOV5X(5;(I*a1z67DAWP&%bFs>HZ>sZYpgc=WoApQW9J4wS9f>O%>V^2D4Yz z6bcihpM8Pv?hI}op)HCS3mUMhzqKriE6wAW?+YFDc`d|o(5+ViaHS$HMG;InP`Xs6 zc^jxW#$&GQ3QMsiERnoud7*0N>zWDzz>EUx3rDNad{HYMPSkJDRpAYXcTUI z_=lhIo>G#fpeWg}Y?l)J`&tO{TMP1#3-iFnoAkR2B(LYbI&U&jfLNbn*y~L~(BMf_ z(?MAg<>hL>_q*2tRSo!m=J&0vnLZ87?i*dpi@ECiKq@(brA6o_*<)SY7YFw-zxVL* zn0tVJva3svSmZ^GFkK>XZqzbw?sI56vWvU#1Jsr7rR>{+z#=_aP!1fSr=60iW^6m3 z?#8P{(--4lHZhlaMjq2KjmQUh!F_c8TH%qI7Zc!)2ReIu*)I|0Y$`}tjv$jD95tPA zv#)Z(yms+GlUT0f3AMTGh6hJYbA)ZL+B6ZlkM@uYzGjrxe@3Hu93?N`}q z8l?0RC?d-P33UyggIq3Pzr)!*XyD>B`OQQfsv&rEt7O9q(mYo0DbRaz2jvrIIwSy} z=%4yMAAGR;aR>q#5|TgLJl@_MD6MnaKIWeL1OEGc1EEX>vo}o}de3CgRw}-h7K-zo z-}mj&jShCFvvv8lj<1EyfJt6Rr71wp2lqw(L^hZ!eFEqaR ziGn#@jCkg#x_;=3YEdId=RWU6oz9vso9*V46ok%YbMj|Ft81$5a1k=`6GJiZ{wBfx znL`WLek13l;lW$E*A#aYWV8!e22K8Sj#l_>J2co(7px?`aHJ-t+9 z6Cfa@o|>`CCMzh=)g`EcG|by5`w*#n1$D5uuAGS=1n>1h5}kZ*J=A>pIBM^U02rXpnR0aRQ-v`8qkq!b+3IeWVKs(g_H}U zq0(NmP*>Ck1^<|F!A?%>F2t#Y?}zlrw;!lOHsS)Kk`M1wnH9X1QRCe_L0t9w?drPu zNFTrYL;`#)f4hr(oe-NdnA#879!V9W3>$e>ALC<|$bu$Pa;lJf z*eVB<85Q~md`|}M61ha|9^SK~HBm&>E^#b+*sLhm2kH0oTPM2*lYE(4A?f{7nF5a8 z;nncE1lXhsz_K3Jp<-J;8OnR7ns-?}E?QV$-P!Qw8>%7_VEU(--HmktIUo3f$vr4Q z8bz?dLnHswj)j%&8Txx$Vp*a_8=~?`bdp&#RhV|FcbEp)X$LLe^8uol4Bt`S5IXz= zrU6Njj^{Sh%Q3!f6C2a`#9N$#{Ko*P({9NhC&8AD^y{qw zXoSF#eBJ3Xh+BWJ6MPoncd1jIjIxq(tC)9?R%hhV0$aLUOT!f5-!w$Nzzdu|eXpRt zHT*B=AaoN1lq?5LHjQvam-HMw{344({Xi3|FZ-35=GRz-4%szuc6m`@_qW3pf=fjC zOX55uFA2L0uoUxyA`4%%{NQxzodOs*Xg2;?LHU4CC8{1KE|TI9yB_TsKhvaskJwLn zgKYz>Aa{ypm4LOf0~@4P`C!yzy+p?0v~`q$rt;#e>{LyTvf%!GN8tw&?^M%d*MzXj zq8*t$ad0pwWF~_ryJs%Zd zK%$?^4q8+iMH%+SgJ>6U+UBM6P)dyl8-yHSdvPKvRPysbzSqrYY< zU@NTDi>6;dnTi9`3Wc$!A2F4X+Gu3`oF2i3myD%y3AA~UpF63shE1<1>fQ?Zok7`4 zB6nK#?2`)bA%?wW_m1;HR&;L7gu#J5)J-jJ(>7@?%Nm5FO2@dik3yhkEQg-Uy+OUa z2>_n$nR;hoss_iAPWUId7w#>^-e(I9#Xnd!H0#BnhBk?%%3vDy+8Y`$FH`YT9~8^_ zjNJ%Aj8ug@gCdF=&3h%nG3v{`7xynNuUtfYL}TH+jI?oSImm!tVGA&JXAb_F)9w(o@qok729CDGcarNWjeo ze0yM_oj5txpHR5{q+H~Ka7Xd!;=uB2scy&;76B;+=t9x#!w;mFc__q6Jps_MHf|rQ zAN7#2t{!T+$e&CXlW`pa6;J5hqp4(p>kgdsoqhvCiH0H=eU-8obsYvmCF4mXG11oZ zs-%_T$58GhBXZIB$Irf6%ABrH_Q;m}Hr>2}T=0CGdjTeNxt=PEi^3VBcgiADVxZ6a zUK;z<6q-TDVfUbrX`+BqHV&q?b)R z{QbVy%jDpB=!2s<@BqO-Q%RJ_26JHo@yqPd!6cBIZz7mx8@351hbw#I$VoQm-BS_wFeq1JMxJn zUjE>miW?Pu;TGw^8@!x2#b zEAKtxQ2bCZe1YFco;#MS1KpGqKPxi7BkgmP=F3O#xiWlo;cJwscx5ivV!Fh-j$jnY zEUN2k4%)V?_N_xAT{h4PImK_`K@hwLcqdxUq!v{Mx^5Y-V*pk|p_utiLc|i4)*GR% zpKbE?1<~k&uJh#RB5|g@<{N#M09wg~HQK_hIK^A)+G=-dZj|L-jr>+P)*wK>fxlOR zN~-zy*_N=*5Y?g=VDW-H6p)7UTBENAer2;rZa~E%l%d37mcqF$d#*md*$3Ap;O*rf$Q8Z{V+U04j%~2W@WiO`NNAY8SKI-sd3~@S zwNbiaj6XF)G(5MYdUzlD3wtEAEBv<2vFOeW=&tGvU@E2-(0DQCjy&!Yj!KG>55Ty{ zr>1Cl1#;r>Nrv6BoMVM*S6&_diYY%>uYMEDEeI$9gL3gjS%mM}_PwKUI|eSPu)*m( z(~)>^#eQe%^S%CSvJR!WY6(Yl)-rR={t>J@poV*BL3ByE<>l z1Ys^$zf~rAWS>`X7_1v9h6zD>-}H!YM`cg}918dl(@Uq^zK&S^#rGKEJFx&_|Et4v zq6c?Ay8}8aEJZ68Lc!@z%r7}4)NCxy#vTEY{>>v$*=Bo?#s=@J6O_2`^cNImTQ1>Z zYe*37bkF(0W{Jt%W799m?H9M;C+cAjfraEx6hLzj!_W_C;il07po0~REh6oX#DHuT zEa|1o38-$03shfVHQTa4{a7iSnyJQ&fI!#P4s;#+05lAmJ2>@H&oVZtr$3vCBe5p zHrM&~IZNQI-3`P0#S(EL^BYulov+}140ifr*1fz7qbd-ff^#p_UZxJQwt+r$2pbCH zx4yxLumAQ@{78mIHwoBmfe|5C7HOdlfnEhmz4?+yyn_u5ydP~ZfK%z*7Yp`aesjU% zaYm+cpwbPp-$@5D%4sI;DZKOn2_n$BiPZU48~K5fimrbz^{ac@Zj0cBAs2RvJR;6X zxn=|4W#vfYn~=LF%JHB{u6uyqy?VgLFi-hF+He57j^!*ndEatkchnAz0FP>lF9^8O zup$=Adl|@c;Vrjvk6YW47b5Tsc)>3(Xk2r~62h4mUww}Wq>^nzXdkWkY64uUA$Ch z-)9tx+W}I?actI;h9ux?dqscS)TBzNCHTVTI3wZorI$Yid7VGqdk#3T zQ8j+$&s{r#7BTzGKZO6=!+X85q;~{XNs4*u7r{2fX%8U6x3Q)fNnq8rKobp|AuHaD zic=$g184s=jK2_M`1W1GT$TPHVhmu?0GJFZ9I#H{!P0_q;TF%1rWzA+9l);+PT*@` z=>`r<zd6QVNexU1SQ5Y?NRnu7eZLee2>+{S{8k)nsCjBDte;~+s z$TKLUDB#b=!@i&2+*7We!iBGgIAX|&ptHs>yvM8Hl$Jxe5NJAnfm<;s<7Et}EhF%z z=b+n<<@!B-K0tOs+am-6tdn6tMSFNQ@p5*Q+6MjhJgOH#uei3_`lpPbVTBtrM@h&S zH%UChhW%b;1J%>VHCeeWEjMzv@fS$`ezL~x-%QMc&;Y!K-PgO~ z%<3mrG2?ydWj?A9sd&|!Z59q1Yl zbU-fgduFi6^o6(qD%Q|s9E9dTv$`geP9<%l{5{FCtASdUJ}=;*?K>T3F>nI=AXWGF z7Zl6;(Lb=P-%>n9K2{LjiF{RhuwwBa`{;-dASKXwaqM(Lnip46SjSjOV?5T$7fv=J zR%$SsC`tGIw{%i4#r@kVRF8XVtgcL_MPVcP1fh!wtJ!R zRs(Cx&%k1+%8~6U)Qhcl!DSSizRwT1)F%A*6^knUda&L-SOYxS!S7^&Z}uXZ2Fkeb z;M5@$G`#{Naw2dj@RJnAF;v_};+cI41FEFaH>q%b1Yu(8n2W(bzDLcJ0PfBj0y4UD z$>U0KTF?aWWxPr&C*DO@{7k2S%W!sC)NUYT4I-iauFNAg4e94VxeZKQ(-gWciaN{W z6Lw^v)IHEEs4G{RaZf5Wxl^y)pp{l$?V~r|MOi;O01(db?0u(D!5(Gc$FQ&aFA$5E zpxRyZcIqe*un4q@ghm8UM)uV)Tl*Ouqm9X?ETR^=ZAhU45#oWuv5?_&7&v58k}+>l zKffgqk8)%d`c>U~MPB!&%3_o{=Xm!$`U)Yuh`o=|R~^=NCSg116`V+5|1O zhVO(tDeb&$lJ@21e}iovL5dHxGR=NRRVRSv{sJ!BaJeN~_se7roq)a}q-Y0(N>{F{X zyl(MFY16>@%^uKWwJ2Y4r`ND(Gv#md1RDwOXE)N;qylP%2f$q-a2K(m%l~~F9^oXw z8k51oHmibrI~OpdDa54u3Jav5I`v+}v{L^D-yQ@qEmu0+TFJJT4kGb5jAqGWdp$DD za`&wS>E5}l$2fRWf3h-8-0aCiH3!POAawOfSDep|vLH@zLzI4yU~d9Y(9XpWg#+w4 zBc6$p_(SVJ3odlU;{6qJ5$l}$9tSBJn;>RLCYDv}zMD=Na=vA&|AM6fz^^RrDBdK0 zndUW`E0FU6ZcKk)v^*fe=lKzr64;KPI|G^?p`OvEk!@H0vYtBV8)PQv|9%cvRCie0 z4zl;49iAPZ4PJhajjjm;z5(OPXrL!Izvr@Ccj zrG`R+cl$%UHd-SFW4$>+;EOa_bjGA$Aij+zBZ+h&M&je)L69)9)Uls}lMX@L5nPsN z1&%4xjCU)Cz$NoXh&+gwy@`t``T;n~(St+U$#S1l01~z4WkCnx0s~-=2qzaPmk%-b zDC)V`68JlV>7@ohq7WnkU;FtMfGrExr{LKHojbMst`ty!&vZ6J@i}5`L2pPu+!MF# zo~Jc~RMR@G(N}}yaMee6LR!#gSEJGOUS|bhMiW@>whd*zNfgjL%@`**?*ZZKc_fvnslb6QzcRff9q*0kQ4l~&O>)jpCR-S56Pc^3X;^{nl#r0 z_Nu%(EnKZ(*`eL-ScC%&cb>1j<(2^o$tv$`K-kd0mxSw77g<4ojx>m`Ceo!SljjkaWrOtem$_4nNfq=OA#*Enj znf#O)Q1V4AI&0Gr#@^kF|5Jg2!1FzI zU_=-qb25WLDpZkLIR|yOss8#~}|M_}`=6(o~y`7whby~`58$O3~dt`xPFz+{?Ky#tzjQkMw-0RRMZz`FP6dB3Ip;Oh1U*j!4i6Mf(n z*fty&q1`(04tha@1ioha!lK8-SKG6yVS@#N6)YtK+u$mf6x^tT5Gq++w}bIeCNzqb z$-GCk;vg~oUsZ#1UiHZ<8eM@77+4jYZiBN9NNaf+kiHN7SH4e>4@pzrod=-lCCBXk zKy=~!Hj+AkR4Yg&+0xX>vgqHPd(I1V6n1la%b0QZ(&?FY_x;hc^>^>cl1hhj!0*-& z`;9UvRK_kOKaRamcer0{^8obQcf%T(qc0b{tQZ{gvtLhsKC}QE50FG}p3Y&+lv0YV z74`s2MCP`XOaJ2DWMBz0Vu60ZCK!+9ER473Cx{GqTLdycLrK7e9!$ZKh~?h#v&@?J zi8H5R3(`1&y#aGn{ObUn5m2%XfD#V4Bu(Q$hsXsJ=SkQeFS-gq5#EE%m;)%&*OKz> zJ=R=E3qPhP@QLrpgztO$YNNTiOHDXS;Lrx#jn^lhZ0>%shg`;UUDm|eagYk^#x|EB zn*xn9V0`J?yxX9uW69tf3oovoMD(l0=wNy0aSTr|teNI{&k{reK?4fP7g7T_7btWx zaBKHqEq>j0oIO0jL;3&}E53AaHwQEi#fHw`jxT*fPFyd(Ehecs4K~eqO@2-$AUltokduHO;&Zqv?jF;-|wvRW#faj3qFNd~(VAzTe7 zs=+46XxGI69L_nfJ)6+ zS5r~%z#fM;e$%l%5-^fug)&@#&KNQV6wQ6!$Tip(0V}9>FW5(3pSbB(%(`~|-dbn7 zqazw55c-+2b0_}El-;A$Z&#W~I+J3u4^Xf)>x%)oRs^CYw(zU=(m|t&Yf6^+DX8hU zq>k^B6)qt3jbnriq#nkCM1b_%yy;%1<1Na?KdW|bpx2hZ^4GI72myGV7{qRU{F#q$ z1m@G}{Pu}%bwN{aBVqfjtCk4F7dap`5>)*#@bt#W0;S3~Ak9-zg^37t-wnK;i#t_+ zvA+Za#9rg@9=-Q5IVs2xk*pym=#J3egqFz>c_KL|SQ5$WLp>0Vc-jnje4cBYG^PMp z;dfnlh`>VcOe8NXXGz+vG@i9MeFxvb5(wrd7XN5=e!r4$oOl6b13wRfYfHVg=wVNZ z|12u{ROJdJZxJ)ia7DHz%#XHtk=XI|8f0)Cn@%`i+v&+=Cc$e_Vbdp=FFj>12Vb0g zV*xwUki0#X;FB1N*`KWs%z0%fg3PqRXdOCXi{3_OIX_GbjB(wxsG)=5ZvMGC(`E2W z-;SvaP~y&0lLYxA9k2$peDoMR%5CdC63Zl_50ICH@pHNWXUq;}#W71|`f~?A#v9Qf zGT_R_+P9Vm5A@-8OF2KA0=q;1b~P;LaAw|?!I)(55l|5czrWycfD&9h<=vpW?Wf!s zc;jVOs7w1JNm}2}N9qC_Hq1h}F>)m$27PHTEPL^@IgS8;0B)7-wsoAUPFRg zbTv@Ao!0|Ubgv*2>R_$Ksiw|Sgyx^;qI$z02v~Tj`%*~ zW@a_v3w{@UbYmun9rKh_;{{|INY?Kh#7|YWcuqIZke?o>@`YXA2&TY91}H@^aMXLc z)gC^k^o9ANHK5=)9#Xd?+7RPdw!Gj1(hn-xSwl|KT{D@<(zvA5ViPHDDzQ*G|6C(KgZc5?AzV`IF)DCc~U8&`%?yLUZ%k z+~baEMLi7a2;v?8#V0a>50vzDlIJ@dU&9>26U#Rk`vdta1-;{jVN)*g7{t-qWW&G> zS4dG)6Deq6+6vs~pXuP}h74-KM^<+uy znfvWmkeCAM!@SMnKRqJVq=V+w1&>IUT+hz{pnG@cNRed<6a^vjOD)Kg;c{>XgIPOV zC_7e>F`$p3!GB%(-O~MA&GBP5mhyC41q77`5}L0bygpW|C>np3o`8&wVRwE~ioW-$ zD_4c9n@R3=r^@_gOjJFx^=JAsww8b|=cFkIwjOM1IaYJGH(%tX3R)WjV;N2_%rP~d z;H{vE#C=xYjU|babNsk`i{a`L0YMo*^*vDjFMBmw%Yu0>o_TT*|xSch)w3HH}2pPdPmHKb(_G17PugoE8p zc`1Gjo}R6%MCkW{u7qf4Fr)aL(*p~t0M-uOh4$_N9x0UW4@vQQJoF}i84H}J>z-r&uqJ3Gpui_fLwI}NT852k)#P~m*j_tD*7 zNA(UlY5@8K%EW?({MS8R#xN!KS|hEmlK!2uJQXG4rX&S%hnHKXE$IN?Iw*VuKNiJY zV?#l?gu%~?0u0@9++}NXl56VyigVk&7YX<=(_mQKOpo%O7TdAWQ{Z~QD~lN^6KiI! zJDn-+sQ|(sv(W0yP}c_{xxXQ*a9s2z{xL4!h@w-bzi5_ z7QbRd3moDx4~ohFl9M{k@0Nx+IjnyruW9L%rhW||X~^v{*oag_@on9mX|et+4;Bft zV+IlN1d|`j`yNFc_v+>EDSs2w(~@-hd?bp#SF#XoDq(eO7|znJ7xVkU8)zu7r-KQ@ zeWI0{4)f*=`1OvaQGh<_8+=A78XC^uC?LSyniUchY*$ zdH}}2B2O-q;!i~kZbUs{fI{N*Le(z=&21J``PX0cEFPAa4tnN3p)8hVS@ago95)^e z=C4o+DM}1dcwWD>0u=3Dq+}!lEQGvcZs><(x7q(;K$iTG5}PKlE8#C4P`3mLd}(Ca zyB{>J`XBYBgn+J`5BlY;FsCI=1V>)DV$iZ7yDkN<2K%F2%+o-L(GSGj4u6d%8y5@P zntigRk!*0VoLnDa65m5$En|{MO+iWDa*4Vju6~YjJljLvr zYRt0w66a%D%;9qvYF}#uYY^X+Lf=^5(*)zaYTBvYoxol?Jpl;gv0xBvZu~o)Y90v{gWpDB^ir-+w5R z*7hP10RYFl=?i5?)PIs7p)v1b=|R-8Bh(>c?0G>~lLY`}LiD+xEKijNG1`7E-_t^k zsb`dU6;JE0JLU4(4^s+pNMq`Nqh@F_9Ou{T7ZGSuUn-s-Zb6BNG6)J5C=3Yl=0Efs zp+xHesk6@*(+`=@OMk&5uu&jkx)xxyp@s*Vvad_lK5HdO2H-H?Vxi;S!}{$rGzmXL z3t8u7(F6&0AoujK#4hi}6$2X2 z!nX6?B=0Nq&HSnJPtknALkj5dmczX!$z%ie16o_IMlASx#Lt3-yzXEw#QtylP#a0# zL6#34uq94A`K?rVHJX>-wtKZ1>A+4ldwGL6N{cG%Q;W#}Lfdb=6REcHy zo2pbzvx0}B`cv4mlg9=(2*y|)&i{P$=Gw3+6;n<$8&{E@+dzs73B(GJx$v}HGbi+Q zDQk+Mf=|Us;xg<2Ceen zhVt0^+@eJdO@o`HwAiJxTE5Y2aVyvlcWmYG9x7Cb&4bWToD+dU?SrZfrvB}MRwy1= z2)HO_4WTm%){VJVDj)PEnlmT}fI7`g6b`tVTn?xt4y6I;4>mn*fJVCYJHaJH9l2?* z(2a?IEqzc-!hiZd3Mnie5{y6IV2){m_5SNM*s-u$x({^GPs{VVXi~Y@w*NIFltIt) z-J}`;CI8(eUfqTdiy~80n1=87=BiLcp@2(%H(-#FoHruDP!g*SYVpNpMcl%2zq~?Gbq>iX~E_Gm+cFe z=0TP5xEJ-Qi>eg^k=d7?M%e3y*QiqBTBLydj;yk6bwa}SUb)KnL>Uvv|G$#!40Yq= z`}@ye7j`9vZEWGp4Wa}{$%F@!M>sTS7hC8Dmj4dzRwwd6TGfTg$n%hzD~bEJjrbuM zWbJlj{0Q=Bq6-yX{VkdaVi2v9%_+GLPkP|vk&`_L z_TVFAoFWH`yQAC(3G|xbgRmz6AJN2g2e2k^0EOKEM>n}w29bdk+n9*?H)tEg%2Q39 z^DkZJsAw6W0kYb`D!jUh*5DQphZ7Ew^yr=Qok4>@9-VBCq1|^{+xTrM70Q4L8}}NgBWO7elBZ%U`BNNFji{F$VBL1<~t%LU%E~wxzVjzNlVAxq`O6CeWMSOrovei@pI zC+AZ>>ZhkX7RYz`?hA5246sJ_K603N2JqvGOdcqhTXpwDMq+zGK@a5j`QtA2foK*= zlIpmDMwvE#2?@-;@~wET+f?07Vk9t%ckGk7d_96({^c>-@ReT12c&O25Tji2q@Ew3 z>q(g3efGi7bJ4-R{h<0!30!lsRi#CN22cEmo*#Z|pn(gzU!9%oz%~UNhPc%aJuY1# zOC!)Q0X6qjNODmqgWwx}D2gOpn1~u(?Dyf&4Jjq5;8J~Q~YVZ=WkOAZ$CI3uE07qk$SvFGRvbbXh zr~paE#{_|RIG&b+hrN%Oc%R3gA1G?X_J<(8{xgZ)Pv~yqDVR`FoJKv;=GK?qx_Aco zk)D;Ie}Oq4+p_vY;)gPVzeZOyDRVa9iQ&i7rG zq5m{aTy=ao*$e4#X?B+v*+~cy-vJAxS%5xLR>=ejsuL18n!-i!kPdd51X86TX@%B+8v<VSJjAyE?MHs-G2r=M@BCnVHa#LG%|`u- z>&^P663>e5s&O7~{Uhnjx*TJpDEyZYg3BPLAR=PO9b!y~nfUd+Rj<`wf7Ml~jJ(c! z&fd>{#pU{fkM7MXaO1aqfhp~Nc~rWKV+pd&WXo860e{?g2iSbcTwbCqL`LRG>Pqvc^W)WwZ@TQ}PI+kc&ZA(O zXP^7RDhUKvysc;RYuN0Og7lOm^8;~t)RMYgj1AMn9QQpvL8_NaM_(fP?0ws4!S7m^ z3j)9_eLQeF>MM+s$!Z$+JtjWi?hYwX%p$^F6v%IIB-#@$W8MOCgX!$X9YK!NE(i{| z?y66aO^Zj4kIlYj^N*q8x5Dh}_P0ZAC@N2k*Z_dnu8aczwR`z2km%8eMx=Qj{@kto zU4BIonN;vvZ_DCU;o)_TB)!MOGT6$Z%O0kuD&5z6#?|(Us!jw&x6jx2YI1Ku*_&H4 zZ}i#~nc&AEnUG{P0a0po4cWtZS3ISkyRBO7mn4t8 z)V}5Z?%LadPIC}FlfMG}r^s-g6|h;Zus=q$Z>?5`09EPIy0DaCtR`q!9_?e(FZv2( zb6^zyvA^vdA51#P0RO)S+jZi-;kCuMXbTPmoFf;Y)hm3jqIjcGpLa&QmpbN4aSW`= z50R>mlI`|KZqxSNaK&N~YtfCq5yFFR{iF}h6>n-&=Ko{|LGuKGciD!wo%Tky|Ab>V z@f!S5@(lqhhj<=!n*2LRac9>&s<;nIyfHtXPT$R{)Tc@=Ew2QBjI%BwcqnCoT!LDlMgL@-Hy1P8Y~7PKgwybNn<$^1d4R@l zJ#Ygk!=BPeJ@CjKPg{v~V$DvIF`7(G0t8i?((QdwfM$1)g5TSNW(w!GfP^(id&m;x z8ixPUjv$fNI8@+bJna`4#4;gM&d2#93{mI^1A=~zS4qrdU3#_#*nd^?B}1T!7ec59 zpVId8f@+;`tbea_QEqTPr$-A@12eYRd(BDXZ%J-zl!P+3-o$XC zjq36<@aVYSy}oT6i9=ti0~I68T)WM<|MCir0TjsJhWJgxgE~rgYtk3HCX)*&8;_+g z_Rn&J5jw zAnK3wTa51TdA^wF7s_e#9*?F(Y4p?_j9&DGaUW2BClOI>n1G{drE=vlO*E)#z^J^uR*FKHxcTN_?loylBfhDbzu(yc;2=A1 zjo#{~zyzxo2He~(c&Ozbo_}fY1=(DGdVRLNd%9M!sBR?jLwxreXz8^=w#}5fIB^Ed^!x9{J5f1o_ zcR7gN@6Fr7ha)5Ai~C~96X@^jRFUb81;y9z&NJS9neUF(&r`-S=44d<(Q1VbKaRItd(u zDW{!jOt(yrJy%;|+-6g`?!^nD8#knDwqx*oko<@8pkNCHqkTd-K0l;;f>glkm1~5v z`b{UQos0LIxYNgdu{ZOKpyuymrl1Yozj4^bB_ba@wG>+7^~*PP1jmZUQ?E5>x3c%q zgG#P6M`YEjsnP?vUN9CwpNl0ax1ykq`?iH*z83MM(Db&_m}+~1UY#Rs`# zF(+ikp~8m{6upsb8H7sL|MGS)vgXYo_$gWU+zv;pBu?mczn;=z6G%)^hCR! zJi*vK#!uAsj(_7f2>mwx0Cp@_`0crdVeqPw!;dL3h%K$&f}1h+UOu9zc89f7d_qSb zKWdnP9;2nzHG+GQa&08baTE6$KV9_hPOYb(S#Nx7^MdA(F(PZR59%%Wiy^;CHshVg z@5o)K;Mrb2O-+cg{`xHY`M7+HMCfwCIW?`cLu#9~Xmd0f2Yb?hb zrLiNzBJMKz)ljj`*Up_{5p490CN}xPQ%9!5roLU|wlc5%<+>GyTP1Z#PE)f;g9Un4 zLw0BX(!8|-C)qs&s=2I?-|2`yG;8{>F2&bvYHf!kAQXd0{K~2loc}KjzYwNJc#iE2 z!4o8lXPfhkh*vIO)`f_~ywbv7@%(Z{ak<(b$%gH{(05a>ykB3SME*|e3HYJ~gIQc3 zYw*IKKL(c2Dz)nw0gXLu&kK3o_vK;Bx3jG-l_Ba zc-dlR!WPItp!NygtVC)omx3qRESLSY@cS;)Si?Q!MUMILo7JXM1;@>+2Jo$$b9n3z z^Rw=?jcMO+H4sVD)~OSzm$Ey6PQysYAy_O~xH;Zwb@5Uqp7+h5*i;gUb>x?!+UYm)bU+IfL1S+bQ9(ySAiQbJ(8|zr;8Z zrhFr8-Me2xCYlb$Ct{u1Y|InIc;n4Ks1YAin>oW{Ss-!tA|>Hoi4V<x&=;+?vj2Y3f;ll(pLE0~mm%mKJmpRefJ%-`#j=`kDN~CqgEHvr5xQrUlQ(?PRMaW z%wpv3C!9nb=|k~R27JANQf*Rm^ELF)Htv(=v;ubv4(ha>mO>*8E)ms6>a zIGdAH6C4U_CL26VX1Pay?3NzE_qA>gUki%z`-pykxmZ&BdWud>4QowR-{AXr=qkh4 z+~If&cN&F2AEB`0XWg>Qgi}L9yf(_uZkR_-nh$Z2IJYd+z3}Id^>|s(%FjLu(rtbB z+ti1?s!S}ZvFCi>Oo4-v^Dd;u?Z zhUgRldLkV%f4? zydr`*a2*K_U4W-e$? zSZnO}=Xg%qENZWb#onOnEBL-d@z>sit4X%M@JKXAk@3HhFdhjjGDpmM^1Yqi9H*@zs%$05Id-xBxA$JiT68muj;d(HVLw0v!njPhin%o@psmjLGEj>}d$c^h|i8ODLZe zaaAMT0!Q3^&W^s>cq6onYloPueU+c82jzv3$^|4n5aCd$`N)>u+hJXpD=6I);)QEf zrisT*m^m`&T-W#B-F{x>&Z>2kGzs%Dft=Ngd!V?pcY1xU>^Tgj4G32p9s5mRcQW5h z)p#Ez35ABIRTK=E_`w@H%)Oe{((8VmnCi7uFW=jlBT12QW9Dp~4s?DPOxQmv5tG}+ z@T(E{J%Btutmdf@iyy+v?FkLY*sS+EbNOunjRYUTltvGcQ<|;K9M)ZgW=P?FwG~c> z9hf0tSTIccliQDK>6o3ihypyE=D7MbZHOMP$F&08Tt6m(5+N$~BY}A-R=)H+Cddu|7&`ea<+SMWi6lwFM~t5y zp=B0Y3n^qp0wdY193Ylto=vQ&QW#lx$`HyxrwMlBg$+K7yMw2S;Q>7yvwm^?L|7r* zxwJ^GA=#`{Scg@~LVskzY@ANIdARd`sg4)Q_r^qjPC|YRx3=`$tYQFe{KckyQ}HBv zyu6@1AfP>X^@=tM41xuA*OZ*Z&-}{3Yxd;si(lye_OZ_54Y}JV@Y3bC3=YZbpWPmPqkK^nI8$#p)g0*7{KQQi`H(g ziHZpL`t&-@(%ms&Jx&Dsh$vH<|7=G8_~qArb>1+!C))GDKOc|SF}@^n2N$X)^XU0; zW>yiI5o66SEMHx=KNvmjO`9q><4N4+(=z*?oN;!rg&;)l@^6uVx#$?*HG7JB_h<3P z^s0WWsslad5~9_|vZlZ?Sk4ER)F+0i%p>w+!Jwi!A9u5`AD|(j6lNZc5E9#sH7U>P zE2?yC{S6S!w7M(YJNrX6H=_?Z$ED*RhT9$-G#S_^xw%zr9a}e z9W3CO;nJ0(NyhU88(|q9UZqR; zRihv?bpS3t4?F{8CjAKRpl}Jb_mi?-xrE?VT#v|qU?e3eh~+&L75}U9hFpL6jk`cb zbaV_q3sa&k5Jsm)G_Zsdy=Z1m9eh1+l;?+B+;ouZMW&r zLi6`n)=!XWKU3yDvu*Dy%3qj+8D#y1X6@tN`iXzedYx=Ad6ECnx$4`C8AG~w`T`F> zevTkGTP312F1iZqq|gQ1TXBREQEETZHB;2EiNsWjx}S3Q=&&4Kz>2gvw6R6C5dJR_ zfBU-a4P!uE#V`GfY^?96ejKGjEA8t|Ie-W7-E}$0f)B>IR1Syu??OFhQ8@wIw3ql# z>KmJH$gDjpT|pz@Ve%`r2}wm%TJ;($X(7y*-RmmFixPELa%p@-Yu~Q5<6UnNdxrsv z_ux^3+5?8tg__wf>41jc-L8$*af+9GIoC0`$F1WHKG_$T7jOt4DMaBpYChep4}kC5 zlnj6^p%LL?5CmZ6w@@GMO?rm}0eMPu_Sx6Hr*Yw@;0CFU>NS~~&zE!5#M{wwht_aT z{c^>zD-SGSx-YQg{e1tWt~{g#oP*w8z0&sW*lEWo8< z1Mk0CQY+Wqk7HEo{IC+*gx_4A_unD6rZPSQ;U7!riVn}LeXI_9|Dx1sh;?hAvm@MN zntC+SHJ=0@sPCXmiol?$rygU`(?8cgPUm^>Y%$386L5SJ^(Aw5cT zW5jm#3W?!#rYd3+Pv_fBH+uligPMqMS^l}WD2TuT-5Zh^O`VC`@nnhnuBk3?rG z_W>|0_oIA{^Y`WicAp2Yy^XKvmhVR@lFmQI<8l2+LuwGYW52f3ncY9=$E?)9lI&lW zgT0j;zxi`-2FEpq(_NV4-%BUa54Z{;Y0L^SlO{^-a2>w~|MM{*6TEY|hP}{_(0M9+ z{*a?(-k$nYL+&Hbx{b?ScjJMa45?4>o1FV;`^;5NAHBWQbXr@DZ>{&GNyq?%@vEE` z`L=2E`GggW^@b0>SyWYy*d^Yu+lm>sIsJN_Qed2(~YGk(|3{H;5!HB_5SQY)WRYLcxI=_QI89(DsFD6-cKObhXnZ0YOK)x?NFV;XdN%Y=P@!@ zMFqbg`^}$xJLYm9XF7LFHi_L=xzV5TcLu2;VB$ANRQC5s<`H9N2bZx4^lTy??OikB zgW~;IlsPn0pyeLEK}(}3W1UaH0wmF3KyZ4O`gCPR^7d9lg4hyLiH=A;-Gb=N89=)g zPHBV1Z|jY(dzhhuPl|DLaEgQHela0?Fro_)%RtS$b?31FG6 zZzp)bcQIHcFl1SLIA6%Y5$fxje6j>n;57@%p7Z0TRz5}=Cy&b?`~%~8+|4Ic#o)sx3|9Am`D%YJbtG!CK;iNN$dH_PXE)-&=DmgwVyH7ynM}vPDtF3N96S zbYmq!uPlX`^x!Sbv?E=gAuc8G%XbH~H*{8e?HAsISE_t!Z5}!*Db72qXMDoS*2prF zdeP+NvBlc5$cAob>#1yC6}J zpN5UUQ{QLupuW{Fz-M^$fdNz9$+TkX(i>^GDr~XBdxi-aY2TH9BcNiz4~Nup^z%LL zkJ{gde0oL+y_sRMwvwdVjwdkY+98q zPT;8mckB1qz5gH}`*!ZdrLO%!Ttna_O8R>|0#IYlQIXr#>nJG<|1N)rN^1DCk*g~h z(faSreXZmD)#cCikgoLgqrku4nIwT^^GlfdhhN~Nb8)N9FTVr@iMUnR1qug)I=f?^ zQHLTpv2R1w4Q(52edO`!E4bedxY#c%P2<#-xBZ<-to`J^ny+ocyEJaF>wL7{c}U8Q z>*){Vy^RS+U0I84ZcoiP(_r~*2nu@^yclZaXWwLAYlG8$;QA}H#NZ)e<1~1u7Ex2?*--W83vg$ya4}hQ*o@`R&&}Xk!>*gE)>*6b(_p`7 zX3c%RhTR2#`@Kdb_vH}Z9v>y3gICHdC^gp)c@U~z5Emh)0wx?93|SHvX$&reJifZ` zY=0JwaG3t{W9Nx@9zR)*eSysXT?*_5x`}Ya`hffP9Br>hPhu6I-8x~Rm2*<0GFo$^ ztZA`3=aw7wH!5WjzVkwwHU9-E9JfQJ?56%MU*REo`o3UuP1&&&Nf8ZBrJF&1SkNSD z=lB7YFyjr*M&d&c8eHF=p7e+-h>(jpDrbCgyt;s9lhTvPv&y{NxC{p$shqX#bi5#KQU-@e3?{6JkLo-y$?D|?~1;~Mbezu4nz zeS`r2Ft^73)CuN@PX3Fz_wcUWiiJN}T*{8;eTjPQpJV-bLEiF&N(gnCEML_mzw?N% z+TQng0>EnD(LIkvO1YnvJo@oVdB_G-7N zP;sA%YmddZ1OI0~eIT1)v2_QVNOoKu-|$(0o()9Ys;iJ7BriEhN0vUhr8r}a7$MBJ zK+_?IyCLtNv+TOB-)zp%&^3JJI!FCwFv@wo#)AKpKFQv3&+M{}_BV0}#3veIOI?Q} zqF9=VHcLN%mpNtFZNMokqe7A(D&Jj-a!#qhW!hhav_G$gu4m8Xtsqmtq@Bka`wlja z0Xk4iic>Yc0aqCEj6n;Yb>gMDmC(R?|p-O5Cv<8 z+)NgSRBO^knsT>%mixsy3i}4Vi}^*BX!?2IkBDm=o(zqAypOE+y6K!N2v_1Iqy770 z)Wg%abW%VChFk8tA5AE$$lFh*v84KR5Z(}LjekgPK|iD*9w2dB^()NIe7MSl$DAMgnR9LCpA1>wXTDmh_c&m{@^02cF`ZkyLqDSVAkuf* zca1!=AHymW{`?s#mXp4)V0t4ZF1bq5-7^UCehV@Ae4cH`l*ijAQeI^LKG=xgLS-q3 z=!?|U8$i|c$s;gAvx<3$-!oWO^F9-xjd)gKlB>_xj4>JNgckmZ(g?MJ^e)URD zE2Ea`>H4uL^G3#Q{yAm~Sg^U6Mu{>G1dMyAu~FoF_`?8^ds$=tQ=t;a&Op`fKRJNK zd9d~m4oA8ESiJPMjud1i-@_GzL%kpjAxbLXSWIR`(i2isxl{y=R*1A)pRXak#)T%|aj(wf&m8Y>z)`LJ zv#Y6t*XC%~{yakd_&Bf_>U-1B8-6u#TfNZ}HoB$vi z@U1Vf7avhG`i}E_8TP{w!WLSSlK+Ue*PH#`lrLVM1q z%%-_My+_d15)nW~1Bhpf9APgHlHZ-#FG?C8EEueX)u8u>Re7*Cl#q8-{I~?JHiCiw z>i(&H4oK0!MH}P&0o{!B7uP(-QvLq6pUiFJ&hfs^eUg!jiR$3dx}-WL%(P+;Pv zuG!-l@RVLfrHDzgHt-HY+CDJj57=Og_SbT1ZQlCNAs1G4o5p6;_$KdOB=vN^E2_wq zWte@x0sd&DH&(!3g*RS-zyQ9(m#30#mcc!^yt_b=X2oc3ZwLH1p{ZqYJGrgPJJm6{ zW4^8R#4ynup2U55C(QZf0(bqFKRs?RS$b8acKa(=C;jnjU7fhvMRO%E71B#&ayQ1; zNqmq^yTr`t9K^Enjaxh7H`&|ApgXHr;HgZA%x~!CZ%|YEylIU~LU6wDW|;f&nizCc z;2a`0WP5Lld1Q)#KPkkPd1qM}pVf*Y1a}&ojq_emLYKb>fzLH|t*_Gpx*_cC0*r3K zR>oJFu{AvM!8=a?XsNKv6%O;jQ8p@>;UYjapMPImP!KlD5wD>Jf56#tXCyOeOkUx4 zs;FZ5M4tR{lY{5;Ms{871Zrtx_}snaD3R(QnVWrk^gp^mHXJAA?Va#SqsE}vP~Q*h zz53}djEm>Hj=y2`3)30~mv?K7JtvQ+jbZRAF0!U(KDRGBEAxx=NLj0q!J8*L7#MqL zY7WnK*lTCXQ1)x!MGkIGJR0iwrf=p|^UnJbC%m*b>`nSTDFcEU=3^cXE zD334oAjVndUrb848*@nCuRf51iQP}#C)vrNrCQRpRkUnk_*{B-__aeGI{i7pSNQXG zn~L;D=aDk$<#j@P_%9lI76Nh|!sFO)l;Z!kIslxr({lC-z2R4m^@49H z2z=`7IiwdQvK<0vgZVoZjp!vg8tNWPEAtHmFd%3xPT-9BzzPlR*L5SE<=l)Jf^ZWM zfjk_JGJP?c0@x55`Bdk_YX(V~D84{JI%N^&1p6-7e4s?!!>xBHx!BGH3dxFnt zfXm6TrG+jA_#8Onyoh+m1ZCie@d%_fbN|?FCXR10_7&q~Iy+HPK1Ifje4;;mqYkQY;sjY)NZmo_@!$*6N1H-Cy>#l)n~z)0{@f!OmpDeEPl}<2gx(mIQ;~OGXF4bEixHWsdw~ zPSEki+d!5EgYC;tJXiW{+4iafI}FF;<;7&;>pjo{d@FuX7w!D!{a-_U%=-gb4f{tD zmS^Yk@F88+)_q$LBawW&FA{>q5Tv9g2l?{la&K1O`yTc}h0Z0B%jJw%_`vjt6Lb9y z`!(d{Gi|-soR~#_F9+X_@SZ?d3rd}G+roEI+)wfSbLR8{5Qs^tyS(Ne`*R(&ch}2m zEs6*fsj?T$s?scm2dxEQb6-knIJAJ?ovCBg&iVd=gS&&(38(x+x}A^v)%e8MJtMvs z-Rbt!W&vrq(5oAP^@QGZ3SX1Y{Mc)l!~E>OQ<*OgC(=zHbJ_fI5-ZZ_MYqG!l0B2T z)(J_}vQa`1=*F;|n&;^oY@6c{cL+vmzqnq9{cOFd9TF@`|3!^w4DLsCveLbMe|_$I z_A(k~)8w7lRoY*IHT;vaU7XSqVSQ>>FqP`03sQ?bnKs5o!88!kxv#T7$b=ChgCoa3 z%Jj|qrS~I_-a4sYJpT(zWc-qK2!u0#MHVlpRCufn8xuL}z=gQA&B02hn`5(&QMtdP zr*RV+C>}1}m5#@|%^^IXP4?Ss7r$z!s-w~-Im0nn0+ezuo?NY7DkiNbMcj6$BXvxW zZ4$}8#85UKi`L+6YS->58^?|?9>ATkrYd}k4X3xODPw1kZ?K)>(UXA7R^BQ5ZLoo( zPu!#rpnC@-kkN(PW3zj`dX#Sg=-{`{6l7HXw?D7*&pm~dLXPT^Sih7$hU{XZtdqTB zy`dG+Bs88QitWo}q_5&m1n`66ne9uCt%>y^hRW%6C8Wg@+3Sc4kW8~j>XyQynNZ;szJQ?Y9jhZXu%4bQvcp5pk5$FpTiCp@>7#I51 za#tIGoQ9<`^X~MeP#QN4xgsabu}f^de%c5>$EDO8Jss!d*t`vHw-Vl8Ct=wu7I{3J z=YVV7v|sjv>GfDKuqUY-PV5^tnEOd>Q`Y^_hCMBJ(4psnKffPC8dF6TwaMj6KZ+xN zD@NRMbt@1GOY>b^c%Rj$HI9x;d#{S`wtq$)AnQ7UXH2+16H`sc;e>4zvtPse`zHsN zl?#acr*r9>uAb-OIr1hppQ>fcjwaQ#Pfym(!>23?rT~tv=@j0 zBk$5B?(17GT3?oVyu0=qE6EW)I0-JHYD77v1 z9{g`&Y>Q0&K+aIOwgU8(A+}3$N1rzPSeHp@8PnMb!(k4}mCP z)+*XUXlYvoCN3x2dHAw|vR;|H(x8wMLWJ%m!bV5J5LSs*(>b)5LG?xJjg^tZ&%ZK1~37QUEt2 z&L~Jgu>q*-xj+cIm#G$*WPN|{2FLQ@V}XuyIAu1>gnpa~K%LMQb#3Zjc#9NUO#LOI z0O`QpT=nG&|ErL}z#HR%;@MXTCv#Ur?yK!BoFLUqFy_$ow}ga}09q)u>~XDrV@b%E z{#z_EW^r|=#!0xZ0NwYlfFF2UlC4_i{p}T7{nwCkBro#IM1a|JW11NXh>eZrZ!wpz zQ}J}ANt?YHQ=Wb>qS2?}D~`=kcOX@;aGc7&!aDSqO7-;t@AGBh=i^r0KA`dkZ@(PY zLjaPHazVpqzx9#I8vz!1W}I7K)kjnalW?ATjadO3^~`f9u8vK=INSWJMqdARZt--NBX7R>6Riw8Ucty}uw0?OhUhrN^6Z zP&aRdVSLUx_j6<&P%1ClGnq{F+#;i>K8E1}(K^nJ*7KX$I~C3_&rCP@?{^J|y3|rF z6TKFAF2W6nUW&@*AV$8Hd&0IEsNmvPiw(HhMfY{2_mZOgk~K29_62ld*J7>Q+AF7z z5oP!1-Z}uu`@^}cE0Xk+0%@@@D?tihk8ykQ{`z>|`0Kgvdp}41xP*im$Y}W?yqx2v zmuCN>f-Ey_x$cM}@My}D-VzbH!?;Qc1_Sq5vL^d>bC^~I!!-l2RQ)rB@0d=T2kD(Z zlfs_H)eDmHfaIM}A%t(>yAN-?uUM;PFF3gS#a??~K^MQEO7iq%~2LZ56aMz2jaWUlHqTDIAyY2N^eaqh7!sMK{X zSzRo8|-)u0NaK2*EXduhIJUuIJX{b?d#g^UmYwjeWy z0)BL#{8_{^;!?oO>EckCra-m~RU^TAL1#3eOF!D&5y}*bf!a03-KFIjIEqqj{0oVF z>LXHg#-+OMD-)s2w35XLSx|@iv4CpL#B-W~OuwgL=3U_gt^fvay!|5X1`nY_bj!X= zzD!BFK8X1(2{G>5uUp2tR3LrX`}%ei_wwjq4i}A3&!>e=p!>GW?Qx>=ce!n9!M==I z#b^qFKDakddm`Rj^5^?Ag0Z5@_R({XY2>C_AdF1y4b1n;N!SZ{E~3Zeb)u z*gPu!cn!R+SqbXgllOK=6Bcrv{rTOAx70@@!BzXAY(?PJRQ&NQwC~M-icl{-k+Rhr z)SronM#sP2f6M*N+t-UgH^+3eZbjNWpTy<813BbFLLS^fLPXT7zdtSz-Dy5jqqrFP zZ`u2YIG*T0h_%s|*uYekfQ=|frEuIbxMO`UjR)54z~ErrK$Jcw1H1Y>$u;Y>+~5Hp z!QoQysbpoqCchDhl9~p*@v;-1sPP|s$z~D!h|5)jOqgr{P4WzYUZf~pY6;0FF+oZSjUugFH< zUIrlyf4>fn8BI>{dn?L)(>rm5(p}@(ZY67PXSTjvykC~-^9s+U?BP?^s%^j z0(U*VRe>O(>4sC``g%XPN1Eo^UejJv=i|0-!V7}REbeK;q3*XDQB2_o*jgk;y6uI3 zYtky@d{gWNvlO1rvR^EibeyDL2h7Dfmz{OKs{zjB6VlXA_s8R-F_bNwT+(`v95KdL0S-bvjt=WeA!1!I~{9>uY*H&r-YE$hODvfm<$v^!Xki z`P)GgN6~h{kg>7Lt)1O!PAbNR6jgtDpYq$&=?ljsj7eK~V}cDSMEnw8RjxwfgSd!w z8HY5RrX|KzsTO^j416g_D7I`v%xEY>L#mKQtFwJ(YL_$+q2;V3K>mGYx%lc3vr=?% z6czJO%~ej#%=s7?2Sc$B@pn>B^>XJQI7S7sLPRuV@$GLD=Ot~`;e!Lyw*otxpkGAe z?6uXyGV;!fr%z#=kYtVp9a|uLKc}U;Y85Q#FoA>0`>Sw5C>-9`F`l1xGfZ0ENd;&o z@qE2o_fY)oBY9l1G;DS+_j}J@+Lh0tv;wAaK5B~exMZ>D-LUvf6lbaNTYp4pPQttS zX&-m7);$PQYo+tF1;|kak_tEvUUdDNBU#H+?5?S0<`V0H8_NQr$YrF1M+CFRf$GznL~(dWWMSFOOMOQx*(Ainqm zSRcq@OSNz|k|;Db>Ro>8&pTSqlg*O^IjQOgQ$_tD#R$8E=J{g_TGiqn<{P$|U@E;* z=RAlftkx6OaKw@p34S1iYPk;oD`*Pi1r0Z~Ym_V{M z|9Dl?I$Vlfy>oi$3!;>6NCQj!2~l$4QE464-It*))?1Vj`mwPUC+1}Oa7mvCNIhPj zSW+Rftn2uRbomBj&GYGk-jj)}*6d5m`$4#03O}(Ymi=UCG>^-NcP5^|m-a-rAJ;A( zAt2kCA&@TUA$s6+EUq;BwY4vl)^w$DsY}J@W_}zfkwpO5*!$8|h;nG+SMAJ=cQ_6W@OzTtwjSWL^ zng@=vUKf5DE*Tl)*$K3cq=%;*gmnkH1S}%#uU8cBxGR*_V>hturS18xz-!~=FO0I+TUGK-PYSeOA?4ox0{L#vFI{AsBMqAgt zTk>1)a0wY4DjtSlw4^iupnujiZnD*0azNFsV94(IXK9``-M zr`S6T!p*KqBO?#i6OLGXo5JlX$Zy{0BX`6qmx0B7&v(wz-nd{H<-_fJ@(eLswp~$p zS~VtPeD2L7?;f z1Uc6Ac>;H%_=9)6nnwYHQ(=MvGj(aveNABhT(HrVf=r6=!@Td3(}-oY_0@0+QK ze`#=+^!@QRv^l;ZQJ7uu5b^vqihC9TqP^X)9L1Yh0EBMt(ni`R8V^qGAWta~bbi{X zkA&_+`-6KHL`8Ob(7kOmc6#YD0c(CjqUzBbHa~-d#ztfYQHLp z0e*b&9ao1esrH zC(h9sPS5LMIwsdOg6br90ZP50*iJ)qBh~)#Iok$CMNwduEo*vhsvw31=|PtLIBg&XF-p<oWswh9NBH!w;cszcuiT2a8{z?CEd7t&`T4dL!`#OlAXsX2*sm2Yi#r2W_nx(< zU)y;=$JIT)A4_40Mlr^L#O}4M-Slzr+OYsKEB@##H&l{^25?{FU(IE{Nq61uU_gOi za--NEzRlM@J55*BGWXrTK;F8JW<;1Ti`-F=eEM^PzmV{zR)@9}8+SWa)z&25d}#(A zAtZN(XwmT`2BBYdw3{|~+L57*`ccTX_s70{;B(ENv_jy`BKgSX*WLoXV7Bbu7^WBCxp zM1N61G``O&l{)I<`M1p4m|!7cIMbqey{VT!-mAg{iOZVq^5QR}31L8f2X1Q4(FWoq z4y3`|{3%%C=Z&^X ztQl~pEt|>5!;tm(^*(`}1tG%-5n)!(8o2?y0dm%Ap_FLjv zzPLiWZ(A2VU>FC z_KWj*+#6Fv>tZA${jc;~n*i}ih1@K>p`!i?5oa)JsB=AX;ELjS_J$CIQ+ZPfRt zYb75>=iJ_Q@%KKEenaW`&KJ(SHZ)t#-G7xe?LZ4U9|I{AH+{cazt(lPlYvxB=3efO zdRu;w3fGN&F3$}z>~mqmBKJJMuIn{p3#8F_q>AgWoM6^IcT1VuWdiibmaPlTghzmJ z`}ay&2+k*2LOu!x)Gl=zt4J~HQ@tHExpO%S60B{?Ao+pJK8v1^{5$i43idlD6b2He z{HH1V*t^;3h6Yxp(EKw5kyAHa9?(!w#$f*(jg{qaeLOBJHf#{9FF_S9A8A|Y=bj2a z1$Ls&S9PAxfZj+ltT}}B_koXvxfKtWrCF~0oSG^J?H~TM zIEg}-D(mhb-zBcaHEC9GM|RH>Erho}u8IMBPB!=OE zpRiL1x$E7#8f0A#`V*_3U|xQFgjrdJd(dDQ85Tg4u>p|y2!iwT@uzxOfZ%w7@ys4A z&UEp``u&OEVip*au8RA6xyx{GzlSN%Y~ZAgpXi}N7d{_Q2YxMl{v^KhJqeZH6Wt*q z66nheV>Fv8=W`XA`V9+$0#id5?sFo-m``!eC|Q~#d0AtNx~>B*)I2j8!>!R?Xb{_% z%0plpujtb%w!>7PBY3%@q)J9_QO-NMHyjD2t2f~l#ol+UoHZKFK0>k4ux-SqW$+FC zz27t*8nhptyw3q@mS1d%Q;_!N`HSEBVM}Uu7+WeE{|?4|X^?Gyypb6_yxar(gK;R7 z^(!%TI20@S1;g(cRf4J;zq-aAM3KCJ~Hcj?wk>j1T1s_&HuO+s@zu zI+2`8KC;!fQa}7XRM`KCzMC&onGG0TXFnd0D7{Q^$X~@58ld?ajW`JW-41pO;t!<^D^3t%r+ z596mOTN5Rf@49d9euw)*{fthy9U~g;RH8C=XAQ$~Pyx9r^oJHe-heb8+=0VA!fQ>< zEi!ew2S1d&=5uO;kHb)@IEPY%xCRs)x#&Smz0r8lI&be+unyTV>3;Eh$QrH z6vO^=X`bLmqkID17lLm<(oJKf1yrzl7*ZkyB`D7A>#Td=wk15=AnlE66||iM&8A{N z_(xsNz0Su#NI_*d^|z=IW{T6Uq;+6Cq3VJgTrWIBy*@=oJ*x-q`4&$5vQ??@RBX5& zURLh%O7KESjgP`c@)WGoS$Wv}vfc{tHVIXm{bn=ztC8l@OfkCsDSE#OC0e*^{S5_n z8wyGq#9kBY=Ak|&)c6E&CH}y(+9H|j?*~hIA1`5OV^-%@d7xFUvj?#_M$c^!QW=?B zn!4BWU3aT*8z9(Hob4N*jurVtHz6^e-#sG%Txg$Ml&rSXyJcPjU~tbkqr24+CgUnR z24;`z%S;`pF^Y78QMYgT;S#dB9i#46SUh$2G@3lr=GS5e4LyQNe5kV{)~h|5N#|af zGn1b}y zDY#F}8HFtz)BZj#=wPlwdQC#|?oJgfxFLTHKK-5L!iEJqmmM;|60?WifD@Ou!l1z4 zZ~E@hTD)g5UUWg~9oi>{8p-9tExvm;BRIqHvPMR%|FUnTKjvn$qBA<<-oIW|3D99& z=O?t)2nq;~o*K^>%lD;1^T-bkCrOeXVR;KU6BX*LcYK~<5g&w&PiRw}<^1SKHS<0! zu_GgeD(bh(na2n4rEhh#w9`r2;}osJLLeeTsAyk+5ac)VzB2<2uee`MRujV$`rt4b z1=tCk(OreW{c?e_la`U2e<+Py*LU+m!NJ|>=}V~6dSy{?LWMV!uXeZqBHVLs=*h!( zv#^`sh<+%h9N4%|X{=n;mp*L~Eacmg{rl&y5qYzv=;{u`36gqta?CZTvYb=5wiygj@u zM#iLkh)z~EMvn$_wpgvI4t<{`?rw~rtk*Zm(%kL>1U|I6X0DNMr}wlv{Zrz8_8s9Z zNu0dgC-SCDofgZ^=HEW)dI*!X4S(`~VK8N2C2XeD{D1Cg@#k zy+suByQHjN&C$BjGVnb}3SIj`ZTevX%EV#a5wGFo#vTmPbpvCwgEbptaHYQF;EhNL z-X+pc8VssGmFaSC9VGkyvL2Sx9s)ES?;R`OW)rcViR)cF!}K)F=h`uZ7Bhzk1{+DB ziyK-JnO=@H{Nu{`%DQ~8zv#)Wzs@8SBVN_wGCDv=DebC7CDN>l$Nq+dMj>|azh>DOeMoA)Bh$j*)7KShFZMQ3H z2^~}u$8L(1e6$+m_Rv2}#~Ssy?T1{2OM$Ox^ZC3&7x72O#{63&rwG55GNrA7@w^Bm z(*&dcJZ)6c+1Z_YeP74@gG&sizafxLh%%YS+PUphU>>)Oj0bgnO=F!4V4y-S!$XmVf&{(Rigq3{gJ&3?nLfGEA8C$$J{@9V z8?33Q(|enZ?u<}*g3>a@uy=EK)f2T97{ux9`x|2;kBT>}oFEwboo>|xA}s8;6p)uO zrj=TR=j)f01rqZ%^v!anCcR1eq+^wL8f+$aR7 z{jY@Z$7sl$sPd57qp>jA#+A%}fKSwC{ks&?$J*nKS-<4yP5uJnJ`=W} z!nf5IIbK+4dx#xizVc-~ zY9gHzBVSI&=X#5%)r+AJeEbN|R+nVmV>2BSn}TUX&4k~lEp3V!g8mQ)HT@6PaCIlZLQ9s@rZlK$hlk_$+~0c>M? zNs8wV%2GVKN2DP&as>7UAx4rEhPM05_{PWfru71@FIGIQ5;9}T9Q%MW5qcoVj)a0<3x^wpl{ z>_FwoeL8;*RQNz+8=6`1yyl7)x(=+%+eev>gAWD7f%?5U!8(4f(^kspLg3$DEfPlZ zWxPy@BX`G|9~bH4U91ZxmtDrm&gX22^ZDAf?0$bm=g1UKhxd_*Ua+n+_^LO?1BZS} zoL?F3IbhMfNb8vV5on_Ou#(&Cjv+J2V%~vV1hf4Br*a zv8)V0*VIw>JBb%S>tY+!uSK^<+$$aj>=sUlW5g?Y{F)0SGyM2yKvrEBQ{a|oj>a1m zKBUWIU)cZ?@2*EP|D5R9I#74w>d6jepME+fS#1d z(pslWE4VXzK@lDlm&5&vPqivpfU*O53UpWD_J#lCxRK*JPpk~n;B24;v-L%bY#G*; zZAIWT$mhzQ!r<>NxeHGU1+qJ~-qeqLeD?(h0{NwFEM3Ir5mXrZ#4(TGn(@f1v!@%# zs3{CPF+c%b!0YMH*8z|vd3(0vLwcP~dU8co2^NiBU?ryuVqGP_P+`iF;q@>^I;ux( zV;ah2+wdhw)rQ>ss=Y~r@;Ia=xETH7KZh`3^SKP?)lDe%bv*wKXVBZ-w1fYU%qj^VK3yrw@dVYY3)#EyP{s8rxXCDz5D|(7yCLS1j zE3)lcu$MYCMNc+*%1{_>q>SAij?+MCn9-@6YINv5`A2gu^vX$Ik+EaHar4K65VoTe zaaFx#>|2sVUTD(;S~L)yfaJFBnP`P_PxufHA32`QU)jD%|96ZU9X8nm&n!I<)vBL` zR7th*RevRBO|X1>ns9{Kh=%g@IdYgb@Uv2ZJts+=7^=70x64bL{_J29xp`k7Id zE-34KBl+3*V4G}I+hh3~wAw#`O2LsU zw@=?=4rt$EtA1-ZT#|#jXITaM!k_=J{9H1>RKWg^~CW|*~ z_`6PuK|PvROi{O7Fa+lSWy<4@qPTM`od>$yrC|>o`MrRS<^)I%T8b_#z@V`dp`FpW z6_T)jhL-Y8we^%dAsD>CuwL;B-~yN50n4;F@9aXw@blWOyy^}@;v(#JChrc*9W?+m zLZch-LAW6mR@{%s+8P}%1yi-o@teWr;fY3vD8AmFetcaD5v9dM5A_RN0rp^7AM>K;&>2)8FeNT=&w!cv5YdhP>^dL?u`80}Fw?gzpu zq15DYu&xAWpz%0)_GeZ6J+f$Kpz%A`tK*F~m_U@I<9Avs}ZXcfRrBv_D3$5w; zmxgJUQawal;e3_iRdh#@Cq>YI(6aK}Yl$3K6x}CEs20W01#&dx>j$0Qd$e)<{&f}( z`}O`jg_nkV>;nL;a(Tx#{fLl(bY;GK!6LQ5+M7(%a9K<(+OwZnMd52N9#B@ zfL6{#@li+ng=TA#-ETb9=M32AZZElUEBl4+us(i)sBaGBLM5EysVWy2B@IURm*#XMjK?T>bt)_eQe^4Eo97@! zhLcg}E_@-|VDFK~Xnvxvw(#|HjZWu7Dxj;nPJ(x*7uS7d{OqZ3TZ^B2Jd4+N zR-oe04I6u+SN=&v)WDVu#R&5yI;X8%{IrWBPv`tpB;NUz(gJkM<8(c}WtPy`>4w-C zeOgwt4AjPC)g7Bg(z;WM%pR9PkSO7Lfo692$s>O+?!k54ZmXYn+qc(#YK3K0&s;e;9`gJbX{naD0%-yK)y5 zpCVjpwgZgIg*Vq1(B;K&8^gh7*!V0kADQ-sJ>8Uk{*Plw{r0guD4N{Ic7p~+I4%q0 z8N-_O(o~GZlBZjHX2?uhwpgl zk!+V=f2vz<9%L(>WIsY}NyF!)cvJh1p2*g%#f%w8W1_2&e4U$iX(`5`anSwNV-3*H zJOq5IN3hhkg)~F=C*KMhG&L`<&|@cCd5H9Um7dRvt_6Q9#mgUqMkdbT*DBRzwKzb; zgI(nh5W)UoOUnk=Q6)5aP_!=5CY(N_HFa#XKLsuH8*mN_y1O7GniZafX1 z+!r9$bb>_E$WU5PQ89rJY3F0xp*-3=GKM$aVEsT9U-Jg650sIiJteP?q50>;g>ECOc7UI%um#Q$644na{Ql z&CpP3xs9(WnvL7M9L9}K_}Ay2KCr!G&im*U%;f3rZI1{{?)xN(y9hsQ%Rrc)LBr6F7 z&9e;tKorp(ZT;kf4PSOeB?zQ%?z8t|Xzg?}f>TheCJZ7XT7_*ei4HIzwC=#OoJwz1 z=i7yEsgq(0?U2#O$yoBB0=*yx*5u$f=RI`Gjq6yJM>BlF9BhT<;!6v~&w=5ED;jVE z6}pf6>TXW_71i#KA66XG;#QCQLVByo1M_S;7}_+-z56t&Wk-R%93{=_y>v$dD8LPe zn=`FcK)Cz*0)E@KI}o#TK|g}yY>bblmWjYKL;3PYCU-jtymg<4hUm=1d0-%2AYCZ*cpOC8{)^(yJJSoEF2f5Fz5y0t_TiwGXx2Z_=U~FJPs%R z)M87-q~n^{b@zPTgG_E;KUIf&hB1wA1BR)^>_q2tRc?Xy3$h+9%rF%uQG5{Y5(P_Ibbo*wk?atn~R zOpH9Qn(hTN|g>@JR*1jtE^A1;Czj}K>r(IKv*c>iTb$$f!8x)$#j z^t7Zr_-A>K+tiQ$7>Fwdsv?~8`Si#MQ69|T9G=u|55dNWL=ON0uMwsR7A#aww1Qg9 zwqVInf^jz-Rk+H1xj^aCGrZxXixM)!Kt;w)e%!^^gF5bu7>wOO6@?SpciV!uq}{J| zCdxNyt5a!9*ayM(GpPNwz9iitjyyO)9JRYwT8KUEn1nbYsqSyNc{w{NT|FQmHYNf9{FCIIdC1&GfuN!Mqg)y%@ z&O@aETpj+lokR>#*vCU**y3W2^tP-g$vw3Utyy4Q-Mljj0C}~TOt=1{ab$VFe?||(hRLs|z#8YDsnr##TG)7@2BMIerS)bRB_%&@R*hb>3!6iQRxg+d$&VB49(AmgAa6M}c z&8*ouyhJq#yS(l6JI2*hvNJS=7`~c<7=+gh-bGPZLv;y}W%H~x*{`1YdSD6KuPD3k zO~dzw8~|jz^G$|1JZ@Rr$V~(<2ce;a#5YGRTZLSzGm@>=I%o%lkOQ$ zuKq!ilTG)5@xfmBWpoR6_U(E6CXsg5m)E)x&~P*@UxeCC5GMMI9&cv2Bw%Ez$X|vp zdSjy09Bp# z07ik@{Jbf*wQ&wI2LEhyGb z5xhN1OzioF=-1@dn?E|nUh$w09Mq3^%))0WzTrUj;uaZkSOUzT@}#NeU{%pDIA8me z-ycknZ-4fc(}=8{89+(&e!JdO-_Q{jtUnJHEx+da7GPNDA<2~H-g$UAw*Y8f+ijQN zF7k_K_Wjv{8$$NO+t}0*udH6wi(dtgRsJ{v^*f*8$}OEQaj9PRX|Y+|N+erIr^xc7 zX<9R^y3`NQ)a3X0MrN0_X8FS>n1L*A8mhkrFj}y^C_LU>HaaofS>e4@*2d21t`Eb% zL)zE9?{8vyt(2m%!5*%krBBxS;9#YLejXn(bnD4DV_pS#xc2^}*v})kj2~iq_ot(; zqq*d5XPuS3I0-O2KY?{a28eP?af#Bwi{+5mwwklxWKBx~XH^0l)+ccWSIWNoAKcPhfBaH?bG^goWlwqQU^4a~FkS&tB60dtSEPQW5 z(|q&wH6B7utx~RO;d1-hdTfqF15nqREbOnw%*h*+NV?tbioqQNl(7vOP+rM69}^qK z7j4D|PlEr0%f0!5s&Px4ta*ZQk^d`SW3-~ji6W@=0U+yv`LSk$%@Cx7W&8Qdk>`WL zwx=a%z47{Ovwk;TjNmL(g{7X7=xb!s7EJdse8RJNF(Ab^!#*WG^3@K|CI=tg8WDmB zRJhMksO1Qi;~Y|ld}uMtry#fdXg^F}^*#&Yh2bD@+?Yyhs*XtrPDab>{|DGVJ&B6Z zE&9XyIZg;2&-NVo?|V>wSNwVxf+@<=w1nd)t3tBa6G@2D*s6LK-D2XW3%N1!vE>it z%YTOnpEA}b?Y<}dHq=+C$t+(#!(S>J0yP`J)OI95-PO}IP2u(?JcSgsb#R`joMbCF z$7RPW@a*GbUn-L9aJVXGMK;dZpLrI0c`kA7-Hza3Ou8PI*+gF3y{0ByFgZg-2c-#bgVy*rX;K1s4tDCoE@^6i2M0+ z-{l5Fi4l|j6}};-O@JPfJZMkOf@fPp zCHvn0rgL)0nNk`~Ey}eAlJ@KC3G{=P{rEn{^};V!7Po;p|Im~qo;{$y3|n++v~Iu8 zmp$2|OY&vcXer0FCojagdXU-!y?f8TFwKrm-+Dp36Mc{zbx-xW&+9K<^SJC^k1D9l zgT4=@S9nlM>K8}a9(~mB%VmUjXW~KrBt+%kNBRiN-|BA{ z@E{(=X+Dzeky^;+x>}3_rdVZ{>3Lj2^a(JGsWRYiSOpP}LABhH&-nvw>m}z;)QQa` z{j~m8E&w=v)V&y;UMpb5`}w#8Wfv>I+O8RagCwUy{o^x^MDIP3(N@C8V``dfoPfxJ z;e<=@gXb-pwXB~VtAgs_7+*h8h(~`f!Dqg6i*XJhNrwsxdJ8-XlFt%FOWF$a{By!BD5mPgu3>Z;XgXahdQdsibKUL`0ZfUVX@! z;T;zyaW9?_q#$S37t;&KW3{Q0WL|DLa(2ahnH}N(^+EO=M>#>0`+NxpgfHgc!Y{eg zb97NSP&M4rnBX7v`LrRM%(9<09WtTy!gkohn0CCa%2784G z7OgR-_}_^v&mX}7yq|&T8>b5Kg(Qp{7ai9ZMcg{Id%<@R7xhR(8F~a|qE&q^F;9~b zF7y@nn$TX#EM<^Mx;{$%9Ii;XE3|j6)}hB31@n;Hqnt~Xs?RR*pL7F&T=4!F!;`-C zA86}e@gq(^-NfGwR65Zty?jp!LtJeuP{b*Mi-s`yw>a2M$vt(7jc^%1;$16dRQqg4Zwi@k0UaDLYW1^e_TMYQa1pyb|3&ipJ`=Lo z8^`?e=7Q6CdkxY3)jwdO@$|f#0rE6?-qJw;g4Ms2eK{6qN(Fx2cbw;8uVE53P&+?l zW$dc$0IrbcN3I`#1Yxsg(JzccxqyJ$l9^nl1xa^S`9z-L;&r7Uy2Bc!WwsBPx04i_ z`x}3ZUhkbfGZu2TM0lel{YZ4&nL=fMKxvjKS@XTzTQK!;27j!OHQML);5$!L z?7wQLD$t6fE-ZrbI{oE|YkZ_sRdPG#PIqrwiKMN^N z#UJ13`T4AykJI`Z#ssB21Nm{dUNQq~&8lHWQ1%^+LNGEQ6zyk0hYWDZzV^+-54uTJ znRx>;>q2AGL2MrxphLE3IZEHM@Q{mVKy&9Gilbpr_3Cdv}QHeTJcpS<1<@_6KK6{cWL*B)cY`t|D~+xtqE z8r$a*EMrCJ$<}F{LC-Y7S;$m?c9A$2MCX)Ty%OLIBQr@KHCz>UmRKK z5u5{{i*K!dz_(9X>M73yfzZSm~+SZ%aHo7-p}rfA@V>dEB%H zzKFlsQ^GV5Z8p4sECaIF;ScqYSo(Ya0IsDx*zRN4cgJ_-9oeK9qY?u0b{E8s$%a~3l)KzlN09e zd0d^x1NWBrR3_Of=x{bWLCV}vx(8OA6!8s@kz3h1FnGnc?Z{2rx|c4}II~GiqNGUI z&P=CI^`PB?N~)j7Utzi3!vMB3X$cBGoVPUHYG5>)2_d2KD7;1s`?kRMlPYW%ZqRq3 zg8tMBf(fik`-Al}Tt4it7haGca?b;LpR6kyc57uQ;<|sU2-Hx3U<5CHl z;a2WD48U;ThthA&YIyuCgS!+L)j4|9AwUv8tzW44O}HnzaH)FX zTdJ0z*+_sa?Z!gl7bE#O8<&>+*7Wy}fY7fAieK!ph>O=UhGo z|B_}R<@~Q_Jhh! z!FhX#Dm}I9G13TDz1fC#K(WV$Gq`hjrHTpue)fczjb;*VA7=g@T7knSAY=ArJW`nO zOYuq4Jo+>9_c`1CQu0ZqxTm@-C|5<=jn@Lq(4tDlHI?f7LR^tSX)`ARo(X{yvTYZ( zQy4jYGOB4qQbv`yzw!ge%g<1L{A;_I)}*`?Wo>}PVQ z0i(*W%P%8(6UAw?mc+Yy&Ei z3y<k{nGq-;(_!FYI?`|~;4siTUboaRI^9&`O zexfCydprdg?(r1@kpjVx5_zKG!`uUsto(dQnp!^W$}$=>4gne1V6EEA_GXZ7Zp|e) zZD|F>(T8>47v_j9pTg|-s-M1ndahB-Y;i)zbqrs z9N@H%S$;(JFAp6MS$)ydE`k>K#{JV{i@d=Uvi1);cj$fON;P-Dizv{ZebDrTg#x?l zR67{)he9bv%EJ?T)(QJ|$Z43deX>ewTt*$uIrGx+cNV zW)-1+&7xU21v?`3d)%O>{_R_as6Xu=RsBU35MPDza?0fB^*!JCeYecWWZ9ly{wMKl z)`H1(MZdYnNd1LM7sv06v0$qMak9&P+@#lH1KfmDK^*}6zya{BmeS}&KE@8JDWo&H z#~(6x7j)_#~Yl%JD(cJ`SDlo)PpYzSr^m?U!p!`8SlE6 zEcYXQa6i!}XH&>u`=Ev|kqT_qq*PH!{1xxR`_`1(&S2Z)(M`z6QFH}+n zJ`pJr!0(qw+d7@}q>_jExywg1>*|HPn9@XaIq|i&q(^Hoc@NwpQu2E1gC8ANee;+X zhPqZt!N2L^{k`pqEexmTa?%gMp^Oib>pDjbzw~~Lc7KKM|C53V?lwH4tAd$}8QI}s zarMsWCztwgSdEmE*sg1jwyZ=Jll18z3z!jjuPD~vZqwyQ?kfeo&q9l+amoJ8wsGM% z$(Tz?96vdfD2=jJTF*3Co6>n3qk>PLW-W4XD{_uAj83KGyM7KNcB~e67b46%;>z5W zBVWUM0r{89$69|9^tK*dogS6T8>jq6^t9scnk*`uPj`&1K6V$PtOtmZQQGw zy9Z~b9*^JaaiJgYsqbobj`yvK*S%}al+P_Z;Lk{oPo=fY4xA^9G$!-(dY$9=cQUtF z`Rmlm_gmWdk#U)Gh`n&*D%YlJfn>iFk29TEuOiq^@lBR{9*x@`fqk0TI%kl^sD4^t z@`x8X-iyQGRdOuvPe-$Wv8?*rLwR%Ij6u-8XvIG;AU7>B=ky_aDc?HZm5wR|0?O-$ zpLIn?*+NO?vY`pPZQc;XW<@U**xleTRxE9zSJjx=GHy=y4TGMM^t?QSh(-IUbf~`A z&Z#lxuGgeHvDff8p=}3VsT@m#89G>u6&EjrED(LTyMUN6Q zFe!(Nq3m{qrvg)msDw8Nu36?Iox_fwGN&y_bpNrVDAMSOWMCK(g=HDT*UntPG>b3$ zMoC!oJHs>2!4b>4#r4-v@v~NsIeNQ6~$ec45G`pFH8N@+pg?I>!p6@SrV% zoJsnWo}jy52_){yE_Tmi0Xz2Y&oiH!xp` zFnx^bI^^KD0L;&mg2+=fJUICMBx7;8m-|IIQ=IMYTU!pZt>V-8fJBx(HS^<1U|NUk zYbQK;x^pPr*_RJ=Oq2#?6i1$LPwo5TvMRY>!y=zm?vl)x3{h0Rqr34-l{-at2~~_7 zj(d0l-#pyS^0E5Vgp96nZjW>}?vZ^Zhi6Ty`ck?sNLx#R8j`_va3l8QM7zK7e2stf zeoVjrg*+uW_D$mQ70D8*joH#l zzvIhoG|&LX%_do9bd{gKFB2y$I{todISw%~l~r~?8Ry=PBVS&1cM2If@i-S zqz51Hz#uE(dqzW`Cr#EqKd@8LaX*0oLhn%IwHDk~A%j#d?G_K?Gr2T1ALWI`-SoS; zXG*eZAEn^G6g(#JEaa!pWbCVI=u48ZuiAsh35&DB5&)ss&+<`ID`$95%7Q(BV@YAE z#M4hFlgnUAiEmAEKa=B*1W_pGlg#^Wr3%h(zVzylIu(6tG+`Uw7D-M3U$!p4Z2M4w zsh+y*QZ{f%xLm#}@6!(m4snpM3Yzm@3GqQqR=(f5#$29k^Dj|)z>r2NKp?qv%88id zi2c&qG*2>TofMxni4-l)AP{5q2vWCYlJuIkPZBo4z!8hZjE@b1Igu`2>jO64y#U?2 z=-9onVEXld>pXCyieplgMizy)QXUTXr0Nycie7$-UX9JeN66`O@hpchl6gr|M>MAg zciRk;U_vFj??cNG3{o{Cn4}uc-Iep3FC@T~3UA;XfA6)Dc8s`q^5Yjs{(GCzPDYKQaVi9!*cu>HXXx zetbxuQU*AU&+xPRTHNvXt^4XNT~*jcW!dtP?MuWHgt5xnO$*Mg0b~M42%RuHyK?L_^`IY~ z38_CrGvR2-wIK(7;^TcAXVqrSt4@mvVFxi!CP^SV%9q?*k$|j%Am9fm6R5 z9L;u3t}>5KV>eGCIk;#pAG#5It7TRnT!QM3MTPIKt}3FuEgOCF>pSy92PuTA!Dxyc z&j&ZG(4XVj4TxhnipS~!tQ@SL{2nAHw|{TyWD6!;80X9Y^a}Hp7!s;@&E9KAJ>B#3 z#o4C(ySJFm0$sqgOc#6LFX}T+u7hHm-e(B>W<#eozC>RqgQ#wg7?>M#!_ZgyeOh{5 zCZ(_aWowOh6vk&j7^_BoYSzIxRkOCOcl+Iaap zN8(5YGq*Spf&5GNzz1BkOY@Fjk~>>i`;fv=6f2GHd!A`PY5$g73|254W_{ZC1%@ph zp3yZmm-5R|RTFvj+($gNn<pN2h7Tg~Akg?4Q#XbsJg-M%dH8m}^5k|bU(kq8cAdz{f?ul(Q9Kup`LTiR zFb)R541A&RjnuDl_Ookk4%Pg@zGTeTzn-mZ=|>|sSxOydN*atvl!qKZXzw->DRn{z z8wGdc2ceqI==WSPz50C-N5!r`vdp$h*XxA%Y1Y4F=U$Kk#5==w*sE7qFQE$J@8-#|_Gz5H)<|*_`h1c5YwGG@wI5Xdw7VYSvbShN-3e*4hBM)-dGD`3X?mOq za$_+ID7}6YeQvE#sDl)eu&}@C6E=LEFH1q|yU&%Aes_AFQ^(CU(1h4@uqIl5&>#Q{djY6 zuif#)4iSs%B6;`p`f%Pi)&{EGJcfQaU2w{%c7)0@=G)@^*Umq`2Bul5##Z(7@h(SkUjdW4uO2a%PofsDFDm62MZhX<$Ct{;8@1r z1MdeGK!7$W8eh0!t@jtlG9{?jTbgTYu5Agt&74=D!Mv@$DOWt6EOeCkhwu85`tdue zurF}fcc1(1THhrKMgAc7Dts((Gi#B!jBjv$FT10valy9;!IxMVuq@eU@gf<#ZX|q9 zRm`nxqHN7R;lGfsF6OIYvMsAKpL zRr9m-xMG?}N@llfg~Q!!P%VF2(7SEzF|K z-H*lkRNJ|$;aRijA*MoO8op=2bv>oUirvpBBq4SY*KahuZ-eI>rTRD&!iR#G)#XSw#9#LV61La^?bytUwU`zZ{Kx5N+A>5d`^Xj@Z)}py2Q_wEu<{n$NE3gU_CWKc2TkOzniC3!`U*kt5$~4* zz~31T!AO}rq%B@_GOlc%yI6=>Wq!&od{ewJ@;Ii9#3~AsxEx)1L^*icp=TBvdnz&@(}Mv8mMV zz3C%99d_e!9!Z|?6zjvBe4pY@4#B$W^Zc!7%cPQ)2F6;TrR$Hr?rA!c{|gOD$+)Nx z6(7&>6)3u|uqBjy)GiGTmXoT($d&MYjXDE4k3TwJx4tq^pg(ncGra;9ATdkCt9gC| zw6Sq#R953dF{aZPQ@vi@v9tIX#Y+PxO~cLbJ3I9Lw$TmI+;tDPrWj+2DELQOoS2ab z)fKv4t$q9QSC$b>D-_B=#uSTwAvM+^LsJKKuA<<2&PU(RX!2T7JQDj_VZR$u#iL61 z7N5pc{UhnRwiMO2=r2hUc$6p-B%{2Ef|4Xi{`#I&-%rfUSYZa%X{PBV15(!B zroPwjjohunWATprwANvQT&bmaIiB{lYS(i_>$9J^D!%l%n&?!#zEgKN(ZGq%!_U1vFImy>*A}_Cl1b9!MZlwIsnw9HYKBVvY-NQh; zf~{t7Kw%Y$`1f%q%OfQ8yB2s1DEP3S@Mjn6hv9LTg-l4qLYSuhJM0RS%6{ipyF1!Cg+5(v{$^gyl~0(R ziM@v0Z+0tN_ry5t4_}#{UdfsJ+|FTj=Mx2~)?Y+t|Du@Gg%IQQS9|*aHqTWMVXKkO zPp3G^&u3$udBK0A%K4{!kJ?u)7n?NV5YZ<2XAxF{^0vII3C0H<{H@ka<$nO#G$`mH=>+;K-@34EPr-{1ZAoS^>$Lp&#uezm?$d&O0Qdiv=U zwDupZ*O#Q`8B((VYjjgc_%Yoi>hRH4{fKgI?iK}h98e|B9|c&X5THWxd=M)XYOIs) z!y)o_yoC?4h81GBDArYM!7Q=ReBy8N)41*%Jbu7;?j-qPl;4jm!U16El|N*LPTAWJ zwemO&55eqLTnOmAP<5Zjy9cHFJ89_a}mmhVsf=2k3yM(mjEkJfk(9Y=c-!SSyVcEPhu~-Wg_yjxe zAigG#6Z@mfiO2w}U(6S@@p4d}>eHf`-Ug>j-O_MO)Q9kI--%T=hetKE>6A_6V`z5k`1d zsv_A&4lx)~Ofh`V8&T}@{Mi>?Z{KO?(Vbg| zA=u&^+LKWDH_QF_v^+Eiucc<*|BUC)%nBD6VA3xds@II#FinPb7H1^dQDzB`3lWFL z`+iY!IPPCZ68+c}%8>XI9tiI9%X1uW#2KNG*ZWUul9fl<`AEOQp^gNg!K8aHPgjDn zzjTO#F(Yl)6f)@9@f6Mie?;%$cOptXa0UkoOX>G~zqhc&c$)`uA5QCuDoZ93L~4^V z46!kHTySr<1MGgj)twEekHVKP;lbpmtSf+)lmbK{$`+|V=wnjA3$?I4wK9NXN4sxs z;>8Bktd{sym?tfywDCCZ194BeKBqDDk8R#iAItcZ@e4|%@c4^NCa{hJ1b!Zlu?zqh zK?APU6kkyu5M`ZEGeV8EKEH}Xwmgoj=Z@d&K#1)q-w0(DXzIF%-h`|YpRrI(qIaT) zWkfMlwt5^SNUwQjdx-`4q`rr$wzBV*C@FWjB)w~`{&^;HIDAfQGn9994*?3c37 zipgYuXXSY7>MlNMPHcnpT{#`h4$#0SBd_3fpcJNU!E0ZSZ8f$=IBxZOPw8=}l1@O( z{K8f{(*{gh`^-S>gU?kh3?+M1jQ2y`t7QU_@56n9ogV&>HXB|4o{*jwKDFFu-~Wu8 z!~X)hxefLp9p~FAS4F6&S(L7QCBYuc2-v2h%sbXibr@gB$wC}|)C-`|qpD2x6h8J3 zI2lVNRBUMF>7}vPr!JlWKy%b3Z`nJ6K5g$%+a89$3x-&J7W;l(w;k4?9B!)B5K3aj ztgLS;DT?KJTTDJ1xYlWp??rwP{rm##0=Tj;xGKqHTKtxalyiIUI5Sqqu8RLia?U(u(k||LvqD_iM zc=TFx4v@YHU6LiBkD60aM`U(H#`A#R5W%Ey=geXH>61t^zO8M$OUgbS|*r&30KQE6@uv)g*(ngNH6r8aV~t4nVW~pU5wOla+zaSH!e(2 zYGuBZx8HRifvwd6K(Sry_`~(a=XKyVz{dWhcw>SjVt1KbrCJjd>-wW1@1dAGFq!zf zUkD2h6d^j}!D>>p|LMZ9mLb@IAg#dOzaUlwvO>)(3_~M15)lF&_}h-IkmU>yNl5yf8^fC}l36AFyg&ck z-jqG+f$+3W=g)Y??}xl}g!H!=s2dXx`c(xy%xq6UQsC;tG0Z@bAB&?x2vh%{r`4FU zC9zF#(fisK_<4390RPp;PZA;Qqt2?*o8HctQEWA%W?vUS*7v(m!M=p_a<~NUuX#n= zn}fvJ1%T3|lM`{-Q@(H3kXd<%*EsIj6s_z3Nuv$nDHe)?vs=4ZW9x2CW zEgx5@+gGTQG`^u7PQ`-zv*OqIWXNyR7ek8v9c^1g#H6iBszEO`cz)&vD476^o)F!YBGuafncr z)t}OpBOWUQFAK;~V~{EmLK`9Y=9jx?Qn#`KYA#CfI1G|rsHQEA``RlB`<}4>8$4-~ zs9_;=`3QL|MfJV1llS&{j?CF*k;oj|3{D^HF8WA&Su&*Vqa^d92!%WOB#ogv*CTdmPE9KL7X@_$N^_o2g3RtSB`F&Bju-Vx;hnvlQ`7fL6KpETE>(P>V6k_yB+-&2GOwoHsa=dTU|w=zx`%!RMUPR56;bx zbI*Op{TT0RWjW)hcM-BKhNf%et6%!(>_Nx4y+APOcZ%*ap8qJJ_bEG-O;M^9nvR$C{SSuhik%KK2J~wjx{hvVz-y1eC+%1 zfF}g`eTH;?6{bp2LV{`;&C%Gu?w>c>50=4K7v?MQy_BAR@>v{sZ=^c|30cX0ep9am zH!*9re=7ufio2qIXVZe!%4Vp12L|eh9-D|=wXXr*c*lRIz&CHe_!Hwo4)sHWI*YIf zN3eI?uY4LuDGT8W8*67U{r|GR3~$PD;g$XZD{k#Tp|o9%+n$KM=b(QrST+^t(-YG- z7b3bGrQ7*b2A%UFZk24MwgNDJwV||S+ue(Ou$0B!U1jyW+rhIF4|%EZq^xxWaG`21 z#>91TKy)~$lrtt3e<1)Y&-im4#zcOj^jO<=`rVP60u*iW1c464m7$6BRi+mVMB(;2 zT14^;_s#glvyv^Q@V4Tu@1DwVBSIIYr~e9__zi_wA-z-7Fh5*yQ#v?vcc81B!B53P zx1%$lcdZbA?Q-JaLq1ng3XlY$ET$Ht#bJqn9iPb{pNQ`Rxw4FrFXxW0j4cE z@|XL><+~kaHI2Wy#Yt?_m%8pBc_g#y(~e-_5d_u8Z)%TaJ-#??TDxD825IHsV}9o< z7Ja4v5S27F1;6B$bTz`j$m)a>ItdYT@{n6o&BCl{v=JX7IJX#Y*(3kIA8aST^VcPt zjP2=KY4zv(4%JV*uvAQv1`&v*i$$}&a>!wxSLn`pvW1{1{9IeVHSag%ew&Z(!LI5s zmTULKdtY5yE#gCu@_l4qWuu)mbmXoaUiismovS2z4~>Smb;m0OH(v@+s-KRATcd8ERayj}QOaeBgM1=SHL@7(x;@jYakAge?E-WEwL{))}q zE%`#}#DGwqMnk95?~2*cC56{XH>E{lA8*iebz4qGjni9sroA;{yOG&PlVL?V$~uFT z$Mx&iiASUwa8syem->W)=2b?$4t55x9)W-i4)kAtt{)GsgSK`wkuYS?VN91iHfWdZ z)M&1s5{E%Y1ZS>{<7!)cv4fJIo7O&WE{px9^wJ z(*A&?J0(e@~K_nVEtJoTz&xpjSQs- z=w=)XVP%E7>=dq#T$tm+=k_i}Yec*n@*2fuwWZV4MLrYl!}b8(L;w9ghu@>;(%3XX z@&P;cOHt3MxJAse;^_1A-RF`w0(n~;lY5&#ZU;GfjaFlRZ;#`FDv9Gqnpfa*q`i)K zzlS8F*4G|tjs_!MPm2XrHTxpZ`FE&y%hQR}1&^^$%(A6!L z6Q|kfzyi5XISn!x<~0Bfb3!fpc4zFAIwEyc?qucNVF(xM_#=keQbqkP(7*vxp?LyJ zXWWnAeRau54=rG8sM&^K#kTzkf;(#V$My;Z0u-+A1rjWF#X@GVszu(uS=Ma8oaSAK zWgV^QpSoex09f14N^n}~9eno<898wQ*dh2v z(rXgFY+ucg6tPAdc`YmhfT;cXbR^sZ)(KcRd2#yonH@o@_tE`_l!T`}?@t`auIJ6d z5to=}L#_~9OG7arh3af)-2nqK=9sM^;7yFj-|_bbqqp1RJ{3 z#O7Z z_O3qE`}A@pa~i6Bl^e?ltr~t`J38$KOrCm4Z+CEIXIkVYaUZgWYklLt z6iz^H!fD{gv_x`w$z^`aA|z_Lt7>!c(RUdQ#e_C>G$a=6Nl&@VIp3=vyh;||hFia@ z3Pk2-za~8XfBI?cGysq3v3iFvOnCaQtM1ewQ^I&TAsY2!1F~BWP+3_s){=Y}{R9`$ z{;}LMqOSyOHGQ()_^>2t5Aq3)YhI-z;!$R|xP{cL_8 z_LG=C7YPxLK)lfGbzD&vl*%-`)7%ko0trx1R~Xp!1o+pH^R=`7w6@0A0q>zWDFmrD zE~0#P)n7}G=|mBW1b<`;!@oP_YzaiIiI=XC3a<5^1NrAF6c9M>Woy2s`Da(Ts= z4Dy#BY z71)t^W!L)`924kupPv_(#5jr$T%8wB??j&8-ay?@!`oiaQ9)bYet&yi(E&ZC`+c>C zx~Vs!oXKo2`7hSbNV$kNMe)ZeWemz=^ao(Z`^h-Zu%_etmP^$QH~1esMh17Gd&qyqmi;THdh^{2DLQKgQE zQ57Z(t1t?xHw2^uEn$V^dQVn37&Xk0yJP4dAYn_MZVyjSt*vQp9uw8?_+D_YGCqBZ zjGVmpx-oKeGN)=bnPT_ZdIZcI>d!t!9sNZu>T+Y?*@@dL zE>ODnGi>+3V@L&VC(>`Bz{ccb6Z=JzICK58I0z7? zstr2`aAGUy$|a3C23~h7VG?eMPGfhzt$Ddi*#nqTb@SC!5jCfd~JRgeK_s9p@(YI zZZ`d{1(rN2j> zZ7sO58_*|;?)8xJ#mPu#G@u!T`0Z<-1VfoA3LH7a54cSjF~S~2po=icoJP^28o`UJ zB^|ZmZ_$f+z8&aqG6(a6;(ypPhd7UfuRG1l={a)usNia$_<0|^2{d){Uz+YA8gL+9hPiLgH{`Ui(@gNil$UV>dxD=ODS)Pa4(9i8`P7 zEFDTFfmG6YKViz3M8-8ueT)h^YDt&Y(<0*=&`2yT0(e{3R7Tw zmCSyZ(L#DvyuRt5II;aWfO&a!)BA0?$@i4~%Rq=wJ6;Rlti4C@HR|ZO;!FiD`PS;w z9iaZ`b6)*O;}^;yBCJ52mrSR3X_V^=LkY)YGj@`>OA?|YMPLAD70B2*EK z&-nH@c1(;-d5&3g#AAtO{{(8zi@6-ue7T+b&uC`hrdA{@G0DyW=F(h_PJ3mzt03N= zpkaI%J7M@4rGQB!4wu{s)XttttAm-UaxiK|t5=x+^eaMB05j6y&T4~DJ|&{g<@c13 za2+aI$U@5Oe%nPC5~Y`!S$Z@`HuOIp-{D6a!<+}w^07^dba_K8jB__U)RVxK#&#{4kI0%!??)37ecI@p2dL+b2gq?g4UXsnD=d zrucndNXZ4|v;Oz+n};fduj3^u>xNn(vv{2E(=GNS&wF+5y2E+Sd@ngA0_wf7`WW9KlBFzH0nGVwzx)Q^_(oa!&cP+TbRjDgE z-2J{spl6;?IDB<{K(}h|B8PV@1R$oBe|hI)6ZUtxkF(Ul2p5Li0S4BR7(rVZU7$eP z-{r4Arl3xq@_E0CDKDEdZsD!I780Kuzb760Nn8K?e&5WGM-hsEOjLa)w%v~iKz@5s zozL=yxxj;gu}lk@YOmebCo6bK9Os|Pyxo4{tmGHfI!|3U?)weIfKMiOJmG>WTx=EZ zUY1bFC0E~At-{bruRWdd91}N|U-TEh(~qY9`FtNE9`!#atUmxcks?TR$bxKq$CuK` z%8};A4_`~z*Hse6cIG@h$>Y|Q)wPHN_7Ika*FJuIVVl4^?=^cKo>zAm0TDC!&|r9G zQ?lvDh~rNMgadjqAHNh|s+XQxB;xdbLD%4{RKro8arI$oy`}R63DI)j9v*eye(tM8 z$?2Dk08*Bq=2(7JQugLr_>aM@~8d3y?%jFB_zMzq`zP+>;8tbeXb zHXvkrH-=Z*=Fj2<@sUvWZoFTO=F}4q3NA0@2Yl!o$~=oXr=11gRS`IaHGoPuL?4-3 zHJF0Bepcw`f4%bevKuaUVTl^njNQwQ+!hjg6&CL_RlRft@7Heeb?PgA$0Y!^<2jtq zKA7$;TpH6L%az3e3kj#5YaU zqZarRHeY}K)!GZl+m2YeYf2{|gLL=08vr7MQUtxqCuP%(^yWxt>bJX7pwbG+ck&@9Y!(4P=@4jnbq~q5K#q>Nc=UMO$_nnl9FG%FOfhP0AL6 z>_^%vC7vTq)Wy*zniBDq60$kHmsDxK=13W&M1)T{-o& zi8i4g)I#V_A;GmqQC(gzRxsgWm!l4p&uAA3a`rUHENMio;SAA(nUn(Y`Z-+C|5;(8>(mn)5k**+(xtV$3(B`jE zWK=VtZJn-DNI!YJ@}>)idq+p^S?3NU9=JnqRN5ZKIbAL^c9AxHb@^WX8I|Oa?e}eu zv*G6K-Dsjy!8;3TYQ8UrZ=G?8dzP*V+d=+zEObcrJw^^5Pr1eN3)JK;)#QRAzNgwCHATpsB-=h9ctM4$hIU+BGSj7geWZK&o zg?5JN9W=_`mvHuryxvLt0}+II!cXT&O(59e5}fdV-{S z1(czM<)}E1$Ex4%-|KgdT7H^G7MIqpS5`Xbj<)FWhuTlAmZ+8W-rmndI`9n#;jx@O zzEREd!CcVOk~JUR<`YLN>nnWw7eF-0ubjWfD6sRCJ18E6MSsum{ziejIIPzWF>Q@&U+ppxa;2OMiW)V&yXDqknu~EgaGn+xrc{bf9Fro zEeq9GWtpBI$>%t{(-OkmsZ$w9#`A9DYg~U>LjvgA_dNh>%NG8=w=~Wll=Cvt_Q(uhm*$Lr^W~~;g#mXRu z5-_OZa&?^p)Ky0H_7(x%#=!sb!LVQC!p}7vPmpp`gHJs*uKbfdI5hGn z)L4%p8kbly1e9pO#cLT|Zs{!XBv7k*EP@^nIX4G~%Yk|C0Z4q9vY+FX?R7oAC^7UkU_x-e4$#e7r`hw*YQ)AiE5`FiIOlBuj3^@P=5{^#nBqip>&IC z_u>h^UhX9AG4FjJwt2Zr{4Af>w?ruK#G0E}?rH{n*^W0Muk{pzG9vZ>A_0bG{XLEF zx9WZ_=+}@ND~prtp)w&RK(17tzOa=Dbg6sLp{ezI1VAARkGSa03n9N97VG51Sw4P< zBke&8I(A~$wENHAh!#)L{Wp~M>wbm^6|kNs>?UuhhT3NQ@D5)nfowYZA&AQaKQdzx zgg0g%k8Zc`FY$S}k@YdAA+zKX7MyLraAWC|gNX3tt?HxGc!VaxAnnCo{$#q#+1eKt zG>~3%W;{bjc=W{z)wuMqi5~Ir`sEC0;AiQK?b<;Y`fPLY^jdE$_ieYUjSh8gW`O8= zOYOT;lM(WBAA}J7NIz<=xp(35 zn)H1!O|53yQ}Dx!mkx|!=`=&t?fJnB>X?ieHby%w5uDMhMb*Srw|21$vLrF%oHi`|P zVvUb+k_jNTBsx{Ppmmq`ImzgwI=Y%ZW~L;b4SPA&hiy6$bPqomYlgjeui!C?U=Y;T!yeB;K6~Nr-+kHtSPXa=b$hcu#mYFAY~YIqmnsl0nx@8yD?-y` zDbi9N9|wr_>?;=SKo=M9ZQwuv+tSk&X4j@YB{GUXc=+^mlHbp+o`(vZycQkzadvXw zE2UR1KMyjw*xwDl(4*OoHKlP6%ky_hB^1pCP}(Qm^rHEdvR@a@G~NWe3B>2=sk%!k z%#NoMkC%qNa%1P4wJ%6n727?>m&M@;S?dfwNUERXxYxP`g)1+=uRiwF&-JG~IfL3e zcJI%^;vXcS3T3X4>e+Ie3!CiyY|rmcSwL43$JJi0a*3ao(VGYQHs**~V!K9*Q_@A_ z*%OHrZ%Oam7{jFtbqF^rBF?7A8oSDnP=JcfsIXLtPR8&!UY*SW#6(Nc9Tvv3Mn76D z&pLuX=&;~aPGL(tU#pFVT{nlU?p&!2@;+Ce^enwEWGbbJWnb^XDQ<*yxCItrK(At7 zPxg$z3!*&T;Z+J*Mus~g;+uzh9O6^>~SZ%Q{V#dqDuB9HkHlj$8w9)ZjzXCiIYf3_lsP zI(j&lTv%ZClGj8Biq{^o%y7@U54;PpF5(cJBE!DBeicGmWJBHZ1$(nu=7}VJh+J8pM{1Aj8z1EiDT`Yw z7p~s3NQd_xgeYMIQz-T2HEF%hCil1)a+`ZR$Zua5KD?HF6`ewp$)Upc%^b_U^0)W4 zU)-Kg)f4c7(6>GHhv9)?gh#EQ8;}e)QHkG5qR4vGGXp6QQ0>!nA*99h?js zhV8e{iNjei(=`zHj9Pz|EfDdkxoVpDiY$p@!*`~2EcJcF&|4gzl-+B_IfP^jEW1Uy zt`D*V8QcE<-}r@s9Q?OF z!VLadIbC8(bx+KC7+L&&1rOuX|Bv{_OKr~)w9?WsH+E8}3$#g`U-FI}@#ACxm( zEqoV4bm=)*!3^LPK(gh<#Ba8JoUC)uI39+F5m|H4w)u^C$M0W))p}1zo_wLu5%(2E zf(buwF*KG@K7v#A+ve|lG<(O*!-|3IqFFwx)@!GqFwH#Q#<^K#`tB zNP5BIEri53T^!c3a-JF*LAx>feE@PI+VkY=zL$YQ{Frm9$TVtnpZw8H!k>PAgh71f zc9#TY63z2zKh{=_N2LW3r(jce`&MX|y(hpX^O0DaEIwD4u6qv3(MBJ-X{yWl2cUWv z_ppgiHQI=3S>vyOgad@}g;1K{T>}|Pb^8RYqK}ZVp&_@N`l{v=yP1ED0PCxhj2AGMO^lPKZdy6j;Z}_kA zaSbci3h_dT;TkpL*`SSl)EAh3?6b&P9eYXFJ>su4gqybdo)_7*oOurc)9N9{XqdfD z$k+p5t^VvFn(AfM3gFQ%7;JbYrm@1DUg|?@fA)6ku=YTYq2>{+_x|t2247tdg@{pz zpjq-^nbV(X)MyL$PFA$cnNU^!Mjrw*|A>}J2&Z30crtru$G3jANe*cYJu56EdR#L& z(SIIPf%VnJnI|yHRr7ZOvN#Zb)pZ|2^DClbpc3B4oL7)Hn|ImmZNE_0*?Nd8tF8UX zbHBmwyoJ;n9+}_$ZrxvF_5nB~P0u_Gl7}EQg?PVyw-C@p4XQLQw3k-FkPkP|j>@Am zo>yg$dvUxXlb$;7z7OyqND*c^UcP@+>0 zlbrYGxodO^cOdYux(`R^Mdg(oZaqeRG_Bw1G4*i@@$Kc|cD8+)&_Ft!j6BXM9^|kx z2f|oZjNkhG6?evxc0MV@L45I%Q8$s);Egim<#8~O5Qb9Rkv!z2j|n4gMxIXZjp$eO zPccIkO*T9t=Od=7_%sayxV2*ZKFAFmjw=guuFne8tt~qQlu@2AOI#!XHMpy|#Z2)b z)D{BXL<5P~J$TN-q!x+wOmJPMJet9<-x_}*Ry-vObA7D$6qTOluIc%Gg`^Xuv4eEH zzan*VJ%KyzJOeE%MIU}4!AmM&5wXM+@=oS_o~&RRlU~@REI|s)7lIvo*xrnk0LG~=s1^2xkU4+i(u4Dp4u6YwaM@znX&Slj-?at>MSh{jmZEZjRmlbu=DgU)_;U3b3>k?MkCW zIgu5#VaM<#ToY<$yf!5tG12<45O~UzsV_2Sd3VepgDq6@TREzrX5K#zFyICGB}B-z z=EWUMUP=mv`v=NKpZr z$B2E%5kR)5&aQKiq)=>w+mcCHZBfN3Rl^+C+Luz7P5}Z zLEH7%6{&4Pz&-F=ni*FcPd|I%BW~D=<<<>p|7^=Uy}J-Oec?j9PJzP|sNvY@cKJo& zrXG5`yXNJM5s5#{Pzt>z=REEgXT45l|KC1+#x;+6xNUN{AFfd>Wa>A_lmLfzTdTd;YwPIyjmn;Q>C))xAQ!?(Y`(I zUx@W>TfO(@`ue6~_b!7^n+0d1IRh|w=SDJ%Mi@zNj;UXG*j+fC_!4C^J+t4(>gm(z z@Kh_b1aYLf*!TU>@Wf;`IPJNW7W|jnIDU3#h_3U9ID+V#YF`_sbgQO@ton(s1|55# zMq(jBaqWhcY$v8EV9VVf5aBGpCxEcd$Z>_VZVkiBs@vssaJE|@p4HT1W;VU5Zx1U7 zLP0qH+#D*)s0^ar+c**S?zW?ZqJVEJ9DoM(`9^|w7onx!;tN5T>vQ^SW-&wZF>g(p z;)u6n3c%P4&OXi0oEbdsG7J}RJz;BSKOq(*>?SJb^*4^d#gDf_4ywQoI~Y;Zu(yfj z<@s1i{%Y`WT<{Wt+YuFtJtv{K-+%@|a%kGyxhyWz0;m{J>v-7hzO_A{PN5dwMp`zZ z)>)j|rwnn)6=4kjjgZE5C;skNL4`eF0km?j$wFyoc*1)ehd_*&c_AnZKj}_(?~iZ- z`DU?nl77d!#^-Jcll3JMY{)ppT>850riSfgJjiYqPU@kk6(j zEDzyUNW!JR{D@&*L}B?fqg+1A9_<9;2RfG+>82XdhnVE5W4v^^xB--8!s}KXgzP@W zm$cTdH~8`(0es%SD+if*>D+%YjRe{R`XYeW>xRC=?6!=tuwS?@d|z2VwC?g(z{nu8 z9}bs-@h|s~&$Z*SLSGbqqigX|z&$YGQ{5aW*iHlijN{r*r{Y$!zI-9Ghldj79B(J* zAX>U+9A1m68O7rO8j>xOS1dT!w^RBDpm(HW_BwiT4p&Ju2v&H_0yfRAKdUG-VVjSv zZqcufg#m;k`x6OuOVcXUroJFGdqgXwp4lGq2Ky!-g)qnX2sRg3yNsxQ>Mb4q{K?4>=R3MgR9JbDmAdG zR#BX~#}3m}+B+x|^neF)8*cz1klX~G4CAU-lz#{7bO_}4i#$A?#pT$6D+f{=RB&#)%dz?h|;?_)mWv zVmNp~_Q$@pWwRWe>&%8t`wGL;h~Qbkkh6VM#sVF^Q8cwgl8RrtM=0K)>MMa^@I1#;eKIoR9f=4R>_sxv?K#-`Ic zGvc0{ICpKtKe~6EH>FF@v?5Gj=#5?4?_NB7Orm%@R#5LXT9Ril5T` zYhET2bZltjy!d3@mrP2+t|J)BBY9jJ^c`bEk7GRIY0mgPu@@_`%H7&TxXzVVPF=Ek zO~K6&96QtoEM6TtD+u=zu`n!3qSO+Ybr2>32p9%t&wFTenS0hK+EqB&4b%Gq6i*)S z`AlCUB{bIgedNP8p=DT56}qrVP#?59VHxCp`}PZxUKxlDti!cqD-0VNwtk%S>|mTx z5jmn&0EcBO^Z3aaz2tay@gDW!v~?k}-qjF{8%;572zp5C{MV~-o0o!b4n4}h{q9$A z)TPY1Y=#(Gs(!y1HA=fr13)zU2rxv#>=k%F@KN~t1gmU|112rwJ;0X-71Q7MYZy02 zturpKnLR%~-LQBs=>HN?N;eZ>z{UujE}Yn;db&jWPoq91dGHAo-*kawLRm|htGtna zk3SG#PP+l*>qrltXPaBRK5dSd2n@ZkRgplwh2MB>i#QU!_D6a@D=<*_h7Uvm_dl>j zr397ScHJQn>piRsT&X*QGYNg({V-B;AosLtxE&W%;HAI2yA5~*I3q=c3+sMi@Jfj0 z@2!kM>)*$M2H;^kWBv#(<9&3lc8uDkbJocoVOj2r>>s71_SkF~vwvS&7;#{xbI3Bt4 zF!8*TOXE*HD1MpV$Vz5jG*I}kPqCt;+-q(`e(nODNym{W(ZG5?YmkY9?rR*scVl5P z_b9=3=Wz3L%oK&HA#;wK$yR%K^Ck4BW4EjE;H&Pj?MtSr4c=v6V0s^DiLvx1DyHq)YW7+0x;jG|YL=WyK(1Okk0^x0}EdF{wMyzO^iI+IV8OL(V=8i^2=@=5g2A!}a-U|qxO$+iSouwPgJA?76tezj zvZMsfl~$uTqnzhNDax5qudT+h(Y@xogv1^ZB^wAMNi zn6Vj(FKVA>KT}PwU>lf!=$ZrO=m@oWJoyj!MwcpVi}!pm;;pzK0V<%A%7T zQLT%X;U)ZAq`oNny= z>xr&JWi*<^@8NC?pyTmD>~PeWL#G5tlkIx!0&-%1QuO& z?wz0UiO%}me;>wczi8k3(5VBd8IRzDKKs5>cegp&DivlD!x?d?@W)|WM9fz~|MKvw z3JBZIxLVWbBuqxjjBKudRcT=vB!aNhFIx6E2|tJpexeh~N@xvqg^^$43%!ikmP*<_ zucrqfK=aIgwRz$f-X)A@J{e`jZ7G>AA1i*`iOh*UUe_254qIB$4lNe$ygE|OYS}L# za%BH-NgB-DIi|sHDA=&^}y#af%=6=VkH+mcYxNgCWg9%2${bT9OwiZQ#ApA-oAaE%l ztH{3IiGrYl>2R_6XODIIp@ro{!lQ7$(-tRWBb?gqPC`xP@e9`y%Y1s~!6Vrx zKA~~7_h~qyn5RKr1z75Q_vz*`|8_vnUAcP`m1GYnmLmKT%;QzI?O>qE>4VF49AF)e z)mcaueYCxrk>NRs%#8fawCAj4RJ3q!9R(bL{YX7uz~X zn%}Rf!SsWBRzp7C3J2Uv8ZM0`r2<%@ViA~$X^vzc-6Y_Ic}BaW5dIkQm{_anS(;Zql~WVGu+)FSAy zff?YmA!)fs0q#PU(VBwkbJytd&hS7P7Tbr2wSlK6*$7Cq%Zu9x)*uM>lX{Yt6U%^p zPQzbPsIPP0a(oUWW3X8I_Ti3DMcg~P1X&4&iist$hA>sFQ_uN0-9mgN{E?uBRO|q` zx#Mg3h+aCcD@*I}@Z1@Za*?pbth5?A1?9H>o!@s%erT`XteFn;lgi5t0q$$kyyX^` zoLa)YLb;JJ4NTpwqLz%*6s0jQpQgz6({vyLM92>nZf~CzT&E6uUj3ABWAPGrh<=_C<;4hpL*yV%VDV&On~_bcJMBZ#h&#_+;lwOE z4-`E42NL?XJ$~^5^wBa9=3IrxJ>_3!cJ98+&)51Hs3PX_hU4~Wu_#x_^9VcJiWYyl zL_j!bP0NQ_YJ@%VZx434;rvsS-&qA=^jVm(uC`57c-v_Br;if4jjl<@mmE=Z3L(>Y z&4FSjYsWmTQkYhC?5)V2v!CYp-V4vBqzC!$GF?B5bsF{p=8$`DcrIZr`QBzC9U;bf zuWeXrm^d2W=zaQFnZs~VbrHaA`Wuk7N}Y(}SV>R>80@CRw~ti-SFkDed)<=|!hZH( z_CU77XZ=-Zf-WElhJie(JfE+H$F@YqWh1<9FNM1T=Rw(Hj$JoK8HDN2$C&GsUa!EL7Ws{cOQWLmG+^bx#2 zdvEpkIK@mjWvn$hK1@Wmd(pn%3wjsb2cc$9iX~4?>U`dZQI|DV)I1*tcj-cg^}Tji zL^;b2iT_G{{*4I)t<*xjG0G~vsH6(ehcLTGz70$=w3nt90|rOeZ)>=w^eGNk?kgnG zpADtjR;X;Nbq<$m?TS>Lp`_gLTBaKRX_tg}^;f}8q+@LsLm)MhOX90JP~(b?L&n$R z0-gX&_gm-4THeD>(LYn)T9{lHXDy1Q*UF1S08a#60$dEvXf#X64jfzqjeUM;&jk7o z2Q2yrU-%z%?nn1vbQ>$P_PILkz52Q2cJGWcWcCOQ>kZ~G0;NIs&x=xL?$ZzZnc?w- z-v|A6`)%tf3%~Jte=?XxMo=jx*oVe+?&j+E+{j-H2f>4H&o3kJuZPrJ@A+2)nH;z3 z-|7A|U=}H<2R7~epZoNL(--@ORMFI1HJ2c{^TOQOMpT*D!S9g;cO=Qr*@HnBH7*Hk z;y#pWLREBs2iKVxu{O*8E{8Nv%T}B+Mf>IChSJu>1nadORy2CvlH8|g?UXG6O$E&_ z(qN$YU`(S%VgP6W{qv(z6?W*q5gSW+Mq|?H*-X74nUTWaDfnYh^AHdA`%tP38qAYY z^dm{J?LC$p(O%kPH=T#=W#Hr0p!25)NZ>WfA5kQ6N3lCN_2Aut2}ZzI^!i$bb-!6} z!CVtGiKA!u@j_^SMSN012aQ7#A^kF0pGOJ{w~lM!skeDiy>s^|N~>v4-#9Fl!+W36 z)?k+HI8Y2;wCf-85uB2dvcaj5TA^F>bP;E4h9d7w2$G7mUkJ1N;RG2yQD(Rxey6Hv zsrmS~-IxeMUEpkS^0Z_#>HW*=S_BN&dEbJ=-vUw+^LJ`7R3wEa+;T@E&?!b z={I&?U->@4SMS@`lVyXmF{VQJI_2Em>95%< z*%xvoD!JS`0P1sttDtvPCi*hJf_C59>Q^W!+@JAP}p>U zFmz;pC}_=lmx_@8S&S`5j7iyW%sdBE@q9DNdAQbev+r@ng@4)TfEe4uc-)O75?V%j zU`NGk9Nk71(=)uD)$f6^E?mKpMrbN*`Zgi$W)$;pkuh*>`KrZcPc;S!!R9xaeDlO=m(%uW^fM9O9~0cu!$9}y3Jj)-2)Bd2qCet`6_}lIq;As z*-{$NE-VUATQXBsJ)#@Ypt!Gih0dBAZDV|YkSrM3mlA8Pq)Z$fuXGI1qPG)yq<=~_ci2tRr{F_KGn0L^*}Y#&H9X*bE5k}z*Hg^Z*oR)>AOu20~HO}=;O{Cfs$(2GVi|o z+U{wXVGkpB?0M3ocReDl8DN}eIlGlxDKJV#oiQnJ6&>Ewgf_B?n z|3zQ;@>@N#Gi*9Dh!d*zS*l>PY?c$u;6+W-gRMt7tzc}0&DVYn3S91?cLdoud%;Gh z=S65=U`06z>Y{&4;zdRW_jh@^ZE zzKs0KovT!EY|Y{*h(G_P}W=ECM zVsNj$^cK+YAfO}6yy|_m6gGdx8qV0oWPU?scN({rasa#LP$*~YGO_du9|`UmM*H-& zqtt&3^LfyFXU)44oDyICt9Tn+1IyT|G6F+IVJr z+^#I*faP)~LCX`l?gEVQ*&Vu#d!A!`E2bxsa3@w-=_;k3#8;E9Q*hAd$9FSV9g`G} zg4uDcS0!)aG*r>K**w-~UwRwyfnvbjRi^-<+>f{K>rMq@(ab^p*;b!UnKM=O^zplI zmp203!pn1+MJAff^!r0Yw5A~Fj1w&?hU-2~7lCHtU*hNXmFJh@@NC@SCouWrF1_?4 zBUl!hJ2iF<>80>6O;wu)qba>w#X}CQjtxJ#TRIlexbK=n>h?YkHvu-tO-nfAAvv0^ zGI*!wS=7O1k$beZF?stOTMHtK*xe@at3y9CqPg&>5RYPZF?HP@=}(&tCcG3?#lv_2 zDwJ#GFwz47AT&<<=RVV0)!6R{GOlUs@46^Hn#8O8g8Oa#<9T=QdV`uZ8@776P#>bv zAHfjxplYw6r@eXfpsv9k{RVewKHZLjb;#f?iJR6Z5|zYfcbsx-x4Bq zv(LM!1AaT5f%|%=OlH~0oj1}(8+<(WG$JPXq>wLDA3th(ps&xjaZ;U{@I-}!8Uj}E zi$^(-jYo8IVPD=0OE%a=7Z!G72PU+IYty~1=9TRkGu{2uIJE^=&O#j}X61-h8)yUU5dW|oKI4U}- zj6`-A=6#m!Qe(E}$3;p@{hd#)=Q7Xte! z9DDX5x9Ahk0@B!P0xTDXZ@-$^oWc5GU+LGSwR}J^lN0vu9ei3;z_2=0vxK}VF4vwrv)ttuhBbSsfRlSl#W~X!gY2Lu zPa_DpkUhMX(fRH&2i}q6y0=TQd4!)&T)oN4b?XO&qK}*Ob)VaaMHAFknEA*0q!Et> zel`*;D9|zgi%+m5K4%Bw4=dJ8E9d>#3zi&t8t@bPGUGoC^k?+=I)4yLd>IvhU zKi#&nX2j!b_}z%m&SNOJm=BMqosf9Cn-uWRy~Hq;!86G~?EB_hOXa16#Q>Hx<^&b zy;EH9o9qDjqYp%xsGQS~FV3EB&O?3zX@!`cz5!^D!+~^4x39&;eq5GN&?C9U2fT1E znhBlYi@BZfiAFCm$B?f1fblgzOnbr%mgpO4+3xjTJ!W8K>6cXL`%?X6gg*y;gI=Yoz1|&F#5R#Ma-R{>{pd3ujq+vpYo8p43to)Opz7$Uiu=uIk2n3WlOE72ySe zShc32pxh+xpqz={rGu?}_m^F4;_mUWp|Lp9rt;W8HdZv@*qG7vD*uk3oTfZDuI%w}{UO7}q%f!tGuR^n3JaY5euTG6-WlN>tQ5@2 z%`Z#Q^pyR`1iLReJzXAGT0F`|=5@P!icC$`6YZ_c3+b!ZrVnX=p^T6YV@pcT3r{f9 zy#9h=`GD!!h0U;p)a4QyfsmXp`>4O}xxd?2BX!&m;>gngyE-5PAnnFjGE6fjl^i@; zA8JM5`O1)t<=pf8H-|sE%3i1beV8||Se4Nx1mdU~Bg!!X8?SuLY(j7&5bsG6Q(OqP zf86#Ik$tune#wjeE_+1~sy=^6;Zf;|e-x`|Gt%VYQr|#u?|WN+$(7;l<_Y6R1kVw7 zIEo)$zsnIWMZ-P4LfI|HFM;`E5|_^sjrs%igm7UYi?f?E0a>6s=MH_j?EcPrJegzn zn&DyO57)@&0S`$|)7W#5;kv`NKy$mLw@>@2(&c*hR&>U#P^K8Eb3Ilft85WdAeFHg zdo4QpkY#%h=%xdwdrwXMY&Z9^Q(CjSg6+6<&2)t_e1o>M(ihk-b<`+wx@6>&UoZ#A z`ft(y;)^V$9sZLBrZs^)c7>uFk8)BG+|k4X4A!2uk&5m>xz1ai8jpVQx$d4eVf&Kn z)5_BPwU0wjb2~IvMpcxRH)<+KnCak^@C7f3!T1AR(^{*m*ODJ+X+;i4HfF~9RcTl1 zm%6OKBzO8`R-Ekv?yYKY(Y_^L2i!vs4Y=QN&8JoUl9#3CK)N{|j#jq7W+5n-i&d%U zB(>KMaMW-OhL)4O`-2jw$*1$(vt1*)6-)$gdYIR9Y|$dsk&nCEq0!j~P4CZ+dW#X8 z$**VG$?}VH&+?vO?qC)lD~c>UvtOdieINJBO5Rk4V9ome7U2x@oxDCnB%mP~ z*t66J7F%3)`ksY{rGs*l!bA?@wRBOe$(~2(XrLW?GLIwa;F!WQi}@=v-O0m0Z70vUz<3`c(vPk2-uV7bbkgtjh%s{~SFQeHE#_95`pg4FRUnLKoc zuB|ica$xczYzSerIvC?@KMJ2+rZ^R(zdyCQmw;9QziwlN-B$6clk5{^bcDQ|5Feu! zQ!)Q!+54nZKLD*ij~m6DD6(;#miP7#j-$DAa6X-)_DT>dhe5M&_v0H~M6oP4)I%im z&Fs!-$VOIge|jigXlZ%*mutEqrHCPe%;Lh!z0kb}bk7)sh=P|wIdCB6L=gYx_V+y8 zMvj*TOiRY%zM`8WrBt z_I$MHqAln{+8$~KS1QQiqYXFDGq)cbD+6RL!HGz;BMlQ#CgG^%e)}Ou;tMkKP)*JE ze7RVyyN*sfiD2(6q`|{1rF#zL+YK#rDhtegrPh$M>TZ{>PqYYs>K)bpS!{(%5|c;z z8(z+k09GnlKvgK{q!y}u7mr6z=Yxha_$~kH^a%^3e9j+QO8TLkj+Z)wl|G%JhjY}& z7r+T3sa(d?2ozPTkLy)ew^-jp^vd3xY)H`r~1(tZnIOK(XT?{;>GtP?>Q}4fSn`nFE~t z0;*XUIw|U;)}v(hP1ffqjh>1vEOrp0H?9iIlue7d-$c6mO*G9Q7iiYEv-#}k{NN7B z*Uh>+2lg5^NwV(L3rXEc?R#Te;@V~+&WT_yzPdb2`d;8`hJ-TYbK@e{cRi!vTj+T* z)hUQ%%*%s$5pp%oT`XWjhELOe&l9FV5L($nN9h4~g{SBa5v0HV(VwB%BmrN6OGEgJ zmCe2=jq!bl%!X$UzG5F~j8vI31~aPVk6haKl~lgyf$M*9W9WDqR@gKoAMD8+atKf8 zr|~_XdV%`v?{AECwl5Ug^y40xkSpGD3ZqYUCr$>np7Sa}oO0w^Js<9vgd}u_MAkvt z&ksxKh3^rntX{$_Ja15PXfdGAFiW%{j-%pk4k$6c_y@QNzbtt;$*?HcEAiLwy>f~N zi|!Xz@1fm-ePA&u-+XyLq(I`x`uyBi%ewr8@)02OEBdZ5QQRu!_#_F|3tCqL?ydN#$!BJ7=`}U| z%h~z~Vm`*u=2~ld&y)F9pV==;@}c@>PczCGc-N5b;4}uSU-wrGlQ(zBnx`P_F$e3V zpW%6uqfKC;hUQLG#uoN4*tZ_$4fsU@Ok$e4Sc2JQCW=%r*`@H~%LenU4k8P$M|;#F zd-Y%BX}E<-*39@;ctTOI_)GZ75R89H0;?w_;q9IB?tnZip@OczUSr`L6WFnQr9kE3 z?#GzG(_S#)K0-J$a5`?up33@ zyxs>%y+Sg;#aJhZaX5Gr*_+*V$eEB%ZeJd3_N{4BLl+6xkh_&0-{TWD%xLYLMN4wz zOLeI?aO`H*^ztJQXS6p?`aINTt zd;!Hx&G-uzN$BVhY2+at~p&hiCP)jBfq(VGM_y3is21$R0&m z3r~ITvlWvM7i`mh*Rlw^+t8g2+!@1p2erlDB)a7!aj*rYIpO+!6bt1i7jY@d@V_BTN&9Q-_OvEjRD&X-sZ_Hf1k zeMjG;?-d*|Xy2bdF28L@k87#Vut7#_LQA%?UaqMJx)hZ{>_V;UM%I_I}$!q#$@DLYi@9U9>KOfkJ zBu5N;86g9FDC*#{tl*Yj0OGO6%jQhu|0}(5_ue_KF!?QCh?yoYb9%U@S4*m{@oC>1 zlb?^+bbk!H>G<}~&;E(sFt-nY(F^PZ;DI|xI}CdQAFiQ=FV%vFqV0XGbx*yDO|cDnSId9e+?-;G6fBjKu#mF^t|UZS=8KzrKPeQdAi*Gbq0 zE~#OaqXn5>U(K^sJhA~)=sRk`ael9*7r8EjyPuO*e&jFk5Q>@Q;VH z&cG|+ImawMpTZcHGxneM?lwJxp@CN)FP*x)mLnLdJfUJb98KnM;<+CF95JOb=^PxU z({VlIm4Ir}dPw40#Cj86X7kP=owYBFr_%tVZ!3zM4OAaLMMua)Ee;M=0gMYs@b4VR z&C4yhprNu~HBCTtUy9S09~K-kN7kGCw6@DEB_MEC`Ww&3eup{|$L;4R7Bs%t~{^(_3Tm21?o z|Ez-0r$4G)!l&8PX1?^EuVO_r`K`=U`whRWCBuQHC&-&)owCjDcIVq~^5^P@P$aKd z=k}-<0;Uf@Pp-mLt}L%0T8&U!D)!bM9S+k|BToDavq zHx+t7t)J-gsVa0#qA26*>nZj^2QIGr5AovSic7R)upzZ|Q;o@p^!(5xFo8hDnop5< z>fUz{kGQMTzv3e$%on3`)#%)4_wj`{Kt|c|4jOTaK~TaG@AZUsuct14e)|WD5=%8Z z^vy+EbAAdepTjn^>)IR7y+H-8Vxd{>8}dj$C{qDkdkw}F;K@u3;AMgj1RxD{?DeM$ z6@COC7Pbl*w(U-_0mCWsJ9Iwc9C!h{Wn7xRsA_JSwbX}(9Y$%-yyjnOGZef4aR}j1yzM3t# z0wTjLFScV`t%$8tYL8Qp!A4?AyT3J+C)Sk-DN+*C?x@{tRtC6gb-ALBewDJ#WYX}x zMOI-G?yKA(7>HxdKU!ufa`Q?B+b!d?i+!e>h$J%vSB{HZm^<)w$|Krt#SZMqU&rYx z_x#*i=Wo^c?lJC-2yj6B11UyrPqp3GXpFO6Iwf50$HU!H>=jnpmNQ!w3f)A056Ok< zIc%@5pchSR`bo_`a@|l6nj?5+x2=zk;>%M<1S^qpqTl>0oa*(Lx$zw5cE3&wM?7R9=6y)=q$NKhug~`No{Tto<6S+v z=jwFW=WFtm=l7yp@`H0k22Wh06CHds=3PEVaZf$5oY!-1mhY?35W>PVe0G$=E!=o)>u4iVI#etoHNg8xxw=PZO^) zd!J^2h&{@^7lEJqJzReaVdpewq%MwmA0uQ7OG1(^us%FHx$pRr2wIh!^Xu#V(%5z7 z79xAI=+x|TLS*#J#)pwV0Bn+aca8+GP9=hzf?T$dlx#Y{*;GDLPh% zlaSllR`|=FO!v;(=?hF*EH7Uj`jyh(&|gNh)AN{Papg3km_Fb}=qC-tRNn_#Rr+;A z1hdz_WPHvD^Jb%;S~CeGt;7!mOe#2$M_cct?SA6AL#saWujGDf?lYHVILP*kRYTY% z0TjV@O3Xt^{VDx>CWR6Um*|ssedEd@Kl^vGzbzZr9y(m|pdA|jan-V?@ow(!FHE0# zb5-UkbVVMt^v^MXv(OSdZ)%ar`4i`Q{DJ6=8J=tfvE2DQ*+p}QX8qft;K}T{OQ0=H z^r;%LB}DS%^4#Lx85&t;&>HY4<`dZ{_T|6a zLsv|$c@un}y$a?nJ(SxGONBt+V>I}*4*g1CUf6H%j=|P5+923TW1Aqjd!b2lL> z$(m`uDD98V&;2nqqXf8fr&wFJ%3v?MXP0r?H)sdH=RO&4>p4>ZW~;7l}7uEBj#| zG#*q=u7kg4{f46r#ksQC0Wl3 zEe@FEgz`yR!Lvl_uv$_T(_?#t-@ z6^4g8>rpWS+Sdu~+t267v?PT$a%hHQGOBSrnFPf3$L1ngEQQi;{J!%`h3q%=jJdW? zCWYuWu+x`1KaU9i;fGg!_M8~E?B^5RSqh5{yZR2Ls``{8 z4G}hZd7NYa*b{krxxL`0cZgu$xHGF4!DoS zY>U4>zkMyp#XIUZz8aW>+q5%yu(IkDR*<`*9-k44G?3P?(5s}mUeIck;}`d zvkd&&$Qd^KC%NAfk=c2Z`h7(ufOxK`$Ck+Lwr683Bx3_E_Fv-fD^ZzPfb_WD^5PU0 zs|e2DMhHCupI@~>=s74l>%8=!Bm|h<1<{@GxR%F#XG-o)9N=b@!HFr;fzJ zGaMh_vG!qaluOE>6%Sm zd3}P9`D`7_Sl_W?!CW#3NCQldsZbxWw{1@*5U?=TA4Wo?jJcY>?a zy_B}sUu0qlpZpKcSYA**yIpjur&#fA-Rq<&q{^7@BH+QE6Mf0Y5EUdmLk$&MB>^J& zb_6K>FWYEccYT6vQ4g4Wwa`W0DHh4Y>-lAU?eVu?UoYbw>n%2h<)QIGnR}wIsal2# znX7N`g56Ho&q(qLdjS_k+v&ZJCOAjo|Jfk1UCu=3hpZI$a(oo_!+~n#R!5oKQBMl{ zWv9Y456-U)nMInJ@*-`lZY41Ib!}P<@E8tMGud^--(fi@8Y}s3Cx3~LL)}ZZ9ao^* zrcMM^{!-kei@9Gyr^jDA)#Y+CQSP$Ou#hn>rG9%q1yk|v6XAK9`M!pmHa4clV+t2O z5$o1{IUppAv0VNxUn7J9NJ#{u6M7>GiKr5aVGlcdf4cn;(dq-WK5ww4<9}=98ede) z<1DejsGU9jV3s(cJAF~ksr?7yOQN!s2_%XI&E#QwduPQ_B&zg+^;fVPaBAHPbgBGV z9#s!)Ha$=nr`+W5d?eF;B0|LB-Tn|^4cqLrL;VLhZP>RN?>}b9VzsCPSdsq7MeGLm1r+7scR&1FMWHjo0qX~X<xqm>?>mHO2*z)nTULZFIC>A-a(1M@ zb;GA5c?Mr_c+e) z^u+e~y{||}nV!)vgl3`?SCtGFGVb(Q4KDhw4lfE=LF8lu%hzbX=&rdB=X&8RmPwp) zbhN$czHCC!OaHfDM03G{4(#B}lTkNHx9f{NKBt+D%D8RMQ|I_fYQjOa z_9YM9}O_>BGq>|3VB--}*0@)%_o&S^7yPmApK*z$V(fTpIv1=#aY`}$Z1 zBy({;8~t>Ft5Xfts_CbOaR0t`>+%C8L`HGn#@9XGYL&0HpLC{Og8qRXd15P1*5!Mf z1*0dx$P=>|W*6Cwtq1;k5cM<*Zze#od)7I5A;=~h2ZJ`?GelD9akx_YX-w3!$T!#K ze0{&({txfe3RQYMi{07-1NrR{RQ8Y}9pg`u+nnr;8KM{~g!8+Dce!!hTD=Lcc<*nm zL#4Q{qQ-&Ylw!29Uv?idt>%m8SY5v67J7Mq40rD^p*p-6HM^dIKEW-GkkeGHZ^ETL zHqyt?jt?}^WZ6k5XY{o#r9N#=c4Hl0P84QgPK6=&PtAHhzeh@b`+e-e^L^ZBKuz=S zn-0^rq2E`|jeS~d$aNK{8ZZNaJ*)Gsplm?GoKojnu|9nIcHFbFy(u<%E^8P(uPBMy z&%D6P6|(+?+{~R=o{Xgkl;OfVmrs}%&qalpT`pq@C`f;Xt5u`6`$#R1>(W1dQc*=* zY!B3Xal7~sJd*o95LVK=Y$5}&9D(O@W!CW>dkjv7SgoLzpP^z)9;^PS%AP_1_-m_+ zsl2MDFO-V1lv)_Mrhk%$fPGTlaB_7hE*U~>ICKMK zE_a#!k~_z)Gd~o3CJObkhL5N3n+~UkoqDEM9>P*UzlVU)F|>Sp3~~P-GR((!;ob~Ja2LZ+V(}+Gyn9wr+IWHA*)VE zHsy$=#=gGV_fV~&Bs`y>B)d`rf2~a_;D{ku;RVyY6{Y0)m+#cqcQ^AgwsmqAnYPzy zl_%+=$ekh1@91f=ib#SXTiA!msa19zrd*lnXob_I%B-r;(IVY_NMzD) z$5?iLKxTT56n5BebRWzWo~YdqUZOi_{;LieE1aB1{eDu->#Th?;r z_MX@iAraaXP*1+_+?A~y!Gnps|AM<|%8IpeLk@>{U+(n}*5M?qP1~dn4u_6lBd?I56@{%^brQ2!@)v zD+^IYj1`u@JF6YUt2kn+v2%Dse4jCFCPZ;li8>95lOp_Pki&01l=D(m9!{RBWJ7+( z{Oi`Qb`K(cf2n2|5OUHX%M5o~ap+ktepyzYH95cU%iq<9-55HK&&qeRTXv%kxs9fk zZ-!m|ok0gleLlA(ajBqPtjcfvvT}^@4z#ASB54uJz6^!|b$N4#PqWI)3QC+JwuNKtv64|I-9@H$?ydRd4f(#W?> z^=x@{G+LJS?8z_~vs>K57IL%`dbi~uC#^-xpJ zOXe|`Jtp+dJfDw7oz31mW>fW=Z>Lmnh`l&16Q@8QE<=JEW?x%PKWE3MPuDO z2hU1;QS-+yV*#a;2PgG)Z}q+>BrqB6%dHZK-yFeBu6^bD{?nFWsX9zBC*FHq&g=;~ z?Aa2r~PeI~QE3gP?%Rs+>oG7LWUN!VGp*c{1N`0xwUBxqKH zA(8U*69CVyWX%ysS8?HB)Az`tYE%1+-hCwRjn_|-|4FvXHNF{i1%v8_xCed z9uc|Mn6D%`arTJUfNDaA4drlZe^8|DK}y&&ByC5?&{8d-eV@exMkER|?fav8d2z(4 zyKXyhSDsH^9m16E{7?*SpN>!N54-iM-4}25`(m(Kz&`pfinUL{@GL)9Sl=`xKjmsdjFB+eFpSYb(5@K@t8<*3A1Zk@$x$ z78P&-TmR=c7rlCY6t3=2kM3uSx@3r}qV_#V-}DL(G?^^FpDZl}@QiP_uB96$unh9p z-6rS${VF0e@-jJ+Ew56v{zl$qBEmcPv;6sy^7~j=&Rc=K{tT6@^qSvT{ACh%cXNG7 z@2HCMdxsJh#0v3qmON34Slp~X?pqpf-+6$lEl{B>$1rU-Q4NgT*yd14(NXTg!`XWA z{>o@D65F?@>*tV|+%h7PAhiq}Rvi4bZ{%gFKobuTsLm{C6jj@Lft2g2)6sNUnpdP% zy&Ij`_w+T^?PGK9m8~o0`P_%zro-^`Wh<&b)L%nD+MwUv5OwWq zp1P>lc-easgwyy2--Ud+e+Dxs#hvOxK42abj&F1FkweXA$!%Z{vz+$42p$;icRta^ z-o^v5EG$DWBOO)#0qo)PUmKD>F?w;E=_kau*ydfm+jsfAV}T{M&@M>Eylw71Co9%( zQaZo)Q_a~BuiCe?SDw>Prf2qyj?l-mF_X$BU{&?F1u<1k5!@&N)drbQ?yfE)69VtK z&cTLz9C2mjNX&V{o$RpWATqxg*C{jMyI_*Oc%cQh%)~Z1Q@8GJbttC^+vDKHPYVGX z#Jrl^Idz181~94StK$mm0eaQv)0a+}kr4$oET?KgJ3etoFjYpe_PZ;rZok5iqk^t#h!sr2>OcXSjW z0P*piQoX`>J{1x$GyT2ZH$JzP(6sK|D{=tc03-`f4w1(!VG_7!5)5lq>YFmU!h`<$ zj46hX#-VIM`$kn|OXiR4Y3XEU_TUx3KHb2Ug5Gg@D!#|MFe4yobMuGGq$>TPAJl4@ z68>p#U+Gjovq%X(3}naH4}akTmFgO-+^(^(abHP%${Na*hx0>pgLD=STX#>bRfKzv zyTxZJkG_G2z2tFW1p4wy-6LI5)bkToYXKEERK(BU;`*(et8M>Wf^tNJ!o5%Y9H#VY zd+t-Vm4o*_u0Rs|T0x4w`#C1IKIBbklAGEblFL+}y})GLc6PxJh+`~evOM(Agd)L} z;l^^s_5gjQl9k(!-2OzG@!pr&mmHYmwcfD<-#rZkTnYu$3FAC-*~3nFij-cD?Wy0V z5M8|7v|z>rBgE_CDc7>Ln?-V}_n8>wJXY-2-3{EkC|>Hz_T3jB>pc5LSD{j*?pN%k z76|ruKbL0@t(#K99+Rq13UC=u-tWV`Q>aZR=PXr(bXQ;eeT+Z_&QT-Y9spMPVZs z9|)MS6@+leF|_{RrwjBK?Kbxtg6fj_eh5Q#>Rwy;WfE-3fChZ$SM{B2;<;4qqh84mSx<5wU=|oP(N2uvMLyCC*`L}EBr6{OmU(7SU zyTWJVNifa%Eu4?D==(fFaQidrqUP49&N-zvq!P2ln?#|DXvaapo!V|TvJ~V3#A7^?xVaR{5c6 z(`FL|B&Nrr^a3?MWp@wNnJj4S<_QWCC&MjMDs*G}T6RB=%b%WA^d0!M506@)0ZDEAqW7uoOvR<70jLqv-eEMb0qXN|faAgrd0 zj871}33u+NdyFc3QK4O|>|DL_&LO{wdb>#JZc8I|TfeWHvgJQ)<|B&QvYpOaz6`T+ ze9k9xh7gL@_;%xVnNSiBV%Q&4AL2hp){fZpxxnKd4-;WPTt5t^FE{**`-;yl-|ljA z<907>dX#cW4%H{ zz#TL)LY)|dBM*H81ic!7RE5T9>|!usrEc$fAGM8`8K3YEhsUj9M_~E*r_c=g5w;MJ z@my@mom@1Zly*qUq6KE zd?c-KAmFl0v`qC=`f|4i!ma5d`WfW5&ixU_TFw{MMyXPmS$%(?rrTu4eN^+rz9p)a zwDqSI_hfGfl`l;hpG658$E(FfScRoKoPXcw^FC?d2A`O3dw+)zPdu98b{P4|eJ36y zgSV=dzpWC&vYG@emc2nr)jfmimk`Q337@v&G==>26cQeX9hdo+S3D`7vS{B5LW2OU zMgc!Wv2Oi2PH)Wxm0o@x=Z~sow#cVcb%M8u0)L_U6E+Y=0i$ ze>t6R%BZHgle`y5*Wk^g+L)4qhIPomVU;uLi`Jv*kyXiFs2hTPmQq09Acz;n=kxQ3 zF2TONI}+q{7{ZPAK7wI;Z~v2yQwy1E zNI;|kza1}!>zR6WmcxMfoyM8AUvo`by28Zvb~%qIRip(|pr&SQ>b`f)o1v`VzNhT( z0cO}n%ayP1+1M8gIVfXvLwQG51IhjltphZLn+Lx)&&QYa9$8E&TP?M{xHy>?g|wq51ki>}$VHX?`mvwJ2GV9z*`YuB z)~VK#;wM(=+`+dsum|$5X`}1;&yC@qj{AMWLQ^{_Syaz{-17EQ2oC9-}m$z z%b{Ysj)k*Wu0I#KpXcQxPVpZ8|NRJivT(4ieW&0w`|~*RI8SU* z(qd0hW&o=6=IH!;Uu)%bX^>O^LQZC&jxSyJIu72TmC1C=t~&l?py)4q{Xi8y{gBOD z9Y%Cq%G3S?9OUY3!_*8%jVl9ATKvgQ&4oOLfjGmLY$UZg<3VVakP1ex;PA0`f?v;Ang4SdNA=E8FxQs~`Gcp^ z0fE?}iHoP76UR6j{mOgZZ>xJx>il(k-Q>f`Mo~~uwh-)ACG+5%VcuacDHdq0d;T4l zFdD9*WK^oq>XmPm^W#yA4;lL71;;045TA$#{QGou`~JH6`!tV}i%aB5;~NIxZfS>4 zZWge#I0k?H&T9SL23E!5Bzb?j)35h4oEkuN*=r2#9omUYHeT(F?FNsRwBjec7GB8a(v7$L7nq`>X7>_IN=}I?o8;_{w)l6 zzsblUA>NtB2-4H<$+l1q6{O+l`UNGW^NYpf-D$q=ez1hW8svkIJ!)1C9Q)dH!!3Oq z=(0=~ecXDcDD>EpPd9L^0{6TqpkRT{pvQ<3p9_#}Wyza67%6CIrNq zx((dv9P%Vx?=xFvN05=^KdYMg9cq`mcK=>MWEtdNX1Q0cJTc*&;?Tf9*q3slJPMAE zjUo0>YCA$osm}axwu~$JOQiltN|Jz_C0E<%3?)DcS_T{Hm#C0j;%#LJ+0;e){R7zG z2T3)vgVAd*#7WHr7}f#aj=0w?4yP|pkT z>K@7qs`%sA>|z*rSJPziHvJU^Mz%!b12X{iIQ0{Cd!BgN*tH-h}9 zZ_*(jl07A>nAE+&-!th`@l>OZ-kd{i$|r(>6|wIVRP*tdlz@6_%~ki|8eiWDp!xmP z2C?X}4d?uF&W*yX_mNPaj<)c1TwIRcYJ}gQz+Ls}PN(cLLP^WF_VmSl=H>Mr&Ge~6d|v;+xNk>VK6vw=I@CaiMDWePg?^B; zdWStKe9e-?{a}QFw+wl>#j&5}h6*S(1L#{#4MdWAH2FLuL!3{F#0#H$Bb=@5g!QPy zhWMB-c!H8f}Ez~VYftiw``vl8&jprEK%3GhXx3t?wJYN&=A z55ViDWQ=nJ143urc=1`CEcVR-{!ap$0Co90rAa6oNT7LJe>CLj>}2P}e+-uRLu)XB zTimOLbi6tp&yQ2~18h`#kEv)%?6>iwI(3p?|2vlNtd;#B)@YZOy62n|cUIQ#(L5t) z6~uk+2)`3CR!2I^`2q2Wu%-_J@K8sD>zkqMs+B(U66hPTCqcjDfE z6N|AgnakYWEA69>?rr$eM<;%e8>qFLo!m<9Bs>`k0*h^f{XsDy(*P#6FO8twM^V;S zarRc9_qTCIB{XY6ojs=7gp*Q_ez`pvU*&+NzpDyZ0Lf3(pg>{?ha2bAg$(y*P4NOB zc<-fMW6c+NXY2rld#oz$a38PROQe@rBS@=RwO@^D%T06r_HwI%;V~xf3rupk!A2w- z*e~IIj*qQ}6F_r3WyU!t3xN&T1$79AUSs*_ySi?AdGR35mAhwHj~!(p@R8R&Tept7 zlG|gNXnwt|g#UiO5j_T-^?*rE{d90I4**Pp_NB>E56`}s&whmqg&)7HNHT0GQ>RZq z)QIof(A_ufAL8wRyD?d5c64HqT6)L7JmaxUg_ zSBR7DR2f6)E4j|QCV_O3rP{!V^Rj9y2WJ!;4~B5=mshxxcX1pj_M6-VmZIdo)`aHx zQp2kzZ=K7)d_{Tpo;m$Oc#*r3yNKc7<7ZJbx{8tq8SI0pEOl}%-)JNaE@G5M#+kF1{SM==Na!dr|yi`JBpI zHN(OZ+GH>&qOps)`cR55#Rj#4O@VH!Q(L*P5yTEu;J%`#*N_U-Zy{Bs6mRAm0@LYu zZ;0XS%YJMrbn`kJ2)m@Isk1V22x`-H(0KFa&K#~(e1Rwzv%W8yc-Z$g>DHX2rQvyw z;8KC9?ScTs=UkTebL)lWts&&CJpIAfFeO_o0Rg?%4l)KOG!QSi!hi_to-# zj-k$VGa28OydD-sz9zu2Dn{w>{XTmho6 z2ZWFF_3AZzPVj6yn`#Jy;V{jHj_)bCJ1i{vR_bRA1F$`U3Q2u6b zPc%G#chP@6Byw3?=KL;C2Gv~&l1}Xwgslxto0XEPJ=vM}ICI7a-qpvxk__~XpjDGT zor>WQY_`^juD)F14vfuE@Aq;2^t_|W8X`kaC(6q<+^uk z*wIZ6c;1)?h~fv&CLYvUUyu$|uvmU0tnrZ6JC#YyZvBEgnvIW0p>lT`4|@O;9hLbz z<@^W6odfYemwk)bJFqM7JLaHpf?U$XMqjPPJ!4(~Mv}j*|US`Vi`*=*>@uM*%Z)kKB9o|GPF6rSd{<5@X zQ0BZ9paVUhuQnVk;d~RXRk7EMy`KU0%Si5vowAgX4b7uh7H77HS|CG%T2Zxl=-S)k zX)1IqxhE@QlYG5N@`V>Uh&X}UvsVHZ_pL$UrAS6K*(z_LC5G77yZDw{Ti*FUr_9Y)xC)7@FaU zmwVk0+k2LMLIR56o{(7CXYsBwTTo9|FW`-b9P_@Qb57WDL+qgy3;3sZdyL5#$Fv2`cV zE_E-6N0z1i25MM=huSZIrp_UC&H?)^50P%evWL4`&iw{bRtFPDDC*zgdx$o3!e`hfs|jez1K?s1g=J^Gq(9E+FW8BW&qCDM3bfYm# zB>D{2vmG~2I4L_d-XJ_G6^GZp7NobT(^#iyR+m6FL z`d9qn&4->%y;1%81U4TU5z%M;TA>qGcvnplJVTvpK&|aj>py?@3(o^%h!arW^jN&UvVtn zOOr)M9cC~H+-nuj4*@9d2Ti~8aA-haLHe_ZL6<@Y?NK}IY;?th?!Gj)WYosD|w@l&)Nz@;1~ z^zu?+#{jRQhHB+UtPkDXmN3NLcSJKFu8?m)&I4rUm4UT;47+e6e3-_*Wv$v0-1=u_ ze#Dm~L=McM^`jR9v~j;kS|6v{{UH@v$TUBqf9VsvF+bh+uBhJotXvxA2f@q}+>NqY z-jYQ8!|x`G#}}{5?SS+1T!l83R%_#ZpI)eauW$FYDAd=uyqJ&Kgh9{$*h{jl#&B5b zy9{T|*2nGvUEVB;pa2MC&7^RbH~gC~`|XvH0`2?Q?`g0tuYQc?Cs+H!PgW|U{n47V zgj1Y2dxTq*ou%uGbbiOdr(f5q1`Fs=s*qG@4&LY@Y?&OWqX@w%Lb3XK10ks{A(_z^ z!!Z%aW3Vo_hPtyuiVs4zS<= zz+L`nB?&N#J3O++U5UTu2~U1fqD8$01(L`6c=`%3l04h_kp?qmgUJ}$y=iS!>lHpq zJWPZ`I8qnyDRd^;;2X7=Ma_d&clIrk1eg#&TO$qCo6}4}OcK_FOWw!k`z${tnTDC%|CioO@ z*7gh!v5Eu&GfrDDCr?y|4>nJs7fZC2 z%_A03=Q9Id5ROoQK;gNXerm4{5K}F^3wD;57yq=*>crX)`Hjz?Vfk=RHZL%jdykfg zqsp(3qHaZIu{C2RB}L61Wk#+pxv-L_lA)&lik(X0XCTbW)of^a-eW z2+!Z(Ugl3Dxz))Rz>jKHDf4bc#)an6J+4T;loidSvr)r|ov+%XYcCh8bx76NWSt|& zq~FmIl9%~5F0gcgDZ%$*zfIXa+?h7g5nNIoS2~83{%K`Gv|EJKDbDU4 zlJ$jZ@9i0Hjnf^Vp#SdnIIXx{4tY8*>mp>qi$@dLJ~+J|!yp+euEf&-gGi2_qXp{F zO1Yk=k&EObMQ`%HUro@mmI)YatgnGp&f{t0l6_N~!)fNq1>6bEf4!D{uqLxA(-)Pd zW_qBTCuPBp@kzmSjN@Wzn*qG_&8KHwYqQdSg^>#o(K38_A=A$lDyMvGSo{kz7Jo_r z=f~u8ucxZRx@F8cbN_(mnc;bR#B+PM8}b2LjA6QcLulKjz7&`O@UJh?dHArHLh;GV z(bHn_XVG}vcsj#2BG`U$QFW`yAuuhT-==?tTbRr@)GGTF~k3jGW-iHPmE1ACm~9*%hnFrFKF-eZJ*A@k$$3YR>_8}U+0 z&a3xKy7<|^dHaaEp1_mv=OzDAyk(L%j(mifeJdW<@TOTd4!z2#*eQ#7kFUkP*r}qV zzBBm1og_$3mJgUE(R^s_*{eD0hf~bfbgOzj`FrS&tUM7?`1T=_1ACl#oQmkI&r$9{{{)EPJ6vuXS6-)X}b7|v*6w_25__g+#s%W{$~ zL3;qf;3uWt8%8`V_68wz;NS7SFNm(MA&TXHw%z*Sz!1BXVnpYWbuj$?bQph)-aR*R zJDjgQkza69@`jO;P}xmCDNh3G(}VoGuYr5l)B{`zvquQ|1|XfUs6>y?CyvMDPoDt? zZQ&F>)OBNi*+e|`3%5b%0gD|m>6ICm4i15hoeLRb#sIncLVgd)IeNkvA{9*X$5ZFn z-8CPC)V>NYltb^|wd)HQ(tccvUhoTp%Y*)HZOLvmBB-K*wg#lFuMX^N8Dsgp<#h2A z0{V*PWoi{>lwVxNUl@rD^Wyp}UPqa2!SlnFc%SKXKM(NLDeUb*|1Q|+q{%X+Z=O6% zwuI^HOWGGg{Kz(c5XNGpTM$Q2LjOsF;9}BL1bndbDCPZ$2xGPBbS^L6VpaI<^)C#l zNgsl(IPpo_P{xMixYPKG6k!wFSF-�Q$m+%cbW>>CE4LMI{h!Miwojp=q}grfdo zJf2$ZJp~{$KrQ%&-r+{%y?x;JDk1uqzNPhs0MqEfm zL@^n4FOd1UlT#jq{;_yg1Lh;_7$X7~GuVD7=_*G~rAR?{5N|a^61jJoi|lTBujfJw z`Z(|38-8U#638f*)mTk*PjjIHtD6;5I>oB+;8PeG9@l;4lyPjdc32| zERoh+TSid(5**q!t$B~8_Xp?VgDZ$g+8&a@e0^H4YL{scDWkbd{R*=>%b-6HhvnqE ztNG2VWj5vkXAEhC@)$sW$Dzum`94*0gvCW2@5s;jUUK5ynxX{&cLOgvz)zN^?5vlhb5+a z)|qyn&N?mdGMQl82i#>q)AZSAGP_HMmL|-4OET7n`uE6Fnco6%U!nBfQlwhazh8BG zvA635Mx4G(8!$iG*Dw(ke-?&Rb$HUVPjC$6vOJPY8@J-`9^U{AFaKdn&2 zM5JfJU=9a82I8-sk6LYcDIVX|ReGI^h})V#se9-*lC|}@&LPH;pXbQ+OJx?9z#KEb z_We%)1?mswwaE|h#krjPL>4cQGfM8)O!%0Bgkw%W{2KTL1Rq*if9_8c^9{F=1AUlXB-S(aU0T#tQEAykN zM)Ez-S&4%V#k8#NTy@~_eZn#ObB~`>2UkJPmOzjfnY==FExDg@3ddtOuzMu;iGK^3 zsPntYejJSjQPP4nqTgP0#%ToRmb&Nf!S13j{Y`0@nZmX~_aMWA>VNi)>;^KvF%OmVT&?q;CocCr3wpb! z6filQLW=yXf~N8QE!pATqNljjo-o)6$ zf2=v@7EA?iYOS^h>Jj|aj2{eifIl@FVPnMKi?Oei4GIDFZ@+H}z{>sBJdGpNfP zkzGb?a65jWcXfo4-VvCC?9EQba)MoL?>;^>k4ri}JQ~0)#djL{$lrYuoO3bw>4$wL z<7dch44_cIe|CGd#~VjOyx&AOe*JRZsh$dwKD#ufFgOTk3VSRL0r!#`c`sJkhgf$~ z9k@k*Vsz$HSnwb_&f|qgF8@h3o`H4%w9RnE)%6S&{AP>do2junqxI)Ub&*9rKc%%z z;{HlN{@4oiE4juWY&jL7_PVyA&%Vs6ePmfg1X5PUDF43eiQK)lXLtvtTW$ zU;}S*aPg>u3zL4j)D~?Ib#PWlnBlIju=ZP;5`zLCl3g)KNKO!EbvsZbLwg*^7o5d= zD3#;yiOT=AY(uFm`KLnaNDK=zFQ=33l^1Zk{6U1(J+pt-qsu(8XFN@Ld(g!pbD0KD z$(-&=enZ$7DHR1=eA~b7-!m0nPpHA{cfK;9VsVl43~u+-cj9!=qYmVqE{cvl>_tUs zfA((u4?1vP_RE}ZH-TK9H8l-7*#O9aBXVVKuFJ<*UtkC{Nl?)+{T)n7;rjbr_93?Nkd)#ax}Q}6sM zUn9$P>$D#zK$2(m)@?DdGGTJ_&sZ{ZA&Z7a_pT)+B>8|))guC1cLj~W!H~JUw%<6vi;KEg*|W^pND~>&>CFR z(z%X}zY-C!TY}p02PM7T=uFQx`1C#wss58K)iE3nL=;A9s}JSeb_aL3=NxNyZ=(oP zu+7QmRMTM&ZY?&858e!ujV^V%@n;2fM%MSQAD*o$rM|tdFMO87NZ2yix)y0}HGfeR z6$|eFy@7Z^zTSuL2gK8;J_jhk$?l2$!V*D%reg*}5|hso@BDmBwA)4lKI{hgz`o6J zM}Q66xPR+U*$BZ|UEdK@4v&e)K0(U=YS$}>`WXMb`x$32vhg?as{+f#_Gwd3osFZWWo*pKi5y-a{~_%ucHr_m%Oi|kXlS!`$ctK&Ooz=#9Qha za%BSfD-2HR$o%?iz`6C0_O{&0}z!-06*IzQy0xga3b6eaelZrV#))L z>9azRi!A|l(4vB*92j$;ZcW_Z!||(neGZ;XGrxkp6cBQ0%58Dc8I9rYjh=m35I|K> zPf!GCp0Asfi+Z-l0EJ(=jF(MTM3oUtk*1q66Q2%VI&a+T&ht>6AB5yUau@0tHc*_h zgV*pSb1)-qurXWv`@wmHl|)wuNk_L;kJ`w#ys6-5NAELeUpDIMo&muR)bkBmG7EdI z$YfxuSfobsTF-8^njE0V+=+ePLA*nZTb`a5z)SaV`LSoWIUiOD98O!msj2p?Zcg^> z(E(Y}3=>Z%i&<&&E5AW6mJXXH!=iT(J zdI*y8)?qpkC&G`v*YK(lf+0 zA9~7uj)rxF^U;OdC;3{DY^H^X0i@BiTdi#TNlm5(ujTqfAsst(M&DvBlva`p#xKZn zp>XcLyHwl$VBKR#J*yUM)9~8Nox`=sRI+S0v9)dTbbW2yr7d96{K3vWat%FUxB7;9 z-n*%@C$23{vbA+t4)#61F@Fy$Z2blrE1vkRl8{fBcL7-q?yr;m2pY)=PVnGOo1y%C zrPrfK-;khyp9d{-YZ{Ar>4%SN^kgAV(S%=N5ia}V$6Lurs(Nw#Zq3^}>fd7hn#)~z z0nbg{OUYFGbh~eiY`R#Og;Z|)=lTdQw`aSBh5usqHE06We{By^a^%(Gxj*e8VBYJ9COLzO_>M&-T_DZ}Lx6p#S#b8-wh;W^%#t4gSt#BV;{&A9 zs9)f^carU=3~ihJSo&J(InL%QZ9N5ER)6^woXh9)4F@kgh0^lv5CRJ;*DMMIhT(aw zl;wQU_22TdYPL-7C`oD6*?=S%v#;xEzX|i3H04@YCM*rTS@b8Cs51 z9uri4+1DI0Kkc{R?|#oRya}E%%4|ZSf^)tVVs3`X3w;&{b%9n-h#%f})zKKW!A$or zkd~do$;>j^BfUvO<|z;60(p@o5m&;cfMfgKpB5jCucMCql)CF(%tI5XP4`cs=~Hxt zJj_c8JZMVu6Wt}tWsU0lw}`PH2sY1_lL3bK@F8O%VD#6%_1SNPko!>o=n;Z+Apo@| zGjXAZk%Z2QdA8J+em!4;&ckAFkGJ{51MEsD2d837m*|^;2Mf;_Gu4$Nw-#;Bk{AK$ z0A&D(p*Z!ueT8UA&c;U@RzhOkcaWV?jh7?}l9D_ZSvY!6O=vUBJfHOe z{tW<-_6osaACK=-_}2+3Pxr^s-S^4qqp;>2CBf^&b0E#v3%BnI`wdNj9GE;flz+Fx zkS@5)b)WBNMUI}F4FN3!ZtiVXh}}|{{U1}0Yi2BWrBjR>-2p&t{R!p$e3%BXPuZIo zwiEBMAf8&WV485^?y!q|o*rq?XaMC5@DKxyt9l!1Bhita(aB^$%~Yj|DFh-faN%M# zOOI9-J(pCDD{yt}aZ*F*EbljY<#kgVQu*^Di1;=` z7R8c=#pLMB$M36Sqm;e*=)av7QZq;C!HnVfAv-O(Uo1SVv>rwD6-Hl%$8Dk}yWd}| zhq@LG8wp&ANxwF~=QcM!BwRO&c= zU6?Ocf{A)1xcfv8a`V8wHAa!neeVqny!W_G7Du_Dn3RoywX#&AVdJW+AINLoY#bSf z!%op3)?RzSsh3+xDyl!`+rd#3jJZEV7{OP>iU^KaTyJ;IF92#fVDe3S8W!2iRA6JSc*|bEc4PTO( zdL;^lx1qnpiEv7Cg-<=I*-kAI_NA5&g(oY=!wy7ZcBqKN|I~OG+^j61bom4QoGEkN zKH~WDhn-s3V5N72%zVzc9JFzhZZ50wUDD2Ze*E;uYdW9iKJ9<>Wx_xUv`nW_T#emn zdH{f--M9TzhbvTotldy3*vI-y--lb%2>UPxtwx&)AKgB;C*6AHGl{REq3||##y;BP z+J67$38kf?++IEcu|Ulb0yk&oRNjN$oB?M*&4oYI>C4wjb&aueIhPkk>x}x$iLj!0+(? zdEL+W~||S*gv~HZI?&F^fFy)u&V%lGfnsl_2@$sWlk`7*YshfOJfQRE$^dtH9 zdS~d%Jec^+X0fNdV13KtxAU{4_way&u(z(ok4f=?8Mv)7r!&u`JYQC|s|fvd(L+JH zza90kmZ1fUHH%d-OQh_(ysJI6lTs5tT`6nA@9%PlFXgI`B?2|cvvvsu`Q6i8nJoJx zT(hQePY=$qgUk4t-#2#rz8GVE6NMMNk>Ms6IM&Qq3%VCLM&wWEMC=N51_S{beJqGKfpY7Yq>dA)A5q@ok z(1q~I{i&xsFltV>^X&*poqc6|kE$%_a8*296nT~~Anflm(vE!~Ux}%9=udi=6si~x z1;GMiMJUwZJe}rx(4-WKcLXsKG9N@Zf)r@~^&syDzq7m!Z-Hgl!Td3&56~EXENTPs zmGlWL5cFrgvBsVM+Wh@6E=Wj`aP$tO1$W^oHuTn$-LAz=Fq-A7JZe4`UbBQ=@WpRbHiVahsOw|Y;#n0>_h4fbKRo8DKCaZi%FSA6Mx&3wPA2z{zb zD>?9Q$b`M8-(XE!%Q=n|B{_u^x#R*+UvcQIG3u(w@6shj&3&j7sfEKoB89nE?|`2Uy>73pGx#n>vu|X zy(FInnmp48XC+>T6#HOIPyWjG#*Al&vPjU%})q5L_i2(MX`WEsGQz3}f?=kTE? zwBC-8KsrVaQ%kiq%QwjI)~{q8KFRY*Uz0sy<^9SO$wWHM^S%JnOMb9##Ih8y)IML( z6HDvf(w;tp+KuLpHBS;aH}I_i%EBT{dA7I@OKKXauTkwi$-;l zR0hsc)?hlEHZLIUKSdELxHfO-+Q(1L;Elvxx_vBTxq<+!Yru9{EO#Fiiy0|6R53NQ zDdFc7%nHN=acu5^X`f)?3rd&_$?MbQrN;sSM<*e0aJM*^UwVK7iOh*xIfT|}9~Zux zeHCJ<&pyc=cVeD8k}b3z?!iGjU2G~nze?{Re=&W8%cWf^lGxq1Q7p{l!WTy3@j)L{ zJEFaG$<(M)L3F=zv;J!zkJ~!mUErG8;p2zp$;;!m{#v!;Uk>tHXR=i-|L9au*Qc(k z)#pxIB=$jm0=XV4JS{5azOwI25(12BT!T9-;-noLAsnY^zx=Koo;3C&uwiY$Dv2WE z9PM+qd|%(6gwC;9y6GWdw};$nm$`MDQEwnJ4kK~^cgwcJWPWHoPQv9*-v$zlj0PVn z%uu=&QDn#*=^>o48m9Mv1Y_Y%V3m;eot7}~8ZliC%s1xw`CO$msaDlKf10DRkD_p3 zly0ISKZkU7ull8+T3^cK6#fo6oivmQ)euP4(lD8hbnO2&lVs+Jl(MTv4Nx~DPyGw{ z4|g{{mMVzoa9{k-OTET;sDvC3Gcoj{wgpCh;28V<#&5Bb#I$+PP^MOJ&|;q&Cpqot zI?2U9w5Kt^{ojMJPr_jtDYaH`cq|0c&H z%$;UPR;lJXnJ@blq&6f=v2g#n{@tms{wIk4y^-{Hh0}ODld0~j+2c;qH7f698{D!J zsPF5$2Ps)=t0b~3T{W@7K@{;u5VOADZSuxa>o0^Z(ft}t#?>MUlmcv4x+!-T9%mw@ z1G!LLxUeeM452r2ahzddWM|%K^AadDXZ^}men4CZ@=iqT;r*yTN&G3RPxN{pB_SsDBas)y!G4^|3p4xf%zKyEpnCE_6iuyr;6-ee-YdNJaZc8g(%kuOzRLZ(Z zzC%I86ZI93v;iL4om?fvAcE*s0IsvlKA+0s_UnTEMpABehryS}MNI{6Y5K8ST!J)B z&z&>_6FCWj>tFK8ghQ#p1E96MlA_rjD8sTucVIc$>=@in60$9yiQ_AOF^T3_Xftb* zXky*jEvfc1h1KB+1Gi=`A(4;CqAAp46tTLSC-+bI|EZdg3)8(_*Dkhsy>Z3Q~-}as_v^demD!j3h1&ugCn$m`zD%$ zAGn|jl=Sf1LoI%-LhUv8Wsz##W1GMyj$Xsy#jT0C76T!WluqSy z1(Op>;4hG~YJ`xGxhH0w09mao>d(oQ0g~*)Ba7sXv@X^v6YB(;IGoQAlw<_5@QYdy z1@EZw-PdUT_0#w3@P`3BjAU!tT-l=;4snduxdpGu zW^)Qy#Nrn<(kKaMP1gfny`FWSuYS+*uAvUcBnKf%xvtRV7WVNGYU4zGT_4aH-*6uE zYKH6WGebuU9z%K8Wvl-BmV{sZVRN7@QPx<)FZGoW4|8U{9G3pv5668uISuDug#T{f zDi@1Skk1EAmeb?T*BWWf6S3MS^Q9MBgM$*%v%-odT>os_8y+~xyRt?^9P4~LT~v<= zNhGO|Tc)de|H4M}dKh}(O@HcBP*hPA<XyIqSU`3W?`qNvp^ps@c7GwV{{CJF4TZ zvw|}cGGQQ0Sa6(M-B*+!T3y?9v8`@6JzEIBZ8UK!C6XArs-{IsGiT>Jc>8q9q|=u? z!^=AG7xg(ze2j*3a2o%xF>`bv**tA7Fi|b|1DpR|kVIICB{Up46q@w-$lJp^S2iwF zf6MVlnzhNkcpZAXGjuWv1-{+kcYqCM+##Q1ch8^{(Vu__ZjqdnM0e^a;5T2yjFC$eNE=9TBomty; zrnIx*(-}#JZZo#QV4k@^*fP$cqOSYaxP!*m*$9yfh&hs;lkX82N~fr^mUlKG=b^CI zcru{X(Ch3)WR^Xc9tsIQ$ilTrrBj_9yMzqy`K@~XY=4c5#{4rCP%;*wzwEA&hxNUv z78W@aVITHN{dfINKIk*mZO`4Ij#7T~-n$TV*^~X%Q!fjwpJ&b3VOwvwsSNu<|9E;n z&=k(Ao;pNR!mE^dw}KkaBo4=C3eiHB@Y#JW<;QM>^)sqmXhkPwQ+l5sXo$A>mSlyV z6Qq={d2-ePWUa;Q#=dhh1X>EfR)lK;2eSO4{#vuYe=l_W9QS|*>8)}5i>PNyHY1hS zY2m!>vk+B7Rus`1yc&zWoG%1OvC=X`w^vg#6~3f=FbvGG?STz}pc zu?lw=UKonzer~rS+-!e_A^Tf@JH@o6wlxBP_w^c8M>xE8&Gr6%8GQP=^H!h{9m|+| z+M~6$SflxqD-}(O(bf2ztL@5@qCV_)GU&bPipY&n@fz8XoNnm*U9Qc&WKm=* zQGfW_zpE$WBp>Dgt&C_wO25l8iOf9(7~}*BdmGZ z>eVcjI2#0C9z31p-!HH#R_tSvbe+~Nbj2G4f{&Q+^pY@e3OPcq`Lko_>Cq6Da@rVj zqCn+4^|opAQurC$2W0=1x7MB>b_SvK3?X+8zx%oQyar61#4=jydx#BEZSgr`9G`1> z;$}fyAQ_wp#)>9v`{M&Zd_8ig^wC{O&>@4&1x##{K zqY9HtQHQ#b&X4AOtGqO6e;K7FRvM5|QGeZcqy_ISi4 zHh5G2k~^2_!w;olRLoW2dB%}sjf$ujh3m`5KGp-eQgXUJQ~1?YeNhlpwLX5u1||T@ z=%-eLvWAYP-y}JF`hc3f9A#&9F2>%=2|Feli z?UcWZm}9FVy?Ry%{#=jbZsm8HM%h(j3|s)%H%d9Jb-Nb}kUc#~UKs-|`Wg1wtzWN- zw%;QfvG^fg^qC?w%GUOL0b#$2ogFhIaGnSu0&fZzCkDQ+p&VsOE;kpASgB*iy?(aA zzCeuUF9S1rr|7(GAo$LVR3n zTIfGv27|5%&esRK8^BhQSB#AHS^sL2T5M!#)03?xVIYB z6MhS6v@~$ujID{KB|!H%TJX(uZy6w{u573JyKmgmXyAS?Y4T8fLh0a-yXIILr$2_? z2sN|4pwoEf1QVchaQ`GE?+x&dbiOkls4BX@FPi3w_`>T>4fk!l{DzBTtk|UY|rT~fj`L4qgaol$-ZmObO%kxbVUj=l3-lc8OIR|Yqs zprCkodY$+aswTA5qbkGB%Y%@N##(}OWcpFQDbu~(YadO{3wFduYQn%(abF$N=rt+> zmd5KG=P3{G$S_?TIy&cb1yCE&A)80U51XfIVzxq1`K8~g*cB;4R`e?%aq#|=?Uncdu;ym!uTLyXn7#!y))`hNE`W(=azOTW9fA*0K$k*TrP zz1AEtzn{xbw>i4IRnmh)U}!vVO2Xy2OcI~bHb_|7KYN@zXra!h*gx0r$?X55_t9TG z#NGM&GJB71KJa4g1Bucz%;PG$*wr6zV*k86W#@z3ntXSe3P_)sEK+O^`@Az;e57Lc zREw~&EyiBiL=xWl=1S$;9dd0yGeJ@vS(0@OlgXXkxivtZzf`%Qkxv3pQMhZk)Ag7j zQ6Lwg2YD05ceov|rrbBjA6IVRuaM73>&8z}Mzn{*d%VcqSKJ2$D?SQ9q9=^x8 zYSKZdkC9)*NZ8rEYFAUdENmqfowCwgvhFdku#k-f5;ROTv6AmW7sdx26vt1G3R;@F2eZApOVoIgiJs}bRsjv&=X-)QX>LwTEPLVg933NiNeN7~^)xO(R8dH?b z*KK(_g*zEh*L0hw22bo)Eh+FwE~HueJ*3E$BopAte~u=4pIXroVfVoKcUC>~J}Yr2 zHVxinZ9<7H@iqq{6mj}?4l=6h>egfE#P|EH3E%Q7MHfPX2%C~=N%YnOj+)jUwCr4F zr^ydkPlq4_+6{gNdm+&Xs#4c?UPRn)xjaLZbRHmFm*x_>HzW9=`CmXi;Zt}%Qa4xkMeN^ z7lJfi$OiHDgLKlmzqIa6ky)CYn04QH1^Q>ck&OSA`)o*RFMl|fT1FHiMk=XDvLdbN z_Q-you@~N+>>aDmnrm;$3(*94I=8$L%|$7v`yIUQk1Lg6r-!HcqqF0>>+*#&9O>*0h_UMcI8)X zk#E;B`*f5a{NRQruz+363$dVD6G(XQHGQ827SX{&My#22`{AA`c~hVJKD{tsAnbht zm9F=Rx(|hIssAACh506z)K7YS$@wl@o(J_9pXu5Xk(0CZ{pQX>s19!xu!mZJMU1_f^5tntbV4C*aT-DD= z&ZzFffny&R3#Il&GK`zY=O&tvU7!{NB4Lh^HxdrY~{wf^8Rft+FU zl^M>FuI@{ny16GKrBt(g8z?iY-`H|g*DnC}hy?CGuS#~&I?&sU-(OkkOwzc?0@w|) zSL?_AL>Q|ViML0kqK?%~{Xu^*5QCn&_&&9dXfp#_ZYJKABN71h;bOsS85@?c0PT22 zQpIme?yQ@sPp8|nH;^~wh~Ep7s~&qC2I`H$ujs1B;px7EpL4x;GQS0ks;mxD8L#sq ztK4e}y8tQJPlxFAv^H5DqiS+p_+6AHEbnJ>ob7Y;y8~2p(qBFitX5(SzqCnl1tJC+ zt{qg{(j#7}I|^sg{&2zr-dORo;^)L^xF>uRirY~$9Ko1WgP-KEShLWTJu$1NRC^l; z97Jx!enlg%z=k1}h$@6>h)6h4^XF=yMiZtC%@B0Oukj1Q!m=myRmhmqX~zB1lX?1m z!}It1bbJvAi)Na&^re7i9Eko3>6@AF$I|54n^}qH@3>qW{s9O{5Qv&RgaW62Z4=`$ z>_lZ``#$JMNxS^0>)~LnFLn7aInw{I=JKl1j|%bB=R1!?3U2vqjT+z^Nt45m_-b9g z>ATQM>R`;ZcQ5$y^7)?h%Nrc<%V~L})^aK}_xfrF>v~{32j!%k zZvL1Wad0=%;pPtlQEk(2+13{HLWveYNl9_( z;<1%aHO``~AIPu1XJvg<`NU2vUN&>rss?yYc@}7c(yyC&iP5yAOoVM3>Vrk@?PzggElhh8w*s!ZYD+;x>D9~A#s%c0T}t$K z^6ew?o;H}T_mJZS(U*vIMv!LuHD56%Q;F3-S?b)*>y2H%Wb;n!)V>#ohf$F3@4c zv1SQu$5;z`CHMJt#b75ca{RBakxw{-PgqE^gd{0BL-2zVcqmzGD#K#Qo$5RZ`7Q6OyJZ|6T z(YIm0oeqyTIXr`>hD;FpbJug=pXLhSk?*GI$#;LduTrjDni4Qv=Kde6R+Ub_wcsL? z_5vBOwYeCWwi3$gdCNG10$@gePi$~(S-q@nY_G(nFx*aOHSgX{w;zlSNi~Z$w#1!M zR`LFPIY|5^*k=`f&H-vtur;3*R5}+NFfOtS=VE+spDQS=*%oCQ?oa{y#r)kkSv;~6 z^;9`H53yJ8Jl04xb}jr&|DAnDy`gUi!NB3X-!&+!WxZ|-WOSVN2$|7EbZ&4w*BJY{ zOxm`jkCktUr`}@T(XVx9^es0P;nB^u1Wmlf(Ko-g?0u)#$?| zwAu{1z`lrQqmr$6Z|VSV3-|mQcgTWZoa?1AH4N_eXQ(^KPOB6+yTJe})wTQ?w z?olRihw?!6#0PH^_xbqrQp*;aeh^{VgbB=;2`Z3T^3H+qwY+XZnU~9<@qgHOnZGR( zN1urJP=^rLwjlC*SwQpF)9B;Sw!XHZvHPk}q}!-rp5hwEHx>dyZH=%E;N8SfV!s$!s-5k^{mh>Uggog z_!B-t?U_Q@uo+=)562}4U+C)cCJ6mDMwKe6wy;QEypRW-JJpw~!!<}#?wZ01MBqAJ z&N?G$gX5UocW^~W)Vxn(>P>Z^9ksBk{rFJnWVPYE_uAkT=I0xQFpoUNZ1Pd={H?}F zyWfH9m$k2Zm7M!Of>v&Rf^DRwdhp-B^SK1%{WaOcnE;cayt$ctx?LgWt(|*_Jd2UeLX?H?GXDM*LXTq=4J~h_(15G&JT4%vg>bNi#zT?fo@GM3B?R$A|@G6=6c*j zg1Qgx<8TPTT$vGjx$UC^oEW?+wH(4G`_5BnLfF_> zfAs*8Umg$6boR@IrM|~W4z_WcP13RifVCDB{YXQfey8_J4y}B9 zWDWCv#L|XLy<$2bVCdbPHUE=~i_U^EtSs#!eFeYg&EIr52f?|e7VUI_kruYE`L_oi zNf)ts3B2>m_Q^|($O{}pp!RP%(Y+?lI_f~5TlNnTSxC*a5aa5sXxFA%jY#6b%b7VS zDOi_Xirn=c(jNv3ky88d!yl3@;Fe@HLUOhqUzaj;w#fDb;MxAL zU!JJ^)m(1~xjwU(a!93VaE$qSe;9elXX}Nm`CSh!ooVlmcxg`pIbgya$kfj(Qjzyl zK{J-j5n~>m1oKg|(nK~P*C9QxU+a^8meD@ptu?Wt(|yeLvhB_9YhE!h4F}O|-n&80 zbx7?k?eA&ZvM;Z}sJ#|nh767m;vwi0hDzacJ8(uxbIHa>BFmIymEd+n5 zvTv45d~o7t+>MeIDxa_K!OY>Ct3t!FvU1n5uH!yAgkzjYkt$}Nh8yc8@rPG>f$6BX z?d^vk%;#Z*sqNIRBA+noEZ^zsNlF_3eWDyJ86HzJ>F%{)&VJdGaNQR+K4yV?y78Y& z_VY#hIm-&G1sNT^yF^egC#`Z(Zx7gsd%>r1s+Q7pGYJU-$TACiM{s{ICq9~>RRQ$d zV1SN%`Pr-SCVBhlUOrw!Hub0!g$9RR@W(kP(Z|S;&nS*c5jo%SFrEm`q0ZP2@{l|m z;%Vr@9aycC^dk503Rh5c-AIr#nOq+ffGK5Pj zLy}EUtNnib4fY7bJI`Zt#0LTvn&Grt$E6Cb($igf zk!x3|mfr~C2TaG8Sk6ONCP8UyA&QwtC&fu=e5le8G?W{H)i1)biOLi9czdav zP4n6#uEr6TybHOimg@6EdCD(so+Wb{YeAQd4<}Q>3<~^FJZ`HkhjhB%m;F!GoJnL) z`^6guP+CYUfVk+DUXVo?nwbB3y8>{&%s}-tb(L-&_c2`>q;n;xoP^s3nzS6XSgJ~` z;ntV3Cut~h)>R81XC`^ek!Nu3$(WEOE*8Y+_i6jkx}JV~zO#6gNIgW}A+8MC zVjB-OLV0yxLgfUhXU55mi*$|OFI&v}P)^;aGh&QNHL&^Sx;R5l@3WjOD(SP$4kw*qDq!y5?=uz~OC=)X_~;f}*=KB1+^#RDnAS-zw#*74$>gyFh`p z2FwYVX(~t$&`dgQ3U}qLvw6_2-yW{--x+2rD)?b@4WDFAVT`h4OvMq}!fxDQM+B#1fHDetqSVr8|{Gl3(lL)3;R-2EYXWgqB>q z7||ObvPiSIk3-d!P91HHZH?wS-*q#pSrU)4>!B z(hGKwXQy@tnFU(&yqDaV?ftc+ZZ5m|4InmnO`zG!%lFO5-?y;r2dod>Tu{Z0DhKj{ zK~<19$AbjlVe`dW6)SaRPMX7`_)UNcJ7{SNKNWTr+wyu3THd7&qM&0k|EWoURUOI? zXM5iA8_?1^U<7!}JG|sFM20J(!e28IDjjx95SQ5OBb-YV!HvjhcEGH@rDolV81?y= z(V(QH+8v zh~(_by_R7gIA2Mq)5kj`%tb9>Oa-;&T{Mueu}94%^(Vy8T5HxmFQdmLb#oRqR~93S zcO~l|e^smN_>sq3LA)vAH{I?Ju6%s&po;`-5l8h}rwC7d`#g(p@H9eB?ylCJtTya2 z7=S4hMi!rwzv3CCu)_t_m(UxUJ#~eyqeh@(&Gi)9{xIH*UnJtTXF}%57OgKIdq^T4+}!XLX9c*JL zw9kk=)xXgggQ6!0DrX-aT95u`LNF z9zBKq1*o1+c3-Hwr7p$eBmy-Z#vLAFfVzVJDJ4(&Z|zjx%9n>1)0R&tqkkc|1$km5 zY$R%CvoHmMzuJ3eS0w?e@!?MAcjcX!Fd?wleHDtUPf%ucSW*}^FU<8R+);r^p4%Gx z4R~e%x3lys%$gS?eRwH+2?*#QD(|G$2XwrJ34U)*l2W9uyy=b!-PEJ=`V$~X!IZlU z)J5)S?KgMLH3fJ7PCnKpkV9~LF;P$Xe7Fv|Q&IMGF>Z&XTz=l;el(+Q>kfns`|t^m zqr8u1BVG}V+Q&XZVN24SJ^L1tnOR@G0tv(i>JdLXhciE6qTJz-Wlb8Z=lbzF{C-Gv z2YGQxO67g-0Li=a)di(^I92-y%|G~n_B@21?*)ie(TqG_{onO&y;RJ_?RPmLQ1v?< zFXW0qh)rP+I-89Z>}cz#cQZxm@&Io*{YZ`t5VUn=qvJrK+lt1U7(pq8e}TU6c;+N?Sv-mJ^Hx+# z&Dl^0pTEkyVaL3o=$qVQlSr!SmsWgqhez>49m09U=RMEv)D*gKb7X9m!PZDuXIXJ$UOa!2e(C_H{(f#x*4x}OtP_hp1fwPeb5 zBmo-06Nfj3J}J5gewqOseEXoeo}rzW$n*WYf%Gir5lS2B#wL`|2~9!Y(T|GR|G4i5m!c&4cASy~%S;+G^nIZi~%%vPj}IPTaydoeuIt z?*JAQ+8o58HQW=8Ezw1cDc@q@iu&R@rQW7|2wuY{Mu@aM^uMmAeruxit9*6kkew1WquSuN4>^_Owvo|l7wgt7 zZM_b**!*sY_%vngZQ=p=6PJ1Z^*|uzC@%6IuI;?R0}J?bb)v@B`eF^NdBlbHYv(Z5 zSW8=qqi!LoRr|H0KLvHMt(z%UIv1U8%oHk;TIADJ0OG8CsaUq2X7U%-t&z?bahc@3 znOGh*o)BmV0Gela6Akh0M}46@vNQEsg#!<6Ao7DK<2|_^dh*_T2yc!6XDs;z=8xVEx%xWgKpwV z)EXrWh7nv(;S~PVD7(r0G^UA!Ay+bzy=s9KHn5Qg=re8EyQ<->P;F#|H1KNWksfyMpEkMhk@BW?W!kS<|$+RXCvO}IdQ(k_A z2t?&a|MB{xFMn=Nlk`xI z9mWwJk8-e_B@d5h5>ZV|C(gbG63iHJ#>}6@Px@YePj2A2hs{yfYi1pTn*Z{vLvYKP zyR1CPp#w{MXscCXd$r5+IW*`<9;T}Vc*i6DzcZK=<=OeWsM%|SOqa^|fJ~~LLL$Gh zUp^&g$6Ta(uMQ&XGnRt{&$vf_Ay!`#~FPi}`tfn*x?L)6DPs`Y5g^ zq!iJ%1KcgWl&_7*Qgg4~_9yg(1SV*cV!vl8`a5iVh0Bgu$;YfE}U&C#Z=^7+jR(Bo zul1B)PUv~yCu+gw_wK3}wj(eofKTz`Y*tU2><1+G?t=#Y4EHn&PN$iLHc@)Y@x5f; zi0atK)^-F-leM0dM%HY=xlOL*F{p(U4|~;jcsx&U$|;B|`TO$UD6T7D{+MF{RthDH z6EzIcy;p(*2ds0yvc&enNC?MkdwAXxV_sXd;$V1o=JJPCkcH`0YVk|eOIxkvK2aJ8 zwz#XWMJ>8NBB$~stCAnTU`~BM7ydSyYP>JH4-t=pA)P^~A0xu?^Ku=^XZ|n;b7K2)<^Z3-#cmK>|7+~;Z>bt=-+ij6Qi4mMJx8xCaCj)$}+djLQP%qty>$snynC`z{URv~F zy#|ElZC{@=Am}jd!Bi#(~PK|7X9~|p)QUz)CK_HH@tAT00&w@O9R;Y3#&kTj^~-kaZf9+ z&y*MJakXj%txw{)UtjHDeoJz{X$hb))2IL8)KAwH_a`427%G9Pb!d4bKBc?q^i;l+ zm$HulhEhd3elUTeZ~2aq3Ey)VFh;_C8tkVY;6BejkR9VNjL#EQt_Qu0#Fi zq?}HMyCh9`zvf#OKK9ERP;&mGP@nMA=WEhq8784DmMRfpj2st8r@ctVu6zc{4h^FN zC;?%2*@uyTe+oj|`w`fn{JM*E2tV5Rm*sGd1sVgYFb~B8wqC45BsrHsFlma)QR9RZ z5f+WaOuQE=Pp&Fv5vLS^WMFPNiabB`x26b=^>DT!s2x5!0pbE4WWQhKXGQp4w`XF! z!Q!~@1J6E&;ZHnyB49wx1v`;T*Yc)%_Rh2w=D#<)-#7t6>#W1ZJP4lP5siGidG&2Q zm6a0dqnUoHF1hWaGsCI0XdiiKgsa1#ko+BZcznND4)dEKp?Y}ZdpAfFP26ijkSg!z zcM|yda#N^c*rf) zNUIs*{m%UjfED#PtCz&vM;Ro<}RqQ+PthM6L$d+;T2lKpy z3cY?R+$9UNlhn&2SG~K13l9y0uNL1-wP%V1w^hmcZ0f zjG1AO%zOQeW%D}^V{xH`0v?Bz!)_`c3<+MiiBsmWPf(l2sAAVc7yWmB9RHDJ*%kU^ zvUpVhWGL>*^`$<3^!P^>LyTb($Td(Mmgs$_h?Aq=>59@du zxb~TdrNy(DLj;Fl6n{5iA^X%caaNUc+_K!tupSM7RI{}w;k{jxgCu<$qQUhg@GzXP zi_4G`)0Q90y!(|7~s1YMi2Y`*`(e4VCf89S^P`|1k~>${sY z@lAMD@KT!_00A^6ui(hZsf{ePfuF!9o&+81Nr^d9sc5&|o}<#O4luUoYL z$_llW=3eb25HJ!*m#L7a`U1<~@D*5K5?+i)7&IVK@8Q}@v&tiN_AOW%l*cH)Bv1x8 zS|_7hAb+2=cpHbmzLLRAJz$ReoO;Lo2y%l;Q_BW$uX)>tr*$tUCcX}Lfi1)+%{5IM zfrKi932W=A@!8j-fsl2|2bu)qBNGFP48#nL)aR3eEd62krmyuXx+=RaNUM6Kal>y= zGmmFoq3RB~YpgR7Cgy$UoshAea;weDLO0XIaCC7Bjp8pIZet;Wk*>i|s*o`+#F^Bt zHstZ*RMpfEqmBShgBm|*aPF&9r#Er~H~r#2Ma%7m^r0K)y+0QC*pP|5yVc_k3r2&c zY6mwt-n!|5%Tt;8str*xlr>4HwYC9{cH9Tp?~44Pfa9&q*i@_k?RTU1y07|Kgky*K zL_ZB4z!lZpTYk{@qhBJ)I{Za!;u8Xu?j-qMU6xvi=d zB1wA*B_@u4m2HrLhS4}9#1;WzR~j#IfRh7wP}Uf{�B$R*D8&QF$+Na-F$TkYnl$1%^ zL)#?>MwQd4IVN|)zFs_@fuRr@+aFXi0Hp4NG4Yk8@b<+WE1h4-@cHA=9Qmsvyvkt~ zuWD}zhGwIt5(X)K0+nhWoSLz)rPj#OA;8H8(P}WHGxJ;*R(&uOGHk8*czMu8O~3-% z{A1aFG*=RV!|28Ws0Kd3Zxc|DmQExxxq;rx-RjP;Joc$P4&om?2OlX^zBen$_|hKD zd-J&_8rSC9G|&7z9NYQm(Y$`qlH??HoOwblWm4RXWNr#7;+%f`LO`AL#o&APebi>$+sJ8ttW}>rXt(A*Ocvw-S^Yp{F#eL)~LldJPs}&P8 zxQE$;_vQtmfZ*MeNK@!rgPr2T`)5L%8y4k{$cj(Q{}fHmheLO$*7B9-(uY2{ctPiy zi=@TS2!gy=>B|{zTLo%J2xJYJz(imU{QUxinSTG-Cpr@aleK2`5rt3tN9}Vr6l-I+ zRI7}jBLF&CIe~U$%n4S}^78SHZuIlQAhBu`oPEas*h(pjos$s=ekN~~Zd8EOJe%Va zujPE$Ti*82VyV1$y#!(_!2C_OSe_dXR`lx!xmOzn&9nXG={y7Wf(1zBrBopVQuGG? z_IYfIo3vyt=!4hLdn^ix`Qcgx9%IJoM$Shfi@qIsfZS;>8H%WrHTT8uH+*eeU^6xz z#Br3**i|c-3Os?YvB1)LobIk$oxl1%rGN#B+FZ&p!|TU)k4$Uew6@dyZcfEDj2YfN zc=@-vjK3IS5&{GNG`?g0`R6*&>{u+|bRe;M}}evnmyPL#`;?q!jZ$J*7UmA=vPszawiee1`&T>jx5q3fkYDTU z8uq%9I{s|8F^}wm)x|}rM|5(7#r2C!+H+wT=~o?(|^26C)rvu$=`!sfPe%}U=YmK~4henZ%H;KIG2GJB&{DLQ`Fnxy| z$LdN~Wp1<>%>h$EAMQ>u?{uO3_JrMu-!*DK=BxFwlxmK_>s?>3`!(jDo0U2rVJ|p? zGygyfiB09{4G|4e?2RBL;c~oekMwv5h^#Y-&g!H*N@!P8NuFZbYK7f9J-aDzJK?FDUN=Qi` z(psLE6S*dVHXJ_!d~aY4>4*029$d2>usv{3_hU0U1LV4Le*GLP{bNVY7#@}gAQ_o< z*vFY%SZdRj&1MRHd1a z>x_ab^T(IOA|y&u%4jhkMQv~$&r^(KH^KU;n^B5J;Sf2a!_9;#wop#u&p z*5qfcyYL;5qyBl2$Rdac!`?W*2xaczNj*i>OB~m06rESWWXePqh$g^}l8LmX+ma?} z~e;$fxtFbDTLV$CtHrW9F0!7A zZduML<5Jo>6nAC$qHe|g*AQqiR3WukFGk9T&1sG#y%#;lN6_r23XC-E5DO-HcLUpI*={ra9njxXA9-RC%&-$$|8T7uet9b=)S$sDLq+5H_Ef*4t zZP$8Uqei~Xfw6RH|6DlV^&hGOjWHx)QP#ZU5Wl6B;07s1CJfHsU$n0k|5ci(Nzct! zKB@1GNBJiGjz{i&UHs1!z@jN2T;%f(TlLO@DIcD_8u({W4g;OBxdg zVh?LuB&OfO8J?YH7h!h`f_ScP@1w;l$&srrdgWfJ0G_V&G)k5poBVqqeon{h!SOIr zbH3LtkE8qKr-Wtr&s0j72o1z!xa>2BEXw+=SB)Uvz&0mAWf{aNsTX8oezDMpE&dkV z@6Uk&o?+d%0dXH}dUs6+#2p#S0O5S+Vb%K#GdaZPmwLUrNDeHKZKIDg;5I-TIiL6~ za{vop(ag9oWqMQj_p%_vot_={ar2!%Pk(vTj(EQ(E-%)+i>kqO-kHzNWJJq8g2>v3q2$CAtPhzDU`**@-YY> zJMEd}*H8iPx65t-`aaCymmKQZ6&BkU21ILQiT4Iy!osBPqo@*MN0{w$;u>X~TQtuv?NhIpxeDAAZQHj%aI*p6cd02x3L14| z6CkPN*eo+C#t+UL8*WC3E=~mggy4eW=?ZW$2)6l)r5&nvF?#-ttfT5&vKHgp9^{e% zaO|hyg*M?3q(_%wXbA-)68@s6Zu|qGyM{QkZ~o-@^ZuG&uSf8ap%G(PZW?Dkt|d}( z*TcoC1L%I>Yqa#?dPt#XdI^CzREK#A8F@VX?Dw6@-{{;t-^Dp^lU>r#-0V~itQ41$YdsI*Zpw5b;htB-2T7~Q?nJh>aZwVO z5>RuxCtQqpON1wU24OGEI$}S%kA0%OxmwIF%ct=6`9py|AhAgHo6S5ba=mRW!=Xk$KFzI$Uuy3~8mWCn8lPRdgKP$T~I{nKOYA2%pTwUWD1 zeiF6WEk*)=e?pV=eAO*Nx_-ikQD1s>7%y2FI*f8botbu6+6{C5*1;cza=x9ii-vw}b}0ISPeZTN$pfPLxEctmpfPo>Y_j;lZS?f=&4KX2JPdy8e*W)F9$?wvT4^*6J>_yE4U0) zZU1pE*I~BYbR6g&hS#*`)4|;Y{!A!K$$B8I&a>ie0-{m)DmshLE$9V4HETyDx0mtB4)UzUlydntZ&_ z!i}DqSUmxT^|2|#M%L=}x0j8Oq*xQ(bb}jRP$;Ljv<(j0UA89Ie03JcxtY=1(3{s3 z2f!h&iYD4Ji!tHhdw~Fl*tg4*Tv_R%Rr7p>WZAf#U+6VS+|m=Zz5{in@xlaN0ZYz> zh;xM$gug7S2DBo*(xdhgGUbIIr8T2&QUmmb{$Zi0xlj`-vLSQtpsXRaVMJ;Ui4WPj z%@f&T_$VJVKRD1?peg@DUi1*EuyLV-(Kdp3&YAFh8vJo4rlf|}BcF;E+cFRMqBvhG z1RlwT_;h=B3iXSyk7CX9r@Z^<$;&t|!X2AB)_c5NWL1eT2TLAm2pS!jtMEheE)(_L z36X|tt1I?Kk%GBhFM|#RpzYRInqiys!F-*R(;Ludb=tlLr{CkoxFAx<$1BjU?swj{ z=Sm5a`g|L^2uKRnQD>S?g&H9ABWxs|kBQIWa$VjrZQ0rozO(8v2j5RIH_4k{AE^ATT;rO}HJ{&Yd{4mH8t7?Wqs$fN zmoPHq>n>)}F&eNY0-vu1#0%DM?lTzEW-^(UoRO1PzsA(-l91=3$1jno$8Yiu-?O{9*Q=7PXQn>91|rPaSg~B{{xNZC?@lro)wO(Rt#c0Q z2EW@0rW5>Lqwy3k-dWM-n0Op$(LjAGt>A*}4%_UB<%&8NWLzNdfr zD1Y4ndV1fWJT^!y06~}^I-;(BC%f6V)^l#kc_aM2XTUx*ES14P7-MVi<~$zz!~|Zr znQ!`L6Vz>bz!fNWJ!WfZpIEoZ-nVHl`R9PGL}S~29+MC8*6^=ZQu^3*&d^G{uAc|8 zI?-ppZ{DkGK$OB39-f!z#l0ve{_wX0gkX(agI7uwY>gWpii31M>QceK!{EWd>Ok6hP6ZN)`A+akth-fB5ia zfQj6yim&0w}@jAaifH%Gl%IkdYJ<=+=MPchk}pI z3nOXClz#>Nm6oY8RI`ipvgD6SSNKejpE65`%S?8%QpF1x=dFiIlj$Ly-q&yS_G4{r z)8A021PsvjVcqzb8&?}+#UO_B%Y*XnoKIEr^mE8$#W6c8$*N!GeRXBrKX)X4gOFqP zLdPCXXMjul<&n8P`@Bhzzj?yX+vHakM+@{D3)UoFq;tf6+QpTE&KVMvt4Zy1%;$61 zSBm>EyB+%^D8>Nbr?)($%n18!R*u*63pG68DjjK`!RFoq0$=X0MMx%1lIC5wT*|`r zP<>!F5<)_r?$2%dKDRbu9zq;FZfUVr$kdqSPYnd8ixPF|mSYjgVP4L~<#0-4iY&2k zOCr)C4==L6u%F3<-eq5K4~Q5ZYG8ACd`}w-X``G^}SN}NvMHfQwRuVA6yehYtK8CLAh?{za zS{t!a?n(q_ynfMry26i@SkHHPmjQr?f9ymjuFLMh3euQh7n5QHlR~@zWWRfy;g?D_ zXs-LOdxNbV%yS^1nJ~Id#NIn7=JTNQPghg(g{OFgYJLwE0v(^c#2N&_sSo0Uhn*hE zZyKOSg^&HDjQ8mvzcbOoPh|4JcG9Xyrq8_RRuuM|t`qYKlg`Ok5`1+$*sr}%e>485 zUDfx48*tVH<@Zqp*Ux?<;x@Q%tv`{-No29}XT3Ca03>L88T;m`ZnQhnsN0bAH5k{#OXAnNY$ zJ4TO~?@nIt&FV^A^V}|xB(W-;L}MX*&C(zzU5#OIOp$GU@eAK)3v%7p)Nla^r6G~O zhEG)bt-6vqY6d2E={k5VHGBnQ4?Yt>U3^xoRX0CZ^tnAR91HW}b4E(=mj>jGms#bI zs15ra%R2UNQ@Y#+xmp?uI+x)o~D|g5b zhUW)_I{tDU$GG!l4o3x#lR;UQQ;}2<^|3ZBt{g${9TtH#Vvk=)Py{=!j(Dui{cH|%YToo)+)(7#2u1=eodU=ISlMxY)V`uxb!Mv_{(^*s zg-Nq(bO`iNgM3vA+4eY=Xi^4bmOCR$h-nB9{Orz~+HXr5(C*Vb2d*oe(rR(n?(=f& zeVka8f*(tj*((T3LArVOyFOCnLhW@%TfO#`ZMp(d3#n-$`Po6e4f_(ROfAu~|C*%#Zna z+3FJ0GSPv+gRJHzU~j*vI-Hi&Fh z78Xwa@A$W1ogZ%-+qPuGMb_?5g?GB0kcBEaZ}t15B+WZH57Z%mo#K6#K3=dx!e5Z< z$-3VYfrw%tl{m0|z*B77<4I8|?f6Ty%QPjhQv!!_0Cmfx=n(uwqyT#U*wCMFPbNV? zu5U}0fl+@ys0iz>x`Xk9BQw?_b(~J_{+44Tc3w7p07*vgAtpfyr|&O=84sZT2$+Ln z{cXEP3p-ZN_)sohzudF3QXBie{3J%l>0HH@*%Tu@&H>)>vcGDvmdW9p_K-kcE-U-= zu%|vQqC`5A?;(-v@`0QAbS$C&ee~MFo(Yan~?aGO_#6$yB*9jHgV?0LR?_74lDVCD@x;i~j|7^0Q%O!Zf`4?qf z+{3Ud(BMPj@OSNkcyc?BxB3h5b-*r#cYefskdkkA`BwBKcc=|N*)O*}Emk_DCt6(k zYRxWlI0*_;X5Y^Y!qjKIzh00L%aP-zs8F%20Pt>#f2WV5`=;WU7`W6@MI2!|N)V0& zcJ1`>na}&`2;mGyZt2YSeh1! zIeV>Aig$R1d%zVCLF0K$yRWr)-rA>hNNIGz7u2rL{m^j095r;9u~37EQy}WR$9@SI z+vQ)pR?xw46!x~ynh{Xk9jY(L1L31x^yp!2;Kk8z8Mea!NXX;cdTfAGNqu;o3Tdx? zgwkl^PQR}x;b>uss`H>fy)V~vm$z}&AZFrpFUA)}?295O)5o96=G1`&i^*T9J$_zQ z$~KRe7jc1~VGiSwr?ECB*@tHkGD6I2)uC`Hgv_Z9t&TjtwygXwg{VF7qBH9WTe|1- zV{%5pHRoM%PP|{vHPD#P1Y_B^$>!lT*mYF-e!@JnR(+GmeWjzuflrI0P_MMgq5OGl zCy;!dvf)mUZ4^5q&>>6Y;+0Eg#^2CYnO`p0jUn%8AK_UJ5K09XVAQEp^D*Y;&fYYV zhWGoezLX=}&`<9hR>xZj(PuAESoM;YiF1dSp>vWHF?x9YS$RNSKz&=+<1JAOKV{$i zFSrzzsW8s>H&dBw)c&OMb~Za+vqhLUKU=RK^BPl^X|4p>{eFRjId#@vT>r&X7V3c|ivF5$Pi zhT#7lT?8jr)QH{pcT(Nbnzu${Z`atnQj{Ek$6$G*iWVnh(Q;*>E-&<6(jmxeU zCPH^-T{WsWqAqzeXsHbh@>xRhaXb+*IH@3sh*s>L3;rmi=cZ3`cMl)+=8@es4S>}LaN0sQ=_c`7^aKS_3ys9X5g#P`ej^q`{z@+0 zbpHiNsKld8E~TaJNs7#ZE%g}JujvRPpy(DF%WZp-YSgDoym&fnN+AA~=m3K1zV?1`njP`w zjoudn3c5W-_VnF_XV}4dfifWfs0hyFbA8VLlwZ%bZql%*5QGEtN5SC?-;u7l0;G z@o!V8Px2_Qq)f|{8TBh({#_V%dgc*Z-0tl2-7zKi@>>Q%S+GB*;hKd?CBK+6DI)WS zwzV?LEP0YF1gR?OA_P3PS`}(t$I1I<^jQBX8*W@)nVi?J(cK%&HnBgyydPu;;cHMB zsFCFX#&w7-?+?+13p9)CBVo*|hc2yFPvP8|fIAa=c{t`vEY{#TT*z&I;U8rOS7^ z++NHemEdj+r}OgUfXyJJZ!!n-YnuDkTc23w;13Ux^`QpPxE9u$14j$_aqFms(|`;@ z*WR_%$%~x_+sgO0uX$GVJg_(Jm#5RXsj8Q(XjC?18C@UFQ~0_znBDoPA0>{1mt9r9 zQx%qy#(JgEmF@X;<%3BXUiy^Cgc)Iq8fKGjt&M`zUKrF`?v8{`G@iW?d#Vb-w3GDUtjjHgSS3NQ6zW0UfSX%NI+RaN_szV@|DZBv#O~p4j!Jwvi zO7yx2{VN~Ap9TBx%w!c@-rTb;h6q4J_U3PwOIXxO$sUJK>FhBsw5z}Ccm68P)#iJt zV)PeE7Tdw(2CMcK6*BfT8Qetw;}MoGY)?em@KQm73#CR}N-Led9C$9)9S#e;)5B?-}CHUI8aU>tE@bZ@e>L~aDJ;TXxlP= zXmi`v3`h*spF<x~)iptP=q~(njDENJ)>2h5`bRJv z*xExK0a~(zg5*}Mmib8E@+)caYxux~fl1@6Kca{Brt70!X#1@Z_l4)yWp2VCWXeB3 z>|)WOVP)uE@i0A4Z1S}(XSfwq#uefNlwKmktVJbh+ECVYzpOsy9-gMEf*$k9d8?oe zaCg=rT(6SWh1piFyje?AKtoQStVW70P zMLw9A8GXB5;_!^H(St{CvvG-ZZvAI{Fs@_r8wNS_hN*zlFNc-_b@wjo8Z>^o06mxh zPq3fK(G2>i_=_n1RJF8iU{vHY)q~rQGd%%4*88FKSdFMI;vxE8sM}{S*n$lqo?Ps|w3VJ*GjNN0@orky8;D<#!0T2(Foa@(V#&%UiJY|m>9eu>JP?GBKYh@c(f zPaG=M8IyUxZzKJzhysJ$Tx1{UupCtB2g<}xI zfTM`FF`1{Agl{VNI;^(mhUVX;MrD8eX+N_Enaey6rT$NmFXz?K zfRE^bN#{~8GGFb^!Mr{BXy%EUH1j39K8iv-Cmqj>N(oG#vb_okfw9FxW!Pa?5Dr`(!MIf{|lZ$Lev zCom6WcPHL3Nk2cdh;u&L4TpK!8#rYpo>N#pCNkQxH6wra0-V~-&{mm#kfwa@moJ>4 zi;B7ygR7%9VV-rz=7Bo9rKE>4{vDwI;z{oeb!b12L&mE2`#DB6YRmVo1gG8F_-V@L zqfK)RJwf$=XkOi5pXJ#jzT0rN;P`THo?q+QU45w6CiqeinwjWCB5$tnlN1|j_D1S{ zSgQiwk0Xn(Bfo;cdK2h0@1+UeEYCI9mH-%MM?m2Bh)gud$eZT@_g74HaGix^*b}8( zM~`0ipy6xTQp_~;^YduV@fWr?Il_OEj^~Uj)01{s_z)5r=QC-p#5pjYtzTICjzo{G z2U14=;ld|q@cp?PDtAR_RBSGB0&Yrw{h%4-2g53yjxA96;_ae@mj*edn9GMad_BHn z*FuXT;|BiId^R=v83BxXRvRM7UPq(JiH#1!S0zCoJPRQ+Jx&{X6Og-V8r1gpYB9-u zyC(J@p!G8Qw~Xw?Qx5RkI_k~1=dY=|8PdGpH!c29d$fnDIR4_{3&=LBxN1golXRc> zaNlyDKf^aY>&-nFw(K`(LGqmm1T#4nSei~-dq95wGp%CgJY zL?CA+pIRAYryW>iMAi-JS3{ua%4WT((GMV&$ZJ%4jOqM~XmzRT0Iz;?aEN~IjfkG> z{CXoVeFQ4$?`uR)Kw|2+iv(8@afO?g+f4j#PMcQ#GU_xr_e!%M#0_I|}Zg-bKi z%=z_G6-8gP&uzjolD|#wxutv5X>U7;Rb==7!U|sLfgbjIxr{q#eEFRUr4_I{i}g$e z!{`V_{-d>wWFdu&M{^YczdvF0i|Ezl6S}sn$-LO(m3)sMtPNs)ja1@viVyaDhEpVM z9s)_a!p8v575VA z|BiE1!vS&G%VZzt1-mWoc7z$J4%3L#__~$CHVntwflW1zeJojD*2h2VY@0vBlt)+_ zCoIEuo}DolZ>iC^&x9|c3k;^LvTF8Qk)|5jF~X0U_A9cL0=#q^)Q3^Yx4%6_|Uq?0L0sk+mE%$x`58p-nWdL9edHH%OhnXUQGvG2XGuvMY^$tVXhf%)l zQ^k0?O6)Q~JL^sq8KcHPs%9vbqn~RQwWKxFRLAr9*)RRDwPeI0Zb_ssjGK8d=^xd{ zwo9@*{ETW1zZ@=;Izy)5&(0C%vg;TLeRR&rN>ucseONh4&vWqU{evqp>*Kw7c!e%T zsF5pK_(@-o9zgeC&d}%B>x3cLnDN&(gMrNa8CglFH&%;4OeFACAr3QtclL%rliN`_7;CIEaAvgDR2Ax zsF+i99-qg!>+xb!l23Q~H8s~kEmWvC9rxuVFYjHGeEzsi9K{#=pyC{Rg|4Ihx<60- zCd|p`nn#KS@hUiTgGrhEDa#W;F&Ug}y%>M)j(a3hkupA}dfhx=oAAq)X;1BxUAAH1 zmRrNaQYmZ+p^iF8`8`lU)u58yud^*u&f(A0yd(tAub?^U0%&~xp*Qgs4tS?#%CpLH zWbt-V;p9EQqbz3JJ35x3`*oL_3oU~$g?e*4zFnF%=Iq@cTK0D|ySLgL0RT+#`99Bm z=KL;T%IkDl?sIotg=v=19g0$Ize+LF?w|aboV-L>KQUAw>m0s$L<7N|SB!8)>s@OP z?*0g=M<~@~T`e;`2iFoT5QzCcw#Fi`BYl`Fk~nUohdBF(un7{6AM-;FoKh?f3+f&M$KmZ{3X zm)mJ-W2fqiPL|n$nzj$&xt-)&(vxFsg^wdU*8>l~@A&na>K`Dg`+b4x;Xd!3hu|@W zw})%D$G#onhCpOAAE8Hh0N<;o-cSDxp2VN0o815+B ziBB*4d=5Y0>eBZ!D`5-ISv4qG-=?LuV?@%wxHHG@PuR9Kw%hyeT}_j_peF2zm#Z{r z9s<2VX_h-iWM==o4}Uf`ZokvtHhg&#P6AP;@wL=H9oE$Y3?A9z{>@)c@6bRBYV|%} zU4oyvvQOsYe9;){9h*w^Blj_box><`LXG&rvEk_6FIO|c%hTBjYmuz6jJ212amNp# ztQ1OQNYC>JcpiAQaE6xd1sj+P-f#*Rq1GzkV<=bS>R%I8jR!6{zvu2gvDjtvX#LZY zvaWP@s6T~mwdy;Qj@I`iIrsDPJ1=-oz3S#-0!9gy)uePT$s1zC^JzE?zc+vT2_rtX z+MiGRs?g8zxuMH_F}+>6s~>Z4X8UIA<;5*7K?BV5^*+BW26_DsX<)q2Q|5CkbIM5< zdNPL(Jzrx&^WQy|y0weYwHn?m0G2)a{1`a-;&J>K&@w!*uSYhfP#rBIIkIm)sA&D+ z;xQDpNX8C-dioFI#!=ApDgMi~`SLZ-C~yerFmBhUa>BBqQbuZ@75di;S35ZnNGKiq zAbj43O}w@w+P5Ty5Mg9a-?f#|=tzpUGs}?7U?80mhGA?}C^i)7ow-kV}GXxatFB4pkCNDP!@(6&P5nT z=BIx@cV3#b3Fj0wy$PBlUT@g{)tu`D?EG?JOZJARpZ6s{GK08})I$tvnGPlp)qv7@ zDS4}_AZcH^VvC;7P-t}`;gVfA8+D5 zA`6Y@ZZPm+ocyRrr}>o41h*bXKb1f9a)L7=Kst#>KZ`PAqGEq05gq7qgP$B{)*zW~s+o9t7LjgH5}-3;ZY_kzlZPl?swp z6tb=D+kfEWW%zf<>hb&r!$4dpj^XR8g|SSSW87jp7Z)jBh!YM|?gVs44A^t`R=?TG z5~8(pRhZzHTLAvzh$z2qx0CHU^(}^am<>g@V7P_K`vMEq8kBB9AY`qh?)mk3%5VIQ z#q~Yc`hkBi=n%gyUoOTfGZc^czIqIF0MJQK5-Wy;(ZF3$G)&D<{nT&LkAMLH*rHr@ zp&|jO#@Q3I-a`feq~l?hft$PS%j|n{QC570`yf`2*QJvq+BmBdtPy@t-t6B_n@jia z_OYGiu9q0Jbu3;^by*Il$$iHV$U(jpr0hL0LUdZ`I}%*GNtr zSEsK!<@dpkkcBZF_){P5&Dov*#@m7}Z`y`mpSX~%i{5FgekFR3ne-c+Aw!%{#8Yd^ zdCDuZzD;S6!1v}a_dOsZ}+`Qa%bI7z<7SL)xE4~MhV$=Fwx3c(jd1ba3XRmGk5un0{H6ke> zWraIjI?fPJG%4T;#OzbzLu5*%K9z^RHVR{Q#%X$vH58us7mOS1CM|SY>CX9PJjD$1 zK_9r;zj(RgxB5|@!uThWw`;(PISN!WA%mmgc|lvzD%6yV1u$mC^S%mGo}6#6jKD9z z>DLY?+UMM_cTWvLYf9osE!wFZA?WvH!~rJsGpf@Ie>=Lt3i+%vMC?w5wQp0atY6e4 zbkgK3QtcCTLZQb90kFQUwZ($!JC;xP{K88mUy)ODm=`LGSmK%pH+t0*VT(bH>Htc+ z{sR%x{jG?IBp2*(CCtQy=w$-)b@S~UL zx$pB>Uk<^{YQ`0RKq0JugyGwyDuxQ>dkl33GfG-UOmW87{bYNeAU3Q+e@b9$4-yL= zE>pBZbgDh?3sQ^X(1dQ#L9dxI@Xhu_GqZ3`0`tQPM_MqhxE`Sj6+xlAqtJGfzD7f> zY`%Y`vq|D=f?n_IShhbe$~5fb z1J9o!>7bqX;RKVYtX8Gl`Fx(K(~G6~Bpbu)=eNsai5di964yRl-DRuZ#LdnfbC;xk zzuG{No(c|WidUy`DUlyY`UBulWz7hbchsHvJt4ZJI^P=eZebepEv!& zKA-WoepHW3*mr4|^7ktj{7!@qH?O<*Zi$aFCtRBB4lkQ3;T)#|qckDj@*XWR?3s&OMG+=_ zgdrL{mWvlmG@$veoI5llmnu971ibDq+29%RnIl}xV2_rWqw;Q>L$B~_y{jOI zM~`Xc;h_!z_kGN{pK_+v_qSsUu1EE-jZ$<0VKcV@C*!8dyOSb&61-3 z-0J3qWQve+tRGbMCi#_D7|+kVG4ak*1=HO+556_~7_?wO;=sBEQ03kw5-384u>f#V z2l@_Eki+@(`%c#tBpkNr3pf(Nc-rr)v)X?gox0mkTceP&s$!fF_{S>L-xa=@_}ub! zX#TojPZuJ7 zma5PsFip_E^ydyJXpr+5n|49T!Ew*4!?U+kMa@e|xY>D-7xo;Ev{dP@+&biHe+OiL zySKMueIrUi%d7Jy@Y_BkOd~~>OY`#WAD!3Zz&#~WIRk-~_rM6jAGUiz4+rOX)B3m8 z^~%T^MZr`T57|n`v9C^W8njD`)akmO_6sm$lBsMj_&?<&(fGXzA-xFm$sZjZ@Mju- z*#iy9Paa9XisD!p&i;=VF0dK80sZ7$&CgGq!wS9g!&Jb;My!Mxi=o;Sa3djdF$uvp z8`e_^=nQ_Q=HA@SD+jC=p7Yi93Y7Du!~vt+q1Ub0|Vxr-(T}^9O{}hSl9#o z(t+RawRAAl#>srtgmXg!Zq@+oSrZX~>=)cTf36Y87WBSIrdIo=MEkEOmW_CT-Dd)M zyUUc;lW6=-cRVW2jJjfdQUke!w4!kMg(^B~1j*k{zkZ)e9(Vb!^i11X$PzO0t5psT zIgO|TAq;J%*Y06niTSvEMdgp!YC7yGYQ>?Qx{^fRi98y#Ro0onxaX9%mPYg4-oXkQ?N!P zpXi%5KM~oJ*dn^}DN#Lc-2TbYJ4%3cTXuYss9k;;^hYv+!uEMjb&w=8?z3O=$Kye} z%zy-LyAAugi3~vOc%3w8caK$a6!6{6iUu=%O0d9zwk=tNI8nd`q{5et3eJ37jJoTl*8K%>V59vB`b}d?XeI6 zVDrg1RSuAbIZobi`xHTJC7vJj4S3{d zJ%_=ExG0dC#>+T(Z zGHstT-?*c&0i`Jz*EdF*tJJ@LP1>95$M1CEQ4S#(){v?mHg$A%yZZZz1E+X3&igHV zceyeg7V@XPEOx&=HwPZ_k;pzU2~|FHeRO(Db||wLEM}4&PiVtI;2tAZ>=P^wUohjD zxnY_nPDgLoevxo(MSa}ctkcQ3P*gK4li5yh-BGJOw;O@LRr7CYq*auKbaa)R2BwJF zCa@}|nq`DLL|QCws(6DiNOOEWo~61KM|af!{N7+UEPf32yN4R|y(d~8z5tO+@G)^< z^5&MVKVbIo7MU0bc|q#R<&%LNh$i9z9(8TTgNsI7dkC-qnk?LzI^7$WP|v1a-zVpH z&0UJ(Ol7n6y_&BVv&b)fg{88vjxXJRyiQ=YUN65{19f^wo?;^_raIgn7)#>dK5m76 zC~jN@-4^P7KaHQaSsV-{|Co0e2;)-|w;PUp`ZW41_(h<{8INvX2qW%;n_=NW?RYg> zi_V+3mlpWZZ;IZ5&D>1lwpzf$O;5by(Vkookn{sRV9TQ9EPde7e4Dj;Pz|oQ?SJxj zN1hMomR|VtU(_3F9d`nyuZ&E6X-C(u_n<^HCsG+-JoBQPi?T-+*RH8K`NBGy$qz^* zx_idDjf4-C#4?b=ta@Kief{mnu3Z94V1u)h#|hjUcGS*Qx*Uaq@SqZZ1Y${^XjW>q ztlQ+)$iCl=(@EI*QPW9C1@Z!$mAGc_HRPS`@ukVbo=eO`qYiyC1CX@eAT)PAOM=Ij zt8;&^CrOZvMyiZp|4>%wcXmphXGlR=qd7hH_0N9qg;#a_-JMY@x}NwND9O2RNPr!7 z^N@@#0cnr8eLU|s=KJbLNG^RY4edy!-4H02zQYzeqnePC>to-zaM8uptYJ#;E;!)QhH)sy+J-a$F{nsft zH`StEVWRT3DxFlI%828(xM}_-<;a%2iw9E30Y0G#Xxt8CPS?4(XbCFv@xxFz0il!4 zm(W)TEDWmy`}luDYj$&4_& zBO}V2Kl?<%)BCIfEC{Xz{`~DX6{MaYaQuz^Yb(X`Wc!ksg9oUGC%HeSvxI zAIAZ+qyNyaJ&H+KU)l4CyK+CC(~xZ1JMjdq5KsM@9Oo&c6)ppc0Za2>;b0o&mW38Yy^r<6jfmLyQ5r3(>RhB;MR1 z>nNlzoQjf;aNI-dfr7 zD1|Sy&At@n7&jQ%^`{klmdRFpZl0!Ba2N-wgAWA%xmDL;d4pv2U-7_rb5QN8F>eZ3 zWd0VMU(icde1>TNK|UDctRIqIZu%kY4+(?nhZ?A^{Fpo9NNw$3FTHI! z!}3fUN4+`t5HI*9EFriH3?O3rkIARp+t(tO6rlc<+)9!CS-~cDH`z^&Z)~bRiSUwr zP!s)^^-eC|2B@&|JYc5fTSFsM`RT8C2^XiAc>PtvIr2w_uRR=-T{RJx888vShhd!X zgYqZ&PO4UeD&)|8Vve%zJ2nBn(qC~CR5_`DYm}_<4gB1=zBe*t(55M-_4bG^;^6Ip zhbHe8iIZ|fUtn6xh0c%j_je#J$AsrrqOT%h-&8g%mivUJ>$$l-?{GnQVYk29lR@mS zC&7+r1Smi-hn1mQ12+R}o5_i|NY!ktwVbbG6Rs2)H!AmKo2}Ud`-6Xgpb=B@Ox zc4IO%NZp(`Kc+2%?w_Vr+25v{GA5~^l|krx?Z=1x8@IMv(}bO3v6pK&{hh}OIj2sHB9PwPoWkS?hG9<-koDKFOKOd(PP~@*&F$9`m8-)mR(hVc zUg~MJ0O)U`d%Q%wNweZ6NhmZ)8$nwPgdB6}IP5}asE$GZXGmnV8%xKpz+slD zS|=t{AfX!gJ(8GXpw%}?U5G?2hj%x804O8wCNVex)}WfNU;HyzR0l%Ni6By~M&Bt0 z1^S$Pu{+;Ud|tfUI#LtC*DkpjYHyz{S&3j0CGl0FsYM_8xEU*4j^j&z{v6w^rsGT& zDNnNJ4lIisquSe2+T^Ew-Tq`wIJ4OMm8x6VWP>A_FD=w8GAP5V(6`b@XQ>REdeiMCw;;rK??$nni ze}6bv@8;YB&O~GAnYrd-sv9w%utgPU*WwhMIiTP00e*j~3ht|aeN@k)$*buS5*}(s zy9+ZNKg|4wW0HHVqgj%STk?V8hQqAmWlnkf#3a6797FGU;(ojq?BeQbb9sG&FX8UJ zX)(IEWeQIY%gxQqV!r9P|`LzJa()R?dv=q^@lm~p54(o4}4v!?}=M}9H$Xw%jM5i&iFGCIl-S_W? zLdLB<$5nURfS%hLcF9R)==x~^lBvk`woZsgI zP}mD!SH#8qeMtA(TGMMgZp-uw+kJ(6IPytb0PxABRyxIt!hLU%*-+g(9cj8#mQuG7 z+eil7w?*~5BbNa$%%<@$1*Zb`Cs*Qnk(gY~{_G+%%`f>qoXQWFK4M1+bz>;Mhm{@$ zN`lzn(%K`VZ64wm|v6-ifBgFGv{}`dK#;YfV2kKLlaJ%}ec;IZ>PJP8dpVy-KQ{}6&k|%|01Zny zxo@BFS#A2cbh^Yz4*v6!!jkjY%eb2&d`1tdYknT@?|xy1H{_k0`_0F`tKJz+Z>jI| z1kr+_InT1>lO*);YlU}u;6k(I>Y8r{m>0ZJAR8Ll8A$q=P=fDaUj95a)iM3VeMR`@ z062K+6aLTZ9oTue6Yt9yJ29ne#oDXD{1p3pa{4{u>f6Mxh(89{I@{tq zC@<dd|^y^DK3S6b0y_~8$$S=)3S*m41&U3cc4_X;hLse_N;93@K>&pc4 z#JtC*;@Ku^$hW7#2I1qYukO-VJwOCgiA7P3)WLdQMKgvutW!Y?u-qJ)>fb3sUEcQ>Dw z)Oo3$tn(drOjIA862^~UnUr0ZMQryEsrq}B;NC?Jsf+hf69VUVYo^IrqB)G;YiqAv zS|MoDLejTkRP$RWK~SMz5Xls~qix_*=-9>my!{^KOW)>~`1^AZBU1s@-p>FfGp&4- z@5MhI-QPLy3Qo;@CHpR~J2+Sutu04D_3kJopEJTZu{1pHp7--U$nXKF#kNSSXEYqg z$+vjys~dbtXgtHYmr9dQzL{Z{)R>-Dn$>^)AiGWd6pe)&uwp^)>St|@o}A*J$M0#K zdVqs5Ru9+Iuk8!^xVa>lr;qTf=6f1{7)cfJxit&>-t7U$~`Doj@UFse_xL+8}~0-_9=(NCy$io>3S{-Q{s z?(~nI{YMz6kW`0kw)eQ>&-aR7c&I1QrRuo6pekFsnX;!$h`rdOR>$nTZ*Vw%mn zE}V-k=xWk#(51vhZe(PsF1H9ctL9~c4m_avJBhLqM>p@H ze6NM zwNEFAPhUM*I|;p@REO>P6~Bixr;Gbnu8t~mCpTXlH8O1la-Cwk7LI(vpP!DPBV!MvVyRkA^S+!hxL@r4zwQUS%*VcVN8Hn@&iMM! zu15_QPVAXvg_^Jil!{OS-2sUW_o76XyPgd#+dyZZUfMO(G3x!OeWIDcC%gl~(l)h> z3TFZwOu*2@IR(ruEvs@Vqe+Ilt<=~8Q+`q87JgB6IR(_4F}641*#Y6wmwQLNYBk}m zP+{6{U1q-_UP(PsmYmEd=N`7`zI@EM+}z(}PR7yfA5g$Fk8LEBNyMC02_169)0m{Y z5=-{$K#>{Ex$-l}`aoT?hOf#85&&Lr(ZD+B%SCoR5Q=#of%pK&v=&tknT)(D>~l42 z`^Rk?9m`6U*w5M4eO4F)!h=+Db{@W2Hf9G*-9AQ~yre7KOR+K19TCvUM}eUoeAQnQ55xCPg?<=UQa%R;!02qm8KZ3a zX*zzVuvJpTCY$qy!1m*+uTf4XhQz*TBC-PND@QNG*Hhd7$`;bE)Yzrr0OoVfGnT%Qwo(LR16;XjvsiIDprOey^; zv>{SMzAGkt@nSq&wO_)anzLU35)R{zo+Vpo32h3z_$?G);mDLStS{$_!Z+>TXaV=T&3;$qZ*B>{OeG-ls##^&c#%ya$m;plCq2^#e{5Fc7Et8%`vmF~v5~ zptmb$_v<91bJm80(ZSE^>CwbHt;_R7H?BR%!V9i0r;wSGMDqQ^J>Ki(dUKf~t%vH{ zq@LF&3O(V-n%_60zA>k{j-F)D`g$8uL5q2zAqb!udnoKCO0dZ#I6(WxSD~|$@QMsL z;#+GR;>v!VmW8rjbnY+Tp2+s{80CQa202p4oTaFy-EuUbkRLp0E0GV>s2)&%n;wnD z{4PXr_N`Hf)`;sOt0x`%g+nsZOaS1TYbPAJF=fw=q}fnt@93%kWn<}T<*bp zJCs+UGoKf%TU-5+l0CqbEBIBtlePG)Mzu#2!{j&7_gyznpwDu|wCZwx#M zDbt2;zCv$JCV2W<_50wU&Hdw`Hz0ZemKN)@S&$p7iUSgg)JAi<;&r|J_MWywBh}h) z?j@1=+`G7t2r+qk{=pZ1`rD(M~V&$^I@EC|Q8Z`rEX! zf8fG#@D6Xs>IglD@KB(c)1XaYr?N!ZR#p_$VI82$uPUUgK1y+4S!Gn^3j27#uU&qx zU!SyM%pjg8IexX_(+M3qT+;VTooGN&YO?xFhrbdEnFdR0yZ$?5t1ZJk;W99j7en6Asg^d^<`**1oCO0*P&5STmX)voN)>Fwc>S`wd!ht7&ip!i<@zJ|srjosvil^iDA|56UL?h~9DhR)y>tt(M$$%>z zf?W_-+56?SgjuV+#f+Qu2kPRAi3rRl?BFpE4;(C*$RS+GWMR1=eAwVr4%;e{`wT;f7dDpIF@Z!c%~1t+_?-kqUzy81-@VSW_4^T2 zhi{6lMcqt+GHzuXZm>hv;ck2m_C$)O^m1LwkfJWeHu4gvFvQo>_JmF%->#jK((Y+2ACjKKiv;M z@?*Y*-qI(eIwe^8`0HNwHeX}EUAX=9k|W^( z1$BWT-DPA&yIAUAI5*d?Hd%gG-VdnP6@~?AK8k{+5_0A7^xd~Qe+b?4r!iJ&Qn%t9 zoPSq^uK2V0sTT-NA(E~SRJDh8y;hoK5+#ap$N`p^l1YPp(?-$ z7x-~l89FkDysocT{_S28=4?vOBpw%c z`Aaau{Rqd1e7fx0%y}t+_bbmlY-|RA3h+=16VH>PwV(y*+Hn3>2hekY{xbIJ4a9p( z{rOkpSNvVo1Qfhp!ZT`h$l$k$WlPLVvMb|Wp*zqOjdx8C9T|W6frIGjNqdlI2K@w( z@?K01VYf6sR_fKI@PW*TBs1mk%g|tYW#aMvrVmx6Si0;VKfHIkIw{XF_Yulg2BMe- zDWOX4;f8EUOEAloQ>$J+4hD7&C!qVHSD(K)mWHHE5cwwSHlYBCbCBX8!E= zZHf@gY9L?40&H1-}59%L*WnJE&@O zbu$9zgU8+N!B3{M>Jts{PdwXqQ0T3$RF^fvW!_gpt~vco6ZZ1#i3 ztBFSf=>^ksILDB;=Tn84_D73#)@If3@Z7EeNEefQ5?WB|IvtJua)p9#-a6-f8N|wWEy+`bl6WL zbYadz@VdXC#R6|d!!yqW%kLrouG^n zunTI{F9b(>qOS(SDg@a7Gn<(S79;i3m^*Mzlu?@*Zj+b=ER1JebfTH+v0?10cV*67 z{mPFFJGxDj?4FN50?IT(eFx%Y|K?mi10wxN#>`v`(MJBZ63$-f5tcY0-u^xqC~Z4_ z<#A&Z53^kptQVz(BMHmT|U z^fR&{NJs1X-sJURE)=RUPaXp6B)?tELr<}N`{JSLEY2_zyy<7qxd=YDk%{9YrEjf_ zv?7ZD4B_)J@^4EV?%Ce<$^KmGH8tCBjTy&}#8vVkgBr2Fy=++Qd`{obj`V?{b~el7 zdViHkDMaHJv|Fk7PCp4g-b|XZg(5D?(CV98UW_&NlG}1|x5HyNKTOCVFddL`#)%hl zsI@4WpFSUo-vXb%vPXiufYVKf~$c{w+MU-kZF89eIe) zj|M@t3Jm4&hT3}Z{gj^w1xm3wZzL+qC*;+iU>?KQcp{+&dARLEKJx4HK2$yrH(F30 z1sbx`n3FMy2k})ywIzosgZ5x%dp~1Uv#(au*1W+U3duZ=rUplO4@KT^|JZxWsH)a* zZFn0P*d1VR8+COkh^xDMnX9{d8Q8H^(5+jsz%DEdLOHW-=Fv2JBEtPT5~?@nfG(YbzfK99%Sk;K840ZgaBLxy~V14C2sxA2%|NdU3zGk z@&uF$l}_g3@Pq*pUqus{g_5vHMv8Eq7_!1>Ba0~Pkc&)E#T950i>#sXm;`W8@G=tH zMiMZAAq`BhQpkv7)e%FCr^dUPVB0`EKFIXjFb-3gf{9whJkYwuVj?23Ea>GJShTQB zMic0v(58skwMwZR=nUam&|EGuUQ)9NLxipnPe_BT--xOND7jIjbcWC@fmRwW35x>+ zJ*427WRu7b5GkDrXccHm6o7xYa2*jI9Ys34fgKXo4r<)(AOY{SmF5N=Lq<3ThwD5`MS&XfE7R5TPA zylzCl09*?NngYxlMynskw5oYwER=@f9O%sj@@NLM_=!|@oLdRxTqL83K&N}6PE7>itp7ZF>aMuyRv#X`P}%D`F7QK63pkHnN()p(1|N98CX zZ>6P}tujAGNDvc*z`GB-sSZ2N7G$}xbkL7Rh5+i{a;P?ulb zOZ?Ew?emz;Y`xJOM<}C#xrhr+Ye)_q2gv=w?4<(pC;SV4^n6yB7M6x(2va-LuQnq6 z^;Ck#jq~f2L=3=zX)vx-Vpw6fk|-Pvk*s%wu|5(Vr`D)pGBdqKJ6Wk97}+Qq@}=1g zK{Sd82w~V|A!EsM8r7}DD(QZ#5v1t@XaLY_V^*N8#hcY+;Af)?ke7)TFp2>yjx>rh zS$>QdEktgQAhuGxE-6tiLFO88N=B?E9!SGWD1eZIEhK7REUZRMV288#b*{cx2K@eC zzkpL??2GtI7$tBgQAvJ$IBF6|Ax5MHEikg5d%UE!Srk@vTm_PlG5`GN~@QI;;uM;&P%`Zk3_@E?JQ8 z1zm0n_z+aC*Q--o+|b|?1h##Y#T_*;xe_KPDg{v&8z{E|;~!e;fEOC0mwALP9ZJOV zf$VWaisgqmN}n1&f#D!AWI-Pkchn?G3~{U+9CW}KR?#GQ36L--0Kvr92x+F6KkCPD zRUrNYvx{jZQn^5;>ehyRc0bk!TRdt-On^gK1BL)wi6;=ubb%gNJ#_SNByMJbiG=yY z1bBsyhjVGPkuZzxivlw#0B_7ftyN@KD(rrXp323mKw-qgS1Up)Mu6%AX(KCHW8*tm z3=|kAG{YkCff$g1i@fm;wAmepsDc_p>HLnkiXFhl-3A_BuL0g;y-^yFpu=@u_A9M*C2%}h{JkhUem>R5rJxU`AuB07z1}f2G(l_Nfx7FWk7a? zxK&K8j*6Gtm@Y1r%Z-P5MkWUUCw7Jk_5lSQi>I|ap|e#5y+=_O*T*8d`64f31SM{n z4KXW&{jmSsEu){-a$fpNx-N9pBMExp+6J;1D`1q5DiWM ztCCq-rATbkqKI~$8e?@tQP9>EP|Ja~obJ#my#^jZuZY?#9vn#ainL+}5!f*7YLW$v zE7d26N5GT|{XAe#l>kq$D;$?Icu?i{qb0Ck1GO~(CCUAAGEe9vVxYVMA01<>yb_EQ z80c+09RVApxoLEqHy~wefVvL$8?-u*eq#F2GMCFrivJb zYo$A(fChy03U|;?Vd|m|GQ&=B>vcW~3V1C%phRm$V_6YBFi2A+AlyWPB#4blV@O#J z9|q;;2I*QI+7t)QHed6o|mfg$$B{U|@)BaXUTAXE7i$18HU|Dy+6Rk>!ZM z_2_X>O=X*K42C!yg2aT2;?S6(g%^p!B@{CV68dCejh^5zIq@2TAcW?I5TGs7>;$nz zoks4Z5Pc#u-5c{VpL<45gm#6lXt<{5Q<4Uo=?MM`DNWVi9O0%Y;j zsiMJ%T!YpS;mWV9&7W|in9PC6HO9-<-*vQ+8Z&M3tK z-859UB`(&wfW8p6!tqWGoy%1_4b-sTzy@Y(F9R2rK^qZ^hK?L@)?cuT8;sMll4f z3|b4-QL4@p!P78GsGwLOXmZ0+O$FtiAn^RkElh- zK``!B8RZ&e7$iJ7ORv=s01FAIIKLT**;sLQJZcd+0>J=MnvwIo9*qMaaxkDwrOHf> z0%xw8?jVBJN?Zq>Axe!oCUj#w3@n<`{D5CK0d6cR2P9}9 z>?47;R@h~tM?!E>r^*OYFd~8u3w_sqr2{s>70{ZHMs9TJR4^>2`JwBMECoFxjp?_SuH;dTYON9- zW8uSmI9ZIB`H`RSaeSZ^B(Nih`+@v{C;k8OWB%Jq0bxh44*vR~O(dWL3x_x{|K;YW z^kNWMVoNka6kl#Ou-s7!d{h77%|!JE&@y3)ae#D0o|Q`xa13f^0EufP7@$=EvKcfo zE@Yln>eqWIZY~u-?_{zpL=6bp%wW``jS?JYhE2w>h=CCrhtmKXM}VaFakN1JD8LI* zI3^^=EmRZT8fOPxOeBLwWSO)^6rDm0hg?)CH%>7HAv~fIo( z70KcPxrkxF$AvU5q%RR3E6DN~gaMt`Bs4;!7Lx}n4-@5)0hZH_aze|HGK>@3ku};5 zBAJSqUPKO<%*bg0okbrP#$0ZNCSq1Ou@<9+8lrikT(edJX;eDT1|b_>M#Mw^9-I#H zTruGJ#(HdSJdO-C1>h9oVuR=yO$B)#t3>VwZzp5~Uy?}P5|2nIZl4^P>@g}ZV@o6s z?(cXAn72?7k02&8aFm4P+j5Q{^iJ1b~I5XH7AqzHpP5!(lB{nFpeu2x~#=MzA$jEsYXg&rIa3u03g zJ19BXxC+pC0CYLckLO8LaV#qiB7tHEx+#7XgDNA-4_AE&g%aB`rIU>lieb1)8QA(mCgL8*W{is}e?$TE*j zpoWflCL0ow5(`l$rgMByruF#vXbKc+1RT|G)tHdg5HYcJDj(E)nOrE|+VP$s!OPi9JM~4wN?8W)t-BaaDMaz=S62=@xwq@Ah)gAT&nQA~^|oQK5|K)=|B$LIqAM#y531(Bdv zPoPpPMr%|`rP@6)J}-u`G8o>N8j3((chn+PvcN_KaPZP-h*DET2;2$KL&zY*sZ5_S z2I5_A3Y$d_1pzT@QVQZ8r6?MeyX**Tjp<|If%zuj6Z_E+Ajc#zJ5_IUMf_334Z--S zM7DtzGQ#4bX5gWrfaOyd42bdZ5mCwrS{sOJ?IH>*sMLbUk`vUJH3X+N0!C2-G+6-Z z1Fkne5z@F37r_pKTzsn@ZqjK}VWNmXE{^L|6iAV}LrRs8h^!?l0iHn-X^9F!fDQ-_ zvsoDi-Z>xD0SW{>F&P)+X#}C5N`Z;U;Ap&7poG_j8K>idZe}Q;GI2o?3o)%;(0xPN zE+Ngyq*xeEU=<)nwHBF&t@X-q7;yH~0s^p@p^Rc37KKLMJ1*VfK!wo;9m5RLLLrpc zhI9IiHsCU$p_q&amlM{TIZ`_{2*-ktFOx^TW&(6uv8)^~23Rbq(wKk+>o`TOk&(43 z22m(O1gHo&i_7N?$h|T*!7OkH^;Q!JK91_)aV-*aP-v9<>?$vCIY5FIH2J^_0HhmQ z!SDeIS%?n!2?I@L<`8s1!vQqQ2EM|9r72lKG>!zh4K<&HCB*S=8gfO%$qKW8ILA&P zcns8#DjJfh$$AyY2}MOgvY*98ThPcdPUh>ZNY%zFB_hAZ`7DJK&k2b5Jix?qgmPFE z0G%BGD4*4735FsLT0AVWdaOcNih?qe1XRXsf*4;dR?1W;$mh!l8gf7{faYwol;lR6 z@B}9mvmhk53ph~|HRxh6fLYBdkVffLg;6QO!}XnV4uxV9`WdifQn^tHSBXaZ2mvt^ z8niq;+!eqYJvNcR6#`BL22_GAze~y}JdYs7#dUZ$kHP{4SiYOV6L8sjlNv2H;srvK z$)+Lzfn?m|rUL9FpoD)w_#EaoRixF@<59#0MSKK@4aGGPHBJdz6-GlFs34|tdYL%A zfDE1cMzsM;6Gsg!S;)xsLGsW5jo})mmdHX0pc_c8m9u#=Psm7eP(m&q0V7fQ&=_1G zPSAw~P7{SE(&N=~hnF9Ht=Tm6|v)1L&Vy z0S@OwjCCA@qD*2gW!n(VudGw_OopuuSile2yUH#-~bT_9a^K;>$x<&3hl69bY!0?0N6^D+D8kK zn2@s%Q$S7-_+(>Hj<8|GBDqnaR6(1FKtPCD=~1+eiWcg00k4e@#8L3<8ZX3^K9og5 z$J%&U8wZ19fa;qGA>Dz!I4c9V8Q_k9lt&{BswH$S1JV*~o`7Hy2UIK?PX)xrM3NW0 zUM2^q!i2&&-R#jQL<%v1VB?d`E``wTf}Kmm{EeB!a*r`A~=;z)?htU1lst z?tu6KEnxEuWY9$vazidm9KcBwKi6u*Gt_vB-i;4Yxi};TT}u_aT|uD%sG{K}H4=%+t7oaCWOm5R z@r7k_0vVdNpwF8~u!H&*5w0f+dn00f7^H6eV!mEQ(9&aUz(ioMI)XR=`yp-Zbw zq(P+`gXYR4APyrZq1C{@rlOKVe81Xa#>TZ&ssZs}flY^qGl~Hm>|`> z8Ksii#p;-e2;ypPg_$dm&;b_>7s7`mOa`RO{i?7@YWMSe8Vp}5)`S=#m)_>r8(cC| z&?+GjB{mGo>J^8g9Ep%0rm#IBg#&pkxC9Y8@{uo*PL!ZfOiB>s*x4Gc#buBA-Atbz zM1Gh`chC|+99xssjugSDd@VbQgP#!l;EZ}46PZL&fIeZvE~kykH3x8BxdtUv$Mpg; zT@@8MI8u>aW42FYX~Yywn1+rW#u(4dR1<_Ix(2f-@mkpf=6lP86}PNFmb?9I?C!l0;~ zvH-I9_yJ;#Hegsvbl8r<#uU`BPy(!vXc;K{fbuqzCNlu#of&MZ4miGyZhbJIl`?<` z%Ml`bY!|(N17v$d7xYR60;0^yHINNqgyoAGBS7&B zc~VuThjxP@q;ok!Hzfa@_J1EgFSdHKu=7m9;H zj9Cn-_;?8EI9hl_V1f@?1x`Q*^37}(--yeY!wD4AOd>@nxS*LJVq=u zHECsRa@?kllRRXdNySu}bSkMx%M~yH63P^s!8?y(HGDD40ZQs*e^`q{B(v3Wg*$*^ z0l|;ijF@(k9VA2u&={hLl7wu9nxW)E;!B`1LiR9fgKyqpw*&G2R)A>V9Kr1Y!zV%oA()UMke#c`6M@V+F#QFy3Kg zyLd`E-Yv583^XC6L!Gw$BNackQT zXdfB)#yx9qRCk5(*HV46lsCe4)^&yZ3)>HL&+5%+*8cO`*qmSYhaC}wmjD3P@6p?8n}LH;|}Tq|DMJZm+xZKlZ52cJ{tr1^;z%I3t>AY7v#!n`X#5H*C%P|NPMZ+}@c3 z+xuLYeXIBXdpq?Xk(c2sBygi?gN_A<{;%8r?*kwM{(s^d_))On-lXe4=Re^}Mm0|O ze*S6sI)zR8ds2={E!~@#x*aAK>q+GB$C+tQEApu1)w_muU`(4kV9(dfT~a&W$MhDk z$Nrv&PMDP`^G|L_Y?3@tK4r^@{>hhKs?R_FDwVXKJGcIY{=3_gGUrZ}s^Hou=QBP z2OnL{-BiDR>E70Yl~acWVdasH!ICyzutZLs0wId@U^glUEi7Z=>>n;4x_fA;jM28}d{WTe>-P)Pw7VXx!RANF0LK-BeBkRyWeW^$Hwk^ zg|kOQ+yljL$|If47h0b9E4O3ir@iPQT!6N-inU7bGT(dqLQ zt1{CT_Y=hL9n0wSFe~wRWuI@0@s5_k*Y`Tz-uF~K`NE1333=ry4N49QU!SpFyCb3; zK2ZLg+%Ngkn&P%!K6H?OdRRPh&ZEBm_4{(uKU5ECa$-Qqm!~cA_Ds6n@728n3GMo2 zo_al+D0#L||Loet0e|-w&HK`9bJgvATSyb%v=^?f>o&gq;CT;6QcTAem;`ldl^eV?bW zR}Ag5Yy9vz0~^FEuKsIauNgR4`?<%oBCoO~2z@llDBl zrA_Zq*{5c^tmQvl51!fHrQMato!-gcTq82y-k&v6)^R&Q)Z@;a#Sd{O?@hKSj+lql zFE!^<^2fJF71W_{G;i6E;T3ld z4DO5#Z=HT6MYDH<=-9=r<8}_cQ&3AgJ%}M*AMGOFJ+9NoY5`+CorCfo|7^XwWB8*p z3+F7mFrwmk$^GpY9){PP`e*R+%bP|!7W5#tBYMV_US3y>cD-o(iDrBKscgl*futOu zEr&UP!C)&`twZ5vGTh&L0Z@$$0 zR8{FO{ly)*s7dtnl=1oE693nl6{wmK893*y#L!C|1KC^2)}-?_OxHVfDMRp_hg&0NsAGit&g!-I7hyEojftb6kDshSu`ym@iO^r_^* zt^1f$f+;F?Y{tW)_&jo-Mib86>{B=3Doa^eck1YP^jc0Rg*>H&CG%D3B4y|bpDLT1t&S%>C z$J;J%b@Vv!4BskhJsbJnPPd?I{n9hpjq|DP-zgKCH!WSJxBUAzEjF1qMI$V^|EOC2nnx2N80*MD*rZBDK3XVH!A=Wl2fRI~5PS5B`{RZCjVx@8L%IhEnC*4&Qn={`$Gcya9_hs1FRbU$>Gb8GD>t zx@)6*=w?ByQ?~>C|Cuwo;@11D{4`zbjPLIoe|Y?F6+XwXJ^1;}*p1wOxU-t&qsGi! zbZ?8ON5aK{UxyHWyuY&UygWkjJyCUZ3`5KcgQ!^sFxJYLp)B@J@#kJDsdp7TQyD>QjZl-{QkY zW~r{~{nsbF9c!>%roH^UwczHZ+|1`QCJrS1+%>jA-Vgqr{o`S5vRRi_Zjx-{tZJ?6 zfyeY6b?LZfz_!&UsIDt*-CvMB_JbW?6^kTxlw3FQ^zFU!L z12lV!4m0mwEz@J)M@=*W!aEH0w1{3Vp zw{A(jdSyLh-`C-HdnRWkqnjS`S1SaY+3(To>0kEbt@gfpTAn;HoGbbD_QsJ7iLPh2 z4Qsz1D_G}wzy4F=i>B|>4!07&T~k*T!8v~ZlbEF08yu?Kb*rP(KVNx3yo=uf-pdo) z$1d*8Q2OrFpwcJT%4fMY^1tNkDhquZHj_f(<>yB#`|_5ZdQd#EO46lBO-6;aG#2;68cY6(RA&utJ5RRp#E$!0u16LP$$B|$XHx6y2j@?(YH4crs5-Y3jh|3lIOJRN(=RlX?7g47 zb3YS?te6oBY?&s`>+mbyL9$=kqJz23h;ftlH|xCV!SIY%sG~c_DogTrPU+aKczp%Q z`mx@|i#3(A*Yr%azTrL|Hg0%fmaxM})~99N#78NC<&z(z-dJ=zf6LP4QyBFgijOby zI=cj%7H&*`HUUo^iX81PJ zLn8;z{yL@jAEoH$ z{p&;EKFZUz`O0tY zGG9NKcYaG|URV>}`K68F$U&LcnU`Bb_Wx*=*=l>8sbhRS{_Vlq;!``4?w{c|t5;_J zv7#M`@Um>){qP$}Bh^76rd$n`jxk)?Z zSG;?3e`4P5^6%TH(Y%wY%Q*XOqdP6>cY*bD(yZ%eig?Q}<~cjvBNggS4%(qUnjl$E zS3G!qy~mc*Yo}hR+iP?OU*7ETDy#NtgC8$XJHC5dDhrI@<+^Ll&+Qvi zFiw_yx41!i-GPQ_$1`$%(&~kdJ?AYNdbfY)YX=s_bCEB{ZP@aoab|;+<@AE@xe2Ao z$D%)*e+q0mQT9;S+qV5zM%Slx{ZDkpFZiQ$V(pugcS0|Huj+iMlj_cPJ~6ig#D^7& z>NjnBigmOoCMni-Xg^r{XW=gJ+%saCu2?4R>2p){yxk)RC9|6Kpmxf(MD-QP2fnzU zoI7m~tgiifxx}y-ZRqH{Q`EBf$FZgzkMEXw_Pal|c=Pbs9HwAmP)wWr_3O5%zMw}Mlh5y*o^;6nMCP6J z?((=X#c>UOai57p`At^O*vMI8xV<-aZvKVg&6jj;|E|H&?UIL^i+7JJrk__HP!yq? z6~DL_B(43$PM!2F>oGa}%+TPIHLa*Br(27>CcD!b3$8!$pGkUnETe}aPkH+CI@{r>*?(4aTvyB|G0J9Z;!Wo>d@Zfa@SaLFNC zQv15StFJzOek=>M*C6vQ>E7&P&ubs~P3{*3yHEcbYC5I(d@EUdqeqQuaIMkgya_9F z?8g=_5f`}I9r!$L-1Fk3^6kTComV!Zk(!hieB~@noi)Ac-_b2As}}U|V}`Zrx^VDQ zVddSXf$P6k;5P)GtXEHdKTUhhJS=B+Rhx&urW#5`Yt0K^43NK*{mET=_SN5i{a8O$ zH0a%>^j{U1D<9_DFK8d1U)6YWJR>iNYM(p;i%tD9Z`JL(Cgj)$d9R~&T?V~>{IB6p z&fh8YYnO7$=Q!CS{Ye;5>=U3 zx|2r6KK$u_dU0pbj`xpFH`_OH;+?>z9~TR59LvZ6Z?{|S-IkGwg1mo4~~S|4ZONhl~kK@e$C5_UiO-2 z>};HI&7QCMJ4B#N;HMzVpkn3sadRdf)AK2jYC1sr)mf=;DI0_j{+^T#$Eh>EK~+9)3+C zrw@MdVrc5koGlfFk=&nWbB7HZv~<|Z{Cr+1yrpY%>#rhsPG2#UCS-nEqSh9$Ab~JZ zj(LCw?{ihV@q5q8ykpk+@%$XpIQ@djw)}t9lezWI^o-QJ9OQi^+vh%B0{7yTzCv*- zZna$exb6M+@7gDK8mg_IRKEL)Ys}R>kjsmXoA#H&4vCm4T_@eGKg|%hc)o%`I3jQRBf!ecKv)y`SoQI7(_u z+%|DN7@5{h+y42EUVe4U8pw0p9k_JN=G^+`sRmV!wX~pY(YYZ-T{@9kih9Myiy(tH zHg9OFmiF>p-7c;fF{ckJb8GU`+$moNnlG-lsaVTC?H+q%Hhg|Jy#4wg<9}7J@*H0< z^38x|orX4S<<@`wxB9}bUw^XefBdV%U~!&ui0MpekBkKySXqspx*~I2Gat=vk@V>L zHd)=v-N&5aFF!s%%=_G+L4(C98ccF(wDk(CB|L9l`mgU;e|6cs=3Ov_8`C^4dd02L zmYeh{%<$w^-BWKpu{Ubiu&_uFArA1qa-ZIm&O`3{NcSf0PQ%90OQt8F<2BXEIw`i_ej{;7KSBNCl7^#qqWCi=UsyAuQ}e8? zqYnLrEB>*-O8D50Y9t#uaz18MN;q_&VEOHvN>^ zVkxoNCf@QhdvqtSH{w6|<8s~+{}b+~jN#-#${p4~GOX!M-~76{b2PV8yc*IB^Lu1` zZ<9oDjuML(z1Sk(Cf#1Vbf9eed&r@Uu6H!eTV%b``-!bzaG%I-5R^+cFt;W3=>G21 zlwo5E*Pc0*zppGC-QZGA8V#%%^;!DFTIZ*(Pyhb3RdvvP|MGsDtb8c7!GV5W=h}bY zDP#>ZFOWaZtlFLU1hwV8{=oAN>dDWVcVFOsUh9j#oSix(<ydsx+%KH{<6#Luux~Ce;sRTZD>?CR1k)qxMSMyfBHV{NsGI;(()E z|MKR}#JQ}@Es`u%6qj`txV52I=ymQgT~vJjJQ3l zq+rUAuZbt}g5jr8`kumbH-&p>if61$8J!BxA$38 zuC`nI^RuUxX7w=q`1&dFI!uRcUmp~>R$ZMF+PdO^uja*#!G*tIA`i&!F>+GjbjJyD ztIV&pcRiA|qv|DmBKseUUD8(Ztp38))=tS;U9ij>ea;5PHQ9ahm5$wXyyx=TdfJ2T zoo7zU#AIg22jbM&hlYKa3!1D;KPj^&ed;}7xAp+H-lS-E@4*bx*jww4=QlgObn|K% zlmN*0Q^z_US8vE6P`-ZlK{`3(-N?iHq9c;8?c@BRzlW+U+uM3l(+S^4xbEz?zimkQ z`vE(r`S#N(b6V#0Odfx1O1FIdY3V3_7AkE`!#l9FH9XlRZSBn0lfTstB=sq>Js86q z(V0+^-u(Uq&7KL06O)5-u*uKixoNY8_!MBL7WRp31Ia`vRRyR!}by4TWcM<&00 zkanYXUc3J9&JR0AN+^YQr4)>cyz_z~V{KU`b%KtRLb_S=RMv3zx*eK*%p3hj1%8h0 z@}~0Qr9EkrnOKLhB6}_G zNSDne-mLK%KNQml#b?(wJIQ{A?%$+cV$*Bgh6lw-om>n1)NCHXBW;c>KkQ4MDVRMR zT&*)UQa^9IMVb?P`=^jLvsQ;~IR-&Si%fj+t;Q$0Tft@=8dLWiBb31kw4zz=0Wg-9 zE#n#uP0SY78$a7H1UGHmb;$ERp@+G`*&j#CUwdD(j*6cb^)hf6YS4r@AJw| zjM{pmBKooV!n=6x7F|vJnn+Y0a{a{nko1anCtinrG7rW*SBxzS`aW-OwCe zdct?5<(-R3?T)f86&^=Jk>}x$Ok&yDgv=J$4*I#Un9tlWb@y?!VdjB_+GT&Y-q-{R z(aOfuou(Xs98X9YR<)>0ma|!A(;W@*BXcb4BH;%`F?*k}>MxTIX%_v#n{eX=`gJm` zPm@yTl097xw@!K9!bC`%?y+7%Q~r5({$2eu9ro=J%+@R&AfZl6k*#g>SabC2i@}=~ z@APeiXmw`O1?cK(>KUf2&+J*K2idd6dC!c-UTaAFg08-cxrBb*^WI11^i{owG~1W4 zIz40Defgf5rdGtC`B~&Z_11+`%L+;shKl~J5Hui??A{$uR0U7SH)}qe8P;N&!LwSi zWFdGl#&-Rx|3c~v2T$bpk(~>UFWY>a^{zk|pZKx5MfN&M1J3Bz0a*{qqS)l;^Pco0 zO-w8<-rq~R-+Hc@(~~w)w58AftMmCi50r7r$~r9QTmAChgsmMcXG(^b)lhb$WP5yu zo~4Gtjs3@_{Agb{dj83lJ2mRs%d!he%g-+ElULTO=Ih7Vr^dB-y`smy@qN6`+AcNq zza?ZAPiSjuvVLmT04TQhY3JIbyE^gwp2X^$j&pBh_@OLRu8ucBd^b&R@aiUX1P9^* zMyB5~prQ!o;zdV){Me1KtgEw*1V?_rOswqHQ%bKV8q{;n)Tngw^U>|!je|3aL81Yq z!;a?<)-Buf`dn=){)&Inek4J%ZEA9lAuo~Ya1GQ})x%7i#vXxUZNcb4w6O!c&aKbi zkqt!&nTLD}lQz^usZRp)sf}LUNW8r5R9V;5tut4QDvY6vP6*be6cEUFwh!|r=j{D( z^bPoKFNfw2?FK)3=i%&I>OZJo${%>9{WyLHvnW5TU7_3!Y0W`zcbRnY{m2@1-EJPD zO(a~HvbkGTn}5e13Ab2`KGCG=n(*bm{j;85&7QHMvA6TichxC7_QzHh->Dq3tTxb{ zM5rz{SGVk5c_DpWvwe$Zj^vK$*>jXBsj{+v?e(g4gZVQ`zh6x$n|@-_#ni%?x$6e2 zcB%hawyidsxbpdz>?L;}^!7S;OZ{uy$nEyqxvNF9>eNwYL;^wavWaC~=7 zS?a-^+5^)5d(hV(fsgj=%7!`92aUUS&@=v@YsXLr(0EMkO=DONWl_dUAFP*&ij}kJVJ{9CJweBe(X-VD_r#JHJ(Br7!)Q z)mYqmdUO)5RnFR-;F!qzKfSU^Jdla8Z#m&&7MVM&|4Sh%-#VzCFm^=hkhz?FnE~fPC zsy{Y+4PV|Ic`IH=P59*Ljum9R25;=TY!2clewuK8=uKUEDt+dtvT(GDezwI+9O%Ti z$fP|qzQ5ezVp{GL?^y4o)J1)Z+IG!6xxMt$`Ou{UIt}SzYT-uh0ei`?!0VyvJ)^oc zGH9aL&VKr*zbNM&U-q_H^4-2m#%$bD-#oht>VbK~hCRT4WMyUz`|@mdI;r3&GULp?=vmC+8h481$Idsa7dszVR+D0}4O;X}tBo(W0Zyj4AC+ut$g z5xb{$5FM$v&)n(dm7(=9t=yI0-;c;4j>_#|@<%!*?tNa_JEe`eF1qqT z`U!OLtjS+%Bz^krf0rLxGd$Ej*uB^6cZ|8^ ze=N?*Z+bVm)9y__Zhq}W-wOZocZh<62%B;n|PAlRloA|L|?* zao@A7zU!8wF5-Dpp9tEQFEsT!HD~0-5xC^L+e<^dZ-uo((oPi|?d~i=f2$hv(Tw&z zI#oI4SYq;=!HdVNJqWLdAznY)ynp24-giS+j<9`scJ7t8Y?vml?0o)o4{5wXbkep) zF!b>Z%*G#keh>YKX=3`NLA3UDb*p-{1WTP3FHkpGKC$+dM6|Jqa~%<5OZwo9Wj2+s ze42@(&)w8GJI644^yR89hxZ(-dtWtUDmTi{9a;Q=Tj08@ENNG{dYrc7^iJ#kT2xX{ z`}%IDd&!kq-E9{d#NXT_f9gJMarbi>Kfkc1tvE0RAQu~p)-Rh?!CPxSGIRJ%gD!h^ zqsQ8^l(d3W<%)`tt~h!tW1^&l*0}4qokeK^`l& zklTKb^%F$o+h7u+8jkE(zhBy!qC=HkuU60O(xomV{l;g2Qk`mDhvr?@t-15IvBya|s4ershN5YIcE&b8wf9{=O0zas z#vM#3Ejm+j2Fe)`edn{q6@yXttEcgH-|r3O8Qe0bkB!+IhfG%VYbn7J@= z>pR6zxjFHU&_gaxwl&^;yeRWP>d`5a{{3T0N&5eaP#NEK%G~^wO*3I=EFF4}it27P zsF#_eZjsqEab~lQvm3R}ZbE^~jd)$_hABU{V#h5bR_GwVT$lH~ zRBsqAd0)EYhxcCd*o4jr%}R1a6(63Qx8SSQqnocIF7?r}Vd_`@c@I5w#Vlg;>$7%~ zw>PW2e1{b6L%o!5D$9RzqD70+q7@an5J_)6-+4U$$2MYR_T{sm);{NrD$4kE^y;#g zb7u)x4m(;$z26Z1_{7SwHANq)ryi5c48=cunR#47YS}GNwrco;x_6EGq>!rbJb632 zpkLw0XVJ=Q3*PDf`Eq+*4)qej1YAO35EWs&3KbbL02b*K!IC(+s&kZ0L)} zo0g{U>Z(tku|wVV=DKdItnP~OEo-`el=M92Ju%39$HUc9IM@8+er!D$Uq)hjgO=&t|X5ZOK@6aQ9{0j6*D!#km-@g2|+pYf(b8i_| zW!H9%3J3zy9Scwq>F!2J36U=8l5UU&Nd*=nNSAasNVhEM?v`%phHozK=l%|`G)_3 zKC^m~D;_i-N!*rXpxv4x&{yQsk{es~)y?tXIE0NWn0&x`tGEB_JJyp#CyFwWG%U8h zpHXF>hwS_AYAHW-Nc_s)NU|EMVDkzr-@8dM+2s;vBSGw_?hMB_95=QW@lQ;`LR)J5 zv~<7@d&$bj8>DS!SdI*PC*HVR$(s$p3KjicRuB!d!z?80=*gq-eB zQY0Bx5N)D<=$j7Obg}NE?fXMKnpZJ-6Zo^D?k6}lpEq6& z#fr-$3(>r|a(i{P%db={`RH2UtfH{*A?)PpsGPs)6Vr{qxe#-cCWijAWD7m^cJ>vY zE#`G~;uw&&8BZSVB(! zLni@>U4P?X+dpO>0l0s{#gVBkG$-+_pxi4NZQr>>YU$4OS&dmXTxBpfYA{n-+~W;;qUi*Gn!dN%E#vc5l9y>Od=2F*wI z4}OXosPmCky!=B)zI)TA!*iVBFmo-Ej8>~HU01cIS%BL`Ov+(`y6lqa7U_`gl@cOQ zh65#ylt(oaw($)zd;C3iL84t&lb(s$=Ep>24lXa$A)0fU{+Z%*dqr65&jSl+Zv|h* zj_d*MG_AuBmKfyR`!ZI`q|!2>G&Nh}L7Z#{c&y5Vy%!KD^u`VlON z&G1!rP%Lt1;@+GF{)Am3^-A^`1iNVpI>0LaJ`aDA)Q)bicyN$tQsqNkGBXTRHGUQK zRM*oPnDMQ@(e*%Jdb}J(<)ibH$)0JN;Z881H$cjGdFtRxiv;PI?INMH?|iT?)f}jI zQhi+*q~b;$OcQze`2Krd93zdg>925Cgv>JY4hHK>2L$!x=7_xE%tyQsGN^uw*QWus z&rdz?UgZtfBOE_GcKz|vlNZ6;Drw<~{aRomjE89W7 zhtNHx*CoSh2%H_|obB<*P@2JV7d|~+JF@jX(U8bzlFDolB8cyg_Y{u4dhZaN0)+B$ zt1h1?oA+4aLod4$s2?rqmm=cj%4DZc*{wcz@&1R3LLQTUdtWDlHYto`{{6%F{o&RtwL=jTCW>L`>ZZqBIOfU}K4=G^HP)Z>7ccGU~t#oB7UkR`uN8 zI#Sj#q6D7sGL+gzTpKa)dO%Bcg+lgMM6x>2F=3S3F$XlpD>fyb>k=vB}`M=9bB79A; ztQIWBgveem5rTc3L1Bp<*3337MVZ-J9%T-zu|b4UEyXWmrbv5FEpat^Q?DJ4w=?7% z2tijZM))7X`lMd6vX54M1B@&iq-KrNEqB|0h(J_A^!*~eA8n0u=&>tH2^HHM4n%IF zMD_Jl>GUTipT`{nl;?YEPQQ-B$&>@wE#qyFu$7mlTBGrUEf8U?!9kqmX6w%}w92Gx z`gZhg0snh>1LA;*y+WucjnIn$psaoj|5jE|dyDoKnn4+*ydd z>cK*nT{2Sj0#Z}sd+xG~X@M)<#`d=(?rX)Sb)Lrp9+S+G*FS6-BH5cdw<_1F&|q+a z5(cq08ijh>F2PNQ{pVUV{HK3rvG_bsa9-S15EteswtjQU{j(RyUvM?8X3k^4#je|y^e?JhC0P&)YdNFt6U0Kj9hKjHcY55Po+Q^ITLma@TB zJhwU%O*9cw;9d6ful}U90Z2X0N-krD;hk;=SC%9l zvt+{WO#!}{c&YjyH2^Oo_{yv;TM%60U+mJ<1Wr2<1Z}t;c-Jcfm$R4yRMUk>Gm-dj z^Dx0z4KGc$;EaARaR8Ps#+#F7!wb|u;O|tpg+l;b&OQ_T$Cf~+9uIz!7%lt~coT7n z%xVP$vaw8`{QMqp@514|q4byAi#IxY#1vkp!Z=WVb$!xOuLbXwYlUm9^Xx@#(n33U zD`$@nz7B`|=%e9~rPfRL^CD`5L%B~0zHl=?ZYPFIUVdu19ma3b6AgY0ll-q5OX9cYR!_3q(fn#o! z@Rk$3tB1dh1GqTmgOeOz>STHBAqIY!*DL?^XpL7(Q(h{}_SVh(oXJ1&)D3ItaRY?1 zz#9k&#Lm?5H(u%g#Hs~0fPrZuKAw$6(jH3$L~(@>l9iXptCdSH4{e;m$&LJnG-2@a zJ(*Wri&@MdZwtp5yviui$6oC#+eX0=wTQ5iR2PduT+o3OO1*rOfGA+jB5(C6 zP%YkdyVIVS(ZGan!jY}P@>k#5&E2i126wKGAizFeGh)tu2Q8v_M*0WO-x%r5=lJJf zysfLYZrbn4#&aKOGHXNv0)eR9f>Aa2*BmU`$;U6$;ngh!LN*Sz`WYULAGwpx=#ZW4 zqAIIM&?{$oCXH4=b;L`XQz_HVAkS-RRQ3j)gp@?rCaG|C)IxSi!T#px(rK>glK3}` z?8gsi_&YQS7PH=02hjE50#>SaDhTrX<HGcfe-&lBjywt|u__pdaA-4aB zdW#eP8PaJyqSPJJl<{nepxaP}l9X%0vpSLHDfZa+%}wV3V1LmXDLLI$FUk@v`_&eXqXaX4Ij<%N(eS!oT2nh zdrr`|V(F&YCo}uL1Un{ApfK9k=auBmTbJ2x$uwmekDe=hBa5g%Q@M{M9*w%AbJBolRPdVyF`M46Q($235N-{6oFdXYz%U`}|?=zFp3`#Ipw06rz zltKVMH;CR_1FETpK%)^a>MK%XJ^e8Ro9da*%|(viN<6#qZ@_^BIP{~dv%PC7nKLfP zy~{F_8ODClBe#R}RgF{o%M-M!Z9$CJ%0A(bVUY%Bp?9?om(N6)l~9VWL7YPy$zEoG zIalwBEXk-Y{mpD|xKxQye!&ry%DfLxh}PO|^f&+e8O8^I?h5;yZ(Qzh2x)Y`C8Mz# zlZ>WBYU4i`O~+&4vi`(f`SH)y+T*dUA&RwaUhx*-x_8uSn>CnG%4L6|ES=0D9A>q zl2vvrZ&NK7!oY1Cp~m?lAk)3UROFF!WpdID|+ z_jE|sCJ`|kE~piw@ZQI>G6%EHr(2tm4rK|*supH;ZFfJj-+g_Wasc?)?t57|VBrZx zd`iH^_}{#H`A0B+fB!${=P*FQAi!|ln;`@QfXBfmiX9Gd3_rino9lV0*Knx6!S1Zf z48Z}x>+eoQzxANX49m(hI_>;mkAvxGU-tI{vPDUP$W|NjN>33VZvI@6hSRorL~WAd z20C_^Z-;hgA7u5$;v3gjzf72kAk3Qp%;9_v6R8G2rKw6o!kU}f2aInPySf8B+43Zr zPZBC{kY!`V)2_bZ0B-P@o;XbTioV1|dog&#f~UiG` z%p6%X27oB!;W(mhn^@} zj{Dwpz7FVMpqy*U{_SGEE8uUEKgxj3-gdk5)HvomF}<%0Irc07maf`=RYs)lu(td9 zx%}BZ`_RdzD~SM6&2G}+4jMA-;Q>cAc@T*{sOm0e=?3VGx9NjycE)nyB(udvW60Va zsoby)V~yGT{b$;+)^gf$w`Mzk)>2a-ja%@<4TAoBhq~ zps1m9+=S+bRmDz)FKibc!TQ$P9K@zOJTGVQ>V|E0oe5ZUw3-wLS;aXwU(-Mo=kElS zb9(a@3Zv)|y6ziwf?VE%XkG?}6EqZLpi{2INcgDF6(n7R7{?P!Q|g+?{&R`mjDw5U zX_Sw?2&mN9FUJ!n^E*DcJ7q|J*Oar#Wt34MjaP#>8$8+s-8oC~3D2N+HJBYlrS}g8?DST)FFAjGr4@zV)eDnA?}eQ3 zbPIjHw<9r$6S)>?f6n%&CcHSaQ>OUIFfO*1L&ejuL=&URqG-yff4 z^sL;Fo@9K)5`c&NiXOg^3fCmyLP?$AT90b_L5}2Cy?V>t@hdH*dR>#*qLM(Lq0}hL z+;?wShN#hgIG;30_ytS90zvD@>$4gsV!2P7eBZPi3LFVQYZA=&1so_zcNf-M2MmxG z1N|K+H2ikMu+Y^AQet}($KDgTm+D^`_1u&Jzz^kRg6Jz(sgw9}95zqn0Se*J1s6u36nViUTJNi2 zaqxd#de`p>zLcSBp=Y!{Lf%Dqt7u^wX=4^>oM~QYp!skmxHMTfh_zr$weEB79^YpI z3(h5kv?7tev0}l2*Wy1sg}*9v)bD=654P#Mcgy!y zyQ6=l2=Y=2djx(s6fwapQ`@x|q%h`oOf^QN5Pu-Tsv)`d+~>mqi?(kRet31Zbo|<| z==s==ybck!$B98VNm^e3bA0zp#z?B0fJf*1Pu#bi@4G4boGpHo>Z_68lPFr-0S1`K zIz}wAg-@1T3;ys|tTX!oiC}<3*;a)&B4BQx zkd+M9^nTc<EDwc^NG3bs#Kd0Nr5W(D}v5L3w1(6@VApVVPEtMW@ z{>ugU8|9K6J%>2SyOrDr1y8br6Fs~u5X{6Xybso89n3POeP51g&9Z>$o?i0TTEZe z&_@*#NQ$BnrBI~)9_yTl2QumZXIO3&1%ixtRRn4zY8!H{_g{KrOm(FAA3iU7i3Vw~ z?#X^i3mW43iVH~8N$a>meWS3yahx0jrT{z(M=~Pa zR0in-U=t}sm7!M-Bv0*GB8OwZN+=7pW`Me+SKd801)jiYz$wW|-;0Qzu#Gu~vQw&x zi9DtxSd^L!GzJCa%GZ;+j+5f|LqvI7?Or`5~%_B>bIx8T?rE@b7lsR|@WV zxiPdt4JK@)qCbfN4oG}3IdF}F|AtSv;AB3;->=pF9?b-Y2TtK(RfgXs_{?(;=|P33 z&`;ngw8^thjK7CH0}tZxurs;<+zBiLXz*p=A=H%Sud#uF5BS_K8bV3s|G*!XD~7=q zig={O_Ddp^6m-rLbO|va6GsiDRr{&)!b*&w3@&q@2>9EWbq(+&H%^;}xFDSVzo zlmt|E@xR$RDxeub5Dv2n{vHkYLinetZt%=q_n1Bt7i5^&41gYn{h3wwubsluGte5{ z=UJ@0)P{u3Lf0Iwhmc;fzjhM;X7$d!?*UUL;O_R?c=cD*=18`j{Z&D0tJuZ$^-9A* zvv?$>@SIVY^D}f{$Z!ZDx8Ug{`r8ZtA#-}wPXMk+6rY2U#3wvtkh!$qUY|$NDLoSc zbY#GvRJxBO=PgmRdLD4D0NUd1v|u_0A0@h=OFbvO>TS3{;k*q{T@K-TG?7fnu;Bgq z2IJ09T-!=<0X*bzcp4mKCT#DW?NA zGSINoqF|B*!Z8T09Ol(~tyP!dwr@NBRyF`zUO2)1S{{m+1JC@cRLn6twuEhmGmzH@ zQW(p-y5jN5+a=NYqFZ!?U@UlxkCLLQR|2A0#CeLq{dsa;7!L9Wr*N_N&7lJ$g^@WV zoE;m6Cw|mn9a_lAb)-%;togKHxEcaT1A+oKQ;?g8q+3!(PE^!G1G7%nGOr5^cWw%! z@V{f`4IJ;W-yLg@k{y5#nq=G5ytQyz#ic2HP8#peVA#_wX@ed{21NIatZFv+92i7& zKygmVH>Q*fH{AkB#UG&UIL-CSwuEc?%Q2jX63Hj;+F=$W0-ACx=Pt-tySL+$G()C0 zh%f*fFfmz-)q_V_*CHM8E8%qM%M9IM23%bmHXJ~;Ba?qhN-c#E!=!@n=mqq+(I2;L zDf1)p;oYBQ)T$?H-U|NhKJx&m8!UPZ0R*qgiY&E4Fm95}4Z#dyU*84>0&QaQd=q~0 zZ;QUQOUi*+YFyum&Ie$n_L3$;AwSEhl0sSP;s(=J_WN6KSe5WP<>L7=`rQ@0(F)lHRRva%U2~xB z1fOcNF`~*I8oeq5SIm%bs7JE%Ge#@4_qg(|$!IP2QDL>;U9*>$DF!8#{~+e2k-e^8II!uuiOCZAKhh6yI=!-8sDVKe!V+0ggiA%Ym0 z9|8MteC!9ax!7caz!kLpxL7CWU1r>rqqr{6KD;wZCtd!~mm#?+3VsC7bvuv+ll)b$ zI&Q5A+6}EjyBmc-x^(mlmSJhK!#7}XohE^$-GAkt?$7?74zRw^Xu8{&7G=v)(|uU7 zh`)T+Q=#lDIdZwf4Gz$>P+zvuOzRED@ z(81yz!+U<(OPsec`PkHwSJ_6F&*x#K^a(7Ym-x`)6UX~`JHFp9 zM4fRD@oAJw2Pyb*&hMK2DOb$=#DwattW1FJUh9}h0$>$v?!8aFlG)|#$$fSC!W6{8C#SwE~tn!Eo_5k$aOMu#QE z_O&JBA`Nlc6Ok0Kl}LLMk{$k@R)NR(ix}7v$sf@Ec;~KfUd;0W?Hxp$crfTyHeZ4pxoc_w9 z^Co<2LTXwLXJXfym<`>Nr>H%airC=i)-0d9JvK^p9^4)xL#*3zQ>6vZ2o@Hpy;r|< zv7mclvCRi0wuIOR^W~P4pt$pKhnPu?QYj<2JZzQR`4f;O7X7vx1*hY!)FEH!UW=dbb*jQ z{fNe&vcIQSe23Zewc+B`MUaM#bJ7}3?5p%R6}~)}yWRN0X5lzq%00-gPy2->O-M?2 z)aMULOo5iZd)1HIDiW2N8IiS5D?R#+;YXI0)>=GNaxcPF?G*%DbgHoGL|LI5ifQRD zQ^$G+El&WE)poHJRgv(m+YrS+K(ClzcV%k--^*B~AWGXD5|@z-lQ^~*vW zB93H3z@?umx1=}ff@UsU7er9uy-)}qul#t2lrt0Dm_O?)-Q!HECiAMl=o94pD8#grP>uAjvh?5+}_|zxmiR6N#9A#Jwyvg@;+N-2Lku73YVmG zn@@9_Jgx%ham7V|_u*zRN(R*Xu*4LvQmLGWJp<3_MX`cc077gWqaSuZHD|a9e&lux zePWk`3?d2{m7UhFFnPT@SEq7k^Ok~7RM2(TesgwQM;NAE&kcSEwZuYf_k9m{NT>6X z5hy))Y+y@JRepsdUBhd)jN)vbnKYSr3}3IM!T+th~7Z5O8*GdTia07~ic zJaSl|N=A3ZTN39?w#Qj8r2SazqPWFjXxDnn{x5_fN?Y+gc zDf&glM!cd4lYcx;5rTt+a!H-F<120xKqGid;wfad{OViEE2D^0ZJLEifJgW^G1yzb z1&#CMa4pe8x$l1b=l3P&h1v~7rG}!d=-{d##yY&W$$6Xaio59JHnU)cUT*4p+)4Zo zWbiV`i|xjL!KnQzTNIkFxpgw_wA}t_kv+>rmr&~EkUp>5XT+QTpc90mx>>JWfE7vm z3kdBsA12wFV#p`*bLy90v)*g7Mb89k7E5}pnUIG(ANr68HHh=*%B6t$O|<@z># zHjqL7i&YSdI^W?WwvJS7h*f`QWolsB5lph1CZrPgH`d78Oyx;N&^6z#HRqb}99Ax| zkml8~&2v)2GI9$aRN{M6yBa9i_fNmlSTie+=U@vZS%<6p5a0M@3{MHAKBCdh|)Qb_0B2VCK*HH2XPb{5wMi=P@bFzcWKaZfL-JB0lOlvaT&~95R|xT3#h1u z)3I67Pon-jA<|iY0?m7XTg~izUt-JpYy}^F?tcFD-MnC<=RM2CiJG}5y!iNydU4q6 zZs06e8ekj3sxCH3@Qk5ES7}5$9^5C%+`pEw2ux$CC+jG@P0A%fk17F)9R}3O1TnnU zQ#ioyLkfseZQf{p*sF8OL5AKJp3Rd_+TUH^5)|I3#jBKi-pa~vkCMtMzQcBy{{xCd zAPBD7=AENasdG5Ac4@aNeeI;gXodHms@Lzgv!!~CV&`NuxNPRgvEfwE!Cs9Hb5lnC zv0z*lP&9653bYAmEpIJ9)W|2+0_vdDZfBIc-C|=>(LRA#`pFYzI;Po)QvJvRwZaUb zVYxUNRb;nc661P5^Z;l-IB6h}TD3TPmgBGHG|P)-23InhZUYB9!rufwLTp@ipcTMg!JOZ89Qt3NYW=;R00jX- zR{h4JcrZpAC?_hQ!PvtHRVe>ZDkP@c^~Q#h3qBW0z=X1<2tWy=VM}A*z2VC~oQal3 z!0-`XRXi83#o)W$w`@l_$r3;w24W_nj zmneG#rPveIxqD?m^0VT#sKMmS8dz4z;6`$aRQKe&{GbXEtNUNXL&DF)AROT8izDiY zvlZ)7Jj!$72bNYbdFqcq-EnlsI8&|x4NGj;}11i=``ei=*ZoCV{#D_Ue*QjEXT@k~B zh+q3rU=%$>68r7?>0SZr=w^|-bDzQHwA{I%OER^~=%v@pz`$z}K;ut+sFW4S_TP0s z)Q6-0Qx`;mR}3p@?~OV~^i@4G8>*x#^`1Hzz^ex!1=27igr1dF%SAe8mUtgtoig@O zam!5S2dUveS2`69MoZRSW|rIUy8Y762(KrVNfn@&`KKO7K73ES&-qV9j>0>KY3%>p z7tKWv5P)_m7yUC@oVF|4tMVo=Vn+rk6)#%u?+RZr0zGDsu;*F&`{4{gbR` z4uRo)0CweRmS-GMvT9eM0Xx2NmLDieai75Tv0 zip`+)!5V)J?QRF9VpT&`S#0sM*9jc82gs?$wnA3=45IbW)X%I8lbsQwtQm6OjN0rW zQ-#!K2mHlZHOR2AF077W;4?Y(`*gb=c=G&PX*;vgCVm0Yu$`I6zq{R0lPK@uehbLg zGbuSC)fN4jx6Yej39VjPg z?+OOsd;0!NC#q)i>PD&lZZ{q-R;16S()8mzj@z)^0RS{9+rE3d-BWcQq|GUOk4p8M zUfp+%1H$7nj=k6Ux=WI4ak7BOLx|Oq9jTMNW)5%DO4*^=1uDucSp09c@c4M{AfJNZ zfFA-fs;~Ag+x>)c32taz-GDU>Q+$6cGxW*?=)54{QDK{H( zzp`HCCR6Ee2+#D(ztXAXmMiexflR}>SRGQn@)H(Q9K!DTL6k797f;kd`2-_5NJvul zNuv;q`5Mcq;Qo=Dt+CiBS*`0~(RQUlK6)sTuz<&#c#3C(<;)H7HG5at$D2H6i3NiY zn2S@+1M!z5rv2ab$k!%cneHt~iE|QyGR9ym*vU3zm3moX=VFXS`(CP>GpBX^)fF!2x+_^pmGXo#8=~topyldx_D# zIvDI0o0Z;@0`pau=}h1K<>jUZI7jQd|!2hMzVw$o%{giOmYCj_b|OY)ICpV)qs zct6)fmHLm7sNqp;2RI-|-1zY1Cm;-_`v18GW+(d8b#Pi+qb34836>;`!HW$@jIEGP?OzX9 zK5>KS4oX1XmPYM5TOYeZ%0;(|+lFfqXA|U-CnGWAS_M+R%+KAYsh}ON9 zjIu!yXZ#_7MwFV%%=DAtnPu)wpjtKf?i1V(`%nWU*Z+`kgu0H(bF7#`c z4*#YWsagt)r4|r<_7=dqJd(~J!7*YPKbF!cl7yf@1t7`oOjG6onfBKDg^u6o46Oe` zv0!<-t@;)VY9&u%5J4Px5sT7^`?~JMvoJ6MDp3B?9B<8Zmo!CfvQ0r}K2V)2iw%fR z+N@G=>En4SNnjrY4lH@AG{Xk>SGekr2PylEY%koVsx`(cR!kms!f#5Re)4%yyHKwN zNEDoCV(Z_4N1e1Ft*80-?rBPX>>c1>k_kV}gBUB1PfX-TC(0A2d+3k`Jr#@L3-DY! zyr8G9EEt)?5cP^5z!8%o5D@xJrGQufPYbSp*IfjoXNUV6Q3Sl~=i~GoQ~_#6D(IG6 z(BFdqzoU=GFv0L6+m?c4J3}8Qh}qW@7|X|8;F-aj-XUf*$WCr?6%+c0AVlpRZbbH` zpHgyl>x9pGpF9IaD2Kq+=$;p#ilf=`37>C5QO81yfUWqSBYCG@_i&HC$yOu*Hq~(Z zXbkw+@{xP>pMGmqMc1^=GwuVxeRHCt0=Rpn7uZqI;*!}0#eOP-s_pdX5kSUuu>O6* zU=6We(Y}@hGmz78g2$9Inf{U+S5acen_({mxJQ%ZG|Zn7UFn9rj%0z^($knER$M;U z%B7JMx~131AZkSG6iRr5WK@|0&QVX2 z`zH9v`9C%YBkO;^U#Kn5mxLUyzi$lS9`HBD1+UF@y~726l8MV@3Ci;Q)}s0`qW+wM zk;6>*pN{%}ZTKUCvbndgBD}AT3iq!;=|Sssnx&(qT;~%AhkAOqu!-gZ*!)-hmr@5g8 zpOeEa07HdaKE^^?f;Am}qqrT7RvpHRTH?%LQ%3YC%+xj>qcsU+fUWbx-7Y;SI|QkF zhtxGrP|5PIyiW`^a8G? zVKi6#ew$A9w$4JwJh4V=<7D|Zey)@eu2DExXc32TAP-xOyff+fHkf@&lFbfm$@>Dq z<;`Ce;UP1@tE)GTpa?!V=x^2*%dGPjI2a_Mpg}@n){nOEH7U8sw2lco2gZAcKmt@0 zFMxHM%c@443dmSi=8wJusuEy+Jvz6$jhF@Qdz*H%QT!Sr&ZNS~p!k8X%x5zJk@zLh@>fd8lw3TMsTp;uAo!%o{06*^XQRkqD$dGRZI* zdFz!NcvW;ckCX5Q|2h^)AZWlh6b70UJ87O({?ZgiE1(#|WOZUn;3LV2a^3}KyJa74P??f0gvng? z0=Ne;;fo;zpBD2a7`M09<-I})=H^X%ivLf8|9m-Sp* z3KC+txSdj!exVtDPZ$`U$r3(%m>oBE?@oJPlw`^~{k)-jf4%Sc&x0h-jR7yt*9({X z37n@hu7r?v^4<6-rS?5+b7={8|Vx*dAcPCd)Dw@H3C&S2XH@l_@&5xmlA4TdjF<`-XXyH{`aWF z@`sJ}2#)nV?wqf@FEHX-u&FrSFx$`B&FmaqZ4zf$3?jU!`dx?eE&Js)WfwgP^q^Q- zd`8$Y$(cmpO#zqn3vbQ!Yq_Y@o8=(Kd;p+H-hrrB=bAH@G}WoVO;+3VOFYZFT1w= zFm_PA_a-U;GI02bIwT8Lo3O6kPT_OylZ26cnu7!o`;&m(#oNlNO*zIOy*3{$+u>(NP*#+b#$a&8hy0LO}iH*K0dQzZ2e5@VfEx9-6)E4^eJO3 z32(h@$NEUd;#>R*|Jg?84MU{K7|#1tu7Q(q#TuD%a=XK|D)i8L0w|IZNy+=bb_WA! zSPeq}W4b+r4?o>@z8;GX7>~rqFlr2Nl>n~?=pcf{wL2iEQ$)DkH3Cl<=pbNu@7Fei zY#cf$9ZnLp1^fNG`PM_~>a?#;=5G@C ze(Sf)GT13lG9#DLzW@{B>FA>~`#|v<&ztxvk0l}`m{z4}Tv;e8TI4SVQR|r}PQj)ydKTSw<|KP(AN1~wMuqIODn_xKy#BAwlD79O@j^6GQ5z=WVz>c2mygIwzydw*p3 zVvS4yjb=_*w7uBOjO>$o+QU8hZpE(-Acg`WtjbxTE62d6hJWVw%_ZQ=P^1yFyqj{k zP2@f-t)ve^CzSnD=WPqT2`SQmf#QTi)A0td&MRLzE-Y=Hak!;T^ZI?!DCUodCi3HS zV=!&;kUweB+Trd7I8iuxrLyXaz)pcX9r(y=w*c?=()w)%*ak5CblZ%jRiuOg9`s!u zyypRkX&?gk4gq$GLk5DD$~qVc7>6bI2|Ig6dUhe_r$o!|K995#Idiul6~8152T}ZBy)|TwmM9mBRsk2k%W=jAmO;tPs_?xY9&^8#c3m-`(T@be6l;8 z-!5p?EeOmh2G<@yN-kbKl%B+fcDEGWrNU)v5@5t-5N;@A|%FwJ%!Zh>&S_ zvlC3uUm>M~Umbc^77ZROW6rq6p-0{m$F6!uBHhaZPAY^N{)gB`4Mjt2nJ+-`!JZEy za;n$S>#ec;=vgjXbeKQCmVIG^T7$mqyw)4pxIzO*vbfspaAzt(;b9cm&#s>1h{D%} z2-NZy{q1ofJ@MIAkneo{)3Y%@WS9BYW-gE41R47l6uJ~5(yM}71hsG3kSZepYu`RY z(YuY8)Ac?PH`Tsrb8pYEoN!P}9F&8K2>JT0H~TcozPy$uE|3IU4EX(k|Ji2-mhi0_}^%}9)1>7@?oe%`1&~mgSIV$*4znWdArNIgZ-J_ zsHlqTb0oB8B64y@eYB zboI`|CV0zt<{#>l2lo7L8I%H!@+FM=a+az-Z`T#P+8)rd9BsQKWf@-IjntWnC-9qz zF{FL1pY?Zrrw!3fp67_<{%T{j_{GsJ#-stBt&%B){7<)zHeY)ScejqYAfqMo3zxGbAdkCF6#r=$4+{Wa(aZ|?=MXOD(XOB}yl z5u45CVs_BU-q_r52t$Nm(zU%?u@gpPjeC76SCQ_|cR%(*^s@%bG*$zU@z=(-oUk@7 zMk91gZi*z=6Su!n#(Wa@l)K)L>WRS}>}KYT{SvZM{jEjuj= z=&!#cUS@5C;fIso%LFy7rSKbP%X~-tWI0v4@*rR9^6B)|?O?@qBvQqGiq;YAPIT>3 zNyW6+P4sm>xtz=f5hjI=;@Z&lscVpNOHbjqka*DTPkGWw^MK2ZKmQauEFTi*IG!li zhInbRr*kN6=fP0Qd?_|_O7Rq_zWS?RZ|qlOIZ+OrM)Oh6uHk-_ZKaip3HKYNy3_R? z)0@5zWsMtWI@wAo1znQ;vD}3>jms3$p@{mhgclOaDcCDcuXys5Uhg;W5v`z}Ti%B^ z9w}3m8xq>Rp?VsvultNuA=zqXxZpK~R-;jb|H_2IHmX>|?Fz4gur&0RS@NL7FumqL zu9R4oLE}TtU}b; z4aT^T_NvYkP{uJI2(q%+*M=y1s4d(r;U{p~e&H(C*Il^W9F^c^(ksb9vv?}Ma#>QG zC4P+JxPo-rcX9Imy6Wa=RwUti9o^mY?7f9DugJUSZ^POh(xKrsj5r{O#_CiW=5f#T zYcJEY7bykEb-6JCv9n3d@f5IT-_JSJ~^4LWoWE6Co)H4!uWm< z7!sDS!}vyogTsl5Fl&ZexAY`huBk5Yzk{z?PZaK(3W zpDe(v@BK%cL3*L(2P5QKL%&$K3altt#fN<|O~8$(Z&;o0&01|t@s#F1gN`iGAjwvF zj_;e4C`40+-tghUq_?O#1)`(#H^9MyuWJu7$9eaw4|*$|WFJg5!OVVd?nKVsN9(I) zS0VQR=En+UL}s&|Nv}sRLtnc5$-9_vox;27{&A(HS)Y++zu0C5hQilQiF(_r+r06~ zOeDm(5FsqESkNaHQ{RsBDL!9Ilb{fFbnxlx2e5_rp(y>SMTSPP^nrdjJR{j_zKOo& zmxB1$Uh6+1@*(c`3nliu`rg%NL&{+Juj=BYK9z!RS~_5%T=^(2ht3Pp;Q7W+OfFDn zwc?0W$*4ze*N$raG>2D+sSg2``N-KRkP$SR>A@}Dsxs+L#f&0 z>B@t2e~k@H_fAUuXHoINtq$ikib+!z=q?l&$D4%gT?w3~UoA4PavfK1JsaA~eNV?{ z#O3_Q+8y5Ke{VwLLB6x`kp7(b?z^Ym^pT4JxiI~<=7YH``{bUN2Aq^hN2po`;wj9X z*o!9y-bke;R=>1=Bj6(%rp#|{lAyJed~~*&pYkIcaPa70$FdF5W{%Lg*)MQ88e~oD z9nkkxd;qJ$H=oYYp!P}l6SmrVsQcp^hsT$w_WDNkANv8Y?sikgQoog7d3n#dor8>d zn0@{nqVS*YpmZnm`;0CY3^sqg4S~u`P8_n2`fGz!$Hk;d*FR6pa)}S;I@3lOxe@Hd zQ{>;2T_f5ZdYql+kXI37O#Gf$|NefxAJd|k`jxn=pTiK>+TK`2cXS}Yh{(Ynml#5A6s+yjG+EHMsW_|Xf~S*IiKVyrWIXpsss@r z8kRstry5AI^Xu1p{CY8mM=+af3|>RbG?o;L3Ozo%Ur6u%7g28=7u6Sa56^&fDlJ2( zbcevuBPfUK{=<^~W_%7($v>w2&kLTogFUHjB3L?D zb{kmc)h?AdzOJ-yf}KmttxSj&eN{Z*Tn?Sx9{49~lE})~JRA6AKp1lI^wP6peTro% z%C5s|xLJ{dhRH>>Jd2faHqBm~QXgIu<~6ZJZP?Et@$x(Jzn;CcjJ{J6x^I@D*W^$i z=fTx|%c;N>Q))<(xU*4{=1x;#(S_exq&tJqZ_Dhm(6bGlQd@DZiY)S&md(9fjtERM zKg+YnkG;Qw{lsCdBda!)%*SD%63;7WeM|VWsIn(ZWaD)KfFv0;`fh97Ah`9lD3E=o z4-H++5qq{y1LCpQLxTZ1uco|q%M1;2GJA#Q_2C~ZuCrPO>^$l)DomKIj$ES`G>p?F zeQCUp&}PmV7~#=63{2UvgGOeCWCCZ&$92`+k0^yiQZL$nAg9WW-(g}=I2LZ7>6j-#>3G77i?vua(sd10Ygw{kGZ)P3uMQle{Yi~%HmbUR^T%DV5F)=#oVQ&V`+u|$#ehXMdS7UIa`9!DJ1+P?^ zFZNZ5NJwIhn|yn*ZSSZM6{Yj^Ya?HYPZXgh>T~F@$z$Sp}$ewU$_ z!Jz~)l!9MaNI+EqGmC+mb$^JEbs3*HLK*JvIYj!pnwMD_wK$4a#s9(3#@2zsm zmeZio#Cxj)&FBzT{|ma-Q={K`soVBzWrD{bemrLID%g^Tl7_}A^8}R7;D?{azAE`= zDW@Q)gZB#h8sSflsp}j95z5^LlESr_hFXhv>F-~&eaj4#rMx-HLSBrBhZNupX-2A& zQXe!tir~p4{txF$vvt)aby`WvxyS9jxj}S0(v{}d=9nUwf)2@)e0N6o~0jT{@l z!#@Qmo|tm#T}c?HMA7|X3g`>?kS>)>v2USEs`j%@Hw8T?Ntb07B;0MO=XT%BujYK5 z0tAW&>joD$qeLR*HcQ^WK2dvC+!GD(^7#wHVyPt>(|1hjNC$@^1!PZjji)9Jq5sYF zK2+k=Nc-~FYdf}yAR53&pPY+r3Dwc|(}4Yl8~iVYGN|jNoGUh^z2-k}NxQ36D21rz ze;zkRUS}w4^t9v+r<{?j498ktw(MML?VEftAf~C?2)FmT+{-ge6O7JIpO}E3T4PH0 z&x5mHZYAUFV`plg9XagToxg1YA>KLRoAWWnV9;~+E>|v=8uTTQl}*kXeswc7tid>P zVT(&(GQ^nM)?k8HyCim(7Z1m(zdj-Ena}1NY{AIRz4Wavh<%k1d*K_rKiv0WcKB(6 zwbCi&^Bk%bP+oqsiezv=#wqm-y zj>+t~W#!{1n5T=$6iMf{t1%@}IbNIJ+s(5A^Mosw!{*q$hE7aSHp3=y)*dXedL7a# zHAVCLGsAw%W6$UM517)`_UnT^g8}G^`cT6eLsOIV9{6#;eoZ* z{9AAWd(z=y@Xf3i`J*KOm*MBPtfij#*H@AO>c&aeS&cGYp?v8-4etK>5Qd4PHEG*> zo8Z?Y>cQgi5SQ)*t=}|o4cff(pFJ0DJ)a$b=Av1GW&}e^hU{TGI~^upYUQT67!x8t zi%8H&*d_iBtXJIdq-W1Q6Hf@--srdQmx~<|93t-{iv?S0+MutA(o2-0v`cvJ^CHdE zPfEt;1;n=!z@{O`TxyWM#)G%N68~Hk!`9RBF?-VDr10fguKADbCytTO{&tJ)obegdAvk*tQxId&2Exz*!^kyXH_yx z@~RZ6@63aYirg4eW9HGBoK{`yjEJ549Nls;3$Gw6l;^sf98W0Y)9aMN(CqNBpB}8l zQ&>~Da|u}=HS8bt2`&$3b6UA1D0NE)+HFkTpk6w`E_vk@1c8 zZ#eKeb)36>dh##pZ*#?_VFs1g*=JBb6 zM?FneFm%U$-9>>aMdCN8rq6oX)+pjRM2s5{(S7`|R_yP2IMhNxcqqMr>w$ISgW`;W z`)*2};x3Vj2A87^%WZzo`VS?vd%ILWxw=j)&KdqNbdnDmzRV7 z^W3J1St#b`)b(=c{CmN7``cm2LdcWF46?3mLk|YRIJl_BHSS~@M`OMfeK*q?avE+k~_&web zyUaxtT7zTKD+m;@z|OUdilueIy8~lpcFKg`zyI)v{??|qZNqEm>sINT*M~vUpi8iY z<#WTvVSMPK@3S$fXf`RFCZ%Q$is^ueU_@Wllfs<8iQ~_owy_XIKU;q@W7$WtopT`i zYj9k7(2yfyc8;|{KFKVTD#rM7l4QkRJkDb7eLarl!d6M*UgOUa|I*X5xKQ42a}#*` z$G@LcZ0F4lj@P!xkJi;w5!A$MYrKxn2$bdm)zS~-i&FVInWoB!o#*M{9%O|sXvuD( zzp}2)jaNHTVFD5+LB;NVHMv!euU_A8?1Nb#eEnA{O11;RGdmCg^-vU>K@lBmuzID?4gQNva{T3zX zw>sAd>cNdlmlzNFzD~d(6!%JhkL&v#$Xy#XmjdVA~kBtGMk75wDPo)+Uh_xbC{WHIoTh$~A0};6$lBj=Np{W%H?FacB^qUoydT@2 z7BKlUR-T;6qjk^uoLsd@-D0V=TPG@Fy5bQ#?)1mDy-$nRJ^!LT>h9k}Ve~fMXN-m4 zt`=zqtYr*7SOu1iLQXGRO*q&(eH59?F`dp+yJUVE)xQN*yme^_U{h)g{%O0PI?nBI6e2z87&0aAwm2Hsvl)r&rRsuLv zo_lgO8?pVVP@*4yc>TKG@<*mPJ~5*gi=f8qAjArK>oXUOt|ws%-cZf+CE<2cy096w zL*oOju6QquCaBagx23kXM?i^N9|3EQ=B)z86kw7lc%?$S8Uy;=lj% ze_DVYIV>$Y-+t`K#A^G3?%Ro&4(CM7_{M2I$Cs(YET#da_JJhP-tVPe$!A+iikpc+ zm0MPexwTsoPsANgRpgSTb)S9Vd$UlXhuHn+T07&72Q$!_(wd8v_}tr|KM(iuUH{cq zh;VnW3O4^yF@NVkIScNM(K09juu$g)wGFMA(LBBQb!61tHeGrBL2<8uVwT%Y*~2qL zg*2n)mC}%*b+h_iQSyFz8D#mitKy5(v$XOR1gU}`VQuEaqP@`LR*H`e^*^K-z+}WmaX~1QvGHamI1?pG zy?6(=Yl-*wSMcZsi2t~69=_)fPbw!tiWWJG^v$dMiLr#&ze~m4P<5krkyE{YaNNYg z^?vN=e0x{_N{Pa-z4&TCR7Iv2tj4hmufFlSY`Gp_>hvdPajOy5UHPz~pGgV2~Q!^!iyTi8$WZ zuU{jz{MUc5<94Ei3&6e`w$byZ<;N=k@gIIMV2Q{7ABfMj;>;+QrJ0J~ zzWLw=v(C@}%x0!I4ctfAk+y)|9uL4(W(G;wovmHnWwz3{|DS6Za#SaJ)iQ-~vDXc~##gl`Hw0J2^>PsL?dPL*3un?y6|>)W&9!mA zth&AlX!dSCd#!u;a`@W}7AS_NGq z{bU>_gdT7NQ7}pUypVpKalFl{c<%Y3)MmkuK^*Dif7yGH>UZCZU&A#sLdQ07NzC^V zmUpDV$YOo0xqObXz-7ztBe08Ov;Q5)XHer5dr5HAe|kXYe@$8Z0z9Qi91bwKiP=;& z6r|bV6%;GbiQO#WP0uYrQT_RgjVPxYiiA`7@#Di({Pq~ z6u5yY2(RpS5282@JL#Jx{f<4mnLO}h5Iu4T-gdO->?29Q&OpE55&JiANEl=4@< z+D?#!ZeUC^9Lpf?n9oBgLQH8sTJc(1Pw4vfOb(q$cJe-&3&sn}^FO+Ek_L1patQUo z6j87AR7pSW$!a?qnW*3KH}n3KTgdqer#Du*)_rS4Am{8`no2WRfy9{J46#S9VeQBm z(zp+l_R|GVMC&h)rrzd_PQCZmQTN^9CJ^sfO|8ty&RB)*6Nhg-&|m~ z-W^_ZXa_ca=kqsG|vBqtxz^h*y`!Az}tZB$D`tvui=0OJ|4mBYoFqksg zujkv8t+op&-sZLa?~kb96^s{f8Z^(+e-0Q^_bI*keED%Ddr!$LIC(l$l?;|4a9YH(sAy<0#$pWbH=6LUIcWo1>MJRf8Uim&oje|AO*a*r4D-g{L%YoFqW zRaII5)%R6@Z6^C>Dt#-@u4P|>t7iS9MYo(RkgShnz1x~?GC(bWs**n7G0I0k!F*Uy znIhpF4_?URbI#|Skwzx&8; ze5i%7bjvMS%%0;(1TD>(M+ce2NfAqa{@TBBlLT->hQLlMF8R$s6Yx|?03MHhS{ky; zXjeV<;Pu4X*Ws0Chv+`zFrj!#d-Xr;CtS&*mr^ws~Y-aAx(j5q;#V`JMC zYJoaAo(oC<_5uClCPDnbnNJ)GJlVxdrOpQ>=AHttLsB)3RQM=jA2_m5O@rUiX8#Ot9Y463Tec=A~6qGM40r$x`z+9!sXT37^p2w?qU;iA*A}_~=rGIK|=6O8h zmGa~{E44|7u<5}4RxSCa&_!itpU3HbJCc>~=h3IdE-=DM(aWiudrZBm9MRwhJXvg6 z;D5gj;IrixVU7EJydqB1aJ!Mr;NU4xq17k-w=p*Jb)6RQ+=~HS4jA*uZD_*8xZ!dx zSX92(_0{FeS|=k=FcXbT?Ek`RlfJi{V3G{{nkM45qUOf74P1#VH%_-IhnGqkc0{h5*K<=MBUVb%+*g2!&qEVwx0Oh{F+hXm zfZ~AtUpgiXHrq|dv#|*#fqKkA7f7FlkDQhu7!~n9agp>tDU&%{%T~&^FKrTkvh7M6 z+ng@#rS7>i%{>=*UOdVuk$_8e$6lVCl_dIa%e67k{a8(Q$fnEH4livQeeYzsbz@aj z@4fdmAGn0VD(uEMvU#0?t}ag5MMPeL&NUBM{C9&5J$}9Z0n}rQ1r71QjIaM-SYFVe z*6GXnPQx(YfAl7)i=atOKMIPgHnSE!&c>}Jpq6cvTrW#S%gD}g+?5|&Q zK(7uF%O1)~#K9qKg?Zce-!GlzSPi*7xQ6Zp84Ruox>=fc$GBvLu>?-o?ik9f552`H z2EXOF!sUF|_jt!~MeZIopSbsdW}`P!R3g!!WN2?pL*8++&oEo)Z&GdKx4imjAR%#! z-sb!#8a5ifOLHb_)kiIABU2r8xHc+c)()&(CWj5n4pM4m5Tb7L!2OiAWO)!LVgk%) ze{t>Xo3oc?rjN!nXh*oYZ}da_hdVFeAdlUocX`ds4I>yH@g>2C7cGEW6mn@7?4jY+ zHr$J#oS47cN|R6rj48VvXTYF-9TH~6_ueDms&kot8%#Dm3EFuj`Z>2;dajR`Wm`0}9&s0-|C2r=&+PE?O z+lyc!gyQ^14OS*wq3uRe-(UzeoHX+?L`SA z`gNhdAPk80$uQvObeBxeu<>*yC0D(hVE0xLu!G?qDD92qOz~-7SnQ%Ri39hNM9F;C zzYuA^Mq$FMl^Z$wwu^3Cf!Avo7;e0TgulGR5rl_J#u{#O?ZR0!G8utNj~^$7 zssSO};GDnU6|kShkCd&>_)7u-w=*GBd#c#v-;yP9ULdcx&jf+hSdadxqn-$>z9Es=|!!?MST^g7tE z@r}A6|CRhSAnX&`$toscJqK^jHz436YUlYNiO+nrGh?3~#j679%%YLMY#CkRrakN5 zvOB@i5AbZw&2U0|-^e@3vXUg?qSxLRer(v-aWiyZUAU|L=z25}=jS{cSGjKg!qG^b zmH=|!!c5iBFjcPz(zF)(KH6)|=LZTpBplcSV|g z;dxC;sx|AqNH(UC>Y*`=3|;K(#-+D$f|P~y*S)jQ_&(?Nx5;`4_jd>kp+$S^+n)ZpmX$mbaV3|g+G(2`qA0no3&%x}T z0#{dQ%M}k$1&XlXj#UvwLAl4<=@;GAQ^dE!qmmE|i^B?`?GrdQ;+7pVZie#{Gv3(G zxLt_+!DjQUv0su$51sj7(#{tT*ly8(YZ`c-YD#>aJ6PhPc7jJjKiQE&ZJH*O)w$9v z4Y!`}QRo^nYo;Uo1VPJI&r!iDH4{Z`&`HiULdWY79)Gv*|7j0+$#^YuiFyfF{|$<& znsnzUI!0(qM>IW$du~_YX55y_y#Yj9s&EdDxbZr8Gm5b#Q#Fpu4E8e)ju~=MBV|J~ zj`Z?cv(hU6YA<)w#v{Q1gU*HK?V729%{Qj+bf!bJu!i65IZIMJ0vMhw@Z_gxl7Kum zE&8JeM@iC=ruVObLKiuVk*a#be*|d`P;@X=3O`OBwdM*#x_fSE$bGCi4llg^BBf;} zVCOrxNcqiop|57i8~^<_*q^Y7PFh*uI(RlC`5?qY!x07_AC+srHS$@A1{LpZOMGqJ zrl?IdOG&Bz==4Upd4RHJEFD-y!52Rsp(-0z>)Oj3_8|8^`gGeZI}?|w!lOlDoZ>C~ zFsiGz)I41{$E$Zjuql=^3dHw*ZL>LF%GgL%^&$^*w>c)*K|pZI&@oe}%N+$i-B&)z z66x5)0h$nf${mGg^02@&j3~sr-8He6`et#~v-I%4zBvt+PLm31KyL9_^TVb;2`-WL z`US7J7tf#)okyOVzXv-_?hqus(#6Xna@cD3;PCvxfJO>BCgKPPkh8J&%9e0r0HXmn z$fU2mlXrUp8i-t*t`-HhRrr<=;vGCJgc@;IlU3l$_zW#NSoZ9h{|?yZoDJn!DO}W? z8X!Kak;JXS+om0N1G?;*uFf{e-2Hwqti~Q;bzS)#Teq#s7k1pbd+I5r9&r(1*CzwP zfwgnj^cz30LK2gL2BV7I?p57bzIHd|vaC5vczhM~y)CT&vjy{@8q_Q)2hUr z4WA`FXZwf$!pJ_?ZAIpB!mVL?tRjMq{2MU8!dJE?c`m66pbFA3^}?G~`-mwb_N|YI zNz*#!7E$xZsO+>zMp#Ddeq`e=csvh(Qt_?- zId`yy@!-N+JxovieCwSZy1kDOT&Md^e7ik@`U|&ZmnHElPT0vZaY~MSH&*Q%(>Z1n z6$V7h^JSt<+Dp)^F>kYbIAp}7_U^Lek(}U)$X3TXFu>op@`uuEB0eP=p@QjOrW$NO z4ttJC{V6HbGJ>Z7`<6I#()5cGE_hsL(D$)wU2Z-A02HoScI zu>L?)&jFHuNc5k_?=MK)*^w`Jq!Dz@>SkKBBO6=(2a*=U@P+$h%!bNW!zbmo<_{A1 z>wY^(bl#)rm_%40{d+-lqEWRx%#Mxl@<-xt5 zv+~%_7rt<9rH5n*J7U*<9vgPa3F|&Dq~vaM$l8bYhs||AeHGcGb&Sb)^+cNBAz`eO zSVw4=LhQ$c<*7LfcAc6NoAd^1P7M%lYfUOW{q6GU?{Qb(S%!IzMp{nBW`whJsD;UY ziQ*pKB$!@1vLS(aNN3XiUD}Cq;XIXJ9l884sfJU`sqe}Gx$*S+6#j)wCLHuQPPasDNF{36yUcE|G2 z5&V)>QPYQ7xz~Y197m}+D@<7=b@hB4whzoCLY8Cl+p2Rc1G8yJ1Zl;0Ry<#BtM*RY zWOW|D-#j)p-(I!1#rpExXV9gm=pIS&AN7}qOoTk#s?(YRt^){+YF$HTZuJ$V`%c7^L; zh$S925gB|&1gp)U;kFU%?wtx)2-3TB7t$s+rupk~Y(&YeD$&)Gr&!rn{6v(bg;(zK zp3>dtb$lJkA*!X5^A)=Xw(FAeFV&kqiI-2`Z>@NK`_$r@EIYMuoASFa(( zJ`WJq_=dKrmhJZ%p^vU>_~7=dgCyjQQS(Q+bRaA9ANAQd7mSk%{ddD}G=!muF@6w| z$qz3W=8udsC>`WWD-7#RB0-8+y{;;nx&0s^dts@(LN8LwFCgnAML;RMvFhQ=*%{aa zJXf2~-;b?73H<6{a~@Lb{^Y15riQ*^IkjT(tqB-r!oEINzL_bUcamGSPBB`=T(186oKSeM!xli7A%58aE{}t4fHPxAGMuQCs3aPdD=NR3QI z*}z1{yc$MK6$(gaUCNQg?G6hHkV&D#)c`Rp{1Zh1Yd!*Xe#E6i=$ ze8cLV_Q_!S9_650iJc#C*7ZE)BZoI{o(=3TOufKilh+Y6yek*O{z$j0?Ar?wAFH_f zyir^;d=!afm)fF!w4Y$#p^s|{q1&~efqBk(NAA5@`JyL&(dkxc?@Yw$^ z0ctV#eg5N-(L6jR=qKB(I6w(Z(vCna^X!Il{$ZQjD0mNwS+wShb8<|63dHZ9U)>+8 zUS@aI@fSJo3~wk4H@S}da!z3UxjyYd&fdF^7~EqMYVPBi)Gh?8)o;wG$nM}t%-bf+ z!czLGK;KFH?H|o={AC4O=-5@8!{h&QT1$+4^gEk9*lT^GDCzlpPyoRp+@U$EWga@d2S^5 zEFxUb(!G)p7ZbO=Sedd*vl;HU;m4eC^2P%lo4g!+@Xr)wu^{$m0>i?eRf>}DPNDZ6 z_g)>*5or!vQsD@5%?$ehibvuYlDy^LF{3Ta&DmF@C{oC7<2KZOo@Gk^G+poNyXEl) zd(!y_UZ3CpBxzDyLI0H+44rM!>0o+p7F4t)&1`@59Ez5oz5U=hM;ETcp9P((uXs{^ zzsX|*|1Bsod2U5~c_wHqGG02z@Ia97<7ah^5S5w_-pbzBd%8YB_L2UwQYkQbDx3dJ zowi&>iN=um3!Y2q*F+5q_+&JJJV(u2+`6gb?mnFcbIbYnwu=`FF1QT_g@uI(T+jA$8^&k)%e5-HC#or~~9p!3h?Bf;{8ZI51`ng)B7pr^SM;+Xo}KdO#1&CMnt z$rp}q6Yz)v(<6sGO4)C()3dhWPU%BA6|>L1-cy-LQ+H# z)?3a>Q1c`-jf=8%c=})fJG3dfW#(1ojjgMJ|uwBEP>cU@HJ z@WTg}*zftuQ+Za1T5VU4t44I&Q+`+_QIxJ8DpuFrpr|3DU!@LL?_O#L2TBS{4xc@= zFZy}cLxuLZkEgn?D@>`3d;79@w8HwSI4*W5e>!#kq@k&tL*45j(Se+D=ATWYC>hN8 zQdaH@;}CN6B5A2xfNt=8eQk53=ky{e=5Y0=4>APwnqXIgyc$nj?8Me}P|d&m?;lf?~uo<(9d*9m+d^V4^QeOb5o`hr^rs(G)|G~4Q=Go{!r~Bpygy!jdh6I8Lc}r7D`~5@8{1^s6LXJ)oi^FKah+l;-XZf4@{`70WKpk)R!7YhgymGM7F{uA5+@s!V$B z*g3ZF!?TcqBPA%}OO5FLL5>DRx5^Y!s=C}$*O$t5k1^p7Ghp2Rcr8Dz1DnKEA~eZT zpJnRIhL_DJI>yixq42hdY_;5QK_yGK&gIGHjx#Gy`ch0Dr<|B5@Nj{RPMkjP2d`YQN-*A}uOuMj$<1EvIzZ5+jUBsO>zsh{jz2}h+&S<|yjR7Uu^?fq^Z0F1|+a=Xg z{^`r}97Ko(IeDvOHD~$Wo74`86Dx|RI3E$XF8y{M2wuug;r^vHygR8RB`6UG2n437 z^7zp!(>`8b6m$(MwUFSmEQ4HljQbNM#`<{H*fjCbE>%Ej1~h-_X=7euT+zIRx&_HD zt_t?AGn@my8*c54VO$P#%|`J8MsLU!Gu0u{Hb`3{0zb&(!;cru@Wraoj)yXB<+9bJ zb@;84MZtdgDS=4VcW%%`lq@P04-#evX_;0`=Fd!QhI$}qP}@6h>fyN4J@t`FC_#d< zOqvMl$+o7dk6k#)qY~=N55`5t%Mu|Upf3>lvv#aDbTYY!~i<~aaC?^P%tLA1K5y9MnOclZ#y0WqAMAB1O1klb?TaDGTo zS4Pjq0?(4kl>rh|kCUM~UM-TnwIbArI%3q*Yx17tt^zn&6);e}J@DLXmp! zl-4Fp>sq1#=`7g)S9y`*I`h?cer5;9#Lh&T7aT(g=06g}2Y1c1L4(PO&4~ogG<)1VT(4v*a z@uoYLM?S*yMOQwnlq=nnOC$^Y{j0l)y_q4*Yq^HrPHwqEkN!f0J#Z1*%Goj4#+f&S zNixLTXxIZ6Bctt@&1lJG7U$a%)Ea{P*&7~P-uCf)bJ2FM2HvneG+bk%QS`TDP8?v^ z<9BS;8pMy`o^;y55%^n4e@~x%86Yx6;3IAcK?UnDskbnDgF^%?x`2RmKiM@~+}Jw? z%91GD2K#XV+=0foD-=R%K8sNjkq7;Ds8$AbcFwgIC@J#NRO)RRwuGAr>kcj?eYF_(Qm`z%A&DB6jaS0IjpH;L@lH#Z4^Fp#=;}gf`eAXXyc3=W z;bm32{NalVg_&s(I0+Ro zS{4;$pk{Qzcw)2n?j2d@_ik9WJUN%$xNat-6F%9>C4{zDGeMReZ~bw5qKoHzZv=gg z)M6mPj@6F@PW!A-p`}TPyD_Jk4CD{@a$4N#LO3s30uEoqrc)dzhq4^}xgmN!-?gEA zmzqmJszrgPyTVU&Kp}*GC^;xJa#KVVtvOjG$cFVk+x+{q<+c`^IES`~%@7-|U)85o zDKW2^? zC^G`8JnDaq>AtJkVbqC-2ZLG??}jb*d}^R>CilMm6_PrCfrF%m>7-g-@Zj!H^*u)y>tiv6)FyY;2iIHyegbs%Glf&Ngx()5Z z<9riCG0^7g^QP~w;(6#V| z!$%|ULnVndpUVjC^}(HnTu4WxFb$xnU=IEPp4}=uVr~+&I5O{!gRDykVSqTp3+sHQ z6=6cx_$B#a=g3&(n_w-|BG8HvUk<6+6l~GTIL<)X>4W$Fq!!Qrj1aP*iK~oYzjwRp zT@0S#i&m1$52wrjnWP%iQttp7ntcF|vJyFXk>VN6Alkj=#AKH0iC}o1mSzDt$_ir^ zF{7rQ4BDCyUi7SFHT(3)j~l{khF9X!2=dUllkjDbrmNB0rIe4%-fr9*igk0SeC_?# zqMM?YHX%b2e*m|k1aO_cKR`w*LPF!L;hhDoTHWSA8c2^MYSL^xdy~3ttwugl#smSClv zPxLl^X?A;)Na%a6D;QfX;wmTx#f!psSct<3sF^4uUeJI(G#)$%Puu*U*Zknr^+ZB@xc(^uF^3F+o7iKYs^7QaVC}J1^Bdl*?!O zWrVODcY?1=6!Ishod=~{f;sJ+xrK&4Mvce0O5V> zY`H&SxNh!ehXKxbqQ#ljD&FzpS_QNev|dz_*s0DWgyGisM+xK4>dCO-VIbn=zdEhP zm}z-Bo2GWD3X7Qpz0Rm65q%F2_j2U3n2w}Y2$G>&k-wB#0xa7-Q5NoMZ&K~3+{nih zpAfl4dOOfcLn_+K$K{FtwL@O80;vFhuyN=jBO5~gcI|JFT7uq7tIey(g7vc=ke=C0RrFpu+1KQ=o(HJ_4F$g<9}bV3b^q<$zW9d zb}dSgyp)90I6ie>QH&^@HOebgb{M0*A}7Rzl{xR{N*a6TJGjmyxyxu?&OR)gV4l2+ z7jXP5|D?09ZFotI1XaQY`(6s*18-$XW>?VanZrbnFK<&n(s(EQqWOgVn;|b z`>c5&Xyn7wspczBC&nR;QY`W!RpWuh81?YC07MFZ$Sukr2wmuKCJQ_s5hW4&JiwvE zElSL@nQo+AlASq0JUe!#h*0fL%Vx5~pRrX-1q9u+o3sGnj~Mw#ZRN{04cDZlKGVEi zm9G6GiF<3uz7h_z)6g0e);42pXDw1QA_yQEg+(LS`4<3{MSMccPJR(zsY>Egzp9XApyj7 z!TKENJabuC`uj%nHw((kw$jwI0>8AEhu!{N7LLt01A(;Y`(Sd6LxH(P?7>Pg_Jxi? z0WsSv)bo!Hla{#5DRgNE$SK~W0|$RgEzTs#J5w@upPljiAHjutBU{{8p)By?0Ro90 zd?^qeqq9Se#wvYYCQ@zpbg8D6yOk5j!-JG)-`!|Cmay!q3T3n@M?*CkuRJ<+VhaW( zrIlC@qZ@}V%0q=&*_rDDaE0R;HQ8}*g%#H^4{xh$kn=q9b0zlz(#|&aBlw#X*QjRE z5RNi3vFjY&03N#iKKBDn31_oPxD(`NmD(RaBJK;B%^$RW3R`OA2@E z5Bb1Gn;(dkk-nKr6)}U*+Glvz9-u;A{(TNaI_Rnq6eYtOmQUBe|Iqesxb!SntJCI@@U8Rc2TI*u~_F@g>;Gd9)JGhEUk|DW#<;Ee z;)DsXF(xSrXA)ilo-Z%|EsujH7x~t^zrO*2;?~2W``(<@j`i(GEc#xlTd=ty4|&yp z7v51Qlm$#wT_fA*SHWx1yu#b+P?%dQZtEj;WA*gKD#_+nZ}u*^Kmm=%IH~ z@c?*2bnwA{w$bj>x)sanp8?H`2!UVbZOV>HxMOswncwkiQtn zqF|Etd>Cc{;e-jaU#1!p=+579br9P<0P?6Loz#rB$K)D0ugj!;# ztW3AD;+2j1^`gt2{imYCKIjJXG^>)zEP8}+N%>|lXQbfvQcMg2h=_tk?yOItV}dO} zBb>R9)E_i-;N*=j$~8&hkgg*SKUUz=p-h@N??N;!!AiCZMW0$xyh8di0dKu80!EWC zyunr2TPOm^@`hoypLBKc@+#&l7Rq-1RAL&32;z|w5EE3QRB&>MQNvwI+zE(Ux^fBx zW*p@vlH$nXxIjsOrN=H$Y=VkQhOiRQ;JPC4(swa(0fJM6kaS#;njBnr`zRaMg=0E^ z15u9AIpQNHB!RN>Y8Tm_wV${)3Jc-!;rPHa8rxS-Y*7h7jzj`sHxUkK3&wox{`NQz z%z%nu)$+vpH`Rn>=R362DBrz>u0d}1y284m)D0y+q?R4-qIyfPN2+#r*b^d7`hBs7 ztAXkp9d>x{*GVodLA(9-EprG7mTJ`*+ZvqP zixTzm_*mFAh`Yvxf^rtkH~TQUIfy}YC7Z}ypzjHlGx>}gCpx8r&bMoGnGj+aj>;F| zBY1L)6x(=e+_3OAB3A_CHh$F>kt5^|3B;5NRpE#!zh#S(_8M->&oyeTmc>tmzl2$$ z`o&ffJt1w7`@{G5+;mjDMMsO z2%P5=B~{P$>adXEBv7cmGi^u9_p`0N2=p3r3W5tIFeoeBpHBO1vkD&)zQ;8bN=Z7) zQx~Bk0JNT?!QazBSb)8V{2k8*N}wk?B1gcfajgxEB(8;*Joq%#pd6{uqMlAhtgXVB ze+#Y)9QrYx)zvPM5s_5NPyq?YNlWx9ziyf7+d(5*);sSkjH?Y+=@UzIO4Ea%q$B?} z9p7CYtsh|qpyzPWLk_Dtg}P@NF+NKxhq`a5W}J&0mKyLl{d&#Sv61Pi@M5BS*L{4TO9s2+I=f1Brd zyR;uCQs@?~G2f5RxR?P(_pgHfE%TH6p7TI_C}z5b-I9jOBZ_hZiLx?C#>4_b0QR;m@< z!hr$B`$S!32;*))%q!6a7f5k3#hc@Gw&7*etRLz1`@H4?Y)~9tJJTPfFrep0D>3%z zKv}@DQ<~QFmIVgQpiCuk+k5_>gc(6+?!x0ciUYhpn`<~Lt?EE#t2VIJ9B@9c>5%%| za0FmJMtDx~@2nb^flXJh;d@GSHYs%`jDmx2-|DP(V!lU6)>!P^6;*xuF3&Ry52E}O z8alpLmmi5+deQVNv>ZY^v)*;TQ*33zClCjtA^R`x;~y)5#U&|Bzlem(54{mh`Mv1@ zfsFCjD(O8LPp3dm+24rhBXdJA5$DA%CevXySpxnF8h*< zbr7C~7s1?{FsgzwAaP#&59hx+-x9Dt5I%&OIwUS`I*@jbTE1h9h+q)4PPBn^K_2cr zpv1L>%7?tz-N@LbH2+K#%Ni1_YrA09OJ8o*flsvo!D4-V-vSc`ko4jy0qyvdp9c}~ zvx-Ydx(wipX>8vw!j<*89QMZ{)vLm;aVpa(5VSq3tB2qzk#vjJb)_{sOxkKM>lQAI!Q*7QM?zKtT}k?D+uvxG4&CcCp&C-4CF)L++w(`vNMVQcgtm@_EuPup z2YAfJ0I|)He8j(x`C8yre-{Xl-S>|)gkFFwnc;$TUd+?*XsXFLxjq9!YetA*4xP|$ zh0uM0Yr-V3V^U77!sX?BI3EtWo`0jPB{qZ*(xUm*Vy0*uQ5MEuq*vAOL!gwfr!d9I zHaG4N4M;eGJ7w3UE+1E!s+NL|$~(`=7^CGb^nU)CD*Mms=uPoCV!(%f~2zoBc z+h1qXsnH=LWV@MDS$CcE+4~FPb>p?R*=53(ocLYoT$5!~ho^ZLSrXm44am=ASVonm z6_SP$00~TY*5QNJ zb>P5$vp4M2CgiVJFWSyLPI3?ozrp)!2_pMtKzD$gOCWG-oRB-1mUQYR) zBhL~WlLTi?gX(sSNSKkXp|d4T=FEag@3;gZ`>G;$II*q**Bw5?o*}bU1@Z##`KGH#d(9{loOgD+V%~ z)ns8*nC#v99V4-vAj&z990sHKSYumnId}Q9q7FDGpbm(9X1&RhYd}HQv@F80{t=CQ ze}SbU6$kPW?alq)k>1wE1T;iGt>;9ird&K5X7np1K4l{zoOW~=|G=|%>8MT0Cp*$K z*bUS#sI2ONfBlH-EcU(JTG^$Vukr`J=?#b1SJ?Dmd zYv`QAkt97xE0RV1I2dnerj3btye_dIG_k^;XmY`OU*2goEti`=%tnkMG=FziZ(7uY zC@%&a%j^*qn&+>I0*)0fVOPBCvVi+4woNZ;w!#pP{)J+~#xdMPX2to0n{!O6+{>1= zc&(H57m%U!mili@v2%T^baMa!1gpHuN^g&1VOsd`2BIXU@;t!i_=pyC`9LmPoHKe1%+Ld;ET+mt5pQ;5`|ikJDevm2v| zCHNED$YKV8c)DGvzoMp*tFtBJrz-=b?~@#hHL}EXJlX+?zMj9TpxMNX=49zpdkL>g z9P##mmnu{f@w9Mg6lG$;8iMpxG&2Izc-oo&gTU~4-0hwX7$2k3tuXC(LyewdPNVxk zrQ9zP98n;|>2aBNrczSRC_iV1L-%7pq;ElGboy%G&R-l(75c}Xxpe?q@y5!>W_r|Mq+jUadHSIGB%*AMhr5(wqx&lS-=5`QEomQ#N= z)I+S20S>;Hn;l==sSFW_=V}E~nSzkCAnN80%r%t2MViWT^CGT$<24`#77>UfR4svW zU5eRYnMRep>u5fm$_tIdsz`xZ`O*8GBAD_a2uzHF(B502C!5T2P#9x10cnl;8?ZVk zw55TVgn&al+8v}R^!R`VUx!;f>zJ%H*w4uD2)kJs`y%^M(C8pg!h|F*BmrZLYM*>k zxPw6ewwdDm`wdD66Y{Qzct;>(VYXmjrr9V988DWgg@uuW-OS05GhnXoKxD+);6Nn8 zwctGtzQ|J!aP{^#CgL$HM%uDHZqVu9rQiqq+82%o8#=I4oXuc_B3tetkDQh`io^O> zuCbC}2Fo|?8IqcmE!~4Ye2F&(|M~~gNXu+rc0R#{#BLDyZ literal 0 HcmV?d00001 diff --git a/copy-of-sdk-docs/learn/advanced/baseapp_state.png b/copy-of-sdk-docs/learn/advanced/baseapp_state.png new file mode 100644 index 0000000000000000000000000000000000000000..5cf54fdb4afa95f4d57ffd6479b2aede91d5b10d GIT binary patch literal 338941 zcmYhjNzU_3vmN*s3>bwA*ki-+us*;w@DKLQkd4^)Jvq4`DRyGtH#_h`JgueFKD-Mj z-|reQ9!ZZxkx4Q$GUCLEllt$LA^wMd`Op9IkAM8*KgbgA{No@0?l18CAOH8i2V2(v zM-sum|7&$b_8|Nme9=Rf}4fBa9|C))a}Y`Wqff1%vp@BTuddR(`^Q2s9jNvG+b z-zKe=v|s-@6dTwCzVF9xQ#Qr-?|l#mLH`>B|2Gu!VC*lHfeG+}6aOSBDEWK;v?_*w zYY_h@1RD6SdYU)GHm>zwC<{Kz!&Y?QKiCXjO&7dG;0Z(j3giDu{=eWYGfiC)7Ma?B zYY=dh{3l9)&Hq)EJYD+>;lTT@X$$aAEb?}I58>)%?7gDQ9N#+}moE*|KpAIHP%g z&W3(S>5o-buZmgNY2z0NpFZM%p03!2Hmv!EmjY4aO>!0resKv7yoDCkXgnGW(;a&lV1 zH#f>4L_r@k_`(ox^(Zmioh{!2y(VZ$X}&v=uHI_YSK4IoK>$ziKoa%v;$flhThPJ5 zOerq33C37J&kP-�DEBy3G%(EP#m!cyW~)nTBt}?{jxWD`;@=?yy582=}#wS|={w z4d4kL5!vz9_M<5id?3m9N{;r&lzahBC_E`I&`ur}I9WkTlOMB)Dy%p{>|DdhWH=e7f4)%SznAgn+t9)IQX|TQIkDhtZ@GC0Hu6S(Tp6Xj-y@$K%xB?| zlOYEGxk!9yQpV)NgR_zKwv#e{m>@j}Kl0GU8Wb*-gHvS8~6?|Y@i`}gpRxD=Y$rB6!YoI^yh0PD(wdFm9W?_@KJ{l@tACF;oCxXPphj5fRR>-KQlXlu{KgOO$vOowGk zVm^+aV8p%-z-ey_dzu;O~@$HN9 z7!i%)rP9JEXR#6iee_c$4b7NWh_2ABlMbR_G>jKl<{=7YIomC>d~M#jiq-RNFfa@~ zKqs^K#|M`@?BVyl-KRW5IBvts+x*0A%*_F(drv8Q$OlW9Ah<3_yWCYL+~%N(9PzSj zAI_@X-G_*f(;+2hoj+ng^_TeCb0XUEJ3vf_q~HVxuG{+=uJS$37ZJgzE7soj(K!`^ zG&R7fbvhm_m-V+wJY?_<{?#*4d2(l1_CjS`?^+UJT>kLfzS9#$7 z-PHpwTMLDXrFg`0P;QsMz9X{pj-hs)TP2^->?Z`wa&{xWU7v}8XyMO#={;t&3QET& zYL+wZW;doTbkE1S_e>|bd%4y{0do@yO-d8&7x7PG^5C<;^W+6Z$x*pajVXMEncwN< z9hzSzEp7yA@}`Iu%KWlSNXhWr>Dtfd__i)*8kMJK{0h4dRfBq$4jG0KgHY2F$0P(} zOKwkwB;RTN#GZO_E4!aUOctNlKL#1+JBSnqQ_g~LAh6D(5XHhe6Nw>IxY-k*CU;Ga zkT$n0@cx2YR;pxydCO94b&BDcTnN(a_tvPO^G4Zac51FqDhkmD;Y>>lKO#X!7;c8EnL88SUtHQT-iY<8HGz{1u=f=kv$`9siq!Q{N$^8;{N`fllOV(6Fj~o^MR`PcPwu zFZVsdV}*8<>FGK(sm}$j*UMzB<4=|DCurICy6euK=w}E(BSG#*t}p-|qvWyi969eE zp$k26$VuwS+_Jq!tanFh{o)@jPdhC5glzDwx|mpt!TWjsYc!5j5F2iOe#oS1+Sabj z?v#VWN!4sXT~zs$%WFTVhWH;uHfN(_x7$TDVZ}f9V9T7Q=ymTb>n5Xf;(l1-{^&&r z(m2|b7<2HI^`FvUKs(WScEkt6Zg%is8#rWWckUNW3PT}m;b0b5ChdNaj}#UTbDbng zO9aqyIZI?5oC(LJ79=g7wrhx+ZI?~sa-yIE5$SBAp_XPzAj|7H}WYg zkNM^|wh{P5NO{XDo2_v2u6*kW*;^D76nFc#B^nq9-dfy!Fie%GWG;)8r03IG2Uxff z6_x%d4BCV6yk1)oidg%_MfU0P8Oy40?hFew1HP!gzlSSi)A_a^utkSH-QF8MW|j*d zjZ;4uTr?ih&<)f&lCPHIs7bO;XD#mMYnt#tsUK){Doq%mG+^rc66KCKDiRpw}Wb{u0gm#Jtt=}64E zp5@I!DT?14b0~oJ*^I8K+dTxwt`NCfW=mDnZqp~E>baY5m}bQ* zkZdnXav94OyHBB2wTJ0MDLzfa_jctx|*?Z^Vw|j8Guo_#@Ni!#kc&wM|bsem=9v{ z#_}1Z9jyfdg)7cYJ|6S=?a%jFJzH=D5OD@hI#9mCxXCLHo>J2f5`Qh@ahnDbUES^k zQld(}XNtK+HKqZMnbqLvb(;fX%+c!o)Lb|9gUvZ5%fQXB=r;7MBY5FTZXk*C*q+6R zcD6_8c6qfsb@5w(fbwcmZEUBe#%cDC;*Yt73 zH2ZimC)NEyhJr1-_}#ZD)&0OPVmmT62_OQx4XDr;zU=u_q3^O%a-ZR`-+_2_o}C|D zxCp85C!6%}n{NSTEY{(>qOOJMyma#huoSjXDOGL>Z&vOCwj$S5dXG}JYt5coo>z6; z^rd$j>*;S*fzoA*x+j(Zikwcr4``ie)6V~3s_UM^Xt8EJcNrMSIJ%H1wW7l|H_`}6Ha5PX1uI$V#b-}N3b78x9H?rcL)0vXDBg@ zB^aFlbleHJh>KzPNpXetV97*b9fE*)vr{odbjF1c!^ar?j*@9yKZ{rloSv;TBLo#Q zP16z@n18xH;#_f$W51Wru5}4c&s<`LK4v)WMS??;IHHnsmcEaZXwlQ_t(34Nyl&8C zN=Y{_R#j+KM<9p+$qpMqN6K1M*#<}Tb<(; zJ5;bUeC`$U7@okzo7L;xx(VEG_H2-dDfBXgd1H!O?$m)`Z`L{Rh7d1at@d^yXoqMr zsceX9d6NBDy#rMOzx;Ym8_YcC?OxF~00IEL3|?e9;J(+2v5VSBrHD5Q;_&yrow(X? z7ztL@3eCm;JuDMr4bq6jSVi({Fq zQbE@IdNXsl0kTWGJ`qIfG(@hc{IOrSieVbadf6zyb}7e`M?*+LOyB#rM0ouVo{2MR?vA65Q!5Pbf=b5xY5<6)< zp3L<`;JRnK$v5~Rr1+*mI9MvKFITnw2Zb!*rzXr{_xzNk zRDihH+Wba-B}O)A@CW1W_WeZ_G6+uEAOt*R#Z9Dq`A!}QHtoG*l2jDb26b1XoShHxzR1lIVkD zW;_eUa}H&A!N^7ARHGf-M*HIDI8dzEwCXs|uUc76VD@YgF!p?X-dWj%gmgUX3f^|S z!?&9MR9=>TlL4liC`4XIGnk$Dr3T+o{Aci|Vh7utcT5z{%Y14F^Vio0UKi=@ov$z7 z<9RN?GOWmD-Szndc`NQZHr}D)C}2`5u=FQZ{oM4T1ml_=M!1fKoyGd6d4S}TI2feZ z!kz?v*ieq0Qov90%X`bemf{{s*QtY%Dwab$m!Ek<9Am{iH4;F$$JQb5*VFTC>KR1B zpdE9P+g5Y{lA(8f2!X?FE~2y&a1TPsRU^C;xrh}S`OY@fVL=ir4O;t7SI@V~`Ow8M zu$|AFpDk-LOP-27;B}phVtHOnp~I+=q0a@OjO~cP?dsA$CsSl;ilEx&@8J z8r4V#sTl}V9FsYg5cx2<$0X3leBoR8^dK)AF2nWe4goMt{Z&vbAMBXY6m-v*-PV-D zzr#h!RA0B;6fIUf!$^5J&56#N44al*pe*h?t3Fi_k$NGoz+&Ccfar{dEyA94JK((= zdD{fR7!lj0AumrT0*Ltnx>}%SnU6Y@;eLMCiQ}Yjp+X<`F&z7joe^_L`&52MRm|x1;1&cO%z9Z%Q9v zqu~IOL=5K82>&2%`0J}N@Iyia@p%1G(g+xq@AIJ(clo{auNQ4-P!KWl11bDROp=LX zjn?#8L?zAF5~ZS8Q5wcn0m`Z)rt@)8=1~LeYw7O$z4%@Y z?Mkb~-XJZ}to7$uErVUIP)Y}_AN$@8k{uo;bqq4_PUV1U|MOcoDGb%D%~V z=?TL#g&EsWEl!_FfVD99_bpk#7362)*5{8}**EI`)EJdnqOSQ^O^kXeS|{8vR3u~U zEAFKW*wT3yD8Os_=>U`kwdQr@xbOr%0TU-l;)(bmGDwz% zZ!0YX%MU(@l0|eh1L?G~&}Br_TgD`@%5MSbdw?&W_WYQJ?ZA|s9EbJgoWB0DeB&fv zUyw%-hXiOJg65mSo3}RQ=j$!t7CsRJn|dfwopF&y zqCc176IrVZd^(g!%Hh8*7#4&Uz4TVm9uIV9=CRTrcIvwsH^6#AxhSM;9~l%4@gTKP zT~5T78Ca(uHK(H&lf#|F?4Is;S5|U4C~%8FdtjR&iK2pNw97} zFbFlP{=SV|Y&3-q2%m`c5+=#WS(3OSw?j9$qe_|@eq)^LzM7wOFaX0x@)l7p>y^S_NCm*B!5fq%}a_Ypfuv(D73FGcU` z_BJ6iJYO(zEteVoqt&VOu_jDN=A=J+xaPZfu%J$(%_G%|p9E`CRZi=Gbzgb{CA7yh zp@4z=%xzr9kQQoFHRi2Ug$$GlmG8f37yA$vzsq6W%jJAV*=?P5cfZddcpRQ`2@PxYGk=8UB}_rDH^Eu#3Mwu^y9;QpO3K zXwfaHfKBQLW~?Nl5i|6g)peS(97$mG9hJF!S?hdsoVeUh#qPiov z)Fth8pk36NHt|_gS+;{~9f~{zES7+!3=hZeEs7^%?&%9bHKuGc_;seU<2PYx3sEOE zmplVrj{pp(FweIU+gm`>{0NC(0}?4D7u8_2A%M|@wmIsq2UtoT?Z>8RV1@-qy}A~2 z0Xd+3dR5+46J~xWC_OQN{9g8|wOjyARR)RG6Ql#66^t718}_tCguR*$V!*vv*Nguf z5Sh|?`KW&Ee4mXWa`K@>#?g1`_MfIE!IiU;F#}wLwf?DCAjwryU|E6*om|5fs8pf) zuX&tPT7M+XLJU&1k~xj7`0>x)g27CR&n7!xvO{oE&ZNPr^af z>!`^$DfW!_RmHeq2_OXI21-K!uo`(s09Ph=#Gi{S?akhCR-~;JH=6fQr~j$UsM&Fg zt({EDP430WebmCtLYW`1F$*Ud`XGH;E|^hB6{f0pSJ}nuHHoB<}GC% z8M1pCMqGuq-zw&cb?3NzHkU zqdy4lIj$#PS2N~O_mO`Uw*6*CuRC^MS|Kc^40yCoi(6#&Sx>ks7C(xI`C1OB35b{5 zi(y*Coe!hKG45eb-v>pyuaniC$A;8L3Q%6Xsf~+5i+UWGi?>6RQfNx>IUSqEHL3C^ z71r;v7=^CyY0l8_jdMTJgQnkS{5pfocgU}PEsr;TVH#ijNA#|*VT!O8(X)VR(0q}D z7Bb4?ylE)(BLWqbaTid^@bT#>X-Ya~yimSJm06vLUuX@qBCi+oR@RB2Rg_YS%Mjsz z*f}d-*pR9hq5gCRbx1j+eqY#(qV(jgi{4qiVcFw#Yevu1U(s*NZ}F(8Q38e*kPdZW zT&qnpp|F7wNcrXiTxl9i2vhxrr!@)&<}s_%n$Yp%5_kx@T!#=TH+Lu*_p`RjKu?>l zjjFSJ-XzT9x93;Xr2fQ$$J=y@Wl6kmWTpi^j+S56VOAPMQ^|K-C3>x&M@J``Bi?Lq zEPahx+ESl5#A@oM2m>UuRt^dhY2W0C!|A7gu3W*!^}K&B;+7A-2fW*mGP&vt{0ZC{ z^wMnzt0Jr2o{uu{;ufirSO6p*9#kYeVGCi*13&PyM%^p6e8M|xs67j-jKu?O>fXRYL3D)k|_#7lta5iUk|SATrv5h9c6Vs81rIjzj2yj zRwE%ewl5e#ddI!e246(dh82jbjvRuCQeU%+XG3I|Qv`tSz%If^&6qg_xY@4fthHNb>Qf06^{VtvEDaNSy% z@^pgdjJ6hSWV>5QOkg~Yb&m!uQ@VgOX-rL#ccV9c(XWPth&9mtWb_gCdI1 zuUxCdQkE5he+=zP1v5<&XXt6|a0wsu6s!Rl{0;0;khQcFL6|?vGAlKtcS}i#w@;<3 zGnJwsNG?j~mhkrC-QwFrG#f&Z$8wA0K0%9#{@S_hb{fI;2KigUpxr{ZMSRBM9>!ofsuFD&|rSO zsHUa%IXMRvIl@A6L3}BWUP=fS^!M_jUVyVi~XkN?u?CdTLd$ z3x?q$duy(5IvguG-wxB4Qw(wPD54J?R31#}jq`Qr*~dWGjKx_Ov!Trv=i$morF@ay z#4_mb4NSs_1(YjN%Gn9~I)P$u)hx(&H+6Q#(le)@G0#E3XLDDQ7q!-#Ms~IDkh78n z2n7lsi=H7Dw7#X6(cv@Y0YytHG;V4R{H^W_^D3hqF*u?`xL!!6;wxiGBWwIx{z{#w zv#XyDF<1sKfQQAp^|OB&ofqJYYLa{(l2Ue_J}H?sv9q(oZ=-{$18VQ@Y`BpiaV-s` z7i@V}T=CiwZAk6e_QmJmcWrr@gF&|9cb8nz*%llrSite|h_PtictDvxyns1lQ>oRG_I6Lq z!mpPzYOCNDQV+fc@?7yZuV;A;M}gH`!6!R180aQI4$9{FU82Kq<=&U^;Nf$`ufsg* zT;2Sm`_x)c*B^(<>LP~)Z)($H7GOeWx9uq7sk35bieDoExdl7+T%haB!qtG+? zbgreJ4mVxd_oQ@mIqWmiA*i%UP;?+koxiOMIgo$t4@^qt+lF zpl`@22D)TDS7qp|ZFJKVq*H{Fj<{yh!TcY`LQSKH^e-M*3%Hymcqab^2b=g~I3NV- z-(g#znh;T9X@~>S4QHD~)+Az^&-C%hQGLRj<1N~=Tw!NA`C9;iER>0oabMaL_NC6R zqYT>-1!{`;$xuqCt&jgT3>-N66IOTZH4LNFDg}`0kvVsa&<@U#*H!ddvRe1{mAuw! z4&J!+^FYI;OC^*$AwYLDbWfSgXI(qX*d&;| z18+ez%^YIHOepdfY^wJ{Rs`ww&0Py#G^oY5a$4*?tMYDHoqrE|<7&|W2!POTHCf9< zb(G+zFz2uaYlG^jL`U+EYB>H--!U~9q;E-td{V@8r6R{>$Uw^5y0r`_42|o2MnD zEkGF)LS0`f#sW6|>;wd%UJV(PB%b$+jzv{fh&CE~ihZSkX zo$(b_APIaJE7tlVlI`Lcib^74w&-j?^a46v{4HMnH5Zw4W?%W^+n@LpcN z(7$8{mc#~Dj~5Z(;=WL&Fz>h>CBx&@egab$vb(e1G760F*vowpgwZe}YN6I=#zQP@ z!jD$BhYe(`rUw`gA&~Pq^NiQu9Y8R5!-G)&+7slQySBZafKx zkOAxcd5IOoNqla((r@lv{cSA+F1#{8Hv4@E+)bH5 zS(8l2CNCO-q&@>6p{_tX79~hf3UoXIuc-%Nc z#I_%-;86OUxGM>qPRC#@N`h|OiuT3k?E1z4EmR{Dk%$?Q`z-0o!Rwv6}l#734d1+IY9XlhI zsLhGRuawcxJ2M}JdgE(OY-d|?cgOz@U+C)-)B&yYMR#vPvuaRQuN&JOqRgRm_h#(^ zVmjN4!*+>=`S@l*q5E*WcJtmk4%kkqR?h=ZBW&*IH`jDW$e4Wj78L2g#s_dNkn%PT z9-+xlrDO2Ncmn0<2*mI6M7Akvxgf6x@edka&!bL9(Xr|q)5+JI-+NS?L#EDtTQ)b- ztf8{qPZa32^X?@89k*?_XXKVIKmu-hb3MFTvWvz&!cjM%ed>)OFWzpnVNzZ7=xeh+ z_Zyo>9&1+~e>r=f`;H@L`9XiA>-p(X36h?zFKjrOTW*?U^HoCDpFX7-IRu4~Wcv)C z0#j?*dtE2A$R!r+z(yACDZ6pV!F*!z`9{j5{*_vmrhIIr>>ok02#qLl9#bV`1v(Hg zT*5Cx%&E9)*Vkd$rD!2Gf+x{W^Qr)EWge_j|F7`w+?auWAElS$E0B6gLBIgyol?7JKx=U1zN5T zr0b}4uveiQ&83xYOP`7cQRFbiy3GukxRWT)#?NL=ji^yu#fHug$v2jYfp>5Tnr-0O;caAfP^e_WQlmnD- zsW)37&VXh?oi`Qm>5q!ZzJ8qf5WhvpG#N!7d)IG{^r(ss=Qg&qYqDb0{UkA%9??ht zz&f+9NKQPBI!NbNotf8#PXyWAkRZVGp5d?QDEB9Wel5XvAjLeF?@?3zxVVa#wzMx2 zY=t0br+89hGMy%WCQvt!JIDEfDWdn?v+@jB?(iHyX9q~d7gxkAY9c$`WFm5dkD%cE z&g*6Aul7xPcn#Lpx)<{3n-d>W{pQEk^8+*V@hlb^4Qdd@&>!w9PZjkOH{kZcQ97t| zINXAekm1xo-<@U=Xj`(YN9NM=+Ye607)iKYg~&HE7Z=9))7lC3bbg9w!Tkex_D+cy z0%HM{9ww7~Fp(n@3y>b3W(1=85&}uW&ZOnbj;_kmlvTku;N%~77$1;K-1A7TfHk~y zpocrWj=2p{0t-4iZF{Ug?(ZNJ*}_O53LCzg?4b?u;tr_FiM}cYz+eju%wUb1oaxI1 znZ*M#<5>GJEd<004JyWbE!4meSOw_8=aplkjgE@b2O%D8G%*C!)S4(WYSd$tA&XRR zQI;-(qc(j$xGhGSJ=vHBN?BSr?gkD@(4rs3JD$?g7s4y^EXTeNkB0urJ!f(%uN_S1 zNsLoq)Q?1LT@^VJoJ#8DM4wfcUn*BAqan>ZcL(cVTs;pLS$OOhc`FZE_7aH`sJSQb zaIe$pYFh2rWtW`W2WW$;onY{bN0kZz%z`pSMX9p8xPt7PoD5Hx8R4;B>$PO64B$}s z$S2@ezy&J!ha-aooc3PxR{&a4ofW_H zEMLp>ea1{*m7J(9 zR#zQn1%|r^-sT(VUw}{=v@mrYE)8bfwf+Y108#P!V33;KM&WgIl^ofot0oW~b;0Xm z8`pXcc}XG*uA zH_8TtohvROB<=ims%B36K(R^}Ch0qQtTz>^Db&`#5iCG#$Ipg1uzB$9J{;wJz4SNR zfcF#j0^-pONIH@;<{D}=ep3!MXKtqOK$pWx0_J}M>DR#D=@&vO4AwZ*v^IOsdiZpk zYF%I0G!$$1d8N)g00sFE=nw8aW3)owXHlF-g&)=y?!Xn%O~(so^yDBHe|tZwsfq&R zy2E<$%CdSZRlus*9Omc6^&iVu2XdYl&emBwv}5y2t|C}#Q;_`t_z4q-_;&qmTl9-+ zrEO}V`Z`g&nTF<^+FPy?#t=XAgu#*1Oh`ZP z7|yM%cP4|e--=WKtG?bz8We35fyG~7Ot2L~c0&4@fHKH;z{^C-G~lasDW^Qr67*1b zHt_owJ;F@=(qLiE&@mi_fGq3aKb8avD(^}o!Iq#OngV6LzBLu}Bw0bczSoLt?0c7IWaPrOwyD~wmnn{AAQ64hLOT`Z8N z$AgFuGtd;$LL|^1sB?N?exMo+UcjQgosFe1WIskN6aX7Zd*f*jO#_A+!~QVVLfH~v z{oO=AkR7o+E5(vTIY=1@KpjoS_rn9ZD5kwp#@g*h4LnWDuuo~B+zC|Fk3Lw~r9#BM3#Zw|MjwAvXKtUM-Y z#msXMM8GPk3Id|IAaH1}pLwC^s(4Y^H&&Avuwpg~B#;NfUIbX$tb3THbX4G=fG`DL zO(kHZ?9$rNlXVigCKc6m64Wez7Kkw{$Eo?$TMnnn-=ySA67aBt-pa0UkJO&F%v>Zh z2V|gP26D?hRYe59eb>;yvJ2{?jiACORs0R74$d3+CcgtaWI9*mKv~Wq54bvz|LH%l zpu@JCndA*hc2l&-0J;4W`z22R?!S|hw_n#-SrXHrnB430O1^;8OG1T0xflLlwAtri zUJ1+IO?4&yVc3e(>(a^Ec0v^Cbpm6<0=$DyUo<>@YwWVBWP*iH@D|0(A4?J|F2CqR^?O@zE+JKW4XijPnA?;sY0TMtMpTjOb15M_V z>EiXuNs0m)H#1E10D_!QK%tyMNb-8BFT(>Rio0_}d?9>{SSyr8Rv9gu$c@ zN)7(3k3ZSOfK*EPXm`0}2v{};+RE)%kFEi@T$b^R6qjKO@w+eYjyKfQ-W@%X_W}HK zV5UD32ri19X<$Ztd0vH~O;Y=5d)HZz?*9yHw!_Xxs_5f|$yc>j5lzr zcf|z79rOdt8%91t{Q?3lTMLZL@i4oB3C4=1?yy6PMkhyey<}pZ0c0sv?C)}>Gs-^w zIvTfK5?+jx46w^OxryN4Q?B-ak%JJ)m#)n5u)XOT*JYhaxM z-IFeEfj8d;xK&}N#Q;gkN8=K(s^f|(1IX~PseVzHIXxE;A3yYJo7qKtem_2wJ-B9C zYns0F`e`Go^C1ote>G-gu?6BOJ8WJ*oy;J?V|hoaohN_09Wt}Y5Bq_lJM+Zg)(oe^eKqQ`C>TUxKh4#CIPLr`5uGAHrgL(#LTs(} zMUIdF$;1j49)qg`NA3vezvH2~KTS3Sv3-`zs9?rGr zWg&-b;od+Xa|_2uXhkZ4(j+V`wN&VfC_dkj`8CE=$9<5B@Zo2TBwL^|vF9Cm%Pr@s zN`lMCU~QwI_78p&#|bY4_SEPf(TbU+wa1(ld31mQCyW@E`iJHo4TF22q=7Enc>q>r zfpqny<}$E0)U%j}F=e-$DKV;T%Y^N8$gNgs7d3EtX-e~_CqB|sGz0dc-Ar=k1hS1tbZ|W) zcRNy(QBdwwKqi2tAR^In>;^w~paik(xei-LpWRJ^&Pl+JgoMWU!tzHvn98zu8sY%B z5zulhbLOXY6VT>CV2v`F%x@q0K!^DIX$c=B+6DTH1soC!T?BTQ&#A{0>z>cDh+E8O zpsXm$k0bux?%n_s&mwpW)GAyUG5Ey{!BZSSSqZ^I8F3 zR$GN%rwABC2u#Zef615ZW6Z}SIUoVq)7v?ez$~gHYnk|lfLCXi7w17ytsy1_PLpJO zZuRYJAIJXPAfPqKDC+pL#)!D@EVjU+xDf2vKa5@d&{ai4rX*jS_)*>9+_<{+sBC|F z0^?vOU;{Q`i{m`KTY25HL0vzm!fZisfd5)QT!Q(TeI8U%?*~>`CvD+1giBSebb;{( zH@rJAmVr&bl`N46>>ac>Zn6>!_``W(Emk|(W$l95#S`EcO9GSKLk7&h# zW5Yl7A#ja@aZFY*NpGAfGjPMKxb?w@5}vZg&23e?B;+v3=At)p55LEDM0h_0`5}B9 z2Lx_@<|Ghu*Y{TyQzO|I5gEZ^A5GekHwUT@+S$%QpOyA0zaUesYWbn@?_HqvSf6@} zZint;`i)Ur_RZ`X{JMyeKz=n??_i8UUoKI3;ty&CeRY#4eLT>2p@VrJ#UIIkz#Ih2 zqKi1|3`aUEb)38XJ_)PP^w0ZqIRdH{`HVl~+G@?8!m3a!as&Hvz7$!R+#N^%wfMt1mxW0E-HF8eTVo*B`8TXX6IelPet!1b<9>psClPRRLCW=T$rS zRW`apibg|c)77T(m;=-Qx2 zPr@ozqi|1*9EPQ&A9ok1)f%P5F}q&s;FnFRH39vQ=wmNWG#J-prL0Ead$V6}YtjMbdR`If}&4Um}M`Fv(<0 z=FONKOa{Z(kLWq4cedLBW2h>rq#N$B4`}o|B!91h3FjPEwe`KN?MwLN72*(h-Eu`Jq;fvuoEr#d zPb(HBZk67h>?b^rJKR>k?-JsD_W4r-0w`+W)Wtm=K6T?3uJHYcSn|BX>&HVr_8cyH zO51$>B={eLcPw=!%HXZdPbl;^UM$$E7#EIL*qdX?bWL^~nz0p90X^CqiG%)~1XNJ# zUCEP60|s5Lk?NM01YjSam${%gjdV)q4bq+L$H3S56rJCv_@o?H4ZOEn{cVf;+8DHE z(fbR)%YGMhgm;UR%AYZreC)(OI~dT9Zv<}oUHU0B=m7EWeG$Lr)$l?&M*Sp}-}CB^ z&BsGVU;!OUq|4_BviTou!|-?a=q=Xx%7#YNZR-a`IQ-Vnll9hOji&dj@O&<X}oYqS{_;`1MV*f)Wak;MRUmrl8rG>=`zIx0`H}5RUhFc|=fuho75=1*>NF zRfiw1zVk*l#DDoKOg0l~Rb*s}@NNE-GhN`S2{;?@`D7E1vcUgR=RGU1ecmnTeZ~!E z3g`8{ceIorN>gF6T|dZB;JsP&AOoOCy#w_fxR0}Yd}QW*S_b}_fZzj1qur9M;7s076A)6&7cqwgx3K5Zt)j&L-ch?*1>7u9^Ee$>PNnMg$1>oXimM>FK)GTDMFNa2yuDFs| z$d8aJN%-h5r{f%il##Y{O$QYr6e2zd9MSEgBkmOmYB)T=#7m_wpZTMLCeP8mN%qDk=(;<&9u7wcnlUQ6LUf_#a3cGq>C(!nO)3i`zIDbpE9Wsp>S|1 z&x?^|t9t^-u;z>cMlO(eek?14qd9+c9ezubj00}lu>}Vns`^Jr*o4X4nZAE`VeNfp36bLWSQs`F(xa)5z~K z>UqWL4hSRtXImo@i->?fiKFA^FSsm^;abGX;R`-+EuR`9_p#WW;3Z0`!_&uR3 z7AZm#+2(y&Xp(i8%lw?#J`m$Cx}%a4O{yDtX&0T%PaMk}k#Zdl8bhCH!MI-`^znPXGj0 z*;336n-RF4Z{35)E>{V<`$EGZlYS+nH&Fra{BUMb7Re@DC0GJ*DKcJoP$_Lb}YGU4F2tLZ$Yk(~^E2o1(vCy5^S#S zXZT}ZjpgYmI5ehFScW@|e70GZ1`kd%B?8;h#|9Ye{ssD%+4{IA_jO7rmUV`rmB6R2 zOCf0&{vPcrS1t>`$NP(4aVLzd1=sc22JE*&PyYEzmVq&^7o0v&;DW?h`q`$utE0$s zecqe6*p>vIjRz1$+UW%;O9^N1;m$koWPXR2`i)x|`C7iBD6cd`E1Z~iv)*EO!7rZ* zXAYhV!OcAe?~`1kq?a-HD_`(>t4LjJAM0<#9O@(`R21kG)+{~*5(&JlZmPo!RiJhi}pYjU{DGG`-u(c z^j%2*Rj>q}EB{L6x3m&3g1#IkYnZM;QvSrz2eq#R@sm*H1jSUS=M0yy0PFIt+1XNS zIJAaE=Ux;m*ynD=4!;rmJ|Op1x0`|nOjg{!I{68+Txu!&0kj#0UpM6i6Oacq@4o2( z3vS)5d8x{a(wE(lvALEKq%QT0+s*m)+q`Y9D0Mq6;kb9C{ z+PlD1Sj67S!= zHU81}h-U*2^jTou@%g8L?1+AagVw*QOEaH-&4BQran7)@y&jLsmc37dB*0t_{qdWy zbtd`o z;1^t|8f>ai7`gt9dm*JY>>ivOxr~+dVSgyjdhH(8+R<=Eu|#di6xpv(V1HyW1O=ab z?q3l2fnQSDRqoS?9uXnbB@@hC?b1MBM)T!PO}~wGEY@>N+2YZZm?vOjPnJ71qOxH9 zf;agFdMm$I)e%10i`-u~yc%%RuB_!<-DwnNBCOt3!~jINW`PcfwaUpgBp@a!>tTA_ zd)dr1cCG!^E(5JtKz3Yl7!kk`7CceY@4(%^^g^bO)4Tt$f;*W<{fe6j?{`+1zj#mt z{si{IL`&CtUCY|Cf)xU-B`bL`=cRD;?;3Jmm~{c92He@(riXrC=aU>4cZQ>)n_<6_ zd*RcvNa)|6Bl?(Y|Cd$5Z@g=O-Yfh9Z>Xf%Zatl9)*WdMtYg~(imZ*QLyC&WFV2)&4Nan5c#%iW$ROB7-fIlH$`bbgu^!a@WT$5j_<`2yT9l-%~||YrH6f- zN3+S*qexf-bg(k$7xGR@tDyv~=9xChwjsNuhYlzLq3LUYJ*W=+^QdI+1k5h`1vHC#-zi{T zPoQ6+Ln`4`)!$Zn@^%*Mc@QXMmx{U*VOSG+;ayxpQ;~i`NBu3N4!pvy1U9Ujf*^F^ z?%ye<8JW1(olgK7CfHcYFVUvQSBgLv`*Q-GORx@^F2xVXSBa&BW~d)NlZEDAEKXO| z;wD6_YLUJd%bHV-sy`Q(p~ovaHou;24Gs-tblhJ({lnzCnld?aPd}(t0NsqTGaETJ zT0lOJH>gAU@k}!7_3m~ApfZGA8KocqDa;EX81W7l!M}I;VEoVq5M?^#IR;Pq(+J#1 z`0(5v*U#)?ouYZKtBPLVC4Wh$UKG8HqGBRaaPBZ@)6fm2+(m7gm2I2>Xj+%^sCW#*4rmPK=gt4a zne>Wtyad6@_hMy%{{|))4r?F@RjTOz@@@hDN`~mH3ZF%P?OW+cV!j)mzBA+OVrK!U z9lp4D#igAZj&~l2*=hipgyxNKQ*~gPONW)b>a1AV7{jQvikc$=F{eYEIJ&-IW+E7B zS@h3OyvA><=STg9I7aE%=p*;U{@}CqnoyNxusYqH4J5$i%zA8=bVi4%<4}Hc=`7)f z^A177VNY=-HThv>ii4o7TLHqe<}-3PvLUm#gVs3MK3mc=Mjj7b5SZ5+-E*Cpw0O$F*f*T*7jQ91u_E( zx^=S&JD@4iLg;e(`8Ta6-CqRIO{ERw{OvbRN@B~swy*EKsX{x#VD`$ILScgRvoG-7 zox#l`v_%nPK?7Fxx0Xe5rFk6leW8OsuZ1`cy7ejmu2jUOD1s>mN|(wMk3GKAnE3;- z%-o_iih%DSu`Pl7bv0{Asp=0C_`$H_mbURYE>GgQ2rL>trA}-ajlzu&|L`;3Q%bTF z6eSy$?NWk&UkgEgYe61zVIJ6clYV!B$kI>7sTOHqL~K@lF0CwMUjM$6jh?-*9a17NYs8mg_cV7cJCb(e*uL_$N!$7 z??T9Y2^>B3)Rv~NEgkmnNZvoU09yBl3gN>kz=h+Z$06zW8UZ}QdzcdtVYl9f760?| z9`XgyfD7TNk-WzSlTMQO?GC8RCUJ1ysZsrm0IdHFOMNNc?~4__l!r54d@#2>&K-Wh(^>Onv)z1>g3!5aPW~)tbxpM$E-!{)drNYHKpEU^VahFbd|9Suv>11R?5VhuPb*1$CA(Y$ELQd!y z;WccH z;2$$C*vX0Ag*dhF{g58{_5*duMqFT2^5K0dvx2uWYP_2#h^v0TU0pXH>ElgKSty#}k}p#$B)xwsQ^2u1yc%AY0Gm_+ zSk}WjRBX#9LwWC1^De8$MGNbzI~(47LsdiqO#d{qyRj}H=L26bxd#PEqX;&5Xykv| zv9Pi|Lw|2eEKAgALsVXgPBM$83e!&Y4$}ZT?V#m*K0x%6;XBG3LWh6AG$1L`@!V#5 zImWl~*Vq+Sgc#Bhz{}>>3+AaCxB-pZ%e!VpSjSx7JuRC1^ zaqI7Og3ki{E_JGtQC2c;74r_#>Wn;EU`uyvX_zAXn}*02c!Be$?-kUyhW`Z}gl>X> zlI5VurV*~_lAeQyUu1EpA82CrWxq1h{2Hs!A-e|7E-xzV{&u)RaET~?Nt|coC1IBV zmSTQTWZ{dJADm9TQvd@8&Bi|~C?622MAgH@MN%AM*P}h-XPVUS5&J1`ux)@98k8;z`=(<9jMlCe}Sfi^Glb0;;{u;~>=-CH5QGbnpWFgUP>x~Ttu9plYatD z8XQMD;h*4MxVIF0pDi>L|6tkBtQUhC+9Z}LgK5}nZ)m{0OvO)qP%P^+b|VNeQWf$H ziYRI{@0AG0s4w?k+`qWIauM+njfL|v(#ECf$j(=hPS4vW3v6^Mtj|~HH(qJFj5sW7 z!!dO(;0*14W`ZH@f@$OnyW=Z3KcFYrhY@s3Pfg=IhOH8(Frc#`0XG})?SX}M;^bI= zLgDt4a*+?h9mS`M1Iw?ax*`V9yr8j4`_Rmxt}br=Yhj3<%AL|f0Rl2(czL%EZT z$VKBHKl^GabGky=BU|#@bn^;w!SikI1(?v~da5ig3TKSoDT_>rfj;khY3x%|Xa*gJ z-Gh=^eZ;a9x~7t%NUB{TB-kr_9jO*ENZG{;2T7Gqnjl+}4m@Cl0!lUKt3OT)D7%|K zd8%KI_hK=~)B?hy2WC2Z6+J_piLuyuCQz%9yey!uKNW3|h?rN9UN-UY_xoNilY{4> zFW!OFp0@vC;QcpL1_!hiVhRsf)3I^b%1zKn2Elb@Z047}tzp_?!yaIN6$I*+)2~K$ zkCU?2gM+qQqNECs)axXu^z2x1Y2>gt=<^IAHzblf$R4 zvS^5QC%uNms^nW8?xCA9NFG1*0$V8ZtB*9UfT+X#{>gmMvvhu3U* z!MkiY;2q5_twLy$VD%pE;w5zb=nDT?Yik!eXhaCYEBfuvz^7FVM?n3ry!VJh@k7Dz z1%4xW?pUr4bW>9NtjPS1w9iqRFCV?<%J9*JuTiGrmAPDt=@RQYf>9*1sIIR$Xxp;d zw+@MP*+47g6u*TBLGT{nooG3eT2vY6x@EkM0ay)%V&*pq5ld8BZ-lmfw#nNUM57D3 z&Xc2y#F_S*Z}eFLXeAfcXbZRE6mO|(tKF%&QI>l(@>}6pg8=yk{$2?xspj8jTf#a+ zREu7K#S8LKKpM(xjlLfEmCYi#0Tqi-h7yNa3g@=$x%&8Ke<|2&)ZaDC`+|ihblc(| zLfW*pen6|N%g!%>x0in)SNJN79Zp<()7aR;pC^}&ABM(K(%{?rW7 z@Z6H>;eF^Y?2*u}@Y^=WqB}F7yQ(vQshCbxZrgt=V(R+;3H zeO|#~ux_LnCIsny(<8nel|cn?DBwd(FP(DxI%4$~-(!gH!~%%@uMX3R9^Cot4(P0~ z6s=eY1*bnTzvPfmv#~fEdjv%KH;+JNo9#gw8@#VhP~yJRUr>~7xrB?YAwjg$J?96T zB_?x^O}`|!U)+M9sE0iS7Lq?v0L?)RLqDK}n??(O4puO>h_pKr1F~7Lq?axypt>n8 zP8EP=Cj zHw^C=OT>lDZ&2BFzJm8L*y)Q|_wp``sz87W&b?53nL5PU2Kvw;Y$%N1`UW4q{@X|K zBN-aqBw(`zMucElq=h;JdKE17=1U&&4mLFKezd&+PNj2SEZBqj%>|3c8JWs~N;k-U zCmqNrrH!FidZb~WgyRm zx7^A-Zf#3mh`=-81;4zYam^WzXKJ>a=+X=StgS);_%j-o4D(5bsH9FGiEMXoVOPU{ zxunb`%K*0Zv0roij7T7#PetD>L@lu_ApHV1o2S^>u z)q3e}c;`f_7dI#xl7O%675!~flPaN>;0v4MjD*vdUj7v1b^dhkIpDxX)%cY^ckKjP z#OyQw5dLou@Ab-(-Vs-YHi z0NDj?j}Q#7PKE&$?cv$P%h^$C8}!@rs9prU;@WEKpE81m6>iKNB_U(nB=HOz_Is5L zR8Jq*WaYNB+{oR=Um*GW$r`tRGcgN71MnJlU+-Si1?xP2$J@3zKuZLBK)r(@9*p6q z`33U%P~J5hTq|Ke!zbm`qluKJFx_}-Y@iZP7*DI3J6kbM^ZolUB@hwf(MRpXFTsBf zMYGTHx|dxd$&B-7s*>f+Q~HQrwE}o8=n6YW02G)`dgo%*rP{~qA1QP(tDjiKjQ6FN z`KUsW7tc(8d^<1o1pT!)YpP80dD_FUVAM0~nAf13u&$p$hxz$;pldwP0lCEQnZY8{ z7vct}SVNO>5Sjzc>Y7YCm9&lW_aw`%25MRQynu(c?{u8SzzOVwRNdQOP%Q69|G=_- zOYs!>SV43r@>S`g}sRGUN|RZM67=EE31v5vo<@X*}#C3$cpPS{xk$o?_X!m zcD4J}@WVABBfLpPUj~GRERXjLICJRVK$%G6K9|H`a>HX=(=)V%b<_%JgF?fexR%;0^ICQeGC&^ zHMx2BTn5L@l;B`V<*!Z?Cby1(DNWyJ-lMTYLoxLN`XIPW+D2-Z2QYv^T%Ba@7f8@( z1KojBFSgnRmr-o`K0n}6oABRPEUNVD!Fu;#4e(?Kzmo;N*^6izDC5F|Q-@H{^a_l~ ziNK-2Pf{4iP;ncHXZ9%!sFFtCq{8_Tgo&wRE(ZVj9yL<}xI1eI$mq@`k1NG#K@-52 z@hYvHco$vqGo1o1!`Wp~yMd53h=lgLGLP6aq@M%jHZXBbQ|P)V>MWB_*pY!!_du_p zu3TxxJ*m{>PQ7x2R$6(rkKT9}W&P*?Ksdv*_nkrodz676!@lmnKrCW{YIo7wsiQ=| zBG4)l8WB7h*;mJG?Pqk1HYS_0h+62jA%zM=hzAPCLWa*_;E+v8#=J%S{FXpG%8^;< zS9R|ddEJ{Ti&5&FIyL5J?{MrN>z7z7KwDYn_ z+LxRE4Yqj%DL&N7H2WP@odBBq3%G2<<(6pOKQAOC>Y3V_V*Hfk{sFIU4mF_Hle&~Bl=Pb_RIjrVSn8~g}Mc^%_9h^OEdP6GWooEpZJ}#Pp#JQy2T%*O#|mQ zdq9uXqI|`jUc;izl)udrY$Uv&-AG%L3aAwx0C$PNUBrei|MzWpgp&YkOa=?vtP1Y! zT)>c~5R>XFERcfg)O!)rO8pyrdl1O9TIOz=Xwz28VU*C?GN$V zXpI<*_2vYDFVbYu8Iyv6_%@o1B+`W#iI0Z|LBhmR$9@VKE&LksOMr!;O`8k zml^TS_5&-D5X;F$|!fxHAVC*8|kBl0T^0rRx#hPE^ij(NN^bFJQrq~km|D39)Y zn6I*FKcMO%6ff98uM%^6C&*}t1) zTVQVu=LH{!KHOe=J&6^5FM;fD1sv$rx?V4ru?#>*rvh!`%iS0-zUf`dXec7eIIQcW zakzf<91Sh1%7@N7y77g24AGSgM!0^by;&9NtW8H4dv`DXPX!7B&-c`U5n+hT$qWXm zVD&U&=6s5pRNA z?c z3k)xN|{g(QJtJ@o3b1AV-^nq7k+i+ZjcI&`9 z=miZD_?qbpiyjkSZO^KP4HgJiu#^mJgR5LpaH9@FsAP5B4#q>7&?r_W^B&cTgT(ZI zRSnL0)hDlLbOkzKU{!Fs4bD0st>tAv`abku`948DBu#mD9)PBo9JBia(S`HdNa_Gm ztss?TOH(JyqJMYpIWN#r*v;)NW5(S}r)S#T_eamx-@PMCDjm)Nzgt7>H_D(;8M~1D zIQBl>;eN5r1JG~Z4QpVIzFhFKVsOmQem(j5&;o2cKoY%qI)^b+N-4Hh*aIvPncGq> z{fm2(fhEX@1^NM-U_6$yFy5Y@ATr=>5y<=uB>@+DFa=8@mV3v~GHc!^&YXrVNaFOK*=@$N;u$>G>rotA{R`YCt-WM=qdn3cn>yX4xmh5OUk$RSaTsQ{FtJ^ zC%z*SzVGR)jppVqHQ_9QLmO~6UY~ffx%t@(_|n1M9MC)z8#;eGzVr<_alQDqn55=3*kC`o^uVh^*W=|F>q53W+8SGMoa5bE$2Ad$KZBa^i z2Hq}wG~v!p?ffT!4_~@izyN5#9GvNY$XyON`XzOZ<(!R81awmZDm7zWO+~!}dmP^Q zO~>{~z(|f2%5VWXW5^g#H1~NU*I-`+tf1PxU>|vX;-*_M>)QEyYn|w;gzdAgS|Si%w} zk-V^+C26nKwc8Y&*=i3F*}$Q$1IiU&mH_2Z$yL0fGZno-&!6# z(1+hG<@{_4><<0g)v%nynR#0VW0Ju~Kt&|{{({2+N^tR%cZ2S>pK@p5jh9)WF71yb zX?;H*sS9k_Fbm)^Vyjb$R9_piV#0)j;WXUJpRg zy@E`rgS8f?nmS7nntz^)>J5J&VBw|iV*)Vsd<01@=nOJ@3jjTn{1XG4nbm|Z_+9kT zjhP^J%u`a07m#TnS-*1-KULY{Io&)%etMkB7j}6gm;w_SpcKKtQSa$id-#~r7v_uB zfP&+ANZpcXLyTkD@`4LUKd5A94LMDB&15D^*)nxEjNH~UrZj12NI^^0Y|#e2y$^LrP#8oEL2V7<*Mlh;h4MP zHa|L`kzgpJkT3hOsvSJ0=WE|b+eF(-T+y%PPln5z40EzTKaGqE&CO?Xk2|In^)RR- zhbO}WHl5Jzj14Ffk^Aw^A1q@abB zqg({q)TmIWZ{aI_#iH3M9CN!-&=96uqT@$S-B(BD(klO?rh?zdk-VhX4a z^EQkB^oUfG4w_dNJR(_gJwF40?%kauMV2X06okkxwIEN1%fTHCX6{vy{fIfx> z|8?beOZRUz$B*4u%F}HX5L6yWXuf*z`dF=^X#81v0x~*=-T6r=`rfCmTotZvCb`?4 zD)W~yQT52ypXtxoS^~bDlcpTlda$YGSk2wue36$bXl)FPWjMVs$JBU&w}K`T_gQ&2 zmLy8f@#FF>hO0{i1ZDix_dxl-?A2&33+B0a<^hsck1x$z_28^)T-_gDLC@RAOCR8W zGE&h)gqI0=$+*{{B-NNt$eC9b+K_cZYfW6%C&y-#*_xvPa2rn;f~WWAGiQ|8eK)uQ zj#(f*NZ*ow?$upVP!6=H%Uu~_9lEV2*k7xBb|z5Pkd{HjNaIBi4t6)?rT8&;dbX|} zornjxgwOOL0HTCS?^R@$z|4}HJ`Jc(v89z_ZJe_vD5&Nn8Z5?FG>m0h*g;mA76FS~ z>Xi2m6FOzeq)9pP?eUcWkPjbo_W`NP*&Eo1DR0*lz>_5cS|VuafsI}h2R<}q`6$=I z?!Cmns+1m}57{@0bk{|HD%AqA7HqJ=DZqkW>zI_B=}zmPR$NXl#P<&W0tA~Bqr!Kj zL&KT45~88OjN*4r4=ktxSUYqV+PepMq)@s)B*p9T(3|{aEO2&zEk1s&(v7NP8#1n7 zzj~{D45UCtOomYPX5fJ2EVl>mU?vT3SySf+CRI@5z8>9UTxCi|jOViTv4$M>(C*7+ z1nKg|D=0v#fR3!=@y}9tgEyP*>?nsWK9`Q~G`L1QnEHW1h4W3{M|Xc6)jQ;<0q7Gb z6AK#hU-x(!!<5`>jkLZ>`ghLqRFsIDk`%-pUT>qyv2Gpzsm=SQK-O4F%;A20t$f zFm%gtm#xi7uBrDc&TaQzB;dzPgJE$qJ<5ApY{y1Vf$IUUEM}xkteLs)bf&nc0tkQ5 zF3_-r(D`H(df`}$|62XeyzL83iEyyYzqQ~ybB_h}yLJF*EqEir0lp5eV6u%u>O_2rln7s`Za*0A-Bh1BT^B?w{>@>#rm^6SR~Aj8AQYrOnxly zdlYfptCzp0{7pNM+&xSkuXp1 z_f)*2A0mG>htD(VP!4bT0eZJ1=<`~bA84?De9^kl`*sdzS>Y_+N$WxD0T=^|Jh@Pc zKNT^!5%q)t3W?JTRlf{0w^>l-Uw_fFcvxaO=$ZS3vRIa7(OWcg+;}jUzd|XbC^1Ok zdHvD~P_%oIl933o5b}<>p&ydnX8(r)S@K6pY?{EXguiq^-4Z15rIBUte$cq;f7F)} z0=jZO=$E&`oR%~Z9C_i2LCc2hx)i(`?2mFWPXi@JKM->}{56_vTr6yB_Q{q;vcbV} za(#qJd=G)Oj7cIj1topUCF+K_`Z>n&cx!>IxgCroezi$*zJ?C23(QZcG0W;poR4WS zhtFN8eXR|wL3~#VePex36P(-DA^@`vwuEZ`-Pv!1;xm{PIV7qdB0UVcp>I#xIC&rx<`wGl7A9(kIiel7TtLs&2Ps8rK0tNm9I)&3EkJi*I*M zLAQVT_L-vnf&l-@cJ?|~8qm^&SGHJ^Och^vN|0C3Rsl_-i05s6|DjA;+lxd5037e8 zFO(fo|4D*`#=MKA2T{w8P=|=I=LKC&766n9(dT}$JXIRRX#2T*PYX4so>AgeJgvX( zl*?y7Oew@6jj02UnxV;XoL{eBM4(B1sd#?41tlWNAShU%Fd)dA|IlxQ60HZM&OT#I zKV(8L{RNM}MuCLsT7cDt8XjoMzAjn&td%4gfWv%?g^qg<>$lI)B>W65WSy5q6C~Jy z+|$PrySx`y3}`%)v-}#+s~iDi|HEFR#Q(gkSQtQ3KY>UGiwb~Y?k!sg+s=EFysywV z^QX=~Me_v@DWJn!4)>ZQlMUDpXl=O~vEb_wKMNM}x`Vk8`@ii&Z6tjMSw3{YmN@O? zw^HHNXkIGl+&;eC_V6UEek0q5w32$&Iz+Mdud%y@s7-Mxf|MStCYs02gOgYhPTt#|r11T;f5Gz3D!qalioY2>$tSN>HJ{2d4 z%di8WAYg<2SfIP%3}|LZ{g*cY;Y!QK7q*V8XD_cDQgx^Uf|2Q0ljMp4GnwqYrE(ulaJaY48XWdR38lQNGP^IN)Y-IiQj_lm?(b*z~jk8tK;W1eXwX)qv$HHpqKF~!!Ezj$sN#$bO{@09920hPrlWGK%{CAgl zbsIh`hNuwVJ6cRCJ_3-j%8D;Qw5V%sAxJ%l(nZt5PC&Du*FZp$uZHJSmR>IfEQ7&d z_*wPgiDWz~ljp6$2nr3QjG3QcfoTqZ0$$G}=>2`ppj_jp1(*9@wl7?o2UW)7Ueu>9 zs#Xj{W?y<5VXqrrqe_Wukpl8NvdXsA2?^VK~cG*p(Qz zv4t}?h!P+r6CO++;n1L6Y@r`m{yVf=oyY@eRTm~B&qHdiB<|lf;)i6AwcC;LBgmtP zE>w8+w`eAaL9|XId8ZCNCGcB}y>KwVBpg8Eeh#!Yr{q37>4A?&PWB+!gO8ALiX15J zj&dI)&})Vd!kz$pL=)2;z?#4T6m|m~-Q->wLh03d7xl!)!h>riR}diJ&@n$kGs?dqFE?Os^bP4W!m^9 zBryBRx8k{OQ*}Fuk-#Y4u}|jm^$2qLm&a_wS9%#AkiPLijB>@3dVYYeCt-f~*#|?< zMF;!#gX%veaLvh9l@IBapAxPh&8{J+0sTH z6ie|M)U@NNq+Vk3BpXF#eDWo$!Ar)pr{esAAcD_YMt^QjZ3N>{tLlm-{&)*WNBauS2HM7oy8QEMhry|EwIrNziw>10N~NDvK#TDoh3x3-DW^4p2Oppm3^ z8pj5WbRS{I+eeMiHsq$L4eHPE5Z?l{ANirjfaia`^Mmo(^oW!+8}%!$H|v{9JS(=V z#(BJzrS&fZ9^F5Z&aBHZHj2W32_d))VhSQ6hTI{>AZCeQ-&^%s{q^G~xjo%FgrnKXFIpR6a51V0c;izgNB3#xX747&PT(wujc^NT_1-$uu^nKRnN$D?+ zCCE0DtyA>@{BhqMVDlw&d5N+R8JQ=kFU_CMPggU(>9U(U<)PDikAi8QeeMgZBoJKj zww~>;WwS>L(o>Qw55(nBYwGqfHcSt5+V}JXsa`HUeTnF^_vxY)ziVAC2mrJ6>A>lz zuP{y~t9jb@nD~7AJETA{iwJj7AV0y8=uWtdc`L{brn4J&1UXXsAUNQ$pOZ@;wk;y?W;9@N%F{B&P7C(u(xY1#60)73}v1@Oqe(3?kx{@*WM0v znuF+>{1xawMTYaNfX(s?`(s4=*4OG0pekKD7nU-N)dUU8qkU|LRsRCn92kXv9BzBZ z2a^sm!2j>TcAa@|d~Go<+JXZC=fnkQ^$MS>DBft)=e-f{rH=Vh90RNJL!_FcWV^$W z+q8W*T(MZhI&`CNgz%s{KN*5^#hcok`9Ik~&^$rlUAEzEr@e_C>Tv33UV}eMz9B&6 z5HFKXlYa*(?(CXJ6<4FgoATr7^x3RReX8Wz@k;Q=IO`LFhmxmUixQGxau!nhyjQ>{ znBvF4C8!lz^g8RkrC8W@>z}kCoW{r7MEUF_??174eGR?-dTI6#jF(_OAFCYG-1U(Z z)d(saO@i%Sbv8XtKa?-~5zhRO1VV%r zUJr60f4M&$Z(gz3ZPs1(?(tk|Z7`|8bDr(Dl4+#4fp4LTbfvJ*12lHu12=*)>?y4@ z0FT`Bw3S#V*6cMIqsi1HKv1__`N-7rf_}>NLX{Uhb%#^VfZiY2oh<7 zLj^9z(|&`meeClw^`ZNhovQn;6ctQC)rp9v#=a z*QbjkaU4o@q+*1bYqtgWUtXaxfCBl`62EzTP)F%*&H8FLWO4yz z&c1D!#>WzMmYl!u$QrV5*W`h824|%$=MXhVTz6vq9zfuP+qhRNp!O~GEFt2?!~Om) zOo7u+K0GpT>rP+)Fd8)R<1w}p2%J%GWfN_S_J5jwAnK3wQ%vqy zKVMAr3+1$ZPe)UtGRk7_~$!s!h7=1eqg6`n^3TESSF~BS2eVTM~asiJE>3{q5HC`=X<7!ZU zXAx0sn1G{drE=vl&oroNz^J^uPKrX9xcT;A?loylBfhC!KA*(`;2=A1t={RUzyzxo z2He~(c&Ozbo`31?1=(JIdULk#DyMM-W^VWJ4(|gJMrpXcNv6iqBedgXW7BN)x%iIA z*ZqRri_MtNkM5vsWlBW+k)IMqThr=y-;bl;t-lg5vA<=LPS+%=gFY=PA=KJEE?@jgnjpQW3%O`W7jT_Q6yD4}+NWP{#DA+>5=$=rHFAwRSAQkX>0XZya`UiO2^}Erpi&`{COrf@8(wsn<8?wsP>%gG#P6M`YEj ztm=C{xxXp*iVt$fVou16Lxm3^ zD0(B=ItrDp|K;sqWX+pF@Kdt>xgCyHNu1E@em$kz`oiz;eG6hu=$Upsd4{ojil3rIbsS#ZB;#jez8{{*PR;l%7Ggm@zP%Tq0C1SSS?;w$IA?H-ikggX0LkgG8L z2sAAa zWcLuL=CVS5rz8H*tQo?l6koTwvmKIvPz)mRE2~Oy{=YE%LYN-mIkqWK8#=sI6ZDc+C& z?`-v_n)C(=^7_K+ZrDA^Mn{)PfG=P!W|U5*KW{o4m_GdWj3i_aFb;1awbyHCb8yMm z`fM}83R=!dt2ud=NWKd#&vl;DjZ&DZPBxEf_fg}#5p*Q&jpjo zb1k?z-${H|EaLCg{Jhuk!GBOQ$bBQG)#LSpWyQP=%N8>ewm=2~ zwK{mS5~;CV3Z7)UUiR0*@4HOn8}1=5a?DSktTCM`IBs4wf^XfP!{cyRp3R_bO!t1P zfk>LRPMt`-l-&_@8b&&fxdQC{IDvD5EN87b*h0?)*a*nTrhvm<3!_VSQO-azgmt%< z#M1-huY-^9WLWwYdqTLW1qFwMv3}F0n31P*D|N~sz3Rw+eSAY?Sg@p?2MI-*j62xg z5~gv#i0rKm0h~JrmnB}@iAO*$wQV|c2D1ydQ^I3^?MSiVusUtXnsB#tMvfC=79)2*;Uwxv zABtKT@%08uwMi}Q$IwHQ|7qCKh>D;u)^L8j1||d@j@&D+i*vbMPNhEKY)(>5a44*q zZ16Cd^&b7PTLuK*H@Z1~EGWwF6Z!$>YDwMeDLM@`ejBR#1fR!4R~f$H4#!)#(HNb0WWrj=oA5b2ysvp z_c41COyq0#NYUVD8^YjgwLHlTm^{G~yhHjnV%N&ts|sM&(@jwD9uP*r%T!#GWMW3p zClR{;ENk_q8moM@DCPnuJJh4>W8b~~rPo-5`^9kKc3yX0&B45(*hBW(#Y4m`s%?dp z5_8WJ12WScQ&Kt@XvAL%gWXH25D%Hi+M|HEDdln6KEHjt++s|zY}qbek-y#giR^4h z|MT1+nEKkt+ry2Y9*0lw{xI-)09zw&`xp8GP7qlm=HTJtco|7(% zx@%&wH|Y8bekf7=b@$+ElHD&n675lB{Es9|N5YEC3A3JjZ>K)sY`w*Y&AcQU8Q<^i z(!UQ&WgGh*zUDUMF2X}%KW-pgk4AFH?oMpHKDS5x=+5U4;Eq2)QN7RQt4~_WEk^y8 z7NY*c-I}LPl+?rJJ`gE_NZ0M%%y-Ja_YY(?9Sw5n9lr~k@H(cwlzVej5=b2|Sm){E zO1xqY^9^wt%G|@RDvyNHDgU@bVC@+%jjkz@%lRk33>AH#Zzn1}WT#;XVR&Lgzv zY`^q#%~?rJ&SOx*iJ7!rP!e@u(Q2M)DO8Nf?D6br45#!=c#}&g^%rqf6Wswv+}CGE z-)y`Q+Qqd)Ox8ZiPt}9+LP+Hbk{*a~DAaspOYiNlKFk%A?g{b2wJOuZ<0dQ|8T78} zd+&ZfuX5+B^^`OV%Q1nR)r$w9xU+Y9eSX<<7)l!ut~fgOo4)R3zL~1=K1vb_4Nt2m z7%=gJH+GnNHLa!B{W>u>-%`DNZfA}pMaGSpvvoSq`C&9+|ENSvZdb#vCgAq~@~BzO zQy~^VgqPbB8jz{|-tWxiw*@p3d<0XPJVZ`uwzhCscM+N)h5OZ3I30FihJazgIPXtx zKdPl;cG@Be@NihXyrNy0~rpB|xQ7FsJQWJLla z*`gdEmSmo7tf^8MS$E11%0QA6|O0NnVCP5Y+eNep;-L3uzxd+-_* zZ4wv+3+%2bIfFWUQaj#S+*>VZwtfw+6Tjkwr3}eviD9s^=dK$64+HJl9&^V-uCY}FLBrg zPbyvHf#RcPv)056<>2W>^xUVeU1@wP zwIDylRRZ1%LXaXn<2lR1(1afsksJFie~6HzR!aH(C7xm=kNNwR57noT$KtrQYI~@B zwpImEiFGrJn<1ee>-8N`uM|HMBJ?YxR1 zgZ#wF*5f;vSpMZXKv4Gah8FDPxU460;*8O!#Ur3@UtfngrR=Ul8Ve|OwD{{3zcWv* zl)OP2w)NR{YF2WL6Lt1fkP8qlw$C_aE`EuuNH*IrU49JUbAm-{H`hc(1blsZofqlu z7_c5Ef_+4kDb3fLF+6_xb@)1OnA{WX`QV?AN9-6M61jsb)sT7gteu5bL}tQR^8?FQ zpY0Du&wJCR3eI>Ex8<}hew{PU4z>`4=w1FT5-=AXg)+*<4#gjG+Ly5;mF|g;Ll_Tt zx^-oHkEF3qZky<8>$rD>k9%^urNhl^ue!X4XAzDByF# zwf5z;yF@BpiXefxSeJf#}JS{vO$GP*x{FoZFQ1MbD&Q4;Dx3siSleM*4-qz1= zG-_Euk@yUC&zwCoaB21p_N+2qWQkl*3}pK3D%dvT&k{*=>QLKlK6KFhJ=Sj>WZKV^ zxq7kfeMR{Tb1;K!xX`S9+*?2K&-q?w8%$p0KlHBp_F~46E}p)^!;haM2+mfCD2rsm7#9JTRwwA`^XoYSygaqP+?3z+T; zEO|fQf2l7IX#x2iw1xN=c{w@5RDpYmfaYIj+Z)X zDs_JR655R4T%Y&fA-Co-J_F$&OX!M@&#ZfV9rpe~snZhQt%c5xaF1!~(MZ>P5`3V( zgEA=sgQlK(j73kcuYa7*^XS=PknJbn^d_21@H$hb)wq41Jbu^j?Uzjv+c#fG4Cgad z5u12A-)_1&0B{~OM10Hg`r@J>0ta+&NMbZ~CT_=*CGNYj>QvLRb8Yg&0`($rRPWp8 zCL%b7_syP5J@#Ecz3uRHasv!Iaj9DI84Yo2GEm4ODt)iZ-^GALXDasrFf8|@e2Me- z<^=YT2d}-2ujrQVM=FxeYvb{_*3y_7MDEzH?Q~}M5Bjkv&95Yfm*rq@CC6|6Jea}p z8^h@?%<}K0ljsLrg^)BBg;+=vrFQt8J_o<94afxVT&`g+^doeh3ZFmZXqmUCJ~xp2 z$ct{{a@XH@ASXkr4t}$9KW+6=<@C|pOHHS<)%ezVADV;=K$t$tX_arAwwzB`!B}ss z`OTuLa>6e0hULB{VZx1GLq(grmhG?!k5ZuqE@9tsufx_L-@K8%m7sHd_+uzAlM#S% zoRZ&6_C|!euD_=NA))a6R_wm*4i-79^yAfod@?_7^OrA8{m7CL2);u?IM}>CiXW#D zT!RQX>Y<=9c+{-b#qWyll$dPwCE)MkjMsVofzGloP_c~Gh5N9hODlyMq&N7^!Fj#w9f(?3#0byqd3BXGds9UZJ=i}@#yZF2_F>i$D+)knF1~M z_z5~1MH%bV0Sk~sivhvuUF!3dnaJB)5eZ^TNF_QV^>hoOH)jCtRye^~-H&%p+U~nx zR%oHxoR4s6;WZ|C$sUfu`Tcvostt}>am6h>0C@H(C$hHqBPW1m_I*3S1HOyVDuE%( z;=}nuj*ie=ze$}Xm;!&Zpd2_qZX2aG(l~is{@@=N&*N_DP!)qGKRb^RPw$7=`z-j$ zVs3OIX85d@QOG`G~a)1N$)57^wKb^=Fl`qX!Lh-1uK zPyJpZ*sAsyof@nqu88F3XlJhre(=4u$3h5Q40`eJ)Gj*|RjlArkw>>y5)8^(n8^U% z!a_UJ^%>$)0>6BJKzl=Hwby>(J$R+cr`G17qmtshvj)Z|tn3?EM$)XhT-1G|QT8|K zD))#h*|+G7HK>r&=E-jNGA@1eg#57tc)77E2aa9b=`$xizuYcJ6y)b|f4O$zBkPRAXK~EJecRsK zQN~30j9}^Ek|o2oBg@jZ3QR> zL&C;s^iCb3rp&XU>dzP8&RpSQvgoiG%b%Z{!F7h+v{j?CR_~|5e$mX@`*IEY3jp_f zjY{szA-+95N(P@~1!%X$)Knln0kSV*VzspB>h@QSL*j!uoEJad8i&N=lkTnaMMB^N5Pzf{M;A|v5 z44}ac-RVhBxPl0|n4@yW7ssm$X!=FAn+yozUX(r%<(+=t>hMt_N4M&I#3yL`qd5Cx zmm4O&c|)F-$j6nFea53(dlL=c zHh7G}7QTx?2;{kSU(!1Qf7Ku+gPT{-TEJjmitoJs#9l$m9 zFWHOwyVJj35IK3^(jV~+!~g9|JjsvLRpJ>FU$e3oiaV|WKmLn7zBWe)@DEF8>`$Fw zj_BmSnEL?l+O1gmlf|X%bl#V!*Zw&+^$YTrCsabH%VhbgCi$I5eAV{8$1?y{`;P8; zEKC+W!2C$|(AtPvB0`4(t8f3LCNKcza^JMNiXHqrh@j)C|@BW!J&a6%MIJJV+A2k_{P42jbnh$S%uh*)7fj? z5-lFu+-ht`$(#*7vT`W5)|pa)I6VanfZauCAP9B^a%ny1nrKleVg$OlodcF65)aY(f$ZKNsp zYrWnt&QaJm=zYwuszlSz`+h`R?qr2b*UMXN={5KB=)FIn z&VR9Chv!2%Vk`z$)%;u$2+T2qHD&zasi}l!50Wn>S0P2vn6Pa3W;7a?#LWmrFxG81}q;$yRH0l|EQ=QG4KaWIfyZm3R{*JPCh*- zwxbh2n9wH06Cskv#Q zow%@dXx1mH&dwT*DXPHL;>GLreg~giS=+saIXvcbhj-{lv^64q=Y7}6Gy5^DGU3l( zpkg`cD+{JKQsR=UB;7rOAn&&jlh5bbc1(G?)sgZdhxfro{1z%pIYeKiq22(hrcWM$ z5t>yjWBgvgx?1*`0ByvJ5|dnWzGjTcP$#tTf4ywef{h@0R+xkKJQS`a*jwR-pAhtT zQNc5^O9M|##tbaYaNDF$x>$W5p7HZ@1rWahxO-Qp3hhR@I&6m&pHTbaBv8s zdB>8&6Yq%1C&hj!)RM1Z_iokjX_Qh4cpP;B&}s2r0s&&+r;bv#Mmj@`z~^Zsnuf zzfgIUnt;-f@yPvd8e%&4r+7W!0xAISq29=cqQ$c7GXsBoZe&Jp*5_G|kJ)fi6jj~6 zY(591!iDpR@j1J=pI;a(2-Wx4Y`^S^fhKGFmlPXp1avU6MXpRWkMcvY^3s$luX3#X z>v&Xr+ST&M3L}zcjzaT38m9o!^~~=WB5mxIKMvSc8@~|GEZwhO$?40erFy#7Hf7$( z*v;!>wt@wli)oZ7(@4O$hZ-A2PR$=ih}_Et^PdWpICciAcK^u%EY72~e{eX;^~dU^ zx9>zjR`NMqK{(V4!VsdQ0*=LGzDRmPYATnCpwS98Ot|j0H1S}kSwGxa)S%G&J^L^` zmtPHL_9fcbkC4Ta;=a}?!h(s1Q6dJZd+-r*R!f}=+}e@J-v4@<1bnNFs~W|Bot1ri zuQODqyuINqS1adGS3Qj4bFdT;W_=NlqY|Y8CmRDrn7=gtQQ@>t}^Z8q8M}|T6nmo7~SlH7h!W=q=C-0|S z_DKsA1-K)8kyBN-a>N-OP;%K9$}&z3(zwS-e@548j$y%el=T*0hN{(o`@9c-ihy2q zJ-a{Z9J^td?UAt=&fYT;noZsUNvM|Mbi9A@0AVvENF{)5e+ZlaAR6$kFR&LMQ8W6E z^L!ch!x6#`T9cBm#oO!6es0PKujoM*QkPwLi-D_6=?0@#vLs)pTs51XZDMd#s@0~Yhg9&!{Mtu*c(d7yDHW$fvb&R;J;>gYV`pr8n|d< zyg#Cwk^bU_$5?9E-}aL^EI)x<$S82KeS`3>&2k!*3hI3k!2<;*Ug|e{90Q)xtEdz) zN!CW*K}cH-GyaGT#$w99DXbDf^ zzPuCW@^XQ@{>z`9Hkd5Es#5#?m8-M<_;s#MTyOu>pU;*>YzhGigd*;b*R>Vyz=juHEF| z`Mi-`S37}P+8FD*w;m-@9VK(KZ;#hz{>=2i2~`w=I+v^VTc`aLNFf*O}&DWXA(dwEXAUIi$R5A`6XMdn{j zO1K+yNZ+p^kb;@rPu(Zk%b}%O(zR2xY-adediVIXLmoQAIl))>^LE>c^e5+$GU?@Y zLVNfx8hQ}|@;ipdY1k;m|Dy#D4M@QgY+y|QIA^cr>=k;$j~wd--%$|wG}&`ZFG^%P z1kMKYcPd)ZOL8>SJ(gCM8wg-P&{~|p8OwncTH0@#RyxbM88ZaoCLjWNI2>jAVzdRY zAvE%-&WG0mk}^?zfP!?&BFqW)U9ic6_^LY4ISQ^5@+SvJ0Tk^SKBo~bC&!jnx)|Ye z;EeMs;vEx|kt3!fkk-t-w!2K6-eT-4#>sScqNIF^j2rnxe=0!$5xF?4l-AyfQHW|k z6%WHpZP^bOtS#VXE>e`)(^8qR#-F;?K|sQpeQaZ`p2KyVWiPQ`WUauqLw}L#WY9wM zDt@PH-f~2q)-+J+S{^h$jX84MAm+Ckzzmw?`!(eF7PS0wMM^$>lQtp_a0 zO>7*-q4u_}i|yP_7^ndB54#+~H)4~kTB322^}(-w*CVGw>E4Cy`z91v2~D;<2uQCK zb?^SNuciF4=$q!WIu3Rw6PDBG?HJElI&>r$1RpXw0G>Nvh7WV(A4`IcFWv^SG#G4O ze&V^(Z|k;K9oS(w9xtyZ6JPIv7T{a)gSu$vH}C&isy6QrWHsy`Nm!np%fp9sS^MtW zf*6V9+kKS~EQTN@H95$a50`t3`rh}j7bc7*o?x>```l-m}*i{gHY@Aa9}3qT-dsp<2Ed+g73(%$_btBoikP^8LUFsn+7 z7#_3^fX#g=rQy&5dUv6YQMcs#3l8oMRwtbD59xM3?pNaz-wcfSUUjG6Q=0{(;XZ+2KJ#O*VGi@N|4wDTIGji~eJo}B%So(Arx)FgYex=D=2|BtQOiaNL7*GM za%!IEPq1x{L);-4Y5d}P9rv^KruIm%DE${ToiVtd(8)^o_Wkv_@7c>}TuhU9Vpr*Y z3D)pBXZtv%CBmv3S1^_8qzh7qJee-WM!_@?(z&m*Kgfg;B7-BxKg#sY`=$3Ij@~9| zUOfK`OJw|#O$dZDe?=BAs8o2Y4I2|V>%oP%b?w1Q=9^=)k4d?|qo;8bS|}ba-j$B0 zyUigypiB1KYZt%j=BlUCHaWvFSOS!CFP>bZUMePSW<}g~rz3StkZlslzQj;A9*frC zZR)=LQ#Ou0VLX64V@*}~6dO)&S5v0mp59u0>U5kQ0^OGNULpyNmdD@y~`PW#R&2_w7Goc{G<>iZdfwYMDGCA2|-*zLFJUe(0 zy?v&^)$5TFPDr2Vfjk-MbdB08QhlzZe(#)^S%GfSi`4GV|^X zrBE6-4Y?vG%&|*sy?)vRKgXriTRokY+;mv?gX#77 zVqi~FH=NivY%uqe+NP}gqYDRG?x91^1Alox#x$miD(aHUhkg`C{#H!5<=3r1C@jr) zap8SdpTBW*T)TT!e75~F>H%5T5joQx&H>a1lPC8%$L>Q(lV%w)sO9`;6aYd+ zKoE&c^`#Sdbs!iYpoM0_}d#gJk3{5;=7%x5CpW(iyH9~iR7%=iKed4}8&8iK> zgGLUjMNyJ~agKii*2ge#>!N88P3GP}1L^u=Xv(%`}WCdRhNG!Ntq zh2KtqzB0siN$%;>W*?g}DJ^3@yM++H&)EkxvR7#(@aiED1*}tH8wN zWIGRER!}xy=B~6Tq=XQmdx@~okuZkUqn3Y;)=u&rojdc`H4}_EH2p0hp(KD7N-YOmtKV1>GG_P`tBhG()2ne3 z?khn5xhvoY-qvKR)@6Tt#ZLdVq#Vhs{4x<>Hs6?bfdXPDU1`=9Z^4vj z7>#K1Y50m`bJ8716)YU5@~^NC!=+MveZ>2GS^4F-Rks>c{^0GG@Y!#D zr1DmPMV^_K4p{XG6~Zi>=Rsq>fQ@?QITXK+O}{wX{NRm7gS0SPB=Aa)H{YOc-WP`PCFk7w z$U2}@UbJU2o9ekkMp1JN!xf@+oEx3zw~KcwoN-y0e)iw*1`u_rqdF#ft?*og8xXw| zl`TPxd@c8cZ8K28#jg=taI=g4<4Er{MfoLbWO5w}=)$hWw{jb=oNFV>?$5n-0Frmj zxvVRa^pgT62{Vw<@?&^8$L%03{zU~@X5Mn$ z5k=t9lqbCyOb~?|n(y0}#S}t+o(WhXBLsl0$jqUDAKfQ^7V(U@ z6fkqTI8>%7kR3xcNU&bf84c*tk2ZILGKFHGc8zg&X?X^YqEuV|LSmo#h!mZ1slNZn zL?|%w~$_zV|Q(}?;!13nXepZE4}AP=BS z7L$9sK-w64U@JNiceOpV9zeN%p8OXmJF0I4PeE&&8n;Go-_$kkU?fD?JSzV98+d*D zC8+a2-n%hPSjctu=XWRG(h!jZSM7(g6@gb%@yD~!y*K|ULcR1v%GO{|eud2mMw5mB$<{Y;$q~#W$z#2c%lO# zHpWn515;H3HliSv!g0&sj`h7X9$B{sgM)PgQL0Y{cJ+CZYu0PM!2>>l!=>O;$;yCD zgxeQeL5_CG^Ps&Dd+>{B!z|WMa^dN8tiVjjQfQg@?BHQ7gm`x7WIamua_3O3`^W7a z4n|jHHDkRCGN?XP#T+?=2|>bDNonQF?hQy-{he?SF2fKqgNA-Jq~kF&OhuyhqLxn$ z@!ozBy;EmvY4%$->%6f>J-t8XkXz?bS|}H^*`aoD*^lfKhe#3ITSXF`SlyT-HqRJ{8rHR$~vCVxyw_g%=5#Mv^f!jYkDOD9w`ODrLE`J@R7 zaSzxs+V0zS{zME4mzz8V`_ccvf5{-80;0fYA;Sm1iL(X4K=euIV{!2W?s|Hw0zpF4 z4X48O^?q`XG|jcWroE<4?RIa%3xdil?rF=R?zdV|OyLOFIwVHA-GzT^(pSj&w%7}1 zDLkEJzgRKpI7z=An2YaH_SX5X1~`*XNK-%EACH&zy;j?E^l<2|NIcXb<@aPB05#p6 zq#uW!flwvmxpg%Owkq`jgD-`&iu3UyImwa+%7a#aRaW$h07bvX3jlfuRl$cJZ)k2x zlD&Q02gsb(>qywI)4^gdW5_HI*6dJOU(@?}k-D#qYA=-wv8Mina@e zjE!Ay-QreDQZY89sQSyR%g;ckFC3FFCT-!32{xn<@oRilxeAF7;wm;}9MWu>mKay1 zT2!|g_)?HiY}tmG(NKnlR3VK{XNSzxE@>b_%UMZ){QJs!@zpVArRd@)D(0b@tDM?} z^D!_E#$q4h@1&mU-+n+YhOWJC}2M4Ba1$H(;zlhe^YpaK4Qo zbzz*4WR3+LTOfQtr=`1U6)fm5frHBXqi{kf9NyO{UY>S4&RX6}1!yMma=lykP^|Zn zJT6%pHoKSmec&(Mm(QWJ0;X{}YKru@WU=Vou=varXQ}a9e?)0c!n;{_kGt6D9)zh4 z(;t-YSoiYr3)m7@>-t$Q<2<&nb8s?=pST~lRoCd4?Q32)=#s@E!tV#X%cS1S6)Wy| zfXAbFM)lPy3K7I+>-#(rOKY5)Uv8Rnfvb|u@tInh*K+AudM74zW4)JAIM@$wQw<# zC^R$jnQ4L5(kkJmFJfPMa)db?U}?ev(pUK(aOecvaITT#H@3 zb9(73qLgk(155lFQF7r?=^WPGm!U1zJCqUnv9%Q^=4ASCNuLNvJzkzzQX#Tzn)r!y z`4(f%^XY=#lZmX>>_f}@LAYNE>(~>^VKy|H$K}I26Hnkv2cqAPYZs3Ykln%%NEh@F zJ#ab}SDO9U+6PK&y3)ARrQ&nDJPwq|A^>a}eCaAgIW+NK?aWQ&=Y}+`ddQxZvG3;h z<@M-TQ6E{DW~?tLUhz?*YUEKFKuJmH9}i%1>fSUd`8fDLeJ=HMMgk^}fSQGeg?(btQ@X!KP7e2^b}c;Io}USm z=PLW%vW4?jMtDv4@nXFBO5HEsO0yqV+YS(sWwxyN_Kwd^=3t)adU@GAsWnI#Z%@GZ zBW^44KyP_2OXDLP6}Pj!h{kAnKW6YRh?5nk@B=SfR314LAvjLI0^6Ky#12fJ`zNB% zVsuOwe;8LrF=BkOemPNLO|kpi|5~_*b2|ic)p_39`Q4=j)eAdm`xo}=)`w6rp4I63 z+n?_8Ch_-!Au*xn_N%g);BfCVg(ObjOX72vIc}azd%&$m>`}bk1&9sdC@c@CDikPD z_Fkd-JiYBNlmSV=@jcz8(!6>Px;fM&(YRhFvFCRMcT`S+?hvi zAA1OqJ-{#qP=T#{lJpp4V6TGhO2nmH#NsdW*V}DmI2LYlNPTV!nH{f>C4PZC=2+O= z3vT%u4hMAg5Zy}Y{2;>l=8Dru*)sJSV%mOXRgpe}U|BGde!|ju-1i7|v3D4Rn_ZPg zMjosu9I^N|h1*q--@MUB?uoBl1{U`@-#JHnIGsJA!c17W7HL#4Ofg^YK z%)Z9Xn6~#@ooZ&2fnIUl!ql;473QQ@uC|{u_e;K-;dJY;*N`4ZeC*fV$>fwjKQIe& zZVsMOagh*_c-5sBksQ+-F*Mj6@1QKX&Gg`KOi7gB%ehhSR}00P6f->kC#rV7CX`*4 z7s}Qxcf*BTGk8YK&L4AUeKb)rQtn3#hCZm=FZG$mYP0)Mm z%DqD<=&)34>aZ?kdQ@HvVuGzi$h`Cq5h}?kR3u|;#P>JL`ap9Q1UlbOkYin+CvZ24 zKYGWjc@!`>6=o=5101FDFD?7bp&s*Tp=*Yewkl?Qft?m)3NF-%t*eL|<7*!7B?j{6 zt=wc_nvdPSB&|RlK8QP^nlHxl4XE?kxBCgi7M;n{e&;oGuKWMb7qMk%gIEr8#za{f zA#Oy@82H#2a<68O7)o)|zPc&)-Ym?hHM*WG=4HcCT$AoonPZDa&c;qXTfXSPb^Q>q zh`B$W!#qWRdrR(TbL{>8G z%kd3~!t8>Fi07|SJg^859qg9nDBi>ZAoNS0w$eV)cyMYDc}j_(^V3Gv61orF5AInI z71{Yg54O?T@iD}8qC1oDli!RNu01lL+zt3Pw)^kQ2|otzwc%S*`&CH{@Z*CYPsbfT z_w()m0e_GtnvcmkNYB4cMRRc11Lc+QgD2elAaBb@8xOpH-_Kra!?3PVbtlvP<+Wcp zc3rU$_=#v%DZAPOzV)(*-wWf{bjc?Gq2C#LI264d4%`0uBpK=BSbnj1Om@5}0%u22MH4zJFd9agxEqoxgYCmn+GpWp%S%0^n zh;z&S`~2&+r=dd&Ljm^8k!*q`S02Aui3KPNWOjd(@aM2!7Vu}^EfsIXs5@6GH1?0I z7>UI47lFLqB>m3jrn8Q5GHWk~MmJ3{fPjfk<5b({>Og!7JqfNthhX~Uir%@(mn3{A zh<4hpmh(IEa6uq}3f_Woc{fWhtCz!%q_byz`Qou)Mb6%k%>j`>ZP=&bb?z4^|INSM zT*#BBM{w`oU85Q!Ks1a7MgsHy!#J9x=X`f!Iy=BRe{$`$-bF znD{b4tm5JTPTAj66k3_V;3gfFFY4}EO2%6PkXTBQnES@ZvEf+aPagNS-dR`Cn zF}Z#ts7`Vhpwt_R?NoHpGtgPlo=mNhnd%ka#21dwhTo5|O}bDfS`4drGwrB2eijMm zO>JXIcn3#{V&41CqdiP*j@Abx-8D;-`=X)$zN$)})q`*VTk%?l zg$-&xqx8J`dZG$}2bR9?Crtj0KHNJ~hIBv3Go%?E@nYH(K?E$Ax=tK{eai34A|J4h zP!F&1Z*gO<+!t>*!~?`s`nBEr`L-3~GQ=DpSZZ|GuN5zgI|EktUbLs**m*$5)jhr+ zOJR*BF~)(!?zODl4sr0>u>dkF{^%?>RFZ`Ta9`tJ?Pa-1cirw`K!IO!qu3w5%{M+f z&sWtl_uaoh-uj+qM3^s&+)BBx#mw=A@F9Ad}Q#0~|Fu}sd_Ds4oCi@e#2Jwef=xPLVH5vhh?O7#r(>YC;+Ujc1^(BV$$Q7UC|yp?Po&v@v|#K!_3W zjb&2kz-EMe>`XtvKYS;OUmAx4((N^8yvw4R2xVxB0I1@ocW}3-@*#?e{-T0tdY@G) zb=1f6Z<)0*!9v1trbWy5re6MduL=_+E^E5$i@!`JgaP>-xTz&a8;FxQkOp`2r(lVb z%RhfF;7(ii^^c_U+Ex?@qUbN7Da3|~KoJ8R9F8}uS#(_LLvXCL`^ z7_uI}-Y2lLAY>RJBFySpBR7CIpia_HquEl9V{DjMycPUweMCFSeoH*d7guQaO)TO- zD=n?dnOT(z^r-hYu46@Vytzl4Gek(*nsREj#meO^*k3Dnuy78*3{A(0ai^ncVYBN( zSrqkRP|+9i>%z&!U9s)6-Z0Bwllw1LWj!uLlX+A3?#FCX*iyqWtWxjYesMmJdt+*7 zU5sR;|COF=6CggRkeh`!RMbBq;tWO&bq)%JVS2Di=wBH3c#_npjr#s{t>nY#oZH(j z{@w@DZzw(A`NEmkhGxsT`>(R59cV%4V<3g%rteql*ShX@GLVYN+{@ijZ_5u-;kvQU z<+(wIeJ*TR46U^G@ZYguSOn@HQvUQ=E@CYz&|6VBz!TBUh z$Vb6|+NDlo6)9$Ys<)#icP?i^g0)Qt`ntz5Ma_Xkb0~!j-80?>;v9cVlkH=-jh7Dr%C8)yXBW(-)+*84)z)sZpO0Ry` zA||Le2rU1u3`(lnk@#E{&>KmHHHWbNKJc+Hx8mWlG|QErQ&Z)j{llLYCs7DfW!)X* zyTrA)Cd~@&$nJTf{HeF+N+lnRE${*C8$IfiE|l`zgNX!AH~!Lx#^T$?Ti4IS;Oz_K zvW)8qc(${&T4V<*`6FpSu!si3(z^{eRpTu{*C!z9tqB}%H0)3fbjAm2i ze6Au>zhOa8U~1^XeNIFe^C`|5#fvs1^N9A8;xs9Q^e!HJ|BQdj+0>+`$9bCfWYM2h zoF%vCp6Fhy!}ynMWNZod&)_hc^Gvu`q>!tl)zJ&)KIUr|I4a-d1&^+DwD~+T#*lkU zx3d)~SEG{eU|PkT(K0Og{3(LG!!^Y#CQ9g^0_-gm5Ym_w4sWNvC+E@tH_75byODUQ za{D9LYWqdO-_$}4l;#Oop)(A3Uf+Zs!nr9|sxHZ}f4PyIJc?eA76@6O8 zc9`mO1TR;VRLSTq%6Uikh9jYL^(MTc*!zx^vqq!YM<_NLwvE`d48Ebi_nXE;gZ9Id z_c=h#@{28T3ew&@fAL#CY)Q=yV@qY@-@&*q4YKWzH!`D#mwRA;Fb;*XekG=k+}Em; zZkSxKu!yWI9pMMCyxJ{4K4sOrVWofX*QtmO-)j9rU*3QFjm)&ODqPAJY`*;XaFzgA zun=4DujX(VUh|JGx;wk1=h$i;PK^1(B!W@QF}j|f@u6G+KgUaE+ZkLyCz4aiN4EM_ z>W9B9Mz;sz;R7t>OGws-(d^*%AnOlbtj~b=Kv*_yEmU_ zQWJ|WOu}*T#1mxz!F%s+L9J2984oQO%yZGM5`EBPIJ{-zU=&s#UV2kc@*UzXo{1+0 zpQxDoV4vY}SX8p&lLc4HGMB}l+kTs#s+~tYJ6~Dj-*d{?G!*8<6IMJ8-y1c&(|qMW#;o;D?ge zd`^up=N~3T?dIePFJsvj=kY<-9SV8a$HYuNXO!(|Rh)RJfDnY5?@twpAvlEu2rW@e zt-Ki&C_Szq+?I(J-Y12Q`K&#ydiVtPk}^_BlAVib+xrk^Y^LcCk%az@V%UE!%@h1+ zluy9>Lhubpx@oMmfC^R*LrSEe1jV_1ople~wuFZpq`gtCg0_>O*;EV&|ESBk*ZCL- zDX0vm{uVXDOmW(kv<{3XR9$d`>xE~i*Qdy+XZ656-@<8Mwkj2#iVfGp%gS9|30^3v z@ln`Fo`Q8cD-WAr)>{GICZTGx-)u&IHPU>VDMq(HMekRkL<@JVzoEcxLqSP{*lS|l zJk-a88lM2J#2u&XJ z0|Z-&vwh>!u_B-7CM3r5yJsYT3+h>)^TtYUtW7ORWi>L0MMw5ry{95dwp+``O4|R6LdbLM0>D()GX7W>LJRkAt z`OdqBCWm|Qe5fzFgZ?9S=MFXN?@C$$bQ{;YTUva|j@HaHERU+lmyeMy1^0&XP2W9Qi}x(X zi!MmLL;K`VBe`6-#dptU1ZOy2*2swUU-qr^$J}gIbVg^~``4=~0XmH9{Dig|K>^{> zQ{x$9`My+W9{Hi+BuUaEEN=m4qC%bZj?XhJ;)Ag932mygoF5&jX5NP-c4VYbMg4X; z^Y{S1^sSDTb~;IWoT61&2t;HE73~WUg8W9_cV?jB75B@@YGQao9~>s506T#*x~mYl zUoKE~(lT=M52cao`fgq*IJi4KeF;@suPh2qsPKmJ)eaXxgnP~nJ$d+U7IqUH(GSIx z0~_}#jg_nV(x)wgg?wAGfB*b7BJZ|yVuoILPDnlOVA2hzsOuFBqy9488@(Vm;@SLd z6p?*Mp)Zl5Nr9c2!Ebzd=!_qx0dw^Cn=eAw_)-5>+w4&9b`5gqncJuNHSELDFKn;RjQcZ$+vRNgWLKU^!Rf0pgoM9<2-;}Qw=K(( zH@bUTJ~}?+u%MzHV+kJ$qT4TTo%8$Ke?!uha5JUVBoyzauG&YGw}+R-$e5H5(aFlj z=+R)#7OPd&q3^TA-Hj2H_4+1Rn%iA~z=t;1%r)}u^qy9ye@fiXz9YOPiIbQ6MBbFC z(_-1#{M*M}F4rd&q}C!Q@^$%Woja{pxFg$}AHd=CXtW=P?;eoB1ig!`w}@hXmz4FZ zIa*g*2EGSLp=)2LO+QRPnK-OF;x(My*n>g3ZeVP7ux4WnuGE(tyb&qEyF~g)gF*GD zGF|SigJj=d*28kzLx85^y<_FuY$Db(alMOYn4X6DTswx)V&)LRU?T~1aYIWY)621j ze_T0VS(gv?7d^T4xA_*VeMz5tti-};dgMQou&*mlkhjYuK4FG^*(fE@V33)Py#;G1 zj4Euj#Col?4;q<1MGDh8$q!%EaT(_yQ4#XRC`lv>@kFA{+nqc≀SQF zJG*nQ@9VgKaEZb6Hw4lNQ6}?PJGXrb%;T1k@u04+X$&+t51&%I^<@6|B=%uVOQ^Nt z@e`h|HfS8Q?@UVr3{=Qvcqr0Pkf7IE(au9=@C?H<(H%AUUV6xb8-)P1|CJE_7!8>d zRUT4%G!`b?xRUt~@QM1Yf0ttVSbMxN>z5q8=^q`vx#Hb(Gb$*a4u4UeSD8Rp-#3}J zFJx^wxj}J$R!T)(qE;JJMDu{Gc@CoLgT@rJ&P6u?lB?pkFqYi5OpAM4Gz^j!H9$uX z8&e!oiFC7KzvrtW2+GXi+9Q0d_w@XF69tM>*yIsrx8&KNMKBr;FVa2JM|KYK-~PF4 zu*c|&`&?gG0Fuojk_I+k(ZWPe+tu@SW4+p|}z zlJF$=sulal)!TDK^i^!ReetCp3)p-4(|_6XEsTC_*-`J`#(fPy+Vz7fu>{kH=W@ss zRF~KZq3AV@UH^HsEW!y~>$XQiWbu4E2;UXtrJy0w#XZA>QmgYJMVU!+Gu$7b_gUe< zYS&2^6}Hgrzo4dJ`?01A+79&!W=qYlF5xt5tR6B2=t#GjJ5s6HXTlbg+ye(ID8dc8 za2I}d1q&tm*j}j~p)=6aK0+$Y1w((biXhi>Q*T+0pq)>8=2V!ZYB@#3(#K zw(WR%T}6^2#|tZM53vKx*S=*}?Sz}=ug>i^A^GGntp--vW-(fa%pXNK`Y^GykQ!tH)oUpQ3c665APYjzBbOvzC={SA&y+OAKKTd7} zEoZ8&myP^W5(h?H!4KZil1c&P-5H)MrLfNg9qN%7o4S&B#Z zh%}@|j=P`@`PSjW$G+DaK+2>ko2MZ!qFjF%~K=|vdcKx`J63rK3}_*-S4mH9GT+j@IErp3)Xc8U-ia#;LuNr^DCo02Q0c5 zX&sY40!?%uR&tx&F@y#}bB~9yBZl9&YCa~Br0X`(QwF`k;jqu=_tUR%ZDq=S zVbOSdK#S+b(5l41T8t^06@kZDAyYl62f&2!_zgHQF0b z71%5ndw)Tslz0GzqUIIw9}8j+pR<`=UfBag1QE(7J?v~PyL^BdI9e%AP)`x8&~?H3n2MlTI+Oa1$SmI zD8hr{a=2gdsa7QmP<9|sf$l2YzVM$MH*#F(iIrg*oDH;Kw!UbQEyLQftq7b3`CQpk z82sHOci~B)Kz7I0oBEND@4nzbAiuPYrHj}+f(k>QIOg$NGah+$_H+XoHHBd(1}LBl zcs>33IsmdHZ_ieINUzgLPp+sc!J^R%tmJe-tgGY~Doj~2ydK6#NA-wpOhcJ$8@>do z+K`)HwKr){9*4997o%VN=MW}rK9}LVx(TI!$ZzMKw7d>P_i0AjEL7=}o?3-Gmp`Fw z)|@dP>^sAT095d8H19}jp%Hgq&kr!MdR#}(AE18o>>~nWMNcuz!~!gh2buBx|;eM^$a z3vGHpiw2?-klfZi6RlA02_M4YBgeD(E892e|Bg|k!zO#+nWYD!TJ^J#DycTU>aWDC z36^h96OJ$&(NMlVM-I~lepV{5=Ol>}L$z5xopW)%;n~J~Ck7Q+KQqeG1!bLYBtIJ; zY?F;@dn|wBmSnBxx=&+x?lg`E--|YxnO;BWm6OxlvqWbv{r5pgDL8WF_UU`f0qt9C z)o%@lOL9>6EUQ3Y`12pupH`2H@>Lf%lmo6jk89qV1GFXPN9`WLWbtMVf7eMds7LdP zDe9IBhTt5aOnKZ<6nBoL^FWuoH0*&RzZcNaoB+u|OVNb|7&Mk5v@<%lLK61R&{Dps zww{tF1cMhC)+=5CT;TFMV3`)@on5FHeqOtkSKUEKT!h`u2%#oSc(u)&wYSVuY`^Vqdf}8{XkeHl$tya)|KE4 zG#)3<{;Z0>M;6TtG=ArLb-eKg6Nr+uoErLK#qod{h-r(k2a3qzs|y8zuupx@X~OP zeE^_UF7Mc;9}zN;uFQ8YSfmzMdy{DzE{mx}d-fBnD17b31FEVngXNB|9JWkTxxqe3 ztbKc$TGoiTd@&!63+;&>mHXB!2u1XRI@7G459jG15u=+Lr{#qHv(P7R5?anR?Ot6I z<^4ApxDF{T#WC=wDeIlST!W|BL&vMc(6rxKZN|e`Z(Gfpql#~(8`%8KI&+{ z&}>bz`;CYCoB{jX?IkyEWxvoJ*2gap_055tJf)NC3651pdK?^^lW7{>kHQ&NKuP-q z{|f5B<1R~3@^<@r%}?~z7QTM2(dm3h1$0%{Y0#qR!6y$< zNGD+dR*sQ%pV5PN`UxCz6TJCGtI)Jq0e!f^HFjT_pFQ<$Yw>fBXYu;Z3RE1rVPjA9 z%0G#S8rYJd7-7Cd=d_iJpLTKN>71X6#5=!IT7ZsuoUW(0%n}+q-4Gk2Ps?hSf!dg? zx?|HwT6ap3+2b+@5+z(O(98}$dF1cKop?{*RR5ZBW}s9h8=nQ{Bh%inr<>Bx|8Wed-#(THMU(s3ZqUF8$7NwWV_36ZdJ3x+ zDa^s;0R`5ok7IQL+Mf^3Z9lceBX01z;NqT@>+_YbA@DeP;L`tY50p)k6D=FoSptv# zK^=}7ELrj%=N6RYzN@K2e6|Zkey`1Lz=2{me1=B}u0C&1_`;3Bm&^NcX#)Q24-d3D z1bEW%$No_RBw*@!^h3KZ;5^JVv(9P{?#LQ5)bNopQ;2-G`m^;p3Wvd~g`0I`5x8Qs4~@&&e!Eu2?Q^=`M#GEd@EtEblI`;APj$=9 zgKVXf>_@0AY51HJZ))Gs6WO}8m@(sMOmr2JuXEEbEyXxA4!YlZtO5F&hk#G@2$tHm zkY?!qAjo6jiY(er-P{Y%H*1d6vN+h$6b9 zt)G0b;mfY51cCI;efC}qt(|U0a0-gmgh50^tFR3w(E$d8)*X13Q|Ybhe7o>1by94h z9Wwej8A~2ipcllznjHM*yoYYNaUIL@XogRigRQV!d}*QhIWW9%MFVc2LicfB-OY)= zqT2oO!-`{C-0E>(NN+WHV4h6}Lz_mqcb_J;>?p98qoi5Am+oi)1-RjGbEcIF2zOs! zz;F9@2V!5EMNF@I`-Lb|T~!cnsRO*UUL}1Ni@r1X4_OBS|18$SB;)u-CPSfyZ}!=Smfg<( ze0+Fj;-^JGGJd=+EE??B?eX}^qxS#}2E8EM6~Uoyh9IF4zpz=D$Kk}ET5O4!bX*g= z?w+rEkjd@qr|NLeFsAWsz%aF#o#=dS+?#wo^~XkdO?aL3vz!5W*(&{TCSONGg1P1C z3No^?)P(kt-{b9Jw^#0>XmCZJig%J@cdFc>?2MIjxOT?hN&RMz3i&t^M#eLHrL>}PIa9*(5 zFD=p;oekQjJ6WYnNI0JKg`Bd(^VSpSDHP%rlJRV#eE9kO+mm^ThNBLf;tv)Bq`nz%`GqIAPYA<=ao!`-s zk)>OVj6Is)9#`i*t`mK*efEbIaZ8FSW}?DYA~6ge>J^FG(}Vt9ZUOR^NzzS{`-Wo? z{Hm$AhKB;pko)z5-NkW}06D4g!$lC|@!^axI>dDp@4xIQxi9cX*W&$xo|cpc|19ru zoBHt|198PbRfKaspB_0O%7Yo4!;`x0A=ns^=m9|BHNrH(f`!V7R#1!C7AzS`Fz$w< z3Rk%=7bsnNhBusaQ9@=IsK~gq{wEMNrMENFdbt-KM z`ykkU2DQJ|m!vzykp~GX2=1~&Qrgy@fq3G!LH=Q>Ll8&b9L9bdLASrxWIuXA;`))> z=-B+lBl4$r1%gE@;Y3RZuWca1eSm{k2?Wi!HA(@25l9^Dw5706DMo9hzg$~B&CRri z$K!P(Lv%cnVEuVn^m@O*-(`;PKh_^it@M@W#bd{_#B7}Gbz^O+Fy@uVd8jmitHa;6 zlZYV-`*3<~KdvB#P@KOcM6^UQnFU0%Z)jDOlP7mw*9k5-5iupQ|cxntn(~YH-0tTfpS?|nOvJ7~9 zxHX@P#wg5WB%vHH>+|{%zotzE+emyhxWuPEcZA)}xsSaBIvY6%u4k>GnKe6ym#8LT zm$#jM$GCb*c7~=9!&g%fgYcTcyC@24s4gM0Y@W3y`_(gF4=h3Z6=nCmY53ld1AvTo zzR56$#|`b@(-!-$_Khv^R7iJz97j4!E~?YDszQ{^*DOBK+(|n8jhyri%`1>!bE@3d`OEM{Z|oF?fKsy? z=HA=)#KV8JT5rxFxP<$jUW7CNC1l1zsKeZ-x$sfCsbkq+4Tw$-psLdzz$j3gpEu>U zHqJrD;Gd0-CeN!*pe*y(W&@S75$f&sP}?IxR8=aQzrZ){`^r%2x-;K$#f_@N6i={- ziI05Dhwk=9+vOE~haC{=mCihqGbqTJd3{;|`m5g~VI;MCLvwH)f49n`$v$o$zR`U7 zpME_U+V8eelcWWSY1Hra$Bp~NZ%@f}_}SNprOQv)ZdN^`*X3}st1A;ag12Xhi9O#C z{hHi*^GCxux?ZF4fCEEjFuLiDV1u6j^>WO>2f#m-+#k zn*1K$$n3J#EPwa}GmyniL-p4HMhmtVg~z+gMkj_lE4-J=+SobW^Xth2Hg zCjn;XC$MhF08wr!E>Svou^bZHR&y4djB4WoWSMN6-f^x9I_)rzV`u$bTchne9XV3w z=6Bh8n?}<(=ViJ2C$wl_q|qRQ<}_W4GEB5kKD$2?vPDu?;&qRPh3`#hns2_o#zUy7 zRmwFjTy9@mkIj*20P0$kh5gl-IeCK;Nw?cwF}P!ZGPXej$}1V?V`9VjqRsf=N$`Jg zxi>#hHExNMHBT@u@_*%Pj8^nGQ3SO<0AxKdKh|up8G@9sY(IZF@_bO(_Ot}8H(tMO z*6+rP5uAmpu+&o$eT_`og6TenPk1&j2Bi3A*r&utzS;rWx zoI~o64=rZ-6y%m4?T6{B-e*C)FdPJq8&hdb)iDXd$!J;q{{Z`^Cs8rFMSoa7#|fe1 z*`6c+eGkg-ieK+SFhzNqmT>%JRY(?lA_-9%TUF1ZTTJ|PAvZ=ow)~-d`R_2{Q^xwF z-S?#5hWaWsndR$e_)BF&pk@P@+KvRMyL!5&Dcs(Kr;wty4$c#mlWYa&xa@cZo_&1m zOGT0$4p-%@$i^A_GtXi#&n2$C8`8xK$oKj05mHiO65rLZYmo8X%c9!fm&E}l|5%hu zu#cQlfoGIZ=kZm20djYC7syJG`+quzj`io!lw|cA^`+62vqLr$aX(+~`}{o5ZMDDs zD;!P#j^l1V6uw?Um*#v1DqSjR?^@4zjODZ!#$%SY3CXrKu{Tr`*XX_#q2Y0>c^UUB zPQjx!U}Ns1K#NZ?D}6AIl6(k7&KOlNF=Eoc!Z+l!3D8552kpsO@N8?SWZ(PWbWRRA zQ%b|BMY;As(tdqCfqw9^AK%BgUiihz;x;hnADWWHvj_B-VT(?U*6sKCvL}0VNxtkF zE#Y z{o+X5qmTN18SRKW9zzodA3e2E#EYy*{Ijygjg-@@a^P>!0Q6OgzY+gsA-cNFRauTm9_<9>k+K%}265 zQVZE!SBr7L6sznqJ&#L>J^_X?RR;VGt03YrsFqvuIe(ySz2y9fI|*6t+chI_kmOXTe|*M~=)EU0+DiC%Oigo*6A)Q2oNx(#@VrH{ zmi4n^RZtxq!y&sSBe8b`%}jWQXjafFptF ze`}r(y)D-Ywx)jtdG8J|80vKS39GjKjS=xEE)#wwl{77ahzPUGs}DIdyyL#q24c5R0M`aX+R*|8(a7T7mt1*L}~EP4BY%-ou4M8X!@rA|P^?S`ATGM!V6QO2qBZ6e|2vW8 z`6D=h_cJhk<5VHOkc4sLqT~9ah+C(2FZeFvq8@1|Lyw?Lw5rb~=4mp*g}wq`6WU9e zr3^Aj*GH+J!xag4h4#+XI`kN$U>=ftlyj+4_1PunvwAV&ehs;zfUh%w8XRaCOC?|o#%6$)6+IwxihMK z&khJ}a_HMm4;mOnXY^Z>T^^GSdXKA1y#!d`6~>6p=%VwV*LwY${K*On=XB6-?iZ40 zsNl`Ugxjo}PCzK%OSgTRI3pu=FUR6csld%FsQ z#zM}P2yc|6ABm28(?qYpZg3zh{Au)g&M9pEyt}{+JjyVNj4h3Nr9Tf-xDniXQ?jey z^T|_S$@=m|n>z>lWfu+-y4*djDABzfmAOaC-l`cQCGC52i`$)mk4|ZN;;Z8-pM$@G zaaeo?zBU_Fi~c=06T>h^{p33jD9th@YrdCz3#LBK;ExruM*G|zeCLUZ{Z|cD1zK^` zg+)+ar@uULjgOSd>J<>Fm3VmKgCl||*^?ZyH4~ip8P()VJ|OPkjzng{Sm5ndZsm85 zINP;u@b4o(pjr4^9=0A<1GjSaIK7h9U&_W7kJk=$19U&HsR6v+$FjcPVIcN&T4Xix&nW2IMZ|W+F?uTbxy8Q=Avo~`$h94VcEzm!40~^_L zfuJ?v%RQ*Xs1-kO9FSCLEs>do?&`1o6C%T&KIRL$hmlaXBJqm*F$bXV_LarSR|6^HlU#O3TW<40gPTpy*k7#10!({`V-$>d+v zYY}BT&q$VaO{tBDMsFX<`EyYc^H){p@ya~k4T-)|;^_x3$Nez+XCcL@_~RQrKc98; zaav!)n4pwrAU_V*OJ-oLSvAZE%D#h92u22kqWvuBkO3~)*S>l9K{u%?GjBjp*d4~Bd`z^=IMcqEKYDpTIl`gRDRSF zJ%N{n`^sKt3Olu}A<8(gzteo~lh@lp9*^9u!W7Ku+G7k^zkXe0dtb>?WBXjf<>zgm za{*wnrS?&0U+yoqD)#`Sfq`-n>1Q2-Ui^~AEvt~)x>r-)c>@I)>aSs`{Qd)1Aj95( zAYxl#5=_MaZjSDJ*(c>a5u%Km1n?GW#n2L{;2Gci{1tCNtRzo5{p2LQU#5|W@c*kS z5;Pt7mX758d|bnzG=hkzE^fWg9R<=K`$t$O*s62Cpx=H@X(QIX9`;ND{&7WlJTR|{ z)OmQUsm)iir;k^NpZR6l!Wv_{Ika{2eCGKU6&-C$uLDpXvD?L^FZHZ?G!|XNo@4n9}kDJ!O7x6cHN|*+s z&4w3{WkB{i{GlEaOMmYlz_pYI+kFiC?)a{}BbyXsR6;=B?t(b9MhN&Md!H1pB{~f6 zlZO6%)&1Ed^OD#QkE`=|;NB9S z$|PF_9nNMaNSPZ-_rQviBEI1+_tHfgXEupRloaXOnd$VY9<*Cf zN%iyiD=fEr7{GQWEkVJD^OmMt4U9%JAtY2Dh1Y0d-xm0OQibip4f-xr(4SgCFoAVx zf3SXr%ZL5-!V3~a?s-5j6s(2uvi5M9>c=bb!MaS!9EB&W+p&{kTq;2`+{%520T}N4 zQ2MP|4UeCN9Ha;V8>rC?qT?}VaF^nuI!BK>1W4ki^$Qih3HL-7E>$mlOVtuI8wrr5 z-B?KcVkAFjvo@*REe$1Y?4C@fvXlyuc1ej;)T z7Uu`^P+9g!^xVM>AOi5H7;aGxr7bZsM}KDi zK4;rsNZ5sB&V!ZY z`DnlaF2!JD?@Mq@BC~dw!3Dd7#_-35pqAumCG+SuFMj83ZYV5g|c+$}yIBK&;wc#5^+LQeY za3r)g3{d~5)tAg&1j(62NSVzc8lWVtovtkZav|2uA z=0axeWpH8&h=zuJHT@~1eBxW(zJ&Q@e=lxxt8~S>$9s1#yEJ={{Y(xufOKso=3FHH-i~QA;0lu@lb8! z_4|Kh7|nj>*0TfO6CBU$2RoPV;@<9}lZ+lf-qlhu(taf}{-_Q21!wlxxYk z=dAvom%ug*OH-OJff0nH~_xYQX0L;$JjwNg>**OxOTi}A#dm> z(l|cG4_;;Y8@B%MHe1K#c!M)|=TieYKmN*{dhlf->w@~=OVp<<<6ZZX<$k0O?kD=> zYzi6f?dyVdzRywL{1`q*bbOEddb3}#VCh{KU-vofs%8fJ=!|*(g-Xi6Cn7}x`2F%| zTc?wrRPr!Ccln5BUA>SOQ<{h_C%)E}^k@wx?}2+nN?vb$@T23ZZyxi)P}fQ+_%~g= zzqehnh2hj(PWmA@l<`4wUFWFbm)?)j?yvCue^M~P-G)bWRWNfgBRf1SuHHHQzM{?Q#x;BRPgE3tVIrPMb2@C(W#Vt*Uy2(j@9DsLWFroT$#Ia1Y-(mQ{ayC~q#DF$mfht@sB9Xps9mBlzYoO&!VPS6DPmZ~NzjCMx{j?yK=O;=h^$qL=4j z|A-&%$oz$#PwmSHDYOPojFg6Xs2u>STe`E)4kglPBC&K4plBm2IeafrjJowhaCJC zfcbe+5P7PG2M52OWGpWCa=$2NinHB)Ys+D_ReTyBkjS#9W_~;gOzUuc?Sv;!cMion z`|^Q~iPE5q;>Z*3seON3RwegqSmd+HU6T2dA&Sa(bT@vfa;L~Hp^A~iaSu=6n}@qu zK31QakkK{H?UByLJ+iOl@T^HyUrN^nX=^D^Lo&DyZp5CPX!kdsuknxGkLmZnkf$Wa zzDZoZB3YtUD1b2sK`2d5lzwRGE(mA82{K5w^A0{Z7-gHRi5RaeCpBkR+25--6p>T> z(bqDT6a|3_!#%LT9~L<-7TT{i0Kn~iD12%G9p-w6Ol;B<`*q%@Nvz_r5dO_bh*H_FfHXLI*Qqr9-Vn|?R3vNav4l1 z@vTYjXL8(;APVJtl6l{)RKfYpmtGxGr=m}dCTzpoBFPEh%hu(WZ67Ky)l-*U$_5Sz zm&;e>efj~xAr2B&L392qAwHn9GxG{v}Ee7}7`u2qc$IIT4c_v0qx7=1JzP zlj5@`k)p*J1Y)cnLF%?ll3vsHNx~)=IAXDw@v%WLC(^}heZa=M7od9=9lJLcOurs* zod<4IaZHNR$fEF8%ERHFRK3Dl(aTTKtFd|b2swQ&p5+imGA~K$i01U*Zku5eOsGWn zeP}s?L8@j1lT^dGyK;W>g#@@#;SHSQ@4Z&iju976e*6N-e-E~xnF9iqadBSX*DHhX z&3ucOjY-wWB0UdKMng`+HWs(_zZd17~!q9FCB%mEK>4`yxHc#%}YM)463OG5oAo0E_pj-HuG}%$HIR zo8&kUhw4}-5b`HyN7z4Yv=0Q~76QR`MfPG@65RmjJ-7bWctBcg;tOq^#RQ}Js#_g) zafUdRRpk(K1Z?1489x_3aCyemEJYlRp!xY z?B+=%2N%udLpOqNwan^+OHkdhsPNs@RYjDyWutF?eP@2?Acash7)_Dm`QU~X`g0t+ z0dWjR@mM{8m4o$@--G1j_U}!dY{8@p0%H3MSaG}bx>^6`wW5KZ0OX+m+0$c5Y_Dw19M|;82U=TPfM@Mr1Z7FY_0K* z!uSjbW7Vin%{myTYSy;(jz0$L$oG8iF8WfA<$*wB>pmfU;3f4<8!vz7NF1qP<`xGc zkbmhO_<)OcY2NWma%T%`A5s{KVx`f2&od1u?cb7%!3u`MtWW#Cz_6vmGrFecQhqtA zY9gT+mF<(Es9dKMuwbzlKKRMLKv@ATIj>?DPwT8MG^yXe z#?&)SC~1EC3SzPoTF%S6AHsT}6{g|#!H^sH=roPEP?!R5{C*P|hwk{=Ocwqj7?GKu zedLfIt)V%x+m}UN<5k8>lElj;@_~jt!5{U?t`j*~@N0D;is!;HKQ^!(#=!uXfiD!k zk@{86es- zYJ0+DHv*G6h+Dbkd}zXG>;9-5J6avC`Xe$SURuijUeNfc*y2xIQDohA0FDeviK1ll z%ln$_5l?XX`0_hWq~gVO^XFMHsqYb3l$my{Pw%C8l@Js zkgoa{d-V$IB~(HD-8?zgK8@4YItYRA0wkw^j}7f$6D2y=7Or~pDa;CAns3s%w_xN# ze1Ua`9YR7~pD%KMOa3*{;@BQ^BO^-7{ZY*X2rPptw z&#e^-b&x_57WP+t!iKN&WeJHl>M(eY^W{=B<5)N6wy7k|X3i1k(~#KJ6L!UfRC+*8 z`7<2rgVh$;#BR6mA*p*?QqB^83fw!Foa)T+@mFc_D6AXu&N!|)B?Bcpdjuq0n&tbx zjuVIhXvKMAVyek7|4sX)3#MCcqrQ_49I}`CVsPFoKLRw6=IBYU(}u71wL6~JA!2b| zB=4SHAI|&6+Ca6N$IuU_3r-o;j!;>KJgQR@36JnXSM1>qfRK>!$K-w6EjyToT|&jV zUPmkxzu%86Vmv+;!&ATkvPYlQA&^gax#e&n1z>siU}0mvT+coq9LxB7;Qhb?2+$@) z;|n*e_5R{mrUdnROLJ|_wJm|Snez%Xn77q8<%-9Xg^m*c@LgY0KYm9Q_5}|6?sLCg z>$^mu$RFfhg^vYpW-Stz@eR)JWp`9HF8CH9_!0{PmL>ZvUL=FpjfC&1in(=7l&#q( z{1?(Srt7+~IP6hZM1C*25csbQe~OB6>4DQz_$iujliQSM3G4kDbqpV(YJQe}ydJ{D zmb%W?4oPKP&dz)W|M`YCCr| zJZly`#8hZZ!}lz>uBWtEvHKZ?B*ZS_`i+M7ZSZ`fR3C>z_)sv~v$UsFE#Z~a(T~m{ zDB35jx*W-d`0IW^!WLVg9h+IP7Sn=)|2Q2@TShCk?zfZU1ZV;I{OpG-?6bcp9}#9P z^W}DbAK9YgjZL!opvGj4!^rvobrdPlMBxZ?tHP4TLHa6~z%4&Ql z#&jBEs@JPKb`~F_cxm9IX}B4FXNTV3Ho762yYAuE6k|*g1^-Bk6EiZQx~|xocvR`$;?tNa*8NOV z_K&3N+EP^8qQ4|b;8CJTkc{#s3QCe7`RjX9eMjBXRR%=ZVTBoFK+4+N)c5+mk-K$x zEZ%XS);dg(E436a$J4%6?Rt)AefBd~#g`se6P=3Jcj^u&+ITtf@-^S{hY_cP=zwbQ zrA#}v#&;{12LragWw6ho5ApnYyl&r7%f4i%LnOGNxGv;dgy7t5V*tGk&@b3O-5ylJ z-aJS%C;3`UD6Aq8 z|32-wY+c~W6e4-%L`ito7UlfzN5MsRkYHuIF=D7+YY&FvP=@cjV`E0B+ zFZhpCIscUJQTwXpVv|N3BHASXEW%1q-uBr-6pySo#vk@l@SQp+CzQ`gy&zE%;FOL& z{s@68vug-ezm>;~JMKs#kz_um?ajPPy9`O8rOY;#}D|s2T=um)hY4Q_(1%VU+XLH~PQi>c1P6aHAAIsweE|=Jt9~fdr?|S%9w9b7!U*q5RV3TUA?9Mz z0iUuFaW{;UE8Svn4~T~S(_zVsG?TomGF(~bM#}b|Nx^2*a(oiT>xVgY?$0)UQ%oD^ zNv^$&4tTOaf^aH9cT+)P!d2T$(2WEbd)}=i2u(DAKl{S#?K=%Ux^wF=1Y4X#dlCx& zX1O1qmWSrxwbab}pYi;eS>XZ$O!`Gb^_o!|rpeIG;*3N)$}Hh=A>z<@-!DoI$NlR_ zq940L84`cO1HpZMd5+_aI3pDDdjCmHvhpZ9AL&;()R6!*m~`*u=}J)cmkv=dW~A+! zLIyoMp2At+kLW%8PDH5(&fq{{DgB=B_ZF5IZ}ULz!)ZNHWywT>NNrMvAvWfY3-0Z9 zfZflxy0hW*QTXyDJed5Hbp_CpQh+E#*&_7^eM|~?p%%8MRt9kFX!p%cyx4%6)e^r7 z^Q488HXg@)AnqyG=QO7NvCSLmV;P?^enE*89)FR^1lDnYz|X@mmH_}GXu!3a;w#Dn zqO22YMyRpY=T~vamdA1R-0^!I2(caI8=t>)b~);R`%TzCFL%cq<5{=|CWQezRJK11k^}{!wLX}{ZjT>F`4Y|tQ>D$ z-Nh%(iEWU+E2o3m0UG#Zr|lhT+r#j8!4S*OV&AXpw!<2f!%ejsLP@NcmGw;}MX@|@ zi^*pL*E;R-y~q!upWncNFpazx4NDZ{!agoE2hj_>{|5*)T4nrg^S>7V(Xm-A1fK-Q z`Qyv|wDrm0d`e|SCecnEhzP2Hw+T)NLen@dWBic5{Zb!8G9`*dv`Ntjk6vre0n#_2 zOR@y?QFAKlh|G@2cpmT@BA68JoH9|>&D zz%J4y!S)T7JY1{&a&@<#ia19AGm}jqeG+NLx3z7ziL3djXHNck8hSAu6zQ^(y4pY2 z*m!za%LLOe;cEG&LNFbpaL2g_>4knX&V^4hbMtVyi;)^mE_3Ya#)Sz=t<0D5_Pg#Q zu(dh>D7K3of4JWGybjz3*w~*GZ%mLx>@Jh5RBM7_U4Jy>Jrr{XCKG@63t_>boTHEL zJyihU+G&Yaa<;376-BtG#(A~kaTXkEa0E&ZEpniI(1&|bJeIeM5bVnyO}_ks`DAD0 zOlPlMxtzN}t)i^88+lWQ{tK&?{UeROi1%%@PF|O*Sg$5?GhuK?d7rD-(c18fi9JHc z)-hfTdJ}bZK*}8i`l!}9r}j2~cQJb8kNj$)9JW2)+qtZxo}eT(JT3%;Kw|4VDG9mj zItVaxQ`up!JR`fm(~ifYf+~E1ACb{C-+I3%F*ab6U8gEgGOMJY_vfG6o3cke5T4fQ z{29;q{g9WAkp4CUbz|Z|zp8+Tne7Qk3S50Sh8ZaGV{udnVd@|Bv>H>kB(@1IdSBZD zKhF*X;J^C#Ng{-O)LB(})7u#{imhhU?Cavk`hFKG*q4xA4wu0FHLqxUbC5W@08pBA zaw2Y<_W_=z`!;iQX{&L7JaTc{n#*(^niA0kF8eE*{> z%W^{|=AZMGM%(R3K0#CmO=R|M-K`wDfE z#y7OXsaSA-R{R>D4Eb&PVo1@yqiu_bnAA2u$?wPkv3Vl`|Mw#R8xvoUlme51FWP39 ztAwJe8EU}HaKBFb{DG||VER8KaY`M&$@6RUIS%=>Vo@|i_(Xpy4iT!d`ct}c#A9XP zWdS*A3{pixXd?vQ{Brk9>Q+`j%|!_whe6T{)wHE?Uwb8C-xKzKgC}hgH7tZKA0dyW zsJ>Tr^4>nrkvY385}9M0!RdqDMIUJ|ONP{alw@8Mp>QXkq%m~o8igwnR8@RP_)E|6 z-T+0VR~XR0)8Rf?Ou=Rg1j!{%ttRywnQ^bWVINEBZ|arcCT7j{Z-qcl zaaYvuY+A5d*$kEMz(5_*V-vBf_BFs8@A&T&_~s25e_~w7p?+vkXAu_R2=!Ksn7A$uhzk_MF9d+)8Go+Bn8GBlCC%JhPPDBNC0i%6c~z8SxG zR_^DXvc60{xt`*|% zJtaO)xQ#cDGWJf5p%6D?3HA}@EXFYF{c0=Q3zew1u%{L)|8t5z9OM;w_!cEy6YWYcf zZ!qy@IQ6_2uG!^Hu$l7w_>`2tRW4rx)7g`*-~2AgDyHbN^zIikz_cYt{&JtVe7B>l zrtvqoIEiigQrG<>k7QPT+7T=~f}r~NP3^I)#}}tfYxhgiAgvsH%t7u{~WYt^R!9 zq56pzmWoNzAOf*;v1qne4mr&83f(zRwh$DBpKI&4=KY4;Z}ZVT*i{|Ia_ydY@2e}T zMSSQ{zK`syY_yYxj@*^Q3qP5xbCpEzq0#WR?s$kuHE+KMo*?>}zQxC$Gu3H7y=!rU zRz|$<2ZxY4k5m|ww+mk@PEYu(pgJPuof}^;zK2W`WOc~j+aig@U$L3HC0{6=7!bH(AJJ75{3*qjOmic2JMoa8qM`n;xOol z;LMege3~b%-(BbS?|E$Lj!uSa8X>0H&uhH4lzLA1FZ9RuzhQI{{gBo}?_2h|ic!U| zgBNHHy|%ypBxht*6#->J|K@`yvDU-2dFg!(hkO1IntjX|S7&tWn4jSI0sRTw3xSM= z_6-x%%d?n_a8GxsV{(MlkFkB(u>-tSGNI`wzxI%8++QFBLrBP;w<|q_%M1&FNpRn= zb>3szEq_SzZ~bBI5e#P&sxP~}9N-P7*RVhDXV23of?=WWBrFdlM)Fk34K!_RID?$c zEx0HgM-K0}5kgdSUw@{O2u+lqbEdey{*LK|x*rs5hj~HE`7jsn_Wg2t9D5|cS1i)P z#2hyzaF&CL8pXC!H{&Q;tUQTu-P&rpJ;hK_KD8?xtUs%S%P&Bnk)ad;-Hc-)tgKL% zox=5z3v*of+}_1#jfhu6UZc3Iwse}h$Y-K`*dCyJ=)d3R@O$)J8k;6aK48awDe5^D zw}@F*9DSa?`&{xyAa9Ffa&Pm;?I1_5(Q3@^?QuL%C2{;n^9o#!wAT^u_mE`N`r1Ry z(O|^uX|bTHW?$qv-w(w4ozo52{J}+GZ_o%jy?hPUFn9nAx(E6ey1K=3;xs!QSRnT) zr$Gk8yau3QPN+rS?u?yMN2HF*ovge&4BGS7^{5^@VWCJd@<$Cl@b2do0-b@vD0tpkvX1kcf}@u z;jQ`l?ZMdlqqpRK-|BOqrX*iH3}WUl3@yAF=^oUy>Rg%JG%ei~_ZaJl9{rGx`zhup z#>GtRLdrZ(1N_lB*F3xKZ;Zki1{e*Ym$v`l1F|>F=UrPQ0gV^D@6S7-5kKwgyzkLB z?Kp;K^L2lZ+O%vZ7ADo8Gl+N&4hDVRK(TGOb5#MQdlXH6;R8}*eRZ7Q-qnYCpI)wH zPD8b?a$^~xRm1OVN2lF@$x|=s?GCQ&OpDwk?nCx)t#3T~w>Ma{toG}S!U@PtI1T)m zmPjryxy)}_ghVZORc$Ul`YxlPn9!z>oSIOeraO-zffyn&q*M!Ia zPd|;F2H-J0R__po2~YoZ)twq-N*FIEM5A78Kz8c^Dl2QoT9OZ=pWq_eKeqj`8<*Wh ziV!C^XSz=@H^D_$UF5_uYpSh&3T)jqeeU%%)P0jmCo~To`J^ePpUv;XeiGB?A|b*N zh!>i@jw{N7QkjN#nmYncAOQ;M3In^I0RK92zIN81*4Fqs;5`&4g&@_&MU>C3`fKSi zohV|F;E!x!_;;tAErF;t@zOPt+~@6}N2eq7dl>-OvQq6=!BeM7xDf;UdH_;MxXb%_JWGkZ)aY7_<64A6_qaS?F0UB#L1eoU2JI|~ zMAsS4y*jg(OU_XF4bgoDbZm%Ixx)e>=zgh^Yy7-?d~%=4kyI5j6r#f{s7E)KN;s4)^vQ|a;cgJL>a=#TCYR+R<7r7&?_oX`}c%G%0Ia|)}PvsAOPKz5o%^{^4I&oNZ?;w_~P0bn(6?OZM8let8P-=!kSMA&=S z`y@QPif(=tnS6cShT!Uvt=6U$1#3^0J_G)qe$Y`&E{Q&Z3MzmFhf;iyF3)mJRISHL71==K3;TL zhao)PbN`q;oj$2nH%5+5=2XolQ|vxlkARs&{n@9eqra#{U2Y6KJ8^r(1xojxrf%Em zP(Fs~A=O`-!nDTWE*HCU@u~QgO2V)1bjORPHi!05QlIbHH>i{wn5Qt521_R+m`y4$ zvF!Twuk>drhki;g+cvc z$e;7$KXfGSGy_3@)U3ou{hx7h45`5FMEWfh*qD55V!vn-XRd!12LZxVwP6PVPHY8T zxuh}2!0T>h+`5nRMlK6~ZeeI-BSKvD>_Uuk5k33!rA%mGnK?8@VLTHuUweV=j>zEh zL6XN6C-X4P?WO+<2BINsq_LRc)iY56~iQ znr6Sfv#}jg{clIG=&Nt`*SZ3Fk^iXZu&8FYAz>-I$ zJZM+7Cr);FVhpf=y{}yPGFSPH4IOV)xD@GEe?uxy!<37KB4x@5|GS~AtpzuB1NubK zy&h7&I2q}T1~h{ZzkThKU??+1fg^|b0k;VwM%beWbP*<*(2TKEu1`H`8+Mu_^YoB3;=Q?R3O_e1c$zlsJIuMiHd@o+ z@G1+%V?-X7-YWF#(6fy}iia6%%M$m>%X_^20%U|IDO=U!5!uH(4J~@c)d5-OH!SH+ z3cCR*Z0ZNC-DHWA*3)njd*=dp;oRU0g|F8KUHqLH*{d6_SYol6Bk>t zsZ-V_%6k+4a?SDY93=PpNuxSBQRfq%r9;UikV-ml zJT?wvP@Qj;4*9mP|Jbg$=RJReU$*aLtJ%ji|f#j9?^_GNw9$rzJt%&deJ=RoTO9(GgVG4||lG*PvT1c;o z*EjtWC$=94FfXredcQ3<`JS?W83++-$7|u6wf6|VMjbs@oT_?gPh}JJvGrF{ zX!_R$aQ(54hU}f^x$&}r%a{;jqWE=^2TGpfCg%TKSm17&jrwr6j#MwbZ$Vhk06QI+ z;rip819T@o6NDeI-srMlESznu1iwgtjE#W0**}z|AK*QD`^1pgS z@Lr|ERV@J*(aHfd<&~W5lzYGF8Z$s`nUw7dM8kP@>N&mC)PR7gVMP= zLTdiH-;RcXw)~b}4;hp-2L`W(JW;>)SGq5LXK-8NeQ)wD$QI#WgerpZ8Q&hqj)}1; z&oOI`cr4NEpFqudF_*)dFSm358Oi{pCk#KM z6flXz;gUOn+SyZSbud#^4o0nL^$PQ!enn^sU`86;S#1!?r$p4b{GJjLu0ur&SxA}P zZ@cJ1qVzH|OOFQ0hW^LnJN#&4nDandKDJ4*4!W(^mrC!&12Bg0-{St`9^FaU%PGb= zh=OOrNAc;#zFqSZx9Z@JALg;0c@bqeVUyD&Uhcwu`{d}yJwPrk6&g0m6u<8aDY>A0 z*8d)U^H7EGb-YAn-B2rJ7LW6Ny2YO4d9Ti0HyQq1gt~{J_&FuLj-Y`&hgN#eX3guQ z=5XZ(Uy$gwK6g^B-r461mH7I&pEI}i7ne7N$mkadb@e=QgR}oCvthqMwxYpmmyMZ| ze-|K#VS>(B;~HAf2WF4(z$4@6$RXGB-eD*nFSPh*k%|fqVOUpPd13(o1l%eR5)z*` zv(Z;Cy*yewek|AM9-hB~tQU_`q*(wr(_#8TS7O*#`Y9^!t_AnFDs?4?yWjT+^vn|q zhp&zg=vM7r>0_%MvQN&YXuQdEC0Px)yQ39>UV_+Q+XiY!i6ry=KqD^Xd*GAYuj|8Vt{DN;dr%ar~)( za6nJyu0AZSw{)H$AzJR+!=vuo&wZ6BIsLK`K*|!- z9Luk2YEmvhX2Gr|cVB5@%057v=VK+`>ivXhuxIO8zmGf^jb3gCi2i&adV81>;<4Xj zwK^!TU$$mjl*Ld}38U=Mt5TSBM66q@Or(_IGE(hvp;n{e?!8}t%iezAo=}yyxzKT2pp=xjPv$w%Bn+?zh?W}yD$Gci_0Ltw282xS#_&qp z{8_vpJ`&2_jrXh3oO%L6!R4j=fDe5`nP)NQw6oy5Dgvjl22cry=p%Eh22)Vi&kFtg zuUGzFcEjZ^EK$Rnv3uE(+d@LG!s4B#s+X?d{n{j zxw1H5A>mZ~v^=dRp@bg3)pMfVY;WTIGl3oq9=Fa5!1tMPriA%Az0nY4)B=CP=IhVD zT6+O`+Yw85P3Z(=knUc013+X@ilA5dq-?s8-W&-{{dRXM6pV|>ky_VX6Vk2sd|0&d z?~I*70JJvrlUpxLbOUnT8C^_#>g3U|0sm2~P`>EW;nk`sp(x_Ab)>(|qKsZ2sL-l* zH8@qE8j2gX`f-4kJcT9U89dI*aFLoVy1!rxbxGDb1;NI{YYD-#B-#H zx;WZIQzE`nLN=%Ok}A#D{3)AX+U@(8i37RdpuO?8eo=?Bte-EpE2q9T(I(V`S_u6q zB)HZns>=(;3MO3aa@2wH8SNrL&YlLDC5@;xoFRHJlTsj_JaL&E*aQx;cnSbH5d49s zq-bj=@2#BQ??HJ}(|)TRy8ZF$?Qlj~0_SyK+J~Sh(iNmJH!}|$+Wa+&jA{n7t)e6F19#|+O54LYr^|)LF4Cs2F5jy^qmmr5{l4vSHr$-O8%=a7 zcxORP&G+T-turoh&(bwvJILRTg$~KS$H>9sDYsajVc@erYZ5?Felc1U`>N6Do`U`9Eg03%rDJpKqdloOnGQ*3^U_HGSH@9Y3ccDu2K5m@ z1z=xuN!uKq`si|pct2?->Ej$2L?-m&Th#w)^&N&bN93gttJuJmOndvH(9STugGSl= z63%{+*E@+{!1aNH9v2aD_dNPKy87R>?k}ke2X;J_3zcWM0}sVQPmolvfHJhO92MvB zSoPced;QK)%TM#j;?mmn%1Y!C)m+`bgTbVk7Yvo$rdzc2^f129 zhBS6Y&kHQ1{LNqUp{BWdLRJ0U#LtkpubSQ+F{0tQuFuC8;S zeEr%u5gbz%WUigbORdG9f6imn&U&ZBTsMCz3$*Zdy5CEaTqTi^40gX?d)ysY-*;Ag z1>%sVG=K;uR4Oc9S=ftr_wl^mp@ZA$(z*hC#``~ps<DT2~uuq@TsT9m4C7aherN{8tXAc;}T1T zfD$dZcrBxg9CW&+bkOsF7V=gaDedtDB}FWZ5SxHNPI1e}MFyg4K#hDP|LFrNSRT88 zdW3Hj1vGTgEuAHv1Zq`}MbP6R=jPyWIWX@%0ErJ%_H(?ly{^X>rNBFA$s)M-K_D>6 z>K6raOS7)WL2c!Id(_D>{!;;#r9Ee`o?ie2j;7b?YvdCP^Bjvbg7fiDc%EMRYOVQ@ zS)T)6ba%BcbKbR3u*qMS>cm8EJiQlFTSJ z`_5$^GAKBKFI4OGA{Zs-I)3UhQSHd#@LI9lU5lx|V&UOeH~%blb> z=DqL3HZOOHpXKxVmI&pYSaTE0UCn?m+wmskwVq;7M#LUKB*4(Dzo!xYR^879{Tgy( zWpR={R3^j($d$^|7q$|CE_Dw&G_`(@04QYP5f|NgA>_BiVx62g%f}CKq&;Xs$4=~; zcK_KM(c&q(|Ax|j-OmuA0@m|{-Q*3`P}__j-r)-+kWEKF1aX<*M`kR7@W$-p(e3vA zB|Z-~vOdN%WR_gQg0t-xZY-U05D}idRef|CkI+OIq`lb7pGO-2GVQJjA!Tw zkG@!;8kZh6(IXySznlRL{4AZZT{{RvpKUIlUh9qJzU_9k(V@=G3=my!seN~9GD3dt zgAk%0=|`UUe?D=>#x|Y24ofxMHJ6H@4t2fozXr}{D9MP{MzH}@tno2UG6BSv zM5js@wC?ggXW0kU97VUHUX1nC!1afk#a?d{9Q6yAi}VJ+qdN9rf&`e(@u2E2?xmRb znY5?dsnA(KcR~ViY#4*5`@8XT#Hhu0-#-w}6L!1fJcX08C$TM@BF_b?^2#xz=ctSM zm)z}Ze1Fz{`*v+5vfRyIM_1Fw%#_5lVK1lpuuUg|?%@Yx&9E2m6}+gkZ+H4CFF|%& zp^$jJp}4umj-U~@x`ee}?Ao-aL`Lxk51*b+^84A<^H8Ca*P`P-&Q9)orS!_>=RqbH z`@6vxdNkXyrZnzhdHyb`grd0sO8canUNpZ__Upo##+zU_f%rT*kQvoh!9L-skF*o~8GNOrREc(%U{DwO66r{b$y~ z47I;gFw?P`>DH!Pec!B+Y^YnlU~e|dJdwl?kt^%-NbPZbG0lz z5G9OY3Z=fhCau@mH1?`u)bF-9!GF<=Yf>0Pc?IG*rve}ty43Z2e9AlL`+ z(!^%t@W~7QiAP#M(bvB9_aQ!LS=3pF3&e)lW9>yfaM3am@l^TH#)CG2F9dxokSL2` zPH!hGE0!Z5ZjvDI*C1zK{izS$kKQ^bhF={hHXbQ{BGj`JNqaX1TR zx(4E&QR~mL1tLB*S4|UNktI=V_|CMBrM{0CdW++evU|-qhmdT6Ww$8T^+A>(WIk-r|`%QOi|TPstrp$ z|K9uQv2*eTwZTS$i>n|Av@aAWNTrG0M>tZPFYY%H-VM$B+#3|>A=A3wF9v&u1OV;K zAja+Jt?lm8-aQBDyrbt&e+cg-bo+@=k+s7ewwO2=xA92mS!T)rYA)5mSRn z6@EFH+^YMy>~(M3Ym}RQ19yaZK9e|rroqE$e&hG0w_LGj>27?D*Rx&!?gbq;gS*Uc zsB!3f>N}xKLJ?UBy=a$L`Sus6&OYhSO9Js(nLImccKmJ7J0BGHw8E7+66@$z{iGnh z)Y+1g1k0Njh{o&8gE@{?8_Ld>yncGm==8pSm_S31ZK(W8&OnU#a~dsg6ZmHmFA)Xu zFB0ijR0= zM{ufs+x(r6X79LpSTT@YG|OkzdQCSit|zYYQGBR<=dYc)KG_thxb`lsK0YYW0w0T; zPvSgl@&@s(EXFKXcn%+@)P`ohMZVH^)8hc2A5F?8B zi^E!0&Qn7pXg5Z`4?s>td!BsV_cBn3A9GF>nMRH7lRvsi_|wmiFo@6G?vkKPqIo{; z$J(m#sI(yB6m05l-wN%r_XOBvJ`!t_#pmkMbM6ZD=@ZoK4ubvgV_Xl7T? zGkFRCXaD8kpak>>{|v{i$7Ve0i>LP4=|%W~nnXAIeA0GASABT^|K|S?XW=`1{GYi7 zpTjWyG)Qy1(}xQ;%7Q_laLZA5g=}k2u$H!0(iRG!M;##);EJWMD&K?%ycC*}X$X7! zQ+|Cm2!Dx?!YhU!`lz70GRJtoX?ncW>F1u`05egOer+^)Z}COq4gWPhu3_a`Azmmk zT%%?@8?=#+`U2CBeHK}(V=w8tNBotBaMM=b^CG*JGw&f_T0O)V4YSt?8G8V%)t?Xa6ROJJ=tE%UAJH-i;q=Q0PiF7z_}0%h$svuQXN84Ck81`e`p<(Zu)exD z^8`k@YW_|@76;<5y6!`0enoT)RKok1^9u52^Deu+?HB4gTMuz%wY5Ka?l<_Iw~$)H zBlEl8t@~@tJ^+WL>6wQ?@(`q^5bxLT76Q7cL6ydZ_R=aC^5F*BQF(O6^Q!ETF9Efx z&>RqZ8F|}{aJ*xERJ*QhGCvNPF}b_oix9*vnHcw%iF^(Xo5QaQN_6UBlJovNca2Wr z4g~&H_u=TgsJxQHt;fiZru92Lran#~zP&u$&bBWT8c3&;k;gg3gB(`oKp4x4@ms&Y z;?7vo&L@R9h%Y`e>L!vJyita{JPrmD!cdAkl82o1F=52b$kXY)5&eq(DQ2jm$%aSd ze8f~0pQb?ow^oeb2f2a6ab;o7^;v81qTjMXpil<~@u8;MeqSDjcH9fztkaVInc94$uSENp^Cvc~I z{5_Lyk~1n4NA=2C{lODtx#3&W0ar(@`4JF@+tlIvUbR}Zs`t8KoY3b^KU@(*Xty8z z*@AY3B}jq!La<{G+nbRRz&P~C4ToLzo-H2-_zh~M#}#5!s?Pr zB`U>stsP|gS5q*3GClvQHT-zGKUUzt&9U3Rj>bdmt2^>Z0hX4cU1^jkC$fSz>=?d; zYeLP8*QVqnCR!gB0#BJT^+m=k?~WN{u!Tx~D@PU7%=^ay2D~7@gb2CTytsqOOG&|S z|3KO3lRqoiEKG>>g*kbb>$PBXMJXNQ)scthn0@#~aN+Ebu~EavRx==dewq*SQRy~RHVLSEs>!jh<8Y&&Hn7@*YfuXh_|XQ371laezUl6kP^IpAi#hfKCo~({lw(*6pC$dTQVuDEvh)BYM8@X`%)?!=JY4HSLwg2Z@glXDj}%5zJIQPa~3cd%ox!9 z(xlV|&1Qu|#0^`q+`1v{pKW=kcNZe3FI582qWpuG4%@%y9=iiU!rWLXZHJ8J$*VIo@#}bAdWN_ z`@TOKo|w!Ar#-jQg8yBlw`0-ZAK^53x2P0}4_BOG+JRd8`Ukx6P z3tmESJEB6d=Oh&O8_*y~4o!PIm&IjT02Kpj9S^(Rx3=fgDb&K-NXsVFI*U{Llp!v; zB8=g`5z@Hs#NYiYsIUhtfL87`St#ucPk4{x5Qq^oF9c=bC*8^J{Si(e-z=6+((hQ; z_}ndFvc5!u4H>7HOJBF$)Uch52ieU6>P}yXAw}o0$ZjGZ@Wt-~^4Zjct!{Jge{^cI> zxprJu=!?Q{bS*v#xCbVDs+$7^+le56aa{Z9RNP9|moH@Y@KBq@%9Jpg~7Lc zclXF6hTW`Bu1*|@FB^`7#N+Y#Smon5+H-K{Vb9f*-^wfG-dJxT31A!9UW@bjVR5|9 zW=4^Rmu+=PSS3&=+is-SthicwK@shI%2b$>lvt^hePXF@aFy9lr3O~jDvDG0*kPJV zdk2Mr9`HbJ;|(ALlAFMjVO;f!^6y}s4uSlBk%vdKv&B&M(otB5Gy4M-4-<8+%jeL4 z;dS#oj=-B)N023H=Kb^M_JiWBblA0m1c=yqbZ;8Fy)6I0;AEjX{R;1&CjQe-%Q+(S zPhw1=S|n~iC&FHv&>Xk8=~oDtT_r;4Sc_f5-&gI;IMIT|eF85U|LKoI3HMsXnTa1xL~Wf{+tB`+uI{H8{Cjw4GJOW7<2mXbO%`BEG})&W zuX%tdHIagc`7%kcY$NJ*1kYLjp~5Iw$RFtd`oxn{X$VW7hmcXb+;^|1z?sDcQ{hg$ zyQmK+EMZ6s?~A;?3cq&}U|68EsCjO&K+YR22Yb8R+)VvKb>_$3*mPQFM%&;CwZiVb$47wRp(sz6G#ysFOI080Q#gc zFLc-ywXrnahfW>|XYovW3-9oEF5t}a5c`q-W-U*q%C$+u#@aHN0#=6)(Bfk1u8MRe zFG*t^)8{q0umSVF^$&E0zn}Z*Xut;Z@#Mq9WjUL$=#lDE@l(2g&C5iBjty;` z7oV*Al1WL}bp&I1B#%pjzGH0Yag0Yi%^ANZ_F^Sgxm%kE*SYe_sY_O`DYzMeV~5&+ z#j8VS1>s&I7KTMhlv)C_4#GqL0mH!Tc@K>)bI%$@y9y_}VR~PH;>qJZpXqC)gvL6* zk9_zhvVsA%EQ8!{-+n>TD+95Cb+~qHg<(U(){m2(9gH(7B1g0e;IM3E z9zPkQmmJS7-lJZewk|~0yBdOVqba5hK@Vx2|9UlU^HT85p-1_*-~9@Xx|BJW%@9LN z)$bRhMrrqH0ElKE0ftDJy#ntCJ_>)IV3logz@%lo2l(=!V*2}j4ddphb;jj2v**XB z8y4>c{a+$V>1HAf*chSHg%g`pPnT%_Y1F4A4?cn7n=X({C~GNml{fP5@dpCTX*Ym; z9qGaIY;%j(r_J#afuT3HDiWx-@Efmf5l5oe{z&g<1qKS=@PR1c{s*?Gl%SH^t~(@R zy@z#yD|KgZCZW%}A4Ww*ij;XQZfbVcjnbUJ23sy_GR&{rgzZ z06c7G%pbvJypIm~vtG1~#ijX0(b?xj;2HVWCz(w!ROVEyc7H?r>M~b;|B%H8{q)q< z5}N6m<@zt|x1v|Gpa06F;raVgf0a?KKmJt(Up3bz^@pYRLM$<2XyIR+6a1bxKN`gs zw0%=v86~@UA?!#_L;ehw$DWjvNlNW$%Fz_VJ5Boa+@F$0K(hCZ2b4Y5b`N z#V^wvS;@?c1_~ecDOQw}d(Dl=&t0H1={OQ48d&dV4Ki`ieU0PyZY)gZ9wpfB9BzJ& znW9iNWX^Fj*=i4OzJ&gC>~=LCeAPX+eaTd{!JB6vA}Yj&!Y;$HtB2GF&%|6n&edTf zwi1S7{spA|w$o0Nbg4chTRPm6hB@!KtQZ802`p0gb`y9aCUplISTBJI$xh0Zgxk@@ zmXq96lbe5Ofa+ibLABTizz@J-K-<4Mz6z*f;xngv9}T}Y!>=?J=ZqO?sok${=j_Sm z-U0<$?e{oZGod>D?PyfvTDI?01RP<2BgB4j_2S?>qG~h_@!YYj_DP;+ipg856@-vo ziN>p(-YJ?NEVy=UOhs-K;r;lykvUU(~|U?1v~)>e3*+CN<={(hO$K+$) z5ii>(#G5DhY2Eub(0h-w6#9~q^EZCTQ3*QwvwHjy6mQ7d_i&;}S#**ks&&zFyfK=! zASFIs9(Bsbj`x=JvAc0Dksb9RlxU)awzCdZC491H?@g(F5xy?R#u%MN4L@LM!6tA| zkhEBI3IR4W+j+L`Thm_det#mzo08BMyNBvhH6P@AlMPSUEH~lVO#+JK9@F)v?BO_^ zn!7BA(=9&a+1vnOAK8))1m+Y6f>Hj+Pn#gH^$Edk&J8SaH2wud-??T4fPN5fI_cnl zu4fX$)F%pJG(t(vj&oRN9DFEmG`yc6-@)Urr^>F4{(=EUrO^jf+~WX`UgTU+hkF9` z>Kj5uDmgPLT+alnH~|C<@XUSgt=9i3C>N|*d`}N_fsw16kT$5plhv8({4NtTbkxtC zh$LS(*3ZKsyGy)OYc`)&hJ4&=rf(nLEAPSEFfJ<*k@j7F3A zJ=`q;aa_-oL00dNd*6-&>#B}@Y1Z%y_n-_$$7)`jmEdyvkxpRTGTq5nZ<(C%c5`jy z`Y_$`bT=B~OUgeTyD`Md!MbjLWK>)%&0y_&tz}z@n?pz4J3Z(OIAS z@56ZQ7wuagI&~m5;}Lw&XWv)q?lvb|rNT^NI3o@f{y1!li1{k$Umku{0b$!2S8E!b zgvn@`kQqU*ALYo9 zW_TOZAaTBxtuz?m4FkNF>Csg(;w|#`yD|M#39W&yF!D=$p_dWcQc2tA_4EJ)Xr9@x zHc$M*yM*z~C!?&mEhY2iW5tgl%Z>VM{C8p~b?TS4YZOE&C-zZtWVMueg_G zdj{R7%kLdu2kSk<{uZCT?osSDzx}F>1<>)GLRSDtEIc?*taiJBGJirneR#cZkRx_& zu^q-CL>u6$H()Q;-0yhxMsMRE*DaWFFu_PT7(uGx-2npOA4_MpwI~t<;a36yflC2d zMfUYh6a*DyM|k=P{+=^^rrQk{imI&4jQG^tqWCZ&hv#zQTtfZ`Z(~{eS7S7Z&Hm10 zU{G>II$Ui2*<+o4Xkj^#@F<+`w8aV82&cBYlTcH6{KB=wGM}D#@JRNFPiS22eHxA^ z=4p^u0hT)7eY&~Kza7wXSMJ_KCD{Xtr3k+S^LUkQI~Ztk`rvXM2Uv$=brzCEA8oH@ zWOz;@Gb4X9?Kx{16)oHwdCM~h2*10vUy-SpWcjDmAC08c96P+;#kNio`BGhE2;blA z9`TC#!7;kxT~`*xSQ%(`#95fnm~5S&E`ftalgo7+#WNg}=J#uIVC}#pQMaDa{em}X z?(xB9{!|Zc!FT(7YK%swXZ#l50Tvx85uZ|M`68Z>$cT$q82J!3@D_#! zP=8&e>2^~~y5&4lp3yETgg=HnCe~_tmgd!zCFmD?a`~|g8SQ!ywFr7_UwqGdxg+#r7d$ZQ$uiHUbju^5QmvH3)+Jq@JYZ#4@0t)9{xR>g$}h z9G}C;7%Y~)eYhi35%Z@I-Kr5fBbq)AC`K z8exz8+k;(hIR6yocUD0deHLb{t8Eh%-ZmQk>7#^hqifRfB}depLdY~;bD)^X+A&Y7 z6sA=jdn>Z%?58=t_rkL&=|TRxOxMq1orb-DIpp3Oo=aFuzPFi3M~HFWYa5mtCXU88 zdY?X4<}h4TT?BBO{sv^NQYWG~RuU8e2D>To?PC?d6>N(AUiTz~u%A7cJ&^72S$`Fp zpbJQXVIWT`&*y95u`Q8t*$A)OOX04-c~JJ4W7myQ24VX1F{VGEdmLJDrSA2L4o>Qi zFXM$-rS6MG1iUevc7u6nbzwyeFX2%-dp`WPB9Zs z8EZ|B4-=8?UbOG`g5E{eM;=fX# ze`5kcE45H>jIv5EDyahWAn+9e@g{Z+6N=~$b^5J-*WlK5&4)VN~fkn#1nfF}Uc{nk0M zmiMqz^v~3{7ADulS&L%nwesQ+z!O2202hNZ8qE^20|(bYW1nBzGl9Ot0gL{@7ybvG z`_VlZ-NwqSeXdS>uYNAM-8mfDQd;ZlxCdaM%ce+0fm_Jj8?jK9nkh2J@s8{YX-5dygeY zw3qhSP3K{I8TfcL==>=H5_paBM-)liQS1&*J$ScZf)Vf)y}njq-EY=gFxLc4;^-NE zyb#)75ucRMLF14_NWVapF>TOY7sBj*I6+2Flo>9F->E8EYCisLHztBm z7dTs-JT2KwdjIme76HR`-Z$lB^i#Plx_5vvcj_X#Me#zkoaQB}ivY}9`ii5LGVA`iDhAsBtI)9}1)%*7KWZB?sjHwX5PC0jX`fK(|_JtgYN-nn! zfco6vD(GF6iN4IQpxw8&`V~qF_h)<+d2gDRHNWYp8snKJl6KrEyV{oo3?11Y3R?5t zr6S~i7Guj1V^TI8Gta?PJl~9R9I)flSl}=BX}aod z%Y80)a;-tfQwp{Bl?X4Qg9B;aPoE(;tob$%Mx4=kxv#U#NWBpf3Ae|0G^auaJsarF zPhlbx6(d^0rZFXn&9;32GO@9Ja&luZVwTUm>C9?<_yn<@)9Y|n&o(k`FksjhETl8! zFigi^oE|?R`T?kv8JvUjl0w2UY+{A0Zgbac_dvrqLP%_EzKY;X4m_kuwv-063yT8O zmdsRDkLX4;DDEp>p|j>j+Zf*;Bnt-irNo+dO^*q16~Vu<7XuM&aZ&dK$=flzZ5u*bG<%~ZF==_Bl^2Dm`?&+b0V4Y8oe z(=9SwU??klfx)CcuczVheGR$ZIN~Jlt(WYNbto$MDPCC~>B$kJhDhsg33ohD3yof- zyCZr@00Vh7@SNVKJkZ$7$Go$1F_#@0S+f5uO$;82VB^g3xt?z)qduK zPxY*5Jy6Ybvp%EdoalZKFqO!~o19Tx`fk(1Kt%&K`ndB(prjhM%)9TtwtE_8*u%)( zyGqOWwNDtE`?Zk|fOBJVm7dg2$`oFQ>x;_%PYQ*TSEzFC+hQ=PDH( zTeCO{;vH%ixWyIRb)jJ~$BB=w%fa)U4$dMir1X|Fr2KbJbj6vL*-@pm7~E?wy#+Kp z2^M}m8X(LR0cDD~gMd>-`P zS@Z4$r-a-XD*i@5zYG2p2+Uz4Y(9(?SDm<iIg<5YH{{mSxw+P4!&8 zSb|~y!KU}=yAiqz)Q^1x0Y!R$g#1_X%u!D6;nz%_qU$&risH9kPIj8Iz!u&iSsU>U z%*vg@n7bo8g&)e0mxO}E+x|wdv*2v|NOaB+oEz2ny81mvS5FP4HlEoYw=0V{V7Z)0 z(DFpCy8vT+c86}`p66KKis^|Y+=*3Ix=N`h@ztd36dd&V@!iZ-$0UWLV0K*VRmqz; z4OMh*Hjnk$m)=Hvpcrs>)hR$I_v7vRx>LbeG;>gYw$-Oo=1f&Ref;j*<&6Nh@bX+{ zk%?wA{r=DpttkjP<3x*!;ku90MWC7Zm-xAT<@u#JJR5iT2~7UDOE3M%2$n_WPK{kd zdMP|iQ`M%yXiBeE@sLBSW5ZAGmX1Xd?=OXf8Y|#G{y9OkKA}`qO5E2`@!e@h~2M3guckjPyVN z2#wSJxzF@gHTFA#jBDEZyDo~4Ch;o2;C@^Gc;4N+-k@g9hOJ&M)Q4#FM=%6EsM;&& zX>T4qsB3UXzrkIaPq(9B9WuB|(zgbnlZae%&1{!zAe$xDEg32V_FmD9TRCT#N?Hs{ zOwITCyoju1+1>or{HQqj`=SciW_f9I@}cFJdxbS%n@2|;V18fww}eRD?DKBwfZtAM z;J)4|lUX)$=Z&<{1|N?-jfhD;Ddfx4$B&vG=>>4o%#=WrAZ0?GWYePhxH zc$|~q^d67I+_tlFUnP8;EoR(zju8b|nz_sq`N(@Os`%C(Q08;rU34I` z_2$47fx@YwyYEZxv!xsBIq})bMq3H4A%SKOZD_Tp6iOng}{Ca$DV!2E&9Z> zfHd}+0Lz8p+plIeXRvOn&uh}BP#JDBwdv@_qZjIpqX3jD_DG+j7{G4n&Eeo6Il4X%b$g-TGxVM^giHP zKOZDp<~~2`Y^}dpIeCTitRH>``L&1UV;`gAXhoFwP^gQ?`v&~%l2pwOe`+TYQ<{8$ z(7d80?_DJxQ9b%3;4r6t;Nj2)0YILxK(7hz4h%XYusN^yB2W?^6o@tzI{T}8V zEIHVgr{BO~q1-KzZgQMB#PgwTs9x)M_j#oY4v1z}IB*ibvA z3&-lW-y`PI^x!@T7`CrQ2kx$>peY(XIk%2lYi`f*IrH zkTHZVh2~8CtmMD|((P*S$(1lZh}WhX8y50X~d&}pN#|y3Uti> z;u9>1&)I?a!-_T2%6UKbf+a_u2KYO;4Y`9`$FIKJEoLFCF-vkva;LnZ)(*0@I>;6JcP&Q^zRpqdcyeTPq(eC8S(fU zem5et^B4*)=ELJ@CnTQkCI$R+FELDI@Juog`@Z?sQh6z1F@Pma`LlnTB}D+7@ouun zdGCNCAJgl6hJu=uZUqmY6Uf)tVeJ@nW2@N1}U?-UpOCObg> z=mSwED(5uhi?gSj^N^oFS|O&VZvfika3G!1?Q3zdAD1N*^hj>;0WaK(W<$sNC$-cCbsqLN@(&KJtGe-?f}to(MR-9VR;{ThC^v~a zC}-k#>0m40{bd)MxO;qTXe^GjseHLT1&v&pf$wJ-&yIgD&~xNhO%M7#l4qxjjTKEe zHfD6a%D>|$rzsDPD|n#DGchv4EBhC!UAW%AK~qicSbk|D+P0M^UG2+J!L;K z!R|{=PnXA)7LT%#dEM@wB2$y~M0+dqLi*~p=|dV|C?ll9*pia-!V}CiufJeeK45xw zVKXctb-9E_ASCC@KI*S~?(g>1NF6tXIPx^Wt`5imNV_qX4AYEBB?phzhguPMzA_|Z zIrsej&Eb!(ve&79ALh*~R%NsafjFwhh;od;#w%Yln-JUx#Cwv&6c>W+AGbY4WS^~t zU-F{A%U%(Ls?Q%%cvQOLAH^!#j5K+;)He{^``*@Ha%FhCdBXS+!E?kNj^c;c?{b7o z(Qr?%PUW<-CWZB*W zy6M2_-cwUQ+s(b~l-8`SU^{MIGhLw!-=Hn6^ab`y9W{!aE*bgc7t8^&{#*3F_##Vb zhySF3X-y!HU7_g4qnuO(cQo+;gSDq^q@p`euJcx>#-m?+uDhpA*uLcYw6ZjR?c>nX z+zySEQ59w7jhYG)W;%E!e8CH1F#bT-wASkCwdBWHT9Lz%jhV52Roa#Mr7r6)$(=r# z6=(Z^d#f5;v~S7R0r${D1MYWR^J!JT*#TJ*H zzGvZK>7d-CFp-0JEnO6AvgZ*x8feF!%;QKpIHvH-V*biZck(bIPO;b=9J#l4x>s+$ zY+fIMeigynqYj_Tg$Z9V>vDm^KSz&6Uqxy!$IT``+2@s@Aa%S-CJ&vVYwOIq9GJWa z8$uYZ4#qg!kHTk{DNY6H?@z7nC7@NnuiIE*w^h9AB>O}e9U(6##K)+`RLnnF_CD#< z4?yeB<3=$jifmk`<-Prb<7n<2oKL5yy%NOAVbCnx{rE-~Q7p?1^$^K?GrKbyvXRx> zpB_pVT3TNI<(h6tDPqVVv$*hbFLdt#-7^LuqTr=a4jhO%5yZc_{XGx2QDkSF1^Ku< z&7GORc0&uD$^vs=sWs%Ry4&UJ6D`7@dPntt7F*$x#N?6whL96Q0#b!KP>(@RAyXLLw%cK<^X5EfNBs;nTF=^Mol7gjTlDQF_2#;VHU91nIAT^k*nGNx)a&(h&Y)WwS3zV|?Es zv*DS8uh>T#BUR>%!HjD8BbWAlC6zCF;QC+O7&@MY6*djY2Yd2{9KsX&X?)M8UZ6hv z`x|4O?F)rA{kTUa{ zA6QJvH(%ZlDUdj_K0o)>vMxWNd<4k+ioPpdD#coM_g&HTTU`9{Io}gle&Tu4eM{&D ztm==BtKgC)7jk9%PdF0w=l6(M6t_w_K1qW0g4Wf5dnT6DNuR1`!Oc)v=>Y` zkh)Xha@EkWtr@4sM1U8J6-Wr*<^~vIRZ>49SiR-7!Njm1ZxzSeu>JIOLcXw$9Q`8M ze6YQ75YJG%_}m_(w|k~w1x3{87Wx*VKv@~#NvW>5M3bK)@?1+J>_(9}ulGSxuaFFI zG1duU91h+@_GY&oawepc+m{EMeQTQ3&_%*E=m(UKhbQeEl|9J`q{ zz5Iv|APZ@4{1S`~`5*8_Ion&fwhHII#Cyty1EMl8Hck=96<1v}Tq}AZUqEqFGd{#4 z>2<1FqPSuSu+a7e?B39(n8Gly+(Q`c;aNQ`qgy|H7{ei_!u>QLvPV(Y!c*V-Y{lfm z1>3aWwJgH!HgsnLcgAquL2dCjiEcSb9Be^pPPl#_#X|YXMV;LVo=!YPKp#i29$tVy zbmm@o0C^R{(@XiI@Aq}=$jsPRpN*qTECX8fsu#;Pw)okooTtgXY*WG~dvv}R!vO+V zTEfyjYuh@Y!f-_iHzdj&@f z+V|&=%WvD!<63J&e1HeWBq5|JjfOxF&vN_ZE|4MJ%y?2f)On%E3Vy4N;q4y{1APE9#{y=E{m*{3ha@zG zdL%m^_P8FLoi4p)UTlN!cVm&=NVw`_rF(~gmuT%i(4O{nAKUBsbrQCLOKMo?&qYHANdPBgrbu}7md;A?J#II{Nv%QGw=#{&M}M6 zr!a=)jQyv*yG_qvXyDbyOQ$Zc*(M@*?qItPd8bX*U4C7_zL z9+J2gvEGE2*}QW|XYC8)=`_IT+lu051J%b*(GfCHi-Utz0OJA@{5uEocshYTBf?Z4 zsLtdL6mG^t*g8;oa4e(YZjFvnYnR$IbILt>A^q8&nRjc@*YH-3r|DRIMBoR`&b@5D z53zk*eow-_>Dm2e7!<9d4V5~)%41Z3hmn8=?nkWRf!lh<*b`D~_}iui5E~1tB#oLG z0N;)h)IQ5)r(<^hM8V^xg@WbIXXO?g>LvS*`_Jq9%YxSGXVl`UP+18S3%7&k1&~V? zLYS^#&0IPRJaU=hX{}u|mi)))(&0sx7BIVEygc|}m!K~;)oZj}yBepe!qe~l9E}^v zu}mR)E#xySUlPEtqgU2`iC~&(=u!%aWk`utPKle@sAOfacfEmQVBF-b`n+ImtkeTO zSJ3n3)kkNQx8_-s4AAvn50c@2&7r}=UxU**NkosTt%@U18SL+1$}}T|LEiDNHz{pC zK)Be|qKJqtf-5poc z@M$)+nJ>NPt60%Yek(K8e#0+o$#9_Q3G(Jxr);yk-TC&L{JHue6v->rxjpKIfawF! zldCY5E6Xd0R-;!OjO8*97v}uoc@I3824_XKx}G+HaM6;-Hes0n=fg4ZO@$s%>nHkr zstO&GD9ZTydWyZ!fs5<@L%g`S;u0+xY)Eb0RAVwCJwNmaOdwFP=2Ik|y7wK#Bkt<- zulPs_^Tp^~H99xieSF~!kWqHLgGQWU5R`Dldp)7u>#2*M-~Pd(#8S-;eRI*)oSy>A z=dca!y7tC%Z%~1&SZG%JhCI>_%2WW?UW0K3crp_Mc$we>0Z2m~d;RG`g&)C(g{?w{ zZM#!!z;KHE4xNuU2VTH#8JDIns+yZ-E%l*chf&&dZx`nx>^0EC5`LjhCcOlca%gj= zFRlB!BxdVKvy|8SZ*gZQi4QMS^svB4mgTV&k1CSq;TB+fz>(K?_0<@Lgs4r-t~boE zi;gB_yz<#~$1W|sWPG;pQM?;kngA$!2$CfUFPc(gq#3Ft3MR@xc>XyQE0;}fA`GfD ziHTI#b1YIZNbe&&Q{Fm*?Kx3D%JjdHJsyQX>mS$cd1DH$G%}!4G-t*p2sSPuA`(D< znDR9^l}XV5ZRkTs{>kDxvlHZORJnIuNIDlTi74<6$CGauVxFbfXHymi|rU! zD`M-E+T#>tu#uS3?r%-yiFIW{ij>5(J8CzZl>x3=U9PC3U!`m_nKXQFkyY4)`zm(` z2I5%rkCs`A+`Ll3cFQ>JVxQ?IBFPNFmE$58<_>(F@`$!uu>(8u*KxYaJwLbB`CB!< zdyIP{0vr(kK#Eb@Q*HM(8slu2P6?O$@o={kdxe#@<;+%vLN}4$Lvo>d4%_Q1=ta|- zep0iKTsIVi<_KQdZR?|>`0~^d!Ahi@=r{igr}}+w=Nt8X>3f=z!;YDE;)_$zP`~9= zdpxKfIV>WTRV#y5Zal}i-LKQa5f532c^{HIX~~bs>$82mCnHYYcvp|^xjG&8`IaJ(>phPGByve=LKH1;(`|qtNr}>#)PKz)5NRH-lrKLVvlm~ zMd0Ut57*y9*g4G^sf%OY#|YWNl8~eetPjsl?mNCDf>!0`{Q7#oG^^L_n9IR8Ejgm5> zfIbHg_*;GjvCtkNE#IG)&N_*j!~UA3cstHw7!1Mz@+3Jb8}b%)ijLLcB;v`^p_Fs^gQNRTse&>rVqFg`bh&Z)%QVGm3|!&!R+-f8J{!4 zyxHid)=UCPEAayXlL}7c(bhX@yPvr3(5jF8E4kmA`^;q-4zm4X)ev?`07bB!67x_} ze@g$JNuk8TCHmxD-?(zf&;Fh4Z_CEDhYpuKXotpsT(#_JyqmlG3)5%bT$OnWU6BVZ z{c{Z9EVRVVn_6UY{=~T+e;|5eh9_G=EO$OncG29SS^st@crttL5@<^keX2%m36VUx zJhymvhDMedv<5ti`9wB~efcjpd1G4;Vc>f(nilscULo;&Q^ZGq?F(S1?7jmie#I@PHU%;jk`enm zw19wr9){-E1kjdn2low;e13D>-@Yf3K@RU_m-xy_P#w`YabGrZzq&VgADBP(EZDu@ zXDZ5|`<*Qi=W5p5zo4Y0M|nTezZ&JP<4P&fnfrRTrG3^XhBwssb7#Be&=r$w-UQ!g zuY!3?59M~lQX$ay7!5wHL%$N37xvq`W3crMx1L+O0oK@0NP-^G+)ao|vS!*ZO8cYp zbAL?DC;{%=Dc07lGT6&*+LoVXKR-H98RU7$=V-1zWp~c~{AP%`M3-2ED-oI^6Gok^%x@n)|MdA(E%6`}fjR%#J>)|KE!B6(fy!m)`z8AkY%K{Q|ZsdZQ zJF$4AD0s3-;f>BQdiV=VJbNq-9~V)kO^lcJLz^hisZPF6N!GJMivuP(p?s27 z@GOx!tQM35NeA!KWAYX}6P^c=n@0&kx)V6To!SBdh)4b=yAWM~`!c$Jh2f#jdQ{AS z_H{!0_VYP1ElJ^x9Gc;njA|TDCINB%vAIYVOQEzIzwi7~A^S}|W3KHJ%E0dQEa-v$ zeR08PiW9#|HtY7a)0gH=^VpwgZ6}2}QaT_#cs0N)_&-OV7;g;XNLHQ*Y~Vf?=PvW) z=yAxO<9(rZ_O`#j7ZL)hUFWqFUgP`LIfp(m8Z?g`A1 zF5vMB&n0#vD?$X1{U$xXCk4Jcp!8;{Jn_ebiJYEOUlr9~nBz5=-WQZ!9j$^qef@c; zAZcOayhS6Oxm>B!w%Jfvc?EBBT+8ptXz(kQ9XOa#JTdHs`XXmRAn}K1h z2sKe&o!SkFy5eIo?DVD1&m+Qr_~BKbJtxL3`}st7mcnAguD(O5sy^jNLxfFU9_QFU z_C%guZZG)h9U|B_ZqB}HH7VR-Pr_~EVZw&nCjS)+mTcqAEczOk1MXun+v2a!Z(j?t zu`IvyufcKm$4JW3mdm~*jLMOm+Knq8N9pSCgZ#B!Z{~R)BCrW>vp+x-ZhR!ZJgUv@ z489!WrOCDBZqKuDf-3_$=jZ{gvW79Ku>xz93i;UOPL`do9{mUTvwm|7DgcfWZ}#!1 zsm}YdC|)JO1#fwVw;7&-%&BE;nA)g48o>HHyC8;5{>Y#Bfe7en!c2J~XFRk9r3))E zvPJ7RrGNF;n+Po8I=tiw@37HX%H5p#^+Nwh1H>4n`}%ggrQMr<nBmAU&?Pyf}r$DuVO35kil^ z=T~hIdJc-tIxqc8VdTipm$COl3b(l6xhTG|efu0f%TL++oq#jG>oAjbuHO&!iwNo< zuKOIsMMZc9%@I~`o(_fSS^Zkq*B-FKz)6eN`N{xhYw8x?^%@FhK~~Ebv|L1tuJvn| zG~>HV5T-vl9L%umX1mjUnC;mc;w}^Z5g*5Yh-8 z)#dVgs@BP4u2r!|)hDtRwes8(-!Q5Qh}eMY1ZliO;p=>uLNjprG{t86&j(3cVq(8| zNBOm4rN&YuL;UbJ|4G_DAMW3E`@xv$%5rPTcf|(X^Xrsdi^Dpq&G@8s{>PYqzJU9y z?_`+6oX?@Q>PO<`O1=jMN#Qik;Wtya5eQ6TKqZwa-^58nlmQ`o1-D6m9}%%N75myK zU(snOEWdkk{)}_?eLzuj*|$@(l&Dcp-4g0~LH(=8JB&hhSsSF*o#5(pFQx7E7nxYX zC;!7UmKT)IZWo>EDOP-2_d00`sWRrf2zapPL|^hTLaYe>O;Lmow4%AuGkb93O@KaG)Bw)lnvQ)RV$~*{LwigYzpx zW|3y5yht0XTL}z)U7HpIJca|+Om-ddcUTUJ#!9~1$zS5*Q1_B;#}%lysS`n!zZ5s= zV(ypF>G9W2b-CP3l)LOREM$yJso&mD!Bo8aM0lQNzOUh?jg6`Cn8Jlm#JY7~4hRWj zESJB_*9f5iQWAmagx-ikBC3R9*u&1=pKd=ywE94;&l_y%_}?12#uwG{I7=)rYG;o> zm?ci=PG6LBYX5=wlBjHD0*PWlGkMtF-dS-Ji7LHd{T1v6oLct+T`GT;N7VzHjSo(J zh==YO{`YK8PwxR+tj*I4m4sp0pwoTX2JH_@*VBh*w!!0%3spx-Rv@K3}~<`#Zk(fBJrC0Y!QE-4Fj(QRs|t!1{sUxGB%af`gA4qy4l9 zCdzj$A+F6%iI@Fw-&gs2&b?0d3%<_5>3Gv748Z0Z3mhI0xyjv6gsAU3hM77X%J&qn z$)?QTh6mdPD-<4n>@>1HX60OWAAGP!@n~aq7TkrKXk;w51XxY@VdClrlexS`wM}(B z+^3Rps=cgWk}eC_Wfz{v2Rbn7hmffTsmk(gxo-thkS~V*+dY?@F(asjEZNfqyaS9y zQb@d?0F2fjLOnKc$u%-9*EY;Og*Y{bRQ{{CzuJ zc{DRV_F%=w^&rT>WvD*KJ0-w38wM6J9klyw)+WwkTO0B)TAu5<5yEO8RKm6j#QufEJ&yA`J+VE0?<*2g zrf2jEp_wSfRV9Okj5~c+gNwea!;1n|5INbv@-^Box@+#kxn4MnWfG?x9jz}zW?ke` z@mPK2Re2vFH~y{K!dd7_8BzPqQH0WX>;o_ z!3hs;icm9MRaXc86FX zY9Yvn+mgMk!}4}E`Nv3;^2?S9iH+B$1dV=r-ZL52c=>cGLK#k41b}`o|2C};`#qz# zhB~1CESI*`Yn0)Ohv1EHK$Bec3&J-@8`)En$L_#x&u@KhZ$_ji;3NIi$FBpc(9Pr9 z;#e)&9ry2)(byIn)%f>=Kht{ysZ}dNM$(-Qg%|bUdwluIgP%E>p*s#QIUIMCwA}30 zIdZ>bOI=(N$2?kV8h=M&F}VG36d;sxtI`Trqaq^>wPQ`U>`dH32&a5_)BsfHqEH&<8coUXOnxatlS*YW3Q3M@s43G1TwEHhY2T< z93KdoDXT!}O_Ck8f4=>rmiw77v8J;2y<(vT2=Fuh6)5(>Z@;F=&3rst0Glu!v)7&5 zed~rW4X~NyMHW0=?xEj!Mq7K2)Lqul?fPPm&uM0(GH%=R)H%MAns899eM*ALZKW%bv3pL*qGs`qW^cleRa$Kw^174LQ^Uxkg%ua|wbpq>h+@IjoWL^$={ zMU@W6{X(wo7a@&gqCz_|YwhJ=rX?(8^>*j}U`3nm`Bb5d&Yi2ELp(H>%<{$x?gF@D~XYzy9e zOjht^fZ$6Qi&!njabJ!c2Hdq$heQ{=uFEVNcFR28;;o96$REyV`qEr8T#_4#Kj-~A zn$2tueSKdCV1+2o!DZh5lw$L5`9x7$L8Y`tm4kuzmJV#Cqn#cYk(-=q2Bd<8_aJZ%w;G2Iy;IDvJ?ktIeCJ z8fG{mKBIpD`QqCuYWk@m+`q5gy8M6%kx|^Y@pX^4TIH+lC!J}Rpnsr8p4iHhb@|?A!RQGv^298L z*+q6^>w&)>L_N*In+Z_to^?)M2(rn>!JrNJ43SiN9Iljp8WZ&_^3An5U*E5{|HC`A zLX{rRVz>6dKz@4!l|7_L$M}=vHYa;yhA74g;r#C4U2a^rR&T;9-uqkYP$}-KsBvI8 zr5LU3m)(a{82P}BVTro;4Y==YU# zW1kiqa$NxM4r_{MttPh{Q9rvtkZ;DNx%NhpHD@vmFGcWLRg{*%e zH*+VJCu1oBWw`LpP3#Fng zIjxC>SZ|dU;jCv2YM3LY8DUc|r4~l6>7V2wV4svXoLn7>ONI~|4&4A5d1}wWr4iDz z%U!0whi9)@s;p6H1ro-uBr=IE6xa$UDve5V)U@@uK9@MCKpXZPK*!1{4 zA3~g?>NLGB7WX@b1>``UE1n59p>GLeJe>>0ol1&G4SPW@rOD;>mb&B`6%})Qxj(A4 zq0koUu8NMqckEq5_}Vtjep0d*-7@8kzA*o>Z7%nQ^%FxoYFFTL0(&S<@uoR;31F*o?hghdt(73HTelXhhq^9uudmt zm^kQA_6dUhc@TI5b#Y-!VxQ_UN(7)xgY13Sb1gCw%e-D$`No!U!@s{y0DTC2Hi%Pc z-VE(?Akk(yd#P#`{-wLI;={VKZ2dgl_VD@Q$5Z}-JpMJajy8 z)RQkfcV#O_@L(eEzu<0~vSO{=ki#L~mwWw#bvOxY(>AGt!y&1jr$~b9GJdLW z66>S<@-)9V)2~pfsqE18NqzJzm=yU1g&ggK-fj3*7*_Ken6v%rWAa|pUER|ij*dSiJDrVGJ=B!*l6lN!j|sgq z&*!62XS4T?*;Kve+bIh(O5Un!Lt%y)coSqZhE$pptuLVv~C~6CaFqU&bzSBND5_ZoZBhJjk8;vA8tKfwc~;p(+C~ zdbbyqrFd#}+l=V;wSIZZYHbniR4@7E%{7IJKm&O-5u~^23$xZKd#h}}M?~&5<||1~ zoIT<-pqkKOLphw<9~5bOkP`L`N!t-Jv{XxI-)HfF5sAV~`~Ik2UL0}iuG4&);A5wPdQwshqJX}?iUbJ z3AH%#j$gdB=E#5UUaDAV(L?*jci9lNoOsPyhEwJE2ey1_NedfSMgNIu(_RFME5=3g z1bY%S?K!@3*z5g*v|)HJfixr#5n{fXzIxYfS&s}nnfTzl(HD_^ZvLxO!|aP@(+XrP zI;pum^1|ogkCq*wO}h|9zWYo~Y57hF6Hu9UukVnLlZW#W_rx!?q1pBpq&}C|cS@;R zDD1TWlC4B8vAgC{9%k*0`679yQhDz7>WPoS+Icd88B6xGe+6pgeP=tSzHS@kpB>tg`MFm{I*8e%q zMXz2Tg{wQ%qx;#SE*avgsC^I8H@(6GO(x6lCre8KJmcG~Yw3mwEQ36Dx5>GGzlz9= zyiAT{%c~Tvzma#Di0}^nEPsBa{5}?z^HyN5KSL!ez2-L-f0@MH-CSSNJF24m-l2pA zu|oWuB~O$h7B}mU`3sfk}F-+S{R0AV7wmDQ%bdUiRJu z;WWO%cOhTypTP`Dai_YF517Y<jSYU}Qv6tyFBlPiX%%rjjSXDi4K}=Os1UE`RwL#{SyQ|B{gur{QbFkqaM_d^> z5_6t#Cp#=Th|Dj>b;?ZmE|{b*UTA?WGqFw1)UCT)9m;9K_BeR)(?Y-oF|Q_fP95Q& z0Zgj->bSysfL`@ExnE)8MlkN94va`k3xksx`>X+WN-_@!J{#GAb#u|bDFN^+_SkKV zw&5$0+~zc@!*f-7`;8s1Umt4s8tX#+o1<>t<5XuWz3y~bDt$fn9UTP-Kzw|sRIf0e zPlW``OnU0Lj9WL*y|_m;~;b1jAaD`lgJo@SwjwV~XLUaVT5R zzEM@#lKCThS~{7TJ$MDMPdBiopm&^}itn*5%m_%@-2CA(sY-w72en$Jgn!!GS31?t zEK-6G1KBb5!(X^SrMd0-K zE0Dy#R*<6aevXN)4|x-sDhNEtoOE z2=Tgj%C)TRW|5rgeI`aZj}`lMcLVn>ikJGbefP!3I?uk*Rj3rH`xSes1%f@^&*j-e z>!y^j$E50$0$j$E_xo_~6l&ASIZG8G-PIQlAI^IhxZ8guUDuYPN)-Jik?12RNkAkh z${SfF=kWEj=~=69(54ZKqUwYlxR48hb77nl&}=?z2_QN4P|CNe$#6iFEvB6$7hqDu zk1`Ri%`)>7ZX$;-4n48>5p~XO!mhVJ_<>u$r`Q?dTeR=7HwxZtQP{}E2Lfhn1tA=A z46Q%-=>q*lyUqQEpt@wfAHqIo^i^iCJ$4HzJ{D@bf%A_4FHkkVz6|FsWYT8=C5gO1 zv?)I8nbBXwx{VSf*VGrpLg_(}`zUV+xewEsh3XaaM6(RtIEcLl3xCW6xNSt^%!)Ou zbyBAuy76#xF3WP4%CO&lc!I29MCZ$D$h7z4@5~e6uiU{MVlTu4yOdz&wAn-fiRrN@ zy+F-R+1*2RCJS1-d4ht($#Bb*3f$v@UUyuyX2isuc5%td*}=^w&q&2PqAn|A4w}52)Ha0 zEmQrJzTEABaBI4Veg?U%bAN=fmh(lmQK}SXR^K0}={DJMAJsguZ;5IpZT)G*J=q&V zXHkO2@oI4qR$=K5=ifK_yiXdq!6)Y1-rpg_6OU%N9Y%g~--!pw;H|3VZ>xl` ztR?}AWp9vDb%poQNRyTtXqGM z(_3>vrI(+_`J-x?EpjanOZ8{ImDZg;ix>BHhkuyIY2=B1{6@&_kbqJ$!R8%@)I=sq z!gnCs$sTi`n`Q^FJD=;sN9ES(Kv>G+4$9#|7`IfRMm#`*y*cnH+n)#cUry(nGODTW zB<}^%HF)!=Hm2mDVI4AXSmliRqV;HcWL2^k>V{ySr4-ON2;znD`TRVhOR#V6js!U! zhH#@jkUGCV@yY<{p6uHd1u0S-U0ZolFIskChXUGoy6Cvz+yA8F)I#PO5)f&?Z^z5w zdZu2T~o?rL zHul9r4$2taP~MT%K(fC>>i|vR=E3jH^YJCUM;24cR!eO!E>7k}IRk;P8K^M+uCOwB zo|@2V;VTnS%pH1~QTyRYlb&s3KNw1aq*MxE(52*=Xv>vQ@n@&e?P*WEF5fW-zhlF{ydI6`BK{xvI;L-`qE(z&J$adwAfRW8GtIi zIXeH|*IGGU8YC5fkdqmx<4f1Qj)OO7Wis8etByYzDEiA@KTw5FKVco3Q;q=L~a_&skcR(gRu%fHfmojRQA zUKQ-BYIlglT;RxKXdbfGk0Y>qs9P3~;MX%&=Kq|=QN42%%=M*0{^03!Kp?hg;^OJ& z#4(OWzw(~<+v?tvI)B|>H~Da~Q4|!EEd;w&$vik`n0MGqiUnHho`1(BjD~9{8I>xu zdgWW?{CL#jLx%o%!SP8M#3$kb|2|#azQ3;iKF#Cg;u3k%_=W+vTiW51n*}T_j=^8Q zvs!<*fmN|MN#39C^y~c$rv^}6_8LQbIfmv>5EF`fe+vWNZ!&U7hFE#pf55~)9uk|ZE!$<;PGLkW0_Wf=?wK`0H_m`nd%EjUfN&n{>#BWKYQ| zCUtM{_e}a!Jk_Y9H|J2B@`+$zMeO?o)qMOVC7_;KbJcyg#@BZOXnudSK`gp#!#Tg4 zbE7cpeI(SUqb+G4?vg$+snRfRr$zPY@{PCd^vyY>??{#7T)#_gmAQiEm%=7Wu12RR@ zRHSzfV^m0w1b3f~($xWDGkq!%pVvPy?%R=;58nKz4mHpr5qvXnp&#U|-eHdlU$Z1} zKNw-)Ekhn|aqOqLp#nj8RHzm zfY4btUVK(3i+yu||C4|wKwbV$X%fl?5@_Dm9}RgrJJ~t$AA=?S&>BqO7Wb+l9j{Ku z^W&8L02|fbV=9^w`)&NFPMze}|BmH5Yh^!(HQJ@6?m6egot5=_G|vcH1#zD{!tX?k z)sfC}en31Ttm%UQJd_hacKaWWpx{2`o32;cao@ow)bk#A57A<}!Ep zO8cmzdmFy=(TN}A25RkQC%2M22~UQCz+&5Ae^5-wG=PciOCu=vQIz#noW0fO{cW64 z3C&tiXOF2i;iS}~Uv5vvS2>{R@2Ub8K=KncD3Dmf;l??2A;Y~{Q@p?j-g{}+So1~R z89PAX9;-?_+{f$o66qz@2-0d+?N_7Pa?@PDz1(VGc#O&W0+U>Buo1}y_Dgu5<74aL z1kfB$nQ_j^LSO@SK^?-O*H}LKuCAM2UOb3%c z+4km35E2E^q^xQn{aCfVCsNg8y%0K4zH4~k0P2eXPI7%>tb=A$BRh%5N~t7@kV1R$ znCV75gE|$fW9^NoWb;Mx$Hc9V>)~C=df!`OdpR9i!$k=%H5T=toQt{K72>2jRmKqd zO0M&+Ng!QhsWvd;ysX;F!5PKIgCU&z1PD@sWJL?n8Wa_!aws3o_rfz8mq9t`*tz((EqLV9BBvVwpf%M~P6M1)b} zMZ|AE{}l!O)p5`OlbePd_0cykyb9axHlKg~6+L@*Il}vD^7b|NQ`B8{i(Da3EH&#Tvi!L5A@4{@U2pG@DwUKGDrKBw|l&9Jb9HW>_x zXzXIHK9u51u|ch1Q=r@G)K)HR1hE4ZxUcBxHKYRdTS!$Y#hdwtz;rs^8)7*7vL9Ot z-Mr2Q!Y*lQ>a2_$g4%Q)G~T?qGlwe`Um(iGtnZ5^9`?OWx-}rgRU_ZL`~V3RVrM7-YDw8!V;7Xj8EAbZW5e0pa6(y?PCw z6FeIduS2o=w?exDNOyhDz7BxI7@WlrzEjXQL9n&oy$Y&L3_}+hl)u^A6AjPbUG!fM ziCh+!Ils%3L3LMxq*J>EVQWLvW~HQRPj==#&YbaqclEKaBm;dTXw{@or(!q+Tdh7n zG`1aL&qKs-0uKWQQ%TJN{l&5Suyf9@Q(_m?jeRgM)g^As?+^QqSBGN`vUgiT!*NF& zko$cHEa|7iq_DUXw*z&OHC?@aYL9nc(~zu`@^XIf#Y$5fgxH!$a^Al54)C+l>Ts7% zA8ja|B<^@m*ehGC5n&wp-{R3jI>vBbA1jTCD#9J84!S6fDNyb}l2YsKmKa52zt?iT07jbo+(&Fvu9NFy}1G}^z`^(l;r zpaXZK%{2G7X(>8)xP2yrq~3W81tYP((t$0yuREx>5r0}c65^io;T(J zqWHnHi3hdT7o-CfESBF0Ydoa&PGu6aTfg9rX5%ALsN9{#!ydpyM`iv_Isbui=RiEr zW#3}<4(!VNjyWit;LlfDVb2C;%BJb@u6J|5F|{Af(c8yX!&hc}UnOL};VzbtJTlsRt&=s?fs zs|^QBIN!u;RqQom?`MGhGLrjZrz~Y;L-XjB#hLA)7Rb<`R#Yt>y7u;XnhG6D?#as7 zBwufmeBnh7B2M7;?3IAUeQQv7DUwl5w#r**i6QoNFIO({S?Su+U%vyO<6wUg?YHtP z3g(2|p$!%(Q~A512}!|rI@9!l9y)K+IVM5(Eu2={i!!ziThmrHhGux;`x$KoY;hEulGg{dL;$`K->c!B(MQ(i6drpaG)Anp$~<&VFH ze9MN_&vGo9K`J* zTR$i$<4RdD)M}S}&l_YCA=cs@)f8c`{sQ$XKq32fc=o>N9=?N4!8C`iV&i==V5hsF z=XwIT66alBhAvSvHo4M=dkeuw{?E@`Lqu9*vIdlV%hdNTD@;g+U)n1Hd^j!9-h)5C z?da_BCs2=9?YXY_Zoku8Bvo4q>8Q)wKAhtlClA&%!Q?AJ{Qxe-w&O65{uO^X`CB~g z8B+4|))|78sp~O^3P1Ne#_9eAQ(dQw{VJ#5#=sDvZ0b|db*XaI;^!}JdCqtq^3T@? zYz2xSc%0-M`>zl{K5>fSdU5zI^IiA`20S%omm^+3j-xCO0^gGdjdd(#W*JaHvJlB0 zN+7!sZvAopa`E}v498!_^2D^jx)Rc1^CPSiXW{kl36^b$q9rUB@D6m9nlPkE94uH^8nd-Wnk?d!!FziAEvQyS*x}LxBgj~AMqs#kppvR z{piI2ZQL)C*2k%Ke@KNEGR=?ZU-|@Z%un~dE2{TCE0>1(K``?KccZM9w)U-T3iUNEFXm%5VbJqG_L6L?F&viqF2h-~^|5I%Sdm3!Zs~@BJ$<_Ywlac zXX*MPo!@cr>DRTY!2&vzDkK$In7<$P5qjev=A;+yYWuE`_~ebwIc_*reGi$TD*bN7 zEoC)m4+r8=gJ_%K&hP6m{IrXD5MlUxUt`vCo!{mc=&!MT8jbak9zp!y7yG^dr|9lT z08SyY6Gm29qPIya^7$t`Wbo7iTMr~chVd)QSs^bh>W#b;f za-_|^trLEMfi?KZrH+9n{ZuQfgEzVeTP6qUC_-?GP^`Y*KuD@fNM`g!xrIA7O~@}V z5CA#(7d%g;DU>Coz@-9u4IPBz6vrL5hcVg9vZUmor`|p@FK}?E11vZIaF>5tNdnB` z4v(yHSK_aE!jqqrXi;xLf#mT%p1uN%B+qt!q`^$tU^0ewZ(1AGdWDY?4-?@Kj?~5b zN{Q?ze&%`(gRwy^zv-GM&KOREq=W4yo-F4Ei;1~8F&FdlR3H=~2WOQ`M4A%!o9_!6 z-_FX1nf*A&b@Dg|Uex{-PKYXHnL9xfoS=9y##m62>lQ3rV^@+e zWVmWym2I)(Loh_DbJ^j}v`My~*BE zy^n4-N>3?|rs(Qh=NK3iX@-HNVc6%dD33<>(2UI9JnQ)p9IF_v7(HPU0y&P>L)jU1 ztMTqA$9c<`tNPSiAxO!!eLmDzMeQ4+-TyURnQgxfFiV!YmaR~#2|mS}wLQZ_tRjKH zjMEm($rIJ#gUwTDIS&59oSiE$UlR&bvc>)gGT2`V^O$pf8Yg|}#S(30^N2;%`OJV9 zgd-FnPgXVyBY$83^-oHJcfBwDSEZ;A|Ja<|8*f6m4sW<1&9e zy*SknljIhDU-bAyXbV+be;Ev*&6QaS!um98aNrLbVC^xv_UA(|eFAD8!t*z{m-*93 zZguhn@S~bl%Dh{VaiO_%k1LWdWkoaTY}9aK=d1SU+RMdi9a1$mS?9P@C^@~?354}c zJsiEQuX?@^LX00WZ%^0aGJSt0e3?4U$12!tjVm(^hKqqnI7ooNm=k? zd{QtS#6Fn zZW(jV+&`dsW_aEn@!a0+hJ3&lW0-E=5ZZRBF9oIm{Oe0}9zHClP<--o^t4#~Su`Fu zp3bn12)18bRNZQF2uzFTx9OiD7dyDXG&G$GI2crCpjO!^5Rr6#pU;}I?2m?={{0KR z?Hv2L^3A0yCnr9!~@vEL#!b;b?&Y}!8iciJ!phBI2&tybmfy_XcuvYez#&>lcA_(`ev zh7k{oy+H^a_;|5h+_GlZMS|nFvKpU7}0rT9Spxe9mZdych8O74(Dr6=8n~0Z8X7D$(QfiQ_T((`UdzTR24zb={a> zHW5$#!fnubz+y*CdS%9?gF|3r=R(GqF+i@qkl#acj-D`vNClJp@zgnXcg+VOwXebp z<(@^7yQED@}PfPTe4e?2&$-{tpRE4s{=b*##laYIbHmOfWD%6nOcPz z-of@B!LfU3=I1d_G(JE|w4A+ZKZUGr5g#2CRd-LhjvfF5sIr9b;j zpQp&>$4gy1ODd(rc;13wh#|Ftn(6fW($%W^KF<61hF=+w z1TxBHHC7Yd(_E;)>So21PO&OH_!LHl$8}#hWgHu=-PihSnm=MFchVjBT{Vv`tl0P) z14~mJM+PTA%`(<)ryzy~XTRMJ%+Ehxi>z7rJNsIA>T@VMlpmynW5Z@$Pqm>YY>NFX zK7c3H*?G@P?Z-MjEf!Pc{4H4SzEYhf*O5N&UQS<(LKS|UgrXh-NGYl#OQbc|mJ!sx z1c!D_Yu=;j{lU5T;0hv=wufXeU!T^i+GQF<%4qIVzrw7}GUyM)VLAEkYJT%-nT>hC z8ABSOJO)PH7_ zGV3y8%dS7eeyUMcz~lF8!a|LI;|H=1FJQEgGjQqWEN8D*eIC!?VTtLUb*9~?vrY@V zOeWa&0e2bDG=27&%UM(=YEAYAiJ4{$&}*i$XVPb(BL5$TyQn8QJj zf%t3ZqgGp9ipO_#m0sr};K^)yWNm$}bBJ-|=Q(oyQklgiFvrZVeg6|cf%-#v zZSq5WaV{r6k;Mz-jFS5`6Fw&JPj}JFzY!!Y@YM}@QCou>B$6IR#P-8or&iprF>m=`-B~u0InOUU-8yc8TJmOEgiU!9=Y_t%o}*)@;Y%?; zHl;_e^)NTuJ*FoOs!ityKaBU-y`IKaZiq7%M02?B|I=xcJ*T4N%$`fRhDfXc#~w8A z%A+DWBcGbZn~t56p8VE$u+!lMpUv-b#!F_906+C>rM>#o!NB$fL$PVI3x4kDofJJf7%KT`mk$ewyR^p&T zF)iymR~>kKpK#3n+~eoe!Bvp6B@pCACa;iPOYUc!!todm>>kN|;@?6h>ill9A4g+B zl(b-t=(iW0aTe^VM}rm$_$IPnyZcN-YXVI~&sLkIgu7VJY($++RF zAGVb!9E>8W=Wp4>J)l5Oq|WfsJjX#JoM9ZgJ*QE(HsRGTx-2>DcZh4S)U8)i;&Y+K z-fz@tN@Htok2R0R~+20j9m>e^n&r!Xne|-$4t@1kOV1(>j;wsXQB7_Y1Ry;Vv23)h6 z%0*zQ^og@d228w{z4IeNt|o3EGV-&!el}}#6(B+TdQN*tQj?dYH!=3`A8XFJ1yjMB zTC44WdIWzp;|BvB;7^T4*ckEmV(cqrgF=A)+wYqKu%2-Lx|N9V4C*pRWS0>e+>RgU zT^*sMcLe4jd$W_VoM2bmyN?geEtnU%#Aps;7da&n`_V3=RUC!XAr5z`dkK-iuZCA=aH#2X4`y7@heP z7Cgv~^LXKr%YTxMXP_MbZ8KbPbv;7`zuBVrW@@a?X#M$7U1X8ZPibwFxW5vRKeht> zO0Mw-TTVr&y{>KOvoEu1A6eE|UV1LUd7Q_0tu^ELck_*ua|{Ts*4a z!la)rwME-Q9h?;sX1J>>to@dz#Gt^3WLFFlk`u&P-3}DV&>jc!1!wUdO6B-_qVj(& z+fXV?{;7~U62rpG%jsl$e-L4H&+MP|=rT|28BbH*9&~ZYT&BTOGN-$e-w^gi zN<{$|-}bNj_e_P?6KXK~ov#e2SX|^hgWEmzoj4uzr~`SYi=tx>dr?u^pS@fEgAUx6 z{W7Q9O(2(NO-+MNHUM(qh+LVQ>+&(y7Z?If5>zxye+QFNxc)v@c}EY-dleEhviGA6 zo#*YF{rhpMS5xtk>RYSl)dQ@a>GFKiyhj6wBzeLN0|?cAb@^%0)I0ym*T{0+I_(Dv zkmOmtbz4lVOqksKGnUL;$fBXqy{pM6pm;?GG#Fwr9kp&*tVRLU7LPM_?E4<_Q0VMz zC^%9J47=kpcKIvwp{5+Oq5Y19Nu>N(b?wyu?#(NH8!-cZ-7f@2{kmm+Kbc{W+plSA z?&J8!M8gIz`~>;>Fo*hXO(oV-N7C1Img=F+bF^mY;*EC)pVGH zTZ_%&gEzxuqf4D`{8>Srk@fxShi9uwsc-M=3!f!161EJsu0@(#&0kbS#e(~PZy;Wf zulM2m0r51d&jAW>vU_5`utX4`>6pQg#N@NYJ3k*2?Y7Z?54!*&MfCGYDfq!ts`eo~$FY-))t8j};tJ5O!1;pc07PXHz|XeG)J5|VoCvo=oFDFunDW45`m7M-VoN|B zw5T8{2gV$zTNC&9aQv!XpMxjU%&%ZC1%zCha$8(Er0J&2#HWLo&Kvi-^E_1N2O&9-+=V)Z4HT#B;5B^79Lz`? zY|PgFesCUPCDGME($Q_zqc*ZFZz?$2(fbVAmyNo*XF%`+^?ZYt%)*{4G8vdE7O9cE z*0Wo!CI{#-cVgdn5bqGhLvfJnbj}0>kCiX`c{hEl9)hI2b(l^B z`6E}TuulB*$ggX`3)1auzpg;VxXQEG&?B?}Zy~i9eqOj}j>GdemHzX+F z=RwQdn#N*Y`r+dmJz2<8G~riRgvJBn=Te+A(h+yxjw?n?b&W&;lG%D4VpmpU)zI}9C@{P?oWFNn0Nmw^B0tlyro9c zM26&DanriL{=iE3L6V|Kpp^xq01#!Q z29g8&T4#m2NzR}mzGG2I7l`x05MUo_7M%UIEd>8Jv*brW7K%5;_yDOi>KC}~on-qd zL)&IQmcEvHjW;NHXsSc?CW~kZ^HcM%_L{VWPKO)%jqi${Is`yseT$n8Fw^}Dq-CdYGP8{K zNN>`RdCG&iKwe}?#FcO<;Ml(Rr^N^3>!>3?rS5tc^Uwrp)BRIu`V?Iu5A#w251P{a zM0d$@S)=;?En@5kg3Yt#WPl+)e8^Y`82z(!Kv8NCHiLI!NN1fOm*eRtwr0jBt}3wKp6mHC{BHE zUm;qOv+>b}m5^BX9b{)z<0XlLq$JNp7LMLi6WROlOgAo{nWp5WVrdWoDn-X9$wUPPR=F&sk4H`=vSI8-T%ze**xdy+Ux< z$K(4H{&hmi)BSOD_kD8uD6Bb0N$@)H97yx^!tJ}lenV3r2PO{=<=-taqzf){-RJvR zk)tPPLqN-bn|qrTVz(4#|HsthnihMB?2SE`xWT5KMX{t|F*!Q( z@%!r7C}nRx`fsO&)XY(OFk?7=$WBY{7Yh$7tw#}kh0&Mcahs^g?)Mk#p{_;4Mgmu2 z(ytBeSwoIq03yeW`GF!M0T65c*!RDpS0$g=la<^l$$M*BzKQmYArLu28ysLg`it$p zh4_N9R)2`m&jQl_HoRdaK#y2~VB#ea6lxM&1m$WA3I(kJ$-C9MGxhJ{T!Ra{*LAn^ zJH&q&#ZS^Rw6|0~Ki8xOlf?Kv11mm=a_XLbO!*$Rr&dMS9R%$Zl{!ve7v_tVV4_|L z?mp3j+&pk^jZvg?-+KcC?>%ml#ZfLOCS_w_tt^#j*tqKI2lARX8%M_Buv7GhwbveS z>g86Fit3N~xcusOrR*p5)bT~^nS}VwCj6(X!MA65e|Wf|gniFf4 zgZnZ(IS45$vG+V6VNcdntI!*A>fyDbz2RzkzCQ0Nte>FQcEU<8cz`PFQ|^J_@wu0s z=r%%s^vTnSqLvM%_+OYxbYbl2bS^#SbiX!9T~~*4{f4=j3urzE3huTU0rdDe_g-L} z=~nnW&l#FNe>!hB7)@^8ZrTP3hsK$8N;*72S+(}-$CYA9HZ2iq!kVW$>0 zSm_-hGoLdq2W{M>o6Bl^m$Y-9A3y!^n$D-WPx~KznJ~}-Ez@ZfS7UdY9spoy_iaDb z;R+QXYc~`M_Obrb_u3_dpfQ9#j?njYo1?T5OQL?mJ9B@H_lJp8}R$CYGY< zQade#NLy%I zS?nnCAH}&zDv0Dnfr<^iYuQZ$~|>WoW@- z&0VkHI?WXZyCYda|K&gkPH>bRoQQf9fd@ zjGEK!d^bhtv|}I0S7NFi`jg%zg(}8FL9oDB5ehXp zPp7#aG%1DR9YKtQ%m)#UAO+fgJ;?jP?<}vwTVNS>Fn`SH12l#oi`qbZrM>!!ZrFGQ zE5p7YbV}bC>cib@m{jFT0h_TOSs#h?h#Gv13e9yF$(B^d$aMTBYnRwYd|J8y`j3TCiVV2u;6jzhnY7Xxnem_M*+J_NzGdgr{Q8Y zviCNhtf7uP6_KP92=9tG@-=tBpW^CHe0_ZZ&>DYc=!$HtkW!V*SXezi{(guU-{{2A zNKGd8=PM&rn6eJnt=>~FW*@PBgMC=-ruWrj+>_+)6<>N^GvBW&LZ7PAN)G%RGGXuO zH`(v>1G$KmzS-GD74im2;HMTn`ZqMnlS2o#w_DGxL|QG?G^YZE71 z8=QuG4IKlF!n7&J+06|Rx&&qLz4+Lw6{Jk z%?n8TPf>&luFV^|_VH6Qcq4I_ZXe57t{?#G8n9g!%iRaXVnzxMRZI9K&o(Mbp#+$|2~mmZ)%B6H$a4xx40$A#}^Uxirevrlrz zotUSNWDBi_dvMTB7n@4YuhM(SUrZn2a%q=}BzE_06bm!C@P(0he9#Bgj%Y7kGBv7H z5Z$lbtpD1_u4OZhA=A?IE|?Wp3SO)EkJ5!-yQf-Lma4nI9UDlW@7yw}AvBqrry?Gn8&c6d5u{ zdI)E%hUq;Z!B}_`SS6%=rzOn0MogCj^No3aK36GCs#UempXR9SqbM90rJHET&mo=N zt9~h{)|WClg};MNCkM|+l&KXQwAiP{NlrVuPIB=N?P&~f z|My_*lWihccK}y!z zDv9h$S52&N5JkKZ#H{ako4m2q`U{~;biYQEakYp7r2w0iZpz(-$C*g!KrU1lF09Hm zL+FiM9A}sq*_n6RyaWo(S-*0X9}pLUyb}?7ct7e-5`W6-6TM!|8+TC3Go|vjeKu3O z9Dxu_jQ!r1r* z`j>n%;ZSPu0B9|*q-eGW%CIca9av5_I|lcYglx-a;`qv6Orkj!+RWM{npk&sORD`$ zVRd-Iz^&O!NaSO(XbSZh`N{1M2H&p)2M7~4uLXuq_#8>~QdxhAHxpiU&hzl@aA8gw z5OC8Y*Vps)IdSlQZ>^u0m_K`;;Xw~1s|;uPHy^hf%XVl?mFP9yQM5S-X19OT+&P5m z<^3c>1P39JVDuO`ewBf>s!!t$6~H5qs{87VAI<`>0=jI^;0W#CzKQ1G2QH`rB|ZH1 zP>WxyPYv_cfY- z{q+4h{9ynOBiWiZ7x$Y8pC;w#+HTs1cr^@f=oExLukCBbC816Kvs|=kzd2CzOpgSJ za;{a6KetmxZj4;eU?bp6zpv78FNX!!_opXH@3{qjmbfN|LmZ=ZZozA^*_;9vvG_%e zG)lr*)AfK?uV>xotKW0HYpBC9$w7!xt}Ar8g?)U4+Bi{P*9UaQH=GB(n&Eo;%+S$- z$57sN*{Z+3CE-_p*c@m}lr`4yOMNB8!<<Z;lCTW%EjUnj;3@gp|Gp{fCz+iK={tJ~3I2%Gw>)J$VC}bf!ZY=ZmGPmYYIZMPZRq9kj_SDUtl*4GUPf@Ujm4MSTtv zAEV(MoW?(F%p4s^Hcy)iOjHa0z~;XfBoS6(2@OXMg(f{d^7in~m5s~P-*WtsW^J-B zUWeZ944sTZfp2&C9bm}qK7VY8?~g40ob4C{0m^rgHr;2QI|E<19iDF;In;B~F!@tj z_Q^93CBLDIah3RqVMl$cSYjzpqdWdmz@MHdgePhC%Se@mOHpojXV!L|DeWxybVkyl z+l*~6m}f2!wv2PAsO!Ep?x68?HbUeAVveNePHs z-OoCx{laGV@142=8!YaNCi^S6XLW-GGvn0K36T~!{}j-k@2NiA(FAMjJxGJcMokY~ z{bNr9fYU1Vb}mzwH!h$r3)}-O_$WTf?p4y%$JQ@I$~@Y1AGnJsS=Y9>TyK!}2b;Ha zr}lW1#i(AKZ%ftQa$@`EXDY2HmAQ!pp&)^hAC|WvMF`8M!Z^gNnncy=x8&H0vGMCm z|6RY65Bf}X+jDoQqm&=L_bvoo_GEwc)XM_v=UFp$*w!0vD#O0eKc1csG==l3rw-AS z@G52At)Rv;iNo=kLbT8&e0E<;`LP>e{fsIXTG2__l-{QY8lo+}C0U{81S#cfo}6_6 zS!*%7vG1G=ftCWW72%q|fh@nMzt-&U-wPc-$337ydTZSNBI?aNNVc3)g_Gs7stnIQYJsFtJ;g=XxL)3x5Lt(}%7JxzS9}|-75uo+qZwuy54z0CXY+)}b z)@c6ZN=1`mbTvNbYP<5Js1LiH40^A+B61^Cyhb)8ryKfymuqt`Srpky)E~a~@9K#- z$%i>WD#B#Q2OE+iV6<4g&CC1ryC>*U zfR_2h^D6hyIdgMPFdIBEBmVL`k+xLgkrsT4eT`Ksw_dPt>SxvI5^m#zdNoTW&IZAk z2Ty1D_Y16w75kVZU8l7RUGWBi;3FnHy(A2rLXMDY{_GffdNhQkoHmA>C{X!My=~gO z6n@6`0oi}$t+l6zok3_lL&%-O?|yDRuK^P$v5c1b9%6%3TYQcf$LCs}xLFVvNCqbY zIn62(Ys4nVJyHYKP*Q%a6dr$wsyQBly+K&Cxp|*pIj7_B?*?y zI0wifO)*V+AQINvfY$Pw^%My=g{k`rVpha<9@hQ$^f|lQqz^~m0qAF%xb=DR2~%A7 zuTM3F6MsVON^^x*Yb6lskK54z#`8&lK{&baw{=RUicaPF9E=m%2KeN+NEHiZxX|Ft zQ5OcToI!mqCCi-Mr4_3&!A}B&0jk@H5@H8+nOd#~+0qlb=BB)$PwdbQ#tOk)z&6_}}pUpG_ocr~F;S99tFX z)w4qI=XxY}E5Fk;%B~V)-~zzDQOaqp+r3zT?CDAJ${1+T&#=#K{d!fj{T|VX#SihK z&lI6iwzlUB2>Vs+?3f{e^F#;{cvHAIG4Op2N*y!q^|KB31!6oO?|nie z-{>beoQ*Sh84!g{2pU6Hx3+RTTkUD*z?kC%m;vkS%HPE;x zlDp{P1cVV4rq0KGsFpM+uT>QuC67c1q1QW*%p#)6O2+O5;LWr@)#qw6dUPsF+4WL3 z>#GZ<_1EykHl%dX4oqD9M6`MU-&1?4cqbuj1>ZL>nDBs(ZlJyq;^SJ=LjMUf7<7&J zgTduzx!p)`H)ojQd+%4*jIR0IDPY36I*x?R+YCXHy)&l5P8B-dtn3(); zpb4H^o}&?DW+mnKX_RM+YCmzRneTQuNb({#4*Yf=cmB%uq$NUXwq9YRC50y+t_c!6 zV6$^PPP|l*aNc;3c~&X@YC)=%l2lkeKln2z#My(va;HO3Jb$;|%I9#%?GVzJ_cH%Z zJ3C(xZ&0%C-r&7tljb0sWh|P&-x@jAXkTUU8PI(FsPjB+=|vO8z166m@LNcurGfKi zY)vdJ0lLr8f^VjK%K$-jWjod1edCr!1NVDLlZWCHN(X=3HOJC8{W0`LsG02royIdK zm;jxF`zIlJZ-95C^PTZPRnh%@(KJuQ7hZR2xNqa-H(VTJ#U{NcSMyf2l~^ro3~lxC zaokrUTCvZo`losuTJLEeOc8yy9zSpbbVyPVk4izA6hNr&5lPTojoEfvV8^WNp0vwJ zLn4K9#KxTQ@YU>2ltWV)Vk?49SD4DI^6GPnr^1;xYD>%^Z> zHKC;*RT*|(9)x5x))J&6(~t5^neOdg`)G1rup>TF69%q|`|6lRuTdGWG+yU8PkDGp zhUwza(K(+hfZB)-**qeC*gRDevlW8MFa1`osWVyw0`hRRCO_q(StV-S^I`rW+^8C`yjOpUefwdRQV{ak*! z&C%Vhk{%oaL*sc<5-!hWlK70aLBi7h+2hEyNkz#Y$=bho=BNe-+T7->lG4{$P zlJL$qS1RA`kZb#y36ko_lB{ExOz!N?tpW1} z!|gC##IG+i9kQdExZ*K~i^kk&W)&d%{d68(CX3VaVZT*r2Rxng@IA&=lMX_CjQk=- z!p`nhyPD!kWqzQ!35w36TIugy9ds{v+9}mS&2KbY49d%6H07} zw>c1@h|{-okWp1vw;n?$zTa<6_?BNOx)2gX*py65qPHG!)U@`XW#=+GO@6?7Is_Te zZtyeM3yDThmAbz3BI16_p&F1y+=lQ)R73xJ?=^KRpMm;U_swe8XG2nZ`NO%?GNKSMQb|RU6=_YkNA~lKz3}#A z?^u1-TzgYqh$g_(x#f*$E=oDw@8ETRT=~Ssm&f(`>#p)$JUo|Y#CJEui4XcU+3W7n z$bYB3-Z`>5Jv_}HogLR*moJ>*NM~;#_x$cR4BJ?hN?kAsU!Ra)=If~qmjV=qi}_L+|yCt1gGW6OX2EQw~uVHE5B-se7ly}r=$Gf z2RAf<1?*y8hy~S}K*EEs>H93Ohz=eyV$H1E5BE&ToBG`M>4o_MVeb>DbiGg1eJE^8 z{Rd$$%s08Dw(2#4jsEQ454jV*7!}ti&fv)B&2LNBT;Q(1^esK2m}O5T4u-@|2MwZ& z$DK`yj`52{)3r;7#>063EPY-cxFa4FZjJWqN_%aIxU7o>)3oR2s(watMs*hs9Q(Lf zD77z=S*(VLyf=@Duh*Q3UZypyt9bf8E187cC2k~nkT@Nk-5A({J?2W7rdv}#H>Y%E zNvmk6zN%~q`oraF0{ZdWM{zHB9&6tj4#zDOlAn{@W6FK5^#_Lu_@rJCj2K$%(n#+IYHegUvYByj(ERkDlLf!=2P{>oBklEzIIz;1}WT0izD!dSgX zyge!vb*ygc5BiIN81&S|_o;nEn;F=0Gx4?@kpQR<7Ykm?*sz2JXvZ^>Dt=pXXWdMF zI^CYVfxIb4{9c$`_1NPuP;U%=MOQrzPxl@Coa?=l`7K~nWp$9sc%2tn$&@1itec|VimY@egw9iXa{{_=@nwGw0arA>+}5HZMb?V#G09`Q=u zQ8<(KhZ7#~#)_X6KPOJZJ>jEJ+>V;z2*#uu{3M6PnuV_HiCI0R+S@?jAaW!2D;jwP zHVmmmR3S`5M8biZKUV`anlNQ(hM+5cjb9KJmOY`bLdKL%Gwzq3%+v21p1~smq7Sk^YA@msgE`REVcO-+3fbaLZ?F)BxW|njC(_SL^a+R}g{r-av_A zsmmd#<1tad+OI;6+WoK6SZ0KNJ;IFv|MvNA#xmO7X?{p^1-R+_SaS3%Cf?2DhAIEj z9hc_Iwi4)62V<_id%=&F&-bKX-r#^=PRk>;mQ$&@*H=4O*8}4@C@1A~^T*VPgS(Lq zH-8X_YMXxJ_B)q@SE%q&wOWEi2t*xvVd^o1L1zlUW9s1lDoi>R*Z5!X+OD3 zCtHn1ybu!iT9coyjO`apGYD9e>m=a-VQgTt_#_67SGAF5B#cwDgF z<4*J>n7EQSlTtNkA_Kb0&+|C4e1rQ@+Se9}`#hhNuz%bTc5NlFSpXAtXZM1WH6L1J zUsU;avA{I2|3L2~$|kAru*w{7RiH|SQSzfu+H>J=(BI%`T=)?YQgZx?qu)vA^RF_m zNIzyHO)uf=!qYL75B zcR?@wv`@+3Ku#SCh)bOs30>)2$H)M>6>!y6TM8mduU?)uE+8lEQlh_;Zy%BOw84D6 zha4}6zC^4uf;7{w`HC@_O053LQs;JFZ|wRdn|ETT_Psbn#FKK#V?*zUR~nj^Hs~ik zIULl{kT_hNXvdO=Yx+mllmE8S z@JLJime<)kQKkm7&wjbn)93X)Q=eX?Zp7W}5eA*w_JazxFrpy?iKJ8JFAO}e=94M2 zS3?f`z{1IZ=f)Lr*=i|Va`y#qhI&Tc*?o*yVrm1DyyI^Bp-jMafetHSb+XdnGP~;dVN!dG~I*{a|!Rs#&zLCGM26iudQsLETTtQ*YwkXqZhYHv)=I_SI;*p)Gr^>;3h`oB} zu|}$~YvE`5@9aD34Shoh1`g-_u0dHX>vdZoqvNzk$c!$cbA#i##@N?o(xx4X*5(WP zCC80SRq4&ur|b!1{h{oGU&W}neUIb^kT2?^@5Oqa9M-S#)(h^aMjtMr)n?EI_C-7! zm2ACxQwMlkxaZfnLly+%TrZ8OVQ{}cL)FRHLRXhJLFl(Js#H<6g+=n>g*@ooslHqtu0fh|*A!MD0@v|!))`3~9LMCo zgDXO!=6w=VZ>j_BsD)MS$A?NMs}1M9*9NCBKi?>XdE_Z(laF%eZ#72R{SI8etbN_9 z&%LO4 z%Ac?y1rWPxth=HsKl$(_@WJljcIkwIO|eja))s5~bm)E8JY4pQbYoFrz);Qa>k0a8 zhuG)1#?zrPH(Nl#2SUemeyAIgU4Qdh+;I;IbZc@+C}t=VG0Au`*W)G<)O~OtheH77 z%8b~{Z66)r#Nbt_<;aFuIi{}516-4io-6Rxu4wSUuz?lp1NQ3v|mvVVxkLTaXk7*}USyEfHoL=q2P&dfnc!Mf~H(rhZZEt>G^NN9KIEZHR-VJiDLuzkne^1+% zeR&N=?X~zaWN>^C4?&+WR0^Nlfm=fVv)>ee{wONKA)PIOc@u4KA^1y`eY0fZgA+gF zZj`K0`Fwp3W)9z66&jY6mAjU89rwv09OFcaR5ANB+*mJ(KfKZlOh>(KZ$AWKJ`W>I zZKrk>`Giqt`A%0)QquVE6XjsZ@R*uOcdrF=_RF4x>%Oq@F$>(&jsIM-pD)tSSyosr z$mrUmyhbquxgvLEF-(HX$)EPq%>FC!GCh@qXXE{(4a-sWy9K zAC-&iFF4)F?BKe!ZG)BrQ}ewq&oip6=3%T)RTG{6-Kz zU^>3Uavr)e2})ZFQOrC#DNah`LzRZ0q1+Ixei4>k%q)3U_bDmE+e_VSn%5q2HIA_4 zUC33nRG%NpQ+{dlESb|-3%YE4IGGA&P~eZ^aa(OUq|^Pr?0>4}Od@;QFWxYK(n4AR z#6_?4f-J(&#QfLW6@c?)2CAp2t90|YkLl7Nohw1*B-}R8q~)l^QdMdVx4x7;Nkfsd zu3GpwGs#LbPuqvq_4MQOoyDU>>LH@8ts%qy3v1J8@O=k=ovM?S zcyP4(y?)kdMjX#`{GvIk{cvQZdp}gGHoSmrX!qXFc13?zOzdO|ab?gJ+jy`M%B%Yl zDkn%iGfr+?q-*?s*<#*@a_T;v5o1)Ufz3D9#TjyXpXF>(NuRaeRQI|mV9%D5G}`Va zZ*W60cF7CPtQ6e9r3fx)vRw-AlpdaGi1q!S+U{1hHQ$c!w zX3}X>xGQg+&4YIR_Hcdw&M;e1!EgKVQ2pZIq-`?xq(A9-l2JN???ikJOTEdRnsgEO zaqE>UYxV*vQYn=`67hU_{Z>21CUX}lmEaHLVN#Ezzn9Q3#ij~7udutpR&=~(@9rZe zCrClvJKb;3>&t;QGdV04I`FWoE*@+O=_MVBlOd^`c0<-(YqUiR74QukLa6$$i??}u zVSvvolnoQm-Kiv!{8|s6zO9Nd04De+wB+K&$kRzK-!SS* zDQfe*UniIW6#~E;iXHwoC_wT2l&I~B$dSLdT5(fo^ zt<~~K70}I54)H+T_=gxUR7g!m#}hNp>vI7p>2GJ#))xDem+8s8+FKHx|p z0rSlvdZQZ`JkZ9whh< zn=jU?Sg9*>(i|SeZvs@>QH_-+w+#+fR@$) zBfwkU;U$+LGF%ZA{+f|c>9AXZxWr~3;as8!ZbU}217`ItHS1QysL#KgCg~nNR8}w6 zK8ns;aC_iO9!-Dsz_fAS^A@j_bArEgzrZ4O^7{Q0jyZ--;U)LPekFa>{d-WRV3n9M zm&Y%otP%py!os(It2I29o;^&4T`-(WD0h+4G13sTnq~V4j91c*Via^iBxhIdwG8{f z`AR~aKHec=E@}y5DyS{*qJe~sJ!&qgKOu(JTC?_f89gqko3p67vKU#sD_Q^et6E*h zk38NA;!P31>2`l`<>Pw?T_j+OII7n=MR@Al=UIG%rx9{;ceVCpwPBaR08F7UvM^-` z%0sfJq!5xhU*0o%rO{0r%x91hw*0oA`!Pe6EaV>XnpzELlW`e=7z60E5OAhDi}zmeMaPgMP+8* zQ`=qIE1i2Oi|iap;}G8XMn`L7bR{kb_=#t_J0=ZefSPQA=XiZ4&Ve?U%Y%3w*_?%5KLZAm!s=qc`6iF(TC!*$4=in6DRaXTdC^79_|qZxHucOY!ohfjDM<$W|8@rq#7 zKK2m`TaxDN*|(6)%=+pTNFY8?kNDX+ocRe8q{X5{(m|E_oIrD85_zsm`Ms^95&Ay))KYzlkO z*=(#}M_Wh5a}UTOd0A%A2$R+_rv%3@pKteY1}_Uif}hY zmzw*N2YAEjM{;a{psgz#9R~{CRy5wk2udmZ3-pD@GbfqL;z^vJx1w5V&W1wx{8i=+ zJLU~V-{c;fL{e41wBn;XJc>tbH^!Xo&a3%yUyy+ibrPJ7PaV;qe0tG^gR!{hYA6FC#pvB~z{=3D5wZIJ`0R zNzp~{(+uF?+Xv0{4DGx`p6}-kq-QygP})d0Hlc)0XbSp{cEt3#t=3|(*&PnV>N(!D z2i0eLuNkX-GVORlpZ5cnYQN8+|60-=zobwFRXc^Ea)aC;W~1d>*+Y6A5VW=w@(DJo zPE*@w)$_O;9v8R;_Yns^=;3jJWxC71_W2MrlDUpY#lTO*99x*c{eHjq3m{wO>0Ve4 zd6GPA;ymoFY>$SxB3LPnz|u+n_f0c9&}9xT`CO`dDgRs&ymTWrpgMG~iR;ug;7bdVo<2e6>v<}2$^ zW>ZAL2FDEy4_gn5&lTY|WevIwjs!yv)~hkRSX_8S5F?1ykG|#Y%F}Un>gh@bsK@|% zk$Zya(&oc1WfEJDF}^8HpYl`xE>g*N7E`%WF5h736M{U@y_e@;%GFwfgaWXfB0*bv zS_qO$>9=I>g~a=1+^fXd(i@FPu$o^#SJ&ShHT?Ycn(g$8B1P{jqyop8$)DqS*uFzE zSCn5N5WILL4Q(5@%4QqHK&EPC8%9woKf=Ee{^g5I0v?~U0T+a^^M^L^*Ys?EVIG{2 z;{Kgo_7k#d6VDK!|8+I>TN9;U<*O@)?3Ab()ds(P$f+c^jf_^iShsFz>vgcj=66HH zrzvA^6A!?jxXkmf2Ldriagq0MZRZUhSiqmF6E(Kh7i(b6BQCsOJBP8xTG~<^bqh(Y z+OHk`DX5EW-Au94x#)Cbrcja8BA>1T5NG8}#j^D@lfSTTjdZ?<%Ovm3#PX=|gg`?8 z&^)`FXozn=>I>zOovGI<9C&a8ksm}E@5%MhllR_3cyk0eW656$M;C7guRO}oZaujB zs+HC3NaBqarf||!!W(hiR9IN4s}FX+5IAVToIs%i79?nC`3376bQ4#i)+k{xjNp0- zr|_pn*-hrBF-;^4xss9WRST@JfsH&spJ~h9RSj>2Y9lMWsf=HQut!V?AyDc0^-bZ? z=(88bvrp5&>j>?RkTKF0b2fi_wPg()&%=WrZtg}9rEm%^711@ASyrlkJle1 zFVt&sFwr1qJYwPlxqWd)iWVYq_nEIX+ zh`2P+S(4dpw|f55rtHB@0@tnw^}Fy8ybso?ulA#qiJ-|T1!AiARo4_i(`cTXBUTqF z4BCj&o$Mcv8g*5ffjPo`j7Q-QZNiN~Bckfv8KGwT@C{Fh%Hf?LkqW#vf@9a!2! zTdfk?t6iSYp+QITFkL0UJ09`>ox!9i&(7aP&0ZU1x>UvoWK!)E68Vk&@+mnx<|5U5 zbr4yfu^c3L#*LzHwHHxF>E!HJz)1fH0TxXaM`R+cy~UEEwUzij zA8g5622aMH9G?ra$Gx6TRJBu7_bhn(8iwm0_&eR7bw8$lBZXmYJm3X?t*88QLeB#~ zQ42P|cUQfz9f3gse2O1uvwG5GKOnhxA2jf1xTjHYI?XJ!iPBS!?7mp`n6EKILbi(jf<+G-{DiPA{0#a(?ZYSH}> zIh7|_mHhYxbL#uK@VC)a<9*S6hY2ZK!ri=df4Z8Q^2x_SwyZdg)GF$Ndz=bpQSG(xMORH6S!6XF4d7 z_B#|lIy>d}+DgTLdyTFfGi$Fq(0v%$v?Sk)23(RT@enP7_bdKbF zKSm^bK>JfGS4~9az6#^zG935o?D0yzm-fuj$jA*7i!d7Qht;dGwO?F)W^hAFJ)zVg zUUD@TO=0foy)`l)gTXzKIl~W%eT}$KhX0kB#}`;||EjQ*kJnxgqk+JAi&(1a_@1=G z7Zg%oqQAiu(|7g*+tb~d3AT!?$WjO>QO*b+Glw@Oi_v4HY6ZS53-C%;Cq)7=54FSI z^UPbFW<>S0=)d0#b#bJjHUI#>;f2EmIM51O8o<_HSOwa1JkLaqds=yYro3Q}t5qv# zeGKl#YOPzhA6L(3cSDcwz{r}CY=lzjv+lq%Bk zg9#LU%Xf@S_@2WUcg>~9hD%bg_sOCU)AiK%`!IYAgQ~n|Nra$s9qKnH<#aOKC27L@ zHQ%!Ev0v7JlJg&h`h=f8Uy~loFbQR`REY><Jrm;%7RP-bc=j<2 zf8xm#0Rw6-*oj=amN(V2cc!f{|GnA$#t9HwXB{@?LGT2RXyn_?t8eS6tdvL}&Gb`s z$!#B<8BV1|`^ZBhTpb35fJ3|cxV`WwfJVLJyRsOty1QQh53WlpQf&9$ut|NW$zkL7nbg4%nXBM-s@*9 zo8NgDiwh+b@Hng-c2oIaNbtfU~huFxlw#j64!Lvc^8 zFZJ=O7c-SV98c!9i2Hi?MD`~S-qz^a9WIF2dPR>Ube(r)*LMGTSjW@Awa-K>EuO_3 zA~*!2_`3-U*{7z7v#OlqmgQE4^=JU3nyozv@9ml#BTo%pl+U^de zb(|yn+ro=taQt>QW_^hJoC5Xs34FhBq~%sbtf^7Q_YW5J_wp?4OGts!G-WYpV`|^I zhXh%)Hv1Tjpthc=?Snf<;M=28Mx=h{WR2gpD`#jUVx~J8K5<@2Ur@r4W|RLcr-6$( zz&?^HVqry3&%b?$$|292#v3pv=-PZ`^Zgg*>oi5n*kQ%kS6^sY-`%8%Z^EmBm)hI_ z2%s@}1xHR!ZDgqp`~*JnBrVY^s!vln+kN&*?Fo4U8=7ekVn}= zyjve%ZA|?-LhW8w@iAdjxD>1PDwh^F5u#CTg>Rvj5Lodom&-nV-J<|ufPJ6@M1i|paGG357%CrRUWCcZ^6=_JVyB?fil3+IvL#p`TMNJ z+c^C7l?-O;0dw5v)I07+kQ-E*S~h@t&D%aat$R5!@pZThY#~Nzu4&o`BvctpSX)nx z&%PcFgsf9O&?FcinHW%HAZBQ!KA#k1=?}X%eXUo~RoQhxTGcC!8-9bDc|7Y1Rd>i; zW1WdGG4Dg~gpBQ!TWwwzx|t@1ql;5$6o2V(8w(MPbPa}5g^YP2&ZKs=A&(cQs-}Jz zbp&u4)c8Szb6=f0y^$NZ=@Rebvt*96QV>`f2b0uBhhT z@`Jt~{StA0>7}rcg1pzYyfK#GH*9Hgsj_5r^I5CY_&BxqmS*h8ZB?xhN!m*&F>(B> zY=aCmjK&!uwg?Ej(s+pjoE*S|vL2Zk@1Sc{Ol%JW>)-R0J>G`Nb2=KBz1Q6fN9mf} z0JDAB_m@y7tql5iiezEL=?O~~d?cMGq5PxXhzdN_KK;Hzwo#C#q)gf#+AcXTs+>;E zF}V}=_2Tgi4296x{-BZpAax&%iLWGuw=eEk>HJED&mV{8$X^xVRSvUwReMV?G#fRQ zFi7bWs8sXd)Qp8KwMLc>0Zu-MR)Zm(ndiE&>Vu(>VQa<5%Y!az0v6cjAItuuxsnJR zMmH8fHShs`n}B+>bRv<-4fI~_R(FQwu}|f35dYvg_(-Ahy;(`dm-cAho6j}TxHi|O zdFJQg*v?0f=Jkt~Bqyok%oAcMlj3G1b5l?e=k((j0+Q9AU$j~zM2`Eb=G%RasFsP^ zPeqIA>^Iz^8^%^dwe5c~6P+b%tz1mP!-^uEryss8?jvUzni&09t(c&}J=Yl~KNH&Auqb~-R(xXqr)Y9M9J)ibmajaQKJ>xG3p&?aBrS$U5ah*5 zU(RsbDo{g0AZy43CIWNd?-wA<^!v{~(U~ZitTn5TD16#KYM;BISR2EoT4e+s0no|H z3A7_)POyrWmydUJqn{TBiB+TE>@)tyR!UjyoQy#5GkL3YqXMMn*&LsEE$74D^0tQ- zOXa=mB@kNy=5M;i^4xf^qF+DAz1k>fp6xGB=NYgUEI=wRr3xXCqBroj&tp^Eq$O)X zAH0U%V^K)V57#R27&A^cay}AS^zFz4?KOQmn7$Gb7cD5x1!z65Fr{>jbe%B|%O6XN;pfS~93p#_H9$?| zDj0Wqo}3X~sWSW77_*cS=|caBw|2dW`+3BUwcZJ)Hxg}^{hoGmdS4NP{x-Vnu*GMY zmfuTaPZPntY)miQr{pwiloG?TFn36oO~TH%wYWamzuK9T-rN#s2@h^DaO7d%OY={xK=R#&vZv-g`m*Zu7q{l-*WSvQLRww0A3X*gDQqcqH*{451M?8-&UP>ZT5@y0rUg(-bp15BDk?vLQ49O*7CfZ$TbPH z;rJ2Ydjo4oKeTuE;F|4#?SXr`ADht`AlH@i>*rYMA3Ji!@UTPx$;hLp>krI>Kgi^{NMl>j>1*s?@t~=$CMly8 z(To--=iO(wssv9q~d~KXB1SKKfWX` z*BRTP9i=Ym{h&T=-1L&9ovUW7Hv#1O+48FqQS;sVLtWtTP!;0}9dKB&CO>Q4h3|kI z_0NMu7C}T9_Qv@|D02r->M5dL;<#R;=)4LhQzo)NGy!&$Or$N{mNZEludX3~Sq&wd z_R%&#KAl&cEtb`Bk@Zw`%W_T`m(tdu zxGT#Sbt~?_hCqv<3aQ0STNBezufD>WR4lBK-TbG zr6^e!syi)D-#Loc3<+iR;N+)y)^B~up!bDc%`14z;=4g0-P)UOxsX_FyVmm>HS%o^ zjHOHa=fe4}|4g@`eV0mmdR@Kj;J^=e zyF^c4@*Y1d7ibYlEIZ`N3=hQFd&NG3p`zhx`jazXx#A!0m%;j7(wI09dsy2dG5r?K z@a#0Z2)kPl#B+UnA1z)P0Woa7*A{=ozUG85vVgp)3xTk3sm@Y0oUbh6;GU zU3LS|_hAOV(( zJuAU@xKfH8l6+NyL6Hzqr!wttpL)H_Rp6#*+r9;Yn+*WJOHDCS(5M@m07)gsW|>Jb zesJE{a5F-5aU$?11Q!%fSAdH_u+3jA?NGIg(er0y9aZO&wHV*_AeRh)V?PZqvU{SEs>JD9xhfLK=%V* zqoohmLkd09O9;fFI?PkZ$m8K>zwcE3M(5`FF3x$I?8+WvUQ(am=lQtj{7Hjemx44L zUuTo~Q`!$w~Cg4Di3HwfQNzU~jpe}KIH5G2SHjtMsM z!A$O6f!dw;IY(fPapNdvrMQ$_>v<4&Q>GIM_q-xLNLod9C$hDTi;}>UfSS`i;bO#F zB0S+U2zz1H5&O}7>=W(H)nay8K83f>9}4sViAA#a{NX1;A_V;S{%GHnA49|nV51}* zxM@=OF1_ye$`~Cx&l>j+t~A;i@KK1RvuecJ-Z_7q4e~BWe1=&5fEcdjxPi^BBBf-$ zit@v=%mREt8}rff-5V>?rQUlcGmztVQkLq68u6#^pB`iXxIsy(mE4u`lc>#ZF%tOu z6Pl#wt8Nj}^%Fjf`qHbzc*)ApVU!E%%(TPOX87Ds(#frB*l;NAr>wv3IfwNtlw3In zZ$Q=ySDcK;s7|Hoeug}IoUC^y-Gy7z&DQO0k=P584_cW`Dw6CdPkRIPgbFDsUWfDP z*(UaHA20gK9iKw{j8<{H2Z?O+Fn^IWjR28B^4j@xQ#JDNN(4q?+6h4<>aLY{IWk>!OP8tP*eR3#7`` z>m=e^rGP(gY%~k)ZAxVK(M#|)Xdlnj5Ce^VIUrJ#O}mboC^I}?!DXOo`;U9M4zuN^ z<3RT?yrw;$4(=xKXF^#@)&psEo)vEs5RJlD;n6%Bx}8jyzgs=xB^TW5ONsRzieQm? z`mU-MUIdylDZP#<>AFLN{gAz9p|JQXEIBl!a{+`-HW~xu&?QvMFlutPHS=6EG?%H9D1%dgq)oO+l+hNePP31MeJbqRR`$PIpEc zk4+givR1FZy=;Ue#hU1*8{FuELOH#qZE(=;vNgHptFu7P&5YiL-n^zb01k0gG|`q> zj0q3l3j{dCzFnT=%1RHdn&&Gd%f{{eLa#~UmY%5f9jGIX7bfruSaL2zoGYXt{AF1+ zpcUzr9<`T{DKGpetr>Nb8lW%q4+}-jg_=;24VilfWeuqfBT{one8|>qp2!x%NBN-n z!GX>KP5B@4qK8n0jSC%&wh_d0&V=XF;EyvgB{j4j`Bb#nmU+Mz#rawx@JKeqr`x+z zs9%JA6l|S4x=F=iAst zKvJ-dI@5G2)BvF$VI%Q;OneTP>++6i%hrbQomG!H`1XSIdx-n&o<1(Y(@?#lRZUpw zG6leZnmTW8KW`c8rN*D`TTC7ise%GkBL)zcapiNuH{2(opVq(_}xx0o#6Kx zji-3=&Wb+A#N$AV2I^aBg{F@^=ZrN-#dE)JJ_-`|j6(;fs25msFMLVu^*uG`BgqbW z^#tnz@hm_k0j8r$~sn0$!0hJUq^(#NKAhF0Qr{XCG>i9Y*%^Ily8 zq7=69@VrDX?nOEAhrb;l1Z(6Pyi%%QYuxZq9HjG6mkOr;%`DCy=ViweeD{Wd2;*%3 z&6VUch}fOK_hOAeOG5w6kaM~dlF@0pZUnk9!{0tOb;Ma#S@U!yS43jt8{Q|@u*%i6 z*8ci)iDR2zTGf9b91D)OWPlM?@7Mt;GsvQ#0E#|Us=yzLyR|<0!-p>u1lngmf)6>{ z2>a&wzI;&@_)Cu$k18|-O_K4ClzLW9&pQ0%eP7nNE6F?b2q%Dp^-jvHJQN7bmRIG?+c!K{cN`{7R3{YA8Tuy{)R#&V1Tv{ z>&Cy_xY`&i1~Hsp9+Y?Ie5#tKpF<`qj@emBR{b*Xt1ILFxg+r#gdDRMI`(in16$og?I1Wp5EAlq ze{R$FxwQ%N5aQ@@ON+Harp7FPY9KgWl&DL$9E(T}^KvdOhf^9;WQm1a5|Ivhc#-{u z{Y)nGF8hLeXj}q-xGet()5WGvmuPJGz{Ga1gGkJW5 zqOi$Rf8tn{p#ZDi&(|&9$No>b`p5Avx)6f5l7JEBRk_9VF?3x=+|(=7+K82MS0Xs$ z^^5M)6@IM5dcMoM3;;y@V<$RsU3L#vkj4bNm=q(J6ygOS``zOVzf`h8bKQU48*J@h zo&y2Rgwbsx_TE7;p9h_Px|*6VJjEka^Lwxm==kI%)*uK@eGnHs?DSB6(*QjxeC#J> zyiW)DorxBHB9jlclU7ACeday4qOjj|otRIUbWXmK;H%@oe(i<&oAF2Os=goGfU_nj zzmFoge)by?x50gD{fR_QB8#0*^SV9bDvnun6ol258hb?=CJKVj47xaF&Gb4P(x|wg z>9QWUi-BDx;r>hfTMdFuNY1xW2WiX>f8NKI>Lb4m*upN6?9g5ZQFn*mF?z&&ck+5~ zR#)Ph=XQxCiB;(&8VliTmIgWLY7B#8ifrqPU-&*-kn6sth6_L_4T=0Ue4^5C)s@Uq zGcdVJ*THM4;VT$>@Rcill<5kF{xWb0+I(-okL>vM5r`>f(gf~UQP`y)+882iZ&JyNbQfA`z@ zbU3aFG=1qL6I`p56t_>Qw*~4}NB-^oP7*Vv5P9>Dwu6g`&C>a2e$2bL1e44uyFE!$G-*Z z{CL~gwj~=bvUYzeywmN3EL6#PtKT0bY2L|spbi1-6z{Y2@q!%^{(@Xj*8QFcL=*$5 z#DVn#o?_b`Pl`%u$6umdrYV7)5;&9ts9PpQhu|k71<>=yhW>*`vwd$v#Minpc_2G3Yq`mqPN~4WC{l21v zqlGD|&V&B+zFgB?-o{yjn2FQ97+)B%FN&Z{AAc&FQwJ6-CV!>&_<2<++dN)g#07qa zIgCf1#@d)0GN(GUI`a71vhu$aqV~Xx&a5YF>7LJz$r%OLoOi`J z@qRhiKw~}=jAh>@n}^q6*HPvB3G>Wa^-Uu8m5v$*J}r(yz0xX&^5?OgK=O6UhC4yF zQS697hb)ncS1y?ue?wPgez{;bhP30QQKwSP$C#Ttd(%i7-tV{iQjTy# zKfP~Q9d9K>pS?g~)k|6?&K+Kc&Ph_l=;8HepS&~n=KjT`WMTw9z#1!ONVgPlbRGcMnG4{m`}|nC z{UG@mN}_R|_pmxXDIUZ*U~TQbv=$Q@b05}`qg|PvR$VG82>W8Wgx}^Gg8z4P5u996 zBX-~4Np(wW-WrX)U1RS`QE~ttgXN8uuT^Q2;VK$UJ%ZDJZ&A%QF1uQo2;H4^)u`f# zy5!BEr8Y3gX9>l}@kGSnq=FMX8qpxwnSsIBzvjy@EchxB<+S6;1OeKx>i^T$Y==Dpl?sXl$L zB<`;wDlnj7!u9I%eVFyaX$#$?o5X9;6BI-(G!hR-e30z>jaUr%E4g&j{TCpi5|1*u zl$w%A4NLeVRx_1s9ckO&sr*9wa&xF=%|9#MeVeIF15~r%L9H6Ub1;(0hMyapD zsXAYB<~X^`&A(O;cl`cLEnuy>&Rqfr9|C2f_w)7iNrk+Ogt?)Li>hl{_aW zDKZPT)MH$~rXz@eqFZPzx9v%)QJ*gH;_0v{f%sRV0|=`7+WW<6cEp!AdS47E==K!Z z({~r1VF&94%7FZ%A~=)J^*R4jem&c|NyDN_{GcUjX}{l}9-!H~a%{Xfb~TCohOMfA zFQQN#M>M)Ac=zD^Tza?spL}&$(~%@de%DSSuBmUgRL1n7m`Gh-0Gdd}zfGY&$)miI zGA&bP)USB?cVXP=nMZ7KyR*-C$CTX5Zy5+>!Ty+rYZfY%{9?|eh|C|_*2*liz>D?o90E;g~P6ScB(qA-Da7f0W_KJ++WZdnjEE!I|q) zQ~Z3DUGH#O%6kP_i-+$@+t1-#=~axxC9O`JID>9ZaQ8dsJdz|gf5W2NvoCf1@XCIC zAAxt)muB12PC*d)HDYFLoYm zE8p9`=2_A6z}~oDo=)SYs$R09QQ3@TbbUBa;p^I9cITshlsFDvc2)UKRaiy<`V zw&&NC4<==J=~E&TW`rqfm`%F1HVRUEVNh$iSAOlT~nebI-aMA^;KDo4;KyVNok3dmKKcv&Xp5uKupy`KvTnoA0HH(O)Q8YzLDY ztlC>t$k@|la1;HHM_9hFJrQZcO9crolp1j4m!LQ#K1aj#ql18u_XVkRMH?<|CV9b@n>EEP9)N<=o?l4@X#&;B^k4!!!G0!3Gw7q@ zFQWKU)zY?sQIXG74{krs^aS)+?}yT3HKMwRhv<8uZlA%B-}dbbXvA0I*>n!+B`u=O zg1!CuI-Honp!0Y21mSO4VvRhX(gx8kwkGvbrUYrMDl8-Qm@3%^;hFDL&u*Dy7Zcd= zu!s!dNB1XEdl#>_uak#}#U8KQ<|TN8{?V|D1I30$Eq{Jw0+xATV#Oj_NwN|7-OZVP z$pWMXOqM2k2o^ym!!72MUexMmwvuZ8atFzfFQ4(`ta1-9DP`Mj7pe9744~2rn?C2; z^Hm;0R~phj>baD;hUkKC`JweGtY$Cua!6$HC>fAUR5K3PU?-EU55TmCUaKT)N%}B= zcvt6H;EMP3LHFn}-nc@iI7pqyW&rRwmogyVDz(2Z!@8HE_od{0IKss{n~UEb(n4NW z*-m!?p3&6SqOA?{RCavOl!Q?ribMnf=lT!#Oor`BDr@5v7IPXrU>GuX=YsyO&J(yY zjBc^0%K)aEcAgxrlvKZHRki%fZI6mR`?j*MJ+CqNB`R;WJ3v+Q* zjr6l33RHrs!N5^RIJk)b;y>(<_tPLsuMK3_wNN5((kSzv)fERBw;!k2&A!xAlXxyj zo|Bp&`9j*NeQ-ae{!tG%2A2Qwq_bTyPs}zwJa0i(E;sA@d?u~(l{Q8WrMC1$_jQ9@ zG~QRs^9GX6b0owsp;XZ~eAY*3G(EKhP-f?HTD03ZUar*(ik+gq$9*t}#tRkpgmEM$ zgcINI&_&pATH^zQ>O4AQ5;#(kL?2m%z^!^27n54vlCHmhlGq;=jzJ6qjw0U1WS(9U zzNz5ru-cv@;)x{|1X%I}x9E}y^M!|}Gz=*Vs2BFi{NWw>?=Th2^Ic60n&#$rRGsV{ z+z;KL*zCTRFYk#v(jTIHqia#C-_;cxmHqLj{mdR@F7rH;`aea!oL5H!KB5OEolCvQ ze6>3V^Y-MUnI~$}%$Mx?C<^hMbUZUEB`~F;0`t8i=HBUU)=8?rW%d`#?h%QOxR|2f zuGdcPi&N~J4$(d+U`%>?82bg^n{xVdOd5AQiNyY#a%(c>C`M+#0riBQz&w!Mop{3} z{ru1(&iQCJ9Oh|n;FOhkPGR|&$Y{&fjQrUPaB4S0TV?t|n)10{zHovrD(YGcu8!J- zdDb192kPvWk{-(VcYywjC%rS&q5V7#8LQs!=NQ$fE#JEmoOWyDrzxM0Hq9~g1l0qg zd3A$*mS>OnZo}Dv#zYtqOQQjx4^8 z{0ai=O`y}fmnL|#Jl9-X0$`jS0fFBmGSMI-Z=MI-Uoq9ebrzOkPn2>UJ$l)LhOcEy zG1Jh`&!aiVU)bK{2>(eso-?XUPugMOLr7?x&!o8$=fHTjeqrr9598swB>E+69X_4tlm3oVL_8~9K2 z+0^W31TgAZZHORy9gQX@HaZMnl>~k8EQHMTIBn=nK<=t(P}|?D#U%Ibn%IAU*30bQ zGO`y>Ilyo0s5j%DzozbHNb`Q*wD?2q(H^Se_=|@xAlt0ssu|5q(tYB?ean6R2*379 zN4!%U*@aKD^~wN3X_)W?<7OTuy1NPwRW}wyKhXG5AD3TijnwU?=8oN`#!en#%NMem zufdH!C}ye=OsoJVyB|d;p<6I1xVZXh9InnQ8rfAoE<-f4JcxUNILcJe7ku`6*Umx(y~JUUN-h`@zf6KM22`7H)Vv=l%PwORft;0mYGsg} zc3_baSvRO(4S}L7oAstfKY&;wuTkwWrt>eN)upNfy!y?-A^N>HB6_a#>y5nh5vZiU zuMs@~iK*i*5?n>Z6>eT`Gx5JUZJIr*SM7=2?-#obFZpuY`xW;TF3m_Y=hshF6n)V? zw+YKg{x-emmhMrfz3n7ck=_3bD|n>`df4yfGVY-9<##HSR>1Bo)-x3hqazggkJd7h zg%mO#%~b^a{)EvlqF0ko=-RR-^J0%z@;!dAHi-2#Qi;sAWeFdS8ST0f05+&W{L#PfXl$lY=0%xI}BwXM)|T&731kDvC9DM ztUFO;j2Z)}nxR;Zey&;6lGadD9na%uzx2b_k`afvC6T@`Zsx(He^ejaF3IljGpaTG za=1+D44HyIJ4cwyu45$h(K#n8QPGR`VdW@2&%vkn53a6NX@8#$VeMa_t`6h-*#=@6_Q_p(H|X4y5b88>Db~8YtUPefko(6z4+jnP38XET8Z4gr9Ck^wCOVs&k{+MiTl~SWgd-Sj z$BRu#KHcfp)LaL(P@&#*+?SKQymw9V`QtWm6kqIvigWB0x{mhi{yg=YFejsH9w`>Y ztKiHHCS~%cEKdN%WN@do!=c4^j_vv+@J+27IZ-fD9M05HYp`#krV^Sgj4uhV6@ z&)szurddLFC`z^cD#c8@fAVK?@)BYF#882(bNJ>F4Fr2$F~SwCcdb3R`y-?tp;VJ~ zwaoM!TxU!#z7cqejD~Op9mp3LRODsrN@U$$k47EM>8XHEI1%q<9`yu=I!V`zE+T9=7`_Z z#>xlJAs^tgdX7me6N~%Km9j&62qPak2EDfeY$_Z9UjcN;kM5|?!`zy`tSn8Kru4v9-b~> za_2ljujSK*=v4s+@%%2qu#=P-WcNH;k8=))=|=OVi4iI~_xFq9 z;N3;K9bTPUI!V{Mp#J{Z4<|@a0W72}GI3*HZsU!zo;ZTC0GMp65na{1vDJNa%$s9iPe2ods zfA?7G)-FQVYIw5%SoY}iW8mbA$MIu8%kaRy9@&^eb+m}&$iDfYqV*tn@Od9L@!FDT z-;xxPBM)-JU%g*?c~Ad19ZGIhKLH@Dm2Hp4zbGaHwEs|zt5 zTr!R;3?`A*2UI@C`iWZ8bUp9~Es}rUd@hq<_Um^_Tn%8SG8ctRlg6oJAZ4}5Z~V1V-AZon`!`Bd&Iu>jn;eJBT|l(Udipupz#R71^I+#FI14`$mBLyQP6i2{BTn_WT=-KbzgzfX zogU0Pv8?rlEp*PB=`t6VM$oV9(uK{bnmmh}OczwtK~*Y{lO2mZmJ zL;SjYxfrX=P(0@Q>M_s(Kqoy(tQZnT19w5uFf~KMRdW%WG0Rhw5_BRO$goxbXn-v>KF z7RGeoPkp#IXLtS^ZwtD-X&Zih;zG7AdZ(@WmFPWY(r<8v3~@pcPpv8EDX+}>Hl;z5 z4_UXg@($+e%NQCF(w8A*Gk5EgcBHS~$X7DU>`ZjE$99kLHHRV%y*RhJf&72hqXR;2 zF(Cb3<|N(NLl84N|HuJIzuW~{>a5-AH>tU=gEGM4PLAB1#KUpt&=pL4(7 zJv9WaDTyPsXs2?7px=`b2bj>$s7^2Z?dS$8FmNt3fkwNKCq zg&rdW!1}h<77MEHSd!J8dS1CIft(gyQF2pvyk9U)y&hWX;Plv@#nVgL*YniD|L|vf z?x&)Yh%!j`m6&*E=i@bRWNi8BlPo%*@%{H-A=Hi=uo`STBBY=IQy=S&svk8XcyQ~! zFmfgEhs5c8S@6d_`@6|-s=Up{JWJ!`f-i%D?}5%TjX(aqp@=HZz~3BKX)chN60VB6}B~a6R7GR@aKdk6xnZzRzQQIRrDS z8CU!Pg|Pk+hHsOq7%G(SG1M8%C}|ln#Tj4slkI(i*su=$DS@p$NGy1`OwkI_srI}t zNG*y(6S_eMy=Kb5H`^1<%)&Vd%nvIZX~DSSdW0%e1cmaBLfcLH8V$9w`Tmv8CW)&F zdcCh_L31-@7wc7SLf-OMy^SwX*2{PxO+CxvF7M3H6QCUY5n=)Tmk;<02WIG?sb8%mJcYt+qXu|7=Zu|j8;&JUk% z4C%M{i(z}NVYW-%81i#Qzsp2OiHn)e>((Xd95L%Wt|W)3A>ZJb#9ygLdMF z6HKDAT9t0+^LeIDFP7$$Yz(iT-!6|OY7m4;T>Ef!m#umeH#>LCU6T6!Y6C@jDmbJm zUY*9JM1COY4}hzIpzkYQ6|21a*v$J$rRI-Hu}?rOk2WiO?Sy*mnpk2o? zq}8G%F2z0=I<0sb@H*4v2GVa#y4lOnAyQPyMxfg6Jf8^n1+Soe-t-Ime8%7UQ9UkU z-=$&7->+QoI}tvNgQ6#i7Qd`M)Z1^=UIOtamDGI(CnXcy5p{g;(abk+o}|Kr%V}SV z4xFkJT6>z_yzbt+B|gfWaA~qTylkq3bDRo{(u8=+d$h=~XD)6PMVRyvhG_6uE?zLv zfabe$?$C@}vXIm_B%$sato;NW6EHSYG>VbXq!ks(>I+3t)mZT{HfSGCz{LM}o4+6Q zEwfMK69D(iXG3d3Yh#0#b@jvpVfZ>z=G`r@B;ty64HN8U<$*ln|0 z@V@nmL>hdxIpXjg;h2RG@VdWbgJ;BNj&L!9Jz8dt%DZh2y~3~cu7V&QJ*Jh5+x{iD z^R+DY$^qX4*8nt0>DWf=sQe74(HSF zJ6%_haM+?R;7A1HX}_<|YX5O`>TW-6jY7(*ig7~VAFEJ*SNLY)bIaGE`Rjr`We{A# zeUL?uFXe9>PYzf4cTKjZNw2rO+2{E8c%&mi(uZQ7Pk22ryWGc9gzL)-rkD!jVJ{z zug;smZ~KfejTBif&C9ocbY71G_moKG3)%?}DTk{c_jTR zieq6o`#)Z|z-H(M^pkTnKRBn01VSWgkiozRi? zjsB6+-VGs062Y$cT(!o$0 zC-YGg&J7K?Sp%?VO+*B;UvTsMxkeyc(EB2pTJ4(>?Z2W}HsS$xp9$pcE>l`hqVYT3 z@u)a6>WcMA4dfEiio)R+s_3W@B!4^o`h6;S+~vE{Gi_%fOUTHtRyjE2G@=fKFtnLo zyN7ut=Hv1el|N#u3B5qEFrf(`Lq3~)^Ryq-R1o))-V(<^X}uQ9&GOFE1(IYq16O|& z4Pv_t%@r0+2dytm=!Yi30Kx^|2#3rh&ElE;)q!pD?7lnPGowDwx zBjJQ0j{e)}p)8AE`;44I`w>s(zTdT9w;-A~hf(@NJF(^f1}j6ZRvkj9bwCBTnjeGtc2lE=#11nzIAtoxi^*7XPfv@YtO zA=OIyxk8Unhli0UH!H{$*6Y?`&jb)pyp7#mzLB3W#Yiqc8pIH;yLSM}w0+KeYC{zte?BIfP(XL#le%)X~}P>hCKKoZ{6u@3-*X<;rka$e;GI z*!}k09C*k_BKyE3RQb^L(djMOq0C~im`Qd#p$!LtdyH7IPp~+A!Hj3-hH08O9lc%q zMZ&ce^>J^rPAB6+QO&SSW;?xgN3HhUZUh2X&A+9QR#6tx(N%I9m?CDIz^a&PmJ#j{ zX|cSi;tj$e&GGekmg-g<-BJJZdxPDu_%YP)9%|6{o@jaa0z@vs$Haljn_Ig6fZ4-a zWMUxX1*t2SPX=-znurH@)U_E8E*f#|A;1D?vT$eWbZ=ZjJ)3rYpPb({cPWZ9mCe@o zYQA2~BER$%mde69zI6ZbI)T}Gz5Hek)af00ijAz8>Tr8tEQy2rxE1=LxN#M9Td4Q_ zG=AP@aWItpW8PsPj89G6ZaDJk)9AC{7l9sUJi2`$jJOYOhJ^>UU}}=^|v3pb_pzj4bDy;Cvb1rQ9D=Zauf=}gG&4nh$VTVS*g{sZj)Oh`+hf0 zCt>GDO(!80$O~*%;+nnJkaxDnmnIK;E-@30I`qj5K+=AL(A@bf2_9dr&i%cfBtbSB zsWO87Ls_BU*(r6NAq8cP=JeRtKl{BGUe)n;cSfz~dg5!KB%0e0BULo&Jqq&?#H z@x0%d@2ejnx%9a-v?G;vL!emt4qNDqYC=k`kA369VYAmE2La^U zLQfn00~U80oes3D#POM_qs1pgFYn?CQkyU#H;QREv6riOSom zbW(vTBaYkRrumzcBU|z=9!Mbv_=F~)aXXATUFYJWC8)^94@2DqgibbJLSxP1_7|U` z!~4OP$nSYT!#?DLO=cR4|MU1IBKxxMo0cD}Z#UhSWobN9DrwFpGs5hSj9{xmR!YV9 zfN4$2`L8AM0f8QH=$Yk`lL_x#A1H|P9`NwDNy^{YbKz&8vyG|f?ZUqcXS2&XKRjur z&7R8$9#;A*npgQ}j*8N)1-d>I04zot?`zw$Ed>J{%pH;ck{fN9zdV4S`75EQkR{E5 zB~Fl*E6(-h3|>g1#S7o0p!ROZ6&3LSt6Bx7d17@(dI(l^xsQYQ1?IVb90$yf{zJd^ zC?;WjWzQ$>%KdmwL$Yb_#1phaJoRgGoTrRdxC|%;EX{lMb@$h;LM-^1*NGcO%sRCz zrg)8qgK3mo7FrbbKGq92B4Xc1X|$-SbCGrpx%+XTZiF4&d@;$f10aO0qmaIEDoQ%S zi90QuLj=qZJyh$B&01C5K0o2ki2K5Xf1>aeiaWwZjkESE9X)d`3cyaO8HJ`Z>6za=a_yEbWgYXu%{9zjMm z6geSK4x_b<#xW)jFXzOzktRQ~x-&cnDGotOJg4yF_tV`Y*q4RM_XBy|peZ5?rC3!#YYPX$m&C(P`pBWYh}-)6u!_l`%;u+ z++bwapH}c$CR_2jd756qVH~IqJ`nupR$YhX4U*M=#RKEbLA9^OyeVLj`CD*)K`&YH z8KwaQ`CyE*en@(`>4&gCBoGR~2B7Ync=L-+8xN)5!!Q5^k3xncyitdtc^q&)TiOy) zHA-lm`4i;#W3=xu<(180Q@i~wSbI&YENeU{b6fkj_Cvbfgd;>nE|3<+39i6(&gs6* z(7cd9f?zglW}Ln(`Am46v>qYM{FEWA2C}wY7h}^tR;;%QI~p_2%G1 zyx^O#gy1ePfQaosCZBR|UyEE)fcjT*D@FEa1)JF2WH&j!v8nzf!b|o+P4r*ZJGp!t zpu)=YfSHzW4UJIcr@!JQT%2Cw^;Ze!$R8QL_Hayg)kIuoz(fQehH=6V%Ae#rsag%H zkVE&0Im){4*aY}Wf5lBu<)i|xQL@H2@N?t(-pG(ao2Ho7+atP&gSQ7Bn!HyePRbE| zfoUxlIzP_e-+{Os6P{a%zKVo>Q`xXs?h~4>=jQgj!v*1m-TrD%2C=`M1UsS;pa8)f zR)%g3+;mY6dAZx1eSiw>R5v%!$)fVNvB~$a_<|j3*q?_%FP|{4fmcZfpX=V;o>wZY zx2v~F++EkQO$3jINskXz@lOE3`*#x6;Sjjmgv?b#vnU zn6?bMf0|Zhf17T~n51&Dt1q=ukDJATELK8Y52_kNKDTvyM=qwebY3-)`_=>PVGi7U z&)~#y6~7!EEgID2&a15Lt3+}wJe4id$JM*&4h`)gVf<3g61tF*^i~tGp9oamnm?e; zT3a$Lu&u>FTPZLvX;GZiFsb7`g<4d&GjzmwcaG7#IHs#ak9F&0i|K}gH8<}1gf`5V zZT&l|Qcwr()jJt`2nIw6yn)C020+N%FUu`NJ^5TTw_i(Ct`4tQ>3Q0Esi)NfpudUk z@e=hW&5D~Oq0l641Z^=8a?GXUunV1`ItKlpA(7Q?NFJcC3kwPWhgqg-otRL8glgdT zNMeqGR^KFbAriG5-rev4pp3Yi#NY&2gKEBh@y}pU9SAumf=IO*eWw@{=yUSL?tDk_ zdGT)RNKFJ^yX0c1y?wT1C4xzm#8-)?7JcO7W~^{IjxYWBb8NGkjx$-LJjtFruqs^6<@E`^guC~q#pvReDLgqW zH#akj1*?E_hmWj@42t(wvrpSX-qRJjUi?fX%RQCG&mfqeUMFMG6%LJjbYJ>KzuQx+ za-UmsI~xZtys3smOno7w)isg&jtLSeR}9?c@2yCOgExx>wpLY{Uw5-CZ_47XGc_{i z*8(I<-xIXbQbfyA9`Ic{tiMq@Jd&87SF}bTbB*T_oyO$83^@>V-@h9Q8MpQvSKVy` zdTwjjL3<&bz>a<(qHd3w^t|SsU+}Pm7WdfFywZlMJpf8|i}QnP)Z{8N@pwM}rBe?W zilA)QmoF|{)+fBJ5m|ud6Mp+LsveaBE}wU#%N|9b!(mF2R1KhUexDCOVK01L5f}6K zA>C_hO|R{^Ez>V-_Z9Nt$R}+9z$cel=@c&t_q|1CLv`WA%Xzs<=n02>@_S6~Ac3x1T^`bXUPv)JBoE_et!{fK|kh{L1RB7Ch$;)BDx4 z2sC4s)AOP_CKA|?qwF=wwG`r?))ullOpNYtu6eSPh+Yx}0PyV{-1LH=LKsv&YV*|+ zX@YtZz?7szu3^lBl;GToS>h#XFM~e!BFW7*&ZjPm{nC^V&FMTtmXU{82?5Ufi>Sh5 zQ9j)Cs$&PRn<{gU`^^lX#tfLGT}%1xcSX7Ivj?di^Lu~1bYMSMa`xKa7(mE-g%8Qa zW}YsN5YKo0V}!mMubvbhs83PC?dq@MneR2H3UvxPtJnRnY5 z=@KV7_|HoUOU`32<8F%Z89k`3`FXs*`-K_akauqGHy``1dS^7frM}M-L<@%IJj;?# zlF-Ai72fHA3(c0RYrY*|UhqbNY-nU>An9X53BHGU`Sa9N$Mh5T72%r$;NYoG_&=|A zVCUgZyf0(y#FVZTYp(+HQ|#}_>Gz1MZxg?c^V9OP9wLq-{up5EY>V%pyr}aGwCnS8 z|1(yGuu=PaP0kzD>yTx&>&zT{fto?YJ&TmjAJ?FL-=+kmg@aF&(+nc@Z7Xg5aICYV zWQ4uauP^l|aFu%Ya;okizclw`sg?;j&)Hr-Xk|(R81j-F9we6EMUhiCJ zWxNaFgDut@2!f!1B*=DaZ!KS7_Ql#0Dx0VZzsQV;5?=n!1tFQ;-F#Y7=cRVC&Uf4~ zQGIku7(aq#Qg&SyvE4tU>hD#8dlxyRF5X8?2%O)onI>n6<}iM*t-W?>g`iCfN#BN1 z&2OCqL4|%nBvb5;wt-KfV;A@H_Is2seVbq6@6SPuOa)YXKLeD^wDM8D7yop0f9Jd_ zI5qQ??7O_~;9y;}wj2S~yQ7qR&Iseg((t%@-p~6W!v~}m+aj@^(Qq6m-{P^aZtx|c z@eJo)DosB5W`^AjNG!|~aiUqx^pS3l5a*BT*zo&KT0S?AkJzP`2 zwlC=8=8|BZKEkh>@5zAJ;I-nt*Wh|69JD99ecGj%PHO%<7jPcJZ+|$Rmom;M=zX00 z;vKQsrX+BM@Gl_uWB0{?Ju1FrBV_;F%ZUiQ(we}%(`c#$$23yTY+ zx4od<`AX!pPF{IhoUccyFj?)xs6Oouom2Y@h%#hGKcU(w4to;%iz0=((?5FlA7P+E zQXR6{?t4ACS?N-VuS%CdEcN3j){UUh0AzgOCeX*Tb=a4xo>t4X^- zml7Abk&&gk+#+m+U8{fUKh)(1*mZaMD}=w-@Mj3X+qVfA5dH=l>Vs{TA-P<59J`s);bdcaht!UnRj^s zj(RYTGadFMdPMEkYmnEbDdzlu5j&JMK&1r20KY z$qIa|yzCb#1xW-E*$J+>Rn58X$d z4}JX-G^K(JO#l8FNVxwDcsa0-enEKjA3}i&+0`}=ZIE;wYngBw7>0{A4n+P)5Yoyp zV-S{yCoj&2lYL%!-g;|edv5jRmz7yj?sL2eDyHzb)@KN#wR(B>!ZViDKAj*wef4DR zB=mw(9k%CJ{2tPrF798sI;zZ_+&Dnbc#2P8J!ixOS#dN#Cd1D$<(Y1dH4sQ07xiDm|$@D2z|+te~DoC$C+0Yek# z6fn26tjeW~CK>LwQez8D`9+ai_(j#_6i{!**xrO^2ZT#s?j7-})r7l3g=xQanf-=% zCG|vEax$Nsd)T7;@-gFbbAOXL8Ar2!KmpS{wvkXK5pz~0bjTG?W0LMlEZMIEMP@YT z%FiI{19iGc1M8qK7uoqhDCT(t;sYGhT2wh?GV-dh&(*N)AGd9EEGt!F zKWAI_Sz!za4^qk5dH818m>n>6`xtTZlCE$s#SSex2U30u!}|!uvfJ~iTcml9jK+f} zSHlcW7j@=bf5vaAvl*-%1%`I;Rew!94BtBy`e9s2`5YJkqq7lbjI!yc>G++(R!I?? zY|a}3+mEZhMme1r68oZw$O@>h90C0yaMX$m`i zpcK)&KrpF}`%*Yfa`C(zo>2T|;){8d>CgFbp<#H5&sDq?nCKjChsw(O>fv$n;leFY zfyqP|h{kOdQbzSIm(_`5Fe0sR;?AFQeNNy-`}m23|6KMZLhgSsrSz-NhDZ(hu9)z} zi}7&PehG(a&VB(%IE*`bmTaLVv?=i7w@`eABU8$-zML!}Gn|dEQ*9!8pAIS4f3T?X9z-I6q5(Q0K%C}pIFX3P6x&3D-maY8uak_< zSsM~Y2S2N)M-%U~F3%I)xb`3mFSxp#LS{}9$@dTUc(0f1&1H(T9;$DXdS0I>^n@d8 ze&3Ax#+>FldXhow>upE{E#`%WAb@7C4SZ>@2NEBkd? z7Rq|jxxajSBHPPjlmqG;GMy{4-zKQEBCEidqH^#O0}$bMd-yIfzk&O1axM$w#exd-p}HiYrn^q5+K)fx{1HPx@HGD z&lf7`Jy$C6&Y+WQ7h(K?(wrm^u=DfeXjMJG>pM zBlH}?LxE;agEoPk$`WN;Sy51jb$~9vs*tYwD8+qcl~I)|?BfBycKN-2ebS0CgLt0g z_|=9_Cv@m=N#8GZq5(yz$?7v5{z@oh8Z4>p`tOjfwhZ%>E1@(KnJYV8x zzCK$L`(%n{kNjmnnf5plo~g$;Y*g!hkM|Cy`V}r^&LrR9?!3;YT9$uuQvysA$ftc? zhekzl0XU9w#wFa>iq}CZ>F-u?W%{}s%wF%1SoiM1H-1XA;pT>xa~giiJfg+a#2Pap z1U@S5>T?uAtDZ{iOaAD`Aoexd)>J(`W{;5n>%Q&laLxuP7TTptYa|5#vJ#9(8~o9LB?2I$c& z1fUHG2c85fE^}JNNAHH2O7>nVo{rm#c$hR0ji`sIApCx=ldWkb1Fm!kc0pWa@0ZsS zX07rTGj7r!sEaEmA~2hau@DPwNDMch>c;%^`7%!fAvlQS!SZZjH$W0 zK0hcRK6^d_GW8c&5OX>@LB1vZg%1{i^C8v`d(cWX@N`R^ifOdq}{SlrO=d;)R|F$s|_`%2DAhxrt5=k zy@E4f{%!OG`mMVGO9DTKyYV^L6Dgk3%XKM3in1UV6Yo`pT_c2 zoxAr&U#~s+I->8p&>ve*sos6Xva?0A2TkEHe|y~l)sk8nV1iWrbU*yakNFmQOP`SH zlwj%OuY1|se1Wa<&D(BNJ$d$*_ci-y#A#~55##o_A-HLN?{#_Ni;?L%% zULZJyNV+~y)gIc70~ZV@JL;Or!001r8;WSod+gwIfj6qwxe4ZS+n0!Mos6ZPG{{(O zJ3ORtT!bZ_Q`gBOtH^$oD%#jTCPz4|S9YNL#1&|SA~=`PrwufOssJZk;KyNQ=*S%M zy1ridw|hyLvnf4~i+fh{Q-oSg+2eFgb33Re$|BrD2%T@Cyy7p|wrO?O6R5RXk(Mz6 z+O`C=0Q|8n-?@PD*m5Dv8>7&0&-?AU+R7MKs?77!oS-u*i^5=$cwF4&FTn`+BOD|0 z>9TJ#=cNSRuRQaxu^9j=z(XxeJWq<&f)=D}!}(hsK+gsG%h;9T+P@ZRa_q&&ymM<`nvh+-O~getj*8?q%W z!BCUb>w51}PIT+`xHhF=%mki=S>*8p@v5iPplPz!`h_uyxccmy`Lo}@Rm!194vPdp zLKG`FMKX+lMdx^nzt>S~!oyJ*6;waG%lk?kfQd!C0?a5PV{b#Ye%)MfVeKE~I6D2h z34h$Kzwyx5I>*M1l68D-+$~( zdCZxPuWxRb>rsCb^WF%;ygrO2!KD``&3&e)sYT74?9k+Q2$P&17s5y!2>s#!>-q?z zapA0ejeK73jDmz=lq8RKiW0lZ2P=Sr)?~rlP?GB5ADU(Grmjx7`ImE8!;8fk z3%nH#&pZ<>zlZ#f*M<++dh*%0!UN6pIj2-!R-b#*p4fS9+`&}N?{w^gJ(R;M>)z^ez%c~3mvmyG?arv+-kE~r(%5FG7^ zz8Vax5Mck$Y-T1{jMPtK?!Y-wMr~%eO=1?XFrIbMiDs(DhOw*Ol{s(qD?c*q=r&QZ zdp`aMDANe_9f+6xn{)XLi1a5JGjlCO8~NKxID4f>SmJ>DhGEEew3m$~qW-C97}q^A4R&&Y-#9j)to zlh=p2P^iW{c?hhN{B|)9J;nCzi-)GOIKxQrrk_FQBKX`!CXSDkzO^#aiYx*!gwMyw zzb$dNXM5Wx`*W$+)NH>sW*k2fSILJAYQ+BbvSG3FIekAn(g%jx*({Ii{Z%HV5RG5Z zZl&Hk{UrE!Gik~einuI8t8Z?3G1k~iZp+2p4v*pdFd>7$bU?}(Ctk>*)}my7`g|yU z3w-{{9trLOUauowvuFYssYp;-rd=)_B`{t845yF#xA4?@Z}RSS%G+Jl+x{ft%3zFJLN^9Fk;B=bC)8XV<46nVpKpRXDb|HymqsHo1jT{xCR zj8Or5M-;KdIK7B%dhdN~ncjOJ1jPy(JH`f@AjT4F>|(`&73^X|tXM$oh*-|O{pCIH zTIW0GkMFN1K5%*Eje10=qRCNc{pVUdg!;W{y7h0#V9QP?3DnV^a*&?FXFL*p?C;Gp1TB({wt zU;;xLm|&%l5yz?{h8RzccQe7Zfp~n7>9=7VrZ5E)wTOA3b&JJBL}FRc%Q3KMVVjI5 z&_kh35wUBPQaR8W!dTE;E^@!5W)X%6T_K*32HC$6RS8gXqe$rtp;-d0G+YuE2MBsd z!86GwkslyZIup<;(3B_u|8U_vB0M^Zba(?hB4m^X}8KaOct^TJpt4Z~-kHy6mG8PMV^NJH<;K!MKN`6OP``#P&MdWuqkOxNPB+F8HV`QgC>tUi zUqH(DgJ3w7L*ZfJVE8fH=wW+QC-MNX6LLP0${ayPPl`E_fx;g^ezJ*J6Waz&-SA3? z5{eM0G!+4_52`g1u7!zJ8>1vO1%pF^IkQCUQ3qX!bq56`Jw_7efUYzn48Ax;%LQ3j zn>px_ar|UD8(A*`BOb|w%McztrU-Edz)S&%*o+0)Cmn{Op+pf;J8192o7~XdMIwda zQ+DW1gBOA0E9k=b!{R8JXJ=ty;fcd;Cm+hc@TMoCB}*}?kU6AvF_~sSX_yf+?S?;E zhs{brYzm7Irim>k50MtcimehqIb@aD`5Y$?mLrn!7cnt19oi8Rc*qv9;~N2*JII&# zp_kj|F`Lx0=#1?Erq8-DbBR+tu+hGhs-JJYW=BK`GL zg2#>X>y$(cz=3ISU#Y~f!fqu|I2s~Z?+9akBsxy5QNv_rdX09nQb91XQ8eVC*$qK7 ziUThIWU^Y8#La2}#E2okU! z97Ft#>JgSB$wFr{N%RPd!P6PNK~w;R#p=Z&1qYJhP*DjgqZ)wlnZrN?LKOl{tb)N2 znSe;2qN~H204**jise=r%I}f|`CicF zwtx>o<$Aq3wZ#n$K0#pHM_Jra1CuLZa-vcYb+LhRD=_|{r4Cro7`@CRbm>qcmJei) zBT_6s#8LXx@C^(Hi6IO6ptz$ZQDTT=<=~(L#;}Se!ApRIK>-LRzD7th#r#n}hN}Yc zADCTCE0M|tGF7)W?6do^K6u5WR>TB2lr>-ou$6cM!AuwEfz?At4@cr=7MMtwPfUPU z_;@&%MjHvU*uE$*lLGL@EYw;>cBR7Zx9F){yb2UXJbbkxq+$f9K9DxDk~KEIgT+9B zaY8dJ5+8^G8Mw%bcc9JgI7AiH7)s}N#8vD7Htsg?@OlmK9_x+LfCL>DLcS4)*J>RE z3=qens2IDN9HwMj2988W|!Z@6^k)&6=Yz&c93K-8de5mSBP81 z)as~sxsB=KQn}oCm}g{i0B~YwsNg-Ipkwj0b|-YUs-X8M>f-uXL^ogLMU0@tEwdqJ zMG@tIAd`d!;@N->vUghFwjvfN`bz z1n~%%a-p9G?5Psq33i3!at05o{C>0q-q%2F4M0h9znshyI*Ax4Z@^c_*eb6CBLxO} z8&5~T25D{@9p?>5*&3j(gZB+u9Y{YheQ24>Wu?Ue1Qb`NglxAUrVp@VYAKtDmIZ(< zh@sYbflO0^%zLSnPP5AZQf{E?1qLjN0pKkeC+gNJf&x>-z}B!tQ6xO1x)>a)%Ye1g zolrmnLVATe=%+AsQ3sh}r?~Yx9|Z-x79LQdwW6`Ch#nZEsS*%wB0&b3+KwmT7i^*rHA& z_fm*Hk(us|d6`f!^Gmr@kyMBrpzyd}6!UhN})Lf+!jzE-?onNMaM6pf~I? zQ8WS)!x+W$6h?fU$!D-pPO4CakI2~~wp1jdqrEXXnF`cVc;Hp%(qwM4ixRYI>{v6@ zj07y7h;2io<+vzVWv0_5pFOP9DU1?t1Qmr8O;mx!V7ML(ijK##=wWEqMnO0iibI*F6c1)hhfNP}!uI=3@Qu|PKs z)oqE3wJxA9gjeBsr-shus+|UE*l%D1v$dCj3(KI5h($!6qA{pPtQdz6R1ac_(Q8Du zMG4s!l9*i@8J*#Z`y_Ipf?^PD8aF@UrEmantdj{G6gUn*5DF381gh7j;5(xjf>s8t zh3Y6(=ZWBH7$sCttPnK0VXLNsa!(L=e&rUX!iN^neL)P6J^KR`p1hGnvIYKm|6;NITyqbg?R5?(=u$bnDt~;_6^oTU3Z(h2RM>VRoN_32c z5A)%}V!X_c{0m>l2UJ|e42n5|kh?9yZ;4IXTz@hR-0st5%T3I{=Fu;4% zFzJ}o7>;hk5EW_^ObKdGi?$<<0ZjyncrBX&3~dDH>Bn2tHg{AF8VDfd1@o8+0xn#+ zC}P0Lqijx$kBaE{6mZ?Byof+SWQIsY3zgJ8)UW`{(-|UBSa(!t*QXFEbOST$L$;Ba6*N9rY6h$=sx{`s#&qAR`EE04 zjR75ML>4CE$l!PSfpJM~MaN<$4{)l>)7vmxp*UgUE`6y7jjVbxMK*()n ziA)RP>T zVLgEaBF!;@furRFbaFLG=^{}bdQp_952H;Owoqxnaiq{ss}?b$5s)MIxa4SK6rwz! znGaLxHpD;%y>y0K7pMk7jv`a{ey4_4g*v6zetspf*gNhhN zAEH^97#y;LTf|s2PD~@Sbb=scg?&KPFQqvkQ;c;=*^rj-LfQ#sP$I=NDn!jBu>wj* zP`hC9z{Mf+BrYN#{7GVOScu|M91Mz2ZPW${Dz4Bam3nzLx<%?W@y#T-!Z9F6 zA&CNRk{BY zgR6uyQA92|MFCP*UWv zNO6l)|4AiA`8>1I3={-5@QPJhhuGu<;$4#29yhB%vw$tY&_KZkANHyd=ZzG`fmF0N z44t7sGG#W2k*`ttF`(c|cQMooH^mdhx~M*AY9wL^Y7nWxk%0RNzEo}!20=antPay= z=c+*0UaD0Hv~i)|E>gr*Rt+c)Tg-m7-NXWbJdYcs$|y0Nlt$&tIP#Fu=!0+K>CiR> zpt%5_X%u1NL5{=7v)G}FpN2S9Wd`Lip!;hqC%znBj91r@mHiuIi0@(l_pe8sdq8X&NtuhYi z5YSlEfKq@MT&s;H!ST@!K*W%u9G{)z@PgbgNf$8U{2CTsD;G1!c2gLr%n;d1yMu10 zVnMRWAL6-;DBz01c>(L=7lR}foGj>pdH|XbQxlmA8OWT5oDn`A*~D3PI?-*QgveT_ z9?QXtHA;pLr7?yhG9t=JLTd$Ron6FW1eqXk?gQ}&g9hjH;-rvF$4Q`0A@QthQMskkM8J zl_mjC!t^ z0okS10XA5!mxfegpBin)2Y5j7jA4hZY7(9kvkJ6ohb#&*&{jVHIiRj4py`zc1EgkL zAth59gNX^UK4fSN3p zT?Rr9nQkFa-E`oRjwt!+xC*$+X&e?<|EQ6{hW$`Y2VG9Yzaw&^K0k~`iqT_CJkV{7 zqx}vg^yy3W0b|Te!huo%Fv3QIJPOSvj?>)?9fQv%%G7AH6fX#(Og5kn;o0H_chnP& z3yctQgrpFnhbShahHfV#lNc0axlV_KjDhAS=t%VOLO!j-$(8wW7%kC*QRrO6kV9?3 z37iH(+@Mo|{%{PwIIa@FY*%UkU;*#9J^6n2YHPHYQ39Pk1Wowj^ zSJjvFE|(O4^% z=TSL?3J5Lq20fc^lZTm7v^8KxlhG&#$bExcIfY8p057hCq>e*FT|}qgiZ~RKQA~qI zEF2SYV&KHl2$oAA@@OHu+sFZ-X{$zw383*NyVME?fYGOFBv=bpj&jE2SQ^#kc6$xb zw~r=>1v)E=PqBn!2D#4&@KcFJt@JCc!C=6_4eC`gI!H|bx?gDmQ9=)o7*R(eDiVcZ zV5od{o=7I*Ye;w@TB_6-HHt{w&tr($DzMaOuP^4}1oc5a83Z$teb6tXQp5lnG;!>D ziyUgAIFJBDF5kwGn8*7R`9MI>2)9vp=c zAp5t~Dj^^lT((N8;ge!k5)OkigLV?y0}c7;7#+gD!vzWjjhb_Q&^8Y4Q z@BnR7;C~-0$hCN)jlv;FhBDAY1M#7HIRbA-Vg)>s`Gi;jGM{L%%Z%m79UOxiEnxEu zWKcj9azidm9AHQkKi6u*Gt_vB-i;s16TJ;ny~0|u)jhy(CGB&fa4sM*YmqLemAgaZOg zQLMwQLShko*Es!3VC7L8EG9z$Z>G@<3T=c()8RB?yw?)ZkhBgv%MnA;9_Fap64Tr9 z>TmtFfiP(6P#~l1v(a4+6^?5+vh*IC-DEWIwR!;}pu;q%072$d0-?7{MhJrpJWC7R z4@?SFAx%c1fU1ePBQC9hf|Ny~TDeF>(RyS+M#2GoaIIKp#G=Uxb4aFC5Jf&Ugcr6b z5GYwiRJjc56-*@N6oUzeZfFu{pPQo)lnE3niO$5gGSxgK2x1`x7bXpA(ik*XCIJ~3 zISH)>rZp9n9OC=c7Be=krBV$@r~M4V9!Fko*`YSrklbWJn@TU$^JfHb`xW#_0} z;E_?K7`UfmkbTwYRnYLnaDSV25sq8S(fXB98i=d&{bWN7j|G$?kS3#4QoC3kGZ8^X z&8;wV1rj{lqe!amZGX<>@5>aBqpsZf- z$v6@rKTKhJLJ9{mEI0)bdhd~kNGD2AC?+Kc!s~1e*W$9r{BEXC4{|VVBcJ<(dOHuUvx?s^fZrnXZb892}|0uJKEG zR)bF(lZm}7oKI@UXo4~Z^g&t3fdAoR-Bdo`FX!oDlIn>8x{87UAyT?N7;^<^DgniY z#G8r;N2j64l{P9K>Y(y(&_qec87_i z6d~>cf#K$Z@K@C2Vnk^U08xwC7!ni7MMJweBmguPxmm-)d;>~w2r(BODwZk|sH$QZ zz_G)$@IB}-F9g_Vk0VTF>kzd?_^5}W4nkufbPKD|USRHXS*7sM10HJ(IOL?dFj^xM zp?xu{D}*=;v=Gr3b=lZ-@Mg?FYNGN&x0Qfk^HTLn6o4ueSYONzayuNS&4x^C8wPPS z5#9hQpKahpU1(51S963Iyn|qs^GE?N-^r80yH27s0Pa3?g)k^;r!0W%`hEaYqYW6A z5*@aqurUQSER+DhBU%PpKA^G9q{$3GZf6FYsslDJqgx*gXr&CGymExd9-Bq%7GYT^ ztvn3M3BfQ=$B8R(Y7oW)-A1^(WV%McjKs;_2$FllI)K(A430E`LL?%^JQNVD64*gB zTS4JKo0e4pbY(uFmW`D=BMKbPh8RMH7~D`9ktp>=;dFRSz{|$t0C^Rb()?a|*bQME zFo!AxL600wW}EP+xQhs-9=t+@ReL-fLDT@YN>7ua@CLYQ7fTK2R8i$>I*|g|9fbnS zgu@WJnb)d`Tl~&| zMyQc0G)lQL7=rVOJT$b+0h;tq0*B95VQ>N>@Km4~I;YEH#6tU$R>mgBZR$A5L)Mv8 zOr=Sul8Urk0RzCFOraT25izWWFJ?JFGo9=YYjKD;wpy-m2T&}a@-dqc(@wI3SO@`H zKr~U3kgZTNl-#&gDo`1P49J|plXuuHK>>pp7f1aLeB4cjD-(-20xHoN@iWZ;>ml&C zhM*nmQfa(myfYTneM8F##1yiaC)V)2RH(S~R2q)P3e+-Tyu-+L@sxDDTV&@M2uwGe z&kQ{yZb(35<8mvCV`U1!0_*KEwTz|@>s4d{Mh!(_Q`oC_fDAocGYheP|J#~1yzYvc zZB8ggGl(m{Px|h=lZ4qWbchg4p;E$6J)gOHRDYEXM=y}1e@+!yX&zYn9^eNnN zJwB`c&6ccHcbi7kmwZA0HGbv0zfzm0ru_ReBcW%8bNaH}DG9k_lnI|&NG=t#wr;}x z#iWmE`JbQrlwV6XX9_uefX#z<-1vOjmxuZ+2rf8VAKNRcFC#ESIhsp9_4@{$FK zNr}zA{p8F|VCP$_#-^y*>EN{`WuG~8vbEYRQ7|6-(i~s50w-S&; zm*Esk6LOFI1)q1$UNEZ5zvmm#KSi==7W4W7M#?O>3V*^x!5p}5+4=OVm}g59 z`XeX6)NPdH{rgr*^W?Ogmru<}i8=b@1p@~SK#l+9-@!MI8B^51&!$c2*<*qUA3CRH z%$t-k{Gd_<1NRH7XI(r0PgSd|_NHF@y7LD%8(p!L&Y{lTs>>TgZ{3lXKjO{?8hzHE zZulPK;xV%*qLqEt4X7Q}m-}{PM}p$&QcufIqYfvhH4?D62}!4h!iaCbRy|Km@zzekZWaOR{_y^y1}tInn-j{VP31ONYh)G*1}`a_=<-MPH>4YNU6 zW$JS4@V(J>n;e6!6Tbzub!B< z=+cfHd*^0JmCIlroim@vI5zXPK&4BGO@fswfJr6h-5a+=)2|5Y4h#+y5SSuO}%bj zI6126x4At&PW`;in^QNwA;ppT)TAsq`sa;qzpmPIzoBu-z|(K?itf!B^Ly)o(nY3f z%E~wN*6o@J533G+eck5y?VWi|uXZQ(+kCC>EYfz&+p3bf9jE(L&Y#m|?B@78*WsCM zH=D|YyBj-?-Rl?~ZyMSo`|Ed2FXmLZ*4eLaD!<24FJ63e-<6+!{Cj1^o!G4NlfGt+ zJ@_nA!{1qd`-Hu>_s9>lKV2Wk6q}z$-rTWVA4NFzB{pu()aM^3`WJ52ZZFL(I#=-F zkYIAd_*-k^AxEaBW~zMH=<6*_>zk%^c=`NFOONeX_x{|{0sDPfvb))5KZZx#%9^4c zGew-(;p+RUvfeLzn?Jw0<#`cly7spxYgG^Zx~o-XpU>&1H*~w(H*#>)wf(){3~LIP z_iP~F9oyy3rHanyS6V7=ho3X&X5JmYcJ!G~?xXc@hDa9OeM4Wmk~+m)%-;bjJ?!*yZPmd$J3M-<;){7rMT!=Ha>%bM71#?SCkJ z?j0{`sy%l4+KxM%@5{e0JsudiYE|QgIsS1si+xA4HjF>~`KqM6@1N&ZXO!*7eO=lV zsW>XS@qqX?T>9{(GQCpKex%g9a%t(pc1Jf4o9mrgR)KGp^z3~iGMlJY`?SIT-iG<_ zUYNGF%`R=1acFI5U()?9CT z5m`7tvn05?^{~Sa3ntUQvvobzs;a)IN7lri?j?g&;SHS~*EeksFAeR!A^WTHk5LB; zFLWb)898L)hD9BQJI(3Msr{#y4p0^i9oO*oH_iJ?En3vg$b9j!-m<#f*B}{j^yo9k z{PZ7gP2GCPzwc@8+Bl22t4cKb`STUamjAr)&b#MVrjLx~E!vjn9(VV+q+eY*@0YR|A$(h7xs{Z@Gd!o))A#w4GBS4`Y(C}cx_j7vC4u80L=Jz3cat03C z(b(C&ecGizGyzr3KQr3YKG*CR*FO#4eB8%1=PNq@XEPy>#@Uljb%JeT+`?hHk_|-< zrykm~S9|SC@TMkUknnAyebX+9f-TOSxoA~tC8EONhy71t&x2^V0Xu zR)1Qr_?nnmclzjynqZN!ZpE%^pFbGx)U@iIef)=BV~!-c6obb9Yom8fvx8Sqx!{|P zrvEiEjm{L_0G`nm9m+HA3ZKSjjK8ygZHLrNqppqqIC1y=n$^x{d-t@VpZ<9G>+bnw zhYedtzcc3i@yeUnt(#vpxvAobM3~=m+2iQl=RdTCDKctjZ`aqtg{i_a!LS2QMm4l# z?P=DcZvEu1MAvWYf86(|>cGJvG?_SPJ6zx10tsnn9aMEUDoX+yh-EpR*)^6!7zLix~ z|422LeeS-e=7wtZB>gSD95-B2dgk#% zv|-cN6J7Q{%a|~ETHUyV``=~Mk88j-(FVH@AG~wr9zT850e0)DQ+Bp48r%v$>eAZr zFWYr2>b)-f{Kbp3wrwP@AMRZKOWSFRi;aPr{rQ`iL&xqDY&EQk-5h^*fO_ku505OW z_NEK0%bQ-8XLQL;7C!Df{-?fIo31P#U$`pziq4Vz?@eYxJLyjLbEjWAcI?N`kr$Rr zztneqw_@!2l!J3-OutrGzGvu}-*=_EpBXZ*Y;m#nWZXD8s)0|Dhffs@yWLPWV^*KX zshir)Ctnjjy>@44)O+d&R|<8&!BID}CKiOwhh9{-S#l}uo1qvqK4X0t{JXZ`1s-=Y zopw>{V=?0;p<2wkB(kv*>P3 zbv*oP;n%EYsSUN`vf9@y5LdoDvv75=a*}Q4~yNwilE>e|MycbKEnRn`v9{461UXXtmV~RoG|kCy>1gI zQ{HyPRSva&`lq&4$?o%cLgUM(W}br&E{!?ZVfTu{_==`g)i++edw4l~>hOvixwHE0 zT<3oJeB<+Y{dap3Umv-u8m_zFN%-hN$jBt(owkXKmoZ(XjtI zkZUepG~sAY3`-NTkA&89Pz=^fHkw=GAUN+^(aD+l32c4axp;V`RglJ$J5!Z@Y+wY5P^|&*K`OZ+($bnsI7s zE_a4&&yLMQd)M`{c^HcXw?Z_4FPqpv^gSF(QY4OsQz!<`1TUb+6+S=N6(F{z+e z_ZB*l2=YmiH+T3-%7r<_~*xg?_Rlxh@x(%R+8`%YGYch+PjC->&=SlgvJWZIkZLV=OL z@bbKG9(pmIgDQ$=PkY5XbLZPd7puoTNX&^sK%6(LF!eGIE*i}cX52?Edh!2v7mabQ zGvC=CB6zAs3{h<I^6;JTEmO%;{hpfZ8wQ0>tlUc} z>fiO^w$*n_4>mT|tad%Uv{t!Uiyt!a(4@SKvnAFqAD<7qHR;WH-Z&P){pm|ny{oKO zWamGov*tDXF5LV!%csvA*9ija4=E{<`z;pz(m1)fj*QP;nEm;qroQT6o55Q(JN_E^ z<{b9gddZqisr8rF&ChD8+w=b6V$sdqq<*zWTD0Fevf=jS-kG)NlIp2#eyi~8y*G2} zsL!v;`s{vpZS2??KX!7SnBA#c)0wV&D)ntvW<<8sZ7=Kn{&t|^#)fsPo^82nUg@em zJM8ezgYR#it;%k4l{}c2QM-9hm49`w><{|5k3Utr-3F=e_d@Yoy;oKX~LY z@KrGIWg|0p7ly8B2(Ftur_TT7@F#!CoAQi1Sn=&r?8WT{*0HCi;X4!jJ zw!Y?Qt3J4s0`jZl9qM-9a_`XYvb($!eIHkycYHxwszM0$%49vxz13TwzD_GIP zbKv48i4a4hEUeR|} z&->5D{E@=-{;sy2ymvJ3{@p9}cUb)g4L*U`%*koosYz|0Hwx-b%pd*b$*Ls!X}G7) z9%IWt`O11(#+QV5t#t3-P+8b+Fn7YFSB!?AGH29$Tr3*3J*P#hn`@U&Sh0O{{o${N zb~$fc8cO)BJO0eO)t0YICuVPl2XXsLW5wkCmOZ`)CkgJ`q>R_6`nj%c(u6<1yMC+v z=ug!r3*!^Fw_3Hf$2VVEgUMZy)GWyhi}PH8;r0%TsOjDHiFNrhp|4%)?!Lr`F3}lwff7LcTX-J+w9%(Z9+^6Yo}LHQcFD(k$f# zPe0QCte}q`AX-&RZ;{%3-Hb!BC+UXTs)HqC)0p|=CcQdA(3Q4Sl|A2j*uAbWykg|n zPj9xIKiE)pt14F0E92vnHFrMK_3Du6m+ix!-$W{cct6^tjZi`G<|&g zRCopNth}%)>%Hds#Gb`NwjQ`dmX-C++*Hyzrvvj9ggh6O_Fnrsr=jM)X`ptk@aR@n z!J-x(d2^tc$(WG!PSH^N@}~|I%C_paZ^p;Z0L%LuDltM zNnN#mz?(*x`#Z1|BQEDPmmbWWS9|#DmtV4e(ouB_r&)fp%s-WWci0HW)&s9+^SZ5V zcWB~-%sPC-xHor>zPY?fgC!0~O{Z&~e1+9oo4RpQt8LcmwOW6ly1wV6^#RSE98+v-_#OE9X zz9jbM@r(A!)JOlE{UtC&*HD$Y^+Dd4qngLzz^={@_<`w81Vm2Wz<=;MqjQ^>+L&8K!8SP)ebIs0B`_9}0t ze+_qh&yI>wx5!^eDGAbo$(J@++b2=RUYUDr{=lO;%Fo`RGgfo@{yBQpz{VFP^#!Ou zggsLWx=mNi?T&Ze&1wiWZ^LR;lY3QFaU=HTJh9D-V>fPi4u8HqiP3X@uZ(NEaxTw! zS$!z${f)9M`=1T&a$46e^5XW5o4Xt}(+Phcu0Pl?Vc?rfuq?TTK}#NL^Itm48Z-O; zRF3=v(fR%^iA< zm^^9g%LA{-cYEX}cODeo{o&BMku7tV9y-y`xuV4W<;Zp*gS{SG79*vf~B)sX+CbCO!BPc&6b{vxa1bT3#v=Eb3=7v+t= zo>)10@21LoAGS{|>r;jS2e+jD(DO_4)EgS8jik$pjq>f|!#C0vVu$^-?uV*k=c`$h zVX1J>wqDnx)x&A+M|oH8NX~0PT}52jHfm_|V<;un%gjyLwqn2eeD^&?bq&Mmr!R{} zAC!FT{P)sadBG30^QTQ6^Qhrm`@=>3@mXzV<#y~sZ%tiBrr)BIaxX~shn_!v{mQrO zz}umt92bjbbm&4F+pz%kaVqH;`StYPegD=Q7E?tO`0sH zbH*L+QX0)}bL-(U!#rQbfb!^HQxlKg`zx!nH+NuSQvbO-*4Ixg>N;Y`h)8aq$D`(q z86m1l{VqvWboHEX)vP~hv-W@AqVq8JJ$+8XpTe)7W-lszI(9}we#&3grB6;x{l3lZ zH|*&*;-|GHXIB+{16zFc_K>IH1tcdIv+PM)sz4LDvt zyRhb`2!`|RY6^hYg9 zI_zVobGPih|KlE38eY1HlYb=VV0smYk$^84Iz6$x$Nlpi(q5M49qs%2$JHHL_dS2% z?2H=h;~_%nz0$7jNYzu0$Vy?V@BNe7iB8Ecc1P#k`qyeLT0yd1>c8}LzE=H5U;F8) z&6>&*Q|K#iOs3{fwdAiaUR^)Y)2CHMkBW?`qjp7S38O{RgJ}AQyKQ#P+FR2I7nSS( zXF-1VL4&yYDfu79j_EkP^bMQdIj6Mwu~~hx)!VwvI6Mrj(8=GrJ-Bp>^xd(h-e>>U zDLh8f^7W{!Iim-BYDW82JPOS7)FoT5T%PD1#Xj+>!1(2Zul+h)((ank(|`K=$)*d7 zg$s@+&y>-M^Q_JEzJMCKTlAmg3K9I>6t&3*9{iT3<1{V7G{XaE+8tdL?s^0Jv+|=9R zmJCk8zjHNzq+(Kir+Je~^Y(?o!6>O&F{4M(8B&#V1S@}m@<~k-QIWr3@QI=+5r3bG z7OsBhMoLQG&{p)Lo*H{<%#n4olZS0QmAxtc?pb5!G&-=Eg>lUlBptO~o#z?H5pAh?0+-gA;b#U|M(}P_{m$xd% zG_>o6IZn=fC|Hac(~I*n_>}EOzFjbuVhSzX*-qN^gF!U7v%Wp+``?{EmMu>?Kd%#~ zsDH7ou~U!it&q2#*EUmLX)J#{Ub-eR?byt=fp(qVOwAui_$#w$y5d*q+QhXa_LZZR zQby}RvWJ`d{p6hhYyEihOiS*OZTHXp__MzGfZ|p6evUQtot-%Fb5lcP>b%d`+_cws zI00U#w5kamr9UO5-k$d6iECrq;l$7XF8_|HX}&KL62NEL)nU4-+kT+?;mJn>@ z`z*8ADHlbLd%sy)&rB`4JxliD+igwR+gMdyl9SN7Vn{vtenw@7v|@5Rsgtx{qx%)T zb;W?YSAYKDLYMbRsi+@W+{zE-*`2fJ?`=pmjyqc!9o0DRemApZdVQMb?(dO47gzA_ z8tBtx436Z%k4@y)NC-MzFyS3I=j{BBlqrhLo+E~J%57Wv>F9&`)qfSVzvQTlp6mU? zu&tFDcsuyyBG?+wZa69d*0v#QC+Oz?5W7kGLT@G<{W(~3yEq@7P?jL%<2)_Ih`#nSThw9dnWcwzI5Wl$kZ7fwk>P%w%5g@gEyyh zE89<-HeE*lG9szHa^Aru+KSV!Na9xWI#7SRe`i+Uc&1#vWM=D?Pxp0cmD@Ob0Vm7z z=s1Lt(xyrZzvt)h$b;JJYdaqOG_SQLU^RuiGO<)*uKlm|yT(a5SRh1PB zzlDv?*BeDpUM)Ia*0b7mv-tSSR_pi9_}tq2#YxK(Nv+AyRwQVIozPA-; zE+$W|_8sCZK6~v}Vcv+8G0WO#x4Hkjwf%#E&q&tPK~GP%ZuK}(zXsM)5B$n_pYk@% zbH{-TKK{OZnDkg8WkS0HchQ|1PrRBxx$>D!c5MAdbqL&nj_Y}Br<_A)Hsno7O1<#? zVaNfDUox;YQ(oagWpno3`j%hmILFa5HL*RIf>+yQ#`vIh12BJ`vaygTEh2>|O)~QE z(GO{l+~52N>CanyxnoAaj6Qx$xbW%Pf)%HhrLOCR__%jCd5eCfzx(vVgQfW;-{LCH z_Pr$7v#$QYQ_Ef{{g79%9yh%sGo2zen{5Dbg;ytod`k%PpeOAKpX>ida zYCA5U02lq+ApgxI%Be10@h|B?ymHApUp34m;okUW)!u7a2c)eD}q1ZAo7LKbBmhuh>;N?RCi|ZSCyP zG?*hscq)*Od6t{-@OwzQ96$x4)8NL=-PNK*ia~#1T+#d66RYL#Y;F*{Hq`i4;;lM$z(pT#zBIzXrL6HELnDREb6$a;n z!#gfjubMbavZ$s*_2gqq2VNYJnDY=4SDZt0@zkW;B6Bye^d{_^qc3pmf*XYuNsR<)2y*m+}zrKCbQ;uXCF(g~X&wk1sdGHE5o zG<%ol?x9noJ{?vESmhfR4Lsc~j{mv2rXM^2{1rR9CH=^`{@mHiez-m%bMxl0d&*xNcvIeX z%L&r-Oa0qAaj(OzWna0+x0&PfYc-b+vGeou3tn`{`G6$W z=5M|tOJXFkz0O0D3GPFU=3Alb%-;OppRaEI!@WSvf1T8RWzsJ{P{hKiqz{PgnJ?z@oF^WI_g z$$FS=7GB#j{#Ks)anhTV){LV5t(8~0(*Ll6p;*xuyvZB=6M2%UJLVs2XsSPa3nsqn z&ExX{Vd~UolF|vyda|T}-FL!cYbMR>hCRs`0-S99NS?E7AsQl>LGnUm^X3>aO(*yc0KdXQ3G+6F!zWzT!*u77}WvHXV z;ZOS`DWW^U%K}2y$6&wje}=F!Y4L{1xf|B!7w0Z29kIMi!X3D%yRFC9zK29rC49MK zgH3ZTZTgVr9ZLFf6MrGz_8$A;I(l8=8OXQobKZ zgC+Jto;w|dgwAt&j_|C>Soj-~`gBRt$D1K^DJRo$9e*j#!P~E#`k`(2oflU%yR^sK ze^7dXck0}pf~Wq==2=fppII_weD}n1k4{2u znJ)X9yPLkYzasxg7YRGw=lee?&#qQw)*sBNtlqh6)yT}7kO+D(ec+7sT%Ba*bK>Dhw9;aA_4bx5m~rEp8@+Yf(|vNZYqr#BUz{@mQx#%Fz8 z3}hIe-d+~{(ww^SPBCY3!Kv!IU;uCbP*gm2kDCyCZQRrTdtdDJ>GYD|fl>$@53QLu zd}GQ-<{jSeKX3o|?m6p3e$L0flH`Qd?#?;tMDa)E&*zGTv&ZNYj!W~maSGZ#rK3;1 zv#ebq?=kO*U}Q2$k)L?<*FY1J%9x(eBqm*3+P0#&cAKx8j>he}u(fhuQm?9~V^!mP zGhpGIV^}IP{Ya#6dCv-*?S9L4Sx3?D-ft+#e6eqfTY6}{83@&7OsF3C493XWbEJaiW~cm zT8^z6nIKLzZMfbSlUJ~?IeYr_rn5_i)I1g@&!%&dH?2qKPDxE$(E?V|#lEnTnjeBB z;yH4>BmIZ;UP#j2#(>f^yVd;}JBR()_=S{9A4fXVW&4!Hc`Z1{r$0$}Iu7Ma60<6pYTb%s;gDMqhBX1kJa1PP@@^?d~tUl&3}X@caMi7x@s7 zrsesD`qaeHh)cXfBh36+vPkx6p>14If6QNE7X6Pa;N0YQ*D8L7GtHbr&-;t99bW0! zMx`J2`#{bnphZj?2u^R&X|NXXRZw6kE}XKvKR5Z;(D0waYB2NxOVc6|$W`3L41YL_(bKi_Etxnt&m>-4blJNtx|uMtmc zRksmOyx@H&^G|+GPCLDA4YO}^24W~afuT4x0K6jSCE=K{a7ieA0&T&-*3F7GCg$WK z6~etaS4JkWyTT#UyY1XLtDi)AbNU0xVZ>uEo-lh%B8-Fbdh>c2dEbv-?03Eca~i04ay5gHeVo8MeCkTWHT z)^#eKlaQ#Gkw7ni@g8qm{335mDLkS6=l)nbvL|?b1A5N?m-|xKN_wBXUUgw{)&slq|_Yc=Q!_4#C&mGtAir>he zK9LNFrtK%BQI`idyfALeLmwgl#wj}GlJ$G0=oDsVL2|QHfnEaJOI!p}VA`bE5I*;% z=@AE`;Cp*B_YJ7DG(}ksv{HHBB%FzW)2k|iN2UVCBNIHS3JsaljvA@FtynG!AOga$ z#mX>l=uYQ|4Gu6!E10#2CO8xAGM$@!2l}^<52nWxWY+C(y?fN}YoS?5NQ-)^At~>v zmDeXs4o0K-v+V%_%lueu^lou5$Jy}NmGb?yai-Bn z0I4pyv}yt@ajn$Y%DHLpk&s#a$bjt56&sFQXL&Bil@U_QzK4`S?xpWd!nvf}t_>Is zFzPy3#UjX1Y}8n63d7_gLK+b$08nD-CMdt`S1cyIp=wE|k~!rc*pm9eUlK%i5pR)0CDZ)K;-3oXFXuI@s5Ccrjp zBZj(F0IFQ%VTU=tGH;R)6h1a*3T1IKkHBaQXy;OaD*-c0(6i$%aBU+a6jw35g*icY z!BJOEM9zq|+kTemRKX&C8~6y7XWpKB^%_#k66E%c8-UtV>h|UBVsr|mXg!v6b^x|sqqJ$Oixs;4TcvhDhk|rqlUkQNEfz?!Dz)iO*xwmc7zfDn>v9H= zQJW6uV!b}yu)9%tyMGlt=kjXD@v+U>H)|iSTU0fy*T37_fJkhbhu}PM@GyJkim_Vc zQ%$v0317Ho;&@A>aWfQ>Vz3?*%%ZLGCxv?1yrCA8ZsL$)Xj;1sj@3da{tGgq~st%SzrAUg$;*BYB*^BgH?PDm1X1d%UN*V zcrZAmf)@easPSAL=>@WiJfs}VV|oWHNV|&Rsg=Wte7l&LU0!!M9*ho07Qe7)Mg0M&i;k8 zsqnu4Iiy|uuaNfg!UzOuKZ8dzJ*x0O2DRq^d_}-of$r`Q#qL$MG+bx`Dkq!(i$YLi zta1R5A|u~mE`|oOqmzLg>9%A7xGrfbg`X}=UywILa=G4y1Pc^%;I1rBI8^rIvJes& zOPAZxQ&*qswY@0w{`TG~Y*%P3L)0oX%VS96H3-8ePMsx*?Z^0f7~C~i`=0VAPuudX(E^~in877uUbyrmPE0%IE4-vAp=V^V zwA{kzyn?Bj05_34GMJkZM%04l^h0j;IYwT(xkw3wfJ5%d<{N7AzYw-5>Uj?YVN)aa z$zxOU$N0xmR#L9&6I|~=F5RaOCoZ~<`2twq!qUCf(cv{+ejoR6m6k9Po&RhV}EArSsP-5q&u zWmu?F1@IgLmUbUZ-Pr>Yc8??((zqs}2*Ba44PSeyWuV#%`8K$b1$gbp7ki^APU2qx zf*0(m4%-X8PMl=<+hF7Iy5kd}N_r7QWw7Y((M1k5V>ASqjiTY0 z$H7B2+>RWcIxt!_3PTM@7dDI&q*Wx>2gAc|Hdu zEx40px{h6Yayi}<6HixzV0n1f$c;o$56?V!+iU0;Ar1;fq1pt)DYPeLvIdv6+C^uu zUK2xE2oJ!yE2?aSBuIv!m@i#X7@CB&F|=9{QDM$=QW3S?eZSNW z>&~L65w@Xfb<|D*@&4EX-gv*X>}GS&vERXOsM^MieN+~j?ZG;1z4gJCRHprZ4F^*Wr_EOjBlq4DM;f#|fR5fd7K&!SUO^oHdCwn9N5(ZJ2u z4}3)SndbLpD9wx1802?=H&UE!;`LzpfGX$J{Df7q0O<+Kg7Y5w`Ml&wAH(4bP=+Ic zGIvoGIS7{CLPlE{6|m?CwAoGo!i_@aE+fXq@qH2@e6;JSMG)?lwu`YES)B1K`* zDF|dS84VTe5n7a(r~zZWfPM;5&s}Ah z+ZAvh-Nbr3+(~xe=C=E0l%fDrnreArJxxF(lKm1HjX(^94x|28(IJQ_@j9%YNdWIZ z1@W+yE;UZz8nM#g8lRh}AJc`{(f~*c*rLFS%dbArXM#$t^YWt}R(e5=f*Y3vXz;<{ z`}o5DSHJK7V`vl;WLHmB3tqSQ*SCZummHKwHK%zt{S-iYBE07m^i{UYKmpH-dmALgpiqENxlOfbmXU{+h-7WKRiv(`b<>$`n6 z^Bx7~sw3c+_QBq69Lp$#+lhmt0kB*JV5=G&ki+J_Ul>aC@?I%>BhT9LND(BI$1vmS~e$`;!~h_!soO2Rs$Vgz zBO`VCV}tibsNex$D#nyZ*cZYzrkexJrirOJ901j=^{xbv&a7rpHaeUTfMpVEy#XlN zesP_Z0*of3u&F)7iPQP?)ku3T*V@zVFpgK<8SWa*^nD~$?Rq4fED-&mYUDbN01KFg zDXzn2(5}gYh!IfoKq6h{5H#osV3DhH&xgE@{Fs-G+nNV5IHz#nDYsY)hf^JjwEVON z2Ut0{)c&Uip5NZLLHKtZ!gWa*pjdH#eWQQMsbS6ZV(`8WdKNal=L`{Ln@JU6r<9my z!f8X0XSU`O6{PtezJ6Zvvi_}EC8*L&KEE`Z)I0*pg9F4DLxr1;M*-`GDwCP5|5{a= zyNf>nz@UPt0!-Xs^U?CTOiAbLDyPXY(j*AYRQ&+(PDWoJT5%Ex%!FD4Jfb~01)`52 z`B-KjZ?lHwNho`K>7H~6&+P<-6CW91O){Hi6fws=Vp0~_t51|a>N$?%F>mm4T)~$= zna?>JK&D#)YODP(NF-1WoFN*2u0ZqQS%~tlm-^J?@7+yz8YfhZ@(*`+Ps3<9)s`6j zLm*r;0Rx*CO$&yODB|H)$j3)|3PW0Q07QZWlMwlZBo$m3L~r2%v*-9V%Uj~wPmMz5 z)Kc>%5b_aP$)^L8v*8%5eMnp3H+2~U%+QJ&%>g1#I`~U_VeP!}-(8 zX)j4H6+Cblt+?eitSvdZyEGh+)hQMTd6%mcwhACkwfB^7_s7XbUw0<6_97i^_V!Vo z?v>y8S{g%30fFo5oce6}Qdry-lwf|r<{`vtmzX!zPXaE^=_U6~d{lVP0OL41kX<9S zqxa@=2|N{IVR~zqgrQoU2Cki27LB9leY?>6!0aYN!o_p%(KF~>2-zg~&Ta$AgrPt` zSwfYosu<8*I`m0z!%tbgsrkBEnX(4t;XS%QrPP^@%C@Y~Z%QM22o#(hM)U=;X0A;E z59GR?^OK(=MTS{)IZln(bNQ-Z|Gd$Lh_-(XDmQ8Gbq7EJR}^OZy^Rlf4x5VL-ht&h;ZtfRB?NOAaH_LDRs7 zp1C|1G`F1tzD%!@&v15bQPbEmuFhUMRM4_o(x%07cFNTqCPoyTXupSoQ+~qiG8s#u z3D;}&B~3|l%yqDro2C+!EAc)zc&aHJ8s5rvw*7vABe1dE(uo7RCY7*eD4y$K>~k`H zho^uVFT&>#kc-@kmCpiC9AX=4n?yhr_f1#Y9AJAON?(B;H>NA!o5`bK;7FTjjXHWfHG0o`supYQ42Z}0PT@MTN2m*daq;I3p! z^h2a{`00WA>7%+9bbiOZs1wAR0!8-T3(#_UDR zUkn{Y~r1pf$c*O^T^qAi^DwO_978lH0_ z=eW-oDC#3FImq&9lNHkNkLwmevOaC7)z(Mq;JjMQS8Gqy;wjSw%ZM+Dy(l!1(7xbyjU(xBv zxyFN3#CJ4M)F8@55PP8t2#b!j{73B^%tLJm7Hqahqf71VhFNzu{qpAi^Q2FgZLzPb z1L#n3Ok&!vV}0LQQLIMHwT3yA#}9u_h8z}8n`6KO29$7I<~q200hW;W7*ZX!WOCd} zKJI3H@1mzf%!8qYwFj-=?S2u{5a<+IKg}7gY1{^gW-MPdc7oWKjeBeq9Lr{pug<2t zJV}`q`^+~NnnvrV_JvzB=8Q<82ba9Dt8SnbkB#D0(c2P-{zRuScNuM-P)=njy@qk6 z-b7QeNQ}JU$hs+W%c88y zD~L@=az#~3N2hc=zD7tFLIAM(V<3$|(qD{#)hk$`13OTcQR_1Pya-;l?lXI|T|Q6b zyRIBR5Qr}M(!N%M(WsR*%7kN*!6r!mB40jQ(Ty~mTQenAjprOd^%(cxANl`Q8SuXo zERO*M{-{_LZ{n?bW*nmlcy!3U0i% zo!2k;v+?}306`Pgs6a z~C*)rviTGpr%6oe@}^6isIsLrOuJ(tGCaC0+vV))nHe*Y_%$H4@D; z!^@4DRL-wEd#I(d`7R`Xs=9Yw^3iX$T6$T)|L0cs3&3w>+9s`$Pu>3&cyF}g>8v7; z-Wf?Jhxx8}cboM8#;i-e1O#AxkJAxUr@*{)<-ZpQSu{`R$n9PA2l*Cpw-S?@mwU?} z?>z_|-0&RDR(tv(8`Oh(Mp@hlAuxg;Dx&;&2sHQ+#;G&(H2_~gvb_JdyePI;5StBB zH@5)$Tmww7oo6H*>>PKqOJx3qS|`nt$|&Cu>H!f`GcfK zBo+Hzz}TkWI{=jRYv4@j+*?Y~5_a9Ai_fJ7mg8DFVwFe=*AEYw%zfGbgjVoBoQ-k> zd4Vd(_5+})U83wZ_Qj3Lt^xEsMR%@gog2%KOF-sr0D=l7%@C+r8x|km!<_=Bqv$sP zn~#C!4LlCxb@GE*GM}Mbj?7AFCGe=+hHOQ(J#YW=`<`BkK2Yr=oUeSJ%pxkcZu{-I zNl$=>OId9|Oh|m-$DeZMTgN2e`oB0B7wTla-d~z-X~|6M`_L9fA`^s9``-7{Qr=ZN zM?O%ZUU;}syFKk68CmfIwAxgDuQp_vz>PA?5QsIG8b;eeggk^z_W`&Y1(-8yz6LxA zywP>DTfp>G0ZP5;7vCzS13^k+9L$Ghob$EfI^y5SA=d;69f^bk$SKmH2AJ3^n;_ux zktx@Es>$#*b-uuRV`_3h{)fW~5QWF4EnGVpA_eXMY4{$=RxmSqHk=N(qtj&KP#$3f zh;OMSCNq!ZkFPAIrAp-dcFTbOU2Di?_*pefLW?{cnVpNy;&Uwd&E6wj5OAnrk`)unWG5eOMtjRHy&5CQQv zO=JVZJjXj35UQ|~Sl5X&Y4jT{h^a&-_j2r<{3h@+3Ix{BzmEi&B0V zA^eDT48s>tFPA~(`x?n}P)yJ%qL0xT_kV6h#i|$lkW08fD~B3UvxV8Qi-ij0O^-<4 z?qi0M67ECa)Rk8CK0qM3i*ZrSn(&w_7L4sK;sKIeU}W-`=EG{>NL)30j2KbAbJYyl~s_vBtibj zp7o;r`^&yRu+bvTht`DF==qUo7455Gp*HHvAE2UR>tL6}E``CF%(|P7tzZtRiN_@9 zDF-03l;A!QKWKE(s~BZGr>c};8* z@-7+EehI>{mtVi#SbUV<$N{P7zrVWVu-ebgZ3Br4I}*}~_j~=h^$py->J4FY%8E-S zuH~smf&{%t#AAUBP}D;{kAd$muNI|f5pmxV@O;Xt<_lOKr$IuZuW5$ySaj00&LH>@ zP5>|w6|wR&=t`E!*xWMBCfi=x&y2tLwC@ZRXbcE0Ov9r+TJ8guiVS10oJ~6zmn~q0 z!r7k|yn=ChPTn>f9}6cdSuO~k%{5RLQ|T$|#Zm6S(|{{zB(RHvC7<(k&Pxk8dA>Rn zd(47L=HOWvD7P@W)e~-7{1c7aYcB^p5~+~AKh7U~ zrpnDT`V7D04`a+lKCd6@0$D5H=ZXQ-iAJ z&!bL~ySi$d0+B!>ez`)}9=8&`@ZMtRJ%R<}1_khTUfMWQ6y4rv{^8V?jXct2$K2Z1 zNcC~A+zhauLh`12gVQIEt{AQ~MBL<$=jm+JYNBdObDFBKJNrM->y+tG;1G7#Iny38 zZwTy=cWW-_o=r<@R((ASib!uNna^Cp_<0v_?$(c>aCWb#xcR0o`)~`O-_u{)q9MZQ z8$acca7fpBGX`MFWDr7P*zPE>ez-=~&?lKTpQB((&*i<;>A2<;;)o}SD!RYqTrn*) zoET}ecANlJ!U^Cm4c=R@nH;6Rv?zUEIm%J4*w%(B4oSCaiS15|{|?b-{<_iEEp^72 z5-udCfOr_*)pD9@$$gbS4^cI{E5yxbx?%a z{#nHqLA0ymU}Gb@&qYKf7ACs)a)hL zgP%m=1&U`B=NEP^)VH78cHroe($VHr?ki)-ZlcA>N2n|?1P$uftfDl8GJ-5jE5(G5 zFc%|_Md(3hMK+m4Bq9bBW}(5ztaz~`gT=y@f>1|b1zk_K8X7&M4$-eovc_Z+E^wMaq)ulpr(8bZ5Qs&6v9Qpg&rT^+JW3af6e+30k6RY&=z6~`4mgpnjxXaPxMHVO6Qw$l8c8+GedMr zK&8*omgaxM#fp~tv`^cfi#!GHp@LnO?mVLC6tuBMAbp4>zzv~W!;?^L0g$|bthw*~ zDvZXI?r9Rpz4E`a;RtAD!sW6pz#TNm-})<3_z;qKLcUV>tu$bkAApk_)3 zUlv1pCGDSPfbyWm>m@mNFAj3G0t8RPV=;Wr!=1zg!wK}pCf`l^`-xy~ zaJ#IQ(R9|EGeMuEs6qPE1|$=Jc=5FG$KRX(bIFP@0${fxjniWQw4O%!1sJ@?gTHGY#A+|gyQ`BeI|>mtQ5=5u<$l1odfv3&`0rjEN;8wVKhqZW0^Go-Vxx0u1bM&rKn<=< zpgoKM6Sre;3hEQ+M3Of5rBFTfFt6a=--nNc5ft3j2ITzB*Y;Kos})-COTY#J`R(~a zfU!u*RarVMCsjB)#ePh`2~fk}6?NtikTM?w9Wb1L>~gpL^0V3B<9V9^A|m|fA+Cs* z50ppTf7`qY+#-NV_7^}H1M1ziw?ajJzrTSa1XRp7zi)qe0h%wc$bcrPat%dle`YEv zw_}hl-hS#y=7E@{x~1To;K)OSz-fIz(q|&M4N5~1 zHvyhEw|oTk`|3ju>1u%`5{f>J2%2n3KD`X><=i0=E*V@-`7{(YDZ zm|!Lz;8Purre*l^36!L=pn1(TV7rh3njx9IUIC^O^Y_Uq^SOYyG)NCj?pk*w)fG#F ztFc8Kf@%6Y=kv-!0mRYLuRi&6z+lgWP|F{-f|fK<+=}4)nF52&i98Id&Mtd9H)jp@_#28TosQ zG=P_alvcgRk~K&yGcoi_?ePt9?IFub z9jFf+0Mk(pRTXBH)}3TfKb}>b`#?Eps55Z94y=DQkV`S!Z&?uHsn&qksv11ds42;@ zy5s$EM-X&^`VB>x{{nAye$}-9c(&CgRlo-7bU`-ueW@^Kb^6yyjT~?eRs+rlcK6rg zdoNu{=r@HUa=!pppbWT+A1()2a)>TMEm%wr)+fgS?I|*C_VonJy)mev&5!I_^B!41 z{*=fa?+!zv=|lX$dHDeFAQHqy2xYfZ&t3_vw7Y?vU0C zV6O05c~K+n8Z7<`bS+}Oe>kcKb@+jKjSW*$*d@-(<@n4+8_=PE;p-CHYx%&VTG?GK z;kts{b7el@F;1XCF04dx708z4B_RF;#mqvMXBRtTnZ|(?;g0`mx!O$q1*2eQ;K`HA zdX5GHIeX4r0Tu1X67bz!H4bSvyWRD~c6LFR6LFoOn-#Vi(Q9!6N-!vF=hPf{v{YCP zg!^%jKcqQ&u4$bE@stQYkkC^6c1+r!%;;u()gD-MK{pPU-`zOCHhMyfG;jgWGEMVh zzNnE1SvzYA*#1`8wxO-B(RXK}#kF{eI+Tcn<14U}>zva02@-SPrY;U@E(7HV=cCkt zh;D^QYDcq?uRzce!-?Wfo+QeTLCytW25Bdr1kDz}9@-U2!D0>d$^lJ;#++(riEA!s zW=J?bo&?Q=UIs4n)dT>Z)Fme#B(pgDzHxaAk&r-kNgW4>z<%0YKBiq@4C?t zAoEvWw+Q?Q5_5KdloN-Mog3KQfI7Rx3fDh3Hhrd>vuJ6_FmJGnt+0l5K+}B!hFnUF1|Jok(CcT^i{2&vP~yUolwPNw*@1?l zHYkp-2aimgTy4&qGK)*tnscRM4G^>2GOx-UpSf0^YCY_ZXZ`Bn1NEl@b{fc9y8rD- zV!Z&dqakQ%w8Cux^k2KyN^u>rL9!MbQ>d^tdSyO2TI%vES`!-beMq$~7xg;AHwXGl zwutw$Oud8F>KLF^Cnt0QPsrSL?Q(#P88r8sn8z^eaLD*5fEltuOx>{rD5#A^mbmhB zJMxANahYF_zztO&PG4L!ZBoXr%s2scT^QU1wBNHKZcV6lJ?3%@O+BvGb~4vTg32S%zByC zn^mAydMV7OzoGq_xSI~5XVM>(EnK#jL=t3d3SOZ<@BRRxIhXlcad3*|_8VXQ*s371 zJ^m@s#s^5hD2DPRpxdGNW}^u)KWilV7&2*A7qq}RFduPJ?xr$9bu+bdhfv;6$Fks_ z$fc%8KbCW=zd+8u_E=+=j)Yze>(aq>YjrpNVv|Sy0ysW(-i7#vSgNGc>T}gc1~T(_ zX$xhnM!rb*23{3!&%PXmX;+@3q{qz*d#72&ED*VveV1CAM?s4WpBXMW864pgPjN1a z+srpH?IupQMV7bI>9?A0bEB}Nt5=rK5X^!d#>2}GtqNU`c9c}7oBw_=)Kx~LugA!pZr3Q7Wfv^A zIZ=2o?Hlv_v%u9i;=KU^6NN)3+$x7$IM8SS1yVF+MlF9%*b{_h6??MYnYu4a0&^}& z!XVx%&cx7KZpXl=#vYZE3J>bOgtjj|nY*ZO?AguLrlhG&_yZ8~lf_ax6W|%G z?5q$;IB|Y|Ci&}rAJ;}h9+c{6yqx5!nRT{1XSK?zW#vfI`JdVL{lH1HVt~UUO}!^Q zbsAeg4mK)xFkW)vW=F5kvpHXzV4*HKfqw%g<0fQEBr+T@*z5HxR>9x&{_z3`+kFMr zWvQ(LKu5~7bx)n=jvrCV8Q$a6PprLlIyhCRLxJXDG#&qKoVaY%)Xyg^<_jt6>DOm; z8kSbWYWK&ibVQ??a%fO}B3-RNbpttk2ZpO+)4A&xp33?;GD#kbe5;XZydm0Z9+L`t zTJ+;@l|FMH=Hej?x|Wr0S>DQePEc};wne`OTV<6=JnGg85CqQS-Q9p*F$Oq(C)T5FZgiZkXqo?6Ai zxUDl}PvQ%cQ(7u@R}6l}FJAz?ZGKU}^L!k&8gpUtMgGC>mzigc4QnHfoY8Zs<<<#w z(Zef_rw+m?j@y@Z-gJT z6`>70F*MyCYwdiV6Idq$`bu`e5b;%?6OfhKFI1uY^CJbkS*HdrQu$Yto$CdBCN2?V zMBhr)?1q`%$Eg{l37ErL-FM{*;a_b*H@TP7rA`m#ATg*u^(>p5!oU;nBgXHm*$=cc z3xsLREOn!6Tqj~dXPrnwOvCElA%Ig8gTVb$Xwu)kv`JI%u_9fO^GlHHJ9b_G*e zePzEZ&-P_q6>|_N_=ImX5xb~;?M9#;I?2M#hu$J=N|z0t>(xoEMc7I9SITHNUOXQr zrjqfeF#vLb7tb1&ZW>Gj^>7RsjvaRsX@$)-pK$83*RrNI>y!HdC$H`wzf;wAA&#C) z@`}_`a+vj)wXL`x%;3=#%acfWd5n=ehMt$rexDk+us|rLq4~i!=7@gJKq1g3Vw9Rm zHx-fhcEtQ{F((ZQ!|FKaK}(7}Qjuf39bDPpMu>h1XU6q=6gnp}rX>)zGnn{ON$OvM zMKXDAap4tFn5r{M)F0(G_e&>&_2!0DYG5`C&!Y>NWbY9MOY$}&%1U1%q7J? zrGx`rPqlzmK=y;E2VEK_^h5P7JxzwSjUVSmE>hv7*m#Gs(Q@#@tk5?R=~ll8+JlXD zMs|gQqIe!0$XNqh?4z>E!a!-Ms zBr)?kQ)sL|xwFTCK`q%hC6}pjYJtB3S+%7O*Yn2mr0NK`3Jgrh##v46B6qYTV*D&9plM zi1MD@pHJl_RY#-jlhW=+qcJex_j9(mvg{v5R_Odxo}}-bkDkxesEW!}aaIz~f`l8u z#wl4C1Q7^OeH#pONWZZOz$r38MJJrQ1fH&_RX+Pg(};Zjt=AFi zy|&{c^6#k*+Ifux+C>e2(U|v*mwmmWzi&lFBeyI5ET37t8*A(uE@gwvSEm>AREV`; zC2G)avJnsSwmZQ@9m5dEGgYekrpc zjAm)}o6FFC#W5q)xBo@S(VuE}I~&l-Ko>aOLwnjF5wG&4$zk~3qumSU&w7H=J@n(w zdx|jjCp}hMKC@)L%0G`^7YyuIIoARQZN&L3J*s;vU8 zw%!?5{W&AB!T#OhIR~lq^3nVP(&iV`#$vpAUFwexaR>L3p3zA1H=!HRO4#}6Cc`I| zZ67Mw4j%WnFX=XRq|kMu@AOsbE@##@%?C@VMh|zRGvaD;+?ScVnF|;9-3x@e$KB3f z@G5ZHShyfDyECMgkkVhBwd4=rESY(iF&hn3JV*QmQ4@PR< z{&-PX@YywmVPj{u*8G)A4D&|)?1Gez(wlv@rgvh4IO4Ai8wa@cu4t2@!iihU)YV_` z_6Zw%WZjp=z0)Ownn^UJKeZn~0aI{}R)iiL!iqpX2QD{x?(g%w13v_v(R!5{tz_fc z8&q8opj+o{S`=WXJU80ler~$Vfx#cc zOE|?LW*r{;*mih;ZL%-YedCz5b2j!t{QJ45k@(_T)Sl2fn_-;jyueonh7EQx+)Y(0 zS*Wi>eu`9&SO=b@yaRM*c#J={o5hnQRo$@pBlyBz&XZtywZUOE2B6$pMY-P&_*8B65=v>UaazpHk92Z&$ zZ5+_mASQq=nU>%>Y$moa=5DL3=MeD}%&ivdWkgfHTZ9Li1 zp`J2oC#MkKx`l(EHl~XY77>wKh;Vz|dslX2TVTMmae`_#dRVnhUX9H)+<%ayWU_IW zR;j%~9bv|%y3&Mr@X^zmC_4>iKysc&0KQooH7* zlKC&Fl*SDLu88;y!V%R4VyBFl0|G6FPMqalBWPkQ{1ofDDNj9RobW)W_(QGhJTOH} z@wemAM~{4=`qr)nYI}6hAu3|eSsvE&_M$}@xyb7Uvx{)44R(<}3-f$+E0v$XY_ft; zUgmR}x{-3H+5NmQ4b$Rjn|XG{C7kmjYJYF)ZGyn?00 zaTQ-qG~X$o8FPL}c;_kTX1snZfZWq4q z(qkVcXy z(GjME3af(wmZg~KM)`vI=;!TxjT5wAA6?}h6vlnSV4~{Ynfd{C1R_&)c&!v*y!m*o zY3utGzitQdDEcmOTGs=@kmc(;KpKDm#^$2qewocW@+J)xeCn!NwjGs{#Yn){8{yr6 zG0yU_bz+pyC@vG2&1jX63$uGD#=XkII!D;>p3js9F8WgcNu;xWdu5w!xTFK{jjucC z&dMobDV?*$yrU7;3gM_QsaO#`=`dhU{QqaKnza?_j{Y9|Kb2QQw^^din0OaM2iybh36FwS`5^+@VuTRs`rzg=0d{4gAqMfQ;}!zy$cGiWL!q8SLeinJro!4RuL0C+{l** zL0KXl%h9LdY?Ufhr)MoCF;QktSa`vi_BXToWe@VAQ0Tu}&WuPQD+(BPZ$ zcrIC~z^B?C^B@+%Z;Yt$$h(j|JE@W+TS`lIE(1kf@>VP8_`sDCtF3Aj`y=YpGQ(N zVy-`GMcZ%FW7+^aco+0xFM3R#Czd3)8KyVHnX%5bML+Pa>^5^rPFCAK91%0_JNEic z$ij6=3t26eyfxEK?iNdON>|_0?xFEJERFKYTvmX($UU<1XvM`C^G{+CgPR=4 zw`EcsvB2!YRcf|M{oRhTVrol=>tf1EL^Iq!Mh=DN7$n2b5-HRFkeM@=K6-VhDNNFu zd3^IE_}qr__Jr1XP1y|+R?1Qfc@+V_9!6fyklvOD#&*ksR;#A7?{I*`{T__s&e}K? z&So9w89CV++JObF7gU~qy~i1ni0*g>N9jtiyb_u6#N1()N%8f80XQEU{8r>47a4Ls=yZtx<4sz{_4Ehx zp@Cc824jSvzVjgo$jSu_;9YZJ*%mjV|HMN+&e9@aLU&hCbIfw`*Gq z6MZ;l)~xI_l2_;L0^-EYrc!+RpswY~eJSk+#H@l2wW0%8fSZ+1peO->`28$G&O<9q zv0}7;*I`6h6aVoR({QxdLMpp1mc3yL0aJc1&@4`#G4DVYPDG%sPSo(wM;3jt|7*B? z*%Q(mp1K<6HSv^Pu}ah7nSI%EGU1_h0wLilex|9L=LIw%8O;a92K1@iI`1wk`g| zoDCpF#rE1?sZYu09rr_6)+BOzkPwDPa1I=ZpKG2lro)W}_slPCo89Z6tyZUX?6?PP zy^qSoIf|ASSsyqqYCWg*QrbmCUi95wKv-X&RKsR*Wknr&fdMy7lzTao7TcU=9^Sr;8ni+kX^isn1a)TrR&&!95!se!?G-wD10#wwK%zVH>HONL(BWqY-nvHLq3xu4S)6UbL+u#!BQA?o6Zy)3+ThW|Ax7c|z zT2p)oxmr2Tx)I}tWoi!>y)+P2#zU1H`E9$fhO)QauvJ)LA$-zJoiR_Lk3E^-v~~`UFfhXzo@VkdMhFx+*L@qWgtlqp1+C`?$Xy;Rg3(mzSNp}#m3uI-n zu!e?J#bmLNuh1C8G?}WGPqFZ{lhXG2*~R(vu#pc)a`hQcBTT7G+y^469^Y*$;~+hl zE2UW*%8pw9?%5DW-2k-(iT+&kY%e=rz>0m&=#<^!z@=7mp92J?aLTdusj`>|ab-FY zI#z~K6*A)?uhpWNEMK4`h4IsuclviVV3|)pIrI;n=0V_PTgAz;OSv3qr_U^!OJT^E zgb|D}-6VsI^Dv94AH0#x>)*|luv|ejiXS5yG*WH1Td>Q29wRu^P7{n`X-_H-LZeQF zVxz)TW)W}^VPYips=TtEAVNo7prcbo4awHArn1iEORubsOheq4IL#86w)x{f1dP^dsGrvA!@1b8HsYs>RX(epOHNKZzh%m`Pwq)B7UWoo0I;~_t zYP3CwkBDMM?W8IylLqc=rr|w;650lD2Gh;j1s%Id2ar04lztDny|`G%BiljLF!Q~) zn!_gan-%AQu@xN?%7?F&L>WHI8%ORh&e$WX%rziH7xnINqFf3_^I_iWa+0f{Qt{rx ztgLG-Ta8#bl>p8t_deFa)5|NrKLCNj>Kp_eMiAo3#a4)D2h)wkg*D+?`9h6wdRZ@= zxV7Um6A>R}W>%QOfFXg`geXb2t1<4tV%X2Fv6+gE|C8_bS;tSO+eypcomrH_u7$6q z7y470Qhbn~q7x}n{wf=ALB9I}_-TqVM%jxGzHU)$aqt+-ZJeH>oMIhNmCD{FALu=Z z^5nR0cle!G_Ifyrb=1Pc!L1)OuUL<)-NV1qH$M#fb#)~CpM7x*nN%dORn5invpYvt z@m<|%uwy0V)RxJRX+*y6fMJ>4)laoN(H^wdX-a2P?14vX82J!ykOdBLz|ykJJE&*H z0|x9?8x0W5t4@Wqr~n<-@KB|NW0s)7!*r4syYqc%u0QY@GN0c*W3|(+E^<1NHDPbQ zRAn|kX!B#FI{r{<>)KukKSHr8k@MrDvLe*x)SsL@ zS-zFap%_nne35q5*sq6!zy$=qwaLAU_c&e+o8kpI9S^-vN$6T4`JD;^Sg4(y51z*1*mO+4%p0llW2 z3-uom3}Q7pf=B=OYUw4#Fo1JO;FY&A65iRVw8FK#wGA5mBtnb>p1n4*Ghu(8cPaxx z6$5Ib7Bi5DR`JaXnUywkTGr&Kf91rM?ce6S_4amON3na8kneT0dOzjW@WYOpBimtf z$7Q$uVBDFHS)Ma9muf=3KWwa8in1%tWZEx029Z~(mBq@oSkbdDQ&Ie?@+w;w+Nva0 zgovZ|l#RJQGgSuFetEky$g5OJ#pCp2?(Ax<%ae~lIA;2!T7PN4vtuIkOEj7#(W2(v z7g{W@aMaB5#-W2&y=}yT$n2*JQ%YplFS_q!O>=i|)UK^awtUxqdnv{7_%Y+nZHfBF z%b&lvN2k>17TWz87Daf0Vs3SQ_&Mp`v)O$O`sztsDQuTtEn`6W?xkJ4EiY9C#kCgLU`4aYn?$D6{VK;esAR$eH{ypEIP9+$F9@kx}( zGIdvV!fEl0pIj))A$?hO!@0Lg&EP!{_anx$eWK6@Bd;u4o<UbtM>5C>`uq;#IFcG)lHxWY^9jd5@4 z3pGx@lqE~Bpo-LmV`3-hP1m$^lGwfQTnkaTx`TnCpKtGe`(VYCK3z_}Ci6N;2uqhS z%5~+nYK1KP+7&$7rSDMj+#^u>k8ioq_-XNF=9LI0LV$|)GK>)mdYV$lof;xc^; zuPwXLzWo9+ANt5IXe#N=?#*Z#dNtQE#F?IhbF3<_KU|Y|uO5=d7#v-%P+*U)=CE+UkQI#lww^Pm}74*VX*>dYj*TneP~ z^+1p!3^@qhw3Lm@SqOyFHd4ls6OamqwtkRk30oaV7vo9dg3HZ?uMQ=d_sGG-mQ=aV z6StkJQ^hM5BNzMHzG@q@SQ9%uXpb&Ga+1prjoay%x1sZD%20sOv{PRGnJuN9%Pf;8 z&1>xuqHIq;KLvg?tlhZRiJeI|soNO-k-!-%BN4o-r1#@sgA+!7cye;kBAK1%3`2B? zJv=5g3vGOmNI3p~vG<-~O|?<9Af3=d6OfkBdzB_VL*sN(X@;2m}Izj(~zv zMJyEQ0s_*TO0iHvuY%G8QWTK;M*Z&GxzGHVdFJQLFM~Nb=e&LIwfA1DGA8-_>dR+o zR%xnaaw(923aX*1GnNV9oQ{Rg2lvFb5$W`FHztlTpHvBbs{lkH6r#c=ybV=$m4cD% z^9GXw=gD|S;X^m8XQ1W9>yec`*%1R)q!7Mlt}=hfdAr_*VFCSZF8KL3Dv5!4z?-am zK7MX)`lVjRN46}+GncG+-bXtKra;_#m_^R-AJcD91^nbzT;_JrfM_dnsQq*aux|t@ z05ph-#$S+oJ-v@zJX=8i6r4(Y7Zhr?p8lTaCid=PQgo7!Q0U9Y@!aojiW}eswVN5U z4A~yldar(mr-~G_dfe6hZ%?>O22AuTe6XmzS<-3>$2M_dtB7xi7?|j~=`6@jL!0Zg zs3oYVJ`fmK9GZC>LRqZ`&mfH?o`>N%RNv;^=XRn|S-O3#55h49pTv^simQ$%Qt@F^ z=dNF+?m_{I40O(dEn3Uha$;q{Q&|pb-6yg{zD19W@lCHFAt8t7D*HN(&}#-j$spWV z<*v~o$~p2#sGvFnCY*7Zyxr9UYQIcu=fF9X9j?>BZf4WQ4PPw8;2kNke5zfE>D+F* zii?i*9EJNJn}TeMdJoE)dL9y%Gm>rVsw)+3d$YV)unN}DnA^rw{hnU25YtkXyO>xCns~^OLJM_Wm}h^t~Q-c7L&^O6L?y z*gDnxcYgs1F}>wdW=swwE7mj~tL@jXVb+1BHS*|6eNsQE-+p&Rw^4OtT9!7@08au7REuh2{<8FlN%##E zrKSLo*bs;w8q}nQfa+Ru@5ET{?jlBSdNM5Oc81G(3j;L+u^p4f0YaDBKYE*qer3gZ zVf!V@6rTgHNkw=tF{?Mrgk6i+73>$af-(&|m*>c8vA~43*-hAm{rLoX)HRCN$=*<8 zT1L!Ut>UVjA;J0+vv|BhlpBVtR|WAhoh79|<>&b)FOq@&Z?az6V57n7yewX_2MF%v z#4$2eoo|dxTOU6rxW^a`v7#uLR>dav*X+Fh}@a27DII8r5MqzEbhzf2Zg93y*dOi0vz|Orw@1Ta?S0HX)baN{EKRP130J zOa2=c7!6@qQq6SfU1eeLD-abWBGK+9A`^!o<_QSA<4;l zJELJVsT2npfC<$kXoti~SS^a%%!_>?c0X63nsne0a>3D+6-{gs?Is`CEZxH2&;Et` zPHz($+AgmnLfa8-ERVqAh*RSD!h<^U1X8~vsRYi3sv%=!;k2+5jZB+3raq||9xR7y z7gp{U3A0y3M@Sn7Cz~LSoPh#oqO6q0VvVw`v^LmRi9!xo;Wqfnd3Aj@`WSXHPNYPhL04sZ=qO2H zw(Q)eL>l*+#$Qx7Tm@MQjAr-#^9U4Rsc|BXN@w6&$}~&)#teZ`aIUVbU0#hP;uJ`1Ej$@xtYry9 zXJErTokL#d4;w3CcjAZOHK6dVTC=c=oZDi!QAXEpBk^9y-s%ki`rmt?)xAsZ z1tD*CM^%1HuMzCe#M^=bY)3i=*N%pTJtXd7MSfOalZf`Ys)smRVNBBQB`gFhl^6SX zl+#@{R|MYwQHMC#0+R3i)~R%f&JThZ^nwo-U(z;~W9xcF6J*a>X6v!Oq6M+;$|!pmco@z8j{-rW1GX^oLl1s z{ru=mT$;gsQ}zFbmxB)s?-Nns_2b-1wm^1xLQd0MDA7_%M=*u16kk+sP#;lOa>tc( z0*SLa%H#9T4?U4NN@%3^$78Pebi-A+7>;}yrnHn`>k;V2sLkaQBcfF+3ZcQW73CcI z2TqA%?m><6#mf4ER^Z90_Q+WKS0B85b5tX(*akFPx)9(qdCqJ3x zqxc@();({n$2FD1vrPWUAkDsuLbV$gJA^ImjY3$ z;18A67-WBt)aC5yx`zJ>Xl~?EsR0<~qC8(d`nQKR_=gdti%F8f;m2H=W4#GIZ(yS= zc9|}H{9BZ*L7&>2U#^syr>u3<~RJ`zCr4F=$+X9XU5PIklT-}ODU&^aEf;Z12zvntgI^wX*yfv z%)%`fB7@KiaL4b@J9krQTb6SW}x-R(d%d1c%+3rm_rHm@@#JtcrD zcB-D;La_S6=^J$K?ll&_$M_A)*BhB@R(c|r zk`oN5;mR0xU-_$2zgBL-5f2(l&P{f-+skF_hE}7RY_{}&Q?92sM=DMJzFo3apZD{1 zufj;hz{nMja>rNJ-PiRLhZWC#ak`Wh28t(TF?#=3 z@@vhC`=#Z)V8?h>aQ8odN)8Fj6+ur`e;6>-UQ&ukgr3sN!n}#b0@6g)^djIr5ayjs zmPVg@BK1+e+&-Q(953N=@5HZvd40+5%#N2&?ro`GMw#=f=|59j+bd+Q%-mhtNOMT# z;)S|+DZF<@L;M1KcS^=>_TN3|E*^!ioy*)U;_bTKxaMg#5GT7$8>g*~c9UAk8>(wa z%d(MN%Ezx2zPXr17pvUM;GP!>TY@gUcPtNFj*-w+9lIG~+xqzt=WxS>s;K_A58lJO zLknAJhw2~h%y`K7Xp>kZzOWX4RQI4v*u>O&=||3gAmBO3FiXolw zudK_{fXfZ^T1r_Xj>*Fcb)rQjZO!*`z8!*?u`n zLH+v_F>KyvoQ2eAq=|pZz`nX%yp(t!$7q`DBm68SsItF*rya(pM;D(&h1KG znnS0iM^R4hUP+A-7CooaB@1xe=-WpGKh zEL$-zHEH7(B6 zXRbqa;DG+b*wP+#bo;K7`U_h3=%0XjRO0KwRZy$(d7`56^qheH5Brk;hM9}sI95@>n&<3uf2=j3U5J^! z(&d z4GMP1BGkTt??RIgk?T9OdW!IuSdLK@&ju}cEfoVlJHNpdm9H78!CXW1MZDH<7fbu& z&X`A{p}vKMGkZCyYP}AGS12?hqNZik|<3^CJ1!sc$0_m7j|;_U~aXL zixyf5k&@|f*FSA$>nEMu4#R^1MQ|{hvDt_ERx-Bg_y`{1G0&QtLNmATwLNwUZQd%o z!N&SK5ASNYwVWYph6pLk1w38RzR#`;gV4UAyJlM9bMgNzgW%;W5RxnhD9=@^ez-K$ zQCGu`6-y(40XEZ|CMwVk{sM1Bv16=d3Wu(r*QtYlNL>W!>oLF#+M!~0>}7L`@finX zsHN2{i^NY11Iu#Rt4Q^AsWx<|IXZ!-=nZ&wAQxkGwJG3fzE7k8v5k&>KTRZ!l~eDG z^YRHt;IZB|1#wj0$m?)6!PH}fdN}mT;Utx3u!b>_(6AeX-gK36VBv5YWBzri-Tn6RFyns_%ah6?0 z%55wtXm7)X@I)|LcIo{hX*E3*7vx!|b%Zb$S*Z7;QBK6=H(W@7Omy;X{@6AZhSSxa(VxdJi$o*tU`xS`dFCDJ? z_Av_Cp|fgb2?InvK0^{~luuS>1yKga>Q844W(+-+*D4yf#K|1Rj`lXEtqYN-7pVW7 zz7bFn76K@L982J=u?Rk!W1yp$s~ZYbD$oKoo%(3VJTZ1i?j!w@8z|AcY@k9vhGzhk zAFLBX$S$he$Izyl)TgBM%CO@J9pmlf%FeaLZC8jzWJIsy6)An#c&fDKddjzmIl-DC z{)f0v(K#!Hr^=z?^uA90>qQ}MMq)PYlT|4zT{SaOc}&7}JkDTvkdrmH zj{t|(n-`=ES!@^s2^ps&#`364jAHZLYptx$3`NrnhDR&kM;(QBUFtcB=NAur1Q5w- zgu;KKe=rbhFf)L=Idab)u5UV?;`>5;Cxc}*Tx9Q`Th1D#<#|Cb zt>_uEU@EGQdF3MPc8)DpPmC<~FdRccUie{C+Kx(>-BAP-bkzVFXz}B0V|obJ;(ljm zj(vefks|B6n4(X=!STVV#*k`6AH8Vk5TqfcA+2_Poua1n1XL+ve4*E34zVI3N~5%}SqW+84Sckyyvo`}Y??tYO;z+q#*1I!!JDFJ0|Z&S zc%72!{QAQe)x3qtuZgO@8ZbW5fSPsjKMBogYFmssfhOScjq@8)Ji6HGD4Yj*Q4djJ znS*AL#&~%XDSaE<+#AQTGEucilqkggjtQcVBTuLG!Qfjt^^kqq`M4?&5mw*n<98fD zvt=3Nsi_PnkgGe--P3R3$7#mhlh8-?Ld{T&khlIrmrOHY0&bIIX(0;GuFdGUXui6+ z+0dSlfu<-!M%^+78T}aK8xifkxs9?b8HXV~jUSe#6I-8tzGwet&hSR-s#FtzB(qNW z6ioj5Utp%cVG-mSzA?szc>jnA32|kGt*?9eU5u1T$|~Yhd`bBPejGh*fj~lDpfeC> zAYbQIu*y74x&lj?t}wAwaV)FvK`{{Sh(U#QWGZ_ja5Sn*YMHdwzB?pT7_J=&By^`& zd(pg*to?$Ax^WYI-=9BIJ3k}EQ~X#> z@X1zEHiDC7sT4Dsf6v5bK!R!h1FCrL2wO7x6=kL*DM-1zNpr?sOM+ zy|uy2!qbYQUcH?QUYz~0=6HRoKicPO?v=c_`8OWOxK>w;%gr4xzW%neO)|^oDClzL zU>HwY)@qYwVUh8vPBHJl?&l=KE?$Xg?n?iF1i3Ic?j!~y;jNR{Ik+P3#{Tr(K@1Gp zT)Akd+7%z-*vno`e*gI#D{P9okV2OKOg@SBjm$^0jMs?gzxqg$R}*u@2vjAkcA&#+ z%o0-PVUozm$zl7>O7shX@*#zGXy;*@;+~34avK_>{c>%hbrE8G*aL;6tPJB-aul)-CE`;sSR9OeDjfdZEp`Mq zW+YHUmI~Uw{voRp+yBeb@^cE7TbQA9?R=7zyeQ&xt49e7>?zT*6%1pmnlz3 zEd_PXG??r-)P&2cr|JDv!=vOaR<&6C)m{(k2pU9B_?DwBHr#7g|DkyyW{XqPY++Uq zViG=7=_$1Je73DSn>7KI zVANFp2O;-h#gi`@CyT|7$v>ikNK7*6EqeMH{QEDwb7}t3Yv_XO=q!-?uKM7lQdYB; zbY^`peg$yp!bRB2^xYXBMB=9)oU{lp2vWJAZFJ9?6GT1Dyr|P zly%Q@vY_<)o_09id9Y6KNO|Pd;eXvrM8R!WZV}v#;TQpW~>c|i> ze2hWe^E!a5HX`+G8Ao@!V~AYIpi?2M1hA#=bgN4&WJy26CqUv2 zZNppPGyL?GNWE_9*NMd2v`b5keYIU2Gx+O8VoP7=-hW+98@Vwt3yP^(%ku<Xv**60gcqyn z>Fdvhh}ee;+C29GMro|hO6`X&=-Jc|vJOyWYb~fxaFRYUZ1|130N!!<3ktg&z>c7p zcmpI3C<3LVk6t@v)MG~rxlb6R^KRts3IN+Oke#204|#?UGx@F0Ix-Ur^6AS_Jecy= zZlCxPb9aDZ2f1uCd#RL_(_m6DMFI&xn+j#3DE@5+(OLkbf{IvNnaj@MC&+ZUliuK_QB70{80!ugsk zIK5LpkMdC_jU1zp?!NB+inWnj(Zdo_#aAYFM$jehlEAjksCP$A9w3L9`>Gvk47I^N z2h=NKs4EMK$5RG?+A=eXGWIwY#QnN5R7j)Pgda`6mAeL}mFfR!T7d?{%LUm9uYuH* z0{CZWP)9Os7zAiYNGsYveLu4r84E;pMY1ty%L@q1hQju-Q2NAhkdZeEswenW?*ep9 z88BbW&7I7J#xehTjHH@j8EoPT#5vY|y2u$_1v}TLpZ6mJDs-{oVaU0cO(^^VlqUv? z(1MjKUy96xY$b)nsdcI%sD|{^7$&~X9k-!Lqi~M^8wsP>^5VNv;t|v*LW0p9p-&Ni zl8+EDdoXL3XvW{W2hB7GYtw4=9|1;NAh+zi4K)|mS8meQ9R+fCXY&LFs7-tp;)G)q zp$d@nmU~Arq#HTp@QgT}B@_$nWK%Tm)R6tmivD(@4^Omdx(K|P2H!OVlswNg^P-GR zb47!{KCnpKmc~%>aMLgOA95Q}-t*^VTflI>fx-#A8rvN|Hm6lFF0z^(pBso^JW3>A z?N5JMppv1rpqPR$$FqI6bHHw{(~4{Q+f|M&ASQ7GXH~=UXA38;$@wZ;Ol81*r-JIq z&S8#>SfA#zODQ~PB)>i|GvYOf;WsLL~Xv?mh7U>OCz`>-c*r}AV-^a-fBv0rK6`8 z{SgJUs5&L>>|PGNVL?*+KT83uC=?7-yPANJrgT-#JME#+O1l-uL?~cK)|uWLv)6FYoQv z6}5aLg6{$aHQCmNC?8F%T@ndzQ1TOwf|n?CZq%xrG3b%35brUQx*){*R+q0 z%`F-@5+h%l6#wtrJh0o9(=$&nTOjHOJ>R44uO>ClGMGBo4f_$V21gkxe_7xY%&s%H zfD8lcIIWTI<;uUjG#7A$igK9UD&XL23ub8M48V_l$0B7Wd!TFU`d|K$S2PidXa`)lSb(S!Gzax8xM=T+W- zrwe4dl}P?G^=^Y7#!sl7C7`UV1l105PJ6RI5Wo3Z!uEXAcfbOe9H!dfJ7`K6x-_FZBX$35HCAx(g&XvA7YP>|M*|_MGyk#$ z&1u0`tj@O$frWu)(gBa|qJ2L9?>#pN@2MVm_iyJK5#BSdeB#Vs!>JHaz=C`SC?&iI zJlO=Am^#4WLUGIk2ymMKMN#LFzW6Jaupm$%6w_J(Fspq)2s=SIPRuRGRvZY*p#;Ik zliAagd`ZBKr5LbkZta>Iu%l4~_^f&eQau}!^+OF61P-L@^(uG$0vlnnH6h*YTxkh!(PpppqQ<6k1=1V9wC!78kUimzde>gM)C}%zdVrbN{|a8 z5OLRieP}%al+Qb_J|fV{o@{uB*8rLMG1xSOE$pQxP<%R?-U_o|QWWWe!OejNU$SRq zI|apkHNb@v*=K$8(T$ynlh)IdEv>B6?O08hDTb~e1yS_XAhAk%(RCq=aQxKn=byV} z3RN2b6_qbH2xMk;fINHxP{ckkIkB;b@6D#q1W9pXWv5cMjsI7z0+LFykaRkwsgHi@ zLk7K)CTXIkCBkHX=8s^CmME462XU`rBLHEFD z&W?ifwPXk<7*u!wxNjx^zszlU*Fjom9AHeMBT)!F-2NB{*yTH~hz$`$Nk>7`GEO8c zD`Ajgf-pUh{d5lh^(8;@$DF3I@Wb8g1ayNOh2KhP}7Pf9L* zP;2KTg@@NC=dRcj6q5h}tuoFL)UdVFq*3#R1rg4nVN*Qy4_hR<(*Tj(&p$mD#wBV1gFWErgZ*!& zQDkp2cV`VD0fv1I2>WI+Wdf~u%6^*|D$3fwfoy$W?&wXXh_BpkVZk_Y-OkO&PQI!KMueZP{5mg(h-LE%;Uv zYu&5&26+Zw1~U(;K|!#h*HnYn_P9%1x?Ynn{^tVY*AoYNl$d1&0nE;Ft}d$n08)=y zk*|Sxnh=1ry&bjyXB`DCs?{DG^xIMgYhy!zByJ>@bEFq@P1|^{RHu& zM%!h*ajo33p7XOdCm{T{f)ONS>i`{60J`7=WCSu`*i8RO7z04P! zl{wufigVdawbz{nnq6nGOpA8`qkWPO4~DX9=tvt1(}J=>uT3DK0UHwvP$}dH&}-w? zeL=$_gYUSawxQkAjt71yeOEr7kHmC7N;xWY2&77)G%DdsDPgEH+C)@IZ_hZ;52|j| zn!)0*HJ~|)bLedXOPbE?bW>2pSxy)E%@r_3b=|{3^cm7dx9~yDN*bh~E(Hrs3G0lB4q309q!uqrWnyc-2(=sKb9orXs8k%El3Cfso~c|* zHw1O(0I>{?%Rn8#16S#&7ef4;90wi!P5_se(GDpqo9@!L zGL_5H_kV`9jpArh;E`nBaK~WmxzRnLY!9XuQp=P%Y#*7w2l+z{qn@E0OUlsj&q7-Q z8%iEHnHRHwGgc+qEa~5AFUxN%R!D}3w~PoyC_{;%cLSfojX>GYxn^2uxn-MH4^V%2 zqm>8COO=IC@sLq3g@PQ$_9kK~Ckr0aj!kg^9wstvz=MAQNB2TYcO1TKrN)nD{IA`!rGwFqG8x&B|>0asSU6z@^fXf!F(f8#gmjXN5?d z6xC=hWYpbCxAoLL2AeQPpURM2kY>#ibC5}7MEha z%L_<(d2yY;+Hw|u_&JHchubgTi(6oYro5lZW^v)9K?JyhW|7b?#T;^k!1iXy{K5Bi zrV4Q~=6hA+ZCT?U4rb_mtKQlVcS$sn9J@peUFzBN9xPpJAIL?wc%8^4@D#E<%~dR; z(ku0=rULq_k$HLlET1$)fjKg6Ynb^uSyfB{L2v;`iwtW?LCK)E5RR~GSa!`r8ojUn z&HQQ%ph$Jz78(d)BqQS^hHFE$&cnAbx4OyaJ6xgeSji#yIVd%j1RGQm2HU@~yjUse z&1n)zNi6qWa3oodkA#E_?*Z6GA#skGXQfGYwT3Hcw&oo{F`13Z_%9%o93`T6Ca}7F zgr<7ej}6Sj9-6NzdC60PBakFJsvKY;ezFwWNVexoDgy+!&&&d#>pVi-(>) zBuDv2Z=4EY%y11N#35>isW+&%h*5%6;an}`kGd7@Lg`>k@aDvX^H{wuS!aV-8h2c0 zN6AqKwp;7?;P4S@6QYP!jK<@`<`m+{r@+C%i%7BDMg4dgyMnFM!jL#=<|%nT=H^|Rn|YgQz)op# zIJg~@=jv>N;B85^ib|BX+8(Zc{uVZxt>}6E#VG?A60&@re@31uVMwU5syPRwgj5?^ zoEeA(HMpFjWgI9qg!Het!11>7Si_a!bg)3XiG3mGRQtIKW7~Y5 zllvt@+szQC>#4hH9sE}{Q(NyWz1Incd1HQ5@-w`f7Z!DZrT!rHrKIT-6u{!EoQLv9 z;+S;dP2EswtfsT@IZ6rWbqB84t8am=6bL*p^JtRpJf=Z(Q75H!|6>JlOe4^7KrhqM zEYQqHv55s2OveEYYTcrcippmp`juCkX}Ay42Y*+IwC{Fosw^ZaLa4^o(}pry>*!D527d}4^&9L_Z<=?!*>^D`0#C?vtfwSN($YRBq>~pq z;H2XbVR+n+nf1v`67fCaJN!JLB>K`%P=EW!vzp7FNn?|$q-Plc@aYcibI|S+nx(;C zM1uUjU6*_FzK-fuvTaR@AVJgzmKPoZ53MM_P*_wBSq=W@R&bE%>t$4~(Z@L{<>b0i zBS{t-LA9wx_njB~&$?o268h;C=C4AT5Dy@%k;X;Lf>1+*JfzpLm&b3gCdU=s1yW}z zFk!GOp%#i)HL*!|3cKPokYp(gj;@Ju+?EK-g$1QF?d|ceU#DoY4%yRGKUBTINf52F`5S`r!tA7_+-?hfL z+|>+!o%-v}p|aJb46VD2e0EUo^=tlp8d71TY)A%12yvGe%Q9eHpP67e=)8i;c_CD% zX{VrO0=bARnarqrL`otem6P7K)=uXJ4JIQZk4(~ySzq*BuwinK@aJx!XH5L=gAZgR z4bvuBd1jhhfv)o~BKdLw+ToFdW3{i1Eb8J-#xyT!$rZJ%{^875N zzsrfEJ@RVf&z_+#c3?|N7+W;ZlM59e3DG$n85i7t{xgW2=OSVl$`PiZxK*9N)Lez4 z`&l0@?BmtF61U-;gTGcyv2*|6QlU$61^fi@*SmesiZ*2ud{axT`W;KBS(>UhnbTe1 z!Ypi;9R^`W8~ns=$1m}*2;}iEV0mQD0}UksD05)NROADWlcRoHS-9bTcOMP{rh8+G{4 zMYU-a0U=k%xZc~>mBRSX@H9MTy4cfDl+B+>H5cb(GhVi3Ap6u#Em>ewVL&N6Ozu_o zpwuIce7(0zYCydh?OX0Wy@S`yaB<=o`4@z!)+zw}ZC30R5$Rg&RXU0FQKfhBPCf%N zE4FEN2_*ETB8@wpUu~ET-K^@UL{;27Ii8rSD91ZRo<+VTfFs@?OaI^)0K7N{9Qf#q z&3BIYF{^}BC`U<5-hGCr;POL z7QY~Zs+l5cdoI-t%0T^ww=YinH!IVzZ$w^E(vl@yUY&|xbP1@zL)(}{q$S3fsf z2v1MPING0JB2wwRq8VL#g%;triJ_N7}?L#!3KTd z?N_^w-@S4c=oZiBGs_?rgvKtpr;wiq$};iw!M5t|EX91x^H%#q!I_jRn+2 z0{o98vT9~zgxY;n|JLAm_*#qGDmg^^e?RL9e>joMkdi{%=!{4Y_syk?=U((BoPR_`Jh){l0 z*jLva--~_cj0&|n-oWN;Bn`NmnNgIm4FOkykn_={f$#$eNi!>isJgVb5R+OdKcps) zEdXAic!+cV3- zz1%^Vy2bt45;0}~`@OGix+zJRy)Sjis0H==t_@tN)&I#KfrF9JRB89PBl`f-0&QmC z3Uxi0y+8^Qi8zmWWQnbWDXF6alhyZeFbH5-elLim>Tuk8dq5ws-QVzWF7-sJX`QK= zB{b%x@>~QdA_U8@1yTjLuqkW7lh}9^t&3joWrV8T6*YVpOn<@ECIdD3mlw2!R?d89WT|_}5qezAb{9*p| z0%Eq!yyv<2M6vb~o`pb|dbLo1RrC_1LD#YwnFi+;DD+LVy_RzZFBsf zm5rbz{nY8YNf)OsX!hKo3i!oR*hi~KD$0e$yS^_iCG?f+J2>vcbz&^PJU5KG6eT0o z(VjMcqrX+i#1D}2lW#HZ7TPw;I8=iO2Kg}nO9SKBTpVg{4p2J+T0Q}NYLYkS|80rC zkOjttgzyrY3lsx9(RfkXLK8u>A_N(8%4GYTH)uvg+-nwrYWLTMoQWO8-vzp@%9tCB zV$qiE%<(0p*SP;^Us8PSIewnf?z@|SE- zZR3D>Uy}LX-Wfue6|lUn??;a!swwLtg&}blv2%uV#;UGjPDWIx`|^UAD{v90Ak?p` z_Yl8GdKZ8uVGZ9)0O|33CHg@(Ln_L( zwbi$CH>IdOOCZFTA`%z?OE-@i8X)#;fA<07eZo_;xW@PR>!aeKeXJx{5;gb|<9wZj z8X;e)7BFHel18w9o+_!v$&9oJSuT%h$rP?|A6xuC|CxLkpLI;>~k4V zA!7YIfVxRUD^GfoI4uIM=@%l!FZ{DLc+iOWGy)MAh~`{-z*Vu{K0@~AO z`r~>=YU~0C2-O3n#!U6P#|4Cw0A@|5`~FS$8EZ>GtPiwZ$&L2@1zhehiqwh_7XwLz zkNdOX;qCyd`%d!W{-1cZU!qoyjI7u7yfiM-SIhredBvymNa>%`2@7plD{t~3 zMB<-VzvDB~W8~1+`L|?`VaE1_m~lc4v_Qio*kE_%RbGn`c1#gsG9Z19Pfc+dQa>Y?qPg(|=`eFe) zl4_g4#+4%vlrc|DW7WiQYL6QUrVf^<-UIB=&Z94kcqah>>z?xjsh0#TjwCc1gjdc3 z2_yZs`_^v&_#Fu3318E(%fK+_Uj7+!5UgV2Pv%nj+;XySO^}_CYdK?ESY&f8f)KtU za5vmy6afxKltB9emXW_h@*F`$9SpbqnLnmgh6KsfIc1=95&~2abY5Od;Zd)CoB(up zeTu99J)e)HTST9$7eu}}NTN?a5>j9%QHx2Q(X7`huU@lyw)%oab}Wk!yfPvKF#V0= zW3V|WhW`!?AqZUp!iFk3MI6kdn!wTj`f1`N!xi4ltb>u8h zaJu~yob0a*AD=7Em>abu+}ex`0Q8;!7kCULO^1QP!%c40z*-P{0P?HT9RaNYqD+DT z+D1eF!bN&8W9q^pfrw$)pJ^LR(6BOUE3x{wUGe~PAinp^**HQIVT6#>|FS~>9pATc z3fkaOeJ*hHGAR|r{4*RC2r^^x7fb&1>`OurYL)rk-k)0tCB7ujbarzx|U+ z2VQNw;8`Q#Pjm<2@u>chr+){Ag&o|JgtUC~&oEmN;%tHrB~pJ!{aGxy>-TX3et@17 zR1>0g5+Uw&e{K^`i0bhTltYm5MI-wAC7iSN3L6-B1!X)P*cjgQ;f&FAfB&;^i4)6LIy(GqjzLfGSN-x8_=)1yqTCmjKK}D`Ig9YM6nAmih>R>5r-6E{AiTy9%b_qV{ zZ`o@MV8UfRLdHErgGu>-5Ly?sw)Y<*1J5xqHsuCyuuAyPT(~(YxH3ZqOj1D)HM+Mj za8nktn*jt97#TN8*o*(4|2o2T6!Bj!!2i2D{r$Dx&sS(YGmZLp_Mui`%wG~QT6B=I z>8hw#U*4EqQwD@uySbkYP&jaSwer?1*b`K{;D3AUpJ<&VyNt*ph+65O^FQ}G~2x3lfsSvnRW4VgW06oV=-FMVRG~5hVCmG zG#_H_ldCYU@F$(1ete(MS^Z!b=yaaIVF`@ZCqn=K5PE+%f=SRy=Q-tjBGA!tGKJ5L zGYB2}%<7y7+&Bz;%*Zzs)PFzp{ISUZ_-i=v{%r_)f^Z+s;U9^hv#r35(iB`SoPxpm zl&wqJ{}(B^YDi5ipDyxA4(u=mf5&J!G7!kz8aIqs-6#BBAm*dYdqT2BwS2LV09ic2 z0b8iOYztaw%J$=jM=@dlE_wK+A%Pow<5Zv8BTV+5FdgJ%UCz;gO2wMuo96PM;}o2W z&LRpF32*n8K|yO2e0HI;`lR`%jh~5jBf!h?Xk7)l60Z8S6kyJRq;&wIAR2v6GU7#k z{@5+v@3xr5$x*pAmXCB_f9>|rzioN&=$&2gqV1$hRQc$g2M_#b!fZK1!*_)DKepz- zruZP`t|@KfcJIi;QN79AeC%fDu5<6(o7|JHs}!!SWu@=OS22Ruu8r?8r-$^JnbKby z=E7)E5n4`i@x31w1V1-<@C|et`^_0OoV#t3`;#;3)j7d?BeN%S{FB@DM>raW*_&?_ zw;tB*bVSo^Bqmfa6gp(Kyj@d^!B@O>uAkNXTz(;!EGEa{3)}n$UN%zvbKK*Lsb(7~!n|ItJpK+NIa?uzRFgq{+w#$RkHPvZu#{v zHyFRS-y!Zjv7GJUP=EYWV$$PjfM-vT{Kii9W-Xj@^M>vD*Yzv*Va~;OIVPmGsBKx%E==|iJrvaHL#gSt~?$5m{dHBq}o+c&Szy1;o9>lDU&?Aq|E zX8CsDuM1=3pDwh{1>;0@I@uY|S#RD=eY-ca1gnGw>Quau#MUy{hst1!R+m@miYH6@ zPron;{_M3>2W)Y`8^0Aaa2>)zuzDkP@($=PU&zo}hIi&s9Pk8PvhYh0m%X03U7b#`M47Bq#C*5KOzlh)?{z^8 zdn^q`v_kFnqJ6kh|KiWs-(GL)ab4R!+uj{rP)YuLcK6u)z^Z$4zZtD%8Iu+9okmf{ zk7a(9&kYoptEv4`;oLnI58U`@rt`X@^^xO-;<#vkYy$DMS-<*-FHep(cr;e}2Onil zIaFx+W_s4F+^?H&be~XHvU35{=`veEpLh8^e$~%fsJ33=o>;y&uv|zAEQ^AdikP;~ zU>kS4O7Ib(U`wJV@z+)r6*P%_38Q@zXw?Wo@R+(XsJq`4x-wFszwEFuyvF`NVAXe8Db`p4!RaY zLk@?Jm^%8mF+RG@Cnc{sgELMO!>12VF7uyCPr-WBgj!`fuHD*Mdu506(KuNU581B! zu+iR|PnRE}e7%|7#!^jb!TYMCC4Qx!gCT`CHGg~b2!3ZRmqDZ2dXtN%girsW_f+5A zjlh?Ncf%T9dwwY?p;|`h<%z~s9lE?9zP*xJ%GtJa!t@tGw=V`QH!u0B;0-q>=r2># zqKF&CSxpvP^%u5ZvGYI_95302@4n*p{|Gy}^*a(~cg=IUW1`l>>u9|tiaTue!euN| z-f7sfL{s=u`u>pP(~h6??{Spgba3lU(eIx;PiprRx9Y-Rcq#psUGaPX zLXwzTN>hHE?b*8bu&z^4-7{(AJZ_6#RUMn=eKXXXGXIXY{(L%%)g7jUG$YMZF;w8^ zfeM`_MRLp60b7W|qD}S^a(F7RCz)Q+04t9=5}eiA4pMHy&xG{TD5ts0%v~N2ZJyN- zgCvGodvgpLcIBn5{15itGOo(5dlywiK#&j-q(QnBrBj-PQc8DAOG`_)z@nsEM7p~{ z8U&Hf<7!`0` z72Ur0x{%r)`f+Y<5VR_Fm>10EniWJ;86qrECNK$7tx$JfQiKMz9eVPdoy!OCv-w&y z94re^GBe|Ay2;W{Nqg4zXuDs_ZoS;!r?Gl06Aa&6joT$!@@Cz9$P2C;+@S_{P%5A^ zsrYFd&~2eou){*_+82xnvVBA|?{+e`TN!n0Um@VK#xZJFhH2TpG&ue!N6R97+9L*Y zTyHB|?7?#5Ex9b(N!3Na@##>G&N$W;sri`Zr{I(EPYsNVUrZ>q8X7LoFin^%r|o?{ zeoq=U&fKy5_1VL*|9;N+Hu>84tYq>NelBZ4=Wv0`ks}$f(SEb`F2`@bfG&mD z@##wg7#WF^O^Y6auc)qhR4Y%W`mM!$OO9{bY2cSpmP9{|+Q}+Q(x1&d5%*-dg-En> zwCd?T#o*9Y>9{u{xSdjV*w1}Gen*treZlaiZCvEWrY}FgR~i)#z58{YDK4{)0`u)Z z28;M_vp&8X_pPG!cQiq8cV6Buw150f;K$^1ySI5%U>X%;xg`)@Oog(i;Lt{(Z&{#y z&u4z4vW5500GnLztF?Yu^fJkCIp)prk!B+2R>=N^$($^@r^n?Es?5mQT#lJxMeG*y z!4@k^oxkVRo{Cm>CQH-wZQ%gxbl=E3Mi3jyS)t`D8kkq^d)1^RgXL^D3LgJGl1tiD zN!kUm5lQ4%R^^&ca^?Q$IGo^cV-hiI#PIpvz3pS!(qQ$+uaO_#?P> zltsp6MuVZ9pjNi#JI(y*`3HjVFoV`6&#xy2`#(Qc3nePXT^RkAYup4C$51OPGI1ws z?<^-5#P)Q04R0a?>Xw!&8-{tDJ9zEro+`QIpoW{MPA81WjL=g5@TD_gKRqmi8%O`$ zD+*ah)oIeZesg_^nb`DkRxzwfy~h1qYfFjOUnsF)4aYj4izs>+ni|9}nCj1%Zw`D^IhI$GcT z9kGn8w2ygZ&mi<@*Z+Kb3VXYMP)8jW_)4oJhC?g8fjm+ ze$Q!$q~T0ftZcgbpo-H7f#|=CssaJ4!q6?5Lk(P9niZ3G{ojp2cbfgASGzaZ)n+}d zC)9Vv=~k|vNn5F&cVba7N{r`+Bh5vH++*^4uA=+*Y_VSmzOUI^l@F$M*0yQQLgWab=OA?~nu%s)Rd1&c;h}(sZGR-=+fZ<|8t!6zQR)$p@;V|~{lens z)#+^9lEtp~gx>m8{>$b{ZIdy@L9#yHO zpgghG;5$BWh%P9deJIRW!uZdjc`iE8){%!)0TZd8&OFS=(;|0K~o-?)}3Q&bYt=lip5leG6EL;9-ElUa^_-KY2nA52l2KJQ>e^Fdd_SE zohGT<`RE!Wu^TBS;D(XBb5afR^>|7^mgTi9dvgrnz&;ACANYpm1+2v5tPSXPUtg(Y zv>VG++?_G6GS`y%eyn<*YJc6gXgiK}2V4axM@dP3HJp-q{N2H-BIQKY{fhrYk-xw3 zu>0}pMQG5dNwSvZlmiOhU^DC^HR$&buQ1i1{r&i0xDmmdN3RRAy(l$8h#cVbxilUw z`Rve5j-up%2A7bA+mo%z!^3`y&M>SlYZLKbm+Mt~<>a0Trdt(zR<4$gVvj<<+XsN$ zxwi6mm!GgS@Nl@NopkgvxxtD2C1l5A{&MwBsbRODLOE2wrDJZ}*n9Bht&Mtu!|Sde zTf3ZXahsFbGKO;b2LV�g% zGk>fq4%JY{?v@cIG0EQhs$9oI%}}GTrp&>j#LQGDvq(?##R4N>hTX%K$l16Z7)fF3#Qh z7!K7+Jr6!M;jIt?w(_wYev?#LPp;$9!U>|&KYigeFx$^SR2xh9{bPWfjX)?`|If&WFig2}Oo;R`uV#tDF=V)Hq-uxl)e@B+^ZM8N52^zHcc z{W4LuM8}B%5B2@b2B8z9AUMf9s{;HU&L44pV1_Ap%Rl z^0a<$CmWl*Y(mJLfY+*0-&~^z5lcfO`)%O5Yxc_4txHnGv{ob!CwA1(ZxsqT;6Oon z7Wjdjl>qjj(p;diY7zlI!b@D}-J$=?+p_2nW(6--3xu}`n3D)RDtZoC^55k-6uj## ztW?Zglu6+=X|cGvp2D{12@O*6{-MzJ#KPx`fGBqY0l4Z@K=;4y`v7`xw_tb`t*4$` z!*yeSd{y&grDjLvPUDw?8RtLV6FxTtEb11Cg;UN!f^#?fGKnvaB)5hOvkPX^m1aAs z6yQ#Qe_j**Z7|h0pru&*;b4$+V{2^3r-;_K$+g9GIK5+Xw9?eXyiz~$8ml;A)MNnh zv+-u(<<(&ww&m*dh7t!cb6rxwRAXI1!{)c2b4%dNJRfA|STYsVU^)PcYMGmZ>SVj$ zqN9e{D+O{@725{{a}P4B7mg9zUmL0_fRg$I;aGTaqei}Y-SN%bt}<&_#h{vJSx~BM z+1M^`C($ca&R2->BkQR`x>;Rw`wvD-d)&S192z`vTHh=H1@#_Io)0@%v{E-o00xLp zgGU4dWrIyu&5hTmqKOAfBiSe;`q`DE_8p_6`q`Y7J;5wKD%pBI5PFKqjGZ- z`89KsPIiqY^bVGbHSo;pidv1@M=?JdEgZ+p$ink zN3&%J>ee$t6c;0~<+_jeOf(XAyjP2+=^5RE>^;Ub+PK_Mq zr5To`xAJ^0MV3BN-I6>vhn^ETI_~D!+Je-9xCGRQD+|LjEtl$oa*-uB`?~juHTd9M zgNKo1l6xVk=dZh!y_HkUf9AdubWW6p5lnuztQ&Ljph`{F<#hdlxjx%CYPtTJ@<01S zG43;O#H6Pgk&HI`!YwzQ$S1kV8jCxcm|+tewwOdyu&~6*o?fns7-BBWXMW`T1ekG_ zA25lT39Qc4%hydbsz2$Sw-Ec>Sui=hCbt-n6Bs0S94pPgI*^lsr>qll3%6J^TcmmmWC&nUR|)z!oGIB(}LwsO+@ns@OB>FTuFI z`Ko0%_`9Wz{rLNgMVI!JYUT>jB*E{-D)U|U$xF+ULeir(*Bvh*a?`|usR^_W-o4cT z%f3AF@mWOeRM6E)1?Jc$&ZL9F;eL$d6qUhTxmV7#h0mo!6(1Y-c&zockcww5r$obk zWf;j-td_$tg@)dRj?=x)rlX*lkGC%!5vErtdNI=774+$Yh3-z})+Phxl?56TIs^Rf z4{U(x2PwVJ8UGvi#7m#h$b_!O=~%4RZ*aPw#&P9P}$He zNVG?r1%?uze+lw0^g=Txng93>BbgU;nQ65z-k_JQsU86ofMo)s+yZgiJ2&f+4HB(? zb;t_oqHdMUnvIscwKE?teqDS&T>~xjcOj{jrTVLqD>i}F%IS{|Q-^82+gsM2#Z4&! zaHSbW)<+Meib zsc&^g|IpHGnbRJhXOQC$4Z{l@np?6fa=!hMm)lq59>w_m32J$({Xg1+07XF4A^48fhAC>J~0O#5^;E}3= z?xFFoEkdVxDtDvWEXFi$)GS@SmRY~TmFU9*U>%s`r5e_J9&>Z*RSvup;98yK?>QZd z&YdF-J_}uP*K0o~i@3*yRpDf{U8C#cy!@xj=VulH28Ec<3~Kx_Es_OpKTs73{&bu% zTiSPC5bvd5HU^NaUGus*tRJ1NHR&hxp~I7SA666>$5iD)Sc3kpL9nSF%mUz-5Gg-Y@NVjcGbz|^2K<5Kn!%3v2U3<*wL}r}- zfr&bWhQaLlq({Pu=(ljg_j?O;sg=2NZts+;hHQH$GCD#4iY%#Cq)jXnZRnf9_yhwa zJ{J|f!1@kY)<(hB(L`-RBF^`FNPsdUM$2U*8yvt$4b?CmD@=AroD^|=rI4ru;^NSy zHOnxL(PB4W>xSzAy3^HVHg8nq!#$(JXw#Od7EDcFqmGQ_zAedd*HpJBt$DFpr(=nw zg4frHIHgZQ;6ZJy#jAPwhC=en&4z20Z6C9-L0LGbo|1z2p!UY^~CE zzp|V$s$XyqX7I zyc9r)qz1YyIPZg9DG^4*LMh>f20YhENO0C)(=q%lkw&c{J11weWk#`D z-(aEVX+TPwJ)Du?0W@eF|C>RZ2!`LihvGY1*l;>IPbeJ=;^o;#d(DcPu=8GpO0!<2 z?WuU7$?U4zDY8#yBHUvovzt4ul!q)_ssg?$i2bGd`6rb1!AHc??Hu!2#FjoBQ>cUO zojS7E3mUAjubqFKgpBBP5T6BH`b$Rb+WxdTv`K2Zsl?DNe-)ZDNR_+tcrfTsZgD2M z=j)_2hJwIRcig}4ue`#p6g`_|`Xm9*9v1Jet`e%m2d1!< zUuhUfl~T)=Gg#hV>xf198PC_a4W(E8>_k}uT@r3Rka$~WS@JsWWA9X}c!=mz-EY~A zQ31xh1NyljZtBSVZ^skRD>$M}z*G(?0Z;ah=fGTBftohONmZ(6#Ll#9+kRfJ)ooR> zLz|D|P{hnmlBm;zHCadg)5#x~0$l2CWR13g6&IeT1IW`oxgkp-zjT$Q6@S7W(4;@~ zJE!-f@BfCvF5@2|&u%Cc3ocyreFB#8GLeWuBQx9CpC5ZDgwwNNKT%5sDA5LlmDnJZT-vT$98QQ zU+Tz>za*y&&=e-or@>yC?bJ?L7!W(zbknEg>Qp`K|FahsouynV0aFaIW*xK2qK?Zp zH+YGRD@>uSh?|%DJ`#6wCGE;7&m$IGLKLZFRO(TC<86fS4^uSjWx>FziZXm8UN91? zfrhU4Risn`t2T-&tNOvCkRLv6m#!7-4QjJ7&)t`ZsA%*eVb{EK;=km2E+)o$SDGuU zs!`NQ?Bu;pwr9edZ1C$guuq~5uyPfC-R;8I^`pDUJo)!5K-6xNn5@}*lb0&Z87@S$ z&h&*oGuE!^jXDj=U71U%4KNbF?fe!g=|$T_z`8L4uIesIynm`Vyw)Q)T>Flgr+BuB zSTdJ>>sFJkK+b~739ISd>8ul*=~#YpUusoaTJGVKp57U3%xIJ_qUyofgu__P@e;}O zLK64uA={(oM#Ws)C}^IG0dLH z3gL*Br~HJG1+N%gPTwD18TAykIolZ(vDzN)t9dRVLx%3$7m(`Ob@v#s z4D>v1OO3E5V2$mR6r#<&h#gyWT`t)(dA=WV4P#rlqca zq#G2iPK^eLR3qz)~w>1dTR4c zl-op|XZbc!Qe2HqG~M|em*Oc+R=sxD*>qBd9dWX8IQ@9Ad&z)|?c8Hk<7M`o17c-m zgRNUxLww-YFpK)&0{n1(s{YnrSoWE27WGxTSr)ZBdx#k9Ti=a{x)uUlZR1A!nOC-2 z^L&tc<^5P;Zd*~r645pr(Mg#6NWkbUla=CP6qe_*$DzC+ogqh|mjS9aebgMHzH2%C z>V59Il=RlOla+6UIn_tcOW*i>nW{-3NzLMz7&Sd z1P6p=L-us#O4d&Ij^QtZGwGNgO3T5lDpGl;1QRt--+vwJxgy+s z@s%Q6F#f*ugPtqrD*g@4loaw`N{-`|q0_h1iR>FQgUgvFRuMkt@1I~^X%-oCthM@W zjlO$q%rmTb>ba1+R1&@ZAp}MSGkjhUwQei-Hc83w@E7lua^$_qV+SBowc?p8cCq- z`g$^H{9CiTOaZMRgIfK^5__|Wn$OXiLnp9YcX>;d!Ja+kp71=+=p&aTrZ^qXni}gT zo(aB-af{O>a1owmc+_s5KJuYx~ z)}sAw#RIrU@OQavPQ>dn-UMKNc%r4Ix7+vQ4UXCI7*}d0vyBpYLIffk(8UBUY9wT5} z@~yi9Z`HOYHG|su9}%9lV>?oY_>)oQwZ@b2^-gqfpiw=6!;CdE=SwUC`#a$yZtzSK zL4}Y=__CfU2O$!V-{(m9_T!vL_;EM06pVs+>>(Kyxqw~f`%_$JZN5*Tp-I;%eXi+6 z9}5j8dN>p-E-DmVQ+sx&QKb11{B$^hG)x}0g~}z-i09p+lr#yF0qYu>b6+(K59Oz; z++?K7?;$)6e;uc%B*lVo^(8ZfVWQf`;4a}pGhkiarqCOVwy#-s%XQE#5J@H!a;dN1 z9|<{J#|ZEG`IdNPujwY1O%NfnNv5t+IqAYw^TU-b_ubhYLN2qUX^v~wiK^Ac;Vo}% z+x>J@nJK%;9-YJ+T+QZKHZ9f)?0nLrHxFXtf(+YEk`7;Y-B_$UYl9d|TN{Dmw3#sz8}$08#VSyF|U<=(LfTN z+_Zh=yqVJb!(U;EH;iJi4?@cSqf4lUs=mo4GXm0M2h?dwD)rU~ToEL4+fVM2&pEBe z*R5EzzLoPa*`98!b-gPJjYz04?_pwVe0I;eQA6AHR*B(VW$4HKdYQz+QtL2xqdwxy znT4aZR5xuh^3&?jr02upcd0T)*~~p7>-^^!ayWPj}Np`PCW*RNlJ&$_e4?B)Xe8!{G23e*4R$`@>mRGXuOw-DU2En^!s#Z^?cbZpC}7)!99dR_zx3 z9pGZC&JL#6FUt(MN_onZ?6}wrLCd!HUwqQE+OQu0G?^9+0v6?o>qo+>OI z0lzO3+oRGOyN35=gY3M%+OH-f@Rb z&I-Ik=RHuON5mjqAPmMCe@?S-MoOAhX6&ai8ue!oJdm4vqcp;zmxI#mEWU#EE0a7G zO>PHQoH>^wymz>wgb?Wg1@N)E`-jWQR5Z@d)=7xJMZ!nWM?eJ+`d2^&mrLy}E&PR% z&_E;Z)brQ;k&;e9c-GEH(~>OK|C1QXv@4P}HP2uE3Xvq|6i)v^p*t}hhJda!uBf-s*Q zJ^I>oO^~Zl_O1MbVv}kzsgUKD>k1Dh)6w<7>Rocr*K|CHFdmzks4xPy8=J<^ug>Ay zs)gRK1k&6&u_y}#;+a)CM*Mf*vyy{5J)sj1@)teHsb^aevZUVd|HAd zg~AZuw9cotzvEPrP`ZcdmGw;CplBw0b+(QmPnL?NM6b@l&B;k&385kFw{sTgE*h&{ zaye$ij_7?+c*d1-s2ls`nO&`A7PXzBp1=!ac4$RUNb@Ch`wehs39LR|BQ!iO;B(`@ zMYXCc87snG75si(Ib(b^&Sf<5q{;eR>6;s;A}6AvMY9S{%|}HejWqn@1+pzBD5r*Y zXgR!7O8W3c1<^}#@WO)O@%2@kVM|YV_B1D-R2xyhQBLWTwwbT@RS?&mjPW(P-uYAe zAtT@Ii*&08qvW@^AY`=Oy;%F{a0oQV z3=iaVYKYBLctp&0JXEU_U!MP9Yjl-cWl3Fesa|9Kll|6*OwoADmT-D$dm{lXK_X*L zMsTEQ_JEeCGMxOMJ09Kqp?^tjV{9(1rLAXv=y-``R zgRkwIuybdhAv`01CH|r17 zt~%v*jRz7&#&>XXmD80aQn?nUyWoFxy1bv*%}hM%`C{Z0`EDzP$~Cr#Pzc9SG7^NR zk_Y-|PmvxydakJd7~FD^fay~j&aFKIe+08Bb#)(KETL=GCc$+Iy|Y;L>+B!HRlUj6q!Znf`y8SmRR13IJn* z4h@O!S&-C5K@Y5dW)n8^12Zf%OB44Q=+Zl-9C~PmRNyhC3T7KSWnj6tXjx!{0$zYK zp$2xxF$qqFrhQ<7y>Ue7=(m#gDo0pWGHU$_$_T{p747wZyJfUPeyc9%ac-1*wc}Yd z#_(vuv#Rz>gsL<-C}TLFqQVf(@Cj5tOp|6<4YG|o4)siGFl|I-M-jUF zM7tpnxVbe>n_A552JNF5qQZtZ87rkaD`vy_Lyv4)Ufg)g+FladE!K9j;Iot`y zn6^giy$stzPaBG8i!5Fw35*@qh_h?=DOI^3+N~m09?T~MhEcYx*8m(11(+EjRdDD| zmp6^fN}kcJQ+U_-7xm7EUer|b?%|AzAV)>F8rRRFW>$36YJ^sbIyBZxoXGlMZfpM* zNU00#qFb~XxL0v`g6(5aTn&Q?aSUa|bI>Qa{=XQXBR{+=nsx`g!AbbgD+4m2m+d&u zk)MIG+G+j&4-05!rr|_==oJC_^}&N^En~E0Vo?6!+eJ=o5QwB`kibfXrdHXB6;z9w zAnSv{b7VzmlE(XNrbL9~FFXs?+*;iF9(E9TH9~m8$X~dT61+A?ZMDRK{Lt$?^nsXl z^_d#zYnl-mVJ$dPcfm6h@BC0Q1&wqL0k79TX~5*C2Cs@B8O0GIUHA(#N=Y~BeSnI% zE7~mC%w9X?_8d6_j9|NQ0BD<-7{x?ZyDsP7w?V7HrznWP_bsfRBKbqn^Pd0bzg+-+ z$!CDpF({lD*oactJ$f!9z1s8B#TY#L??;xQui3uM;3N~JkcP|)H$pk=->>STwTpo< zcoVpdBuXI!`WT*STctq!&o`eU(LfOZE<7{&3b_;-2{j7pt&D%a8$kt1>wffl^7%tA zL&)?d0@dCBTPqwWhH`R26^H!YLjOPY0l$Q6p;Z@aRspFfMKAQH5mMPM=mWtCctPPtQW%c7qB7L-5cm5HzbKNbkQ-+zR2xz0 z_|S_Pve?)MeYNKQzHRsd)TdPS)2M?eMGVxvz?!Q5?IK;YbEvQj$k_i0f^GkO;xLp+ z+EZHYJVjCiLkeep{MBLX-?zK;L46EM_Vc%ZsX*fbvoEj$7W<#p?nCZy)B^tfpYHIt z1G6wdJ2yloCto0!K7^V~`+TeL-wH)^Kx3xApf-m2U(5aPn9W1>x9S5vEe6aY=CBmzvYR74l*RD-mgYjKNwfv@Bfk&0Mju z&Hv$P&|J?+{(lYk|I~2%aK|rCwv0B0vr9i6=$|E~+OG6;d*8=k&&wPo1|vfM2pJI6 zQ34)~s2@ssunMz3)7YMI0P7UHGzcR?I)EamcKf!AD1{sp3<$k%mcoS$m%Adth3{0U z7)B*@4{-Au`>g88-{HmcTIr4J1>oTHpwpZ?-L)s+sD$OnCT9U486}!BVh9@V4+pAi z553@!yLRgpu`~gKS$4A#`i;?o#BIQyPBTZj#kQ6Bdp9LO3<{~w~yTxn@M2ALC z=6I8YpfbqSrlc^vszIG_2{fe}&H*_kT(8Z)8?Zz$Sx!~HHJee62W5c8$RPhw=se0~ zrX==+ehACqV`O3n3CMIaI}DOvBEztNLDBdK2rj5-Im9G6%{nXAIqtwWd@IaAT;K_6 z2IPmd;X*gnfaYF6vC?89i6j$~(G_y3hSIVWVk8D}&&?#s zanK!I#K?d%1V$+6R;~8tP-1c71;{2RDCxGcDI**q*CMqglC&?%97yb#wY4>MeRtpw|2`X#s9Le&NO_rGzbJj@0nEMb-r$_uQP}%@)fa_4kCiKLsu$y<^tQt7lZEKc zfGn%G%vSjD}W*7 zao_`w)dPIIW+1LM#n4>k?wjW!S|D$v|J)9nKCRvH$hj7Vw;6_*!+t zX=E4HLgjevI-q?Tv?&)rsN4mPd(2N?%EwY-0^X3QEexo4Is82l5Z$VeSNY?GoHUN0nEelHGtK488G!SPzaRlhpoAKYHlccAb4tS zZ?5WghrO*-!1rb1op{BR?bw&r)&qo$$nE%(Z30yN6iTY#^ZX{9G7>h^j~=uxMP03d4qF*OuGQXC~G z#@++Mo2GjxCe33SMY|fYO(uia7wxwD?T_WUN;=85qV4t%FqT)qpLWzeDqkmFdjjiD zIt*sVumbGY-?xO2y*w#2pd+kyC4%0Sb+Zy@d7*_@{iVD4TwZ2cO^RO8;<#uh2{03U<-9!^fu1 z2)j{FwM&Mc3LuaW@h$$2>M)SRvm38gW*kOUUVa3aHwjuD0dY{w#_t@y3&oLVXP`vB zt+(~#wB;WIyVi#?LG2iA0W~d+dd!S98nrJ7Qoi$LiI`r~P*8O-3{fm!OL65jVvQ`d z-xwAd4Pt9NZ)G?(EBJKO&*fLfL@z)eMjy1Dktvq0DF~>fc3(!n!P^5qs8ZN;<8nrd z&f3Gw_e0YMkko{TBi|1tHNj_C`R7rQp5Pqd=ugwuiq0v>jS1 zBcCW`a5N2jNt%tY4?F4=yfYl$HSINW00O1-B28@5We+^3%l!NI1rqA#T=xV5IG&0= z1k~9Bfwo~{ux1qVM^9f`qdt5(A85(E?Z%{3zJ^C29LP8L&|r-W&mHYs_zu|hU0mfD zd;Rr-n1J`PjUb7IG-#M9V~faI~hRp%1VWOq@1u+ZyA)JEYr*-PI*+$W+(QhA>XlzW zIoa0FHlP%%yKU23oOJOr;NPFBj5vs>j7Q=O%Bz)4}U0CvZ%43URC|3NLIi;kYqW zYtqGd-q@p0x)hkV!Ny4!-GbR3>g0K`&d zQ!U~)h9>wc5y_t%3=}&E%`vl(nb3ln>*{Xq>TR}ngzPCGSENaaQ_*aH`pwz%id9*a zZ6uk2+gRx#C7VY}&u7IzzS!ER0|CA*dfSMvQtm6lFN2>g<@_>XenGN%5~C9BzB#;A zZdvRDROTtHHi>c^UeI=tQtNg_P!?h>e=ZGi2;hv~|BPK7(14}rtr)`p(P6ljA`<6K zz8DU3Mev8z$QKt@#S#m(+34JJ@8$q&`Z}xlYe~Xyw>ZRx--Ee!O?8PZ>qA8gxL`2v z(sp>3Z|q)#WrRg;66F9;g`G4;EpU(HkKxKP9L-ld{4FQ+M71)bn?nlrvGX25)5l_R z?|YPt=ylJtkSBCIyqOhMMJMj)-mD`cTr_L1FMbTNvfmH+RPxq-XWnC#*yMXY$hV;+ z2QD@@$%)JkrK=l{ud4c zH!kjJ8ly#pWQ1Q~h@synz(BLoR7HA5YHvbE^vtW`j-pq#aHiz_&itWvtLg<5lSi++ zH5%P&%5ZUNV`rSAT^!F!M(3@(MS>F5vl>OxTIq|Dh`qjEz_{I)JRRq4TD*%t(u!z> zjwpH`_TROO=G_;=di|_rw;B%rROlmij*Qw7d&D;q@Z`R2=LPcQJ9zfdXVR+&k7>Ct zK9klh%%d_)0d*Jjv`!afe>2iH5$``pTax7m8SnEJ`$zy^X3|&GF7)2c-MT&PE>b2b z*!sO#VrEWVH0jedzf&&yy+t_g>SOnx=I6 zRe#h=)}Iw2dO+K3mt*y%3#-QF3$ltB`trjnJ~YlbaAY*Y9QDlSE_<;)S~LX3z;NBo zrvTmV-&GNJE;Wru7Ny&o4WR--E+F};Bh`qeMMDelP@q>zm!K3s_<0h1?>7!{G!qbb zwDqC6ZxqZcpCv1VIQ~9VWgkE!9+T{@>BQ~Y!t+=l3v+T4=D+AKgBQ%jH&u@LNN

    *+C=tzxRK^$2yy)hl?2*N_Yidruu#RT( z0}_eup0REt;X@^{45Tot-WOC~fBUg(m%tL(;Oyja0{4a;wR4p&N1-4*sKg(ESdu52 zm0B(9Hn}yj?|0*L5_W#nbP`g5yufB9uGxDHd1rfkY4Wh=5;M`LL!Zn5B<(i{&7IGZ z;PK_^+~4a-5@e&1DkIoGlok4&ol@r+Qc%`tPLF;4v)_B+RULnKXVi+WC%y(sa_$=v zV29m2B%@0}+9Pfs&-;z}zWNc8OP@%*Kwr%8&$QXqT8*iW>u-VI?;9CGOW9c4|Kv&x z%1M6Y!JRZoB;#dt9c(u^A*jR$_a}-WTvtBKaXD`vM>9-Y5BqWcGG=Xmc}!slICnO zBh2o|2(~I@rBr+mnAW76|5_3s5a?wAneg8Afr2>i0S|whr2LIN7k&mh+n9>p zF8sT2HoL6z!;@Cp?758KVWq#Kd6j?Ws3_f9pzA{cz+$BFzP3HvQZT^5+!6UNxzUFC z%LDkCzY>ZHS<)O>;sj~A;#^5+>hrpB%Ah5JV7hOQ@=Y*+@2IW8y`q(zgC9m~rSSq$mE_D-$ghJwW+3p@C;ooq$NeJD?Hn^KiHRTf*YA zYm=6@R^ZX*5oAKixfoeOah{ zKakfAnu7E9ZRZ3=3Qp4{`81+P=11SV%2AJ?@V=_}>MZK$p7v!}e6)~&tUeS9#VfS8 zR`xtf;R|iEFGV@V4MukTX$7BUvK613r|A_O#)0bK1Hpf8)pc0jAX)uaJTTrIRQqbo zn*tV@zXj(P^pX{yVH!Y?55_p_hoqOAehB+R0-*qG0P4PpH^1n#@lg6b38K;0j#lobKBU%?k-62xhZp#_7vK?$e(0GKR2%LjSLyIX^LsRJ)(;^ zczfWX$$LfOq#V%~nAUQk^W*&e9f->@;klLQt4P>4l?{vKKB4J)Zf?&zTo7K^?XUJ^ z5c}&%up=4)3J}a;W$4zxO&8^mm%Gi`2dL0ab#nuqEGmB+n|u$8FW8}m{dpMl@(J@A zc$IYUx$fQVd8NX7yLy|%-E}S7MDS>s^!QK}{}gcWQi^GU5sOMU3GPTaRtJfh{#UMf zD}Aipm`n{)Hz&@IY0IGdr)gF8x9O&gNh&A1`cf+mU7R5;olRDm0s6~Z4Lr08v=NQe4W4cQ8Shr5L zm~J>&bK|a0Xv2Kj*1xkV1$E$Fy_2zrU_g|>8+e>=0EEo_vfM({lg~wS`?W;n>hOw{ zo~NysdRi?2`kUw;FHvvOthh-M3Qf{R&=vzB$6PuNyU-b`W6=K@5?Sqr}~^dn4e4@qF3*Y4> zvLQg8?ICqp>{)^H#L?57d>v)Sh z^`*(*AI{agIk$i_(HMGWuDO`%M$9K{Q3cwyI0a`8=r??T-=C_2`|4jG)w5{wYPy7k zhnmsu!c4~xGr!@Otb2GD8unIVL_{f^bpm=XJ`?M|OJzb&e#m_{t+*4`%41)RTbut!R z;n2uO_oZL-yFJA!_qjE`jI#lT(u-imZMc(YhwYgLu` zbvMiMrY!C{QzK)3EkLsLJwYoiMYJsC0pF#=`WvOgBZ>KWMQa2y*LWV$X-w|RkOM*Y z{kx%%acj?U)!jCr=eC9&v=_n&?C1v~>h_pf{=W60%7@Rj8>_3iri6BTNYwh50E<3W zO7*QhfT~s@^;5LdHMwq&vjl;fvo#x}y~L3~&uiZK1rJMTagQy{D{ZLS1E5s5I6t^X zO|CK%kLUAWI`x2|2+DSS`QpN5eZt!skp*Zz;kPfN>QO1+@_9$P>`??d9Ht~m)c_jj z_xS)6_QKZ{aWQ`%(!I9U^xBTwGX27KUm+ike9{&Gd~&IkPVu5}-&uh zO)m&4ghAz_HeW4~Ca5O?Oi4QA8pb?G3C^vUC0?TTGU#(JlH6?LeCo2;FHQN-oX#_3 z8F`465a6u8h$=i5<-<*{I(7iNsWSJt-^>7N%z#PSwUpm}SCk7sdyv{OzxT&W2ljI% zXRrN@0ff9)_>f#|=IP=H@qE`mM(C^Y>Pg{&`V=MHuKp^X`CfCXP^X~w3k%7ImaWVI zmJpOq2U&2FJ%h=EFlSl9!|tF?J}A$%*X&tV85$4!ExNk;Q4!=`&L`5(%>v=G1X&nB z!%|M}+b4Whn|>~xE^(5B|GcEIiaxFv|wn?vn=@}2|fH;;hi41&}_N7=Gy`01#c9{hDLSugVj{&yM zw)hUpi#pFhyFNenKVxMG8@0dJss&)mksOmPOn8 zGJ!lX@3E+dfI-_0EM>#=8(c*kZkbAP5Rbf^4_;*75~rU#vZ$vWcqji_C~9;pOjK5R%#5 z&8H=GUTP=ne8(LV)kmj<@grC!W!Gg9+x*pX>yim4&(RQ z+H03q2->ue^lcc`{MJbjROlB(GR5v_8~7ADc5y#%zeoAfxA`Uh{v5=}R6w=&GeF5q zD<9>1@lQwhch0+lQ!`)5zRT+l4%S6$%Mnn$J4(stj4)0t4UfC${k#t{d_ZckEfVV) z4aafvEgt*o244~y&v5Rg(&UqGX4oY)rl*x=^`Ae;Zc{%+W8ns@SkSxrSzDtgr}*db zds?R+;9!i^!!`A5`+`1hE(zx8BmAoQo(zZ$UMt>v4X%g6L3^^>r(KHaq~_0a0p}t7 z_J`wnDdUWS-p9!=-VvK^N&;61{{nJ9c3%wGBlCKlVPWNO^PUJl;0k|&A17wzWgp%9 zS2%o#7b&x`u(&{a+Y8#AuS8DkeKGfIkmrlC_`rS6RMr!uqUCv zC{n09{iA395e6zG)ghbhzSm7PoW1)53wP!6(e zturAIxA|+Dd6yU9s0ZUX(_v4dN7Qb;26=6oV$Kg3u|rt{R7xN$;F_5Im@j{FH*3x* zm>3>QdYLZouCy(dtiZ?0%YKnkkVFuXo#2{l^_u;0b<6_Q=c$`5f6YNviQk(+!2y5+ zsfO0_>GbFJ(0$bT(AO_PQ!2>7^zWa6g!|8cmjnCg7lcRuArz>PU2XHw21(bkmI8wfQcsj6C-cdU zyFH(}MVj}>XgqjwHO%02QD@HeXZ)5ro59*qU}y(l_1DD1@V!%^AI6oG&w&9jIva7u zD4Twoj^8P4l@zhb=DZ=W{kZCDl+%eJu`im4tbqE;5zrq3N3FQ9ule;5`b!W=%H9!?>eo$rf5dn*uL>3&mGBGNlab%lTsYRLrl* zxQNSGj&P*98x+WS)fj&=!`TQs)h43%>5y{$2a782K_n6=8W3*%fYSsF#A*J96NzX{ zu}w7S?aJBxI?3pqwIN}2@Uwb)H1SUB@;uRvYY(#Uf~(6ZWacE1eE)Ed_j(7y3i=2)*6SnvR|iVp{y63`^&c{vb{V;IiS8lj?^({DXM9=91SSs2T$5c@&fNxAMnPG?B^A_%k^dJyh9{p6wNu8 zd+^>408lepT;eEk3JJ?GeQ=`AzhF*Ub~?vm7z4x||=e_Iqq8 z0dh^JoA~>yYj&XXe4&!wbEOjR3_8hn5yl@V%}D|Qt6#}oZ_sai{3QPJQSv5Sw-()` z2>wyZwBeht&|8xUp1xN7J~(J||2XIkh+crD#X4;kv)tUlA>uY^LT!IIjp{|?z|%P>#55=t|X zxw7M#)b6{UQ1}9;Fp=7dXcHoBWAe0KCG-zRR=xwK>vAx?No70UFJbk^FG#8DW#5en zt8FGz%N%a~WRS<^>$4@XPo`-0$Y1u8X^#`(nR<-FMz!wuc<*4UU*S^bO!5ux&g*=t zW%(yJCBQU+eA?%AXjBvzfa54Z!!O1S^0NRjn;7Oq3GN)C1^lq4`WbdWo>A1a!he-p`h02v;&$SS|=3HaL~TwuY#trwLta}Bu&^v_{J2n}X%f}!8L*rR$j+H1Vcj3NN`_$lz*cg^v?>P_l zSML;%WhM&Dn3}8W^MeB7v*#lqQ-6U4F{h&wwt@-$qZM-?|&HB=B>%8=r$ck>V-6T$eJWsEhH9<;dNbxH=Pu z`mt@c_$k~=o&rI;fdS@=9*Lrrh$1PhlvGtaL=JGj6si$N=@}>kJH_y}ihYm<4p!CM z(S}?H2D_2>X)Hh0xqEN)_1crKBl^Az{jv3w>fKi?J6kk+&=d~yx7Qs|Evc0OCP>v! z_rs6;m~WxC^a-g>36?(ox|hAp7uYJ_yzORqE0l<1OO|%m_I=9L#jk@e-|9&hZa=-` zNO(X&U0_Ie8ClUTmO2>D&GoBImfw~41L}2!VL_UYqF||nTzNcw_pQz!LihY>j1`*H ztvCng-&LV2{%n5g1%gwEr0WA!?V;T`aKUi0qpq0@j6Q<4p@`+6+&yO)GHo6_^RxMwv#MX1%3JxPPF$xX$yx*Ryt&Cx%$~-U42|A;)C=3>f z$HiU#5{z&^!Z9MBF8elfUP|Eo$}Fd?_BLee z*UbeN*8WkBqtmaO@W<^+ek{*NO$p)SkQ@YI#ZDcQPt$&Uh|e%Pr~OXBFF@w90tn;| zsv2G0jKKNead$g;%T>8tI6X{YHI50x69;_jh@W6>EJU}K7mo(LO}*Sb*Ug;l@QF5? z{h;w`;*mgl!So!?G34#}R3WDQ(PEvoS@k#U!7E7L>Y9M`OQSq2Qah&Us%3 z@$(r?Q0@8i{m0If$DHZ-`sQ}I9`!dd?~NeL>%&+QTzYZR+-G{4TGY(R4o!ZCFv;n0 zA&kU<&@T?Ku8%Mp7tY$($mjLWC`cGaN%Cl?D6y-2umUJ(O%}`zC8-|%p;-oR>gt4> ze>sOWj9FoPi8tb~xOc&|yvVL3&+XbZsCSGL3s|Z+HL5`Wr#_K zX_?8I04jSJe*aTQo*MdNrXMo$DegV`&%BGIsG@#wTSdxab$UYvyn4`__r&9U$=J_& zTA&u}f?D+p!O@=RtHH1e0rvmQW@duLNc}YC4xAHZ)Mkd;BxV5%<5?G-Xr_8>7`y6S zne$e^@*~5JZWATD=i`rnGL2B*fq2=!IhW6XNPm(sGuJ}2k-x2kvsZeAB@T$UzYhjV z+m2s39uko2+rk+kOHiGN_Y*ifQ*7V9cxXC{GmHdp`WbXCg3oPa;`m7E zTPq{2$RYqk_F z;)NV)ElTF6&xhi-z~`^*k>D=i^*Z7;iza}PiUg%)+U3$w0@L-+aQe7^3s0^0ChuNH z9^&((K~Sv%Lpi*mwqATc3OnQ?6I5{pn#3Y&XgnqX92C5a z#I}(HOkhX@6RZ?6;#hUW5aX%wZYJ0^5RVTs{Wgrl6sBOJ7BLUBZn2n%NGuC_IR+Lj zY?ILhdMLChB6h7(DhE14xE3^*i_DkQEW!|>E5sAhAp19>DgjDv6e*n{G)thBhD*ZY z06`BacqZ8-@&iOlX98LUni2)zA1;g|!lR=|hc~c8!rnoRyB#Fpy|&Wapkv4g$AEmy zOy*PRYLA#oqIx-E0!hF%=>29VEvf=Y1YmhWVJw#Apd+T#Efsl!I1@z`4%>Nhzn_YR z0)y9$=of%%p+HlBdBbS+esNvnWgq{ly4W(>Bcz11|kIl zWkZDH3rP8X5DcesC_F5D8UC1U^sqgu6M2Bx2^mkMGDncBC&iq|g~DGzezJ*J6Waz& z-SAF`5{eM0G!+4_52`g1u7!zJ8>1vO1%pF^IkQCUQ3qX!bq56`Jw_7efUYzn48Ax; z%LQ3jn>px_ar|UD8+l#?Mm&-UmmxfQOcCM^fSCdiu^9`pPdW@mLy01ycF^93H@Ts^ zi$n^;Z`q+c4c-Kfub>O#4~wH@o}Gn-2TvS!JNZ!lg%3RuEm?|Dh0GzXi^((tO2dqp zX*c}UI&4+~VpCXzFimVRd5E+iR&15{$sw!E&gVFJ@HiqFe-RTS)1e(9fro4nJN_X+ za|ihnKlF0@JZ3XnZ#2gd%4lFN;)2r}l0(Mm6aNk3`3*HELMQOs~;SRw@WaHj0Ma zG`k^)MiBua3?Es@ShAc(bt|z-x*uxrT=`YaDAgvCbU8t4_laDj%F>$8jaRwvu1L6j<)R2N+x)&yvAIZ-UP%20ln zEXenQF1H1I2rAd>)u}CRXz&RF+dj(TjvAO;36m3*f~boPlv{!E4=r`T1C7zkJVKWa zC1UwN_BbNN@FPKFyi5>6(JQPK=pyNk(I2m z@f|D%3XBt)VUhSi49LJmo_Gh^?2bcJL5-nwen(uz4q)SM0}rp)0PnHhC=E!^VIkxj zad@rPLBIfUtjia)!o*VT{y6*#d3~E1gN)>g5{MucjKD#~GQUTKvy&7$u{uCyvjH?< zVynNMQtVSdXl0x)?7aP|YsCi7OUk;4H|%dhH;|Vl=D_ z$gU8#imBC6@p2o}#ieq&@i5QGi06(PA5NTaXFp1NX#Ad#R4Xv z;N^mVI4}^#!wOLQBhjFfN`MG>N{Iw$D=d_N=cAy2*TMrzv{p2h710BOG*tq^O(aNy*r+sy zl;!YYP=0QZuGOJUao~J2xx_pN%@Rg|2)ta#ASnn2hR7DT)1!PA10pk!W~QRTYKs%u zjtE?j9tYJ_wh6~zh{GXBOt>fxjTu^aktke3F@qqXPZrkb2@aDJuOSFRXl@7r+A_^f z5L?t~hLiXe){h)c`?2$I-D zC+H2kOcafP#4twjJcSV-XYv_rl#?n{;UjXkh%FU~=xA?DPNo8N6drihxip#E?4ks% z8avhuHTeMGQ1K!Y79#=6Ct};sXgMwlR+(vZ5QvJnj~I$!EPSGjsu58@<>(&*0~ML3 zwP8h3C1M#to6jCr>J&zaH-d^niYBVSVlZ3}21Uo?S@bY8Ya>^pjR-;723|-+E(yjE za>XbTK*|y9z%|cu;3#pUK;<=a=w`qyQM@sJ)XqjMqycQ6QRmkH>8x0!RK`qp8&4}h zHcy=@8jQ#_Xbn+rVG;c}hQLMiB96AbAjg}D$*cZmCo&q zQY_F-Lv>r?Vyz443*lY(zEeZza@9@)HS9OAf!W&2z=dVdM#Lf_chMNsBUX&V2dW3L z#OO65+oFVQ3rWl_jf~E4#eEVvP(d+>HjSGf@lrSdIM&Go4hnn^KoANMOaj$wQ}CTp z3_&Y{)j4|C{_rX+^|(sLAfUgJil@aQ{h7k=)NEZ$e#THicqdo0I+~y z#&b*%jC)l^xdxdA2~W<_Yc&MGLINtzZ$@G^R-7G=T11XOFo2Y1pOej;S zGLxggnX9Hdh@iC+*Fk59Qe%z@-53u8i{^6BQnQ7w>@eO;RJPbawH7Qk}{LZ;D8x1*$7O%5gQRoktbIVOy~%EV?e0Tp~(V2;MYxn8;i;T z2^t9dNT971cA4mr5De;689@q0M9^WO@7k|)z*{f^S`*U9jV`_12}Bkl7gHN06ErL` z$s>y!)LOI#S)i&QA&6CS%n_myt$^|(;MFADpvr*?hQ%~Lbls7qphu)J{o|!8c~qlX zt3=0G_%I)SS&WzYk^kXve4rI1up@~3f&76h{eSXf{!cFjgdM#)`0Ix@k$?^?9OA_M z*UeGs#UQf8mS}`1zT9kJxuX=gQ~!E1QN01QOqgOEARUow;M>!l8C;$OGHR=`v00;!#M2M4$C*Um9kienxM*;vCCt6uN z1u(#S)UfE7)EJI#!w?l}6f6m9P>Z%BjsZ;siFhrW0Ss*f=;_B>)HZii4H^g_d=d#M12@-!mx!(1CAqwep0~A0nL1vO1B{fGU&AvcwqG7TpN+YWRN5DpjdA-k@yVc`9-^gq^R4?RD^9zn$rqW zBQ&UpVe}!Ig^9r-JGe!RMdQRYGD{~2LRQ!ZRQ*z#12V-}r<4t82`{9bPzEJZOrt{7 zOcE=gbOf~v77tt;GEd?n0>Ymp_J)NhF2%v1_|!&ikf7oUT~eu+XQNxBUK8I;q6@@M zv?3e>aukv%;3kRjVyjby@(1YzNHtM(%s>!M7mguTDsfSe(q#w#iG5WNAo86KztN#( zgn2HL1Q5k4sKFcX1SdS=Qn}scCjp-=N)9MGARq+YQ#m}kDzApa(9ty-;NIha`INHw zekqe?cMut3t!blX6OHNUM)RkA_a@pumOJ!IEVO0QbpMr%P8gbr8 zVH`+Bd&AHf3M5lzlNdRS%8vmBSGtR#R=6piDAq;wK~p0ULr{ZA4UPodPjFDVNf-qA z1h6_xo1LoyU3;lkA<)K!e!EB!S6MZnIBYTd)pipL0P;L;kSe3ZbW$3XFXPBVMxzgo z#M7Z|3P5uKKGP_|#Dg4%k!P_(7e5Vgs?36*%*+YIv})*f^2;qmCz}(J$|6!38k%!S zILJ6ys5k>TYQW(mbWzY}3~1CM;Q5e%28SO>)0q8qPdFa*X>AUtHUzQ(JU~rwP((9G zZChm=&>^6)r~#z_F}PM6O@ia29e{`-ML9k@$KeIJUy?3h#Q8NWyjCt|knN^0P?;gJ zm39Z+PQ`*`lRw0B8BxF$h4TW|$1es+Di|#2fqDR%5K|MG3K__phMW;T9@)fMb~@2* zpoGX;ryk3}i#1Ay52Z1NBQhe&NkVG{Xq{ceU<8>UaP9-~34;db^x~wDOvg!}P9gEK zP<}qB35h_l4X5_2WJE$#%?AbRxQiqXMFY|Zhc6Zcg6MzZHiHsq(s+@G*n|=T?K0WU zibQoW3oGX10!sq$nH&8vKUFW+gQ&$nYNWEW7*I7k3(7UJ=2meQ%l%PAf^ z2?dsi8TAnQYh#;~x%=un4bJ|`KSDbvU^)KMtcMdN2x| zix_gKEjWSGK!_W3D$pN}!GYr{p-+pX0wpZG8(8uKL8BlHy*Wl~fC29LTTD^Wwm#BHNd7-o$a$Q`j%kA|p3I}yK$?#G1UMm5famZ6MP4uLK5_yNlr z<6EgDu1ZBBpxyeYHLO#TxnYxmMHLx^?1(Bxb}~qKgOg3MLoY7L4J_~e5K|KkFpdBt4)L5i85}DIKPm0S#)yah+F=!+{<+*%-or4+eCkkd6xm z(L#Y-t%vvQ(9R%%@qlMXh!MtuVkknej0{kJAOq<*kwhT5d@3S8N|W0NW&xL}4M-7} z#cWrGBLLAb@w73fSgr$e=s^?MXsaCUr-O?Jtax6M5BL&HL`BpKKl|}Sol~t0iger% ziHXKqu{@8;AyhzUp*QH+e49MXl%lNxGn$M>IY90k~13mgr=<;B_@Ezo9t36d;yF;RU^S#uyT|$CdbmK zF1OojfWCb+K`hW&QGALe95cv$Mu4A6ENZ1+X$=Mg4sKAdlF>nG0?_?R6NnOec*KZ0 z5>b&T3uv-3nU5nn^X3(-=g#;8$5;(i`O%vOP=MtglR7bmC>^2s2WiR^=Z8I>Xi z(4dK9*IVRJ6UBi9AaeRPhQvgs6Byu``fH2|LTBJM_1qv3cp$i1eAV=f}e z3iRM8i~!lctyT#E$>6e8QVpLJvyyNaoEfx}&>m>WN5{Z}1CpbN&5zdl=on3aCo_97 z<}efEL;>#6Z$$aSQM5?nS2N==&>RNwX8{2Zu8kI>M=5*+o!3K<({)-8OKr6Ybb7zr zM{p?}K_1Z8!og+G_D-?62vj{$4&Vatxiut5mq>gB-R1 z-^u@%Siu9dO@aS?tRUCoi8cy{AQ{3y4++GF=;a8!9f=k2Nahn_1;~7&#V#|JBX@8N zYP5jOGmt?6QOFIsFmZq(QT$x14bM>HDS9`W0DZKO8Nia5B88s}WF-iI5?L@T4VnRd zJcMQ#je#N8aQwKC2xz3iN28)W0<~C)Vn^6=t(uHO;B)~3S0ePp z5L5$xLQRxLVRBo&nH@57d|{cK zK!)}#=;$UA?4Ywngz-dSZ$zvQgQ$&P%-5?3T6&BP=m!i|M-T_#b4XBool&!y7ey&; zjtBH!E0Wn-B{JzHNR{|@K+F&sm0(dixW>9D&Jem%t5#zm$@24o~0&rr-&+65jNRf>T*6@%=nMz4Z~Cx-iD?O+Y?eakjsK0h|qhF+(bH2fTyhD5k&#ygbll#HY(Q~zf{4F&jf-BDrX2H-`j(#v(UsSeSo+5*$LzMTd%| ziUg{v7zS|cFfDu!I?M|JHrnF|Q`tI1Z4rLe!%zpIF%Y_i)o3p;_qnW6xak3pH3l4V zQe7CWk%`d0nAH_RoCR8l=!?2+Y&v)|W*{|Dd7;}%K(KkKdL;@#6$-2`W(T<)j?-pC zmbDFoIGPA=0F}=+@S-j>D4?r3LJZzPu*!L)fS2#&N#Ro`Q5pbuAG$&q6tza)+fmqHq11y{sIY2}ha-p@z*gyLG8EnbXYFFCVN4ZOuBHImfE3^5Cczgrk|Dof^rZyD`CvMds?BtR7H(`m3kGZC}XL9kaS4H>AM z7_>$@lo~0Q2o9yjZ=`aAA(@31)VTE_9hD)CBKt@bEsyYHL_iO+k#Zqb&$Iz`BXU_v zs!@cp@LhtKhGJ(pRoWmOPnP-I*Z|oc(FMIyfq*Epat&ld7~%7x#t2a60wHII&H`uz zgU!!!sDx}t>Y`#GIV@&E{V+lc7~Dd%(9R=jY{2RmkO3wxj68g1g$u>OAjT{P^?E$u zW;j~7MBsc6S_MwP0rJgk7T<{0kOTp+qETl+L;%Wguig^(7`-N<%WIc-0Z<$85`eDI z#PTwgHauHFLNLQr7X-P;$U1}3;&aF;0TkT;8qPY3Oay5!_yqVeT||yp3xzP7p2`Qr ztD6*Kv5>HtXBUa1@IOibN`(}@-EN8l84yLOWI4|`@>osB95(=E8GDT3#fd|X2i6U z>>w6GfEExBD*zS%6VPQP>pr>K!0M59iE6tl$5( zW)1JVqGp>DiqVWt6657Mb$Zp|&?)lhxKHasW8`U_W)$rncl`MAkB{TuJ}CC5HK#Ke z`^62M6b9pbodz8`)crnw_mJ1`C!rmUG&DV z(r0fM_8c|o=VY8@bo*J#DZ%>n8Hw=n=9YSUN4UO`RyXh0bXL91lWRLv)1IgO-h6e| zg)MbXSJj)qD{i9h(;;D=dddy#{n5`0XSEx!X)b(`*|c%G7tMBK&#H^PL>{aHHzhCm_{4sT>c>0Pq{*?j;>H_a(E#~_d9UTN8 zXRlfjyEwC6y`u6>$L0-$kAEmfKTj)~b2ZA`HaS06vW+(t?@wruH-Gq)ws`}3HMMSq zcbS;WlsB31;;4Dto9;c~EH2LcfY}Zoze|H7O-vqIoVX0eWG)-pNTN267{;l-QPu~m`u0lmt)_sqPy68YEzNBWj^WS&LdbY++HjGD?0y<2_m z&ADx4Zy+bvvKLLRpp-uTQTwZF+a&(h6+i#VsGS$_jO$BV?(~i9aec_w^VqFd|L%9= z;+(y82khN{{pm+bZ}y5u`*3Zl7wk=DU+9oPuR9U0I!koOG30b?&xv(@kCZ0a}e|1%szkO8EfxeE={Z{6VcE3kOFDAVjqOGS1ysa^HTit`T z?$g-g-H10fFk9tv$^xNtEB2vCu^ZCDjE6f!)-+64a|wC=yhr{4p{?!OZ?IflI=!~{$}g;f)uulmU2XEMFeK@b@$okKtEV!hhF?n zn?q=5m|hy$wD;Ej^pOpE9G&x3b3p(7?(ByLqC;o=7((CQRB@y&f6)=kH)(b0h-t@F zDet@Gb=q)jn%s7WadX-870*x9T$;^Z`^UfqrO)OJtRFu!1l9Pp{q7V)vE5o|X`P9; zmtS>I?-V~f)nxkEZ%fJwV^ep3x-*mfoEIfc+kdRGxF#}YWa7N3+phE({^_9fVsI5E zdDM=sT|%y98~XQna$-iU?9I==O4l#g>G@TZe5XU%$+B~Tt(*;#{ts$P^Q-REL{LXU zBd$G*bmT1Eag)>Sakx)eR@PKMvSvF^gT;1XQNP*f8|~Q_6fZoTQGeDMGiJ=@(MLAr zL(vm%$@H{N1)I4ilis22m?b;-(;pPjP!A>!7}}uc%S_AL-dh%*irS7G_Dr37v8AuW zqfn(kxL4BjSJIEun?sGZEtkI-`?6%g%$!G4c5vo^c=-}3KC)xuT7TGZ=5 zZ}htgi+Ant`iB*Bx9p$aeNVR;1By4UnfmiQ@5SA`vFi84#KZ&UnZ;WZt9NS!+4oD+ za+f4mb#UCHt=RNg{U){d72k)Kg$JxHZ*+gOP>1bQ5zQ<+IZ@MV+{lSj7tO5lzIooG z{a{VQ1?#bz2aDHf|J+zGJX%${>8|h92}N1(!-Wm9c^AX3)5nh9DSKBb_&aM{*L4jS z>hl*4NiQNrn%3=c_UHybe(=rfq2bbPyn=Ej@ppqJ?Os0nmb^06+<4sZiPuC#C4Wuh z4T4d7>xO=nwA7wizGX%4h2+TJMQysT*~Gkaf2ZT#z#Ee;>hJ8&k2voxF)->%^3{l~ zxPOiFWSAuX!Glh;nJv#(l@^s>?3s~&`Erx&>}+mhVuR{QH9z_}2er?CZmW27p$+O; zheJaOw`f!onjgp+J?F0N&qrq$_YQp9Gf*9W(<6IB>U7E2!HL7LZ?7f1-TwQ)eCoQf zQ=R=AtZh&kdi)S&U7A$9+q~y@ zv)-%gcvFqZiG&iX+U1F!UC2yaPs%ZMPf92;HfyBFiwqt=Ib+Qs%A+nF2PpHJ9(Z%( z>e2LIO~Zw<{Y{tBvqC)uh}nKwENG+jV~_V_Q$d6#$`#Eo-Kp ze`e4`4t)PRQ`$Xnq51i_{aY;~_8<0r+wINmrg(;&TPj0to3%aMw$*aZM&Gv4Gnyxs zeYltWd8F^+%I>=wv@4pIqj@p<} zv3ljf-@`F)uU(&;)Z|2bez|_1^r3L)fz%w=#KEL+cN^BcAk0rl-+QFGGiPZ(%k%Z0 z{+#>zZBM;(VYvCdi6gd`A3d%da>1U_^WprmKi`dwl{cxm(nOw{vSH!Z^TM_w(LsqYfQe&A&HJk$U-T+Jn)D7oW*c)Tx_% zny7eC_^oT(7o<@6^(UdW_0#T~7v);-jnr1>wN9T*S<$8L*9umvo0gyQe(5{7YsT&B z`}Ea-jcZ5l=-({kfoBeJ@3=qD=Wvcpd_O#C&y$V`dF}q-{^cChqq53F^Oam{GQ;!b zwd`B^vrWA8r?*7~DXIix>7Rx^+nFYrf&&)ZKS8=V#uOA5}aQcIWt*}CqK&b zi&Kex*RB}M;67{_xOgl!sn;ciYfi$7IRz)~mzZj-kDkDq+MRyHpq&%_+Y$47)9(Ro-RHU(B-Z zAMV|2O}#~$A=$z_ef_$ixcK#G@Y7m@Q}VhCYGA_7IJ?91hdJ{Su`gd=U6DSgw=%Ej za^`f*8$W%xQu)YJ#qSTOQ9gN2MasBx zPo+IMxWj&O?0jkSBG%z-RbkQNN3t#X#1ZEo?$_5XoZ5U-V%qBo;9v}1lb_pr%!szr z2K+f3e8sM!>_4O}+Rqx2zVz*chx>FV-bwGdH$VJ!uJ!PuoYWb+Lxvg2Us$s9%R7#{ zU61)?>YYC4wvUa!{Iuz$H}~L~9M|a+WqT(+8ve5steyVjlGsYTzfR4Cs}C|~J}6lK zWoTbxe_#3dE~ecSMfJFsBU;Wpyk~k^{-Es9HAhK(e7B9>FKcHncwJG^NAzXm(oX9> zp>mea)}QY8YeVK|`TQN{*XBGwz(2J5-RsZSn{~CR7VQr!)B94yg0!-Gxu4G*pLTQ1 zfmc_~hPzI0c->iY>)E4zXJDi4`YyGVdtKUQ_9L!+L=pNlaYzrvyOsScJxq+B=RUh0 z9`(0L&+T@m=H`RWuEH*}+x9olnty#N??C3w7I&*nY2uwh@}70YbFa^R)2HlRhk2!s zdO!Z2Tavmcl$%Ie^6UGnv>ja=9UE!w)HU=gYt`#^33;5<_y@||lop$sq<5uu{G%Zf zSvX*w{$m05Ha*udZ@wwFUFMG-&knS-VT>;mmM>WPGn(<4w&uZ~{!_nu+-bMy(C4Qc z@I4$S*3CX#``4qzuU0j$&8$hk(?|UH{-X5rqSB{Ras!d!6TK>1zg>?vCdL=8n>wmp ze_av2q>Msra#^c0eNfV?Gqg?-Wq=QJgZlF)#HB6S9iJeOT6dn z)Si#+i`@D?XREGP?0E6&eNWve&-4Yg6K-s_lweMH@toVQoL76FA|7HAp2qekQ$7`{ zQu=fyh9Z=j;>F{OmTPN{vJCm@~4FOo7cak;l{fSsTXeQg^yk4GgnGZ z9G`!zR$kRpHKu-Wtfb$%j_F;f?WzfX4Q4loIHdIhB&0cX=Ju&^9blPuy)&}Nm{R?v zU$;jU9cOKP|5ns9w!bgM^J>N8n^PJ03NBd$%~0=4mM>oTOR@RVm9xb&XO_y>%vMFI3F6p#86ZgK_l6i60 z+=cqEwVIg1RXB^PQac%q-FLO>vUE>s`>v1N>}m9jB<9Pl9K(nP*OR}V4;TxU_RL7) zY##nwRk35N*LrR6(J#zPjn?hS9(6Cj{e+DL4`WNJrV{^3`q$;B*Om0j1{Z6AWBRs? zlY?5PRWBGwqU~FEuKkvuKOZy|L>x>|8?Apt5aZ|%BbMtdgZ>832 zlR%$Bl8=6#+VcFe>~DJ^`m4ngzqZ+h$?%s}b}m|NdslHYl-`J##q2kic|x#t6At#E z%YU8g4MC-E7sRJyGLt8M91A-)190y}rq^_p|E7r7(jc>Q&Sa3A`9J?CJoRsXC3* zuPS=M@1NQ-IlroOXVTlwdtgQyuIbW*-yTJVDH9CchUqOCodPrZkzr1xk4IkcY>BM@ z>~yW+Mi;?|H4*vJKyxL`;WWYg21!j=Jkam z)+_S2fJ8=qDTJ86QZp};8}5dia(X+nUb_Uo5XM=`+r?+Mzd0Aa8DFevcxwf`_#xF^ zfTabW9&HHg^LeCwb^ZK>MP$j1HVMIP`3rjyCIPWbIS1MU!l)j}fbrg-ZT z620z0@#t|Wo{qNVoH_N(S#X}39iwXddzzP>%zuWdoxY?oy)IU~v0@$`7U4Ad)%Gxu z3I@8CGP!zv9wb{Vqc3zyXwHJeoV`4q-UlwL0v2y)M@gRy)&vcB$_0x!DE z`eWv-dgjf@A^*^BAJ}x|QFzxpsqVR|uL*g@sr4~=1O6l-51nx6A8nD{BNfIf7N)(| z)Q1=N)|{5Nv{T9oHk5z9?l4|jBKVl6|1kO4!!AEwCf+t(X?tfAv!=pRl-EahhQ5E! z?{5cNZ@v1{A!v|i=(nreV3-Uhk{()|bVGiI(5bq%ZI2n?es78|RkD{1PMmSrH92|5 z)Md77i}0y~wV~0wpWR@u9(?rl))gBM31;tU^Kzj4Sho+F5c6bsU5g~)z0u0+WoN)Q zfAQ({!cL+dx))m|4^Qbj^jtDxJms$KPMfUwu=3y2B2MbF&HWbPBYER*FzyuZTnZ6( z@rCbq-n}3+nUuYtx^2gX{R=eqnpQPmo49!9vwKGDSd30<`8q`HKVW3R^8TkDS18^V z9yBMaEB(}8;jw>TEIJl!`D@Luxs3jv-l1d7hh5ejzfFFzU*GjhhvZ$p3|XVXE!>ma zcglBcdK`dBTP|za9#(Q+$e$jCNAcfF8=}=Qtw~-UbO;-$DxOe=imk)1TFN<_- ze5(7!#Ro_0rp;Egxin~$X!wy>i(fmg>8gKKe;#sd;o4c}I7?nuf6iKo+1UR{y=mfX zW_J=Hd&c334L51GbUd|o=JtyxGukyh{-NKC+=>ROM>|>t@>i63^V*0XOiKT~;A;PA zl6`W`Uo$5v$Mt^?EF_bJMCXUqAJP-^CJfu0cgWSgdR+8n((SDUJC~;aYMDOjWJaTD zX%EhRnrK;!i_NhXgMH@2x3+^th4LZ`bU0;uk8$Z|BL|F^%SsA~%{!y&3>`XD(rZlj zbXmV(@lVZ>Q2F4@yN; zsFv>L)FsA&Uhf_It3m1pm4+R?Shdt>)sGGxV+$x{H?Ch=pIc|J_7H3AZeew8$(jql zlAlii9{~b+%th8d>)0gXuoiyWtuMyaO^V^h4Uf&bo$+9F z!L9Whuhc@qr2PHa2~Uou_fQqA9sNDyyxP*4O#S8C~Q$GSh$JUhT+- zhwSJxBPY_QRUWn)MzzlPS>9+t$>XUImX*)vJ^FCymaS|+!*PnvCGuUZyA(b=eML7* z`gX|Nw|z3orKCfiPRbvGHxIk@zn(w-p1qHCJFzk=t;qp}e2=2l*crzRt4jYGaIs|E z$@X3A{Ve-_w$abRGfkB(r#+mp-*l^+SUBVQm}|wm&Qw*JrbNGgZ9?tw?Ch#(6U6(B ziKO_ASKk+Yx?8XQ#5bppXS8|^sGDblqQgSP1p}FaH@lnsHv^=}{eQ^-dH$OL^8J$m zn!2b_RT<_L+F=-Vqfy^s1ls)VS>K1v%Wjgs<_9tFnh0zl8*JRsmM;}ks%Ln{k00N> z`>^&!r!p)X1AhP1-Me?UJ+oz6Y3|DdvyfEsetb!uSK^+Y zJ+%1GTifdoZe}q)cRzYsS1_zK>>G!sk z*m&bh{?XzepI(f}u9m(YA-FKFOVx&V1?QX-J0J9RpR;`TynO{d+nku#PWAV%aJRFC zs=cT^V`+y2>Tu~r)U(`4Cfvb8tZzxn)#!x~d_uB=CJ!=hgX5a7;UZA1vOJ-obc%-HN^6S-GA+ z`40#?pI+(GBK7f<;g|b5S8pkZj^D~(*Rfqq_)XWuW1A!+77Xt9_4j9YyT!Xlx2bM< znDr~XF7f|0Rn?{7$;3HtcOMaQe~s;4a`n}V0_@vM+is;d$qRHCdZj|1vqIF>v{kU-O;w|Cj`aq3oln(Z1qSxdi}V$_q&f?z6AEXvhT%>zIw*B3si1ky;*zo zk&yc5ZO6P$(^$sB*_m(GT-eTyT&&x7(O?sIM)9PjX78cZnWsPe_*MC>+1bd=Wvzd% zA~l(?_V_PZz2uaUrw<+MzX%c)m2H-`ID6FA;z-J~{BS2hP0DZ2*oL%w%adqHxKjH< z<;k_a@8=|t6G~p1vZ_}#WPA8cA79?FsOp&LBzNV6vOX%st`Dh$y!hYq27N1B-f*)b zrT@IcuKADz`_iHj{s3OQ?e9U`mv%cgpm>tExJz39w*7?HI=npfk$8TMDrKMk@gGm} zf<4+P-E->{y~=%d)Zcr7yJ!~Vue=a4(e4>DD>EN+cK#6luk2T3y7t?x?4m`DFU~Ky z)zXGF>gTq`XI_zoCcVjC+WFxD!nEP9=dZTEUh^DMQ*|4TwQs%mKeA!5bvFfT>s@&t z5WL|nTH8y~$0#e`cPgXn9EU}SO22cgeq4(xz1c7C#`}in^4yGTt@38H^3b-d%b0J@ zx>dOO#BJ=PnlG`u<&E(5yQ;EUCX)^*UJl`pN{(dvz=fK;r#k^!RBx2OQ-jNbXP0JWM+p4sVh=Y z1DNiUPftp+Bv%KN33_~Bb}y;+*3%|Lm%N_xeC434l$gTocWVS>Nb!1Ueut-aO{xI zyPa@!!;rL5$Br#{`#ZU#GrqTIX7}WdU-Yuf&$7O~{+Q6>>00MFQlmS$zjNy>8(uD7 z<+{DA(e@T4b4NIq?;qJQEA_zBev~r})a0j2lV2H4o4%WFEKaQlLHEUlkQl$y#BSU~ zKJ37%p1kMOJ-?}GQLy;H!>j8$@dx>Dow?DwX?j(*tnR|nC-WAWhpor`H?2nKY+wAM z=6rFZbQxp*AGQcO6-Z@0NlH#|1*P@v#lxl=@@a}Lh02riJkM_ zUto^SxEOIO`Iic!Z32a5-vFGyJ1$~}&;z1z`6y(nh}ly!epku~f4sOs9I8yEkCM{h)iaa6q#%wABS z8#z{DTYt0$HzQ&_GwExkaHvzWzc#s3p``sX&-tmB$A8;^(==^JQxxQ89$x%n&G5Uy zc9?UX-aVPh8I$H``c0FvYf$2C<0R;3NA6*JjZkcG`m*cW(glq-&M43KR`1h zxpD++!X_nexAjGh;*#O@&wulDvweB1^Q*RhuLV>L@xqX&*UBX$FBOd48Pp73NgDL{ zd#AnC#0iHUjLA4H>a$bpQEh2|wrX+K$9t8z;mW(P&P7ead(<1#F>Sl2pQ`-n*>81D zT3B5CPB3F&VTNIE0%YeRbqd- z^2M~DXN~=PIc62VO8k_tgAo@T|9b8bZNdw;WxB0!>d`Jw@|-8y zTyVgOR)^0%k?hE7@saT8bVuHeC#E$}-8ud+iMmX)qH=!Bvcxk!PyhA`qwJ}_aVc&5 zLD%$N>ju?Aw)*c@g_-9i+qHtPe$82H#ecB?Rd1%xH=as#Sk4o<4esS6jGy>%=!w+E zuLtq6hdcXAuT4Agv1HxYKHYN9P3YFrrD>KsSuv(}|DN%eTQ66?uM?}7`*+sX`xV{W zr7zva^sO6^)4!l<_R~WB+Pz6-g8SW$E$({C*=*Ehb?U`VYdT$LJinFPx#%D*r@~Vh z={0P5L8~=W`bu`pZ&7pq{e>yn8IKFbjLmSEztg99ZhwYiqjTV#?8G%C^yh_t)Hc8T z2fgk|$e(0IE}KRxkZms`lH0Bx>%g={WBaWDCZgdbLKG-;>fp)8LYua(v#R?$guHH<*>vdPzt9xRJ5HH!XJ# zS^ahIzWF<|(l<1}urhnpug7rAblmZCsrSWO5;kn@?ZUH(Hn4kdzTfeF`MPl5hTNCK%8LRW zM>tmKMonC@^)h~S>0W35ITQ12Q&8WtcisBNBen>hyxFdGsNz)cB`W3lHs)M%>9~`Z zL^NwvkI=7OpGRd^uiNo){h;?b&t=ckYC9q@j{m?ah>Kzn{y7d75Jyb<{iWa9+;W*~ z!>Ea`#wPE4oK@B}d6KZ%k3JdOZG$#{T+wUA=sAP(a=JEF@H)&b+&Ny`oO^$2P9hfD zx!uM)r?xmw%}Kk{xx>YiO=ELJJ)iY59;S6E|T&eB+3y18&G|x62FIyz@RB;q9p5^CIz0hF!NTEnED4!^oXeQlsD9 zy?f86q0R5p@reuHbolX-eBkZng`<}KF?-{oW8d$zYkQl-%RX`C`yiqG!3O)_IU{ab zJ`KN298<4owUN63N%qJfk676LAYh;7c&Zn028}&w?7!VNsp@Uh>dG<4-$st#EQ~d+ z-kz{@`;(okg(-_|hEe%{?@0W3^w!e)$Lbykcgw6Cvwz(=?S1uz(M7h~u=kIikdUL< z05$)UwYR5r1mDlmyGP2q6Bj1TNw`SOH{{+wtY)T}Tpc zV@Xfk#H+e_&4woAeVe%KQgr*y$%l&+^@_Gf6`gOb1;ESzP20=?tuHpU)-)Qj;OyMn zC-ZajI;<$C*F7u#cg(Ywwmf3?E^{5;wPN<%dXn}xD_gD3>(}95?9PBcJHu~|?N{dN z9K#h3XpncE@D1aGbWm!K?7DF2)81jWUPe-Z{(<^e5kEt*HzM#=96MHEnVhdkM?c>_DttRYEzv^Vv-Iac^ z6c35mQ$Mc0+m2ke?bR)(<$s+k{NhYU{@>5nJp0k5@_pY^cexwpSANN;tsW`eQ7{Vu zq~LKUr;xx8I`pA$wrCQB+NTn$BSkm56;{7+B# z>}q*w^ZzCew@lt%mKB|tJGB0el+P$6s9O%anry|JjlsI3J{@b_u0&*ctT)#6~)I@yx}>8+$gm-kBw(g}Hn84PM&@8(u#eVuk$~zXr)Yx92R}5k=5E z&e)gYCod*K^w`PLs^s;C4$0#avf|_|04b<$+hhCi6u=yHx!B{*6x__(>kb4nb2a_K ze{xDX{tnyM3Mg*sOIN>sM}FLnaYcFeUAIu9Ch3lT8`gF!YI?3=9)5~R@Ro+!d$ktV zUA3ScJX&|a4SrErd5Nyl_f;4M>3B|RO3 z|74w6wP`Pse%Mo4b$ZF2$oJA6FHaO5Ef;rsl9@QJ@xYk zbp=Yd`C(`P3vhHp>mdm!Wx};KdAnZzcym4wOnkH8S;yD=%c@&6B-!POKLm&q~?;PnjXL;6NjB%fz zu!s+QJH@*v<@i)N*48f$Y~`ME)La-d4t+weu0V5WL>R$Fb^64_czMr+O0go#a&y6ZN;U$dB_%W+vc;eA7 zf-(Vm?C|icn$BcThvDmv=>R7LnL*~>$FEW0%S?cUtSi`&8N9h?p!H8zvlL6}>zJWq z*2UuwQqX~Ob)FoHc7!mBnfsy#l1y`tAGuI5Y5jmP+v_z>A2=>l@dH2sd#=8^Q2jb> z5df@uEOj5S<6QHPDc1$R;LCrO(;g~PzW*Q0y=7RHU%U28cZqb1C`bxOw+JYRbax3z zcTKvKRB1^;Ksu$FbSoj9lWv%kZg>aJ|5^K4YaQ>gkNt6fQ3SmE9^)G4^*hfwkor&& zgZO+xGWWYZ>H{*muxE6mV{|uLN6aJ~neIwF2|^WGE{A;xRi@s3PnBCw%0S^S5{mIFEV!OWbdQ{lGLE=XnG-s2_Xzv>S zrHftdLh)O&rq>0}nVhxT_X~%llYSWc^l-hi$&0PAhZ@xUmRB7;XAVmh5H@H?=y#xZ zYP;_v1JJDNGwmifP}(+tNt1Fou7n2M$F2zLhbC*!(I~6lTNYu=v$)a=1(uMI2NOE2 z2{zOPmxe43b-syrnXP$&q~I%h{$ASPaVwq4D2;FT6{E#=b@Eg#?{3dKDIh&&>z#bH zo%}bv#K_UZ{b@(Y2bZXT{Q@}q6p3X+bv-*A@E_Ori+mt$cfcs6@ z{aU$Wt^G|7;`Bt}_(tMt_)fytld$p2!+3<^bK%0sCqP1sQuWu8yW;VB?sE35rfo`3 zy){*f%Xp;WvAkAEATenXt1ry_N+s<~3pCW#%7_oio&`>vqB^d(+7IU5E$~8CUI1Y% zBgf**FDsSG?TAr9?aW`nY^{q~SzBj4iZTL-{mzgEtJTNMt+8pasZ$O_NuX)49D$^# zCk5o`TP>d#VzMGmmxA(1*SIDoCg(*TxM^TM7&<(bp+k6F?E3ulRgm>;(|UQ&gF~Ub ziz`N}8+n>JcM`2qgBU(YQH)%GL#g88tUfQ-5!w9;)g{=W@Y^N9ZkL};kRTlY>f#f8 zXXBB6+fxM`4Fg&+%SRsHv+JC6X+1 zg?k|kX@x85^G{P5bVPS|G&|>l$?Jo>t&XTlvsJ0@#S;!G7Cw|Uee}rXxi2@OHSMOu z1*(r;Y+Ln+TNe(0t@Zr#Ya@9_oPDNFqxrY`$kXJ^`kfy$xMx5{#=8r>D+~Y<8ZUsl z8i$S6o&#|0iF%l59VUuZ5j2<*+QY7oiK2~8p(=BE95_ER=!5N1eO3y8kN@Fbv;(*H;DdCjfIA^Tcd|1`mcqU*FL5x5)~x!AZ5b?fdr4rI#PK zZldXt-SSi&)vdMdr^I<$Pm>Ke=nCVjtA)a!u#qoW_dXQ$bfw26fXfvS=Prr)v8v|2 z4JB~5<90iID~P`px%f~{x!BR^_laJ>2RAm;!>MOhMavvH{lD_zXw~-Cp-EguS+GTM ztI0yK30v(@pz*bvjhV-D9+1mz2w1XC*y~4^!JzHgvb1%0RG$FD@~j8f>y*T0edy&< zkW9JlxT(1Rt|MXm&5os8TYM_#($#d8<>ud9+@PSK&!S$3M*UAS9MqtN=JweEek9KY z&htY3iYyh|LNsP8fXwo!NqNh;SF4x=l>>QW)z83bP5t@RmsGc3mRI4d>Z32kDnBY) z#3PAIPwe&rHi_gsLky%#20pI6oTw43_YiqnHjQ5x!zKwjF%@*-$D&l|YNAHP@Xh2cB>j9VR8PZ=Xd_EY@!7Op2waWy;)=5T*;ZBYx zMq#F;g)B=~of#!lf-w5gT1+-KN&u2bRIq4Q;&r>)j1m;RgfgKPqnQ^3%TLhVAl#b+f6DFg+J|t8EJrdt$yk5KHeIf0z`Dde-x>MndV0 z)0$0_*;G5`s~Vc_U^znL(PrBBR~QVIG5S_x4V<$oW7E>T?tj|`aqzcaywX#!`EBq# zmHbC>atoDKnUU0$y&bp7vH6cT>1566jU63!#2>EJ)PxptdI%FXW~+CCp7~|$G8_GJ zOvk9=-IsPnh5=5$^BbQ{x#QBy-MRXQ-@ku<9rrZ4wbsdqiny7@7=e>a4T%MMD7r$T z#qd){nz;r7Ew&!6*&yPC!h8DFRx7Jy3v_X!gmS`L9eTJ$>wV;OE(jJXu<4pb+I?=s z!%po6P@IgVl}XN@_KN&l!yx{&?9V`r6rDfV9r3NnQqJjTz33xt%%GWvK1iwD z=scL8MX;_`{B@T?%v{i3> z*!r6XhF+{rJvZAhHO#@sD|h4xujo{fVOsANULKnFRlpbNrU*Ab4fHrHuJ2KM9`Tb{ z$R~A-<||P^ZSM3i#TsYi0^tM9_KY%zBvT$%T)S6ii${vhTPRTQ0N`0#S~mIJ=q}EV zaZ#jXvKUL=-}N~E%c(&QikrLk&qJ+-`k_xhT2D9AcNl<{GnlNg=wU6Ef~l1UNQR-J zZDWsoA9x<)@c%jM8BB;=Y+NIPXGyt-zWVf#S6{^_Vr7tCs5QeB#iy{e>>ujOnZ6nk zYl~mRDJBExo{C4t7YAY*7yY~!3r5sh!If(>R5soZwEPtk(5 z^vDM*Ytv#{oNiwP=bAQ3dx)@wozvOJIRb+~9r&DKUOk`cJrN?>fekr8v8&8hilKBj zGF~4sA5*QAkU_D(fyyvI9T^s0Tf9<-RoIs;jjI6IdW!@7;!F|RYKE_5hNr-1Fl(>A zl)6|2sJrAE4hkLTb(NWSP~V&W#%aLYN_G&;pXV(dx6RvTIvF(u?!AgQa$aQ%AXqzW zb59o8uKr~rabu3DcY0+c;>(BvVQX3*SxX=@C9qbL2--+BzP{J7OuW4BIQ8sFE|hOr z8K{XhZX>m>sjDq=86B!6F4jX`l>4$D!Ig77XUdnC%?uf?8Wk7yP}cw?w!$2{C^Q&8 zlqTdLJeVPYpZUper2XuSUP3w7T?p;BHddtnjx2?p&ai3NhtR#%<2KxDm&2Ia8tWLJ zq>M#wv9P0))^GSyuMhmW)MGiDvs(qGHAyxyg?&&GX}=v@(c?J{ zbXj5Fa9DfpNgPca3Pwn#m=Bpnf4qtamz`mybmYFnlK zDVaYTxSxuD&6oc}x4Ff6GbNj21^St$Y`F7iET?oEo}-qpE_6?(gkSO#qbTSi-bC9! z?ZuIHrylo(k^+64;OX|d(kXo*Mx0nMJBhkQ&F)gKqY}5z@pdaee*ffW{*x(!SB~!l zFsfO=%NCKY*UR`)^UU(;aZx_#dMZrP&M&eYe)s;O#@@xI zzLf5wek3cPSbcWU8=%pINGO$=EtCOZV+r))g{Tk@M8fx!B(B@@V4AzlBQGjNrBePu zwT(se7wKD{l-6cU50#uYm|*1*+WuT4tw~!hDX zeuP6kV|IZkFvN7XC;l>W-4-Ke6+Jpa_H)Wp>28?rt9;J=%}S}7ZW{)(teKpOqV~opx z-KY7jSMfx2=KEULXwU9h>{ge^_PUIKN5S8`ja26C)Ee}(iX*0$&dr@9$EZCM{Mvvl zqro+;8KTxWk2@`{M}J@G6+mpVRBe|;q%WgbG;*=rOJO}(O;#5ucpmf-lnYfVMPcX} zVuXRC%9!T;pRrx?&}FATD3e0%_Ut~h$=OFa(S}DRab?+&E4Wr|5nSyPJg{X(fwjCd zhqT{2+wecFL#=Lsn37H$$C`LuRN%lD@Hxa z#o*4_dwMFrZc4Lfv*`2e9kP6(65+nl9&x7Jctw6sk*dfCSTxG-ZH&Q)VH=CId0mF89i<6 zX9q+cy5G?${@)+B4wHB@hKRO~tERKs?G5e|dOEt8&l^f#czrni)DI8G6@DnDl3_n& zirP|-yQ}9U(`S7Z!8ZFz9jbWC6OT>x@t-4mfdwU`6-Eovlm1Y>qUOp0EE}))pW_~; zzkfabRXa)r*{-DsD4EGZ`Tt0xPd(mHOoq5(!zxnh|I71p!*Z{r-n_bi zv2>e?d`C~dI)hunYe`6s|G$Z#z)xR}XD@wj9PoS}~FYy?tERx@Awu-Q2 zD$_L)PNT{k2VVzizR<8NFUqRZrt*D2>M8U?nte;1dS|No z+K&^bv-qEj#BIYa*ZCb~9R)Tym<9k&m`X9k!f$}Od0+F_$WGYKKUCa`@*ZqQ_W;MF zYx+3CBvO-hxUkkGL}2R15Z)jWX=o|hwt#^f3tJrAlEK#_8|ny7)w;Ml{$TBm?lg!J zdT>30sxRRYVH9^$l(*$HhPhS?EI5w1cqqW73V43yrf!{iiUA1o;&g}4b^q2PZ7OiS zU;}W3urRYoM9U2t&R^DcY;u#`)NBVCI=vSQL5F+t(;^@f5JlDDfAou;{O_dhldC^&c^6HF&DkO#^T8UM z1V9A0&UE+w%;IlLp~D+P!}E5GE$Ku;Up=pGX`EQD1SKc=m^TuJ@-3j~vln(t`>2d1ePZV@1r2p4R3+LEOy# z?fcZAEU9)r;mWR9OEgw3;f83QfnfsklI&D|tkv)WncXhtA#VI8zAo_CQ7R9NmrDvv z9@M!mV?i)Zmmkd@Q+|A!?#%;H(ymWuTN>NshPtK9-3vN016thx1|;EBLk5~@0DQee z5Ng9l_Kq$Zh$x3e@z~1+C^xr?ETBLM0JV8=;YOlZx^j)T9pr{M1~^_<5Q%P}WrVML zx)~1Kum{@eI`e}5WcCK4k*p`*vU+~@z0TlCm>I%`vW*pnPc&b#S)>A0{my52OcKxD zfE-`MwPOb8Zp$rbuomC0-w#mh{Db=JJH$LQfPmK17A*zPPjoC|7gBbVd+*z0|3?t8 zFqNums<5+Wfcjkoefu+;wG!~wTju{w1GG6Nd2QyZ~Z3($M$6}&2V4o1!GBz8s?=I= zVN&J7Ly0+hsf_~P#^-jkD*8f{#l>JX?1S6P(O;E_cKn1@!))paOh7C!YwBL9jePyz zlv)AtNYNe!kME|Ng2t~xR41jlUy01xALTZjYOMv z>7E$x@DK#EbDW3$t_*(+BPz+@LkElE70;Yh|JtP$9ixW9S&{n1fh0%vv= zzivj>YVXjf7@?7wAn2HlsS znKuLm@tR?n0;P`>FQWv(!=|OULEF%&fdH&u>pzTDccxrT`p>7&6~o?IEsWEFUX;sP zVwS~3#%OOMvxM|w=wfg(Nwu0z{T`5O^XzcLq=Q*08qFWeYZMT87q@iUuv1OD%GLVI zw@wex^XX|H2%*8Aspd*W?h}+384`=lJ-v5C4>Q&QjPA3bb)}UA=nj|<37p6!*a!VJ z2bCSSuu@5A; zF}O$r3bpC<7v?j^b*z~!{O zHrhi&u90T*%a**&{iUwHs5{pG#g(}v806;W1@$>0?)i>LmBWOwaf-hDyZTJK=#6h< zxh4(}X*7SO|MV;EgODN&Zea}%p!A%Xq7mMj=?I6Tnq9fffBRPX85_QA@^wd+J#stB z-(hyU#FKBS0iL=!|52c#1MD5g1VM1`CI3X_0X!EA2!<)Ia5{MZ%EGR zHbr9hh{t#=hCYRSx?S}z@=n~ki@TaWH1q2+73vC7EHoTdlwAB$^g45`1w9Se2-|Bu zjIcP}H=t%;P5enGILuNjQZ5qzS(yT4-(Q&kQV~cm{57^ID}_9Pc8vy8uNczF!m8oI z?d-m|O@@kT3yG&IDWL!hKvY)Bf^E)sz)g{b{ykC*1wZ+{SuWG9RnQ;207jXm7%7rgr`6J;W_=w1e+m10<5c%+=DnCBM;ZVOUZNE=r zA0Q6AH17fCh65R*6VtZK;Gz}joJ7CqE076u;M&-if8OGKNfB0EFysPM5xx`$upDNz zU_0P@SbySvww}rj?f~^qzlS%1v17fauMQ@yW_0cRkH;jJnzf?NKsUqh>-RcC#vZAE z89skP5C2W7QEB`pE;a%DjNR15h>R-=tU+1j^4tzR>H*YxBNB)=E+?m;nTw$3!=k++ z>;c%Q)B2))lwL#1$vI#@_YGQtUgi!sp9njz>5U(iuo|16KP5z@50FpAy^W^ZII~eF zjZ~VK?K!+yYBrGoErdvuM5O4#HZhxoCG_;%qT7Lu&su48NBMxjg~P%a&1z`sye|b4 zFQer0Y=uUAS39jFm>uk0GaO`^?%K|VLbH=%=mQ%K^m0oASc@k7*V=zx6zOD2#y-$L z`60VtQ@D5q7aI`Z9jD^oC=~luqOe|Z=N)jCX0`GGz8jSBtG|+VB~zB;U~^EhltM1d zq3|X1<&l!$+vL)CZRAd1GYzy?C&A_H!&M?RxD++2P@Sq_C&J`MlL>UtEid34TIJ5q zEGmLr5!7f6O7J7*OJPLO>(mb+NhKE#|*HcZqBct;_5sj0ILrwsX@ zP*m>20d9(3F3uji*bei)kUh`q-vnsa^I=Om)gSWs|DwAhXfANLKSmkVgtE=pY@C}O zW!GbgdWY^YJR*cUt?5+Ee#%2A;_m5}P@9=c5=ChJY{%t-!|K`{#cJe4YMO@I2XjRD zO+KAz{}ytj>nNsj=9~8`CNvcD=})j=3vXl5E@VGjtJ)%R5R)U-(xrIwoO*ua@p|b; zQphO2T)6XvvB+;)x0#tm;8slr9`z@d`^&u(C$=J#l;t>2*ls$YCY9Tt#j9x-Z%>Mz z4+|hsR$265rLLbh`tdG&XKJYHO%faa8&q^#@HZD#Bd1T`9U0lT*z9F_TuNZmFpea; z=xFh~3F5mI7j>xg(HHikPzyg^qX0_dMrbTlk6_7n)23!x$a1g;O8G+ zj?Nz+YJ`VspCaa4rdxhG%%h)_*d>r2bo0;ieRFt=P!xw0ih59P#{i$Lv)|la@l^Y( zTZr2cjOckV`5nPGvX5L#OB4&=pK)dH@h)iD`TsCk?H909dM%(ELH!)~!*0D37nk1v z|B@%MVQdEuWJkr8lC==!03QZlXqGNimtYGR`L*dTg6(?{*)m+7% zNQ}v$qm|O$45pwXoh^yGT-De$AcdMiPE~wcrp`e{Xt#q)VXp+#=-oI!TB~8x9{1qeQhvh_ zUjd|O-%OD~Q3;hrGa|BZ&~3(5opUDVypQ!|4MCxPoOrbv#(bUf+}P%NXltfv6enk; zQq4Kr$Czbx9N#+AhfZoUxzS&%Ho9HhQTHU( zQ}5-Wk6I3^D2FUli+7hUetZuI5Ky(tAWdYbq#8ka=PjQ-wUH{i-x37hh}}ODhaJa< z>jR_NPU4FAO66V~Q<(SN>BR(^5V+ zNNBL5(?~qZdJl&b_VFXp1io6~Or65_b+-7wNAa z()eB?2y~8CBN6YVD*c9sdgWgl%|ys%O4R$LJ`y}!<_~%~^DC%np-^#tqar%V-OTIY znA@j<)WPdVDrN)scX^&YVvyWGcm0JSu+j#_!dqC3u!GWpa#%T34eN%P=P$5keUz(Py#TdGz_2|B4M67J;yLsi6(5vMt zmg$R9>FsTL>R!K5(qM#R0W!^u>gXsxwn>4Y5hsc-1dz0Yw}2|!v~8&g@96qyLc_F)Ac0y@!;uRamC{gXcOfI(l2 zYnpqLY4e#NI)shv@wT;gGvU#t4i-jrap=};?7{8UUq4pIwJ~n?rH2&UPV?Ac| znE5(9M$I9byX^~Dq_@6>R70`0EY&Occ9{jhG-Jb_Ph-^%NVil+=Q{~LaP&hJQbW%< z7k$Qle&nL~^akinNOLXzMqU(Bg1_FS3qN8})L<{KjVi#ssK1YDy0;n9eq=GAxOdFT zX0}r>1L7;^m9wNih)AMM+Lni92RPj$X8IRjtyX03pQn-W&)%fx{6B1yP1v1)G-E<=!Cb>5^}~dS6sO>FN3ecHqQVJ!$5Eu<>}lRkGt-)~m-j$#p1)VG0kG z%HMLy-Y=@zyOGzB{zXFPt{y66=LQIi8%$m>oEsWD6s)l1iro8M-~AJ+rdNvZq9r-$ z-}Bo*Njj~iwKh@bixDvg`q;r%!(e!8ZOlWa`A;Y<%D`aFNvMJ}d;;Sh8AAY{$pjDc ze>M&N=@j$>YtFT}RR#}{H^yvNk2$lGWe8_5F+zJRC zd7UXPChmI~0^Fd7cWSxv7S9jl8D{R8@7%D4Ffon}?yFI^bV9&+w)}X7BzB*5_OETJ z8iSw>#ObN5r)M2cY3HYhIsSLI2n6E!PwgiZd-s-lRcV8cjKrnnn}5!G+DMf#fbRYW zIa56GQqLsE;cruT9krQNw}VdA!#qJaPxaM38Vtvbf31r)*z8eH41FOIr)?3|}>9A4f(nOgsOGEJfodw}7&hXb=bU9V)H zNRD=a0HZg%+Vx1x?hYNtdp#h@>cOwc-)j%$xbyU=*(L6XKyDv5$p*W!_KrYzhqKr#9P(2mi!MecIH~gQ-xk6gF!KO`gOb)@OtZ7)$L*VUbPjC-% zu<0@RIXfY1cL#@s1T9v-o{lJ<)Ia-tlzErl0x+C{+AEW9RB!wp`zXtI=OzGd0RXQzZdLk&h1NPls~~kJ=QAz6cv&xYCK@ zkaAEtW&l(w0w3A${CWxX*3JZ-EnG@_U*rMX&C|z#{&7rufeHu#v-22zeA>ANPA!uw z@3$QQEyGI$Al@URim#iZ<}b9mG?sjTGX)Ez|B!_eI>54uc06O2ZljB`A`UmvZ645_ z3eEWaH;NKCegnVrl6}|ObN;tTGk9~KiI}CMHrzTxW;p16@0mtjN|xC(5x-My{)LCn?do*wA`+^OGi-FV=?*dGh-QET=1vu?)?=)AGonl8X{ zofDr@miV0Ad!*~Umhd$HAYN)EIZ;@T(kRi-$pGt4-AkoR!qocYD;$uZ=)0pCR5<_d zG`jOZdi{$Se283dv{OK>l6waQ;Kk{qDc%w0w9z(Q>&Uu2x|^O7_B5n?8X}QxbZ8@tH>k=LVDUaRds+ zkJc+fddH1ZS{e~2Vo>AC0dQv+R**T!NCL(X`TvX|a*z%I7I6(=igoXq@(Y{fhq)_U?225)$CK;&iqm1*&D(!MpvDN>jv@rk6}LF<@P~mUKh3 z_C~^MkyZg>*dF{^tfilC^Y&W_1QeD(1teP6$6+<+0!S|_k_CRaL3=h*#0dnWh z$x>ceNZL#-?r06|niFYHLYWRZSfR>_5PqX>Bhm-P9Xn>=XT{Vg5I`FY(K9B}+9q`;`D+!T=yFU6kBl!EH8q6|meY%bI(%mA z@BrM%k3aD`7b4zUQzrN7HybSf6duK&sYxI`-1sikYU6Gh;JM>0p-#Eg z3UFoeLW*|Ee%&C&L>3+Z$=C5$s{J=%Elxa;1Ly!$DBor9fF|1uj7k&OMi}p~1)Qi(n zgTVv@=xH5T{%M@)aG%m{^1pf-lpYe$2>IiE-M?lgB47sONW324@=>QdySz~QwUPvK z6ZhmdqMk#u4@&|ZWJqs8P#J_>qu5B?w>ZRB1Wqk=;9fRsgO0h%j*#R z@qU4enYjFGIES0kKFlPOukCD#Zf|T|ZT_0j7Oy?5l@c)zNj}L*8>ACUUeYu0e?itY z?(i2+yZS@fHT2%+iE%k-mgx)O4|KRGfQ^@uv&M7b?zr2X2>gs{GKO zdhU@pQFTB6zx-cs$o#*7Mqnz61n&B2VX5(9;P{m770}@A%Phf$U`DyL%}$mnSGc3T zb>1XiYuMV`j|Q1sKpz4I0$bh--Z!dY`}fHG`50}QM5R%VpB2N5TL?SVo47kjwPH;Y z=(L!AIuis&c4-hW%Gi3A*ySRX;9a==6~p}QBOdHWY=ajGhgJ%oj?>Z?=ij}E5^pm} z26>Ie+A_mVAd!C30Zj@4;s{!4-6^40xUiN($Q^6u_PWG;F1^-efvM6Su(nc+6%usR zHrytr)nDDE2ATEhEK0OU%)jER+WVtKzFhSH67KC5Jw#+GcKTB#XK{U*9WKz~!enueRst z31o-DM={;oER7vN>f?ZhS7kU$F(dbh^i5oe*_RE91({dB9uPgOoA@yO4jZ;)k~v(Z zsY7&pH~RAl-F$uD5tstcN{uu{V!F_I+oK)Jtu+cfHd#{n23CmoBHLu_!QeSOseetqY;ytGr#IyUB%=02{v2ySv+!&rb_S zpS@b&vXb2DjeivSndH0IXX4y=o>i7l@ddA5yk?~Os7mmN%JtRbl&`8^mF1qLJ-*vH zI@X)r-ZStiJ1ISzhug#9E(QjB3pY_P%f0!H`pKI)4^97YEGRG69fDbQN-0%9uaUnI zdeDEpNhO7|dy5lAaT1@vsnIX2Kg+q+g#}ehw3q8}?J)ekMRKvOau%#r*7OpGbvg{5 z3vb>*8gQ`|yvZI&%M^GZ_tCVyO94kk63Ju{yNKt(b8iB#{?j>|GJ|D^i*@Cj{C)S~ zCAs>Vs(eNFQVv6FKNouPgJ1;2clL#QDf>CZLAz0yc~F2TDz?JofX7y1fkL|_{1p1g z@@;mN{#0=~b<*FRh|9t8_hV^m{JW>6`_3%r<>@DfXhnXyv^%GZaY82nN3rC;6&na< z=0|pk$-OIX$3-SmlGdmtKFsMiMJ7m;-c2+ZLc&~*>h?>egfh(zTHu#tr9(IUx8v`` zuORsYsA}(ZY88h1`37qx#*BykZchS&clS>f<4Wlj_!3X+c@5oHCWYZIQ}4Qq2%y22 zk6m-f{pV)=IinXqq`A*lWc2=-4u9mL$kF!7&U|4PpJuMSJJ;lUzg%!}&1C~~6_Tda zlwu>-t~kzP>IGCxxYiv%WQ3!roSN;;{L;*SM{6@zS26FsQ}X7K=q%!oGdB78{I_w< zibE4kTiCJ?j-$}mRjy9hQ{8a-w2y%X+3H)v-&e~0hzA<=Ls3mF0;2vB9zYLZoQByy zT&7>M>zg0*7%l4=IN$Nu-<(H1{EkYLcfNxjJ%k)=^#qj}nsGQpb8<9@-K*GE|yfPvcN|F?MfuFOh9q= zt|PKHVoj&UsQyrAQU;NJ!SPe$>TN2wo%}lHUo6!uA~xl_Yz4d9Ia-GdwP!(ab@iiP zpK!oF)s93-J~q(b-JZ4JBf%QniuRh%7WSX7g*&!+EP1U?lwAJh_ibs55vkW)(oz4N z0BQ8jy+P~=UtK->Wp)~$u^t3J-b~ixN(q7A-N5~8dgy%WBv@6mp0hEW4<7EzhBmV+ z)eaL5`4L^R$y4%u0IA8%!ui-l@2p3%Llx)BYNEHsSmZql+0cJTM&N+=iG=fIl_0|R z=#Kz(3s+o1<9@?{q3?-?&3wZz11Fj7iVi}dRifES3xz=68XH&E0|UyXy^!8oOEkN!ri41*%UxjKbQx-1dilph7Y6 zsmxEd$E%F|Z^n`MTYWB%w=|11-!JHLZ=~>A>aO)Cq*I%w9hUju3}pCSTKlZ0fKN58 zGVdcUQvM!v^-x`qCW{v-V{5tX46I4_e&)FA_YW1NIdxOo#~upPgp?#rdZI5~1;N?j zL5m^-)I=`l=Jw12^R8-x=x^&mmZA2aTuC%^G}wbq`HBxT=ck09a!(N*gdP*7WyW1% zOCb+;N0lVp`~wc4zE?9DKKs@%-?MaZzys^QQ&x(9G<`4D{k6?m)OvU`WfnUvLvFAN zm1{JM6`OdfXjjS1{a-A=w^e;KP|Dg8il1lwNfj7+CwlN|=WlLgy7zWLjrHi$MmY2e zZ@^``(!yXl=kjEyQ9Q%$^p)*GU#PLXZy{Cy-vE`>TJ!dxzr;ZqgA}f4o`TXw>4jZ-;)>>sNUT@Yrc@knLNck@U(DZs~0aJumI@oH-|0ceY(vGqi83hGcWfpBk(;4&8G78mq9 z8&&QSt&ZOR+R0}rlzcAm$!mr6zJ?*84VrvjOxjBnQK8mydb`;gH=7M!0v;Mwq|=?! z#zFDhb2H5Kx^yO8sE$_UiQ}TA(S$7Q4Ce3u*U#z6;UsDlvIBw1T>Y{lPN{GYt%p9# z{NXqMzOPS8Ts8*nhlcs@FL}Pwf4}70&K}r&$x6;v6wf}pfwv_E7WB5`Ovf^Ptu+Sa zw`pJ}6%LUpGDazOFgBhkck}sjq(`8`oCJa3A`&Ko-uL*+%^H`#({r3_q#ix%=C zj^U5FXE7rC<>r{;G>gp+!lBbI7h zw^S!35YeGm-P8`QZjB!B{q@iUiu3NSAF|O@_F}F4k~)p2F#`iO6U9zhQG6Mf)B^U^ zMt&C-X3Sz!VOU>GTV~cvw}RW0?k|c-KtMX0r|9C+{x|wg z&~3qMgLZ=-4RMqhRNlzdeEc=lpXYqgPR!5aYnETdqR+{c%V`K|sE0(BSx*eXXXN$g z4QqV$MD{h`kn3 ztg+>9fw>eO5uH4qh(!Z&C07yT*1(@RvEnoJbx|}ze|200Y^RLF>AZis^dLc-uv zHN-L3XKEeb>}#z>Eyko>GXoot%!>pTm3E!_z=cU8|M|8Ti0CJjl6goQ+V#jHi&v3c zP)ANq5(Z*i2?yooAifOgK+KEdP>We3;-yqnGOX(MnWR7Bgv zb-?Bp-h7tf^WJ%sEhWap9|av|lF+X#*5(lw!oe`#zxN}+HY87li3Cg-eyP0puv^?D zItXf7l96A%?_nRakoXY97tw|(g8Q?Dsa*ip!H10dbe~<4d&2G#BLi8Y^#M5<`#KT} znNu+wi6U`q^qmMt&mS}x;$&x14-Ct+ohw6oEk9$aF;0+u7gPO2ci6=jX)w;|5PP+& zy!LS0DF|FQbPP%eG!thw zvq<;`!C5|7WR)(8pk|Y0aiYV}t$1G~yetasJAAD}g6B~yl|d~p z$Q;;5yCO(kh@yN@y=Z5C*(C9z>p!Za=|xxQ?)VcjkWuG~lvHPr6x%A`i(FRMzIeNA zM0h(^$7fvMO-u+u-C600g;_V7EK&!ozhu<>02vCd?rdfnIZVfc>WFBXuwVTCBINX1 zikX0}Z|7JCZ3uE3LDTYwBi1Y&`xshCQ;#+{-2u<12#~O+#^A7xsUDdHh05skRt_mOOI5}nwgt*pjaXliv#pF$~E)|{U(7*&{drFkuN z2X&=h@JP(51Q_CwpM5k98o)(FpOCUxyv>3g;hzb2;KaJIdp!UOs8(8HK}lt#+gIm#{+x~|%`{BOA};OQzf(~NXr-K> z!4uLF$Kf*Rr+t@Qe|n5!v3Ru%y>e6OLxb@-Wp-31+b0OHFmz%7T0I4>p)%ovKtEb3dQ}R|Kb|V zM`ZY2( zfsQg{H+)7>mBe`+2vK23MWl1#zFlFUgRE>XbJ0OuJ~M<>%a5pm+HOsZ{J!dY(FD#2 z{CbF{B!X6#bt9uqMvCk5<0NsWvp$of&or1fJ3M}V3zY=}Ut+E5eYH4@xZgbTGa_B^ zJ*xtB6&y6y`>MF(5%>ec%JUh+{dK}Bk@Ra7fHoOko(@06)p5Ey-RsU&zwBvA!S!v_ zYokv^co!54rP@SSX%!4or?Z@ASXP1sYJvSnC_3!XD^=2eHp4=Mvx*6MSP`NQ4wolB{)Lwovu#cA^psQ10RH zKDKQxk7GbviBl5aYL|IR22!k@CL*QiYLvFu_=h^NxKu8qRki-FH##e;Rp2|urv<0G zn=?7x{6&$k`lUQ7QXdb$QfP8lhc4>AaxKV^C}VoAKx6uu==>xBdDVA00f#)9Iu zJ^g_FuN%RbEoqNXeA*3Wf?f-{AD;`;>n8L?nS=-uZHtow)WQj9^=WKx3H70n`pAyx zCvoP_LN*?k@}E=$JcNBy-(}Ky6wLH&P{eI}wR>}+xzTOwZ;#Ea$br(9NP=H6NL{$jUp6AXDCzf|OLFs*oamS*{hJ>6=6x9^GWX~sDs-n?Or z?5k=boc*qyim%eAcV=t z=18>056++BntiB+fl^>$os4U+}JbC>6qO4$dr*DB6X4mCeI^LBlV;uV~WrI zaAba@kUfi?rDTM}R`55_frl9-B$`^lUDIgJq#WsNYqY10n)AWVM2X7|HkChOv2CBB zH4sS|Z6;8H0iJ9YtzzG%w7xq~!Wb|45;vSG;IGK@ENV>riJtFRe|p*bDEhjYAOF;fWzQft z^!y%~IoROjyYyUI-(LI($Gf~1e6UWF+s?$F1;~-&8QybpVze*D*f%K>SN*)5pk0?G zwJ(W!Ox({sEeMfFp`#JM-Z_v{8!ewKD^?2`lh#)_$h~YA57}NP%;TPxjfC4>!^K8En?rw@y9RKS4y|{iJ z(;v~{*IxVe8*}H{>lJl8^z1F>k)4%qXFLdSS{;VZK_%x_u(=h?{#lYLQFBO(au{8{ zPjri`ejK$fP;VlFlne{)MWF0@$M;|qM5#_ycdm(?CA2$x05V%`y@K@Ds5kG8`|E&4 z_q`d;aZwlacQ^LTQY&U0XWLGWORa57q0+cX;zC(Se|Gb=-Vdf(n=@E&8lo_4o9S5k zw$_pproa7endTIB5Ed#xS)AgA7A?&`XzpF!B4z)gRiMGkZ=Gf$z~=O`B{7E=!Eo3H zNr|J`n>^}px;BqXf6Uxmxi$}7b9Lr_M%K@SI3V?{m57{R=r9^R*>#g-POu!}@`-RK z7c)~oyORfdb1^7jjY5GX(Mn&|5%*1qgT7SxOJ=e;jP3CvOYm7rZe&h4MyL*-5I6m7 zWrCi~OJUS=O-L5S``V@zO(;>4eA4?x{z}u7nmQq2h9*bB0$WOi4T18oY1Y$}$I+s35W4g4<$0X3hyd{b; zqT%5VS>z0g?7R7QF8aPJ+f(wZza(O-_I;8W}|hF*8ug)3Z-fv$z-xH`1)f|KHP#AtIVO z6w?cd8L`?XP`2lkn}rnIN-}{6!>1N*F}Th^rq@>qaL6K7;6uX0Lj9mE`f!Pw-h}<9 zTK+pX-xb54T*}P%*9jNFZplGx=));kFo^r=7rBOp^TdZA2yhRY#-|HlV z)j6O=4?XH2gk{Xi4rPeVL-_4x%y%ZsJpBIL5~~xQ;mo}NyIprhU9G@C4bmR<;th~^ zfj)nc#{TWridhN~eR{Q96t8X2cV^z1XZGx8@8`99tfB~adXljC`(v1}BcxYB z^l_yEpm<_d78+kX*lp#-(;Q#n7e5C>C;iZDd`LvtSCtOVeWOOo*Fd;fd|$%DHRbYxfdX2 z`bXCO>V*~EAy8Bh1;b?1=2^1h+U^9QAug?F`sYd$p_w`vx@1~oU)2MB@a@Fx*A=Wb zTcyZg`r3x>GcXH-g@M-uE+SGK*$xcW4$MlrR7#YSCf!kSD7^`v3LCmzH(SVU_&?;zA~cOi-8D(|)NP>cNqnOPd* z5CP}&iarf48`>Oq>f0*Dk$0ktYrQm0M8@0v@g?OZ{G7s<&qqtcnvS4aLt9>z3?uRX+jOoh#i zC|W7H_Kq*%!J`%JW=}|6%Rcfm9W+lt!sJe+pfA~I-VU54L9?BC+j9200pYE7d)a$LD)|D6S)=>Fs7%18;8h9BV<3l%3F$S)MRhW=PDu%<#*F=t4vheIK{USg;j^bMmxUuCL)-L5QqlI zm<}?OvXv+V>r{$4zj<2>l4{K+9LF~pc)ZtF0V0LW(}$$!hDTt<*3O~6-9S9`v!b^< zYk!w=;1MpZjj&v=;)OF=vtK{>GvQFeltH0e)L&=vW+E^7-@Q;E={xrvqH{=PGS{FI zenMw6)W++t;*Q8w5Ah+od?^_xQB2Rs#jf1?rE{;bB@2>CTHc`IoisY0xyjIB`Uv4} zEYQBf$`~VDHNd7vjQqATbfJ zc909`s^|L;IQ#|IW92oe^p^4CCD`m`zXI9~fgnBA_|(g4=>4BsxHO}OWZ~TZ>o@G4 z5X}$7ca;eETT1u;5&nJ>Z1*wE{y|LG$Iyhkx5M^)&()SL8nA_rOE#@IJ&1nAQEL#> zT~f=~?m&Xpoz^5=K&e&bZ-96Odv^iOa5fvPFyYuNZSpJk^HhD`)|C?Ty%9Py@m^<| zhx}5plyAeW9ES3%d|ffi*oiKh2d?0X{7t~A(7*bO0qZwNct_dgI3SFA1 z>bmM>HY#y$9t@)p7D-@qGiUx8%Sz(A6i5o*`(j+Trq0Huin<%YH-lAfK8|4*8FqQK z+3gz2%u#){3>6yP!`2WUS?RqFD&J1pJv6Puo8ul8+KQ=qp68&5y;x z=75#*ou`h93~mIXBduy{-GsLxJhD7gzv&OvGlar;HZT4F?4^)d(cUdwwDnt-QJyiP zN`JeB>t4Io33nFv7c<;K-+c->m$tqBG*8t*U{wHq&oo=B=y@$bzH;;vq8xKV04u&o z;<>^f?-(->rT_N&_EHNxaQNIo^A&Rt+;ykb|MLdY!+{EX{DsDLxfve=1q!)V-o@rO z$2nE!V#RvHy;P;y5YWM7Q+^Vv7lv@(lCg?kcs&L)D zl=XTrPX^z<6U4a4bM_K9k8yVsk%u2U3+d4VonO2eGw7gsR#9Um8h8l-S*7PIa;2P1 z`<{9i=+~BaO)8gjiK+f>1PsR_-n(gMSWjksW$3fnDZWE-4L=v@W-DWd+|QF^g9Gkp z1EWOgHmv;S0S(X1Rmx+`x$<{lw%C38-?N3ta-aa3cN1119{;ki!Ti7Tt*^ zts%5E9$O3Zs(S%c!uCvu04z?#X&Wx1QUhKnyfPrL$x9X`qMC$LloVk~{m)g>XgwyD z5XS(SpUu^7kL0w2lF>NF8%)YW)}p!Z*ImAZNW+*C(HVIz=h7H=w%`HnG2SK8WDPPV zZt)AjRLrtcw2JVpV~`md2So*@)Pr~kN8b7~`;$(6gvpf+3b^-@u}jg88%OW9?g2oh zf1T-J#mgSH%n*M&r8q^9B)HbMbFm?CdQHuXdR7_Xwh=E%gR6Ucy$aclyW(7D+Y-n)%g@=*< zP%c%P%a(uDpQ(f=P2OxHMLw2Y=2@(v9-5o=pC1df6TTxRGAU>Oq}g(#S!$;YF*h6_ z*A2+&^-Br(8CGrDqlU%awAF=;+BAEU?V+cSUE*ya8MmRxNkpH$3?rv&2|JVh3FbX9 zh9NmhQb{J{tRmbCIomlLTq2ht-tm!SHUQh-p!g?L4xJ+if&N4c@G$wx=^H}4 zXCoKm-1#@^KCY-otx|yt%KhgBHSsi8qXZxN(}Aq)?YAE~1p~0EUkZ@_Y(r__-NDa! z2ZCR~i;9M=|M+$4(;8&NdHI%yCq~kB{nVOI01uXriqG(^jxU-RODQ?^h~)Zm{S-?( z+x01@5U|BBmWR{{Tp1Vax30hBdU1u;)#5TiO|@@}(GsbQm)R(V4C=bmJv~z+E^NAg zr=o}F3r)R$6M#)5{!;t*PX9_FZp~mZQM8%1ULUXgUUN+%it)1Q{}gPzpa6mmH5~g> zS&4r}7OrKyvruS3|%t$313RT$wRnu3|> zLg;I-XHI_^w{O}o4)>+A%vJ~Oy=lK)^r`t^u5K`n^RnF!;{;z!)t#JIk&lxASA5bl zat~Zn>A$Y24MAfs@MpZzmT0_$?ilvdFm`)}sofMA4WMOe|Gl$24CD{{B;-gl%1;ab zplB>*lxVI+$wZOkd|=U|)%bTlF<7}wA~$B3y~KG5&+ww>J5|&Td$tJ_61HdI9naMN z`vnUH{HVSUeJ&Y?F%MNdm#`W&3E||U>l?Ryg$eiwK{fvFijzD&hDmxKSPf@32bUQ< zIu2ql~k9!pM?&Nm>?MX+MdRr^(vxH z2|=65N(ibuji>PqI*yt%z_Ds_TJ8&!&WhJeKiEvw{p^*Ub1u-TdZ+p2S?4=ubPY~O z<4QC!Ovk@SuVxI?X|&#q$(3B48q;cUcc`y6NXelS24bq{KcUjYUjt+>?Bqz$o7+!U zhZtEvf*RTg*-48yyIK$r1cug{0H8gGXbgprn|9%gvbQP@UZ;8Z;N4V@MuT$d!!=f)P z8_ov3(x4GBRDZ%6>>*g}4eKBh3_dQ(7QhXB(6(;L>6Elr@~us{6RTF0tArHrlY7`V zU85V@#j4w?BH}tni8T8zf`8A?b&y+s1fGDtyixvb8>FCXe*SHXJIrSi@#BJot>xa- zVBdR%gHJeW&8LJ6k2VIVs%rFX8(aAvv)R4q`T%0&6llQ>*kF-S-CfapRHAEEvyE)cd+hxH$L_{V z;YXd5 zGVQ2@b zXQj-Kn;W)ML`?!7rAq(sIX!l(U-?q723+FT%avhq4F_RT6D??2awKz~#{?;QXgd95 zZ_)n}WKcWR-cSByA!K(1N>i@;lyCGrwXoYxV;}7&IKpPXkI!rEeTwyNC9~6k>}I#q zdb<~ARrxu=@d{e%QqB=yvox|Z6j$97_k%aOwKt>F(+bGccPC1kbSh$LD}FdBmWj=u#&7LUx4j!H(l&VIYkk^UN8>pu$l>^D)lIpC z)%tK3ZG-tb@-zS|x)pYiQyy+#rG{%5pn596_)1Pgow z0br3C&yBEi?a};vU7Ho$`SKi;_*}XZ=^X<^cr8&tqdW0J9{Q2glzG$fZi@WDQnoGK z$p$F7Uu4vzV6VP@f8(&3R^IMxog3B`9KctF={QKxMnVR!7~W7qt``}&E zii|40Ga(Q2*gbB!tcopNyJA@WVdwRaep{bcIr9DM&-EmItJyu*&_#XUC?r2w>Fw>; zXv0VYTLLRP1~I#WTiWI;())XzLl3coRWeDru`@$9=Hlc+BBCNiqC8zJ3ii zS1_KyDN;reNmHI(Fj87$|I%kwUA^`E|jzZ_R#+l$~wU$w5IQu7xT9%lN_KS)jp~+3Qs;MU5T3l>6=8ZJp5V9ES?eT6~Z32p3n(+IRQxhvjQ{%-5WQfa+ zk~f;4UFy=%mAQ>_E-~J?T~v!60;OCdo0B7BgQHje{@+W8%^NK*QWe^MZQ9Ry`b&@|X`0LdlZD^mFWJR< znLc0dWcks?z(+^!jouB$(`vXhYoCPb#_2kP=N;*(RbNlEmg(F=%U={_uh$_1ZB8BM z+2L~~?~M+sGir1Ozr;D7^xV)AHhO8mnrfT90JokONZjC)MJh%!pFa*Z85DiZI6+pizsm(4HeXT;BGNbfU)6u+$>t-ACL`sMR zISh^V-Kv_BwohDrF@OtMtGG*5I01dUK!HZYo>>_fPTx1qjT>)L?G>uF9kVWx-}{g@ zl9SZ&x=jX`dAIhNM>)9uz z9MFMN>86{#=4elch6rE0p~Y*Tjp#$ycdoO|ZmZMBg{@=!bz#Z*M(#;P2K&L#U*_>x z^Q{737uH2e@s}qS)pnum%xX<1vkX^!`+ZN@TrI1r;t3S(U?5;W{+!D|~v;M4R zK}{+BQ?(Gf}q8;LL(b7askc(SaQ?PUl=bd{prVf5cqB_}b}PZw8^CIzD5<2`?jT;0n6>{9aQV8+Yje>z9?w{z%g9c;j$ zv^%B-g@oe$$j%Xhd9-C^?41nk9mKII@L0I?}3zN~&istRV;xG=6iP#4?d z=@Fo*SoA(^0-vluld?bcdudS8Yuvp4v|VxPRx*0Bp>^jSFWLH zt|qrzP1TYVY;&%{E%K&hk8}Z!<2+0Q04O_50RO%?>AA9hKqffSKdR>wozi^4lOi<|3;%53#8);2HY#{JfG2zh877cj=UQhq0c&94gS8 z+gm!HV54VnJ>Kyg4S6c7H_?hnq)&GnN4|X`qVSknt6<}90JhXL(_U*uGe2&xl;#H@aZx8Nrnp3s^aM6oSQZJPx@*<;~dh0JPr(DDmbftf$#O98-_EK@J`av1dBU1FXG6xy-gNOgY*3N^#J3$9NJ|=w308arz z`O}KV-SI1R?!gUhzNd#q+|Gp$4;V))U&pRD`8w`(e#$0CW((#WoPVMej}8Bp?3f>b z{gCTK4MYFfVF1k&5(1`?MvzC7blcFsqE(p4y0q1&SOXqeH}*xdz)@_1FQplXByBi- z@L2|cXZ*pRIKu=UELcNO67uWn49yG|8(4uOL>W*N5{w2fK`YSfrL8n!&`!6RzP;GH; zQei)>3y|d+ZBabgj7&rJY^g5IP>D43PkUkIt;Wi8y$_c2qZgI>-vH6_5c24EmwwiT zB_u$V;iVmGw`IYdVi)`pISLksnM&d?4LGm-Vg%g=YF&eh%eY39R?>taoo5 zzQk*-RZtYw^H3_Z(odk~+`t@%i}%`(Gk(2I>a`7Ydt*=Tv!Am}|J>qc>qQNxy>R^- zA^T6j0dgdnBiqY^Qx}EfW{tGfy)u(;a8fY|iI$5wL0CkM{p3M5x_t(C74Evu$7$!0 zv~j>objn)3f7llv)0@?ou9SS$&-L4cPwEi~`tyxzma(odvFK>AG=*QUjqHiAfQ7LO z1ULQfJ)?v}ANAeX3MVK(d+Soj(Mr$INN@K3RF8!uNuXbDb(#5BlRlaO;`H~M(pnur zAKlUmq|mGArlz>7dXo0PX>Z{CpdE&dp0(HHT-RO!#dA}d^T31M?ZL+r;QZ%^QBZ9H zQu%UuJSMPr{QHegUC52t3ctQ2?k$4ka0)C5TSI08=jbZisd3%+L>(!%b)Cslb{qOy zrLJZ&Frl&qjm5%>-tpJ+;bSF6ip-P-0`Z*~LOe;ZJ&iU7S<2lFFUjCa7SpWyIZx=2>?VSj6p zFjHQ-O}UH+d#y7Q;qy42YakCd}ZktM%DDGMV8^ta-7A~UP`o&R*p;e#(t1!%#Cwq9% z`kNY#twH;!aSu0(V`|snAP=C%yx;%?&|_d;(jlrIeWP#1cL7J+!Rb0ys5_I|=ZB?bXYS#>SW4 zp}3yW?ONb*0WyG0NkUTY;(1Y+@z@A(AjqJ|-pgQ&%g8olavV_E@=@Opbea2J_H%4{ zJ1?MGE(SoULs)miuK}T40u+6-50X@-OWWTge$D(F9oaO&x&vg#54&e_6AT?U?svCc zX*&8H#)<`YlroSDl4CB)^veTy2t z;WyO{E(@Z;ap^U5Y?IQsC+b&^ohaRo zhK7wvSu`ZxtUcU8Hj~QkE~vkP*}at1r+7G7Y#?WGys&<^AL-N&pAF>?hw2&n;L73m zPrdV*G&1{v;Z-KN_pK;b7cu@_ zunpS$44=A+257L!YA!LFjs6|8$i@PSHA2>91yMr`R5XIUtbwA06eZAZ-=}dXr1g6w z#3sCyAVq=5Qa_3ZRtYd{5Cy_Fnhy->U2QCiUW&+PU^6ZJJl9}k*L*kO$i_aPU|SYC z3~i%D*RIR06FEa}lw891s$BFoqGY@YaK@&j0oaoi346bWzui$uC|$rg1_bGf{Z*m> zk4Cjkhy%zj^*(9=5}14lsW2I1VY1FXgsCv*Cd|l|3m+jhZGST7C+h@B_1i2xCPwMV zmkB*B)tU_;hHo9=$f$T>ZuBU6Drw*c`5^HW0CU@m4Mezh5%Y51+>$ZzH)mD@ zX%$9m;~`!6^ryHCEO1b1)Wn*5eK><$CR22x5m!Qx5mxEe+@-50lXz37Omhyzd6WHx zMMB}6jR@MlC9pJW2ea2g?9xXvy*Xu_LGt;a6pP&+aGnpvWBumy>o)&q$^@}T3)v0g&7jW8C zg44qUC;~La@mnT=%E7>dmdNq?>?M92C@TJSbXg}(=FT+*ExY#lsOIMI#=ETPtnl?Q z22}jzi($+nu68$ohKuU5c!;?Iy0%%$jzRjmNzp3er$J6;FYr{PGtPm*vMa`n>oIfib}7+oZhAY}Xs{x@-~&a2}Y z((?>&cRmIVf&3;r*DgrXD)q!POEJ?Vm7Esc5~K1^m+zBrQ+&KDkhB0K^V2QC%9Kp- zX-Y^hUJ?53RqOOMevF($$?-UU*cP=jbdRkXcl^?>k@%C-Slp)lAtb(*EzC~ZPQ>q- zv#EhjY~U_=ms`0sTBkx+&H<@QE6TZj2AArY;N55uXu)#o;+twW>6durxqGzcr^q*m z8z!6W8S+aO!PSTkd-87u-`06Vg15c@$;u(Xp1njL5{xaChZ^ZClPDj>KZa1MTr9n} z51eT1$__F;DzgD{R0=4aw@<0rQwq`MPGprVQkyaSSqsvtKpLq(RcwSN_z z(mZ|s!;{OUa<6E@x0nKgZXhCz*E{54+R-2NNziva_NrV7y;K6vcEz!Kb5qj8?`JeV zXFLa!=CO}H+a+!*jE`X6xr7&9dF(g*N4Iks0x)#89dL!#y(A!-05CcMrBum*grsTa zTS5a)AmAHTc_83(UFO0Ilhl=OVv` zB_$c2zcvzjCT8PSCG!c-8xGYyX^)+bU?bsV$D|5T#%4E@(Yr-A2|X=MAzTOPzYjwP zvGJT?J*hh({=nc6#JKtO$@}NZWYZNEj|%_`m;NZU_?9EfKmdcOi1oz}>?TMn!iHv>YB%>WO?&_&m%E&;OD-{#Sgb zG)|z*63R1C1e>ivOx&m7Ft?m|epgp@A|V0*Wv)mW9qOEYyC^B#soQWS?a4yIL%CT^ zCpwd2ueGxKA7(C%?DUBMqr*743D?sxPQG(6qz4VT0gFY$or`s@>nqbdbPTDun8K9A ziJ;0~xO**Jmp=b;L4daWzLzr!Sh|n)mVEzc!-4sP-Jt6z2n#SHIyasyNZA>R!zl84bdH1}? zNlXgXY@YWC-Np5dhAp*(_H@+*h+H4D6Zh?lTd7iZ=~Vt5`fBn!&l2!tVOJ?E?Hy3> z*6l*(Kh#F6rCs0TDcaQdEUx|0!#Ig7h+wdYq4YSODJM!KTfR-tXCqXSMY=~jkWGMR;kdayFjXdL)dzQe z1E~f#^ADrwj4Hh@E;)8<%t;8XB%ymTA0VqqOXUv$@N*|9cX-jbGqFTkN1H3<3a{qV zxFnhNBum8Z-VV1-7f%<_s1kRhXNYbHk>WADXz~~s6eeZ+<77-Cuyp*x4q9`lRtFa=u6MTjpzgZ>Bl_RX*j2((a4Sob#3*WNTaxmP3~9vEz#gJjft zY{`LC0H8@@{7=lyb0Pt_lELh03_`2((_E8P1ZYcR)hVttHf2%_FA&a--p%uY;Cx{O z9n5*npG6aLX7~XyJ5~m@9<=$XbtdHcc9rGNav7%uMCBTrvW|-Faa4C`RRwKfNExu3 zuI;`llm4WxjJfTqvP-PA*pHfd7sx!1gRoCR{A?(-^n`vWd4O)Rui;iWsV=LpG|LP>6iU@; z^smSSKyYvAM=O(%4yN!cC^1kNsB7#sT&ODtpmqWQMkd@ZixRUdoYGM%vlcNzPS%Fw zr)0qw%m`=4)fuJcHpRlZP%X2<8J)tAGv{X^gJ{lioo@~YR>F;L#=d!iNN5y4 z3hjglMXibeA7Dc(RlFtS9Q6&BJkEn6gZk>|1NJ5lOkCelE>Jyb0Uw>4`bT@^EZnf) zhgFComr9l}ll=-`i`1OS@=IDj6B;2l%xFf#!A$Kf3rg87IBvmT3d&eHi|b&eX_BKr zFJ^wd8MM7KwB@|LvKbDlPRxk?&mrT&tIdf=W#Fh)Jv*P2=9zYWwOqN$Y)p|j!>2^# z=@5bXat24#2eeF+uXnaXa$|_2piZA#q#zMH3>cCd%VAxSp~wk@5TsKdlfzNE+AM`4 z6@5xSLA0oJ1x6*d)i$su5{g^LVxw-;JorMZdlPt>xglzk*6vP96TmJ!0ZRX*`ies~ zL^?4ktz;Wa2)lkJ7T9x8KijJ%E2L`95xQ2ve)-1@< zUaJ(-DFKLq)7vloC!-^G@a>eG*A<>GYM+HKCJbD-|99gA{2rY2Hv_Uv-?TFaLl4OT zbKojj9ZrCBl%Snlfr$ChGugmHLKFSZF=m)T5~&<>SUTRlOCc&guk=*?a&3bUTBoqA z6j~7;HbFucvKs0JTuza|_%^0%{wJFTB0wQY4d3k4GTp=UmbKetfsY|MgTc$hrly@P`F#Ho-19=;AV|6s?f7 zI%Y0kSE%Vs{M$cm&COoo3feh`wnHvxm_+Sd6T$Nxv0Yq5ym}icqV*b% z^4Aq6CEitu7jiKBp`9f5VsaGE0F8#!qBVNv)l1lI9JEm}XGn#FKy@)Edev6V( zR+`ZCEAO>S!0Ps2#ciyfF z7PbWnJH93}^Am*CkV44!$S#FI=9I1(tL0EYD7ac~Jpxeku3vwqN`j76t6{|{TugJo>B$-+K?_eVKO{z#IA=;E=P@1!FPDO{p9wo6h^!u(XoxDvw3;FF} zDwvk8FA;K+)a05oR_1+0_Dciu;?gi?t7n?Hu|Xiy9x+=QeA=+bmYFZb;nE*| z%|3Q>n{qI6@o{7qCFZ?XR87rMF{HiLP05*o2CDyN{wmpN9*3Dp+~PV}g2?gClH8cA zI}~MT|CvE?=YI`Zv)kn)*DoK8aO>3H@7^wq_R}g4Xgep(H!Lo?)b}>Do(PqQ_t@4X zt3fHU^tS{UHn?x5z6Z-&$jJackEw%dgD5KOHzslPy zqRP2;5eM(S)JD96Z{nW{8DX#|+xz4HN)y}=b{89G4gGNxVGQJ2PYJ59oY>k?JL z>3Lp8zLWLot(6ky7e~)V67}T3U4EvS@y}g;0O)z1TK)N>H`pcdXH;Mtj{%3KVW*3K zL6okx60UKT$^HS&9<1-NRM{IKd5A3HyPnZL;$QGHv4BpG%_KAnd*Ts`={4=1)@j^ zsS>&;27drQLA7HCV_fHHIyd63!6gr_HJF|43C!$&gnLmX;EgR!TcC3s$OD_Xjm8)5 zzXK9Qyq^!=IISF3*5LYA85;BN&mL2TUyyGnP@n{b#$#?v7VxWqEYzS`hwf*M+_lqV zz;F8IWZ&NTw~0!W=7#hsm6fn z!(W9km^2&wVN4=rhVpfKwT>^SR>i7>1xobXn~gWZf7_$dPVc>q9yJ zwscM14}oUjYkXxhQCaEKSIn&o8VL@K-SAZ#RvF81iP|GEtHHW?HF0`4vmf;UBlsAc z9F-`)KEWKrI7b<{?~M%?>8%%vtJPR)7U%#B`|CaZ{byBi#Ag{%jphKLSG#v=r0i^1 zUje>wo^=|JVNo zZ28Z^|Mh=@KmXI}i0ohg&;R#-{QrObyZ`O)?GtVNRW@Dm*S}EipHKfnpn6=lf1&)p z5G0+ZzrRgdEos00Jro<*1orpiw<(+A`_C~5grNTgg8vH&c`)%WltHNX4f-2F;pCs= z)2bN$twH>62sH4Y^fYgVZCvYrp)B|=4_ncJzhEelK&ZeWTvSr z!Xi@}a1R2Gl7FKF*!-VV$|xo7 zkod5z^3x)>@lGB)OLSAy=Lml4y8H`aCGfx53X9@*&_5LKIN~SPnX)jwC&%2XO(^~$ z{i%GrkHAk6-Sefa$g&)vuh$tzscrW#e?c>#&)9;JD5TAA^Z|z>qyR-}8KF1WvrGqh zEIB!?V9yO~g(&EQ20IM#R*w?H-P!Uj&})L0l;(R7>FTXUeWgtXUj*2Nk|(ZsiV;O zGZPw|#CoTRjdDKhymt)y2K^WxoJoIm^{KyI=aAsBg@(3b>*%@HR`cm*WPmT5Nza){J1hodG{lq z9L#6ok&__?f4N9}Xi~=H!-KPt^|q5Tf0!UW2tV@B#TpbYm4j6;WQ*~~JA%$doyktt zGx#ia7wdEzI23$gTZ`ST99Ar5u*2pD@ZR#CLbI?*TptaUua8RGqFQ4l zI1F?#>)Um!M9>}FA^|vx=p64`@>_cnyzw~!FHe6-W0Y;nM_;q`@ZM3!L;=xF> z38up`B{3hzPq5<>+%o{4#-KWOb}cbq+RZ+6K-?R zM2>h_whw33?(RcG$mx(0v(6tep!!RE?Ku%``5hppLsD>o1J~{S3|ILc=ZlD7)D>%Q z`{vaYu z{Hr|h_wMQem#u|D#Zo+CIViWwU*8egdB;$@&aINqX!a8VW;weN->%QZK(z2@z4RV4 zS_P$J6E({jce5K)7rN(T-Fv2!+`U}uqJX&xg(js5_KWx@F?sM=;Cb?bqU5ODr^Xb% z!p!gV@(#@}lNL7uHF;A+3uS&;CZuF|?sVDO ziDMFiu_d=BLz3?_e_~I)xRu>cAtsB@>mP%R^BqKrgDGc0I1pIpQHWw;or%N{D%|Xe zPm{YQM@XAn7I=R_Eh|;Bz`SKCwmQY|OfCdz_Iqr)Pr#d0CS5ti?$a_Uo!pNt)M!B0DD|-x*w!+z=plzgI)?MVvJ%TJD!FMp>gr z?gx;0RjLLlY3^AN&cyM+q2JG3xK(K);)-z}%o4ur2czUZ#Q{k23ZZXvIksGIpE8@XE;d|+;q zZx`LMOLbH4^Z|EjQpoX@7IqKvzG5KWLOaAFlMI<9I)#x@DV?NoMwiXc{+(Eny}4Jn z*h)cq)9ckz4dzwL)z9Rc+^crhL#e<=@{U;1J%z#${15nAHe>5K*zv{4=K#fH7umYz z*h(_Ae~jD_zg6K|JH-|}a2f_2k8|T=4CM!Q&h@P5ld10z(v3%FmOv+RHE3AXKF>F% z`lpw0!I%3U;juzH%Jg)dn$+h4_v>Y{*72uG_Y<`2d);+sPxLbcpphW=BUcy{lu+{6 zc#fQRkI;plIOHVtWNz7BBi6ekwSMuBmZu#Sd_p$(R$WZ2#o+xs|1}y%Du@j?KR;wr zHEnBGW_QZL;iPIdpf0L>%H_2mR73m^BAc_(vD@t;ny})Zd$46rQ}nubmUWZSIdMNM zaewq81Zf;?N{l)9%KA@fFrc02JUilpVK+N?uninCv^zHh(4;UF!WIr@ab?o(7x_qG z;V{=pqO?Q+9hb92#=)6zTxvnm@@cz5uG%hC!IuMc0CK_sKmIT5aaH7?V4jj4~ zItd(B^3Fs4iXPF^+1!xle8EJbA?_Bwr4}_>8^s3A@3+jllDE z=6NHZ!t$7Jeq$SfPlS}Wtg_h(C-2I)o{+soF+p*+e_Nt~ap0}R-3P-|iAv_ONJ)A= zt#yEf8&Of|kHVlm2+!-a6`_c=UtDCLE}yZi3g^zSKr>)R{rx>$A)C&({eUex^y&8A z@G-Mo_-LH^!Qi6th=y*U){&%r2bHo(LuoQnZg6C!Gbw^Ze0+xGqL!2WzbZCbSD%Nl^DqbW)Wt2KS3mX<0~O=NJ+KT#M6`*WBYqhJaLbK?Ep+CZ1qXsMy~3D+Tw zc-&{<(Cq%$@caP|9{?Q~H0>~5D#6w>$vUX)z`|JdvONjXcmjmh&)fEHI#xUZf4&%p@V9XJMOi>)?oi~ z!@ztHi#L|fDD7x15GY)6Zu0S%&u@Re&+6HNBY=oAaMFSD6~;|oaqyIyevtTU8IRjE zkm%}mCy)|V@;y_`EvhjMaLlX*N3Yu)5Mz#3@2BRvsUK|4DOm;{hDEobXC1){S90s* z!ee_DBii+DLLB*W+UwdkaF}0HUGGy!cU&MA~Y!W~ObQ@5iFMQeasY2gnrQ|-tW4{CO z>O4C?xNs3t-%mE_;Wys`%vh|$cST(b(|PIU4PYs3p;D^c65g!b1#CsGsq`MDY}cAS zwLGutxamvpHrCVMssg3U7IjZ70Tel%ejm^}(WagM!Bp2@`TTtPNzU3j8TJ^2AlhL# zZK;T_5a@?}lIPcZ;dlraKdzFy&I^7*iT}!;=@U+4sb;*aaAL-p#dZq zB)o3WWlBjmFIH7(RYxF*0m%*U~kqr@P-gCUaj_a zA!vtaGO28cYI&0VSiJ*P0>AuvP8-ZT=j~q6HUI(uy$s%DI^e$7im{8@NTrB33gYnh zzMZ(*aOLb;%-nMp`3srU$2G|XryLy?X_1p2OjxVZ=vupifG2pu!n=1|1^`Fks*4E> zGUG4Lp116taixhgTyum7*NvP|zp)uVDumK5Q`My1ED7NTOsnn5#3vv7ODRUap`r*Z z@{41ct5QMM{CYEUxB;?DyFL*_>NG^Isr<2DxQbyK$a>i*zji6dlSe~HLQLQ1x8y+% z3}l?#1OD~~7Y<^pB4EeO)j#!CKQAhTFK{uCb_n8ifB@~_AN~y(g4o-2;^2&B!ShVo zAc>u{9#7_aB5>Wa-Q*km5K?^mCF^lgkH1*bL&*BjtWG43=|vpGT6aJx(;5KagheUx z+Zasx%1~%AWuD>oE^aIreWS%;J}!pLkh(Q&7c^7lHyQS2@T^Wl9r77Xu7;oUO6U&r%z2vK=EFIx!e!qs@Hp?$@6L#uT+O8ZG8ZGwKcH=IPcs zrgg!StL40weMOKtmNY9E;Nu?$ATONhkoQ{DbNnp={aX&ViqV0#!Ne9f%5^z-C zEl+HW zc1iTXF*BZp;yH&hykO)aa;nh|Zlitia~vpEY+7}k=U1()CNO)p2pD_5KJTn-LP9#8 zbp;3}Q?Y|>&O0Uw=Vd;%gZb<01Fwtp z_RiOr@9{hrU>R2AvhMnPg1i-X9UJdZaTG8q6y@( zNgNDPY++9VKWr$+PAT9g`Q?4&UrTY1r0dkdNEOQ=p3Bd?A&#+Po*D@t++*vI_v`6- zHuVf5VbG2_$!#k-0Ljq1K7_zwHWyJ^33vvfaZY*l?JVSr>o~% z<$UO37}(C|&CixK{iTONjBZ#WIs?JVZ%`udCZ@hCBkn^wQ24xN<2#o!zz{npaLRFf zPThjWVvTB~gVYQJDvrqWNE>ITtomHPIh)BJVS75R3XFzmD!xmxB zx*hP|jl6AwV2p_E(vX)Y6amD10bMOnv&=^w%5Xow>%?(VIP$Dblw|AyPhcU>#}wDo zo`FKK%aY7~9+8Zzc@x|c$1^B$@cv?~G# z^)*6lPLJjJlwxha=IKhmahbiA@eZ{KGjThmeATrc<7VAqoW)L&z$gpCv?4RK<+EwB z55JSgws%bw@T+9Dy54*$_2{Wpi|wDzQ%^O?Rmv4#TJNq0#wYnV>nTS@mfiMxGnAF( zuU|0pWOE(R6v}Jl3a2k=mkA@b1^@`)xee6SSn~*`qzs#G$@D|`GFMv zBPPkju|{k9ETWR;Yl%`(tSAj*ssLrx5!3m&DD$WR_OUAkhxY~t#8hMbjL_EH4Cw2I zJ}4_lK;MMgm{k54;Fi zb!FdVyYz(NnZk^1s1~QsB*0pj`}>wG;12RLaqII(t?V0he`<`%EK%2dtR_ai6s;3( z7%Gx6_7(Ti1?+1r0E&&J66;V;s)4p5sEW3aA{5{?{d54zf?D&sa$I-MdiESmn2X^gY0rPkVk$!**cGPL9L+a!y}= zS-x?SuP?|Wh(iLj4?*+I;LTf`^7Hi;`7!ADO;W5KB<~u!en7N~nCG?2TnnFwflWP> zsLr@ZBhjBr@rkU}1wI{0B<1j57YqwRi(Y!GXpaZFGxJ#K4?FeUj2mD*p55}hB-gaaEpaWB*P}8Y0C;I(^|m4(h{$-$ zFXZLm_;^p0ax5H`7VD`#qKrBUMXR_pa)T6g|UXOJK6{{_B1r6e^3=u1L~i~yOh^;KU72C^7;vQc!EjAndSQ82`Yjw9{*#2 z;3QZ#AQ*(2Re#?`E;gD%2ZT?=dI^(cCk=vmg+)*V>4ZktYbzjX-Iv9ZABY7dc z)@FSGD36&Q36P^O>?VE(5WQq~$*E~Olk%8XLfq+rvJC&r&(blXH8{jypIDE{ zM=9e3PPFKjRKOla+3}mO zw1udXnoFJmuSWoeQ<&%5i0v()X?}#nuK|e^l8b6E+7Q5KLfag5*8?mikM?8JG%&*g zq+VT%xquwdKD{dMstGec6qKGAKz=WK)mkoqrYeKP>Iu>T&y?j(ZcD~QX5IOl!BID>gb^A|KliUGrQn-qJ-`>tYKumlhSas#Cy09cK@BY-QDJL1npmiA`vI4jcDiW|*)s?+~e zX4LGs#nw(HrvByyZ{*>JL6s2l60$XIgytd|kL zL2O1Fcwji8zp_upS#jA|^nsYG@4@9jxFb*dHn-TL<4INY#JA+@LLCSzfC^LL)M0cy zSh% zrljV)#?c=H_Z-)gud5mJsQbvj3fq1&qt_j~FRc(3QwBU*r^PKY`>ZEi6^kFm!+b3V z)C9!K?Zq%H;?9TB;TZQYr|*Lz-Pg(L&SOLBBLyh0-qglLp+!9o%*ERwN+~oY_?(VS zx<~!t9zm~@vzc7t2{v&$V*Dys`i|AQE zHE6!bK?@n>ao#i(`VoPO%D4+CW%&5?lr$wBGhQg)qspvK#4of4T9Ma_c`NHg&?-tP z#bt=_KkS^9FKkHFi%@?$gF2)fQok>3Mp1h5)aXax<+pfL)F=T% z3rL5$Fs{|6nNZlk2&8=T0j@L+CWNVe!_yiC1M`?wX-(+(aS1#GU9Lljl$$%0jQd$z zWuT``*GAP@K5r7{@!Rt&YEpko6+~qN(J&t`fc0&!eLg z%@J=lIF`P~EN!Vz9AY(fQ-lGMSt|zxiL`HW#NqVQKUc0`<9gmd7jer6-vi!lNSR#q z1^xu?40`D{gjJE%ZqG*61tS<~t15YW;o7?MM zDZBySK<))-*Y5{y)H>RK$`^2&p~69vwm!T;evaZz?PwR2$$Kw9U=1*#(x2pjxme$@ zFI=}4raYbCIisyb8`N+*;90j?&VkZ z^q`0$^efjYv6N+n;2%S~Qo&4<#2I>8J6ysCJq2q327d#46l5(eMG)qXvdl^i>D^Ki z;_XxE>P)35h>{P2Y$=TzQOt;XqwSya(~L)!S9-n=wn9*ZohODt~??uB()SY2ol2^|zISK|CyjTXTfRY#3 zfSy_v?1Evq$ljXkn-0fH&bPz#g?*LLkyO|3*cd~ZvE_EM&|`Mqnae&hoqF9r%y^|P3-LK@Z0EM>VVq&I~#5! zNL)(;=>=P!6<54=L>p3jwtewA_+49G=3tPm_&p?7bhZU&3KnpDJfdx?>}d{;H8fif zAj)D>dbrhoITS!8%Qt!*&P%ochbZ)7R(sw3rTS7+<}RdX#Irw~5FSvb4=-TO*i>q@ zq`ln}v+(QXjM^%=h17$ufjn3I&FfiS!%<*0SMbS>3;I#)OU=svX;)b+=qvbxA&!JFFjm<5>7*=;+@cL~O~KAmgnC%M4iUkoZmMk_oU3FSU(crHS8O#IdGgr)u1&T^J2-!@=-_!8eJM{>!A z`=~X@2k0Aeih(X!&s7;ZYa87(1?d!_q$94GbTI$Nu~5?}BK?a8)&g#437*M+!NDf} z7!C-5`ghnCs3t^|SQ_F$bi>&uku{0f<}-bKa#Wx2=6H+tELYf>PW~1^APZ%pWZaiF zg?*{>>nOu^M1h(jelnEOY3t*E4Fd;`{)E*Xdkw=VwMqe`dSuQWBea8a88nu9lP{XEcc=~780mxK--iR#PaMv7f;ZuPQD8%T>~P{7({O9iSbz{@H4C`xij zo^Aesf>T(H96m1;Z_(qXVVs}cXw3ZvQl`y(XKor^!=x=*7Y%Cht(+En&#JszR_EWt-nd#c00JPi zTTRw7Q5_}tDa<*n!P=lYD$$YrqZ*Ds)OSn`25BB@C-9v{^wz$Q7F(%9a(GRv{HptVw%e#s=A&%QZFt>$Y zLwrZT;n1i_>fn-ZOp8}a`Q=su;v+z2!YClifvp(OVah;-K_DucDH^~LL3Dlqv&bs; zKtQnp`u96(Fkm?Y&hh$iDkDvw8`WJnQzO^#JC~R_nm2rA?K`>dqW|(ZxP7@f$i6ep z)aGdkX$w%sgizO)im`xAKRW?Is8>SVy50gA-35wkJ3#!?I-Y1iYk(%?Y; zyTlAIY5|Seo3+rk)1rhJi~=J@?Tu7|7wyDypV|+3n_n*vyLEwF&!o*M zksD9KAtXZdbKTB_NMC~{C`{+}X%xRSYAFqU-8nsnu^R$6rp2j2qA+?#3KNgffMztd z31-lp9vXh!R0{0Ykd-E5F7Z>J&8P8mE2832NM2$EaT1?fuJoIGSASc}fD5k-kj;Ky z0(VnpP}U?9vdN2vAgRv)NT{n(&6Q*WjvHU18j~qOB3wTC%G%lt^x|r+#RtYF%-0L> zBpx@;5V7qCD|nQ`d-BAK*du&d`T6$9LB{?fe+lma&Eb~DB}Pq`fQ*MtHx!5f#W+fS zm)Bn~LE#&bfQ)CdA5~tToqpk7;cL^1^UCLzq@|bjEpw;!18|uDu+_=(7v z-Mv}6fSAtq;;>z!VLrZDQ0P7!uid=2jsvz+s@3zr(+Hb8`pq@n5i%xUz6C`(u<-$$ z3#7b_gI8!WROuM}F`hsck;mGV$6wCg=f2~}S$@zT>3V*8RDz^u>kAuB=9Zf#*?g6d^`}p1Mh-z? zB-uX0r@+)&_FmTsEpmwkJFt<3d&+JcaxkA*e7=z~seh%Gr70gr|EJ7nnoX1oN zS%D4&443eW5OXT7+VyqYK!JYMON}Fn4axnau5SR5;Hra*?KK)Eoncu%d6$vc2(_vm zo&fk{Sga6l8#S5YEWw}&lU_t1vzy>V3@$`FLg`ip8#-zU+Dx^f1R!zL%f&>Ks|Lgh z>v^$Q=9n}7e)5Es^9+>IpqX1-Kg+N4&tpMZz^#KEz}UO_%`qw1_~6{K1TW$`;Ldlq zUV)bD1L-Smv2HU%ChjE4v+=W8QzL5BRxu+yBCoB6sEGr` zK466^-HKrXh$$9wDP`4-=?&;8$C4L2z_bRhXJvne38imb|M`L{Gdj?C{V8JN{xz^c zuvFpuU@5yi^8#q9TX^SzB4QJFjZW1|5a3eBlR5yJP;8viZfIL|=qVsI=$+$?B0bE& z8RY;aTJ}i<-zzH<^gs z;43INzw>%o`m24D9$tgBweE#H`sT!kRKNML_58pLeLRbWMuQqeG4zMK%2P%C#0|K8 zaF!1091gc2BxE=>(08X<1lpGD>XEth{Pu&BF-8(@S0VDv%*BOq{Hn9mWSF6Zbrl zD_{*T9q8c>uVZdQl)!?HPTL;qkNZ0aMYb>!h{A^NCVOZ@yto6Za-y$F0WjDC12b6T zCTIFGL1yuQ%sAFQObY?ALW7DiUkf!b1Xclh@OkB!XrrUz^g)OR8%+!WHMJ(nj2iVA zWym7cTa=}X;HXWX4{nQ*W=}Szfl`*%jk|$^613QBkVwF0LT^CMUxaW=43d*Lp3P zDg!taKJp3p6>tMjF79@W>Sqk07ml8-RG`;If3p~_!7we%<=ayt=;6p90jIt9{1t$f zRAcdZ$s{mBs-ILWAP*=I)H_b4c%L!T zS0yK^i`7+!S%Km1fw%bv`WGOS1}#iohf9MQcdfqxJU~>uJ{Y8Cw^4W8c4t zM_ur`*v7S<1D<*?enQ#U2lxZFMmY7l6=GM22gU@xb~Y0oH%k?8A_L+nKS&e?`B{(^ z&2+9Zu;<#R#w@xMYA^t`KN#`>@rOphg;$KLHx_d|8t~q%G@lC-YT|e*UPAkHkUs9< zJ}zsP+wdlSGi0U)!tgf*w~+M(JWW*uK@CSbScet_zeQc!6C5{6-IsDbGuuhVM<9%y z5m*C|{Ee~!VdsiV2uVA?ovNABK2WUEg-QBO9_vkoY6`XWZv+bv+wrp@4s0HLyAMZs zUoZX5HsJk)y?}T$1Coy9jJbvyjo*}m&6%4iJkaH^l7RW&K>9WCclw2p3WGHcHLcCw zvmQR(rdrn*HVwtveO{?E4?scw1Nwt|&ls)H_gNI@QQ?QRg*$LZbkp&|89h13#oykK zYO10Dx$dxDyt1s`N)@nbHi!9nas9{g)q$Mng|l_m4(-_dlB)>T+7x6z0Di*6A--LI z+ZO$zT4|eFsJ>3rZl<9*r}mbsgfYa=JfSe@6HeFA;Y9yIL1w_S2z&D9?6)Enz^bozk_JT^MPTt47!z!Tke!fzCZG)R9q=;IG7b1@UCJqs zv;;jAo(()$=y!yf`lZ3boS|bl3;|iz!GA0X6ja`oMuIItKQsl(ddG!})7=YX+aZ|m zp6{D7nd1u@!HWYGqT7i$8Ax~}Fo)Qna|68kDLA>h{p|jt4xf0dU{)Bfm^a%P2_>qz z{JK~mPmc!?A7-E_q=iVJKTzlN!2Ccp8oYr;dpjFTVaR@rS||WElJ>^a9-0OWHHQ6R ztc9{A!1}w1ejqzyc~*)giE@xK5P&+GjPHjBa#2isql~rNjT(5GmSLaLLb(&Ds2_c> zuun4+V_6+teEE|zRG==)Hk{0L-fxvK$-{#yVaPXcw%o=Y3zM4wFO4+5gqbKVma!o3#=_IIG{wxqoxwQHpd6W z7#3M`4U`)ESs#D0i2c$q=w?4z!iqu^wFmaJekw7bz~o7UFkb-W_kKsl7XT zB<}_bZ z0pv60{f#ytXUy0Y(c+N?QY;(5!1uI+ETNe$zwPLPZ*{>BFMxKttbog6SC;~j&mW+4 zaKKp_a{7HU$&5EytCEUy+!PM1?(_i+R5*--u-`r^fGg*1r!@xX)5km=^P%Mu$}+g6 zS%%OfgViR@y6hS%a8fYQ8umTI`vaFZSQCLrVHAcmC}U-{>wh%8NR;KaGir-bC62TF zjiDa}Gke;(zWuC1I^Bn`j)KBS<#0dhz4_oZH^5`iu%Omp-Hr?ck%cd88i|fYAwTEf z;Z*;enRJc>Afn!&Ia{@9Oxl^k*m_i2HG!=y_aj0p?RKn^Du>n;-l z9Ty`=yt(pYb-jbPpgOco@~mdfrcoXc475-w)hc3t1+G5&d2)M*;0UVGvq&Uixzv9i z2-m`22o+ zCVOzrwAM6z>Gjh_ROdq+DE?~9$YKk`Q+C+Aema>!g2(cXR69@pb~|WJ0f^qpu9E}H z9N{@5_QyWMN|I_jMOV>$?O+SuDFf=!TL46(?gloApwn24c`*rG@hilZfirpzK&2d9M}R;HeLu@A1fM}k zn|g4W!t6lQ`R`eLtq1l7L>@Hej#sb-Be8y~ja1*A*}=+1W=xfnMxvtDzXJmIKxt^G z&y!38SU*tv^HCg?Cgth`#UAzpMR(?j!J`>Yhx=;OWl=DQ!hV{o{czg(TOv9|fK2D) zWQEvT?TZ{C0g{OoEIbBx2hQ9P(tpQ8bAOs_2x9vznNh)v^Q7?Bi_@Cn+!CXN$c2<)lRKcW>gOKXogEAr?715Ow*F7*%1JsJl0KuH5# zxbpz4$^z-?OU-3qZK!844`b4d9&3KDfBd)XnE^D3%%?G2{5f`f+I<xHn3Qbq zwdCtw1r%<0tOlWz6>QL6eiZM-TN_;dad|>xezas;4ZLoA{2s5IU(rD#x|5vWJy<>W zu~o;>j|`x~w8px9+hoP2ulBi#SrvH<)d`?sS6>F#iYdX?;U37TaQKr`5l{(XWX?5u zVrK@(nZXnbF`Jz_v(n(y_ETb1+m;F2>5yBk(k^P?^wN~(PfvWLr)UQ3MZ1~g%n4*0 zk?7!hMDBK^CZnL-senuXOF=}U<=72=?m!7**>fGXjy}7a2Az|D9|;MK@rC7&crcY^ z?=-{#a3i4QSmw-6>n5PhgTNYPGMV2#@_`QV_tO$SNVE&|7YjHf7P<)RE}v76Db_uo zWf8ZS&p=sGlpja@z1_V5CZ0v`7N}LgzzFZuZ({I^8G@%cfU**Thsv$Gei4RI^OjrvVM^aRGiPQV6i!WPGQdbjerXM?(aPKDWm-~j)%ez*klGy6QKqTUazuuj^-YY3OB zTImAg4Q_aMU@QZnKuC?-GeYSix$}eLkkw%YUomU*5B9Zvn=d0E&XBb;S+yF9fjBa2 z{U6ba1ILDc>O#;ud7Tpfr$MhScw(OhPHTZQAC4u~Eu-?HKgT7p%^28t13i|3MQTlkG??MOjK8in* z|A09NmPHqF))|g;R_Zu+`+X8tq3NIZ=W+y8E%F(E#+|%UEnE&N|Rae zYYr5DGNI{$fB_u{1%AIGWmrG@!XSvU61LTl)MUB3fMI5Re&p_Y`xeBW$xXFF-*0i! zdv5}W-JmuyLKX-?F)Fq+ul_QkRxOJvc5xB9gF<>7EAt@p+c^=^c$k6YR%(d;^UlT%tS47G8VLTF_CQmwL#qO; z=FY2j@T+R*VSC*8+d_-!ShQ*9Aw(VZXyGBoUY@g0JhRk?Z~PeRaNb4uD7EVO)d(gu z3*^7ANgX~aM;y^JT4E47sHncT0w%C9q{n%H%8;Q)5WeEybv$TT?e&5DfE#7$3M{;- zr_r@Rk)DKAtVZFU7�}Nk8r`P^&dciDP!X)WI*CRBHnIA<@h3TiT-Knu~&M8-9^gP;c>?6cYk`s+Z1S zvtjW-$>@vVmm5fI04a{Ztf{Cn`L1M-XOVhEE4-O2DOkw+A^sal*R|y+5<`E993H_W zlQEe$V{$MV3|~K@=bYZzZU>B^s-%)`DB;xZu@7kUJLK(${JB;VUEQ4=Lvkin`Jvi? z7)yS@v*M`lyFdoVq<5=nLcRYQSWiPgc_e?Yf(hpwR<-rLt?f(re z;+z`@XHP2@C2p18o$Mz(k2~B}zwZ*_efIfN0|F>&;MB!E9X@sA7OwF9h*`T{UrDwgLf=-CCcEf%}*%wH(o5*su&lJSJ<0l$#hM29GbBeQUN{M8;OJd zodi@+>s`r{O9KX7u951NmjqxRpqIIzIE{2l=MB=G?8m^@`4pYsr}(5CR}H+kTK#Q{ z``Q?^X3_f#z{`FYbcA<{lgghlnSAWTKRX!Ek8cES`d#`dH0S{F?|l)!=GE{*IY#{? zmEZH~kIlzJMqmLQN~Fu@2(tMfY{T$(_vkIw_{xSx)NShrML7J{&y)4mVvVNvtMGg- zt+ijWso%ECtfNxPBM%;mV0!H1y`y~IYaIR{hQoXSYXtD>{DChWUco0@O1?!UxhjBM zd1zI84DpKuwSiCgLa|5j;dNqR%zdIOhH`*Bf*g!Od%KeXuNx(yuPJi%6X6~nB)if} z{4G?+E7cMeKkAuNpQ74cZ20v}vw{)|kKopRPo|*Rnd})hfVZ1$lMs&gczHxne}|u& zhXt!<_f>}4P9$gFfnCt#(02ToYInAID5ro$O{ciCWd@e6VWXoFB{B;L!UUUz!sG@z(nv4 z$S59$6+Oj!Qye;uWDg9z!!3RHhHpM!?_Rg{px1x>| zxeDxgfZ~9ASk2Dcz!Y79R@e5uV+GtSQ1dt)S5Bqs^~W;cn~JL-xInpL21NplbyUv{ zwXV35Sjdl%DoOb0FQ?-igp`rCbWH~pArvA$2prMvqa*GW32Hbzz{E?XFQ56Nf+p1+ z`6=yQX4zlme(6UL9F{kvMUmXYY|XT~{CEr&Did=;F~wG5Jfw>(jG0}`X!|D?L7y_I z5TS5zDbI_MWvhDv$gt*&0!A*7cz!G^gQGcrbRB+6lZ*py+pz@)9;*6BNZ5qQ+?l?T z;^jo*0jX_Zth&j{m@aeK6>cV$Hb%g_2JwNWWlJ2fyT^Bya8C%Cg?&H#e14 zsv$tf9Ma7=2k7j3e~GeW%xw25hCsl0Dgc6F8+ya35uXtWx4)On@l*Uxe5Il3N1SxS zg=cV+?@f`R7T40)0qH3hH5bw>MZyCT1fH4g0Wuef-KslZur7dP1c7gWUP6W6Ir)8k z+0)4HGVBPyuk_;~ZLeUvzZ7e~$i}{_ozgydE<94!P|8e5_LGO+aq|3!Gfv5b0;zpR zxoFR}AI{#W4=LXNYMZNI`osVIvqS;+j)tf1D5l&~4`{rgMD-l=bo_r$?yZ2eLBh;u zs};i^@Wa?P_J!5VLhP5q+2)-$z)!>z=I`DG{ATfQ)(%bNt(@s1k#_1Hma zX@xH-?fCsn2wy^C|Ay1J4mrrZ!QZe8J3h!E=2;!?IB{Pu@>chg)~`a|)1d%eo(i3# zNccUWD;6n26WQi{S!j}Vm&^Q|***~CY{Nr;N6$5&df%rtFamR5`RAV|9&nA|cR0D` zu&6dXzR!3t>?!onY-lQw=7I+xm3WM?809a$6vI1x^FR=b+fmVVh-Zr& zhL28iV7z}hA0V*ZbmgD_`xL{A+UCuhiMAToLM5h{7xD_oxM)sim7@p}=Hwk7;yH{ahR z_fG%>SJ_g`4Vw|To^RcQ$Szk2y8A-IA(MV3q&HCk@BDCPQREXz1+X|?9?ey6iD>x& zWFnHzZXurxYxo}U^^R|0_Kg_mcvXQ_H2|0%0Y9Lf@X80&tZHK3V+cOV*=v9;H7los zLgcQ)(?-j{zZvt1Wm(zQnn7xl7A#60{)ihF^;Qa_IJC^dt`#_`;(eaq^C$I6J%#+k z%NL`D!t}kieI*ge9N;cJrRBan4@%EFC?&I>!d91Z)~A>#;c*y1JQh;|w19GZ{yYmC zGD{ePaDzeqrM~X07Mdny9OvE$f;ysR@!R6%%8j>>V7~-l!CXr@L92IneVk`DM8SA& z!5X4zMg!(4L-m-CXqSy70VnCvNN_EM4ml;|`!4u~ENVAfp1-%AjO}N@=&Wnpv==OU z-XeZ>p7#YW%N9uHxU3#z(HFFBc3}Bq6|jR7IcaCL!#e>NM-~nwu_w(?RPIHNido~I zv=VHt?q~R8UybGIC^$5xQCNmMjeNFQmIe<_GbIAs(#HlE?EVG%m)ZKbC--$qD3*1G zqLsj>u1g_l7ycgYDpxKGzsLKFUvVdltOeKg*#_*lLQnqrN|u2!uNRy?P~d{ZSo+zf zysM+gbA8^MxY(8io{a|(M%w8GDN6}w@8Qln@MM06m->xc8TneiqA0I4L@S(_cC+4M zc)>593TF}AvMk4 zEz+1G?9A^{Ms0N0qc@o$%F1i;^CIfn>dS)+0FM?0gr4PYs3O2^FAR=U%^0@%Y8n`T z4NIZC#xVf#*U=L`0oJHahYluxzL7b?VBMnm&V$FjJ9z>6os)^G6~XETBa8Mx6<|;b z0Q-pz==5Dk|5dOAo-6-K<+rpFFM_@tCTp0kKvMq1(Fe7!1o4wl5{vs`K^`~kEXhF>@31rv}5 zH1EFY01Iy2t$C|Jo|)if1(RqxU;O&-sQq5ckkU1C?krG!by`Bv)|cJkPHG=y(xMAQ zXbJY1lEl4A(0%BVezVQydqzz7x{t=x$)fIQDo5cl^g~~kV$5Eh9qaC6lC%^?et_z2HnoY}^=jFTH}`Xbu{*Kd6*)3G^tA`TOu+Oc%@UmE(+_cq;Z8kcaOxwcNM-jq-c3_1TxWFXdbm z5(98xfvQ186(kkr(9~T4W>&imMGE2>+uOYJ3JM3{SW-E!;w=o5kV?fR0-~>Vtxo42 zTz)>$7}~qQROFQ4@zLj51<-iWF>erm`yL&r*TUt2-3S~@McSekKFA*4`?Cb8?Wu3% zJERnN!wP`Ub$q$k#+Sn~-BXAmv{HDfgxO2{oL{EQ5+AA`!vzKIs%CfnV?2-X#)aNX zq!1>LXiwN!zcaS-H`M!mQ7z3yXZ~}QRqVg6Y-;u*;sh6icQDA2QAQ;|<8+|VR(VkP zYPfe6@`PvcyeKN!exmn1f*%=_T8S=6*{9IN6QJv)4?4L9lro<%(|96o=!8NdJ{q^5 z5fbm;y*2*P_lRc$5A<1J-tqaTf$WHWg@e|=s!KDUe$9aJpmENyvArIT%9g!PgCxLQ z4*l_)u;Z?bCL9FXp*_zf(EHs4N_>Jw0o|{CMruBkKrYXOR~SD1u{J}so?r5D3mHpz zcym^y7I8k#wG6PchL^49k}ib~q8ax4+q2`rA4QWBtd^NraIeesQ33%{7_l*?SLBqOD6XafrxS^Lhy5BA_2{2-#Vj$*86v# zjddpZ@!%I+s2XglP#C%Xje8-bHS8Xo8@Y^?^(i*;Ve-i5?Ll)Fl(lT9xMqP4h_%YeH6$P= zDeGZ++X1pWl}!bD5gdR@!fvVs)?ttBgYG3TXl^zRySUYKtK<%gi%d~kqC#sQk5QA|H;@p7`NE4$ zyqy{#wBUE3W@ph*lXupAp9?O$@Mv;iEFVLXK)>i-+6d+(pv7D`$vv03y8fxH|JRLS z0#Ae8j^uNI%~#&!oy;Df(>cQ4G7%N?c-g>=!$)3NQ;L6<{y1s{jM&=Jq~!y=6Ba7Y z)cJl1HtHry=42p|*v*1Qnh^Q6Yh~+GW*B9E+&4vOKZL_J`tZXJmyYkn6T83YIL%r7 zQ>BM}oJX_C)uTvQ19Y%5=oj)%N~@s+t>&3F$>W!d&=wwl_z4oJP*kJ11rF2a->YJK zw&iK#c|wMBsb*bhYKc@!d0`;c!dg^%Sw;6t$FwH^ z5rD<&sl!l)*Wva3YSsDzkMg|lGtc(`F18`Nq=ybD0-@<^fIX-V{PU<}?*z;)`vo+M zdfzEvUQeK3p+hR+R@L8Ddh&J_>v<3;WS5G%6Jb~rdEs4LLQ|1`LPz~Aqz=5ot^_u$ zn}Q&8;qKolrWu*I*PTxQ8Yb9S$}iET$5)C#7yEMpo=dO}nJ&c-$XAJ_gl4E8K9hy! zUo1{n)#4^ZtZI?I7t5McjjBHvm!ZciIyS$aZ4C|$WOUqLJ^jPvx|%XMb5B30RRG-Fw-1fVj6T^Xey04dB1AQn(l*WCH*r?SlkySQR0z;<5`=Hh=<1az?DVVAch=h{KS1<> z_j0jReVO!%bG!t>%J*Vrf&T_37!GS73011-{_<`C|4N4FtO}n+f9+f8NMgPlp1w2V z>|$pDs2#qzc*Uii8jg1!h}miYnS|zza8q?)noEb3yy~o2*%-s9w2GP|0x_pUoH)9^ zU}hp1YFYHpPrSx&tLI1khB!v)*ytno#Qxy3^_ozXWw1Kkoedi!ZQ_dQG?ZI(cG=4Vx94Ujc>%$_zy`Yij_ z00TKeL0M+0$mC9mmw+kkG9MjzS|8ahC?^gx{gK2&+P!Q9woP;N7PRG z>IE_b3A%N&2|J)E(L(5Q`uR7lC*5BJ&`qTckV?hH}^|zKqaiw`2^L?R%KCgv14!ZR!0IpQTr6__a2TGU96puZ= z)0p`KvCQ0}HHv`mA+ari`*k&INvY}&6ZpZfBzvrj`{Lj}=Jy^x9&-=S zPj+?b5sSR25vEHd&W&2;&3z7SM|N@deSo^sy_9`h5Ll!q3(A2b^t4kl)r@WD)7^Nr zX!>Ft%qHei&&XpsrV;r7FSw7+Un@K^^I`(r@jz#9FZ(5;oNccOnW%!se7_^hn^>rb z=9X#L3ozHM4kt{Qmylv)c9~^i!mq%uuv&tGrBj+wv*0!?Y<(9o))8b9grlYtZuV79 znAa{IXcEhHJfSw1-B97PJPYg2;wWSraDj0FSfZtZY6EZHX^mB3mWK>cn*g0SvgWIj zzK1K|kwLqS!J%Q)QmL8hvViX8h-o^FA{=z^9?uDvy3IMBjjWE2I73@-{oc_GFD;bK zD|~y4peotkIqSExo)^U7Q=*v%3X;h1m_?C*(a6@LMR zNyq=5pzlJ+d~}c32Mt`DCcl}eLp21CZk23!L7K(;Z2?uEt|KT$BJ zixJNpRo4%FQ7vi&>D=eNsMA^VWwYIUl7i5=Y)<|xXmw4s9WFv9eqtyF-rpqHKXYi| z+Hd5%G(31K_nP94f{b<{%b>}h&e00LZHERM>VlP|7mm~f7oY0)|E36gy6kCNTQR^t%sT~A4lzd5dg#0Ljw~D zqshIacmk#6PCF@(0pB*yL8ZdQJD)WO>~WV)djEO=6zODSL=d&+Y;~pd`yrIu z(Lzq>7~;2G5pNS52oEoje{bVzeA?9q43v-Zn5sW9Spzzft?soChOBlAuaI(KG*sG4 z7V3)npx_@fF4)P5-Gw-{@cob;`St^K$VOaXRPy0{Dzk#OGHSe=Cy1+lzg=B7AL-*) zpGbg@-ZP0xd`<~*P$I`K zSI1tUL~ZI1dQ2_a-T=1x@Q6cok-Mzy*vT2(^^k`Pg3LnRhTdE9?2HKAs|T%n3U($E z%Yq>WV|rKcB1)heTg?xe6wnF4o0AW=erl^ceSLJPh+!kI>SKJ&5?RnhN=_AW4_oDc zGNVHOfbYq`T_Tr=-NSo!v?hwE+9i%f51SR``XK#&e(PlSV3IFWDfR zmjIho0a(_NTUcg zcxdE*+Oe>*JwtzQODs#&XhT$9iB2+$rV7(e^$ybjJMEz5dplTlVOZWZ$m(&~&nT3}0eYiXDw{F{cz7kGj5r|%Wiw}$@( z9fWRzfRg2)$)*vm=#rj;hhJoIs2^xz^<}>@)BGB%&>_19&Mq%1?EZGRLU4&Fe@UEY zy;A@K2hGMmD<~fjszlYp#6?mZV%MWR<7b-G?-BbcZ?J8E z735CQtP-$Rc3^|lDj$q`te40*oVJcK&{ST0m7S`|Q5M|4?g5k!}F9q%^#3zrk<6CkD7I=_qWbRvvuE+@rUN8VN>iqT&)6|j|E zN)IKZGrvAb13(*;CB;}G4mb)_a`8h0uJN5!4U$P4s1LRQ&zdG>h|wP41r`gOsi1Y> z4blRd*R+v?0vS-Q2c{sL$h8CYG{*Kstl%Kuf3rG^D-4b^+B<$&)AJ1 z#7I@hGbo~{(Y#k89HYM6dvX8b^2$ZTM>H1B%SaoSrXxFFMLIoin=G)=sjxm@o!@w+ z=`!N5tPRK1xqvgY``=%Ej=}j^BA^DoWg+4h6LPfz_$k$ z+KH26{RxHJPs&9;2zL~pE)FcemgnTJBG)Dr+5YvcB@`cV%V z>*}GFi~PxSF&Wn(Q1OJ`J(@}uxbDD7-|06XlxQe|(N`&ZQP*K0R5G4K5)*AbuS!}e zehlSKG9nj^fBfvLrOfFHWshvhZ_~{y$OX^0xfftUm+PsrxG0=4dZ#QhB?kJu@1?O% zO`#cd9Ci;%YV{GzQs|mWiXy3YiI8Bg@O7kG#2{rCFB~LQI%$GzNjmU=5eg{PoUi^k zEuidf{^Y5CIo^xKAX5tniyoNi>{av(btcAQ=b1pQM)I?;^e`~J5MKJ5>qrbU9C#UwfdTvLl~J;^hy{ zskl+m7v6ya;_K`A7i5iJ)F4p=?#jLV2=|hAha&JZ;+FdhGugEB;d27vEFVCz!YDz# z7ETVIzRIE@+MV0C&j*}X%%Zx! z=AdoMYTr5}(q#j!kW>5?9t6RAfOn$hOlnbOpzD_LItE}h6pESOBt$GxX}uBJ`q?IL zUl5Hh=sHi1E)r+jYrfHE380l+Sfef6ic`F$uB~>b=0;iW)yQv!V+{i28~A%AsHB>I zpKS^23{fq50TwUFLjh?huQmF5;8!+_c%6~5xvTS*Oc3UB z^;>0EAp8m2I{MX>9PmIzfs1PJcmBw&fBowuS`J zPWPN2Y?heJJvRN4+Pw#j@eSYvN-CK{AFpV_?pi4t&0p^&jB$5?W*YK=ja4^7L)N zH2?W<1`>#~y%q6`)nG|Bb)T17ZhsL2V}erL0j{oc9EK_{n8~#KErd*UHQ-?vmYpix zT7Ca!;N-nU%9qhz|IlVZgat3<=gh6=)V!7bcc0*;o){21xSrUBvV{@Hv zpR)wc+TAd`Un~(9GQUA(*ZB(G$6%)~X5GuXFscFpDmeE-?Pcl^Ya8f8hp?eAe(M{2 z`1)@j#gAlYbd!M178ntNWsw%@5a?B~)SEAP#5>r~!28km0yvesZdRllLtrc1P{d2=J(;_=12d4J%@? zyqAGI7v6F!_qeq!c_9MNfEWDog2pvxJf5l9ZlX&s{Ij+S1>nzUSTf8f8KROpeI&Bo zy@g#3|K*Z0mn;Xcm_7++g1MlKOkO+z;xj*oudas&QU=)L@LOQ>4Eg1u(#1=4_I*a7 zxE&yMELZELyWyP^sb1WmXh;ISwpaAGO--tVT7oZZjx!QYUwZjdkk|Rsz2|@f8&%_1 z{@k?_Xc4o|{6qM^J-pW|OL|9Om86)bei3X#ob~`Bd>d<;kpxy<3pCNd8M5Nds5mv^ zH*oe}!}tq9hHu{`%vI?RBE|qF4S>mz!U5|99xN>=7jE(FXsR(G*8%+M-~_$~mTus% zME;ugv5mEOuQQ~*Kw@M3)gUKuqx(*82|O}hmp6$O>j%1SHon_s#D)i50ZaG1q2iis z$%A2^&vI?B8P$eap47XDL%r!96ot_OST&8c-}X9Yy*|(Uq@g+7Ytk{WJ2o1n%*nPcwO&6^5{2g!G;s7lX>;d%- zhIlZBpXL|H=RZI_aH@RhMcXuYaV_#jJi} z6*JzKUgo0;L0&vF{qgO*)D!gA-mIxI$>(Vg!-7%ItYcn-a>BZP1|8<--+`|2KnLU! zzh?%EOkao_pkfV8#zANfG^=Ye=~U7-%HNYLyBerv>GJ{}+P>3q76T`+4^nk+e?hUl zAN>Q%`Ypv%-7spN~q{UjG{$3{eBopxVxMF1OD)nt9nZMzp5Z#A&C z{0uCHsvOx)rTTuEI!08doT(F(Z-&`?Vo#iX+UpN(bfD|Xc`buJzVoEA1p9%qo(OQW zJM}S4aMk4I-E$cnH&cRxC6&KAO_HGYEOKrk`U$LmtuLtYhgEhdD9sEuf_+~GnX`qY?4^ACI zLDMTRA}0ce0zXM%97DxzB%ax)FrZ2reUl33M-V2aj=328<9pOh3E=LmAt0kWmprZ% zrv*&_U&gDna^hWd#m{sKxD02PMePPc)*uqv@5(%4(~y1+l-t0>HBF)GqNuY>K4C`& zO5Fp!g1U008TX`8lRNdw4O(gC)joRTU6l2s0|4O+&)#NqD0gFJZNN7axWMp3*v$dbmG1{1H$|7o^+lCY>5Fs8Y919sfhk-*jB^mP;_48W- z@hC@Tp5v2G~E7R*BYl`txlKTg|x;fN% zPOofLrx)EutlNb0s*UJNDcCau7>E6J0~P8P%r=i8s4mUeL(1gy>V4vO&OWtT!|N7* zlr{~V-|PWBR*Ui#cX|zrHdFpKPq2~jes&{mO)8*PcmUib0(TJ`y8Pd_;So*(tT7oZ zY_lr3w{rnQnnFyfudqN0s#EVpOe^(o@a;h$({iQ5t(9zh=^zr1!)TT~w$~%WEO*~Z zknWw!dW?f7^(QOi#Lb>ORCA!b3qn_)bjA7XC=22gH$>?N3HBxc1?^l6Q8>V!Gvb*j zi9fUswBSNlEZ$!s7qQN{?{Sc#u?b>^WMWyh?z`!fA?I7R`Y%`-0Q}0*j^a)7muX(3 zxdJ&K;Kua#Mau&ce4Zb1DS_?yxig^Y5$YLj8rgQ`FYBp;zCmV!{_p2-MRkX@?I3#( z+Tq#p+2G~(*yx%t;2SWmJU&l+NtzNgq``PJc^R}ENa+VQiqi!g0WiTs4N%GWWbb#L zg_rhzo$K#29qP&uy~OL5{?mT7+phi(hTX!-ze;>q*nT!fxjiw{JJbn(cB)%eR%$3D zc(*^qYoj${FxHzB1inaRZR^XU2 z&3LzR2wXCMgvf(<*_*hCq91^x96dOsoh zNHwj~8htfL4p)7IC!_^^b~PGZ?{!uHW;B82Zrf1in?wQ4(~NO~^Bxeso`>>alZ!fG z_IQ3rpXPl^cg}Q@sRups31xGtx0oDV6V!n z)56snmL1yNjzu`oaOe5TTW%SkkgW2~280a_d`Y-Yb&(YW=tzV3Y9d`)WhS`00wSYf zu|_UU;^hJ-Jbo7BCh8uj3XMYZ^BV`sa$|R8VHD+Z_JntkjYP( z0cHPgl5K&#HJlfG9Qts3?e!#9_`L+OzZGzxSL=GcT*fj09i0lajW2g&!1$(jEu*1` zDC4lMlg8ot)pInos45>i@94%C>M=xDG8p0do%Uu`sIxX5VeH+#_&*gW2t40Y2S$V; zGAA<_q=MB89Ww7^+TJ$cSqQNGIF6y!IWw$#Re3?07(g=+Q-Y!H1LV_R2%xm~HGL_= z7)HDaaBR8a7xUSiw>Em=II>9Oev+#1Cd&p%x*JVwd9S5nvZftWIvMJCw z1ICxG&ASbnI+hH+vGC&RNkqR|j1HD}9>?$m!6lm7h{E{B&(&u8Heh-m}Ia^5yI7Qq8e<1 zoVG@jJGJwl1U`J}VgUo70dsJs{~>od;OLjsHI{QWHWAQG38>VJbu|_B z4(xGw<2N1KBLO2hRw%;-=!_v_K+)Xija-9$5wL=4_kw-o^@*Eq#jI=R@2z#VJ3694 z0->KNJ9pxrOxZn3{dT2^q%$cd`v3(?v%VORYegVhVhg`&FC8?hxTa*8pMsixOX~P8 zS>Xag-#A9dKKGXx@h^Nhf$LG1WNn;9t6@J%+ zhX^e6&P4LUa+ajsO5<6J(|7O6*hf>`O;JNa`45;Hx{rn z4awVM2|kITnEl!Mz?@fxBFIb|jMkwOw&-nimh;23z!=v}iyAr@?&hDXGhGJ1^zE3+ z0444`HA#>^(gABg%SVsFqujRMBe6^(`T%)J7(b^AaK`LlRvfcbrayP^W4sX!A_J~$ ztbJ>F@IW7ax0LgeS_#lYlz?L{|f) z+j%_zMfVCap$^tsoNDSUMQHwcE~+>Dfq;dVx{nFK)bkM}xu7%1>@5KFO!7|*Y-Uyy zzTkJ!M>l4I*fCE@HC{lbfn@#8LHtx@i|2In4EgDCDqq;;jbI8)WPnlx14q55TkYXv zN?({SS_2A>;~{lRq75;QWy=dLApM|{oi*e%-8GY$ER9P_EjE$jrVA-rt6L1*p{=JEfVJEJzI`!yFdj&ljt3m+J|oD*rIcdJuCh=yjhCyY z8-!!-irf6?fJTC$j6%Nb$EtSln4YhFA8iwDFL6b`mOmLTZ!*lu0{t{HDl|8r%{}gz zR@B3wjv(IgUwk4H_&`ZdCwacZ@iojLJh6O(u|JT%QqVhY7&he+k3k%*O*RbNaD@~# zHIafAR*rHJXj89dL{AWarC1h#sKe2M@YD=&-6e5PLvj3sfX2H^UqOFQQBRiCp1I$C z1&Jx3KFr%J{?j8;O*&{^UGRux$@TmU0J?W~jucs@Kv57Pztn;}87>ERFqpN&g|cH6 z83Xzl8vNIl-!0w0)f_)|V<}I!RX|XAAffr{!RuqSilXsn=?Tc_7iM3Em2t zNZe=T-B^++ImeI7w-~N25fGH|Q{MyS|FT!3wJezD;+Y3XT0OorZ`Fgdu5opLcm+Lg zA1{4?|H(*24-sA_=q2M`hmurdJ|SmbS!hGn39U78S)Ux6QD$q72Ec7RVF;eypU<38 zV)xzP3OHtg^dNmp{<&9oNkKW#qAqu3h;`_;o?w5i^4Xa{SwmU|5hINkK{(jml$YYi z;OW`AdUPTl;1WL5hX9BYD!o^cSpqXlZu&H!KE;++inVdhnxLSXlW4FQU(qm@X<-Lh zWm*I*a;a0^J51=5DU&AU#J9&+0zf`|%-sj1E@y9GBc{AvQvgqv2xy6*r3W^8O&s{p zl;xvb3%mCc|Ef}YfIej3DAHXQ{i#$7$Xc+$2B!cEdaYwpa;7`2e_C-lxe(tw{0k6l zQj7}Ukq!-K;!22y1~ZD^IX$qT3SjNfU1;wf;E_V<{*V-}$3t)Om$AUv{k8b`wMsXt zj%~=eg8k~P@-dJC88I0`)ti9>lC#_%yn~rEyk$+DADC1@jr)3Zk8zbL88M#A*2fxh z*h9N7ml34P8?T@MtpYl-j>kVs;SJtwy0fDky7*i=zSH0u@nGr)1{KaXeIMQZbyV+= zqXwW)piC@i$ba4AWeihtuQk&8D(T-j%TrMzZc0)RcX+vF+L8|Nt%Jfx@MBTTH8vEK zOBnpTD8SGy$6dBIC%LBHuQ<2edy#-2GYy8t&GabmX|Wv}Jq4}@yt0^)GO=dny3?8B zo(drRLAyZ17DDHfQRszZE&gluKl8RPG$q2pGXK_s@60_G)bH8>ptazQ1PAy!yn@k+ zk#Wpx$}ba7oGYue`iYjPg&24<4E#G5;{iVFk1{K2_B6kBs^HURrhr&ZSgBc zw7?-A^Ps2`ihT$yjdNIEryn%)Sdpejf+$UPO z=`e53fM4%uN*=?b>1cHXB}>cvI6}Y8HE93dH;d#9{`U=h#bJ!Tyy%fq?)6n!$v6@b z9DrvWG|*)?4fB|5vTWS+WSz=!!VOS1Kprs_J|>Vj)ak}CCCUoRC-?^B;(VVOjw&$< zN3$C6`7G8HD&-(emZ?_aVX*OAcf3d=(*?;FVLRD7fbmZn3Y|}r2IUa=lMDvxvmGhe zrbWU$z28&uj(&*z)f_(0q(eEp&{_#cYLhsu-oMnZxcqgp~tp{KX zEb`<+DgIQ%;6~IF1}G#>FI4?9(A;K0m4E$3&*EW;>7Zxs6Ut&)mPK#T%yHwvVEziF zkfOvOh3EB4D?riiMM_2@z(UA7=7xSqcANbl24u+}DY0n+yAuA=0d-4|z?Vjrz57Aq zs{c`6N(ku6`Ji9k3UgZ0L~!JVD+Vnavg=atYOp`b#XJp^82v!Z?eN!VvT?Dnt=T7A z8p#F+%gOZ-Chlumize)z?9ILwBmT6oE5G6_RS~lOY zgD<|_IR)MR<=bb9_6q|1E8E%YTxmc{6JFV3NitP@;VD60L0bhhi6Wl2_5Fu3X>BhO z5dd(!o4!zXMExfT5*qU^mL5bcJ3<{I#-0~+HCX^qCPbh6$?{Zb5Totq@;xoon0iKu zSMjv|x>GKn{V=5vhcu=RIBJF_!*PDSei4Bt^`+wZ;TDvLD1)G2fx>_wZ~jBS5lXZk zkUIN}G5wGUz4RA60viPqrfUIK8)|r~2XapzOYHJqTrr^WOwRIaK(BHHjQtOLjS~O!vSMKXN&N&O9V{vUhPk(FA#6ME zP4d1%-^`yn{}jy^JfwgQZ#mp+l1w&WKcKbcYQ%!CNBk^U$m9c1~? z0bAmEzo|;q zG%I*0sy~H2J9%tygJ6u+;r!1>Z>|lSQZeO3vvC#axecVakU*>enF~+LHFH8=m$If9 zD)>~KBrd}afP#Px_G5wWhBKgo4b;!qlZ{$SJ7256*PzY|boUqmaVlA;I|L4d$38Snt1HgB=U2rTah^{j@x1|ujmlrm<1f(52I{0VqHkD&MWIfHVIpB7y1f7!lpX&zJ= zk9$#{x~N()5Se}HX@tFQc#SG0u0;yS@5n0KRwpEE@0F{JPn0o%{QoPt&QLc_zQ6wr zc41dy*v1yl+#pJTluURqd4xlQcCm$iVEOORZgnCLq*Yy*j64sixstel+lU{MLDp_Z z#*ZM6Cc04J)!(9-AO_JojpUs=^pwDFG4{g20F!V4iTgRw+MJU6@T3Pm9y!^AU=Kb* z#wl{3xI4;ykU*~)J_vgP@DWW+cK~Yw2T<4zaCDP z)o_#jouu(ge=&p#vixOQgcJhE8)E=3R1m%HCv+F%Yg1!ysJP!rZQ{c@j1 z6Hs$cg(Me+QuxIoY_lco3%)`sCsUWkAD)4OAWff~`fLn(*n{9}eOGBH@Wh1!7a-RB zR%S~Zc~C6HYf#gUr;>V!$&+jpmGQ}!tOhS33mHKEQS#4p1aLG~nPnq2E{i*MfC`Xg zd`u9ChvR8Ec-Z@hiT8Q@`GKNFY<~#i>pzp&{e5tN{USj$5NheJ3EtW!O3QC2 z{(?r5-f0{gG}3*99d92sLfep=qBf{M!$W)v(0=5H9s{2L_0A8*XVW86(rnbPxZbR9 zD)Fq?t{Ug@R+iSk40v?^NIJ7F$Ji(e|0RUrGKeXNh!}E*7=xH4etmD%YxUP(byX@O zuk)U>_p{%u0ylm)6qwSE>*a{&I6rKLy@jKyiHLAnhg7uVcW~8S4d-RVEEe$Q^U?QN zpC_fiIF=yWOtwzd2k^&zcYw{8%;hD@LS$r~q`owNIzL^__@>Kl?v#g4?>!2pdG@(4 ztdc-*#oKzezn0A&DM(LAvOEx%N3E&b$Jj7E%xT}#6Qp{%^z#q6) z*|d1%_}J`gw)_|>ek;trZhv~zhNAMshz$UE?aCLCNq+(W*|zfz9k13?~14NbGNV7_$A3BZ#fqcRl?q`wGi{%<1&0DUKFjf;ZERXiF9ajAdWOHB? z{&BeN9Un|O$N>Mp2itY#z45ihxM&Lw1e_BWpw%mUuA+FOQJ?olyq7xWOK}XW$`6rh zj*{&TM{d*h-EhTX5$n*6z7fKM?)+p3&J}NJbLRhK2SM`$fp^)4x1IJTcBsRtpLq@b zDEWo}l|#HtI!*o^q`0$d9#ve85^u_nr_*P%D)p(7YsV|WALFb~2p&qFaxF?og2`D( z>GNIzpJ0j~1DBvyXwmDe_m*N|+pT}nhHx4mZxiLSlf3`L;`KH3`s=0HKQLZ``FyN$ zOmo*qQk1g~c8~1rJJTWOQd1nFA{bnQ`h2!QNu4lSlS*?KS<(pKmETw|P99 z{?mDhD1kNkR}JVV2)B;|5msRjAFUKWC$visSL{hY1jXLDcQ*;Pd)3+WIQ>w*>_<5B zLlOuPR(L(gf&AtEbi8@RVz*g$*}KPcskOnR0?&E2-%6&D;s(BjD$6rkB1rQrAWpqaw?Eg)gd(H^n{xrX7t zv?EBQ4GtB!7*G2J2C+=Yl=E@^2xAmF!ib=s<5dzfS(l!j0rp?je#j80;*}7Z(WkWi zyr4QKoSNV3T$CG}&*{;^)WD1__TF&P^jnkLozdtpnCQRe@>7yY3MHY;eQ#no(?)gq z8F+MD?_QrSj>K^&)sc!3X0F{9+<$q6#sCWBPfPsf@j)G>yEW^p-H^!zl#Rza6#Hj6 zUp(nWj^EIss-g-x1Rw41x1gTl)@5IhzsmnxbC>C9(g1}n4scnx!L*r1azlSx6AMaT z&~>Q0`#bx#VHzJx)LC-=z9VbMzFm_C(ixnUwwy!M9C6)=^?Lw;6K>;Pt$^CM)U$+$ z8xQyUyD$Y#Kl$*;z^yxd{ljR`#E-|=N+57Xy_HS0E#mW)?81t=l$s$z`KdP?>Vl|0 z(oZqDWBq(F(Jz$K_B|ar*)mO!~e$2`-ZssW?&@;WIBVdCc7gSpqFF^%}9cKLi33xI>{ytR6# zp8^xCUKnt5yWpXgdwBk(yBB18{prowzN?(Z5tzB%!#lhWNEoHz_9mGcOOMcwmyJ!c z)#u_nB476laxXSxK0msHvXvV1^|)>>?cS8Sios zyWiWlg%3wY%oq2;k|)rg*Qp}Y8w-lB-=7z}`!e4jtDmP#zwC&*0yj!>F-S!O%kOVW zlGCXgNaV}oU#$5m^~U-hob&6@8>2&}`!S%~dfge~P&D(_G5Ho~4Z@-oW^xiZ22)Nu z)0l3V9(%5~#JDY{a@~s;L^p0o*X*X?`5^h4@}OV~1*3aHIlerkdxBKJ>y>MTv-(MA zs#}Wpo4C`*eX%$5jG&g!W1*l8-M?|z#U&yiJhc>B;_ruVn+T2-kEdSWpxes9M-M8w z(j1XhueM4L4Hn#tvG?*3MYTJuouUpMeX7+k z13gAdt7`=JBIVjhmg8owp6Wh&_ovR&+wq-?g$e56|I0VfW{Kb%8C7bci(`Vu? zRPgLBb=wePtiS4YKOfgx+>=MHw&tkK?Z(DexZPbSkwansSFX%46e*c9h z9HcTQA>8CzdXLuUrOKg@v`1r!TJBf@C#vjgy-1a7(79; zcy>9@he-`>jzhNng#BKS)u&7-XBxlkDFqTBeKbL8vD&3i!CFn&3Gi23H zZz}h!x-Td=2?E#bV|HM{8>_(qFxrN0gSYZL)naf@66Uz3h>!F~vj!-*sjDN>TchiI zEv0xr{=c);pK8(@D9GyztGi+MBpV%FCIP;HxtLKpnf|=#Y+(BE+cT1oJ-|4;h16cJ zq0PZ1U+c5Y2rFngC#~k>St9u^w2Wi-ECURjiZ2Vj`L8d>CaQ3Fp|wTN!U^hmh!f}F zI6fClCeO9t=6omdU9pJ2SM&2;#|QsG%^>%Um{yP150(}4HjuASibU+*+>%9xq$W zOxOY$2-ND}%}S)kaw&L{?Rwc?3%~C&jc>SzyvQ*>eX_=Ms^GYJ)d;?Idk&AoVR<%# zwlUrNtp*}#+B$V2^-^|6&}kUyIOYnl_u~Z439_8E=3omw6JR4CBbx#ado7GE-9E+|Ml?=kzv7-dLASc zX)^9$drO$c{UWlrHUx0)99))oaVH)Dz0|hp%o)rs+)fFP{k0>-hQt1h_$9`PFy$Lz z>)!nmGSPf6>WFm~vo%i?<4rgJphkR5ZRP@xWr4)miU*=42_ZWt|I|h^b` z{e+XKBYh}pWyIGTDAgvlv>!tcP5!50MJxk(4_#&WhC3W@ z;ZCCv=pz(%{GwZynQ&@oh}Ty6*)8+PN%JAD66cnMx)=T&vK}uhTKQS6Al=q?KW%du zs>;No8hg&?UEU4?5|XVSU4JSuEb`p^-org0U4BQG+knk(B3saal{dVYQ&BG|xR28S zuL-rh$WI*+hO?fbi9GUmPZm%Yb=DtzD_*i_F8bqi(7>ZN@*t7UK13vs@CCfs8KP4J z@FB!OQQXJuNidPG-6KVVpKS<(uhsG-Ghp%rPw)=u+lXB&bFV6ZSx+}X!Fxa$0WVW= zO_GTjL7znE{nF0aA^p#DgJ9}wBX18ketH}}z5Bz!=K*Yuxb0(pK~2jt>`^g3zvsr4&0Nr)u-4e` z`gl&dEb6X_#onOnEBK*A@z>pht4Vgh@JO^rk?}v0FdYdiGAGP>^1Yqi9w@d#%ER}8Sd-$5$kh=&EiT${Na6KByA-g-V@%r2z^`kqVKY%;_07dmam#;o) zDYqE)TUvp6>rFZ-;Y{Ki9_EPT6QAr?m zz+j!Hk1O$tIm|c2X()3Kzp6YEN~iqeo`GrT15+P`W3?3)iYl6OWs) zaAeTCuJ673{k+PZuhvu2EG)+aa#k-Mfa1>H>Gk<#&tWKSK)B-Q*l+r}llf+<#``Eq zC^S5+qF}(p58l{e?$xxGUia(7+K<9_ig#DuuF}Yn0znXyG z1IVLhHBW_D{19GlPiR1<_ItlGm){o9NbnI%Y4Q*`rP?Lwx&5e?j@fC8D8R#s;T}JJWp}m=z)n{iL^0}P@7J%~#YpIPeu>m`;QPKw`pZv{ zUR}LxWAu1Et`+F!`Y{QV2vM=M1m>k!`O@>4AUgnH=;XJS^Qy-uk|YTqF@Ac4mRV@6 zq>vQ}jAV;)fLM}wwy~y4VPxGYLns5CCfJP^Hux;=4xTE82lRN%hSl{G;S1r;r9*NJ z$!4X(I;=_-`XdV#<8;!^!=3+2b-Yl%HzoRW7V=}bb*1NK6$5bNFE;I)iYGDP2+SDyJNt5oCx+2QKmFsZ^rQW<=5fsykT-rwC96=J|3}Sd`RRDu2e(j(X)0IRuP#A zW6cjNUwyVe7(MSzn<_ZtN!*sxy7+a@I6K%v5TbYaw@AQTbd2wsJx7E4v-o3rRcov2 zL65nFX!WtIDXsnPDpPi2PVEsA$f|-K=a4G$fS5%%c@TV!N>>qZbKTl4`}J0^PRQ@>!`n>y@8qP?wRr7D3%&pS zeUUDc__+z*-FUBW+sr6GeqwvL_T^-f@iN0kScX^au-PnJ&T(_3;J8#@$#$Z223l2p1U zJ`Q0#-09Yp?LCslI=OA4tF7bS5kBt46#zBV0kHn{`#KQCkPXe05z`MxgjIG3&YD^G zw4s2{3D??}*X|OjcqxJe=3;fq0jWn6M)S1rbR6f-7xQCk&_cyajW|1rHQv(FLQU4z zYI$2fztN~=0Y&07)ID?d%)q7DH`uevc#$P?K{1f&v#Vg+j6X{x(WygixB1XP^Y>W4 zb&zR4Q|9W$w)Yj~FU-LVvf)Cr_Hl3h#6RbIooz6Ak^j)U>f4JML%MkS3J*VijvzQ& zC89Jg`U>l$&5K{x1=K`?~Fo zQ$StC5B-a5tna5`nxsN2?dwfBfCuo|bvej_52mG54u|;fLOo?sIRo3Ym-tWW6Ps_y ztUW9Jf=0l@C zBf`ZX2*Av5p+4T*^bQFE@|2dW-q*dSapC9S2C0qewV9ePmvhv{+tG5z&Tvk{dd0CT zk1SxiFRNBV@k?kkesg`^e}~+f%lHh0e=MOZIzF@R@pahy2c=F+e76=lJHkDtsYfGS z^GWc5`VPvZ2n?Ef>M<5Qy}tf&I?tnLi$S)ZfYY03F2U3qBC<^aHX&=B!0%j=7af(RVYy&;Lw)S0*)PnNjv%BoXM%g(jQ4-3?b zz)`(#pPPu_7~VH~F7?=V{q(lO)5#4m?8K#N#b-3csmVYgi>UOyE`JvT5}m2s2f(o0 zkMbqX-%tw#2c3TnuG~AdJPqA?pn6PCOk@o8n}dg$Gr|)gM9Nw_Ev(<_2G}9 zz)VH}#&Jr1Guayv?z;Y-284vd^INg|wmVqltkREH5AwI7Z)t7+3i!)y5`3E}7zCgt?S{Lrajy7@Kk_6w9 zF-f?_NAc1Z8#Z)m>$WQ!!70J_m76KcwmgAn1FkiO`y*kd+}@i*B@*?>6dAe!N*|eA zf(bnNGa{v>_@~Qw|G;OcvZQSH#SD(qjiqPPcah%UI|t|Wu6H16VG$!dv-2T9^BZ?_ zaC!qA!GV0p{qqgFW)tbC#|2guH@8&pClKpH0(@vSR_Nh&sLo)tP8XqmOw3hL!7s>u zOPz1WTpr>~=WfX+vHL1F`3wHeATXLUc` zIcdA^f?1)3YI8oqrG?j+!U8UCJB5zG@^iqKPRszs^li`yMDNn$-vX1G*XjUFU4g z4-a;}e4G4ZW|zhW&`%5JQ~h)zQ&he*TM5PMi+EL= zbFR~i?LGB-iD0YRUvz4)mbfC4o1>k*F8IOs)*cHXbTR0~zf-&HP*kykOGO^tT1hY{ zYhfk>cnb^dNY`hGO9}k){Q>O_oz-6Zh4T*%{ zjYiquq^sN`u4Lb$GuEI&PMasY-OIT2(G&8=65!>=svJ0Wai`Cm^!#$WAW@K?$Bn;J zpJ(!*KGiS4XL$610aM-Cv|{Qq7-{%b*kMifW+^6D2lFE?Zirq!um9!RiI1!^4xhy_ z3-@h%Z$}vu;WL7zhf9_W+m0+t+bS>>VKudTh6x#I-<5wOpkl!f$JBE4^F1Dp+TVwK zdPWRntBC7lL1a|=V$$JYJwB}fZC{jp+s{VsXL2pv2TzhlnMDF(ATuLuJC!X?;Hd(4 z>krty{~#dy^zOx_uERn6hQLXb^yhd4pvGLHBDbs8QBoNGUH%T0)beK|SHECH>%TYm zv5xmwpFh8c^h;lB1^)fsBnc#&U&72k`~oLkid$oT_%$d<#I3?EP&gRW***J=dKAHl zeH*KO?7CnZB9BjB!Tol?#eV(LG)`@K+uxbQ+E4DQ`Pw$TOVb9sPOS~jLsD+sK-ZA> zwk8~PWh1h=J-5?BgXOa!DC}AAVyKbzzRA2c2B-VL^;g(|e81qh8)9pJ@NV^?=>p9FNgT{^e6!xyi#UCskwg0gHZK?xCk*7FyYW($db57Q*a^V>D7N0yIwWI zVTSt0E;I2w)>)2yfz1D13hWlTiEzUDfcy3wZLdd9Vilm>I%A=gb5f)-T63eU?XWxN z)*JOVDrFJA^Fo?6{{bl+w?n4vrv5G;;URkZzF>20*|QW$5iL%on?cqrXcCQctU)Er zc!RT%_%MJ5H*}{bJ>d!>8DAW)E}-cb*={l*hexpm<(=SL2ChneJQ^4`Wxq-(A)Xne?-cz1X$@g z1$F?})W2je>hDhfdO_smflGhHHw^!`FYzQlQdfy*OnlACUMTLk2K@Lh_W0TyA;3Q@ zov}Z4f;pm-|6=X~ylb~&5${y zkoV77cHP%+F&Aj)TE23fqy91&<@~+Ig8!82Wbe3VcG*Px8#xBz6OFL7X~GFnEbUC2 zr60h{oHFb-;uMxqAxRLG?=D3-r&QoF?GHlQpI1ZIv*-F&kSSo&&f^>V4mOSfI%gGP zH%@1-bxX8(XmhKv9VK%%_{hqk+*)T!1>*D+FaUNJp@AUS6^y$ZXf|1Ac$7FT3QoMe zJ=c<$@%b=dEE&y{86K`JMp&xiA=;_i&#rb$&8o>-i)x-qgZ$k4&>|m1!P+6Wv&A9R znzWIo+^_X|zc@!>-=Oy~zp4^VKkxeyagD>1p^=aGk@a3TopS}@O1xyWe_xDxc>0!3 z3aG$v%YFBw31t;|`^hww)R2zC8)B{L56La)hZMvE1lkwWZhG z&!hMLfI9!hh8>;{<%qEuSXJ|LMIbQ84AzwKho`0znmtIqlw5@rL1V(Q-J8*9T$1~X z%S$h(`{$(0BXL)yg#M=4-~~D185&X*5Ea&nIHUwl%ol9IjwCx!6Uc7SrFua((TWI< z-(QUS5f*1TTxG&z&X4`fxwgwshODn%u9oUO4j8a}5bd_|&;6sKdc?pVFy$b|NGfbu zUO4&mpxBO1{9r~~ACF0<`WYj97~wvRZ4fQ18V_fn?yP;)_KSg&vfrCT=RLb`aMV_O zg{S7GiFV?`)}dLSs5(1qG^VHmSBn>~*ZUoOa%FAz8s_kr&mG>OAJNu`^qu!zBhT!| zu*!r#e}RhSq^~TP-bjf{u99^341&DhLQFoNXWKF5=~hR|iyYnu8}VDHEaeb=k%oE$ zsG2@`1V(69v5fJ10qbhnX9BblFG@^u&H0)!CPSUj!vFQMO$#=H=viS7+VfDjmSAs% z8-7C2<3$C}$Sw^$F&Q(kG{bF^KIvlheR$$$-~?8uG`)|i>>k#ie|bJ%{lgD=A3y6L zpuxc*h~^zj4o|!zDxVblp-@Y{hTXeaGk_v?(4H`FAeEDeVI~E2fW-Yf_{&0ti8)b) z7S9d#L1%1KLYL!N`%1Mc%a z{3!x@)%EQDsB`RwVYWxcW;lD#NN6^B3nZahiqrA_#RG)RkRX)+vi%`&0)S}1x4yt$ zd_>LYJI?cE*bhetJ7`Txz7}t~Rcu zO0S|)#3Wf8c?ThFHO%-UHW-urv7AO*wxK@c!dKnqshu>w&HEQgJ>Ab2Rpggtn0>zi z{%EAPR={6{H(r6j0KUVQr;=^g(LK1lyF!s>#b|DC2mCmpsdaUGxogTh)ib$czOCxcUG~$Q<)H%pU}fzBJgizD_IXhOoB_FuDa>8DD9} z*6_#&?>qybrNS;(ILre_*`#EKivZPp`F(IfLD(!uyv7Fn0cXpdiOi%ad4-?3qKdVS zJh^t0gXi-`c3tfRYH4Gv@7{WpNOhFV&AvT`AKfAwj+654PI#r!U{GwR?}zpN`spu> zi|4zEKVkI?(*_2YcV|okCr_u1Vel$0vZiJ}w=X+i<`?Oa@~tKYZ=UR6VC9TF)870%prZhhCm8tc0YBWWG{!7YDw2l(XyH0bLrjV*A98;4Ce%2;m_M`E7G5w zN6Ms^*9q<6zi8-12*~dk9;acW6#tJFJTxE$Pq2YC0pOgyma|vr4L@?M7ko!S;L~K! zF})~}?GQK{%-^YKMK8(GQ1@6`S#BVJ0YPhV0%t4-R%mIzX5I`8z=qJsr#c^A3rNaD@c|0bDT^>C*muDu58|upK<6m9PRO4e90gFcXZV~(xSSkY zTIphh&w(?}tB7|@P)3fJjzC&7_uB3*FSTVqT(Gu)o4H6)W=~6H!Ww_-RtEtIXZEp;wR#TMahAQrev!2T+YbFj zs*^zr&6huE*Ts9=s}-*xGtBT^pxa#E!*A{7lKMQ~mq)Zk-nN&;#Hsk5u6fIG?X;Ke zwfjU)3G)eMHBhNLk&^*gr3tWuaI;zTEC>6Mgg=g~PC;1x-PbJJ7J&#&_C>Q2;YcJu4;+KP1Xm$_Fa#h3Z;7&w(pxzU?nu! z@*p6+Qq;Zs%f6QK$D(hV)9N_bnM_ztpSNQ?XX((9U=V!B=m2=`d>KB>k$)@+I=*-t z$kJf2eff#!O24h!UUguH;ds2fnoNAX2U>t{#SiMDo!`9wYpL42Kakb1eJAo)HTlm>zLruD@}=hP-^H zYxbHGv*^#|;M)=26Xp~n5CxA8}6|`*GYT#gRC~9h(M7l zd%>(KEn;}kIsi8JrIdz43+Ua2I!4`+?=LvGJ6N4?%0Hyr`M6(=Pkb{l;(OJdeot){ zkcJDrx)E4U=uPMFHT%quy@ol=&;C1=`QmUQ-Sn}P?Jp;>BAs4zH?AEyFqvzekVGvT zB?N(P49lr`ovi1E)|=WR!J_nE)O5z+enKZJ-P`xq=e}nzqj51! z-ickM`z2Vz>zwW5l$HpqZd}1ss*^5A9r9$l7#juCKuG7l&i)`1Mu-fK9RDcOH}99; zk2rdpq@PIDaZ?9eas++5xO55ZN$6yIi%Ds4Uje4n=w3!ug+ntWoF+sLTB>NIW z*?25kgSV;s_D|V3_Jr{O?u<26;ZtllyG~d7XdmDWnu~QrE=#rSvgmR}*EO>=oY|S`lqR z<2j<(zRX7YD(*x8KPaBrzU0`N*c@W0oL*N#T0N1yPPhQcG<&3u`Rc|r>D?aC#kFM| z`EXyczi7tKC1)Hy;{x~VI4k%pTdLD>dI)q|)_aL0G+G{i_m8Is^5%yS%yNUvKRa_` zc@l)G%lhbY2p6WkX!o8XbGy+R<IKpw;>+Y@i+$UT zRPyZLLG<>S23M~~MmQmTq6hM1q|-HOuaGOBCH3NIOQb+1_D>2O{Gu5;62 z-4CYM|{lPimX8?vE}UXt{?DJrDfl{TS1jDypbUE+6_)9Qj)@;g(;w z0->-p-^GRZS$+P-(Q)nWRq@&O&!`7vT}SYY3HN7Ws_8VIu#IB&Yxr=lb8uO?fXIJ3 zm%i!hc`lxl|By)c#4UKLC?$vTtnc>|3y+OV`zvZ*S*VU6?|9|q_`c~eh&lK-lsT`D z4srf(afInPw1MECwDn@Xrb4pMqLn=5Zn=B|rH|pTbvp-8A55Oy=N!8aB~6-T#Gsb* zpHTn^6#+pcGS!z(;MGC@YN|GY7jS~L`0cIkgfKMmd||xwaDRsTn$`&21!BO+yYz|s z`ZTLH6b~9Xs1`*@0>(N130NP)z_BMBHU|Sc$|ksL5fI@_OuD$jX56ewV@rbv|C<=w zBGWvOGZcP10s6`i+aTB3 zw5KTZXpPH2m|w#_fRMT#w^{u)t$bl`5T z`g(=`RmfoAjqyP7;;V#{xnDybs_iYDAk|DT=Fs%FgoKg+S}3&~aIJo0NywPtQ>-#( zaZRtrNw}{7{pYTLA9!1nty-7;?G-!y*OGE1uky=8fZ2Rw+64-Tjg6L1v6Qb<@pPqG zTf7BRo?$ei$*18fj?GDTAXTt%oXWq#It-Ue_4N_&^JV3i<5t~jQ2B$mUyk2H0Fsb$ zLBnUi^^wY30Ty{?S~_6WCsYWtaGnQ^`2sfTndeaaIyU{{Z1aOR8V%CIY>`j=F);I5 zwO+m)-U&m_e~H3I?2{B_1mn{1s_v?~=ePJ>GnSx_Mt1 z#+RIP>m%!cQhCvy$!x0U4jDzwF$`CT)^Tohp5HFssc^<+VfxvBzZ*c*rH<;D=(WOg z5pF>AQdG7CG4i$C6SmDj1sA_YY{AVg`i~>M*A(TKtdYreD4+|w7T?NkymGFMD7!!R z)&WS~HRrOfNYYOVq{YIl1SxzyrtQi5-^csLU(drZ_&M^&B_zy1M$3=klqF<8%EGIuED z-sxR+3kqP-{tRxR+hHW^n9fO$&?no9$?K90nX9^umTk6a+9yC_oO>(_Ds`O;`4%!} zLk)a5s0eptj2{YpL7N&6#gXhF!-4s|5x;xP-yfsUzC21A)jKp(w@#_l?;SPgh|79U zp0zCPzA@DH$9=*5)Q&n#!S{yM3P};82NhnZb?XXDL}aFp)2K--*%DBgT#G^dpM@{IaJ{&D;WA5jKrx2Dpb7Hcwd#$qr0C4&nw zSEk-eN9sw+9QUI0YC$rGji3M*ovSc_u+v!g64?%JKSW347BrkcHJu@}0|o@nqLqT4 zR%pA-^T+4`AQo>F$5X6ygreu+J=s+l7nkzW3zSzRoBKL)u0NaYO4FvduhIJUlvmc{dp!}g^UmYwjwi!0)BL# z{8_{^;!?oO>EckCra*QK)gZxoMQ1diOF!D&3Ca|Tf!a03-KFIjIEqqj{R@eG>LXHg z#-;lHBNL&_bdtpgSAK=*B#+v7y#?{eGJf_)i{iqRAT zeQ??WGw+29RY=D#$Fy8>XO<1gs11S>Q8VOid%|^9=Y*_g?U$g=19|VpG+`mv*`ME?cuPY>5?r+(%2otkO~oJ2LigVMrwH}Z6DeDRLH(JC zXmtFW{kPoTvVFV=baPBcn@*(7^GRIaJCH*@B;>&zB}7EMhWq0J(VgZaHHwRo|CYUf zh~tS4gxDBEi49Cu3D}5&R0_u}gFDvu(s*Ru9t;lF4MeFv8Q9h5Nv>J1^#%|41P+&i zPbDh@HW6-LYy~;mCC`KQLhQjWq7AcHKgors)3E|GAxoiU;$mi1~>3WDT&M-petvVD8xNr%V@iA+xZhQC|qvx6zoU;1OFw1cnXLDpM?w`{3gy81Ow40p^wGI6S(W? ztqKGQO*fnh*Vp^WJ<>GS_L}yZImLv$&@%hq~WtMKOgVVC#?=>2??Xtw~=Y z=i6d0n5FP^mi=PIq~j$0dSEWTOW9lJyBgq3J|Rv0bbmZv+V@&*&(Xu7yCU&Whm_xw zc>vUOcanY_b_PO~jOW(XB-pCd2MoRx(kjl!hvXzn8YmB1{Z(1fD*_b#8ZQ9oAyfq) ze!QW%DM|MBaUURaTCXEvzfK2>y^JBVJXo_sWqnQW=SAwiHnQz;eBhSrDAk|iBY!(+ z;waiK7&10?y>*LQElI`LkfQ1@uP#3WoxX5P!kDy$HzwGSLd37}RplxqK8UN>lyOM2 zX%~{cn3bZ7qo|mN zYOZo>7tY7PI2en4h`*D1s+YU`z%eS26(XV`i*JA0I4^0d2_GDoz7^Qn1pOjfXRoau zmXY^XJlBPBLXtTabZmj}{hXHWs#UO{!vqd0?~lR>p>TL#r+9hV?Ko?BFBPDf#LM+= z-9xe7NAkF2Y1r&u?)QPebYDJ)(h8Wy<)|srt|3mXV7;=k zSD9dX%%Q&ib@zQ2fYs5zASL#pl+v+Om6St2&?H>_MxP54U9|$2E}62HgZSbPV0|Eq zE!D!sNTSf#sCW5k>UXrBXPYMpa#qzEQ$_tD#R$8E=DD^7t?FHP5FDdQT>@TC)!=?+4+2DXe2pEQi_9Xdagj?@T;_FCB<}KdxOoLO^y4 zLm*wyL-fGuSX^oLV{0EMt?5eRQkRO)?eaKKB8vd9Y4D}15arOsf3-6=k)IpVwCW*y zTE@Pc-u-O$%bUdC4~E2qp4+d=W`e`L&lHk4eJ_d6UFNuXGVKAk8nH+5b{8Nvgrl%L zpsG-yMA>_V>hturzfi8rzfVe}mD~j1ce5Y6s?o?{v5VT}bFG!%`Q#^x8f|_5?#NHG z!zE;JsCXEH(UQ^tfc{z6xXr%ynggnC1!H#4Ps{f`#0F$od@jGH(@(pFZ^Smw=#bo| zv3~>{sAW4R^XHPV5++A4ZN$b*H@;7E>4wTlHm6gpPi=Trn?B`Fk3L6Rcfkx(N)~A^ z7jkDFxqa**MD_r~7(fNK@=4NTkb%7lwkr{rauJKa%wKP}k>Oal$szT*DP(rMK9=|e z@|a^`b1%5%Yd9Rx)kAbErSpRb=bI}|BW26fYlvz4l~qOh41#6BNcss&=W*X7)WzOm z5N>u=8X0-8o^ZtC+Z1kBL4NZ_AGs&Kav50M=X~cJ?TrhTQ9j&ZAkPr9W!n{nr`5nR zmIjX8-81_dJ7e13Z*{7fO$K_!bqiC+mQ|ROUb)(S&fG8gYKGIT!(Kyr9PzPVcPEom z{`|l!$hkRqO2tJ&MB-JKUPN+CZ^Y1Gcf5nL)4Rg3eDHRZHkT zbU(OfK~!Yt2R+zEYsbeB*NN^-!cTrPUbyzigmO3F+t}{EGbj8QxYvenN$po9F~E-x zemos__}tIC0|fj*nrJ>I>mWVLf|K&S*7f15BS#0B7QH7U(+R@0EB*L=;2WGb~tSN=aXclk7N18;*FEP z*Y%N7cb;92F@EQQ6I1>{BY2U-3pOzV_hGJFlrSr`?$<;tpyk0%_O`|tCw+n$CFEer+NGe@!smRx!KVkH)!ERfm#O~RkUep$eueYaG+5u@&0 zsnFOzvSK6>%U=ZYdXw}!o14x$#>uR`92(s;#Q*{(I*n6ppQ{7$DfA?`3LS#!mn(Yb zDqoWDogmt2yIRig$ioGJ1S)t7#^v2Cy{ujiKa$R#_2rAlf)zP?LpBFQ0<~eEhS#}Y zp!_%gc5@+5mU|lT9{U;))3&WD3vM+#1?(SxVk6ZD8d!+3;-(YxJ?IBZ)laeX4#OGow%v5-XL!W;UIt<}-H+_( zobD${++yO(0I`aT12|=WPf=)P27{Y)RKBRYYbhCT2|!{gMPlw7AIFAci9_L$(EHbY z$A{pA?uVaA#Dq~W2c6AK*ha@kxxC&Te9NuSkFyhQKaQxL!^Z?E2<*a)iXihV?Zi1c znfe7Mw|bA+wt5^jbKzb3HMBrtekr91Qe@^`D591viDT;aTJCF7-wK-ZJkaX89P40_^{`;ybeO3>` z0c^!<9TqmI`Ha%@>g$Or1RhxWzMnApH~MhzOc~PsAkUCybi|8kQv?yPVCp(?1okPv zFN=J@Izm0X#=pgly>ef?-4G8DQ|Z@s@8{cAjLQ&nfMBW7VZT^xsp%iMSW0(t9unh{~XEOJLd^6AeF{zAgrMjg9SY~AfxRa={Q%cUK8gpk}B zqC>}%7=_`hqusQ@(~b;f)Q>{8y=(hc!{?emX@$U>Me>o&e+LWng2l2wd*+F}{^8g2 zs_0yVq;}zUgA-!?_%hAC?Wrt%o&E)QsscoB?of$7cNAZ}bObUPzpV%|g9Qkuv2bD6 zz2Yq0_wT^}DG@sqFvc=DU#qkc6)y5-EA|9Mlj8o--oay?{Gy+1Edk&TCsyAc&&BgpwaYvPcjm_(nzrR5E=19PX?&Yi`hsh)s8O zRh@n0<6+2p{Cc0j&VrC(gorS!XN}wd-hetuKaFNfIgYVmV)0h+uk{h_B>OG#EMHuq z-8Zp_1Ff{QE@x&{D$t|e-?)wy$?@hMZO#xOX=}=<)fOw4w_ty*;K9N<05dclC&rzQ zriIO}3uRH%i$O(S$gc}07k9;8mk^WbDu1$dWq(W{M-cV8hgora3HPksM6o%=+DxrU2+~Y}7qc-aM)3uTh zqjPR=yZCz_NWY=iUK^S%=kCACns%TCosWSOikrS)tzYZ9+sQyGCUY-$N4+gS zNQLXhK9}bP8TPrbVUc^DU)S}Tu?5m-JW|E=S57c%pSz{Z?J@y+WXsltX2K)Dxcz&j zEClD1EFm8S18SE#ja8(W^{L*Dn%udZ1qs$RWsv+pW}ih*NdBF9K?VCA6AA+fQ~uMG zeeB)rbVCEHQfU4eg2<_xE)QrZC}XgHj>gJzxIP}26&p5))t8_Omyfh9^m9)Ip8`8k z=PSMXU5l8Y-XO62yD})LYDeO8RX}ef8P*)a`uo7g!rY37%hD`Yeojr5gZ2-9TAV~7 zOqF$akna-L;+ixoxFfsgiSno3o-37nFt)%4uy6FJPr6Xba}OpGINkV59~z5q8*g1d z4}-TakjpZzC*ax6?kWv5tIKdQX@QJ*o>qf+tAA$GH+X&RcvHZHu8c<^Y!bupz)#pI zgxvM+T@A7>2mOgvPcSb(KEkXl!#!v)j0_7P%Gdx%d<4Py`S?@4EI@EP!FXnm7H7Kn zV*UO^a4`#vNms@Fz1(HEx8K7QXf|-t#!vK6p$nf6r~|(iK7SJ5`JRNz?}_dZ5ef8V zhB2B=mGilZO#OxhL4m2E3->t@Va%sEXB02mkjx|6Q;O515YoGN@clFXEoW1co*w6E z-jhXtR&kcxo_nHutq$W~vXQYR+&_cEXwEa?UXensj#fu6nERNoUErvElNUU?($VJg z$QVQJE#1ymq+E?kzJqBMb4JUs>w+7%u+kw7jgbMP1hc7iylFjN#U3FEohlOXVRj zjaT$(729E|&k?*_QBozNwhr?}nBByL#S>4I0R->8y9KpIA!j_aU@*@`yGryykKyo^iGxvCeR%0jJ;`^7 zyLcv^7<{5)?t^`X$6-;)icc0?Ez4XMe{TD2dX}#&(?ixD?)N&LxFjF;guYyLTU8j+ zd$TqUxgS#3RrdG8#gbp|!!y=WtrNQ~Ab}CUByR(MjIH-VJ75YO9Aa6jL5AML>9^tj7<`$Vc z-Gd)WUh_FM!kmAY6t$a^E4++lTb#!SS$8PpVILDS`J7RYQ8^JB!=J= z5+JlhF}3n$P@wd8w0#epzn?c$~P{nbeGX{H$6{uI4mg%T~?wf=?zyA1^; z4Pvi}b@Nak6KZ?{xDtQhS#6Qb_4k7%y^ohLv@xr5t31#u*V%(u9HZwp2&s(BElu5P z`L4Uww+#?%DbDtdPsfUUqMMKy&+nd*04}soE=pG0>D@A~0Wi2{oYCFt2$OLY9s{$- z^<}0G)EGrN!KmA}{BQ}`+>TLqD=eP6dm2q1YV&KcgN7bKB|g;I5$n|+&7^a$%$dng zq49jgr{_EG8k!vL!SkWM=nndi*quAntiLO11<-9=>uzcBDLYy-)37|MB40j6x)j_e z=8VD?j%j}%7j!UJA-yIcd3UD@7Tl1(2A}@Ua$&=Qoy!gxV2Rm7Z@`JmTVYV(?>Bw- zXf58e7%#dY^$zWmLyhEe;TGRLn-QGhcv&MO)_>Wz(jRlPSokFdN2oQVo`);m7Wu!s-B#wWC?&T@Wqq?&mjme`Sz zLKXGf<;>#)_|msJTH5I(?Qx1$VIdHaAyl+4KnU_1dEc3VhF9D#C##9!34L&wi~{Tg z&giZ};C{J4*-6XD%|DbzuIsybq2S=|^zPw%t2o~~f$^QNG*ND8^&WRa%;W;7oxPwVIoT9E*FpT=kbZ_*6 z+=yrMw^2m)A%(s~iY5hiW(L3U<)Jfvm2^qIa{n&RfoRM5_dO7P}b|4WNB`90RkV|Tr=0mx6^xCo&G6tKl_gGmLyJI z?h|=arcR4xXY+3#cez}jRFGPWoXFSZqjm1IUg3^xZ+-xW)1%RT9KL%%1{3ryw%#I& z`CU@hujXi7X&Lw)B!#Yhp*H<60cGN_?ugfLa$^q$>AHcj*}YnllX)g_GP1#K!ZVM zI`$Tm)yXRmWwVe?&#d7o#MREW{Iu77N3d_O{!VwS*3; ziDNg#Nrelrz-1bAR!ll61wE28qp^NyVV`KiUkyC`Fn&zy}qyG{=p>%)87zCCq$XdW9{7bDKL*)M#h7>zNRtI;5>Xv?beg|hF?a^46Y~xDiKfovIv;JL*>0|Bj#;jj*^rnAw^yZ3p&&{Zycsl$=d0u4# zU47qV-oB8v<>Us%`B^Cyb%|PSP!Y`ovgSF6st+1d&^j001W2xm-@;gO+cGWgZP74D zTGRj?J#0*INF~zEiv6CiiXbR6hii}UvEI}3>rE6WPGOTrnB9_RgBHPPIJ`*rOdr`f z$bb9iuE8FoFYa@FVF5@si%1&W2$`?ZhKVcW*!b|2*v@BjZ zAD+u0Pf%TACxoKcGcxBr5ghV93iE@(T{E0`@czq*9etg(8?6rdyBX6{I(W}gXLP;w6( zte^-t=)zt2*%d65=wo}OdW6nEPx}bnJ@RnAOCx{X<3(Fv0WP9Su4YH)C#Aar7z)pT zFB7Bi0NJ+V<#iQFiX1Pjv^~TQFkkzYU9}T#n!h@?--P6o$Fv$)Wt+ul9Wsy57I80s zf42&3#w#p#?3gFb7KvRXz0QneG;roAvUjsHEs(Tg6&l`V#bsbwC{Sg~>R12|LN$@j ziIFcS<8!@5)au1h2tIxUXsb)I?y;GUiA}*YB67mYV%gDIc0Vy}QqUQ|EvMu3-S-CF zBK$bH3ACK4wq7>!Pe~jYaRonkM@uRNly_%%uAE-dX^(*)3`zg-T*(Eb;Q+R=y(GnR z2W2T9-6PVF8aV=c1M;GmdRjU?TYL`dzrcGx{n4^&gBO&CcFt-RyYOQFZycFb9SKe z4M3S!CL{Ay?28Y8wpWjcv z!nKtt`-Mg0?Ex*G8$+uS18Xs+XjTLsXN64lq#ghh#^X2O#Ec&o2gk%eqnNQ=mOE<0 zE}{ENS5#oLTer&%BkmQC19l51#4+NPJbujuk{Nz{G$5<4iz#r+Ge_f%3Lnzt zv9D}^iFendnSV}nY#pdOarI<}vQIx9ldR|fWIpwO&glibuYf!>_-|b4k1l}Ze`&4L zr4`(ny`TsWip$}C#iv@8EI`?TJO#R|aQni4a@@#qohMd?X>c~sg4z0_MYarU%eEqL z8su|jPhs$Pm)wOXg#y_fTW{(|KEC^c1A+X~HkK}8^9U*oed3tMZ_Rk*)!EYxWYiRf zofx2iF5va_=j#B-lDs`z@gcoVCq22MssxKhFR+r+1+lJ@U#Ku;$?$p@BOTQvwlNK5 zvTgVhq-sNMe%0QjL3td~5?qXa@t;GOu=!ku^Xev){vp4ed(!ec5Z$L4X|qtJPkL$< z@?8FevRQM+e6a5f8v;#bI%f;z4YG)A*JBRmD{K9 zF$c77u~ok{94^U0-LtF$ec{i4SbthQF3MM3+)xg<@;t72YYxzsm>;!!1e3*^HT+#C z#h@O|E2gMhE*OGyfHLKAM^W54md*oR?$WRaj{IIgM{@!s2Q5Vx7GTg=iqOvJ+zLt9 zKSN9TrrLT+o)8RPU|6qs1#p4O?|@}moOgDiV)%LOR$g@nA#o9QJCk>Z<&GMF8KKb) z_#oVn3M=kMWNnR(mx8HU=lIRw^6*5XLlj?cPd~mcg^1E(qKEngt^j+mtdDs*Aanrn z^1OXhTtfI0p$E=gH@GuPZgmeRPK4W&Af(fEFJUP{L_PNbM!ga`9*p)V9QOlZl~8K( zI9OMLGthXPJo~dM{vKI0Gtl^*>(%kb8%!Wd(sF9(Uk)*W$e*ZcPhy8kg zp2ADRJ@x^BR=K=mn|?&dK)N#Dy7Z0eax(t>(zH-T?F{bGMh=xRw1vcUT|4K-4z}a`Kc;t|vHF8R>CwY)+Ca}S6le{xkjh+Ar;V7U8g~dq7P##Oyw8XykB@yJ@V)r#2>`n-y|)K zKMZ}5@lHe9y<)OIFE($z_x!lUXNLD{pI!Apdd_$A;ntF1!FZb{8oc_$W=nJ%Az<`AaXNC47g5>T zU!-R;J0YEf1z0&o)_q0~-svZB$W8F(8?8dqVg>Z!2G`hqWq$V5x2?s`J)XtuJ1bCe z=!T6w(JTKXB5GhuhGK;I5}nglE`Hj@k*9NhDiZJfN@)Q)=5e~7-ZD#Q>~uqHj6N-^ zSq5rjvg(daBWc|!MP`r7AV`#Oy+AWN{N$0p7kA=4eN+8w#+ix6HPlLBK$m>>I9ueA zzZ)&6d1q_i5Cps{ye)E8%ZJwTBI-smj@JBt3Hm^321*lIJf=O7LT~W>w=4WR<6%izJ|c#d&C2461k$E6AQ zvp+o0>JZ>b#~=Gg4UmAT=g|-CzJT*E*UUPrJ-8!l%uvHe#!Mmd-RjTQ=O`QouNH!R z+I?yo@SjllwHS7zLsL|W@Y}-8EV3g()6QoN~sM^9wy)?&ttqcPD{NWRWZyR;PJ&^YLR>#+vtXC4AR z)gxGH+d`V5`;%`44Vs!4Sm?2ntvp0}zDmz$Mc0DAmEz@(K_e6A@N1RovRWJ<;=!)+ z2Z&(*u%%^#>!=c%JSbY1XcJDK(V99o+Mj|J`VBaT1zq4qW?gLmF{Srz3OAkxPwop4 zYdS$9X=ErZKuz;2Y3?(!Q50!p?ZPJ(yoOws ze0krd?jc4u%=o#kW+|^~rBe^<9NAyiR3l-zySXhm(eWOrhH-V)ayp?Ue4wk+qW=tF z4yRtfDjqK9p|vEE64L z_njro8b85!>H@-oHlZ<{(m1NzNd9mvfLpvv7j^+AX_K9(H6657qp6;6^vq}5hh}J~ zwA{wm6wStMUJm0%C;aPkPaoLcG3R~s3TEBN8Nn$iRucvh5v{^Dm_!E{5L$QOSx%+5s`Kr_ zx710og?7m3<76y(P=Q_$18Z{doAVyJ<;Ha^%cB`SVGg#!a`B~w;^)Bd!W9j;fePKn zeRVe{{)%e%#}6xxX>qH^eIdQoi2H50i}J8<`A+8ot?Q z8(MZd|MT(TnTekk0m=CBy0B=lU$@8OE05j-G#K=Pa90F}x*39mM*PBNVIGGQe`>KM zV$yL? z4GHF!rz^5=_is<;B^r)8Y>Gcv z1Pv9f<19hTjs+9=KPPqXIiwATHo6xvH^coZS*bMS)jNY21P29DmN$Pl__A}3x_`VV zUdx*1@I}$92OBQO2MH0lGoOrA(#CtCcF(ZKt*^L9&hxZYkneGJ`0MY=oy^2ahN`{f z?RI`gM@E)zF*5dOetTS<_qa~l7TEs0Ws+friTZzOlc&Jw-Zch*Tcew?~TP8_2 zN$wktMewVp;u;p>m&MGVGnpo+o??YnKkThi{=Iuqra zwAHD!CG3M>`x(^!T3?dx5Jw&)s35q@4oPWSdj{f(+XnfEr4B(HeRCN5Z3Nx^UX%Uk z1&QlNZlh!K7mvuF-W3QIt%MUT9lW-I4EF&JUL_DTEdAI#X2}ypaQT+2+wD zKB%)!-7J`rHwAJLf+366kE?Ah@2jhGy36 z9A2WDgk9ct`W@ryDcKpCLJVI`K@7rc2JfOMtf9Ju$g+9Xn(SB4d_AxP?N^lD_om@{ zLk<8k-uWiO93D5ce@|QNzuGsp#8V;N`EeZSEV-yo*QyFpGGDX!M058clu7rDCs+R< z$;qbs!1!P<{4%-)JNx!Lev?Q$>&t812xvH(mM=o>CI}P#MUOW#ToN#{ROBzi7rn7l z7y?SoZkT&--xCl2)oQ&thu{+KdwLPl0F;m!3!x5kqvpa#>86fle>EUFIe@B8djO+A zZGPUA+uAq>8H0Z|I+{GMI)SpxUz-h7%0{TS+e2-S1W{F~Z2kh@xbG`Nsq4;s%M~}O z4pThAA|^iaF(10y8*P_Y^c{9Us8>4kOwOPnXXf>31?aDSkA#ub?hVbsb^P5bk0$%L zefUQ6<$wD1U}(SFMop3yB&Jcn*B>|T7r#9v*WqVhBbF{dVY^xNj9!<+$*!(U=m_4P zB_{TKL-cEM>&+h>W3PD72M+2-JZ9mu6yIcy{u$0~muf%=`#aOIZHm$+0f`?T1sZY7c}q*G-1(KM|Y zR$b}`Xln9%d?T~VTC@D&6U;ysHx1Qa0~jsXUKAehE*qT~?yT@$Dr;lsbk~RB-y!Ym z-uE{#y;e%m*kBLW&(bGreQ>bSK|hZV8M^gkoH4HgJY0K!QtaoETgDHuz5CPA*U?<^ zwzJO4UYrD&ou9zEAp=CYrMN`t;Kg!CY+KD)a5Acm3y@{9ZFunlMYvb}fssao44Tt)Ey^&_Liz0eOvn~VU5VE{8Wz4cp=rMP z`Wg?RrdBD}v~an7Z9O(eq5-IDO&0c7W9H-yN+jKGcg5h20m|404JfZa*a@xpKrIBra(HC4wX1Sg|q_5TCxpPod;=obB9 z{TwHRj%Rz0{P#U5zbk&d3&9lSX~qX>3(Ji*7OT(}mm^`PlM@^5wt7 zgijgklXl;eejDnm)MS>gpW!c+4S|{sU}`%OpziAFnx=4j6P`kf+B!H-R8F!Loa3_N z6?pdXu`d-#b~s#>vmzU3?9V)ly*!t=_HIZQFCgFNzeh+(iAj7{!>&QbcQ1=-e_s{{ znEYc=F2O!>N(G)#LY>D~^##b?*U_OEa>{X34k`B3$IiuQ&yd)_{$F z(a&s8iJk^O}P6Ca!;$r!(;&e-fhd?<0K#=5O`43wRKZ z;xr%0_DC&cb6qXQ0aL89%k(@hA^HRu##9;bH>`q)$Dmqn$>;omw)K+pC+fszl73o$ zD;EHqKI&eKPOlZP;{AMFg0hR1Uv1Znz(JBzq5kn1N22$h$Y?9!<1sbOHBLZe!EnMQ z_`&lQ&05yaj#WW*aEz~?D8!?`m*6wsxy3jKkfcL}1-%6x1<7ZLqNXm47T8gAXpO+E7+R;7394;z+kA;x=0HI^Ii8nPd2^F?t2dx4rzcu@eCaD zO`Vv-@n)6_(BrKjf;-!iz05F+P&brh>Lopp$t8OGSR9&mzbx?2p9Sa zd`)OCWtK9?BwZh+ehyb8+!fk8SL@JYjDmSc?orOAO4VnV_)oe4KrVQHjNwV&`VX}A zulNxspl;&t1}dFsmR`Om1@aO5(ppYO=xIjA2RK)2&;35VV9^rK+MD1g`gWeraZXR$ zaOKXZ@;y5sw8^1wJ3VM%6rIs;O?G)qHt0RBF7*;%fmawKI-`rue_reLYw{;6ES%Fp zzqwyXo}q#-pN&ZC#uFCU={`sEJ#j<}C2=1AIsiit=EL#LD`u3paX35!|DRIFK~0q; zgyfz&#qnI^m$N_rE)t@elfH*L*`p(w3u@P3^-%V{z+8DcEc(NrvJZ}X6nte*;YYhH z0J9F?^S&0~??$+cAMvggGpc>Iqc??2xPT507`6J@H2d!rVYrChp8q0weV++g?2Ti7 zd2_+(yuF6#{^}nv(Rg~^%>a3tJa6eB0Kw{C%Dxo-(u-7n&8mOHgvNCqn zb^upM^CQ=fKZ3AXv*;JbpXrUHOyNdw z>rKh7e$OXQfhFt97j5nw?3Z0QNa%9+w4y}!a#ZFXDSNACh?KPN%`I+s0zNvW>4~q7 zt9%ar3dUja8Ti_4P%ZlR;7km|9QBj$JfJkol&tw)?k$-5IDBy1~DX{D5ZRZ+X~ySPk6D+2iy|R(~lQTRdJn)D6)6yru^5dLPUBevgf8 z!?PLFGH`<3d=u?BH_RDg>Q!HSRWLHec7sBWv=2_#zpiwD-1m`$ctO*SE!}~?Wzg=P zN`eIS%j-}zTTkd*^CnfEz2=}P7&ox;*k^_c4!o(WD7qh>b?NpWD9zr?-57psl(j(r z#0_j@%LRhggfI7?5~Ei9z;QrQrL{z661uCu_D_fmd-|+@Xz|uP4#JqRLb(r{z{4bB zx!&XVJ1h5a@KH6BPftd2nU7L}@zY(sXT{mS=~W!wdlQ$l&x{{|;c$JF-eOo}gihOi z$|jS4Rj);q?K~q{)-|OzA{xDYBc^xS$N3BGoZQi55>_iD11Hb74+HTkT{~D;%lN@3QV0#N?2`b zBA+91E+C$oGc4b`UCP`-?1(2N+r2wP^*+PU(csAgeud^t?Tx@fRG6m+GO{?qA!(ua zqf_}&OY{U@7Vay1ohj_pwuUI)MYU^H2dFKrjV5q-_rSkg^ zT!9RG1A>Tcg-I|K1GqW5^JSlu_e6*?Y7)R(s1-v?pn_+7^Yd4{0kM)i>GYG6^nRH} zBEtW#sz}gu;9EM9_w#WLgVG2hqPn>CK6eyIf9xM&onWiZ{eph`Ii-zQ_j=ef1^CAm zQZ72Z51ciuD4%VK?vUyh&CHuK$Zd7>+pwqNG$!me*o7~9&Gn9?7QQ;@{Vj$j8O>zdAkeZ&>A7&lk9y` zxR&TJyiXeX_f_|2lgwwnnG^kHB@Fd_YF7n=yVRdg+jiupZQV;3X`I<4CQ(wPYiFj@ zr+UzCK_%7C?8nWvU;q#0Tp#DRUH_ux`grigBp~&2TIC z9R^^y??dUgW;Hy17IKgx1Z<#2Gl-7IoWWg+i|QOb>JT7_pVlu_{3hHJUAR=e@GVtK z&}<|?mUd$y@r#lCoQ+FMerx*sM?s)fiquXJfKVnoUlY8*z(4j8jm`TOUS5PW1V8_V zi@9Gk3GZ42BX2FMO-FhWpKe8?5sthjW{y&t=b{iCpS5mVAt zi};DiDOj8z%tK|_BhhmQH-HGhqhh#4Ih3}<$dD76l~D5l>A!jIVPR$Q({nDLf`3Uf zk@9G9w-v7PdkHNzD>S=s`tdE1!>K9tQ!ZQbq2e%9%HcYf>(lBSMz}2VtH%jXJz7ha zKgM)kfVNxEKj_1s^%J(Z^6I!)9WJK}KD=jpfBhgN`$qbH>$e!`V%@C%F8e`cr{KIj zM3tV}^%!XctKMuwJD}KO!x`K;yi&yke?NOd%tkW_w+}Oa53RuA6Ob|cG9D>R_@($H zX&(KV`TLx0e<}H-QruHr7L=y*EHq3@e>CGw!lh#+`>H;imwd8 zRmiDk!exkJb{v=GlcHx_GhKstCtI}+t1si4LC#$jNTH;AZf8eOi9@U0# z7->)TFTjz|+K{Uny{Sl&Sc!s?tYz|qzO?Gp>h|;5_O1%LJ38J~?_eDvD^0H5?#+rh zRMBeroS6%mwU@z(DIgje_SN*Kkn)Ldb^8+Lm;JrC&8^ZE>mKjjz3kHLLH08_)Bw`8 z@qn&aJ>@tfrpR<7ll=}XIAE@|`=!S;LF7T7p|8Ayv1@T^t_>{M^4lRx1-1bd$%RLG zm5DCx$d73s6tW0dpX+7TZA9Pv=UL1@5eDK59{T>6`0*}$QQm`T?5KVh{5Ih4`iMRn zE#4z)=9sPBiA55)sWfk&=?^w4@rpN$^qJc~7yJoP+;_Jc1qV3(Cc1lE_IZYqPCwBS z&^?|44EOj7fk=U1NQper@L}!&NmhQoBuyF9c%vJ{!;QWo>n6J$H0TCs-`;9U7y@a)48bcY7YuF5e7h7=`@C zm&HT1jo0r-J}CEyf&VzebUG&c8UV^oyMMhVW;)IHd4D{tvP}}#*&ccemJ5z)9WiH8g8d!p8N2@i7;7aB-T>NH6b zNwM1JVvjmfLHjHy*c_#1BLpRrcD#$6r@+#z{cxOmn~pM{#8Bra#su-)KH~=4t8Cz! z_}e7hQI~yZ`a1Dr^g5nD#&$lc{ycr^!lD}{JvXeWU_3}FaMKxHfzD; zx}x9QW2F8o$vsh|!3e&7K3R!eF0A|GQ1)fCbhUE|vE zo`t-jpGf2Q7(aNG5{M_XunsxO;UQB5sx}5l0ThgO7n7jw>5h;1S^}&yhtG;>63qxHi zrQqLm@&4X+#TJHBb2;gU;84Z~$#tEhhF^L=M!Ubl_y0-31a})A(N)3B#fNo?1(M_X1Ri%I%)kOj;LyjK+KZ@204Blnep-e;jj)VO5-X4|;%n`F$T zB#xgPN|Z*~Dy?T4tWD{>jZwj;PqP*|xD`3a8Ahj4@?Ad%5<6Cly9*KK9dTvu%8{>O zy@3470X&8SjaL>f+5zlQi>K#^|2FQ`%-w^t zQjf>)^|;WF_tbYaJIDK0#p~X+X3FOl9`I)*$EVU-W(Up_MjDfOdcDqZ{5zRjto(Iq z<@+sd{K&Y>ImBMLag}RRwLr38ipQBwtXC0ir}!qzJ&(q1kH9`nY@IVmV^lvaFnPp_ z9Ph>9@G3c$_ot&-z*tuO?V-H6aK<2LU$o*M7?7Kmm~;A&y_9dA?@C7%0s-aq!_T^+ zqimrhbJ@^@-8OFsVzZ)`3hZuh7%P@G(W`3AY#BGF`-VZ!NP1qLLByi{R60~&Z0FP% zbJuIq9omEY2qe%T-f4i^7+lc>a z4v1c!gZ(3ZxFhoydOo!;Bc#w8I5AQh=8ZFcfqeQ_#qDS*^uRLvU*aD>Tc{z2mhS#0n7Rxj{`q`svDTEM3_EC zbsci>TL9+gNkQbP8Xg?{ev+}c+{^uIZ^tdrMn=U{U*pD+0Hxo;9!((vL<4@vYgbMU1fi- z-cUqN@kd|FSW*-ODh&6)0)JTKxL9bv+5iBz_o48q1$3C}9Wt>=PwdxukH&0irQh-8 zHX3LE<7SgAGrG#p-IKr3D z@88*Ff1`9T@&eZiw>MFG6W%C4r=QK;ACX7qpk)B7N%O>M(ez@pKZ3!8K*6)$4$^}U zcwmr~@I9j;(32)>pC8z%=(wLi0HJp%@>&aStB^q|mv)PX@tItjnve3r;%@rg+%qNF zw2xBoUkV0XEOFxHS{IP*jMeru33>sg*OlCuPANz_Fw-RpRNV zlgVW;rNp-;xu3~#M}jDn^GW7?w^9Y?H(z>nNS%s4HJY#uZ;K=+fG=B@U$%Xyz*J9N zb}1V;BwQ|EmG|if1cx|CSOv}buY~xZCM(}>U1Kg!w)vMRJzz*96(EpYI^{%6a>RaV zZJH;UvrdZ7nna2gXAp?7dIYK4GD&((+b0Q|VBmNjpYdJo)hpB>z3wf@Tf~RK~@5 zeP6E(zBltNUN$CGBbU4JmKGaO@PU*xGM8rd7HV%A+!IR9GXc?5I;Vo zPbmYO#%K81eJ$?z`__H+maZ!7qOxrH$o3`T3Bp)q?WP6i)&MerBLsBJy=WeUiy)YUry(imBjF~UI8rLr*=Cs zy)$1*J#3QWKpd)Loj}N+oE>5Rw9!5ggj)y%+ZEZ1Wl3}cocG-NTjK#~v57CVbruth z>Z@*b*u@#*R92Nk%n`7GcWqRH)?%g)i%O8<(CQ?hI{^go#PweT+FdzzntIR=&xF*U zp_y>B=oFzQC#94UT5J zCRdq9r?HzSksMq!mk-?tzST0T4=zD<$D+b_S63BL-j;}X!9K~bx09FpxPks-QliR;Hb+QGME{t<#0D6V_N(>2Ayk_sUqn_^h`QmI- z{@q(lXMrwYTBeIV@E7$NC)Yu-P46=VezT!d8(*TYlR;FsM-0r3xnbxl{XQ+dE|b#N z{<5{kI|}17AdFR`J~iuLoT^#d);ssT|BL` zy3nM4{~A-zG@+#V?JJ1MPG~tV?|umDg;tn`+Xq8#;G@$t;zD5xyz%=@WE{HVYcpB+ zhhRize)f?=ezb<>$ZlU2d5u>YFG&(Fm&gYi@&td>E4xnQWWlf1g(#j2$Nbp9b{Gc( zUtD}Sw)CTsn=GXcGbIg1B+5e$AhdTIiIh5_gN=f_ z@qEp}qIFX7M*Ug`2#iYJ>%*CF2A?8#Rwf-IR^FB1O#V%B62=LqQ z#%h#W)Iz%IU+mQ@td~#)@ptp&So<_iU+W+Q!V8d`0zNjhgH4p^TwA#6&8ILcd}+Q( z=iY*m3-JZk9d-x_b$!0b{WW#=9CPS?CcSc zaA}tB`#Me_2A~z^iHWHu!~8exmoAuYxsCcxI&jEd>Wjg7ulxwmK$@c`y-pjx+Sl%Q zVuy&ub&a4=XxEnQ2c&BvWW5cSPV}A2gn|MR);`7;pLXYg%p70-GhaV`Eot`d~ht|?}7IN z3m`z76pb(3u-5yFW0?}v>n+W-HP^NT-e%4#&|uzH-;^sJPZl~#{KI#BN&Wa8RoE9e z?7PqXcCGIcg(82DdlfzwxS6#`T*fyzzn9%n)wtkWgy2go3|N-zvv`pVUN;iHrz+;w zHBq)^pYUHu*O;#B#^SI?T@m@c=tAJXGW;nj#-#^NPvNI%!cA^do+YgJYt%7(h^qNn z`tf=Q6I<#!TRS9`aXCBl8H_s;Xa4R>P|qtN!S_LDp~>JT=HZw7M3>_9$rff&=I+O0 zeX8x;)$puY^bk{_F%93d;JTjDV#V%f6p|3Ti0d~R-nYT?jZ%Fa3gJV+XwTA~QniFv zQb#{JhoESmwCZvs8{)6~0SQ}dfp%{e5JMjyE>R=7So$Em(PrZKR1mOnadD(t{>)SIr3pLw$uH_=xvQ0pRZp zhhU^k9@0McR>-?>)cw8~t@ruXzmOmaZ>Uyil(|0v^swvpC_lDeJyg#09@q2J{oM|) z5lweiSnUzzo4n_3M=#1QvJ%BoDwXh)y3${&EpHs=`W|Qw0_~t_;`?uCKR0s_JzRDq zIe9&R3%t>{=X8MKo#&Yo)LIx==tLomjgSsq_UTWAWJRb>QWC0}Na&fMz1UQ0_uljo zpANh6IFBSxc#8F5PQFiZCx>8N^?CkQv}ICBO9Nvq(9-osU-vYf$^V50rDR-Gh>DNr z_zD!=SJ)CtK5CbS2Fpp+VdP5qzDAvaoW~!XuUlUkDA1p}y_sGC3y_#4;?+Dq0@~QP zGb*d`p%~L?jHzC)?$}v;jN+w%lcwQj_?;bkf7|GWXzsd)TT_fNMHKuaEl$kHgz5@i zuhzbO`76r^rWFchAY+O}zmOX1kfEsqJ6BO~J?EqEXEb@OC?1J@t+3yXsNzwjdy7wF zs#y0kP1!$^u4_wCZHxYrB!NeXB0)0BnTupQ;Uf-!ZoM_|a#LL%w&mTsd z4x$69!Iv`a*c#uhTpkSA`j){yhd#vf=kdCIM=kr3oeq)UhT^)AZxMoXw~YbxHbB2% z|8#p$348M(&79ljRW-`dte=1{8eQPx!No^~3PE%R(k3Vj)aZ{~dM(N@c(EtKA*%fQFXK z0hrzyIEG?@R3Bb#M-|X%&~D-rvN?%&FfQs`4|+-FA4YfGn)fTSzmcE9$mtAxsa+9S zVU!xy1?p2en^~)$qklN-%Fu}q`4L)*xb16&X#5q7LZcqW{X(CvHh(j(=E^6`&ct3r z?l-%Yt$Sh|_J^-bPp{<6eQxKly7P&GRO>IIvwu-c>OzR|`m4Qt0GsD3h_Ka2=ciMg z{IduvL3!I}3sF3>-WY$_OTl;Qpqx-XC-s6v zNq|#2`uHORs?4q-Sp8NWGw!$}u>`)(v+wVIdrr{*fgzrgNWWU&roG~-K|TF+3R?S* z*6T}B^9-q3fHk@)B>b3e5_R}!tA0c|H+PEyI}WH4=Z^v`QV38Xc|M303N_YA_u&xv zJKn+vS;GpkTNLXmwqTZ6Xg={b`DtAD4IV$>J9m=&Fv{;o7U2M}^vWMHL#OQRhgx|Y zhKFGGD=q|dUZ}dy3SuK-W&CO?%@99~Jc zpHrY-l#41BcOKF}=Wg2Wd#F#@8511*#eDF|TlEDz6t4QAP@m%JLVJYR@CYNkD^-zf zBZruaNe6t&M#SAPPOfx|!95@v_D_c;Gtx}*uF7y_of|3Je&qi3wM2GeI{JVC;Ffk{~qE0RHR?uea|s^ytp5!w_t7 z4(&-O{F~)|d|DowgV$0s?|;VgXJ&;93^3^z4b^K#ZI~uQJBu?C?I^Q^$AySP<9)v< zIUM(|BZ+?O3S~(A2@eGK`QQrdVN_kp;lT%XgJ`o}hJsE=iQ%J>B(Qh5ADCKFi40Rle{$5;jcjGzJ6 zYKpHY4~Vi(s2QQgTAyFVAzL2D)pN)1bs)rcly8Kx3N&?HL~lY?iO*OlCeb_5!!n{6 zDqB4c5~SBWv%SQEd{W;-Ra@D2OO%wmT$0|kR{vWL;`%BBGZ0WC6%H!^6!uHmXT@Z) zzq4|@b#)h?G$*z}`mUS~W(R2ClaW{OI#3GJw&1m|$F>?7KV~ND#rVv?$t7Z$oJts!A=i%Wdv-~QRW@%raFu-r)rc0H8VQlDF)gK%cgEsBI6!-vvV~KZ||8uGTcB@cthl)M%CQx6S`r{71)T zwGey~9OsWO_tVxVgYzks6`4dkbs!?B0^TM#AqY+5xQy{b`u0nG49S!z7SSd}BRqPo zIR{AJgf7Vv&_~Uws3S5vBI9|$Z-`)0xO3((eezOr)E>|z9g=Ib{bFvqOfVgd?cuu+ z)O{qdH3Pdymjv54Sn_bK_RH1Xek$S|0nAJ`f%HkF8Q<2n-6pQ)qnX{kHFUI0HD||cKqRbluu428K%*}+s9p!zlUPo)g zFDCW~9b3nEG3ZUy)d4AY5a^>?=bYNx{N2Uqkw5aQiE`NXcyH&jj(UQU)bO|v5CVy< z@1!K;uInJc%uQv7z4DCg{!Tj{iwdgn34TOI(|qgwp2XOIO?I8CK*_9#6*^<~M zxafUt3;aAg5P<*c<0pv__EBe5=}m8E%qX^+QM0d$AM5*Fs9;}0dO2JI_t(6l?ae{r z>;gb((#eUqZQciXmhRik(WR}%0rJSjZEG&qeaF^USD;>VwVlI=3HH=qD6C(H#eRqw zt?>Pit}M$9nV5ghR~l`%Bl!eT9W;^IgO)|9Qq}hX5?C#y2b-}TG1Xl4J&%-QvzCvm z)a@(ONgChK4yR(l{aNvAd@|&>>5Cyn|BkjTB4Se8{3O342gK%$2>joV0BlTrK~f4# z2EJ&UVXhL2s%EGGGsFEl?ehn=ntl7Q$9n@5m0n>$|4xVdU@--oEtFFv)ZJIDB@dgUIa}$>0@6F&vLaEeB}*fj1>a}c zw1Tx_3Q5qM|87U%Z%z0nzIr*ndZ#9p{ELFRhMmF2?ZSGFW_fV6Dbs_1uvV$E?> zxAz_;miy3QC@X}%;1jn3ot$LES+@kjsDoL9 z5EjtVczkUz5o0z~x$oEeNOix9yxop|3xjA_e;aXgzOAmJ(BFQuH>zpBj|b=G$GPXe z<9>{HwX&RXRPs~c*>G`xIXJhU#Ds@#-?sOHfFhr(6jJ^WGFZ{Of5G>*oyK?b=+Ch8 zeDa%=P={TXcAuL&7pOoArfkewR4?uR;H7;A?n8yI%R?^7MN;11wPjqi6cO?{-GVo_ zdiCJF#-C?%P(QqH-f5qs8wb{gC?<-$wYcy?9Up_9obG5<_m{G>xyb{IGsH8G6&#+! zYrm#kGbDMRFL!C#?@7&HLk|)(AK?X0DRPn(9jl4p%cR<9XdtG0mLhr4-R!Yx?t7wg z|0XBn%D}Ny&m~x)y6UFx`wr<7KNP62gu^vquW|?r=3KD&`Qa<*5c)$~a z{60fEzY0^OC?P?$jOJ+UU-!=&?FY-?s|)iL_+CoSKlv;Uyf@OFfrPANKfkG0f}5B% z+rJe8J;hy7zq4t5w}XVQdyrO`YO{42BL6#9W5ex zhWlpx;#tWSQ+QkP)^|^3xDla?($jy1PW*<#tdQO*YM37`xG5c+xjWER&fuqFq1(|J z(7RTMzxR~*IN>(lJj&QRHHJdmj3wAdn6nuB6exu7V8c%Z#pTby_|e~#Q72&gUIYN= z99>UWjuQfce+IkFg95(MQaL=zT+c>AZw5!bhY^ju=pk2Zqay@;h;5E>8HmTz(Z4Sw zA?91hWpKI)R>Z1+so*#_X*gwOa%RD|tNJ5DI@t}4m;EAPvo_y^1ZtqKXfFwJJ_+UbtqLH^FAg^W#%e{#Lns4NPZGx_lj8ai@U4ln#O4|mOx`YhtvEg5vx4e~ly`1?!T26BO_0?ge{YK<7JtQN?v{L^ zbYeg#PotsJ>37BK=#s+gq?^(rv5z%=2c4Y(;(vrBzKLGvo3UI#k^SdTzJ1_%1DKi7{3*Fjr5nn)Nj=rE>B9vievc4{=& zPl>~zBZ4zmM)GN%w0?J;+rQ_rr8_zqu4#mrWncVS!wz1cIrQ58`jecIRaFF(3H_T7p2S)Y*XE`7H5~5wLumFfV_colv15LM;|KI7 za4!Th8rnBZP%qD7GQvIGrH;uFQa{G_WycQiR>_2>pZwZGu5o{X5DXz9d)}_}5H2$; z1SY|K!`69^X}A0#$-ni7wMQ_VO{l)?_HuwXoL2d6l z{9dt03lnqPl)zaIDrywlO5Kd3XtDAn!gXt_>Gl*uMfudOaIpTY5-z_0fkuW>1avcw zg|MLQ)~vAGd=Xy+*4szqiNnK$XPtBh4#tInrK7yx&8T zQR{0DHAjOHucyU=s+xU~=X^g9>vv8!VDkqTg}p%|==Ab6Si|4}Fz6oWTj=T*%ZbzM zbYOwprfaq=y!;HPmcFuwvW(1i>9O`(t~B0s#uw_W}tPyJ8_TSk)qL-z;l3U{3Qc#Ilao z^iSO|ao%rKmQ$)4{r zU$(DiNQzjajl33?0YKFLd^!^D0qX=ToV+-F`^=6Y)%)oFLrTKap7$pXWY_a%;fPDj zvmsXquBD+EkV18~v+jTa8FS3m5b!3(<8OHZdDF50?q)~hh|8!{2f9DmaDolp>G4_U z%UP8bvrnn#SAwNvRXw_I*SuA*2eF$AYh$eTHNfZ2fAGbWH&;gZTW@A6-^WhBp-1L; zzTFj@{DrsX>$eAE?~mS+`+cj=ftr$h@i2&)zc94$W~6&i)2ef2a?`YQSKMQ)BYN~h zI_{^KpBNW2u?s2lJPq(i=Unsby1y|BV;EpGgkIYIgAd5wFrRmAkpwhe@V-Cqghu?d zuk*e~-?ZZxp3T?&J!;dkomiMugU%r0IXD>fc>~3^;m%bBlV0~-k~t04zRHbdgjNl|uN|Fs113+sq_;b`vNJ7mleiDr!?nKg=-=L8(X!gFGYTgl zH{mq!V_G7)yyP;!Wf2m!+*P%?_~^TghGIgSIvNrS_N1p==A7@<4_+mUZ^NzMRRtpR zvtJV)|3CdSb{c@k^jN(^7$!XZ*Hw3FkSSrjoDhwAu>skw2dJ#98EZ*CjDCWPX#d#u z$8KD97b!xV+??q?#oPoJU3HNY$E>Ng`YEt=*Yvs9(@^(KDxJ_gbmWt!n0_|D5Bo_> zpNoVDM<8Bk_ByU83rb}g-f8X#IDrHxs4EQYdIJ3G$obk?e_C7P>wx!AoD_mo8y8VN zyXvo{$8@5IMS?%Fh2h_wa<&Ab*2GKKNOGUIgC3oZ(C=a3)|`+@_NpM0N0-cex=$=* zEWgGVj%Ag43yul&y3fyxOJW>F2d>VGr*|UHZ*QP(sNrod=%}DAZ@<62uIPXs)BV2ML*3LH zQO;zxm;4v&XQW)jo1*yRlrje8G5P~A+Cu_Y9;aj<$zd^64 zK#|iQ*AG5k(bWdQQiFf;Ld|>+}x&txf#_F@xnJe9)ip&oPn?Qcv69Xm~e}K#QM|O;iyta#Hb1r zhE*5^)f)oRftIjBa=j-j9E=)f$lWpY50J1WPq&Asr`FaqH;;+xcYH6nR~er^MMvAH zH^*Jm&9$QY>?><4GtDWiYR*#4$^zMG7S+Q>ygtWJ*^9T7Is|~#ytQ++luzao9e$UJ zBokrpVegah@G83bRb=w@bsK`KN48pdmvShCHpZQbjP?_5N&(h#`qrjpHSWx*z4#) z6%D_Xs zl(5e)&?0}%kN?n-xYG;-{ZX?LAN7C6#WAD;w-f2NP+(*7v5EbnNu0UF}b55hXnyCs(zN z?mj?^v}v0C_Rhw3NcF!R!J@Ce*nDxsepKm`gwRoX|^K52lQA|eJvrpNQEgdzDj1l z%V;6JDqi38Pn_6(9KgK1y6OG4+~j-8{$(IUs2#6`Z`R%;_!@QeTydrXmwapW=?+kT z^f|A7r11-77ct-CDG^qn&P%4#yEMx6g`tGwu^Btb+;PL1Y5dZ-QOg3T(`T87AU~B& z)W_CeNulXq7r^z$IvTQfp6ABP1}bOb76tIX*TM^-8xde^u7gQ zJp=4?V210Da}Lm*_)HLfzSp`Mu`B=@yq?t$w6U-4EdmW& zgUJ8t5y5+v4p+4VTtq7e(3DrII-V-1+T_r=5Jfa4pS$S4BIx51km{X4@ySIkX%>wY^L2HNsldOc)N)*KkT8uCQ_+F$9u_?^LRjrYCDw;)@De-Ww(#%Fwc z96Kh)raZ^2IpVQIvws3L=fzwOYrfph{bw|@a8oN1mY8Jc0CQNVpCa zEo32OcE9bS3yIRp%q%?`Bpdo4kMHoKjbY9MY5CYD#X9J=USBG`7Z1P~!hehVk9%|{ zVK1i`=O7B62_MC$8~b+6Pu!}5KYp0UcIHKt;e<_2lX$rc_wAFTANK&cv{Y!=C{z5t zFQnvx@>&0T_{~EV!q@Q)c#01$Ai zKuAb@-poc{z4Y>E?f9`=qkDM%3bI~2N|9y(+)Rh*3tfp}U+Jf)yt@|M*{zKA>B*cag(876K5{%D=qxu?hRT+{an!V1x_9?EnL7NsOSaj4n_h?eFr} zA5%~#Px-uG#gv!L8Mp9OUki!Pjo*`w{iLmbe!p+#$D;^EKqjg_6Wi`b1R%e?sLp43 z!(8COz*we*OtshU>ys6{B#!e>W!`Q-aaQt+YMrO98~6PNV!$VpJDzYs6)v`lcP~q* z@#mp5$@s%IaFg0ec8b!)qVEzOYT;o%fnO56`PRjDUz4d}uH{vnkp1 zW5n^N0>S}3nU7zJFV#y=EfR5hzo2VyR;uAB&$#-qwBFKrf`n+fZx4^UZ$I}{qU7|; zMgS>GP;)H5s;No20GS25n%sS*i7ER4X`YXje5>~pqQRc6XZ=3%U^IHU9U%Jif#~gF zN{GjPkJaj+ynfl5ZBZ6OO(l%7N3Tj@(h;$4tum2PhRaB`2Vx3mT9BD;#^G{kuKP(P zH^T3XG4MNVzL$ZgHJVa1sv%l=`99hxPKH{IhP(HE0WN#{fqOz#-sVEbZGlo!;y#(@ zM3XSUlla;5$_mOQYPlNvq1ltx*Fii$XSi&&sk}XfOUB5Vbt77C2&gb4UDiKWB^wYj zy&J0 zT|X=I^S@sCd)W<_yRbwJYsT(nM{WxVy$XwWnyOy9g7<5;_&W6!zvB`B+wmOEXCF-W z7A}oxkmbtafQ5up@ze6Oo`e#5_*Tz}cC)>S_s;}+FnHWLF96?X#+ef4>-0uLkWmZ# z37fA!|7z_8<&(1MMtXB3H1*rvsZcO3CP!*rcTGsQ z-t%G6%D*#q3IWjC&`)l?FwqUjb!T)j@u`zX!v_3Eu|oNxONUphri7x1%hr+pHj6TP zeV{_C+STAxfodpj*y_gtTJjW@glF(LFT+J@w&?zXEz~7h>l6eV@1opaF>@xt;JbU5 z^(%h@Gt361ZyK&Y?sxWy{syv4{6=Zgr%-+j6m=U|rlKu74NVtoIA!K}`X*%yLG~kU zl@ia9ChFp76HSTuN(tGV-b<=9U-PGIerdPwV*(r#*Sf!?E*#kLR4!DW;SM|$3q3(ny#mV6 z!g5rc$79uR_wV&PM=d|iBa2IG*DEWXb4OeB_(ScdR!h{%dT;M%A|3dKgYa0+9^a_u z`Cu;SX~~)oZ}W+xmGu?A{R<$Ph7T^!bH2Xd+EoT3*k zkBEHZy~fS{9`&mWjqO+RS#S+rI5!_$UCIa`$SPGVgoZ`8uT&Icw3tXbqO<*b6LvtrGS7W> z*Egc0%zUI5gF<2{JVy_WZao^xek7CXrSz%`Z1dWb#HlYv`0Rx6M6*^4)na9kLkSpE zak;wAf%5fh<3w;=J=727(64vSE-KRXdFH*xtc|CGP;TWPrM5w!>aM!_*zB7SJ?~(8 z%N&U;>P=HFj$0N^xKjM_>%95v7XbNRz&Puj5_8@BsVvaK+v$EUO>&h)LNeI>e(iC0 zTz%hJ@fCom_&Kw|*_LkEU)*Fk z)smO~7amIn!bsZFw7G$Gp(bTm3WaO^Yb!ZFd{L9zmY1T%X!!`zrNOxRk)%C1${Q{h zyAnokWq0!wP3I6&Tk0yKdV7n2Ze!qo`C!;Da^dG1jweXDsllh78dv_w9vm9^6Kbr- z5RFSL83IbQ;NrE6E^^T6meN7b16s&iX{5Br6O~JuEX;E((g@DSKjC?L z>8rKoLuP#re9_(2zRY>oLcu0~U5>{yNrmY!Ow{mwbU+0Qu`@p52r#%82^P|o>u03( zy-6~o*z7x(dB~vP1inzM*Nb43oa^|h%S5$Pk3>lrir4XyAE-ZvjpAsH=TN#uwR`b| zUoUr(_L%p+58J%lC4QFA>sum}cVf*=EO#{nzHG;vkk@*OK^YNy0FeMgv;Lk&_*->9 z7xZh$jg`eo_E4D+6ChVAPhZ$d1iI8c=+M;qJp!PRg-2X;=Y^2p4vTei;w&FO#F6%( z1syxFYuf#1Z$yiy=>8i@`*lAccHX*@y`VUYG>FMl%K3mQnT zIWwN2BRu+Ig=$=S*hG(bc>Qt)H1M-@#&+!>41Kn_czUfjmixBb)kcRpH#0zVy`}cu zsmTcWxer2!exx6@*4(@B_;R-uxZCTo6QBG8rLrlr+Y@V4_y6w8csM;<3`sp9ZslH* z#|Kzamw67nIo`h^GJum1C-4hS%K^H#3EIDkT1r1S&mfN`PGm~PQ~Bc`a3k8+dQJMi zn5I@U?J4--#Y+dquymTC>h}C#26aqE400uqkw_jj3m$~o_lO&HRV+ZVwqJXB%m;Td zi_;(c;Q3d(5K;K9(ak*6ME&{185`Sl@;WTlaMxTaf;!ao!v7jLpP?ipS{ua%P_f3x zILQPMTN0frUC_GA`opNTrScZ{Eq6_g9#E~I>&>m zzqprT-e=ODZl^+L0o@4+z_DQrp6>6)&k>^*-+li;I8WH^j`I{w%AUlwaEd$^sLCtH zjGm(|=3jERukrm^`|aDcmB?~8e;r*-A2U-D&xXC6>ccjj2)c(Kj5WhvyjSp|&c5C0 ztGoo+ZG}SO^@if+8askU-0Bk6QoSucB@h};)SoOO{qcKNyJo>V3B;J-sD1s%8M0DE zmsf=h5-tT=QAfLT(_wT;!e=G((jJmy9pJHVkOE&ODgG&_%7fn;+#1)}wvJ`14 zkBgW1Xo}5AL9lQ5u zVeti?JL?>f-9Iwvi0Aix0=nf0xS)(7VmS-Ko zA9Pr7DyOg|p0CwL!>*e{R(Gz{26>;WPkNT#7c!O7#ImpV;1oB)I@|(_FrZhluP1xP z-vv>g?(iywEF;4m5%JB%!L}|(z>hYIPu=SF$2GA8Mdlv$Vtxu@*{>uc$nkft{f_H1 z3h(EaS`cU0@+q44>EEx){d&Aaz-65#%e^3gQI1jw1V^p`IBM`AX%l+LK8BwRS{*%{ zOD-%hd&z5}1I25PSZ28A-3Q)hMf+>{x@|v_>XOnwe47trc9^|(#3?E+0zKTwv$>dPs`(}>iUisU5+b?d< zr|JoKLFn6_`or+RFv6qO=O{qP?$YuE{RtgKj$fVfG5z+Z!$ef6h4ct3jUoEUy}pxAh%_=!-@CSlsYvkp#%4a4@^ z=fvSGnCTjbdq%B4%NB_E)Lb=9d_|T-vEe(@I+prAV(2Z7Ps;8!;~YY=1(w~ST-OI# zf{gEXA9T9kqhtnb+|*OzCSKX^&x32`CR6t0thpPG!el$nwJJj+S*s%^E1be3J1|96 zL#Z|__56G9r^n987t{tD2`;XJAke;0pdghdb|2wLalW|UM0hte?{jZZq=!uFe!m#( z9TEVvGlLknqqnxZOMCYmr1OrRKm8%Rm(cAeLPgdNci3X$VCW7VyKnqLK@R>~A7KXn zteh?}rMf3(J&do{nNs8oqCw<%Q`94G8aEEejkzFELid z84B<^%7Q1f2{>k@`n{{iX`<(sOEU{?YbnFAF*Wy^KT++v=H9KS*FibaEgkp+1XmxX z_C!n#CRO<5WOA$S=J`zG0Gb95r}>TFm)>&4o~66-HD1ql{ks=* z+zjqAzoEvV@2T&EG6_XwCG?_QUgg_gpgQ}cKQ9TyXJzv2sM+ziLGOG}+|vqI=18og zTlJHI^ipR_P7*9{ULYE;GY{rCT5TvhTk`tpJ)_h6{$T(x(;?HTcyiMSr zNxVc9$iGOWUs=U|sIP4f=K!)(SZohjN=URuIj^+7NevG3k>X1Wzn89Ast?K;t`@$F zA-eP&tY8N43Lx3?V&XU3K2Fv-XdDm2!-%XoXxscoyyN#T!D_uHBu~Cj=!pA@BEf{8 zw-_4BC?CP8`fc-fKAOGb=3&J^cF`=KRqHj~w78zQ%17~`_MN|W=K5q)q~hAUwEFm< zKnr{Mb>GWCA%4s`Rb(19x=;S-CgD#%Kf)kBbGu7| zGKuE-v>$7$#-q}Lh*PksyL~IP%ia@Ulle%jO%|W4OV>RIz2gM7zSyid@3M!E5l_toX_ zJE56fLC@qV0G$1ogM$*#AN(^Mw;r4Es4t${XQvn82Wk@C?DI+65nc7=0sNc)L!5>0 z@bQ1<8hj4J^wS{C?M@#q+$akMfx<0E-4(K}J;7SqUP)UhfF5;(P=G6zzN&l^BJfgZ zN~R&~?N9mj*&zHSLJF@Ke(0lu?#dkF{if;hQm3DLegn)zP5QObmKn}8p2Imeb0;RTF$(OfNAv*V>HZOCuHma zuvUL|5KZ;6Y6bA<7YsJM64O{=PA~PLwLg2iby$0#$58VK)_ec=VuP=)heE_CM9?hx zu*~VtG-|YkdnYSe=1iz6f1?k9nSVsfB!ts1BRrYCv*TMo+a!lHhMpA`5;5m<*NBR0a+Y~zv{XVq4^cjF;EHbW6mqco6WoI_O@TB>uf#5mDSe%>}BL_H^T9b^-=A*vdR27WX9y~f-gc4yJTYAUncT7G;9vPE-2Bdhe^)+ z^V~H$g*y=VSKWuB^P=)f4!0g7KbqF>^qBfMh4}XJa68++OlTmTPDUQ*6c2J(nFC=g zE5>jA{)#(eNjsku;vl~G$f%o0YVbxG^71$sNC-nI?noYT(#M1mHzQA{_eS(9`lpzo ziY6N#k@FE#ReYKT0o+eiMW0?H^)m?bU}fEwIY++wEq5NZnn zZ=!)j>>fO4VN#34dM3CoQy$G=*l&%$5G$UNg}FY~dx}a=bJz6zzCzN8(%3;d-d~YA zxt_qC_VM>jx=GHcP#o1OXY~h9kmZJNO$S^ZwdO}a9BxyG?|ap1(W>6-hH*llJN7s~IW# z(+jIhDwU`d+qHI(>0eF3^vU%6tJd)2>Hb)O12@NR|2i5Ev9IpPCk0qqigu+@qMXPI z+OT8z60Qj~GhUmLkC{z{1PJMTJz!# zCNCug!~Fwgqfh>|OyobRf64&u8@8A8*_JT{F62)#o`K&~q{Z zPDGuza_S7rkWi8OlC?yJiXh%0kv99YqhHJ4Cm`Ocz9d{q8T!rQ!a+*#`hfrgcKE=; z<@6f^dXIT>RG8dv*VfH0LH!D@*%01>@#OSD;a{uCE9wr1BR~&zH?io@2y5 zbbPEzOLpji;Zz@DVp`#d7P0w12kco!(uDoW5`&UZ=oe3e<4ybi4eba8nPx z-CgtY#)!lpW+;W;l5-ySi?pvFkG&pgFVIUnuJ-qvc6aDv;JI5Kav9+#!CPO7FR+Zq z{YoExZSD{s1q$oOc>XdoFLgy{xO>G|df)HbzHlY2MP4luv8hto_S<=$+-Tn(_bxi%O|`ELQ@T}CLstF7SA&i{P$RLB zptyF!O12Zz6tLy)4~TG<-xEMsXXLm-TDOMbW!3F+Iyl=c5YK9AF*BQ9)whQg1fd|D ze{K$yWmE>y?roe1dw1JWLQ%lC6%Igy`g|k7yNl4$Z}Ej7%=I~aHnW%^`IxsRO>xBA zF$G}k1!te;XU+^BcNvBYxSp`Jv!4(P5_S`n^ZFY{;Nr(yAqQ1phaHTlY1rGu^74GF zB!4w{I4*bz!R?3&#h#N;+;2dGAUQPc?OYa@X#rFWsC7K-cHi2bPp41|ZzC<6Q0pvC z?Nf%hvcolVRl=_SlBPz7rw8oA6j?$D_~@h*$;)R>)1JFCtF?$`oIESkw8U!o6W&xXK*Pm4sny}4BR=4O^ z$HD-@k^PB;x}|9qYExg3nmwWwQqOD;d4qkEkHW6^trz);w1G_P_?L-`gtkL?vd7yW zv=;{7^4;Adj~I5dKDjz^B))7o4ib;Y=VO(R<7m&porgVFPkt+}kb7gjg(QG&WP2^n z=ZD4dI-40q9$vQ9C1I67oou_2UbEtA=>TE6Trvbvgv{`$Zle&CV7>*-J-ZAhvqTf13DD zJ1ysk&_9VWg=&$w{hSDUZ9;S0;-+6AV0M)VrDH924S!#?H{(PL7WWCfX#A%?4lx|O zAp2wA+Ok=W&UI$PrhSFsX+-cWV941%s`1JPjo0&^daoU79Omu3BDH>`nWXcxHfAP%I1#mVUTs7BYr49hV({_an2zVDcQjdm zDbZw~R=nl`qSQnR9_Gs=!Lp60*AYBt{f7#pU?G2`1LzY^PNg9%eI7za?Q-9}o&skU z8%%{e@$RBNps<7?Exa%C`YQb1Nq}L2(xT?M#R55Rv>fd1a&t5F3)Pt)dt=jSof&aY zPMo_o;vd~R&YRMuXIc@aFZ9MP?RPI8J|u8C9Kg;ZGn%e7rcK zh63o5#=OvBSJcMRbRRl-B%H-F=`Fm&-?@M@%R}r(`kS>pnJU*N4I69AUmVb>9i<&iut4f>9;p~o>E@ib@rp4f|(SmkbQB3$RnE2l15y{6!1 z2#y_U0~W6iofU+8iC7pGB~fY#%sL1Y0R#*Kv*$fDy39Rm6zwXU?1t%m0g5M&_k54>dUi0*sE8cV zDuBbXm3jPRj9zj)yLgX!aoV~NS?_8H#*LQ9 zp!M%#K?CrxoiTp|m+?M2>i8<4iiyvh?tL`;+6=$aSe!Fvq@{Mh zzMZotn|lisXtm$tXw8J`^tYo?jceJyQxR~40ge#+#np?0^N6a^IK*?uvf3wko+&18 zsa6m|b|o6Ga(bs|ez4%$wJ{aBQH1*kP{Cl?1G!JLU0glTR;>J{yumO64+>fTGg(rC z=1QwkoKenmB65kXvD*!eyUvVeZCUhBcexqq)!XBqU#@59=Xl|*l!ASzQ(9}Ch|LjR z`p*6SohUEe!i5^V(T=(&_}mY`oAJ&}!)Ot}hTxLRfQ&);1JKiPe#0)iUuFkQY^3v4 z#~qW8c}Ki#pAc`J;HP!(-$3s@&Qj=0O3vT-Ax9RF&|_p1n7v_C@%*92;YF7B&2U zr3IV7Jwei9(J2Jj&}`?~x^GQ;x%>Tz9B)cOU+f;LOVxak?@cy5VYA$XXEzBbl6y?o zo3e-FaBA+d98S0RkY{rPgneX7IuMvs90*4FBR_3|z}6=Ow>dYk#L@T{5Pj#G5diu@ zyy>Ka|GAz?2veUZh|vfoIXli_opJD?ywUJ}f_w*$zn&_)Hu?(&7?nmJRB?|3JbICH zMIG)5)T?g@6{+ORq;NeGtl|U^Fu*hSxwl&Xr=VQ0X7N2e&;>@Wazfgm4o_BRs`I-{ z(9lsocOsH}-B>>lhwLu#Qmxs1S{d?jtC_xie6Q3epvl`VbdM5A9y872N;*NG-}OXS zqB0sy;`ea31jKPYQwCYRKkj`y4y>y>_N7_FFWiGN7#*v5aaMxM=|?(&am#ckU%h2= z!rRTYk?X^B$JaRn3d(18-^q8GK?}O);zN7#r?rIK-K$e2 z@qUyeLz>}jOoPPvR<_b$fHw^AUZzJ^$%wbe-|xosQzf(py28jW@r7PSY)d6=pV!j^ z5TJQxzuG+U3-1!fGoOsI;yR!4EtMr_PR&0*ZlUYHWom~cM4qrAhGb^Jh9sC2Fm;i_4MKO zzCn)IwZ(QAhY)RmtKNXUSaZMQ)f>Hye_Xd<#=!(5;a~)*hIa=DgnulZ+18>+5QJX| z1OzSxWEI)hJ5dl+kR9RaC-{5L^qFoqTqvrtGBe^+bBp4`gdCpBiE|10BfO1e?O%=2 zBsTjylYv3W5$SNT`Dc%H`k{s8M8czRzS9;bWFwr~?oL8Y8ci|D^M*;3ameHDm>2ufU^3L!;85Y}zh_!*IC)o%{w9AXz2-YA7_LF*&mJ`c>eon(* zQmC(U-g0~nBV({w`u5?DP(|E3y98MYhKh+Lv4${Jty9nWINd^gCH#?~hE(hTxw+$O z`G{URuPaOI@bKIjk#do+#jLa%IR)jm{+-`jJq^OMTU4FT?J(!Avsmz-L{ zy+XN>Fbz!It)iBU)D)#LFQ2B!_S1AA0z}9U6>e{z6M@OLiSgU7F6+kTNnZVwZ)5Qic!++U5#_}Qe?#OTPGIq5VVjXnt2^yO(uh0HUE#zmI}a2* z`3DmEw>^IG0`$=`5awKk$35j=W_Iqr%+J^Q8K@%W@`mH~X|X6*$nyw0+lm%{xkNxX zXidw9S!#qm@^24zx#9d%l;2qeVf0y;v97jFRCwEH_@|E&x{a<$$Cn&Ya|$8Tc+G)g zCTqt$tx}j)b?mLkp0l6k_}&Z8rlbe??=oFKi**|I0_Ko=Z+I?YE&1MNA{`;dd9Q6) zYM3}0-{^h%See6cQFRf(ZTcIKwMw0c;#f&g1Q_h5#J7)C09UXn_Iurv5W;@;VD><^ z!)N_fXo4;v35J0@sXU*rg~zr;#$_YCZZCzq0_Q>5V~$-nMj3?Z&&Qblgzj-@!Iiq# zD>^u-Kfa6?W|g`x77_5qaFTCcICq%Q9yQooc z4vGIteg2IJ1g+FUy)nuvy{M!L(1$R)N4^bAGPIYb76S%H*KcdMrt~QeSMDn$(Vq>a z+E%D+t91^SYVC?touQ=M@mi)D|7n+mc=cDoPNZXP7DFI4l1t*NIZ)$@jYG!Q;{u)l zO!r&o$XedRPSHP8-&&Yl7iTSsrPs=fLjX?%T>@MT&S*4C$POG_1C4!tY0m`u4hJmy z2VeLfbnZv@V00TRv-Y_fh=9 zG+-7fsRuUg{Ga>ugwq%MhE&niTQ!#;x%0x@*+x{E*un3S1$QLL&)I`P7d0*kY~ntY zYC=_Xe+So@7_m0X{w{|!Ps>)EGDZ94Xzi3O0Zj$XFVbM3 z_+U(>Df%ZAeoWE;3@cHQ1cKE_WMw(3>wUnQuHH9 zvF$yU9MN9dV>g|L?PcKO)u8jI2uR>H${$fAaYwN`IQ8J&f(b^zSM>T?g>}DKZ^2v> zG>M~U`0+w$e?@#!LI;gQ5+VIES)WG=3%8DI;iska1*LmNRlhIG*w&>mg#@wlk=oZBb(Q=xXs4fC9Z|OI7 zUtkI8l16k_7H|dAGpgSc_kwAksu;G|hwJ>2-dFG2*OO&~voWSZ_&Vj>-RZB{E7=!v zBr3VwIsoc(gR7u-RVMl}zk+t(+Ui#*Dcqm&Rph;CUe^4kr)rF6nn>DlqwH#55-@aR ze<*0pdzXrk|5=PJM~q3?aLhahQ}KK=%6YifbhGbq#)W^`=ztj8!+6|{BobOidSFMz zYaHE17Sl7lp4IPxu`XP}kw$1LZ2C4K?Pe9`6czjDR!Kj;y9cC5bO8I*9;q*6)M0_Y z+^6ZPw=MU%+{v{D9ZxCL-d7^Lhz<^}I-_e{3 z8T4$RH$R1mOjL|$37f{0BsSaj0m#J0_Q}bO!H8Kt^QJSa_2Co5dQPvySv}jxw84O3 zU$BtQki#$?e{p*Jgy;vLQf6=t&Pxgj$FPYNuDZ=#v)uy?;|L+KvH2>3Gdb{(CfQON z&@LH~*q0J(-ZecYz*PkQ%3cgau*F5)6C`iz zthf$}bsGiTO%LmDa_@JOUxx$626eh!dd|7-;RwIf=o~qZ!3ua5f6*2`C&D~n?$n*I z_iy7*&%?CZ>KU9sQ%1?==SG1SspkW2oDp|>%&cojT*4mPzBN;(ps`n;Zo$M-eldgF+bytiJmKh~kB;HP+Hd88*tj2a@Xza`x9 zKrJ+SmF|w{B>@cN)xdLlpYlL&lh4Oz9RX|#2*@wQyCZD=zyPN|Jg6E1dW|9FQhVIZ zPbWiC$%7)B?q^AmshRNJ0p}!XG+aX;O&>?;2w{Z41P;W0j|DiKki3>mfE;jPV=fS4 zs#W`$4?fkiqV+&E)6M#fnscK2LBLcZ7jJS#ap}8F4+9kq*y!WV8-bE)*fQ_F``Yel zm|+hicke1K*$yIt%J1J9m9g^3LYCiAjZ;9XEywDn>n}T-RT>nL1 z`0`slvomZuGl&za_F1Z6v}~3W%-}^$(}S%?Ijvx9h0WJ~4GLWDp?3t?ID5fHr{_gz zUtmQ!3F@MMOyWgG2lsb*x@~cE*te8AHjN4i!IAFgl2UHIObx#(edEJq2VV<+w!Vz~ z%blxKaBR)uD2R8cUEmg1aMy)~#T+L-x-JLLb2>PSw2;zU(vb4sJ<%0sT4qO;(qeG0 zz4R8)@F1Wg%)IJ-wG=jg#v0Dp#bka%Wp^64mT~~Q=1?eS>@uJ)A5d;+J{SoqC$umbexrbjfd5W&%WGIT?dO6u?$^u(> zhh%NUH!v%A3S;h$>=b?|LtYXJ5^wt(!OnuS?IY1SLvU_XTh-X_2r{l|>+iZKKAOa<{DS*!{o{Fe?|OrpH5;~ixlkXX(I3GO z^q^|5pr^fg^q{W69sLG(X+GVKf_2E?DoNiOfKDQE%{8-Ku7PZpShr-T5ZHS~Gj8Ra zVJc}cEHO3T=kp@6l4W=ESM#Id@QX(| zkc~%lb75cJ3rjZGMHd!!V+SU*yhL@p;atWD;UB3E*9|5y!#+y%S*I7$7oNjWFbE{` zyY`JqBj9mPg437$D2xg8U9Yq2z1(L1TUOHBXXpc1@YG1bV|IeLvRhd3%as*FT- z80LMJ?NVd5=Ep@!Oa8brH88X9Yq2zUvf!9;W7t0vQOFWtyh)7&`g^V`8W#flDI9zD zA-Cug&jQleYXU46hHt-`*_^@pVPEOjrL}xOF_RPa?;U(vRKT!0RI`MoXkkC1d#+T7!oM1p2+v9Dn9Z8A1_*K3B~O-^9p^DciDu4-Ki zhSB?gYyEtXY?=G~th2TLX657+&a-~_8RXXqj-wS(-b0}-9`76QvrAGnJN&7g zL`-S&0YdYNmb`bBctrK+lYqmV`hkZ-8w3D(!UDY}xQ`2aq$9pa45O0A*dMfoX?vz| zw)K0MbFk!KTb_OchlO&tM7qgw;teD*{L&f_ZxVLD6n3ey z^)QShoh%%y-+qsnOVfk5>>${ut0Qj{d^(rA{RK363A~bM0Z+3AENSl3-1rA2;2*v75Y9pc0y?_rT)6zKuc(N(fR!{`b&d-@~t=y1i3e z@SE%a`J)d+nW&u8kT1@jZq7q~0%?Vqp1uKSkHdjHAXsWQ0Elel&xQY3v2E zj%Z)l_hXN7Vd)2T(d{2w+y-qj20;DP;cKMi2+i%eeqHlUukR(ja2uMKcp^O9h%K|b zJt!v*zabeLw{WHd`V$iuRw~ObN)qf#pj6EbZ?RB{pMT{ij|+-+{AZag)hGYapC38^ zX|3Go+DG{sOfS=hvw2+S_V(ASMamx^ zFvt@s4Qmvv?!?yLpZ?9tj|*p6db2x3)SlE*7u0#!-^f2Ww65yLdkTi4FcskifmpSs zqM+O)?x38B-=%}CeD{}KY~t?mv7xaz(x&p|_7pU7Wd^>VWjs6ny+F^AUo}1G_eh?d zE;d#);nQ;!0tyS9{eFbEOWqmb9IO<~$;~fI z(e#x4$OOADIXzt-S6V#EM&@<9dx}g=))Vcm%nRwO*QO6?fT4_#4r5D7&I?a4)4cwI zVfldR*@expgw*8{8iA0UFZ-y!?zz9)S0i=Y5aP(w0J}OM10e0jSTamACY2mKS|4gf z;Q7jsjOE<(`!|O_y2@Us{(YD?uUM7QCIsTB8Y9Xv0voS<&1^z&BM|RN5>s3Vwtw9A z6p?+l7JkW#{w{k(5UM_ZNa0cGihmTVXfx8};Zol~aPNCtf60~M?dA#NM+DCicQ}e4 zUcbu`E=9vVy+YY7$1j2TV-lCo5{>!;^@MO?A&aw{GXYtkJLe94x$OSVdOVq9_nP5h zIsdGJ6BCBi>Qy`VG7<(-` z`jBON59p=?r+ZIL{cJb)vQt{Kx`OSvb(k28 z{I!omPjfpoRz_8nl{acCNSNv1mGA{Gh{5;+UDH~ttJjhrXK6(aM>b~0`c-LH>X*8# zza)41WLBK*1MaPAaM8XcUkBVn4-L5Aam}Yy{gRiZ=0LhR9*$PFz-A#Rmy1=Y=p?n* z4{+3Q4ThGJy!(R^sL7}E-LqXIx)n?WZ+e*5b8OKf)sc_8+o93f2TkwKj(Up`o5`9tjV57=xCrFdoqtB>EM{cGmH5vGu_FvCZ7B5Vj@v^p5$Y(EO0U8Xn{q`yD4x|e`f0l#izh22*1s*~&!WpsqRoDd(Q7E>|* zWZC%e~OO2XxOEgouKdLOF0C=0p(x=JxkI+(wa| zaTes`@<1n?Ay-MM9@0#Gr*!*OA?bu`Ws%( zkN{RHSwK}N=%f~^eHV{MPv?V%GWae3>huWp@(zS#}~i} zBB@-))Cd$+tB>ndSGQQ-L-k+?H6bgt*mY7X+W{#A^x!V<4~D#O%3&JikSnP{Q|04 z7&AQx!Xx3l@|==|Ug$=A)g zI|ud}Hc7JX)C)=7N$q=MTjJVgBF>3mF21@vO!{8nYleg}=z;5habxIs8dlgeBp>X_8*&Iw=%?{L zpL&7%?C)=kb+#`Q+VtZdnUE{qatfnQb|+2-wVv}TL7Z~rT0I}`n1m#BheXyv+RqP5 z>4onRs;pkZEIe;ea%eH2&oE20A&#TsZVo6hzW4{Y3BN3PILWXm*emhZ@4a%02aE0( zR_~$Rf_-2yDc^i~Kcqn7$ol-;SIfHmgz^y}^DFwUbg2|;+1+@f%HrJvz> zlA}#vp@!y8RK^zeFxa;q<_-8o0!(6>x>$nQWhRPLFxjQ>($q4VCE@Lz^6r2HcF38KPHtZwZ1$~bQbQLB*O0rF9^c~=Hq2=4oJC7=#Xz;X{^w1;Q)w2W^3^kEE#oC^2TfXE(2Sqo2n z@3R$?4;O6He%G=HyW7y64cr;Sc?Y${-z2)_Byq3>r8(jHeH07jCl_^gCwMyX6ajr4 z!FqTB{?M6w;Q{1T2v0BNkG|j6u_H5MUwt-?GO-M3(W_o8+t}h~qjH`m_p(h1pX|~3 zUJM5aU}*_U_pEK}fC|IeLDSt1gckNlNzh&L%?DbsvViqT$MB8*S|9AFY`*STOF#v} z7wy71jqwTR7b8p)hEs=&eJwo-6CV#1P+9e`I7zky558_`-Uio2>CTr}5B6}z0DVW_ zqwf_QF=*ePKQ6y*M~`c*4e?hReLP96DabdnA zLL(UU&V=r(=^En5DaeR#$~J-vd*;>huxQ*gN4|y3Ab<2O;lf(}PI8vp(!P8K!FdgS zz~sB9u^qlX^L&|YZahcwH># zm7@ijUSG|#RXnl*ROmZu!Et`Cr5Cv_gS(%TR(|9!@DPel4qY@xqqoDL+3=5tv(CUP z;5o-EKA*xEmNWLB_U<-4gQ0;}A1|G{yp|&vsyv}$Ivh>raN@Zh{v0u-GU*%~rqgjf zuRsoC)Nbv6*$m8h* z`iuxueV{s%J5ab84`J&-<-xIxhPyR7My*|H)66ON=!NuWduHCPL0`jLIi99t^$~#| zI6L>U`98$^iU)4%8DmdKt>JH*8bE9; ztdcZpW&nIUN>KYOmz|E;`4a_?n-&U|JD-(XaHyB;JMKTP?=K5ltDjMer$S{VP%PXI zo)j)8HLx9anP zwXsqU_*_BHn^zy5RoMCU!ks-*WfM5-KuLt_w_9NsFiEfvHz@s z(5FADUBai?)Mmc)p08p>Gx@E|RQnCTtR=&NrYFdoW1X_i?sn(fZ}R8rhfpN1Sm*Yr z7XqdaKu@m1RIV(qAX<%HaWIz4JY1Obhvz-;U>cki+3I@Q1j0p29@~Uv0-O)Wz&90o zK&_wX^QkIyOrj{`>+31@LI*Cc`w#Kr;)+YOWUwK%byJPWi1hr>BQSwL#hOo%c)CCnG2bJghFX!r4jH$X<&@eUesia}7q5%2YccCV){et!E0ixNvUJM_&( zTXTL2ET6+RwCma%&%Hqfu418C?Hlq)KPXcHTzd`172wHC4B%yg4+J0$b?o)03l)9@ z9~QO>8Mf_Cu>r#=@;h`s;v9GZyJcLOzNl($nzhu2h8;#}&%Iroi?G)~4@>xkI+^qm zOv<6nnZC5{>yntQBh6A?@4v;Jog_ZIP|?EzBUzTmQaq|io`+k2?Eyz#-_=)R7!sm3 zF}vO{!!A0SknzfA*B!gG^pf$}!bkCLXlVkV>>)^&B)n)!jge-kk|>xc1L67SP^?@w zxrs2S(j+EQUC*&d#UQKvI{R`dFdj;u`-~_@sw3G-etF3$c(H!LL$ig<=3~5wcXIh0 zE#7H(mG)K?I^7`~b zEiblXT&;+$Q)-V>kikY`O1r-`l_%Df2`N$%)9$Fy+u}G z6Yi_rAsC2b%|BXZDRT2l1=}s-w2OVFn}{Sc1XqrWT$nrXb;={!Zp9Al$Y00lD);={ zTIX-o`0g?8jRN#w$ zub>xAYx+seK62eq5Sk-+Ww))5j^fKxM+7U8a-!e-E1c^0y`68=_oeS?N)9__-ia?x zK|}qPQ|qZ1u`H0E7CM{!R*v7Fa)ZkF$?7C<5SaGziBCp>3}$UsjD z$icY4moMJ0S;nP>Y(gjiss!s3R^vT#fz@8U))rt#VG_3aX=Nl86)=v|!GJBt9 zfQUWHy%&L>`#oHL3t{IpXQVEUc^@NW3rj+hF0ej4JGt-pk_cLroAc}I{nFTV@z{ zc1p}cN&PAPdnSbv3zz7VcYWi^AwTa^3VvJhJ-^p!gNHoZ1w~ zR7ghb@6ZAQ{&^UhUlTxE!X4ZYK%A>tZ~ualmLBE(NdIb-yN)ZRL}%{n-In%QpBUaycZHKPQ$bEjBax5{8IyJ=f~mi_$bKxL5UA)lkU`jp){_w$<}t`a|GtbAXB zAh}|*m(gVLYWJ(YUX_C@r3Ccwa|0yNv8S<}lzIQQJabc+4kR7CPmjr4@Jx6fL~b4>2o~#zYp@)cD@9csYHu)oe;s+w2rwKFVg`Dxw z8k8=q$jBD0-<1BM0-s;CLFhRsI_tdjFNKjKJ731$4=LQ@g6E?6#`f)V_$)tV?{@;u_^!iD*13K^ z)Gs2agShT<5Em8U88k;&!Ff6qrf2nQU0-{^3IiuCTIVYRn60T>eAjCzm<3raU(j+9 zF}l{TUDAy2EbJKYw@Bko+jAz^crEf^+csB+ZVEu88?ms`m^dSpKq;aca37 zF6iu@REgk8g5XA$%x*?UM=}(+@pEk9v6dG;QHPn*SwBBS@dFFP*?AP(#t@80HJ$hiDVAf=VcsI{%@@`H%q_Tl zzo>gc4OW-S@2OfRkGWRG9#x;nTGYyOPkh6uDj;G5suQH~4u!AtVG7N_<CEpbrbkDC-b}bI;s5ax1*7+Y} z{`ms#ufCIE4s$+-+NvLkmn-=m7$k+$IEUX%-9{iVi2;>VrhF484N(S!>=oQ5{e48l z)>Q0kqkKiDp|Je!#rZSN-S+`S&1K(C%~GO9J#|Z{=LPkz9`7&;*=22zT6co0)4i0o z*I#5}37`BA&sbhiKD%9Xs;5}-ZQbjnDWuAn?;_yAo)dk^#}E}HJVOl?TO|P^`E~>- z{V&^SU3YzgY*7!Ge6`R;-YFKz!|VBFeeLnLUtcfd9qTPNhUKC0L797^uc=yw3Yn{K z@Pge=*w0Av3VQ(;Mce7Uk0v-r;s4nnv0ctY=ZCBm_i}s`_QQc{xX zG!M?N44FlmnerlStZpSR_;qbs4Dc8ZR5RIi#NS~#C>ksIZYO_H&IG4#$yT>J`wBI zeK{Z`jImt)E?*;r0!T>&q7!-}3W=x^ieV2sdw;t95Yg%bwLWjKrQ?5V^FH{nSWrI%lWgE0VC|yqg7{52q+iG2|S}{z*@>D@dD< z_eD1n_G^#01;@0m<~lyKtMyoLj?9~b_AMO!r4N5Sm-y!(!YTtkF6cKjPHgTUf7^IH zybaszv_t&|IBnRs8Sg)4$YQmq16Yy%$VKc1_XQN?;dej$TScKW!U5|Cg5#z<9}5mX zW{mdJBA6)OwS>4fJ0)KB!+l@n?>YB6*)RAy2dCprn=k;IYbt@L*;#NGZlaN~*b-nh;fIN<8%*Z% z8r3${^>Cj`#;NwQf=Rk8V3%EZA|L3$s2@V68l)=Ax8=SSNI||B`fvAKa>k6H7P4ed z7w`@+7D*xTegZIBe+c#1z$M!tQ0Yk4f&91N4(N^9N0sEAPoOIv8Fmv5M}n)vm-Ua` z;_&zFbmh^^_}GILAJ>B*2bZDx9Pg9>-)tCI#B|W^vss%si*0Sl*WgAmBO-T&Q>A(d zC6(^cI=9dL%pQ5Rc^x@JkWC|C!-AdQTI-37N$)#^Xb8q{om*CfE;xD*+H!WJzjedB z7qMtB)bqKr1FtGGvN5wz@~2iXeze8IXg{8Q3u<|;=SB#teNYM8DiHe@68AXH@ASm> z_`R=4NSU6|FN9{I6jzlD7BcSiSq(1wt`08>SV81u1IyQFzv!;H59fN}ES5=}a&)x5 z44HM2OT}aLkyqt?gxvVIY71wfE0t&2kQsl!;+@dpby3Pp&SmWi>r3hs>X%PVWz5Ls> zKJ535-WuwF{Yo`8?^Qy;$$ ztU@=BZ;NBKWOv-ZQ$}N3Y*gdl5B^N=4Ww4B2pLItIuu^igYWU>D-V9=WQOiIyyS4) zQPOg=Tj$9Ak}Y-RT*0V*-0H=)PbZz{4}cASOEkaRZzV{wxaDF(l$lB^f35eiK!APh z1TYNDnJUzz(iSe9p5&*8S*Fv$gW)g9b=Wkcs*lG#Je*DLwX$+^M322j8pk_^xe&;_ zt{f(uL~?u}WTvbFp*Kl()c*PQk6P|$!o-@&+V_fu8X&;W_*bCV2fzKACO7l(YyoV- zpwNNijaA6JQP6}Pm9QvuI72nTnDVDv5dyth+Jh`_jE&X3n+FNoMlglwrzJ}La#cI0 z70zCFZuhMl!Zg5Uk{4OxTxrL3I zl)m-OuZkVo3XRbs-#q1aISbMlBlxSfY5$&DnDg57+0Phm%`Bw4r5_a3u+MSwvE2e# zyW?L{%-r^~ai#0V_m$OO>wW5#m#N;jq2J+0G9QmuR93v(p?noKI=^1_)q;8|oWcij zniApEdlywY9QO;&x+|#8AF270D`7{`4%au{&eN*xki@VYLuY}hUHc#F3xRw92mqv=a?&2UL> zDE^%H>u5H!IrQ~?9e@?0I0u(``%{X|zvUA}Z3UIm8kMh|HX`qf5B_SX*g1dHZQ}PI z)Z{9SQm&bCxZV!S<@@r!=x4;!PF~OkTt+GPM`b48W<8%H=7(DAt2No}%$*9Bf#um4 z9d8Ox0mF=@vJ0Pn6kQxZqu0|VKEn3dKN0Jh58wUS5u%rTJC4^q{=GHr3K^iUiK#3` zoUJx*qH37oi1>{D1?*d<#@~xxHu4x{7tU!jdryn(_So`z{D7vWzy;XzQ2Y8=2PAWG zKO6mYfvZyu)vD>IhH(GBcI)y3CPYSY-^SNH-fESvwx4vSU4s6B9(iIbPuAson+2mM zz{nG`7-kpQjjad%dJy$A3vVVsv3u4zc_GLq8wZ0n;4?&0>2bJH`e{tmv&c8s=6rp> z-u@5o)CyI4Jd54h0|WW(5mfe&A|2yTlG~i@jTxdCD}?jAgLk=c-CDf~uXyiotwW`_ zucF3*;gn*uvR`%|GOgx|=U837<`#N+e++l;FrhlU7&W_|ffjz79uApo{!kkj)TCqNS`gYv2vb`xbc`j=hJg+E;+Rwbe z%N4Tzh1|@YSe}ff2$bQ%JC{$G7tck7m|ZSo2`ET^hO1Shw);pekL%Jueo|3ITx<{2 zdvUw?5ImCmJ`h&YyKEu@upEKsa%I->9eWH;hFGnjmY<bV- zrZ1F=vgEWT7Gk|sT7(%r7#5HNd9HXS*o3|%jPZ0X6n82qA~oyeugBgM~B=P zPO|ykv#i%k_(pP_a;lHkUQQiXesfC8>;-vk*_G#mzJrHAB6xa{d+v<|jMU^O_#BQ! zG{8EYm|^0eL)j+?_UA$14b;VjEs1@q$0!kiG7Yl#Vb8V5NG$VuW#t=N#tr}eIsx<{ z@Yx_vrFk>7&w)gn7ES}TqyWN4zY{QUcMLchE1={vS*)#w2yr+3|CLya%NH*n& zrN+L#+V@bcp(H$?pd`Ce1AnbeD&UAASm6cJycMP7`Iqn1*LOGbGPZSc7MZr!X_Y7G zqsW~h&hO}HvWiH8AzRpo$*EO#9j08F>1c)1rOK?T(9X#T4X8Y`TfNBw?M&E;+0g72G$%i0z`x?9$A<@TP~ z6Cn}W6i`pT@Z6QH9KnN$y#Io`Y08SVazhS>cwg@I57yx%tWDdb4i1N;dY&Q)uFLqT zzLnPyut=<vs-qf4!Mn{m2ZY! z{+&SwNqs)IC2^^sU98G){IYV4@D8-5vLa~_%f1YT0d;wEhflNI+Bm)65o28U_wU{r zOH1`2=Mi*43n|OWx;(exF`RWS{!YAlh&qz^uoey-5Oz=8hvU*vFBGSmWP4#Sf zbu?O*_Uy?p7_(d4!xnP16MDDdS7BJqZ(z>$tB=WhO?P!qcQ`u!l;uyml1~ zUm>5ge#;`m@A449`C2ll&=T`Y8HcjZnZvKs`U6+BqET?q)-1!65>AKfmPKRTJO|H8 zd{OhqFJl3vlLsgDb#L{)CnPW#?aQqah~FH+O|E_A`u@|FVW~PyFel!7UC!(YI_%jJ zvE=c+X}}bCCQ8a2+~peHI(;UywhH0=16BjoSTYPg_DR@Tx7ZxXSorV@(4!ij}YVaU;>c`^JCkY)onAP+t>Q#DXXmy z*O;#)IdS%g*MMq5hYjU$YJX6q?LkV|GbC+C$k0+Pp?#ml14bkYGwu7MdU;ZJ&-$?hm{5s@)fF_4{J5TEIT~FN(EK!SF0US6JUPBtPYFnI6v8 zin(7vNF~(b$UA=V)|w;#xqGQ%p+yhv8{cI^)N#0!X$Jxy0_8OL>^JH|C4vnM&ok+p8x&zN2Kf_zLbM*|eA`6T(B!1){)^zv5o;^Fq(Kq>P1el&E|K_$E*2GV z0bBp)I2XNoeH5=3si@IcptD^QjNZ<4d4>Xx9zn?5E1@Me-x2~ldCa?_h*xe@Q z{{1Q9XcSf3dV!Sds?*VQS(;a*RlOUX z+4uA{*6m|+?v<@8=K0)*-loIw^kplmKh$6)Y}EHooob|k*6=miV_H>gP0#eV9f`Yb zD*WoTHjxyxO4O-4J!{Yo5BO z*Lc}`6NJO9voVv(CSXvfIa9apZgnW93ESh~#ZLj8Sz=j48ci5tPVk2)|SEiDXAX6&;D*eS_8Aoy%#2iDC+|E2`M zuh?U^G1`W&L~@(cs1DCn>FqamyncPC-D|81^>2>4d5=?_t@OInWvTS_*mrakAOP|4 zol?ERcs>;pFf;wV-ZwtCme92B-79hc-2fyDPY#jCEMXG3XA%r+RqC5Ey26A0`iv=t zkH(>FLHkBkWlQFd>}ly_X7=C}z&_o;mV(}KdMduhx-cUkX>;?3%cLs(p&!(0nG*hK zZ(r$DKeI>)J`7~X*bjf<0+s3-tlX}#uyJ2We99Wim51{~bc1vj4qJCmtyP43j=RNY zDv!Q_hrQ%+VFdc}O5Gz}QPlGjR%-zjH&n#W-{ShMoU3jBT!L~$gu=Z~{2ZqAYJ2We zwv~hTKCVC#`&vPYzWX^Qwm#%dXp)=S9FogapuNCk+;(=s4~SzdWwJc<(1aqvmEp#6 z#r6PwrIMA~kKF!5n(^M3*_RxckL{`7rx0Dd z+_YfE1S7=j;wjg%wwpzAs`r@~KiYig`mqenE zpdL3zBu&6;z!guw+Xx6{@@30{hnfHh;Pxp$KEJ-vqfPe7as_i zu@!`H$T773;HL}p7wtCp8-nVR`F;pPb?RPQ_+=7o$$$oY=U4TeY~s08?WBCoi9uOg zeWH_tc8+~CbLKZVaGOK5VTKjL6S_Y}-RVS5#z&~>JVT0j{`t3S?WHKFWM9lPzPrL_ z<4G{h`7NA}v*`OgLvZ^u>Z0b>sLna1Hlz}>#G6E+i)hC|!Q?aiEyVKUU^ejln$P9u zVg+NIB_R(Qp9y4RqtI8G!S>iKr1)5=+xXBMhg%oEKrbmJiQ8Z7)V6X3QH zjWa9Otky}Ldg#W(&ABYgT`I$V`{4<)h7p}Ft0B|gkH0fdfWLAFcZj_Z5A0HcnbT$y z1tg}&qVxhaKV^3h)tM}4?dAyz5+}ngQz~?0`{aB2RT|9g2~C&zu=hoT@BkQnOs3J> zbC_!OVN`KZ4$Er7*aAmu^%aCDwkY=*kr&zU0#>fo{6j>G6)a(XeP@ljA0VuzjEqkZ zya{*ir+bVldr_fXtn6I9^3EZ@ih8?9>26CSbz8r$o3iCUY~~}1+OnO_TD}aka(vDw zbA}L#*7$bgc9~ET4`SFKR3G9$N7jzm^tr&}9uE^?KwLizrY|@AjQfhuF5m8QbK`a| zY>Cig*TSJ}n0I!}U?ZxO_*)$Afv&!-5@(lkfiHS82~%lr;{MmM{5k}3 z!+^P@_lo-P%XS^1$mPh-78L%GdLOlom>Hk&4~NICVMk#3_@~ee`VqDekn%`j z*|=JK@l$E2C%a&80liFs8*0G81E}elV!^|%Rqv8_Hob-dKkuP4%-EW1(LTkZ`Ftd; za3J8aOteh(Q~GkZ2g0rCBKjHRw$A+###+u7)kdjOm|1;)pr+eo$9+`u#J(k}m9+Jz z758Ls2$e5Q8J|T78po@}MOcNUJDh*t=<_~l;0B+VZ+m}-5Klas;dU7L$$cjtB!joA zmcOkM!m^qKES9}NO4U7s>X#78I|-k*;xvW)^%N2whaH#smsdO~pR#D*3POVbtwsSq zM6quDIZkiQ1(jZY9_Np$Wwyw*JS^3p`BqwY`Yc}D+a3O49;cBf`tchfw?hI-$po8s z98wdRC<)(zY$toneQuf^!0vpm6CagZrvqUri#sTX3t`++g&Oey3HIi|r)+;7;D0%t zZ_22qx|6&YNY~)aquQ8~gNAj;z+sg$>WkK+>5)~*UZ@*_eU?%{-ynz=#^>|%h%Ujt zy*m=*bQr>o_CV_V{=_Q-q|v$Ob%nH}Cj`)jO~^%+{ra(=#s<=6Q`w7^5jcxPsl2~Z0SpfIXF*jQPN^h zQDy+D^ycXNdtYnibZL-O076b?ppGwH_c{*Vpq0sV%dR^9WT5CTd;LHaKK+o*TOCGp zT*}k_1RUh*Y{S$HM~y23PFnoQPR)fpg@HK3muw`pIpaZSmXHcYui*E*tyt*=?kxXG z^L6TQs(V$itE$~05_5qgkD+T3+c4UU}|k(3o&)0>sBJg>2`k-0CIfHFF~F2ed>_=EjZyH*zQc|)&4CEc)!WW zAtBzG#t72W@5#1M4i%)~==udErSpr$<2!1Dy5xULfI?v+`}F(ty2z?ek}UQUGc7n7n3>SfB5>h(8m&OL$IV zZvzTb%oW7X)dHT;gqI2-(y{`uzjg;0H-J zG-@;kiQH?}xbDvT*M0O|lNbGd_>|XZhU?yKksy*)RAe>2P=Vv4>jEd_E>O=4@#-GR z3#$0z*X&{#cvsV8@izSx1xB_+;{!7Q^*Hqtb$gzJN7!4RKhEn!$@)LCy#k`ZZ#L4aA{5OL9r*G0B zACf&KtC-Zi!QV6KQ}I-zj^3O@ZOSKtffcdu6IAo@mz02dYRy&m;Tm7x384A?)dsQX zvJL0_a?XvytoM;npN_WhbzEGI-fD#3puk=A=}xEYGD1nqxAyeKedgu9=bY!l;Jo_FqFuSLN3iQEuVnw| zXulDlThv2+aN0-E2T=0Id&sH}{b$b}>B0aUAhL4Z`mdNR+) zYY)g2NmG&DIgC*uJrdk~I!adujLr0^M0{TVz_@QmT0VI5pE}e)heYtrz=eL0vwDX; zDtyh7#Qk7|fwv5KxW%!b=7tI=H3R5dO$|hndo=kxBSV}|io^?_dn25!?1c5G!-n{n zFXPV_eAeT$dGwa&5rld-j&|&51;L15Q!UgjNP(G>qWc8Pc8%v4+sa#?u)0E6PY-!Z zMb~9L`mqI@L~(qML3mdvgs_59-6gp#v>fen*_~YEdJCZ29i?2E1q)$kKWeCk8xO$i zreutB1Oq~6-FWd?ohFi|Z#D5Hy_(N+jfm__G zhIG6-9nX(b_5*BGdylDTO6<4sqdIkxU;jIn@2r*mAl7J?mb&Mh6L(hD@6kLXXcfeL z?g+mVF;+)9%lQHEh_I#)0`O2y0FCpW>#`?XXX{pN;*klT3?#7JRED?3g?HlKe-n$b zFPY2S-7D>*j_z&v(nlwLkQ=DAo1NTB?j$@J3IdC5gZ)7CMjTaHW{rp!H^jF70159oja@0rPyznY)x7&RF`B(Jp-Q@`HtI6Bf+)rUT@CCZv zoUD?qdb1}DUoCQlJh9Zc?^P28&yTe}aICWi@&>o|Ej+}DdVex~4|`GkV)>lPTQ$SN z653=iD59~8x%yCwFU1D6f=z*Lt5aLKuo1)#RN%g%r`M1Q)NdhGr4(=G8v@hmcyEZ| z?8|;^DRlEX8wk6ksj0IvatLbEb_jBuo<*gy-8w%(VN6pO9`XHYdmiM8C3hvndd_Nr=OjyCVS@+fQevYBe zbu$^?mb@MoMZPA$u_{LC@clk}9-GoVJh#nm-ziu%pkk2WzHYFT5~EGQ%G0UAwg-fd z^Y!XAd`|FeNW2ck>fZ|O3LxF}J^MNU5@T={L-MxzX?1H7)&KK3-lMq?!(SGzfOr=P&f9$z*LvGF~2|TJ6;`*Imq5^ z2@S^`Z9wk#9k8UI4wJ&-PTUUEN!E1r`l&tMeN98MQp(Huy%#G@Z4hE>BFTCC(mTM< zMytbJI(@XEbdtE^Jz=kGu||Y(n>sXy$Kp1WMkh;pKyAC9p$=rYuM3E z4tU;}2Z-Va&n6z!T3?V3RIpfnBdqa|);pC+%x?XHJDQD;NTG6f8V`E_6CIWLJLUWb z#+?K4K$m@s**mZ+?>pw8aDqQyX@xx-m?@j4$Gi4jA*8uz(hv&7cjceH3pRYC?Ea7|;uT`O<7p~% zEV(BuW0QQnN%DmkIfyuc+p|{!7Wb_|;iX7MHQ6d}p(Tdc*S%c1#Al^zOMm?ifR2Ox zMYP|_uPB%ka)&lpq)g@SiY6ol+v!Zx2YTqdP3M>d-M4UBZ7<5$Hf&8>*%+GPiI;ob z58Hc|eL@0?;hvCK*=O;tGUZoXa!IZk`+0t|bM6ym@T|fsYAV6iNaCC2ozG3y?O%8D z{SAOYD!al1(PvB^Q1LG*eVgx4MEi!~UihJE02cK0o1U?z-!)nJ@L8@c97^5emP`?$jpF07mb`UJV6* z#c8hv{w@8YbV_AA-ZyvRq8;HM)Yvm#!0h^jW_4UK^VQf07|qoCK!_ov)_K+U+Skz<8t!fDJuzZ5LUA>)96Ex}Fh$pN2aA?YDj)f{IM@*R=73-TU z+{pGH^ZJ1RfQ^9SBkpmO|2_Jea2$)5;2BQYQWvI%+$%?jh~fqE(@lA`$eSjA(Sf)> z*pxs18uBe0RzKsx(bnoaDsic#w9uctcG9e~zVCmvBafwe`!sYRBceRrMs%YwOCubIt9}lx{8hW z#ekjef}ZOM;7Xi#c^SGy&Di8hAMPy#ANfB&a}5z`jma8N@-0)}zpOAJ8GdQ61n}Xs zM0*eZ{I;XB$DcqwUbW}C;=BD$Z;@1ODWsz=Z~JhLZ=5_>(*%>R1oZ>B6x)u&Jo;Ds z;pA`ev}Z`k&s%2*R;I4U94h?W^BAZ57ff}XGWM&Sej5WrgtDnmMc1XuRg0g$xaB$H zdB{IsAFvfDg5YtIbL_uD0QtlzhU>-Qx6F6p8yN7^lwFQ^{Wy-YJP3SG9yHdml$m8f z1<67rdnkeILb&zE{maGYYcm{w8OsyX0_#dhhs}?$PMn3;zb9C>A(Ddu2?>67r>HPv zzhi6J>CFr*q^vi`6K+U zMZ!r5l!vO^3cu(lKVl*>gxl?YdpaxSC>%*%B5(!D@ieWl>m|?GMj*zG4yv9l)g=C-m}C zVaEWkqK0baN30Ls+?FuJ-giVZAg+*aK+XeX=aqrAdknj9BYc>~zGbc265RS{Wq!n$ zBt#C(q4lE|1GI6!NLnAK+WjFFTF5j%qJQZVyfHuB_pYek`>b3V<_E#d6WoomTHcaG z{KM}ii^mtQ%k6;k^IU~Cl~!xxeV<;aeXno#wJ6lrxV)H;*@QvQ|JX~it;TRz>bneQ z&DO{60bSlKil6`pW6h*+mpA;IFZ=D4kpk`e*zakuEw6rz<|kMC!%tQ!qy5pEw1iWf zID3R!l%1vPi*$a+!KYu>ss;<_P^yqrWMTe(*hlD%f0&bAxU22ELgJG*I_J3IRP{Y% zhN|?t6}ObtpgkOjM-8HFhC9En!|>BC>Oq9z?|qF~%XNO6U!cFn_GvWMLwW@9e_!nT z0-U0|BLO&t$W9npWr^Mj_ z;9YsXP*5j&OI5P(3qQR+jwuv8ZwAp-o>o->#9NN1D&Ba4&~9&*{0SzW+=rz>A7=LBIQK!kIXU+ZK7|8u$jJ%U^LbJGS2!W6lx6M&O>lzZ#Ta8jNv>P4 zaE)C_!jR#rePJr}15U;3Hgf0dfRPr!sV4XoZ`Sq< z53z~_0y9oqFegt`hYvPSq2)OE3v+g^zQe`DvW=r58)ImCYj- zQRg!QUJ#B@fI#87ntp1p4iHl8dRw?stMaG5Z(mk$7zLXWsq_a`OiJh<7qiZi0t93}#*kqj}$E4;l zoRaR+Of#4)A1`;l(7=u+n}AFs-ood zUMCRNH}!Dzwvw0mHZHJqfhocFV!ut!HY)|**-YE9>X9RE3U-T0E0-5pQ8op&`PSTa014eM4y5rM?uH0`RXd(Rui=m_qT%%hA(f z@n_L^+;}>}HX_)5aZz=v$ssT;p5LZ_hFt960@KiRD&SyHoq<|qqd-K``F%cX%CbKi za{Bi#^tN;C=gK#iu8>=JI_OIr5GF}*C(oWZ;L1(r6A&`!&TH8zg3~jH&9Pi{XatCDD9n?b)k2>xWa!)^w|SJ^6d+j;uTpQuy{EjUmb#b9Z!Le%xn)^Y1Rc zeGY#yRU(J*VF@C3A0BC`34}Juc$*xfZB zgw(zYFO);?-?i%t7}9=Ri(c>xgUf^dZEeYJH6o~@g0=>vt*;L3Y#C$uyybN969W2* z=4EOXW|UuC#$OnT4D;gpEM7;MZNc-ym3W`&bUzR9)hX=lLH{n;>7>arrEi`*OtysS z>r2`fLj1@!e-OrEq+1Y2PeT7mgWzJ)R0Mpm^C;#0i3nr0>2xkH-eOhw?e#AVs7W7! ztvK;X+fc@a6?JTL3661Lbf+2>~3Tmd)?@ybg!=-_J)rV!rG1ug9yuoWul)$bJ62DUUC7v`BvdjYeEZMMN=+{g7cq1;J#;CIzL zy0Bv7ZwxF=aU2<(05!{4x1E9*8l3%hJ1{^0d@ZtO;qUBg;i=D|=um!;4vr0*bv@OF zny@MMv-kj>RA=WsFSQ@*^t4z^k@L4;x%*0WmRv{ryn8u)F$z`qbrOnt2q2}Xjx3SZ zTw6v^`w|@5HLZD%ruPTu;)5%QNZKBf!F+vMuWFZR5GkX%OZ^J7I?JFx5QpXDyQ}%l zt7SIk0cQ+pgz^|bf5)N9ru&#_KC)8j8`AE*yQn5O;#(c9X&Z@lKgzfac*T8|DBmZb z+fx6TQOc~#h%LMR4Ew1@SpkpVuL%n^{*52VI=q0hn6PHdP_3ahx+%(Q<>iaa9^SH-BP4l(!XDId$G6c z1xB2{OdBvi+Sf1<6@M0nRCRdLvrljg)m3_(i-_BrK&gA^HK`Fk+#0&cl3_3#FuwaJke*s`zs9`fgLP-wNaj4h>~!n61!~EgX%RN%O`I3{{(6p% zorW*P{MeKpz1G9rX!n?&G^jS6AN(-hWA}O*Te%_5ToBFSzW-0BP4=9Mk~4cQLsPI~fN`&@xYSr*F7ib20qjGa!v{-8A zpZ;v#^;F)1*FLGbhml5(>IV0%RaNlt@gC*m5FYt+ARs%4C*Ag*009=oJuCC0sYdcW z&{>It4#l*r?_71@@qNNE`*V+==PjO-P(j#zv!~$u-_rB!BV$g zNr}&e8hgJ{rzwrCxjpK@(tl%D5%(a&gX(|wjqC<8zA+D#^IWa-pC>N&JqvofrxY+b zoI;BHtb(TT{w>^Ghp1n%mt=oe=wNcpcs@t$FGYAP3jrP3$PDj6{GUiQw92)UZLfyl_u>iXHN(N%y1?dv)1AxTYMlHSDF!+)$f z=N3!_Z)&Z!2kH_0)r=nubbvoK8ewC^-;1%Ylnn|2_HVy$3cz~8{p(gD!ZWDL9Fbi{ zY;Ze%pm%kIlHL)RgY3;t#&UvPZSOulG>=O>UM=t+KHlBfY0JP0;#ntr;75rw4;+v_lI-~XHM|F`!K0l?kP2&Da zK>pYY^eef>A8a`lq4v7Aq0hd|s(oZxW0kMZ*K6&4;VwSX5y>CqkJZ}{#dUUHW*#*5D(a$j1*MJZGeA=9p831mVH+eOdg6Md`o@xGAH z;MGLkTxH{@)IRz8B2;=oXFWt`C!LOc@a4@Xx$5MZ@J{21^9s>Loz+iQ5VK${sbB+d za&Ymef(w&=y3`hJ4|Q->NSNWSuCVr7ni7KoACg@$NJvf)XLUPJBtv@~$QPW&dnlFT z?}^I)wQNJFEcvHG>PQR=GcTu;?UfgByZk|f)jhL+)}zZjv1dF@d3(^sA#<4qPsyC_ zN`6Dw7bz75TzuQV?%y*NUQejO?03F0pki^6^9*kH)OX@^(4!9Ioi2)wJ?uqAX@B-^ z{SP{DU-rwKZa0Bko;5WMI@tiofg^HdZm!G6SYKcWG)Yj=F#R1&O5ytZT;&}-Fz;1J z%*fu4Hgul1Z}#uUsa{RRN2+hFo>vdBdZx?sN%I~JAd=(>GYlY9`_<*AMN{wmD_ z$U~vCv!UQfEimkk%h=_w%!itC%!c+m7ABGMW7V}&|GPJ@_-(`t_;tS!81?Ix_5Eaq zL2kdMskx8i9}^85yzmp`>%$!CyNyfdcYkw9>{NX)@(RMn^WsiWJh>$a`4$TNj=Bg8 zcRp-m8JSSsN?d+h4%$1ULe>>2_5_0a(Ph_!K@dqWn-RMluHu&^D4ypc=E!8m`4n!12YO4?B+;#_dxaS;ecWIMI^%1R6n+FyK-7expKB*J{@h)d?3|A z6;E2dL7%r@<@?;u*s`%P3e5c>uyX?s5wD{UmzTV+qmWumT>C|JUCuzWhs0az8FFO; z`70wTFb?UwoF2zcGFD$w?u#oxzXInAq5}|>NdQ0FB2yR5M{pwC4sm|CH)6^IkLj~Q zkc%w=b(28~ogakcKynxA7&cIxvV+&~ zC37$%ZLl$0`}@Ipgq1{B2T4b_Rgc=pw!Ep}Xh-ieXkRw!>Yf3?57hGwS~3fJuE=Cy zs#v5(@>ckH2^>yazp1JAtZq*B?9l=U zLnyRge*4A>=u+GbKgF;#L;vxem;F(O_NIk0-Y}4@C%$>uv$yBmzH?g&C@^pP|+@&pG()_{BJ#q~_VYm8*dfvOK zvnQ@CPO`OiSq}C+zA=9fD{TD+8Y`aot&)&Wn0EnL4eqa#{RkS#2~P0fO`D&K& z-Al<-`*gc+jBL7Cn1xhs`{()yFSlpAg@ylO_BCh%)qiadQgYNEks3%2>}#DB>LxjZiujI2C0!uS2Sb2;s9A9K+qMw=-^`L90a+;C6ypP=(x_kH zx_6T8rwnbI{aE^1>N(ElD{VamURHnk6`afG^9=_tJcZKo?GOSBE7vRv1cu>xt(4__ z(e>Z*vud_X?kGuV)!Bd~7_+bIX}<~cn>Ul36_fQ{)Gw#6DDczX_NDr1a2Z;TR2~yl ze%aR?GC%FN;O~CVGQ0_%GRka1qJne26=H6N$qRiJ2z7y0PlzAhch%7twZTmHFOZg< z!pY1s+9SP5L*^+D<^p+@^Ap`A%Vmw~`?rX(9|$(jmXiU7`0ycPAz<{^zV+E}gpm7C|L75dbRht>CNpuN zhmnNNig~uwmVP~7g3iNYZ;!Y6!vpL}CoE7&FzCBexc9&ypAc=>TN_ zh@m+3y?upfNzTSc8&*PM-FJ|kQH_@*3X+mM7g;!ZPfchu%sij<0pug+YJxxFkFeA{ zgf!S{3*z&Mo~M(PU@)CUzIi&9EkX3g^Ol)?Zl57Y8avrGNjzsg4egiagl_-_EB*}t zkoF3}VIPn0Q~1{jDNpyu(cSmS>7%gb93{c)#B(6c*9*7r3i}OBfgG4TIFx_4#E>qy z%ypmdXGM;loDBgj18(kZR*2nFnEfA9k85TuccoK|8{GjwZT$)5{d|}Puus{W7`7Ad zu^^sWv0$2T;_k4Ee4ZX@&}abV4Db*GjjMVaY9rB+ozcl;K+RO8iYWvlFL2>vHA|0H z7Co0#jw^6=>~T^<=q&FydF6Fe8&di6B8d1lJSpCYNst**>tQU`$gnr|VB!Xwb{55w zhQ;LQ%*XGmW22P4`RKo$7E&`u>A{TQ_#rzjxnC?ith63Q^c6;5hR1E9CcEEXtcSW5 z4I2quiAldUv}X-DdI5+WFXjh|j08Ze`D5Szie8m`Voz3brzG#KY56AFH-j|r1%io}L{O+na1oTNEhrSU1|;uR>(11_i*pSw z>|WR1&hHTaVH7_}&(Pjd`TSgy9!wJB_YAD~Aj+wG`Z48u*q&MyVRsO;Q&j3WeO;I@ zR)UFoCAj-U4|4Osy){OW&VBC<47~TaO%_MFpqP}6fwi(!qG98zs~^Z~-fSEhhr>?M zAJ$%bz^Rv8Nh+#8=Hv3K-<7hT)KkY7v1bzEH=FREt_I(p<^AE|h7$IPi)P*2eYfy2 zE7pC-@(=FI@Z=z*ti;~)fP_6+Q>{X8$f<|diuQ)9<@x%&tFV58UfT&Pz2E_=tWUWI zg2(4xcB0z|{m~~+CyH7&l;VG3D$#|pr_;IgnA82*Bz0XK%Jm!OW-g%l94NTkW(3gV z=iGaNai&}0^E_v0`uyp<-C#7idAn&FBpe!N)+y=m1ZCCQuOC;6CE2t@s109|nR+D( zg}0%<#EEc9a)nPls@YC0685E*4}~Wy$HNXpVs@yA#Q)TI7~HHZpmg~I{hTRt-9F;@ z@`s&T*kGl1gv@--xE!=`lWs1n@mpPOW%iE(+K-82dze%3Lo7*wxqTF6S0?=H`g7@6|5U+qYNCa@177DoX^PilIU-?ks>4zIQ5B9PZV0lDum{lM?=|9lEq zc9~d;rc3R#5Gn-`t>$5#DUGPf&LpMxLRHdK!)V2oA};N361gJ6&YhI0;VnjGA<`lkxGRQj!i{c&VFwQGkczRP-bH_IhXN z%RHF)&1SKuykLFH;W0BB@d-?MtUM=Y4)Y zy&;9=kyfP~5*y)U9Dg=?D9d4qU(bC*FenZ)m-gIG1w97qq@V5E%Ie96&JliXhR}uZ z%KfRQJTPibxAW}?Nu7OVe2=Ou=x|j$ToiehFd*#jGt!QIAYX~8cIZ!fmlUcP4+X&j zV?`*`;5?n?deEd4igyGt5;7k|ID!;t|Mej62fwqt4sU^F*unfUrw`B=ek^JO@s;-K zE4pFh6|4;Ve$Xj>W2g^zuVGS^D+O%Eeq?c;t%ZJRJq>E+sW@ zHJpZv*~s48e6of*@>E2UP9VH1;>g$B0e_0CJMs1P1wd>3nV~DPu|i5!GGk%&`1t!F zVtk_$M_iPd zQ>{&$Y;ABF@-=h}FbdPA9A`H-MCcNf!S~{0t5%R!QFk$F<10qt(G8ROy^Q;6KELTi zVT+M7lJATw6cqRQY3cDcF}Fxq(vEI6`4`48u$%egw=Q6m-d~avQ=dxoQtNk0bG;;= z1)4n52xlc;hZOr@Oi%)lbY(ami6GqeC5^`T1O>G^tkAK7X2{vX7#0V3cm6 zAwP$7cCY%Spjuzb3Dpot)zUDTj&$t*Hj`xLiIlRdMh#FmBTxMc_z!nC zK9(wo=x|^B&r7|=c&LON4>K|JqP7J_e&87U{>E>ylEk!m&`_pUaL{6(8YemJ=sL;8 zKeVSY!2REYu}{Kb87aAV&~*fHVxi`6d=+1v^_R3%PP0yV) z0~0w3g6m)M$%I3x!2_VRypp2X9w@`IM0a30+3XnHPZF{%pNZoue=&*XSZFhAlW1by z*)6H|GlkXR2?MugFCmeS$)YLLW8^2dKNx(!5*#2*+`JYTI^lC9)k|glCEiSU)j7|@ zyTgS!X+XeDk6d5R*XP8+`@OY(Vq*U6eTD};kgPJC<==eVZYw6M!y}92jkGS-DiiAjnmC-#5R_yDvha&q5C!k3 z@!i*G{`J%M>+pvGJd9*(+FaakB7B;ZqiefqAL7+8yrEMN`nvXHC}wUcH`mpRaz;@vfl`$0P?KO1ZAk%jUJ6%+d2}vZW zkXxp!djG;k^m-V2;7xz(Q&3b<6y?u(*@CC!XaD=Ate<3dE~M}5C5*>+%%zF^{@{J| zcgDQ4=NDY^>)vM+l52EfpfoP=85GdHuoCyDvg($<@>oE25$|f!4CBy81wmk({3o=m z0(EYuIxYp=WB;tB(5|?CnROjvN7TisWbA6i}8b+N5(I6Yekzil*eDn5CkaSMcQvXb zNyFq%Y1t>wJe2%~F2+^jCx#vMsbYzxJdN)7O96j+q7a^>*)Jni8ZJe--JMz6b*8kl z;L{mNhi)^r!C;=bK-e3y3+Ao|Eqp7)qz8vzB)@A?Km6*LX6Z z)zItgMP!yem>voVKFGqgNu^Vr9lL}K@A<8I{%n7Zi^lvj6;Lu3p}*{|k%#rYs1_DE z6k#OZ$aX*Lp!N%!-M@G03T&{rFPiMH;GWeD7R-!OOD9BH;QUiSd%maoa7PoYt@j`e z9vd}1aP^Np4FFE7)Z4jCUEa8WzASJLwBV!oB)eBhQy*Ku5GnI$(|zDBqGVm$;&Qz~ z+8=D*(w*AlQ5K_malS28d&`OKpP#9;o>b;07KDNXN`6@0h7=(zp9r)l)AEtedPqOtK;AzXjn7O@I< z7hV{O=6-IsBHV0$h9Ub~e>=srrM5K!fcNzpRYy3ycFpzvei?lFx${<_5gp5zd)lM5 zzncVy%hQUWWavXQ1KeskeqJl`(3Why<|~jD^Y*= z+P|wO;v^sD0IiH@LQ22OGKtJR1sLQ63VR#U-@(_1DTL%#(VjH^4l^prc5_`4g zubERtAb)g_je@(cKuhS@N_P5Q?~!iI!z5dV!S2CJV|QL0j;*U6njUOOih$8#@is5- z)9;?3O95Ku6VI#ML+8xRIl*l3#EkgM??l>CiAP%SDfTs1t=xLS!l|ECr%Skv59-w{ zl{gy&UmiT2<=-!`Dpu@cl60NcE_B5k1cHy4@br=}a0)p>uKBZL=;_fAmU7w{a-u-x zJN33{^HTU3+XrO-mABTO9(D$y^$a0*4!`@k`Md^9oWwF(>U)R{Qf=`$VjQ1qdE#b4 zTp$^o2;?-YNURZ?Aon;=Ywq}<#0GfhkO7brmz12E&VzJiDy)7@$;)l%jQL((N5QNH z?ifB}I~!7vS>R-fG79)OxOLUU4V~~#Ay{L@TK=#c<-q*_>D$`zhEUpR9i9+Q7k_e5 zP?jWEGUFT|hcv}B>48XCYXe%#Yt~aF+!UtnD~MSU+j&^`-_z&pYLh-3eFvbQY2w!B z$tO&4;lDoB6i)mJwJXgPUagfts6TE;0~pUI0S4jZ!r#^@nJPM!>vJ$pXdB>@-y&5k zl;J{yGe=z*xN-``PV-X9nXZHt{2Pv|*|@EA8ZAF~87Kawj847}gVZ4s5U8@f^TzZz zwR8+1yx8_dQ~drsDwwvHK5oXsT;+N=fXMgS=UJN@dZu1|;4&}(tjMgB@O=_5`HTLm z*}tCEK9fv2BoNpO_hvm-eKDZFhocQ_4#G<_5B%G9*Y+IJ6SVJndF(9n^SS5#9-|7A zOHqfqk&c5uBHI$=F$>rvv5i51fxYy4%*cXWL ze7yGwjeMh@;BYq1;AKD*HX&$aRYv2*TD#M67K#P_)MH|NRWG0$ibCr2eY&4)Pl|&; zV%0$7o=EPZhZ7J+RG2y+_n}(SpuAR9c$7R6A%tGl z7jzoWoL~ZU4(^|XyyGu%VCP?sPyfeyg!Ln!EJCf;o!m)RrYcjO!@5 zPp=byLe+$pdQ@fDd3g|$(O656j!ZwwH)XoFd+npidBKkONKF{HD(cz9T}#JLr3R)t^jHyI%M;R_+j%@P0UsZD!=qw6}uuu$m)K#hVWd0zuCi~1ZsC9 z%h}qU;g1NU^td6aDYKi~llRW~ZHTej))*=)Mc?n9#*9H!dg*ufHe_`9H8M5Uy4RW` z=J#{?={84qw@P|&2n>zqO-Z;smr3F?+6DM~^gjBFhqyam zUuN&o%?DnreIQYKhIw2?7rXl7P3)hSr|f)?Ta)iDQvvBSlSPWnVV`$~i;q<7o@x;` zw#C>hn@GYt-(0DDyF;$+XC_FhBTKT5VKTY1JGTbN^Oq_&H1bIRDhhWEce)-EBnspr z^dN7-_zt(jbP>P4%yh_(YT}B=94;DjqnTBJ==alkbeSwp&xie1r5*5e&cpW@S4}zy z^)d2`7zsPOSM6$wmxZmwqEl9yOV&LG78bIxK!S#;CRXx2=)(A*gW~wVl8Wf%Yr|=H=>z3i3ogA@9XyC8SMo=m;Mb*@XCK~1`Ofaz5P@=El(;3N z(W-T(uCF&7N=&IVyC*~fAQg6jJgv!oPTl09+$r*gGl5QswXcbUw%T{QN@I$$`MND{ zr*J1D>Y8rz)ZmHzswD*;$%Qm)zlRjLl4Jrr`Oncr?^7!}BJ3VG|IVss-e)E5#HPWU ztW7AfCEn&hgd$Gg&Ot_1UEO*No%nvgHQ`%+rRYLP5Mfg?Es5TGz){oMgO;7k>@@iS z>*)|=K)b=uU@s&ZK~?Jd&WniqEthAAlFkE!>(X38_lBgQ_3IsB2{+oaiGZ*DihG|! z+xX!h>#coM=d<~fgZ$XqLi#QV)6x7bMq<;O@U=x-^^D!=LB(nvjcm^)*BApx3lsmw+TJF$wP|3wMX; z@ymz`NSv|he+xZH`YC(~S46;_JMZ;14~r2w#uB09g)IPr&ds}x>s|Wu-`BQ(MN+o@K|BN|}j(3PLeB$s#%;CNCWKzbt)rC_6 zU+;k{DDK*r=g*=XdghB3!-41Xb092xA;haQ_xdORJ-y}ZezEbbZn?(E@=-pn;6jkb z3)vvvevnRD_m|eaDKblw6SM9cuR#CIHWQp<=!#7HF-Nmisa-5%M` zGxoyUlf7g0S##}8c_EqrPv@35qPZyLbiaew{c+_J7hfLN>#w`Yck%FCo)O>O5GOw9 z*JQ7|Mh$n5e{^^JC2#6;-=`Pm3xvH-pwjg| zQTL&+E%hISy)fV8lG>`*2sZk&e?R0-_+nICpE!dfpEtiPU2}oE{?fPfh+>vKl{gp@ zI~_ELE*^I_B|6407ERYK9U2eg{j>CWdEkzCRJb+TuPg1fCE~I!7EIHgo2&X6$r;sM zIB@LaVxiQ&NM^AbBJ$omCca*CCVH9Hu&(0i`>bRVa+kP~As|o1GZy&|I;CZZlXE+?UR7ieKa*rwZxz-;XCXh31zB0o( z($#&bQ#bcyq?BrwZv$m!^&4A`>iPx19+ANP=T*rrS_gWY@%t-Fokcku0X^f!?lBI zTYAJRbw}Y$+8<7Mz#A)mR{Wee4flkPLUB84h9el0YVeaB7Hbx|vL|NslxlASfrH46 z*so~h71%JO5>bUP4G{?kYW`de)M&z#p&5d%_%(h(SXlOiz6u#rI?cFWdNNPHZ+QNG zpN=mAVbM&pmcA6wj04eMA$>FR{aBhjdowHX{2iBT!#@Ba2?9~Ghfv_uuWe#HhMlO4 zY~KeRDQTAw z+Is^fhNUitppM5x0c*bsIcoR6N@JN3`t=Am2K?LSyBW)9cc=Lw%@yFL^JB@;vzT}{ zlN+Y|OLttFFWX9>Qyq-C_U;8gUOwNGetClfemO0V)LKrZ=3ZazU|kQ4=b)UF)6E}K zBM$CHI^6t0AgXQpjoa^B4qlp zsm58f^#l3U_pGdsDxcVi#mi>yTGas0DbE6JQ2KQrSqx^~b&)FC3V|=JS zLE~}3dXGENlVIXX;!H}_pot9VDnHNT$np*DM`>SMDDLxoQo{amL)f*Iz-9qV)ScZ6 zPS$*Ak$q9++rW3o(d)LKrP8adDiAK5%dquk>kk^l~TW0P; zBlm3}|DsN507UaMbtk_GCR86OSr0MVKl-#ELcjhhV*K*i?~*w=j4HVGxR0N3y=+&g z8E_Lz*xWq~I4x4vlGzG@1OEBpwC;K0vEAs=^K!{pm%=a%S?C)W`eV(mlV*4l!PsAB znp5u2$J_!q&Ir;>zve5(WGb=xCrh2%dA+ggmu%jNo!a-}5D`zxC65igA6{u_ zUfQ6a^yF|*C-+)(_c>m_Ylc9?GZs1%SXCwHfq1A~4uYFHQ$}*cA3)-8aiSed9PBObOchy-(U1&&c%&e5Fm{&&ez_i&(ibw8Sqs*0yJ_t z$gfts-)9cjGd6kE1uO#mi*QXY7G*XvgK5IAb9D00iujnp{dkID+G5v!j>ql$Jo+~5 zx6|SACWmM6)Q|~6f9`q?{L@?kJo4Q%J^Ai$_f^W3OH%@d%iRBC)vD6zw-#Jv(q13~ zwl)_7(^f)xJ#QIjPyo#6?}-hLEvuKcjqR1V6o%XBtmfUj>Gp%sA*p83#+JBK$|~NU zF9(Ug1pBPQ&pAL%3by96f=cIt1I9&m;arUG?Q;c%HQS<0!yPJMznH%pCyPgRqMj-T z=OOm$oyQuf#;%2*>A$n@s5kTtAs9HE_qzsVwXD}|fsBsR9w9Tjh|Ud;=Ne;Qmr0v; zC|a8@=$9NfGF7EFSD&&cjP-}I4}KM+;`Tj~A3(mSkG>b{d2(34##=AAqZ)mP?#y!de z?ob}6p7`Kx;yxdrUTWDw(+?snn=pYHGeHG1OWrvUzLwWbDD!eTH2x18FY~uW;^-3* zAL_J*}>ADhV}L1=Z`IDW8lNSuI8LM%!LLp2T=DEK{(xCu$~pV#j8Bp7k|P> zs6A5%8#W`%?cult;R{_|-UOlF#;8(7)fN`Xix={sbEo=pb+`s;%3V`ffe2j3%UNe6 zZEzfu`wp%MiJJFGOueZNw4)YQwI3fUovb#T_g)*E!u))r5ayAmm`y&)oxjx>Y4 zwLkZw;wgW^h7>^TsaQL^ z^2_7Fna+N>u+;ZB$-y>Gvq@T(0I=4Aq919BrSlpXJOW$uhe8Zb$M5uB$)S~RkE~(d zk67A}saH$~1Pr~Kv*v$tanV^YhLxpVq_5!jy!o3B=O8$@)S{g(Fw(;IHUIX&Bk3YG zFM)S{**BOXMo7-q)^*$`hj5G&DN@Dk({N+GB>wP9FEAbTw!Qrj zg!w#-Ftwf9Rpb*!o#i`SJxNL9zfY8dCBtKCCf&Uj%-Jt{60ZBg#>XshPdEN^$$q{_ zKWABCwIHLTcb5q2<)l?E>g@qLaWD8ZPSsMHZYCi?09j^X?+ES>=EO%6v?_pp8w}8q zFF$)V-Xw1y-OI;o$fh2ZqR`;53;sCgB>ET`@)^ZZDI(`P9>x>FIn){3K^~H4Lp%*# zxC5(ol3wHqke%9*pGT2X%HPiz){y-OKfAE#`oK#_n0Y3MF7QKynTBf zkx`(n=;)hMNJmdNta~w#ZT3xOZfo1{(z7!^ou_|4``d)Xz&zaoa-VSar^Wky_xkHa zouu0AjeS%uuD{@PC$od=*0v2=4ouDWzKl0petMTHxT;c-?_(Lck7?5nLxyl^Wk|9K zYPH{wzrh}1c*ps3hLZelI@FiOBS$=L#i_>skTwLzkN7~qLNlCp>$p^*ReHKhFLLb) z)$$ub{DA5B63cn$$|NXlEkrT%=%hF)jSp2Cf`)QKu=+(30k3~w)WvuR#? z#ML;$l6N6j)lz+aC{OvN&9h`qV=d^i@!@1Dm_dO*ipOoW<&aMI`?CM3nlp*)X}@^G z07?sK1rQg#(hIT(Llg5~Z&v`$ml>#@rmoV><36TKgLJM0m6LGWK$DiE7E4vBHQf4A z_9P8O&bn&hi7Ctrx|fP&+&`qsP@B=mG1pet=jMcvZ393Kid`kT`{qfDa4gQTWsUO zMkufDOQ@V6^~^ZAagna^`(=xHAIhowbViI(sRlORTo-4^>3x>7MJ0XKdQ;u&rhq+L zPSR+*o4mmd$=D??G`C7;8S<;CWnb0;5XAuKC|}p^0gDCHz`}#MZxtl9AaVa%+qqb7 zgV3?VcYSu_4;zyaNY}h=8aTY|kvh7GN>FrnMns8xh$?Vr;ajC#wSs<#dlx9M)_^$y zGff5Q0h&ptP2sM*bv6&$_1nYs{X4^KMFqd@$3yjtgOj$&*pvRG=SfEC489ZbH7xZe zcWTl_+{dj~uB_P$s7R$${z%00<@H)g;apNCiz)&GI868i|Jg?6MprpT@O^AhSSgp7)X)v%SBT)Xil#zX8MsuL(4JdHKE>`TG`@{ebnMn+vMAQRP5hFsKUh z=6I0cJ8ZsKt74_D%t>>26u${jVFxWu;itl`Vq0GCLCd?;K@@aM=07zFu&P7(;cU-a zegj%s2aEu3d54!=hRAS5RQPK~LZ!oQ3E~o)eS~v~BDfJ5%?_B=x74g#5u-l;a+;)j z_)uBBSoFL^Zm)dSPUea~CGR?Z3j()|L9)XD4jQ#j@rI)#_q6Z@6)QTOjb znSxbf%3L15jIv4yKnn}s{;k&VSbFv_8Fs;NE}`5-O2lERsZ=YxJ4W35G$=%i3lhuY@1_LmK z!pOpuAt(>Yo{~aH=71qsP-R$impo2t|7O<;ZfynKkp}BR(QnvgA83n;ZyAq<$k0&g zY`++C3-uQ^C-mRvCJ&)~^69>+-S!s$=|rtk_ui6a#S6j|jaM_9LwdZRn|w=johE++ z32N3`@F-bXl{3d+{G2{n%pb;^@ry*<_Dsk;*`oF3V-HEhgPR+^;;aA{lc-=ImG&8t z2Nso?c~5P3X|Htdr7W^@B#lFO;~O2VjnS33AmAsS>F$^`kO6A437+HinK%d9TrLmd zb!3MrJm2?eR!5D2t&d6|ZQX&eVIMx>ag_Jb zY{V;qQTy0OC~QfZvuEEzGBfL|S0I7-Kt1AT=WymHOq4quvaCsC^;|z*hu;sW?jSEN zNvXWg9UyskzPg|k52tD$q4@_N(4L3T^SuDEDw>h!tN**+t(S_qxcx3C1gd_gUeOwUhSA@C0N zz3;1!SzT)GPafb6ryt3&0fM%!Y;+tbbX(DQ6C)_4@GsC89?zU)E{i8|e%^{|sW}@8 z;qzCSH|&@<6n&F>Y!XRT{nCn$?(ircvE3MRvOBNl%Y8uxLeyQBmWcn}4}0fw>&yVUu+6Mx_sq=4R_=)X2!+QFEYO^WSNC(m>b{KdsFqB*jwC<> zc;fKJ&?iL~!A~=QgKr-+*E6*95_!I#H;|s?JVI$B-PnW@I-x1(JK7P`=eAml#b$Rn z5Ub~S(;ifx?Y(BK_Q|y41%2KRSgQR#hyH6xcl?q<6;$mMipmXggP4t$Z)FeZbwJSC zQphLRs5(t;pH#)(@vr_(`x=pDd< zf}5|bLzztx1sfbUFg$EMEIwC++mtovHaHRtIasg8@M3Y{5kZU~RzLcdw<}M_*{P>1 z8K5Eq=tb@crc0X-yOc?6J;wN^G=0iX{kupd-&suMO1XT4rB4X*K=)prgDF>Q4H62# za*70P>1iQIE~Vd+y%!SimvOHWXG?E1BEf2Y{ajstbJXzj+iSMdD~c4ouaF8HXC{A+ z=VAK}&0JA_g+TD)l{B<%+$x)G5CfU2m2DVBsr(54M);R6G6{Hm&IVi%#?Bww#9!01 z{e^jOLW=u$cG*wJs!cpYfd1Fj)Nf6cewDAT9I{iQW>g#e_93T|+%_^=?PA@!rLEV& z7MtG<5uc`vy-hp-f8sLFza9w09K}W6!?m3^cwhm4u1?h0T3@VzHIKOPe(fB_8f$4w zanvm&wQ9e1^rxUMwskYbO6Q`}jhRA4Qj2`L3P7BdFBQwy(@g%tx;4`IA}*7>HxtXF z#uEY!0YLNYZlWQ+{irXLM|P%Ot8n1K4MctrWxOZXLr>m&58=%b;EW}IB^+J69lY`= zL%a3h?yFW-vm=Q&TA0E~QweXxaZ_PorLI2M{X*cN1#<$04p@+&rR5i_Z_rI#iCUwC z!7zgBDV)Ne8f7<`pT;ziFyu-`vR5sz!Ui_-0DYz{dsj8Q6{?M_@TM|;5yBoZA%sAs z=hrudN2AYPsFzVIan$YPY(RTZBvsKGr3GmD^WDD_U04(BCz;knLUzcrXUfZu5P_)t z=s#Y6l)O-{#lb{_@BtxgKw0`6xW0Q)!;48HaOTb{pa+!@@ZkPSVN>^SLG z-;O3Ft>XYt3TC~w4TBPTsWSdL$JZiXHAoYRJ$95A*POJD-;rV*k*%%EZ;I~M43OED z<74W3QXt~eKxav2x83UbPn)s_Hwj$39@Ou`L-0OWr@q>cQYL~Xrxb{(-d9~y08OKL zZjM-8q%deBN_VnBQOBK!O<~&Y1a=_(|XE@5v1u_pmwYdd;k3Q1f4YbqH=bbC;DT zIdouY4{fzdY_E2CK8FS!$-{J&0PlFj|91wHqC7i)7d3lrkm*txACO74Q%K}D_RFW_ z?3jyG@6|zMea3Q-;2AfHzSUkt8Ksl6UjZZiBLrA9RUDCtwDuNDir$*IVa4{@sDHJ^ z1~`bFdEs#{f`)z06}=Owcsm$S?keDTMbIu6d_QPoZ81OZZ&Se1W}5k3UmwNwgp?xM zc7VI3m-4j{S!(Xp+x~>UkiZ0OQtbCEMSq8luW;EBD|vZeEN|D*$8fZlX7b}+t~kE% z=&I`-|9`M0Zy7upe{y^-$R784I#Jb5QQfoP?Q0mWd*JVMf7bn&`i&HZwef%#{I#C) z%LzRX{6sC-{N7#l!gd4(1@I|;oXzSe=fdAcQ;qjU_aWkOFr+icGi9b{2T$7zwey?K^ay*U^W<-h zRF`E;cki-AZu+WSmHiEbBDSI0DV@V!b(7;dghtz0z`mHR4;m&hj_`=Tr`Ebr}x&#d<+KnMCJ@XDE2ktLK*&7W*%Q)!TqbkQa)aLJ&Xnd=PhEX zs^fdo4qs46eTn`CQ%v944{T3&XC~MxvLZ_%phP(%c+4E$m@Gz*m8uo^vMj(WU7ZvO z#5~jvd(Sg(b(#^?)1v==Gt|YAhS~rC{Dv0}7vMlEXlVdje_<79&+$AHIqqrY^_lX5 zJ+4-*p!G>S_v@=2%x_8VH!T4)X8QC$ocigy;{N0#14AWHwGJ(B#HVyOou0~f@>2E@ zz)-44#}6h@^ex{pGU0m;W85{DA{#DA!QLl}K1|nB-|xflF$}8mo+S~2%5|vUoRrha zaF?VB@7H|G!pDAD14_<+6zUUx`g~1#EW;#}#Zo0AjFIC4>9iNg*p<&f*`Z-{03{&o zF8eU@?@vK!dp`mjlwWtT4&g@||FRs;u|Q)$73QIMz}Aa(h$QDS2qsNYIcl7cBEq7P zn2Gm7<;hjWEaH?RkPOT%N0H};{?-)1u^!Gg1hvCQCqP`lgY5UK{HzGy>-J2HH&`6^ zec;*0F#L%pPXr98xnL)9=~~`Y&)%7~!uV!umApWc_?g4QVw) zyx+OMq5KKgH{0UhaNL%ub}o>miv_|#=p++HFZ=*LuZn#Kp0!r|8QC(<{$QS$P@&gP zg}Y>dc9ME|McBNpZlT7R0lrX|yCpq9OBKwVh6pD{BG zl6kM6v21?lVJt3`P{8A`a@bAfgCW5SH*v~5_6cg!7**_g=%WA5kK;eGEW1LVOct*S zfDFYwxxUoLuU^bl{%|~*+am7k-4ofLJa}89Yj?OHV(S$>lF)VDm0jEY=V2XB1J^zi zv9x#=bBN#&jN~9M%iox;Q*_ibq?sE#%+b8h-!jYC+5wWI59p67#)ZfdqurDD6PScdd zppB`0=N=Md(c0`|G=kcCrnV369D#3-N*R&*os%_w+pe6Ujfk1j<@bS;fbMP2p0k)~j4v+(d{*wH3aFT0&sOw_Gm!^mU8&Us<8H z(%h?^1Oi3^=`t1aR9|2j9KHezOu~!t2!jSh>OEY0X;yip&b|dpgYp>VmjucHN9$yC z3*_&!7H{M5*HR3?lo`w@U-sb#KhO(F0h3drMaeQBal#K zFkx*yH9q@#G!U{*`9PCkd}Lxkk%5?@k@|d6kflHD-t@IzMOS6l1!+~UG;a6}YUc5* zD^%Sfca3!>!o<7}y%RFFQ*O0+S?Fe(7>+JZp;7#$!)+`?Fw!*`N)hwl#;HF>vr)as|kUn(dy!Xcf9~&}}cei@nVZmt7RPEp< z$6Gf&aCs^-U$r4hhO#CJwbnMk(T@87`(2Sg6mYzi8JlYLzx{6XUiVc$i*W2PpXjH- z1Gu7^d&>{{e)LPk`K6b_LJIO;*Yd_#g5R*E$)(DY(amSAPUGX$-dmcnBezwxLL_M~ zp~S@Tud)p?&@dWjgxDe=>`LP$4sdb+56XIEX1s&0RWY$W46J|8SN3=tCeP_;VD?^j zFC3+7as$lvW#3;yowPFO-zk!X5vM0CS@4l`o`mv`dLt_ERQvS%3fV?MnvybUduY4l zz^HOMHOJ&m*w>54GcXiFWBY?j27uIkFebi|6yCnLW2N&e89sj;nj?QzgjYGt;#KV} z!O(2fRKg&oPoPrGgHtmWw$vI~Is`cRAX*KEbY`CG!m1C3LWZpsA1@EOs0mnLn}00( zkLF4ua2VZK0M)<;_-z8}(b9=TCO6P~xm(>Cmd8Go$3gsq=inoS%J*g^8DH9?d2c?~ zMC00Ao93CHhhsY*J(|}qT9TZkjx$e)rA&&Ok<3j&MV!-*UkFH6e}2(wkq|lVubOZ7 zIigx7YCjb%rnBF0i*6WO5!JT;#Y}XTthI762@flZbe?|rwz!X+WoTmbW3^&}2KO*~ z@ZP*26cD_75@`y3Yp_#%c>hdjbHk$i5n1tx`JbZ6`EckC)mpytT>8)l7cb~sbCI+d z8bOd3D}6b`ZL2^H34yF36PO6hfxlmXFw^fp`$T7=V6xV%KBDkx|EPWLhGK0Dmui&} zbOb;rD<{y7j5)z7T3$Zh(T#py7$jDWg0s)~A6qG9v2!v4!O!Ha(v1p`nrCx-;90KmS|@nw)+gb$raucfUlp=V;c}GSXic4c?JR_I+b1-I#O7M8x;S zKi0gN8eR`GQ$Jb?+oIKB9%7Fe3v3qc)eZlX-nS=kH26GQKYmP-c$|SHJT)ew))mcO10PY>0tUwL|n9>I2WMxyuy^yHPUs)JS=}KEry>b19OP% zRn`DCk*i?b>3MQSbfwDdXJgD#Mx+b+>vW)-ZJ)+Y&hOg*a;=fq>Ch;W@g|Y?+#s65ieK;~6{hd7<5*qk zs?3cRqd8zI=)>J9=AAB--=45L@w-Ot$9%OumQu|zc)jcEb-%{^bF)(CBkTodaONLq zA+f1Ey&Pyq-Te1ly@l{8Wks8E5e07 z6q@(RBTgZ3KK8}@{*lm4zXv};-#lpYF@9Th-nH2;+6T}N(0eD9G>G8FUI{7bLt4x8 zaw69x(1znjfbR{gA^p(a-Gghk1GWe5>3(cRXMkK+&aaEo_`x``g-eP>_lXew|TJ zW&Ze*xLjv!hjx^@r1yjRv~kl*l6J0|vEBrb>u1ZaMnuhb?+!$Vb!D|EnN#hU!A zbr-$^a@0Q$5?KThVb~kz7op4@JgKLMdWqwDjiU1^m`s_-0?`E6Q8JOXbX(FSZM?dM z{AD$iY}!ZL0Qq!Yb&fM%~aC4=4oRCk`lApgCrpMIWBkFCH?Zz)aLMfP1P?df&( zvV#LZ-0c!QeaUFP0XYUpJ42Ft^tLab9eC3LNxL*eAcS&R7KIK#8k>>})LK@iXN?R~U(B{_1{MX%f|6~NP#o<_;iW0QXm#Lww?JvbgFYR>n% z<#BYM{FJZ^|Cve&6QO~a43~Z8kVRR)^{NrX8`$O~s4RmxCG~<#%r6%Du*Khk`~5jE zz%#5HHz4kVP4BMhfVd-L86ceRJgj=3VJ3(8{8F!17s-JovTgK{2HXZ{Bj*#pWe#BB zE1DS>rc7@t|6UekxYM)aK5o9#=jktx+7a*f#04mX&K-ZNqy{w6i9!RPy~;&K!Et*u zHtY;^%bqYVk}w=0Y}XIu2?7UGucq+&i2&P2RJVVRy{AcqO!mpGrPMEh-`(`|g#!3? z5=25==P{O<{PY7)vr2)qk~Fh(`)3(d_mQ9%`$ip1r=l z`e z9Ghh(#rVN_W5dk|(Zz|tpAcM7JY4}U2EjIev9v?gE=JFvk#$s^OV(n1+k;#(0FM1M zywD~bg7oMz3@xExM8aS6)Qx{2bk`7P_RXI>f8Jm7>-7jeGBjcg%T43V$F)RC?s~Xb zbpYKDe2tbqTn{PqOfMl2hw3m-AtR56pZ&g5`5T>^=es!PZL%wSjCo0YexK*#p7SRS zdR+?AaD1Ij=1*^y7SKe*CpXTV1xmd>gXYkTMXaW=@i9Pt@q`2%9Omg5FC zw~CaK`6|i}&oT?}1#Qen%Xe?ANSAu=nan_r-$_}jA8N#(zJGd*{o@8DsaA4V%1@#; zyTwT0?@wrwp0Bz^NY_vJFzQRM4&x;&Lx)i=s58?JOPk?yKS?LIu3^KWw4bv6y5}6$ zuTXO39J~QpFI;gl9-}&ys{0x8>~XT*nRFL!O*dP&w?$$vNIqy~HmOLmqde^m)DtSC zq<9_9r)QhkzkR&uD|dVf@iSV*@g5|y&BOdf(li1@2FYvZ&rQ|H!iLNZ+Xpys zPRKspkShO08^&Pb8&xEJ_e(2a+913;IPUUD0#T-Y+WgH0EARa?o}P{^#himjxk<~b zzJ$^B9B(fSvLlqe@s`k_H%FmRYb(PQ)`^lRmGyid(UWR&KRlS!Rj>)aKCO!?y0c2W zu`iG+SFe+ZZgl_xUU(5`%B1ub@zo0dlj*R*;gH)Pm_-qTDZ|u z6RRh{us$|r*vMMF{`RsFk`!yAn{IHU3kv1*mbSq`yUW((ny=0RIX5$U8+!Aa;s7|r zRnbISW-%r_d@m5-5c_s{k}E4cv}&HOkSrUw^9#KuiCcQ2)_0(eG+vm%D`3gF5OJ=M zg7BAR)qqx{S9;W5LZ-a%qqJt!O=^I?&_65`H5Y0^MK)ya9h5bsHjGHkA@Lzww|OF4 z3?Jo#<_8Bl3pC|_$cr9A6*ew(Fxo~C&p8vGPlG?s#FW&~dgN2lVq4|`UliwSg}@`( z5T9=EPN9Ag_ED^P{*-qgJ$V`DMYv;A$9j*qi>xZ~t)cP0JPouN;7P8KA5kQa(V;$tWMk4;PiXk7#Bne`FI8T)&0)f_FO4p zQlD>Q7XeAZI_gZ*sZaxieuRz0^D*%`T&~MIrY&0=!gp3Z=HS~4((fVevwQlu1W!Zt zidHpYrOOlm18VBLx&63hmH8Ay`zCqw>jRa)m1|tHx#sh`jqeFKTLV4KYm~Xd{1Qfn zeBH%NIz|K5MBwwafOx_B&3y)A+DserZhT@vzK^!Oz*b-X{7&eSTIm5SLy z7@ZxxL*l25^7u{O;d^#B_j*;b^~}_V*Fc0h8!MJe-9IKy?cGV{qPmt3t#!^p-QagS z!E}P(Yc!tX#XBqd921WNEgGnAr4^b!_M9`;AQjL3zWFFf+%paxoT6S}&Asp?wb%F5 zoR1_s=+zUf3&gVkm5^6Di^=nRK~w|l?_3Xw7^N7EK7^Hh+x|Svs`(Vy+xPS@ALXw* zKu_-*l*a~%1t19XLr2v0?_@Xo)_TrOId6o&_YByFhNUtX2xDyR-JHi`pP0Z4H}g&3 zY=XK?54Zy5uE%UG?Gx)3+50x_CI1|-m1u0+&tvi--WvYZN=hG_&KX*X*Y)#2Rww%G z_sx5C4Tw_M!o%|ty|@?U#2@~4fDo*aYw${`f~|4GLvfJKM_nqI{x`EYdz_aYPw?Fv z1|p2J{Wn*V&mdxV{@#l<0xb#sH$%?pPDnADf<#teV^*whhcS!K=Bm0S^tjc<6L zSi>q;(^~uM&n1p+erZ+zfp9E1-jV@ESiNHhq|6|Tf&wV|RH*`gDDKw!=no&hOb}?F z{RlqfY$NQO=lk+SS>P`{UOcMM5Hv}~KT_&hIX&y}llOgD(3VQiVTFVK;>rSbd6*Me$WXA;h!Y=%1i*z*qx72lPez3i!hB_1Ae85})s%dsSwa zax`hh-hTzE~7bAd=^z-5ZaVI*!swLre*A z3+z+RX*!F>_Kf{=NQhH7?^UY7h(=?b3-@>6CBahb_ZR;qXb_etA&do%5+`o_-FQtT<+8C0X^$ysxf|`{$0tZxC|KUg+4v z=?rjbzdSOxXP-9-@;6WTd7J#o;%I?>W5Jrli*%0IPrJBM&^bebay6-aj`@5J`$};i zX18OX1jQHt{PdQGlo?^a&C2n5exZg3T%{xJGuYf)K;X;$wFt?iNz%LvmrGf=9;y$_ zMnXu))BU+k-{;mQ%tMHy$1N?^3Yi+S{HcN9bWx%%-Eu4|#=kU{Z(|fb4gVGyGD?2F-Q< zb#Jh>gLw`FG!sU*iP(Dw#e5!g{^@FJzVH-}P|febLZIW5mso=!IQ2nX@UYWE`Aq}# zsPM6$l<__tTkv$wX6Dm za0AYop!`0H;QHBbMBE1Vt@S4oIf*QGKF#a)jH@_i(NPdqTWahTX_zPoJ~Qazlr_`q za7d%#f~L!Q;4TJsnS}c<@ozNr}sU=4P1T&>F^AUR@XMoA7Ch?zq^9< z?oq`r4H!uFx|Jep`TocYH&{Z%Vm1WdFlRV8Prgmq9zNUg=JKbff15w|V&x9`!SMWm zP{&`c;~00o%;BiuaWW{&aw?JvqCVE9#g!xIy~84~M(ptm35sB+sstFtxxdkEd1k$2 zsGNgJh$Fq7-Vu+rxu4BpPR*NsiyMmk8o@}QrBmSeA1gb~kJ?vMtIlk-!(WiFurO(M zjShhxYLKr=A=@6u5>3j0%yMUB2{8@ffuG%ZQ~Pa61KNF>=fHJ^Q(7(V+I?P*y^j;C zQt)G`GJ6GKDM&Z(e%D8eT&TUyXsg%0vQ1ZjF0RkTk?pgJCkdYR8t#uY8DZ=vKlDhs z#{AuH=hNZ1CeZYylT2`}Qc~PLrQQ~(TOIkg_d7|oOB=0D)&~bWE~HAXlGdc*Aemt-UgAa%EH3Q z{~iAptn=e-W80Q&xX9Z5sqjv>6S7bx=dFH!l%#nl=Ycu|uv5Ix(#H#SNcanKJz4jA zA`npwq!I_#4|s}gdps#Br5%5XcA2IGc1qw-4xnzC6di(}h!jB29~=4;?#Uzw$n|Z> zGBE1z2Nhx6Rd+CcaAd|>q>j_c-QRMI#Lmm64z8|0R%&D4m!HJwIGwB5GMi$A$2q_|UiMcl)-pMK(;gDY%VlMs9`@A7 zMU+Tq@;xMST|RI#pN=K;zmHx!*fYTqs@$jgUE#6a5oM1ie<%AO8IC6_&B?ti==4P| zN9wa$uX4(utX(N=sqdyL2E`<=@!IK@&@UstCG>Yq)vbh!lYH~*rni+dP$ z1sZ%v9R99d5KnIB@m7B!z7E)>@Xn8T4^r~&F5ilt@M+w4_z^ zKJ$5B9U+{-$Ss}O-tS@9gbD7ABOt)W0hJi|SR=dFE8hm=Mad_nE{+z$;0%uz#!84ERtI0d54d+e8hv0eVf zYXuz)M`3UKtQi5t-J$w|JP9Lk@^b^^)Q zDI4wt*+#J=0v)nME?&80X8a9ZmHFj@-5Bzo_7R@t0HIWH0Y;rlH6LSc?(9t?X?VZi z>PtDo4gK`KVRgKf5PkLng;g(UnK*ZN89FCP5u=CKpOpvX1=P27J>C+v@Kg59|AI?l znF`~4e>0W2M(tmF)Lsp%1Gp%|TE14LO@^yzH1!Bh|Gh;u+qmp%VIp*Q z)>Wg5BkGbjgO=LBAfF`^AIB3BgOdu9h-k&`x!{jNdT#n8clYp7ZywoQ(*PJ5eA)6J z2O_&}$GeqPXJg$8$b!Xdcq%L0x&Ze)ZV^i_IS+ZJPIT z*QNUOy^^@Uim1SVh6&fJ%lBc{3#Tn~lWr2PMNd!=wa`dB9PvT2?>AyG2p8Gqr%V>N-vD~&NsYZRe#EYlHrUc?&i4GvB?rZNCr`Zu--spWX zprG4RWKZ8+c!nLU7bpYrkBZ<-KG)~`Pxn070D)EDssHOdWe|mss@5-_9;@H(B z@*B3Q0=|esbsW*?rr_O!^K!o575_Gc z`XrC?O3JiMnNh#u<==&Ir)M6q#qG{M-yKtOFTZ6Vlm+`^8m?KWRPu{ClOi&IXj?0@ z%#tU`LXfJWE<(U#t5u=ab)39!MvwKMvf;+%mC1Si8r{9YY!mzQ%lkow5WWV5ff`vJ zU|fgT^8OHAxInYGJ`%>fdg#(>^%TyX3Ai({mxp7%#9|Ge!-d@T7yeO(BlpxoD(#_k zH3Vm_OHJ|fRd&6@X({g&WGx=PD{ViAbEQ`?5|^|(apDZRIl+b4@b0!s{M2WaOAHM~o*udlt6p4Kq61A!@YLr(UwqVD4j&+Www zQVH(Ha5^tf4%iGr`X+NQzoxlwz4eJ@4*u{ESs!WujcZ}8IdHU)AGeNLI1R`kbnRVB zoxIq2u&sP=` zSI#ZbN4>UgX`Dt;?*Y)59X3CUXG(vc&I7cxJYvptHML;r7+jFii*Sp8)73@TdDRo6?t5Rzj-@4kq20W+r8)$XnZg?|&{TYb6AWsKr$n!d z(7*B#{8_O7&P-Op<;^|oVu%1lWN-dru z&49#E{W&x;99)9pkoX)8*N+YYLf#jo(iLsExS8YyTW;1Aw|D>wPJ4bO8KenVuORJ- zN|G_2Eu)~Is)xFS9Wfqz#_W{pa%3HgAII$#f%?Sg`J2y|-i&JnGRz$uHLHOAq^(wd zq0FOwFIxGG1VeU|+Y81?uP9It1hSS#5M=x$Rb3Nwhwj2J$LM#fZ!J|7qkja$fvr8% z5uhbYC`fMAYMGDpEx(c$zlIM?7??E9`XhR1Z@NC(g|^=sabI|DUFIeXLZwD(EqvoVNzhRI=Zn2PPkK?SpV>;P`O6(7L%w{*le5Y_z@(IIw_T*x>ob5# zFKqgpZ_ihG3|(nR`>5wq<{F|4zU7D3r?8s6)XO1}#iL|EGEvPqV1u1ZwmtyU9(t{k ztR?Bg0ODPpXMro;(+Az7$9Urko#G&MBAWrg<6O#se5=&{x(w@Hir$x!_u&W^?`$r9 zdq@j;U1dAn33x_RTZ^_f%v0I%K~oY&fhZCY1f1(X+%p-rE2*rFS6Iwx@PJ{+*qsad zyE;$c$}qacqAmlNZrXWrxKdL6qE*%MFSk7^`s~}v!uGtz;FqYp+3o;Yi3r*u{=}hD zoiUmB`!>?giYQPCss;l`9pT_60*L>xKi*G+D7`k2Vb?;5z)7Rbe^yrz6WpRpCd?Nep3*R+ETCT4EAxkU!T>dbJFq5sFc8ziVDp4j+lF=yICix{+8KaEW1Y} zI^trAe!E^fxi3z!b2>!(pnx&y>0#^_d~eF>&oOD-@gx%abIPsBl%p7#{RY$%dIIx6 zc6Z_pll1dLi#X?_-Ef$vy@69!;yH!oV1&OIApAPzn^1NqqcnSN^sh(ji07`KH43GhlGCgUBg%2U2aXypgN}L1Z+4_aG?@096dLU)= zA1-`?2H&5%p>kJ*M#bh5C*Y>^*AJROelV=U>DU65FWxRncxjMRin)AQXSE@M>~%DnoY?3vd{q+k!LtxD)8n+EHvze;ra^6guNITsw`*em z0a`D!f6K^TJmmntt)t$Id;Xfbn<35nebeF(wMToXisLUHzJP4AimPTcH%a%25BDwi z`6K+=D;@Dpaby=h&DJXe2&G}d6O5aAl<4j%JXGCS5dA>oM}1s=tu<1&o0>azpBg)P zge_mlYQ6?H{-BttMli7gnCyNOp@eS1q~PM}r*XJCuV`df`M3=IoSlC1{h0IS>r(L4 zF>Fghik3&f#q%KU1>z`EL0|CM?_E0!74#B^Ju10iNc=Jh${0{>!cp^nq%6CPO$2gQ z@~M?UcG`hOMr7Tfel-M&u58wu8vOubiM&R&$C%E)h*p=X4)E$X2Z!kQ-iYYA&aXG} z(np|@{=P=^1SF=8yGU>q5m&f*xy{7?=Co<{s9v=vcE4ZjHoWA^ZSPmyQ@AuE&75C9 zRZ;Xs``jihBl+9(o?E&{o%XhqSVeaKFRb8|9_V4em&>?=#+TozP+9@IvslkmFpQ2+ zM)H+jjvlNY{PJ@9oSUk*vFFfWqtg!&bIk8OnHR0al$fe z=h+!^@s=8m`%L&Ey1-z{DywF{6=|xW9V7gxX}=;{DZop&L46pNeEU1KCcHHRVe0{_GrKF1wDA&`0N-tVBgG+J}{+^gIWj-aoh!vp(LNhgaxggc`Y$ zg`e~V=>c>P<_vv~y-pZ{jTwJ!Q^>V@a3iicA-q$EPlb{QxjB%o`)-iJT}p7&6?mGZW~kBT`( z=ka-ryB;q#CHZuxUsH1()Ix=N({W!;^77s_$>)#T#8G^)4=T>FSLiz0ulw`VZ^E36 zu6d+b5U+wWH<*;kpRzmw6qCWp){F7y?zl%H6)EFms@Kf}wh6y%nfBC9*<~9BZn-r) zES18R5bCIdl-~mtR1GTG{W{wsxzIBBQm8k##?f%K1$;nHE^%Fw{vd-a~M>G)ZdBq4u* zdW2F<*3~l8b8ww8z4%7pDKZ+u6?7n9U{H~ltt*jrdy!}TdVm@vb%hf_e$_Etpn+zZbGnP`8+h0gWW`6uZiEQJgH{~o_cC9Of*&fY|%(38rXpR3#2%EQ~_xM^t zj+rBVPa7*AJcoRk@7_m8;GQI02(xs@By^pPp1CtgZuG!Vw}Bv7T_T+o@yiPDh#ux7 zj`wH?vM%G<AM=wz84sA>BUp4&;jB|SODR`@uwb3O3z`;K3)sr~_?y5AS59`5trc?ce3czd{Z zd+ggGZU{t1^AUQ42k^aW>izWJ;7JU77Ch3F0QKqq0e5&X=Z4!p|F{<;{piCB5Cg@? zsC#(2fXSWn1ih9|8=_YQ9K`dx1jA0!jcGBE6>ENy8T{?=mXO`^Xg$t3Af_A5mnKH2 z=-l5gii39->2`Q^YU#XwTVzm&4ywtoADl$yIo7*RtHA?Cw^LiCAaaevpKC);r$a9I ztC)OetpdUqUAC%Y=tmAzg1vHr#q8`|l^@oy;nV(gW*F&`%6C7XBO=MOlo%HJ^(kbc z;`Y^WFz)JcVu5=M$XkrmMjbO0zi%B!UyKTHyP>6j$hv0cr-Z$0(A}#1UJ=7;?iKbh zIm@+`Ob0fsfSlrfKL@|^$slWy=kfl%>(G{u5mD#fcwN+I|4E3bMw2)Sjp2^6o%r;! z&*$(1t}cB)vl6!OoK=I8^=(>eJ4Ph^i#v1d{)BB?W4pcY-qkd@3u?lic)3c0<{{7< zlxDeOL}vES`|xLDp65o)ahK8A8NuKqPq)p+2N^Ly^@6N_CokJdjeDeFpi zhx$|4R;#`<>1cgVl5;;lzw?6k)T?eTCSa6MSxrjklDr{CJfDWc@O$&OpD^NMtNr=3 zuL}JfpBuW|7t`C7yZSK)XSQ#)US8bd5;VX(U+?qFVvyJGkOsyJJ!L+(GN+t$p(k_r z(DOAWH2>XWsav}UU8~{E0$|yr&yRtVFCNE_0WHG=`+8(!3f0jfk|X=(gNoK4E*?Ws zi)8HZr>FlQZX5+opW?qIfrQer55nht z*u-l~qJ2wJNRB+n4S)51>EWrz9p%RXT4*;`di9&P9{=p?+kIITHGV$u_)V-_KsWN? zROC-U)$VV~&>EH;zG`uz$S%zGAmhT9T~0E46fhje=YS{@d&$)C8rZrCSKH@#qsgS! zW=TbeZzC-IQ_MLTtP0bed1uOmORQ^i%mmFDE!70;H381eCs&;+THvC#Mr*^*R|Oc#b&L<8t9o zo&0X$i*c01XwQ{Q5!huKhc3x->$yf3g&twHG)1VYw2>YiVpr~Jm>SX|$8 ztsnRYgAVcQ^5tTzGDGp0@2kf^2LPS)B(Y*h7!BM7MZ?q#)ldB<{RkKUfGx^Z7b+5f zYMebW>pf%uKsp{~8MwLIzRbQS7iGm~xDR6WcwIUw7GQuZXerO z4*QNWFK|-NnW3%3t%hrCQfd~mIGWKYU5zm-gr*I6qMET^j2+NagF4}adrBt zQ+^-p2w51@fj{-(-kja}Z@ew&@}_P0^@$7Fy6By@>Q|!om`T6E88XBPMLe~poTt1p z>)VtDNj_xV(#kuSt1n|{L`YwTkj>n!Puh{bdLv)SEVDDw)gIeD#@8H*H1y)!>IU-v zU5^e3xy69=dzq7TV-G>h?EE7KApLR|XsNSyr{ARJz7EO&i<3*1EM`3UUr^WxUxb?5 zz!n+$s`t}z!p+NFH-}7%WdW`Bv*LU3C^oI{bt{Wcmse(sarWBg9|0Qj06Yojn`XPl^76EZj&o)@$gtwK$?SO8;IJnyS8<;nR5%Lx1eoPOSo=1$%KAk;LMKhm zBGo=YClq>&5CH4jT3alrzGF#NbLx5JsswUcbVbQc-SK|GH1&FDse{vFdlpYGXRH%8}lrUlMB8K3cd$A%QONhus^de2+S3;_lALj zs~?QKQ=PksE0;6W4{ts<1}qsz#V@>6@)bEXhk2p0h$XIxaHCf}5w;lAs1BgCJI*OT zjxcX`uFYSc`GeW2KG=KlImf-L`q<2Tl8WGC%NUC4?TPGNe8Tm3V_RJ-4nKN{p8GzJ z_2m%EtY%#C2Nc5kM;N|Ms$!^6zQ<5!Fr%bp#1v1#C9%I5o5 zI-4Y}Cg}CPo(0X#lwGV>xe0m8U-dT93}qLSC=w~y_m01sddWM%;dRv3Q1-gd{vpAh zJBqOoTdw=Y18aq5rg(K4mlFAbq(1qqstgngHWDSy9m!S6))Fb;~IBwGBk`cQAbQF{r*pHx!!8Jv_%a7Wbfy+;M;M~P zW4U<2L<5@d%DF=`a>+tc-;jj5Yq0hca7@71OwlMtLX%chB&#nJMO90!6cZo&K3D-vn&)#ix9cZ6dWLcr_(k`0~_pE<(C4EAW5IV$hAIrIv@*1HOVc=VW7 zE^hmm+|Jjs*eeHo4_pgS-)~OSLOZl6`b8Eu=q>3+5kT@w4$r_qwbxj})GR6b&#i7= zNTvuG$NE84Z<1emh4K8%8x!w5RWRMH^Wa;vk3kCtBo3@w09Ec?B7q`w7z+R=b)fGs z1v#8gzwdNiLBe5+zJMbUjHms+I;;K1(W$%rv^5GTt189`fq$$*{axXkiO(%xhvu&f z_LMsf@b%c{PXQ>KJ z0@DQjOMmWwf(AK{v1u2S931z&Iy`$zRn)wcgqxiQd124tNK2Le%B@4L_IE(`w|jdl z);FRQw7fcR0>AAu!ZcE3xil}|{?U0o4%|~Bl`{}%c@K;b{9(Hn^l)&FH?4nbU9XI+ zQ4~yd@sO=_9Q*17r$M{4NS&_hX}$bP}i^XD3YY(ejfWNNiNg)AW>zgp$skkg1d z5W>)AdhH(Om6(sqS5*FpttRvW#lnOpfDHL;^3BtJP*XwNOL|Kj1Euv^EH}$LPZvm% z;S5~;O*Dw@GBjUE0V@?DJ(JLVICUWwTlERWRD94Pt|^)%$Sj~__5eXoJOyh+@`=7_ z^AnLhi7lclpAyyM#_gXRy`uzJw`IpCiQ46tL4PD8C~TkiR0l~i<39T(e>@(v%M3{1 zw%f3;o5%pfj@LV{vg|=x@(ZtIj+CQVte^erv>N1qaPgKWM>)LRpx);mUb52Y*&YiK05+eD zQ{@0@nB(LPx35uWS=Gv)6Zq#OP2a+m=upkz))hs*jEwdf@A9OtS>pLY-+)Jc)^iwq zh>HTLX?z=1f7~!9MD;4>RLLK`9}n`%K8Eq!_4RlhpaZSVHxQesvbH2i?U7bgN?jE8 zfp*Hen~sDNhB*3fr-!mEe(f`I3hhTcnfrd%e%*p-vMf6K^a}vej%ALvlJ7~aQMG_e zk;w((5ub&S;zLDNa8D~;XG~kMNHPAznL-*z?w0^RiuFMpUr8P-Zxgt`owDw8dRf;W z{L{Lqe}+^m>E{YPLLDAPqTH+?S6HuGhdmQOJn=Smclkzs!W1L9{AdtExbEHoDAV>i z^Nl+S8&H~paeZT?xk~-}*QC9`riwQRgEYt2<5{X(adb!h&+iR(!{WzKzk8@b-+Q9v;R_JC1RoOzCU0)( z`U7SUZ;^?CkQbz`Ts|4dfoLKg;8E9RJh*7YwTA!;pvl6Wsnfl23H5B+^?h=F*W9Hj z&QvyA->dn0F^l}tS6C_w>-f_B$Lj=U>-F-RHBhH_p-;EdI~qmx%1kzHeH7u)f`NUzVluOsS+fo6HEaJ2HZ; z3Rx)?-vg#KDd)eI#0La=z@cZBOHL-dcYUBB&U?Va-zF)4W6y=3fzCFjqPGkGE}YFS z>-_Mfl{R}WBY0TpuV`N7pE)W@w-)I7PynzPX}qs(&$bi{a4>g7{!4DOVgB*}e&(-) zqC%E52bMTNTCO|6 z7%}VAu9)IA9uB5aZdqti)caU3+=z&MAEnWvs?J5)HRSHcfw~cPaP!3^#}0rHwvIyj z!l@|f2q*5eYz`4HKlD(oH#Tckar^v)J0tE36aI<9S19fX7d6h>uaG|<5Nenpv~V_( z4cVA@5vsJU{|aUtdJ5@@fA-2mOGOV*zD;Q0nN%krQt%FFg!??)t^by=`0U!G<*gNX zw0Q&>)llSwKsk)oG8)I2JiMF}+eVuF$m-7U9Hck|De;`bliyEwk6>RGD&G&}b%Unh z{C(RwfsumKbV)vqD3bZn_pWl(BPhJDD!w|4I=ZKQ85SQcBp|B~g+lQP?X8tPk5c$T z+w4nGj&XyLU4L4^XPIop=jLg81&48>fy-;dG0!<1JxhfVGFw_xoxt+K4~pv-OU-`Wr9dJ~Qi6}doK7$>*_ z*Ey&AHbe750ttfIteJ88vXJ|<=lr;&w|IZw%8$7tj?~uv_0rpxGc3=v zanzfG5AlL;!V-eJzyKn)|CoHry?rfmNdf9#$*mOGpA~Fkcaz=Z_{OIClL#-_2Q|@u zS?}cXZGZ|Z&jV&!zBM#Lm7o5KmvC`Fw6lTCUJLN%Qg`_8YVqHRK-699K4ibnqb7D(oKRpQjXO@Vy6FBP1mHlnHDPxk#$*#WCNwR4EfyF?H#$8+R}N|MDAM; zw1+ux^F4zT$5s4tbhKztmpiYrwyzS&weVE7NFP`4qB}IShlKGl4~AU$*t{tV%&0xL5CF>>(HsCGZ9w=NkYabH6ON5cTA9(cFG5QMo$2Vx{M4>!qGn z3xNJ6y2ne@n=~tKl7vE&v=Ow$K*%wdj>9f=hUysfe}+U>yCHdizAh{%032qSs&!&Q z1rn-(-y?}R23mcS)P+dYa(H*c2Y@o-ZW4nNU=6DI`o%wkMRg$LoCqS-YV@6AP@vDr z7rXNv#plJlts^xNeC?8pq4xIKl9dQ1Q4(Jznp*UckDIZ=a?*X>W{gfpA%(hmIyliNcQSb2Lqv8IqN5h?=s^Gr**GKg%n!K7WA>pBBw7W3V z@x#n-I3~H*I+`WPxFsJbZaB<3UgngyPfX(b#WD1rC+^2N_S#q+Bs@m%q0n9S+_s7T8)9GDr>F`KmeqPZUfy_0YM|2vK`!eJ}(0%`IC}iB) zb6j<|4d}V8VF&GnZ~{B}frz?2W|qHieW>!`bM40JYOX1v-5wIP{w2VokCjq=YY(8R zRY?65?Q~79+v6-jpyq7N25B#GB+&DkcYeXc5?b72OY=$_s`daV)h*5su2GY#%*5mQ z{FhEWU?_sJU0=Sqa9N-5wnk(Dnos!c%cy!(3b=gUkuG}_fewc$Nm4a{#`%3d0ENBq zbwymv--mRstu?*2Rm$=_7WOP&bD1dsyjFpd^S5 zF0DN>+U6mCQI6FIHmKqrsU`rxHC6ng72kdWjnQ2NTTvTD+TJIzHv?7?L-H%Dw_5O= zJ529a&mz!_Sx(Q3>X=AiLyof7B-c`ie_C6}>M$|7zq#hgP9l0q6ac`tcW~1Sf(l_! z`KZlTOQZ?vNdQxl4!MRg4^o12D`tt8sJ#sO+>0bP+c=-PEcQ!NJ~XHE3|U4VVkHDP z>o1}Tk45=#)2oghz;3F{J?=L%fEqJkl6EcSx8D`z!p|P0cFgbn@zR0)T*=vMe`5e4 z?-f2I7n^yyI6^$%^^XzyYP@<ko-hrKmJMq4Zu@h6eR;;}W%ulhuC#T;duD(tDI?hka&w7YBj`(AMt+Oq@gYu%z zGtjQj&;8F>8Nx>G?=?AZRIfvp)vhyh@C9lH5%(-oK7U+;_I;ZYlok#?QBE_6)VHm) z`NOf!j*=1fO259;qrg?_*~_WAgZ$FmlcicFNu8J4 z$vWS0$3*qfDPjBwmPy%lS;Th#kgC5|3GQ9wkh*vuH6d_*w`Q80C7Q$dy|(t+r4@oU zEhK##Mm4{65(E|c1(8g#JK6?5g^pd^&)e@&zVvN=iN8MwF)|fU?fnc;GSkXO`Ck0f z(fytCuHe+nSF-Q&x`Tst(b{qZRPT;b@;M`n6HCM6?s-4&gA5;#T5OBNdPc)>oP3MN zzPiDegvK+Rd#N<}WWi?DlDwVmhh$^IX7r2*3T|cwWjl zqoDV3@{4!GW}A}06~e!O+>hNC1NO+gUT0WX`P;lF!VkE@pWw%dS$Ww<_x=?QAL2#I zY%DA;klyx!cIPXR(>i(OX>qQ4XY z*?)wA3Q2XyX1nk8*axTU83*7eh0`F~4J)zq_9)BNAs)q6V0zW5h5TM=FQ(bN>%zI% zg03d*23<;AT-*)6?U!ussB)yA7Izr>5mhByJ}uG=)ePtzmq5{adh)8%J*8x z-s9y6b1Xr|UEKE#M-D57CZ~7DuYB`b>!b-)pMF4brBM2(QfPr@(ms@fEL-bL2*hpv znr7bR1vu)#IL>s~ljsq(TdzT0o2Hoa14isn)&P|f2n)C-W9bd;6SROwR}4L zxjl3rbw2d#9-h27A5Qjp<$3F^jqSPBmtR(9MY+%MCa9Rg<655~jMnPq*$dBDR{L~< z`1IA2wUf{bN_E(tU-5fLbGo>Hcf>ud>Wr@s?RwO3 z;l!RvR;USUK&c2N&>fK2a4$-9x$D``vJG_h>7`vm9i!fl+9#SBe8M{*ENxTEsBk90 z!2}FVoKwKu(y}U-GMZ$#+e(csFy$9TZs8YIms3E!8Do1Bo*fV_eYtnUt5y^43KgdP z)@Ak^;+51BWy#5Wa_(V^?#suF%gy~w=42er{s9F{^Vmj0nMBN4mCzwqJdH`ZE3st1 z4iuTuoGU+rtPj*RYxt^sAOYa@77eU}zFcJI1EHAb5r_|POlwi)kjcoa!ai5Swtw8V z(Xp&liT#{y-Dia{AUsGVXXoLYWn*^0)a_%$$xFJzy%amN=p0D-Ee!7?6w7YUr*4tv zJu(^(o?HzxI9=44bNv~=rOsxsb`%)e!B_n?@i2VvROp9sCFOHq0F2H?oH5F#pQht? z3R@*bY_d6T2y8#D`WoeQVo2#K*y z$%hNKKm{ffVIUf}RY)1tyIfW$j=_ku!ihV7&h}9mk7E4!IaXkLK`AA zrtM%6kxr1d0ZPTR-450RwTGzu`n88dGc&4SKtB zcE3(CI%jQ27#;kqo*qrS)4DuQbmQ8CEWF_AatfI_NhIGt+~d7ot~Zw{(t4=AP3n1l zqRKk*K>*z@at*^Hs6||Ta8iD|tv4_HLq6C{PfHz|UDlrnAj z<}38pWP+!!Rlg4o+T1@5dIO>tU}>>Vn+3VSsyHB_NNqHyD_+;jZ|`Y4G*Yb%=Ux(- z&%KKai4c>lTkmfLvo%X7gxHIuueV;JJ35$v#fEQY8SV5UpX~2)fszHdtiMew`v)!@ z2k-E9td7ug2oD9CIStwbb}CDhZDmD49o7N5{Hj8_>Z26*l~qPnuCR{>{MzOB`t?aG z#thU!CCW5Q~i$<#83 zTR$1(vHALJN$is;nmzKD{bbtXM0lni#2jBQ9(T1BFTFzi5$X}Ocs_4!iNn`<*=iYbkfcWhB2*}i5U_s33=mhze^cOx@1kQ(8KkQM1^i7&jrMzn=^ETW&KVaF5 z@3cRBCLoos6Wv{@;0Xomx8BD(abaVL9TQ0O(i~NAhu=v+^p&~H^WEz_TfZMcb@-;( zTGY)HDC1VP;RgHgU>&~nZ8@@Oq`juTU8Mysk<&*lsgrigK9xdKN>XP=0j@UGpc>E; zoS3c;w)G0mfcdx46X>_@1}q8u9PY;FU{9oYN-x)?3@Pejd}BFsHzuym#G!s{n=O6{ z_mZbT&~9LW`JzXnXeFXZ3M(a5)eeyZ+%JV{#8G+%%D_%Byscs%q=AD~^>(x&*MY%q zR%^oy`!~E@a2UJUHWq=7%_0#?EBR}R_ z=q-Ihs#AickH79^Z}SDV$~SMj8Quyd;@Fa<-L-w6a&__R;LEpq(uLbkFF6t(P*4{b z(p^SYw2P$kE|m5QL1QT|Ck)%uwL1L?h{v_5sKhkMxQp&5UK*4aDg9( zm7ybZ$m{xg<=^flVa}%XJTC58%})_(HD!;}HO=jynkb8K4daK$fwJ`&77AKc)#+@!^UO+r~nVOF!4MoS_@i`t_|mJbpSmV=r3ch-ax#!)SrJf ze#PHaO+dlxB|M{6hYWt3ShmE>B)c;16}kgm(RkPN(2?<{A2^7fp0o#fX3$RnDeuMP z5Oz!BW2IhQ3LnUfNHS9nzYGngS0*0sZ~9PGilxi`@xyzktCR8^b048>Wgv=akP@oo z9&X5%v;;#X1r+4^;J!G*Pd zl;i01>n8khyOJNv^HEbm_&6j7L0GX<$K=zrA0Of~%+6`QQ}7FrxvT&Jxr3@kS2rVY zK6u>SPTq1=E*DM@6IhL7!tlfa-#X$aSQ`t`t>wj|L2pwpch7Y*Cp&zi&1OGnyqb6< zkX|r7hjR>hdp=c&X@9g>XKhyf4$tixfOIj*C!qzUuG7)jFIOn|=B;zymqGk|MiW$f z{(S$jGvzU7I=;TSU9Ly{P0V{E2=n?dmIRkxoHX~Do~9NxbFxE|-yuwLdRz!2aUk@I z1FY*KjK+nt_BHZ(y)z0DhEb9{+9^uxDj%!>3R;r|b3;k0hkt06!JE1|;pSh?VGUze z7+>OzI4tg6a4j#gE6H=ab`2`uV!yPpmKF5jcp;$iz6ix9Mqg)-O{T#IK!^P_LKo&d z1h4xGS}gEZG(7W6u>2nKKVBO?VC%_e;|dQn)90L0d0Bn#O?zVJwQ&biIlq@sji(5> zLG9njPJ;w29FJDNBnG&qv$zY;IKAvUTT+2gyEJgHB~wtI!>e{1dU6?J(qUR=vL=Aa z9){ol6q2Wg{+Q{9jC_iFkNz|7A}OkreTkO8kAH0M3>cwaL1vz`{H1-qbD z{X%fGC;DnItU`eOKeL&cU@=lZjkyEoL>aZ2;Wmj`z`}UeMJJl69vjB4dROMW)vx@> zu%p{V$?p01BcMzp)OR3W_HWMRGa%BRWX#O95N+gdE8*;w9$|?C;_dH)fzr0)SB{4S ztor~ae8<{vhQu@})NGq}k zzz{wkBmcI<;hybnpX|@2UQ@IE)|hepNL(c!GN=*z+slT<&gb;~>_{INYG<=NuJ>1& zltMIqLA#ZD@AQ-4w>%Gal*O7<#{AdtV ztH4kWZ>X&o-%t68P@oi>^G2ewd_rFR3Fa|;jVBUnkcZnoUco1JTR9kYGGH4HGw)ZnuHT!BcZOt3(p^(h;Xlihj_fX^ww|%~9MEv9Kt>dCv z+jntu+kuHKBDTQvj6L1mV@`MXh+>P12rAg!E!d)%Aa;v|g^7wSw!eG%zI%V)b3X4m zpY!)`e?~S;JhRrbo^?NWT=#W(Y!oD?N`W^TB(!G z75IrfB~@q=h(kgtG0btGNpgdgBqXzfP7+=jlcR`ClA6k8;K4z`Nr@~gkFMh4oRc3g=>gZ3FT60K;cR+l?VII${=aLF*QS4hu!nfQPMTQbSfLm9K+Bn>=jO zC?qnVGlX+NaX83)NlZdC0lGrmK{c{}BdQXhFadkb-BBj6xqk zq_jq$RiG+T0sO;(afCQj1nKYwc1YMeC^46v2)x%8sta@s>7gi)kC{k33Qgq}QHT@| zTZAX_IeMMX1N~@Z3ZQ-sTbxN^3q^P~0gYyeA#5NLAW+ta*L2@vRr%;u6 zoGzeJi#cWnMrDW)Rb(_43Fb^*1dMUvC2|wYX<1s_jkR&8UnA#aWl>zCmr{LW#tWT>T zpaBj{g?XhALUNmhNM@@EB%M8k@e*lRm0AUhnc*?mND4XLz)Gbe7tN**pi&8d5Qdk` zBn(MLrMMIr1~LnE)|rH%!{2}Z0Zxq}3GtWE z3gAwn5Pi5%#K@OGj7SZbVS3>fOm%5tDg1el)nyInfpZ=%02;<2C;}h>>&DVWf2bbe zb|jiXA6x$q|bB{ zgBVOWriNY-GzVyCIbNHPXK}E+YDB4$L2=SlA+?_xlMzHRi!{~elm>Vn(B(FR4?*F0 zJX)361r0s{VB1eMyCQl9N6cVHBp~Wy1?5&?{6k6Xa6_YYQn$dVO%*b|AbT8^V0b~c z!mEOBpxcRbX}}A`9TkxrMI0+T8|62IlvFWJ3?vM4Krr#t0;)0Ui}=tSC5ZpP>S9<3 z6b_K7x-=oL&4=;AGj5eU%EzW!{CYo2fy3iXG`3s z;SiJMjQ}$#0B=kJjYViv$ZbBej>5qyL1DzrQ^|u$x}V|&X(J0sZROdS^i(iTD7snf z1u-B!2f5?zD3dD&Q3WNMs`c4pN|qlJbLqJ_of>$Lbq0xFj0y=L--yL&G%0A@jmCAXR1o*9lDvjPX2^9c32Ejbug8DAux+F!8B$fy1DW z0y&)BZ9(o(j$Q&Ih(bDKUDHH3A)aD#`ivZr2n|O;0@iCgQ5vOUq(F9sxK#{|mV%R6 z8BPv`!-<8s1_m1dCpNkgUIPj`CRbx~KxeBGdXFMbj+aSr@q`}42#Q@&D`HmU5jF@i ziK!r-4ag9gR!yP**}^12CsT%p>Z{K~XE_|afZ6GAV8c;Yz#H`&fr6I<0^-0x7z@ck z?T<)>PAWbk;3*;Cp{)pSRvBUvot=pC5P?wxzAxf+Kz}Cu0^cd+6Z8%MtCE-+g-~SG zq!Mgg720Btq(WPlUnK+Da++PM@aVaCojhVSyRjhIE7XYW1YpCksfcDUt`sjn76wx; z@Nt1XRSZ1A&QMH7=R%d=hZ4inS?E9+OH3@RpPvacSfMzA>z4shPqE5*|{VbT-AQ$5?0%D4+o$ zz1$V>kr~>EokX{hT{^9ooC>@aZcw7NpfJp^4j7~qWCqgAl+=*Q>_E07JjboWLN%3T z#M0@aP!JLmPO@EXf)-vR3Kx@2AV}zyhSWN|-RQun@%$i)6GVWv43h)I7PV@bhfMGa zO*Bu`!+?UBPr{)HB?9CPa<@~-m6=SyUPi*HIjVp>kV>V;#3nxkNi2c`^oE^AvYJn% z8zMNa+<=QQcyv~(gCbDk!ZMbSB@qf~C{I*Iq5yRi4tUi$RH@74BnK>N8^#1Rc|YJ# zaY7>oEe6XcWLZ%t88!k|nPITw3G$ei5R9VDJc5*>7Lq~b=nsK`l0?;5F~W!fv5cV2 zXA3E`a)a0tPK`i{CL+h6(Hu8Am4?GHX(4FVM$SYN7J#%3{2~@Q#b|xd86}GWDTlWK z*F4jXCC3bWrN_jknEpO=T9+e2HbXZJ#bu6( zG)|x|glFOX4mFL#Q91OKkWbG7W@`@}8fW{L0J>xfjK!c>`!5d-nOs0-070zyiDp$2LMR?ok?K zYGfM3Tp3fRQR4v%38*-q35nU5F;*;M7TWy*KT?{JaXoIe9UyWrp$vu6M2Y}su8L+S zfYwS(3!NbfwJ9oaq1|*0io-@pOlF#bi}Q$yB!h})KwGuYQ;HZxu3Bld31wWn1Juz; z;SexON{vdr9cIL6#WQpUOjsa6?pz%(p(E^#et}$zBJq8IUpE47EFuFWs6XT-g0@!3 zX{3dNFsMUm04W$DUWy9J=JtDR7kC(3CQVc4M0u^QALOl4e z2q*O+|A(*R0j(gO6-L|-x%k$U-1Xb@-9EMvMkp1t6P2A@f4wNNh?d z3+v4aqF)#EfdG(&of-@UK;o26h+#o0k^(yu2nNt;qzIpZCvseLOi<6}MqQAUwMKAQ zv`I)bS)yST2_Ny%e0m`_jE`6)0*SzghkkyNSq_937@te4W^=Vt8UqvuJTf6xj|Igq zaTLtGoEJ97B7O^Om;fQfN*q39bx9~rMDUNn5^(7J7$+?d7Q<{Y zup|mr7B|%)ft)xa zY>Wl9RF#nd1u?RNO{7Icbi{cD78DS<#|hP(uQ}MK~f1855=t)YoQMq+T@VpKAjwea=n}bfM=60 z7zN%JD$xdqC+7(qD78mxw)j|1EQ%Z^`GwG^5`_VnG=WEN2Yzci5AvNr5zh>GfsB?y zqzl=IvmbSe>~6IH3*}80n6sFbg*Kw`B&?Dj1CS*lViQrQJ`lo^4{xe`aQlQozq_;vufCqNT` z0$#_62*AVxPccn+BaLeSCUI9PI2O?MMTDTkWN=}je_16qprGPwHJW&KIZvX}m|b+x zi^D-(FT~NS30jAo9*d}DRv%Vkjbdd$CBZT5!QfR*lz7;s^M2FyuTcNaw0;WTIPuM5IvzU^W#NYXG|L6ns(;U|uBO zAJJZ^-iFY6P|RW_+~EvlOimDx#JD&Ivi;~NQa+N;kU{4@g9@@d91RZ&Q5b0LhG$(Yo5;w*1B)r} zUoz1|xq%mEYI!`a!z$!J6CsI_8u4?y-mos>#rf@QqQOpQq`JsHhQJ)Q=$RU*g^+YK z0bU@0E>;rCiMA4Oc!x|0(G9Ts0u-B%xR_?QJ*ap4>=8n$#;=LdQl)H-p6l_(z`Tno zp0Jx16Vk9DA{j@)P|+fQ4mmMFxm(I0Ndhzs9$at0X95&d?cpeOA$8CimT0X2YKxIV zDmR@*WP z;K!1Aeu>9OiUk#^kem%L9V#L{h~k=1N-;|52W*W6c!47HMG zH>-s)8;l+{4<4`h|b4wYx!Y02!KgQ zI=wn10zXGhVMo!P5R=EJGN`x!TSbwo)i|j2>SQ6Qo#-;gXb^+{k#2?T5OlAbtxma# z5wQT9fl1Cc0RX~i@h}BEh7KAtsA?em6WgRxBj}9dc~GF`aDq`I)y&k3AxUd>Q%zJ% zh#PikobnJu!V-hLEQ(=Pc=f;*V7K~+6ik$rDrVD2o=`L(ka^5190;8IBw>jNF%LpN z!=j{fEa9kEz#)S0G*K)A;Al9YRr&E?Dxk(kg7S7yg78Q(w0e$+jR9O&j7z2Xyb&@J zr*?u7i3H#z337Z4n!a30+8>7qx|ROWo68(rlg3DN7(mz8Lw9%#B9$OD6)y~>N>Fx& zGL;)}fbNJ%FQU4gV8@a4j8@LpYk3Bu4M_HI1P>8{0=iAcvl+qD)c=uSppir%fWb#h zon0sK%aII@&EX=V)nYM|MHcvke6`l*^PolcpoYv!HESax6HbIT$*B?|h#PvSv7ieb z4aP8rpavRVxjvpEXi;;>mOudfON4!!5`!*q_?5smD&>Dx6g%t}`ZYc-5F&Am9wG}i zK?>yQ&03~C2xO-+mQMw+03VeM4Mz&A8nFn#swM*J09ZOwMI=H{)A2&QBILs1Jzj|% z)EEOE8&LXc@CsuT3e|qELghm{K;hPo;l<=UiUEbQNJ(au6G#KOIBQr*;YE#F6ZD7^ z4C<&(sKe{cscb&7?}n@{MkFjH(_Q8W6-AS?F$%ScCG@CuQfRLuv0&UNE0hZ2)zP3O z{6~|=?r@t3px34#@sL{x%Zvfhr-LO`85kC|-boXXfU;F7H8SNMkUk>_0I00SBA$mz zjnSc_HZ@;JqzM^evkk!17NE$K`M4T`Tdlxjpo3H@huzF>0Tv0BH&tqiNvHtmqXiry zWY(lo_-PM{&?2!YB9jEsDkZ2fMrZ^I-Gf0a1TQrJ5i)KVxLm-X1A7^o!%|WiDm(!S>nOdCLh?wMXs**` z2r58j6YpmNg%bu3;sF6Q*{+gtNhqIR58}5(lU*SoMN|MqlG=n}FJDe30|6(+po<{m z`?NkvNDO4BL>@otGXn?~mH~rCV3E|I=Wdqag_01&Hx!?MVO42JE(;=aLopF`1Pcum z)P+zt0U;b(YRE{$dGSuKT&2a>#6k+0ug3#8T+HGF3=HI5Y_L(gy=s(R&Lv_3It&%I zABvi4QmZg(pM}g2(%521vH=vut_N}xuU1X<64c^I0Px!$A^^AW7Oz0AjPNxijwuMz zIS!Oo!=?bYsV-vI8OeB#GQ?3LeMJm2-6{z9OwcnKfbYN%Sdk#Ks^Mr1CJDN*IW&ua zL&k(9$ZINtoefx9Ce9X0rE^(g5jrU4NlZ>T^bNu5Km)I^+b9GN8U%NVOu1iRSLl5K zu|DSTaAh<>3>0h7Xdw3y=>jf;gz1Yiq*@hZ$dLPupcO|=&M-+0BBHRAJYJVW!{$RE zp{1zUF~o%dX<)BRDMk7fC#vg`P3bf;K~5uahL^;o-QG=z&nlkBX}b4@#C>LpI=A9hPja-S&Nek+)?li zfy@?w-9&IQBv?E~mdZDH#5l5)9$d5aaMVwVf^#cz{@gO7{y4 z5j?PoYeH^-V~VUXgUSb2oe>ez-ChnB^jD2Qc%W7AAt+*6!KVfMJeEsFJn^vI5}-x} zexLw?bhpB2cY#WR&}BpG&?uEtD{^5CCYjxY5t&^YrBQ_@g<)6XQq?4&1Oe83l9VV1 z3IZ4i9t@ku$KXKDQyW3du0R-|V2LIO(5*qDGYaaHBFGo3m8lefk^3niRxV}oxH>V- zZIq$;ZX2E>1?xdk14ATy8g#Zn6`N=gseAxY2ztmQ90xppAa2LHV`ecO6%LzXG=?SM zj&Ya*fjtrg!Y7Ft&58ywY813in}8?))R=GzGE1Nix;bW=)nc=14Fo7)TLWPel8Lk! zQ39#Jq}AX}Y_C*lAp?U1GgV2G7z0?kI?9THbP>k_Z={%HLMLAhav%Y3V}@4%fnI)XbBkE zK!eDEJ_jl|xD0P9L!pCaG#l^|nPNJVjzR)RDaLO=!;VSuGf}A~&?qy6EKtkxN-e2M zl+8_yn3-n32n6YnXa!|)%lrnT1_Y@zLc|iYQI>!X@Gnvzs8^A#2D`->fFtoafFK(c zBr9U6d=YS1Aw8-L;Ohi$54=yXYv77Qdc+9=1b#7xM{+T^I;91+ zb_!2p1Eo(60L|Dyh@|5{Qb;OPib-q?T?$5(ftQ<26gkt43qtcek)sh9H8P=yKmf@` zZI}x3CuXeyOsiRnve3zdm{UTNlBq_&Sj5(H@p>$jb8L2zO3foiB{JBvJSe}!NEF2& z6X&rhtrnp;DA31ZR?nYCWeW~ZB#OjJPXur^C^Oqe!G%Bw0@*!6f2gz3(9!3lghDJ( zm?nZGTR;pHzf8U$0##s%ng(n%VV_xx=6Xb7iPNG3r~;mXB7kzM&jyG(oeJagxa|s$ z%qQgO%`|DMGelC_U4AXx(mpFl1HczW0Ss=5VtHm2L8V7|^~yhj;eNN+i8C-%zzm_a z`#^72#!zpgjOixX_>o=p6)=-;^3rJ6#}s1eG#^6VhZV98h;D^j?xv=d0`lS*pk= zMqC`kwe#>*F{_P0QlQ9GIvYf2f!x<#0g20{Z;1qFy`Ku8r6FhDAax{zwZn{1Et>| z22>_Zt_y*#utg4JBr3X8i*w?*9E?~C8n1q;&k0u2T_F0 zWT0rROyB~ugIB@{3L;V#3GyZil_&;c>AtWQuA3R3>QzDWEnVw^UTj#8dyYOIwMez#o2M0i<-p7{48^fJ0Te$J;o{jr0}@6s+*GV7 zECNhOp|=8#Dga7(z&2x)fSRV)r64M>S_RO= zfR;s!Cqnxi7EpC^$aPLBjRVbcphn6eiTKD-QDYJh&+i98H?)?AMp*$V#~=tSe>y8% zu~dSM92jaVqS}yrR7FAsvtSw^81Wv16S(@_S$eDro==@ zGBT7h7-Zsq&j7%GV0Z`x&fK8Y+86$>t4m>t9BRT zM28~4Fo68mtg1?Kw|v&X;&RTabwA4rzq*S~XR}Sy*d_ONwb_z=ckE*l;p(998~+7m z?wQZugeun28FliuzIu7`#w~1v>>B^^n6R(qmxj8#+sw7y&yKzuIOFKbUzjPnSKYrj z^6IcA{KsQh15xJJuEg9L#Wy#7xkdbsA&}vU7hasO3*ND8aBatm|M(O#LY#g`Z9&p7 zRH)B*yr5S1VgKj!!-y&QLaXVd?=s3Mr!A@%>gDhoTzxvkBc z|Bh{~{&^^;PSKR3m228Q{+e-cw50Bvr2m=xbePw)uK!+=AwpBs@~c~ymREmZwD{7Z z)}Ef**2bqd7uD2(#+S4Qyn@DgVk3fW9y{9SM<>?$lK~~ zXaRvk)t!AiPJI1XRetATa9Ut$tBUL%7e4clJ8#fGcP()-EW^t*^$LES5hF8?e5>sH z;_8Mue0{@Lx@({Ar~f8x9b%T#P@y)_y^WBwtoP57%tCG$toVkxWzBGNJ#%J1+MS$F zx9Z%P*jAd^ss23qE#3s31B1Tz&mG#l4svL5|IcTDEUo{`i3W?m{QQ2T`|!_Qegsp4 zl^-QV4ta0o_QhO&`NPET>%8+e|N1tcAS7=RAD;N-%VW=`qScr#L&wiQH-v5cbY|Jy z?rh(J7hQ^P8rL6RpC!t49)D8MHf0G`@@s!ceLHJuWx=?{8}+U9`xYmM{x)8BCr#ke zGk<@3x$MW%3TC^3CCV%7Pj~(OCN8EE8%ZB{rP@Y zqZ_k}##Rf~UyScL_Oolj{k*T-`H z(WK(Y-Zz}n*$K1e{;s~Co)lhw?aF3jTlR_}v(7CfjanD|St2iRoNhx3SIy6CKX{ny z-oa#2!LyvEonqYirD9{%A?y2RE8I^Wt-Jr^+@h9q`#wv#azHwCM*O?s2Rsj#p8L40 zYfnLEIMl1`@&V_&OG~!;-aUGwD064Lo1rH>dAZ}rjiOOSK5`#$b7ZtTMew|tOJscc2f39J^ZA$y`WzLt!eftFueq2zN zvix-R(>>kC=12;x$9SF0hh4Rcd#1;c#*NwcYUI8V$EVKeHMVR=_LTd-d!7F)Gw;i3 z$(IW6laF3C+Pgn(MUOR(k!Yr5?b+_@D)IB8iQi5iUQ)K!@VZ2jAFX$|UfH*%RSDr8 zqjP!DhOD1ele*Txcm;mSMj6Wfyn!fh6}?*?LT+!5mz+3d-{mN?(@d(U0{DEU{88Hl=ZXo#cdlJD>Rl&X?kM%W&)-ypG74%{>@gd}i4|g7NXj zUwyvxmi*{GvT)yANm5_V)c4odu`W9%&3_ki9z1)DI@WM`wYp$znfk!E@6+aQ5e?g{ z+>vsmO>)vzQ)X`2j?t&LF6t}$ad~>1{sT@=tX;T!TjKQXXSUrb1N&jSvgK6suT_Pm zS5`@-FD{SEetce